From 51ee4495e751cbefd50830e7ef5888f614a29e1d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 10:36:34 +0000 Subject: [PATCH] Deploy to GitHub pages --- ia-terms-updates/en/.buildinfo | 4 + .../en/.doctrees/algorithms.doctree | Bin 0 -> 86337 bytes .../en/.doctrees/authentic-sources.doctree | Bin 0 -> 48199 bytes .../en/.doctrees/backup-restore.doctree | Bin 0 -> 36599 bytes .../en/.doctrees/contribute.doctree | Bin 0 -> 46009 bytes .../en/.doctrees/defined-terms.doctree | Bin 0 -> 100229 bytes .../en/.doctrees/environment.pickle | Bin 0 -> 133801 bytes ia-terms-updates/en/.doctrees/index.doctree | Bin 0 -> 40512 bytes .../en/.doctrees/pid-eaa-data-model.doctree | Bin 0 -> 258783 bytes .../pid-eaa-entity-configuration.doctree | Bin 0 -> 152460 bytes .../en/.doctrees/pid-eaa-issuance.doctree | Bin 0 -> 461525 bytes .../en/.doctrees/proximity-flow.doctree | Bin 0 -> 89200 bytes .../en/.doctrees/pseudonyms.doctree | Bin 0 -> 38995 bytes ...relying-party-entity-configuration.doctree | Bin 0 -> 70045 bytes .../.doctrees/relying-party-solution.doctree | Bin 0 -> 268015 bytes .../en/.doctrees/remote-flow.doctree | Bin 0 -> 179315 bytes .../en/.doctrees/revocation-lists.doctree | Bin 0 -> 243450 bytes .../en/.doctrees/ssi-introduction.doctree | Bin 0 -> 41950 bytes .../en/.doctrees/standards.doctree | Bin 0 -> 66561 bytes ia-terms-updates/en/.doctrees/trust.doctree | Bin 0 -> 196091 bytes .../en/.doctrees/wallet-attestation.doctree | Bin 0 -> 204252 bytes .../en/.doctrees/wallet-solution.doctree | Bin 0 -> 83198 bytes .../en/_images/Eo_circle_green_checkmark.svg | 2 + .../en/_images/Eo_circle_red_letter-x.svg | 1 + .../High-Level-Flow-ITWallet-PID-Issuance.svg | 3 + ...h-Level-Flow-ITWallet-Presentation-ISO.svg | 1 + ...High-Level-Flow-ITWallet-QEAA-Issuance.svg | 3 + .../High-Level-Flow-Status-Attestation.svg | 4 + ...-Level-Flow-ITWallet-PID-QEAA-Issuance.svg | 1 + .../Low-Level-Flow-Revocation-Attestation.svg | 1 + .../en/_images/Low-Level-Flow-Revocation.svg | 1 + .../_images/cross_device_auth_seq_diagram.svg | 1 + ...tatic_view_wallet_instance_attestation.svg | 1 + ia-terms-updates/en/_images/trust-roles.svg | 426 +++++ .../en/_images/verifier_qr_code.svg | 2 + .../_images/wallet_instance_acquisition.svg | 1 + .../wallet_instance_initialization.svg | 1 + .../en/_images/wallet_instance_lifecycle.svg | 1 + .../en/_sources/algorithms.rst.txt | 130 ++ .../en/_sources/authentic-sources.rst.txt | 40 + .../en/_sources/backup-restore.rst.txt | 57 + .../en/_sources/contribute.rst.txt | 67 + .../en/_sources/defined-terms.rst.txt | 216 +++ ia-terms-updates/en/_sources/index.rst.txt | 54 + .../en/_sources/pid-eaa-data-model.rst.txt | 731 ++++++++ .../pid-eaa-entity-configuration.rst.txt | 145 ++ .../en/_sources/pid-eaa-issuance.rst.txt | 1045 +++++++++++ .../en/_sources/proximity-flow.rst.txt | 412 +++++ .../en/_sources/pseudonyms.rst.txt | 45 + ...relying-party-entity-configuration.rst.txt | 68 + .../_sources/relying-party-solution.rst.txt | 20 + .../en/_sources/remote-flow.rst.txt | 571 ++++++ .../en/_sources/revocation-lists.rst.txt | 747 ++++++++ .../en/_sources/ssi-introduction.rst.txt | 30 + .../en/_sources/standards.rst.txt | 1 + ia-terms-updates/en/_sources/trust.rst.txt | 700 ++++++++ .../en/_sources/wallet-attestation.rst.txt | 613 +++++++ .../en/_sources/wallet-solution.rst.txt | 262 +++ ia-terms-updates/en/_static/basic.css | 925 ++++++++++ ia-terms-updates/en/_static/basic_mod.css | 1194 +++++++++++++ ia-terms-updates/en/_static/basic_mod.css.map | 1 + ia-terms-updates/en/_static/doctools.js | 156 ++ .../en/_static/documentation_options.js | 13 + ia-terms-updates/en/_static/file.png | Bin 0 -> 286 bytes .../en/_static/fonts/roboto-mono/LICENSE.txt | 202 +++ .../roboto-mono/roboto-mono-bold-italic.woff2 | Bin 0 -> 41628 bytes .../fonts/roboto-mono/roboto-mono-bold.woff2 | Bin 0 -> 37732 bytes .../roboto-mono/roboto-mono-italic.woff2 | Bin 0 -> 41252 bytes .../fonts/roboto-mono/roboto-mono.woff2 | Bin 0 -> 97472 bytes .../en/_static/fonts/roboto/LICENSE.txt | 202 +++ .../en/_static/fonts/roboto/roboto-bold.woff2 | Bin 0 -> 50452 bytes .../_static/fonts/roboto/roboto-italic.woff2 | Bin 0 -> 54380 bytes .../en/_static/fonts/roboto/roboto.woff2 | Bin 0 -> 50640 bytes ia-terms-updates/en/_static/js/petite-vue.js | 1 + ia-terms-updates/en/_static/js/theme.js | 108 ++ ia-terms-updates/en/_static/language_data.js | 199 +++ ia-terms-updates/en/_static/minus.png | Bin 0 -> 90 bytes ia-terms-updates/en/_static/pkce.py | 21 + ia-terms-updates/en/_static/plus.png | Bin 0 -> 90 bytes ia-terms-updates/en/_static/pygments.css | 75 + ia-terms-updates/en/_static/searchtools.js | 620 +++++++ .../en/_static/sphinx_highlight.js | 154 ++ ia-terms-updates/en/algorithms.html | 368 ++++ ia-terms-updates/en/authentic-sources.html | 253 +++ ia-terms-updates/en/backup-restore.html | 267 +++ ia-terms-updates/en/contribute.html | 270 +++ ia-terms-updates/en/defined-terms.html | 491 ++++++ ia-terms-updates/en/genindex.html | 292 ++++ ia-terms-updates/en/index.html | 457 +++++ ia-terms-updates/en/objects.inv | Bin 0 -> 4480 bytes ia-terms-updates/en/pid-eaa-data-model.html | 1474 ++++++++++++++++ .../en/pid-eaa-entity-configuration.html | 1021 +++++++++++ ia-terms-updates/en/pid-eaa-issuance.html | 1529 +++++++++++++++++ ia-terms-updates/en/proximity-flow.html | 631 +++++++ ia-terms-updates/en/pseudonyms.html | 260 +++ .../relying-party-entity-configuration.html | 447 +++++ .../en/relying-party-solution.html | 1382 +++++++++++++++ ia-terms-updates/en/remote-flow.html | 932 ++++++++++ ia-terms-updates/en/revocation-lists.html | 1048 +++++++++++ ia-terms-updates/en/search.html | 201 +++ ia-terms-updates/en/searchindex.js | 1 + ia-terms-updates/en/ssi-introduction.html | 221 +++ ia-terms-updates/en/standards.html | 328 ++++ ia-terms-updates/en/trust.html | 989 +++++++++++ ia-terms-updates/en/wallet-attestation.html | 881 ++++++++++ ia-terms-updates/en/wallet-solution.html | 524 ++++++ ia-terms-updates/it/.buildinfo | 4 + .../it/.doctrees/backup-restore.doctree | Bin 0 -> 36599 bytes .../it/.doctrees/contribute.doctree | Bin 0 -> 32057 bytes .../it/.doctrees/defined-terms.doctree | Bin 0 -> 43201 bytes .../it/.doctrees/environment.pickle | Bin 0 -> 60461 bytes ia-terms-updates/it/.doctrees/index.doctree | Bin 0 -> 36616 bytes .../it/.doctrees/issuance.doctree | Bin 0 -> 36527 bytes .../it/.doctrees/pid-eaa-data.doctree | Bin 0 -> 36575 bytes .../it/.doctrees/pid-eaa-mdoc-cbor.doctree | Bin 0 -> 36635 bytes .../it/.doctrees/pid-eaa-sd-jwt.doctree | Bin 0 -> 36599 bytes .../it/.doctrees/pseudonyms.doctree | Bin 0 -> 36551 bytes .../it/.doctrees/revocation-lists.doctree | Bin 0 -> 36623 bytes .../it/.doctrees/ssi-introduction.doctree | Bin 0 -> 36623 bytes .../it/.doctrees/standards.doctree | Bin 0 -> 31644 bytes ia-terms-updates/it/.doctrees/trust.doctree | Bin 0 -> 36491 bytes .../wallet-instance-attestation.doctree | Bin 0 -> 36755 bytes .../it/.doctrees/wallet-solution.doctree | Bin 0 -> 36611 bytes .../it/_images/Eo_circle_green_checkmark.svg | 2 + .../it/_images/Eo_circle_red_letter-x.svg | 1 + .../it/_sources/backup-restore.rst.txt | 57 + .../it/_sources/contribute.rst.txt | 8 + .../it/_sources/defined-terms.rst.txt | 89 + ia-terms-updates/it/_sources/index.rst.txt | 55 + ia-terms-updates/it/_sources/issuance.rst.txt | 57 + .../it/_sources/pid-eaa-data.rst.txt | 57 + .../it/_sources/pid-eaa-mdoc-cbor.rst.txt | 57 + .../it/_sources/pid-eaa-sd-jwt.rst.txt | 57 + .../it/_sources/pseudonyms.rst.txt | 57 + .../it/_sources/revocation-lists.rst.txt | 57 + .../it/_sources/ssi-introduction.rst.txt | 57 + .../it/_sources/standards.rst.txt | 8 + ia-terms-updates/it/_sources/trust.rst.txt | 57 + .../wallet-instance-attestation.rst.txt | 57 + .../it/_sources/wallet-solution.rst.txt | 57 + ia-terms-updates/it/_static/basic.css | 925 ++++++++++ ia-terms-updates/it/_static/basic_mod.css | 1194 +++++++++++++ ia-terms-updates/it/_static/basic_mod.css.map | 1 + ia-terms-updates/it/_static/doctools.js | 156 ++ .../it/_static/documentation_options.js | 13 + ia-terms-updates/it/_static/file.png | Bin 0 -> 286 bytes .../it/_static/fonts/roboto-mono/LICENSE.txt | 202 +++ .../roboto-mono/roboto-mono-bold-italic.woff2 | Bin 0 -> 41628 bytes .../fonts/roboto-mono/roboto-mono-bold.woff2 | Bin 0 -> 37732 bytes .../roboto-mono/roboto-mono-italic.woff2 | Bin 0 -> 41252 bytes .../fonts/roboto-mono/roboto-mono.woff2 | Bin 0 -> 97472 bytes .../it/_static/fonts/roboto/LICENSE.txt | 202 +++ .../it/_static/fonts/roboto/roboto-bold.woff2 | Bin 0 -> 50452 bytes .../_static/fonts/roboto/roboto-italic.woff2 | Bin 0 -> 54380 bytes .../it/_static/fonts/roboto/roboto.woff2 | Bin 0 -> 50640 bytes ia-terms-updates/it/_static/js/petite-vue.js | 1 + ia-terms-updates/it/_static/js/theme.js | 108 ++ ia-terms-updates/it/_static/language_data.js | 199 +++ ia-terms-updates/it/_static/minus.png | Bin 0 -> 90 bytes ia-terms-updates/it/_static/pkce.py | 21 + ia-terms-updates/it/_static/plus.png | Bin 0 -> 90 bytes ia-terms-updates/it/_static/pygments.css | 75 + ia-terms-updates/it/_static/searchtools.js | 620 +++++++ .../it/_static/sphinx_highlight.js | 154 ++ ia-terms-updates/it/backup-restore.html | 256 +++ ia-terms-updates/it/contribute.html | 187 ++ ia-terms-updates/it/defined-terms.html | 309 ++++ ia-terms-updates/it/genindex.html | 181 ++ ia-terms-updates/it/index.html | 341 ++++ ia-terms-updates/it/issuance.html | 256 +++ ia-terms-updates/it/objects.inv | Bin 0 -> 895 bytes ia-terms-updates/it/pid-eaa-data.html | 256 +++ ia-terms-updates/it/pid-eaa-mdoc-cbor.html | 256 +++ ia-terms-updates/it/pid-eaa-sd-jwt.html | 256 +++ ia-terms-updates/it/pseudonyms.html | 256 +++ ia-terms-updates/it/revocation-lists.html | 256 +++ ia-terms-updates/it/search.html | 190 ++ ia-terms-updates/it/searchindex.js | 1 + ia-terms-updates/it/ssi-introduction.html | 256 +++ ia-terms-updates/it/standards.html | 184 ++ ia-terms-updates/it/trust.html | 256 +++ .../it/wallet-instance-attestation.html | 256 +++ ia-terms-updates/it/wallet-solution.html | 256 +++ 183 files changed, 33420 insertions(+) create mode 100644 ia-terms-updates/en/.buildinfo create mode 100644 ia-terms-updates/en/.doctrees/algorithms.doctree create mode 100644 ia-terms-updates/en/.doctrees/authentic-sources.doctree create mode 100644 ia-terms-updates/en/.doctrees/backup-restore.doctree create mode 100644 ia-terms-updates/en/.doctrees/contribute.doctree create mode 100644 ia-terms-updates/en/.doctrees/defined-terms.doctree create mode 100644 ia-terms-updates/en/.doctrees/environment.pickle create mode 100644 ia-terms-updates/en/.doctrees/index.doctree create mode 100644 ia-terms-updates/en/.doctrees/pid-eaa-data-model.doctree create mode 100644 ia-terms-updates/en/.doctrees/pid-eaa-entity-configuration.doctree create mode 100644 ia-terms-updates/en/.doctrees/pid-eaa-issuance.doctree create mode 100644 ia-terms-updates/en/.doctrees/proximity-flow.doctree create mode 100644 ia-terms-updates/en/.doctrees/pseudonyms.doctree create mode 100644 ia-terms-updates/en/.doctrees/relying-party-entity-configuration.doctree create mode 100644 ia-terms-updates/en/.doctrees/relying-party-solution.doctree create mode 100644 ia-terms-updates/en/.doctrees/remote-flow.doctree create mode 100644 ia-terms-updates/en/.doctrees/revocation-lists.doctree create mode 100644 ia-terms-updates/en/.doctrees/ssi-introduction.doctree create mode 100644 ia-terms-updates/en/.doctrees/standards.doctree create mode 100644 ia-terms-updates/en/.doctrees/trust.doctree create mode 100644 ia-terms-updates/en/.doctrees/wallet-attestation.doctree create mode 100644 ia-terms-updates/en/.doctrees/wallet-solution.doctree create mode 100644 ia-terms-updates/en/_images/Eo_circle_green_checkmark.svg create mode 100644 ia-terms-updates/en/_images/Eo_circle_red_letter-x.svg create mode 100644 ia-terms-updates/en/_images/High-Level-Flow-ITWallet-PID-Issuance.svg create mode 100644 ia-terms-updates/en/_images/High-Level-Flow-ITWallet-Presentation-ISO.svg create mode 100644 ia-terms-updates/en/_images/High-Level-Flow-ITWallet-QEAA-Issuance.svg create mode 100644 ia-terms-updates/en/_images/High-Level-Flow-Status-Attestation.svg create mode 100644 ia-terms-updates/en/_images/Low-Level-Flow-ITWallet-PID-QEAA-Issuance.svg create mode 100644 ia-terms-updates/en/_images/Low-Level-Flow-Revocation-Attestation.svg create mode 100644 ia-terms-updates/en/_images/Low-Level-Flow-Revocation.svg create mode 100644 ia-terms-updates/en/_images/cross_device_auth_seq_diagram.svg create mode 100644 ia-terms-updates/en/_images/static_view_wallet_instance_attestation.svg create mode 100644 ia-terms-updates/en/_images/trust-roles.svg create mode 100644 ia-terms-updates/en/_images/verifier_qr_code.svg create mode 100644 ia-terms-updates/en/_images/wallet_instance_acquisition.svg create mode 100644 ia-terms-updates/en/_images/wallet_instance_initialization.svg create mode 100644 ia-terms-updates/en/_images/wallet_instance_lifecycle.svg create mode 100644 ia-terms-updates/en/_sources/algorithms.rst.txt create mode 100644 ia-terms-updates/en/_sources/authentic-sources.rst.txt create mode 100644 ia-terms-updates/en/_sources/backup-restore.rst.txt create mode 100644 ia-terms-updates/en/_sources/contribute.rst.txt create mode 100644 ia-terms-updates/en/_sources/defined-terms.rst.txt create mode 100644 ia-terms-updates/en/_sources/index.rst.txt create mode 100644 ia-terms-updates/en/_sources/pid-eaa-data-model.rst.txt create mode 100644 ia-terms-updates/en/_sources/pid-eaa-entity-configuration.rst.txt create mode 100644 ia-terms-updates/en/_sources/pid-eaa-issuance.rst.txt create mode 100644 ia-terms-updates/en/_sources/proximity-flow.rst.txt create mode 100644 ia-terms-updates/en/_sources/pseudonyms.rst.txt create mode 100644 ia-terms-updates/en/_sources/relying-party-entity-configuration.rst.txt create mode 100644 ia-terms-updates/en/_sources/relying-party-solution.rst.txt create mode 100644 ia-terms-updates/en/_sources/remote-flow.rst.txt create mode 100644 ia-terms-updates/en/_sources/revocation-lists.rst.txt create mode 100644 ia-terms-updates/en/_sources/ssi-introduction.rst.txt create mode 100644 ia-terms-updates/en/_sources/standards.rst.txt create mode 100644 ia-terms-updates/en/_sources/trust.rst.txt create mode 100644 ia-terms-updates/en/_sources/wallet-attestation.rst.txt create mode 100644 ia-terms-updates/en/_sources/wallet-solution.rst.txt create mode 100644 ia-terms-updates/en/_static/basic.css create mode 100644 ia-terms-updates/en/_static/basic_mod.css create mode 100644 ia-terms-updates/en/_static/basic_mod.css.map create mode 100644 ia-terms-updates/en/_static/doctools.js create mode 100644 ia-terms-updates/en/_static/documentation_options.js create mode 100644 ia-terms-updates/en/_static/file.png create mode 100644 ia-terms-updates/en/_static/fonts/roboto-mono/LICENSE.txt create mode 100644 ia-terms-updates/en/_static/fonts/roboto-mono/roboto-mono-bold-italic.woff2 create mode 100644 ia-terms-updates/en/_static/fonts/roboto-mono/roboto-mono-bold.woff2 create mode 100644 ia-terms-updates/en/_static/fonts/roboto-mono/roboto-mono-italic.woff2 create mode 100644 ia-terms-updates/en/_static/fonts/roboto-mono/roboto-mono.woff2 create mode 100644 ia-terms-updates/en/_static/fonts/roboto/LICENSE.txt create mode 100644 ia-terms-updates/en/_static/fonts/roboto/roboto-bold.woff2 create mode 100644 ia-terms-updates/en/_static/fonts/roboto/roboto-italic.woff2 create mode 100644 ia-terms-updates/en/_static/fonts/roboto/roboto.woff2 create mode 100644 ia-terms-updates/en/_static/js/petite-vue.js create mode 100644 ia-terms-updates/en/_static/js/theme.js create mode 100644 ia-terms-updates/en/_static/language_data.js create mode 100644 ia-terms-updates/en/_static/minus.png create mode 100644 ia-terms-updates/en/_static/pkce.py create mode 100644 ia-terms-updates/en/_static/plus.png create mode 100644 ia-terms-updates/en/_static/pygments.css create mode 100644 ia-terms-updates/en/_static/searchtools.js create mode 100644 ia-terms-updates/en/_static/sphinx_highlight.js create mode 100644 ia-terms-updates/en/algorithms.html create mode 100644 ia-terms-updates/en/authentic-sources.html create mode 100644 ia-terms-updates/en/backup-restore.html create mode 100644 ia-terms-updates/en/contribute.html create mode 100644 ia-terms-updates/en/defined-terms.html create mode 100644 ia-terms-updates/en/genindex.html create mode 100644 ia-terms-updates/en/index.html create mode 100644 ia-terms-updates/en/objects.inv create mode 100644 ia-terms-updates/en/pid-eaa-data-model.html create mode 100644 ia-terms-updates/en/pid-eaa-entity-configuration.html create mode 100644 ia-terms-updates/en/pid-eaa-issuance.html create mode 100644 ia-terms-updates/en/proximity-flow.html create mode 100644 ia-terms-updates/en/pseudonyms.html create mode 100644 ia-terms-updates/en/relying-party-entity-configuration.html create mode 100644 ia-terms-updates/en/relying-party-solution.html create mode 100644 ia-terms-updates/en/remote-flow.html create mode 100644 ia-terms-updates/en/revocation-lists.html create mode 100644 ia-terms-updates/en/search.html create mode 100644 ia-terms-updates/en/searchindex.js create mode 100644 ia-terms-updates/en/ssi-introduction.html create mode 100644 ia-terms-updates/en/standards.html create mode 100644 ia-terms-updates/en/trust.html create mode 100644 ia-terms-updates/en/wallet-attestation.html create mode 100644 ia-terms-updates/en/wallet-solution.html create mode 100644 ia-terms-updates/it/.buildinfo create mode 100644 ia-terms-updates/it/.doctrees/backup-restore.doctree create mode 100644 ia-terms-updates/it/.doctrees/contribute.doctree create mode 100644 ia-terms-updates/it/.doctrees/defined-terms.doctree create mode 100644 ia-terms-updates/it/.doctrees/environment.pickle create mode 100644 ia-terms-updates/it/.doctrees/index.doctree create mode 100644 ia-terms-updates/it/.doctrees/issuance.doctree create mode 100644 ia-terms-updates/it/.doctrees/pid-eaa-data.doctree create mode 100644 ia-terms-updates/it/.doctrees/pid-eaa-mdoc-cbor.doctree create mode 100644 ia-terms-updates/it/.doctrees/pid-eaa-sd-jwt.doctree create mode 100644 ia-terms-updates/it/.doctrees/pseudonyms.doctree create mode 100644 ia-terms-updates/it/.doctrees/revocation-lists.doctree create mode 100644 ia-terms-updates/it/.doctrees/ssi-introduction.doctree create mode 100644 ia-terms-updates/it/.doctrees/standards.doctree create mode 100644 ia-terms-updates/it/.doctrees/trust.doctree create mode 100644 ia-terms-updates/it/.doctrees/wallet-instance-attestation.doctree create mode 100644 ia-terms-updates/it/.doctrees/wallet-solution.doctree create mode 100644 ia-terms-updates/it/_images/Eo_circle_green_checkmark.svg create mode 100644 ia-terms-updates/it/_images/Eo_circle_red_letter-x.svg create mode 100644 ia-terms-updates/it/_sources/backup-restore.rst.txt create mode 100644 ia-terms-updates/it/_sources/contribute.rst.txt create mode 100644 ia-terms-updates/it/_sources/defined-terms.rst.txt create mode 100644 ia-terms-updates/it/_sources/index.rst.txt create mode 100644 ia-terms-updates/it/_sources/issuance.rst.txt create mode 100644 ia-terms-updates/it/_sources/pid-eaa-data.rst.txt create mode 100644 ia-terms-updates/it/_sources/pid-eaa-mdoc-cbor.rst.txt create mode 100644 ia-terms-updates/it/_sources/pid-eaa-sd-jwt.rst.txt create mode 100644 ia-terms-updates/it/_sources/pseudonyms.rst.txt create mode 100644 ia-terms-updates/it/_sources/revocation-lists.rst.txt create mode 100644 ia-terms-updates/it/_sources/ssi-introduction.rst.txt create mode 100644 ia-terms-updates/it/_sources/standards.rst.txt create mode 100644 ia-terms-updates/it/_sources/trust.rst.txt create mode 100644 ia-terms-updates/it/_sources/wallet-instance-attestation.rst.txt create mode 100644 ia-terms-updates/it/_sources/wallet-solution.rst.txt create mode 100644 ia-terms-updates/it/_static/basic.css create mode 100644 ia-terms-updates/it/_static/basic_mod.css create mode 100644 ia-terms-updates/it/_static/basic_mod.css.map create mode 100644 ia-terms-updates/it/_static/doctools.js create mode 100644 ia-terms-updates/it/_static/documentation_options.js create mode 100644 ia-terms-updates/it/_static/file.png create mode 100644 ia-terms-updates/it/_static/fonts/roboto-mono/LICENSE.txt create mode 100644 ia-terms-updates/it/_static/fonts/roboto-mono/roboto-mono-bold-italic.woff2 create mode 100644 ia-terms-updates/it/_static/fonts/roboto-mono/roboto-mono-bold.woff2 create mode 100644 ia-terms-updates/it/_static/fonts/roboto-mono/roboto-mono-italic.woff2 create mode 100644 ia-terms-updates/it/_static/fonts/roboto-mono/roboto-mono.woff2 create mode 100644 ia-terms-updates/it/_static/fonts/roboto/LICENSE.txt create mode 100644 ia-terms-updates/it/_static/fonts/roboto/roboto-bold.woff2 create mode 100644 ia-terms-updates/it/_static/fonts/roboto/roboto-italic.woff2 create mode 100644 ia-terms-updates/it/_static/fonts/roboto/roboto.woff2 create mode 100644 ia-terms-updates/it/_static/js/petite-vue.js create mode 100644 ia-terms-updates/it/_static/js/theme.js create mode 100644 ia-terms-updates/it/_static/language_data.js create mode 100644 ia-terms-updates/it/_static/minus.png create mode 100644 ia-terms-updates/it/_static/pkce.py create mode 100644 ia-terms-updates/it/_static/plus.png create mode 100644 ia-terms-updates/it/_static/pygments.css create mode 100644 ia-terms-updates/it/_static/searchtools.js create mode 100644 ia-terms-updates/it/_static/sphinx_highlight.js create mode 100644 ia-terms-updates/it/backup-restore.html create mode 100644 ia-terms-updates/it/contribute.html create mode 100644 ia-terms-updates/it/defined-terms.html create mode 100644 ia-terms-updates/it/genindex.html create mode 100644 ia-terms-updates/it/index.html create mode 100644 ia-terms-updates/it/issuance.html create mode 100644 ia-terms-updates/it/objects.inv create mode 100644 ia-terms-updates/it/pid-eaa-data.html create mode 100644 ia-terms-updates/it/pid-eaa-mdoc-cbor.html create mode 100644 ia-terms-updates/it/pid-eaa-sd-jwt.html create mode 100644 ia-terms-updates/it/pseudonyms.html create mode 100644 ia-terms-updates/it/revocation-lists.html create mode 100644 ia-terms-updates/it/search.html create mode 100644 ia-terms-updates/it/searchindex.js create mode 100644 ia-terms-updates/it/ssi-introduction.html create mode 100644 ia-terms-updates/it/standards.html create mode 100644 ia-terms-updates/it/trust.html create mode 100644 ia-terms-updates/it/wallet-instance-attestation.html create mode 100644 ia-terms-updates/it/wallet-solution.html diff --git a/ia-terms-updates/en/.buildinfo b/ia-terms-updates/en/.buildinfo new file mode 100644 index 000000000..a9bc11296 --- /dev/null +++ b/ia-terms-updates/en/.buildinfo @@ -0,0 +1,4 @@ +# Sphinx build info version 1 +# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done. +config: ed59d2c7d28e0bffbeacd4ace4e0bbab +tags: 645f666f9bcd5a90fca523b33c5a78b7 diff --git a/ia-terms-updates/en/.doctrees/algorithms.doctree b/ia-terms-updates/en/.doctrees/algorithms.doctree new file mode 100644 index 0000000000000000000000000000000000000000..4629d4393821a1b494d53c1114a01988f760328e GIT binary patch literal 86337 zcmeHw3zQsJd8TY>MjAaW*_K}zH#W9LV^#M&^)h~pM$V%h;h!ov_2CnOH!knl(#O9+sSv%nIv5E26Bki^R?frLY1NcQ`0 zy}RpiySt{XW!J~LQ(blMt^0ldfB*Z}eg16E;}@^FXbt^mY||=|Tsoi56$+(tLDcHT zhC(@CT@*`t{f+hAudP2+?>G9?+_F}#s(G<)tU-*tBo_;+SgN1F!>trwmy253%3yuI zyy#0W^%yU(?#Ua^o=&IJXU=9fKJ&A0!M|U7=4XGsF0DUPm->u#v*LMrYfS7%>QpMD zw~|8<^t!ZJo68v+bGoj|b5$J>sK{&Of`;N5>+{8&rr{>8drG-Q^J+t(T5*5Ows8w>s4dDo?D<4b!nrtQ(9~EWgVLEtJh}ddfe4A1h!nV z{$vZ{yj+rXxm?oHs;1YCbw#-(){pg6=K%T&tvaXavJMK%B~M(3eXw_JI-Pp;ocih% zsh7;DncFtn^sU8HZ>k>l*nGO(uzs230m3j?ldb?&(p4b;8vMH! z|E|No7lEqY`Lep0qq5S=>e3C;i>uO&(x9|U>X&vO>qQ28ssR}o7tg8noSh9N8So@o zE8Qfm1?rnky#lhA60*D`=FbUozFc~BN?yz@h`^XmXYfD!rDZ0|*}Sagi(+;`6~$7P zC0NX<=hE8J0uga=SuW_(!PM}W!$uEF>*eE)PV+XY4CQQXt_Z?5x@e$rtXy^D;^DEn zv9_wpbz^`Z8D*9$734zB)N13Rfx7exjaWSn0ZduUZVVEH^gy5#nDPcop;~fF9xDe` zEM$wKu8XR0K0pYT6s8?H-x|YxbbegKZ}tKRq<&Wj^^GsDOWB9&Qcil%p<1%2-V#Xl zav;@P$WAm-{U9m)a!xJDr3C@jNQ1fyvW}`PR*JAXQ2p7euFI)~qMU;DS**w@R194# z!9b+sQtFjeQPXoN+xp~Q1+yWhv~sDOD&!CWF$Lb@x8;U~ zod9Rq6H|wT!;^=o>Ch|M!Az!H5leC*T@v+-RuR!;nKy)a5y}H)DVKzy?4U5RH*MN~ zYM^byXRI&F1&WChS?z}RmeYiwNo5vqZ<{YAJNHgBHdopZsS={~c*3zN_gmN|2;2>) zPG%QHJqK%Lw<{6Tn5B>f-I;N)LQc;9{A4l8`O$Z2v=azQ^xJB zkG7qTdrEvGxIVmNCw8GjQeGE zC2QU&78e$>j=!1BRduPX!od@@>|nZ5m~SAer??>Gavn~c8!r4awtB2ifoyWF2_?s0 zm8_bO9ZC+t$4SkX~oZwwpsJTW%h2KPlRvN6`F-9QGhx-k}GHz<$9*r3epnsR+88)tm(nbpDy zW9g1t6_!NPV%Y7hSri{D+* z9^t4nBapt`Cltg6Jx|C7p#s@#>~5Kj(N5VI8|H;3{PW>swx!4^J)AoS9181DT)iZqF|0q=$Xms%KuwQ`fiBHcW1Jgq6*+A? z9IH_r+n5NU#GE2x?z+#@e@LCpx{C2*QBBLDKA$eD3mJ^fWT@LbQ&4mBxBJbgl4FsA1eKHp>`@& z&x>uigQ0MbnNmI0G2CvP(TP=*AI_%1H0oJ8Dm&PD)Myv`2 z8NXqz<$^i%A}r^M7{1TsR7~a3(GL%h0;U=W7_$>Gt0pfB^D1V$ESJ@D4dDBjnHF;D zyhqZ$n=TQjY$6gYjZMi&C?zi^N={&abL!COy%SR|CtxNo*!YLz#F5F)?#Uxa+?5ZMY^D zX`E(Bgc51_Vp$_qf$0{81{*Y^S1Zs14-f7gmjg#9xGSY;)}zW{Gcgv*gxQ&5>BPwv zRf0_eE1{u>W!IQ83=ak=L!Ye-6%Pl#n=TE9TT+Ga64=o9hC*lderD>#$t8~OVYqW8 zh#TH%ah~ZvhP;=C33CwOUQI4nmb_oU?j09u>^E=ROKpt%LNPK=#Z+|R-U(N{p*rUA z%q;a{x+^T@GlQd<2F30(6&nw|a`oN}0Nd`XZLs@8!Ol>vK1ov(EuEY^pU2!cTcKA`ekRldZVfZ}_A2R(D~J6(e96~jh^>_KM#cF_#kr1HPQMsP3`!4x4lb$B9m zV083=iy~BE8b2jWg)LOdl?FZCpw8z7%G862?y(o)o{Q@i8&^9owGrMDig1_^o*2Jp z_Nd3?(98xZpje=}6zoF@KQs8ZcOQ!Ecd>dINS|eK?zk{+vSGyJZI}2Zp(TDLEAh$6 zY34HsN5`k)8woV}f+R0U0wx$&Rpuzr^gDbXV+z%rT*O2ep`w;)&WPX`i!f8V)oweG zXHNDuAk9x)0-R|h&HBkEcy(Aro3~p-d1GA#Owz*4?D*_GGs5`H%;c%rsT0#2nr&L) zf{3ZS`LbXcVzjeWjW`um*5GCahZ_y@&fusXwGWTsl6RM_J)xC=zkD`Rw}mow$f*;; zy~6?-FkvvV6VhkH21kPo*d-9)a4wT?k|05SZ?Vyv9ayM<^2W`+=;NaQvRTXN6OfGbe@F z`%ij02%3@EtSw^Rn2d?1_>$5pa2G{EU#W=9YYdX$Wu^ov6-&Wldtiq>cWH3GsXHi> z&B=HuCrhsOj?d0cQe8(C7bfnWnw*{$h%4^u&bq@)*qB2{lbNZS3v)RQzGl8C!>bX9 z&CK9PW4*t&IhiMchql;=E`Kw&8pT+FmWpi?dS@u1Wg_&LxRM%oIq*;@E{R15R88Zf zTt!u2AMzDdUdrWH*oQiX_0i3$uVm~C0i7d)htL~5*TPccXvMaM*dFfaQOc7Tk6gAM zaM((|gf?jtp`;xl(hiABa$ZbL(4vt*#ww_Oj4x-7JoAAIEFD|p(BN!rHXjM*Gj{;X zx}UP|yEHhq2PthqalF<>cqkO%!-UWzAIi}tyi6gVt5nQfs3RV9Wz1g??Lo7~khV)X zO*)7kBJf2F;iI5X6x9ZD`ka&=9r4|CY0(0-Bc7HHi))iQ8A_^1q#i$U$kP=RJk6G7 z0$Y=QhX;p8g~725E!D!ZqbkNGvJKu{79D3LIiJg7JfwNn@4Cfu!P_Tf|907O1~XQp zFg7cPLs?-K=;Wbk&#C~$i)~<&gir%KNWAx4D9)HoXRo(W zPlcj>fJ8ELa_UfKVro)2!8-PY3CpjX!HO1i=jP20JC_sc0+(}Xt20_IqXPsBS@NQJVgS2kOeT#=0mLkKljY;7W=lJ8CWwaT(E0m#2i6O08sgzY6i}f(# zs2%j1c6*|R-Mkw;=>3-qbz`fOj0P$-XUJvReVK7GBVm16My?wMbY!fxN?F9+{z1T4y%~+ zsquzk)$I`x>;+iLiM4Ci1g*icX#v&Bam0~!DtFNzEMb*)DM#oM3t?HQ`>+%_#|q&s z+|9FChc;g>7R$?6?3Z%krjFk;GfQjD9G)%7Y&Tj;<3PxAKsZAMcFMiMgN8xq(P{L< zQ+$(lu->aLsO4&<=@Cf;OTCL!51Jl2i^ZChYy*;*t74B`M$|4-xppc#{#56b^Y~*g z@3Kl@&z)$@NqHD?FW@|w!b)PU&`eIBu~sd6*J^uo9G^exN>dW$6&_-Y8wLg(RZpFT zVx3Kq24Z2FsHT>3#i}@fmBQwt`d&26<llN1` zJC)zYpTLE(mc1jf`_*wPQvD`Js`r{N_zf0Sc@ls8%HpSK+rYpfQOm0`8=w{*k3>dPS~GC)Yf2c1MH_cQndzq>%agSL~|9V7Kr+vUDO-hs4nOq z@PqyyNAdl#z67AZ&5^2Q(5LLN>tN8^*Eyoz=tgxxUyA3PlHP`>tw|c|nU&2PseGWt zP%BC`=v^eloyt2nsC=6l)wHq9F3pt-%|@nQc{d{ZYgB)1E$bT?n4B3N+Z(89lP>8! zESAgn5q`cWIGFP*8J0yWcW|V#_`a1zjfMKE$zqX=Nj^1E#kL@+L*}%K)Qmk*#PvW@ z{gV@iX2y4?sv0%^v_`)?Z>~%)QA=A$q5ozH>(h&}2LH@loDPq`ToVcB0A521ALOZ- zqvIeqZJP7##`9SO$KS|vh|VvMOCgW5iOZwUA>O9PbH^#|t6DDYWhm`(;-&qYgBa^N zcy`~|(EhV~QfE)koH!y(&74WS#QXiHl^0}IEC zuCH)hq(NO-TSQkg*1e!V; z{v0^Kehm$0Xwv3rdT=DWcQB)C?BUSx(%{hG=-^1jdQr;M&wgo*(IaF3iSr(JBgTz0 z)|1DBwbN`fAowqSttmK2SW5?|QIhh-~Zpt^S&Q%uMJJ`M>%P`}Is)|Q7vB4<-ISD@3q2U=E2sg5$dLP8QIop)?GZ_9Y zdEh3_(;$d4-W`vH$K{Mb|mU+-(e7BNyIUg6h>gkODIgIcVk z{5?w1dzx+ps>He;OC^-=fuaUgfQ5IgnrRrKy;Fble>v3Z4Ww}aTZY-XNwvu5jzzz~ za(@r9T-$eCNA`~fI6UOd=Q>DNpR=$2dBqz2t}OQ8#%$-U$P8m?#R z(}aJF(gd$pY8r!Rr_tZGV=Fyng|d(F(0smD^a~R5O2>wV1HIDAdc9sLV!2-FPCVlD zN_QY?9A-aL*i=v1#*xZmYBP&^p?alb!$Z%vSIUau_<6$|qVvlG`}irD#O2}fK_k4< zsg_HNefE^YiI?{Od!_y@yS@FWkzOhGL~8U(&ob$Rd!-dT_qE)#NjPhtAzCwWvR>(H zIF!utN*@f+tS)(_7Hth)Dc!x`ywYDqp<4DzpP)ot@k$#Nu&Z7vZA!!CmHsBFn%^ts zSApl>EB!-L2U_t;KWS<}x4hCOHR!rm>RCb)<&{1ir3qfI)HDXsPNTnV$3Cpe8Ool| zD>Z$s=ofVEm0mJ1aB5~;I59qXQV1LC{}JhmIhSU$H?r%a{ySoD`lvtTV8G8Cc5GFC zz>&)GQU8fWjrCD~1xQkp&c+_887v0CzWU3uE~QRjD!^i{m>SnsaNr3BG4tM-Cvl_- z4gL2MY4$t-b2L9iGw)OLIIw``-LqkS+Oz)nk;6k~&WJ`drxtVCxzvJ)DVA(5tCPg> zUoX_+Ilk@A_3>lry?3$-VII_FQGx%wWF1o$-8#HW?tc(Ys@J{O>jqx>1(J$z{LEnxk z#6!dTC+?gOj)uJv$6)MIGqwsO?-YDckD^o*g#y( zpoKT?19%?VxSNTSZQKuVNXTm3#{$ICrN-T&t)X$JyQ|f>!y#%_c4ym_UAv8YnO}D2 zx+S~j#@&&fw{bT`7v1*y4IB0@SFQ*^5z@Guh9UX|$u#cxd^8*Pu(70fqts60?v3p> z?(gB3?E z_e&BxvnwA@T#`X8xTUW_kDT&Qduw(bmwo)7{l-+|l4RHtun<+uN?}+HKq?`DHiWE!j0U?vCud zjk_tj=(g8y*l?_X@|{)RDJqsTa-E?lSjjY4@LhSA({j9?L%013f)fRtO##4DscHG7qBY&>?`)C#n^>*7VDfl-6TY_Q;$wWt zTvB;BwSf2fwVb;kfcqj#QSv`XLrI z)?dABU|4+Q@;WM_fDq%na@z%z)&*|L6>1B#yjY(lPlg(FpK1YouL zDSPQ%@WSmi8y)C@3%4)Eb579z!BKoaXlygCJjapB2RhtXla;lafDdxyYAxKh>imJG zIqL1L*xoWQaHons&Pusl3{09$+9 z)m6cXjdM})oiR#m8QkbCFEHN1zjT)IJhU6rOdRl~!`@1^H(;F0d1jAuu^W!~U(X?a zt3i4=K<3GR=}_^Smj7C`HGJvN-NtEb&;J~zccN67$JWXmrY9-MQ%1MuFf}Tn(e*h@ zo&%+#<}kgVG|oSp&DDgIXUNmkgy=@iZ^UpKfl{FC`Q|X0Mm+ijR;#&-<=U2yxnW>n zdTM4iu*LgZ(h+m+(mIOdHgy9s9Oqja1@dIaoXjB^&$f>6*jVc6PsV`}C^W@>UGH8i?^|9)YlA!}JH zvkf@xq?vttNA?dh!;JLy)E?i?3(vpl-MOh{)B8e7(mm6=1FyqwcJA&AT{pd+({rOt z?@d%tzv;Eg-p~ls-Nr_Eb~SX?whx=V^}(`&)IYwTB-vy5A4i#Yd+&`qDB)9vvrRee zz0qFH^6sk8BBgiLh^xQXKG0F(R8rQEfw9oV1u1EQ9Nj*Y?wRmccW} z7~^5nhA8JEgy!u&e~I*t$cJC3n!rF8~oDyNF6QL}*k`qcNau6z@OTK+x%mZ$%~p(@tb`!|@t zTIo*4SsTjNI8s@z|KGBxv93SImZv?N9V&viJYA0naW%w(y%tg9%$mP4;Y18&4M(ch zV8?HHdZUXvaLdzO{Ge~(D83&wPP9-`9I09c9n*6@=>hFVb-!(o@PnSwiYUE`IB#vlrwMo|DqB*-pJz|is6?w4)jnSOI+G~OaI^3 za%pj>hVo?MrByxapt`e@s@)}%?1~-i<%zvg*-5&MLm7X%;lc_~pLoW*5ZR|yP-gh$n2@2Kn ziu|4}tT&|#JDD~rU{_bV@NffT)1=*qr_c5_jMK=)A;^RlkozG5pfTi9^b4;?m~xKT0i^_83Zg zF7eX-wD}(a`&2%{NDKEr9>?=g|HDk2tpD+D4%u7&$2$T9-X;ITqOHOIpt~2G|M77Y zs%8J<)0C(yI|4N-U|0Q*{k;CiXGzuk19^@Lc>NDk1ESpnzn#4smg`~4J*F-8wW`rC zNXY*PTTu2K>4xKfAeQTY`~;6U{f~d+!0c!0IGFk&M=Fb{AF!wwj{iZc$C~$p;q*U{ zxcmM`=OuRhkE^!ED~4a%ID}ByiBz2Rf>YXj{>Na;r9FYt3W=BYr_KKe*pcuEBQ4zj zxDU@m{SPy7vi`?BhwLr?V=h48UGhIH+8X>1x_iO-AFoBBTJ}F4r9@rvKN=OVtNzCU zUjO5lN!9%Rhob^s|HIUPX!pQxXHUX%9irU%{14O4M!%qQ|6>!*nwvOuRG6Fz>;d^B z(hk!DS#QO2eUOjiA*T=WQ4ZXGwq6RhKE#pA@+O2Ni6DcT0@kf_Q_=7w^I z?LFxFj~zO^+i@kj|6<1@_zH)Z{M?@c_g_k!`^KH&EWK*H?UeibEth)+<^Epc<=*TW z8(G~^i-1ky`nHk52yeBo!t>Bp+f1BntKE+ma#s2mv$FfAaCE8FwrJaKcuh9l)aIfs zs=p%4LZNyCP=s_@n?@-51)ZDh9gfMqnYIu+c3+_7K7(T0HO#WyR&>{ZXBi=W0X0Ii zJh0OoEcm&*2i(1kBb8;q?_p764S31I(qMxR9cKH5olncYIYi{={a)~XK5^a~t+cIL z4V!>E<$kQ?a^Ht?|6=0h?w;`u*d_8w1}EHje;Ch0jklRNS>yc~4yjlb{*wWs=#ufa zX!9Fyy4jlXei;<%Jpm{hEu7B)b<=ob-E4^Q{t1e0*D%L;v*@nz{!c~-m+^j%g9X14 zxgXs9h$EH7-M_M^7l82wM=;)uscsr?|7#s1c+Dm8zLKB!2f+K4NX7Y$$jN)F#(TKs za-T-IGl`eGd&WCp2gfM}C){}7kLRJr+f1CS@s>EGVj1s3fGE0Tye-=N#+z=oX1rex zg*qI7BE)!`6`=*=9UawL;$hBp4UcLs@$haG^t%C5X**crkqKSmar~Z{+0^uj+2Dm8 zEvIvg)_XbB%x|<_0a@8Q9Cc~Wo)0tC=xjO11(wJ2yPV@&Ak^|W_?L5hheK5?i}WlL zShTm|*Qx@v>hC#HSuV&oSkzb-gkw3!rtJNFSocwdH=;B4GD&q-qUz z{Bn+)UDScgIRt*tyE%&Q2R#qaH*utD8MM1bBe0X?m@0?p?+ zQdu-tS=0bKBJ~-Y=BmY_sAr4V$Dsbkdc*0)eMTQW$jZ97*!=X0hwA;(RcGqnbFr)g zJ(PFgohaq6$CT3OHQ!%1E)v+H-?vh_UCI&KWN`N}8CkqJCJR!MIH3N`3HiqH{}Atu zGl_n&C@AfR6EAJ|z8C`b4gUgz6aK~U4LlG1VlWdY`^E5m4yjn}^LGP8(WNg2i#Gok z1Kn)xi{Ts;>T>}oLcSQxdd_7|RhDa8)5|fuiq&4(q3l>-`?G6@<7%w8;<;9FHy*~- zDNA}cB5G@HMiFdX&ymV97T2+;0anp(Eba#gyI=j}v5A=>VF}Qk6>1tg>MNbPM-!>1 zU6*7nYWmb~V|oxcUNc9fJaO5oN(A0u`2&*$P-ljnU&)d>)<8^L;!^X~_b=}Ubc*^N^ZbZ~LrqJ$@vITKIS1syrTUBfxu8XRBl3W+w&9D?w( z`%198D{*#PbwkHnF1Lzu->Mws4<$pHu^7D1Cue~f@ zF#ggmp|op|ic>E++3sHVdcau(S2H-_jokpAhcM-wkUpP_qK%cXr4O8bt)OWQR=H$2#U z=*mYJoNz<;-|;-u(3y#oHFRI*kcw4Zz8D~iE*UzDHou{xo2?nT2cb}Z5P%}Y(3#b@ zD~1lc1Oytot(SWZ9b&nL?h-uW^yoGtYMi&=Hx#c1Q+*t%EJN4JqQ)A!?S7Ar;8<2X z;E7}A_HY38m;ND?es|)f=QDE?EtmFZP}(~ZFKzeCT)>7%4=_04W=_HLP%~#HPS(t= za7e{6bJYM*bji$FwE4{(-E7Uwy#@+(UjT{_GiO%b7R+39RBM8@Ir}U;YS0Ah-w&AF z*3txP_jUcom3eigqL&x2G*FWBf-@OGt1E{wt4g$IYcIFRqOQv&aA0gNl=D?xE^6s{ zm95Gw)Q#SIbH%EtIg{gz-f~s1RQ39_avVsejXrY%h+bBaSzjTii#X3`v4S6)%y(ky zUFjTtZnS<@)gpdv(aZVl9A*U2Q;3cl9An3PxvXOviRgK9>>^_e#t!vTbuoJ$r|2%$ zac8Tht8yi4&Nb0B60-SXPSa3$yv|DC+}Ny&B>!wtToOUw#l}V{ zS9E^%7~943GFZb_0#(h9)MNA%#JTDM^4q$cQ%hhCF;p?Ph&z3tKQ9uZdd=91b0w>K z7He9|1;nZwJym^P*k3nZ;D3-6Rkf^UC7hj96jiWI#mwt6`3}_3 z*lOk*@P7Y;hQ!7tRDS50CV`$J@YIbh#awBjnp?n}j&cFNFUFb4#-%jRM=fLvB5i(+ z*T{_JUM%LFmx-S~xd1&C=jHS8m5r^rs$R~zw~UKX7mO{1>S879s2@mWH{=qAZ%R3w z<~(g|V|SQhljz-B6-}%b%GvXaq)V5ex?#FW)|--P2c&pG!h1AP)#Y*t;-L%+koYDwx9t3chHj_o z1;wEy%BTU0vR*%a$u47SMXb2?gYayoJ99Y{pDKoNr9JYG+giG^qD$oxn_p8mE~l8R z0En5zj8#ZTheS5uzHsBvqUK0r&xvYU7WH}d4%GjQq%RgT zb*OW04wa~&OZ8(LjBBBmi&>|3ItDPSRY*x5H7?OsN_y^mR+1N_BK|>z*A>g8`J1)H z9O~ICtEko*h`N;hHh*S|<$TVf_S(FJvAaBEZ&o+3%qT?abJYr7u@$A$WgYyRX5djM zP&qG`=Aj0*UD!dELaWX-#FH0Ee~aauSsB+civ+b^c56A5=9*^xjc_p=d$8r zPA+D#NjuqDR_yJRGl^Uii}R*Qd(>DfmX_)`8{F7nS`$=ZXe0KsmQg?Ste#UBL|7*% z&UO?Es-?rcA`gsKGV3iJmi9;wNK?|XBuT$0y-s?Y^jOu{;fqVni)rdFo>S}6VPhj^ zdY>8sLrrEf{kNk39HT!iMWhl0x~ z*g?Vd6kJC^hJrm5yo7=S6iiWYn1XvLn4us~!C49_6f9Ek5CyNI;O8m$ISSrHL7jqk zQ}9j--cP~rQ1CGdK1#u#Q}7uIzC^(nDflJ@&rtAv3cg3de^T&c3N~MippSy9DA-BC zO%&Wf!3YI|6x>08YP6ug&$ z-=N@w6nub!Pf+l23O-B0(-iy-1z)D%SqlE1f*(@w0}9rXld*<^ODNbv!L<}zO~C*K zyC~R4!6*gHdttuG$HQQ5=QDbURV=7T&>QG~=|>sWHAZudQCws6))=+5s&o~tM0iqq7b@NRQRzO0O84iebYDWH`=<0G>HDn4 zN&jh9x6P!#th!xASFF0-L|3f3jnEaVZgDX8=! zP$_sn1;0hX7by4(3TD?MxR-*Tr@)|KU;~0Z6r81Cj)FBf+f2Ebg1r>%r-06kR#qtZ z5CtEgK%lC>ivng2rW|unq$@g_LHQyDmtm_>Wh(`=U9$2f3jT_M&rv{I7%KNu@Ma1g zqkuL@Qm&zZcH2-sO2Pg3gj7ybKua=|Z&E;0YL!Q9uKt07uTwx1DHMf*Cn*`Q*Xl%*Lw5=E#Z#0qS9dc^zcxEH- zy<^5h(+}5Zajsl+yeAg*vWA;Z>^@(PefC>fq8+~c@ol2&^f7dKV_w!1d=kRt&X=p? zP}hx3`7%~QF((G!dg~{w`){Pi{yCsNwn=-WehNM$=1{>KwY&#b^U3~_7-IA%=OOLZ%b*MPQ?3n z#`l)8PQ;zcy@(psTgvKG&gii|2`@6%Q9}ktc53?Y3Hmnkevy+8Db|nmQh&iLGDg?T z3hE%%Qs0AL{$*x0sqk{H***94pjvw#|xpj{F5;TfWZE z%2(r9AupnBR?GusV_9j*PIP2je$3Czzr`^_epB1bn1}XUK+Ifm1$R4r8KOqE)8sw2 z&5U`Rzy-w2Fh4VyIA+L)Zkri%qvH#RndAJ-+!exPOoEQ}=KTbxofN0WPuqeGu>HIa~-w z@!6qLAGQ6>bbVPa2=ij$dRlO8F0-B&F|3!TRn`u&xA7x;YiG!$e)R6M@1HB%z;`eZ zU!DNopjMzidX7dXqQQQMAM6K{0((^(VDE?k3&2=fZ4D%0a9|}G^8e(A{Mn=+U)=`e zo0}mQ7ld4lK)=n8?%AZ!UDF1-DDAb!h=$U`(W30VlG__vi>OiFP>d0BtLh6@3G7IE zC>m^vAMCYBfxUKhzzU;rU=Q+x-Io;D7p@xE7&V^d2m8{bz+Sg%V8^1>xWo_kTvA|D zs|I#&G}szH*hi8A`=V6>I~G@GpWp}k_N2gG-v-#1G&ihp3{A($YI=mRbgVu8Lw>j) zP73Y~s|Yv7Nc|N*+%F^r_r-0%-OnN2m|FW!{7}D>6x18rfXd-R3H#z|?Z&IPeW>+_ znurf|QyXA;YAwLV!F@45+!rMUcUK#5`D7bYXK&*NdrMMa`&SL@NOW8KGJdf4Bn5W& zs(~Gi2CMReEhhzbpbfBmwKn#1z~G1bXi{)*ZUZh~t&Q=J-@^~~T}gr6(+1dp4hqa| z%xTe@`^Ws~{wOJQLL2CIH~SIFa!lvTU-M)8UrAw0CxuOqmfOGZWBcc%uw|0MCPri1 zdNsEXv0K zIX}YtlR`Ms2ExH+gk`L0kqe_sc{v*55Zh=jj~3up z`4N64DTMpmK)AQL24Zm>Hb^$76pQEcQZ&#X@dN$Wq<|i11L#0AP$j1>MuXdN4Yw1s z4N((uVh*+eF5L_ci|bMcMn?}s1Kh(8aCcGwZ)pQyfSoC0%DEI{XAbkjn@9@YOWJ@p z+AKf2p~wqTPL63U&ho=NlN8Kb+khF=b3sxR%*D(CEs18USEH5oRs3+5lY)C&8*l?` zD^prwX;>iJBMip$NY(j){&G@4Z*K!=fNiDGpJ*xm4nMfxN($T^ZGa2ve_~3zh+TaJ zw3QWs7Gp$%{R}_YKTQhkcpG3R0t^uYi!%~v_XL^|B;<=S`~!jRN27j*ANAiQh5F7m zP>(gErh~pcn4@w2m>=iAC53aM4V=TxI1A#EoEKAUopvL@?Np#&keGm|nDV$A3BG(W^+7b?V85ux6yx6fZ+?vbkRZl{zC|pIG5*cE7jpYI7a?j=jsM+kxNzZejB#*Y z$dB=w1TmgW6l08sv!5U1Sb`X56U7+g;+*2gcp^cJFH00-jE_^~$0#R=@#TqPjB#>a z&yVqS31U2#D8?8s=NcV$>4F7~|*sB|pZ`Cx~%5NsPlW ze$IFKF@7sSj1MM?F~-l?a2>aw(}So<`8ls~F^a|}XLAm=LGdQJlrL5bv?1~W+tfN_ f%Z&bM{HNDnU(XpE3$))i>twA@)3*54x%B@5o1a!B literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/.doctrees/authentic-sources.doctree b/ia-terms-updates/en/.doctrees/authentic-sources.doctree new file mode 100644 index 0000000000000000000000000000000000000000..1b7157abeb5235011d561da3223b8670da078d75 GIT binary patch literal 48199 zcmeHw3v?XUc^)MaAOSukP!bhAXpKZYK#H>q;z3FjWeEa62_ywV04PzCsnuY2fSKiD zcRe!;kbWd~Qa7u1Vkh?c)J|Ntc{z{zL{(h3v6H54PMWwU?n!#8p1Ns{TPw%ON!q4u zn&zmDd(!X!XYM?9XLe_I2d&jgN4%Jw$DR9q_y7O<-~T@5BLkm4^D8^}Kl>)Ls_Erx z8KqDtR|=}xu=f-y`PznBwi=&m9Q|nH!;MjU$WXS-O3lct4SNUf$ZLA3V5sHB6CCE;eebZKZzrw>pBmuH&eajy{pFAc2;*Q)yB$<% zcYyr6@b57G-GhJkf~vu_im{kN@hOju0e&{f$CLf$?NAxZ*-oVd!iIe`kT@<^ z!@hBRs$uV}8G6G$mK+&nrj!eML2;zozTsFyd&MMHpG5`CyUY$pRfP6ZWG%4pM%O~E z?3cV_Js4^sS5hrYHRNj%mEhLGf>+Ovci_H#eu;?R7X%PV{X;R-H^020v%J@gBtZ(YV z6uh{7Z}7~^4@8+4`(P{bXlpSNNuCi!o(ikslQ&%|NtUKc>NRDfT2f6WPl3HH5P6oS zn?7}9aV0b&(uS&(Ey=1#tIU`z7*mH`K_0Oe(#^Qx5%tMrM4_>bl(K^XqK522OEK0} zzvYI7odIXLi}SPc*|}M2I;^UBI-9Lj)v{j5lvOKhR#h}v&Ix%z$VQbM#IKjB%G7hP;K z1n$VvVs1mV6j)28TcC{c$g-Mee}C<0K$7aLDkg05jfQNBp~T-d(P& z^v}=9hT!L}Sbj9(=fczS^t4aK*49==S%)U9S2i;`ltD*Rn}x@w)Jj%%O@{@^!njm$ zzG7U@IVVb`_4S<*9a>0ygNnZ)5vxf~Pz-?(Le5ll`*M z-1vG{(zBwI^2rWt(Dl^V@EhFwx@2RjU%P<}I?BdW2fIOeq{aqiCN$+pEE`us?wQ-d z%2S!XTNTctiIGE|b0#e5lpJnZygNiY>l7u#%CzuGdTIKdVhLXE?}3*-Eh-hD+57NN zdwN5>1pN>1ju0DPSbTiFb!5 z9bA+UD}8B-lbzsYG?te*De2RGoNBQiQBo4L9p3c-BVo(Ymk&Y(5^NmpnvIG6e2`O_ zi3B<`f!Y@_p(r-!dP+VB6-cmgtZOzV`(Y;eGdXoCGj<{~Hg;-){?08t-9*iRih(XOpfTPFUqxOP4###B zM;Mb#EHO(&%()i=@k0tWTL#9DRU@OT)>@`wtYxC;*46<-PxzqLX^Q6H~Wxrzad zuqptX6{v0Zrw?_mYp9Vg6)?wQVY;5T&5cq~AgQvfXu7_Y=)8-AUsW6FnB zGcf5RH2wuq4caO9rw{X)K4JRr6<{Y~!72onZM8hTbk?uaby%0$Y6gSAS+yn?bo_?3 z)(g(ii@c?jFnpg?3{2&*5Qhgy8B+~pjM=G}Rg+icH3PFAR@)m2udbnDS01JauEZZ^RtuB&&>Or#6>YCzPo>W!7LfM@247t5}^ zna_?*W}5_i$PsK@4AyJ#WCYk=UoF5s8Vh!rw0e=ICb}{?cP)>(Z$hAijnAxAYGsrH zLYocBkF4T$rM#~4%#ZBmcxEiqtjaeBAE5gKz@x7D_`Q%|Z^aPkPsgHvjL@H(UV7F? z+-gnP`-I#U6=Orj>`SE-CBD1pasZk5?V~v%NKO6FkX3=;Y+1K8jd@ zY3@om0$Zq7s!ejb$5_kDlxYAHo#PkboR8}`8r%>dui#5m~Lzcxm-DDmU5C4N7bcyVrleFpiN>G{r$ z1R8x=)7Lc_6O3yHI|?-Y4*g?Hp<2~Tm*|G6vgM29Z)_~Z@-{F&YPDoFz5+pC5VCsojre-~zke?ry$$-gYZG(^@ z8#Xo>Wx#HBco2qeEEsQ$y5?g?ZgCR}2FCa3y10 zi(ND@6{t}0+lMd}4}oPr<~0JzbSx65|3KDDe)iIZ6?tiHc~M?@aWN1eXhkMi+rYdr z9TQK{lQOGt7ggE1URBv^jHRx`RWadf=1V%f8kyM4j!iV{{o&Tf0uKae z>v*Hj-?9*+4pyM6VhciNVhODfq36}>(zMS(fI@XsEulh<3_9foRDnD4RYTuY^4Gbe zj$wU-S*`0?aUdf&A_oXP5;&GOn@1~dYPvhX9bJ+F595;0)=M5+>6cKDHXBRY(?r^= zx~bgZ2%UmLNi~|t z8SfJ3cl(DUVHMX{i>L z9n~;4k!$kqatNH2^}Le9cu4E4-(4G(LNF#Ie*0{BgBjaV7{SWZL00TxFTPi3oWCJ7 zm!1vM;_O0TkwC(7oy=Yck%Y*hX&G3=0;jl{Gmup%7ozB*^8pFl<^J~RQiX7BZ?Ob% z&jg7p?%ug$M-yRKO(f-Bn3$25mzo4?Yl3?>D@$2iYHq`JZ%yQ76Dz@dI}jmm_v8Z37Dp_8fpUuw9&&d}#+$Ybt-sUpaxgf}!cfxo+Clnahm5dvr)+-2$V0lYk zS7ips3p!f{uO9So3NuKnY5cbYsNpBFoNb3EeBwMWJz*IIL+6_q8nSo0(*OhOA+HyYkl+?f_dt@387)8PJ(lW36b;l`3qOORgOvM=}Nz`g4;Xj~w#cAB59V)(; z{$Mev_K^KTR>MlQtWiU!z{t{w14b+gx;sRHwQ;gj1rg`my2+Be$fcE?b-2ztTPz)N zme>wqrLeMYC{-ci4Bwxv0 zc`Tv3zlp$CK~hX<)){k=X1oCfQ(C>w50ZqAK6i9(dRkg^o-i`fEd06hI$xi62Ogxe zrOMWEDdKkXxP+l))sVb$L9E@UsaVIcB#u`KN^3@CLu$oIYvck2r@M6&lor9cAh;xM zF1X;s$Vl^Rk!6zLKt#NXR@kjpEKS0gQ)SC}N6l0vYHW`4TWGy>jha$&L$C3fnCh!XeK+ z3K$A|w<}+cV?1K-B5`w{#-zmJD`d+C+|!W@gk6hn@8TT%~F*A(Qw%`gw>; zVef(MsgyQV*F77tce_&ET-xFlJmoEf-0cdzS47f*KoL!P1&YY0lN9lT^uX)ITk)r< zh{ZC_u`7f{u}={>=iuInbuZO~*m226s{Qc9Ke z8jO*q=QTDm5e6If+H?#M{DUe5IgUH;BTERQE6g?7<(76OGc1!m$|FQVZBMPNY$|%m zjWNfzMviUmfD$iu;#5=!dU-_I9WzUWV516JN)989140Zltw?2c%PT)NETC1?G&V)0 zCZ3~m3{maAxuvA^MruyU(p#Eho#st1B-!QBZQsy96Jeot7_Ek(mauICH)zz?m6X*= z4Qss7reJJyQ#Bu>eIsJ>3bu@BZO~wFE2>DFa1{&E3p{xOHGoq|$wp6U!XAQwTIj8OdjdlRG3q!~jd=;yb zuau-UxE78=sb!j?z&jzVQ-lnfC)`8l7r4T<2ne@U;Zi!%>=sRoj25t!0z@X@h_o6D zqMRT`NVh1Q$D-+!40@qcu!T0qaa4pVwI0+;RAS5VLv^$O|Wca^#0W~{gj%Pv~D;^)ZB(=4o! zcODwAS^GRdbm}05o3$Y{Yd?yo+O^r#K!1klIaK^K-&*`E{s`vmFTDd>jtBwx5+QU1 z;2nv`6M`=TNOwYjO?!%OaLvZ=*wjG?-XaSSVXDGDPrHVxr6EqQ8IH~=*w`g$gjr@r zLsr9HNEfznuhY)flZ~%;EgO3w8((ADD1ID&JgxtDG^yQtNzwWAR5`^)poDIl6}DA# z)S?Pkm^`4KJi7?%@%wnQYdunWhgWCcM%LZwGj@h5ehW_}H0s~vTf;=nMiJFpr39N< zdnSc^g_fj}mq+t=x~BO6Xnwm}n&bPN_Mqc@HS8N?nuT8c6!P{vpj4^9o8WCf)bf<0 zzVR<^Z`vV%N1V(J$Ls+02r(gZ&SxZnV1Ju!nhhnGEWN$=`Rxx*$*Z_7LH|LAIG8q31q?U z%H^*PP*ncdv6m?#MvM1yn1FL4w|H^!%CTb-eoHu%p0Cs}7t4@ne3S@Sbf8M3$EGoO zd`+4_Ja-u}*@9ve(9@v^otoEZV6lWDKMOH)lS67esw*<1xEL1Wet;u^$1s}cjvpR9 zEiKJGcWHiUZWg0~mV_O$ktZ2>L<{jhHU-4K(pUjgrpPQcd2WtQgw>g5h1YQ$)4xh_ zR1BElNfgl6ey1ajsnD1+iUq|MMZCF1X?>Y9_{@_5aU0Fn+tMg%TCJ_3u6e|i=M*Bu z*i|PIc0xI>fR&X4}m2dJSXs2#+G>jyXi8)pHP5=mNzpsNOcPLF2ju zOIgQ;u*jNsjpezHSio&^7@yc#SebizX@2EJm!A{F4^f3}VtKn>sN3~YMWL~1OXU!A zuV7iE;&XL*eP(545#o;mxIJT0(& z>0Cb-7iq5V^o6*QgXtGV!C0b2pvW6=;ZA(BXa$C6NYJUDAD&9#VucXLPnw`Q<=6 zw2}siSZ|s}XhN62bd!miZ(1cH>{y&ytk95*Yu3qrIRlAp+5vB%?AS4(>odbtzJ zp#9(0rj==@$#jEgzANSR;PBh+F+wjqvRfj&9=|{Pg#?b)Pm%92a_L0?E5;q zO#Tb#DU+s5?7?pHm=ms>!NQ+Q&$kkIpGnJG^D%ri0ZG5qMAD7Y%YFt93Ej=A`8s9T z&8(U?>4BD6HT3G>teQ8kG&@EA54fJqOviWisDl^oIABZf;^#n8!uZT*`PNXp{PJCn z2^6j2yPhvTHWBcABN~l6-(`&a=$O8OWA2MT4N((O1N*kfu9Yx)BQ4!7UnTww*>nn7 zx+ea=uyDh~uWU!3%`XzY$6PIbB?$0tw<(D1G6tTf9zXX%boV;}cFna1IApHf z;x$czbo!K{B+c_QzXvbvYM!P<546nFq*n*cwcTQ_|1b7oeTp51x-qlZ4!`&xS-cWW zGl(#=_RqXS`p+yP;n><2-Wf&bl8=TB5BZl-Q4666w?tg^1?9;Ey6768Gq{!g%X>Qp zMEv~eq3yFIO9@KvS`x4HAxq*GuPaMZz)QQbBqe&F#gfpggO+5z#ggYtECME z>*N5rMz_wo2#+r#brs+BUq(4>p9TJW0w}Hp_Mn6;uv@&YEb!mOOS`hbzeEqTSYUc} z&;q|r7Wn_icz3g~bkktqb122X0wVipFz$Cu*E>1fPU8h4ypTB99(*VmYUlHDf%c|3 zuD=We^iCx%%AnE+Wm`PLy58OHHeaB>0ntooYTsljW>eeM*pB})%AwiR-XDmd#t!`m zQ1|(<(YSm4xBYPfXs+q?poL7YTimWp?|1Ohu1xQ)!6?&9uMV2tC&SKf_hVi@Ee@(~ zOc=h}Q~VtisA*b)tppV`p;iYU@pZbbMt7bVJ=U#pVR;JmaEtd)JaPRR@bk;&3 z54IXLpXvLNWkTJ$7q@cXaTg6g`dQFm`RMrw6rOFBsQxs=mqHb!+#b@A!jc5!Hx09kzl3Q`~gf0xu&iPx#DSOU{gy0ArXLe7C1qP4HBRnRwxA zH{*@O@KAzRh3A^nQ;v~~e`{c_xf9=uzqMTfX~gE!2||hC0@73d1Tp{3_K2A2CX1PF zfsIwXi{3OiTy$656Pz=c#fOZ=Tt9!tKBm_N-{Gwi6`P0z-{D=vm$qvLW^YBk!};8| z{{rkj;=iDI2|EUgIj08C_Ooxrq_47xCCeCe$YHJrK6G!IjSn|Qu{%ozE6f|`ci6+? z9@-vYM-AY#8|(wv2M#;7TRAto1$&=3Lwi>>7VJGHKGcp`XlBD6p)JuYOoPi{K{IBd zV9O^)EV}UnoS+IxJG0h88(kccr8{$>O7Cx?xAA6m5VmWI0 zDt->TKWjz_zxHD}Yi<=YtLQ4;J%B~J-3@%#<;e$=s5u5IM5VLHtQ zcBirrU?g3y=CJmQ7R;K+@-F8Lb|mLBIhxj#%a>@cP`bR|eZV`hk3QXNV7V;q($+YC zqdlxCCGY2eJ)&OIK^(7_7B>yp0|j-pwvPM`xL+&B9fqoG;LH$x>q8|_jkpnNaMP8hEQ)^!<+l$w z`9{1ye4*)K`(`RXM9tKA0$g5g*!xS^5W0p>(Sz**e&2`DphYZB%of1cFpPK~v`pY|Bg; z-o$5EwyEmHb|UqRYYMC-DpvLza$`)$N`3VUf zAq|7zl-D7LB^^@?8_(YSkbR)4R&(A~B7|ojouM5rbEF&g_lUi{aN5jNuVVsgnYRpU z*tgN0TmamO9p&h&C=cr1Q8%#66yoWtwJKh500xS8qjJr_YY?DHUN5gf z41`@cNR|Sju%`R4GX>`7KJmM#(oQ`B#*D zo07LE`BO^%GbMjX$#*E(hyB8eLzLV>$stM}q~r)C6O@cm@+2jXQ}Qe&=O}rJk{2jh zr=&oMMalaq`6wmdOUcJ6`RkPY7$u*f8e? z{)m!4pybaf`EQi$q*~lT$p|F}D0vShcTw^%C8Lx)Ldg^*zk)WV_!Ub29wl!eso6tR z>%5~e`6k*I>)KcA+HcmiH|yHB>e`>wwZEuyh1a>V>s--wuH-sbaGfi+&J|ndO09E+ z*10n4T#r8N+$*nW7btbjWgw~nNIuluE66;LhYfRp2 zHSG?f>*utegp#}gCHYk-$!|ePz5ylqw)VF6r>r5`UpnfskK~Qj;|@Av^>~nuSUo1_ zh}GjsI%4&BmX26GUZNvbk99g?^|0uO)#Iad#Om>JI%4(sF*;)P_*pt)_4qO!v3mR( z9kF`+HXX5g{2m>#di)U`v3mSD9kF`sBza@?xS5VvJr2_mtH&`qV)ZyhN30&Rbj0fM z938QGyh2B;9#`pz)#Dl+v3h)rj#xcDNk^<6e~XS-J-$dstR7#XBUX>!pd(g~e@REI z9{-+>SUvs|9kF`+PdZ}t*h5;t>Tw$#v3lI+sYjNMSUsp`!Ro=Cmzupl*o3mJ+@Hq= zj@&4~emZB!SrYd-jYsedHSc^DP432OrR25BeDc<&liuA!p&W9VGUO{gIu3R3U5TORo-itkU_&Y#Yo&wuH5HJ=y`O( z)1#PYdceGn&9pYeX|Ly@4LB>WLO}rM6gu{6)1Yh_i$dTatYK^9?b;vyrCV&p4Lso?(?;PWQb+Xs9X;SX z9f>bb0FM||NRXwFliMDwogD0IX@R}72e41J0Smy?2Pel8onb6!Zx8tk$szw_T9EJR z0rJDGkW1^b(xF2CadLG3FfDX<_kgaQ^in5=YV$;9ynR*vZgQ~yIxVn=w+ZY-=0tn2 zf0i8Ve@zSQd$tFxj86}@2YX;o;s$0fZtbdpi8I3YY#Z1PVmz80>;q|mm9`D+RQsBJ zDmmCE(gJ($wt+p_9_;&)gMBeAu=i~f*r`rByO|uUnHJb1J%Bya+OYC=_T)IZO^-a4 z>1dCCI62%ON(=7&+X%OVk^1@MaDOH(xDWII_mKp(+d*r8Jvr2Wk`~kldw`n2hmucq z(%Nq(2m5c+0{c)8V3TMqz;=TBc5=A?JuSGSJ-|&?w;go$;80>O>L%QpiWhZs+rUn= zZ)=Yy2YWOvu*bFy>|}eeXOn}SNek@5J%CN7wH>% zD=n~c4`3q#6d3hV%=VJoNRIAD(n6Q%0o~D7KccwRA^7qO$+7*Nw6JB(?WQv2ZT`-s8_0+9Xe5;Ne=JRX~BD>2Y3+` z=*XwMnQvc#znC21>uDi;v&b!sv$TMo?g8krR-i@2 z*k}*#50ZoX{j|V6)&saqD>%&2lpdX&e6&5l9eWeE_Wvs_fM>M z-HuyRab_Ox0p4V5{fUMmFKde4p|zMy4)a7>FyGq)%&5o(<_T%CGbdiAne{vgy1mdY zB!_!GEx1qg05`(6ve3$#<1*PEd8|W3N=pt@O$+FgJphfctu*@6z81efIk@jj3*2-M z;G*JBEVLW7l7-K@nN^wQShWZHx#VC!n-NMU5Au(bgZ#s^ zK+g35GQwwfDiT%N9^tNiiJhSvaBC{w!r2}WM$E$8n#jwh(IG1Ep5*xMN(jB_}Ry{PUdLfG?Z?fa}$ykX~#*{rd^qKGup}VEz@GqtX z|GW=hwfA~+uzA(eUcH|C$p=kl{imDk{$UWJC>4=1ZOka9cgC0+TF~| zN_Ijh0Yca96k6DxK4{?peef=nLtCJwh0;O`lon`9TMjKbhn|yDpe=1Vw9rGp|DU<@ z*qzxO?T&MzyYskn@BO~}|NnjeeogN$eEW^-_&;l#QBk$hg|wW{m&$p?s9PKJ`H zDVg=R)NgyC{(SwQ)vwE|M!Blzl)AMJF># zy1{v-4Ltp1I-NfEbavpS*Zea6e)Xl-{90YzaIUWQTkGeQ3zTb{*e}+pR90U_MiI=q zy4hHetpV9Ib#0+)0sCf7Yc5cYT7LeRyhQ2yD6J{ABaWqE^yO ztz0tFx?$F>^+m0u)KBzQ7XbPiqq<<2nh6TaC0|^ZeXzGTold=KL4Q>W^>E}!N;Q{@ z0|Tj4>YfEXbKiiVuLp1aU-j~9`|S?PxwFXwgki9zUIVJsJs|&j{O!fxjrh9>RP`;E z^<|mLN}1Kw{p!tC^%iwdJ)j;`Z#&V41n#JYBw$^+px0%Q41IFQ_eqa>tJ(w9x7%_B zWDgUvoT}u`OIog6dR0nWmX{P@Os6yWpYM#!bUB;T^juNNF6oL=%JK)xvVJ~otSk`` zM^?4GsUArUkGX90^0$6I9_Ti0o61PedgLMq8}QIT;<#LO>&oG=y46$FwYqgEJ~B#7 zF6FhnY)iFu#i6?TltHYXLIun?%npQAg!)8iEwJ#0*Fv@AmAq{|=t@3YR7_LRr3)dI z;MBsbThI5l;l6cxv54R72M|jAfe7jwGq0=J=j*DhKIc-cI#h27rFu1#>Mdj^ny7w` z1b$W4OIm43f;BQA?viFgwUtT{RtKU#Uo}lFwN%tnus+KbEd|9el@bg@N-L$FsVask zr-b#9pM}{_QbxH{PUU4pK+L?N8}!w(k}8!;_#;);Ry1J>9>07!xaQ?`Vdll!*^E5g zTI>iVPY)wcfz|NHn4oV}3)3*Jm23iS|hEf+j4LSJE1kK|@oUL61$Y7R}6}1`CpbaVg_@S-+UI9~6sAOIf$SnU$-i zTGr9QQ;h6jx{_aPAgZ^xB+0Um6Ze4!|C|ty%Tpjh&h?Sx1Xan=gzQjy*yAdm%?L^^ z5@=w2Mo1=zU^r zcn$7NYh+`rTf2b-+RDaQ8@oYiB*q3MCNyPVBpc@f-7}|!mB!Ltw7?nmizRs3-vKXOT2v}PWADR7?dlEj;_rXBF#@~Mmx{`TG=9q!89$k#vLqKJdu_tZOwVTKUooG#A2Yu9;*XY1ZyA|5eLQ_Kn;sq< z!eDZ2JUuv+9vmDWq2KA*V-3{wDp=?;d>Z3E@KoeU(c!op#Sz9tiX`SN5p(=8-~1s> zHk&%uj}<+wDdu9jtS@D-Hj|-g^Gsfs7fp$tONFwbNChm@NUO?%Bo~)x#!y{08c66V ztommPom-E989_kz84I}SNVu~$+<8w5V&__>Nl_24Sw4>ijG!t2o9U}<=hlNdy=JJP znF^ShNSIEoPImw^SgT4Yr(dkl5<)XnB?y&nJ*eH*sxM;!cQ6v}3A9A8<|+*mOgRdGLy-V!PXV;lXS`yIZ7@4S!bFzQtq1d= zE@6843b4bGU}XZ!wpyAvd(^AbC0Lj0LK=&}8Ko-aHQd8mYk7O=MOu}MSiaB5I=1qd zn1=^Q30n;$tl25pRg+VsMIF0cR?GVN2JroCrX^Wl^wo6Wp-047K}3S35tNKXQu0co zVf zPcM8tcuzbIT$zZil(t!KRSv<#SR@nnWQrpbXVxeZybY{`h8~vPU||>@3=@WaAq*8C z2Z4tk4M*1`3ehDH&<{sKXL~<4bNb9mjPWqKb0t(adZ)!jmVYdHuM89BFu;9=R<5l0 zN5I|_4{F;nZ@Wwd#_>pu+*7dyU3zrVtKLW%^YzRe@nYGPR&tra(M*G2_uGPvm;QS7 zKMVoeY1RVlosnSYNUP7#)VvmrF|u@BGND z45tUvjjFue{{hAK0S|lU;diG5J1d4je^(^>y9xdAiL<9X#Ld=}d!LZof~+q~*nKG% z!^C$zz4jp!_a2%dL2CRg1cD=x2xbVu*`t%GyGBRv@=!zyOyf|(7TA2HTxpQgjrw9v zqC|a|=ox2(XCAJ*1+Gpq6$tN+L^wixO*8B}f^Ba!gZ}x( zuy-DIq!zUiFf?C*@BT=9_cOkkDPQXwA(S*{#GQ;>8C}VUuEly!paF?APZ5}Zs#a=A*kG8fEJ^to|7`3qiYbv%N z^ub6%%S7l2?nmN!l?YZAw|ua!P8F4vmB|R)P94 zU+x}x?gQufJ3iyk(An5*zmn{C-U62MJSCocG`O}0Uy6!~k*z>D6^Zb*gwQ4*!qFkT zOg<-9Dt0O~5f8dD_8qGBh^;Xs?W%03M=(PKzK9_V3i3roZy=}N{n95RfrlO~Mu>E@ zr=`o{3R0&dNmYo{Q>UkVQ$gX|Y-uO3v*~wuaClT29LvyAEgUD%!A^t*>sn^Ks^(Q`U$F%xid3UnaP=H=`>I5Ns~^$atlMf4zlDlMPh(_bhBxh>Q*mOkU=^(N3<=qW&kR?E`sk5qwYFJfB;0o|}Vt z&iGhxWTi0cduHuCra(^RV(JV})6kh6Q8Qt$+>%)_O6Ca3B}5Gh$+ku|`ktIWJ$2fp zLfpE!{Ys47g3^HVk_C}*bwTmY>g`;z0n+mPqg)A~0UHdg4cz z+Ooa*tny4%(-rat;PM=N=wkjz49pJ0A8KOwYF5Kd3&nEoeD;}Y*$h~Q9TE>%q~As}MD4cW!93JNurT zr#0@>DmDkCsLjGrR-6^5!J*?j!?j6qqPnHLIYudi(t_hv1yNwu-CmPQ=2J3T2hq~^ znM-=PT4{Pky#TlxDN;YI>7{D`o8)REKC!(roY+Njbq~?DyKonNK-aza5!&OFKTBR7K7=7pmXt(aU}x9iE}-g^AQJHhmJ*+5SU^CX2GRddoWuhI!Ao%>ih2^wRVICg#(8g z3LlAq$6@J19JOr;dspOQ)!CheHq5?rOZmk$ml8(|3V*TIQpT#w55!3IeTahs*mW75 zsC{ z!KZN=MQV!Lb{F@~&{QOK7J1}Ot~(5DBe4BZxc$dAvE1tK>uoQjPSe?gsKKW5_Qs}j zJ@wdyHrO|APP<~{6jTRnF)oNq1AOn*0u<01mY)Kz3K}9da^=q1Q#D6+RS0F|?u6L1Y?W|0;NdW4M^Za^ZTcyRZFh#A6$XJR5tka1;XtavC>OS42lI zblQj$k9Y&eX`Z^-zMs4iOP@91Lde%oTw(1|E}-XXX1%A`g^OACG537E@H{vy+>JsR z)-|CKF-eDLRBSt%AC5pErm$T9bUbZk?ZSzLl2K$Mo5jcv2>%+?x+-$P*#8AC-9=8L|ZB;Mg zZi`vY@nk2xHR=WGMp!!+%Vo2Kxd7iA@V;>|1M>Vk(ooKC+C9i!vQ88;> zZ$H7-SALSE0aI3Z5=3^+2aan&&_F(7bj%~rav+*!Ye0oFIC0x+?NBagV2!u7cu#xt z%0hJs#oy|<#X<~Sk(cqLpAMBMG&5SSSzEOdID*$47$0y8-)2>uD7h1U5`!(~of z&X+79(A5=<9RX2VS!{=YJ3x1Il8xy&>f^+5S-EyMFkH89yV7**_T$n~2)I*y0KeLfc`h8(3xv$!R3!5-zdVQeHxE%)liG zP&ucS79j@0F6<;r0r#8@@z|9iGLvm(ByXPQ>kyme1vo`C%!??3swgHhxf=WB^BG1_p9$wKd%0s`dRfe>Q~jj zR==r!L;bG$uj&ug9~3rTf#$83f~zUmNx?n}ZloYX!5tLbL&04X%usNYf=4Nsqaa7Y z(-c%FSf=243ZA9lrz!X;3VxA-It9N@!8<7UFa;l^;FA=5f`ZRe@Hq;;M#0}u@GS~n zqTqWJ{2K*7rr<{uY`zjfKLvXz*iFH$6zr#9gn~f|9-!b}3QkdQoPsAPc#MK23i1?~ z6g)%03lzMXf;Up|GZeg)f?uNG-4y%=1s|p0cPRKY1%E`rmnirG1z)G&?jefsUYR^^=_N{yFmLtG>Uce!QlBwx)iyrhc=gez&Inu*M=%WAUi5 zXw+CNYAg~p7Ka*(LXE|s#v)MT>aTIt*SOkiT;(;c?iyEhjjOrFRb1oht#Q@XxLRvm zr8Tb38dqhFtFgvaSmWxean;qh+G<>7HLk82S5=Lxsm4`Qwui1*-EO5TR<{wlVs(3fu2|hp(G{!P6LiJu zwnSH~ZYEu^y1hVGtZr|lD^|C+(iN-QyXlJ6?W1(X>h@{6Vs-lxU9q}-ovv8jUZyKn zx9`&xt6LArFRR;jx?*+POINIJhvE#p?FYbj9lS9lBz5`(L_Zb=yE1 z#Ok(-u2|h}qAOOnG+nW}(F%3pS<)cBV#T{e&sgzj?ZZ|)n)0y~kES7P#iQXbD;^KU zs@4{N3r$ws+LFWe1nSOEufTpneK8TwZkzm1?09I8(V{Oel#6bo&rx?ZJal9C2U6@8 zx$;Ll1L>nnt((+`zq&Ck=M6?O=qcuK6b5~Py0r;&Vtk$r^D1x-KIuGv3$;<70R9tK z7%$e(qU(dz5p<#)2fdUrCReu_7Y%fj#8Y<^BNhyUGuLBN)k={zp(rVu)X{(`RL&rVhV$NBevF+RuLR7<_kOH=?$h^JaOHtzKtvbA`2@Ofp=9&&(b@ zjWL}w7_@u6j&Jim8VK(~!Wh_-BnD^KuxmoLcDfyLK`7CDuy8fL3QkoAcy(4~c38Oy zh~6Cbo#AxiBDP9imW?PbpX2fQ9BspA6O)Auz6kOt=)<&2Tt1|SP%AohMunK|!?q@J zTDy<-pkN^EO_Jo(-s;Gi_{dImhfF;vT;E^Y0lp)l_}DA2-|KE`u!Zj3iY&5+q~ZfkUJi;wQDNuj&G19YvVR}2Q>o3=IB-;WRW zqe+3i;WB}R+r!pizZ@Uzmy!az_ws-xH?^(7emg$cmy-hf6PFEa8!_(N5W8>EgQ%_g zCT-eMuf@6XvVk3IU9+k9VD}~kHg(y+9&QcxNPMv4NrAoTGJ%Cx*VbU?J(T{NbuCcS$)^JPl;hs+l?*7XNw~dji#fST1QgG?tSmIIB8oK>=#;Dyk zTKmrUP~V;u)LS}$8lw+IzF}L7@gKwo`>~|J-r51!I9kgNQd`6Q+xT$5k`&wn9l(uO zw{3Lx-{XV*PEueGUN*2Jt!s8*W9(kk21HGy7j@fZ13TIp?9K7P-jo#BLmhyPr?qW| z1NX&;dv{WBZ|?wZJgsfhLw-eku#Y4K_Kps~hD=bfFTB>0tH(!IP70mW0lM3o`w{R( z+8Ub`AKRs*u%(m2X12!moAI%|D=BQ5q_8QivHfv;Y=4*(w!x&Zoo|ipAL3*CyQHuU zC56psjqShUWBZS!unl*BEz@jET(6<65pL~|-Kp7xsEKrHMmj(^*o+XzEAdY%k|)sC z5D&(OcuP_cM>~LcM>9m*i&<-U55|Xge^T(qI)E1rXTkwy)0CwYYO2c8_Koq9)R#xwnH_44b*YRx4GqPc3*3 zIa|ZMBR<^Ql7f3*2XI4dtLFz9OKH2GYz^{r@j?D+QXr=~02$I}cil_2M)*>Eg#VNj z!s!kWhL~G&1lbzgkK%*-pQOMYO$Ho!ZEOv0_omn#psNrykq*$Y4#0)%pLHBKw#GLY zAD@&IzK1%%7cvgvZ6NUL*c#yR_yCV31#qSVfG3+RDEV$|?}@QB{Cs@)a#HY*cK|{w=Kk2M?y(pa1{> literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/.doctrees/contribute.doctree b/ia-terms-updates/en/.doctrees/contribute.doctree new file mode 100644 index 0000000000000000000000000000000000000000..f3711d438b8ef0bfa3d8760b54e16da5ea896ed5 GIT binary patch literal 46009 zcmeHw3zXc}c^*Y_m)zxRmy)O_El9K^aDE2*8K1KTIgByHlvjvq;t6Q87Mj+@G9oD-)_>e{KD+HKuapC)naBu;Y?*0G!`u}_1-uELv|4Uogf6hLuqNwF- z8L3bx8wJ^_J39+TzFLyYcKwIzM_#MHt$x@UFr{_NsG51X?rcGfyrSv_Q!dx9;^AJ3 zZ>zeMX(X^CZ>xvMk)hbzfO3xmP<2 z)r$XPS<0`P@(PPHaIK`DuqqNk-B~eZOE%Z!dezxsOGSF4t_&&%lx@yHj?;u+{T@3H z;I5S=utvG@Cs&YH)Us-;M%l`kmR)zY>uOo9pY5wI1N0qMb=k628x$JlKwQo~*gKfX z2(K=iuL>xK6DI`4F6o1Vf*?GxY-Zmw=+U{VRr9k|?kAvAS|dd2>~HP#IGmRt_si&h{gL(P~5j&emnKE_un& zDM+Z%gW9fxx8xTbvaiw zWx1SVFO(#6HDj$6iHH;HYQa`c2;)%YC&>qwR6izU3tkOR?njV<{QioMiqo|C9)J)<&7?dYT3{E zrsZJDg`6(iwrq;mA_}2V3JbiPpWKA|_UR=ees>T+B=rx+P~ZIVx{`ZaU6GWxa;lXE z)q5hTUXP@D59x^(s^3Z#eqA!lYPl#v8(FCCqH065<%$ligQ~w&wQW@>>Z$v%} z1jClgP!NJz7G9~!mMsaM_K~hbZODRUlntREAp&9+WYeOzO0rNk%J@g3tgfk^DtO`M zeSxc&?~hV1&i+>9(b{4-k~}ktJQ-TUCvRHU1zV8?`I=O!=(5Gglb~-4M4qjvmQNjN zTmg-UP?DvxE!c*z%or0r#^k|9MILq*(oML|iF#i$qR`kz*0TKpq6VCPTQZBX-*Q94 z&VaMrh51?W+++d=RSnS=1vbH2_agK4|A>ZLIc|jfje~R zVy-0H611h%DNu&;(4w4Y$R{&L!y3oA4T$puSu`tR&>_R80?hDOhx}MM9;;DTdgtd@ z-Q(x(Sbh}Z=iDiAdfKOAeSJM66(I>lV=bdX7*sU1S@hVXs%~djRA`Val#7A;hPjb* zZ|HilnB)D;oK&?H!$b#9wsK>cN@1mms6M?YN>YFme#3`<)vF#iCqo`N_r#JD7Nv$H zeXf$}jBw3G0!?giQ4y_%xE&S81LW}MhZ@f*6X}T(CFZelZ-;D5WRCX61`^nm zjS2B+TQ(>S-V*dGIFy*j#=*|m5TPY|W22p#_3FlCdp0N&>9IkHd2GC?V>Wt}l*t5= zGTB~Iz($IaLWy~7+}AN1Q@z%WsZAwiQk-fhDPV)1`#QGACU}aoA#}{fv0m9|ZhX0x zYg=PSaB-T zbF0FVXkz35@0@v>bV>}jEIfwS&bnC%u`=!TO1f$K-E4Wh9O{CX9yKaupt<+KQFFN= zUV{A(9wWp{Sg-cXi?3PV9LvkIk@clVP13AK_P5lNpcdgzITv9a@?<3nN?(xTJuQ5GOnauN^Ea zAy#^l6gN4Kmxp6{iK`_&>W||s+9Rr#1a$|09$+M_IeO}YP=-7<4tLDPL~nhNbdSXH5~o3W9K{^R2!yR|@~KlU69G=zk76i|6l;k; ziW!Y%V}*JibMv#)i@uP^Ra4aEYZ?4CDiZ!=b-5_%qPsR>XXh5OOV2N5pTdmqllVu= zrVma`UpSLFm&=Tg9mQaB>Ud`CXl88e_yql(TR7E3O`nW~E-N50{Dvnc;$rxrai?x|7O`B&6rnF*_nDAl8B61*HR69*n>M3 z3-_#Bs%LwKyDD$A;#>{mq@O;{XF4v@Fv0Xi58%;QfMinuDGeyE#ML(ZIZK7fhg~&c z^buPBLRAgwsm4zq=II_``rq}yj>m$P2rSdp;`F7Hewh}bU8>6&ECOfcs#s9*8`@ee zxJxhMx};l$Xj7ntX zb;F{n0@W=Z9c!u?{Z@e<1bFc8_#E&$kyt2Qwcait9urfsOt_ONjXH6$!z#hdz{+Uo zq1i1~8OFz=D#L(R87ct|LN|RHPIgok;&b3ZKNbs}>HEd`3m4ZCjEB*kE2Fs4JJnZM z{l}8`+Bjj30^Dz@MrAEH0`~9tP&Xa(ZuU_RgyJoJynqJNywpP9aN z-bdW3O`6oOCCt?xI6M{=8XN1QlCm-`s z#8#N*p@dsu3l*c%R8M!BD|wL;4Pc^s>_fQc<9gh~)y+pegpbD}94CYqrk`Cp9Z)%B z*+3bT3uH^d21@vu#lK_6k>zj~tDk`kX%>FRhw+dHW0SPK96u48<5yUYFU~EnK7)9A zdVcdp0*$_?s6|DDfpOJj9R)JK!}u5`RLiOkLm07Q8e}sfa%B;xO80tg2hx<(U<1L)EzMt8NKms~EnJXc%9}UD zh9X8gTeXN&*<=lFc5J*^As>j28mRX1F?{mQc(o^12$JW|W9lujOwDqc5HF95q`<_n zwv&({9X2)@rND+<9y~=i7MyR4dgfzCYH@~uk>B<3Jr#@ZDTZ%;HqiRUR7#pNVx5e< zfv#js*J3*@Oa%(m`|U%Riig1Je#~b)Bu~d8amNp&y~Oj+o?8+x%`ILOmtMFSm>_6H z=CM|S-Ixl)Q;ejn3c8E3Xm3KBn#=PaY@Jv7D^= zwRd`HX^vzaA}-FHo1a@)5{awC;?AbST-dOoBV%R~b8%U+(AUiCDta{{v6&s4XqNkf zt*-@M2++1^M4!J!uNrNl1v<*MN9Z%Lgc?NXS$RX4_BjYpD6h#n3e?PCP;NpL*g(Ew zs%uhygALTNtdD6{dn4;zh?pD^1B4z5T#IYXs}=j2Vh6aRM?&CbJo4GP!r4kchaPD& zv80_M(q`o~H7^S@OG!YNFvhFVw?Fm<6sJ1JTrJTSF5%?m8 zFeoVKve`t=0Dm)3M?yD!TC9lLu{kY0X4fNiE|yf8NIidHHZT&JvT8UE?#P?LhBQ39J6#Oi$~3^)sFRvylBDa%hxD@TRzUagE*T~^fGrkHgjw? z0R9~_A{Oj?h0)p@2zQDm{kdR&_!83>+sTZCAOQg+!FxUwzGlPXdJLV3W$0F72tDnFS1fs+o(QXU&rri_-kmHpdkvo99vjSD zoq5CVXqYPo{5F+-ni@C^SJ^)JmgsWeku!YSSSP;gZxk~*5IUqOyC!D6hsm>{NezGd{-zQyUeTTJIEQvK_4phG>TZXeghC z&L4JCN{wTEZ^u}7hp<8u>{_nUDs)a)(a3n4O(=c7!XKa~IV@0@0*{@~jf|X9?bFp| z=s64C(4-%q*$`NlgS1=Oy+0~!7*zod^nxYJs{;0cpfz5%Q!q;Oz^e~_!Zhs3v-$}M z0h#3OXWD{0ON~`v0rNM8l@aDwSbF3xOsySJP2R)&W9yVwLrPdo)PJV2;Hyn$Ktcsz zkvj9=W)g^@#j2p%ZtV|=vGy}0@YL#QN>I9oTabIoaZiX5UnBlpf>LT|#Mcp(X~a+d zEvJ)LQ9@)bccNPNqKbZ$@zA~z`7q)j>Idmhuy?Qk8U6@vdiwbJ%q?5CjEr0i6g{i1 zp&L}?+|@j^+O*Oh5NK#~PmwkRdXy?8=}yw`q>M>POZvLBVKurFR5h7oxN~X(t=m`8 z7eHDW;Q}hVAcZRBLEBCQ-e#57#4L)uF1V`PlcEBqNN7dT zf&)Di5)`~bb4bjy9{%X8v2k025?t|xWm+szgu^dGsZq9IbYYmZmy7)Jktk{S4AC4Z z4Iv&!usa6X=?pu2Lic@X_&gHYtmD^^hTle1l7{DZq69NSD8awC1?DqJ^jNfg%|6yA z&vCn7%YPsAS)MH2MPTPU79y(^t8ch{O1Y{2eA)=;!xoV*| zMH?E8l9r%l6pCMw4NT&BnnEqRyZ1n}TuHRkDn{3R0m2C4#=aJL(?wMl!7D+34`8QW^QS>?&DU;fng9d5lS} zV?Yy~KTJ{jx(O78=mR*(7G9*j(FSdTLT$ZfK*11GE7&RM>S1qc#Uk1>jj< z>H?PoG+%D#|L=ZXV5+XE2X|~(~Rga%l z`aWwoc4BKINVjT*T8vh9c%wetLWiH~n-UOkFXBMUa{}J|H%j^WSX_p*gUGJejdX79 zl9#bAc$pS@Rl3bs&`lVK>>wOUpq{-BL!!962Qa${aHk&`qTPwKlZZ)kEYIL?uzH+N zwOweYq?5kM5VEzEav8DTUU15?&7dUyb56fI2(LT0h&0iw{Umj)_*@eWh`c#ajBV!e z(5sYuxaSN_=U2GF3rB1rhUo&dZ|(%lpi1kilpO02(NKvj!C2>^ zF*W86x^&D>V47_OTOS5r@Mp#T4k6-Y{%V3U56_ex2oyic`~!hn=hejE$lKX9tz$a< zv|+Ac8%r7&hWcdMd#NV5qs356p2HvNIEUDIN_#inN+_rAq8tS4a`WT?Ae2xk7ZsYg zih%GlK?s4E9K!1zL%{w}+DFrc0Q(hL63!c@5dq;>gAf8SIfP&97y>qR(tagP2>Yhp zj9oMhjJvQ1+FF^u=)-7<&7u64j-g;jChb3^3FW{XCR8P10b8x=G$SNjlnh{ERi{S>Hz zhjq5sKRl4G_BD&nD=xH20QX-?@ANQ@F}%w$(0II&=7@ul;C{C zM-vgB!};ls;b2Q0?L%q8*?U%(Ff;j_O3t#ysFL}FkEJ;>2l8(^27*0sw11r@kbP&d zR|BSyCE*3hsz!Ehe#b}B5}QN$LdQ_BfsOXLG@nm-AlQ3G`@?jBUVsu9GL^TrN7f|47QEY{yI${gAjCEn1+*G zl!P2W1{))=U_=h!&W-_Ke;4gGyp>u%Y##w&Di~&NFuaPWQ=*TeB{qkW?HCF+XVD%> z6UxweOjJ+@c~K>s3p=V>&H7kcqjNAPI|hRdRkUZ)1ha>YU{ElUYTHpQ$%{Ucrnnr& z)sA6cqZI9hG-2#rKySqo*05|ft7`5>3*lJ`)5p;qnFFyq27;|nv`U&lc3;q8wqOcN zvbkK15Rw}{jBr#A;s-khfelWyA4nC%MeO-4JOfj9xFAJ<_^AMhP*e`$!ySXbCMMbk z(gZPdQL0k<|WK4V}KH+e81*niF$zp`lF5kVSf6jiSi=}gt8aXp@>ki&a zX^G9D+>S_{O&MXk4s953rPfv1??X8+m0|n<=cCpsun`|k)C(NYXvcuCH-~mOO+Z77 zHU{yS0-M&=m8uarV4U{hv_|J(W;zCgy*IR{(gZWSB&|w{x@rh#rFF@YR-+2%c^^$g zd=BSI$8fNjhITnkID41i{DJZBjG`LXuSa1qd@Rk8IgnR627)~`v{ITtZe23q;DU9c zb4Gz|#C|C#O|r za{TlR&0RxTGRKGWgs`Scf+W1ij7cxKmf*gLTEi_3YtUKOI4#Pd>c}Abx&#|qRbC<6 zz`UulEeAc5+@Q@K?$LH`FzPM9)&X{cY`J<6##rz!BF6#O4AC{j3r2xKp{W|M8KlK@ z3>XP+8FnGCO(uj!g>2-RzsMlKH>kM|zKUeuOMQb98OLDAJn;(y_=GprcvqHVB^b=?C^VWWh1WzR9pjY4K7T-0$^X~1Wb z9Wp8hErZ-|yQdNQAMSVVlCQyu)%LBo3%TWu96RRpZFTLBQD3yj@oCGsBQhd8<)A!quBYW5+}dXwFwL!>-Qo;-apVGiRzae2 z3vgDMt3a-C;_8C4+q=U~Rb6m)!kmVTqH&b%Fzo=rj;4jBGCLU&C!1cDbT|!ht3#(B zcD|LWU0+~EMhnhBQHDz^jSA}cfqfEai;_|WKX$p_guhaG6+Z_XKdYvWUwdpLpQDpx z=_$V52OVo})Sdk+hGD};Lk>JVdyBJ&99_%RQtlerYS(dRFKnmP3S4$w8zdxok9!BR zcFZa%N2)*Poo9!a7M&{$wmox254(znLyQR&R(?)ns9bo9_?GX2!vJaYy2oq>kU81$);(T zIW#S7HwotNspfGq>OPm~h!hSsJ!wipyJP2;EzVvy-H7jpA2hw}3{n13)hq?{&=H$; zXAg$2#VT54uwB6Kt(fp}ZZ&1Np%icgFZ^&}pbiIa3mo)A%2rh3XFx5Ws=}S|T3zXP z_F|73Bj?|8wvy}go&;Sp5AUQcX*QF3fgYqVGBGYX?SB#Bc^+l9i57N zfXveHoyLA!C>~0%fD+$@1BLld)X-s)FjSm!5%o|ouy?65l#xOpWW#kgt(P*TspadYR*0V`GzxOZNPZ%T8{R3)A5g; z+)SR!&TgxOg@N2FRfx3(qHbls-Jdz#fO8gZgW7}WU_pW~iRFqLSY{OB?bT|feuJHz z?K;r7YTyPckdY_<4PP(pCrtqh!=`xbKwW$coqfs@ohiLqN40_XZUGX!fh;JpY~v%h zW7k$`HHTf+R6U1tzDd=xY!5e_?NML#6<4d>aJI?iwK`1EoSm*V!GpeqZ??$~ToiRsK@>3yoaBv_1-Mr(iz?4^VI)1z8G4DR_c{$0(Sm;3Nf? zDOjW+Pr=I+R46D>@HPsrQ}8Ydet?31Ne077B(a*h9fV3ht(0go1}DI8MPN1*`+Zx+i}`U74>^@VgXz z89~($Cv(bt1%ExNTCu+)X)s!#Rl;5u@->fNrSz|?CW5r%$MP6gYU1LREW5rx! zMOW5rNoMNnh(*BJFRMthA>USo9E7}YgKbB$44WAxS-wKYa- zjZs=-bk-P^HH~Pz!6>{@Rqi6vepdMigyt6^G@pdfdxr?rtxI9ExOk5`Diiyk9bj8HwJY6wyxk6V=T#9tX#Kop7CN8hh6%&{D&=nJx z_tO;57TVHmZM2T!!e1iOWH{ zV&XDFS4>=v(-jk!S-N84@;!9L#N{QrV&bw&S4>>4(G?SychD6Rm-o>X6PFLt6%&__ z(G?SyH|UCq%Wu*Z6PGX06%&`=qbnvZ-=HfdF5jUmCN4WjDww$3MpsN+?&so?p(`dX zG)Qs9g@M2Z(z2oRCYas4 zt?4F@JrGK9!22qDX@4kvbZ||ZdepZ!r`33Zp#}PF@YSa+FzU`OSi`bC&SBYKcXrG) z?*A~*y`z2!9S}G@qASxltlj+}@4f|Z(;hW@tqsf~mb}}1nBi?}5L(}L4c9T#k(&l( zi`YX8?wl*w_AT|zb@*WT9q39YTBTc2?H8Uu}6ob9AW(FvJfIC%j>tj5@k z^+0Lt`*xO+_8R_plO`_oXg0*tNX?`Ujo@}Sga@!e6CJ<(0Qqc@!#nS-6#{O*A54zz zCpyKZ{W#v>$dtpZ!zI_x-q{7d6Os7X`QpLz!`p*>BRSZAl@{2$x&Zrh8?Y@$g13kK zh2)SwpBCi1yMX*iD`a*Aczbl;NRIAL(n5Dn7wFp6UT;8wQ?}cK-7%0@4Q)r%j?_?` zsNQ>%z~TVc_F(T%4)#rHfjxM0z|w)+?ZG~t9PFcMfqm0W1G`Bzel|JSOKE|<@1}vB zYG1NOawcH8&YkE- z@Dn82vD5A0{%Uf#pGXVtp_>SI6D9Rulf(UDT5#Xo1>8pyl9>H=&Msbxn!w}<;+a<~tq1^3}D;3g~EO=R||A;ay#-MTw* zCuRsyQ|ZK<=mK1(6&x%v+3CXV0gA~1j-&Uy4$4m@lOT^T{q?M$KHnKu8f?%Xj~1;r4LfnjG%6wBWv_3%C)w)jcNF zKNh$>&>u+-^nGaoeX0wf5xSLDf7*llh2-EqmKM0Dy8st8|HLY7_-NqvU_YH4>~E$8 zcDf6&GZBi2fpyOsW#)vzqk!9^{)6PGe=jZ6&vb!$sugw9QM>JN{&jMk-$@JSOcyxE zTXEvx1v;~r9i-bHKa@!+3njB#!ErfGjAdFDAlpOxQNDKa%F5pLuQ+!uvI+3E9 z^FQYyi5g9eKQ$lkC4R(T-v69i z_f}PRb$8WFHK49PsqLw{b?cu0J?GqW&pr3t`&K@D#~EiVqyM>^oQh?aPGyXIzEsYe zPQzW3FX!qrW~tVAsIl$Uje8q??%Jv`=alQ!oY`=fp+wHIi}|WqYTSv38>xKFE;<>n zg4Mb5Oz3@UrTaYZp1tm_J2IKfop)u|eeJ$C;lHd}P{{5O&n<=har)k=?lhytguaodC$J5|jEBUc_y4m&q65xS^-9XJcA5d8r z0Q`&a-^KXv`S|ZrK(%VBT%9qft@N>mb(!^oy7fY9r*(zZXKg#Q3Ki_AM^xaRIazHO zvKo42d*GGj*5%f6P<^G~D^PX|QI@mJ+)3Tel}oSG>=|R)1dW+YKmN~uIsL=sY|gIc zie`4YYMP}izc6D|PiCCiX#!&ZoSm;(`?cMB6&fq~-5?&6TDs+RsDQj7wkLN7Yq3HK>{M7zoHHF%^z=A*?Sw7 zVcnykwmhgeL_$3m3H1ij6D?5RLkvG>R7-YgT8B1r!0x(TgJ_$TBD4-zf1+Ni+1hl` z)}Vc6Dz*l}sF@`w2+b~Ouc(_&&CsOwG46)iFg2%KDrE0gff+vjhi{9d?2$cta03PL2-^q)~gjrt@ucQeD(aY zYDG1|?=b5z_a(_dXl;;0r|L*jE`TYN0S=kQJX;Ghr1+}vEon1&=wmuE9Jgu%v8+YgJ)s26Mf zQ#Le6Ka@)u_siA!thiAuPETi*y_q%YHLF~OfoD3|ota90stKr-#cACz0+^^9KKXY_ z_UKK6Bsdqf1t%;@o+M;AM5qsOOh?jVi4s*N z(Rf}$H1=e6Ee#D+&=rk6`mT;>P#tO{SgPPqWfF~xlcAwQOD+wKPHI;2#z1E@s1fO* zL6u1~E=i2W5+!9IhNKL1mK30oqNGq|5{>64Mq}?%d1G%^Ng2@hc9ImJLC<|1yTl=Q zuR=phjK)<nWQ#J+q$b^~hesAwLXNYdDIrt_rB$++pkHcAay*h>mZ(XZ^~gCbd=k_m>Z!sa ztV6C_3V-+-2En^2;L(DJ zk^?0vKqQ2TDxtW8n-W50Ns=O}lek>b7MFHhvPAu{uSI)AaY;~jsOJGh!kS}AHV8FH zqS2QajXg`VLH1?##E_Xi=zZxEib8{)r(}argCrW;5~DG&R5S)+pfS(|4SJp$8UqTA z?QPL$r$LrHm)n{kR{Gy_F)FXYn#e- zs$?R7N#|J%)sZ5X__LTDZPAz_%VT)tz~HzqBxb#;7tK={{9CRV_@}>UP8&sCtWDJV zhe!J-PE7Q_1Rme(@E95Om`?iBr}KuyT^a_Mz9%eq=0 zJa(hsr_<0b^~nqtf&0z6p11Kgw6&cVOE3DIQN;3nzfnafPYr%}5UC^7K*yS$iKv>K zsZUiA?J`%co@^q1EvsqWs7?iXI&{+q;+O;?#nwnj_5>ku*Qti*8;8yaEfT(r5ITzW z&XEHHw+@Z?5Vdn^4Cu3F)t<7A$)c&}5F9|55qOSMHwYS98QrxfYGrhtsB>U8X9v&; z-}T`+Ea6F|B@&o{ATS{$UQS4iAJA{UZSgAIF^jZpGi!pUoLsT&5a&RX>$`R~G0G|@ zPY(h(_;-8^6pO@`QK98KwL>DYw=ELFx8m`{SVETIsIU^oeJFZ|nPK|#GHiM_flvEwAwV-%_A@#OHS975qFLrImNnJU*yXa$(IKgd72iQ-0S+T=ix z{@LA`otb7)K0EjVl@Aae^~|SVc?cKR3`zYpZK;0|QGfH`u_Hdkt=g20QSfcSsLtpJ z#x#mi?7M;<2Pl(&`_$}`pvM1%q+owr3Py;6V>b?I*9;6?<5SU=VVY+af?@NOa;1q+ z*Hou+I#n8=iSF@-aL=dfMUt+?d{k2SqP7(7CJK)Z9-lZEP&pLnKn*nW6k5UaCj8lt z|E}7HCWkGqRZL_^v#2{h8J9~ky3{ROd~Mqnzk*vlHayBUgMM&ur28O&L0`A*X-h}E zalOih0!8Ctx{QdbNxO)+7`;+0QwWK!ltnvLx>1fDsMD~614!!=9{?3a(#oG4@3q7x zO5Cn%iyM0mxTp2;iNT5E2b4_cx9-+Sf$2Lt`Xoa-Z0A6f0y|sa zAQj!tp!+fEnNK@vYZn(7`CUohOWM-+5~gqDKw$K3!<6JgVk0A0hAG*`v{*swRDlka zfBPitZBGL8ew)uoO0I89iI_i-_R^0WKRlry8y+9iCtf-h@E5dFCQ+L~7@3VYR7|X# z3d}`QugzCXwi=^)@LbV@^cKItr2}NQd+x)arr1kplf-1OEhe)*_YO`>43n%w#Py-W zBg3N;I$;%C+}S%O$VNyV#Ws_e>yw59TQgU*Vb$n_X8+DT&2oQn>uZ4*0D(>(gEz~krsFvk9@RlS7@c*LJ8VXThMMI&<>chcFxp> zXb(vwVikxV_r6c-nn}~-?_J+ z_HkiPQXLBy*(O^r3$I$q&KX%Omb8Whub3(4gB~LJw-1_H>F7mcBsez)!3nvFSRaiY z7!7P0h}n><`VWUtfgjPSRk5W7HgPjZKqp_yN8v;F1Dv(O``gFIluXszW=W)OYKs&$ z6=~Vq_6+Ic$C_AZZV%6DCXV&vQS;cfdTvincd#MM*DrxvKAjf^>1?V|Htt~C#<6bz zn?HthtmgT8qt!MDn@9t`qu8I!w6VyIluzr-?eEN`QWsYOJ3!J+-;lA@RA^*5-WIRu`U4}aZyIgX%sWXARud`(h>vF$P z7(v=p<9{Up4ZqRP)pmKq2Tob%G218+x;cnY)VQ*Rfa2|`u(dE%o#73t`@_0k#&gJF z-(3k`yPa>in?rBvw6#@!dDQ>1JKk?$Ct82C4lBRfPb&&ok;vQL5(M_X=>pq`dmiYt zAA@#q`Auv+fd$EmyO`g^&avb#G;Yw^oDVl*t?$%LnBb=!nhQq6lop%}rHw~OI zOD=wx=YsOhv5LwaT!pda%a%oL;*x*?l)@;=SX&B*=pXEXwXP@}q@UXkt!7HrVlT5X zT{S9Jpus0D#~$qo>}4Yh47lYTZR?Ta;}ctVh<~-wqx}2W@GZwjjtw86`{M@(4ay>&W0sQ5&JO_2?Mc_=AVHwrr&1J#=FC z9FKzV7S^!e&cIeX)5&31w%B}k!_b(vYe2gLzOLQ7c3pEP|GIkDzJWWnIm;}G&y-6= z5X*mJ8y_ssO2ss)^hvB(X|P~O1{{=iG{-8>l{5?MRT;0}P9qi{F~z=j#bDo;6SFFw zT^r!!`lP8g2KKpIOH#!2q9DKhZ=+DdTZL!IkXlNcioHQgXiHPO zOD)phl@P8@6BrfTRiaxZW38Z0_TPO&41Q`5 zBW>Z&VD#DSp1DKwD-a(qJRD#vcT*Dw$!~86q2|}|TfJz+2Cor4Qnegi(z ziw0~I4UlpoTdT5h z7a!l5Q~}8rW}=0-o#OJzICDjJE!`|tD@g76RYb|vC1JS=s2$civf0lIiCI%A{|o0X zqLE!ie`|NeESsryQ{jG7FYiTDH*aqqA7slmH9hbfa&<2nvVXfjt|a3)<*Y?dC<07K3NE1&C|MmtxSAv|QoS((whq=`UME)4Ou=jy75&atN1gPw7{90vlc=ce@Na21o4rxIG&mwc$c-{wh1>4GnU!b=h zD{O*qnx?b&(VxPCaMxgIt6ZEly}-N8?ircpX8ThFY4!)r+wkOK6Y7BaP zuFr|-ChR6LyX1gd>O><4lXQN@;n@RQUn1!irjvHg;9j52Ukh^R@fAMer|SlUN4TxpsMBN0!j=E%wD zPfBamROD?j*f!i($kG$&D|Wh2&}4uy#S95gR@J7f<$9&%5xHuRFs?`rvzCWyX4%X( zNI_RFiriXIC}JU+-8 zyfXY=xGEkjFtT9a(Q52z@s?LHuc&IK?<)~8kjl3~S;rg=Az|bt;q+ui4lyu!3LVqt z5WlYtA3rdn-NvE%+F&45Uppql^nE8yM!N$W0JPa%nE_akLNWa80-%KUSYlp80;$5$ z6nL@ikQ0!2!N{>Bez)NH#mMSLauNBSImsQ(w-sjhB*qMxlnSTfV^$ZmbQ?gX2N7$5 zg^?W0EO;jE+zw&K zw0%z@{dxeAY~Vwdrow{^U#x*ICeoK3WnG5^re+li58FG0Q*yt?tTR+J>>0^6vC1k6 zA5BalGA|V#NlIa_Md*S9Vh5GypRUa-FN}nxLkR`OCliB##7l)gix0-fxM~b#JjsH$ufn};e zjkY<$?r}`$@zBB%_8%G*r(Q(bV__C)GMoY_Zm}LDa#QcnoH|YG9c>120^UtoQoMM_ z$oNrh*VQ|B?a}w%Nh1L9vDg=+-8vNgirO}GXGWW#bg?tWJmrNoJohGy$&q$zR6Ddj zd4sI!8*#Os5mSX02ipfx{oY8LdxZBAg zx{7#=-V^RtUK@jZQESy2Vv&;FWE4(OFXlM~vROw?15BDIVKR>l$RC|yo{X>%qCMO@ zf-A!rt*w1=tJ-R-`O0jEYATkLWJtIiU{0JyGZi$Il*rChNNchr9Acal*&I|BMy8^K(_tnPpxs>qXtF{4V8a$5J(@Wp8pp`Jz& zV@_#aJ85I2!hqz>IoMk^L-9y3s;cHRCiaNn%LmwwCZJ{P(Itazn9>cwPv(^rsp*lg zpSCR9&P>}uDKzy@UxqxbavEXJE7}8ul{CFJu{0r5VB!9x($wqWX_M#29WNL8s2@2n zwcJ;P|3+fMX?^$C;}iaCT(s+u^yHw_1+wiLrbT2KlJ_0$cFvGo^7g@0-7`~`E$$`)k9gGuyjYY%9S>M&WZbF z&BiR;do)tQ{$woAQF+fwE(IsLGR8XeslXhTZD!JI;)Af0>U1<5R3fOLUCyLYb9BR- z!8d)E%TarzvXv`^)O@-1mkW8Dg8|Je>d?^ymDAP9bh;y+>5fpcxo&k*S1s~+7FOe} zn6BD*vgxLwa+T)smZejzQz3R~V#JW>vv5gL#GWoSE>%sl8dvuf;e&|@N6OE_i{lgi zA}-ohjUVCZrcjWizm%CLhjEIv!|tsjW_xfg8f@<26j0hG#(VfD5#3jsrfDhJgV2Z~ za1X{N{2$nF!f&$mM}}fX8>ztprGPV`O&#PBl6(3B0|Z*q>iBdrfw4eBDveY}~Ke`a{AAi!x3Wp=Q0L3!K-LH7QNQaaJoi zkprR1J3MzEsa!)Y!~%p$87dBHOlVPd6Dwsd0aFg$XYBi`Cmu=M6Ue7qcvlKN5ho-- zbYrjid9%NI=6Po&Cr3O{$bBX;a>y=Q_;h^aKFLM9^6-CaH~sU5WMa^WL7eOa_8GA) z;4Rc+>{VkfxsaQO;cmmN`|N0p>Z5Na?jz*AEqp!gK00x{?IL!cy$vpT96U>2e3OhH z)d9ljp)ME>T0+6y8Fhy(KD_8H8*u1ZM0dlYvhgLPr$+31Uc=e({<;;skm%|%J}<-m zXeM2o$LaFWaa1f+ltzR%iLi>Jq>V>MN$P=$w^u=qEx)P9Cxo{!gis?!?pNn=?@(;IF^1LPpCm#95 z>PV9alchu4JOthFLR-c~N(0C~!ZT^z5aR^LPbqUn8n9ip{NK>0!G!sieMf03Yh{eW5kTBhvkjCj$Dq9z46X<}g$#t>3Svp&P7 zAS`dv8)%wM8&^wwOg(LcK>3U|Y#B4^~ zx)=Qt;Wre~hU7c!5^j5%8JW3GGvhPLj7mq}pIApD8-L+dY3pdW96k6OtYb-np`K~? zB22i>^4c{bm^Q3cyb}#JKmFfT$iFEu@;FtX@P?$w_u5EUBQ>8i3;Y|3)DI^n6$b$n z9*-LjN8gp?~9| z-8l5bkKhX9hVBT)J^K!L1b7tlFiC`Co((;08G>H)%vc$zLBTBunG=VDP_!&K>(R6w_*i5!S9m(fnr=Ex}zV;EIoUwj_BQE07|76lO9D@Cw81&y!K9u35x zI~KbDMPv+e*V)*@LXqdya(T+%u2n%oXo^PXZCpSFPrU5)GCW4)_+u)uqaM5DVHg4n zKfZ@6CCXqLqYpU03(gH8bJ7b==R-LGFKwvj#ppa)!qf*aq}BJtRDm+95|t)G*r~nf zFp6L7Y9yX!gP(0SPi#lLM&Mh+2j%KFH8#H z(U`$`IV@W2OPs+{1I!8`I^-i$_Lg0m<&<{PU<)SV@wc=^WZZdHv_%_2I;L;Sh?#_*zc^-A$_^ck$P9~+ z9+6p{7RR9F;irYGna+@hry1E=0-OuoFUAG-;EKtx7;4BSu3>&a!w$RAh2aeIoH9^R z2E^u%h$#f70c?KLP=|~NXcL>sFrINVA5R20ya;k6COq)DSIfDRVhqDhKg?_(oiuzQ zh!V#s(=I-=*(ujC*3v5&GIRzi#EEUpr zTyK*tt!0sdQSk-s9xE7DuS+@&It&hyTXG_8hXhMIsH_Xvl|!79X0UT(q0OoOl!L z4dmMM3B;*ia!W1c45fiPaGb>;tq;Q!xO<1jk;2-pJ@7zI!NopJNthotjc!vM~^-2w$eXZa7eg(lBGy+^CX81Oq6#xoCzV zvIO#>AhlpVPI5$&rGp>=STZF1oKCQ{AWR|N#mr_AJ6Ah2L+n%*E=xi|r7VyEt0SB) z3Tz`n&f{bSh3m0-ihjD2&}G5ie0Ft`lIdb%nI3~o+bPI&oH>_J2))*omyNO(fC)e7 z3A@k=*q+a;8Kc;sFV$tNvI^aY6Qg?!=)OKax({;EZW`0QXHa9sDCRC=EyGuBf?D1h zCZ}ohP@p)k7waQle4-z_jEEO_?VyzcYOh&;Mks`5whgLB-jldT#?d2>rrskv+a|>d z^I(fvoBTyZ`^OT~J^|XFNJ@LJ#r14q-VVJR z6~w=pz%Y(+onz!M`oi&UPjOBn8sB-qz|o16n~H+yP@w9k9BO0w)2=A8QbMV?u>z_G zS2@|sDAMkkrwlqMf?gx9A$Q^c)&bQVTEf(FUlG15G2tgbcqTsKS8~y=D(3A& z)%i-TtoDRsoshK*0yil97?UCF52uIkec$D zl8aNROCgj^jL_{s=w(R}>b1z9BiIy?cVd9EY!%QM^+=Kbs>I~q0rFoNpZs|)+Ewts zH%2Qkv{V6q1H2F{$ezYmwvzO0K=KhZL;(R9`6;Lix&c2Fl6a2D3vG0PI(ao?8fk-u6R8L!BP~b zOWA~QhObeaQkvvvj&8+yZ%E8}F9YX2lmh3)nY;_O?X}ddIbzlf;v=cs{2L0VKTeF( z%YoA$#>eTyT(ql%{!seZ!lN*)Z;}DcNd<*1&RMW1u(5fGv)#Z9DauS|;Nh&6Yh|1^ zCWIODca13M;WRM(i*3%L zL&&pCeo*YB+opu|XBh&;kAIbzAG6@c&!@nTapYDobFbxg(^wh%;O4c%-ofiqd|U1- z)cz|mY6ejI&-keQfQxpM;u9x$`GEzq=$`?P9b)kKmOb-V#q5$q+Ovq`@#3YWb3Ksp zsX{=IqmfN=FBmV7vk3rKk-I zq^M|b23(iZW%wMSL+F)IYb8ZcXwv$KZVVcWof9U{e8gtn8QPL8rasDp1N~aY)Pc70 zVpYR4XPT!+z9v(u=rp*!09VP-t%+sGgba!9<(Yd%d%sLfM_;HwfN zI1L0}86UxUF4|2CxxXm|)|<8q6+~j)eti{g0wgz3tFESoWax;|9E5EEnZ}`7oIHW* zh=d46m4?+>4t-+dBTyHaCSG24L_6?CDub$*g8h@zUe(iYNZivFditT%dwSoH2(c}~ zs-@T#Xzz9hIRz(&>ZsyHzps#ZZ(<~DAo1Htk?6VL`@UIX*Ji zLHIZq?I!pqhT54QZ~)LWsWk?TXFG_FV$ZZVCeunbRR|vjc}S#vMDv*0dXWx(k!Fk^L`IVs9N~Hrvl*j^^N1Xr&k&)K z+O#g9b*NKezEtF)$xwEr%bJ=N-qn2?PM%fD!9*O~ge3G{$Xa|jm7M&2VmUbpIr(bZ za^fyp?Rnck7X7|L;zx;*C<2M^Cq<&yYV%wieD8Balh%xWs35p#L()0#3?O(e-ikTr zJ&%iaQ=0D2Nd_0mC83V2@?2;R22N+E56)ra6Q_jkQ1O~W*jnkGB+dRI=oLNFTT!)T25 z90T5niQ4^$XtAn@MN8pjz`|j<>IWe`3tFOjr<%BTUV+{zr`|h@9zaqXfF4MUL={N9 zE-4bd7SwZZ^!5e9zEe&$l=#1J@u;F0(cyo-x=6V($J@G^#X7^hfu;OHN3 z(BQ=g@3f)mI<_GcDJGGn)wi+PvnN(IjQkAF2BOmu9ZlErIK(GcgIUggHj!b4mhO3J z0O^ozayaV3MduAk$c#e!GDVIQ8qs{W0I5Uh269wV0u?f$#cobsd!WVCoX9F5nu6y@ zJQ#FQQe2~m73KY($T?G%69GgOAUq054y>BWRj9PcX^>>BcqB-Qr=Lj7(>3t)M^oVG zID@wkh+gZ2E99(BV z?cbZg;1XnR&hE;&V`)snn)nojz+=q9n55En)2R-@qoFYB1=8Bem^*S^V6dV=%YPHe zapb54DGKmD)k%w0?CO%?03!Z2SPJheQTWMhyyAiD6Z62`;DPH>;DI=jBN(XHl5>_f ziX2D3N~sCmQ)ti)HLiJNi zpW>wZ5_8hM;G}y~;G{TmC)lvpawiYaBDo75kt$`d?Q@0Vqlr;`6;OO6K8o++qTS^2 z#N{-v3#Fv>R7zlP08PuhyK;yQ5{*pgabuZA!7zdio&Bq z*|+Gl21s>3p71P@CW9f-6*1-{_!P*GwN{N#(~b)xh-{zdf z!=+r&pnW?c#(uDbgk*MJlW2>>9`o8EMB)QaE;o(?W=qpIluvmB)QQvGL&teM`?^QT z@v==x{Q|Fn9RD~4IgX<-g%aqs#=JO?9e(1eZ{?%O zy%{bW>tZTQBX6BHe#3W#6&hwqu`S#)*J(r(nfz%SRyMhpx|s$n%)l}3Q3yBoi1#&3 zAGTqL$CTbgnmYXJ1$IfVFDJ04H5+l_ImT_?6oV0#HlBQ%zz%Ej{Zya@V62{}bUDaf3JYZiwx z(b^U#tquVtMe#Jgy~0;X(tU{~=>bU6y(vgi9E~Kzu-6*tqM^_ZOl1I){_-MY1i+0sZk3laTkOz549fB1iZUy=P_AOJUg)N2R!PCrJcCvn8*?b=#g;0oOoIBXZlmhaWoIXylRtygHqn?CSR0T%*m7T?wk2dT0<(mqGnDaW9*O+LYGvq@Gcqs4JOMn-Wts*?Y#yaSSWIT%TV!7x zmLY9Q*T=G@J}SjQ`bnv7^4!s+g)#(lUJM?m>6kBwCN+2p0d{H%)FQvZX^BYWcT>4M zjnUro779Cx<~(eq1UeLM1%!~ZO+d&9&*5bGR7<%jcx^E~6txc`zz3$p(Q#2R*C7st zQ#IXnfFp6VA<6=BS5{7^;O6vB(&Z%?`sQ7tkHBdtCO^ZB)@N-#@ygTv_>A^rgCzUm zEw5X~|GT#VVZEM3yzuH3%a(0>b>rSfpS9B6)YRWnQLGQL0oO(4ar8Lqz-!^hoiu>E z0$C}{M$;SCV}!oq!Mj@P)t>+$>08TCnPvwKko&hy&ShNSgD#+3A|Rm>V7 z=1xIO;8_ex3MRevSmB4A+rQQq38iC22Xxl`FJF$@uP7X(f3_WZJ!rfR-|N&a0`bcN z#LKv7gpQ3fGKrTvx9*GLJG)m>lL~*0za%GFt0Hg|0TP@C z+&73NE}RC%%2c@QL?*|;u!r#n+aM%D7*A%fCWYf5#CT$8w@i$Wksik|=+r04g@+lq zH@oIpECx!P-$PmSX%q#lkO2=?IUjVN`G%;zc{Fj~JdD11B!#}|$PS)piH_~HbX*ZB z9pi8n@F-53i8;zism1DnmKjk!PZSqr1Q*T-NMlRt64*U@G>1hFhU}V$zxG*|7LemXP&O_cj%wkKtR4mVA6I6d}OWYrCL4RDHLVv`O3elOpmWuUbBL|c^ zl)V$asqi|M7_YYhucPttI?P48^6%8r`FD&h7)_j8qukpZxd=Bn>2MY5=RRGZQ#jj+ zaeg~+o=P2OGx~%%9F&MDS6-y;oSB3l5n&ndM!;Dpw%3XS8O5GJB=RJG-`DPYYh1zt*`x2x4Ye4zlq$u}VfG<>ulGGtg%_CQ*A_|UoB!=T1fa7iP;dnC_?JC?q z9-){PoJBz=7g8|3X`aFsQ5tl_Vw5^(8cCfE%FBky$N1op!@G$Ak5D zFdBipMHa#fIs8VGPt-ICo{e@e%$l_m6(EVenljzt4PCcsMvoU&$y*!Cwx@{PKSsgAW_zz1UKqs@a)y zhUUL7zGtmz3|=+JNH#_8#*gKP@;j;962{q0p)e zd`ey_8lG&lRyl*LTn4fO%&1Ajv$%z-H+LoO&3B_WGb!|D9R3%q&};r*BVt?4s#IqF z4TaO~iE(-aINcT>rwK0FmFqW;V}Op7*N7*o^{+_W`rkzBODVKIPA?16d)>>MyHjv|GQQScUb&fO`-+D(D7+HWJep__(9e6w{Us4&%a6 zYjhqgr6`)JVpfEM*iOorvdGP5L1#QH%A8T6$StH8hRs_?iW3S~rMwwh&BkFYUTmvq zi>HQ#i=MW_4a#)IfyU#bMv*qPph7eZwP8MM@E&qIho)A&cl`A4Uay@-MD}06nt6X> zZvAa=>-$pR);Mx5SiRSBewL8)!^XU?&_nl>Y=0>+TJHf`Ux<&^Q(Uy0Y`cFoSj|~D zeVGE+Va=#bphAG)y@0ph(MBe8FIdAfUMSCkObSF&qs~GU#}d(wEu;#qB9AB>#gHx> zfJEmTAdM&qGIp*8jzU97d#JiVg7a2|fpq4Oc#hWOFch(J*F4=-X3$S7d5VwzB{3hp z7ku>H6!<8P)Cnehnxu};zmwytCw1bULhHikB%MDz2DHw{TXE+PT(q0iofyT4I?ji5 zh`1!01yFiQV(E}9Kzit&nJasO=L;H15`{I>(MCe*ykJ3uEA#eA@1!r0=~pNwhJ#W{ zi)3R|wSRa3f1I*_A&46?FPHduK;?6qi}p!Q?_WhEqi7Dri{ro(KUa~nO>?Yry{NXB zqwVB0VrM4|1kWvn>fmPbr$vY@Cvtq^s4d7lXkvZ^1o#ltNfF0oo}#JFH2b*x)0?Eg zpGG!)WR>*nN-RCU3+c(EAU$z(&AI%YUhA534oj}Y!50`Z5%DNhPShiX-R+67`v9=J zEk1S=T(q0!albqP$;x9V8m4j(Elw&E3e%i5YwSRV=a=#Us-0b7*;MXjPeIWt5Q{Jg zZe;ap+ZY#}vuFc_=eMSJ5MIsOCt!on_6po_Fh$_iC9*G2eunSL6W#(FUFWd=DuQvO z7WiqWQgPKQ5_8oD!BwRcxGIiB3YP4-L>?>`^WZ)Tv%Z0H4V9*qL`FPP*u6P1b{_(E zZ;X#!gNt^R$e$ndOk+=!yf%aBDTIKAK?J8^_Yt;UhC|3mNaQ|GG8%RSr?LF7K8d7= zY*2XaL`-q{)FQS9@CR}^RP)*xxn7m*JZsvcdg}d&d+KrY)caECsW@CNy1Ca}zDlr# ztS`5-ZOnVHX}Yr=iY+esS-lBS#ZnPmZ(nH92g~ zs;B1to7xCDameK4+$JzgiM89jAJ{7(=BvW4430DyM#|pn6u7|WWO*Xz4Lm$R!KS8d z1laG#7AQU`DpX?f(@&`4t$#_(TOS5*eK!T(iX(r5F?%h4YsVb3o-dc?XQT)Q?kJ=# zJU8k5@(+O2`FJbt{E~}ylfn}lF~3v|hL;m7`$iG|81ltpND0>3!{Cc8aV7y&I< zc|O!WnN9~jQ4s?Kp)Lo`libGZ_;f-MGHaL!0KhaB(uoNurfl*v7+SC^hX*r!7mdO3 znQ)JhSb0Zxvf*fy2wZXzA+`(d*jIYx%{03a^AVpy^f6LlPT zem?D~x!}%*brJr%82>#V|6O`#!(D;Ho}I>_<+QB+yJE}5d-uV-c&eoxi`wsU*7ofl zxZAh07BBn-VksmJg|`q?*f@iTqSanGKUU*yF(CKCUEaimcV>@pSjWc!*BfHILa`1l&#Aw;$k)kri5iizN9EP?JaUS%I=X*&juLZku#GvOgSyfH2vg0NIbncq>G9 zdr>96@d8qQIYzCY53%Vkr~}CfQZ5&>r)u5y?MFur4BR>viT8KVE)VZjqL>f$_wXzx z)ZdOlUKr|60_uN^@sG?G1Ihd55UibQ{?b~l1itO|mG}Y_$GjAR8 z`@9^3aIeo##-KKg(UZW)it(1$=O!2J+UMs5#ND5(%kFOTRQ2>P#vnLM#s3Bs3rVSX zI(j-<&%YN0q z6@%z7C7%T)pGZncuX`KXd~j?eQn0^+wn}Y|GJb!5F9zvee}6j$y3Ojtald9Myi=ZXP|2ZE}d0TSc?A& zZ!IvIoqatEdkgPu`=ZkC zeI}^_&+mOI!hz&&f`5F@&etqQpT^o!39=Y)pVQl(E8O=)3s<=RZFh|!ecrwx2k&{l zc&cnfxV3%1dcdt6sBwcgbg}Yq0{THd5Yfqa&{8*?_3W^h6>sRcJg~|^wmaCwT-rUC z4;05<0ytc=2;V@MmE%x)FL!0Fj2*I#L(ANCvW%I>pLGyro#Af8IThF|Udwvbjk@dQ z9SYTKjJj)Z+9L&KISqGnzMP{>l1>Ke<&^3!-*8vmiW68(NA2KrS7BMMQm-{e3$zk2 z>aO*&fS0SNY%R_Kp@6QL3jR1td^3v=oy4E(yg%#JBL3P?E9bIw8VNmh8l2tAJ!h(1 zu2C}Zz>`B~xEqkVuU4whWKY2%IMcwLjo4ReSF#BBrXxli)OV4%gDr1-Crc~#S)9&6 zxsm8|-V5r+dMr#L0lBas8i&qw*I8J}lz*;tH)F>$P~)=>{JSgj=45>u^=-syDikb^ z64=u`gF9;hf6gR|8Vl}5y9A7~$h%kOxFL6Cy*8y^-Ef~5evrix@i1r*c$zOFvY+?M z+PPZ8-6T+ssNv$KCrwopM$cci%-tyJjre}}LDS3b+0=dqAX$K?NOLlGLlIH2bz|BD z+IjqaCPdMF4gxO9)qGYQ(}K?+@D>=X;;=u$XRVzFpCUCP&N*4-Zp0{C&ic39Gi|We zhJ1adl2z;nQ27SO7$ZG1Rk(@oFk@5K`?o5*YMwncL%ejhc?uCsW;XaHb4ae1owXes zTZ5>sY~FS#G6aOsVUW1BT8f2`vh|>ccDV}&GnmFJnVrJIvD3h!-4^xwU8Iuqq=-AXb^z3K_;2xNwph*?9<&!D{2J|nQ6|I< zC^Lk3`((X>Pi#c%YIY6y3pMZn7zn2dAy(Vh3+Irgz^>M&a)@#R|5D;@h%B{?G!obb zi8Jz$;CVE`GR+!3a$XLlPG%_+c`<9`^Q33F*_)|m(!P#aoDwSS0e3kLP-vn6znzJnHLF+Zv+pX8v z-E%@^DbI&c^=D3EGv|%&I%Gb`oz!h`al^XZU5||Cfg5w~Ii70L@ty;^b+DfGVC!wj zvGw*kHGRte##+Yw8+ms;EaJ`g@NRdkSD9@tdUhY)v zd_S~-UPclKJFlaWlmtRonMH|yLWH-<8+DgVVLML*7H-0Lf(O^)AH#81Q=`O_KI=W! zqt-{P-?u(){i*eo^*QUS)>o|WTHm&QWPQJ|1~Dmxm2^3eF6Yo?D_x#XmwvkJpv$#% zxrQzybh(i(x6);tE;+i~MVAU)X6SM+UGApKFVN-Z>GDRpH0bhfy1bJv@2AWA=<-K& zq4c(ePtoNQbonA({*o@=pv%|j@~?FH9$o&6F8@iF^_T$^*3#udx|~m!E9mk9x(v`| z7hMMF@?yG-(&Z3c?x4#Fx>$5E=~Aall`i+wGDCk ze2gwn(B-pqd6F()rpuS;@=tX62fF+RUH&g!R-o4kXV7IcT{hC?61rSOmn-SgN0+PV zvX?G3x=^1N9J*BK@&XKAg-hx3Ji1&!m-oV?E&MjwweDKtiQ0Tc2!!>X1?wXV*2fpD zrxvWQE?D1Puzs|_?6APBu)u7vz$~!9-M_$HzrfwTz+Jw;-MzqFy};ePz+Jq+-MheD zyTIMLz+Jk)-MPSBxxn4Hz+Je&-M7G9x4_-Dz+JY$-L=47wZPr9z+JS!-Lt@5v%uZ5 zz+JMy-Lb%3vB2H1z+JGw@Gmg*3k>@LL%zUpFEG>#4D$j*yuk1-FtiUatPe1x4=|hy zb?X9(OL^3K7li8l5UM|dP<;wQ^+gEPH>~el|H=|&{g)7@^~9enP8ZNG7AHD(oRae5v7VsUziez7>cgMP6%y_bHmIDLeEu{eF4ez7<` zMZZ{_zDmDXoW4uHSe$-DzgV2skc6-}okzb|oVL<07N>st#o}~`ez7?5FBT`7*9dW< z=@N@m;oU4#8-k-c>0x(64oORSoPur^cgTK|<-~Xvyh9cT--Q)0Gg&SwLxFFe+jLWv zUK^@$t^6v#bWW&#nBmnLSyksX*X2FI><89mu3V?Jgob+-=8lwBmB$))^^kY}AyD_) z#xa;l2y2JIin!K%MLe@$V&k@S{DsI8uH#rE%#u2WFR!q(B z*ZQ&1#O$xuF&tL=X@`10!ai+%4uObf4MVgJTgHjJCmxjgLo?4z)v5VzlRt%??B+IM zU%{5bpP*<*pWjO1`2yH0NYlbv8X3LuC{0ZQ6H=Nn|1sB8cmn@OA6_Rw^n<9aN|u)< z>>_O|&Pvp$%=}i`nL|79!A8icj-5|9Nlp1dz7n6d|C5xq!e8SJMVZydmZ8}=^xQ?z zw?C4;91(a~wF2&`8Dw*JCieUBiT!_R5qrTRh`qi8u^`y23jHDCeLItU&U0h)?j{sX z#JlbK_rgVxd}S-i#cAE>(xE%zQ@1TG>MmLYb)C3Z&U|)dc6aW|8{-o@loqki>k+Yg zGP^nxdslp7?@Wu>i+e+?KG2QWyWc zvG!Nv6Z>#l#BS>uu>+ln{Xl$TA4`ka?Ta8bp44`o4tzR3xt~mn+$$GBZak^&Vj+Js zKCxdD-rhx!*WXH> z?7>Rs4*YC<3ZG1i!mAcRVN?g&<;rZADaJp=C+{E9B5&U!$cyMe!JqnUu5$;jxG1*4 zat4Z~GN@m@2nw%iWl=9(6t9g@y3x*rUJ{?si_#+Wnne)0y_L{{QJv{b+|}`k+nW|~ z`xil6rj?VJen4PFIohF5qhSK*bA$Ro+-vB&rXZHYZpP@Kx_ZW zfg-0{hTUbfcwKxlUy~M@*DZp~sChm0qAmj1Xa)9b(mndlF8-R2#3%Ik(<1aGiy$;Yx6;~3=U#j&K5?H*i@56-L0pt~hM9JzUaaYe zysqdJfz+AU@5U$g+i4LyxCmm0A`}r58#whu&lPQi%%EwnqCp+AXQAk!{I#kE~sGRz;E>MY1eQvQ6SRO;1nHbhmoCTfImc z=Q$*SIF`5}f=m(;a5h3hLf9W63kiFG@CXnHFCh@N2YkRIkcB`XB=28UXT9BbW^`t* z!e{H(b8nq<>eQ*KQ>RXy<-YQ!H(r0;_1DpV(TY~1RIXhdEY{AKoAugQvDTi5mc5`; zt_~k@KyR4X{;G*5C$>d5+7z6Vbff z>2~uZ-X`9Fg4geuh;A&^$BGlt+-9d%E27|y7wXNk6Vb|IXSkfbkgryY?QFT71@6{F zX$i8o$Eu*FoX@t4&9PRt(-_XTi>--hPO&x-%^y@mv?kgUr+~KAED$}V`P)hhN()Pi zN{dTN2#w%dE}07T+DLhHB3i77*6(uA{d}>R9|eP4Xn90axWUOw1hk5UHmIxS zhlKuv#zVtHm7nLDWZm^4^-rgNS;kSt#a;wL*QkTmvg^>a<6) z2PUFLH3+noQ`DY_`Wnr81(i%hgJ(*`%+YqfTF%!pM;<JahDgZz-G<;RMdTD_fV6@hQL!kjDA8{^ILXbG_EKqVMJ3%&du+HmpWM6_Tm--6&7Sb83mO?ckwjEs~oa!0yxuu08Y23+lCr_cuB z!$inLbi?4-@I>iwCt6m#Sg3Y}i`1onOzGkL!NaG~v+7M^^Qj{T4?l1OeL)_mWHfj1 zJbLpTkSq1-JD?iN%C#;;(VRQ(fHo`|E{^0o)po8~hupx!{O~ZiP-E3X#ZAbzRHSx3 z9WA4@vHEZaibZTC*ot<&kgE@onn0u4%`!tbcSCcn68I|!(Szp>*T?c@NO~j6jO9ka zL1;%Y*DQ_{Q781X)yNl$;O-(WDEdU)UeXvJC5?lkw#Ql5l)^?UO3;Fn#Sq%=dmO%N(#_Ba_RFRZ|Duznrij8u$K1w#0-k@&swu1Sj zY)o#Xnn%S?gBjpnzBvv>6L!vNj6q%%!(g%Cc)8UE+bN|J zZ5+#AERUh`7AVhCC(2dJHT)E7qafx)v=kJSav*33y%Bw!gvFrZIj|ji$0VMJ7V3P` zH1pajHYTF$2T^ak+RDKyl}E!Jk=M<*vcc_Y0*b1f|A^p&LyE)S!b z<&iRt;C-Fi*;@Sq2wBK!tpejIJrm92_f8q6>={)D4{#IP)!Qi2ig;VX8PN&YTyt}! zo<<$|PbQpUOUN0>6<~M`NT}3C(tsB;LRcWBkT)pW2-0alcqT&&!w&|O$0Df^y)cK~ zgf0T9^)nWzmw<8?%EP4H*C~3rYojBP5|?YFb1)@LB2*zKqW~->BN;BX3e7T`9Abt5 zF{-0S4`CdK$MQ_HoO51imPxnC$O7L2jG*NwkS`A}XaOTvVp@!jTYzE6srRKe(O9t+ z4$R7MTePasX|?NPS`%8ip*&f&=*Bb64*skJ-fF&qM%41>%cDF9PLw_d6G!%&>&q1| zR+Zae(gHQEkwuBJrFOf~x_8Hp(Q>=g85)Fn+finpVMi|q58Xrt#WGj{E}|4%8T4ss zsTlVY(R^+OY#_X)dvp!?^Z9nZ*&39ZsPhp!p_W`}XUERHyZ7%uuxrorTF=>Y;I{M6 z*#q;(ct+4Bstz`s-z$zfEn`TFT$zI5;-bO99r!0u8VxuTENe4w@~mPQ+<|sZJXDOJ za7dzgw+`>Pb!^A2FNU`%xS{bwpc_3rl0q0!A@O=GUj;T&Jfy7TykgKvlgb6apH?+D z;0VJFtDPlKKj*ZdoUn4vuYM3?fYjKimfK1lFDV%LTsh&r!NI~67$FCIwUlQO5h$m8 zm*~d9HhC#RB`G`lP_0$WHwz{5$fRECjJm`L1#_{SQ02K^>jYkk)=IUcYl0J4#%P2C zNvcVl#$Yg6uPZ*1~VF? zqDGr#XpnF~!EFzN8$y;!Q(wS%iXOg4GnCx&VP#VktECM?aBis|A?wYIfkr(Z^ms_C z)wRP@`e{`K4_R=QFeIRg6T*u$^wLGf<*MjE6YbR{#=0}Y}{4fP(<0}boYkb^;2 zztc=9#{(yFtv68H?_fv(y?&a;th?{wF1&++fp(CgZr2tgWeoJc;fzt58jU=$B#e1S{|%7N0EIgIhz-0X3$|bmbii` z!rEeaINze_ubK!WLu(K@CrWomb1~L;FbcF`ffh)4wutCj@`hPC^nfh|T(k`Wq|PZ% zWAN}{8>*eL8hEo#fbBZwZs&`ns_c}|T<}EHFNxjeN8rx5H>XAuSO-iN3{Dk0=>o=- zP1=Z#xmrMu#WN%Ja!F#(PkHsEO7n*5^|Js%`{vVV*KF1=w4gT&Rd#kYDoYW`&}7K) z3+m&u{)RyN_-@nL&4IGF2--Q5*(2 z0}h^Iquw+)TDd%2k7oTWLOD-I^P%8s1eEU3->W;ID}b$c9xh`VNu<=;^$bQo#0WBH zn)wzx^H0DY6f=j*a1CH-C-TRxr%tn&@LS!z6s;$~SpFckMsz^*TAfg6*5M|bnKWqy;cV-s7E0uUM16NWC;N&mcYY_l6HcuaFF;uE zHKH3kHB3mOl?J^!E6BOR zs1*Y*E9AthI$Iovjt^7bZBZY59Zc+qT7IgJfI653xSM@6AXF*XGM}9Ga*dn>%xW>- zVjc*OaF{VZlHm*9{a7%K#YT>;)!ffFqAiYd{qLx`!|aOTKE`NCNQxLPG3 zx}`CWP+cuYqeZ874#N!1?S?sCp~5_uqOB^^R1Mgo@~IJ@x*WPZd{9I-t0n}p68)oE zEETH_jLfxRxQZCFG4xpQaPd4v9B6EhZYtKY=wJv<#Y^eQY;^rj%)V^0a`Bg0$k`zk z^>FHF7RN9{SMW79uLNhbMa6Jwlg7$54DQV_8(&y$6S*9mNAb3n?&!3dJBG@&9i=h_ z#wQ}D3UcizVxjUbH+gje0+SXom`Sk^>K}*#5+Bh4IP65;nXnPgqeME_^fH_n$&??< zxqa`PJ!XcJt=7ITT#IuUHX$Mo^>Hu`E~bLwXC=Hb5#)=%BL8qsX!lHZ?5saZC92T1QuF<&!i;439&sg~)#u%GJhccb zy>g?1<1IwB))<(CR80~pUKdZ(@phSn#8dS`L$8vJaf!Wi$)%>GjbE&AU>w2~&Fdl$ z12y8@td%y6XOir*l4Ag^+Gw!x*or`Gp#^IMwo=cTBm-DYuB?aQEQTale{?cfRf#=- z#T#rDG|?X`w_4O|g}O^Hi!d6>W#g4E6+Snf8c?wAdwDQyNiYzzc6fOlcSlg+te$2* z30GqkVMb%n=P|-+UkM(?Au(LA083$G*$|(HrXxB(@pMOp1HHK9JjViVEA4=BnbZiu%;_l6)ICOOY<}y3+UQ$2aM871X96lK27J z&y*&NLE_TP!;0u3?bfzu}Wtau#Nsf|EcO9EYr+1pC zca?rb1K(ZxQT15)ee|-*AJA-#Q2toyeLBzkkKLdjf84PC16KKdLUXkAlgF;pIe)73 z(@sOkQ&tgv#{RR4(4SL(|7Ypv8UDf2FR(g(sPtj}`;pQ|>8}puGcTj#kkeHxt!H8j z;~Cgbjw7i+J>fTTQl4#-#8RlG^y|_kf1~sXZrpFm>w8M?<=5XT{WkyoWa)SK@9&mA z#eaXV^!xnx4@#frzkgWzBmVoDr}@tx%b)*U`YgZxjJ$sC62JY4ynSB&{AuaW82SZe zHve1*_zU^-mr~@fB=29#pZ`<(8!qy%WF7ul za{Y^{=S$E9GFV?Wo%AbG*H=sb$_Za9{Tu)N_tMw-?>9>SMSm-_<%Vl8fze%h{9$nA zdYz#%2TxB|{t~|^cZ2(KBVI1)l$$t329(NNyj1$=M*-&1^L+YIh!)WELJNo%sVH3y zvu7yDyv8s*G0g7azoFhmlyfnD_-#2J*jiRr5PYSE_v3+$r4DRT??CWm82%C$TxANb z#?#XbTZ5;{TKw?aIy^|;^#tFb;WyLUM*X&l-ZtyEE%ZjAKgKXXZ(H@-t@L)AdW)7w zBhgP}-tnZg?sm$wO&8ftZ+GaoJL&B%{g$P-LH)La-tN|KJMnPrdZu9)J#OO1-Sl`9 zKkmV!w0SR{D*N!m@B?_*&QJH?$;8tbaxWlK=2_x<$>frW>*E?z<&|h)3+L3Qx}c1h!^T*g!7d-22Yh~8eO-@cFDUQa*D zDqNxG?{@${K+kV*02B25MhEaFJR7_5W=i-$C-p7#{8k6>L-hQ^4&WJjewzb$J3YU{ z0lX8>riOR9FF%48)6d^cDa_Iz#Z%=y_~Ezr(!*o?_+t#?$M@OC_v7)H82BH@W90+% zqZslNlqSQ&PvTKV)t{maKkelDSv<32QTaLZ^gqqh&*MqZe-KZVU%(HO@F9Bpuzvdp zy?s=_{UW`6Ouv1c-hN5H{W87%ihlc5diyo~_Um{MCj5qZ`h3>w4ORLd(AjA`1f;wxhXNucTPqiPDZ} ziP{beJ0_b{`%bDSy@j{5s9{@_PCB?6wlK7)_4MjWzFJwweFpj{R`1T z31w>{H3bNrbP&ddXSdo%+`>w*kh4^gVBnwouv%U&AD29i=R>Y!~Ql1ij4{WOB`$DffCmw-&PC z8=xFZ9nBH&Ed=h5>zJfvI4#}>ByByV(UO}8U4VBGa6W6d05%a|b$1_-)Qyz7GNzJ} zv=vF%5v_HF)P_UU&>2>d${;dSNFORY=!fKAxto4S=9QiFLqe|Xq92lOWjFnhBrAL9 zhh$aROFtx;%0BubNmTaJ4{^V8fPRRxm3!!iI9R!teu!z6XVDL_sPb(3A%;|*LqEiY z%5&+5nqPSy{ZLaY&!-=1S>+&pUd)=QO`y;fE{Q=iU zYvPGm{N@ghG<|NtV8a29WAn|S4Gorn2J)|q;j-(DM20?^po`HCpowF1qE)d{vJN4%M{)hH}^)8=wStH9t( z*fWV-XR)^ytL-@~h|^YY1k#_57B#RDoIEOCMx@h43>-S5k>$Txr3&5go(;|n3j}l-fp*2Hd=xL>>KAU(vlJ} zjUwW$&X5mXuHxi~cUMPfquE(xT~Ny7L;!CNq7|0ayk1zwCO_=Dz)G=1!D)BLN_YRV zxaqVK!DD;rhSDRKqQyEE2mxYGD~_ft;xak4JsJ`8c~~T)e$BGt&V0FV#aq6z_1-OW zxkF#>Tl~-RMxFX{U;f!&fo3AUUBEw_>DUG<-VVI z{lD`Yb@a=92S4|9exuHQx$jMDzR7RY;V<{S{JruWB@MrJ^8*H_>GLf<-W&mn9FZu2rl>SdQ9HP7+mh#`)qZ)zzGTfo{lZY5jA z(E*Tj1KEf-OuPn1q{LK`o0GwwR#^s7e`tBIj4l6=Z;LH%bi3?)l?~B5j?{C7aubVq z&^&CRK<_Fxvlj61f#8&n(^!Gsu;jB}jnYr2yWJJ5pPa@? zsvqo;y@e7N+6nZ=+ei3g1!QxgYTvdV6^y}3XA491rmjP_g3|_h{PS5C!|gL~`nF|j z4EOm$b_|=|c-lcL`HI>&J6L)#65QrpVRw(@zCKn#u|Tsog?9RM&aygOVJDR6Q-}?7 z)lSl^toz55GA^`Qoet{ACTYy*cn_*-+QwMB;Y4M5Yl%vq#t5-rP^b~&g*bSZJx&{n zv-e@LoIQHxQ4H)j(fiPmg9o!m)m&6Yj4iRs+q4aorko87KU$`7wW3oeG~vltSY_IJ)3*k<#oF%C?DWDbJj0}J?#nf?FP#K!=mR{t%N{-b zpz^86Q6((X=(N*s#MQ9#3Qvo_tt3S2VoZl6Z#Kl5UE#U~U*c}Jnv zK|5{GoTjM|ar*xk%$k00xJoY26p*;!4@oh5eac31588OJNP4$$Jz;P?&7tyaSE;M% zvuRq3#D*$^MRVeBtF^eoQMqp`3DFveSWUwHxak!R6n=Y&yV=t}4&i3$j)<0$AjK+( zLN#wudMdG7?2e)aky$L9>y%p@RuHwGZ3R_MVnX#C(ZGi5CwRaV3Z~!XeOlv9!!e0s zVH^<=L3_aC7n+aNj@tB-Yiha0vL@D(x$X!l~WQ!xNPTL|bX$$B!A2 zMkL0JCTw75s(d>7GF3huBAF_mj$=%fPX`;O%BLd&Q{|&LB1vtkd=z1vPCo6#O@)u* zkki3O5z49a#TF0aOP*Iav^h1JE4=bCoqXE#Pt{BclunH=T4}Y?7*QxA1y-jneTCOy zrjw6?vD3)ci5BB5Hk~rdS1;tpTUb+$R_ExN6*~1zF?rfs&Ld>c3Cs6QPxY7N%tgb~(jIS0bO>iVwv&HM$m)gH^~^9m(g zD1x(i6tmCXNa)YtkP!ut*B)w)H`=)BD36o&h0H;-DvLle-2@iRrBxRk=c(L{a;+hp zOU9D6KITV@E;p3<3?I(vsf&_ue&HrrXvfn$T*YBuXayH58nkxMiTc`k9Qng-B$Yv+ z?hL6_Jv>VzD!cHA-SE5d2XyblpJ@3(y+E8f%~uw*6rGi4A-QrCKcKPlZ2YAa!{_2J ziauZdyg>dOmOuCLpHAh4_^T=4)x;eDBva696P+1bkE6l^)c_vw_+7c1wYo zb7l7A49Vlg<;lrgg;33oZ4Yfnj4X2)3xAmhcrS%Z#pM}N!3*1yQ*qZ3-t0zl!nPZ= zStU~+$vD(ucg=b1io?lam$*02kT_mzpPaar4iP$x=+W@*8PdS3{FBqL1g)2yKp6^d zde#5T46Em@1(R35;H2Gy<8uGwGpw5TGE83e?MbR}O7<#cPSRO?j5RJ@zcWL+cxT1r zbgg#lABWXfTbf)lK08A)cw5KhWGp)_JolMmOWu)^kh#M*&W#vMpi)fgi%+NJz=E( zvL}p`Q1*n83do)?l7#FDBc60{!JoS`M!fWeLmdt&(DqN`+sE8ucIW3)4n8}Zkj-34 zi%m^x%CH=Be7+nD4nBpl8>NJ@Ld$%!6DcVhJLpr*CzO+nCSRSCOmPdj6#?6k=7N?^ zvpgZ2Mi8DcNb2_7Q$hRg{bG$@XRqBv?$+!u=CFc%c&ffq778B z+0Z-E;$F030NebyW~@)En!7s0Gc#xCTSHOU4)Nwt6x1Q4XNy>iS3ldgR9u`16$n{y zz~HL&D!5xt6@2(Cnll^ylA47;4_`KxWLG~E$~tRTKg}o-`{lMul3fe!m@Dot;zD|O zi7NOGTGR9uMWG70F9N zQKT-C4adtv%{+aofP>R?Fd@^bm2rh?%>I0LY67_#_hKptSUB*l${eJPD)Wpy~pzqYf)XiR6b9Vk)C<@yhz8Z?cc1jWIj5_6KW2M+^Ln8+B4r2Q^--+PPpf04w!}+j? zs=_YzwP()0bD=1#%GN?rSW75EoRKAzjuU`FxhK4%f9iN4G1k1~snx)-&$-SkswaSm}M?{=83uKGJO=i_gMqOe`{H$)UkfxKXC zUUrneen^Ylh%fME-!9j`lp5EUgX^d`i}QfG;x5jAF_djqga1+3mS`PLU}}Wji?Yen zu7;|8ifY#)Z!27gkFQAkKcVz|D$h7a7zJwF6rrs4Wd8%90(-A7ce$4x*4PP(6n(x!7M5|b3avxZ4> zZ!e-;@#~EU=HB_l@1#T$tz;a|RYp(YyAg}jPI>+L8r-Tt;#^NZH`C81`pMAG7W&yr zKey4(Hu|}Pe(s{5LHfCyes;Ayd<$N=War#WytK0a8tK(@VP}y^n3d=W}`E>_l{I2Yse@ zhkT@W2Yqj**Z13c!sr%{9mU!X=OQIuYoCV(1v%B$H;~R3FtEqXUH}S9g$!Z=C@dB4 z2{lB@L*Y%Oi8g4~ZTd7esMaCf*;rkqmQCe|R6{k%n(;ED2yjG#$Hfh&4`*NW=$Y&z zhceEVz595tv^NL)zO*=`A^AD)I zJ2Gc*cZa9?e~_9?ZW+K9RQej2tN8kCO_nYZ>DK>Gg>u!JncoRTk-A_Oprd3CRrBRo z1n8@&iD2OXbqgE>qAI(3!IwfgWtsiOP!y>%dp$Ax1g;UXM`MntJBB>{Uo$_YK{VRH z%*U6SvNe4=N8jJmLm2&_Bgj>=!dM=PB6VSGR3~jbW@Pl$BAz_%O-&vf2V{Kkh?qno z`$O4jC9)?JMO-2Qp09PD#UltnVX1fx_w&SPZm@?o|AE5~9?Bki!GotfB`Bw+1Pcbt zWm??^aU@h+R^kOl5#Z#8j`j;^Kj3NlOq{>0a49twE*zjLTT*4$pz_qrdHCI-D6GD| zQp7OZuGQ)X>O=U#cE;={esGBIz;?rJA4rYyYX-)+`mEVhESHgWEAsn7IcOF6J)tO4 z7s3i-Gcr9#^xsQO04uHWm}K1eU!k0{%>V6B6mjMU7=1f#h%F01VX2UDBLIb^Lc#_C zC@d8tpL2em8tbwdqOc;nbwF&6f_-llADq_{;Qk`97yYd2B8JgP|x=7t^i2m~baH zE_Sye%^a;r#e{S*H6h&=6B1M7#+ei~T_Wm)^4E%}8Hyrx5#8d6NZo&>zD0r0HsISP zULX3Q)WoyJ7mrYat-j7zR=SPc4~Fv9isp@>C{h>APUWi7B7Hui!Xf%)go(zAm%8duC zS~xpCc^3nt{(%zR{mtJC$x@)7>+b5ED?q>u9rdN5C~Uu2#3&LYh@s)H)eifWRqc|% zfz%|h+LeGrmwU@#Zzuz;X736`k-7}lm|JHv`ktundwCv9O$ciTa5I$Z1$tXlLRa{X zP##(_JRFK*+F}R}rqd>KzBj#_`>#li`@G4VYfa$!%R?Dvd47>mTtlPYug|3?9+7@q zY7AXvPNq+ORQiWz&etCdMPYUMjUt-ajtMNW7fIb0zxVA|Qe*wnfwsQCDnXe)9?CJR z%pVO!5odaUn`%8>=~4kGEEQ9X=)q>}){`B4|7|!!SBsh$5bhJ>?>AtogwK6ov$r=r z`j^yH;X~Z0OxquX3eL*@Q;gyonzqHl%U&k!tEsVaiDG4h6si_ol}3#kgL8D$TOt z=pHNfhjPo>i#?$z;tUTk^meQes}+F4QjykJvC=swV=T8jV3bo6fB%5pKru-yVI)+9 zRtpM@;u?+`D;%!&8aghe#?+NAQxnIJr)JL6?+!&_b^4Vemf0RZT$S!QhRu6a|!8V4q%O(D7 zs2Hs#e1=h6L*v%(akiIv`_I%EyUJ&5qJjJOne+8uLs3}W{<4T>whf%G+C5F&rX^|l z$uZSVHgX$4!VKNzwV^2DA_%Zh*2qZ*3qWD15F;0W!crl7dje2cD*h>ShY?YM3;Xz! zRo8BJ)?}Z*8k!~jrY23bF)J6Uh1N#Dlu=wm8@>E6e<2(ThNF48Mbn$py(%sC;iC`o zZE`sDrsl3u?-euW=*vS<*zRyqgfiRKdC}P6dZFh^;k#4g`eHeol{g%}Gn89ah2Iv6 zB6Wr@Rt)d4-uIiSaeRs9c+#5QuZQx>viw&vK7T9n+Ku~3 z-<{mDbas4NYR*(+{$|uQL+ABoMsW?t{8f*Z^6g9+|5}+&3m+w`W^lsJ>y`)8Vqvs; z-~wvTmhrEZmD;mZdsoMN?#wy+tWXrTOB@j4%=Xydrw+P!Odn2->GSmQm2NiYLwRKF z-^)T#q|WB4zMS;h)Hpu9FDHFZDCaEmUlocXb>=63IqChWv3;s9C%re6TbAMP4n>hV z!{ZAbVX0Ub+7RV{@fWkN zodXv1_3fLM&5n0QZJo+Hn}fP$=$(CwMREH%}m1oB9PfadCXT}eQ^3|HygP|x=7tIdu%=jreJ&#Y=;vE0fC&nwO3F>a`a?6Qv z?^ORZ4~&n7^4yATI21)(YyrcX9T~-j2B5H1d}D?q;{ZmBL?fPPE`m?ztoHS==U3(5 zHA}ijO`B>Ue0!)KSXKIAMv=(F^`UYD`{~qS~P$!y`s*fgKaZs z<3~f;7<%@5y;^wBJbdbC=0dq$%DnK*nUk5551u~bMIZh$HKuL=Q{^BSKJuL<60)Us zyOC|wTRkrK{=&?8{P|E6*4}(p#5CJ+pN%~aKx7W%;^}hLznb#K<+I}_cbSK1Q}2Ti z*1}1()4Hy{$7B*e#(bQtv|;Tjh|eTr1kM^SmfE z(X27XOs*A8?lt#^a?p;sheJ_JTL{5}bHA1X4J$pj7LBDQgH=WbG@vB!EUJXE&q`pF zQ6zdjiJoKVXuZK@>k)NsI&-AitT+AP;dQBT_hyf~dP`y!w^tAiU4z5rnKSvdp(w1H ze@`e1J4+E!&uEsClGm^)?ls6>f}WP|7gN)V&0TJTkdbTwKO8C)+y6coio&W!N()_6H9@tL+8Xi6WS@ zA}t>pw~XU+V%fqFuBM$_3f~H4p_Rfn7{#?4gt}%a%HH%ChPI@};qFiSFOIP~KVg*FsUm*&onlY_F5RTmTA7#fK&j8U+t^ zlWlPSk<=7m=>RUcy;vT@mG24R(07Ci&dUB7Mv*wQB}bJ*CslH3*g35Y@4q~A zj(#i@h1KJah)`xb_?f)n{cls_`cxa<|2mXgR)zl}6h-O`pJc=P{FP~W##3&1pNpzz z=%?KfiXwHEPr2d!uGAPm%?56g4no_To*q=>J9^EkxStn0iiT$Ziep8!;5dupPY{z~k>hH}sf;me^YrY(fv=)lw~u^akl z$Jy^1n4{^g#I6MeGxYgaF^a_D`rEe>`>fQsdzCA(2WHOXy`d5^^AP# zl)Q$kS&6NrrWaSg5<40y6l(#8Ls3}OxN4!i@y6?}zmEQ^?7s23>mHw|Jd7F7_E$|j zIkBy>3y{(tov;sY(UeQFuS-oN(_E6h9Lhv1hu4Opn6?~(N22L0$^LX|BAEV?>`#QU z&`RO`jN;mjMqSgD{i;VBJ(f%{$V{~)yJb~c-u5(?WH*C=89LiHhoXqHKcLIl zUMCT{02G#r(a?FDimhg@ZEUsw5H>r|XSVaz%<=L_u`ph!7QKxYFPSCnqJ~WsWPLPL z3v53=!zdER$=P4uUHf1|eXblVq|LP0uQCRX`nzYx)8b;ZZlG=nz}{qsfUXUC=V#8} zRwxSFMH(Wa*$%L-xvx_zv~l;-WODf7)a0;sV8qlvg&5uv%0sK>Zwf_`x)=~0I$tmF z?$pe~tzza-9@k=d7Uh>xlL1ACbmer{Pqx67clCo`4CS5`z=uOoOj`iKv!Z2=1n78? z&;7qjjr+@8?$ZZXdu-nS^H8=~&i^T+NVM>Yak*fA-s}W^|j&WWBgHG@ex-b1!RZx^(_qGw1v_Cg=R@kF8rA@5B)TpC?t4 z@GQ%g)Yv}Y-(GKw44*4iV(8u~x*7D$)G-c4VeQO1Mv>SrLN~SzOe!3isC&{mlA3h3 zPA(lqOIMe8K`3vnF?wDoinw?JCLMO(A{{dTg{9)_q2|F-A%=NIR7~L-2AlBJ>V)mV zR;$<~ACb@a`vc=EQ&Z111L`boURTfiTYC(TPll?K)yO9pMdI+7Y@~ykduJDOr#VW# zBQ=iS)y?s%87rTexftFWDuz&Vys=9PiNoYCr^fe9-F%;Xg#6gdIsK7P6xR6tf(UE2 zXQZ2wMABn${Oi4X6&EER7~M>Ph!RKq<} zm}%ED?NTxGNU>QSDHmfWu~)1~YjUxpTUFe%hWH#>7G!158?w4ws->W9h92*tP!w^Y z1<2j1jtrv#C@d9II5VM!ev{*OpKR9aBN_ZViQ7Bm_HobUKA4)SY<694oZG37(7j{0 zVMmkEr5eu-m8-QX&k9A6x=`GxmvJ&ZQ4FUh3NPwqT+Hs-Xg-vCRsb&xMUlDymcF4t56SKPFj zA1;rMc^&+(W=YYgol~t+{&}cUSiSnwP!v|8p9@7ndIgEzaZM%Kf2LR{)yf54n;R)M zi-?%};g`j0XUD6hc1*qA4q+r|Q*MKX^1P z?nTQ7Moh)oCRg0$q@S5NKOYK3VSC025y@=FW2X8##}lcsetKW$xDd)YtIX|C6sa@+ zE;bZ#12UaG8_%RBmh1p5SqonV@~m2R+8a6E8p>@eus4UINL^rS9W!JB#Rjc(yutUcQ0)PDr~CNVGZ#N!EL?z-9WX}dfjoP(oH zo46>)lS#J(ZU6-{^mMOd6xYx{>iLxy+>Try8^gjaP5;J<_{5@bhi*%a)!TZqx&_V? zJ=un(r^}lfm^t?|p(w2WZxjK}wl{T4FZGw{K;~erP>Oxw?`UcQ+R{@%SsB`~HH#?e z63u;~e6^T#muFH;l83T-G`w&pHl_=Ql$S>Au1Q6xHcv%X<; zS)8GsdSAajEnj(g7eBjI`I|Fm=YNKxu&Vs;p(w1y6QQPQ@q#MRP z76tOPa?4-KxjQvY*r4J)MMFY%%#hI4#j>DdhI6Mo7)4?iOWuqb8e87ve+Mkiaj(an zOpVW*aY&&$UapPO>i?$HxV}i485lRz*~RWRg!0O= z`${N^X|p@n%5QyeWTaZI6?G)QDqhBzdp~sZ;nW0i>p)$I(ZK*qj5Yi{!pR>DWv`Xc z&oPQ?X!$dm@5(jpTK%Tv)Je$E<04N(%O<*>^oksjpBZe^TpweW6}L#^d+eYXy-sJPMBW(tAem> zl?cl^7QV-j`e-QEtu;9liXwHvEj`&RpU)S@(Q(G|&9lB-o=i+1_ zCqj8<*?u7uMe1z76)Uf;vffLDm5rf#r;U%)6%a&i=Bwo=y1$Y3j?{#48!eAJ)MS|& ze5)=-O_zwC3FWU9(OW}N#6=V^JlPRWHqr&4uvF{_UF|0-u&H(9wcQdq)x`d@v!rd* ztf_WFekN20tQviqQC!10%OW}`-1EMqe@lyV5#1%{RNB=YzdCb1ekl}%?Fe5KQOx#S zWECxDlnb<%qEWBGOlBS_7cY2z-ujzo$It81*=RK%l_}#RhPw9bd8)lj1ZzOT44u6G zP!!V^L2!U%_2Kbaer$3fJSR0FtQi=V>Zg>#y`e0$24z2^xP}I0hYEh^OL?%}v`lx~ zDOVtquMNXT8!cl8d$(`!cxp_)TZduw^*q>d>e9u#ADS**U47yuGndArp(t#hI3og` zZL_pNiOreYWRA94ovwS8UYVMRZq_1lrZL&FrlCt5Ploc+c8(`PQKT-8^*zL)uJrJR ziXTZ$8XI~^L*3xfJzl&cl#^B%&xE2#T^LjOn4d^Z2%87m`Jrl2UoGZ#j6yYE9_tpw zuZ42a3gVYTQN#riFb}a)85y_&P*^Ia@Zf^ohjsBGuJ^UA|C*Xwtk-?h3}#hxacq~J z{Bo!`tw#Jaqqv4n#9ZF-;|Fn8ZA{B6?qjbQJN~+Ow*qy}&<$Q1io)vgB1SRmn}M(_ zn@6~W?&9(}eIPYX)3U6svy0t(LwRLYbyp~g^x18%PxRUSSc>d!n#)*wX!m!7^2)ON z;ZPKDb_W=GJ64E&3P540kg*~Fg{4AbHvuRt6~7l6wot*ht=BgAwp0y-r|Z=YnGw%5 zefun_HMMD~$lDKxs-e~7w=jxpIL0MM-aeid=cbIjeRSr0{7@(g+Y5ePL^0b_T&=A- zGT~|KU#7_v1{?(+2@V}>r@H${Js zBz(AP_P3m_j>Xt;CmHVc@V$(!sj+v>KrEDoyU4iuF8}V9ne%p2CRo~<)bw@2SZV$E{YAOintr4 zMq+S34bm-)N@~KO?>G_-BnbEGAPM3a4dta3$8ac$)Wxyra50b1f}HP;_rESR{x2RF zb}Q}D|I4A=vJ8K1D2h141Evgi)**vU018XR6#mwX2Yw7k=V^~f=16V0QO6Nee`NZ_ z)Re#s{1}m#g2^th_;9E=twwy1Q6$bGW_`$6tL9&Z!991h{%LCbU8h}J!{6k+te=}X zd;d5Tg;n)G3`Jo(oCrD14i|dzXzmM(d2}<+-B`FeEw8$7pd{6G+17cebA~STO`#~P zsME4)eJAtd)p~x|WAk8YY@RpJQ1x~3`OZ)#S&OxeQ6yTd*`KPcy};k>$!Uv`F&4wU zzwSh8>`XXre{ANgd|@aGtFlK#8nYMp*jC|>B+pYSoAGq^95cC+rOzlY#Z5NVVy;@hrCo)72??58)GxFwdW9j#hqWSLW}WsJsxBRW2f5<=J?mZ#q90 zfAN*)=gXfL$e+XV=RW?^sT`Si-E}7__wnzu0ILw`ouR9-!O=Xv+5%sun|L~!i*|OJ z<%vqKSb^$p-G}hI<2E%WBY#zGVGh_1cs3M8idrK|Gu5j1yFqzt=xQ22T^UU8$mBai zIcJ&wwonvt=3k8_Dl={!3bDZfC@d9IjCG+7#mXZWaY+q*&CwVJ-*x}P)O4VKps4D` z&U$lOZPyU^`=JuFO7Od(DB|o7kf2opS$+sWVX1giXb707=nQo*2-FL?T4#)Gd$Wx7 zaI(*9vHWuE`pTX3XHMl-`qNk0E^iy?&kdE^< zT|f5Zgn)22p9O7;ZsG%vM1JYz$Z|t@c-O?S>t8d`Dm^K$yXCbLtq^y_JvoD7I@`X9 zV{=fd6)kHZl2**;?RGSUdmAAKHe{oxJrl=nkf*&9$8LPhM29eO9-vYw`z56lt@e)r zw)7$z>Ic;t^GycxT;KyKc1ahfep;AI`}zA!{&|Ly`BbtKEd%%3&0;ZEt`(}CVHPk8 z?{ShdM%T)E`nj2YHqlRpezwrhR{FV(ezwui9rSY-{S4C2-So4Ie)iDMKKeO;pCZT| zDdT$GT)Ph6VyIKD4wF>4ve)A;Y0ed{)xJ^n_KoPUZ$yxNBg*U>k!atDR{KUo+c%=# zzELym8@0#2QN!#Twa~s%Q|%kI*}hTZ&08m0JX);}fd|a}*2L>4qUEBl#bFP+V7NYp z^Xha56|pJ0zQBJL;@ckWTx)!6s9v3j*0vg@a_!=vdd5f3a{T5jP> z=uVzX(ehlO1gYY*U~XtU$GOqP`aP&dL%lVZ$3Zre3RZN6qQ3f2rC1P6-h1r2PBfqH zBpEHXifwLxpL)ehiPPs5a4kI(2`&)`B@~2h!eaeK4lO}C(G7)0gOF7o%D~-SALn7C zVYpa1jT}A)D~|$nqVgT|8_j2KJ=lD(0gf%fy+n;FZYSb95nIGu4LR5x#e3x?T=X&i z6+iZ+c)k?Pw@i3^B3jIRIiy%Q@i^F0AzxUvxb!^L(8_9P7Bz#+^5YZRwncMWkSsnJ z9xXm~-=Sw^@RQlUcjtkLs1J%%yqLXvqO|8k8zo+eYLhbUoKB`)$(i<<>UJk*vNY{U z&SWv|P0nO7?Mu#NG3`&zWHB8`$h3Fg?t4t@?n%fb9LE%cIKFdomg`)T^IYeegz2DN z=bD`BI@cs@cW_P4ca3Xu#_L>@b6)34V!hARY4Lv7w0OTu@xI7z4Q8L@*5D7hHTXkr z4gS#Jgg@lgP*3a8f%Y23n50^pX%dOsOi2RYyX(N+rn*VwZ81$EZmZFgNZV$bMA){v zBw6p>x5swHBvE^rl%$L7N?O*hGY0OSoxAo8*^{ZUEST2`ih^+ zbWxf}SS7Hd+`j#LtcE7xBuz1G@WpL0dGbpV@;y86-f1xTLbjOh*?o_#E=jZ=;l5}c zOfKQRKy4CGp(HmCSS!pT?EQbry}zmBehpVYM zv3pv)-|h2$gBc;AtNY9dxo2?apw&qXZmuNkcmnftK$pqwwv;5wgl(FV-0mcqc)bR` zw_CS0eVz{QNs@_&Yfqv~T)Oro$;8K%EEA_c>`9V|kIR>dZKJ1maH3pJSZ9a^0WF2> zou$m9LqBnkPr zk|gBg@+D;D=;QLGVsrVpk|g2dN|J~JxOx#B!5qm93PK(D@x8;eCYZ577cvRXsSUVH=+NXX^JSfM+;b9wPbJ^L*3M&(|r3OQNsCi2bA zl%%Sj#FJFj%cNAb$lIqaab91vv2(TBr?kZ`6q6byS%qA=>gNsegHxk_7E> zJ5kQ;XDOPJ#q7u}segGi&8&ZUJ;!JMJ%wy-{hpZb zbfP&G+Qq!BQotTw?4s@)s}Faut=?>izHuzyF1a}tm#{q!m#p(HX(>xPhA;7k$4k85 z@e*%$yu`a5FY#u_OT5?d5^uY^#0NMoaj@eO$2u-?sN)hJ-nhhb_e*?q;}Q?rmw3#+ z#OCl4+nr0?$V(mGvR$fL@+*HnU^X^KH#A$k$y+r|_IKaVYV$dPXd#Y?j@BErZI2qE z+dsFOA1YS4S<$@FVvS?g6P2$3Z)s1oSZ(gE)(d&s7`;5lH?v@uHqhXx{KauO-B@~Y z)Q7@Fe5Ya}y6GtG-JN*t#L#OoM1jA86BLYR&0A?tK zEj_nY%r^_AiOQUhIu^OT!txls+Z?K(h>u)*fn(H`?{lW*)}{3Ymk|(R#DoE{(NNXSBB9C8C5*6l{JvVbtl9 z<6WNbv`aWkfC^jnP7}8PO|ZsAHX*AMqU8ro=F=)ONL!9=nmC(@5AQVSy4xlMuTba& ze9=-RM9WX>%qKMrC{_&R3uikG92{%4>&@aIsTiw#JS9shaUf?WEJ`;r(7{Hr*`@!d_0?iW?cK*Mx)U|HmS>Oc;h`mo5q2o7Zype@bvP=`JYFLb+*Xu(07jNBW` zIDx=lM`i`j_}@U0IAuH&Zk~5PlmaA2eI)*8T}Wj%RLeunJRJ+;E8Gk9;bNv$D>oWN z9NZ8pZ5F;wow8(2mT1HANf4ldmHNP+d)QDIW|G{qfKkuWi9oajjZ^#+(bKkW7b;?3 z{=)hNx*^Esre-cLbwSxqasplE<7AI|qgV#*tJN=5i^HSpqt$|;8y+n?7|%*13>Qc6 z^~T{Ww12E6O`t95u>@(wmJ{_Rj6XjAlsS$wGaVQemJbAYo;o5KPT<^9Guf(cHnhfM zLlbFgssWo+)uTfuVsq(WLHK`^JQW^0^O8Op~;SZE|pcKvQ$dnuI-ni&dsHw!854l zsH*13!-tP%)U_*q0kRWZ0F*7lVe=+N2HtS4>h)pKqN8pWlv&0j4t;KnRE!Q}@t~~W z^tCSykCyRp<7P$q)i|S=!x_aK9UseK%qmtzcjy2Er}7C#N~IC4SQQ0Yb@J%p9ort- ze&pc6%weR_cvGyB7*@jIX6fK#r&Vlb`Mz;Tgt7HZiWUG><`CUW&SG4JvOBh&+YXvC zRBMK7RT%mS@wpg96HziX8(PEJ%7u3Jd?8b4;t(2i8|RWoSgjRKn z7d?6=`^cfpA&cNXL4fAo?2s#UVFYU8_#2d0w|j%7T9M;qiEegSDV4bxP(^0AJW879 zwm_d@$h5~BP*G;D&gV8m=gV@wD05h$a@z7hv7Ki|pCMGJZvn{7c!DE{7G+#s>nS&V zX3pA*;>A3T3%dD~1F24qtjQ6rC+VL+qP0jzbaBwKQE7r#JY$MW!*3Ri@bWlSY*c#c zrCS`RW&Rir8)geb^`>H_1Bm87aQMMP*+VaQ@DwwL4lA}Ad3I8m?F$@8#4o2M8HiVp z)$u(*40+n&kTZ*_7L}USsacg8t$sj?89(JgKI%yIuP~(A76=z?iqrNLhWL!j*4wBf zw8wL>4LAhdk+YjQtNuCqfClaaVy8Y*xyh2)+^&|X+|gY}7%je1HjRB(iiHnOtNj zdR+PuZ8F`eHyViYcCV&7Il(#lfzvD>z{8pK=6NFplbx&N>{%~6^oX-Zw|jL@f*3^H z>J!nxv}ia{5lm(wfiw5ggIj$9l8~bMTfFMkEkEjndyc}EI$h>NM zB14rsmGvMs%V(5*(HfKKrI4x{+^q`Ipqh_q8m@?=4&^H)>QbFf)g|Ml?g6;ij>`DG zh59&+ay%yM&)CR_Oh=kH&AU@T#^aSv4?C(qegjn7(XDc&@@OerEuP2VJ%Y2_aAOqz zsK@9!CV1-31+vpC5FH@ft!v9I;J|DE~E8CwC7R2I17;mTp?O36fsM(AJNKC2|&0+ z-0A31r`+7u(si>wX5>>dUfn96reTv;jU>iu>%$O8-CZdmy<)!JoQUo`*=d#N}CJE3s zrQ71E3Jq~yg$5d_3SCkc=t^gz z>b7=;gUD~PlVaPw!a?K6ymJSWMKoJ)?&i&eFHyF3ExL!q;H%e+LVZL3c7ECe?7 zd+7Z3d1jb82XR(gp}JAKmJmac%Oe6c)6lSdj-=vu7_UfhXnig=ln5-owV zE7{Fp!LF4va1k2EC56txmu5y{2&yaO>{?B~P_)h&0lP_9Vj7_a3)(r6*($%m1t(25>g@|`DYc;BLJ&yua<95j%C`}ig~N&RaXM9y6QLzg2?{JCk>-Ig z=#Ta+gv$HWY)v6BuTh_xlM#it%e1XK{-9=-ivXyA^z%r1ZjOajf1hs(wp%0Y(a> zI_<(!l0mz7>y`P;V0kce0c)8u>uJV=tyPaT!wFFbSR zWai|9r_YcAZS3h#WQKVPhX5#7;Ahg^JgYNB8+$q!Y91(YGOS-s?$1wUEJ5CK-0M)5=O2UY{{#qPq@p70P50_cEtBd*+a>;xN!xiL2Qxs0*4?AR2Sy+R{F z02cmAy{_O4jj9PM39C+a)P&hr%Lpf3C`ru5j=ciH4x1W7x7x;#;~0I-Hr|ELXFrqW zf#!6V`YRS#USsKd7?Zt1n>w*-x`C1SFsh!?Ss*WVHQh2kK`V8VNM1x5t#mOsg6>Bj zK``Mw_JxplhifpgNH@WoSRzV8gLE3c4o+!NzvFJ&ue?G6>teX_2-S`8MiqsSGPnqx z4AENmt2CsY?)-N{3^S>}Nf%-%i;LUK60NzfQ{#n4%%J1QH^q>XBbMXH7(0QAcFN`A zkGX4Dt2|{m#oi!mH?57h?7dJ1hv^&Zv{i*Hox)D}TJ2UGSj{$5 zmNG?~oDPji0sJ`pJBcA#+-0h#-ziDqK0^X(^|Da3lR zo6d@0(kC|(YesAzC;c(SgiI$nhIKOIfRWiKJ6!WjArG!7zB*~-wr3@cMr~8%VH7#U zMZm;m4le5Z8jl0#z77w&r!l$JDX%&RSpZq?$ms80E8?8Yx;JHq#?8JC6){IF&!P6z zq-JG{l{3U!^dKYb-Z*5!6GN zDw9KkFUM{J85iNEq-s3rsa)OlXu)mj;;gF3%51Q!Cf5*a3yM`|WkJObSY|hvWSVu}GsQ$Y@T|b2W%ptK zn(WlcoZ_r#-CbNyoW#Uoo^eZ=IL)>U4~E7yi0)!;#JM!dY+SgxPB)+ zi*yqa$DqE}Y2(3@N1dW*>t-(sMjjYR$5y7$``K6)kdTut+T682i4fVUN&WkKN8Y#r zD$NfAqDZfpAK~g5Wkl$vJ~oEfEcFlUg5m9gj9z8;(IaZZ*=bo^XYU_9S`SWT!IHt>p zGh^b8$)47Zp0P`8!=OSOvhoW>*`A~vx0M|ADgjwb%$_6K6shaQcQ|m@#uBrIh;~D= zPqNiyhsIeoQlGNIwicpH@y_HWwX=D3n^fLttEr_YN+F&!XSos@4Klpipes@d@}1r> zOB17b!nBS#d6>KA`c#&G9;^9qOAc89MPn?8KB?eaWlW z*Ic4r-?0Lgg+d`1P)2d?t^z_(l|a!#srwMWp}^Mq$OyioQPe%n)^7Qzg{t%F&Svvk zjzZ2`A5o64nxYH~%JbX~qsb)TV{)=E>D=a~@<-k5IHifE>)L()YiSxU#4Ch5^y zA)N)3xsQsTQc1vjH|-H_78}^#pU1{s@_5uRQ>|msriud-!>$Ht$#s|0;|`U>oFC;} zhC+&WpGd0eI8}9=t8!$^5?$J8;)BSAaWr=<-#n|U*Ifx!Ko2_tAUR)+_yX7_Y-=tl^2Zy8H1q z$)33G_Uc*^+O&%85>6`A$FTGPsbtQVi->=66I3F(0g{;I#Ap?ndz_rZpsxx&LWPLo z!{gYRjwDmW#ivud5UxI~igjb$Ax$!Y6g*G_R;vylA#yhuD$-Rkc${b;HX-7{Eykm| zS1j70#Gqrg@IKuVT+u0KCnGg?gCfq6uG!+I2vJ#F6*Sx2fIwC1%3g1EqYBpds6fRU z6n>S%!>@BhQ>fNDgKPeom{ZtA}aB8$Vrne_m0vNK+ zvYetW@Q<)hlm(@bIvFUy!WqO{Lt!fpD*T937^tzZiLKYz^-<5bfn*oC%0h^pEE+x5 zJ~e^|aVnLaB`gaG0#vYQxR}RU(RtU4@?p`U!)_L8uaX^jBcFBGE3TS}TEBG$IL-RI z?~>@J|Zs1z8>y)z^VZD3WS?2{{O=(n&0w4sS}1Ji(DrieeDEUdCMYscONZ-y;3N zY&5D*e`Q&+nAgaB?ira>^*ugbETv@Tk(>)CHmG_sJwJ~t<{|kDw9&eg@-gV{=?iqb zgOkH>d+gzOJ`t~u#XmJs`Njag%lBXSDeb`@_odOs%Id%wO7XcW@ZUO8g0G;@)>=(ej2JkEaJl6o8Cx90afKJ#}4hi5s1GrxR zFEW5*0ytp+4+`KE0qBcSmD2)v!~h-@z)K9^F#)`c0Ce!Il4C%$6dTNQm3pg~)9T8{ z(g>U-a8`jKk0DdGAZ1sHr^5RJFm9UTODk^>z?%%<%>sBU0cht~<%b0DHk0G+0(h4J{D=VFLjW%FUIDz{_z3L1n{#4@N)wApaJ}X06t;>9~HpI2|(UJ<(CBTt0u>X$n{AKQ64&#t9>J6Uu?7UvMg62Kt8}rK&Z=wX21K2Ns zdkx@O0(hxQ_rl2;DD$7a71Y0h};^2L*7-08R_w5dyF=cvJu{F@VPe z@G=5$<7nd~nfN%MNC4XJRvD2TWdo=PV9Wq&0yt*?O#yTa;Jg6F4d4j@JZS*05WuSp z;MD?njR8C*fJ+8&SpcsyfbSE)_Zz?u2;hwd@FoGgg#gseD{mFRGY0TB0ld=y-X(w^ zHGuaB;C%-0egXW10sJHbBIn>eY>b}PXtS2X1wgVk>Ewes(D}5L!>MdouxORF8MFZ< zM+VYha1ybo*PIGUB9(|IT??32?)p%!EMdcwk5v>X_ajPY7 zGFC(Dol_v?jGJr1&;9m{kYXbPX0sMym{>uQqDS+#5(^hW|p3tLjA^@%WSLO;}z5y%{ zz+wW>{iu~C0$5G}o>r|8z$yb+Er4|fuwDQg4PcW1ZZUu@0=U%xZWF+E1Gqx~Spygp zz)l0$C4jvKuulN@7{I*(c#Z))R{#eM-~|kL<7*dO$NyE1n3Ve@>rn%EkpLbrfD;0E zhyXk_JSBjKO^!zd@L~gai2xoqfR_m%ZvaCAC>p?s0LlhX5x|%M)C6$O0Ga~m5P*I5 z^9;}-b8~_s)56C7vAhcN>43V9m1R{b?APuV?P8z{dsfD+chZ0{9IB z_=Es{+W2MkF$4I*$LJ>74?s6GcA^{G_2D{QPDz(LA^~sq zMoL`vOi?8Knfe>tJVi%Nnz!N4I{D*$hl4$6q>-D9KQs#B4;fVakz1wNR^p91ApVdP z9-rvolFhm0F`NX%g5E-Pfn=v$#?6q+?!y%hbTiPyweq>c}$&@B-%suwdQHUesi~SCK(&yb^7<2RE~{Ei`-d zjD%>jxE3L+mt%CG zyL0%1l*s{?B;%Z;LnTG*1b#2kpiKUGR^*g4+`->Q(mdR9VvhE74Nfgur{> zH1>a1IjEaliFo60xsan}(3}ijI5~pJ2L?8GL0Fgmzh3Dr@e=+LjxO}~UZKtLLe7w* zOMKBQu`yo4EZV939kK-*x1oElp`Wkaj-P&d%Fxd|`uPUI7Shuk`uPgIE}^IO^z$ux z{W|?Dr`MbCb7d&%8?Mr=f|wS55lOf$v3{Xet>=fyDz(HEMJsU8)F=-5R^a&(Rg z*96bU=Ai~(2S{&N=o_JH!rHiJlivHGi*&yaSdF`Db2w&72$8VHPoUcQVl+xy<)@A1 z8x5R+rIZbR3Zu(8>1+LTTxR1`87nLl(PjoZf(zuU{lbV)%7(9=Nru?vyunP2d9IL$ f+2kg;&@x|YS#OSW6WkQSG7R3(^_Y_085;b5e9FEp literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/.doctrees/index.doctree b/ia-terms-updates/en/.doctrees/index.doctree new file mode 100644 index 0000000000000000000000000000000000000000..032b4840a506d1666b87bd89b9b8a5bd8e11e8c0 GIT binary patch literal 40512 zcmeHw3ve9geIF?jAOJo=Nz{|_nlwd9;@;s&O0-@O07?)^kO3fBmMb3@cMI$u54Y#t zJAjDg@guQw@@(u>KDYHWb(7jn?9_>prcFCas&U;kZkoxsopC3g)@@=p9!=`0+h|fZ zjhm*w|9|(}$KCGT-rXYOcA^nK?Cs;*@AvyZzSsZT??VHhp8o7E{?9&aRW!YPGous= zWuu^44ST3yDo+ zvNCQ4`|`#{=y`3xzSljck6eFGCX;#TdT!*~ANmab{q(m#^miKCzLy%>u)TLhy-9EF zaQ8I_YMIop|6;riTb5m{9?0r>bot|iDBib=-k3F38Xu_{S!OjVs zwXy`(D7$}h1$9j?>s8$-TN%@;HtfA6y{tAa4b)Zv`VOnMYE|_rC^X7}dp-8S-tkOE zdU@4+S%MrcT#&TtMrmY3lB7ph&FteNg1$Yt8hmPiFFRL9ZTFW$9w1DBHSG>irQHSc z@4>(0`1dyadpoEaTrM+hWo74$TwXWxB{jEh zs%kmM4{Rvrjf}OqPDEVT(hF7Xf;2Jhu`$5U2Kjih-@F|vV>#QSlt9>sj|LjY<>YHEQ&~hJWXo~iJk7~`O z`d}p0Tai>BBtOwY_4`TTw-mFim)B)@BMa&->s6SxS}DQnK=oH@)v7M7mvjl1YE>0Ucpv3Q;WkvsGRlTjP;dk8EU2bMPi?4D*(l>5nX;& zoqL1lUVbdfz1T-vkw<%r(Ma;lDDqTz4WGQ3Qc0?6s-)gjHYz36V)7LD+X9hS)pX0J zjy$e}N<`XFm2y?88qz8=CJV;Y5m%8%?ZtF6Zg@n!nv5t^wvk$PG(gm_Jy=!Db=9xA z;bCXNS?=n>oP2S9j;fAo#k!Eq8Wpvy7cynFnzbq_sx0S(yrx2Vpe#mN9?y-*ljkyy z|ECICI6ixyp%>^*l*p|&f~UMH1XU_~ymLLil>FS!qO!SDKqMnX?eX_Kukvme+bn@Q zxpXbJp;i@mOQl<&jPm5NnrGxwnenj4v2O$7JVBPt3ar+7NdUfg{iIp(3gHV(d(D2L zI}%z8B-pqsmW^D9jfR9aupdF{=dQmbl)i3Xl(<;F6V!deqi1EqCYQ39NJCw%xX3H8{S0ts^Ni6tj& zO0Fg3#xoN>SIK-vSaXp<6C0kX$d+qv1$ zqiNGqlQUPJ&0Nl9CdS6mnVdeK85_@xjh&yQzw?VvH&HX7Vxr3mSd4eVH<9;<2FFem zM>rEXmY5|X=Gk`z#t&(*xoTqmST!@cT3yQ+=6V)$Gg%ro&lXH&tt!)bxoB9bT*Neu zyrr(nN@<-&47ClbiG)4Ht>8$Z`_m_2K@iaYiv`?FEZjv0?uxGkiQj6_ps0_xYTUpC zM%Wa9ts0QF`_qRy-!;_8mkOBKSeUL<=X-z|ma1CLo7)wdLTH7mhN03=A8Nl+4ZK*u z9gBr~$&u=%zTw_bw_9=E2;-!mKF+7Q7HODZdZPe19t)6S3SgxH=apD(!>_Y+gnU$M zCW1af^IuTapr3Mo`Y@mA6Q=)O0d^u5tU_SfSIaX?7k!zo!@Ja0GnfRHDl=B9y0!ad?1~5o#b~&Q3*CO=Ccvg~p}bp-IBOMhsoWeCNX4)bq0oK1FeZ8dLJ7YU*pcvRYE* zJc0v=Ga}EjY6?+9Go#~^Q8S|>PM%Ync|E{R_^eOQWkF9WB@x6-1&Jvhxn*Sd+dCS_Qfgpu<1oQ{ib!VpDaTeYqR6GFky}`xdLl#8{MS3=7q$1gHp|^x3%Bm14w~KrnEw69Zf) zEH7NWwwa*Mj3!?h!bc0Xw8ln(Y4Obof*yr?(9(^{X0Vs+pYaiQ>=$=>sepRE6I5>0 zINC2iKkExSR`CLjI9KObq2}iCo*H1X8S%8e1Pr`0FS!n z#@k`7h%$>pBxL;XAuQ&kHzxFqY5l(d3j}K<+){fW_fvj zX=UN+Vgk)}yl_E9)NkI9T}O;sw`LKis>#)Fc5I^AAs>srHK6wKclhKzE3_xp2$Gji zF!gvWQ*)k8$j?v6<-m?OJP1cO795(4y5?g?ZgDY#k?$4wo`}Ww z1mjzn3)H?bN=d^@+}6k&XkW&(F!s_MRzRTQw+~@D9s=ur%xeUaCu5N~eGBql@|EW< zugFXD%h%+UcV7#PCA1NpGb=0eWa}_-dG_+c{NjpCTqQPl9yxPhBixSSp2^JRRmDP+ zGhfots*#D!?ATfi;sDz+f>saQe{BJ`5FEzS5G1SnKD z)e;11X3&2(VG7*mubBF#lHcY&Jt6=wB3s?giUS$rC~|<%lYwJ-vw33UaMRrZ?&y*f zco>&_wqEquO234HwAonFo+i@f)J;9FO0%@SB$BZT%#Zov<)Isgu?K;k_G1Avj(ne*0{B z^By}<7{SWLSXS5rU7K4BEFef&kaO9~AyzP|XjM%ta6v1$nIy1NC>Nsmq4NQi+Ux%I z`B8;7?QF3GQ%}b-g(XH(?p>3!^72xX3T;htKW1eqi%ZS5)xNFCyli24nD0>nr+l1u z2XQv#C<^yXY~gq`082q;Wz6mQ4x_a-5N;Gr`NPJ3_a&w+HpKBnuz&!P;5i?PH@(x} z>jmnCSky0)NS3cH%w=a6=H;tA%qP#f?aE~=e!)<0-Wk60Iib;VUCFrP*1CZK5UhF0 z>#EEEd6j3&jMn}BO<@LUiH-l305$wXmb2~fgioB;9#2?C!O*i!3=P}++}OatB1vtK zI@f2gE_DD4IZA5alAT$>x~c^xrYy}rH@6_Yi)RtAW)sx{t@vdYCATB%R1TwEKPFa2 z6=(PC+7-1pO0+QmtT=;vv}47`=?~VHYNzc>Sq%%{vStk(2Qy0(7?=Pl=SFZ~R_PWWL-u0Pk;_o=slYk=z(Tod8ig9K9}>XBCp}ot;lYHk zmONO+AECnsE)8LLZ`dBj(r0DeR4Q6PJ}>+MhWbfF^E5?|6>ZWr#e@=*V5IA)z$K+% zRH|4A_h`_II1~D2DKN7S9#n&7v3VJIc1C_gMjbaPkBv<}oSR?d&dJG~t32b6U(fN1 zI}?p2jP;f!W6fECM*#%VlDb|iIeLMs*>9r zvCh(>MkW_aCM89p*)cXIz|zZQW0P~g!0){7VV`qmyrczp#!Kj`hn?1FV@3xB4j@O} zgtfNoPP@5cl=S>I21Iptbq`n=XDX(kQp7RF3!zT#+!_{gx~G-0cTx;(V#yPD%1A4; z0I^mptWYXLro+hk*QlitX-0nylGgLbVc1*RZVFb)~s3?>7rpuSjUGK zm{I{N->}gCEY@2(3*K=^IhPIGDnazTz7l~Ux8hXKg}w zf&Br?bIXRr%n_3OqqE%%X zCH{WRS?NaE*uqB@ENNjycDe^=@fnLMVrg_sL)&w8n{&JzXd}$22(qD;fOLi8k)(;U z5)G-Gl@^VRH2#QmhOEXYqhMT*BOr$w4|oL??b_nflH}y@K!#dAD5Ht!1Ztx2pt@*i zcr8Q9t%mRMY;)6!?nOfd4IOTp@rQbxri)sppcV^_AAC}xX*>rOfcPpdKno>;3yV5J zn`mD#Xaj{ceJ>VjWT6pNqDC#6beyeMRMTrbTTaVI8~rOWQ49KqSWKRE{yL1SQ$H_k zod@Er)BYN@cPlj$pCVvWA>CgyN+n~9dje`+qw&R(WY*}TC!h!>!XKV;`UV((bZ-cT z{BbkeYaB~n$R9n7PodN>%|dpjNHnOa()cFXFFO6K`RIhwHxD3;O{27lTis4epv^D( zf}S%Vn<&EMggXEKhs%@yZ+9*KLv7^$1$IxOPtN|>m9OIm5vYo;EEFJmFop!-3E`~x zC=RO*6v@{Pw}&Swt46I#pAdo%Mc)mbJEv3cj`*l~!`im0>IPgF>Ixl)@N$^m*t#H^ zivRBv*pt}rbuF`3`S&Wq3jNubDS;ed_8GJP>_a%FRt& zz3xQUVOYq&?CQ<3+fI^v+;zxwFiQlEF8nIr`>_h;-AyI2kgML1iixIz+OD{TJbQ9D==_DC9#KSh>B_@ zCmej#-koVKYc~yNd}gco7V>RZDk{Q%CmhF$|CMho{xSY|ef;GeFyja*O2i2*R~WT- zUMy-+#jfW1E5-JjR;h#i;4z-_XnQ!Eqk3|guT$Pmo;aJX9t}cD&T+0 zl=Fahp`C`hBeBIzdgQg@gJI`G1t=aw!iz3O?IBSKHkYv*?{f@P=aFZ-Vs-F7rxMk` z5uE=N!F2pd!aO{kdKHg$=OOL@&`-Izt)ZnA)G&>r(P?b4-1D%5+@v|l-&pi-)$_ui5%ON zr(5B4Zoo$f=e7Y~IA@xL6PKeepJRBuSw5(Ncx{z0oI&SAKr+YawNwM~osD)h2(g@^ zM_wz=g~dVzh!cxbxNgLPFGd!RBFA>+=^&Q-MNQqlixeS>CkUWZ_ax24^V>6cw!6v) zpMxwu)*sZn1=N^MUZ}%m-xYheu;Dg$ctBt18YsT>SX}8AXuQ(cgHFG-VegiCBJ8`= z3G(I~sO$75_lM%YH%}V$otCHknF{~q_5l$MLgQV5*{bIA?#vYB{3zud3=$I4A&92w z9NTkbfx>}k5CH)!__{WB9B@>!^@1mpk0y|b8@lun-0FlbiBd@%<1@sAZ&;QW=;}Ko z0opF?MquQtm^5j7kk-5VC|BZz^KL!5rBv1lK3#*Paz z7AfH)6?AHV!*clW@D>Mt$zrO5PvYC&GdDRI73 zBaSgzPjV>!9Mqur1xkK_k}py6OO*UFCI66;e?-ZzQSwhId7YBqpyUlozD&tiDEUoF zehZ0e4{azn3u>jRH7@PJRv3!&af(HI?|R8tZMSEfs;#_**flI!fcXYCouG_9 zMHw9{wiv}?Z8hKnj<6=n#+vy2Ou!E~*MjEi%~H4Z1+con8!}Ka#0t`=YFQ4&4~AkL z#iG5y`{_x^eG)V11>K!2m!b#e@nnmqa<&cd`9uh!U$kb!_VylO_hH|L2(~guUtu>9 zOtxUd49nROWuQt?W{x!7dsw(N(4y_O4`GoA?WdA+w=!9@4~R1~@dKS6!borx7KS}y zMrk5~_k3AH6d!FlfGtCwS4!BMz;j9VAf^y1wQ6ILqcj)oVQ0`6HiOKDDFhBiu~ET~ z{mwfv@L9e=#^e61nI-%>2&Ku9$?fLgX_!nsv>IjbiXd_W^h37%)Mf05>r(OVMnNOSjk~ z8ut1SKL_kl^`;KucsZhfcA%iH*4FX5L+-8zxB~zG7)0L(yibn@ARC>tCH{$)_ z3r!E(N2vTzHA{21Uuf6|OIR&lLnI{FE?@_pTi{#lTQSFu$qnpngBWLc8-zQP5C$FB zPHgA}s4AS{&4xB;AA)~3a{ej%79HAkuu$8mAm-H7K#y;T*neK_37C5UPOi;67m)j-ed@9_-uW z%)8<8LHADQ8}YQ=&@uAvc#pd}72=@`3y}DJI8g5=G<1|K42n};haQ#?+*xg0Ida-Q zR8cEAZ+e#S9H29_{4GbeVc#hNo^aaARJQRQ`ZBLFXxO*Yom>FiiRCA7TQE4<(@3qz zr^cp0=^?DAZpxm{_}P1Frm5y8jg9`wRRij*tip(}1yAGBkbN9#xsmg%(*uxmwpDrs zO^$8Eir>u9ifGJJX}l$pL7IQSLQrhgnLe{X)UEuRXVa`4X4Vv^y0njDVg==a>>YCh z%S<7K)YdAfqG(epuCrV>fC>(0^zxeF`-P+ADX{xe(|x>C4PK@=#z>nr-Dp5|&FnD$xi)tY@Ybg#3g6*hI^ zeVDY1q1}kI7wzyKIoej_hAi4ATTjzkhtJli=xhEv0$=@ksZpdU90g9v`P>Um(3mPV z<}!F?1Ah_+Cuw*{v4_RU3Jj%4gA(+l&L0ZF3F-?gH4gElZM;5!HY>f=IX#v+PAd-q#vCrXAn3FV(fz>)KcA+Slvax9ZyW>e>(L ztPXWng*vN2omHUD;;*yl>n!#MXW8i>%J#sqGyNd|?qV_o$)vv&)-hfg44vgv> zFskopf2zI37Nz}#V@?N1KiQn_q9Zn^`{{_yX_AiEoSvj3Hm56e#OCxO9kDsB(-E6f zm5$h)K1@e!PM@G7HYW;8bj;}sbj0TLkLifb=__=^=JYi>VsrW?9kDt65goBPeV>ll zoc54@vN?^?5u4L}bj0TL5FN2OJxoVzPV;oc=CnjdY)&~kVsk3d5u4LC9kDrmjE>lx zK1D}tPCr9OY)-#OM{G{7(-E7~SLuk&>FadF=JYK(VsrW)9kDt6fR5OlhR7P&oNlKh zHm4JG#O9QxBQ_^m8s(T14W~Hf^kF(;bNW0TkvVaft7abzR@>}(59ZOCq0Too6`V8F zKoj>l6;|+!b06A2sOC3Tjgr?A;9GBNI_cd#9LjN6ypiH7Q}7xeZ7iW3gb@R@sNBuioELhn$lz&O7I(;r zdlIL;-i|il49Y(LX2w&G{;gojK!BlhRKvj=<^BJuIoVZp7z z+JpUP$-%y!7TCLb0Q+Pcur0fNwTJwB$svC|Ey#EG0QsR-$h^B(dvt%C9NqWQLU&IO z=-O$o=+a;Vt@dE|?@R24hHz_FZYa)F@7*D=*qfz2*i*^Do=6Mq@tpxndug=?`$TfE zkER9oz8wSGL5<&?9PIOHfqmPKft_wISt~i%N?Ks09Rqu=J=mX24))_|fqnZ9fyLHS z?ZN(haF|{7Tl9N2)Bci`VYzBej_co zv=Mx_&HjfINVkL4{*UBP-%1PWsUDyvXhYEkR_)dJ@KEA5)B)U@N*n6_9>6BCTHeK} zJ=_P9!@WN(xTkx7n@qMHY<4y|*eBBhduGSLPPUiqOUc2$m=@Rvb`0!Pd$3!{!B*1( z`(O`XlUZ%Y?!aG94)+sj!F{L)xXG-xLksyIBnSJ2w7{P20c^wo1#j5VUUUCta&%uw z3!U5px(8a@5!f)PJ+|LZj_sRiVaue2t=b;j|4NSS`)OgzriD#ykL}js#BHD>xHXkF z&{$g7ZnVcHC&%_+TG+L2ZZNZ z5hBdW+Y5v?>u3-3{mFseObh5EJpg^M6)5f3(H`8VlY@ITEpQil0GDY6hcGSPsG~i= z*OCMLQd$7t*#p3{tpNGs?H&42znvW3Z>0tA(H`JUMZgmwQM`didnx|s z05hsnfoXe9cEV!)T{_ys{qy8-|12%IkM{sK!nZm*4){B4v`njH0NTBx7u0rhk%>ZV;Q+T;9Sa-1)xg>$wCoD;1$oxLiYJt^9Q{7iC?e42lH9NL3>GdZ|F zObgu8J%Eb{ZF6^ZXpe9A{=^M||C1KJXL`UF(GTGnT5R^v9^gI60p5vQQ)%fe^Z@X3 zs|TeG9XfB%&>sGDa`+Qz!GG3=uiE>)U{+povfo|li6t)Uv`mTC@>yB69N6~Y%p(4) XVx=mUZxm?pmb3bHk=7|=Q|bQ;Z}{=> literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/.doctrees/pid-eaa-data-model.doctree b/ia-terms-updates/en/.doctrees/pid-eaa-data-model.doctree new file mode 100644 index 0000000000000000000000000000000000000000..6708b78ff77c391fe36e4ccb030d685d67399e27 GIT binary patch literal 258783 zcmeFa378~Dbtf({8jYrPjwB?65Gqs^2U z-;0RM$f(N9%IxYHBs>G7p3aQOc<;r#;>C*>Z#n+H7u;~;4fLmRXLT!^EA94ZnM|pi z(W?iITQcQzy{MOJ2k$+2{H+I1ADnKStY|yca=nt)4;nY1MLL@+WGZ^;;3>SkgWA_} zg=&xZz=?FZsPxYsZ@ff2%XO_i+0)bW)Y@v-pS|US`1}2T_Ld(w$ewuWAbYZLQ(WJr zQQNfsmIH#Sar2f25NZe6+o~z8(WTXDm0YS`0}2H4v0SDK@ERx51+7}eL;U-ANh|Vy z-IA$q$zM`hdb6UhvoP;Z>5X&cnzAlsF_FMF(Ua@8ag ze!JPAPB)%bdkNWcN&HyN=)j+~> z$SXi<<)eqk}l}08x>tIt+Eb9t+Lru-QFNVoZrc1YT5IF$bd)VnS<;bszlW& zCSY1nw##lJvMaW;z?j#57V0GldE0rY=$X}mUaRSq;I7Rih*^l4^Ze>Iw0HlWC&J%m zMZlKyk2#ROdGLem>eB~VE&E23)LB95+igj`V@vAWNl&zp`i;c!J6ffbD{Ta!jjCYx zV6Fzy*0&1KI$-^Hy;jQwHVU}_v`=v>7l2^Y^b!# zIgruN04+0mrAobudZ1J;;V+4DZaZhFg5|3>f~j8KZl_)vcei40uPsj560c%MJRMp? z5^tnX2-LEAK;PAhTLrz!h^Il{W{7yTY_2LvM;bQ(BN8a;TB#POl>;e8v7kXQy-P6i zsYdK*KYU;k>OI~F1!HT=Wp`T$b+U1DO{;9^(sDz?j)G>Zv(sb2iSaQq9ks3M`QG00 zmR`zbdP;h&x4NanWbp^VbsfwDW+|6~;nh&EZ?K2!e=^X9;%l5J=Q7k15DB|sePo&t zm{g|m1`jzX>A8=<*gRmMNJ7}?!e@0D{xrtFcq5F-51LA5S)e*fxIQv}d9|q5G$>Ea zFWwC4M;7!nBSe2sSXDrcdqIFSQ6N~^f)MjTEYvXHKT_E;fspf;eYWvhe>74ZT5d1R?Wuc7O>Jiy$)odkLr*rxY9vJj_ z(2+h_qR*wt;K+z1#m>%7kG289*eGxJs`-5q4Yx6l<~Y=*<0lg z3Wbf0Rnz@k)#|luxdMMrudarAwleEYggRc>2x^*zCguZ){!<2fTpfT6;=II>II1WK zNmvc{L?o@esSuTO@qs34n4%J_3ULbuBNpPA?;jEG35cT;CHj~_jfZ?vqpv6288z^M zw$$hghFz&a-!KhBr-DNtGpO-Wf7A#2j;(V?XD zdytfVcS!*?j!;tQV+J(>zNsbkX`$+nS9ii6QiD9| zNCR81G&t0$2EhlKPQD|be zFu8+)qEMwHN#UO}=yKYTE>2w1q5c?Z(H?eOV$~hydkaNW&C!t$LI4@mc-%KN`a1JL zhI;xu$V?w*-v|-eQG?zekq<%u8PquAn;QL{QlsAkHTv67gWew*HTq3zywZ^xP8y`+ zwcJoo>uS!_4;BrguIJ1a7I|r2(RHXntZTZnj&yO-ARVq^hOh!*Tb*Vk)szVfP25*8 z^o=9r61j>AI#OeuJdg3|v5^HSBznCPEaRtfj>mfAOYz>< zA^`kq{H0ygSM-g{&h%Vb?TLiKSWFHK^@PGbq0mqt{Tz=?Hj(DIj(xAHMPkecQbe9K z9FD62j-gC?90@Z|gqc~i#1ARhT&rL^S+Dfu^xAq)xw6rVt(snnqW5Mh+IlTW&x84L zRS)K|YZKhjQ$ek;K@r1jvD!q0WBDCxq)_}S2{3ICp!0zZbbB4qjd672k_$YKTBe|= z#J5)7#D0b<3c#&qnQif_M0MOZs5r7D4GL<7NyBZ8D-04cR7FVAeN z4p+?~1Ef~3AO}R*4g;%N^_2KkqB+$ensQtN**-^PHA0r@>fp%ygq+h2XqS4b2YbT3 zdOeuQ;df~3T!wGG1b4IocJq6+3Nm|Yh{FTPATkev=3ZNHy@KSIopNQf3Hg&uO$W8g zx@D%7hmsKU1|g0R8iOSLR+3~t*|anGdLqj#_B^M@`jey6k}gh>jQ-%ZUdgTJv{XS4 zrjZ~(gd&Pnt91=~k8F1|+-J8t+Qq-wzn#umNTNQKG`VEZWVtVh3jk4D^Sr=qrrC z^!~#1?B#6_>teWdB}_TI)WSNG0c?G5M+j#-gm13q%3Iskm9TswQEj{SZ8xZa<2gqh zna9GJJ(wJo)9c7*77tCZ7~|jIcDgsz-`m98CpmNDrFCAd4{eY=?9c|X!&YQl_<4b( z`!Z!M3ceiQO(QMNU@Al3_pF!eB|rkk?X~hyP)BpEw4t-4klyV`PpGF^r0=qJp!OEz z?cPZmnBl?0fniYKyp;k9OTUV+pBb5tN{m~zD)U6ayLqir3?ea8E7-B{P4wD=nen^C zCTtMZ`w#{OuX4m-nlPB37!3^f_YX@f9GRwhS;3h$vsK<|;?-L!>**kU)PfT|V*}xt z#OqZCUWXaf!0-u23?qc$>_{R$Wl=knwD2N&Wa z@x(%KWMN@^K0ZAg^T63$6K8Z}`KHT3p^RZ`>s6wuUSUSJHxy}B%Jz&m^frCw{LREy>wGvy+fj08!E1w*buNkxx^`t6k1U7Qw%vI|+`k9O}Q{`i_x zo}lfx29B?@;;886*E0O3$1GOZfiWqD#GH+E8E&P6i*XZeR9Pm~_+6qf;EV#}e}`cV zOh&Ajw9FP?PmmT1MiZCf!TIrp%fa~aWlPYY6+44+MdXs@keiCtRdoxlqaLj7ZRyN| zw423y`7BZ|)`PXSpziculEPePcL0+?mkU<9C^Nh*Id~)~u#l~7LrK2{gO%E717Bbp z1RZrGXqgClQQr%UNE%p3sBh~9OlYMC3-t=bfi3R0D!FYfy~h^s*y=~+}YIHLOXgDuyn>NNv#!=T1O9|L9{VPqD>Of#`Nu6S`UoUxe{B7 zZ9)7Pz05Rv<_l+7KXweF$?3R_zY6kqa#Kq@4;arS8BG0yp2kFZ7}mgW+!4dK5r&-j zV2(qg*PBUeTU-1q6r2aSdiigd+Vfmuh}*MTHG3XWBhZT|gvCLopjVoRbJFZ-;SuGb zBumwXJKB?_LvRhEPB;=(C!$7Y$1I^C`_x;?4i<^Pkx-;R7#irM(_A>2RL6eBYLl0@ zieOqPm)2IXN79-Jd{eQUvBrpu-zBxo4UVe;j6s!2N2)Llba^ahIXK`Ekip(d3RMt3 ztkxbj{G+I3Z z)j8^yF=Dxtaq!7*VaY>~0t+_QXA&KAFQ>EN4a{d;F<+snS-3ns);l^q9-L*tzTl|v zF&A+71!3Ma58_F>PP&b*{^dXOQ>PI~4=bF@!6 zy){m6(LW!*c!I%u66ct;jf%FFwScwM zi}TrWoMXF;vwS$EHqAC53`XUEo(ANP2XLT`HYISrEw#r^zTs)$a;3bDC|f0sY`9hk6mXooCqSPs;%Ho;nuZ((%Iju#d=nc&o+bdPic@mr zebbf*1P3GIurTY3(Qu-XnrH#xRRri2{f=-4?JS`+mObn&c~2KXkU&H7CB@-wYDb`F z0z25UVn_D$z%-M_Qh-pS^LiLNfK!jvKp|J9FQ(vN?Fd#qb)9sFAf3t3YhcZG4E+XT zUz3YZT6mi=^sT8vIlZ}hrH%==uykW97#OWr=*)g#LM!G9dx04C6uT@>b5I$^L&zfI z$qTtkEsI8pQVvI7O+nBrcox@ox3oR*505CD;!&y>Q)s}2_+;bORGqdrSBYCJ07S8*--uqer;de1APuue zAl#SVW=-?^_+dcTxZ6a+B(4n(2lN4sgIxy`h4-VKKkmRO==^&aT+Y=7+MsZ|!U{If ze?mgv)Yb(2Cwv2b2LS(AXMmq-;aMBt|Dy!nroD;4fAWpMoj~B1Iz!-LF9N1WL*u3H zT^Io%Dean>c>j@ayzc_uU+{~!Zk}##adB?u+T);cW02gLd=1~0+K)tZ%fo1;mR^QG zP*158+#{>V9TJ#fSUYLng_|->_P!$Q>>^9u2uzm{B|~CD04wxBG_eq;v+SlVg&j4w zLCGRV$7V-^qZel9Q8NH84=?u7V@%FB5CU`F|1ap}Pt)Keyy;^#)ATb$Q;VZ#!I}|_ z9Eze&d!M;#5$;8$T;IqBcCxv2Hh@|SJY6Or^FSg}ZA_n?7rbk@s;+a;XXsyQjoXB5m?z4a!)vwE*Ot21B=!?p?gou9Ql zYdk3VeAGS0%^dixO&loQc5~`0Me@P5z?fh+ z2|xGMTb~QTC2m~fc(1Jnv}!=CH#uL4H%Ne3Tjktz8VY#zD#K$IxX7Pjbi~^0q?t`- z^|DTykQ?gfW{!&Z0?v8l`-#5C8^#Macc^g_tJ0Kzg1S7LKl1{3Pf*$s`t?2rOXC(= zfE2cMQ9t5T<5UaHnxW74p})a*joYjwHK0CeGM)wSX%4vMofp{WIP7z+u;<6{isiPQ zYTVe<45hOXBNC`yJBn)L4YqCK)ukz{Jvla}C7~Qduv5LtmXgqS+y*^Xg^j_E16*~) zje7!3y-fR~70OV2w4wul$FbWLh>EHiSPd4~8dB&{VeD*pU0KR5Py!k)M+cey9_;BO z*?H1BF;8)+!2+RB)`U&O)?$rTyri+uoLQ}AR*`yr=1c%Z!g9q{bu2~+;6!In*eYVM zv1NRt!aFtz94j&-^tTkapKGGc^Ms<3$I@WEYU;3(uz4s+sM<;bL1LAJK)b1KMgq#{ zW`v``lU7Z1tA!&BsXifiM1J9|j12CJnKu*I_vHyrtcXuF9`(jxau7ROdr_3{rGfn^ z$`4VO7Dd@i;rVfF;gU zKxsj9iQpJlTjY;z=!ia&;-Vh#@UY7acN^8AtUj5l0H9%nf`KJf^oP`wI;$f^CAmaA zP1<4;B1G)qk8=$cI1j6Mer=Ra3Y1wCFqaOD7_e6ZPgLt$TjdI(T%@Y1uUV5Cg@w;J zEhOjs1f~;G`WE~!?Ugsi{uJx!iLq%A#@P95NBI^M6_e~mIQ|Qu_9+~{MO|8igV49? zpBMB5TA(|`1pE;`+iuAtG>bU_PXsz(y=I`ZH#Ba;HUx!>S9igdR^=G-%cop}Leb_* ztlXthOf-8u|23j2k2bx?iSZ?D|7b&&(~X-LfQ@6-8g?H};JonAT z`M<*tSI_Ha^v34GLF4Y$t%U>Txn{}~D?iBJa2!=rPoOy^?VzY54coXC|J8T53b}Ny zcJNO2nkwDlpXBt4qHK*jR9R-xgs&2SW-JvYi1Oy#S{*!kSWWp+r1U8V2e0w9QSx_4 zS!y-55G|E!2-u6PegtMkUO%0FF!?K2N*C%Bm>2$&@MoYhp+VVtwkN>$6bxl56remK zP=yt-ID#dNqo>Pzf!sR0NS3pFRO z!C=CwM1J!*VrnkJ&5cdsZ2Be+N)Y8Y(96yKk*O4$NEy~t-9$Qnc!JrW`4)+0Cm%LR z@;2WjLG_{hGo6v-lq8A52G*^?#$C;g3=Q4-!o=o-zOg~gp#1y%V&kj`^Zy7=&i^m` zhqyxB?I2!S^DvaU+d;h?U6JV$6law!m$0KxyZJ)q;AUt>K*wKcOa8#^1QX3O;gr3J9%3DODb*d*C=^l-2t0tbkNi{Pyx>)doTxRMaA2!*~3 z-zGY;96$o4u2lj?I(ML!Lp^7tGN92qD^XhuaM%=wNv_}C_nbssn)6RHPE?nY?ykl! zd*EHMf}xKyS0f=b@evc*lqZgbGrPBjMp1FekzM}~I|-caIBPHunwtvdmKv5qn0X#m z5RNdJa$59nQ@p{j)?{Te!Vfl>i?)Vv9|J@|1V#C$1she#WU&&o%%|X4J18HqL1)Bv;Z#(8 za^%#qMY|}h376CAw}MN+Zin<;rO=wr<~1MJl=OdLlk2|FQT;|#MzYdR@f%;^;5RC? zJUZX+?wi~De)pn{KgSqFee!pqmq*|4cGgt&{q80o#tv!4(_!wA(#mjkY~GkN_DbIf zp%_p8F~0~oiS~r4U3RB_xAqcz_3j$;76rQ^GbaRMsnq zDbQ#o+*?IEOj>~U$035a4l9GW!eh@o_Bf7)p*a$tk>y+k7$lb>G(+*oi}9mFT5@5L zaUr%jZ@~pJ*bd88t+D)Lu{+%IvXp&V<6jpc53>%^+}o8t`fKDh&)|MErA6#D z#*7@z$4tb(r_IdKtzV7fSP(sZ+-g}89M^h+tQnt8a2l=js6u37sq5Xe>b~|rb6)(JYc3S zbWo)uZy*T;EU!$u*Esq`rS4WaY64uNNNICIbbbP%!N#4mPs-}!@lNJRukWx7C3FBr zq?1>)n`lvuJV;KdIJFJr+itbIqVrm~OR_*AjFy+q`P#Rj3%_>n;=QDd?l^(Ty)S<& zeqd7X#1A7eLO|e%=mThb@rfh&Mk^eQAVj%V#7<&Qxoo}2QS2sA7jmcfTDqtz_2ii| zqqMy%_5+ppUH;WX48Fy1oVAh~>9u&(PF_Ut?p0{oZb_*!AWmNA&w1!INbud4?_*8# zL-?UimWt|~XU>eVbRAY@(-z^U=z|>LTP>=zIv87<-*Q{ zELG05O3dke1PxWzI^CAt5d22chb_fFN#ly$ceIhT{u#XR$X?H)sXwX0k?;JEd*~%- z{V~?GEt=!=<8z7W`SGzH9K1BsKdL;lZEbBk{YqZ4YHf{HH0*X;EQYY~5^h^lruj?U zJ|_wFTZ~Yo@`W#LQFD#km0=A>;G_wP{LCM)&$!Fz7tjWjqY>F^>aSdMMu>dE`^yt6w0x0s`nz$@mpp}xcVL_RRR zw-5&Os1eRG*wrb5cd$;CudKH<-@?j{VEYHlG|FUS*KS6Pnh|u^$+;*wzD6YEm8Xbq z;;4k6+o{H#%~NS&LQVW7rJ)8v{#F~Ltk@6?3g5XiwlEGq%DDNkY8|PywrYJHuo`L| zZKPtzGSt$EvYuZ+=zf|gBibb$W)-uzWODH(DT{Cm` z-{FA-Dqd0G_0}WD%Teouh1SX6gE3WG@4R}js+;`7=;)+saAi=ls`(JZO|Gt*Rm~^x z-ci-?&PS_iK7#>0s+yl;u&WH6A7KDrZA~M{)~snTeI~C_6Mvc}244GK8=RVjRFR=; zplLR98Cy;BcYxKfYb_$tq)lSAx!eBmcGN`YuBs-A zv}&T4Gu)gtQ9s^0Y9ikGXf@HOhbaV@^a}1ElI%Zobb!eTy0MEU=*ZSP zgsT}^!F7+#>m3@-Ewu7Nym$06cxP4SS+snG+;dqkf0gsDtgy3E&|65urth&_#USqe2#xd_Y9p*y?R7<`oGWc-v9s5{xtQ)n!Y8r*jDHj)Mg32)69iz@y&b^5i~%qIcYz{xI!K8kscC zO&d2+($2xfW3;F_$@|>gwAq+Hh6l_yY}{$&>r{gqI2%>sds{5QXw{OHgvXYOr#JD> z8aYkb$70#XV~qz;g8?V3R!;stE?c{(+Bxi-in#|XUd&w+;7_uVOKOG z$au5n9I#)f959*c#k4}z+#na3#|Qu*^^4V<>Ip2M(6xvRAkSWO5V`Q;449r_3IBLa z=Ws+pWAQCH7E7KY&4X|RKhnhxEF+SNv|^#3ps39J`lcEVPcDo-Mavqh^YCO0znC$K zZz`Nj$%g=X4yBi*Q2|pymnzr>rJfxpB@Fjt; zefrsVp+P%N6=;9E2Lx2K(?I*%JoNI1cH8u`AD2kmrJwzzca%Tw0eBVV3{d{4hh7TG z&bEw9n6QwVhp(Q63;_Tkl|RxVQHRbuLy*}vR`(|WO7Pb)w2^N8pW=l_zWQSih^a)@ zf#V-|=p~5!KUmYY;xxf6Q)2!SjFE@~cHI=bt2n1P?A(0s|)>8hN zp9rRlQqG#Ijq;X8*I}5|-ea?I%ccbFNYK$>XaJ+8BrAE2B>+z0;`j;{T9)&R^l6mx zZEn4t!?i6{+|5%i?Ga9D?WxEl_GZwEtn$K#^sv z&6{dieR_fzr8(Kw2&-wawgyTdshHQ(VPb|OUQ4gIPCs_}4~}&kR{_}5PfAIJNlE_q zE&fO2gdne>tdA*jwa#jFck;_5k%It&gWBU@hhLeSi z9KD6~_DO^24rVX%l*K}R802uakZ9V0g+y7_uNYG~E8;+8zvPi3{pR8nA#a&71Y zKZ-4~gZVgr5<@V*l1qvbNguR{svY0Rdpvs8!(4Pq_f)U3UuI}1jQO@q1 zek3Lgdo8vm?45wsFkxsT)#tY})ZLK~ChS{1;H!#j2~>K!hhBn8Z(&W_ny?KKyK=B$ zKre@q0EQ`}1bCRUPOR9IS8+f&6FqEIyX>amHds@tr1#6lHV3dSS~OI2#gr;QKh+5xn9aJ-0;i% z_~>jjIvyJvAETZW1wB*EYQf0B;2D`B{y`Bne(ueH%Im2=i4?DV? zG&$0s#Rs5{UPIMTu3m;3AqB|b}=!Jp;mI5l*$gvMd6U*WiYSiLK=88<7_ z@fq;LbX9=*{TRm$9*bklZLIqMo%o7q7Qd=jt5g`D4r9R)fs28SGn6dG zHB;E_h(X3!H|Nu$~hh3u?6%=pIl+j^Rnr`kbse#hm52b&5jc)~W)MHAOlm zwGmZmVcOA`{EkZ5ypqClL2C15r{WMi-42TogW z4P=MS*kwWpG_Y-0SHQ4OYaYI*N}3DY+c;7xOU^rSCvlz{Nme)*5FAr@^-k8qUCWCg z5Ph8a10Q_O&Sxi-c-bK+k&@*nuNvo=;eI~3?g~%U6?N!}o7k+mPp~gt(RhkyF`WyA zWMWhw5^dabde9tcQHt?1%(hKIGu3jxs)G?tGs&{1T7b5g$q7&jR{uVShHhrb2&Oyr zZ5M$6Sk`>03tZAX?*!>12+g?hF4U<8TP2ebMq97;b@wGF9yExzc+ z5Eeg$TVVGAj>J#Ffiqh_tb>gCBkC(BM>&)>FtFPCI9-C8^*QpXaK$Pr$=5Wv z9~>vO{G+kxVfPA|TkivFtq~n|Lj^%qsa@(RYzEP|#Vr>vp&&)Vqc6l}kpl9Wnv{Kc&E}tvzl=Se9n~#hgvs&XgIfxpU>gFfoKN@A(!F{^;e~5vbZ+8*XVuLiX zt}-?r$gzLy5M%crMiS(ZcAy?-f?|Mq3{oT8f94P%dLhpV#uH(aILC=2!gActA7b1X zC(TjGw**EIO}R(Zo7nvc(C{mEe@T7XirouvsNeKzIDqa(P_-3rgig>gkeeQ`1P{E~ zipHacS2Ngyoio1VWcLG{RTMsBHPV*1S=&o=ZameAYjYC4{kt}&s8@??Ly#!S4v4tJ z>5VTQ;xPJB$FJZJHmT!g2yZkJnlQnfj(*tUP3ZNne%Zo(fX$G~~jmCFrS~FbWyr2?D z9YGZoCgNm4yu?h#Xnzu%9YKvwev=-O@xH@jAR~O?bU24GkzFFMHxpZ;E*KjV==o`R|dUTm2yw?nFZJ=6`n3tw`#P((yyPAAh9T&7xX&V~P z$P6+vrPkIE`pcFxI7BISGI`X`MAksZ1f;rG#oe(I>DJMCv@BnT&u3)#@be|7)q8^1 zt~Sw`jZmZ^{}yln$@ppYsN+30pcu}~olTq})xo!TU_uc|cpKw9n5*cKvXz8|2Jjb@ zcnbvL83vZS%e;qqMAJ92rs@pVz7afaGpj!W*z9N36dOb2%vo)EBPscDMoD*?h*|w8 zqX}kJbDY(ql4J=V4eD>E--_w`AqJ{DRxUGLU0eGGsS)d?;ragxENmwFHY;?-4Buh^ zEJ^oUjCAfq5L5ekMlVe5-K|Pfevn#WUr>p2c1fLTfO0ceva;V74*|%|mj zyI-myeH*yx*BEu&38`?C^8oBZ^(?!8sYaT{yabl?(~gI6)Z5gl7dP|HLs}Lkj$V{v zHX654Y4OqE^w@}*w5LW;ZnZQpX8jhUkC=Cgp}gpBpm@9?U%B~+Mi3=Hou1A2s6mu_ z@zlDmuVLN|93D_*;MQ&A_7S3z=aYF8)lbvD&<@{i-8a^V$$ zZd(BmQJ|BcbGc@{XmshFa0)FOiZ(St$3#ugKy+l8LV*>XuC1pU85xwdNY_wK&%ErL z_HBj3h4-RTA9uG{O!&;1vtsv_oGIGt4NQ*5DHaOPjEeB_tzCLal~|4YWX(*kKyIDg zH~=3F;mAa(klRG!Jn9-ESDp_j*T_hXpva?jVa*)KGiQ2s^gM)ErLuKE5f z((TIFc{OfGU>nF~U|I=qM^oI~tcYViK>|Tu9Q3n(P3B3e?nNeAEqQ4&V*xN7Q*smD zz&s?bb~S4H#BMd6CSulToC?oBARkR_;)lHhh2?=<72miPMN|Kgn2$#?n~SFYlZPo2#^~#eaPD?Xo!$3hcK_Z(FA>80Dr;&J!c?q1 zX>`jy+_s_H7v5tcY+p3>el+l?=kGz&b}CUt`v7R)<)N29wA&U<9gs-d6-^!Tj&h#| z;8m302b4n|dMPMNYmt2rN0}|RM3Qk5%Z0!3z&~es(NrN(M^!Wxw;@pBZ(9c2khH#u zRR=e9V9q<4bq@qn$^3qhIpv|3AoD6~+E$=`N8YwLRWE9krHQ)>=uj=8W}LOPv7cn4 z;M(KBiiQKISVk1Yo(&{s&=(%b)q>OUGcrH3 z@yX{MYSI_|7RE_OmO(iHYMC{l&b4Mx(r|7Wlpn-<#|%o|S&f0Pq)0X@*&cO;q`t!v zNj@+o>BkuU?)FBQrXOaot4)tSgOYG*sR1R(cB*kgaAL~@DmfgtSsB%EIlCnD%HF@? z0ez9aV#1*0CDK!WL7xvmy}Zqal+CKypL!W^yo@8l60+D`f1}om{swS_meGb5^wvu{ z{+ywtvYGd#=-;BZ|E1_ZP_LGyC_!Rfiryoy1{%ciU-HZ?yZUx;pI{-vwN--&Zlds@ zn0^Wk-f%C2mOplLK#Z{9E!5%J{HN7}tj&O0?l59xHpPv@=x&o$YxKQ<@{6E@8*r8w zA-6{E0|=x4diK>r-5vn%Fr!z~mE0C9?7*{u6y=leAwqF?_*P3>DS9C^@aP?$Mbmcp zt5o|SsP?#rUP8zoWlh`K@c%3g-AEv-T5$`G&v9cerT#O|UwkAVU1EH6bu2h4D>mOt zN5i>U@HM=5wBWq6s#>K{KAZ(FGyGMv+-ysP1>a<_t4*(w1s7yfYYy?Lb5~ZXTz?IDL$|w^&gE$-5P` zL!g}%{S*h=yA}Nf4rr4VZ3fiQigFnJ@Xd$7H}A)w?W~BxH|_&;ZbffBbB5n%XJ4%9 zOGG4YK~IQwQtSN%UV5~iU-W>tDrMgfYW<0aUV>VG#G1CXo}=qO@woJ{-H+kDn_vLbPU>^+>*DdSy4hustzV3jF{m^sh%wA>7Dq$-PyaU1_wf zuKJ4@;D^;V0ra-lHf~DhH1%pxG6acL$yj6;uDT`VnS<;uS}Lvo9ccYReBPt%a&B}V zpmW)Mp((raxR7lSD@NqvQhZ8CvFst``7)Y$l;=wxXrWT@!=T`_hh9RSCs@dJeLzDoeQ=kNf@4B#>I4psI~%FA{~^%+FWHyff$&Fr-#X#$ z`-r~|>nyw&z5VNiZtB&d69^JdI)Q`iht@v~THlG!d(;V>&)o;;TqoFZtHRIuDWVhC z3${EwgZCbF!-NOyRsQ@D&}`I0FTtO$V@=!YhQ7ACp+mi}&S;|0vC*u3;UKi=*%IsL zE{Z}Q&=BqP0SCjKg;aX~DCnJLUv>w=AH99+gLiZK9nwem0DAk^2Op+hE&6~U@uUwp z$bM-3QP8@9&wJDdoVVQv=v*J%YgjM260r3aewC=jwZdK8vdIq8zWo=p@~9hr#RDZ& zUi~r9@0UFE61@5gtZ7@_a83M%FEP5P`oT^ULr2)^+^?|y?jkDm1P#?rPjGPDSxcq; z$3Xi(WnXp&!XNE@>xtX$@5FDo7rp)KiI-5X7Ck|bc+wLbWIwe2IB0zmpZBOIIG?)@ z(7B$VZ8j9cTCJArm9%}1%mpG8R}r^b+Dh#(h6WzB!|OcYuX5-oK($wU=p{JxJZoyB z9h#2MzRL(E^aNUu&{~em1~k-bM@e~PzYy-o+Q+4wCHq6PBAat<&3eihCooy^dyT4z z$h^*`W45$GzH;?Il5@2N`ZS+xx~mytW3A(GTsq6X;jS>maVr{*X|0FbQNdjNa0uP` zUS*LV2a7z#2Ffc(fNys`0?Z1!r0F08YUl+VPyQOGWSfrR*2+6tC4&qo~|PED<|w~ zA#E}}jp;AP=O@AR-^L(y7esMf?;WhEdd&BIIOh9YWm4sM=uZN88&0^_4t_&--PMem z)PX<4i0w``p}&5LkqyfE&L-iNU!x|?8uf)u63k`W0PR$Z+{>^1>LFk|&Xj=sh8Kvq zPO*oG-pQ|h;Sdmw;!JDD%E}ZDj*lOU@GOMm$Jx}m&$1#M&I34}WhEhei-&R4v#ivM z+bicGE%{cCE{&ot8+WsMW#V`sulr$4uiYz?x?L}7@4cz^_NM^<3H0*l$a47IQSIE3 zMOyuKdX=5NwBPGK3y6gqd(vzv*}TUC8N^cTj0fCRihU9kd(1;G;l#e2HEr+2e!|UT zMAee@dcj)y#p25vN#OEQn}E0;UMmDD+Lnk(v%{bE&MqDE)U|XLh4!$Uj#4w|$j`o# z>meOo?i5$eYBJ9&m`x#>@xUGGl>aoQe3H+j)hTVfjeNsQuDVsw_FCO4=F&B%{qe>u ziJ!ZcVyfV$HCZLxdXb}a$+MUM9O5<8?&*HXLb-A_P|fY@UfnseFP zAsbm+JCdnYoTqQaKsIDYZ4Eh=LHApXN0JcV!3g1wk|6v$8A>4hfJu11((%ZarnJ$A z{1N|CApSep@a~WbgU^ZYY?2%eK27qHhjCPcPrbMrN+C zm;D^z|EveB74zkes$%fnn~EY5{8X58Q@bJ(pR+l1=2}F;IK!HKES7y72ccDpkB$UN zD1Kk!7aMNtc1MiWtTL9GQl>&(I18m0$~#>7LPn0{Tc*T(#rK?k8gpu33p~Hua&O<# zf5MfUZ#>x*z@Ki?nce3D-IrMz{Q%FWTQ>^JjUgu1eU`Vhq^DB{!^J=_%&6zz{u?Mk z2E$m>X?vYMVw45P>2j2yAUalBEBqUs(5U;Y09)?Td-)7+-OKI^C}s)13f?I=!>YJvZ3_-J%DFJ8Mxp~p6e1LtvW$j6yiRMbU&H*Jm za5!(Hki$_x{8GwUzTDcER*BTNxSFeVn-EaDr_JA<=Ckqi*^~5#J?=JrZw0pQdMS6M zuCHPWt<+${3TFT>o;1HqFX)dX9RHpF*W}t*8Qd%BqqHfM(^`R{z>XWLI8e){TRXNH zZX#Ey)&emSnbyAa$!)~g+uB`=>`4i z-eWJ7@#(n@8M?{6MC)#iE>*L^wVU~y)FM^T(wlZI$Q7jq;mDRV|42x?H*(v0iA71# zOPz=A>l{K8MSre7heSfpRSsF#in+p`1B?&+DaZ8i3xyqbGE)|N6VYy#T=kU+d%lH$FMuU@+k2f(a7kS01 z9GNKt7_1b)1)_vcAfB71t^YZ|Z8T#R_sC-2YT7QGpH<;iU0asBR4;G9^~*t-FrK@H zY<3y$f#kFH13x!eYv4J+S{Alq2Kwo)r$t!j`g)GbS@-qzoZ`B5D{H~)>p8=m%Am*f z^_-x|_4S;|9PA%vfZ_SiA=lS)mZ>%8_4<0wLKXhc?zX|B>+3m5G?SCAujiT;&_tu| zBM4PqU(ZQyWB)Q)?)rL;k|0_lHwL-dE3)V6dd}SM`{y?MeK?ZF68aAsOTAgdC3`FN zQc17$(iKR(dOed1?r4RAUJD{#gvu9H`)9lCD(!0Tb~%jjhki`W@88WAH=_(K4{!pz~$tnGVbZF)DAA*Sf%~#cjJ{=X8Pi1l^w|J z4;q&WHD1)y6IiY4=^&M!rpuRtJgrOQ5Z(VY3dGx#sL4;Duyo@dn~nz=1)oOMFL zY0yxu=zq=w@k9&F0b1FIf&Iu1BQEHyXuYkLaS;bTyM>$-rv(SV#@f_b{C<2%AZ%ZS``@8~#{*#B=K%qg zssAg`{(y&G{?Kk)h5P@JNZVE6{zdO7f5rpwD$2hOlz-ksF9l_HMIrL7u6X#WsKPCz z@~EnC<5;ZR!M8n%{67JkV6!gSRO<7;$9s=l_O~9;R7w7Mko?OYdI^&MC2QJNxE^?N zVGMU*kBUomWU$Cg19NF%8iLzi+#Ycio8JI7C(+AehQ3E^*4Cb!g*!lwNEzN_x`v;q z0UquNoi*=3ALt1`6?lTuw$AtV;s&5nF4I%eYrS+Xp(-8(an}WP$Ipr$46lY*G3M8Z z61u0A@*(+G01d$vk9r$ka17PneT+IEZ+PwKMlMkR(et;m&o=rGLk99yjr-IeVN+=F zjE4?MTJG)`R=x2EpO~h32!?|2ooVG19Ke0sW`$9p%-ho)C2ZPh-uSeO4gs2W>Fzde zuHfte3gqO62m|JPfAS*v-W(%$Ri(1>Z=zR#(ZStTDuU@gfY60s;xZg*aeq#?m1`JH zOR|ZrHd`gu6Q`yvZKXQX(7>ZQd&&d;D%E}qR9o@TOHgf*HEoObi<{J$%s?^qnOhT6 zp*`&ZbrqlA20r^oj?Xtlp}iky99p4$FLi$YDzpPOg-5T@j^#2Ig+-T5`A}LfLu*rE z{TM-LQCJ*ecYUI=>hFM6zlY)JNnvr(b045{g$3_RrZm~=tKTNh;`*vfHkIn?zu~<{ zb@iJbuvcmJ-$1ip_s~nIt6yVH+p4R3xw=v^nM_4x|I$=Z|I-7yDh|I39KLb{I5;l8 z$uUp}aJ88RYa}x(+m>e@c+ljTlV(fFG7sXlN0zxCP2IdN!d)fze+Rkm_0UUD>=bL- zmSz5dvrK{|qX&?Gha}~awY0)%c)ugD%kz&1*b;>Ww*5EGOx2hDE5 zT!yta-EKtL-uYa?Uh>co;~`~9&?sDU;(#_?azX@jw7_^Rz=J)uzI0<_V-aC(kA=eP zjbkoXV}h*<3Zf>WmNL}7dX<^0Y2ndDEEi;4ZCPKir<~XA))1EoXp2eaNVqFMRag8E z%v3)^-IGan)D>P-Gw6l`}7SfHf*=;ou6hl2)r%ppbD1F*d8{-Z3p8YQp2_ zdQq#n>)-MC!gOFf7U&BP2l~U2V7MnRK_}k%mKct3$ERb{@!%8F*euFvrMR}Mo{Wpt z={~gAtgSH#pe+ocT)*+KOAh!j;{f%V`!haK17?qUqlFyzqikGvSrliA2}J7-UGu#Z zt&YJTfb+he^>QDe9p`xwcFwjwgx$TVIO)nGug*>FPP$&UiCwy$bT#&gY)`r_eHEp% zj7>VNhQl(cI*tSI{MoaCooo(;AM{eXT-?&CRk$eFOb%?}vUOeuB7r?yw(WP8Y8+?u zb!-K*3)0s{<|hI;W!W#y4z^pf^;8c&g+1t?vHi+@m)f4#rsmtz*r*O_m2?(23#K95 zdJwg;aL3`gjvLFj;Hao>7LM@X!)ox=n8N!aN_aV`Y5;PF+86a&lP3JF|`ZeISrMw^=R zaN1Jk^5(V05s|rFy$TNyKZAY7&z?}2?V^*(C72i;`q(3LS_w72EFv|va22LqO8%F) z#!(8w{^IkSD~zq=TMXV7*phqr6`%|EP`>iw9Lm;k4S&jT4WBP^Vs$rZwiS2tXRfVG z9EsdFxv;lDn*_JR!G4PaOV5~EvvXhn4-vuQz6zq8YIL{PC+>pt>F2GwF=Xa8tG=|z z%^fdca-+WXB0Fji$j?WwrTlcDgI&eu$09NGoUQoCDA`HP z!{7j0skzZ|(GRyK&W=*6bNI(l%7*7-bt_Ldx(HI9XLgXk58jk+xSISOFK$&muum}4 zDdwC-B$&_uoIx4EO?-gy6*imOuRuV&_^k& z@)_LdN(Vc;bJc1$4xt;W37ltF+=Ly5>_(wrY8%^6U8*i+&(+69)0v@Cd2wlCWn_J7 zb9bdWKRG(QROPL68kJ=T51#7_u|IV1ty|ySqKD^{he*t<)d>uK)D$P;>GxG~=POOw zv)wWoay6?}v#VNRgJ7y=wP0jmkk_!FRffpDf5qGgD=Ty z^fY36V11}hj|_y?^>c&6>yiFUcpw};M;?3R++cb*l^PgK4fbjM{e7AAxdCl`aG($5 z>RTTS4V_Dc*TrY`in#`m1hA>Dq9aDi2@5KMG6*POp|M)fxAg*nlg({p*(Zs}RGbEH z%@5)kvO%+DDrnN3&gso$G6UxHepmbn($A*<81FdnGBbwyMNxpG%wJeGnd!}Zxmx7~ zT)O3U4!sBup9=-CEC`2qKTB+gUh}p5Qq!Mqd6@J%7Yh~EgX5Fex!6*+=Xt@!rf%2T z=ysVxzjg#E^yFPo)_hPfPf!@Xp7yEq`CH)|*k;iGxoT{zW&axew2sGyQbn(Bm3ay` zzxXj=6y%}`p5#X$L}Tn_85Z_%olVkK+mN=^FZ(MM6RX*5{4KMY$TIIf58Lv}DhRn# z(%ZBqTH?#zY3p^ZyJ>CL|QL~eRyeJD1#I0w==`1fYAsmXM1HaD}7*q;u^a?{o6Vr^?>bb8RzY7W zEHZH=xfs5{n!$cPWop@fV@R8v^VT+;BZX2sBBA8$WQt{0*Qmx^CsO%kXI@@<7;6H? z&Z|}O3!cQJ!%w(Sj!tgY7Q>ZPZnIR|IXAJtyLv&t)W4h>DP<~yBU9DP#+Fu_7|m^P zrVDhB$71EaaDIJ%V(Z*;WNa}sA6%b~>We%2(D0NDdI68b;pGjV+MAIWim*q-2SPd>NRQmPZ@#Wf; zvGHngzAyxhl3Xud*v;);4oCF<>fV)@IZ8FWba7xkvK8$MY7=p-zLYI)XNI@-=HfGh z6VXIA9h_NOpQ`L;FBw(Ay7!ZrjcmF&T8JhW3yF=%>g3kK=IG_k@u`*m`fzzMA6_U- zUnq>G!)0=!SWPrvKC}<7*q66`-G^pDb1<@4L|khh8dB7}7-420U0Rnw<##sCUm$Fo zHL7#hJw7U!9FNkKZF+Q>t!8+w5Im*h&fW3Rk@5NP@XB_*Z+2>;Ki|LDzrDVYEKf~e z4o_do6~+qHq3uz9QZJ_E_t*d{yZPMWVrnHiH#wDDyqKKp&!!fpQ6Mn6Uf0v3iSsIuY;JT`~t||)Gm)l3S-2SFi6{g?xUeA70>gxDSN3opwTh(z=mNUWT z*dmJ_qV8w9P)1xv4-}AgXD(%ob&StmCOLnk4LMsEFn{L)``u^Gu#>yEjC5@cz6i?p zGXPJkXH!p_%?$9Hj~D*D2e8EX)Sp39c0TpSfZRl)hs{^joDd)xV;%#5vd8BsVoLe>#WSI@AXR%_~>%Zk;(HQun(VAWalUcBJ+OR4j!F1)*2_JIMwHY4 zBAP0D15`PE-!gNJOJk;_p6^;)Til!8n-A@d#l~j#7s3;fl|-yKA6ePc69WtJe4%eT zx3e)_EMzmISWAzMM`p*cni(6x-wPSLNxKT)r|G}V3biEt?GLqz(d&)`DUA6~Ea4>~B1^w${Zomm0z@ays^4uxRajO3V`H{n>7$nvtPgmf83NXyVEu1QLWA}4q&DA$rtVht%~tzF z256>`LaZT{7%oL4nRtA&Ff%)zTuGH;{d39T3(TsPl67rqBD|6urU-R)dUU2=pUU<_ zkFKrJKlITsdvIw9|DM{YS)Z|gQ=6%c+|r!gJU5;bAi3D?Pq7JBQ=Xaa?u2xPtiyI6 z{xgyZe}Td1&LcuS5IWq=?~?uPaEu&sb|FbURu*W_77~u%@{5NbjrK1PrcW~L-3cXp zkoLlqlIEW5xn8Iz2WB_=HWp&j)91#QOV!GO6*l?djmDXjgqycYo%q zY>rfUc%={g4c33mBgG_l{G)g7ARt?~+yQdWvtdH+v4@2G#7o;}O$qtrko)25e+6HE zxih|Y9?s4CBJ1SjeLZ0HzGMc%JD4@7$4u6&MgjD^hTG|$!a9f)ZGPJY<9t>BMXb=zRY;2wj57xB?}j(mW#vj z*wTD0Q&{0HSTVDeDJJVnk%4S#F_F78I+BYoPT)3BxM14iIVacZst)DiGQE|}h-xBu zxT6D94ed+ejzfP&a?QIKjP7$P1e(xkF(!66HqQoF`er^oa@-I39oLV}xQV#+X$G!4 zX2Qp5&#kXhy^X=?{7@|#)CO|N%af_{!a%LKon$_aRGQ@R@GL_I59YNUe$(AQ`7|T2 z%6tRlpZJE|;JC2wzH+*M+52=8;Qo};37YOtbvE73?B!zmxmvUsCnfUoVyo@9B$*!C z`2U3mA`0XGMMez>o;CJD51Wnuooj0fXvSpUYI!QB@t-_EAhd;qz+(P61kSW>HUF&e ztcAk<&A*TA9b5B%@53I<|9xoGOj?+K|6`N+_t8sE%|i?VcXcPGhJf`aVYiZm-OakW zk02E4ooMQA{+F7~|4ab~D79oHG>}*vxRjW>Fq@c6&aNyDOs`C4=lQX=lEe?Pkj<}gzoeyyJ3GqaZobWrcAH8uKaqJKS*c~^|96O?#Ykm6M%3^VNu5|J8 zR_wAK(@RsC>>L?=i{_+X`FR2dAE3#v@c&VFC!oqmtTNyr3sU%o-e9{3;uStS%PD`O z_bDgP{VAzCY0Ar;O}R6Rxw!#MJz9*E;sz)o0C}S1&|biYJB%s%O1e4#Mp_!b|4kMB(ARv+LLO{|5y{(S%+xwUo{B>$VhxorsGw`~Xu zAHe_Et#oO=ycC(wW+r(EAR6D~yD-tw&`xwAv>P3ru}^lm1_Qcy z1OLcoM^(n$8|VOSLsZEdIP_;E2mN0Lqx<{{;U;uiya78L?^;{4nHezoZPv#UhC2hK zpnSmKN0;17T>Lc#y88&iFKExj{m#dUnXh3RMatkb{ z2_1Zcv7`8~yMGX5q*ht-JoyKQ!@^+3!NYw(vcQ0M79bS-DYE;C1s-SJ4$T72Ea&DY zFcoSsWQw1lgbOTZOAqZREPEiLa1;`Z8cmJ@J#2Oq5H3(aGiLl&%Tqaxn;sw#+C)NN zaTPcO&a`fI6&~o=Rq$~>$ktVOCva}-Dtx;QY2hmPADdhSAHC$%e2@33Az=MU*n>0+ z-^#jqlCZacf236h7-H8rJW5_eP6NmncjyTd6_+k#!KBBN;p5~7fwGq=_Mo$pJ3>@Q$n~L?WJK!^$bR4 zc7vhef#l`NR=kFcrReOH`B~<2ShRAt$hmMRQ$RjQmt96^;;M}0?w0%&n+}z=gXETY z#?;{B$36Fv%;Di8t68_+)B*hWHkX$lW zRp;^CTq9;OoLnPus=k(%?jHfxFfiCR~3Y~qqWxq`L&x&DQGVJo$t z>5nJE%hAp7j6OLrHJd<8e=>P7S(@03FUI&*exb0pycgcTl+47_`T0VZj&#e+)WrDw zQmmFJ?)0VmE^H@@E48^&c1xca!N(J!bYEdNzR4H;>HUf2h5ckPTDlO6?uE1Sh52k( zCYdd#mR2@rmo5w>lJggVbu77<&0k7vEw5~5_w>nZRNG_V4&peg~n7NEiN5NaqF$z`vHB+$~%x4)3k-k++tYXbMMmWBHAJel}xd zhf*0Et~7kfF110AJUcsVych*4+t;!HFh&X#AVlH+rc*k&v;u$>HN zCl@y-iVKsq{>4&kVLpVK3sX@x&0Xm}L`tTT`@~pap#99`L@2WqTVGy^?XN7>W!s zx_FmQ7n7UValx~R>QW?|O-Hip%Zt0EF2OZ%L6O<>Cnp9csLp#hwQ}ic-J2*MhBLQC@fK&jzlBlq1ae#b9sLw+_k*8 z9EruzXbd08FYm&uZut_z|(G+hiAGLzYD zs(XPc2EK`$ATY#zp3Ok>1Q5S0M+S=YybIHMB@-cN=wr2zzQ8^-F~=D$pDrykNE4%c z_NcSY2TRO_CMFX3@qwfQ8lIld&tHj6KoW{8@nms$dLcQoyO7x3N{!D~)BBmo zTqHTQvKY?uoajyV;l)z+ik8eQbuAaRVu?g%8Ul4GSr`v#lQZ#!#ll`Xyi&|8Ci8Ql zL?kmdeZQw*`{is`WqL0;9oigOIak{68@rTEEM2&O z(k1yE%5X(4?@cE{yH_riCTr=%N+voSyF9)cys)0o`=)|R6Iyn8Hab1f-*q{$omts= zrjs*4&vbQ?m2BkxcF{lDC;t+p&gnc|Z8D&Eb`8Gawu{>3zKtsO=jbCYfy6HNIIK0I zM_;mELv(pqrn$TB&j{;&-JV{zr`PT2b$fcJY86mg88?YgD=(#k z|I|xa;D=7nJw84%;xrP)^AS#L)5@gabQ=m1nM85m2{ctA-_h|Ko2vs)HdpY#Jrbz@ zTPaiF)PQCWG}Q$bNaacaDh6y`;C5u+GZ9|&fUp`PnIyh2kZ&&c`-cwYeo_6mjuLa0 zDx$1%)bqd6Z!2QFJZdIa)l#`auC|xfDjAM!OKD%!kqf2LnZcpq;ZW#Y=-j~idMd1i z*ZT&-L%8BY@9P_g44+%i3=a*a`t-qpfz*1cZ@pjFv~V~R9tw-kJ|{~1;?|LR5#2g3V3HEq<1Z8|tK(49|o z4_k&=Y_`RbD%Y|BUR;&kqGZ$yGqyLrL8F_~yVGWRTXQrnH4)RgKhpT3|C+_&$e=c; zof{Zj9~z4E4-AI-&-Jfs!R@g0Ie zLVj;`e};9PAy?+YNeBKB`|Y4J^2#*_ypt}7qAdg|AekJDX8*R1;bb>$;&cKW7NKBjl~ z0ngrD`Uq+$+j)1!qNs!0C!%vr?wzv6>uHX`x>ixBriTv~^V#cLV>( z3Mqfq16<-v!Ox>9&yBPcQl^K^XA0a4DgTCt5k(5I9MN)yfR89Q9@^IMjV7BY>HoN) z4_Ddt48h+3=eB1E{?>++I78rnY&t{WqnAuY{kr$5Az=NTAy}eW_-oe9Q`YofpsBKx z^37dJ`BZnSAo1Eloz{m2J5X(*Lw`o{#{&#T_t_JoOX&FHk7eSI+gUgF5kyvfd;WO- z)KVU@nfz;COZm0lr) zDU9kWqXH@2CU1AFZ& zEEngum-~`6%0Nenzi?`C208T8Rd!$xiP6eoJ*Qef*KS;wqj{fZbETeN5_NytmYH@W zf+4-E?$2RABl+o<8I10;EkvErX*uO&hvWTgYtHio&cDazt%T@z{X*nN&#V!Le~KaE zj zLwpQQeN_ikk!!ej4hnm(9O+YD%Z))P-+IrjF&@u7!N(t{?MTC zFdjhDmSsCVZ1ynxlnw6nFuqVWa(s(l!N+$dbgN&n-mzcdV_V7Aueb!9+xitT8^Xe` z@IN;B6+U`N@k)4~8Uogzcx7o8W>_~*T6Ypn-TjKITFY0x3+Jj1<>Eb5*^HAN6a94L?Y6w_=61GLNa1-n1K7vrFH=?P# z`MhU@*GRs^A+!r^NxV!_iyW z;7PwD`_UU$h+`jT0K4PnnPZ=iWrKA_VwC~Ek!6F6-lv>E_ot+4H04@nQ|`=SZf*cm zk4|oY5(1E=BMjyu~NUgHu`R73W;K#hP z0HNSdqrHh(;6c{y&@AB0a&8U-)1^)hgAzBe9BMtZ$8gaD5rxMv$*9rfG0?+ij{$K5 z1vF!;=vK>9sZE~p0D;gZ5(10Qz#(v^b*s?>1Q z3sa#AV|uc%hwFw=-%ZpH&QI^KbcASr4#kJZ>95nRgV$t8mngzV*bJ$i6qH=_F$Sai918&_bXwd6I~?!Ebpv*@16IF7eIeoatY0|%=#;k-H~#-uGzlmmd9@e6uUUI+i?8R_U^ZE8*W5XF4GqF zpocbYg94f{<@VPO-0uMbp;aUV7Po;z;7sdQx8Ykmb{l-06t;C6`hjy>w_(tRv~U~z zk4^$QL!Qa4IP_;Em!%nu?mQqA0HM?3 zR@mWqHLe|~`-RhwPI?zf!y-e^of5+BXfF*()$O>P?(3V0MlPkZ>BMSbYGY%2wZ6`7 zK(y#;57!Q`$yXz8O_vTF(MW6{Vr`iTX|X%+Ws{*YHoJ7d^XLW_DowXkINV}ExI<%|wJ08d? zT&3SIC*8ub^sw1gdKvCsbqCg9(}!H!N!I+52PlO$l~7vTDGsIc47Ivb@9x;0@=+4S z)}6ZHF%Rz43(%;U{BWoIk4^5Bk6vA3NsZQo0(1Yq2hRPYjSY{g=`kj?aVI429_7M_(c&#ToO=2heex~JvY%}uVlSvXZxPmOZlQ zBpo1Wurp4Q9QrGgS2n!!3L(?N&2|``#D$1_8Vp#Ev)|>Ydwxgt!=djZ4tA5*=lCAx+K4V{xriSntv|Clb;9`Qj|@vX3R^ zlUjIXG&;VrpPHPAFBE1j%q>Ry7viyMJU_lWU&Ng|Fu2o&mHCB*a6GygPDB&6{;rkM z_+Dy1dvSKLupR5m#^TA1y?CO~znn-9#N&mzmBiL!dTA!M92#dA;w&!B2cwZpELvL0&nLH{E6Ku)mS5goh)nGBJ8Yu6 zi{n*XC^WMZk4J0EiIv3iQgT_F3`bVR3OikTaw4&iUzv<2lVx04b#ZZWWjbBTmgAFE z2EItiTSbR$Xs8lIJ~s@|F`!h z0B&8?-FOynGj^QBiJhGYXYqJqjrFw4aYANI#*S^gBzByJnWv{GOR{D((PDc-!}d`+ zq3R!K20|cZrxXgLP_{x!pnPmC+s95@*0w+?OAEAxvi*POy!$rk>FG)%n|xo#kULNB z-R*boIp>~x?lyi@-GBJ#q#DVonzHM*{r45`(u@m)#GO%e-4!kvf-%;Q`7lLOQaRii zgKL})%%#IoN z;_w~t?%grJ?@(^$=-BZHE{?(_Q+FwQ5AT|}tFU(l+?l)U(D*4_G!@w+Zm7Z?T60Hd ziUp#HO^4Y7^SERS+nA5e<0iLaCY+kb#bb26QxW%K!d*~sB;I;wxc}(k zlT0Y}*5a&cNGC3l;ybbmN9kIp+ba3=;X84$QtG(DGkfQb(j`hn%VO$2Ty~o4Z>Bbj zc_BSR_dwAdQF9Tl4KhNoDsBO$<-onH-(fv|Kc@H2Z$*rZ;_ z9L()jw9!Ix{!ps_U??2cP8^)eoT}X!jh+f>Q%7bF%|^!3scNXOYu8h&_v-0kx-`P) z+>`!d#36naxA=`@=)R-&o80?bZ14uX8#lPOzQdyb$bo96&7QBecS7~YCXe3gzuvq3 zolyO`Ib3)rhHAJJZ}vdxNEkQH-D-4Adk!6sw!agqzwzqc78A$r>06?=!&%(lnLpn9 zK8$|44w$Y0rp&t?K=rdcw-}gOH&-p256k8QUBtI+KG@ynviV?i(97n-viWcbJ=Cs! zxE2@g&*=U;MIXCtJ~Xdh`=4b#SniBBv~g#2bWztMZcm5p6RKZ%Z;Tw(()LbTv^1 z*GL7@rShzGdwLa_&y;Ye&c;>e@X-=DjNjWi#lCNRSE35rp^ zfn+M03Iqf2y=!^UZ6rUdmgfWe(gj_s1`g=B2d09o)M~yo8yFxy+8Wr|UAmj6r;HY% z8KziQHMU*U|I7p|L{^-2*4Ae)-oH4ITUjrkc|fL6#k(Vkz%ziR{Q=3<%6hjM)qHjj z)mO}_Gx}oJdFLLjZwEf&l%U`fgG~%BaWjd*Ba5Ul!e|^Iqo%^d#A~c}N_EXa2DvYx z=DzHn#d^4$)q-3t%smnN2Gh*G!4k7?(DKnU`vx_r5r+znBelu?B7ML}A28C}cOD7$ zrwq2*+PS`}tY>TG{9@tP1TlAA?$x=s?It-DkZ~x*P$SFQT}At2oj>F!^Y0c)))H=L zQCra(JqfA8igE6@xTY>pouAVK6}=j$mIBjyZAh<`OLOXwuHh+@KRJZkD~FV6TdW_87**m@p=87sdpxL@ejiwW?mh?WH*~H%JU-Sr@29vTp)* z6gE2OJH$h;RP&mn#8zCFuNsn836yHpqG<_LbFhr^Gjm2CZfG8eS{419VeSp`HFnZ%U~#p9r4z3Hm>*X^ zhzlFE5*j|wbId36xJ9o)c^YQ1ZRiP0dRD0TPC2iv-&@PWz~kh`jeex?ZLT)vw8>t> zG)Av0XE$2$G&4n2o++p*%oNvdLyy;%JQgn)5IW(7zj5<|!#=uvXecmMRntX1I0G#g zY;2F5X#h1^5QPa066+g1lafUS`(*2$OU^-OU=Ae2XcFUzm8)%u%&nq*8HN6)R|AFf zo8Gmq&1HzY`(m;L*W(GLzKn_6c^*4^kcUS-f=yTo;igvug+$Xk_sVbFR5EOK6|D6K z2U%wop5+*v6g~v(L{-SrdUteN4n8cwr($vK2bq-qdd@w7{4DX?`z4aajmCN(M{SG# z{K3I7y`q)#b2LQsg#M4nNkCugh->5iXGCas{DHvzO$h*Q+@B-dUz14I8Se822M?Gw zrYGuiw_2$Cte7_DmG~@)`D{e>v(-pC+?YR4n19_VW`FIa7;Nz#iCniCQH8j_zDa%t zx{|ZCgM%~zX~ktRo8GHMJe%4Hd1^;GruG+z+98Q#g2RFwwVh-gxg1BV3|1@Ea$umU zpQ;A%gx-1U;85UBgA9RE*68@@ie7xJY1LX;hrfq9ag6*jLxIUE%wsihQk~~vTv^qQ z2XLe8>@jruuzv%!Il4p~27ocfvm9=vGQC2sbGnw#!kTSikOmHswaPb!)1AQOKpG{S zB$pjoGB93^yWowoW;3Wax%8-h&bsFf9L~}k%F|DjiYHLd5?VG;&Ci&oaN)!%yW6T? z>_slqe%#PZN}E3pOYlbxMWLY&a_i+TJhBSyv)mTk7M2-A#HpnH6^UC_eUXIcsZ3M< z-mD|xsb6w8OlQ-Zd`)sFG87(ChQjE7jXt>LcMHlX36^j}`4T~?bqd9wSVHR#a;{ye z&Hlkb2v)UL@$98uhKvPCRvFQ3p?E}s0-{@fsRU{_vA#^ida*<@(e8i5QQIla`tJ_(dx7Ad>)EDWeYsCZMSFQ!0(IaT>v91NY_~*ntt4(bd^XVBhY* zz%0$h6ayG~YkH+ZnpX_J-8yHZXMrZ0UF1<4o4}7r5LjrP_b_}Ik5~9$v2&*Ajr)9X z^qmu`S;c<)rJep$5;YUMbgY^^sSWWg$ucVE&-ZR-`3f=1JDCJhNT~WZIHGOK{y5hn?OIP$+F>Ri?2%jY_+Vc^$GmG}` ziDc^}k_mOu$5Gp=i$5Psvw@YKufi*C8Cc|9(@Mo6=D=v)3${uoe=J{xIV;R+b%g3opS7l^k7#t!wG& zD$M(}@NlWQtD(4`d=F1Pt}ybm9bJ2KTlW@*kjMRtg=c~^g*tMs6hg)uD#m!zIJbVt zE$8HxWm(q)E`90L7d-8rQ%@K(2DW3>8l%~M)yrDuZcFKNx&2-4q`HT)hHQGN<+=p- z2rG^XV&~^jhiELRGpgFU$(vmjUnf>ITM31~#+nwmw!sZ*soqW;Trt~auU$JU8BE31WBXn=Mn(ixW7xd|5GAaXSmzCMz6TRLha=my$YWtF<*wL zof(qq)%~)T z&1Kemqi1v4xjxuMot;a-j9U3C6Sn~UD+y4J+tj~D>r8-_J}7yI1S#B5zE4oz)+rQ! zVhPPV!ntZ_rPnzl+l=vL32F!<`|}bMa1-taM7aMW zkxcNwr#Na`CHe|4w*gHV85$Ccr>eBjk2I)QA$3sKu-vg~Ef1y%pGhX3;muHMh>QjA znz3q$CYUHSdpfM;S#YRU;a7o|BR%hvx`hU9_GZ``wE3IeKtGdcAfZ8j%H)Fvef|@O z7}f}jYS)=x!@CSjYk`7!@^tfqS3F>cAzTn;TQvv3a>*MmWP81G~P6NIBq@!A#GHH<{Ib@d>Jb! zA6w)mxq01g3vX=;S!^XDWg@5cOd!u%PDWG>A9 z>OZkqo$ z(fk~VWP;|uVM4Z(uOlaD8CA1sI2hms)`L~`*kB+WRub|eK;SILtyKu^A3%8jePbLB7Hp1L1K~dpevnc9x zRT(w(@6p`)`xm6YH>22gYQH1>-Gh~UesnP~qvbJTYIcm0G{=RHIl z*2z6p2@HBWrv?K9dk*f~imhFN(R~NU1LWRQtQi7yn&h`)9~AYr_6i%}lIpSh>5CGC z7oFE`d$3De(ZEz0o4jdc=lb0)>i3kTQrH@N8<_mX$IWZMCSLnA zQ_6n`*BP&EbS(%>(Td@rsI?fd#a9bP-%xw&*bU=11Y;GFNvcdkWc&%`(lh>1g+I#} zX0(p#<5$2G6~2&if78z4=96+8L~Z0|LF{Vq?DTC9}FfJc_Jb)qRQd&2ha;{!E> zIZexpxqd>M*p;Jo!zc2{h`ii{z;PVPB)iOohJm1G&kT55+T+ZqO`bV7ZA{&<&iUHT z<7NqF7hMSz$DX+>{pf9H-HYlywTtTQHw?;NHnF7}3{0(Mtl7VKwsSGk8QP$EoLg#X z{>5(daQYWT9%t0QxCrd+{EIJ<=c+$qQu=pJ?#^H}HTVl8l8HX8&QaUiPZIvccOWNU z|Kht4LDKK@b_oD(+-nH;qY}wF!`;@u_<0+(mw)k#@|Zs>QF%A!KEnKIiDWL!{^~zHDDpU?=HXuhdpq;+f6Md92bh$d zn1>frga4I8GSPRvm!r1ryClrRZy_gN^YEV#L9);Oh6Dh&mfT3VzbcWeGu&;>!*fCw zYA^F}1wKn+J_}Jhvr{$^=3jM+*WGr5dLnLXS`2> zz(V-n&F~@oS2ZuNc7U-Pj}kP_d0p6q)pS^&-#`RApHFsC$2BGi?QFcNv(`ajvm$*) zML={r?bo}gLZ97amXb2+;4gP>CcT1~^c_rkDJ3Pzq)S&)XDRJ1DL0fW3CgcJh2l>v zVICPu%0H?YI2-0s>!@A>=a+a`U!4t{4{WfPj2w9v*0v2d&s2%ytB>VR=(GNwB`g}l z;a?|9fw@{43)ghqz1klLC@hy^1`CI7@zH)b{K9QRIF^!$S+Hs6dY@@A*@L{YxM87n zViiOG#@Vt4_n5Kw&NF*sn2l*WYf6sS^x1)gfm%V9E5E6>kW zOUKIUTn-1Ep$3?1Gz=tTCQ`*2*_gPytyILhWprHu{VM7>2PBV68nCAC9ycZHAv(PEoMFeZe1*krX%3N;gvg5C zl!{}A$W7+tUsr5tYfz*9t;Md{Rq|v~7eTH^q2wU=5f$R||0u6N!8n}`X4hwHGkTfM zx0x#9RBp$??8bSs1BLq>jZ^;|?41ACR1iy~>-5;d?|?7KaOF!ex`J$r#?x3V-S=7J z)GvF%rM*Mfb9}9HdVlLctQn-DSgiM(8m(t)zIS*|c7aDR)s(qSylubISl>=m(>0`; zjxsI%$vzL!K-9w=)h#H$|3vE2+|2zDs%tX$y=T0dcEdc(jL;+)&W_nM+C4{)uj2In zEhGekiekaQz=3Zeaohl6RHGCAxR&_i#hj&o=`Q|gT|#{gX<^#nuvlNEmeq7#!vj`a zW%H*NbF1pBDzz*<(#0jzk=}u#QG@*wHJBw1wXPv&#y0xg*0rG$_QRe<3Fb_OmBU^v zd2!mh^-mpw`87RlENe9uaKW51_ZXX2mi5702{f-Qpqp8=T107_cZP%6s{IzHFjSN)Scdw>N>P z?)&zJ&S_XZd*oh>W2lAQ`}<5H3TeSO-mwvF&{%|Oi0fokpBcdkn3X|{aWU+r5xIF~ zT#b&t4ba7JxE!lm;Z?fWE{9!Gfq`q{L*eKEdkly8ZmeyA8MS;I^9wu%r|~i;JcP)I zxO3+aj&!^E=B=z$tkW?OUHA{oGkJ|NDS0NZ9-A%keLC0$hhg_tc1>7mjX`-PU(t%C z3LSp#JWZ4K&FOqdXCCLBSGiKAr^0(dywRVq<>%Bf_6dHr&%-{#uR&EG=C*Z@uf3+e zFfMnpi^bbh61*YC)>IU$>8pI(+U7e^H4R zy%;D_MPmxCuc&rkBO#R8AY9 za2N6rVzpXCv(es-kL|e2?BFG;?MAzU&>oUV)*0Gk){RTz425dRFn^8hWYg1ksyGS~ z=c|JSDsUqRN3&&#w(FHZ@N&HQlZ#jO5+*G5h~@&ewJx z&y;8pF{Yy8*hIXr38S5#sFRZ=>PsK0zDS~$f^V!^o)Z{os+P-STIZy{NhZ&|&aagy zUYJI9@n})Y;xVY=ugKiYd?PV)l_~Dum%5nQzXYKwhd9@+7SG@Um@<4^r5R66_i1D- zM1PeL&8EQrkszV4AU-L9+D)vTM6AD&NG6E&QI6VH&$Zqb;o3e?_z|)bxP6Zu`FF&V z)P6sZ0OO{?O+uo$`oY_VZ@-;3!)EeXzDU_f#G~n^@!}v4DDu^SkxHCHGn1dq&(vlxV?KKfH<@BC zT#0jy%w>nrn)jU6irS2PUX&Wq#Q^mU%{WYbazW#e*Uo7p=j1QlLa9-qta?Ko)5p?5 zM#cR#gqx*qCYI{wqWx>>Vk!R;mac;~4i1WqP?H%tAvBwZAtEdh*EN~LsJRf!3!75d z%`hs_3_>$KMS>P?5;`6Mu>2aNF)rKA7c7#kJN?yK(8&q2BQ^=NB3H~%hM$T1Zx42uly$?X7&#aTw>Tend2 zD!K{cER*JE$envVBVC$1x7$3N?p%>akKDP~dPbhw3Z290srB~(w$S>0R!m#v@0Vwl zJxoAX6xEJx-nLk2c zW+dRasj!ErP>@L085Ja)y)UrgdpmnyB#-+KB>=c_?>(ZXKK0=E^Sq;P0n-U?a3+J z3cq2xz?!&TveH(cPboXw*tnk>;+LH^gp@jX7w6iQL$gzP-VWl*%d;ZU6rx`VB5G%o zX$Od)gA&OEXK&%CZRHvLihgP?U!HF*(EE^+Ai`QlT$=^=BZ8zv?~wrDmgs|odzVDA z&TtR67Ct}W$QO&a{~PquPoqfRD?v{o(lbmLi1ZfOT3a$rNjsD2L(~+7PMhM1Cewcm z0P-^ZN~V&(87yS_YBm;K%;l3$cwri2e z7!lLfMx*0y=+Zrf{$j79%pTnLa=x!i5LO8K-!p|E=p#dcC4;bZ0Oi`54meEB_2o{R z>xrfV)+Q{*m$1{%Lu^U@??cqi`t>73&{Y!21plAQQQPW(i)R@MUNDS(08A77rJF5WH(KyP z&JiUZzo*C2zDI(LLfR*p9+37>$5pmuoAT&PwvSR%Omx~59muwSRN(_4y6=H^OeW5c+;TAaMIw);5NRefv$elD|udtrI^{^mO8CS?*)!R&9|xg8S4Gsmh3?+dDwy7*E^=klo&12seAz}jw)ht1a4dAn=N)$bS*fS&jhiC zuN*W^?z_3w?P|>nhV1*1o4?sKeXayeg<1P7CJxNnRYRzw^Tt>Df@O9;T;Vv>Cf*%9 z9(fmj>d2|^Qsge!;aD6 z`%e%FT<{VG+PVX)uR>~E%C}fpw-UMb@vj+NO0-yb9g@~pWu| zuP!d|=aXuAc5$Jwfzn^((av0*A5e9yo%K0lP^%4`S9TfX_g9E+X6L-_Zv&IeF&DG@ zmmpMbf^$71{{7FRD8U#KI`fN&EvY>|D?u4ILG#o&pO#1_2>J<*+E!8szuaX>Mlcyv}a})1fsDA@?ug z%xldo0LW|29AZmqkBkIm+ypIBzG_#wkLf#eOmM}ewPAzJX-(SbM*`M=zbsLxtEoun8e+g$^i~bA% zP%za z&Op1;m`9QHG-=Fxi9xM4aB570{QmmPE#RD2qzz1m#xw-nzl5c0%&S|juBB_sJvGMj zfkE(w+-2raXnNX{4sSwEf(~mP zac$lCW<-$0{ihND+_)=*`}GpZI>Y@$*PWk`psCQEA7kQp=}!7``gG?vkb4KZ^IIN> zI@6tBW1wB>&hI1XY0{llVo<9MoVwE>zrSX4Gdt(?;WjWGy3-JH{}Nof(?6b5|X$im;0_4xHnCN0mi2cLhA&@O(GCb@;(2=}1?Pvsw4>5rl0|Lu_?= znPBZ!pRIKQ;Tzj)KXFRpc0_fbl6b1=l*E4Pltf+?ST^pG2{fD~*y>0&>o| z2EpmkeFw(_batW=7%OQw)_k@)9mwDi-C5%>!|4MPqk&W?77hfB6A<_DQNWyp)}zpo zvpBwrE+EKbZOQ=Uw{=J0V6|M+=-w6-f*3e3S<@?(z|LH?I#=1Tef!CiCx^;eEvVzp z^HO=JR6e#HKj}XzYbaNpDc(Fi#U~{4y$)ER;$Dnm--ci>OKCX1@D?VzdzFc~T||(~ zTovhg?8&@y`ZrX>>f~5$8`qG(vQtMDp5&sHjGutbxscOui!>c1~JKY zkq7tK`4zjWnuGW3tOV^Mj!Cro{l8V#G)ZuKFXcl39)PBL28fqiS?_K3ek0QQ3Yx`U z>~V>?N9#9qAoDy)7&hiC1-rgx>$4Z{$DINz>qDKX52J-Hp|qEwYq*uv4Jnr(o$nen zj=B!g5!O&+K`5yp&WROjEU4iEnV@ywN`*h;U@g*Nj^5^WWNGR~%G5l%RAkDU&(1V3 zK)FIU+WB$}J73XX@nkG6QC=*(fYeIvy4CSWsbZoZ{YFk#anTGnfcsqVHxpOmTyPko z&C#vOzEwhTxGVd+RM|HXwbHFkKeCC$;qq^wdSC&bH5W~r?pYXH(ld8e!#Xdohrq0So<2uLe3_X6sxc8)Dd<=dqKj zzaF(gmAlQuqaHn4s=L-YGQrb%bQeI2USYLZt7@Bmcgyq4VJ4nGd%2tV_o;~w8OdJ! ztRJ7n|8l0y;MGYA57K^4BjY)99CPalejYgq@ZKv`pN#suIaM z!`=2u>W6LAURP4TTpsg75|wvjetb_en&QWW0|{;C45{^QjR&B9Tlq!iP9&TYCuJQK@if(pX=L8cr_#a4s7vt)G;i|!;-PEFBs}G`> zoo#{o10vJ6xd4B?))|>rW7L{dVqp`y_1miI`kUG}zPm;1RMoXe*3JfZRaHu?J|IB= z;g>YTs&%eje#xLm_P%~e(vCQ1^xS=Pr4rrwVT;$WDUyaYgX2hXQ&ok}5HdD& zHQG~^ZGjT9fVpOzHH1afx9z**_A$PAseN*T+ueh&o6t5w@Shk}w3zKF9W&btiP>(H zU^a0Hj@@E~+sM*xK4t9|!>Vo`_DR~+Ee+@c49@L_#6BLcf=qGr9ZMdSAeJzqsc1H$ zua`2Sci8IBsB~*FYPOaiq!uyBe1tmSU=a9YbEk27N}zXG6JTFbAJXO2gh zc>cYLTf;w0P5iJ#GNIvL!cp7y*%I5i-jAGojpPp?f~2kTm;?Yf?w1knzm!PU8Sb`5 z^4DzCUPkgaUrw06B9Y96*q=|mx8oYKqMFu=fk?#c zYy2ZwUG$IyemAH;CQvu@9Mn&YX`e_uBtIXCxy#$wB^`LG=?25zG&t->)pB{>oW?wW zJxyhJ$LRNwp;#yt7}d*kz_*42)i8I-Gd*X#T$%>uwi+n7roVptKaUP3%bxh{w1iLw zG&?s5w#JOqZ>u7H+Qpp5`)$(4%d4i`XNoh$>P(oQ6H3-->U}b66fM+coH3*zyW!X@J zrpe5s)I^TSOwnW)(gn>{H$yKw^N_rPx|tDfet%om)ptr6Dk~*&6>bN^P-&g3m)oK2 zVFxY2?eIAoz)lOpWtx`vSogh)t3sQHoc8Ue*sdMG%~CV!apUCr+e$@D;Re)n5x+}; z+8m!XN=^-ns=oGKz@*`u-5^kA>i?US1Dax}rNIsAJspF-T z71NXH<;8dqjY30#0XWX?8cfn#BG^+#3E3C+z@w3&{^AHjPn^rU-ZV68b+K`atee7ij^CE3qFC^3RdKz$eeBFc^<3Iw{j{t3%xbN3zO{4s znM8Gj-mt2JRg~t6O9_^+%km=Tc`lAIE4$XgMt1uCr?elxHj-{bGZWewdR3_3=25dY zYfP@SQ(oCcRaP+1TfAx%-if|=E$It~d(yR{Vw6N*^jB`)(br%NOgHuoux+SXqs;Rt>e za`JTqzXlN`{dBL80N}>`X2Sh)iDaGOZtDpCfQ{PA5&YNknBOl^c{k>_5a#zuBy(Z* zR~W((T$9LEID&;>H9LX_x>_y)iwLJ39fFDG=?VTZDrQQSh-WL^pW>q=hy9xbKsUAD zO4R;=L^46`?{U<&k`=K}OE|Lp?xV3T zxP|b$kH#7@j>eMBoBKHTkyw`_S3&ZXoQ+NJE4e_oe(G#f*rmw9*JsxH_^a!Yw9`#t zSGOT9JFeVEVLeLiPL$<7+UXH7$n7srZXV*i&T9jiMpT{g&_+IpSV@MINHBIyYDgIh z4@I$*+gQ%s;;Usx>_&asNsSxEpA$)L>lB7Rp@ic3jv+N+kJX!rrgyGI6m@8h6MDIV zy-uE*V+Qp#HHV02Gjd6S2BJ?sE`i%kuD21nauUfztLq%Kt>)P3r#Ynb#UC(gx4yWx zmA-K1=%FQEjJ#TCiHEqDrD%x`a_J0Qv?jI$R2`%vrj_RQ$2Ha}#9W9dDU4B$Jt{8DBn>74==Wek|VjA$EAV1hskHlLZy}t@)e`T(kfUYr@0iXvsyLW zDMP-K=z1=aVdYZ^3(TxdYg+~bgXGWFGlTtjmZm1;+v498L{~mi2E#h+n`5~sGYVEpr0a9d$)YOhd|#bk<175Is>$mFI??>k0)yL zEl~F}YEEy%PRqldlBmBM_Foe0yCssjV7J!CEjLCnQ(Y`k&@8R;wDwbRGDAFD7wYKt zTB<#_)>~S)_d#u}JtVUEnKSy&X{eB|c3W;PwB+lljZAC)aqt4A?DS#p8 zf%JU9I8F~YCT|NIE0=2Y5pU_p0Y1dV5`->NTI|0?f>Lhwf1Kc7+jIC!WB;2whVcP{ zabu@2PB;5sh<-sok=OLydh7AfG-@q+h4WmoZ2?G2&_f8o(F$?uY;#yG7WHaia<)>Xkg92nfLG@FHwiypKnR z6~x&0)I*c|_72}}#o)oT^SvFVk|6#|&MUD9Am? z<79>kYF(&fkk?X`yUqKhb>^3hwzuBgn)IVY=8KW6oh9e$k^B+626_Hb#e!C2!nJi& zuLZ4#JmxKzu%Pw3v?^z=oIe4FA@`6C3rrn-X9b7I8AqB>*Ewxz=xOsvCai|VokP4f zm7HM40@X3LP7bnnZnCP+RIKRavcy=el;wzXrAh@SKaulNyrD~bGFSvC7OaZByoP@h z7kXCoz(57}2^m8^-skK5Mhjm9d&c&S25E8BR-;#UFf827aIjcpM8)tV#g%?^_pjDP)6LCdR`0^5Pj+5v7u7srR`U$Ew`FG; z?b2Gxng?uuL)u}C>FlqBeb&9&<<&RMl+yVk&N>roTE)3&jvWLdM!<|ANQM|P$7}N0 zm2HpL++YbqVEmLiGgs6rW|Mn;vdH&*i8dFu zKwNPRw{BF1FX-kQQn8TUuBvfx60HNb4&J0utzImhbS&E)o(PQOXVvn&aqtpUhBcjW z#>%q@_EHIgxqG9}5Wktk!{o*bSJ{&rM}GI>v(8c@@pvMVh{lyfG!aWgLZNsf5s$|b z;Y1{!if7|`JQ7jDdL)EjQT&c1V)0Bo7S|C!l2p`iJYl?#MH8t+2q}|F5@9T?QiYTq6+ei#*@itG@>dY z1)miq8CGJcP*_PtLdh`x#`v$2*3?ia5(2IRAdH4Xpj()pfj$IUg%fy(xN&?@K@HHH z>7+yyMT>+Ks+mzT;fO?2Q6(CQDpqW?VKl<+7UveDmWm*qt|UU4NH~J(MpF0-T1Dtz z2+?CPReYuI6ocNIU!yUQEEYof_=^Q3&hnKgfVU}IL4y+U%ygiOqPekwK4^1;E>Vyy z5pqz$pidnCQpAfb=^uDl7MB^)hBt?zD2L<%JUI~)pyq6sY)i^lYn8cHj%Y&4sV zXnHK9#FVh2CshzE28KvxVo?Q^&V(}YP!xyUW)wXV3u~GdK^#3B%Yt#jnP@bfP~%xm z$)-}-P+ZqD*+e=7l4UcgjG9p5s;-5zN;a!%3fd$V*Af}XA8HK|3@J!LEvsZetEiI1 zn>beMMAKRvfzLL~p z88jv20kI(qMtLC}$v5lgB`J(+~O>hW+)%Z6g{bXHGgi{Os6)}Q$QOB7RnWn!PR4Y=%cRn1(|9VYXlclG0*Wl5WFw)h zo>0>`HYbu$QqgcEoQx=F{ZuFtRx=yzH5tw%Ltq@dO+qWG(9Fn1%S004Y&scJqDinHq9sGAm=4_u zT-j7Mme$kJh#rf@!2a2AJd=uLfl1A1P^3wnqy)L>@r0fTD~gf^{ZWjTRKn3rIEh{- z6^?^1Q^}AHwV`N^#(1%xu1NJit~L^_F*B1v>!86~A< zb(PKgslUx@qq_bi}?+8AClu=ES5j_IQOUE*hKo#9j zgnH3TR!b{!$Xh0v&ZJUlofI!boPESTd7Lp$t8Sv|!z27ODwqFq=^#Y7`wsG_8dbU{M$! zuxS7m1kM7V9zt5sB??^(Dgt^M9fy)gN0oF&RZuAR9${5iz_pN*NCuQhMX4#F`jvP} zNu|>;Y!uL{6Kjn6VY10!UFlSVR3@$|N}Rf71?HB9BD9Q}4MEH6Ni+o!ONnJ7Xb%N^ zi4FptB|5YyuB3&;Wne8*kIua}v;)<~)_SOB^H&uBNVlVdU@eda|ERhejp{nUMj{{x zS|_Tb^)qRdk&d7M*qsr4hAhQG$w*QIx2p*)nn|NptOdd`gor0%k!TXJNl%kr zPDUXiN(AOZHUm`!9TC>jq`x3%5PK-dh!%y8%4*a#Qm6!WSE8yHmA^d;9>Mem}J zy^dawEKXFbTb-N)Cxg5|suEr&EmG*u6?B|z$Knh6AL1MZ)=4%M4ksX4QR>m-3Um^r zOo2%TaRMW2N)i!uNGi;xcv^!grE8!{g7hpbCfG>$PmDLvSE8Xs|3v&mqYL6EXmzv# z*da!3gprI$=SUmlewX^E40?QBgWX~DuCBgKAcXSsKp1XD2!V&FMPMPJ+smLkjHP4H zAz5%8^fEf9BBZV*nY{uA#Mhs}dE>OB`2!S&0iIT>H z4egkWg=0`}sZbVr4`&a@pwQ6=hIJTUuuIf*EUeOKDH>69$QA6!l!^`jJ!DqFhzklr zq8(vf3Y26KC4do~FWQU7nP^$&1JCx1hojIq2Bw7Oi3#RnBc_Z37EPohF!a$yqs!A+ zv%|`S5e%apXyQ>liarO*B$Z%mI2uYO6A>+vg_$ga32_=RiP5X6H~es6SdEqkEhrB# z6A)z4s~EhEK7%Yr@m_~C8L}Dm#1H0g#GgVB1dA$^LhqeG*8#zX3ew0<&=rVCEUA&% zl})OV2qZq1O)BWSRWN!ag-$gqgC8UJ1ZoenEsieA)I>fliDrcK(kR))gMqb&B*I{B z#1oH)U<1HAEFrfKOnvFlxU%}Cn6B35m5v@i5?}Tgvkq$ge{WD#rWdN>{xP=80pDDxjI zDX;cQHlqV~>)8luo`JCfvnj476WJ&YLnE+XlQGy_Du&`Zv?sJoJP9)|rK7emHeedT z3nkND=-*j>Aa$%YssA7y;;BbqDe34*T>lGajNj(p1O^!H7|vhaT3Sg(P!HVd!R;6< zH1bA5No2ASjD8|%7{>6O#5Iftl`IAm*)Xg{^t~AIqZOoG2&^73=pu;Ur%6LoWLvm;I2-e#i{^?PWjY zvL6yNBsvpu?VEHF)7Fg!4$z5A`CDu?rP`iiQ4 zs=8Qs4W94kqhDTtCwt%eXB$>uI`@&(`NpE@vAlY0wp6KN7unuYm6w@g8N0D?T}_v; ziq&4RilwT@u&#C1SftwW#-evI2={97jh+RWt8_2&sD-^W`~7W*LaUs`3UVr%SCDU! z#bA-%sI|Se+3WU3_uAGkHc;2Kw)GvCpLN#L1N5(-g3Z{nSFKex?+App(QolqobiO$ zo0Xx^X6GmCST%gSo0FKSjBH)6P=GjSja5{kIA|IS%OGgpx#{oJ`T@N{KIAegv6aP!UE0@pR|W4F%{ z=RM4H1K|$7e$ULz`PY$gQ}wKPj!5(_64?>RZE>&89T^>NSe-jO772}h>sf!Y}3a^xO-%ZZuBsk%_!ymZH__!(fgkx4n+t@2aKo<@9A4>H2CNde~C>_MdF`V z#?5T$8Hf(z-BBhiv&aAU^sjz6yFh!?1;sWZr*Ch zg`Jc4Q>*-~LtK_xgl_?SUW!#h)C3XQ5u*PCgmkLSR2b>UljB&aJUo#a zNv1GanTpxjm__^i^(iSz6&@KGO(e$Sqoc#Aq%s^C9t({|#xV&wJ~okz%a`O+Ox!3Y zjzZ$eF=Zq=5*;4}S%$}H8UIAA8s%bqa!61P6Ukvv5xI;FkEXCyVjN5Cqhra5L~K0l zMG~Lxd z;uJ$njgLpiBJqiMVr*oLfMLPDGCZn)S&2q1(%4F?9si}^V+^>72h3EWA=I|)zm32StK0G~ob zyCvt;e7WLOSUzP0QHVl?Xyp?-=5SLk72NdCF9R0)5nAaP$J(Cgcq}qJLF_jF|ZhRu5jK&km zu_V+SbO_bpy1;zUIIl;({1%1Z-=ePk+9ORj9O*t-2@JJa+-JO*O7SYBMWq^|-h8u@ zJ?u1&Xk_ZO_~(d~+oC{Yj>U%)Sj7W{G8&;C2Fv%c=x+j=e=Hgq8y}g7CPyY>!&uNb zwxuagM{f5t7wP!Ana+zjIHzhl8RAcOe4#vBX&+KOcQ+MkzG%oq!oF)r!9^Pf-As<5 zD9BRVe_mOXu?e*_gA8(8#zP~C(8%cc1W^xSG=X)Wqp9&REJed+tKngZ?%Jyaah0%j zD_|LgZRV31=cnjYMxWt@K;)C_opg8+!AG~xW}vX3+SpAVIkpz7hRERIZH*#ewV%}n z4ThV*7@G`yzNW*fA~$s>icX(H{L#w!O$ z%cSUjIt519_;6|@o*bvGA*18ig@;Wr!^5dqTN(4pzh%2&+wYWCs?Ao*^KGTfCu6f= zH%}g7{ojIkEnj+*t;R;M#T);R!8VJGCdZ=6*k~vmok)$2 zgke~WZSkYJ+g!-1Gx_4YXe;l68(ZrDj!((AHdhYJeRoIQ0Mx{O==b3HesfR6^8A%e#^w1dixyUw>0m7Lqp#}qh`&64Wm3-g>p>#=KodUs3|;yF z_sEi_$b1V}p1*RpMyp>fh)B_w=dZkpwmg5eJb&fQ8T8gipqA&aOtSe9DY!g;Wl{-$ zowlvxbt9LxFr}T*mgldW^ux2T?>t!1Ia*tuzgnKZvSuQe=dXCRpNGi!4wgJSMW>K0 z&tLhw?;A9i`O~8v#w`^gLxX!j+p1(4ii~c%^+!2+HOxn#W^pS7;BL zd+*+t-Mh=|jcN4_P32S^7jD>J&HE?ltITB^bfbl%m_Dl*NA9kd&6(~#xAB^c$Io_V zI#9ou2z74|hp`5+W>gK%l(6(^v2ZIA>gJZaf%-nZ0kyTu3gv|PAX)bmj&dlM*TBFP<6m%Rv`^C>%xrkrq zRZH4bTGfuz*UDmnE{Ljc$d*dg*-}+^eA#_={XE>~QpMEx)G4~gWD#%HSE}Xw99AjL z&|0es^1H%#BPQ1?Q?%P)N-L^#8xj>K5?C+R;U1JyxjI$UPk<$MpHuJ8sYUDO%KC-+ zsXVC08!635E9)yWdb)ND`K>>xmg(kr#3<|P4BqsC{5VV%h!z*>>+`dq(Ud-`mFTYB z#rn!xH5*JW)~|Gbn9|GTQh6$e<gVLaTIXeIGjmfG`+=zZBF_sG)gm?9 z`TT|%o0{H!HCKVsEKQx7Azr!w>%vPF^#6{O%pqEJ>O{VhH+b{>sZ742ri%nb)N-{c z7KW6q10HNno@FsZzUPUUQ(0U)R9U=dvA&6(P)G_nujvXpvBjg)sxmwaOj03 zUSOQrW8lMLekNaC+;hQ}`uaJ2ZVGhKA(Yq|fI`;Mn>4QBnj*odUz)2{=PEn4Z^!G( z(A+%ko17ggm5*&-gq}i7t^i_A;SMmgP!%n*2JeH{;k^09`ucKKYsjA7*x6riW=}ee zIQF<+9?I+0ESCZK-=3?^6j4}TRZT;PGS%GT?ltwRz?L&pmULPGruahK#RuvaROWFb z=&7k({#dSv|G>g4iY4Owb(I+va&~VGVqF2DF5=(DWbQw3?S(sC;5gGH%^xPi({ zLZm)kn?n)nQM+os3i=yr-~ljDNy}sRldTsvkfy*Lqz&=%GsM5el4=O!3f4$q8!WcT zK!WE{g`BQeQOHIOv5rsaGits#g_HY9&vLadq@1bAD|#_&sI&*_=jyX37WdZD^)-ez zfe3>e^Rt;ekXZZdZ=m&?5%_rG$l z$o)~RzQGljuN`Jpe@?o*n475gYdKvz9?XM_7jsAJ>uR&k7boi*glY=ny5b6O!=zZu zy`cFu%Bre~p~2=7BlYJK&|h!(7r z^IWw#D)MU-T!nJ=`Wob?1@jq|;$MndsPz@}iX)#zb$KTOAk-135>(4siWnY1#9Dn7 zskRKaAzKspLY=%?I2VZV0=r6L% zy*c;B-1~Cx$$c#M;oKK;pUr(M_x0S5a^KJWGWYXB-`S|vDhf7Ha1jO9P!OOXL_v^( zn<&^p!7d7JrQk3HhbYKUpi*!z1+x@9gMz11@COtuQ1DU;UQEI3DR>P9Z>Qi<3LdB6 zF$z9G!N)213I$)J;M)}ZBLzR9;NK`X>l_5XqNnrdsh@(&DY%4!Efic!L6ic8f?*17 zreH4xyD7Mvf+G~jE?C0yF6XGw1>{=K?e4 z0yE_TGvop@;{r3{0yE(PGvER<-vTq<0yEtLGu#3*+X6G%0yEhHGuQ$%*8(%v0yEVD zGt>ez(*iTn0yEJ>SH|zto+-201 zZ_K?GO6=`WVvj?KeF94CD^OzJ&iy?16GMZYMT&qm*m?BC8tig+rL>4`Pi zFg>vb+e=TZ!S1Ff)?hh$VhvWKC)Qxkp(oa0FQ6yZV2{ufYp^%c6Kk+{(GzR15785A zu+PvFYp}1<6Kk;V(GzR1|Dq?>U@J%^um-!3o>+rDiJn-4-9S&Q!IJdE8f=`NSc4s) zC)Qw7^u!vhNKdT6=IMzw*z@R#HQ0mn#2V~X^u!wME%d}1?7j5F8tkL=#2W1L^u!wM zoAksQ?1%Kk8tfPJ#2RePxp-m?wvnD#gKefK)?nM|i8UCFx(yA+PprW%qaL3%*xymN zPn}?46$MXTgWwtp{)~dRP!L7uU5Hb#u^+)D6g-WBX$n~9ZMAgX+vsUM>AVXp?RO77 zy_bT=C}2I((g>&su!6YI+WDNWXwBlN`ja^lH&Vtx4$QlG3Ze?w1X0u&yifc530 zgLq&xwyzI-7)vA(>UlqTs*zT2`^KhJ50lj5wOr{#^)l*sls-q484jAvM& z&NoIp*rl-BXVRsjW!iJpiyK~AvHM&(_L-$}q7AP6VU(4tG*aK#n3wnhe+9;ayv>jX zzH7Bov1nM>a73&grR|4!{~*v6l4I<(`n|;i7~ssQWek;sX-fs?`rr+i$Hul9^R4Bp z$gRw+qKk=L*A>?%$7*xMyhcY4VBCnOd^KQL>H+GFu+8}H5=OQ83=S!Pk4~%NZ&?rE z$fRv_u`C(zf!L68&t~H;WL$dO!yGM#;+p`vlJ>tgmrsb=RCoiT`rW_He5}@23RlP3 zILHeDVxM@?f=G0}ZqDI|AK1LNV@xhjf=oE2pEj^@f3R

j}n&+UnzfmWTVTUctTgG{SA8 zq<$k0_m{nbdtDcBlM=1lMrtpckhY;VA!<)-sO!6cDq%wf6YZonA`dpyE3jL-04pQ4 z0NW1k9(lOCdIfi&3%GJ^+eT)O$%D=G3hdU?1~%f~{XAP9>@#`=cJQ=;jrxOqxjfjH z_6qC`U4WI7+P1@icgn+kd#~Vb>jJKv)V8sZKP?aT6TJc(>;kNZgMuf#{WyR%yfGEJW>z;jq0|*sA{Rc9lG~%X@__)GKVdKemKCwrH=g zDZRpW+#lP1d2D-og)Q7GY!!cO$K|o*dW9|01-4MLE-~hbq9?SxKg8dYhxnXcL5y_) zaeHfsbN&clDUa}xULj0$fpA+h!b-k0ccP6A{+IIb-qkC3$u8iY`QBcE9Pa|8hZ$=$B%0J8;g{qQe!f=-C%QoBVg6u$ zVw+LOzsrOBVXwg5+8c0lnc0kg%dMT1HhtD0YEMj`+qwXEd$RymX#Xj8&;<=60XGiu zvcq6yPS^5TTB!(?+h!1bojm-_y@J2H3-}(cWZI+aUc?u~E?fWBeu_NYolAr3S{1pk z3&b8h3n4CG!(uR}t625s5A`m2sCV`d>K}9gHQ3DC*bAqh3Woe4R^%bh^$=n={M!;@ zn`IS$C=c=ZJ%qTom#x@lboK^$h_CA*#QnX5*k*R}gYppH-$RIZ_7Y;7G1=eCL;P|N zAs+4}#5PlN{~-_Y$328t>?OoDi(k&)C2b9@L)0Z$L$3a@)Jup7|4w78JjCmJ2=P=e zAtwDHj><#4rH2q7>LtWB9?N^=As+1^#FupeG1Y9{V4-1c+`K7*Ln<=^9)@{yh95dBp!;4-sE-P8W#BeGy~RQH@WV z3Cd#sGkNTP+C%Ky9N6{xT5H!9pH8thKdTjM89EK)7|>AZ@iN}+LS9BAyQPsvnhhH)&uDCUR*%LDI76${T~bv~tGlPG zTN>Fo1P2^B6mSVm5^}jDBq1;42F#L>gydehkb9FymS4!ikK~0%APEpIzW`x-guLYa zzq3@;sjjUT&EnVoc}|zA&i1Y6JKs6yJ3qGe9Y3?`l2!DdbERD|t+J)bX?^M>7U zHss5>`n*x9HQwIX{`$tVjeciiRbRBr^=i&&IIEB&XIjO4)hIPi;o}vQzh)KfK~cf_ zTzOt8Z?1K25$~)`(@zZ!4xXCMZu-)Xy%Yc5^`#&CFAa13sfM}HS##1jORXm4eq)1r z<*cjd=t8YwUT)9m&L+K9t6DSl8bF{fueS0wy63FV6?NOjOFXYF>GS+)L%v?|{+Q8o zr>n*+%d_$9d~u&$(FxQIm8xMI)dizbch=YRIV#aGHoa!EssV-Nk}t1|ePHj_!9ne{ zGu78>pu@g>npvAKZrY@2+I=(Cp;v5@=v$4i{!(k%Xa04IBmUyZ0|+C)nt44?W!?zn z-;95^;@|D~_cEYr-E6r!uTx*Cv4(kvd1u|c%iLjZGyBc$ht{Ejd+Q+;IG4^;8@jB9 ziVXOQtTyj9R|D#MI9~y>M+vf=Y2;34tX#SDTFsi*=M2C&I5>p=*($eP_QD(?V&9^bubKO_kuet=Ygt)8J|5__ZjQ=GoUPW2K-eY^8gLxz zSHrnCgn7a9l zi)vG#dUGhM7ei6Kne;>xs-Gc-U(~B5t2CE^HnPF)8LI}-HY!DE9kBk%daY(@b45#o z_L;9(8U&+el%OCqtE8Q&8+J|Cr1sIDhT1SRyId-3c^w&$GjCLFDm8CtrE&@XNR+Jw zOR9obty~MPdin7%_2OLJ40*V=*b<7oY8dhiXblf}l7g0Zz4pA6vL%Hl~AEGuo z>uP#+&hSQVXxRP0S@ziEfy}{)12lBhD)zpip>oA2S^2?|Q5&)=28JyDA~S1%dB7~? zQf4^2BeQeYAlLsiKug8vtS?)6%84F{al`-09YQdqGL5&Z%|=Pjy$6HM^%6u9LT3}I zH8Ak!(Eg!IFqr(Jt7Kj!K;2KU-f`l1cHXGzP@a0La5JFqm@;w<5u<~{sseJZ1p;z} zflRdmA?A(vu;G5cqgru0;nB~0(RpQSIBD*XM9vL<_vPwRmcJ+#=jO7m`I*)0HM3lWy=U0j9fOtp zYyeSfi*p%W_u<5S;emfjvd7AFNFwK^NaU!ZBqSj_JUHUvDxC^ZITsZKu;GeI#unl> zoEh;U$NheX_)eYZo+wde5*s(Sh>e|t!<}IR6(nL~XJ$AS8&rooFmx(7RGGxaEv;cA z11;GZHsaK*q}O($3J&yCw0`*9KlX)Tq>fp!MNG?aB?|#czMOITXC8dbMM`c$)Q&NW452 z$}b&ilAs>Bx`|KxTEzY8;zHFS_jke{o(8!y5(lAHX=Zn)8Uz&taY>cMB#%KaI=zG_&G3sJtdn7iZG)TvDx!r@!vpH8k_%w(*pL28grjLE z=X3*+c!|;=9nNBQV+O*OI$ckyD-%AP#Lr@=jxKVEH;cI^5*xE*c}z?m7@zWl#Hd#@ zMdR!se#;ddKSM=hPA_KoQblcO;^@%HCr=K&5)R<|@sCzf@7g(j?2*C4*};(=!g9%Q6035+U#JtIyZ!+nj!L{59O=+Y%N3YGljBkWC~cd$t)T(8NE119z%294j^H5 zVbSj?6n}aMn3M?UykQA$CKBAE9Nd#07o={rOiob`-dg!I)-zO50BkiMwZ)$vs1q%N z8rrA?b1)K2LDh*iz*MPgWU%icfBn$Tg3*L#d7s@0QikeRcG|-tdH8tOAiqzBqF-l z8;O#UNR<2tq2w6WJSPu~KE8j_!%37UV>Gj1RIOP{pD7xd95x6Lk_cP2UDvVp$W}*( zcZRKwZsK*0F61m9I@GrwJ`PKKbfqT}6FdEwXp)B45H_X`WFC2}Fu+K5 zu2{B-U7*4>35z)q1=AEzCQf+r`==CCDBGL+QwgR|v& z3B3T*4*B^fV<5X;nlspjkfDWxP7WPbBm&C+Hs; zKXJr^xLKnzD-?WN(5v$qY|7M&VeGqxKKme(e|yjjOQfc6LPD@N5`syB;KafG+TPL8 zy&e>i3=^DEaE8rS%9Q}0Zm7=YGE}J#CVIyj!aEPHmrJ zsT|tjKpiylw5NhinDFNi{_Wb0E~{qNItHYoS==`s7Fi*zLsu`<@4KbNYwM=_QGOn_SQl(eOu>*DL zmVW?g{^B9P-9FOHpKRY(hh3C-yDt)N%w@nRotZj0e)6%Y%=pyQ#EFxW$Bw4pY_5g# z26p)7${C@EG0xU)!l_YZ1Mbj{k)T4}8lKh1_R%>!0a{IuJ`tG5@om+R% zCyA2>B5|_daqsxalM^KC5b@0Z!;=$7Pi6>Lsl}bS#W>j5OGkU0Nz5}dx(!=1SF~W& zWC)u>J9Y-;{?_JVz5+h9C1&*SHznC9K?}6hZHdrvKSG z!uaH2?A0#Dy5B>IxCi}+Q)Y4x5z-DA3s%n1_S1QiP>fX|f(&2o_IYLp=UF*+{2^d) zT+Tmb_&0AcOT5?Qdk+n+{y|Aes1(gg2=_-q_#8pVkq_o*6TG2(POnsWE##C3x`y~) zAniUbHN^3zZkzkyDFVI-Lzo!ki$*nooQ-ZtACD+6J+#;%+>wly4!bLndLR<11|jvx zu>(GrQ23Tx+7&D|0FUe#8O`h%8=_NOIFVGxIz={M;bq}KD_J=`i?xyF9l&em%XzOwyDblh}?A)K3IuT%@#hq*}bMnLxJ_Sdt^@}@m85_sJ zJdNUe<-vKAAI?CHvU3kbc8+-jaP(t;28(x|!f3V#RKsZ0^9g%Xm;B$+xsd0=S&h_heFMD$F=Bx(eQn8?&T=b6clOYS&ewB|IzIeeD$hTVF$q^qJg)uA6;Xza7K za=k_m>}cH-Kfa;u14rzeZo(Or^qQI;)Lcm{7MJd&ikGw_k4>G_;2I%}YPz;)6pNYD zrSf7)!ev#K|sDR%7S4 z<@rHF6M)(R($HoO8~Ot91FK1!B;U_GyjygLcbdK8C<-fR0}whot{r!qpB`i)*l%ue z<_WBGMo9OFVqqF=X3vcq5tQ5(=l5R|%(dW6?e?D|-5h&19s$N@BLPOrLq^2&2|uG_}IiT?n0i2OSr5+7?EqkZQax{Voc3 zMxozA4Q*2Be-g@Dq|i2lnNli+=o~v67`$;Qi8hxEdPv}OG2A2EK|79g%4-PAicXQ1 zMt!D`#Yb2E_D79F>IlyCR=HR#FJj2R8GC+AT4Rn+VOMT(x>A>GMtu?83=%u2_f|7JlA1*z9Y8C#S=t^2{ zqjM#*akDfIu@m&Z+PrLAoGndodYrU&O)`d8BM;EJ3O{jj)68_2qtw5lyGf<~l|b5B z_&&>8_#u8=-n=D_93j}zsIS0IVGSN+Ed}`&j3&D)bkBd&3LFfm>yLRrT|)%<|}}zSEMMVpekA| zI_tP(Hk?Z`Ox=E$7|+#_#IE0BJgAzWL5=f`rcx1_^~swrUA1bmq~);aVQY(g)&=V? zIN8)_A%unr_%RIaF(?~btJ|by@fwq&C)id#Og*rQg3W4ddc~(Tt`&z?C>6p@^9no82Ki7>i&fCxLD~`b>Gj7(`R7)0(bfdn7ywdQmeb4`??0 zRwEt73#e+ zSG5_%2k&#ivohp@C-qEaG`EZvEaP_pQ7EgzCjbY`R)nR(2?GzHEslS(#pNT~s%W-* zuR>Kmli(593sNPBNkHM4@11ko5jmNn!LQj`7uHx(Hh0?ef2EK=;eGxbQBv_fUmKhr zzK)HlO}!cj2yBG66)tI?!&UVvyI^COZK_{*YkdCFHPjJL-2aI|sVdxS2Ab+Yj79Df zikk*~D+R{Hcty>!@#?-#5YPmM;t{)t`&d%phk>U$!q%<@Q900erm4g0%zBgzPJCMP zf2~Fhu^LMHUz`13TTrxB@5-I?QglLjh&#eUTq|24qAn%<($2Z66=|ocq!`s_ypqms zvTqrPwLcUe_Xzovn46QC%}p$foI-Vxu9>9iho@k?`3p&IqORHIG6d1+~v{Zqd^WDbyzur-o)-ZXlR;g`+8uA`}dDgejOEF$yLeG?xY(7>^f|9fXJvR*>Xijel>#;07QE`(w(bIbXTL zPZK~~9j|4%J$?Ig_!QK)L0S1(D!#SQz)zfFZ8k#?l&A2v6s6wE8*o_G!hgb#if|R= zD+dM+7@+t^X2ux{unZ(1pA}N+8Wr1xl{N^ic$*L@uKpR z1kl#PPo${zjXW#oUdDMd<$N<6^%vfRj4Gb{6LG(3V1PTDL(%?qYMP^c9na=r{GahH zCC0yotgT@j5q=6^Nl{8*{2y4>L|~6j*3@-;y`(*S^5pR;?XeSw;jO{WfqKb8{N&;i zY=0V4XAz?_$|J?~J{-W^uGZDLo7N?xSaokA7Eob5N+n@i!CNX${US$kJ3O|1V4zaB zO#}p|F&A+R#1aVYAi*|ntd#J*8=)+CFQ5@Dcvq@gJPsX9fj*%M2U6fn#WbP|6}F`) zB`|#_%bLicUnSdwm{F|ibBLL@)5ROxc>}z8dtTr@<*r~o=-B1#jtd0ltr}KhBPzna zo$?IZ*rIC#k}8qG{z!_-~nuxI{s)nYR}5f>AI~siY=$85jn(z|7|M zP468Z*>#6*yOEB4Q?S>ccZfZPd4w^HYOrlq5F%%O*r~yJmnQwLyq;j?<6Zs2B%`L7 zN%mmpIQBZg0l+?-wH9K$pY@px!qk$Ek)ZYFtS8$9%8p&wfy20^Iaq4WjW})ia*Z81 z3{VjJW>^y$oB&;S6lb@|SjYn?h=qX7b>altF4)NCZfo_;L*O)#g$p0RoLG)!&b6UE zAg!QS2{HMgrNb+6Y4=}MHf3kH6q=mtbTR_zqdprCWTt8&y1 zy9x)97=sFj8iq2BR5)M5_eh1q3#$s}YEn3X_M6pBR4yo+uurb4`2o6<(sKSTgG^O5 zg|{JeV}T5QnfZ83IobbVU~88|Yk*Y#SKhXCtv!W)6Gt#Bmw6l`(7AE0uD! zX5>SSmtO`f!g#qOMID};{7QQI|6&S!saQr(!@|#}C?&A`E|xV>8w1Fp&{@(Vtlhn z937W<)r$4TBhn`sk<>ZmWxmeJ8RbT||6bWov$Cqx2Dx0!C#e}WpIk4X_i7P6P-aw{ zJmkm@tQY7K1<8{ATU3gT1n!r(F-z5jDS_YBENh}N_}C*;$ByDG8EFKu)=wHi z*Jv{{J4RP6muEGcWoL_+`+*CMLRL`>Dy{$cq5Tuvg@0-HuARH48M1KRUSOM+x(M5z zDv`Sj!<0#CH8V9bwrjvsA^W=kgGa>ejEEgtKAYVc6rshPHz68#aNb1C#o0Ue<9npN z!wakS&IXz{u~wUBOX@dhU+;x0`G*<&@iHtdnul56)vRePnvv8#7=nd|U-9WPfwnCU zZTJLFt}x3rv4^rDaNPjoNU6ow&|hAOxfBQ$BZv!?-50{?WrZ+Fgd>_?9ac&fUEG zZgegm&t-OGq~pqepM)quwgqvi=9XY=E=p*=8zx*Yec{stn{OMZfOU&=a~u=9;}~b# zc&(<2JAySAKEM!K_?~Ygr`SBAo?z0ZB}FN?3GHx|w^2^v`S9>G!<-`bg|83`(t?R{ zFh{nFrZ~y;PYfV+j1Gv!{)OLo2nORz370nE7me%cxB$m%EW6=VY^fH%=@!h7*!k^uP)L4 z3NOteP+)M1DS8&UH1|vBdE^w67gnvmu$8su$!1h8@O;=Oci{eT3Y-hB{{X|eN}jY6 z(5@}bxrFym+BmV})r~5Th#6jZIs~5JV6Dhwd;^{9vs(tR^@hhn%_1INqF(z701y+m z8=?w&67f&zDgBQrFr(rVQOFBlN>NJS^9w9%l74$~36YvwQ$T$R9{PlGU{RgKNhX}R z#nHa$W8>IApdq5Wc0|OX)lLZ9YbOz*2CLBmjaa>*mCp)%9x=h?WuOJT_h5t_q zY8yQ%Jc6UV*k(3>T~<|`IHovB12|qVpT*VcwL#n#F`)I^G?jgd?Wd>4Sj_evJ5QzQ zn8?c)z3G6P7j~CejgD9FrqB{PncePr{2pH!5_p`sb`zP9s@8kvJW@!GPdnRS5&;!W zf;R&!OoH30CC*HiGvc-?#`L&LaggO^38J1dE1pQhkBNd3m<;daTt9-DZ+KBe@!72_aM3y)vL-Wc!<4Z9t00>&Js_^kW@YTV5ri zBg*RB+&R)}62PmQm8j?-3GPXN3Be7^ltL~GKSIS{bdE~@LiA|Sic{mc$9w+qkQ+4BY|UgIT9D02Iq>@oPX#HY#uHA zCca0`6?tLRYT_%5)N1n#QT>K_q4&a7A-~Vyj~{3R=YN9rUCo+yHrT>)Bw%S;judD^ zSj+_eZ6d5P`mJT`Er*2F;B_zm7g8WXjJR%Zc8S?Wi<06sN;Sa_R*tdXF2aaL2@)r? z62tM^s76i;qXf`v^t&ODwsu_oTc{y!1aZTKHXm324-{?nxcUw33egay!bV6n3@ENK zD!BByCPe9Yco4`}%#w$?V3v?hk~|h>QE=HKv*WtUIx;(MrQ$C-kd}1!)rgxKX?z#k zo?T4&eJdO<@q@lP!V%Knoxl@5tAdYk@eOotRopl*fMKXq%cj|&cz{sJ4T$SPOL=T_ z5Lr{&3J)S{oSYC&R7~PFslqE$loGbWeJpE|t>C;i&A8}!jTr*?9ElJ9+z<%cQ`Edc z(RcWfc8>V=5zU>WUU;OMVWd)B($@wIMAk`HToo9z^v$cSz-m*+zlb>*HO!pVe!1ek ziD!G28*pP*AlXPJ?yp$peJPY_G zD!|rYc1=HrhlD+74*Y7>1_j0W;8$D&pC_14&Yq7gC-{uCX7KO!N2+|VNT zDu0%0da>{qh^grt_X&!^*Rh+JT@kLHR^SlEYY|m=a9v#CLkxBCSXP85zJbow)M&Vx zit`7A9$ol1LLj#cc7$oHxC%YC`FGTk(rEbC6qr=;{{Zm+{S>7H{=dVrCMvJLNzwqc z)J&7cn`z0_nC-qRk4WU7K11I@Ge7b@I8ciriT*QIa zrPAbQ^i}^a+srtlec9a_41ST(ST$qgJdeM|^2hUp7!0UtHW*~W27^eH zdi*E)rkJngbBu9m4c`_|Xwhjhhkp-X!yHa3kj5VVeX45ZHjE1bxx>>6Zy3KNT2v6V z#vKO}G3SQL^tOlpF|nF&-P>h7|H#1EDPD1_Ito|27Ji;_aXiB-Ix4<_&gTjn1_la? zr|nRc|NjufaQlA^W%6X{U-2cSP5-?V5UY5?ZLNiGrzj=x^i7sEQI{_w9B^BZI?iOVjitPaN_)79LxXE_hVg zx|x~ciiS&f6!Mm-8l9q`YsuL(g)e0SGzoJl>o8W{8`!x7$1_BM^i z+sC?C_#W1aeI9^dFa1)@Q5Y|DD!1Ym-NH3!C$2x#xWcXR4Jc9_pY;of+lLPD=#kM` zoi!9@wQ=ZD>d9$d#$+M?R8{0$DPybJnK^3#H=Zgnuc-7aFD*mAn%j<=+m9+?jJM%v zu1?lC3uDZ;GAR<2;V1lkO4=>LL@qjpE{dcHY)nCc69XIHCC{$$HY09nlAM?_x4XE! z2$o3FkRqsYjkr_^ss3;wC zyrj7C=glclA&flg1T*sPO%=*mg5+YI0}(9;#K5ZfJ_6~H1OV3Oz};$et3t8qRez!7 zAj8*E%OX(muQDK8ufrdxSk&=+Q{UPO6B~$1tjzxle~9i1DX2*Ti1!g(1EUu`;}yrDGxz-*knG`YlZ*Jj>x0WJ^ha8;~_= zXjTbu0tC1&MJYjmt6A1WzIzL4@Q{nIyhy}V+@d7{7-O%Q&hOK*jgpOvw-$KVSboPB zk7+Ef)(S3iv7_IkkME!K;^Nra@UUx>vPWN#9OIny%Ol+$Mmp6Gxmg_f=G~Sf%cf&4 zEIt$P0hEWO>i-x=Ubz5tG7sdH56s;D8pfhmpPTErodBUXe_R) zG(spm72kjm>ML2TZE5}M6{(Dkz*!>n@tNQ?KDm@-Jn~kMF{NY{Q{Y3z;z?l9N>NH+ zah7FGl+1BoKsygMcYQ|A^IT^11dGd+PnhmZQsBYNkW<6|Bx~sNq-+1 zQ}X{OQs6_y;^V;Le@jtH@c+kH)R`WU76A&X>>xdeu!8oY?Wgtn&F2;PcOiz!RJ=D108@K~mh1@D`u$w$^x9VYQ z*2pd8ipDf^=**X^25yqWy$3~~)8p*<>aIuR#~G2;jqf+dK*Q`|^}e=gR3RAa+Wqdt z%EN%y*bHk-RST_ccz+G!1GNUfAjWKXFQRCx8{V(=nP5dp(U8sVuL3s{CYiVB>JW;% zN|fU}UOlLiLUm6ifbFx^xunE5(7FD>p6*hauB=I8ue=Mr7YuS;Xep0F-i@p&Eta24 zffE&zuLdT6CPgWsa~dpbqRz>u6kU7dLb2!}rLU6ECc)ICdbDwMycp&X?40^7JOl>?)&S27k0&LIbpL z!e?0D)vRgfM(Iy)QumrpZwj<+aXxU7vAK(9&S&vDSyff1psFqlLAl>*^qEgwRmC^Z zxzfLEU;vxxDn)%MbgDLs{t7j}UgYyc%}mc~`4n)g*m@1HrKcz*6#Hvf))2)Why?ov zUnE#{IY9dJJax~vgkt_xF3~k{qyhyFv?8K$*L4Ksu2iw#s#=3O<|lGotxLKRH^s3d zIas%_O1WY^kGMl|abMrS5UT2fR!klT<=ZfM8dR*w^O&&Yw_&gVga>b3KCSDp; z2FikgUJn?sdi_mbY|$rg#@L?GFl#{kqk(~am{HT9&W~-=sI9w1rW|a9jTj#XH&H!B zcuI@SH8JYD_5dF_U9Mrq0S(J+mn$as6~v*zuuS}cG1p_SnvT&~r$b(|)$+VJTkgLI ze&E6V$47S$h#wJ zD+uI`Wqsr+yhzN5k*_~6^vU+*GT0iTj;D)$1I1DrnIB?ILA!f9BEHu)RoL2Qcpbd? ze%1|j^bHOLB53EYv8-yq*U!8}InU1w&Y!*1fMnboU~ODREOm%v?sfcy$6|lOSS+4d zgjM%h#w=j(g#de>BaP&BntB3LTsZ=@UMMUH=~|}0yfR-;0jSs%3~FiD|}@ENkL4x35!d1Ml8SyNmb=f6fl zAlF_0$mzh2xAm4&PdK_H>e(pZIyBf01v$nk?P@qlrh&hVs)bDoOhFUM*e2+_kCkYw znJL#13A!gSB*L4@mC)m;sZ-DM@`N%T;fl8w+*&0Y^Dp4PY5D5mnidwb#HcLxhk)bx$j+&#gA6>Z29b`{ z+HZ%%@d$yKnJXBfZI~(WdXbY&-gelw#UgK)}$Ue$~ zx75AbZjAZtCNHiSd}aw5B;27EfQ49B=lV%t+2=`?hr!_dD>CbbnJESn3x?ZPfg!GU zz0XkJob2(OF2-!BvqWcGmv>Lk`b2<5s&AKdHILiED&NjU+FiQXcMhDK0UKN=m0 z)-AY?ePg3ijr9DSA74$^y~j-9EaaHgFs{TI!_u}fyKj2xK<1GrPG%n8?^p2$nWZr; zho>SP$a9BwS9InpRm&zhAT@v&`Z{7pAro$k$G|+J@2LEGi`udd*XhK2g_w>^U}Z|lPl`y#iJECMqbJa zf%$opFZcV;7w~k0gWzA6D7=p*Zq18S@Z`%$lk{(|<1f6a<_AzTrGxgrvdJ0zyt#8Q z1@n4H%?91}m-%LB610u(q|Gb)i4@QY_q_|UG;1 zbsT+dL!(You_ld5Oy<|9SG$vJ*H0Dfc`HiQgi`$%CSs{p_Cl1Z^Br2|@_AYQf8itx z(S|vqU$Zv6rv>y#LD-fOp&sSU6!IbVJQ&EzPP}}wZQq?cMLgdwOAi4ARZ!QjWgbn5 z)YWirdikGDfiR)xU4&iQ=R3&28*D|^EXbP9kl(hfeOFmhj`vr!Oca5Mh6vlw z0gq9_CQtLFiBAf{0>YN6gvUESpMrOUu)T}X8?C(af+dFs7j+gg)ai9P9}%9e}+x4|(K^FHkCLoSwVVH@K|qnn&Xu zAKZxPKK`R|Lb(RM@b?g#kkJFjWBEc*lPpLZ;=0i9o-+F?Do#1E{YNIc=9VYdpqD*a z)A~Ft5^BP1x!QoF18h0pEvx^U0_(z-lUR4I3a(@}HQ)C9@A7NFU9E?gx|WJH&Ht#w z{`uc;yYs(`OyM-)_np4LaL(OQ^x|z=N&mj&1zWE@4Tx<~D4oK&TkZ8aD)_!r`)iaK z2|6#G{k1CuJFVGYBd8(HDH~&dJ%FMsX@8xDjpT~_NYkE=#D()9ZCbIK@B_C~? zCfH|hW&Y~(vP4H~gB>s1Qzb94MSG@!0_P;l=Xe=a^g&UeO=nXf{mrLP3n9WDTt5*r z*I6djs3m_c_KSFeM(wtCK&%Ksn_<0G4=-K~>FJP-U#bk8yvTfCC*sc-R5iKZ1OkPa z+_*Y`YZ*DR2aYQKC&mr&3RE!cn;8p$VMhb|gRr9_;+(2)zlz6zR8MORSONpSz*>** zsF;aA&$22jlTPo1V$C}+4KmqvX#ayFd@|qu3mkVDY)p+ zm%RU#gHvAZUA0h{6yQKv-W;=a)@%Au2q>*heIH^FMl14|sqbSb+UnHzW`6D`vyjug zMJt-s;%rDre8V$fIhO`X6gH0Zct%tYKv7+T3DCx~?~{K3VqyKVw_{nx6pcJHa*lT_ z(=6x0->*!)yjWZz%3kG{>LgP2f;{;)=B(<8cm6^W?}!>!s*YOwL(D=HLp)qJm z3A^(dHY#8t>vYpXR<7JThvJ>hVmR*JITVjrL;;vkZ7*284dvTduzDvIYg(|P&iEIs z)GgqM1>l~-=G|_^2&uvdSw#K8Q`q-nAH&5kh@Gb)jGArHm(O_BJ0T4U)>{ZKzkMut>$f$+P=B!TcRmk#dUnQ6`O;alJO+bUmks+`O(+e}Yb` z4e|_}1bQ7m^Wl~HqZ9xOHd{1ZyV+9wxUIA z(4rq^bc>$2`lfO(vaE```pM_c&%$IUij2y>6xEn&g*z9|TIA~MQfrz2U@QnNbB@;{ zsomC=g6fd1A98_F0;z6pZ!J;`!!K3dO&)@Gw`sYA42*Yz-$Dk)q!q~R>DlydWM%%& zp}=4my#mPz?2QIgMQa?l2#)Jx4X4uPx3jE@Ht#Jy;^e>Bu1Z%0(D8dW+%G$hkJu#T z3oiOFWAQe^qaI@{7SAkVYJZ3^%Z0G`NIePKbxDhldI~^=Rp$cgUwjm8uFT@&aP#7$ z=tSh=|k>;hgxnLHcg zhxn3mdjI_toTjc5J`Fs5Cq*fNr*E;WAu(c=-DA!>Sm44Zj2Z0^!l_LmMqs|2tIs25 z;JrBHZQEE$LmV9D%edEn1qBV|*eYHtBM6cgw-q7TY_=DeK6`t>v`O2p8@NK7#|E4{ zkU2PUz;{#cn0o>C^dnCkn$EgmO`S96yn7xsuiwf>M#cHNY5JJ#z3X@oZ$!aUNk>Qtp5Hrc-~r|4)`6u*SIGXJcPw}cOA#4?CNS@*VoOR zyqoN8nl8Sab+Pb0%(!BD>35-U6vhjy%H_`h?rYIbTz`DpfOC0#1By0?&-w+NoInSD zbu)D!I;*n=TyHlHT}nMU&C9%(l~FZw!Ng15Pi-nN%L~--&Ai)OZEibiZa?a8&bdp5 z<;!3PLIz>Gq2Zl*5aa$NNBYzf(TMn)+_=5)|MpGrO4?n zTr7g}Nec8R?{|%uQR(-Oq2GRot@FB*&_V-YeH-usG%JD1m{!xP2&#ubVu;eFY^_m) z2qwbsyMTEOb;Og@H!>*I8ws|C_fsPA+At`*8sD4(Z^9s_#@ST*zD{u9H7$Tqj@I<^ zT}H_$V&JK_r@n{i%Fo!e!a2Vbf`Qg{9Q`~)j4Hr>(T&-0^nMg=b;r@mz+(vlM9RV> zZg->cKL>$z3Fud}oC?tzi>gu;Emb9DNKrm+$C&cre3ucDo#B%0DIPa-v>MQTH+2^x zl@1ASqS6_jIIGWBiY%s|uJu2HNrN0beEk9!r zZiQ0%46>?9>G_~iDm-W)&^r&xS}K<^CAP=RT0op;A8@5mXn4%pAl$xiuDU1F7&#>H z=dwu`YhOx%HI*Zm!I2Vyz?$F7>zvML)3XRB!7q8pQb_CC(lp|HPM3AuXqlzNz1C7( z8OlGi!LxZRWFNzn>U7$>r>+U<5Z7n^L8$NpVhK7Yy#_|z_SZL_ZS0*R}+vG_w|O){EPeE%fy{rwcB#N7HjEUW6@yd@6(A;`G#`Y>e3w?M{C(d6{7 zavN$%vJwPVZbsJDu<|Bg<@yw*Vz6@4bd&`)9fFg+p*WFmfs-4eYV$Diiu4$Hc?#H6 zK5>AN-6=}NVC4GgI8pPc#8~mTgZr-rkUE>B)c0ty=XA3k2JT%TD_C zX~VmR_l)e=JugYq0m z3Z&gfJ`1Hrdh30szv#cd(^j7Pd~p2e!Kt0ED(&A}D_Hw=Yr%Zt@Z*m?vUB|G;zJKT zo!z^qe&V2h=E%f^Er8|4dD?fnwnUXo><{~xt1i&Tg)qbMDm(yX^V-ClBnfh7O-RKJw^^r;m&uI6WFx2W$S!=_6;ytTVN-@LyJcqt($xLTtpKD&$@q|Vo%QstV&xJ9rQ5Q z*EFyxpQ*k+vpjE9aD!>KUbP6iBnBD^z|;q((o5FUEL>Wawqj8&$9ylfqx6#ZlbWRe z`k2X-3vd$uhOgqffu|AJ+j>B9uT=|F!YYz3uwwaviji~K4w+p{Q9i+aZVR=tof_gw zeWqyThNx57N*Rw!>>{&3Z~FMBR%=Bt^94P(6jyPvJXdbDS}HSWFU)yZ5S+r07Cpu{ zGYI!wq+yLFgs|IE0+wObI8#RubQqBNN*TH&O~pgHJ%o8ruzuC#Y^_3Jtv2yxt&B@n zTk9Mv66{+JH?x<>A2WxmE`-e-2)zTyJtgWgCV(pA$cvTpC`aFd{F^K1jcm>&uTKfW z3-LG0dEad@;gwI3UW=6rJy*>#UvpwzQc)}}E)LoiD?d0_UKq4$LsNJ@JQBbM&uY?hvOT>MZ6VUR07lj(}@k!IVFg& zT^mI7p0M`7^wp*K7FBkR3lxy;dU~0$gW>pb_#~Z|(v?veb!uBSvg&$8$*fCPR&wiT(>W*!Z_F z!%cpX2HfoM4n3#u*t>UR*WS^Yonw23XLrr++PimVHn&F~$?eMJcJ0}{dt@v`j=ZX3 z%s4kwf;s2r>w;P5*43GLC#&(yJo$#3d-5;uyE3dtxLUw8o>53u^fj$aAWNd@7odl~ zl9mQvukm1wRbv6SsMCEetqs9c?sU^wZrAi$-Oh4l(MGMje6WwW$;Fzr+UcdgWUy9o z`Y%+xRoY1w=##d#-vt|}*3HXz2NRL4T4wU3swpX#kBwxZt~P6wGLKD#G#hJ-c#INx z#cUI6Q}6pC?0}#cNJ#tmF=IlHdzVENCYd2ZIV0L=9)DSnQbxT-#mzRM+f8WXW)#xb zfOY5=@FB3}q0X%&%C7Kb2)8eM8Jg@2`7NsFnASC4Ru@WaSyLZbUQrZwGx2)cMuuBY z5>k8_OjAM;!y?Tl)3J1LbW5GsYi*O( zXa={$Bc#Z!CQ&cRoFV#2eoEO>DX*G0InW|z2eM}R?en@Ap~GbEa2iB0I08?!p+#7L zfmkl@le>qqrTYAgQH{;a0Q8PYQHL;F#Rh^Tx~1VDiI;f#$XqT*9mU?KYFRrVHbIpW zy5g4i=oB%;$(-^xhNWbd7P~I{tN{i>eYp6^%H?l*4wEIqIZb|z(Gt-e>YKv?Xi56- z;^FSQ&^QJz%+_&z-nb;h9V$r|{Jk((V^*KHic1$KZ|pD6l`by!ILNRa<}?p-hy44( z;F1}uifsVckVXpt7ncG#K)dMj7I1FoEIjtV3jbw}9LYTN(DsW+u>cIVG3P;|M2A2m z*gBH+R$?To>1VT69y2~T5HB`P+F#CFIYT>W**U#ISosB>}4>rSYs9ehfK|0>xKLitQMe*~uB6w>)r(0jVJj)4hvv}(H!VqeL{Der_(Z=KhIv#e zSFsL^Z3!3KkaiG9jBxHK&z;`7hFgMWblcb!wxZ}qyL|Sc|GZ7Pjtk_Ao@+*ltc$RP zVcBc{uMdLrsG5pa>2&r?_2RUP4x{thqbD@jM;DX&>8#r;%`D2=iDcMji#){7)koVO zq7+eEt07cjxH`r%VX7Nc(VwS6AtK1&-0v-Y#9=4JxYAqt03W3>wi28da^3YfrrRaV zxZyaMt6OS|Up z)WL+MjyM&OVqK%>pq5Oa{>E^N%oxu#GMBpobI_{VwTsUI*>h7%N;dzl0F(6G)Xiv4 zIl#z*Ey|^IQ>Z(;F{ZsC6fhoZTmi!hY zfig>rT6B^k;aucy>X*Wr2Uf@~{xy%Ki=2^2A5pxRT)AGV;ebk%Pe{tzg*J*E*A1J^ zz@=7deKa_)iU_!ePn6?6+`#ja?Hs^qs@x9j7h~4JXlzIg9|z4C3c6bPAkcXf^^nU{?-4 z=m-!>FIyiY&YN{aYZqi49e2s(!ovch0wCi(8L$t9bD#%L7KOrq2~&sl}_y*6DNJb)(C0fQ=L9g42hguJvZS zP<<0HTxj!0IN$Xm5kwQb?|eog2n#mXG|=_wl?tLM@ss%!Vgxz*7LA#JB=(6AA3XY( z3?h>d;7povvasB=alr?slCeM#j;lE+8Z$r7~04Y(FM1(8CY3)T1GJ+&s)I`r|X?8)i-Mu5nvX5YpooEkfDXZ zYLj(kC;Y#C(!3MlB^0IT&lvWcf|mYbeH9(C;KKBVKUdgu-<^XLmZPQ4C9|SzsRb}v zqgqGQmW1KKu`*64DvgY7>7 zzEZ-Ns@`NoJ{wz4^w($a<-8hMJYEF|f0&LqGOHU3_Y`6GN{z^fOkCR?>b>UcsRtbPQ;2?^#XBcuMtD^ql0a+`=F!d+wd& zjE2u{dX`>9`5Oc1+-i05%3qR;WpCNHON$0E{ODcyq4i0b;>$M_QAeFW1uaxn)Or_w)Up@WqH}MX zO$+z9Nwf9b&mg>cUtiR{luZji{<}KZ8B|&uN*w6|-b8;Ty$e5*(Kpn)@I&!fkjSXc zmf#5CyRQPPkh9iYokx{a@81fUDazpf2h@wdqSim#3UL+Dh9{0vCD3m#>Q&%kF^QZ2 z$>r<5-i03$6~5nQC!qYO%8~mvf*HFQ^{RK_heUQjm&w;r4Bor&Lt=>ky5XjJ7k)I2 zk}9Txqh|1HjFt%32UJ1t!jB*t#oy0H<4l%lHbCST|F6g3&G#Ss^ZB1IjMM$SNNRqX zsL$PJkKTnJDu%^hsX}$ik}XQ4jHK4P@B`Ov;+_il0?uPF5&w3ts2Q6i^o4d58v(6* z7k)_MH2;QAQ)IsO440Qe@T=a19~a2A3~aM|@4^ozkv`+|yd7=c-@EYRd|$xXyYRy& z2RtFD?S!b`?$5<~7k=Es&yxn0{v-wZ-0RQdqWSkO{0Q~vMR|sMOCOTGe7`Ys zgHYr~=z>&Ugm~|P>&NR|_~D}uJw`FKSn7yV5xomP1TKBH#(6Wkdl!BL7@Pl@N_WVT z@j682a&<}XUTTRF|L;n;i(UfvQui+WxDedby$e5TnaPvt7GJ;c%I646On#={7L{f1 z!Vf?4{Ld>nM9D=m863TL;YTU+*i;Js51pS#s>RG}qBkD&y%g3wdKZ3N0Bfzi3qQ_Z z^z=!7*-G!i52*{Aephlh8}D8CaUK^l5uN zy$e4iO)j*tuXo``@4^qsn<2j!8oTx`{AePQPrtA9Kpg7)YPJj2HvyM%FP7QG5zEZ8 zt^0Zxe$WZ#S~*uP7F!EUB`=`p=nf7<3ASt5#49-58zeevtastZ*shTMagh=4!y?-U zw$21%>GUrA$o4M$h*%}A0mJt%Yrw0Gf$ikZ;A zq8IRk*#onh;Aj8e={Cg361@vQBqoBt7Xop57k&h(68|@D-SM9Q4|O0!)zAXHQ`MVX z-?OpxM1SpF_|dySjJUY(rGJ4~U4$caks(V2sfo;_4Ka>g+Ai^ECIh)oxMys`26#yk2a zSF!(a|HszC^VhFhWzXp5_0Kl?%^OcO%$xD=R{Xmi|6X>g;jFXE^=i&&I7f%f^1Lxr zt(Qthb!f3%Jw0U9^Hzqt-7{FU#|A4q{M}i7zEU*sF^4Nr^}zzJBW;*>n0GpB5yTvo zzu;^r>ZQ55K8J?ZJTi6cXv4X}wC2nr{^4TT>YUwpw&7fc^XNvYY}fQ^t#RlQyKdf9 zcmn`1w-p{{+GTSzqv59-_HnNJj7g0R##Z zYn>ahH{8h8a69y@QH9qOH#5&HW$C_iP_6K5pitpH^wxH+56x)hDI3AVv-zslc1F*g zrmrCLTi32yTEJ~+?X!@TZN?qsFD@}T)A4qxsqdSF$eq0jcZ-E(tcOCA~;wyOO`@E@hX~ebkTzCT94&S>(*( z>NmiLQDQ4Sp&i?()~s>~`lp!j7~ebN0B9J+WY*@3Lk+OAJ_8}j*UZMD4bH7#%X!?N zE~L{{fLXgjO!9(rmA!<^#m{El!3^VDu}qwQxjm0zEPJL7v9^JzYuMlX&uo#MHe{&1 zHD~JR4`|QD4OnIAvr4mI1F09TCQV`2X9D@Gd5pMd zOy|P5hG`_Q4faRpA;C+au4x!GG;$s8n$}Nejd|TFX7zlY^epT47OI&@ZX3l}uF_s` zRvV>-#?ktWvw>?9h%mU(D&=uSHFyu>_nZOk1jgBdPJy**P_L*1_pdYUZ5}l5HD7H` znv14szSaD3^WEl8)t#%AyfnOURe$MBwP7A~HswqscRFK1)*9xkoy+Sb|BFTEYN47k zC}#t1m@EzRt%0{b=zhnx5L&joLkFu4@pM% zE|BL zIY~*L5}lGWl$0p>QA(bnK(Ur=%e>{uvK@~4#i5hd@TO5cs7?rbD} zBDV?`&|hCRe|OpZ!)5cYmd!6Mo8MSA|81GE(lTSCWyV6wjD40F>nt<2S!OJ=%-Cg_ zvC1-IlV!#t%Zxpi8EY&vwpeB?vCPX;{`^F7Z@3q83~pd`hf@F`UQse7Z}Q4sGB#^eC&PZFF|NO z459rvg!Ydiw0{ku{j&K3^V?ivR}tegiQP<3Ok!`MCnmAm=!r?}C_OQW9j7NIu}A5N zN$gYf#3a_FCnm9VdSVj$96d3KeJedNiG3G6F^PR2Ju!*>C_OQW{S-YhiTyKrViNm# zdSVj$HF{za`+a(161#>(fJy8YdSViL8$B_Jy@#Hd#O|RdCb1Lr#3c3vJu!*R(i4-| zB0VvQU7{x@vCq>Jli0V@6O-6qpeH7=@24jwu^*!+Cb54&PfTL}lAf5vevzJ-#Qrlq zF^T;lJu!*hK!V96_BwiE65HoW><~RMiKVF^mss}1B=&!h*fNRz96d3K9U}p@*CDA> z@-<4nPRTTlKr@uwPxAaqSF-NM26~(-bvQ7o;iJ^teR8+hsF-l){LQMSqoU9HqF{Rqx= z!Mem3%pGBy=gM`mpW%L>ops#W!K85ge)0b8fbNZr6EHF>dKKoXFfVw6u8Hn{-EVHh zOl`@AsVZN)^GI{8xz1dVaXbqi;ZsZb%G~0d83)RyYSlVyuGyu1TKhg3n27Mll!nN+ zK+X{E4^Vv|gH^l6d`8cbtLW$r@vb8B5WEJRCRYct*5kZNYsGx>5@!vKDKLsBj~+bc zd7Ie0gSi}7O@&ABqaq_5Kl>g=ZB;U3HEv{TeK6c|WVzi@tpM3Ioecaw&9XJjr#07L z&kuTln&|;GS_QO_LkZW3VfJG-K<dYU@onjW zy}4V!-o9eM?urL?PkLa-x&^GZLcoqC$?S>rz#i)surF%^*!!9XR@ZP6Lr-RGFi{^D z(}Qbu3*5dH1UErRJ)a)jAMX~pceDZSo)pwgklJ5J59)vE7N~c&0cr{xDziIDYCo19 z*x%|Fuy?fqY#ONruu0(lWqNQw(=BlCZUfwOv`vuNe@+kV|LzvB+g1$No$+JshMQ7b zQEQR4D^^thiUB(s4{Tq0U~lghu-n@JHl5TaP6zHw5ANP>fjiI!xap)e!9spKJ+M>V z0`{IZfDLg_U=>cc<2kpI9=iE%L3eK(&~0zFBMOTN&X=D|58F?43${$RV5`N`?U&QT z_MUFRHrOrLjCk1odwSS@w_C6cbqlrxdHY;?*#4?puno5X+fcK-F>R93tF!Uc`fY#CjdZt@|?r8(ifo4DpdUZY?xVNMS?oHhSZf_gF4K@RZ4UXF0(b2u}0RC!v z0N>j!0Qa>4V2GY!yY3S7%qP=>_wjCl_wqKt8*Qea94K-bQ@0XEi@!||=3jRU%=_8^ zGi>UMJsD<(Zz#{uwsf|GIG$<0mmb`2cMIJ6+W{zoRI&CazzP-)yM14(qIG^ekoDa4E=SVZ0d1HYtQfIry{vPfZX2( zkRjG9CnQK358+Rxhw!c4g782a5QZq8c^nLi2kzI?1NXje0XNYd;41l2J|4LLl^(cH zbqlzIZ2*^P7Qn@wxr|*+Al~1lhwt;zgqx4+y;P$ zn+a&sVN;xW%W&J3c9WK{VK!sqc&IgN<=Bie!8dp9t*K3(Ey&sxlV`F!;D_y@&3I>O zGyF_#JoN|DgMUwF;PbP6V*lxpHZTw(!8qb&oXzZr2l3(bAWn1<#C8^8BSB2qmpGFi z#B3KqY-cqx62yd=^=s3ExYR`u+gX&01TkUt{HN1{`1US>*v=|QB!~$U%nzmq@%>!{ zu^mTcB!~%1$Dd9Q;vaMo#CE(uksu~)&iaS+AbzonAdYu)(AXV6X#9J65P#T35TEEK zhCoxb+{!f3?Q*4c*z4 Qr}!Ogn$kGRg9r`&f6U&IhX4Qo literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/.doctrees/pid-eaa-issuance.doctree b/ia-terms-updates/en/.doctrees/pid-eaa-issuance.doctree new file mode 100644 index 0000000000000000000000000000000000000000..b60ab9b9df09b749f52a496b6c81a775a17fff4b GIT binary patch literal 461525 zcmeFa33w#ObtXu%+1+gLY_>@1Af*&3Qr%Ejp$-&|rYH$F3XLjUg_EWVSyhRuEY#I? zpa593F3Xm!l4Qw{$M*WRM?1Dg!{Ij`+q3IkjqM%F8tr<#RtxQ=7Brzyo3I0Jy@&c)Y86R&SXmE zj8Z#l-IFP&8%3p5Kl;w2D<3?1@#u2vLRD_o%8hDTIcnX3FVZ=+kf|!AqZjb<0s6kK z7HWRp!TEH#Xlb82+j^WoQ~S1`_xt@XY$yAE_XFR9Ki~JeANc;G-1!%dau-^6CzO2} z^_Z_eazs$I&Q)Z9P(RAuS4+vQKDl16s;NdDQy`GfsF@nTYn@LQ!;T)jj2?(K=t3v((}!*Oz-VccyhAsiO(M zofFu35>IObG}&^A|C7upJ8DU-tL0M7U#-=TT6Y)Jl5%wYY$Jt9KUQm`YIU^^6qZY- zZ*}Ygdr$cN()&`?_er3`wQEwYUM%$WNs{!=RCVB8eFA-F@YdYwEPJiJz1ZTvX~@GA zLcm(?F`z2<1|a`U`11t*yaj*W3RIojDOZa!!AgT2<(|sDt&w{=7s$OmcR6?E`Z;uP zwc*e~>#kJwNEY2tlYUc^Gr4DSXE5t`Xncj4Ez!)G9kuQXMUGl$8ddeE)$e^~)R|n$s2N$~>eik8N4fXb2&*v=Aj&b@ z=R}CymLnAy^Ey+ZQ8FMumJU@VlPoCpx>EJ+I}m|WA+FQ;xnpqOxj#>czt21YN7TRF z1@-p9k8;Tuk8*PE8+BCYII8b=M0L{<)%TO0XhZck62mv;YDq0+eb7cVu)9yKL$sAj z0a^#FpJ>$Us+29L60}dTqDl~qx>ACIkkpcNqoLI5vLv*Rd@P|ZM-BX1s*t~fo=<4OePU@xgaQn=iwZ%n85Zgc<#-r;M+X`d6HFPLH3VBY~ecy5c8C_?e&a zjg1+oXf~UEISawamiPQBWJATuI{*VtZWQVRJ1P{)0CY_m&&$<=r1qdt$Yzte`I(d( z^<23Mdrzq)1O7^8$A+l0g{)7OO*qjX7}I}2u*b~-NFe7;uE?>95|@Nz&>u2z!6;8<*geZh{{pg#14 z;k1H7oe69_(H%B?(2}RaMkh5Zcw?|LHVBB`VS_po*m!f-*f^!640@21!OoHbZ1hl4 zs560$w{(q-$Z2^aa;&5b`XZeq1=yhXhK@bu5**R7A$5(7q0?f+zWC}|QrDt`zM*5V zLGOEp4P(K5YnRxFoK|n3gJXFka*W=fK6-`?>P$$=ldjl!!D62A71kH=pL$hcUDz=4 zsBWAIO&al8R~G#XvCe9sSgNW0msLl8Ii)7C>yd}s_{6M5^tU=LtUBbm)9{C(L7sNSfumLG8$PWD zK?gQ@Y1gO2$7m4hqh}g~Iunxej4L*rH3-`F03U4_(d9sw6kx=H6a5RFI~XVytei?x zwC)66-tLMQH!eA){upl49!^|h)*bqL6Gp6><5V^X0VJ?-xod2MPiKP+`@mFT$f@^o!~XW&oUR{C z8pOJv)4wpui+x9TN)2M()4jtLFK!y-l)IQ=>_AwkQ}?9mGGW3==Uoi-(L*jVb}?67 zv9Uvz$5eE3Y{d`~rBU@2lzl(`EmvgxGf+^na>1vCD(VAM@qxrfV&L6y06&L66h(bH zJhm|BpHKQjfgm=Mkzs!z=nn*j!}RY|e8z^FvkKx~HIu~X4-64`UKkuV1011De6EOD zCdACGoBW65Y_3-kPFAXZRjKdz%hl`vLNx>AMIXpi<(;~Zp8N9Un&QhNYU67vDW6=( zlE*Mttl5xoCf_uB3i+=F0-^!|ryp2M*Y7&rxHjE{!3Ca2Et6B!m~Xwji+F}r6fn2C ziQ4>EW2#eKPt|cyG0g$jX>zJgonV?)sv<^FJ*ZF!p?#`~b*l8MG1b#j)ikh}ZoqZA z*EOnMKlOBXm4o(q?po(bzZ&x#@0z4m1k;FOfOC#k+On5+P_%bSfhqhKT zTIj{slnaRF56D$y_SE5r$0U8oJn-qUHs4Ma$uG@vb=Nle3rtP>9(e9Q}c^aK)ti9s_aaxdFrr0*qctW5gm)=#d-Yf6D)HG2ve zsg^F3Ys4;4-@ahL#vSKs8G2#Dh4I9|gU%P81yfV)o!}7Ih;+n;=2YRlvDhVRu zOcoIS-V4#ZohE&*rj{#v=H0OI#F*}}``_aR74sZ6&(jhHXI6{G@V>PPgT$`9X0p;a zn=u~t?WG3-g9A1Ozo0QVUYcoZe&{gSlMXE=JK{Ro6_V~n%39=nIklfgTAW}iq3``W zR19RLT__pWaj5N&Bc%)12rT8wk&gc|9xUb&^5F44-wKVTfk9Ft(bQ zHK`oRav%Ve4CPg@O%r|{z@MREfNV9l&ap{aG>iVkn8q_=8prf4AbzJS#5Wkki&JrC zKlo7Y6d?1oyZKfp_=>rrza>sYzWXd}|>e zDKKB4qeIf7!vcd&3hW^b4?@ue%)UpbcgEb&n_G^c5h`&F*|Rn`3m+v;w;@ zCi#${Gxb z@G{mBFM9?jk0laQB=-<^-^6@$DxUBWzC4RQbCYRPM{XVEJd?=#QgRJ;XS$%m!toJC z2LfTc4tS!ynW=#Zb;o{a;BZB-(=i&ME3gGp$2%gmOh~=197tmZ9!zLd_LKq$TlHhZ zUWHh&O@5`S?#bx`wuwi`A1>JX!GQR|2gixegw&@@Kl}FVk&FjzUz_kpuOw4ryfQGh zrDLr35DLUim=R|&`)3Gglggf&R-_3!U*d?d3dE4%OHZd~HgSfvW5*$E#>aiyE1&kx z2yXG`l6Y>QLDxfQDG23ZSTVy%*BO3@W~d<_%yGi$4P?@CrK0shPI{ngK>H1(y{1VG zaePj$<*vbd1bh*Out~@il&TFm7xb1U9G zQ3N;LT(AVDW?V6aBSunkJv`xCS+=oIGtBliiRA&jvaeX@o8h#thT~y|Mln4y=J`hR zJZ(J+;AUNcW8MKA1)1<6m}e-AcB{Z@APpLRVq-hwVwc^+5{MuHrkR+Z8B@{YIj0+5 z%sT2i>n$S5%3^eKU?Mu@TVT#U-vqZYS8(_RuHLlf#4~V0?r~N2b4RsWhC>8rUec=K zV-sYjJljH8&ln$BF-S*jj8ROeVJ!w&x5u+p=@e84^yJ5!6b|3d3LPi{0F`plgp=fP#XJd2Yk1;zBLb%}W5^3s*5 zu`wyiXRS^6qVqd(W-GsV=8ij@j%^9VVCMNazR5kBzfS+))NAhT`C0lAXJ;9#7jSx6 z&Q|40&J5BICFp<}pN53v*lC<;#vwL3(FSNGEW45haZM70l6DH^rqo1$2d^daI!FaF zHKg(m^~6j+e_sMURN=SZqmynd>VxwstUtC??cnGkx-9LL3wz?IoMIaSC*?RpTx`Ai z0o94M?SWYDCDP~=y2nH}Myz{Ng>rf~d81LTTR7-jeNz8A3!O=e)$$(vn$`ZRea6F; za)BM|wmgiMu$Ms?Nqb0CwYH5jT_hKzD38wB-gA!C8~Mc{#S5)_Qw@saB?~IVPn_P* zoi&8u0=-Eh#8))EZav&S2_^^mB+w#G*X3U%9C2Z~2j@~@5~?+GHy7Kw5z_Ra4N3ax z$NV>YAkK$q;79ZC$3LLP#nzoyjrR1gmQwVyiFOr5l4vFFz3A#2Sy%4I->KDsHtHVx zG=GSH1SSl88T56)*N;&Lgs=RE&5d;|>5c7J5-*Hd{x~`~PTz1WeHNd#VTm4gho$>~ zr5|BkogPaD!#iN<&vf;+_8@>#Fmp z9eC-%eyav>K+&IL1P2s7U~MVzbDz0C137=iCf6BEj-3C>W@JMSJ?suS4*)rT%DU=2 zY6s*z(ceiKI-u&(-Hxbwyi-2{ac^`V%RuAnF@Q%&d<37iNg_S$4vh~2jTc#0Cr0Dz z`rXzHi-w0@Yx|BNr%i*|KNBc?(DuT>+q=Bu?V64^ztNr^c89lzfVZJ;@#emew9aX3 z>rv}YA6d5fI#}B<8E93hcwqKYTPtB8Hd0n%JPkP()~Q(QVX&cE0l8t2KA3@lr`uy5 zzt)YSya#$%*Ud|qp$XP9CL$KZjgO$1kWZS>Q)QSrtyHB6g0uu{^P0r`wi4R1S*#gWyli*u2!W#st91{8Mr@C!6~DOHdc2bm*eB(# z-`Wl3M=<33F=QuzO@{LO*r!%L`^&Fa2{dnk9iQ z1n%?Q3Y@z{=Tqn_pQaAm%oURDeGfxf%@t~8G65`1{@1jo+RQ&mPS>$$;eWo$!z4%@ zz$t~AW>}VG$(%}tb)1#9qUD%YRPHhm+q|pj3<&|OA-*u|fJK-Aeu+l6wUA<~D+wtl z?;&za;mP^gJK};spSS-Y-&-tN`s?*l4YUI7^}Q(etyR1m$6eS-{RRD zdi_^G#ab%=G5jOUvDSV13I*f{S-cr8KX3=5VE*H#uVk${pY7 zu>CDib)15TV<-UhSA=kj6ZvubcHw)81Fw}DMc6FYws+KQ(g4gi4WN9{geD+9faw$d z?ro`-D>q3(vkE-&FksDR0GNN6Jjw<9fhdz)79l)Rney1k;_cuwhWlA2i8G|+Zi3NZ z-Mh~c0&;h>?nCT@1UtD8;LWC1_yiNukdI&hlI&(;lYbAI(32e>#fUIiLa2j-%E?_E^Uevq>{$ zBEnJrE$FCq9v@Tw5NdYvaa;G|k+NSYsA;u+^lj`5s=IgeQP!H5h|@4Y#Kl2AgbRGc zxd^~CnLpb{BZ~+F+wa~-!0Rq@)WgXW{g{IzeJhwqmm7_3x{+xDR)`P)HVVd}60L+H zULIxTm}ppj8p6u3s-=E(dc(?;!%e50=BKf?^P&+Ii*J&C_4 z-6>r|C%lGgFc5f}YN|@tux4gU*Q7Ld#!8hHoMk&=p*tj>G}B3G@Gund72lb=XX$Ssz#XdT zn&XLE*7<;EXod|_?1L3O4j<)b@LUmrkZ#0W&)(AO*4|CbfLf}I6QE%%B zqnd?|M$FgZUHdKc7Vt~`BD^L{VrfOGH!A)8*Vw#wRK(nw70Z6L8^aVx)ggi0uf%S;Y>#*)oc@&SsW?NeeQZ$|PQ+@cu?c}2j0 zeo)b}DKG<=QcD@lmZ>ySSR^INVytNKTLw4vX&dY+xf$Uc#3*HWF?E<&o+W&S=%U6= zDEbJKcj(057bG%5;n*F!a2wXrWgI&^5ahItFVRUm`alDmO%>w^Z)2N>tR^*T0=q`( zPibs1DqU9mS^qWD`;|tDZLG-mIS*P>yQvZmksvcb;6A}{JBAX`@KI70f(n+1(z;N@ zp$)1}edQ|B2gq5gQ?(5!)Y;WarLrEhE@Pay)xNV-CKzGB>FQ>_e-@#rBWs##C8@v%cTRUj8Cc(WrF}a_=&c`DzP&;$8BkZ2NE(2Gc|u- zSm0w>+cXmv41$lrO^kX1hs;8UcR8a-v;#ms3C=sAXBhCt{+avH+gV<0$hCtYF+dEl4`I`M26_Zf0kpLPECoe>Uqs+aEb;;}HZ)Y8*{jYs`vMk5C8D8a7F-9? zu8E$f=rElCfpiI~ZG(}qm&z#xT^Dfo2JyE|wuNzYq4gm2V3BrKR9zjCXtGnB{P-Kc zfVj);WkE~8(O1RS-m<_fNlWxE|D9O#wfG120mzswm$D{iXuZLe>cT30#KvTrv0&_F zzt@9_^4$c)qxsL^AKK?_`~=wTwz2VAF*XcZ69Kymo}++P{!@(XR&R&hqrr1GKEXb< z#C|pgnQnr9ylv}bgh}DW)^Sh<{}a%wB>;U7e$w5%Z#~wO6w2USZ74vrimQLXwQx1)T z9o72&SM~1Nfq9=Jim<$Qi?#BY%RB@VUvlsv7^ojdryiO4-3;Gg=5Nt-szqCy_xhS+ z@W+)W(oNM z{RT7SymNF$aP%iNj(*iRu8i3bh~2R^>Wt>MyJc;6-P^i{d}llm4rgjgMg066Vm>?S z{!#86oG6VQ`muGVAMq>}3OTyYGNW2BBLK@sJy;XgbST;+8)0QD2g^|{(|M;{fajH* ze*93MrgXF*)lRisl!D|rjIhLRT$je2!H9~%*~uKWcvqzCV4NS%(E;)ToVZ9|!ey(1 zy>7usdR*(fJ@BkGu7$dzCL9^$Yh5yB9#F0UMTt!ZV@MHRjl~okxw}vdCIv5O5RU?X`}Hmpx#DC-3|Vd}>YJ3ELx@znFk=;w{%@38z(W zS@w>W?{*cT2*Jf`4 zns$}LlMhlCY_28|BIY%ccW#)^VmoB-peSaZh{A0CPu%3}oo<;(mobfP44olT8q8S{ zR&7J`65?iyqPM=u$F=}$?L@E}u^T-n6p?Z0SbjmMqE@AHvt$p_Jd5)r#QZ!3l%hF^ z(or`=1^u8k?k`4(6pBn~!8e4JsmPn>lNry^7$=5NlMi!VZvO8|3YHKcLIw zY;h}HP@OaXcZ}aWnX!MvKDD@$TkkwQ^38Z@J$s7&#L|1JK6G?mI^QiiQU5dlAX;@& zIi_8uhE8`m>Xax>l>4d&%2_QVYGufwDd7%xdLNT;XHnBUMMqqhU{?TI#vQ3b_l&zX zRmf8AK4Jn;Pr1uSO$&=SGjF8Y{Y3Yvc9zLF<=PE*NVVgdM(iBA$hPB`7Q3O1C)*8s zOSWs9gUGg@AD>PwyvFgGD6r+(}gZ;aSyU)O|(N*LpHg# zM7zPG{B!8dNVMx_N!Bgde3e%7GvI@xe4T!DNUq{<7Xa1p)Ox>?=pw9C;nyGp7epqsrw*N$` z5xW?h<+m7#SW=-}-lfed5yNB6k4r zh+s9PZHYrZBAHCYa4@IivbMBgZf@chpGsGehpQd3w=`(&j7cUc;zwkn@&S34lns-| zr*PRCSQ501lU$?ah-{WKU_7f7E?b_r#fKJ)pb)|i9x$_A zPbp(GhHU~&&mrH{gqqXmaPhO(ABP$in_S17t#uZey{&a_g4S`^{=6THhC?voYJb0X z3J442vezbtcj22otXVu1{6T!mvaH_Wnox0jsc~3p3}h1qyYoS#d~E(jhIdc<(nI#C zWna4SIwsC`1tS(5p|9+^xno@4-q~w%rE`$Q9|QUvWbyHSd)XP2p&(@M^>(BP3>)PC zaYp{mgygdJSw=`WD*x^TX%}`#UYq36&1%9$cT$6r#Q7g#80?H}o_paSHLXwSG=H@i zK@R--CCt%*UmtFVU2y3GoHzKS4Bq@@hUCuZ;=K7~hFS0??#DPjrQd268Us=9++bE;Bx*nBzX*UlI?tTA_tP$^44N{r z>4#fmEjzI9UH3S$@9FX|&ZE=gHsPF+@5ZMr!0?T)BwlnqN8og)=THwje+QdHXTj~D z=RU9Nir3B##^NUb+-qn8Oa^RO8J8U37uxzkE~$bvhF0-;=khCp%fI{B+>BRfXKGA~ zVC_x>Q0P4Wbhjelu8s38gc9-}r@uadzjEjDpQN9^1AmdC=9w6K9<;MH-avM|@Q|7v zwXH`?A<`SHLbWZ=;8EiP>GF*$h?{nkYCwVfV^a+tn@4C?D-a?$jUC4mZ0P!4S6wL& z?8uW1lK9k`Y;fJ~2mby9JR(fE5GLk9pGxV_Yj& z&D7ZaaYn^+trSlRhqJ}`M^*{2TprB5Lkr$|30Y4yM836^1EmHJomeQ1=Oa z-J3lhpk{4m4*_E~dp2Isj}!J5gT0%7>typk@-+WDuh{{0*A(q`8%3D}ciWx$4OAlP z$1zl5nFTtAD&girb{^F@20JY-u3Ww!z z1Qo?9!^EIAG4S`%P>T&5EyjUV%TZfy_t!AQ<;Ah(D`KG0U}&iGKoR$Ws%5}%9mh(^ zDbEh`(xr}cOCuZR`oz=~NenbR6h84lxDmF)bZ{$~X*z-6_6r&woLXtOT1hb+JZ7k% z8_m#oTe}R-xZ;c|cQIrxt8nbNqjK3ic6bys)S8({ZPXv|jl;8>ktWy;QLIz*nPeRb zm+Pr?khE%9k|{=m0-ZoOW`Xia(^He|OU>*)w%%s$R(M-iM=um)8!!JAe5T*j zVoFCsZh>fQU4!n?MT2zRl^fcTPanuTl`(<2jIb%1D@{2jO+v*5!yh5o?$EQ4KRXd@r80%)$ zzT?7)R_%MJS=*{jb1<*kcfDXLL#?r7H_O%nIO6jTBr(&1FvvHNKfyk=xR_fzw`R3* z&>c?_hT3%p9X##4{0W`$M91$84tP5T@~A7`hEJKUxJRt9MmO{hUav0#iPjjLH&v1U zRWvlI30k&~gqjGps|gN@tD2YsIIe0!YiwnDCi!es7d4^36KaAz(A7l3I~o@m8m$^7 z|2LR_PqhSr*QOaq~LlC#sjg}~5#wW1to7AjLOVAu#wFJHFZlApf zEg_+mU2%7*C2oPK=%6J&MHp(=5^sT)=me0^5pU}7l|lXQVmP((s~tOh1^iBiNJvN@ zGz2$~jgIJT4|N1t+`5hkwd)8DjH{0LNr2<3Becd2I)aVrq9gQoLPxL%x{mk-?}+>Y zL!=ewz1I;0UYm~4Y1o~P;KV(#j`%Ii_yjuQ52#t2jv!!Mb%X|KH+U|lC!u+8XV;k&tCb$bUbbgp51$a5o+e2Z4DWxOG?|-{xg7AvThe*qGrmxPIF^)n8y# z2lHHD!cT4*qaS){4d*t_AL6+pR(E;|8q%ua2vzrTA|mIJ>W(R>{(s*c?YI=rdFR|a*z2ZMN2vERke zLMleOtU2S1Zs=VvRV@5_x{AeB(`M#5? z6uSEX>glEYuUd6C&B9f8Yg6ooEmr~ZpD}b&~?KNYv6`w&}AoR+E#M+0oeJ-9E%TFFa0Cm?q`|9wlmjRlNG3y zDUfMlq|e%d-s13)7C>*HM7LRYT4Ik>SsT|68_|1HjFU=C&}j^ch8p+V(Nis@97jZq zV$JN@JCPh906@)Mx=n}2?=?P#W_s(f@EUAd07bxMmdkLDosQtWH=9(h!?cZ2>THzG z^x*fL5#twE38`Z_G(ccNXhCR^j znjiLnNbYd^euhXZ&U^1CBJkSm8l8rVJ?C*96B;MD>jzRL)*RCftB6~w`M=|gmaAY5 zck4yE>BNAWP|=AlR&;m}V&3Ni_(z&`E@*D7sm z$EiwqjMCMV_W;e1t}0Xzo^pOFT5Wu*mSBN<{ak}ury}qfme?ewK;Yt_11j>P%niY# ze@%HpsOwL65)iojT$(8-NvIum^%kxo02l{2!C1jhdT%Jlk22d@Ccp}cr~5Lv-vPZ^ z@|grIY=%hkP}DtMc-&BU;#SfcI>9MB)(JZ(sFuXE2zpA7(ngCSQ-l@0cOJ`W9x9H@ zwhx>EHPiJ1O$`|+d^69nVSVhu;rT)-GvaMB!9I zhwXIf+!mDgm)L}@E1Jt*;uqPc)`2cNG2xQ1}vq>%;eaZU&CY^1RX1fE0BWR zkGXtd;P>4Oznw9~h5eljsSx(0`^wQ1+sJ^9hU|{|FM#?Z4A9PV>LA}=#ewp#N5jnG zz4(i-GbAvHvAOf!=#B#+V2?U;iowB(clnZqe0{}TzFx!jzkw5)Xm?WmUP$!|-Ac9l zF5lG)NcQ5-d$10yUO;MPcmYi%(n6v{+PpY6Ny_kGsW~w_H&R`_ zzFeD(u8b#hL&J?wqL^w9t;TkSLR*=I!R6RScs!DAOjfg-3yUFjB|KhF_%=prOC#5d z(XFXaJUbMejF%d_JN1du?uakA8yHfe@o{Bp?eO5B*eF-G!lBv0T63xzUY*T^=c;>y zJBipzWqh=rpWN6iEk)T_eU;#Oufo{IQ(=Vz`D4y`t)=EnC|E91rb#=&T_v7C$S zO$BE{6Z@p`}fM^3WXcX z#i8`Z)Y7!FKDReLyE2x|#Oj6eVSaixP^qlPi;aBI7n}~p!ZV4~&f@rRW^Q3N63gx^ z&a7NdRg+WEa4L0uu9>|NTOAtPIh-C@8eXVQZVeZwlIqmb?#S@IygHd)ovaQIk2DvO zv4v(MwYxksH>xhx)8jYN)1!gKWN7HHP%1RTiK*1a(%3|1sxh%A5BVYs3u-7SZ`S8a z!NQ0yusarBmNP?}!=Z)2-Sx!C!dP+YAThK&lgh45FEq2m@x5qlaHWcmzk6Hqg&Hx8Tm=G4r1EHM`h9way9g@g4-x>27A><#VZhDM89L-UIV8`V^}S~+Ya zMk}jZv&rz3vJ%Ozjun^UW8?X$`S`}+h%z@4E9Qr@v8iM{>8lrJR}W^@o%!)vZoQni z5e}`+kB-mg0!u^LS2wQD9~KXMi>r(K(bc`ZiIJ6B zbt=BTq{gd(Ah>pJC$b?ARtlA=W+oQ6F0Za8gUyAF#L$?!KNL%>E!L)*yBqt#O*OO> zo{yDd$$C`|Uca6`n3>s&Ra5gzL-obs{q)Fa%zB_!dbC6E$CDuoW zhLXP8jr`nRb1+<4SS>84XOjz~jYTz;ogc67oBZ(X8=Je{$XsNU?w^MD*%~yTNt(EKHadopC-}oNG+_F1M}I5 zxSU*19i)cqzEEQ#SD1~(>g$t>k+rd{ow?kN#bhD1S4|#Hrb@Ze(#FEhm|B`&Ti#vU zS<3nv)6x9qRt^P8MyE@gvs)wAbJ2<7(#F_iVRXSdBz@8(t5Oc9B6&^wycMLpW+_P7)v6$BQhtuC1o-1wP0H`bFGfwu zj?qB<1kA=7R;t^}#qH(d_HuE1xwySt^m4gib?Es)!S7}JGHZ?Cr#!4AVhio*TixUP zuW3~{rgE&c>TeF)9t}ogLwLD$M$JTUcoV%DRexz;mBbq7abIOC{ChWTU)(GI5*T8W zXsi7DOMoK(Nt&3b{7Z0YPiz$*Ha^2@)UDK&N=*v-1|_4A;gxI1`cEJhM^4zQrg~Gh zfW%b~T=`zBvxcPiQDGk(VQY4A4?Ky8Bc%|7y5crYMeIrH}cJF@N^zv`6p##1t#8|GeWWp9x{m{$VM ze|p|iD}U?cQbV^Wli#|eiEt5RD+)e-U6c7rBK8{BG2yk)A$Tp$(~C3o`M)KJ!WQI* zb1z@N6V%cr>@hbjpf6M!QyNQ-{lbIxOru@X3IQ>`01}t$im6n>#t$>)Z>nQ4kyFyU zLhsx3yi|lflc4I^Mm0Ke0{8W9d@P`RofF>~ zeLi~v;4ZLqF0!JGew<*t&n!X$o_mB;8Es=HfZ<)I6G>xm4*311D($WC2_#mV--XsW zwFLjWS>fho%#T9v2zp<2qK2CmFo0AXFl4!t?0l`B@j=ZTDfXnKG!2eT1ODk~3AkTK zRz_3Pg=A-FnAW}c8@Cb`)U;Yhy_oa(wJBFiM<3O0BfF|-$`$#ihH|BO;_AKuURDna zz@7@#TywaOtPGHeGEC>-f<}Eo)X3G%f=FFGbj<8&8GQiXnAT3+PZ+mto?1cV$grJL z#5cq$j)C5gS zt2a!DvzKCf7LwJ^lZVMZ*g;-vPNFglNI1?Ynr)%dW|O0B%qZPOch!SwXq7C}){pjE zS~BVOHd2P`%J#NY!QGxk1&P1?um(#g*M@B=H!Mim=>w7N zf~4SbqlQFXe&3;-D(@-g{qpuUPh+!ycp2uCBJU8i%RCu+A(h8I`if+!8m=AHpkgW8 zrqXkOmPUqb>8)3nqf)IYS1Ocji~MIfy-O2hXEV}T!ZzFPZWFGP%#H)D0TVNXlv25o z&C%|=TCN}`7`6{GvujAnMQ=u}=|%}OqthfA2|L)ToCf?gtq0h9NQy2tic&!-Wl?7j zv>FVXKVzxCQc>QweH9Fim_ECTFW5yhYMpM(qcPa!rc~liF7cU>=~}X`-&*pg%~UYj~#u6x)Qxnwl+< zhXaPKNJ=!YQmLwY7(?1cB|a@XyvEr)gDh!=LK?HC)EgD4f*S@|;xs>BLvPyoU7HIo zU1G3T8Y$>kOaGMNUSs!b(wKS|5EG_KDS@8zw#5={A4%HYPM3DT2kC;W7Il_s5RmA1 z8|Md+-R;wg=J`w_i6%tR4qx~d%Zp~FhtQ|tBFPX>fqbTOJBFb9v=XC^HTpbM=z}*( zW#{^V+p0A1gm?rG63I)rS zFYDgrr)Y7d^XssI7JChd)$#_`C?&=@GBl*=BL_pn9X*S24OdLR1MSrNjCk? znBqB+FSAdrS@6I0wY}~-@cmbT1;O{}TQGZrLH>#{h*cEsH5ny>-(b13Ls>@4zh^Bw z6Pb$x4Z_4BY!U~rHjXhOhqYHHD_IFVQKb)69PAY%IMlj_(O%5+^$&D7S*bO)B)4hx zIoYU0Ypb1at>6dsXFSji?zdw=k5>Fs_|(3S>;1_}$0~g~u|vAm6s85;i%DvybvKHq z4#o2qjL|ytq`TtTn1svown=#js7rTZ<< zjb1iA2nttCG$5&_jmJRy+q)ec;cegT7>MQM>6Hd%1qOu%9&XpboH(u;xC!F9o^96} zJ7{1ws*48J-w6%O9_SkQTRbopkB@$cF_u*o^TJfWhNe0?R}nm5QNS?1Al_i;%8V3tCZOJ zi)(7?oEeelxiiA(MH{yp-rfUmf1Y*Nd2Dyy-nds73%8vih^ab7BL6cGECk?ww&n{| z8KnCS#sF59dAyTbN$}C@-8@f5-@n89?o43LTm%MVu5+5(%IL%iz+=5y0?5bRfF$Ra zF~(n=0ML13D|LF$nE?u)?#Il=D7l>NK{Q^Dp0opOwjS^}C0l&r=uQQLjE1}l6@w~8Civ!Yf ztn;I<7T}mTl27s3Q$S=;`U+SL`2d&9vEVnjx^smtc*N1&YxEjqy>{jVuB`|FuC17_ z*yx0V)++;@+|PPZ&5?Ekode=(pf3PWR|8#Z>|mg?QC$pl{hct-*#q4`f3F85asz#f zA<>HO-W%uyUYmig)9)z{u6;XkyU{TF&@fLs%+stuDX4AHFzy4m9%Ut`@8>=EUaUu1 zsg=l5wnxvm5)_s(E}L5vp{t5grE*hRLa`CHOH*MF=XV$Vj;`ObqF=Db##b1gB7wdm9mH z#QCVLDGn*hH6gHStKnq|5lWZY*1(@{?rx(S$`nCnm-b z`ujo#h8SA_I$qce_9qpX64R%sF`qGU7-bf*kxo%HdhW5=VB>U&Kw9>CS(o+bu7uEh2d?+`4H1`Qp}^w5>t|l3hzSj8hQh@^0?%ivW`ALYKPI`_IqPnI^O-(4{Vn;^qkx+-}20IL*jcw-t zD-KiOPW;qK7?4}S(3(84nUV#SN0KWv;=S%uLUJ++@>h@xIHJ*!0GmvCqA|{BCzxelCMrEA}4%wd+<)YwWZYqfyX;uEgW-4C3K|PQ2G) zK#!>g58+e0gYG8mqn+;m(TVrY)9gZwS#z>m96LycLBvAaqzKh43-2RTpKZB+YS&q2CKLx=-CN_->w~u4y!mu0$Cthuw;pca z{A;t(Pm#VpZFU>@jLuC*Nv+=)o{XB)dD4#)%}nP>bsCz}0yM7aMu=Y|{}f{f>w;~@ zpUJ1_B*Y(cVSUT?LU@71w(2H1JRGF-^Tawl3;8h@Pz|055e#_-zZppXs&~p#=ZqDv=#*tX51VVs>K-LwTf zV3%*&uHsYs8hSJAeuqt)PFTyPt>?ruZ`wlbJMQC%w|+w6op{r>=xreWuv4!hs~D45^oSha2GUOU+a4#NInph%ce z^;crPhOB>t@n`;iQ@pwLp3^2@Xj9H05%0w&zh(4p+cdIN zD`B>r!EZ*3|Btn>lHHCkZmv-0OyJtjZfWCoL#q#iR)5Jl>^ydd#qJNiq3$)GG3LNQ zPh2uMD0TDEV6e+uFtFV|M%0=m$>|J+-;5T|uoj((%o&V2XAFj1!2(q(@|2=y4Anhw zBPRgvY2h;Im<-qk)y-Li9L`&FEV?d2YnZd^BBV9$?INUjKr*-DWyS$kX1PU+kj{J$ z+LAZzlth``2T@FxCC~C?cT>gP))^#w3Q4##Vl@7c2P}L5-#{xWp@Sp zz8PJ<$pNu;HQzzi{<@2fdF>~xIw;p4Au4!|9RC=jN86Ii5_tt5oWXAf1wY4HSee{T z3$78VbEXlKLg{Gf&9?pA>2rb&=$z)`J+Sw`oM3L_r_Vud1HV_=meQJyq(6tlbDTo1 z+V(er5La!hHFnUpY*^w!hx$VLJCXFq9_UGbf8v1xT-*Ku<1Q;B_Fmf(cx@S*I%8XW zCK~T`V@7@iy6uM?reT+-4!Z47=r(bff+zlWI`wTi^P!b9#F4cVrmLHi%UTDo7&J^- z(fQg(96>Nd?2*^C+km}3O#cKM!^)a=nsOaU;4mHeq{)lwLX);hSn}A8KO#>e2@H8Y z89xBndUG;uPR-#Q2IK2Cpq0)OSs z6>&k^>s!&evnk>kT+?hM>SX@|1NCR?h07uK%*{y+~ zKiD^0uGOzeiY)thdBLim-u5YAeGBbB#)KW$Q4uxD?o08jVK|^CKHGOUXny9v@9*bE^ky zhe~#ND6n7Ny)j<8QH-q&s+-xxh52D+cdAxtx+0fOJ2@eEZq$UDXx1BQ=5iTazqz1V zzR#r(A_Zk;x}KidFU%L?d#M$oUL_!}VEXyB!d7uJvUxbI&abcS#%7l4@ySeKVIr7| zCsq&V*EhrQndM?^eNNrNdr%y03%LwX7fYlMV)p1d8@KN+!$W=t&iLo#ST3yO zHXFOKd3mCyPA-MRm4lVR;AUiTs)KFHNNtW z4-)Oe`D342Vm~6UUtHg$l~86f@V35Zc)aepx2;5H;!~5px%C9M&~MA!ZJD#kPzQB% zTjowHbNVv6d(1MLdn)&~)>$lDX$ALA+=IKjvkf_`pqL46c#|82`cdnFoSMxQ@TZ=X ztJxX?W@K8Z=vcqh;rh2*)?Q1o>QB!AN}NG5z)ZI#bh@s&phA{5yweIvW~_eoSqfAX62WWHJVX=>SL z(zU)yx$@*y?L!=apbw{3LXjcy49A-2+2C+$bR-lW8XX=DW&$IDKv*6Qjf8gskv)r()9r%Xh^q}W zVcC@{KCN(vKVK`Cjz|Xb2Y}++@`w1lb@$xLLi{NIKK%S5u4bY8XG$;&@LvquHB5e`7_!Qo(JWDrac;JqLW#U2ljj0Ojd z$8ePqEIT8SNF=SKeCeS`+BX;oMSP>-;SpbIXlOW;8VU}M$~z|h_!^jr&T>EKndR1c z$8xxcyik@i9(XSQ1Axzw)xOutY8Jmn+MAxGLN2IOVDoQMeU@?qr6g$MLKP%Pts13r z*iJ{u=sNb6jHQ$7;d>9(@g&wdkx9NRa0Tb_<)18Zd$elVHU%u;(J2-*5 z(Ni}?Z!&c{qN`Kf+JmxLH6=;+myiafJ-*-_{UzOB$WV_fyQDwqXR`%!*LT)f$kh) zuuqM~ltQj7hZdT9)77b1VlLa5n3c=Q^+)sI>iqX$h{p{+vuWw7E>LZ=!|+I#%;Qqx7@OI&i_7;%i`qLAm!_vz!LkohwN9>8WEX4 zIfhnbNAbYrAL3IM^4ZX?H@pec)mezf>Mq~n$3e6I!XWG%Md@@2rG?PN1cfXd%4jl@ zTEdowQ4GffMLOt@gY!Zw_XsXf@xLXR(TUQ1k7$%ewB#1UqLbl1fY4pUnIUI z5#{Y{r%tr8f7%t@xb-kqZeS0Dx@<&XZGD&YQg2mOmD4CYc}0_W%7oAt9L_z-+0 zAr#l7ay4ofMy7cohPB4d4z5MU*K|EBJkb1#QWV}r#ZpvDtmVqpdWkME$W>94HB)9O|ERO7pdvLR zHEbp3G^=UA1K+qz7kAl$R9I87`J-EH!50eLSE$2GFk|k)KxnWHc0U6HHIEl?|E*M` z6b5VtOW4a%Z?y)>zCwA+QfLOa!=4m6Uw;kyaClai=cQ)3QNV4bGA%N^C$al~mN*FK zbWoS{Dq|-425iZ?=T?B6*`r-A2GFaV;;X6;-ddD|rOM7yrHr^MwcAsbrdTn|E9J(Y zqP}M0wh&S2*RKm9Vs-$fj$Lw~y0M@%*pgsPmF;d(e$o4)LW8kA!t?q~(Y;sJy`0-8 zPcXNSORuKop_kbB;S*rvJsPD?z96+tpjTnFusT;FAlE1{L3Ca6T~+5;-66SizTA zOR6QLLJS3rT+&-RsE*cuaSU3Gyr@JEV$r~yPYD01lKOtmNZN4fg{;Xf~hN9fJCD+Ju$dkFT;c10;x=~WWhy)(4pTbZo`Qoe2 z<7hqGC(fb=fM$4nL1p%M-L}w8Y zd@BV6JMx6Fmi%wW$OUN>zM=cKVkP*eTHN1`*H;-s8FM7S?Ouq7+xbnP?*S_#8vXp5 z2VC)0Q^!?~m{dl}8$u8_m5U89ou=EJqxX+aFwy%(_>0L+8#KLhnc#vXaSu?)p&mHL zysOLP++!VFCR$@hU*3r?ae4#;dUTmw#HY8yW#Ui|++f&SrswpvS!394%)ftUT^23Q znfs6>Y`O-oPWE40Op}QsLV6T!H06a*RG2LfymBg5N6nDQAb`p2AHOtPZYq096<1T@ z3fZwu?eac}?m^8ov@^eSOCS5VCW4|eEj3j55MFxqU@7R3PA^{smA#X5JTQf6nMzqRdh10prQuKzNc9&rK zMXWu~IZVUFfqIR7YIUG)3bE_C4tJ3E9{>PC-sgKcupt3I#E_W3ITGM-zW|K~h2bgz z{|fJ2B|vN3TM77ih5##D+xdY@!2il%w|;tyB!HvsV#^`{8u7ZZzJ3W3@O=)`u+Nx> z5S%37R|O+}%^4bI7ftI|zUHRM6bvOBP4{MMh7$QRCPSw&IsV3j6mpY;24f}%8J%K( zek+XAw)x&1rRi|52cNR5(!BKg4oXvN+*_sjBnI@jF@7^XeT6p0I;U8aCOz%WZ1@tC z<{vYzv+DkiO4D5{dkeb_c^J?db|dS?EwJ*XnJFrZ#ofiqyY&;RC#nb}3Ib8s;W@+{ zo(_*u)B*o6iLBuV7J0zGe0NJ<;W%U@b>N0@zzgro?d^Bp~ zyWnc+?_VX?26+f5e_Shh#?tE%YlBO;ZaNhw=||lx4s+H4v6ZOD-m}Pp z5}h1dk><-|(kyDvNT~yZ#QJdfha5b-H_iRP#)j{L zAZ1P*=AMX7vU5N(e3|~f1iTcNm#$2WjdcM(XIWM*fp)bj+%M?WEs*Rq26IHgZzMgx zy?|2)(aFKJ#qHz^)JNu^Bo}#pJ0FQTQz~%%U?N%oh#z^tuzqQ}S}sz+1g8+n>2g5= z{%aM=Z{Op|==KT9X`q^Ula`gj0Zn5O!Ip!o{0I|wT;VsDxKC^-sRK1`pecqU^WPd+eqol3ro!u-p+mrkb_WZX}tC#Y_Sgwh} z-;S}-7eQhwU%T-P2z`5X@wB?=#+F7+cQc*PZOvTzPr$qa%y*(2weoy0`oD?XfMCEE z47O*1n9fO)mEn}o;S#ymLgYxqsF$;-*#aw%t+(6Ttc(nvlQku-_SU!2SZ2Cd|1E}~ zac+>^phm$twz`vXX-;g>rsS9@aoH<2gqXceOP1)2JVShc6r}UGY5hS)Ww=U$y80Zj z*(q*GIL3I?i9L7W9zhr}hr20b!D#cZJ;2EQAUcc>+K6oQ<^;h7od*O6XBkfzt-g2y z7|t?=GWu{DnXbE`tK`MF*8A6g{RE@d4G+*QWL;f@Xp`(lgZyXfj?5DLev38u&BUmK z2(d&gSlTf4d88MmJvGByc*XE4oi0~d;Wr4j+x>dWya1LNneWtYm7@g3B=!kffh=~n z(7U!Rp=<+8Ef*JtKMT;)&JKFVQD;%WUFSk$R0=C&w}=fO*FsuHYuwK^U z_0mErk4=$C`x+V^9L3q_K2uy=K*}q)(2-wkvz&A)dTvvVZNO1`Q{4!3g~Pqb%cEeu zL&Xt$OM-F_RTgBTj1o<~#r z+ST2)lxNUGC&Q(~wUigpwA*Vb-{7i19B!rj4X8yT26OA*={KgWQK%aYOI`gP>&la_ z_HWpy))4P!+j;NRsM{PQD8dJ*B#sl42+4VpV z9_Y?8dRR%<`#?9%rR`v{&I*>84L$8HX7iiS17U}0nD^MUSL1* z+xqukJJVyTkd$8JL~}Bf#CI`1vue7|+m;_-Ev%wq=P|D3sB@;}KG;Fa-5Rs9ZN|M) zi=(hq4YlZS(=$hct6Kb7AjwrNYKjYVp$!)3CFwMJ>A9U*1C5U-e**Swq=m#hF6c=E!C1C&?9N z-wcWZzS8P)l(uRz9X3L$cMZEq>^4#8TtdPBT?7!bY7GZEuuIbeP`E~lzJfao!8b(9 zY6tkDcvY&AFARMZ=z<1vpkbely>PjJh?iPt4i7!+S?rO;*3|}|Lr^P!#~bzCz-x0# zx(MBcnb`oYm~AS6vwjmN%u(3L`s*CbKSnMES~ zO)809*NZyi08kSjXfPmvL4B$2+tK z+DN$W3f~oQ{9DA%;dZN68(JV6f%!c+f>>ct)|KTpOX0y8B!84XTAjgd3%WbFjkH*% zY0?A=R1&}Kp-~e6A=ti0v!i*@lvopO#<)kP-Fc=>n|ew^@%gpyQ!3RErnE#aqpfE${sJ(N_UKZd_sZ?@iG4x`b*h z;lB51kI(;M2V3GJx-B6E2c^r}%En_ySFZK-oDCzN@DjyS&&tFMC&TMbXE%a1JW4wBV?6Q8l9G^Gr>xh z+cP<-n7P|kwR#GG+Xr+T-!=uEXuH+1pX2Ni7W%?R!W_vU7Z}?tLO>1mdnza%EW<>A znW5zlvNxO*rm1SS5YFLJO&F=tNa2!RX77mpwR`mNj)xw37qH>TKC6=5q}yt=`Qrh^ z_K{c-_|gtg#3G)&LZX9tM!A@7rUW0;66?xv?eSa{7b^WkyLm~rMzVY$4XEElIw z3@!SycO~+9rbMtde#6b=d;>HZ4+h7F&zP=6e8?^sVyX{V1;*&*7d%YxLl^>zK%d|v zj^bwY$sxOhOSSdO8jnlU_=*QOxYtjI+Dl&Qc|i-Go)cIXIL96?d=HS z_7ru`Vut4L~%dn=N^?*Z3bB!7qD+Dew* z2fZCdQYW(|=uJ<%3wr+8gM)ZJ@VFtKmmDB8IQ}7gX&1=O_hp!>|mkkQ9utPd+E*ipy@l!jvhx_VPADFY@xuaB9JWS!@RmYB}nWOwl7d)zT4_HG>2RgUsOYVcD2-&oIJ(a@$dSgkWK?CgMbvq=0oK)a9Otuu-{aA{2N zKo5;db40eK7a{7!0E|AAwG}=A*aoI!z}d|TWrZE8RML3hZC7P3+E6KBe)h_S&!_*c5~77LTo=C zUfx+c98-6e{D8TV4#&{-m@3aM2hy{#q4|T+d}^jpNR^fvTN}AtYGb^%wGzpvLIHJt zVocrKSlf-}%h_l#7s$+xA1oB&s6xdoCjYkgi zBO5bI$wW9FA5CR*s|Ra`N_KfDuwUN2FdfYg@uV=E}mFDoL}Dz$7hy{vGqB13-3X3v@PVoRztBw`XH8%1{M-af%rjF z1*w`q^?v*?isws__~B9*6qdIt`@@alW#9V9jp3cS-01j}yu33q9~)j?THYU9OZ&>Z za$#)k#{TU3jn!B#tmHNuyRmtBqNYwRg~OGDmBHX~ z>q%TEsXRyCDg78~l0>5K8T#8L=}UX5hv1&ejOTaibIR7>#M+{-I6fM>9vW`sQmb>T z!Ah{2Y_12h)9cdTuE9=*tLNHx74$Nbc)+4w^hMyRd8Dse4VQT-KhJ~ zV~n~k(=5MgH9^cq{YJ`^8WAy4BRmuz5W4`)PtNlr;FDoD<5C9UPNM*4ztnHeC+wFl zTkc?IK5yhLYHl}?ez~1amddE%gh~a7M(A;S9@>x672&M75P8jQ!3Hf+K+mm^jIQ7; zl97GL(hmT80|k_tITcp~v!p!S;oK;}t)IbF#Oxwpaw(w+@)t9d1dai%nFab8UStwz z!TAx&V$cF(%%2aq;rYk^m2#~Hd{D*)ej}hMQ}c2^`=FnPi&$Jlt<#wF1#&uZk@5i! z={9h(xQaSiEHWc!>C|_fb)fZ6Arw^MM*f4G-t|jyTvv?_WZcm~-Bgvdf>d~vd(ctJ z=8mh5=~5$YdQM;?s!}K;Q3L-{KOEJZ}O^kNG=>fJ6pi}4=9k%h)%dG*xNdf<}69E2c62DiM zmS{tSh0o4&B_il|mMI0J%|CiTf}OK=ZjDAVfIKOMFFrwnXLV@UcmHDgm&)}7fDyYo(WTx|RgaNY20*bt}3>YijS99)|Aq{+{Mjd1-&CcFf{#GJc} zq!^3D6XW^V%xY+>xLnxGV+nL;jQbq>JSk`0i*3H}z7b09sqkeCX@6Pr!o z>_%p0m)uIlg~Vnsz8)`Zs=<6bzm}g*EH%-#zL1E8;fzq@`OR>w7!Ab|OOefDn()ni zM9Vv}=JWs#qmhNl=wUp+8(v6E@50{${KhfI=wK|g*^DO&`OWZzFqRmLY|TUuK&ylJ%G@X%8{w^;rTEbG zM!Y^Z3s}_6{n^bM8&M^&UY(BK*xZP(s^yRzNKGFMD(g6Pm>J%RPo#@G<>hj|Se#vI zrqlWO*yN4z>odbCWwV)D8q6n$UuGJ@VK%s7b^vJD3UhT%mHHF719nQiw`Y#4%3#k z2VLpde&HBwx7mfUKHD@chT#^sgrL|-H_P>R#`&J)BwzMTW$)T}_FnMHB&0c#~Ams zcqb4UO{W5xpx&sogU^Mv@??IOfP8W^5{wKF%8C+9rG`fX!?F@o(&1oWG?NOYLZOIe zfV`;l>usbnR=8D2*CqHx&l0@egJncWa78|#3nEV?!VlU+*u0Kxd@Dp)Kl4813l6sx zLzvLbW&P;9YefV)|IhvP;w;{znpNvKc5muN^JJ4dOmj3_9of91u<$Bx^W%H)G{YY* zPP9dEw37Vj&ZP>NYh9~Fpsj_wWBM0@FcVmZjb;kO5mBShI8pVkKuNc>-&@V zlqKaQohuXcj3*4}Xh?h7;k`J-!DBmmDd2XW^FQ@4FP?0u&+C2*2ev_BNvyip#Grx< z=d~bC#Ax}`9-!c8CbYTF##0I2u!5f-BG9H>1Tr zdYHUjE*`LILZdUzN|xbK*pn+t0f0TAaPiH@``qmyjQ2q6>MOhkb{8(~*riS@YseJ; z9+57a)<01nK-`054|j_C0HQL0zLK>srTmnf=@7YTod2J_H-VERJL>~yGJ3FOwhZ7f zwI;4g!VNs6GS5VJ^c5>J7>j_O>g`w0_NP-<_F3KuCvw{=y-iaF?YpE=$(tnIlMCg8 zLWAx7R=dLvt|sUz9r)j=D;r~?-~r?hK+2ji(T(jKLm${Ch$*x(8$8)GtN^oZhiIy_ zRe+o#v*ii*^|I#_1;BhY6mqiM*=I8N&lV+ewrXM?zbo}jLnG%%y~zm|n1pTK`CMJ# zq}lA}3O*&wz5E!kc`|>$z*bcM`s<3VF7YIYvQ+v^{&i!-Gmt%8gcA(;t>mnd+GO;! zS>ZGe;Ud=)5Q>Id;55sv421%P$8d+4b<3MApj$CFpbt)Ft6hnm)?TqGap;9!O|{%? zxR&7h5z3&vcmF+?A{L3FMcpWwas~SVl8e=PAIZRkBsyw{Wp442I5HvU`UHoFlah|s zHEZ^&NDuEJHwq9l+;|tbh2hXyHv))ALa%~lyVWL@-muxMA@oQMX*PEtnvT*Z$<}C# z;MBg3qLV~dqO)fUJc-Uhg%m;&_hCV-VWmhMCZl^z?Q2%fF5Rvc;VhYKkWaHY1O4&! ztX+ytS*SZZo77Y7(5*hVc4-5-%?EhsO8K_*K@uvRq-pF2FvTjHXUA0GCPGZvBGfeU z%fc0+OFGC!N2ZzCcmzHOo z1!MMMjMQ)wxOKpxTw;&_{#&~aU%v+_;!88?W`t}O#nL)^k03$IZ+ zP-~yiDUhj9d?P_!^u~?=2-YrLy7BEV+y!+X|Iv)wZ}w$`==aln%wTfp2OS8#B*%|3 zwO~>=3nJs>jq8C-Y)_IVuvvdu%;d3VG6Y%$=m=D2UAi8f@H~0ROXzwLjvVHAXrS;?4QTX?c;XGX5pT;Uszzb zf~V~b1lpguHE6F-#OXP*)dbM}mIu0<>(Yh8e^?q0ZzOQ|ja!04`F)UcF2qF$xwj%N zlCu*Kz{>Bv04wyVTLCLQYlQpUN72)x?q8tiB*+gIiK4&zt@F9M%@xQHlq*zjo9=Y$ z>v`=>tS4=)=ax0K*|WcoDsm2Uz6V;J_x;m1G3&3lRZ;j%m6u2-^cG;D-!j6%n+Tcy zlV!>D^br&P%A%)>Nq7q=cHdN5p(itS(ll zsAIYJwRKIul-W8a8uu1W+v4nv&~vKx9GuHymAwgbco%sq$?E)eCga zv*qAf7mN7uuKWmLq%gYs22DKi?dfIfHi|R;k}Je2=r7}^)emT}0+}n4BmJGgw%JAq zVn5W=Nit=h$oVL2H5}nUm&flHUhpsluJ4{kBE2Gv) zW_5Ral{tuSwb#~njn0Qgy}jf$wpLg>90=!A0EVPxhzXJnR3nv9nkVa8QXVRq!+w6m zg++sH3k@?NG&s3X?j)2j*He?ZHfI!vqL>n86U9eFZJVPh8m&A@(TSlRNWCD+DK_0{ zmcyIfa^z}+&2;KwitAOPVxiPbT`#4XFx#rc#3U!Frf^b>a1pB$CWoXIQgDPFY9y!0 z-0IW%H7$l#M{$ye%)HbdiRNa#6fq4X3+0P~xJ`@PWVn9Tpz~?hu>!$<$dGCIN~#Ry zGJC9*a|Wu+_)4X04&~t{$+!y35*wCjKN9Er*k20;X-)>xlZ?usfOMxynQN0lWK+!6 zgsVf<$SL_Sr?5PmqW!4h*ia1T>iLXbmeQL#-)b-g!R(a6Y+RN4qpFxnRfnho6KPAE z++H*`O96rY+X+MQdf56q7dwYC)i$U0Va|>l?I)hB=>TqLqczr0g zn(E0$YRG8UwN>L_P^z@^1AQyk*)_IoI(vcI7pP5+{+AVMyKLZ-bJ)O=Iit_a;t@Xs z9$^RKTX8ldviw+mcMnI;%a=G-X~cQ*sEhnKrIiRKy4lHmRIv2NsnZ8;KA_hf6933A z7|55FdaNQP6KRoQt;u$F%kg0~ve{g&9GJxjklq;~bWGR|50SD-X!<(&T}{biKGM;( zj1aEyY*-nA@=B>=jgeb?#@sHNo5PZ!vAaB5uBJQPyd+*1%k3dY$a#yVd`4`gvbBaBtwcISp~a;|sc%-BVwMvcCs~{P+jYZ8?(8yo zpDBixE%Vh5lckhSffSWH$YmYwwlw7O4oq!3)=@K^5%OKbyAgIMBk#7_;yM-SgaD#b zDI;&xNJjGs}p}XQ%(0}k{g`e%_g&rYt4ABb2XkB zwhnuHnXE9(N2Rn~esgp2GpWq%Zj#Qbs)O0O^NR<-et@k@t-8n}GWD zZ4xwg5{d*5<@5|htwxJPqS6ow4Ym4CpbS;H0|^r}I2A!W2qh$ziz?C1p1DK?*~&ctrYw9W3|3YC4_m2 znFu%cOBId&kcbY+Z96-Tlo9A2lSg~2UOFe94#=~PC`1idVb_&tzp<%qD(w^TaCaDw zU+d(HQ;IK!t)bpiTI7t>Fok!N{_AEsHv0%#TqM3v@nS&aR#hwe} zFI&8(p?w6Um#LKDCV!s3Ea&bb*B2K?F70+9*LfsVrpB<#&l<}ga??I~A!c(m!i=SU zEKvWDdOnHI z;5{Jq{X8iqRLX4a?h*^SQ`ZsUwf>8X_6w-;l1;3`qHX~ny-r`MCQpqHI)?;UE3aY@22^_IJ5^WqpbwxNchzDdWm&cM)#vWR5vM+h0 zt zPWag+51coeJ?Gn#RvA5;R%uUpYFcFytDl-yX*E9Iv`T&faNGE?hfl}Dm+w$orMuIQ z+1E7r2;`Z~4Ae3Iyc24RgkB-~T$#p6p2BdJE zivQ&}Zup~65iCnDRrx4s_M-7-aABfueG`U9XJmVQm#UOs3HSR2$4ESTxp*bHwe|e? zt}UZ8X2*n~KpGc+4^88O>z;}RlpBNL*-;MQS$1?HoI)yM?%Z0CKg`1(}1aZLnVP_`o@8cz` zBxgeBv5Hb+l`u9tAH`$+p@h;`LU~+3V1{1kpa34q@LU7rlxt1$Y^_W3+AIP`Bne-X z3EdNjek8fJZ{^Qfr8T?)8~gjHt>jI}2BtNYzy+8NMC@I53q=$7T*m5r@V73)4qWEc zLvsXPIcanF-rB+?R~fhr6Ji=Eq-miHx&PeC;k7o*fu^`kq+AH3q02!r(^{fW#N1fB zLK3<1iNbbhJ6_=Ib~LxmL3L~Isc^@4k5E^8TL(%zn`>{Xx0M(i0;Jo>cR(QUyZ4Ou zNl)ZbQ%X9GZ=RRH^}ji@8QT)FaG#9(@;P|cy8Zf=@s9|>N1!r^sr~AgaJ?Q4{Q=Af zV(P=b-8toN2OYAY5lAz8(S`dq5Uv=n8~T{ho4Amt2c~y z145?{(cegP*bU>S(RA4)w71S7*Ar6Gb_mNNyF`_dyM0xSt*u*z{n5TYF=xrX6q)a) zp9WIW%CEM90Rt@ZuQxlHaL#`dfOF3I{`fgRZ)kbv;kPmDc&Q#v&2ce2fukO zevh^Yo*=)Z>hl7S&M6MQc_y3p`X&v=NlWae_~QiH@fYZvKo~1}-9&Ed&Ev1=Jc4Un zj!OJFdbmj{@!;E*rxH(0mWCz}hh0J(ew)q?fVg_I(vk-&($@qGqQaDmLHNyU@fIv_ zUZSS$M{+0ngo8mrxy<{ zw!l^RYN6YvCHl3c)7l*w+1d0vG@9#Q`~hssJjNM}yf2X5{KT@mIUQdXOJe)`3ozAS z5*t-Bd>I0PP3ENN=h+r{T8s?*inP=Ky5MkmJ$} zXqErvd)<&@&!9&F8+_5gk;Fyh6$#daWN*ZW zlQAu-Wsp6wql#N6f)Hl%(RjQP(d)Hlhr@L?BoNo&BB>*!o(xOrO{Ac-hl&~3*>WRX z8YQDbcz}T2)Q+0wSRu8!r?uiuK0OGFQqCahAZ#*qBnylzidzFt!tJw7E~7QLVj-!w z5$vmQX%-<(a<`DtGm@AKv*mWUl+nW_63J|EM-^Tymoi+wGSa%07CX=~DN)I28xrn7 z)`Vie64iIarj}%zoU+TCVOh|085bU7-gUXegq4U8t%yQcYU&9Vm(8eY`8sE)13~Jf zxDnTr(@a)Lacv=GGJLBzEM(eYGVfB0Z73O?&r6)h^Eri$Z03cgT)`ZV3#n96N#xe^ zj8q_Yy zr#9LrT&pwUN;wTk_)b91$BFu7LhfKG$~7hu?w|k zF0V3ryO0r+#R%JABe7$V(bG~R)hwm^>r#s?ap8PS%FsO|-t*r$qQug8<8(1xaWwc?VObMN66Xk6kH)g(DQh!q>T1HeAYm%<}4GPtgcQl?_!3^xP_IyeYRjX)VHD7g9L{vWs0=ikS#<&*isqfl@iVcDy-krONtF zd9R=sOZn!}?r}E0!$}8w$-TtEdhsODW}AtEk>?77ZY;N+>FN4rGoH-HuDA8fwY@}g zBT{GhT{XI~y%94~73H}>bn8RXFndxI2C>qJJHXTwQRwishPb0iu?(NmID&?Xl%mH7 zar$9)lpGWYDgnhv<31mW9pxjNDK)Kc@CmksORxl0Ooc0g7A1}4^roRn3`qt!sJ6s@ zr6~@{b6g~j3#Z7RY`t7WSGh>F*%!-^eol;VC56%U)+Ei3aT;2RC>NEo$Y{x&SRLXDFdo!J;No;9Xr@SmSUD2Ys}kLrQZ>qs z6l*EDv?wt3Vl$@iO1g#2s45vr7Oy`7L`H z1}+mz)XJtIGP!ldl(TF@7C4cM6?khII2G&Vh}kGd*kd_u%>zjhtk6iV=Tq5}yl}|m z6RGX287AuzOUab3NHS9$nQdO$>{J_KLI|7fLVA;K54lTRDd(^*oG{uS?i5etPj>mO z!7iUXvA`4MC1y}*G)8=i+sh}!UByVXcgt)?l62ZlC9-)$4k_6vAUg8+VvULvGh~q* z#KAFcG^1G=yW3fGNv9SsBt)Z@$}${s9}7wIKuO7|A}?Q;(-y?4Y4b>7HV3MSTk0d6 zNwLYhxqg6~*?c*K$N8kZU5#W%pz=n(sYfbEZ>%*2*YV9BCviDJ`Ka3oJE&Gt#vP@`IDbEhWcPNYWh zq-x3=;65zJr=kL%ld2JL^n`3wMOl!g9wUm45h#LOYYw`lR(pLX%wDf0xVpMr3|$Q%vU5F&X<5kt9ZBo4F&Nm+K-^Ig!NtdbMF@<&jLjkIG4HR1h$y z3@2lLJwDPo;hJKmnr0+!WJW4DwzVXaU^6;fjO4q;NN2q!b}~5DqQc}dB|&d%>0E{_ zclN4{PFEu9Yo@Y-5jVK>W(3r%k&ke=>W*b=ycmI0U}z0SP)6dOFw$|L8tXM&d!H|x z3dfk?%82c064qmId2u9elt2Tp-c~iDVXsL4n4j3G@Xd}O9-;B#l9QY7NKaGeeF;cCW9o7=51{WCsKL(N};RuxaEFu*m zWPVk#b6ribij<52p1PDzr^6~DAq^zM^RdF`Rw?R7RUQD7w%7)(qB@G5`4^oQ}s*LbbiRUOkGN50Z%oi z;e1!a{T!FkV^TwtSu>Zx{N;SOb5aTGB^B2gBE8IR&!iP8I}!~Xvj}@c;TaJ#`7&Ft zHo_5EPzM^riTQ-NlW!gZK6;#O3}S$n0sLu84K=2S9Uggm^}G?s_n>Cs!3I|r+2RQJ zV*!6$u`0;j3MBn%aVXx za+P9P)FBmNew~t%WH!LoWzgOM#EV=F=Shxo1uhH;R?MHU$@QUF?&QTJvkrWbwQzXI zH+4l!3ea!}{>&VY;LrU19_e}PFFlU}lS@gZeuCn=z@5v--{N&E?{|kO{NA#Nu{p615 zXBYa(9g$~Wmioy^FXkh96!yk~YQp;{X$tIlU6`{Qu#0RIwtL3~*vy5p7UvqU>!Lzn zQDD-reZ&5o<3vH;mLn_+9mjy3I9g%iaL}+jTr!sul483g=90CfSmMgMTnWpto#jh8ITmt_l{s4}rbe1XD>+{-+sT^Pk z|AV#-__cY|f-DK-rke zvrtX82kP)Dov#G{gtdqMIr{&di)-~w%q=Hly=0GxA7SDjyl?JC@UE;SslOpCB1j<@ z=Ms86A0A9>Gp(mH#Jsnu18DJ)N!?(8nV%p z314Q87b}rG&+-y%_k2qf_;9YI!oQMF!y%B;3cQgU2pM?@zf89n)yh()5vwq=xjRy$ zJ0n!B%?Rs4nKd-SY!{n|6*06EJ`K8=(sS?`9Ou&=sl>zu&R{cDJ|zk8|H5zD1l^3O z8TPs+4Z>U4Hu4PP_XSieDz<7wANY*IL|Ojn^_#8a_Qq=xPa;_)>P+MlZ}VCj2WVCrkZhX+R48h+!d>YZOPESrIDX zLOInC`TV-Zn;U9IT`!GT#O>($f+#jIN4X%x#DXB2`KAb9#v^RH2iR~Mm3nW$qx7JZ zWMXnd9+aZ-qf$nz!=I2=%6e9fZpC=>uv?0V#?D9^h+=Ms`eB7!9=?tdCk%{yOKXVf z&Tc*xXR9q;*UBmQI)NWy22o1#I>v7bX60CsIz1s%i6~(;QcAMd6=85p_Esp%SuM#7 zs%5>0`AIy}X-moeaTUZ|mDZ1Cu#0Lmb-fyapCi+07aNT216~m4MXe||!zh2dK9u1j z=SOT(EptsisjpXrO#^Ex!dI@dyu4cx`pt?d7l9Yo*+xp|q%5MG+g&5$=_ zUOg_A<&B!O8O~?gOci@uN@!tCGU3wZvbA&!{#TP#g+Z!n`>u;+nbAg#L8UB@YEAgl zGTE+T>P#VH<~d#;un|t&VLDAM)9x0e+)y#LPH@h4Sdq($Nj51rWm!fD32y)|Q~EY) z{ho+T%rj$R|A4ot_>mY*hS^3RdkEieD!wPA+YwQyfR8Q+C-Pk@Rmw9a=9P?z@Z~Co z#?{if(M}kBrMNU?oleP+cMEBgsWxL-@aeqJV4AY2@3KiIS#s7(eC#}6mPkb~9|7}L zxKW%%Y)Mg(#6dpOX@D>HQJ(U8N!mPtKRLD=Mg1>xYm`qR=A;SSUVPr$J6NflDGqrF zp>{1{ASblCmWXdiDY+;$5H;59XK{XwooKFtc#lyjlPYToF%3L#0L}we>Pv_wl0er= z1w@inhdoAU=6b$4q-%(HQ+Y)EN!&Vo>_b_MOT4HXT(Tc#1-V$ra3b0_<%Yfoy2Qyz zb-lu49!4<+|G%#CY6PV>5qBc?Wj?o~G-C-aL1Q2mJO5%fs)%}1E$d7vr82x^c4SdT zBmg^7%Lwmj=F+OPndOK54$sJGUgEkarp>8-I7S9WWhC!bN19v};KLR+Gu7=rYN>LK zN;8L$CV|O|dI3>;x?0|fsiWKgaRoW+%rAsTC^s$lOQt;FqGmzPXnKhk2CSg<0iywY z@pZA88^CsM09W^_lG&FGEmsj_Po@)6q6!=XExN8o`dLIB%CgXr)a`zZZ?Mq{Ut~n1 z*sb!#7}i~^m|R^=BSxbsT5&1<^-lY@C}IvB1oAL@m2i?_c^&vu8Nm;12tur$Pxcu& zH1!Ijv#Oyd5e+)jQnHXAp}cFWf#}K2>k5f~ar$Sn>wKAu0 z-b+{4LG!PJ=7=>TKd4D^ET1tEU#W>y<`;9>5@h!!U>rwH+(sS|9b!~KMFg|IGct>6 zv;*1+eij~pPK)ci;Ucpe%_C~B7eQP@U#f4ei@e!klQ9`OiaU2M+CHvCa&@kiBmVA+ z){;d&89u?85o^r`ViZxHdBCjMITBNPNo*jhOajeMrV6FBxF;pKq>$hcL8%|1 zdMap9_)W&q81~0vk{TY=8imKJNbl`sHM3* z#35vgO?6lbGfl2_h}e|apw>(sBaT22P<6MI?B^6CS1N{!h?(->J^$aybwuVCKrbUw z!pzl#*iK&RB-D|}aM%;X#5L3rE3;)?DkWs0l+shRM0_2`CMoh-CqH6~)v{cd%fd)Y z*;ARVh2f853#<5v-*}Q)%=gps|qGI0N*t$&a*LLFkJW zvw>)ocwHEoamZ|0#5$D<$^M3t!kJGMM~H~ts6e*hz=zaEI97>vieeH!h2n_Btj&kF z_e~{=xT=&8lZ^OvG1*sCK9vXh0AE3inlbD}KVOMd2EfT&2{9wZ7N~D}pj0!RbPel4 z>{A8N+(jO|TQNk5YiyQE84>ldnO)E?wumrEEseOwGFK^;bA7aKAV_dsP3S^FYD7VW zyP%QliqP(sM)7i`zIh@>u10r!T!As0sSmWiP3VQ>1R~`}T8JG;9ja*%4Te%)P;@T2IQ&rGR@bqJ?S&VTJre47w zbLIGvDus{bj96it(ET&AToTMSzRhY)6A}8l1i1(CVYvk4&nO@6wDX3%CnfR&0dit3 zY37txvbz&rXV{jUszI(`4YOV=rxezZb?{H76p>?ysRPcYN;@Nw&4+u8+9EOg{ga(h zs>1SH$H4tgwS{uskRNewWMn(&kRgs_iGe;vu5suzs%6w$&xm^}WG3*bepN&~65`ba z$ON@A@*C2^I`E^r6BP%A45(qNjd;s!G>?cWF3Q$%&Jo*drt*d< zM`ttfqa8-u0befVNAV3r+#dno!=fmMYmFGA2|b)aZBG^B1e@xh!_gv>(h)~>U6x=6 zYlwQKB}T-NUPe6Bpen@*YLhuCWY`T}lD8348ZJQ&Dx?s%74GW@mThXOPMAa8c0Qv< z<+NO6N3yJ@*TYI!jNptj)o2m8FT@m6h-nGAR0WL#eUZV1@|+32XXH;ffng(OeI53W9rcC)HMGAQ@)2hOXbaAPg3Ht(@#I`!ei2pRS zksiy7ThTniU%_()wh5Zw6bCAz&mpHED}-(3BkN%yjkwo{m=mMzs2F9TPs#-ady2aI z+qEXEm!i-{B00q2cKRh=(@9(-eq%d_(gJUdba#L&0&m{#wz z6~=79Ua==b_LVc{b>MzUgdI~#=8}GS%hzYBW^kGOa5KFVX7=*J;7EX71o~-dCxVQk z?W;_wd398fIuIxV<4%}YXS>$Qhm{2EyiEacN+FhB-e61pG-%>3XhyRjYA1qe`gIy# zKb074!b&M^_IF1n!-{&bnm|l$lP#-a8$1Vgx7=8F^9)olS@GFgYE&@rK}@Gp#oaRA)6`5 zXfR*Znz)!piVY#__Nt8RwfC>zWRcc|3mr_cQDJf{VysJSM2_r)V>+mt0=w9T!fV%| zmmfpd?Z`$-0q>pMm)mbH%ZK|Jp@F#OQ68C5z4aYNZxw`2Olq3Vioxwx!+H_?YY%cs zDR1Ud(1}P~{e*t|63*jE754*`np#%iwYJh%!j~}rxtydx`rD|khLxa2~ zbtd%V?>o26kC3Y&#?zp08SvMxm}xL9GQ%LN6nIfMRt1jJB#{v#x?iXB^()J)!EI}; zt&xxsONe!jg7(7B#+WixE5!dcSTAd%}n=CT=z|*3_Kq}`) zQaL_=jL#ywX_sv!BQp4W6|&RZGb+hMzV5J*+jF&6%Wu28% z`kvU_YzgUpmdzx)Y6&pp5nLQa?u?jfD&=fMh5p8YFR?AN%?jBrY%~MS(Bnc%E2@ot zRtX=5)lz=|{U=_4eN~NYnt~*EpqCGK!>J^0#ER6UL#9~o?`o}71oWmTGI8iadbgC| z20Orc4cV256CPC~@DD-8XIoj|X>p(!atw58dneqFsAbrv#CTcAgxo=#xR4p_iqgt8PM%9YmC5FIvbP#;VAt5|XhKq+!X3U+>Gff2IgI zwFLPSvPv2DqXz7S$gMK_kZJqC$vwz?_Nv3Xg`LWj5YJ*N4 zg*dO(TSzj$y0IP(yA}0G!Ae!>*W0aYb&aH;Bemyh?I6ai9#q$(tLsrEwyMNbW;L?@ zoVpp+wCd)1{UVk9B9;9jmHm#S!nvul7paGL1l|{^hZm`bQ&PV#QrYiFsgjFS_9^&xzVz>c zpPVl|r=${J@RJLEGUYs9@RJLEG9{JxB9;9jm3?xlrwe{^hxo}wD*MD#_={Bbi&XZP zFr3C09(fVgbO-j~B9;9jmHi@>{UVk9B9;9jm3XX*48 z@8;_Ce*ON-;@>ZyRCf0c_}`gx2mI;%z4lR8t=%|%|Fe3#S$np7)N0kb&z`iqjc02| zT7C5dbt7y2)p~zbYpcD<&rs*2W7c}ldRM=%B00a)ZuM$wMz7tvaptP|T&cj`FuvyT zyYBkn4dc7;W9RPPk^Zz%$3OLV8JT4pUA@_?X?3MvGlwDE zP#CKBL!==oDiCV6yR}fi-o#&RugNoHv=$w5FPnJwa`8%XYb&(ZZ6DXQS~ry6s)Tw+ zold*kr{An3Y6rD0W)Mo5?UR+zWlX6PimYD=DZNmyQ&UlZNuSE|>GeB^9KU(9U-Z0)xdVPrg)>P`P8^+tv^z;Ed=np$M@Ar^lPG5^*+91&eDBqV-qk_qaWq_0}Od?#^Lk!fOnnDDU4dbZV_^VqM(M?qB-=B?2Ld(!@}&*3x>Q9-$1+?}hdX zC7#j{5FgSLp-q7?lP#^&uDAN3qaGa$?^l!#fjzBO@+_g0DGDgR$2=Y16A3AG_DLkcR_X;7s|Fw=Z_{%NVnQ_TUZvmotycy)C6#yJ0A# z*^9=TUxCvFBJxcb-d=$55Ag4uyD2T%JMZm3v+e+SeC#ZCIE#PHINo?YH7NvVA0V4Z zx*N1{lUV0ccWc|0Iqb?9Yd6679n>xV683=}r)R;m-Euzkm_5s^F_$v!UjO+}O;J`m zHv3(3PC~nTcxk)c>VxmE@;F4#hsHs5Y3r!3x4ZQbJ$28A5_|2v(9Y;XSDWP>CaIW} zQR^hLy1Tu~9K^TUYwNp4=R>33Uh*1SE3DzVh)bjaMjz(FwenWIP|r2g^ybMCA(vuiEsZ*L>4CZ1#PcC)DKfk;R|Nps;;XM5=UWZj z@?dsKVK%Nxs5~d8Qq^H@b1l-AHo3iMY{*?7>D@lNcXeZTH935aNz#4_o&JEUH~04V z_7($yx4Cu5ZFB~i)Yaj}>hStdY&F%Bjnt6Qu4}8t!Jt%W=Lh;$uCr@w*(dh`wJ%Vc z9Q`jV)OOjxH_YKZXVgHw-|skT;92!goxvkcYhO*z)$1J`nNZ@pHMItjSUW3s+p>P>pxbWJx0d++ z4AJ@X0u|cHm|Ezh-q&4mzSmd!N4=2R)*z-w!s{zU9LFGS7!F!mP;-Z}5SgGXtcBt= zi0!aYgp|pGJ89%tN{G&&_|_Cu9_&RtPx;80r2o!Epy`N?AzRd+3V2VH{Nx-YBq!FE z^?wkbQW^Q1o)3Mg?3%X_GCOD$0qOcax~UFS?!gXw-~W#bEZml%-G#q%5&ZCmu%~p> ziq0=#iZ`L?{2FO?M$sXY@hdvQ2W|`My41~D{4(mo(HKGTs|%;EC;B&03_{pN9Gj4> z063dF^}Rcx-=DMLOERvL;B38xp1vORVATZEF;^YC zYlr;s+dy`9Uh6KW*`im=yg@6w4Yc-lzNj8P#x-(=~z@$r3VY{iC%*V7nT{< z%NS7 z)MgljiB*}*lBk=+3ay4p)YKljOh&Zz)yZFAihW!q)$S_YI#}CLOF35Rrh?f%6RP#q zwJRa?U{6!gn)Oz_*Y8>uA-w3qw^a1uOnpBp&*NpvB%RjIIDo@L^^`&29jC7=TQC0FWu?I7C2KYv_lM|ZNMKH1z;^=g9hOM-NXt7gfv>q!CN!KZu?JlP zoD5z+GV22nd54{V>A6e`ItQ2t23m3aFe~`BeL}zjXlrmH_K4@u0Z3nI0H-`OQv8yF}K72l{@|f4{#bj$He$~*}B`3}Dq1}lIxWs_Pxbr-VL0a{9 z2(8MY*(~=0QILj!Dn3oqPmKVKaign^`pyR4@;ROWQxzlIFuffEx-hI^oaJEn5duSn z0%o?qVg?MqmB8>zifT>Rf|0icUxM>>ckpYL-obAqJ2<$t9c=n`@b;7V3A^*H-tOGt zxww%3wxuEeQ3Cmo-x}n9>#ql|^K+Qf-~2LPGsSNb8T9op{X#uG@Sjlp4(frg^vOAN z)|m7|uIS^n{m})^hOPgRVW<`IK}T@%x|uYEOP*Zi%-}&s((+n<>Lw=ezFU>kyy2~h zFQZ3&6QK=1Kw+^2U!6XJae6=OgWpX4`n&i`zu)*c`S-WrFCyWb+Tk7x4A{B{&E0?> zDnmKS)lt=(!0F?*_)VP=u43oe$ej1E+4vMc#jjf01~NyT^hTw++guCTt9jRol7htT zpvU-Qmx6y`0VJ{2$;VI94Lw_m9x;XA>oxmXoe2Eq`k2HhcZr^Y{!R z0)uw%so{sG55QK`t=D=t5J+o$77b4y=2F}53E{60!JHeX57y!58>~jxZ|L{4{Tm9Q zb)P0Nhff&x#=n2gaXZU5Y=BkE|ZnsFq?PER+P5!VG@nG(sHqz2~2OR#V^}?c%=gT6e8p>mRHk z?&?{@oj$Ago944PeguST^XPr-L5PA+&lPAU&<-CFmKL*xfg?>okI+U>Lx3=xf837EP6|^7~e6r z*M4=Vd}#aP#+g0kvqwGHD!~Yj6%#Ho$|RkDWG# zY@9xcp-Q4C;FR*L(wA#%hii6Rv=TDg#ChcpN(q5fA0EP|r-iDpTw_lD2~blnog|q3 zB$3JTDk5wHB2chfD@>ctw6AyDM~4Uifgt1e^QrJJwrXa`nqv*Y^kzuWG=y#RuE11$ z;9G_pVKQM7u6S{}KGonc1K=L7`&x>Ylz=Kj_i;2QyHj z{5ne|8mGJ->4z4D3_u!aV9|SeLoW@nw~iBW$ziLBn1#>yHat~F2OWOIUrf?;NY})dX_*lm#noa5 zaMB%Bn`9QWHSwjs1ePJi-!#%F-*OE%U(osYlfa=^Zwg7TMt?O(}Z(%zqJ?#!|o+Z^ICji zar7dc)6?|UIe_tcx99V)&!v9)=8w zL=Usv)iaVupF-1RlSdzQNhad!NRoMPLIUac5bSq>{;B|4xrfSv@G^&rcIzqrUenW8 zyWw%;ftTJJYEiwhm^qo)ZhhUm8MEWPyDz49zH`sGVVDL_&b3uPy?4~pacl|lxQT5} zifhP8J9W;+f?vD9&rHBOzom%i47O!EiBE%;?e8O&?YRqBnYn<=dt2NUXF1L)mTBTH zrLy=^#4}6zfpH`KX`6>YV+#U=s1nNTBftdxz3qVZX=VSqsx`H*W?*EgA2f^PqcQxKY|y6=Y(Rzdh)J!rfhK(jGCJZ(sc< z!QItegZSy2*VaPU`b6HiMr_8{>|=6GH4(LKWwA`P%^N8Y!qX>d>s8X)$w^wJtqB)_ zA^l4JPyM6Y4nC~yq0{?l(;MG*BWRz$91MbgBj`$qbnl*F580eunE8zhxbI&8{**+z zuFoGPQ~!ju7Z07@-#>)ysdIM1Sjz)y+a%>e&b*uozS9TM8VYBfRp=p}B1QA7_y3@?3-i;8nAZV~AwiiGY8<5Ag1n z9^gN)IN&P_KrjgSA18np7ieY!zC=HryJo`)JLuKi(k^}ds9EhGH^{Y+?(Z8X4Tu<) zyTrCZ?(eIu13YwD3&fZn3P$b%aT3{MyD4v*iw7Tx%JI`3X;plc?B$xKD~g2*x7)EAGbEpmCvl0f0ywapThg80Si{+ z2>}aq*eL-E?mH)7fj)3|<+BUyzRhcYX~IsNf4~Bn-kE>}Yvs$}&Oar%^CJ^xJWiwo zxHEeMoAmF|UT=zMzj9^87QiQx?0etkN(d+rMor`1IlUh*7nBZOflrr{4*nSd*B2KD z*I!sLm?steP}WZECwV%dUj2}Gg>n*aJbSw$)Jl4RV{VKF$=Sk1~X#T*>}0%v<43RMG+DUamuo%gK0O?*4u#53Gs26$V!w2$M0_*Jt@l95dF7WNQ7yR|hp z6mcW;f)gl3oSb!StySwkOSHJ&v(|%EGh~^GQ{-0%>&L>AVKBj_#>dDQ#{a`irMqx4d?0C$?k8b}Zy_ zIoE08Jb-J7Bu*j8(>G7r729jPx&ceDU1{?4E!Kx5MUn11*}gT$zZ@c8+By1e%$#wJ zEPz@peq@JWqqU%Akoc!avkZm9Lh^`(#Ir{T@RZq~vY@$`fTd1M|Mc`;VyU>Xa}Uvd zf6P)rEDML%=JM%1b#3E@@!fb`BS1ZU#IaTMR%w6{Ac%^dw()0z>BxgH8RmPeVI2FS z{w`L(!Wzf-(Xz7t4IpNGJHF@{1M3MH)_O8-iTpES2ApVxcFgC*Lk71qyay!Rllr6! z#NZx^tc62934XN-R~>54QXR=l{PAj6Hrw@NAfp}LAqaRp={vALR6z zgn9hhnf2Y2PV%Oe6-q!?EmFDaqoEU(l)nNLY{}=zX$?K%a@XaBwU)o2;GMnO!Bg`o zvfE!+pqVXIe%{)^d0NZ+eDc3-X;N%^3*-%dYKm9jA;Y|y`F$kRh znE>Z0G@C_J2_;$%IB%QB8Eic&Xr?%Se)1evc0T;%Z<3zQ@RKN>`uT~!rZ#!k^F^MhE~`4E~HNl#}8&G+HyG(tn(Ek|g6 zo@~bVpxJ_i#=_`@2#vZxueOeA5t`|}PSQ~=sm*Icb=2o>7(WO4Ms-x-NG*oTEWjld)^xoco6iRS z4Z+TdYR+3dHOE%9ueGUJb_oUN4VHpqw_ml|kEu3KEvnj_zxwdl6$0#Ai~G3QKK$x~ z-N!kp4+wnlVfsX-{~j#dX8N!6ed}TD-@pe8x;8c`5N9KIkUf2t;M~Rn&1@bYrJv5_ z@e2feydOO|>z)|!@d13W;JPadEFieM((bWj%8H%jOQuPt?H z!XFWhG_8U*_3pUx7U9sk?(*6_SNGPdtGe0FNG z)_{Tcv9oAmt;Y3=!B@jTp!MCdcKRemY8U6c@$emPVDr3Qze9%edA;o6A3c3?8YZ6E zmO$|IgASrP5Wkn;t=H!BbSr1`XWL!vPGxmDq<7^{3vFgo?;z#+HA1=mHQj;PQ(TI2 zoxZ_}D0(i&Y`nwqR<5t15W0PD;H?H2z0s|Ra&`zW+-T!$xY6rZg2*-=ZuBm^4jaA(FBVH@x23#>PInEx#S)4>AG?8B_mPv?mtrz4?Nhi>oVvyM#Q z1eW?DN1b>inh-(0o8S?EltO&b8|z4bS#=U+a?%beYq_DTG*;E)=TA+Yg9qD>QrMme zC8Dvf4si|!ntm&7F?%;`+Dtm9hJjc4<7DR!J|m9l`)*?Jbm*Mm>QWU8XtR$>5X=4@ z!Lq+Y!7&?h%VF6QHp|$EUUlfnwdgsqi`RSXBGA3ZDxN#bDn4cHxa)WxXBEGU_fuJg z)i}s19;2)xIDxZlV%k?=5tClI8~J}OfKE1L`OOKNwm>!Otl-Ai6(r-Mo=_V_C!p@3 zq9Y2QkUB|yd|Jm1+vJj7+aC<$m&C8ESd=@E5oBD(EC{}nq7<(Vj^feL6?}x)o4|#! zV6=1+E)mCXUJHh{m`#do#3!9oB5u`3T4X)mI8$aum+Q_9zj-aTZ(?SCLCG3%I#!*H zn)wZK8oq+AayCHhn~ELFvs;Ap%uU4yWTW=?Z4)xoaboQ6C_}TYXe8K>IR8BhfInr{ zN`^&nnpL06EtcXr1Y9iZc}{?P$#@e@@^5BNCUhgoPu_W%WGEdjB5+<);^DW<&Yy^wYT~>YYAoyf4WUYPOT>y6-4S#E3NcYYzk& z3W6X%eK^pW!%-h{2k=_&(blu+jLlQYK$NHY1sZGg*_ai?-9I2uP13$*54#*x-{chH zj%@5xv#)Ef+;pIMZYhwPOk~4TG_RgjG_PBrnyP4i81JVlnpWeWqG^|5#;|AA%iuep zjQ7A5QoaQPE_hB(Cv454s^l^?n6=qIf3hU>U{VGf$~QLC{Li-JXXIP zP+l_bvK~H5ox*f^UjEFu8S{O3Kb5;!jn9|66c*SfTd&!fur+sxyVzhm%U#He+r?eh zndSHI_@?&HEV%fDEB+kSF^^#;N8p9q+KVu5BhA^lPM>0Ive zH3FM0hj`rdfGRZ2j#qG*)^J9>eR7qm&0t`cw2CNL9x|)ejZ>*_2;7_f2`}xLf2bb^If` zyy@KSi+DekyIGCTm%F`sZN3m9ofH$+|AuTKXI~IUY zaM^!CmVM*gm;KW5j|ums{r7Zv)A`5G;QdtkV>Lcs{_%?oY?IADetyE%+#&v9gY7K; zATMqk|CmrdZr=X=mz&zZTi_q}Ji9Re|Kc6lzlr?A-9JD7u=Z{?bq`XA&l3vq$qCCC zr>6nJID3R!=O2%fnsTIaTCa8uks_0;uwKPJ*_`Czz}Fs6d4BP&+`y;fqTDzPf}s0T z0=nn|&1}$x>8Epf%9D=9<7QEiGUR?2(IaDDc@p zzVxbz(=}1@{Uyx$480;>d*}CmUwqeoaRC?vkKLaW(ETq9G_yhX8T#owdR6`aN(lN~ z2nudjL*?Q_#8_+e!UX)21R1{Fqv#YuZznN`AyT)HB)`!FG^c`DUfAVVxnyZ?m9Ok2 zQMhb=LL0Re^+K0}gY>SsDQ_z%?>ly}7jn@Q5(4X(pC#rf`Z6&0r zD3GYxl~ot-hs*ZuE3R-Q z3-0Ts*Sh%M`Kq z@~Ap$1Cm1pvFFI_`}eR~BM@<>Ywsex&g7^^VTD#JbFcqcaW3$nH>E2ossA5R`Z(Ct zBNVr_?X_e>+-j?2Iu3f0uLUmad^a|K%f@S8$l~wH8^9582vS&TGl@9%2hvO>GafPh zLrP48l_wqv5(xJyaZi8@668Ojeax0p?790tdqvLt^Qmv=8giO($fZ{gw< zr$W=|8-n}bC)CcGpLAt~J)aSMHdeArpQV;*mEc(m7>y1+8VkKyv@^2kb1 z0C1-EaNw~wtD~Ek)gxn4h1Z)6u>jS6txdK4LWeV}*H{$Wdu4Y;sP#uMGf?ZZpDaSD zKTaCIX#CJjN?m>mbtee1zL0;2TrwvAoY~a?YkJ25;*qn<%Uq=P_iq9pPrsz(FxL@b z9fsLTbx`;GuSEC!kCcYZ7N(ZcJx{NeYPFCf`v;{X$p2K}cHVj?k!S{V1Bpy|AML@z zh<`zMDQJtiRq5FnQFXMRjNBUANDXAjs5p1qixC0d`e7IAY#>$j{0j1jHz z1-t_L;^LUK5zFA%Ul1JoDU39WjFPDT0FKQb;nqzLJh{8k(GIC(;j@gq zKoi@7br5Ml(0iS@ejMAUrjFoY&^syQjEC>@=^gLAwFywN5xik}4WroG_oi9v^5zw$ z^9qu|Y5uPWMiI!L z@e^3vG5fd$v6J@owmEC{9q0wIbDNO-Tf+m7f80wt^Y-={W(()(ZN|AeMp+K$8gyQ_ zf^&y+_F)Fj9ii#%#JMjLoFkAwgLBq)EQ52judkf5)-yOadxTqOB1k|bm-tQgD||m@ zYh%NG^eYb?e-N)0WFFtQz?y@{^DdHR{5=aavzf;~q@T`X9_4R<>SC9QvCBmJ%ho8k zBoPw5mDz@ZdK#|C;faaYvOJvBO_LbkEt|V%t+v0nxsYR7f=Slu4i{)U?1N#);v zKbtM_AMoxoQhQx>4ep8l+F|?n*+UaWxRvhkSxmA?Z;!&@*WAHT)bE;0sk)q01HoW>d`|vALTNo1dk91-aN1zwcti=JYML0+~&06NS+!e;Gxgy9oYFRTKXR zGXb9un1deJFVJqBeYltW>f41sB_O@;)Ox(g9(<8Bc+vQ&ps9xp?N|FAn=oxxi?Zgq z44_{@0R0CTW7Z6P4A27f>=ACA0X~MCf#C%p6v`y@b22AVzUHE1} zmiP{QIu8m#EWL*SFSI~2nsO9U$7PqB9AL3!3*4+2MaWzV>~BiWLJn! z7<>&pu?I%xXkLV`q2%nyx-85t2IC?4n`aK;fp43FFBp%4Xe|P5-wd21@NnR{*UJv= zW%fa~m0B_&r62EJW?Ak5u;x1(J%f9AFWJNQ(NSklaJfBv(k+hWucsMtblO|Yb$-fU z9xX6{o439`p+K5x0e5QH(%0bq)UYM1agYW+ZWl-kPJx`sAj(Yt4$A%Hm+qE+43k>$ z1b<}0HZB_4^j?ScEm9`!Ocl+Dp9k7t4i-uy50@*Hb|1ma`h+D-;ei%)nT`9mPMV(@ zC(YL^*Z#y9sGr5`Z3_LmAceMDc{Ji*QTWV0f;Nr#nFU}HJmmKiQ2z7+&Fn+|ll0TM zgnDl)WXCm75`3cctXp~!$YGIf+%H5)qD#(EXU(r-xG|rlNNmF&^ZB;9J$sP*4NMlo zNuU6m%|JaqVs8(Q8)cQ=3$LI5i}th74v--!m41BEa=b3>sRg{I2vD_F>u`;G$**3U zKU-iLwwKhMhCe9U8guqB2x7+r1Ur76E@}4am&1<9Ea1EoC|&YYlkDq2}_#70xY^U8~1OW1rYO;irb4PlKduSYm@x@=vUr0w(0tVdo#Weo5VL3Saa|Y zKSV&KFVM_B#5MZqJQ8328!(2@YZ*#3%oUa!E8Nuz8yu1tJ0)~9t=#f9tT@EF1WS(< zsfWlW6;XAN=WW~6zUqE*4VIsS`r%QR%Iv-fsQpk=={OC1U1pK}jJqT9c3|sTD21CB zY6Ik5n+O242XLZFi5U&yta$F-XYaC~J=m_=t*m`Fg=Gs%AXXMEiL$G$3bC>^5qya2 z?#&}oQM9Ju_KINqPp?M&IwTsBSjZ6UtEhHTHgUavznzlL2;;sZp+Z?KW?yH#-{|0S5f0{r&0t?EvA)X`gs~fByn2 zw;8p&@~vCPCr>e;#8%$feiEN9C~-ZGPnR>By^4VH z(FK~>pnNs`bONis94J?Pn%nAjl_Bx8P*!8zYY1mclCUb@BP)o#-crpYn6U_B^ePfZsQ}oloo|fN&Gj(w|X2^(^8zDe@jjsnF zC!p|K=K#{dqBqWz# z;$cH0KuFF@@%ZEdE4RstyK=vU(3;yaWaTx4tb83ssU^tD^bw3I(!mTBe-YPepU|Rr z85#29N}iIi_yS|K&Nj0|gz4k@9Jy14s=&EEU7;RxZi_<*-GTc2{$_M@W8V$6hGdaV ztc%;(K#=uAZX54({07~#TXcIp?7F?kG+aApY(f!DG9Gm8sd~|W#`~#yk=1yDUPOmI zYulu1ko(Tji|7Ma=({_%utfcr6E^?+^&&F8GbMg)uswQuHoDy2!9Wbe!}|pv3OL04 zlK0R?01}n*CIA5O5dN35)CMOq<(;J2i^iLSQ4wS^{-}sREV(t)*{2{VHatqs_peU? z`xNEQIy|#SxOL_3HKZ(xmvlYR+?pfcv0@;mWS#9Uj(8b-I%`h|`3M5;F#@>c0?lky zE>1t4pvncQ&i~5U>vmF$;ZZxm&9rVBG_4gwVjk+P{{PS3x4_9=Rrdo)2nk6bAp{VR zF^FuI>?WIpgakyFB*>DGgghXiad$F1yE~KJnRRA150Hv)kg>iNiz15esJSO=qN#(TEHS`KtTS2g*oaY@z= z!pe=3Q=+|xup}hfEVMBu#NXh9r%&o#9`M>|I-St;c8_inO>gC;7TW7>MObxwYi{*dhv0!<|(+kc|KVh}p7bHj)7WO_{M*Hk@jND{8WZP$p zo*1YH6L{}={1XlG7p><5`m|ITx!92hp5{wBf-J}P*dvJOY%3%_W=tW|VGko98ST=2 z(#31Ho3{T5;>>g?(YCm0+4O>VSvc(s;hYkhF7=v!hOG z0%kYLNFwBz;y{$Z!P^(QOo_RXGHHvr)n*;{kW+CC`}QDvF6{Xl6dOO(fkLCSVyHbb zfpF+!-MOo(N1*a*&`CphZRz(*Iqwni*|&x2j03G*#R zV)6#HIqT6x@vnPyleX!->?t+XGuRV_ir{-s#azB6&MEP1{iWyJ3;`il@|Y*VaqJl{`|e z!cH3<#*??k$XM_Nd3^$2V_0->>gM`-cl73#b0pC9#e;B&=$=&Q~&c zkj+oY`33ThoqL6A8#ZwjmEG|w9Qnc7nO!*sAN3gCpwKgPJw~qMn%>PT0!R=>D!F3b z{cyya;no^+t9>f&%7j*BE1wxh3pp9xSlxu#;NXpKnj~iB{Z&G5yth6@(@fAk_==2R z4Z07SOQLKdpgH4~$&Qh;4oo&@l?K<~6nOT5NoCeI&t#_7JZI)ZyGNnRiM8SoB`GZ5 zLDRA6^NwwlU_(y7xOrwACq~F(UH0Rdk6=`V@!9mJ>2nX0GFd%KUz}b_S2m{CMy6n! zWZ`W~t`3r1Ri;4l5;IAz<|DM1D)?fur@N<3??TVk7vylQgr+dp<&LUc9}F>DxaQ<% z@ZDl8VjjUR%gUm&y(^dT%h2c|$hxzm+>%;CV#R&d#QnMlBT19+D-MGCdbJ+!|2`B@ zvlKrc_3Frs>sp800zJXKEzxa1527ElJr7zzTzbC)D7F11l~f8epwxqId()>|eA{G^>G zYq7+_G(-C8oKZ>^7f~VkC#|WN+^DD=Fxm< z%xR|I2$1FZcMi8Q`tnI0G?QX(KO-(#Z`tJSA@c6?=qAerP ze4mO2X}l`oKI#F04fh&?d%~kzHn>wyzAraWyH38Z@Q3*>kHy&q5{E!tqyx382^|X!l zIWTORpO5dcrn%^Bo8}@~wPy|LT1AX;`y0$}^MfYS8cgW9Z@PKyHfekfZvPj48v#os zl2xKDTJVrQ;AU-l!T=lvE7RzALre6VLKwh^Km7)0gnrI208PJO zFk+5KLJlX-Ahq4!vfOD^UF9e6$S%4A%lBZdN?oCik+ZMzC)?c~@Y;fO1EJ|Ik8VY$M5AHgx zP%`(^I^-q~EZLx6N}wNUJLnIc4soQFd=Y~euR~sq@3A^WbZ)N>dAkRhqz?Hj2Wi?b zgPbQ6iMFT?p%2rhLmWBb(&+c4mgqMH9rAsD`h90c=;zcSntnkYB50Q^;cW?V8A*sg zcYqO=sg`g|o}n!|q?B(sb;#M58XbZ*Mu(h>51y+3EHn+P{xG~YnjTANTISJBqUkhl znyN#(;&g~o9`uxk9<<~uDw!FMBpG{Y{jt#lLpIo#6WHt94)#N*KO8x%b}@MI`eOj! zWA%sV++O`r^&pefABP;InIZil(H7Mo^kKU6$9l(G`!xE!v?cmYL4Um7pMI~N5&Ajx zho)ape+b$oOLtpBJdPy9H4ZSs^3)QH$uqP?f5biT{1>cMok6VEZeQ~!+m}7ywbAr= zLem#Kx=A$s6E{uO9~05HjVMsck%3!wRd-PpdYnM$^ue{Y#mmk;SMA)leTxd}6P3F2 zxz2t2`nKc_uj^FrX{?IpB64V5&zdy@f%k1!w{Lo*$A80gu-~4{)2marKy&4CO~2zV zOV|JMeF;s$H$kU6fi+{wwY1AyPx#Y;Q0pC!_T<81^M*VUFvjX4(b=Jkc-olT7X3}# zw(t+yWa#ohs?i{c^0ZUsX&tNIlHW$!?Dg-h1BcQF5|f5f|2A>W%}&uL^e$7q-t0i973yKA9W>Y{lKyR_*ulq)%+l}iu6e`p z2sFDIUspVRl7gw{h~3vw-Wm9PZ!>!&~*B(OW+SF9FtW7~Yqg%q! z!4#-yTbq5PosB6(bvtsHF9aiUzWnJ7|YsZ%c=hxbC zMxGe&W$H~WxVqIbg2B~tjF||oz6BsltsD-newshq-|S%fuu*7p*)F2;QIBrYmYm?G zsh$Uq;OcuYl7#qVXK?ka(7XH7+7(>=A%B?f_gK6Q z^KOFqeIDH`n3H9eJU7%lMwP+Ua#OV{xEh=$jq83q6?EPS{RE3soEB(nH0w{%z?0K{ zIS^*x03|M2K0vHk;YnzqCCzXxVB8L{eQv2S-DY}=X;=7Vg0Qewz(f*92t2|Dly zn2ash+0<9n6VBt!a%Fh5*hLxJ@ct4>C~>(&k9%n_8lL&1z|s;qFWpM?g!l<;GYp|Gf0^}xVHt+J_9 zYz%E;TfV-jN{6;h0djA;OhePfp3ci*iSsF8V8Hc>Y=44Sl-XtoWVi;Qi)-rX0acc} zWaQ+idZUhd-#`EVC>Wri*^LV?r`>2r`EO{Ez{+4>+X8!-6`js25-y}Wo5z7}_zyj5 zc3E-KxF;z1M028GGBcVBK9n(V@Ss}#;>b5M+J%9&`7Y@OKG;qRb8BN=K$)yOY(cq~ z1m%22o9(R&TQHdfWm9F}qcE4?p*rYKy^4|8Hh(HjWsX*kuzQ*>XwrxMsZYZ9SbwVM z>^NHSv@u63{Y@RM_y^nl*p zp4So5?)K;=x945lG!^RpUQx@Zf~RB1f+F=QlI&5oY@t_2OG8B!@gj^6kvfd@Fr0C4 z>sBj+@Z915DDhZ{%@fMiH>?u9g6XGy9=(@7=s^V=wbv7B?{7P5eI(x(c(KzY`5Ynr zG+&bB`*(bgm3*RednMm*7y-683yT3M`F_D`x0}w8+J54+e{#SP z2HD!g$un4zFS)6_Iub{~_@=I_qib2P8swLE;RogvbAi+pZmoWYSIoX^xtA_kjCajW z(6Ih-NXKv`M%M`%Xe#kb=<=fZQ+Vd{NOV-J)vCA}s1^znwcH>MqSF13YZu(Qu(%Re z820tdo?;C?eQ}CGT2UCO7)=buN3CiFhcNq!Kvp_|dej*_)^ww8Gv8<^SDqM=PH>%J zPj#oV{pf%O5i74DkYkF^QtrZYe5T_25#e2=Y)wy@anOyTyA&jvauAs*QccE25Szw! zb3AIHxsxQ=PJEA*V4|}v!In}sn#dBOc3gZrP{aLE>!c?$!p!b*9bBZ8yOH6uoBB$* z%f0i^X#38>J9)vMhr&bHn-a}P@f63}5q7Zh(JqN{zB*1N+}<4Xz>~bP(hGdtRCko7 z5)GLx$19<5n;F2Q%fAUk=pKmg%rBFz3o46zS*iY7FPR%Aek^KvV2{4(8a4 zvvUBOW;|+?je<`i3f{$I+j}mok!4Z9JGrS<6tH>oLr%*eEt)qybjx8nhj`#L$8r=u zERJjfL(7jbEt82NWx?MvQNSC+Gqi=wDrxF$9Cv^??g3tLGH@2h#anAh_2QVjU*s{D zT`!Ki1;m=gUhA(Yj#iIQd`KR3K`LDpb_J75T9%imXLS)XND)7ytAh2}YFJBq>9@JITmZWg71{tvg6^h{zNN2GFUu4TKjFw>R zE}xGTi}F1W!OR-rr#znaY&-`wPpnrb2;EQWL0gVg1eJdN2;|$t8gNOkqV&tqy zzt?(2`Yp51ka`Zu*m0jV_iaewKBB#h-&=>K_7X?K@q5j`r)@}=ZAfo?6H3#eK9gD! zZActKx&9s3&d3)UrjS%Lnh#fPs9ZtCJ4k-pVHIbn*5 zWF8H!yWYS$_o21$F;7NuuN}S)FyIz%e5zS3&xi^Gc z$T(Q^l{Wdm1pO%X8P03b(Z&2(2fr3I(T?TzAXPVxci~Aeb8f5( zh}3znUM%Wo3O#Gd+c z7@^_$063c{ZH917ixPrN2sP_0{AGIlSqqb%oxoFOWY=2KQ1HSQR9e0`IzpUkBBgnNF3h*PoH|z&`c|6`eiIEQ$f>jQHMxDQ<^$h(9{aj73(tQpt4hg z)~2l_CrC*ueH6YN$dd$w9}QtYRY=!>jE9OLna)oL$jpJLmrn$6pyAsB-t81lR2nLo zVh!fS0>|%ai)998(u(?L9vosL=|~7kGf|~zRxb(bsf7@?Iz}*rSdK9hA;c>IvOEKX zLx{WaDe1sTCchL>os78nvne&T$$JZt_d<_u@=o#5+%z>Xz$1isJ4TWayF-X~pn)gc zS9<_p!~JIj_Y*w2WrI64gm~0I?Fu2T_`_WGSiBAM(+K8ak8T#s$r4rGA3w@tR2f1n zH&werh=Fn89_lZ-(_X$3OOt#yPq#Gc>|T8KJtpJi1AYzm%J%?ymiz zS-yxyorkdot7GtdOqTx%U7K_913eH#-5i>x zc{2VRAz$zSml~6|@#iD?T4nOKau4-CGmawckX?W##v%K3;wZvAA7+C2Jp?(DcdN~v zJl1_Fu#(Ei#+{q@;Dk9fJ`lDM1uD#@!3=GGjnyJ{V48XE_$#vV+${76OOb3m_lFcZ zB=FoqOg^1F_YC4W!hD411Ua(s9FO&j6j&oXmpp^iK`-G^Tgsa3@ebv&h9|I{h1jI> zR@$_FoPz~|LL*?NU5cjR2ae&U_Evo+k>C=KZgQ($%uQ1j$qPbaUOp7zddDK63{;D7 z>f#&&rtlOcsikMTX ztrbzV6*Gxh@-Q#i)ZffouzPVKs`XGQn$(Y^XFJFc$l!`_1?s8@whu+rew5 z1Ou^Z$oHxO+mr{&G}a>TK1M)1j|D{DdwA`3Q{TX}Db{O{XbXkk3gTtqv}Y67zQh4X za9c$ysC7d0e*Opn>Z^zLYVyEV9^{x_Zf7(|ZFBDTUFALA*zV`>eCGG>BrQ@SRmqSk`C= z@e*L)?(MjUq;wyH^sEqVD3A~rBl;kdQ~ova%%E?O+;F%n+{J-zxCuIfAU81;-y0q& zAsYx0uzafQ*9S$IpXnrg%@1JdC$&(=N3s#JAjvyF&ava7T5JD*!+D6nJ*t+bkJ zTi8DWm#R2lbA{eoUHL942gGLW!Zzyy3wO!Q8VL4SsXJkh=N)?--Si$eFAhu{+Y3Pu zi1(3KkBB<9n$?#$Hn-N1g8Sm-H7N|+qIn+ang8N_Wb4cDmRlse73u~a3sC58>l-Bg8^EhjCxTK1$wG$`0_qAzf~x#Ww%UPqP9rfXN|;N9s)?l7hFTz z#tO`NemK6Md4%qEB3C!!EJAmq;x&gj@sO?x1iM(sG_f*x3r!6XJEO`1goYnN)T6%f zdC2D12z{~#LT#?(d}|81q06%Uk0pyhR4os|4Q!f3V2q;xGW(GI8k$;#0SZmd+8RgA z{GdpL0JNH$Gn~8a%Q&bOI*pewhDvjQloEsZyU^gA66yhh_{q+efLM_VLQiXT6nlqy zMvx}zt5*(T#9=D4PGfS80V3^awLq;<>>XiJh_k34LyNJMNRa@j0Oe@DfgZ#??0kit z;mm9%PuL;r$oRW%|D!>pQJ|yDEOu=EA{)zUCoc%%-i*-jU^jU&O_Q+!@rH*9<@BBs zXv!k#Uqq5Vu%~9?ZuJF>->KcLwmL@eZdHyk6L+ic1IW@B6TVx0zXxMV%l5sDxMYoN zi_E_u^1jQXn{?W}otvgQ?L6*Qzl@P2#O}M*e?fz=zdCGQNVvb~0e}tnT?F^%J-TIs zJN0h$HwJ3g-Rf`sVg8lJ;%%5;Mlk=}qnibDvapcOfwy{$D(_b1rfS#SDuT~Ac zVCNRiVza4{5%w$b#gn%>&@}1D5;cxrPI$h+qnpI@a&DTsr}oHf=bgPlV>!2(@{K~j zOY<(IwPD#D94k?t1Cd{8Z}m{IlG`fd%#BW;D+f0yx{6U`Yt*H#xs_gB5?z-WZ5NN0 zESaQsrHNU)UeYpDTHgsEl3Cc^BzF_>w(=5^SDTG^7s<@4>o=_1s9&T~25uy@UzyVh zy4Uo?WsrG_Aji~_bDpgoxzTkPx2~f|63w3E)_pd<$GUYzXWOm2j9j;lMMRyvNiE@n ziu)|%E8sBw;Sf6uOj1NnWT;Q$0|ShJU`2Xa?n4Gb?Us?aI}euO3E<3zIGU?$-H8EH zRF_M2*Vhg8oV>U$A8DxfjlqDaOQ!&gA>+ABMmu}nJPoTd2Iho_e}M<_Wnw#;fc5|5 z1MYco)1MJ>kwvG*8yIP}>IzDUgsb$e z=$iE^eX$4!3ox1^4(ye*Cp9&LabSXnk_DB$zj>@jqyR~#c((n0PJ&rxjN@P?zcQ0* ziutU(?63`vVq-LWk{$ME_#SJAiOvs|9rk=iTs(&o@uVGgJ40zVeMsyuiSE#~ykLPW z-1{op3BwMkf?G7gy~#67U6JF}5gsWz)%ZuSRw>D5p^cGL5BgK_!yfS3oBUov(*qve zXNc}h(hQmHanJleHk&E&|5I~tRD60;va3E~a$ z!YSnIZHatSs5-XGpM2YAgnZ7bW14(R9NSW}q9A6n4zuOTYe=sABCA|Up252P7=+Zq-9=*@3BU|=xl45Gu_TtEF-FQlH0;d7vDgOf_E_j zZF@d!`AXCOZ49g3)K@EAF;y2V5J1}Dd9ztNNVIz;h?Fd18Sw$OeZ32i0L5OY(VWjt#Cs}e;11camQ6G{%4mLT#M{`CGS?+t7@RQn`X zo-;utHOiK*?+rx3AMx1sz6)b2pdegV*o6 zxLqKM*KUDGJ(*rEAAH3S8?8#Apz+hG%xCe_1zH4N4acU0<9utW!Lf@(+<+cio&THK^k!(RYoazPn<1!xe#s+hfP{GXA_A!$kvEbI)X*vwIJ~L>Yy~KoE}=@g z0y+l6Q>xVX23@H!zt+JH8A=yQ@soK0|0X7ZxG2$&DHjxVn>1gMZ0F9SO z);ZAF`>Y5kzc2MRufkXEVFm&+eTZSf~m7e zzxO6dzj?6!ojVclQ0uuZ*!02;QV&R~TnR;$>bc!puie+Td+Qd69{CzXNiWW7f%q3r z!bi_RSR6^)jbsLo3-O9P8QPQ+$?!uGfyG-O#>MJtnSOhyjyGHz>$*9Ex1Pm%3}4T6 z$bxh0;8GE=a>Go1yyDhKV?--)>MjS&DZHt=^ z{wZwXX=6XzFX^cLn8tp8+Ypf2$v-$MipI}imyLv}Qd3vo^kP3p5M<87yS309& zBFc7<-oC|Id+Ei`>PtUR+aUxGgcd&&DF&8el{k0acY$Gxkf;wIV#^;z+ijPTAMt(o z7tXJ(j%LaF9ih)}U)UFf*PxFWQW{<_&Fn^3- zKI+lUf;su@BttmYc#JAj49Jbyt`q}EL&wFz`YB(w^SQ*^ur|qP^G#EuG~R*lo_zLJ z4=`<;;EFU3L6W7ZyCA_9IhPI|hJ+Nm>sZSD0N^M7pkCb{Q zFSc#Y8e2*^vXanzNmA-B@IBU9BRaQNO1*&*kgOb}9sL?!yWMn#q?ANkNJ_IiJ`uVMN4TFlMV3e{*?TR2L^1!eVP#WMUQS0 zai8a=sZwh=WPZWvAZ3-h`xBWaT!l~E846MoN_6;6XsovXV!YaQ4qOF!GOR~9R;_|O zv$kpaW=q5{2OYy^Mz%x@$76)B^%2|;35gg^LDy+X#PAQqZ-n`X5iH1&yd`bk<*|O% zcHZ?-FYA~%)1+P;*^g+xB=vF?zQ?K;(Yd|q<$6YdtuunWMSdlzUiR?X?WQxNUL@K= z>O~MQ3#WaCxVFauM;K&FN+!=Rb@j4XE@yiGvmCI$FbQy%r0_=(3BB*DAtk8LpG{EN2q=ykCi-aHdGG} z?BdJ#ZN+00^2b>ob6bxBWMG#bJc!t*T@wdUu`MSeIFbL!`vv5N^=sFozl~q2e*FJwThMt0;M?>)^4jD*4&E#+jG8#6y*O;DM3oou^$1OdP+*GCw5I*Pl zrmnOBiya=G#Iyk_V$z*9pxTSjDh_ZFI|?>5VhB0Rg=^Yq*M$|JK2fJPP;@&vFhHFV znG%lah6AM1KYaPGs+Az@D6g1Cu!~4;DCkWARS3DNi?Ava%WCeC#ceSKD4p&c+92#& z2U{$V?8-AMM4!YAfuBs@8$6ILS%IcuR#=_O3W-L#SZWree=&sgnYh7jFr-tv!ESYo z;0?AMqfIy1xYZ5tr_;E;2Y^fC`s6@c!!ED#XP3JfiOE97-d|rMQs3p#P1<{Ra?@1P z+T%9+0gR;J-cqa=YNc_CuQYIf2o1u{ix}hgeh&a_xW7(tzt5vvHn>x7v%hYjcHL%w z(;w!qdMw_C`5OfDmp!^!FeeKRX<5A3V^n#YEjL)ZZnKf~5BJ#4ops7Jn!{$Hjp3}t z_~6M|3(+*mtd44|ZxWX0dvudnp36;BchsW-&PhCdKw%s_DjOJ}5ZsH9w={Tfz0}pz zK;OmC+c(z>f+K0wr3N>BFXq0<0!G>iG)?3{D&|gRDVu4(Md5oh8`fNmC-Eu{dTn=4PvDVxFn8*80+H>z#qPOS2lHOy$d*d;0i*gL6^igG zm+?K;fhRiKCu5G!MNTvX4!ety>Tl|mH~*k5i(`y{WU@#@W`fslH=Pa#UeCpmU|xx~ z#Z5$0GMx=Ox0!;(I);Ld1dC}DytgF^^0YA&)ZY{Z`3FtGxA{}>Ei*zvT3$Q_PmSzL z4T&IS7RmB$k}P{1P=$>QOR^--Al2b)9<`;Y1n9H;D9W=&w`BQy7*$$Kv(Uz{@%Qn; zQ=fgu172GIe}~ZYO^ zs~zK{^n8#y2w!hS`+MsXhPmjqm(GLcIC*chJE*D#=-I@fVc@8%T&_>F7gO%EHC z8SXq`2YXPgWc91FVpMDg>sE9D#+BRQ%sA4RRV?CF*a|4yRp@+-kYoxbT!o&Au34`_ z7uih39#y-h`*&$)5_Z|lI+K-~gXs(oBqhS0A;FW%>YGh}nm*kQyoCj%wD|N=R%hmK zEyl$XlZC7;pBM{&Xt#W7nj2g)5X}w@8h|?)H*LJZ4H|%Jq6vO!z9a*%fbX#epy=FQ z1F+`79MS-+@Y?PDH$w)XL|fmP4S8>xcgQ58~oN8-DndeNrKazJebdysUsUk~E zOzO0i6gZ?U2D*dnxcd5SE7XY(hZwZ`ZmV?f?Lz)wA1D;=i9`dGdZFMFl|N<;ULG2PoKuuMYvOB|_wX}%*ejS*l=q44gN0_%IccDw1c2&`yAd5N~g&Bsrb zD-GoBCw<_k>qtqLM*35Bwn+L`ofVJ7gr0|_N1$og(wi32M~}Li^lJ}j7nHvg(PosO zcCzZRrS|tpYJbGR^Wp80O=^c^Y{1V(uB14_>MEwyG|4H)GkKaXNlrZp-(%&J=-gg8 zb%+sQ3!g9{q?{V&wcAang;}F=N}|o>S!+K91LDT<(maiVFK(5Bt%{ph`&00qnWA7+ z+-M3~r5y$FvPh2~ko4HLw0hab!HB(!b3t<_=9kz=4`hnL{Ep zMSn2k{JTG^(v<9NINt{dt&YS>;|UYJMf(q8s6gDuOoSlJ-bKJoEd-&}F@hloa*Q^G zAfUeKW@0Mm39$y64#o`BuCRluKg@?b7H`A+GlF@8 zaMRQsH4!Z~Nb%dGv^cPhLveFZDk5{Q$o{qGs-63`Z&CLiA|exUdHeSDZOI*8*C}&^ zS!u_l|72ay8dQ)s?vSh7H@%_515AhVGm)@g=h2?0SEtnFT)AA+?_=CASf}l0 z?p9+TMjCEIwSl!NrHVF2fFAZIW6c9zd%OOM&{Xy4Cebv?O;eR>A06tfM49}AL8jH0 zxieL+Q-lp1LA=2T>s&g$;RQs#(a0B&6Im!q@OK+W)Livq56s%=`Zb~J1#L&y*;2Y~ z?CDt@kZv2h;{x;E#4B%`Y@>ONQgytnrTLO%+XMI>E89e8hiv0%W0b1?requcph@>> zMu07_!aG~awomZd?WXOQZM3|IY?EkP+&smoEJ0Kah@fP$+_8D^H^hT)Z~zsC-`cXt zGqg#vO*oGW$L|hGwh1HIX5oY9ap4ah@Y-nlFGADrJi19V{TDY)m23r)Y%I(g`Pwjo zp7!nT6D2~b6O9~7h}4d8n95KsKRkwXGnAdVfz;2f$h;YuOLO9R9@MZ=%!OjkLAUT# zQVb`0qBuqxZitnJ>v`qVBMmn?!jx&gBx!gxzQ;;K(Yd|S@CHVJE#ks7kkW7;uib7s zL()*9&60+KsG0`_C6i^9&4d3<+kCA9s4)E2Hcy_REz+=*Z#bplpJT1c&O;j`4PWR_ z#HI(lHky7%Xu92_n?%!dxM`|1?BBPeZ+~uY2}O|_`LS_RDye~=NahK1u0D~k6pAZ3 zFBc+E>$x2hW5`TU*h0}Eob_gqk`#zsT_U|aofQI^3inLILPl`Zuaw2LL3~r! zmGbcp|6ZmmWiwqzb76yu#Of-9<-bGWs-jBftv;)=PLoY4T-eWDRK3H=qN7f)s+VXg z1i$ly@?j*Ezh$y~5Uf;wfa;x$xh!=! zjHY&}!xLtOlLGvmER7=SpQu!EaGKx|NdeUfhbBfxkCFGKG)OvC6icxaWbP@}kPnH< za~)5$%MJLL*;1Nrm6}h+%3H3<0_#Z=PRK8Kg`ACES zm^+a1nFh%0+M`Sw`=(^RfmdCXoTM;ddfw_mRC!lIlR)e)ZeG(~{AmUgP?$}nc296$ z*gA0bEXW?kY+$gNh(5TR(J-~>gI31~MjyyAW+M9FL4Yi!Lpb{2;~xAYO|FkH;%t*E zY^&JholoTbkViLZ;(UOcrkeX6(FfndND^Xq^uhPhz*FUa#{&Qx?vn}bZ+djg26t-o z!R);nYFG5ZiTLaZ^9g7gHgl3`y?|i;LspoRg@rUD?(-N`Mjyyc)vo9RB!$K8Ih2`D z_0E&@dV}-@!Nx{LU*eDVb(!(LknrB)(M|GNH#be)W6vQ6BWH!`5>GLLuQWROp$EMs z#aWro)}p8|-fE1FR*!HgU*JsThYA!w-drmVQu1rOMBQ3J)`Jo}lN9DqJ*e_TQNV*K z#AcN9Y+8>&>0U;utuW7uU9QrfXHY1G10FN(lX%=@87I{#ErHc(Y38t@Rjq(OdH2{d zX%X?swY=tJ@UrpA0^uj2@=D52(zb)7RrYG5^MkHq3qQw zFrlY}y~{z0_8%mjWv?XKYzGGYm@R?cDa27XIlu@j3X7wXc~(mNi+I$Q?zT~NMI6gw ztFHVb2A8(MeACp(fX_1~k~fJoi9YKAy}b=jC8T}Yqnkw9-*eMcaeet-)R-YpXQw5n zb@c)BHV$v=0%>hXAO=&~oTSDv==cev!xpuR>}iyIT@akyjPPq7AsL}ksM2ICRL@IU zx*1)rFZ|eAK&Dm}O2apAU-~|kkFE8Jg4rg;oXM$6$^Rb+|Zz3z!7LoKa8ZN_XWw36H+S44}3?g2^h?t7teI1XGj7lkZX)+eP3#^rD zgHtRfnR{$hFC|pJjE7BLK{iy+oWygyU;LQBQmn!G1$>W{c%pNACEoWip{K$5Ee9!P zNa9Jf*%FU_%qHb7ecT#m~k^ zPx76CrrA6)%LrXdJ-SJBE#{`FvhJCj-~m~l=zMQwc;>821xmXlVlEL;32PHI*eQ_% zo$C3XJ=ZDTGQe0Juh#42D5zFC$#$ju5@TpnBmck=RLN4;Eh2%maUK{6dRFXW43al6 zlI=W<^YmJkg*b;vXnH-4dnHRQX(G}DEIS{W47eFwF3EZsak>*PYI&zQkY>ia)?=|! z(Cfu^XGFPH1!D2Z+sal2XAmc@V=N^jG#e+L`ow{qpaZbE+)3J88o+J{Y%|G)eU>h`wsxhH@(kZt>Uv+?J$GA*Y33jBN9 z@ys#SGY7HKEQmdm5L?BVNh_l1EyO0zFm;KzOiRRmW8gV$!M`LV;W-N~rItwH80cd7 z`^{+QDJS3Hfeo8G&mttg)}xz5;=SB7RZc#EMH4)n#o=NNF2YDwozc=zkqt&;8q$_z z+tH{LBkL}m!hi;qA7@nB?}s8P4D^U9tIu%HoQ2yKR1`s4%A4|(qP%~wh--n-x>IyqaJ?2Cr#pKYmcI~9J*CI_Xqtu-n@7(f zROURoNgh3yo2E*S2YYL^JZhvMc9Al0iVA!P;8xa@Oxk%YXRM;SiF>T01WgXlT=EEY z$mb3sBz&+mG*qlnB)ABBC^lB{KZM1CE1SyTDqO_WOJn1ZOE}5m1Z##?hFGq67*-jZ zX4ML!J1DhhpcR5Y4i?E+E7j{0^lIkLkP?acWj2XlP5DYR%%TCj0ZUxVW*NcRC*Tvmy)D0obi)a5)EYs+S zyTLkBex`fY?khK6n!|tP=-w>|xqjBR(UDV$=7zNt>s5LizQ=l%L}z2mLKX!@$t!h7KCCDCkqp#ysM>pjv)vh{17K`(D(Q~dm|4^VN>f}1p(`qjG zW(pTH=ODbJP@KHIxoD&`JTi*^Z}j8ET7B}C$&vF%9$mf(*lW%vB6H&968cThFR1`kUk=;n)D1s2VAsCy*!R7O@ zG;t=K&M7nsf0~BE6YJFp!eMjIs*&ngaaC=iQYqF}9jVq1ttw6omb#8m^~^?BsnIo9 zE!5q=9mTtt(PDiSUwC&h&bo>51Qm_}?YB!>ki9useky)JjPfh-KiiJ4(=M<{v%)5g z*+9)jVhW`g0tErZ7p*ezMb`SG;roy!1REwGN$AbP7@U?RAiCs^;uC_g+jG9$l+MkK%U5rNC1=D3zNVahPC`i{xDudxvRK^ z1E~3(DZCrpF_5{Jj}U>(!JO~cfek_&p{P1UtDz%Asltmbz{tROd90oeC3U>R&mGK@ zHyO4InKI%Xe|5Avd@PtESfy`RPblmVmdM6+h)-H!d?|0~<+M7ESg=1nf*B*_9A@0M z#aHp;EB!#sk;I1POEOGW<9n=OB0AfKiOLk*axM`@fNe>HFMp)baVf9eZt81vtnoHF zoDak#+7>sz_rGC-O&fdCo;7x}E7eU3dk(e4o;+>TR%X`K-(Vk`AGBhb@Mq7b%m{nZ zdL!=_HG7@_fvDF`zh=9RT}>u{Qjp=-L0d?%1j;N5brvk#nV#6vi0iZ}p)cjd+lL$9 zDxt6RCmKz|Zf%dOoB`B|)fp2h{awtO5Nc=QUCez9+|=I1v^qxcU5p%~P48kn3WI(J zfJ=kXT^RIx{v7fxMxw2C!V1cETwOw>{<=pu>A3nAZkp;p_IM+6!VLy)XJOFUXprXK zl-l+Gig}Zn$wuU5gvct7l{{@WMEX>G zx?3QrUFkYurkk|(8y%U&XuhPA&fD-k_M{^^yH7f;rnUbdBOn>=%Du{Kx0_DONhg}t zUZO2j@ktOb3#UDnIPES69AVvQaa!^WQZV-Ms4YDuNhlHdbBro&2D?P$FY&=sXa3X! zUVB4cPH6hEM>mP4A9B+)$@YIGBLCNvh+KRlac8;hB_hwpxNXxB_bb3JCm@>YS*Jgq@+an)e_Z&92ihGK&V9IV;y)43rJ}J=%q}d zM5I_^vXHgq6Judf3T?>QpGiJ>m56*Y64xUaVDF3}|EQ`uF+M?cE;m+B>qB(DV+EZW2v@%}vuRhUSgYase`ObzlGmF!2I_ z>LJn|IE0v&r);c5|j{~WmV+-8uzeS zKg=>xhSK0H&Noc~8tq>dOHF1#n|4rYJzq z&;c+Ttl^0;XIqpmq4<~33TW@y4&u00@a?-kX-b}h<#?L- zXQFA?PVp7Am-$~p0oUy1H}vFS3i;+hqSualp&zrk`!^Fi{x&N+CNsPxag&?M2s`1t zif`(QuzRn=H<h+fl99S8OXk)X#185HxVOqs&pQ3TQP#d>2bHJo^q&TJtle`0) z@jcc%AUfM7t%x?Ed83A`{Y{6aP-9KK-Hd_cbA3#>d6qIi>-`ec)36x9a4Zoe`;?K zI>H+?R4R^gSTeN;sOLRfx-eANb(@Xbr>||38zOv_i4buU@!GVT$RgW!xrZ$S!@MWm zL^L?NiO%-{Q*UUorev12seLU``^!9A^1`xF`w~_43j#T!PC2++1yo-`zqvK-0e|}4FeCJHYFbUdr3V~))QCPw&pU!y4Ccx$ ztVG{z+R?HLWjr|wu<*`T{G4RFt6V3yQir#d@3V8A(A2Rne8sx5h`-$={*HHGJS>+j z@s~Wq)NKOzKE!*o{+N58HxO>bbFz85rJ>JX;&zTQvz3H%Ge0JA(CcAc%u4vu~34I zK_-SYLu8ZQMuTcX(L2jr$G||LGStoYQ-P;IfAcVf#_-UC%tN+$b8-M!wa@2D@J-K8 zb5C0Vg}0M5b7&GabF5bbV(R2gX7l7;;>o||!IJ0A#*^)}Vtynr+OF`!kiWq31e_*J zvSN;Za)K2jI=9z~ITaIn%B2Np8rBjsWW`9dMXZ=M(=TMjI9|%7(QiXb^wX9~b}Qye zfBIc9BlL4xF`9lUR*a-)CMzZnurgUOCF&5dVrc4ED@Lp3|;_pAQiofI;rf$Vh zr0aw`Zsi4p6=A>3LK~wyUW5;x65{!28kP`YHDhau>j+KH^XMkE#B;f6s^xMSoD0h0 z2>2`lwv4ne0zL{AvZDR@QyWA(0N(0>KN~666H?yXcBH6yeBnQAJe?IuQj z+k{5Q3Uj>Tp$U_O#twXs6&j+mLugFF3Om3Uuq8ow2T7rE1Fzj~+J2$ow8A9X>;N%A zyyP8i%ZwXoGi-2x5r#P1W>}fvpYF~n-}Jifp69*;={Y~ zJ(dqeX9pkhykv?wP6PUz@@eu9+SYh8W58yvFjXWUzJb?nH*G&3(()p=hZ1d((_EYB zXUmZuM?h*C{r<5f`b|NOe9NDHUz-v7Ipv6^-{R=L)T}6onMJNVk>tv=9AJex*pe&B zGqlAPL2_&7W$@_(#uh;vb7VRLA3SZ5)6g`VE%GEn)2SZaB$^g-(^Oj|A6N38Q+wMb zPjHvJl8f>V<`5XQV`2=!RfR2_^}i0+>>wptV<&A+#-JmHKt-NIaP6CxsSNtpGWy%5 z2SReh5d}mOCh37E;Crkd5S<-*Uvx4+{3#_>Ve(7cDrf&^?*~3NVM7Zh#+3_ zuD0!w1GFJlJHQA-oNYt25Po(mqrGj6$GTl#s`fa-muSKy#+$_VSjH2b9gL@qjO+%; zYZ(JJH-*U{8ShoRcDrf&8P92eNVG)^kT%mVBsd&F4QcfIWJ~m$g5dayKmEQiBlL3$ z4oyER{7g_Ui{yARNse0_aD-Xbk{ro1w8i2mH%d;6V^Q8%9B5-y-l_QDX>lw-(`*(; zKcQ)!M>mP46S--s#qqL$lQy5*BMJ?nMn>nvL}_qcrz|$yos;haMGDQnEx{XUzImpb z8KZ~GQ{!bkVY<26cQPqjGc2Ru-$6)CWdlVhU284TGsM^Uk8@EGN$q!Q4S z&z??S6kB{o%n}XaS2E)5;%##!1nNF^4g+NRtm8hmG_Pf%)l?s}1SX5_>jjmbPc8~ON2*rm(LG+~l*F5!Eu zau%K2tDKKA29n7jm2-pFZa1AF9hnv2&X zuk*y%!Ew}}XylO8eyCK#`zi{_x~7P7KZD|VmK8Y8;~~NG*ui2=-`J8urv%XJ*G<$$ zMY3zs+Z}f43F$5d4_-WQV1)`Ii&>4l?iD$xCk`Sfe~zjUcEH@A9!Oq~m98Me;mAm- zFv1b;!5B8m7JaZfQ3==vOQPs8BtQNj*<<$k377ATJ!KZm!e6GxJnmsj+%Tt0;Y@?G zQE+wp2w@f?mu}T8oWm=3FZ^teg-dHjFMLCbB#*4JUD}+u$h`FGaYX*ewZ|qe*a$Sl zYID)qq0M>T7+=5srhNVUgSN%4^1!=fm@UjOHgC0Go73_lzJ5*eLo>NYHIiuhZ0QdQ zBv1dR-SV{ArEa$=aotLqA;kmI_3HyjFgBycu(Z#+#A&zHQM88rskcD0h^CwWaNu@?RL}lv%E9!wnQ5$>$vD_ zL|B{YNqJBLBFu4Zo<`3Pv_wyyH%^4nnu7G?#+sg=@~7wD%?Ledc@Yt&>1i3Xf_lm3 zrfsPWl4Pkm;0Uv@WvM04U>UT@O=V&gk)a^IsVlL{lN=BJGbL6r(=`{M&Ii0KU0miQ zP&7vV4igOJPdrP;P>q(r(6SY8}#If-%Iws<>jIhFjB%1C&W#D8l=2;*tP;WjQh>d|jV3A70Biv~^`zCP_Zr zL2z4}q!Qu7&k-AhpY8<9yhqY)$hSO!VB7#CYEP{c=R@}IVuGRS=xFr_oeRhFHIzX` zIeEH!=9AkP1WbMyhsY}2y7K5p1>17FcJA4$5_wRKRpkyI2-j&FzyW2jl+QI##mzAI zJ0E_KnVr(lR4zaLH1i<7xg-j>;+RvzC@~`qd+^JxmE+R)U3k`5nr>RcWnIn0qSc!jU-nj~w1aMMl zZi7$^*4v^{>W$*KB`B?`RDl?_wZau*%?jSl4-S^tUm`aIyGm%cAZbk=nP>tcn5Gk# z7+TEB0-OR+<+Gu7W~*>1;7$5;aq(V!b!@d{Tp31qnqVo*Rj?oklwzj&2EC^Db3NEd zIu2+eW~1%xB#v2%1f*Tw1U};Ei~BW>$UzBEtT*BH066w&B|6(W&zzQGOmTheQr-mq zL2tx&dk{l<6W-3mu+_y39j!DUoVFsmnC+9wK=$Q`=V)O|Wei=~)X& z&+4pzHh4=H9K89)NN49J%6K(m=lHPPp@9m7y?ZwI^#xtK{P0Gp>2yD?itJrOnp($; zT|BVDlsQ-K<^1R{ipDoa#=7UTWGPPsmM^lqly3_B)O^#!44(er;{WpDvUs6SY!!uDG3yCCbd8>HL?}z>WA((+!2~@a zIy>})_AJ{pQ&}@aEfb|DY_IeAn9wuO=<`_0tF5QstI_63{3di3NeKPk>rlM5%G!aXqJ=1`z2t4hw zM+yDLHN3_V!7Sm5l`~HT+_Cnk=1?{EO8xPnUY2v=$r6`~PhfGc?x2>}r# zQ_S$`o%`?DxmU#dVFC*HD^(}zNE0iD9TY?9f$Y<=kS67z!BzeU5J22Yk$=n67j3BX zAY;x}rc0tQDM~N0fi>fN%7e<1>1j$9M0pM1v|&nfh=4PTmOMrr@?l=9y+OlT@`Gp- zaO`N^w*xMonaIlipS;GYWo2)5j9^xFImS$6Wk0R`v~O;0gCy4*+bqpH6VE_UM)k?$oU8 z`wY~stnAnO!@S31@ixrQAeeV~bhBVimN4?pbH2x@GAp~>RPD;jKEJb51dKVu0H2F> zNhUi{G&2JJc6{^XuV;IJXXE;rgzIN`bd$J#8aGYdSG%v|;5c=U63{a6QXfQuI7+?F zv3)o_sH7_c1BVM2)d#!EM;b^A3spWaFjlYjj}2A}1A&)->slGxp!4;NPCFsmLThTJ za_8ygnBH&Y-pOi7CPkx(SliAfSj-Tv1uO`Hs^&jQL2vqgsDe$g_w+ zUc;ayL!FI5PDQHN@nWTK%ew0}_r)fR{T7339}==$)cza#w{TJW|EOE!qLvmDyr{Jz zJH$$}AokgW*so*EG(~73HhBgq<(|r;wp!NoZ~@V}%!8J3T3$A!Wz;ORF-&fq`Uhwi)5M#0WhMS27B+F~aga#bU0vQYjwI^{(w+*Ub(n zTQ)I4=zO=-)z)CN$~b9VS{*_E7NphFs9Qu@(PDzq>i7fUg=RtiZG`+$44JlhE#xQ9 zFm+*da%U%O0}8ir3ar-?VnlYjxw4(X!5i_>Q)s=`18$pFZzpu!>(Nc3>mF{JDzvUl zmoZ9+gtmRqyl7EoeUuTFRc3vPdnIpJDYIyT6qzO0V96|B)9LFTE0GdQuOuk3#N5d& zZF9l%hzmZO;fV$ovaB$ilc7UbVS z$p7!G$WNYO>JkeT@A&etUV*5i|>v|59vX;Rwe(Y}uimqBN3JT0gUHw-j=if@am$1M8?WN!biGcGz3>;^<oJgP!!nEWXJ zAP$Ow%2~Pk2ugL)8Iqq?A@o;-5ir8kWWrHgMTDvh?laL$WBJNpzEQ2g<2#x!jnze9 z6O{YIWVPC_y4!;#Y&t)m=)6-9FB$~VVMjq+DLJ)YsMk$7CT3kcxF0N5s`^>Hz&r;% z=G5~xkO#GX8}ig{u|>Iv6%dtbdOL#Wn?O2UC7(NjGZD6d}h0)xs%%$F>UY~sFvh+AM_la-CUS{~r0HqE>6 z*zgDrf17ygAz_oKZH#+Xxx0c})^!>33JmHXEj?nSaoxCjwFj;wF<;4x1~DJwxkSBN zsAsl&suvPMU(OR|KxjP4lJ4r6cw%S94?uVIX%g7lX-z*T%V!uhts4PfME@3!E#IJS z5hH*W6Ep%WCyQ8VGKTD3@ggGPr!Z!kMzj!{JcDHgBsZ1MXM`&`zNzc^%)dMCzY?F% zsF)31mpFJ$*?clxP124w(mE;TR|hQD^-bZ`JNInOjfi+==uj;pC|+JG(dnK>@8?rS z(hVY;6()%l6q07>f-r|wVygQtFg_L$aX4}YU2~sxU^4uoqx?~{-F6x6_4nalSaPdl z1TP5X7;U;B#HATCg9vVSnzDTWT$-{c2ih8iy3K=rQs_T{k(exlZBoCSNWI0Qo80xi z+|*&v+TzsXvap1a6x>^i^+K&QPOn5E zg?ISF{9KR4+c3X^V1AZIHw)%?Sxh@mO8Cn?MwOR^a)Y(&vXBB{M~9s|>wYXsa@Z`i zF`V@PK6rB0eI9_>SiXm_{9cc463g%6rfEBB|AlyZ)0-PC4VM}?@6}7gm3(6YZ&q~7 zcF>JgpFoZcvPBUw*w?$GH@BRRB-a-Y=JuGL&`et^h1xORce!2_{9Rv;CtSlNoL`Pv z#VME zRW35ilp2$_@n?#Ko4l>uL;V-oEHz28X#qayK&NY7N&Awp%Z}4C<5-*^mTuJxl;H~P15v|3NyB1bD)Oz>zGDx)pe+OF{7&@%-`9$K0ZY#SRs zyaV53!-qv@8?*LP1lzl0e}f0X{GeIy04DU*pf~W^Z9&lf@L}gO1&Ovus=M~nZ$lvb z+mVMhjegH+m3~O11oxnue&SnzejALOdWk>%UNBSi+Ykx=*7UPn8-jXS#NMk&^q=p5 zBdCxfVlR0HY52aKg=wqtBT#To%k>jjtFm0t#?bAP{&f4e2fVg+xR=oMQIBrYa{Vwj zO|x8^D*~QwW!F^^(1awkhYO`H_Oe`LJm3^PpmV<&Q_$ex`-}tI!Mtq1Iik|iOI=^h zh(G2LZ4nh_4e5fW$=QGix}e31lKI6(^{WZh-{rBAr_F}yb|~Ug$|Txtb&(~I>7wi z)rsirRwu2Bqn|MbY#kBaoAR#V$GmpC>9nYms5p{nTio2$Zl;?~UI-+>UE|0Gn#K!f z9cqymg!$k;BPN*^9hlJ5w0Ja{hOdpMg%_d;a5XPjs)>Hh7Q^s5lDVID@N}5{v&r0c zSme8z5cWpTVv*m7{w-MK2dP`cBB#Y9Smbi8(`1o5lCIK(Nh0(ne2*2OqO* zV?xhu^K4%G42aO^wvlLySmf=eUqA(}b!6&Fqu<+GrC+Nm@I(IeyMLzW7gd3pewNr1 z)JwLPZBz60B=&YX;7AmE$un3Md2&-3^&{?tskL z^IHk#A&+hr%<%#y5XzGC7*&R{$W7J8P!`1SJNMK*Sd{WZpp7}Eyb2#YIqPl@z-%o4 zHDUQKk8TpncXHFz9o0txmVs1Mcqz&c4D{=E@<4QU7Dh`*6x&}KM7A3F<{{*kFp(aQ z_8HP(?S96ZeIx?E2WC_^2lMoAruRp=cd}@bhh&KtU`tLX{&W`e~uz9%qz$7~aV(#&#Z`A_t3;mq<2>J~Y(&|(tK zEOM=FJhKF{fvt699i$19&MXVY63#55v-`|~^HJ<|u=p0Z4&G=u`fN<-DMije(-}GH zN3(%Rv@LEfj`E=1MS_@FcG25u7k!&al3^Dm&mc|U7xSpC-VWy{Ao`*dE$;#elrlgY zL&n|yWZdB(W3qYm4nos5k8V=fT*XaOmBDr&$z8%Lszzz3gmA`vySFP*8t^aoQIeFJ z&<9}g_719ftKxxQTSC8+kano;Nb`HG@@!tNEh)0d;OC=%3o`gl>K2i~w3wg_w$80$ zrO8{$M(n!?vCqJmVObPrVv8G-XK2f&E#=kgEz7(p-%nT(FIH!vjoGvh;De{^z0U() z8%^&fG`-iOn?%#QxM}L9?ccYfZ+~uY356gU`LS`6NxFfbXnWH08G4VJuM~U5K{}x2`dg>Mt)wGzPs18TJ zinUIYx$KI5#e_+_W(U5=vc-b=gad)!q(3QN=mE1W zaQ=o+^?Z+R5>?ORrm5QZHe)i=3khKkN1P~ml*>V-;Ng`hxm(0TA#$n+rwf`=O5j4j z#27tvJq#0jP(^=43~SQQ)L-QIMMX1IH>(E;q2%v|}4 z>G?kHX>YeMU&@_Hldx-MW9#tiZ6sEl%;Yw2ypMR}t-OZhNL3xryrSZAbeU>4?v~O*ZQ5YX zM*U51qzkI)ry*G@Z#kOUwelVa*UH;}4_-|MGODWi=(!civyeYoJD|BjnJ8Zut>6}{ zw3d^l60A8G+f=^*&oHSL=g`C`QYAw6mXJ=TIEc_UnG+z;3$06d+K8HXjUpQ759dpx z`Gcc4JkdG>0(qB^)v}tqC>D|90%}Sui_;h+{F>FPa~(Uktw6;!)SsMymmTLYJn0nq zgY3zXq{d9D7l?vrs1gCiFoarw0wVSBQw9n;Rz~oN6$PfH)vW2%2o~!`T3db6yF9R- z7RY2&z*^=Y`*}cXb@(pz;6?c?fF@;S@|O=6?ua1Fs^&G{Fpt`|CnHSPOb0C|an?X|!Y3ow#9oaKUUCT+{%L!{u8@Wau@ zN?x*wEHT$sl1arx9T=12%VaOniAkn1ga+$~2cB%O{?-P|Ja%k8y1P5q-ymt&U(i~u zUx~Z^K+(ncTp?GYa!>O-9;C|*0@Wx?*)AT0UJZ}D8U=wC%?_YgDnDR)CIUuY!jfca z0VA!B5eyiSW6VUr$OizjI-YS@iP>%+^k5@t&%d7$muySh9QO(0xWDn}CQa~nbJNu0 znMc6L*D#WV*c~wP4K(m{3jd1-05;rzPjG+9qgyt(Qv*hRXP|ZkjQo#3%)j+mybbdw z3FcpWbhBVi7R&Nf@D7hrWx$BsRP72FK^{OO%bZt*-Q$|k=9{Kwf33!MPd;0TrfEki z8|R-QoUiccCUO24Zko2g_79Uy?@URKY~%w2qsY6}PxlZ=8v?7E3|sl?1#U2rlX0_1 zcd1^%&_xAoTw}^=8(E&5$N&~^TLKr67~9HkPKLVhk_-$ORAUiZ#R@ZkiYnn*YpvKN zi+uXerivV3P|wLQQ9h?@gsK@adAKY+oiZdIHftSgtn;&C5pH;CJM&VcT10>z%A}g7 ze>1)Ja_?mEEi-4(L~LwNJAuveVt~_SF9rrQaQZjXd#DBA<{KKDfn3X2Wb>O^hjYIl zZDApOZR6l%IDE5HKd%KCrUjX=Xkj5c!^oWK4%HU7V2xyrWy|MJlYH(25NTpPlYDM& zQg8V-bgx~h>IJOnzL>oVx_rRJOMFo8<2wa?>>Xqj_7bF0=)4#QLD4d48-qQEBj%4TVZ{;9{j-#MykX zzJfimCGxf%EW+FfcjFBTB6hUgZ`X(@Mr>yrjxlLvxr z06s?mY{&{gGK!`y5+WCM);(VNNm#E$NA&vc$sRb6$Nd{U;I`5AkA$x4J-SJH@8zbc z;@|_SB2u@N_dSrrKaYa~U$w$+7dNoDet_PesAI3=pExaWKvYf?JRsp<(*5h$cPrmN zu5>Hv=0?bfp@|x7_*zg-Agvta2wx!7ijX158;POwfhIx4DOY@*QAM06R-$*WHQDgOR^lfr#lgJxdl=EJ8*LAue+x$2$EaJx zXrsl%8f{{wSus5ispv;)O_(0_{!+zh z#{H16CCs=bGUy`E#SrsHXy<9q{ksQRY$pC^!shoqx=AMfE;mgT;M+r@uT*IihapJ| zRa|}2^}rxIio}gEOgs@b16e*=8Y*(Yt1;q?KwX(-RD-~IwWyhPa$r&=yrQ~uG51W~ z-BP;JBrIJ|cf+6sjaW?rKSnO6zCbiOk;hM7N;Vp`L(r@dsJ)}rCrO*ozXd^a1$B!E z8d^-Opb;z0g7z;G+E-yrPeCKLM)C|(Hw90lpgelFANC7oW@*HLoJ9+lm33w39XywU%A%>95xYUI^GuexIGF!@J%aQ%( z%trPI!Dz*V9NDix*W?`8w?}ehF9qrJW>lvKN2csA({3PCvX025F^j>7M8B0WJByFu zoeqo!@j>X=e)rM!_>v$V1D?CJ@@8#y-zTYTaJ`D*Cse z#=cA4B5I5l6RXC=O0%H-E5v!9!M)BZ?K34(R~^3Rnj9GU1BXo$!@1O&pVpaN%NbPrtr-94@oVUC=jx-*x2fE$E;6y!0%GtV5y zw0GvmDc3){&sLS|)k-H{A8-e$6S-4-BopbSr#_UB8@YG}h&7ehJ?Ei+3tRR=>K56u zw3y(Q?K~i=LV6G-0+HoySrVn0I<1@4lXDaSd+-pB=4+)Pk(yK1eSx=y>_IUrMH1jz z0na=JyXOm|CbeqinQ^NZ{ew}3<-Np7u+Tf~n#ObG5Q@xmcr}K$H~7=`Iz`*X5p0_A zs8P18e%~Mp?&h(RSxlCC+{sPtQja$aC?7&v25Hf}>7iQ=(>cTgr#Y6R_+c^gLlAL> zmQQ0^CKE;O`{)unLJ?a_jJX;EMd9I%UqMs43{@uDy73wka2u=<_${3nRrYYE-L^ zZo)CKtB%^iMa2tkA6LuuH!+Rkk=>kwTaZF=^7iJUk<#$UDE`0EpRWzqA;?G0A9-~7 zCcxjEJ<@25^I@ojKMk_J9nt|7vhKfmeh&Xx&V0UnQ*OC5ruzA6Vfo6y*WfOomShKs z3kamO7{$TeI$3i`Akjj+%%d9x(cGA9)QC>ws=71X6w@0>sY~c0S*VP_-LXuRv3x#Y z7cQ5FH4K^w?oVTa6YJFp;)3S>RU_50;;Pz2rBbY|I#R72T2-7FEOp^}Y_!{*{!0AMw&Uw$W!N0{ z1DnH)C}^G*m`9msfmd9C&)TH6j}U#d@0XRM&$#HNRLn%h%HVhvKJb`{0-w)AP0mLh z;5{QJ+D7v|W@MJxJ|pxbEA_qD>6WKOPa!!p=BuXtw^C?ND3@=>zK*8$0)H5JGqwOX zEVMhVHEoqxp?%8twsxX)*l6rr5&O+VlIC`)=UTAW3dI^%SuY-j7!}oGBO#admGo+i zi}xX#l`Oo#<~;&OpY^7UB`iDrsAc#y8^i;Q%|agME6hGoFY6ucm=G)5Nh|3AEh@S+*;#~uu5pDcbvdtNbP_`Lo)jv!IHKtCRW_-_;olr2TP zOw8xD?5gg{_3|4-@iZIu(e^$1(jN!vA>nYw)5FFwbvezC1sk<|1$SFDoJZ<8byWq5 zgrMR-`^43FZJk_4erz@aQ7RiT~FX1@Q3+6kHy4}fj#{|{mR-#ofW?Efn_P2FiX zE8ET7(n510KperIIFyjSq_|9T?~5P|9fqp1Fwil9S_Y09yXC`Z<34&;yRY7~#lF~B_Ohj+&N@MzJ6a8rx(xkWu$H$_w}`b&i;1fR=EE8UYpKcDfGL#y{ zCr@cL;sLYGqsJ4fiXPo0st$5f2do`-dWyqFQji;29Z7=%D#vhI;w&$m7|6;~FEvVs zi!!qr-vX9oAd{^B&T`C{{v2*!*QqTYs_C_~xXpuTHYH9VN<3SjH}y{M#=v{mK-Y=OUCi4>&FL3Jp`=>wzD661sfV&B28!mUEC3gfC~J7CExTUU4W*8T4K)`k+=-S$RU#8j(t5mSCM z#QdQ@F@K3bE?X+H=kJm}qAn zCe*d=(9EHK3np3zb&Hs2w3t{EO{_E-gSNIiiHLkU#`HAN1mcrtn7WB}x-`*(ceqY- zZ3p2ZIQtzJ4 zeSNtn?%TuvIFM^lloKv1aBCNJ|xwMg@PZ)UO}KkGVW35iCyX6iTrNS<(9l8^vQG_vF(duj1J6=0(xfaH zFYrQunM1C&Woa|-NK4XYF?EYb8(K`Pv=J+f-?h>Et0g3D6bFX6Zcm?ye&H}J1lJrP zvjQOxA~5@4gnQOHxJU3P1w0-zCc(y*2RD>CA1IoNC4W(Clv(Sf3@s)|nS}=|xV2~y zi_Su%r8bdF*XHR#$DdBd8i+iz8YBm~MFl0vq1ee(cunkNfd&E59~i_ z(qPw9x{CRHmx{2OEI$G9aYYr@(a}5&ZB}(WWd$06Cq)?6WOFHg?Z;33>Zk4+lD8M5 zx&d)^LAkr_MD;l6iA2iFFqeKDL=%f&f~!<3QA0OXkYxEPv~MouAfZuygF_Lm!-zqo zpxKV*oJO^gAD!HGTywr^Qyj#f6WF06$2S+T)sEVoGUjqebAkG06t7e#cQj9e@!i1b zpg!4LjBv||1|B+e57jurcyO|LqA>R-Uot7Y>CF>ixQ|aXCUCiHXUlvh8jq!e=cp7z#ceeNit}v*gM!o+?sWC$Ni0g3f&~&nc z{$T+UFCylue-!5zpznm{{E_^q{&P-qaq(ygSmSK%s?nV0oWbJ3iD8Vl=t#a+0oKq0 zk4MJv%RHdJP$Y;ZZ)+|pRe+;@PAiF4lg&93jiIhfCY$HjANoaD{s_|0j}~jdHZ8Nz zm~5URuB$^YX!IX0;i7_h^OXL&G~gg8esV2;ME?m6T};~xj8ho~AC8vBN{z{DPQ9?XXuLR%eA&q5 z52P{9{(p7n9UoP-wPBDFIs(!`Ll43v5CWm2AcP{J*ywSXOgM8=CeBQND2Slond>N5 z9J^N(+qHLW*sglPUMY&@+IzW*qSyAVcMXYRlG)4S;`f`6Kc4IfCzCv9uf5MZr?$X% za9_{@42)POoctahnUzJ~4ri8EMl3q-GZ%_}~lAzDKZ`F3M-ZzjKZnTzp71B=^SCr$D0s8AAfe5Yt#55440t))D&*Havp)F>L zaK++3EEgz6{gwp1*bRce3^NjyO(~@g8o`zHCs=-egnmhTA1zf};4h^e#|7TPLd>)L zXScySqsznolA^?v7L7IVmo1IwS1gV-Nz5iRgsB?wEIk?@5xP-&Xo;U@Cn}sa^hZ%? zMQD1Z_n=z@@a%0(vIbi7tSQzq%d*y6r(2g>8!BRL_gfa{Feaw@gBFM4)}&Z7y12tv z>(PLL^Ja5>>121hnO3lUtZfx8R(#GwDY~1?8#)Z>1F2%HQ zN~nz^-8S~6+W0tbBPH7iWd2ywDxGq+c@;LRI^ll~4$_=td6s5-Y;UO4Gbo1_2sNVx z&KyM8MexVECzkR?c&moKqubNtS=b)@H2+BB=CpL9)`YA>2pjtmax)0m0axV_I!-2x zAoycxLCPXUG-E7`+egq(dSeagJ3fA={@rM?y@Ls7V)gAhg0Orc!Mg}Q+BjV3v6n^g zlWTh5Cl5*daitX{5e{q~T&~OSlm>&xVNk(0E(jEI1##%1A4eYX+Ie)bGQAi>U%d91 zG=4FJzIg46TkwnZ^u=p$q)*ti*!lFuYd=PI^x{7H;i`PDD0KZsGU%d9+ z!}!IG^u=pGKAK^x$n=mZnCbo z9A)bs1B?Mi0#kuJ-~`}U zpb+o^Cjn)^slX|~S%3pv1kjzI>e<%-n}9ojTY-mxExb93(yhh2lNJVfWg3#z*rz3mjlW4d6B46W~K&FR%w_h)`P}XalqY4h6ab1Aq)*I4~68V9Z%~9){}) zz>Sz^{s{!BD7irG1x=_m7x1PLP^b1UJqbSo+o(jjTLE)e9Ilj)0oCXXO#{fvFP+dB9*G6PSYkm;`k45!wTbk0D@)*j}_20bfre zd;xV#-MZHLR+;gWW^oElN*+PqF1Tf@?&W6jQj#xJR`q>7SG6^pv5!tUbJ{dZip$4XXG|$@r-;ZT0A2UK#OPO z;b`%UJP|FPk!PdDGjai1JR_H&#WQjxT0A4KLyKqR^U&fM`3kgnM!p#>o{{fIi)ZAm zXz`5v3R*lPzl|2p$X}qvGxCpU@r>N00kwEWZjTnv$UV{G8956ro{@3wU}8q*7SG7v zAUYv3*i!+Xk#E6N%`@`YG-~mTT!5*1JFpX&h;Wz(+y!g~dLd->0qz0r12!}#!~uj4 z`x1a>^Sx+wYDMS*ECVWm8Hil7faif1fkv41)2iqHbI|J1hR_Q*0hkMH2JQtu1HJ&J zwIxgkwg3+S$G0QQ0d@m#01vk(JPM?BAT$LUcO*0ciU13^6Sx~_M}gCB4=m_RSOjbV z9s=^Z5T*btfmOh=u7pZp2e1q9b|d(J?cE7Gfr;saJb<@y^?Ol^w{qEN@mB6Tv^>2D zSpaYECibBgZ|{yri??^1(0aTt;oksn`A+OdE#C4yju!Hs-5U55cpvC@IH5oA3a|q} z6trW&>VbsQfqQ`afFnGF@xW4GIq)k`Ka(&N$ORq(9s%|M-vR5h2uSfKDR`U4ScrtAL%r ztH6n)2#bLWfQx`bkpt3!VxSb@Z15~vy^syK)dAU{6Oc#=Xe}5^SOk0wdWK5tIr-|uktv!lxCh!38AaLqL!f8PBNraZbk-!AtYT#Oc zlgP2O39&1IQvl8++tA`n!mYC=)627gM}fzHW>X0*fD3_(fyvVdQvpsfAERYYCzJqJ z0Gj|`KEV&X3hV}2&mgn`766NY4L}@tcP8O|V9+c=Ht-KoMX8x6UQp4us|rB0$Uegx0`> z1%!z}C2$JRX(6EtkPplR>MtTR0CIs5z%Jl5Aisbx6Sx%k2k;{BGLUy7VG0ljE&!ea zo&f@0LNTxrxDpt#m@o=h2ROhM;30rhB`#i1q{@7>t^uwC4k;vb09F8}0{H>LOyCS) z9gu4iMgXNi5O^1OALv|6=n9++tN?BU?f_bp5?TSD178Ao+_*gx;Dn1CY4GPr8}|T9 zBwQSeNF-bwBj$w5N2%l+V?+npn!J7?z>4*Jl5P7q?;}9t}QwOkTxN4^CH^a zzmh)lFQfY;q=nbUXVacVy7MIMqujSo3BNeQYD)XzE5o!Svg+H_M+vM(iF5AvKXGZ~ zMB0guV+C}quOtwT;Q5nu*)yLRo=&^{=`I?ygN`1PJDBduF{o#H#=h6-gZft;!2K(4 zQGML3^>Xtebv}osgWZA_O?LW3tkJ#$2=!wPdG|}K;gtMIGq5K=ag&S0o@MND^v9<) z#$nTD^p#L!=%mW)&AEh?7z-N9aWLI`x>2%wHz%v%RaGRF&!V%Xhr!#mE{pS zBIGT%0zNv)bxANp$39BKJu|CT+FyE)>a{jNzSc4fYmEbhx5m1&`_Rvs*W9-L|IgOk zB>9?~U|MqsFRs^IkbansI>y>oA5p0qxjdjv#h4h=bh5brNSfr1iG(U>-YBXZneP5R zF0==qZtzl;g+sKzKS0X|TB}RXCtral8djjB=&DAkd3aW@k&%;We@O_(6{<#OPwdyl zuHIgua$3s~y2D(=+mjA1^GsKL1cjcvT&=l6u37olG_4Fi2trd5UuBIc=}*WWkwlh+ zF~eh%NW01DUKh!gFOVyrr={G*MgI<{sa&$e<27{XZF0Mtwd}gOuuE3GRmZ&sXJ#kw z%BSSATeW1n9Uxh{WomNS_vEr~Ysq#$FtVN;lk6{Y*&nrJ4?SSAhBEF{DGrD2Y0*Cw z4)+f@zfHo29WdFU$;&ufE}Nw#n|{D#hb5OiS}r?9OSZ=Wk{xOqvqf@QpO$P-7qX*k zZdj{>)4olQXDDuAoxE>Plk2Y3((QEsbq$l$C34*hwRC&C&>b%5UBjroORjpmmTDgt zs)7vV$u*Vnb8^|IwPgFckd=&Dk~QgmB-edkOShj3U0L56#_T~Si-X0lTCy1jOm;}} z`M8^0wlgiNlA`(_Fxi~svcu%EL$qWMcOfeqwZ@MFGv&I|wR8u#(3Oo^LqfLYvP-mN z2fC20Wd{YFKj#f6uiP`_cB{4QJTC0|*US<2GQ-Z7%jIsDYPn@2kyFT82Yh7!Isy7!Cx>ml^`wd1KJJyBn(3-u9C;I&E60hW*%~ptG zP8uz$5_2ZF@XW61S?FIHz|%!={a|v*-g3zvT9QY(kgO#NBs!A1G`Znex#1`+!-*~o zYuQ4U1`7kp<>tucj?Fu6cuM`DjGhYE|4qE zRaBg%sc1MnyHu_iR#cp=sc1MT`**qG*@}wCYAPCzP2M0^yiQSZjtj+OYTvG4gId?N z^-pYC9+$6(M-^AZO)geMotqZJX;5#<6?ZEtMl=<3lW#r0mn(j&sE9k|@kLpG;tGg5 zdvSPj#kQx4Gf-<iqao|vB6qwoWgQJ+Z=2ll2}Q@%s{LpP zIq%3F-%@m3qv~i#IX}rAe^7KhL)Fm`b2_XN$DDSws8-Bzv#Y1>3}DDPgXE4LMaR1| z`!U;)bEe82^HSE)kaG&qffH&&@*&`R)_BF>eHf1fnj>H zgIr8dwcO<^QPv^Lths!00DoXBhQ`mJ& z8dCjix#SE*$=z-wbL$$t^c0nkQIz~jwI_27pJQH;OTL)8l7@!z+usr$at*_;#Un-i~ZcOX^C^FQL?OL2Jjy+9jQLWh1UsuwQ?fS|kdnrl| z)0H%2yCdY1V^UYrknQHlB~MV49HHBjhHMv+OP-Xvl7?(|j$HCAMaj{+J!!~x|CCE! zle&_IZ1*p@h`1|@f>`HIPtWkMYR&o zcsG)@T-impq4&_!&yq*i!{v_s6dl*QajY}C4l|^>qvVoDDoRdqBRQ_FPa^w{%7@E? zWnsVM=;b20^?XI^3*1=O-L-}+yId|=p(uHruB0K$Zjei^SCpKiD{08GH_0WhSCpKm zD{08G|CUQWrYN~qSJIGW|09=tLs9ZFT}eZh{hwTNZ^}yM8nWymYsCqu4K1pbfHtc3 zWUe90X38Z8C`xY9l{948$#ThwsViy7d5h(e1&Wea>-MA}@vM+bRw_!~q;8(-BWVOt*I+%$an9_CEr$* z+@{-;hJ5#nT=GXn$)|NC4f(FqI&t)APm5|rpXXF1ha2);wp=nxQSxnFNkhInS}r*y zbtMh?u1GHFQ?h?7=g{doPNIZARC2v=h{7|tD)k-|yt4fYAB%Wb% z$svl8Kk7;v63V>HMOV_0c+QYZu2z(6-N40#mv!#`7-2{} zm&+wDRg`S2D``kP_sS*jR+Mb7D``kPFUcjJSCmZGl{6%t&*YLHD@qR1l{6%t#*R4g zG@wPb!ho`*A@QWkCA%w1j&akIwLCJa>ZZSj$TL!InX71dgtDa}^BgO;oTX?vLD|v} zddlRM#fp|Qlr0UZ$B|pEO<_wz?Aau@+^A?dTe&X{xo3;q^1c+dGz6a=a?6($Ess;~ zOGEPcN^bdi3R@bYPqU~v`lQjKTG3~Ya$g#A*wT=F_Q);&t7z#{?n^`VY4ta8_GwOwYGt27WlKZ$$&g$2NnK0RQxL|> zEypQZhIIQf+mL-0$Svn8T1J#D4cTX@+%l|axm4NGkbV9xw>(?Xa-*`PA^Y4Qx4iB^ zTAp9rv>yNKzdF7$o?$hz8e3@#<90!VdiD1ImenR!_wMIxLkN0YuKTE>?k43e>>gDA8Q^7dCS5@!BD9`6wi+}50v>zDhmAtCBY@}h4EOo z!k{mlW$^|cyQ HEYAEtK8aS% literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/.doctrees/proximity-flow.doctree b/ia-terms-updates/en/.doctrees/proximity-flow.doctree new file mode 100644 index 0000000000000000000000000000000000000000..1c5dde15c3f28fb1642d8e503a59f2f899cf8dd0 GIT binary patch literal 89200 zcmeHwX^1$qi(?kR9^{Ib)-29y31EaCR8?0WHKZu@N!-9<0PO5iP;Yfr_H;G+ z+OBTQ%#thXw7F877R8~Cup=aetRoZ-M>uRNsME6K2u1jiA{4$PAF?bvu!5{)pDG6 z$6?;?@Tk+V2QAj_?|ymr%y;j;wR?JatY>X`ok7oLyTixugPLH*B@8IQ0`o8Zr zy;Z-0!+oo_$-?6GCx;(gT~#XGUT52Fx&56=t=ZYCc+6hgtsl9wJ6y8*{hnJL^wB&u zcgS@-R6RUmH!aV@L;UUc&rk19KRiw{k?gv-f6LOy+OOpdgrz}y}Rew zz;P2>RF>m5C@uGchl$_O`*WVpf>&J#iKv>`Hv;#)hpR6Ayj-1BJC;M){ z$s(_YC$CEeDrIzw^9~EmUuWHqw0cY#a-Px^w0Dry#e?Eji zAGxzTsQ;Pz8GQ7K`p4^s>dW;P>mR#xn3H!5ysQ!Lx=^c=UnNw2BCl?&_F6fLW2$wW$7?=l;0+PwCaRpnZ{ zxudMC54x;(&-Iw26xlr&wcKD3GIkG*kWj2B)Qds4+v)Z3joU`Wc+zKfy^Xq>ireZo z8L5Gw8e>>tQ=YYFXF@DECKa42Pul!&65rto7CS)F1JOIV?O%((?TAmy{{< zBqeO)ZhQhW2NkcVIIx*Y`$=C}k4ojmxPB@al;a~&@8T%CH1K@qA6 z{@xQN83Jv6VE-Xd5aBTQgwb`-nR^AwN`ceD0@gEOA_L#P+tgQG7U21Py zn_NX#R@M}uj)SV`W|eKaZBN;%Gg54(-11d=CTL?X)phDmIL3l__kS zn%YE9ok5SAPSiL`i==&ZiTZ}w)dM@dNJ(iF<%bI9N~Pbk+8$} zVULO0=D@>{!07wt+*4k@fv!4CsdakN`iH`@y0oN|6s@DfG#>?HM#i2bsTeX04Bh*U z!bkkrrq`nBlz{whbcbqwVm;(zUIXba8w?pumU{Z*!@>@x~ z!?+yqchRn|E=7cNvQ|%!PfP&3rjF1#FvR!L&`+pJOPHvDaGz5`0;8>C%%dhpumJ3D zS-l;lMT!UY9;J#@nfFiFMBfSqEP?1m%#`E;^l8u)wU3XQuOK5rAuOOG=$*t(X}Y4~ z5H+&OJ=cniHy=jdED{yehdJ&c)FWz#^34J3cStoa!#gfv0kOHGoX%e^o#Cd5XdGoz zFb_jxd`~l&(l?6lTg-op`EPVRa*+AY7c6yn2;Nla-To+Fe;oGuy-s^Gy83v2qQ@ou z=V$kLV_}s)HO~S32{?W~O6!r0vk>lu6Sr{U;yQ7mkU?(aEtHN!*uETHByGHbAlSke ze8j$BXnw%@a2S6H=I1AaU zIYB$Fi3>MH94c`=vZ0wk|NUK)X?v{oZyY92U!qR+HFymPTTzv|uFTvG7g8YapdznnwO=c<>@{A=w(JDJ}u*SC{7^?dS;WaUEZO7q&r zM*iZfZ+vER@Mg)h`}&QS+iLaR#bUMcT4()w^5yacecP&5HntPn2phkaG_GFnx~_M% z*wzNMn_A!e%=Pn?jaysUtes0?^fg_iC|w+euz+nQc?;wJu%GTS?EjkgXbq=B&TcyV=TY*;ntrk-1S!Zf{>KshPrs zdUK=o#?BjQ-AEK(amuD~Q7{r2tdRkxZ;=WaGi*$X?hOTCPh z-|Y5p7kfMEE6wX07xLH6>(=#dr({<*-z;9ccyr@I>H5Icuh)8S+_?5yXY;O`N?)s8 z9o)0G?>gu2rLLOiv+T9?wsrmTjf-2iuHQ0K7jL%B>xtCGw0g6x=j_~TFE=h$uDFF} zW4rC#x|;5@?W@^hFH!2PHypLsd98P~bgNM=uHUvUzG1y~J-vDDO1F4PO{BG3=Qo>o z?Td|zmourtwsG}*t(m)YGpTN0{>=G`p>4GGe8t=`~ZS#3ng19*}Fr@Xi{suAY}O?_=ittM{JAlMnxv9;fJRxqFjy4_(D1X zjc-8{bNqnDCqtF`7&J^!6?#(~il*&0K8Vkl1Wxg(yb^yZwFI?XBI$brflwz+c|*gA+dl zBo3cZAH-)-_iy8KFcFBg^;uWZ63IOqup=-o4x-?@hW8i{QZrx^Zcm{NLjWhR&)fmL zi*{0JyK8J8Pi*c9a7G*Z$$`H)@w>5y%9UH|Hx;|bXxrCP+H4E^b1eY6Xd9AtP`eiB zI9(DO6qne}>UC_io>ig`2GuiX`EI7$2F8raqAtEK=XPmR*c-Tb0Jsd`X@qMNyQ<;u z0tf=QMYHKbj%@||o7l@GH<<6?ZUS9H5gXA6RUEc1H=4U0Kq0^&e}mc)a5Wa7TfoBJ z!0wYCAOgjlRizA2K(h%b!h}I3U=2LD9kFr%7Nam7i{S?kq|wJpAA;@?<$%C zUT?*)408Sd;zV9A5iFU5wE{F`^ij~#_wS>nmm)148=e3Nj`gf&g+m>qzR$n6lB$|c zCN-Vm2Q90snv>PCsjN}83{_Kg9Zz*Fg%>F+n|1I-)n=)hp|hHmGEE~{OD2;k)6rSh zGSk^wP0yN+nZzfSVHi~`CX+@|OJ{0K*Qu7OmS$PIh87&h&ZJG%P%~94tvQCBOlI|D z#=={>mULL!veFs7W~WsvmC9IFl77ypI><|^ppz)CfyP=&t)^5Xg;+!_W9U`gHnOP3 zw31boX%6U4n_5QN_V-SQ1G)Li9Jv`D+io@2ysky(EspZo5S$7)j8I@adV6>j!II4Z z1#^Z+9E|&**$4ceTv7yE>ir7NU(iVk^0&W?w){oosfY*$sG{KqFSL1Juif#;e`$9F zz$B3TsqcgC{KA~>&{QlH?wdmz8oMYbV{RLl5Q_R7R^jTJvaGGD%V(9B2mni)lC(J2 z)+oS4|GlKF6R;K_Qat`FU$^7+S^pilfs-A=^RS~XoaTcj0bC@kuP2aNrGjwSJii{@ zIQ^+lQ5&pPWe$O)15*G9A#3@cDGHG){{wA0k$bnlvsNnT@Hj`DL7o&IC0jP!T%v5?tDQYh68+UP|a|^;4-_Hd}<6=L@A&+0aYn99Q!)SM#D? z%I2Wv;FIlL{Dlf_axmxJP$3u!e6#n0uE^mFDEDBX$HD*5r2-=j}|TJ-JCSrJ~**OZrp zFCG9suK;@4alF&wF`%9j(e0!7d?2r=M-I09SK(|2nl9iV=bn@rLC)vspO^5FB2bTV zr0Fqat!6bnMm%qKB=Uq$lPw20Q=A~-B80UL;N$n;856iMXpKuHTytLD#~v%ZAT8)% z-4(m(;-@{OFwXT;MygaUm0=(AdV%a?&deqAYDp`qsT|oyV(+b67m75`i%LahvhER5 zB+Kt`;_fWH_ODrwq-Ca;iI{1Ty!NW<9(;5vew?=hPJ)gA-w9X?C!K=-#6Vl2;GVdS}q51Dm|Ey@8L^ok%>fe{H|3hhoi(H2Km5N`EDB6~G)DP*M7!^1q5mxZX) z5)S(Ri!tbO&AJ{EGP-7c9}c8idODLyr&Ad{lT4fGTAIn=O}d&k@Ov_)(B(-npXf;M1hM6*~WF{qghJK~-Cz;kzn)eZ{&^r_K zrKrbg1fVim4e=v9*C&3jq4!jy4qAALR1I95V`kFWio}r|C?zawJ)`&{pW0Uu6{0qnuN@sbGAw?N{ zh5Ct38r|$j{Z+J|#rV@ZbL0(Td3cKP;vDg11vSyv;3~BbE~9=tt77~~mdv!xYYD%$ z@Kp-$(3^~I_>^T0BWY;}Q>HBqfeS4KdDhLOO2JG$g?}~Mu~d}@4G}n`rxZK1)HFV^ zvS}l0v!sJSB)*`JlA4BKsAl7RGKI(@p4%Ga8r%cF5eSXYpsSLKkUuEPw2bN`b;L|G z{71oHI2(Mjpsx}5zvn;SPV;MEIW+5J%Mj$qsuBI|Jf~}b< zL#ec*IyEP$nc1Yt(zb3mYBpm#kYv+jwo$_`SyEFpg@Cf1);0WUI4q^wj)vH9735AH z3DB3JK{E^rLK|5loo1%4>uIJMI?~6enPfFy0oJIJ|WeD|oAlj3LoI zDG!T!A3QGB&xFw*+sdQWv{*TNQ`by4A4cura_ggWcoE$q+z7iry4*@)xkdYK%h-vb zeZgh9RY=dUUvtAxIfm!7MMR(C1#R1T{wur@JAC4uD0XwF%c!bOZ*vvU`&FL2WHp7v zC9UG+<+HpNd`WP-b=s2k@Ubk9=X;A?xH<9#z5&5OhO$*4HV|>NsZFu_S!W3viBGcdmZ0;^uXQo|VyMv3ZVfuMo6WN#+XJx=tXT>+4*k3%5?Bs9W56%R;$ zS!Y-i>T(b{r4J}>i##yMA~g9kKe1q?J;3&AZ{jyD`phbXgP!`DTCzI>Y_aXk{Kgt! zbCEWRCw^6Rd;R+KhJd7WdppzLZz5LQ<`~S0wNqNTp5^u@zN}d-whf2Ui&fVHT6LY05-LTm zJ!m%N&wwku!^<&29&Ln^3PrZU7t_bQ`DQVFz@jeG3`A4RV)|H2AB&*f0}tAL%}pP{ zg6_jz93Uc1-_(2pgzcb{+?00P zKk^Zzn4E*@2vP*z<_jAD;|Pf&(Hs%<#`GOo^m=qhHXE)MKRJidv|6Mc*$lp;9ogX@ zi0#;~O9lqwN4<@^clte(ByQs(Ha&fzGZUIha`%c%kUP#hAHO3cBbxm2EalQfg5CfN zgq1f>7f+uexu_4Y7cB^F&U=J;=JbO!xf^x73DA=qr*}?iKA5 zBfOQ;eT?G`h~J@rzY-I=-s<)lCK11j%m0vxU<@cG=bB zs*Y%wzN!OgCypUOD{haNpboM z+vEiKAovXjon#Edq+Mtq48u76PD&;4Pfgbt%L2)w+ZrC}Re&ALEW@6BN(WFTMX(zQ zR55%A4+p~#pa*@}5A2866{#;pKoJ}KO>vl$LGTm~U6Sn*1WLyk0Kx=l6v1~=9P$Ey z0`E)k8+P}@(pjwrU<&;XlmSpoH645ZXa)Sx8DKzYlY@zH3J$Fqs2x9nQ?*Q*gQci$ z4y-|Y04r5%5-^041g64yH_idj1(1vnZ^@(#2Q@%qPzvAhuK?uX)B|>6V5~Vbi27gS zUlApH>k~Y7P&0vi(x7w%G8sUvv{79;aHhGY;@iX&khyIso@Df@*1T#&Q~9YsNSw4U#2@ z5uG(nO&+7K~t=8iVZcJwjo-k3Hz8;0ja8LH3Po@O$EFffSQokh&`J^abWQw zF+P}YI>ipem;sOps2M>uO&w?_;GYPNruzK0CsMDCQ*Tub8%R0Z)Noi=uQ@r?@IbQm*iU4_X{W>seCMkb@ik{67M zlotu|+ymj9PIV@$XCa^*t_mwm(9aqmj{s?+46G2RSHN@eoWmh4NI??+)9^dZDrC#3 z4AnvN+-#lE$9bS;tI3*X18WGFq=xlH$v|t0N?5TNSmM^ zr#mqmDS%Fa(@y&5`BT6nPLM#j2jldom}aG_rj|lVxiqtCjA7UbD47I2(u}3^dqBO@ zDK>yY)ivNc{rQ?r))Z%)PR1CFKc)bh@iAZ-;5Ffis~{1;(pn}Co#=TC!1Z+6fgYy$ zoIuSqLnrA=?p=}86I`2s%>;v%{+5QhWFj;>kUwFwvt0hf-zH|)iJDb zEZ<~*ApGfL4a;Ljc{Ce-ZeSb@-lqH1O$Y`cklPN4evQ^uu*~mL!z{24WXjS5)7fbWS(j3$1Vrjlunp2QzX1HOo zG!Fx5>BZ7~u{0l9)`zk&;tr0voHIi?i>0{;buX6Yw9uGvc67Sq9mw2bX|6Ap<}f5U z70egcIGH(JY8FfLN$0QwU7|3(^7VPBHs5QSm5X8&>KBa_7_4DN5KO2M`s@>6R@)8r`({~hpBPN#)8 z^;7e30m1npzbG;V5y zv#yOy_sGWX1c&b;ANy}Yj)w0dRmn>)*uZgDxA+}9t6itRSHD9xgZWv??p zdR5T8mqz-6PWoAG_f3A+nmqZne5Hf@_U@Z+T5sY+B93PA18@`TAFshBxma#h0B@Z3 zy?@FLr`;T)3uhUZ{lhoWUW=n*v!0B8L1$y+e~|-b;?X=IGe%jr9FehkD1`mX*!Y2z zv9`xVZJ8mXy%*)szI&&RwGi#y96ZAQdpCZ(bFA(0-cfqrJ)H}N5=mC&nC?B2I;My7 z##qzC%Ba%lAkTv*#9~AA0OVLxj_syMutgae5g$DuirK=<0Hq#~3H?!eguPtjdg;YaZqy zR=1+3dE@m9cWym^er3iQi`bKSScq8tl4sTAapm4LM?^!k1?kG%ojoCI`jet81m35>uzdxOuVGQRXBVzSB zau9uXcZJGnW-6Ufwfj~%bF8t*V9tX~#Ojtj79tP(k2N7Aa93uW+j+%0Q&m^CQCYo!`^wADYT!2g^ zIUk?oOhVNYdh&sg9I?@Kf<5g1z9lF-+WV*@HxJ7ZOMs^22pMa2Ogok@?9uU{kFvKx zrV@W4J(l)jLgI_jk&Pz5SYSRf<|D>@WSo=+;InC^FkNMn4A>hdoneG*2SgEv0|1$^ zRnw~0RAyLe7D!&xMp{6?q|CIQrK1V}{4+zfY@onvHlUU&o@uEhF2PA7m*3PBg;}1W z5T_n=SQFDkK0rDF0Gv`4c@&dKfsxUWpD>GDf=Kjl96v6*I;4&30PgzX?$}Fcd1>CM; zmW$;Qu6Z%@>9Se?Agfp+l8wBY%cit+4mjROeHl(4kYuHtnpexH6ys7d)k4}R6q0$p zRMG$$hOXqY=q-@K>AZ>V7I1A0a&DH=rBW#$r7uhM=}6^?9SXgGD~<78vWTM=dE7UX z&*A=;B52JUdaeNSjl7;K>FEM;x&lXw+hs}s1!r>+`b?@1_X}&9S&{tRt^VQ3YT8VhdI36`Gc_%jDHd~OXm6pUo2p(eWr;tzY%*0c3RNu++uN|UF(dPuJF~!V^9=X)rkvYg8Fgk63K75sG23HVjhPr3Z-H}hoojmaq+o*v^JrD@}v4k`s` z^kf33Y<1(NW~`-*H8u6xsENCS(Eo zo=pM4pEYYW3)iS;ECA3o702HwIW$Z*k^tLDWJX3}U}TimZO5!ut4u>JDP2mFa5sI% z`oc12&&Cfpj=17}N#98gXU<5CRv-7bf?d%S)Sl#RH0ggXGR%q+&8!-9Db71CF zM~BiNr@3h(xim}HkZRch*Wixe@;|L+L-(B&jz!@BV+|VWz~j->nr*8%mX$$bWCy1a zkQq6H6w@^rCp~Fn0#$7TiIMeWHDy;*tP0h(Od0^>q{iV(AcQj!D;4CYW< z{+B(3T?XW3sNr2y_F}tD9>a~8TN>46e}%NzZX<4p{}$VAw5Pk+ZkuxacmEo+*lt5w z*kIl0E7^ExX0hEif~Z(*w~Ze$j-_|e813v>pbYs=jNgvxW#rGDH@{PQ+5a!+ilzsaVAY%5iYjd7Ducn z9kE_)w=K5Y7TayU@my@TEwOw#9avZx9#TZGsW+mF>3RP~YF0b4YILp}rpq zPt1jf`ZnB1-s_~iv|uD#I?_T@%6GSijPF2Y^POeDKt-}@>`L=ZP)g{|pHQmmQ}~T; z{PIuADK(choyoTkbVR220xHMJG}me>7kEj<>oObHtD#NGY8|P3RaqZYJ-QXH-EZ!Q zOxyvzJT>-Y3MGL8S0MI-1!XedyoYS?vOkJlXExH=cd@}R)`pFw^T-2UqYK|a0nZ7J zpL@LfeujOz+#U(=Tl`oVUDd~F+M6=_DVZ`Gte5$+kBEHP$?#m{Z_gQWd3C~X;X9rz z`#X5D?3>6@9&m>4a#)NcAESUL_cM}#J`&SorrN%ee>|dtFP-`B-M4m6*PpB(t{=IB zA6Ddp;j=~DCulRJ)ZVl<`I${A924FIl>D0*VsZvIZ2Tdi(vHr0urN<#N zp9y;yy}Tvjm-Jb#ZdC-S^fc`d^_ZV6c zepDItc;GQ-b%`oiXZC}Eg{PRyAKP8D-d|`btdlg061&azn@@A%TiWA zGHy4(kzfVKb~{_J>V7M3+i~eofus1n#x-4iCK!pk7TaEp^{y~n`RL4GC!Nvl^psYo z2l_?|3GRE!7Tt)_Wj(UVG+JU3P*|W}k=g0x8xUWIQP1c`1U`KDf$lTu)M`x^jd2O+ zv3}2G7(AuL3G`N#+{EUUdZ+139(3ijU<&wuPYBtWRpnY6vkDDU{&Gp_bo(TFAix`R z>7#ystzb+V_ zZ?bE=IggmluW9ikmYygjZ*UPr37$woF(tNf)SHMs?UTxRb{%p<@(e21Sr5IWp(?;M z(33*b#ZSr=@cS&kYKZHXFn+ggT_~PeU0MCXxw9L|*l^_nncic(bJnZ^jU)I5pFY7qZ5+ivveO%R;jJFj!XC`Ne%)DD zE;FYibG~`tS<9~~)P>{Gs-$opm2+Y!Ip;B~akQbxr2yKH*w<_tHbfP~_0KMnh<+Py zv2h6hNV)TE%!n)wlVq#*IadpYgw}+i5wa%e-+`(Ne4tI<%b9vrmp;&C>ZQ$lIkSLN z#Mk+!qn-a<>ipM{!!bTEpAQG->#nPT(0u1Ugysqf&71obn&~sc@UWQ9cZZKBXqsre zk2o$?BwRp+8cwf(%FLK4+I*%M^#&I%M_+^n z{AXiGDP0`-(_A>~>c(vz{g|@!TC5fBW33Pl3Nah*=&|9ECLC_K@==%jNxr6#1N*oh z7W?J-W7+sBzKIOy@bT5Kyl8f&Q3$5Ft7Nf$f(u2gX>NkQIsCDem3Q-^C~zc(Kl1J* zl*>TW0N{?mC_|-;EQJrl!T#6tg@xZ3`!Dzy!-e|7yJgWD_JL@N>wR7$f&FLu71-&@ z(D+f*)%Y>0aCCm6byY1-$jC<>m$L?jRvNY zo8;*t;)O`;$S#NC6A}beSexQTa-*Y=zji}J$9l{gH2V~GqGyPFVe`C?YcDfYs;TL<-cag}O(y8_>1fy{8ZVeWgSF<;4+pSyJ)}Z*F4EykDw&nJz-hoF% zP{kB#LUgC!u{+JxCF-)nP<_)=5YM3x!uT&@dC_se)xmAMiIjY(DGXWiCdCfONZ3@y zlMwAeu+EPsAsWaK6%^Yen7|iYf23RwbmqkvIwKd6x5!vY(+V zQ*a8AO+O|!A`yXLi5Mg@4EcJ+gOL8ukX7s}-b4WTta246Ue>!7wns>;c_>y&6{3X{ z3}0EHAfV@$B?4Ydui}_N6>TZ2b`?r@A@TtQ8EG?_3Zi*xB}z0YgWtH~H$;1WquNP_8fC8Nq2NiMBPjy|V!YqqYh z{ZAttE9q&=&T?)@J|3)AZf$sw+}CZt-+s?QLrDaYN7@QUV1(7eCaqj(_bGsjIPwj$ z7wr|Xo57o6mR%2dA$b=xDw-7)-0b+pNm#0#P7}g{o9yN80Pz|7CuD~pLVQnzU*zpl z>l9k=pdD(Se-iA$MhPaC(g63Eg`EsK)JtQ$QnrSXI!3VQ0Qw+ixWLD2tkG1(cM8J=6++K}p2->Ui2o$?LcTSIV$%}pQ}~XD zo=?Zs*{}^N8`sm>Amfqcjm>mGf>{r(y($W6jy~lODgnT z@lX$u<0%z8I1u54o&5RH=R`(GD`ULPACcH4wQiPYBk4WD7?&~tm28X;YOcLIA( z51-(~4G(#JXLoo6e2qW|>L>Z9qu%Pb@$IOG zZR;PorGIDb{Ob>U_T>5&^|KJZj*g+ULQCPpP}BYo#2^mB;eT*(f!>}B4G}Hy!@I5X)vX{yEhewG$sj z(fD?v@kdlXrh)hlG7!N4JhwMOGCm0LEC#Rkzk-fIbwX%h#4-&30CVu8bI#sbg}wU- z`?^PW;nIyVT59j{=;Ls}^Alu#Y(nI#q)&6nh6bGq^*3BCQQb211sp2QGDH-cijIK# zp4%HxlTSkL3Ny(H9|a?#19d1=c*y63ED_kdcQI-wcVO#^Np)sx)97PTfqGSw`ZT zb3UEA=g1opk}*@1WJ8&QHpE3x*xpzT32$xsr&D{x-9oX_nqE5M7QQ9sgD9SLc;g{O zn?g|^zWl(O*kf7Y6-8raQfrpNhoNx(1{cnmvc|3Iuk!JS#*Cn#>FJ2UJRXhU2Mvc& z{jlNRi_tI{$)MrXfi?uf1_iA%MI*qf*rbME%3k5XsCU0bn8zB+>EINrj#9gBYfu?V3Y{JG@aY!nBFP|QGaobb^D z9!`jPOzP~|(|{3YV=#hn9A~I+;i0z12##a;k4bW-fH(vl0X||ciem&mf!7ZPlo1s-J zts=bsl>m+4$0+X?R3O^CA4~zQ{zgb#Sqq^L;^4J77%e(UeIY>8sHLSd(xLSf2fc$$ zeQF^LhD3Y(pfL+Rd?0epoG=}EfU7usVI1)xK^`J&0Ffy#S>;3y+;$(B1B@&V974yL zzd{1CfFp**$xoc~vcl^&R#rj)lMg*uxzefP;2j}6_!&^;TD1YN$BJ_Lb-^eC9=r}( z1Q`!2<4w%wOa?fh^1Kb$UU3H~4XmdP?e_~O5jw?kj zU#7{>agl``T@r;jCSxT!)Wo$FZsOd&B1(yqy$ViBx~)MA2YlO`ShfP;qNO=S-Z=d} zEapORv21kU!>3fmEe}{Vs}J~FbpRY3$%;hNpnpCa!*l>sTH?dN8?o9uVAoi!oCN`f zMxf&ME7-5_3ucuIZDc)%Jd8;A)e%(AxTyK3r^AmxAm3Tw=NiMu5lr2c+^aNJz^t=Y zx4#p02a5*z**^$?8YerB{bN1RqAt0=0Iu%R&l zQpS-()P~5Y?^hjw$}CWix;+0Jav69vf!HEj%sd+hYWX=^8e>a9$;e~l89HeD1Ypn( z{a>6I&nl;-&0pu$o{>x)IYqv-`<0iz{W1O@MMfrsZ%&T}E|U@HQ5g9GSZexN`91FS z%jC5k2-0*rhEG6|mvwx1P)HM%jT=bmkl%5QH#T#V2TQ( zouB7(<;)yob2%Q;}tKSPi`%3Gf~Zme{iOBSo?14hwxTM%xtH4ca~|mg`{+ zdzw8tI)ll!k4NXVu=r2zmw+e~MYKIV#EQsW5GU@Em(k}eobRB0;oag92<`>a+4wbd zV1m~dxG$31d%<158H3T}_5E$mB1qZA&@&|);ERrQ`A64M6V7o&LoVTPQ|%82kMU1@ z&VcfnD6W4tfe-t`WBen|q3QY>V7T_;G5!sTJ|sLwkK{WTyr`B4p2yP?Udyk{>0o4& z^Sy%=53#npKui4@#xUwYvJ@x595Y?Jeshc;I+(k$Tt2OKe2M3(+7>v!=F5; zl_;UHrVc9fj!zs!#MkDuL6kr2Nh8w6xXGC`W%!C1xbDMm9TkgxyFZgOJ1S=p&5k|} zmGfLo&HiSo+2{5dWel65D&pFK0oj35)9k>gYiV&a@UV55MmoyE7#d7P-eLVE622C- zH=i5RpU{{6EzTX@%L6UWdno#l7Ux@JBCct^G~7T&rg)H&^!3?30gjm(4-~C zSGZ)O!Vl~{@p~qc+K#@9>uv0iCVpv}%8c#Pf9E?psSADv9%SPeLH2m?7fFLdze5hd zQTZt3`LA#uO}C2_Dkq+Qm9qvsKNEZNHEe_mV+$hO1i|8yi)fK=>0*0MQg}T2IIQ3w z?w87E_u$CF%6w|Vyx$+1hB1>=eZyo7T3F>D#-NY3O9C#wPdOcy_6a&Re7f)Uo2rv1mtnRq96PC#>>3zT;t)P3YgFKs1IV zQqv**ZVtY#A`L9L?jgRvmGumj4lJ&=pyfX};c@Q#A(FM#XQ zk-1^TR3I)Zzmr(m;w{XiWK{I0tJTz_OMI3P-qrNdk?q4T&Y4iAHpJaHvGR%4&}RWXVO|18_I0qF|2_GH2xF~ zPH(UffqsZIBx;JkWBRJmCQXc@;vPM>6qMoNpg2NSPo2ePr}-%R9wD( zAMy3$yqSIQb-E8c)m7&MC{$s3>BySkpG+9QUy?4%gN5z96W-U&htU--c2Q3Z_FuSM zf?-lDm%@jk)Vvl`CT~lbEUzgK;>=)30o5E=Zoi-8_68?qf=@OYaK!nk(D8gIM-c^M zLkqkG!p5z{`zKH#2juB7`a+(3p7Ug;YH~Zg!&!mA!PN(Q$TFmaT8KM3f1XBXz)6}( zy0q54IiF6oD!d^f2K%ro(?6Zs5TD7#8en?qi1`u$fa#x3ZHVJw1RidB=}1EYdOiKq zsSRSwgy>z6Z3Fj?`UwoGxz$KjvC+p$x-9+9V&uZP zV*hO6q0B!|;JZlXpW$fcpO?ww^!y9UgFBFXS}5ZLZYGy^*heybM6a?(Vgx#FkE@Vu zWc84@6b&Cj%|YLvkI{FT@#c#pdXfoP%!F6k+X&_)lpMbv3fHf@EtcpEc;1J0hbIoW zhs4YjUlcc{Q2Ga?8t_EE>VRp;wuPJLU9aAvBqIC+as9gk=zEw{i8BYuCWzlbQ{NbsviSL!`(nC=e5!aEgCAx>#5{xDJeuTOk~``>8cx zMQIZ8w&gpULZ1E1%_hyLl;D*pmFO>X>Rt+2&0A>(~N)X*F+nAmY0`a0B%c^o`^{2 zgJ}h+uKKP;cOoJ?l9>FxV5Wcf5f;eA=l3BKyVD$n;Z6b>%X}^iAD*Wk;%UYvaP2I- z08F=zi$qa<-0?<(vs`LB%P7@q@vKB}mIi&gqk`x3iX<9(F}s??|1|tBbtm@RsqUA& zabxyn@X4Qq_Fq@P?XT>E+do3w{?dHKkU@km@=r&tdGUd+M)*eV*0ek=I zKG^%C#NMCZFMAJQ;P^QH!2E^+1IG(YG;kiDMy$ZI#$|)j7BNTIs93g-FJro_2k*KS zu3ktB!)1%e3+AoKk$Okk4o3DL>|TW=w5OKuap*^^<1m@Nmwnr+3^Ord)7}&M;2?)_OEkPY^*BUxS?}E$rfqx!q+&+ zC){({J*z2Zg!!)ix85h2c8nbV? zf6j+itnt4?mfUB>0Ym=pJ{a{ zbhz;f0vd1aHqJZ+bvW)dUgf{mU%<~%LS&n=uHj*?Gw1=JUVm};0e<~8Yy>)20Rfwc za(TON?VcV!+3)nN=I*7(hD-7r=HS->qIUJihbIyGp)9Huzpkspy5#>l=r!@%30&A+sap13dW(ji1ckkw-Qjb!PNz@l(<3i0 zJw7}E9{1aWR%M%}j$J%C33KXpD`W*x)I*gY6;FJ)nOC7JODcBL@*q9bqF*3*aJw()urj47zo)%o5P{Rvj zZ^o)<+=i45Pl|dcv_JY{tnly|qTd6P>R?Y3{n;I!Xj<*f0dA28w;lZcKGxnHz8}k$ zPS2@0jIN18GcM=yVZ^j*F7f9Wu88j9jD@?sTR%KJX$|_FO898_J{O{O!Wp!>&>vs? zz*PPKDUDgLZ8d4wp5{-uVAIftkGdWkIGxINi^S;}+`QKDSS4DLONiaC+;crwi09K4 zc#sGQQb&9$k4UwEiXBI1kf7fW^+IC&&nh)!M)r2^;Py8935_5XFxNxYrrI0~_ftJ< z3qvJ-g?K(ox&^7B1jNt)TqL)9<(X43G^`sQJfY6umc1@y9ki2T3_n!w_q*QOxpR2z zt#)_%b==k5>203d9X?NAasu#W1?g)sJh*0HcofeQFR2Fjd9qit$Ev3%VfCMo)suTb z;(C|$R$bPw@iw6R=j#1d6OA21=oA{{;Ka+Nqr(>X1$3&kl!bo9TNNFUJEIED{l;-(;gW0e*U}owbJb1Y6HRA7vRBw9t^zDHE@}; z5T)-9x@h7gs1pZwgbjEb($lfsb`3Hhjly$eCSX#>zH?h7yv>e9iGqnTvPh7bR+TwW z-yM)pXRMD#p2t*g-K{X(^Vh6cjzdP4ll?5!Os3ak&6+T2Zx0W#_Pt$PLohrlObPTC zqDXgtLpk~tapxZwoM%B4M5_+;`VPKM31 zI|H(4xFgc;G@C+@Fy|d9_|LzLQExb4{-wvg@87*aw@+FbRTaTyKCSMDN^Ir+4=pY^$5t z;+ez~Za)D{^CmtMFWTn;!#)YG^w&uIX6%~{pY*5d$A?dd zn>U}haJ77m=1l1((MIL3@M;>rihty#gHsuiJr6nWkv&j^wkpe`JxM_CmldpcX)6Wd zBy#LKk>js_5VLpxbici8{9}}e^o`pswtMN&eml9ox09Hn6J)CsoTGfqFwFjVW7fu2 znozZb>vd-L|G&lT|9^Q<{r_;-e>Qw7Pz!E+pK{xFbKsD%-z2SBa>z>&d$(7~BOg>( F|3BjUr;-2w literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/.doctrees/pseudonyms.doctree b/ia-terms-updates/en/.doctrees/pseudonyms.doctree new file mode 100644 index 0000000000000000000000000000000000000000..21ada8456abea9205ea432caa06cb1f9619d31ef GIT binary patch literal 38995 zcmeHQ3y>T~d6q5Ro$mCoB+D|g5gtoeFKc#B_mFJK#yaj!(&=#$x|5AXDlT7Zrl+T;zpwxQ@4uh>WY0TKzk3b)&$`K|C~A2rCFOEuEhigw zYkf}3R!ef(tiPjv;EnYs>ieyJU0O7>s-BhW)*7V9DrzyO%jNo2Jlss_O|@vGoDBN1 zS}E|p(qp~ciBkt2eO)S*y838l;9F1rI{x1KttWq@uJm24EB)5GS$T=R+9vf=bt;wB zTai!%v#xA3<|J!CGEH5btD1m7MP94s3>44m%N8ZWKqRhv%2LU`TA!;{yqh^Gdrg<; zS(^T(Qt_BkkqGMgiY^5aNFpzKiATKyT9CfxOMc6KAyNE2AC?EI6- z$@6MiHC3%_q;$iqTkDEyS+1Y$sm=lPtwwduFjW&2YGq$qmwm9eE0q%7FsHvkKs_8g zCMag9I4~dx!hLgk`c(s*zO{Jjf2)T*wx4dboI9I5Ko|mR%B`SE*$MJ*$KNje-GRS5 zK~?X(rk5ltD}Ai4>``7>Rqj#-m3_*7<-plqWN@e&l7V&OoL-lBHuTCt-z#gCy~Iu|+j!D#wJOQJ0M#_O73g6W!)*QyIzGTB!)a20S#7I99H@b>q-z-CA4K)w*>s zJ~GNoD(BRkWJ|Sm!@;`ph(WBLM+Hnd%npQAgmNXc7MSpc*Fv@ImAq{|=yEPoluc9C z#ifu+aB5-Nt>^pOaNjz=Sj2Di0|=#lUj+4yAFnH!C+do%JnmAhI8<*6rFt=x>P=)P zny7x91b$J{%W63r<+z0u;lP%P#dS7tO%bUZ@i?yv8 zdAPOM8cLoXMxG3-;gL61EDEL~3-XdwsuX2|ktf04=7>B~Q4NnevbX{o5uqeYWm7OU zVU95-a>nEVN07H#)5&IBcZqr?9#Lp)L#1q+kEnjD*Oc_U?6usmu;bt?b75*iJUKZ* zO@~=Aj-}IDMJ}tkR9QCDMny)GWk-nfGK2@hqLszNnL%;*NXoYV)If8?XZ2}nj#8pT zPP^fca+?q|sm$UX>F}du=RSbO=4BirDIr>q-*TZYoDsy65Leo%3^BBtHuAbMBNl zHs(>WxVV^-^3a65wvbYx3@V!1G(0w`S~S!1DlAAE#zjNCrY~pgh+;9H&$#|(Myi^M zro+LLjm%)GlACWJs;8J2CCSH$8{xsf%Ee=K3dG5|J(8TDDmj{vIh-2uxQb^pf|832 z8rX1EMKm0BJ1h?Q$Z?T823s#Y5MJAabEUxz)P1Fl?u@4eYmJyy&+!w{)d|)z)R4scFl`t zSzj5+%jHmc>C%!k+L3Kda^kll?o*eGpbfdd8~N}o$X$^fgnFgo(QYjWGHB43W_xD5_qmUepylYw2cZISHukTWjp6QmkfW*L7&c#FgPteG#)!+t!ALfuEJ)XVxudD(-kfV6d=@0wpL0|A^rf*! z*QEvV_v!AAC@-b(uU3)pPr4}QrJ`uhO_=G)>GbStXVVX0#P@#u(X{DZ!($iDq|RkhLxYFW znH)Wu8a$jD96UNq|4vSyYM`b^#zdFl(-=3xQ<2wkhhsI0!;Og;Nz5f8=FCIB@k1JH zHg(J&%X&(c&H0q3=hK**Nz<@-I;TtXrbzK(K{I5rfN2_WQJxc}VxC3}m6Fjw!rH>3 zf27d4^$3{a1a$vl4mTAEciM(K>q$ZEuWB?X>ftrDYnZ?YssgZ?zS?$fJ*bl_h8p@& z4l^AI)2Y?T4qygrRW4`s;a-!Mn{i$X z;-p&-=c`v-r9pz}iyYwLNPx7a09xuZUa`eC_&Gzxk`J@0W6?)o{tKe&w^Poo2lI57 zFum_`utSkxB?8NAwK#U^q*teTSeNQt3X{NTxhm#V+{0R{IeY3wT$GBKzE4X!mhzYw zhX+UzOASQK*~wT{la?45KO$7c>=mcsOh-bimGYWFf2i z=m^Goe4OKaBvKO2#7HC)j}Q|x6XKbNI=A75T%>uL1sOtQWQ&?Xq5{(`9v*Cvj9w#0 z4}3g$F&+o5OvF}7+pM=L2WMh5k_me-#gU1ND-;Q~46KZX9+ur;!Z0)#CJg;t7%Dyv z0+AjKCs!m2(Iw!}k3>Re_I_sS!o`Ic{b9IsWmGr3)8agne@uBV3=!rqz`cg5RTlg` zU@yjl+P2Tz?xP&z(MXKUQ?UhId~n>W-bfkqd1j7yG1(OtvgyH*bc0~`+k%aU{(ALC zhJfw#(;VzQkzi*?t1r^hL`Nnkm$F#<#s!Mo_|&{sEu$0=+O%JOL>bAYa$aUDKhg_B zslimEDsS<>KAZ)y*_tx%6LMRS^pc3xmr^lI zeAm%qA2NRLp*hS+jsFRb;8-MrDME1R`K@Io2zJ*202}?&u2x- z)Q5@U*oP43;X2N7b@EY;@OUJ`Awqaz?DFhspUI(>4OBomM{6lqM+vuS{2e)pA_rZp zUIsE?S=<;8#$FDiP2Rl3_eGZYF;?P>lhe#+5KoUywQnTQ=!=S)S41o@uIkKDpyhYy zA7csCoLa;}7_p*jv}QzfjYX6x-OSq#-(`Ax1k}HHcGLXAN$8aH!EB?+8!o z6Z_~C9(iZD^h7E_{PJ<8UKPpIgsT(cgF_-2FmbTuAY{OX4UU8vuq`$Z+|UjB#~Z_* zdDxL#)Iz|}?{a((MB;mZ;hUQ9wZ0KTNn=LL$;fJOB_mvmbu=;Mt5AOLK^TpOz+^w- zGaSi@NF;XufvlH!{_?q5@zUhXMRE4wi@pJZW@MbT64s5WSa^z_lu?1ZD2wKDMP^=O zSPgEsYmnYzZ?M!p*ip|t8r(j07iHp{j74&?;7RY;?Cd1zI#gU7KQ}cwJu4DdvDKXo zhuN^PhK?39lbVZjk^x^cTU6oIh{R@kaJW(LcQwD}d%;Ir+k_r}GhB??Sb-H4n-lu# zNJ2Ft^sKxrjCmaRD3llEA}Ul*p;N9y6<9~UqN@v1cA0h5F|ChbR&zPcFGLKEh(1F1 z_^!o;#@ULS8dCeXqep`8WjylOy5h2xdKBJf2Fp;M46%6bDi{qCDS83{ysv=|}M(Vmtr zi_1x!j3iYiQqNzQ@C^lpFSDhUz|NxIp~0aMad0$ETeYz5sEWCXOoMlq!N6Hr%}N=} zhcvJHU02d_{xKnb@3G}hW~@eGI4dV3Sz#9F;>5IXS3t~y97&%Gu!5mN!_={B1zvC? zNnj^e&V}(q@jj7S=iGbz$XuFMw^*F1Q;|$z-;j`bXn0(lxzr#+i^HrRGkYnGM~$sj z-{NpqG_dE(vnakO59e)uoDDhh!kvyR92*V5{*G}G6Ly}#X!ZtzPSJ=r7VLFjB7Cv+ zY>^N&z=y;i=RtAjY`XhAM?DpZ`U+La%*CmR^!U`Ic!3ST@xJ1thP{zy*|vGZBhK~5W0sLK zbS9Fan~9-{Ay;!+dAY=Po*oODcD_)9H}6&tM*r1Z-P-KECensg{;_HAW7fsAg8gM_ zy$V-ePt!aB<{5ITGqHdjZK6$QNSwoS+WQLI7Rz?S_BqQHefu_*UK$$MkFByj*jrMR zeUGexi!MML+txr7-(*#|uy)Owuzgk>IuI7lBaO17aEAWDHdSR`;S^mSINMj9D@@^% zZ#!}dRG9X~S+_i-NT#6Te?zDm*!ffxu!WWvD&nbIzDJQ&%<^5OLIujVfic&Q?a)$Q zmnw>npw}M1Va*zkBevPiE8VdHQMjmUH2;I$h*WG{aC}VKET@&J@e{Bu(WKqL22x`a zoVG}5C2TBQE@@Rmz-LW0tHRxY3qh~ZG(pwC$Z**ZG+n^#c-fHH#wyC;Joe(5_@hkF z4>VK*8y3NuJu!tXG=h}XHNy~iM@n!!7(-aZl$KUCvDt4yh9V;aILMe$mx}nTyhP{J*k=QVakr)OPh1BJI6`)uNO{z9seypluA0SIuLg7m4>)CUs{{Ejv zP~Q!WuAo<92zr?$+||B~&`B=y)j8SQg?P&%s*VheYKXQ>i==U0W6KgWtEAhVA*DY} z-wIQDC{=r<@0+xDnQ}FE?_IptW8ifR&(laV|G{HJ)oAMe^O4+=J7VE z6!y-lIursQpyLjN-Df1&fSD2mV0TKGrTw#*I@T5qfgTKC&#Y$vGnlAZbVCYCRu9Rh;2J1qcum> zqg8-yr5%mDlENOjNPjm5Qb)=^j-){;-^rS<4Rcjmk&r2(LGU$TUgO_SPcm4nQ1U&t zc3&>5*b!gGMtWxJ(f&w69<$YDd)NGuX^UAvj|wkPA!td*)>s+1IKLDFXRt=G8@2ES zycK$GfUn;Ej7qel@F(<--v&&h+CGm+*92UIlWRAc*=1or?Q}OtO=-n~iD8@KqO{B$ z5QFJHd*&H{W_AvQ(en)|g-uWLpL5B4313;6dSLfz;YGZa7@1?2;7Z`E1bebZ*srn0 zTT=0mkdxuM=g1(!UtlaR!%&v?8QfQ(18$5^_I~8Cmq7k5T|ZedUD)1Q_+gTCotnlt zEgY|F&g>SQm_XdH)`HLX3j4XAh9ia8sW(CY>_EysQz4*{*2!eD=GH2y>|FLYuUo0G zVmobN0B?06te&&e)K%-X&1K!XL8R_k;W-jI*JmQD!wqeq9od$*4Lr?Das%%j{czaUnJ8uNv2HQ7YvSI6`)XM&5YohQX|Z6o~Dx6cC+i;T_(=N zU?SM&U_)l%B;JZCdE<@zHMKd9%tFas=)%nD3zyGL2-6p4`Qa-5{ue9)dQ>@dr?O^o z8Mc8sYj$g7H&V=ol1*^dB8D-U@t9ogkGn)mD<&FyJquTpBw8n;4c5|dmbvpR!0)Fi zA9ANF6>6B~WOEURVR;n;&%B%q7-Q;A?^owpC3wvoTzIF$n+t8g7CiEQ5e0H9WNF0} zf=#9cGsy}$8b8!x7!}C$!m;{ z)7Vk-(zYwLYl^1T=yUeK7<1eC*-CD&s!b}l3VuIE6*$e|r;s$*9OBHR_RZmyhUO4s z2{1XH(YMFfY~wyB6=`q{{S3GBb%^Xv&hZN|76C)VC#J*f`wLV^yQN&s54-$*DF%PR zMie^=3tzxnF&ok68(D8^L@zWDtaADAS#}u%oH-gd<}L`?dB!DH%+a-5AEExoH#}Ao z|C&qXODm=l+Yt*dCQ0S8N2OzaNm_I2Jlnfq`dDIIn$)QJJIVF{vzH#@&?ZhEg_DBO zEOJ;dAkEU)yW5sbfjT|lKTMQ=zNtLu9Jbsh>kW1iQD<%-zH4ArkM_^~p1~n19wGB8MyIgr^ zq>>de(A%*|_3s>ONN7)p`4h%*N6@@`<=<}&xV3833n$SFmigd8@R@&>m(9P*{>f0g zr*EHM>WwS(Svw&e=-6f4ePX%H+;WB;jQm8sa1PZ_IF4@`)~%rlF}sXpR4O}}zv#S} zycq7G%4{Ci+Ri2t?PB)h=Jd?SOMz)r+{>WNO(AojpxY@$DWIQeUoH z+vYXREW;@J9-h6y+C)?1)!V7;M>MF&P?)%kUGh z@kQqa=SXZYL1!E47wZMO3b`F`+0!^_qdD!&1e6z5#oy0r-&Z@!ANdck%MM}yypbt2Zy z7~|0N91iWK!D4)d=1ZonUg-P0O8oSzIfyD2RV>w&UTZT}wQ3nJ%DRyjTWrczOO=c( zfgqJdu(f8G+NKO|Vlhm%sp`EbTh%i-vK**ZQr8y`O&K9qq zU2pAzSe7!bcDgn&W1km)-P&R-qrbP5p0_P-_E3-OTRo z+e}f*N;qhgsNIFFStt*7k=W`6mKlX~*m<>5zs^qEXUkw5GjJUOg!y2sfAH+WHnJ2r zR=yz}JAxY@lWb+AQ|PbNAvUEs9OiA9%P4{(KiFEi3j` z${At-c`eS{R_(gARxU5p(ciJw+tvh2NFj|XrcY=LFk>G{%+PIZJnNnraOI?ONV$UJ z%oi0!dAssv<$cOCRcl)yt$kQO9qdmB%qu4Y$E+(?tl;6_%3|nA)5_bMqiMa@`>Is* zdHxNnmsA!%AK)}qSL>{?k_@YllGso7E6*w)RX(fyq4I+AdF5-$Un}2KzM*_y`4{Eq z%1;aHvFxVML%}T+Y@=W|1$R)8rr;0-_fc>!1ydB9q~JjcW+=!~@F)cp3Q80_LBZ=O zcnbx;LczNzs8jGE3O+!=rzrRY1lFMA1>dINTNM0&f`6spzbW_+ z3O3$|pr3-B6zrg2F9mxj7^Yy5f)fg3cf?Zk16;e1#8LASVO@U z3N}%&i-OxII7q=h3XW1RLIHDNn0s=TT$$4pyqO+6Nx|<>@L>wl=r0uxQSb>0K1RVf zB|d?mYW0(xuzer&TNKK(HRZE4<%OE^wVLwHn)3ac^79%Kks1?^8WW8g6N?%Xi5e4! z8WV*Y6N4HPff}p+8msymtM(eJ@*1n|8msCWtL7T3;u@>o8mrnGtJWH;(i*GI8mr10 ztHv6u!Wyf-8mqb*tF{`evKp(d8mp=rtEL*Oq8h878mpQbtCkw8k{YXy8mo#LtA-k@ zf*Pa0#;C6`+G~vRT7l@k&Zxf5Xui%UzRu{q&Zxa!Rdy1YA5}gGrTY|=?l~ykm!WiD zhthpp`Kj^)rg6%D+v>KF=2PP$_1wwJD$x((A6Q@0az#nkOQT`_gLLRU=P@^r=2 z&7>=)Zf~S3rfzSeE2eJmp)00tAE7IzZl9(rrf$#E6;rpb&=pg+7wL+r+jr@TsoRg~ zimBULl3%87Tj+|Z+b+6d>UNN>n7SRME2eG}bj8%|HFU+)?Gd_S>UNE;n7S>|6;rpT z=!&V^Gjzq&?frDc)a_ZiV(Ru8x?<|~MY>|@_EoxK>h=;{F?IVMT`_h08C@}T>mzMp z>b9M(n7Z9bS4`bfbj8$-R$bca#;%yU(W)<7-JYf^rfwgnE2eHV%*)h`^}(vvCV#t3 zw%gj2#bR34TEU*%G30^qbasp6k0GCd#iAWA&1prqsb`Vf8zSA*{ec|&`B&LX+XDH+ zk=9M}+;3^j%Xxw>4E)0^Hg3ZMs9PJd8WzRaYbWtjHsenGJAm$~`XySZE9r2VoS%`f zKj^xN{%Be~yV;&t;?Zt*M(MHVM*~w6b`;jfWX3?*3|9A}6!X}SlK8S;x99&|n1EPA zCp!w?AuAj5>oacGvB&Aq++eLEGYmIuYWm~_bmg2rAoFx-`rw~fPK9sdpWtk9I2+<= z4yP!)52eL+At38oS>3Rxj*tySlb&L+ZrTY5w^mAq3|v;Wk3IU zp_g@l?^q~4_R9zUUp8nBc2|6`wxn{(oz**W!a!k^=kkRRW8nrCWo2Dn8gZB?WfZ>VT!6 z0%#5P{qe!RHz}~MST(S1#P~Du!Tv!~VDDHpu%oSO_N(#1{#8<7g;fK4q&3*@#RvP( zNrAm{mB8ZU{MKOm`eHjy>yR`N$7y#5VDD>gSlOOJ_z~{ew(LOs)^P8P5BC*G!QHcp zaN8KEze)J_+USq6xai+26m)1 z*uRYr_G?LjJ=g)*cv{=GJMeGu;eJ0UxOaB|H=fqE@sKyHkL^dTN76+6s6!oq4H=+d z=MA@(+`HnV+np3Tu>*7mn*9iz_ud-Y1M#ulmlU>CQrOJa*dC6L?ZKq5rIW%Yx5j3~ z$5u%S+h9`IuC>PYtMReDB`Iu&lfq`S#`fX(*gljLwxJHNrJHSudop`#gnt?z;d4nL z9PR+&U^7B&OT^Ds(`oCiA^v@Qh+j_%;z$P&4>d!yPl{~~??>_B{U9lLqaDBtkx^cQ zmDUJv>W}TOY(&yT{FNgeAPlQOb|!jjcn9Lc+nW@;qaDBtsX+H6Tne4tm70(x%;Ko2$prQ^?AgIkOb&P)p2u@1ncn!#bkCp-7NHNans z5AbbC0X*ITzz{pb&cbaoSo5*?@II0hy!$$UH_}{xyrHnqLvLM+Ux*L$`J`ap-vP|9 zkqaykQbc=&y?5w&YqjHjqe}h<9jJ7e5X6W7t#-5%Rq2;c58tD86V)!k^(r@0l;(37L?A%ZhzW! zYxuWri0un)N76)mp)(!859z0P+pX!W?A9<3$A_8f4yL`8leYND^|R9+QrX(zZV+Jm s^fsvFY_XcdCQU8R_I5^`&b@yc|C#lt>ykB)qiwIw_E0)%2EQ}Vgc^*LE0Nmll14&SP4-X^(9yz=B#zTA^aR(5u1Be43B1J9ccIR$pu(!L| z*}cP&f-Ot7ytJpJSYDMam*hyYlZwg@`jNq34Wha(n#}AdHvRtua$*~>D zisd-p-#tCkGdnvox4WmvGFZgi>`Zr0|6l+A-+w>;zu(dK{!N=UZ=(O4y>`VgOV=`5 zp-?Ipbi3*7D3tT{WxZ5u{&4f*?`d9d9&-At+NxcySMz$)*@P5%!z>o6da3yeUhbjv zHM3}E+yb`e%gcfMMxS%H`^+4;{BkCfdF66$;EV700RDaOi|_bQ)7bt>)981$Ued48 zR})fyUz2L(Y^!LfLak}+vKKUGK&#cN=0d#&5~#{s%z};TIotC^&9?Cn_kAU8ncwXw z)GPjv1ucK2sxPuM{nwU@$Lxwmr0%Fxbz85l=*_yby{0Wuj;1kS>^HVJ{W%XN{Msha z8NyRLOT?B-?w?#iUo=Z*%`BJfOx3P6ovlT)q&Ls>)fYhY?RI^^u9-DJST0FvJ@kRz zJ(-O1_J!)(6|}>#V~SB*E)EPRit^Y(HT%SXfNu-l%DMX3YyNi7aer~}K*AVMGj0b| z#vK6vF8sR(|L()T`vKLq#d397qq@?^n#KX+fx7XaF=8Av4jB)h*@glhtw$8#+_X?_ zYN8m*GAw1;VmxGQ0o9Liz5->>5@mTq&tFl^e7W>?#az~wbkLZ|Wbr@yWoKv0xx87; z7xmmyRo6>7mSI_|Udh-iO9aHRRkKhtjwxf49vXctuZ+i2-ImRvY>U|ztq8ydd}_dP ztX@s$rm@MUv!z}&o6c~0%BV1{R4@w~=W1v3aMO63O{ktj1DtY^9f)cOV;fUuhsObdM%<6+*X+L+WGMW?BmNz1^h0VfJo>Mwt+tU@urcx-ZV7h zH4kdTg?e`+)T@zD?wxty)oV3VSt^V4^eLT4MvW&0$c`kiex zt-7T9JvTJ$abT7^e`-cOF*`$DN3CKX%Vx_Jy<`?LCB2rlD>}L?{y<&S!8~A=a!DP{ zji}>O8Lt1SgBFU<*1IS9nAh_Rh>6T-Pyso&0)RXrpjImo zV*U{c4e$MdYQ?LB-+sm$&XeoIq_sixv|zQCQ~6y?({H` zcnJ0xJ|!XJr8?lJ%6X|=*6ALfsiwf^&bIg%gwNTN>h!b^#p>#6Mq7elER|O>CS=1z z&zpq-r`3zK?4k*Ul7+4*<9WHdmg5hK#iga3XMX0idd(wOw%=RmUW7y!Qv( z_f(1Ai4qki(71b@XpCn@yF&v7B%(2{j>e)vWq2J!w}L~32{i6m9~vsOWOr!9sae4r z6Y*$JC3=Sj6(-QQcim`oDJc^vBxNFAQh-JeC4~wTXxz7MG$y;{jmbnwnNTO=Bn4>D zdtb+P*#%E}XejGOW2##;!kw?DB|R-Vp-v^BLGOEphTq}dzfLqJyVV;gAdxpF6Z8g^ z(K9rtFd->JZP9ooV4k@>tU8(Lx>sREgb>;98D~P1PO8D4#Y-XjSzeU@D$~L$>7?uD z)e^WI=m3{4H7ZpgY<+lCdvZg#$o7YqB7jR!uXc@#uUQ{xi_3G7{L-Z+3G0!4Eqo$t z5$~;sMNo%4-VJ~F8sx#Y7(`m7>fvrR2nq>m5@f0#Mj@B1bL{Vta`ySaKR3U-J!|O(4qFXd3QlK%BfCjzq z85$EF8pCbTXs1EC9?Kohw2tOH{UB+O;CRkUA<0X4MAxMTk;in8w8f>J2I+DXa~LBK zw$$m(qu z`BFtKJ3E)X^x~!Llb8U09RFw)^}+G!^QSXsbD6P`Q4A(04`)V3Gb1C1$La6v+{q9$ zeLB{?Y)N9g2fm2BEDVl~sE$x3YFl6~5-_JoN*@;FjC^f2x|=izFnv)F zI4Top{CsF-h_)F(QY8hJnstMpv`y>+snx642NGBk1G~z)%Khn+`b?Lk`rj1I)gH3upDZS}^e&8rv-Jmc@wSk>l^{8fHP2Hs6VD$% zID$`oJkAO{ zdQuaC#6(*p-bP5w�$g=vtqSGGpvNp9@^bz%rG_*#SHy|87dM6frmZ}C)ULZ z?Q0-NpOQ&$QHf0N&!0MfVI{@57-n4wO%5xyxX5GxOW!MFM0XU?+ibI3S&>J={u7_v z#IbMEM+KdSWjX_zkXbC8+12Nd`%T=I&m;@YWiiIT>PkL4GLa22cRy!typ-Ekei%V) zr=J$Y9%)PLJW2Ki+Og>Jzavkf8Hm9fl7 zCM?c3%NZ!WM0nIYpMGy@u(N6i>W{Xi{>?=F>FJB-e2QB&Dzietx0Y62R51seF)Edy5214>g1z>!Z)|2aEvHCKmFXLXC#$FI~=HjdV%&-umKZ(X7O+8Fsd9h zv$ioJ1DeHq;*;@^AS0n{QRBzj*7z!`@rBtrW;dwMOrJ{bDA4h%hPh;@*mqp7GGl>u z`IGJY>avOgx5s7N zS~?guZNOSvoxe1F>A87zdVYTP;-ypP=TdMt*Te-KyL|Iy)m6smZ|gSUs#jUZn;jVo zE9L#sNhQ{ApTY<5wBVq&f{?y`0<9-xv;y7Kj3*cB^J6M0F?A$%LNcJoMkb<^*v%XV zq3lNFxyPt?KJ6&2-5$Zn?+W^!Y)jvhjJ{JdQV-mQF=_sY85;RAOv*Oq#a3FRk{VR} z_DPs*PXgorHlGocJk^#GK8_#_rk;E5>?QT$?ED4w(pxS_lLf7m3DlOchs?yDRE((X z3d}}bt*upbW<5r=;H|s`DHqGZQcGmFd+)>Gjjy|?lfY!UEhZ~I_fB8BG)uA$5m%3& zJvBRbNhPdOi#wYd<78t$9qn@_F;^Ef8}??tXu`5l3C--tcv$Z5Y0V~OkYGzp=;Jpp z*eF2@tgG4r(5Kr1S|&ix=xfTfkAVcCzM>b=pw$cp=T(RT8_-v(=8BeIV*_?9@ng!h zww4t)Dke%)3D5)5y}A-!x!4;@En!Em6e%-a`Dnf5q1F2u3eb+X1??n(HlweYd0jb9 z{v?rzRUm#0FK_!ivx5sPA9H^Q863O#E0w?V7qi^wig@nB;OQRZ6b+T)vx35zwiLdT zDCFRSIXWaSTgYpb3NM8wy(SgZUaodgRl2r%Y$4L{YhC+E$Lu2*CB@xQfL)UtzRb13{x` z!k-iNhcInyu^nu~5F|jNM1JOz;;r9w_jy6}skT(VL`^b(;nYm__^Da-Je%NCkGpo| zJe*xHt()f)cRnUG6>e%7cT(CcV-f^DE_qW|8G+2Jvt`NZAwN+NL2{|_zal}ya%5St z2|0Y=JbOH49R)(CLkRUd+uhB7l2fFyjRx3<;D_1=PmQ83y>brDGVcuq*e#k%5Mb&F zl=7l-Q7^8+eNDNbVHgI7S~f->OrKu(K3T`NY}yp%{v@mlkYY_Ejj`W)g8smJ)HvuE zSp%+Z*=ij_g=&`8Be0%PFx>?VIMb=Txgwsq?Fb(ZMu7?!VvNRVZXbUz_VDRsp1N>8 z+KQ1{ztfL|+EP`k7!p7)z7syw(|HV43WNsS$L6^UgK`XOCdV$f;6{FFz8}uzM-|Oh zH0g=L0e_S^u*o2=DR5h>>R0O~RwC#_%kXHc;UBWE>cygZrBq%mDe(NOl<@-jwVGm- z?V7Ea_!rfVnSo2FP1Ku+7FNzZH-AZZ(y`hR9&mhuqoKmwn}vIwE-DR@YYG zng^poIYm<=%b5HjAJ@z55l1g7qYYjp&uZd4_w$!CjQtK7gU)S{ZQ*&^S(m^<_JXm= z*#+67Cd*wzJ4p@dJe02CIK#u+&MYxcZs8|y^jVjQO=)Ft(77+6{r!p+SjB?g*oU00 ztai>8yH};ZTJ)Eoa!nPXB%>Z{hQ8EGV?d#@lUCV&6-vj zMLXN^fQGAZW2S02J8{*oRf=ZbtTkU}ugSNw*;YfJ_l*kqr2*U$lH{y_G09 zXgy1Rm}@y}DahTR^ZD;^8S#05GpF?mK=Aw-C)!Jb(pH2Rb6R<+9P4#LmNTUqC01<< z^Q-rRC?c$>4_PHVP0OI)kF=>6)Ow9dl^O8;^dL0@THiy-U8PP+%U9}3(N{doVi$@h zi4XgjV)EgLYOPHB){4?w5$*IdsCZmo8c~d2r8khdyB7K>l+a-deS#ogXA2$Fxp@(2 zA@bK|8s6_z6DiX2|SZD3rYz zE?;WNB`Jf)B^X_Xww{)rIrpA(eg74N%aP0);nD6Y^Q2^+fX}380Czkzjih`$Bn+pU z!|LlbQeVR@@-Xb{sTQ*y!II2n80G=1J~*oJNQN=jQnqVJNJjZqs)WyC7a4^R=N*V_ zf=NcxmgLyEC8D-Mi^d7|TT|fn5&^c~q6#q6@<^vJgoz2-Y>#j&AQehnSOcb7g=)!7 zwFlCa;a8>_fx-GLv=W1+y}Wosh*k^j?Z~>`{{MkxAv}?s#7(t`&L0s^{8p4Zf6iO& zRYt4MrlN!()ffDn&b^{;Dg;{&io$IcX-3CO*+vC;DXs8!8c(o>FS&hBWY0Q+!oe3r+wPXpJNd3dZ$EiOX zM$|NJLvF)bM7gvi<+C>Tc?!3WrS>&yA6_MyLt7~Oe(N6?9_>|UtLi~`4eOgJa{V8q zLDH|Yq}JczPZ01R$$N)~XLLJXHJRIiOSrWal@z(G13tk!rL;cT52h#kek5I=6^J+* z*1aim1;~yUmH*8V`YVP|d=va7Ps+KMao$3?(8@-Ktgp4;d?*q7-NVCt{WND5B9VW= zN50=n>Er&E^teBl0>R+u1Q9!|iz#xsxSwZ96G{H#Q?=mKuvSu@xpe8myz<<|vwRl1 zUNRA}u80|IwuOF?hR~3A<>G}5riyjU5-;YDT|PW{bkuYDgPVS4lurd;=F2y<1VP(^ zl$kZe;575fakdu(WAh~pF5QI*IFl)liS@FiMW(8h)7xkC#O0irzE-FbOl{E2^3&bZ z>9=#8wKJxn`%FaYyCx~41QqIRC#^>dE);eZTdGS-=mVU)uxIqm3T+&1MG+In>?106 z@@|{MK73L{*HHnm1Jwhai5EUC^mWU@dvAGCnm|EJHZL<)MxqAf&i*#lAw3*WN3kh^ ze7l0Y&h$eJ&3LhQmGlP~!NH{HVisvHnH>9c2b&ti=3vZg)2ulQV)vBbthRfB*nV7; zMy4XGE`9};G*M@KcAhH#q zgwc$k%C^qJD-R7L+QIOUvZ591I=BD7<;IQIl}Yyf6Wvkex9AVB77fl#^)aG_O|=CG z`03xr(gy`L%-}EaK`Rx_W}bEj@bk-Zzx|KicKk^Y`kiPyx(&E-wj++bpcrJ*Q4Sp# zh3xPLchF<~8{#?1AoO@}rz}NYPsKSfUIz!26vEwE-_IC3UIqe6D*glAEBTv;hiR`J z+)r{8x+YS=e}R~k+k?C0#J)Iw2`N$C$g}=1MJ^Y&-)Bh^mHSst&!3-D zrmIzLjg+~J!Z6p_G;+|E&70Q25`eAK43N87qK;qGNer_g z^sr*XX=3@?N&W8$((Sk5Kd?3os`K3eScF=~b~uk?{QTRuC-Z=--sw|Jy&vxZ(tZu1 zDA?{cgs6KTYZpJy9Uatqcc4}MvfS_gqwka+0Vdyxos!FT8`>#J?%Fh(>b6sQ3{4?- zN}l9IcS@WCznIUuJIq}zEir3IwkHl%6g@oU9VKi)tVl?)?g67^8V@e zHu-!ZwNePYJHlKf@Dt{4f@mU6rc4o5QIT@q75P1wv(DJ3YFlX*iW40^6(H#o?k0v{I)zc1+Q-MGfV`d2E7r z^}M`AMs$55*EyV{rd+;Uz-Ik?Er-J*YM0&B4Eb3GadGhckc~wUcMvr3`~|E)%utj# zWo$&4Shg~i8DsOrQmg=_FgPf%ty2Us)3!43P`A9#voi{Y z6;dI?IN3}e=EcmNzeFc@QBm%s(#xUf7vrzQtI@0KRFM{$6lyOulFI;BmYi<{EE4etXp19ZqEH=_1iJaceLdk3G=##f1* zgA>`ocL2qI;3sXZ?o#atANSnA*)h=v<&P}gKdsN-F z3v4j!V@xa*F;041^4t2!6tuddJnw@SBv$T;Jowd#s{S@EE~5ThNqGDm&vrn-?QKNQ zFV(F_pj$g}xhIk-=-Ag)Y!Ttu}#;yOm-u@>3 z1Ks!NdxnQsDmi|rZS;)ZKd0vAUH5>W)Mw|9;C;$I`a=Zqx&}!IMQ;6Aid=3V{Ua=C zQXl=|&%wH5gM{*eMZ2f?LBwu9?P9?O7I0_6d>`{#qKUufz0jx11>U)HcX^gpdU@Q7 ziz@bXDekBg-8EK!uoVFt{NaF1D?p{O?J}0d_EA*%^Puzcq1+a zCo5zQ^DppL$ZjxopW%u27WB4beTD$V<((vR<$$%v#QXt6wB9j+}9Ky43m?_?XuJ7=Vuk# zfU8%PLqW$6$%=cJzDy%!*V+RRyeLjJ&X+~w(LuCsGEM}imfK`n(Jsdibd{qxx`Zh_ zvb6qI2JxQ~=lUw=SD4BPPCxII7+Z9M{T{FTc|Xna2Cb?#D~t3QHcs9fk`%u*w;ofq21WZl&tGy3A0dpr6X#s^b!(?dua7Qb)N=*w%>lRfHP zS{NXpuhLJc%>tA4PpO@wTrE>-M5L^s_P0!?@ovu>Ia3B(@B;r zhrn2+6uDfCudt+v2Kspf5MpMIx90Ax>L~5t8&D!NQY6q;(F+apOCTL&X(Y6wz8^65`Q~Kq8fR&rd_M$2<+v`Mc zn$@p_OI$z&zHMV$T_AL4d){*EN4DTkfplouxWsWXD(u2vq+;H1o)9yEo$;(ZZR56y z*PT1l{(pD{xvGzyH zVmzaCV%z^FZ_iF_`_Hj94BPfZg4}iPb-T`y5w0#;NC=poy%6Ltpaw}@iff{Jc<=KB z*;7_66%7bwdb{MWIl}8)>iatmZfL1546g6u!L+Dnj!?SwnIkwr%z6)U#R)IX!3Vm^ zjW$Pi3=dnYSE6VB?jP_Bj;)l)Z>|G)lhpq1D#m?CnnZEXq`(Pe*4-&`xj5ayk|voH z&R?)@?*)B9L6Bf{!IVv;;VnLfLG`h_!>bAE5X{4FKh z=a45EhXhA&-_k{nlc+!!iyY@EdsmAbgn+#C=ybivfql%B)v`^}6rHC2LGdEF9ewX`U{8#)5SK8St!erR$63#^{ z!9tTfiYfPR^V}kehjDPucz6zS(+>s-#bR5foepj!rkGuSOb@0TWwQ<2@M^A>3-vsD z00fS$83-vGh=$CSX&|12^-1CcjKyg}ey3C|pBsM#Dd5Eym;4? z<#xVQ2{wuf@AQhQ-FjvwP|v$#^C#pTy61xS34F@AypI{ip!}&`{ zgQPx_y77s?sQ%}i`vbv|c;Fql0!R^+rD2Shn3)k#QF{E*3{|{sh$IR%lo%o@J9|x| zGYe?8K?@ozk+F`2!d!PguQC21MT@)PlfFslvJloH?9)^@eA36B#*q=Ls5&-isHJih z>uOLZitbZIhM3rcx{O6T;dl|=--^wzlyunjC-)<@4M#_eE@RljRv{@@z|xBZjt93S zwQ!-=RrYnu?ww4x1cr6DL{KDJaj=D0zpUF>S@G=e4&~^x?wm|yaP4(NPxy~S>K2W^f8@|5?{o;f*tNy%pXDrZ~ZVEdS}qnXixXRw#~7#K+s+KkI( zbZmh@w5MfyFk}umN$MX7!ONSw1L0T<}ioMFzg=m5ilCbk<2iSuH(t|yB}=hF#vwkqnUg0;?|0I@^) z#hdTgwCS}01^*3UC&JJ%W%Tgqk+G4(W21*3<&P1Mn?0U5dU#@dY;?+fj5BNTct}i; zwQckvH@#h7SXX*?qiby~XTZjwZ@tXw!>TI2ibFtb9NtvQW1qduX+tdOEAFRh_>KIW zOqQQUpn($UssEmS(SJi%%mP*V#Pr;W`SG`ujvuXA=5ftjFe+8Zx5AnUV5m^(L-KOFBhAZ$cH$| zdux{1)}>dmlw>|7be35Q6++2jy738(V)-eAz4O=(i9Mt!oy&c6OaBek%64jsvz7V+ z;sIo-R`B(}?Hb!=8mi6^f3@yn-E+O-N-ma{%IhwdGG*+QB_9ZvSr`COW?CzENY4H& z5(2d?yxYT+yWvu}e6E{=q+l!mD0oNm18vn?4BSKra5{wrDatB ztmk7 z;dacck33U&9g@D!H^jDOJ5f(YX)>3}$ypX`)QoJ}a6<7rQhdbAsK3Y%&&T0RaeN(4 z+sfzR6hXdkc^j02@arLT`8EPMy7prG{$6s8L~4{=gpXq?J`#E8FNXlxhB_1=xiD5BZIh<*04!E`qV-oe6aAJf zfvDH=vmqQMX{?K_DfiF=nU#FV29rw--zPI4M#`077{M3=dhsP#kx~#)<#+&VGmNy18<8Nnu{I*WxUn`Okcj$wV{PQd+DH^%M9n5fr$evX>An}S zDD_Wiw?yP(g^X-)=39P4_x?}ZwOb-nu=%wcJwpuqlTAxwOYwo*aO-mM;_~OeEoIn z30$46} zWzPvZ$=M6a?YLQjAE!#nRpeP(>SJsP`W0@KD-(7y^IDsEAv(8W+hxfv@+e(!m{`It zaB`_S(wHD?M4ub+=7FTP&Ar zZ6i8rslJ@MM%#bEh0Y$@E?L3ms$~kAVWYge_!GT|Q>*YKM-gCi@Xtmt4SK!X&EP%2 zfnanpORlJ|=z#AgXTZ>k-p@W~P``$)t01LTw?(2pr>~$d)R$1+o>i?%Avur&N3$;D zNk8Dv>qJqr;q2jCw)GOWe<4-V>8sZk)gw*k?%<1@Uagj^IfV2o6!j|5rfTMEO=mAh z8BRap67C7T2^C@e7|HM+UT$mdyMr%6nVp-d{@^p)06ay|({y$V&px)5t?AqZ$9d-# zoSIUu7O*G10xrR4i09{=ZCoe`4QzeGHu^>L8X_?|d*F&trrmJvBj+X)thKvPU#{dl z_5-NwfjHQk3f#+{Fvg~)_a9YksJwFS+A{Id&G4zimhzmOlW_=6c3ClPlk?_Y+K5bN z=z4kly zDc~9zN@p&Ue_XMwabeubG!ocmc>(8z*tIoO!O-;@K5`p&s%uwr`m$ygb6TN5dX`mt zkV>W|xAo#8S81<1TlCUO6Mpw}91A<=iFDx2bnGfSRS13Nk`C9c^V2AY*Ab>-Pv9?3o2X|k(b3^(VQ*Vt3$u8!>wMcJKIPl6o?#WJAIVj zA2NR0_?YoY3yj-R-8k0lM5tm)q%bkS-6< zWr8lFbeX2h6LguQ%Ne@7OqUnwV$emWOPwxNy1bJv-%XeI(#4_62kG(wx_pc-|B@~r zr^_$W<=5!)@9FYeboouX{1ILLJ6-;aE`LgwuhZpk=&}`^y|tMxgLK(LmwV}Q7hN8q z%OScPq01y)D(Hx;Wx9L_VO6XjqsuqI2G-Z;@;eCbV*NHo9>vz-AQ*$;ttXsleh`GV-hz_cTD2u=#EL;%XG&i&Y(Lcado<5 z68BEJV-ojXx?>XeLAqlS_c6L-68CYsV-ojkbjKv_x9E;Z+#k^$lej;lJ0@{or#mKb zTZx64#0}CNlel~7j!E1jbjKv_2;DJ>o25G@aTn>1NnDQZn8X$7j!E1a-7$%KH{CIb z`(e6c68B-cV-oi>bjKv_m+6j4+<&AyCUL(*cTD2GKzB^yzCw3Q;{J~An8fWM!D143 z8{IL98}cMBOLt7-o}fD>anmGrOyVeDjOCETy~mTi|4es>aEzigOqWm5<>PcYj%e-H z<8+}@iLBc_8LiPB#mcts@uc-rboVxr>KExka?8Rx)Scb3$-vb9?z{<`nmR#r1^fva zhaw&CEafLW9lB7M7|RRgqGyG$q_>71da3&ZCH9N2vP}B|<%^-Mb6dD9_YHtkbY*1{e8`gu*EQ3g;nSF!t~)o2qd+~Uc+I$ z%i^&&t}^;~K=NP^jAv)+{2+S@FGF`Gj%a6A1v`WTeq+2trU7XQby5mzP?tDyf_r3R zSW0LA^5L~Ini(0&h@c@GP_j3bv3pl?L`D|-Xumapq~Snaa#SwHlA6=!4%0R}Td6C6 zad~R)#CaMo@i`H0zmr|3H_vRPIe;A~7!wox+-j>IzeJ3V?;M;TPLK0LNjQ_hx8iIa zK)z&@`9Z9SC{HGGbL&x2KF4;L+vCca^k_{dp+(BBW3+fgJ>A*ojcbKAU`iqhM)%-? zL1%RuigO+@TQD$LTsx+8J}t=S3rmPCAcY!=oTJNBZRuo9Ej^@fOMtXR#3NWw$Tb3T zB?z>K(XnTsE~+%%6MAz9W0X7%QVvurz`dr?NO(v=oFPm+L1DT>^MZ7|)~o5sT?BthHnH3@5kiQ71Er`uMxjllxk)$UU%uB;?4 zugE>v0lDegHbG`L?MZD|{C%&8J+xuOj>mUDccv%yb|meI74`6j5jzo2>_mEEM|(x= za0kSuliI}Lz+8HA&-9AiM>-%kozx~+$VPf%^x9NwVE*b^1<}9eV|vgWqL(hExz48o}RW}>=kX<6Cd*-qcpkW+d%N$3NZyg(IyLdV7w{coOeT zPvTv@B5|Sv5+7|Pkw*lGC+|pl@+Nyl-eix+Gs~5g1T*|%dh*WqioC-ekQX6>y!F(T ze0&2I(^F{niozouP&n1fpK?TOItDeK(08XN^j*Co^k@f!4!06&Y1QR;;y#?7xDWM+ zxc9$4xQYFD=2!<*W?HGlo?zwZ#Kh5fN`E;$rN7i8O3%Ex0|F!TX&F0wj0A=AJL$>$ z?Ou`hSO?@qjSh)Cl{+V>UYb`PZ||3I(EKivWO5&R1mLH(LK65qT}rKj)l?&u3_pYLQJ zP+JlccEh}sp2Qb=NMa`&V%n0JFwCr_C-G_zN$g}DvMq_@@r?SO^d$aZ4@s1k<8)`I yx0xP3I*2`Bmh#1Vft-Gq;CbU@*15&~&>a4&HQ(LToPh%Qy1PE%6vCmtkokX!+;hkP literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/.doctrees/relying-party-solution.doctree b/ia-terms-updates/en/.doctrees/relying-party-solution.doctree new file mode 100644 index 0000000000000000000000000000000000000000..c43b39788b47394319322b9196077c91535e4e1a GIT binary patch literal 268015 zcmeFa34CPNStn|{7kA5R9LHIl#5e8OX)9f&(%x#vcGQx(Tdmg8TDsM3oYGa*Rn;w( zs;Xedjyh`IdJc`RMoGcKdDgPyN11DeD$C<90e- zD5jmtcKukon5wNgh3fW4wx4*{_Ve2(>&MIXMx|IQr=0EjZD^6oy7_e3DQrK7m-kZp zs++IGMF&T#b~)qd&$CDB569zHvh3uy+(IT+vdh)2Sf!Z9SH;4a?d+Y;ZPz>OYPIYx z*Qx-4hCJk^E9ky{XDV-3DtL(Bj}+`R{@by1t)%~0wo|KRXN9-HFK&9f{!s8}+qL?g zRXao9Zf85{hx2a1*`7F3KMJ5|%GpEp<4J`8{B=~$`yRJUu(+2i#)D^7|~q7a`wl08b;If<7?s%|y! z7_aIN&2ofVGlWoUP9T)w6CWI&cQ$DenzsA4ZCc%|m3?z%+0Nb%tY;s1Zae!R{(A`j zy$b)m=DF=!_Vw8((CG2(8?uM8C$f)bADKADz&#F}*_pCk%9>Dp%Y4?YSYjp?C@O_z zbt+c2xMA5=*;y-A9m@-Ov5YrYoU*&(I%R9PR6?^GHK$UoSk)q4U1cb?#tW6IT}U}r zHS1WVvQxo=*@Q2vxWb;zjE{DW4G&l190iH`Edh%{^HWi1eo~;fL!ujKehX(o@KDcq z0kbr4OK4ar=JUl3aFw-!pA`#KtZ<&@td&jd=u-vuM5|!mZGe5ee%Er17$cc?LEci5 zm;`;C-Xz_svu3;5X$I?6O;Aqt!54%+6o{ z%PyqZBR@H&?1HuISZJBHTxbER^+S~^Y?4>It-)R=K*4Rch-s^XpJL zmS?E@Frln|3^KTwUw6{m6Sp(`rCtDT@+0+VrCKf)GA2eJ4B|M6+57#>s5|@#KaKlI z`JX9Dd2JX2>mF&{e_ToMR|Iml1ngxET(A52rPd+4a|3g1<%%d^%9lwT&{&*p1R zwOB-lm!PqXLD|b}Strk48haw%!Iw&j;QF7w^ykc`d@`F=>->tqIdjYuWUK5~#b$D^ zmmV}_{*|AiPiD7T+DiUBj7rs3l6{Y7&-nY+_l#`4ey^sShRxzW@W7uiVfWkZY!DW?XCqEpgj<9LHvQk^F;E=~o#YQu8 zXL}va(QjWazum%t{LC4P_T!EY%d+0GT<&^Wh^OPwitG*Zt0U~S#De%sP4{%vbdRnS z%WHOZyMCDM|G5}G$i?wLn(+Y5_(ZOYempX9G;8I0=uLpSSHEMqylorD%3Q+#Ek|5! zIoFLhQkK*&)1*^bC$$=LA<5rvxoc3!G5vVF3;(jeDqUm6WXdh4@=h{ScAP?zeXwSi zSL2oS4B_a^hMTTt&saVE3Q>xb+-5ZR$;1FHsuYrB3&Pd^k| zrmA(eJ~QeJ2NO4KbIVEn_Rj5G8tALg>dX;_t=zN+(H%jnlUqWYkkv8Hqyei_E9enpo%)1_F5?q zWs(qy1FAFvz)+*m$c$8Enptyfob+LWfV}|Ni%IM`9YQAI47#@+t9?E9v6hhr!)^%m zJ)n`6y-RWE2r!nM9v_XJ8ylsKDg3Cp0+UUd+3wiUvUh+VEt%3NWoP})qMMGPC4dn& zN%N5~Pi8+|AK2k&q@HwO)9REH5^P!TQ0H`UvenbPCZ;(;^L%u6Cb{NRZOC4`-8r)f zKRU-xC9%GEw^vBjAH?KSH2YY&1XkvQ7?@D+A1#*@5PI2wmS@^SOCvxMKX3No2il58 zNYaClb820aV=&28w|0w`0UugkqtIfI5Ly4KTLyAet4DRKq-v!pXO}1%U`i^H(5WyK zWeG)>&c}v_H8wUjHsW>$R+vn2J?_E~13PG?3%a3Q%U8QrTnH3g7nF*4UMz1V`Gb5u zlS!(3lB8X$W{YL0l1?R=h?mkUK3pBiXJWQ(phZ2<7kdT-^`Z8L-3l4%Od_PKZG@1}+#N!~q^_ipzHo#v$-QR?A%G-85<5Z2E?K6p z1(xXxXBi-54_SsflL+bF2}1gJOCkM{EYlb34`Uf1gx+hByUR_dUm>JtCkPqXEkgV| zvJ#p~sP@GMA`n9F_Y5I=7w&BzA^p3RA?P5ILi!_Q2=%dN2%*j-%k+gINynBsmAva$RiU%>nQd`-HKET0}sOjGsYIZ4L2?oDbq9(2w zh)`qdC8~u7HC{2hYt(2#I}nDNg+Qv=rBw0Dlm{B9#gr)OtwM)ao;|*YLV~3UKHmeBG$2JWgkl*W#e){rLeU5V z#eXe7>q;xn26b>G%=5UPlchTnKaquNoNqJ6tDSJF^7Sc@RJVpVWMQ0 z(nOzho(@CE3TY%`P&IhJ=e%D+4#|wcQST9#xFanU1L*S^NaIc&)~N0 zDf|Z?zxBs@ho>*bFD2tWiEbP_`v>ER?sy_G*h@dhrq27YbHu@wTg6}<^+5B=vr-Y+ z4{)Slc_s`uvxJ+AR}I4>*{ZAXnpt(qao4G?#Ea!j7cMHg=x(jHmdF=QS;~JaCZ=s(Q-R z;wmmeygY&FRgE8!kRL{1(uwER~h;oi2VRIyB2XL$*%UY&i z?}!x_Q4ZBw8F3Ee*Q;*TK(nUU5`XHMUfAVK^|*4rqha&4X}(N)$A)Lm>6Ohu*wmKe zxMxO4MJ(;&Z^&<#d3qyyghyR;*=2;Hz@?Ao8G{=Hc_4ES+t^AOPS+Hs;hX<)Cb(mE zdBs?7&qIxiS&551ghpazEDS5(L|B;?Ug{&`8ZFHXA0FS`l=6s=xs^(dVkX!%YjqOW1y z++u0nJnkN?$R`Tg=u7daLFH`6eY5pkiZdmIQ*7+Yh+d?o#A4`Of=(C_#@16^iM}r1 zOpkL4#Y=N_%!dK<-RaPBz8AyhJ4YNkV?<<)ZKmL9Cq;#n+VPcQtpGsaRMcgXV$4Bv zyO42MJVMucPdpL#v*rEf2h`q}d(b}xx=}td^%4Y} zv&(BSIDy*vAaQ({UK^8>f9nZ#OT4x|gq*~sut|*5BxcWzSVMh%LwX`jDaU_e;FOy# z6-z#XJyu>x#i&zbTJ($!glBqcPs*w7WKcQD$*@WG&?Kja7v?V*5{R512u3GO?iTDw zgg?9R-@qWC_6ot?bsgwNK>Ob1{A6KGzxm)$%(W)S34B+rtVk{!*2>%Dvs)~D^7yF%j|jRWOe zvOge7)J=z>j#&rTddKGGhvygOV#9NDW3%()(^DFSO{tB`<+KAo;#4svL^BT1wF;rt zDKj_ju0)StL_ZYV)S&<7Ej0cvN*dY&_$0Ds!jLtpm?L(jCr0utmI$>$dPG{HFG!x< z&ru=eUcxjt2EEhMM{mu%2m{BJQ@k8D#b?+Q$48A_xe0ZWv54s(h#Y15bI|M#(@mAJ ztnzO?i~i=bV0_wS7&)2Qu*vXa0tvI&T4sG_3ga_};~hfMxzp;hjbPtcD(}LnFh&UNO7!|=!0Q@6Gd?gd7uisw za843aghXfyY>CtPFq{?%rxVVWHLTHKV9{B3@>te#9Eb2Sc!C|=OJ#T6PHnM+Ij;R- zXsvE_$zNhHiNp+?K5G0PTlZgF+~;d;ppRZz#>aT25q4c6Z0{kIcv}d=+j+v92>l+R z7?wb!mB5D#WgeGt_=8deISZ}uDIs_BS26xh-)M>FmVB-;q2v(0lxx+(uyT@D!Y27{ znj~KWkjM^a*p*J%r4sLj4Dy(H7yk7Bhi@ICAbo=SHtk?5MC#zM-2l|u%9lu5(}^4oK=(^-V z49tWGAV*LPbYwrCfS`0C9fTr!ZV=XC@wY~iBWY@X!IH?j7KSXuEm_H{y(6)?Ssx*7 z^s=+g{A?Fq`S-6oH+oaC3Ni<1>0&(6Q+HFy207q@N(kMhE4oBEzBHctr-~~i%m15UTj2Y zopVUdfP^?Hrf^g=TF4IW+Hql#c8jo?AWSCZIx#j!Y#>NNb_5bSrc zH!;X#CvO1FA6xRV#(#&=lLXM#0OlqRQ)F)TF&VTalS_5V2j1K-%&{t3h zp47c)e58%aT|+ybGJ*|{SQ$zlrBf(;v&_0f*kS>7-rP`=3v=_7$zdJVJN9~E_L7kd zh;Ew@ac3F_kz9&}Fr^cXfM2zDTqr-)_Yq6;%| z$T`()H7d1IsaQrBBcdO5{wX87PDLf2x+P#y7~X6T!^mf4V)(k`63I3?_sNPU;Y?>| zQ`AX9wyg{E^D~GhO}k~H(UZN2o+qq)kxP3D5GCXasVDQEJ;~`+@lNhLiMLpKIGtnW zJ|8HO#_uxH-sqUn54M02B)!SKAMHS7iTc(3nwnZ98mfg16p{^)xF+{L23>dxJLIm( zy$9_)vdEjkX4RXXr=?|-nPWDxE>g+RqOtU3?DARUr3qNc#!ND~7jA4u5hsnbMECp0 zmNav>nUP2n&F9$)g`=B@=BL=QfM~9_Kr}l=y|_%LILe(aj0Ag?Q!>FFr39gNGH)Z> zT+JImwYk1DC#S^Ke`tXjj9nWU2h2T1$@2QOVe10j)?6a%j7Z_ge6r+f82jrfYo%OV zQ_|*56$_R((&Wj(0ZUY|XqhP~A#^IW7w_W;3LAgf9yVU?#Resf#2&bsyitSxY@}sb z{KI3n-PRpvGxoDcahb9%K*uXsq#B9@jK*%qGGkJOu{V6ACTVV zG`yqW{%jH7uDAH+0IYd-#u>>1(NJ{qm>bZ;6&sJ-iiF*PD;N~l zLb0l+LCG_*<`tp;+XM`zp|feSm1%WWO3bpUa3QgR_ok#01GQKTqNjp|Y(7pI zZgyZdbAi>;aIh$69YJd}=HN1vBH1XNOoC7jbQz#Ae6mz`)YgN;Qec4nh;x}C*&@u5-|tOYwp7I!lhA+ zY8NWV6==E0;U{xk1kwmZoCg*x0FF4NA`F}2G(*EMoqA>(2S&~_j7qtDU|xR*w!$k;RVasn5XkdbK^_YD@s+Kfn8^9Dd5IS_Z^hC=js)A)RXAqW(lzSGF@yI!VFU@OyZVkoPlO2P> zQv?hZe!ei2HIl?amwU3~bnu75JmOIbff~2KGrQpyMN*e{-gX|DRrQ*Rt=F)^@ob#l zkL0$%M-xM1G@YjzxsvE6ObS*`Dw1;CvNg^q1j?ql%kb_RL12rKuN2Kb1>uOsGu(Q_ zb__O_lYX*eC>T>5C44NVFx$(;njphkDut9`EjC?^snM+;7wt?dn^Aa34IMaXY?ICO+t9&osO;bBqQ z<`F;W)*E?tsIQdm~;- z6J7m2-)<-YKoW4ayOP$edl=jg5RNY`35{M3euVw4haKOKVIT6$Tq$i5h6fA;h?g3m zXLkV55hkT|A3>|}pg{~uH;oxG=Fsu+#J{(ui^w&SK0{}NdPH6jS*3eMz;($axxjPAQ`3DcN=kG=n>-eV78nKg|)fH#$8 z@BX?QUHjFnztGD^dF-K~ce2L@fqYDopA>S3i5m4Z-@F5`E(QzdomhD_AVI*lcdC18 z2UD5aTf1`jbaq2N(>s{lD@i;B7_`HoymM)Z*}Emd9HQEe$_8Wa0FDpRet0XH&h>P5 zPj!_YAmlDf8|(eBw7jdm3cK3973{t=)=o|-;+OV3iT{6`rL zdH0&u4QiigodRhfwzE8sNx->m_v2ob z;%;tdkD~Z{ZH0cV-yWyzZMpvsx560yAK2w^s6LbXf2gT){iUntK-b@A&ytTOToWsF zFG*&Rv`aPB$-9&MM`~+GJ>lLIjsq-?6BSS4uu*|`XLSRG?%-CIXI=$vVVxD@rLzRp zgi#*2`#OeN#*^(W<0D>-9Iqc;aWj;yPFF^jaTXtux4Qg+r!w5)+dvA45aS>FYXYXI zjy6guQY;f#e+;JDi6k9Z+z9f?Pw zohYkTsMgl?V$G&Pcoh@BIe>2%Tv$#5v+L&<@{nh@t(e;HJ zxk+cGI59Hb(|w^jbao(B?75N8Y%caEtGV>}La}G=>iCVtRR46jzciNawM$#Yp}vjD zbC(Ck`!CM-&gL$yj`#QV&t=A(9>B_}d-mln^bV>dU? zEzFLMp0#gWyD`{@Bmxu8?8p_{xqf-z^yvC*@8pe%^+JC0{LtWlGgKYw9bK6onON!0 zt@YburG?GY=LW8Au1&998QdINzHnpcbpO;u`gCbvZLw!A>7JXL7_6lF$FA551D8wg z&Ayp|&B?;@uzjgFcln%q?&9j@nzI=j?>>KRCb!-{vC?<>%2j)HVQzBf?6u^2>ipT> z(pcYGWosp|dUkEDmYk`LEw1!TP31Gy;>EGj)uGKBqxQ_0o4#@7>~wZ{^IB}9H!(Sw z8JJtWIX_q(ywRQOD=e(7-8?_G=wy-$)z!-N$-YWyb!+NcA=P_!_Ch*6czylcYPxhI zRw!2oH!I_r>tl1Hs8%*#&JB**m&UHtF7@76oiB`6v-wod#f@_pM>1D)n+uC)3zx2^ z(oa4T2k?0*uIrBY3H&0J&ZB%DZSJqdqjxHCo=dX+uZ(PYuZ(h0Ce|9cc zStwP;dsolTPPt>X_47CE)As1u)2r8WXQ#);+!;H)P`+^9-MExHz1DMXx>VR&n91H8 zD9%o74vr6X&!0P&>djThH@|ZooU|*Z> z&R!XD%kzCbSNpDF(ByJYVx&7}_YG#JF3-*OTpgL(>^VO>Fg|&$SYFOvx!5~aPT8|_ zwegL~^NF?L%xcCNJ6*H0!y7~8*`Z6BjT<*E^5Q2$-&Bm zT|0YzW@Rj&$)%^~i=)e<<=MpeYWh++o8LH>ni#cvS1#GkYF~D)=W;T6c5L-@e|c*5 z!q$cK8(oiW<*VHn7lwxx<~QcMi!%$0Yu&Nw zKBqj|f4*ljm)W{*_b1)6-OF>a^3}^FCp~y>ZSYbepBx#?rMIqKaW@u{-PP*G!s6tO zp1y3Ud~R@hD08;QE)SJ2C&w2T`?Hs?BvOlg=NGP3*Kdq(UA-`pTaQf*Bw{zut`4u| z6BCPQ`s$Tp&)CF7x_kWMVqrX)t*u|U zICUX;WpHCNm+l`a6_T;V@#^O0)zXz4<*n7pOJI0JB#+EacVD}Zzm~mvvwwCXzdY%l zzEaB%*2*_mZtX;>O#)RkIdxPZ=M?m z6HH~?wZ)71l}sU4xs)lUC(?tp(zWvwZr0i8uPj^}n;jfHmzZ*|tzEarD}{9L^~v?p zjrGFd`0&b9t(2KryP4Y@?@z66ou5jMU(ADA)QV{?@ufs6mevye40!#oxn)mKlkE zurnR(Ob0vD!OnEBGrgF1COURzKa8`|Y3vEG)Wg{pS(4}gXdIO44+iaA^0*)TQk~lt zqR(x)InRdlCIyZ@S=SG_X``}=+8t$a^TTwqLRD>ctil1r{o!TlCpt(mc@M3TmHQU_K+W;@;)nN4-n6IOhtPJSr=bsk zbp$psJKYG>@%o{1aiifm&EyD9vUD9Yz@yGv;rc z;g_f@KEu0=hI*=BMuS$S`b7pzsBz1rQB>v3{YLaB-l=N2;io(zlpmm}Sh-KO(Chc| zrkpMrO)VGGjRbNs_bD{=;`U@XzVGhr?4}G5ot-@b*=EXwBkZk|u(x+>G~aFn&~6x)X%j5d8Fi`R-|do?93v@mlLf|uEJ{Ul3I z{Ui$j)IfcDpiH|1-F`}c%*P4Eph?FleVUtM0JlWP6Rc@C9eLV{UJ;qEUP@C^oc!%A zkeR{Bs05q)wst8cln!^x$#3ZF?B|?3z<&(#AE)_`q2LV(pD3p5*L?HiEntJV`$rfG z{M=1X{oDxbB_k19^bhMWb>4Co9)>D-@Q8AzEmTrS55fAA$)R}SIvT;31?Cj;+))CqvQsU)NO3{K zutb4wm1pHr{*{zSLWOlSBwJ}n#G;z2utgq~9_;=fw?>Kucuk^W&6Y})WTv7yhXbcX z5ld3Qp6_1wL{KwG<0Xz#n#yY9rPK7l=q2|e@d1gjFgkizf|6pd4} z{#5iLGU@k8HdWgAjYADRY$ItQDzN9ir*)KlH)|TYq1T_8Z`@6NSp>cLS-dA8btK<) zKMJA0!f+D4ofzsnO0VaBsa>4xD;eDjY7w@hZfU&nQxo26YBJ16f6>C^X)pa#HeX&Cuq)-;qx7e}FV29c>q;p7IG ziY!!#P-keSLk4SX?2r!KiZYM|CcI+l!Q^3_rMjSeWeB6bQG=2O#Z|`Bah=Aemr4+z zzeS}u3reK~b+%Tf+=juhsa$VJP~^!N3}afB3OwX3To&KaA{e{zxNC!hhGllZ(?w2uqLQzqZT{{3;Xu-EO#VD!Fm$_vr@Fb+b18jN1 zS5n-7a48Vl`))UP5{1eDs&9s#1(5P)sM|1#J{P^BY+Jt;JxNnKz6E%>68(vkj&rPO zsC2A<>?%@`F%jn{C6oDCe%~U_rduSvDELyOamVo+$r5H~g5{SqCDNHYP(B*@09pD) zov=`;2DdJNin_O2SZzb+cnYhy-tH>yJ9R6oyQc2%1(1rm4NLqdTbM7Y86S_Hq)FXR zK+K%s${CWrc|kDZ>OIt%J@PHm@+8i8DQY^?P6eGDdQo?Jz-7m z7Utw`X;}4ZrG^Rlj&8$-{2yCD0+Gufv6=g|QhM5;l^RCmJGu=k@_*j@q2z3t0&Lik zZ@-J+3f-TWi088kT_lqU-U>wgAwxuH*OCc-pEV6-g2f|30iNZ_>ttnNz;isqaz@RufjHhthj)WQ$0b z+AIYtv+`0&H`ciq2Fwd#FbKY2)?u*?Nwz*fh(d@GRIhJ=nhilU3@UvXpR{Ow;Zz#R z1G`nw=-4c7xVq&%iC;h&7d3Zu8#gs)TbMivsHfSC{Q`=fHV7yQ0+SlXUCn%3Lxp0@ zlp1FN-IENumZZjM)-+UV)PE;v>lB2;`I#6HskKG=U{wmDjD*N2a4LN;jKsah?F^;B zE%MMbBL%UL6GkccfL=)9#1#qED=1`8S3w595&4qYR~54gCm!lxk>?VLSb33-cwm{ZRBIO%}o^G3QG7++pIW4u}teJS)x94|8C76k z?lCMV|84JwQYTy*$~ey6b$4r;d>aUqYe?AcF^)p7Yip=bQZz-@IV|s&+48ou{r?tg z8Y;3DKdTN6rl)}?r&F-ZLNO6p--e`-I5`+u|4FC?CEZkM@Wm%{#XL%=6bnJ7ZO;(R z4hZ}p!R0Hzg%WmdLnRT_0+?x@z=cqT?1Tk`W|3WAntk{cZ#ngs&rUiLmY-s1f=Y#m9#bX!e z^H3?W7b=@F#%Pu8n*gLz*$n&4+gg|}?N!&KCuz#R3;5(}^e0kfn`cc! z+pK9gGryOZnb`|r800SSAq+^VbBHsc-%#>+QKhFs1$@#@nr-9!#tZ_%A9#ZP*KF{) z_M8_w2aT?n_m+W2G3!@aSWAOhC$L6;-0m8MQh;|O3UB)Nh;ab`JZ`Ib)B0h=Ay&30 z?x3)+ckyrD!NOy_gjK&!#w%80tn?+Sr9XsdKT#T;zJ5FZT1S{pWgnsPzahoYUn9-! zYA;X)=HxLhtchBg`|pW9olvRtd(h5Po_Jy!0O}CHpJ?3BM2cmxuQ8f8>)){rj66>~ z&M!vsybh?f#SK}A%da1U@Hwjm=)GKbroN+`P0s8bZ0(fsdWJ)gkFqgZqgnMJRld&DjBTY>L^-2F;j+vUq}>{2<6y9A426j`TulLG>~!36Gk5 zDE)?Wp1oGeqhu@zOaJN%|A0yd(}3Vt&jR!)eKZa=qG!}-({2QIJ_CbrHM@pm4^>-L z#qVn6JPp^uDUsA6G8{8QSyCdHJnz|cQvuZk0S@vpn$_ue@jwJ}JLtXO(AAX@rpTH6qCCe@NoVNBa~`0-qXAS|lBt z%Q<1-?eJIyPVwRfQ`7SxyHvhL>ICST>n{dbgH1TCJDa#_7__9{9Gi2^?RuEf=%z@0jk_C@waDwD3g3R>wLN7oCDXttIg{E4Qt-b!ngTa&Lz+WSTcI;+B(6 z6c(inWt9}5A}uiw34X@t%HisANpCGr?+$BPP;av3_v$~p@v?nqG&xCah=yi@fAs}i zF8|Dt+u^>dTg^L3CGSijevfB)<@Og`>~Xt=sec%4z!qxilY2@r{>kM&g5hL#iuwbM z1SKbQzn|1}PoLevtdP}K$rnywEpM%qu3w&4Oi@uE9)@#iAyz1sQQ(=%q6-~Ua+-%X zp`w-@Z5wC#c+SYl?mn9aDOyy|X)BzeiL!O)lq)sa1pW7H3iRksZ0Zgn)@5 z8y}NEUET5Sjti(peg>0dS1>Wk%)1pA7>O6lnGVE@l0b>gL!g}DzE*}L>FD@omU{L? zupW2fjCDe#{KHAksm3bu$|db)+^U_ARZwKT>SQo#4cf1bA6=f#PMqQ+NF!&GL|Y}P zw0ey3ENfv|C)P{JYH`&moL~>0^MAPp^JtSVsm`>%v-W(BPI(n-@27m?G-&G0m2`}* zy3bhhA!X=2!Jj5^>PVvGG-@jwpi%?+=fv1tPyc|JBYz|w_nz+K)8J2^6LWl?{d`_c zjYX&?i_1AUt0c(*8tRxaWH6ripq^O@BIjqGH1bO$GcazZXgBiov0~>dPRH|t2M(y~ zgrds>>f)3tNP1V)rR3t5BjjTJ2zWE)Y`?F5Z`RFZkrO*xP1@y5W&8Q^HD;#rU#PRPfT=PpS2#2)P^Xy$mdj5Y29XMEOc2Q+i;Gw1$$Hem zK9&|C1nLRXz3+IB6N$)@AkGSuDgusHDjmTS@eZO&rmN7qQW4f8SUS0hX~S72g5`Ot z8j|lw4A^0v3Cegl-BdCle0((^+-=TB(Z?qmU~4}w-?7flDR7JQq|*)yLx58_EF7j5`e^fH z3pl3h+d($dP5>5KkEx-4|Frs21oQAr-Jp${>~;3SXFqCqPmEmx!AHmCX# zOm#l`6Yo^@9w>J?V;_^3h4B`86-gci5q-UZh<1?O5xMeIW}ik<`c42P(0p7q)AaOy zylw@_?~9(BiR5h{`90B}NF;v?YZ^{Z-Lqqt7sgTfBW^7eTx@S5ztD<{3lZU(=GkGm z$B&KZZ>EDCYgycIVv^alMnHsO?OOU_-H?()p~BK7I@RN;WhaY6|)7 z7BD~(=ifw6+oX{1!YBVa`V&bZzsj11Q%Fuzh}3v+fdHjM>opz%k=9o3lNlTl9ISLH z(t06>R5bZlEv$$^liv+Y|3$l)-dCD@(2!Un7g-}=-gTcM%=?w#60J3L-h)=H$gksQ z7vZO9Qs>8jv!l_UNa{Sqnub&7k4?|ak55kxU*gJg1qnaayuNo{;w1f=t`OARPl=4- zQctFX1AK$Xln=vLO=Jic_ZQs5SdjTr;%tsGp7?ZR<4$^v@ z^%Fj%$R@!_E3|j1f9!ONINsSw9^L_Z=yQNmYz{|Q6OFZGG}c(a@w3rWHL>$Oz|Lay zCzA0NSkrLEt7{@2wrUNkgW|JV8CTCZW+PI!!t2sm8K(dr3yRxClpisphebIfGkdMU zQ!q@EauTs|+*&}Xt>v3rSXEh`7vWPNk6e*xA1r=p%Q8(Ry z0Iy~KDF#)r50}`sI3&WLC7@YaV&BEBX$)81a4SvRz>-{3cikVU?n_-wQNF3Gak3BHflN95NyzD+VH_0BY(iJ#ayqnkudWu}R5+G% zTT%0-L5}4Q1)TSC$8m?z%$Ho>ZwOyu77B^9t_W@)8134!uYtcak9VF zTX7D4N*!m+rb6p^ie0z~E$0@5OfA4n!~z(Xv+@cz_Z6VM-jTy~6wyzqx*c$-ONM{% z#qFm&Yp0z8>;HokCa%e+iZ};QkR10`<=13O#!4({|0#Wv#-SlyTtk!`B63g-rYL+} z;ZZkxZp0euPGD1@F{bJE(&~vPD4s{Vj$7yG+H9j(UOhwif3Z0yh5FHHU!z%Zt9SC^ z@az-TTNJUOc5`_p6+^gRwOA%soG$!H|IxVdY;`UFsJLW~^~ZbS-A^wiEsVf!o!JA< zeB?j=NCYCZSYKwV=5_aK$8{|ivFfyX!gY;?VoFS`E!6vA&8p(t_3yq#mql)Yi~B`2 z0w*WI2yX{gvq$RtH&mFtt$w&b_gecndiK-xp&fIGDpe>*?=B_c-?AINVg&0XhIm4|aj2TTx%U&3BB-Y$_cfDTPU=H_`J175*?iJ;kAMr6|MC0`;Ub+aJx}2E^bW+LD6{S$u}cM5AOHEai>! zkwW5r|0^xw9hyBq_q+sA!ome#Ao<9<6M#18AosJvp&jUXM}h zT(JgMn@b|o#TiRUjFw$cpXpFq*;DN6$9jh!>p6#i%gsDx@h-L8VXACxd}(MR9gnM_ z8x%rM_W>H=0ajcORutj=dIamV=0?aB)WcPzh6!*W{4o!;8hYp#lo)HMQA7EdbiE;1 z;&`dpAj7mYK2z`%IbT5=#V-(F(wmF~;;^~NNZ&MWtzqA>U4dVXHk2%K%l;@ctwA=H z=lS=3srHH;m*@FP#NyC)LH1Z0lF7AC-r7i0RL61Dvbg(PGXlE859_{Q1iN`0gGo}A zTC+0rJ*ysk#_CTz#vif5&u1)N_qn6PtJO*EOF9VE55erc zU4KL5aN9Wtu)-HPgCDt6GgO6P2==u#WS?h-0SXK?M9smf-&Ki8X@dKA)Md6th zf)+ieZIY^Kx^kj0F&BLx6T)(Z9bJW`R~eXd&yZ*nXQIP|N_~zQW@`$xA9L19D1+lx z4Aj?O)ePryyLzZ$Hf+wi|BDecLjw2$foJ6i6jCV`AHaeiENa7|Dn8_E*0L(|YrySO z47bg}O3CbI~%gX)$f*!DhBD6arFQF|dpv6Kjho+y^z#3U3aE|LOrRaRhG zK{g#?W^*3=W)s$vatsU(Z<&JQq**Wtt6#;P0YsuoVLpMdAnicrM)4=4qIxa-oNV#( zp(n+6@`ERYwBiFy4qv0}FD|8eSpxtNGRpqK<7h78PGFAR2|yO7;Rs+{?3VyEpn=yM z9iF668)3}=BsU=$vtwiOW&$c^7_zB&K%V^YWJD?f0m~dN4Me_}QmvBJZ%;azGZux~ zR1k6NR8^ki1B4T4ydVfyyz;IVc*Qtje9>SV53f85UYTP%G|l1iEHe`_0wczzXFft^ zu}mi61|8i|X_xJwuu9R99ldzDLtL|pyg#gg>XK*c77~oR#Djfh6t$sG;3;fV%&$#w zr)Lmk(Ps&UC~y7n%y`_oP~5=&UgpeCCJi2|s4j1rDb)vt3=9{NZSeqIt)WZN=?B`Q z(=Ron(>|e}dY0H)c1ctbeaW3qgivT^L4Rft_!!IzfU{^h`r zjA(vo=>pAB@N(Km|a1P!!1m5P|BtyE>Tr-A?+!^`#{PrcDc&$XZiOc z^MbP5Q)xkIyC9k`IVmWebRDZV9@;uYOd^{&>qGD;F)tKix59iq9qfGk=t^e#tMd(9 zxF^`tTIeU)QhPnXIy7>na&VMmTYvYNXcCd$Ff;^duXTTp&7iUGHdj)PeoQW|9{*qM zVEkWs2~dXOQI0&Ve)?@cJ{!cBy*zqd+NF57ANKB#{mGP@?ap?Xp1aJsXTQ+=?T zJh7;Vs10nDeoQh$r zBk;&G1xZJD8BaAS{ZTY2F~ja3N;+Qu#-Kz)Optg|;RZ)qCF;SMd;YI>C){D6UlAY& zqGba7w;;gZV;BrQYh@`T&hMa|=d3_!v^0h0X?c6BVWgogDH3Ihg%Ha4oux13>E~!8 zXimP|mAENAHqhH$4>Z!-{eFNX!QE}bsn_p*^bvJtqN{{^(2hyYZz77@w;8G>rSaM* zqy4)8@i+rFmkU99JsH^vT)X(=&`^ux*KQZayW2S*>KGl-6koLbzu^p^>oS zO3arvIc^OXSlA%OS6=EVyIkIq{UL7>*R^$Ep)mwLBlQ^yJadyT*z0ZvU^WnO0;}d1 znjISdl6;Ty1<{1t&j=)ZwTWVR>fa*(!GYdomQ%Rfe5^Y--|j^I z%m18oqeKJ8c+1lM_do=3Mg-x+(t@=AOlM~w^pS;vG_Pr;#7|bR`O3tdC|r)DX=R5J zP7yPJ&xPWDicG`C-^A<48%mDCoY61Ol2ryr0T^twmnCQTv^W%M37lN^kP4M?Y>CP@F zy*W$e9>%7~Ze&T9zox9t6QoK>bE;_LF5uXT;}Sxec<~LD zTn9&O3e=UyS!RC`affseH_yxZ9GiY20MkqOA-06xL+w!xwHul<2%jXh3f_0;*Xd8t_0FccfG zQ{Az?ZrhFx^>i=CdYyq(VlbUfEhlj7?G3{qgx1u-dZKb&G9jiICq1kixYjL!@q--jlQ$k?S-`N z=nEGZ>G_3A3yH|+ZY1P_=OM|yB0H8Z16i}z3eR7Tz%vmeUE2H>+IbFQ6JPNNoMa?l z3u_s_;bH|rgrUGM`h%><^pf_kA3NnLlm;Glq%&PYfjaBXWiqn+mOi4j(KLS}W;H zCG+i~2Q{IuMNBBzHNgyTY3iWxXP(I$Z1j+rbc`qb1V14g8w!wUhLJ6BGfx^CI7haK zy!#{y3}KB2C2LT%ky%l4N+LA)rNY&bmq(w=i7oCxJ1<*&&BGSoIp1KmWmYnAoyT+S zNjNzR%e}UlyPWT)F^vm9I^<>H1VN`)?7YJ7i5*>W!zhwEDmSQG3MPf|m$!g%gWdkx zK)#RN7JnHTgekG@31qURjJ`T$?Fr=Kr6-7PVkvA-th#CXd#IXoM{IXJd-c+lg^Rtz zn;YlP-%JkiHY|%tGL?m^iAsojVsdO#V0B$l-VFSXILfYarn_x-4$V>7^QOWT!tDIB{}GR&ur?0 zzGXR9d`;+`bU`aOa~kL0sFO6MkfrbZHFPQ4uTC^e36QCk%69C14SCqo*vJRXt$HLu zIUopfNU^SaQr$hLoxXI8!p&lRsdR7b^uY4zSoi7Wv|}fRPM=OK^G}$PMB}xhB=Jwc zu`K~8THBOZxqD!+r?2~T-#|Z`ERL1(VNXv&JTx{0;VwtRP{8B~ov`?Tn2QCD*aKpI z@e;EV^KXa{^TA384`FDke*7oTW}sb(>T%kBFJ7IKyQ4b0;;`z;>AI|MTVa!E_cJxS z?uglWk9LzC6rUzl2<&1nME23M01-pIx4}t0DA~1o4lVEWImkhtZ8UI9J+oSWw`}P6z1HR0qEW6 zLrgL_{ph!%K`Zw|?~I1qoa@VIuFpq*-{7`wDAL=67+htg$7hEvgB4$C@l$ zbLbY6nXaM9`eOZ`J%fPTGfRX0-2*D%zAuib!=>j~;yvl|T`V9NcZGGLYExK1k*qj} za|T>JSa^QtNO`MNEoRDgDeI;z1x|$*fMq>WX)cl52?zM4C8%cPl0z1D+;&-&tu-V$ zLdiQlgmrRqc;pEqfhs@blebG;4bjq!^{W0JTh;7s^&@aCayAV=ZSLOCRLIrugkD^B zoys=CV(UlY^`6NiGW=nLz&~kG9DE}_x9fMZL1KyR?9r*}woP2{9{>O-fZ)JEP(^I} zM$i2f-m5dP4AP<9p+kSH69qif1OP_Z+SwtrS)$(Twc5S@fgvwkV3J_{I-8ugUHuTK z4##?{6h_+hk!yO&q|`J;M~7FDJqII{}nsk`!^6 zNOQymXK43wOZrjPYx|kev8UkZ+PJ680*!J{K?A)e^U?Ta{zEfp7ZyB6f>iA&NIXB@+Q%9(C5D*X|Bi)_ z+~t#qevQH-k8@wehxL0*Sv;hqZ+D~grQyP)@3-Q8Q|T){*3$QwkiJ8ltF*lJy-3vc z1H}a&VKev2N*_ftlK21v+1oC6oWU6>QhVAFsY6VpDj_Ono2cJ`^;J;w^$KM!lR#fV z1iBV51K&)&1RC1?9`G(~dyTyNn}AaCE*j`5e-STQ(Fgx^^fXP>JVdDZ)#z^|YW`Q& zG@N(eIpJ(sX^T=X=G3mPs=T>N*uZz?Xt$Bp7*u$j0J zFSNKA)H6T+iq@#`2-^8~kbMysgI;kVW}B$LtbthcB*gN)@rai8b(9wO(2~?p?lPY0 z9^M#@26+vyAUdweQ^_$7NvNPPne~;#tbfL+!7GWI$T7~Wq22FRj=_RpV5m`^%>YwE zo&}?FHX4;|1DXn;DBrYARK1E&H4*)dlxr7Q({Q==sX1~*p{QbLBxCHFf<-H`7(2Q# zgGYF(xCR5caJQT<*D6(Ogl=X+V~PAiZ)tjbG1gP|jwO-0Z&!Oq|| zldy7hhVrgS@2@6$Uu7MIk138PoZdsb_lkz_rXmX~x0p3=8kB|gnSe7@XcpEx@BzQm zZpgx#koI(W#oW}OPVQoELESmG|DlrMzZ|{L=0d%e7D`Ux1+uCC9;1uh+0;cJ`)X7F zJHRP63!hE>>n$LeOh13iW*W)?=3<!lb3|l>R8q^`7W&ymM{N%Vg^iHubNzfI(qX7i6?2Hgzh=L7oSVTF0oy@e$TU z%jI(|V)tw`rc6qDBVqTM=x-!;-@=-PQqtlb*x!cpu1)F$72w!#@_BeDp_DMrP&4p0 zfJvB#Sd6Or!WA66D$I^94nt(#cDX~w7EVoWD$Cr)FuD41LfSux{zh{3+ga04uCA}nfxo~Qk||}pl&EzjjGa8qw(zA} zT2j6xsH8#FspKV@$hb;;$G`9tbkgU6p7saTBJ&3sa=oT}RE{!Wk}7gg@x&ivUx#kV z@~lh)F-7?G;ggI6P5F>5Eh*5{GyV0??*KGYN9TwM&{cMim=ny(Or>4;E zo=mmkrel9tZ6vK{S&g2%?fvQgz=Bl zv5X%MNtN_RJTYw(r%fK6?9YiUQd!j4aZi^E;DJ>9DRnBU(9KNG&8uzp8xDuszQ5MO z;u+g_7cI(H+g+4>rC?Y?Shzu>w7mOOigb^#CYtf@#j93qO&w?#p{bZOn;`Vu8U2l< z*~6@9IL&6xLFLF=Dbv-DrA!rpyoK7@GSoU=l%lqR@Dmp*KawF-%f-?bMJ~z9V{?COz~KYTg_DjiiTf zWlh8B;X3W3+_1o}e<|}13!vm%C0y2+C1b*`j>`Q=BQJHO&hy8L3Qzk0=V)QgkDjOiw{6_RQ zlFELKH4Ue-vyeKQ*1U@pE>(N2bP6_kkx)w74y$-a`RKF?2g*Y_J4uX+n)aeAMKxb* z0fh$D3=(R-+AeDLn`#jG*hn>Zzgklb8fe*cFJ82yFQHu<`qF7a&7INTNUAx^nub%2 z6G=5Jmk_@|VgyvAA~=@40#_0rC7GVyurs?zY+Be_E0$%xu0;I>8coq&XA28q(B2Rs z_)YC1cwcF+#UkvN0JIQbp+(rIT0jWXqN0&t%Cj?sxbxB9NXi^#O+zVj@etzQ#eD>_ zDLCadw;%->OTr;eia3&D%VZHnDoyT^5tD3`7)4XFYLox`iVk`CaRhkxzgFZOtDEwFO5hgd3(yUG4QeJP%RJGp(BVc zCAw3TIu((BWDG|>2WP|AJKgyzm_#8!HkRl|q^UJa#3TPTN3w*TtP9O;?c}aMxI<#l zVmZf%f9GXZ%k2AbTa+lXN<%UG7nQtEmx_oXq8Y!Cd6e^k9P==%sjNixceOw0;viff4%n(%A*N=cs|~hNi051px`~;h{z($`8AjgW zoFJ^ST-1kl@3qQ?Hx({~+(D>$(;yeZ-wE(PYRiQ%moy8M{|NV7p`Akc4w>JF9t;A)__Hktr8zl+H%O$H&8n>{U0VFVg=!$G?Jy-5N`c!||fu?I1>E|O&YcT3~Yfb-Tv;)=b7dW0_m zESiAcdT3mBtJx&wsK2$@S%Z1&p|EOiLL9Q1ytg(IO+ed4V?%qd^wb-kAwNyUBsd45 z7WPUV5oQ^GwnC$&p@zuDL5he{DNc~;;1#ryT8eL{f6n)LviN3)^ zqPus%OCaWe^t-|p_mgNol_o&5K3Y|VD4k>jyGn=-a3wK;Re59F#i8St!IjjQd9vf? zaP0+=qzWtX+{SA2L0)J=Q3nj$&ikabUNQcg;-(kkXhGn#OCb&Iy~uoCz30CPL3^T7 zTV8{pgGnkW%v@AI)_bhud#XIU&*4TIrLB$DKGfl?Su3!Vv;3T0uI2e@(oL=Uo350L zw4*c}(*=+^>+FI3LQ^Exj;tO^*=XEe4(t~P_6x=EnsD@Q*oF@57fms=3medZ{X!Ah zF0goDzmQnm1riVJ7khxj1N((SV$?0mf&JpZej$m)|MSFw{laSb-s={})q(xOPu=ow z?~z+RZDKlUJhjOWS|*eO`^Bwqzfdk9$6gceNsb)v#acOq9Pi1lY;n!$D%T1Hr`)ws zEU$KvTSaUG(Qi&Q=2m0KN?r+mw#lqBl`hl0gQpN;?j7-5rC8W*Qq$z(-1OA8sA*Ea zE03&01$evKa>`PwMznOx@FJ!fxk!lw9!ayQ+j-{MyJl}$D4kWHw*_mZR)wzv zj9C;EC=yTOBjC42!!uvmct=MJ-e4w1J)T@=EJBl8ycw%rdPHkaxpz*PELk%nEFW?tL2>K4tY1sC(hdcg ze5fJ_Jihas0@NboEz={gtU~F{z~)RfIhaprUfk4-G^SVO4)9 zcb#a03N7V6hZvX%;%P-DovrJ6eyZ_O`Xfzc0N>!`@;_|O%g}PEl^!9_=rY_hT|@<_ zsraIbIB9!i8K43RMn(r-*|4{3s_5*yi6ZIc`(X63n0|LIX>}ABg*%$xi4lsDX z|2!5BXtc!mjU52-lt`_*v$LNc;+7@MI7ygKFk0Gygn12SE_kifA4gK}%U&-X^J^Ix}4V}He#7twlWcW(^P08p=f9^Tnh{&5FWd85IzO;5++ zz&@z(4ySf$p^%6V$pU@AAlEV39$8WP@PxuAb^yTLFqA1v zOE@4qTg1K{0CgW>#jx*$!_{8#q;orf=TtiuB|oq&i`!xg@$Eg)thP>~Su|yF&hI{BeWT5ln(zrK z{}!-2lsvx!l(e}O1OdI%t>6PY0N1w_1cB4~R`97E0MKMB2m)khTftB70I23$K@eQ+ zZ3Vx+19*106>wl%-U^uEB@OUeKi@a+JNGcQhTLoMKeFsx(|4xKioi{_&A%qCvfl=O!xqX09 z%jMf%+bEa8GM*{O#ktFPs(U!bdI(idq>f92v90O!jfCC;%q-HLe%cMz3dI-Ib zSR~#+iqHbfE61Wvu$Y~lXT%Msfdr@#3$vFw_5P%^3w zXPH9PD05M*oM*Rna5DfwAcFz2)=?^zbP+_r%t|talTGJ*q_&$Cd?P50@_*q=>X>c` z=@VQidoBtA5hpMFf)}+ic`2~#cA`OFe`rH}P%$SoMnVOuD5;zpe6$en@aa2?bg(}_ z7p*+u){icRt&>@mw!QxH09;81yU#~-n#tZA&15W<`<7;LdYZdoYKkx+b;kxZ!kW_Jb_+IcopO zjK_oo7I#mff-b*BAI(4-Z@sC4%z*?Q$?IByRe9ri@={KPa%VLN#&iwdT17bB@b6+3 zxI-}&z=1DU4Y}Kq&epcp?EFftkm6Yj%lMP|mDrG>+$ToF!_;7Lf~QL5>HE(Jo_X>=RZi%PkAM1rm5`Y$bLk@S2a*^hm{otf6`8)5r8Y zm|wd*K`cQo3U5)C02P1H=>uAsC}|>G+q^2M%=)R13@o3JcF^h zVO?8Q`Qs;4p!th?4(jywg$VKp^Z?KO$^)=kEFn|i^W;k7bN9aHU3ue_fB!JfH#llZ z-cm)j8($~@e=`C=AK9h7gL}#D7Zlm`gY3r1u26ut_Z-(o#)!q+BS3Q}YMuH5&We^) zad4QFV98yHz%mK%MLr9)vVRz{vO6HX74Pb6(p&rxHhV|`@*l^4l**e-N%S`evZ1V% zSRr=mhXxp=lR|3Hm%bxBHi%jtW(FadJeqMam8!vjg=mI=53%P!lO+WhI(B}`T5+nW zEQAx=XsEsKJZqs2v$bNosLw2*gs4Njf|FXU$a>5^g;xLrAXpaKl(c>c$it z^xaIsrZ5LsL`a$D;xU!C-8DSHggNsX;}HP7y;Q>qR2&Jb}DL3l&zB<7waeZ zWjmSHeqsK_yfk``{BuUqyVB1Ig0?_qtkq~X(W zOk_M8OpJT8@QRW7>{@2za#Kcr1xRR|B{@%(Ybh5x8~D=CN-!N2EthgmQAD0qE-u$_ z$HkG3IKDJDTNSxsh`5LBN!XHkArC|xm18R?rGbVh-~f{t{Z6){;WRcUX7b|YD=5Ow zMGnQZ?@$O+e}NJr^MEFZ0;g;*yLosAK{}+ZtdlR%D^wG-Gl-X@9$D5yL=nPiTA0+B z_Gfb=R&Znz%xChTsY((q9w5kLUo;S;i1D##HZjkyRWC7m>HsYM0@o%jP!BF?s@8PL zDU6TyU74{2aY*&2R;B1z($UH+AeB?2G$W9)6LwbHPst$BE$mrzT_kI!cr+*L|E=1ifWgD zSyGILPWb_=$c=GodYQBHT!hbB#jx-;h0| z<~H#)C=MY`C9n6_ITe=DQPe!aDOKt)QO(raJ=en8k!#6y;#?EZ$+vr4OBNr8tR7~S z>rn8hD)(8Y)7nVQTr9gcnXq7+G<13j!)NLRY3pW`6Nw>uHlp(RbI$?4kc3uINR#Ms ztR^_2D<-`4%5*y5bDRbGs{k^Ric$dM{0{AeDjq`*(czd&O5`sk4VmA23V9CX)V;%& zYRm9+u~wZerLosP{bInER-#uKsd!J_P@=u)lmytMM0+Kg+~m2NhGR-}zhYOeO}Dm0 zez=XO&AZLzlK>xAODevk;L2|!sy|XU-i3LiiGa%7`{}DsXFo$s{$cb&Gs%8-g7_s- z?{1%76tnUb&{8P-Ahyzn@Sh=7jJtt%kf4=}>rV*si9_VZay82}3%Q7-CMbe`rn9r7 zV;&r&-g2g;d;`Q-{xfzUznL9+G!U|Vp+q?44?$`W5(d;ST?Z2ff!EkAHD}=xjAP)- zO`J`%+JXCHyHG)u6yiwc(R(9y(9al4ShN9aaD2wCd*8?PR(+cM}4nrE}u@Y22E^`I) zS*l_nSu!OJs{|sa`{zDN)w2;AEiLVthRzx+Ng2!fH$zkadk_ z%)EwoYBm^<=%J7X@JNV*9Y+9;`$e~mVmMJ{{A$*?8oN-R4b zrW`T}0f{D^At{W_uv=VarXg^IC{t-rrr|EZ96!_!A{prvtLs>BR}f;!4O0Fw?>|G9U0Ef{~62}VPWeCuvC0I7Q3 z=hGw%1@u=iC=}3!7GaWC=Jja!2pK)zEHiqvprfet9W-<3t~z~3T&M47p`WMuJXNla z`>OehsS6pWW_o36Kl)&<^K<+@L4(c3$j>1FOe{Wv!q$l9JkYBS^s1(Ml{!svhHm*Z z^(|V13H?Tf3SB4GH7zFOKdjZc*jWdO7-5tSOr9u>Ai~O|Jb2ptO3n5E1~5@touRFL zoA2cK+h%p%53>T~U2?l1Gm0fWemX9o5c(M$7@46uMqwdaX0@phzn{$*WJ!!Jf?>(a zlana4`;HDd%u~+R#q9F=lsoNSJhyOjynD(Wuf*f=p=!^i%TkiwilC`A_#Y8#5a@_g zKTHx^W&wrV^Lc^2*Sk^%fxUwh7>;rgGzPUx7`RIIR=x-;zc}|^ygDy4|3NXq5suUW zZSbLM?PVU$vy7{efj%r784rq-ZBsjEUfCZw^u~PO>l-h3?>51d)NxGGlK%FU?AvfN zwD1F=VVDKywV~5i%gw4V;d^mx=QE@NM#{KO~VQ;#x@aJB4Rc6x`F2Zmw; zcB(tp*KOOep`PyLSg$jXN(`pcspUj3EADe*y_BpLktY&gJu50~oM^&JGxG^|aWSEa z0=<#zenuU>7-#~WuxdqAj+RtKW;sae!bKQJ=2AYP3mH?jSc1D}rN6Ixpf@(yJundK zJH65!8|qD;j;*ZpbPq14mlFg19BxX!ED9PY`s|_8m~U)wWjPV+ORezcwiO)zQuNGB9Dj~*{PWS@NF0BGH4UIAGkJ8CWeFZGmnnHZZmh+n8R_TT zWr;<5&KUaH$qM|BU}}eSV>!Wav5gxg%Ce6;j*TL7N{5nfs&veYj@<>Zfs{b}#tg26 z>sMM>C*vslFA4vD%#a$Elz9%g!LgOObO8^eZpN+R#z{LNSSL~XfLwCdkiP&?Y+V_l_miX3Bi6{->Dec^EK^7R+}{BTL4W%)oI=sp+e6X6A{6~CLs7Vx zq*SVZ!%?ZzSwBRW6Gmd=q~M?Y@ki9;n|-0+zYA@nSkYMGpCS0~#5ZA9QQC7g{LN)p z)3`>4B~D1qzoy+$Yz&-{!|+TM#&Hzp^W!fjd@!Q> z=m+n>GUA`-w?QFS81)%9Ew@0L^|t}0TRqJ>;mvbTv*&5n54q_ceO*ItN8ZfqaOhWw z)n9{`N0DC#=HcyJkwEia+6ZV9bu*y{U;0p?X)0GgO9Ew%O*?ew@(PsD?xg~|Q<;1m z`4q@V*C>I%mq>_vV;o^kw7mT!UPWzqByT?+JyjDuKS${KuIO(hdOpIMhRWOeaHbI|jL_8_qU2`BNye)Oy~iZ8T)U}K~Dc|zRh+eKU(bQRw8 z@6Cfz^QQH~sUlo{C+;Av<6ZolO95(J?l`V*Y@efG?(O^oeN81Y+9`dt{>!ALJfSE)DCZo7sOUrcM3)C3JXjnr_= zD=pAZxN&bqnK4gXh=|*vE%D)ysc1I*3q~bg4_DkI=$Ue*Hc<~aKK`d@3X`6#Gz_~* z_?}xBbBc91QkqjCiFJc@eu-E|5|zhM|Mea}a5x`wH*8eH?citFyYgLA8ks|Wbh!}FB;QFe&?Jlz8i zMM@*_9(f<)ijXu@F)A|;AX+_NL-r@8u`W%VrSmN%5$1P*9O_dYkoQop;f5)_7?*TY zSQqGHyp-380t)dlIkKvR{#vfcbTG?wJFYJgKmB4rlolk9FdFd+k`9d=NoYqoV)b`# zil!|oL}&;mMBWg&D!Tuj!Zox5xXzJ*X%9$1F&+oLWkK}oB#0yv!u#Fh!!Y@lailgy zDC!)NF*s==@2B7KmQnZrZ|_aO+_?Ce4`IK>9JY!E5XPdmdB;)y#8NVcxOfsLp ztdlr7v zz4P7hHE_Lg5^sq4vmBfv-7&XnLw?2w{aZL7`58BM92;tO2W-f67eWNsDJ$SR&vSar zTo29B3Jn1Q+zB^vvG_wGu?V4vLYjVryubk)XDbwGXvr1Zo1kYFW;o!$)4XUcSxA)9?>3-ReNpzIanf-uPYi0DMW1u$D0&Pm z9sb)O`tM%k{KHs!ttAJmqqPW|Mc922f+4tG5T#{qVoL9Oo@gzZN1s`=sLHmZZ+}O& z0QtZCk?Yjqe%_6o8*(7|O+2aBcOYrCF^&UCY~wSOk*9YX{{tAP+{W`OiiUqM0GeqV z|9uSWP>Y3gI{rIN$0z;2k=yw1FM_RS}z^l_7)q%x8VgvMR(vq5X|0!_xw&g z92>J=Bh3C|032B77k|gE4yU5d+1#1)3uklL8T(WbLO%Z_{EWyuP^{FH4gi6EZ3Nu` zPV91Mwf3&Vych`*z4_mi!#NJzh#@IelP%n9W?b@gt+e? z6>%fb)bLj=Q@l_J2EW?R6#u?HYwb`|yfjwW#buN!-q^NHiRJTe?@De!Pc|w1&S<3Y zyF>~SNwDbL2tUa`6MQ(bucgyZ(rROSwpPd0(wYDV| zA&qNWf*`@(g|UF)$b}IvC}qsVgCLkS{NZt8_Va|Bt?qfSjAqF)lTxTP&br;j@KZ_u8kTBGAID}Fox z$fVAFyFZvts{JEE%}4#ekyQIKzdD?1|CO6+?F1(xt1isZmP+T@I>918=4w*;M?W15BxdivO6V>c>W%s%@oW7#9)sTj=8> z^gl38i;nN$SCstyTmZ0%l7H79R3|0>38Ck={J)Wu{OkPca7zA|qU4;FtCfhagd_hl z(sZ&n2;EQ{4{}YnXqaq71BA6<6?k=$yo12)M6R^Yww;o!{k7%u8EWLK*lF7o{%RPi zP5HMx>c0d#DF1)c)c)hBQ@gE{e;2&tipyoARqoY19tCt3?eDT)Qq=!g0MLp0--7o> z&|$woDEe~$ZzT1(OUxQ57B`Fb@wBoA-I&g73Y-lv4Gs$YQ$p`MM@8=l6gd1jB!HJpqGaN$F`gAaUm36P3xCgrVuLkfm1! z~kYzuKfmO^;VfCnT-1H;4CkuE)^NN8BV5(QXx z4n~H^cWKpBwlRg&?P4}88b2v^D^$kOCZ008esXyyfqdSt4Ai^v9f(|%KoY3)LzhB^ z9_fQM!DJSBfkgc<#?ubBp8jMiz0KJn)^c1F0J#S4!b)$@qlY{p0UA_`ibX)BO}S`M zc-qc93x={W?xoG%wkhYSV2&y4;b{?f(R_ldMp-pzdOxI`z82e(ys?Y$t(wHt-t`3C zAfs(%wX+JQN8tskt5Lv}{P(sXUHVL%B6l@;t48zEmZ{w$6d3lbBQ0zG7+sKm6u@8? z`0B+EAhrr@k%;R%BjoiZr3FeK;4jcd814%2Y~UidOkA|Z#F|}Hh=b&*7Y*dVb+eOG z9YeOdJXcev!~iY^bFLpWO-}U@Rm|j9G`&Pt?B=*dq2wwKDcVr8r1;Q}#fGm0Ry!`C zWXTtUZUU?F(9#jO?tpX#*{Cr=qHqS;ahW)&Q&ACyWDhbKTZ@;hMMFM&m||Jc22*UA z24J|Qzyr*e5G67o0ZEWW$|_n}DK_5nN$26Q(6ZmOjKLQ#LKecug;n=MR6!H6oKrSi z>v||p;Vv|Z3avEm{<3J*T+JgD$zf4?eribA`qJVpl*N0Zihyg!sfq|));@l%eg^6& znI@ct?H}rocc}*N>zx#(3ICG6Cd`g4KQGnbg@KY`RLxQif*Nn--HLtCXs7?_4}etV zZ5ZBr6DhL8v4HJOkDe>%^6>NgLA=K%g_m5i^hR$X)xc>$Ta~}F z{yzO_G~i7+zmV-fu`- zm*iKrFs!VU=y&wBTd=@(wz%6xeYqnbVnWwxH-GZgp;Pd(Ah!R+EX%ZHS5a zHDq)13d-LB33>(Pmn%WpkF=!Je4~__y)P-Y_?$oYu?YP=W(CwheH06vONvem#{De) z3d4jsuK@SgHvh_hUZk*=Q`3D=>P*G>Izo|{}-boC+j@?4**l#iOZebnExU|{H5r7qZWSP@&&>8Fqz$4U`<|b&BT<6;2 zjdrraSan*r$yQ@EF_2W{;`oTqn~LFP{e=pzkng~IY^!;%cX_mrQ*Zo5BWC0IPYI*AeNNT=lh@Sws3o)_-4ETIU@L*~G83`;sO@$APK~8Vz0Z4~tlIiF z!5M0v>Atltv^I*>&swcFc z4enHM$mr^y9rfr<;b@1XgT3BhsuHvCf;k+LbtJ{#c8NE*#O${V33Xq^ z5ZKcHb3O#sH}_iib}CjrxN6%@wunJ`li##AH{E}5%)84mXZvOzjwvd6m2!Y=9eVn- z+rJbw#MI-ZgCUt3^?B{W1;@m{nnAE<{{L*p%-`>xc_l2m4-ZI>%ADMC#0$7zRDR?3 zi=M~<=`OFt4!NW|dVYwK?}iKcMsrYzf_lT{g@!?S`sz)@%CP`L-1PUJMHPE;bPt_B zyC9c8_f307zU*;dQ%RYe@E^o`?udjp-->n6){~Y_Vbf?k!n>V@E$1+ir3lV^_Si&@ zL(BfRP$$>Ef>lg~T=?0$3r^Y1u(3k*li_E^p4QGL!~v}HPROVs&#CClJq~3BgXb%&eer2?RgM>myUc!p!W4p6P}Na)lj`dUXFG?8q0;V zQKvLv7@0Tf+2$I`id-@&pqV@>0#Vt`g}!rdJ|GDne*?amTWMIo6imva$VZm?J2-%1HqW#$55-?7|GZHAjn<*R=xZ3fpzWAM-* z2Je0saktXxm?Oz&z0O6eDwmO&`>Fx=bt}}`A40l2UX@9}2P_(v zQ~p`GXkhJHLjrOYiv4ODvOQsQqfOX;_k_8VQon2~{u-jPP8|!T?@Pf*b+~C8CwFGe zK{dD!74lypm+obf*YAj=qw!e0lt`ydBc6;GlId8oWW-C6k{;I$({yO|H}x3pSvl=9 zD+4xd!%J;H=AJu;I{67}HKn4{R`eq#12F(X-1D-EH3#bg%1U7w#mdDM(_wdLmm9^< zQ@L|gJH^DK0a_VW30mRY`lalQAF&!}F{zt#v1m7%l+GGYIb;QePWcmS?Gy{77%DBU z0aizQEtHF+S}v_2V0CoYzLM!Y6EhkuXcteRZoooTfBN*rWibG`x*?dOO+iN-KY?%# zxS%3_hjnR7{VkeQa{xGp>OekVISQEzhGEEdhu>KZ{CKUv^o#dl3 z_grLxaU1CF^G>I|JCTSdmQ!t%eTdGP!5XiUVQ%S7pqvSnfINBeXxK?#Eh!338%eUZR1-K*8+V^5<{7uVQr~s=N&*fO0js(z_Wh8!@4LC@ZS|1N{R3wm8|YB3 z*=#iJ$osy}Y*@by==RGtMqB-FrD=f?O&K?$?yWw_W_zpe)m}vGeXnGtJFcNyR)PK{ zt_FwTTSBaf2z_fu-Rcx*zf$Vdq%5X@ZaeOcH#1CJ*h2_|4jbSo0uzdVjkY2f+&XfB zkj(^prON6W#3J1c@e+V+%Lvs(su5%!Sr1{y2FWiqvzBSB)@ZlHq7t1}>Lgt`Y|T|5 z(TgYAX$hRv)~T`6Mzg){43k@Hv`K8MECkR#Q1by_$&>|Z$0!5FQLYJtmtk`)nSpX? zGGnir8ME2-djhbl!!Qve(IiEI}pSx@~n{#g~G~A z`-af-tQ-u?(BOMyVz3e_cp}>=<3O)3u1sB}j%F;)4I?VTJZO#M5JqZ`VnzgyI+Rp> zg2*i)l64EGYYeLH4kSmZh`fHl8%m-1sQ?^939UYj_gGb=x;#U@VP4DBuJB6uYB^3f ze3Ya(NunQP9Q*t9eG2cnl#P>^85NRvkvYsY4cPTSmBMa@!`WISuNH(@@$S*^9;Ine zxdZrQ)yf@V((Vk)G<)b<3%$klN+#Jl3gmz|tZ?_i+t8+gj48DLWLX3QCVK3^mRc~- z9tESi1lAByWoJ;8m5_(aE(l1#P=WOA2xSGQ7D!t}`!%W&+al29_Kr?GP?27u4tWod z?uH9N_DZ$o3C`Id%#>l7*rb>n6V7`CAd(*qCvqtT-#qL!#j=0QEIXY2NEH4dvnh7X zU%{eq!bq%>Z;g=@_6e&a2+Sl2%-`pk7(QbZ($`O5s(q+eG!JxkV~TfMfMwX%xE zdzrS&%UF-BE$V$QArZ*F3!7g0Ex)x zn+$qdEkEv3hmPF|eQ1a|=$_LOrJ;FXM=lfI+xC3EBfxx;5$G`9vj*}6{e0xuP7Fjz ziGSn`8s>s4?7;s4=9IiFx2p z3`YMnX-lon+FGMYrWGiQY!z=qh>&ordBg+lcuUA{q>SG4KL$C?x&_M~7cB0KqJOk=$ByU> zv}%j%bM+PI9Hd3q_AS65K+L1ScioY6k+m4W4PIYevkb0Qo@g^vFq_D5R)=p1#0WNC z5PA0LK5^t!%gR70lA@DW02{qn%vc@bHz^`^4ozDZaVu4%$JEVQAS<$6sdsj54YqTd zCu`?IgTj9Bg%0|I7Y?k>@}L^393(J~Ce5qV)e5G#h~-WwejWu+B1_Z~UWLIM=tNdl z`%5V~<%?`$Z^JLCh2@@+SZ+2tD`g5JX|}_7u!1cqiP=W2u~I=>KuL{s1J(jXLdQyt z_W5j7hi_fMT;s)tU@(o#W~+$YbZZzd4T^B;BeZF>HEfG7;}l=Y{8s49Sz$dSWwD1? zkRDGXDp~}|93Lh7SG7eoo9jOJsy8LYhlHqM!urC{izym}0m^9JMsSV>oKDGX#QS zp2sp^t>2HPXW*7UqhA2ZV}$aIYl9J%b7L>xf{z_FstKzWE`++_q-J*>q-ndx&B2GAYSRHiDgwE4! zOAtArzMs>m=;R3^g|r{}t{i;PWIEtyPS9ueIEd6OVI;Hmp-=KzrCu6>=g_rn0&yI0 z*#oyQB`DC@yGP^*6af7Q07ngTGTVc_-J=4*3HV^Y17BED&_;<{Oi3(&pE_%zb?>b8 zBMQs4QjE7BHYMl5fM}D0%@;&!mn(*2zIhrQ(@ZeAZ}h;g$1L4plm|183a zbZ-MSDP8y5SyL;2(%#)a*jLk%TJ-%r3#)4CI|C?vWT~VsX~VK~5TtD#+DQ3@)n}r@ zO;ou4Dx4xULA8PRN_#rw!R{Py*#qt6GF#WWz6#k;}e zq!~_(0-=dffXsETWut)NBf+qN*Uty+^>gSaGVO+Cj3;GTo*B9h7A_J$s;IeAWreId zl^QIuu(6Q+oObE#JzcCAD@|jS>>OMKrY)>?&a)y?@nOFchsgYuePX};9oYvJyQYF2 zid(pOy&E^`OkATgabRTmNM)rQJ`R`mT9{68!wctx5i9IW6cz>|{Ey4SXfIr*_G;W7 zpP5(MR}d#`y6Yu|E3JlolKvxfk}f9@p8qs-WYI|OQpb?ek@y30*Dr2V&p`#2x0W7* z3bpA>zRhW$(t9Is>V`pmhD<@BA#Ut5gUr1jr zMbCuKuj$2N4%L}f&GfP7VyS3uaegJ;EX^g3Ua9Bi^o7dov*%_zjZU(Da(T8Ee&$T- zYT@Y@j}*1yYRWuj&M$-uCrYzxC$no$7h@+^)Ae+uxq9sQoDpm33#q)WM~jQkG|#Oj zuM|#RdLel>8@qb-XfBe>ER<_Yt1qm-kkIsS=9%JrT0i^j8DsI8%4xkad&NBaVzn8) zeEjm+OQ)WGcA@a>voY=5GpAC8baQcTZTYEZpE=f8G*hYLFP?6OD(LIjy03U+{#+}>1=a7@=WdY(!$)SBbsq~t&uC_S6Cwxme`t@u!X~>(MLq z<7XDK`Q&^ykx8CEyEuF5xy)iIQ@y%gU3{i+B=_80UT@VhopWc7r{|A8-FhZ__Jy=@ zsdKe-rZcyGH5_>=64}FqsVE)=L#5av7PoxK2l>5pZ^OaTX7}*c*=MtAf-hg%tghfc z)hJ0Uik745M&R^E@wdh0aP0u64|Y83?j&zgjArRy!SW_UVJ8eWVX#-0!FcJSFv1XM z8B5hU$5PdO!$8K98<8Pz*z5e;{MY&FBDz(a^oTtkr94e_Z>tpb&FUj)&6NHbU0SD? zgRj$eTA*qb9d>W0)o`;~qu)ElLP+?iCTKK|9HU`)7W3{KD2xroZ^6w-WrJY0;&Og{ znIkhHB~D^+)dvaQ?(6%$SSfDeHG)CB=2Y^QzKRpdFSgCKP&6FtIhwWI4@lKx_X<8w zylle3YKTJxqS@&51}+sifkr|P%Rj3p1&=uP6K)%IoHW~7rROBD|M4LE@E4jU9S9qt zx_JdBcSu~)qytLYMy(kb$5c)nVH`8pXHMe?_F%|)qmxIyNODWya-8(76%JmgtWo%R ztAk>XAvn=cz1E7^6z8q#Zy6V5)@l`;w-!P;`NSzNDZ9LpTY=9FnGr=NghbW5Jc8!L z57I}+4%RkpzZame*(tyu*9=WD36R~V-vK=PuaLihgq_baB}NEJ8GLW$!2_^>e03Eb zmG}wY3YD%$`Zic+xM;~XL7^UMXddnYNM9q+;h8MB9krmet&9BuPN_1o+HTKblJv$? z$5DG>2)2n)a{Qh0mf9LUPXs???IZ6gI(&Kt@3D!YVI4j>Obip^o)9;=X>A*E+shGA zVUVx_Yuou2$0FdA*4_77wK(C=q!QK`GQUG#k-_d{2pFnWUc`+~}#!@_z zk4N-46qZs_*Ya9HPobH#5z9x+Xc6O1q@zhG-d{Ta+vM_oA9CrNlc)OWebC`9-bb55 zQW<~lZl?l!z(rEZqp17(g*ujGW2N3`k%oeVwtQY-)APXR_GmxqGg?|~9nAEkYa}k> zUOEOV6XoQMAURWXCbIuv=rM{pARkTIcSjGC?TG$)jMATA^V(j=?dN$*j>iYBXGODA zsaqCEm#P-E3cBOWlDvH>FAnsYTt+BnEvp?(pL+Y-sSheH%o)>cHiy@kxoW)@3eiyI zKNy=v!@bmAKb*^G&@5d_AN-Ij@BzEZ>Lkj9H#p>h^hwe~TTj?6h0zcIc??PME+1ag z;)y+B?Qr=(d^VNJf|utqx%j-U<>qIZm*<(6vsx}S3tpa|2QO#SF}yMhUY--Y48$ao z^SJ{D9}8VYA#U06o^TB9&P5ZsRAwIBoy}$}?w*@XM6-HEaQ7^pX69qrTw-<>+&!O3 zL}tO=v$HY!ojib%t~*xqBZl);^qTf&J+>GQK0x4ydtXh8J8~>TdeMm-Cs9SP zfC+iF$`Z{s22AD7A`gq%bQnS$H(&_ixL%kj>hP|u6*@I;kW3cRF$zr`v_ci=w!?$o z%1>*Xd2-5lv1l7F*vtaIRTye&>tQ)&%352wOv@xU59jqpr;Q+HVKeGAbHpz=tPk+; zmhA}GT|>Q6t{|DiDn%aWVZ=f5CrXtENezuaxZ`vFo8VCun1R6-3!XBm(h7?OZYhh! zkNZ%Pv{-x!@3F<=gCK`KP7$pM3B1xIU`q#@s}c6~rv`C;QgME=FW(C*Cxv9V+~RQp zk4PVB)$_&^5tAbI7(!;DoVYlHSg~K6gx8X1)EWpXW4+cXJvw>5H&Wb;3_@`X7D^UN z4AQ+}Af*VSRm2*xbAc^NlmkNFjJ>`5xW^KqK&0fxooqi$Dqj5cfV}wMB`=2i^WtP$ zR-jS$Nu)fZa7{QIfk(~^;F0bd?Je5jJ@8YYY&_w7tx>pi*xt#$Vc;ujIDZjf>K%L8 zMb~iLd)ZqNs%mJ7WHOP6C$(fOkxrBnrnKB7@(CS($Ko2EMw4+|V@W*;rvZFZNTic` zBAzHFJUeN=e++One5_JOEXPbPpt zSivxA;E!Q3F?(^wW(uRmU-1&pV=`f)RV_jPrWsQ4EMotSv15KPrV`CE&oo*Bz7r;o z(&WEr?lrstdzXM8^FePDCV?}2Deqgo1D7QlB}1HM$h>cWmhg3oAqEvC@fO;rankIj zTlt41{+;9LK-tC;_rjZ~XY4IRnI4H#n+u)@X?`FOGbOKUQ3 z;;Te4QY;l?(R3=7HWLL+FGfHcsu>_2!VFre&Hytm^ZbtKIOUYQ8tOg_nCab|@HJGdho)u}b8oYK^1KT!m%M-&rRFvhg_bl&e*RDgE z2)pOcVNY-5kx?XM?{&z3p=nwffW(fv&v75^uf<-vHE{oQZaZ36Td#Y4Fyc8zTyi17 zz4eM=>qTdC`!9>LL#p+{$BA?gXF6xCv^ls>$4K-l9?;QV%X)+-;uKIk6Q7-1Uo)wx zMssBbKK3)5;$$X{^d_s><6JG2+acGxMP!;cTX1MgtKcCxb>xM9E^ zS)e|}2^Ei%`tZJKw2=IeitH_OaDe{@FuS(e%cxDVYF=qHFUb$=4qiHF|Lh&NchH^s zGMu_7^a5FRk#7yb1N~oX6guP>w=8Or^?iqv{w~Aq zq(6S>G4+HpW;ljhAJ_!FgOs_*UWCKszHj9#&31WkNARkwG}i||UqND*I{RbxZJjdI zA=7ZX@57R@TB!+VPWjxP7kSzz{`*o02dx6t`{DBl12)x`!be2l^iTPK*mNC`^Pwm+ z7Neuc$qvlgSx$CfW7>fout?7qCiPCOCdm&j4X^OlObm|>%ZY^?$K{jd!*9KrEFX}l z`{fcdSw1Gq$Hag)b_3q4Zuzh`cMtn)Wrl6;o_FnQ9Gkn}w@xlo@(9>_9Bbzul!v)? zOolUA;o!6&BBkHJbc3OVHb-!CZd5uvmfesKiAuQF&+o%dCkU@R4wMOzw~F-maCmqO zKCcDT?(^D|+BqKbLAUgscoOfC??m^r!g1nD5`i`m60{?ntbX+Xx?4J`ybsdhXoRS5 zV39b>(?|FqIWzR3;z>J%<5=5k2)l6J;nAybQm`CyIcI?73jkY%BN;Cdi_y9yTIP^2 zP8mR{NkvjrL_Hya0PUF32y7nCdTn?{1S_czu1r?FDyj#M+yo}obD=jZicnrd%A>-{ zEIG(GLblD6jbzH46IXBv{FLoROhK|th*@SbBhCOa+o?&^7{B zeBA)9u$*_Y$c#PE_$-`v`n{rN`(Ff@ZHM#DhHE%(3-bH#h4W5qpz{v7w!nEuxpc7O z4&E2{<6CjbA*Ua9f+1%K9NeeT8XRd7I$V9O+g&FW6G37)P$%aQa@1k>l%%ew>Ac!< zn=yI(#dw6=gi2b}G*j?-(F#%A((-VNNT*Dk-p4h#)W9(Z|5`3By5;P{ZZqWi0~khe z5aPBR?ZwHZqyYTJ*&#|NM;3N+lKqmil!iHgvlE=C$k8Xx&M|OhU|8(G;0K_-PDM*_ zVWGd_j{twCk_ImU^a6ZnCLD&)C%YXXSPs4EXdSP&0!i-M;VIj%)4d>8tTKI$F4k=G0GsVk(Ti0RczMfgv_KU9aDM-Z@9 zBzp88{Q&2|fa8agU7zvyrx!4i#aot~N&yuKOk5#VGyoh{r3Ad#ba=QKd3c8f8^4cp zEni^54UQqbV)nSe|+;UJn!=VL~obp*I33U=s?;CqKF@L)I+ zX^bE7p_q<1+*9Gv9kasz~H1Pve! z!DEM?F|Ft1{!A-$jNWAJim09(yU7KbT%D!96~$W8SDM@OCuDYt=}%nKSY7+NU%S5X z$jOn%MSBM+H5|_6u0F7i@whbR3%CrAJ}zth>A!lWymMTLz<)lKfM+c{X3b)(07V)r zkX|b45qLKT(oIHl*B?CBkUVK8j)ps`>zGG!RFA>sJQc-WD6pgYU?*`)n$k`H;R}$j zESt$KKY{hVuX8$N5TpQnuKPNtJD%bla$AR}is?@0bPZ0+!}`ToB-QX*gTH&$8d?cx zC-r1&KG~XM8J%p+ zCtGteG7U91Ot$9Akd~Ni%_m!P*S22KhD#mvsGLJhIg_oqFm+G1=Csk6Y|STIb04GU zWNXewAVfv$ldZYfJQBq?s79?yldX9_lfccmH77rr5AN6j=L!7t(k2epzrp7$ewYj7 zdtC?f4j0G+19DXk%J}hku=kY*!OK3Q_QarlgKMB}4}!v*hR2`@?>8$zN5tY#Xj+gM zGj=>Tn~MmtGK*+IM)K?*G4f1?22psBJKBxzP_$MB0b1>aEc%E>W#ESO4B=+Q#wwna z5BNC?*da&Or${`&}_qI?Wy4b(E3@^w* z?^}U!2#_n%xDfuh--_39LM@}r)IIMV_um&BZ8&1m#OHoQrn^zM-$7%3t_h>lm^X&S z)3=Az_M4TW(Q;yFWauKE9-PqmI4O({oi`%X)3+BoDp=72oIRDu-74q5Z#1Zr5B=si zs;S1PQRgK4`78uNgEMB*)0G$MY{TpU+WCneEHUTHZczMO8Ulgh2p#qG7Xp5W(!Wl-R;7#XZeCpz(8_7zr8`tmo;l z2OdPUw>tBj=a3p%&ESL6l=9o-BKZ-zL$>|rO#+hk*34y!BU))7 z>w;8XXZvWmVw)rrGuUfNDjdQ8)BCM#3DlGPXTMXFb7e|ihWd(Y`o<1ymko?E>KWEANQQ%FUKJfVmn$mjK9x)4vnYY@p0@dM7b(L6?K zrehG|z+0*qf$N=~gdb5c89{c|L?UletOJs0qB0Kr-jF0Cs+(p6y}^6bKrjXz*A4tP znM|eB3SiT;*Ob#Q2NE&8W!#yqL5^11WwPY#Upz7!M#T|ZFa`Y z%Lu|%Fd`^e5}8ZP#bSCim5U=MC29;Mqq&qepGwEzotB%OkI!kk9-qtTnUtQ*%tuml zkw`q3*3+^1j6h zlL_Sd%%n2}Z3fh+XLEXDHl0F6ryO~4<#L(KtmbGhLG4je+DJC7WizPJ5}l)@sPNRB zPb4!a+LE5n&gW1)COwy!k7VGbmCezR^|{DwDjrSD!nxPcUXsTL_p;nO#xcC4=3i*05^kbG)UQ*OXPC7Ip_FN)SiY+phz^UWl#he z@5Qo+znDWAo4Hw(mC0hPbGkO0!SMAtZ8oPRGDryv=UNo4$-z@NHR~8(n%YA};%GEI zpUlkSf04Nqfr($>qxo!XK9>Xu%_Xwwxw+JA9J8Fo+|Ea`^9i^Op+ZhP>u4{E@-MJp zW>XO@p4H|f+H4%(M}hkJIkcL?w9cn<*<5-qlEiGz#$)rboEDo)CNps@1@G3`w4QSU z9Ayfei)8g!4o`CULeJ@0h!s7T(C0Gq$=S$!6m4Wuxg3(l>T~H#7R}7f>gfm$leJkL z&a2K5G6~Ml&4U(V(Nr2tp=E(NJ%&;|(F}%&460gc4z7Z;86ayG(JeZNJQf8qftOSo zm1PorB}K0>XU3C~jIooMr?jd`pdvn>(C6WW97U$;bUdwPz@xM2XmmE2&Cbq)dowvL z9nt1T{r`gr3W!wRAcYoz)O~ltam)G0H-z{upX84Z-0g0ukL&VuZaL^hhkROY~*sVImi3W<@112}xnv+rbUiB?E=mlLoxfqY=c!QEq97Y~&Cw z#E@7Sd4-XXS}PRO`F!4tqLsKNsY$4t7Gf=8@j0`x434hNob{!pq^cc;qeY{Q6azq) za|hLv?~NAyuX0RtDCA7XMNi8Iq9wBkF&8OnU>c-EPZyAz+Dw#?sksQOK^;Niz-Xxe z-Y>=xD}|`W5;(L7jVBr@6$%l=Y9*0Zxd=Z9Bvwu$Lv;zlNsAS*fJO>B@+xbwe7um4 zn|ZLdk){biN^3-9!fiO|kW#j;&a6YzP5)jX<$pf{;oBY3G9s$PRbg`6CS!9Q;+AH0 zzqLb}9JdiR#6OecHagRt9JdXK2_Bt;CdX~aBx~;*Ehh7tW+umNE{}@Iaho^pI1t}C zZM4H}fzssL*M95Lv4~*(4tpoZZC0#upjncKhm+$r7KTy@lb%bH<2GM@n;f^vkmo=Q zH#u%2MjL!WI5}=(LBvSvyCa+&w@u=%`^8;Pj@u^3ZIk0ROL$I>+a||tljF9@aogm$ z%@T-{<2Hea*UE95oe}#xeM04i1^9iVD{f8&_$^f&>9J$7&VehnI#;uMp;KuhJv@A~ z`Ft79pdzO=&ZhY&l(N6`9m;5Z0Dqwtn2eVTl`3Yf*uP)_@=sH4>cz^+PX;CZI72TX!jqX9H8(n5U0XoWHLE@3k4P= zJfT9_EFky&8jcw}eH4%|8_DxaR4EQ4px-V0ZZaTNI{u<789plg@tAruYu_a^YXkK% zt@bXFRy(F*BtPXd@v_>&592+mwy^Y-oKyRpBLP1r$)C(5&yh_n*E5qgR}#{LXXHLH zcZ-`7AA90Gn=frnmG3C;EbqF2AJg(i_x>!(5hDG3uD)WdaQvnukv>oC@%%~vVtE2% z_(i-|eoOhb^8V@*2k`Te6S-SJJa4zVKSlJ@GlY;zK`+zQmkm_EL`8|3X|&pmVNur- zb^f?~2?8nW?bcyA__4QZgZ}#gKv&twPdr6aA<@vuSO4nv9XllSOCP*#$BuAldK$#i zLMSLn#_2X-pPr$j7Icep=aW!EJw(HSmApxCcUop~W)C&6XrdYgTzjYmNDiafG}iH* zs=$E)8&?{kRRs4Uw57RDqM~EA_Q35T%m8eE zsE!Pl0SG)4PTZMXIRw&Y-7_y*7 zMai})5Q&cP&CTmw2(vm@V;@to|Yf zC2%4KidC_W_-`8Qlr>bw*=f)X(KAN5Xf^>QO;rX0g6?E$75oaF0KN}$u_ER#AqCH$ zU&uZ&vuBSGBhN`jm11*Q-sryb`j}R`~3T>9zk=EdUlsjjv&rdPhxE5P{W(h9LhE(kHyLQd6_?B?qcaG4;_X<^)kpbtH-zydYHH1R-91GcL5~J*)N{ zOqYW727gW8^j#Y2yfnCVyoqACorIbe4lO4cy>;TlH5VE0yzV!}=3VH``5afK`qN%q(;Xj4dN70mH7Q44N zN}Gw^hD!m*iguFZ(>E|V_^)VQrLy~x>FJw!dt)mM-4ETI17!kmGCgVpIuR-fWRJS3 zDCOt;DTVdGpXS+xshzxh6H>7N7*8|OEROup6RrQN<$IMIIzN5h9a2xOqlz`F$mW13D$2Y)@`=A zHvro>R@(C zr9%O-W0ILum_gsZRw*uKxM6T4kBTHgJo>Ex0Yn zF@~J55i{oHoT(Xbp;}0$>4kcm?6WWvpCzeLpB9G|+?8n*$_f_}cXp?uThYL|hV?lS zOTN*lfml%LUK;-i&k!dhjX*-GdVPg@C(C&Q{ZRM(ihbhh95A7jCK!dAaZo{lyoAu{ z%&EoPG9CR!ag0Mfw$wR?6w$6ODV72d)0qS;*)#seXPo1X%n4$VvsJ$8<6zG|7H7L% zxhU?k?kJ_?$pDN^yQnF=#|E~kpxmnZpl?S|e3nRfyp{VKzE0By|1Dx%w&7{%6Ob;< zrq?AUwkRWRE(t-Sxe@Y#p}x`5fjYf$vVnTr7RlhWufOYh>6Y2txy8EI)1s6EcVQ`# z{Gs^t4D;!5o+DXsLhxLqi!2&S`ddrj@by=9MvaUh6rLraupl}fY;a$?gSmg?)txE$ zCRy2OEZfhu4DpTSS?cnJajeA(_7d5Rj;!?caMOL>CL}xUbrPH+@peFdT9f?r7GFhF zHBKLmz(3Cu|J3~Wr+e+D(QpNB?fI*I6UN?0#epCb`na5nUDh3isSh!x{KeV_1a>0b zV@k!jZrxrDgPL#U%VpaoKpS1}7eLl!6V>mskOG6(zTW+V>id&@P%u?q@7~sG7dN}R za1CP*vT1sK4OT%k-@#}ZjK1zpd6|{AWF99%4rT37*@6@X?Aj2m>io_ zZs`3!(8+_OF27e+dgiFL5jS)XU5(|k3faqBE9F^dD^iTad{=vU9X(n>$I!eeJfkL>idWN`j_QJOJhkdj>^x|;`;LjZA zeQ$TVpyz25jWTpN@v0Qu=W*ibx!!2wn3qmyI!!vY?$m2IRG0C5h)zH>LsOjY<7uDh z66<(a84JFE*|2os8_~OcO!{a3)LM2>&I(b^pZHTw^=-ljUt-wa44>@e)g*WKu3{UG zjlA%KP+k{&Ut%zb!v(uK3~{))+dAcMts#)nl>FT43-M@t+9n5MhmPuxrDYDs(m(JRE=w9K2B@-jF2Wbs>23 zuIqFm5QRPIgcs+^Lh4LsEmNY1Bbq*IiaE<-6EJN%4p`Pj=VAL+Y=olE>pA|X&7f}bgE%1`w|jwg((ecWC-;jvctf$L zf!8@h`eTToej28%fy#sIRO)TG2ViCq`Ug%ot*sKA0NBe{#9$&G%TU!Yrl*z1k>w>Y zeWH;^2plt5x9u4h+#;F3{hZ*2SV;77|2<;p)^*7bC(F9 zqfpNfLcCi>t!+Dc!5ym{Ds}4Y`eDTmiq}!`p8Lg)>St!6RyU$8UMCEZB8lofEI_QWNJ}a4s|2@K?)s z;J8M#A{}1mzJw!4dPV;hyQpW*tiAsMaeqVSW_Tc|Io zS<%euB@B@Hog)m@ZHE)wiP>jqt`N9uuCBG$)svZ?#w50cn~;+=9sY8NAf@0=B31;5 zN*5GMXn}~#uTRGyD=GYKkU!=fs95tPlzzMWL{}-{_snC>^`Bc`h(|ST8)fLZuW1Nn3(${*! zTmv{Ar30t}w4qGky{$SO(YGU5Q5vLfXxyLwChm|Jmu(YRitn_Xj<%pz5bfL~S_KV7 z(igEah*>&JI+q!uaq-$n8U?jZB8h!7T`q*<)+eYZ=YRui6Fe7IJ#~U|>Xp(ZXdtg% zO@c;$BlHMIKi*YmfEGbts5QgnoDjiC*|P*#3k~$`1s)c{K zg<&{-Ps9k6G0w;LWR28~X9Pw)M{HA$^W}}3MKuuEv&ppje`Dxn{ee77CWSWTj1d#aoaAut@6A-JKB`ama-H(uuV6rU_TjUeGZsw)X_ryjT^ z#g!Vl5o)VuRd= zbMO2OQ&QD5j$cJpZQnQr_5L0?%WJ*UrxMOuP9;kvJR6{UeF5S;h_luo39%pP-f~#2 zDm63gL-ieG|;+1AHCwM1`XoXxn|JFw|m8K z^x>5^{niVM3vCs>`xS1o7+Lq}$JS0dbFj7Zw&KivGr`#U9=yj^-a{jr6;)T%#0Wy5 zLqcGW=++|y97?6ZGGMzIn5Nl@zX0q@pS;4%OG9`yvaW-v)LAB5daVou>h2a#I2}D~ ziES@#_nOhe*Q10$!~^nlRPyw|5D0o>+&l0Ev}w704Gn=f)(489JMgC%ve9?o=keWk z?7**(EVI!)Gz3DRJn)vBTMje0gF_&e{tw4NjU>TdaryP?lwJWYT)}v9p(K!zF?{`F&cM{?JpbTDkcZ^P=8l4 z)#|7HhbRw0Y+T+NnoD70v~wzNb#jX6 zKJd!&Rm3SDMyDO0Ol;&azsc_@y}bK_uR_&RpkHy_UjisE*X>bo$=TW|bZj+Kf8#$> z%yC~7NQ-n=C}8OZ_#vtxQrF&tK*Ys)oI7o%z0dnZwRG1ZYH6r=kz8TJ8yVI8QFSK< z9+-&#IT7)nGoFVIk@FDu5b=d=H6VD&?MYzLOKuPL9f730`+LkA3Q-aNd0`?9<2~Nk zA5lkmN^{xD{z{F3+8$wTeu*aQ2_DZDCJUO4g^s|Ak&5Q3o<_G``3 zL}xe^+v#1p)mq$0p3csXy<%YS0T6$+E#A$lM?;)}A zAN<5dH?`HJOw6fG{?*?`SAEn|_c|#FVXyPH0`d15#Niqtsi(gyz>0JoS!9PVys8iS zb_6v3OG4vsa(~0eMVjho#klN%j&4k0cQnD`(ED$X^dc7C6B2_~yArc^yY4HnccT@b zO)zh^cH%wWZ0)x-|AAVGYMs6s0jXa@NWGPN3X0UhO7B3$oTpB3z~HZ?`v1e;sryl> zqm0+z=9N&l&TR)MOmI%s3o>8mSOQ^^Aor-7ieBCpkQ$Sc8s`s(#u3h^MnEl(K(Sv- z6dMzx@hD+xo7F|6lTtIcB}7nQRY~0?49P2XALug*IUDzS#-|W+fe|vC9ZB{+Cy)^7 zo*ZxRqZ$eIFv8S)Jx$HiJgVWNCkegi^WH#V!o3Ir2r5hlzc;WKUbH{VqG<5fQe=r; z{^0ip_QHNE!g+1**RmJkBt7`OfxWORwuns_{I%@G8w%Nd-^~~aYx7;VdovBMM-<}- zK!y=Z#@{J!C@%X!=Ca`&L;U`I%rP(pel_#^D;klkMo*&}K}KwljQDOJ-gndDV459B z@f`g7Bs+x;#j7Xl5r3vql&FrocUzfwL1`JivW7#MAW*wo)_Qkj z;Bc0FN5TRMgGWuF0Q*^=T0_7QF?@uGawN_3$;n;r$ikRWT8TPrBz;~6d(M8D3e}<+qz18 z#3({42*SGE6=f=L_GMS|1OA89Y;U8Dr=1m37LS}de>_VGEYKRK;X-AVdMFl&V3?30 zMI;Ofhn}Ho==80}ScWuTW~+Xn4VVk&8vavX7e&>rq*U&YT^-Yx=(EjO;SWolCc0?K z#8voK(6vX6bJ)_lfAAWa0)Ys7Rjb||71|`E{c8pVHY48);Qe;U4o3b)V&uE?!>~ssl1H{XoTpY4vvhUOb8kf2P(dWs~ZDa=TI?Gag? z9BF_aP0hsczbO6}zYt*UjEp)kuRLo5Ph`@-A~bqiHnuO1hV2g#wwwMO!d^HHe$OGz zv*W|8l4qGQG%6+ASlY62`wgSv_QQnRYa`)y3o?#p@RENo9vR1<^_6igUQY~LtwzZ{ zDUQsd5L1D~AMa$=%qCRpRkeX37F0VIk+Q3GSkBig(ziXo-!t0$e#b>SGS@{;x~5rUac-`a%~i8$)IxX^LS0vED2&?MAh-&(MyrEru2$YS5?YNSNG$_~QBc zlz%TC@x`Ah@ufQMK49@#SPCuJMI06+`Pi0e;<2wCiEK8im#OYOsIYvsf@;s};Swq= zZ&s&JciWVjsq=Y=pLh4!A1u?2Wtam{Fv{I;`Ei$_=-AHc;?#~EFKt%u(st~qemQz* zRnLn%)SbBF8dv$@?roJ~6fIjOv#IVwkTdIKC!tK2$fwz;b;wqU| zQI#JpKXU9&Ii!a$r1D-lp7O)^?Hq~hUqaa3*=lr}1!TK^wEH@)lnvpBVJrhJD=_G_ zHecGD>fX_Aw2j*4u^rt#@*T5?KRaZjyrp{&j9Zkyb=hj`WOuK;Ln_?n$?lykvrPrT zTbn4Bj$}=36xyCCHBn9&YU5^iC!ZR(Hb1Z_YJhcjLi=0mv^P(dpE%jwy<*lOhue)N zTG|b9N*1NnHT-dx=x`amT*9AwtUo)=8veQ)wY`_~M&S}YZEaRRj_k_aeWgaD4SS5~ zcyjEP?%kO7cD=K@e3h2PP29N$i$rB@nPfX4YoWb2i943>Tx*#Mrz{t0Mhlcp-B};l zH}*EowMMhOTr)45z}>CgJ!K@um4DvRz2CfA0m?YxrMi1Z(ad*N(B3^%K@2Fv8>n8e ziaWc3`+`Xjp~l!fl{yf#%o)M))@JvPPP-INZFb-6ez0sdn~ml&7Nug%Yy#CZ%tCv! zd#^xopB5hWJn=M9odbz=?-A|x>EHdp^Kth+8h;B&Dg!+=z_Z!CyJpl^I;b`eY!~tO zttPnO0qn{e&Ej&=Tmy-qn+jujCyaHa3gKrrib$^^muThcW_f4#9;4H4EUR1HTPvWe zyNjLGHL$crdq67RKqh6gSvP7lZTIpWrfQmcb!)9E+HXvYx4qFpMIeeWFTfH zH0#t_5z~EF)3}1E5`Tg`?V3&%bZ}9GDH(Fd+AQzz}Sf^ zx?fgqx7S*S4;{ko*38;^yNqhijpoXs&F+KrCJz8_E+cC$rl*bRxD)rok41Fg^PXm@ z;Ax)jsOBG+&6CnY#Et{w%SX(xVMUt>Q?E9%@lDjRlRub~; zTK6`yet8qc5W05?Q3C!2DN=QCFh_g2Z8TR*h$axu{TLKTtIbOY$gIS2yLuc3{HjKm zi*z|fmzU^Lr^^TFa*ZzkmM$N`rPJN#YN<}SmU#)dHQ(Ii_PTotWwUT8Tmg-5a=YEV zNbl{qM?G}+S>h{fRW=BNLb=D@Ct!CTL5JWhsV;Xn!1|S+VaELukST@@y83aLL1dbutMXH2k{@gy^H#> zUa#_^`Ed0?TF&>;<@*UC-$R!lqsyo0^0RdLX}bI>U4EG^pQFp~(dEzS@&&s56J7qE zE_>nTUfoTXH_+uFx;##oN9huyON1`(qRTtza)K^L>GB+1o}tSMU5a#R)8z%ayoWCD zrpx>2@?N^UOqY+)6Jm&Q}pL?y4)4Q9U6|yXf*Qbomfn4$*)P(uGw~);{-W_;VLsPJ+~#?5lq_jbDFF zm)$rIuI{AE@8P7d`rCB5m0tcQQue#Mi7hDKpb#L$7#qwN*O(_Zm>)Kn7dDs=Hkb!C znEp4I_BWXBH<;!(nBF&-);E~WH<-pZn7%idwl|orH<+e3n4UM7mN%G=H<*Sun0_~y zb~l)AH<)HOm|i!SRyUYVH<(5@m_9d{HaD0qH<%_jm>xHn7B`pmCx6EDtZ!pDYhQNWWMfK1f25<>9x|FP4XgNj$PV&^s<{h)rs#4^e%tBZ?bKFDSa$D5@n^Ajh8834(56Jb zC-gMu9nz%vF0|X#e4}P7zYM0J`dFNS0%_x4w4sEVco#OkhJHYgR!AEAPgJdA)^A zgS>0+<;!=Jce3?S+22yx4%N!W?jj_sW`~3_%f&qohxTJ*2R9OdPP{`l)fIEUeXO?i z25hU_{{wjZkJm%hAHaLVj?|exjqV-RF8`M9?V>RF?F%R8PtkVUHm}gOz{G9`Hk0c2 zp;egi7D3i%yt~ide@gVxY))0bAFs)(=w2*Ze@D8PWFqQRHg%hmKY;w;ZZ>wMzqod5}nb8PvT-g zNKcOu(wXgm6n+fDAzcj!X?2W{9@+*-!@3`&UmpJUm7? zlcT~JKuZcI{iyeufRLUWBc!QOAq~Q*fYcAx7XrdsA0w>kQDF@>t3G`C-hhy9j1khq z+XHEAxb*#aKuA9}Mo8bbJ&@|dA^q`ykp9OpLi+YmAq~c>MujyP zr}}8We-RMUKOG~a?;I7B=_LGaj7InM+Gm@OP0=)ZaU~54&{>pp`02cl*dMea=I7Fs?l5>4p}ZB zWOHML?D(jV&GbSB|L0Iz*VDtHTMh`_KN}--Cq{*?kI-zupQP*~Sk?o=c6p4jog4t$ z2OoQ22mdqBTSD)hLVM*4myOEW@QM6DKw!UdjKH260PH{*`)$=}BEursBupVI9AGdU z*6#@j>vxS2*3+ZH+DD`^(S|Q;VUjxGh>!8*zXXKxC&mcnnNgwaBT~umJ$(LtHy~uc zHAcwJjtW^nQw!7TYNyr?Q%b2YIaCdY^zQ;f`qyKGba7NjGkqivLu#}+qK$l5!i8D| zZY*KCKOE!-lfm?zeRywN`p&sgL5}x=OtI7sfQJKlC?Jpr#|Y&4QGwKYfh=-re1w7{ zP-ZxU3jraVA0vcMj|yQQtz1kYCUZD=g@E8)93yzoj0#>K;kw!=`fP(=3JBSYV}xvJ z43MoADbLC<&&Ll3gluz+kUcvpWZ_<>yAmseTTP#7`+Y)q z;Zygs0ipZpF+%tJsL&nnox0XqrFaMtzG0z?hY?y>haY;lwPqG7B`dRrk6H0^0b&2W zF~a`OMuokP1B39(4!$P-Q$RTX{yO12hVT#Rv3qe;IHSFD3_;0p(~CNy4Q~kT^|u+r#Ru9C}DWO4JXp~1O)Wm*9qtoh|ID?%!!ZPIx3Ma_R1J! zh6q!NfG|hn2xu#9EAqu@X$@Cejo~^_bxjqh~xh6s?-a$PLc8q mtROh3yFWm*&eTc#)872LO{2S~Ncl8G9_5piIHr@I`Tqf>>Q7Pt literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/.doctrees/remote-flow.doctree b/ia-terms-updates/en/.doctrees/remote-flow.doctree new file mode 100644 index 0000000000000000000000000000000000000000..3961f4933ce77fe2ff0b4e55e88d10a1f122494b GIT binary patch literal 179315 zcmeFa37lM4c_(UHo7FbRHnuP}hKr1CsZmw$-D(-zw0e+aN^L^+0zVn^$e9PMoy#JH8-F_SWS3OcHq}<$k)J`OF z`Giy2tlpW($17PUSKfTz=813Fe17wI^>EQ%E9EQ2xU*Tk4K3m+H}E<)(ZQj3K5KlRI#7M3c;>b(J{yfjpIeNzeeG>OfPWwQ+S@+7nL6~`X6kTt|D3Z< zqc&;%ZJRW!>cN7IDU>%;cbAszYMWgy7u}^w86eP<_qmA@rdK@_&)B6B9^&@{IXlaL zyE9QKcz-O}@s*;p%-S4Y&t^`S3O0dyXQAknoZ_mpS*ac>+e!LjGu4(ln%Y-A98+k* zUk4?2j^SykgMiKF#E)3QS$1=7+0Exl(PF8*S>2y;bI#_(fyxqqetD^~R4Th=pfI1) z+A8b=dyhn;)?1c}Z?Uirr%zj{ayHY}W?9zjmx>)vw@LKv!(08U1MD?_dv8_z#gPXP zx`DOS%YmxYD}elm@$V7*do}*O2BK#kPO`OhK+6Sm#$LR`?T_VWhDJQ-XapU>iTP!zgCmp~TjdtLF z?5|SCXg(Hqi}8#TOBNj`7h@k}?cz$bw3;MDoL+Mi<RR9`Fyakfg-XtwdDC?$I*C}uDVLpMWIbRJ#41dwb$+S|?i=?P3h{UA00g4` zi8`qF55Ad-J-?ZBl)a@n<#8P|gJ$rfA-j8S%S5D=D|v#wX1QrWho^s#S1Y&cdapUYbb8x7Dh z;S@{sRo1a``5gWcE4!<%6a`mzZv-V?-Vr2Ts`u4G9xN^H4Mbis2zd^qhKIbNOvWmw z9Lrg^vxSUPV#u>0Zxe*Pa>^}vs3VDMVH2^kj-4x8<-E1TFcy&*bJ_$U-&>v9*^W0A zqTU-0QP^w)sq8)tQHQGs%XTs8csn;F>@aW^n;svDjE#=a)=@5$PIq+V3r@~WL~~BL zqf~IPW$_1*We3CqV#((sU9rwcPk)rlf7+m>;Hw_Wy9sKE8Hs&Ef26h$Y^hA*^>1-d zl5-!!X7h3hA~9jL4c$7}_~RIV;&yB%A6G)=ssMGEV10DvVl3;FZ3s`hRk#_@kIp)A zhKSy1mnnd%_X7cO!a$^002A{;G;FB%j}{AR65jfyK2v?BHJsE=NFwJ!9XSRzVg@$G z)WXI_b5J)nwu_T~A5I=pIMHYb`Wc4OFr!*M>a~igR)Tc4kDvZciJw>0#ZQXxbKz`c zXvjmw+S*#wPJ%I#`PHZk-f*$=c0hr%E17b~vI~LI0a=sB^L%k5#vf!d$z)8apE0{q zPUVZx_ncC!Gg?S2`w(>?lZ@E5h7%xbT zqe?lGlC&>k?kuW>+-Lbz46F=Etz;`(KcAMw%dsusWt$R}Cg9gT6x51u2rs(+p;{Pt zG3DyE@#0C=N9*EcK9F9vDM|ct0kjCPAn($tjQ3#YV6M!M8hrj~a|9K2V$jj2JjkEfjUIsTf$<7N_v; zBwik`i|?>b-^$Q*vxe2cZc`Y&_92HhQ+FgA7D_LhwuvR$rQk zg0MmFcSr}J2}x`mZy6iC+r>t22yFB=!3MqGF>LfIY@Dczjd~Jf+h@6fXzgiE$p=k> znCCgwLgN?ziEf(`L_gED*TqXc39`*o%m7Xx?5a~)QWZ~VIB9%}p+0tyO1x9d>*``- znKX~l@sXifk4c!mldI9ivkna|?4F&%glu6#mgI>SH}a z)90fXV$tr-E*vKN2BMu^(az3+9{M>tb=HTP0}k%JN*c$g2Of(&D;192n2r=CC+i|+ zh7fc9ie^6~V{^HP>tv@Gb)E8ZG+#`1;HsvBtmqwyqP<*>(DO(-UveU8+}cFeoTZ4J zNs`4dl`Z*@urIx)TMEUW9sA`uX{SE(YLIO?ZVSTXVRQ3lETTr3fDo z<2nqas>>Ls#fXKw(sU)J))6(8`2nV62)#bs@!jfWm0W+WnZ za5fSp-E~p&MncIn?mNdvdM^);dpN0Q#psQ!Iz@NcwU;tZBo5~QLK0!CRI1pxcVsuC zT|GfJqiwv;-qpCPp~HOY;p2kD$BxWIVxp%mCf-Dtm>r3nzp`~1UUD*YPqXTPh)VHH zzC@$~(H-gP^ijsaQi5J+c<`QhI8ZbZnkl(hZ!`~yiQc-H;Kmd|6Bk<~3FZ}+!$uFu zUSh=1-5Ep-hb1u-G#nTYJv5B9L<;q1AVKfbK~MdZ@1mT^{Mqs8i>o2d#8BySSaN8n znPtWUxb|M{Cb)xuK3H<|g;o6&>^{f@Czz);}c9uB%B6%wcx*T1P!yQf%m6Y?* z<$NWFS%7dmbQ+2{Xm00{4s!M*Zx3kNyF**8mTC=fSVcf?J!0g#J`r=$|C$ z&kxN^dJxx2RHlJ~Zqs%#8-YWnoe3h}{q$OcO#bab(q!aMRtA+2o~{dFH$gZ(G(UGv z6FKDFKofKlN+$5xLwQ zApsWYY-oryWLRf!kN~@f<3S3#PTl4h^v;7Fz18y#3>;U&_jFzOo?-Bfk7&DZ9ik+= z5mPead8m_hREzy|Ii)SA{M!SeuRaKj_UjBIA$g`QB>W6P(kn7Ke_<{%Gdg=QGI#Z& zW+bSEOkyny-!T`ys5niP3Q!rHNO_~+FwHS&1@Gr8NMErpSZfXJdhb0nsB`r;<|J|Q zhPpUe^{97fZf=x#9V{LhzA!#IH5VaVg=TkV660XQkBJmW&Ei4ZnB zI(z(l|48j;+6Nlinl|+CH!I1gi4X2hplT0 zTRT5PiL^6yk#?4lHsY+hamN~_IFdk&6~KNBU&?Ks>A(s09SeK#DI0h5R}ucsyTlUD zE&1F-gOWY?QZ7`8VI_pabs>B^LCBF0;@Bd19f`PIDDYm$7!P!H@V~IMr#Z(EwWsV- z>NKoGz!zZ%hk``LDf*CeSbeF{i1E-vODTXlnxkc#)0Idasf$#HkUBX%qM3t&U2Vx5 zSUCQ6cXsziI{P{(dJB%K1?Iw1xrjg(Xu*CY0XvCYA_zb9TqCLd;%^T>j-;mD zotDJZSY1pZl*o!*=^2j9&iF`Zt%sds=4LwZ%D-D3TI-2NN(ckN9mC_Jk!fb!iwq0Bauz`@FzLp*(aysOnZaErfa*h&1<8?8Fh)NJGGxeJ~1~>ofszQ)r zir_7}CD5B`Ad0tj)r6PVe$5Aw^QMqS7B822qI#(#h3K`8Vg;vyVh3G2;MyYLihByg z%SHIg1UwTTU)9zfho#?f9?@0wu% zSz`c*@5lF=&tybd`b`)iD5y;8Y?xL0jcAiPn!ZXu5R;pFg3SxTR(G!XTiL&3PT@zJwJ27T1z2Xi~U9SSO~+@ z?TFTl!{QmO>7_Jm%od{a>{Z*%(AA5D5M;#at>rR#I}w#2e^ck6P@D^a;tb(d;T3_m z3fq;XbQUjF+}b-v97u%(Arb+JKo|lTiyVQ_)d(q-61}uRZZIM_7FSL!;K#OzImChK zWW6;hRSJcC5fP3Ej9kuVuzJ)T=Mak)vvgYG_m-H8!t+~zre>sU;`wd^&)}rHmMSE* zVi^}gKxQ;Z9q?G~FujT4+B2)Yt}eH?&*H|@8evC-_V&8CmGo{~=jP@v0;vhNNThtc zr?dNnmC5rhhk{E9`$GDT=dfhBN_>)`-Jpi_`v9{P0|%i*<#S1WVn=)vlM8p3HeD56 zn*Lx21b%=9Jeqz#et`M!tzOwJSknANBx%O@j zOO<};a%~Dc_Z~b{Jh#%`K3vR~O06vLr5S4&+WVZz&4)2C1y9J5SppjT)%}us)}) z#YJv$i@Ax##gq6`aA^$oTmFDFI;Z9x#-Vn13P+PdBABQGMnhwncU$Qhc3}}A#w!D-B)*L%( z4dWU!2Ms9$*nl3c5g7uk>D(P`vXEi9eAxp7YA~G}O5%KB(_{cf!d+&GA|T(0Ny0*< z52?-O*M9e{O&7PZ{zc7MP?OZAA;s^*7FiSh-4e z314+T+14KnOrQ#cP6E^!HXnAI!-t1^W76fG8WMPeyJ%CfODjSUlpG6OgPRp@2B8@i z@<0S~f0%L()0f6U*gQ0&$;rm}da`XG7(~pWWHEhC)7nT93#IPKwo}0$3iFGh9Rf9O zj%R$srH`a8W1f&$IEZ>{Dz@Gs@2Zj{n_~i}wgo<#7#gE#`Xs+flY*6#iliL3XpJ)p zf!3+-GQ7LmDX_)Jl=6C?f^bCRi`+WJb__O_lX$XiFc?!DC44M~X?rPO5oB12$C0~h z8Kwn`E~aV26bF4dcM}tu{!I#pn?n{aM$kEX)lD+1v^Xb1^ErZKUs+1SL`l{H%@*ca zwm@`uGj*W=tHn$AbE^gH2RDB@O6|M{vuJisHC6EkpmyGkuL2Xh39GJVSUAj@n&|(b zAoSm2YGJ^NJtkJ{IF{_(PJ!T^%%5OO0ct)3uQw2LM$_S|FEOONG(H?wTCvwnC+nv1 z;VMdy98J@R%<^!@Nz3bi&m-M|m&*8a#J4}n3EZXW;a(4Cc4G>M7Z-(&F9$!s{`Q8Q z+l^t58jveBPR`*z4FTe%H=*S%Oy~fU+g=|*t8u?Z4CY~6kf1h? z?mx)*#*~O#<-w1I=Rq2liRagbF+wz+F7^-2Mj>UzVfD=W`g2>D;97(8+in^?yjkz$ z5`A$C7ThVUc$xtP8Z$p@)Yx{KPG0Rui;If#)HCnvzuCg% zUlw3X@_O7!s`zhPnBC`Js3t5w3R~Ipk$pD(eL&VW_WWN*u6;=1VAU&(FkD>Rv!Ia? z^Omrn1?;yEAMp0ueOPIa-X6i5(vrE?Zbt`yE$c7TafpWA%6=O(N`beZ2+{+y ze+$z(A1tW1Vh{Ev5;XbNPJ8FJ0Ls+PTA&+)vmNrewguo`P7*4>^xb%thZYx^Wn2=> zK1xfj>@=Az%;P<@H{MD{b`PBGQ{7v)fRMW^&#dpCODj7ZQi!Ktf$_J#!&QGR$bR&K zyiy2|?jHee&G?;<1cuEsyNRwxun+|wUo z12x|Hg!fmFk@io67VbrKPZU76{|7KebPN0LiynHlv;0~J(lw2GNP?gK;`WHEFNnCB z-p~as*`Ihzw#7abBL1vpL?Hit`m5VQ#KPk^=>*|o@6r)2@y4ZNz~X;HE&d)J#RYrw z%Uf?-`RA4i9wiRaU*8tNSHCTY+P^s$$A$^G`mMLZ#2Ard`?)nHqeSCN54L(sjPeiZ zHhk5Rid`si}%Oq1)|xF2~QFA+J!l@0Q3#n9M5)mtua%pOoBHDp};kyTF;)A*ApchG`!%F`rxvgq|APS z0U|03Ud`*2s&KdPCQJfRWxOAM0mC?j8lbo%#a*)kK`|gbCh#rm=UJ!mu_$EN)!F$N z6*ja^!?7}%J8i{rx8W4|BVOdo3u2^TSQL-Tl`Gi{&k7*^=s$vWN*2g zNENP~y%FoVxUe!DU%Tjb_Lci)M^@*rrzf4|{KW8hch|Y{;F=ZmXZ!5Y!u3-Un;madN1~`Pv(|}>|$kfVYz#1Dw8bd&yN#eFO4U!jn0msI@??^JuqTl7`+|kPF+3WTxd*sZim22rU)1#yA zMLRKHJa^VzyO2JW?H-#hV13>GJqmtmpDYyT8!8HZgaj zw`ZYp_VQULH@liopWC=JYLCy`SLeD?mxtZrTyOW4-YXb1w$$A@+!e8V2U1g)W@oyu z3{S0hpPlI+pS+qcE~PG??-?z|?U~ui_}b*z&g@WfCFzWws@SQawZY=d;DzMc_3Ib< z&iD48?T($jJe?|4CTF|WC(q5CTRLl>yO51^&23znyy4EB9iAz7r^?q8efH(CYd7Z4 z_Rsa4cPgc;r*bi8<9e#Qr)zrfa@W;MOEYtwYfkRM)Y!oCjZ;Ihsh&do!nI-heECeW zdn~dxSXv!izcD!2KXPMg+Fh9(C{5UvGiNU@k7knT#PnQ#WND;0(>cD9xKK=G*2dx! zBX-a71>0HaP0e;+ip9>1uAJ&CPR*R#IG31QPmQN%ktErTkJ>j@C*hxb@p?R&IE(x? z*CHF4a@YC!p~3mNwYjeR#rcJ7S7f@^DUS4=?Ve00H?G-zG51W@(rl!7=Z4d(k*WU9$c-~AL)lE{#KNV)`H|`A@oZvb^2$o)l$%Rj&J^Y|Q&(@y zm*>i}vF_yP{Pk>KDm8DfX9h0Cr!UQw)4e@Y@zjjleYVg$Hgna@ER|R7p)2LC<bdh%=VF%!*4ERBzTrYH7FifCudiPzT)tl1Sed*4 zhDT}M;hE{KtLHLTQ&(>E%}ivLCf!q)E17{x@y5#aVqs-%wDbD<^yQxXTxUMlvwUV? zayYYgHPbhDd3|POKJ8?NFJ@M6jE#c{rjl-U;e2K}nTwPzB=d=h#6YER_3VV3a@P7v z^H)b_1_s7Dr`)UAYxa04m*}}Rxmvisnj07&TAr#Dk{7c#((B`W@s*9UQ?c>$nLM=Zqt27lsZjcrY#hz1{Ib~ zpTi%X4$)BQsUF1U2xs%nh2Npmi^w3gw;}CqNP8R7-iEZdA-&KyBzF89qy6A$dKf=o z>W4=!a!JuaP&*D)?+@CuVY(dH9SOkNKMUo`e4l)Dkr@ebM5eQrX_4k|xZ zHQ4vlnF@8m*?|hjZGNI+01i>-Cnl&@d0H0xpFd7_VGfQ%2~_-b5jln6SI0&)4+}~u zrI4yZh8*H3zv|{Ih_!QBGIdsEn#Xc3v0w{!Y^K0o1dz}%T%DMAZvchvH-|vCX(C6Z z6onW@0SDOBwe{!e6zCvbP8Rc(Ld`2mYH|p=3`N1zysVoDpn4}hVMpT4i8iu?ypLAu zX!8N(N`C}xC%S9;z_bp)RAwh?Cv~{GuZUbLK_-C%IE@!KYF?Qp zxP$HO_cj;BA3h9;hmH^u$k?d@HZnWVkF zTOi(-=HUQqAf@o_T^`Dh914x{yU>)~@ETzi^c0RwI$2jSoSX=ZzPERK!@Z`};TkW1 zxxy&@kiL^mvN2tV6+Xb4Hbw3@NqQFcC1N5Fua&oK7Wc(|qX1;8l>vE<#IE^D5f)UD zHo=ITQ=)wbdsMRg=@5uDv4!#w=_gyoR^#Om{BQ?H>{clGCGG7!oRWL-gAr^kDWioV zP!U;d;H{%3B!j_LJWCe6+?0HCGH}EYi=inTMk9 z1=h4Feg8Vqw?U{fqTYzEl$nZn@T_>WWk$6(zJ z3|}cW?DN>@=R%-GaQ)9PT===3o(6C|W~YYh_lEn8T^bHpP{R#)!~O9t4F_zi;ZAwO z{lhK|Cs&oUfkAJ$+mXQ~q`t@3t}$_%)Q^fV>CXb5X3DYD_gK?r(sJQbo)LMq(C7pgGbLZeWMgdDh$@2 z{DPj-X}#avZ7Nix=80i!?2`_uE<5EJVYsJh6+-tNi0*7bVfB*0hv4kKRAXV zio9q!xO<{R(1ywnrKjDYq?HmyTJi&2G9z^YB}?F?Vd8eiNJId%iG&s`A5VlQ<74@F zPFhQd#pk*9GL*Okr_N-GgU>ZCifcY3*36^5S25Z%_0|UhmsB#!y=-ieCyuAzRKof3 z@RUpgGd22$BqDffk6V&fYVc)*PltCTJrx2!B6?fl$I#8hav8%PF^JF$!U~SwKEE4N zXdb=&#@!fpt5KS{EllPhXZXgHu$@?hw{2lk@44k9jS>Z%Qd`-nP|hp;Fp$vFPStpT z?dxfWU^3{$e#WGq?+gZm7QK^#@eY*yQ{aC(#A*tC>{AS8(h0O<5j|`zkt6DXrGGR$ z`aZ#$Hrwc{&(N{Rx6ArcDw;WJ%rlfa>~Fgth1uU^m}z|UGgTne8B70%Rxz{Ng!NJo zkFZvCNh?tReW8g*Uz)+{>mjfp=<6RC=ze{lp8EBDB4{}mYTu=qtPUIwt)%h+8zazM zA=F7r|6TYM`Wx1?8SO5NKuHZEUyV%$sM9&qIgQO#B?w{1f9PVAoh>jK z7)zZdkNGU=2jy}@5c%~AlsYK7GJ=q6KYk7qUqat&mi{d$%@ow%N|EwD2G339!9(&U zBMmdmcPT2@k+E>2#p|;v??qA{hqjGPPe2}H^khclY-jsy4?&+owW6V!>Un1S%h(v8 zW^tmg-@>GYzI4H}PlGgC&4hhNmuAEM@4Gdi1fHqTnicz{ZJ||Y4q@Y!GfCqOAdSCZcnP&_ z{uyi9j71g>2o+jdaz$O5^H*j`_=|{kCijV7eA@m|5lc4eyX$2vFX0JsqKgXj`wj~3gOWcodX zD1<06_PP*cZPF@gex{G(tB{r+POFWXVf!i`9mvJ)TbI132@qe}mC+qt+MUsK2rLNk zHNimli!XW_B);Tam^9IDjqFwjY>Ys2g-~ELeU42tlr$M-O`A!R>Td>ZxPqWKpA%yu zp}9!ftSWI7k%k(@Z>2wpmM&SlC!)l|c^;vsC4Lt211>4>QDcdP19~CF6_+(sC?c2a zfMcTkoeLk_5$dp}|8ieK3f-lp%?B(ILSh zoDF6~`E6+gGPgldVl61~K6NEdXRM;YaaqWlmH)Gj@mt6krNoM+*UHCEC`P%Jr>JQD z7eg$)xt^#XoBl$p>$%%B|2Sw~xx?p1U=}^VdRP zM=-{pFqHWBIeHqf&vomD=WfmL{ExdeptR@E1iLlM&B41utLd#lC=b+ZK<()K;BE~l zmzNEw9ktq99k4O2n#_PA!RfECl@Fyl`~hp)Ot>xlh&qVq{t`w?tzhYf@-MO?5y>ra z8qw-BkoXHqgsKV`h)-to85F(A=YkCG#t`)m9sF>@^$~t&Camw8IwR^kunPm4F2px{ zXz@P?QyiH}RE|P8)%wp>p1+}2S0Z34QESYFE<=tfG=M4e4SXVILsn~~RP2b}5FPqf5 zwZ8(2obVp*hINAN9e5<|1_8RAZlLVe43z&{2!seO_)&%hzivlQgLFIHXwt12O@3hu z1Nuv7)EiU6&y*j{Zt|P0j@fwqOaeI%0{H|(O(^B(W2|XYR{suSb!M}Kagv7!G+AFzY|vo@rF7g->56dGNz_AN6X#mavdVo}YN zn!rl^O{*)_m=uhSt8vrY;AV{p@Hn{oO{@DUM09iF4hpmT9v(aQu7EJR>Jb?iT8dCT z+uWv|dIXs+wSrCG#lQCAd8bk*s0#GLzS=;$=d@?lhotRaZ5gVTpgbTpYND3tk-M88 ztKNu#ftH8R)F@XyG3^gL{)yV%Ph`p#n;>HWz2G6+?Z} zIFR*OgE+$E=t~;q_{e497&|^fx-C1rkRxIWgr0+K;1|8Q8evxN+b1qac9 zaC9iOF{KG11}xfjSJP>n(^Yj|nCMnBbws#d@fe{BSh5f!FVBc-EjPFxDvC^o3Gv z!qLzQo6H$(LTL!r>>|~B*24FzzfW??XJMe=8u$ls>Y_W=`T|dwl-msJ!bx7QVrqI0 zlo!ubNX-CgbG=5RY;X!EcV`_Jz;UAII!T$O36-=*~DSB zj=>bfnlw>QfiVO2U(Aq#lV7ahDF(P6f?v&j;u;tr%UHLuj=q968n37fV5Bu=H4SOu zBsLdRIavbL1}O({WeC_z+Qcrw-Wi*>>16CxZa&!-(2e1#YaN#k6ek$3wc#W$HiLw4 zufw*-)HiYKDj3yT6o0dd>uRHy20xRH+mvNgzXTFju5{$ED3dEIk%7a*B6H*5#b7(q zxJO;|wwb55hc!=Ve;XqLQzP1rGx2waAS$6B(a>xYSmE{*r5x|(a`_>L6hDFz^%*Co z1fMR=Ut%n;+zNwL!;ggk{RhzooS{IU+);}01DF0NhLgEKs`u3rlmzG=KdE^=eQpa- zA=$8!GMvC#*=FCQi4LE@s16OmZ#Ean<%_8FjpLfsIwiju915ki=y)b~mLBP}1bGK~ zQZW8T2ppM`G-1F9B7BLcZ5vz4hNUre?ko|Ys_WDb($H1`bCL`qxRn^`8{W5LSZvD4Num5LFEJf|Ef z$;+ICn{>-|CQ>R>ed#1dtw1HV@uS1&?AS>@f;5)KNXC_7O4Y|0&$1Slb!@c|E9Y07 z+%fjxIscbgm|5$5Nj1m4dvoJ+bjmA|o1b#PY0&uVN{I+vx1YA;LrR!@j6aRxC=y$> zQE0TJO_dtZf5%2=yZibDjQo*!+;ggzgTbFZCt!S@{d``5#$tD4`K2^mXkz5v4Fydb zG8j*MPylweYQ~)xZA(TU%XX&Zv^_7_V2`?vDZ1RFE>5X}q_;&~N;H0@ ziD;}I0B^>f&F`wdH035!NKu|D$LwOVvfh^5*4L-eY& z%86w|m>L>p^$Z=yDv!koPjo0Z-zKdTmJYonwB>U@nwpl+Z}%w=3za}m2v!O*UW9cEr)o7} z;jS$Rg7yz09@wEEp+P9;ugsB!sf~RstwxAb6gGd~`5z}0kyJvQAtMZm@!FS=Sv%DLK6Gd&~5Nb>Nkl>4cXclJ3K0@>nLc!Yu6*sNl%%X_gdLm|Erz7bEe zrcEzQLuBDxMo$9X;4GXeGzgiMDG>qy6YTc^Y&*nP2H4(iDfdHt#}l`YPlo7KWZ@LV zbvy1N;ssZK>1ic7ZC|j4}idWSXYflH3+Qn077fo#x`=ey`9|C zgSFZ;W-B(31FV&YzDx-8iLE0Q0%j9a9|WeH5MK#QEwQFeS+VMo^^jGmQ8*OmRf ziv^Q*uEc8;T1h7dKMx9OMyMmPr@^$GwV8QX<1*O6Nu_DBx!hWlQrpjWhFD&6&Hgpk z?Auyhv)!g{Bv;TBA8|DtxB-0%Qx~LuU+pIz-T!z9#0a|oWC(1SIQ$TB_`@N-5_JD@ z*0dSjFRa1j<&nPBnq&+jvtF5-LeeS2u@4)O%(BG^+;7lAjgm@+ZpO)xom^iX_+hcI zf1U+|F-ow;wOq_oVNkNl^1BbHuq@{nCB#v8?wEm=@QckV*t1M*ZG0xegeGRQxX8YX zTGJS=xaO9ehFy4OJO+==VwTBLDokVQej5G?i49!blGi^ooWXgDGA?NMYWkM?x)v6| zBepLwVl#KRLjoeXx9tOb-WR{czG%F^h+U03XS>>dT57M0ph25u;`-VahJD8^Kvj*Q zZj9=G+ycy94T&#^ez!BjgGZXH%YI^5+I>!G3=*=^)-sYL_69x*4{iZiU7zD*-*`hZ zrS*p)t-r{as4>48(z@{ghCbK0sqlg4R;c<-gM8p04LBvHkK!__p4+=L{idD}ZtuDS zS9MvIes1WMA+HgFZV_ArR_QkqxW{G%uaJsc-6^Q!_{|zl=|a;XD9fab9|UDcoWX|u zM?kGK5mvudcpm2iiuvPiwETK* zQCo&Z&!5XXbK@|P$Y&AshY%u^{mBa_TzL4+j160ZU7gq(XpCvPJGHu_oxXGvV{~1& zmM^ZHws7wlnRVhQFrM%=ni1E4$IlPVoUmT6C=C_8i_7r{q8H2gB6$RL;7|HT<3>~E zZ01pM-5u$Rc1OFOUW{27f!%+z2b}rHxBb;k5a9{;JX1ZgX z%0ya1ea&3YY8OS-@4rP?M(%|RyG1wxEyuwQ-vz{`4peti!(vr0wG9sn1jg zx6CAZF-t*!A6HWT_1ob-zQVHhV0DgompCTe8}=RB75L?9O?@f1 z=nsPP^vK#;N`Dz3+aB0*Ev3I}vN*J92TN`zX@HnPg5qdw}fS4}xCUew0=?dc}gjA^U)~swIrcTojz?v zqaFC4n}sKGsY7IYD#orCW3=-}ORGudFMS&AS(WM2R$u31{1Gb?e%j(y!rR(R4Nq!f z(jTe159aXA>T8+~x0#B;L)uPTgaXp4CIQ)f_(SA+bFI=3i4`d;iuM`|KO5wms-kjsu0us5?Jd*DFPJo#pSCF}U5 z3WB^`*heE)r9gXjci&?tkUIgP;qaoPj0%Y0rV=*EJg(%HYy?o?1u_?`Iq0}%TvefB zgE^M4Td#zZE5SFUqg1ft4(<5ZA=v!LHIM4>;3aEa(;LeKV(J8#VbRIL%N##&skW3s z)E*M8Sg0bzEBhpDlBx;1ilX>67kwaa!%~SIW4YR3h@JEW5_9mlrGwJ`IfxYRWHZGU z6qvu$$rezO$SrBuuRd50?Q+LDS_2RR+w1>I6M`Y#VxFdVG)+?>-D2TBtoh!$)~u_N z(0t8W(P{oY(0iVtxBd=CD{+pmgtW)&8<{s;^%2945s{XXgos)3tR-eckTVb9@EV2* zqoJ^rg?-+wfOH%-QU{%^QSPl-o=I{z<-}LWERi6i36zEMh9utBK2qp^8<5n@vreQJ zdY+qy?h*Djgbr4GP;zF#@iKvrW!%5-iq*RTtx) z10rFkFs?v?km4ZIyZ94rQSBUlincCN{Ht|bd?!CRAw(D-U~=dxC9rWRTTK=dfaFou z86M_y9=8Xx?DhZxIsvZ%%?qG_NnX6QYH6KUKOge#8uo)8>k9y@*= z0!uQFpJN^c$IPXK(U7h;WjYV8#Ytg+D6l1pNXs7!8(B8J0b zOfE$!gi;9ics{@4A|Jk8T!9FNy?k+z?Pv}h(1`LE7tbL=bvl>XpnP6TYSI91i5VWm zINTg12c_g-;@(vyO7ffwcpu0>#_nVJl`j8Yq>WG(ekuYfjT=Py1t$)zlx}dnO^CJ; z5kAQPXMG4xB^HLp?3S3@sDoY5v+Q4)tKr2R!Jen1eu^!)={nZtAy=vk2RXLA?>-xX zP=wDA4Z-YY{+yygW8bZ>q#XTDxwzi=|9%VO|H_MiG8CtBYC2(Nm7f!*!8HxU73t+cttDy*!Po)*Y{4EgXpE6W7KB2uE)QP5FMN{KoL8-zF z%FWP%cUwcq#amFM%k&Q+wedSk;L3CD(N0mHthtkNT{;b-!w2sTq{Dms(~^XEw?12M zQ6E7!%??|F5+6cSCS%`7l(=i4szs*pS}UCX+gQ1yY?eE-$P3RxxgdmgTGJC!IQd=A zYwAqvnQ!F1mZ64eBbCKZ)4RfDKyp02{k50aogHUvH+y&IZ8bIH%yt8Nn03?l2NuzUgHwar@vNze!RvUsF?hS5vol^3M^3?mZA zDG>^{Gi&Nih5Gl4N^qvRnIioulE)Pt%DP2N0{$0gh?8W7*8V0LfOM+lrpyJv zr5Q5z;8X!Skmuvc1wld_F{GJ2OR0sEPLyBz8HTdzCte5>XFTJpg8-+aT8vBPy2t;@ zW3U_H8ElnN2;{|kIL>dKmGr=&IkvW4{w`?0xINmh&uZzvBu&buBf>lBwGw_{w4%|O#98BgSI59fFFZp2N}x>wS-PBEI(YBq_2_@x6y-w>7Sdx;xUhG0S5t6-oQn&MVQN1BEqI@a=&B~s@pOnYJ5qY z2ESD3y6?W`=X=2-N6^${k-zn`$h+ohY{kqXC+-t@EB~@X2C_UtDpDG?>ao>z106!n+j$?IhCrcj-HS>e?{aEVz-`e+kL?^j58kVRcp zOpwzCo>3ie;5({Pg)e#UyIMp>LE5rq;oTMaH_n?jJ*F9695s= zJYZf_(dWL=)Bl9`>hLUsjIfU&2wQ%fHc}rPtuqHAa?=H)QA?n<-fOkn9e7!24!Ipo z{n1R-eIP#=2DECe)jOrTA?isSL_sI0`J2@@$TJCrHXySf+-HkX*C{WvY#51ryo0h} zP)ZC!y_ph&(X$@yFYtYDb#Ti>?kA%3WjH^mptFbS^MEu#JXnuQyq;eZ0=FVeK|%B& zJN*annAa_*decsh{9v2~<@6BqlGBo)_k@^=u$8N+L|bHMMN@o&jkgn1l)j8a=~o#S zHQwJ1QQCL}v0?oz>vc={=CR}8%p17l#DGt^@AGWNO(UU?qd%_&od0A{~GHe z`OPOU8%pc+KjOpcOLR#+sAO|jt!$>@8p-DG#rwLlnSX4`<~xOK9%LvmrLp-A*zq1H z?)WH!zcHB$3i%M5yV*2-lufv)!0m2D;0`i@tBY8HwtK60V6D~M`Pwz+JCm~?AdBlYtsxBG7hk_1+r7@jwwv*|Fc-7pg~mbS1T$yEJO^dguy) z458$x86EaWRY^HMlg2X0WZ#z)`~F|8vTx%NwlC#ir_k^eDD9pD%7nBF#%U}BPQ`BZ zYyg4zrM!u@2MKKpAwCmQZ=N-6D)l}#OKvh0Zw+l`l--lCz)cotNVj(IfRE?1u+R&q z(Ya!!RJMlcY6u=^8S=`PexZh^sb3^6PLGd7#zsf9Y<=xLl)n!SQ(Bkj__ZFwB9TrF z6~Ed&v6#A9Q}wvy&1^+YG1TTkB3bN^fK7Zz$>`pJFOiH+z41#EeX&LExb(Z|o6n?v zl9bsoq_{vgG=b`!xCP2*R-MG=#O=&8=diLr)J)YlnmrZ@!xD-|LoA0k-Uk?JOnplS zihvLYHUfgpTTfxjQQMfUO%8Ykalkt3tMRY~2Q(hR5FCx0iX67wQdhreP!8J*0jITw zIc$&M1AfyUl*6`DTKVP0cU?0-Ik&kvbratDhf2=>W{BlBm+O_ZToMqN-*1Mc|IZk8 zY|qj!`nU;}{@WhFDhJkKy8~}Rsw)2@1Vfk$bBq?|zlHcr@X^0;q<*d@^N{Ht9KzCX zc>o7n`j3T&`&DS#NT}9Y1Rf>09}e-E0e5{)rxAqw_(lk93QNBrubr~=Q%MwZl?c>W zW;}c!V68myJr^F+7ek=Tq_Ec#rYA#uCNO=THEpJ=EZl)$o1u(rlPW?5P}ZDG1`b!K z91R`hA~s1Fs(Fyfh$<&t!jZ1Tto!1aMaqiHy-7B39&_U<=19-7dLzn^y+OrkW?GzQ z5jJI5zn3Z$G(&f&!h-=L2E`cqZXC!hUtSd)n{;j-y_YWvYZ8*Q>|ujpL+wz75EN~a>0?Bu*;dIklt4JkDS9il^1@aj zdoP9%yGMg6WSb$dBF-f534sX{fsYdczdOWdg3sT{nl|I}>dGuQ4y+>CRK}2rdSt@v z$`hOm@4&@He)=c#?K;3QXxL1qZB>&JrWvm~w z78LRl<<=-x|1U7h;JaTr#G^m8cPr%Q)$o|^8}wsW5O}<`#Qq!CDvEtVGaB?9%1`} zOD9coN)9B=@5HQYNRwK7_A=U2ourcb337l}hE>>%mYdEnt@{3&%RstI14o}E*h^EZ7S zYSaIh5UXe|O$RN_H(Fhq-KJ?+URW$fphSJ><%*aOuvVT-cqLwiwCz2Jrp*)`6IGpr zss}=RCaCy6*0d=VC&!?%q^!8^?8uVdieTtmCA$Rmkk=QfEF(_G#bE-uCd$QpVS^&P z$j*{+a!J&Sk|#6VEM*+KRJMA$t%RFIrUON-H*Gvcm8U|iiizqjLUmuOsJ;nQ$-;dC zsqz|TD@3fnMDiO$z%OL$LI{{mRCN=o=0kiYsB(riZAz6L;(#LT1g>{L@e58SAr*DC z{GFnb^$=JxLGK~ZE3JaQ+f)K?Jw$i~(#QufS3x8D(8iNn9|{4xppXxQfY(G*FQMuE zAwCln@?O@oDTQ34-Itp+_*FLLVqyWQe1nDS9KM-6J04f z`j-&6G!ZmF2>M2=2)YS$gz(ZpI(q0qkB-pBlV7jIi?DhZnzp8Qogy?n5aKhbcd@2T z>BwnHM=aA5zw}}xm8a53mc0zu86R!we)6z{yU1Xh+sNjNBFh>KcsFS@MUAIItcXdC zgM{Y3R?)oM)OgfL4=UoC1Bvq*rY?lseYK&`9<9DH1ZJc*76Kb45>FEn=RDYMzEm+!2+mI4+GNZVo4FlnHT>NsaPG#BqdHfmx@mMHHuJVOfh5kB(a;QXVL! z37@&&q3zi>z`30&T|S4*<+)XI(BfGx{PRTqXkLETX1xhm$qrDYxG&@vM--U61Lip~ z_}FxSmxuX=BZw{~y5p2A*Ck1?jGlAOny+`dxmI%$)gswgq92i=m{QM493ufbN3xtf zSu*P122ilWz!r(Y6g2%1c8r>)VExAn_)XUt_orFzS@1#(f}F zul;+s0Ox+%CcG|!P<@c|fgE!`E5EIT_a|B(bYTDv9D8iFHMUZS=S$UiPcsGnlO*sf zjKUi;gCX!6k6_q@8#fh>licyCe$ybw$v+P8t7^@0GNYHX|0H+8q0K_MOd=qcx#S=a zgJc{0fP~j`&6Z+K$_v=Sb-_|+3ykdS0NZ$+*Qy3OjT8yeDtN^de{$^Cr}J9J#Ak>0v zN|B@2+Sk-n(#XpJ>o?s@Dgw-UJQ$x>y=4{VD(bIRhek_Pp`rdCIut z{dWwqsf56B1eeo7)`D~_<7Qo~w_A#5@+H&@C5(ecP=^mLkO7lCw(L5Ygh>_Nctj!k zU;6L(GK14V;53YOY|b=~O3sD7HU`2qq0(E^@08h$O&p*?^)**rZ|uX4{_0r4E~hYP z{e@*Cy*3J+TDXSJg4vM$A?i)DF6_0-M!nUU&Q79`?IkhBf44LawRzrpNL;qFC|daf zz@k3UTMvy(ZaEdBq64=!JA2c-^-x&0*C7sB;pST#iTXraMPp5SQ+j$Eo+dwa#e|z( z{P`d~VXxE?VV`NxQd2`@;~+&usT9XZbua~OQ!T}}(?93?yy*_U`x~-@Tm7b6BikNj z`UG~fR*cF5c==+3O_@IQ0qw07|Lvx3@R)mj4ZGup$I!~|C5wNV#`j#~y-Qe)<+ zsO!&bCx|4TTaKpJR_YIOvk65VFl;;Hlh)pf@!u3T-Hf9JO{Y}~scCN_^Lh22|0V?O zu~KCz3qc3NR7@DVsGhKStmAvCJiE{0`Wp4mwbnk=;jCH7vGl+EoL#JB_-WFOulSoT z7xT2E)Ev{rB)ts4d-e;DBC&R4^-#)2?e?-~zu2>1D2De4$NLT2(4PIGE{3*Y1KP7+ zC?eYi7WeEI5{uhF;-39t2avdDzfeeQcFVG7zu2>1NMiB-Jho@QutMK^-Qu{~vtRhB zTmEexx#iP3rjy!JoBSX&q3qc&ZhiZO@&Y;fipJjNNTi>y6yr#wAL~fvvrb2`lFK>8 zj*KNDGxb#jQ@Q>4!cF2BdM?C%S2IdI!;w-dM{!GN|i%(*vfZ&)Z`mZP^hYq?T}mjldL z6mcjrcjF^qwnD=*ciCuLTLj)4O&A&ZuO<_P)3L}aHp)5ZSP>xcD%*$H@BhRuT@P#}a zPXuOc;G9!BO%qFC*UQvpU{|Y8CJrq)Wgy!|feZ-9bo%(ac90>Ua z?nIU!=_r^N|XsW5i-GLi!EB7W0`l zeW7>8w|F$f3JQPeGi=r1xczVg+$> zPP<0&k|M!%y-!o0sXo0uO-ZlDA&{*KOjU=h?doA1MY2Fv^#QTzGCeLLRX45Vv(W&0 zD^~~6KvaBIrJm9$q6}8t>Zc}%zZIplhu8dS2*)T3@anpffNyzn`5)GS()34E(81{EV2&3tftf?WA z7X}gh)MPF86m1!pKw7J=Xa@-Q9|w*Dg!|6Y`%i@@yHB$d~dup|9`{N+ds2)hS)f>eY1f#0qWJy&sziK?uQy1 zGU=cqc69@dyZ~A+4~jV;rK3X84~dg@?F1b3)9_CyG`TiAel2+Da#x1!*851 zxpNB>xEm%lWs_+&=)q`583=VU9kC;wzy5x?h2 z{C=IW<(9?oQjqxFGkziDlUpP;y7CcDORG!*+dT4@L0JJ}{N+lVNQ>P7O5U{vl(e`l1WkIY+ro#pFkRoa5Hy|e+rnqI zFo8PTLeNCEwk`bf7A94HTL_w0Yum!_Zec!K+!pv`TiF(veWr*RwqygSKSKI1VJoQK z9$~htcaq&e-MBJy12^^7|DF`DbGVAdW+g9YQ%{I;VGEiqSlWl5)1IMvJC*%I?p4a; zGnz}VD?4knSVZW*+`1dKQHJc>A8xK6zLB6in*JX^9fUPX=4Z_Mt(96ecmgdx;Cii3>|5abfwr9Jg}czK8= z5h^9CS9E@fG%ZOLA+9wR9)?@0~qsDYWI=w_QzVcBFHKnlGX!A64QD61I0q>kz0QQU?acaNA6r!)M57nLG8 zKCl~nB1T_-XhVHap(`{-b_S}{sr)2-L=kOcWMS~r0@(rfFh+|{==EcaA?&!3hrar< z0CY)yJK`ffkLON@;JFWQG1xD8?jWaIuM>LXSJPT!{R<(cAy{8c<7+Q|PT5HmziA67 z)=MJsMQ%k*&XSnyW>gdEK-z((#y(5=f!+h+JMk@>&m)1C_Q6a1z8tiVvnUyEBK_;}F^h&<*ovRug^ACDcy(*I0nI~=OavltV;nvR;) zM_07V>h0{b&e%!`ZySc6CHA7o z9P)ylw#3Pe`Pz~nbXyyI@Q<NGqW&7duj57lB(cHa#qD z*uz2en2K+IVZ)#fd|zrpAwI|R^l#pK+ik+_oYvg*GQa9ubA!+B8Nx9LCo;)fs-k)A z3pKkhH9-jBuiTRv|uqAoCu%_!{=Vm8*VJ~NEaDLXn>o{ z*%V*_!wG5FTsFotwwuKh0L+Ty+e_V?ri!yfUStPlNmfNMjG}eiaPB_A@9)VJ z_X~3`=&47o4)Xs^91}to3Oj(|oi%x_r1&{_st3&}l zyf(q58Q2sOIHhAS&)Tk7eBq^gtH1@nS_MyR-2cj2gW)~?MQU;yekJQ8l%7w+F~RX{ zFfs1T!Yg*>(6z$O#YXJ>00?QErCN^{D{&Xf8@SWYP_QlKEthg$QCy%^%r8}NOU6-; zXu<@yYvsA+h4Ao*BmtWl{Z7WEp#(N6W)tIeG$_u`MGnV= z?|_KgfgB}d=3!M32u{&nax?Hef{aL5DJN5)S16chClR$tJ+iEeh-HMMwy?P|HPGf( zuHg76*w-*ecI&6AE-vgL$S^=^2vQ{38-iKPvuxQ%l6pacg1M}EkPer8>*BkOqW!)B8!aW1nFH>GFz7Q6h?vPW{b9BSyE^i3kR z%lkrKUd8xhEi?W)G5#60V>aGgMO6oBV^r7UxV7>2zUsq*9U~C)(4)BQjxcgAX`x55 z8Sb)OCE|sm=LI0qVc-f3nV6yHJEA*fXanD`4=g2)HllpbM%3PmSSM|$t2E-{seKB< ziND3gR8wD-SNW^CiZa+ED93_htW(L6^>0c><@)M=aebCjIicmKKUFDDX6!@PX5xo zC|UvfRkxVWu~U!`OeSN)vXIGdz$P$vVb;R29(k;|oKw-ZYin!K<-TY-n-1PqD%;mh9LzdWAt@oz@6?7*0086}xL=CmmeGxab?E$?}>b zya%~IHcQ*bLg~17e>%2$H`*|NaCg#&VYOl z37p&t&=9!@7RYBwm4Rd_Mrjzw#n3Rh?J43mYnOl483uOOh`bYPG?ABV>9gLmzXID93d)eYLuyYUN9dLwV_BxI>|~==Gxp1ff)Z%^JpG~Z--gTwnPgl$I3DpI?}=1juyf9*}*laRm0 zB&3gjJ|T&SltEgFennTMq2BV-_Xoy(zJ_q(V@&NxUYX*DRDOHx?arj$QWi(e^- zZ+oPn4ABy9R{DFfW@J>zQ`S(=)${W1%){HEU&WAWny>EGrzuI} zPDx1Kw~sej5W=}IThTDgxbw<}V5_y}(`qa&OqP3(Z#i|ATUf#dM@g2C!E+zACgHf* zv*h#)F7*#a`t5jEq_@kqBZJ*tOOYO@Ki)ZzNW_;qdsu~{W2=Q&IggZ=`080vCgfNh zUb;Bf=`JjEs>(*M<$9o2OfUknKqsu^64lftwUHSWVqWzn3?vgmAM>g)Q^{MJclUB% zZ&!a$WT30RKhk?@xhpc*lQ; z)V4=$@DBHvWDFwxZBd&NmQOd4!@iBNv8(laeR9;;7LOyiSva=_rI2M_u((T4D3vSx z2MU_WCeYNH%6{B8<#%d#8a%)~{qCAa$J3iN&rf3D`4sT1GX-ach#o%VLNW1H5^w_>)!y1Abkd3*TVLSS2j zJH3U0-1xfM+><{`3$qd8v(Iv*uCk_0AwAOGJ|Z?L7{CJo{s?*!0N+be;xn&2U{I@VO zf$}?LLl57-gSR2^{hvaBXyW^)3E#gF;xmEoFR`Wpbmq&IU1qtEhl)ii7l12paqUK$ zJok-ap{Ex$HSTx`j!tt-NV42!xGBe-6x9{LEy-G*Im6>Pplg22V~^b?v4NE6{N@a< z#PHvTSTJ)Heuh@z|KzA`nuB^4NRkJ1AY{Z%x@BBmdF~C?aa4UEZ{RHQEWrO4Dd(9^ zNaw5B5z?cr%fs}3a%6hg8a^{UbAk&#eZxxM{whV3yE39e*FFr?jJ{2D{To8p{|rI2 zB5mw{=a|()wW~)7i^ABfoiYLt@t}u@dLJoR9%>nu&l4<1@mV7SEA4y+EcFFmqnJyE zH%?~tJD{-)W^de72-h!i6mLa3KHT1}GqrY{3lx@Tz2$g$o$ox^IUZs?#2!5wVhv0( z{5e{>Ga)_`=zNAX4UnCNHnMOK7bHx2isUCg@rjdV0fr6)6=~PzUkc6*(W9exMlz&SCWr=~^_^e6mhkRKM|oB zw%=LtyZ8s*m6%B4r)#;@UnVsWAqQFRV&=PYkcTm3 zJ+s+ShGLcL?2qvKTh^5DQnc+1!gHmc>+oBm}gv|>vHXGi_&aH z2#bg^qD}JQ2B3Ic`3*)ZHMbTXq-@hgcL68S|1SiciCYUAhTU3x@D|1#XQ20g`U|(Q z|3Hx(JM}4&2+`!EUm{MDG-gB=yvlG>hchJi5=R|D?q6?9Q(4t)>AAytEj1rp5noW_ z^v_-B7vSP1(@{y2g^{81W#R;=t9Ek91K%krW4*e$JQx1`kD#e>4L$j*HU9mthMFtp z!meuIr6~>gpGiRQQYfoX@Nt#sDYK-(+JXzEd=_`_83$)!7uO$%0DxmGck^r$ z*NR>bJfJFpq=V!fiJMANW5uY<_J9!lOa*zan0mW7afZ&!lwg@(MewVWBg2IG+p&^)jd5uI}-Bt1W-|D>1ZDC$xWWCw}5>V{NC*O)_`XY%Y$%^m; z(eHJuldm5~idTfy&LYW#lOPIz`mL`YaZ7QylvCVom-%P+({F{#gVACNE%*`&Z>xKE zx>p7KVv`kU>7M4-e0b3n0`8uempMGR2vB)A;M&jDbi&!N&d}x!0RqHvFLtgMKq4^_ zLUEC_{0Pv2e>hz8DPB^@6~*o~OAux85WenthkV=Lp!~dW>o>Zkan$HJ$Dt^uJR*nK zVc*D^;_q2OcCw8J8l9h>9Yr*>O#+zZY;`EJz~bVHi~0;I(rDpca^l>>l8Gfx(Bv7p zngZ~UK%$g>`+!pKi?t>MPKt*RebhMT>^pt{IXF=GQ38xQtKu@yTB zSdkdJnwZ6uaB`E3<;Ol&OCA2U0TR-62qH>UO{FL($E+9sMX<-R<3u ziavJeb`e!)n65nkvsNBS|4Imai}U|4GN2pVJj|u}GA+#)LVPC9|DR_~ zo1Xte+>ibldTMw-`ZY8NY4`Y(5CE8P{{g}Ml@Om9a5t6VEW4 zdwY4K5J+G5Sqj_x(8i;#`|%%g1^FryNc2Rz zy6DL9?9ABkse$gk=hUWMy{~q751*Y3pXQbYon6jO?pg==1Mj<2?7POSD>g0~f^A$^ zcMn!2?KwP+3Ey1wKcYpCusJpc$5`~nBM8!qVPZLzyJv{L87V2!m($+B}-yOY|d@ z3#1ET>8FRusW_i3+65@eUJoiAPxU5@q^R)iAy&df?^g-E|Eg8=-UKRyx*AA@pTJxt z6&fn-kA#3-?EfDR0k4UsKPEK&V2IBI6@G{{ZAyigJSwcc2@n<>FY^MOvLM6BZI6Ck zrKCUnl0coSJp2F7_pGSwS3+RgMBkqf`hKZZ^tC``jhhPlKUX8_Hx07?e>gx(X=wkK z1`t)mM?daY?Oi+Qh@b{_(zyvEDT4TimI>m|i6A7ZU@N*AN1fYVL;Aq>jyj@`n{m{! zFx@&wonv?va>IQU1G=$-Ve;yKrKNc|#Aia(J;<6i6?GwwI&VNv4Ual!&>$q-Plo`& zg!``v?k7WhX24xvnve-a=wlCr=v5qb1cB|~Q3sKdfg5QNlad=L+IZ?*881R&xex*{ z6U%=?Sk8v{Okg?9nl`1bw|m>&9L_H=LZXfc+dyGTVi}Cp5s1z=xU^yJp8NomLNm#b!LAKFa z*6ixowGM-gt;3du){1PL4URLK-Ra$)(d^7Jht`53t}=zIH#B942MP*`N;nKQSIQ(* z!cmX{Dv-j#Au$OgK!U5Fa4?2ou3(dV-~V1;Grc{%?G};C>ni{1?dj=x-}{gEzyJO3 ze^|&oADZG?=C{P)WspHnkU?*rErVjI!MNgOlB7LOOPb*h;lp^VBgc5gljFaPfn7U< ze-Q(3u$%si-Sp8IU(<5@kUZK|j{hVm$8J>^Rk|3VaqSegP0%HixlQW5aJnoIU{QeO zc_943dK^t%tw)YU&UlF^t|xguHOZChM`Q3d$gm%gVUNs~Vdq+|5$vo~QC>6DLjN~f z>v#b2lqcIy$H1>;`zJ9l2fOM?cGZ(HzNTgS33;@uY`@o&?Zdh_F2!*SnF=O~qDn#w zZ+Md#=I3jvW^8H(gPzwX^!k;+C-QFPT+Zg*>?%Er*NLo|>PQLmc~|D24^4G-Va?X= z<8_e1KPH1$;%nW)lmP~xYh755#J@t$%-79OZP<N~YVui;Wj5C-7p3g&u= z-WX-bFm4vyRdp{4^}G2oS0+!y;772Nf5J{aKHE;7g-k|2szU_I{hs;Jun@tsA#sga zg$TT#v)9)PS%l}adi7Is^}Li}=VNDa)cH70x|U=_4Zo;My4FVS(aCa;P9`j4Yo?D~ zzFRT)u9LRjh)07-TTizqZP^QNyWx;)l+_>ZPrW_HPX$Hn7Zfq)XAueL+8dX&=h*6! zwTI>CVrPw_%TsQHKNzFIx^Ld!(Kr9o(Kk&AB~kJ9wjxw0Kqf}s%jZ+`mQ$w+MIP^x zLyB6XPu6}IJ>(Yyo*=6Hq2_iCX(Or{G15rRX5`Eo?&)HJ8q!a^9IX zOFlU8yrXqazpifk#Cy|cWAvn61mcg%BG5I@1+>dUg~3x;C#Q1es-@3R=p24R=oT#W zRB(8F>AZQ_%=Ya^)lta4tV4B>Cnm3|(z!l6Xo`mt`*z#;z5w^Bmbv`|Y7Mt%{hT`G zW!vtMGlQITBNn9`F-G$`c?kK1NW^ka{!#vvb2t#|-oVkqLJ3osk*tVKeh?zJg}C5B zZoR&f+|&k3jX)p4iTHKhK&Dz1OOb77w{cC<8Ou(c65Ren+>j9IoX4WFtI(QHv&?LRsuR(J2o^d70!Mv4V=i0*9Nap)|s!^?T(ccL{2X(aD-Cm)P< zLxZIR=m?5*hAK9yPs?_D3gz_`H?)iosre31;dF(^l*Cp!kxO;HOm}AV*6}?ExjMB< zbzQga@;YN+XGpIpCDY;s5$)Dv!gi!9g^Q_^W{+$=DRj#&Q-A^u5A;gs*3dTbgaxSb z_%Ja6#Rdxj<4AG0>@O6`?eTWm?0h#1&MM{T)gPWv+fHg%%0XZHz@W}AvY@h7TiP4< z(8LLYO5HxB;Ac=yxH!?AfYRe|3?6?n3d-!n1lA>lah|w)%$vy9PA8UjEhq>X>cusk zRx8~F`^TLd?wM?z{R71MOf;IfP>wL0&9N3Zo&tYCHnK>rKpuu1RxHBBi7AHdg4c1d zJe5Ko1&D*{Y8I-r1%Fn3viU&@p?yDw0ITGa*P$jY(;I^$lNCq~PCQiqvOoq{byMvnOQ z{XFp$wp`4J9@jG?+~-3kdfm!)hufkFV`2m~t`95|ud27yZM*;Qt@Bw(ea<0)?xyLG zNcRUeUYEW@Cm(wmdjl0+x4!*oT z5_I)ZtIqR79W)`kzJ4A9gLdv+3~xG*{MzVVz=Ws6?R7e1b=xQ2o0eSGJ;c}EC(Ar< z+IvwLV>X0Z4yRFTI~;NEZ5JkJ)>X6c;=Nx|?VioN>$jYD{ksTx^y;@Rbn#7jwB#?^ zG5jWF3+JX0a$f9n8?m*278tQr$HtyUh)4!)=zd6Ghz-3AHnbbp909+y%afiEUK>N) zwROD)k4o6#^#SYpyPjiuZD)g$TI3TkaBJ)1;=Vbd_ZZ^iM}z2byai^O7i-x^8K z{Egw$XYZw9{h7?RHxe{2)V7B;DYdX}KG0Q-Ee;^#7Mee=l0zZDA|I z=&uhrz;n?G9cBqJz7L?ILyYfQ&wNwzu2hWH#foF*;0JWVgd$Gn}whbd!?XjISkVRxjd7swzd7a9Mk!XJZ%UEnpB{ zL?^K`c=ZDR#JDr`(;0D@i`PYjr(Zzvx)9U(6l5{PbZ+rXXPAIFc6762M>`+#wB+d+ z%BYR%Pen6uSk7e_`vP`#F6tb%T;O#wd#>H2clSsaUmklp@36++;P_Tpp70{v(Je_f zxV$()>p~sUu+B+7xNJ|*tPePD{COSEZ)f6cMz;AJ*`5^rO+2z440ybA3krHum5#&b%x7JyFBUX--#GDMvs}V#G?}7 zc~kp<`Tw}k<{@G8W~v}0k{w69rv?|L}Ca`0!xq;8sF!P|RlSPQ%R-Cs=5mPL}27X8b~O~*G9w5TWJ zEb6znYG(E9EF`&*20$rg^w;Ju#8h=#>FA5_&y~kTmwoAsfg*2z!;FUhU46Td3b-fZ zrlv(4g~$AcWy^Rj)K-bw^WZG)cjffn3^|@hedI_8-&-uPGgxmXYa@X*!0}J{I37s+ zId?oanR;4Ay-HTY^AarU{kNY8=C9%uIPc@(9T_M4;EvsQ-sxlc^BIE6^MzMLM-*ns z^R+>qdj`V3WQHoUqP=zBR)ye$UQ)XIVCSXWqNFn=W6rb>R!`vd;Ox9FGR~LtMN7 z>gIQthHt@q(#^XMCMfGfG*!O|iGz~!&laj`kvdX%w8AvPQA6#9=8gf$BtrstEt?#D(E3^fSu)!9M|idB zp|qpi`8u=Ass`#`QwjD60OyhMFZuk~Y>-DbD6@yLEu_*w&KFzn?fpiQw%i%3<;PLI zP3yM-!|=+!%+UrDeor1gc+2tQhldUwK1A*3W{`XkxC7cPtFUYLzRUVe_I2MwJtaEPXOxJ2N9kAX%I&z&elILi+U%qqy zuE9NnV^{CrZ{!E}4vy~Kzi01QesFB(*udaG-Y|Sl|9Ra;mod36jOp;|qt8*lqK#_- z*YW{9rt(B_z3~#9z}^F8^ks0x$b-=VCwpNq#rTzx4Ga@T!>krEHy*x?N7fklXa)}r zV+B2U>1f4LXV@HF}x$Ef)}iwfP_3oAT5xb#+j>*J-pNM0iEj;KS5*pkxy7vQ91 zOt2wIr+=5?>zX&!AKv`F`)2CCpat{3YOiqQIZJu=&bo2$XVm>TVE~zTcMSuqKk1uf zXATES0)&3%;{F(VzgvMd9TfO5*@w8B7ZTak5fq^1c7p=#zKtph&}nyhCjdal55mtK zo4GcCHgPqS4$yP&dUKR>nz3ftvDDmV?(W8u36F>y<{2s&Bw;)53&rH1%;^dmcNSGl zShWE2sp7;Wj3#epWPm`$YHT1ykrdQSIh(<(4&#F3x7CgOM42-xF{Jp>VuiL>Hq!-8 zux#%q&c;-ql+W^IC-Sw%S^ws}$!dc}-7Aj(#{}nW;9E{D1#edAY-7jiS!leonXm5D z<{X~m*z<;CuF`%chSCN@7<*`}90f)QqwChoK`8R}?Z=CCsnrJ2@+)X(dTAif!2hVT zDK%V|eVewWBwW6NG9RkQHR56QOu1O$_Gvd(CpxFkwxZs`JHZ}fRZfns7LLpoCCDpx zP?v}h&4vL$p$J{?p>5+m3nFyp{W|ryyfq!|;GsnYL=<&9`q5Ii6@6-NYcNteFxQuf z`chnwwp<&Wm^`CUIxfqm8J_UGpT}Y-kj}07M?5O7<%Qs4WO~gDS?s;8Wq;Lu3nkqh zsX^MNN2Hr$r49Z)9u4>*LojG>@vW2$pAv-&@B`B&I9-?q$qu_ZE!a_IXxb-tc#d@? zykZBkNUMuo7@XE&1lOS%zdiD-lTnESO5Gl25>c}$TGSo8cyZKYo(BI$G&ounwQ>BVXf5X5*NJhQ z(Q715=VliwZkHb!JmJcfbswyMS6h*edtveFB^7u;FPr7!IsY6#9+_6KJzo`l-#YdYY;5KC4~-F=Z3_hUv{ z^vphH-UVYCz8_j%GbS+G&TIZRE?XWAp4~&ND^M?LGw0i@;JVZh7|7|@ z4cRN4J5WNSHDoWv{D;mfH&(4SkSu5TJ~=kuUdh9Zu*RIbi@}l>?yRaeYQ;$`tMJILMjh|FNZmmp zIk}UgoycKZ4UawM&*?9?HxPK6tkxR2G9p9hz6JI&GhcT9Tx72`?kb|!q@bYl&?0+L z!5C?d<9(~9^0f+j4Nue%)4`n{bpNP9L@mo+RjifLspN6e{gAy{?ucNM_1>+?y3s6Db9YTpmewHT zR;?R3|2IWKP*wCyv0hZNxjKi!!>Eo(Ai9-H9JNqdwt@+q&;?O5ymzI3GB<|OS@qVP zEqf!c@H-gJMHP(-UswRgm)G)B;FkIm61tY^1;MF|Lk`QuiDIL5e9bm{)ub_r%+WC< z5+OiHJS%vI#g(zrQEu5Ub`}7K>MvzG`i}zh!UWlhOb@nM0{JaHs(eEyexp z6*~verK@UVqiwI}9q;uobzToe%~N7e8@0Zo(HN88fd2QJjfpaTtOtc8p+tp-**dn= zz64@9k#n`v1(2&F_Gz@H?KSG?iJVy+H_P}RBD}C%rR1+bECzb^nkLk`j*eO{f2%)p z4y#t^e`N-yAwbnp22ee_u#T1j_2Sx| z!x`w1-*Pq2H4wIp771d59GL<%_$-=WqCy~kWCPB7&Y#X16R4J!LmCV1tTcNq-%RUU zH_Btmq)po|GAd_Um}=Tfl{JA1LmC-4Vr)3q$k)aVSSJY1S~Lox)sU$Y#B5Bgw|T_e zVZPctYEGG^d7t?P^F8LDHtltRXSq(IO#On9TFX3QFB>(D(bL%?q_}0i+FsGD_-{$GXg;(K-A&O-Fe`#Nt!kInZq+4M2*HcOm_w3uWg39DI@xUIL8A=yciC3!i?0g{_ZZY24AlG{iMBzcn8kW@(inB;XNtcz5# zNZvv6Hj)pJyqDx*l8=)xxu^6QlCP3{h2)zg-yr!u$>StHBl!u*Jgifdp5@g_UM(Zp zOtOh&8_DG)10=ght|z&cWQgP#$sHuaBqoVL(j=*o+(U9V$$ca?$-7D3N%A1c10~;j^8VEze@^n)T9B`ktXK!qLo!A=8YQV+2vQ~a zBmQ{@$z~jDR@y}JBmVhAl6$s-+)eTlh+k<7$%P~vNj^mK0g~NpP(Mi1?x9r5v7z*p z%#T>+r!Di#mid@ve$O(Wvdm{J5lBmf(Go$lL<5eQ3!!4g5RL#6rBAS7IR^EW}57B^KgSyb=rXcf1k{@z1;x3-O=45)1KTUWtYH4X?yPETz(m zh1kF=u@GB%B^IKeS7ISv#w)Q9H}gs?1hd(dh1g6pAr@jGt%g{LchO9Ug?K$phggVz zrNIyjv6=?s7bL$TdFy(R`$?8ygevuri2W$ih=~38?Pgqw{V2Nj<8fZSaSO=ZLbl?H zNBk*E!sLEsNw|ARSrX>=iY1X{vQlj^{yYfMv{(9FAsGNy;*4T7J;R`=?$GIVo>NYM z{|?7KwFdz@dDFRcr_A9I&lgOjBV?eEf`V9E%W97(%O zfp6K%N3m^1IXRdME;*?0-w)GSs==HdTTp*v>m+@159J9pjb zqPfUi%t9i8)h~PBp{81PW{M=QiikUlvxHdAgn{%r%pI65FFlH97<3sowz~0?tne=1Ms(|}LSbeDg? zixH(8fjr{<_BwZ>?y}D_1$VKM(4tCS`>_FYLN( zTWld&f=8o-qzg>5SEeP9j29;W`-%v#0L=Id=Pt|;X`GFQe0hAxFG&mXg$W>E)d{&g zp3Qe*=(X|DU6U5N%?Z#&Nv|^#-PN}{nw7)x!M-Xjuos;puzUJ;MT4!y2U|@G?8WB> zY<8d9oLJa?ZeZ5#tBqgMD9GV7Htzu!GTJ{Q3A`KbscVOV1hDtE0hwD?ZqN zNegV|9DyC|rn67S2m8~sz`i5_*q3zcD7;yP_Thj6etTTct_OB2A2$J;JC`5`5VaAKR5_Vauk4tr5+)Bk{2vObc6ITG)(eY^UO5yE83p z{b^x49gXd^@v%*%g>7eA*t*z~R(x!4O$*zu1lamJZHZXQY`!)Y&ApGsNBH5i5bjQZ zaAzk%C#`0*7!C2u@gaUGEr@#(K-|#@Q5_Z^4exvL;e9tPcmpZHD^@4ZbeUp26Cd8M z(}H((0(c=RsJNFsGaAjnjoV{8EbH-TDh|uu1PHJ0lu!R6GuN1-f$oeCG@BOCeF=bW z?*v-P*CwLD-5ej>jcI|~p8#B6CpaXyX7&#Z?2iUmhz~HI7Qh1u0EU>+D$+X4E_UXR z$;GVNP>|)e1j!(ehWl`Q zxF1go?#mOv4Y92vwAnMev$Q?gon7KJUyTp+D`^3}HUZEO+sd_(XfA#~KDfuz0(V^k zaADCI5!#7nxsgRe)?}7>P0?WIT@~9Mcs4DtuSfv)V2B|Su=$4UU}C;ZcC?H-E{!bj zN2A^xAN3|Ynu-&2eFD^jov2TvmW>Z{G|qweICrIm^M(XCcX#5{)yibAL^Q~u_#ls^ z1@d45kRd+1VkB4^jnIsb&`1m6p#%s+%hCI^ZS?l|nS<-W?y@ zJJSMpBmuZ=rvgsx8O_#FJTo%k@{{rLeIhM| zS9UV6K3OdEW2a|UdF)wiK&v2MJnK}IlpND8A;~A=!~a2A@Q)^dACe}a(x&5&l?!*o z_Jro+(dXb3sNJhNvHW-fw7WW)jVy8$Lx8n4%FzP7B|glHQiM5_0A`3$Vs*Z|vOA+8 z?u!p`Fg=LJ*UwKAW0&;VlkqX$k|M?psbcIBBq_(oSWFS)CLcz_UhZ!4kln(|i6uyx!kocEaDyB>API^)C;%iOIWjPqdBDtYFaym3 z5R&E3aUI7=CUzUcsk78|+&0Zp$JrA*i5w@Xo2IUtt*O(vPVD4!TW4|V#%c1kX}PSREv9}V3C!H>oO{l>=br7pee?To+Hlhb`mcFgZ6RMMUrlFnxpF1v*H)U_ za+Pdj-Y?fz-nX*%n^&G+>27YXW|nG|Mm6iNG&i6{HeV>^s(yLpX?%GrwXYXSwX_^y zYqm1)^v`c@zE*x#=$d|WI-P!cdaCP-Z~q?r`Tj4y{hzGlw?4g+-`?Cb;a{a$+qC|c z6U?RawvZuEw=GotnqOV?R~pT&^~@agSjl(gcjh-Xw@+y_;kPXc zJG=2|t(SnUl;uBDIe)fLF4PN^axGo0)mNIEN`mK0|Az$yV|YasEaXnrH0e!ZY8K=uSdmd*RwE2%=ZQhuvfn9t1lfH9r!#sBigv>?l7OJUP;#$=Liu)ONCrLKjaM@(Ae0_eQkVv<66fSsEowf z#!Lwa>oU-Q;&@#v&6@`ftTZ<^s)dziPjbj;uuM5u$YlgoH*e}$$-kvWSUragI3+RL z6}A!ir$Tpui8p)~8fCNcw);@^b5kY1UiYi1t09{pcj3I==Wl3(`}pw^A^uf10HLVg z6M_2R35 zTIT#}je5=dUb#}nA7bUgVnK<5C$HTMTD<&&F!9p7qZRUSX|W>|dDSrF`H&h0dBdfW zSI_&Ne>F3|Q1WYxybR=Rj*wT+7itD|Byl|)BHp~8Dc8Mv#hYP_r4+{eE=kBcn&;Pd z;1!Li?@ER!9JZlUc87(i?aeLqOm)sTCpRSQG2m=!^wjaxiIL-UbkrAWL%qF~1;1R# zrOST3x3=Kp$Pyoi zcn4QGDapAXz+v+m1tKvaPLB_3sq&~(Ab5kdB2{4w9Ir0C`0+sxSwUn2h;to z#A)6Ih_eK8s=5HK6_Z%t>+c_`F6c#=4a+3nFo2VLHBKy|fkK9B~duI!fAiWSS6?|T)E>DRMN~O8EDXni#Wg7K-r3wYl zuTAx(7jm-!L~Sn3r7{@{C;9^e{?m#)uFZlJa_);nj>}4t6Q=sp0|r;gWQI$*7$ATR z%_^yyWVim*fQ20W{X_D5TEzOX5)G!X@!Aftu|M6vHf&&kw%FL8>W{?+jiFD1wK5J3 zrm%5;XV^$VO0EqXabi}{#$Y@)Xc6m&4H`^gEybs&yYfDQWI$k;U=!3Q)pypFMPaIM$~9==*iYAHIHI@ksq^!>VF z!yLG;>ku0U)+#qJKwH{4&_-_180&@&8ccD@?nrDr?Wkw+giRetulZErAp#iLsg*M& zNe`sllSQ{s=d4(YgOy>Wm8|CI7t2z3d1w`QS))Xy1q8JZ4YlSQ!i%kc=oSuMT)Dbt zyco&)a3o$XhSJL#B}q_@+|fcOwiMCdYFxN7J1lOQyh;*>`tu@Npo(03j1(Si}p2bxoW5eFx_g{BT(ii4Fkaf%pD;bl)G zUZSXEjq>AAi}VPi5?glY?=6hDl4DIe2rWoqqq}2l>|dJ>awxq&0nhBm?kk&67&hqp zb<#m-K?)mtJI2P~TCp*h02_mCutDFi8#V?tHhLnl5hX#^e3v_vZoSQE`Cv&9_dcgv zSo{*a(XCN}*mt_uN8%+)f~@fta|kyO_HAm@spbg_C-Ju!8e<))#N1-`MPg%?G>?%} z$A`xallYBls^niyj>&IpCz@cVUmhO%ori& z^kvI_NXF)R75-ztnlAYD*>t5k*9+fFFPY7IbJfgjJw>0Vij|t5D#A^ZTJmR7nbI6t z4D<7~01`G9muyR+{M8`fltRGTCsyF5Bf&i{z@0Euka*S#8AT1e^~x1EFkDsuY;|k5 z<*x?Rk&ZzPom7F@8wsY|)saF%mu&Q_Nf$c4}fs_%kIzZy{2x~ta23f#U(aLo8Xh}g_H+)?r7@F+6S&uJq;duP4ryJ;3D-+% zDN};`zBf}vC{G=BcmSC~s6h%oJ0DRsSwA&fMYPLOrFta*{B{=8sZ4d&+G*!QgNQMO zh;>|zLdpI}lzbDRWE2k0Q^yA{9Xn-k5@p30OfCA=!fYWkQ}R<;L<10#2wSyUBSW|# zS7`tKFjr`o7;|tjTd>gKeroV>R^ek^R-!O57>S9u5GKZtr%qp9y$rAUCGyiO`XHiO zwp6JRsX%n6`uhTuv89%yFDyKmPYez;O(bSYA=cy8p)heE5);ChB5C46ha|yaU}YTi zknA-khJn5?V%V;TVZp+I^Pxe*iH=AidIbvfgOQ-KydOU`dSNlaeHiLo8QTr*v^2}~ z5104i0Kpsv@RnMkvao31fXycc)V6otc9SX?4@JVrnu;Lw)TLu)dn0Mg(##}zG3}-n zv%P(Ty#d1BE(jZ6+WTsM7y|5Sr&hoojs$j`xcUNxCQ6zdxtc}nn<6MBDqUz-G1w+sdSkx1wtBj`^LkDW6R zw@OpiK0&v|Om#km=*vtgjC?oI*A`^zcLPnoLTd6U6a+(&5S$_i#!ejbjtmYSF;GMj zOzq!y|biWy01VG$)tZ&hap#>^D#1ElpE zg8&^i(n_Bk;I+mjD!hF|B;MFmz&o89pBSFFIG!3FA0HW;I5m1c0c8s*obwUNo2{gz zAjUb{s1Z*6Dj&GLeFH&(yfeJ1MfTAx4DwDZ>WO561}tm9@X>cLTzKXb_kcBBoK0d}Aae;yOXXEOqYU*@@KH z$oPfS#FG~+dqFE?3TyKSBP$>d6&I`80<=dzRbO84S&0nW!Mnr`QZMeotu3&lzBg#l zSL`*cN#SHT5+{p>dWR<_Mu_#n@u_2HPmP?PND;0Qb3a?h1lS0vqu6HR`qWIO2GuiL zDnQ9e5jK1K_6Nnl{jJ@s4i?(lHZ=GfS7g*iD0H-Jh0vps2(1u8&-lyUu)%?aLVwXO zVMD8F+|jFG1-{oWR11rl>@wfm;pK9f=>%T&Uv}2J-dz_GV++QqYeeW3Mkc47v0qn>4(joJ#66d%dr#u97k5`GW zQsO(~&yt^e>T`nzEql;YZB&A36@*S_pNtN6Q+QtB^VpiBzAEdT#W% zWf=;Ox~0Hi83R1fH!zs$JJ3s+TgXCcz*R97Q1+%^M=KYynJKtOT7!T$%~x`^iAeo! zu%&$)*J3dWD<>kc!V>7h@$*)aK*EI_>^6^8RC~@v#62E$!!P&BRzQz6zdJTbK4{Q#GW38Hr+j zWZ=BlhBGjtTHMLV#j$Y!=^n>Y@ZTAM(W(u&O3|P(4V&9cgf6y?V}`&179{p(1{CeW zS=;mq>Qj+WKSf(Ie&N*d-eadmQlo6=OC6JXtVBO6M`<=lFS;PyOw6skZDzJwj zuO(aXQw$(ya<+J_9yN_z3{o16nZ-g4_vqze+w?Gq)B1SAH7X39j>OO|!Vr{$sj9zN z5vU;EtX76x0k5Jr)FI#8j5|yrx6-@|ouQMe&MEG!y)oy_#LY{+d8D58RvS?3tG(nx zfD0m5kUj?_yQKtbLq3x@N6Lksr&OrbMcyp#7u%a#u?#w$ti;az7P1|5-1JwlM2wmyty(Al?!2rOM1IUf8%{Ls)W_LJg2!JdZZ{oy9Zs4{}@cdx|IN zM`XzIYPTatIWt$yEaa_4O&&q+^#pR%7Bi)W?^R~KjCWi(Xgq7V$W+742*wgXn<;rn zRV&nM)Te;Ymeby_-MF65)IA*F$YAr!NQYa5!!@_h%VB(^wXv%npFYzlRDDX#uI)oM zTqX;h5elSNsZz2aOcnF++v6Lar2)Htt>!@q@D?gaDkP6cX&G}==Vu$Gbk_;=LZV&G z$G92zwb9h8R%RNtI@0OLz*wlwd&na8<}+m+q~$qI%PV0IQoIQ~GG*$Sy^ceLTzoDq zH}3`#iIP{1L`~$=AlG(8{uUx>P1)NldT-1Wr|_jp$eTRClnnxsT692)OQnm=|Gz7W0}p zb4cAor2>o!cA=p!vEvWbhw#xdP;15cYa6n)VfWk^NWjbWpv+it6}c>RO709_x10fS zsKs|-3S=5bH4M#}m%2`K6BpGezK4eRXz_zLZ`eS`>O1MzoxJwuHki&TrA1$wPl_POko*9Mu(PA__88h4p#2U~ zR}K2qB2+YdHCri_DoeCCvpxqM)ud*=qq&-{8j6p03DF=BgIdV5TU@W9oKm&8u!26G4AgI?tcxv;$$Ytv|l0Eb{0QD z|Je7A^U%nC6(1^%toco0XICrt2gMU9Ju?-Ej!K#IH`aS9v$OnjE$f#v)k38fhV=hJ zD-uY*wo_{){~>1Vj7{$b=KcV^)(gp#+i`3uYdp(jJ{>^pSx8-$w^EZeOb+Wa!pxxW z4s~_)rGUF=qR2KnAi_t@cyoyFDu)~jK~0?5 zwgQs!>IGDnq01pOe8rTtEbKh$mko{G6C4_})2*Pj`VM)~Oh@$3^Ra1vLl-DqV=9Itgm{WFwQ@+Za0tNCm)F7It z>M&IMDfB3CMbDQAXRmys4mo*l*`$Tw*9#Ifk-ZwQcP5Te->0}8y%LJ!E!@;4wYLQX z<8_uQAtbQdkid(*IK4Fwcf2(yHdOT1wlz=-uf4c+rR`g;?UYI+U+Zb~zCG6QzM%+G z@ldDx7JZ9uZX?l8kt?VS35)hjAxrf)$un?uCBFsbFB`M;BVEl&JKcn-^~n)EY^Wl8 zKED@AY;>pQ7I7QFWGSBPmvBBA>m(`A${OzkBs~z~03lb`JSXh5@q!djV3OvpfD6QQ z*M5*WYkIjTXym8STWRF-)>Is|K5M=PE-O)X4cf?wJ zIP)M@`GU0~wMyqM@nbzbrzpS?RpUJATqA9XjQqj-SgogLsP#kEY@v@;W?+UTg9>gJ z%h2(ldy)XZ%to3^gvv#+Va68BPIp=W>7E%*Ou!J(J6SLBW?*5)NThrU zvzj9rir+?nOJ~s*IH@b;Is3+%>Igu!H+vH!#n`R>VS>$i4=r|Q@jLJjD0xTon_qm4 zYGR{B)nd4`)$WEeF~x6XP@>DuS_0vn1iVe6EjQZ__w_hXEPvtWiVPS`M65pU)!678vyyUj5|wT)j+^x;|tLX zew^SU3M{@CKPjQme6S5Liq`In0ohR3&tT|wI+&!cpF~rpu7B`Sz?Y^kT2^QDg~B_< zA7fzFhrTA?3ttw=gGDkvvrh<=Hmpom-ZBas%rzO|0?3%>KH}ljpwFjmZ#XK`}|7r_RT-)rUKUM#DfdL(a3_n@hxhMw7rHQF&R z&D<#%jB_GRi%iyZp4oUNSIW2uTJsLjSs&?f-{+3!IgMdRArWuPH=Z>7&_=3*)Umx3e;6=G;doz6Uvo(OXaZEpL*id1 zz>g~|QR>GAuB}n_yZkbhWT7)axU9uB+ZJI_;pJESg}T>RAf*MJC~&r%ErG@4rCb=X zh;6i83qKP(@f5R&7w6xC_J=U}_p1iSFU19GF8J38w$|M*RNpCnGQlp(!|eq^MBL#v z`7jh7Hjdzc2{VjnbGZp7p~tZr^TKM5Xa$PvM_5UUcPGTOBDGUQV)2VNjRo3$WDC&9 zkeXG;mW6yj`K}rpv4s65_ZVrl{F)AnRw4=x_~3{O8Xt+gSbo`G(zYaNaRQaLF6lA3 zSP|feZhnqe2fZ5BS`jja(nB1HVNw-BB|0p$P>IOGh2yybQx`c8bQB~Rw(xuF3eqq; zc(n$CO$Z>ND2$*W7DH8oVpYnqR!?vdw6-0vz!Q#& zRyjp}jYf@l5IS8TLJlv_I&SK|~B?1#AK;&u^#?4~I2?Zu3 zKZ`;>gPKFy2N~~Z+z^N~(+7MtBAhkwAq|3yAz4J*VvtcEGNHUs1(xks9}A7MK{LvH zSrg-^V|ZQ0(t_o49Sar|vnqa;1xtI++>bX_ zZ&Asr_~*R0iEcz+7Gz*MV<(@59g}wbhR9@p$8{E&Aym9&i=yHidxO(gs@*Tbab^_t zZP=1_hCWxDL)Eq7CiF@eix$F|&7UH!d^w(_j!36Lbo8R=>AFN*5pQL-iob} zCz7hnqFNbl?Yis%-JZq8U!RjMzA8IY1 zyy*sJOe+5kWMqL1Eg#<3v3&SOFztJj%Lk)u$QmrMVdQbrf=s$m{)PL6e<8pQTs@t}q%G>J1Vdn`Q*zeae7^DH!b9IAZ)w-$ZXe(upYe~U+j20P&%*p`Ssk6CzUGT2Fga1gK`dQie4Z)J>{}$ zlRWWQX3h^inwyue(PTpPMk2o(rd7EZKl+e*q;EsF3!#ZXQ>33mZH3eK#3LQAK(L(&eIaA z`IXosPt}ItA*GZmLfJgRdgmMSXakE1oT6kPAtAtW9d0$XE!4Kfy=G**uw>F+kX=T` z?+fp5iy{y%dcOOmxmG2)UaHH}UK75=5(&xHj0DZ`KF(bN$HXPyX#A3rt${&furp|p$gIpAdNdjWelQ4prg2N*qw_q-bGEk7TLX1TXIYd;V zL>p=96~uTfRFFm*nx6NM2;ssNz21{)JiV`DJY58y-iu!C4r+OPGzo~<<72l)zBqU3 z2ngIu!*UmY$RH=l02<&Q=@{Tk0Qd*j6X3B{ovGVT&!zXVBBEoQqy|#ki;uMnB1b1F zl7(@EqE^>JqY96MA4)x+FbKL96KaHhvSWl^210*nJrR24Y-TAnLaIfUl((a(ZVu&x zd^bc)s1S>1Z%Qg_Qn0Ez0Yp(*s=0##Q;0SzBIJ-$5>+8txic3kC6ub)D=X@_R_x;S zn_fxv>p7*~>Cbk&)05cg-(A~In{&I9s9X|KmN0jsa!*+brX_k#z{`gme^|v~NU98lmi!DylgXuc)|2{5)&bmZ~hFzGHs5#zYy9I3;C%??oUXBZjENQbE9VbdeEfD{N+j84NjI)OFuB2hRD1#6pFw(C;-rvwB;rt z@t>nnWjHiHC9;<`S{B8g;qKhfKI3=RS7KjBToc;QES!6PXe_{S_#RU=2giX=Jg3 zIN+)In$Dzs2rFLZ`-lnvZsiEQNmSDkb?EtGvJWL9P%jY*!#*!dFPiZ~1oWG5+o^X6 zbZuFDsNHl>Gz$#8s6lMhb+Iy!k6I`bh2^?jCj>6ey|l;}s6OCai}$CakAHSl*flYw|M)svyxJ z%6{L_Szi7+O9(R^(adyXzh7}Ws&ULc*0BJ23k1lawF!`WAVBDFx}hVt=*S_Qc)@Vu z4aBjTAnbBsNP4VelAZ!dpI;M6H-DYz`IT_92_e8aO@OZ;FtrL*=$KrlK`#E<$mJgs zxtNQays*AhZjX+o^!+c%r81eKe9lXBb(*@~-Z6D$KwWR`l)6@DAg4>_%?YO3fHtPa z7WIlUtM?JHSjHf2FNdLqYv_6Pr3x%puz$>wsa-pKJMXAb{GpCfoO2<#2?MCQr;|Q( z6Jc^j0aRlv{GGl$D)_eRT0#cn&p>B!LdmwDWHYL!e!OJJt^y&%)Q zGNiFVia>TJj86{?e4gg19JVk}*G)U@BK%p3I9TgAb3?)}@Ht#@R&yx~10H)B$!I;ah7Zm2#u|NM3V??wER&IVW4ndo{z~6& zEiDcwkQS~Zv;v{21cy`m`jHUny;PV|!5+Ef@|!pjA>b-5B(+pX=}}w>{(`j_Ey3H% z)kntk;E)oc6dgi=1Kg~HZNkt@Sk)nP^DX{2G>j(eZT85@Bgz#-accj)^(R=DKB)f99_$+^3sW+29jI$K$7oCTO zP%FL{{}<+wkyq=D1Snlwoa^%N-w--36>|0bkk{YW_lWo`Q^LE`Lx>xq<4JskI7z(h zJmlr;^@Z9{Z|~C5QhK43Dc2kGr8G{MUiC{aM(#a3`fUHHyx=Z;)Db0l|ms=jdaJGjfTH)dHiCga^%q9)l;YYbAI2!C+C-sHx{#J&&&;{4nKatAIo1% z^^ZL{aw)ez+Zeudu{d~Uf4pI%s=S~_vCe0AySz?Flg zOUs7_4=>F1Un(Cd)aOcrNO0`Gdge^^@WSzPwI}9s^?Lp4g~GYxN0*A1&yAlsyfAaD zk?|LbsmbNOE=Ep(!x1_r-ZjWU3@CBq5k-lxoybSSn;UVMuQYp-Z{bRQ>iLy?ruZIW z255$P%D{O$vHu>KjD99IwxqcQbrNaP$y-52H}=-vTVh!CApG+{DMZHh=GJV6-)*zF zw7EC&{wvwvK@TnOzBhrq`+&3aZwD=ig`0a=cXMMQw|}MhEL!U1rzT0Rsc6Zi?;g#~ zEGkx-n@CoyG&i%Lz>|DJQZUAzqc!Y3Lz63ED~VC%Kz#%)iVOHl=RnbF#3zAsYVtV9 zl8gZUg4geLTl%WSS@NviOLkjQzJuGLPI-zz6KR<(bWM9e?hf5~wR3ldkcHW%&m`EUPooW(T5S`( zxv7PdSfCLz!Tb#prLHpe4of}+nVtxM7&#Om9hYCjV~nCE8(5-Rg^_@+OiUh*c>WW-h6rgYR76e|;`yMQ;dou4_Rlv;^}+() z`HLNvqyIA=Wfi(jg$R*M+iEKP67N>=-{T*p1~%8S`+t#q_i1Wk(&nFjJ?(?0bAkCz z==_~AbY7Ko-g2-&`$putE*{R0xTEL>-i^Q^1mhEhwTp9Sp#gg27bWcx_CqDhePS(!ZKPrV$M#nOL|!t-~Aj$SLmu)f{aVN2xB?6#JT&wsf^u4cs&1T@EiB9cwZ6HU8D50xr#11ZU*g2lQtyjE+xuy>t+xRQ$<_i3`2` z>He;hl^X8V3x!-t`rxZ+N!;m5b*>8!9@ha@Y67od4|$mdq}K^cZf_A4^18Z0&UJ6d zd-LvxpQE}Q2L~I~Qa82ieh!&dLtZy$rY}?$WDtS6pQiMqLVI6dTtcm^bUOX~-o4MK z7c$GGN+y@CK|bJd*{Z*rzw@3}n#C&(EKQ)V3lM1W0eoQmG#06Z6P)qcch4m~0U16npE4hr0c{k31D*tU3$*Id! z3N4Cv(MnZ830kH2B%oI{f8;3H=#T+c^X8CJPB)2gp~`L*sg}e_RQnEstffj0rw^SV zd1Q@I<^XvUBmwcybfm$T0F_4)6H_5v5?~pK@=Oj-yn}yCg@~8ak~QHRqU~sN>2W37 zcUe2@m?rNf)1;9}Q()XFuxCzd z?jdjY$oRm4gS+?9Cy*!fi8Y0hMM`3lED^1*6mn?&@UgLx<0I!MP7R+;9Xo#lip7~z z$Ge{IN_X)jxFOS!eKUjm2M_G;OZoi=`cs41!M@ay!!w6chX%8U4rC7avxg4$iBU5R z8g;j_Tt!Jy(HL*CpmG1fBZm(S4)*Oo!cgD|FY{r){IFOr(69$*2l@tQ5BVt{t4R&! zW^<{-{eyn$NUs0Df&KkQ2Kx?Y#n1)`Q@Hf!(fMJa#HWN_MH*DHdC; z8I^SZCh9PPzqE9x1&B`q(tYw(##A=obzi7l@bILPNc)8ntgU0mw1T7ZXGJs4*=O?@ zq(A<5%bN%83{rs?_YgZrUYE!bH;77kwxDW&*^dYc%>UBjh9IR=Jb~QE{Sijt7;+c-cgrqMS{wh(mhgt3e&^opk5OeTvWEy83Iw5(}MAzI@$sW{EzR(W8D9*VE;V7ZF9_Aqm` z2hecY2a|Kz_ew5nR-#z!T46^M1TCR6g7{IFAe>7Sz1)C{9NmvoY!*VC23=V=dVr!Z z=s#r;@&@|)ywNMpckPToVg&IwU8Gw7+ii$pN}GCMw-D4tx2{N&QCQD}HX>&!`c`uT z9kf5s8{YWYHoReMN3CWevMrh0MXS;1BQ9OGjSk*z9rt6}mCV$s4CzV;Bx$NS>NncJ zNGq4|YySpK-3a2J52%36FHRUY0=v;jv*@vwE^gnpFCF?9*Wc{Xo-5)wp$N&l2^nbB zqbD@rJQS%6s+%vvh*ia7r%?N9$V#r!t%c*=Y^NfRCgm*NWU19);qzuHxn=f=Adp+d z4fthYD8s#HdOB#(ot`F>7!)xns^Mz8D-2dcJfCI6!a2OnpI?CSp-{7p&U+FfMeXS$ ziEwCU|6+n|{Uh2>Jm7_Y_#X5f8Wk`84j4!@9=A#hzKzDa!gfmG?DpU$nnC|M0eb!_ zfSzrd0yOi8wRPfm{5TM<_{gy+K1>$HIz7h_X0>KISNWRvJipSN-vvYeefV=f{>T)B z;)#tLHZ&jPLBhNwVi4siIk)vDYc1N$2!h?rBUosb!HtN8tk2;gqlK2Qx;X?3DUf(; zt>w$;xVmk~niP>sXYL|7^Uy6!kRJYlV0jq-D0`<|K_uj9v_12Nbr_>{9gGk%oVNnD zy}7Z943qb*xXUDLY=&>By4>=WQ&6k9y{G3`DN~s5>0y#}lB|kjgbY!7cr&*$)H{K% z5*j%!plQ1*R<6zalc0)o33{EO_3bR4J;ym;m&5cz0j|=30^nP$ zwg&7v8YBdJfmanD-{gY*D}ZG_L9fohel?|}a`n=z9}4t$8KAf8mImaN469mrA;;{sy4vVIO*_p}cP;TXz$I;HEtnRkdc27@_r5($|zZSXy zpQ2?5s*8`s`gJr+NPWMCrkyd}uK{VFOwdbi#S7fD9U3Oj;(l|gu1|I3$j1g`>6i@) zys~u6)`$&daT}p$nPB|l!p?zUNb)5@A0xLTS(O8o6=BwEv1j8JZ63&LtqV%GY-7_l zwQ6T7s1uy_#(f`uvK(15gz)L1X-j3gpr*TEUI%>xOmX&Eo7EP0avHpm6+UmCUaQaf z2=FY)65o^~`?ar2tQxWOC(H}^4b4}{WWlMcz_`V`&5?E40-?!4?1v6#o)S zkbL_<{6?E){}nIWJr%l}n|STbjkS6Xo`3ue-D!5kw>2wLEWSz;?kxTV{)yvl4&6uG z)k^brBZ5+NIjOBQw_{|HkhoI(dkoaviVxtgMaaQMnzVTf{)Xohu_T51%Dee%6y+`B zN9rn)Jyx3c$5JjwDEt|%Rwo-!ZVT-htNC}ZbKfOwt?h6cGd<{New{7z_ zbrqS{LDTFK)2RDZeh)n}t$emKvge8Hbg@bIrup|@^#e5FO2NgONgp1?jS`DvhYL02j z6?8#)=5q0`V@nm@8mOzSZd%QVI1)0Gs$dfAmAr}CtzjZpPB=EIDqpa1!_$_@l=(nP z3KCVwwA9up_K<~lYrEKdp^W*8{}Z*<7<_vI3`(=u^Jwat#XcRNr^%0zB32gl?8)!O z{&Kj>Q4!l(_Lxjga zI5L}Nm@){`-YA%?x>Tt7C<9=l%=8|qRx7XqIzCbqDKJaYyjv(|OAX;$W!_bUBGPww zLe^NzNGre{-WdFbR=T!0nb;sB(v`4QWi% zpUT%ILgdygU6SMrA1DlhB*dH&4tQF`uObeDo)lk1GZ{}R-ZntkgA!rP#i~%+F%nzK zI#RY@K7Gc%H)leAL~!9oe=4{~^oG z7iSFHo-NmLv<1H6YV2dM##;Mt+r{30(+0>>{HG9G-1cgyH_|L?butG)7aAlqjBP>F zcDELn)IW=Ow9aKZl10Q*>iUJlstXPLaq{vC5}{2fTzpe1vC zyoI^CSH)eg?x9c-=xvk{C|x_YzE^zKLb=t{P}*A)pj;|;R}&!5Mfo29<&6ZrB+9GY zv@J{BZym-)D_6R;(q`MV(r3d55+J~Z>T`hV{p$|ZH%_=}Mk{1oOkl=G){cpS#r)g)?9R7&jE1JDJlq6Mm5B7am!-r3gf44tY6aCuE>stvw9LB zNpjYs2{7a0^9#V|LkW6Ge0tn8gtN4*GVEg8uCp7Z@I*KnQ)F0!Pz)OvZmL`zlCX_C zDNJSaX|H>zI-4DuK6q&G$V2eWkPk9-AU!a>*BFluuXbp&8>74%@Vad-;9=COmblj?&cPeLAui1HFo0IV;=tUf(wTqjHgKTt>m|yudigtMsOL^W6Nk2 zcH~lE?&2)I*9KwB#*qI3-MQ$vZte#nnH$X_y=Pb0L<6;xs;FpS3z5EQhqRr3;62(4u|^ zahu~R(}vfuuk=xH;I{UZ<6`{30pn^dSj7t)gFM>pJ_&JFy2_L@&hpUVBU#vv0v~ct zO|Xor@MH2=rXTBK6M!qb&aC73JUqo_^&}tENUhV1OSg1aTbPtl;{oH&49np$vy3I! zFS{9r-pXUeV@YNN(6qcaAsGQ;Nu6xbpJ9s@ zc*OY0W40)Iy14foh&C)~;B3=VB$KA6;|Uu%F;XHpp`UehHQpzatCOWrcPof8@X*MI zLN;@E`z3VDgg=ygqiIRJ(Sxf3R7+|BTJ$cp^6gigy|GGaJz&yA=&GS5>=a`+Q7x@q zB0)q(@CdhQio4VG1J|^@=iWf6A&NG1YDn>VINUzNIPcuyW;@GPJBID}lVhxt!!0(` z<9`8UdA|u}di-qyVwLySuQB4{Wr(W|{53ZDs|k9^+ss$EX~=EHJ=7DpobI_@103#h z+Jy!QmEyb6w4FuH1^a&i>^lJ03*nI4A>&|#S#N0NhlAi?5YkpBiC47PGAGY6`V7uHs`2Vm6 z?_BpixHmE)T^fa5Tf=$;uzwgptTBN7M`(za0QL{!Q#*j&t}#vDbr!$=zk%=XL$7vX z+oAbH(&#M-MwJ(TA&sI(4ZHaNyMVAO{sul^i;}tiH-&mN6{4NFktJ=7N_-NqA57klfE`lT!}vW?Z`HmwX!-C}s|u|(t{ya{o)d+JuVabvSwlw= zPfyRHdXhgqo$lh|l`sdyl&p+fS)uGvikL{Qm-UZGIE9s})Cp=ZI8Z+-w@>nn)<`9d zDBpWol>yhaER7H5u{EH{+&Vwc1n=HDABe}Ix}@A2jcPOgmw5bmMNZyCX(@a`xhGBiFVnbYS^z#C_c$a9>#wEx)Q!{_q(k#jSdgO%lTM=v)X_mA$+ojG}7 z@X6uhr{^DEKE1Sb>TK-__JjU=p8mmK&r1%vK>(sw>enFwXo+(Bj`-W_8p;Np+hAK} z0-8YcY~=YS!j0Nn>$F;+YK`nz=Rq}+Ue^XmEn@fFYXYF#563q@mhyUhN&)KOvOXUF z%$2>6TtI0-b5tIvs>?`qBVDn#n-t`(Y-eQ98O?oV%BZ&R3~F7> z`*=Lk$^Ojc@N8m*;@t{mQ;ar)vKweez8>Ur;r$5@#dJB3h(6=exrqLxf*qn4htA=B zoDAOBpcc5RRV#Qw2Ql(^*_kE~Pc%<62~C^IZX|Epn5&#yE@sqEP*F)BefujW}) zh;>?pbqwJB1!SE{UAz3fGGtx&RCTstFT{e)-*f|{O@}SZ=HcmV&j^JDGjuSDM?IyI3hf%_*1}SWSElZ?3xb4 zV;|Qyfbv%oP=a(sy}*><63vScrlbk-rlH`rM+@Ipt@HkX)_FaApkHDPcJ2ecK+Bg! z^yC=p1{&OcD7;1f`9H2+N7Hjbdx6K z|0@uDwk6@qQIneqT$zs=u)|%M-O1s8H~|1I+>a96uS?L)fjgf3rDN}Zhj4K)YDhZv zB&oGJ_EwiZcjxr9%m_hr17`+JPxArgm|TmK2J^QC+8e5SDgpMTE%j0YG`iT|L)afr z&`o0h0yk~zysJz=@la_ph~uRU8aBv#IT+xjVp5{A<4}wc>{h8(k#bN*Wn0p9SmmjT zx@G1zpD65?%hIg>#AY`Zc{i?oZ1DcpLzkw8dJ=i)emlO8Jak3p>woBe597-{NrOBn z58d}Od~VYh;n0<64#WnFeUBGAE^BoYYt=$v3WD#jR{RW7u$|*kR~2*MdU-M>G6^kn zajGkRE>uW;29wFq9^3a5=xR9RH_^V`DJkXErxReuMe1Hc>c36UO(OME+_bH{>LGa* zQm&C|vIrDGn$g>e^6ejr(e0p%wiy0d0^GO&_YlDUy;Fd%H5Ki2e1+nnmT>C1^-fJa zcUYc7*~L)J?P!;fYF>q=o#|GuCnRo9&`na!7H-;>YJPi^?&k8KvJDHeOq955(;Ym7 zw8&6FZ|2N_raYo0agVhPPblA6@Jl&w{N(7xv&Ypdyzo;8thseE@(R1}jB*{%`DJ=4 z)LdlMdpgF|EGz=-Z05(TaqJpD^SO0}&Fu3&-e>m;e`g5j>N+21jvM5$+yf&hT;iXIT3o;0E|NkAa^W>?^5XnLAG{^0X)mGlBMG`ml>P`eZOcBNCQ1$s zs~VFy2Aptt)G{FggMFUvlVMLzh8)T0 zK1+qTt?O!dr8c{S3g7Mpe?lvKWdWu6@HZ3CmrFE#L^S`tQ=+-neE1qiZ-rH2iZ?uz z1;2{LOBTG#(p+^X!+n3106UWV{xShZTtxO0BL6%=H_3fp=B91A?^)tLJ8Y8P7M>Q) zB2_h2M;gR(X|Cee%6sZ~(Ws6}`W$OX??#eCY%xspHD_5Md+PSP=nCK-R6AOhs1(E7 ztUaN%o9%cFj}tHbT95pJD9>8yKol z*3}j{-j3qvLK*5f7Oxm8tdrTn6A5-uGStxo7;zD~pAh+`1l=Se-@r}VGSo0J6cHjU z26L5ap`M>-CoVj)K^kTZ(P2eqQH?yq7xzXFWpFgZIC8n=?$DVO$J`m<7+QuIugK%Y zla}Nfnwq)hju0R;iHils6QH{@gS0bKJb3&%oSliE!6EVZrZTEtxB{Y^s;K&#$x|h( z!vArIr@_S2cbrcDL#qu)7hWqFBL~X6E@A0VdtN>Z*5vsE3FzG=&x1ssRtSm{G(Ce5 z6pH?B4Vm5z)s$j-!y=|rti0;D>8P-2ikjxZlf_JT8Zw&h%`6{n!z^nF2R`hwl@Ywnhs=RxzXj-IeOnJV zSk2j5pOqIzaCA)KaEY^6RNW8JPj)ES^re zuzkY@U)2V3x?ur)QKZB}(G6}-*{umZ!Fk1LsW4S2BVdhcuTIUD@I0SyA0cwpdoY<( z=;F+xdMD&F*skIUe6LflXl3FP7c%>SADXGQQhdM#!fN4(7R?6&>&+MD@>3;$(Jw`> z_6&l9-PO*k)&4%M_AYz1v;^@9!o%CXps{mYycch7tscS}kt%>^!ZHSxBdHGJp z=h4)G;v7AP<3?N@B~jM0Bv>M{+J>N>AQlhigWp`FvtC8<#&sZHqC&VeT*jc?+nZftul6!X`F3T%WoXRiIc>Z*1< zrqa9kV8^?7fp+n}PIu9qsOpGRr&{qMxUG1J{<@66@>`0N^z)PWi-hkc`fO+M?;yb1 zk&PQP&eUcJu(#q|aYI(S^XJtE&G(`%&1_)~ao|HkUOL^2{|obYX}i{Y5(ixBEFEwu zI$Baf1f_=Sb-yO$PP(=@$Jum47=hmd9`gG8`W_LV;Te&+@{pH>l=7=x{FxcD^{n9I zOA4aM%COCijcQ?~xqlT4UCB>Dlg<>+(Z&P8`E$VToA8T%ZSUM=I@Z3&LRa&3ZC9*_ zH$h8Hd!q?x?*mwdy)wC2TajsQEaV1_DyZq|$I-R9i8f-T_>=VW7O@9hr1Uu&cP~K2 zfQm?Tp&%1x)!aw*iUKMRZF{5UluBd$E>ZQOJs8YZXvJVAk5)fQMteiGjQ&OF65DG= zuOAO;M%MWhIGWY&b<{`iV?Dt>N*(GMBD6>I8_kwJ9n_&F2k`hHN!tbcXonjoW9tRZ zQ4jO;vRBDw8&$7VK}uU@7OY0v1~e*UaKInL3C1~9`J+|8@Q#C_&=YUoq3~#7p0YkL z2ErD_OJG(HofX0{jijb?h6kCwrT>;v`s+xk^O5->l0}q;0rMcTOv=8W!z>jK4+>G5 z9lfzK1gHTn;Fq*KV-L8i*NLdX<*-35`h^v#E8fq9qLV zo_a(@E6<#Kh{5#-q_Xn+w6t7j1MF;>05wtBbhUf53(j64ossv5mq2T?Pzyx(rCCmR z)XqC9%U~f#phG3an7-P8Iyo!LN!%cxYfV1Je*6xW0B$no9j(-*#LVqM(PT#Y_5`v- zX4%oCY>ECjT}ED}RI7!kKw-3+M7ofxPEXOnpag30B3d8`YVMY~LT0X-fm0%nYrcoS zLdAl#Q_u^C!5va@+lJ%R)l6;bb(~Qn?ZXME#YI}iMVfWechgA^1#aprl)MmqPZfnt zbjm-3fl{O`vSlPiwv&_)UFM|M)e3*iUXxZriXjTC6T&UaQfnP{(#OFWsm2DN8q<%P zu2z$!>JdZYMdu-YAhkBs+q<;1lwK$y1G6z-N@pwcz3P`<=*Ye2FYNChyKiz(Bn;dh+tQvjf$`)l(Lb->vkTeb{pF*h<>Qz0i?xx_(bL1@`LkD_8oB5n>R)(j^!UJB<=IUBYG2>kCl6+( zN=NcXGEYrrO3%y;RGzGkOjai^*AI*jSI3TD8Ow~GIDEd|SEt~0y0|n|8-L>L*~$G^_77YhJT;kn z>eS=MmPRl4)r(J6_K%I$AFs?Gof)02=H~i_tNxLr^ZCBntGQ>ND4%+E;%H&uX#e8b z1CLLguP#1ua^dvsVr|?XyL7&9=FIG=6XOHrGb6<#2L{dzoIQ8?#F4X496gxN9~zr@ z>cZ%Fluz!9wHJTsKoV#@9@r$$hz6)0uM=tr5 zV&R$d;)c?~{z`YG>xoGDZ+AI4=v+<`lb^bue41EW-A`V?FIr_h6MGTVZy8Mf1{48R zVCDv0zTD}OZ*A|~h%Mb&`~^Pw-7D(-u_UVwsWz?j!SZ_v4i@)nS|A}V7G@6dZn~Qu zSSfxS!)f0@lMaU|IuYUy2mLU3G08oaXIHv_

FM|L>T*_~Qgn@$StVHastuBR&bL z4R51|75xRT-|LRT=iZ*4A&yxOYW=Xo(zOP9M^x8HB?5KR=)NRV(A{TK9!az$wZX4z zyL_W-{#Alamgz}fg5R!Q@SkRp|NuaF9BGvV{;^QGiN>3&KagOanqO1m(Wwua7&?8;3 zx%4=SG)d}})n%m_hN#?R1knt#az`uwgwpj-y$s<{7t}W-ys)&rTJ&7RajZ2^i@X97pA9T3+16WrD&yxy9yz|(u>z5VI_u9KBo9d7BC zVwYXVDzG+}>!}GOG7NDU*n$XP=`A85NL{cg4ZMQe%y?OV;&*?+F zo5tvV4v}a>UU#hm+x9|bfzN6&hOtQOrC_vuaDSzr-@Etu^g?F2RLSJhIu&C#f9E~T zPAnCV^>qTQCYA9vq_UQ9s9J!iY!zp+APw6sry9|h(yZ9_&LyNo6)aM!%5$jt*J8Ls zkGV{hPqq0*sa{w>qt-*ICKNU2fs~A>Tr49^^{FY}Q<{#XOcYzD(=4WeIg$Ok$|mrH z;DH0EhBqL~b662y7Cg>d6`yfid9aG+TB?yTvlXm%l1sZ2n*S{H0Dftq++1mLOq_0D z_469oD@p;8_zLQS3AgyT(`dIr4i3zZAPJuVd?ZFRB; zR$j5VXd_Ap`A9iyV}FuI7N2IyeGgkjMihb!8nos!SNP6nnM%M9nFfmWR}0U=Pyxrb zvY`YIX3X$Tm60a53+Lk`tRJq}D}?3KBaqxkZ4xN60m`6gN z&iwM%5BSWUR9E%ndckbi`A?ZpuZ_O z+c2du@=wq--Wd75BpZ)Ih~neL306YAcZ8vl5mKIV;C^DgkgE(%Az^gq3sF1XWX7z8 z+8V#>rMFCVw7nFUrcaBz@9EUu{VpQ09q1OP@sV;ELt@b+9an*yi91RKd#zEy_IusO z@;+)bQuS(9l?wIc7$q!Ajfr-pE=2{j_dr>yV-RW%9wX@^?|{+1JOOXf`B-bf&buJD{{V=C+?U%rF?@ z4TtK+#1Y36)I?rMTsKlsNT@hEQ^ZB73mqu{!)t;Np?N*9Y;OIhSBG6#iN@12%fOiQSduX zN;*1`@*c{hk4h$OvyqBdcQdcXHa09fnw(|NNS2*^4`?frYj02uod*! zgf^)&G4kyJF=D%dCjTk6`nj%PWdKzdKrp89z{qLjUE!GlMR^zT2YpCJ=p!+0dWK6LoNftIhaE9%ij z3JyWjhr=FPlauk2XHJK(0s^|R^FEuvk$%$=Gu5jNKd{=Y{REpCM}Q(k%Rq;npMknt&dlSm53}otItI0AbyUj8l5ndhRBi;HusR)Lvf*kmq+CG9 z7ODkZFO@kn=AC3t&ylt#W7G_NJ+$u(DVlCT9gP*&mvgQ+Q_K28J${Jb-TYgK|6K^eu_?C?(;JLXTPtpGt;9BET^uJF- zv^+&m2#b1(UhHZo!tX}|6yLU9PHO@Lhq6cqjyjRrw9?G{7XYSRq_52U{!_w+lllG8 zmdx)5pjr{RODzOyjR?2xf#8;x4Q0weuE9bDIodrc9^Gmp?v2K`$`EpxlJs~{blyHx z3szpS8Wb+%ke73rdZoH-m(2&eN>xY16-@98s^ENUI*B{G+Z*^@K7Lt4#PO+@fTs9K zn;OC*$UUr-Ld0v)ld7UF5FWIrci`;+Ks;kFY#dUdf>^jK3{QqF{ts`An~?k3I5euA zzt;jxoLpF%K(!ft(`(vq`yb&|aTvL2AuJ#A*K4E9G9?n6_>j?c-bcop8#wYBU`Gay zJerJN%#!a7!E9%7Bs(!eoL3fIKB(pSK+!w7HqC%q_K78RBCHv3B?l3ueLbGyyU66w`BQvv zpfg@R#kblq?rI%lou2dC-qUlelqt-IzU22dfGqiMGq*BZ|Mmo1FYkwMWyHlhfZZgP zpCh_nPS8zOuwCS)ZEFiBc*O667)e4L{)pd)(4gHpE#dzD1OT{j|2)C{JqfyX2KTFb zdd4V-1Sezoi;XWBsJH8uX0LxaIn2M9VDT=@A0wDQmY|yhbG)#S)rxBgMwJg2O2%w` zxNudkgCWQ)#1O%OJ+)9q`%A1;l3kMc;jf~3LL&T&1UPUvrmqP1`Zw z)1l$cC1+5_=hW)^raFVH=|I@BaF!fG{1bnR4=yg!!M zLiEUAAeN_n;QPfL9QH9!6}L1oYF$n2R=oIiDOEiF^TIEM)lD7XZ{HAiw8)elO)NJC@3Ey4&|4n7>Cp$s$bPL% zG}VwX1#^iy!(ErMJiaLiHSq4ryLg*iL&0XATiv8KVj*T*-^1-)u@byI$*VsN&8&H= z3x*jiZ1UTKP^xv@>OyZu`OqqsbXOSe%#d{?ACds>}n>9y-@Ye;pB(iEFMDlwssC>ZnK#tbLX8o29J^Ts_*h0EnM`w!A ze^f%gGXL2WN3jePn$RQC`Vs9UwLhhk(VXUy7k+V!;ti>v8m|?sv^P9Yg(;~swKO9j zn~^>gr8TCfYxzuS;J`r`{1DAFHgatA+_{nS$48E<)1j4tKgDF_GVuCY`aY9@XeGPT zLYUoGUW&A2_%IA%_q9-tGT7F7l>A9@#rdOEplfG1EypkTj+O=Mb>1Gl#F>%4x{BpJ zl8A-O9AW6aJCwr|V&k7C+H`OGTVs#{!Qo^by1vZYf&#}_d5gu{3h=Fx+fC1%34oQR zNzHCMT1ACc!o+5Da*+J8dytr}&HIDLTS~sg!M9mce_1u8iYOwSfvW>5rw$rE`1DHt zbx*TKFQ2ne0qG{~kex$qy;%>82WuQlZmZuC{;XeX@n`)U zSr1Sk2IZ9KmR@UQ@eIUlqf}aM34YZnR5C3QQ6S=Eun%o<0QU&_TJ`IVDqPfMk6~6J zBSxBt{lZ~~a3iT5A_xLZA>wz#2F9Vo4lbOSQV+n%$t!AIFr9iCwW~PH&CxFwt`}t2 z4j>yw%bv;OUaA%Hs2-+rBWZ6Gr(<=gQ1cOX)Y>yFhzXIvW-0n8k_w3Rs-Ykep+E3s zY+)(G-BqtH8$-r7u5|+qcR$Y5j_Y%bATpq0e_M7yFs&pX0;p>8)Jlbu$EBk1>#dA_mxZwTp*f1AVr4cT;=edC6k}m z?WgC`@RAELAzkyDAlG6y(VV zh1^6!Hr=)$E)~l4Ym_1f9q3%wF*V@d+A-k25di#pcuqgSVzYD4sqOV#?HIQARgSSv zo>O=eEdmI2>wFS`D{rFJ)`4nT000;6-zK>KPl9d^-0_E*wDbOKf>EXKRI*j8@3ebW&eK=-SOLc3F77CL#r+n} zt)_<74kW<2)ad%rw4IUM#rf|L&eI9HNu0l)o3`buT~a=@p2$jvjcK9JgC`O|?t=5X z1kU+&2j}7h&d*4Y%xf~@A}4QhSrJsu$rec9hj~vtIV0|8eopHq*JyN&#(c+U{Evi2 zzf&|O;>2zqbycjiqh}DY`bRT4btevEr*FsjQfA*4Xl_`lnE)e_rQV$Y3oZ@*9wF~r z5_FR+^$u>@mZk0$Dly;MDSroATDDqPptKOhQ*li+HT+Nl*j<4B69M!u)*YZxVyc## zEY&Hblzv!4kXm12%~jqVz&_aw4C`bvQP&C%oApr(K!zAVH(mE}HR?XmG3q``sQblE zQFpBw>As!=V5C#@kX0G!wBzDN#`G1&QeVLOB}?s!>}Z(lj}u@?GS?p_z>G_azfTDL zT!Ly;D;1U_IkL0smVF|ekSTJzK{&<*3)fnHH;mAY3+xPvNTj{)q3UdQ zX!_ux!6OgJYI&&x>4E9J#>jMdwL_cj*!Egd*@~058kePfAm*OuSGx1NU~|0>f2`tj z&8=kWD)_aPr&qd*Idp998ar|9F%N%v!PTOIU7?)wucii9@>|Z=S2BdZ%jkoBqN!nE z`ml192Ieik7T;%rv!g$rw^N;+hi#g7g|2{T)2+P`-4600{7cQ`uV;M4-%R8sW)H*X zHZ8sjuxA`}Zc|&o@@@JNlI9!L3nb(ttyeSID}FUy@awbbN_DOm_56DC_4!gSD1F2sWJA-!9`Q3s{d*0k{w@fs{Vbyj zC<1d)nT<+*n5de@>ZPcxg|O%D zrpJP-i>6LGx!o=PB5m>iPQX>N+T7ouspHyid0pl8$ukzacrV-oswa7Oy_2`PeGESK zGCqq=w8d&u!}=5Kjf}sbX?br#Qp3cOI@zK>p)GoZhjfK`Q1HcUQS^Lq1p%2jEdF;Q zQO8IO)i}n&d1*rC%B!Sy+ruC5L7A*t4#_ds_iHh<7K0ZP?4!#gUvkBuxy&^26udVj zvK&d5pNd4s6hkQGbkwD*cmndZ*~8DPN9!uBnff2Q|K4bAfZ#}=Mwyw{%nH9yD)!+VE&H@x;ZdMi+MWvrMCOt1fxnvm}II}N7$;2_YbHj`LOdM z)cg9X2Q=L!Dui?^+9xE#E;Q}TPxhCzC0i48lUuTho3>@YQa!}6gt(<^QJ+iuo38Jq z`t0pVus<#z{0~CfJQ3ONAzrftSl(EM1+>+!4AO0`F10`bore9Q#{@z@x}pjCAMt_V)!QofIM zslHQ|x0A;4ucEAP*~>R@jeuT^L?gIVxDd{VZ$ogk6sRyhavfcauGFW204 z|4D*9lcwzNMN__?4s^aBW=$DD(_|drby!X1aArm5Rtvtg$d0nY3j}>?tc-*{Q|Ez z9yo{MqR*W;YY9{LdlSsH0kY9#vv4;{a@yoIIgBXw5fV#K2qCEE{fv0JQD#Q0!h^hUOGlaOfQqA z3FPyPOhVJ9oEaz9hbgcgui7yJ!AM7`CR}W-Qr1$J(;J=2hcupb1neU*pOJv7vTw3i zZNbkL=xHo!6X8o22PIj2zvCr@N<-Cu&Q$H1l($X`Oe@|E3j42dpLmj%hGH6?h5bK% ziEdj9Ca!s$!ogN&pu|#SoWh+C#yA5-XZOkw9%4Y}`ufEw?8c%JUUwfr)1XHGA~*vz zG2S#3-1cap+v>IW+km!tJq(>E7=xV~Ixo=jWwkUp#yS}(Z|&(3QkL>HLhUEBShKX- zb(y9H^ZDcilnWuCpaa6ax^Ez(bS6PJd6Rq#H*IS#Nnoyg7e04HL-DC1t1Z`nwjyfL zmJq^4MfKrWuHb>gY`u)9aw$}m)t#y+hh=W?iGph`U7Lx`Zu}na#YIn;XS($r8* zA`jg!JZk44>QdML2XNngbCyV&CJ%j>}pbiM4(w1g79Q z;ILNw3{tRtghySKS7GP$G}0{8do%JGxKQDg_Ox)iqqU3Sh(5GSD4+JBX;7^SV#7t^ zCPL!g1l=SOALXWPMRTD~)FRq$%ls8~@vQM)_7nRfgX zj~G9>v*YnItT)@phZjTH=IvOzJkxEqkzLGQy(0mB<+1*@1lVwqxP_4TT!L;AiC4L4 z6x+Oid;<(C_)mqUH-CGSEE4jFwoNIrwv(_h5L1LO8JTA2g~>T&bW!bgPu$*ZQyc1G z661K|Cr2-yJ+7)ud6}U7x=v+v}1s*-OuCSR6{~&N2eAMR75YUwoBhCQ%gFIF|e@KG{P0P$#eGzb~<$wS_ zo=aU4-by6=eZ2U1I2{s>pJBb_fYjMT<-l)a=^=7Jb}?k}y9u^Z%7NcZfDIRk+X#vO zK0!B$#NXhiQF1`D|CQ)tOv2Y8W0RyXXRREA9|bjhxhLVI2DN|5sC7++tL3=A;j!W= zQF0tj%N*Aq&T(8J-$#3S1A*G ziR1E>0gUFmqY3EA<-1#mNZ!;bkz8xOdyR9?gZ*WSH#wB$a#*}Ps_wFGdb*S0w%G*O zk%!ex0*ttbd=(*bDnU2NZQsOA+j83?ahrYVrLv*ZvQB954j0Llxr$#a@2TT$qdIEL zvsW%tUS@aSVwjd|&aFV1;CCGc$>8!v~IH%-_GO2OL}=A(Ug23aRoXU z;I1Lmnvn#Y@nr7q|Ep>L{~um!JXp^D$Ir0#0}PDRDC>GoQ?v>l3 z;fZ^rhcY<&UB;2iDR+m?q_`!%{^{pU?zQNf;e###_us=1Jo6V&T_YeB1Be{M&vEF}Vu*~Q~VQ;GMX0T{-YfNb_7Hi`MwjGNaAJgV`k|oN#4DhAYx`AL#PwS0f%@VI` z!xC$GD)&y8d5nLq`7q_X1>RyQS2I)ckz2mmB}#I85Q89SS9u^(7$jv6qBGkT?6v63 zHY4eq547aS5x?m~IRtUb(k7~9Ywc-S5IR}$X{zLGrtfaPzGZ&tB~HyOrC>s}Nq880k|&TuBn&dogm%!`?wWExR#+qX|ISw{QwcR`bL z-dKJ5CKbMZ2E6I;~TDf^)8IsqOT5Fr57Y5*1NFMqKr!cl?r%xa$H=GNs&f z+D#MxcpKuUQ(l(hzJR7K*xfe=j_%3y%^NlxZ&a1J-KIlt0qP;wmsYFy&J8~anJ1p< zqSN&KG=ZLx zHZ6xxQ4|rz{$x;VeSrt9`uykzwKa&R?<>_D(?bRG)^I7vfWhue1P0^a^SxCV0(s@gh&{b!0BR1y-v0C+@1p3YC zr4AzdxN!C89y)%N3=PQ5=AWL;ETu-ukUd#{9@5?$ZonG}K0)0uV$g|v0XaPvGFAQ{ zBfflA$OG8RMc8^Nv$RjkRIoPK6c2k6i^vL-7o{Yrc zW>g4-RI69A6;vUI*Z}+DvCujmSAe%PRhdoIvK1JbNo>~h_`dFE^JP4%jWBvr&IuZE zc3~9MAe7Ej7>B>EVAcojHz(jemvHvEgk$NDyF+wH>-vGmBNJ(m^dz7~9w{?K3PWi9 z@i}`PA^Kx?GmUe*-l$nc7HkC|Rj;H#Pboomq`Va00AyG?oa}GuaCUzc8ff}AN%w^V zNa?;)K?Qmxnflg!vr^wagas7`Xp4$>Z{D!sd9g(CiLImKo~e}f#&*p#asGG$;*{FpN6^&O2KNWG!RGrWTxH;b@;zNJ z52<$d*sm6W-gL@DIK7tv?RL{3x2eU#rx=*rQhs`<{gjr`VYcH5SP^aIR86Qrv zICE;gz^HK(4(@1OyE=CxpV9kN0u;-bN1BoijZa@&jOgtbFm`gN9Uz&YNC6akJ+cSB zz-Z|_d%!M}vf451GAVM5b;>~K>gf?w9GZR5^$@rX2`@M{w}@tjGGB%7+IhJpMQuaV z&b-`@(FSi$&`lbpZ|0_L-319U4|*_?1UbA=%04tm2zPe^0Ng|O4FvZi3A%L#ciTcK zrw!C$g;LHYhxufJ#k(+n1Hn9!pqm48ytt4Kh`(o^jdyFvYzxU&>y>S>wTGWsmE}$C zr$&o!HMn+PUwvD0EI*q7T`rd2NLXG<&`n~w&Q05L)Td9G7toAGq|Gb1^6U3!#1ppD z)211;KQ=IsS$=vNrU)}u@G2TRVvADbjEf2dwlyHKZiw{?XP>nav)q_97_s=hyopXu zP4nJppw+>>(@bMy#f@$8W^7|4j7PF1 z8QYvTKEN2;fbBpqMjFkGG}D%5#2gkT@v^yK%uYg<3=4#CCYuBnNFa~{7B7Pmlg6Vy>b+3auJ9|77F7gz1tc#E}PwEY;gvcc#tk7E^{=r7n{XY?20qHTsI zSlEdJ{WKit*Fl|O8n?cIegyN)UcPMU304T}j+Uh@OS`yj+o1o^kydbW?%<@_TLBz2lBiwj@SD zRyRLY{g76f+n1q1$`Q2~q?|a6Q*q;?P0)8|8JyhHs?Hci_^`gH4y&+}zD}$Q7HL8! z4ITzu=U+m#Msh>~rHz+E%aryhzyNL*HbEX++?=M)#FHdUbi1#JV|g`_X@x>DPNrp) zHB4z=&;rYexKmJvcwz z9ouT2nx!f5x?HlbhpsY-t?ui^Rm4nxaULj5j12^rZd#XZLl_Bir(`#kT1Rp0&lh9- zN;}*NfXVb$aKwbQ##q-H{6N09kQm5hla8;%P6nRvFH#3SwX2ibM8?PFE!*JM5jqzH zTL)cTuq>JG>caI+JT6z<(+@5g1*p%eBi6iW^%|JUTSTy@@Av;tq?_GacTjH?1zx-^ zvYNX6Fh5@Kk2OQjO~TheW%_4zi!|qGsE*2kuS_kVbmmLdDHhL)#CNBtLabm0S-z>& z>E3R_(3s&|tA|k!Hal3{uH3P}Cg!m_4KBj*B{u7V2&05;z!0y-Eh9&a*oZ+7c(bNe z5A*Ax9(D=QkH?uE*yO}0?9X=W ztV^O*4+!gIrPn(7f~ya@t&^|8dtd8>6&44ppHZRTI(bZ?AMy2_Z%g>OU#t^OZqYiy zhxJ(}Yp|1kP6Em)pU@~0I%)7Q&|;mysWqu}@-DR1v`!$8Ee!sfum_Jc&ct^V@QP!3 zEt2U^3dJ~?eotA$tdr`)+jCi17I3Ivz9k5%+Zf!%GNyDT-a#4aY-H=qMNZ;&|6n3brlbG$8DJmixOQ zeirPBQlKi=bklbc!L}3*_l04z=kNvCHO0k(u^go--kSikU1Bbk2xcgk?pQf31B^oH zZdW1u=tL(y%`cBLNo<#GkMQ}4PX5?c$(jM!iG5}Zn&2<&89}toO1DbC3f}vwbXHhY>C6pC?E>%SR$&W4cJriVO} zQ*~b)vB1VG-w!=j9rt_%03z;9h&!fGtUlbK`=RS>)Uy51Gt@D!QE0q~c{5^OrBF=3 z>@Q?cws6t)UkU<|?}ze%rExzL&iP75)u2u5Cdgxts6FabE-R2rr1BP|azUXOr*fXM zhE872a7-N7K}MQR@P$lsc48eOGG{3KRJV1y+@40v4y@27*0n?|&r~A7oW6-lC`~1> za+*raw?o+YH{G&5Set@-rpT3ZkSo{F*Mb{XA6JfIM&!z+Z6|cms++Z$wNjHQImt35 z@gueYxzuYwKEjA;txLKM$j9NmuK~#liw5L4G$84-Ub9hr2gaiPz+%&j@Igh*^}K{N zswQHavWbXTJj=P9Y!Eh|IB55Le9`dT$Tt6A6Kti;zqb1MH|p3Z{G-qM@XvZ@@{b-^ z{F?zEROH_j$m+H{^z#p!=g&XqG?VeJ9tm+SN{ELf-O$IdXL39E3tT()QLT}84$Jbj zxif*}=Gt7M>{y#SOPy`&C2Vu!6$R;eNTxLk#ke3{MOj1DTk8hTfgaqTvvrNc^+(gm_McRKE32u0x(u=ilSQ!au1FvH0iIA&hsy z5?+)L+fYJWCV}CWse*6}{(=@A0=|*bDbmnYJUD zMk*BJWO|P%8mdFOwr}2WL2Mhic*60({sG&CmOMk@S|@m8suA$R5YCPCLPS0YpNYO1 z>}UvW&d|{g^aSgI`%X-Q9{Tx(L-!?{1q+A;Vn~?L)DTnoH9@QF{BZ@A@sKZAHBGym z-JN|exHF1;d>`_0o_0R&KZUr=D^NExQu$7*E{6BM3Xv7os}TF)gNh?FD`CwrDMU^- zuR_EZL#7ZVx3`4xuNH}ameQ+VA%0e!f42+^|D+1h;-6DOFy7T8A1akFbBQ9rpgyACikKCLKqr)>nVbhWEbugB8}RKNiCW z74=6mwOw2<9VY$3$>!A`_+rTPhr|sajDK4r@vi~>(XGzEi-(1OQvG4^Bc?}DYf zC?PIH330FlhL8SWf-(3DTJ#4*W|QiV>!7Ws{(wBTb$)|7+pbl>E0SpklIa?SVqAY* zO<6oyl2ATEeeX2x5MGv`%fd28)*4^uf&61uw}k1>Ovpt;o{ zQml5Jye*AgX=raRAo=X=1<8?N-Y{QH^a3>8R}-qpQPWL(2C#>$)COOVFb5XG2a}2!q?QX2F*xk$%>h4B(J6}*v=!$-?E#|gE(-cjl zRzexAW7g$A$M(HM7CVo(adL~t+wft1$J=&dFP$a<71&FI$3f!?cZLv{1j8~*m2U>x z&6TfzEOCQqB67?Pj!T^$1v-d>{9+_uQlS_hO=;8L_33y z2s^hgin7CfvzsQ!tSzgzZ#y%-b=&G~+qcG7Z{51?yloq{Y~~6Gec)~b5DlK*z5}c9 zoZh|(p8B2M#&`7zlrALrr=eKb7J)D#hFYK;>Jcay1X(InowrPxj z_U#_}PugbMZ;2=39?BTjB6FmT!uHuE{zxT)x%hA6p-aI1LqubMY@YGKv;k)`oQW6P11Bxk%BsP|USt{5#!CCnc zes&JlKdbBr|MQY#wsjrhw?Efho#Tv)h>`3t_~n2V$*yMH01g9=XoimbeCiL@f+K$w z<1RX*7uxlAV%$Yp?81#rz-}S*bh{P1@cqd2tDy~6>_Ti1d!iCdaOQbdAVoX6vN`JI zFD=6&L7ggiIP$=O7eiJNLXRhK;05QK*Hz()I|x*`SqEc};#F2G9I>peEW(k~~k(0e6iS$h*-Q z<1cC*POlbThbFI<;23}R17>bGd1Cy172YY%uoF{-V^*7`4-dCr6_RzG)?i zUF>YiA8ZuysS#F9n;-}CO%R}D@Q24RLYrT9#h$r1!l!3QnC5ANcBlFQXlaAXGM8c% zo;eVb)Nc;NI2kO}M7deS5xp9!3=;(Pjp&be?bxzm?V67Ft=Z5LTU$u^EG%I;Yh-9_R^p4U= zd*{x>r>GY>to!qah~JEsromjDmd~b=9lMj+cnUjOd}+HQnAXf4=G&GSy~chh3#9c$ zY`qvrivyZgZGsMEOALIh_vFbkdjn14&gZ79+nw(*Xpip(8Y?Vzee<|JoO1PqoD|=g z`?WZ%Yyvz>1PGS@eCOmzq-wXARsVi1HqWzPYjJNB$^*Og`q{VKW}n2HFN}SEiON1W zWai60_Rhh+1tgI`R967AXfUE!ZKb@bfOtoFBh=v$(I zb5okz!q_abg%9_~XRWd^48h${_q_H&R!_+H6aqwA~_ z=_NCkQk%q$5x?hLadhj>8{xgL?qr4a>drff0Kp96y7TkYb}{QP=}u0zX;qi*)XzSL z?v!{jhOzI-sO*cXJ6~33-%p2&eO}#Zv9AeCA6r&&?rERuz6(ejoa#2U$fmm3V85v@ z15=NH97F;6Q3+Sv@>&p(!Cw$8f#9rsyN@jq`e&7G_f=dgkj9npfW(%)=~rbNAVK>m z_Ou6AH~E$2=DrLI?q%K=)&~4A_QF@JJvaO$d*YO*)de9tIJ7^dw1E=~*ubG$to@ru zk&$-0jWc2MaG36BS_gD#bpIx59nSq5UWcarn~ft6 zY}B$HoG+_mzDuF;BIXYv<~tOM37Gu_sbdExsZcB5!Qlf-;|>n2S4!u3FGHiuc^>4k z)%2_ILa}GPqyS8$@`sViFDMk_RQ@q#4INP@dgo*Euq}>A$s5E7E{#-SO`HCzKs%8j zA3=h=tDPYG&G)cP;=6uGYw#>+0lfE}1+l`CSx^H3!8+iBid}pOwOv#i`e#AXU@n|& zUf)A}p?3w?4hROZ-7;e~mud-=U*}H-88OQUU45FbSeFU@P_T&Be+Yp6`S^7MSZFAV{v zn5zU_1&~c9ESIcAcQM~rE|DWO(aDTe<*=RmvN^b3#Jo9vD_xdpA8r;RTH$#nI;eyO zIs0H&Pol4wcKBjkzMmUpvvWPMQ{1~5%iC+p`q9*UyUb=PBbtbAzVba7te*B@oF)PL zX7ErD`^7%&7i*}l;Lq0AFZP40MiD?XxOV#itip3lDGyKm)^71#ebVhJBzPYb3md-z z!Gl>U*kHj~`Pwa89PrO7Tf05oHMKNW!vpu)EnEAPuidh>PwVQp(52fuk?_mmBi7O_ zevv&XciWAx&XjF)I*-oS@8Nnzek5O9L*9UH8xYvZV~gWib*fu% znIqi$!cy@MQr`(4b=)K4Ymim+$oPcEBV${rM~1tNb$DY8P30CTzNbJ6QEq(_hmlDZ zVI6;wy^aqDUFAKo4sVPFY%w3IQu4@n(b=xy^~m@+5V6q}{it;~SM+%unpX6KJu)UO zg@M5q^gSLKQ{bJVJv9NchRI{G|6PZC9;Z-@i}BHvHPoI`SkI3`O&qd(J--z)DB?a| z0f316dc@tVP^>=Oq3ijZY}B&#{4MI3H!3t<#C!u{K2xEXfZ5hh0UjA66>8<{`FvPu zT+jFO$haIDWv;qF9@{+q5WG83#TuMh>B8hxK3Ov+OoUp;LtUwSeI6t3 zT6AAFnJv{S^m;H+$ki&wG%P<^>{4_J{x{f?W9cvg_?X^^;}WS$vrUDYm^ml@c(83V zSHo^%{y!4BIZ-2l_+6b=Q(Ew@&N_Ox#U$3iVEHV{CZfToLpXzNtV=dk|JSz!qO>}_ zU(8vP-1UPo5PeJD1XjRYU!E<OLzhuI`H-Bl0-d%+tiN zm+0^&SqvXkG>@7gtGl17uGy$o zrY=4zs9iP}9;Pn@cO|}cfsG+!QpJ6QwLG}ri7dMrS#}?NBe*&BvFz#)_mLf2R+mee zn7PPWD&d_i82g2LYc5&p@ET4f;9VgB4#S0(Y`WCbk}veOf>qzj96wX({zM^}kDH{o zD=W4xS=tJI!Y#H3k<%;XCC29=@k(izgha*fIagoZI{0mP@4Lg!3hULu2em8f;Qy9% zkzvxooNOMi6#eY8b#S}HAvcVD%|Oja?2D>{m#ed{9kLFK3FXzn7W+i66wW=tD(LIU0+zp<~J%7|;Z>(9+6K;lb;GwWbo%3DxTz95l;PL4WEKxW$ne?f~0xGO8aAM|SMrEIsS3G&$3{~lf_ z&b&U3^mO_0yYY(l#H~oCs}zcHd*VvU8fpUW^d1M~aey4BW7x^^SXY-ZxT_16dy6qE z%yB%OOXe}m@mc3@glMJZ{_cT7HdkT?V{Gf-_&Ppg6ZCE(sOO4oYK19cn&28Vpi@ zsC7y9a-n)FKtsDEK*Mv4u-4j=+ZuZv-utR^R#>#grsH+lt_I)$6xT-la=|Kz?3KmH zKSFa9NA2$<%u}`1tWZ6^(mzw`?`tjeBoQf{y|&ru)GVC5;`v5=Sl0I}^v|E#hTK(EjV1A7P=FT(@(2_SZ0qBG>|g{|sP!Eg^w^E`*> z!P(vchkl;J6C%bTqeqO`TcgjiC(gM?^*Du-AL?G5$AldG5Is5HLZ;g7A5Krs^+2CS z&wWI#!+Gw5*P-d$M~Ek99zb(b!0X9*3A|JkEd4}0yGzUV>P2O82Xfj_D8`3xFJ%oi z2NX_zTn#mG%<_{Te-9ZHaerI^fQb7}#C?@QvHEa_p8WWdjaqi{<6d>lcPlhr#QaZ) z`A&sm0%m`qin5N2>XbsQ{Nx88SQ<}$_<3@^0*x{aY{8TB-{FN~&-$4HFpfUgdCD3(q8f3-MJ!h2s^ zl@%6kRocC4z>{+sd{D8AFQvANN<-BeRo}gndUA5Ic|AGth2Gs)+mo|h63`}$e-}mK zUjv?;yVUvDJ1qQ@dU9I)bGmIX-UX`-Q9|5<5@Ln~hR+;=iOk?HaK-c-ldcgxIsI-S zz7^VPX%^=l@3*V7?PdkMBALE~WV%tI7}qSf<(H~4O27f_| z{(z&ZQfJyuAi1eOAdkK7oKR=mP6^xGcttYZhh(}?p%~X6=Tp{D{n6!ji#;IA7T~Uc zY=7Exm8Hvw9j8Tl3+Y5D4F_K{;B{*|!lG|1UTf9`3fNqNhV|DAhwe)@3-%HV#KR?{ zsUg-@0kq1_|1ruhn$K=N@S`GFHEk6*yF2?{aAy?x_!Z>iWmH%2XY1qR{!@sOUAza?Rfet{~TP;s((6(YVEGKDBP&KkzQ-$deH0}An7 zb^iT%SokMZh!+2x5`yur9tm+jN{G)&V7LX7AR&Uk(6~ZWyd`+aa!Wb--xAygnG}a( z3uJZMH*PwJ0+uc!J6@p}CtovV4ONtf@=y=n&2iLz=5agIs~hj2>&};R7*WCs zsncjR)>Le>0u4pNd=>lEM(u>z5AhYU0HVS83YTCNp7;uBc%c-!9O{8w$L+k=A(7Z2m*CrZZy?$P+cSK^d94CH#D4pAB;z#-#W)$SrmUd@`m${> zW?gqkxo_ij9Df1tuE9(;nIS{hcc`}nUe?R*#&y`lmkfIwY}5Av;+c4^27Ke_Lg6mc zT6W#v`!JOW<}*K8gVlS?W%kYB9xgKf8_4|osIK78*2nz)Ahccu5Df~gH?Rti(0U1; z`Ux$3SD(;&5DESQ6jKyhY_tWlv~laB{*YHwS6H%3Ddg33$ggOVOopss)De5}LrByK z3dMLY9!FV2McC(tBf=C|G3Tv2cl(C()~$^tz?jLFSg;m;`G_kD);tO$H4pt^=amZO z^gPS*`Jd5P%f4z+=no>3{~4Klymlt<2T`>FKr|?-&c!M`qG}yH^%GV2u0B!qFcSQ9 zC>Aytg;6!sq6%V&CUZT~mBT?K3O_Uqd2C(0hp-1LIBq|c74VAv@)0CcL7^BYQ=YPh z37-qrK{SiAwr<%R%Xb@a!(fbGrJc?7;?JHeUc-$pNB!wiCZ8%Y%cxlHj`yegyJ6Lk z=Z90nC_*5RLKl#v3$o+e#j#=;Y%MrsOvjCBJrR~47c<*Am+T8K@1OhQ^YxnhC%}pAK>?0B zORIzi4-DiBr6L-L{fq7EF%wY0ZY#7Yy*mMCqv7ylO=LPG`IQA9q@ztA zBp=#2kAVM(4Lxg-y*kf!F7hev_8OXj2hD*c@gfLtkk#?_xYJK))(-w2q%q47Lk`>L zrES-s*RV07YY=arcQqSdz-qSOo5q+Itv3kF^H$+t-k%-JlVnt8o}}#lVIDRlh|Y?VxXmQ>pTIU^~?p zU6jIjhDH~ivaV2ox!r23a&FIho?9Ag6MzbvSo7GTXF*mmw&=flVvA-%V~d_=U4@CW zP|s2w13;0=xCu&2dOi8RzWg9ruYHMZKR3(3DjU8JS|r<{Kr&IuKZXO%Bp(=LwpLi8 z;E9q(o_5v|iS+mohZL$X&MHKmmAMU~cg<*Wv~hUjkq!bu8}&8&`J*kscakMwqh4#wx3HxucCrMK7@e~5kYMulSB;Jlu)hRrvt3SKGSgqk>HxmU`! zAw!rf;=OpWc%j&{rb5;rQxj<*Qu#+n1ggh1W2gxJ*m~xc?Psrrc}0mn)&<1u;=AjRuM1o@(_Qu&3aVvV z?g_XV`P$3BI)eT~34qHfR~gKa_v ze|QX|v-#ywNOil!SrI-xL&7t=Mh;$>`5o@dQnOjJwyfU1?acVrZL7C!-x^=Nb?dtG zwr$w5nOBRG@{6FQ4X#(GunNz5H8$99y_$gu7G>fveiDaq9I6Z({q+sw{|((4F?8og zShx9~7`pRv>O~GSfA~Uow%Kz{_0XL)Y_GUJ#38stcj9BcXC3X(o$Zp?k8Vo316AAy z?eRUU$_k51S&fG7{1y=)SmJXV^(4G3(XNL{zkVJh8 zW8W{MvM*}bus^G_@At#SK5y7Ci+w`qPR6`?RN7Oh(mp7`;Xb1&sI=fO@CClHRIBdL zor_Ph4R|4RXA8VgG~gFOR`;-T;}tdk(@3Uc6^d~(9Ya||4fsnO&KP7#gXQdA8H5P$ z#esaTm}ap%(J#Zkg2-M#bY-JGPuOt9T{YNk#iOj{Vmf8-RZjPQ+P3q~B3g<@?$IGF zGp)VZfdK4poJZdX7L(jC#^#V=JPH>C?J8u=oUcF~v#E1K32A>T6`{E*F-aMQ-~lD} z#b>ZDo!hKqe(Gr(e>7(JA8Py0Om9YEUPJpG`PW%G1wuydY15~PZ?o5Il4BO;$g5&2;W zTijY+5Rt)O5UiTutbE&&t!nybm2F#=T#Keg5gxd=E!pmk|F)%bJILPb$7M+#9L?Nl z5`&{H0oE8<_@1?Ui63WAoT9bbs=Oto9wKd#(vFlEC~f}!+mKoVv}$xiDrz0h4JlrS zrVXi(KxutAcG-@UH&9v*UMkw(1`$uxckYoX+B|d>Vy{9mKA=;SHPrrA*pjM3O@Uid zpMVUCxUW(GAmV-r1=*Df#p=Tyx+Qg&jas%Pb&opcI~5u)V*VLo{(?d=0kglDb!-JOl=c!diubT4AyC@O@ItX?{Zs*%NadH2%Finl<5Yf*vWAYRMxvZ? zA~aHkWi$Lmfp#K6UO|Gqqn#l8&9A>h5-4rPDZ!JZ`S9L%lEey2CP@thN^64;Dt7S} zYP+a3^iPtce*K(m-jk5{Lho9)9Vo3s5-2T^!CM*4j9+QT+<87W@(6r6lfp<`#A#px^`ek@X+te zmaa5og~vNumbNT6{frx2L_5;Ci01l)y`&}yi}n;jwf899OKPvedtYtA3X9re7KMQK z;3U?GVc>&u!pRW7*A{bsr@&mk`1V@~Lsj+4D)YF1csO`KErf$-EXK2y2ES~ClUoc4 zj}Pl}s(TH4=@SxAK2nMezoC{=;}mEXaO;6i0=tK;r5+{V+*n@zzGbsXF3gl{*v9Nddlc#dr$DCcsp({5w@ z3YJ%*-u?v+^VLKre*z;(>l@}h={=_zR8Cqz>UWN@prvOct^O=us)PSDr>{ zuyychY_G*p!WO&FLN-O)1?J-A3v=R3=!r@S`kPJ*n%l=H+UZ3BbM_+{wj0 z@CNpQH>t+pkJr}+_CvsuIj1#jNi4)FJR<4{cxs6#m^nHv34B-I-0Igz@I#@PqTFJG zE|{f)+zQUh_m$b!gnw4qzVa&9!nSc5JaF$Tvpv|bePw^ASoyZ{c4Waa_?)$^jNfKY z1gF?3Bn#{#ZT30kDtlG8ODuYy+H`8J&P*24sdTQCP4vb4vOVeKo@8ITW}E@HeWuOZ znuJ_2J6ClkxM6qNleA8_AhD3IrSS}PX6{a!$#0-*Lo-c+5A4P1_AHJf5qT^&=*mkUW~>6wtfIumYt&J`gv3dqq;h?@dooQuWU-db~YbSV#UQfeDV zR1Y@uq*L%`8SRgQs*{uD0>nQlb@J*qS0|cJ`e4>r+gu$7rw~ivtW&I2r@JEa)0Ngc(kzwPbL>Z`wVm@^Zoq*t_bxV$(}%{7JAZ&Gv-d{x8U@QuP5;W)`N+K zG=_fZgwQT&Am7O9!I?y#_2=m7wDhG}pc>q>T`roLMps9t(%t1=sBiLMqL2fsK@QM$ z{qSTwUdWwBM72tFayADv>ZCh1Ay=(Bx?Jjsuc%dz5?^#OTLLs_sxMstYGX5#rCN0g zqq3xi*{(OPDvTQRxawq9ujKpU3s>RlRBS)=vtkCw(+7BJ)k%Gz-ph&JG*CMQe~(P( zYSkHqbTVH^f!Q&nCfJ>={DbKKdO#|>sPCj zQsw@EPOJL?QRx8;vUDMr=)(%9&=cy|$a?$HKrvlT?Z^JxmrtZ1 z(DgD`dmqC%&fHwaruUfNsLm4aq_!ePfOn>G1uCv3aD}F^Xd)!HPle>kLm}C8I3(-l zK=RmpNX}mX$!&`uIpTOo1{Oo|ZXA*#T*7H!9AE?EY8n`^j@$qZJY#6!%94TeRs$`= zbdhG$*%U!1bq)8%q9RQgg;66$z#kd-Ct-|-2EiZi(I0ch(;qY8pM-G^`(r)*aT)t# zfc}_sFv|x2B#bTWk9G9NVH4=hWcVjxe18i4@lE(AVGJBXfAqjV3FATb$Cv4k{@L^< z3I8OFljqSNZSYURxPkp~HT`iV5Ca;z7yd~Yt6S)gf1VwS)k7*Qla zCjsFPJfN2#^9}w$vno-pjzykv@?`GH+>v=O^R>)(Gyj@-Ci7(GmCQ?-H#5J^yqoz? zV;sbMGe%=_2qx1pnTN^In6zTD7?YDRS&7L8Ox9!aK1{Y^lEkD7lL1WnG1-gBWtd!r z$(5K~he-{S&tY;KCih};4S21}TleaK=50k%OGI1m% z<1slLlUbN7#AH4u?U*dVWECc-V6q95voN_3lk+j@#UzDE36o1O`4A?5gUKf_`8!N* z#N>KR?!e^pn0ytJuVC^WOumW9k1+WmCNE<06HMN~HxRCeNcJz`+~5FAU! zt@tMnB;yuLK7+~oVc5`kGA_Vh+cEi@V<7neCikOcxfhc*7*PfeHRC>%J72=&PJDqQ z&Nu@Px30y6ZUx5shmC%?O4%?lp-?^)z2_|yO~1ipI%b}NNhdPkB24JeES;03c@9l& zZbQL!GbH8ecpRCuHG@(+b5|wvU?ub2O6HkL=9Nn3%}VCo3JuB%4af=&#tIF@3Jt;v z4ZsQwz6uSz3Jtmn4Y&#owh9fj3JtOf4X_Fgt_lsT3Jt0X4X6qYrV0(D3JszP4WJ4Q zo(c_|3JsbH4VVfImI@7&3JsD94Uh^AjtUKo3Jr=14TuU2h6)XY3Jrn^4S))D{t9*c z3U&Glb@&Q(_6l|M3UzY$7EpB`b?ypv?0wX!;W_l>ebkxvQAY+`(BJk^2d+@(-A5g_ zLY=lk9kxQ9bsu%q3UyK_J9Wf}3U$tX)G;g6Dfdx_1PVYu+(#X8A9cbCb-)UBzJ1j3 zD%9!rQHQHgXWK^|twNm)YKDGPq0Y6BI#z``RfRfK#lX%~p^j9cPPC6YP{qK`Q!%jP zRLYsdv8&vX`78+WdqIdl0z&);AjE$RLj1MNe`ek$37&b6iSLOh4@rCZ$MdJHc_>08%pYRun@1~LPi^TU-{6*q>HvS^o+Z9p@fV5jjrfbiH~k{< zT|^m9;+uYv_&yY6IEioiMdG_3r8$Z3V^KDf_@-YZzR$&HB);hviSNDmjKud`OMIV$ zzes$47k`oXK5_#5BJsT!MS9O#`EA(8$Alm=ss7m4|Y@EM8uU!$E!V*Uh_`bQlF$s9~>#N;MSNc87W{?9lXl0z_g1C!ri zLh9h0dGL$W0sTVr%D5X7QU~c zjKSpNm|Ts?cQAPrlZ%@n>B6Lj$vq@&`2r?qSB0n2-X-)lLHsvloPbm(B_SFyP2FI&#Gc@ihMA8| z@tjX^5>8KHV%*=I@3ZF4^l+x@p_O~QP~&*>t5j&ZP(Q3p6-u}ic8I$!{stBVVZkK{ zm)XFSx>lW#gkX7W3JWWJW7qKKp8|Bo?Wc_xv2k?qW3}^O1z{jjfVBudcf=1jXU4;N z+nypUIGB&E)xgYXc0$bP1R=*32;p?V^0noGzHAZ}Ct|QN1HT~tJev!{o>G7M#MrzY z`D`lLu{)V_x8C-U@)dgkq`KQYe<}eZ(#51Ux&0fS&Fq zA)VRB!aJ8mk@%U=bql!qWsb*rFc9NC>C`+77l2{Etff5&9AFKnj5@M(W5_biux?0W z=&%U*PL$$HBEb2D0q8}g1g?7qgZ;2N*voZ+Jv;)~RRLfDFz(6VS|jd#mG%Tf{){^0 z8+1WFA_C;&y^#BQn)WII93+&ND26kC6 zXIH3$U8W0cY{ft@=To}z3-0_Ogc~BHZdHeSlPA)YF1W`=fUCyakTE;%bY&}QG-TCcMKuo@*!EyuJ5L?# z(YnAMH)LQtg2A4w4tAw3u!|yqRU5UT(}DM?!`-S2?(q@es*TzZ3wb~tY`-qBiz9%Q zEKtB9okTIX=U%0b?n+(g;t|jt=d~k@!H~t5a(O&7KnUD!&&e0xM4+e5mrwd%r_ z4#xIlb!^Y-!nQ;gwq3#4-d4xu+c)DOs}}pFEdsVyuPh-+8BY{? zg1NU)9pQXk2-_ndT;fHThtu-e6z+QlLtLc}@f2MUJ0d__?1flN#f`xbxp|>Fyz_Oz zTNVMHq>q{$90+D$Ngd%Ox)7ca0ile6+5EunkV(`h)ZzV|E_ll$z>_eL_0Rb3WH1B2 zsE+U-bs=040pSVW5eRNKMcDMC-M{pu$xJZNZ>t0S7hOPCMgY3V3)Dyy`h&s!R2|&& zy1<^zhs>PT&IRd;6 zFaJzMk&I^&*${29NFC;}x?r9X0j5OQFn^)lZE+lo@g*TkG;7s?uGR(gv;>fm>94*Ym`^$YLx>F>MC)|R;UaAhZtPAYw2w>MpMkaxU_!a1= zj7MbR$-XQo%s4&|MtzMs>Z^63K0N~JWnR>~(tBbK%)vPCQpb6RE}Uy3;B52aOr>{c zlNgi)d?bTGKBf-xJGwxwjQ~<<(#OM?-Q#O32K~^n>&lwTGNe+|_wkPAoLJ0F()bSm!3*VU$@JS4FIu`+J z`oTl*Om%?kbOGED0pQtQ30fS;rdlDOL!6ngaqu(Gf#X2DIFL?4a40y|4>~hs6|!3$ zey1+@XGMT7v4!Bc3m8GWAus{i1{CronAaav2fL>+uq;dkKOnt10^ZXk>=yAtz!Zqe zfzX3N|ARW{PiX|*8v*p{P|$_+C1nWNK#^mDVSia2_T3s`UlIZK+ECaStRqf-E%Bbd z{9rKh@2eyKu14e!L_oei6!~B_p3P+;C{!s8?hm2Zf3A-G6^+;*iGW=);el8;ae(OH zv_rrJGySjXz~9vf{Lu)&B}{jO{&Glk9PBXli>EIQ#(vm(WgF}e$l8DnCW!T?BVa$t z+uvT_()g0#{@kOEF{uyZ#(&odF~mjUZ`C30)d=zR2oNQf80*0ppv$`17nY_H*^o_+ zPpgBzP9Nw^Cu{AyAsYert7E)ZBgWZUF}4Sf&&Sm<{y-zf<|r69dF8Kb-ozp&+L1k> zOOx6Srok`OY4Dmx8vJ7v8f@^=Kw@dR=@5*6M;wG4(6zAU~!N-{L?_Hn{a{GY`GQ{31sDsRF z1UaaelOgtARUPEM{S8ubT)?w~Y)d4CZMe^?ga52X@Q>={aEP({O?8kDYXtdGy&yx3 z-Jhs~{J#e-$Pi=q59%O)rxE0pQ8>BL&w9v#^G0L~V)9wa_R|E&s>^(tmEm}F*9%AtBRtH%;a6yI`yq{DD z`EiXPZ;!&sv+5ST3Z~MX>IC?LMgqJQg#f;iw>`w-|5tU8-_i*39=#w#EdH0&LB4R{ zf($Ww|5F|0A2ou!S1%_+jNa)Rm93#EkX4s8q#0z0(Ysh3XF)AurUkb@dQKBcuscZ8U}aGm*xVs|2Q zC|;6xINZH{B>X=c{&(EN&TsSi`vVtbi0ONeI>>+02=ZCIoD4C2zo!oJ(ftk5_gtj! zssocv3I_12>SXwtMl#ITDw;Y%4B)@0gM3FL$XE4t=nw;V*4fIUX$EA~Wj1LB8Dao0 zQ3n~<2=X-tC)3pl)@@*P%ld?DF4H@Z-)O$wJU0g>cOdWGSBWt Os%_3J%rup|TmBy(vl}P? literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/.doctrees/ssi-introduction.doctree b/ia-terms-updates/en/.doctrees/ssi-introduction.doctree new file mode 100644 index 0000000000000000000000000000000000000000..01e5c1ee06783f081528fed288eaef794630a452 GIT binary patch literal 41950 zcmeHQ3y>T~d6q5TNq3fH$rdtx2#+mn$!E>(=^he3+t`QhWSt%-p*ue?v6s2sxtm$- z?yP5K?{vIkAcS?8f(k4Ul0XUw!AYD4NvJ$Xpo&T$33*h2q>>bs2Z1CM0a8#!<(+*0 zKhra_yEAihyCVt*yR5$1nVy;czW)Ee|Ngss`l*3;ef~pR_&?_wtFGy_OF5-fsu?BK zYB}3WMzK*Ug`jS)o2sRnt7@y^Y_pXWx}&8HYx}gV&QQUp3BLvfJGbGil_#)9 z&HGa*smppzw{@dt#fF;W$QL5G-{!|KKo#Ae=aAzcFBCL zgnF2ok~F(o86K7->E0zX|I%SW-&R}=-!;IO-K%>X@0Uv+AdG=E?Rrq9-2n1$!oU6a zcMJaA3aSQ|4YR6HS?Ogh?SS^;hIYF)svXo0X?LC;!~+gDA|Bvexn#B!@ff;gBy`JG z?G9}#P~YXs6_CB0kQFtxcv04iM(wqdUR739V9e$6_@94S`B|e-)Xic=Ev%TTS}X7k zRmHrRvsPD#h^aNbWNTB>*rd$(KRu+ zMVS}p+HU00)?!a2d1e%ODy&98-gKoR*_tY;my~L~qFPLz0()B`@@!4F0_w=(N@zr+ zs;bm%$u^`VW=s~0sl%Qi?{Vg{eQ?Vs>K*BbLSq{#W!Hv?8gd40#avN?mKzrKI5;bu zo12kO%+65LVb`sxeBP+5HNBLpsdnC~t7x*^6Y{bO;eoIiHTg(kR31N?bL~Gh(8BOJ z+YG%#IZ-07-3XuZn-DaqZ1Ilv_)@ZSA3$UCLIIJK5Us}teXH^c58H79ci_VLLRGaD zSW9KIKpEwM1+~b?Cvr#HEsnDnh>HYSHtWz@_a!0t{`CW9-7iE?VcIV__iv7b?g9xm zZir>0(8k6Iza|T_HTW0n{c>`&gOeM5PC`NhhYYU@G2`bt5acTOxjb3vpP!>G!OxAc z{Ak3_nFr41v0wY8kG0!>&kR&zR(K}S=YhsUNgDt3NZhXu*QxEMHZnCk`iM5VH_ zQtdlC z64{_<_$@)dibD?*Z0z408#1h9e{3X~Ss@z}$!t&|vSWiDCfInC>W80Xn@8AGNPH#7o%! z@N=~B(r#D#<|VMKFOKEqp-6e@(~@-Bk!!o;By2_et3DU)Hsrp3kx5si2>6OaI z`n4c?92=2{*k1j@hJ@7RJjI?p$=kTS2i_*qQ zUz*}RPVjOtmX|mw>C=83>#`nEQWCZu{`C+e?Uti2AA|}d*f_LlHpct&L5}6dQ|Qb% zYG1^JqS&D88TlYoAi>6+n`UF8Up6LEuraX#8+1K0HYR*FMq=5Bvmkx<<&NdLdvm^h z2w9N!{+yp9q%WO4x;`yPxKDRiEH7~uq|aW=G4w!qY|{^&`Z^KfB)Jzu&&W_pf?mww zST>f)^O&8RnO+E#L~WRIMZJ{6U!$(zPrjnAC>7Zqo3Qh<^ZCU`7xVWc;(H(d(Xi?5 zcvSF!m8N)R4nz|$_ zl@*E@YE`R)gstVZaHP=t84xfh25T&5kywBPBKLeO2`-B<1SAZRh1*;HPw$<|Vg%d%YuE4r9mU0*b&Z`Z%q~kZNwO(?E zUgR~Ug5mqTVqz+fjW|3&%9v^(W6Vy)teT=KFPoU{vSyeUJHQXInU)oEIaJeaCj%lb z2qH2pji6*amXaSJO3q<`b8cqh;p1}wCvj1X33*jD^<`aIs;F`ivjK=CV#~4`3UNV0 zp-0A}hC+wkXHKjZ^$;EHX9GUY2tG0?iC|(PmWd~biG>;Y)FZvya7(SwIL)dGA+m}U z!y-|E>6VX-c1XscRiXf~SGi(9pxO zTPzG?qfx>zB!r-@M)p)(L6;vs9#n6vjD8m>vMaR}m1lnBSI2UrxlUEy9ln9`hk!?23-J3P!QP4?(BB=4{vJYqYWl+20CBf9 zW$zPmTUN}fjMGb4Fy}Sj3sqU83#4GZj7DfOKC82=J$k zbjv4C@anUOg17r(dE-z4*R;H_IKBALf;_#jFneKf?%aF|$#$)9NySv&q9J>R80~Ds zB2HD48{GWpSf@eW7o9aE_VGCa@=giqiB*F12@QOoEf?SWZ?0>78C&oF!d{ zip$5(%+1a(%EVP_b?0!H3mbFjXfiXYxxA!U@HLAS9bS!0Z01MDJN15l_idpYLbPp| zG2m}Oh|vaCU{l2wguX16P=g3Pt*%Sc0S6%p)m62E3N>@+l$%fm?#S0oeN`#0b4MM+ z`Utby>v?e?BRC?52t5!wmRCDRE3WCt9pa8INuir@DPZd{pRMdmC`daVOWK1(+KjrY z7ggyvEgFertPb^KzWh1z>;sqhK3?O{;cV=1FUjt;U;xWIFNyO34ZiKcouZ;ryjCEb ziADHELgc1^LgDMX0C7cqoRL8+pe9pnu8 zcZOu7?PNfU6(JoP)6!>g1*x;Kq^d;f*>f|YP*C(VTbc>%P5K=h9h;CxC-bya3(Jlg z7@H_`cy|Q^&T4v5DPTOLd)Dt&RihM+35nkUTmE3i1$UAJc1pEU6hCx6BvMy-zXN_$Ax)RJSc0hsW0}IbA*t}l_;GpR zLWc;gjdMR{@j@P#I$Nu4YvV=P!kVwZqJ&NbIByK&?0BLm+{xI&aWnwyJC4g3unP=E zw>Qx46io!N;Gp{wbY3dk5QE@oS&P?AD^3*&v9T+ zKJNLI3s}*DaBk5J*ae(W2wYckUNBlW5CFkKmZGl843L*@b`4YA5oBs-kk-uvZwXPu zcjWo88{82P=lkO+%P1H+70b{K#E@m_GOU(qlp4IWh1Q==wHtUbT|+eT&H%;$^is>& z+j+B0i&w>q=YtnJ59c+kHOrd~xb!Gc3rJUf8ZCKWYw$$9Z27JtpS!yVF`H{2mT!owZXdBs#P6jF5=*po7| zSgKV%w{^>wsMT76I&f1yi#*!C@+ta*#je`H@`H4UC9{lX2#c1L6;r8ep+Z0U>=j$K zq$xMnxnX$5qLpfjR8!Zmcr6&eq4jM(U^L~@bg_u_h0#H+}X_EP_*P ztg}UEVioJ-XtA8u)J=(V9_Abm!3D8$!~93WN*XN2=C>l3H!S6^$g}t@B^5!GDq0xAxu)qwO;U;o z8S!1~C@e=l>DiVV+djZ>0+eziReqcl*Vo_eA+2sK zm7l;xu@3Rk)1Lm41VN~my)jfQC$-nGUL692Wv8sKb!eSJ0u4ND?FLp~s%DKs=s9VTlm-8r7t(=AmKPwuDS-#X5{P6)SKsJS`z*Q)vd9bU|HdRQS%EG*^?BVaAc! zmeks+j^WE131Y=qK|u|kx+CEuC;))<;`jtc@EW)Il4*rFv~XR>E?!)3ELHTPq?FKP zq0MktPvbo9rbbk$ks8X7el%v@GILkj0UxlSG-uW768Dc7`P>%)}R7$gd8gtM7dHi);!ODPyf&H@jbn1eAl$$gAaf8QpG4Q z=r>?iWN8j#Yw#bZBsk9Gd$Atjt0=G#xZrz`!K@wV^ODhk)sPTAg=>1xuq-{y(|fue zW2*cy4e6v&p-*NUjC>kd0SZTlbdKx~ox&8(SF>e-4KU%^susP>d)gFgrv!(w)KDsJ zso@i&R9hiwcF;S;P7!87VIqo{VW6?t`@|n{F8Y9=A3?fU8VeS<}vbc8=lZL>XIy=Gj+o9i!{vPBIZ}2nnDX2y zuP>5c-?T{Xg-CvNvm&YbUta2p)egEXWy`rjrpRpheRy^dvY-azy(!-Ip02w@__EUh z{T6yq9L&JrmRfP+dx4+gIcw4(HMf!@-#}6kcNV=iz2<-B@J_fY95BGgxV%tp@DzkR z432bAmy5y@275m2=g|48*QpG}4_%)sH@paM!}G5&>jGV*N(F8cV$6z^VpjZ^19o@MSd-jBvgmq5G14%~hLiIrl;K;-u)Fb0FK4 zXr2N3_~Z|IVJ^%|#ab#ve-RdFXIjuKk%_RvJlENw& zsX+gPmNXeWWPvD0Ri(MZx>cp;sx?{+z?wr*#}%57!l1>R6w)*?4>(*vL}JiETg9jw z$Mhwv7rfY(7xJ-;Fb!g%4FnLWZ_}uW9vAg!-H{E1M=%kD6qmzFCgu^s$RI04BI$HM zF|^vN2^aEQ$3)FAbl9dU`l7hIeKIGFZgAaER7OO3Z4rUtQeyQV*l|0BY{yLW$`K7? zaW1*NvUNcT_hvC>LA_N3yEqn0A0$NA3o?V+_7L0aUQmpCRn(a`5hGHnhyb9o3vRfB z1zNbkG)zHJEz!dYIN+F6sC+K5sAs&hXkuUnVK$RG!Y)O#%jo@KHdfKCQ$!c2nBG7l z@fCV9Tj(keG!gL-S?cV1RS%qpq3Al|W3aY_1i@2_Eg3N1ki z@<2HKu~%wLXrv1RGj8yZI?CwZ5=AtM6pqZ{8Jrsdbt)C(p+2}}QzsW(sx%G8lPZiD znfQ<-w2x@;nu7BCLn`leN!vSFzwn&001^Fx30Orj!a4{djoM1MpM8A{KH^C15i{_YboAQBj2ojI0;|kD~~b0R6WZ)XKk0W zfBk;5+!3PsO7Oy>TAsp@Xo;O2VQPe2ZWrxbP;aloO&di7JYjsCYXHLdun(MU&V!&6{ALL2r*Q7N=ycPGn1)xVjm zKDiP-?RX>Cx3=fe9jLiLL7sP|0yc@F%_$PT$XR|p6PsKIUcfh^jd*k~E7J3>T(m0} zp2Si9Fqn=|o?AyoHlR;v(*DGJfgt=G3qo?0dTR9%u6;B*-~N7dxBYH9(Xcty!RK4c zA7b*7d2Umkc>k@u4bLiXrw4XL*~pW-E5)nYqil3n5FZKNe8_n*I#6*RY>;XCAkSbd zpFlT66#+r_Ex{$8?IUIB#r`_6l?-w zxx2g!*aqhGwoY$xhD9E=gr5ymlXiu(3u|O(kC=kDJ45G7MZ`iGQp6EI646Ue`5~*MewuK)EL(nj1 zwT>TGyYIvxX6+(=4tqZvW(B`?+D5TJ+s@EcynBFp{Oc{}+GWGAF)Kt3T|9k-vyF z+794BklvkZgy-(`a=PEWr!AEB(Q0PA2ayp9GogCufhE-V)!2Q={|O1*LmCFbsjWZ` zDfnZz&h9?w?5eBvz=RN<9dw3f7#2u3oEM7K5IAk+>g$M))p(Ib%XtCiSvIHfb zPTvL=+^wRXc6M9qm^^%`Knubv_{ZBkQQ*YcVPSc*?aptpK-6{oo2R>21x$TW5XU2G z_xsUrSKYueQ%L(9HR`RWd7~|!@9vp_ry)Q_k>b9AUAUGk1$LC`$j7_y;ALn9s7SN{ z)x{RX2J_BJ(BO3xK~q&5FL?nz@uFNTP$;!hz@}hiYEizXvxlBcRZgDD=au4Y+nfJFGp1os8BrO?$icChh&&I~vZl zZF${&x@b=?+FMFH(YC{q_L$SY?~k??xyg+7_U_ZP)Z_gPD*Cc`hcieji=D%~rt0w) zH&%+}Y@;mhl|$OI+RtjgrTx108SQtqFKBl$0p3DS48TH&F6=O5R4vTPgVoN`8!zXDInF zB_E^YS19=uC7-0^Pbv8$O1?O16@pv4xV|l$>cVf z*d~+OWI~%vW|N6*GKozluvsSZo^EJ25M4j3eF#eOQ7FkLpd_D#lKdr<Tv@dv3lG=N30&>bj0fM03ESR*#R-5v#|i=!n(hPw9x&hV=NV)ghA9kF_BC3$1@*iA>Q z9{cHt)nkN?SUrx>5v#`x9kF`6oQ_yMo}eREkBfA~>T!vVSUuiMN30(2pd(g~pQ0mH zk7wzK)#Eqmh}GlMbj0fMc{*bC_&Yjc_4qm+v3mRm9kF_BBQ0R{*h@#O9=H1Hk)tD4 z59+nBdT{@x;p_~ziex#RotW6q`} z&pp)k#3AukzUkVw=fjOPZStF6(D^Ly3OW$*&WiYA62|;m&ecUsn04Dbc<0-Wd*|N? zbZ>55fSZ9H6&x0C|2Fr9zLOR{O^eiaxkK3EwBMP~2HfGJwrM-=DfIZ&X;8L+p*^&^ z%UB71nbz3(ee5;3%^QWnc?e@)*+$l+Nr=vX*QvO|xr&S@9FDp96X(#K^7>)yZBkF# z1re7YO^@wuo5fak zaEFgfJ0y1Zd|?mxrXun2#$(})#gf7Pe0s3YWCiwy9>6}30Jdwduw=-;mmcz`vVweL z50LNbhRl0|C8PV>^yt2r6}p>xK$j%FqVs_5x01pBdwQ_n$qMYvmkBI(c1Z?%-C$~) zyBk?IWpm@~(*DZ>mUiMw1}morJCYUH7hN{68;J3P>A}uq1@@N926i&JW|j0{pU4WV zblJcjO$Pg#^k6S#1@_j<1Qr`tC4+reda&=v3hZq?fW5c7VdYPHz>n~^mf-!UlHvYR zdbrPK1^2*Zgu8)}`h)avKb;j^+D3k}ZvRVC)b0ja`w!`%{#{m3Z|?zW3LlELze*P4 z|4t9~Ke7UQM-O1rXf5vnl??a#ZK=Jey~vu07j>`)xasP41D!pR9&9cvu!k-i*zx3= zJ)Iux$*jQMdD*~DB!gAcgI&rB>_`t_(`oI7-GLuW5BIfM!M&>oxaqWZ0}uJV>A}7` zE3k)q02>jY;O#z=CHGg;qx5t|Y!{QU-IN~N3z0Pwhv!IE*sNr1lj*UIWrc052Wxo&Wnb;;WfB?G)AJ;0l@0(egk03+-SZ$+^|u;%Xc@Q!8$@7^BZO?20vXeiw6 zh>~k@AwA6VS;4%o2bfWj3rrKzWOtT(u;)-R+-iEb<*eYovuK9C;V`?CV~Ko8)e;!iBJ?Ry3#gZ+4Vu)mQN*y$d?9*;0Y z3^w%r!SEhI$*BK4J?hV8h5BVZpq}hT-LVHxGR|+N$N4W=;XK|0&arNs?#?^z4m-&p zhlW%8LW9Vfi7zzM1IP%U-QPhc8R3ES2&JqL&h~&X!rancH_71cOAl@;D{v>W0Y@9t zB!hb-J-EfJz&+RlxQO|)-X1l{_?}FUua*_QlRe;z=!ft$5NutO4DhY#0XDM&IM)Nf zGu;-Hwx`*6vzcW0A5IVdgIU2p)dTzpU#N5A7}}&J8SE$1gZ=IPz`BbnX|bK!Iz1oY zRh_H-#R9xy?rMC<3?Hw@a!F%_mIB_KxGm11dHiR$ez>JL!zEgV%4;oJ^R(YgV=4E4 DAq+pn literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/.doctrees/standards.doctree b/ia-terms-updates/en/.doctrees/standards.doctree new file mode 100644 index 0000000000000000000000000000000000000000..7c0ea5f0a0957717295fb909b55f383186c6cab1 GIT binary patch literal 66561 zcmdsg378yLeWz_{B+XcoB_9G`xGZ5EwyJwhjVxp1@ytjX9iy>kY+)O_RnuKFRi&Qp zc2)O`2JB#Sn0BZSe}N_mSzrNknV1y>K6VM4g#-v>VRu;)l8`JPiL>TNvVkw`!X_lk z{{FA3UR8D1)jie5i9hR2^}GMS|MBkk9_x9>hKnw~i2gG#Gb)N&I-ijWg;Kd78x3<) zp`5QR$)#%J?TvkpHy&;5HG6ew#VFVGyxcG^LX5nk77MyuYCMR*trWki7LAOZ!Nz=f z$(LT~F|V`z)V{M1WHOlt&*u7`d+eR~_paw2dv`;gNa$5dnNS zbVyLDOU1rEK@eUsuV?S*bKqNtP;aUp7HoxXH|<{*cpzaAs3|W2RLa!=|62UJ9{+B@ zzZ(J7hJ~`eBvDJNpAKeS*Pq) z)`99i!x};WU~05{W7wXCX^F=wgsLOIG#}X__ z`nim;yhuPCT2TvC<&ZEq!qMnqX}x&dxz@ZbC_^z@Clvu$pGyrSj@7GSUNSh+FxS;| zwPD_zoHEKxDizd%WJ$Go@y!k8A%jpo2?k8r$o2&>Lb*SX3ru)}xlk*)HILb=0_!UVnsij2`*2sXki)t0BEmw-LIuQN2TD7VQi$zs{^;xQ@0u-YvmtY_S zwIn=TlZ~n*IMzpc4a|lt80At~C`gEam<3rkDAkfIl*%RiBUM(HRmT+E*S!+Bd3i&S zc`+|Oz(1-|2 zvQ(-H)v_?p5EC85~arKz2=6hq%X>D%MA-V4$N|= zrY6M0lM~c*R4c}zY_?pHOKKrglB-#xBBRN&Jj4YV!UJI`m&Acwzc_RtW7&UdpdG_! zZY-+>iisN8?S|KjHz8`A2)(eggjhqjS!<@0X$r8F7t82yNKocg{a7;Whg#HKXX#8s+4u~_hcj2pQ#iUntKH6b^U8FaBqW_7gC1~r_%1t~Dv_QlQDzPrFKZKx zq0GSA&_D*UXbg!1k!VmJykS_Y;!tJ|8aK3uh6pRUHZ-EltRox4(P&U5(nEtXbI=gl zMq`bdGMqqDhNCqFXr!nql$nFZjcubbvR2s`iPe;0aU@DpfCh!THg=6o@CZj^XWM8T zSSuRMjW4&7+=>p12V&5m@YK+78{A!OqA{{oyMYX1Wn(19ZcrYnp+T8Bn)32cG#>PI z&+Haf9LcP?Rbg2)A+m#a&KyfRBKlhv9>Zy8t*ZD?8FP9ioizPcwH#b->HwEDT2!h) zbMJ#w&Gm+G@%BG>3?D9jySipvT+6yU6qkDf>>OP7h2jz>C2O=Fqb=4WNJ_l6gNJ(%@mr2H^+BjY4jMPNjmFU0 z`XHm3p#(ZJ1nxUiL_ug!cuIW`s*r=mEp4MQyjC=Z6QD61g9e4ChQ=^QV}B?bVHRY~ zW4X~x>u8SK2ag5ukLP#{kG?dI=+lP$`NQc<*)DyrGZ>FnIA=CZHE z1n}+nN2{ne4UL^TmN}8j4E7ITFgY@s=^x1S_m2+I-^uACP0;knSobnK8pAzY6?wqv zaCDO!WhFJ`e+lciboY(bY6sv`M|TG^0A z4XZZdiaak$#YLJiRF;e;5Y}lc-kC!CrwhQ81Hjq~cF64yC3o5)cg~f9#HE&LQq-ll zT0V#M48JOXwyKBQ_D`48$+k%iEYu-$Ae2m-tCJm&>E|leDD>3|Eg`g$D*H*LpDw9u z<*KJ(hupzXa*tbFJ-%jg&&jK;be{9mNk3gW?`oT+et@Y&hrppw0%?l@wA5p~5{s?B zI77t_kZMiG9uVJh7(~@;r|h3DnMc=1rdzH<>~JWt5)sR6wK#VAu*=g$SeM#-25Z7u zxh57={D!qw3)a$$xFQv?nxB<)?Chyx9v(!B*m)rGwKj1<$L5!nvVN|K_+DnFMM+=q zaN6hT0&&^_BE{M`kc@aCQ9jYMGWcqO37g3n7MEpRT~MX@qAcdI zL4bfF#0;Y*VeOHvjt&e3t&a9tc@8hz{3npm-A zW2Q~fU^~Q0X!K#_4JH(W{Xs&}>j*`~gM-i0h2n5qA`xB#hx~()>UxiJ}$YjW8k<#9XfCI(&<|YXFV57;Kh5# zT^5JRny05`iy4z)aXFvuAI>%jc&{bk2=wyS>lr|7r$sx&9`X{~V((^2!)IvsqAi<~ z=kwSe=LnW#_cIISS_w6Q@MgVoB+7^`l@?{TIV8J0nCZ_ntMxW-0*db;J}At^fKL;4 zRt*P%+aeLTjSx6CcKW1Cb*qJCy;8`pCh1EeHfc)5ATeG~!5-?I-!4T14zS6KaHx1i zBo$Lc#p%Q2!mY!@x4M*s3QzMe!xG*?rCe!}*-iRFUZhMtbdet`2!1YYw>h+RQm8}a z?OrNBC?YCJPJ&H57J(XpxcMgyGzQBfBa5qptqI_p5tPCbmBvD<21En<_5SkcS0 zpG4$_Bh0LBb=nf-DXHEDr8UF_fNv>jl~J}AY>icPaC@Z}w-&p^rV<#p#o4*BxqD{C zvDw+l({od&rV~iFWt9sucK+teqHUPb_SOu-Rn}P}ob4ZMHqbkQqk2R?JcbM4F-L+z z6(M>39JKC?L~DZUhIsFwNXAU;kDRFV*|YxPAY-=8!oo3n{oXmrpfHzyn~;~)yey2V#~zflavi$kG~;cttXlLzq6@N3wL<3n!OqSkK5c_4;y{Y%8gGDTg(b)}6xZ zm&yh29Fp_fMT;+hbfYp3Do4Gjv~=m16`Glt_8cxqSeXOa6Fy`x#b{J@9DYF$xfv)R zR45gKFd~1CSgp5zyBNuiM0K}X4q8)@XyFKwkUKLpF3z5A5~YL4RW$#H~52MgK)?3pcNiR-QON+WxQ9L=C zeP`{HV`p<#n~sQlO~?~bdm|A@t76;Djdl|Ih#U5=X>|(iaYF)6QQDGgu4l)rwWlb} z1?A&J`V;iMLwh~`n42&-1On5oSvF7^T~z-A#Y?9mm;M?NNM2l}@Q%OVM{| z=UG(k5&ZEpOMBeoWj=mXF3ijN;(p{=4Q&y{N)dWYZ(x-CInw_PN_IiJ{t}3*s{mhyul8$j zXn8XlCO^2F0mB!OE-sY~?(edwvFMaelnZp$xGEQ_`-M5k?R}C_D@gl=#eoE|v@R4**MhLX9)v+IQQ< zz1u>)`7B=w3zX?g*K?WfWna=RjEnUFl+m78 zUk3086M)}OwcnwMF;UG;!~vS@#EloV3ayD0D~d!{yr8q8o^L1{aKlP%fj-TPGq~FU z{X4zdIDQ#%_!g^>y)lKf2t)VPjPJtkgsV->S z{A#uc-;UI58`xJs;;5oM$Vx0~fSUQF+8mm^XJSe?!!{iWqA=#!b|j$V?hYA*!_KxN zZv8t-%VqsZRIoi+$4wO46YV07Tvh@snJCZG2U7>vliKB}4$kx*=YOHJ-woN|8x*%)opLlmr80eWymzU)wbm^%F zKIHVkvEj$*nfyY^=Cb`&0MwprUjYt$rCknmTehz_>xG>*t^|ts|3bZO5#QFFz$58D zq-Z^6Ym_Lda|He;l=y=7kYC{c2EH8${FQ+F`$!yBv`65dXHjDX{(zTyf$*Z8I|BCX z2-My7g--CR$hgdQnw*Q>mY#OS?keEWhg5Ch&~351^bod}96CEVFmUTxrq6qoi_9Js zmnoh1bopYYYs`%_!GfDV*v)v@?N(aEe3Q8aTX=30Xde${k4x!Twj#DvZJ4e$B;xr1 z@Bl0#gT=kmrl~ybPK5J0U}w4s>2Xnxlh`*vH8=56nX+J}3v=w{(xQi^<~Z9u9-PZ} zqu@B>a>}CNIHSQoJjImM0t*S>U_pqq3N-5J^Pl<-VvuKBQVj)hz=IMgLRI+Bs zbQu*mW6-5jQ@G*{6U#EXJrCDZU8cJeg%h+YXzUd38lMpcFx%s>k!FC*o9 z@C#HL7l!iyAx;?lD8B?K*V;unnvH9p-Ema@z`y}p<+VZ7(LYHPI>Y4Cb?pu$^y)eC zkNxJ{)?qIU z@q{ez7jQ4?Q4ELmDlSA7=CEPVz@2Ak%FER zEW!=TmJJbx#Y!AtSXikchJ}YYhJ|@>mR^Sf<5+4NmX{)GbDuDM!$Q?-F)SA4(Q@Gz zJlsmC{bO>$`zebWYgj7Bi>oCVfFl`Z7sfNfw7jw;mC%Qnpe_P47Ah|G#Lbm-&E*uC z6x`y7TSMWCX|bgW4OFSOKy+e^dTL4-=+6v{4j&xN!rSsaRx8r2E!ldT(L~d2*%4y$j7sKhLlTS9%@cp}h$!agfqe zsbNa*gmI-O56;rZ6R^})`bPu!*af9W^;(qPqC8qI{DOzuB(+>Xg+m1I)hueP(huHK zQt7^J3;?Wq#Dyt#-f%%hqrdl_(^LBn2}fk~4%ECbyNVM%=egQ;l9Y4l!wISo zzng%iw&Fb(z{m6zkE++AcoyZ+a^V*|+|8+dF`&XBiub!LYOLbrF-pgF3|hHHk9!X7 z=`m?pn$7EKr7E17*KpJkbH3INb7AkX*;CW|1T@2v)$H06ZHL+Q+D2 zZukW$i_5|0jq$xMKf<{0Q|m>l<_=gS!qF^DPqjw|M$#Ukk0MX5+PIgcS+(~wEW%a$ z6$lSiZ7Xq*YE!9Us_lev)g}+l(&GtOYOD5<06um>wNbqm)wU>)mJ7e&2@t$}0Tm7r zyxlBntZFauomjqoSF8g)oe^fGbLtZI8KYlKYAu|R=Y?74eg~-fnc01IH=5+6wHs~u zTAQ(ef}`XwaH(829!?+|e$;V=t5#|k^=P)HsqU$Fp}{b>3yp4Vv%3EZ!y;VW--qx} zb+-}+t9xh{n$?I*fk)jvUFeS|V5zO{&j#?ZE9&0bg|;Yfc$^4Z$S_p4rr}%-pX4|4kcv-|inpk63ORAL{Nn^X^rM5@bG1Kg7oBMM z(^SjRF0{gEVIH*{bz9-9P+-F8tnG-} z+?(o(T8_4~!WQMxa^V*|TvV+6IJw~ch((Q6%VQq3bk&en!=Qi1Jx%OrU=s`97X3^! zORlK5CE%(bFI-@(9SmS_h#9l+ie^Zfih8gMih7VM>cLh;eSl#RuBhh_9@>6diGvjt zWrZrL73NXYgRY{!CIL(B_H#Lak6lsJgDr|`Q64Q9e!;^H(b}s5DjXts_pqq3iaHRe zsAK$ILekfTx%;_U?A6kA^o*wM%~jYQ(c&1UH{FcUwQtun1SX zuOmEE?X1MXYG>WD60nYp_R+q9#a>5d9-O7$Nx)KD?fyJ~k6lr_)(I$!@@Tp63mzR~ z`kjCZhp63ev#7CZr+U=Rb2=z$lsZRuXOcS3d796Fg&tx{K=b(mmdItIr#HUObw%o%y5ynq)pvHxo) zc4d_pMEpNfriZ3+=VeJCO`gR)WwO2;g=oWyTV@vZYZvUyS3grdi9y;Eb$7N;0vVkMgEA|g-J2*QY zz>LQk+AMCbKoO;_*1__%r^no_;J<*9xr_`akP$!ncw0dm2oRSL>usSQ&EE9%esnPP zMdyRa)7ATcom_JajBvd#AUss>t;9ikPsN7my%Wauo;)~DjRZWk^}Zay$S&wTs@J0T z7Uj``;g>u-bD`ZGP~i~Cn`TjC_5MCjzhNRH9K{thI2Jyu$P3uNjq4G}9QbC#|d4;Vt1(^}I}~@4W`WJ!06!5;)J_nSkehH1V2-_N(op8O^S>>+#03bY*Jb z;laZcXKo5l@8~S;1?;u1?`;wkl<(F+tDFGywst68i}Kd z_MAuhB#Rm=m`g2Jb+{K5uto~qQS?}GA*5Uo#&CTm-lKU9yX=ZKC9>N{ak8Nxv-3-* zC;~fRxR=1AUaa?Ith=fB1um5f@Sg*exJ5d@0OR=(?N8f9z1sq8pHHGYuhZ^;vU{}o zgj2xI#-A}T!W*JXFO6u3ti%Bg5x>4WU}BkvISmo>;5@ws1;+8zZisduYP0&J-w;vt zS{fpY@@T>EOCH{G(f)68$@@PnYOKERrp=75p87Sq^-_hT(K$EnOu!94op_){yFGw0 zUX$vvYZjf+K(4)sur-V>!cSYn*yZ|M!vZ!Ko@HQ!Ygh&0pFq37=FpaV>sG_0Tm9By!%ZpdSG4@5XV?b&Q{S?6EAn*5 zumM{s|Ac`NZrHwu@KD2MB@QxdRBV`GbHcb`BM&Z1KS6o!4SSl3AT zdls{}DjaF)GC%rbpJK9Z&1IV{>FNSpp5qP?UZB#rEL^uaUKac)<5?-~YNTrJQAVO1 z&BoO9dvs)QAnlF|<>~5oz@E%kFfhXP`vk&6_1j7upx><65dG$1j(#%_&eI1H@YL4t zGXacDU%#n(E&6Ry9xWJt$-^68+N}W<4w1YAENZNNzttW2pDg3eoFzP`vR@d7T6-q1 zj+BdR|1`~5VFufIUB|tTt!W})oISk3W)3iq<#a~qw6fno9Kp8iD$Q=S?CX57Rf|j4 z;|Zk8&o{hGru|a8e2W&0wOfqsXHWUwtO}eLdm6R2JBM5S(LFO{AEZbM- zJxfV1Xm9h+mAwzX9nF>D@igr{NE}tPr|b1^Skzbr$@x0zbU5&MhTm*!-(-smfrX=Z z&`W@7SPyzxX9CM~d8PHB7xmcbK`&uN#cUbB=hMFC6PB#&P?{yWOzg7$CyqWxF!?MSro z{+#v~NE}tPN3_4qqQ;8$qyAgRXR9)vaosP_U5U6>3ipp=*#X~c7jpY18t+ZzZlCWL zTnnxiJzLsU3%qWpU4m3?ai!a8A=qjW^0HQ-cI*KWwsu@^X-7zEkCN=8G(Bca{3vJ~ zUFoNsE@*$~*Oi;#+mWu^39jr!;;5oMx^e@H8mlX3y%(6@g{Ns$x`u^rZ1N6&+^4rh z#KGc8U{8p5csv*P^X)v{FNjP05s=7i3j0Ek)D%u%`w=Xfvv}OpS0iGbXU0NaOa+YL&A7=jm@|RZpIiG<^unV ztprzxuL836)B*1!YF}xWC*4+uzNy($0|)yDhD2+#5{5`#FHY{?v`sD^OVqxfoZRPG z)L0SxI_jI9nj9DGO4GzwkTOaoM?KYrCp~HzBp3w<|l{R+WwPF4uTq zOYw40XtxyWDUzpU*iAv$+Qhu0%(2rFh?L-h_8EUmuoJ!=wFG!bQo8|(ql)&l1lO^s zv1<4h|A895+DbRDdJMnN(qJ^remZXy*-!onF2}kp{Jr-3MS3Y00y1?^_P3KZbmkqY4PO-(}LsG>b8@DPg{s{$w8r8(~lTuq&PEa%}u zGj&-OCR8I|EMwx*+RsNvQJj~EoJ|90d{fSqi{TR>sy#8p!=2h2+C{C~V%W*F%SS+j zEuAsbC>C0@A@!q_CY5QIPf$)R(=H!^Z%49>heEZdkvO3&zn4Xgm*q64U3iz~WV*R> zS^f%$YEPC=0<|x-i(0p3dE-5^W3%H^Q_cx9{+ko}{k9362BFUO>Vbcd{i&@a3moHIXfn=_}tnSW}RGhG+Kv-G@rV4Hs9W!!46r%0X_ zeHR6xOUt~Y43X2G-%JTEXdCHKM)%o}8{pfK4V(d#*CBCK(Vq7FY8EwC$kmP zy%{eUwPJA(j)Kd&ySn&=_X_sY@#xnUF&dny&Cg@thh4v8OG|1AuNCUjYj6}*h2VNO z=i}KbJiy5gsSae^C7BnnL@u~v0HZzIc{k9$qg}MSFSs)k(-VP$n@3%pu^2`22(C;) z5M1URB|VPd7Ae66?MlDkO7QJSa8Couhmbg`Xpi7Nz@o+q?q`AocR|PEiC(K#u~5#W zmL^1C!kOes!i*|as}h?tLB|v?sY?*&X(qh%h5L3@0juglkPcw}PcR_s@{)>SnmzBb ztO}SNVOoK=H&vm4|B*@4U~Ryw2=4i+f58-R#d-sn)t+L_LK+@xR~ovlSbb;D42_Gk zr-K`X52CuZZf&&VdDQE}6p9zeoscLocQowZQJM?djeZS#8onKA*c>o@FA_%;?a{Dz zv#7Be_Uf^7inM|?d)kMIxsF=NTC%6*dpcrB%lEYH3j5B_$ZCn+A1Cjfv$c78IK8Il ztw$pkbsR{BN(>HJZ^rm880c;xTu#3PlG~Hhdw}WhwTo%D<@8cE87EFnj0H9V-$Q+E zLES_%ZxqoZsXw6L9@7nqk{3r*e?*BcXc@n#J`dlHMDmQn!VF-`Uxjsfq0P)TC%VCM(+W zr{Ziy&a2K6hY_e6`#_DY8oQHa<58SjC~=ROG+`8Kj#>>;mKU_!{A#raz8$I6tH7|A zBXLyG9<{oWMU7RfmpVuZ7T_4VmP(k|<3rQ%2weE4P*i)C_dd{axLsP>5WeWB4}&A9 zz%_FsGhOX%&|27*Xqp65N|~-R24&9#Dr+c|1u?|K5eDGgZ}JR z)+u|Ym3`CRvdt^m;vV|3MG=oz$~eD|bNk5XS{y6KJ9wUO!54l5!f$-AL4~}66@uJZ z3EJKCa~}>CMUl9{YQ!7nsjO07lCydZ+}E>sUGiL3t`$^qMZ$QnDymhnP|h2HepWy! zi}#{R1>8|!WOO`xj~dfUb450&y-1TD4NEHm0>PfHH0NF4FrqQnjojvtD%Pt+%f5<5H{4911#zpMCbvnqI`O zEqE_4H!tPSQK-?-UW?4k%NNS!YN=e6Jt4<0Hn$j1BD_PNJ5S??27I<+*rHZ)Se2zG zISu4@t>uG>bmo(zt-ZN?QKE~Vs5mnV{Vtvt3VAe zjMNM#Qjgh#>&t74$ZzY4q?dpiV(7B81fO2OpO=ZEM%~=1mVi+Xg2y&2G|Zk_bwR{M zg4g*2a#*t}>p8p&Tqw#q(57nU!SKs0lml|OzA29ycbMTcujHoO8X*OH_!~mO^c*lH=kBP?-mtPr*_=Wq29$VS-JpcfBeGG^(6C zzeKXMO+H^K8*CY3A-b557(g927tPP{kDGQie(sS z3)<^3n`=!7Tj~as8H7lEu2w-2TTwgAAp?KQ3_J+|D(7i#!L0@+zs?d_B^vD}c03zkWH z(p)E(mK$h$%uSXxfeJ$!aaSnb3Wn@eB@FRkogg^dQ7LN%obo8h3(R^ehn4-x{mPWG zqA1E!${UpTC~vEom;2(DB)lHTO#LPEdP6yE_F*b9e@;{(#SP_tb91fa^;j`4w@s6X zbOz`~d(%*!YW0R5EAOdM)fe0{HkQ?bxB!X9OSN^FWXbF+L&ep?@N!-y&#yAiUZWst zD^+nhPkvi)=vFd&WlV`0qNFd7-#N?ANn9bnk1@Y(unRc3XuaJe<56@9`XLKiuSu}) z`1w1yOF=TXI;r!bBB?A3I^iOjJIXL9ifCD9k!(CuM@mWO1tjx&D*~pks5K(KiFtMo zN~DB{w^yS*(;BVd$>ugI_VS=e<%|8plo9PcmCP%xpe1ZbLtnzEh*fMvqhQ+0CzFHf1#N^c!T!@vnhnR#N&#&ue$pJHWNus;%8Q21BG9ymWNxDTMBqq~ zX#6ReyN!xk$il#i78=-!#5$Ft;p@dy0_t~5HTGh+S|FJ*Hxg&9@4d>i$}`GmmH(i8 zMfsBQP30TPbINy=A1Z&V{FCwzTJOa`V*@!m$hm@?UE~Pl^phi!b2~YQ$T>#N5pvFu zGe=H=9EqHV$tjWZOXR$koVSouC+FA6c?UTkBUF5uzoM*`S5ILVF=ab}oft=5i^L29m3pw8==g-Lb zYjVCv&QHnt-{h=^a%mTnvz?r+(wTBhaM zy7Jk&@|C*s&ARejUHM^M`KLN#bDgoc&e&ULtgSP)))`CdjGcAH$~t3Xow2aa*jHz) zt24IM8O!R7U3JE)I%89vv8c}2Q)jHHGq%(jOX`drb;gQ1V?&*>pw8g0GwACK_Bw;S z&fu;ysOt>oI)k{*;H@)g>kQU9gS5`ztTQO<48}Txu+HGCGwA9JwkK=K)#yP(DV~N> z{1%krb5M$}K`FikrTDJ$56X`%jkt&ei)q9b`eGV!4Sg|<*h61TBZldVX~Y&==DPg}#_Z)aZ+8#OvvcX~a|X#Wdnw^u;vd8Tw)x@oD;E8u11CVjA&v`eGXK zZTeyw@z?alG~%c9#WZ3)i5Sy}?exVo;$`&3G~yQeVj6LfzL-W#(ihW+)AYqOB1d0L zBZ~CJG-8#$m_|H7UrZz3PG3wT-b-IhBR)o7Oe21qzL-XQnZB4t{1JUIjrdFYVjA&x z^u;vdXY|E1ViO5I(}=6+i)qA8t`S-KB8|{!gs9z#*L}6S$f1YZwU3fRFD+}Akwed~ zYE^RRJxJ|aW z22{Hk&6q|P18NK8(9KNR7INqY8BHgLu3XT5Kn@+w)~4ySn7PH<(_)5vOCGB)tp9=L z+VY`3wG+?kV|ab27s!0kGh3Q37kTH6d0yG%$z%8Wa_n_VWr;5L<&Sn%uhLlTs^+}x z5R6FCG`g-8Nk=Ex?zB*WdzD@c^zcx- zyySTEVW`rhY@qom?Qt;Kx%tJsZ4#qI8jNCpK@p2j0;`I!OhZ@!<4OTz7Ig26;=mys z71}B6wSNl(Bm11~18d5IPvacio^Tpxhc<$!QS(q{k3B}c*j&$gALjb0>BFaJu*en- z8fV*cBmcHCOoJObI{h31;=bIIc9gaiUW~DV^Mnhzp z8YAI~mnsg$p`+-M=rrOItnrYrlXY@2$k?S<0B=>IvFJ`gHJFO>v1K7+Pbou^e>pjs zZ(bXj%3ep4uI+%>J0pk%!DO1OX#)&USEEV(Kys4bmlny_bwKhhtt1y0MJa}%|0y|j zpG}Lp>pP$>N_w3c0qoX^X62tIC-$3Z5&N<(5j&I_h$i;$lN0;Hw1~Z-JH(2^al~%E zJaIGMi>Pfi^Zq8wwM#a2B-N}jFl@_r#c8%DPXfeJsIkC5=MeNS55qlt-*!z4VY_^rvweM?&8-qb~MV~o^C zl9T(vw8-7v0l5bga5qM4e=j+ypG%9>JspsmpbsUE#%b;UNKWjx(js6?RsHya#ZtfbfL(y&R&B=+~lNPbJbdA{IXksUl z6FZg`vHLq9HksDO4hJ4ePVNI~kt=pUZZfTn=^>v_PHZhLVly2O8!$n^R;r^V_if3k zdnzsJvK>&jueBect;9^eJe!=hXVRjrKP}p-(R};;k^6wm8 zbM@$?058i_Xao=p1aNvmh_yx+#He^ou6)SCbR@_OysR+yRl; z)&G~A#Gj=|;x%cK7&DXc(yJ18Ypz1nHFRryg4)R|_-)l*E{c@`dCi=2IlGljXcn5=WyOjmMIc_-KkGcCxM&O5(w25`QB( ziNBU2iJdI&gpwFD(D+nx5jaX{hRM6 zr}6m|Y3yX?JDkRt4$dVz61V<8Pm#t>W`M(KjOpQAmz>6{5jCwIj%Tj)9pA(LX8JGj z*3)oeWBNJ=k`p_WBC(xJRE5(R)7hCxPUFcGX*|$DuRNT_nBI<-oW{izX*`%JjWOMw zHzud?@f2x1Q=j^M^LT{KXe&-{PzQ@#@b literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/.doctrees/trust.doctree b/ia-terms-updates/en/.doctrees/trust.doctree new file mode 100644 index 0000000000000000000000000000000000000000..1f95e447d57f9e3889e95f4ddd6aee793c52148c GIT binary patch literal 196091 zcmeFa37lL0i^>p8v?p9CtxR)7? zv4hz|=&%kDAPEUccmy6XdqM&q3GhfDkdWjhFN6>R;S0%2^1b9EJAu6aIkk7+zFl`_ zG_sBK!$^H^RoyzL&N+4JZ1v=dw_I`Vx#!TI=Eb$Ce4%_Qoyq0Om0VbxYp%{!vW>~G zT%UXM+{TyAJu$bTxu%+#sZ|=)Y&h3E2Q9MsLMc}b%X5$5UauC$8g+m`Q(jic)iAy0s%$A!tKlL3y`r3%6#rVCYfPCRW0~y9 zYBYcv;*7s`ctp;E4;tF`)Eb9t#y4(AT6Xp8~qt7?t0TD?#Q3M*x+t;RmEcYQh? zJU&)^Jit2a-W}xYlck=XAPAm6R_%L1k3!!vytR9+;Md~q+NS&^kOvU90&DrJfU5j+ zfc$Im-}U(Kx%lr!plaoKr8=3Rxzfkx@;BvgZsc#tZ_cmJZ^&;vuo44oYD5gsJa4Qz zmr=t|mtL#Oviz<2Wq|rNL05q6eu6BU53?szg>0q#cu<(kOoV_jo$kZ`_*bp3zcQLF zRI{aUbfOxD&k*QO^35xZv!xq5zguyu#V#tQChfH=v8Qx&CI*5Lp98emcn{Htfo#yEP`Bx!+M?X?1KCF@w^a!fek<;>eqKbee1{P z@}p18X3FYdr|8c}cZ zLlidKNGiM3Le!e(%6g_c5t^MF5_T_eHhN@WUuu89JR!ZrF$0qmyAh1L2uT3O56N({Pw& zL~KuQaRpHGav&f}7)Vv8z{KJs7B=+zo2pZK5@!AKPc>hd3@7aqQpkCZjT{FXqYgIq z>xCWdFGJm!T_{d=w&3I%jT4K8pr7GW7G`v-n@p=w-Aa*lMaq?V%F zQ#-q0gWfM1Hq3^5V?u1~Sg72<09|QgM;Ez4V=NjrXfVYo>pEiN5l20fJ8Wu4dcnI2 z57B~=E46Z_B#SX(jX7`o**qUT&HPUKS`(X#%a6izY#6FvTgicEm=s1VP_Lz(*TKG#_YA0Y)60=oXqfcq$H7 z7Q`uHIE9z>9r4nMN){+TcC|^5C@QgKhkkEi#FZQi(m`lK3L6^|V`JOGbdX)?Z5}+c z4XdwAL{ZqF_lu;1(1a8=HYUc#_Jv|&y9YM5cfkg|Uo>oN*VyRoh>cDXWWi^-UFr7I zoR$xk1aZ%Ex`o9rttYw#N)Y=@cUwoibdn$oJjLw734~pp+LEey!oo@XDTc;aL@F_- zm`xqAF;1FC|G>UI!-h%1Mm1FmPo?p9Wh#Te`byzMrj!z{ih5uF;l7b$BYiJ~0r*b* zM_$xhw(U7`U;5x^dh6ybI85%?mEOE1y?OJlZS;5l;d@$8vm%7wt7dVGeqdPSVWn`K zj_D|2lIn<xRb+bx)9dK)0OH(A6zwkWJT}GRWsxD6g^KBE446H zgx4lD6ON@ar3tba<|k_{NLW^!u`Px2r$NAgLcqd5tiVlo1oyB2cf?SE_g5=q6gBYH zD<|R4a9IJc)veW*KMkn;i9wD0r~Z=4X6uU zRqMkF+|3=qJs?)~z=FX&8P2xDdD4ZGei}IMPQ0Wpg6WG2z%3mCq!0sesU^I;$=3Z` zt$+xSdZUUM5XT(`Qnlrj{As|vcY$Da zMSuVyiZE8IH8Su$vUhaLwkYptj~H|Nbhcoj#C>XTa!}!9QD&mBu{{-Zl3-iR_LDPmea|-buHxGr49X2)` zAE_{^NV*tINERF&R>p=8314G^*t$82Al4{?n6hx-JTz$7pNJef&p?5`(+0hbEm-ys z4;&es_Bb0uwJT%Ep{bU}nGfLpp597uM*+RER;Wx(+oxgk#DLrN{M+rL3eH_NoX!%n z)*^^K_26E!#2x9(($XY}G5w~dvwfSl_q7oB8bRE6X|JvQFap^5ep&&0dq-f0iL(bO zYEjZ<|EVm(;uKLSd7mDyG|HF-2)ECsp;U-GSO$fJePE z@N4tn{HCFxzoR4c&m-vX+cR{?K-?}>SrY}_7Bkh!6aq6dr6}@UPOmM<)NcdL7KK#* zPbdg>cZ6VoAQ;-eH@IW__B#v|9SNrOSRn{DH&vNxq0`mX@ob6)wP2!W{2@Fua6M1K zHJ^_v2%pyx!mR}1kv$KL+-r#(igKU{hB=C>;6oFB_Tj&syD()}-CD^&I+8^{F<{)P z!00lzn(^~H&iGND@nHX9)*Vv!?iuL5QDE~=uwE1eo1*)#IM zaB9!+aR1QAz>&iqlr5xiE<}`Xwvv*97<+A_MmP z>gmV?{_|6qdO=4_?bAGwdT?us1XyZwtU=O|VVk!{39w599+aTlY}+2A-Wk|2TBjJn z$nPrnUf2=77czVU`>fr!15uLwh?R_N1?pr6)nYk0sjLN6zYPdGI)lKp-{CU~lDj%W zBF+&cy;6rBI5?6T>K`6VjT|4ej0NqGDXdK*hOB^?RGg}6Q&1VhRDE_TWX&;Z1uqvX zNWHiRx3<9U^xmLBpRX4%Cxw$e9dR;ksCUoENI&s9SUk1&;6VT3krd&|o88$oCcs8K z9mP2lo2SMyHRzhzQUO{`im=(Yd0Q*rU*F!%>R_R*YeR#-VMRt=q(Gu+D}>(N5up`A z=z(xH*kf>Dp)i~dOIXlq8VB?$Sb-1qQ`N$BCOgZAcDVRqa;?wysehzkC`nley~+A_ zYP!{PadAs)3wQJ?usY+F!PY|>TZ=zKg|xjLk#-LuZC^ND$cDjQ$|s4$*c8~0@ukD( zSqIK>KTdyWQ8q3RuTtWjac0TqfqHJxpk)tws)h3Stb%Y~M+jd=5DMgjIOYjnUoM-O zni8XsQ6A{(6Th&uy9LJ(wdXUn{BBr_fG@%j4h6YVSZzVh8r{>P5$B;nOD%#rx}#-* z(^W|A?}*fpkb3CIKFcH&9db)i!7>1N>*lT7Q=516Q5F|6k{a++jJ9ZZqcEbC3)##l zd?W10m~pSdR>x*Vu5jjHo7eZ^y~8H2|p}dsA@U8G+HR4Y*3tc4HSd$CnPe z*lG?K0tZ--*v||o+JCdK&nu`0Izs&rEy?iUz`nk{1O2HZY}`xjm3rkcl3ifd%?hKP z!3mke3z@VuOcyFJfFQ>uTL@DOAZK;9xvXwAja&>;N{#u7g&OYB$HR8%VGyVFanCs_ z4BgieLl+T-z?HQ+<)iL)rMimOP&<2b1)Knd++1@F_efC&tNO%Y^NHqxzC04n`l<~m z@YO!@6u{GvD@fM@QruDki4o5vcKh^{=3v2F(_AHE6|Ef3{7SL~Y{1JENGvIZ)~n{V zBS`xiC`*aMK8&C;9*hv20>riPZB$BDad6o==R{>?DU<;G;$gJOUs*gre<7(gzrJ`c z{S&FNJohz7PR>kJGgEncieIBC_CK(1AUMhnmtc?Oa0!M~VpFhRIa`7aC$ux?#OTHV z3EEj?IU}u&a@-iS;1JTbOF^aCov$f3|yDmorSgVoH3Eiqtv!QzN8C*Ao#Mv`OItEKG z<;Cxul}=0Y60;;=w6)E1)26>5o=_($wu&<9|0C32GwW)Lg&SkVQM^>ygvVZl3JD{W zFDk`QP-)aj`>yF)y-SO}sS&uWTT8sK6xX1qh1? zPRNwa6Qk*XXVEf{WJ}_D7$HW+8>L{+;6Q-1{QwR*Q3?Sm#z<`y*@>I^e|hZy(t;8 zo;_ppF;xBQpr=-<_TNK4OH`V85B(kL)wYMyOlkWjK?AsK~iCsakNi76n6`+Bk9!#a0gJTl3 zx`{tDlP_fR*h#XbMlKAf+ynYd!a@#mhf`@1ZZjrq63_?3%rqdt8+@iv)$J>zr~OE$bs|bQJ%QC>&yxDxws>L8PZQ_e;eo0tPQKVOgZn{O8lK zPzzb4rCA`ghy9R3ueY6lCX$J$U1T5czUxwwq^-u75mHoP%5p;6oxe_GgkA6_aQQ_85~5$jp=5=#>tB5|bFt^I`t>B8mRL6Rrd9yE1NtXH+}q@Pu_PHcsa z3#C|7Q+gak1CE!69vB{>>M2#04G?m15G@_)P&$Lk9O~QVn4> zLx?1Zpjv56F!^sF_oUbM+jJgcM+p?2X1_Nr7gr=hT``#sq5eS46Uo{1lyYk78Ch4RmPdaq8{V6;(^t3e4>>3{Ey?Wq*_S zFomA3MCrqJT)#koq7+d6TuKWAm0@LB<2!(&o!ZTnFhWuZt74v3gv(JOvK+Y3D`X#I z#9|l?p;ZGWh+N@}IvSD-;(Ki*)EhajRoug^?DP7&;c}jVG=)TFxy%+O`Ux!_b{=i< zZQaOc#kmDmBAkpNIZ+smdLax)1gqdYGT~UR`Iy7ogx6vCWoLe3hHG90bk6@&{5ru0 z2`$TSrCx2PVwy>(Q?Zz3JYl%xgklr!UcZ8gz&iN|g_F+9^$Bd)Q*E!vwSxMsCGudk zz3gaMMMc<3NtC)ga5<6rhY8v%i%;P%kmyJ7m#gx29I5yzv|W@jp5HbPfVKieoyoNW zwx+qPTCt0#D(eBdz!+4WZR_GH4Qtq`L)y9$r`8j_O@0Hgbvt;tD@t`?o$bXI_uF%Bd#-2xFBmb|%#ng!{4P&tF=xKwFqBt)Ad)V#PilbzV%g{{9ByLdFZwhy;FzMa*2F>@3to_hv9f!F_ZYA=lIi!=ZNg;;yV^$jve&`ODGEf zPd6ppG{{D%V1P40RRmG653!P(7!>-v+G^~6J~4KY>s`Gv(~i+*KRAxC@*09RvY7t>npRe>Ose4^6S%kx zy*xFXbGYe(Xyy9Eb3}e_@tQ@LqYteJ08clqq~}K=NxNyf*q<2ZNSH0|^~d>L+;l;7 z@kru1BG0w>&?3yyhb{zwr<*P=912UbWJ(z%OSjrDTAu1veN|$NA+xmja(|3H$xRou zsz050j>ruyzGD&Q=(DN>h*AveX zxsSy^U4%LMthoU2bg#KMZ{l2V5U~)7k==)SO;@f;x@+GBd@VyS-(8!Vc3o5VjLccp zYn$#vJ?HBa&lwql#cLLO&c`n0D9kV@0nH>hal6S>1=%(TUc_O!PQl$Az^FnI&3hHk zG9K0uJ)@onlhgyA>hKiG_+$OxrsjAU`}{1zpq)S%vW%ak3D9S`tz3H(ZixpJ$b&D4 zJWu<)ue{|d1Srg4P9plch7&z`QaLBIK+aSO;>2g*)wbN}c36-)-=D<}sDgtHTk(OE9l9Y;1x3IZbI=htBLCKr8=Nj;l#DF8UvUtBg;D@Y*sJFtul93K$&;rB(DlA9MRk4r5zfhtU8 zxHYZ&+o<<@MQ;`Skzao}zYz{Y^X=v(vi+J4-am6B*^W4Nrt#t&$Nr)mIX7SEE+TxK(gjVZOiy zS5fzBg#k0h*F9F{Ycz)|i}X2;3whhq6@8l41ZIq^=^hI~@w;DP0OK8ozbkO@JM@>G zct^1izlVp)Pu6_x!-HFi=mte;1fn^l&xzPG5E&_4u;Ouq%~Ta`Mf{s|J6TCV5fc#? z=fM%R6>u3N!VBROFnMuM3~{^XBt<9cLU^RmQ7oGnq)>~ZtM3y4hORJGLlggncL-4U zGaH=qEl3nOt&*^ro-0>(KWa#7qK_~&z4%NbMpKM{ISIue`?UBy24ayYrup#THli3- z{Apv7rJ9IzYK)n4JPG+#4YZK$H9xHwwq|lxwQ7j0WsqLEF*ybz1CeU^ z1#5*R3x#ThTv^0|({9W8qsXU|V^H{lHrvqnEGI>!nNv{WqUi7xkYLdvU@)}v7}JhR zhZjTjvO!cNc)s=2jPOz(As)q&`sia!eQ$8L%%=g?G@S{AB%!nWL1)tpSv(TF>FjL} z5AGm3+ZWQM0HklT5JW;H)x;?UlJ@$>LoTOHDnCjXP*YGF6nf4lqZ~JF6r1PYQ6(-4U1T?|b;;NHaau7?MA5i#w@brS_q zI+Lgg_xetW5NFWDbf#LUP#!wzY(#HFWYE`f`vOvUA5)J|t|`Zf>5^g;5eWiBEm#tE zI8)||WFrQh!2&C2$k~XwkxHVEBC0O}ev7CueM1yqVxn+~3i8TAXWAMyzC z*p*~OA7iq5?b8Winz{rol2F$$sOz^GsCf9jsq4vy2X80pLK-V>P@kM7(n1azjPUCG zmQne?P?>bS6X;^3a4`WPbRIPp3a}|4Tn}b|lJEjhDsN>5sz0jdlp(#y=s?t^V)}$} zB8q&z3ji(h!TikP|1&SXOFpnPnCUCpS*;$KzW>R6;}Itbhd#rEQ(0v%@6CGt;&e+P#s3QLTW$WC;jSyNAL&5ffUjK&>iIfI=npQ7EZHd1S?)cQ8MS zY0$|5wG6VfODgjQks{LLxKO0nI!l<4Rlq~$b2}%3=J$W7F~Yn>C5~VR1YsD?x?xSb zy#|NxeP&Um7NofIlGaydtXp}kcnX$WN}pve{q_$7JsK1VbSDuF4?r|r!`O;PY>a5= z{JG{zVHKZio}1#dwJ*RZrE|0nkYUpp(akW;ODBXEgerk6FNmoJsNRy4FmHWaFy!dy z>Vnxc!pd<=y_EfpGTXFIeSV>heL=1e@nsb0U(lFCe&YSe7!-kioM^r1RrF;`Bi%NM^rr#C^kh05&EgMqc z%uhsPIP}1<>)Lq;RH={+4F6I@hKW;^;Hoa9(eb^W zj`<{Dt$KL>P;k?hN7SO~-x^QfN{pur@bnE2h~&!t88__~q`^@{ID+b60GaF3Z@V(s zf&;};Xp}mNN)&&9%T~3O2WI2=7#~M~4(xxdt&$CA!(M%zRxm(SA*wi&+i|gI1dX+x zO>b0Xl=K-4iuR_U!G=h_Td%?;HW7xe??|h$v}ethGo>okN!Gm(?MollNpV&sErpoh;2yQsbw`t0?i=FqY54p59#kL|zJKTS#Mbic7 zVu|8?R~(LkY5s*V=OqpW(|8G&ukxt#lJ-IxY;BPa_^kn5-_zZd>jIhupf{tJXVmD8 z+_al?X#R9>Z$CM~aUX#SwveZpb|Tbjl_{Sm7&2pZwH;WIzE3)@qFOB-S4F8zstqKH zWir+0Q6C7-F)D5w$)(TfIAg_}S42W&aDTT4?j=vYfUyXkB-3pRPo4pEX!4v=_+1A1*_^kmgd90PoCm{eW_yao5O}p~RH{o?sH-rWc!dQfR6tG`K zZJaWgfa!%iYt(L&tehl@Qo^qR1I@G^g&l4t>&)8js2z@oRP~BtpmD7m3MtV;xd*zT zRh2O^Rf^ru)O&>mlMj12b5zohm^no9+SQ$)R;+e;6jIFUz1m~-B&WTc*8!aNg?3JR zreai6F#(s1UB^MiPcllp*i}&R(y;6H7IwvN4d{nF7Tjgm2>|-b{(!!pn|5W_?;up8 zfXbG`^~~fHwi?Z+B0`KTp(q*)BR(e#kb#vMhq{2xCJ|Ez$CFi6om}7?smRP%#WE_ZLi=Rn0Rlr*_#r0>pa^?N7UE3#B#%bh2Yb@-VbX!+1ugV1T#HA(cwsjt?p7vZ zDAcL|Pvl-2$+T7~{cM^c!?hoh=ZrYXUeziS{ zl(#r+oUCltg1vN4Sb+{{w28_+kvB39$Phsr$hi}-uqNCd{6WEF$euu{*c@UP>BNU! z)kMH3g%(?&uHeqc!fK^fOHrL{#G)Z|NL6EC7MFW$B&Vek0i&32;{e6_+Q85j9EAY0 zd=GjopXA3OUI^@%2-A4_U{4bwO)nY8l|YC`7$`4}6NI=l9Ji~5BgU9|Ga%a@tEy2?ndzvh1>dE-846>YKfW7!nkmb_w-|a2@hu<2||KYKmF8@^k z=x6)^{WLf2%71U`?WM}&*w=7LFI*QS?D21k?V=4%#7nnYIE7_}HYaM%vD5UUK?C9R zNCSb(aL?9^*yrelya9*~mpX0?{D-hZ&1rB#D;GxOhIU=tTopH6-3c6n`@itOy=0|7 zV=RJ|bmGvNz=ft7noctIm;%*&m4WbL4?#6c!yb3Eum^r?KzlAAK;x(Evd5zUbQOAe zIs}$;)2{6CdlYYos5d6`gO!O1(7Cpr@O5y)X2N-Kg~w2k9lHgcsw(B#N%~#DP6GXn zY8`Bn)(eWEq;nK@Fpz$sLUFp%fSKW-4RI<{c90MW3A5~pmLYO-2SnPP$o7*#oH}EM z$08pFF(*c>G+@sWifJTUT@eYR;-|H3@S9b-#bcEuBi+dO1|$8Na}HyJ(=!Hnnmh@b zWPDf!dEUS{h$m|4%@*W&y7_RmaNBRzjA$NcP>*=5vCD}yfO^m$)B$eVl@s3&ZK_b4 zYQPXNM7I+*w61s%*D_Gj1P3%5=X|ylX0W+bE7>r|S|Wu;A!UMxfYxXaAydp=E z_h7Xj-*7Di6jbn3HD?@kLd9gq1le1n9d$SR%wI8G&<#|>gGG<^kvurgmRk}~yxmxtCfdf2;A=V@$p{#vc#EBhOZLEOfkY(M_ONq_phQytkj#YoK6E}JHWQr0 z@h$M|AvX>!_?_Su+M7zaTCt=@W){|Ny=W$aF~4QbieoNxo*QgG<$-O<9`9$ofjwTQ zO%oi2e#Q}@Nrz^bj7z3LI`3t;ytqV=&JuBn2?&u~Vn>90)nnaUE|~$Sf9wzHA9B;K zT=HqeS4@UggfHU?VItZgb0g@mD3Dwuh0vU{Ehn@J#w|?Bd+VV3>H9<}t<+fagymk> z+J$LD=FqeTZe=rIGW6A2-WZ(f**vTu*xqEqpqwz6FH+&V#S13ISvPit-*DSMd90e` zwtry!gWKNmG)A80JeqAX&N~Hi{CkGci}M6IE)nOM5EIFHc8tjl7ZRxPlXf|87NA~> zUY{F%=zAXvO@DvL5NNu+S|NHUq14s&df7u66fk2QJD+Y`+rQ!Pbczom5I-jW&25Sa;xdBOZ- z-V`42t&|jD$~)9#VIq$WTP4#XpPll9b9Al}msd`s6f3+6g;JzExUnmml`ObkWR-VV z4kHKd@Sq_n2X-(uO}k2{zhMd0uecjdG7-6Am0oaFgNzPt(Wg)5Uy@be zWhw^n7zN+Zl9QH=b0*4~z@$X6GP*1U8}g?iktWecB=AZLiY+6Q`G}1`jwpbMwpN!n za7YEemajBQ$oZwBD~P<2u1ZV+wOhg|)Dwlh3Ui_{Mc%l)WH-RIyLiTx4unX{m}|{M z4lsr9!EItD^N1Y1&*CJ~xM;Yl<`rHn~slsM#~Xx4=2c6UOf zjOxQqfPt;|!c@mFi6}xo!Q&D&^3hUTTlMNBIJ>OA7M!u|jNtrH57L%`^D!n;2+rST z!D$rGvs8viwr47pX?ae|n@pZR4k0(gMBydRg^*h!d2S-Eq&&AnuHNfG^sYRA0-*k) zKdA5Krd{RvZkFc{!X`g1ZhE!uXbd(81@us+dU7L6byL$3B1j+lIAV$}fF=1vvKPhB z3gcV{pZ_HWcBG`(0&tduXeFb51*bdwuQeTjO88NMA!;#>sttVL(?KKBH^3EQY7peI zXjY`RnuKBwIwfu*rjnE*9t8(nNJwlt6IGNBNy+k_B58h;ay1Cg1P6zZ`4!e1GXWNL zEx}&vdwadmsl?<>9<7bA{HzDvNMZSDrT_@b%Y?8zyLc^&r{xY|Dw*8*Q842t8NXg~ zM=;|O$sH4PCgqMDb@ulj^yA8%mjKlN?GNgAxM^3p^9GhX`)13TNwD`|rBr~e>0qWj z(LfwD$r{`Rj=N5$Sf1GXd`@(Mul*D}itJ>Bw~@P-WOs2ulwv{Iqf{OS4+sU5>z1)U z1#-tyy;R{Ja(c-6R4gN4#47QD)J{T2bT=J9E2YYWsC<>1CKm}O)eE^HgK#QHQy2M( ztb|hi(3Uw%byS`G*Z?b~pAIqSl&D~Wg3DPKWRZvZ_F+CVU8q!1suY!KSXD;Md5%g6 zib)7H)ns}k2+Z6p09HP@q_S_ z;Y+3%n>h2@p}9hjn-xb}s8gIEE`%3-Bwl}#)w()kK#85};t*wI&moVMm9l4m*9i9c zFSi@zp2=9&3{3zgW9XNG%J(x`yck+g`4Ta-i8YiAZ3i39cr3fi&@Tt5b$?JF<)+;j z`q(W((J`f>z}FFx4u@0~OQHLa1*xrUn0w%AHzv7yk16-i(YD2>vsv3dBs2xralkCw zV$mW4eXhY3$51Oot9O(&*@S zuAxe;O4Le}du9iouz^glFU?7Em8Nkx-(YPvmsXLL2K%=5>7hCzCFYDg-N&L zYx3A>BqCpo?Si>W?BL_o%w#xIsh$L1Mr78RKEi{q($1yQt& zBeU6xCsHPqyBWK4g&er!T<;vr?G`%Ij4PD+EN*AOWtNR8a){HlB92Y69L}H_6_{bx z&sf$+YU+**l^em~*}Qd@FX2wB6x|YHBI`&3kgO47_JKt2($~i#LoxSrIwH(4 zb;e_PB~w4b3x$39YtE7VS%z)R;{&ti2NAeD z{#tG0(`*O_3##{jYbs^P^b%eMc$XRQf81> zT!lo7)D}>Mu^YOTG`S(Zp%E$X@t`ItQr^vU0T0CO?14DDuJc+~EwTum$wXEYeEcq6 z1TT>#_;`s#R%?*nRy#=VD;`AVimaais9*L6^^4rJo5*T@3F@}4*%9F#jwA~*n4Q9dv=}WN1 z#V#c4h~bQUijCPe=;ayje=#@h#;C{EvTiZR z8PN!X;Iw1fYQa)NHk}A9gN<;^vr^?SaS__wEXuJG3#t7US8mZ2CUWaX1XO{dSH(xD zoyEyu&^leSG!8ui8EsLd$`*pwyX%z>(Q=;&P8SvaF4g`~u~vq&jUSK!Q-K$e41Wi1 zN1Y#*6u|QIvil}pe6ahU*tWxG)e>o;L9iwh8gBq6ZDb6^^Pe<22u@le zq0t&Twbc%tddPzUT%qwsfO^y))DdplRcM@Ip<(L9Q63Ih*4oc#n+LgzT0Z;2=>i;V z962EG9Tlep&gQMJ#9or&e4dWz%*jBQ{(Bzv&O^ zpL5f$lI;qXY$H_27||3^!fZuiD4eRGYPl%J1%V{O<5j&9)~KwGs7@|g3l)ej1JKrI zm*H{dqjKbYPK2zeHA;2*33bj9I7*_(8$S>N8lf=CBOphEG6)FkA4l#b6~hyr<>>Sr z`kF9RBdotF6E#kT`AP|qCei*TR2S-wDJ6H1OCOI^BVzu`gBYZU`5rGTPI~`nB`o}q ztcaEqgoI>r;;mqwe`C~n$qB(cOC%>+L%_D$Az&NV5~%T$cICv|0P3yig>kfs|!%uB|M(UL;?i1genbMWRg1b?EK<@Fx zIBbI;r>kr$Tm_} zM7jZ8$r4uSDqR4o1|rKB={?oTSOdy!ROA}EoL`Rf`QLW1y}Odh@iLgHn-N?!6% z2#EypFurLD7nx!L;#$+rO`FRhV`_5;&ZFCLKY+Vz(MR06Yx*>o6>{6=^ySof>l*6! ziXQ4N;r#l;`HhDg)&-5tP0V*Gw`NIdTwgVfi;}FXru9c;KX`l*^M;7@MwSBU0@DxY z4X2+qsexq-#sT{4*8DPa88_V~-SuwltM{8&+&zN>P;PQla8#Llusb)<#PTH%K9+Z0 ze*sP1S^f-WIf}WfYiOH)cLW7z2KL#$`7Ptac8CGa#Rcm=ZgPEeV)pHkc3)ZNCTQc z@iF}Sz_}dey-ITCfmZy5L?*tx`oz>rm#oo=>_u9^PiG}KRulfb~dVPxbGT7Y}7q}1g zoJSJR`Tdyl{fj>56)dXNWaTeC%ae&``QI_i{G!kD0;wSIwWeya?n6E2mnEL_2QcTC zB%O1-Z22RhOKtZU^(&&O6b6fRXZ>ZC#a5l)6yhS^Y5cuEG5&rT_#BdV7QPOjs(VPL?Y(N2g8Jr%smFpk;1KJNjaJePfj zX9~%4LzhWtF@_zh~st?2Uw~$-XFCsu$!K+b0;?6?q0A0(l2?5k~DjJW}E13ZLb>Q*pMaScdlmH?-te8HB68}zk)SEGm;C6gbY28v$GL&r;Rc}DX@(S7Dv5}ukW;M~qmGrBj6 zGWcn|t!pACE2#XXBRNUPm;+>^}1A%ekbc1FT zq<>}lbK{QyP(0*H@?RI%%zWd&JZN0XOqvcmPSh}}_Cm#?V#GentA&^Vq%-#r)3`$Hb6|SK4o=|9)rQzpnW;ib(Ou0%(lo6$xN5DS zNtoJLT-Pz6g+fKT2DCiav8^i}+OMNr)Jk-1r?Ir%V>x7a%N8_s!&`p4HAvxeBj8ko z-x>SAnxnxWROLXqA@prTg13eJn_~vSxpZcaaw*Vho(9n|Do6rl9o#sIIP7IAgVc6h zW-LS(#adE|RBvyrLkX`Li5nmx-u?84#_-kMypXPp!QFRVfK>!@eQZ1PmHRx%MRG4q zh^5TAY13cKG6_?D5lpEluZ7$=%2r8nC!$I1L7Fi{j8kQdF4tmOvFOpIS6Q(HMkRQ< zh-5&~a61Zb7Gl_^^0=c^-nNhrXL~q!>SP#B5mh#(QuRuTDy)dOsg7R(`O?5P*~5?4 zk=ijunmKopL0YUWa!@SU!eEhraMbezb5JNPzA%|NRhVo{2Ia=&7%I8qNNPKm(5{4- zF6@_MVSOeN@B zSOo817O_~0+b?ceMl({;pTFs&%-`pM2K0U+rjmrgztow*n?HLu$F`BM56YEtstlzP zCnBWWN{cxWw6d|t-6NWbP>UE0LYE1XFB_3%U~k$)lm!_qASJ_zBW)p?&zGTWFOZRR z`bwGIdatORftebtzf2H-6OwmBJRph|*0zBwhoykMAIG=|*o$ZrXP}g!dr{r;Pg&7_ zCZdn#4_bP+j+5;PG|t6DuX${Lke-bl_Y-DZjq9d9n5!@UeS$D}s}d^;aCS&aY`+SSo<#GNsWmTn&G6?#*)w z*kd2S@$AJt0sgGZlqS~g4%YP#Z{4wT-6rwuWFbe-_7}#FpW3`_tX!$>yM1!!#PRzF z#t+|nc<_$wq0!;YH0PGT0+iWUyra#%;x!`nsMcdeS}e zt1w2O-Ikr(@7T6$$JQNp$PXifLqFcOb(elztI??1eI@D_&89 z+xpOvL-!uOXLw(B`$MI>tJ!1uLnGS`JvKBs^w5!e?zk_vt+Mt0;zRo~lRLI#AIRq) z*gw=bax}O3=>1WHW~;n~R~kFi znAtY6<$hX0BVxG{y9^rpIA=h06jA4Qns*Nr)DhSGX%^<;jnJE_@ zW9Av9&`knSN$Qb3EfB0@ttMN?0=nzRV^M0+UGXHPr%xRo5tFBX(w}wt%49f&a`dBM zd78$&$W@Gm(QxlqMU0eiAa=MEvVFDbi9Q-6jeoS_!NM$ihk;*_r;vQ!!mAte0UU;K zy;-=BPskx+K0*;F3;6=|j~SjtjBr{BC(J^=)i#*n5y2mdE3Af`yjpD$Mac+EhBA)A zCq%JaP^uBj)hF^Vu3(Xr@uB#8-Pw&>Bg7Il^z7`$tuYg+HrYI7tN< zdY#aIC^l|wr}`LMOgcOF^Ec&hZmvMhfowSUn&xVCSzo+&8UEUM;13)VfH594pX->MQKhh6YVvy*#WbQ*f$m4YV&g^=Lnhx3Q$gXYG zj!-5%JkKD8pG{m_KiHr!+3OVf&&uHlES*|~=@tv*DsIj4+p-Fw1@S!arwL?%XTM8xHH> z#W2y8LL3LjMFnlkKGeR_&Z;d+h-#C-aE{&Z&vNF2KcZGd^2Wt%HcOg+geUKF>A z|I`t!%(^J`+g8p-Mu7`gn>g2UqMDGB5EQTuid9E%)D)rgDP`vGiDX!Eds$`cWE+Y$ zVZ$ke5Av(nX`KlQlQKgK6%k}s9Cf#XJW0mD-l=np+N6>oDtMZIIDyv!;U*7KbV4-_ zT@pu1ojLT-p5yR%qH?QrsA4C8*R&c;(j^rmI=;vx3N6M^8q6(;!Mv;m%w8+a?bs@= zF%?P2!^$Px+uPHle6rdznL^E{>`B{Oj0*rzpIf=RqlQFaVk8>od+?X?1vanlMB{3QzcQK!%&22Ls@J|w6KLDl z#jKL->sK2RjqkQm)H+a#oIWX`%vAT&$@(aEtWn)u6ttvVXyMe?5%b>dwS0cL2j=7% z=1DYl&oI}vonh*oG#ZYf&B$^-K5M|)M6e^)LiZk!L1C_f6fEnatrzm20C6oxJz?0EzPGqy2)&aU*o1-6GkrX?cEpF zveg0yghxXBEsP`~KHq9<;Qlrmbjz@laQ}q|0506O5Zqt)=;pv3F9Ky{m|yW2RaS

wJ<;xIH^Wb z#Rx`~Jh%*P3{^bn0lVbAArE+6G;JU>9r5TUsp23v?Mf97cBTrcUf{SflP|!Ah;Uw* z5cmv&L@mk~*R}+ds}%QboHzkmI-$-V&{GdD?)V1TRYo=pMXO{OnQb6iCFh}ZM3;LX z=dSSr|1q=y!s#n*3ZeLPJO#Row~-dF!ehmM)>*vxFG#_;Fd9chTO^IYm%tZ0>oT-4 zXn!AGcuKzac);tTsh807^B&zKntqm>cBS$B1Be|9MhcU3dGF+uIfU2oh-_mMxDiR- z!iirb5$`)XvI*KHna7Ygbr>}js)g)6SiR^c)v1PQl-|{Y-PQ5z?i0IqY`Mdt`WKzf zFPg>pJTFH6oaPElDLiFyfY7+|DoC`|pxj&)q9QczQk;8aZbNfr4Z^<^&NVL_+Q0XC z0sb!_c;=d`c-YkDx%|q*^|=fwdB2NKVv*>};0qm}+VZ{P*YRHaY^-!2gqW(%ZoSOa z`m02CjtQdazJpLP5A?qCcZ`a7=904auX*ln)8;ZPBV0#TN?>y}hXmn54*0uNsBCkq z3LB!D;s}$;o(!w$LRcTCQYC%xy!7Sklche4Mkq|v4|asfN}UpKYnyfsh*-vWZg&~w zHe!^|M!;bMK+EMYO8gfVMV=sVHd3CfyV}STv@s-nGhTSglK@SVX;PaAP1k#LlW4kz zn|75anNHlzIn1+x5-W=!NFF#XpEBsbi_u^FJ&=;JxU{fxtmr6y4IMj)jV2jTw`uYFfdBMM4T&~aYKWza=V@1Jq=+5vi~yq* zVuu~#zp!wrfnq8Y4HqdkeiD#@u3GtAO13}Zxw}nIi)7o?rVmN9t!=*fX-M-1nUa_s$HWR|34Ou@ zf0*|Fh1Ivjl;(l$YdRua;zVtauOw~8ygP!W*^=R6vE-p1yA3uG< zQ166-B;t2zcYEuj?d>BGOy4RWob4_C3k%l+E+EYcjQ3p|MRl)Aub)zC1;F@M4s zi6D$t$X$eOCWPJZ(M=-kFgNY054;%q09RuG_WL9Ahd!4Elq$;Qw z5)K|wU*NKE94v&0i7|vgRLZzcg~Cke{wfYmWFRWzJ-W+==lAwP??H~{D81|LeE|w< z+jHZ|Alw4c6_yf0EpTg?h>SR-3Vx4Zgj(=?_cs!kwLWp|sipsj4E>DEfeVzSE4*Su&_l6{I8$1caC z-w56@Vba>RReTp=-AV)3t6&?e1XANS16O)(A?f)juW0<@JJK`$3(j^E-!vsI3lm<$ z&P`SAF#EEwcSSfQV{3;gcfG0|WXN|_sk)F{ zwYsRF2d7JWL8Z2sl0zJj(KY7%#(r@zf-BxdP@5k2rB+hDiRJI6x5-G7KPTpL zqTz3EizIo;2t>U-r^ro-gV-~&Ru7G9vZ>_#{yz3A-TS=_>%dKVc!xZ$5@IOm5l&ds;#Xt zD!1WPH>Qvq;(A70y!dpN_byuAn?1Tose2SBE_Vg0Qh-6YoE z%uT!U*B9+$8=HZ191=DrZRbU2?qRYGCX5(rB$1kcI z+LFkRnxgcf9&wTqCR;R#t&-+Z9ZjFFnwirMlUegm@S3~Fl=)Tu`b{1wUgS#YOdsXr z%7do~lX{yM;KlQXa_h()tpN|{C-iSW?z=?*tax52hS*Mh+@#YmY!8clw-hpbI1&QV{7GGa2E$fHI6 zG;~u*I=HyEQ7$~%P6R8( zIMM*VGkp??=Pn2BH(a@*)E1G9t?XdzbS`QLszGBhQdM0`H z{e%RYXMY9{lJo3g!pu99VkQC4#y6FwM{zXj+*Fw!mywF{0g*-X{Rn$$tm#o%aw1HR zH%6HrQ@lCKx|EjDQ8spsjxrcS6tOg>W16q5u+eUAWUF0Qb7Lyf+=!CP)3lu<2F0n) ztW1vyduiVKI+0Zu=_bvPe<}%1=j0t4YBNLr%mC^`EBhkiSv!9w}K@CYrBKHC|?q_Sml>YKJwKHaCOm*;Oimd6!+ zBgEipsg}ry`JXIL7G}hp?-;fbQ;x9|M$B8T)5=4u5pz9Wbz>>1Fx-Tu$qp9})A9x$ z-K4^BJvZ&DFnAa-`!SL-E=4BV-Gc_6aPRd1z$NP!5!`oqbV~+zHzQ_ffQ~R?PWVHd z^_aQ~@goHB36E|L#GUt4+M489{2Gr@r4duI)M6PiVR%xf)7jBHRn&|$WWEg(l(cqn zOM9c3za5P{>Fq5Z0K3@#5yJkPJi1Bjzn+_R<+D$U^E$FHdcKa zT84oU`jns@)q??crbOo0&-T8OW>~q=m-SOfAnQw&ktopltl-N_bI+{eB%5iBL-$DU;HPJn( z5}$l=EYGE&FUX4IbtjTbc5FGJi;jF`Ztdt39K?s)uBY|3=rtiqS|4k!DGL86nW07$+7aXhb9N-!))B_qsMYO^(z zvfI=%QJ7W|Lzf)X?Nm@5)y%6`vXzpFT@@qMLai=5t>>s0X2xS-Tya()rd5lCleS%X zt@)!PKtAZ1Qi_Gbm8+E3*Jbihc~(>n2+LV6E{S}jGL;(5RWsv=2d+|xa5;y1YwW)v z>P0p)uNW+}%7}u6<)x={3E}1a}?ww*_#a9zK3F7!>l3I$wLGR)@Cbx;$_KY(*hF!o&&SR16Di_M@q=ey588BO(Y7+Uq#3a%n z68Vw`iAXi$3u2|d)?S`z6h)d<5^(eU{s;CA$itGFwDU|)`L7aBd77sDmy14S9Y-Bd zAhnuw%Tqn=?6esa%3DerP9_DCS@c>Mg-8tz2j7#e; zCLH8Fx=C91T)3VS@}|QRqXKX{nWXp=2Jls~odlPHl3q`5S6J8k#VEouJ*4ho0o zgT!jGWXNmrsQ4IU^8x6??$N_eFrgkUN**Va{1|$7>*k=ui~YCrsPi&XTwq)0H2*pe zH7k4^pXqjdaAAIeVE%|d%pVkhblVM+O!~`-C;g)|=`Sw&q`mp~ukdLP{{3qYz$E{E z+XEPP;a);G_@+lUNvxg=7tg;dpQ{0n;NR8sHX;9BOnqGbU5-cd;@>9;CFi2IC;tkR zoNoTT_$UgsqI|@lC?8){EZp{7b8#O)NXEr4CCE4VL%xxlcHM>BrYMQN?YW-%{=`#% z8BKlfqEEdyaxdN#oH#MV%P}ge`B&uzy}{X`n=zsQSxj-8cE$q(lIb5|s4?Don*y`z z(^J&puoZ^pWu2yt&KI`;WJanbok~0_xbo-av~CYE1o3;Uls}#%cU~%`7=-?*3F{3W zu(%U^1x@fLl1?xl1=2yffZhD^JtF#6TyctWHdWk1qacocsd4bZ#5i~*;ot-QICvj7 zjgSi+!$|7wdX1?1d+e4E7%$*th+`y#tZj|B66s z4?U)-1ey*2tEj<>ru{N*D_3WLi>TXE#p}<*&TozZ%kXqwYQ&Ebdd@-bxNo=7ef$C} zTyU)2i*Ri^Q^Jrtz&Q>|YDB!zA|nkjlBp7}A?R=OhkgS$jSv|w*Iz$~a#>0R+7xWK ze`EiiJ^FzHrAsRfR)1o!ew@I%d(pvqptCUJOXf$jdeug`ycqP2O~J$Qk^<>KFvKsK zMsmUfSyI@&h!NB(?C5E$u)7W*bc9eX=hdB>7(rK^$K;j)gJy)N*)66he#JaycoZ=| z+%dxCQJ@()b9vH9#dCx!l3q{C_`OA6#;c9B7)NvA_}l*Apwu2WxCI_tO;bQggb`{7 z(2&#!btm<4jZjI<)fEaKHIe2yr6CR=(R?JB-e?g=zy4^^)613DJA!Qo?~&B ztK>S8ZiOgKmE zw4&LuWgJ_m(qtVwqeht&)-DCurOMvGh%*-gG_MMxsYU>$3zl8gLRu+Fb5=&0Y!WEy zQ#Jlf9-1j(_KP$PtAv@HmRmWS9@cQrv6@6w0Th=u-fCzgzFS-zj?JgXegT3H(QE~j zI6+n&qNZl@NLddu0S=aZ_E{3ws!o+e{X`V_sOJ#{6$WjGXO8=$H&OPuO+C1}g|o&A zWfXhFy^?g11r62{e{$nd<4#8EZdkh5RR_s&<+*gv5ljau_iFZhl`vW%pFf9KyPU|q zZ3kq$TA5@RBOxI)$w06?#r2g%5-{~0xt_R0Y1 zp8X9}8bHV)5tpd4bIYjC1-^xy+91@dZ<5ky?H9E?$|gNW7T z1knBVn4qbxD6m-$;(4a;ZgCT9>7#b+=|NE>d;9;mQ>dDLq& z=8ARRmJ*Hh<+Q(=Av#P;sKKM1rWN(tjCs{Ore)Xk6?2N$Y+Z%;9i$L{mc>WBq=`|8 z&G(wi3b`#t|6X)hXL@{#KxR;BlMYrg#`A}27 zcT;K1xq^=A@^c61t4>wg9!gK?nlW?pAytPQnIdh$k%1_5p{UQVu|DJ8>#^*znngdF zy3_xKw(Oe2BhWp2+veD7)JdwLC1%`Sgu>Lx73D63=1AM`avIkV>w`S&;*&tAjyAt6 z;ve2zsH<@?N)VzVK+g3kVFEbw5A8huB4}!4jop%rd~qQ!?yS2sy?g zr9#Bs<@|O`SDNcvOH91eW0hrziMKJ(@gm8UWFMfVne*r-!$RK3O}jcGJW5P_0wYO? zqwD1UIvRBIsz|th#RC8r?q4RjKkCuVfjge)rN#7h9;3?S07+nrl^lR-Xt;(E*AR9w{w04Fv!| zCc`PzK^<*W3z2mDLPD5GYrMd2Y!+}2T6mJ|ogNr)5%(cN+-{FIm-CXkF|#gyX-%EkPL3G)x(L!KlnFdzSgg_G<>y}eVFQXxCrkzn6U z=n@3mW11RreGA@ulIt5ipm&k>5klJQJi1A8eJwXV&E)zahIl^Y`U&(*O0K_2eOz*- z2_z#|G39t-axwo=!u&7eL!RU+FdzSgg_A4lUzI8om5#*v9YU5M*43(^A=SUZTTfE` ze?1^~5%w`c*ta~oNmBg=H|DBx4XU<#_US*ZWs#y&uGfJQ+l+cl;L?&LGe2wQW-%jY?@cL^gD8s)9--kxKgO z34elTuC>f*t$oe%z7ZWf+2|)c@Z+NO6NJ_u_vj|s=+)e`D;s$nGq+-%UqYC1Qiplx;Jj&ehE-6eCp`PZ@Sl<*!8DD$6FX+mrA$?PURiK(}wN zYSnI|XCrr48~xgT){FvO6H*uAh=fXSdW?6Aq({V*s89n=Z znZWvjF!{sc|Ez#TFZ8Ngx-YcL_@5@mSBnmFzg=19*mdWga}F(pVv9gvdXorkLQqo) z%E%@JN}Z%aWw<97P8YsWm+pDO6*;Ps*?6H0^+k^&OPawwGoB7;{Py=5a^8&N78C@6 zRtwXh7#(aSmUnNS>ZftRR9Qt4gjgzZP!i(QP$&)lG=xXt-%y%xC8F*xscNrX%Pwe4 zskych9VZXvRKSx>`ih9o;t9Cs8*8vmGBC`=lP1tB5)0aCS^-^EZj@J1zzb`b?=-(L2ep^p4GUr~?o}5FuOi zo!nBK@TQXua3{GghG+}?;85nIDw~+Yr7L{JT%l4{=O)SK5g(c^WP(gE)IU5j-Y6lW zw>n+O%H?##WpNvDB$erB0epJtcO+i=-=d}8f^OZkNf~mX_8+GfpuH0{KXP}7t8Izf zz=_xu5Tc5!h|6pR!uAk^r!o}1ON$v*INQi@yd4TBX#F|LH@Lf!n+-O^ROyECsTSBZ ze>Rd0iuD+x9>lfs#)rKM?JR;bC48TebJweXZ{pSeLJQ-6^a>L`aqPww=bZE6o&bN= zWl9t4b_eVFhqvz7xo(qqcCwJ8XW`_w>}2_&iF*f*@2}mz`Hszpciz42$keWbd-gn9 zyuCVs>-tXJGkIUF{^*42iBN9t$@+0hs{pqZXX@*Ep6E&U$gg5EK)WqFx8JdI>$V-+ zcghbJGIjZQ`;N`K%;Q>(M$OmjQ?=cFeK+Mjv!P=9|dYLsksnm#d@GArYJ_oq%x&g{wz=1OCS8Z+BQwmdL2GqAm!89!7%P(2u4zu`It}v6HD&*2zBH-nY>rnm|mrYW*K*uKInaM(FHogs;5Z6Ua zss(WZQEJZXrl&@Q?cJqb^FDi9Etevuvr(yD)8FgF`%$p}DAXwERGqOy&29N$kE8yL z2HS4m9tBAdJmSt?cR4vmQ(T%Uw4vD0BF)GAlK*<52N#F3N$#w$lw5jNSb{~?ofVd6 zh2>dcDP_1NEVZioU>8+2e^dVE;%A|azNYv&{C{(KJv>#PD}EmTeuCq*KZ1YhGsvOe zY0+cd18i?^o26)2o%MTrd)R#A;vXP z?y^P{$|eIvi)h;I0O=Yt&pi+4&T;PM!u4}xZg~2y2JF$#fSGE3d#T4-x(l?-EKp}J z50OBeVW6v%HlHTKiBzM7kXu%c2mMELxS1?O_>LbgI*&)A@WmKmu`r@b1 z_JEyDFyArkOCsbLOOcWA7etc6jo+G)@GXxulLGh88F5K664ui4e$AtsblCq1H|^@M z_sB>%=T;4IbVkB?Xwc2)DdGNs2LLWvUrKO)&!by1xVv3?85p1=F1=jm5Ah9Xnrv&m zj3B<&qniV9ypWdx0)OOzN11~mS!%IzFjn>U!ZI8g7&By0y$o%P0yE-|T3y;ROuDl(py+T92eCf;A_Q2%_V8MjtGUBV%X;s3UdlQlZL`P zNqs03<}JVVpXcx&CMxPF#$z9X}ZgD1ue@YKG}_Dk}b;_ zyW-0`SP=v zd^}0Ht8q20#y9ZEZnU0kHO?qMU$ef2pD)CNA;=bZ$m zY7lW09x1~_X?wEVq5Z+_j&uO4x<~K-Of03OVX_1k1Hd$d#bsM+sE7VWZ4-Sn#;~y=)lqT zZKqVMU%`bT44qU8Jw$z6DMT}zuM`r9i)RFvf^H-V+QCSP$6qoEI-^qPWdO&KLJh)l zVkxwaP*Y8cnt0?dTnb&*+uIV)6)BK@hCmh?#>Fk|4XytyA<9qN_$d!OxRiAhq3`V; z-6Unbm78{xO~+n{bdCFlj~ot;j1^HpCE)CcTv*E@)|rwq;7U5AN_>fUw{*~-K@dDb z50xCV`&Yv$BmzRFQDl99I=GN-NI$KrwhDP%_KeeSLK=;Ox0l6vRfy-W(q+UdZNsV}Q=1C2n5QUIixdzkeN#KqTQ+Hb zxLfSE-SYWwZL|I%L8M`UPcjS4N9p_=dL|Y3U!p#)xTgu&;{MKHK})L*zyh#%Y2-5O z&BU;uz;wFlAc+{ZdC}vIayB1kPo@fR_&zRn@WZmy97(7Z`7$bmAL>~CJ3pPD$)C#4 z<{xXWPpA9vzrrMH^3?kJE2G&$HCqZ%rZG2)OE3|)oH~`RO;60_M-g9`DgG0n;ho^Z z{Q5jyj_@5?fW$k&ErgkGC&f%W?iaojz=2q=Hfr_J$xO9_T6)Pwy$hUgwKe2_DH?e0 z02iTYH_C7c>Q+MA`5xUQL9OPd-FATHFiWjH)hbGt%Mb#U^CBV+4iP@AI0PgugeByz z%J3r?#8nPvfPd32qLSQB&)AwL(;nD%QMjH^c-x|*@J#aL5Fw$F-*`arWIrAx=gAF( znY)u>W(jx_BuR-k$fAfoDwYXcp_!d;wKY6BMF{fK%1R#ay9Bk7&{pv1CV6t4n|9^N z#|Cht!JgxaA6X6S?M1F?Wrjs_W?bfrkMeBqL(P*H9V>K`6r`@GkOC23@r!Am>#+Be+&nCc~H{?t64SMNQZGwwBbPc4uMko#abfOdKl802Jv629B zO*H5IC(&FNu`Pou|6Nj}3B&Gd3$FYC1y_ox?ScLb-9-vKdB`mxy_3$Utr?lY2FtuQ zY^gd2(Sh_Nl?=X7*OEZMCB(1{-4=<)C|aRKFhyqDdB+?2Tg!87)cVsiY}R`5dV0Gr zo+~!DkZe#3*%}%9J+?SZQB{U)VG38k*wy{*Mcw3N-EL~XNN7`V)V)A#6EEA4eH-K^ zi!_KFDl_HotGCxF4Pl6a3r>W=Ojs(VPL^q?nQ#ndh+3sl&7vN8Z`!=-6V>^xDl&M@ zOha*1Uwzgh!R-52Gu^ma#f@EYq~yx=vA8r}2|TD%Y8Nyi)-LS(1jH4pR|r^4hj)AS1k0;UQw z<)7+yh`KY?aJnMzv%->vWW3b7HL28M-FRru`9~2OJ$j{FDxl)c2K+5<$wEF)1qDII zq1V?oLWQqZ8WZ9Qv~g2(L7UU{nt-QXj zHW-wo;G!^X<8LBfEs!>%nnF!c6dC4FQ=n5nGLEYQUZ=^cd@rg@P|g7g2#a#1F6V+T z6ShumattN9tfttzD7}z&D=WE>q$&|58nb@}L@91i zVR>sQ!t7_6w6`s;*QK|pr}Gr`TAob2md|eyU(T{TY)&nVj2dePT;<4C5h~;3w6Sao zgsvcq%MjLWiG*@f7P>WFPwO`{VrCN~<^?T?apd|tA=ig-jio52C3SkLM@zSj(l$); zEMr%T5}ZmjtgsSwM0Eu_)N`43E67s1Hf^F;=ZQV$&==%zy#bhjzLbS4CB*p-S^(7( z;@R;5P&i4&NK<*ZCSl!7iws~1jXfebbDC;YscLm{R+Qo^Dr*qKLjOZ52J;{6dGvL4 z{i@LkX-6_dz$}<4W1B;3XhArrm*E2~v8I@t#8{%{5!4~;LnwQO-LldEg3*;O`XtH< ztF;PM?1QG15wx|z6)}JC>{~B=Hp?ynZ07v(TIMD9lvG|?QdLK;;?nVlf&a}OvP7QW z2vu$8H-Wz-=eIp1i(buRxkUY2BVe;<3&X<5@T`GHZ#?h!AQtybxz{XqJdMO@S6%I- zH#jyYxlx-fNikTrW*W}Vc)%&`rJqJqvfgWT@X$T2_R?b~T^?d!6;vY1N(?WHr&6lf6pEqchptzF7bjbTJ%}a94c56ZPHmC$Qr))$O8xWIo@H* z>?BxB6gvjDW@KC(2;KRRBERM{7y`Yhf1Y?z55z6%Q`WYwPZiQ4OGg3ntplGfrtK=_ zE~@E30&fvYO=oaN-82qrQ`O3}I3viRoTV}C$>*VrP?jT#h=5Kwj-dwI_cLzZdIA3~ z@d6%-TfiJGpuIejWw7DkEJd3USc#4?(mx}aOY$-8MYO(jwj%6jg8PmR2l)_Hm*6+d zR8gV{a$Pgf(tJ##>OT^r>PQ@_UWL6?8W4mbdXs}VLG{w&4cicG=Hf7%so~ICqmt>0 zK&xS?pf);S&205z)3gq>uw%5Wf=1@kWjY$&t8Yu{%e>!3w^1USHvmPm;QJKu^=zt6 z@rJ2TyUHyuy=qD120Jvj44jtjF8ek!pU~^Ns-l;+A7GUF8TCqI=0*?9NR{&jG<8+Z z2U=Cm=A0#T2T48>w{aC_L2&J}+$5`e6H1w3S=Azi4TcCZTsAoRiIl+hEfpeE=$_Qs zn9Sg+HwF^pa(Q}APA^5D$5OaT%~2v!wJiU)y>EeX9$ zS#rWcfCa*4Ll(#qHtgoHgiSbyJ#Zj|-S6JNs#K-cNYz4<7}7q+cdASEy8pfZ_uv2i z_ujwXsCl(T6qasl^jaYgE4=cM2%CqEAc9US7Eq)p$$(`E`$w0BA!9^Nh~bpi$p9RN zr>utwPm#|toBPEFZtl#m=6;ujKhxY`69EYX+;sbOf5_-%@jsHuX*8#c{fy`{0(y-; zV-+K$h6Mm)s}-Zu7=kk8@k8^yrob*8SYR))3(NxIcWiM8iCd^UyKpVQt^W$0Hlu(B z##ikJYevM8V12ViUIt3r&Y3(b4tUn#S;D1ucwXy==k(WgkAUU=`##VSA=7rv6PA{NtGS^smSBy81)# zA+)Q&@-4N1rFblu8Y^)1d?k-)S+2Iv?gwGg!SRmh2;9)B(W1U$dIiMte&3qEVcPUD zjiN`W>CQ%^zIRDps$*jt#E@AYKzN3BDA!z4xr#x?@ZJx+q-PKrCaKwiQ?6*$@QYA% z2=G*2_^>>Qm>Kl7!pou-HrT_DJ$A%Ei7*7balNpCZAPxJ0gJxOdnk98m`g+1|5?c0 z1dzG|0I?et5`m@xCjCamwAhb>Fr(s7hkv5Cn~nL{h{o)%ntZg@#)@I(%5{_TeQj-91%IrkIPiL0X$u$ItQ8na z7AJhR8@!L0SS59x9-Qk$vwI9Nlsi$`Kp+;6Lr_v%><(gXXm3nCDhAG$r`l(k(s|1W z=}=(1z29nm&2Lrp^jB{`a)h+~RK6Wnb3wVVTnGmeJ0Wkh5Nd?V&02OYbS_ky4#wkw zbTXN(B~#nkyp~MM3)^ZgwO!75l3R&DIF*Xy|3EFADA(q4S|F1udskP3>QXA1OyU1V zHV}*DN(=3HX`!$*7xv`S7wKK9yg1vCQc+b2YMZ&jjFzj!YRY1%Df?qMmuzNJ)1FJd znqQd<&rIPXwfrJ(EH3z>^CjQNSFca{qmHs#92RyM7w zx%6x!yE?romu33!M-^Wa&#awC<7oMGq_C_t>DZHBrG`q*hv>aNtwisQm$K1FQb{Ju zS~3^V&Lxw|Rvhon1+&FidUhqDWwQ}2n@N?lRjCwiC6cO?ONK+zLNklT&Z4nP$v~jB z5)Uu0tP-EmwnE>jU2H~*2_L;HPXekWcXA7n9mTiOlmi<(iofc~XyI(GqD)78+vnt9 zcrjJVR^!EzPg>Y&uO!sjh{qd?Y9-=nn!Ytz+MZw0)L_!LU5abb<<)fctmN5fFQ>DS zL@~A;iK}yxUs;TMH`>ukEtd0#y@_}r8iioeX%D{5t0}=iDU*(=qJ3tzAiP>OfHqET zPfMxkO4>iG%9R-2N9`Bbf(&XIU%(@!W?E@~Y+4Q`NGbf;REWN-m$+MZ1cPkf6wD2vJC6Z$~3S~;R6n>{tgA%pzJ++)~dRGzoR-_6b16TL@lDh=u|$Nvr>=j;a;)UpPI{9m z35uOc*OE#9Yy{uZ$d;o4IWW7L)JpB7rb?^H@S`i`=@>djGf`5jt6nXc)SwH&SR#>{ zo{f~IXGw+`f7nOwNz8fL(Rha5b(a2C($U7sPSl^B^KPZ)qyBs`R!C@COYxU>a*MUC zOi7VqWp#Nu4%yC!XIB>%cH+qeUy5|4Qld6X#TTM;sfBDB?_5rJro;K7T3?+HO)I7C z)#$?6?d64VUGXTFQ}ZETUJF3)ld(v`;|W!~%K9q4&9_~nPMG#hqr6 z!9Xh%H07{Ca>zjD`Ld8H^X8jrK`)BRBK4ICrai4G z_#UM_y#@VgMOJ4u1?QD?cvB88w6duPa3)!j(sD})Ydb_86=mSBGF$tJy|IHuPWZz6fDJRz<*An=u zh)3a)p+Akfhk#1iZlQj?BgYTk&VLI(k zwk2-YD`Im^nVZ?lK~FP&#&=wGGjz278>oG=Y3-6UH!Cag&{m|FDXb?6=gfZN$tP#3 zz+{8J9=7^`FTrFxmx4~F0v?Qgnv{yEGW6Jxs~9)K%KFMwqT=^XFDi0rQ_Wm-7h+hH z%w8-nov&5aiz|!1iPaLgXOs9M#fUdLpFvyOY!Yu|UiL(( zFYLET(Eq6KdbMm2_h3BBrhr9h!i9bI2e2SCaxCONS5a6O(f{kv1;#)+hH*vr2Ud8z zylMtsQLbd@Ju6Fb-I%Ow(BEF!w>=;6E2X9MYzF_Hiw481snoPTACIE6%xod%tp%lp zv(wSC8i|wwp_Ot(Ge* z>vAyA<~GCcvM&nE#u!M){v`fRVqC;H$m7c>+~3;3SUGfT0H$DkK)=FRh%skdNinXd zN;+1hG1xSeHNw+aHRp@%r2SDZjA)G8F^!CM$apgcY|r`7{upm9&)Lkt8<+88tR;J` zf^i_7)L*nX$Rk9zB8dk3_E5u zv6I-2(3o9H#toY_mW+5KaklYR%*lo}8;`~p+9Az5v(DcqurUogO)j&|oda)TLSnJg zfu~;CztV)=QN%dYw%Uc+bYgReOgH7lWC1p2k!?pEi^cmIq^nv!QLAPORt)vdOszfI zoOZ|0%}eTKf4r5F)_mtn+QNm{Fr}Q9U5uo*RWzzM zJ0C8s_+rWILTpvqS=ma^HAyWQNd?qcAe)JMp)7&gq7qQjtHBj-s=||*iOj;rK|C>H z&Uw{bIaU6ZICgY{;Y^;=Big~h;m@ipQC8pDv@wc>i!F@;6=g?V&hA8GiG_wQ6-ZWPUt&ioB@Fa)XswL0 zOtKiQlIHA+(J399Uh>DPnKWjhi{Z^|S;NekWNGcmLwZ)-->Mee2~Ts|voRmgD)UMx zo|Ct-(L}9%KH_UuRL_N?Ht$|2&TK|@Qjxjz^4wf&D^&4hx z3L+q(tuLn1lEH?UN-mL9t8$KsJyKZ&Lk%isVN1;}{zovThf7_xx0c)OHi_?N9~qXq&8Wik;Q43aoS1F2uJ>o3`2hYvZy(tOVOGn zVAgwV7~yKpE;bwU&m1(S9=QCcBxGAE^UL=IF27n2T(%`Sp%jy-5keJkIbXM)mozu0 zAoS8~D4-T`U?Rv5DkpMEdKsM*W7aDzHRZY}5*c{cczTpkk)?rxlTEjV)IY_l_6>9e zOF~tX^3u$ND#{JAMv;q1X+%j<)iN_uT2CleET7?$?4>)9NYJdxRjuJVouAs6Ld8St z#btU8(&BJcP1@jyXavt8$%_NGD=yzz7ixXfx%v;%X(+eD+Hv`IN=2l4G?G?OxGl?7 z^l#*ZP_QwQJGe5PVwSZ`A4=pYBN4OHeceH)vj+{nf)LE;fC%;-i5V^fGxTg0p+^?z zFz{mZh304fgM-i3vEsY?u;SmO_8)vQ!f}oycx5@(cQ#gwiSKqYR`0zKA>`BgKGYyE&C(KK zIaI?Y{RouvP-#R0%UDWdqK1%g&wLtP!Sz)Hb_RmjEH88luD<5p5@}&gPU^L%f8B$~ z{d<3EuWMZE64&Z!z4mMO+h_*Hnxq+|S8S*-@97t#;0V&gxj} z$E9|=>=*j6w)^Q`(X3v+myzc*UueiwniXgV*r9r^6D8uT`l2UT*{Zpj6+F!14)#VXV|NrrBeri$fHp=2Gd1!@iz!p| z^A1FBw+_10VGK3sPX+o2jaK#s=CnO3!@wryAlZo8eMX4}eIT*Q_+{Mn)_Ah>GErrc zDmlK(;I#gSA~(@P!!{KFCKsTkt6yRPd9W=*!VPh zvA!XZnCY2v%Q}$TF+3cyqE~ULw4b`VO=o_a;O!tF{May^`mYuX$mo`0`k^PKiph(i zKRt7*Ian84sAoz)2~8N}b)eKzBd?V&9pKoo=+6H4%EUB4B>8;guI zyzaJ+9svmsmKY_YOPT@JSH8g1lP4YMiEeDY6PMbJt=IM&Tj}b6?EQ86GES36xfG~^ zT1BP4b!?DHN%}~J%u8h|D~#NF7(c+eGTc+-qGGIL;L}T_OS(jP@L}H+Rflb%ws?J` zY7DOHE!4kK472Vy=87^onc#CORA_2Q9$hXB(9)1g-$pItJZ@og>(N$0F3~AU+2`l6 zbBwVS#aOzuL`!ZWP2QOOuJ=mwqc8!La~JOuBGus8@cZ2_2^Ez zC5HCtZE^B4u`dpGw^M3Bj^@imr99fCpjWM}j0)6T?Sn6YStqJpYsS7D=)9lueM)b#BTett?%l$i;qlZ>ebB8B(-vb!TqBnDZ2i=sDZ@6xNK?iWMZpEs z=x8a%q{J8om#C!85-(|49M0yN-@$J*Tk;zY1gx7r{|A@aO`l)sH+{OFkN3^ufU&|~ zZL9CV4hR&~VT%BFSeyZisDlq^q{{f0s0_b>PJ}}QHH2nH&0$n%h0#C;gkDCDj2ffO zEYH+onV-ktO%JJ5T^gDdb?*SQ3O^oCstfZ37zk6QzvSnSD0ikZeBXgG*az@mrEX;? zM&AJ54U#gTj1Tts0qoJXJs7DCd9omt{5l)Gx}9s;BwpVX-gSQJT+ajKIp_m>Kz56p z*BJ_!Wth&Lco zh!5@I(`aaW`!E^2kN4#wmz>4_W~=%`ZaeBiRJMhrG`IlkzOB;Cy}YnO567S|n+7;# zAadaoVsCQK`Vg~&0j?g?8}P&U>82Q`Sl@=PIoZ3?JBEqzzbw!?DcmI_DQnYly*6V` zL@q5Zqh8&pOEs8nt`b2gBnu;QqtK*Eo$&giR;S^uv4G^2fEO5xIVtVkRnpx!{7^f5 zy7ZmA5H3M)Lq|72+p^OgWKGZs%9B$8M3MDkSra8trRb6^SoJCg9rCn(|c zW0_)Qm$~#d zh7Mzqhy0@AKHk7YbUCaTU}rBF=QPM%=_%HI$Ao=BwmglEwmFC%lt>!|qpKr~$S9Ud zK2akm$XwiF9}|3|byl(*Yv~oZ_%ZZ`MiT|>`9t*ZTI}3~oxN!Ews>aPsS0k`se&)C zHwG1AH6}L3CdPvl`*o&bAIj^gCoi)-SAcftkq`{MfmsUeaEK8??B7DVB&-FYiI}7Ejh3$=BcPJU zT9FtTY+DnE4W~$_<$PW2*l4iH&MA{iC^{-l19Z{G^v>Y?j0dWXsiN z=%rtOD6glgy!3g-p@^QkU8?7w`}l#e_qPapfBy%=-roGW-_2GGAA`T{5(uReeUhd` z_ZJth!#@v1cqU~`JZ+&7x7EZ{7ZY_c)s>9rc8#BaD8^6w!$9^2LGWyLhv#Q zI0<23td_B701b?kLDb|33_Y^0&W$8a^_9(j$d%`L6%WTo7>0e)gHasXK@$sWgBt6- zmKhbL5y7^gWpN&CaSwlwz6wL*Bbh0962z9np2jc^#PkLmc5xCC-wodqR@5cLL6>t_ zTj2?!tB7oehEl-rj@9kc`HhD$P}#=&;$2V@p=XD(dTPna?8nbIa6kS4_2WBn zn?u*w$bQ`Yg6LjWpQ`J$ILB^~2V6)~Y{5MOw9~D2+9Hc}k``-v5wml>UCl$}`=IPV z!$Q4m-Pt^5?28Fyj$KC7iFg5<-TIR)AAn&JGNSUE(3LOZ*74ZEDxlfwk*{q+KtXpmwDb7$tfM9X%JRU1&zODXqZJ0yi(oz(vZq z$LH+V8$xFFg7j;^RT_Zw-F^lqcnD|PAXruOMtSHkM2FD>8O8)8}iJWkx7>e+Y$rTtNa0ZFFS7J?4!x(hM>z=1lEAY<3HNOt#t0 z-nDSx-u1iGyDm**8TtKiePI#Raa7?ai1D(m-(s$b$q^(&~TYreyFs1*}155uyB>nUxrT<-)zKD)4 z)F^ScH&Sy51NpUhJ2RHcK$IdZp%nu7QVZ+mhM9(R@c`P>9MLd!MQl0BL7P24tjLZq zys$bp0r?E0T`Z&+@XonUl+!QY`rcAY5lCl!Q|V>9%|6hhB2wXG<7-J?lK zYvmhzPwa_6xb9IvRjt+Bix$a=6YU-oK79o6;9YA+aR@n49{RZ>IEeMW5<(D;-TgapNuI(OICC&Wv zhVIGyb^)!18BMEUTy#VC1|^?sZQyygVyTK&2XF-?Z@27dOsCp2X2w4{wZT3f;2*XApG-8*UNrmn0h`5GR+~p-~XJdD|M+B56zpBQ#0CjW-(I zLiDm*z)u5xLAXDmH2Rfm>jhNZ*+Z3pr_&MMgY|iu=|Vj8Km`)Nxh`#)e?mh~Qul)5 zR5qZ8TA^HM?nQ3Dzk6#fU+duq@pB8E$-#NIMjfMjx7uvh8V{d2gVT*Eu{qyVwZ3s? zuX`6=$sd3#*P3~32Z7$U*S!hn-7oN*MU&oIUzhtHPiK0Mf1&YsTHGUzE#>P|g?w|J z-+}&rMs1cgyzE$0%Ape}O?B_mP2GE;mgP0GcbWjW)~Jz^>~?Q&v@!eNUZdSiHT(}1 zzMib#z3wdyIIx>*kG9aQ8)&FI`ET*(8YPD4O?xj49`dE->!Q1%mAMJY{oShJ6}RH+ zu*iw_7cj631**zqxAbt~4nm4XE7x~jp-lQqwhnj3>lu-tHt;ek=)rA#f|}1a@shi+ zSS^*-;B+r&Ym%Z6&hlrUq$iWeY1c>y6p*&ty)Iwb+=ExPdy_yDbYW;?p(1i{)|yg% zBM)?f;+(`sLA9EIS3CoO%#7Y@Kz&Hfsv&htRn^DUpHttWzNXc^!*(qVF9PbX&DHnR zK=-(;=H-&R04?5Av)x--73+zuF19&lXhNQ4qXE9%P(AhW{io57)wi_h)7N|NIF>Ic z*d$Y`uj8vv7mGAleU!*!z~_ATM(k?l#)O1_{8c*tjgugc-v@Hjb3mq_3v%*#AbBDm zBy!^UAQF-H6WM+t$k&Lx^nQ@f5{aD#`AffnfSHGuzr+5rblHyS!PbYFGk>?R{5%Cal6L~R_hlzxV1c{`G#EB?GBqEOzsSx>B zME(VlUnJ5Y@&+QWCGrj;ZzJ+PBJU;g5h5QZ@@XQUB=SWfe?sIhiTqC@-z4%4B1f(T z`3E{WK}W}lJd4OPh}=))`9#hV@e;X6;q7LhuUpC$4NB99a4 z5_vO`HxhZ0$UBMrHj#f%kI3hUe1^!EiF}F3*NFTTk#7_EzeKKw)QZ;-IZ5PJ zBKHxwhsc9OP7}F6WSR(DU2Idmk?gP65qTHZ--^FRqz`3WL_`b>~75P6cwJBj?adqDn}hZk3weGM=cUYY}tjZl$;|{BEht;>k zs@q|;?Xb#rSY11;svTC-4y$N~)w9E@*VYTb9 z%5_-XI;?6PRZL`wd$}+by%G`MN*|*R-;{3p$@ChF00NitIaN}%r2`- zhgD^l)nu1dq{Hg5%c`-H#EACibi|1Ew{*ma_V;weh;|bJ7bDtTbi{~u%0#p?bi{~8>-z%H_=pkhIDr`> zT7ixj(f%z#9V1%&7>*dxK1l$_h~_mB?ag$=i1s-;Vnll-O3W0${0xw<5Q*Onk|gpe zBA+I52jSh*Oyqkj9WnC#867e5eTjhZ{3(!i0z$^XcRm+KjDZXE17qN~2of0sU;6?a zF$R8zAdxZfBQL@cW8i%z22ycVfq_(OOJE=s`w|#PRg44%Qd+pcK*}!@7)U`EjDbb+ zYZPyw2Kx%N>4&Lt8fdFl_k`7`C4lUnkdgYrW*UqNafYTZ#&yD+vz{S?o6o`sF6XM6 zX(#i^r}dpQuRdmb;xXf`eA6Aa=VKOHZ_>2)uKs7~zhLr@$(2ljdo+u@86`zEVXk6U zf8(5f{s}UV{sho=>AJ?N_F|YVz;B6phi)g*i%+Y^Ft=_a9=U9sHfR3o4I(wdw!+=@ z&bPSuR}(9fn2;2}hD+GJE*f?ocAYXDhAtk0P6@vu>I05(r|DRGDW7aOtpx zT2@=BdxP!>xTbqOeJ7?bp=e;4X5=WbiYbnmA=1ntzZcoKhQfT#dS*oIfU8Xf*c$^ z6m~tFnK6nFQG!QC+JHC#L1Dc^8W{&(lh zesNOFKKm*$>!0!tXZBmpnf>OZn7#MvFzY@$irL#ejtz`Nxa>~pUYv(uyc?6z}e zTa#k;)ELY@vVUMT4JUo*aZgW;#N*dEXZP_*vHQHM$nFS`dbe|SpPUrC&mV)`3l5|^ zqSt=hIjbL?6ss>7gH;DMl>7XsUi&|sGyCO9G5f+Xn03-?!R#n@zw4acZ%>Nd`^R9{ znQTY&*{69OTTv%*=|rrk(^rjI|M0PP$~m(SPKwzFt{SsvhcmnAoY{p*G5ex1n03}` zM@|QF&e>g?6uS?O!LGAjJHkT#m(H1OPm0-x#$a}UgMy@lj3b^QoJ>X%k5LndHaJ&@pfiXyyb`U_P?C-_UDu0%`++9O2c{k zzH{FGep0-7C&gQ1IB$3R9NRZ{;nIoNH@-1=duTtFG!%DnYebjxIcM+8q}ZFD5POAc zZF7Wmy5yX_(4^QqKL&eet|UG8raW9f*PU}HPm03}V{mwGKZn)?()_lp4rlb0&KZ6A zq!^tUgV7i5XS68Q%fp%bW#`Pjep1XmJO*=9`_+vy+HfiUwR1NAVp43rcnmfNO$kYg zZjs#KrW6s5<{!@PwSLEA|Nom5yFWe#y92P5mDauKa})NsJtL<2&vwq}GjZuejGUhs zgV6!lN^bSxQatCJIsc@X`^hnw8#J+Jr7gEK+H#;#b5oeoaAq$%XErh^W-pGx?A!n# zVrDG`G2EiUtDDXb=ep>e>y1fqJv#>1)BCwb3b!?dd^n#!@0`z{nG~OMWAN$Q&!>{7 zO32tC1BoodnS6_LCf_tECg;asa)8Y)loui$&fy1~bNK#AakwxBhXdfYjO51Q%>9vb z=KgR}%mpUHTurGc!K;cCld342x)-ISk5+E# F{{t}zl0E)S?G?9@JFEb)4wu&V; zx>b}x!EhxRK?Max8Ab#FR}?>7W*i-7baWhbTm~5RW5xwhVdi7z@Ber1`tFPOUcAW6 zs;*|r&!#)$-R&&*oO91T=iF~P`tIY0UUrE7uX1NGpGao6nxgS|HW#;wyOk61T&$e2 zvZdX3?Vf+@?hCu;Dklrk&0?-xh*`UpLue68B-8PNmEC;~A74rBOUZPxNepm2mdhCZ z6Gtnr62B!IR-SEYYI<%Z((w6jdN2O@!Owrw`*st@pW98GtQ?uQwrJKGt^dU?t*UY? zAH@<%yNOp6SEH4NXsJ|4u9iyxftGwY882damE*B=v{=NC`0u0HXommSiFi4$|5%O2 zt`)2`*5>3^CVjD(j}oXS@&&7C6*jEha^-j_x=uZI6Ag(oiNlqX5rroFbxdOCEPgFE z6R^3g_*W!uttGR`QZkn2*o#B0lm#}h4yClluq=f{s>fD2`p0V*$F zE$l|+Fw~{d*5z>GiNs+*{S@abKz5lRizTeswQw?)%RV1UW}@pBU~Fn?#{aXwip_($ zNGw^1rLD+%!LqUu)*%xuTx%+BtP>(GZYJZU#Kllsr^3cj*4K`YH|}?Aj!I9Q9ge1f zum%kcIF7ArxAO9~&fUu4av`}}X$%e-4HnJDlkq6$>dMO+cN1?e5>_WcfKh?j1~)<^ zmR+g9nAe>O<*Z(LO*#~;cqDC=N>(AfN`kIRH6DU#PFNZLN=LQ4?`Li!S3N?30vFBry+H~ z`t#*dDH&Q%Cqs}vnS3&YjZw0)5D=kcHgvsg6-&{Ols?fNhz%=L%w=<-coYrLGHw-$ z)GK3!vbik&p{<$#bmL}F;^kZ1#7pJwYRKKC#c5aM72J?#L278^^`+CHQo;&Z zThUBDZ50{vqL8<7LS8A6ENaw|#0^1-gfdn%TMCtOp;d;lu*8_vAQ<^{W$IuD-c^YD z-e8D=vUTOMyKRU%SvgjU7S=7TxglZufwRc;=sl>*<`#aYn7Ud zc?&9w{}5iYz&v1PA#z_p*QS5DHQ^h$|PRb9w#L^ z_W>xI2PBBJ2`dd4)`H@XVgB)#L799|37I7UYCpmH*z8OsW0j&1p3!>YW?L;c#D{ zM#bjlW>a(>8)H4U(UipANJ8^A!+?vH)1~IMBm_z`WK9mg=L*{q{zE#wz8+ELXCzuK zC2|GWdsZ>h(v**{IS_R;y&jH6Z8%XsXz-tt>~UijB$4y5CvwcKBz8iiwW&?xDwqf{ zITr&su%Wg}xG1(;Yq-sZ9QFM%@tqcNa9fE6lh}Awo!Dq^YTX|;FhEUgw1-=Lu|Z=f z#jxLvLxV|dJW?Mv!jO{t!-k)jmAuj6j}2PH!C`|2lh}B5-PqXYPU#4+Q#$;23b1j2 zJB0?5*m$&VY;^9IH#%$Xl#Xzx-%bHG=)0D&`&7Z53LBxivC*|(Y&ey#l9Eb_c7(fX zV1vFN7&f%ReNCO%=-jW|zyLLQqqBzGpfL^%8#I{QDQ7*g@tk3v2@M67F_vdpOVBWNA9lT6T1{qUllG)8S>12_(MyO$31c2YL$k&_bWj# zfMdT@%hT=}5`@M$FbP6~$({0qCpO$A2>KoXKB_RH_JP_dz=(kp)k1LxTZ(~|eeD!J zoW#qMo_O)%l6}gL?kefw#wB*yp}yNNVoHvE*&wtaiH&o0W21e4Hb{3=I%^L1mRW53ww2!M@_8rY!k2ZoIfg^fl}Ym zh5+$K+Or#QItnhOHYnj@#EhPRZvhWiY2 zD*(2VjoRW*4eDUspt?>f!EE*fQ&4qq4`7;9#T`XqJ5N^#)u37?sPv}>b-z@#O)SA} z@dS6AQ+0gb;9j$~tKqz6!byK>I4{*rQWL>6qXe+k6F>?vz%I23ufS|;PFGAK0;E(f zAO^&^4g;&&<&^kSgE_KKF!j6=*fvjKqXaCI)#1L`Ax+bDNSE?z6YhkYt#UY?#NUwC z$vD4y32#QzxXo{l77*D}f*&40h7oxXR(EaTwE}`)Hgkn*4&YBRF&&N;)@+nEe$fU8|(Mr=j&4vXg zD#p^eBC!fYceu61!5PPjar$7xgZ@S1K=DN2P07W&-#R2FIz2JLohgDRX6j@K78RC- zqK9NJGG=INabt#)k{R+g92h@pGz`_n3f?P_pm%wK&gA{v==97+fb%fSxh%*H>omQ_ z_#ao^8*K!$8^Fhk$y|QJegf9NXi#gOd23B7VeIyVky$F7(Zg5zHF-UG%x0Mh_F}vn z-iS4~bTm5{`y^*50NxEKGyiV4~mHMEFg^^*RaHUM7_gzRnZEHiB@vZ()AKCUPjU zffi`RDVBmAl<;RW{^{z*l1&rq7z5IfEb12x#uE~Z8e_{9Kkd2V>ukj{gHz0A2#@rQ z)>aZw`r$-!JrPE{ak;<@1&YSQ`4|yZtI0G1VZ!-Bj$%f_N?3S_(pO5|fia^=y8@~H zq7k6NMymOf#e3~@i4t$m*zuP5DMu6*a~Cjbhv(+|<`?F|eRFezv-6|VQvtY}OX9eN z=-yZ^EQB$1ZMjHzwF*q>Hn+4nh4LBqrZ(31ZlMu4COOD+BLrWc#MbNW*fJut2GqU? zUug@I5DT~XIwB1@*3#i7#O~sFkixFT?sIhereViuUa^6$^Gf*M;0fOw7<{7xHVy2- znB+HNhDIz0bJD}SI6{|GHiF8(H3*&FATa*-m_|bKMo&oi8G%m&v!1nsC(V))N`&g62 zNuMW9HZ=G4&Cd_gUdI*>_fL!tPR)l2SAn-XbBS@V5l2Vy&9u$KtI;Ct%~(1K%O*_N zY;I|H?)yioyV*L}&{ngd#^0P|qZ(46u4PMvUh+g}ju1L-ZHM|a4s0m2Hmo!VT4=(- zynwC14)gg!aw8hsW`}iL?Zeet+HRKr5r%^#Y(wZ{w*L-qIBzWObhNhNjy{EKo$*Oy zYgu9I;8!S-*6)e5VM5w~wULZjp?=CEam833+mGQ(h0QZNIL`X9v$PDNCVRn#rBhi^C3H& zjuGYJMm!hCJOW7h=nv!4P791`Yrr&$IsNGEe}f*`jgmbAhQ zK$gu}byf9*Ze(JRQfc%oHq@{l&1~2jJv8E!Jsxn45<_F27NUxH zwIb5hcn&VqF!I~hqlGw923c;KwC_S`GBrZEHTEmFSVD;$vWZ1QG5ly27Bwy|nnI(c z5G+QVt&{2PP>fE~Ye-XJ-5VRp!ltW^7;MPK#tWgwM$&HUWK!}!<-GhaVS3UZuoBQ3 z^1fICnUQ3dMPg%PBdshN0`M5KoQ@VkRqL5Yrk)E9CKu-BB_c3_qgyCnUQH)sAy_U= zjD+VBrz_v?G7JutC8Yk{bX2P3zSIiXph(Pm4B9Z4UANJ{a+ee1k{w@RCxjj=#m4f^ z*(OFzpbZ$2rUmDnuDtw0NDsgllS<;FN}0REAhKM+Nkw?w`}rF&{VN(9HB-siPspG2 zhE#cF>)DqI`)zt=@WZcPV8oEL?tje ztd>d_b?Or0(>DVOEhSIbWM_FbHHMFpL4`z5P1}B}ykge6UQQM)Dl#D=W==bPRIB;z z0QeH(`!{J(hWI{()kN$wzn%nE!8UscGMb4`7x6=x#jN%Na*tPWB-|8A_H<>x!zk$f zYXIm>Tq7$zB>`p1>C|eO?*1d`B-FU9_>nlORq09k5?gX*MT;vcL`(qq zvAOA~&{bw!@K2L~4R{HB0#~VmaeVOP$5f-NpZWe{Hf2Pya0~`%LP8(!cCnGzBL5JNzhFy7FUwsKX7x2JXs2Fjg1}3%GCJpzL(JIe<)c zegvnS^%7Xpkm5oeODW3rFtrjE!e#>b({`qn_CW~A@lcmAiPKh`t5%aTCy#K-kiwlk zcqp`#JB5jgt9w;dceCDsG$l>MH04o-HUAX^)mE?F!~9(iGcG8R6k~Ig)gyNA0=FJ# z@cW}GC}S_a78b1^SD?BA#WImN+_v-I4Ci?gq|s6cE~pS$Kok+V9m*jVhmi)nNj#j} z#9>0>N(kM#T$)wSfz~aC#2HLaLL(F{i)><;(U4`lzJZ>jDKt-IA*?LLvd}D81Wn~4 z(#zQ->Tkeyh7af(Uyx{}VW1s};e56|ZbL9j)}ra6@D`&;N+QIGslNREfORXYp0mbm<;xR}r z!~)`sJu6ofDi`HxvoD_y&EYQJLi21qS9r1*>YEw85Gs~q3EG*ory6I{(e2QvJXcbK zMrK3x@kR!4Zc|oKR;$kE*mlIB_XMgJL7FFvcEj;rHx`iRp1Z5rLyx-_ zV4KH@a%WPs1g6$cS233!kFPUjp{=sb?hyRKc~36ul#L;E|E)c&=k;toduC@nxmdh$ zm_J*a+a*M=_TLtIo_7WSQg|H{(qGo3`}1|yW0s(zQEG|N?_kW5%1_#4Tc5sK4KdlA zh;G2xMg=Gef=d=NR3(ZP;$nn?u+3eQ@=a)ZDfu9?(>T;QzAE`Zmbq2PAlR&=gcch! zDovCaH@4xJBk4`jyp+sXZu00OK!-RHz0`nFO8O@PFp{aH?*Sux_#heKO@53(#wlH( zlXbUBp_1}!nw3w$_fUwYt2~kBap|*~Y&Ujlh2&qY8_D+q$-jJ%Nd65kB=;>* zc{R8O;vpFk!x$a~*$}n>dnO4pW&_tT2ngH`AI4ncMNWt!2a{zYStbLRo859H04ZP>33btSGD$GS85{MHZCXKKw&X(61jb z74!UY-OO_znCA};l6l_l#XNK&Ksywt!csVm^aBtaM7N3XEK2_6lj3ZLPzI}+q$wC^ z4I~Y1CXz(nQfO{udSPM!H4#H;_~Y>fqvD>R2%ifwJvjflk^b*A>2H-qD#HDJ-Gn;> z!u`!b67FaH2sbs&h)4M|K(WW!Kgn;g%u|v5xCC)sF6ID%dW1CRSO4?&2Num zG;_0}Jza>h5IUCQfXFClBGdyVUl4=`Keg%$$Izrrjp1uF#L|745tz%Rr7FX$bW&F- z86i3cS)p_AL&0jqftoeQfxY2LDw0NH7X;_sB+ny?A8(_QJR5;gsW!o*b#DTc98EoZ zfSaJQUQ0fTyJ~g}FkJoQjYJh_WjkS;#Bui(E5T0XNi}QSF|z>Ah#UWODE_&5t5B%# zsvGqvXqsv}NYsCu4fXQu#`OTV_pyhCWU?O)+1|z$Wh2HakoOG7tHVXZskT zM%?Vcfq+7nx!h1Uf7_uIq~fkb+-Nf{XhRn&Z++3%sZZ^bjBIe>oKzXWb|20$4v};w z90q)%FY3^wt`Ja1E9_T4EmAqc3hJlcOzl5bQL&G~vV&PD5#of9dK@5WnJ(z&X`VAF zf~|4_!a0|Q8Odu1pRU+_799F|d={uOn;ONqe&E(~N4Pj}_|TylQcPex#JLoe;Q|wg zxD6VE?B61}TSaAS_;2U>2ZTQsLL&_&RtiyZa1kJc0N_FniWqkscBON%p&<-E=|nCD z{w2?B0r_!ktj0zZBPYKwjf;aZg$j}HnVpd#iA(qvXRcZtis9#gSsr2~4{|Kn2_ZTO zL@lA@H+F>G2|UNn*`dKK-ey1-j0A_67zv(lexW`hx`r=NIgNM-vCj-z`aZ{kX;yPv z)K_|r`AUjSHfRR7yr99=f?ONU4WgB}OeH}IfcSWNiv5 zLx>@bPR5hDcp2u>xskca^LAiIwpR;`ct=!v4bwrSz&=70<#E+ zm_ywPd7&a3YP1$c`}-Tg1LV7k)0Hx8rCg{A6BK$D2jrNa7?$G%j(K;C1OOt<7*#Jf zliUJ(Ffu5tiA#beUcUXD;g+c+Zq~+<^6}ab^J)o9kzQ;v`YL&VhfFiSmE4rVjHYRvyU!@NHZ z1+)DO!y%Y$*~V-KtRD5kXf_1)7Vd(#h)wwYA zosL;0R!`a1q7nP@W3}~{VBmjd*Z>1RZDZiN4Jkb}jaQ%4LOJx**Y-z~&q}EkzyQkM zl2)7xC!7TlT{z)BS6C%KoaS28h6hcWCxdgvYtfWN0O0W#b%wbyrm$WgP3n|x$AzUV z;XBF8u+VaNBdst3sX;b!amFD{s*eQpm6vP)WymU<*@ z2)jCjSp%Nw-6ZXjl6f|EHV%9?j;#M&V_2<~#TzvliOsFK`bjd_uf@9?!L8R+p@tN7GdMTH&%`d}FfnkGurdE!q7g zu~y|9_+)_nXWj|owT9Hkg0sI{3WPT&r+yqGr#?)>SM3DKy)d#>j*ABb?cV4=?Bj7B z2;QLwVMz&z@*<4XC1ha*^9T@J(bIX_sPF0Z54-O zv?(-HrYf1l>!^B%97E=0#aLztDqR;Q;pZ$Pr6Y&&u-~*7HjZ!>JnxCKh;XKg8_GCt z4EiQk+%61$7ieN86=dR@ZY11VTK*oUbmn60&lU2=Y()R_i%{OJ$4$nd)tO^w{F@$+CVWaq9W*Rh#xLWR3MQwuoNNl$3y9i)-iJGP-@ z8VZsUNyzDqU&ZY$NgA7uQ|gvH-;U^qBJ)@aH@icpUZ7BZ$S|*187>$S>UG`4%F7QO zLT*2Y!ufbI#37Iy*#JsK@;?f4kfk28L|GXo9MvnnbSZaHE?24fIoum%qU^0@Jaf#g zv0DNcY)SmtQ(e}9%7Y+^H(M%a(!5TR_@fy=G+&wN$&PLJXF7T&N|Ew<9M6tV_iwhf zP4_Rg4EI^X)5S?730y6wlS|>X!SzUQrZ6}&-*rTSr*Ck*?^0)b`$&8E`dr(5xou}_X7K9VP|tjTifxzh1BHK)Y9bSm3(=r0be>C5Ta#mSwnL~%YA8(ke9Neq|UB8kM>Ol#@V=16(@dVG3er0Z&VFjE*GwXT<@ za@mc=#PyE(#8Ue}tat0u)YwL(Ft>Tx+FpxpCSuFQ`I*uD_{4a5XlX7Q8QY$o*)EMu zUF*!Ww1`J@o=2g^(K*iBk0FE}TV>}IzlFS`s&ow(tH3Y>} zap9~jlUN$6b@x*+Z3KWxn6SmFUD^ehp1`ltPIWU~b7Z=5^RUWxEmB$pB_YL=RHP`w z+&F6E(dkqL$jLo}eV0Va1nn^dujUaIv;}?1j?^rUwaP$!KaK#N2I?j&%%qJ{HMg5x zIww~?bc{|W;-0aJeixxSpCbFi#xIT*z~ouwb^G~D~9J&i|gBi*TcP~ z&e=;>qs5-ds|!~WYg5a^UFCAi<()xmp|jQMo+(_vnrkWNhl^HnYk0doIk+=j=$p@O zj7O$B=SLTlU5iUgrBqjITfT36d}%T{Qdk;W>xd4Glna@Tk<{W;VWMrLZLV~scP7){ z*WWfcGQG7Oo9NC@Uz?xXnCwVd-B&krgV)Edv}LBJqkXeIoBd03Rhdb$U$4Q!1sWk;@0MCVJRv+;%XaB(Knk+{B{%T2GP$FGb}%?)(exfLv0I- zz1No)%PrT&ch-j2x(YpG*9Nm!=U3ZDhKD953ggRD+sh-F+4h-gctp_5Pi; z>*>W*@6O=FY)^SE(*AvMkhqC3uwdKnTi(6gs>yg~0xojjmvlL#A?M%;=qnp>P z&fZM-a;fFgYCz)^}luClXQ;!%n>7PJzML zCh_XPBQF!?fhlw{G1aCq_3wgX>enTv&WMXuW`n`f<&MFNdQfUvAMAJ#zy>?qtEX0R zPkSwLy^NS=n~$~fd?PQ}jjB^T`EP*N@us^LR(29W&#Y866{b=bkxdP%8;T@>$vCHp z6Jy4*1a~6!KA9HmG2`C` zpt5-YLJj}a|6m07_mYd4vA<$X&8W(LfrkBK+z>IB_CKuL4F@rl!tv1)wPlWpW0dtz zy$rqVvfkCE^$NJL6*_2(1CZg2Cj13@KejxxYKZiEjw4z>G9AQfyLF%l1FD||X zuARolAv|^`Qm7eaJR}rS=q&{F!xIvtlKXP|3OS~(J+N!33YK)d=)o_9a;xM_p~EG` z6yRRAl#AukVR?BPnzTw$sz=`x>O+=qHk@VE0x7}7+KSSpE)7cI{`^Ia&{`pvVG0Kq zs(F@IiON2kRyrNNmPN_1W?pR7pJIFrN%ixt%HgFzeGNAOG)X z7enpgPA^4+40_5OW40UBZV}FRCv8}cAcQr)Ac$E|6x0iMGGRJ`OF)rir0}yjIBIj-TaSXCc?)$yiCo!BKh{&N=)P#4a=tQG{A>_-!3( z4ZXmgROk-%3y{4iE;?2zkr9hz!^%8PreD;|RDYyQ7Z+GOVgRVrB}=fAwJA}+ghGs< zH}RZQndZZItY!|s{2-OaIx9uWz-N#53b2)e#6Wbhh35}s79*)T*^ytktW5WzN?{0Z zLWXc53?K2JP_I&DIZi1kCvGFD+)5|aZ+ct)AQ&a!sqQ_D@1TyJb5}%%q3;cmNQ85^bO0=q-(_6T!V*!O(L z@Zfx?nXN1|GCx1l+}hOIFoK6RE{3=&mYTRpoK7g_ND^ajoz+qF$Vq=enRqPm+R9P* z+hW%4J1Qp-=Y)z#>(*}N2%&$s@=AJ>G>v~sk!WGPxcdUb=*uyxQqJReGRAg1OdZBY zC0dpwz@fI5meBNg0}e?g#JPp%@rdC?a`xdZ4yG-dQ^j1iq2VpK_BzXOb@pQDY`kqO zvD7w|SRL+djb*M}k6#@sFAoou&NjRt5p)A*P*}V_02WhsqtQE3_uzj8@>2KVzugcv zZ6eI@X?$L|_qsf68Y)ax$d%Xm{V5Knbl}E8xQO}&R^|dKC{T?%GGFr1BrA2@U)au< zR80j{5r8TpFavE-lZVszC*^AjKKE)_;$j#)(213XT2A9d= zW|dIR`9N_#w2_Qr=Ww>B@)}JI?QAkpY>fMz(1KTTmlc$fFtmNfrQO0_tYDi%E;;Ut zPvwzv?r@3Jkn;o8yv&e0jN9PbJoEy|4EC5NCLO2@7W`j?4u)bnE}$||96m5aB~w3n z|Kg1+CIKX6il9u4NP}w=I$ZOy_+do0fqxEVV=y(nN(<(oV*?#O%Ffe~D2ffY7kiEr zW8%3A)aXIsa^NqCB_phg6(j< z+r+)cExmFjjAsJqDAPBx3}HOM)K#GCl~LBzBx+I;Rmv8yywv^&D-K;qWN8xJ#C0fy zuh)(6XMyn8z7W3nB!WnQ^V?bhO4e>r-qs4r&X!uiWyd_PcFb)?@;I5?W~6FHQX=mg z>K1u#g2>z1m&mImxh+q1X>W#UW0(Pz#Lb#qo;`2ggo>)~uA8dQfvVqAFIByLTzGH= zwqyx@ncd1URK;FR#_%7Y_gZpmH*pM)ke1izKdIOy9kqusHCE6cU!(Oi4OG`$nO)!=?Y2XFi!@?8DgTb7~X`Ua~&Nu^x>8r{-}AZjL$d}QW-{3@E$3u zsLL3~S&ckHz(XmQhq7n4L)^+tv$R!IzvSWi#)eJ(BJl=2rfk;zIMLY1Nh|l+5&Bbm zcs`460k3sF!`KclEPWUp2%5+H(JNw$QSl^%2*TnL(~BMG za$WkSpd@g?4@VDvv%8mMoM|*$UZWH?ln7_{`)EdC0ZDqziJa%0@r+V9EM$$8+$wvG zk~zqz#t!o$@e;PenaU?Y5n@%ISKb-G6~>>?%%O^63?ACPINr;F?8l_r%rPa@2%nin zEMWPVnpf&o7yMPx+Wb-ZXL>YOY09dlSxnkJAY zmZwUpWTGg2!rhUC$#Nl|D_Ttr4fEJ68ew=60U9rdkG!Zt9HDW^v~n&RFzb@cwBZCj z$m&7egdBX#STQ2dMPU|%8ai%R^q19Ku9VJUeJrZIREB4gVC8jMJRjaILa3m6Lv`pe zJzTnKL9J6*1>zBtOw*Hf(8nJ)6wEg|M?7T@V8W9qjSj)lh_y%~N0y}lcBv(=etikm zuhA!iBHva4t;GvBWIyB++eO^Tr9&tY4Ya~lOAq?OP7u!qh-x#aFAaNPHHYHN9B@Ks zBTS&i&^cc_={&8Cb1ykY5og20w|Q!BAxFkauFzBsQz)9ukRc*B6o%PElnj1=+ZxaD zQ2H)z258mxI!zSIhAQ+h7dCl^bheyr{|5tOx~eT|A8 z%A3nBE`b$HPMlpX;sUHG1j&Gxx-l380Ulkz+skmx;%1DRNRKoa9kHTvLo%ezRKIG; z?ZQ4>k4hfpzWNZJophr=W`^wGQMZzsLhcYvSqRT&u5gX9C<{P>)k)RbA%)oEDZFNg z*bh3AmM-4~vC`Y1iG3bg2ic>vy}`7r^jIC4kvcL~nzFo9J7Y>@bJK+{dU5umSbg>< zR+9@cfFZc%a{UmC=4_5Y_wwS1m$%x3H)B&w3@o)!rb7v*sQ zixEsMdol00Q0v>FO-M3vvC4pz7{Pej`cEgXf&U#4d$WWIo5>vX*s8MEHR-@bR(h?8 zWS{LNQ^>Qt6=N^8LWUCo84Ie*3=meS8lVG^a9lB@i-<4cLLp_SKt3HuaCiXTP_>`E zK`1R8_81z8V~7bzcTosShFj2X;D-$|W-?Cg!Xw_;&hlC_4K4G4Y!5Rq(Z{Y4>CGnj zA{%>%iJoL8MMLV=7QW0vT4_hijmCKsQq5igK-`+6gq)Lb5EnumtD_q6h_N9ll1|)s zCub7$R6-|CYi%v9?WnA86Wn4`i4Dx^d9mXbIF(FL5?%BdffmP&h~C>qTu}kKew!ls zYy{j)-~|`ZI}X^C7Gdg-RSAQ|0TcpD(sZ;37cBlXJ6-cV4BJL-nK^EG+%|ZUx2nOz z41LEr;8lL6t2`Mz;6-eGRyf>nDCnX4pT${W@xAQOecL*wce-vl>sXVP=vCiwX&uL< zuQ4hc4xPobh!KI_xovaPqioPNw{7m*Ha8cow{7lid2E91i9^V3o7-Ws-L|>^-?F)J zDRC$4quc5dM?|eIwN>&kGdRsxTuxVcu%rchC(cE7pST|9u>gjvc>92+WbwcclJiO2 z{+W(3J+9mO?sN5<$u-`?PjQA*O^?^PhjorhCk}ip`*X?Zb-2NGlzHqV9Eah))9r`% zuX#Vi))#d1q-g_HeJd%<}?yml(N4vHMBsbUT>(sNkvBn*S zV@)pll+9Mt{a@I_YM+%G^9FcV^~&}O*>~*$ve(q~=lZYjE~gJoBL9`9Q&f-gfjz9U zg#>s#PGmjZev$ggJuLS_vXUutl#_q-R&-nY>Y?$T|XkJypsOC0>}Q0h}fSV8T;eqCa0__TuRZs zGrXTVu@SKwxJ4}b<}zY%NfRER)1%4o$f>|i_Xp9Gk>T|`KxfZORRo|B>vIcd%_y3h zb1383=2n-*!k&tU+@h%RV*zRFe_YZXw)xbIlPJ8KfDwkrsxctnhJvt_tC64BI^%VGk zs0Mbwiwf)Daqh&!9Xt!sK&*lrYA@gO!x#9v=w6J-#XNzsg}xi~@r z=dpRTJ?t`_H0Xql46c3mEr|rZRX)MD%HQCfJDHGFxw{%iawp&A#GW4M7XoY>@rWNy z%FO%u8-jbq&m6dV_<6(N=fnpUP9DKy91&IuAwpGx@WvtI)<`Uk2whI@gxB+3sUe(Y zD-W>VVd{-~5Uh8Y^`^|S#0L`R$A8r}xhORRES;mH2}t=TgR-fE`YCW86T} zw9o>4i)qf4blqELh3L-*p#2n(pbIE%1J*z1Y=GAUOY5lbldpylz#m5y4T|=x`sj)7 z$_aGYOvX!z-SK-#Wc?H7!E|3{)1|(Ge@U`(M0$>tI`j%ugM9h`#;9HgqiX_{W2yl= zSvg$DZC3q$j=Dfo7q+WD8G%cclZ}o2#Fjz<8~JFd*8(JQLOjY^=^gw8J_SrgJBy}% z<<6=##S5UoqXBw7LhCz|dWbbmy&C^AiDiO%Cj|r+V+E>tlgqjSJU|2TI^wtzQEfHY zLue2X>`QD_{wGxPT>A}x z?KTmN&d>U)=qAz#c-3)ngn*?qagY;fl>ZDvxp@|-UHtPite5{r7iR#PfEhClHlUPd z6i~#RLeu(0%(no0Cj#^mym^#0ttnzwWi2OUw?yF^S&bI0u8wjcy|O~- zOY8vWbdT_|bauhxml~j@%pJyD8f{N8w3%W8E(6}`QU+s!u||9Uz`7CF?ZwJz)$DcQ2w~9#ZR6VJc$gWv;XS$ zzm@UWgv`2(&>lrGLf5^#1E__7z027_Q~UYg6xj-ZMicpO2lC4SdI|g$Sks!DIcwWs zWHP8rf$I8^;#v!*6{EPIyx*eiu%dWVM2Z3UG>uKEH+E~?^J+A|hoRXxCsiJ;u`DSL z9`;$hp5cet4E{_mwiYdh35dIxN6H4d9!@OS>EKk7X=Oz&&rMo=BEVu~nRU4s`#$Hh z`|l)^)xH(1_HH(mKMHEGT9AFt`P6@P#yxRR_=Fgn2b|1S|V@ee2cB+5^`-f z={7s+{mu~GG6-iA-=VPY>+h(H=>HvnVNHg6CrBpo0toE&xfdTma1-+#H*c~!OJSDq zPid{PaCgm0<-tmNt78(C^=?_S+GDF$OSr3}D<1CXSnUk=^tAMZdt1BX@y_<%*423L z*$Y$&++o^L=Um%VW_59PV`=fy=IZc5iT>RLk0g?S5tU)Zc}J%np`KSSC$$k3sER|Llp3xP?Z{x@hN5q%!K6D6dg#SZP z_A{yDuk<&%spNbe#nLM#_Zrp0ewo+d#Qx)X;Z!<;vZm?29*1iC1)ox+`o<3BHeyk_ zMM<)N6j{64dF`>X;$T9&0n^Y&@ewH20Ub>HTUEtFGCI{8px->>bk3oM!+BewcBpoH zf`g2V5&i{vjk3qM7+#VYgAi_1K0iy0w^Sy55M;^vABew|g>Aer27HM)R~BT#?}}Dd zoLdqn8diw{(vt+JlF_&*vsc!}jTFOYpyKp2wJ3;#AWb5J!w16_gQ*a&!O7(K&f;~W zs6Y}+QuGHG-t0-BIIJxf5R^@a+aMGYDX?xHb`Y%&97E+mMA3Y%5ez@>;%%<38SQnO ztC_YA&4@UMTav5K!O)4~BywZLvpxts%oLC5wz$VddduU0x8LZo8Y+zJT5%|#N$G^L z*Z~!ITQB%(Qdhm;PrrNJWUeHjkF%h&ehOAT_7YP^HwJUVd%)ZqwP$0GT2LKt_$Jop zMCa4CwDrv6&3j=W-p_WS|9RRkIQ&1@LOxi+#{eFm5Cv0>(1ASa0Et`?5?F_VFy`!o!5|!2}G;l`|0zPG28VfGH(6W|lt#$s8=3RQHu^Y4Sev@~>9BfmX&1UBJFx#!?WxO_8!NDDgCh)5K!g z0#wKeMT}^yM3kO8Wbi03_?u6n{t`+a@@Hd`^foWm(nXP5w#iMyh%#|*6Xup63>4mN zYTOdrL`lwM0Ksia&i6rbS^*^IZ$moTPT?wW$@wg61wkis>`m6zmT+sEBlK6=s{F-K z9Io8Lf2rW2i^;~q?^(%iTfDt%@(qGuj3r20;gs!HtvKHr0B6D#{Q^T2Oxo8Pv9}&j z=_#n+-s5lI6<~qF5>*R4%0#*U3if6fe`pV@IpaY)#kU+m^=SML+L#dzP2>Ht--b)b z_I?>l$sk97P=k(Ob7(O6W)91xa4K$MN2&x!YD_9AR-_fm*?ftNJ)tAifr;(HCr zCdo`0&wR;tR!+ll!ef)ku8~PK!birD(bUk17r4~3Jkk#0P8WQ!{z*O$wV%+1$3DdEF3mKa=8E^H)E7G>sP1+v^X~X*??eAhYidX!;uFM4^7xQ<%-hgBr4-xhC2bkIo zBX#eF4`VkB)VmwJm0#*(usBm6r~mmW{7>Ro>J#+epTz%=3syY-^-BSiq51e18AP^V z6oXMexsZo#Uo5lts>tLwT(9oNv->43vxLP{=E|{Jf&+nGXu*pjB7VQEr6Y81Di;!u z(xYs9@PM8o){3V{Brm=s*RI$tQ8&AN#H6D=sHk$kj2#LQf`MPWo>9UPQ{u|=yIRji zjrG(SL-J8`u?ExqS7`TW7EhKJ3OOXp=3+QP+n>yK9vtmF>C1dL$>C+~EFT!GEEt9* z&dR^|k&RC9be|y56r$H?B#SmWlS~`gxtKAyh*V*H-BNLN<}FzPw=j^}CVx94yjdIc z?rI!JPVz~?{mvRJL{dyt2c=2bf#RupaI2V=ui0CaR$p2Dl*x~F2Ug`h;ZP&v#YP@C z!~UB|t)>R~DT3D@RGuH2;T1lLD@l~$OF}+vG|p~`$X!D9>BS3WYvlr%47@EKM}qGJ zDYxPff>2Gvh)h^)Vox9W_mY9~VPNDj#L5 z(MuJ^LGUB2sd=n_3kUK=B&8t+cV4{ZFfyMr zS>PU*c6d3M5u?73XCXTV3 z;k-o>tLc*ZFz$6oIDPRjw&9bh5&GBpapLVC3ow;w*HJGoyKYw9$+U-CI~>-kWaDEV|Co@ay*EluYUM6l3(Q25B;iXaN@4ot^{%Qa|BJ9 ze&{!@e)hO>r8j8U`ncd{Oe7nzusyi=Xl$HMP~o-EB)w!uh{n5a@H_J;MtUjtZNMS{c{pYf#|4l##f^aB&>F#9E}zf;qWrHqz_va7MPggMYFY~1+D0Lm(^Xt8LHCX$>we=jWiXLYTFd_uVHpPfu5I z<|rXqNmvR@eS{$-ar)6}4jE!dEMr+@qAR2{*A(~@njTlnP%8k zK4F5w9HJ6OHsa$2fuvCIEL|vs+(VQo%98q~d_sY|DY>A<=n<%dCNclTi=n2bX8eCL zgJNt&!PpVW*b(-ec#%Eo+*I6HM-pA=A|*Ut49&@f4%imzLTK9vtT&!==63H*Ljaq$ z6fLYcDW{NZac0`c7nTN@kO zJ6p4{nM~L4Xk;MWerbB?($K(A+eCUaS?-Om6~_ug*R!)lt8=b@x-hxi(bZq-SZI%z zJGQSbw6x5uUk$fi@91vNE=|mIx1=T}VzEM3cP6pkH8npHzq}k>9vO~K#AD;VJK>Sp zspP;&%VMspnCMTnMR%ej`SjdEYGHl6WqWOAc`&yyv2b~2d0=_0bF8qlHc%Xz?$`>a z3d0>8ZJAU{>s0jm{Nl{@&c4;QD~X+%>7C2t*QUohFK^G}dM{t^>xe~*OVg9t(Y|gg z8}8dl6+Quex6FZyf<@}Y)rP6X@vA?ab(Kpz!KC<4CDMqGN z3v)xOrMaojoyfq_M(bklfK?c|I(uz$`ugaVzRvBfkyNUEsXQ^$l1#QNOh;pVgIBK) zw{4BZrdP+)sgCI7-nQg&U#?j0E0)WPt(!Y@tqb`pS1cdqs)*JqZJy`7z@@mP;FFp=q>>)t8sT-(}N-0UAHWyjWg*RPjHOXbu|^2+j9 zcWPm*eKlQLD2@%qa~t8<_UN@sE!Ohr!cI7|oSknU8Sl3yI#)~KT;F_ee5_^k((-WI z_*~1S&e3FNY_or-t*0%LoLcT*h!vJcv)faN=+&{Qfzh>iVPGrKH@}t4^z^MpS|c-^ z{nI;RrMWAYBWux}@OXE7VQITCG@7Buia&BNblPdJ@>|9xoc9ySA<>q!K2L`g)uGTB5?VZar z(Q;w2II|EL?r&+}n#ikcU*#~Qz;5ctA!sXy5gWf-xloT3+D$}W*iA%JKTU!fWkGoGcxykXoMWm^Y%Xxz*?ZnimmlCl6aW|yWuF96-D z4|u;tLUGmKuPZ!}|CZ4KKI;g#$Zi}g%C@E{>+@3nx{WT*GspK!S8!XnT@pl?pvs*p zVvCc6W}gsYYYYBN9^@=zxaqHumB-ujRsm1FM~mAT)IctXmm~7gWPv-}oHIt##hhz4 z0csrbyaBdcNx_rqH%-L93Qoi?NFsiRyF2;Cf?tuG7FZw2|E)=K`-SG>>*3HsL_WK* z=59*9$Gk}kcP7ym!Q5+f%-n{Tn)#^NuhIu?B+?Zub)L6}dp9+-iHU=A2wdhlxUp?z zB4k*%^TiUuMYfY2i`Zv?G8%@!!lIE%6Tyia6^BdQ{f#rF1y?k836P7IS8`(o0>HSq z$1O#h8n|hesu==aeo;`&Hidbud*U=?GcWx4BCScWas!r9OSYPxfqw^9K89X)btm0O z37Y~EH*JSmQ}b#!%?NRmSk49ik81qi+@&bAzou@q|0dA>$o|kid!u%qaZx^V(6dOb za_|Eya`eYsr26g%cX?SG z#T;Hhpi9SSD3`UurDVo3O6_wPxTUq+|!EP~6b2j0y_bxJ4MAGpri0W=N-KOI{=%^$GA-X=( z??0GZ&)uHn8@K8yYpsU=#85F|acCZNh&nCj`qPg-0aVGEf63Pe! zA<@at-a523$g7JOQ*sbLX?JUh^PUQaf3cPK3@0D=YLe^4Q$;6l#kV$}yHm%A6S@Oqe6HI;5n8u+df2 zEkke$G?hL*ixbewN^0{OmAu2uxlF$7GIa!@TM1NiL+}YjD{ssE-j$WPk-oOhE_{ln z*K-BjdSztUe8<`YhnH@?NZ>P`GLJbw56a3!$p*bF&2FD&q&Evv-RS^a^6DuYDfI}y z!bb47h(w?PO~x4Z%8lUzy(l-Zjte%C;2Z|i=pMhn2Qch`2Yg0v^Rhbd;J;xH{Vc(~h16L>xbNgM9t0p>B!Z`8}<{8s7YxmYzSD;qotHKq9c@j%@* zaVHpQ%pFi4ap!{*mnLI;ZznEafj91}rQ8=x^clAI^KYU0$x7YVS9TfFJEH9Z>btRO zEsk9)PIh!|m|f1 z%^{_{Yv8vKG>_)uZ>j;Q&BA?N@?eX*h3m6Og;*M+KI8VUP2Aay+r{^i$0kH2T!h<# z-RG#9yE>>Dh9>=??M$aKg2ky~tb_+%7Jx?87TeR#7ZCqe*r0(>N`gEcIoQDX|9lQb zZHg?M8wU~QKJmG)Amf;pEy}!eOMAfDNW$|niu|c{n7-SHzrsx9i$UTQv*GEsYGnn6 zH*XN3LOOULI+w-r#bpE9lIzBhazYd9Nm+SfT0S8K9vZJPl`G3@X|Np2m<|u%qWX-E zCdbp&f$j58z67bqc9dz`e*lavZF_o6qdtbz`|(HE1~IkDUhS%nu(ABrxUgqvTBcvJ zH+LU60k21y{VgQJ53zOogD6b)A7o8Ull}Tl--9l!^P5u`N5&cmtxQHfaTy&>H9O=>A*0)#w{);`V%x*vNwba9Me+QQP4F;q? zK73d%#VC9eC9q*_ByZa6jJfFiNF|{PC}N8zT5KvubHwp`4w_@{WFz`hNN_Ao&N%iN z{Rrb8l${frdU)zf;HkrG8U8Cac*=VM&jS~U%l8D}UGu<2y=(_Adj?_UUwgj!A04VAi$b&FxpI-ksV|ntuFi`qX#5xMc4O%> zQhCIw!Nn4wdjeY)sXA2g-<7|>(F~>g>G?i($$-0MoJX>2@(+jyvCYeLd(5V`9kFDn zlZenlbxj!=6Sv(q(AxkkKo3W$IhL|p6BXiYRLbGHTW2)m@J1&lXWW&%trx*mwaQp5 zo&sHNQ$;q}%Ub!)-(wpvIuuXT6lD)!4^cQHts-Vf4Rq^r*A^#O1-U>hh1~7gDYigdOpSuYX*f__$=|)Z{ zX??j6^puBG{XX^#87<_h&6Oz*4aNDGFBbb)873^IAZf+9J%|(N&7D-y^~}9w z_xURfldk{U#GL(lX7MA34;^ARG>D9#`<1~t1WJfEFO%_lZ(P`0nJ61a{Whb8r&5~~ zJ=Dd?kb2S|8>g^6kySuvLJ)PaXEmqX=u%}`W>OY=a9!+e-rur_&`g5aw zo9lg}m+&a4`6j4~HB5co9u!?#tm>_Fx3Gn&Yh5pjGBiQopd*n5w{y5=Q-9E9U15U; zoe4`;V2!Sow&~Zweg;4LX^Vd77@5kKM#Ec$wtQ-Pc5HljGP~1pH51QX9*C63=B{_l z_I6ICdV5woI&@Dq)Wqm=cJ5Mp@5T@U&(`PKuXU#u2RjPw;r`t4(B;kL(#)mN+3WeK zbYcB0Tj&e;-xt{OH}VlWdPGabNU@yH=L+=Ts)UC@REliGB6NRd`xzg=<`KM+fbsxF z$7ea?kDt9jTcEwCqbjE8jiD{xD_VmdZfA{QF8e+AiLi5&be?CtKS zrDmr%P?UH>{C}Y-X_eNPN{{Da&5069WE9q7UELkMkBN#e;r6Ds*RMn(I%H<>K-R6# zE*%W(W+j!=RbWZ;{FNrWVwiKl^V1k7akS!W;CH~O9AS^VSM^DJtn%b0w||f@P-ai8 z5ON+9KiX24?fK6HNoxJ*p+n;@V~&7(Txj7B_rO7rN}}ork==%%S&kt7a{#oYmZ`(X zD!qGV94B%ZR_vE?oc7*_l&W*<bY*s^KhzDS zt;!m8tVGVsR2%M5)Zyev#6%Vg5?hK5w(E$M6?@6$tuX4&P;z@FTrQxXAC(V}BR+#$ zLBdCkL&*_Zpk{##5R7|Uqjug&wSGy*qYNJ1tIT@&A2Ec#nkHaKf6x;ddR(!Z1u(EI zDpa}86<2a)cUL3Q#&6$B>~pl@)+hk?x%LA$c1mufNLJxk%6Uz5sL=zDPy)6N&|umg8iuXV0B= z?73QQ@ygK33Tj+sOA)G3j%^?c>94Gy*!e|LITzWcDqhS{B+*6IHcV|V;z$}^wW0;9 zu(I+xh9vX)?iYxs=p8B3$@@xkLW$i5y$X%SUk;AOUqn;3eNIRa^f2_z8FSHGCxmjH zPt}1Jy@KD}10XMZo$k*esD}|ACr0==h7^DCBd)D~8cmJza&*UMJV-W<-C~PpquTb! zS(Nuf;=+i$KjwvvEt_86dCAx_!^RprxZxSC9Bc=_xo!25nkUt78rNS9POE=l_=U1~ zhL!r?D?0StG+r`^IIGQQtm-|P%@b6so+Va);!QSj_YHGw9hBHa>(ElUQDy8)B zeg1A!=h5p3SplBsuE}!_jb#Xh539HW)cSTN7tRQOXGmNHBjT4re8pY4IDff_A9kxG zDqFhM{Xszze&y_VOp{({Sd}#$*-M#4ILC`?%9ZUX6{JHO_~IqQ$j}D*Rd4;~8fdiz zdOwAxOxL~F2yM8f@S)g+7F(Z4Yjtph5nl0ED4l704wjc?De2?68@+|9LeLW)AEmbP zi9vR5mw^}w6bwfKy*@*rR#hxl;6=o9p^GS3cX4H&J;YH{!-YopU{AB;{|Fa)5!+cb zA|lHptf=|xk&TJMHVDLHIsVS4VU=TCs#X!M7nea1Zb0Myl09L|xE(tq7lUgQ+{?n~ zovEPh-jf^m&DAe&$|We~qbpmg{O|F?Zik*p(vH96ONCe|EKTfN$ie{S`LTFB1tBaY6n5n}kPpc+>;ic*I7bB4*pdxk0dFLu@^^jFE(WK-eU?3I zD<_0EgH+{t`mU}O6xnQpdgmP2M#S-!Y92F~37t;r+1Op8si~n$Bi8YBvCAz9R%AP8 ziyHGHpwIjHV)oKe8Y?3{6h*BV!fgvue88(!@U(9xEaj#Xv(fVb5TBGN!`|FApG`)E zs92d^F=nNdni{%o(7ovIY&P`h)tF2iT9}=navTV}EEa)eB}|AR5%7f?W+KRmHH=ec z2J}aP5Goj7B2XI1HLFC?lZOo1aw#fS%1tc16l5V&l;&Y_23kbMCKYZzz*~cWnbI1s1m!qgjR$Wa3=LE{^jd7qT;XE;JcN(xn>O8G~;gN zB>PI`aduN_3{^RfAIRmfTRBYAR!-r6sl+yw`Puz8_8E8NS^Ot;Zg-sh!iCny_hss=)+n>dG$v!>?Bds{O6O*af&cH;LEs>Ji) zl%8{QEf&qFyI67A`3r;34>5V(2xUeek-ds1W~X#b0B+{jns7LlZIL^zGXm)$GJq zUk`CRiMT({*5bcxAL14zai#9Q3AV5crT;sikd*E}fF)_P{v{);$rO8yA^jURmOriq zi_o-;MPB81DsV2d9_n`y^*_(1@n4Y-_5Vzw`s?#Z;=*WmoY9P?M2Zu7O_n>++$rPh zE8%d4jo?oq!80@&oCeKRQ|YufkvFUEIUW5895R=Hb?VCHsk$ zpV-4XR~4OZ*s0nHa6J;DnpA$CqN!1v6~?^Hy6(S0~B?DuW} zN9>2=^R2W{bEn@-7fPc0BTzc31 zB%^>SbfABkuaAv}!4Bgu-Q#Bh&`j7LG&mC~&+N->sORRZt!Iy4B!2lwz5L=mL$E5* z!vU;lBZGxIXl%F72Ipk($N*jRFn-020xlNvbTb&g;B>LVDa)R>Q?!$3jZwtgPB6%X(F;0@>ceo|5Inq&yAl* zq3CbxM$zjXD6&U4ES|&-WQZkvP!0t03S3fsI!m2POZiKQsqobJGM%xmWv0essU@BSg95L`QUtz|B&AtA%d<($kOYJrbj`K&iPVp?RUcDh z6W$+3de=8u&*xY|gvuixvyc zbL81@7C{;f3$vlL9!^@-CxgIN*FF^K8bLj@QWMK6lO1bi0&T>eD#pXqMW+X`bRPa| zL?;9(4yMoi|7?3i{zU&4DMAbu{=3Q+!f!mIN8Xg@R#SM{G(xwkbnT+2GxLu)UU>GM zLJA7r7v*JQgk40k_cSATfzIf?hKGYJwnJ1NQFmKUYiq9~j|e~ZwD;Qbh;9poaNZ^T z@U~E>Cl~LwP+&6Pr7ske>G6MRm>!N;xl|hhIlVHJCg13=O6*oIdu5&n%Y|BdWSLT_ z3n==aV4;9Kdy;sYc@>@E2J|*pu^fvbf^MyxhTjjKN0HZ5%p+jNLWpbJ;yxL?ZbEV5 z%tWSkEDsbx4{a^YhMj5m|ja^CxU{=pfa;PPT9~a z4|~U{WGfJ^4_$ZO?;jm$3*$S5rtH8cUSqzw)Y40)bvV83D90^{DPcXvf6)D26980k zwpE~h_NC7nYIAeEd7pl(g8>RYJGj!yk6tVY&bRo2l2B?D%@uL z7m;Z)hK~|AiDT>%AT@3Kt@4nI&=!%qQb74NQ3TG^ATVv(DZbJani?ye{AMJJ8gXfr ze$rE8({qC%5k6cyG?-Fkc)T9ZpiyN|4rD9^=vx8+YHsYe5lcv*0qCEda?&LA_fr(UWgYioeI^^G9<2K5TiI2He3C)rIKCz5LK>%|&}iROU+64*J?yHr8k&RGEXrOG zqm#~HHdfeXdo$D9^TNDX(y^ckbYCAh(hAXRKVdW%Z^raaM96W zYsC!7(6fY|22J?OVMUhsjfxfQOu$s))bu<(ovD(LVFy!EG9GM*X7NOXdi`6C5jr>7 z*MB~wksyw4xRLqPOA&9HTL&4pnzc56|Ico0w-2hIQL329HBpTpFE?lztR?` zXSI}YeLF$ff}EH9MY<`@zLQXJiIK&BiFJvy%0m}X^Wox3cV}yts#??0)Y{al-g!Dy zIhxGItu0$#13wRV8kLpf5P*fGRoq3bfyy!d-tBJXVHCW0U5Hn`aL$Gt1~y5!WjAqb zsq#$yd+1sOJB#jhm)_+R~E9X^g)V-Q1*OGBpGv$jIRT#pD(MAh~|H)uC zN#g`U7{GrO0A6!ne>b7&zX#|h(DXUhw3eAt`Spct@_HE=oZ1)>2Vt2niT9`D^dz9o z|0*-xD4v46!S-)9-|U4DC3VBbfdK^PFY*LSv4ku;A-n=|C{)=p^nxvtHI%jR=yjY8 zL9=md$nGK5ro)4t;Ak=(e~?(TDi+8m|Kv{A!=JE1;?v;FHTn%}wQ4bjS8AoTTCKEj ziYgPwsaD>I@1AOfcQ(}uuhnGEU#(KST0xz-eNuFs#&QCxl5rQ>rG5=~3ZO}X7rN^P zq=qJmwA;0aK(DDq=*RlB$oCR6hFt)13Sfg7{n`CMv&_;`=w=>xN zca+c~-y8s5bI-nu(DaP~x(PHr&zjcMB9F*8O#2aVgI7Nm*<%#0d3SX)4fh8b+@@GQ zwX$N4fiJARl}@+I!xeTR#KDD|Z~9I}Br{3-7s-Oq_9rxNF@o|$=?yzQ&G z__p*&cwY*HJl*X38$?OSzYM@G=C1iZ;sFWZP4cgQm9gCZ{Ofxi!|q=fV;qow9fcSB z)6rzcRV0QUQX=svYo)jNS$qnp)n1LJem)Q4S(Ci)Bl12Rpqtp@53r^+g(B_}Y<_ZA zh~J2jgc3MqYpdbDga!fOetiG{Ot{}qaKA1S5CYFDg zu>2hXx(O`5lQpfmqhg~~r&Px=l46(W!CV{?abgrL18;x}}P9lJU%z24#t z8lAVHkCK-Ud@_yvk2B<(whq!!eBQ(PIo8A90ueS24bG0Br|e)U^~dM-=V+6fA0TRe zl#S}YfcmKUDt^%GZEfq~ac9cK*n2?7y*t!#k0w!vyte8?-XC$Cc^>kKb_fzI>=ek&VwuO8fJ+1-O11IndRL>tYvR&cUKUC8Ey z*A$~aLTGw(fNnyJKFgZcREj;-hiX!C)ec>Us#KwQdmlit`&$Fx%|ynJ5;DHwz>)Ey z>6DIYq4XXGo%emzhw60#$Ie4Mus#65os&xu|xKTQ#vwrgZ z*`CO!^oDtX$SeT$&0VMbO>pvk@urZ^Ri`NO*>wshoxj94<->*`c{-SA+u4)l< zl|kpNLDuozQ-ko%2dhCg0#He4kb(ge3<0JybBmkiE4;O{}~QMgCIfKRfBvEYn7)Gw9y*m z3&F|u=K^PQLYFfyDj#2u7EYHFsxhVqW5#Np)DW73TF)wINs&Qpt z_)#{G?)7h2FH=G}c|%;%&;;y~=A>SvQeAv@f5tKK{87U5r`eeP)7QdtkSG;SB>&~@ zpRdm}Hda5#;mY7&1Kfha@2>8m$@6~$kVl+e{&xUWniTjLQQ#{9x(N#W18Z87)0Zi5 zMn}COHW$}~=_I0RBgFZXVk3EY@q5&XGQYzmr;ZHkNgfJ*HmzI1;!HEH;9qTv~~2>+J}MB8E2xlbCorKIjj0a0IiawfjbzLUjjF;Vb5?c71GZ~J>~%2T|v<*GV=6;O*k zf0t67qJt*tuLmHB;Fr$^K%K}$irEjNjmGh-@FAcR;sG?R?~3N<2*>vY=q7M{H)~pxzauO|oR?O- zAWL@1ARaMeL2oFA8`UY;*xm>XOXBIW&FZRRvSgQX#NF_Dl)csyfC{GQ_<2HY z=Yga4ln6xYX=z#EC&z;eWWt!cl$(h}*>I~%66-XB#{0@Ag72OVI^NmELDx;wlAJds z6~A?s-_)%${h+9l4L}tke^M@#ICuvg!BQ2;#3A>WEhg{$0`bm-%Zi-`c4J%m&#-^J z{Xk=*TQyf#arQ%4ywKhEx^>bt{6KITzApeqOhkT~5c&N9x(P&nA8T4uzCCM`Z`}0E zMl)73FIY(8t9U`iIBk>Ii-!8~(x}chMY1WXBIfhC0!0EF`KwB{-OxGI4*I14*f&x7 zi-gi&*cVFQedrJhkl_Cu>56U%PX=M?;Bfz@BKe4ix_dWuOFsHXmvpPTl8?0ftUTsh zu8oye3sk1<)vV;3TbVYqJX^!dK|7f%iTS=)Z1<I5%&K>h#Q`w}p@sw)2wNJu&hge5@ODhWwCA=RB;60(7G5|T8XbV3qHaGC1r zs@MIhQX93T(~QWBI#~IrPgH9BGw#C3u!xA;=ig;q$B_{i5J4GH!CetVL2-m}e&@XV zmRt4ey<63<11@}UdHw3%`|j_YbI(2Z+1eH z&_o9d@B|tHIk}ptUqYjVgvn9ezKkCfCF_d{z+@_am8kqVg<^ur|IS(cdeq;dy8YEg zb^8$n1Uo%0N8B?r{zzr=qPjhSuf2Ft-3Tk3{?;y`ihoqMV-xXin4xFl5;hTqswU8z z9K;RAs1=ne`2u~;5x`A+UMYZ^V2iZg;1|H{goXZ!N31YdO=&fNo6$aR?JaAruaV|@ zj5*+KLNukh`~$d6(8uK+waxT+xy9E3H=M#&Ght0$jNc`}5;GYN+qQ}e%e}Huv^5%p zWdD~}PI$u_{cPFvyA%XT*hT}~P?@2szOg`~wiy%yI_H`hy=*St&eusw!!DrA?r+XF zB`Njp2f}^!NtXRq&-^ut+V*<1)igt-sBPCVc9}D^AOsU%tAJPT%-DgG-x1icC&jug&IAQ;(7Cycu6a-N% zePT4)yOYTBbwA11yO|c=WNS{oUYr9{3+mJDCySBKE69@2DbKkuPjz4jEC`z*uRJKw%jO1!2S^$paRF4TPbF#emiIsg zg+@Wxx)#}kf)s?U2R|szO*@gbxfS7W5}8&i6cc1x&RKm2g_ZRO!H0(Gea&=Hq-spI zT}%d9g)i`_lnf{LuiDyqKiBK6v4o>}R zxQlq39G!+6I^Y2J#w-sX-y%|7h0=b-BvMUwhlShHajUAUQ|Y}#2jQ-DwvUixW|mf~g6-Pi&$ZY_9D;uoy3?=uRNm&y4s zk@Hi5lXKnBuKq3It(R=UJq70N1}l0xx)H}(qTF^ZN;^40DJ(D}X7&nU=E?>`n_Zi^ zkafJM-_f-n0Sa_&>ld$nW%lXEsm$H_2OS;yA-u9WG!*Jg3xF-*lm`we4VM~Q4yh$d z_{{b%Rv?D`y(js5-r6OO#(I zxdyGA=(=UAbvV~8MI8aHTY5&zi~zD20&AmXMiqD_rXR0j!g+TunY}+C_P$)9nCO-J zIjisBr?6IeEow3ceb=?he?$hwLH`;B05a~!2=~gw)%mSeweg@(~fwNJR%qU21 z4xCby%$PdcA}(yJ#Vae)pA(s0sZdOi=}OM(J8(7~?NT6bx}0UzU#mbR8Tu~>`l|zn z{^E@xE^!v$%JA&%inW^qZpH5n#}K1%uw%$a71$*FZ}+&cCU_m>8faONt$qxlA0}-K zaS2N2$G`8k#J>rQA-`1T-%pPU|6Ioqi+|2B#NeH`hL<(OFG)k(=mMiwr%KAv`wM}L zA&uf>hL+l6h!iJt5q?k{`p-eu+M&M|uS}*Vh)icH6cc1RowNFmA>o#yV>VgJ8b2;l zppXpvR|I=Q;ILo3@xvvm;^hpl@%W+P_lDz#Q8?J~qo}|pF@EG+SaX!d4?(v2@q>Pt ztns7UC1!#j|K8pb|0Xbg+@a3DTaOC=T*nWKf6np4;GMU2mo>zbq#^dWz^K)yl4A7! zLLlQuqcAYvM_bJ~h!h6qF?F^*s(@D}(^EvIM-++)GCj;$eaDYU56>bfHR<26#;6w* zxFD1E*F@U?37oV?D-2Ax%b}Q4mU*uyorm8W4oOB~mmz5aVPJajK}FlDliMzPEQ24C zT*JT^$h~!oEIUt=?96j%aRcpTbW86q1fsp7(Uj}bLmX{2wHNZ({^b#M4h<{dmC5uQ zB2z@6n9yFY@DJUMnrHiVlv{1))b;8q}T(A+Z+?wOem!t(o!|i8={#w zXQhBvIKyI;w-+3s+f66DAlT9RoTbZNtH2YP(7z=@UmF0SRU)z(T$*fQUa(>XF*BP_ zT+O_Um{FNs<@+vR7wnqvUd$HxyA{YQ?BqKYNGfyUS>nWP3dMxTzmK!}iv0S^_w1;V z<31;Ku<2&kIZ3b|~ipha;0Ln}nAkWsF}`8%K&!g+e5g0^@*r$AyMp3f+dRp!QX#EqvF ziV5+2lC%1X=Qh^J(R@BSZZ6>((X~>Ef^~uJE|S<#cgHFOqn5}pG!){4f(3hhx1+fV zZR(xU&a+7AWcR$f@0nYe=1A?ZYdMQ+k&ThspMcfNyv0%G&mV|C z^SDayulw;wrMDQ&^={t8trBN%NoV7}z2!2Xuj?%}1#M34Rp6B9ExQ!RDs$tH#El&a z#RNC{Ije7PNjE3li!31}Dl8IW1{($kJBm8CS4ab12qCJW|IH|NqEBJF*HQke)d{i+ z9FocYJdr&WIN8O_Y;A8>Z_oicsZJ|EXLon~6)e{=n#Rt;x8nDPGc%*G%gl^FOMS&< zr=RtkxzmqdSX_CZ0#`)8d9Mp6f}fdD^XdY08pyphlq@?hknFt9rNy=CTk5jjUzoTK zY$ibGLukCve?9>^zpc*02NftH6Y_tFkoPMT6NLO4XZ6*6lNvlzkZn@GVfCPA6sRwg z^iM?6rvo6V%HVGBW3mOilT2Y8KP(g@Mo{Sp-8ur>FM_~c5yPtUv5wDOZpr)kP1I$Z z01HupqLb-tWNmH%?-&Zqxj>~DX3M0sgeZvhXMvBSgj!^EtLqdvE3<1FvFmjKuuG*|8N61 z9g*#EIS|y;5n20l?a3DqE4zXabX`?DcCrz$*)4Xm5wJO`pNk-LCmEqCoH3IT#?CKR z^5>;k$)5xBlE0-W-)5|2YLD^88M>k}KR%8i=80ICPw{7a9yu&Ie?URbMV#iZ zBdgTToo!Rm&4tJ%A;9!`I9sA6 zfov#&a0#(e9!dm3;3h7CEgL(7*NhIUrU%goOuaHb-Rn0;P@#mJQt0{6?tJzT0(0dpCH7Z{+!CT6CkPpDz>(&KGCVeIUc{U=xUr&6T?IKo;WuL;9~Ol|7BwSC@V$4Z-> zg6-Ilo-(cxWp;=zI%q1X19u!VWeRQ+Fl1u=`cOwlC;m;OqoZ1(bBu%fM-Ysz7=`H) zvA)w$I5gT83We6w{T1u$+OxxySI!en71xI*4G@2#7|oAr_=;XE<_haOJIBVxI)FP< zETvN&=p3EqADwv7xi`E2V1Ivlv~O>5OKF$B^UC4DZTUSrE*;;T?&&@_7#-=`y{m8M z_U_o~blxn$j#dzhx>!vfvw{o<*!tDV3Uzi?^~g0rI(mJP|KIIs@gwXd$f?cKiX@*P{eEr}6~0Lw58WI|ekGiw~^~ z4eiQlhPH{OaQ!NNy&{@Q#D|OlU<0%c-1&)g4!5+5piR-x&=xHkD<%$6h^C>sHes;A zkm1=T?1eyFC}UuvymXai9#tAjjK>>X?23?4^ig3zX|Zf!ynyggE8$$g`AzJR*xkRS zv;DH=m-O{nmIziIV8b}$MWG5q_t7nQ+X5n?J^5Woy=FN1tLe60ugr2#*fc|DT12`n;jFe%txBh$z^-P)T?m3TfTJScI#QQLBQOrQo!Bc6G_ zKjma{EFyB8j$%$T)J>O5S%~^eA=rtrmwR3Y4r(sRQ5`&gcj3gjZHSRU%Rn07XoI9_LVsjdn4B{I? znJleOB;sW0Qos`74Io>dyaD9B!*tye#2336mNdUYfrm0<&LhSgXqGXPEzOc4E6edU zXsbEe)|j`~Dxen<{PzloWkM|>LLF8pCM3ATS$!pVXC4_W*QUSe8v}HuJk1G@t((zHw>MI=)PyLqH4rLDt z^+szILJ_*Fw{$emc?(c(#Zajb9ZuN_Y|_7D$>V=3a6u+*JCXL=&62hWdGyXI7AFmJ zuW?p$adIlnL4G|8vN%6kcCnc}7bopG*C2dT(xTsVxU* z5_j_C&3FDdYoEO&VNN2YcNQN{Ug>W)iJ9by$SThy&p%o-$@B2(iOwWN9RbZG=dM^` z)7W)7xrNAOOefpytoGb$s{-Z4oN^PxZ)Q%piaOiN6p9Hwwvn^?>M?~mWgIox`rBnr zIf4v+a~y$tSOI{nWV#4lA7gb4npLpU$uTV_L=GQo@uWY70 z?Ko?m>b}W?r?0;DojrZErlm*utCoa5qrf4V?5m0FPd7{U$(GQzA$9`5?sAjS`C&^& zXPEhHDLoy(Dr(SEkk!wZB$I0mk!zkpF(IXMIjgUfw!2BGu~~|AspS!|1WdhvB^$j8 zbdkYcKw!I?1v}ZYF&ks6$#pmBxB?9}tvEZUEguII=peM%J_YPD$<`9dE>kEb z7T$`+nxmPK%a((i6!4ptmI7v(RO^XUZ&oN~T3VddR}MBh^n|$+F+~0a!=S3Qo#2jj zaXCz^5=(wQqCh{HC>w|<_cTkC$(Em4LnR!OVKdcDgdReBg$T{GGTKt~Z3QZrHjx5y znP3}MKR7Ns4&=C$FWmhlDj=D?B6lY?^)UHETaDmbT>P83l^TWVn#X z@N~0eXhLqhvkE_yF-2^g)y)sJ(8aLw^h4Pmn>s(#ENqc9H?2CHQ8lksJW}ig^7lyX zfm$`9w^-X6W;x$k99`MrZ*d8a)N*8%JyI9f?j=9)a@zM*2+^f^m^IpaZCBJvsF**B zuq14(8@9NyyK4nbonX%vCXmr#NI5nEn||7UbBmgD&$;!hOV%9ji2)O2o_tNT0BFB@29}Vqb~gSCSOF`HOL^Ml=L_ z*v)D!T--2Mx3pm?(8jP++-Phow)Mt)nK>j~VCFMf5S-2tg+uPs0I3 zvTdy&%VKTVY1FaUn592O45?f`8^d`IS{9Cm&>!Je!XC<0h<0X@n<#n^4RD{yqw{k| zv<{>RPZhKaPQMvz%XK2kJ4mUW(*DA_9its>ef1p>dpFY7$g$@2DCS? zMGFX7W9{l(&%_V|G9TeJdc6(Zom_F;b{T_iiIS{i4>XS6;L@uSh>MRo=xeD3W(AJE zWJa;~gU(T;64*Cx@1w6#K-fZSRZQoBG4tS?Ol=+V$X_ncZ4LBtLla8-U0pVPK&85G zIUQEeV8TSCPw}4Dnk}bpO^{aV@$uR%r^OaN`<$`m^si8&En~(Ybu)@_i-%&Ye4cD= zbkt}fW$o*>`!$T5m>$g}3TdnhLl?O#FWUG$rs1#?{!iUH9xX;g6oDqiY9);`FQ}i+ z`n&de>o_iJPL$F{p*Z=RokK~ON|^S|LoskqXScoOTlhJwmXy2 z4&yi$PE=@z!`fB=~){tQftF_2-g9&`x^mv$hck!%X5`iP+9LYhl{dZAdV}+@6LAm&v30Fg<;J7i3zT}V!7lTJTxAZ7H8O<5 zYr?C;y$%wg#Fu}z+xcBP!3{Yqs0e@a)L1X>kE$$Ehg{lv;i_9>! zqoa5HhtWIipHw=Aog01P-lN$kCRNjVcBcD|ZfBZQpcmEj!Wrg3ln6&*hw$9^@Gu)N+T^*r*Ogpn<87*(jOlj`g*4<%FgH2nqt*3)m zt*pP9R>|!%Yfmz@C!adjepfl!rFx^NGw4L}_tf8v{aUUiECT!i8U2=oWn*uE2=FX% zX4rcZ*OO>Bvi^p%$|z2#nNGVPnA>R~sLO4&{zPPIuJt>p^|MiI0+^N8p2M3u((+Wjb%J}H-s+vK}zmHqEAnLh@L-;gj`+Q=-vF}lL{Pv zjLt8c=froipfvJ|y?*MHDO=!}5fihfy{DlZPE^o^tuC&zzAG^uEM#N2K}pJC*|h9d zhHHr9Ji(BsK1wd9;Uvri3UguXFEATNKV$BPm>CpK%kaI`2(aNi)3EqnGC!I%j#2}l zaZ;Jhg;5QP0e&t_S@aA|C=iV!X9S0FoNhLjm8c;xU5g#G{82b2ZF$7)8fcp0>Wtzq zqLN%b8!w@(gIE?R(wKkKq`9Mw{Z*8O;F@4DtIopwCrYFcsGEF(n4r1U#M*8=G>T~! z|7=FQLHRhmW3eKpP9k!isSEANhY@MS(LS?xSGT?$%4xcaHd?CRf+F7~%>Vs*5?brW>!mb-~HUKu^2 z@n}-NIf+1AE|d6RsiX9^wCI=N<8xk5+eooU#YjVMAsL|wN4VE1G5h9OxJHm{_S?NQpG;A*OFky@&HH-|c zSV6&ASFCV2zOj`>*q^pwcn+pg&89gUYTv(mxm`V4MV6QQ4NKmRw2R88c6lf0%lA4k--%luG548@r$s-72x_fHb5>{hjcSUK15Bw)_hiy+nXG6 zdxr}STB(w_XJMiHODrtiDp;%=PZpak#l}oOmZB8O2-!Q{gMDKS&RL9WE2-WTsCcFIzmN?4$+xm9*+YE&V5n*@Xf$V@;kk2OK zyrW_?n;lJQ6a{s>lcFqg!I$Z&3lp`P=OoI5eGwv0IGRg1nM%K6BZT>B<5#)>rWorZsveXBJ*o#p(=W@F83 z8>uC}4x|bnHBo-R59KhSwC|)F%u=XK^BP45WO#6~2R?QX3{Pmq5!Ob)+!@bDM~dON z2G2n(8_tr!7|u{7)>zqDLxIzcOx@vCH5ncJH}dc;d0d(M@cMg)RNw6av`(ty1Qxr4 zY+RGD8>j~EvDgjdKqmgQ7@QoLW_QgGHUwcCM3q^#-R%sFQS(}S0CJFQ7#)MQ|2rxc zL1gXCN>&(VyZvMwB+o&FkJ>o@bpiDesNSHz{e^b(#(=QHGN~rFVcun5Juu&8$$v$4o9IyC)Ss3z$Y zQ{|+QY_^CE&0vY8_(v85#Cl-9hh2a(-BnK{Bv4mo_07QcoHos+KEr6B*D5m*vK?v?;J!nN})}gx6LpXURWAw0u6Bk6;^U zJf-D9ZE9w$Sgo93P}!x1vul2-sUmqVB(5^osMqED@((qID<@L>3m}pX@}z*LTA73J z;-e)@&_V4u{+_C3s+E(m-i7^+5ro8tl;AU1+XD@z8&UU(8i_dM6gTo5#w~o6xlqg5 zi2bTEH389@6ECH65lj3)RDMCDZa#zMFjR8_zhS}V*b>&OTmd^IvysDTlBE-IG8Qf@ z#BaAtvV_EnkwXc@`e)fZAren;{3QUPy8%$}c(Yp=y=*q{6yO!)F%&<~5ji6xi4^c5 z@c4XsqB!wdo~&iChXOjq!SPx7=$Q2qbzny2Y=~t#V)af7K%|f(Avsbx zu`mwX<8XwwYNqfXMEE#5Yf!DsW>BY0t)HXbOt0<&EwJ zDl-Y`glj2>Pt1jOLX2$C-%tZbAV63G&x}9}OucXt+3;BAuF1z?{_(M>(HW0pjRdht z4{LGs@o{ih*R&!&a%v2@4n|;3BvO%RJWhI+n>|m=4j`|o5ksXNsT`|i4prgqugoyC z3A!+(F_AIWgCjW+SY<^{x6!{pEVUKBnvX4f^Z!cj<2_RZf!f z(#->gs-HTXuj*SXZEV(s6OiJn{_@J~QpWjWjK(-tO|a?<1@zl6*}gZ_zeYdS-&LZf zkJ#T}^8iEa6|f4TmBz+BvK)f-gDh-KxmilDsGYEi5&W1^6(-mbv#V|@Cdpd-aJBYO1z^n5ocQQm`-275EV^+ z7lFa>#{>9ZG#NdO|JaZJMfvU_{6hEtpn~Ix4x$GA{rc_tC-sl(U)KLa|CauM{&%Q?ieeI3-a^uA(GE z$!jS2drGdSq)f?8l>9R#@1x{qNl>7@Nw^MQ}B_E^Y!<2l1lFw4|4NAUB$)l7!Ldh>E`6(s8r{oz*jw4Iz z7)s_*GMAEbC^?go^C@YkWGyADDPe1j3^3CWl&+3So=?WwJZ$kv&ZXosN(L$Er(`Q7 z_rd;4-b=|poQUKaN^YeeZlUBiF#1^9lA{o>WSo*OQkKtAaxA=CEPj;*hK=d`y6M@j zCeK}kZ2IX)G)nk_D!wDj}5(WrsR!O+x3)un*RI*B|o6# zQA+014<}Qyfs(b9Y@=igCHpA3jFKTrUPVcok|ZTpQ!+-$b(FjgNvSfEx)9&SPS&aZ z{<8kbvi{|={;jh9cv*j{tUq7o-c#nDQ|4Y%<{ne#-cshCQs!P#<{nb!-cjbBQRZGz z<{nYz-caVAQ087x<{nUH=`XY7ms#q|Eb(QQ_A*O)nWenU5?*HMF0*8pS*pt{(PftA zGD~uqrMS!zTxRJlv*eapYRfFKWtP@5OKO>=w9FD(X6Y=mWR_Vf%Pf&)mPSyZYswVl zf%qI@i95p51}qS=BP?Y{Si;IIU1gT6BP>;AmZ);_Jg$Kxrp(e(PA=g$Bo0Sd6ppYM z9AObCGy6e*@T<&hFEh)_%(C+peI&{%jk&}VlO?hLhPd_R)~Z2#0v2h^u!8Lrzcj3 zC3<3o_*!~mg?Ix!u|j+YJ+VT(ot{`BevF=2A%20LSRsCco>(D1N>8j1=>V&t5Pwfk ztPqbQ4Z{j?9zC%_JcpiGA)Zf9tPt1I6D!0^=!q5L9(rPh7@;Rth$(tvg*Z-6tProG zCsv3z(i1Dh_s|n7#JlK;72+r8i5231(i1Dh2kD6w;$!s03h_yLVukoedSZn*gY+IN z#8c^s72+a#VujdAPdp=~`E&AZ)RFm#72to-J63?FkalAQxQw1y0q&zGR)7V1Vg>km zdZOVr`F%=Q0lw};Jh1}2nVx9;O(rRsLi&)OSkXmD+x;sgw^DNP8Avu!^792qeo4u> zXChfh$!(O}LCNC&EpHp)75+vtRaw{dbQSx0%zDJ3+ z6v-$hZ>Qv)l$^H=$x=$_?(yVJl-x*Mpje`YR;Rmn46ROqN)4?}p&|^eP764`OcoSs66z` z@+6IS#OYFHj&pKAHdtj&3@6)omIMpactg`bGoN7=JKxa6h2LT_ksi*btoa7NJf-HP zm3yXC<4p6bT<9dJe$3|cMRFgUT3eU+1x^%9Qe(J@5Yv!qWmXJ_z%Ze}Os`O_9KTt- zzY*w?4+H$Z6ZSTJxLuzK9|hmvW4^XLDEc&UgNL+DZ1t8BPGs{s zH(x&l7&z2Uw|#|ZNL?RVRBtmZGB$T&F}uam)~aVe1`MTb=JS(Vk=1K!Id`RKWtwoT z98)=t%mGXX`v_J3u?wvD)mCiqeeduCojRT=520n1l(W~ zknV!R7OGkT#`5F2B3x(DoSukbtF3vJvrWbc)nO4+Qzz!IA2CTA)e|!rK{;1a4or7Y z@-a|SfpQyd%6W?({2n#8d)cI$SS1$i{z08~*Z9$nY~q$_XWV$^D|HvD($3*=Hcfq- zcoVF}qTbupsdtkf^=Q;+L_N`MUo};hL5Jv>`ytGY2FrK8ik$tGlPq7JsTWyY`qA0w z@KAK4eHcRa7V{-&<&p9Ap-vs4Hahbq9P`R|@>ys;IW2tn39Jm!foQjP#t#{B_oH(~ zpo84~7EM2{PScP2(6mk|y7Xg{hW`E5qRIO0P_TLOX_+I&A~;84>h2 z0QvlS$f?nAH0q6RTDS6$J{4KLhIAjfwHbP53+TM0*Yvq|b#!}!Jy#vJFetq_n>R>+}6xc;AfZbR>uv&(bxfyVEhp#^VmO9)A zf`Yqv65;wNsi)N8J`oh$^ICwrR)M=dy>@1gvJEvISp%`5mb3s>!G;Q7;MZ#xtAh;% z1$Jo*U{!i8!1}?xP#y02px`cR0j?TvefsQvb+G$_0^2@mV0*mB+N;#TW`Y8{eA2-7 zdV{@Q9c(!$uq#>stJZ6MrvvX(hkJ8SaL;c6u3E44v5-Hb4)#+)fnC`GSQiHcw$Vfj z-je$rb#xB}g)ZCzy5;qDL~_i>`SM$JY`+c)TSrjXir##i)2nP0wIORDMp0)_*fei! z%ha)*7ZkQtL18=Sjjc}|+eJZP>k0~+k1lzII<^BrVe4)ITW7s4VNHoJuOr^vE2$&Q z2ZgYw1%#{W5n5X~6W$PSP={Cv3Sw^y5LebiEX2dfF(18oyE?pEgMzoZ1$ZtpYH~2= z&A>0HBm8Vo2-mcL(2aqKZ0?ZHB&+ws`Hv@mKj_{eF5Uy09kQ3tpwD1aMU0O+D;__TzNo{6Z#du34YHnsrIZAy>*c6!)2H5aC{ zcYI9Bo15e6a1R9q_o5cyx+opvB=Mo{Fm=lCDj!$Pjp{((6co^xwE)yb>Cm!>Hy7_x z2X{wM;4W?foSS2Yg*IJE6%nPRkPFj(MQ^bGsSfswL4oaS0qo{_4Qq(3V>enjmP%mY z3=)%Bv0;v9gLv5-XKq1 zqig}4gsg#BKwDY>>0-C~(_a02i+BfMY$ea3Sx*yld3)T^$s@?JeMQG0=H`1bqA64E%rU0INX( z>~8_!j(P?ba*22+!Wo1OpGO#{tTQ+Q5;jAr^90k!8+ng9{114-|L41LUWxue=z-b; z74qI;dk^NNEzrTmlCO_~62`V@Z?=C$9ru?#ar?qG;x&kE#Dgs$zNnt_2zZdv!W19D z3|0rzD4Ot@Z2wpt^Wy?8a*&;GYTw{-jQU=Yylb&i}H`3^lP;-bG_0 zS_3W{Tjed;XI!9cEzL*P30O-`$=-QGpcs9&75AuPTooY3w*-pO$F;Ik9pj||V!Sy} zj6U06M%6LKU$Pi|Tq*ykj`1}CVtikqeDvA<@pg5LH@##r`fRZLs5-_E1&HysK>2uq z_t^1ub&U7DWHGMw#`tq}j6Vqw(P!1+*tN z>L9=I(go>b>itR`0|31zfRc>Iu2QbvV#H!>0|6IR0nxZfFPd?l#|^) z#@+^XkZWJMAbl*J%hf^d2@vGd!E(~a;>oImOa%z?g;qeiMDQ>ScIOJc6(h$pXvqYpWXT45ERE#R+nSLr+sHjN-8EC)>gjHG zbEgl1@6CD%!c~1w7nH`Ag}n8no#=g52MzNyDzvDk&FMBi6l_D1}B(^p>h=Bl&yLe*LCt(vqi(O28#e!5Dv z^41hARH0OLHn`K4*JqVV#q@N!1PD~+mFbj=>UnFES<7{C6W6PA)||Lnmns+hAJbOy zV$q)AJnJvbWe>Uqi=eJ66m8co&fC?px3*->(i>H$&)Mdz^wuXdnec0kqRtN7b>jp! zpOb$QDSIZJOPA95oEs~;rK-0oo6gzQD=zD1nN5lUjf;Jge>XU$%|$>na{n{NY7cbHZaCwar~cux$&`lBAG5Gvvy*( zXxq62zc6PNFUH*YSt7*2g>>a8pn(^YRzbYxVRl}n{lmf&h{#h$A3xJy($i3S*#l1#h;brMfi9m{!A zliHD_zP2H$7aEfKT9OlWq<)eZe!(i{(z#g^(#Qq7o9Pm|wq3|V>VWkp%cWAR0lrlOeLCmDIOcdEAqS2dwt8;wvHY#VafmH?sF zduvKoan|-nZb;ZepjqPd_+j(N*kKwvN(J{|Jf1JuxpXR)vrBQeU}MM@Eb;br`B9Q{Z^K}7lY&T{5TnQ2 zwN!aTVmn0OcAhs;n+Y};&|5sagrdL#R7V*_(%Z0e!jC< z(3S8T%z3|eZ)ZfPuaKg~_NLTGgs5>uw`5{02mNAksWjPFLz9~|O#(~E}x5T#{FoPM>{MMW36S(#IkCoH%NZj{2lnSXhWzv*-!4`T1BHogs~(HV%!=DrZaa znKUFw9Kt1!`}yKxLfpt^XJ->y-%MELl9Mk&!L!{&f2@$2sUg(r?5t^70h;I=KKu)c zJ(j0Jia574B~G|2$)1oHhzB{alU=9X|qo41Tl<>q=CZ zqQ-MNq{dKeU}@Aq0d1)lf~9sGDoj!1*3PJ5LP{=;8m+{v;*H_f)SycA zjv7>$qQ-MOrp6L`%5a39GTgeSfEqpQDO8xE#`8L+#>i56W29|Q88$~+^%PKpp8GO( zi9_&+riRfmHTEr)8nuJ3mXcbE4x9VhP=lWLj2ixc`}_{6F|t&-fdbm{#z-5vL1pxe z8dR9-DLa}{<3dP1lOwD-5?k`9!bQ|jWSdsblq4N7!y}8%p~hKJl@L`%l~&Tt&@ZZ` z=(4j5x-3zmQUz+Y4~<&)8=^~4|Ij%?bP3DVCDX;1tS@LvmvasIWr>ocR*r0`6!DWW(NlOBz@Bq%%d^8iJ{ zl4D6a2vtZ?V^_!27+RVRvOhKyq0bDV^_5Mi5jE&}k8}{KkfO%!j;S%cRB8-IpvG_; zYS8nZQDazBV^33RG?O4pp3Ciz)z9X%d}^Vo8PYt)#t)B9_?^Tq7tO4FDTcrKf`vcv ztUYUGP2rm;#m7#?C(lpD?}f$ph4@Eq)7yqdPalh&NW=#F2QZl&*&pj4i1qjHAELiw zr;gT;X0;7RmmBCY`i9>{9#aa(a#TkN6SFB{&JtmcJshwflCil|g#Xws#?p3aCYCSG z#^IZZli56;Dq1rolkS_Dyla~oxM|D$1AaY=Y11ms1X?K5>d-_%NEgsT%iL)ja;F9qRip>WI8~O@LiuCCloz; zQWHgq;ii;$oG3AI*gW=d_cGkIv*f3lx4}eiGMjgaRUo>}f&LoKSmUPXL4Xea9iIl8 zCn9%BA=X>fLs4R+DJ6t4Me@X%4q1Z3z;YPqA=zDKhQa=AK z<~2~z_cevi@_u6c^qKhx^I@oSIW#x4)9eiMKV07PgM_&e;5BYKUziWhfc-l@)V6cp zb{|z3_cz7Jnu=g_^Pxk2^ETzNfMzDyi+R_aPsaO)<28)EUNANu2HQ1wvjNy{Kdr#t z)fDUm_3ASenkad4>{1f3Z;GLmjE~La%Q@5nOdAjKk7*;jm7BFW@*_S!80(MKcIE4W zFHrsf@J7#k{MsbgT{RT?15MH2P3Vt}o;~R!u9v2)eS&W@R&mZm^re+;#J;QOaR8b6 z?V}k`M2-Flh2UUQ1mlF@?2$vpf#Kl;K8mIcQ#+Lq44W$C3pISYt~ir4sn7r>y2l^F zJs;QI3RgEDRS55Hig1t+o*q3n`9MJAP-FvD&`wb-1y7XlGmd}z_M^&S6>ANH3`rJ! z$A@vdg3+dIRpWb_*7ymo@tLtxtTUJojE=V-BrxckPI}fc5nx;{vZ6rYcbFd|glamS zMIek>DCQ|<#MHu~nJC?;#txKerGo=V{S%)6I&7q#KRLi_iB(i|dtp<$v8jMt+MJji zojf;Tj!sOBot+#%eJTQH3n`qk5z3p)n^F*CoGrUVQ@h9mZoGf6Rv>R{oHfAq&2#v~ zJEpj&X(xzYKSik*HKo*H-6zb422B!RW`9c~WJref4>uBE*9kf(LDwI&H#U0aV@GMt z0s$L-SK+(2DZYCd-}vFc=-Y%T$!5e#MlugovWaT3iX2mc235a(2qVoQFz+|{j6!l> zQzT;kK+?-RdG5rdd3J2#j5+zpnSgR*}0qo5KWb z#L!VNGj(%w+H#?5CbMa1H6~Fr-ak~^?{BStE$~8sY;808^qWv@)J6()RBc7j`3yryoj#A6Zt|hJ#Qr!d7=)tKFqA8#kjgKVH`071l<|9 zHs@=-6`N{u2WUr+jKIryqtSM1#BI?Q0hXbad#$mP;2`qzt2m1$y&Hj-%E!D!ZqcVIGi5l%L0mE4?owO40 zhtx;?uA0lIf;J)b+ozUxW-Lc#6jhEir3y=+Glx$FRs}??$iDcA5LI9*bW267T7ec^ zOC(Syl}k0E58V&2)GGPgr;n|;X?d%qD0Q?crLbr75plRjU8i4g3hfFx^e1TD~4TP1VVc!<)PhXno zV(U0a2t6QxBzVtkbn{tWUP{YP4~FHtiq=qLytf)IfOM+rZLN9Nq@}Csv#0#edgtN} zR+`0&WhnKDvb;EUt&Cm_EaP<6kfmT3R?e=* zQj@G5c;sz*nB5x2gv2YLZmz$tR$paKue|E2MhmbMIRH3w5_z0$nPc<^>sOsSGDqnW zt6;f~>#+{mnk`xdCs391U&8w8NvuPwsgZ&8XBI8ZgMrPlb1v-a25bbWau-q)Yo-P{F>0{7T zy5t(HDB9V@m@!_WYLIuM`PX={oNdrDVETq-%;jOyuni~{2J{44R_CT&6pM#a#{e=s zfP0%)Ar@z_n$e{K7>zPIQhw4su+*-!fVI30p;9?%lr2dxp2H*oei)Z%FlXCXst5c< z`-yV8Xwyn_t_9u0DCCw<)s&s(%7DUfR~R#8tO}$F8BE){MntwdTu`5t>b*ojD~Ty- ziaup5z<*}I`v<+q5@n5@GZ6BScC&mlCVA^hL;uJ(v=$Z#bo+L~;sS{VEg{wgpvy1FzCK6&0=$dW#LV@q zr&?fjX5z3gIHcX1yfk(m%RteANGeP^@F*C;=d?7|LhmNgBsy)$u}Y9aIis9QV+u?|j+xrdMHEgq;$H*Z|b~B0IN$O5g5StHXL-Z{lFse z?L4WVMlp}U9z!CJpsEOEYvOKOw4qE3HwVcF^b%w)VMJD(ue309R%jcnb4a6T8i5wv zA4msLh0DPnom|-j_ZkaM8of>EOcYv`XFUs|0Xh?Z6XJ*^q3E~vyp=7B9w}=?hD54W z5~eaO8)wOIrs`ayW9XiFg@`#tqArN2Is3_uIeSBM&h{=$g3D?ZnEY^sZmR-rX=}WbDOK0e!0J*X>++_+H4HdW*h}5eL~KQGN%IfybWgqO0t>_g>UNG z{9J_E$f?j9kTpCN+FT=py#G8&TW!ecn~~+I0*eStMmV}EtiQ8jF-OWfw&1`93pJA< zB}!;;l{!7m4`#6Ci_p-~p)oW|n>Yjx&ro34O#8|_Z4-18~6+> zz!*)(g_bN$QpPTPe|Mk)uD~)O25heDsPOx6ru69vgPcJa*-&>uRkvlO(TT{$fEQ?_ zC8GLW#ehmX4L#gw`w4#0nzzzfij1W9s0W{co?uKMghLcO3WEUu+N);Rtab}T4{=){+T}?P$88F8iJZ=3+JmWtfgL-r z=^Mh+Fg;-OFaW@0fr$m?C#eV{22}8Oxq{6%(xbP2M_~CFXU%*9f7F=m z{lSln0BgW>UnktebeYcvF+b2N%!&&S_hJn28R6TgY&$EDWY2FRE3@azTd?O3X8`f* zPnGJ7k+*@7|DK_A&B&kIv*$-@^lHG)n^!et=YfuqE50>5qL|;n+fb2+47wFrnL*#u zf*KgvNO9KRw$(a6hOS9Qr#2p*qvvP8!f> zw|k=ZrMpyLdRdFU^h428{pwSlI_oXiOffUuX>Vz+6?tofs$BI}nB*PKd<5f&@Bbhb z>4OnQmJigu<K)L2o@Umf-$t7^c~p&Uh)bj9#AN4R*^EQ?HD+H@!8jx>LxiBhZi zI{Sz9yqw%ou$a({fj=RvzL*XA^DyP&<$~EjGmA}a$#^_(71Q}Lc3c(94>8BLaxP|Q zn3l1_8YPp-Moc7CbR#c4LC_jL2!}Q%ipnl`g&Kkyn%7<)f!D%Q7VLPKQEXSsYp-v@ zYe7~J{`D3{8Jf_`&;WKT!cfoal&CeeODtgGH&TdV#WUryWX=e93bhpp{!N%1U{PfE zo68m)ZFbo!9elnaMwkH4!v9C5pRwQuv0dfkWUB$M_6)|kx_im1KvsrkAsA#~M89JX zpYkgpBBP;o3+72Iq1)^GPsm;wbeSx`FM+4%DpbQ3kTv^XX`p9n1L+?5nvQ!U_L*$j zBi~6qGH=Y55nzOcMS{`FrMW!Jxe6WBS0AK$x8>1T|S4(=%I+h31sjB?#+>N5<>>$24WM~ z;91VmD2DwqUV=K5X~T4K>6fs-H>``f*_d$zKj+9EnZnM@2vVZ0zA-4#rsouXfbeFl zEkNfZ50SLvPStxGiB9ywRDuUOs^1hNH%@Xqk^h(thybPH%S8{} z7QQzwaM)sS^@dn0L<;OXsS4XN1ln7N!8D(pw^P;QD|lMJUbAW~c{1<93);@OtuZGn zVr*@|=K(5wOi-a=t|;&uz6jiXtWGq9n)wjEDM4-#7W+_#(-K!OgFi=TZ?-i;64!sz z+a#NTLxB()6qsPhN02Kb5)qH0%rQuxZ#&1>E;&&v_b1Xbc5)G?ov7w%kweqrtDsjq zqmZ0;e1)1b6v(=>Mi=ycYtr|#>w00i2xK!3V1Yi56KmjlC08n2M;n*-Lo5BpsR}2^I4- zd#r1?YIS7JTY;=$&by@x2up(cP=*^DECvli6}^x~kzg##y$EdrIs-X+k%^p!I?xYc3Qiv7 z%wW7DZ#j*8B9HjW-S`EeMfwdDh1gm~EE;y5bw zQ4Vp%6h2pQ?m#gs`9plIT zngRR)4PqOg^QJ{9?f$@`)L#HrlY=I-GDp2Wp@g_^vm|NRUZ0pGD;u9TN0N(2V?j(M z(ziFyp{a5p0#&3wv9C_5o3&i=Nlate_$R70Q_LfL1FTTj-fDgpsC8qe5kY?(&;tpI zxX*OTIMXWJMu&ULyodmTaJG`Xhy?0NBhH+Lti%~zf`*zEe>A}8mOdJxrNjLnJ4R+y zqt~|dns7`bS0v$vEYG^%9BsIdQG5Y=z449smmWE!Vg4(vtfy1gJK9=sIJ_Sb!| zz@eB$C|@Gz&$kt0Ey&%7B^(Wzbn`}y@i>r+O;OBmauy>LXB}6j+#NoDVsxu3P==dj zJ{ka{f_OtgLiaBn9!vg^yEyX_lG?Pb(Vh z5i{@Vl>EMCS8G+uOkrA{v5?gJyosHki14Yf&zs(AHm2szG_YX9mn6g4h1puf9^=GC z$agGt@D1RGHJvY)YC@jHh{(b5G#3uaF+E8Bus^Gt_cI+gFE&dIP|t5SZ@aH`nx(wS zx}V85sDO1Zkcs59P!Lt7D0(^RyKVLITh7{89|_GRU$6G6?$R=krqAC*ppVqe{~B4t z7MHtgHMWnA$~i*qylf6}-sFWT^3kZIHq@)@*kKafrlR5vI;FWh2hx$%K)G8(H^G_7 zY#EWD9!3iqv?*dA_7C!+(j|;kyeeKZ>$4n%Zrg81 zXxp$hj!g|Ss+r4y0A}x&A~PKEJ#1adK3m8AG8^$_Ae)>qHnMZq&r6A?+VcMfZ48E! zO)-4kprn zm^5rt7x1k@wfCcpIpFf(IJY2Nh{{1_Vtu`IBKe=$E;4B^7MA7tnd-k;zu^h_iQ4va z<*ia88o>hCs}|FC?NVrwLsR`g1gb0hQ=J4jR3ibrS52aa$)2t2#U3O!42VuFp9i9o zWDLcebrEq97Kc(=5uk?-H1VJd{z)a+2{VJGltdmg``sN*s@H zyq9Fr?Jf}e(yn$kMsu(*cVgqPjADVBc0YfHJd6#*L8G=2TMytY5nenf7mw0tT_|JK zYSQ31D;~_n(oOVq|7f3POaQkXA5ss^11>tYh^sxBXd68~jDtd$q<79=!Au{Xf)0*@ zEr^9^4_(7Q=H0kQ?IQS|3w43_-Stmm*Sqh&C=m73AQ;5J43c(2 zpwlEd1eTFJ*nsf0gKAp$M8smyhtOXKruWw1HThSEFu-NNSO{l^IP1B(-=Q zaXET-_%0ZU7XiqaC88t5!rOHi(uTSEVb>TdU~H{pREI`mCQu_m-|a7lhk>< zHBkHzhg{9Pm1^wV=Df}8)4Cu9TS1&iFq^%5bj(#Z9YqT@!DO8Xwd2i&nwO-0C+2(P zb8RTggnhbB4PxgE$fMmVmfmJ5q`hb#zz^kHnob|&&e(csS6KL;4AIG_uy>Qtf5|P& z#sgDH;sC$MJZidyz*42BG@1%44aj%VLd^(#QEJ@&7nRl!JU>dQ<*HhG45ds_)N)dH z+p6Vj9T&R0Q z+c>UG=Cd@K)IDsv6x&;eR~FK#l2bi?Jq`ZfrV4G#d=q~_itpf$5;?L4N@mn*4w>&G z@9{HrWiS{A1go#qdT(VhzfgCdH>5;NPjRvCQONJ&t=+Q+J3H^$!wnJA;xad`1q|Vm zS&2OUfV3SC+6DJXRqO_2Z8ZYa>q_T9xh)aix{hkMEpshr&1}Y>FpKc(%a4B=x zbUszjF1s=tkTFc#U2W;T5_+fV+kCA%b{eI%qi9%wJ`6xJ5dcXtB{^%`8h(CM9eN4- z6f{XpwRjl_!J64E!WJ2g%K8Jr|hcVjMgZDJSBnuNZXvryxmJ2ARQ!Iph zMWb#*-A0?!q9U|c2u^>?7jgVu$&TB(xUb1`h%%|jyX@F(Y_BmkF*vesw?A>4`QbqG zd&$eVO~WzXFJ4aMinXMO7tBR*U=`E^`l!6$O7ckEGxO8*#{0bo)oi6_4HQ&8i9jLM zb8)t+kPpw;R14m~;?( zD??|c%S*wU#$XWiQ1Eg#!4#zr$29PtLfYBtady_=eq zuIO}qqmTQAPevfzS>yq=s2=E%Va^hjYu)f+&U!J5I?6?bJ4h4G5`=I4fe>f4&iXib z8Wj*qar3O+Dw-u$k6%qJ@O2ECc<1l%rp0O6QdCV~7K&XG~KJsKo^P(?q656YS4KAhjGz zexCui?keF9mIAN-ZiKg_=>Bca+E%i)oM8Vg%8)>7C)j_FN9|NB3H56cDjkMu1M1&I zcq;_8d9SDLDrLz>Ba|v9*pi(Rb?nsT%o;9Y)k#;|6>r2>Ci%9~OyPJW+cN(bMvY?= zr%xFVCt*eo zZ1O?eFGHqqS|0Zxx<&3D^fD1fC3}fFyQ5jIecbcJ1wYQka(qR5Ysv*Z}Q0%wW;s1>KGSRFq% zye4;$F)~6U1brcdEoiy*_C#+>fkt~c*1^hY?k7;bZG`R_@}4rJ>VTTZ=-XjGhpf(K z@81b|_y3qpbY~PS&{`aXXLC=WN$+Liwl)XI*_`N%tv?`VyGxkutkVH2a>n4_&`_U7 zrQ6v6!cdEV`ikgKf1Ig5^rRbk+@&5MC%WPxW9E)X*U+Op5|E_*^S@X zz?77!;AS&Zv2R@!rsDR-T^U8DSx8e{wQ2JVx<$Sfp=qW0_Z!F>Hvi5qi}^Pgcx94t zP6l4BxQ3X$6C-f2q_O&vdS$z7VGG`gIybZh--ZY6grhW&KA&;7X8&-fSwyFKZiKhw zkZ}uVZ7WAx+JXby>!H3V!doGz&3kgd7JL(z+EwU5D{VXzff`|m zPogzvqeD!IdbhI%o@}bH_BGP0Wk7GAT4X|J8tYgEz0A++aj9BNy}T=`{aB||TW-eK z$N^|jFT|=IC8uj|YuIn=81|2YS>6&I_Rn+Hwq1X}T3uIj!Wqq!gcG1oZ{QeM*{1CU zUB9m>@xiVr@f)2|V%Zr0#}Fs&dIqSutzrLJ$FN@k2KbZcu>Xj&wq<~ETEm7_!SMaa zU`U!#Q}Zic?!#8&*c_Q|C9`zeGjB<#SG?giW7I6s!xA;M{-G;seZ5m^EjN=~Z&}%d z2t7@}*hk0fVl!Sjx;B2ONw8@{`@uFmygUtt*?_lNSqW%Zlq2YR&f1n?K7T^mFf{<$ z@q&VBDWnZt(wD@R57^C+5B&@5!v$02C2W^DN&AiW$ydZOFcHG5vtnZsJKHDiIoO7? zCO(cBk+WdqSgeZO3*|VKE@R_weBMdVI5+0 z+n-QR%;!v^*TFtSshR4Le@b>RaP4T1D&`v)E-=Z%#*?Exs<#rHhk8H-zs7b1CXq%O z0#_G7ClI&p2w^!*O!g=j)p{x@<+Nb3)*q0TkR{A?ZVxN831X}SjAq!fSoOTVz~B`% zyY7pxi9qHsnSL5%@}iUJGG}eu7w?+T{f;1#eNb*9B*D_K)~G)!?(4n)O^bJRMT>WI zN{i)YnSn+uBYiXptcHQ+(?^Ozz2NTRO-;Pt@0fV610(%zbmILsXKl+!`+P>y%aHo~ zH9$%`suk;sjk( zy($+znA|%;Bi~db^?b_Uv6W5{pzRzGYyuxW`O>jX2XB_dTbN<D?xRLRgv#>~cR zh5d|n=vYNx@rRo0@W`d=Y=XN#YbW%Y@nA&ww#KzmeA8yuu$@2AdR)1YYPc;!wc*hW zN8XS&5fQOwK!K)tOVU&$EYaVHuWsP4wyt2Gs9>YE^grjVOs56{e#Pb{a=o64Y9tT% z^KJB*qu5Z@*?pW$;B8k$-y);1jRrm@ZXs&*bt;qJ^7jLgJDs@+e*!+GI!DcvYUNfw zoMT*8YYNIHrq2dL)f=ryl|F%cku~fSc+;}`1h!IxNS}bkRqfU%5UVfghu{-m`dHN(B=t>{HR7U3$BX8yxJ=U%;7g3EIF#wp;k7hP+~9d)5v& z**nl={}vtc_o6k~Ex{&(yJo?j#(51mnf2@m-F7YWXhb)4h3E#n715?B5G{8jt}W%= zVEgIc8t7de1AQl&ZX`O;LC)G%sy>J8>~fPhiri!a5SqPb7;L}bEe$u{G2C~f3A54Rra5cdCcHV&g!0T`LqO0C*eZ+0^Qx}!ys}d~ z%iVnIviaG3u<`sG8tS_`hWcJK-8-T~{RPh2w&_f2I_Xyk4%(2Rgn}YOCmuRVGxgv? ziw@t?s6W~j>JN8{x`PI8omEcAh2q^jYoiJI;}OOF?N*qWaV@0?-F|=Har?awT&wW0nc-Tw!aFfd2fPJl z_2*xV)rC*?8O9D+h;|$_cJP)kJND8YgdfwLkfTBN&Uhx}WY z=*APpW5vwS=uG1Nk^S!U>G8A0cKpFo?##J;>68AOU67s8J%#i_ z-%}u$3Mob9nFuxEsPZ=G5TKNxK#*E=hhA6zHKrOp-BC|DzTGwT`0cJKD5}&s^J=U_ zN&4>s{{=)j zxAylR7(CEFFmj;pDLIwDGS2!8UO!sw=z65s(e)_Nje5fZ?8-RHWFXN+L;sa=Hfxvk z#<*HWKq|+tjI#)lY7nn+Wt?ryFlv0fGS2c0JJ!)StEbEVyUldj+3CE%TMgSv(#H09 z>#|mEwhX&_)$7aPNEA0&OczR3ZzE}}S^NVB7iZn-Q@j%OyC~b=Bl}lE(`?^T;cYL7 zJ+Vw*Z8ODmIN%pnnG8RZTos5+_1kmRJBG;*+SW0=MXG^;n0e)0X!J-^@up4feGJk= zdjqnDJ+%K^Yf2exbn@R+ebwl=TnZGNN(dV!d9AN+^sev0zMU%?Uh#Zu%c2$jo11@M z7Ef!PV}x$C*D7->AB0-{-0FSj{h1HSBN*k00|YAbA>2E@qAspa0QR}9kux#u{rO*j zp&BXZb@#R`h|`v^Q$FqOLX;0MsCOYmgm5DlZlSM+`b4WDUVe=)OAYgf1A^+$*sLUsEd8`##(sqILT6mK0JKv+~IM##>E&dCLKKGvr{;#=d3-0MGq7-euP3{7V^c5 zI3HMS^K1;n24ekmMl|9D4c@H>M#%*fkEIhaqqg5n@qs7gWAyhBo=umW@^lQxgU9W% zDG&TLaXy>aSyJ!^9;MP|DxWm1K=n)n9hsWc=8URd95%-3_o;ryJq$c-ZirC z!0_+^Yi8f{P`@=W0(p1WU@|p4Ffe$)id)5**j#Gopy{6?eJuU}tpd-O zDk&SMJYe^RKJLrBXMNVf*;E0`rnh21b#z?mwk}3!>jE`0TsHVqBgoD_ex*s5xk+V< zZuWli8Ps)r{&^YmPk6ZbYcaJDD))O%m#X;Wf}6T9worL1*4bpu>BaNIGoxZjUB+Yx{#g z+PBw6zOO~A{}#ne4h8@~V*3?ei;;(;nLN3ph3VofQ&v_ex-LU3dxwgaq|((O4dHze z4^?2}`R7A;OPx=zB_*{7OUA5}SX(I0FztLq#tDf$Mq#X);*#_sX3v;TFg!SH2CSK8 z{SliOcGZZQc_KhKZ^fVz8o1I!>Bo_!U4)$+N`DJkYll+fN^6i>B~|dot)U0Q>E-8J zzhVCiH*9!}`{=Wptrh#OqP`gz?*0TwG2DsU5k|Vqm*|D}d%ymS8{*pc?%=pbEgTy6 zKJW}2_u4~xQO#f|+R@+AOZ~3f&g-j$KRg6Vl7x4m7d^orr`nHh|Az5LNIU;68r_D1 zqZdVi~7`zWmHy^vCMnbVH>Aorf7{k4%MdlUkWQfFipf^f^;4$?z@XP zvKPydC&$KU!H624aQgfd@8GzISr#T)QxkTwjG5^e4z$Oy;&SRWnoAY)X&eKJW4P0& zCuHf^2(oC?TImuZVQ`SRoPX7f7DKALtr+r!%KGafj~1(uwPv*No_i77JZI!?mZoE`1yQRgT_@HVB%~Pw0k6NSJT*qb#-NrEg1yBwPl(iWmp!I6s0rGn_ zaIWXNnJv1;g6Gv!sD+1ifYIC$cQ%fgbPPCOS zC$FLdmPGgPUnB7{9274kYubw!QJ61Z0<)lUtism7kb%l--os19cLQ4SuXj^J@tM=;wq16sPR$K6#Q*s)|X~UY;)%8npIPHKk${ zuy3pK4;oUp3K%d&)nEUS!&mWtVGK9d=WhT-<_elc)fYpEq)C?%or;L)uqOQCK|}Lv zr#&@{YK`o_{;=rZkz4}$$I;h#LQep>hFVz4aOvV*fk4>L;<8 zBQSW|s`Kj%hMwhmTP0(vJF%i$s@kfL`yY2!hHcYpyzR71G+FXjbfyy1i(+liQ`O9W zAUS?FzV3QAHq3}K&5(`iC$a^Rs0yoU;4m&`)GANKz3WTZA;ZNc&yX9mf8Z>J5^|&M z!tru>tXZudzsl=Vd2Ad`d{vqFZ-uuJ4NhklCS-A^ybbCO9o=0$<*mcE6Qtp|Rc|xK zESLgd3Whly8@uFERd3BhybX-D1$%37>UW`Bs-DV_75|jCe%8*Bl9Vr^u=TVlI;;S5 z1^l>1d^3R$UBu5m`LkTi;@7pMd@?a@B`?xbx60eqcw3a=Kk(%E3h!DHfw}Tr;t~aM z}&vL#%>w(_*(gbzOey2%wnUS1n)V6 zBZRy@$I9xTtG&(kr8KApgGSj^nQ)?E%APLIqP&d@R*`loMvkIw&Ed{^kUwb?qH4w4 zn9hMl@IWT>q*YeE)#cKRiKEn>6Mm4ei^Y5~;XrZ7;%p(bI&dZ7G2JAn+@OS8Yo62; zk@+Op(Ay}=ZSei@gPNDU>!|+VGuHumvcQAG;FM1n)K1~|)i^%M+gh}7C}t{=V!auk zp)=%8d24WDGy=DY8tD}H6z-Z!I5f`Nh`5D(!oTHRjlSSrn<~#05}N%$RKB5(TcZLu z@f~JtYI^@x!G-lDpSUzfymTG9Ti&%3!8e&h&{yZvSVhIWxhauKyR>}~fXG^|Roz1L zvJJrFqAv*F9hgSuOw6RSd`6zPjjr$=xdjWFhYC!g#jhz^3;HKGbTf4?Fivh3e3(to zrAyV5*WKZ5EZ7BKeh{7wbO!;Xv{o%!^=?uF6>ht+!Xg6ea=fK>)w_Xmas`kxf!PRJ zsDu_-hx_Jj{lg&XMr^xWQ#{@Ai@#kJ-}>CTD%jbYMknIql-GH;f-UC~x_4?vRl+S0 zlU(+$a~H98{t`C$myZ6bwfo&t(ga-?+(Zykx8uqWuC~-i9)c4)AX*kRO^w6Am(WUEnss zdd_R=Z=)YOZz)sNXZ&xp(#LQ{Waiz_EZK{1ds|r*s?kDmX5+_@#lqpN?t9j*e@DsJDESvk z{*jWEq}g0W$#s-mOUbR2+)T+HO75U!KPAJIu*$>=(d$WhdMzb$#9npkxRK z)Mff98Cp$OlzfSjFH*9K9;~3`PD*xB@&!u%De;(#ra-^*}uZ9UtzYdFw0k%-7C!M6=w4avv`HsyTYtpVYaR?OIMhkE6mCj zX5$L8aD~~o!mL|iwyiMBR+wEY%&HY;(+aa_h1s*htXW~UtT0Pfm>nz3iWO$V3bSB^ z*{{N^S7ElRFw0e#-73s#6=t&vvsi`MtHP{RVYaF;OI4ViDj8y>%gjcXnT0Mh`yd6c zTxPbp%q(-6+2t~`%4KGg%giDbW{=Cv8lW56?J~0j=m}1^%&c&k+2As>z-4a!3O9X) zo4vwKUg74ha8p;fnJe7H6>i>2+1XAF`d;T95Nf{)q4qHdwa-GR{TYPXSDo)V-(iX7 z{6L7a4J02}oNcEo7H7B96^pYWx?*v5A6>CHJ4sh8&K{*J7H6|`#p0|)S1it6PFF0> zUQJgl&VHV*Se(6wu2`J?23@f@`vhIFIQtx3u{iq+x?*wmcXY+#>|f}L#o0=d4=m2E zqbn9?x6&1hvpsah;%q-%u{b+SS1isRq$?I@kJA;4vx{`a;_MP#u{e90u2`JCmabTw zy_K$5oV|~(Se$)`u2`J?K3%am`vP6DIQwh5VsZ8jx?*wmzv+s_*;^p%?rWyHM(NKM)ouz*v``x3$_$pv0y9E6$!S?OOcelYlA8! zX#n1}NgVyoiWc+|afc=kDxXlMf_F&W<-1Tp=ce;nt)=qK>uYZ6-0OoS?&9zyb~Ug; z(Dv4=YH%rALLbDWuvns5=nb`n%O{wNW3H3Tm+2g*s&@@epUn#G5tHn-hvfa&k;3yw zAj9!h?$gz?P~NdY6Q%)DZ4)2XQ=i~%3enmq91`lbo}W9b#Tne8)wl9k?#*6m6ttXx zY6e|)23D~+Entcl%Q;Np;}i}jqSK^>BweC7HMikC@gNs(WK7Xc?Sq@!yD2!ja$9CU zvbMBEua-0Q72YZu4l%zNKXv3ZO_>9R60+Wma7mec_@jaqT9L$j0HqaaMqmhi-Pi#W zJ_Q@^AV&|v5Pc(6DsWo&WOQr~c8V=?8gFQ1&MwTQ$XIjyrY`UuY=|#O0CyG(wE3e& zbHUbNbJ4+G>=oGUU4Xr>1=zaC@Yawk(IG$GE66u@0r}2)$k|!bYSW-^kB;uGy+U_O z7wB4XubPn$#0Fb8ZNtWWTOyC9Ymv31(X`o!^SosPJJOnsUl1Ma^Lqu>ST?ZxT7!L2bg*~#3heWj z3G7I_K6^eo*mJ!CyQ2%R_tX!pPz;6QB!?bzB-U0Q7o)??_X_ULWrW*CNO{rWUhWm# z7jyylt_ZE$rq{kJI@EXc3hHfLK#ib7nfu%I+TV^2_M^Q5dwUmPqx4#UZ3p*@(c%8L zUctSi3%JqRwoRY?r|4k6-7B!WmJRGs>#=s@*2r4aHOSf%Eo%3&fgNrQc2{(;xAh9_ zo-V*f>$PpC1NTRVdvCAc-q{7*XuYk*lSHpZ8qj*ji8dWDVmPVWV_QtNj6rRdn+-79SIF1WH`yV z-{}>${$63b*c#hkM#uKwdxdSFSJ>LflJ7>x_Rqb-HrNHWc)cuPNr{~TW?Hx2mg^%c zHJgyNCrZsw7YO_75n_o=4k7pR$#iRod!s|#-7AR0T|nGh57AATwB=z-chZsQ@DB9~ z-bfel8t|xU!9r_U$tUkzE9eb6|meDe1HZ`YX|a{>NScJxw#XZWDcHge|s(c%4Tui)L&1-#+< z_EQ5z(sZnJo6%z14UsjPt;pIFjpl`2z-(l>K(vszdZE2MI5;!AIi4(>)|?TG?(v0G_Cqpl%_ZiepW$DKvHy zOAT`fU^i*An)Hl3O1+KI)rk(@?iKuFUBEw355Fd+-NXg~t(*E4(Xsyc(y)q!$}$}M zR2Og?bXTlbwJ(|dts%ZCI>a~j5aOdgMBBSYuZG}-w%4SwTSYlV3wvj2jqNS1)+FpY Zh5t&`S5+;qFGY*j diff --git a/ia-terms-updates/en/_images/Eo_circle_red_letter-x.svg b/ia-terms-updates/en/_images/Eo_circle_red_letter-x.svg new file mode 100644 index 000000000..4c3c8e785 --- /dev/null +++ b/ia-terms-updates/en/_images/Eo_circle_red_letter-x.svg @@ -0,0 +1 @@ + diff --git a/ia-terms-updates/en/_images/High-Level-Flow-ITWallet-PID-Issuance.svg b/ia-terms-updates/en/_images/High-Level-Flow-ITWallet-PID-Issuance.svg new file mode 100644 index 000000000..112223018 --- /dev/null +++ b/ia-terms-updates/en/_images/High-Level-Flow-ITWallet-PID-Issuance.svg @@ -0,0 +1,3 @@ + + +
PID Provider
PID Provider
Wallet Solution
Wallet Solution
Wallet Instance
Wallet Instance
VCI Component (OIDC4VCI)
VCI Component (OIDC4VCI...
Issues PID
Issues PID
National eID Component
 (e.g. OIDC, SAML)
National eID Component...
Wallet Provider
Wallet Provider
Attestation Service
Attestation Service
Issues
Wallet Verifiable Attestation
Issues...
Authenticates the User
Authenticates the User
Requests PID
Requests PID
Develop and Maintains
Develop and Maintains
Federation API Services
Federation API Services
Federation API Services
Federation API Serv...
National IdP
National IdP
0
0
3
3
4
4
5
5
Trust Anchor - Accreditation Body
Trust Anchor - Accreditation Body
Federation API Services
Federation API Services
Requests for PID Provider identifier
Requests for PID Provider identifier
1
1
2
2
Requests for PID Provider Metadata
Requests for PID Provider Metadata
Viewer does not support full SVG 1.1
\ No newline at end of file diff --git a/ia-terms-updates/en/_images/High-Level-Flow-ITWallet-Presentation-ISO.svg b/ia-terms-updates/en/_images/High-Level-Flow-ITWallet-Presentation-ISO.svg new file mode 100644 index 000000000..6bcf4030f --- /dev/null +++ b/ia-terms-updates/en/_images/High-Level-Flow-ITWallet-Presentation-ISO.svg @@ -0,0 +1 @@ +User's SmartphoneVerifier's SmartphoneUserUserWallet InstanceWallet InstanceVerifier AppVerifier App1Open the Wallet Instance to present an mDoc CredentialDevice Engagement subphase -over QR-2Generate new ephemeral key pair3Show the QR Code for Device Engagement4Scan the QR Code5Generate newephemeral key pair6Compute session keySession establishment and Communication subphase -over BLE secure channel-7mDoc Request + public key of the Verifier App(Session establishment)8Compute session key9Prompt for consent to share the requested information10Grant consent11Retrieve mDoc from local storage12mDoc Response13Verify Response signatureand check mDoc validity \ No newline at end of file diff --git a/ia-terms-updates/en/_images/High-Level-Flow-ITWallet-QEAA-Issuance.svg b/ia-terms-updates/en/_images/High-Level-Flow-ITWallet-QEAA-Issuance.svg new file mode 100644 index 000000000..7a55b4792 --- /dev/null +++ b/ia-terms-updates/en/_images/High-Level-Flow-ITWallet-QEAA-Issuance.svg @@ -0,0 +1,3 @@ + + +
(Q)EAA Provider
(Q)EAA Provider
Wallet Solution
Wallet Solution
Wallet Instance
Wallet Instance
VCI Component (OpenID4VCI)
VCI Component (OpenID4V...
Issues (Q)EAA
Issues (Q)EAA
Requests (Q)EAA
Requests (Q)EAA
Federation API Services
Federation API Services
Trust Anchor - Accreditation Body
Trust Anchor - Accreditation Body
Federation API Services
Federation API Services
Requests for Issuer identifier
Requests for Issuer identifier
1
1
2
2
Register
Register
User Authentication with PID
User Authentication with PID
Requests for Issuer Metadata
Requests for Issuer Metadata
RP Component (OpenID4VP)
RP Component (OpenID4VP...
5
5
3
3
4
4
Text is not SVG - cannot display
\ No newline at end of file diff --git a/ia-terms-updates/en/_images/High-Level-Flow-Status-Attestation.svg b/ia-terms-updates/en/_images/High-Level-Flow-Status-Attestation.svg new file mode 100644 index 000000000..fe109258f --- /dev/null +++ b/ia-terms-updates/en/_images/High-Level-Flow-Status-Attestation.svg @@ -0,0 +1,4 @@ + + + +
Credential Issuer
Wallet Instance
Verifier
1
Request a Status Attestation for a Digital Credential
Provide a Status Attestation for a Digital Credential
Request a Digital Credential with a corresponding Status Attestation
Present a Digital Credential with a corresponding Status Attestation
2
3
4
At time t0, a Status Attestation is obtained by the Wallet Instance, for each stored Digital Credential
At time t1, greater that t0 and less that the expiration time of the Status Attestation, the Wallet Instance presents a Digital Credential and the corresponding Status Attestation if requested.

This page contains the following errors:

Below is a rendering of the page up to the first error.

\ No newline at end of file diff --git a/ia-terms-updates/en/_images/Low-Level-Flow-ITWallet-PID-QEAA-Issuance.svg b/ia-terms-updates/en/_images/Low-Level-Flow-ITWallet-PID-QEAA-Issuance.svg new file mode 100644 index 000000000..90dd9849b --- /dev/null +++ b/ia-terms-updates/en/_images/Low-Level-Flow-ITWallet-PID-QEAA-Issuance.svg @@ -0,0 +1 @@ +User's smartphoneUserUserBrowserBrowserWallet InstanceWallet InstancePID/(Q)EAA ProviderPID/(Q)EAA Provider1obtain your Digital Credential2yesObtain the list of the Trusted PID/(Q)EAA Providers3confirm the selection of PID/(Q)EAA Provider4okCheck PID/(Q)EAA Provider is part of the Federation and obtain its metadata5create PKCE code verifier and WIA-PoP6PAR Request (response_type,client_id,code_challenge,code_challenge_method,request)with OAuth-Client-Attestation and OAuth-Client-Attestation-PoP in the HeaderCheck Wallet Provider is part of the FederationCheck signature of the Wallet Attestation and its validity7PAR Response (request_uri, expires_in)8Authorization Request (client_id, request_uri)9Authorization Request (client_id, request_uri)alt[Credential == PID]user authentication with national eIDAS notified Schemes and consent[Credential == (Q)EAA)]user authentication with PID and consent10Authorization Response (code, state, iss)11Authorization Response (code, state, iss)12generate DPoP key13generate DPoP proof and WIA-PoP for PID/(Q)EAA Provider token endpoint14Token Request with DPoP proof (client_id,grant_type,code,code_verifier,redirect_uri)with OAuth-Client-Attestation and OAuth-Client-Attestation-PoP in the Header15Token Response (access_token, token_type, expires_in, c_nonce, c_nonce_expires_in)16create proof of possession (c_nonce)17create DPoP proof for PID/(Q)EAA Provider credential endpoint18Credential Request with DPoP access_token and DPoP proof (credential_definition, format, proof)alt[Credential is available]19Credential Response (format, credential, c_nonce, c_nonce_expires_in, notification_id)20PID/(Q)EAA validity and status check21store credential22Notification Request HTTP POST /notification (notification_id, event)with DPoP Access TokenRegister all the credential-relatedinformation for verification/revocation23Notification Response HTTP 204 No Content[Credential is NOT available]24Credential Response (lead_time, c_nonce, c_nonce_expires_in)The Wallet Instance, after an amount of time specified by lead_time and when triggered by the User, starts the flow again \ No newline at end of file diff --git a/ia-terms-updates/en/_images/Low-Level-Flow-Revocation-Attestation.svg b/ia-terms-updates/en/_images/Low-Level-Flow-Revocation-Attestation.svg new file mode 100644 index 000000000..e77ec7936 --- /dev/null +++ b/ia-terms-updates/en/_images/Low-Level-Flow-Revocation-Attestation.svg @@ -0,0 +1 @@ +Wallet InstanceWallet InstanceIssuerIssuerAuthentic SourceAuthentic Source1POST /status request(credential_pop=$CredentialPoPJWT)2Validate Credential PoP JWTThe Issuer obtains from the Authentic Sourcethe updated attributes and the validity statusof them through an out-of-band mechanism,(e.g. though the PDND APIs system)3Check for attributesupdate and validity4Create StatusAttestation JWT5Response with Status Attestation JWT \ No newline at end of file diff --git a/ia-terms-updates/en/_images/Low-Level-Flow-Revocation.svg b/ia-terms-updates/en/_images/Low-Level-Flow-Revocation.svg new file mode 100644 index 000000000..ef2f16fce --- /dev/null +++ b/ia-terms-updates/en/_images/Low-Level-Flow-Revocation.svg @@ -0,0 +1 @@ +Wallet InstanceWallet InstanceIssuerIssuer1POST /revoke request(credential_pop=$CredentialPoPJWT)2Validate the CredentialProof of Possession3Revoke the Credential4Response Ok \ No newline at end of file diff --git a/ia-terms-updates/en/_images/cross_device_auth_seq_diagram.svg b/ia-terms-updates/en/_images/cross_device_auth_seq_diagram.svg new file mode 100644 index 000000000..b685c1684 --- /dev/null +++ b/ia-terms-updates/en/_images/cross_device_auth_seq_diagram.svg @@ -0,0 +1 @@ +User's DevicesUserUserWallet InstanceWallet Instanceuser-agentuser-agentRelying PartyRelying Party1Web Service navigation2Request Protected ResourcePresentation Phase3Create astatevaluebound to user-agent cookie4Create request_uri resource5QRCode OR HTTP Redirect (302) withclient_id, request_uri, state, [request_uri_method] [client_id_scheme]Cross Device only6Show the QRCode page7Open the Wallet Instance app, local authentication8Scan QR Code9Extract the parameters from the QR Code10evaluates trust with the client_id [client_id_scheme]alt[if request_uri_method is set with POST]11provides Wallet metadata to the request_uri endpoint12evaluates the Wallet tecnical capabilities[if request_uri_method is set with GET or not present]13requests the signed request object from the request_uri endpoint14signed request object15evaluates Relying Party Metadata and policies16Verify signature of the signed Request Object17Validate requested VP(s)18Request for consent19Confirmed20POST Authorization Responsewith vp_token, state, presentation_submission21Evaluate the Verifiable Presentation token22Validate the Wallet Attestation.Attest the Wallet Provideris part of the Federationand the Wallet Instance is not revoked.23Attest Credential Issuer Trustand Validate JWT Signature24Process the credentialProcess the credential:Check Holder Key Binding and Proof of Possession:- using the public key bound in the Credential to verify the VP token. Then extract the disclosed attributes: check if all the required data are available25Update the User session (cookie updated)26HTTP/1.1 200 OK{"redirect_uri": https url with response_code }Same Device only27Use the redirect_uriCross Device only28QRCode JS: Check authentication state (HTTP request with cookie)29Authentication state given with HTTP codes, untill expired or successful \ No newline at end of file diff --git a/ia-terms-updates/en/_images/static_view_wallet_instance_attestation.svg b/ia-terms-updates/en/_images/static_view_wallet_instance_attestation.svg new file mode 100644 index 000000000..2f18451e1 --- /dev/null +++ b/ia-terms-updates/en/_images/static_view_wallet_instance_attestation.svg @@ -0,0 +1 @@ +UserWallet ProviderDevice OEMWallet SolutionWallet InstanceWallet BackendDevice Integrity ServiceUseUseIs part ofProvides Wallet Attestationcontrol / activateIs an instance ofProvideProvide \ No newline at end of file diff --git a/ia-terms-updates/en/_images/trust-roles.svg b/ia-terms-updates/en/_images/trust-roles.svg new file mode 100644 index 000000000..a1e8dd823 --- /dev/null +++ b/ia-terms-updates/en/_images/trust-roles.svg @@ -0,0 +1,426 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/ia-terms-updates/en/_images/verifier_qr_code.svg b/ia-terms-updates/en/_images/verifier_qr_code.svg new file mode 100644 index 000000000..437ad39ca --- /dev/null +++ b/ia-terms-updates/en/_images/verifier_qr_code.svg @@ -0,0 +1,2 @@ + + diff --git a/ia-terms-updates/en/_images/wallet_instance_acquisition.svg b/ia-terms-updates/en/_images/wallet_instance_acquisition.svg new file mode 100644 index 000000000..040a35eb4 --- /dev/null +++ b/ia-terms-updates/en/_images/wallet_instance_acquisition.svg @@ -0,0 +1 @@ +UserWallet InstanceDevice Integrity ServiceWallet Provider backend1Request a new operation thatrequires aWallet Attestation2Check ifCryptographic Hardware Keysis available3Generates an ephemeral key pairJWKCheck Wallet Provider is part of the Federation and obtain its metadata4Getchallenge5Generate one time usechallenge6challenge7Generateclient_data_hashas SHA256(challenge, public_jwk)8GenerateCryptographic Hardware KeyPoPhardware_signature= sign(client_data_hash, wallet_hardware_key_tag)9generateIntegrityAssertion(client_data_hash)10integrity_assertion11Generate Wallet Attestation Request withintegrity_assertion,hardware_signature,challenge,Cryptographic Hardware Key Tag,public_jwksigned with ephemeralJWK12Send Wallet Attestation RequestCheck if Wallet Instance is initialized and validusing Cryptographic Hardware Key Tag andhardware_signature13Validatechallenge14Validateintegrity_assertion15Validatehardware_signature16ValidateJWKPoP17CreateWallet Attestation18Wallet Attestation \ No newline at end of file diff --git a/ia-terms-updates/en/_images/wallet_instance_initialization.svg b/ia-terms-updates/en/_images/wallet_instance_initialization.svg new file mode 100644 index 000000000..5f5237a06 --- /dev/null +++ b/ia-terms-updates/en/_images/wallet_instance_initialization.svg @@ -0,0 +1 @@ +UserWallet InstanceDevice Integrity ServiceWallet Provider backendonly upon first installation of the app1starts the app (first use)2Check if Device Integrity Service is availableCheck Wallet Provider is part of the Federation and obtain its metadata3Getchallenge4Generate one time usechallenge5challenge6GenerateCryptographic Hardware Keyspair and storeCryptographic Hardware Key Tag7attestKey(challenge, Cryptographic Hardware Key Tag)8Key Attestationsigned by OEM9Sendchallenge,Key AttestationandCryptographic Hardware Key Tag10Validatechallenge11ValidateKey Attestation12StoreCryptographic Hardware Keys13OK14Wallet Instance Initialized \ No newline at end of file diff --git a/ia-terms-updates/en/_images/wallet_instance_lifecycle.svg b/ia-terms-updates/en/_images/wallet_instance_lifecycle.svg new file mode 100644 index 000000000..386473b45 --- /dev/null +++ b/ia-terms-updates/en/_images/wallet_instance_lifecycle.svg @@ -0,0 +1 @@ +InstalledOperationalValidDeactivatedinstallverifyvalidateinvalidaterevokerevokeuninstalluninstalluninstalluninstall \ No newline at end of file diff --git a/ia-terms-updates/en/_sources/algorithms.rst.txt b/ia-terms-updates/en/_sources/algorithms.rst.txt new file mode 100644 index 000000000..1c9b101a6 --- /dev/null +++ b/ia-terms-updates/en/_sources/algorithms.rst.txt @@ -0,0 +1,130 @@ +.. include:: ../common/common_definitions.rst + +.. _supported_algs: + +Cryptographic Algorithms +++++++++++++++++++++++++ + +The following algorithms MUST be supported: + +.. list-table:: + :widths: 20 20 20 20 + :header-rows: 1 + + * - **Algorithm `alg` parameter value** + - **Description** + - **Operations** + - **References** + * - **ES256** + - Elliptic Curve Digital Signature Algorithm (ECDSA) using one of the enabled curves listed in the section below and SHA256. + - Signature + - :rfc:`7518`, `[SOG-IS] `_, `[ETSI] `_ . + * - **ES384** + - Elliptic Curve Digital Signature Algorithm (ECDSA) using one of the enabled curves listed in the section below and SHA384. + - Signature + - :rfc:`7518`, `[SOG-IS] `_, `[ETSI] `_ . + * - **ES512** + - Elliptic Curve Digital Signature Algorithm (ECDSA) using one of the enabled curves listed in the section below and SHA521. + - Signature + - :rfc:`7518`, `[SOG-IS] `_, `[ETSI] `_ . + * - **RSA-OAEP-256** + - RSA Encryption Scheme with Optimal Asymmetric Encryption Padding (OAEP) using SHA256 hash function and the MGF1 with SHA-256 mask generation function. + - Key Encryption + - :rfc:`7516`, :rfc:`7518`. + * - **A128CBC-HS256** + - AES encryption in Cipher Block Chaining mode with 128-bit Initial Vector value, plus HMAC authentication using SHA-256 and truncating HMAC to 128 bits. + - Content Encryption + - :rfc:`7516`, :rfc:`7518`. + * - **A256CBC-HS512** + - AES encryption in Cipher Block Chaining mode with 256-bit Initial Vector value, plus HMAC authentication using SHA-512 and truncating HMAC to 256 bits. + - Content Encryption + - :rfc:`7516`, :rfc:`7518`. + +The following Elliptic Curves MUST be supported for the Elliptic Curve Digital Signature Algorithm: + +.. list-table:: + :widths: 20 20 20 + :header-rows: 1 + + * - **Curve Family** + - **Short Curve Name** + - **References** + * - **Brainpool** + - brainpoolP256r1, brainpoolP384r1, brainpoolP512r1. + - :rfc:`5639`, `[ETSI] `_ . + * - **NIST** + - P-256, P-384, P-521 + - `[ETSI] `_, `[FIPS-186-4] `_, `[ISO/IEC 14888-3] `_. + +The following algorithms are RECOMMENDED to be supported: + +.. list-table:: + :widths: 20 20 20 20 + :header-rows: 1 + + * - **Algorithm `alg` parameter value** + - **Description** + - **Operations** + - **References** + * - **PS256** + - RSASSA (RSA with Signature Scheme Appendix) with PSS ( Probabilistic Signature Scheme) padding using SHA256 hash function and MGF1 mask generation function with SHA-256. + - Signature + - :rfc:`7518`, `[SOG-IS] `_. + * - **PS384** + - RSASSA (RSA with Signature Scheme Appendix) with PSS ( Probabilistic Signature Scheme) padding using SHA384 hash function and MGF1 mask generation function with SHA-384. + - Signature + - :rfc:`7518`, `[SOG-IS] `_. + * - **PS512** + - RSASSA (RSA with Signature Scheme Appendix) with PSS ( Probabilistic Signature Scheme) padding using SHA512 hash function and MGF1 mask generation function with SHA-512. + - Signature + - :rfc:`7518`, `[SOG-IS] `_. + * - **ECDH-ES** + - Elliptic Curve Diffie-Hellman (ECDH) Ephemeral Static key agreement using Concat Key Derivation Function (KDF). + - Key Encryption + - :rfc:`7518`. + * - **ECDH-ES+A128KW** + - ECDH-ES using Concat KDF and content encryption key (CEK) wrapped using AES with a key length of 128 (A128KW). + - Key Encryption + - :rfc:`7518`. + * - **ECDH-ES+A256KW** + - ECDH-ES using Concat KDF and content encryption key (CEK) wrapped using AES with a key length of 256 (A256KW). + - Key Encryption + - :rfc:`7518`. + +The following algorithms MUST NOT be supported: + +.. list-table:: + :widths: 20 20 20 20 + :header-rows: 1 + + * - **Algorithm `alg` parameter value** + - **Description** + - **Operations** + - **References** + * - **none** + - - + - Signature + - :rfc:`7518`. + * - **RSA_1_5** + - RSAES with PKCS1-v1_5 padding scheme. Use of this algorithm is generally not recommended. + - Key Encryption + - :rfc:`7516`, `[Security Vulnerability] `_, `[SOG-IS] `_. + * - **RSA-OAEP** + - RSA Encryption Scheme with Optimal Asymmetric Encryption Padding (OAEP) using default parameters. + - Key Encryption + - :rfc:`7518`, `[SOG-IS] `_. + * - **HS256** + - HMAC using SHA256. + - Signature + - :rfc:`7518`. + * - **HS384** + - HMAC using SHA384. + - Signature + - :rfc:`7518`. + * - **HS512** + - HMAC using SHA512 + - Signature + - :rfc:`7518`. + + + diff --git a/ia-terms-updates/en/_sources/authentic-sources.rst.txt b/ia-terms-updates/en/_sources/authentic-sources.rst.txt new file mode 100644 index 000000000..398fde02b --- /dev/null +++ b/ia-terms-updates/en/_sources/authentic-sources.rst.txt @@ -0,0 +1,40 @@ +.. include:: ../common/common_definitions.rst + + +Authentic Sources ++++++++++++++++++++ + +Authentic Sources are responsible for the authenticity of the User's attributes provided as Digital Credentials by the PID/(Q)EAA Provider. During the Issuance Flow, PID/(Q)EAA Providers, after authenticating the User, request from Authentic Sources the attributes required to provide the requested Credential. If PID/(Q)EAA Providers and Authentic Sources are both allowed to use PDND, the communication between them is accomplished in compliance with [`MODI`_] and [`PDND`_] and according to the rules defined within this specification. In particular, + + - The Authentic Source MUST provide an e-service registered within the PDND catalogue which the PID/(Q)EAA Provider, as the recipient, MUST use to request the User's attributes. + - In case of unavailability of the User's attributes, the Authentic Source MUST provide a response to the PID/(Q)EAA Provider with an estimation time when a new request can be sent. + - The PID/(Q)EAA Provider MUST provide to the Authentic Source an evidence that: + + - the request for Users attributes is related to data about themselves; + - the request for User attributes comes from a valid Wallet Instance. + + - The PID/(Q)EAA Provider MUST make available to the Authentic Source an e-service for notifications on attributes availability and validity status (revocation or updates). The Authentic Source MUST use this e-service to notify to the PID/(Q)EAA Provider the notifications on the availability of the User's attributes as well as those relating to the attributes updates. + - The protocol flow MUST ensure integrity, authenticity, and non-repudiation of the exchanged data between the Authentic Source and the PID/(Q)EAA Provider. + - The e-services MUST be implemented in REST. SOAP protocol MUST NOT be used. + + + +Security Patterns +---------------------- + +The following security patterns and profiles are applicable: + + - **[REST_JWS_2021_POP]** JWS POP Voucher Issuing Profile (*Annex 3 - Standards and technical details used for Voucher Authorization* [`PDND`_]): REQUIRED. It adds a proof of possession on the Voucher. The client using the Voucher to access an e-service MUST demonstrate the proof of possession of the private key whose public is attested on the Voucher. + + - **[ID_AUTH_REST_02]** Client Authentication with X.509 certificate with uniqueness of the token/message (*Annex 2 - Security Pattern* [`MODI`_]): REQUIRED. It guarantees trust between the Authentic Source and the PID/(Q)EAA Provider and provides a mitigation against replay attacks. + + - **[INTEGRITY_REST_01]** REST message payload integrity (*Annex 2 - Security Pattern* [`MODI`_]): REQUIRED. It adds message payload integrity of the HTTP POST request. + + - **[AUDIT_REST_02]** submission of audit data within the request (*Annex 2 - Security Pattern* [`MODI`_]): OPTIONAL. The Authentic Source MAY request an evidence about the User Authentication related to the User's attributes requested by the PID/(Q)EAA Provider and/or a proof that the Wallet Instance is valid. In this case this pattern MUST be used. + + - **[PROFILE_NON_REPUDIATION_01]** Profile for non-repudiation of transmission (*Annex 3 - Interoperability Profile* [`MODI`_]): REQUIRED. This profile uses the following security patterns: + + - **ID_AUTH_CHANNEL_01** or **ID_AUTH_CHANNEL_02** + - **ID_AUTH_REST_02** + - **INTEGRITY_REST_01** + diff --git a/ia-terms-updates/en/_sources/backup-restore.rst.txt b/ia-terms-updates/en/_sources/backup-restore.rst.txt new file mode 100644 index 000000000..186042348 --- /dev/null +++ b/ia-terms-updates/en/_sources/backup-restore.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _backup-restore.rst: + +backup-restore.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/ia-terms-updates/en/_sources/contribute.rst.txt b/ia-terms-updates/en/_sources/contribute.rst.txt new file mode 100644 index 000000000..c4bea2975 --- /dev/null +++ b/ia-terms-updates/en/_sources/contribute.rst.txt @@ -0,0 +1,67 @@ +.. include:: ../common/common_definitions.rst + +.. _contribute.rst: + +How to contribute ++++++++++++++++++++++++++++ + +The IT-Wallet project, including this document, follows an **open development process**. This approach ensures the development process is accessible to all, inviting all interested parties to participate. + +Consequently, stakeholders, national and international community members are not only encouraged but also heartily welcomed to contribute to the refinement of these technical rules. + +Below are several methods available for contributing to this project: + +- **GitHub issues**. By opening an issue, you can seek clarification, propose enhancements, or report editorial typos. If you are working on an issue, we encourage you to open a draft pull request and link it. +- **Pull requests**. Pull requests represent active contributions to the project, typically, but not always following issue-based discussions. Once a pull request is initiated, it facilitates discussion and review of the proposed changes before they are merged into the main branch (`versione-corrente`). +- **Developers Italia Slack channel**. Slack is a messaging application designed for businesses, connecting people to the information they need. *Developers Italia* is an open community based on contributions and participation from public administrations, developers, technicians, students, and citizens. *Developers Italia* has initiated a Slack channel that [everyone can join for free](https://slack.developers.italia.it/), where you can learn about all their activities and partake in discussions. + + +Acknowledgements +---------------- + +We would like to thank the following individuals for their comments, +concerns, ideas, contributions, some of which substantial, to this +implementation profile and to the initial set of implementations. + +- Alen Horvat +- Amir Sharif +- Andrea Moro +- Andrea Prosseda +- Elisa Nicolussi Paolaz +- Emanuele De Cupis +- Emiliano Vernini +- Francesco Grauso +- Francesco Marino +- Francesco Ventola +- Gabriella Cefalù +- Giada Sciarretta +- Giuseppe De Marco +- Klaas Wierenga +- Kristina Yasuda +- Leif Johansson +- Lorenzo Cerini +- Mart Aarma +- Marta Sciunnach +- Michele Silletti +- Nicola Saitto +- Niels van Dijk +- Oliver Terbu +- Paul Bastien +- Pasquale De Rose +- Peter Altmann +- Riccardo Iaconelli +- Roland Hedberg +- Salvatore Laiso +- Salvatore Manfredi +- Stefano Alifuoco +- Takahiko Kawasaki +- Thomas Chiozzi +- Torsten Lodderstedt +- Vladimir Duzhinov + + +If anyone has been forgotten, please accept our apologies with the +request to propose the modification of this page via a [Pull Request](https://github.com/italia/eudi-wallet-it-docs) +with a brief description of the contribution offered, during which +event or channel, and during which period. We will then have the opportunity +to apologize again and make amends as soon as possible, including you in the list. diff --git a/ia-terms-updates/en/_sources/defined-terms.rst.txt b/ia-terms-updates/en/_sources/defined-terms.rst.txt new file mode 100644 index 000000000..72c210a8d --- /dev/null +++ b/ia-terms-updates/en/_sources/defined-terms.rst.txt @@ -0,0 +1,216 @@ +.. include:: ../common/common_definitions.rst + +.. _defined-terms.rst: + + +Normative Language and Conventions +++++++++++++++++++++++++++++++++++ + +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. + + +Defined Terms ++++++++++++++ + +The terms *User*, *Trust Service*, *Trust Model*, *Trusted List*, *Trust Framework*, *Attribute*, *Electronic Attestations of Attributes Provider* or *Trust Service Provider (TSP)*, *Person Identification Data (PID)*, *Revocation List*, *Qualified Electronic Attestations of Attributes Provider* or *Qualified Trust Service Provider (QTSP)*, *Electronic Attestation of Attributes (EAA)*, are defined in the `EIDAS-ARF`_. + +Below are the description of acronyms and definitions which are useful for further insights into topics that complement the it-wallet and the interacting components. + +.. list-table:: + :header-rows: 1 + + * - Name + - Description + - Notes + * - User + - A natural or legal person, or a natural person representing another natural person or a legal person, that uses a trust services or electronic identification means provided in accordance with EUDI Wallet Architecture Reference Framework. [ARF v1.4] + - + * - User Attribute + - A characteristic, quality, right or permission of a natural or legal person or of an object. [ARF v1.4] + - Other alternative terms: User Claim + * - Digital Identity Provider + - Entity responsible for identifying citizens for the issuance of an digital identity. + - + * - Digital Credential + - A signed set of Attributes encapsulated in a specific data format, such as mdoc format specified in [ISO 18013-5] or the SD-JWT VC format specified in [SD-JWT-VC]. This may be a Personal Identification Data (PID), (Qualified) Electronic Attestation of Attribute ((Q)EAA). [Revised from ARF v1.4] + - Differences with ARF: The definition from ARF restricts the data format to mdoc and SD-JWT VC. For the scope of the Trust Model, a Digital Credential definition should be neutral on the format. ARF alternative terms: Electronic Attestation, Attestation. Other alternative terms: Verifiable Credential, Digital Attestation. + * - Organizational Entity + - A legal person (only considering organizations and public entities, not natural/physical persons) recognized by the Member State through a unique identifier to operate a certain role within the EUDI Wallet ecosystem. + - In this category the following entity roles are included: Wallet Provider, Credential Issuer, Relying Party, QTSP In general, any kind of Entity that must be registered through a national or European registration mechanism. ARF alternative terms: legal person (only considering organizations and public entities, not natural/physical persons) + * - Wallet Solution + - A Wallet Solution is the entire eIDAS-compliant product and service provided by a Wallet Provider to all Users and certified as EUDI-compliant by a Conformity Assessment Body (CAB). [Revised from ARF v1.4] + - Differences with ARF: editorial ARF alternative terms: EUDI Wallet Solution + * - Wallet Provider + - An Organizational Entity, responsible for the management and release operation of a Wallet Solution. The Wallet Provider issues the Wallet Attestations to its Wallet Instances through an Attestation Service. The Wallet Attestation certifies the genuinity and authenticity of the Wallet Instance and its compliance with the security and privacy requirements. [Revised from ARF v1.4] + - Differences with ARF: editorial ARF alternative terms: EUDI Wallet Provider + * - Wallet Instance + - Instance of a Wallet Solution installed on a User’s device belonging to and which is controlled by a User. It enables the storage and management of Digital Credentials.The Wallet Instance provides graphical interfaces for User interaction with Relying Parties, PID, (Q)EAA Providers and the Wallet Provider. [Revised from ARF v1.4] + - Differences with ARF: editorial ARF alternative terms: EUDI Wallet Instance + * - Wallet Provider Backend + - Is the technical infrastructure and server-side components, including a set of endpoints, managed by a Wallet Provider. + - + * - Credential Issuer + - An Organizational Entity providing Digital Credentials to Users. It may be PID Provider or (Q)EAA Providers. [Revised from ARF v1.4] + - Differences with ARF: (i) merged the PID Providers and (Q)EEA Providers definitions using the general term Digital Credential, (ii) renamed “Member Stare or other legal entity” in “Organizational Entity” ARF alternative terms: PID Providers,(Q)EEA Providers, Attestation Provider Other alternative terms: Verifiable Credential Issuer + * - Relying Party + - An Organizational Entity that relies upon an electronic identification or a Trust Service originating from a Wallet Instance. [Revised from ARF v1.4] + - Differences with ARF: renamed “natural or legal person” in “Organizational Entity”. + * - Relying Party Instance + - A Relying Party Instance in the context of a mobile application or a standalone embedded device refers to a specific deployment of the application or device. These instances depend on an User Authentication through a Wallet Instance to confirm User identities before granting access to their functionalities. Each version or environment where the application or device is running, be it a particular release of a mobile app installed on a User's smartphone or a specific embedded device in use, constitutes a separate instance. In case of proximity supervised scenarios, it belongs to and is controlled by a Verifier. [Revised from ARF v1.4] + - Differences with ARF: added a sentence on proximity supervised scenarios. Other alternative terms: Verifier App + * - Verifier + - Also known as Credential Verifier. It is a natural person or a legal person using an Relying Party Instance. [New] + - + * - Trust + - Trust, within the technical field, is the confidence in the security, reliability, and integrity of entities (such as systems, organizations, or individuals) and their actions, ensuring that they will operate as expected in a secure and predictable manner. It is often established through empirical proof, such as past performance, security certifications, or transparent operational practices, which demonstrate a track record of adherence to security standards and ethical conduct. [Revised from ARF v1.4] + - + * - Trust Framework + - A legally enforceable set of operational and technical rules and agreements that govern a multi-party system designed for conducting specific types of transactions among a community of participants and bound by a common set of requirements. [ARF v1.4] + - + * - Trust Model + - Collection of rules that ensure the legitimacy of the components and the entities involved in the EUDI Wallet ecosystem. [ARF v1.4] + - + * - Trusted List + - Repository of information about authoritative entities in a particular legal or contractual context which provides information about their current and historical status. It serves as the bedrock of trust, acting as federative sources that publish the crucial information about root entities within the ecosystem. [Revised from ARF v1.4] + - Differences with ARF: added the last sentence + * - Registration Authority + - A party responsible for registering all the Organizational Entities by issuing a Trust Assertion. + - ARF: Registrar + * - Conformity Assessment Body (CAB) + - A conformity assessment body as defined in Article 2, point 13, of Regulation (EC) No 765/2008, which is accredited in accordance with that Regulation as competent to carry out conformity assessment of a qualified trust service provider and the qualified trust services it provides, or as competent to carry out certification of European Digital Identity Wallets or electronic identification means. [ARF v1.4] + - + * - National Accreditation Bodies (NAB) + - A body that performs accreditation with authority derived from a Member State under Regulation (EC) No 765/2008. [ARF v1.4] + - Other alternative terms: Accreditation Authority + * - Trust Evaluation + - The process of verifying the trustworthiness of registered Organizational Entities, in accordance with pre-established rules. For example, involving the retrieval and validation of entity configurations and trust chains. + - Other alternative terms: Trust Discovery, Trust Establishment + * - Trust Assertion + - Cryptographically verifiable artifact that proves the compliance of an Organizational Entity with known rules and requirements defined within the Trust Model. + - Other alternative terms: Verifiable Attestation, Access Certificate + * - Trust Relationship + - Positive outcome of Trust Evaluation, which produces a reliable relationship between Organizational Entities, where one Organizational Entity trusts the other to securely handle data, execute transactions, or perform actions on its behalf. + - + * - Metadata + - Digital artifact that contains all the required information about an Organizational Entity, e.g., protocol related endpoints and the Organizational Entity’s cryptographic public keys (for the complete list check requirement “Metadata Content”). + - + * - Policy Language + - A formal language used to define security, privacy, and identity management policies that govern interactions and transactions within a Trust Framework. This language allows for the clear and unambiguous expression of rules and conditions, facilitating the automation of processes and interoperability among different systems and organizations. + - + * - Registration Process + - Process performed by a Registration Authority verifying necessary information to ensure Organizational Entity eligibility and compliance with the relevant rules and standards. The main goal of the Registration Process is for the Organizational Entity to receive one or more Trust Assertions to be used for the Trust Evaluation processes. + - + * - Accreditation Process + - Process performed by the National Accreditation Body to accreditate CABs. As a result of the Accreditation Process, a NAB issues an accreditation certificate to a CAB. + - Currently, out of scope of the Trust Model requirements + * - Certification Process + - Process performed by Conformity Assessment Bodies to certify the Wallet Solution. The Certification Process aims to periodically assess technical Wallet Solutions (e.g. performing vulnerability assessment and risk analysis). As a result of the Certification Process a certification is provided to the Wallet Solution. [New] + - Currently, out of scope of the Trust Model requirements + * - Notification Process + - Process defining how information is transferred to the European Commission and the inclusion of an entity in the Trusted List. + - + * - Supervision Process + - Process performed by a Supervisory Body to review and ensure proper functioning of the Wallet Provider and other relevant actors. + - Currently, out of scope of the Trust Model requirements + * - Federation Authority + - A public governance entity that issues guidelines and technical rules, and administers - directly or through its intermediary - Trusted Lists, services, and accreditation processes, the status of participants, and their eligibility evaluation. It also performs oversight functions. + - + * - Wallet Secure Cryptographic Application + - An application that manages critical assets utilizing the cryptographic functions provided by the Wallet Secure Cryptographic Device. + - + * - Wallet Instance + - The application installed and configured on a Wallet User’s device or environment, which is part of a Wallet Unit, and that the Wallet User uses to interact with the Wallet Unit. + - + * - Wallet Unit + - Unique configuration of a wallet solution that includes wallet instances, wallet secure cryptographic applications, and wallet secure cryptographic devices provided by a wallet provider to an individual wallet user. + - + * - Wallet Unit Attestation + - Also known as Wallet Attestation or Wallet Instance Attestation, it is a Data object issued by a Wallet Provider that describes the components of the Wallet Unit. It allows authentication and validation of those components, and is cryptographically bound to Wallet Secure Cryptographic Devices. + - + * - Wallet Secure Cryptographic Device (WSCD) + - Hardware-backed secure environment for creating, storing, and/or managing cryptographic keys and data. A WSCD MAY implement an association proof in different ways. This largely depends on the implementation of the WSCD for example: remote HSM, external smart card, internal UICC, internal native cryptographic hardware, such as the iOS Secure Enclave or the Android Hardware Backed Keystore or StrongBox + - + * - Credential Status Attestation + - Verifiable Attestation proving that a related Digital Credential is not revoked. + - + * - Device Integrity Service + - A service provided by device manufacturers that verifies the integrity and authenticity of the app instance (Wallet Instance), as well as certifying the secure storage of private keys generated by the device within its dedicated hardware. It's important to note that the terminology used to describe this service varies among manufacturers. + - + * - Cryptographic Hardware Keys + - During the app initialization, the Wallet Instance generates a pair of keys, one public and one private, which remain valid for the entire duration of the Wallet Instance's life. Functioning as a Master Key for the personal device, these Cryptographic Hardware Keys are confined to the OS domain and are not designed for signing arbitrary payloads. Their primary role is to provide a unique identification for each Wallet Instance. + - + * - Cryptographic Hardware Key Tag + - A unique identifier created by the operating system for the Cryptographic Hardware Keys, utilized to gain access to the private key stored in the hardware. + - + * - Key Attestation + - An attestation from the device's OEM that enhances your confidence in the keys used in your Wallet Instance being securely stored within the device's hardware-backed keystore. Its content is therefore defined by the operating system manufacturer. For Google Android, the term Key Attestation refers to the Strongbox Key Attestation feature. For Apple iOS, the reference is to the `Device Check`_ service, specifically the `attestKey`_ feature. + - + * - Qualified Electronic Attestation of Attributes (QEAA) + - A digitally verifiable attestation in electronic form, issued by a QTSP, that substantiates a person's possession of attributes. + - + * - Qualified Electronic Signature Provider + - The Electronic Trust Service Provider responsible for the issuing of Qualified Electronic Signature certificates to the User. + - + * - Qualified Electronic Attestation of Attributes Provider + - Organizational Entity which serves as Credential issuer providing Qualified Electronic Attestations of Attributes (QEAAs). + - + * - PID Provider + - Organizational Entity which serves as Credential issuer providing Person Identification Data to Users. + - Differences with ARF: renamed “Member Stare or other legal entity” in “Organizational Entity” + * - National Identity Provider + - It represents preexisting identity systems based on SAML2 or OpenID Connect Core 1.0, already in production in each Member State (eg: the Italian SPID and CIE id schemes notified eIDAS with *LoA* **High**, see `SPID/CIE-OpenID-Connect-Specifications`_). + - + * - Relying Party + - A natural or legal person that implements an authentication system requiring electronic attribute attestation submissions as an authentication mechanism. + - + * - Verifier + - See Relying Party + - + * - Trust Attestation + - Electronic attestation of an entity's compliance with the national regulatory framework, which is cryptographically verifiable and cannot be repudiated over time by the entity that issued it. A Trust Attestation is always related to a particular Trust Framework. + - + * - Trust Layer + - Architectural component that enables IT-Wallet system participants to establish trust, in terms of reliability and compliance of all participants with the regulatory framework governing the digital identity system. + - + * - Trust Model + - System defining how the participants of the ecosystem establish and maintain trust in their interactions. The Trust Model outlines the rules and the procedures for the entities (like users, systems, or applications) should validate each other's identities, authenticate, and establish the level of trust before exchanging information. + - + * - Level of Assurance + - The degree of confidence in the vetting process used to establish the identity of the User and the degree of confidence that the User who presents the credential is the same User to whom the Digital Credential was issued. + - + * - Holder Key Binding + - Ability of the Holder to prove legitimate possession of the private part, related to the public part attested by a Trusted Third Party. + - + * - Holder + - Natural or Legal person that receives Verifiable Credentials from the Credential Issuers, manages the Verifiable Credentials within the Wallet, and presents them to Verifiers. The Holder is the User in control of the Wallet. + - + * - Pseudonym + - Pseudonyms are alternative identifier used to represent an entity (such as a person or organization) without revealing their true identity. It provides a layer of privacy and anonymity while still allowing for consistent authentication and authorization within a system. + - + + +Acronyms +-------- + +.. list-table:: + :widths: 20 80 + :header-rows: 1 + + * - **Acronym** + - **Description** + * - **OID4VP** + - OpenID for Verifiable Presentation + * - **PID** + - Person Identification Data + * - **VC** + - Verifiable Credential + * - **VP** + - Verifiable Presentation + * - **API** + - Application Programming Interface + * - **LoA** + - Level of Assurance + * - **AAL** + - Authenticator Assurance Level as defined in ``_ + * - **WSCD** + - Wallet Secure Cryptographic Device diff --git a/ia-terms-updates/en/_sources/index.rst.txt b/ia-terms-updates/en/_sources/index.rst.txt new file mode 100644 index 000000000..36c62995e --- /dev/null +++ b/ia-terms-updates/en/_sources/index.rst.txt @@ -0,0 +1,54 @@ +.. include:: ../common/common_definitions.rst + +============================================== +The Italian EUDI Wallet implementation profile +============================================== + +Introduction +------------ + +The European Parliament `has adopted `_ the revision of the eIDAS Regulation concerning electronic identification and trust services, introducing a significant innovation: the `European Digital Identity Wallet `_. This update marks a pivotal advancement in the EU's digital strategy, aiming to enhance the security, interoperability, and usability of digital identities across Member States. For further details, resources, and notes on this legislative development, please refer to the official EU Commission and Parliament websites. + +Italy has launched the National digital identity Wallet solution, known as IT-Wallet, established by the Legislative Decree of March 2, 2024, No. 19 (commonly referred to as the PNRR Decree)., in direct response to the European community's directives. This initiative ensures full interoperability with the digital identity solutions provided by other European Member States, aligning with European regulations. + +The purpose of the following technical rules is to define the technical architecture and reference framework to be used as a guideline by all the parties involved in the development of the IT-Wallet project. + +This documentation defines the national implementation profile of IT-Wallet, containing the technical details about components of the Wallet ecosystem, as listed below: + + - Entities of the ecosystem according to `EIDAS-ARF`_. + - Infrastructure of trust attesting realiability and eligibility of the participants. + - PID and EAAs data schemes and attribute sets. + - PID/EAA in MDL CBOR format. + - PID/EAA in `SD-JWT`_ format. + - Wallet Solution general architecture. + - Wallet Attestation. + - Issuance of PID/EAA according to `OpenID4VCI`_. + - Presentation of PID/EAA according to `OpenID4VP`_. + - Presentation of pseudonyms according to `SIOPv2`_. + - PID/EAA backup and restore mechanisms. + - PID/EAA revocation lists. + +Index of content +---------------- + +.. toctree:: + :maxdepth: 3 + + ssi-introduction.rst + defined-terms.rst + trust.rst + wallet-solution.rst + wallet-attestation.rst + pid-eaa-data-model.rst + pid-eaa-issuance.rst + pid-eaa-entity-configuration.rst + authentic-sources.rst + relying-party-solution.rst + relying-party-entity-configuration.rst + revocation-lists.rst + pseudonyms.rst + backup-restore.rst + algorithms.rst + contribute.rst + standards.rst + diff --git a/ia-terms-updates/en/_sources/pid-eaa-data-model.rst.txt b/ia-terms-updates/en/_sources/pid-eaa-data-model.rst.txt new file mode 100644 index 000000000..2111da269 --- /dev/null +++ b/ia-terms-updates/en/_sources/pid-eaa-data-model.rst.txt @@ -0,0 +1,731 @@ + +.. include:: ../common/common_definitions.rst + +.. _pid_eaa_data_model.rst: + +PID/(Q)EAA Data Model ++++++++++++++++++++++ + +The Person Identification Data (PID) is issued by the PID Provider according to national laws. The main scope of the PID is allowing natural persons to be authenticated for the access to a service or to a protected resource. +The User attributes provided within the Italian PID are the ones listed below: + + - Current Family Name + - Current First Name + - Date of Birth + - Unique Identifier + - Taxpayer identification number + +The (Q)EAAs are issued by (Q)EAA Issuers to a Wallet Instance and MUST be provided in SD-JWT-VC or MDOC-CBOR data format. + +The PID/(Q)EAA data format and the mechanism through which a digital credential is issued to the Wallet Instance and presented to a Relying Party are described in the following sections. + +SD-JWT-VC Credential Format +=========================== + +The PID/(Q)EAA is issued in the form of a Digital Credential. The Digital Credential format is `SD-JWT`_ as specified in `SD-JWT-VC`_. + +SD-JWT MUST be signed using the Issuer's private key. SD-JWT MUST be provided along with a Type Metadata related to the issued Digital Credential according to Sections 6 and 6.3 of [`SD-JWT-VC`_]. The payload MUST contain the **_sd_alg** claim described in the Section 5.1.1 `SD-JWT`_ and other claims specified in this section. + +The claim **_sd_alg** indicates the hash algorithm used by the Issuer to generate the digests as described in Section 5.1.1 of `SD-JWT`_. **_sd_alg** MUST be set to one of the specified algorithms in Section :ref:`Cryptographic Algorithms `. + +Claims that are not selectively disclosable MUST be included in the SD-JWT as they are. The digests of the disclosures, along with any decoy if present, MUST be contained in the **_sd** array, as specified in Section 5.2.4.1 of `SD-JWT`_. + +Each digest value, calculated using a hash function over the disclosures, verifies the integrity and corresponds to a specific Disclosure. Each disclosure includes: + + - a random salt, + - the claim name (only when the claim is an object element), + - the claim value. + +In case of nested object in a SD-JWT payload each claim, on each level of the JSON, should be individually selectively disclosable or not. Therefore **_sd** claim containing digests MAY appear multiple times at different level in the SD-JWT. + +For each claim that is an array element the digests of the respective disclosures and decoy digests are added to the array in the same position of the original claim values as specified in Section 5.2.4.2 of `SD-JWT`_. + +In case of array elements, digest values are calculated using a hash function over the disclosures, containing: + + - a random salt, + - the array element + +In case of multiple array elements, the Issuer may wish to conceal presence of any statement while also allowing the Holder to reveal each of those elements individually (Section 5.2.6 `SD-JWT`_). Both the entire array and the individuals entries can be selective disclosure. + +The Disclosures are provided to the Holder together with the SD-JWT in the *Combined Format for Issuance* that is an ordered series of base64url-encoded values, each separated from the next by a single tilde ('~') character as follows: + +.. code-block:: + + ~~~...~ + +See `SD-JWT-VC`_ and `SD-JWT`_ for additional details. + + +PID/(Q)EAA SD-JWT parameters +---------------------------- + +The JOSE header contains the following mandatory parameters: + +.. _pid_jose_header: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **typ** + - REQUIRED. It MUST be set to ``vc+sd-jwt`` as defined in `SD-JWT-VC`_. + - :rfc:`7515` Section 4.1.9. + * - **alg** + - REQUIRED. Signature Algorithm. + - :rfc:`7515` Section 4.1.1. + * - **kid** + - REQUIRED. Unique identifier of the public key. + - :rfc:`7515` Section 4.1.8. + * - **trust_chain** + - OPTIONAL. JSON array containing the trust chain that proves the reliability of the issuer of the JWT. + - [`OID-FED`_] Section 3.2.1. + * - **x5c** + - OPTIONAL. Contains the X.509 public key certificate or certificate chain [:rfc:`5280`] corresponding to the key used to digitally sign the JWS. + - :rfc:`7515` Section 4.1.8 and [`SD-JWT-VC`_] Section 3.5. + * - **vctm** + - OPTIONAL. JSON array of base64url-encoded Type Metadata JSON documents. In case of extended type metadata, this claim contains the entire chain of JSON documents. + - [`SD-JWT-VC`_] Section 6.3.5. + +The following claims MUST be in the JWT payload. Some of these claims can be disclosed, these are listed in the following tables that specify whether a claim is selectively disclosable [SD] or not [NSD]. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **iss** + - [NSD].URL string representing the PID/(Q)EAA Issuer unique identifier. + - `[RFC7519, Section 4.1.1] `_. + * - **sub** + - [NSD]. The identifier of the subject of the Digital Credential, the User, MUST be opaque and MUST NOT correspond to any anagraphic data or be derived from the User's anagraphic data via pseudonymization. Additionally, it is required that two different Credentials issued MUST NOT use the same ``sub`` value. + - `[RFC7519, Section 4.1.2] `_. + * - **iat** + - [SD].UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in :rfc:`7519`. + - `[RFC7519, Section 4.1.6] `_. + * - **exp** + - [NSD].UNIX Timestamp with the expiry time of the JWT, coded as NumericDate as indicated in :rfc:`7519`. + - `[RFC7519, Section 4.1.4] `_. + * - **status** + - [NSD]. It MUST be a valid JSON object containing the information on how to read the status of the Verifiable Credential. It MUST contain the JSON member *status_assertion* set to a JSON Object containing the *credential_hash_alg* claim indicating the Algorithm used for hashing the Digital Credential to which the Status Assertion is bound. It is RECOMMENDED to use *sha-256*. + - Section 3.2.2.2 `SD-JWT-VC`_ and Section 11 `OAUTH-STATUS-ASSERTION`_. + * - **cnf** + - [NSD].JSON object containing the proof-of-possession key materials. By including a **cnf** (confirmation) claim in a JWT, the issuer of the JWT declares that the Holder is in control of the private key related to the public one defined in the **cnf** parameter. The recipient MUST cryptographically verify that the Holder is in control of that key. + - `[RFC7800, Section 3.1] `_ and Section 3.2.2.2 `SD-JWT-VC`_. + * - **vct** + - [NSD]. Credential type value MUST be an HTTPS URL String and it MUST be set using one of the values obtained from the PID/(Q)EAA Issuer metadata. It is the identifier of the SD-JWT VC type and it MUST be set with a collision-resistant value as defined in Section 2 of :rfc:`7515`. It MUST contain also the number of version of the Credential type (for instance: ``https://issuer.example.org/v1.0/personidentificationdata``). + - Section 3.2.2.2 `SD-JWT-VC`_. + * - **vct#integrity** + - [NSD].The value MUST be an "integrity metadata" string as defined in Section 3 of [`W3C-SRI`_]. *SHA-256*, *SHA-384* and *SHA-512* MUST be supported as cryptographic hash functions. *MD5* and *SHA-1* MUST NOT be used. This claim MUST be verified according to Section 3.3.5 of [`W3C-SRI`_]. + - Section 6.1 `SD-JWT-VC`_, [`W3C-SRI`_] + * - **verification** + - [NSD].Object containing user authentication information. It MUST contain the following sub-value: + + * ``trust_framework``: String identifying the trust framework used for user digital authetication. + * ``assurance_level``: String identifying the level of identity assurance guarateed during the authentication process. + * ``evidence``: It MUST contain ``method`` claim identifying the digital identity system used for the authentication. + - `OIDC-IDA`_. + +.. note:: + + Credential Type Metadata JSON Document MAY be retrieved directly from the URL contained in the claim **vct**, using the HTTP GET method or using the vctm header parameter if provided. Unlike specified in Section 6.3.1 of `SD-JWT-VC`_ the **.well-known** endpoint is not included in the current implementation profile. Implementers may decide to use it for interoperability with other systems. + + +Digital Credential Metadata Type +-------------------------------- + +The Metadata type document MUST be a JSON object and contains the following parameters. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **name** + - REQUIRED. Human-readable name of the Digital Credential type. In case of multiple language, the language tags are added to member name, delimited by a # character as defined in :rfc:`5646` (e.g. *name#it-IT*). + - [`SD-JWT-VC`_] Section 6.2 and [`OIDC`_] Section 5.2. + * - **description** + - REQUIRED. A human-readable description of the Digital Credential type. In case of multiple language, the language tags are added to member name, delimited by a # character as defined in :rfc:`5646`. + - [`SD-JWT-VC`_] Section 6.2 and [`OIDC`_] Section 5.2. + * - **extends** + - OPTIONAL. String Identitifier of an exteded metadata type document. + - [`SD-JWT-VC`_] Section 6.2. + * - **extends#integrity** + - CONDITIONAL. REQUIRED if **extends** is present. + - [`SD-JWT-VC`_] Section 6.2. + * - **schema** + - CONDITIONAL. REQUIRED if **schema_uri** is not present. + - [`SD-JWT-VC`_] Section 6.2. + * - **schema_uri** + - CONDITIONAL. REQUIRED if **schema** is not present. + - [`SD-JWT-VC`_] Section 6.2. + * - **schema#integrity** + - CONDITIONAL. REQUIRED if **schema_uri** is not present. + - [`SD-JWT-VC`_] Section 6.2. + * - **data_source** + - REQUIRED. Object containing information about the data origin. It MUST contain the object ``verification`` with this following sub-value: + + * ``trust_framework``: MUST cointain trust framework used for digital authentication towards authentic source system. + * ``authentic_source``: MUST contain ``organization_name`` and ``organization_code`` cliam related to name and code identifier of the authentic source. + - This specification + * - **vc_claims** + - REQUIRED. Object containing useful information about the Digital credential graphical rappresentation. It MUST contain the for each credential claim the following objects: + + * ``display``: MUST cointain name human-readable display name. + * ``graphics``: MUST contain position, font character, color, size. + - This specification + + +A non-normative Digital Credential metadata type is provided below. + +.. literalinclude:: ../../examples/vc-metadata-type.json + :language: JSON + +.. _sec-pid-user-claims: + +PID Claims +---------- + +Depending on the Digital Credential type **vct**, additional claims data MAY be added. The PID MUST support the following data: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **given_name** + - [SD]. Current First Name. + - `[OpenID Connect Core 1.0, Section 5.1] `_ + * - **family_name** + - [SD]. Current Family Name. + - `[OpenID Connect Core 1.0, Section 5.1] `_ + * - **birth_date** + - [SD]. Date of Birth. + - + * - **unique_id** + - [SD]. Unique citizen identifier (ID ANPR) given by the National Register of the Resident Population (ANPR). It MUST be set according to `ANPR rules `_ + - + * - **tax_id_code** + - [SD]. National tax identification code of natural person as a String format. It MUST be set according to ETSI EN 319 412-1. For example ``TINIT-`` + - + +The PID attribute schema, which encompasses all potential User data, is defined in `ARF v1.4 `_, and furthermore detailed in the `PID Rulebook `_. + + +PID Non-Normative Examples +-------------------------- + +In the following, the non-normative example of the payload of a PID represented in JSON format. + +.. literalinclude:: ../../examples/pid-json-example-payload.json + :language: JSON + +The corresponding SD-JWT version for PID is given by + +.. literalinclude:: ../../examples/pid-sd-jwt-example-header.json + :language: JSON + +.. literalinclude:: ../../examples/pid-sd-jwt-example-payload.json + :language: JSON + +In the following the disclosure list is given + +**Claim** ``iat``: + +- SHA-256 Hash: ``Yrc-s-WSr4exEYtqDEsmRl7spoVfmBxixP12e4syqNE`` +- Disclosure: + ``WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImlhdCIsIDE2ODMwMDAwMDBd`` +- Contents: ``["2GLC42sKQveCfGfryNRN9w", "iat", 1683000000]`` + +**Claim** ``unique_id``: + +- SHA-256 Hash: ``BoMGktW1rbikntw8Fzx_BeL4YbAndr6AHsdgpatFCig`` +- Disclosure: + ``WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgInVuaXF1ZV9pZCIsICJ4eHh4`` + ``eHh4eC14eHh4LXh4eHgteHh4eC14eHh4eHh4eHh4eHgiXQ`` +- Contents: ``["eluV5Og3gSNII8EYnsxA_A", "unique_id",`` + ``"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"]`` + +**Claim** ``given_name``: + +- SHA-256 Hash: ``zVdghcmClMVWlUgGsGpSkCPkEHZ4u9oWj1SlIBlCc1o`` +- Disclosure: + ``WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImdpdmVuX25hbWUiLCAiTWFy`` + ``aW8iXQ`` +- Contents: ``["6Ij7tM-a5iVPGboS5tmvVA", "given_name", "Mario"]`` + +**Claim** ``family_name``: + +- SHA-256 Hash: ``VQI-S1mT1Kxfq2o8J9io7xMMX2MIxaG9M9PeJVqrMcA`` +- Disclosure: + ``WyJlSThaV205UW5LUHBOUGVOZW5IZGhRIiwgImZhbWlseV9uYW1lIiwgIlJv`` + ``c3NpIl0`` +- Contents: ``["eI8ZWm9QnKPpNPeNenHdhQ", "family_name", "Rossi"]`` + +**Claim** ``birth_date``: + +- SHA-256 Hash: ``s1XK5f2pM3-aFTauXhmvd9pyQTJ6FMUhc-JXfHrxhLk`` +- Disclosure: + ``WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImJpcnRoX2RhdGUiLCAiMTk4`` + ``MC0wMS0xMCJd`` +- Contents: ``["Qg_O64zqAxe412a108iroA", "birth_date", "1980-01-10"]`` + +**Claim** ``tax_id_code``: + +- SHA-256 Hash: ``ENNo31jfzFp8Y2DW0R-fIMeWwe7ELGvGoHMwMBpu14E`` +- Disclosure: + ``WyJBSngtMDk1VlBycFR0TjRRTU9xUk9BIiwgInRheF9pZF9jb2RlIiwgIlRJ`` + ``TklULVhYWFhYWFhYWFhYWFhYWFgiXQ`` +- Contents: ``["AJx-095VPrpTtN4QMOqROA", "tax_id_code",`` + ``"TINIT-XXXXXXXXXXXXXXXX"]`` + + + +The combined format for the PID issuance is given by + +.. code-block:: + + eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0.eyJfc2QiOiBb + IkJvTUdrdFcxcmJpa250dzhGenhfQmVMNFliQW5kcjZBSHNkZ3BhdEZDaWciLCAiRU5O + bzMxamZ6RnA4WTJEVzBSLWZJTWVXd2U3RUxHdkdvSE13TUJwdTE0RSIsICJWUUktUzFt + VDFLeGZxMm84Sjlpbzd4TU1YMk1JeGFHOU05UGVKVnFyTWNBIiwgIllyYy1zLVdTcjRl + eEVZdHFERXNtUmw3c3BvVmZtQnhpeFAxMmU0c3lxTkUiLCAiczFYSzVmMnBNMy1hRlRh + dVhobXZkOXB5UVRKNkZNVWhjLUpYZkhyeGhMayIsICJ6VmRnaGNtQ2xNVldsVWdHc0dw + U2tDUGtFSFo0dTlvV2oxU2xJQmxDYzFvIl0sICJpc3MiOiAiaHR0cHM6Ly9waWRwcm92 + aWRlci5leGFtcGxlLm9yZyIsICJpYXQiOiAxNjgzMDAwMDAwLCAiZXhwIjogMTg4MzAw + MDAwMCwgInN1YiI6ICJOemJMc1hoOHVEQ2NkN25vV1hGWkFmSGt4WnNSR0M5WHMiLCAi + c3RhdHVzIjogeyJzdGF0dXNfYXNzZXJ0aW9uIjogeyJjcmVkZW50aWFsX2hhc2hfYWxn + IjogInNoYS0yNTYifX0sICJ2Y3QiOiAiaHR0cHM6Ly9waWRwcm92aWRlci5leGFtcGxl + Lm9yZy92MS4wL3BlcnNvbmlkZW50aWZpY2F0aW9uZGF0YSIsICJ2Y3QjaW50ZWdyaXR5 + IjogImM1ZjczZTI1MGZlODY5ZjI0ZDE1MTE4YWNjZTI4NmM5YmI1NmI2M2E0NDNkYzg1 + YWY2NTNjZDczZjYwNzhiMWYiLCAidmVyaWZpY2F0aW9uIjogeyJ0cnVzdF9mcmFtZXdv + cmsiOiAiZWlkYXMiLCAiYXNzdXJhbmNlX2xldmVsIjogImhpZ2giLCAiZXZpZGVuY2Ui + OiB7Im1ldGhvZCI6ICJjaWUifX0sICJfc2RfYWxnIjogInNoYS0yNTYiLCAiY25mIjog + eyJqd2siOiB7Imt0eSI6ICJFQyIsICJjcnYiOiAiUC0yNTYiLCAieCI6ICJUQ0FFUjE5 + WnZ1M09IRjRqNFc0dmZTVm9ISVAxSUxpbERsczd2Q2VHZW1jIiwgInkiOiAiWnhqaVdX + YlpNUUdIVldLVlE0aGJTSWlyc1ZmdWVjQ0U2dDRqVDlGMkhaUSJ9fX0.NE_Q2unPGzoh + rIyVI0kAZ8nz3DLhUXBBd-jji8302PyIU0xqLnGtcWrdM9NPE_-BfUe3H-XFahYOMI54 + PUvdZw~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImlhdCIsIDE2ODMwMDAwMDBd~ + WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgInVuaXF1ZV9pZCIsICJ4eHh4eHh4eC14 + eHh4LXh4eHgteHh4eC14eHh4eHh4eHh4eHgiXQ~WyI2SWo3dE0tYTVpVlBHYm9TNXRtd + lZBIiwgImdpdmVuX25hbWUiLCAiTWFyaW8iXQ~WyJlSThaV205UW5LUHBOUGVOZW5IZG + hRIiwgImZhbWlseV9uYW1lIiwgIlJvc3NpIl0~WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm + 9BIiwgImJpcnRoX2RhdGUiLCAiMTk4MC0wMS0xMCJd~WyJBSngtMDk1VlBycFR0TjRRT + U9xUk9BIiwgInRheF9pZF9jb2RlIiwgIlRJTklULVhYWFhYWFhYWFhYWFhYWFgiXQ~ + +(Q)EAA non-normative examples +----------------------------- + +In the following, we provide a non-normative example of (Q)EAA in JSON. + +.. literalinclude:: ../../examples/qeaa-json-example-payload.json + :language: JSON + +The corresponding SD-JWT for the previous data is represented as follow, as decoded JSON for both header and payload. + +.. literalinclude:: ../../examples/qeaa-sd-jwt-example-header.json + :language: JSON + +.. literalinclude:: ../../examples/qeaa-sd-jwt-example-payload.json + :language: JSON + +In the following the disclosure list is given: + +**Claim** ``iat``: + +- SHA-256 Hash: ``Yrc-s-WSr4exEYtqDEsmRl7spoVfmBxixP12e4syqNE`` +- Disclosure: + ``WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImlhdCIsIDE2ODMwMDAwMDBd`` +- Contents: ``["2GLC42sKQveCfGfryNRN9w", "iat", 1683000000]`` + +**Claim** ``document_number``: + +- SHA-256 Hash: ``Dx-6hjvrcxNzF0slU6ukNmzHoL-YvBN-tFa0T8X-bY0`` +- Disclosure: + ``WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgImRvY3VtZW50X251bWJlciIs`` + ``ICJYWFhYWFhYWFhYIl0`` +- Contents: + ``["eluV5Og3gSNII8EYnsxA_A", "document_number", "XXXXXXXXXX"]`` + +**Claim** ``given_name``: + +- SHA-256 Hash: ``zVdghcmClMVWlUgGsGpSkCPkEHZ4u9oWj1SlIBlCc1o`` +- Disclosure: + ``WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImdpdmVuX25hbWUiLCAiTWFy`` + ``aW8iXQ`` +- Contents: ``["6Ij7tM-a5iVPGboS5tmvVA", "given_name", "Mario"]`` + +**Claim** ``family_name``: + +- SHA-256 Hash: ``VQI-S1mT1Kxfq2o8J9io7xMMX2MIxaG9M9PeJVqrMcA`` +- Disclosure: + ``WyJlSThaV205UW5LUHBOUGVOZW5IZGhRIiwgImZhbWlseV9uYW1lIiwgIlJv`` + ``c3NpIl0`` +- Contents: ``["eI8ZWm9QnKPpNPeNenHdhQ", "family_name", "Rossi"]`` + +**Claim** ``birth_date``: + +- SHA-256 Hash: ``s1XK5f2pM3-aFTauXhmvd9pyQTJ6FMUhc-JXfHrxhLk`` +- Disclosure: + ``WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImJpcnRoX2RhdGUiLCAiMTk4`` + ``MC0wMS0xMCJd`` +- Contents: ``["Qg_O64zqAxe412a108iroA", "birth_date", "1980-01-10"]`` + +**Claim** ``expiry_date``: + +- SHA-256 Hash: ``aBVdfcnxT0Z5RrwdxZSUhuUxz3gM2vcEZLeYIj61Kas`` +- Disclosure: + ``WyJBSngtMDk1VlBycFR0TjRRTU9xUk9BIiwgImV4cGlyeV9kYXRlIiwgIjIw`` + ``MjQtMDEtMDEiXQ`` +- Contents: ``["AJx-095VPrpTtN4QMOqROA", "expiry_date", "2024-01-01"]`` + +**Claim** ``tax_id_code``: + +- SHA-256 Hash: ``8JjozBfovMNvQ3HflmPWy4O19Gpxs61FWHjZebU589E`` +- Disclosure: + ``WyJQYzMzSk0yTGNoY1VfbEhnZ3ZfdWZRIiwgInRheF9pZF9jb2RlIiwgIlRJ`` + ``TklULVhYWFhYWFhYWFhYWFhYWFgiXQ`` +- Contents: ``["Pc33JM2LchcU_lHggv_ufQ", "tax_id_code",`` + ``"TINIT-XXXXXXXXXXXXXXXX"]`` + +**Claim** ``constant_attendance_allowance``: + +- SHA-256 Hash: ``GE3Sjy_zAT34f8wa5DUkVB0FslaSJRAAc8I3lN11Ffc`` +- Disclosure: + ``WyJHMDJOU3JRZmpGWFE3SW8wOXN5YWpBIiwgImNvbnN0YW50X2F0dGVuZGFu`` + ``Y2VfYWxsb3dhbmNlIiwgdHJ1ZV0`` +- Contents: + ``["G02NSrQfjFXQ7Io09syajA", "constant_attendance_allowance",`` + ``true]`` + + +The combined format for the (Q)EAA issuance is represented below: + +.. code-block:: + + eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0.eyJfc2QiOiBb + IjhKam96QmZvdk1OdlEzSGZsbVBXeTRPMTlHcHhzNjFGV0hqWmViVTU4OUUiLCAiRHgt + NmhqdnJjeE56RjBzbFU2dWtObXpIb0wtWXZCTi10RmEwVDhYLWJZMCIsICJHRTNTanlf + ekFUMzRmOHdhNURVa1ZCMEZzbGFTSlJBQWM4STNsTjExRmZjIiwgIlZRSS1TMW1UMUt4 + ZnEybzhKOWlvN3hNTVgyTUl4YUc5TTlQZUpWcXJNY0EiLCAiWXJjLXMtV1NyNGV4RVl0 + cURFc21SbDdzcG9WZm1CeGl4UDEyZTRzeXFORSIsICJhQlZkZmNueFQwWjVScndkeFpT + VWh1VXh6M2dNMnZjRVpMZVlJajYxS2FzIiwgInMxWEs1ZjJwTTMtYUZUYXVYaG12ZDlw + eVFUSjZGTVVoYy1KWGZIcnhoTGsiLCAielZkZ2hjbUNsTVZXbFVnR3NHcFNrQ1BrRUha + NHU5b1dqMVNsSUJsQ2MxbyJdLCAiaXNzIjogImh0dHBzOi8vaXNzdWVyLmV4YW1wbGUu + b3JnIiwgImlhdCI6IDE2ODMwMDAwMDAsICJleHAiOiAxODgzMDAwMDAwLCAic3ViIjog + Ik56YkxzWGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcyIsICJzdGF0dXMiOiB7InN0 + YXR1c19hc3NlcnRpb24iOiB7ImNyZWRlbnRpYWxfaGFzaF9hbGciOiAic2hhLTI1NiJ9 + fSwgInZjdCI6ICJodHRwczovL2lzc3Vlci5leGFtcGxlLm9yZy92MS4wL2Rpc2FiaWxp + dHljYXJkIiwgInZjdCNpbnRlZ3JpdHkiOiAiMmU0MGJjZDY3OTkwMDgwODVmZmIxYTFm + MzUxN2VmZWUzMzUyOThmZDk3NmIzZTY1NWJmYjNmNGVhYTExZDE3MSIsICJ2ZXJpZmlj + YXRpb24iOiB7InRydXN0X2ZyYW1ld29yayI6ICJlaWRhcyIsICJhc3N1cmFuY2VfbGV2 + ZWwiOiAiaGlnaCIsICJldmlkZW5jZSI6IHsibWV0aG9kIjogImNpZSJ9fSwgIl9zZF9h + bGciOiAic2hhLTI1NiIsICJjbmYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6 + ICJQLTI1NiIsICJ4IjogIlRDQUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxz + N3ZDZUdlbWMiLCAieSI6ICJaeGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0 + NGpUOUYySFpRIn19fQ.FAIV8Cncch43N07yBcWleJg4ZO9o_XdefgIejdShK1cCj8yT9 + S022cvSpdxuV44x-c_XmTn3Db9t0jJJPtqebA~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STj + l3IiwgImlhdCIsIDE2ODMwMDAwMDBd~WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgI + mRvY3VtZW50X251bWJlciIsICJYWFhYWFhYWFhYIl0~WyI2SWo3dE0tYTVpVlBHYm9TN + XRtdlZBIiwgImdpdmVuX25hbWUiLCAiTWFyaW8iXQ~WyJlSThaV205UW5LUHBOUGVOZW + 5IZGhRIiwgImZhbWlseV9uYW1lIiwgIlJvc3NpIl0~WyJRZ19PNjR6cUF4ZTQxMmExMD + hpcm9BIiwgImJpcnRoX2RhdGUiLCAiMTk4MC0wMS0xMCJd~WyJBSngtMDk1VlBycFR0T + jRRTU9xUk9BIiwgImV4cGlyeV9kYXRlIiwgIjIwMjQtMDEtMDEiXQ~WyJQYzMzSk0yTG + NoY1VfbEhnZ3ZfdWZRIiwgInRheF9pZF9jb2RlIiwgIlRJTklULVhYWFhYWFhYWFhYWF + hYWFgiXQ~WyJHMDJOU3JRZmpGWFE3SW8wOXN5YWpBIiwgImNvbnN0YW50X2F0dGVuZGF + uY2VfYWxsb3dhbmNlIiwgdHJ1ZV0~ + +MDOC-CBOR +========= + +The PID/(Q)EAA MDOC-CBOR data model is defined in ISO/IEC 18013-5, the standard born for the the mobile driving license (mDL) use case. + +The MDOC data elements MUST be encoded as defined in `RFC 8949 - Concise Binary Object Representation (CBOR) `_. + +The PID encoded in MDOC-CBOR format uses the document type set to `eu.europa.ec.eudiw.pid.1`, according to the reverse domain approach defined in the +`EIDAS-ARF`_ and ISO/IEC 18013-5. + +The document's data elements utilize a consistent namespace for the mandatory Mobile Driving License attributes, while the national PID attributes use the domestic namespace `eu.europa.ec.eudiw.pid.it.1`, as outlined in this implementation profile. + +In compliance with ISO/IEC 18013-5, the MDOC data model in the domestic namespace `eu.europa.ec.eudiw.pid.it.1`, requires the following attributes: + +.. _table-mdoc-attributes: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Attribute name** + - **Description** + - **Reference** + * - **version** + - *tstr (text string)*. Version of the data structure being used. It's a way to track changes and updates to the standard or to a specific implementation profile. This allows for backward compatibility and understanding of the data if the standard or implementation evolves over time. + - [ISO 18013-5#8.3.2.1.2] + * - **status** + - *uint (unsigned int)*. Status code. For example ``"status":0`` means OK (normal processing). + - [ISO 18013-5#8.3.2.1.2.3] + * - **documents** + - *bstr (byte string)*. The collection of digital documents. Each document in this collection represents a specific type of data or information related to the Digital Credential. + - [ISO 18013-5#8.3.2.1.2] + +Each document within the **documents** collection MUST have the following structure: + +.. _table-mdoc-documents-attributes: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Attribute name** + - **Description** + - **Reference** + * - **docType** + - *tstr (text string)*. Document type. For the PID, the value MUST be set to ``eu.europa.ec.eudiw.pid.1.`` For an mDL, the value MUST be ``org.iso.18013-5.1.mDL``. + - [ISO 18013-5#8.3.2.1.2] + * - **issuerSigned** + - *bstr (byte string)*. It MUST contain the Mobile Security Object for Issuer data authentication and the data elements protected by Issuer data authentication. + - [ISO 18013-5#8.3.2.1.2] + +The **issuerSigned** object MUST have the following structure: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Attribute name** + - **Description** + - **Reference** + * - **nameSpaces** + - *bstr (byte string)* with *tag* 24 and *major type* 6. Returned data elements for the namespaces. It MAY be possible to have one or more namespaces. The `nameSpaces` MUST use the same value for the document type. However, it MAY have a domestic namespace to include attributes defined in this implementation profile. The value MUST be set to ``eu.europa.ec.eudiw.pid.it.1``. + - [ISO 18013-5#8.3.2.1.2] + * - **issuerAuth** + - *bstr (byte string)*. Contains *Mobile Security Object* (MSO), a COSE Sign1 Document, issued by the Credential Issuer. + - [ISO 18013-5#9.1.2.4] + +During the presentation of the MDOC-CBOR credential, in addition to the objects in the table above, a **deviceSigned** object MUST also be added. **deviceSigned** MUST NOT be included in the issued credential provided by the PID/(Q)EAA Issuer. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Attribute name** + - **Description** + - **Reference** + * - **deviceSigned** + - *bstr (byte string)*. Data elements signed by the Wallet Instance during the presentation phase. + - [ISO 18013-5#8.3.2.1.2] + +Where the **deviceSigned** MUST have the following structure: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Attribute name** + - **Description** + - **Reference** + * - **nameSpaces** + - *tstr (text string)*. Returned data elements for the namespaces. It MAY be possible to have one or more namespaces. It MAY be used for self-attested claims. + - [ISO 18013-5#8.3.2.1.2] + * - **deviceAuth** + - *bstr (byte string)*. It MUST contain either the *DeviceSignature* or the *DeviceMac* element. + - [ISO 18013-5#8.3.2.1.2] + + +.. note:: + + A **deviceSigned** object given during the presentation phase has two purposes: + + 1. It provides optional self-attested attributes in the ``nameSpaces`` object. If no self-attested attributes are provided by the Wallet Instance, the ``nameSpaces`` object MUST be included with an empty structure. + 2. Provide a cryptographic proof attesting that the Holder is the legitimate owner of the Credential, by means of a ``deviceAuth`` object. + + +.. note:: + + The ``issuerSigned`` and the ``deviceSigned`` objects contain the ``nameSpaces`` object and the *Mobile Security Object*. The latter is the only signed object, while the ``nameSpaces`` object is not signed. + + + +nameSpaces +---------- + +The **nameSpaces** object contains one or more *IssuerSignedItemBytes* that are encoded using CBOR bitsring 24 tag (#6.24(bstr .cbor), marked with the CBOR Tag 24(<<... >>) and represented in the example using the diagnostic format). It represents the disclosure information for each digest within the `Mobile Security Object` and MUST contain the following attributes: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Name** + - **Encoding** + - **Description** + * - **digestID** + - *integer* + - Reference value to one of the ``ValueDigests`` provided in the *Mobile Security Object* (`issuerAuth`). + * - **random** + - *bstr (byte string)* + - Random byte value used as salt for the hash function. This value SHALL be different for each *IssuerSignedItem* and it SHALL have a minimum length of 16 bytes. + * - **elementIdentifier** + - *tstr (text string)* + - Data element identifier. + * - **elementValue** + - depends by the value, see the next table. + - Data element value. + +The **elementIdentifier** data that MUST be included in a PID/(Q)EAA are: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Namespace** + - **Element identifier** + - **Description** + * - **eu.europa.ec.eudiw.pid.1** + - **issue_date** + - *full-date (CBORTag 1004)*. Date when the PID/(Q)EAA was issued. + * - **eu.europa.ec.eudiw.pid.1** + - **expiry_date** + - *full-date (CBORTag 1004)*. Date when the PID/(Q)EAA will expire. + * - **eu.europa.ec.eudiw.pid.1** + - **issuing_authority** + - *tstr (text string)*. Name of administrative authority that has issued the PID/(Q)EAA. + * - **eu.europa.ec.eudiw.pid.1** + - **issuing_country** + - *tstr (text string)*. Alpha-2 country code as defined in [ISO 3166]. + + +Depending on the Digital Credential type, additional **elementIdentifier** data MAY be added. The PID MUST support the following data: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Namespace** + - **Element identifier** + - **Description** + * - **eu.europa.ec.eudiw.pid.1** + - **given_name** + - *tstr (text string)*. See :ref:`PID Claims fields Section `. + * - **eu.europa.ec.eudiw.pid.1** + - **family_name** + - *tstr (text string)*. See :ref:`PID Claims fields Section `. + * - **eu.europa.ec.eudiw.pid.1** + - **birth_date** + - *full-date (CBORTag 1004)*. See :ref:`PID Claims fields Section `. + * - **eu.europa.ec.eudiw.pid.1** + - **unique_id** + - *tstr (text string)*. See :ref:`PID Claims fields Section `. + * - **eu.europa.ec.eudiw.pid.it.1** + - **tax_id_code** + - *tstr (text string)*. See :ref:`PID Claims fields Section `. + + +Mobile Security Object +---------------------- + +The **issuerAuth** represents the `Mobile Security Object` which is a `COSE Sign1 Document` defined in `RFC 9052 - CBOR Object Signing and Encryption (COSE): Structures and Process `_. It has the following data structure: + +* protected header +* unprotected header +* payload +* signature. + +The **protected header** MUST contain the following parameter encoded in CBOR format: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Element** + - **Description** + - **Reference** + * - **Signature algorithm** + - `-7` means ES256, SHA-256. + - RFC8152 + +.. note:: + + Only the Signature Algorithm MUST be present in the protected headers, other elements SHOULD not be present in the protected header. + + +The **unprotected header** MUST contain the following parameter: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Element** + - **Description** + - **Reference** + * - **x5chain** + - Identified with the label 33 + - `RFC 9360 CBOR Object Signing and Encryption (COSE) - Header Parameters for Carrying and Referencing X.509 Certificates `_. + +.. note:: + The `x5chain` is included in the unprotected header with the aim to make the Holder able to update the X.509 certificate chain, related to the `Mobile Security Object` issuer, without invalidating the signature. + +The **payload** MUST contain the *MobileSecurityObject*, without the `content-type` COSE Sign header parameter and encoded as a *byte string* (bstr) using the *CBOR Tag* 24. + +The `MobileSecurityObjectBytes` MUST have the following attributes: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Element** + - **Description** + - **Reference** + * - **docType** + - See :ref:`Table `. + - [ISO 18013-5#9.1.2.4] + * - **version** + - See :ref:`Table `. + - [ISO 18013-5#9.1.2.4] + * - **validityInfo** + - Object containing issuance and expiration datetimes. It MUST contain the following sub-value: + + * *signed* + * *validFrom* + * *validUntil* + - [ISO 18013-5#9.1.2.4] + * - **digestAlgorithm** + - According to the algorithm defined in the protected header. + - [ISO 18013-5#9.1.2.4] + * - **valueDigests** + - Mapped digest by unique id, grouped by namespace. + - [ISO 18013-5#9.1.2.4] + * - **deviceKeyInfo** + - It MUST contain the Wallet Instance's public key containing the following sub-values. + + * *deviceKey* (REQUIRED). + * *keyAuthorizations* (OPTIONAL). + * *keyInfo* (OPTIONAL). + - [ISO 18013-5#9.1.2.4] + +.. note:: + The private key related to the public key stored in the `deviceKey` object is used to sign the `DeviceSignedItems` object and proof the possession of the PID during the presentation phase (see the presentation phase with MDOC-CBOR). + + +MDOC-CBOR Examples +------------------ + +A non-normative example of a PID in MDOC-CBOR format is represented below using the AF Binary encoding: + +.. code-block:: text + + a366737461747573006776657273696f6e63312e3069646f63756d656e747381a267646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316c6973737565725369676e6564a26a697373756572417574688443a10126a1182159021930820215308201bca003020102021404ad06a30c1a6dc6e93be0e2e8f78dcafa7907c2300a06082a8648ce3d040302305b310b3009060355040613025a45312e302c060355040a0c25465053204d6f62696c69747920616e64205472616e73706f7274206f66205a65746f706961311c301a06035504030c1349414341205a65746573436f6e666964656e73301e170d3231303932393033333034355a170d3232313130333033333034345a3050311a301806035504030c114453205a65746573436f6e666964656e7331253023060355040a0c1c5a65746f70696120436974792044657074206f662054726166666963310b3009060355040613025a453059301306072a8648ce3d020106082a8648ce3d030107034200047c5545e9a0b15f4ff3ce5015121e8ad3257c28d541c1cd0d604fc9d1e352ccc38adef5f7902d44b7a6fc1f99f06eedf7b0018fd9da716aec2f1ffac173356c7da3693067301f0603551d23041830168014bba2a53201700d3c97542ef42889556d15b7ac4630150603551d250101ff040b3009060728818c5d050102301d0603551d0e04160414ce5fd758a8e88563e625cf056bfe9f692f4296fd300e0603551d0f0101ff040403020780300a06082a8648ce3d0403020347003044022012b06a3813ffec5679f3b8cddb51eaa4b95b0cbb1786b09405e2000e9c46618c02202c1f778ad252285ed05d9b55469f1cb78d773671f30fe7ab815371942328317c59032ad818590325a667646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316776657273696f6e63312e306c76616c6964697479496e666fa3667369676e6564c074323032332d30322d32325430363a32333a35365a6976616c696446726f6dc074323032332d30322d32325430363a32333a35365a6a76616c6964556e74696cc074323032342d30322d32325430303a30303a30305a6c76616c756544696765737473a2781865752e6575726f70612e65632e65756469772e7069642e31ac015820a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a025820cd372fb85148700fa88095e3492d3f9f5beb43e555e5ff26d95f5a6adc36f8e6035820e67e72111b363d80c8124d28193926000980e1211c7986cacbd26aacc5528d48045820f7d062d662826ed95869851db06bb539b402047baee53a00e0aa35bfbe98265d0658202a132dbfe4784627b86aa3807cd19cfeff487aab3dd7a60d0ab119a72e736936075820bdca9e8dbca354e824e67bfe1533fa4a238b9ea832f23fb4271ebeb3a5a8f7200858202c0eaec2f05b6c7fe7982683e3773b5d8d7a01e33d04dfcb162add8bd99bee9a095820bfe220d85657ccec3c67e7db1df747e9148a152334bb6d4b65b273279bcc36ec0a582018e38144f5044301d6a0b4ec9d5f98d4cd950e6ea2c29b849cbd457da29b6ad30b58203c71d2f0efa09d9e3fbbdffd29204f6b292c9f79570aef72dd86c91f7a3aa5c50c582065743d58d89d45e52044758f546034fd13a4f994bc270cdfa7844f74eb3f4b6e0d5820b4a8eb5d523bffa17b41bda12ddc7da32ae1e5f7ff3dcc394a35401f16919bbf781b65752e6575726f70612e65632e65756469772e7069642e69742e31a10e58209d6c11644651126c94acdaf0803e86d4c71d15d3b2712a14295416734efd514d6d6465766963654b6579496e666fa1696465766963654b6579a401022001215820ba01aea44eee1e338eb2f04e279dbd51b34655783ee185150838c9a7a7c4db7122582025ba0044439a3871a7b975a0994a85e79b705a9ac263b3fe899b0a93412ee8c96f646967657374416c676f726974686d675348412d32353658400813c28fd62f2602cbc14724e5865733c44a0fca589b55c085ec9d5c725d6cce25ba0044439a3871a7b975a0994a85e79b705a9ac263b3fe899b0a93412ee8c96a6e616d65537061636573a2781865752e6575726f70612e65632e65756469772e7069642e3188d818586da4686469676573744944016672616e646f6d5820156df9227ad341eaa61aabd301106fd21bdc18820e01dfc16bcf5fecc447111b71656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032342d30322d3232d818586fa4686469676573744944026672616e646f6d5820a3a1f13f05544d03a5b50b5fdb78465808393bcf3b7953a345fe28f820c7be0d71656c656d656e744964656e7469666965726d69737375616e63655f646174656c656c656d656e7456616c7565d903ec6a323032332d30322d3232d8185866a4686469676573744944036672616e646f6d5820852591f90f2c9ded57a03632e2c1322ab52a082a431e71a4149a6830c8f1ad0c71656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565624954d818587ca4686469676573744944046672616e646f6d5820d1d587b3512acce15c4f6b20944ceb002a464e4a158389788563408873c3fce571656c656d656e744964656e7469666965727169737375696e675f617574686f726974796c656c656d656e7456616c7565764d696e69737465726f2064656c6c27496e7465726e6fd8185864a4686469676573744944056672616e646f6d582094fdd7609c0e73dc8589b5cab11e1d9058cf8bff8a336da5f81fcba055396a0f71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c7565654d6172696fd8185865a4686469676573744944066672616e646f6d5820660c0a7bf79e0e0261ca1547a4294fb808aa70738f424b13ab1b9440b566ae1371656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756565526f737369d818586ba4686469676573744944076672616e646f6d5820315c53491286488fa07f5c2ce67135ef5c9959c3469c99a14e9b6dc924f9eba571656c656d656e744964656e746966696572696269727468646174656c656c656d656e7456616c7565d903ec6a313935362d30312d3132d818587da4686469676573744944086672616e646f6d5820764ef39c9d01f3aa6a87f441603cfe853fba3cee3bc2c168bcc9e96271d6e06371656c656d656e744964656e74696669657269756e697175655f69646c656c656d656e7456616c7565781e78787878787878782d7878782d787878782d787878787878787878787878781b65752e6575726f70612e65632e65756469772e7069642e69742e3181d8185877a46864696765737449440d6672616e646f6d5820717df3f583b1484366c33a1f869f2b5d201d466a8b589c79ab1a2d85e595432571656c656d656e744964656e7469666965726d7461785f69645f6e756d6265726c656c656d656e7456616c75657554494e49542d585858585858585858585858585858 + +The `Diagnostic Notation` of the above MDOC-CBOR is given below: + +.. literalinclude:: ../../examples/pid-mdoc-cbor-example.txt + :language: text + + diff --git a/ia-terms-updates/en/_sources/pid-eaa-entity-configuration.rst.txt b/ia-terms-updates/en/_sources/pid-eaa-entity-configuration.rst.txt new file mode 100644 index 000000000..f15444cee --- /dev/null +++ b/ia-terms-updates/en/_sources/pid-eaa-entity-configuration.rst.txt @@ -0,0 +1,145 @@ +.. include:: ../common/common_definitions.rst +.. _Entity_Configuration_Credential_Issuer: + +Entity Configuration of PID/(Q)EAA Providers +-------------------------------------------- + +The PID/(Q)EAA Providers, as Federation Entity, are required to adhere to the guidelines outlined in Section :ref:`Configuration of the Federation`. Specifically, they MUST provide a well-known endpoint that hosts their Entity Configuration. +The Entity Configuration of PID/(Q)EAA Providers MUST contain the parameters defined in the Sections :ref:`Entity Configuration Leaves and Intermediates` and :ref:`Entity Configurations Common Parameters`. + +The PID/(Q)EAA Providers MUST provide the following metadata types: + + - `federation_entity` + - `oauth_authorization_server` + - `openid_credential_issuer` + +In cases where the (Q)EAA Providers authenticate Users using their Wallet Instance, then the metadata for *wallet_relying_party* MUST be provided in addition to the metadata above. In case a national eID scheme is used by the PID/(Q)EAA Providers for the User authentication, they MAY include a metadata for *openid_relying_party* within their Entity Configuration. The *openid_relying_party* metadata MUST be compliant with the current version of `SPID/CIE id OIDC Technical Specification `_. + + +Metadata for federation_entity +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The *federation_entity* metadata MUST contain the parameters as defined in Section :ref:`Metadata of federation_entity Leaves`. + + +Metadata for oauth_authorization_server +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The *oauth_authorization_server* metadata MUST contain the following parameters. + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - **issuer** + - It MUST contain an HTTPS URL that uniquely identifies the PID/(Q)EAA Provider. + * - **pushed_authorization_request_endpoint** + - The URL of the pushed authorization request endpoint is where a Wallet Instance MUST submit an authorization request to obtain a *request_uri* value, which can then be used at the authorization endpoint. See :rfc:`9126#as_metadata`. + * - **authorization_endpoint** + - URL of the authorization server's authorization endpoint. See :rfc:`8414#section-2`. + * - **token_endpoint** + - URL of the authorization server's token endpoint. See :rfc:`8414#section-2`. + * - **client_registration_types_supported** + - Array specifying the registration types supported. The authorization server MUST support *automatic*. See `OID-FED`_ Section 5.1.3. + * - **code_challenge_methods_supported** + - JSON array containing a list of Proof Key for Code Exchange (PKCE) :rfc:`7636` code challenge methods supported by the authorization server. The authorization server MUST support *S256*. + * - **acr_values_supported** + - See `OpenID Connect Discovery 1.0 Section 3 `_. The supported values are: + + - `https://www.spid.gov.it/SpidL1` + - `https://www.spid.gov.it/SpidL2` + - `https://www.spid.gov.it/SpidL3` + * - **scopes_supported** + - JSON array containing a list of the supported *scope* values. See :rfc:`8414#section-2`. + * - **response_modes_supported** + - JSON array containing a list of the supported "response_mode" values, as specified in `OAuth 2.0 Multiple Response Type Encoding Practices `_. The supported values MAY be *query* and *form_post.jwt* (see `[oauth-v2-jarm-03] `__). + * - **authorization_signing_alg_values_supported** + - JSON array containing a list of the JWS :rfc:`7515` supported signing algorithms (*alg* values). The values MUST be set according to Section :ref:`Cryptographic algorithms`. See Section 4 of `[oauth-v2-jarm-03] `__. + * - **grant_types_supported** + - JSON array containing a list of the supported grant type values. The authorization server MUST support *authorization_code*. + * - **token_endpoint_auth_methods_supported** + - JSON array containing a list of supported client authentication methods. The Token Endpoint MUST support *attest_jwt_client_auth* as defined in `OAUTH-ATTESTATION-CLIENT-AUTH`_. + * - **token_endpoint_auth_signing_alg_values_supported** + - JSON array containing a list of the JWS signing algorithms ("*alg*" values) supported by the token endpoint for the signature on the JWT used to authenticate the client at the Token Endpoint. See :rfc:`8414#section-2`. + * - **request_object_signing_alg_values_supported** + - JSON array containing a list of the JWS signing algorithms ("*alg*" values) supported for Request Objects. See `[openid-connect-discovery-1_0] `_. + * - **jwks** + - JSON Web Key Set containing the cryptographic keys for the authorization server. See `OID-FED`_ Section 5.2.1 and `JWK`_. + +Metadata for openid_credential_issuer +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The *openid_credential_issuer* metadata MUST contain the following claims. + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - **credential_issuer** + - The PID/(Q)EAA Provider identifier. It MUST be a case sensitive URL using HTTPS scheme as defined in `OpenID4VCI`_ Sections 11.2.1 and 11.2.3. + * - **credential_endpoint** + - URL of the credential endpoint. See `OpenID4VCI`_ Section 11.2.3. + * - **revocation_endpoint** + - URL of the revocation endpoint. See :rfc:`8414#section-2`. + * - **status_attestation_endpoint** + - It MUST be an HTTPs URL indicating the endpoint where the Wallet Instances can request Status Attestations. See Section :ref:`Credential Lifecycle` for more details. + * - **notification_endpoint** + - It MUST be an HTTPs URL indicating the notification endpoint. See Section 11.2.3 of [`OpenID4VCI`_]. + * - **authorization_servers** + - OPTIONAL. Array of strings, where each string is an identifier of the OAuth 2.0 Authorization Server (as defined in [:rfc:`8414`]) the PID/(Q)EAA Provider relies on for authorization. If this parameter is omitted, the entity providing the PID/(Q)EAA Provider is also acting as the Authorization Server. + * - **display** + - See `OpenID4VCI`_ Section 11.2.3. Array of objects containing display language properties. The parameters that MUST be included are: + + - **name**: String value of a display name for the PID/(Q)EAA Provider. + - **locale**: String value that identifies the language of this object represented as a language tag taken from values defined in *BCP47* :rfc:`5646`. There MUST be only one object for each language identifier. + + * - **credential_configurations_supported** + - JSON object that outlines the details of the Credential supported by the PID/(Q)EAA Provider. It includes a list of name/value pairs, where each name uniquely identifies a specific supported Credential. This identifier is utilized to inform the Wallet Instance which Credential can be provided by the PID/(Q)EAA Provider. The associated value within the object MUST contain metadata specific to that Credential, as defined following. See `OpenID4VCI`_ Sections 11.2.3 and A.3.2. + + - **format**: String identifying the format of this Credential. The PID/(Q)EAA MUST support the value string "*vc+sd-jwt*". See `OpenID4VCI`_ Section A.3.1. + - **scope**: JSON String identifying the supported *scope* value. The Wallet Instance MUST use this value in the Pushed Authorization Request. Scope values MUST be the entire set or a subset of the *scope* values in the *scopes_supported* parameter of the Authorization Server. [See `OpenID4VCI`_ Section 11.2.3]. + - **cryptographic_binding_methods_supported**: JSON Array of case sensitive strings that identify the representation of the cryptographic key material that the issued Credential is bound to. The PID/(Q)EAA Provider MUST support the value "*jwk*". + - **credential_signing_alg_values_supported**: JSON Array of case sensitive strings that identify the algorithms that the PID/(Q)EAA Provider MUST support to sign the issued Credential. See Section :ref:`Cryptographic algorithms` for more details. + - **proof_types_supported**: JSON object which provide detailed information about the key proof(s) supported by the PID/(Q)EAA Provider. It consists of a list of name/value pairs, where each name uniquely identifies a supported proof type. The PID/(Q)EAA Provider MUST support at least "*jwt*" as defined in `OpenID4VCI`_ Section 7.2. The value associated with each name/value pair is a JSON object containing metadata related to the key proof. The PID/(Q)EAA Provider MUST support at least the parameter **proof_signing_alg_values_supported** which MUST be a JSON Array of case sensitive strings that identify the supported algorithms (see Section :ref:`Cryptographic algorithms` for more details about the supported algorithms). + - **display**: Array of objects containing display language properties. The parameters that MUST be included are: + + - **name**: String value of a display name for the Credential. + - **locale**: String value that identifies the language of this object represented as a language tag taken from values defined in *BCP47* :rfc:`5646`. There MUST be only one object for each language identifier. + + - **vct**: As defined in [:ref:`SD-JWT-VC Credential Format`]. + - **claims**: JSON object comprising a collection of name/value pairs, where each name represents a claim related to the subject described in the Credential. The value associated with each name MAY be either another nested object or an array of objects. To provide detailed information about the claim, the innermost value MUST contain at least the following parameters. See `OpenID4VCI`_ Section A.3.2. + + - **value_type**: String value determining the type of value of the claim. The values that MUST be supported by the PID/(Q)EAA Provider are *String* and *Boolean*. + - **display**: Array of objects containing display language properties. The parameters that MUST be included are: + + - **name**: String value of a display name for the claim. + - **locale**: String value that identifies the language of this object represented as a language tag taken from values defined in *BCP47* :rfc:`5646`. There MUST be only one object for each language identifier. + + * - **jwks** + - JSON Web Key Set document, passed by value, containing the protocol specific keys for the Credential Issuer. See `OID-FED`_ Section 5.2.1 and `JWK`_. + + + +Metadata for wallet_relying_party +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The *wallet_relying_party* metadata MUST contain the parameters as defined in Section :ref:`Metadata for wallet_relying_party`. + + +Example of a (Q)EAA Provider Entity Configuration +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Below is a non-normative example of an Entity Configuration of a (Q)EAA Provider containing a metadata for + + - `federation_entity` + - `oauth_authorization_server` + - `openid_credential_issuer` + - `wallet_relying_party` + +.. literalinclude:: ../../examples/ec-eaa.json + :language: JSON + diff --git a/ia-terms-updates/en/_sources/pid-eaa-issuance.rst.txt b/ia-terms-updates/en/_sources/pid-eaa-issuance.rst.txt new file mode 100644 index 000000000..2df499f56 --- /dev/null +++ b/ia-terms-updates/en/_sources/pid-eaa-issuance.rst.txt @@ -0,0 +1,1045 @@ +.. include:: ../common/common_definitions.rst + +.. _pid_eaa_issuance.rst: + +PID/(Q)EAA Issuance ++++++++++++++++++++ + +This section describes the PID and (Q)EAAs issuance flow with an high level of security. +The relevant entities and interfaces involved in the issuance flow are: + + - *Wallet Provider*, + - *Wallet Solution*, + - *Wallet Instance*, + - *PID Provider*, + - *National Identity Provider*, + - *(Q)EAA Provider*. + + +PID/(Q)EAA Providers are composed of: + + - Credential Issuer Component: based on the "OpenID for Verifiable Credential Issuance" specification [`OpenID4VCI`_] to release the PID/(Q)EAA. + - Relying Party Component: The component to authenticate the User. PID Providers authenticate users with the national Digital Identity Providers, based on OpenID Connect Core 1.0 or SAML2 while (Q)EAA Providers authenticate users with the PID. + +The (Q)EAA Provider acts as a Verifier by sending a presentation request to the Wallet Instance, according to [`OpenID4VP`_]. The Wallet Instance MUST have a valid PID, obtained in a previous time, to get authenticated with the (Q)EAA Provider. + + +High-Level PID flow +------------------- + +The :numref:`fig_High-Level-Flow-ITWallet-PID-Issuance` shows a general architecture and highlights the main operations involved in the issuance of a PID. + +.. _fig_High-Level-Flow-ITWallet-PID-Issuance: +.. figure:: ../../images/High-Level-Flow-ITWallet-PID-Issuance.svg + :figwidth: 100% + :align: center + + PID Issuance - General architecture and high level flow. + +Below the description of the steps represented in the previous picture: + + 0. **Wallet Instance Setup**: the first time the Wallet Instance is started a preliminary setup phase is carried out. It consists of the release of the Wallet Attestation issued by Wallet Attestation Service asserting the genuineness and the compliance of the Wallet Instance with the shared trust framework. The Wallet Attestation binds the public key provided by the Wallet Instance, related to one of the private keys generated by the Wallet Instance. + 1. **PID/(Q)EAA Provider Discovery**: the Wallet Instance discovers the trusted Digital Credential Issuers using the Federation API (e.g.: using the Subordinate Listing Endpoint of the Trust Anchor and its Intermediates), inspecting the Credential Issuer metadata and Trust Marks for filtering the PID Provider. + 2. **PID Provider Metadata**: the Wallet Instance establishes the trust to the PID Provider according to the Trust Model and obtains the Metadata that discloses the formats of the PID, the algorithms supported, and any other parameter required for interoperability needs. + 3. **PID Request**: using the Authorization Code Flow defined in [`OpenID4VCI`_] the Wallet Instance requests the PID to the PID Provider. + 4. **User Authentication**: the PID Provider authenticates the User with LoA High, acting as an Identity and Access Management Proxy to the National eID system. + 5. **PID Issuance**: the User is authenticated with LoA High and the PID Provider releases a PID bound to the key material held by the requesting Wallet Instance. + +In the following sections the steps from 1 to 5 are further expanded into more technical details. + +High-Level (Q)EAA flow +---------------------- + +The :numref:`fig_High-Level-Flow-ITWallet-QEAA-Issuance` shows a general architecture and highlights the main operations involved in the issuance of a (Q)EAA, following the assumptions listed below: + + - the User has a valid PID stored in their own Wallet Instance; + - the (Q)EAA requires a high security implementation profile. + +.. _fig_High-Level-Flow-ITWallet-QEAA-Issuance: +.. figure:: ../../images/High-Level-Flow-ITWallet-QEAA-Issuance.svg + :figwidth: 70% + :align: center + + (Q)EAA Issuance - General architecture and high level flow + +Below the description of the most relevant operations involved in the (Q)EAA issuance: + + 1. **Discovery of the trusted (Q)EAA Provider**: the Wallet Instance obtains the list of the trusted (Q)EAA Provider using the Federation API (e.g.: using the Subordinate Listing Endpoint of the Trust Anchor and its Intermediates), then inspects the metadata and Trust Mark looking for the Digital Credential capabilities of each (Q)EAA Provider. + 2. **(Q)EAA Provider Metadata**: the Wallet Instance establishes the trust to the (Q)EAA Provider according to the Trust Model, obtaining the Metadata that discloses the formats of the (Q)EAA, the algorithms supported, and any other parameter required for interoperability needs. + 3. **(Q)EAA Request**: using the Authorization Code Flow , defined in [`OpenID4VCI`_], the Wallet Instance requests a (Q)EAA to the (Q)EAA Provider. + 4. **User Authentication**: the (Q)EAA Provider, acting as a Verifier (Relying Party), authenticates the User evaluating the presentation of the PID. + 5. **(Q)EAA Issuance**: the User is authenticated with a valid PID and the (Q)EAA Provider releases a (Q)EAA bound to the key material held by the requesting Wallet Instance. + + +Low-Level Issuance Flow +----------------------- + +The PID/(Q)EAA Issuance flow is based on [`OpenID4VCI`_] and the following main reference standards/specifications MUST be supported on top of `OpenID4VCI`_: + + * **The OAuth 2.0 Authorization Framework** [:rfc:`6749`], as recommended in Section 3 of [`OpenID4VCI`_]. + * **Pushed Authorization Requests** (PAR) [:rfc:`9126`], as recommended in Section 5 of [`OpenID4VCI`_]. + * **Proof Key for Code Exchange** (PKCE) [:rfc:`7636`], as recommended in Section 5 of [`OpenID4VCI`_]. + * **JWT Authorization Requests** (JAR) [:rfc:`9101`]. + * **JWT Authorization Response Modes** (JARM) [`OAUTH-V2-JARM-04`_]. + * **Rich Authorization Requests** (RAR) [:rfc:`9396`]. + * **OAuth 2.0 Attestation-Based Client Authentication** [`OAUTH-ATTESTATION-CLIENT-AUTH`_]. + * **OpenID Federation 1.0** [`OID-FED`_]. + +The PID/(Q)EAA Provider MUST use *OAuth 2.0 Authorization Server* based on :rfc:`6749` to authorize the User to obtain a Credential. PID/(Q)EAA Providers MUST support + + * **Authorization Code Flow**: The PID/(Q)EAA Provider requires User authentication and consent at the Authorization Endpoint before collecting User information to create and provide a Credential. + * **Wallet Initiated Flow**: The request from the Wallet Instance is sent to the PID/(Q)EAA Provider without any input from the latter. + * **Same-device Issuance flow**: The User receives the Credential on the same device that initiated the flow. + * **Immediate Issuance flow**: The PID/(Q)EAA Provider issues the Credential directly in response to the Credential Request. + * **Deferred Issuance flow**: The PID/(Q)EAA Provider may require time to issue the requested Digital Credential, due to the Authentic Sources data provisioning rules, and allows the Wallet to retrieve the requested Credential in the future. + + +.. _fig_Low-Level-Flow-ITWallet-PID-QEAA-Issuance: + +.. figure:: ../../images/Low-Level-Flow-ITWallet-PID-QEAA-Issuance.svg + :figwidth: 100% + :align: center + :target: https://www.plantuml.com/plantuml/svg/hPRVJoCt4CVV_LUCk8S6QIEggaz8Txe0wH7r12dan4kbbTcTP4TixAqzJYxzwsklazW9eLUa8WGRUtvy_PaPRpvRbeRTiXNIiLPk-On6YCwlKKMTL0ndtooQCv0Md13F-djS-Cc2NNghhj4Ap-33LreqVDKwFFIzCdgzTvU7Uq-oRP5Xehm4LM5linQeQl1PZZHC9pSNWp_EnwCHJ8rUKRsDISB_h67u2Tmbw6UMf62ZdO4RMX3B5guDrgYOP2iS3BtT-X8sQ8KmIZE2Ng61DNnukftCnk8-1k06eINBeEVzyymuorZ32H4swEr3UHd3Jrv4fTMSpB9tjDXYnQILZtJAMmZd9Nb5-kLGK46UwEJBxUpBmtXy9wuRh5vE1G2ou3djbVw6Vb7s6QMgTq28BIoHPIrPvdeXu00lsQ1aXEdlrsCllqRm6cXEQFeWJvFHSAgdMtlozjFH0ppWNmujm-1F1M3GTbfPB7dJOH5MgfPGSKbr_EI3bbKJwgqMU6AfzF8Q7OrDZ7mE_iEQk87xaUDcUDr778wO_MOwubkRGJ9iQtcBqcF90P_26zlnlw3TEbXQACdEuCva6-5OOi2_aYtLn1l8-0kA3Rad6Y72O4kWT8OAmEyT6RGbgVFOwg7NvIM4Ssj3V_TvKZaIUCZ2d0idUqzwjwEGBMTJ11y_XaOyW5cutG0v6vh69mZ6LPyXrb3rpzuT9pUZH_3EeS5gUAmQNABjELNXz8eJ8Mmj7gME_N_-tlHUyHifLBshWoTq32UL9BHh0Q6g_XzPkmUwVfTJcha5gj1E23UXKLzmy-PUPxIUvvC8SsrENWQiNr01ghhJf5Xa4plpEwdM0KaUU_1wOXT6Aix6MTVPsEwkXx1Yi2Q3LMoM_tra1KKcyGGvMrbLQ6tP7xc89uzoiu4fe2gLLXNk7yfycbvTW966_-sqjJvw43pOUlRcH_O9uPibgLBtfhhiov9w-qHjiXD6Rdd5KjoonZaf2W2B86CfkOXMhsUNBCYLf5O-jmWYqSrj4k9Ti9JhNu4MSQgtS-SRAIUSsAIhC9mfbDvPgCA5cfbRrWQpn1cpkop9djhjR3Q5wVtZ32vKlZyuabG0hb35TqiYFUf9nnOJfruJLr-_ZSK3BiYoNvLj2zpayeO6MybOWo0LgCNa_Wbyb7t-2uChlHMMtWDP5VAZfJhqP_lbvr_zDbnhnQXOfAinLVRkVfQg-uFIjYZhacc9FnYHZ8KhICmQXADlRGN8UGz5WLngf-BxqaS6ss4LB_dd3UmJzbLVDwY03IqMQE9-u1c-LlRNfM7RBynRlGQvaAGEB-pF_ezRjly0 + + PID/(Q)EAA Issuance - Detailed flow + + +**Steps 1-4 (Discovery):** The User, using the Wallet Instance, selects the PID/(Q)EAA Provider from those listed in the list of trustworthy entities. The Wallet Instance then processes the Metadata for the selected PID/(Q)EAA Provider as defined in the `Trust Model section `_ of this specification. + +.. note:: + + **Federation Check:** The Wallet Instance must verify whether the PID/(Q)EAA Provider is a member of the Federation, obtaining its protocol specific Metadata. A non-normative example of a response from the endpoint **.well-known/openid-federation** with the **Entity Configuration** and the **Metadata** of the PID/(Q)EAA Provider is represented within the section :ref:`Entity Configuration of PID/(Q)EAA Providers`. + +**Steps 5-6 (PAR Request)**: The Wallet Instance: + + * creates a fresh PKCE code verifier, Wallet Attestation Proof of Possession, and ``state`` parameter for the *Pushed Authorization Request*. + * provides to the PID/(Q)EAA Provider PAR endpoint the parameters previously listed above, using the ``request`` parameter (hereafter Request Object) according to :rfc:`9126` Section 3 to prevent Request URI swapping attack. + * MUST create the ``code_verifier`` with enough entropy random string using the unreserved characters with a minimum length of 43 characters and a maximum length of 128 characters, making it impractical for an attacker to guess its value. The value MUST be generated following the recommendation in Section 4.1 of :rfc:`7636`. + * signs this request using the private key that is created during the setup phase to obtain the Wallet Attestation. The related public key that is attested by the Wallet Provider is provided within the Wallet Attestation ``cnf`` claim. + * MUST use the ``OAuth-Client-Attestation`` and ``OAuth-Client-Attestation-PoP`` parameters according to OAuth 2.0 Attestation-based Client Authentication [`OAUTH-ATTESTATION-CLIENT-AUTH`_], since in this flow the Pushed Authorization Endpoint is a protected endpoint. + * specifies the types of the requested credentials using the ``authorization_details`` [RAR :rfc:`9396`] parameter and or scope parameter. + +The PID/(Q)EAA Provider performs the following checks upon the receipt of the PAR request: + + 1. It MUST validate the signature of the Request Object using the algorithm specified in the ``alg`` header parameter (:rfc:`9126`, :rfc:`9101`) and the public key retrieved from the Wallet Attestation (``cnf.jwk``) referenced in the Request Object, using the ``kid`` JWS header parameter. + 2. It MUST check that the used algorithm for signing the request in the ``alg`` header is one of the listed within the Section `Cryptographic Algorithms `_. + 3. It MUST check that the ``client_id`` in the request body of the PAR request matches the ``client_id`` claim included in the Request Object. + 4. It MUST check that the ``iss`` claim in the Request Object matches the ``client_id`` claim in the Request Object (:rfc:`9126`, :rfc:`9101`). + 5. It MUST check that the ``aud`` claim in the Request Object is equal to the PID/(Q)EAA Provider authorization endpoint uri (:rfc:`9126`, :rfc:`9101`). + 6. It MUST reject the PAR request, if it contains the ``request_uri`` parameter (:rfc:`9126`). + 7. It MUST check that the Request Object contains all the mandatory parameters which values are validated according to :ref:`Table of the HTTP parameters ` [derived from :rfc:`9126`]. + 8. It MUST check that the Request Object is not expired, checking the ``exp`` claim. + 9. It MUST check that the Request Object was issued in a previous time than the value exposed in the ``iat`` claim. It SHOULD reject the request if the ``iat`` claim is far from the current time (:rfc:`9126`) of more than `5` minutes. + 10. It MUST check that the ``jti`` claim in the Request Object has not been used before by the Wallet Instance identified by the ``client_id``. This allows the PID/(Q)EAA Provider to mitigate replay attacks (:rfc:`7519`). + 11. It MUST validate the ``OAuth-Client-Attestation-PoP`` parameter based on Section 4 of [`OAUTH-ATTESTATION-CLIENT-AUTH`_]. + +Below a non-normative example of the PAR. + +.. code-block:: + + POST /as/par HTTP/1.1 + Host: eaa-provider.example.org + Content-Type: application/x-www-form-urlencoded + OAuth-Client-Attestation: eyJhbGciOiJFUzI1NiIsImtpZCI6IkVVRzBFdlRWaUk1RU5aQXdVQ0lVTWdQQVk4X1VISW5fMkhIWlMxN3RfQzAifQ.eyJpc3MiOiAiaHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5jb20iLCAiYXVkIjogImh0dHBzOi8vYXMuZXhhbXBsZS5jb20iLCAibmJmIjogMTMwMDgxNTc4MCwgImV4cCI6IDEzMDA4MTkzODB9._v3bjJelKI0TNpbc4ysS7yJupwSZzMPQ0ZQ9N5zj8XGQ_T3NN9bghUyVzegR60xokqBnqmMS4iYgPOL7ekEspw + OAuth-Client-Attestation-PoP: eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiIgaHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5jb20iLCJhdWQiOiIgaHR0cHM6Ly9hcy5leGFtcGxlLmNvbSIsImp0aSI6IjVlZmY5YzFiLWVkMGQtNDdlOC1hNTUzLWY3NGRmMWJiZWVkZCIsImlhdCI6MTcyMjI0OTQ0NywiZXhwIjoxNzIyMjQ5NzQ3fQ.aZpx7u7R-W8q7fJh9BEaRf8LM7RQRxAVc-okalAVqxHWqUMh3ehYukMLaCsiDQ33pyS41Y5PEsZ3HXwAXQ3nMg + + &client_id=$thumprint-of-the-jwk-in-the-cnf-wallet-attestation$ + &request=$SIGNED-JWT + +Below an non-normative example of the Wallet Attestation Proof of Possession (WIA-PoP) header and body: + +.. literalinclude:: ../../examples/wa-pop-header.json + :language: JSON + +.. literalinclude:: ../../examples/wa-pop-payload.json + :language: JSON + + +Below an non-normative example of the signed Request Object without encoding and signature applied: + +.. literalinclude:: ../../examples/request-object-header.json + :language: JSON + +.. literalinclude:: ../../examples/request-object-payload.json + :language: JSON + + +.. note:: + + **Federation Check**: The PID/(Q)EAA Provider MUST check that the Wallet Provider is part of the federation. + + +.. note:: + The PID/(Q)EAA Provider MUST validate the signature of the the Wallet Attestation and that it is not expired. + + +**Step 7 (PAR Response)**: The PID/(Q)EAA Provider provides a one-time use ``request_uri`` value. The issued ``request_uri`` value must be bound to the client identifier (``client_id``) that was provided in the Request Object. + + +.. note:: + The entropy of the ``request_uri`` MUST be sufficiently large. The adequate shortness of the validity and the entropy of the ``request_uri`` depends on the risk calculation based on the value of the resource being protected. The validity time SHOULD be less than a minute, and the ``request_uri`` MUST include a cryptographic random value of 128 bits or more (:rfc:`9101`). The entire ``request_uri`` SHOULD NOT exceed 512 ASCII characters due to the following two main reasons (:rfc:`9101`): + + 1. Many phones on the market still do not accept large payloads. The restriction is typically either 512 or 1024 ASCII characters. + 2. On a slow connection such as a 2G mobile connection, a large URL would cause a slow response; therefore, the use of such is not advisable from the user-experience point of view. + +The PID/(Q)EAA Provider returns the issued ``request_uri`` to the Wallet Instance. A non-normative example of the response is shown below. + +.. code-block:: http + + HTTP/1.1 201 Created + Cache-Control: no-cache, no-store + Content-Type: application/json + +.. literalinclude:: ../../examples/par-response.json + :language: JSON + + +**Steps 8-9 (Authorization Request)**: The Wallet Instance sends an authorization request to the PID/(Q)EAA Provider Authorization Endpoint. Since parts of this Authorization Request content, e.g., the ``code_challenge`` parameter value, are unique to a particular Authorization Request, the Wallet Instance MUST only use a ``request_uri`` value once (:rfc:`9126`); The PID/(Q)EAA Provider performs the following checks upon the receipt of the Authorization Request: + + 1. It MUST treat ``request_uri`` values as one-time use and MUST reject an expired request. However, it MAY allow for duplicate requests due to a user reloading/refreshing their user-agent (derived from :rfc:`9126`). + 2. It MUST identify the request as a result of the submitted PAR (derived from :rfc:`9126`). + 3. It MUST reject all the Authorization Requests that do not contain the ``request_uri`` parameter as the PAR is the only way to pass the Authorization Request from the Wallet Instance (derived from :rfc:`9126`). + + +.. code-block:: http + + GET /authorize?client_id=$thumprint-of-the-jwk-in-the-cnf-wallet-attestation$&request_uri=urn%3Aietf%3Aparams%3Aoauth%3Arequest_uri%3Abwc4JK-ESC0w8acc191e-Y1LTC2 HTTP/1.1 + Host: eaa-provider.example.org + + +.. note:: + + **User Authentication and Consent**: The PID Provider performs the User authentication based on the requirements of eIDAS LoA High by means of national notified eIDAS scheme and requires the User consent for the PID issuance. + The (Q)EAA Provider performs the User authentication requesting a valid PID to the Wallet Instance. The (Q)EAA Provider MUST use [`OpenID4VP`_] to dynamically request the presentation of the PID. From a protocol perspective, the (Q)EAA Provider acts as a Relying Party, providing the presentation request to the Wallet Instance. The Wallet Instance MUST have a valid PID obtained prior to start the transaction with the (Q)EAA Provider. + + +**Steps 10-11 (Authorization Response)**: The PID/(Q)EAA Provider sends an authorization ``code`` together with ``state`` and ``iss`` parameters to the Wallet Instance. The Wallet Instance performs the following checks on the Authorization Response: + + 1. It MUST check the Authorization Response contains all the defined parameters according to :ref:`Table of the HTTP Response parameters `. + 2. It MUST check the returned value by the PID/(Q)EAA Provider for ``state`` parameter is equal to the value sent by Wallet Instance in the Request Object (:rfc:`6749`). + 3. It MUST check that the URL of PID/(Q)EAA Provider in ``iss`` parameter is equal to the URL identifier of intended PID/(Q)EAA Provider that the Wallet Instance start the communication with (:rfc:`9027`). + +.. note:: + + The Wallet Instance redirect URI is a universal or app link registered with the local operating system, so this latter will resolve it and pass the response to the Wallet Instance. + +.. code-block:: http + + HTTP/1.1 302 Found + Location: https://start.wallet.example.org?code=SplxlOBeZQQYbYS6WxSbIA&state=fyZiOL9Lf2CeKuNT2JzxiLRDink0uPcd&iss=https%3A%2F%2Feaa-provider.example.org + +**Steps 12-13 (DPoP Proof for Token Endpoint)**: The Wallet Instance MUST create a new key pair for the DPoP and a fresh DPoP Proof JWT following the instruction provided in the Section 4 of (:rfc:`9449`) for the token request to the PID/(Q)EAA Provider. The DPoP Proof JWT is signed using the private key for DPoP created by Wallet Instance for this scope. DPoP binds the Access Token to a certain Wallet Instance (:rfc:`9449`) and mitigates the misuse of leaked or stolen Access Tokens at the Credential Endpoint. + +**Step 14 (Token Request):** The Wallet Instance sends a token request to the PID/(Q)EAA Provider Token Endpoint with a *DPoP Proof JWT* and the parameters: ``code``, ``code_verifier``, and OAuth 2.0 Attestation based Client Authentication (``OAuth-Client-Attestation`` and ``OAuth-Client-Attestation-PoP``). +The ``OAuth-Client-Attestation`` is signed using the private key that is created during the setup phase to obtain the Wallet Attestation. The related public key that is attested by the Wallet Provider is provided within the Wallet Attestation (``cnf`` claim). The PID/(Q)EAA Provider performs the following checks on the Token Request: + + 1. It MUST ensure that the Authorization ``code`` is issued to the authenticated Wallet Instance (:rfc:`6749`) and was not replied. + 2. It MUST ensure the Authorization ``code`` is valid and has not been previously used (:rfc:`6749`). + 3. It MUST ensure the ``redirect_uri`` matches the value included in the previous Request Object (see Section 3.1.3.1. of [`OIDC`_]). + 4. It MUST validate the DPoP Proof JWT, according to (:rfc:`9449`) Section 4.3. + +.. code-block:: http + + POST /token HTTP/1.1 + Host: eaa-provider.example.org + Content-Type: application/x-www-form-urlencoded + DPoP: eyJ0eXAiOiJkcG9wK2p3dCIsImFsZyI6IkVTMjU2IiwiandrIjp7Imt0eSI6Ik + OAuth-Client-Attestation: eyJhbGciOiJFUzI1NiIsImtpZCI6IkVVRzBFdlRWaUk1RU5aQXdVQ0lVTWdQQVk4X1VISW5fMkhIWlMxN3RfQzAifQ.eyJpc3MiOiAiaHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5jb20iLCAiYXVkIjogImh0dHBzOi8vYXMuZXhhbXBsZS5jb20iLCAibmJmIjogMTMwMDgxNTc4MCwgImV4cCI6IDEzMDA4MTkzODB9._v3bjJelKI0TNpbc4ysS7yJupwSZzMPQ0ZQ9N5zj8XGQ_T3NN9bghUyVzegR60xokqBnqmMS4iYgPOL7ekEspw + OAuth-Client-Attestation-PoP: eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiIgaHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5jb20iLCJhdWQiOiIgaHR0cHM6Ly9hcy5leGFtcGxlLmNvbSIsImp0aSI6IjVlZmY5YzFiLWVkMGQtNDdlOC1hNTUzLWY3NGRmMWJiZWVkZCIsImlhdCI6MTcyMjI0OTQ0NywiZXhwIjoxNzIyMjQ5NzQ3fQ.aZpx7u7R-W8q7fJh9BEaRf8LM7RQRxAVc-okalAVqxHWqUMh3ehYukMLaCsiDQ33pyS41Y5PEsZ3HXwAXQ3nMg + + grant_type=authorization_code + &code=SplxlOBeZQQYbYS6WxSbIA + &code_verifier=dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk + &redirect_uri=https://start.wallet.example.org/cb + +**Step 15 (Token Response)**: The PID/(Q)EAA Provider validates the request, if successful an *Access Token* (bound to the DPoP key) and a fresh `c_nonce` are provided by the Issuer to the Wallet Instance. The parameter `c_nonce` is a string value, which MUST be unpredictable and is used later by the Wallet Instance in Step 18 to create the proof of possession of the key (*proof* claim) and it is the primary countermeasure against key proof replay attack. Note that, the received `c_nonce` value can be used to create the proof as long as the Issuer provides the Wallet Instance with a new `c_nonce` value. + +.. code-block:: http + + HTTP/1.1 200 OK + Content-Type: application/json + Cache-Control: no-store + +.. literalinclude:: ../../examples/token-response.json + :language: JSON + +The non-normative example of the DPoP Access Token is given below. + +.. literalinclude:: ../../examples/at-dpop-header.json + :language: JSON + +.. literalinclude:: ../../examples/at-dpop-payload.json + :language: JSON + + +**Steps 16-17 (DPoP Proof for Credential Endpoint)**: The Wallet Instance for requesting the Digital Credential creates a proof of possession with ``c_nonce`` obtained in **Step 15** and using the private key used for the DPoP, signing a DPoP Proof JWT according to (:rfc:`9449`) Section 4. The ``jwk`` value in the ``proof`` parameter MUST be equal to the public key referenced in the DPoP. + +**Step 18 (Credential Request)**: The Wallet Instance sends a request for the Digital Credential to the PID/(Q)EAA Credential endpoint. This request MUST include the Access Token, DPoP Proof JWT, credential type, proof (which demonstrates possession of the key), and format parameters. The proof parameter MUST be an object that contains evidence of possession of the cryptographic key material to which the issued PID/(Q)EAA Digital Credential will be bound. To verify the proof, the PID/(Q)EAA Provider conducts the following checks at the Credential endpoint: + + 1. the JWT proof MUST include all required claims as specified in the table of Section :ref:`Token Request `; + 2. The key proof MUST be explicitly typed using header parameters as defined for the respective proof type; + 3. The header parameter alg MUST indicate a registered asymmetric digital signature algorithm, and MUST NOT be set to `none`; + 4. The signature on the key proof MUST be verified using the public key specified in the header parameter. + 5. The header parameter MUST NOT contain a private key. + 6. If a `c_nonce` value was previously provided by the server, the nonce claim in the JWT MUST match this `c_nonce` value. Furthermore, the creation time of the JWT, as indicated by the `iat` claim or a server-managed timestamp via the nonce claim, MUST be within an acceptable window of time as determined by the server. + + +.. note:: + + **PID/(Q)EAA Credential Schema and Status registration**: The PID/(Q)EAA Provider MUST register all the issued Credentials for their later revocation, if needed. + + +.. note:: + + It is RECOMMENDED that the public key contained in the ``jwt_proof`` be specifically generated for the requested Credential (fresh cryptographic key) to ensure that different issued Credentials do not share the same public key, thereby remaining unlinkable to each other. + + +A non-normative example of the Credential Request is provided below. + + +.. code-block:: http + + POST /credential HTTP/1.1 + Host: eaa-provider.example.org + Content-Type: application/json + Authorization: DPoP Kz~8mXK1EalYznwH-LC-1fBAo.4Ljp~zsPE_NeO.gxU + DPoP: eyJ0eXAiOiJkcG9wK2p3dCIsImFsZyI6IkVTMjU2IiwiandrIjp7Imt0eSI6Ik + VDIiwieCI6Imw4dEZyaHgtMzR0VjNoUklDUkRZOXpDa0RscEJoRjQyVVFVZldWQVdCR + nMiLCJ5IjoiOVZFNGpmX09rX282NHpiVFRsY3VOSmFqSG10NnY5VERWclUwQ2R2R + 1JEQSIsImNydiI6IlAtMjU2In19.eyJqdGkiOiJlMWozVl9iS2ljOC1MQUVCIiwiaHRtIj + oiR0VUIiwiaHR1IjoiaHR0cHM6Ly9yZXNvdXJjZS5leGFtcGxlLm9yZy9wcm90ZWN0Z + WRyZXNvdXJjZSIsImlhdCI6MTU2MjI2MjYxOCwiYXRoIjoiZlVIeU8ycjJaM0RaNTNF + c05yV0JiMHhXWG9hTnk1OUlpS0NBcWtzbVFFbyJ9.2oW9RP35yRqzhrtNP86L-Ey71E + OptxRimPPToA1plemAgR6pxHF8y6-yqyVnmcw6Fy1dqd-jfxSYoMxhAJpLjA + +.. literalinclude:: ../../examples/credential-request.json + :language: JSON + + + +Where a non-normative example of the decoded content of the ``jwt`` parameter is represented below, +without encoding and signature. The JWS header: + +.. literalinclude:: ../../examples/credential-jwt-proof-header.json + :language: JSON + +.. literalinclude:: ../../examples/credential-jwt-proof-payload.json + :language: JSON + +**Steps 19-21 (Credential Response)**: The PID/(Q)EAA Provider MUST validate the *DPoP JWT Proof* based on the steps defined in Section 4.3 of (:rfc:`9449`) and whether the *Access Token* is valid and suitable for the requested PID/(Q)EAA. It also MUST validate the proof of possession for the key material the new credential SHALL be bound to, according to `OpenID4VCI`_ Section 7.2.2. If all checks succeed, the PID/(Q)EAA Provider creates a new Credential bound to the key material and provide it to the Wallet Instance. The Wallet Instance MUST perform the following checks before proceeding with the secure storage of the PID/(Q)EAA: + + 1. It MUST check that the PID Credential Response contains all the mandatory parameters and values are validated according to :ref:`Table of the credential response parameters `. + 2. It MUST check the PID integrity by verifying the signature using the algorithm specified in the ``alg`` header parameter of SD-JWT (:ref:`PID/(Q)EAA Data Model `) and the public key that is identified using using the ``kid`` header of the SD-JWT. + 3. It MUST check that the received PID (in credential claim) matches the schema defined in :ref:`PID/(Q)EAA Data Model `. + 4. It MUST process and verify the PID in SD-JWT VC format (according to `SD-JWT`_ Section 6.) or MDOC CBOR format. + 5. It MUST verify the Trust Chain in the header of SD-JWT VC to verify that the PID Provider is trusted. + +If the checks defined above are successful the Wallet Instance proceeds with the secure storage of the PID/(Q)EAA. + +.. code-block:: http + + HTTP/1.1 200 OK + Content-Type: application/json + Cache-Control: no-store + Pragma: no-cache + +.. literalinclude:: ../../examples/credential-response.json + :language: JSON + +.. note:: + + If the issuance of the requested Credential cannot be issued immediately and it requires more time to be issued, then the PID/(Q)EAA Provider MAY support the *Deferred Flow* (step 24) as specified in Section :ref:`Deferred Flow`. + +**Steps 22 (Notification Request)**: According to Section 10.1 of [`OpenID4VCI`_], the Wallet sends an HTTP POST request to the Notification Endpoint using the *application/json* media type as in the following non-normative example. + +.. code-block:: http + + POST /notification HTTP/1.1 + Host: eaa-provider.example.org + Content-Type: application/json + Authorization: DPoP Kz~8mXK1EalYznwH-LC-1fBAo.4Ljp~zsPE_NeO.gxU + DPoP: eyJ0eXAiOiJkcG9wK2p3dCIsImFsZyI6IkVTMjU2IiwiandrIjp7Imt0eSI6Ik + VDIiwieCI6Imw4dEZyaHgtMzR0VjNoUklDUkRZOXpDa0RscEJoRjQyVVFVZldWQVdCR + nMiLCJ5IjoiOVZFNGpmX09rX282NHpiVFRsY3VOSmFqSG10NnY5VERWclUwQ2R2R + 1JEQSIsImNydiI6IlAtMjU2In19.eyJqdGkiOiJlMWozVl9iS2ljOC1MQUVCIiwiaHRtIj + oiR0VUIiwiaHR1IjoiaHR0cHM6Ly9yZXNvdXJjZS5leGFtcGxlLm9yZy9wcm90ZWN0Z + WRyZXNvdXJjZSIsImlhdCI6MTU2MjI2MjYxOCwiYXRoIjoiZlVIeU8ycjJaM0RaNTNF + c05yV0JiMHhXWG9hTnk1OUlpS0NBcWtzbVFFbyJ9.2oW9RP35yRqzhrtNP86L-Ey71E + OptxRimPPToA1plemAgR6pxHF8y6-yqyVnmcw6Fy1dqd-jfxSYoMxhAJpLjA +.. literalinclude:: ../../examples/notification-request.json + :language: JSON + + +**Steps 23 (Notification Response)**: When the Credential Issuer has successfully received the Notification Request from the Wallet, it MUST respond with an HTTP status code *204* as recommended in Section 10.2 of [`OpenID4VCI`_]. Below is a non-normative example of response to a successful Notification Request: + +.. code-block:: http + + HTTP/1.1 204 No Content + + + +Deferred Flow +------------- + +The PID/(Q)EAA Providers MAY support a *Deferred Flow* which has the aim of handling the cases where an immediate issuance is not possible for some reasons due to errors during the communication between the PID/(Q)EAA Provider and the Authentic Source (for example the Authentic Source is temporarily unavailable, etc.) or due to administrative or technical processes that do not allow the Credential to be provided immediately. + + +General Requirements +^^^^^^^^^^^^^^^^^^^^ + + 1. The Deferred Credential request MAY also happen several days after the initial Credential request. + 2. The User MUST be informed that the Credential is available and ready to be issued. + 3. The Wallet Provider MUST NOT be informed about which Credential is available to be issued or which Credential Provider the User needs to contact. + 4. The Wallet Instance MUST be informed about the amount of time to wait before making a new Credential request. + 5. As, in general, an unavailability may be an unexpected event, the PID/(Q)EAA Provider MUST be able to switch on the fly between a *immediate* and an *deferred* flow. This decision MUST be taken after the authorization step. + +Technical Flow +^^^^^^^^^^^^^^ + +If PID/(Q)EAA Providers, supporting this flow, are not able to immediately issue a requested Credential, they MUST provide the Wallet Instance with an HTTP Credential Response cointaining the amount of time to wait before making a new Credential request. The HTTP status code MUST be *202* (see Section 15.3.3 of [:rfc:`9110`]). Below a non-normative example is given. + +.. code-block:: http + + HTTP/1.1 202 Accepted + Content-Type: application/json + Cache-Control: no-store + +.. literalinclude:: ../../examples/credential-response-deferred.json + :language: JSON + +The Wallet Instance MUST use the value given in the *lead_time* parameter to inform the User when the Credential becomes available (e.g. using a local notification triggered by the *lead_time* time value). PID/(Q)EAA Providers MAY send a notification to the User through a communication channel (e.g. email address), if available from the PID/(Q)EAA Provider. + +Upon receipt of the notification (by the Wallet Instance and/or by the PID/(Q)EAA Provider), the User opens the Wallet Instance and start the Issuance Flow again from the beginning as defined in the previous section. + +If the *lead_time* parameter is less than the expiration time of the Access Token, the Wallet Instance MAY use it along with the *c_nonce* provided in the Credential Response to perform a new Credential Request without requiring the User to submit a new authentication request. + +In the case where the Authentic Source and the PID/(Q)EAA Provider are both enabled to use *PDND*, what is described in Section :ref:`Authentic Sources` MUST apply. + +Pushed Authorization Request Endpoint +------------------------------------- + +Pushed Authorization Request (PAR) Request +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The request to the PID/(Q)EAA authorization endpoint MUST use HTTP Headers parameters and HTTP POST parameters. + +The HTTP POST method MUST use the parameters in the message body encoded in ``application/x-www-form-urlencoded`` format. + +.. _table_http_request_claim: +.. list-table:: PAR http request parameters + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **client_id** + - MUST be set to the thumbprint of the ``jwk`` value in the ``cnf`` parameter inside the Wallet Attestation. + - :rfc:`6749` + * - **request** + - It MUST be a signed JWT. The private key corresponding to the public one in the ``cnf`` parameter inside the Wallet Attestation MUST be used for signing the Request Object. + - `OpenID Connect Core. Section 6 `_ + +The Pushed Authorization Endpoint is protected with OAuth 2.0 Attestation-based Client Authentication [`OAUTH-ATTESTATION-CLIENT-AUTH`_], therefore +the request to the PID/(Q)EAA authorization endpoint MUST use the following HTTP Headers parameters: + + +.. _table_http_request_headers_claim: +.. list-table:: http request header parameters + :widths: 20 60 20 + :header-rows: 1 + + * - **OAuth-Client-Attestation** + - It MUST be set to a value containing the Wallet Attestation JWT. + - `OAUTH-ATTESTATION-CLIENT-AUTH`_. + * - **OAuth-Client-Attestation-PoP** + - It MUST be set to a value containing the Wallet Attestation JWT Proof of Possession. + - `OAUTH-ATTESTATION-CLIENT-AUTH`_. + + +The JWT *Request Object* has the following JOSE header parameters: + +.. _table_request_object_claim: +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **JOSE header** + - **Description** + - **Reference** + * - **alg** + - A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms listed in the Section `Cryptographic Algorithms `_ and MUST NOT be set to ``none`` or any symmetric algorithm (MAC) identifier. + - :rfc:`7516#section-4.1.1`. + * - **kid** + - Unique identifier of the ``jwk`` inside the ``cnf`` claim of Wallet Attestation as base64url-encoded JWK Thumbprint value. + - :rfc:`7638#section_3`. + +.. note:: + The parameter **typ**, if omitted, assumes the implicit value **JWT**. + + +The ``request`` JWT payload contained in the HTTP POST message is given with the following parameters: + +.. _table_jwt_request: +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **iss** + - It MUST be set to the ``client_id``. + - :rfc:`9126` and :rfc:`7519`. + * - **aud** + - It MUST be set to the identifier of the PID/(Q)EAA Provider. + - :rfc:`9126` and :rfc:`7519`. + * - **exp** + - UNIX Timestamp with the expiry time of the JWT. The claim value MUST be not greater than 300 seconds from the issuance time. + - :rfc:`9126` and :rfc:`7519`. + * - **iat** + - UNIX Timestamp with the time of JWT issuance. + - :rfc:`9126` and :rfc:`7519`. + * - **response_type** + - MUST be set to ``code``. + - :rfc:`6749` + * - **response_mode** + - It MUST be a string indicating the "*response_mode*", as specified in [`OAUTH-MULT-RESP-TYPE`_]. It MUST be one of the supported values (*response_modes_supported*) provided in the metadata of the PID/(Q)EAA Provider. It informs the PID/(Q)EAA Provider of the mechanism to be used for returning parameters from the Authorization Endpoint. In case of *HTTP 302 Redirect Response* the value MUST be *query*. In this mode, Authorization Response parameters are encoded in the query string added to the ``redirect_uri`` when redirecting back to the Wallet Instance. In case of *HTTP POST Response* the value MUST be *form_post.jwt* according to [`OAUTH-V2-JARM-04`_]. In this mode, Authorization Response parameters are specified into a JWT encoded as HTML form value that is auto-submitted in the user-agent, and thus is transmitted via the HTTP POST method to the Wallet Instance, with the result parameters being encoded in the body using the *application/x-www-form-urlencoded* format. The action attribute of the form MUST be the Redirection URI of the Wallet Instance. The method of the form attribute MUST be POST. + - See [`OAUTH-MULT-RESP-TYPE`_] and [`OAUTH-V2-JARM-04`_]. + * - **client_id** + - It MUST be set as in the :ref:`Table of the HTTP parameters `. + - See :ref:`Table of the HTTP parameters `. + * - **state** + - Unique session identifier at the client side. This value will be returned to the client in the response, at the end of the authentication. It MUST be a random string composed by alphanumeric characters and with a minimum length of 32 digits. Special characters MUST be considered non-alphanumeric characters as defined in `[NIST] `__. + - See [`OIDC`_] Section 3.1.2.1. + * - **code_challenge** + - A challenge derived from the **code verifier** that is sent in the authorization request. + - :rfc:`7636#section-4.2`. + * - **code_challenge_method** + - A method that was used to derive **code challenge**. It MUST be set to ``S256``. + - :rfc:`7636#section-4.3`. + * - **scope** + - JSON String. String specifying a unique identifier of the Credential being described in the `credential_configurations_supported` map in the Credential Issuer Metadata. For example, in the case of the PID, it MUST be set to ``PersonIdentificationData``. It MAY be multivalued, each value MUST be separated by a space. + - :rfc:`6749` + * - **authorization_details** + - Array of JSON Objects. Each JSON Object MUST include the following claims: + + - **type**: it MUST be set to ``openid_credential``, + - **credential_configuration_id**: JSON String. String specifying a unique identifier of the Credential being described in the `credential_configurations_supported` map in the Credential Issuer Metadata. For example, in the case of the PID, it MUST be set to ``PersonIdentificationData``. + - See [RAR :rfc:`9396`] and [`OpenID4VCI`_]. + * - **redirect_uri** + - Redirection URI to which the response is intended to be sent. It MUST be an universal or app link registered with the local operating system, so this latter will provide the response to the Wallet Instance. + - See [`OIDC`_] Section 3.1.2.1. + * - **jti** + - Unique identifier of the JWT that, together with the value contained in the ``iss`` claim, prevents the reuse of the JWT (replay attack). Since the `jti` value alone is not collision resistant, it MUST be identified uniquely together with its issuer. + - [:rfc:`7519`]. + +.. note:: + + If the request cointains scope value and the *authorization_details* parameter the Credential Issuer MUST interpret these individually. However, if both request the same Credential type, then the Credential Issuer MUST follow the request as given by the authorization details object. + +The JOSE header of the Wallet Attestation proof of possession, contained in the HTTP Request headers, MUST contain: + +.. _table_jwt_pop: +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **JOSE header** + - **Description** + - **Reference** + * - **alg** + - A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms listed in the Section `Cryptographic Algorithms `_ and MUST NOT be set to ``none`` or any symmetric algorithm (MAC) identifier. + - :rfc:`7516#section-4.1.1`. + +The body of the Wallet Attestation proof of possession JWT, contained in the HTTP Request headers, MUST contain: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **iss** + - Thumbprint of the JWK in the ``cnf`` parameter. + - :rfc:`9126` and :rfc:`7519`. + * - **aud** + - It MUST be set to the identifier of the PID/(Q)EAA Provider. + - :rfc:`9126` and :rfc:`7519`. + * - **exp** + - UNIX Timestamp with the expiry time of the JWT. + - :rfc:`9126` and :rfc:`7519`. + * - **iat** + - UNIX Timestamp with the time of JWT issuance. + - :rfc:`9126` and :rfc:`7519`. + * - **jti** + - Unique identifier for the DPoP proof JWT. The value SHOULD be set using a *UUID v4* value according to [:rfc:`4122`]. + - [:rfc:`7519`. Section 4.1.7]. + +.. _sec_par: + +Pushed Authorization Request (PAR) Response +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +If the verification is successful, the PID/(Q)EAA Issuer MUST provide the response with a *201 HTTP status code*. The following parameters are included as top-level members in the HTTP response message body, using the ``application/json`` media type as defined in [:rfc:`8259`]. + +.. _table_http_response_claim: +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **request_uri** + - The request URI corresponding to the authorization request posted. This URI MUST be a single-use reference to the respective authorization request. It MUST contain some part generated using a cryptographically strong pseudorandom algorithm. The value format MUST be ``urn:ietf:params:oauth:request_uri:`` with ```` as the random part of the URI that references the respective authorization request data. + - [:rfc:`9126`]. + * - **expires_in** + - A JSON number that represents the lifetime of the request URI in seconds as a positive integer. + - [:rfc:`9126`]. + +If any errors occur during the PAR Request, the Authorization Server MUST return an error response as defined in :rfc:`9126#section-2.3`. The response MUST use *application/json* as the content type and MUST include the following parameters: + + - *error*. The error code. + - *error_description*. Text in human-readable form providing further details to clarify the nature of the error encountered. + +Below is a non-normative example of an error response. + +.. code:: http + + HTTP/1.1 400 Bad Request + Content-Type: application/json + +.. literalinclude:: ../../examples/par-error.json + :language: JSON + + + +Authorization endpoint +---------------------- + +The authorization endpoint is used to interact with the PID/(Q)EAA Issuer and obtain an authorization grant. +The authorization server MUST first verify the identity of the User that own the credential. + + +Authorization Request +^^^^^^^^^^^^^^^^^^^^^^^ + +The Authorization request is issued by the Web Browser in use by the Wallet Instance, the HTTP methods **POST** or **GET** are used. When the method **POST** is used, the parameters MUST be sent using the *Form Serialization*. When the method **GET** is used, the parameters MUST be sent using the *Query String Serialization*. For more details see Section 13 of [`OIDC`_]. + +The mandatory parameters in the HTTP authentication request are specified in the following table. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **client_id** + - It MUST be set as in the :ref:`Table of the HTTP parameters `. + - See :ref:`Table of the HTTP parameters `. + * - **request_uri** + - It MUST be set to the same value as obtained by PAR Response. See :ref:`Table of the HTTP PAR Response parameters `. + - [:rfc:`9126`]. + + +.. note:: + + In the case of PID issuance, the Wallet Instance MAY include the **idphinting** parameter as a URL encoded string. This parameter specifies the Identity Provider where the User wishes to authenticate.. See `AARC-G061 - A specification for IdP hinting. `_ for more details. + +Authorization Response +^^^^^^^^^^^^^^^^^^^^^^^ + +The authentication response is returned by the PID/(Q)EAA authorization endpoint at the end of the authentication flow. + +If the authentication is successful the PID/(Q)EAA Issuer redirects the User by adding the following query parameters as required to the *redirect_uri*. The redirect URI MUST be an universal or app link registered with the local operating system, so this latter is able to provide the response to the Wallet Instance. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **code** + - Unique *Authorization Code* that the Wallet Instance submits to the Token Endpoint. + - [:rfc:`6749#section-4.1.2`], [:rfc:`7521`]. + * - **state** + - The Wallet Instance MUST check the correspondence with the ``state`` parameter value in the Request Object. It is defined as in the :ref:`Table of the JWT Request parameters `. + - [:rfc:`6749#section-4.1.2`]. + * - **iss** + - Unique identifier of the PID/(Q)EAA Issuer who created the Authentication Response. The Wallet Instance MUST validate this parameter. + - [:rfc:`9207`], [:rfc:`7519`, Section 4.1.1.]. + +If any errors occur during the Authorization Request, the Authorization Server MUST return an error response as defined in :rfc:`6749#section-4.1.2.1`. The response MUST use *application/json* as the content type and MUST include the following parameters: + + - *error*. The error code. + - *error_description*. Text in human-readable form providing further details to clarify the nature of the error encountered. + +Token endpoint +-------------- + +The token endpoint is used by the Wallet Instance to obtain an Access Token by presenting an authorization grant, as +defined in :rfc:`6749`. The Token Endpoint is a protected endpoint with a client authentication based on the model defined in OAuth 2.0 Attestation-based Client Authentication [`OAUTH-ATTESTATION-CLIENT-AUTH`_ ]. + +.. _sec_token_request: + +Token Request +^^^^^^^^^^^^^^^ + +The request to the PID/(Q)EAA Token endpoint MUST be an HTTP request with method POST, with the body message encoded in ``application/x-www-form-urlencoded`` format. The Wallet Instance sends the Token endpoint request with ``OAuth-Client-Attestation`` and ``OAuth-Client-Attestation-PoP`` as header parameters according to `OAUTH-ATTESTATION-CLIENT-AUTH`_. + +The Token endpoint is protected with OAuth 2.0 Attestation-based Client Authentication [`OAUTH-ATTESTATION-CLIENT-AUTH`_], therefore +the request to the PID/(Q)EAA authorization endpoint MUST use the following HTTP Headers parameters **OAuth-Client-Attestation** as **OAuth-Client-Attestation-PoP** +as defined in the "Pushed Authorization Request (PAR) Endpoint". + +The Token endpoint issues DPoP tokens, therefore it is REQUIRED that the request incluides in its HTTP header the DPoP proof parameter. +The Token endpoint MUST validate the DPoP proof according to Section 4.3 of the DPoP specifications (:rfc:`9449`). This mitigates the misuse of leaked or stolen Access Tokens at the credential endpoint. If the DPoP proof is invalid, the Token endpoint returns an error response, according to Section 5.2 of [:rfc:`6749`] with ``invalid_dpop_proof`` as the value of the error parameter. + +All the parameters listed below are REQUIRED: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **grant_type** + - It MUST be set to ``authorization_code``. + - [:rfc:`7521`]. + * - **code** + - Authorization code returned in the Authentication Response. + - [:rfc:`7521`]. + * - **redirect_uri** + - It MUST be set as in the Request Object :ref:`Table of the JWT Request parameters `. + - [:rfc:`7521`]. + * - **code_verifier** + - Verification code of the **code_challenge**. + - `Proof Key for Code Exchange by OAuth Public Clients `_. + + +A **DPoP Proof JWT** is included in the HTTP request using the ``DPoP`` header parameter containing a DPoP JWS. + +The JOSE header of a **DPoP JWT** MUST contain at least the following parameters: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **JOSE header** + - **Description** + - **Reference** + * - **typ** + - It MUST be equal to ``dpop+jwt``. + - [:rfc:`7515`] and [:rfc:`8725`. Section 3.11]. + * - **alg** + - A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms in Section :ref:`Cryptographic Algorithms ` and MUST NOT be set to ``none`` or with a symmetric algorithm (MAC) identifier. + - [:rfc:`7515`]. + * - **jwk** + - It represents the public key chosen by the Wallet Instance, in JSON Web Key (JWK) [:rfc:`7517`] format that the Access Token MUST be bound to, as defined in [:rfc:`7515`] Section 4.1.3. It MUST NOT contain a private key. + - [:rfc:`7517`] and [:rfc:`7515`]. + + +The payload of a **DPoP JWT Proof** MUST contain the following claims: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **jti** + - Unique identifier for the DPoP proof JWT. The value SHOULD be set using a *UUID v4* value according to [:rfc:`4122`]. + - [:rfc:`7519`. Section 4.1.7]. + * - **htm** + - The value of the HTTP method of the request to which the JWT is attached. + - [:rfc:`9110`. Section 9.1]. + * - **htu** + - The HTTP target URI, without query and fragment parts, of the request to which the JWT is attached. + - [:rfc:`9110`. Section 7.1]. + * - **iat** + - UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in :rfc:`7519`. + - [:rfc:`7519`. Section 4.1.6]. + + +Token Response +^^^^^^^^^^^^^^^ + +If the Token Request is successfully validated, the Authorization Server provides an HTTP Token Response with a *200 (OK)* status code. The Token Response MUST contain the following mandatory claims. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **access_token** + - The *DPoP-bound Access Token*, in signed JWT format, allows accessing the PID/(Q)EAA Credential Endpoint for obtaining the credential. + - :rfc:`6749`. + * - **token_type** + - Type of *Access Token* returned. It MUST be equal to ``DPoP``. + - :rfc:`6749`. + * - **expires_in** + - Expiry time of the *Access Token* in seconds. + - :rfc:`6749`. + * - **c_nonce** + - JSON string containing a ``nonce`` value to be used to create a *proof of possession* of key material when requesting a Credential. + - [`OpenID4VCI`_]. + * - **c_nonce_expires_in** + - JSON integer, it represents the lifetime in seconds of the **c_nonce**. + - [`OpenID4VCI`_]. + * - **authorization_details** + - Array of JSON Objects, used to identify Credentials with the same metadata but different claimset/claim values and/or simplify the Credential request even when only one Credential is being issued. + - [`OpenID4VCI`_]. + +If any errors occur during the validation of the Token Request, the Authorization Server MUST return an error response as defined in :rfc:`6749#section-5.2`. + +.. code:: http + + HTTP/1.1 400 Bad Request + Content-Type: application/json;charset=UTF-8 + Cache-Control: no-store + Pragma: no-cache + +.. literalinclude:: ../../examples/token-error.json + :language: JSON + + +Access Token +^^^^^^^^^^^^ + +A DPoP-bound Access Token is provided by the PID/(Q)EAA Token endpoint as a result of a successful token request. The Access Token is encoded in JWT format, according to [:rfc:`7519`]. The Access Token MUST have at least the following mandatory claims and it MUST be bound to the public key that is provided by the DPoP proof. This binding can be accomplished based on the methodology defined in Section 6 of (:rfc:`9449`). + +The JOSE header of a **DPoP JWT** MUST contain the following claims. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **JOSE header** + - **Description** + - **Reference** + * - **typ** + - It MUST be equal to ``at+jwt``. + - [:rfc:`7515`]. + * - **alg** + - A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms in Section :ref:`Cryptographic Algorithms ` and MUST NOT be set to ``none`` or with a symmetric algorithm (MAC) identifier. + - [:rfc:`7515`]. + * - **kid** + - Unique identifier of the ``jwk`` used by the PID/(Q)EAA Provider to sign the Access Token. + - :rfc:`7638#section_3`. + + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **iss** + - It MUST be an HTTPS URL that uniquely identifies the PID/(Q)EAA Issuer. The Wallet Instance MUST verify that this value matches the PID/(Q)EAA Issuer where it has requested the credential. + - [:rfc:`9068`], [:rfc:`7519`]. + * - **sub** + - It identifies the subject of the JWT. It MUST be set to the value of the ``sub`` field in the PID/(Q)EAA SD-JWT-VC. + - [:rfc:`9068`], [:rfc:`7519`] and Section 8 of [`OIDC`_]. + * - **client_id** + - The identifier for the Wallet Instance that requested the Access Token; it MUST be equal to the to kid of the public key of the Wallet Instance specified into the Wallet Attestation (``cnf.jwk``). + - [:rfc:`9068`], [:rfc:`7519`] and Section 8 of [`OIDC`_]. + * - **aud** + - It MUST be set to the identifier of the PID/(Q)EAA Provider. + - [:rfc:`9068`]. + * - **iat** + - UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in :rfc:`7519`. + - [:rfc:`9068`], [:rfc:`7519`. Section 4.1.6]. + * - **exp** + - UNIX Timestamp with the expiry time of the JWT, coded as NumericDate as indicated in :rfc:`7519`. + - [:rfc:`9068`], [:rfc:`7519`]. + * - **jti** + - It MUST be a String in *uuid4* format. Unique Token ID identifier that the RP SHOULD use to prevent reuse by rejecting the Token ID if already processed. + - [:rfc:`9068`], [:rfc:`7519`]. + * - **cnf** + - It MUST contain a **jkt** claim being JWK SHA-256 Thumbprint Confirmation Method. The value of the *jkt* member MUST be the base64url encoding (as defined in [:rfc:`7515`]) of the JWK SHA-256 Thumbprint of the DPoP public key (in JWK format) to which the Access Token is bound. + - [:rfc:`9449`. Section 6.1] and [:rfc:`7638`]. + + +Credential endpoint +------------------- + +The Credential Endpoint issues a Credential upon the presentation of a valid Access Token, as defined in `OpenID4VCI`_. + + +Credential Request +^^^^^^^^^^^^^^^^^^^ + +The Wallet Instance when requests the PID/(Q)EAA to the PID/(Q)EAA Credential endpoint, MUST use the following parameters in the message body of the HTTP POST request, using the `application/json` media type. + +The Credential endpoint MUST accept and validate the *DPoP proof* sent in the DPoP HTTP Header parameter, according to the steps defined in (:rfc:`9449`) Section 4.3. The *DPoP proof* in addition to the values that are defined in the Token Endpoint section MUST contain the following claim: + + - **ath**: hash value of the Access Token encoded in ASCII. The value MUST use the base64url encoding (as defined in Section 2 of :rfc:`7515`) with the SHA-256 algorithm. + +If the *DPoP proof* is invalid, the Credential endpoint returns an error response per Section 5.2 of [:rfc:`6749`] with `invalid_dpop_proof` as the value of the error parameter. + +.. warning:: + The Wallet Instance MUST create a **new DPoP proof** for the Credential request and MUST NOT use the previously created proof for the Token Endpoint. + + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **format** + - Format of the Credential to be issued. This MUST be ``vc+sd-jwt`` or ``mso_mdoc``. + - [`OpenID4VCI`_]. + * - **vct** + - CONDITIONAL. REQUIRED only if the *format* identifier is ``vc+sd-jwt``. + - See Annex A3.4. of [`OpenID4VCI`_] + * - **doctype** + - CONDITIONAL. REQUIRED only if the *format* identifier is ``mso_mdoc``. + - See Annex A2.4. of [`OpenID4VCI`_] + * - **proof** + - JSON object containing proof of possession of the key material the issued credential shall be bound to. The proof object MUST contain the following mandatory claims: + + - **proof_type**: JSON string denoting the proof type. It MUST be `jwt`. + - **jwt**: the JWT used as proof of possession. + - [`OpenID4VCI`_]. + + +The JWT proof type MUST contain the following parameters for the JOSE header and the JWT body: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **JOSE Header** + - **Description** + - **Reference** + * - **alg** + - A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms in Section :ref:`Cryptographic Algorithms ` and MUST NOT be set to ``none`` or to a symmetric algorithm (MAC) identifier. + - [`OpenID4VCI`_], [:rfc:`7515`], [:rfc:`7517`]. + * - **typ** + - It MUST be set to `openid4vci-proof+jwt`. + - [`OpenID4VCI`_], [:rfc:`7515`], [:rfc:`7517`]. + * - **jwk** + - Representing the public key chosen by the Wallet Instance, in JSON Web Key (JWK) [:rfc:`7517`] format that the PID/(Q)EAA shall be bound to, as defined in Section 4.1.3 of [:rfc:`7515`]. + - [`OpenID4VCI`_], [:rfc:`7515`], [:rfc:`7517`]. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **iss** + - The value of this claim MUST be the **client_id** of the Wallet Instance. + - [`OpenID4VCI`_], [:rfc:`7519`, Section 4.1.1]. + * - **aud** + - The value of this claim MUST be the identifier URL of the PID/(Q)EAA Issuer. + - [`OpenID4VCI`_]. + * - **iat** + - UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in :rfc:`7519`. + - [`OpenID4VCI`_], [:rfc:`7519`. Section 4.1.6]. + * - **nonce** + - The value type of this claim MUST be a string, where the value is a **c_nonce** provided by the PID/(Q)EAA Issuer in the Token response. + - [`OpenID4VCI`_]. + + +Credential Response +^^^^^^^^^^^^^^^^^^^^ + +Credential Response to the Wallet Instance MUST be sent using `application/json` media type. If the Credential Request is successfully validated, and the Credential is immediately available, the PID/(Q)EAA Provider MUST return HTTP response with a *200 (OK)* status code. If the Credential is not available and the deferred flow is supported by the PID/(Q)EAA Provider, an HTTP status code *202* MUST be returned. + +The Credential Response contains the following parameters: + +.. _table_credential_response_claim: +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **credential** + - CONDITIONAL. REQUIRED if ``lead_time`` is not present. String Containing the issued PID/(Q)EAA. If the requested format identifier is ``vc+sd-jwt`` then the ``credential`` parameter MUST NOT be re-encoded. If the requested format identifier is ``mso_mdoc`` then the ``credential`` parameter MUST be a base64url-encoded representation of the issued Credential. + - Section 7.3, Annex A2.5 and Annex A3.5 of [`OpenID4VCI`_]. + * - **lead_time** + - CONDITIONAL. REQUIRED if ``credential`` is not present. The amount of time (in seconds) required before making a new Credential Request. + - This Specification + * - **c_nonce** + - REQUIRED. JSON string containing a ``nonce`` value to be used to create a *proof of possession* of the key material when requesting a further Credential or for the renewal of a Credential. + - Section 7.3 of [`OpenID4VCI`_]. + * - **c_nonce_expires_in** + - REQUIRED. JSON integer corresponding to the ``c_nonce`` lifetime in seconds. + - Section 7.3 of [`OpenID4VCI`_]. + * - **notification_id** + - OPTIONAL. String identifying an issued Credential that the Wallet includes in the Notification Request as defined in Section :ref:`Notification Request`. It MUST NOT be present if the ``credential`` parameter is not present + - Section 7.3 of [`OpenID4VCI`_]. + + +If the Credential Request is invalid, the PID/(Q)EAA Provider MUST return an error response as defined in Section 7.3.1 of [`OpenID4VCI`_]. The response MUST use the content type *application/json* and MUST include the following parameters: + + - *error*. The error code. + - *error_description*. Text in human-readable form providing further details to clarify the nature of the error encountered. + +.. code:: http + + HTTP/1.1 400 Bad Request + Content-Type: application/json + Cache-Control: no-store + +.. literalinclude:: ../../examples/credential-error.json + :language: JSON + +Notification endpoint +--------------------- + +The Notification Endpoint is used by the Wallet to notify the PID/(Q)EAA Provider of certain events for issued Credentials, such as if the Credential was successfully stored in the Wallet Instance or in case of unsuccessful Credential issuance caused by a User action. + +This endpoint MUST be protected using a DPoP Access Token. TLS for the confidentiality of the HTTP transport is REQUIRED according to Section 10 of [`OpenID4VCI`_]. + + +Notification Request +^^^^^^^^^^^^^^^^^^^^ + +The Notification Request MUST be an HTTP POST using the *application/json* media type with the following parameters. + +.. list-table:: + :widths: 20 60 25 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **notification_id** + - REQUIRED. It MUST be equal to the ``notification_id`` value returned in the Credential Response by the PID/(Q)EAA Provider. + - Section 10.1 of [`OpenID4VCI`_]. + * - **event** + - REQUIRED. Type of the notification event. It MUST be a case sensitive string and it MUST support the following values: + + - *credential_accepted*: when the Credential was successfully stored in the Wallet Instance. + - *credential_deleted*: when the unsuccessful Credential issuance was caused by a user action. + - *credential_failure*: in all other unsuccessful cases. + + - Section 10.1 of [`OpenID4VCI`_]. + * - **event_description** + - OPTIONAL. Human-readable ASCII [USASCII] text providing additional information, used to inform about the event that occurred. Values for the event_description parameter MUST NOT include characters outside the set *%x20-21 / %x23-5B / %x5D-7E*. + - Section 10.1 of [`OpenID4VCI`_]. + + + +Notification Response +^^^^^^^^^^^^^^^^^^^^^ + +The Notification Response MUST be use an HTTP status code *204 (No Content)*, as recommended in Section 10.2 of [`OpenID4VCI`_]. + +In case of errors, what is described in Section 10.3 of [`OpenID4VCI`_] MUST apply. + diff --git a/ia-terms-updates/en/_sources/proximity-flow.rst.txt b/ia-terms-updates/en/_sources/proximity-flow.rst.txt new file mode 100644 index 000000000..4b2246754 --- /dev/null +++ b/ia-terms-updates/en/_sources/proximity-flow.rst.txt @@ -0,0 +1,412 @@ + + +.. _proximity_flow_sec: + +Proximity Flow +============== + +This section describes how a Verifier requests the presentation of an *mDoc-CBOR* Credential to a Wallet Instance according to the *ISO 18013-5 Specification*. Only *Supervised Device Retrieval flow* is supported in this technical implementation profile. + +The presentation phase is divided into three sub-phases: + + 1. **Device Engagement**: This subphase begins when the User is prompted to disclose certain attributes from the mDoc(s). The objective of this subphase is to establish a secure communication channel between the Wallet Instance and the Verifier App, so that the mDoc requests and responses can be exchanged during the communication subphase. + The messages exchanged in this subphase are transmitted through short-range technologies to limit the possibility of interception and eavesdropping. + This technical implementation profile exclusively supports QR code for Device Engagement. + + 2. **Session establishment**: During the session establishment phase, the Verifier App sets up a secure connection. All data transmitted over this connection is encrypted using a session key, which is known to both the Wallet Instance and the Verifier at this stage. + The established session MAY be terminated based on the conditions as detailed in [ISO18013-5#9.1.1.4]. + + 3. **Communication - Device Retrieval**: The Verifier App encrypts the mDoc request with the appropriate session key and sends it to the Wallet Instance together with its public key in a session establishment message. The mDoc uses the data from the session establishment message to derive the session key and decrypt the mDoc request. + During the communication subphase, the Verifier App has the option to request information from the Wallet using mDoc requests and responses. The primary mode of communication is the secure channel established during the session setup. The Wallet Instance encrypts the mDoc response using the session key and transmits it to the Verifier App via a session data message. This technical implementation profile only supports Bluetooth Low Energy (BLE) for the communication sub-phase. + + +The following figure illustrates the flow diagram compliant with ISO 18013-5 for proximity flow. + +.. _fig_High-Level-Flow-ITWallet-Presentation-ISO: +.. figure:: ../../images/High-Level-Flow-ITWallet-Presentation-ISO.svg + :figwidth: 100% + :align: center + :target: https://www.plantuml.com/plantuml/svg/bL9BZnCn3BxFhx3A0H3q3_ImMlOXXBJYqGguzE9ct2RQn0bvJDb_ZoSP3QFI2xab_Xx-xDocZ34NPpiisNDn1ufT1t9GPH_XUw88cA3KjuF_3QlnwNM2dHDYq9vf1Q-Up4ddErkeme9KZ381ESFg9rfB6JwnEB4IiAYTAuou7nN_Al-WQ8xcVzHd2dm8eKeFI-cMfApNDpVd3Nm9n90rmKLBa3s4I8b441dSWrTm7wcNkq7RD3xxJE07CIhlXmqyq624-CWdF94RYQaSWiP4iAweRzjr1vLvRkOVYIcYY32TWO8c9rSBp_GYWKoSe88LzPtsvx5HKO5xtnCSVVpNibA6ATjE8IyfKr7aBgptVDry0WlPXIBOH2aPpoEcbgzDOJTXIEPui2PfrqROZogki56OfNuvcxkdHv5N9H8eZSnaPLRJwUPU95JTn9P-5J60Tn2AcAZQjJ_MiCljxndUN6texN8Dr-ErSjd0roZrNEUjFDSVaJqaZP6gOMpDK0-61UHglkcJjJL75Cx4NHflAKT30xLGH_41wnLQIDb7FD6C7URSAOZCSfCjxyjSWcHEZBb4slCuTQL9FJVsWDRq9akuxfQuByx-0G00 + + High-Level Proximity Flow + +**Step 1-3**: The Verifier requests the User to reveal certain attributes from their mDoc(s) stored in the Wallet Instance. The User initiates the Wallet Instance. The Wallet Instance MUST create a new temporary key pair (EDeviceKey.Priv, EDeviceKey.Pub), and incorporate the cipher suite identifier, the identifier of the elliptic curve for key agreement, and the EDeviceKey public point into the device engagement structure (refer to [ISO18013-5#9.1.1.4]). This key pair is temporary and MUST be invalidated immediately after the secure channel is established. Finally, the Wallet Instance displays the QR Code for Device Engagement. + +Below an example of a device engagement structure that utilizes QR for device engagement and Bluetooth Low Energy (BLE) for data retrieval. + +CBOR data: + +.. code-block:: + + a30063312e30018201d818584ba4010220012158205a88d182bce5f42efa59943f33359d2e8a968ff289d93e5fa444b624343167fe225820b16e8cf858ddc7690407ba61d4c338237a8cfcf3de6aa672fc60a557aa32fc670281830201a300f401f50b5045efef742b2c4837a9a3b0e1d05a6917 + +In diagnostic notation: + +.. code-block:: + + { + 0: "1.0", % Version + + 1: % Security + [ + 1, % defines the cipher suite 1 which contains only EC curves + 24(<< % embedded CBOR data item + { + 1: 2, % kty:EC2 (Elliptic curves with x and y coordinate pairs) + -1: 1, % crv:p256 + -2:h'5A88D182BCE5F42EFA59943F33359D2E8A968FF289D93E5FA444B624343 167FE',% x-coordinate + -3:h'B16E8CF858DDC7690407BA61D4C338237A8CFCF3DE6AA672FC60A557AA32FC67' % y-coordinate + } + >>) + ], + + 2: %DeviceRetrievalMethods(Device engagement using QR code) + [ + [ + 2, %BLE + 1, % Version + { %BLE options + 0: false, % no support for mdoc peripheral server mode + 1: true, % support mdoc central client mode + 11: h'45EFEF742B2C4837A9A3B0E1D05A6917' % UUID of mdoc client central mode + } + ] + ] + } + + + +**Step 4-6**: The Verifier App scans the QR Code and generates its own ephemeral key pair (EReaderKey.Priv, EReaderKey.Pub). It then calculates the session key, using the public key received in the Engagement Structure and its newly-generated private key, as outlined in [ISO18013-5#9.1.1.5]. Finally, it generates its session key, which must be independently derived by both the Wallet Instance and the Verifier App. + +**Step 7**: The Verifier App creates an mDoc request that MUST be encrypted using the relevant session key, and transmits it to the Wallet Instance along with EReaderKey.Pub within a session establishment message. The mDoc request MUST be encoded in CBOR, as demonstrated in the following non-normative example. + +CBOR data: +.. code-block:: + + a26776657273696f6e63312e306b646f63526571756573747381a26c6974656d7352657175657374d818590152a267646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6a6e616d65537061636573a2746f72672e69736f2e31383031332e352e312e4954a375766572696669636174696f6e2e65766964656e6365f4781c766572696669636174696f6e2e6173737572616e63655f6c6576656cf4781c766572696669636174696f6e2e74727573745f6672616d65776f726bf4716f72672e69736f2e31383031332e352e31ab76756e5f64697374696e6775697368696e675f7369676ef47264726976696e675f70726976696c65676573f46f646f63756d656e745f6e756d626572f46a69737375655f64617465f46f69737375696e675f636f756e747279f47169737375696e675f617574686f72697479f46a62697274685f64617465f46b6578706972795f64617465f46a676976656e5f6e616d65f468706f727472616974f46b66616d696c795f6e616d65f46a726561646572417574688443a10126a11821590129308201253081cda00302010202012a300a06082a8648ce3d0403023020311e301c06035504030c15536f6d652052656164657220417574686f72697479301e170d3233313132343130323832325a170d3238313132323130323832325a301a3118301606035504030c0f536f6d6520526561646572204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004aa1092fb59e26ddd182cfdbc85f1aa8217a4f0fae6a6a5536b57c5ef7be2fb6d0dfd319839e6c24d087cd26499ec4f87c8c766200ba4c6218c74de50cd1243b1300a06082a8648ce3d0403020347003044022048466e92226e042add073b8cdc43df5a19401e1d95ab226e142947e435af9db30220043af7a8e7d31646a424e02ea0c853ec9c293791f930bf589bee557370a4c97bf6584058a0d421a7e53b7db0412a196fea50ca6d4c8a530a47dd84d88588ab145374bd0ab2a724cf2ed2facf32c7184591c5969efd53f5aba63194105440bc1904e1b9 + +The above CBOR data is represented in diagnostic notation as follows: +.. code-block:: + + { + "version": "1.0", + "docRequests": [ + { + "itemsRequest": 24(<< { + "docType": "org.iso.18013.5.1.mDL", + "nameSpaces": { + "org.iso.18013.5.1.IT": { + "verification.evidence": false, + "verification.assurance_level": false, + "verification.trust_framework": false + }, + "org.iso.18013.5.1": { + "un_distinguishing_sign": false, + "driving_privileges": false, + "document_number": false, + "issue_date": false, + "issuing_country": false, + "issuing_authority": false, + "birth_date": false, + "expiry_date": false, + "given_name": false, + "portrait": false, + "family_name": false + } + } + } >>), + "readerAuth": [ + h'a10126', + { + 33: h'308201253081cda00302010202012a300a06082a8648ce3d0403023020311e301c06035504030c15536f6d652052656164657220417574686f72697479301e170d3233313132343130323832325a170d3238313132323130323832325a301a3118301606035504030c0f536f6d6520526561646572204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004aa1092fb59e26ddd182cfdbc85f1aa8217a4f0fae6a6a5536b57c5ef7be2fb6d0dfd319839e6c24d087cd26499ec4f87c8c766200ba4c6218c74de50cd1243b1300a06082a8648ce3d0403020347003044022048466e92226e042add073b8cdc43df5a19401e1d95ab226e142947e435af9db30220043af7a8e7d31646a424e02ea0c853ec9c293791f930bf589bee557370a4c97b' + }, + null, + h'58a0d421a7e53b7db0412a196fea50ca6d4c8a530a47dd84d88588ab145374bd0ab2a724cf2ed2facf32c7184591c5969efd53f5aba63194105440bc1904e1b9' + ] + } + ] + } + +**Step 8**: The Wallet Instance uses the session establishment message to derive the session keys and decrypt the mDoc request. It computes the session key using the public key received from the Verifier App and its private key. + +**Step 9-10**: When the Wallet Instance receives the mDoc request, it locates the documents that contain the requested attributes and asks the User for permission to provide this information to the Verifier. If the User agrees, the Wallet generates an mDoc response and transmits it to the Verifier App through the secure channel. + +**Step 11-12**: If the User gives consent, the Wallet Instance creates an mDoc response and transmits it to the Verifier App via the secure channel. The mDoc response MUST be encoded in CBOR, with its structure outlined in [ISO18013-5#8.3.2.1.2.2]. Below is a non-normative example of an mDoc response. + +CBOR Data: +.. code-block:: + + a36776657273696f6e63312e3069646f63756d656e747381a367646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6c6973737565725369676e6564a26a6e616d65537061636573a2746f72672e69736f2e31383031332e352e312e495483d81858f7a46864696765737449440b6672616e646f6d506d44f21ee875f2c1d502b43198e5a15271656c656d656e744964656e74696669657275766572696669636174696f6e2e65766964656e63656c656c656d656e7456616c756581a2647479706571656c656374726f6e69635f7265636f7264667265636f7264bf6474797065781f68747470733a2f2f657564692e77616c6c65742e70646e642e676f762e697466736f75726365bf716f7267616e697a6174696f6e5f6e616d65754d6f746f72697a7a617a696f6e6520436976696c656f6f7267616e697a6174696f6e5f6964656d5f696e666c636f756e7472795f636f6465626974ffffd8185866a4686469676573744944046672616e646f6d50185d84dfb71ce9b173010ddd62174fbe71656c656d656e744964656e746966696572781c766572696669636174696f6e2e74727573745f6672616d65776f726b6c656c656d656e7456616c7565656569646173d8185865a4686469676573744944006672616e646f6d50137f903174253c4585358267aae2ea4e71656c656d656e744964656e746966696572781c766572696669636174696f6e2e6173737572616e63655f6c6576656c6c656c656d656e7456616c75656468696768716f72672e69736f2e31383031332e352e318bd8185852a46864696765737449440c6672616e646f6d5053e29d0ddbbc7d2306a32bdbe2e56e5171656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756563446f65d8185855a4686469676573744944036672616e646f6d50990cba2069fa1b33b8d6ae910b6549dc71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c756567416e746f6e696fd818585ba46864696765737449440a6672616e646f6d504086c1379975f805f1b1f4975e6a126571656c656d656e744964656e7469666965726a69737375655f646174656c656c656d656e7456616c7565d903ec6a323031392d31302d3230d818585ca4686469676573744944016672616e646f6d50ab4ca30c918dd2fd0bf35242c15fa2d871656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032342d31302d3230d8185855a4686469676573744944076672616e646f6d508d9066f6c8da16619867cd4e2fab0c8871656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565624954d818587ea4686469676573744944056672616e646f6d5059fe68db795dee4c20976380ea24770571656c656d656e744964656e7469666965727169737375696e675f617574686f726974796c656c656d656e7456616c75657828497374697475746f20506f6c696772616669636f2065205a656363612064656c6c6f20537461746fd818585ba4686469676573744944026672616e646f6d5008b3f1ca5517019767be3dee3bb0614571656c656d656e744964656e7469666965726a62697274685f646174656c656c656d656e7456616c7565d903ec6a313935362d30312d3230d818585ca4686469676573744944096672616e646f6d50a2395ec214350c26066306e23279b3ae71656c656d656e744964656e7469666965726f646f63756d656e745f6e756d6265726c656c656d656e7456616c756569393837363534333231d8185850a4686469676573744944066672616e646f6d50a25e1a5b915d2d6eafee9674e023293971656c656d656e744964656e74696669657268706f7274726169746c656c656d656e7456616c75654420212223d81858eea46864696765737449440d6672616e646f6d50eeed6a3b856563627589a360939d12f771656c656d656e744964656e7469666965727264726976696e675f70726976696c656765736c656c656d656e7456616c756582a37576656869636c655f63617465676f72795f636f646561416a69737375655f64617465d903ec6a323031382d30382d30396b6578706972795f64617465d903ec6a323032342d31302d3230a37576656869636c655f63617465676f72795f636f646561426a69737375655f64617465d903ec6a323031372d30322d32336b6578706972795f64617465d903ec6a323032342d31302d3230d818585ba4686469676573744944086672616e646f6d50c0ef486b2a194ed3cbf7f354fd40092171656c656d656e744964656e74696669657276756e5f64697374696e6775697368696e675f7369676e6c656c656d656e7456616c756561496a697373756572417574688443a10126a118215901423082013e3081e5a00302010202012a300a06082a8648ce3d040302301a3118301606035504030c0f5374617465204f662055746f706961301e170d3233313132343134353430345a170d3238313132323134353430345a30383136303406035504030c2d5374617465204f662055746f7069612049737375696e6720417574686f72697479205369676e696e67204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004c338ec1000b351ce8bcdfc167450aeceb + +In diagnostic notation: +.. code-block:: + + { + "version": "1.0", + "documents": [ + { + "docType": "org.iso.18013.5.1.mDL", + "issuerSigned": { + "nameSpaces": { + "org.iso.18013.5.1.IT": [ + 24(<< { + "digestID": 11, + "random": h'6d44f21ee875f2c1d502b43198e5a152', + "elementIdentifier": "verification.evidence", + "elementValue": [ + { + "type": "electronic_record", + "record": { + "type": "https://eudi.wallet.pdnd.gov.it", + "source": { + "organization_name": "Motorizzazione Civile", + "organization_id": "m_inf", + "country_code": "it" + } + } + } + ] + } >>), + 24(<< { + "digestID": 4, + "random": h'185d84dfb71ce9b173010ddd62174fbe', + "elementIdentifier": "verification.trust_framework", + "elementValue": "eidas" + } >>), + 24(<< { + "digestID": 0, + "random": h'137f903174253c4585358267aae2ea4e', + "elementIdentifier": "verification.assurance_level", + "elementValue": "high" + } >>) + ], + "org.iso.18013.5.1": [ + 24(<< { + "digestID": 12, + "random": h'53e29d0ddbbc7d2306a32bdbe2e56e51', + "elementIdentifier": "family_name", + "elementValue": "Doe" + } >>), + 24(<< { + "digestID": 3, + "random": h'990cba2069fa1b33b8d6ae910b6549dc', + "elementIdentifier": "given_name", + "elementValue": "Antonio" + } >>), + 24(<< { + "digestID": 10, + "random": h'4086c1379975f805f1b1f4975e6a1265', + "elementIdentifier": "issue_date", + "elementValue": 1004("2019-10-20") + } >>), + 24(<< { + "digestID": 1, + "random": h'ab4ca30c918dd2fd0bf35242c15fa2d8', + "elementIdentifier": "expiry_date", + "elementValue": 1004("2024-10-20") + } >>), + 24(<< { + "digestID": 7, + "random": h'8d9066f6c8da16619867cd4e2fab0c88', + "elementIdentifier": "issuing_country", + "elementValue": "IT" + } >>), + 24(<< { + "digestID": 5, + "random": h'59fe68db795dee4c20976380ea247705', + "elementIdentifier": "issuing_authority", + "elementValue": "Istituto Poligrafico e Zecca dello Stato" + } >>), + 24(<< { + "digestID": 2, + "random": h'08b3f1ca5517019767be3dee3bb06145', + "elementIdentifier": "birth_date", + "elementValue": 1004("1956-01-20") + } >>), + 24(<< { + "digestID": 9, + "random": h'a2395ec214350c26066306e23279b3ae', + "elementIdentifier": "document_number", + "elementValue": "987654321" + } >>), + 24(<< { + "digestID": 6, + "random": h'a25e1a5b915d2d6eafee9674e0232939', + "elementIdentifier": "portrait", + "elementValue": h'20212223' + } >>), + 24(<< { + "digestID": 13, + "random": h'eeed6a3b856563627589a360939d12f7', + "elementIdentifier": "driving_privileges", + "elementValue": [ + { + "vehicle_category_code": "A", + "issue_date": 1004("2018-08-09"), + "expiry_date": 1004("2024-10-20") + }, + { + "vehicle_category_code": "B", + "issue_date": 1004("2017-02-23"), + "expiry_date": 1004("2024-10-20") + } + ] + } >>), + 24(<< { + "digestID": 8, + "random": h'c0ef486b2a194ed3cbf7f354fd400921', + "elementIdentifier": "un_distinguishing_sign", + "elementValue": "I" + } >>) + ] + }, + "issuerAuth": [ + h'a10126', + { + 33: h'3082013e3081e5a00302010202012a300a06082a8648ce3d040302301a3118301606035504030c0f5374617465204f662055746f706961301e170d3233313132343134353430345a170d3238313132323134353430345a30383136303406035504030c2d5374617465204f662055746f7069612049737375696e6720417574686f72697479205369676e696e67204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004c338ec1000b351ce8bcdfc167450aeceb7d518bd9a519583e082d67effff06565804fc09abf0e4a08e699c9dba3796285a15f68e40ac7f9fc7700a15153a4065300a06082a8648ce3d040302034800304502210099b7d62e6bf7b1823db3713df889bf73e70bb4d9c58c21e92c58d2f1beffe932022058d039747a00d70e6d66be4797e6142b3608a014ee09b7b79af2cae2aaf27788' + }, + 24(<< { + "version": "1.0", + "digestAlgorithm": "SHA-256", + "docType": "org.iso.18013.5.1.mDL", + "valueDigests": { + "org.iso.18013.5.1": { + 1: h'0E5F0B6B33418E508740771E82F893372EAF5B2445BC4C84DCF08B005E9493FC', + 2: h'DE21BB62FF2897D8B986D2CDA9F9BC5865C02807F7B4D9DD1FA4A79DF4C0D37F', + 3: h'BC5568239E35CE9FF8798C27FFDCD757B134B679F0FE05729AA3491381912E65', + 5: h'E6048BDC7FD6454296F1E3F54536107C9C5B24C4064DE46A98121E3630EECCA2', + 6: h'73690D92DCAA61B0203870F67C6AA9FDFEA889B6F0C720DE757B4B0A8516A206', + 7: h'E353EA0B0FD92B6BE90C64CC3B2EE1284153A8F0F5066B99AAC599200E6EEEB2', + 8: h'29227872CEB49923D267B5F4BADE6D387B42AC2DC4B2AE26C9013067FEE7018A', + 9: h'A6A119F7CACAC0B8C6AACAC747FD3FE7E50B6D9BB8A507FDA79F0DF6646F285D', + 10: h'6D8025D2F02A5E7E1406FB6AAEB67F9EDE9B07191A53F3E23B77C528223A94E2', + 12: h'B0D43E4E2EA534E4D5304E64BCF7A0F13E2C8EE8304B9CD23ABA4909652A4647', + 13: h'FBF4DE318982F2DBAD43C601CAEB22628B301AC18AA8264C5831B2AAAC89C486' + }, + "org.iso.18013.5.1.IT": { + 0: h'CF57377B675F64F37314739592C1E8A911A7DDAF341CE2902FE877C5A835E4C1', + 4: h'4A4B4CC64EC9299C1A2501EA449F577005E9F7A60408057C07A7C67FB151E5F5', + 11: h'78824FBD6FBBA88A2AAB44DF8B6F5E9759126D87D1F4415995E658FD9239E1FE' + } + }, + "deviceKeyInfo": { + "deviceKey": { + 1: 2, + -1: 1, + -2: h'AFD09E720B918CEDC2B8A881950BAB6A1051E18AE16A814D51E609938663D5E1', + -3: h'61FBC6C8AD24EC86A78BB4E9AC377DD2B7C711D9F2EB9AFD4AA0963662847AED'}}, + "validityInfo": { + "signed": 0("2023-11-24T14:54:05Z"), + "validFrom": 0("2023-11-24T14:54:05Z"), + "validUntil": 0("2024-11-24T14:54:05Z")} + } >>), + h'f2461e4fab69e9f7bcffe552395424514524d1679440036213173101448d1b1ab4a293859b389ffa8b47aeed10e9b0c1545412ac37c51a76482cd9bbbe110152' + ] + }, + "deviceSigned": { + "nameSpaces": 24(<< {} >>), + "deviceAuth": { + "deviceSignature": [ + h'a10126', + {}, + null, + h'1fed7190d2975ab79c072e6f1d9d52436059d1fc959d55baf74f057d89b10fcc0dc77a50d433d4c76ddf26223c5560c4ab123b5cb5eb805a90036aa147493076' + ] + } + } + } + ], + "status": 0 + } + +**Step 13**: The Verifier App is required to validate the signatures in the mDoc's issuerSigned field using the public key of the Credential Issuer specified within the mDoc. Subsequently, the Verifier MUST validate the signature in the deviceSigned field. If these signature checks pass, the Verifier can confidently consider the received information as valid. + +Device Engagement +----------------- + +The Device Engagement structure MUST be have at least the following components: + + - **Version**: *tstr*. Version of the data structure being used. + - **Security**: an array that contains two mandatory values + + - the cipher identifier: see Table 22 of [ISO18013-5] + - the mDL public ephemeral key generated by the Wallet Instance and required by the Verifier App to derive the Session Key. The mDL public ephemeral key MUST be of a type allowed by the indicated cipher suite. + - **transferMethod**: an array that contains one or more transferMethod arrays when performing device engagement using the QR code. This array is for offline data retrieval methods. A transferMethod array holds two mandatory values (type and version). Only the BLE option is supported by this technical implementation profile, then the type value MUST be set to ``2``. + - **BleOptions**: this elements MUST provide options for the BLE connection (support for Peripheral Server or Central Client Mode, and the device UUID). + + +mDoc Request +------------ + +The messages in the mDoc Request MUST be encoded using CBOR. The resulting CBOR byte string for the mDoc Request MUST be encrypted with the Session Key obtained after the Device Engagement phase and MUST be transmitted using the BLE protocol. +The details on the structure of mDoc Request, including identifier and format of the data elements, are provided below. + + - **version**: (tstr). Version of the data structure. + - **docRequests**: Requested DocType, NameSpace and data elements. + + - **itemsRequest**: #6.24(bstr .cbor ItemsRequest). + + - **docType**: (tstr). The DocType element contains the type of document requested. See :ref:`Data Model Section `. + - **nameSpaces**: (tstr). See :ref:`Data Model Section ` for more details. + + - **dataElements**: (tstr). Requested data elements with *Intent to Retain* value for each requested element. + + - **IntentToRetain**: (bool). It indicates that the Verifier App intends to retain the received data element. + - **readerAuth**: *COSE_Sign1*. It is required for the Verifier App authentication. + +.. note:: + + The domestic data elements MUST not be returned unless specifically requested by the Verifier App. + +mDoc Response +------------- + +The messages in the mDoc Response MUST be encoded using CBOR and MUST be encrypted with the Session Key obtained after the Device Engagement phase. +The details on the structure of mDoc Response are provided below. + + - **version**: (tstr). Version of the data structure. + - **documents**: Returned *DocType*, and *ResponseData*. + + - **docType**: (tstr). The DocType element contains the type of document returned. See :ref:`Data Model Section `. + - **ResponseData**: + + - **IssuerSigned**: Responded data elements signed by the issuer. + + - **nameSpaces**: (tstr). See :ref:`Data Model Section ` for more details. + + - **IssuerSignedItemBytes**: #6.24(bstr .cbor). + + - **digestID**: (uint). Reference value to one of the **ValueDigests** provided in the *Mobile Security Object* (`issuerAuth`). + - **random**: (bstr). Random byte value used as salt for the hash function. This value SHALL be different for each *IssuerSignedItem* and it SHALL have a minimum length of 16 bytes. + - **elementIdentifier**: (tstr). Identifier of User attribute name contained in the Credential. + - **elementValue**: (any). User attribute value + - **DeviceSigned**: Responded data elements signed by the Wallet Instance. + + - **NameSpaces**: #6.24(bstr .cbor DeviceNameSpaces). The DeviceNameSpaces structure MAY be an empty structure. DeviceNameSpaces contains the data element identifiers and values. It is returned as part of the corresponding namespace in DeviceNameSpace. + + - **DataItemName**: (tstr). The identifier of the element. + - **DataItemValue**: (any). The value of the element. + - **DeviceAuth**: The DeviceAuth structure MUST contain the DeviceSignature elements. + + - **DeviceSignature**: It MUST contain the device signature for the Wallet Instance authentication. + - **status**: It contains a status code. For detailed description and action required refer to to Table 8 (ResponseStatus) of the [ISO18013-5] + + +Session Termination +------------------- + +The session MUST be terminated if at least one of the following conditions occur. + + - After a time-out of no activity of receiving or sending session establishment or session data messages occurs. The time-out for no activity implemented by the Wallet Instance and the Verifier App SHOULD be no less than 300 seconds. + - When the Wallet Instance doesn't accept any more requests. + - When the Verifier App does not send any further requests. + +If the Wallet Instance and the Verifier App does not send or receive any further requests, the session termination MUST be initiated as follows. + + - Send the status code for session termination, or + - dispatch the "End" command as outlined in [ISO18013-5#8.3.3.1.1.5]. + +When a session is terminated, the Wallet Instance and the Verifier App MUST perform at least the following actions: + + - destruction of session keys and related ephemeral key material; + - closure of the communication channel used for data retrieval. diff --git a/ia-terms-updates/en/_sources/pseudonyms.rst.txt b/ia-terms-updates/en/_sources/pseudonyms.rst.txt new file mode 100644 index 000000000..e53c8bbc4 --- /dev/null +++ b/ia-terms-updates/en/_sources/pseudonyms.rst.txt @@ -0,0 +1,45 @@ +.. include:: ../common/common_definitions.rst + +.. _pseudonyms.rst: + + +Pseudonyms +++++++++++ + + +What it is useful for +--------------------- +Pseudonyms are useful for: +- Protecting user privacy in online platforms +- Allowing anonymous participation in discussions or transactions +- Maintaining consistent identities across multiple services without revealing personal information +- Compliance with data protection regulations that require data minimization + +Example +------- +In a social media platform, a user might choose the pseudonym "SunflowerDreamer" +instead of using their real name "Jane Smith". This allows Jane +to participate in discussions while maintaining her privacy. + +General Properties +------------------ +- Uniqueness within a given context. +- Consistency (the same entity always uses the same pseudonym in a given context). +- Reversibility (optional, depending on the system's requirements). +- Non-linkability to the real identity (without additional information). + +Requirements +------------ +- IT-Wallet MUST be able to generate or assign unique pseudonyms. +- The pseudonym SHOULD NOT contain information that directly reveals the entity's real identity. +- The system SHOULD maintain a secure mapping between pseudonyms and real identities (if reversibility is required). +- The pseudonym generation process SHOULD be resistant to guessing attacks. + + +Implementation Considerations +----------------------------- +- IT-Wallet MUST use a pseudonym format that balances uniqueness, readability, and security. +- IT-Wallet MUST implement a secure method for generating and storing pseudonyms. +- IT-Wallet SHOULD use different pseudonyms for the same entity across different contexts to prevent cross-context linking. +- IT-Wallet SHOULD implement access controls to protect the mapping between pseudonyms and real identities. +- IT-Wallet SHOULD implements policies for pseudonym rotation or expiration. diff --git a/ia-terms-updates/en/_sources/relying-party-entity-configuration.rst.txt b/ia-terms-updates/en/_sources/relying-party-entity-configuration.rst.txt new file mode 100644 index 000000000..9f0f69e85 --- /dev/null +++ b/ia-terms-updates/en/_sources/relying-party-entity-configuration.rst.txt @@ -0,0 +1,68 @@ +.. include:: ../common/common_definitions.rst + +Entity Configuration of Relying Parties +-------------------------------------------- + +According to Section :ref:`Configuration of the Federation`, as a Federation Entity, the Relying Party is required to maintain a well-known endpoint that hosts its Entity Configuration. +The Entity Configuration of Relying Parties MUST contain the parameters defined in the Sections :ref:`Entity Configuration Leaves and Intermediates` and :ref:`Entity Configurations Common Parameters`. + +The Relying Parties MUST provide the following metadata types: + + - `federation_entity` + - `wallet_relying_party` + + +Metadata for federation_entity +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The *federation_entity* metadata MUST contain the claims as defined in Section :ref:`Metadata of federation_entity Leaves`. + +Metadata for wallet_relying_party +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The *wallet_relying_party* metadata MUST contain the following parameters. + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - **client_id** + - It MUST contain an HTTPS URL that uniquely identifies the RP. See :rfc:`7591#section-3.2.1` and `OpenID Connect Dynamic Client Registration 1.0 `_ Section 3.2. + * - **client_name** + - Human-readable string name of the RP. See :rfc:`7591#section-2`. + * - **application_type** + - String indicating the type of application. It MUST be set to "*web*" value. See `OpenID Connect Dynamic Client Registration 1.0 `_ Section 2. + * - **request_uris** + - JSON Array of *request_uri* values that are pre-registered by the RP. These URLs MUST use the *https* scheme. See `OpenID Connect Dynamic Client Registration 1.0 `_ Section 2. + * - **response_uris_supported** + - JSON Array of response URI strings to which the Wallet Instance MUST send the Authorization Response using an HTTP POST request as defined by the Response Mode ``direct_post`` and ``direct_post.jwt`` (see `OpenID4VP`_ Draft 20 Sections 6.2 and 6.3). + * - **authorization_signed_response_alg** + - String representing the JWS [:rfc:`7515`] *alg* algorithm that MUST be used for signing authorization responses. The algorithm *none* MUST NOT be used. See `[oauth-v2-jarm-03] `_ Section 3. + * - **vp_formats** + - JSON object defining the formats and proof types of Verifiable Presentations and Verifiable Credentials the RP supports. It consists of a list of name/value pairs, where each name uniquely identifies a supported type. The RP MUST support at least "*vc+sd-jwt*" according to `OPENID4VC-HAIP`_ Draft 00 Section 7.2.7. The value associated with each name/value pair MUST be a JSON object "**sd-jwt_alg_values**" that MUST contain a JSON array containing identifiers of cryptographic algorithms the RP supports for protection of a SD-JWT. The *alg* JOSE header (as defined in :rfc:`7515`) of the presented SD-JWT MUST match one of the array values. See also `OpenID4VP`_ Draft 20 Section 9.1. + * - **presentation_definitions_supported** + - JSON Array of supported *presentation_definition* objects that MUST be compliant to the syntax defined in Section 5 of `[DIF.PresentationExchange] `_ and Section 7.2.8 of `OPENID4VC-HAIP`_ Draft 00. For *presentation_definition* objects see also `OpenID4VP`_ Section 5.1. + * - **jwks** + - JSON Web Key Set document, passed by value, containing the protocol specific keys for the Relying Party. See `[oauth-v2-jarm-03] `_ Section 3, `OID-FED`_ Draft 36 Section 5.2.1 and `JWK`_. + +.. note:: + The claims **response_uris_supported** and **presentation_definitions_supported** are introduced in this Specification. + +Example of a Relying Party Entity Configuration +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Below a non-normative example of the request made by the Wallet Instance to the *openid-federation* well-known endpoint to obtain the Relying Party Entity Configuration: + +.. code-block:: http + + GET /.well-known/openid-federation HTTP/1.1 + HOST: relying-party.example.org + + +Below is a non-normative response example: + +.. literalinclude:: ../../examples/ec-rp.json + :language: JSON + diff --git a/ia-terms-updates/en/_sources/relying-party-solution.rst.txt b/ia-terms-updates/en/_sources/relying-party-solution.rst.txt new file mode 100644 index 000000000..eabd1c452 --- /dev/null +++ b/ia-terms-updates/en/_sources/relying-party-solution.rst.txt @@ -0,0 +1,20 @@ + + + + +.. _relying-party-solution: + +Relying Party Solution ++++++++++++++++++++++++ + +This section describes how a remote Relying Party or a Verifier App requests to a Wallet Instance the presentation of the PID/EAAs. + +In this section the following flows are described: + +- :ref:`Remote Flow`, where the User presents a Credential to a remote Relying Party according to `OpenID4VP`_ Draft 20. In this scenario the user-agent and the Wallet Instance can be used in the same device (**Same Device Flow**), or in different devices (**Cross Device Flow**). +- :ref:`Proximity Flow`, where the User presents a Credential to a Verifier App according to ISO 18013-5. The User interacts with a Verifier using proximity connection technologies such as QR Code and Bluetooth Low Energy (BLE). + +.. include:: remote-flow.rst + +.. include:: proximity-flow.rst + diff --git a/ia-terms-updates/en/_sources/remote-flow.rst.txt b/ia-terms-updates/en/_sources/remote-flow.rst.txt new file mode 100644 index 000000000..6d52c18ba --- /dev/null +++ b/ia-terms-updates/en/_sources/remote-flow.rst.txt @@ -0,0 +1,571 @@ +.. include:: ../common/common_definitions.rst +.. _Wallet Attestation: wallet-attestation.html +.. _Trust Model: trust.html + + + +Remote Flow +=========== + +In this flow the Relying Party MUST provide the URL where the signed presentation Request Object is available for download. + +Depending on whether the User is using a mobile device or a workstation, the Relying Party MUST support the following remote flows: + +* **Same Device**, the Relying Party MUST provide a HTTP redirect (302) location to the Wallet Instance; +* **Cross Device**, the Relying Party MUST provide a QR Code which the User frames with the Wallet Instance. + +Once the Wallet Instance establishes the trust with the Relying Party and evaluates the request, the User gives the consent for the disclosure of the Digital Credentials, in the form of a Verifiable Presentation. + +A High-Level description of the remote flow, from the User's perspective, is given below: + + 1. the Wallet Instance obtains an URL in the Same Device flow or a QR Code containing the URL in Cross Device flow; + 2. the Wallet Instance extracts from the payload the following parameters: ``client_id``, ``request_uri``, ``state``, ``request_uri_method`` and ``client_id_scheme``; + 3. If the ``client_id_scheme`` is provided and set with the value ``entity_id``, the Wallet Instance MUST collect and validate the OpenID Federation Trust Chain related to the Relying Party. If the ``client_id_scheme`` is either not provided or is assigned a value different from ``entity_id``, the Wallet Instance MUST establish the trust by utilizing the ``client_id`` or an alternative ``client_id_scheme`` value. This alternative value MUST enable the Wallet Instance to establish trust with the Relying Party, ensuring compliance with the assurance levels mandated by the trust framework; + 4. If ``request_uri_method`` is provided and set with the value ``post``, the Wallet Instance SHOULD transmit its metadata to the Relying Party's ``request_uri`` endpoint using the HTTP POST method and obtain the signed Request Object. If ``request_uri_method`` is set with the value ``get`` or not present, the Wallet Instance MUST fetch the signed Request Object using an HTTP request with method GET to the endpoint provided in the ``request_uri`` parameter; + 5. the Wallet Instance verifies the signature of the signed Request Object, using the public key obtained with the trust chain, and that its issuer matches the ``client_id`` obtained at the step number 2; + 6. the Wallet Instance evaluates the requested Digital Credentials and checks the elegibility of the Relying Party in asking these by applying the policies related to that specific Relying Party, obtained with the trust chain; + 7. the Wallet Instance asks User disclosure and consent; + 8. the Wallet Instance presents the requested information to the Relying Party along with the Wallet Attestation. The Relying Party validates the presented Credentials checking the trust with their Issuers, and validates the Wallet Attestation by also checking that the Wallet Provider is trusted; + 9. the Wallet Instance informs the User about the successfull authentication with the Relying Party, the User continues the navigation. + +Below a sequence diagram that summarizes the interactions between all the involved parties. + +.. figure:: ../../images/cross_device_auth_seq_diagram.svg + :figwidth: 100% + :align: center + :target: https://www.plantuml.com/plantuml/svg/ZLLRRnit4ttdhpZGz_3PXkCcwPi05t5SDvUqjMefoKCI21Ht9B6co2qlgxX5_tjdIUo2SWIqXc5Or5pEd3apyo94wMFQ6I5JT3RjLkI545SgEe_9-q1-0XcGX5Yvh-NX_m4_KgSLXGd-zxFUREDBaqYq74ShtKeRCVaeZQ68DvR3MqKvnlxG976e9t93DfOCKf1jm5aEpUx8F6YxmOmV7x9bHq985NKd8p6mX2S_iFSK7sc5EVaU6Qpiz4P6xMnbAaL3jQFiFJkQuex-I1GYPjv5Kf4QVWakUSMPBY_vcGB3pE4msyf0kBmSu_PuEXf2NNlgtoJEpW9xqDaPEidqVBOhbxY-w30M7g6SkzT7t7q1j4nUmmzGEXeg_UtksZM4spkyNYnc3BRHdd7ZvFkdpq-nrt7xsIgZESDID-Trj7DaLEVuL3qkTnIthlc2JwFJCgWjxUXBnLZcdNystgMMWRemw03EceT29z8KywtR8svfWDbohGVCoqVjOxVz5BSjsUpsI3kGRNiEuvGqa8aDB8kZjBOEEiPadUrHGiwLj8m2FOpnyUPhz6oRKx7I91TFFc3jtIw_3VPa6p4wKTz43XuGVGenSvojHyQEaIUaYT1hVCirT42W4WUps_b20C1-a47hNQSR2WCNx2GR6IMYorbhVJ3ErcaRSuIwMG0mAgkgeE8uahAw9rR9LgwqqL5J46G2_GVOhsuMS1xMHRHbGaHLm-1TyWMziTGCRt2htqd5aVFZzUG6T3JeusY8n_eyqh231O9V1YQbRT0wenLNF7fz8A_N3pcLZCaJtBg2F-w9sv9xz996DzNOikM7sKauBGPfElgjdOToDbDrR0IkdLrhlwFcKDa3fLaek4hS2Q__BEk85rNRHyHdMxhIjSlexicEazvMssiPqcgdG-1_Z-ylt1JUA9UTwT1oPUXm1-O4erD5G2MjgyZa5_iB1bS-rWQped7Fm7L0l_C7jdyYViwU_1ttwUXMq24hprF7O9gB2ar9rQ_IXX5hQV0cX4GUYtvqIyWHCjv-N60-zBkAml0KXQ9UDOOImdDMWkl8indVlpUlNYzUtTtS_2gEUqm5hhUaxl7QcOQTtj43NchRi2Gp4FRYilbtvaAWt1fsUO8KsA8igRHYcUAU7SiDqNbFrWL6XovBjxHjLZfq8GGMMxAWQkKrEYZZ0ZMGCNgzIapM52f3r6imo-D4Qaw0CYoU83kf3MiXRyRCWgZeUj-E0dWVo2EKKd1IJXnI_huvHJNH_V7wxjd5Cpn_-XItxxWpVqrykMLv5KocsCRO1YHlYhWz5RKlbMi8Vul7urzkqrpkwE0qxOV3oT0on3fB7MClwYl5TVxRkUjelCPlvzFIwKTNgimXJlfgn-sLgodKd7upYGKihew5sUYER77F0NiYmZaIsnd3ZMvpqvn7IAfNupgPmzjxI5ckyGN_IJlp3m00 + + + Remote Protocol Flow + + +The details of each step shown in the previous picture are described in the table below. + +.. list-table:: + :widths: 10 50 + :header-rows: 1 + + * - **Id** + - **Description** + * - **1**, **2** + - The User requests to access to a protected resource of the Relying Party. + * - **3**, **4**, + - The Relying Party provides the Wallet Instance with a URL where the information about the Relying Party are provided, along with the information about where the signed request is available for download. + * - **5**, **6**, **7**, **8**, **9** + - In the **Cross Device Flow**, the Request URI is presented as a QR Code displayed to the User. The User scans the QR Code using the Wallet Instance, which retrieves a URL with the parameters ``client_id``, ``request_uri``, ``state``, ``client_id_scheme``, and ``request_uri_method``. Conversely, in the Same Device Flow, the Relying Party supplies identical information as in the Cross-Device flow, but directly through a URL. + * - **10**, + - The Wallet Instance evaluates the trust with the Relying Party. + * - **11**, **12** + - The Wallet Instance checks if the Relying Party has provided the ``request_uri_method`` within its signed Request Object. If provided and it is equal to ``post``, the Wallet Instance provides its metadata to the Relying Party. The Relying Party returns a signed Request Object compliant to the Wallet technical capabilities. + * - **13** + - When the Wallet Instance capabilities discovery is not supported by RP, the Wallet Instance request the signed Request Object using the HTTP method GET. + * - **14** + - The Wallet Instance obtains the signed Request Object. + * - **15**, **16**, **17** + - The Request Object JWS is verified by the Wallet Instance. The Wallet Instance processes the Relying Party metadata and applies the policies related to the Relying Party, attesting whose Digital Credentials and User data the Relying Party is granted to request. + * - **18**, **19** + - The Wallet Instance requests the User's consent for the release of the Credentials. The User authorizes and consents the presentation of the Credentials by selecting/deselecting the personal data to release. + * - **20** + - The Wallet Instance provides the Authorization Response to the Relying Party using an HTTP request with the method POST (response mode "direct_post.jwt"). + * - **21**, **22**, **23**, **24**, **25** + - The Relying Party verifies the Authorization Response, extracts the Wallet Attestation to establish the trust with the Wallet Solution. The Relying Party extracts the Digital Credentials and attests the trust to the Credentials Issuer and the proof of possession of the Wallet Instance about the presented Digital Credentials. Finally, the Relying Party verifies the revocation status of the presented Digital Credentials. + * - **26** + - The Relying Party provides to the Wallet Instance a redirect URI with a response code to be used by the Wallet Instance to finalize the authentication. + * - **27**, **28** and **29** + - The User is informed by the Wallet Instance that the Autentication succeded, then the protected resource is made available to the User. + + +Request URI with HTTP POST +-------------------------- + +The Relying Party SHOULD provide the POST method with its ``request_uri`` endpoint +allowing the Wallet Instance to inform the Relying Party about its technical capabilities. + +This feature can be useful when, for example, the Wallet Instance supports +a restricted set of features, supported algorithms or a specific url for +its ``authorization_endpoint``, and any other information that it deems necessary to +provide to the Relying Party for better interoperability. + +.. warning:: + The Wallet Instance, when providing its technical capabilities to the + Relying Party, MUST NOT include any User information or other explicit + information regarding the hardware used or usage preferences of its User. + +If both the Relying Party and the Wallet Instance +support the ``request_uri_method`` with HTTP POST, +the Wallet Instance capabilities (metadata) MUST +be provided using an HTTP request to the `request_uri` endpoint of the Relying Party, +with the method POST and content type set to `application/json`. + +A non-normative example of the HTTP request is represented below: + +.. code:: http + + POST /request-uri HTTP/1.1 + HOST: relying-party.example.org + Content-Type: application/json + + { + "authorization_endpoint": "https://wallet-solution.digital-strategy.europa.eu/authorization", + "response_types_supported": [ + "vp_token" + ], + "response_modes_supported": [ + "form_post.jwt" + ], + "vp_formats_supported": { + "vc+sd-jwt": { + "sd-jwt_alg_values": [ + "ES256", + "ES384" + ] + } + }, + "request_object_signing_alg_values_supported": [ + "ES256" + ], + "presentation_definition_uri_supported": false + } + +The response of the Relying Party is defined in the section below. + + +Authorization Request Details +----------------------------- + +The Relying Party MUST create a Request Object in the form of a signed JWT and +MUST provide it to the Wallet Instance through an HTTP URL (request URI). +The HTTP URL points to the web resource where the signed Request Object is +available for download. The URL parameters contained in the Relying Party +response, containing the request URI, are described in the Table below. + +.. list-table:: + :widths: 25 50 + :header-rows: 1 + + * - **Name** + - **Description** + * - **client_id** + - REQUIRED. Unique identifier of the Relying Party. + * - **request_uri** + - REQUIRED. The HTTPs URL where the Relying Party provides the signed Request Object to the Wallet Instance. + * - **client_id_scheme** + - OPTIONAL. The scheme used by the Relying Party for the client_id, detailing the format and structure and the trust evaluation method. It SHOULD be set with ``entity_id``. + * - **state** + - OPTIONAL. A unique identifier for the current transaction generated by the Relying Party. The value SHOULD be opaque to the Wallet Instance. + * - **request_uri_method** + - OPTIONAL. The HTTP method MUST be set with ``get`` or ``post``. The Wallet Instance should use this method to obtain the signed Request Object from the request_uri. If not provided or equal to ``get``, the Wallet Instance SHOULD use the HTTP method ``get``. Otherwise, the Wallet Instance SHOULD provide its metadata within the HTTP POST body encoded in ``application/json``. + +Below a non-normative example of the response containing the required parameters previously described. + +.. code-block:: javascript + + https://wallet-solution.digital-strategy.europa.eu/authorization?client_id=...&request_uri=...&client_id_scheme=entity_id&request_uri_method=post + +The value corresponding to the `request_uri` endpoint SHOULD be randomized, according to `RFC 9101, The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) `_ Section 5.2.1. + + +In the **Same Device Flow** the Relying Party uses an HTTP response redirect (with status code set to 302) as represented in the following non-normative example: + +.. code:: text + + HTTP/1.1 /authorization Found + Location: https://wallet-solution.digital-strategy.europa.eu? + client_id=https%3A%2F%2Frelying-party.example.org%2Fcb + &request_uri=https%3A%2F%2Frelying-party.example.org%2Frequest_uri + &client_id_scheme=entity_id + &request_uri_method=post + + +In the **Cross Device Flow**, a QR Code is shown by the Relying Party to the User in order to provide the Authorization Request. The User frames the QR Code using their Wallet Instance. + +Below is represented a non-normative example of a QR Code issued by the Relying Party. + +.. figure:: ../../images/verifier_qr_code.svg + :figwidth: 50% + :align: center + + +Below is represented a non-normative example of the QR Code raw payload: + +.. code-block:: text + + https://wallet-solution.digital-strategy.europa.eu/authorization?client_id=https%3A%2F%2Frelying-party.example.org&request_uri=https%3A%2F%2Frelying-party.example.org&client_id_scheme=entity_id&request_uri_method=post + +.. note:: + The *error correction level* chosen for the QR Code MUST be Q (Quartily - up to 25%), since it offers a good balance between error correction capability and data density/space. This level of quality and error correction allows the QR Code to remain readable even if it is damaged or partially obscured. + + +Cross Device Flow Status Checks and Security +-------------------------------------------- + +When the flow is Cross Device, the user-agent needs to check the session status to the endpoint made available by Relying Party (status endpoint). This check MAY be implemented in the form of JavaScript code, within the page that shows the QRCode, then the user-agent checks the status with a polling strategy in seconds or a push strategy (eg: web socket). + +Since the QRcode page and the status endpoint are implemented by the Relying Party, it is under the Relying Party responsability the implementation details of this solution, since it is related to the Relying Party's internal API. However, the text below describes an implementation example. + +The Relying Party binds the request of the user-agent, with a session cookie marked as ``Secure`` and ``HttpOnly``, with the issued request. The request url SHOULD include a parameter with a random value. The HTTP response returned by this specialized endpoint MAY contain the HTTP status codes listed below: + +* **201 Created**. The signed Request Object was issued by the Relying Party that waits to be downloaded by the Wallet Instance at the **request_uri** endpoint. +* **202 Accepted**. This response is given when the signed Request Object was obtained by the Wallet Instance. +* **200 OK**. The Wallet Instance has provided the presentation to the Relying Party's **response_uri** endpoint and the User authentication is successful. The Relying Party updates the session cookie allowing the user-agent to access to the protected resource. An URL is provided carrying the location where the user-agent is intended to navigate. +* **401 Unauthorized**. The Wallet Instance or its User have rejected the request, or the request is expired. The QRCode page SHOULD be updated with an error message. + +Below a non-normative example of the HTTP Request to this specialized endpoint, where the parameter ``id`` contains an opaque and random value: + +.. code:: + + GET /session-state?id=3be39b69-6ac1-41aa-921b-3e6c07ddcb03 + HTTP/1.1 + HOST: relying-party.example.org + + +Request Object Details +---------------------- + +Below a non-normative example of HTTP request made by the Wallet Instance to the Relying Party. + +.. code-block:: javascript + + GET /request_uri HTTP/1.1 + HOST: relying-party.example.org + + +Request URI Response +-------------------- + +The Relying Party issues the signed Request Object, where a non-normative example in the form of decoded header and payload is shown below: + +.. code-block:: text + + { + "alg": "ES256", + "typ": "JWT", + "kid": "9tjiCaivhWLVUJ3AxwGGz_9", + "trust_chain": [ + "MIICajCCAdOgAwIBAgIC...awz", + "MIICajCCAdOgAwIBAgIC...2w3", + "MIICajCCAdOgAwIBAgIC...sf2" + ] + } + . + { + "scope": "PersonIdentificationData WalletAttestation", + "client_id_scheme": "entity_id", + "client_id": "https://relying-party.example.org", + "response_mode": "direct_post.jwt", + "response_type": "vp_token", + "response_uri": "https://relying-party.example.org/response_uri", + "nonce": "2c128e4d-fc91-4cd3-86b8-18bdea0988cb", + "state": "3be39b69-6ac1-41aa-921b-3e6c07ddcb03", + "iss": "https://relying-party.example.org", + "iat": 1672418465, + "exp": 1672422065, + "request_uri_method": "post" + } + +The JWS header parameters are described below: + +.. list-table:: + :widths: 25 50 + :header-rows: 1 + + * - **Name** + - **Description** + * - **alg** + - Algorithm used to sign the JWT, according to [:rfc:`7516#section-4.1.1`]. It MUST be one of the supported algorithms in Section *Cryptographic Algorithms* and MUST NOT be set to ``none`` or to a symmetric algorithm (MAC) identifier. + * - **typ** + - Media Type of the JWT, as defined in [:rfc:`7519`]. + * - **kid** + - Key ID of the public key needed to verify the JWS signature, as defined in [:rfc:`7517`]. REQUIRED when ``trust_chain`` is used. + * - **trust_chain** + - Sequence of Entity Statements that composes the Trust Chain related to the Relying Party, as defined in `OID-FED`_ Section *3.2.1. Trust Chain Header Parameter*. + + +The JWS payload parameters are described herein: + +.. list-table:: + :widths: 25 50 + :header-rows: 1 + + * - **Name** + - **Description** + * - **scope** + - Aliases for well-defined Presentation Definitions IDs. It is used to identify which required Credentials and User attributes are requested by the Relying Party, according to the Section "Using scope Parameter to Request Verifiable Credential(s)" of [OID4VP]. + * - **client_id_scheme** + - String identifying the scheme of the value in the ``client_id``. It MUST be set to the value ``entity_id``. + * - **client_id** + - Unique Identifier of the Relying Party. + * - **response_mode** + - It MUST be set to ``direct_post.jwt``. + * - **response_type** + - It MUST be set to ``vp_token``. + * - **response_uri** + - The Response URI to which the Wallet Instance MUST send the Authorization Response using an HTTP request using the method POST. + * - **nonce** + - Fresh cryptographically random number with sufficient entropy, which length MUST be at least 32 digits. + * - **state** + - Unique identifier of the Authorization Request. + * - **iss** + - The entity that has issued the JWT. It will be populated with the Relying Party client id. + * - **iat** + - Unix Timestamp, representing the time at which the JWT was issued. + * - **exp** + - Unix Timestamp, representing the expiration time on or after which the JWT MUST NOT be valid anymore. + * - **request_uri_method** + - String determining the HTTP method to be used with the `request_uri` endpoint to provide the Wallet Instance metadata to the Relying Party. The value is case-insensitive and can be set to: `get` or `post`. The GET method, as defined in [@RFC9101], involves the Wallet Instance sending a GET request to retrieve a Request Object. The POST method involves the Wallet Instance requesting the creation of a new Request Object by sending an HTTP POST request, with its metadata, to the request URI of the Relying Party. + +.. warning:: + + Using the parameter ``scope`` requires that the Relying Party Metadata MUST contain the ``presentation_definition``, where a non-normative example of it is given below: + +.. literalinclude:: ../../examples/presentation-definition.json + :language: JSON + +.. note:: + + The following parameters, even if defined in [OID4VP], are not mentioned in the previous non-normative example, since their usage is conditional and may change in future release of this documentation. + + - ``presentation_definition``: JSON object according to `Presentation Exchange `_. This parameter MUST not be present when ``presentation_definition_uri`` or ``scope`` are present. + - ``presentation_definition_uri``: Not supported. String containing an HTTPS URL pointing to a resource where a Presentation Definition JSON object can be retrieved. This parameter MUST be present when ``presentation_definition`` parameter or a ``scope`` value representing a Presentation Definition is not present. + - ``client_metadata``: A JSON object containing the Relying Party metadata values. The ``client_metadata`` parameter MUST NOT be present when ``client_id_scheme`` is ``entity_id``. Since the ``client_metadata`` is taken from ``trust_chain``, this parameter is intended to not be used. + - ``client_metadata_uri``: string containing an HTTPS URL pointing to a resource where a JSON object with the Relying Party metadata can be retrieved. The ``client_metadata_uri`` parameter MUST NOT be present when ``client_id_scheme`` is ``entity_id``. Since the ``client_metadata`` is taken from ``trust_chain``, this parameter is intended to not be used. + + +Request URI Endpoint Errors +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +When the Relying Party encounters errors while issuing the Request Object from the ``request_uri`` endpoint, the following error responses are applicable: + +- **invalid_request**: The ``request_uri`` URL is missing in some part within its webpath or urlparams, therefore it does not point to a valid Request Object and then it cannot be retrieved. This error is returned when the Request Object is not well referenced in the ``request_uri``. + +- **server_error**: The server encountered an unexpected condition that prevented it from fulfilling the request. This error is returned when the Relying Party's server is unable to process the Request Object due to a server-side issue, such as a malfunction or maintenance. The Wallet Instance should advise the User to try again later. + +The following is an example of an error response from ``request_uri`` endpoint: + +.. code-block:: + + HTTP/1.1 400 Bad Request + Content-Type: application/json + + { + "error": "invalid_request", + "error_description": "The request_uri is malformed or does not point to a valid Request Object." + } + + +Another example: + +.. code-block:: + + HTTP/1.1 500 Internal Server Error + Content-Type: application/json + + { + "error": "server_error", + "error_description": "The request_uri cannot be retrieved due to an internal server error." + } + +There are cases where the Wallet Instance cannot validate the Request Object or the Request Object results invalid. This error occurs if the Request Object is successfully fetched from the ``request_uri`` but fails validation checks by the Wallet Instance. This could be due to incorrect signatures, malformed claims, or other validation failures, such as the revocation of its issuer (Relying Party). + +Upon receiving an error response, the Wallet Instance SHOULD inform the User of the error condition in an appropriate manner. Additionally, the Wallet Instance SHOULD log the error and MAY attempt to recover from certain errors if feasible. For example, if the error is ``server_error``, the Wallet Instance MAY prompt the User to re-enter or scan a new QR code, if applicable. + +It is crucial for Wallet Instances to implement robust error handling to maintain a secure and user-friendly experience. Adhering to the specified error responses ensures interoperability and helps in diagnosing issues during the interaction with the Relying Party's endpoints. + +.. warning:: + + The current OpenID4VP specification outlines various error responses that a Wallet Instance may return to the Relying Party (Verifier) in case of faulty requests (OpenID4VP, Section 6.4. Error Response). For privacy enhancement, Wallet Instances SHOULD NOT notify the Relying Party of faulty requests in certain scenarios. This is to prevent any potential misuse of error responses that could lead to gather informations that could be exploited. + + +Authorization Response Details +------------------------------ + +After getting the User authorization and consent for the presentation of the Credentials, the Wallet Instance sends the Authorization Response to the Relying Party ``response_uri`` endpoint, the content SHOULD be encrypted according `OpenID4VP`_ Section 6.3, using the Relying Party public key. + +.. note:: + **Why the response is encrypted?** + + The response sent from the Wallet Instance to the Relying Party is encrypted to prevent a malicious agent from gaining access to the plaintext information transmitted within the Relying Party's network. This is only possible if the network environment of the Relying Party employs `TLS termination `_. Such technique employs a termination proxy that acts as an intermediary between the client and the webserver and handles all TLS-related operations. In this manner, the proxy deciphers the transmission's content and either forwards it in plaintext or by negotiates an internal TLS session with the actual webserver's intended target. In the first scenario, any malicious actor within the network segment could intercept the transmitted data and obtain sensitive information, such as an unencrypted response, by sniffing the transmitted data. + +Below a non-normative example of the request: + +.. code-block:: http + + POST /response_uri HTTP/1.1 + HOST: relying-party.example.org + Content-Type: application/x-www-form-urlencoded + + response=eyJhbGciOiJFUzI1NiIs...9t2LQ + + +Below is a non-normative example of the decrypted payload of the JWT contained in the ``response``, before base64url encoding: + +.. code-block:: + + { + "state": "3be39b69-6ac1-41aa-921b-3e6c07ddcb03", + "vp_token": [ + "eyJhbGciOiJFUzI1NiIs...PT0iXX0", + $WalletAttestation-JWT + ], + "presentation_submission": { + "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653", + "id": "04a98be3-7fb0-4cf5-af9a-31579c8b0e7d", + "descriptor_map": [ + { + "id": "PersonIdentificationData", + "path": "$.vp_token[0]", + "format": "vc+sd-jwt" + }, + { + "id": "WalletAttestation", + "path": "$.vp_token[1]", + "format": "jwt" + } + ] + } + } + +Where the following parameters are used: + +.. list-table:: + :widths: 25 50 + :header-rows: 1 + + * - **Name** + - **Description** + * - **vp_token** + - JSON Array containing the Verifiable Presentation(s). There MUST be at least two signed presentations in this Array: + + - The requested Digital Credential (one or more, in format of SD-JWT VC or MDOC CBOR) + - The Wallet Attestation + * - **presentation_submission** + - JSON Object containing the mappings between the requested Verifiable Credentials and where to find them within the returned Verifiable Presentation Token, according to the `Presentation Exchange `_. + * - **state** + - Unique identifier provided by the Relying Party within the Authorization Request. + + +The items contained in the ``vp_token`` array are Verifiable Presentations of Credentials. +Both SD-JWT and mdoc CBOR provide indications for the presentation, according to their specifications. + +SD-JWT Presentation +------------------- + +SD-JWT defines how an Holder can present a Credential to a Verifier proving the legitimate possession +of the Credential. For doing this the Holder MUST include the ``KB-JWT`` in the SD-JWT, +by appending the ``KB-JWT`` at the end of the of the SD-JWT, as represented in the example below: + +.. code-block:: + + ~~~...~~ + +To validate the signature on the Key Binding JWT, the Verifier MUST use the key material included in the Issuer-Signed-JWT. +The Key Binding JWT MUST specify which key material the Verifier needs to use to validate the Key Binding JWT signature, +using JOSE header parameter ``kid``. + +When an SD-JWT is presented, its KB-JWT MUST contain the following parameters in the JWS header: + +.. list-table:: + :widths: 25 50 + :header-rows: 1 + + * - **Claim** + - **Description** + * - **typ** + - REQUIRED. MUST be ``kb+jwt``, which explicitly types the Key Binding JWT as recommended in Section 3.11 of [RFC8725]. + * - **alg** + - REQUIRED. Signature Algorithm using one of the specified in the section Cryptographic Algorithms. + * - **kid** + - REQUIRED. Unique identifier of the public key to be used to verify the signature. + + +When an SD-JWT is presented, its KB-JWT MUST contain the following parameters in the JWS payload: + +.. list-table:: + :widths: 25 50 + :header-rows: 1 + + * - **Claim** + - **Description** + * - **iat** + - REQUIRED. The value of this claim MUST be the time at which the Key Binding JWT was issued, using the syntax defined in [RFC7519]. + * - **aud** + - REQUIRED. The intended receiver of the Key Binding JWT. The value of this parameter MUST match the Relying Party unique entity identifier. + * - **nonce** + - REQUIRED. Ensures the freshness of the signature. The value type of this claim MUST be a string. The value MUST match with the one provided in the request object. + * - **sd_hash** + - REQUIRED. The base64url-encoded hash digest over the Issuer-signed JWT and the selected disclosures. + + +MDOC-CBOR Presentation +---------------------- + +TBD. + + +Authorization Response Errors +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +When the Wallet sends a response using ``direct_post.jwt`` to the Relying Party, several errors may occur, including: + + - **Invalid Credential**: This error occurs when one or more Credentials or VPs, included in the ``vp_token``, fail validation because they are malformed. The correct HTTP status code for this error is 400 (Bad Request). The error should be set to ``invalid_request``, and the ``error_description`` SHOULD identify the malformed Credentials. + - **Issuer Credential Trust Failure**: This error arises when the Relying Party cannot establish trust with the issuer of a presented Credential, included in the ``vp_token``. The appropriate HTTP status code for this error is 403 (Forbidden). The ``error`` should be labeled as ``invalid_request``, and the ``error_description`` SHOULD specify the issuer for which trust could not be established. + - **Invalid Nonce**: This error happens when the nonce provided in the request is incorrect. The HTTP status code for this error should be 403 (Forbidden). The error SHOULD be labeled as ``invalid_request``, with an ``error_description`` indicating that the nonce is incorrect. + - **Invalid Wallet Attestation**: This error occours when it's not possible to establish trust with the Wallet Attestation's issuer (Wallet Provider), or if the Wallet Attestation is invalid or does not meet the Relying Party's minimum security criteria. The correct HTTP status code for this error is 403 (Forbidden). The ``error`` SHOULD be marked as ``invalid_request``, and the ``error_description`` should clarify that the issue stems from the Wallet Attestation's failure to establish trust with its issuer or its non-compliance with required security standards. + - **Invalid Presentation Submission**: This error occurs when the presentation submission is not valid. The appropriate HTTP status code for this error is 400 Bad Request. The ``error`` should be labeled as ``invalid_request``, and the ``error_description`` should specify the invalid aspects of the presentation submission. + + To enhance clarity and ensure proper error handling, it's crucial to provide detailed error responses. Below are two examples of HTTP responses using ``application/json`` that include both the ``error`` and ``error_description`` members: + +.. code-block:: text + + HTTP/1.1 403 Forbidden + Content-Type: application/json + + { + "error": "invalid_request", + "error_description": "Trust cannot be established with the issuer: https://issuer.example.com" + } + + +.. code-block:: text + + HTTP/1.1 400 Bad Request + Content-Type: application/json + + { + "error": "invalid_request", + "error_description": "The following Credentials/VP are malformed: [CredentialX, vp_token[2]]" + } + +Redirect URI +------------ + +When the Relying Party provides the redirect URI, the Wallet Instance MUST send the user-agent to this redirect URI. The redirect URI allows the Relying Party to continue the interaction with the End-User on the device where the Wallet Instance resides after the Wallet Instance has sent the Authorization Response to the response URI. + +The Relying Party MUST include a response code within the redirect URI. The response code is a fresh, cryptographically random number used to ensure only the receiver of the redirect can fetch and process the Authorization Response. The number could be added as a path component, as a parameter or as a fragment to the URL. It is RECOMMENDED to use a cryptographic random value of 128 bits or more at the time of the writing of this specification. + +The following is a non-normative example of the response from the Relying Party to the Wallet Instance upon receiving the Authorization Response at the Response Endpoint. + + +.. code-block:: http + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "redirect_uri": "https://relying-party.example.org/cb?response_code=091535f699ea575c7937fa5f0f454aee" + } + +The ``redirect_uri`` value MUST be used with an HTTP method GET by either the Wallet Instance or the user-agent to redirect the User to the Relying Party in order to complete the process. The value can be added as a path component, as a fragment or as a parameter to the URL according to Section 6.2 of `OpenID4VP`_. The specific entity that performs this action depends on whether the flow is Same device or Cross device. + +Redirect URI Errors +------------------- + +When the Wallet Instance sends the user-agent to the Redirect URI provided by the Relying Party, several errors may occur that prevent the successful completion of the process. These errors are critical as they directly impact the User experience by hindering the seamless flow of information between the Wallet Instance and the Relying Party. Below are potential errors related to the Redirect URI and their implications: + +- **Mismatched Redirect URI**: This error occurs when the Redirect URI provided by the Relying Party does not match any of the URIs linked with the User session. This mismatch can lead to a HTTP status error code set to 403 (Forbidden), indicating that the request cannot be processed due session/URI mismatch. + +- **Redirect URI Security Issues**: If the Relying Party incurs in security issues when evaluating the User session with the provided URI, the Relying Party MUST raise an error. In such cases, an HTTP status code set to 403 (Forbidden) MUST be returned, indicating that the request is valid but the server is refusing action due to security precautions. + +Handling these errors requires clear communication to the User within the returned navigation web page. It is crucial for the Relying Party to implement robust error handling and validation mechanisms for Redirect URIs to ensure a secure implementation. + + diff --git a/ia-terms-updates/en/_sources/revocation-lists.rst.txt b/ia-terms-updates/en/_sources/revocation-lists.rst.txt new file mode 100644 index 000000000..81cdfb5eb --- /dev/null +++ b/ia-terms-updates/en/_sources/revocation-lists.rst.txt @@ -0,0 +1,747 @@ +.. include:: ../common/common_definitions.rst + +.. _sec_revocation_intro: + +Credential Lifecycle +++++++++++++++++++++ + +The value of a Digital Credential is conditional on its validity. A Credential that has been revoked, due to legal requirements, inaccuracy or compromise, is valueless and potentially harmful. +For these reasons a robust mechanism for managing the life-cycle and the revocation of a Digital Credential is required. + +This section outlines the key technical requirements and processes related to the revocation of Digital Credentials. +Furthermore, it provides the technical details that the Verifiers MUST implement to verify, in a secure and reliable manner, the validity of a Digital Credential during the presentation phase. + +The verification of the validity of a Digital Credential is based on the `OAUTH-STATUS-ASSERTION`_. + +A Status Assertion is a signed document serving as proof of a Digital Credential's current validity status. The Credential Issuer provides these assertions to Holders who can present them to Verifiers together with the corresponding Digital Credentials. + +The Status Assertions have the following features: + +- automated issuance, as the User authentication is not required for the provisioning of the Status Assertion; +- verification of the Digital Credential validity status in both online and offline scenarios; +- privacy-preserving, according to the following evidences: + + 1. the Verifier can check the validity of the Credential during the presentation phase. It is not able to check the validity of a given Digital Credential related to the User over time and out of the scope of the User authentication; + 2. the Credential Issuers is not able to know to which Verifier the Digital Credential or the Status Assertion will be presented; + 3. it doesn't reveal any information about the Users or the content of their Digital Credentials. + +.. _sec_revocation_assumption: + +Operational Requirements +------------------------ + +- **Internet Connection for Status Assertions**: Status Assertions can be obtained only when the Wallet Instance is connected to the internet and actively operated by the User. +- **Role of a Credential Issuer**: A Credential Issuer is responsible for creating and issuing Credentials, as well as managing their lifecycle and validity status. +- **Involvement of Authentic Sources**: When one or more Authentic Sources are involved in the issuance of a Digital Credential, the information exchanged between the Authentic Source and the Credential Issuer is crucial for the Digital Credential's issuance. Furthermore, in cases where the Authentic Source initiates a revocation or data changes, revoking the Digital Credential becomes necessary. + + +.. _sec_revocation_requirements: + +Functional Requirements +----------------------- + +In addition to the requirements in Section 5 of `OAUTH-STATUS-ASSERTION`_, **The Status Assertion:** + +- MUST have a validity period not greater than 24 hours; +- MUST NOT reveal any information about the Relying Party, the User's device or the User's data contained in the Digital Credential the assertion is related to; +- MUST be non-repudiable even beyond its expiration time and even in the case of cryptographic keys rotation. + + +**The Credential Issuer MUST:** + +- ensure that the data contained in a Digital Credential is kept up to date, including the status of validity of the data from the Authentic Source; +- revoke a Digital Credential when the following circumstances occur: + + - the Digital Credential requires to be updated, whenever one or more attributes are changed; in this case the User will request a new issuance for that Digital Credential; + - the Holder needs to address the loss or compromise of cryptographic key material associated with the issued Digital Credential. In such case, the End-User should request the revocation of the Digital Credential through a service provided by the Credential Issuer and using an authentication method that offers the same Level of Assurance obtained during the Credential Issuance; + - the User deletes the Digital Credential from the Wallet Instance. The Wallet Instance therefore should request the revocation of such Digital Credential to the Credential Issuer; + +- provide a web service for allowing a Wallet Instance, with a proof of possession of a specific Digital Credential, to + + - request a revocation of that Digital Credential; + - obtain a related Status Assertion; + +- provide out-of-band mechanisms through which the User can request the revocation of their Digital Credentials, using a robust procedure for identity proofing and User authentication, in particular when the User is unable to use the personal Wallet Instance. + + +**The Wallet Instance MUST:** + +- check periodically the validity status of the Digital Credential that is stored in it, requesting a Status Assertion for each Digital Credential; +- be able to present a Status Assertion if required by a Verifier, along with the corresponding Digital Credential; +- request a revocation of a Digital Credential when the Users delete it from the storage. + + +**The Authentic Sources MUST:** + +- provide web services for the providing of updated User data and the validity status; +- store in local databases only the minimum information required to provide the Credential Issuer with the User data or a change in the validity status. + + +Revocation Use Cases +-------------------- + +The revocation of a Digital Credential MAY be triggered by: + +- Users using their personal Wallet Instance or by some out-of-band touchpoints. +- Revocation of the Wallet Instance. +- Authentic Sources (e.g., for attribute updates) following administrative purposes. +- Law-Enforcing Bodies for the fulfillment of their functions and any other judicial reasons (e.g., Police). + +Credential Revocation Flows can start under different scenarios, such as: + + - The User reports the loss or theft of their own physical document to the Law-Enforcement Authorities: this implies that the Credentials, if any, shall be revoked. + - The User notifies an Authentic Source that one or more attributes are changed (e.g. the current resident address): in this case the Credentials MUST be revoked, as they are no longer valid due to the change in attributes. + - Users who lose access to their Wallet Instance (e.g., due to theft or loss of the device) can request the Credential Issuer to revoke their Credentials or ask the Wallet Provider to revoke the Wallet Instance. If the Wallet Provider is authorized by the User and is aware of the types of Credentials and their issuers stored in the Wallet, it can then initiate the revocation of all Digital Credentials contained within the Wallet Instance on behalf of the User. + - The Law-Enforcing Authorities, for the fulfillment of their functions and any other judicial reasons, may request the Authentic Source to revoke entitlements, licenses, certificates, identification documents, etc., which in turn leads to the revocation of any linked Credentials. + - The Authentic Sources that for any update of one or more User attributes, SHOULD inform the Credential Issuer that has previously requested those data for the issuance of a Credential about that User. + - The Credential Issuers, for technical security reasons (e.g. in the case of compromised cryptographic keys), SHOULD decide to revoke the Credentials. + + +The revocation scenarios involve two main flows: + + - The **Revocation flows**: these flows describe how an Entity requests for a Digital Credential revocation. + - The **Status Assertion flows**: these flows define the technical protocols for requesting and obtaining a Status Assertion and how the Wallet Instance SHOULD provide it to a Verifier as a proof of validity of a corresponding Digital Credential. + + +.. _sec_revocation_high_level_flow: + +Revocation Flows +---------------- + +Depending on the different scenarios that may involve the revocation of a Digital Credential, different processes and technical flows may be implemented, according to national laws or Regulations of specific domains. +The subsequent sections define the protocol interface between the Wallet Instances and the Credential Issuers during the revocation request. The communication between the Credential Issuers and other Entities is out-of-scope of this technical implementation profile. + + +.. _sec_revocation_wi_initiated_flow: + +Revocation Request by Wallet Instance +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +A Wallet Instance MUST request the revocation of a Digital Credential as defined below. + +.. _fig_Low-Level-Flow-Revocation: +.. figure:: ../../images/Low-Level-Flow-Revocation.svg + :figwidth: 100% + :align: center + :target: https://www.plantuml.com/plantuml/svg/LOz1IyKm383l_HNXuK4FubrG7dXwNbxHuIw2n2rYM9VK9dL_tpBHCUYb-RwFaACv5gzp2bXTfSxlL49k8nuuepWSUao974xIJ1de06YmyDuvcLKgA-8G5eRhU-1RYEVd3cuAVUj4KEYhaldbK6WaSSRqbZNVNJpy_wF6nxwx2k6lVy748pg1Vn9itgl4ele1xKKr8pDMsQgdtttxPiMDBwjWMSK8pbCuaepj-Xy0 + + Wallet Instance Initiated Revocation Flow + +**Step 1 (Credential Revocation Request)**: The Wallet Instance initiates the process by creating a Credential Revocation Request. This request MUST be sent to the Credential Issuer who has previously issued that Credential. The Credential Revocation Request MUST contain a JSON object with the member `revocation_requests`. + +The `revocation_requests` MUST be set with an array of strings, where each string within the array represents a Credential Revocation Request object, enabling the Wallet Instance to request multiple Credential Revocation Requests to a single Credential Issuer. + +The request MUST be signed with the private key related to the public key contained within the Credential (such as the Credential Issuer Signed JWT in the case of SD-JWT, or the MSO in the case of Mdoc CBOR). Then, the Wallet Instance sends the request to the Credential Issuer as in the following non-normative example representing a Revocation Assertion Request array. + +.. _credential_revocation_request_ex: +.. code-block:: + + POST /revoke HTTP/1.1 + Host: pid-provider.example.org + Content-Type: application/json + + revocation_requests : ["${base64url(json({typ: (some pop for revocation-assertion)+jwt, ...}))}.payload.signature", ... ] + + +Below, is given a non-normative example of a single Revocation Assertion Request object with decoded JWT headers and payload and without signature for better readability: + +.. _credential_pop_jwt_ex: +.. code-block:: + + { + "alg": "ES256", + "typ": "credential-revocation-request+jwt", + "kid": $CREDENTIAL-CNF-JWKID + } + . + { + "iss": "0b434530-e151-4c40-98b7-74c75a5ef760", + "aud": "https://pid-provider.example.org", + "iat": 1698744039, + "exp": 1698744139, + "jti": "6f204f7e-e453-4dfd-814e-9d155319408c", + "credential_hash": $Issuer-Signed-JWT-Hash, + "credential_hash_alg": "sha-256" + } + +**Step 2 (PoP verification)**: The Credential Issuer verifies the proof of possession of the Credential requested to be revoked, using the the confirmation method that was attested in the Credential. If the verification is successful the revocation request is allowed. + +**Step 3 (Credential Revocation)**: The Credential Issuer revokes the Credential provided in the Revocation Request object. After the revocation, the Credential Issuer MAY also send a notification to the User (e.g. using a User's email address, telephone number, or any other verified and secure communication channel), with all needed information related to the Credential revocation status update. This communication is out of scope of the current technical implementation profile. + +**Step 4 (Credential Revocation Response)**: The Credential Issuer sends a response back to the Wallet Instance with the result of the revocation request. + +.. code:: + + .. code-block:: http + HTTP/1.1 200 Ok + Content-Type: application/json + + { + "revocation_assertion_responses": ["${base64url(json({typ: revocation_assertion+jwt, ...}))}.payload.signature", ... ] + } + +Credential Revocation HTTP Request +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The requests to the *Credential Issuer Revocation endpoint* MUST be HTTP with method POST, using the mandatory parameters listed below within the HTTP request message body. These MUST be encoded in ``application/json`` format. + +.. _table_revocation_request_params: +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **revocation_requests** + - It MUST be an array of strings, where each represents a Revocation Assertion Request object. Each element MUST contain a signed JWT as a cryptographic proof of possession to which the Digital Credential to be revoked shall be bound. See Section :ref:`Credential Proof of Possession ` for more details. + - `OAUTH-STATUS-ASSERTION`_ . + +The Revocation Endpoint MUST be provided by the Credential Issuer within its Metadata. + + +Credential Revocation HTTP Response +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In case of succesfully Revocation Request validation, the *Credential Issuer* MUST return an HTTP response with the status code set to 200. If the *Credential Issuer* is able to provide a valid Status Assertion for a requested Credential, the response MUST contains a revocation Assertion object within a JSON Array. Otherwise, a Revocation Assertion Errors related to that Credential MUST be included in the Response JSON Array as an entry. + +If the Revocation Request fails (e.g. invalid request, server unavailability, etc.), an HTTP Error Status Code MUST be provided within the Revocation Response. + +In the following table are listed HTTP Status Codes that MUST be supported: + +.. list-table:: + :widths: 20 20 60 + :header-rows: 1 + + * - **Status Code** + - **Body** + - **Description** + * - *200 Created* + - Revocation Assertion Response + - The Revocation Assertion Response has been successfully created. + * - *400 Bad Request* + - Error code and description + - The Credential Issuer cannot fulfill the request because of invalid parameters. + * - *500 Internal Server Error* + - + - The Credential Issuer encountered an internal problem. (:rfc:`6749#section-5.2`). + * - *503 Service Unavailable* + - + - The Credential Issuer is temporary unavailable. (:rfc:`6749#section-5.2`). + +The response MUST: + +- include a JSON object with a member named `revocation_assertion_responses`; + +- be encoded in ``application/json`` format. + + +The ``revocation_assertion_responses`` object MUST contain the following mandatory claims. + +.. _table_http_response_claim: +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **revocation_assertion_responses** + - the Revocation Assertions and or the Revocation Assertion Errors related to the request made by the Wallet Instance. + - `OAUTH-STATUS-ASSERTION`_. + +The Revocation Assertion object MUST contain the parameter ``credential_status_validity`` with the value set to ``false``. +Below a non-normative example of a Revocation Assertion object in JWT format, with the headers and payload represented in JSON and without applying the signature. + +.. code:: + + { + "alg": "ES256", + "typ": "revocation-assertion+jwt", + "kid": "Issuer-JWK-KID" + } + . + { + "iss": "https://issuer.example.org", + "jti": "6f204f7e-e453-4dfd-814e-9d155319408c" + "credential_hash": $CREDENTIAL-HASH, + "credential_hash_alg": "sha-256", + "credential_status_validity": false, + "cnf": { + "jwk": { + "kty": "EC", + "crv": "P-256", + "x": "_2ySUmWFjwmraNlo15r6dIBXerVdy_NpJuwAKJMFdoc", + "y": "MV3C88MhhEMba6oyMBWuGeB3dKHP4YADJmGyJwwILsk" + } + } + } + +The Revocation Assertion Error object MUST contain the following parameters: + + - *error*. The error code, as registerd in the table below; + - *error_description*. Text in human-readable form providing further details to clarify the nature of the error encountered. + +Errors are meant to provide additional information about the failure so that the User can be informed and take the appropriate action. +The `error` parameter for the Revocation Assertion Error object MUST be set with one of the values defined in the table below, in addition to the values specified in :rfc:`6749#section-5.2`: + + +.. list-table:: + :widths: 20 80 + :header-rows: 1 + + * - **Error Code** + - **Description** + * - ``invalid_request`` + - The request is not valid due to the lack or incorrectness of one or more parameters. (:rfc:`6749#section-5.2`). + * - ``credential_already_revoked`` + - The Digital Credential is already revoked. + * - ``credential_updated`` + - One or more information contained in the Digital Credential are changed. The `error_description` field SHOULD contain a human-readable text describing the general parameters updated without specifying each one. + * - ``credential_invalid`` + - The Digital Credential is invalid. The `error_description` field SHOULD contain the reason of invalidation. + * - ``invalid_request_signature`` + - The Revocation Assertion Request signature validation has failed. This error type is used when the proof of possession of the Digital Credential is found not valid within the Revocation Assertion Request. + * - ``credential_not_found`` + - The `credential_hash` value provided in the Revocation Assertion Request doesn't match with any active Digital Credential. + * - ``unsupported_hash_alg`` + - The hash algorithm set in `credential_hash_alg` is not supported. + +Below a non-normative example of a Revocation Assertion Error object in JWT format, with the headers and payload represented in JSON and without applying the signature. + +.. code:: + + { + "alg": "ES256", + "typ": "revocation-assertion-error+jwt", + "kid": "Issuer-JWK-KID" + } + . + { + "iss": "https://issuer.example.org", + "jti": "6f204f7e-e453-4dfd-814e-9d155319408c" + "credential_hash": $CREDENTIAL-HASH, + "credential_hash_alg": "sha-256", + "error": "unsupported_hash_alg", + "error_description": "The hash algorithm is not supported" + } + + +Status Assertion Flows +------------------------ + +The Status Assertion process is divided into the following phases: + + 1. The Status Assertion Request by a Wallet Instance: it involves the Wallet Instance and the Credential Issuer. + 2. The Status Assertion Presentation to a Verifier: it involves the Wallet Instance and the Verifier. + + +.. figure:: ../../images/High-Level-Flow-Status-Attestation.svg + :figwidth: 100% + :align: center + + High-Level Status Assertion Flows + + +.. _sec_revocation_status_assertion_request: + +Status Assertion Request by Wallet Instance +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The presentation of a Credential to a Verifier may occur long after it has been issued by the Credential Issuer. During this time interval, the Credential can be invalidated for any reason and therefore the Verifier also needs to verify its revocation or suspension status. To address this scenario, the Credential Issuer provides the Wallet Instance with a *Status Assertion*. This Assertion is bound to a Credential so that the Wallet Instance can present it to a Verifier, along with the Credential itself, as proof of non-revocation status of the Credential. + +The following diagram shows how the Wallet Instance requests a Status Assertion to the Credential Issuer. + +.. _fig_Low-Level-Flow-Status-Assertion: +.. figure:: ../../images/Low-Level-Flow-Revocation-Attestation.svg + :figwidth: 100% + :align: center + :target: https://www.plantuml.com/plantuml/svg/NP31Rk9038RlynGMsWD8mDwHTWM22tlOHWML2r8rIHmoQZ9EnnuGRryFeK0vsl_tErzcpcA3nBOnDWhvsEOOJAShLxZEUe71pZOD2gozahx00LY6a_l9h9aZXalqb2oYrEXrXWt5SArRDkRaOF8Nt0oobyqMVkjnYGm1FoEo38k0PQhPvhsZxi-lvMtEAFktsuwC-Uw_sSQLLX3k32W4IXdZIGCwOW0tjZo3ROtGomBbOfrdg0Are9Bmh0fxdzQnIzTBi2B1vL5G_NrvQHpJfvsSeRVN0bKfIFS2nKEj952K2LMJF9LQB6hh7RTZPOSuFKoLJE3bNBRwlu95jcRWCmks8xZ_vRB6uWCg2WyUUz-x9P-RoqCbO0etoKtPXGWcJqU-Vnlb53mf-OhSaMVKGUfh0PxvEVeojiqN + + Status Assertion Request Flow + +**Step 1 (Status Assertion Request)**: The Wallet Instance sends the Status Assertion Request to the Credential Issuer, where: + +- The request MUST contain the base64url encoded hash value of the Digital Credential, for which the Status Assertion is requested, and enveloped in a signed Status Assertion Request object. + +- The Status Assertion Request object MUST be signed with the private key corresponding to the confirmation claim assigned by the Issuer and contained within the Digital Credential. + +Below a non-normative example representing a Status Assertion Request array with a single Status Assertion Request object in JWT format. + +.. code:: + + POST /status HTTP/1.1 + Host: issuer.example.org + Content-Type: application/json + + { + "status_assertion_requests" : ["${base64url(json({typ: (some pop for status-assertion)+jwt, ...}))}.payload.signature", ... ] + } + +The Status Assertion HTTP request can be sent to a single Credential Issuer regarding multiple Digital Credentials, and MUST contain a JSON object with the member `status_assertion_requests`. +The `status_assertion_requests` MUST be set with an array of strings, where each string within the array represents a Digital Credential Status Assertion Request object. + +A non-normative example of Credential Proof of Possession is provided :ref:`in the previous section `. + +**Step 2 (PoP verification)**: The Credential Issuer that receives the Status Assertion Request object MUST validate that the Wallet Instance making the request is authorized to request Status Assertions. Therefore the following requirements MUST be satisfied: + +- The Credential Issuer MUST verify the compliance of all elements in the `status_assertion_requests` object using the confirmation method contained within the Digital Credential where the Status Assertion Request object is referred to; + +- The Credential Issuer MUST verify that it is the legitimate Issuer of the Digital Credential to which each Status Assertion Request object refers. + +**Step 3 (Check for validity)**: The Credential Issuer checks that the User's attributes are not updated by the Authentic Source or that the latter has not revoked them. The technical mechanisms for obtaining this information are out-of-scope of this technical implementation profile. + +**Step 4 (Status Assertion Creation)**: The Credential Issuer creates the corresponding Status Assertion. When a Status Assertion is requested to a Credential Issuer, the Credential Issuer checks the status of the Digital Credential and creates a Status Assertion bound to it. If the Digital Credential is valid, the Credential Issuer creates a new Status Assertion, which a non-normative example is given below where the format is JWT. + +.. code:: + + { + "alg": "ES256", + "typ": "status-assertion+jwt", + "kid": $ISSUER-JWKID + } + . + { + "iss": "https://issuer.example.org", + "iat": 1504699136, + "exp": 1504785536, + "credential_hash": $CREDENTIAL-HASH, + "credential_hash_alg": "sha-256", + "credential_status_validity": true, + "cnf": { + "jwk": {...} + } + } + +**Step 4 (Status Assertion Response)**: The response MUST include a JSON object with a member named `status_assertion_responses`, which contains the Status Assertions and or the Status Assertion Errors related to the request made by the Wallet Instance, as in the following non-normative example. + +.. code:: + + HTTP/1.1 200 Created + Content-Type: application/json + + { + "status_assertion_responses": ["${base64url(json({typ: status-assertion+jwt, ...}))}.payload.signature", ... ] + } + +The member `status_assertion_responses` MUST be an array of strings, where each of them represent a Status Assertion Response object as defined in `OAUTH-STATUS-ASSERTION`_. + + +Status Assertion HTTP Request +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The requests to the *Credential status endpoint* of the Credential Issuers MUST be HTTP with method POST, using the same mandatory parameters as in the :ref:`Table of Credential Request parameters `. These MUST be encoded in ``application/json`` format. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **status_assertion_requests** + - It MUST be an array of strings, where each of them represent a Status Assertion Request object. Each element MUST contain a signed JWT as a cryptographic proof of possession of the Digital Credential. See Section :ref:`Credential Proof of Possession ` for more details. + - `OAUTH-STATUS-ASSERTION`_ . + +The *typ* value in the *credential_pop* JWT MUST be set to **status-assertion+jwt** + +The *Credential status endpoint* MUST be provided by the Credential Issuers within their Metadata. The Credential Issuers MUST include in the issued Digital Credentials the object *status_assertion_requests* with the JSON member *status_assertion* set to a JSON Object containing the *credential_hash_alg* claim. It MUST contain the algorithm used for hashing the Digital Credential. Among the hash algorithms, the value ``sha-256`` is RECOMMENDED . + + +Status Assertion HTTP Response +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In case of succesfully Status Assertion Request validation, the *Credential Issuer* MUST return an HTTP response with the status code set to 200. If the *Credential Issuer* is able to provide a valid Status Assertion for a requested Credential, the response MUST contains a Status Assertion object within a JSON Array. Otherwise, a Status Assertion Errors related to that Credential MUST be included in the Response JSON Array as an entry. + +If the Status Request fails (e.g. invalid request, server unavailability, etc.), an HTTP Error Status Code MUST be provided within the Status Assertion Response. + +In the following table are listed HTTP Status Codes that MUST be supported: + +.. list-table:: + :widths: 20 20 60 + :header-rows: 1 + + * - **Status Code** + - **Body** + - **Description** + * - *200 Created* + - Status Assertion Response + - The Status Assertion Response has been successfully created and it has been returned. + * - *400 Bad Request* + - Error code and description + - The Credential Issuer cannot fulfill the request because of invalid parameters. + * - *500 Internal Server Error* + - + - The Credential Issuer encountered an internal problem. (:rfc:`6749#section-5.2`). + * - *503 Service Unavailable* + - + - The Credential Issuer is temporary unavailable. (:rfc:`6749#section-5.2`). + +The response MUST: + +- include a JSON object with a member named `status_assertion_responses`; + +- be encoded in ``application/json`` format. + +The status_assertion_responses object MUST contain the following mandatory claims. + +.. _table_http_status_assertion_response_claim: +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **status_assertion_responses** + - the Status Assertions and or the Status Assertion Errors related to the request made by the Wallet Instance. + - `OAUTH-STATUS-ASSERTION`_. + +The Status Assertion Error object MUST contain the following parameters: + + - *error*. The error code, as registerd in the table below; + - *error_description*. Text in human-readable form providing further details to clarify the nature of the error encountered. + +Errors are meant to provide additional information about the failure so that the User can be informed and take the appropriate action. +The `error` parameter for the Status Assertion Error object MUST be set with one of the values defined in the table below, in addition to the values specified in :rfc:`6749#section-5.2`: + +.. list-table:: + :widths: 20 80 + :header-rows: 1 + + * - **Error Code** + - **Description** + * - ``invalid_request`` + - The request is not valid due to the lack or incorrectness of one or more parameters. (:rfc:`6749#section-5.2`). + * - ``credential_revoked`` + - The Digital Credential is revoked. The reason of revocation MUST be provided in the *error_description* field. + * - ``credential_updated`` + - One or more information contained in the Digital Credential are changed. The `error_description` field SHOULD contain a human-readable text describing the general parameters updated without specifying each one. + * - ``credential_invalid`` + - The Digital Credential is invalid. The `error_description` field SHOULD contain the reason of invalidation. + * - ``invalid_request_signature`` + - The Status Assertion Request signature validation has failed. This error type is used when the proof of possession of the Digital Credential is found not valid within the Status Assertion Request. + * - ``credential_not_found`` + - The `credential_hash` value provided in the Status Assertion Request doesn't match with any active Digital Credential. + * - ``unsupported_hash_alg`` + - The hash algorithm set in `credential_hash_alg` is not supported. + +Below a non-normative example of a Status Assertion Error object in JWT format, with the headers and payload represented in JSON and without applying the signature. + +.. code:: + + { + "alg": "ES256", + "typ": "status-assertion-error+jwt", + "kid": "Issuer-JWK-KID" + } + . + { + "iss": "https://issuer.example.org", + "jti": "6f204f7e-e453-4dfd-814e-9d155319408c" + "credential_hash": $CREDENTIAL-HASH, + "credential_hash_alg": "sha-256", + "error": "credential_revoked", + "error_description": "Credential is revoked." + } + + +.. _sec_revocation_nra_presentation: + +Status Assertion Presentation to the Verifiers +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +During the presentation phase, a Verifier MAY request the Wallet Instance to provide a Non-Revocation Assertion along with the requested Credential. If a Verifier requests a Status Assertion for a requested Digital Credential, the Wallet Instance MUST provide the Status Assertions in the *vp_token* JSON array. If the Status Assertion is requested by the Verifier and the Wallet Instance is not able to provide it or it is expired or it is issued far back in time, the Verifier MAY decide to accept or reject the Credential according to its security policy. + +Law-Enforcement Authorities or Third Parties authorized by national law, MAY require deferred non-revocation status verification but the definition of these protocols is currently out-of-scope for this technical implementation profile. + + + +.. _sec_revocation_credential_pop: + +Credential Proof of Possession +------------------------------ + +The Credential Proof of Possession (**credential_pop**) MUST be a JWT that MUST contain the parameters (Header and Payload) in the following table. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Header** + - **Description** + - **Reference** + * - **typ** + - In case of revocation request it MUST be set to ``revocation-request+jwt``. In case of Status Assertion request it MUST be set to ``status-assertion-request+jwt``, according to `OAUTH-STATUS-ASSERTION`_ . + - :rfc:`7516#section-4.1.1`. + * - **alg** + - A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms listed in the Section `Cryptographic Algorithms `_ and MUST NOT be set to ``none`` or any symmetric algorithm (MAC) identifier. + - :rfc:`7516#section-4.1.1`. + * - **kid** + - Unique identifier of the ``jwk`` or ``COSE_Key`` inside the ``cnf`` claim of the Credential to be revoked, as base64url-encoded JWK Thumbprint value, according to `OAUTH-STATUS-ASSERTION`_. + - :rfc:`7638#section_3`. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Payload** + - **Description** + - **Reference** + * - **iss** + - Thumbprint of the JWK in the ``cnf`` parameter of the Wallet Assertion. + - :rfc:`9126` and :rfc:`7519`. + * - **aud** + - It MUST be set to the identifier of the Issuer. + - :rfc:`9126` and :rfc:`7519`. + * - **exp** + - UNIX Timestamp with the expiry time of the JWT. It MUST be greater than the value set for `iat`. + - :rfc:`9126` and :rfc:`7519`. + * - **iat** + - UNIX Timestamp with the time of JWT issuance. + - :rfc:`9126` and :rfc:`7519`. + * - **jti** + - Unique identifier for the PoP proof JWT. The value SHOULD be set using a *UUID v4* value according to [:rfc:`4122`]. + - :rfc:`7519#section-4.1.7`. + * - **credential_hash** + - It MUST contain the hash value of a Digital Credential, derived by computing the base64url encoded hash of the Digital Credential. + - `OAUTH-STATUS-ASSERTION`_. + * - **credential_hash_alg** + - It MUST contain the Algorithm used for hashing the Digital Credential. The value SHOULD be set to `S256`. + - `OAUTH-STATUS-ASSERTION`_. + +Revocation Assertion +-------------------- + +When the JWT format is used, the Revocation Assertion MUST contain the following claims. + +.. _table_revocation_assertion_header: +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Header** + - **Description** + - **Reference** + * - **alg** + - Algorithm used to verify the cryptographic signature of the Revocation Assertion. Revocation Assertion that do not need to be signed SHOULD set the `alg` value to `none` in according with `OAUTH-STATUS-ASSERTION`_. + - `[OIDC4VCI. Draft 13] `_, [:rfc:`7515`], [:rfc:`7517`]. + * - **typ** + - It MUST be set to `revocation-assertion-response+jwt` when JWT format is used. + - [:rfc:`7515`], [:rfc:`7517`], `OAUTH-STATUS-ASSERTION`_. + + +.. _table_revocation_assertion_claim: +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Payload** + - **Description** + - **Reference** + * - **iss** + - It MUST be set to the identifier of the Credential Issuer. + - :rfc:`9126` and :rfc:`7519`. + * - **jti** + - Unique identifier for the JWT. + - :rfc:`7519#section-4.1.7`. + * - **credential_status_validity** + - Boolean value indicating the absolute validity of the Credential linked to the Status Assertion. It MUST be set with the value `false`. + - `OAUTH-STATUS-ASSERTION`_. + + +Status Assertion +------------------ + +When the JWT format is used, the Status Assertion MUST contain the following claims. + +.. _table_non_revocation_assertion_header: +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Header** + - **Description** + - **Reference** + * - **alg** + - A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms in Section :ref:`Cryptographic Algorithms ` and MUST NOT be set to ``none`` or to a symmetric algorithm (MAC) identifier. + - `[OIDC4VCI. Draft 13] `_, [:rfc:`7515`], [:rfc:`7517`]. + * - **typ** + - It MUST be set to `status-assertion-request+jwt` when JWT format is used. + - [:rfc:`7515`], [:rfc:`7517`], `[OAuth Status Attestation draft 01] `_.. + * - **kid** + - Unique identifier of the Credential Issuer ``jwk`` as base64url-encoded JWK Thumbprint value. + - :rfc:`7638#section_3`. + +.. _table_non_revocation_assertion_claim: +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Payload** + - **Description** + - **Reference** + * - **iss** + - It MUST be set to the identifier of the Credential Issuer. + - :rfc:`9126` and :rfc:`7519`. + * - **iat** + - UNIX Timestamp with the time of JWT issuance. + - :rfc:`9126` and :rfc:`7519`. + * - **exp** + - UNIX Timestamp with the expiry time of the JWT. It MUST be greater than the value set for `iat`. + - :rfc:`9126` and :rfc:`7519`. + * - **credential_hash** + - Hash value of the Credential the Status Assertion is bound to. + - `OAUTH-STATUS-ASSERTION`_. + * - **credential_hash_alg** + - The Algorithm used for hashing the Credential to which the Status Assertion is bound. The value SHOULD be set to ``S256``. + - `OAUTH-STATUS-ASSERTION`_. + * - **credential_status_validity** + - Boolean value indicating the absolute validity of the Credential linked to the Status Assertion. It is REQUIRED and it MUST be set with the value "false" or "true". + - `OAUTH-STATUS-ASSERTION`_. + * - **cnf** + - JSON object containing confirmation methods. The sub-member contained within `cnf` member, such as `jwk` for JWT, MUST match with the one provided within the related Digital Credential. Other confirmation methods can be utilized when the referenced Digital Credential supports them, in accordance with the relevant standards. + - `[RFC7800, Section 3.1] `_ and `[RFC8747, Section 3.1] `_. + + +Error Assertion +------------------ + +When the JWT format is used, the Revocation or Status Assertion Error MUST contain the following claims. + +.. _table_non_revocation_assertion_error_header: +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Header** + - **Description** + - **Reference** + * - **alg** + - Algorithm used to verify the cryptographic signature of the Assertion Error. Assertion Error that do not need to be signed SHOULD set the `alg` value to `none` in according with `OAUTH-STATUS-ASSERTION`_. + - `[OIDC4VCI. Draft 13] `_, [:rfc:`7515`], [:rfc:`7517`]. + * - **typ** + - It MUST be set to `status-assertion-response+jwt` or `revocation-assertion-response+jwt` when JWT format is used. + - [:rfc:`7515`], [:rfc:`7517`], `OAUTH-STATUS-ASSERTION`_ . + + +.. _table_non_revocation_assertion_error_claim: +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Payload** + - **Description** + - **Reference** + * - **iss** + - It MUST be set to the identifier of the Credential Issuer. + - :rfc:`9126` and :rfc:`7519`. + * - **jti** + - Unique identifier for the JWT. + - :rfc:`7519#section-4.1.7`. + * - **error** + - Status code returned from the Credential Issuer after revocation. The value SHOULD be assigned with one of the error types defined in {{RFC6749}}[Section 5.2] or defined in `OAUTH-STATUS-ASSERTION`_. + - `[RFC6749, Section 5.2] `_, `OAUTH-STATUS-ASSERTION`_ + * - **error_description** + - Text that clarifies the nature of the error, such as attribute changes, revocation reasons, in relation to the `error` value. + - `OAUTH-STATUS-ASSERTION`_. diff --git a/ia-terms-updates/en/_sources/ssi-introduction.rst.txt b/ia-terms-updates/en/_sources/ssi-introduction.rst.txt new file mode 100644 index 000000000..3ae0574b2 --- /dev/null +++ b/ia-terms-updates/en/_sources/ssi-introduction.rst.txt @@ -0,0 +1,30 @@ +.. include:: ../common/common_definitions.rst + +.. _ssi-introduction.rst: + +The Digital Identity Wallet Paradigm +++++++++++++++++++++++++++++++++++++ + +The Digital Identity Wallet Paradigm refers to a new architecture in Identity and Access Management (IAM) that improves the privacy and grants complete control and ownership over the personal data by their owner, the Users. +Users possess their digital documents and determine to which actors they present these documents, with the ability to revoke the use of said documents, all while maintaining a history of their activities. + +The main difference between this new approach and the traditional IAM infrastructure is that during the presentation phase there are no intermediaries between the Wallet and the Relying Party, while in the SAML2 or OIDC based infrastructure an Identity Provider is always involved, knowing which services a citizen is accessing to. + +SSI is also significant in the field of data exchange and data governance. This is relevant at both national and European levels, including the new eIDAS Regulation. In fact, it envisions a login option designed for European Users - be they citizens, public administrations, or companies - who want to access another Member State's services using their national authentication systems. + +The main roles in an Wallet ecosystem are are listed as follow: + + - Issuers: parties who can issue digital credentials about a person; + - Verifiers: parties who request Holders' digital credentials for authentication and authorization purposes; + - Holders: individuals who own a Wallet and have control over the digital credentials they can request, acquire, store, and present to verifiers; + - Verifiable Data Registries: Authorities that publish certificates, attestations, metadata, and schemes needed for allowing the trust establishment between the parties. + +In this model, the credential Issuer (e.g., an educational institution) provides digital credentials to the User, who can store them in their digital Wallet. +The Wallet typically comes in the form of an application on the User's mobile phone. + +Other key elements that characterize an SSI system include: + + - **Privacy and control**: Wallets enable individuals to maintain control over their personal data. They can choose what information to release, to whom, and for what purpose; + - **Security**: Wallets leverage cryptographic mechanism to ensure the integrity and security of identity information. It avoids the risk of identity theft, fraud, and unauthorized access since the data remains under the individual's control; + - **Interoperability**: Wallets promote interoperability by enabling different systems and organizations to recognize and verify identities without relying on a central authority. This allows for seamless and trusted interactions between individuals, organizations, and even across borders; + - **Efficiency and cost reduction**: individuals can manage their own identities, eliminating the need for multiple identity credentials and repetitive identity verification processes. This can streamline administrative procedures, reduce costs, and enhance the user experience. diff --git a/ia-terms-updates/en/_sources/standards.rst.txt b/ia-terms-updates/en/_sources/standards.rst.txt new file mode 100644 index 000000000..2a2c017f8 --- /dev/null +++ b/ia-terms-updates/en/_sources/standards.rst.txt @@ -0,0 +1 @@ +.. include:: ../common/standards.rst diff --git a/ia-terms-updates/en/_sources/trust.rst.txt b/ia-terms-updates/en/_sources/trust.rst.txt new file mode 100644 index 000000000..1bcc37f55 --- /dev/null +++ b/ia-terms-updates/en/_sources/trust.rst.txt @@ -0,0 +1,700 @@ +.. include:: ../common/common_definitions.rst + +.. _trust.rst: + +The Infrastructure of Trust ++++++++++++++++++++++++++++ + +The EUDI Wallet Architecture Reference Framework (`EIDAS-ARF`_) describes the Trust Model as a *"collection of rules that ensure the legitimacy of the components and the entities involved in the EUDI Wallet ecosystem"*. + +This section outlines the implementation of the Trust Model in an infrastructure that complies with OpenID Federation 1.0 `OID-FED`_. This infrastructure involves a RESTful API for distributing metadata, metadata policies, trust marks, public keys, X.509 certificates, and the revocation status of the participants, also called Federation Entities. + +The Infrastructure of trust facilitates the application of a trust assessment mechanism among the parties defined in the `EIDAS-ARF`_. + +.. figure:: ../../images/trust-roles.svg + :alt: federation portrait + :width: 100% + + The roles within the Federation, where the Trust Anchor oversees its subordinates, + which include one or more Intermediates and Leaves. In this + representation, both the Trust Anchor and the Intermediates assume the role of Registration Authority. + +Federation Roles +------------------ + +All the participants are Federation Entities that MUST be registered by an Registration Body, +except for Wallet Instances which are End-User's personal devices certified by their Wallet Provider. + +.. note:: + The Wallet Instance, as a personal device, is certified as reliable through a verifiable attestation issued and signed by a trusted third party. + + This is called *Wallet Attestation* and is documented in `the dedicated section `_. + + +Below the table with the summary of the Federation Entity roles, mapped on the corresponding EUDI Wallet roles, as defined in the `EIDAS-ARF`_. + +.. list-table:: + :widths: 20 20 60 + :header-rows: 1 + + * - EUDI Role + - Federation Role + - Notes + * - Public Key Infrastructure (PKI) + - Trust Anchor + - The Federation has PKI capabilities. The Entity that configures the entire infrastructure is the Trust Anchor. + * - Qualified Trust Service Provider (QTSP) + - Leaf + - + * - Person Identification Data Provider + - Leaf + - + * - Qualified Electronic Attestations of Attributes Provider + - Leaf + - + * - Electronic Attestations of Attributes Provider + - Leaf + - + * - Relying Party + - Leaf + - + * - Trust Service Provider (TSP) + - Leaf + - + * - Trusted List + - Trust Anchor + - The listing endpoint, the trust mark status endpoint, and the fetch endpoint must be exposed by both Trust Anchors and Intermediates, making the Trusted List distributed over multiple Federation Entities, where each of these is responsible for their registered subordinates. + * - Wallet Provider + - Leaf + - + + +General Properties +------------------ + +The architecture of the trust infrastructure based on OpenID Federation is built upon several core principles: + +- [P1] **Security**: incorporates mechanisms to ensure the integrity, confidentiality, and authenticity of the trust relationships and interactions within the federation. +- [P2] **Privacy**: designed to respect and protect the privacy of the entities and individuals involved, minimal disclosure is part of this. +- [P3] **Interoperability**: supports seamless interaction and trust establishment between diverse systems and entities within the federation. +- [P4] **Transitive Trust**: trust established indirectly through a chain of trusted relationships, enabling entities to trust each other based on common authorities and trusted intermediaries. +- [P6] **Scalability**: designed to efficiently manage an increasing number of entities or interactions without a significant increase in trust management complexity. +- [P5] **Delegation**: technical ability/feature to delegate authority or responsibilities to other entities, allowing for a distributed trust mechanism. +- [P7] **Flexibility**: adaptable to various operational and organizational needs, allowing entities to define and adjust their trust relationships and policies. +- [P8] **Autonomy**: while part of a federated ecosystem, each entity retains control over its own definitions and configurations. +- [P9] **Decentralization**: unlike traditional centralized systems, the OpenID Federation model promotes a decentralized approach. This ensures that no single entity has control over the entire system, enhancing privacy and security for all participants. + +Trust Infrastructure Functional Requirements +---------------------------------------------- + +This section includes the requirements necessary for the successful implementation and operation of the infrastructure of trust. + +.. list-table:: Functional Requirements + :header-rows: 1 + + * - ID + - Description + * - [FR #1] + - **Federation Trust Establishment**: the system must be able to establish trust between different entities (Credential Issuers, Relying Parties, etc.) within a federation, using cryptographic signatures for secure information exchange about the participants in the ecosystem. + * - [FR #2] + - **Entity Authentication**: the system must implement mechanisms for authenticating entities within the federation, ensuring compliance with the shared rules. + * - [FR #3] + - **Signature Validation**: the system must support the creation, verification, and validation of electronic signatures and provide standard and secure mechanisms to obtain the public keys required for the signature validation. + * - [FR #4] + - **Time Stamping**: the signed artifacts must contain time stamps to ensure the integrity and non-repudiation of transactions over time, thanks to the interfaces, services, storage model and approaches defined within the federation. + * - [FR #5] + - **Certificate Validation**: the system requires confidential transmission, secured via TLS over HTTP, and validation of certificates for website authentication, ensuring they meet eIDAS criteria. + * - [FR #6] + - **Interoperability and Standards Compliance**: ensure interoperability between federation members by adhering to technical standards, facilitating cross-border electronic transactions. + * - [FR #7] + - **Data Protection and Privacy**: implement data protection measures in compliance with GDPR and eIDAS regulations, ensuring the privacy and security of personal data processed within the federation. + * - [FR #8] + - **User Consent and Control**: design mechanisms for obtaining and managing user consent, empowering users with control over their personal information. + * - [FR #9] + - **Audit and Logging**: the system must minimize data, anonymize if possible, define retention periods, secure access, and storage encryption. This protects privacy while enabling security and accountability. + * - [FR #10] + - **Dispute Resolution and Liability**: establish clear procedures for dispute resolution and define liability among federation members, in accordance with eIDAS provisions. + * - [FR #11] + - **Accessibility**: ensure that the system is accessible to all users, including those with disabilities, aligning with eIDAS and local accessibility standards. + * - [FR #12] + - **Emergency and Revocation Services**: implement mechanisms for the immediate revocation of electronic identification means and participants in case of security breaches or other emergencies. + * - [FR #13] + - **Scalable Trust Infrastructure**: the system must support scalable trust establishment mechanisms, leveraging approaches and technical solutions that complement delegation transitive approaches to efficiently manage trust relationships as the federation grows, removing central registries that might technically or administratively fail. + * - [FR #14] + - **Efficient Storage Scalability**: implement a storage solution that scales horizontally to accommodate increasing data volumes while minimizing central storage and administrative costs. The system should enable members to independently store and present historical trust attestations and signed artifacts during dispute resolutions, with the federation infrastructure maintaining only a registry of historical keys to validate the historical data, stored and provided by the participants. + * - [FR #15] + - **Verifiable Attestation (Trust Mark)**: incorporate a mechanism for issuing and verifying verifiable attestations that serve as proof of compliance with specific profiles or standards. This allows entities within the federation to demonstrate adherence to agreed-upon security, privacy, and operational standards. + * - [FR #16] + - **Dynamic Policy Language**: develop and implement a dynamic, extensible policy language that allows for the creation and modification of federation policies in response to evolving requirements, technological advancements, and regulatory changes. This policy language should support the specification of rules governing entity behavior, metadata handling, and trust validation within the federation. + * - [FR #17] + - **Automated Policy Enforcement**: the system must automatically enforce federation policies as defined by policy language and verifiable attestations, ensuring that all operations and transactions comply with current rules and standards. + * - [FR #18] + - **Decentralized Dispute Resolution Mechanism**: design a decentralized mechanism for dispute resolution that allows federation members to independently verify historical trust establishment and signed artifacts, reducing reliance on central authorities and streamlining the resolution process. + * - [FR #19] + - **Adaptive Load Management**: implement adaptive load management strategies to ensure the system remains responsive and efficient under varying loads, particularly during peak usage times or when processing complex tasks. + * - [FR #20] + - **Cross-Federation Interoperability**: ensure the system is capable of interoperating with other federations or trust frameworks, facilitating cross-federation transactions and trust establishment without compromising security or compliance. + * - [FR #21] + - **Future-Proof Cryptography**: the system should employ a flexible cryptographic framework that can be updated in response to new threats or advancements in cryptographic research, ensuring long-term security and integrity of federation operations. + * - [FR #23] + - **Autonomous Registration Bodies**: the system must facilitate the integration of autonomous registration bodies that operate in compliance with federation rules. These bodies are tasked with evaluating and registering entities within the federation, according to the pre-established rules and their compliance that must be periodically asserted. + * - [FR #24] + - **Compliance Evaluation for Federation Entity Candidates**: registration bodies must evaluate the compliance of candidate entities against federation standards before their registration in the federation. + * - [FR #25] + - **Periodic Auditing of Registration Bodies and Entities**: implement mechanisms for the periodic auditing and monitoring of the compliance status of both registration bodies and their registered entities. This ensures ongoing adherence to federation standards and policies. + * - [FR #26] + - **Certification of Compliance for Personal Devices**: trusted bodies, in the form of federation entities, should issue certifications of compliance and provide signed proof of such compliance for the hardware of personal devices used within the federation. These certifications should be attested and periodically renewed to ensure the devices meet current security standards. + * - [FR #27] + - **Certification of Compliance for Cryptographic Devices**: similar to personal devices, personal cryptographic devices used within the federation must also receive certifications of compliance and signed proof thereof from trusted bodies. These certifications should be subject to periodic renewal to reflect the latest security and compliance standards. + * - [FR #28] + - **Transparent Compliance Reporting**: develop a system for transparent reporting and publication of compliance statuses, audit results, and certification renewals for all federation entities. This transparency fosters trust within the federation and with external stakeholders. + * - [FR #29] + - **Automated Compliance Monitoring**: the system should include automated tools for monitoring the compliance of entities with federation standards. This automation aids in the early detection of potential compliance issues. + * - [FR #30] + - **Secure Protocol Capabilities Binding**: the secure protocol must enable the exchange of protocol-specific capabilities data as cryptographically-bound metadata attached to a specific identity. This metadata should define the technical capabilities associated with the identity, ensuring verifiable proof and tamper-proof association for robust trust establishment and access control. + + +Federation API endpoints +------------------------ + +OpenID Federation 1.0 uses RESTful Web Services secured over +HTTPs. OpenID Federation 1.0 defines which are the web endpoints that the participants MUST make +publicly available. The table below summarises the endpoints and their scopes. + +All the endpoints listed below are defined in the `OID-FED`_ specs. + +.. list-table:: + :widths: 20 20 20 20 + :header-rows: 1 + + * - endpoint name + - http request + - scope + - required for + * - federation metadata + - **GET** .well-known/openid-federation + - Metadata that an Entity publishes about itself, verifiable with a trusted third party (Superior Entity). It's called Entity Configuration. + - Trust Anchor, Intermediate, Wallet Provider, Relying Party, Credential Issuer + * - subordinate list endpoint + - **GET** /list + - Lists the Subordinates. + - Trust Anchor, Intermediate + * - fetch endpoint + - **GET** /fetch?sub=https://rp.example.org + - Returns a signed document (JWS) about a specific subject, its Subordinate. It's called Entity Statement. + - Trust Anchor, Intermediate + * - trust mark status + - **POST** /status?sub=...&trust_mark_id=... + - Returns the status of the issuance (validity) of a Trust Mark related to a specific subject. + - Trust Anchor, Intermediate + * - historical keys + - **GET** /historical-jwks + - Lists the expired and revoked keys, with the motivation of the revocation. + - Trust Anchor, Intermediate + + +All the responses of the federation endpoints are in the form of JWS, with the exception of the **Subordinate Listing endpoint** and the **Trust Mark Status endpoint** that are served as plain JSON by default. + + +Configuration of the Federation +------------------------------- + +The configuration of the federation is published by the Trust Anchor within its Entity Configuration, it is available at the well-known web path corresponding to **.well-known/openid-federation**. + +All the participants in the federation MUST obtain the federation configuration before entering the operational phase, and they +MUST keep it up-to-date. The federation configuration is the Trust Anchor's Entity Configuration, it contains the +public keys for signature operations and the maximum number of Intermediates allowed between a Leaf and the Trust Anchor (**max_path_length**). + +Below is a non-normative example of a Trust Anchor Entity Configuration, where each parameter is documented in the `OpenID Federation `_ specification: + +.. code-block:: text + + { + "alg": "ES256", + "kid": "FifYx03bnosD8m6gYQIfNHNP9cM_Sam9Tc5nLloIIrc", + "typ": "entity-statement+jwt" + } + . + { + "exp": 1649375259, + "iat": 1649373279, + "iss": "https://registry.eidas.trust-anchor.example.eu", + "sub": "https://registry.eidas.trust-anchor.example.eu", + "jwks": { + "keys": [ + { + + "kty": "EC", + "kid": "X2ZOMHNGSDc4ZlBrcXhMT3MzRmRZOG9Jd3o2QjZDam51cUhhUFRuOWd0WQ", + "crv": "P-256", + "x": "1kNR9Ar3MzMokYTY8BRvRIue85NIXrYX4XD3K4JW7vI", + "y": "slT14644zbYXYF-xmw7aPdlbMuw3T1URwI4nafMtKrY" + } + ] + }, + "metadata": { + "federation_entity": { + "organization_name": "example TA", + "contacts":[ + "tech@eidas.trust-anchor.example.eu" + ], + "homepage_uri": "https://registry.eidas.trust-anchor.example.eu", + "logo_uri":"https://registry.eidas.trust-anchor.example.eu/static/svg/logo.svg", + "federation_fetch_endpoint": "https://registry.eidas.trust-anchor.example.eu/fetch", + "federation_resolve_endpoint": "https://registry.eidas.trust-anchor.example.eu/resolve", + "federation_list_endpoint": "https://registry.eidas.trust-anchor.example.eu/list", + "federation_trust_mark_status_endpoint": "https://registry.eidas.trust-anchor.example.eu/trust_mark_status" + } + }, + "trust_mark_issuers": { + "https://registry.eidas.trust-anchor.example.eu/openid_relying_party/public": [ + "https://registry.spid.eidas.trust-anchor.example.eu", + "https://public.intermediary.spid.org" + ], + "https://registry.eidas.trust-anchor.example.eu/openid_relying_party/private": [ + "https://registry.spid.eidas.trust-anchor.example.eu", + "https://private.other.intermediary.org" + ] + }, + "constraints": { + "max_path_length": 1 + } + } + + +Entity Configuration +-------------------- + +The Entity Configuration is the verifiable document that each Federation Entity MUST publish on its own behalf, in the **.well-known/openid-federation** endpoint. + +The Entity Configuration HTTP Response MUST set the media type to `application/entity-statement+jwt`. + +The Entity Configuration MUST be cryptographically signed. The public part of this key MUST be provided in the +Entity Configuration and within the Entity Statement issued by a immediate superior and related to its subordinate Federation Entity. + +The Entity Configuration MAY also contain one or more Trust Marks. + +.. note:: + **Entity Configuration Signature** + + All the signature-check operations regarding the Entity Configurations, Entity Statements and Trust Marks, are carried out with the Federation public keys. For the supported algorithms refer to Section `Cryptografic Algorithm`. + +Entity Configurations Common Parameters +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The Entity Configurations of all the participants in the federation MUST have in common the parameters listed below. + + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - **iss** + - String. Identifier of the issuing Entity. + * - **sub** + - String. Identifier of the Entity to which it is referred. It MUST be equal to ``iss``. + * - **iat** + - UNIX Timestamp with the time of generation of the JWT, coded as NumericDate as indicated at :rfc:`7519`. + * - **exp** + - UNIX Timestamp with the expiry time of the JWT, coded as NumericDate as indicated at :rfc:`7519`. + * - **jwks** + - A JSON Web Key Set (JWKS) :rfc:`7517` that represents the public part of the signing keys of the Entity at issue. Each JWK in the JWK set MUST have a key ID (claim kid) and MAY have a `x5c` parameter, as defined in :rfc:`7517`. It contains the Federation Entity Keys required for the operations of trust evaluation. + * - **metadata** + - JSON Object. Each key of the JSON Object represents a metadata type identifier + containing JSON Object representing the metadata, according to the metadata + schema of that type. An Entity Configuration MAY contain more metadata statements, but only one for each type of + metadata (<**entity_type**>). the metadata types are defined in the section `Metadata Types `_. + + +Entity Configuration Trust Anchor +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The Trust Anchor Entity Configuration, in addition of the common parameters listed above, MAY contain the following parameters: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Required** + * - **constraints** + - JSON Object that describes the trust evaluation mechanisms bounds. It MUST contain the attribute **max_path_length** that + defines the maximum number of Intermediates between a Leaf and the Trust Anchor. + - |check-icon| + * - **trust_mark_issuers** + - JSON Array that defines which Federation authorities are considered trustworthy + for issuing specific Trust Marks, assigned with their unique identifiers. + - |uncheck-icon| + * - **trust_mark_owners** + - JSON Array that lists which entities are considered to be the owners of + specific Trust Marks. + - |uncheck-icon| + + +Entity Configuration Leaves and Intermediates +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +In addition to the previously defined claims, the Entity Configuration of the Leaf and of the Intermediate Entities, MUST contain the parameters listed below: + + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Required** + * - **authority_hints** + - Array of URLs (String). It contains a list of URLs of the immediate superior entities, such as the Trust Anchor or + an Intermediate, that issues an Entity Statement related to this subject. + - |check-icon| + * - **trust_marks** + - A JSON Array containing the Trust Marks. + - |uncheck-icon| + +Metadata Types +^^^^^^^^^^^^^^^^ + +In this section are defined the main metadata types mapped to the roles of the ecosystem, +giving the references of the metadata protocol for each of these. + + +.. note:: + + The entries that don't have any reference to a known draft or standard are intended to be defined in this technical reference. + +.. list-table:: + :widths: 20 20 20 60 + :header-rows: 1 + + * - OpenID Entity + - EUDI Entity + - Metadata Type + - References + * - Trust Anchor + - Trust Anchor + - ``federation_entity`` + - `OID-FED`_ + * - Intermediate + - Intermediate + - ``federation_entity`` + - `OID-FED`_ + * - Wallet Provider + - Wallet Provider + - ``federation_entity``, ``wallet_provider`` + - -- + * - Authorization Server + - + - ``federation_entity``, ``oauth_authorization_server`` + - `OPENID4VCI`_ + * - Credential Issuer + - PID Provider, (Q)EAA Provider + - ``federation_entity``, ``openid_credential_issuer``, [``oauth_authorization_server``] + - `OPENID4VCI`_ + * - Relying Party + - Relying Party + - ``federation_entity``, ``wallet_relying_party`` + - `OID-FED`_, `OpenID4VP`_ + + +.. note:: + Wallet Provider metadata is defined in the section below. + + `Wallet Solution section `_. + + +.. note:: + In instances where a PID/EAA Provider implements both the Credential Issuer and the Authorization Server, + it MUST incorporate both + ``oauth_authorization_server`` and ``openid_credential_issuer`` within its metadata types. + Other implementations may divide the Credential Issuer from the Authorization Server, when this happens the Credential Issuer metadata MUST contain the `authorization_servers` parameters, including the Authorization Server unique identifier. + Furthermore, should there be a necessity for User Authentication by the Credential Issuer, + it could be necessary to include the relevant metadata type, either ``openid_relying_party`` + or ``wallet_relying_party``. + + +Metadata of federation_entity Leaves +------------------------------------- + +The *federation_entity* metadata for Leaves MUST contain the following claims. + + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - **organization_name** + - See `OID-FED`_ Draft 36 Section 5.2.2 + * - **homepage_uri** + - See `OID-FED`_ Draft 36 Section 5.2.2 + * - **policy_uri** + - See `OID-FED`_ Draft 36 Section 5.2.2 + * - **logo_uri** + - URL of the entity's logo; it MUST be in SVG format. See `OID-FED`_ Draft 36 Section 5.2.2 + * - **contacts** + - Institutional certified email address (PEC) of the entity. See `OID-FED`_ Draft 36 Section 5.2.2 + * - **federation_resolve_endpoint** + - See `OID-FED`_ Draft 36 Section 5.1.1 + +Entity Statements +----------------- + +Trust Anchors and Intermediates publish Entity Statements related to their immediate Subordinates. +The Entity Statement MAY contain a metadata policy and the Trust Marks related to a Subordinate. + +The metadata policy, when applied, makes one or more changes to the final metadata of the Leaf. The final metadata of a Leaf is derived from the Trust Chain that contains all the statements, starting from the Entity Configuration up to the Entity Statement issued by the Trust Anchor. + +Trust Anchors and Intermediates MUST expose the Federation Fetch endpoint, where the Entity Statements are requested to validate the Leaf's Entity Configuration signature. + +.. note:: + The Federation Fetch endpoint MAY also publish X.509 certificates for each of the public keys of the Subordinate. Making the distribution of the issued X.509 certificates via a RESTful service. + +Below there is a non-normative example of an Entity Statement issued by an Registration Body (such as the Trust Anchor or its Intermediate) in relation to one of its Subordinates. + +.. code-block:: text + + { + "alg": "ES256", + "kid": "em3cmnZgHIYFsQ090N6B3Op7LAAqj8rghMhxGmJstqg", + "typ": "entity-statement+jwt" + } + . + { + "exp": 1649623546, + "iat": 1649450746, + "iss": "https://intermediate.eidas.example.org", + "sub": "https://rp.example.it", + "jwks": { + "keys": [ + { + "kty": "EC", + "kid": "2HnoFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs", + "crv": "P-256", + "x": "1kNR9Ar3MzMokYTY8BRvRIue85NIXrYX4XD3K4JW7vI", + "y": "slT14644zbYXYF-xmw7aPdlbMuw3T1URwI4nafMtKrY", + "x5c": [ ] + } + ] + }, + "metadata_policy": { + "wallet_relying_party": { + "scope": { + "subset_of": [ + "eu.europa.ec.eudiw.pid.1", + "given_name", + "family_name", + "email" + ] + }, + "vp_formats": { + "vc+sd-jwt": { + "sd-jwt_alg_values": [ + "ES256", + "ES384" + ], + "kb-jwt_alg_values": [ + "ES256", + "ES384" + ] + } + } + } + } + } + + +.. note:: + + **Entity Statement Signature** + + The same considerations and requirements made for the Entity Configuration + and in relation to the signature mechanisms MUST be applied for the Entity Statements. + + +Entity Statement +^^^^^^^^^^^^^^^^^^ + +The Entity Statement issued by Trust Anchors and Intermediates contains the following attributes: + + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Required** + * - **iss** + - See `OID-FED`_ Section 3.1 for further details. + - |check-icon| + * - **sub** + - See `OID-FED`_ Section 3.1 for further details. + - |check-icon| + * - **iat** + - See `OID-FED`_ Section 3.1 for further details. + - |check-icon| + * - **exp** + - See `OID-FED`_ Section 3.1 for further details. + - |check-icon| + * - **jwks** + - Federation JWKS of the *sub* entity. See `OID-FED`_ Section 3.1 for further details. + - |check-icon| + * - **metadata_policy** + - JSON Object that describes the Metadata policy. Each key of the JSON Object represents an identifier of the metadata type and each value MUST be a JSON Object that represents the metadata policy according to that metadata type. Please refer to the `OID-FED`_ specifications, Section-5.1, for the implementation details. + - |uncheck-icon| + * - **trust_marks** + - JSON Array containing the Trust Marks issued by itself for the subordinate subject. + - |uncheck-icon| + * - **constraints** + - It MAY contain the **allowed_leaf_entity_types**, that restricts what types of metadata the subject is allowed to publish. + - |check-icon| + + +Trust Evaluation Mechanism +-------------------------- + +The Trust Anchor publishes the list of its Subordinates (Federation Subordinate Listing endpoint) and the attestations of their metadata and public keys (Entity Statements). + +Each participant, including Trust Anchor, Intermediate, Credential Issuer, Wallet Provider, and Relying Party, publishes its own metadata and public keys (Entity Configuration endpoint) in the well-known web resource **.well-known/openid-federation**. + +Each of these can be verified using the Entity Statement issued by a superior, such as the Trust Anchor or an Intermediate. + +Each Entity Statement is verifiable over time and MUST have an expiration date. The revocation of each statement is verifiable in real time and online (only for remote flows) through the federation endpoints. + +.. note:: + The revocation of an Entity is made with the unavailability of the Entity Statement related to it. If the Trust Anchor or its Intermediate doesn't publish a valid Entity Statement, or if it publishes an expired/invalid Entity Statement, the subject of the Entity Statement MUST be intended as not valid or revoked. + +The concatenation of the statements, through the combination of these signing mechanisms and the binding of claims and public keys, forms the Trust Chain. + +The Trust Chains can also be verified offline, using one of the Trust Anchor's public keys. + +.. note:: + Since the Wallet Instance is not a Federation Entity, the Trust Evaluation Mechanism related to it **requires the presentation of the Wallet Attestation during the credential issuance and presentation phases**. + + The Wallet Attestation conveys all the required information pertaining to the instance, such as its public key and any other technical or administrative information, without any User's personal data. + + +Relying Party Trust Evaluation +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The Relying Party is registered by a Trust Anchor or its Intermediate and obtains a Trust Mark to be included in its Entity Configuration. In its Entity Configuration the Relying Party publishes its specific metadata, including the supported signature and encryption algorithms and any other necessary information for the interoperability requirements. + +Any requests for User attributes, such as PID or (Q)EAA, from the Relying Party to Wallet Instances are signed and SHOULD contain the verifiable Trust Chain regarding the Relying Party. + +The Wallet Instance verifies that the Trust Chain related to the Relying Party is still active, proving that the Relying Party is still part of the Federation and not revoked. + +The Trust Chain SHOULD be contained within the signed request in the form of a JWS header parameter. + +In offline flows, Trust Chain verification enables the assessment of the reliability of Trust Marks and Attestations contained within. + + +Wallet Attestation +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The Wallet Provider issues the Wallet Attestation, certifying the operational status of its Wallet Instances and including one of their public keys. + +The Wallet Attestation contains the Trust Chain that attests the reliability for its issuer (Wallet Provider) at the time of issuance. + +The Wallet Instance provides its Wallet Attestation within the signed request during the PID issuance phase, containing the Trust Chain related to the Wallet Provider. + + +Trust Chain +^^^^^^^^^^^^^^^ + +The Trust Chain is a sequence of verified statements that validates a participant's compliance with the Federation. It has an expiration date time, beyond which it MUST be renewed to obtain the fresh and updated metadata. The expiration date of the Trust Chain is determined by the earliest expiration timestamp among all the expiration timestamp contained in the statements. No Entity can force the expiration date of the Trust Chain to be higher than the one configured by the Trust Anchor. + +Below is an abstract representation of a Trust Chain. + +.. code-block:: python + + [ + "EntityConfiguration-as-SignedJWT-selfissued-byLeaf", + "EntityStatement-as-SignedJWT-issued-byTrustAnchor" + ] + +Below is a non-normative example of a Trust Chain in its original format (JSON Array containing JWS as strings) with an Intermediate involved. + +.. code-block:: python + + [ + "eyJhbGciOiJFUzI1NiIsImtpZCI6Ik5GTTFXVVZpVWxZelVXcExhbWxmY0VwUFJWWTJWWFpJUmpCblFYWm1SSGhLWVVWWVVsZFRRbkEyTkEiLCJ0eXAiOiJhcHBsaWNhdGlvbi9lbnRpdHktc3RhdGVtZW50K2p3dCJ9.eyJleHAiOjE2NDk1OTA2MDIsImlhdCI6MTY0OTQxNzg2MiwiaXNzIjoiaHR0cHM6Ly9ycC5leGFtcGxlLm9yZyIsInN1YiI6Imh0dHBzOi8vcnAuZXhhbXBsZS5vcmciLCJqd2tzIjp7ImtleXMiOlt7Imt0eSI6IkVDIiwia2lkIjoiTkZNMVdVVmlVbFl6VVdwTGFtbGZjRXBQUlZZMlZYWklSakJuUVhabVJIaEtZVVZZVWxkVFFuQTJOQSIsImNydiI6IlAtMjU2IiwieCI6InVzbEMzd2QtcFgzd3o0YlJZbnd5M2x6cGJHWkZoTjk2aEwyQUhBM01RNlkiLCJ5IjoiVkxDQlhGV2xkTlNOSXo4a0gyOXZMUjROMThCa3dHT1gyNnpRb3J1UTFNNCJ9XX0sIm1ldGFkYXRhIjp7Im9wZW5pZF9yZWx5aW5nX3BhcnR5Ijp7ImFwcGxpY2F0aW9uX3R5cGUiOiJ3ZWIiLCJjbGllbnRfaWQiOiJodHRwczovL3JwLmV4YW1wbGUub3JnLyIsImNsaWVudF9yZWdpc3RyYXRpb25fdHlwZXMiOlsiYXV0b21hdGljIl0sImp3a3MiOnsia2V5cyI6W3sia3R5IjoiRUMiLCJraWQiOiJORk0xV1VWaVVsWXpVV3BMYW1sZmNFcFBSVlkyVlhaSVJqQm5RWFptUkhoS1lVVllVbGRUUW5BMk5BIiwiY3J2IjoiUC0yNTYiLCJ4IjoidXNsQzN3ZC1wWDN3ejRiUllud3kzbHpwYkdaRmhOOTZoTDJBSEEzTVE2WSIsInkiOiJWTENCWEZXbGROU05JejhrSDI5dkxSNE4xOEJrd0dPWDI2elFvcnVRMU00In1dfSwiY2xpZW50X25hbWUiOiJOYW1lIG9mIGFuIGV4YW1wbGUgb3JnYW5pemF0aW9uIiwiY29udGFjdHMiOlsib3BzQHJwLmV4YW1wbGUuaXQiXSwiZ3JhbnRfdHlwZXMiOlsicmVmcmVzaF90b2tlbiIsImF1dGhvcml6YXRpb25fY29kZSJdLCJyZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vcnAuZXhhbXBsZS5vcmcvb2lkYy9ycC9jYWxsYmFjay8iXSwicmVzcG9uc2VfdHlwZXMiOlsiY29kZSJdLCJzY29wZSI6ImV1LmV1cm9wYS5lYy5ldWRpdy5waWQuMSBldS5ldXJvcGEuZWMuZXVkaXcucGlkLml0LjEgZW1haWwiLCJzdWJqZWN0X3R5cGUiOiJwYWlyd2lzZSJ9LCJmZWRlcmF0aW9uX2VudGl0eSI6eyJmZWRlcmF0aW9uX3Jlc29sdmVfZW5kcG9pbnQiOiJodHRwczovL3JwLmV4YW1wbGUub3JnL3Jlc29sdmUvIiwib3JnYW5pemF0aW9uX25hbWUiOiJFeGFtcGxlIFJQIiwiaG9tZXBhZ2VfdXJpIjoiaHR0cHM6Ly9ycC5leGFtcGxlLml0IiwicG9saWN5X3VyaSI6Imh0dHBzOi8vcnAuZXhhbXBsZS5pdC9wb2xpY3kiLCJsb2dvX3VyaSI6Imh0dHBzOi8vcnAuZXhhbXBsZS5pdC9zdGF0aWMvbG9nby5zdmciLCJjb250YWN0cyI6WyJ0ZWNoQGV4YW1wbGUuaXQiXX19LCJ0cnVzdF9tYXJrcyI6W3siaWQiOiJodHRwczovL3JlZ2lzdHJ5LmVpZGFzLnRydXN0LWFuY2hvci5leGFtcGxlLmV1L29wZW5pZF9yZWx5aW5nX3BhcnR5L3B1YmxpYy8iLCJ0cnVzdF9tYXJrIjoiZXlKaCBcdTIwMjYifV0sImF1dGhvcml0eV9oaW50cyI6WyJodHRwczovL2ludGVybWVkaWF0ZS5laWRhcy5leGFtcGxlLm9yZyJdfQ.Un315HdckvhYA-iRregZAmL7pnfjQH2APz82blQO5S0sl1JR0TEFp5E1T913g8GnuwgGtMQUqHPZwV6BvTLA8g", + "eyJhbGciOiJFUzI1NiIsImtpZCI6IlNURkRXV2hKY0dWWFgzQjNSVmRaYWtsQ0xUTnVNa000WTNGNlFUTk9kRXRyZFhGWVlYWjJjWGN0UVEiLCJ0eXAiOiJhcHBsaWNhdGlvbi9lbnRpdHktc3RhdGVtZW50K2p3dCJ9.eyJleHAiOjE2NDk2MjM1NDYsImlhdCI6MTY0OTQ1MDc0NiwiaXNzIjoiaHR0cHM6Ly9pbnRlcm1lZGlhdGUuZWlkYXMuZXhhbXBsZS5vcmciLCJzdWIiOiJodHRwczovL3JwLmV4YW1wbGUub3JnIiwiandrcyI6eyJrZXlzIjpbeyJrdHkiOiJFQyIsImtpZCI6Ik5GTTFXVVZpVWxZelVXcExhbWxmY0VwUFJWWTJWWFpJUmpCblFYWm1SSGhLWVVWWVVsZFRRbkEyTkEiLCJjcnYiOiJQLTI1NiIsIngiOiJ1c2xDM3dkLXBYM3d6NGJSWW53eTNsenBiR1pGaE45NmhMMkFIQTNNUTZZIiwieSI6IlZMQ0JYRldsZE5TTkl6OGtIMjl2TFI0TjE4Qmt3R09YMjZ6UW9ydVExTTQifV19LCJtZXRhZGF0YV9wb2xpY3kiOnsib3BlbmlkX3JlbHlpbmdfcGFydHkiOnsic2NvcGUiOnsic3Vic2V0X29mIjpbImV1LmV1cm9wYS5lYy5ldWRpdy5waWQuMSwgIGV1LmV1cm9wYS5lYy5ldWRpdy5waWQuaXQuMSJdfSwicmVxdWVzdF9hdXRoZW50aWNhdGlvbl9tZXRob2RzX3N1cHBvcnRlZCI6eyJvbmVfb2YiOlsicmVxdWVzdF9vYmplY3QiXX0sInJlcXVlc3RfYXV0aGVudGljYXRpb25fc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBvcnRlZCI6eyJzdWJzZXRfb2YiOlsiUlMyNTYiLCJSUzUxMiIsIkVTMjU2IiwiRVM1MTIiLCJQUzI1NiIsIlBTNTEyIl19fX0sInRydXN0X21hcmtzIjpbeyJpZCI6Imh0dHBzOi8vdHJ1c3QtYW5jaG9yLmV4YW1wbGUuZXUvb3BlbmlkX3JlbHlpbmdfcGFydHkvcHVibGljLyIsInRydXN0X21hcmsiOiJleUpoYiBcdTIwMjYifV19._qt5-T6DahP3TuWa_27klE8I9Z_sPK2FtQlKY6pGMPchbSI2aHXY3aAXDUrObPo4CHtqgg3J2XcrghDFUCFGEQ", + "eyJhbGciOiJFUzI1NiIsImtpZCI6ImVXa3pUbWt0WW5kblZHMWxhMjU1ZDJkQ2RVZERSazQwUWt0WVlVMWFhRFZYT1RobFpHdFdXSGQ1WnciLCJ0eXAiOiJhcHBsaWNhdGlvbi9lbnRpdHktc3RhdGVtZW50K2p3dCJ9.eyJleHAiOjE2NDk2MjM1NDYsImlhdCI6MTY0OTQ1MDc0NiwiaXNzIjoiaHR0cHM6Ly90cnVzdC1hbmNob3IuZXhhbXBsZS5ldSIsInN1YiI6Imh0dHBzOi8vaW50ZXJtZWRpYXRlLmVpZGFzLmV4YW1wbGUub3JnIiwiandrcyI6eyJrZXlzIjpbeyJrdHkiOiJFQyIsImtpZCI6IlNURkRXV2hKY0dWWFgzQjNSVmRaYWtsQ0xUTnVNa000WTNGNlFUTk9kRXRyZFhGWVlYWjJjWGN0UVEiLCJjcnYiOiJQLTI1NiIsIngiOiJyQl9BOGdCUnh5NjhVTkxZRkZLR0ZMR2VmWU5XYmgtSzh1OS1GYlQyZkZJIiwieSI6IlNuWVk2Y3NjZnkxcjBISFhLTGJuVFZsamFndzhOZzNRUEs2WFVoc2UzdkUifV19LCJ0cnVzdF9tYXJrcyI6W3siaWQiOiJodHRwczovL3RydXN0LWFuY2hvci5leGFtcGxlLmV1L2ZlZGVyYXRpb25fZW50aXR5L3RoYXQtcHJvZmlsZSIsInRydXN0X21hcmsiOiJleUpoYiBcdTIwMjYifV19.r3uoi-U0tx0gDFlnDdITbcwZNUpy7M2tnh08jlD-Ej9vMzWMCXOCCuwIn0ZT0jS4M_sHneiG6tLxRqj-htI70g" + ] + + +.. note:: + + The entire Trust Chain is verifiable by only possessing the Trust Anchor's public keys. + + +Offline Trust Attestation Mechanisms +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The offline flows do not allow for real-time evaluation of an Entity's status, such as its revocation. At the same time, using short-lived Trust Chains enables the attainment of trust attestations compatible with the required revocation administrative protocols (e.g., a revocation must be propagated in less than 24 hours, thus the Trust Chain must not be valid for more than that period). + + +Offline Wallet Trust Attestation +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Given that the Wallet Instance cannot publish its metadata online at the *.well-known/openid-federation* endpoint, +it MUST obtain a Wallet Attestation issued by its Wallet Provider. The Wallet Attestation MUST contain all the relevant information regarding the security capabilities of the Wallet Instance and its protocol related configuration. It SHOULD contain the Trust Chain related to its issuer (Wallet Provider). + + +Offline Relying Party Metadata +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Since the Federation Entity Discovery is only applicable in online scenarios, it is possible to include the Trust Chain in the presentation requests that the Relying Party may issue for a Wallet Instance. + +The Relying Party MUST sign the presentation request, the request SHOULD include the `trust_chain` claim in its JWS header parameters, containing the Federation Trust Chain related to itself. + +The Wallet Instance that verifies the request issued by the Relying Party MUST use the Trust Anchor's public keys to validate the entire Trust Chain related to the Relying Party before attesting its reliability. + +Furthermore, the Wallet Instance applies the metadata policy, if any. + +Trust Chain Fast Renewal +------------------------ + +The Trust Chain fast renewal method offers a streamlined way to maintain the validity of a trust chain without undergoing the full discovery +process again. It's particularly useful for quickly updating trust relationships when minor changes occur or when the +Trust Chain is close to expiration but the overall structure of the federation hasn't changed significantly. + +The Trust Chain fast renewal process is initiated by fetching the leaf's Entity Configuration anew. However, unlike the federation discovery process that may involve fetching Entity Configurations starting from the authority hints, the fast renewal focuses on directly obtaining the Subordinate Statements. These statements are requested using the `source_endpoint` provided within them, which points to the location where the statements can be fetched. + + +Non-repudiability of the Long Lived Attestations +-------------------------------------------------- + +The Trust Anchor and its Intermediate MUST expose the Federation Historical Keys endpoint, where are published all the public part of the Federation Entity Keys that are no longer used, whether expired or revoked. + +The details of this endpoint are defined in the `OID-FED`_ Section 7.6. + +Each JWS containing a Trust Chain in the form of a JWS header parameter can be verified over time, since the entire Trust Chain is verifiable using the Trust Anchor's public key. + +Even if the Trust Anchor has changed its cryptographic keys for digital signature, the Federation Historical Keys endpoint always makes the keys no longer used available for historical signature verifications. + + +Privacy Remarks +--------------- + +- Wallet Instances MUST NOT publish their metadata through an online service. +- The trust infrastructure MUST be public, with all endpoints publicly accessible without any client credentials that may disclose who is requesting access. +- When a Wallet Instance requests the Entity Statements to build the Trust Chain for a specific Relying Party or validates a Trust Mark online, issued for a specific Relying Party, the Trust Anchor or its Intermediate do not know that a particular Wallet Instance is inquiring about a specific Relying Party; instead, they only serve the statements related to that Relying Party as a public resource. +- The Wallet Instance metadata MUST not contain information that may disclose technical information about the hardware used. +- Leaf entity, Intermediate, and Trust Anchor metadata may include the necessary amount of data as part of administrative, technical, and security contact information. It is generally not recommended to use personal contact details in such cases. From a legal perspective, the publication of such information is needed for operational support concerning technical and security matters and the GDPR regulation. + + +Considerations about Decentralization +------------------------------------- + +- There may be more than a single Trust Anchor. +- In some cases, a trust verifier may trust an Intermediate, especially when the Intermediate acts as a Trust Anchor within a specific perimeter, such as cases where the Leafs are both in the same perimeter like a Member State jurisdiction (eg: an Italian Relying Party with an Italian Wallet Instance may consider the Italian Intermediate as a Trust Anchor for the scopes of their interactions). +- Trust attestations (Trust Chain) should be included in the JWS issued by Credential Issuers, and the Presentation Requests of RPs should contain the Trust Chain related to them (issuers of the presentation requests). +- Since the credential presentation must be signed, storing the signed presentation requests and responses, which include the Trust Chain, the Wallet Instance may have the snapshot of the federation configuration (Trust Anchor Entity Configuration in the Trust Chain) and the verifiable reliability of the Relying Party it has interacted with. +- Each signed attestation is long-lived since it can be cryptographically validated even when the federation configuration changes or the keys of its issuers are renewed. +- Each participant should be able to update its Entity Configuration without notifying the changes to any third party. The metadata policy contained within a Trust Chain must be applied to overload any information related to protocol specific metadata. diff --git a/ia-terms-updates/en/_sources/wallet-attestation.rst.txt b/ia-terms-updates/en/_sources/wallet-attestation.rst.txt new file mode 100644 index 000000000..c8f1c8977 --- /dev/null +++ b/ia-terms-updates/en/_sources/wallet-attestation.rst.txt @@ -0,0 +1,613 @@ +.. include:: ../common/common_definitions.rst + +.. _wallet-attestation.rst: + +Wallet Attestation +++++++++++++++++++ + +Wallet Attestation contains information regarding the security level of the device hosting the Wallet Instance. It primarily certifies the **authenticity**, **integrity**, **security**, **privacy**, and **trustworthiness** of a particular Wallet Instance. The Wallet Attestation MUST contain a Wallet Instance public key. + +Requirements +------------ + +The requirements for the Wallet Attestation are defined below: + +- The Wallet Attestation MUST use the signed JSON Web Token (JWT) format; +- The Wallet Attestation MUST provide all the relevant information to attest to the **integrity** and **security** of the device where the Wallet Instance is installed. +- The Wallet Attestation MUST be signed by the Wallet Provider that has authority over and is the owner of the Wallet Solution, as specified by the overseeing registration authority. This ensures that the Wallet Attestation uniquely links the Wallet Provider to this particular Wallet Instance. +- The Wallet Provider MUST ensure the integrity, authenticity, and genuineness of the Wallet Instance, preventing any attempts at manipulation or falsification by unauthorized third parties. The Wallet Provider MUST also verify the Wallet Instance using the App Store vendor's API, such as the *Play Integrity API* for Android and *DeviceCheck* for iOS. These services are defined in this specification as **Device Integrity Service (DIS)**. +- The Wallet Attestation MUST have a mechanism in place for revoking the Wallet Instance, allowing the Wallet Provider to terminate service for a specific instance at any time. +- The Wallet Attestation MUST be securely bound to the Wallet Instance's ephemeral public key. +- The Wallet Attestation MAY be used multiple times during its validity period, allowing for repeated authentication and authorization without the need to request new attestations with each interaction. +- The Wallet Attestation MUST be short-lived and MUST have an expiration date/time, after which it SHOULD no longer be considered valid. +- The Wallet Attestation MUST NOT be issued by the Wallet Provider if the authenticity, integrity, and genuineness are not guaranteed. In this case, the Wallet Instance MUST be revoked. +- Each Wallet Instance SHOULD be able to request multiple attestations with different ephemeral public keys associated with them. This requirement provides a privacy-preserving measure, as the public key MAY be used as a tracking tool during the presentation phase (see also the point listed below). +- The Wallet Attestation MUST NOT contain any information that can be used to directly identify the User. +- The Wallet Instance MUST secure a Wallet Attestation as a prerequisite for transitioning to the Operational state, as defined by `ARF`_. +- Private keys MUST be generated and stored in the WSCD using at least one of the approaches listed below: + + - **Local Internal WSCD**: The WSCD relies entirely on the device's native cryptographic hardware, such as the Secure Enclave on iOS devices or the Hardware-Backed Keystore or Strongbox on Android devices. + - **Local External WSCD**: The WSCD is hardware external to the User's device, such as a smart card compliant with *GlobalPlatform* and supporting *JavaCard*. + - **Remote WSCD**: The WSCD utilizes a remote Hardware Security Module (HSM). + - **Local Hybrid WSCD**: The WSCD involves a pluggable internal hardware component within the User's device, such as an *eUICC* that adheres to *GlobalPlatform* standards and supports *JavaCard*. + - **Remote Hybrid WSCD**: The WSCD involves a local component mixed with a remote service. + +- The Wallet Provider MUST offer a set of services, exclusively available to its Wallet Solution instances, for the verification and issuance of Wallet Attestations. + +.. warning:: + At the current stage, the implementation profile defined in this document supports only the **Local Internal WSCD**. Future versions of this specification MAY include other approaches depending on the required `AAL`. + +Static Component View +--------------------- + +.. figure:: ../../images/static_view_wallet_instance_attestation.svg + :name: Wallet Solution Schema + :alt: The image illustrates the containment of Wallet Provider and Wallet Instances within the Wallet Solution, managed by the Wallet Provider. + :target: https://www.plantuml.com/plantuml/uml/VP8nJyCm48Lt_ugdTexOCw22OCY0GAeGOsMSerWuliY-fEg_9mrEPTAqw-VtNLxEtaJHGRh6AMs40rRlaS8AEgAB533H3-qS2Tu2zxPEWSF8TcrYv-mJzTOGNfzVnXXJ0wKCDorxydAUjMNNYMMVpug9OTrR7i22LlaesXlADPiOraToZWyBsgCsF-JhtFhyGyZJgNlbXVR1oX5R2YSoUdQYEzrQO1seLcfUeGXs_ot5_VzqYM6lQlRXMz6hsTccIbGHhGu2_hhfP1tBwHuZqdOUH6WuEmrKIeqtNonvXhq4ThY3Dc9xBNJv_rSwQeyfawhcZsTPIpKLKuFYSa_JyOPytJNk5m00 + +Dynamic Component View +---------------------- + +The Wallet Attestation acquisition flow can be divided into two main phases. The first phase involves device initialization and registration, which occurs only during the initial launch of the Wallet Instance (after installation). The second phase pertains to the actual acquisition of the Wallet Attestation. + +Wallet Instance Initialization and Registration +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. figure:: ../../images/wallet_instance_initialization.svg + :name: Sequence Diagram for Wallet Instance Initialization + :alt: The figure illustrates the sequence diagram for initializing a Wallet Instance, with the steps explained below. + :target: https://www.plantuml.com/plantuml/uml/ZLFHRjD047o_hrYb3xHM-84yeA8Iqgf04IdmlBOtpYhEdRMt3eIlPy-cQMoPmeCZQszcTcOklewAeks-TjXgyEq-9t5RBWas8MWUVhfNZG6uu0QzEeU51e7PrqWo0upGseixGy3iEzOrATnvK_O5TIXi6XYYtj612pAKKYMiHrYJf4aFHurm4HjXNrL2v2StV9PmCAC2EHOxycL7pOkTSvM4je7WwoEqJV2mOOaAR8wCYSes2XlGBILZBaLu_SRU5j2L4PzEuB8d6k0g1US3Qa-nvm_ZPal53dW3Vmi4R7aEo3NcDJadFfX6E90aeRdPXOiFTwlRnzMNvVAJw-N60KqY5V1a-ZtPi8-1leIGAx87DkDxKYnHqLaTtIRdUg-sPm4hqyooOflKVKLPzXmgrMRF2UX9qZXu0kKzfGf6r8JkEnWTb3HGFLLrKZNyZHmR3PLWi-K2Rb7A7oW4ztICMMPPMRfaKOEy38T7h6ndlmGrBW1LAQeTNPvCpU5bWIkNgCzfqlXj9zELR8uYLvvAo8_miFnurkZQUXx6dq_oBSn_nPY-ZczOSuawke59m7Zt0BR-PvrnUB4FznEtQOVfYrd0w4Et5rOs9x-eFASP9VqTtRNzjFlwDm00 + +**Step 1**: The User starts the Wallet Instance mobile app for the first time. + +**Step 2**: The Wallet Instance: + + * Checks if the Device Integrity Service is available. + * Checks whether the device meets the minimum security requirements. + +.. note:: + + **Federation Check**: The Wallet Instance needs to check if the Wallet Provider is part of the Federation, obtaining its protocol-specific Metadata. A non-normative example of a response from the endpoint **.well-known/openid-federation** with the **Entity Configuration** and the **Metadata** of the Wallet Provider is represented within the section `Wallet Provider metadata`_. + +**Steps 3-5**: The Wallet Instance sends a request to the Wallet Provider Backend and receives a one-time ``challenge``. This "challenge" is a ``nonce``, which must be unpredictable to serve as the main defense against replay attacks. The backend must generate the ``nonce`` value in a manner that ensures it is single-use and valid only within a specific time frame. This endpoint is compliant with the specification `OAuth 2.0 Nonce Endpoint`_. + +.. code-block:: http + + GET /nonce HTTP/1.1 + Host: walletprovider.example.com + +.. code-block:: http + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "nonce": "d2JhY2NhbG91cmVqdWFuZGFt" + } + +**Step 6**: The Wallet Instance, through the operating system, creates a pair of Cryptographic Hardware Keys and stores the corresponding Cryptographic Hardware Key Tag in local storage once the following requirements are met: + + 1. It MUST ensure that Cryptographic Hardware Keys do not already exist. If they do exist and the Wallet is in the initialization phase, they MUST be deleted. + 2. It MUST generate a pair of asymmetric Elliptic Curve keys (Cryptographic Hardware Keys) via a local WSCD. + 3. It SHOULD obtain a unique identifier (Cryptographic Hardware Key Tag) for the generated Cryptographic Hardware Keys from the operating system. If the operating system permits specifying a tag during the creation of keys, then a random string for the Cryptographic Hardware Key Tag MUST be selected. This random value MUST be collision-resistant and unpredictable to ensure security. To achieve this, consider using a cryptographic hash function or a secure random number generator provided by the operating system or a reputable cryptographic library. + 4. If the previous points are satisfied, it MUST store the Cryptographic Hardware Key Tag in local storage. + +.. note:: + + **WSCD**: The Wallet Instance MAY use a local WSCD for key generation on devices that support this feature. On Android devices, Strongbox is RECOMMENDED; Trusted Execution Environment (TEE) MAY be used only when Strongbox is unavailable. For iOS devices, Secure Elements (SE) MUST be used. Given that each OEM offers a distinct SDK for accessing the local WSCD, the discussion hereafter will address this topic in a general context. + +**Step 7**: The Wallet Instance uses the Device Integrity Service, providing the "challenge" and the Cryptographic Hardware Key Tag to acquire the Key Attestation. + +.. note:: + + **Device Integrity Service**: In this section, the Device Integrity Service is considered as it is provided by device manufacturers. This service allows the verification of a key being securely stored within the device's hardware through a signed object. Additionally, it offers verifiable proof that a specific Wallet Instance is authentic, unaltered, and in its original state using a specialized signed document made for this purpose. + + The service also incorporates details in the signed object, such as the device type, model, app version, operating system version, bootloader status, and other relevant information to assess whether the device has been compromised. For Android, the DIS is represented by *Key Attestation*, a feature supported by *StrongBox Keymaster*, which is a physical HSM installed directly on the motherboard, and the *TEE* (Trusted Execution Environment), a secure area of the main processor. *Key Attestation* aims to provide a way to strongly determine if a key pair is hardware-backed, what the properties of the key are, and what constraints are applied to its usage. Developers can leverage its functionality through the *Play Integrity API*. For Apple devices, the DIS is represented by *DeviceCheck*, which provides a framework and server interface to manage device-specific data securely. *DeviceCheck* is used in combination with the *Secure Enclave*, a dedicated HSM integrated into Apple's SoCs. *DeviceCheck* can be used to attest to the integrity of the device, apps, and/or encryption keys generated on the device, ensuring they were created in a secure environment like *Secure Enclave*. Developers can leverage *DeviceCheck* functionality by using the framework itself. + These services, specifically developed by the manufacturer, are integrated within the Android or iOS SDKs, eliminating the need for a predefined endpoint to access them. Additionally, as they are specifically developed for mobile architecture, they do not need to be registered as Federation Entities through national registration systems. + *Secure Enclave* has been available on Apple devices since the iPhone 5s (2013). + For Android devices, the inclusion of **Strongbox Keymaster** may vary by manufacturer, who decides whether to include it or not. + +**Step 8**: The Device Integrity Service performs the following actions: + +* Creates a Key Attestation that is linked with the provided "challenge" and the public key of the Wallet Hardware. +* Incorporates information pertaining to the device's security. +* Uses an OEM private key to sign the Key Attestation, therefore verifieable with the related OEM certificate, confirming that the Cryptographic Hardware Keys are securely managed by the operating system. + +**Step 9**: The Wallet Instance sends the ``challenge`` with Key Attestation and Cryptographic Hardware Key Tag to the Wallet Provider Backend in order to register the Wallet Instance identified with the Cryptographic Hardware Key public key. + +In order to register the Wallet Instance, the request to the Wallet Provider MUST use the HTTP POST method. The parameters MUST be encoded using the `application/json` format and included in the message body. The following parameters MUST be provided: + +.. _table_http_request_claim: +.. list-table:: Wallet Instance registration http request parameters + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **challenge** + - MUST be set to the challenge obtained from the Wallet Provider throught the ``nonce`` endpoint. + - `OAuth 2.0 Nonce Endpoint`_ + * - **key_attestation** + - It MUST be a ``base64url`` encoded Key Attestation obtained from the **Device Integrity Service**. + - + * - **hardware_key_tag** + - It MUST be set with the unique identifier of the **Cryptographic Hardware Keys** and encoded in ``base64url``. + - + +Below is a non-normative example of the request. + +.. code-block:: http + + POST /wallet-instance HTTP/1.1 + Host: walletprovider.example.com + Content-Type: application/json + + { + "challenge": "0fe3cbe0-646d-44b5-8808-917dd5391bd9", + "key_attestation": "o2NmbXRvYXBwbGUtYXBw... redacted", + "hardware_key_tag": "WQhyDymFKsP95iFqpzdEDWW4l7aVna2Fn4JCeWHYtbU=" + } + +.. note:: + It is not necessary to send the Wallet Hardware public key because it is already included in the ``key_attestation``. + As seen in the previous steps, the Device Integrity Service (DIS) creates a Key Attestation linked to the provided "challenge" and the public key of the Wallet Hardware. This process eliminates the need to send the Wallet Hardware public key directly, as it is already included in the key attestation. The ``hardware_key_tag`` serves as a reference or identifier for the corresponding Cryptographic Hardware key stored by the Wallet Provider. Therefore, the Wallet Provider can associate the received ``hardware_key_tag`` with the appropriate Cryptographic Hardware key in its storage. + +.. warning:: + During the registration phase of the Wallet Instance with the Wallet Provider it is also necessary to associate it with a specific user + uniquely identifiable by the Wallet Provider. This association is at the discretion of the Wallet PRovider and will not be addressed + within these guidelines as each Wallet Provider may or may not have a user identification system already implemented. + + +**Steps 10-12**: The Wallet Provider validates the ``challenge`` and ``key_attestation`` signature, therefore: + + 1. It MUST verify that the ``challenge`` was generated by Wallet Provider and has not already been used. + 2. It MUST validate the ``key_attestation`` as defined by the device manufacturers' guidelines. + 3. It MUST verify that the device in use has no security flaws and reflects the minimum security requirements defined by the Wallet Provider. + 4. If these checks are passed, it MUST register the Wallet Instance, keeping the Cryptographic Hardware Key Tag and all useful information related to the device. + 5. It SHOULD associate the Wallet Instance with a specific User uniquely identified within the Wallet Provider's systems. This will be useful for the lifecycle of the Wallet Instance and for a future revocation. + +Upon successful registration of the Wallet Instance, the Wallet Provider MUST respond with a status code set to 204 (No Content). +Below is a non-normative example of the response. + +.. code-block:: http + + HTTP/1.1 204 No content + +If any errors occur during the Wallet Instance registration, the Wallet Provider MUST return an error response. The response MUST use the content type set to *application/json* and MUST include the following parameters: + + - *error*. The error code. + - *error_description*. Text in human-readable form providing further details to clarify the nature of the error encountered. + +**Steps 13-14**: The Wallet Instance has been initialized and becomes operational. + +.. note:: **Threat Model**: while the registration endpoint does not necessitate any client authentication, it is safeguarded through the use of `key_attestation`. Proper validation of this attestation permits the registration of authentic and unaltered app instances. Any other claims submitted will not undergo validation, leading the endpoint to respond with an error. Additionally, the inclusion of a challenge helps prevent replay attacks. The authenticity of both the challenge and the ``hardware_key_tag`` is ensured by the signature found within the ``key_attestation``. + + +Wallet Attestation Issuance +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This section describes the Wallet Attestation format and how the Wallet Provider issues it. + +.. figure:: ../../images/wallet_instance_acquisition.svg + :name: Sequence Diagram for Wallet Attestation acquisition + :alt: The figure illustrates the sequence diagram for issuing a Wallet Attestation, with the steps explained below. + :target: https://www.plantuml.com/plantuml/uml/VLJ1Jjj04BtlLupWK8ZIIwNsWDGAH2bGgWe1BHSaQsmFzZJEhhixTff-VMTD4YV6pS4IoxvvyzxRcPm6GI_Dl3BOYBFDF2LlIiu9dfsJrFqnRse5SCOrMZ46Ct4U3du4yWU00PgW-2q473nYLP70jLLccr67mhg6NTHdQZaZHGaLdcK9z-HRNiDH0Xo6shCj2azaHplSUjUgK0yfPZEoULUQPZDZJ5JrzfDsFO4x-jrG442mj01NaqTXPq5Ab2VhzPOzQKkOJ5QyPo9QqA4casYOMnIA7en-Azhpah8PyBEMdVjbBQxmM9USmHNwV86Uu8QMOJ81LkuMkSAq8hD5S4asIecjBL1TqboF5Sne2JMoLzwlZpVQttZhXC2rvAE4gHg4ms_NbrSFbtSN5z_DYv1X9DerHWRkMOqIVA5yxHjj3YuLP0ii0UOacAEWqG2xJcObKlj4aQ92iZAosuAsuuX1wzS1UpVWB87mdE9W34eZUcL-zoAd7LOp5bCigPYi955jKc8eDLmCS7zrzkxzXwCDtnJg9gquItujPiVZJ7jUJ3bltUsJFdov-cyIkB0eZIUz-mZnT3HKCeL5bt-oAT9dJ0IBZG2KS0B5Ii5cwCz282_iNZCUcrZInyNhaWJNDIfdrDxhATxim8Ab_1_P5COzJtSVQ_faz-K73rYyrFIle48Z7-LT_txMDoFUpzizsNoFWTtfwnSZ7iSN8sxeu0SfxWPR5iQA_rBUBKIhV-Uc2MmBs6DEiEZWuqdrAzJlnSz8Z39OXH70-BECGyVRZoDZmjrCzzVga5ukNoSzMDDnn61VjyzQPaurXsPU_GC0 + +**Step 1**: The User initiates a new operation that necessitates the acquisition of a Wallet Attestation. + +**Steps 2-3**: The Wallet Instance checks if a Cryptographic Hardware Key exists and generates an ephemeral asymmetric key pair. The Wallet Instance also: + + 1. MUST ensure that Cryptographic Hardware Keys exist. If they do not exist, it is necessary to reinitialize the Wallet. + 2. MUST generates an ephemeral asymmetric key pair whose public key will be linked with the Wallet Attestation. + 3. MUST check if Wallet Provider is part of the federation and obtain its metadata. + + +**Steps 4-6**: The Wallet Instance solicits a one-time "challenge" from the Wallet Provider Backend. This "challenge" takes the form of a "nonce," which is required to be unpredictable and serves as the main defense against replay attacks. The backend MUST produce the "nonce" in a manner that ensures its single-use within a predetermined time frame. + +.. code-block:: http + + GET /nonce HTTP/1.1 + Host: walletprovider.example.com + +.. code-block:: http + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "nonce": "d2JhY2NhbG91cmVqdWFuZGFt" + } + +**Step 7**: The Wallet Instance performs the following actions: + + * Creates a ``client_data``, a JSON structure that includes the challenge and the thumbprint of ephemeral public ``jwk``. + * Computes a ``client_data_hash`` by applying the ``SHA256`` algorithm to the ``client_data``. + +Below a non-normative example of the ``client_data``. + +.. code-block:: json + + { + "challenge": "0fe3cbe0-646d-44b5-8808-917dd5391bd9", + "jwk_thumbprint": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c" + } + +**Steps 8-10**: The Wallet Instance takes the following steps: + + * It produces an hardware_signature by signing the ``client_data_hash`` with the Wallet Hardware's private key, serving as a proof of possession for the Cryptographic Hardware Keys. + * It requests the Device Integrity Service to create an ``integrity_assertion`` linked to the ``client_data_hash``. + * It receives a signed ``integrity_assertion`` from the Device Integrity Service, authenticated by the OEM. + +.. note:: ``integrity_assertion`` is a custom payload generated by Device Integrity Service, signed by device OEM and encoded in base64 to have uniformity between different devices. + +**Steps 11-12**: The Wallet Instance: + + * Constructs the Wallet Attestation Request in the form of a JWT. This JWT includes the ``integrity_assertion``, ``hardware_signature``, ``challenge``, ``hardware_key_tag``, and ``cnf``, and is signed using the private key of the initially generated ephemeral key pair. + * Submits the Wallet Attestation Request to the token endpoint of the Wallet Provider Backend. + +Below an non-normative example of the Wallet Attestation Request JWT without encoding and signature applied: + +.. code-block:: + + { + "alg": "ES256", + "kid": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c", + "typ": "war+jwt" + } + . + { + "iss": "https://wallet-provider.example.org/instance/vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c", + "sub": "https://wallet-provider.example.org/", + "challenge": "6ec69324-60a8-4e5b-a697-a766d85790ea", + "hardware_signature": "KoZIhvcNAQcCoIAwgAIB...redacted", + "integrity_assertion": "o2NmbXRvYXBwbGUtYXBwYX...redacted", + "hardware_key_tag": "WQhyDymFKsP95iFqpzdEDWW4l7aVna2Fn4JCeWHYtbU=", + "cnf": { + "jwk": { + "crv": "P-256", + "kty": "EC", + "x": "4HNptI-xr2pjyRJKGMnz4WmdnQD_uJSq4R95Nj98b44", + "y": "LIZnSB39vFJhYgS3k7jXE4r3-CoGFQwZtPBIRqpNlrg" + } + }, + "vp_formats_supported": { + "jwt_vc_json": { + "alg_values_supported": ["ES256K", "ES384"] + }, + "jwt_vp_json": { + "alg_values_supported": ["ES256K", "EdDSA"] + }, + }, + }, + "iat": 1686645115, + "exp": 1686652315 + } + +The Wallet Instance MUST do an HTTP request to the Wallet Provider's `token endpoint`_, +using the method `POST `__. + +The **token** endpoint (as defined in `RFC 7523 section 4`_) requires the following parameters +encoded in ``application/x-www-form-urlencoded`` format: + +* ``grant_type`` set to ``urn:ietf:params:oauth:grant-type:jwt-bearer``; +* ``assertion`` containing the signed JWT of the Wallet Attestation Request. + +.. code-block:: http + + POST /token HTTP/1.1 + Host: wallet-provider.example.org + Content-Type: application/x-www-form-urlencoded + + grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer + &assertion=eyJhbGciOiJFUzI1NiIsImtpZCI6ImtoakZWTE9nRjNHeG... + +**Steps 13-17**: The Wallet Provider Backend assesses the Wallet Attestation Request and issues a Wallet Attestation, if the requirements described below are satisfied: + + 1. It MUST check the Wallet Attestation Request contains all the defined HTTP Request header parameters according to :ref:`Table of the Wallet Attestation Request Header `. + 2. It MUST verify that the signature of the received Wallet Attestation Request is valid and associated with public ``jwk``. + 3. It MUST verify that the ``challenge`` was generated by Wallet Provider and has not already been used. + 4. It MUST check that there is a Wallet Instance registered with that ``hardware_key_tag`` and that it is still valid. + 5. It MUST reconstruct the ``client_data`` via the ``challenge`` and the ``jwk`` public key, to validate ``hardware_signature`` via the Cryptographic Hardware Key public key registered and associated with the Wallet Instance. + 6. It MUST validate the ``integrity_assertion`` as defined by the device manufacturers' guidelines. The list of checks that the Wallet Provider MUST perform are defined by the operating system manufacturers documentation. + 7. It MUST verify that the device in use has no security flaws and reflects the minimum security requirements defined by the Wallet Provider. + 8. It MUST check that the URL in ``iss`` parameter is equal to the URL identifier of Wallet Provider. + +If all checks are passed, Wallet Provider issues a Wallet Attestation with an expiration limited to 24 hours. + +Below an non-normative example of the Wallet Attestation without encoding and signature applied: + +.. code-block:: + + { + "alg": "ES256", + "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY", + "trust_chain": [ + "eyJhbGciOiJFUz...6S0A", + "eyJhbGciOiJFUz...jJLA", + "eyJhbGciOiJFUz...H9gw", + ], + "typ": "wallet-attestation+jwt", + } + . + { + "iss": "https://wallet-provider.example.org", + "sub": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c", + "aal": "https://trust-list.eu/aal/high", + "cnf": + { + "jwk": + { + "crv": "P-256", + "kty": "EC", + "x": "4HNptI-xr2pjyRJKGMnz4WmdnQD_uJSq4R95Nj98b44", + "y": "LIZnSB39vFJhYgS3k7jXE4r3-CoGFQwZtPBIRqpNlrg" + } + }, + "authorization_endpoint": "eudiw:", + "response_types_supported": [ + "vp_token" + ], + "response_modes_supported": [ + "form_post.jwt" + ], + "vp_formats_supported": { + "vc+sd-jwt": { + "sd-jwt_alg_values": [ + "ES256", + "ES384" + ] + } + }, + "request_object_signing_alg_values_supported": [ + "ES256" + ], + "presentation_definition_uri_supported": false, + "iat": 1687281195, + "exp": 1687288395 + } + +**Step 18**: The response is returned by the Wallet Provider. If successful, the HTTP response code MUST be set with the value ``200 OK`` and contain the Wallet Attestation signed by the Wallet Provider. The Wallet Instance therefore performs security, integrity and trust verification about the Wallet Attestation and its issuer. + + +Below is a non-normative example of the response. + +.. code-block:: http + + HTTP/1.1 200 OK + Content-Type: application/jwt + + eyJhbGciOiJFUzI1NiIsInR5cCI6IndhbGx ... + + +.. _table_wallet_attestation_request_claim: + +Wallet Attestation Request +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The JOSE header of the Wallet Attestation Request JWT MUST contain: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **JOSE header** + - **Description** + - **Reference** + * - **alg** + - A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms listed in the Section `Cryptographic Algorithms `_ and MUST NOT be set to ``none`` or any symmetric algorithm (MAC) identifier. + - :rfc:`7516#section-4.1.1`. + * - **kid** + - Unique identifier of the ``jwk`` used by the Wallet Provider to sign the Wallet Attestation, essential for matching the Wallet Provider's cryptographic public key needed for signature verification. + - :rfc:`7638#section_3`. + * - **typ** + - It MUST be set to ``var+jwt`` + - + +The body of the Wallet Attestation Request JWT MUST contain: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **iss** + - Identifier of the Wallet Provider concatenated with thumbprint of the JWK in the ``cnf`` parameter. + - :rfc:`9126` and :rfc:`7519`. + * - **aud** + - It MUST be set to the identifier of the Wallet Provider. + - :rfc:`9126` and :rfc:`7519`. + * - **exp** + - UNIX Timestamp with the expiry time of the JWT. + - :rfc:`9126` and :rfc:`7519`. + * - **iat** + - REQUIRED. UNIX Timestamp with the time of JWT issuance. + - :rfc:`9126` and :rfc:`7519`. + * - **challenge** + - Challenge data obtained from ``nonce`` endpoint + - + * - **hardware_signature** + - The signature of ``client_data`` obtained using Cryptographic Hardware Key base64 encoded. + - + * - **integrity_assertion** + - The integrity assertion obtained from the **Device Integrity Service** with the holder binding of ``client_data``. + - + * - **hardware_key_tag** + - Unique identifier of the **Cryptographic Hardware Keys** + - + * - **cnf** + - JSON object, containing the public part of an asymmetric key pair owned by the Wallet Instance. + - :rfc:`7800` + * - **vp_formats_supported** + - JSON object with name/value pairs, identifying a Credential format supported by the Wallet. + - + +.. _table_wallet_attestation_claim: + +Wallet Attestation +~~~~~~~~~~~~~~~~~~ + +The JOSE header of the Wallet Attestation JWT MUST contain: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **JOSE header** + - **Description** + - **Reference** + * - **alg** + - A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms listed in the Section `Cryptographic Algorithms `_ and MUST NOT be set to ``none`` or any symmetric algorithm (MAC) identifier. + - :rfc:`7516#section-4.1.1`. + * - **kid** + - Unique identifier of the ``jwk`` inside the ``cnf`` claim of Wallet Instance as base64url-encoded JWK Thumbprint value. + - :rfc:`7638#section_3`. + * - **typ** + - It MUST be set to ``wallet-attestation+jwt`` + - `OPENID4VC-HAIP`_ + * - **trust_chain** + - Sequence of Entity Statements that composes the Trust Chain related to the Relying Party. + - `OID-FED`_ Section *3.2.1. Trust Chain Header Parameter*. + +The body of the Wallet Attestation JWT MUST contain: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **iss** + - Identifier of the Wallet Provider + - :rfc:`9126` and :rfc:`7519`. + * - **sub** + - Identifier of the Wallet Instance which is the thumbprint of the Wallet Instance JWK contained in the ``cnf`` claim. + - :rfc:`9126` and :rfc:`7519`. + * - **exp** + - UNIX Timestamp with the expiry time of the JWT. + - :rfc:`9126` and :rfc:`7519`. + * - **iat** + - UNIX Timestamp with the time of JWT issuance. + - :rfc:`9126` and :rfc:`7519`. + * - **cnf** + - JSON object, containing the public part of an asymmetric key pair owned by the Wallet Instance. + - :rfc:`7800` + * - **aal** + - JSON String asserting the authentication level of the Wallet and the key as asserted in the cnf claim. + - + * - **authorization_endpoint** + - URL of the Wallet Authorization Endpoint (Universal Link). + - + * - **response_types_supported** + - JSON array containing a list of the OAuth 2.0 ``response_type`` values. + - + * - **response_modes_supported** + - JSON array containing a list of the OAuth 2.0 "response_mode" values that this authorization server supports. + - :rfc:`8414` + * - **vp_formats_supported** + - JSON object with name/value pairs, identifying a Credential format supported by the Wallet. + - + * - **request_object_signing_alg_values_supported** + - JSON array containing a list of the JWS signing algorithms (alg values) supported. + - + * - **presentation_definition_uri_supported** + - Boolean value specifying whether the Wallet Instance supports the transfer of presentation_definition by reference. MUST be set to false. + - + + +Wallet Instance Lifecycle +----------------------------- + +The ability of the Wallet Instance to obtain a Wallet Attestation is bound to its current state. +The Wallet Instance assesses its current state based on the Credentials stored locally and the Wallet Attestation issued by the Wallet Provider. + +The lifecycle of a Wallet Instance encompasses all the potential states it can configure, along with the transitions from one state to another. This lifecycle is depicted in the diagram below: + +.. figure:: ../../images/wallet_instance_lifecycle.svg + :name: Wallet Instance Lifecycle + :alt: Illustration representing the Wallet Instance lifecycle, with the states explained below. + :target: https://www.plantuml.com/plantuml/uml/SoWkIImgAStDuOhMYbNGrRLJyCm32kNafAPOAMH2c5mAG00N1YloBqWjIYp9pCzBpB5IA4ijoaoh1Ab25WUh2qlCoKm1gW1HYIMf83KGCKnJClDmg799JKmkoIm3IW1DAaejoyzEHRSBfpfCbmEzQQLGceVaDOH6x4emxS9KWd0mfgH3QbuAC801 + + +A Wallet Instance SHOULD obtain a Wallet Attestation if it's in either `Installed`, `Operational` or `Valid` state; that implies that a `Deactivated` Wallet Instance cannot obtain a Wallet Attestation hence it cannot interact with other entities of the ecosystem, such as PID/(Q)EAA Providers and Relying Parties. + +States +~~~~~~~~~~~~~~~~~~ +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **State** + - **Description** + * - `Installed` + - The User has installed the Wallet Solution on the device. + * - `Operational` + - The Wallet Instance has been verified and the Wallet Hardware Key has been registered; no valid PID is present in the storage. + * - `Valid` + - A valid PID is present in the storage. + * - `Deactivated` + - The Wallet Instance has been revoked and its Wallet Hardware Key has been marked as not usable. + +Transitions +~~~~~~~~~~~~~~~~~~ +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Transition** + - **Description** + * - `install` + - The User performs a fresh installation or restores the initial state of the Wallet Instance on the device. + * - `verify` + - The Wallet Instance has been verified by the Wallet Provider and its Wallet Hardware Key has been registered. + * - `validate` + - The Wallet Instance obtains a valid PID. + * - `invalidate` + - The PID expires or gets revoked. + * - `revoke` + - The Wallet Provider marks the Wallet Instance as not usable. + * - `uninstall` + - The User removes the Wallet Instance from the device. + +Revocations +~~~~~~~~~~~~~~~~~~ +As mentioned in the *Wallet Instance initialization and registration* section above, a Wallet Instance is bound to a Wallet Hardware Key and it's uniquely identified by it. +The Wallet Instance SHOULD send its public Wallet Hardware Key with the Wallet Provider, thus the Wallet Provider MUST identify a Wallet Instance by its Wallet Hardware Key. + +When a Wallet Instance is not usable anymore, the Wallet Provider MUST revoke it. The revocation process is a unilateral action taken by the Wallet Provider, and it MUST be performed when the Wallet Instance is in the `Operational` or `Valid` state. +A Wallet Instance becomes unusable for several reasons, such as: the User requests the revocation, the Wallet Provider detects a security issue, or the Wallet Instance is no longer compliant with the Wallet Provider's security requirements. + +The details of the revocation mechanism used by the Wallet Provider as well as the data model for maintaining the Wallet Instance references is delegated to the Wallet Provider's implementation. + +According to ARF, `Section 6.5.4 `_ and more specifically in `Topic 38 `_ the Wallet Instance can be revoked by the following entities: + + 1. Its owner, the User + 2. Wallet Provider + 3. PID Provider + +During the *Wallet Instance initialization and registration* phase the Wallet Provider MAY associate the Wallet Instance with a specific User, subject to obtaining the User's consent. The Wallet Provider MUST evaluate the operating system and general technical capabilities of the device to check compliance with the technical and security requirements and to produce the Wallet Instance metadata. +When the User consents to being linked with the Wallet Instance, they gain the ability to directly request Wallet revocation from the Wallet Provider, and it also allows the Wallet Provider to revoke the Wallet Instance associated with that User. + +Regarding the reasons for revoking a Wallet Instance, the following scenarios may occur: + +- The smartphone is lost; +- The smartphone has been compromised (e.g., a malicious actor gains control of the smartphone); +- The smartphone has been reset to factory settings; +- Any other scenarios where the User loses the control of the Wallet Instance. + +If any of the previous scenarios occur, the Wallet Instance **MUST** be revoked. +To allow the User to revoke the Wallet Instance, the Wallet Provider (WP) **MUST** offer a remote service, such as a web page, where the User can authenticate and request the revocation of a previously activated Wallet Instance. + +.. _token endpoint: wallet-solution.html#wallet-attestation +.. _Wallet Attestation Request: wallet-attestation.html#format-of-the-wallet-attestation-request +.. _Wallet Attestation: wallet-attestation.html#format-of-the-wallet-attestation +.. _RFC 7523 section 4: https://www.rfc-editor.org/rfc/rfc7523.html#section-4 +.. _RFC 8414 section 2: https://www.rfc-editor.org/rfc/rfc8414.html#section-2 +.. _Wallet Provider metadata: wallet-solution.html#wallet-provider-metadata +.. _Play Integrity API: https://developer.android.com/google/play/integrity?hl=it +.. _DeviceCheck: https://developer.apple.com/documentation/devicecheck +.. _OAuth 2.0 Nonce Endpoint: https://datatracker.ietf.org/doc/draft-demarco-oauth-nonce-endpoint/ +.. _ARF: https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework diff --git a/ia-terms-updates/en/_sources/wallet-solution.rst.txt b/ia-terms-updates/en/_sources/wallet-solution.rst.txt new file mode 100644 index 000000000..37afa165e --- /dev/null +++ b/ia-terms-updates/en/_sources/wallet-solution.rst.txt @@ -0,0 +1,262 @@ +.. include:: ../common/common_definitions.rst + +.. _wallet-solution.rst: + +Wallet Solution +------------------- + +The Wallet Solution is a comprehensive product offered by the Wallet Provider to cater to the needs of Users in managing their digital assets securely. It is issued by the Wallet Provider in the form of a mobile app and consists of services and web interfaces for the exchange of data between the Wallet Provider and its Wallet Instances to meet the requirements of the trust model and ensure full respect for the User's privacy, in accordance with national and EU legislation. + +The mobile app serves as the primary interface for Users, allowing them to access and interact with their digital Credentials conveniently. These Credentials are a set of data that can uniquely identify a natural or legal person, along with other Qualified and non-qualified Electronic Attestations of Attributes, also known as QEAAs and EAAs respectively, or (Q)EAAs for short[1]. Once a User installs the mobile app on their device, such an installation is referred to as a Wallet Instance for the User. + +By supporting the mobile app, the Wallet Provider plays a vital role in ensuring the security and reliability of the entire Wallet Solution, as it is responsible for issuing the Wallet Attestation, which is a cryptographic proof that allows the evaluation of the authenticity and integrity of the Wallet Instance. + +The Wallet Provider MUST offer a RESTful set of services for issuing the Wallet Attestations. + +Requirements +^^^^^^^^^^^^ + +This section lists the essential requirements that must be met by the Wallet Solution to ensure its functionality, security, and compliance with relevant standards and regulations. + + - **Trustworthiness within the Wallet ecosystem**: the Wallet Instance MUST establish trust and reliability within the Wallet ecosystem. + - **Compliance with Provider specifications for obtaining PID and (Q)EAA**: the Wallet Instance MUST adhere to the specifications set by Providers for obtaining Personal Identification (PID) and (Q)EAAs. + - **Support for Android and iOS operating systems**: the Wallet Instance MUST be compatible and functional on both Android and iOS operating systems and available on the Play Store and App Store, respectively. + - **Verification of device ownership by the User**: the Wallet Instance MUST provide a mechanism to verify the User's actual possession and full control of their personal device. + +Wallet Instance +^^^^^^^^^^^^^^^ +The Wallet Instance serves as a unique and secure device for authenticating the User within the Wallet ecosystem. It establishes a strong and reliable mechanism for the User to engage in various digital transactions in a secure and privacy-preserving manner. + +The Wallet Instance establishes trust within the Wallet ecosystem by consistently presenting a Wallet Attestation during interactions with other ecosystem actors such as PID Providers, (Q)EAA Providers, and Relying Parties. These verifiable attestations, provided by the Wallet Provider, serve to authenticate the Wallet Instance itself, ensuring its reliability when engaging with other ecosystem actors. + +To guarantee the utmost security, these cryptographic keys MUST be securely stored within the WSCD, which MAY be internal (device's Trusted Execution Environment (TEE)[3]), external, or hybrid. This ensures that only the User can access them, thus preventing unauthorized usage or tampering. For more detailed information, please refer to the `Wallet Attestation section`_ and the `Trust Model section`_ of this document. + +Wallet Instance Lifecycle +^^^^^^^^^^^^^^^^^^^^^^^^^ +The Wallet Instance has three distinct states: Operational, Valid, and Deactivated. Each state represents a specific functional status and determines the actions that can be performed[2]. + +Initialization Process +~~~~~~~~~~~~~~~~~~~~~~ +To activate the Wallet Instance, Users MUST install the mobile Wallet application on their device and open it. Furthermore, Users will be asked to set their preferred method of unlocking their device; this can be accomplished by entering a personal identification number (PIN) or by utilizing biometric authentication, such as fingerprint or facial recognition, according to their personal preferences and device's capabilities. + +After completing these steps, the Wallet Instance enters the Operational state. + +Transition to Valid state +~~~~~~~~~~~~~~~~~~~~~~~~~ +To transition from the Operational state to the Valid state, the Wallet Instance MUST obtain a valid Personal Identification (PID). Once a valid PID is acquired, the Wallet Instance becomes Valid. + +The Wallet Instance MUST demonstrate to the Credential Issuer adequate security compliance to maintain the Credential at the same LoA at which it was issued. + +Once the Wallet Instance is in the Valid state, Users can: + + - Obtain, view, and manage (Q)EAAs from trusted (Q)EAA Providers[1]; + - Authenticate to Relying Parties[1]; + - Authorize the presentation of their digital Credentials to Relying Parties. + +Please refer to the relevant sections for further information about PID and (Q)EAAs issuance and presentation. + +Return to Operational state +~~~~~~~~~~~~~~~~~~~~~~~~~~~ +A Valid Wallet Instance may revert to the Operational state under specific circumstances. These circumstances include the expiration or revocation of the associated PID by its PID Provider. + +Deactivation +~~~~~~~~~~~~ +Users have the ability to deactivate the Wallet Instance voluntarily. This action removes the operational capabilities of the Wallet Instance and sets it to the Deactivated state. Deactivation provides Users with control over access and usage according to their preferences. + +Wallet Provider Endpoints +^^^^^^^^^^^^^^^^^^^^^^^^^ + +The Wallet Provider that issues the Wallet Attestations MUST make its APIs available in the form of RESTful services, as listed below. + +Wallet Provider Metadata +~~~~~~~~~~~~~~~~~~~~~~~~ +An HTTP GET request to the **/.well-known/openid-federation** endpoint allows the retrieval of the Wallet Provider Entity Configuration. + +The Wallet Provider Entity Configuration is a JWS containing the public keys and supported algorithms of the Wallet Provider metadata definition. It is structured in accordance with the `OpenID Connect Federation `_ and the Trust Model section outlined in this specification. + +The returning Entity Configuration of the Wallet Provider MUST contain the attributes listed below: + +Header +^^^^^^ +.. list-table:: + :widths: 20 80 + :header-rows: 1 + + * - **Key** + - **Value** + * - alg + - Algorithm used to verify the token signature. It MUST be one of the possible values indicated in this `table `_ (e.g., ES256). + * - kid + - Thumbprint of the public key used for signing, according to :rfc:`7638`. + * - typ + - Media type, set to ``entity-statement+jwt``. + +Payload +^^^^^^^ +.. list-table:: + :widths: 20 80 + :header-rows: 1 + + * - **Key** + - **Value** + * - iss + - Public URL of the Wallet Provider. + * - sub + - Public URL of the Wallet Provider. + * - iat + - Issuance datetime in Unix Timestamp format. + * - exp + - Expiration datetime in Unix Timestamp format. + * - authority_hints + - Array of URLs (String) containing the list of URLs of the immediate superior Entities, such as the Trust Anchor or an Intermediate, that MAY issue an Entity Statement related to this subject. + * - jwks + - A JSON Web Key Set (JWKS) `RFC 7517 `_ that represents the public part of the signing keys of the Entity at issue. Each JWK in the JWK set MUST have a key ID (claim kid). + * - metadata + - Contains the ``wallet_provider`` and ``federation_entity`` metadata. + +wallet_provider metadata +~~~~~~~~~~~~~~~~~~~~~~~~~~ + ++---------------------------------------------+---------------------------------------------------------------------+ +| **Key** | **Value** | ++---------------------------------------------+---------------------------------------------------------------------+ +| jwks | A JSON Web Key Set (JWKS) | +| | that represents the Wallet | +| | Provider's public keys. | ++---------------------------------------------+---------------------------------------------------------------------+ +| token_endpoint | Endpoint for obtaining the Wallet | +| | Instance Attestation. | ++---------------------------------------------+---------------------------------------------------------------------+ +| nonce_endpoint | HTTPs URL indicating the endpoint | +| | where the client can request the nonce. | ++---------------------------------------------+---------------------------------------------------------------------+ +| aal_values_supported | List of supported values for the | +| | certifiable security context. These | +| | values specify the security level | +| | of the app, according to the levels: low, medium, or high. | +| | Authenticator Assurance Level values supported. | ++---------------------------------------------+---------------------------------------------------------------------+ +| grant_types_supported | The types of grants supported by | +| | the token endpoint. It MUST be set to | +| | ``urn:ietf:params:oauth:client-assertion-type: | +| | jwt-client-attestation``. | ++---------------------------------------------+---------------------------------------------------------------------+ +| token_endpoint_auth_methods_suppor | Supported authentication methods for | +| ted | the token endpoint. | ++---------------------------------------------+---------------------------------------------------------------------+ +| token_endpoint_auth_signing_alg_va | Supported signature | +| lues_supported | algorithms for the token endpoint. | ++---------------------------------------------+---------------------------------------------------------------------+ + + +.. note:: + The `aal_values_supported` parameter is experimental and under review. + +Payload `federation_entity` +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ++-------------------+----------------------------------------------+ +| **Key** | **Value** | ++-------------------+----------------------------------------------+ +| organization_name | Organization name. | ++-------------------+----------------------------------------------+ +| homepage_uri | Organization's website URL. | ++-------------------+----------------------------------------------+ +| tos_uri | URL to the terms of service. | ++-------------------+----------------------------------------------+ +| policy_uri | URL to the privacy policy. | ++-------------------+----------------------------------------------+ +| logo_uri | URL of the organization's logo in SVG format.| ++-------------------+----------------------------------------------+ + +Below a non-normative example of the Entity Configuration. + +.. code-block:: javascript + + { + "alg": "ES256", + "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY", + "typ": "entity-statement+jwt" + } + . + { + "iss": "https://wallet-provider.example.org", + "sub": "https://wallet-provider.example.org", + "jwks": { + "keys": [ + { + "crv": "P-256", + "kty": "EC", + "x": "qrJrj3Af_B57sbOIRrcBM7br7wOc8ynj7lHFPTeffUk", + "y": "1H0cWDyGgvU8w-kPKU_xycOCUNT2o0bwslIQtnPU6iM", + "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY" + } + ] + }, + "metadata": { + "wallet_provider": { + "jwks": { + "keys": [ + { + "crv": "P-256", + "kty": "EC", + "x": "qrJrj3Af_B57sbOIRrcBM7br7wOc8ynj7lHFPTeffUk", + "y": "1H0cWDyGgvU8w-kPKU_xycOCUNT2o0bwslIQtnPU6iM", + "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY" + } + ] + }, + "token_endpoint": "https://wallet-provider.example.org/token", + "nonce_endpoint": "https://wallet-provider.example.org/nonce", + "aal_values_supported": [ + "https://wallet-provider.example.org/LoA/basic", + "https://wallet-provider.example.org/LoA/medium", + "https://wallet-provider.example.org/LoA/high" + ], + "grant_types_supported": [ + "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation" + ], + "token_endpoint_auth_methods_supported": [ + "private_key_jwt" + ], + "token_endpoint_auth_signing_alg_values_supported": [ + "ES256", + "ES384", + "ES512" + ] + }, + "federation_entity": { + "organization_name": "IT-Wallet Provider", + "homepage_uri": "https://wallet-provider.example.org", + "policy_uri": "https://wallet-provider.example.org/privacy_policy", + "tos_uri": "https://wallet-provider.example.org/info_policy", + "logo_uri": "https://wallet-provider.example.org/logo.svg" + } + }, + "authority_hints": [ + "https://registry.eudi-wallet.example.it" + ] + "iat": 1687171759, + "exp": 1709290159 + } + + +Wallet Attestation +~~~~~~~~~~~~~~~~~~ + +Please refer to the `Wallet Attestation section`_. + + +External references +^^^^^^^^^^^^^^^^^^^^ +.. [1] Definitions are inherited from the EUDI Wallet Architecture and Reference Framework, version 1.1.0 at the time of writing. Please refer to `this page `_ for extended definitions and details. + +.. [2] Wallet Instance states adhere to the EUDI Wallet Architecture and Reference Framework, as defined `here `_. + +.. [3] Depending on the device operating system, TEE is defined by `Trusty`_ or `Secure Enclave`_ for Android and iOS devices, respectively. + +.. _Trust Model section: trust.html +.. _Wallet Attestation section: wallet-attestation.html +.. _Trusty: https://source.android.com/docs/security/features/trusty +.. _Secure Enclave: https://support.apple.com/en-gb/guide/security/sec59b0b31ff/web + diff --git a/ia-terms-updates/en/_static/basic.css b/ia-terms-updates/en/_static/basic.css new file mode 100644 index 000000000..f316efcb4 --- /dev/null +++ b/ia-terms-updates/en/_static/basic.css @@ -0,0 +1,925 @@ +/* + * basic.css + * ~~~~~~~~~ + * + * Sphinx stylesheet -- basic theme. + * + * :copyright: Copyright 2007-2024 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ + +/* -- main layout ----------------------------------------------------------- */ + +div.clearer { + clear: both; +} + +div.section::after { + display: block; + content: ''; + clear: left; +} + +/* -- relbar ---------------------------------------------------------------- */ + +div.related { + width: 100%; + font-size: 90%; +} + +div.related h3 { + display: none; +} + +div.related ul { + margin: 0; + padding: 0 0 0 10px; + list-style: none; +} + +div.related li { + display: inline; +} + +div.related li.right { + float: right; + margin-right: 5px; +} + +/* -- sidebar --------------------------------------------------------------- */ + +div.sphinxsidebarwrapper { + padding: 10px 5px 0 10px; +} + +div.sphinxsidebar { + float: left; + width: 230px; + margin-left: -100%; + font-size: 90%; + word-wrap: break-word; + overflow-wrap : break-word; +} + +div.sphinxsidebar ul { + list-style: none; +} + +div.sphinxsidebar ul ul, +div.sphinxsidebar ul.want-points { + margin-left: 20px; + list-style: square; +} + +div.sphinxsidebar ul ul { + margin-top: 0; + margin-bottom: 0; +} + +div.sphinxsidebar form { + margin-top: 10px; +} + +div.sphinxsidebar input { + border: 1px solid #98dbcc; + font-family: sans-serif; + font-size: 1em; +} + +div.sphinxsidebar #searchbox form.search { + overflow: hidden; +} + +div.sphinxsidebar #searchbox input[type="text"] { + float: left; + width: 80%; + padding: 0.25em; + box-sizing: border-box; +} + +div.sphinxsidebar #searchbox input[type="submit"] { + float: left; + width: 20%; + border-left: none; + padding: 0.25em; + box-sizing: border-box; +} + + +img { + border: 0; + max-width: 100%; +} + +/* -- search page ----------------------------------------------------------- */ + +ul.search { + margin: 10px 0 0 20px; + padding: 0; +} + +ul.search li { + padding: 5px 0 5px 20px; + background-image: url(file.png); + background-repeat: no-repeat; + background-position: 0 7px; +} + +ul.search li a { + font-weight: bold; +} + +ul.search li p.context { + color: #888; + margin: 2px 0 0 30px; + text-align: left; +} + +ul.keywordmatches li.goodmatch a { + font-weight: bold; +} + +/* -- index page ------------------------------------------------------------ */ + +table.contentstable { + width: 90%; + margin-left: auto; + margin-right: auto; +} + +table.contentstable p.biglink { + line-height: 150%; +} + +a.biglink { + font-size: 1.3em; +} + +span.linkdescr { + font-style: italic; + padding-top: 5px; + font-size: 90%; +} + +/* -- general index --------------------------------------------------------- */ + +table.indextable { + width: 100%; +} + +table.indextable td { + text-align: left; + vertical-align: top; +} + +table.indextable ul { + margin-top: 0; + margin-bottom: 0; + list-style-type: none; +} + +table.indextable > tbody > tr > td > ul { + padding-left: 0em; +} + +table.indextable tr.pcap { + height: 10px; +} + +table.indextable tr.cap { + margin-top: 10px; + background-color: #f2f2f2; +} + +img.toggler { + margin-right: 3px; + margin-top: 3px; + cursor: pointer; +} + +div.modindex-jumpbox { + border-top: 1px solid #ddd; + border-bottom: 1px solid #ddd; + margin: 1em 0 1em 0; + padding: 0.4em; +} + +div.genindex-jumpbox { + border-top: 1px solid #ddd; + border-bottom: 1px solid #ddd; + margin: 1em 0 1em 0; + padding: 0.4em; +} + +/* -- domain module index --------------------------------------------------- */ + +table.modindextable td { + padding: 2px; + border-collapse: collapse; +} + +/* -- general body styles --------------------------------------------------- */ + +div.body { + min-width: 360px; + max-width: 800px; +} + +div.body p, div.body dd, div.body li, div.body blockquote { + -moz-hyphens: auto; + -ms-hyphens: auto; + -webkit-hyphens: auto; + hyphens: auto; +} + +a.headerlink { + visibility: hidden; +} + +a:visited { + color: #551A8B; +} + +h1:hover > a.headerlink, +h2:hover > a.headerlink, +h3:hover > a.headerlink, +h4:hover > a.headerlink, +h5:hover > a.headerlink, +h6:hover > a.headerlink, +dt:hover > a.headerlink, +caption:hover > a.headerlink, +p.caption:hover > a.headerlink, +div.code-block-caption:hover > a.headerlink { + visibility: visible; +} + +div.body p.caption { + text-align: inherit; +} + +div.body td { + text-align: left; +} + +.first { + margin-top: 0 !important; +} + +p.rubric { + margin-top: 30px; + font-weight: bold; +} + +img.align-left, figure.align-left, .figure.align-left, object.align-left { + clear: left; + float: left; + margin-right: 1em; +} + +img.align-right, figure.align-right, .figure.align-right, object.align-right { + clear: right; + float: right; + margin-left: 1em; +} + +img.align-center, figure.align-center, .figure.align-center, object.align-center { + display: block; + margin-left: auto; + margin-right: auto; +} + +img.align-default, figure.align-default, .figure.align-default { + display: block; + margin-left: auto; + margin-right: auto; +} + +.align-left { + text-align: left; +} + +.align-center { + text-align: center; +} + +.align-default { + text-align: center; +} + +.align-right { + text-align: right; +} + +/* -- sidebars -------------------------------------------------------------- */ + +div.sidebar, +aside.sidebar { + margin: 0 0 0.5em 1em; + border: 1px solid #ddb; + padding: 7px; + background-color: #ffe; + width: 40%; + float: right; + clear: right; + overflow-x: auto; +} + +p.sidebar-title { + font-weight: bold; +} + +nav.contents, +aside.topic, +div.admonition, div.topic, blockquote { + clear: left; +} + +/* -- topics ---------------------------------------------------------------- */ + +nav.contents, +aside.topic, +div.topic { + border: 1px solid #ccc; + padding: 7px; + margin: 10px 0 10px 0; +} + +p.topic-title { + font-size: 1.1em; + font-weight: bold; + margin-top: 10px; +} + +/* -- admonitions ----------------------------------------------------------- */ + +div.admonition { + margin-top: 10px; + margin-bottom: 10px; + padding: 7px; +} + +div.admonition dt { + font-weight: bold; +} + +p.admonition-title { + margin: 0px 10px 5px 0px; + font-weight: bold; +} + +div.body p.centered { + text-align: center; + margin-top: 25px; +} + +/* -- content of sidebars/topics/admonitions -------------------------------- */ + +div.sidebar > :last-child, +aside.sidebar > :last-child, +nav.contents > :last-child, +aside.topic > :last-child, +div.topic > :last-child, +div.admonition > :last-child { + margin-bottom: 0; +} + +div.sidebar::after, +aside.sidebar::after, +nav.contents::after, +aside.topic::after, +div.topic::after, +div.admonition::after, +blockquote::after { + display: block; + content: ''; + clear: both; +} + +/* -- tables ---------------------------------------------------------------- */ + +table.docutils { + margin-top: 10px; + margin-bottom: 10px; + border: 0; + border-collapse: collapse; +} + +table.align-center { + margin-left: auto; + margin-right: auto; +} + +table.align-default { + margin-left: auto; + margin-right: auto; +} + +table caption span.caption-number { + font-style: italic; +} + +table caption span.caption-text { +} + +table.docutils td, table.docutils th { + padding: 1px 8px 1px 5px; + border-top: 0; + border-left: 0; + border-right: 0; + border-bottom: 1px solid #aaa; +} + +th { + text-align: left; + padding-right: 5px; +} + +table.citation { + border-left: solid 1px gray; + margin-left: 1px; +} + +table.citation td { + border-bottom: none; +} + +th > :first-child, +td > :first-child { + margin-top: 0px; +} + +th > :last-child, +td > :last-child { + margin-bottom: 0px; +} + +/* -- figures --------------------------------------------------------------- */ + +div.figure, figure { + margin: 0.5em; + padding: 0.5em; +} + +div.figure p.caption, figcaption { + padding: 0.3em; +} + +div.figure p.caption span.caption-number, +figcaption span.caption-number { + font-style: italic; +} + +div.figure p.caption span.caption-text, +figcaption span.caption-text { +} + +/* -- field list styles ----------------------------------------------------- */ + +table.field-list td, table.field-list th { + border: 0 !important; +} + +.field-list ul { + margin: 0; + padding-left: 1em; +} + +.field-list p { + margin: 0; +} + +.field-name { + -moz-hyphens: manual; + -ms-hyphens: manual; + -webkit-hyphens: manual; + hyphens: manual; +} + +/* -- hlist styles ---------------------------------------------------------- */ + +table.hlist { + margin: 1em 0; +} + +table.hlist td { + vertical-align: top; +} + +/* -- object description styles --------------------------------------------- */ + +.sig { + font-family: 'Consolas', 'Menlo', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', monospace; +} + +.sig-name, code.descname { + background-color: transparent; + font-weight: bold; +} + +.sig-name { + font-size: 1.1em; +} + +code.descname { + font-size: 1.2em; +} + +.sig-prename, code.descclassname { + background-color: transparent; +} + +.optional { + font-size: 1.3em; +} + +.sig-paren { + font-size: larger; +} + +.sig-param.n { + font-style: italic; +} + +/* C++ specific styling */ + +.sig-inline.c-texpr, +.sig-inline.cpp-texpr { + font-family: unset; +} + +.sig.c .k, .sig.c .kt, +.sig.cpp .k, .sig.cpp .kt { + color: #0033B3; +} + +.sig.c .m, +.sig.cpp .m { + color: #1750EB; +} + +.sig.c .s, .sig.c .sc, +.sig.cpp .s, .sig.cpp .sc { + color: #067D17; +} + + +/* -- other body styles ----------------------------------------------------- */ + +ol.arabic { + list-style: decimal; +} + +ol.loweralpha { + list-style: lower-alpha; +} + +ol.upperalpha { + list-style: upper-alpha; +} + +ol.lowerroman { + list-style: lower-roman; +} + +ol.upperroman { + list-style: upper-roman; +} + +:not(li) > ol > li:first-child > :first-child, +:not(li) > ul > li:first-child > :first-child { + margin-top: 0px; +} + +:not(li) > ol > li:last-child > :last-child, +:not(li) > ul > li:last-child > :last-child { + margin-bottom: 0px; +} + +ol.simple ol p, +ol.simple ul p, +ul.simple ol p, +ul.simple ul p { + margin-top: 0; +} + +ol.simple > li:not(:first-child) > p, +ul.simple > li:not(:first-child) > p { + margin-top: 0; +} + +ol.simple p, +ul.simple p { + margin-bottom: 0; +} + +aside.footnote > span, +div.citation > span { + float: left; +} +aside.footnote > span:last-of-type, +div.citation > span:last-of-type { + padding-right: 0.5em; +} +aside.footnote > p { + margin-left: 2em; +} +div.citation > p { + margin-left: 4em; +} +aside.footnote > p:last-of-type, +div.citation > p:last-of-type { + margin-bottom: 0em; +} +aside.footnote > p:last-of-type:after, +div.citation > p:last-of-type:after { + content: ""; + clear: both; +} + +dl.field-list { + display: grid; + grid-template-columns: fit-content(30%) auto; +} + +dl.field-list > dt { + font-weight: bold; + word-break: break-word; + padding-left: 0.5em; + padding-right: 5px; +} + +dl.field-list > dd { + padding-left: 0.5em; + margin-top: 0em; + margin-left: 0em; + margin-bottom: 0em; +} + +dl { + margin-bottom: 15px; +} + +dd > :first-child { + margin-top: 0px; +} + +dd ul, dd table { + margin-bottom: 10px; +} + +dd { + margin-top: 3px; + margin-bottom: 10px; + margin-left: 30px; +} + +.sig dd { + margin-top: 0px; + margin-bottom: 0px; +} + +.sig dl { + margin-top: 0px; + margin-bottom: 0px; +} + +dl > dd:last-child, +dl > dd:last-child > :last-child { + margin-bottom: 0; +} + +dt:target, span.highlighted { + background-color: #fbe54e; +} + +rect.highlighted { + fill: #fbe54e; +} + +dl.glossary dt { + font-weight: bold; + font-size: 1.1em; +} + +.versionmodified { + font-style: italic; +} + +.system-message { + background-color: #fda; + padding: 5px; + border: 3px solid red; +} + +.footnote:target { + background-color: #ffa; +} + +.line-block { + display: block; + margin-top: 1em; + margin-bottom: 1em; +} + +.line-block .line-block { + margin-top: 0; + margin-bottom: 0; + margin-left: 1.5em; +} + +.guilabel, .menuselection { + font-family: sans-serif; +} + +.accelerator { + text-decoration: underline; +} + +.classifier { + font-style: oblique; +} + +.classifier:before { + font-style: normal; + margin: 0 0.5em; + content: ":"; + display: inline-block; +} + +abbr, acronym { + border-bottom: dotted 1px; + cursor: help; +} + +.translated { + background-color: rgba(207, 255, 207, 0.2) +} + +.untranslated { + background-color: rgba(255, 207, 207, 0.2) +} + +/* -- code displays --------------------------------------------------------- */ + +pre { + overflow: auto; + overflow-y: hidden; /* fixes display issues on Chrome browsers */ +} + +pre, div[class*="highlight-"] { + clear: both; +} + +span.pre { + -moz-hyphens: none; + -ms-hyphens: none; + -webkit-hyphens: none; + hyphens: none; + white-space: nowrap; +} + +div[class*="highlight-"] { + margin: 1em 0; +} + +td.linenos pre { + border: 0; + background-color: transparent; + color: #aaa; +} + +table.highlighttable { + display: block; +} + +table.highlighttable tbody { + display: block; +} + +table.highlighttable tr { + display: flex; +} + +table.highlighttable td { + margin: 0; + padding: 0; +} + +table.highlighttable td.linenos { + padding-right: 0.5em; +} + +table.highlighttable td.code { + flex: 1; + overflow: hidden; +} + +.highlight .hll { + display: block; +} + +div.highlight pre, +table.highlighttable pre { + margin: 0; +} + +div.code-block-caption + div { + margin-top: 0; +} + +div.code-block-caption { + margin-top: 1em; + padding: 2px 5px; + font-size: small; +} + +div.code-block-caption code { + background-color: transparent; +} + +table.highlighttable td.linenos, +span.linenos, +div.highlight span.gp { /* gp: Generic.Prompt */ + user-select: none; + -webkit-user-select: text; /* Safari fallback only */ + -webkit-user-select: none; /* Chrome/Safari */ + -moz-user-select: none; /* Firefox */ + -ms-user-select: none; /* IE10+ */ +} + +div.code-block-caption span.caption-number { + padding: 0.1em 0.3em; + font-style: italic; +} + +div.code-block-caption span.caption-text { +} + +div.literal-block-wrapper { + margin: 1em 0; +} + +code.xref, a code { + background-color: transparent; + font-weight: bold; +} + +h1 code, h2 code, h3 code, h4 code, h5 code, h6 code { + background-color: transparent; +} + +.viewcode-link { + float: right; +} + +.viewcode-back { + float: right; + font-family: sans-serif; +} + +div.viewcode-block:target { + margin: -1px -10px; + padding: 0 10px; +} + +/* -- math display ---------------------------------------------------------- */ + +img.math { + vertical-align: middle; +} + +div.body div.math p { + text-align: center; +} + +span.eqno { + float: right; +} + +span.eqno a.headerlink { + position: absolute; + z-index: 1; +} + +div.math:hover a.headerlink { + visibility: visible; +} + +/* -- printout stylesheet --------------------------------------------------- */ + +@media print { + div.document, + div.documentwrapper, + div.bodywrapper { + margin: 0 !important; + width: 100%; + } + + div.sphinxsidebar, + div.related, + div.footer, + #top-link { + display: none; + } +} \ No newline at end of file diff --git a/ia-terms-updates/en/_static/basic_mod.css b/ia-terms-updates/en/_static/basic_mod.css new file mode 100644 index 000000000..0df77588f --- /dev/null +++ b/ia-terms-updates/en/_static/basic_mod.css @@ -0,0 +1,1194 @@ +@font-face { + font-family: Roboto; + font-style: normal; + font-weight: 400; + src: local("Roboto"), local("Roboto-Regular"), url(fonts/roboto/roboto.woff2) format("woff2"); +} +@font-face { + font-family: Roboto; + font-style: italic; + font-weight: 400; + src: local("Roboto Italic"), local("Roboto-Italic"), url(fonts/roboto/roboto-italic.woff2) format("woff2"); +} +@font-face { + font-family: Roboto; + font-style: normal; + font-weight: 700; + src: local("Roboto Bold"), local("Roboto-Bold"), url(fonts/roboto/roboto-bold.woff2) format("woff2"); +} +@font-face { + font-family: Roboto Mono; + font-style: normal; + font-weight: 400; + src: local("Roboto Mono Regular"), local("RobotoMono-Regular"), url(fonts/roboto-mono/roboto-mono.woff2) format("woff2"); +} +@font-face { + font-family: Roboto Mono; + font-style: italic; + font-weight: 400; + src: local("Roboto Mono Italic"), local("RobotoMono-Italic"), url(fonts/roboto-mono/roboto-mono-italic.woff2) format("woff2"); +} +@font-face { + font-family: Roboto Mono; + font-style: normal; + font-weight: 700; + src: local("Roboto Mono Bold"), local("RobotoMono-Bold"), url(fonts/roboto-mono/roboto-mono-bold.woff2) format("woff2"); +} +@font-face { + font-family: Roboto Mono; + font-style: italic; + font-weight: 700; + src: local("Roboto Mono Bold Italic"), local("RobotoMono-BoldItalic"), url(fonts/roboto-mono/roboto-mono-bold-italic.woff2) format("woff2"); +} +/*****************************************************************************/ +/* Typography */ +:root { + --codeBackgroundColor: #f8f8f8; + --inlineCodeBackgroundColor: #f8f8f8; + --codeBlue: #0000ff; + --codeGreen: #008000; + --dividerColor: rgba(0, 0, 0, 0.08); + --faintFontColor: rgba(0, 0, 0, 0.6); + --fontColor: #252630; + --linkColor: #2980b9; + --mainBackgroundColor: white; + --mainNavColor: #3889ce; + --notificationBannerColor: #176bb0; + --searchHighlightColor: #fff150; + --sidebarColor: white; + --navbarHeight: 4rem; +} +:root[data-mode=darkest] { + --mainBackgroundColor: black; + --sidebarColor: black; + --codeBackgroundColor: rgba(255, 255, 255, 0.1); + --inlineCodeBackgroundColor: rgba(255, 255, 255, 0.1); +} +:root[data-mode=dark] { + --mainBackgroundColor: #242429; + --sidebarColor: #242429; + --codeBackgroundColor: rgba(0, 0, 0, 0.1); + --inlineCodeBackgroundColor: rgba(255, 255, 255, 0.06); +} +:root[data-mode=dark], :root[data-mode=darkest] { + --codeBlue: #77baff; + --codeGreen: #38c038; + --dividerColor: rgba(255, 255, 255, 0.1); + --faintFontColor: rgba(255, 255, 255, 0.6); + --fontColor: white; + --linkColor: #319be0; + --searchHighlightColor: #fe8e04; +} + +body { + font-family: Roboto, "OpenSans", sans-serif; + background-color: var(--mainBackgroundColor); + color: var(--fontColor); +} + +h1 { + font-size: 2rem; +} + +h2 { + font-size: 1.5rem; +} + +h3 { + font-size: 1.17rem; +} + +a { + color: var(--linkColor); + text-decoration: none; +} + +/*****************************************************************************/ +html { + height: 100%; + scroll-padding-top: var(--navbarHeight); +} + +html, +body { + padding: 0; + margin: 0; + min-height: 100%; +} + +body { + display: flex; + flex-direction: column; +} + +/*****************************************************************************/ +/* Top nav */ +#searchbox h3#searchlabel { + display: none; +} +#searchbox form.search { + display: flex; + flex-direction: row; +} +#searchbox form.search input { + display: block; + box-sizing: border-box; + padding: 0.3rem; + color: rgba(0, 0, 0, 0.7); + border-radius: 0.2rem; +} +#searchbox form.search input[type=text] { + border: none; + background-color: rgba(255, 255, 255, 0.6); + flex-grow: 1; + margin-right: 0.2rem; +} +#searchbox form.search input[type=text]::placeholder { + color: rgba(0, 0, 0, 0.6); +} +#searchbox form.search input[type=submit] { + cursor: pointer; + color: var(--mainNavColor); + flex-grow: 0; + border: none; + background-color: white; +} + +div#top_nav { + position: fixed; + top: 0; + left: 0; + right: 0; + color: white; + z-index: 100; +} +div#top_nav div#notification_banner { + background-color: var(--notificationBannerColor); + box-sizing: border-box; + padding: 0.1rem 1rem; + display: flex; + flex-direction: row; + align-items: center; + justify-content: right; +} +div#top_nav div#notification_banner a.close { + flex-grow: 0; + flex-shrink: 0; + color: rgba(255, 255, 255, 0.85); + text-align: right; + font-size: 0.6rem; + text-transform: uppercase; + display: block; + text-decoration: none; + margin-left: 0.5rem; +} +div#top_nav div#notification_banner a.close:hover { + color: white; +} +div#top_nav div#notification_banner p { + flex-grow: 1; + margin: 0; + text-align: center; + font-size: 0.9rem; + line-height: 1.2; + padding: 0.4rem 0; +} +div#top_nav div#notification_banner p a { + color: white; + text-decoration: underline; +} +div#top_nav nav { + background-color: var(--mainNavColor); + box-sizing: border-box; + padding: 1rem; + display: flex; + flex-direction: row; + align-items: center; +} +div#top_nav nav h1 { + flex-grow: 1; + font-size: 1.2rem; + margin: 0; + padding: 0 0 0 0.8rem; + line-height: 1; +} +div#top_nav nav h1 a { + color: white; +} +div#top_nav nav h1 img { + height: 1.3rem; + width: auto; +} +div#top_nav nav p#toggle_sidebar { + transform: rotate(90deg); + letter-spacing: 0.1rem; + flex-grow: 0; + margin: 0; + padding: 0; +} +div#top_nav nav p#toggle_sidebar a { + color: white; + font-weight: bold; +} +div#top_nav nav a#mode_toggle, div#top_nav nav a#source_link { + margin-right: 1rem; + display: block; + flex-grow: 0; +} +div#top_nav nav a#mode_toggle svg, div#top_nav nav a#source_link svg { + height: 1.3rem; + width: 1.3rem; + vertical-align: middle; +} +div#top_nav nav p.mobile_search_link { + margin: 0; +} +@media (min-width: 50rem) { + div#top_nav nav p.mobile_search_link { + display: none; + } +} +div#top_nav nav p.mobile_search_link a { + color: white; +} +div#top_nav nav p.mobile_search_link a svg { + height: 1rem; + vertical-align: middle; +} +@media (max-width: 50rem) { + div#top_nav nav div.searchbox_wrapper { + display: none; + } +} +div#top_nav nav div.searchbox_wrapper #searchbox { + align-items: center; + display: flex !important; + flex-direction: row-reverse; +} +div#top_nav nav div.searchbox_wrapper #searchbox p.highlight-link { + margin: 0 0.5rem 0 0; +} +div#top_nav nav div.searchbox_wrapper #searchbox p.highlight-link a { + color: rgba(255, 255, 255, 0.8); + font-size: 0.8em; + padding-right: 0.5rem; + text-decoration: underline; +} +div#top_nav nav div.searchbox_wrapper #searchbox p.highlight-link a:hover { + color: white; +} + +/*****************************************************************************/ +/* Main content */ +div.document { + flex-grow: 1; + margin-top: 2rem; + margin-bottom: 5rem; + margin-left: 15rem; + margin-right: 15rem; + padding-top: var(--navbarHeight); + /***************************************************************************/ + /***************************************************************************/ +} +@media (max-width: 50rem) { + div.document { + margin-left: 0px; + margin-right: 0px; + } +} +div.document section, +div.document div.section { + margin: 4rem 0; +} +div.document section:first-child, +div.document div.section:first-child { + margin-top: 0; +} +div.document section > section, +div.document div.section > div.section { + margin: 4rem 0; +} +div.document section > section > section, +div.document div.section > div.section > div.section { + margin: 2rem 0 0 0; +} +div.document section > section > section > section, +div.document div.section > div.section > div.section > div.section { + margin: 1.5rem 0 0 0; +} +div.document h1 + section, +div.document h1 + div.section { + margin-top: 2.5rem !important; +} +div.document h2 + section, +div.document h2 + div.section { + margin-top: 1.5rem !important; +} +div.document img { + max-width: 100%; +} +div.document code { + padding: 2px 4px; + background-color: var(--inlineCodeBackgroundColor); + border-radius: 0.2rem; + font-family: "Roboto Mono", monospace, Monaco, Consolas, Andale Mono; + font-size: 0.9em; +} +div.document div.documentwrapper { + max-width: 45rem; + margin: 0 auto; + flex-grow: 1; + box-sizing: border-box; + padding: 1rem; +} +div.document div.highlight { + color: #252630; + box-sizing: border-box; + padding: 0.2rem 1rem; + margin: 0.5rem 0; + border-radius: 0.2rem; + font-size: 0.9rem; +} +div.document div.highlight pre { + font-family: "Roboto Mono", monospace, Monaco, Consolas, Andale Mono; +} +div.document div[class*=highlight] { + overflow-x: auto; +} +div.document a.headerlink { + font-size: 0.6em; + display: none; + padding-left: 0.5rem; + vertical-align: middle; +} +div.document h1, +div.document h2, +div.document h3, +div.document h4, +div.document h5, +div.document h6, +div.document str, +div.document b { + font-weight: 700; +} +div.document h1 { + margin: 0.8rem 0 0.5rem 0; +} +div.document h2 { + margin: 0.8rem 0 0.5rem 0; +} +div.document h3, div.document h4 { + margin: 1rem 0 0.5rem 0; +} +div.document h1:hover a.headerlink, +div.document h2:hover a.headerlink, +div.document h3:hover a.headerlink, +div.document h4:hover a.headerlink { + display: inline-block; +} +div.document p, +div.document li { + font-size: 1rem; + line-height: 1.5; +} +div.document li p { + margin: 0 0 0.5rem 0; +} +div.document ul, div.document ol { + padding-left: 2rem; +} +div.document ol.loweralpha { + list-style: lower-alpha; +} +div.document ol.arabic { + list-style: decimal; +} +div.document ol.lowerroman { + list-style: lower-roman; +} +div.document ol.upperalpha { + list-style: upper-alpha; +} +div.document ol.upperroman { + list-style: upper-roman; +} +div.document dd { + margin-left: 1.5rem; +} +div.document hr { + border: none; + height: 1px; + background-color: var(--dividerColor); + margin: 2rem 0; +} +div.document table.docutils { + border-collapse: collapse; +} +div.document table.docutils th, div.document table.docutils td { + border: 1px solid var(--dividerColor); + box-sizing: border-box; + padding: 0.5rem 1rem; +} +div.document table.docutils th p, div.document table.docutils th ul, div.document table.docutils td p, div.document table.docutils td ul { + margin: 0.3rem 0; +} +div.document table.docutils th ul, div.document table.docutils td ul { + padding-left: 1rem; +} +div.document form input { + padding: 0.5rem; +} +div.document form input[type=submit], div.document form button { + border: none; + background-color: var(--mainNavColor); + color: white; + padding: 0.5rem 1rem; + border-radius: 0.2rem; +} +div.document span.highlighted { + background-color: var(--searchHighlightColor); + padding: 0 0.1em; +} +div.document div#search-results { + padding-top: 2rem; +} +div.document div#search-results p.search-summary { + font-size: 0.8em; +} +div.document div#search-results ul.search { + list-style: none; + padding-left: 0; +} +div.document div#search-results ul.search li { + border-bottom: 1px solid var(--dividerColor); + margin: 0; + padding: 2rem 0; +} +div.document div#search-results ul.search li > a:first-child { + font-size: 1.2rem; +} +div.document dd ul, div.document dd ol { + padding-left: 1rem; +} +div.document dl.py { + margin-bottom: 2rem; +} +div.document dl.py dt.sig { + background-color: var(--codeBackgroundColor); + color: var(--fontColor); + box-sizing: border-box; + font-family: "Roboto Mono", monospace, Monaco, Consolas, Andale Mono; + font-size: 0.9rem; + padding: 1rem; + border-left: 5px solid rgba(0, 0, 0, 0.1); + border-radius: 0.2rem; +} +div.document dl.py em.property { + color: var(--sidebarColor); + font-weight: bold; +} +div.document dl.py span.sig-name { + color: var(--codeBlue); + font-weight: bold; +} +div.document dl.py em.property { + color: var(--codeGreen); +} +div.document dl.py em.sig-param { + margin-left: 2rem; +} +div.document dl.py em.sig-param span.default_value { + color: var(--codeGreen); +} +div.document dl.py span.sig-return span.sig-return-typehint { + color: var(--fontColor); +} +div.document dl.py span.sig-return span.sig-return-typehint pre { + color: var(--fontColor); +} +div.document dl.py em.sig-param > span:first-child { + font-weight: bold; +} +div.document dl.cpp, div.document dl.c { + margin-bottom: 1rem; +} +div.document dl.cpp dt.sig, div.document dl.c dt.sig { + background-color: var(--codeBackgroundColor); + color: var(--fontColor); + box-sizing: border-box; + font-family: "Roboto Mono", monospace, Monaco, Consolas, Andale Mono; + font-size: 0.9rem; + padding: 1rem; + border-left: 5px solid rgba(0, 0, 0, 0.1); + border-radius: 0.2rem; + line-height: 1.4; +} +div.document dl.cpp span.sig-name, div.document dl.c span.sig-name { + color: var(--codeBlue); + font-weight: bold; +} +div.document dl.cpp span.sig-indent, div.document dl.c span.sig-indent { + margin-left: 2rem; +} +div.document dl.cpp span.target + span, div.document dl.c span.target + span { + color: var(--codeGreen); +} +div.document dl.cpp span.sig-param > span:first-child, div.document dl.c span.sig-param > span:first-child { + font-weight: bold; +} +div.document div.admonition { + box-shadow: 0px 0px 0px 1px var(--dividerColor); + border-radius: 0.2rem; + margin: 1rem 0; + overflow: hidden; +} +div.document div.admonition p { + box-sizing: border-box; + font-size: 0.9rem; + padding: 0.5rem; + margin: 0; +} +div.document div.admonition p:first-child { + padding-bottom: 0; + margin-bottom: 0; +} +div.document div.admonition p + p { + padding-top: 0.2rem; +} +div.document div.admonition p.admonition-title { + font-weight: bolder; + letter-spacing: 0.01rem; +} +div.document div.admonition.hint, div.document div.admonition.important, div.document div.admonition.tip { + border-left: 5px solid #56b79c; +} +div.document div.admonition.hint p.admonition-title, div.document div.admonition.important p.admonition-title, div.document div.admonition.tip p.admonition-title { + color: #56b79c; +} +div.document div.admonition.note { + border-left: 5px solid #587f9f; +} +div.document div.admonition.note p.admonition-title { + color: #587f9f; +} +div.document div.admonition.danger, div.document div.admonition.error { + border-left: 5px solid #e6a39a; +} +div.document div.admonition.danger p.admonition-title, div.document div.admonition.error p.admonition-title { + color: #e6a39a; +} +div.document div.admonition.attention, div.document div.admonition.caution, div.document div.admonition.warning { + border-left: 5px solid #e7b486; +} +div.document div.admonition.attention p.admonition-title, div.document div.admonition.caution p.admonition-title, div.document div.admonition.warning p.admonition-title { + color: #e7b486; +} + +/*****************************************************************************/ +/* Sidebar */ +div.sphinxsidebar { + background-color: var(--sidebarColor); + border-right: 1px solid var(--dividerColor); + position: fixed; + left: 0; + top: 0; + bottom: 0; + width: 15rem; + box-sizing: border-box; + padding: var(--navbarHeight) 1rem 1rem; + z-index: 50; +} +@media (max-width: 50rem) { + div.sphinxsidebar { + display: none; + } +} +div.sphinxsidebar div.sphinxsidebarwrapper { + height: 100%; + overflow-y: auto; +} +div.sphinxsidebar ul { + padding-left: 0rem; + list-style: none; +} +div.sphinxsidebar ul li { + font-size: 0.9rem; + line-height: 1.2; +} +div.sphinxsidebar ul li a { + display: block; + box-sizing: border-box; + padding: 0 0.2rem 0.6rem; + color: var(--fontColor); + text-decoration: none; +} +div.sphinxsidebar ul li a.current { + color: var(--linkColor); +} +div.sphinxsidebar ul li a:hover { + color: var(--linkColor); +} +div.sphinxsidebar ul li > ul { + padding-left: 1rem; +} +div.sphinxsidebar p { + color: var(--faintFontColor); +} + +/*****************************************************************************/ +/* The right sidebar, showing the table of contents for the current page. */ +div#show_right_sidebar { + position: fixed; + right: 0; + top: 0; + z-index: 20; + background-color: var(--sidebarColor); + border-left: 1px solid var(--dividerColor); + border-bottom: 1px solid var(--dividerColor); + padding: var(--navbarHeight) 1rem 0rem; +} +div#show_right_sidebar p { + font-size: 0.9em; +} +div#show_right_sidebar p span { + color: var(--faintFontColor); + vertical-align: middle; +} +div#show_right_sidebar p span.icon { + color: var(--linkColor); + font-size: 0.9em; + padding-right: 0.2rem; +} + +div#right_sidebar { + position: fixed; + right: 0; + top: 0; + z-index: 50; + background-color: var(--sidebarColor); + width: 15rem; + border-left: 1px solid var(--dividerColor); + box-sizing: border-box; + padding: var(--navbarHeight) 1rem 1rem; + height: 100%; + overflow-y: auto; +} +div#right_sidebar p span { + color: var(--faintFontColor); + vertical-align: middle; +} +div#right_sidebar p span.icon { + color: var(--linkColor); + font-size: 0.9em; + padding-right: 0.2rem; +} +div#right_sidebar ul { + padding-left: 0rem; + list-style: none; +} +div#right_sidebar ul li { + font-size: 0.9rem; + line-height: 1.2; +} +div#right_sidebar ul li a { + display: block; + box-sizing: border-box; + padding: 0 0.2rem 0.6rem; + color: var(--fontColor); + text-decoration: none; +} +div#right_sidebar ul li a.current { + color: var(--linkColor); +} +div#right_sidebar ul li a:hover { + color: var(--linkColor); +} +div#right_sidebar ul li > ul { + padding-left: 1rem; +} +div#right_sidebar p { + color: var(--faintFontColor); +} +@media (max-width: 50rem) { + div#right_sidebar { + display: none; + } +} + +/*****************************************************************************/ +/* Footer */ +div.footer { + box-sizing: border-box; + padding-top: 2rem; + font-size: 0.7rem; + text-align: center; + text-transform: uppercase; + color: var(--faintFontColor); +} + +p#theme_credit { + font-size: 0.6rem; + text-transform: uppercase; + text-align: center; + color: var(--faintFontColor); +} + +/*****************************************************************************/ +/* Buttons */ +div.button_nav_wrapper { + margin-left: 15rem; + margin-right: 15rem; +} +@media (max-width: 50rem) { + div.button_nav_wrapper { + margin-left: 0px; + margin-right: 0px; + } +} +div.button_nav_wrapper div.button_nav { + max-width: 45rem; + margin: 0 auto; + display: flex; + flex-direction: row; + width: 100%; +} +div.button_nav_wrapper div.button_nav div { + box-sizing: border-box; + padding: 1rem; + flex: 50%; +} +div.button_nav_wrapper div.button_nav div a { + display: block; +} +div.button_nav_wrapper div.button_nav div a span { + vertical-align: middle; +} +div.button_nav_wrapper div.button_nav div a span.icon { + font-weight: bold; + font-size: 0.8em; +} +div.button_nav_wrapper div.button_nav div.left a { + text-align: left; +} +div.button_nav_wrapper div.button_nav div.left a span.icon { + padding-right: 0.4rem; +} +div.button_nav_wrapper div.button_nav div.right a { + text-align: right; +} +div.button_nav_wrapper div.button_nav div.right a span.icon { + padding-left: 0.4rem; +} + +/*****************************************************************************/ +/* Pygments overrides in dark mode */ +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight { + --black: #000000; + --red: #ff9393; + --darkBlue: #6b83fe; + --grey: #a8a8a8; + --pink: #ff99d8; + --torquoise: #68e9e9; + --brown: #d48a00; + --purple: #ce04e9; + --paleYellow: #454534; + background: var(--codeBackgroundColor); + color: var(--fontColor); + /* Comment */ + /* Error */ + /* Keyword */ + /* Operator */ + /* Comment.Hashbang */ + /* Comment.Multiline */ + /* Comment.Preproc */ + /* Comment.PreprocFile */ + /* Comment.Single */ + /* Comment.Special */ + /* Generic.Deleted */ + /* Generic.Emph */ + /* Generic.Error */ + /* Generic.Heading */ + /* Generic.Inserted */ + /* Generic.Output */ + /* Generic.Prompt */ + /* Generic.Strong */ + /* Generic.Subheading */ + /* Generic.Traceback */ + /* Keyword.Constant */ + /* Keyword.Declaration */ + /* Keyword.Namespace */ + /* Keyword.Pseudo */ + /* Keyword.Reserved */ + /* Keyword.Type */ + /* Literal.Number */ + /* Literal.String */ + /* Name.Attribute */ + /* Name.Builtin */ + /* Name.Class */ + /* Name.Constant */ + /* Name.Decorator */ + /* Name.Entity */ + /* Name.Exception */ + /* Name.Function */ + /* Name.Label */ + /* Name.Namespace */ + /* Name.Tag */ + /* Name.Variable */ + /* Operator.Word */ + /* Text.Whitespace */ + /* Literal.Number.Bin */ + /* Literal.Number.Float */ + /* Literal.Number.Hex */ + /* Literal.Number.Integer */ + /* Literal.Number.Oct */ + /* Literal.String.Affix */ + /* Literal.String.Backtick */ + /* Literal.String.Char */ + /* Literal.String.Delimiter */ + /* Literal.String.Doc */ + /* Literal.String.Double */ + /* Literal.String.Escape */ + /* Literal.String.Heredoc */ + /* Literal.String.Interpol */ + /* Literal.String.Other */ + /* Literal.String.Regex */ + /* Literal.String.Single */ + /* Literal.String.Symbol */ + /* Name.Builtin.Pseudo */ + /* Name.Function.Magic */ + /* Name.Variable.Class */ + /* Name.Variable.Global */ + /* Name.Variable.Instance */ + /* Name.Variable.Magic */ + /* Literal.Number.Integer.Long */ +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight pre, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight pre { + line-height: 125%; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight td.linenos .normal, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight td.linenos .normal { + color: inherit; + background-color: transparent; + padding-left: 5px; + padding-right: 5px; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight span.linenos, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight span.linenos { + color: inherit; + background-color: transparent; + padding-left: 5px; + padding-right: 5px; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight td.linenos .special, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight td.linenos .special { + color: var(--black); + background-color: var(--paleYellow); + padding-left: 5px; + padding-right: 5px; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight span.linenos.special, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight span.linenos.special { + color: var(--black); + background-color: var(--paleYellow); + padding-left: 5px; + padding-right: 5px; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .hll, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .hll { + background-color: var(--paleYellow); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .c, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .c { + color: var(--torquoise); + font-style: italic; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .err, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .err { + border: 1px solid var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .k, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .k { + color: var(--codeGreen); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .o, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .o { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .ch, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .ch { + color: var(--torquoise); + font-style: italic; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .cm, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .cm { + color: var(--torquoise); + font-style: italic; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .cp, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .cp { + color: var(--brown); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .cpf, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .cpf { + color: var(--torquoise); + font-style: italic; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .c1, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .c1 { + color: var(--torquoise); + font-style: italic; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .cs, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .cs { + color: var(--torquoise); + font-style: italic; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .gd, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .gd { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .ge, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .ge { + font-style: italic; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .gr, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .gr { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .gh, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .gh { + color: var(--codeBlue); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .gi, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .gi { + color: var(--codeGreen); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .go, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .go { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .gp, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .gp { + color: var(--codeBlue); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .gs, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .gs { + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .gu, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .gu { + color: var(--purple); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .gt, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .gt { + color: var(--codeBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .kc, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .kc { + color: var(--codeGreen); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .kd, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .kd { + color: var(--codeGreen); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .kn, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .kn { + color: var(--codeGreen); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .kp, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .kp { + color: var(--codeGreen); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .kr, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .kr { + color: var(--codeGreen); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .kt, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .kt { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .m, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .m { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .s, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .s { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .na, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .na { + color: var(--codeGreen); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .nb, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .nb { + color: var(--codeGreen); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .nc, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .nc { + color: var(--codeBlue); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .no, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .no { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .nd, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .nd { + color: var(--purple); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .ni, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .ni { + color: var(--grey); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .ne, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .ne { + color: var(--red); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .nf, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .nf { + color: var(--codeBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .nl, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .nl { + color: var(--codeGreen); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .nn, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .nn { + color: var(--codeBlue); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .nt, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .nt { + color: var(--codeGreen); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .nv, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .nv { + color: var(--darkBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .ow, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .ow { + color: var(--pink); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .w, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .w { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .mb, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .mb { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .mf, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .mf { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .mh, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .mh { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .mi, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .mi { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .mo, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .mo { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .sa, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .sa { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .sb, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .sb { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .sc, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .sc { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .dl, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .dl { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .sd, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .sd { + color: var(--red); + font-style: italic; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .s2, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .s2 { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .se, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .se { + color: var(--brown); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .sh, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .sh { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .si, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .si { + color: var(--pink); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .sx, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .sx { + color: var(--codeGreen); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .sr, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .sr { + color: var(--pink); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .s1, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .s1 { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .ss, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .ss { + color: var(--darkBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .bp, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .bp { + color: var(--codeGreen); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .fm, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .fm { + color: var(--codeBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .vc, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .vc { + color: var(--darkBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .vg, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .vg { + color: var(--darkBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .vi, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .vi { + color: var(--darkBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .vm, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .vm { + color: var(--darkBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .il, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .il { + color: var(--grey); +} + +/*# sourceMappingURL=basic_mod.css.map */ diff --git a/ia-terms-updates/en/_static/basic_mod.css.map b/ia-terms-updates/en/_static/basic_mod.css.map new file mode 100644 index 000000000..332d772fb --- /dev/null +++ b/ia-terms-updates/en/_static/basic_mod.css.map @@ -0,0 +1 @@ +{"version":3,"sourceRoot":"","sources":["../../src/sass/basic_mod.scss"],"names":[],"mappings":"AAGA;EACC;EACA;EACA;EACA;;AAED;EACC;EACA;EACA;EACA;;AAED;EACC;EACA;EACA;EACA;;AAID;EACC;EACA;EACA;EACA;;AAED;EACC;EACA;EACA;EACA;;AAED;EACC;EACA;EACA;EACA;;AAED;EACC;EACA;EACA;EACA;;AAaD;AACA;AAEA;EACE;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACE;EACA;EACA;EACA;;AAGF;EACE;EACA;EACA;EACA;;AAGF;EAEE;EACA;EACA;EACA;EACA;EACA;EACA;;;AAIJ;EACE;EACA;EACA;;;AAGF;EACE;;;AAGF;EACE;;;AAGF;EACE;;;AAGF;EACE;EACA;;;AAGF;AAEA;EACE;EAEA;;;AAGF;AAAA;EAEE;EACA;EACA;;;AAGF;EACE;EACA;;;AAGF;AACA;AAKE;EACE;;AAGF;EACE;EACA;;AAEA;EACE;EACA;EACA;EACA;EACA,eAhHS;;AAmHX;EACE;EACA;EACA;EACA;;AAEA;EACE;;AAIJ;EACE;EACA;EACA;EACA;EACA;;;AAKN;EACE;EACA;EACA;EACA;EACA;EACA;;AAEA;EACE;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACE;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACE;;AAIJ;EACE;EACA;EACA;EACA;EACA;EACA;;AAEA;EACE;EACA;;AAMN;EACE;EACA;EACA;EACA;EACA;EACA;;AAEA;EACE;EACA;EACA;EACA;EACA;;AAEA;EACE;;AAGF;EACE;EACA;;AAKJ;EACE;EACA;EACA;EACA;EACA;;AAEA;EACE,OA9Na;EA+Nb;;AAKJ;EACE;EACA;EACA;;AAEA;EACE;EACA;EACA;;AAKJ;EACE;;AAEA;EAHF;IAII;;;AAGF;EACE;;AAEA;EACE;EACA;;AAOJ;EADF;IAEI;;;AAKF;EACE;EACA;EACA;;AAEA;EACE;;AAEA;EACE;EACA;EACA;EACA;;AAEA;EACE;;;AASd;AACA;AAEA;EACE;EACA;EACA;EACA,aAnSa;EAoSb,cApSa;EAqSb;AAOA;AAqDA;;AA1DA;EARF;IASI;IACA;;;AAgBF;AAAA;EAEE;;AAGA;AAAA;EACE;;AAOJ;AAAA;EAEE;;AAIF;AAAA;EAEE;;AAIF;AAAA;EAEE;;AAGF;AAAA;EAEE;;AAGF;AAAA;EAEE;;AAKF;EACE;;AAGF;EACE;EACA;EACA,eA7WW;EA8WX,aAhXO;EAiXP;;AAGF;EACE,WAlXW;EAmXX;EACA;EACA;EACA;;AAGF;EACE;EACA;EACA;EACA;EACA,eA/XW;EAgYX;;AAEA;EACE,aArYK;;AA0YT;EACE;;AAGF;EACE;EACA;EACA;EACA;;AAGF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;EAQE;;AAGF;EACE;;AAGF;EACE;;AAGF;EACE;;AAOA;AAAA;AAAA;AAAA;EACE;;AAIJ;AAAA;EAEE;EACA;;AAQA;EACE;;AAIJ;EACE;;AAOA;EACE;;AAGF;EACE;;AAGF;EACE;;AAGF;EACE;;AAGF;EACE;;AAIJ;EACE;;AAGF;EACE;EACA;EACA;EACA;;AAGF;EACE;;AACA;EACE;EACA;EACA;;AAEA;EACE;;AAEF;EACE;;AAMJ;EACE;;AAGF;EACE;EACA;EACA;EACA;EACA;;AAOJ;EACE;EACA;;AAGF;EACE;;AAEA;EACE;;AAGF;EACE;EACA;;AAEA;EACE;EACA;EACA;;AAEA;EACE;;AASN;EACE;;AAIJ;EACE;;AAEA;EACE;EACA;EACA;EACA,aAzjBK;EA0jBL;EACA;EACA;EACA,eA3jBS;;AA+jBX;EACE;EACA;;AAIF;EACE;EACA;;AAIF;EACE;;AAGF;EACE;;AAEA;EACE;;AAKF;EACE;;AAEA;EACE;;AAMN;EACE;;AAMJ;EACE;;AAEA;EACE;EACA;EACA;EACA,aAlnBK;EAmnBL;EACA;EACA;EACA,eApnBS;EAqnBT;;AAIF;EACE;EACA;;AAIF;EACE;;AAIF;EACE;;AAIF;EACE;;AAMJ;EACE;EACA,eAlpBW;EAmpBX;EACA;;AAEA;EACE;EACA;EACA;EACA;;AAGF;EACE;EACA;;AAGF;EACE;;AAGF;EACE;EACA;;AAGF;EAIE;;AAEA;EACE,OAJM;;AAQV;EAEE;;AAEA;EACE,OAJM;;AAQV;EAGE;;AAEA;EACE,OAJM;;AAQV;EAIE;;AAEA;EACE,OAJM;;;AAUd;AACA;AAwCA;EACE;EACA;EACA;EACA;EACA;EACA;EACA,OAnwBa;EAowBb;EACA;EACA;;AAEA;EAZF;IAaI;;;AAGF;EACE;EACA;;AAvDF;EACE;EACA;;AAEA;EACE;EACA;;AAEA;EACE;EACA;EACA;EACA;EACA;;AAEA;EACE;;AAGF;EACE;;AAKN;EACE;;AAMJ;EACE;;;AA6BJ;AACA;AAiBA;EACE;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACE;;AAxBF;EACE;EACA;;AAEA;EACE;EACA;EACA;;;AAuBN;EACE;EACA;EACA;EACA;EACA;EACA,OA9zBa;EA+zBb;EACA;EACA;EACA;EACA;;AAzCA;EACE;EACA;;AAEA;EACE;EACA;EACA;;AA1EJ;EACE;EACA;;AAEA;EACE;EACA;;AAEA;EACE;EACA;EACA;EACA;EACA;;AAEA;EACE;;AAGF;EACE;;AAKN;EACE;;AAMJ;EACE;;AAoFF;EApBF;IAqBI;;;;AAIJ;AACA;AAEA;EACE;EACA;EACA;EACA;EACA;EACA;;;AAGF;EACE;EACA;EACA;EACA;;;AAGF;AACA;AAEA;EACE,aAx2Ba;EAy2Bb,cAz2Ba;;AA22Bb;EAJF;IAKI;IACA;;;AAGF;EACE,WAn3BW;EAo3BX;EACA;EACA;EACA;;AAEA;EACE;EACA;EACA;;AAEA;EACE;;AAEA;EACE;;AAGF;EACE;EACA;;AAKF;EACE;;AAEA;EACE;;AAMJ;EACE;;AAEA;EACE;;;AAQZ;AACA;AAOE;AAAA;EACE;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EAEA;EACA;AAoCE;AAGA;AAIA;AAGA;AAIA;AAIA;AAGA;AAIA;AAIA;AAIA;AAGA;AAGA;AAGA;AAIA;AAGA;AAGA;AAIA;AAGA;AAIA;AAGA;AAIA;AAIA;AAIA;AAGA;AAIA;AAGA;AAGA;AAGA;AAGA;AAGA;AAIA;AAGA;AAGA;AAIA;AAIA;AAGA;AAGA;AAIA;AAIA;AAGA;AAIA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAIA;AAGA;AAIA;AAGA;AAIA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;;AA9PF;AAAA;EACE;;AAGF;AAAA;EACE;EACA;EACA;EACA;;AAEF;AAAA;EACE;EACA;EACA;EACA;;AAEF;AAAA;EACE;EACA;EACA;EACA;;AAEF;AAAA;EACE;EACA;EACA;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE","file":"basic_mod.css"} \ No newline at end of file diff --git a/ia-terms-updates/en/_static/doctools.js b/ia-terms-updates/en/_static/doctools.js new file mode 100644 index 000000000..4d67807d1 --- /dev/null +++ b/ia-terms-updates/en/_static/doctools.js @@ -0,0 +1,156 @@ +/* + * doctools.js + * ~~~~~~~~~~~ + * + * Base JavaScript utilities for all Sphinx HTML documentation. + * + * :copyright: Copyright 2007-2024 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ +"use strict"; + +const BLACKLISTED_KEY_CONTROL_ELEMENTS = new Set([ + "TEXTAREA", + "INPUT", + "SELECT", + "BUTTON", +]); + +const _ready = (callback) => { + if (document.readyState !== "loading") { + callback(); + } else { + document.addEventListener("DOMContentLoaded", callback); + } +}; + +/** + * Small JavaScript module for the documentation. + */ +const Documentation = { + init: () => { + Documentation.initDomainIndexTable(); + Documentation.initOnKeyListeners(); + }, + + /** + * i18n support + */ + TRANSLATIONS: {}, + PLURAL_EXPR: (n) => (n === 1 ? 0 : 1), + LOCALE: "unknown", + + // gettext and ngettext don't access this so that the functions + // can safely bound to a different name (_ = Documentation.gettext) + gettext: (string) => { + const translated = Documentation.TRANSLATIONS[string]; + switch (typeof translated) { + case "undefined": + return string; // no translation + case "string": + return translated; // translation exists + default: + return translated[0]; // (singular, plural) translation tuple exists + } + }, + + ngettext: (singular, plural, n) => { + const translated = Documentation.TRANSLATIONS[singular]; + if (typeof translated !== "undefined") + return translated[Documentation.PLURAL_EXPR(n)]; + return n === 1 ? singular : plural; + }, + + addTranslations: (catalog) => { + Object.assign(Documentation.TRANSLATIONS, catalog.messages); + Documentation.PLURAL_EXPR = new Function( + "n", + `return (${catalog.plural_expr})` + ); + Documentation.LOCALE = catalog.locale; + }, + + /** + * helper function to focus on search bar + */ + focusSearchBar: () => { + document.querySelectorAll("input[name=q]")[0]?.focus(); + }, + + /** + * Initialise the domain index toggle buttons + */ + initDomainIndexTable: () => { + const toggler = (el) => { + const idNumber = el.id.substr(7); + const toggledRows = document.querySelectorAll(`tr.cg-${idNumber}`); + if (el.src.substr(-9) === "minus.png") { + el.src = `${el.src.substr(0, el.src.length - 9)}plus.png`; + toggledRows.forEach((el) => (el.style.display = "none")); + } else { + el.src = `${el.src.substr(0, el.src.length - 8)}minus.png`; + toggledRows.forEach((el) => (el.style.display = "")); + } + }; + + const togglerElements = document.querySelectorAll("img.toggler"); + togglerElements.forEach((el) => + el.addEventListener("click", (event) => toggler(event.currentTarget)) + ); + togglerElements.forEach((el) => (el.style.display = "")); + if (DOCUMENTATION_OPTIONS.COLLAPSE_INDEX) togglerElements.forEach(toggler); + }, + + initOnKeyListeners: () => { + // only install a listener if it is really needed + if ( + !DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS && + !DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS + ) + return; + + document.addEventListener("keydown", (event) => { + // bail for input elements + if (BLACKLISTED_KEY_CONTROL_ELEMENTS.has(document.activeElement.tagName)) return; + // bail with special keys + if (event.altKey || event.ctrlKey || event.metaKey) return; + + if (!event.shiftKey) { + switch (event.key) { + case "ArrowLeft": + if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break; + + const prevLink = document.querySelector('link[rel="prev"]'); + if (prevLink && prevLink.href) { + window.location.href = prevLink.href; + event.preventDefault(); + } + break; + case "ArrowRight": + if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break; + + const nextLink = document.querySelector('link[rel="next"]'); + if (nextLink && nextLink.href) { + window.location.href = nextLink.href; + event.preventDefault(); + } + break; + } + } + + // some keyboard layouts may need Shift to get / + switch (event.key) { + case "/": + if (!DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS) break; + Documentation.focusSearchBar(); + event.preventDefault(); + } + }); + }, +}; + +// quick alias for translations +const _ = Documentation.gettext; + +_ready(Documentation.init); diff --git a/ia-terms-updates/en/_static/documentation_options.js b/ia-terms-updates/en/_static/documentation_options.js new file mode 100644 index 000000000..9feebd4c3 --- /dev/null +++ b/ia-terms-updates/en/_static/documentation_options.js @@ -0,0 +1,13 @@ +const DOCUMENTATION_OPTIONS = { + VERSION: 'version: latest', + LANGUAGE: 'en', + COLLAPSE_INDEX: false, + BUILDER: 'html', + FILE_SUFFIX: '.html', + LINK_SUFFIX: '.html', + HAS_SOURCE: true, + SOURCELINK_SUFFIX: '.txt', + NAVIGATION_WITH_KEYS: false, + SHOW_SEARCH_SUMMARY: true, + ENABLE_SEARCH_SHORTCUTS: true, +}; \ No newline at end of file diff --git a/ia-terms-updates/en/_static/file.png b/ia-terms-updates/en/_static/file.png new file mode 100644 index 0000000000000000000000000000000000000000..a858a410e4faa62ce324d814e4b816fff83a6fb3 GIT binary patch literal 286 zcmV+(0pb3MP)s`hMrGg#P~ix$^RISR_I47Y|r1 z_CyJOe}D1){SET-^Amu_i71Lt6eYfZjRyw@I6OQAIXXHDfiX^GbOlHe=Ae4>0m)d(f|Me07*qoM6N<$f}vM^LjV8( literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/_static/fonts/roboto-mono/LICENSE.txt b/ia-terms-updates/en/_static/fonts/roboto-mono/LICENSE.txt new file mode 100644 index 000000000..d64569567 --- /dev/null +++ b/ia-terms-updates/en/_static/fonts/roboto-mono/LICENSE.txt @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/ia-terms-updates/en/_static/fonts/roboto-mono/roboto-mono-bold-italic.woff2 b/ia-terms-updates/en/_static/fonts/roboto-mono/roboto-mono-bold-italic.woff2 new file mode 100644 index 0000000000000000000000000000000000000000..595f902d68935d83d57867dd7db0cb06c6caddfa GIT binary patch literal 41628 zcmV(>K-j-`Pew8T0RR910HT}#4gdfE0a8c+0HQ$v0{{R300000000000000000000 z0000SHU?lnQ&d4zKmd+V5eN!|xd?;2TLCr#Bm<3d3ypFB1Rw>490#`<3tMyYn!|v&-vh{`z(Tk|Rit1bM2f%*ZhlKLoSo{aBIqx8Jkh2Xor^!x}3- zE$MIlw)TDByjU>*-FGc`_vDKHfy-Py%3TJ=#z^Z&)QXcn^@Setum7q}_uTizC1w^G zoRW$*r&5!5dI;v$-HHWc8?1|MEQ%gWwq``7fQm|3{YK;)uUPrKRj*&^|Lcbp-|7I( ztwZPm8T*cK}7%k!Z-RI0=wNm zKbC+0&&ybkXTP_f@^Alp{_Ryp18Hfn8%Bf%yR7k6Mhj`t)FiWMRkWyt-@E+%orKyP z5@TE4U0U5t%IpiJb|Eny;V~Y5JN_RJ|If3=@AsL9O6VjKT{3h@B)(Ym9IVt|x>#hr zxlro%j0AzfNDW4l^*1nby;5b1u#T)b$(R~Z6M+A<$8y$*!pXM+fe7(BOxmtk!rHg8 zqRv!K?d~ht1=Nf(V;3L4gU1K|t6jD0juICDbfmBLYXMnFEpdP(+i`&Gl)!R)zp1|B zZagNWN~DW^tn71hT|>4|Y5VwCtN<3k0=5>%K*yj=0420Bet1@-^?&xdytXe3Aw&%c zk|8SM&bqb6$4~cFInDZZV8J=OFXUee@1E&}U9==coWeqX@K^fc)7ndw@ZoSN;R`7t z@x$D{kSo-?iciFmZMc1&9J6K6LgJ&$og*ue_o@@q%77vk7jl)e&cNO-ubBD6I%~go zehRMw$YzPjq~HMx#rL;n-d+}X6r>bG0qL*({{aYs%ZzmX2D4RLM8c|Vp$0-oRK_Gd z;}#0$CZzZYH;5l{Q3XSfZ!i64H!Xb4+$zz0JVWozz`G<7#t|45GsLr$>hs0^)?N4*uwL_pQtV59twl2 zMkmFrY?7z;D+UpA!b}J|tp??4=xnG`(AQD+A)$m2&Ud~({ylQLla3WiFu?@lx<(ig zge#0l+c!SfW2yfEBawDvw;2*89xm^Xd5uk2RHBWObv*yZ?SI>}CKC}P3K9QF*$$V! zvW?|`L#@Eb|k3j$$zVcJ&CdDf4v9}F^bVE z`28RlvGq4X`(mWElwV)(_Xom)V4p-q>C})v8x*E32w&K`pO~-{bfC&AnegNI3-=<|YpV zE%`I#-^#y}|DwPU;({cEe4$t<7wUy3VVW>Q=oXd;>x4TM_b47vvJNJR=pwO5E2+i)M$TxXMo(nsb9mNh~J^R<1H~jf;f5j!=vCErp&s5cm zSM=leW|=(?*?tU+ACLYxD)7m(A%+_d13P=1eY#r$AAW0f3zz#ucRm%bId{!In3ClE z!QN({uJ)}JK(4R#z=KmRH$wnvd~Uh3G5_18qhzs7*fH#U>+1D&CAN;W1(Acb1MS{6 z=VPzhYUJI4>rMxIlN$Jc2BciBbzH4*QM3}JIvtb6KxwHEYRyt)2(aEk%N(-F&N8X6 z$`P9nZ)AA*G6}3!TnKHf%VEjk!`cGrZ~}yw)Lb?SPY(z#4>ANwVY_mb>Qt%WV83o{ zI&>O#%b+2B#=Q32OH*D+^4OBk7A*RW6LuDO!xjWifEE56s7*0ymZ*|)DyT@PSsF^0 zAyWe;XR3p+WKnrA6R;yFHrk{*5$pdDeMBr50 zIGI%ZBj;?=oK2Q9$#6LpE~d;#@?46_`SxhCfGeqTH8pZvi^h#KxSl#U)8tlKe4I9S z(&ctK3FJhQe3J>ErO($H6M%V^Id|L6k6G|jJGd8{iCDbIGGWp3Dr+XQ;;qj7lOw-p z%al(19hZOO@lFAsbmudF_2RoeeA8Pq4>ICW9Cio8`yudMX8Nl&OQmWJ%GFq5Wpq|W zA47~*yD$YYr_h=drP$h(q|~~US>GWWI-E)yOSDOPN3$?BsZCw#ODR=u>18-unmqZ= zDNv}$`7&K_v1?^3Ek{|ooh`3?`QhiHOK#B?jUW8BW_>%0!7u(Uuw-SZ;Ry=IZ#EWLvi)Imu7&5% z0E9{@t;*DAcjsONx!nE5m*OHUqFAd6y;LNzRaL557jaOvIuuo|HqvNVRj>C;VVqT? z-Y)qivq+1n6oimhz3g>w8gHVviHBJHi#$`UMhZFK`>}*l8jt+k!F=fV{nC~H`mE59ICx8$1Qz;O_vi zz*_(_F8)DB6IUWu+t5cmtCbE3`_pUfcj6*=Hbw{^ee|=q(D46yfukElllZuOgU~%6 z%KvuDt7*o+wpF;xkEBU@7bl{0CkQaw!Z;=-MOxSCNHcn7r%n?)Xf;%FQzd;jT}mXv z922xCrBG7I)=io?O&lTZ`_|;L24xmo1?OdK4bK*QA*=~lHGmqNf%oH@`YOECtV)`6 zAj!qVUD+?AVl`_h1sw1cSD0WdAS`n&LJ%VTu5Fi@Wnn;?cVra&Y3`s0D9suvFodd~ zf)6U}FYr!>`;^$6(-?-X_b2|Z>Q2@F5r)Y)41E~8^Ewaf-gNURoF>(wI~?-HEYbD) zDBA>ZGzg3_=bz;GE;-n_z&});rcFDIw~7MGl6wo#b^@YR35N zEA1xxi4gsjAbVX8^HEkFRJ27EZc>JV8`O@lz+Tr=rywgGWZI{TqC*?z%HduSi3zrC z>AKbuxMOt+XS=mAqAfba=jSc@c!7;8^R3|v0OgPIk7wu8(TpX8gpuw%J+uO7JwYTt z75S8`eU5u9PkdXMrpVdGhZ@u=C~4c>A!C%fZlNCJdE$8>K!|;|=c-GYD+AlX?E0%jr75+?ZI8#wDFvV?VxONmWtXIhU;yUtwC#AXMM zpdhC(YH2IBdLqKlUTC_dEbs6&-{ksrco>-Y%a8^yKxVjPFkGH5k zODpf|ZLqs9j>LMW{^Jrcl1b=xAcslh#`8(ugT&giIJpXX;OcBXH<_VzZp`sSj|)Ow zQDz1|$w=&|14F`#j1_Y}4%Eu5R?AhYV~hf`bU!iX+yu-Zb%1~&q(k%$AZS|9fQxDA z$)8rmW(g5W@QM~Tvq36pLCc^Ve#@x+VPem1kw8Yy#xP+gDk%lCr2|N(eJqhoh}F%u z!B=I8d_`BP++LxHxDjg8?v^F(nW#w>OB`adL}_Z+W%PnubgW0Urp@cO)d)}`g;}Ez zA!C~)osx2JzT{TxQeEjwJ!OlWUh063XvP_*{_`X6l4a*~{)!W_*sqs(VYUUjvo+DB zK=l*`V2;TEs-RfDUlc1aRkL%+ldSE>)gip%mvPW;Gg{7A0`mror;QMRxI2Hq<62 zm)DDy-c@#u;%ou@3M{?(B9kmBb=H=Teywml>)L~rlOM=tC1y3P&6tzd+S~!dj>vgU z)9W-EQ1{wFAVfgAKtg%g%wk7Vq z9c>I?_^Yp#9xf98EKx3l7yCbeFan(ufH5kkA%9mGSNwQ^=L<9u^Wf^-K6H~5V@+Vq ziNr%igtrPqq%%%7qR}kr5q&eJibTg4=XnQ6En6X%?n!98qw!q};`m|V{m zYw@$Sz_8v`F9eyXnr8nA1*&}f=hLdE1ODXB$Mp%aU} zolnT6`~c__*31}U_vktL?>`gNd0bf=uF;4aTEOZ3Eov37XCnbhu{NcL{~{bo6STVX z|DjQYAT@%ju*giCQt6J#2VxS}DMr_TAcASTA4A1e$YTf((TJ$$BZ06Y7xFW4;=T^? zK9946`KGN>4}pN}4Jr1%7~Dg5yn>^zB|DJLabqX`KIM1|txeL=trxxd3p^Ar;g~x8 zmRh`x!fu@Wh?K0R&IM9bd6O7OE9H%PBdkf)?h66|5Gi$y={ecaXm z;0H4;gBEZ|4km_Y;V;x^^Q&-WU{Vg{xQOb~11!d@P*ezL$s%cBz>F*w(h!?&h6J|R zKmsI5u4XQU4mXFLO&WH`pYulTzHicYa zU)RkiwXWe^hz)QwohRJYUYbw0DJe3T_6y;xD6>&`YRp-i6L{-Vp=x)Ex*_J63zP1! z*ME6Kd98zqTsh3F_#PS}0LV&20vlS-@pC1Mh9T_p0&*-j%xXT}vPqRqaHGeiZ-RgU zpKlNU=gJ6s6`Gp>A9#5r%ifu`0CpXO!&AZ=da+V=So*Jo9_QlS#R;#AAqKdH4v+ar63fT9NT6IQhW} z(vA(!f@M}Igr;$)VLTCaad z&5A+!|3CyZ`RBk^Z3>=_Oda)W+d$Ncqz}m z7&j?j!YKWkazs~YFeFw&s#B5c&n(6V6tRvgJHB{bB{L{GtwHn(2J_4SMD30l4vY`d z;2Y^{*O|=32EP+Grf_ku)5gvDE-%{G9MO@B{}H3KQ2izPys7rmf$Fo7ch8LCgOZgs z{*H=bxAxY}Kq0RE{7SYIari|^7#K?G>nt-(wto6-U(k=)ONN~93)(8AZr?Ijhbv{E z8!2X~JZ1*`TTjI-ng61=*^BlQh@2V11RaQ@qd#4@H(KYGK}I5s3#tNX|3~3|YEr z0)_*e0^ftM_%BN;Kd0r@5vJ63e};WA~ef4jlI zx<*Z>!3#l8@cg3u5Pf>iz~?YvoB&M8An3mduavrs-}^9<&?KdlL%vETRRdrCjY;b9 zIky8!*XZ2RM%`FBAiyKceZutzkyz4E#S|B}B6n5u!$>z?h~KH5d$BOXI(gd*x`Vw^ ziWqwG0Ao~j1?U;G7@~nxAX_Nwy#A?nAE+jxm}ZBqWKMf3LXiPh&VyW&D)*Lm9IEMS z5lBNWgjkkQbf?>9LPztI@)AvW7QjRc$KCDJ5B-ZtMFiOXEuz1Ek_ubP)wxy7>3Tj{ z{sqz6j1k)$2HcR7srTuDKAZp0e!Mf%A1U1*r3+GOf$OX(x3o2!~oKPRBR ztX<-l$ZQe}XeQ{xA&qG4KsXJ2I0x(it3iM>B=)D94?)J(8cWs&t}q&>-aARf2fr#= z(0pjFhl4)Ps!hSPl5QNadh&{OOj~0GZ!=sn?PXWT{+FbR>+%oQDWQkYHU`3F z1;uvBc@M6@h%9x(Gb5jpatotM6TK=(*yl~V$=J=L9L(kwhn0xBDN7=MM>&ws&V0s# z7R?=5Cx{|0O$Z_y)6tR40G&3hq0>piy`Cx-^1;-k?*eS{uq#*9-T~ zBcJM?FD~_~qIh_N%vvh^>_**gG6H4P6>ISU02}fe2mn(JHFZ&Wz2{cydOehe=v0Oj zD;F@DyzqUE5tBIEB(3#cC#_dF*^3^YH$pzY_d##G=&pqZ=;=HuT8c}@4}Nf~Ad$fM z63t23vuu!&HlPOO3(=(-(UMz2Bu1@1$Am1Y>wgUFH0V{KuKT(Q`~%irwrMc;AAc1i z0VT@bZ3&8zO^Uznm-#Z*6`*_aAn8?fVW~+o#6-V9YicdBtj*tUoH1|-0@1A2{9O8s zz(lg+Krp5@tH{XYqy!+3vA9q~e-Q$5J~2Ynfj#iX4c$x1+x7~9O}7JoWvhXEV$3Xl zhy%NBFFeImxwZ-E$yt$_BEjq$nxXEYl{ceZj8A>CG=oSbC9C$&20Us-q8m-7D zv#xjjCt#-b@OeBi(&wf{|C2vOOwK`An($re#k@|59>-Nt_bB6_;Fb=e=IVpj<46F= zD5vw=fAk9zih=;*bAnjtVYc^eF4OF`CV@mi_+~NZk-~*C|P5y~}}BwORA*!7KMu3N#|sjr43Ul1s+xp8iC% zfYR5LbXzxVtE+BH-!Eqhhmm>7-gP2NNiRzfQ$tg-&PLg7-~22p$`a+R3SDye#NAR3 za0mQ0{LiS%)b3e)eQW(obK%o3b&y`ZtIueqSVbSt`m)p#o##D5j%#lhI5R3%J^vY; z8W+~j$Z2->Ev}v!17YJ-MWyPnCKWH%O%}|{3mh+kvlTI7{~W-+Nr6x505O~A-l^be ztv^GY9CWbL=%mjsthcWsLp9u}Gw7j1`-GpI{4Q=x&GQuOzSLEW`#~F*+z{WTCPLWF z23Vf?_Ly{a4zsEHtWT&6Zn5ftLe=K!DjdOHel!&aX*_<3T$}zmP z-qPErX@P?;LugOA{%a!&c=@+Wf6>f9w;Ga_w|zFW9|L0o;gIkt}8P%(`0j%9CW{B_N8QE@lVt@d$y++m8!C&xj)wvwiFP0HI0 z^N0zewXvVo>XWKGS=%@Dbdh)j`Z--LnO0CZl8I0sk;fPlt!=zOm=r;mVbM2XG30)y z{1NeyA#ti!vu|A{2hTM>gg~cP8W3K2Tf4c7ADpfF>6k}~CD;+bh%N)k0kt!N;UE`? zSKHUv2-zI;9;a0ggd1O&gxPr*dDcN<6E;HNzk1|ZMrwEBM1yitHa7!p1m5hjjkIJ<6&{SMn2L4$3fzW`zzyI`Z^?K3d?s1DC|e6ETUe&yC_||Y z2X#BnTGwWr9E)nCi4L2#_GtyKS_Wg1zA9)c=|3j8h z=eC-ExKD;_<*rh6_k6ilXqJ{V8~ymzmzHv3F^3@W7fA&2SY@FU73wTrj-B znT?=3Cr}*BOlxM%*i(Zc!a)oSf11uxB3#5PeNonzc9B&@L)wUlP%2<5>!RwP*np!k z+17?p`;U=D+Rb(4K)E^$vL7v%&5YSWF3aS>Ds`>V+PnanEpMJ;pb{>idV3oe2RsAX zreXxq1I`Q140iw(OhCu)TC2llEEOr*G2U(yq~uXaSpww;Hw5P_%iwGRaCI6xp%zEh zd##Th<1e%dTGL~=9;T``se^zm#d{z@2`T*boZr&Mk|=(AIs`ijL;)j*k!&1l>E{?V zkZy$T15fvJiK{jN3{E^)Mg5cwfo7M+bH0u2vio+E*LCBliePX%*5U#puctwn3Sbcx z<3T_Cv~1S-vj8Y;&mNcdy7d)mo_uWsh=L#8jsqSwsuD89hrE^W18P`&3?{JxYt__h z3X$8oHl)wz)qw=>RDY7X0yXK5hD;CcZTTiK2|O~6)R;o+p-z#Mcs|y`Jm7BEFJL5O z3<|%E#gWx64@kiH7zuCYsxnf>${Os26LOKD902oyqp+qNJaSlc?eLj3ScPV@i*K}o z-Td3VsmEpVrIN(o-VH7|%d7NZE{qT1yn`j1gF8N%dTaACNT`5FaiJXngAc1GVA615 z*TXrM^L6)riGYIOoya@x13K%~4MN%Zvw{aB{X6tNkWL(omZ^_fgIP2MF&uPKa*7bO z?}u(4FX%5v^-6k_7Fpk_3wEK^LO(Mf35_i3+kGxcLq_^(dt)qb(R5PRUR05q0(tAQ zs>^CE6+v&3*3^w$1_{L$CqG+ahm79^+l>|sSTSV4XzdyTFF!efoiAtUn6;{0EXJVq zQ0V+_7U=8B&Xy*-A*+C7FmK$@Zg0Y;NS)5&PUm)Np{`~(rr6p*`}j$=-MLF|1K?`QQKEv5;aX7|{ zz&BHgO48&#q@9Ze?I6ueTGw|F30=sScP!EY6dZ#sa27JRAT#Yk*~V#ZtWDpF7*hVZ z!FIQp!G3y0`cb(oS2&~aO*e&%3md>`aWT^2BSzSaJQtvMVsIJ$0RJdC^OIRsPNVzF zN(`GB2Kb{74;x&OENJ`}cq((Mw0h%ic*Jea`XgbHtGE4+yP>Nwe z1n5agwdwkg-}!I|P@1!D^t5FD9(@+Z3jaZ@|Utc$+XFkBd2B4Qr*z>)4A<_EjU z*1Z;vGt5`ushq2 z-aZ-hA)bfOvz_f?mF{O{zXv)H9`!=i!iV-9jEPZEA6OnOZ2UJsWIhmlz0~L zAd32WAuR}bklaENBTnk~;LMHp%rZ&_3$a-V%jhZpw#ut*P6TN}3yjn~t)Dd@h$iof z7P(b~j<9Y>RLjxtE3ou|Tq1A#x=oqwDa@h|9w@k$jzsaMLwWyr;e4rW1meFM&! z9NW$m-1{-wMWZY@PubHlAO9sK*CpTUZ?&S!t)9!{t6GO6Pv)>`w5IZh`U2dLg;{E_ zq~%%*+&3V(q{+*LXdQm=LL0C82|s`xA`3Nkh{1(NQG18Sn7e&M5=)r~n2$5~9<#Pt z79!SGwM{m1j$_VqiKupSyqOUP@={!#n63s7_$h=FSPBIPjZzvAu6kj?sb2u`;#xmuQKw-y zV09ehx^R$(S!;9lKE(&CImVUP4H~dZhoyJ;aO(`up{pt)hJ?IN2j?meT^D!%=pEQb zxxg07liEJ3QU8{?qaPRi=pr!)&bXbTIx@|+v0ZnyC36i#0?TLwa!%^nNabpzZm#KT zsq?rR(~6WkQhq{gS(Z*8VR@`C=VdOD0@jwiTiFghlzET_+HcT-C7qs-6e8aAuXI$% z;IDKd91P3bbpY1}K%-~#ieK9ZrIXoom0czgFpVaHGEK2jo$3%naS9Uhi7L0Eb&m%Q zH1NRY=gM3~_g1Y7sDg-;=&w1o7b_g7=r5ohlhEHh(a~Rt1z@wr>9|`rzA+EkXFX@B z1sv*p9@X`g_DB%@xpBb{DSN4RPX3(KvK?D^d*E}C>h_lWFXTu~fW5^j>xL!;(|X=j zd)BLOhSyl6egIa$HPw77Z3gpl^-f*HhGZ)yf(dq#C){RU1j5mm!c1D#-xKCtNQ(q&Ax|w9cPeH( z3@#@>r}S?-4i%)4zcDNebZmw^BQ0+2TOZJZ5qnA*Zf+22><=F!0&e(%$ly@>qG5H2 zOIochqLM2_HU)%-(En8#v(LE!%VgjS@0gHDpNq!=O;iaN(rv6{`B;DCHfRMM;l=9T ze-yFAH1aK58701eOPLTdZ#Y_Ij9iREJfQ1 zR)n?;K9*!ePt(n&t%p$u*`L@^&om+@B^Q-rt&TSh_^VnTQge*T`o?J*9@M+oq9@fM zPcA*qWn>YUj44##ACeDwR(t9qG+YSmm&Zv{%O%vw#>@Mr_ih<>E2CLA=PcV9A=PnuD7PDc0sm?E;zp z0x}$z6HG2`T91i>q)hg_Gw;Vx%v!54#Y%plrW>SAf%ORL1M7vx->6( z&q}IM!HC@4ryOQ{S>C}Zy+?~?pxA19-ot7{)3@N%IT{CnCd!AQ!uEhFd>P@4L51`0 zp2I21>UWq5Rrf?hr>GYTV}=G9Lg31b$cr!&)(fMJK-)DS6e=7BTaV-c3fG$xUG3h+ z2OyVo(bYg%_xNjVPCD=>|GWPvZy;u9^jEH~Ux2FvD}_S7FWebeZh6qcSq#p3WX+SL zpf7vh@+j~Uxs1J$NfjZxD|#hV(D|%$*433$!>F}B8TQzJb+)ps0eRTVFVF<1c>jU85^i(Gy$wt z*(dL~>u_HoLbV(Jjcn|KA znyl}uBSjap^rZTSXv``eWiB*I>TA%fU_aAcJO>X$fre|9aQ@mZ**>*+0l zMszKioAlcd#@*e!AP$*p*7$P0f;ZcCrMz4s^h|K@P+h4vDi724Q+3xw35nBv~q1S#-j3*L{Kem^0dy4N0P-D6kC!TMBXs@mzW4y;#t5XgOer zWvp#wxl$ACA47MvLawJK-;MU_t~!S(6f-8%rzEQp^`lL?;`m)Obuyh1sidNn1Dh3b ztx8Xs2gt;Weu3Z>s{=A+JDC@=HstgkkcBEsDExMa)#+qk%DeIxqtZtsa@$Ag(C9(* z@RkXUp6@f!M8^j>`-umR>IF$-J*ru@ub{Y5#WE|d+!9||XdfOz?%gV??9a4#aqkpS zikejPToz@k@`etfQ9jT-z9(-;HH+?&{VhToeB|!y^r!3NNSeRMqR^-U`EEMKsd(}% z`b94V15)iUu0SrsqWaFOv$3>eHMld(T3>6)5&Xrn zAh#Q83e^+=K&7AV=Z9z$aLk(j%KoP2QYDE!4@4&doxqXNl(i?G||dqt9k2kwEmJXmb-=HX5c zt$t^xO+?`*&Xmr(1>OM_&*|;(e9fE`@AMc)VD*2@y+@$WuROzRY#sq*Vc`zfJlo6U zf!F<63MFOPu&T%PY;c|07u$DZv`=b+JmL=gqj#H9uEz>oXIhtLAhrWG-Bad!fpCVB z1Gj9WpZ}i?Vf`%hasNvR_{AAjoF3ZGlTvnlR3E5w37*YGHJcy4-jD(ecw?tU!E_AV5dFt$Qy1**Mw8g8?gpi?y}q)ec^P(4#oUk2u_FfxNj z<8rtq&*?hhjMO>R)?1ve;q4!*YH2u$ApP3dU;R2Q4^_v z>ed2=;^}70tlEw!61mirlw@bQc*-&&=!tc~7^8PFOA99L*ObER0IShD01$+aB|1?$ z#uym>vI-XA9wevLIrKRg!Km#;47hfziB{ZPNlO4O!&RKcPPL3osFWOKyHtq=l1S@h zTk7Uq@~5dt&Uz1lvq;*|9#nCiadHbDfMzEjF#@gNcJ3%Bg_{hZ=Gv+slu>>B zV}f~|sn5!dl`sqZHPH;V7s{Uxi20L70c|z8s*j($fJ!Q?+{X}76Urd4*p5=GBe1@d^iQyi-yu=%b4p)>9D32d}903$r*^4lnxs=Z=* zeBX1R#eM0T>~UUExG;Fj)VkK5`6T>ZAsO8a>VC#)Z<6sN!g|FEAh+(#1=Y@J!(nUG z77P6xS=GQS-ieL-*)X3^i>1 zED!o3nwCWj)X$F#^bm7Ipek5I5+pg=6gq|Xd=nIJzUXk@eVrAnM5IK}p1@Q4qeY;T z_8hccuwbMyQnkC01z1Dco~Bbf9Sw*(fHWc`HvJLYnFbV8uE-&Bs~Yu!aJW(k0&+Z2 z{*~RUMdQit0d4FYVBd0cRoj>%c1z+mzwqVe=P6aCP`EV*ta_3 z`P^4o3^E1#6v9YX+&!Ga(2`U`9h#2KwQqcJZ?CZiUIPODQ70Ef{KCKd0#Go1)j$HL zzQri2?5yLb0n?GRQ3lwOT11^W>?iznh9_m?0BF8%uT=&y;~1+2s^CRkS~6-@ErT1; znQ3kI#R~-yHdZPWHz$$vstx4i)FOH>oi5mv&Ex=k0IIWZ?K`nEOAQt9tbuN#n{;bo z2DHq%sA&0$P?)*WO=AC5nF?6jMwKrQC|s4IFTsI#X}`qq)qJV`R{WI* zUxS(eKJ+e8`RyJ?Cp$rh^~eU-PFRLGAMm(6uHrKUGcYk`pnI)8t}iO!6!g#|1u*IF zkKY9P9x(Y?x^#H!?*Pg-3>a`f?|l6$r$OokpVk5Oq5A5WWXeV2AA)?+VN#O99r#mc z5IIEZE)^19mitm%3LmKLxRVNu`q{8u#`nN)m6tV!?PUL>=#Y2dG||G3t(wcdjg+M< z-#2lkJ|D8dPB|%&q>@a9N#ZPO&IQ$u(3M}E*j-t3sm8TolV#>OE=C4%77Y9q%J7zu#$g;ZDtqW07^ zeNOYZE*%vH`7p{lFW9y!3FIB%&&cBYDhq~c`0OyOS4GIf?PqU@mxzj}NhIvxgpRIk zOgH(y3tsRji+ezNf9|Hc_C+U{b_AB#6-frJSLg_3J%#2KPowD4tJ&(dV?nt`>=^@9 zn;budtoR>@%FJCRnqU4lh-^@LjP8_i8KX|HPMw+@ z={WmX(jqFR8b#&LR;(vRzPxvUCr%g=FO4-y&*@W*l&xOf2sT`!yn_=&GZQ`bohV6)eSYeh?QjNi(1kdZ zGUyiOmQ%2H-wCaRLW+ez0mulrwVe~BH&VfkR!!>HAuWP2x&r@3V3J7vRe=3}e zBulr6XYa)TDmTbL123!`UGw0rIeXUOE*%O6*c9STuURw448&E{wZb)ASZ=?1rp8rp z)w><$BQ9jn(y3{x5AgYfFv{P6YK-aZEGnT-Il)F1xj47|hiTbTn3!smSCE1F3=-)5 zk6V#)-Q|YbqTTzqn#sA!NSo0B$-uvOYkUQXa21g3w#Erwlw7+(wsd8=Rr5aG1QpSAMFs3U&zQH;yk^GaUhiDfy@+2sYE$DM3SihxSKv*nkzCpa?V0`lN;tMx^zYA% za>}|N0Avc>W2kY4P z7xIP5Zfs_fv*qPvpe`MTMIM89AEMGjt&ouu=k=ZIrlF>K)%5%-$@kgap%)Vd9YTKriirPx=CFO6H#F@^WK6M{kz(R z(F(e&dB-m0T!d@G!>g>QpN7&Yv|t1bw0!qARL!+fea^U+PCW_$Ax$^kpg~O#@MMlG654FW>FM&16gsDHM9E{|AnK0;GI*{8>hhgR3+S0pN>(x zeqn~0gz0MqL`{KKIJPVZI8xbglf z?y*VnGvGLjxug^(QSeYqmmD z7mQJ-cN8qyXqG}LJZM6Uh%s|HTuHPTuK+LI@iSTl+YDMHs8tObwko=mn*>r5dAN54 zGI1~a$)~v1d8AbHZE9m{nag6G0C@lQcPYn$l)bTj712q^v=<2VSKbsG1_vC1%rXYb zvRByFXUaY@?<53TzoyfDM z*juLX(VjD&^webYEQ@GULjT{`ZbP^nFH46c+TYf_3=PQ}lul_P)xMLw7|@p7R0llN6pYNe#yW3>u?S|t{T9eVv~btLHOZbWdoee=itDp0DzqjP zF-Dcyd2ZUqWGPU?6Bg8pTBMucMie5ct7rV#t|4?{?UZ4a(TJS$_`i!77$FL=0ErgJ zk#paEaTOCr*didV&Q&Gl8Q9ntsb<7 zh;eU=E|jNe=sA_PqNgz=+$REu#nuz42z{r?`b$nK2;eAVwfwssoemnH zCoV<05t-eix!VU46;dEoy;f!mA2yW@6xdSCx)NHfy0o*Sk!!xYSGM+wS(kGWcvF6U zdyok)YxJE}N!~7>@~_ltklMF0mR0|_r_lXADaM#L=Tb9+kkZ21P+}DXuY#X8tGfK% z+q*|RXNhLa_24{wOND*h@8ct>Y15=*u1oq1eA_UEyZ~&m<(*ZH{MOh$rX$Yg2O;I6H{ihpnTWGx~xk6bo3#3=kqE*fc z1QH*Rd;MV^KhX^eQZB-s_qI?eSKs_7k5j*wvv<<~#qjFfvB6A$)}Ihtj3$dK+ADgE zD8yis)}Lb^#L{9*Fv{gtwD*`OkbaELpZk)n8YGlwbKwaSoZQyfiMTIlqQtT6!&h`( zYjX8J>o_7<^K|q%NvxUG)*=%;HX=TgTBT!AnwvsTnSw;~$zJkkVstqxsJmXo9;KD~ z4*(DK>2wa$?Pg4gBG$SZ>gp2fIVaKZYgv7$@`O*>R|$?kLH7E5yy4s0fmnD9Q?K=2 z*v?w*%xOEbdH<)0LvJmW?;poc$`w9tm78L4m3hL{EBDUOl574!RZ+bH*H87q1IbZ& zYTt5Bys(XavM+^;w_qBc7A2pSOA_~z!;=C<*%h<_135!fqNjU~J`RZRm+R_gQ&PL| z_H*qB-e$6Y_d$x7gOOK_DPBC!%6~?ih}299Wjma1m@$;;_qTk0g0HUe5sa}on}1Jr zu$a+ddpLNw>Fdp*S=3u;xrFQk>BY0%#M@@9*m zUQn17kD5gpj};^KN{K3xS}+%;MnFPyN>qy$2CaUYW$hQ9w#+wQZDZ~8r{rC#$;G>g z6`luYLys4}{_)#f9)v!fO-Y_Vc}gP#8vC_)qRtDv%mcc7}XA>OfeCJdjqh&~uVWbhtq2MAaL8q%$Dw#qM0MhwGm@M5X4cT$u^y;tojh*V?r{#VA|55GasLU$R z%nlla@ZrjT7uf_tEaH5?>+-saPa#cMUFw0hRB$J!0U?0vRG{)xRJVepAeuVSOe|># zSw0J*>C8eQC#cbkresD7RoN<^YV&+yHr5BdBRw`QD=&fkNkcmjFA|dRcZGyR;UA#= ziU~7?nWEo~D#m6zHoyLLkC__Y0P^Sa0MhvzvS`ej31-3IP(4?93j!?IT1K;?7HE=b z=c$Vk5Ow%wWwXvV^_Y7C=>s)Gn+ES;zZ0(nROUf(jMDlvH?IHVVcB_|s)NoK%-`HN zHt;O@1k*=Qto?~4$-P-rad$m(;>7*HwCBps5H0`X(WdH}_V(xv0} zA1+sa&J;~1?{$xJOPzHHqSIoj?d5CGv2J(gq6)wW&A`YO1QtOv6fA*hNdV&15paeT zcCnN?)FzG_!VJRX$t#SK=Ltf>ERVG70*6>d5cV~eKs{VgDk31+?p%yMEQzU?;FfirX2Kx)3Jb#ar-I@H0)m*7?xE1{Q4)NNZg#wR z@caG~VMrFa=Xd(tO& zn=xwM9~ab~luPb%`u4#$vzG!eauyOXmjgX(&@BM=#$o1^<2VqqaNd&W^8>7ZjT5ap z#NFv+2#h!I9o(H(v{E$4-L?GmD#&o_6x_IvXZ9vh8D2$ng2YbxSNq;pkatic>@^e3 zB#UqZR*z+_Q@BxzZ0av&QOnyM!U08;GNAH!tSWvg6l}0nG&|Q}WZ0&DkZ|)QyGs^d zDDYjS=CZOMh&z+A7&{`eNL>r}BmB=L;ycf=x-L)(S4(%*fMu2cJ{X_97yyxDkjS}Q z=naNupC`aZZ`;<?IncP^ zl#T*8u+2R5Jiz5OHaoNXic6SNg4g+e2Kt7xNW>uJ2^wda6N_5Q*o0v_&WZX&($UK( z8aVYohIB~Mo_8p;U$n@|H64i7xx2@UL&mwBGl00urm!FUnT+EdpxE;cL{76RD{??G z6ji!hc9ncGW~)GBG0L=6Cl(ZI#ZU{&d z;EvjCW-Gl=SP~C)bQ*co@UWe&2-w!|-DzDGwL?;Qk=I#P=zvH`75HBF807zP|LWjn zZb#Yq;fzW&HAZGyVVSXnA%Y6H+wk8idl^y{2ZZc0T4u`|AXrcQY_RIm3S(@7ZuJKy znPEflKNvwkvbx)|U4(R7@0~e&5U}WB-)_+s2#U}qefE1!F@kEkN76XJSnbqQo0HSs znjdaz$SG*=1XCy2#kqC}l@z-i#d&r}Dk=lMyjVXvH*&f;B8(Rn3V-|$=Nh8`hr91a zj+kIB692y$CID&XuhkwLl05*{t4Ikz3d+F zrG)-vdgyeI8|PeNKA;EX4t&&ktP-ozo>%89_~YMm(`78n^G_wys5H`c5Cv@FdMu=L z8L+=LG@H!J?lpx~8-i5Z((Jj8yrwg%8kyF316UGmay%b-9MxH}kjY4ZcI&$zOY+(_OY zz{u&G7{~-%aBk^fcn0ZidKHjqHdJk#nzC^qGE)T5?b9aBfx>gb)jz_s*Fw>?Vd@`X zJF!&p!bb2w*H>dzJjDm3uN_khpSp8MUSlk`n?%|(G{3bv`9G5*7hjvJ(^j-hX~12V zd4%s>th+Y13xb*ROQKGjD0G0GmydlHZ4(7DmQ;k{JB$JVJ8#k^E&$GOu#NWO0u8bf z_)OPiUr%2$?qrJl+@0&S-mrTLgUWOIRhnR&t93OX^o_>fDyc?VdYLnxUF+K&ILm8R zEs)!p!<}S$?9Jl+_kP+kBRR}*S7Sa*>QqA@5@t-icemd_jg}O={DCr~xQcOqO#PH$ zNL(OyG49-!$OyMf(qD>_8BrW&^Od6?w=#Q19tk6z%-heUz${e4vsjJQ&ub!F?#vS! zZmA!|0@`fmky!aSgYP)xc`BvN^$E=)};|{TlBt#^)vr#z3Vi$5=tW~pvJT2-&Xrn7Jijpw~Ll=gT?%#ONJ;xC{ z!0})TQ3(~_J>&nP zc&!jb8NmCJFbSh(dr^K;{a}NdoUPFZq!Fz8quoVGy-#bkUP@&PGVQx-Uj0oR5Y`jX zz@F$mfQX-vJ2;=n2U1_Ji8sLJrK|L{e_AQIgGH~BURYip8T|pzL!SB9jW3ssi(w%` z&oL~_JZ3%Y8wt=xVC?Si0{OYn0+I!v_V=SfzOB^g=}L=Uq#km9@S`bWMIh3z4k^`wE<$lwJc%QS!pQRt|?_uTvc&6E4sBSR0ggqxg7P z{yw(T>D=R7hmgVLQ4N>`%613}@CMVc89jxuH?RxAfUSuiK1R1q8f93Gpkd(n#m5Fh z&GPUeH5D>pt8(&JRNKT!x(Eo;Y!HeEgSxVai5kikh(fz6!WoRiri>K2e^gE9cU0>n z&#T;mIC;SbYROAk+tClWB9g<8VL7srl=%PKQ^mRNpYJ>*9whR7@iK?H?GC6P?6xX- zC&GYv#ljz-1e5Ef{dTheJmyym-e4tf&9yFrX?Y;8+NRNKJRqWvXq+cH)42yu{t^ao zlXp?4SH67jtp*o`YxG50y&{-j_1TM}ByiErB>gzOey-7sQR0w4WqcY&+ONrHR6>`R zGTyyE&U^!eJ5FRkTT+nP#ruyR`OJQaui*aC4Uzj^3Hv;E23!QWt8-T$d2jU#xxKF% zM1RZed$zdZ$fAv>7j8VXc;j2SeeW7XpXBzweecrY1*=o`hKtUIi2!LX;lQ`I--jsR zUMou%7nLpjQd`~p7}N3_4zo5tK5D4-6{fe9pbKM~wvEgXIf$GbC-$V-aaLa7F#l|v zDs(BjjZ5EK2*5eJV?bLj-eG_5j#~v7ozS9qs6VgK4K3ILTB60>(de!{&z?{SsP#6t zh2}n0#s4K6@SqMJ&A_Z!a@7hQfmV=l5+{k}ZO7B%Fvn!)thFX8fWVcaPKl)#2e@M# zpii>#RBkRUjj33ThBa%H5D{G3|6cYS0|%0zLOH$ziG762k=T*Pk7w{GE;tMFmW;HT zH-U7bUfMg*ByG*Jm-bFo%$pX8($(bCKn3W%@8~iY|Qjq3RE-by-PzQ z6w=6;0(?K?j~dKC$b>tM?w9YMTp2J&f7@&IY6ZxY_c@gc;lH}*=lmd2(9N?CBh z$EkZNokl@i{oMe2=_w{Aa0W!Ov$l30e&3>nqsJ*bI$JWU<{1>A5Is(c-Fs8UcNkXu zRF@^&C>%2?rcZslzesS-bJVqwpfN-k84TJTg+!%+L%Z}!K#{s3^8M>rM$pu&uLafc zgF{YXzp(&?Se&&LQ!}0^pE+WgSsTKW=i6n7Iilhu(qvv2a-3Ijc-JAjo1PV=ykx7= zHO(>W-JnzZg^OV2r=$@f9q2g2_GVBrGxwwNv0B3(zlu%P4G0hb_YQq}dQwe_gsbj6 z!M}qHgY2oRUE=gPv`DRp^*t|GMdDpJu_r`m4ui7HrnIDH7_x^f-DR8_7I{DMEAJxx zwW8z_qRxzfGW+y&Z3{3D^eTHT<I}#1J_$se7coQGK0V92D!wb=Y;u&z*VOJE2sv ziME1%gg^A0RC0C|F3STivdhcLO2@t=Eg_U+5lqXY1aAJKj$e1NT45H*A3veA`y-*oEBcGKg*h!HYto{m?Pu#Ie}G`JASG1H^Yn3#zLWQB`)fZK?c; z34#j`SZs#49ZN7G`bPh;w{BHss*y^XvNy_PAHm~cQC7rrZz%C^yntLF?p`loHyy`k zkT*(@a1D%sSzmGb1&U{Ku^dhGFqEK9fcE&dR1n%3k_eFWyJNadiPt*nL6@iJ`TCcfx^Tl+zJ<1dB2560j_SOww*zaP`nQ-6}AYXja4yuuOER8xaoo$MN) zybPf_3+kxCEYP7$#y(^?ezk;Bcvy>c-L>y|)#3mE45siSQOY4c!YyxCw0-*@msMVV z>rrYKRtSzUtcLcUWr7pp5tyorXYh|8Nod-v??YPOJI{Ox|GZ+jy1c%e63b3i%)HG< zY$D(?eOS;}&1fO`%vuukEvWzU#U27aN<9*wB?uyQzyQIUuDk8uM_lr-e&Q*d0Gnl7 z@JGotJ0RzYZ*XLV^!8}3#|wEN3U9ZSlJsHB=||)-_nS9Bz*=~gU&-(a%X}Dp@@FPw z99X&73^s#HFrx0WNG56Hw#GS84zG_hLv;l zGo?-&*EsQ1aC^pq0M|shZT0ItdBUV5J!27{qP}Xh(=?w2iFP74K1i~QvO99x2 zG{usopB1Z&;cMZ2={}nhMYTIk(MPqq)H-nZb^1o7^zjG8Q^#Q*gPw$YG{s!OeF;eVrRBe3 zF3!b>f`c6zkv_go1_40KGBmle?tZ;X;WjebT4aU)DQs=f|^7?8GOeXiVP?Eo(Hj`L74 zML&ovB!4zGvL7=50GyONJ)>Jm1Td(QefYpMfv`#EOn&gA?fe{vO%Oa_m6H#=7P(lM zu4E|eNllHq%$%_Ij!9~c+X6+rscHF6vNGrc)8Wg=0PCF>v)NJV5ckoDgvzn?x0!R% z&5cq=c#oE3SeMdW_T)>H=Ki!ayO-id`+mw!bG=?XdKjea`pU7J@WeK}L_Sfs19Vfm z#}57ov3>hzzvWlT-%!A~_oJgK+qR%O;<8uzvWVq*AjIk#P%nqPFiIUrr7qewBu7HEaB=){}uLN(HHw$CTuZ+hCOilk&y7}smcR+`xFg8Ij4a+@9eA4 zo>v0y;_nKFwg{~P(hU@w#$M64s6hVUpB49Gh^NN zg1Gn0fL&v_+vl^Al=_5P$>=~adJlWAS2H$s=N5|-J%J546=A3SXStr~N%ubtFjZuG zi+h(>m=N#Ccnf)|pX5v*7yr#LVODANZ{WJxKz;)XXWVB_tM!$&xeb!u*h}HsyN4pN z^*!K>!(&5il0$eC@V1&u`x$MY-#t-*e$maP4X^^3H0m$+O0h;yykR#GFaf6LI;SZF z?+mZs3BmW7h+_r8Uxqhci{{Tga=67Ghx^;ESn9*Mc=BM1gO4^~Se>q|ymdYRxWC$V zEoi?;76^U$?Gu0{-Y*Kt-3krh1fGTV#vUOz#M8Smgx2wjZa1{y zo4p97!xAy*UO8YIR~zr7jZb&UAI$)Jv`R5?q7v{S>8`MoG_oc}xoh*Ws73ub#O*`4 zV&VyNIX}(I!|7g@KTiN@?TgA0V&wUKgi~d1uiIO27Hz`HC5N;T4YDw(HZJ0(c*N;F zgp~*lc7N@_REhBKgs~IVlTzydyft zdq6RW=VsWyOQ6`li+@2!<`p9q;KL@;}9Ue%3QV-0StnfSdtz9v4GlUnY`DPLprJsY$v`VxpTTa7!i@kp?2* zfy}Re7~2s#E1{{P!{=3eakc-o7NPKAWT~ryN3AqC8+BLiMjUtx$>OvGR(YM4r%5jr zB=Ilzd9F~fo8+W@F;(MX^*5O;_pO(mmYXSW$8M@f{QnEf69q!(g5CL~nQyB!wop>1?@& z(e?KlgE8V6aCKFYazf(enw42#OBwP|nf;gu?FK4ammPSf{cw|oNEQyI61Hv<3H`$`ENsjDGjncN{+0vuf z5P1*w@xzHI9Po(_{Pla23LOgIH3g0mlZhuFr09Y`pzYmCQU~f(1t6_ncZNJy6H_L| z9gu%|GnY*uRp98Z2`_&Xly}{!lIs~zJm(NT+NQ5b%0M&G!tF>6hAyob>>QJhlC}y$ zi9NeNFjG5U|4Ox3GG?upKa`$O2mJfZzk<8L*FzYRDv9hKc|bmL9cz#G_z3+03T~$# z%cXak%^q-;xZLzM#7)Tl?xyKPvyNYlI5q=1G0OX;%5^5Q}H}u+rFBKW-%mzGI2TM8iUGg zRlR+=qheaZDZuI!We4$8(oOwhgA0|7SF}H*!rEEHMAPN`;}496qT)vF6qzse|F$xI z^N{6K-xUk4Z}evjm8YOO3COdIP1~ZbLdSh zZH8kA%_X#s+p$yU-77ni{ObRyhSQQcUH3m)Eoyt$`1s3%My)JH9_2)ri~Y;#kNgDD ziL&r`9H+4P=Jh-pc?d*KR!Hp_{;Xb@AxUc`B;7 zfo!j7c6`|Aue(9pnj^cjfUBjvZ*xr*UYE&-e`VBv5QrsWN8ZuI3>6SPcN zinz%4dVSu?kMJh^j=LlcF{&*jX{_Z=fhr4w!7ps zCXYsq&#{jLR{8u?gUlT3SZ#&i5m&}v%g`96+EXo?laAZ52Uw7t^>Yh*0W>;a`Kp!n z%02WcQov}n^$cW6;oAh}3e>HDAT2uao4Q(J67NgEyTc^Z7bR3^&p2i7wC#jEuw34h zP}%ZE1<`Ir^GUThYenK4Aiof8NlBWcy2SWhkjDv>Z-2bAmUMt+XwjDh(I;_~{!mB2 z9*BH|HMgRxuZ^3G&3)}UGJrsVs7XPLOB=d%5g^WZitnUE8r)&ve$r6 zf%!RqVAcN7=iiO%!mFwFY1ag#1Slvt50vO*HRDRMiEC{_G+s zMyyE}6grk5cyt@7x?302LURL37%ue#0@0SsVO4_An+QeY1d&7wOQ8M}E!utjob`_N zFb{Fk?Xe-Y%wfEdq`rUS?Ndc0oOritfS4B1w?q>WxEVN84?JIWV1n7rZFiPzgPb`l z3zC%ge|c%UpYG}hKOBiCj%F5JPJ}iUmI4>f*9Qg~G$Wrw3h6^~^Hcnv6jpyt^Iqy-4oHIOdH8_Gasjs#4AI;K;x~&6I-bj>m`x0N z5zc8`=y$`suOSxQU<~jV+@MWhBHyby@ox|d+iUJ3lqB=;68nDG{Oyj+aF|CKzlSFX zp??+u`>e19wg@&Nb7QooZtv!%$DNVXR`FX9>L7sORWXa5Y6UsCQZgt`l%|Ih7%XoL zuORm$pm^~Ng!-ubzvYvPLti?wr=GbeihAP}SQlts`cYGGVWYPP3cy;`<$HCbvLZaD zEm)4)7Yn0W-r!Ns0DIbM zg8wlgMpOUga!l=2WTLs{`JQHtdox41mNG=1@tkMP4Lyqrf`lUHYBIBNTpDL}LlZOT zwln+6eF23;00@I`JZ1Jk81$@oSj$4HJTS7(OyWGlo7Re^x zJSjSpF5HTtR?|X={2L^oby(x)$xT@|DQlzLwv^XA`WT%|^3(X1*OH)&fJTj|sJK%C zYTVZw?VZrL8H#rYGEU&MACsNf_)DQF6soVf#;8>6;v+BtRuGYf$Ltrt6_p$3D`SiS_Zzed8kzU32Q_CY|(Qqhzv zcgAg3!*1uE#_X+#EHsndZbqGuU5sFUK8SecY_o)936vb@nzUGL{DqC&nFA7V*PgFn zxgBw>K6dwL`?5%8f@qhmKW0p{kajqAA(|1l{lmH5Oj+Fu<%)%RaabyDO+1tUxw~0W z)9GAT053U)+#z?(8Kfx=u!v~2hS#egIL?;PGu;A;C^W~}(xG^9d|V@y`DxSTKizxm zQDmFX7-@}B0n$$!cE@+ZiU|{>Muu0t9)Tz{X?E9TWCzOG)#DTD3cLDW;YWl&qRI=1 z%6epJX{jjZ@A*I@45_eKb*Y=x(%#0c-ATdTs#2?})USR|tfsX4OR{1$Jw)s+Q4|Ri zUcX-Z^uX4uk>Ia08dOs8Bf?jp?J}KdW|{TdkR@oCQ;p0xWpc2{n4fVgU|+PEKhRds zp8Y0}*Yv>I&g`xE5h{V;ZsyvVwihj+gL-Ysg6I>4slK>i7v zd2v>D+uEk9Bf$02TQPnbGt6|h&o2ScccBQH1V|x`Pa*vuFYZL~%Kx|NY#^$ZRSS%B z&iGRA%rlzj+Iy_iQVqx37I3G4Z`K>F7b&sMLii6Bt6^)Ff~(czRwK(F*@hT{#rljj z%fZzk=NfP%-0bQ8;7&`6WtKiCHbl`w_;os0;UEo7`h9+#8Vi7Zgu@%!j2-DFEdrE> zmXd=XH^zoF-Cx)@0rv?xsq;5EmNalmFSB;YFZr@~ZZVA_*6%l5e7%87Lu1jF8Z zi|{$l$&Ukif$$`->|}nbI2pjgsOl^;uUr44zEYfg@Ij-3JWywYNkY(=^&1Bh);+X~(! z+y9H>Z$R-X$Pp`VvjPvoHKQv3cW5SX0GTRiBqMoNJ}K1=pPjm)W6KVMTByPMT2}(! zex_}mp%a$0wXZLq)MoTF@^ojfrSimwiFy5_9 zIXLL%W&3Fe?mK{HrF2C!t}&OxD#TUSfZy-0xQZ*$+Oa5YxlVi0LbYZsE?|KzDp1BT zn${rFeL)1$dBbn8(U<3iY?Bq(qe07^lc2PoR532R`DWG*Z#F|hSt*zt`Sho~<7kF5I1Y3Dp< zkA37x2zmevezCxS3qcSE=XBu#ho)p4y8^VPC7ZLBU_=FPV1a!)pmR}>lwDTj$Q-6m1CUqfpxR|&wKzqCiIv}P z+D%iudhf07j@^4Emm`Kfd;wpu^eWD*m12s{UsR&i7->6v#z3~wC2P}4LN_cNm~)G{ z+-UT2o}%wlZ2@dBJN>ZkXCQQ#+lGb}Z=!Id5|R*X)jpq&%!f%)Y+c=V5zWRCvhO#7 zSAB&Ot!XLv0dq^y6wtfMVUswnKaCJNaWHg3Ljbz;hueJfU=kEl({SS^`F!SCyJ{$u zP5(-9M`dgBGox(dq~U&G4ba^WDD=Ssit)b1d4j%tqI>(U8vtE>4-flBU^3s?HN5o_ zk1jKu0J(PNb;3QvrX!~}25%4(T|NusE*HMVl-O};a+;3NE`#2u=lyCQq7#mV;oIK` zgHM&wF7Q9$dV65GnJ*(2&z8=>EcnwHz9t7D9bMIrjfi*Vfl)f|i@fVE1*wm&g}DPB zurce^m`3=+k;9rm@D=k@+ySZ$xPkxZ%&FEmd|AufY;t;*r2D}C*aK<~#524jhxdNf z2NmU}r;|B`r0xT2@xur-e$C>e&Fu$03EKpA>XEAFyj!fvDKF@61qqhV<*}3c9cVg8 z3^NN3K~wZ8X2W{rq7Jb6}_~ zYco!~-|4rFaqxT$Z;!bRVs5* zqZ)x6SZn=%>((&gQbGBpi@;(rqHwZ5TU%()-01&Ov3>=wZ^n47LmBK<65(SVMNp6E zjGCdp^ku^R8Vg% zBgz`mrq2_j>zvOfIqx|(_}rirtnP=aI?+C%gf!Yb{JR?)6Kz29MmnNM^q^9PZy52KS9=v@Y@ z#*Z4lQ(>doaZi9X3AbfO!i9>vUUY@zAKN7UDzQArVj^+zkss4^rVC{aNiIz)cD!-g zepI^E5)!x=PNO$KenzKbSiiy3&={9^PUbW~10Vjy>EBN;A4xp@i}1Af2p98>Biz!k zr-ZP_0kNgs6=Bx~!y0dqcl$~=cI&^m~Q<4ngJO$#6L(hT-z467-NWhi- zT`D=03aHY&@81%JnUC!^9E2&-p;o!&sJ_+g4|k4a-$rBWo_g0n36>euurvfcs%yOv zU!a-kaZMEbvDopwZsOPSjX2)G%T&+MlI!i~JFkeXpBYxNcED|NT z?7c`90umMS0_vSV`|nCTwF+?xrysY7A=G!Wp4JL1CL%kh%9vu- z)bj1UZQ9%aaa!W2efC(w5Y3Ypy~8giI{HQ6M}Gk7bpo*HuVO?;wbFxIa`@X_AJNW) z2t&KK{UlwK&JxW|&AFsKL}-k9=4L)epmJP*0)aliuO`|~-_fu@WZ8-#1I+xU<~IgP z;3nO-IoFbx`wSg&|FfM*A(B`zp>ISbL;UBNIABFV$4wuV$yiBwTaa|H&KY(%*gw>E5(| zv);pEKOWX=J$J)7c3o4a(hN-ByS(BdbBc<1`uBSZjf2lBwUNojmKa;w-pbt94rrq# zg4r_XbdITeHB_xHvg(zQ%pUnaGMgI^&Bn-@ReS!!Tmm56!fEx4MBn6m{l|}5ibpcd z?+@Het$phkkmN+8ROp{S=jRr6mA3<;Zh8Yx>W>c_Pdxa?!r5nwpSQI^h(Em%%m|i6 zktM+(&;0Gf3M&aBFkip%OnPBB(|f2<2BOMBL4M(lx0O~BB*Q$zvXZo-OeUlD1cw?G z!y4>hNKA=y<0#f3_s(POFx0!J-LA&n9y(U4$~ zI6=1|ZeZc5n%H&z$3p}_cw8Ep;6x<0t&QZO{rwL9p!ADy*pu?%7k52Q*S^Nk5}7zt z2_D#zmc|3@BC-71$?HQY`<8S0V?MCc(zvLH=~HBiw|$Khn!mhI1hxN`!!AR4eo9+y zV2Wa0rDz@NN~|EY8L~Fd>sP;Df}GbP$(Tsw}mp3o8^ly zye|xVCZ$n?;GKB5u%92P@8xJ2(KCF`pIogxcusSPMfaxI1~SQ_3i-o9Tp zo?0mVJTi5^S_<9{k-SUfQZvJ+hjovvJe5tTlubT5HBS>#qvNK+9Jc=_gxfxx=ZS+7 zwJf($9F+SU2vSN*ty(rYV5)q2UQScwqOV zIV%w&)%i?FotHIiw6g83-_B3k5jzIJ{LoG+z{5YPX2L6dRwVNf`h&oaG!4V6i5XrufXounsj z;P*g2Y}KCXs~RmKNl4muG%YE(s;V-|m6s;67bY~*NwuJ@t1jgv zu!VoudyjtCsJXf4k@x>bkG}sK(M4|>-NyXesM^{8oBjU=w=uwHmm)#_Z8Msopd`v(xHPeXOG1I5+h%x zP2>lpX4c|fG(g@(Iz2>h?nAlkj*JFD+E@Erh_kosEbn(Y#|u#TI8W>52|mu~K!A1P zz68N!n91w?GGRTeiu(iHu>n5|u2h@{z#mHn$8fx#=H$4&G&+tp6cQ3RTTJF9w1ZoT z#&S7Z5l=NgchuWn3AxEL%62yE{7N~XBuk>=Bo{b|2&)CXRnz!SW1WZtKRDC^SYh!T zhsKCOF8`N(9S3uVZo0IHqO_DwKDUeviX%67&)WjuB>+Uvjh zzBk#LY>l}m5T71fn`0)g%9L3N+oF*{goh7BK3fgSB*6hJR>3~kjkUk#Ms(T$!GrR> zk@m+u05jj%nMcm(+Cqq_GW)!D1s9*n-1vj5dc@4qGFBboBQ%+7@(J}=1PdoNxa4)& z7znQy>Ck&#k#IO%{ROUpSZ}>$iP-~}+^0ahT(f~Y|9jcO#}0N1e?5k~(i%kOH#De) z&!If?f4(Emtai^mO`+uoF|IJHcVn5WIsCMlVqT#%2#N}a{c}o)iO`)%K&ZLsm+T~y zvdhBCm(^O61M_^Nu}xGUVxC+3utGEPqYJ8o?9j&FNdINnzrsp<@Pg<7LA{KBQv;Y2 zneD8)Fu(1t*97ac-L~jwx=vxY#B*{$&FsM0z9ZWCvAXXH*ukZ&#J8IEp$>HF9Kf(t zH0Q?PKNli$8s9`W#yFX8u~k!?rd&`om%ERG8)kZW*8=ZaihU>tHDg7Fwh!p~SnZ>> z;zxuqCuvVP(Y*(jo1?#@ZLZ0YrQ*N@5QmMOAx#N}4i_*djwAb9GI?L=WhJ;Vx|-Xk zRqRVDu4wPF(h$JHR;Sekgkh$Yy@@jimBhiYhgoH{HMJ_V`xBGE1lC=s0LRvrUb4U^oz8yJ1*xq)u|sd)xN)x||YQU3&4-oJljW)R*CSC@=U z*Jc;73u=rR3m{c%(u9WG7@L^qR&r()jhQ+J!E+g5>B_iTD*WHSz9HUU99XHd_2Rbf zy)J1)fkp_25jtrw4GxYi56)%q00b+8WT3vabE92><;`m6WW7S6J&$}%Vl%g z#!n_(DW3>n(8T)a#Mwq!AdX*+!Ll;8?E7IH+`Z$ZSOR!Iq)R>u%`6>C?>Rn%fPnk( zEnM=gi3|lSD_DjL>nAvc^%^@AUw);Ux~DM(2$ob_C}*Duh$+&xqLO$_`y_6Rv1Etl z)Pck);KFbGaXIxReK;QmDN(v@@1!l#HW)jMfjB5TqvhMo9d@I2xfD=TPEhxzPTVL+PnU_K(;hgm%Y@E9^idm{ZmULWWT= zvK@!wQA0!3=AjHBWWg3~O|ik(9X4{o_LysN{kEAA|LOz53#M-1LBy)gaj{?ckJOiub4>1@UP8HN4REW*l*C$KY$?@Wyqf8Or9UvW7QQ!{ee*t%jje`Nr z@{{R=bH(BOHEghuV>RJzztGf#fHGt}U_Xx@jeY~9y5aMGQzaYAzk*N^Jhv$cxv(9J zBsQ?~M%ft9>s1=`u2&=+3D%`5+|T{K778 zZ=V`e$%v|w`TTW2_QZr73q_Uhw);i;@S2p@(+&dfFeO(+-5M3X&aYzH)c5yJ`C}T2 zTVw{CGZugUKzJWY#*RdR=v~8`g3+Im5&?xXk?h9WV;4lTgHUF#UD3%7LL#|D^f3@# zN6}FoWD*(9Dq-Um8%0nE*J(l3m&maSSPq-kV;E|;N+9;fz?y~5bk2vt@$H`%y(tiH z52yr0gQN5zSj849XBY!`TrMB5wvS8=5DgZ9077l7eT(GO)Eil4<&_+Z0b5@71P02% z15kD5rkWL-)3Trrju6F32XZ;vdKx!;yK45z$6pYsUqpYwlgh~ z7Bq=$f-l5P5FqE1UK8_LX$5)tUSBQCY3H5zETC*b9`t8{c6)djsg99JcRaqefLDX& z-%)>bqZ!R}xe-BOPgyfNmn;Dhz>CB$=RjS30Z+BPHdoiGRMK3XzQen`mr= zEyy=+EY2*f46_$D5jChwI1K~{8q5`(mP|DgiPU|q|Azni7-3AlX}U3`_>yUc+gM%M*{Qy)4!lc_cy>*70{F+mzQLFw*Suq3 z_GCgH5*FrL!dsOvz(9@0ixKKL(;``f1c@5-2u_0p#5L$EVwx0tsCSwa%<-op`X3~x z(TTWDqeE6=l*1ue66z@PYrm!Vpfq$C5LX(@5U08ypkIR8();kOo>CSZ_$^316$&HY zcR~~SH8lVM=TEl@EI|~>65Gw?d9VcOZPK1>CL6iZ|pH zZJqhiOC-zzqpQvLx00xxBe>f&3Ny<(>rr2J>c{{FdB%+;8HH70R`pn-8gm(@`3<2V zUBPKYQfD3sz4FxoHWef@nkdE&6(#Pz#bTFKNs&s$>!*!r7$n02!|8r|PiH5mb{tWIzJ%4F0D=a66{itp zI-O+7nMbL`CL`Ki24hD?0Jrv%O2w8?`=q04ShtP_AYe#pIhbzrr}&O(h?OJH#3-O` zRqQ!}T#%HRdG^wpixv->jUm9<#>HTfXfkJamVY+^H_UVi>;*FSPQ;J}JsnHe?iVxR z1=xKtf*1hD2Z!PW%ju#>q*_=A5V>h0n;9sD0=Lr6!D(7n7fc#>>WPo?ffeEx?zi~* zgX%Jff(G7lxX@mlTiAS;Sf#M8L>6u0#pxF<$u{()%NQtzd(=cNF-bfhnH9mvssK<2 z!C^R{M$r^7mLzX5y)?V1R2*# zpa@FxoPQ=W&gDIGnSDwbm2;o37>}2a1O946PH3HtiDc?$D4+(OHd8HBOV%c2HpQYw zO~pCnaYl87%+G5fw7d?JXrRB5HTM9JKYj#mQ&{EW642^;3%#Yenm(1hCg8d&IS=g4+-ujIq20|T$7M`$ zrW1`h@n_}jSIABi zstz8=F-jjl{V6>8W4nMgWLJsl*m98f!fvb0RGqhQ>|Pt~TvDgJDWXhYvfl>sty6 zbrv>Z*^#cpWy7%>JPLSbL7EMl)>98JRGVMCAQLN`c_JX%5$v^5vh-V!@-!=0P??n8 zX+sIkV#Jy9&;8JGq*HU{nEQ&ZovAxtf4Se><$+`3SGUZv#XtAGO(knRev;hI{|YgKHCd5qXxg_FvGb z>Eg?@0C|>vUpB68!awB9Td1sA;c{1USeD&cnIG@^N+(c9@VpHVLU`_wb>)S7r@R#o zjf>B4r>GJMwP3EY0vNCQX@0IuC<$&@VYy{NeMGlWsm|+TMr=c12Z9Dys$P9=?U=NX zu>wxEV^kjq6Q!4H?d&Vg*Ra`j@LamB=Bf=SP3<$7PDqmY-C6@?G2($QUZ;gu$`tt4 zH6q=mZG$$TuV6^Zv`mc6?!_DT;Ll6KX=9;>R=}E8MjKVsGAiaUI4sAPANG&1R<*tS z5&tVWH1c4vEWzcghWb6?(256t%-qOd_SWy>6UhJeJ@}VMSbeyqi66|l+B;8n*>$+N zXrf{-b&LuxN<=S*J(O4L-y-t>{AFFN!jxdfiH}iu2X?T#7Tu!)UPtoI7S!{D?scM06Kq_v1c8xUR^`mb~WH{F;`$0lX zIBiZTcPwwG*xaqlV!Lp1Pd7(-N!<1|dbLu3xvDQ^qD9$UFs**lw6V}Ybhg2Ku=DR7 zKd!y~cvpP+xY>sV!J4Z*Z^*7Ej}&{_C2V)3YV>Pc6u;Dr>DsjJVflyPHSr0=n z$+;FOV^=Xo%%Ds+&-kA8Dm6shDxOyq&--m%3%xcG;=LWTw>tR1^!5a!BA4Y;tp`$q z{vzzI8$~`|7w=qp-8pX2bzr?{Yba^{nKtIcT;BQ7u7{lN{fe=_U@m3Og#bgzI zLQ^pOiGL?r$_KQ%QmGFm*-eMJ|3;)y0D&i%!zKO;xii*lzEFAV(ce5?w-YQ+uD8b> zJ{t#1!g#7+wDO;sh%_o7@I~`@qUGKHG8^TkdIB3fKNESxtcHI?8Pd!HqlUS*^2O8gTYpZrA@Vv&4? z^U!PDteQN*J*R2}1jeS$j&;O=eIkG`JeD&y!RX{fGrtJe+&Pp(tSvY z65I}PA~_t-6XCsq3rMVIB)#lPAMjgt?E6X6Dmf596%4 z^JrCd(A9b;Bqh(P2@(R+12>ex4P+F02R{ql!I2ahe=8u6mfm(PBaoK$xt0(}OCWc^ zG7@p=uyZMaxU}E7gg{*4Epsi@^k!_|_FTuWv%Xhk|Fc$prFr0clE2EYFb|xcx`7FI zC~waplMxBP1Sw=j9LR)uvZRk?{;J%5a{u2Edf}FHilNflV@DCbhVN9R7D`?R9+lRf zrR2@FH_Ah)(k6Ri0muJR;C`&4x@gSqk=?KfcN95-=sC^twz;=>@2@82r{_I|)0XYJ zUn)r7fBd~PxE;B2KHX31V6`zaO4R*?G-J}`On{AkvU zdABBq4K^&ou{Ov@eDx94^FO}*Fn7B zhy%1zKDT@`z3Z?_-+TOEcH6bMeK==ev%UQoD4l^*-6jP5kMrL~?1%UiuWO@SO!MS} zbU!>)^0!^j$+0c{K*Il$wD=9Znuu7c%jXK_TB4<`Tp2*Nw;zKG|Mss4@B;qD`m4KE z_q;ZO(R?pR`zu=4rA0a_E{g?bIalQ#9?qvZK-dro{dU*~i43=tU+~e23QyJlA?r?V zzH$O&Ts)=FS0(5Jsbxo>U%LcE*ONOG&(B|QvLck(oW1pYI5C3jn03<0j!=5Jd;0`P zoy`5k=v%E@0`c^zrwQ)QM@N&~5@N4i`wH~hP14-^>NbZ#>ThD^$>KTh({i4+pUF@&wS9m|A%#NK(`a<402QqZrWC2{mQ8xRF- zFi`!K*S=O&^!Vqo?rA50YXX!=A%I6#i=^b;<{%Y@r_B>#x%7@T82Is2~>5!h;wdgR&JTmQzx4BzNp0qsfG5p>=^a65_l=H5I_(J;6Y z5_CumfQd|x&jICK3#++T0W~&VFi{w}SPDb+Yk)%M{n|QLezj$4%U%1nh8+toj>5J- z80lP)F_Cj-nhtHxn(f+Hh$}Q)%_pKBZd)mHzJQg&T$;Du{HX(qxTnC_hnHoBIaNMK z%gq9nud!ox+*N`G5;uZPPxtGt}*4=Xo5gJk~(RG6n`Z%vQmI( zfR&c!?N)AqgVG#?r5=4-D03_SV4dyfI>H&ut7|+*+0(VgLncZNc(euZi@p&JM74+J z?PC5FM{rh5WOM`(0?ss=*0HRJ>FiR(aI_t7es~F;CU=Qt`Q_(m5Qw>)(j@-qm>?R7 zDxk7X={d}JpmUmBlAUQUQ4d@{WqONWDa@pKYbw>6;3b4f)*i5dC2(8+~7fu2#?v~Fkmv$hNI z5zSj`KHE#21$CrlNedMH7g#Rmrr&};FlW67z%!ABT+tt07}TccZ^i<{r`b}{8Dx=K5#Gj+zY>I zi=JdiV^Fx|}yzSpniSqSM zqU>J$UPk0+CFkfGSnA0l)o#Ng6wzI8hCKLuii|6NadEQ*zTqP!8s#+IxNl@SG`o_P z7;aI>s6fOv>~OGsSl^pQ z2|k|$cjXTb63-g+Tk7Tb?*C<45Mo1MSq_1WnK>FtJ|6&gnbqK; zU}5Us%+Fh@Ey^NGZ@LYAc34;vDD=;urXXzF5#?ZDy8z<>clb8{7t8#kG&~1j*wO6( zFgjcs0x)2*@X#^e{dXs1Yu&5Q{_h8xrcIqT;PRGNnvM@}Nz%jrNch=kP8`MAKt*{L zK*H1*jZGpM7F$27#5q~MtgZiR)LCz~wKhUpppnA!G3bVe&#kmjM{{M|BKC!Yec7|l z`&9sK%qlDK)-=EohuQ?Z%u46Ux5xnj4*QAxze1;UG*3$JC};DM)GV8^4Xot#Y2|9n5uvkXE@Ehg`Ybrp{F zpWrE|Q&@+tB!;K1&B($!Eouno&^@9opagd5k$py7DXeAo8C~~RcWE4`m(25X$gz81 z&J=5;_S}%pPlxCa$y9%qu|sXJulLJ3s7T7s;yj{OMr1pR zL}X@%v7XiB@DZFv{*;;RGnMDQJJyDWp2=={cI?B2UR(}1J$2*IyL^|Noz*HE1@B2H zxmL|{GT&}*7xWhHEY1Z*Mt3mGk9BU-TdWMn>X`?rQ>sUz&VYY5f4iD@J@d=_I)cMj z+w#xfX69YTYJBn_F0~=bRk;;<)BIUcAvX7+{7CFPDN_Dm$=>hMBA<1*rLC*XeX>qe zaCGD$@-ES@&rjj#N4^f2-|29VnV4>P&i+Cb3!S#E?&C`;My&5NJhI?#3y9b&Q)pkF9VS^?FW?oDl z`>RH`{kP+o4*htIX;Mz7h>Mp^y@p=sI7s{b@o%HHP2$C7MJDg3b8SnuKX)B`RNfYB zWbTHEVG%iXXb>(Q8kovy{f`+#)_#z5#quDJdPnCJxrGU?k|D707HEcFrhfJyG-XzX ze){Tvnh+kNm^}SYjeZF+&z^^^2g>#U`1HCyT=z^yzt3rwC07<|X@sr=nQZ#jK$UfV z-vd3ZPkBWQ_Z&dnJ(=Eqtg^qA1#)KN!s2JI0Gi^PtDk+PhLCbD#;wjPL(YniRl z1vLL?J!SI&X?j}6Sw@gu-?Dzho?OWXI3^Sxk)HgQIHol`n!I5}97#0>GFspg$3(y* z((|nWhs*&0n;bYAHXj=7{BlDgmbLcmWkK8+tuqL6|`CM1x+CC;C`W_I>=_wto7!@e}{|x1{K)0qR#2dE^$7 zZUx!U=)cC9?}-1@$1k5xTQ`9E$xq0?EnNiHcF3Q9`{Gx4l3Toz%g3hueEcrPL*?aj z>%3jx+~hj|w=7fpdjL=Yw&DRTRoJ}LT6yW^csZqe7FC`U`8`Iby^qiHnez>s{H380 z3UDJ+l}F)S9XByintS;Ct~wyzmSeR>ZD%rGNdhyl1{To34sZJs7jTVTDEm>kSci2I zI+#1))$c0{&OKGwSWhv419aeH<&NLuKOTmC-2HBc3!o5Eu+r7GMc>pkpbl7aoGzej~S;Zw)4CAekxv2k1nZ z{-R|SfCKb`^46d9qO!nwBM)XvTr%a+1fIGGkCCsQOlHT-2;pe&ohdnBsy;jQgRb8}Pxh_uUD zoX4;Ac;lVRu(vCpyr_I3@p-{CB=5#M6LW#r_%Q<mDX8v6Mb>krJXfG za9cMwTPuMXv5~EF%_NJIqxv}!(m;xPtTR|z3}MAnQ}#~_gS0I%TQUh<>RtIfq*_$i znT7QT=YZPE8spV?p97^=MF_bqZ4%ZRAx1H_u6mz@C9<5>fE6wh&x~GSO-FJU^_W{t z6k^mPHr8uHt!BN66-d`nCD}M$ea0-vLRe?wt4)_#XT>Au86PcH0v00PC6l0^~Yq~4S zL}FP|*>cp25!^pH5jijm78G00jE*yJvngeM6r*wD(q{i}p<%-CRWI}IC-r^!E-KYi zxeA-TJ~LBmb&dtcWyQ@YJ@)jN*+Pm{tYyaB&wtJCfgE?PHK*+USx}v4dmBqOpLbbH zs6<4&bGN$@C+c+0a1kYH1e;lStgYKf5@h+9SGch(X38~NXU?8vEfss5+H9$z2IgVb ztxd%2=$?x=NoK-pt%H;P!J(1+@wa*qaVww=K0;;IT|LZW?36FPcbx25)yHn7S3i1y z#DbajW~Xu&huCF#f_&9JH|v0GE%2xwR<4^)g(f>LT$w73-O|vwmsP8oWq#r%jptqC zw7d6 zIu5l``5x1XtU4kS*{BXZ6pU1S)o?>+1n^CjeBvJFN^ zTy;d!F}%V@3~bJsWQ9MQ4vJ`~$w)2Xh>7AP*BWkIB4v7stR&9~G3CIO zgTs=ziLm$*vfcRp_(9y;=dx*Po`O`NTq$LSk3)#gal9I-(XWI7O;TvjV5hQ~je+&L zJ*Y#&=?z=I0hkxwFTu*?dZxoAqZIMIT^*qkX^fU667971HwmJ~+zGU=Pf&fyBHI(L>Su_swDnZqC^X-!U-zKV_5UB}D+&?6)-DTs9jGQ*wQ9eqQVS zqpPW1aUyXD*Ufzma1cQfl(%&!+bRk8X<`AYRmRsYUE-eF!K#hGJn0y^+yG-Px82@~ zb0E;yzARM8_W1sR@cBONlZwrd1lu=@Ar(Np!gVr7gt^;bZJqm#uY|~)&F_P-t&!v0 z!@VV`Xx&?(hzJiy(H`&JDmJyx(L21?ga0~thRDi`VyA4Xc>GwbV3XkMwT|)Sbw*fQ35mI|Sz{E3T81=J9Wn0VT6Sks z8|N$6A-j2b^(oP&6T|wH)TG%`>CjB}L>Q%hu3VQxidD8wpe=&>WIxB+@3EA;qnlQ= zV&h9TtfUDzK!6gL?`|>^uvo*(HP^a-TcV4(LQuXow7h)l1J>?tV`DS*ulJFsm&B@r zf6YUp-2GOx)ktz=y!^33kUEUx(Wv`ZOA4z1Sw}iuXe=Ec$((B^%Nq*@wAGXk5f}&+ z@5o2nEQ7;VeA!wtH&OxF`400gPErFMo&K~W+-0rvMixGj8A`Qbk)&LCnvh3A{22Lh zuAdND;Jins@gnes)0^4adbi4N!@FH;)_|5XM+=u&85ztBH(!XnQK9hW>j+Lf4V2HK z!bBPpmDvOOL4YnH1L-sp;+de+l&znkWJ!=8#Y1-tL8)xqQ7ZT_(Nd0D@7p4<7eih8 zqiL*YtNI0V|Ls8c(h$1C3}IipG!nb9OQX=Hcxg23oG*<*Rph1OD5&kq2w~uQaq3a$kC6pXZjeVuzvfGnC^k!MGsus{%-9o2 zgqA#7=_jd5mDx0sXz3e4`Z3-|v3X02$iyaN$r&B>OtzF4(j|5FJas`^o~5mcv&BP? zYsk35Ml)4jC+^%z1MscDiQ<}4x0E~*EY7D^tQ*Q0ov~R>3UL47#v3yU{wftV9D zP$L>6D9#ll5xE{ovJ(7ZT}dfQxs4l1bJJsgd6JB>$|nk-I>{b{SCu6o?_PrCXt_$&iH7wKMx8fmPFrkcsrTno4JupOMrQWmdblO2&< zd2%8NV+tWZGXD#}k)cwwKzCGW6e$j)FuDwxe336(j$BIOQKnpJd<6;>DOO^pQe{jO zpu#LFRHmfbLRG0$tD(DaYSO9Kppi)%Mww$SwdGMSMN;{iEYNJBMHX9Psb&1tAx?ML zN?w-;$x3gGoAB18TvKMub(CjjJH|A2xuDVOj$3P;^-`otlP*K1lTJD9%+;4ATaH|3 z<;lMaq!uy3CB;gh=}I_IJ4uzxuE?}6vpV$}G-}eUMXNSK?K)gq9_euC6>!UdK|^jE zcE?@!-1oqUQOC<1q}Yt$1vOXTc3k_91ei6~Cew(N9!s;>vb(RebQWqDCn zbkf4&XV&t{>e~9o=GOKOk*KVwnr@g<8&%w;YC2bGeH_^wE{`t|iU0<214AQYlR^Pz z<`$ODUAS~5^&Zlldk-ExdDeOn2!|X(I5e%&yCLm)W}ZBC`b<`K4$eE}TtQ)x%j?hq zE{VK6N~&vW5nhKJa>$`{yh`mIon75mdwTo&uU)@!)8IuC-Y$Gy=(?_^`{h+N-7qcN zaXnwseN%}bjN&BC@}jH=TsLjk%eruN&0^~QjIbZ)bwBU-Gc^Ec7+84l5g9Zi@EfK{@+LoPePxbX+I2uo;vn(&lYJOpHX?bOJZGB^NYkP-CR8~|?H%!ZR zT+a`}2pICg(DaQaQw$i)@04?MR;U3mFgRc!!Q}i#3()%|26*iggbOzwy!i0PBlzw9 zeW5QvW{%8lq$eK9uEkW$5B@#MeanRRTOs{B#QHs<{dZ9vpOumdMI8z}xie2yIiNqA zOC#wgfKC6^Lc>0ZHjexJS6*K5qk8+Qmxyg&jz!5fE)?zh!a8B-vE%bdWmlAfc6LwnGrFO1y zos3;_KfZJ&jc&amYuj@<=tu4}ZclEmg9m}7Do~-kLSaEiY1>9ZQ!x<~SI0W;DvqNv z(?ZL}9d6rnA4)$Sq&XMkCLXPn%8}Mk-n9A0XbUQOVWE|_<#GkCxynO4&x>${YX!Q- z5CQ-b0K#omYjxoc_s~O+`|waT;t5YxlQrQ5FI5Xhgw+TbM!e&_YR5ML`+?>A2#b$q$8KaTbuAlYBpOoL1D z%=qEcle!bBt9`>A)|}GGl(59#MH_ORT-_8*My0mBHzOBz>Q?&GX-+C*<*^C5YzdxY zcoUmrvER_8p=H|I{5bjh9`yRGkxqXh#Xdce^mQ+;Z6{3EJ&fInJ(jJjd8nf>UOZ~n z$Lh}eKNlHni;@^7bBQ_lh&Fo&5Rpn}i%1w3=@K(8q|(N5vt>k>FfNofPPRgXaUqp9 zj+?C#kxFN405PGA3#qhm+-#jNp+YKc95>qlh%li{NH^OANT|ta0VI@hk!%YUQkk3% z6P|E-A=s_09}0jlp^OWuv~k?*8^Q+xK!gcpTu2q5)o)Mh03ZK?>G!XHzCAew@t7B= z@4supchu!&HyR1)lQD_nixkPRM;EzgFGtE?`ck?d<6zMG_03olh}S)Tzy9a{;=k#@8l$nk)`H`bc zswOR^e&%<)d2x-<7J044|R$;JIBmR10Qs0xZ7v(G-{&NvHK}6H|@{y1n z$2wa5_+@RrCFFgmf*r7<*KZ*GHXNoS18omUbIGvruY13%WkKaQ?x}u4E3SW>qg^C- zJfy7R(h=Z>DdRK4#{(D_AWY>62yb`*Ktz@TP&qSo!3ObCKs+hNh575gEcS1Ie);SB z*FT@X`<5-hhOeFe&(u!q5SXb577~j$BiSnLW;*~;wg(`>gfgzAHjbO^ zB}^#eLMm+>H`@h>Frh-4br3vNAN|2wKoDU<85dG%3YzMa)3>)lEd_!CUkH#>uT)WRs^0}q)f{?q8)}$)LkR6mDbo9L_1e%*K zm~SLcWUbOYkxabG`xN_==U2mk>iROi>YI_tQ+H{LwA`-wxQzR>w{h&tJVkxR$y4+H znfKmXPpJjF{l5ynEl(eE)Fb0EFm@S~Xd_mf^Mb^1QlJOjtGR3p!Q8qLCA|({j4@a+ z#$eHmjqcH4OwEO4!9}v_vR51RnG5X&VAi#Km@ho*t6S3nYR7 zun8@J_F5nSVBo+!Lrd>(6L63n3Q3T{q+OOanSEg}IEj%K=#_5&McqQnZ}FD|vG~Q1 z7(pz8ugv_)ES$5t#>#2}6}V3Ucw1((WaZWv&^mg&Y?H6%V`WuWQn+-F%X~PD|GaDt zsBy^!9Mto^ixhGSWkn|5#}?bFlc19}NMRvcI?lkV*gbDSr;%i{AW7SMgc)#{|93+i zr^H8KTZ_H6>j6^xKvWoV(~wX(;MJy|#{XeEsl3}}vZgCyaqw8{5UV?&x+!4^+1eiv zwt?Wv&K-1j++jozVqocLT$${@4Szsx{?}^t|2Z*ldzUm6YlxP_Ba#08vzgO5bPjwE z*;{lD5p7}-npv~i!)6aL+gr>$iH0mzBD83hpqZ9ViF4R!Lh(0`KwxCze67v(R^>+&R>%rdA#~w? zQ>pI@h8sGRP#g{kB2sv2-?SUqxN?$&q0E&yRr`JWYknC(hy2FV*k&M7!}jBz`v1eF z4^DIKR#mnb5CR{Q$|iFi{+PoF%2JB$PSO;P<+iop`O|~o4(2g zlUah9`^F8ZM6-O}m6=Y0!!$V_XXYX!eF1Q2j7xnC8i>Tf1>cO1n}9&md42&|^bG?f z@7ri82r@_=;C6zdPe5`}uOIi{chu*KP?<>E-Q+1AQOL53DVSStjS87jC${njyJ!>Z*pgy_rRxvplNMw?QR`xoph_) zywaOI>H|LS%f9AYLm%%^NvLE=E~fer}K4n`|uYaJP31FZ>xy#yIexLlaM45iEidg z@`uYjeyAjR{HQbspA;hi3vl}lViAN+)d<+7CaVA3pOfm6w5G1;@-FJ!mZy>*^nC#c z-f)M*b*@fR3j`ZrDJ+D);CBGa@qG6KE~*wq)kumIU8|4$;|7pIrfQ&}V^4PO`JM_q z$x3vh%5tQT{o_k<1!OgRH1M!H+(8Fg1PF?tum*jrHPds`2LTQTxF6tUfRB9+y?MI> z;wx$Ob_o!ik0%CucPsc~JKVDyR)js_Y_MEIGQxtOs&6S$>IPP1O>h1y_f=RwSyI2` zlCpi(Kv7SDZV}q7k*`vf)n-eTBh3=&GAuMtvt(;kYgMC{sf21RQ)m6fl_XM>1kpOI zE4`Hz<=1lYttzE1jb!8{DyT zvFQ3UW0Bu2&zv>cu)bNk?h+fwmJQjnF$Z=AZ!{;i2W@}I#&YgZ=njTj(vq7D(~)o; z4%=C@PNQ@Tp);tRRHRr*=g>QkQK$>tn&Qz#?p?y{GS9AH^%r(mc`c=VA^MwNH~4gy zpkR6r1@u^8kBECBs2Q@RNqb7N%w_eQqG#lNVC)@z|4{Xwp|^tjS4f|P^-Wa&^;c{^ z#rH#;((d5*hOTW{vN~(-^Oqz`sx%pLB+GO%Ja+-Rsx{hf-601{538-G9q#4W8_);n z(ihw>7UJ&V>E(?=r(o`GRV~>NRSL z*tNtGsZ6e2%h0(Ceb#)xglmxLfxgCXS{( zd-Z<7-?>lUe*IPCaVPrZ^W|T`WnHE(zWV0BGhL4VeZQ1T-ASh&cHw^bdAXP8m){q0 zk^X43(pr03^a*Dkb@xVlH-;+IqDwe%3mm!+1?+r^9)TFMa1-aFM-^;B~&T zIqFDW`zyMHOT6MMne%SB>9#xW`rAD&bG@WX-urzRbg+Hgr>nfG!T0&9_hn!EA)=2$ z`z*Zw#gr@WQ8S+k6)8U7N|Y+I+zQ#pE%OmN!DP(=K{+Q9fY&T%W_Z>-q^O5-o5mAdUA>{LDT)uxuY6B@ zGjyU}Q!Y+G6K{MK=GT%dHytOncQr1;5PT9s2sfVDhk&kXAm&F43n9Yc_78$T_SEoy zx15@|Wm6m~98%*j;N3RSL|bW!{vM(hHu+^4Qe7r=;u1<-!8YAXn5k)Xx=Kg=ugJg?UI@t zo2Zs1DJO$5B_h4`n;L-(?sN!?3|i{2q6OAOcH|d&C$vDV@HRV*{ z@^Vi1Cumuy2DP$A>rJd!usM&eJ&c% zTAE{qapk+z9nbWs;rv8Q5RT08!WE6}vaD@ak_>FE<$>QH4Hy$UrK25#P{clKZHhCr z1BPg+xSGr9DoV;EiOk4?8^0CWP^D!)JI(!Vwo-9Np*nH;$4}bh$nG%E1zRUY4viei@NMo`^YIqPQ2xG_6Bxk*=V;hwkGVx#zW(&Gaq=^iIHZJU>y`4JP zg*$W)+G8vnMSPJyKWe^Htj8FwIpG);Xo5C}B^&nKJ`U=M!~bQUsBbep;NithvQNUF zP(v>Wpc$100lKuthhA)t+m@?8#S>p@_0==bKwttTRJ5R#j1GmC6tNaNAXDu5T>az1 zx;C4#lpM0|V!Q{id=L=uYa5YIbnDf*+WxD+}J87KM zoIgu*yeEZYC;94J3y6KIb?w035UPM6S7ODgx3vNAbhvRW?umzXDvmfF$>c~b+;W-^ z=O3>}Y~l@@xTH{wGH;b;zcd6E{>`fu`Gh##*I$^f0*++_@<2B?o7YfL^i-21yBFC# z4h{G31_H{tlJ&A-ddz+M)XYPLzr@ytex7Yi$@6VV#Hu;_oYXVWxhLT?aNd!>k=1Ac zA!a@GJLy+y{tGDe0x`SNx}_j@Y+Dq~pK>F}A<(p~vCfU!YE| zs?D#2t&5QCob9hTfc{ySKyw|x(=koy^M5`3SjOsP4Dyxv>$V0HMn_>Wn!?`dVH#}o z&`wQiTtf@P7hrIS>JwyTP0}JL>-H8)G1tg&Kjw>x-;ae-rF}ParAwLD50FNla#r$3tbr~4`l=ezId4u|} z(ScK^F;asBiYaTLRLDBq8;JUelY7{yonMz38ZRL|VmEmL3zk(AZtc=is=&y-xzE8| zwu`-2jgm02T{P-OW&0ZY5$IsGWz`gl%ShCxS82)4%&b?(h@sMtT8_oJT0IyFqB_*F zMTA}Orsv$K%*aIMLD!!_J2GridWz{4Q*9$i|PiH8%$Z`<$ZD}FdlHLC8dP!(GSgA`2B6Z9#? z`P_`|n(-G7z1;Kq2%sIBCXu$$cGOp;uQ81YHc5;LveS}to+Ss+tGI(YO!MEC?fQxy zr0vI}VeEeYqr$%$G$oGaP!7ZKU~huRL&tCtVy*6uXJLuz?W!cDzJ?3#s4G!bBiZY1zgo}A7%5V;Tv4;?Q)ra2Ok9m|^QA?U>~6-czxsG$o} zJe9ybox|d*So|R9#e7H%|KtZR!xv)#1@~T^Z{!e<)sqBnN=GqPH(|76Xr_{r` zZt?G%HszB-1bxSQM==|FIa)}vp()-$T5G$1h*ALH<~nt2ha)#H2dZKTHy!X)VHGg) z(}#OsslZ1QkMxZQv|yq`ZNi!-+9K{FHDgCYSmffA9)R7%CT9p7K15gh8!&ck;a@)u`xX~|wawcb+C)8BAiAJMex^0e%MObWu`4b|@n3#Q(eY46SJQ^iFt{*SqB-O- zAUO^FU7`DyfR3Lg)Vrrg7E(1d=OKo+UldM1YetxAaiQVcC}&jrSaIx_yfI=_6BZ%&|h2hh!C?CU7 z-2K%l^;f@VsH}Z;3QynUSYco_oIobnl8-@2ahuQO_g6q*^r_0cn&6?p_)|1~J767lQ*hL=twql1y* zJ|cXp1{s#$%Q>kRMq|~r8)~NDNOsr^R(ii-(R}R2O&J z7QsUfNa_=6&roXBdDt)U(0^)%Gt~$6wA)E@5cMdAE3&QW{B<`MTGJuuHs_^%8Dl$p z@#yjEH2R!y&RaVsscD8%r|5bjY}d-%GH=p=XzIiAESGs&a6^_kIAoQWlP+$T8}nY; zl$$KG6ZQ@!W7MP)klClz;^}M4_ZOH>owl)?$d^5{{Q24G|DTFeoK`&oR-2l&Zh)X| zPFvuMCPDK_C=#|8a;RKnxPz4#OBR^=$@ZTnMZIIN=k7!Sp?FC~nCfmCGghd8t@f-% zxFYac>x-8_?m@lD95oW}riyHlN2fYvHZd|2Le-JxsT)IqjX1RsCbs<36H1;J^2|~< zb(JtU#5o-8&1Pr2;tu@ga$gMPDZg^){VlY7q@t9-Ha76oM=H06rH>Y%#0E@ORoV7i z`v5=dv0u~0E@@J8aG~PpYwxyYTA`Znvp>8mk>8?fC@$@?5ZKA7gd{0r-ot7_s}Kx755BMZ3390 z?Ab`euC`D`9bixHtPrkQu@iRXdZ5l6EIR1nM*bp#eCVKKzjy5r@nZ|$9df>NX2(*G znjw_zE|^{BH_o>&c3YMA*JQ7cFg6Jf?cr>PKt@7EG1?IyVWJVYI>h0jtC(Cb=G6Q1 zG_h)P*`U6SWgGIUEzlfrp0Z`FgcTGiGh-(Vp_F;sI`=J%dX<6hf%%TvzGEa^*a^)a z`iNbce+j2Lbja2-u?BoB*g`5BD0>_EN*TdCFCrav;sF~LeNN9*ccviF^CX|megdS6 za>u(;M2Cjd-cJ#MXHcZE1Z~*>YA;cv+M*6t?X`4Tz_EpG?i{}TCNA=U2f!XdA1NHQ zZ*70I{juv`FCTI~v;HPux1r7zT4!#mNp_n2ab z^?VSiG=~XnpilJBQI+gRRA#HvFY5`Q?ry4aqcg!ySoItMBuAcarL7TF z^t8t=y2K8ToC8^%$EB|kKBBF$q~iKmzOGjHQSOr~9N4h)H{JHAUG5imIl*~2{E{jC z2!i-^6?{u5YovCvT?2j9r9iMdl703eE^eZR3YMv^1d?~4jl5}TH~M1@3ApAshbd_j zWLVmnR@Y}~#*WG&57Dua&q-}N!0kiHDGD=i4*H=iclYNQ+6i&b-OPr5&V>del*KyU z1)+gnT>F|ee4)D{n2j_ROq6MznJbwb+r(B>f^T6=yv5{MU3nuSyPJVJq1H@E@l(WX zcMpA?&C}xD-wW$X9yWi!2aTQn@!BSz_M#{2JGno6A61rDmKgNRhIE}NhAvn+^nOU)(cs#S z_>~v^UBT5J(B6cv`e+_rD1=0P0-$>;z{R-WN0#}bRpHY&YwXBJhTZz6%S0e&m*sQ9 z{xZdaIsEy3TT~hTqxOE5v&MId+^2y5p+pKc*F_Dp=`zPzDJmcYKf^;xt~l~StS&9= z&tf-6x_Zt$cwkz0lyZBeQ?`3)u%~iXx2H)~bW}jWTNydiL{jSdLkVvuDdWQrrr%>- zEDi$lYoEH2p+;Cg=OA2%!uaI+Np}-9V>JEijKJA_s9l1gFMoA(&<)MV=xsIs)=_u! ziUGc-$>Zh$xS_ZvdOwF9nKv>0+)Bh!!EkGFsFNnTgtu~A(aKPQp``%djgLuDdK~{LYjkb#TUU3wXP2M#grl<**SsX&ABf@(Az%_2%_iz8Iwqo+ z9%6R>6;^+fEzm6>GZ4S9refbn)OJzlu?$S7;3Zk8)w?9esa3%?TA6{g9w?)TQ4&z> z8VU)sMY^Pz2l9b)(d(;~)JLXxGv<@VZcGT}np;#8nQx3%=x=nBSGG@zoiJ-SjkOff$>L=%~C690IIns|o_8$E?46yBIalGcyvg zKh3iq$1)X*BeN&e@u(85V*dpY`JrY(rJKO{-B@wunRj<(<&$quO_IW|(%xnb*mM(-?t~CtqS}#+T1g-5_(J(Sj;YvU1E2 zca*SMhnw*FVS{wF6dJc7cb)XuGABq^DQ&im<3QbF9g*=oQDBsrQMqa0F7*-c&d|B` zfi$CGlifg2pz5OCGE3ebakScu1$&^O>pyV|_fOg@k`z1;L!VxW;bEWzI_Z@NWQ|;a zW<%eGvfN0o#tl^zQVsB&{d!vYr7sjPqh6F*a|f(0>8P&`Fficl^KOMsN9pQ0*qmIa zJ;!n0hDSa*YK)+<#&jE>k>zoqc)9wO)yd@}t1l!+=#!apd8FgXXq%nJDPl-zDy+;7 zrbUM^^w1lwKEZCdLNZN)VnJyXv=6(Vy5f>`2`GDoxUiTU`DA9kV8n>`=_(=9xy8%2 zVS$my)F(qz(5YC|ke65_G3n5REng4>lm};;AYx#FEdB)*9Z?cps+fgr(Tr9!GJYZ@ zN&BV&vUEX4txq^ii=5`2CIx8`fDVEc!=2%qiLhImgjwkk-DVtHgMC5-kQ&=&N}p#d zN2XA`QwbyQra0)YA2w0)hG?)<{sUpIK1ftIf4Z^VJaEzGkSo;N8J^nuvy6nyU|)6` zzA%-~Fq$pd+F_E7s805?xb5|lh)CF|r}91S?JA8ri?8SL<1W+G$qP|dr>47np=H}j zX;$$xSY)!(*xp}$AMA~!$y%Vcm+Yh>y~1mqrUmeb9S|lIl%ga3E{{Znq0oZ@sXO}B z^@PbI*GH;=JVg9<)XQR!=74>od{M6OgpLzjanB*eIRuPnL7qmwN|oo*Cr=!V;eRQh zT*P$JGFO)P~Nai0L=9@Kr%+g+xHk2aa#k6;Ye`kTe^Z*&wiK+XG&rqJ_ zSwmar6XWjqw(lM>c>IArevWrK-pP3HJFBwbSzIQF5|q09GJ|`eJ=Sr z6_qmhie8Od7a5;vCbNM^&l}l>+pXD2QsujSQZi`|g@!H_Y0l!Ea7gUVsU8&p_z+BT z0Oy%^Ec8~NxMWIiQ7S^WK@W9Iuq&awIM7m6vJLkqL##2bLT7ay{`SA=(t?7+q%q~u zm`O`*@~}5(;ep1_MEww4hfK_5f_|7H{jc&2BSVW9Uy7ZCe-5OLVlJa6>h7_SX8fr+ zR{zg^d#cb9k*QWWY4%E5tWo>(t?uB5x5N|(2bI1%r~CO}8l|a%z`S&sf3SM}6z@!8 zg(+4V$&pmT20?hgSbsvi(n}63R+yc51&SJKT{cE8EE7<22PK___p&CAV4}4n+?xLs zJ}#hqtkl}O;ti$ef=F^_KTL&U=#gt8$`z@gfxl>-tu)xEk{XnJB7rRD)9GukiCzV99D;Cv=k93m;49xpsDl3IfZHztFe>(pCTaa)P6&$>mP zQ+)=Mz+RsHPom2sx_OrDyVV8!omx#)3UAU~Ys461sH{Wftjo0$TSKA-=mM4 zV(=(_=tr$(P&3n^zxDwIjE7npvlDJzvb#;wT8Fovjp2ytx&L?AM`)bJtJb<**0Q}J z-+^%*L?OnS`@tWL=j4%>!u-ovkeT{VX#IN`IP&+uv7PBCA^J2n`9cH=+UyXPL;jz? zMiiwq|Mjs4y2izXWKDP!iOUt1kJy`<9TEp8E5Ux7sm?CV8#ztB7&WbpjZ-G!+}Y8= znUUn7e7Z`onUt8X&23L!yCS}6^~xC}6R@0GQLi20+6OeV;@A=*b*Nr8JnW#9(VN;l z_A54&#%7e?9&_Fl6*dfdVErK}q%5@~J~$g=RQkb~hsl{Tr0YbsnLYNU;mta4ZX{_j z{8lz9H=(UCP9fF7gOqnd0yM~cbwzjE!r2Kxo9gUO_1Q0e_5*XPY2$!}-CQd3Osi+HM)y)v2?VZ4eRK zNYFVEF_x&fhcvPb4IE`WpVdaPRe3?oRKDM#G~TIceL5A7d%^_ALkePzJlpH1Jgm=wL zmwvX@#%TQD0LtLwP11iq8-w-xp5J&?0kW_Uvk@{D6C+!6KOOfTXwuK2&1KZ&w{K&y zejaky{(0Hgd|g{&&q!w#U$PU%EuPa(4vHf^Iz~u0m!fRT^b@imS3-;WTU7N=~ zzzi{FVHv0NKaHnbNi+&+Y)rQA{FG9~%IHw%0xY>!EG?_y120iz5A@Jf0-O=7pY3u?#(FToaul-* zj6A(mb9`zV;7^YxOE(*t)jp84^hnLD9V2F3lH5xHiqY5rx*bj3jvc=ugB?Ui4g$^Y zq8pjC5sHo|jVsu?eI+w0vfX1*cU%cUNz{@C({3c-Her>7;Kb^++dDj?!&(_Dzh%~t zHAD@02abD7V3)b`COZndO@(B#l<4gjm@!+{TBq}G32n01on=R2=TEzN$l?7MpQvXC z?Xtiw_}!YL3WZo6pxv60ryZ0BD#S;XH6MZHDEj-gyW&{-)nm9=E(;fS`C%+o4776D zPXoLy86TU|uH>BW@`{OB;k8rhl{_CChLob#ME=yGTiURygu06dS9!;|X>HwMf5tby zzndkF3p;{q$7+AO+ZsEsa-vz|DwHQvj%;Rm#ZHu4=^4MhEF+@&Sf;Sm3Z$o(7QOd^ zSICk3vkE{d(S_*cAdEYhrXxGkW*ZBG`;`Kf;H0qbA7D9(Ce56?B8tbpWKrTo9E_po zX$DOO{K{s#5v8|o#h`_fT&yA4BN-xtmBnli4m1YckQS93;wiWa-;mC4&C`6O8^5R26B~QsSbR~s}7I$~= zO|B&wV7VOoUl;|@!!ABs{p`?1%tfHQIf?|((?E?a*t60|;d*OGbNewxKntL!(Exh7 zUU?))8YCT66j$w4NMu1$`QdtSn}F>a6*w)}i^)KxJ5}rxfTzE$`(5pHb~@`%uD|WK zj+$9lT0z+m;AXzpMP7=FrvF~Bz1vtuk8amald_+VVL@UqyeDXL`;AMWtZDB2;|Ff49RA@EMl zzMomX!Kg)5vl-H!+WpLbR4i3%g4(YdgK71Sq}pr#-vDh%(o5&1?Lqp{I(uw zrGyX!tLSZu=F7eGgq=IF8l)8@Rk7~O&7A>Rb0(uDI*CqlrkqeNJtNTt=?+IVCT|l> zPis3Mkyh}x6B9ZlD51ft{m%)sd~I(;X5tbR+oALaumVUoC9ikGfg|2^A#|v)l`n5JNLX=Jo3-vTQNX;Ks*T_x< zsU)hsAys8Z!&N$!&M-CGy~ub(tJ113hFhMT#}6YNnj{)nh;yB8(GM>hNMIeZXwjub z0UVTm?d5c$T9!I1*5xkz<@B`Ff?Bdi_~M14zaRj22?t7P@M`fnp;oBf7?I75gDcwi z@Pqsav6tSbkOLWNM@PcL;n_P_>C&vM5~xr4q*x)6i-HG>k-zLr!vBsa6JUO(O`$@q zP%FNO=zuG+)l-L}eFI1Z`9o`8U$_(7K6@7}Alm29K};pUaJMERfE7SEd`@pz|BKGi zqjv7ZMT%A+I%e z)FZw}qOVqWpD;2tk*UR;EOWuYz8Xv`1C&o!Jrw{;0)TE2{VV##44J4IIOOWQe_-7{ zqSY6Iy`x$1)kWJDJ3E~l7(7d~{AH0qnf>Bx6xGK~23=ub+-_Oq5HZFu7KRa2pdAUh z2@P2xcX8+FUAJ$?MMzg8)>R9(SU?wh`%x*Qe%Rw;aPImEObmF9;+#w;)g6hbuR9ze zoe*bg;MFT~rO0%LBkSuYBYmVf;jM5vx@vMVmK!7?dUD9Kz>bZxCGIYx$b>#vI=mnC~M|f^8mT%muDMR`>Qsa0BQ^ ziW+t2PugQ^Clba=J!9AC@Vt&cEqB3wzk;F_OEVEOkK=OW$zBhd*+ zLC%IyzDA(+Tca&isOrHF`cQWj&Jo<1x+|PBdzcmw!R_rqRssJkW6{1`St8PIjkyTX z>gBI!c8zfr@XGBA-C?%*&VX0ufnL(l7v?JPigGbG+u&&{m(G7WeNa+gvWN5IwX#-g zRFJ+M=yqelx zVTx<8Lpt`+v25Tzp+MMvyY%f%f!`Vqc{w|tono_Zp8<6YbA+b5J|njzvDDDTi!jE3 zzdA2XaYYoHeYx;lb ztQtnXt0(XqkE-|Eu|t@OqD0;2er<3sz!!b1MU1NyqR)L!8Jl9B>ZGJs=B#CL-FS7+-hZrY=~?D5lpp+l!z;`h^8fT%yCNRp{%7x2Et1I%!L}?x zsXbY!;3d0aNMaDM62A(=P@J*bl`KYxcRoP`ycxlRbyE)nf5iFuhdl!0>DR8|(nJA> z?8=2k4`E_uj%|voSyoi9g0J8Y`=!jDFa*d0%1$rTg%nZCQZ3a)&eF_#;Qlt+%{+9W7f zjc?iEU+fJ1hZp9)XB?jy5P;9vvnSNuhZF90`xdDtEaJhu`KMF}pj5$o{ye)!U3iHO zWS_k@09V|HF3hVy*!p+kcqcn&87e`p9FiVI<( zw0U_l9Fr-><<%jzUMz$*H%^A}WXiF%d1wvL--o`0ABR`R=f~$oQ-{;$%kKsmCB})^ z^3vU5L8>5?{9t~LU^idJldae1`h+_>zTqmZY(vF!6X*1MFZ)Xn%IeyR&K3%>rtZ}t zY#%R!+u5_Eny}0xSu6XcaNuLM$`x8((|d&J0Yn)+eVLU>389+Jn=u*|j~MmV)ZiYW zDPdMtd1MIBBhEg2v>A^IIe2gs>iEL?xUiXEwg`}TC5z(-w%_f{u`Wjs-M>O2y!-k0 zTjvW3zoe^umv>#2TTQEf{raB6V@ZfP4Q((k;p^^4mY zIHCQ*p+ioHPuROlu;Ayhv3s*(eMBk`Q$%_`MW!jEEL-Lo#T{~h9lHqTG6V9~#q*z@XOaZF@J?Ua7Xd7gFl=!~ykmf~x)kvC_A*JrVq|hJU1w@rJi^1`s$8jfI zR}Nh%$Dvq5b*)YgCuTN5BO(9PFOv{(M|G{PPQ3>&6yve$?_T)ZX>Xu!L|uI*(pOS|ZOvmD zeBB$e9LKlksD3G%DLx({I&BVGB1l7Pb)I^k3H$NAXN54V{=mQvN9d&s=j$={k^MAZ zq^^DHu=eis-Qxdds_l-_ zs$Ivd)@ePeT579U1`nm{qbskGh>7;-1bD*~e&q6{Gblc{pwFcfikWEUQ6`^U7={jPg;;@x#G7Tar*djmTaxgyTMtG^cq#(9Uix&((nobrP! zl3@bRV8=J>hMWTS*u1l_tirhMnVPGHzvt@C4l=KHtb(3Ehf zckE)x->{&*6?V06^BP)o zKZXdSi$|6=3;`kU{b;(O^h}YIzbZHq7JG-KB3oXoG?aW;II5TfGsZ9S(w9$Yf}|3e za$l(_cuXl%$dBqPb&Dt~G;U>0)QBEjyHR;8pN}=)6Oh21`9w+;2njj2&qR6)3R?ZX zz?`gQ-u6)^-*VM9dlYbh{xW*$JekSU^G?eZ0dkRQOGdhCi(I4-otDp=emt#ArN4WK z4fpiKhCO_jN>fe))k^3ojWTaoIpHqkOKx#21hC$Y_+zGuYtzsoQ}4-7et0WffjG^H z^~#(^|MMr_4qehE5Jizb>zvLWCfIeH=9=E3M=m6%FU| zTIpP@mc7^`MJ01fzja0_eR#!9?m=O=fWPomnccp#*ZLiO|DVd0Ui+r~YQW%z`I z1bcr;8iV}aEpEQK8RYPWlE6KekM34gm4O2hGM!ATIbY*mraP|CDAlLJt;`n)420HJ zWUv={$2>~pu3;So@IN%tJF0g^;{3g$k@i@RG%d1LH*ouGpD4=uRNtv&n{IJLgnwIH zT2Ncpmj19Tx*QqL-g%(V%?%-|tqI0(Sz7G6%fwVEB1^Cl%k0p_&$_$ucA`y}M4|9+ zi%yrcZRy+^nnisU$2vHGl7fYoPXiIjTl&Rfu`RIf&C!3IsxK4Ma zCVKty+&>}qi{!2lzb1(8Lh2sttz|zD*u3PTjd}5Z(`ZuH=4PCl>yRw!u4>*YD#+R< z+PhD-ImhZ{&x6et+X%+`)-zS{Pl-=ATvcQa*~;kP5t^vqs-Laj_Py~u-`1zaY_YAc zpy|BBw%FORTVp{0wCK|1P%o6K`(PYK%#u4DM&2f+Ah{*Of>WoYy{6Djmp0W4k&)fb zJ`_}jv&8ZK=VT{NN~eHN7p%{z2fX7q*HSIY+}E-#R&!AddPlad=Brn)?J+Ccu(sco z$z|w?DQmF96%K;Ux2ztvIA;-M9nM=aHd-ez{6UVM^Ysg<y5YZq{5+N;QO-Gj0%sEfx!eN?=Ne79?aNC_v9wlWxciFa zntH}lQGH;km%-4=I#5>G)-iA-Ggn0#>Fu5cMZ-X5WF@A^`nR7T`_D5(L={DheA!NbT?E2YsfA;GaRQh97_a7c74fbbyDF#^PV z%x#V$K2GOS$IJUKG`jd`@bSQRcVSHq{()UuLPWTCr6x_XV(i$6Pf6xZ&XXs))gT+` zK$30gRJhXEYUqM0w4BW#>-)zQO2Q0Rdiso2s(S@37^e{z_f!xEe9D{tx3)5wUcY&r zoG6do2@iym<@|#pVJB&i}3U7+y=gD+!cUs{%Q16Vo5g(8+QztM7Oc^SI|GJ(7@IhWs6 z6dEr^in`#jzcJV6V4ASE5pn25Wl!yEiQ*f-JGU}vKpIK$1e22aAMkS(A(nW4rsvV~ zvWA69p`s?Wh1YpYEIqd?WG5yc7LB@Cjj2OjIb%+ib{CkbLOgg~Ej6jbp=LbJpn84= zye}tj9|hJgkKP^tRsjHQweI$yju^asEHVE8(eYgJdY9)ooPDvNzoufM!MonOa$ilq zz@qrg8=2rZxi@{OZYNjnJs#b^xS^uyTvJ0ubAKpvi?@;`TOI@S=gI3cmq)SKoxp3m zvESP<`1PJ5cI3I>T>80WShTP|gtpmJ=A~T`Q$X%LE)%?YV^J*VSJCUsHtGC6?TAuO zPGWLI{Q`$#9PT;Da{SOSfo_JPnd^nt>QAv4#wX>~!-eae{&g%^{j zXMB?DgCcr??SgXKYu>6xz1#>fc}Piz(-^^uLOolRan4p&gedf>j9n#Xdl(^#I-~Ht z%v@e;RKRTKyHXi?d8L7^aL-ZH8sx!gjKhkQml=S}dASpHuL7w+Q4cu!g_k@58Ji0Yg9Ugvn}YB%ryRh^aug{G$OhIuJuMtbGv1KFpPI#IN7r?HHGZO1HlJP~$fuLD z{fz)9K-a(ifB`)%Jm~_e3nOyv#*qjtcF@)$ji~s($dw;X}YJSB{|!_U{21qg2ybS{~o@zYGCRsvZ06Kkcihj z;-t{g{7G4sUz0rpCF!0BOG=hMO+?Oy!!uaYz$Dg}FQjbDr>6{L-rSCB2>7**xphbe z%D<`f8X9(OZr?g*Xb%mUe*@RW*ZbzyBLlL&9B~4UP))68R1{4DN|Z3{)$h0wF=@#w z8=P1Rtb>Qm=z|vyzp%f44t@Rg6(|=({9~#{R;T}y9)XMi$&XBRrl)PoZrandy0k}W z8<86U|H;8B^3^M5QaUXW<>sPfCVIFi-BF1&iUj=mNUie2M@>S~$r5oI6ON$fOA}<& zJUBefLo7)rL5A>;&D7Rq-rITP$VT;p#6ETRh%(50t{gmav`;gdv{BPLqKp!r)kID; zMUDPAn~Q;F^%LUs-%$zQLxMXsg0&HdXpyH4PfpmC933;21L+x#CT@fwZiN~`Bgc@w z6ZNR6{871rAVa7O!t{lyCD-SarSH$st@VR@fB)Wt021Z5?Ae4BO%*j2YYDSWW!dWb z@x0EwmfiD84iHhh{h8@XWx9t@kmkYTd8GRbJu>*bG*5vr-BYPzW-Rx^2DyL}81#wv zAJ|x|*Pr*t(U=o}Cuuxj64Vmw#rT{nEVp0AJZ;E_mzr7=8YdfLAX zc?M1uZFohb6&-!WcpVpuRJg;7cdp&AH_9rSnI<@Q!1CmLqLqb(9~G%Oe*6K-mKc%w zeL6{bD!1a`NuZVnQ+5cb<;TgSlK$9Bi_#e|5`9}kaj8JiU#~$4?azQvt0|&@Ez;e{H zW}o`OJIP>Hwq)?_!+olnNN{8L@z7~lBrI~|^dsmr;1hsTA-CVXC1 zyDH&JL|kO-tBe(Ob$iG6{vMz1N{N{-Ie&n)F{3`$Yx9o%vjaj4HvwhUD7qYFUSft; z!5!B!6tv8Z15+yhZ9-#c(GCydzcS)lxn>`@ooRS)$4#jyc+Q5(I0~GD2v_@3EHc=M zcZher?~w0&27QpK-QFOOX9xXO%Y*y7OQMLkt&apN2^}9-Dp$2 zs*mi+l*Yz$DXJ({l4_>*n*cK&2`%aPMAZSKLJa*)=hdC_biX;%CorT|jGA zbfZ=MToFC**?vXM@^yC;BWHP$9I)K6{`oUj`rTgmzJ$J=9n2WuY@Ek!Km$VG@pH3! z*Ss5tws*CD|B7bpexYtBS6!&Gjs$@jU&fzPj^mX*pgbFY_673=s8pEcE~Uj4o!A&c z_T?EoTI7gqSpa0ik(Fw;h`)ISqciiI*e2oE@4tMJPh|R$x2ivs#`6iLEi6aptAc~E zMs_ejx?zht%figcy#0Y8A`7|{4xO-y(#Brg+4K--8*@_z@I7XC>dJo-n4Gf0>V%7B za+9;t1N+?gM%)sfjyj}T*%*CB&oXqRY(U+vA6r?^x$l3Xoe?q6PL1zuLAHDz|NPo4 zlvS645n_WiHYgC;eo5$@zL!GGc4};o%COhuIf=t_-t4_ADsDVRR~t^IE`;-Oe88~W z*`4_%PKyW^AMtXPTfAR^!SJIU9_gf3^w?G|WVbncI$Gnq?Z)-F-l6_k_}-b^j9Igm znt_t9Ce^r9DN*f>&9jwq%(v2$J?Bc>TCQj@`H`;?$_@_W#Ftw<3ewmZP|3vb2JAuQ zX>n})cN?N@m@sVIaXmA%H&bECr4?jQ6y}!2MQ9>E zT}%|-5bBR0na)#MSos*M&umpeacwB0{Ly9b;@QP zl&#p3>eT%c^q{-X0wGk?n3BF4ck5u@ozHRU=E1M&NG)y2%v->3W@HrMYmETZt}_P_ zcVGx0*z!O9<0kTZ!re8EYa1T`e)Ef^1o(-;!)z!+fdNDn#@)y0xqCMumbDa*ym4{z zr>ooFfBvX3oRq%DiLr?Qf+p;@{JjN;pKU&mdHlgl#c)%ZK^|ky$=C&__s(I48j1VN z1iJv>niNLulnjfML2mk>-Pp=h=1s`z*dW~2tAm9dT0|S3z1ZdtB zCP{tnyaCH%>9Gg)6V*&6QFGvc9?xPK@aNByG-V!$>B&neaJbjhNDV+e)rkthL6qM3pSS_Ho&d9WW}7fFt;BgZa<-K!N*79=+Kbh*idmmOt{_<6%P6> zt`OQXYHe+Pz>wbm|F;8e)fe4FKC;U*n(x`GRK$#fH){g=l|DUj^hEXop6R%8)e&t7 zZGK9r-k{JO2RNDt0WAMU9MZ%i`Rq`rD--jtrN&%@g!GTG`h#IU9t!B}rI^exU|%Vk zR#t5r8RLNZ=95s*%be!XVy3MpV2^uaSTXRl5DnZ} zt*52`bcjXzI=Sd}i7`_4dcW*!VPCHF&)R3tUk`K+JXwAN;l07%f0*q( z^44gdn$NEouAMc93D0n)@Mp?UNHzH1b{@Ul}s>)d`P1q*N~rbi1O-L|^XrhBc5 zRz;mlZ4&)cilOv#-QvfEz0db}*HUNJ%m59r9KFob%Z$BK zfIt6+OaAlXnKx^WijFF~Z67ZOzREYJP^Yr(c0>oL#A^BB@>2PJu_8dZBQo3WFzRr& z-S#N4GC(QcUs^7o3{Z(x+oO4|N?hL7G^t0Ps!rxnIv<-gU#h_8?kT*bRemc`!|9d4 zw_H+&Dy#buu?StF7oY`mr6&Ru0g4?VIks`A_>5T_Lxl>VJn(3v03!&2m#WAOV2hLU ztr?dAQypDL(=i8=xGjchRfIbHR6EE+jt_{m+z$`Zz^`*Sjule9)L>`(m(@{Dn&TNW zV`-_{Zycv^sxh29&s!MGc;{AQ>YVE*+imXQhepl*Qq>tYm&tNCnb*uQ{rmhyh-NC zu6Mr4W5RIunuAHo> zAU&Uaj{C@6F#FC(J{B3WVtEW)?i1nk?q5$F!eFSEGZh|tSlP8l+~o{~o2JUZq#B6T zQbzHVhOwPPiv#l0qxTKM4xTS+N&an8(;iuwk@JOmQ5Y{{g`!QDrP zs*6QvI69QBoWJ2Cq{S;zQ9=JWZf>-hwaN_4hUM*01t>)d>G|faX6dB>Re)-zCNFP? zriQpM@q$TqK0pzm+^Nca=%qxb79(;(`wIF(5jn*r3iOlaxkh+yTB-u;<)y@yq#<&R zbHOa0Xd3%DhqLVGo270^q?<2pKlsKvx6z3ABE$p*H3+T&!+0RBm9wOf?I+INzN5lh z4?D%Tyz8>u8FLxs-gg+jr_x%G*0QG5Pv;Tu_`>pvPlXF@V{1K4ehjZe!AL;1)5Zf@=S zpLUKyJPma%hKGxiTtV=3)~(=Mi?R?|zkL&_4SYcnDcIKpy~R50KbweR3?AI&Mggi1 zf8cY(R|E6``rVP$l?Ov)O1V;Vyy`K+p0RCNOEyMq>M`=vJQe>0dZ|M3{qh zb#+-x-I^W6>cd04VmUbCjS4v*ROo>!9@R1p^{lk`vO;vxsuY<~c0 zmLun{?2nX)y@JuZb`jFF;Frx!7N<;w!b zMG7p|DOcp^lHug!6VEu*?H*Z-m*eH6HBlzk5nqF^VQbN{TMDP#+8Crgrs?io$8sPS zIAt+C1LeTSLWGDStqll9R2lw7y=fI+5o-N(n_{zEZX&KXxsH_Z!}(#}XA3v*K2hQ< zaaHbLK%>O9%$TZD!vH2rK$<-up-{AhR@Mf!L)Kn)Zws{0v*T&;p$>&( zsb_L(t?gXfGSV&Qt0B$40EB#0+x$}%f66|?ckRsQMSjtdt$bIC--;wex_rA>79iV} zkO@tf6Eojs@1qMMsmC4>;`k6-0CJSO-u*kKE-cz3|MgZiT$J%;gXleqeC+7)G8FXh zo_}9?Vv=s>T2N8}PdVJR^5K>4ZmeFOn^qc+<5Hz|J&1ecr}i%Yox7b^O4{@Z`GUSH z*|Pg}2;AYR5904Z*({1Mo!(6j%m$&K%Fc%YaJ~?iPMewQX&IU|2Ol1mKUbE@PhhB2 z2~RIu&=S);{Zr=3@>y7A%^K@OUxnS=)`iHd2Y;PG5n&)y+_(h>3p}1a$?`XsF)q_C zQ#{-`;~9Si!eLt)1C0JBSYZ~rP4jPpy7u75QEt>0LbDKQNj3+kvz^n|NpX z4z_~bH#r%M_mZa&|2!sTSjbSe41Tf{+opY_G$@UyqUKb- zAOJ$;z?m3LD)urna;OKZ7KNVgim``1MGF#;ni;WQ5x&-1$2X7kYHgYN5ZA6I5O}+C zO@t2Qm(Mt-r%v=1GQ~C4+s8QpVwOiof<%aEm+8NRWhyqFKV&lT2MAuvR0-BrA98o) zLN>gxcI)PlU1QiB=U5k)95*K*@0^-3oAH=Jw^<#tIw42Js^MDhDfFpA)rOg)n|bNx zX-?KD!0P5GupG_I#pZ^A6wKw`%RoV!ni;u2-5qH>r%;KNV%nQkw_XwRL`nJGR^VZ~Ma-BJW zEZOxcpwzA2(NOP@t`b=$10PrY;$Wr|)#~q^j7AeP=WC8vvx)I&r&Fet`?6r6{;M7s zR+Xmoh4|{ZM>!dFQ$n3U%a77tv^6SqkChOT5~ReCM`ju|pLiG;#C1ZT?dhtRrRh`nv4Fha~)ZX2v0&!W(+9#Fj%P6MbP;T$$qe0AWK&0wUqfgI~kKa8%EGVQ`IvPAN z0Kp%1{RB!*#kyQ>y=;5At-aXc6bMv2@2@N{pUiiE+%B)4klej1*_f6t>AQPpBB(lE z>k%(B5|=h0^ei^QFuTo262=1rH!W;-*?yVb5`TYQs}xS}i*HNCiC)ubDcrpz^F?f8 z-@S{odN!?DVV53mCa?ke`f3bjJ*iv&lVBtRrqO2Ax`RroLOQ7^nR6~&9ir0f@3(m` zH9S;>%+5|kRMj2}Q>a#O?SVYBg&dnVGo3;Y^iT4%|3z7v=GHXbXuZP6YUtSDv z32i{m&JeBeauGk-KjDitUVM{IP)zQhl&9f-Uc`k1Cigcl1-dd!#rfmF^9!=Gv)EJF z&<_4Tx0w}@PY89(HW=Uu#mGHXL77nBdCnnDD(B6~fwl4ra(3cH*4IrMq)LfWez+7~ z7_iS@;V<72viY$jmbG;oDoY3tL=|k`9^(~sA-#^ODh(%C?U0pyeHhSAXz&LL&T!#-W3}9x^}l-y8H%JB50o zaA>+%{9rjyP~)EVi{No!`J+-8)mquEG=oysCAwM`K@zRDI?5bn;<&npkcF?x1E=Ak zOC2;$+W_aUwR6^>pDJ&CMmMbST>D|IN5dM_o$rr>V6)fo9xEj%lf*|isoa$wqi%^M z2R#)Y3XhOlgC8SawpvbY!>^2#x`lfg)K%Z4j0yMRj9sk%rOe=Z1046`%8?K!FF^== zZdno%iS+)vw99oBYU;ogX4==%>ixr)7|h7#-4O^sK{WjM@pl;Dn0f%Yq(5A1f_?X*?BQEf}+@ zg>ziu81S}=?229l!#Q5Bg!{N8Fa*2Gb1Q}f43{`y-6;~WWe_M~LlQEvCK05IkUzO5 z-%m1gYCyE>!~{kwh(bgas(NHTQr|Pq z?M!~v!V}BO6zXMp0ToPyDA>Ut83~$i%q-|h@%VQq?q>bZ2E@4wn24xIIhqY{Hmv^? z3K?*xZ5w~N4Y6%vd}1rs0r~7=T|Eg5E)^Uk!qv2QB`6FV{tX$$e)!$A498H1{Ey&+Ke0&Vb z)@(wGkOvzMQd3v)NhJQFurPkJxA!W3s(mVQ6Qb9ieCz48<2d}O>oa%A_JDa~Y}~E~ z(bGBJIfihs8Xs&Oq#)z}vf?J8b7}V$+5@zO2q}s+AxtqMWMUTxt{SzFaAwIi_bqdF zIX^&#ss$1Y3Ex@uq^H%%dF?u9SGAwST$09J@%UlIf2aA*7+Pe z=CdLVXm5yqjd5+X)y-Wl2*~bR_922X^D+Lc;Juw6;m{kM+w63_v0q~*pLKio)bn(l z2qJj9YRjGfyzN3UY)uufzn{I%1lUo$aa&)c@8)BRiH-&* zwEKpHRB#3k1ys2xT%^uRASxIT`kX$n*M;WlhtyTx@dH>g}ck?YDEL<*H7^hv!q|>9UT)@IJnc{ zt7IeB-5dq@E4DRnr4vq%;t9`2>CIasx4qwHey*|@mxxQOC+hIWn?N7X=!oO(gL5gaN&O#JILA_s~8ZB&BBFIcq@w= zmKL$hh3gJ!sCOV|Xa1ZYgg<=Dy*g;PEp#{B2BiL!)&F$pOUUGlcq13Fxa^@LuJs;O z9KL{Z{kl(4Fi?BeZkSyu4R#415PC#pT&KduChz}C76z3#zt^BjV?~E?B{H2?)s#zu zZ`ta2<^9!|RG|=+VtSIQ-M6(39%lF4PMJbDl$}7uj%+!5>P_u=NdFp)|6=7<)<3o$ zeS)(3yz9Tuk&e0f6YtU0i^+U_9dTqMJ5vFq?2_5D^JII%dr>ca<$I{EBZvMCclTk1 zTWRBAOQPAooK|NgIOI9{6m zcWBl}IXG!m{549Nl|?rsj+HaS>gMq@u6_<)9k#@6VK6(t2cPQc+N`^wahYd}PcwC^ zyw@!Ej1F&i+oEO{EG5MiBUf;q;B5rf>1!`|#b6eEcK49O`}_P#W~m}9^&U3k7_M#7 z;#b~@;;l*~(^HOI9mL8Q$+nDQV?f%7HqKvH_@Ru^O{B!Avr+h!9vcmoU%_U6C~fp8 zDK6_w7AbCI)IbB}tT0pfvGT@2iG?l2B}y!7*Dm%xoS?Kf|-Jw1)jZVrqQ9=eur<7SX2E9mA8Xb$Rn zhDB?7DcX%4b{=MR|2GaRE9>;B)Am_!uAaJD{rN_qL&bGs?UH?I+~5YhI;_R5Q{`FE zO-yFNT0?GxAyyR=<8#`ztn$V5(1>>TEoye&Vsc_Jas`fd%WqcJz%^#L-3|?!<*ml; zeCHOwy2dKr=T-u8^`8FuKUd3$AQ5 z!gDxuMplWo@r(%TOho1f^`weALPJ+@Vmx%vnGnSnR9Deem5W=KE2r$bL-;$L=^nNTE}qek)#-B4)XiE zaABK0lUaZ_b)_;WYT%n?JWkm3?52H)D95W~^Ri(mCgF1JAO(YS{`~5*D*;Pti5m_^ zyAJmL zV19g4hIl1OvdG(iMT;wPQ}30dSolyL+erH$3U~7MTI9(#y0FB5-u!$*5hdc@4B(9X zzc9?5ew=HpOI?~Knkc1*V=N>>C-sNAID6OElk1)c*i@LrLIS4|_{Up&dYqgG*15Q- z1jh}%0~eRASmr;#OQ!ibS)BP}5-pw(Q;%;pfNK6PxBC z^R(!C>7hrDcFQWt_s2^^WufYa3n?{{3ju~X_MKUIPHBMeQ{q1=iQ>2Qz+Oy%@W~Rv z4`Rv*d3i{UyH%QW-RiE*0qL50JXS_dFTlyB@XHJYQ*?Lbs8^+?J7UHTLAn7 zblW9RH)#RtMCAZA{;AAuy&wOcN2v!+xnsWp>*HgNVZA377DSGVcFc=|E03Uc zI9k4rzhe=X$dRrb)A|8KDo8NwGg#WJy`Zf~b>&nfvSdHG8(sA&4i68QfB*t0-zl3m z)VFOvILNSySlvz49Jmlh6y98QF+&nA2^U^1Ss8uLs55FG>Xr<(0L23QU|}2|l$uDP z5=Oezj}Z5?P0M~-GMPbWFMM>xW3gRb#9p0P7jRKrKX@D%zl_GeiE)8!hlIysfaNGA zG5p!~XZW89*$5~Z1dof7cdYk1w)U9HfB&nUYH00{?`UUMpa66mKN%HaUswlJ*W`Rf z=m)=}s8BH6vbCks+u!w1Mz}(~GVCK)i(dj@CsQIEfaR!z$=c*_G~`2k1gK~oA&3aQ zcD)3h{RidZABC(c{P58(($iyB`1Gf^zRHt&m#Pdm znVZzDQ;`!eERgz1`}A36kTu&t@MD*I)Z6>I-QpjAb8e7(SNb0JQnOWa4WYW4U=Jx% z<~5cp)xa0%Xo55k3v2U@PDQU}87|UJ+ej~^!oK`KdhMy{+Or6_RS1mjLcs7-E97RBCWUHdZIY<-A_m7zQZwG(@I`Bu9~ zV34A=dK#?-LoDg1Vnl(cBM4T`iIv5zPfWz~IMFD-rHb$YfNvl$&@|>f7|M`6VA89H1p^GuSRRS*-CmX39I97V*=IdQ<(ZLJR+coF`%u4DS zOsXO-{^HtJN5}egQ=gYx0U)QTmESB6G_W9QMM?^CUvqShQl?w6l^@ZsJE z;BZ~1J1MhwWp{=UgI(f>J}mkG))78${Y;0g!1S-K+q}mWhLp0P)IFQ)SHJDL`?t*9 zI#;}6}I=OF>0Mz(qDG4g5rM9`2XySkQAQF1#G0A zfk$|Q_t5&&Ny@02o_{j=@m^}mhBjhok);7Ng95=}zM8Mz6rP{BTGp~ezuqY!o}Ol* zJOBwH&oeViQyrUSnQ9on6e!)Uu{1BEg`jMml}L=}ezBf2Y z*8|h2lu55Hki)PFU)@d79NgEP-0r-XDTx@u;s*Z{JPlvnosb9xzPl3)k5ay^ui7)G z(4P58q+h=&@nUmq;#Pv5}Ca7aW$iG3B)Y6D2~-(YI7jF`cAe<|#^`a=ah^6+%I`CyETj-fBSQpEfkO z-hX@VHs@)b6uG1}#a_tPyF9)V5HT}u8_7~ROr;Zc;FWlJbWV2Xa<^C=Xkm2T$SkEO zs7iW&5-bF{WHv2sPJ5htPbm&R^X`>MHnILQ^qgld6GVC*yH_;0F%cE}SP z%uBn$zMV6Gb3HDyXuMUOPvCH9IXV_O_|=ajqKF%@0z0h-ssxl1s*&1Y$`9Oj04xcL zb}-9d1NII*1>DHdsm8M^Rp9JQH)P7y?NSAa&Z--qwdfytFHgzSJU)IPB=~p}Vm^FG zbCXX2Xh6=oP_CA%;a`B%LsFP_=mZyh0?`=~XXjAy>z6Q%co_}MO`BBh?cyO*u6Wn7 zWt-HwPt4s9P<)^XKHkt6AM!qTbC3|)&asKBaSm0?dG=p0n#EL;E?p{F(U)*&Q7J_Q zQPe8fiv7$Y2YJ11hNYREY5odS#xduo$ei*ts|?^|9^vaYlo|GPuFb1pjR}XtgG)%W znxD-EN35p~^CDQY(lO0s6*F?v*3QUN?a%DWc5sMW?40cHMklo6QSPZOI;-AgPIj~f z^3~wToP4uTcG-f8a*_rT(Ixj+e(}wib;PmI9%5piN2j|!LZmfS*yNepS_P+O;U@kG z4zu@&%Zqm`^hajz+z}o4SJ?k+9C>pLrl56O`iJ;Mm!Dr|D^W2yaHS^)suMMZ5&g@b z4HDU&ELa$L{WU~XTideLvtY*Z$wTH}l5iga>cwxe9O}~nxqglK``!KLD80cmq3!5m zTp~nPAvoK}FkI=H6%Vnt3+wJi8P7Q34aCh5gN=1!T2|~;=bW00J8d}bP)%~7mX-9t zo8m|c1FzNQ{;|Z%lej2;u8WyGIvS8LC9+k!KZ>k=M%E%8RTDdrggXBE;6Vye7dZ zw*C_|6LA5O2?Eg6IkC-k@9kb{X<}=Xx&6}aQ63}-1+|p2M5Rh+SrQ#SLr!jyaHQwh zg^r3I$4s@4d5QP}@a+_}Pq82&z{6S*Kg>i+&EIonCVCdQa~6t?Th(K?Jn}^?lZaG!K<{_oap$PICyT=O;5f#g68P!4-o@5pow;1Qr@vv0L?oi7|% z^Iu9vDK6UZe9LnHzaIC@BGrB3c#IxrjWg6!&pGUo{I)LMkW__FxW){YepQ<;{IJ0kLUuSd3*BEF6z&*dui~FSOs`bMk5lE}en>S(&*v*?ae?=f5!yC3hC;5~#7}dm7%1z!VcWPmfA&^?= z=5F#TN1zw<1|iQtYd505l#}vfqFE5 zYhLoUBunlgpCqd@4kpPqsp!WkNyd8;*F^(8>;Q9G-@bl7hQ&c9td(5>Zxqdv0;g34 zN2;J?U`w38*xd3$sbW-%$narH6i z6KGX_yt|{Ldt5>EWo3qU29S|bAUSbC`$Z|nrJ@Wi@UAkPmTTmiJ>fa>Cb!Nl8QFnG z_hp9K_-mSAwfaD0UgiO@%k{H{7O{eWgSWIv!O<7mNY*lO+EX98-orf=EfS`pQ63Dv z581>Ynz0cg9@MO7a6LkFIuj~DoQ2Zq+(WpG4K-5;q4n;b?A(3_*Fy&m>XDensU>Ti zom*Ni&Ou`e@3pLPhPn)$>)!4PySsMHPG`s3nzcXR$RBHJYm;bm`lfSKF4t&si}+t_ zoe?#!?>fxJwH=i6x7oPi%TuS2@aFYLq&SusHUYd13Hg~gzB<>#)rAzt;o~Bv-X#%( z7z&qh*9Py7lPc~wuXtPMC5!qw*Ka<3P)ly`XR+|Mh}Stz5d#BcXz@p8ww zL(7EhM?QMY__*)tLXtQn5+-{!8Y7eh#dvMsjw%R*i;#Kyx5u)9JnS2=+P;JwP{8tH z!mi?8I+> zeXV%}+=sY+>8}PYKUJJXB!cT5PGmBL z8dJmDN+qcHT*`lg=oYws-6z068-)&Asm>$fK!8NM2 zIe(iQaa@VKSsOCTBWbx0k;HFLy5{Aqw!B_}L7x`b-PfIA#J2K3ee~@D#OTrTJC(Oy zSKO+)Q}F_!m>inioeGm58#y!tUeSUCN}0dES|$h*s4P;0zTs89caGm}Pk4InzP(7# zR*UK&Mk|%t%E0-9My+>nyy|<^YlRnQlFh}uz#tz8J`4{?3QK~7&cg%4fh9#kC@Cnp zP&y!VmKG%kt{*Tss*~0D?Qq1-MVHq~*WQy%9D5~eq-z}Z{9G&HR1h$GgVsC;@i!xq zOa6jD{vkiv(i+qnczH?ClE4kX$Vaa-{Z{eih$Z3;zy=IP1f6?jk}vK0m1o~CaLP8X zbUWF*ZQouq4DSye)q%JORLm@?Bn>Z=W;3WTnn~(Wg2kOl8L>}Ejj0^CFkm?yWie$0 z`Af=$NIt(pej8EDRDYM5m?_g46xaEMb5iXw)Sey%j>tx#B;<6gYsc&YqdjiAp&^n& z^m0c@Ku`~Zcr~UFkZpRlot~R&FW>0+TTk!|mG0Ntvdkl>+tiv`SEp#f^(-Wie*T7k zwVCkh_L_NX<{equ=P>ig0Z_i&>>zI+^F-xHpW~Ltj(~M@qV~|4p+oB|CJ{CS;tD2n z6OsKNVv_3}b?L|)a;UM9eB`iq6u>XM)A9h)5bD;nak=4c#0Us#9u@b%iojm(!Q4n- zTRAQcHnY2_D)>fYjrVT$ekeDzFmv)@KB?-cjM*mZg|C-?P{!thZehi z2SHK9a3?buPuv+#7z{G-RBpsZ9`=AwV6T+TFCZ2bqlXY*34|3) z<_ZGgE8-B39ew%8Y_icfhkWD+JK9@OL8h1DiIqc>3(3LpC7KFiI3q}~-nK1n+N46@ z1IhA2cmW>i3j*)yEVYB*)j`a`(eY9Fos{tyT2@`gIezO_kAIohH8Y&O zZG2ldx*IGyGd}%b+0*``ljDXyd@hs-J=iBg?;hrAp zoa3{_S9MFK54@^nhR=)vtN{SlX5qiD|BhK3febQfq}@s)4M%Stw}5gc$0 z&6l(A?)?!JF0p!tLPi0Zik86ji#Q&sE#&`5UBH;VTW$7+YOu(7<^-S?tztct{Ij`F zaCKKG$+7#b=xl(iU*6Dp_t9dMM7t@X9SqOKg6w|dW<0(oJ+W#jn-NEm{lT)P?>0M1 ztlDFTVZ{ly>Q#9x@`r8*t~dA7DXwO@x~mddGFEC1Y@7ghgF|{uDpz3M3e-&#?;5p?bH8{=?4~8t18^q5F!3Ef;sDc)lh^Sa(JX46tJWBpX z10U%k!L-0!#K2s{z+1$C39)|uq=Gd;{aRwBVyV^??uk{6Cb3>xxu0yYNxZ@?)+3@O zjA;1|m<`-J?Rlv47g8#STE`ciDq0Up2yA>F$R}3$|JavJ#2{gE9#{s%&z0yO<$yra zzS}Z(vGOFv`X{(~*m9m-8`rlio{2)j8dCBQ;wiB5D0vi{$Kxn1)68NmP|u^Ic(PE@ z(T;@}H}57bCid_gkTVwju=R;VPV}m}Bt|fkvex0(?$b7mD?+QAK)2gl>?5h~8x*a%!Q`JQaCPrSlj*2c!v zFl;ScC8L=$`2vElXHh8{&wO((!;F`%61?>3^TsQ4-vYZr*Eei+Yw@s4F@N2}`aT-* z{{8AZ!bZc{?WbYor`BRWTiEM*B1+E^IcFA7WBJ<~7huhXl9-P*_{K(SO%_|*!fwLi+KL zA1Y@lPdrfqEDQir@e~^o2!^6x2ahe;|94IhVRSpRPuL8)5l(|$M(?Ayq2n_9<7V0j z@0+93K9yZ`5_}@SmQ`g&kuu9|8&b~vF6`pfa_)SQUSJgS#$mo7g$r+* z!wSr7@a8|j3b0@cc3=;V-~`U#0&u`6bSt%-zB2}D9=m^Xb=Kc3Nxs>crE5*Rb&hT3Zos8uVQ}H@_y^!Tsh2v?vpct= ztjWN0h}YginI`rdJt8)qeXeM&-B2As4+pDy<(4k``w~Hm8;RAtx=W(nHBh$iTYUSZ zi@wJ(A&NVrZjj!rvMQBjz#TgWBBZrH)P-Q2mS^v6ZDYTbQSZ)e9l-O7Tn;ODKh2^h z|5SW@EOBbS;WY6H*IO^qCHG)*hW7W$3M}a9RL>QzWw3Q3behouKiG^ojKN@l)V2z${~b@@D95{oGNGTg`eqazJZ0c6t z&l&ev&AiM$S9E7Av&ALUSLIajmH8UViW%L<4oThX7iQ*2p2(jO_XCkO>aVdGbSxtRMP>v-(+kC5sqh?e@MoNXC@2DDq-=Z``~ z$KUUj%vFA*QD_YQMQ1v3-;fy(-`C=furf zi1#-B;-`zbTMiqK-TNL=J=||;Y|7a_@sz@y#|@fHr%8{o(J7WVQ+L_2n8oNYAKa1r zrC@g?#{o}>MVh)<>KWfH$~d5sKcGtxphNcuIWZX^yCbzB4lob_hzYR-ye>CUA3Bx@Q0 z5fkq0UHtQ5Tdt+dX!Ttc+gQO&#WcuA13`{vzKlsz4s3T#_*@*K7-Lg)=o%fTcF8~t9?>#gi*pJEi5&;=>@KzL?k6g6` zZ%mj4=XrBVBy_K-@dQ%W0i(l`v?djgA@!X6#5eTlGweWkPMEN zLmV=vXh0XQ^l_?ioudT{h+zgvHDNm<`XHe(z$ml9CJ zP%)qA1ar6suFWEBZ)os&Knzl#bp5KeO~bX;z}Y6|Hkn^r#{z(CE|i=gj{2M(C4O&d zEAPfh<-F{k!uwOe0%S`yH0}*X9|r_M4VFvnY^oM(_Fn{k^Y-ar0J5t@=-?evAP=1` z5juE>6yk@56bH@rIx6-Cy?LPi_|`fwZ}C`0&y?EwFbXNKpEa-#soHDA`+zt$T!0-T z_E>}ao*xGPj1=10l z{=>fPXLY4F=LoOx5qI2+)yDlys@GZ{7za;R3-=uG5qGw~2roUC_8dOqPSnj+1Ef<1 zeER)gI7ISk*?Pe=O()A6eoOf0H1Ad|Q;)mzyhz;BvvNn#rDl$Z*boIafKToXY8Af$ z&W-!HPNM!4eWLfA*hQA;JyP2JFRi8rCqAbu+pLeovPc|*ca%df8%2h~6=abd&b!%j zyR+cdmrK+1OQ%$K^1P?H+q`cOGn@Iht~s8o*t2&?a;$ZAN4=xx2Cbsj6i-9aDD}-~ zUPJGwX`ykn`DXNxIYk#Vk+8Id$aInpNM{GZ}R|LtG+7`?Zn zUo;B$M}$4Vc%3`2xOERJ!I-(c*rCdE5EcWWxmx5@86w>B)=k|@W$%bqIDEesj#UW7 zrk3wlNn{*zw+NWv8HP^y?#N7NHW54FnicnoO8XzZPDRIlQJJG+jNA-H7COtO+zKh? z&FtyipV{5Pw-)WsWB?JtXkDl?r%0!eB1W#0@6*T3H%Mhr*&fwV)6|nTFIOhLMHn1+ zAm96$_2@>OnH}Nb48h&O^(Irg|FlV%tRyS~V#yy5b%g;SRYjQ&#Y=dFYwgNwn{q4F z*%jN&CrtcK_r7JxT|FDPcDrOnt^2-OnvqN?tk(AH-hOp~wZ>s-D8R|z1g?DKpvu!; zt}I!7xvC9UwJfdkN@c6Yks=}_k=LjbCPn}5{mjz4cQ$bTcGp%+$ezBi%M%4QKy7Wm z8Rh#@Yi*)NzIJ`HFh^bLQGGj-t67G%G%CuR7G3eoBkKN&ZRX>#>-;?1ESH zW9=9-a$Hq<5oJd?wY&F}(VSb!kj-kQl4{O@f{W^GqgJxuIB-jOpK+aM$U4X!ih`0C zB?7Y@(?08Yn=+29*Ev9XN4ORMX0<-fU*?+Yjk?(o%Y0L-4l#tKF-oT0M4+z}Pg|Y! zUeL~LKX{*1k92CM0P1jj`Tp|~8?B z^Xs?Oe98zy7&HJ1o(0yDTxj_B&)Yx0lK~|cPK|G#P;>0kF0mRMujJUfTGL;L-LH?f zKs>BQL>L6*q$`HqDy2$`e_fe&w|mrbXVYt!V}-Ja)oZkx7FIl-YVCGWOB0|<9+e{L zwPK=kVMlB-WE^Z73=Az+=(Aa`Cd*WS>jdbeL1d?Tx{WT#wavKkvU^u&onZ>(-}%s9 zcde_bvB-Egp4jr|?}{%(i+N@0vdVgeHdtesUYiUUbin=ILq(-OxPO*!u6S`O%5EJG zdUP@FbTbUx%@9ZEd~4fQaS{3GPxm<2#QVe5?#Hy?rl z$Zq_ODu&pq=5v>>RCm!T!%p|}CY;r`F;7=-=6$Pf)?Vs452coCB6iv=`eH+)9IGF$ zhF}3+t@=Nq9*xa2Hy3nwvQ^W%*8d+7AUn+g3$V|S>CVc2|W~9mpuk)oDgiHr5QeWPa~&+ia0S31w$!T?eDt%DK}qNRmiGZ--+!k(!oLre;cVa`oTz zg`M2L98|jM@NHD1Q#u?htrETH=!E`hK0qx_DlzBhtDJedlNgJa<9(LoJ9*uJid(2E zvC3u=uRh{gX#ux2>wCR9c!TVDLd&lb{{Wkq_cXSEMMk*uWclPSXV0fy`{Wp+6>m5> z+hMENF8;yjbT4J*%V}R;i65tKIiW^mixo=MJ>@M_;fYWA4)qU++@qS0J^`M(wkCRS zbX153SUakx-k$V~$`7a?nY-i9eij5Q}5T~@y_v+1uWxhn+C?6*0@qoDY>EeLjZ+q+qG(Qgd#(7&)wVZbnbX(QMUsyrLto?y|UyjCriak0^}_> zt3HX0mrK`u);6evm3#;|9F!54I1MaL7uvyh{c&C_V;ZM~+2@;-9WYKP+!hz|2jNsb zyDb%7$L@e4Eo&R*b=-L(sZ#93Wnh#TVqOTwh*N2Gcw zS5OdMZ6)Di2ffI?Aty)4UU`aG`Buv1$&srPi7yTx{3nfh6`^o3X+q%3;2DVI7MLA9h^*IVE;i2KoB$f3`)LH&3-!IEtwR&roR}L2qw;b)N&egSDGr>gsu?Ku zOP`Z2oL0p?O}QN2Iww!2Y>LY694v&6f{Ib(oA=^dU@2DiWpZ@eOLtO6FRIA&%y3PQ z(pDA_hl2g}?Rz9g$Kb}D2PRJ}Uf8@Z{Qpn!#l^!X;77=xNC2@wN-Am^S~|h>LKql@ z3KK3uq$ts1#EKIyL82tdpkUw-kWkPtuy8)~wQnu3!RLPTv&l9ZHRe@sd&i71nd38D zv(>iw#zGkmuwWUA&76n=k6_Tr7L#+f+a7ipcG~Au<0hPDrF_B>o`R%Oq&ea!M?SU6 z`*tJgupJRur!HH#l9*(}$x{8(d?#9}RhtDIu!JF*MOw(DJI{twW!ROi3QMzQu`zps zIhyC7BC1HV$eBy$y1=!IpkUy=>^}%dDCnkOy42;qcL^2_9sv;v83nbcXy_Q3T;3HTB6ClWv`u-Ae*l!UbBWaTBVK%x8; zloh9{D0RO9I;Einp>sOHm8(c!Ss@IJ{V!CQa1m7&S+yEfMTr(8R-AYV5+yY)S&GzZ z)s0q_$dZ9jr zc6Ykl-`(qe%RJ~&Pc-zf$7W~78r=rmHb$A+O%7y!*VO? zL(D;!SZkdghU(#XxfM3qte-3QJ=<=FodygVvdgd$qsHu}%5k-n`VZi!V;%2ACp*>Y z&UChOo$o>yjkh^Y?q}$FH@exaZg;1<{oTFp_n?P80?Yk~&GfA2z387__Nv#t>22@& zxA#8yNSU(;bKuK?EC;S!m?~E=A1ab02L(e81UVfa8pnWfzfJ%VCX{g@l{VJ-B+c@o ztm>xi`eF1_=H+*5+mG|QpZEI_NE8~tU~zcDx?+(ATWWI&5}87!(HTq@o5SVt1wzrx zBZ*WdS145=XKz!T-e5FgzGLk{q135EsW)ZpjWA!67eq-`R1K}S%643jsz?1pL_9sN zHT6alp+}uMb?TP>NR#PozF4l-o9%9YI1=`yb&rulsqw-yb*vMU|Rvn3nCho*#r!3?RaUGA^Xj z#yX#*SzeS?-LzdljMKcV+kTwa{k-2#kQ5CVmg5Cck`-0c4b!q6*Yk;dK@_9>0O?y* zloiDK0pG5!4|}VFqQ` zsH?2|EGokOpP-^9+TVRh4@oAK26akUGfJ=VCJO4y-#eqe$)ok}Lv||KfiQlfrUJ79 zlT*dI%%{N9EQVR8DGdOpIp|8yLDyw0iA>IZKt?`fR&cg=ea2C6dA4Hw08dj-KV#!V zCP0i8lS*Qh?u?VYa*2Fa@>Cm829&W%QmLsem1?B1E4KNiD`C`$2Bayia*)l`DNIe# z_l$&tY-70Q;u>R)3d^RHHP>95O4Q!g_UvgLuxTADA*t*sPANA(#(iYsdJG>jm=;bh zM_9-BTKVm?CmQTXgO!p}`C`4mDQn3GTU#K{*fT<`TY4#aG7?aUaiW&A(uDrtY~ z?vutHUhn)W`FkWp;*HuSWnKe6%v}^MQ9az}c)-b>I+_ZWSPShK>gbkDK#(l7?WV1` z-?1hCZCek_L#ClLv21~B5xF*@w2gLB6oRB|MrL;FW;N{d3k`MRY9-Ihok&)6q*H1H zT6IRgMp9dtyvfAomBOO&cv*gkF8;AXqBfMk@R!-V4_44&4*?=Vs$3BX^LVPn%;Q2T zZEUWL2ovUUskF&eh%k=}skE`VDiI-7t_Bbj$~-Ql(#Gcc2ouVMRNB~F9U#JlGA?Yc z0gzCgX#ymac|6e)%7xUKHWM#yx)AK;Q4a+`m{8_%A(b{ZcSm><07RHj=5ZlOl2xq2 z&SGYea>d)Guol@gLfQ3$J%XEi@|n$pmf|D9u%K`Q^|vDLu#f4=l>~LcFy&;-jX&m% z3#Y8cRpmx6n;|Bye1Cm^`zL&Vf2{j_lSV>Zbi8&#a3DA4&6G4@U&tJF5}cxc=ZpB7 z9%+WBD*7^#VpuVuGL|{N-@=%j*65_NS2{sE@zDf>(^+|pKHH#+GA?%kStrFaH1iTp zU31CXx6=#;YAZn*e=``nyf{)HLnk$!d$EY6Ia%7s4fsn4K_);`IgnngsbIj|qnPki zO6IDi)o$l?+C%D8m2<2({DNV*oRox^C1hFy(HaR1AO+#WOA-1Wn7lA$(eO*T5s6#C z&GOT7Dq_x)^`5#~{<<`ug>B##xTW*nrF0Vx<-kBnBid}i{7H}cVDrMuhkeg_z&*z^H;6_2Yzn*zoe692&}CL28rc0Jkd;Lb8Ubq*8zwyq0Ey) zX=8I;!h|x93#qiRxgJ1-3FSi1Ab7bx`iq-D5Me@@$Awhd*jx)B!h|x93#qiRxi&zA z31uD^QfXsz9e@ZE$~-Ql(#Gbx01+mXd0a@Pjm`A{63RS&rL7eqJCatUpke4ti!jS; zS9-3v2@<=O+=cCf^3atF5=3_Q%s8f7L$IzA(AMB|c)kryifGGlMs!PwVKWfSIJEh+D147Jzi5V~&k(nLR zC|2bQ49qa@NL%p(nbpzXag9wsxWLQuf8g}hudU{+=`};g|L`OSXWWrPC+@PVo@0Zn z0LRIP#G*$%;r~nK@7$ODVhSV-otc)RQq!491)ZrTJ3QF!-x;?#W8GPoW9Qsi$64pB zb?43+XRHvrtd1xpMPmz%iO$a<8puu=WmROAG!&5^Vu+v9zk4B~B*cUSh(N?iNRSwT z2qcJ?V8y(&6faewrDD{K8dO(ZJJWWZx82tL?r(qVO#bTkE#05A4&4caNo}*UW$rdb zL)X>fFdiZEJVJvK8Q|yEKO{<#76u4yAPOewy|=B`9Mth6Lb$s|V&8YP`}!oM>>0|Jl3!zc?#|vAIGV6TOJNx)uFC zeqQ_j@14j0gYJ?@8+!9eARUjn^SP=PVY-y5P!(!L0MApq#($1o*9u)NqLBrm6qjpx zu^+q3Pi=EKDzK}OK0q zw|O=&syW5zH)G)b)n&KsjJ^bpyoWD@{CcONng0hQLEgx&LqcL2+_J5MY;*>v7*DMJ z|2FOSFeaRnj``Xan|85!?_Fj{4{g3%TE4O6Z398$Sg07(lvH$tD>F3I~FPp+0XN$RFt_Z@RtE~}b z9lFlT5vI)9EfZz0K(tU`R)h{v0m%wkTjv;6E2~xAHxezY|NqaX+0M?Ne{bp18=`vL*uSPiY4U*R+>GpsE0PA3>m&(_)DXQZtL~UNGF7TgjsOh~627$!M z|E+5XvQ5aiWD|07){f`l4}ZGuXqPK!;owdyczrWdUdhQC=)YW zr-!x4^mT_i6POGFIuXPjro5dlV_MITHE(p-RyQahfg}+7zflAr86;=`;99hDWdq!s zmy~#*^x-ygA5i+LX^B7y4zM}DoAMRikFtaTQ7aCEfJ#2y8n{x_fnr>02Gw7*^b0fg zTS_W`AmaaB2@8)7c$3B709^Ysr}YkAih*w(oS(*IK1jutDMMn?An6)mRoBtf0!3D(<89gZ+{DsOQv$n3@g8KgLx;-SW zy6Q9K_YhRgdB^nP!TsCszkX!hp9sZ9ZHq#qSW%j&qNwtymZ*<}J{5W@^jg@#*&FRA zg6lIxOO;+IttkDb%n*AW;nd{sOSIPzi+iz z7n>thiUcv}tMb5yA2SlZepux6={;RvwZP~MI+l*4VfvS3E^ElL zsQmm&zRJ#B$cdAK(SQIr1#mmS(*SS#1+ZOH7a&Ap`yc^4Jgzx1Blhh+6R<_w(eZQ< zSvTsc(0Zg3CkE-okEol!f2VWVym{rW&nee#8~m3BBEUWucsk*tIBC+Imm@^9P{(kD zDU`2BkV`Tgm+7jgq#SV4K^2EDfmqo5c{$~B98R+-m*T^ZGX--_9&7Yu%HxWN4A9t? zk3BmMf?an_l{>24;^+ashyL?OXV10Q(PJZx_omUN8tahveQU9$zV-(~tpdraFCEMA=x*E1C$xWascoMGbDReFQUZ&bzD&3^iO9;IvL4_)!ms+n< zFQlJFZ_w&>n!QQ8x9Ie?y}gUrJ9HXc8Pf#MSqlafq+Rkx(h&?H{q}n7%Jhs;{8Sd$9^#P5P8 z00L715dAq|#{#Wx0x;qk0NJkrl9%;lY~m_`-F}-yU^`Ae^PMIs2z(Wq=30@Qi%7G{!w?H@@@FcPh2RNLII%B9-3ajeSf2e(&2?Vv ze`+r&3qps(wWHMb8Re<{+Y?WscIE`w zL92<9n@aTEY)MFj8762^O0J}mt(#2Lu&t#l46Vs!1FAf=O2(?x8lEkLoLdvH8UPJA z1MmAa4OMcfqgn)XAj!qVUD>bN&igBI{<@wNqr5t(X^Scx&Y!`r05{mAzkEM z+B7qLdqpHA*tVtX%5$J?R;M7cwK1YCI>hJaHs0d}Hoiy*h9dyg_wn~<=hM+qBnU~` zdV<>E09p&U_^HSzS=;BB!}27wm1*+2OJi9BpMsLM-5W*`rLJ452YD_$4>)kXAMLqn zF3T3fJoo9ac{X=@wMLf7(b3Y<&cbwhNg5z_7C47lg0zGQj(uA=n@e(uHP9ttlg63W zBh&UH*E3Pq0X+)b6p~rmN-ZG=90>14r}K=Nh--++&03321g;xJUX#x`@K!;Jc!osd zRta14ob}3@RG*;D!+Pt?dhVW>7Q))&)y7e)L3;(lLdDarjumP(7Gg+rPRus#Xv(_O zU4wmHZI+0`;$AAK8_|ATl{E@QO4TP0WY zKH~tLmmRxnRALf<*zSEzsJTR}$*pCMG~qI(kJ!%qA_mkKfJLMdDF8a!rS=)_O)%P= zua1(D=|Hu`VI96xXA%pr43jN5E8(;ar!q7?h5&>!VmTM}JVxr?relCAQXZ}sb-SHEKNRHNn`=dc11%*a(8zjB`RHR=ITL4T>(duF z-3)~!fVcQP+u3z6`yu<2+MTH(%hn^L96d12=sZGRNGi}b*V#Lx?snEJd&jncD!F8< zPP%xk0GCVQ2Dbs@O7YpdVRafcZU{Zz9W?MXaehk&A8S&)cVCoxfzwPp< z0s77p^#QxH)`yoP`D6JDrYDBWag-}RY^&w5aXJn+2<(hHC zb@~OI(*bBEJJF7cqUhJ)?hFmNfLfwFNsSHU5i)su-yu=KdJJ5K0zNs_rkrNA!b}9W z(=aj+x<`wt)ZoNr7~f5wT)24(N5yMeuv?;IU{b56j59iX!qk=3y3SG~R-9kF0WWnO zcC!ZIIfSt7wt8x}Gi@*byjyg&7`%2`E^hxVmIP^~;iCj|Y80*h(f`R5eY+3R7;iMQ z-`4(}gi5Smf^tdQGVPU(s*f41bfDpS#42FcOeXqu{_M zTrOlb@jIY{U)G%E_3ic!OW3lD4lI+Kd2oc#Cdh4!8>*%>>4Lc1Ubt-2JOeN!x1N-) zzI*OA(b^p&m?_O|C?IsWqmiTP6lmP*lojJP7PWYfvp@s1;Dda7O>su!yJ`DE|0Q@J z_Ju7><=!MWfK5BuA-i6KemO*s`?u8*J!^wy`#H(pdG;G8DrbERQq6a+u>;1mMpYI) zO08p=kUo6U-S}-Q^2Vekf$8Q!6S4I&tXdS_$5aVc;#i0KY2#nIcqB4+%N2mPE%M6_z3|1pvj2=Oh3FkI43yOkluH#5{gkArcgOgb}_Le-QX1G>=!?Er<)idkko|`e zr%oD2!~~1kN(_;ivYj}82`#t$aGw2ncF3VCZlhRD1f^nH8!<}|I9ma0k1LZPPzkq3 zsFxaA%Y!rC)h2QL`YpELW?&3VSG?wF=l#X!aS7KdK({1ak62F1ZzxM%_^ zM684g$^KHbu8X}RbZG}YHHy=L#Q?x+uN<>&*4>1T z8Vc)gvKwWc-mJtua1Kln>`U@OTGH-)mRtVUK*a&VCG>-38$cP)RAOWsr4wUqKw?9C z!<2B$70?Pup)PtoECdD?9Ao`uSzw^71B&v5aECTdQzcn_-?^?N7gRvD&7Bx1Vt$;P ztEvq^GLtdN975UA>dH%GlVO+|WA^`~03P)o?knk6>a0@-Y^%=pd<@^iml8x_(QL zg>H;$-S`VGr$JUo8>iM3O3{0O^tMyDgVtu=`UGi5`j-<5dW6c_TDa@&PaOANVsh^d zZu*bnO!Tc;V|#HK0Fl)><}#*%UubKi-NCDyeQ0yzJABt?+};1X>kBf43Vf-6SB^e~ zyWM=Cab#(&j@(*pDFLO0^+_fhrOJPnKTdzS zCfVPDA1Cl(BEjzI&Gh05RPdV!Jl)qYAt3MJn8m8sk`EbV?C%7?N(G=0CWvClPgd%& z83^QYq6+xH7P(bn#Ua8n#;Ggve?;A*|GOt%)1uJ$(cMVjbS^3Dt2PPuvFMt6}F zJm=r}Qd7wU8wGM438;We0Qx`!I5oksA^9h2g_U;Ux@wlgsX`MgMp#lCVWQ|IlBE%U zCt-k=VH%f&SPtzx3q*<1vVgT9SJSK0y65T zNR^}l2B-^yjm5PSYzcPE>!a@K#NuO0;n>g=zPwVJda}rF!&E)cI&F?Q415{`g(?kH z8*w64F9Agkqw8K{eu&@sO8(B-7&f^#&(`niLs!^!xbvd;idiq40U^X^+eUi}GmVm- z)We96#Uznw*dxzC-4z|&2b>lhHjs-mkXv@tyKh3UibH$%Pq zV08|BtuhUo*Qqx0(Nejqad1s>OT`8@&Cuo&36H|){$fUb<+NglW{T{@vJrO+cQA-b z><-w8T?FGvKE~EE-7{usQB4bIc_>PcdpdiY&Ngcfd3U2jy7A!dync)yS*iE%wgz0m z5o_vqmL?ox_3ONK-+tS=AcJClU<;-<-CcDdD0evPx_Rq#;@m`zV^uf1Ol&M)@`ht> zkwZtrOaAC&kJ6zpr(cQmo{E<}Er;;c4r zMz-UO;MSEr3uHO@djb;CwBcYuonMID;1qFV1)PX|Iy!DJ`MO~@cb&5~RK0fJn|CJe ztKgU=SxF1XnSZiC>qjrvag|5B>zcj$^T#*KU1@P26=cpYqopbGy0kz-Hq zL(M5?#*=l4XoBWvCl}7ICDadV@6Pbu#g$Hzk&6g%q=^1f0MTtph=Tsc`qvS2l5?k9 z@y^C~dkTMiQl%$`;Sh0@jnjUK8{PpT&SghBQfxhW7b+s6t$%)&E4(xJwOYzwc>ut-4pw{6JcZ@)3a`DRrxu zuJuuA18QVkGj=Sg>c(Wk=(_gkeA+CFt} zh~(_eFHF}QWbAJ(SlkKnTK`gnEt$(4LU<3^sdbd)ZRD6><+5_I$Whbz8E-j5(_1>m zPWB|xBe4qsFzp}LZSq*D&52VZau$#@>le3dStwN=?J)QUn)W_9QmAHnLljbWYIz(x zNC8WlbhX;93k8xuGUP;8NgnDuauR*#Myw%n_fjD{Eb;==zJe_BkNLsLwz3@597<*x zNS_+o@mm1q$Rs@j}SX!Xd} z0@D86={GU%Z3DOyT&?y^b7YXn5#=Sdvl?~+bgXTN18ET(s{7wh$Xt>#T{hfI9U#Po zCK7T>u(%_942@w-UVLl{5LtZfX=C1)A%?1Ru7`x$A#7)i!xqBgFtf!V=JCNWWZRYFH6 zH4WODD-LkRrT-qSj>|5CUVx*GZL}V%053#zAB?D^2w?&*h-6wiP2CBl1{ z^hC~>9Kdo`Fhx87e704HmQGwIgR4hMK!mE~Q~WcW0Lk)6E?G=Aygj$C3rvLpt(9N` zEVo%j1J!34=ZC-_pds-_+B=?=_nzRIs{rdFgtnUbe%2~``{(>*ezFfT!=9fKicTOL zOL(_>QZoAc28kM%hHZqcc0G)hFOxs=w#~#E!iohjtUt3iUFFShR=S)JDD$~EIUp#gKqjn-c@vL+Y0 zmTG*G4q6SWW36xcC{@!1(CASYX33P9KgVSOE`cYcs%BzPu(Z;rJ&4bn7pRcuM6&9@ zResDN_s*>`dG?+mysAxW1Uwmc-}D{ys)YT}KpzKvjMnaNo^1YFg(GL9lkWpsPxCx3 zKrX>+nMh%QSvn@=BW-NM!fS4%wCTA3L?<^m%T)33NPmeM9J}3E{)h2RSAER$aRgQ) z+W^WAv-^j?khWx&s?bGwpRyAe7~==%jGLo5Ih*-uoXD3hBw(x3DTNiQv~CZURsJ&ZQ!7$(5=-yXsCUUlpM(|>VZfY$JRH!J@` z$pS$F8gPY>HVJcjesdeUJ^#sZB=mr`4}Apwd1iY+TiMZ0uT3A=_LYXk({qQ%NuUbvqFNw1&eBAvIl+8gt|K`fh7iDk=WUXJfw5z)w^W0 zy*@{(r*ohy^)% zrf1DFd*u5ifdnN8%m-6#^fCBo?v(dWWs$7aG*LCXEbwoniC;>N!6RQb4?+yS#+e#& zHg$~s`V@on=Kq9T&ed`2?ejj#xOQ3+Fd*gayW*JT+E>BnAFnxyJ8AdRx0p`~icKGI zN1;@^j0n>qRPa3QR=DcN2(H$?Logb%(O8W}T+kWV1YbaTRcqYuxB9CKs<*Vpg&Oqe zmEP*hFz=Sm9VA^=sbQ`<_$HfJV?*OOHrJ&c~*R3 zsUfW7)?jaG6tYjCGrl?-{!t#_)PpX7CE>|3=nijr)M9P!Re$J-W}f%BEgCu?e_Rba zsDaGSuR{h~Z{R(955b5wS!f`!2R|Mc64eJ-Io66c% zJ>~bp#or9bthMmd_J*5RgU(9pDd9Z~XCsOv(IerJg-MuY z{#Y6hlqSr?I-0}Vg$`RB@<$i8?)s*`0=}hxZA%jq4ve;*i%~f%u4hGtwD4kxmzb*G zkwSy(icITW>f+|VvN8v}!M_oFxUV?!bD)(efsO~q`k?c@Ey6yAFd;bQ1J#1W!f#)= zPz6PStm+p_S6^QFCKe)`X}U3)DK1Hb4404!%Ut=UW%sQ9Je+rYfS!r^WBTP_E#gZ* zbblYFC`PJt!HC<{16RCT>4oYkAp2FK#a=D#-$jn$PKV@Ic0E~H5a4j@N<$=`)x4ry zMNAaKk-P>L8GZErdEW9LPQjK4O#podxyP6lMvXy9G!@$7r{c~3bbM<168(ke$Jkk4 zGS_|e0dI9L!QaUXoDS*r6xWiQZLHz-ui4A#hn=qcuOvh5Z?|eL5CC?X*qDp`w&C|E zG)T6rex29!%(7af$(uMeXUc)QK{q#5zoyOJz@~0xqxuOS$fM=0-wBW=Jipv+l`-;k zltI;J{Ggu21$-w}E6ROFtc_U}#>{Kixzl;pJiMq>@-b=1ZjTXpl0D^D{tX(EOMzvf z!C#wFcsLymcbpjyA3YWbL4xEZqVW+7fy3<6r5ANmWzpRvV+gpK^O3Gj-o=Hw$56+= zn7ds+iVoCbTDeL~6|#fW^5vJ3`8d>&Bp+E~q7BZ;;hXN(@g>7$oTul6)wfa&fb{8n zUuEloDIVja8}v{E+2H{7@%@4D5y*xaA=UJ&o(^&^7M&(OB(p4A8>xf!4PCxSWXZM> zoJiMM1NP|9MImV9ThHpFO+!GkS5XL7j_jcmF9evVKa}urJktHz$m-xQXqUh4$RqPb zRO|!=wa}$G!V$cGYKrsgO}R1COQ|U~T8v%n5|xY@0vN*|0s%9*Be9eMkt_Ll%3yx; zq-HY-YDhOfO{2N7I7J;_K?}&g^OI(t{lg+Y-Eo?L=S#O?G6!C(k|!-OkWG`2;HTK% z+TP8wSbZjOKiMa}lUuW5>;k4*JaNytAMGzO2{T{G6M2djS(&@o=8^v9+b$&Rfo`N4 z*8_SKs)=rxYQUC95q7B_56yx})~tq{5yLH%?gTpPd&zgHRM52UrpDxx%VA;vVWJ#4=NH4et9P8bgk zK&&odU!eRI&T$XRZ&)niG`cqysvsjJ{=2nsC{}(&#jLkt68=Y|X=tv(W_{`9mxb>Y zNtCI>ChJLeTVj1Q`gI1LtZc%XgU|Vn( zs^Rd#)iI0vyG(PXN2vfml+>BF*n(d!>ZzMxK(@i2S#(8&c*qwmeSoeP7G3tPD7I&t zdxb(CfGqqxMi;f#686_1;UW~B=u0D$*6vTexrnDT)IzOf&aM`-En`(luM05zKm|$5 zFfYQQ#Q5rK;PnWE%Okc?a^8CPL}4Z`lOfVr+SmlwJ*o7tdHG>@f_mK5i-T#K}di-V9B-It^p8KRG6Xlh=|F>Ncz2LpYZ11d z5BuiHt5)a=hefd)3cE?@RY#Ews&H&yRs!EU&)zr#F?|Ow)^snmDj9f|!Wqbe{;K~> zSiDzl9zy^`TE?a00MxTC41maK0aXy28wIqS9IfTrpO1)M4!Ut$DD38;N1%8hk6RIT zMd=_xnN?OJ*IDPC@(WH|)W|zFf1>E5x1D7uvm|nmWM zIMItHVq)Mc|M(Jsi>|1rdYc06F^8GIgOcqrj$1{KiAd(O=@z2k>9n5psymv788aZc z1eOo323q6ovy+dQsE%m?`nlhz`b_Lm`W-1jd==*O9#43NPl5IoLJeozVPemqkn&{5 z=2r~zY#{8C+3=xKD6GG&#Ow!+36)#A{O%0d1t^|$lA47jpA+F;u0#z;5CynjMuhS~ zIg`<06(tupzITYFaGX-bB0Qh|5%H$kb1b6-(*)fif#*foU$IiNN52*}2HqU~O=Ba? zAkt;%oun_x-j`lQ?#;!ITO+Nke7^JpqIY!AQKl-C$Kn)-M7UcA;Rgs)$C7nF^aZ4Z z-D{ms^UHBAyLDDWhoG_&lA}uII58ExJ|eGT0|`VBEsqG%)5hHJ^VR*~Tr1?VOJepi zeXB>;#|_TQ6v@h_f-=c(uW_u@%OXQxF;k)T8!1mS#acS#-D75*rEbXf8<7Q0&h{OxphOS#b?u9Ev|Q!b&GHi7 z-zlo<8EK&kB6sGuMsZhDKhZ%{=3A(iK41lq(yOKtO!ae&uprPPil6vg>Ma7eO!ljQ zucvV~L!XzXe*400wLTj{*qZld5*{4nF~x*2Ol!3dJZi45{}20@KKins>?>PxH;VV@ zAqV8FzU0oUzTER0X}Hi#3{ASbY&wVoCL>zEn3*!P_UOW`;0yts8GYz(9yZMA-`y@} z_rJ&&X$}oBh~`z~@!jFWMhQZx!i&7Wyirc=fHKI%NLkLAlv{R~hLlZn-K-6^w8BNC z3PAV~c4n>OLP2QHn9oKlwdUEI%e@20(Aj8HKgc5z4LLvtK7KU9-7@JhxA@DW zmx`ahY_ic~pn>L3x@x2P3HrvvvxIZhP7(8hgY)!l=oYp;b&&J6PgGn$|C>t=y*yNF zNL+jl;Tx*FZvBiz-T;z&_D+C%37(sDi zpv%khdI%%Q3Vq!BV`KPpaQeTO=YCf4x#j<2|1buCe=4ao&B;(17y%>Yp zzkc^ z1rVX&e_xf@^(}VE_3N#%Dgf17I)#MWx{n>}(&ETdAKiSTK$n?`&hL_K^RJt-*3ehDW?T9O(%$3w>mdKDYP5D`oS5B#}f$M5SkhL9)dvGs8}?XRzvxx z&_n>Ukx7py4Nj9C2O3_}B|SrpDykN!aSbKooM}Mo2Gi01}ZM> z0Dh!c)kHT)&;2FXfFnm25HWQVJgB_7Yw=1M3p4>>_Oe?3h%rk7AZ}3Zk$aHKT3ItbsCk(Dc)8I5&YJrRqn~Ozuep1#>6{ zrxETkt@m=O0NEe)dm@;}Jmx)U>vpwuAK!zyKX1x4Zwk;w6h>W1{LTP>#D_Q*z9S)KO`9sg+M~v! zgR&2`^-KS|DKm6);Ogb*$Gpb{UjU6Gq5Kp;GX(@Lcfgyur3WcyW&dwH?3!wzs%pVVh zE{>zbQ#HeAI(MRo*(n5SM+Nb|9Sm74$tQ^uT=FaKRH4vR(v+rOx~w?~grBet7n}H5 zUN1Ut4*%rgc)(4K>AK0KO>2~X{tn-ene37WawN05xZ;jd+a~8{}QmTHu{JvDfQBg&6 zOGeJ&Bkf8Af>3O_)F+>7B{0U0w8A5z@_}YY)5XJWDtI!I7%x74kSAk`KwaL+yc>d> zu})rz?1Hta% z{#Lv6%~uHmKW--PN+^cs&6o){$+n`EQNoNSPX212m-jSG zSy-hM0>*4i$Zjkp=Tib=&WNw!fJ@Pt(}Y{^o>MBPug^=yAQ?(i&(+aPEd<^tHOR3~ zkP78FeX<_jo?i!Z;A~E&JJVHho}vXOE0O}vbSoiFAsJ7@%~-F3Ev@wDql6+*0U8II zvCfmz(a%REnSc(Sk6)8)d@RMHFL)H6WdpHABlhQ5%}G2 zpX?MjEvrmC8BC9T|LQo{Izn-(VGMA&Lv_iI4l)MsaE^d~=Ed%Sgk=T4!G*?VrG&M5 z97q8N)qkPMMg2I=4A?~m6a4e(qae(`+`?nzlLT)9^D2sEW4$G-NtcI0QMj)7<)#Bl z7%ZE`8K>3E>QqJhn44YJ$AtW*ckF1FkJS&6_v`?&FK^nW>X*)81J*rk|29-|o{^jU>AHUbn?Qd$+q0l&&{mx+As+i(~)HyI4txtJyGNYX3 z9fbADJz4p!pHHi`-YZFP!wuH^#|Ed_X$3&ytx#F z_zlA!VtkE_B^l73P$fdZoU|7!K{Z(D8#I@s6<*y-QBk&+cOrDykvP#<-JH%;cfc?| zE=zOC2s2}ci=v}nsrE5kY^G-|)9-+kjN+>&I!%D<1;UOKXF2=N5$Jn#n%bJicn~D& z=zyyIXAT<#T5yay*WY_AwdpWuoXfuWOkPe`l0a+T zmP1_%1oEIIq#-wSq)A>1ZH3v$Ifu&*+4x7uIwBH(T&0Zn-l?o=E|>!?N<1sv`uVhK z+uf1`cU*71zdZy-Vls<2=NW&U{nOb2)t4@eQ8F>%0(x1QT+pqHsg1J%xm3aX=u`9* zfhV7JzuHy7Eg;GZdrr)DAH{LlHq(^B%nHb^=ACE?x`9s1Lvnws6q^q+l&j6cWS{Xy|&#Ox{dbg)R4uS<=%suQuhX&m4`u(XFn*w{uYGS{0 zCwJ|oA6Kqm5?^0gISW4eqxoh$vmL(wy*zZu03mvRBXtg3uq*(9Wgv7kioElNU9Ucr z*P+1wJF`(hoUy%);6={8^;iD=vLUa18*`J~`c!YjpVN!`{!iX6id|B@DXesBRK5*2 zDKJWQbAN$;$-X(guT)tuJQRzAJm)sxn8lg!V~%tzvyijIb5n3#1VwSriP^3LL=Jb< z1Rr#lLv{^kzA49z4VE|lAgAKJ8%L$?xVg8#|4?=T!ay>ED_7y#JD7xhq;K+2Rz89vnHk1U zMf!l#5Ol7hSC_$dEd^Q|xt|XP48)Wj095p2ekg9w2c;LP*%5AFj$8XHXOW1qU0ib_ zpCRYSmF#rMDVsz9<~d_}$~S-EPmseY1(&;wCnSf}Cr;lIC`xKrE4oHa2007*+qF0Z z{9+oG@7$|_vsCosyUKY1?sax4W62#hBw^mXi|M;{ZFkEOs4Nj4OqZ{(tQ6PN9Q5Au z@#hNJk+aAu3d2gGBy^Vw809TxAa!RrHJA76UqMzy6}z*BIAfd5yg=kv*jvI_$smOM zyYBQ*2mvsNly$7{?kS5l>IIx%H)3h1X#jFgz zp7IiIJCsQWKyl!lbl6o$Gj0g7pY-g3)fWKpOsn?$)+lKZ1dWP6ImG3yM5GAS)s+AJ zeuV-{(3nljpD!PQ1k`as?d-={C#4QxD4Zs7-_BGvz~DjVGqI+CHoE%REXvb^7N`ks z;Os90FGyy?iHZy+tN#Y^Hgyhe!rMPHDl2CtJ+`rY@fDJt*RpiBbsWc~9@_(o!GSQC zIWE=N7I0c^s3!_0IwqY0;O;4Em+4u7gZj~v+!^Zl@?*mx$U)7ubp8qBVc~Y<>Ml@y z?Ea}PqSsH_-*R?5zT8P6eWA1j1j~-zZWmkGHtbZzJB}ZB#;cgKOvPa5eMP84^{-Kv zn)ivf=iVqfrUBZdW<@Swl@EI`LSv!@t}o!&fb*PoSH1^fMLS^9116g@w-mM^eAt;( zw!EZ078HYtRwTvD$04Zp?>|xsUTMzKu^<_iaNVdf<02X3xt3LO+VMxW)_#r@FJ#NO>B#|QTBXokcj_@)+j5?v$L5|W8VJQbif2i1u&eA-Aubar#+06+C%vsa zS+btI^9GofwLQOf#M#yP?=pQgnvM|}t%MyLO$1N}Cmn7ZY!@8HYtI85q%T}PzdZ?q zP@dvwHB*{DY%3ZcuPk4|^$1u4c#cWDEhXS=h~%GLp=j?kW-ngSCIg|RL^|1qlUb%g zl+4m+V;V4(Kn*-^gRNvMe;-a~UaRq!XS<}kD>KB|T3rAu)$|GZZJY^q&RDm^72O72w+SZ5}I1<16| z>2x|nv-oVBB=)oxoJ3xeHy18vh*Z5x?BVCffw}VqM$KF1++<#|<$^}0k*7Vx7>PoH zN_>mR(y(^acOd!5`A`O$fdnt&^jKl+2`zFWv@*X20s*Xky2td5<&NHG`{q`in_ey9 zfYmAgr9p05Z6~Rus6)N4y1G3DgATa7ZdAZ&Z7DU?wPer+Tj#_APIoPRx?kWP{Y#Fe z+y(ZG42)3ME#SMxln>?bnC0;&*KHVu*?;b8DuKDw=p7!`8PPCSp4`VOoV1EzCOl__ zlVP)P4_0IHt*dDD`aU+1xl=Z&8qhhFX2ZnhHu)!9AK6s9tfHjNm@~PoJ#i`DJL%RV zIaN-3kxFTRt7S$pU1nTQ7lw+ID&zJlxdl&`Tk;t~5Oz##?Ku1Rzp#pudF{&ryahNJ zOGb52z#mLXuDo`@$O0&+67Rhe)GP)M#Z^{e1)`H$a3Z{-um(oVVf52oru&kJu^bL} zRc8x!4ltLdXprj&SChf>XKJy>T92p zKdtR<{=Fc@@y$?7|EFO^MHlHCm3jWMYHm`vj#stX%q`vZoVIs6d-b<(3z~cXN@yRR z3IPvOF&IU}^A+i7-v)J53P!(gZ##!Q3I*15~NVaSI?lXsZD2hqJtWe7`8z~$pPRtFI$$ndvy-szW%G32&7s2Tebq_kmB3!b+^lq0AZT1z`1Jv% zXuG#J$Oi6<-RNxp|bAwo3BEna#@(3r(Ht;-FqY10ajtJ3c*%V>UBB1kY z`d!Jl>KPSx$qG)A>szUkqUrJ9ZBrK7H0Vm-_?)MI+1#b1YOyk+5jCy`6>DR|A1MY1 zPPA^6mIr1SJF6V}y+qb;(^}DI=OYT)ex82Y?7p`*9P8 z?MU&wKCga8DcZP5EK2Uft}A9GJo94{)=>mDy_vtUm!sySZYdQ5#ye#H;5H=fXLry4gp0FZ|2dZm0_g@zkvKV6 z{;g&k0?WGX48= zhs;070f77~4=*q(k2h-}+W*y>;2{4t6Xa|hm&tyd^G{q@iA}oGpK3l*oj;ZWqGr_rPuL!IF(8pI-&rZ;c0(`jHMkCGX_r>@=G%oGw9lmVqXJbv_J9zQvm1tKpe z6Un$)u@9GvRa*zs=Iye|k$(WzE(4SY$)C>QGFxzPde)conF$bZ07l@CSsA~a)JCE{ zB(%Vw1R1QodR3QO+Sslmpm%vpNd~0*CLuV(EWa>YO{`w?eRyfi(hw{9-12G{{pj^W zKlx+t*ru62qf-(kzWA&n6Brt{V(3CD+BoUPWg+m{duf^FLhl!&{=_- zCEljanzF#psD4Lpyy^Ll*g-^{|JOGptVabfB{FXmO?HdKlgsVYrF{ZUXIUI_X;Bq5?-`y(njf<$7Kzzw5WghXrRwQ6SDGwfq7a2>XAda z$&iKYIzf^U$1?z}CU-|0X>UfvU`ngaHlH+-A~dLVolEwu(D_iQA4*gZHSuTlKn=Jp z(1cK6v%LRoRYPjLdMOME;Y@H9wsaPMdgpI-*r=PQRc_p)y?KGUgcfQVJBIW8*}|t@>c2%J^Gk_&6HB{c zHHz|zuzm(VG>?2nvf;DS>R;ZK{Q5QOZM0C^H23CEz$aK>ssG-^b3jm@dW#}_rLQB6 z-c~+GpynR*MCM{8`jo$${PHGU7uu$K&`l&pHrB>tuKg0KF} z0o!TapX(pSQ47|uDqYD2(pE|&x=fXA-BYVsv<}ACj>ZTivjD|U?Cj_$qza)1p2`4I zKpS@-Q6+Xf!nIckpVDLKKM4e;IRI&331=IGJkhVgV*put=194L03_-?-xuXSHudlC z7M@IEly_UvSu5JlEFYANdv_oK{aXLGf$7)-=Kj|rnpIk9Rc@VVlmJq`#rHicVJ!v2 zBgtcre4B}KqUI!Xe+|CzVStFgaidS+t;?n@%l9&KW2}C#(;6M0x(><1n;wGSPoyiu zjCN0ERS9c8O6?Ih+65+{N5V9S;w5(R%=s&=TfdjyeuG(g3J{5WI?X?me%GLe07pQ$ zzlaiWK&v~!+5bT8Jgat=14l&AC>h=E2q6E1RO~(U8%-DxE>3lPNng&S<}{DHaRoVP z4BIjur#?hCGjQr;wFQg!ZCU!p%>G<2^6XS^^A(C$iZqv>y?R%!-2#kO&%CyEBNc-> za(W+F5Su&}lLog3E-4=vH+fC=`KphQXk+R>^p3*y;L6yb1E7Xuk>?O4B{ZQm** z4e;TB<Av%o1q+9Lsudj-Tz%$u`d%6jEZze}k zKyJ|>lg2iFKMf7y{IR@TnWPkawu1t;G=%8~e0V$e8rEevXg;Y9 znDqDT$`3Glkp~DAQ_<8=SM~3ot?Ho+j7Zli>eZ#^K>-|6fAxd894|fxHj-)9#UMuu6#|O z{*PJ6j{qzK@eC*Mi5EX7(?13pU?$7F@n3CX|~9L0JO}Gez<0fbeu{EEOa# zUBKD0xi((ivw{ikbvj`RfVMP87$K?}%2V)-DG?eYS*Vo}egG>&6Z@ z(}m`!dV9qvh;bTaS$VvEQGtKLh(vr}xs~0jQ`LiA1BL9KdhP&5;1k2%cP$Z9%Le)& ztFM7)6Xk>1WI}5FC0Pq@gAXpO-nM)HCSwjd#q3@_*M?D|lqc@x?^USkfY{IT6h_^^ zt8i-d4Gp18)Uzcgd28ovXbqe7#p!22k*3IF1YG1d?to72x0X-cO9=D!MYO}m9EFa; z#v4+-OmF%K7;t@tNO5XBDamJ+y<2jV6FLv&u10rk##tRaHUqKA3$0aCA0&qPCF{H& z{d8OBUt41ZsCT}|*$e2ROXF<&xR`JSh zu4dbj&%GrU#Tc`G@jwX68tuk#`h)e0`*To?v7RUffX7S4^Zm;6BR@nhJsxfqO}I8Y zTY+#?s?Qv(WwpR{fD|$nE*K>*R?3fr3r0ZN(**v=jYI!xg-lIZW@hSD8%3d0L-%%= zf)OF^P)-F!2RrDcKPbLK>B$1R8!3x9Tr0UJJ9dus^PoMw_a`Xdq0veoD9%uN zytobPZ1D;GPumv*C-W37AEWh-6J~ChH@7}Juh=oxCy>54nTfNj7x<3KLZ?zSu7EbPr0i1lPUP?W>s_j#3J}8bb?)ZV9RnaP`zo z%Xw?1KI`H7Rcf0*GlS5HTL8d0F z1B53BMZywzmP2jE0n!^(5_l zLCdarmo~f&+CnrNSn|fK3>H%}Ux_*k?Th-Jlq(Bqtv8$uFkPixr;s;&WE}L`MDKI_ zdfoEOWS4mED?JkrFIf8WBQ{*sBYZtod)AAW9|ajH%`UEe#~abKXmdV{p}by0RN1Ud zk6~7CSsK<@c$J!Un7DecDvD7ze_2>(9SYXE2FaSiw9;IPf9Q z;>OssBfP`E@@awrws;?V@R+T1)>gWhGgyR=-p9xL?E@dm+Dfo}gieN*z(rfU0_+$; zK5T6T&b_may}meBSI=ZTYuYx{!MT)(us)DTEsd> z4F@~|cxBPF>l4#?D#rmf;fFknF@ylGC_dxF7^ib7>|6jH1A^R#gVQu0KAk=9xSiq6u*7kc2!#?N9tMb zTCVecNrb(S@b#gW1C$FC`kTb-OW$p0DZIl~%AH1Kb;34b*}2<{B=71PC6cMq%-55; zjZtg?Z)wBw_*9nENsGdS@Fs?4-UEVZQcYgcfhZ?iw>G`(FkZ=-PnoDZG@W?TeOvGt zSaoU3_Klmj|0LTsd8p>0Y)99H$_?B0{&lf(M4hi;7`Ja%C|Z z%&K72Ra|Lo8>|4tVt&9z;*L4BkBX>bsD-B;Sym#&v?EEN6k2CR_#_S-C)3FEv}RJ| zCQ~(lL90nU-o%hX>HvNqOC&{y+j62D|ny?8IJVUbDQTX4bL>BvTNaCxtP+jVbus(S>s(#9*g`@q{lEt;D zl4f0A6qMm1We+YJK6bO*98nV*U6pAqdGl&Nk0=pepR{3yQD#cAbFv1Uh2Lx@vOx#P zk?t_YH%391pi@r9NLSZAiWW-XOd>^1sMPDRx)k50Q+r3gAN5FnHliwghy1xMYrW{c zZ)vEcL~Fn6jH8ZY8ZIw>1(P3trd7vV-zGy}Nj=G71h~L?e)MCW6cB&Sm7PkY$*1uJ zIGyfzKya^TE`kGK@n${sJ9!i!txv8YpQCC3QTz1)ib;eF3_2tmg^uCj1FmIdXO2Zg zpcfd;-4%v%3^-2JilFAE=bE98;gNItKj{XtfyGMjg5s0|r?gcdDdG#`IM>xHPSrA9 zhFY2I`&!~{%_82t*3=LL0~q-H;pJlf!7VXE}ann5@Nx36iTkUePr=$VlP zL4}d*sW19=;-~<}uJUwIWQy-Q))MbMyD&f06ot*vqi7^04 z!kyS*j@L#`*d^L(PU}#_0W@_n(*MfrpRpXj!mktqi58)ZH@dR zkID$1T;WOJiEGA=qvfQ#iqc4N^1tLa_F&LGpq_>DL$k7S;vOEX6HUTG!Zj+d?SLaO z&De1clI`&@4Vtgi?M3J1@0G>W3N4pvhf(`39h#b&1qEFntJ+Jh{KPdEwW>y*bg|?h zWZ%no$Ir|9%+we>J_e0Vyz0O)Vd>`8o@?i!%RpKqg*5re1fBs-kQ@BqntUAooHA(& z4SZt%c24GDYPIi)q^^N0_JD3KI}-VA+@!ExpPnv+M0P@#tR}B6s=xsNsJI`$@E&q) zc;IVVjU>v?koYNl!aP>o1Fj>ds^Yuv7Ck5?coSssTRs_4Ws_Y3oEDLjZ%rZhhGzn} zqMz(K)*Uje`9n5LUeO3|TH+U)JHFM{EjwV$nfGwE=Uf|~Z(GON*7O|n0}ts1F$;)< zvcSk72LDyHtoffgJ6cQDy=QQt7q1}j-kbLm>J1Nn{-r2K25a%EN}a_$)Typ|$AHUN zYIjcB5s%3%9DdG{MN+6Y5`)Oh zQ@?<9s0siJ@2il99x{M6+MQjUojcBG5~sMYmxIow`X<~d zVne7Ju)afxFD{PiNRvVq>`?UIiZrRWs@A{>sfS*AgG5{A${2`Y3;@#(DzFe1P5G`J`a{S<{dU2p%lJnPLa4q(*z?IKCZZu=kbN%HKA2 zsv9;vIvl;Xu7bts9A7!6?7?S!jd$Yl;i%oqs=4(CkQ*hL;mlC!Yc~rz1N0s{bma)y zKhuN&YKe>K5jD43K59#DZ5OBhCyp3*00*!`Q_i!^D_x>|JE)zRoNGW*e-d3Pd!x$IylVK;3)TXt7zt3yzF+)a~H)d zH^#CYReJ9cNjO4~imYw1!mp&>sREmzRQB$2#p~K^;L?^Fr(!j*Z-LxvKgy*? z!>uA-UkuIGRBE?f9-3_xNxU*MTMNVka;_xziWP3bMrA;X=1)qcRx# z{s4hiEf26h|5+d#0MAZurpL&?-{r^zL|;8M11$O<@T+HwNzqTxM+K{az2AHHO>PFP zPktwH-UyCDzzF=_4JIXAXT85P?rox*McEs2LZv%)9-BhtQK`61K2Ka*)D657E%W>H z=RhMOu-^%`>-&rf%mt=V;MF}Catcon347hHI$utPdK&P*qt1w-A2;~k?@bU-Y7x<1 zkzf5MVcH+Tht#x~SNw&2G2Q1(B|az`r29n?8K5E?@XCK58W?(~v})#&oC-_WXj%C` zZQRwCmMAiH4xn&RRa!!ai3T{ZLG#0RY8`<|@^1%QA5lZ6CJ+xRD>PbHetp7nn=g7^ zIONcX-`%j^ez7UAhpZ-!XFOCGT{!&z7x|G4{>UWK@z5?N7%3hpG5Xyl*%{2XlaPxV zLH;bszX1=LjoVgqs!*W1YbV)H!HMi9aDx8E2e+eS4G3^b6- zDFcBR`?CMwkNzOi>GNZNfTQPXYiAh&M)$nMRnhh2>}TY%`F~SW)r|`hAP{W+suS_w zO~m;X_)psq0O?8A_;}UR0$_-{5s2-a!fLwpf6hX_Ns!s5JN`>b`fe8TQ?dZ*Kb#VW zIHawd=*PT9N-PKH>^h^j>r5nBa7KZ0Ll2a>S5Vtv@CIOfc@}GXfwR35#oor-;&g~W z13E{ZII~9`d!`Lo+Hkg#iRieEvriFi$vk_G95{fv!%M8JPe9qliSmw+T=J%tRQFkY z?$onelD&3gIj4guu{BjS#JIZ+8n@zc zv!^V#w@@mLI}6Ye?!>xb+J?iuJ(+%d+cO&?+vjp&%5S+Q0?;(1&g=GSS(9G7oCcRN zV1JKXdCNyWANtQO006R%(hI)dGb6Ophp-Zc4qBAmQ)8IDJnWA(!ot%4?lG9i} z(^O9&tII;6MmHdC2yZm=Y(lFThN@*MmWr8jUPMY@;Ba(*G)hI&_x-!mV8VwYXw&^L z6*iE7#pAleNCuHf$!C70sn+f&#r`P}GTAI#u%qMkG1yWJTaijAtRQmc3r!7u8LIsU zTI3LX=B1f!7wF}KJV??G z1DRr^{L&?j&g*SdBjB|!{zIjg%k4`sE{^rr{?qu*vlF*M192|lxHTK_l^?6gnL4Vs zzEl!XDyci`<=p(9P+dY=(>RzS!p8f`d~~$2!i=G_}%LJ zT9oZ zcwnH%$bcN!s3Ls1T>?-5O1ltCClP152`<3H`upuR0ARV?xsJx023ZelQ+?~bVlRGlq!$~)p9 za~ZX7J&&}oAP9@aTz-?akF!~&ywoF1?iu_akVC(d`z3<7AH)FSPqwzUNd=9BCdp4i z51Q&a6K|-ipL}L(jtw1sD>}HZXKG)@1pl@j@j3rLl?v@7Q2};+xY)_zTspX6g!IkF zWaC^@avlnci!6F~#KSb@%4)X>hdqli0$gtD!1akKX9bgWDH6t^F75Hs5-#ri zpi4ub-WBitdfk(EIf`3duYp}sH5MeOBBPm7B;kaja0HO-=Rh0-EiQ5M%a^gp9c9;l zU1RWDkAzTB))od}U$BoiI7Z321iyWJ@ojfl>#A&gc4>Cl0D>1>cDq8O&zo|g_n9^7 zz>Z1a%==5tg^X(beA>9+*wKDH6Kau*LAN_6JNFgwT*CC1d=8cP{o1=Yt}y^=6#fXc z`sgQW&38)@+)#bn*)9E!5LCHo3#;0$Nz&5>&F7c(xc!jhOH|dcMQMAZ1`{e*neITO$V9w}&~@&4%Vx6{E%Ek|cQv#K@g(%LdjI`vj=X8#JOgjSvt zy*rCskiJbL7{C%`c+A>8KAz_eLt~lb$7w~e;uJv1lCApC=48O>{c7BxK9F{;AT!IG zU2+>;AoI}0EfQ%O`tC?Kl80Q%^?E&?%Im}&xeG0(>-pnDyBADI-BDv#(}e+77@;8w z@6!4B#&)SYX0YD7GL)5%Fc5j5xgXaCJm+`uhvNA|!PPlfj8c30^xPB{TuK&i7c9XO zoDE9hrDlX|)|3L0zilSEiD(d?*9Fz!c7HqM!46ehadBrX6bmV=2nyALbc!9Cg;7H^ zXWua-ZXS84gcjx&01Wa{S-BW?+pb6q*kVCYp$3AGmO5IB4Ruxb#$5hBIdQM|pkFu(xh z%_%o+2TIXCtNn4MqP6}*8y6L&gD@gD?yrA|jO_AQ+Rj~BlKVC=%c`m}Rns6E#H^_q z#n(FlNUs040TMC>ar9oK?#k`z;^-6`^Bq9EcQ1;`bgH9mRbC**%kkK= zFMiEHm!3hO#=0YlW-P=3Q|bWG(+m1x5YgY1PJpAbUx}1WNf^^ukOAwAKkb@YU=*s0 zN_$ct(vv4EA~9h{OOgr{$#bam90sq@&q5O9r{|(*?{F1cd(E`gXF|;2f>puEcrlmmB+V@_JW36AG zsd!QKw*+C|?;-kJxp#?}IXzPEKVNIDn7ek}TE|0ePh?9%-_yV|MuBXtw<#Y`&+iiq zI`RkO;9I?+=a|=QMD1|$WD|>XR7MFi{;wY-hE*C%JGm=MvQ+J_h>p?CL9Oy@s*K); ztO!)!UY5wqtBpav-6~g%Yzj2sOvL`pSN}r`oevnV{5q82?<#)3ae7GUN25A*s?6AbEl(EjwX$rB_u^^UvSeqbi)c%PIEWqQ-@l;Uw}8 zx+SDg?s!%Ufu37Qza|>X;XI0oJ9o`d)KkMR%);O_`}B{*ydo4825;p+pFrs(2MS;8mjO&d>M4&oQx-=}OY{en={QIMsa^zPCKy}bJ{hdvTAzn`a2kARuEZZ7iW=s1&P) zhuwpN&MBN6!x8kyG>*7S5yR#>7|~78|({brz-0TVvAOoXjPFpP4T(c^z5Vc{YWk{ z=l3`>UB%~#hO^KEHtyTAd!Ct&@DW47p6e7OCI(VmWW_z4ZA?T`%Hm-ks6lhcZGkcb zhcer6MRX~EZwnzu8jy;Xh4Fc~pgIEzacESXxSN(=QNgcX$gwB%?ws+@GT1TH9#dI| zDlID)=YO*lY(gLfnw9q&ty_j#1+@)d(@!{w+#Sco?2&bzxTndVT(3s)6hU}G4xLE% zVDDHdvdSe*yFAS`Qj-7-&YiNwW`Eh-N3XzP(D zbQ?~%8YL0KvG5a!BGv(@=SY2Nq8hMS`%gTatMUg#jL=9ZqnTC^&7d?VBuSi|IPn%R zeX%NBOl=9F9cH}J7q~&p7ITu$Aw@U@6Gza=uj=D^Vydhi79*DnJ=vb@f?KFuxvN}y zRu|TgC-OIJ_QFit^=Gv5N|qaHXuox6p)(huL#21=7E(h*<_4RpPfyQJ1}Oh0Ws&~g z;ptXZ#$@qkl zaWL%OQKa92TZLO{sQOp?)J)UYv(vgziT|Z9{=H6M-d@LqnXs@EygAAp9ca~5Q@?;O z7;|s(nK#R#Z@gT!U2Ohb^@*|Y13vo$5d0zOnEv)wtanFUoy&V?G>SIKo5K{=>u~xM zfRe!IhZ9%TnIO?fE~=_A@(VR;^(x3@`0?wWxUR5r&7aydZL+ZRR-1?RqiGI#$qgLG zV^U128N`cczzu8X%=udCB!L$l`JkZW?G|m#-bITdq|FZj?l7?V+Z0ARu8%&0x=p>J z86AV`i%42EYj`p4Lc=dFi%`)Bqb~Cmg+~4veYtNpGSDe4YP$kQl z2dI2dXa4aAZ6OO`BK#gCY~Hm98NII&;C>OBc73fa>w}joE)Ux}l2;iL<9krW^UQm@ z#2RY-<}NS-raAl6nCVVf3w*|L?7%v~s~7HIWGy}j+Qo4=KJyd-k0Tbgma}M+Gl7XF z>NqDAx8uH9lAh%zV7#qDi6;iy=CC+dXYwvL(Z<7Vgq_H~@aZN3=8NpY_d7vyUBUsa z%9!Y?5XRBf9p(}?{);b?@}&nfE9t8;!(eTb&GR-j(Be2y_aKiDeW1}GbF7oq8Oo+m z`eLZCCs(TKB1?;nX|wvNczII)?}ai`86dy`F)W6<8gTfw05w1F8=C{Yj9w+|1G3|S zLXHL8U-zN6EXsbVWfneTBW)#k`0XzU0lW75Ew1BeVHDF?_H=`*O~4u8-CnJGA0#`t zhGIIHU8TlZfradZ3jo;f@$Q%=KB7kCf=(hm=v)-Vjw0mdg)4hC7!2I)2Fg5|K7!`} zDE&VZC&{P)EO{X)USzy^cbU-Y|;qeW3HQ`sM|1_c2boBg2J#VKuI zLSXca2)9p@N%vZeC2@?}Suna{^28qAxltk3M$gNn+7rFHUD&%{( z(E&Qw_A6lRkbkzs97T)LBDw<7=TAfK4AKu~P!7&|pM>f$%kC1^BoVMMlmY00ZJ`R# zdGr`(gG8L>i_SOkY|Z4D%haebjPeo}urWLRd?HD{K-fER?-v8qn%Hd3C=)rwenG1` zRd?4o<@6d@tXdO6vIR#3oeCt_yG8MiaeLBcT<^q|{kiYgl5wpJ>Q+(%~ zA|BFF_f~WxoZ1ZewwRo^Jn)L~34y+;-)-E+kJ(OUASEe1TuZ$KN<&!f$4tAfUW}T} z0Ubnoz&RGhM&UB^!i7Cr460}YHn1f3X~O{>MU3q@o)tT43RsTXZ;Q8Eru^~Cet7R3 z&`1g+rH@82P)MA~MrqTb2n_LEGg;fV?oKvDCxSVY z@aQm-fA3Y2e|N0W5&EoDftLq1$qG# z#?l|2xr+f8XfhwDkP$COO(_89duFqTo}2kNzRk7HH-97MbLry6r|vruFsbHw3->uw zip;Cdy!aHGsJmX$v{ac#SvT^$0UiyL(aZx2zuR+~DU9gyFdlXYgZn(=o1AoT$`}1l zPBp!oT#Z9O5@I54HBAZ3q|mPL?5)HZ)B7G^Q2YHBx0{3XkBxeN{{rYlRg!}M^Dh3A=3V0q`6ADF0L)N$NOa?@#Q^0e* zp`LdvGfU51B)ruD6A?Vz=!$ha#YvNrUb+yO|H4%Xf5VtZ`Ux-PhZ^9#gpx)b13EX& z^=oqW_y4>T>Yboj{mulveQ1r)a-5<8DM|0(Y}#1%cXfOTJ~;Sxa^96w(61oC#k1p=#=x?MiyP)phXP zgcMVl@2H10cG_;;)~q#coHf|^>4nzZL?H$VR)alB_tB4Pg(lAIVvd>JML4FtDxvpltDM z&v+OvdA;xgq-J|h%w`_PGC2);VGHcEPVn3D;o*aa0WuT!#eS}!Yt$#>yvx4BXWpq^ z`Df*#nC9?L`1miNFv&8pagH|&Yw7s%T;r!)Z%nP_<6)x?ltACm`^mn#ITNHl6dw!T zaW84>!rrY%q960_bc}9?aqZG8aAna?=UG3y#yh@Tk6cV0o$MYR6JILc{-)S^QEdJ% z=b1lyk+j7UNawWn)pQ61)Dx~(cEBiBW}hKplDsu&baZ?T;<+zu4PVK7 zSEjg@vRSL!qPNw7Q?lYb=Iq2D`!m0$mrSR=l?qhGjOrk1@+`RNLH(zu@fDOOHG+jw z4e!56m4Y{|hq+$s)8`@-M);f$y4}<7dJLR|0Sq*#3tN|a@*SFcgi~=fx5t|--G|Li z4{raq&?)7mSG~P8!=%r}$kV#Gd$${SFcjeIh5%VC_+xuLuMvwls{Sup#&?T8%GyjW znKc4}g99{n=5C{E1Wn@XPJw!tRMO(RoI||zZXjko7o4IQGoAXdwO7GkhI!EuvE`;1 zMq;%xnB|?*`c3d?NcrdXW~w%T41N4>wXn5tA)n$7~rG z2$_$rhHFGw$vKK3c8~0w#KQ^!e{E9pwh?0J0|3+=*7nRJ1X~JpZ$9fNzLS47f9rK< zFI%LI>CCTXVt=DvKqmi_Fa+^9pJtIr6Vp+f&p?TP%&hQ)tJ@Kb7TE;0M9Cs(lRci- z{ldvI3j`6Er|-;4DM?FU56+b{F{R2hUe60Jlv~LVg}H`(gI1GzFKg(ypS20gZf|2t zO*>X6OH@nx=GfB+1pS3$*lk0=n0dZf-M0jk+fzk5ZdH5llKjNkXf>)F5YX$+yB5v3 z7okvxXVom-r)s|#+NvO-&)&V{0{857co&gT9PuC>=bxN!`Ivc*uY z>|C4(pT8DV2b-UGScob#pjo{is2izs?q8UOwWot$T+`v@g@@Lsrju9s$IiPSFBB|V zl${hso%Dy@w&?iu^(bNAJv}dmV-EglY#J3Tgy_X5Qo21p$+=jP$O*xHmZ{jBcb{U& z&c1tOfSy~#hSjmXuDmGs!F$S6?jhi`h1vH2Uz#6!n5(Ji(zTq($)SW(!cwSPth%s+ z4zJ3o2o_cFM?TxwU1Nc=L>JJj{-+h_v_ubr$Q|!qU4TXE%jG}Y`|QK(Mmhho$hzf# znz>Vtg55DWAA$6$OlsNu(*rvq@_rmNJ8v2bJ7BNm!LS zf#NG6B@Z-nc{O=1)k`s(FVbdP`JLL0(reuL>~ls5SF8>0ML(SbvUnAHrQR{jP~#;9w3c?%DgtyVi3 zvt4XhnGoNiqEP5j0NfaYV*sT~q?jIcNFX=+kNN-yR)ec90s!kg8Iy+#963nCWBau7 zcCq_s?3>&?zeHL_Ye@SNj=ytuP&c+E1`t*SP`IqN@`IJ$|4fG)#*(qy^Ne=b%dxmX zlWEv!<;iPt)IIk9Ox!1mZJ|WwcOZJW?0GtnpbD#m_;CuTPXqoXvfq+~`So+tluLT+ z6jKgRY9BrsT^gLlXp+v7AU(7rw;2kcReyCLq(2UgN40h&MfQdX^wnX$vOH0+d7zDf zc7gPo(&vc~3W}d&CD2VxWjM02>+ZJxtQ;gVsIYKZ0?{de;%N6T{61pAgT=_@GIzie zEVzTt_T#wplXyZ*%x^1aBHbWi4rBiFF1zdB`#QrlKf3&VkJbCneYE-i_n6&(-B<1B zePjLiU1m2}KR|GgeNY8xdBjams{z2FlTy#xXEGDEO#y*&vR8VvDr5LW9ma1Vh$GQ5 z6Z?Fm)}d6X&D|#u7rq44VxMpa-K??Qd>apF_3XJ;RwIvD?>-NN@qgLxe0X(;#SeO3 zT3Q%YKnV8qugK)Z-*o2A_o||px4H@$9}W=Laek1RfM13$|r8g&1NcPbsF3u*W#gA$OJYlIPrwHZgT9*?aanp%=k?T73uAaa`rsXQJ z6W-^QLO{XxlqCYSRrM#r;MLS&SQD9hJe>BYXlDjOl_l3^zcYe4FqkSGSbB-4w8nVd zoF3d}ivHSX8et2De;b6$nj#Y#a;iMnaPw(&)g}#+Htq7kTlE8CuedbI3gXIJ;y@D<$)tEoBq^47D zu||;zkar*07L>#-53Dbz0PT6LfABFZqzwy=>J1Hz^~pB~11#F0=L=VJx8o%EEbFPO z{r&%bj^|Ew0}=@^e&u~QU8GNfy()mywd7CzboETsC|{i>zGl39X8iLypqNs>c7Bbk z{iIy&k#}{M620RV%hhk&u@C~!~Bz%6GcU3T}z+g>=s_TI5R1mz{J3# z;vhD4M^XQ>el;!h>Mz`&88bVZ&>KLC7hAHyuCeG`*4VXdh7!xM@wP4}ZvbLl=@;hl zW)jW#j%Q5T_AQhJ#1$)JS8YA5ko)T~pJy|7SAXzVFEJ*Z6oM9-lPS`xZ>V#w-w4Vg zD82KL@klcLkV5eNu2fE82dqDJOhCUIPxFm_xEJiQ_>f&k{r${s^uFD~^5$Cjg4WsOKA zCCiWG6xE9iM=ur_j<$1D!Un4$8Rr#tnz=X-Se~9zRmgqK)G;@G#d5YjVP}-SSQ(s4 z;+;ArmdvaB-)WH%FRIA;_7g{Mq(f*qt_sAF5i13wU{*_8Tds`*tosBh&yOnob;VGe z;7;zF$Ds+sP|G}Q-6)Dq_iqy=xAt%hu@Q!Hwntob&p2oX;23$$(1tLkEflW4g)x$| z15h_M7B9Iy!b&RM7>QFxZ2VA&XQ(1)VL(D{(hs`)|D^q1#t0-f4Kidm>al7550_I@e@BqvC zzcW1Y!ONrKh%D;re3Hnu=LdX3;MG1M2?)`1yka>A86jGKl`@Q$QK=?1E&3W~tLEAO zOFbW~vqly{j~kPF+41tUd6vFI|n>F||Xo$e77 zsIdZ@r#a6V3OvH~B5+JM4Wxn2PTX%?J(uYsL#JGBg1^328e5TcVRlS$eKdpP=E~N2 zcY&Qt$e-DU=(M4yba_Hfm~yo1K}7833qPZ|iM}yZOc$V)6J^{pny`YrI==zQM2-aB zdhNTH$9`+dzlFbLJ&>;{tc-+QpUO~+d02d-`qp1M>k<+`0ECep#;z^$>oG4u-Iekg z5Zm4wOwF_c_}PzTtPH)|zXZNWiRbG@F)N&jW2kzLZX3)j0q(tnsB49;Y-e`v%jhzE zCi|iWEe@JDH=i9M9{GGLbsX#n`DAjbwKopjN@l3X8!y3%F2OfOP>+RLRGG$|5o2L& zKZDxizH&wOCLABj5_d&6^anxsguP94E_s~u*-JZGJ+at;>Eof);VIM>#B9&RBOtG{ zT}9+(17ut_Ucnel@E=j!{+@#(qT2NFYoqx~C7CB?^6t$7ozfS1f%x}cvZQH}m8l^~ zRU&~`J@!{Ve2Z7s6{7O0$qHrgAp`~06Ae+wcGI6<3-p12!5Dw~5k4X%q>tPqD4OJR z1Qlbap)|zRFNj}m;45|3ge6y6CG^1|m>D5Uht5li=Pz^CZ9deL1WMK$OCCh_Yv^r2=Za%ohkY@)b-oELpypb~?h!ko5D3H($W5Lwy_vh0SUX=SNZ@<8)lczzH!g$cZ zVz-n-En*T%3>sbrapn?lO)N=GeHaARTM0TK`m&WNI0SqiPHP&9YTTWciTV&A zJ|BEsEf@(<-FYjkAH*W5c~9PE$`GCd&}0qsWXG;MBYk~B(*lwLbBQcJ45AfLm&uAz zUh$%hVb58mmtHU%;pzvP9iEm!=M+|swk+txy z(K-zNp^CdJs+GAj*R16!OuO2gxBAR!Nxo#{2|tX!ti3ViV=fKqbdnZJLDFVU-;bMe zODq?C|0Bw?riO=@& zpjh`_i*?snGlH&y(&+f5fHUw2 z=g-+yjq#6+9t_&a&v0&tmwmJ#!(Q%h#DfYEa$n4c#vXK8nya6 zfUbB5QbI{3Jv2o@Op^sew4Td3uN6q+B_`YGD_D5FAk^heZslZ1vb9-JAWmnsB`=yX zD&Ri=XO{))gJS>wiIcbEsE&F{_%IKh07rkmLE_rviF?J1R|#6Ma&a9}{DkdMrI1vz z1gY%Lm1#i#8BX())F~c}XP{*LRIc*R?;7+tXKt$5jI4^op(}tJPzI8GwCNi+Dr-$p zenEM3!fjANGyPHQR(`vdpaWYbS=KV>fr%T9{M1+XQI>r`#JgJG)EgCY| z;-`3l`lSX3?s2ZZwCqcsRN(%-G+1aa={7Zpqg0g9depf6 zdfX`AEya%9$tpHO00eq(Q5+!uvGq35@CzjherBhb>i zWdfF37q~#9{0)A3 zlX7SCSFvjc(YV6`7j;WUal6xmro1qT9Ew~3s8 zIwj~{0-G{SVI2lE7HX8lw$2}4kbCD9E9GeZ-wz)mgjOBs;0?rc2SC$H>sc2i7*WJgUOZGj73_4NB(uF7e?K2@wbE?qUvX|H8eo(GCVPGOSmfth}~q93OA zkcUx++S_9+-Z0559N2vPc!}Se*>FQ@lA^5? z!>G#^n-*un^{G80Fti-QR&FEwE*Sy5R}CUFQgxpnsk*~C4DQ#hW4qH`;Y@g z)4K*D`V|yWani9|XO1(c&3kOSGTl3bH0=Fzd;@>F%2tF1yOaL47}qws-p~cZ^nk4+38G6Sp&;+NcsUa$;ZMV*UszwzR=yZEp5cS*NG z{Nz6NhGNzN;Ba%Abu6~m>-8H;T3u~|e)-2lnVBp)Y zbIK%U-9KC1(*FD_{ST#L3;scMF$0uW@0~v3il%BX`j5W9Fl_&8i7M8t%(pr9m-Xj# zk3loKC;zS2kJs`Ms6-5B^2 z$>T3`!{S(Bl{_($pLgs_R-x}VjAAN6qWN>NUxal*qPGa?UpPp|~!^`lx>)|7B+=)kK0xp-^ zU3h_HV7qG*E|Ul?vAeV#5yD>6jk-Bw5<)^K4a7%70 zYP^Fz7+{Go2qt2qujbV!4b_1OR8HDX0k|MX-_I6*&gPA!0*Wmm2;9JKUcTFtqNuH_ zl`py=3h(?rd_%j;9kEou{ro^OU}C&4CR|!?jAtp2e{8KGz~BL$yU?mh+PWpzGCbTr zfVJ82?BU=u`+}E9HGkg3+F(N*dgW6<_@%;a6r8En$mpsFk-#Ut}yZ=*g>-diy zZc1-IEOypcO0b#1qdi`mPqC{+IOFBfM25feG8dSaF)%T0Bo1HXJyraxhcRAFJ75Wc z0MA|F99!VVn7l7ev3c-5d0$2(=gXGFf@u?@)g^EHV6--CR7ESIJGlZxF<7nV%fyV6 zJAL9r_60BTehq>I=7R>~`!goZa7N)Jlgz?W)6Z)K;r0BU-s8$_P;LD9nUMt~-r;S& zMlT)T8W4HL-jRO@L})YgL(i2Gz^F>7$L$Q?d;?}sB(>Y)3|m3Z@}~uqt)*haA76A` zLcX&|X~zWV{@kp(mp&>wfREjfG!lD&6uSZ7Bi|+mzY|w;OB{@SD)W^>@N?4_yqkau zwS%Cd)ScopcR=hp)1c0|U~9CcdaL)p^3}RP0`RMxU$oS0XN^JZKi+|mmL!na8s$wr|2DC;i1jX6hnsVdi0j< zTZ*0Lp{r#+QtadjIt%s+I;#Yoma4ZEI;mj^Qo%An@?n`H3#3@SbjRB?XH_2#e%kCO z74P39zjgKY#R~|@^js}yz0CW-E=lLePzjSA^|EM2LW3i*h#&e=@M)5=s(9Y<*X|2H zXGh5xK-|j3AJp1>wXiJQn~k3OxUOn?{l9h$wd8}A*J4LMCAR-2A9vcf`9?Sx!vfc8 z9^*$pCsaOFh`r&PeI2;&EldetOm;pGK5wkNxMSt~oij!-V?;UOHGE<|DUu?4r{2zd zLOSk4W9&QxY?plXU3kEYe)sv+6}yg}sz9!7K>(f7|2m>Scy@L9u8ZFZS02BB^!^|K zSZAJ{fZ6r`XYJPkddpM2$R6mH7;0*&VMUmlm?tl!u%EbXxO1bU3#ffB;xjVCD8H`H zGi4PEQaugzA|3#Ltv>;)jtN9}?`?{M$R>F&?(pvG8zsb9=Jx&c%MB06yAsx}ByjTuFnw8qv+d*AfaQ4d z$=Q{^@@4x~4zddmOQK(kE|0Ki43*TJ0S6lk1!e|h=Gd-MUA ztPYp?syGpj2KK??WR40BFx9c|-(MzuqEWjpalQO=-!dNL%BQnMS6U;)g6#f0>kPT> zm(2lzqoEAU`U0Tl{EX~pPd03$P9+BY5yczsIrt89xYA_EG_a;ObJIKAg|OE?C^naM zEiF4PHJiR+($TB#pJ~{nX*Ess;Oy-!U(MK#cp|yGrzg*qk2FssCCH6@cb3mr@w!Nn zzZ_$FQ5I23_MoL9Ol`U zRNmoJ^oqT6uhC9y^#2Rn{Kj@I`R&d(U^?RjFAH<-*+X_tYunj(^q;rxLf;7x{`~l2 zz_|G!ZqPsXMLy2fnEyE~fxWusyF;wU@sZl|){&6r*`7@&qJ7%3w>;vsxb#ioL?cE0 zaCiM8J8v~w7VKZ~?TKGwb1m3Ijv-B6j=cr@^!X%cpX?M}fsOEN(|)v*K{P;r0Y#d8 z6yI2P`-xBs8ovn)JUz>^joEF!;N1*TZeGLL&cBiMu-Np0>AS*J2YI%8Pb+>G^PS5K z0ZY|EZ)M|9-Msi1Aso6rME|Zp)t5XFf4!=8%J(9w9ZNzt-g00 zp?Xj8Xas%Ea!=Gs2rjTYJOUS3%-~oB)wVDduR^sivXbD=MTAIz`GBNSOQfSvJDd0$zl{x9Le*;1_UGagEY|byg=#A_m+Dm%WJZENNjtQf*J> z|3Sj@_C66oBAh@15Qvb3hm9z}AptN*fICP4c_OF`R~!*D`jI=5B=`RpAirdMUV9?b zC!@)I8OA+|JweO zDR20iBe+cXL>u~?t68RHAia2;3m%AA#K;6g6fu%)lSE>`n)RY!1id$q0d>f<4%vu> zVxCK+Jy~^W;T@0lO0s6Zll#e(MP55n+S^TTa4@S=uF4BJ#lw7p7H$`iDi&EO+uudR zyCWO&Mjk!j4Tv5Y$ie)OUkq@8jxb^m10M1>1-+k>rcN}w6})$|@58banolWjWvMHG zpGoq==4=wHYj%G?nS90M4KgH(?6uM$Dq=ZqSKBtg$YAG~LF|vAm^n`FT@v56#krhV z{C8_A)sS)taz^z4GVHgp zX0>pa(1bQVQa&%JT$44UT%|2!B)KLG?Jbbi_UQfpx+S-4zal4Bh_$uMuk5+}f8Kp> zzZ`xqdWkH0f1326VgzT>ZO{Nxq6AyqKuod)ErX=O=XoEgOvA3xRK=^A8KH?I*osSo z?=q1w7$~)yVo>hXp*LuEYJvQ%P)EL=G?JjuX;Qq{=87!+>8VTU4-X++mMER90Wj#y1pXCOBxim{8-3?MYq=p6-YJXFGCrY za4h(WIR1|(_DS%Q(w+ddJw^XtlP0nU<~}hY_x+zhE%ZBPZ|pY&?8z-x*RqE^NBRdC zV5)^E+=F=8H~}QU?U;JaE+!$bmw>!N-p-o?l)m-lPOAVE0!moH2S7m{5P$?Uhyn)0 zKpdn2$FRq*E#;{(r~)>Z?N?Ck2in6526V~_fs^Y#0^+h8kjXEA2iJ}q@__tpgNh0@ z&FMy={y}KeCn^YBzv7#$ZV=xYv%CW4a9{6^Z$U)$m+RU1aMWOxh}}Z3oeWLjNzYhT zHgec!p)%=sLV?3BRaYS<9W2^{kd@}30kEK8@wvQ947!)(I7piaI;#vzGbqCEn;93D zc+FJH)1m$XHE1bJRWRPtSElodiv*k$C%9zn4BWoq33(JnZ1eg-ib&oeZIQ&{wj!9| zXK&wuW$k;~G~Bk+t9R~pbluC`=VrU^3NQQ~(rcf-i$~^OcycE34d-Q0s@^S}xA~*< zOEmkxtKy>gM<={AAs@-pn##);AjJ6T;$sNx1I?K6tzAWx2Nua(TIt!Cl$inL;xN0zC)pqJ-v z{gHnG@4pv38VMEugt6J3mqrkemF6Xj-XM&nyFw~4QR7TO={nxME;`xlX;Ydql|}t? zp5gwK`hUARZUjLgR~I5QMYq>6jC;`*`bS$bM!lY@A}G_Hv%N*w`t9qDA8yjMC1(HQh!t<7)fEx(ogG{y2#) zw0^gwwlnAv)Y!$yOYFLjZB=PMHdznZn^QXc0@E`v8dqo6F)lPL$I0mhhvxIUhsh#& zE+mTS8gI0;kCa7mF`PJQ%PX7*EEhx~&Qymufe(I^Lnx30K6nB{C~Oh<;P-We!g_%Z zzWIYtoc)~qp89VUK3@eQ`LP5RjPC7j^Nl21eUnrpc#2~3;`3ioyEy**m!Qj{zK3Mh zv4eewVsei|q0r{vqL_?#PzY`Q5XD9r4pcS+{}ILHHV2x}=3ff2?6>*HN$jbw@Shh7 z6U#Di4*uwxjSne25g=-*Wm6xQi6q z4gAiJCy-($G2zILCJDpyXw~y@5NF>TMluAPAYAs*Er^P5MAM@YK{1H^w{~Apwc%^_ z_SL2`9G^GY+f-wtBFIF4OHdLy`0g>@Ohj>%C+4@89nJ(?7erKTo%R@_%m~dN%F0 z(Y%1~$vdaZ! z?&-EcVR#|}S89Yxc|+cUrYPNbp{PL+yUUq%#xYQB2wl(_9Z?141>r7k5?ZaOp-(Jm zAhtvouUbPLp^eWLPw0Ykh_WB&crG#u4Y);YdbuA2j+bN`kZ55vf&!UR2Doc zo;mxH+xRGxs8CjoP)%qk1|fx;T+FZ`xZRmzcDsKO3@kXl+p$LBFyK(7h*|oQ&xZ%A z8kg1xEW}67(;W_j=;(SI-5AFFN(Hn+bClt-dpT0#GIBp@$GL$7VR)b;s#FNPU9eJR zbih4Q1<7iDrO@)(7{G~9GOgrAC=3)jQqD|>glET$G+%+UVmtbK?8WS^EV+@7WCffu zO%*HQZ$Yznm~?HgP(bS3;KV9Te8`~N2vr@Ch!C(Ov-l3?-tU^n=;HFE3542nz4QXU z`w2t^rccqbrqr@BWt*3?vy_23>ACrP_GJ^u&X-%hKnIEtgyk!ZLS{OwLfcYqHcsBv zl{4>Es+q1R3-=`t#slv+5Cg&kq{>htLO_$uz^qyn{&4#=(cr~8O8sJuyt??(fC>-!E z{lHZmc>Sx*m++)&0$0UAorhpCz`hAw`!~CIx{Pb%oaX#4UK5A^r-T;v)vwp+jXToE z70AxVa(KIq*F7BSPXDKSHUN%|r{_U}H}CxJWwJv0iVr*M7s|qg)&bgyUj$XsGus) z{g)#8c=sN{JS!=bn?*R&Yjt*S5{Jv}#6NXt@As)nR* z1X)K|O{v>@RtPB5nW=H~z{F^5UVpedc{4l> zxMnK6n4tH}MlDLRmWk4FMAfI8U!IqZlE;ktfjmm*_JC93All|ky6}*KI_^XSXr!_L z3m3h$jtW%+W!S>el`A`SS+N$|v&M-PC!8%ILf{I+IygJ#hOwH+nLyoEVqN2SRka$A zPfVf|Lsa?UmkOf3xBf40-cH~r?T`5gnrXz%Y^@Zapohb3ZC$=tku_H;zEg_q6?NbWDhoSQ)FmG2 z_#=0=iW)>vsB-W0P|~Xy`d*=!6z(ds>#~c1wN~xB_#=|jxw6)0$Z!!jIzOu2_`Idl zYV4vy0CS42*ldkmzFfYwS1_e?y{Zzg;AvA|MsEtiVxmTG` znwu8KRNX(!m9a?xZXGj3QKV88;emkhJ%-xlH#u#i3M6x6_v2^=kQAJ$3y#TuD9*3( z-1p*d2qyg(jw%5FXJ6t(0O0Xw`fI!9j6QCj!w>+0zz>xL5IewcFIh1{w7vhgNJqYZ zi8+?$BFe@TYL+Ui*S{S~X^7K+DTo7>j$*v(+*Z6zQVnZaGQ@k8E{8w_E`eJ`6TS@@ z#>>%JsXB$Aeu0J2NJXQEZ@qNSalP=7hw_Ar!DV;E?Y~x-prFaN4X(_rk|_@YZvuXt zAd;wYF}1E@9Zq_VPF=f@dr5gCPd-PSYoj%C@Ji%zVf!l@d#Vz}rVKk*hPKqBMyP!I z<;fDPS|krXo=T~Lr3wUABr&(iaD4adlu;9x?@ zD5~s3s*bq9K-_SH4tY$kn;?t>axB`hw-^(P!a3yLW+kVnxzAQ)y*QFa@yZ#a3lnN~ z8)!)DXUJ?KEo&)-2NU$T#+$bq=Z0W859^Glw7cxEg_zjF7>oa|%0aM**fYgwZlbh* z;Iz`>U(HPx1hoLCK{+pw)IQ}2M9t&JnLQ%^UfZqr<4%rIS!)xuUaHKZU?|*Q(c4iW z07C&|hb`@wj!4{3Ay__kkPk1$I<==^zm&C1#uY})YmPS}^ZG$B^;P0%jw7(ih4RB9 zQTTSJ8}mSsyb%g4EcOUvZZByBk`P#h3Hxa#7Os=D3|3Z3?Zj#JxJAMU`ET3Vr+sG2 zR|s46Zc``HAe0h|bSmrILN8IOaqay7K~Klr21kxuIHNIk$bL`+fB=WXUA=u4x+zU6 z4}R=9vg0P20_ZnTDY!jUlnB;5uYQ6cC{W}@Tr@BK!2Wl*{*@{xl2v#D%@JK?iq(We zWtV5hpinj7e}U*;Dh4I$!*SJDPnqH9N43*m7}PQYIA4S;p>#17$k9>f%gUZ(x|>P5 zwn303Lrb$s4p_<3##TCdyH`Hn-rJ%v82hG!T!n*D2O6pHof^v?DjY^-p9bbqS#!mR zoY+>3|bajZ29_6%Be@ z1=@Js7%d6jb2C(q%{4d29p?e55zG6uL3sNCkL->C;un}-U5PMYE1+boe~y_~0Qz zs3!UlVQ}d`1d2+o4;F=8;Y$%fq7ER{N%|Q#i0apzaK^?*=r?~*idfNNq`@=L(K8b( ze9=gi-%w$jrm;kGOyZaQVJWWSY7>5Izf(FYX6{dsnvEhGn<^>or_%nXjbbkkPZx%$ z&P)QM_5(8^jTDs`Y(ncnmMkP}XQL$~b&@tHB({kG4c%K~uM9$u*&Vs{=%S+<{p-|Q zWG)kX(Svi@eGVi%#vAHrLeI} zmBz!4y*&4({P{sIIFB8h>Cg^h!Yhfm-~R{2eZYt~rj z4`r(G)ce|xmI>fkf`Cz|$a%MINQm-yN{Aa&?1w>|kjM!yI*LxrIgcO_rcsm58t`?2 zQV}T7SaJv!>Y3+6`Pmu2Xok1m9m*s&JLe_|8D0RVyAWS0&{2uwPB=^iCHfu_FM+go}^^lA?%8iqvQ%M;Aj({>npaal|Dp z9vL#F$Cp4ti6oXpQpqG|UXYZ^z$d)53wKURFT?D!5Wl)x~`P8;zm8(4R%7-i8 zp$b%}A{kYz5}9OHsmk~+la>ysl0{kAC^gY!?|R>dPMYdtv$C0PMh*hpbHRO&mXEb{ z761?ghCpF(1Tv38W3V_pA=T?HZ0i_I79)x1ad(42C~~#?JQ>hz{&j&^Yi zH|9Tpv&;E%z1<(r*ZcD|+|k4C&!FjsY1xkJ`9T=@+WispqO58_;->BTVRXD3I^6}A zyWngWTvnjo@oToUwzYS3c6ECjZt3moA8<6x{FNMZ zF^pTo_{4Fq!pxa7XC7`p($t0Nnc2Ddi9f1%snt_i_^a?}Yc~`}_MpvNHyHgVCg@W{cHk z*BpK`2%|V*E#6K=){))boa*bra5SDwXL(Up_58x(((=mc+WN-k*7goXGc4kGL6l@g z)pWzOY{&KdAaqh(NmB2|;J3J?`s=Kr0qp4*{2Ozx$CVK#x5ePVnEN&U@+SaXaKi&H zeDD{84|DOFjZFFtICZ$Vp&V&My@n~w3;x-4tJnE_UQ>3XmCYNf{U5M0G0ml{g*v0w zah>^rA_nI3ad*zl)NHsxjFvU)P-W0%ypFR*;~DZV4rR#m+zfx!JuwL55}>X;5o=%0 zqnIoBMTNzVWhvO+{#+nnMYeL{ka&JA&eZsjOE~i7SSzfug>$m2P|%kZ&!uV6&{TW0 zPVHCek;m?2ze`u*$nFMP%jg_@a(%ki6nCffaA7fP*l>xxOUIUWlr~%<;kr9rQE_|u zG{U1@flK?R;{T_$HO;NdnQ{21Z63+sMppGfOPK4u*Yta>vt& zCH{_ejC6c#69^TLZEKwq<4&ZU-?sHA0ulx(o5~i!hy=z&YK{44WThfjZErrC0cC^x z^h(2>{Ms5$^@*e`3A03xm|7l!J+eOb<2%@HP)i$1WcX>`&2#V( z?b^8j5vg>xh=g&GE-~XmDs3D$TSkNl<3efUWGh4%7gA~CxY;TZsdTmm5EII{kV+fJ z&DIGMDx}iJakCA82ouVLbhAx>gqoZdKtdT8$+l1-mC5Na;R&Y~g5BEfa|J+{P{xH+ z+Bk0Z2;qVNAi{()E~KJ~`|a!-@I^|ffB*XD+c`uK3zJ~K|6U+`FL8M}FByY=vT#&< zuZp0%lgRt*<#Hy}U-JB8u@d56-z*3MzCQHt*Z<@{^JXCw#6FC!@7>+KVR!n@=VB!D zMc1d#kU8Ka@3Sa0{;n)JCd_l@ls|Xh^4HSHGd|7fM~+flagOw{+ud&$s{zYa{nDd}h25 zJGso27&mLQUEx<$7UUT;DNym^Z>kBJzj3K3FaPZ!dP{EXFWinU)5{z`AHDtNm*rSd zd6v?%2IbaFM39z3#qhm+-w&h!h{NG z=0R}X_0bQ!1q2Z$lyM=IHjbNZ14Nim#)VYcIBvEB5Me?Y7gA~CxY-_n2ouVINs8W!@NMZ;3iWSE>bVHWRnW^S-ENxt_byT*GQjNhz; kHVN#G-(096VJ0cZrLi^)>u|^NyW|%C$048p-$mq<0$tH>&j0`b literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/_static/fonts/roboto-mono/roboto-mono.woff2 b/ia-terms-updates/en/_static/fonts/roboto-mono/roboto-mono.woff2 new file mode 100644 index 0000000000000000000000000000000000000000..9e69f6d1a0ba027ab480c536dd4d7887d5735a58 GIT binary patch literal 97472 zcmV(-K-|A~Pew8T0RR910erv!5&!@I0+NgX0en>e0{{R300000000000000000000 z0000SHa|#KK~gFPU_Vn-K~#YNCmsNfU@uk?2nvLPaD$$1Fom&l0X7081C4SEjdB14 zAO(j|2e%mv2U}NIawpnEJk1w^9d7f_@wD47B@|xT?x+%(+3L$!Og1T!iP8A_k2SE*1%cLkDyeXuq>_m{->n>%VDd-CjqGQ# zbV@qT(Y$M54pIWMnHk9U%oY&TSSOGcvGWRMpadh(pVp zZ8LkzQC#(gn*4l7s(K?20rA*8QYDVoMqF#fGrm6Gx90!vlJ2hV>FFL*@R>n83FH!P z4P0^mdb<9*rXb02g_uJ^ga~lNoFitL;rY4!@7&m31sfX-m_)UL7||0Gv;KSHz-$b# z`U?j76g#Puaz(Fi48q)Y;zXUO6F=1_>V#y80#cG8v{V_S$&sh z2LLAp!pScZPHxKzg-wm?s*9>`g=Arp&L;X;d$MQ$0XbAe8UpHoU05-D-rA5bQ4tcD z6cF2k_XcR@`cGC8A92mhM0D4y6g!2d_Ep#pPu$OpbHmCBw9w)$))uJP4$p7%|ESZR zfr1zyf*{!n+)IXvs2C_l#AYs97fxL`T^b9wW>qi#-rnBo#a_jKwO73j(Nt@kQUFU7 za>51_&;pQfS1V#$WIkn^M}qVKsO1ze1x}-%aHaM23Ru`ucMp(f3>a8~-exZ7*|K58s3-e;q6Rn3pNU~Y+ z*%9~E#E0JdufC$gi*B!}uSX~8eS#NKV`i>=7?*7RujTV6WQ9}pM9KW!1|}sye`gy3 zG4TJ~{{JBj{5=hTJ@&F+746518k*Bu-YyTU%nSQM1|ERq0PS?RNmIBSmLM=72!Y{o z&OQ}`!t75OCu(JUH6uKr=x9ev>q*)swOAuwaf(jtMD&a9_RyBF-mO4L@?TB7vbNLk zI#o=tnC|k>wIaArJ~s?4fwuD|%2WT+tuN}9YyYp$gG$8E$PyE>kS8<8L>xAVsS7Jn zcEGnWE-p^$Dj#H)EQ3s1S!NkDAX-;jITvlisaG-QXe&9lvOvAl~EDo9-Prw2oJ&j7PM1M;>pAa5H(a<4JKN`D%} zUQdI&zV6nYagK77-}A2<0QqOI=FfnR|d;-o+oE_Pu4_=T%_#63qoCx zDO8XeXR|<=6opE{3#A~I&u6Mt+C`#=AjfgmICJN7P@I>av6)Mf!mlb+byYV2b^`*~ z0FMwL1A;OTKx!zEvx@?xc`b^&kJQ;U-c#gQ&KYN;i;a&qJma#^X2FG*a1wQpdVl5EOUBuSpQ(v6!kkZ}%DY zYxUqUw;lV=x}Ap1gOt#W6cG{8uQ4|yy&TksO{h4@%5z8vq1N{G@2A>iKLc~KY=fLM zA|fKDkwzLZ!_D7Y=dG8y<@!T2r6yrLLhmI`y6#0~TCp{069)ntRFyyJv$`$t@UdGS zKxieQ8GYcmhwF=X-9y$gg0j|rV%z&3+w(l@Ql!WtV)&AfOeRC*Aj;gTh-y+tEEzt( zTL=Sz1`ie-7JRb5DRb;h(r9uH6I!GK zd3a|7G`?QJqU0gVVFnN;0Cl&)JNxKz*U1ceDNc|zLmXt(xD*uzSj(h0GP9dCeV76) zMHRu-Gw28YXZGVK%=h=BH2_YJPVE3$O+i251?_z+b9eGAB4Q3yJ_l&H`9vV?zcmCk z|1VD0+X~766oinc!iv3c(TP!(%7xW2+*+r}nx*yHM;o<8tL`BoM3I1O?c6 zU5KAP8X#}I#RGsaN+@WmtT~8KmMoR2MaOW7nec~Um^mImVsLts-BdQMO;7Ww`NozG zAWJ#QwcNy=+|M8TGoSDoU-dr>&p&#h3j0pszJ{`fQ`bq10m!8iDXoT%_fDh%RDR^f z2!DBKpc7o;>s9 z*{6T&$=9B$85bX4e0%|-Jv(^j&NH_^^{Y?*@KeW5Gm+-R1^19Al6)oDi0qbmr6BudHu_#_&+hKtEIvDa0G}hi9sd!ZFpU=sQ>pTK3KA?& zBs*^GJ?FqtqBu!x6$p_mR590B@mRVrCBp-3+;g85GZ_lwKo<3Q@@%jqI}gbfO_f@# z#%G4@XO-G{+EnaIg=(!JGdF;Cizm=&|?qBnC+G%K+7%~Y2 zgxi!5!12WSetUfYFNBOIlKPk#J(0vv+8?{i4h(^$W<;-&Ii$C%VkyrVsek{HHE>07 zM;l18yZ3BMu&Yb<_P*_{+TV(Od*{;iI#9*I)(q9fT^naL>~(O}vZ zf(ZoS4vyQ<5B( z;jl$M{*ob~mKXwIf~71Al@=}&9wFjLSy3@@2}uaF985|&J|QtlCOIV)o|c|b8Bs-6 zuBv=BJ7vYz99pNMG1xYG)G<|XRrC@9vY+sO1v&;MmUSBp`K+~C`EtC&H@@?u#!7s^ zuXMJL+Uirue8iuctMD=ZDote^fdperFvVZC)92FtjJ+lXQ6R$T##RpObT617j1RC?fI=^UWBt`jStLfURSBZ!6Ws^6gKfYnlk|N{4IPV#jBcccULj1QI#Ym|DCKNb_Tt z8(Wn3&f>;B%sbf$o>V*dE_j?Jv?q1{9?q`99=HD>^h1yM|8Chw=yD`kljDz2kirGS z_zmBO`a2LZBx79&8@Iy4AE{h(p{5^6neIbUnAwr0y2ByTZz-jGp71{^bZXm5 z|EU4CO{6Sg*hW%35T?U#vC;#@0KfpB0_)`uk;BP5sWUJabBey|%`dKdy4)vRh5!P% ziWMC~3RXv+K!-Gqs`e*EfdD!{r2`118czWY$N=adSm$Zc1 zY;7%H62e=8ctC4*R1nh|9$yhbcdwgG4V{`6rad$l05kz8WW_N2Adtm+qJxO*f!pUH z1c1drFYC)d0+cFUR1rt0yf1Oxz$^Xwl2ME|)6bmIH)0xBv)g=qCi5^g=NU(sLl=9< z|5{HNgl@sK!PWqub4u`$GK^(MPwWpd1XVRPO&FiHjw#)d>#@ZVZs6r2?QcKYFBu@M zHc}@~(jxt;{jCYlqX-2XN|~$xAVl`qf0yWc%&NYwUiyisr7V-hanj8O*cfoCs(J2t z7@Ou&envk_EeoU|rdMw?>w@zGnI;=o_>1D3F9}BE0>{T`Z9hc@NY8sp!ASI_lxwsv zflogYQ$lGt#ws%26rzI&5C^6LDxILX_OixpN4 z<1jMsg>DBtFz0E0{z=fMf;0Cajh@J3A-R9%t&I}YffEu`=@cYA$gVLcRy%qWyn7a1 z{;el(^6!(t^ejr)%9|RLE1`%or%>DbQl>z4dHo*e1EjOicCwS zRo3ICou%=yg-$oD>qMt3TD*yV`*)cTE#GGSd%`|2OIi7i?c~9eRvC|oRmRz^sk3Fh zrx1@vTx)U#MZ(`_@IeVb&L!n+c+p*xKW`m`*8DBd;(?1|AVLTQ#e=t@1U|%*ni1La z+=^+zJ}B@OqSOib^8&R2a0RG@wMcfnqUc_&5Et^C^L#?_EB^V%WGDT@Pwemgb&Hw} zZa2BrrUm!&PO4nfG^4`;Lg7Z`TPMgX9Jv#`0`MzcX0f`ZlPxF5qhT_=+lS@1#oFYp%9@)8%`9$q2?)?}6|@D_^P@Ql)`cT(VoTW9Z( zz#!oS!F)$_>~4m~ z9Qh}L6picNA-xwmo0!yU`J% zlpYEp*K;7n`FnHHm@ybmPsA+D>=!=qBnzp8QbWx~mD#rq3Cg^g4v#j}haAW-aW`M# z(xH|@S>znq%YtafLa7n)sF<5nK}!6^6xX7ls>VHk;xAm7znQ7eg>yaHsxnlA+}NVT z-ysNTek1VI#E%+z@4y}{h@Ui|shwtT@^kNA;N=wh%5&s~bO6PFuo7n6G4$#mJ-G{K z>RLqn%VzwwY_H}YYxTq%ICAB!@Y(=u)tF)U)M@`*j*M6 zVKr7|_~yCY)J!9o`87{YJzoW?W6gUa3+BpCXqnQyZY|`Zr?)eWARSV5wX5RL$GYZ= z*hGcAyp`1|GsT|;S zI9BC}S~by#=iH2}p2?#w&Dk?Vt+VjOl<>k??I6MF2I0keLMl+uiQL^irG5=jJJp0m zI89M~kEwC` zk3#=L_HXer=Atz7UjBhAW|@DS#hCrwi%$lfne;nUTfiV;Eepk4#_iXTpe$go)KQ3~ z$d%)5jM_%Tq&rW>!Bxbawa6{1T$%80J2li4n>a@lIN%75eN@?XIqjpK-Qk&eMnoT> zJw;ca>Y(o<67TA9Z|iR(Pv5~)qU0cein&LaPjz{!YU^=>10&@0Loxhx@HB10;yeVs z$)93^{#1Qb1sU*_WNI{ol?k-s?Ee|3x_DMwtQ5Zkf@bvwxfx-l& zRRe_4>(At6hGgBn`;|j>DXr_dv)PHWcY_?^SC;Z}Ojkm5?vgKypp~qNYt<%RQ+1%F zSE6*HrcoB*&9Nv+D$9we%EXf4af-=$ubv_4USPp!AJaPAkvwWU0NrWs!eZ^c za+ayQ`$vjrE_FPwPW2&pi9*sEI3Z9viJq*6*hM_!9XiC? z!}QT#1qGyFLG(VT?c?a(FL9B&4PvT#pp~DCcG{%|2FEe&0XeOT89(Y>on~Q5aNA3LIdtnBXyQGmQLrKzJ6 z?#@KqD~*YI z9TV@I&FV)ExN=yRLM98$9@V0BL#h)dQ*2SG@{is!&!YtHzO{VTLqs>^)~wWo#LS$7 ziJz(VKO4m5s4^2y##Em6HcRsdcJ=3Edm4wZSBsM=EBg@8M z^X^Zp?EDzn{Ltg&ujWYO2JjetI%QzSkxI;8(Cyj(XhziO`s0I~FJ05g z0{?^I$gLY%&>(Kfe*H@H+2*T8AVdkFkt{Y=Dx4C>mySnXYV(qxKiY91Qs_w!K}L%c z&boK+3T1=J_u3L?%DFQc74{b`zruzLQLPc?dx!10m@p_Vd{TB{GrT8L5orn70kTqM8D0K zTrgLF2q+}h$2ux~Mt>lyg})FqcBX3yn}ORvVy9iwBw!^L1P_w~huxf!rOEAnMhWMV z2|*=Gj)PR$a$xHFclVfAYE6Bcpl87nd!Egvw2P^3;T&TJ^8mfPp6Zx4BL6n<+G~;N zLu5j|(F{VG`f4yXC}3c|PX7=q>$sCy=2@=rXF5s!UU+$kqc zl{k8RZsGCpgF@f0W47grbXMQQy=Hf^je(C=C?y8=2H5N%mC?j#a#`^318I`uJ{R8m zKW^EmIhl^WvFCm3Ae4FC`kK5lj!pQ!MK$k^rN}t2n+*sli8655j!JH0toxc?_{8&6 zp_^F>Q$1+fF`T@U0u|fjoAXaX5T_HcqgM){Zf5Ra-&*%P3}c!)av%Uq#3a1$J8@A( z{b-X%arzas@NVlKrxGS?u{==5B+LMkufv*&K)&Y9zTAuznS#D*=ZGIWdD-Xa6~~m{ zMppqod{^|o7w6B;+>-gfsA*lq*f7|g0nXM$M#>ig-6!h3PkYCqEFx|n=YXBje#hj3 zVC9Zg!Tq2@WnJRB4hfp!>1LQ7$kGhOxh)jzWmD&0uv(mguvb$K=oBnZPm(K4!t`4| zGT$d5sH~BLWR_@c@$mipz>@x)*-?0<`L4$3%&Wzf`Z~-1!~@$O3mtSO^qL6ycFF9A;xSej5K^mz3Z0|{8gyjEpgoC=xB{I zX&)VOw&_jqlKjG)sv#O5cC>cULM+fd8#-g%F&zcTwI*SeXOZ^#RUcS(law;MBPe1Q z@-};hW4hLMKGE0;P86Wo(8mipA-5jNaL!z>vlo%(u;Cr{uy<@dwzFo|nSZhk_-T(d zSg=2!5PfH$P`-UJuFP_BEpIR0jEdSg zN@R_G9NNw1;r%-dTMYd$U8Fb<1<21XF#!EIxLoQbk5xm7hmpq6*xFur#Xj;yFW1>) z2=u+~a;_r%H8Oq@f>i?@Mk00|tFPEP7J;eMFMqA}w{a~|6 zqv0TcXL7+Z@?eBB1%=_XS~5(mWfl?zM56QqLH5h9-;7?RbjI7e*MKhf^T&F=s#ZRB zrC7;2&OA+C)M+DVg*j@0N3T3c4by3cfJG$kDrWL z%CFkmxgq0C4Vf>lus*o*&iCX)Dpq9hqm_+~u^xNSMZ{Bx2Ic}szBWNdWiqmcAEKDd z?umV{?b;r`L>Dq^Gvhp@T_bI9dYDP^pSm&*zu<$5hl2M869Ol*3U~SHck5GxL004Wt3u zLh4bI;p2dBPAtn^%ZZ!jq;P#&&ZDOyl96JsTQT@1c;hJ}B32z^azlb{>!ut6)8DFb zq99Iz;NyRZC#3n2iP>V4-z-{W+90u`yr+h=QjP#KTw>Ahi6aY%@(~e)o_32PaQPbu z^U=m6Chd*)F*ip&xB<#6@Hi8J{2rVLO~r^;3nT$uQ_aR zTdlu7Wi~I(ifuY>9rc8*lcduVVR77lWKKOBCrU7EShnR1FtM6fW&c+!G1~j=XiZ}Z zCYDvDxq(@@sYxNcrGNhw3f^+riIfr7rsjAhPuz19DN~+pIJ_zo_ohT5=t?19#}Jqk z2XpF5C}orlgB6+8VtS?b=WQ8SV)Lmu8M+b4$&2^_N;&J08{3?tqn!2(iMlS7%xI?t z%AftoFc;PHqFC9yrkg#)s&dWb9F65*4DF7BIt(ew+g9kk+3eK7rVHS_Cde47&m**G zYI_X-48x8Ooag?b25xay=x~U1#&TpHO5C2VAA>2Qp;eE`k)4G+L;Jr5YH|3~+=GM! zRVFxa6+QyB1-S}Rd>@-~~XiVnI(K4jqToEai^`z*P znVR>Uu6_Mw^*3O(yfP#eD{<+sPYdJkzl9&Y#;uB9f2runwG)oja_LMCS#KAbqqrB+ zrB6Pq2pnK7@Td9U^EhiMU_A7>^}-zJI}3{B;B6M!+!Sv4!YuAunnJl+qfpJO%E>;z z<%>+^@`3mn2cf`{YluE|EifQ={H?L z5Oa)5;>xa*dj0m_jOU)lk?I7PytxlVx7T^(*uG9H0bJZGl=S&u!%7Z6`VYvi$zMTp z#Q@&A*Y5l@a`abiu6BHNhsdz74x6h52`D`t3+-$JPc3|7mf?ZEVBK`Aj13QvSu=I< zVQX5D>oq39_&4881XN8!O)qb|3L)Z*Q=PHO7%fj9thx~TTNQA9lKi`oH0SDjb+<&5 zy#T#3)KrrZWHO-sYtuES|M*a?6pENpBu!fz0gR!)R*+nT{xR{71IV;?FVwxI#{01{ z(u+~F-b-9$$ww7_xdr&^rLifTKun~-9i9x1hBz2YURnUXiveI}7Bhy<)zp_W?|!eZp@8!huJ^?kbSue4_?Ix z^37oz;;CplrqZ-O^}%C*K<6YkuS% zF?f8vi$CXkJ>RSO&R-pm=gs#zIw8DO#YfjVn8NAK_Elg?2Q%ShhoY++Rs3=SiVsB3 z`*W*r62N}HwnvE9iA*dD&LI^pTX(al7_kSy7GGkQog5Wj2|{53pIj4^$RiS|z_o%Q zdxK!KH>5^TB(foJ4tty2)ig^x?$z;^)*QDMg#ENKvSbR)1A3>Fy?XY0k8wiCmyx}qJE;FI|QO?Ws@VsQH7-t#xw#GVz#o=+Vh97=T1!SFdUmJ4iHAA z4z*F^@&9~2{N^`TyI$-O6Uw~XY0ROsZaU>=UqE_|CdFC_&fDY@(}6$u$^Sh&<2W6P znuX4;6PtoW?t2N6d_o<|91}AYJD;cESG|FeLA5@#c}Az_*leo4cx&=IUX|0FX0}Ec z^RmIQ9aykvb~*_ThCw`#?14E93fr}~b3adv;D{v+?GO3HaW7^k;QC&QU{#MtAr|Ba zD4e`GM!j(7DaB&DDIYo$gFNW^3}_kCN2d09emjS)-AiJjo>JPc$XH6ye9%c6W#B#4 z!^C@&OsUTszh^c_1}xRu#+7hgALhI~UDAcpHCLTegDppFPvMZwz0#HJqUf<$X=x|e z!7MA?MuPNaHNG?JVF8Y`c@J9Yjm7&eDTSP&0PmCRqfu*;XC=E$Iwz2t#080(!MeV68PD{GT+OW{b0Q2!Z+?xL(uQZF&@D8z6Js`f%p}MhM0@%AzYg+_=e^jR0OXBNg3Hbrqg7M-}khM{1#X2-5)ubiBF;drB zkSsi+WE^CJ#5bUQH*+{~$oMmfMnNg=kc$PQ!)JtCgv@m?ckrDhiyHS99PHJ9XK1q7 zTGBHH0Ibv*_gy)}pAnl)d?1A3abFZf2yZ$$z|ygew!`UoLeuoH%fD@-N7zZOEI# zgZSdBZZ6^q*t8MG`Zm0jz||Z3w00}89Yq`D-h~^;*gR-s#dJsjrr877^n9L$R?77o zdphhCSgb$op#O9MUPPCUCCTkJ|DPj?)4p2%!GvGmeoxc;7LyZO4r&Ti@I@1|oIQKw z_?=|Rz$OF_})dx!v;r(ER@UpIX1#5U^pi%%}tQ)vcC7)7#Al%mTDMfYgtL z;j`^i(tp+ibGnW9KP3D)Ljl!@i%S0(%n7w#!m{$GD`o(rdpz zT_!J@y!i^JzO{yTm~SdYJgA*V`9BFXHpxUU$EB!0AsY9o35yc4fKueKU=n=wZ`c9j zo(78ydLW@XN=%EXLS$lA;0VeZNs=(sqU7TGv?|m-PY$v@nEFCW=hHpyq1iWDK>D^` zoo45${%#8Z6*=c&#d;-vCr1F`-JaI&3&~$#i`Xibd_mounVX^4y1>zgHsH8O$yf4h zyFmp^YNCf!sOkf>M&1`cIg3I-g>9>nsbntF^TEmR14QYw6$HD3TC!ZmENO18N*lu* ze)GRcWkPQq(ckPlv}V1bmSIqNsTwt_^s7zsR^b~m5v^ZtqDs~L za;nl$%QhNmEg`Tkyvn%v!9t^2gL^A?(;m~_L|u|DaWAm{57-m;e*V5jm({apQ|emSJv zu>YOW8l}pL1@-s)I`e+zzk#sIuF4gTUwHqn_@seh(}|C7K_K?+KIq>A0%?695F1wl z;&YcaKp?hVGt&6`-=5KrV38%7GawMVc{>f{AQ1Zo@RbQU^2>mzM1X)6vFb3ep!X#h z5)Jmjfq|{Uf`T#OK(o{=6Fp6*wVAM2(aCV|)nh#a_5nzUtM^W`*IGw9N#l!D_DSZG}4nVK5&>=*Up zF7_r%C@#T(vLv>&^4O(D+MaS zX+eeGA_&BGn@%!+QG#Z|@Q6sYR>>+K-sY3`07&DSGkLiiH@PPY)vak~PRmw@sIK@I znI~bf0e)4p+I5VrHZikux0aRKx5Heea8_$aM>eK^|6eILQp$9#Y$(SFl-1;%97bjT zRX?v|RwZVt6Y`SWdA^dn@T~2{#aSC*F2tGEn$b`z<;BbPJAht;m=;gp1c5YX?C&r@ z9k|p6cykbl*d?>p33a-9k<3Es0uWHWhXsT=P@y>`gJsHNrrPRbX1P)h>rPgJ*z)AF zOG9*NGNe9E8@Ehx7ySK>EG_(4FxJ;xZ_CL7zG<`!+P;qk>9idJ z>AN-GS{LWlG_d9!>|)KgIZ*Ie@4X+a*<1awNByzq-)27q>OGA1HGZ3lN=HO;hW$nd zNy{M13zic65~Klay4eIN)dg!H01N~QxhXVT8T zC;BKR+lK!AcXHZy@gsiUFh;ZKy4V}}@~*ho$vvQV$knb+7h*T)s9NlLk+5BzEA|j^ zIC3sHkp++Ls4P?T^qqHQ8e~S(4B~&n@#586tIDa zY?r+%YY-Wxv&+iIRRTD;WdQ^MAICBVm3sF%M0&A4^Y!jDdRyuiA+b?mb@${D;NJ<_ zp6nt^gPbTx-3&IyPCtznIGSBtc*^EA^@)~_p}K;s!GYN=;v4chiT1d?qiD&b)@pRw z_Y(wLOxIKzmFB7?@W3bSN?t+&v6UOD4KoT`yE?sOaI>eeJfqw|jju>~;lV28^>Le# zlRM$7axEcb&u&3^d*+^MGj)^-HWHET8L!G3gob_D-i!+L&f{C!McVW_RZb02Ni;-4 zkWP#)X;fG0+AHc1)XF0nui?}V)e+`GI?|8yU#`c%6=|a)FNLddb1_Y*&({A^|A_eO z@wx$uoj!uApaQ3==yvn)ArxtkEc27N*KP5iPOy2PMPI!Se>xyw1Ih`3R>IGZ%|S#v zdbatm=9vv;4!a((FzUpjK1RY{|BXi{CT_WRvjY&hm#3N;3#mFK#hu8H1Y2jM{39k3 zrW{UgMU?LmS31S}s^N#Mj6$(^1%uHq78iq`{-yr=_Fu@^n=6jq?xCYSAP8LS1QDHJ zw)t8luk#?#9z;t?4@;MdN@%ZBM5bczA04l8(w3+}p@C%d%bRYFlpk(?{lZCIB3lWq zu|HVi#DnVCrDE69x-F5dY6Q&$Y84^ixQ`f5d7|S==4BKly?BoB>KA=2-uylO{u{)c zAN%27p6&FH*jEF3NT?3gD|ZZX!@2CX*0b3w>Knlk`Bi0u0&;RW7Ui7oWCj~?tTML+ zvRGQ7(;&| z>WoVC#7BzmkdFCxXpuJjs8HAhS=iS2Ur)ACgr>&-d{ZZuW^Gbvg!nB*0;Cj&GLu~; zaL1N?uifqM1A%i5M76pizaX!^KMzvD4cY}C&Ww3%#agoJ;b z9R(sOYv+YZI4>-C42!;aj#_9pjW*!a0#BG5eddzyav=JKNR;89`{0eNlGv&)zD4ZQ z$Oo>?G@=_lvy7=Jl@7g1T#@VCEA+;hBFj>4{qV=7ygNDcAR$9ikn-1GTuOpZm)W~= z zgy8_=kXTDGWEPVV{`g`c9htRv+N?pLeV=+YKs#}EuF`Bx8EmGPsWqf>4yOXAP*f7w zY*LZL=h2Tp`cWtCDVq~Noz&c0$wgIMdE=o$i<-+ZF3dCMQ!5lx+q281$|?@Z4;@z7 zmVHq|bmO8u_zYPw_C*wj2Nn_CY^au~1(FXtABXsFo%l><`Lh0pF+Msu{SEvuo6WQO zlg3812&T4FRE)FymSBCUd{?AS37-M184Zk>4RLy35P`=VY94Tw%wH)fn3=-;QQ zuyqmV$RoBh-vU9>N!Xs>a-GfSvh?5yxywlpT1W2iXtOZx*5`IixlKC4qQQyL6rm!hg7DJkt+DSigbmn zGF_!6SEN>o3GSC*g%=3(@IOXz7Dy!c!XJOMzzc=>Y2YVrH)uZ)dnoqI-(^}`$A~Ux zUeyIZSG9>$2eX=+=jzRmB%{9RddyQa_Ys!D6jW%l>ag}Yf)|7bWzRzOubC{ zlB%~C(i2uNlD#}wQZDl5&?ibWBc*0jVICIzmQRl;Z6ACpmk*?ly9YB~y{OUBZX1GY z$)faJtF;EF)HIUIyp$5*G$uMa#!JNfaC7sQ3CT1)OvWH0>j7@vr9FqCjul+K#f1L- zKg3WPVTko#EOJ`Lb?x5dnJ9spuzNO%I>p3HZCsON{?c*RhEx$XyS}b28Op4}y6fo< z-rksd^^g_Ln18&u=_t$FOa#|QZ=PY>8QoSnwHf5Ep(^<3|V~KzpN9) zln1xRy?~!)=}q2!RKz9Wr(}Ki-xinoqb2^KE&hhU%&X1>){BdMbSNYiRwL<~8d|)Y zr^`SLK}Uz4)%(BRXpY^sl5_czXs^D*!0f&Jzi5taFfZLpp!=@`Q;^!)d?kj#uxw2M zN=xaWN+Vw|bfyZEUn3%d)^CPk^6Iu55||ACZv(6L3_HGTULHu}5UgQI#mh@m?oDH| z)0~_wVgG;^00-av?BI+c=J7^<#GL;x4r%Wr2^U*nT&dcw;{mlJ^pd8B~nJ8pWf>c?>_NF*)oz zMA)PHDF0t?7bjc*LUe-Z_w??hnh>}&9PSYU&tH*$K0s~&F^E$rM9`Dp9~D{qx2vZ2 z7-=aNcTu%3ziu=w_pfj6Q`e2X4Cgyo4kR+e_VcffZbA-%tM8z$nGkN&oC+pVV$(FZ zl!qrgF)($9qGF28h~Nx5G^A#&u8yW-+u{QP(&%A}aYY`<_j0+b;s~S^8rJ;A_&vNp z1_M|@OOLrXeSzNF@}EJ2UEj0!o^xarhBz&j#6kpccmhL_H<|Z-T7JcJ5}BrSmr4K& zV9CwcfmrlS8CU@CQkH5)BA!BrigF(Z{LOH~2>$=w&Q}2zP};Y!37Nu#aBD zX;;YP=+-q5F>Uz^N<*qMW*NR%T9378p0fk~B=q59z4wcR)pQ*jQat^UIeEkLXF6q} z6HAsyPz`G*)$?jj=^-Vo)L&|=)SZN32tH%1*A3u3UpjQ9nl>elWy$Xc>Emxx8e64J z{giIGfil$WX%cHz?sFoS2QP=@F-<+MVdu2`Scmj_A}U{~h>FYfDSVHhKqB>(Qe%y<83;dC{l5}jbv#vtfs7Rlyv zsS;Uub>z2~dWn=>3RS|o9#@xu+++)|M;k4-FmS zH#tY;87Aq8W(6S8*-R@?{s<#$PQPN+ZKbhFgv{C@8M4xPmuUh+1Ah&x5iN~oG--E~ zfa5l$4%S-k1k*dTcU1MT?y^1bz?gOwJrIfW3KInyF{d1nY=0m=6RDm z&78&@Ukf~2Ua>`F3BH#5-aKTBLQJ%9y(?e1n#&zG6=BT@^}-ZZiiOKd&bsp8Apy#8 zGyeELvRQQjv}P=A>sW90PUnh=^#+pHY^J*am z{?N}qCurEhKg6xt#f+7)v@9L_cnP(Hed42Q0~*=yx43Pc@L|=cNJ)E?nDuV?egBL} zD0rDFt@hVn9*}tK+{B~^Ql8?XOSGA*oDg|D2QrS#sm)e~ESt%%Ci(;!Y(H>N`><&u z2<-f{U#RL}SQZro;j~tFubxi|lOKHZr>d2aWQ(FW*Kj{x z79TD82yi*x4$lu*Z`)TIcp;%A{dgbQFI`Zj>1%u$abVf{y6~g^T3m?zz(HAT7dLsY zekj;T^w$EzXN?(Hs1KSS>=3Lwi47N7UzCjh1(McSdxbZ!QtN{q`6Jo*uHU{iBk-wq zqz656x}FZnK6PVHc-7e@0}TV>h$Vv2X-mW4<(nhwd* zENaAPWRJ|W21_-XPU-BD_y{=pbhc-fx`Vk{B00unpO8pKL8#-~xM{jxwiFUeBoLc9 zEfF6FFA8vcnZ3OM@9)@`R#$QQ^#ziR9?vwl!o7#Rd0Krn$oBCmMsj=}iX|&bdH#mg z&gT;IUzyP|ATSxqUw$RAK@LW6sE^8Ue6*V0pYDCKDii6M1Ns8tMuYoXUCeFoPS%f)3^WXs4jX6X&OZ1Bg7*p&#e*eAr2eITI{C8Z_n=6C5O zvsiEzrdV{eV7(;$)Vw|>0%mH8RS#5PVj>poE6#IovUyX48tN7DnK zWCKXa-R`qlhjZuPz%*%CyBMhI{H6AK%)tp68)7>omO9Z zOr#a4n@W>N&0!j|KNWHuPi}}c_R_a$VYnA`_rH%XX!MlIjPYj)CkmNOT;>2 zE&U(BbNPRMDhTdQ&0hpT&p?9t;N+4RTFOroe`*0Tj>fpww@ef*gR#BxdC=K#rj60Y zY&_GwAPetvKsgGXUtDXs|7MeGOeJ;Bv9R@7Y+7b2SU2>d-h{EA4l~u8vw`yOxYkm? z&1Os`LrL3jpVy{T_#tX>I)#=9z(G_o0_R-R3VY=LY}=UEjC=uXS$arJrK zc>}lsOgE7Cr(o140R5h8&s=d_eq3o?sn?|c0dwFxqwnlB+D-PEq_fC+tIjH-wE)ew zybE7;KRssD359(O#!ALC0D=v@zTLcnz7tt_AYwLZR`k}(vZxuLENz%M6Z3*U`#H*E z<{Gy1W4R=@Vp8(Y?t7DpEH^ z(QlD_|KUjVD0{lGYe*uc*uqks9U!PDL1}tQFH;9KFUq`3<1Ayia-`8QZ*XW2OCaM)(NdH8VG2L>%WTSUE@6P_B1R=B1P* zr$t3;*SvgoH8Gf7LHwO@h!n&Ck-`}sHfYkPeQ7A7YsP!t= zuQ5t_w(m@-H{67=`Gy%@^n1e)-3|VsmPyPpc_qAp$fhZ%X+W8`g}>%=}QFbQ=9S%>%_TC+;;}0kS zkBY@?3_|YKX3mQH527_%H!WIPZdmBdT9eX)C;flI(iv|cwC;wf&Y(9q?}OYVB;815 z;b|tV5$;*08|I>P(|koyGH;Ke|6PpasdLNv8@FL$q{bpH9WHKo z6j4`vx!Q0^gk*ht`Nj{(COI|~Bs7n1Szq(~5(?IDcqUc#%H3hd_E)W61*n|sGUUQk zL}5CgSCEc~NiPxz(u-pe1!Nw-kc=RZi~IP=P>kO%EJ=^3{cy=iOc3*(CFy5Bm=&aE zZzs@ht$F0|#B*!IOY~8Z;AHK1^1>;mgY`QF$HC14|wzho|udFpe|KgP{(}oY)_cdMm_hM^-D}92+ z-Bx5(c5yrRs62ne%wCQtUNg*s*W;cB;p5AgoAafHx{)KSy zV(0vSQnH}WE04F~79m?qSiqP3NNs@;N};7n(~x9r{OIA@sLz86M~JGW$t<96Lk8@; z^SiMzj~Z-kzCZZ$4<|8~A$G zBZ9T~W4b>popRfBZmDP7z|(LwoY(OCfj)MKgQSmau!{@ zSTuccfyfSY@QGq*)tg(oxxL+NZTCyr)06P5*5VkA}^nSnB$k zQnZ;}$v^$5P;0&5*PVY*&(U))(#sl7u_5LQ?b!)oW3a`J2B;noh^6j4r~Up=Wuc-HTKxW? zQ?t_rzN~8M-=I`Qs_tww(*6=20}MCUlc-4vn*7=~xgJCxulsrYk&#zgnuTDh8u;}q zXkE(H(Fj!Lx$berAJIP>A#Gu@!ydyrkEp+&)&uA~l&I@v`_i-IEg4Y*tBA$IXeTB# z<0)`X(lu=NAIcx8VtiV%@~CSO&;F2^;N~wlCctyYtUQM+_jfQ}2gVQEk(cEPmw&>~ zG4KUuBOkM{l^g80Xe?5TG@{F(u>mv+uZT2a&7!>nj0XVt4i+brvWiGd6MtMqQqIua z0(4f-%MpXvDOkR3ln-m}U~XDL9n2z=pX=ZQ-$Ea=+tRxyVN~T^_?&X{efM<})$I(9 z6RFPB_NS}np}ixNfm!>3X8)=hh&TN;Ay+@l9{3j70dz;gm+RmAXtMUYn$UZ$Dn7Gi zK1Zgv6*&+a4+qP>K^JFuu7|E&-4mcFmK8{TJ;OHVmyNqh(xs{Ua`N)J91OaJbi-`U zO?xC~Fr5K9*6o>M-BlD^gm zgvXJD9^+%AgM8o%F;+w_RtXN1il!e(9~al$DF(WmmBCT!wWK}73}JAXTXR1Ad3Q_m zUC@~&$V-P6Dr-f>acyAp%J$5M)9JXza#$qY+WD8q9=bndci07*QQvg zD_$rsNV(Yp_o`nmQI<6?Cz4{%X_oJqwZIzMD4oy5*5n1$bEZFAeJY--ZXrF)?pF*A z8?6Cres9uWR;nTOSzAMZUw|J=SS^^IeUehtS8~_+snJcv2rBe>utI!%8D~SL-@~_L zKS#TQNBM%kO%zOjddZ0oF*FlC%xm+5_#H>1h{-#hBd??o7P&OAg2 zYp*jWZ&(P@7M!BLhWhQdoZ}?5?vDgT-#0t^Cu>hd^RxZo@AckWLY`i{jIt-pzFZgI z#mrujX4QYb!R+=BXK$aff8Aau9pU)roezK0dWbI`N@O>ZjRmx@upM=r+YlR111yAY z>%k4`eT)>(ZRp0>D%yN<0b^laLvgi6H_QdxpM9@LKKe@nh&-=#k!&Ih1)TN&e~_m}P>(;>_!$7&cV(?~pif<22-6~9~z(UY!7sCoHDSt`Rs zIDU-X0Wv#MM_Kk|B1MB1f@oo5k%r0Lu_Q9}RsuL1x4K{Es1 z*=_%qG@Yxlt6MJ_q@0ALgYLSE_@G)@IZ~M@aEfVrRM}Ox!83DFZ-M6b-#N1=tFhht zn(IJ%op#A!O6#{&>$Eb%IS_weN(TQt#7!pnry2OU@xsB&f+1~3q!&{b|I3Of#lmcR z((Rv!f$}nb2}s;@+8zmU!BPV~QX7xH$W+_%y%$}a0iQ3NY;X-S7I*XaI~o9W9X*Oh&DJr~~s?Ou}CZaMqF&C4ZlbBoqaQ83w=bt)d2~u6- zhYH$#1%N{LZX(d0ZgV&ek=ShG+xM#D;Gmk+^VQYIP$;7gCGrD!g3m8VR>VV(_maGM zP69|Zz0h#M{4hw@y2c7#8yw7NWR6NC`)=hUkN(Zt!hk9eJ=q5Wu|44B1q96{T*cBF z_9+@mMM7NmEw;SGe8lOSfd4%Q^A)p3br{ki{z19Kyg^=RTitWo1Lf<>;XnOiYal&} z-(ZhC??S`Ss=gp;fudOY(>eAzKPT>npq{AewB@-v9T{|U`fanhoV4pA*1~p&%h_q6 zuxx}|fK;`IamSvw?9QcGcFociFt!s@gONrYnLM48%4(h5nGdKS5c}+w7nx8tGT>yr z!F*HvtNhO|*0ny@8GD(}0J_wtUvOU>f)1Kys=2MY)YJ@ZWgc|g?c2CP`{=ayGBp`$ z^~L5UwJ!s3(t~V-5nQxa3I#n^2|UTeIp&vnwjx7zV5zPo-P0!OZY7{ri%=&&Z$ zhO-ft@@*Rp->BuNvac3*bX+M`W~*}a-=rAl6Hef5srIrpA3`SvKN!ZecH+vA5bBWE z(ZM)#tT;?zvGysB?iD`M;qW34$HBPL#!etVlQuIt)208;jCo;T?@kxj%(d_yMz``BbgJj%_Z7rI!aU?>&OvbRLZHL zIE`2;*%Bd^eBn+WG7_hm_S}u>fk;7v|7j(pIekNWTUVwXXv15LBddg0D3BK7`Z8}v zrX#B>)7wg14>qu@x-OUuQBG6qOOMesl*eX6AlH}9Q1@(T!YGX`iLS~4BKh(eqt(QN zkGOu>@tgG9j-;0t%jS6S;Ur>Rf=ODHP*M4u#|Mn2&c7h?03LG)pjd2)%;?e zI(f@(P5jPgvKuIWTk6UGDW2iZU41~%L^Dy=NF2nTjVt=4c~NIL*Pa(ij*Llo`LBps zSDJlRuAbP*=?s#SjU-Y@g8O~(3o2}NO}v3?B@flP8`{kR_5_@>65NuBssr zo`|0HSSl!Mx~rR0^+a7Tt?G{<{-NuJNsLrqSxcf327iFy^JdmgddJ~2jIh`XaonjH z5#mFBJ6}U$&=bo7&Q>rSIJbo=*1Kv1`UGDb*nB;3Io?xHkg9$tvju%71So<-5_bH! zkzUvTim-;Jr5OjZImBFkT7?vfvm#gOmadDgG&k#}U@pw_K`qEV^J}8tT+?FiwGGPm zda@76R7ZAlW(Ud029lr{UD$|LhW9caugg@ZGqI(Qt-pyOj38`VCe!Z^#NHzRb?SVQ zJ)Nxb%{^f&ku}Ew^{w)P-&2X@xN_f(IVmlle7D3%ShdJj7Egu8fx7fp zWWV^4oJC?j?&`?jE&f|2bKTBe#ldoek6*MVsVa9__!^#CaP>kWy(wii0$(pR^RiLP zV#PROfp8x$I+w_|)M&!OFuMWC+1ho^B{#^8@J(-Ojq*4QL&{qgLx@~Q%;lqlB;$@#|gMcC|xSLuBCyF7AmU_104# zYNdeQJ3A%YddeZw8Z~s&57hy^qGVuBXScPUc7kMzpZCUF@axd)VckmgD9TJ&r{Xnb znk~(lCw28^lpQ~&)ix=Df2XVvY6)XNMc6Z)RO)W6NMBQ(-$>A754|$nFv&kWV~|Ks z-IbMvswLGb`L5fpjAm1p9aSeGiA#ka-v9Np?{D^x^&Yn3gJedZI3tiy+x z2B26(9iJd8ebsqYWp3%)e0tI`PbK{_$H+15sibVY!nkeGEiaO(QdQ)l*86D`iGxq4 zZ5@C%i1r;daw^~6MDDKoKW;Ns_NlZTmC=XXyo!mcY&2}W!>>Q$b5;o_ZH6z z_DjffjpX%TU%EK;F(95!defCS6k(bV8`f#UJm9qB?JcF*5;r|8{rmRzMZUxWx>TIU z2x;c53%9QdZk5`WZ+=UzB6KNl3a^wb^IIbwP+@kW3SNFT37Pad>0b<%>`Z@%NV`ZQ z1*quR@#c`w*Wh@D_SqiUuKRv#IY-Ey+vCC?ug#WB2)4tDqwbMb#>mWz!iwJ+k?R8LuuX`{x*L zoR&nYz^AWAQxOhPt~RO(E^0_`0lb{I+wvG)@vc)lOXXbOTxz1yG1?i_j`HltSn4;U z)-9BE&;@n+s-oZ5QH?T2WtSs&%xEQ(HK=bcWnIAFot<)@s=?Ke|K5b4%R(Id^_LD! z@q9@>EiwIhM;8aI56&ZtthL6-m*j!!%AjnTI&`S$B}>=uO+VrNVLGWBzTm+mo)7th zL0@7GFi`)wctu-gROBI`yOb~3qEGDQi*q^Skx71i%zug9zYx2b{{qz$rpeezHwa|9 zaN=7VQc;}x(q&8sFlHh>EkpJ+so$9O7S{4I(cbFXjD=l=b$9AhZhiX*v?tHwNX*n$ zO>RBOWb0J+ZXnN;yU7d8F+i1g5^>WZ)fBg}EA37j~Ok+e0v^w|Kc zdzo4kutEi5hd>}xT+X0saY1OdxR^G(*bu9cc)8*WXOl15f0I@q zkjZx?%QRV*m-xYFmSXj5xKU5Zgx$V};T_99eH(=FEP+6*ca^WoTk8Vm9n1iJQdj&l z-eAxf`8zWz`#h!4?zgAf723nDnTJ`MsVX(TOf11yYPHP_YZ%a$R>b@>00NoUr|A8R zAtUa=a9r~nOfF6H2datx?RC51lBB*zzmzg`y;PthO7lJ4SddK?=mmc#e@@<@cxP*B zrYTi<^Z7K*W1FToX2_pzjwdT`Jf8ycwm0R^=y*EbId)0gEm@sVE3i*jSy(+E+?cX( z9wl`SBWMT8O2cj?PsO{;YxABIDY+`1bw`m;$aW76K1x$$^`s9E^B0NuxZKE?Z*Z69 zu6!S`eh<+)xoeknpl0y0+oP>C1f%5DU zJy3;k{PWV68IfIKE|r)?p5RG}Foma~#yHcL)WgdR(SGVQzotW(-f2*|e3yH?I=hpy zeLK3?o7#ST8gX0ul=dp`!UIH_oRafD+3|7BL}q$^%uW#ILIuXW}P(yTX*oe%uRqe>qZ)QSPbaq*oqC$Y8 z1(!QekRDR#PG=F+uQ<@4JoS9JMWeCfO19FhH0hrt7>wwju4xccN8<^T43@*nlc3xO zOr#YiV?9e}>rqTj3QZRmeU4eTDyHw9C`_v^N)srl7ijkf%*Qb9im1(;>vZniAstms zQ&aE8Ot$W!uP3UtcYt`zO3P5)HS6qRc8_-n9KdC0F^p?;&68MBZ*2 z<0I`F8GaC-!GBNs2PIF;&j=bN#m@PsF2Mwp2WATbr59(x?wzhNk86~Fkspb9oKlIS z8i%%_E+JG1mDDN<3i-z9&x;YbrZ8m~9614got&EdCBO|1diu6c;X3ZU!sTmIgh6EP zM^lpuPjORVjlyBVw9CHQvUi=r_0L6=YWew^7rIprY*E=wiRwaf3BLZykvp) zCqyxK0;7-kJfxy3K?-{lkU=y&etekqvmxhp+)sN>Qns&3e9O!yLQLYQ&Q+5L!A;l= z>qXS*K)8-hjZI0pAiaDkw@KMIR*=&wLJ+V=$Z z1c&zBhusJ1=wYdE7B&lXrw``Q?wqgcsRBJDRJGt7Ps`PAFD{H4$K}{Y?s&-4akav8 zHKcW(r)#ktB}GveaXmKC+lxmEI!C?`g;FN=?%!r?gi#KgVcUM@-ikbwI&?P^Jo%#MF0*;yWjv(C5b!HoG#o^X+&*iLGk4K8>=qhvf>=CxwCGGV z=A!odTqNinvNnq3GGe!F*JPp5@s(ngHHfVyO7FI?6Q%q&nWIpCmgRj{{w}0Ez~3cO z(3PELONLUG0vdt?l7u(QuUxD7Z;Xrf>h#R+dt*uBF6DQ+_!yPc2;o`E79|V9>cuHQ zS~i74`@;SrCC}>TAKN3;tJBfC_bf(pvaT#K;IZAu#~*iTNB0+V+8Rhm1dv$dj5NUR&OIAy-bdc9ld=&qQXXa=}ykkQykWxQ>_^6kjxU`QVAmc5CYWh#7KkI@Xy>)w} z`8eliN15kGfnLu?K-x;oNxOpNOZPnvd?Uyw^${n^(ykPy*@%0I7iL_b-rhn81VoqHI1uRlatY3-5_Qu0@p7w(pLuvFWI^io!YUq1j^-;uc@xS&hKl~eb#O6NY zH2V#ppBg^+mdw!ksR{_6Bs7kGJOzS6(>?Akv$~d7SV->flyHVixOf%RXm1d=Whl_a=HXV6sZ z@GwD%ztr|gApRl&#w*)}XbjCdqLK)cE?x*{=)>DynR&y3TYU8+S(_eu>x*eX;$EK~ zkzEQ$K0OPMli2v@4|BNJM8$nt!k-ne^rPtQZK)^@Qf|uQ7aJg#di>1<v7mebw&92&mLwiIzn@$Tz?r|8_LhjH;_<0>0{DLf-F=J5Z;p{r|GUrZu9 zuz~5pWDE`HT=`s{6BCFu)dwM6>$l)Pfugbv0SDnpxACts8&e08&kf3q+g zZ99{o9#X0naDN(3Bz;D68B?z7<;Ph6`XVF&J^J!Mm(SwG zEx$;CU^9z1W52UOq01kUAnd|kU9$Hm;SuYEsh6{K61COS>!ObI)i=;pR0HyJho)&Yd!CQvY{N!X9<6M;Kxdi%&ghF|1#Y{Q zTE;!a*0FVCp5mxxkbmV(@0596PujwlnCdrr_yx_1)P;NAX$z`e+``9cbsZ}Bc~vin z4<;nOQw2a>68L{L00@_z)PB0GD(+21W%B!M4-rZC567qAh`}^ol4aq!4K{r--D>=cC>sH@LEmq#wJs?*YbY>kNq{CA_Jw#?jT7<&jz z>9%A@8Sxc$6*NixY{L`KP%9=w4m>C=y(0*zw`*kFEBF!UZ9!POLk(0hkG#H(*R1_k z>f$&YZ>h@TU(?ZCRNLNNHz<7l%qsNcb)f=Hm4ENV!p}>)+|lOanyJ+F)F-cgWYlKP zq3aM2PWe(pQ{zAVrW0oykQClW`epdXEJdRxi!)uM+x=Ln>DDl1DDb<+t&3 zp=SG6jHms8W{316yw`-Eo*0Ov%b#&(U!9H!Xr-u*IuZZsGj_HD(F-y&mmbK-ZbL_>zE*kyerH303t*{yQi8nG~!`qdUkJJ1VbODem}8AGhCIWfIO zyXk83&g2H!iIppN!$l!yErAALOX!ve+8E6glBB`R09SQ2^>n&29d0%0^{tk-uJr%H zSdr~W+`cbdRk`rXFVsvcCfqLd(0+;Tf)hkR<$d$G!upT7;=o?6lgN2jeI(ZQ6=lCV z-WtCZ1!1yFH$hBIKUJSupZxdpOk~}jJXK`ZfB#M*Q$D@kr|i+xX%GXXTbz*bxwt7w zja&irOA&ifuCSg0;}3-_s|_{M==vz4&{fFDP2qA2v9GDHm5GYDHbu3SxH+>bQ)hMF zVbZrKYilTb-I+>ctI_a)e_Bz`oO&*9i{Qq#DWo~LDGYS~epOo4DyrEyj2~4e?M>dP zt|tfU`UAN!eKxs3g<}#*~G<$?tMY)nt8~2gJFcK_HW_6m&bcK%KLnmE}@v9s_YP^l(vp-4-%5# zm~egTIsQ;)rx5WF?Ta5b9=K~4#DhF3KYhqv1W9IgeunGOYWGc^++TSG2kyF{QIxJt zg5rz*tl{r0G2vE5zWl*uQ21D^+EWz^WWDNI(R2XjFxM7Y{*5q*V&(N|>Us&&1?vv? z-isQ&iZiNP0v|pm7!+-!fLL2~GK5v9&UpiCY_~;Ya{SVNk9MPW>i;}ZJ**y2ru^Ri zF0bumXK+5d8T?1P{>1&C41ND?P%hV0OE?_jYJa`|;m0-HlRQWDW-NA?~n8x z6x0Iq4rOA)!jE2sI^3@VzN4ti)E~D82E4A6$G9`h;uWI5$`ES!^N)KBK+hJO?|r*4 za7%lciLLOL?FP}~L6Ip?CJnEA{VU2q`NAZg=eITRxL&G}sxx0p2+g=Hr#I6dDXfVE z$Gw}L{0e<7RC>2uAGJGEPVN`4H}lX1r_Y#+en4&Y#B3U=4V zc_f{DXrZi!gSLMARTZ#&+o&w27cfx#K_tGM6Mz~--?6nPdR3lc>CyOYm##jes7sSg{XhtUanr5lx0 z?*?MF1`MW`YZ&!o_=16iZMOHUFtZpn&RE*<=k_$-fZxkF$ab9qqQC}LM_c|Zr5`uk9pwS}$M z<7*^he1%ri!mzTyn>M=sjDNnBJL%WqSCW1$vEX!aLCS4N0ni~kjmG=200hE)s@CFB zMMx-TUr7mPHY|Kp?ajOZp_$X&jjR!ikQJSsW`?j8lq*KKp@r+CwepT_f7>uDmKpQU zi}t}068WDwXg0rq+}p?Wq4sF0gfMD)4RLY_KK9};GOO7n!;LTl zU6nP7`cO(lO7cy_+MmJi{#E`E)_c>iooWHbVJ%y8h*J7qGkIOOUnS)==F-!Dpqs1Q zf%)`^psXCnzw`GY=}gkn{H z&GwG?3Aj8}m4V5-Puqak`*Gd4rtzqFM^Zm9FAFiW?@DyO+sK`+nj2J;Ds49zRp`q@^N=rJ1W@nT{+pRG#aH57iym&Y`on%1sA< z#jRv59fB?oUZ;evTU<1QANi|j^WUSojFs@NM{6BY?QxTF)>eWYCU`P4Q`}MIgGBcM zfbRZ@ZHqs=`W1i4a;)A^BFphl56ixA0HH1k^Us+)b0RV}W?4iqGtTbu=sEKK-#VWo zt!#^=v$}dOwLBS&W8mVX*YeVMNk?xFTB8(?0ZAGS;z;6Ra=}aGezQu1UD>LmYA%!8 z!?aaFxlvJp#YIj;?ZHzZ)+z2a;3WoVSds|C=4Ij05#+87my8v71c)n_fD=qVXHY;v z^w<~m3ld-u9Y2AW7U7^dhB6^poq9f~iRoV<1o41XB^BLM@o$o)_PXA^v>fqk^2;Nhi_JTY%1=Jymk(fKtw7gE)d5?dVc!Yi`H~Q6bOXpx z^IoH5Cv$SQ;31rJL`geFYgYH-@?{h*qew2ViCD$xV1Mu zE3=B|vD4jwK3mg{Um)J1sHE*OU&&MP4ZA9NxT3FSEZ|CZ4)=#%(Qc4@Zs42DD*X$E zn6@cr{?$PLqIMD))rgn#-E2=+ciro;MVH@DxDwCNl3Iu6`>>JQOd|$0)Pr1LneZ*o+n*6BZ*1?pZM>E6k+MItr+jcfbJ+=N{25W8g50alC!agZP_K5C z@V1RfI5>9RoQ0w%wMoS66(LhmNy?sVdNM?j$NgyEZMk$wTon->S;0MI%-9PLK6|Ph z>o$Fw&4NVk*j~>=6DKt97&j^bpMgLu7Q|*m-^yrNTiMa4HxB=w`}}cQgYTL04SlLBx6*igl>V@xr1;Ppm!y#SOxDEJ}DK0B$b!tICsK z$S4BVjnXnbUCtij{JYPZ^gj7NQivqvCu6%l=%g+0 zk4?}aAB@dMCdSvjetDXtn%%$YBCDQG0P`*)I@NzIr@9*dhe<$?t|{qA;gg>-@vu%M zN&fJ7?UKz8HlNDP&M3-812|hTNkxcD{)PV)i|WZV&M~E)fwtTCjEr5mabr@>)lF8c=gp7 zNLn@er!|RfZqj*J(`&WXD(z1|P*SvAhXa8JLqCxb5@{zAf=9qeK?pNy8&}P6~zZ#3P(EKHHQ?*}`>wmO-rPvrv;% zI?n}1h*bTXQdg7eZY=8Fp%d0^LYRSvhWgY8}i@;8s-i`{ARr-oM>CgK6XW9buI{G z5hi4t4 zRKpU978brhLwW1d--NTOL~jcrORLYHW29|Z)+r}#AP_c?bi_15@AAk85)VYSGT4`y zyu`2I@gKO%38$oV=(WTJT$i8j56l7Yrk{MOw@eBx-)mmjack zXLn}g+?`2ia{1}&sXH)~VVzT+oLYQA%I2m1hKhg5ai%I+d4uf!bLI82X;{jo2VT#H z%=<&@GpA7tNW57@-kYks+>a(UEQK$wQ5z{s%PFa!BF9h@lD+ zAug>FqBJEX-+g!@qPQftec|;6!q4t6Tg#w!{d^_J&pzi49OnvL7-$)6x$~bH74x8} zcNvEHt-cvG(^EqeWBuC)w`Vz+Z(wvI->IfddpMS#@ zc-QYjUC9t&g zE^d&L8#RP`EK97R)@J?XUI3Enr7Xsf7qC_msT7M%4Bje6G1a>3FiK?|#%*N36!$6y z82d{s=1B}G>=VPXNLi2rH}1?m91|UjL<(bolyE7s*T_FY{O-6OxC1gcH%>%N048ti z*7K3ix~9^(FSS>^&4qv4C1)`$?U=LT9ZteKE*)2L2!Sza1V57hPh4p+fO<9!x1XmX z=Mv6tidYj|@65B_(e@uOyjpz%GI@@VGliw3l#$ZQQli4p<1C7`&RvgHsVqIIcsUFa zXT_6##^Z!r_G+c-iyC#=ae)uHQooF9%q8oJYQWV>KOY2ekQ2URdbH|~cnLld4ni*9 zGpdbs4vN~t@ZBa5ku{XH#`yg3{m-7H;wLriE0aB??^{si-fs};#lDPE@a;OBRvQuS z($HuPRJ;2g+-c2knc8ik{?UJK8E5vGllO1OaK?PG*_dpuo;8n2KLPF@`#TdRnB(5^ z=*fTo`LSl7&rfFlyZ7;*|M(?E4B2G;KO%nIjp=UcX#!o3VTgpnslZk*rgvFehEmj! z?`+3JzjfGlOuL7g4K8XS-uOvbZ!({^jGo+ob>BkYptT1Pp#x02h<<%Q#2ZxqxON$v zKC!xUiMJP`iY8hSvJ+3?yIx(TI{~8|ApOB7qKWT()rDCK_T&QTbETM)z(35%52eww z=Xf>dbxO(j#@yr*AZ=d3q?^`fZ}}aJ?F&$n{OvOpDaU33Azh~er1ran@R?=M{ zV^D@rlJ?u`m`!5l4WEGk9cR*4W=RBgn;DtnmQ@ZkSnzJ!g(WKHecIk(Qqw~kSp2-m zQcB=`C6A<7c-BCrbt`!q>-7#QE3!aVRzn-T3$;*c`ztHWYpX$9ksSxtDU8!hK&Bzy z=j)M<|65ayYXP<`X^LMYj5(TfV8hV#5Rr|ctso&o(S$}>NmQ)Cjd&Bb+a_iZ6iJvk zdty#ASxIL6+Re1q1e5T=pO~~p)Rv?wzcXpnYTXUTQE$R_t3qo@s&a}+MMkqohNJo* zBO=$GwT%>Syp%CncNI&W_Fs0QOjoV8EkVbJn5uq!$W%SRU8YLGM5d|(y%~n^yvGa^ z4`~SoDSdCfgVu^H(W77MDB#-~#@KDmD_|=ZZ3QMFM4KK*-<_`qU&X#+EM~f>5MLwH zAy8;h(q+58M|7CDMSp{0WBqr9zLF7w?OcgOaMf=B`;G2QGN0rxJ7dlCn#B#GF`sj%O{C(WA@YT<( zQFr3d(_2%fmpN-C37CI!y$&Pp92(t^c)7Nx<4G%>=ImwA84#qa^D!{H3)!WSJ=HG+ zcT0`i17Algx1~gUJ`_iXWoQApCGUc}oiSly>MM(p7u~gYnS+rRHTHG??ZW>W+FTIm1e%zTJbFD{!yVj?I6%H_fNd*SgM~6_wgyaR#~mi zKN=5>ea!nG=UGs2O?oEo&T0;#%rkY9_Hs zH|Mlen?{~=0x~I4T`&Q!PPm06`tXVbx+!JVC5YEE=K>+R@nUuzEvcDws z_`h9(5cmjh9TpMh8I03*M7s#w-t1kq#mt+?|B!hy0Hs815AutKyGfyx7gm|ZV)BmN z7Vc0E8sC<=B1?(xVexX5w|5!dwI_fNu%N$4%vq!cgRkv^%uLK8v*Z+0qQHDSdi;P! zBRbttUs%)&brYZIp(|@fiYXCBdTs1)4A@^ADPPDg>g~R#(NIEHbE?x$B)S6O5vk5Z zkQ}xsOhplVXn`t;eE4n*nD%kspeGaxNQeM`Ksq`j6IsYX9`aFuLX@Br$m`C6z zV7z}cv#S9<))oI^j%jIuT>d+UTz@5&R!~Y3f>#gb_jED(fEQV`FBubA4>1~G|7uxT zCkJJ%-IZ##-{WO8HC;%!52J){0i0+>aV@Okd5>G_zR;RhKnSXzn^rMC53&20Y|C;8 zL`wG7>^*f)a;C3`N>zOZ3Mb7j`GHkGP1RSN`mK&zPz=ruL+YoOF)K!8FeU0M6M->~ zcsIFa;8lSm?*@uV1Pu=cano;evfqJ#&qBm1M}BlK3o6Ft=>J@+~L7Y9eI=T8r&j@r)oU})op zBB4zT*)Qg&S7C*f!?5`j%nz;72&9dYUZL!!6x_J>K71p3(;V;otp;BPu{JAt+wCJV zb+|i-0M}T4o}1-{iT&}6H=CFHpkwle(QPgerJCICna#=HCbN_?))>pD`*AhK^737; z)n~B90J29ao<(!B1>mdS6d-4d^2~Hi(KsSooLFUujxxcF-XGvDSupz!_pc*TIuG@ay=P~O45t#)?KU> znJ+6NZW*q0`$w4$dJiy~fh@oEv4wzb@E_2egs~c!0eS=)p`f(yY`1Sp%RzVN4)52F zK~gt63(!73le*b;g!ZwEbQ3PO$pPa@Hzgv47mY3OPQL&UJPbrhsRyMtzd}7q?YavG z81KU>Vq)*)2nHD?;{V0_fy7LE(cWH{m`<6+J62&xh?uLV)DjjpGMC4_Xx98y2i_=J!O) z1GU-35+(1G=r1x}5i!T9d^dtkB2MJH7z{de4oeFF4ufv&qNU|BzojBUJ?aptxQ21* zRElYt_L_o}=c|u<^**(&(&RkUWjHK@RM}Ew{wYf$+H2H6LHjgMMX;K^0d>3Ocn)=cr6Y(z%R-=OGh^jCoxPU4TDSk=RVf?d3wL zJGUaRnKt%v640$(=|H8EDR8D^DpQtB5Klw72wYL!CUiNq7lx2uUzRzrU$QLeAkt+x zbR#!`A`|zqzF^=fTFtTy6C@;_CJII13|CLZky_@IEr<#ISay1d##gA17;B4rmQnuR z?1bYutDe6?*wQEGY#X;!sAmA2udWne@^TQUF8R4y0Mqsh?X8D&_Se2Gvd-7 z;$J^5+Gy_( zSn}TRT$G~>W6h}%nd{sx5s`OQQLhNG@;q_noV7wX9CVU;xL|3LLkyi*0|8h&w$g=y zO=Iu`at1qCTYv=T%OKBzb76ohtdb84++2HMz0wN$<2s_r5p5|O?IVh+a-c#KwJmy5 z%I2L2rxkVD!L@gp8_`?#6!z;m!aLFf-w;c=t&CC=S`DIe#GV*i8l{{qq$9t|EEuj0 z*6%SWsn5UF^51f$L_mK_JF1>!EXS~Pq+)rwsw@$gP=bdjq*P2BG?J1L&CIKrrIp;s zYO?NCN6Sl>-%^lfbq8G2LnJNB6qlkF{67b`mcoGbto$y0@<7QYawl_#lr!Ys=do+S zTG0Jnu^oMOBA=&VXz9rniEaOBWr;EML<&{x$Q|bM7E597Zm(Q4ttPpd@YSdG9<_*5)GAkN=f(jiu;sGKHWsJ)fyd zrBuUfk?6eP_3-9KH05^4TTF{vm;33aOsfw(i)+jOyOlM3v zr1@d^`|9pb%QcFu17sxtZC91iQ2TpiVz{B3V%bvU(2<`#@*r7uaDda=H5eWY;hw`+$Zg}9Y3KJiEBNW zZ<~Ci2b!91?QH#Ci%cn$cb@pE6aVeRFST56sk!a!ZCCEw*rwD_z5V3>Jo#6xuWx_w z_9yP(HA4%v-)b}5S-HPh{~xE`ctH1@ZcL0rr+@zR@0Nbu_1xXG`RnCt<+pdAy9c%u zE3&56v2*sIn>tM0NxKkHL0gkpGrNK`dbhrUb=WJq+9Y)OfvPSPbAk&H@qOIxHXrR$~R(pl*-sZV+b{TBKIg^G-p zjFlPdGsZJ!Gmd5WGVUsJGv8JGLh+}}|73Zxa#^!%g>0Q{hipc6RF08Tb#yItKaR1egr- zVF)(Ed2l&=6@FdyshUmcR#qw7lmp6*$_eEG1XSPrCndT2#f!a*%Rqd}jp>DNqN_SLuUiY^?T2Ihd z>Ra?f`WZulfo@P6at(uqe~eb+1N~NWqFHVUw4AeMSl3uzim7eh-ef=PpgPWG(X(2! z?%d1CKAuzT^mEqcvU5jWA+D{iZyt#A?0I|gzO$s}ziathfxKXK!M=hItbTFFxXaup z-G3Ff75-CXDEh6qwRpJrww+(e`I3irzj(MFr>DU);MrD+EM=9pmaZ$EFa5ntTeig; z;O+Om;;b(BRb*7`sQAG(sB);vzsgk|SAD+v3y-K8bIrP%?>+Ns?|Nm_$JhVUu)h)A z=x7{kf}6he+trfPTG%$!j%`2L5!2DtG1qZ7gxsm=EbFp&)pwPt-pBWL8$EV-{QB|v zU+!@Zdl9CEoempJT!nW=1S9_v`7*K+wPU4yR7vzlqQA%7HxM54A(kliavW*gVmJ(b z9`|)z7ofqf6ZuJZCcm31c#8I(dB#6I|D0`R)AOC#G%%|VR+!wEJU)9gCo^|+(}L32 z7A~ffq-%Xf{myLTM%CqBEITjDmRIFfVwgiEA)nAl=;+v$ zKPEf!PcjlqVp&(Jp>k?#rVHgYu0>tZ9sL>YbxY6nO)1sX*Fq~0SfmhOBEkS`V4)$6 zD*CvDDR`IHaD;2T009dP5vGl_psh5srR}reQUd`a;E*$82bly#S_~O+;0%A)dgIB5 zKR_5%ynSieRoCC89e3GvkG=OBGGXS@ZPrS;j=GVVLj_G8>kfUylX&;#*MBi3ZF8Gs zBrU&c-6pBo)f)6jr|8kUUr0h`QPZ=z6AygFE${il2PMsvU3~&cvm-4!?)n;a+$so=}}pT~u9L-B#UKJ%&%?Yxog zvSvlu+-y=UuJ&VgGP{yJ$X?{oI$;izGv}gmO?C6R_1xJA)C6WAeF^L{AQ%p+R)0KV z*WEzzT-882<%d2|DbenkNO#vin13I8juj=S0^s~4eivGeCIo{`u;4lFVPhn~@k}u& z9NJp#=^fw1aSSC{(Q+UBm-tJR^({QTyzTDm3ZUyy{QA2>SjkjCU4~513F7EY5FsDe zxsmCkE{=%x72Awzmn#fmXM|lQ;wrYf0IC0b{D=4T1P~V@(Q7mS`BMz>v?+;4nvtO~ zT1%`}Ih!JaVMwEbH`eprr=P^Il|>^fN;GuqafYJN$6D2CH>Qant`ur7WgVbaOE9iS zXsKXqGGWTNAS+f0qVB}I<0U^GZxY1b$IK}6>V}%k2&r{JFvx+NrI(98mSQ4dXWocJ z_X3l{P!!8CViyGf|)>RcX$Y_G|;#CJ0P}X+d2g2bQr0>ipAp z)k>7h+!*&?BN%4tAHSRWvhiUfQ{fLD+mtzurkFq0@D9KjXNYW+JHVRHL^a-1NtK(; zx@n#aJNhZUv#N`10YwmS?VoF*8ta&_F{P~K`rf0IY27-z*RqGN0xdO7}{drNZb@g-%d?5o7JH6=vmc<`Qz>vq@_}WW% zo%x#S(@&2`-T=DG9G=P(tLqOaQ^sScz#*Iy4ep@_Z#;AN-;kCAf+6vsrRY0PRyPi( zL6v~LWUnA(jWV6TIVlA^ab;GraAScakXRgAC@Jf#HmHW@dkZuD176guL7l`TCn+k3 zBJm8;l?~t9_u*aIDd6h5YV|VDFD&OXNCbW|ot3IxC3vX6D;c(1DAUEXO3%tNUZ;?| z5MeeZ_26v2&@Kf~9PBY94R{2|8RL6J`KaV>bfYzGaJyxy8Y@g!^@PD3yG2eoXhqt= z?~_!wj3u**wg_XS0;&XW5RJyo99eegPNJuj8=^IwB5*vAO0STxQ1}Co(D9sJMb$<5 zqSh{W`;(_wUf<6P9XQ!sGn#^x?EyZkvH|hcFMath+Hd^kDL#3_Dv9y$e)aE*zcV2& zSE3vhJvTpnvi!*0PyGsx|A!glkDh$xp;zWUJ)zMr0OCn}B;=oh8xa`WK^5&wg=i$4DvGD#cu*Oaag@|`O~bDMnf{HZu)Vy6^NLiMOoG0tFlNFNCT>_@=aY;euRdm#P~d=1G6Kh ze~BY;;wL$E_2|>uII!D6|A1uLp4EODYY7T)-36FQldvzO6KVWk>!hsW&BP+BO)ghXun(cnprC+HqaS57PC@8eV%r zL2b-_XkHW*Rn?mM)Lu*m(>0Rgd5%I6cwb5nzH(f@Bq_)EMc~w&^2Xy-z&g3l?Tb;C z+vHhAP!%s3=iOar5=CIbsk7b~(?ke1#GjRkI-SphQyjd)CQG)=b4MjM`^mIKe=3(JEeP~{k_3ANwVk3fP zN&x5KyeWGv5O!^TN^IiwDF&d07?!0;9N@va)_i2X!5iW5Pq9)fju}f0kT+8SUL@1u zP$--pyfweZ+gr>(n@sPv%RNt&K4ftu(iAlJ5utk&Zv`g=J4mOM$@(yRJoJKzj|0Oa z-$Wmev^Uoj<>zL@&&@BaZfg7ZQ#8ZsEUKz)XyWEkUsGA=v;uRmlv09ZMXp{8?h?rz zMwD^R7@@{v+yd^n$1nE?7$x36$MLcvs|{;sFxsX$(MZuiKRBF3u>g5%)~m|GdVIin zqvX+UhcVL5eRfPxs9+oac5q!X;$oil0hr$1U|yvkJ z)kzdulS(FLw|n*otWyjwepGzNDVyBIL^H_1gQ%TsMftWjYgyM!5#HF8bM;=s4eD^k6`Qw=5{SVK%SDuFN<)YNp{u4eUiS9pQ#! zd2Z9P?5LP!&4d!LjtrF}3D(Xw5^Hp4(yhe0F~##lN7CG51gUCEhSOW%@Vv?2FTZ0} zx?z+*6!moYj2;flSZ#%YuPOpi#p@av45Td24GvwEWZJkKai{5{l)BS1L$gH=f3vlA zYKDQTCpUmQI9tVd4FwCPz9LE8PMQD@lg78p(c~2s6hjqTlM}dGuc$!>Wy1B632ieU zSI^mcigt5NqFFwtD{uw{O5Q*MnEsVJ)}SkYY*|tj4dg=Csz z1Sr=3kZsGDpIADAt6V0Nz06DJ2xtYvwDn~ffZbHpT`op~n^!u~p5j!@8O=FNuc9t5 za{uQZQmXXa&A3?OEGzlu5J9VBsvp8|$9~92z!g2-bZ1&7yQxx=>XeDI&5Q;q*5E+% zf&p0nx8$E5QR+`x)q0c%xYDM|dCdWt4|^ zvJf#lL2jcxaC$y8`r3hav49geh=kg;m5nK>JZezMQz4FuN06LJ=q-fg%3il?4K3Uv zxBu$fH^n0w;kN&as;wy8aNHzv$A;>@$ zhkf%ON+NrG>Tu8a~>TEoNiYEUwq7X<`It>B#j_K3nqya_?l7vui7+&UauEN&F%BIJfhr2`4oVipk-IjW2J3Y1kRBnbXXj2 zyP}WMPR>TTQj}B$U6v!XK<&uAb)K*BEvGmuOikJcY??t%G}x8c6+^Wsn0}lDp(QFj z)mfnFo5MaeUwL-7YsF{>#z(>;_Xm;*QDd5@Zh_tn@p3?cGS+Uq2Dx4H4~nI z@FB;D(Xh<8l@v%BSiRsk>PcP_3L;k18sqAeBHCpt;#eY`uhR$l1)nH^NYTVHm|7v_ z#DFwy!f-sVxIu5afSiZjs~?D4|AF9Z~^^l+)6|Y{RhFC>61D!WysWOs-VRCv|^= zG_V-5TtoJvzs8E67F+JEbVr{{XSeA;WEeqBH*ib|x~Ay@g|5_Os_~5cc_EfLKw+Gl zp|x%}zg;ri)?9BVA(LmoAnt0BGh8d3GL)$ZIL59DhvS_~41t1MyOV97wC3jz)RoZ` z@72z;4yK?`5>$sGU*sT4hBMofT8l>x)%%nW>>Er40=3H)a1ZY+sntpwmTY^_ddSld zCdisNt&L{}pb^h&>0nM(J}?<3n_XTK!~x}P@&|bQYsBX?^_K2IX7pd`=*j6BbRli9ya}pX{wh>V$ez zxJlnBsFDK6gv=QG={Fk0>27BxRW2QfMxU`Q-EtG z^ydM1XSw>-U?PbqYx*huZE<{#1Vx_d4BcS_4sfWARL3>KPhaQU-aFlLy?&mz%2p{& zjXA-|40DnI1_y;0Pb@0{iHljp#s?e$!TB&12sNNkJMH8#`3{1M8u5xINxM`qnrCdB zatEj}ToWojy2?98pk;E1cdK%WU?2=+o5DYOXbU@UF>PtXU;`+1okZdGR&R@=aDSc+ zhgqpildVxo>>ZK~8I@B2=QT$~b*4L%(QiCnQ{|Hx!(+%3>dexZU(<#+gbpur!I@Z>T1d2uGIPHwD`0mE{l!Vzzh2&&Bx518a-%1a)Y63C0qB5BVqk#&Dj0yC)~eB}sw zFNa1@GRDScAzLxm3&PmuNF0F?WfUtNo>FOg-lz$DKOVZIQ*rP2oLXZ@l8Z%%0VUOOJ_TA{FElF?-@)5&uAP)g4`E}p(&zh#Cd;I zf}>q~cff$Fy4FG{-JQ3#<&|;2X8|H)X#(%@jAT8ioS+u>b!Y*!6$X*Em^@XvR`~jE zFjlnPUskTx&-@Bp#2-C$sBWhz)!s*3*FJ{lI40y#(FuCde~1<u=uqnyxL_B``MlZ1J^&m-7V!q!Gc2s2R6mS}La~ zvc0~txlvLFZXn0_yFdNS|M};G;OV^jWz$vrX*ov#pfMTDDLK0hKttRO|K5vL?uk?5 z@o62l#Jfq8Vyeejsv+6egq_XFQ;q$kb|YWh+-CQ#NL^M7a$&tqCqG@Be>YlZv;Dp^ zBboIg=?$l&@$@s-)oZmLXBW$(AK1pgICfwgwjn2h3bCTPQoSi19`3_nts>+XN7xap zfxGyDlfh=OTww!dOJzPwavsKWsaUR(bL?f7a?2LX*z+#1z$J$;;jm08HRXYOVqQ%@ zFdC+Tg|5t|hQ#yyjSEam=rpQ# zU|yQv)~9^aut zmg)GO>xTItdkTQv)`~?sx@G7sh_s@4i*DTd+yIF5TtCb^bVZC}P*)Q`R*LF0O^ONk zfRzog-#Oo(;TzEmITthSPN$s_q5G8XUlV&{?W=mdS2Bx-d-oki6C?6#DrtkLpH>oQw_lEe}o zyB_3IT*EsW^ZOyZxK+D=XxB_pJQ;69mG`tM6FFSAc~n9|!0W+)4M+*dlb!UL0C)S@ zv(S>xb1cKKtWZos8h`2=V@2M$m`oPo*lm}4-L)~ZiQB9|0m=zNY-JHd{qv)pSl@kG zM!{9Rr%ekMtbk?au$R0Hfq<)|Xk^#M`q#-<1@Zz-5FF_BDg7VhEvYBc?agp@=gRI{ z$YZZG#07?HirU9vAm@k-ol(h)@5(lttk_pe;p~#UFg@rRCL;@tqnI!AIRvG#BJLE! ztqmW;cnVQx={NV9|AT0g zPmff|`N{3w{yUkjO2Ld2CB8@t&HK`s(p}tpu-o*aT4EuG5<`l}E1k~j8tvDL zOc2X4Sm+vLOM6;ShhRv#Qi&+Z9Eo%_Z)u|m42GK^g=9=61#ba9E?Jw#o^7bA=BLB3 zkZ?Jw^r|n%eMRObEkhGU=qP&a4oFm|QXS#ikzo=NnKy`d$R1w2vI zcE0lU^F-8QkXn>M&s$5!+L)Zkys}XFfcGFqh(_gkEy~Me z5fG5`m9w-H`rszBZ~t!i`G>l*le>^BlZ9bmE#p*nw7GD7>4y~d3{(<&fA5=Jxjbb4 z>l+E_#DfRH;pWT03b{FRM@4Op{IBzSG~`EShyhOEBoeaz>(Icne@vG@(V&0AL!p8g ze`Gd~F%{x}&ui`I%>L>}?w&qbB`E|U?*sak zVHjCHFLz_kBlsAJo@m#~Lu&tNb?^Z4or|qrIsN`VVu@Ger~lrg_~q-X7^X>eWo}AB6xh zX%BV#l!D_gU!}S8TagJ!T-Q5mwSQem=NYN(ZFNE3-Hb_IVE_0^N^Ps|blGZlIu|9h zyRB$t;4YYcS~a|+L=gpy%rh{TevGjBy5u67*12i?#`o74rv3iJHBQWbn-D67<09&L zuFlgBYPta`YcwPM0@^mZyVVtBx4w*Oy6={rPYhxVpGZy}8(&8F2l`UGN{ljTYoq^^F-%21$M zkM?@K<;TZF;|E^*PkUnh`O^Mq<*C(Qfq>{R#kP5ZTKj5VfBDAikNZMx-Vt!Fw7aVJ zD?v!`Z};X30_*tnYd=JSB&vyA-KqMh9Ie>Pl8_gGcR_M*uD$18)A_FX>w^@I0OQ6S zmR8*8rfFENvzk@UQ#&q{`Ms;f#KFq1y$_W8^LFpER1FLc$ z6^f(oQ%#`_YW1&AF8AO3@W4<65@{_IGkvDoVYOq@IORTmNUe4_*-ncohawEtgEH+T}<-K_{2Jlz%YWt z7)`Vrjv5KOwqb@!wUl0*n@{nbiSc1L7t>8%3v!k)MZCO}i!98~&!VM9=|H>1D15rn zIjTOwq|-7>u>BZb)kX=7an;Sb3ymv(M4(LDmSSwH0*pk9h&5Cl~AXzb!t>Z1@OI@$haKgg%s%oGgO+H6!E^CZNC zK#&lKzF=R^{51VP8p_DXlKN#6Hyh0VlrNf+uUnokkr6&i&ztO&MKD)N&y5`B`~r>aMHL- zmWrIEmly&8!D;D4u$Swzd=N{b_b=oViGn~#(b|oT4Z(ET%@Xj_rA)4f5VX-;nm2hD zUX(E<$1_L<`_3-YC-L`QfTgFforUaR<|qB{Vapb)1)v<@tds`0kl~_(^1%8*BGnL@lDJxu?f9bRz9k4& zbeNT87HH0}sw}VIHcjAwv;%%AS|xFlhcBs;5j*tp%u8)O6YbL+izsWd-5m@zvPtUL z8^Y`D{UPTlIA zbUN=Ptz>i4@e4#tS3}!%Wc{i!2t%3dmfdl`RZ-b@k1=O^FK=Jsjj%*@djdqf=gjCH zYnS!{D}?($w8nKiF?2(Yy4NYwOuvY7v^(p$vSH z-POLLnTGQ5#nb*UwmP(Wv!jTG619PgY{PAeY&cruNT|phi%QU&=9cylk|%JjIJW?5 z;)0=IRB%dgo`wl!gsjdE@RGzBG_1kZlgidLz+sn{ z=~64iDQ}CKp>G5t;DM;~-*n7`XyP36EC-m38LaXD_A|V8CcXS>99y=1j;pN*H1Kp= zAQ>$xr4Ul}ICMs7B^W^vQcNJ!Vw~NW)^oxfYMnFz!Ai=RtSHp+a-hhSiSjAH6s0;l zLu$T1C+w}#0ZxK|fy!*2l9VZ185S0GY(fwoc1Rfi=_@U;NE*2|WQf-=WtM0lYr9Za zBuUila07@WE1M52Xl<0sK`59`wke8?^c=X7Z=vlK09z1FNzM=^*dW`aG6w!&Q-^AtmjNc_8{3& zR6*{R{@-OQep26#P%aFt5U4miS%+vEd5l0aihM*#k98+K@1eCYKqB`){08^Pf zfnw}t;v7=2zEVJhFc(s}tVkLy7^`jFu&ioZULhJbjtmbgmvsX{;f7d<I1>~Zh1 z`{mB9H|2fRlO2Zd^xMP-?mk}Tfjuo=Fg=<^?O8D1kKNUg?NIxCT4gIB_8?q)V{v%F3hj}r14F2 z<7pcNXN~M&hz4AxtLSLLRJ6U$EJZ>9Ou9M+@qLpfSTM!2XE4j?^=GG+ib~}S+`Lt;LK68N|HbX^nl}kNPvc9YgLYL@RM9FcHUmo_ z+SCf6rSwQjP6=lOlRS{}Fq_mjg>fjTK>KavSmw9Cy5xTC@lf~AC9kQ6jpO01rnF)e z|7J%+txRD2R8&;-x(3)((n~3Zr^wLmur$qZ5~fKJ2b5w2T6=$8RVAz~S|up^(13NTNk!J}jVC`FSyJ0jGCa!dL z1`dRjfDrJFf!;^_#Rx+yoI6CHa>c90O~GF-?+*U?D?54MD44z_d=Y)!^^Cz3n7H{X zz)m%Om3$MukiOP^DUwOP6ny-ZaF02RJ=iz$ADY($LsGgYu8%cHM3#u6w&4HnR9CEI zuZE>736dfat*Wj?hhNQdAfpV{m8$7F>F0*ca^s0me{18BWNytqdT&1H^|IN!Z;97~ z8ehe!HneL zl&YQ@f|S2AJc%wbITXb*1hXc()9I_EcQo0G&N+>(wwPef_<3GLq&E=Fa6>R$x=#mu zQNOMgA&7ZtB+pl2LEjyE0HrAZTBf{~?nR~+Yoa7&Q(K0wxB7H*A^Gp}OE=k5esyrb zB^rDldxi!)EfO#5+2qi7JwGYD`-a1QmK6{ORpV%_afyy`1oXWiL@1sBt(Nka6Cx1} zZMKGN6y-Bx>KZkX&9ygJ<+de76d-N$!j@vDb8?cp5Q_KY2vpkjp_09S_$G{8ok6=5 zoWRZ5Pt277JY*A$naAbhIY!gWfJA+$QS&BMH zy7_8!QmWW0iXmTR=eTf!Y$(CoWJ6m;J7m)M27-IRn}%*DQS7i-CN(-@Nwi&&d8Q67 zCPSryG>^_?f8+>!AO#I@h4vNL%6MM)H+2wa0?ua^+{sqF?_q~719#e9dCuA8H|XWr z%w5i(@(sb?g!!Wq#TotP`-vm+2kx~J$R3LZ=-RG-F0D71f4#If4BukKlh&Va%L4d@ zu(%2-Xx|G?F{jW8HL!q~m~w%GEz^q-_DluD&M0NC1&%TDv-X|(XO_k<2e^bXMpV^` z;nf8FnREPxWhne5$X6C5ZxqDXSF|Nq`+x_PmMf+-R93Sb|`9Cq2qUib!Qw zZgEJfQBgRwT~b`sy*!g)Xt{O{oth%r-S-6$5nmY_ZbO?o8!i8Ow>)&o^nALZIM7J$ z>e$QZ_r^w9!NstsyKyj%eK?5%oW&XY5l5-s=pc-BqBJ^B#yUkFXAa8ne?TC_*ZW1R zn&n|(`ux{gi*yb_F}Y2Gdys66<$EUN(vycsdW+YoiEQ?}%;yHsG|{dVtz6Zi0LUj}zZsr}3Uf^&z-|tLm*v9#2ECH?$H|$_r<=?dDMYLMHmNmiI%!Cwe z(#bc=s-_2=f#WWI&9yyrr5P-yFj)RTW4d{vbN^ks@^AwocCZ|x1SludYy@Wn2zGnD z?&7mb^I{>)hM7|J#Y5Al?y?C@+r`Tm1t zaNz3a!X-`*YgDR{)6L|+Y%Pk_r*_vbrQ-Es@5L*}nbvWn8bI@q+L0TO7;tybxEI&F9dzuZSC+4Kgv)KdCn zFRs4a>|++&B)0C-nQ0xD$^}V82?DS~&`KW}4pV+#X~Jj|X|C|yb=Eh+ygk_6S&L>1 zoYIs*n;UzB|9y|EQ&nV3qq3rAhsO@sTbP1CjMY5Ve!f~?^eU; z6)C<#vc?M`r6v?Q6`;#Z8?T^CFNO2gXsw0eC^MDcbIR*g0SPQ!;7`Wu7sdx=$tq!| zE%vZ7eZ_qgMXUK_I@g|~xe{_^VV_2h>HPE(;+XfWs5h>LMTdissEv29&RT3TrIaX9 zZG-3noYJRbPOj&v?od5$bn56WQpb2&=g4lNjZQZg)OY|l9#*Pg%4z%S)vw&RaQM!c zOhsZzlk_Cuvosy|g;yXD7Zbnx!Wwebk)|naLT*b^YGB}9I8Y2XW1;)^Q}06OPA>CY z)|dbOUD*|fQjJ!%V8s*3R4SdxI3Y?bDmPH;nFfdIVSbziuFP`0!c8g5lE8BeP2ott z({6*<;m6#;VTmH2#BmweW1qb6%*h|$CO`@YkV%L zPQ>FeB)fx&5tTK<81tM}m=LqqN=LHJ+(rA=WXrt$k4%f=%QgJ`WOE7fh zcw5ufv@Ap7<#B5_7E-e_Gv7Oxt403Mw>uj%6532n<@< ztzV3X>$LGN$GU_(%+&!vsF05%ou+!FGpnM1WKA?(w}uGkvJA|G@e~6@`N6}%P-|m= zKtRtHF}Mtuqe<_YiY@WN&Fd8gOz zd>~$Lz8V#Zo>J5!Q4ZecXcS%4?ZCoYTiH&-i#H+f5s5%xDJQq>IG$=Hxk=X&va15q za4bzi!A=`xx9`z^d#=(zEEku2rU_qTfugTj`*lhSvY6u1oMJc{_q52v zspf`A13R##s2I<%M@6EoM}`}WWTSTN9RS9KpHhryXdD6UlLbeDH61po1)J73sv7V3 z#snCVR`50q0!P*3frv>8Zl?{fUU)5DLX}bq!&0TnYOra}_vW(k7>A2bGRzkYYB_QY zT{oO4-V$Yf=ZsSN;@>3i5E$F{v> z1$P5iJ=y5j79-qffRg7W)5>NM&}Kr*bO||u8R6gn%Z{u(iH0MYCejunAf|?X<4R-R zq(<9MJpS{q%4eVQll!Zl9qfC%!S{53 z@&l#T?|vKG?REq#0Csex12t%6%w<_;r`n5VXXAvqpo*_=W#^j|>E%^IfCivqI@sbh zL)VVLx2pHJ`ofd`V9*O(g_n6z;s|8<$TLLIw`jf^$qtjjX;+OWb{w-c1+>H~ z<z!n->&BFSrw;#iO-rQGad}dEN&!h;;I_Yw za9}6*8~wx0uXJ+L35i}>rb~4BjN{!LMVvMvRcgT=FGu~IAGFifdor0^)iWtA)dQZb z%V>jww|l%ZI!9{^AV$uj-*3CD>twwQd3S!5ZL7I!Rf3kyRknP_EtkWHm`nx}PZn>v zkPDkSH`t3$&7Us$2mLIu6w~~hnM*=uYd9SIiDF4YeWuS|6+`FS`AsR>=F-%Gn*{LT z5*{zz7jb}Y#!k>*>-iFq+ojSj_W(;kw7+~UyO?fimi2?(1c9nqzH9m~!AP_#cUWKk z(q~?G9fL#9;>&jws@DbXs~0&_s+87-#u_s=t(Ka|o#R6pLu?2R03nQ8=_N;^u8GA< z^Rcu!tSKQ~Mgg0zcS~uB+#Dl~yD}nj;Q-UjhpQ57SSB zg@-m@SksmUWk1}eAL1bwZY#G9?i2srJGc7SQaCI@{Gs(H^Ow~v ze`9R82-JrFB;0Hh5QEwlrm7|+yyFYh)kB@1E zt_b;L{;}{;aaQb%B(Sm(9rcV~>*Z~Xf6m^{G~Xm!+TmZam4~tTj~#2HTvUwbI^P$9 zvC7o;ov4@=;RHLji4{){i>v9TLMt*)h4Wmxx!Xig+}X^_sEN6YoYBitR~OMPY0TtsMt zRy*EAZaL{Xk3`2qZ+JV!go4s>DAi+WH$jv#PO)>=X>-{F=7@zt(=1HpckeI4E*I$E@<7lx-vpM75fXm?ENcvD(>^!?IS$$Z4l%h4fI&&u$nJk&z3 z$;a*S=+a}=MA8k(6m;l4FQo%-86cXHM%);<*gLkIG2RhAp+JnRM(jE64z1uvO z^6IC9R2xQd>T(x;-I=kT@Poj!BBa~6MhB>qC+|%dj29DKn{aCtxTWX9Q~H`TY%9<_ zTe`m1t+=I{WP=kV)hgY;vrGHBYAdp$YIZ2nv197tXnsA!+7&rawoHb`y0q37LLpY% zpec_@A}@^7fo3;8%)3;^`Cj0MaRC4Y)I-SYz@&*>yIquDa{TU7Y?mPgVw<_Qfgj^o zK|O>Y(OB=SR2eC=DQSXF?V5+j*JG2uXXUGG+1gY#I-K8UUu<^SW9n9PUJp#gy*N(N z{GI73Ja%%YtmZoksOhHMa*t#XYbgGjoBQ2=z{(J z8)z`eK6vZsW%?US<6Z98uOuIwX;U?389#SbEkmu&~s(iF7oS=$QOL085|UIx<% zegvt|-uPi%I$sOK-FkrlmTvu-DNU5PR{QS1D04D?j6GQ{U>w%nIk}pI3EwV% zumZ`4#H)iw?rd3BMsrn`c#ei!jqIw}b6geRx?*U~xEVzZC(8W1mddg*IDx3mkCMo5 z^=Q>_13iZ+CPMej&`-KrNx=xNb4HgPVty-p?1_iUuqpqqLH_)8hi-B@d(RUH2XO!T z{5NNQ_;-}W{_U-6%P-t>_Idy+GBp(TC%oz{We+bb%+pLCI74kM*=aCp;8+U#^Ls=6U_Ua<#g0>f#J;el)D_xYO0f)DG%rc4TCtvpL) zOT-DG6@*0v;RSyZ2+0X21c8lYl^+!6TCcU%?JFMY z91MoN`YHkvrHfzWbIj^+cGUDUyh}U6mQ~twKYUkviB6Z!P3m;$!0$fJ6^bPul2GzV zRr>zzy>TH_&Og1*QM9NjoIbH1nTae1yxyQ6*px14ZAvNuW`vEs&*+*CSN^h2_N?Ktvb@t&{4Y zkH#}1SP?b9TIDQC?9EXN~(_1o5@!D$k9SBI^6hZ;wr{se#b z48A`7?y1Yc-GkAQ8xOhl3U*xaL}+|)|Jz?&*t&W7ji>MOLho<9I7hh)C z_<^+}cYl3uQ(Ap?RX=m@CVuY5vAzvfXwj>3lP!YS3mK`NY+hjF1%_I$fSy}l(31W2 z!LrPA&5Qo!l~D8^1jfHMfCHdk5~`_flidd`#0}p)fXQ= z^wQ*lsj!H+vT)=z3@*6(&&ACYK>HN~cJ(5nm;) zt3V4h5&<}2GAiT3c<+Dq2C7=DlCSWH!WQ^ zaY{6lQjNn>Y4z-Bm6GfwSy42YQsA07#)lm1KR1bI>Fg;%IQp-jHPr}}A{PVxJ?cRH z?9=9po^T}JLYaJbT|~L~a_VV6|19T!4uArwN-;7&Zi)MZ(y?dlpMDrw{j7#MM_Xt1 zEdqa?=k!x$8~ou{Jo{Qs!dW}`$Z^qzOfw8>QxiXX1%m(3Rp$fu2;+*7+fl`tSCW(H zHD$9aeqbgWwSU|^%=~!qegGce+K`XA?qs?K;_R_)PI4MEm2UF%1@DI+fL6Y8DO|Iu zmcbh+^5Psjh?$vBe-yd?5Zk!xfuATnKn7qG7!yog-QkJ1UU^<06SAO-w! zusSyQwzecY0W7n)_U+L4>cKzgeMr{&?y9zxEBpJfl`HyME8RKSSve;OYQeVl3{A|; z&hftkHa9!_br6TewzP5+fX5T)BDL9UF|zb#lMxou2n2kZ1AcikY^8c6&3QW_Sb7*aS8$}kgEp2Tq=};^RJA3G<-1nyY{-kkNd}G z@g%<pR&&g~AjSzppf1A*SH^je zb5g!y9TZW5qFGKf9Y2cVKg@Sbkz;9!#Ay$}VSu)za4j9oi?R*dk8z6bBiM_4l|!4H z6lIv}l+%JF>x%@iB-X-J8~F}V{~Y3idTa-*ATl%MW-e`@z*HM4)*ML1b}RKqVkwF^Qt{mfTy@z*Uu4k;Y7hP(c-hh zbuWB$ZY%4W0MNHR>0Vg9pdV1OCn-o@_V^?BRTUdilj!4)rQzvqIJhFe+rz|7HIr$xWG#@~B5TYI zYWPSpHgd`J(xzi)wv)5bj(DZr9;6-^hj)n96_dh)EiKJjzh|s-1OT$c$wG53-JWUmH{450r0>+YYhh@%ytIQ5G|S|WhzUO=Nx+&$V=76Zdh97 zlc-w!B&8b|WU|ph?FgK0#-*5v(hYvnN!pVu_9q-6I48pEZB`&Wj9KWDsR(xFI@tc@kBJ;o4ih;Q$fAfM!{|BMB11pq6^TnM(IJ z6mFdso?}^Fm=0{}6B@Q@l4jWeQ^p7)1_ToKS1ov7gC0Bj1J9%U`UHFRLigU1%&#Dz z&2i7Oss@3)$fZ5v+>6178bP!&;Tw?H;Spo@>ocQ))`YJBWfP5!RDD z!OolB>hq58;4Q}IR(HxLl0QTb^olPZf0`>NEjRakde@J$OuMwFPeS^_cSuo0QL4nT zE-V`V8{g!v67AF({xPQJpT7MKSt*^?X{KFzNT0HC!jJwhd~Ve7coa$kiRp6=0?8+K z3`$M=6dw!U^#s0c<@vAnw z5;gb9lO2?eCc#j$dy1;kAZBmaJkcuyt1ifi$T-5na50MO@;P7Y=66E}(xRi`AoEQM zZslXR3wpND1cXJG;dJSHZ=g6Oo`|lP9W+x$@txx`n?tXT+?C_5+Dz#}$meSvs{#6Q{)+80sL+^2!C*3ubWzg|uIbLv?MYHP$^t5I#Dv^nJ3 z`GGjp%}Gk22lPjaq_7v`>3p)&u(m*`7_{qSf50nVIOv%Y4VXL4HHxO$4sM^)#)ml$ zLy?ds^VIdZ>qOCD`Q+J+$_vL+U3?omd8~qv-~@)^7)}GGUC;l}A*I=ovO{MRcdCJ= zY<$vQDA7Fdw9@WCt}Ik~j*_wy3Uh#1^7FM-MdCnOpuF$&VvugiAR(81b2|K&GlNOg ztH#FFrnYZsBds9za=!;vpQYX#f-Ny+znc%pVl?;i)vMdt=&00-(qL#k+kP9wB6PHS zO35}#3Sp4pSKD@+AWE||M}$eGB%}E3Y>)g1(Mo7R?P-T9PuC6G3)dqRp*TenaJE`A z1Yy_2In}E}tfNT9bwEhVWI%=46nTbhW7o}T6co%|(KT6;#4_SeEbE=-DE(ka+k(np zlOmihItbh%bGl@3f)U~keLs&Q2uh%Wnq)NDVvT#i)G%(gdZ@w#qsEdo+lvQxyNI|A z6Qq9ZD7e(Lh(e5;tVcVkke-e&xs)X9q@P=i=wZNQ2{2A|R{7*ImXc_7UE5dTbo93p z>F;xbVh+(-SQP4@UNmn(U}j(iH04cV(SVs6hV3KAz0w)nlS)Qh<`#JEx=S>ky4;sR znk~3}pNJ^hE9XZUl4Y~;qjzCK>2H!)cjS`WV@l0aS3WWGZpt8pc@Yw7Mee3lx<5T&%u0Vv$C}kjvc_j=(yC?l1`A;Y2(+ zaTBJhqR)iZfh7?N^LJE&NrMd`l``J&s0iZ>%k>rRIc}Uqh9dDd@MKIW0j$+(HtZnxLJ#dq)%DM$hJuToOhR1iRKI zsbH2*7=wiuM)9EQ*>!&{*J!o~%9-3nnqdS*$x`8+z9j%W0T3@(ajB40QS9CjH zu47caf#bSX-%N(_Gkb)C5(kp`I0>e_SI6!6f8H|OzI*M65HM?()D!7dBpt` zyoENw)fdGNUkgRbnAqWxpc=YH**HZL1SvXUnvJyswkYyfykgJc7|8~6R?&XUXBWe8 zwig$2*%HT_V>=aGFkF1}A170@SXm|@z$#f%5ju5DugMkxbCMf#R`CH(YY+WtzRr4FpSBG zjpF;}Cf?sbiWu1=ei&zII^PX~1GRHn>JZAt_gJvvn|(XHSd8JOHXTg@!yN&+i=K@h zKw#n9v)IH%!S7ChV@QM4kH~%dH@ZK5_D<1n zoc*httJ^RD*y?2xh^845OT-j(^*96IkvuHj=2eq+7-D@i>Hc4onM#|HoH?*EbAK`5 z8_-MmRp%A_3+x6)QZ$3mBq{lMbDowR=iP`@z&>DA2joMkuo@nDuhF!6izAJlg5Vc0a(Mn-v8;cmm^3$Y+sJ$ zC+Vn7Y2Fn#t1FSc>2x?erF1}oQUec22eW`{-|v7I!C9tuhzm^kd6c~FCgFjFslD{1 zGpQzMut+TmEu*}mo*XpWEl&0v|gU(o|*tZ>hkyO0( zmzD!wmhix;yCa$>$pRa?Y7~qL?>Y=7!1#29*O)_j$}TpoIkD#|PqxS#6l04FL)NO* zUZ2uLSuPt2L7%y0QRP=Ig%8+kJKie7nL!i{Ov)D7hKxrlV)RieXM7#P2sMe+fTAAGk#3@*RjK7n9@)1=hba^Ctdy18gr?D>W>^f_(-hg8QCCldr2!H+cr?!r7le>xg zL%57`f}bP1xijj_h!)&CX8ff(the2ZnvDx3AMnJ)))avV&3sq8C0bkUzF5xlIHwY~ z<|K^D+5x1%ON>m3SS^IH4{#xlFZY+ux(r@}1(<_|;{gNd8_2^Yu&4DNhZ%gx7TXOA zwI)z)^H;Vu`z`j2B{L)_2~`6(7BOvuXeU&}2&6t5iLJbF$X@>G zj8pWI?WchS>AW8yZPOhQwYTV+9*=TcZ<({~3)y(AvLfCL4~I0ph$Bn#W7~-2omRc* zP>Z*No7b6A1_x1p9SLR@!&U-2qTC`2eI4t#nUQX?yP=M-HjODM`f9I_u=3Qb4;M<7 zkA|PM@D3)2F4F^cYfiy0%hniNH+9mj)(T98G?{H&7DMtZNy^^2VZA9+8fPCDeY+(? zZRGjyvG{i@)$hAmfwjx>UGf3zSS#1KC0qt4;CRcjT3~hGc$h+$OKAx#&7UEaSAcgWXJNk?_IBH(S7s)L4MLq&C&fVsAvp}0q?j*fX`)RPEWz=Mf z%4WU^lJUw5o?{uRb^?K0d6btxSJu<^c*ANbsN@(SZ!vc1)&IjXDDO&}imT2R|;Z+QP+lUaAH*`$_J8Uy`7JVhy=LR$vy=)>ksCejFR~O zdb96m2d~G$wtE6>0R5U%N#-r#`(2*w=DrZ)Z1Sw_Mup>@Yesq0NDIN!()Ed0R(Tzq z3x*GZx!6Cpw6uTqXLipfg5e?3|B`Z~rQ!yRidP~Cln z*>#NEulUy?Q-w(hl(fFoesw&l5cOiV#De=W3m-b$J&e`>K(P+s^74IVydrO`^ z&dYMlG9 zJ5ZwIe2IyNV&B74iWw$TYb8bylF}`^q6<8p+J;xAGAbGT4>pt5`3p3Gp!&8Y1e3^( zKuw_9^e)Xh63bHcTJ5>@*(O0t*Hn~mzsxQw!q6G-LI#s6E!wSdh*S3Npwxq%X0ruz z&N={)F2EREzK;7p_fT>j@;1*UlLMwr6#uSGlPJy#257ji09I6kv>1(Ce>hpASQd$- zWQ|jz5K}53!Ac|ZwgC4xB-K+uSTsXa1lyjaNCIoW4~`vA*AWB?<&I7*m3XFGJC`$z zp2TlgEtt9ub*#RlQ!icJUtO}T)^+Rxg!Ef4)P`4Heyhg^F5pR2&4{X`d*j&eWkx>^#&Y%?TNj2HV;QMf$08_k_#rRP!Fat*lGM=SS~ zfCZQvrl&+{YRPpFF5)$|mh`ekNm*HW(N+p*$fK58wHQ*Sb};XKf%RW*5ayY}drxTS`mXP^f>4`3_lE=OvlZv#{NwpbDhT%Y29 zu`OH*(_9G^!Cd}Bhsv7!zg)73Y&mXsVPOu;w-8>&9>!&yZ8<3MT!=&9{cJp)YNFVA zm!!C>)M|uw>)+Kq(h`2qIq+4XbaRSdT;hmA5i^|ILPo$Uw=aXN4OqeHH{Z-p-ctA6 z5Kw1!Xz7T8I}N>j563AQVQ5-%ldYKLWqc%Av7^xrM@Dw~4Nd{@zBU!>H&*4>##leU zZ?Hk&DEo{c<8f}YQr3=NSw}!~gBkb|)1G&@1ZQ4ZptE5yNr?%G;$}721jfLc?LNx~ zdfF;WR4fi8kq!OvM8VdYH1f5gmb#Zqi6f>}MdM*+->l`oNwJlq>9WOig0IIwpFY7u^ zYNnU?yfTTRqAFO|p;!>I!q5xNy?)5ipk1AE0y{H;p$3Mmo0W3SwZs6Y&=UJ8p zDkwOo9C_!|1sy)US>Zx419PXBaWFP5QnG&FEt;ZCe^RSCz-K4GS5Wka@yhsdD35}e zE(5M>T$j$uQSFBLVJ(@K+m%wLUR6aPOVb|0%W*mtU|Tf7$&7n1exthVYoWaKFCfy( zCmaojZf(5aC_G4ulI#@q%#wB-H5toqdX&z)?PR7RtGd{Z z4&F&$=RDX2UCIjfD`v}zwkQ|a1})=#B`3Y&mnp#=0Dp6Kt@i@Y7#6d9dVoQ0Z2@Qa z21usi>-yNvBz{+^IaOR4Ug7z)Ry@mK=t`5*(>6uyblrnk6d;GG>R%T_@ zK7II)&iv7(U4lW+T^d35X!5kBUsgAyGf(zV56-g^!Ex5JMTg_1*^9`CoBIL!`Ih)8 zt#&y<}Xp@q}8j(vSzIzw#$Jp#P$4#(zOS!0qx?mJep zYa=Ks1K&_YhGl7_BTs5;%n#KIDHFOGDVJd}5k|1jj^(d4|Hf5?6Tx0({+1PwTZGT5 z?vme&&5u-TQDbmw5!-h?GN9A~$CEcXkrj!xZOHWV{M7}*c%(yZJVR2qj21^$aim#( zvS&4}aTPAty<*J-0H47_5YIO&i7YRKbsdBHyxw5?z@+}}z_N(t6iT3s8 zJMn)GcH6VadJpN-@qy^zf=cqdf`K!iod;tFfHPJpDzo!b z)4iw-U5_i4w`An3TIbW){n6IKfq&S+2(1WMC*V>9&Z10^8fYXfq;_x$?v^^OE?Hv?ID!?LGdeze9uXFriwLA>G!F|Kp6}{I4H*ly7dA*RS3pD+2}GK3q^4z z{O{65N<5U~(^gc;$4<=qmROlBvE@ORyD(9bhLKh?+K8gCQIzmxRjt?YQKBYUovqbi zqyQ5b-#PjG*Y(&4>rO0d1tFpw<8KayI6w~Qe9;W>)IeAJm@-~dQtq0wQ!(J+M&me6 zX3mb17f%9X{1&}TSVSvz{KD@EJ`WsX6zXV3c;-5v|Nm>EXfDBfbeifb%gQC(X%k!f z|HFqWN)J!oScSTVBmQaq#e&PF!rJ!A*n z+0CF2axjOL%IXwG7E`8|<@|0tCD7BDMtkQQ64T{-Ebl2i&omniT5){jnk)a>f>Mwy zHHGTmY0Q~!T7P}S$*PSWsk+(0sXWW_9_(aG0Sj@O=exnGI4Czx5n0^g&2e0qO)kDUX^nJwLDwJ|nH?=wm~N zAi+pFgnpzK;h{=}{`3(hpl&2q#iUpbS`g_~*<|JU10Sw4Jc3FdBVJ$W?XtGJ@E#xV zV`=;ka=ZP=fF9^I8-fc+>&Wk`IC$-4JM{ac_1@_dh>UaWJI>7tG5q0IYPA`re$*4V zw+XQ2WTS|~Xfi4Y?O$g);96rChun26QhtJ*HkV_E=Ys`fL-dD@CNd~+xdDSa78C7O z9~Z>8!Xh%;V7;<7+ts*GfYK_U=rnJ4y(+B-$_2%U@QvV#au@nlthUH?RDX~p6w3=j z+2DYayd-NHmL<`=-7Oo`h8>Y=bRcADw3{=!_LCA+L3;WDd1{ormPzzY~taIFRX=4>K{t0Aj~9Zs|jl`B2&F*joZLhixddsj7zYICV)vi`I25h0rdbY%xp`IUdNJ_YF;J%Xb$uwL9OYmGRh22Et_X zWLk~RV0Ivzje4!Dgyb2BTmfsu=B1@e44|n*VcbC{4gj?UJyPg4+LtBGZLn6LkwHtJ%W`v_RuP3MQ{Ky z8;&K`9AiSOX%J36fj5!Wf}C&y0XEx(w`!+zRR-_rL82|`$|^C1^yl(KAU`hsCvX|* z+)X#_oZRLZbKRrhSoWYfl6m%I-KkCK>{3HPo9ACoXHHGjjz8Be<#F|Ox0ED8_?y?? z#1RYuz_c2@#5t*Ur0i7{3eCPQ)ZPg3Rc*))fD1-k%U{mZb36$FvQzxE>brQAjh3Bw zx=vLYPrKR%PI%4X5e>LqjikR|`D&n{gjgz)mVDkinYjB!BeRml$EX6)Qh<_iFT8NK z5MY) zy$)k8>?mF}XrY{Q%5eL@!)hsz<5`tdfHd<5gecyqcEE0{)vQ&zFhQfO+A>|prm?RN zdV9ik_qU2R2rwGMB^1yOyF0MjEDt(4T-n1<^6TMt$bdH#fb( zCg!PK%gPBuW;u?fUQ5F;*ig%dnqIQ>;b45%5(v5pU`V*@mZn70TV3rM2G*BDFl(A| zkKB3y3LjD0MYj0^R!#6RzB>w@L$L`G0&dV2HIb)B4~*?ZC8ioI_`CA;nD8v+`KyiR z#EO#dMN3x;L7D`P&7pRj=l40!-a2>y?XU?MGq+)SdI%>OTkhm2sMiiAr0+Od>>A7l zHq*8^iZJ$grWleeDc3e+(I#=-b#y!H)$Pjlqza+nf{D)W8+$x`yWsP?pdUQ~072a52Sx-RSx$kWuv1)d)KYFCRPGWO- zCvo}uP z`rFh0RnIv*?Tgc&agT}rToiXG|85?7LcZJL{ysT?JF?Y_)w+M-G$E4k%)k8Rb~-@Z z2=0}^JNplE%deDEskHIePkprwN+q z z$1|1SCJ71sGfVXr!KbrWSnODejSYmv^7ugL)dAP9>zPM_Q@$-?$8Eq!*me(ihIQ_;Khh`MLkZU2>s{nWD`_Hg

{((>2{#~@dzWO)WUb%8VSZJQ&u&7dR z@UyF0NIkPA@Z@d7JK7!u*{%RXVZi!f4$#WW+PP9{J9-I)2!;b&J7%%J@|Qd04zuOg zceF3y#b4Yh$C(r5@SN-}s8b_tP31&i%wi=-iByD&@wmdoxFx(Y*_Pvbm_aIUt+fN+ zRTruNOSvpgFe0^f4J}vNZne(dS`IV7MAY3Tv|6A(v!4!loqDhnZ^q5P-rLoqjTFOh z7%tNKqV@{@;M3Szv5>z$(05#~n9_L!T$E%{6n;3JV*UDA0J5Z}8IIQDcb1>Zg}qKS zXQr6xdbZr^T?CAUsd=F}%3EhU6Ck({_vg`P+sj%9m^+1XrCKqvo12Q>VGpx2b5>d= z;ic%Q3^f=MLor4|FuZ8Zo+Bf)Hz$>h2Q2GXaIYj^Q;)H-C>aToF>&>v9BoBIMK!(k zuFw6DIgnqtF&>A(ms)RwdkMQ9NF`u{wg4Ofm0->&%8>D7sPkc6 z{!^ z(&Sv<=v7K)Z-pD)`D|jDo;{L&I1OhS%AZ#b#)Z&U!gSh(#&S%lJ_46^bG#Pr^&{Jt z8+9LAeTE@0LHw04e>~Mtrf0J)OGDp(?1D0j)$S^t@1lWO0NajS!aiQiGrPM8CMm9q z1aw@`^>8i8pTdB=Vz2($zbK1saf|d&M%_8ycW^{r{p>X#?GNPOw=NWufY=lcms0ZO zYPH^jNzD(!fI$1PRbMAzxZlTBFWm-88D+)`F zK_#b#T{uNxZ|*eS#8Ct+%T=D=|MKqn!GSDDO5>)nD_dx*B1YVCigvLL13xLilfY(CO}ma~hQ#1k-ECPd@>~{^nBz@t`l2 zfrWj=YinoIUj25h4DZR~MW6ta9&hyGOvPZp_dGv>p%zpGYv#pHp9kiMU-fF`7*w5| z`3*0=`dc`li#Rmch;U**Hf@FGI9&nRFy(7Ro?OM+EI zR&YK?p-S)wgp)f{omu0mnjQ_R)gi5zfv4ID1yZGwft!iz;%=fvI!b*q(M&7+*$NjlSA=}( zZ6c=TL{UDe4`cF_a*C=R%NGdDdSPWnI#3ro`A)I?g29XOi3|Pnq2FHn~oofJc3i4;7zK2FFL4ZvS4mfUqn%cfIEO+ zN-qXA={(?c)P_)=ORMx$ubP@44JYH%dNOhG^wD?`WN=Evs#l3POfnITCbAS7jm}`p z#cPDcyGUi=8>HHYKR+E0a>O^;Hgi(p+8W6Tf>h=lYD3^T!wu-t0q(Zjn<#M53q`Em z3fd+y8DTcbw^_n_ z6ga80y@rA(3k`B5%<(&{*jmFtx{UTUDM{?AkP_noPFY}6-=GKr1i^avAMA5ryDRV_ zM^}me7V3_6F-$&WvkwK5|^wG&wNUsIFj8>jF#SOqa_SNb;;Ttbn+5Jf`Zht{=jv+UQDJF`KJ9 z9vwSJhrB{nQ5CC=a)5QR-EbSh2#Q|^CPD~`>_qtj^A%YdnHsZNcZVEbdB8wO>p)ZB zzwSgbLVdEH9*}j@vcAR8x*MggfWT#%W{m4pn%GLipS<7i|8T@ZEXYfpcjd8S$Mbfu zAhR{1IC)XsvxCCZ1prTuc%%v3il~|$1+Ek3eKeWjN~eLe>~>A3*LwcU9w&^kY9+TP zq$k~nVHH_jhhebaTYD_>0C}w&%@E_QQv`^<86v8S!nm+R?N6^Xw6kKTM+zt80zxx- zTT4+q<@$?y_vt6~n-c1HMVcrlk#)FL7hY zH;{m0c?DJefIDfV!_xoY+G(zJlXl&|sVDVx=d|8^5f)zG8zdgnjk3)KaS?JMVbj_H zE14#C;aHQ!%@Je=7qZd$pu5EEi>v>7cQmXsZfipxIx`-Wt1lLop`>Pgrp(#(Cpq+T z8}Ya2b&z)n5R94eV;m>SVBfRFy^^kCZaARi+1SL142eQ>#{I8g9?XifN^c6j^ztY1 z8I@X^D@2RX@XTNQAP6qw51xZ zisfGO7;=0qWG=!Ua;=j|Q|0-K_xEJnf~rR$jFCswrh>w$nj#9Ez-M~r^fT@_rjV?Z(Cs{*eG0kWS~#{w7qU1eR9`F+aPU@@c%3BhJGY4Ezy%D32yS4n9n!Knd|6L= z^b`{+@j4=e)r6H3nJ5NejnRP(Yjf0w2q$SVWp}fNbAsnM8b|!`WOhK*GnneWaY%HO znTo1%YlEwsXD<%pp!2_`9aXL+`fLL!Y0*b*=37Z?$|MMKQE_S#hBL{uA>3esQX))3 z5hOuZk_gTkPBfb1yub=@AYwYz5ywyjc^Lh)t{y8nQ^jVEK9^YG2PV+eBPSP@l41|U^NRGFlh53W`Ow(Y5Q@~=_c)8>K$%kT4w zMRp(C^L~HzL-Adt)`EB;akRp-yrh^g9$qWcYbW-w8}POuxeMg?qGI!L6bj{ENCqr} z<($}Qi`{hT5lS!&&;q#Ud&!%W7xybFyG8Tqaaj-N|xwlf?sd%;*+| z>+(N88TJxaAW4KRjY5wP2PXC`X>Ip z$jm6+1K#W2y8t`0uhMYmayS&Nk^0(D`{%PYEAg~qxY2H*EEG=G+SkF)^zOF!HdZl) zCTNOyz+^!3YUdJ;g#C+QtSCM_zs+gRBBVD?DfF4P5f~np#>O%<)t5q6xW*zv@dX6M zPy|UNR$!G+Mmhus-0@c3x__LFSf0q>m!~tVTNOn&#|T>I>OKe)CzFN?piHg-iri(3z8fs8Vge;zzSF~am_ywa_imY<~-?xDsGhIrtyxv z=%#U^D>*r(qHX919|bwQy?uSX6;4gcoClT<>hGa*08$OuxK@Fg$4ZL49o7DlkVJ8B z%XZ&8y42s437MQ1_tWiph1M4(r0U??Y z2Un=B`kQjg>CHV9*KPsa10&U_+(I5T+?PXW-TavE}UHvka0V0h3=Vgzg&FZiOy zCI2shSz-+&vJH~u1yNF5)m9YUv^>uRpkie&K6t@x1tX2x3&j^=Bz@c!*&FPIc)lFkthphD56v-`Nkyyo0~0#>3y==tE0S z?KzhRJE_D3bxIIU>4u`V_$Nd0cc$zd0{Id<;(ssY176_ihOZPg3t}LdbP}D^@iv@L ziMO0oqBo$(Z1Jlwh6$Qv-3UJ!14mOBGL1B0Aw=ZE(x3#YzKSS62z=|b3oV_{9FLB^ zl;mKa#NZu4YPq6YBvzMb5<}WQ|3kXpwZnLf1ZSXZ8c%jDFo4>xpHUusmV-91A7z+m zFBnXnFCh@vYiM+GHF;^=L7I-m>gzuMVEeIiN-NszwKQtGnm3BZh!)H3e~An67^vU zkv9Xp{FULx+S;JosW|F|?sS*xciQz@t+F#6Md8S(h%9h^`*#wHv$NB)0CpJ{q0sFP zwYIsiBYj07?j6ruOp{%TXS%g6Ef!g#d!xmOGz+&cqA0>w*EDq)0$CKE7Oc=);|jB7 zY^du(+e?LLBtoiPXRsR#nwWUQQmoZw{(=s}r9#RP4X)Kg^EDlIg3_H9;d@sAwil*x%2f1DksGYLLXq`D* zY~*hF1rnaO+R0VeM8dgQaX zzSOx2BbH(3F%$Iu@9-QWLl@}$pu;S6*vjs=fJJv$KtTm6q}P+WdCDk37~fylI7wBb zZMrg87gD*{>{F*gh|q$pNxQbfimFC|A;Oix-r7r#l=fbV3qTY%A8K@a{RA<$GJDis z-0RZtUB~QxuiGeJU-t;!t=tH>fqgNZzRl$Eh|QC2Yh?s_S}Lvkh^J?S zQgCO3qu0Irsr6AGQ4wGkQsKc62mH2*HkB74)S(y#HF|~yn5MlP8J@2RC=xF+RJOk3 zaJ1L$wwo(05LgIhLDws}iN`(AF6W<}`&FNI-LNs6G0zR6;(0zXv$51daok0g5i-jR4**cs{S2@xb8 zHRG-bqG2TkuLOLH4MaUiC%d#DTFSC25Xf`R3D!$T+bmV^W?F@d4c6&)+q2?A20-{3 z);Q(1Jhtlr;fQf>-@8+2H0rgQMFp@Wgi}&^!LHNLj;fEWZM+xXLBelCMhFS#Rn#JZ z)?XuQ-%LSp-U=;r6-#f)V>s7)-7B-rlzs=i&!H|AI)!#>)#?T%T8g|+vn>G@?edEI zWoJs9JX~_hZL9XWc)C}ZKb}XY*YzdE)w>DYRri@&a6jRN)q*{Nwx26oY?NJn zt+q&{F$~AC5Ej z^&TN{_5Kaf5ynMB0ANm-@Py87(ZL_y3OK@XM)svr49h-7Es^y%?O8vYSkL3)^R2EE zLEyk*@P1X>FUJ5?R*COeDsvjPKd8*W>#=3O5auEfI^LX4HT^c3iU`;}L8Go=KlupM+gDZvF* z)&1q1_J?bW#z5%3EDFKWKhXMwZF?e-hH87`@Q4Oa4-bAXdfZ8=y<72Z`1mlQjQ`=jYPefbBYAk`X&YE=OMrQbE)3@W*0CET?#+(Ezu)2eO4 zyI!v|8P)#R=QftO7;VrW4hHD;v&913cjGF&R6fJ8i`X~3s0nQQJikl4zgc@PdSrGY z$TKXDfz1}TTiN)+y7jxh!@XX+i_qa#=Gbj4g&!jX^C2w~MwizA`_*6i#Q;t!p+M5vy7XU)hsC^G*|EE*cW=5_0I9qH=G{^h zSh!PP(e-b1aV(8=PIs!g4B|R2cCiFMV@S>h$jB58SWKm}iXUKAUE*v>uWnh@!~Mx2 zoj*p><6eJa(udyjE5Or|RZP||iOdp)!r*Q+|ExY^Kf8@1u}Nw>VVtw?n|;sf|6lsy zh0B+boKmjT>wuZ@@26q+hQjIU?QhOSlOwZ_b+j3O)^&Svw87*X<}nD2>5HxF+v+KX z5oB57#T(yS|3T_+_TLu$#ny*O9E;?=;Fgqn>4uSOTz$*tyvRA5BhLiL!W8}Zyq}9# z66C$NG%c`@3_TDU9V`2l+`7x+2<@A@_0BPQhunDSFG`L=bX&|mrSr0eCTXW(tquHW zLJagI4aCI;dQ$q()v@-S{S@_mp;-EQOSA7piht}_;=3F8=E6W&JK^RBGm5WA{KEKL5TQz zEP98mT$grDa2Q%o&6U$-3M&#Y9$% zD>%sj-X^XQSrR9RN8>0CeO)B?E9Bk05UvfJQ6B#jkC7@*Y>*0)qA`!@Mbo2lSnov@ zNx(sca7pRwbsAdc!0t@IT55$0Bc@KQM=LbC@cG!axk|lJ@#3OWqH5?bn2qP~f*}e3 zur)nutv(;fjnIbnJwdLa0m>d3R*=1_5ZrPHb0_M2pg=G!E6S6E1*0ltLaC)>cqQ6H zEOTc(Y8CxjGH=*+l_@?sCif**~SIz-W1tc;bYn4r(2}T^+D%;t7ToP?| z&WZ>XM0*n?_{sX1%yE2$K2w`Vd|=1|sAUI&7R1t*sGZ%XziU7gYhp5bqaR9yN9iWy zwLK#I?+}o_YCT8Ac#g4gDUR3_;cd1|`LV;q^d0|qujTFwkgngWSx%t<^jnz6v-bZg zZDRvL#RPE>C7k{IX_;C|z*mXJ1%bairXL5c6I<(*cD?|>F1|0MJXh?NDsy~MI?y+1;q)!PA6CJ4~mn{ac3`uB}?H!wm)1F09+A z+J_wNqhx&GO9xh0?BXc4-xX>T?HOI>K;3nbPuPWt<0m9mA2pE;lr-d+{or@{D^iJq zDM{KY`@zd+Ov=e#{8M4IfD6xS@G=wu>B@b}H$0N&nBl>0PgG4^_|t7#ml}DS#q=&W zpFa$xt8q=pr*y}++Lv%(GmP+`+DjM9Yk{v+Ua}PIMh-GVHYMHcfAH;>r}Q&Kwlpgn9{Ga<*}7S=g~oCBUnky8o%FVwwX)m`I@$65 zTDIjG3x8d&Z!a=hL%ch}T9j9(3Od^1L*EM{2fUc=g9HIx!CvD}DXD*jDRG6diar_8LYN$U6sJepqt?3WGyCB6FXS9#9f3cUqVtxSnDJ>{$wuF|8 z`TTZ{Jvv@&s#(|li`_-hXvx6f-ZvAlxgrZCy1)yhe}wIZKS9&kJA}*gng#!6eoGou zNmNckK$(OfO+4zdNWJQaovJ244(ed7f0-<}1XoyD$8~GVtj)Vfvny`71NCYCxkAF4 zO){MB%#pClzwXH;kd+YZ)bY_&d8SmN8a|L3tgQ{5LnFgTrMYPV^-fKB(^9V}q8(}E z8hE3g9Fz~Uk`UJ`7TbE?1 z!D}pTcpt&TBkn&t*hV-{qkyM{hW_u0K6KgX-_dMIKvA<)dqK@{J81QbBfF631ZqVj z3Tl@Yg9G0)rImf;Z30VS*wG(R(`?EN3)gOk5CRA8ZrigvNvVPe6k6?69ATgaRg!eG z7sqcOP+%EF3#8J$3B`@UHd3K>V_D;+qh)Qkc1fSZbG5E-G}J2Pb9x)zd^+e$aX#CL z{1GXJw^5xoyurK|!=>`?+B-M?RS)CF`+uSUGz3r4VG-j%*i1EBb9^rqws{LzH^k`zA_i&rOQpZVkg;G4&J{yAs* z_DkQna_f~N9nrnyH4zQ^m>&nh5mRn~UT4g}15W)V?o{Fhg`EOM%Ph~E&A4E2bz4H` z-ED!5jvM32Ec4$x+r*t?U3zwMH(q<&{@Qj9S&~=Kpf$i*nH*cgfEQ}yY~yq?^fL1Tv$Pg&MoW>ChY9FYFGRR5)g;kKl|GQH-*0U zXFI-5>Q6Vry((k9>(OBN3Hq^*9pl^2hL$>xK7j({9`}o%zxs{#=k9)^_!;G`dMG`E zB_-u-kGmW8f#H8bpYBbbo-uN5i4T*eKrfxHc~po!+VZbnT};v_)JY8VV!U!Nix&z- znr7=SV^;vUuQ}mc%gbKBZ_x+$fjt=Nt{wHP*WJr`$>&?GPNxT>q^$diKQTQ@kf4FA zj~&~6oqr!hwV%jFG@H#YF}u<>WdMKl=wvXU)WT{7^=DBlcVd43qHBNsOyz0w4DfyF z>Ac32dv8B}*+qZm1^-U{h1*`s9`HV@p^1(>1-;mSEh_ZHXaBnY_RpT;k20kJTjC>w zrH_4NLfo#fT$%iRpLpawKa-Ou9{cF(;tQi{y2$v#@PPoY%Ly@WE?@13i%}fH7TD5s zRE%P*WE7kDl?JL>zI&v$XQ}AK^$PCOMP_3co6-#$eduKCE&tgzpe3I>yTS(d%YcFVf~R5_vF#brx)ZpmmZY(x7TVW`-D}0;> zc0jeUnq^^BThrly2+k-|X|s(HeyT75>bSFZ9?yPmKMyZql^~HV__+0F+xhBR3P5e6 z)NeS~)crl)dTpXWc@K7<2Y#UEJqCgIK@ucHD*UECuZxSiEZNQg*jRWG4MBhUS92&Q6`!N}!i5 z{U+lqsG4CJLbvg;H}7gUHHiLL2;`r%l5X#B#X5iM|6Wu0Jo5OH_ntg$FnAxx5~4mm zw)9tfNRbKv^>=^udcGz4>PGSn}fsDUgY`G79yI_K8Ou^ zqXnmXB5=sS#HLMG`A&TT5c##a-w&qW7k(`J`(s0MjUfUim!ZbSW}c1wt%k@vlmTp~ z1>?d@!o68`TA?D`$`M#*p4&vHhx#ZL4Cy;_fwN@!{N$8!`&nP2k$Q+DwB!f3myqW; zFcV&cU^qe3rPql)TG*kj_0!=6TS<^0xA)x`a-vpl^aMk}X1RLu?UUj`vA74@C)Qt> zPy@2vX;&p%(n!|2ciI`-k}s^hbb(9l^KfJPJ{6BQpq|cMB9cN`q}uSp$|H3J;w*;&dP|-uKVHFZ}6AJ;@&LE;hQ$IbxWs zOtlMhMtINmF`>Xj7+zNRf7+#W>1mNuxvWn;ONOM}c)B^zYU8x>(6+G-5|N`C5=P_2 zojcr^B-`fVAua8CtNHB_1FacXcz@zVhmf~I!VHUb^tH5@%3g@mOyHp@3?x(3)@Xgg zvag|KP6Efb!Ps%Oy=o7Y3L&9PV_ATJ%WTpb&lVnsUJSeIZtBQLrz#hU+#0?R68qr! z`($|D1vwUf*!S&F={$mcsJd`AF<&k z0-STZ4*GPpdMsax9=ak}9EC6%V1TFb?7M16;%#HzvY7stTW+4R8@#x(78h)DmKW73%}>_?z;evM3ruiFU)f!g;Q;`_pG0r5@QLpkPlX ztofb6aJo)-H3!b|(h8H{cI}xTtfM>ivTVe>hgOgoz@K|sofYlAM3T(3iN^pk6=#7t@=C@mCFVj z=HQChN0*b@7nZglxy^|%0GVtHnH17O{5JJk1!u>>bR4JMLNi0eZomnJ!4L%Z`!LGM zq^_t=J_{07wn8IH!Q&Oji~GZ2NexF@8S@E;$^0IBV=V{OnlP!k4=01^I_2jj$wzEP zkZK{Mn*w91?BPWy#vNf|QsMA8`kCFocQwIPp5C$-vV~$k&T*2S*Kxu~reT;8gV$O% zH$+bTq6GUqsLY+4(KfAXMQcxwyH>eE`?t)Ko$_EpBoVL*abfSOF$+fq1?U854rw^}gz+hsg@oe)p z-kFKT!)PoTgRS6Xv;RLMwBnPGT7zs_JGLAcB1B7-513WnSPXVgd_T~boB43~=@3zP z3T(DWJ1X|qBZiR-Cq#8p4#p-zFv7ud-N-t3jRcKRef6oQb8MM?mmf-|pep|(J!@j4G z*Oz=nBvTj$_RFeciverDYRk;(mxE#P{ih$ecTlZ*q(V1OJ&^vfDwIlsq92`y?y6mY zCPtbMrxn4N8x57XKivUJ^wi4#5kBAq_?dPQ7DI&gR%|aQK~|Kn;+UXXu1Ym4RHRP5 zC*!I^z4$7j-aC%!YoAFY{fcR$o{zuBUHi@pY`;k^~!{sop~^ZmbWC8E`Mn<(I8{H?E}I-wf`|jsl~!bu0eS!EBHz z-!rhf;<*`(SblkXyCvdh(OVO_SvIuyt-;~5;_5NC!uTg9Kp#_yRrFfB>AHvjs2&9L znxpwvrE=w79)Gr6LQz!eW;99TE5Y zHb>EDKTgNJ$!LMgkU#dTnFt+j%brh^ai=WC>^FMf7U^mBz*e%R0;JR2OT%#*`;zOb z$cf9}T2mvby(=)%tH0R!cI=%DahsT&_7_|?J#cF-hZ{`@&WjkO6-%X6f-2i6|7&aC zL{|}wp59(LqKtcYKX`p}9VwoDDIH<^?k<%Hk>DOQ@ndi&=VE4&O?xBa2Zb||QPf`A zRFdRVAYM8qDp=xGoAPt6>$tmHg`9*hJFCtJz_57JUCpS~&(xCfz`dAz+^uJ%GvE$eOZUlb4N z2bkcnJ;T;-PFdij|Cg;Vg|@?&jXS$?^Ae47VcC)Xn{Md@ zXG`Uac>w&tiwDmh#-09b7URtyAouhxZ95n$yt=e{zYobCC(D(c$DFBM3#Qx{l)zo5 zlz;8zUO9ip(6pt8&Ux`pF>QS}8H_%VHFzqLs8{z^eDHhdkR^qQw%uU`)9?KyJ&Pla zLxZ)hUpe;hAW@PnUe6YW8cQc{UymhX4;l ze)2@pZzv8?x6;iy#QnE!MN><{pieC}TCh85EXFR@OQPmdeBM2;97ATBPIho1&@6G) zH+zlh4kgh>`gd<}EN|JW$nyZ?qPAZ*KSi9zT9am)yR!bq^ptlrTHnwy$w^rD<`4!|h@~1mr56^k0Cx66A6)8N8=PBx;T`Zhk)wpuwjXfH@QGXIn z#!DWgUmEx5GGu${eH(p=UU+=Cqvva{r}+tNLqpMm_11FnkDIUd%M1N?$)yv!-M$zN zCm7Y)&*gP82<(IZJwN$wwhy_1{5MsYr!uZOgIG1v$vvWr_USi@@M8C7!VGZ`Lf4j> z0Im$;LE=U;C(G#Zq^Q9~QOh^F7xm9#U!`OvkGL&QK0SGJsAtLq-YsiiV$d#lis%Yt zgqX1zO^_t9f8_%QGwq{N1P-?<9epr$kxIy~^+?H#)5C879#b7J4!mqLUL}`b!NFEl zEPzSXE-#8ZJp^8cwFzExQLq+Ph0He6#gN%#{63nrNV#^|%?_%1!gjZG?jqei*2WnK zKH$^U$l&J7#G~?GUH2OKX!DIXar#pp(w~!bY(&z(_aa!r59FXqJNk;xnBR9l0gud> z;^1v^?;HSiY>_(BeRN#2HjeWv^{ImW0neQKaaDdl^f>mM_0KEHPqtQ{o70aH)dE%S zh^oN-slbb*oJa@z#2w$8{9LqSd+6F7B>PR;W@&ThZEXkMb=zC^<3T)xbMTuKjHN8s zpW;4p#FLVR?)3fZlXu5G#(eucV*a29Uo|N?#e4W#d+U8_LQO2v0=7>h%nD})O5HSs zA8v1>*Hpp=w>-N04r!6-Txzk?I)|<0z~`anNpBOI_?pN1-RJyw@4GcZ_{YZm&4Xv4 zZ?hMk-f!F^GGDT5X?`&+gwFry6A-AABOhIQ^uml&Xno6+zNa4Os_acKdPN!}08)cS zMRf-aGynF;n8+ig;E)|+3Q{Y47KLIT{1 zN4r$#AT<9E4Lho}9dEUlWj(c;9@lM;#JSU2tF@>w=iSC5n^nCfzW(L&o3DG_mCvYY z>YI4umU$N5gBP~S^9yt^nr>4>;CYD`L~#Y7c_joqhNexmZS9?bIaOKVDHonUw#+^md#c&VJ? zTW1p4XM~t{{?LyVDOtO{Jxko|jB)|V!U$=Vb;I7t(>TtaBx)+nmp#Dz_nRzoj#`he zqu;at`NNhMx~~8EPMcQ3{HgiG^@BgteHlxlpYXG2M~EMM&N9x7cU(CRO`je6ZxijQ z)#QzR^uPRbZ{W{xCmCkmBolDgI^gWj@vr;8@pfwN8$PJL-7pkcpzv$zaXpHH+N?2= zegR4fLZ}Fr7I$HucTEG%a$LtruM2d|Q;z4yE3FQSAie%o5o;@gScUD+7dJ&?>T-h6 z!u?G#oJe)5y^r&tp9A_D;;)SOI{B0Ql*+&``fvLvuH4D4l3Disb7ajrii@hMe`2xH z0o!jaj<8;Fyl>c6@sInTHI2Ukuw#Dsq0BqrTc=1{1gT3RD(h#%$*)}#pVUSHs+S>d(a zKJk|Z8yvIkDMyQK$O6x@^UiXdWO*%8*1WS;vl#+L?0_8Q#yaW(#xlZG8E^S8LO+{I zsDbb2w(95W_v3rE(s%jI!wb|%ZBK--H&^_8;j>`_r=rw<_-CfQQ+G^ub~3(GXj1m021r5Tl*%{$2;c6AehP#lJgy&I=qEs#UQlpN&->g}^RYs|Q(o zmi8l*fP;d@adomxojlIs09XitzV(bcyIj*OGTI4r%IA6Od@oJWfM*vNX@$jey8qM{ivbx_Z*1AsJ-^qlrmez2{T6eqiE!JXNyUe7rQ z4tPNzK(&CMJdh|1j zq^7x&H7|l?@5M9F@pGNdqc+v`7xZ0PgONx-CM&0lf}p4ZmuJThPF!Mi;x2x*2uDc! zK@SEz8&VW+g^@2*8!yO<=5nQ#ew8@O0&20a4FkCh7{V|r`Wu4J+{vAOwbk!qBB;7B zWq6*g+YG~Ufw8>gPufriJqivE14>9*i`9#sE^wE!s)&q>14h8>xnt+b*2ZEBt0=`} zGRrV8wb|-)h#evgc&8V`iop@H6J2G11gU8|_Rc zswz)%3H@eW_$(nr2tyZp1&O4r$rksAznqkfmwMxiKCR?0 zbJhKgSdrV+)uVLo{_dGmpy}dzl4-ZWc+O11$%zfpJ2pdZEyKM_H%Agr@5EJ4^MEkp zzreu_Ttu?p5 z6F{UCN)t#m|KDw*f8EcPSEy+O_-_gwaijcu3NXUG?g!<^($#IWA&qK42f>0?`BHc) z@Qyc)AHHa+vOuG0`Q)~0~F1x>NUzXVBN)Av#p=rs*5cPg{4IQ>^@d;2IG!tg9uu= z^B{sJ3JZPGFfx*YlkM~Qmd`Tg*P zrAR`xHKo%8Y@2>`>rpK`=jzn(uY3P+cvgasGocjS3y)nP&ZeW6Z~Q0N)^y{4!2qeN zntro4$3H3MeCyVqug-r=m0;zW)+n9euG90qzH;I|eAVpST#(*S81&0Za6<54AqiPj zD3?lJUpqV6?~2-slF^bRZY8zpGXxURL2XL!1$s2&5YzQ0u;D@(ES&HfHRz^^`WEwrH8Ra0AXXkaQRh zwVBkMp0SNpkrgKDb=EGZ4)Nc`MsobI(MYgjWs2Qo!P7IY%x3)E{`)j~#J9K2U85*Q#0uKk%Na+5`V?E}(=e}V zJj)He5~d9;*9n7YwNuJJHxoiJUicKD)XZ8Zw*7AusDPNiE+R8}bQmyoxmzQ8y9H6_ z^eNJ?G<*e@6E`alkKCK^@xJ17Sz%XnVaE8A_b`9)M%Ee;8JgP(91piqWPpd zR@qPUr9>hR^pLk!{HB~)a$9*#dq1oMv{V5D{rv+F7*g~!Yf~bA-CzDTKJ>ott)@yT z6YE$?uEn&W8fgd1DDy6h~74&CC7@O^cpF0X0XV z@_=j*T;AC2uNn~&tg|?CO1sry5R8EJU<25MRY0&(r#EL8*ETe_wigki{pR$AI-S&x zAo7oe!MK#vyAE^kY;AlBc7G^!|K(dA7c|vYb6C4Q-|6Jl6Sev6P4!gqwtno+^k;~v z9b{{~?TkO}^;>u7er@iZLvAvQ`foPnBNk>B zsq|V2OX03;Re`~+5V5l%AN~Cajm(zibY`3MYI$acfwT#vki!}+oRO*2<@CX}xO`DH zb{U>brqYJcJSS^{A5r+7Y488~H4Gms}Pet_Ds63y|a#;tiBRT ziRW3C6C_bG#LkfvnI$y=LwhSyoxoAwXQ&amukgVoh#S$bp)Cr;aTynJ3a8s;%)@bH zXI7CX+DEnk_iANbJCw#oz0eTQi#u<=pCNTzvN!?6U!R=izqOz;S{rk0+hNddPjHJ< z<*dKctSsUAem~Yh5ctFC?a$hiWmWg%<=xk7%cF6Kw5M)Jjvw0E%kcExSA|-=**vFe@LW~JdH*ZdBDT(EomaC@%R1^K9p(_fo;eUFu`jd7$Rcd)Lvkj=-ViA7V? zm)adxPmc|WIu6Lr!Mlw_mO_1r%Ap$>${IC-&RJ>j>l3VYfs6rcGU{F&r6Y%D0c z<3S9dgi_k^)}qyHV*AWIfZ_l}z?6ctDmJk|6=~Cw)KJ2VN;$88TRf8vG{Dq}CX_p? zYhGod;EWI(k!{zdla6omb>LY}V3l#0a&9tM&_Z~WJE}mU*VIK6r;O1eR`B>^o5h!= zhudf>&j69W%eBqbCYj(ak#Ji80yT$pB+>}$41qjDh#*pVQDWNwj`V!mgq(;Uj{*Y^ zA-hsi8)CB+Ii&8(gClc^{ZiQ`Op=hZhft+zke->#YV9y zu8zL_MsQ|wa-yH5$Azxvb53o9u^nJArkfmeUFTNam9S}M@2UB1%PS|Bo_WLTO2)>9 zck$lVtk#)9s?T;VCj0ng`A1d4a=D@oEavBq3w9)Jn&<-^nbW9aRS1k@xl4UqoH!Rz z@z{o%=1j1+Dl2{Kl5Se{+$#%K+{oF;5l({VK&EEU_M*)eOd$U%N#;j5emX75=~-0{&MFXYVSbdS>RdZVQ*~wiO%T+N#B`w zuSDlLaI*hC{4V-b0zsC*aaj@gVB0|?OM;S*Vw-{qu8r&kLH1R=|Fwf>YcGx-7@yDcIIQ+bqi*<(zIs$>H(3A6vi?-V-{L1NA%)YMgS$4+uFT~ry zV3St;o_KS~Efo;I?~M_Hun7X+_goO$G-RF!4hRo|`7HYK@~Zml9Jq+8g$YrbZjx)s zUCe|yb~YL>T#OZ`VHTOyK6-u}wW4}{8+7P2T z7K*7B(mccVdN+$aOG7;LSX0N@K$bq;e6h@P{2z3G_jtsW9cR!1sQIWA6~y9eG9W++ z4$=Ys;O~pK%v5jN>+e)`(LNT3SEfCHwbk{UGjI9`vLaxtDEu2%rgIsI)}O-uf#|sm6Dbi3Em`QcJYb?bd#Lo+}VIC2jsGhV+_l+X)5~J|@rys=|U+DPVoKUFSghp2$sr31wVRpIhiRXu@!e zyKz^3$OCIgD?!on8zWELc;bzx-gvq{=Z`H7w7mfD#|K$QbETyJF^6;`q;fH_mLbFc z`}u$R{6BvFFFya5ndgy%c2t zm$8QLbWXFA#uTVuYZBL#vyBWH#YbbG{K?`<-7h;#gqj#1ZN}7^@*I0G{I7bN^t2Ux z@e3dM%<1?;|M$6HNS8SJ@?9GEQu?s(oL}z9i>t(M`OgWPVO{f4^+)ggiYW5cP_izX zj!F8UrFp2;b1H}`nj)#R%R_`PsR?IhoA%v zUEq0+V}r0phZvYx)cw(78d^mSJDNn-Y?tY|QtFFnnn@^Q3vQyAsJGiipAT!tawIgT zrd4Q$7prp5`>Ff?2wvGx1?A_>v*4oh72V(Cw(k7Ik>5j%BKT45xr$p=3>jo(6f{eT zqWIvUC&z1kwt%215qecunO>{57EZ0zV~lzR9H6aLD;*16;$ZYfC0DcquD#(b?!b2# zW$b;LHzuBuIyJ`9(y1W$erUG_+x?$*Wvh{ncTEABiK5W;!Qgv5)ToUJkA1eWEgu|H+3&j? zm#HqTL|m2pl}zICcN-oiR_!O%AImy*I*iQx>^I(i%Pwb+cb&>k$6n7wRqe{d9CY2u z!~_oB{`5B=vL-YZ6Ti|bruK%Ci zFE0wOYDpx~4E`eFEt(@z?ZIEWcXR3!W<>h5Nl`iKd8!~xku)@qU)=#iPYY?m>zLeU zs$k4*{F}|6e52Vs3sclRGx{dcNlj>OZiICAdVe=F{^7s);w{-T7C~6%cm(>yv3(Ht z^R*~4vGd(ylCPzoQUa$)aWXy(d_ymq^0#jNup|1gvNn`zkwQDfs`9#=;Qvp;Uy!DL z$~^qS$A55Uf6a${E6o9OfCSy7%mo6@&i?)La?frR`um4qw*ed20j9tt7zLZ!HS57T zW25MFXaelX=&IP(md?gXeNuGzvIs?B$Vyv5UG)eEOgMuksZBBGYlW#eL~sm=jwgiu z`Kz}Fj*(}(vm|mx%x@q6THHSVOGr2(78!YGh&kcXr7jW{4Sro6=xJ-Hug7-2`?0#Y zyRmVLu#&>UqGA<_PNwE{cR5l=fM0@+oymJjKPM{-bBh~ajci^sBvE;6QatL;@Y2!g z_SDMnKU)inefe4MA$~rzCJfOzCMRtQAO94$);6{_HPqKuS9v`OMy$7^#-a-R5>>Gm z*9UJcFM{xV27zA`z>_iu7rdm+Q~f>WqmRfX`g+WSW* zs8ceKVMG!uW9s5QjY-+b?r!M!T)6S|(Bj;jcZ!B{{s3Am|9yq7jXU1c3jBPN(dLw) zwW94S>3=LFgcZ;3kM5}qw~4qlXy+E8SJ!AP06dKUu!&ZCv%2dk-&v45^q9~Mq$;1j zygptEjq3C^yP$08`@l29KH5%1R*$xeWpJ*s&50ts*RQ=d(i~UEkEbzfRPa=9Jqhkn z^ab(e_vqXBrP25Pc7)A1cYjaZ({g5}G}zu=AJ***0ft0}dTHR<1`TD7Y+?U=*1y{^ zCE3j2$(M5y9P;%#i$hS0H=Vc-Jl}-*);by~W(OoaIV51Eo}(5GxJ4a@VETN}-%REj zLvI!LM_2-(OCX+-QB{KE9-;gV`owEHQp~A&4?#>F7E=joXi|DWwv;4dKDn z*+8dX-3*2+x2!x*AyV6=m9TouE&9Q&OTo_kO7f$_Ed)$rJJf7#HA$cdTA?vOHe2i} z-HpZ*@v$(0*CPn16@v*Q>OQ<6497pbURvJ~)45(ihc_Z>hV9pl@ z3z~xsI0RHFUr#Nlnw#*)uyNRXWo`rT450-x>69zQtQw{hCP(2=bWTEHTQ@B*=sMiR ztfO+UM*U}eTI7((qT?)-W#EK9EaE-*LYR&~g>s?n1u?DYCQxLQhrXo=IMSgcE>UT) z`G9*?&|mXb^%*0XaN%qp8P2T(;Ami1xM>gz<%=7ar*jx0I8F#V?CS@m(>r<)N)hul1=o&>xXe#F*Fvby$~y){W8a{ zE>OQj9`8vXFLfjnCV|fn;>xlxl0QABH}|+X-~6;JaxA)RK&09~<|MWCF}F--nAFJS zhk$ROL=wVY84mkNq}52L&Mlu=YNNC^!>VDD4}(08xcTB7d+V6TJN4_hNX@jjDd*ssZAz^GFGV5EE$^qf@!I;C|lP0XTr2a zNf6R;SJo^ErtPsAwS)Wh`3~eFmag@~{Rc75AGB9>CmW0`%Ch00x}-0^QVazwzi!|j zIp=of6?J6a=fZ;gB(p5Ug0C!K=qFpKZXd`uwXB!7=J9Q5~{ePS6j-u7z+(l zC}`Lp{^D!6OD-Q8vP{V^vLJ-d1gxyqxH+n}t5UV)^whglTXXH&*4uFbqc)23iL1Lq z0>=f-8`SQsa!eun?nR^7#!{n7qh{*`$X2f3ydl_yW`8jB%GTbpZ1;+*t0@9vQzi3f z@Fg~vil%g!!Q$zYKtPb?QmCx8d#)f55?yv$4JR*t*qErcSQZUje2+oV$@8J~B&~gt~qvSS4!)oAT zQ6D0m6@kxT@nz$IE5YcHr_lbb0@{_1ZtZ$sOysMret%HUnm+mcbE?u~Db>yM7$X6N zJ9@-y9SGhPq2tG?3suia=l*_#UhUQ^6H7CkYwqyE%p$Vp0MmmSHiSA)*X#J`4M}bO z`?UJKRi@g;HufO`#|Tmlc!K8KsQ>@be=n5aq)D?VaP?q!Cz&gnhU`pByc^|Q)B@n0 z@P)6unM6=y%REfpCf!r3;s|Fgot`FGJf9>R{*s*ZZ?30s7pacZ%i86$G~L?Hc3kf( zy_3!0rg<3ij##-$A-|7f1S1HHy^4*|(K2zNoitVnUi`=m^DKxUk{agotcCQ5g~D3r@Dayg{pv|4o1*`|Lur$RYwfJFTFPbtjD^we zD(hpv@xyPRRM9Lr6nxmqx0=mL-nMi;6o+aXm!)^gH>LJ_0Q#v+pZdUXOpyyfcgTul zuk|h-0%MO`yUezmJUvB>0IryI&mXiTO-{-t7(vfVqR8`#ZVwh(Gjcg8#(m=rrwiHk zK&He)EsL*ckM;9OyN}{@(~xQU1f6ZG@H%Omk?z10Do|Hwbnb&yh znPfZ`iu+=_S!qL}z_l+G=79FLQ^^DS)8mHu9RAIn`d63d#>Za@@XlK0L4P!%1#roh z$YmR~lC^nr;cI0^5gDKT_7s!6-wOc({%hGWPl<~Zm+1}$U zuxuxVrG}Jm4(r^cwE4Icg&SSYC?o}_XPdh?$7Mj5dd%l$6}MuaP_(1@~^&hREnm*VEn~t{WKI@ z>T&Jns-(;gdXV(TTo-pzes;kB$9b{cpj`xJbbrXbgbgaVTP|lG{h_;@6>Dq~#|WBe z5+W?_4l7Y&g;9apsr*{3s8DG?XskSL?TW9(*@uIQ%W1o2>6tAfZ9-8CbBZy5S< zt+J6YJpy1X;%TJXdUMp_{_1d(k`)zw_cpuHL-fybP8tTILWS4^hv{Mt_jyo)Trsvv zED>pUdZQ`qU>Fi-=|-hV8>i<#9`#laZNo1oxLAVM+NGu+I-Q3?cu+ACO5-F!t0KEc ziIc%>TS)yNgmsS%8QDMTfjN;Gr^}rEQSXsN|$FUL5Th}lbsi` z4ZY>Yw3`%nKmf4C<> z6}%Mu!2D>t++tbR{W&{f#HlK=y7(@XAT|WsHO)=sxEkMiaO!j6W1?GTS;f3!LC&a# zcR@XJeG ziGO)+gwRCCB1v+UT$;&EMqsh1$iNqu$8augaReYRs94$4-O{{3um zc6NStZg%=%QLc=Uo)8lf8W9$ajK>rfy7OJR5EJ*eZ|mbX{<~YTu3=*E&+Dgc?0^4P zfLoj1!tzA@$E1LnWG-E%$>F6*gf#^q5J7R<@c0TZy>u%}+Xt-a{?tka%&VP#7IfE zvkB=lE4x9bKdL!!f>G^w2IAxXf|IJgmjjVyVAwA~wAWlfbh!y>QG^SQK98Y^P;ZD!M% zxMF3$5)6YOFhp9})$CG9)038YVnHo^8C%=j`bXnu{+#F}3@sxdAVXKvqXp~0-t8;b zPA~@6hj!McrZNpBWtC;H=NS?`l2CZh0i!J?$#yj&!mLE^(MTO3Z!6vZnp;jHNR3Oc z*KrI*5g1^x>MlY73ChQiAeKpSp_GM|Ms4;fi4UhXRmu;6^S0+`-X@U|hLdba5Fb6v z3zDkPzFyGJ#9I+9Swd8SZq#u^a0(obL@IP3rx#yjF|fh>VNMD1$MDI%K%qUr&QVnr zja_Eqs`-3>y^S%Hs0M;VVb_cN!)gNiLb7Q!r_f04@ITXAtRh)tNV!WyTV}_x9r{oC zU6ajjxY~b?C=%Z46Gc?#(Q3r|JHD7%k>HYBZY)Ad&x>M^rEa&088)8fjdNuBNJsil z-`n2a>Xi~_Zp^OuW~(ff1YW9Ej7p``Z?^%Pj07}uX;)@Gmrd(Fp}uRHwq?Ca;5Zgm z+9j78!DQUnzL%wJWxZ$U0a*^>2!5Gve8a(% zc~P~lPa1RY<{L7D7>Cs3NvI|VBms-1Dk@nNW#uc~P6#eKvxETIuC2yCXKy-5bPnqH zK|v`0aF??p9$YqqaTNzP-Qxr)*})W*6u)jaotkfO&;ymo@ie)fW-bYmswk2K_x?L@ z+D;HAH5VpVu!Ms?BiUM7*UOYwxtT5O>e+++X3xwp)Alhebr9_94A}2~fW2KK2O6;~ zZ?1Dh+N`LJCmzOLm>sY+R+iA15Kx)}yex(%Q4)Go#WR;M;rxHz$|`!R;LXsZu2qgt4f^Wu=if)rI9lM=uSTd&SL;ZafYQeA9AJtQ_Pk zzUHJ$TXl}6O9BhRw4mkcfu`%F=i5R=kJ`ZTuA@R{-XkGKy~CQ>tPJ|}WgcKY3zKMo zUPbkQ5o`u~!0AF}%Q*v1f#YBrjI!$M>uRA*I40uf?O!vqv)3qC$cZs_dRi);&dHF8 z`OHmcFjXa7R*Ab+3s!+ia3KuY1=a_26_w}%VlV7d+u_9?Sw%fnIKo*te-mGBV$@&{ zx>OAM-$jAVwbJ|#N2)K(wv40;iu|aN1(I;vrQR$%lh4`k(VIsi%`yz&X~-f=lh{x& z6w$3--Ow;}&D^F`GnLO5^b-jjU+O>&M0q{n8m2+0$l!I<`4KvN5Iqd;?II*&gkH|j zg<%B6Na|oFq%vt)JKPOyO+pDlwa4y?9TbDCzU7BDG8f3@H*`Z&bjOcInd+*vd!%Sj zTY*|%2p8anm|Rw`rWInpu@wHlRyw;JB{mIS+YW zoaAdXC$QLgwCStBI>sxTSSr!^d=@xWj8n;4ew*40gYmwqv(bSH*wGQ5C8!V~uMn;O z_eYWlqO8kvl(WTLa>by#@1mY^aj#)YxWjIcO34ooI^jl&Ro>(BGYr)h86wR*y4{3a z7|#!az$j&dM==7wi8W&dW7GOE&Z?&Ex*pzId?+q?>3$TgE%aKg?!KcLrUp-Yeh`GE zU6cyGEzbLVd_VOUv{7wB4(JApZy`XkDB>rK;f)T*0tAr`CN4)D=Qa!<^gmGG$2r`> z4Ytv~^Ou<0?C2T5*~excv#wA$@XyIC(e`^HbhSNACtg8F|)9vF9ddffgeFOT~d zeefO-^ce<7$xez?-gDf4Na4s?6|ZKkEI(|uuH_j?;8})Yc;3=^0c$RvZFWuC7Ry=R zav_ZiLkYf~tXHy^x~U3x6WI(4L>?x{UR4+QT5??3)%e)3=Tf%qZ<=^%jvy$(O38-l z`d)~Wf`!S6l{J@x6(V&ekCSP(4h$nhqW$mJlx93DnFD9eFwl)T1|cKvWt^HUg>;6@ z#AN{|czMk7;AQa=T~19+p^4|fVl~M)G%N~y)+1i^s`2^MRXM6hb(K3uFX2!ySQQ9) zWtsSnt*NT*$D{F2=G|P5Wp^|ZniA^!wqaP7;{dSfI|jHyBYkodBhHKHo&_d{?sVRZ z_87x6>@r**dy50V>W}iZEp=D+ExjD^`eN(3;r9j6ZjSbv%u)sMp>dfQFGgtfk~mJ% zA3Lt;?cC)`y#?9RCYBK=DY{-Z*AK<1;I4BIaP)$U?x#MkIO?DVBEev_V&%bxqNG{F zqj8l2PfYXhsy)J7T2mVP$SlLq8cllNL-`41wy)60=uWLWmga*iMdLNi1@T6c zyot05R@pX<-Bp`ro8;_w^t&puu{@HAJrdxSXw+))>^euP1&h*}ua`g8Y_*zc2|Gi+ z@vUVNv!dK$Nh&wV?Lmi&o9cK_pX1(^rE9uTWm&*r2q~3~8xe3N)Gmbdx317h1W{L| z%`DB_j?>|q=Bqq{PJ<w1B`YiLq)^gKW$9VnV^(=9@o=4Y8(MOJsSn4s&mgr0rcoGI zz(PpIawY=%)}EkkOIQv|Tx)t4{W4|G?nvgux>4McbOb^u+8VU0G0Cwk#}G($ys&I1 ziqkOs@nWadr03X6xlu4(kQ)B{fNZ?ek?pS*Z(~W$GCme$5hf!53X@PAHlsSV2-*2D2gMEE;Lbn21|#KFrW1z#tPCwkf96T%=FUzr7?_+rZ$j; zyS**f!W`rVMKY%c_b{l;M5IYsw4Pa5!WzY76G9pm!~F7u0GBRa+OoM~U;#@bUsc^O zjC|iKMn7Dt*4$UlaebKrc(T~kvjv3?mA%>wOKE#z(RpiRgl%QVB`*G-_ z3A#mdyQrYljG#!!{nRA1z#URK5t7BRgh4z0<-_ccW3Y21PH`VN2v_hh5hijfgGhYd zq?g?JT2{|=lR35Fs_NBvY0Lo!l_arO1S@(J;>vK7 z;m}!n?c&A6P4v*Q5$1U1^#=hMZ;TxFBAhc|tX)eC!uCFE)OUITCrj6w53gS{6nzY9dDw z`D5SlP?{tV2q8$C1^T;=@<=t=XL;7eznsl961>5LZqAMbS#@%opT(gHn_-=`2Eas+ z3@0;bY&C0PKk7r%K3$X#K}kj=${%Oj7V9)G6$l{5 z%DR8HE{zY`aj+7;zzEsKab`qRqy}(K%w%AfsB(7h0YoA&n8eGk9+ZlW>&QN0bfDSG z<0U+ALR+@Cz??;ZAix=^|6pZxcmn&I`S1W2!a4b+<64=87ajvbBM7?8gB;vi#64ci zvC`iDYB9X9HxO+1d)__GevjX|Z2h$9CELHBTfKw-6>e0Qk#vp zA6yQ58^`3N-yuGX1hUxVP+3)V0g!k?MJa@s0Fs{iJwlLCMt8GKhL@%CBAR_<&ey9i z*P5$>0v|hZF+{nJXSB3SM0SI4fTC0eG{pA)E`FQ4Sq5*R3QBph+hZXcog2goU(BSV z%_65AGn|~-k^ixyTD3_Tc2W@JPhry4wm~;4s(fcmKM5RJXTxP)Fp< zOfgLv%QJG2t+>%-rqx2mwAHeiaH&0JmYUST*39_Lkaql1g_nnkSMJ~*OkW>ZgT>#h+jBb2{p zz)UDKY&HQiG7%zOZ?X`;Cz~zBn;O>!0DHiLD{a?!vN_q1%(Ae5hE~G4RAL3$Ib%yj zE4U1ieIQcTE;*Oh?|Zp^!; zys7V?RM<5BxrJY#MZM4BM~jeas&@bD7m>t1r*IAIlwt7lKO71Dj~JN45uA&fIsep5 zUw`r78R$Y7cto(N25IXA$B(m6S7lbp;hIRTR2%3Iqein?EI=FefK39tNI&!vDDkLS=nw_3Rv|)RJZ+>dZ!ATK< zkS8%E$}}UZ)m(0T6NxOpp3Qt4eSj$N<8xgMM(Bs{$Tw!+MH_7EYKEPgH!z=G#fH(v zQ>V{aI~43cI%mc^6+0Fm-M-=@Hx4S^aoOHoH0(7t#{;>`*7IUYwtexPxf>hGt$GKs z;H}ka=T^MBZ@PI58fI#=Z&@NtGszS-c2}HHhV07tDeM@)9AAdr!RNfFL7oYT+LC7= zz*Qu7*C@t3Z?;NEvsZcC@`@>|^c#9GIFv~*waHz<=zw8>4cy4G@5w9`rF!DWZ;0G)z>!#z5^RlkX(DuWN7n@=X>#+jpTlIZ%;{ z2(I#ONqCovP0KLQB?lDvu8c18{qnlt?upPHY#86q9-_>S)dNxRN!kLb^G*Oh|v0VuvJ?CqUG@N7DM$t(Wh5`J*Ra*M)yL7ufknUcg z7B~upJ622jQ>Pf=o^P}^FgC(yju-igrkkcN3zB@9yGJd{uxP8M8)-hK#1kmemN1vn z+R#r}!>x+%*KAFqP_(095uwii^YkQ)KSsHC=pqbP;0n*^cyjZJZ|}jNz}a2vMHfPY z5!sq%7eN?uq|j(ML|65P7vvcK6lGid^wLcw9cDP6!hLCQ@Plq+*!Nb&-SsM9RQWV3m zSl;f>w+GeJI*E+*_!LDH4uRAXIt!BT%;t(g!le^%V$rrWNpS6JA&!lwYkGV zO9=S_MpVjw%ew4p?%?%t;ekv9%ElNgE0W+*kPZiFly^?8LOIg~n&-2_=Wl`awK@$z zT%P45syT?7?^qX@9tnhG8RA%@C4~`lykadNF+*brqS?BHCegd?-5(6smmg!`NjwHI;koos zw~QHj>(-nDjNhLdnVGvz*QtMd4KRhpbFe5fh&KnfF6Mm{g)e9eVn2EmHd_WV zbG#|D1SgQi=e(r-)*zTZ{^xzJs|C+L#P4-1kzb|k4*%NA@s+2Zd-zQoqu{N>q_3xe zsXMM4;P=8A4ZnM#jHC!C!H^*CLaA9M5k_EI=%Qri<2H@(C~|p*QNuA1PE9AH-VPMs z7EuU6-ljGzO%XZlJlUSLz9I?YGp8g-c#5A*&A^_MqM1m<|5VX)MT%3ZXTymKDOI;j zO*1WBrQznRV9O#?EG$O>S3J3HWkcV2*Imv^r{gH}l7l`CJ2w|c+vAuFbcrRde5byu zMaSPy4~ZxbV&ukd#XX!Ckcm#tg+K5pLdaMt8KWiSX}pvYt-_uopEMS|AEtuFafV&J z`}N&#v_r4$&iBplnY@{9>E&Z>{)jgHk2sjbNfa^XaCl?-p&j&1w%!>=_74v0Yy7xp z6t2!U*IF4>n>X5*h!4{xPK=d~yR&1i|MlI&J=@)fZQ0%{{AO?J8z#2$M0biCA95(k$mR7FF5yf)Pzc<6)hbEOTuMOGH?gW?ej!q zPM`rIBkPW55nVc-+4ErA)8Qpa5MbUf*C){}Tvb85iS;ly0*F@WXD(rBm*rqbwC2@; zhal0ELu<`33AgJP3o%EI$g4Fpm$+K!To(YiF(YW3yuHnPLVttZKa$fw+PlFb7bU6# zr7cZRvGUWWr8zm33bPZ+m!0yRz56ym|l)!xUVeamFGRB-^_CBn2|=;qrrUKsDj zd$vZXqBRh+kBL|jFDnUc4dP74i-Mwv6jqh#bI6oneuzZsBDfYUR66) zLyfhXX2!r7(mXxqM3yE;Nq>$r?vfOiL~sV@B@Fko{-Z9tzx&XBs{Pu3iYdo58)UcS zpqU=77(Md@nKgsY9bQGltbFUfzXh7OE)LQf+Dd2)$Y>xXsr*m6Kjid!od1*4!c3Ui zyy!;xbgXDRLlV5G8Mb4nB-~*|V5$=4uVkV8^A69? z&&{eFjHidRns7p;h2g9q8>S^vR%qH<5!p1jPQWh*_rd4a7t)2?pQ3uzDjW3gVN!j~}#~*XI*a*G4jAVpW#8p6l4=`#7#2Zi(W2hhZ=@MC_VB z=ySr`{^B1$Xawi}3&Tmm=CLq09i*AO(!yQO=ZQ|a_55AHkTw)0$QuF8lPRRt4ud3# zEf#LI>VJHA0WJ{%OIVIwdX;sc2<^pob4d_&r);6`M+f+G2U_by1YXG) z?h4yZOiSw7LqaGgVhJwbbampaBX3{$*yGz5Y7c@Wv(DsCJe#6I-Wxj(^hsG5Gl|u7 z>CR5>h_8r?=;ezSjDd%9+irWjwEg-i8azARz;GN=kRpy((W?!{TMH1 zfbac{@8=UcXOIf1f<>}t9vYs1jT8*!CL@PBRaS>w^_ZJnoy;631}tAB37+rMi?W~? zPI2LUpP6zM$f&xoyyzod)K4KPhHEqFpdCsCzmgP84|}{H=fje9&%GjbU@jO9R5){R z0-JD8X+caruRo>lGERYTSN;?HsArE5gakV;of7XC(xB~QEN-~M=FvyUS%p}JZXx3<$~$DDAi&kpqb>40cv7J&CE1BAbdMoMHmUy1_swRUaUP2?$r=tc2sPiFQeIY{tgs z{zQhFw7?iRFppZ=1qR9uDUc#i-2Vi(?DDJNmNIrp-0LLAF+r=NQ^W8dz3~G9_mHJpuRo&q)t(n{4nRabkHzlk>g%sg zgj@-hZ=!W@jTW!%yfC|puE(`bsi`Y3JzO;~O~v+beLZFyyl;M$r5pAtFKxTr-~Lom zbs?%GVBvk&R0Yba>Gt>Q>+jO1lE zyNQHA;}>Sfo(lk8oOjpSIcZ(}0CO6j0lU$=79ol#?7HCY9laqx4_3n0j$0TaAsi~Rim2F-sV?AJ%ba%6H=t4}8 z1uuYGJ2M$<*J7*HlSYp31z{#t7OOSKSFVaX6SMV!c;149Meitj9Z4g8dZ*&9mFUu zqc8-FdmaX7CXwojRPpe9cETck*8)HFcFHfaLU2YOs{WT+&0nTdt(dEKk)I73$LX)W4V(cMU)v$ z+h;DkE)^-k%D%Q`EiiJl2`d>+d(kf5vzLTIKinfwTE_PaT=ky@ZRyrB#c5|jZzFR@ z{&F*SCB_u;D<#)$nv>!=R~@cz5lA>ZR*&p$?AKZ8cGzw>)BI#Hw?FOP^icAe+{ zss3W^ZA?x)RG@$Bh5;Bi*GS7yK^oS3>$;JneT`uM5vRZUWW#=FZSA22^juvx%GeD? zVf5{;`$+^{+V9X8W>Dil(abOYGBJ3mJlY%zvxjx8NFlYqf{T}Zhfq);Nrr(CDFt{j zCboJecNINMtl3E<;vY}iH8*66us|UFU5EQu!jBc}EStw?7xCQR6B(7sWl|EOV$mcT zi@gpJy^5h_r5>yUTfsK45sW@|gss{R*7~)OM=%c>>)6?;<*QWSH(%`8e6e|g`||rb z6nigxfH&t@znv=Wm#g6U2RCgu*KaOw!+qmfXG3Fm zXKkSkyABa&2zc8DATauh>d)g#L;@ilJyL#hU-0NpgQ5y67)MVQx7@lZ@Lue?Eh55y z<-dq5E!J%Pp7mk>eP)3w`??k&`%5|uQ`-sFKd&RzR|3d3N>*%}r|k~28CaWxa z+u^(w=*bP@h7fZx=+Y+O$zIT~bMzH3YN7PM(D{K&AB5H*GB5p7Tq2%mcPIM%y9|X0 zNLX+0deREr`b`v1ja#B9)r2~ic*|@hA7}f1f}RMCNqQKeHRV9T#NS}t6CKw^vnNSP zYIb1*tAEWm>&vlZk6Pru0bm0`jxOI3Z&?(w%}Ni`stm+Csa?&=o2$1(hj;NaZ5=&l z4Ew6=Rbsf7>u{LRy$<4JCdVd}pWyvb@PU_ut49H`A==J?evt5BqRJJPo34H~Fr~18(y2yrm>wB6y#MD!n`KDv!w2H^xT_p`(ViA~`@PR61$89=H zq$$Aq?G$oP_&*r%glc34hvn(n7v5_9@TXmPx$sT&e<8lDr9%8)+e#dG@e0m5zqVc< z2sA%4;tTB_$G~>`sau3@Zg=A*4)7chE_^4 z9*5y`g?(#RJ+Wt)MDeTWlKxNA^b9WSz-JJ8fDu2DlMSy;Z;umL!85BuJ`DpA5#heA z&Pdwo3#Jx0G=X;n+R816Xhty}oWXuBZX6EE{UmcaEOI0O?qdM33AM zO=Ss?bvb0>q?ddE&u?h9RMwyhhfll!ex`-tf<3j93DL9Q;Oc}+j=*fn=y7WpkQ{ru z!r+3H&xgEwgzWq~({GTk9=})I>K7Y7#>tC(tE4qSJ>?yo1Gx)5C794Hf(>0H_@Zxw zXULgQj~)LjqE(r1kFw}?2Pk#5^SVexz{PsH7?5jMIzE!kug#6Pr z`5`b~FSWG?Twbm`_usnqxf?%O%x6Uv^$*@;9sd~~uic&dD9~5X%@x=2UKoKGV_`TI z<5((g)WZ!AyB)v$KZka_lJeY8Js@Q_JnXhmdA4$YMq&#RO8ie-Klw8HIOIqud?zZbwPO@+Jo^h}!sPtOg|a+Ha@}F51F)$yIkv9L{1UduGVK5kd1d)o*Iy!! zJn+&6v{!dWdVf!DM{aLI&%CDNly2|H_{AE@3U^5`+#?C$Jqd#&VcP%&UoV=%-?sn# z!Joe|`JLj-_oh#pNkh~CX2mB?z@`J|!Pd??s9;iaIafvl+#eHPxsKj^78y;BXV*}d z_w-n=5K`ipx^-1jZJN)(Lg0~`e8(1_{>sz}e)ii}j+p>%hEqL}@O`uJMz>Ge+aat% zR7Tyz1IIr3F(KyrpF017PdPj(*OXKghI?ye_8%33?EBc0erN^v|BwFW?h}1W_Ar0% z93sBR*MT|e1Wl8&JfbJF&7(!Bqn_F!|5x|c3@yBxEX*jPf3Uoi5Vrm(Q+!cS&yhFQ zDgS=*CvLkuw0zk-G=FBohc5anHrNb=sH1`2-P0!@rCDt}{rvhx?)7Nbsz=i*<9efR zecdj>%vH_VMZP5I|GBaQpZ`DdkN;Gg_~yV!v_JdCccP$j)0Jzl-}41)Hx6v?R++K0 zYGn)(`2U8OBL6B$-~2V)*}Ebkqo2x8H1SfTQy*t(UU6(@_;=Fjd5)j@LmfgGNTE%a z1tkHBwaBoQr}CwiSH}EycY8Cwf6~G=ON}lq(zSDh;!8uBOkYj#kiIw4_-U1!cqvL< ztb)M}g%^?#W1@7`Y1X4&s|wltaVSI0LkzcU>J;@EkE4z;XaALv@COu9WX@2=Ih3RJ z^;x~rm59V%T<#(jH7Hl=(@DK4q3RXu5UBb2txeP5wKw{exV9A`gvku7x+PQ?D;C`1 zK^Y}pRQR#|&@R+ndOVWX_f*tv^iZ`R8< zpW^DeN|OQe6&Hkxy*Fo(p2F*mP65Ja+ku(TO>EvN+H}OLXUezS9F5Wg6}kM8!N}Dv!KqqXH%*aZ?qo_SsjSw13h8{2qQMqPYeO88dYOrc#r% zzUdr-3`$EqfX8KNb7N|+5Tb>_EB3B^w-?>#Q{}z-E4ig^L#uTP7_dT8FERXMCwk8r&l`FdXXij8#+l^8~^z8j%jUPoW7kkdU+U+m*WqG^hI3d>u`putyG zyR;ZHMDNnE;tre7Z+dOrRos7>0ntozZ8#N{U=8&u(e?`4&v_7qcgzgE&a7&sb%JM+ zwF=em&~Nk~^pyj|5u#CRl=g?s8MNRlg&5gfIcoMc;?oraB`v%~55PVwAA|}dUK7;+ z_Fub`P<+c$v_Daa#=(*5RY_CLfO`vQhf%FVmkiM9$}2Sec*X?!7cPe+h=*#?Fa#Ct z2gd)~a8_F}czWWpcEkKQ7v(Pt9^4;y<^ceyb`U&1fr&Q*!8^*@Mjwt*-utQNv3%qD&)m zH!9!NNi>^j)c^Oz>^w{W4{qEAL6U$XP8!nv11@4(5XXg}Kwwz-eyL0ZT;iD*PDzcb zU|W($kpybNpDpO(Cl#95Y}|MR?+@lkloJadMjj#9H@&%V%`8FXTnt%B>+^g&0+m#z zTzGUaZw>-Trc>y;0&T`qw4b(WCFP!PBZ4bxb5w+9E@;nqgc8V7SDjx9!k?Sa2TwHg z{FZT&+lb0X%S6ocIO*m2(zpl$A;vL%!**Sxw@Wg``AASM^ zefh155GD4|{>&suk|IrpEIIPf6exa}Hfz$NO@}UYn|=d^j2K&GV@eB$s{dcZoP`H0 zS+Qor7A-pT7%*bO42}h>6Q_PFQR>XOKVB$<)oPbPNAR#K_`t}KBu|aMA)r4>5O5Kv z3RDQOVb^HD4r*XtYeNdkLtO^l*I_7727(QTWGWuA_f8*5IvsJW8&ZZ^2pn?cszT$A zUc|gJ%eHO$?U5{10t)Cb@$kemsvL}l81JbxhlC-R8#3GpIS98N9MwDEdiu7*;Cl7Z z1fhk&3tGp3M4^MhLqgkZ0t*gLAd<)wY9?+vqo3?6zKDLRANbjv{?WC)>pH$bnB5kX zSQ1S#rk`$#luWMBH!w6ZHYuXqDvx=aRP%u3m3N*{SibOl5ZwUKGZJN@pP?}Y6o}0q zhbMHwm_()&L@lJyf@yRHlO--8Db*TV8Fr5g;}lV3;j&!0%6+RS1w|$0HrnQ)s#dgm zvBCXSLsLsz$BI>5J^l8D*5h~9+7h06X`M|-OiJ$WdNeIVL`&%+!-IUG3Y`&U+m26w zjRPi3n&LHW#%wur<}EmEk&i!wH4aK$BBEkQ7vr39*1)8s0pt9>wlRkaWO1A{}uA4f(%jS1f1TycIKKYmV5P0!5E%`Yr2EfdE1eOTYv+}hsR z-P=DnJUTu({e6ZSXW-)U>bha$#i^fPz!p**lpe))T+fFQayWmOI6+c0!*aYJO0uGA zx?x(j<9dD&MscE^+{^xa75%|*G@eXnb1(!7gCmeAG-gboR?X>L4j;tf2}BZ^LZ#6e zOqRHWq}0@gFUznwvRpZN1>idOtD>r=uAvEC2PKrKq6#IdM#9#a0YC1PcY0=aZhnEW z&cKnSKoGAERX2!$)#0U{3{J4rp^7T1sLGXoStX7aL`hauO*hIFlsa&MO$V5C07*wc z(fPZD5fsA-lA;+Fh|d50WkuC=!?bM2_52`=;v~&-h%ljy3#qiR?(0Yb3W$=dsG4q= zmhHG;2owfKAW>)x7KbMgNn{F@MrSZtYz~*l7YIdSiBwM}SLhoU8X23InwbY-6sx4y z9}Gw1$#gbfELZEzcDFwqPv^_^cGt!_c%(>KUX-4zx@kLkzTThj?|(=Ac6{)8Y@7I{)lvv~orA{u6kD2y8K^&=>x zIgsrqSZtv(+ta26cc#v#oNZ`(%GrB0#9~z9N@D{nKRK>-m)}!yT=Zlu$`7oPzInRa z??>PdlI0Fk0~-7A-LenHAL_^)MQof@da#u25o7h$v9r0&YmPx4%LIg?XOs+rTI+RS#M zOLZxkl)2)HE0dCv)GPBf^-8@mKdDdZJN5OPg+W0|`U&2E217&{EpR{6jf-ET<~Ob# zyGpW!Vdu8_6zO5^DnYi}VGk0*eL6nbTaYBSL?6(dV&iTWpgnyYL%7EGjvBlDy8+Oi z(46Rsrf37tak2D?pMoxcS@>+Sd>_yY2Zz`LCe}O zQgoznrvBh^S`}BgWIt;tmu7+l|1f)Sj1GH6KtxEDDh!aOdO zHn|EB=5ZmFHa1r!BBaXI0AfO!$Awhd*jyiBLb;Gi8=I>GM3_*ArDg1tQI6$2nlDD$|GN*kMdAiT8%h%lkd<3hR@)gS&QCX=Vu(Cq>UbIk}NSBTUbp`6*j$E;?pq^STdn1>p#wEP;q*MzP^6jiiu%a4-@Z20zbb&Y-L?^|BD(Ah^v|L}jm!X=qkUa6M|Qgu5) z6Mwyy;M3~Wo@cX8o4`Fc+!W`Pjog@j0wc%_Xh|sR#TM$0>b5Mo1D-}=#y`qGdCARz zp*OR0tU3L&*mgOhfte*?nJd#eadea>iXWJc^!W^EB4{dHe>YyD#cS=0_J_q0E@GfI z_}ZBBcX>JwbKn-Zg@S)8JtBoVPe6%t)C?rd-zcm`Ua-YQP|;&ZAmaIUjeJk0m|KPF z8}JjR%!}W+0%!{mreYe#&H+F~qMHF!WGeu1w2GKAkL&;T3-5l1W9atnsSdu{#D7#% z{B&sx@=$j>{ZH;gGX&OD1cSu#8lGsTvbi=ulBvLk6(3L1va zvn;@}k$z9k!Sf`cH9l&;-F663Vf~2uD)`Ddnb}hdj?)*=-^|yb1jND%N H3Qq$7iB`6k literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/_static/fonts/roboto/LICENSE.txt b/ia-terms-updates/en/_static/fonts/roboto/LICENSE.txt new file mode 100644 index 000000000..d64569567 --- /dev/null +++ b/ia-terms-updates/en/_static/fonts/roboto/LICENSE.txt @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/ia-terms-updates/en/_static/fonts/roboto/roboto-bold.woff2 b/ia-terms-updates/en/_static/fonts/roboto/roboto-bold.woff2 new file mode 100644 index 0000000000000000000000000000000000000000..ed8b5520cabda5a8856fd0cf64afa7d72be193f3 GIT binary patch literal 50452 zcmZU)Q>-vN+l9IPY}>YN+qP}nwr$(CZQHhO?|Hv}k~x`m()6ggnsnXGy;?UpQAPkj zfd4dt41oCG0Qiv%05Dtw07Ue^+5b4e${03PN_S$iA;NE$ni z$X7hFa&trRt3z#u1})}s0>*^&IL!Y3Pm{-C?^$=W_q1uv7EnJD3xS+2ke8)S`OL%U zAzX^G5V@6{W^*Nt*-l6ckZ-g%^>vPVlk|m|rZv$mt9$*&!hF=+yPr5b1{z*+&q}yT zh(8{JNuSaUqS>Yg-E;OYucf1r?I>^qQVW%}mK5gVM$=46gBskL#FPkPZpne1CCz-r z)7dh2iH-Snn1oSZdYAkxS8~b|_h%4P5iXt!k9I%0WvSMy*cyH-U!ZoRjx2Zl%(~1) zo%B`9hSBE8UBS?xG1K_4YS6fz`elk%qUq-Mo*7?dbL3&2-ppjwH!Yhc8LWMwT%3~#7HB6KlW6S$3%x7t4K7xHHiu#P`Lpqv zSeglXbRya#a@%b-G>VelTR(I6qS>^<#r6zYhYB@Z?aXRuwl|#kxLHIg=0#JrWQ4OE zM^XycV`g)`e{t)C6-mMoK#I_qF3T#DNSDgko8U+Xw6G)#@O?9VUUCZs>oOGj_$4v< zhRERxO^Bz$X|fDvG&|AT&I#=;4b(?n;f@P?GG_xeKcO#ji|+|H9w?FD%y+Zx<&1vX zt!OEza+NC)LiM6D=nV|!F5f@CdLFccM4xcH@=E}8&Hw{|FW_n5Y)Zat5%v-GNsr{( zP#NH9fZ1EP%DItu`T%5#>^X`gISvAyHnib|%HfjW>FNN0-+YZ{vp#{iHBr%zLHJ+{ z5*zB@zH@f2uBLN74^{cMF|`Sb<+v7yD$RmR;=^~j0O@Bt%wR}HJOa$(FkG}^PT0oL zrWTSykW9EPUV2BgVMUyG9q5k48m<~jv99ArK^6~V8Werz

3~j7indmdALuwtkd|9SGqqkLpYe3_e>$h65$)7jB+K4itc@Q(9a5 z0($kK48=n`=Wm6woDJ|cGb(E=3b0u=U}h`d0kryAf@S$#fUd}p0?*_9%DW;M1camQ=E&h5hI(O<-wloj( z!i0R^?gadRed|l@Q%T_COhOcJOB1Ab+IIm{Xjd2dY5v=XW8mk9xj(gj@?KaT686@-oNi(%)aEeCdjVa!vSc3bz6+VmYxRhe?56sbtuoVJS8H>vtnQnK3|Fk@7~v zg(}U}@_291+PVE^6p^y7WgCxudv+&(WTMa9P{nf-_N zoWmIaC|R3+$IHKFZUP3bVACHz@JasBn(GQ&E*)_MqfR(3s%8Zb(CN1qCodn;jPrC%3w^-#!(WFMf%M z;++Z7MY6Oqu9e>G3zB@KWyh&rpEq|~Ki_|MdmC|pIjLGn*}Gpq$K)l+Ll3FhjvS%>n|CX{c=}@Wyo#b7US7zBgfVi)Drb@A z$}z(aIC^Jae^r-iUUc}9tR&UY?_-7Awvmqk$vlsAW>Kb@iJc(7CHDZ5q~&VKCnAE zQIj%vi*XEJe96>y)Ph$PC>bAb+b~3F?t4pwik*anvrYoSg5Za_XCZ!d`+IJ;C4NgX zBS?+#qbb_g5Yoog>SJ(^sGfME;KZP@`NbPS8+0| z7q5n#rS$syEyXeOe}5*GJl9w`Z8=Xa?I((erGP>Ff>&15N#9XH_{;$3OyIoSbntqN z<`pIRk}3I=D*2i%`75eHm^MHy7ho{x05|n$mgDf|>)_|bN%>2`{ALjWw28nvC19Ph z|CkGa&-rrr-=2YaOu#%RV4pLQ&U*;*{Y3pwk^1Gsfzm0p0rbH#{4-3zOjBUeb==Kg zIs6x#K#fL0oaTV1*>KhQ1M~+%0!2_ENGVaND~#)#7yB6}0j4PaQP%<07e@9MOALf! zg|aTP7o&0bUrcN@ctP)Aj|_<%mc&g0|=cpOpruq9JNd#^zvfX(MCm&TR-9KByWu5MI@J(>6$v+QC|0mx+LX=+2(hH zrY(Q*3QG|_==Ij~xa)F4zlHw}Q^f)}^g0}ehc!b;=ckO9&9KhyHrlQGj6_Eo@XRmEK2tK|) zBT^$ex^&pT&Z`W4K_u{|Ou8#H!;v_#Ip`7o+SRQpM8a}o=p=jdn zbzJV+C9h6Ke|qcboMZ^y$VAP&ehPOBLAbIWgv)5R&Rus}GmWojnv(rA+kUvWmDJHatx}#Z0Ta7Pv}z>bO5iRhu(@(4&fJsv zZdY|ih`?Mbu@Qr_9EP~Dkr<#XfOZ<)+1RvloOKi^@-Q94?vj9e77YZFX*;ZJr}!0g zd;8OS72<)g^F6#Qc*qwjsHx3V= z4eaONPJH2RT~CwL-mK=hWO!K5UY*|DXKnZwx6sw^H^}VV-)u5EeW_k6E~;PU;@m>` zI|5@RZ?&z#hdDac>X*=X%?_0xIIP;22d!e)Nk6iBeTG+iCZJRMCAjEi3vb|2%bp@| zaBX2MY)^66GntX^u`uYL6#?dK%+V(I6n4oc8|X&l)HKz8ab-J9k!E|Ll~`;wYKZEy zI!RVNc^=zK3Fbt}DRnbwA@_Q5ZMR@_-FT(Zn&OG@bRO)no6{=xQ@KlXrh?Cn#QQW7 zxaN*5uqm}CtLj6sy*BBX#30WA;>nNp+W+HtJ$ggu#w$tv6N;fVDYsp#?X&8H(b=K$ zbnhYAo;ul``)0MvbsNpN$adZRZW^51 z#i7+^Y13fpHy;L2yT*=5{$&QTDh*vO7do%SO5Wd4 z5)~*JML>eZ%Hn0)g}(n_B7z?l42M@83~54@7!FNG7pPVjen^Zj78h8^2V5b|ns>fB zH6J&Sjpd9r7zS@;Fk+WQnAB|(G|Dl%bf8_tu)F*#@$R(vapVq|dJCE3<`bD_vsx!~ z0^HA#FNb~{5~L=F{O7=*s6bl0VQl2koSiHjS3s>wJ#{$T!2PyeGftPA5`n0Z!rl-m z9i@_CGI30jTwZ#txbnhM$CDGMua`y>O~J3BNM0D(4B}#3V!aP+$EG~b6@#q0pssMo z`my3ABPNvfV9xfJWLwq8W2@7jFN09j+LYc#Wwg;7=n}?Z%{gndW&xNtd-d+JfuDax zDzI}IeezrP!2QdXaHjC&fzuZJW-;}i*8;@qyK!Ri>e6O5e%CT>9z0%wzzoU3RH&E$ zMHCgQjjIBEylHMkaI}PCW*gU_cJ_GkA@?L*HL^fuwW&^C9P_3OjS7kwR- zQDggrg(Q-1Wu<^JZq8H*t6?JmVM|19f>o%2v^^ zF=J`#Fr}%r*ZJBXz{#~;a%<~m)jY<7*;XglJ)&o1UY#r+vONByEEo_0Bnf0B5+6gG zU`~Hw%7ACpfG74~@v`&d`UeqNi0PP=H>fQAPl8MWttvZ+@pTCP%<6M3?oDt@j+MvT z?^wM9b?s0CR5d~6dP#cE)Pw5Hb-J=`_WgBzihzy?buVjBQPXlSpK*tBscvTTdTkKZ ze(^=~MfJt?#nc2JXz4z3=Ae>ss7GQRGTDiQi((#lOU|J` z6z)4bfIqY&dA@K11w%>cbTSvE7!9)|mGdP{ff_!vzkV=&@_eBxTHmrA-nGW}2(a zxaLi~Y>&|Ga@Vo#O<~rHwJ{UVbE2`oKq!VuwuEbAR?oFrqy=ts*o}hJ1_77h*mW@1 z$!xn54}shz_1r_^48t5PqB!TR%dQd7p5UGSzr#VVk2`a=(O4Y_g+@x%naqCa=_r;4 zy4c~L)w6q;zI!?WT1iI|J;;(_)#U!xq1vU|seI5q{yU=C?y$e;*Rk{lq5(ceV)`r>1S|fAqTlj^P8yhw))KnDaq#&IbTQ?O6{cguejkxfD$C8PbDL zq7P2_NTt$AW)saQnwB2`@fyRIxcAw1?_Iw+elx&@2>>A^gfk{pYg?OvClCYv1q&b_ zCd45=8?rV|g2(Kp$E>WwFnc&P=>;Rmavvu7e z)HGsMOP}Lr1t=O&?$B}qzig?-TSi>^T;@a@C|?7$8!%ladkn(|(dX_RrL929}eI1|(z4v1Hfe50+h78EcjE574naJgYNc<$0 zB?_9wDuw5XwiZ~X%oa$Ycns#P3DmlB>johQYtI*Y6BMO^UNg~w4EArqO40obP`~e^`TbH zqgIWstG2I=c@>$b1HSEeH_CXIL_XDW(-j;{eA7o6Cmo&@XX$5lA7ZrAB?BRo^j`CC z;|1D>h;fnTrA$zh2k0wH7-bpn_>XzStQmHYiiwl|T8bV>tW!n6>k}1T872&PUyE~v z<_^d-#c;6~B4wWq;m0UAO3JR2g+S#65fjpfLlTmWiOE1IBt$G17hg)Ht z>xFPG&b{7odzNuJiQKMb?IW3{Js(fI_i11mr0^Ug(H9wx{k8i+x#dA(1$dZ)h*?49 z1L=(n0F)S$KhP%zt?Rdo9Oou^=}3k!wExKhZFjl>=B^c zgVN1;42c*dAn;)_CPZv2%S0_n;XERWZ7)lFC6!Q5$l)fGd)>bwdh&gPw3zv;5C{Pj zUvh6qjPi}D`TI~MbVsT{=|wVFO1X90U_?G(fq{=g zF<|_8G~$)yS0B&iUTUl5X@I;Kh-FO*>y$g3wI{q^uT)YM%BdFiVBVg_Zy5Bu$rN(y zR%@KD(4SMNM0|HPRaEMigwp`O(1D&?)fzxvAtcq6wH42GR^pvoFMNYTj_i^kup=NMWHg>^ zHZr;N+v!dy6^yl+z$EhYG(hEFyi%7lwm(Aap#TLKWzxPr*{9`ixu5yr6$)RN1KY@n z=YeNtw?qn*-cRT2CstCDtki^Zcnuq^KJ3|Rjr;k%C&>@mNJ*#J1PbF+Us)ZzVdOLr0w~4gsxVGL?<;D;1A+-rmdN~@2 zp|^4Uf=$4M1P5$C2kMV8m)%Lf4W(}s1aAj}^ZEh~pcbMesE3j-bBD6Xi07uN28dI) z&CG%>855|MRYpDTSgto&Z5ib21Y$fp6zNKFXW4LdZtCA;WrjV8SRIy;zzc^E44D`o z+LYdLQ=GSi`RB{`NW&v3s6#tRuZyroojaUbD^X~&ZsYWx;(TEH4)d~=HPLFXVEsju zne3Gu;#r98A?>0JLB@7x9JG2}gGq)Zm8+tbIGu|@1G~&+ zY0jZnGRV?|N@PswOnL}n3hL2GP1$Dan7STg?*TSGV!pZT;T;W`C%NxLk6Jo6x07LlfZAVB2U^i-tvv&#lD}vm7Fybp<==l*K!P(2W(X%pfZy0f9||Q z=aFI_n4hBJ^fPHE(mRideagMd0iDnwTaZFF)&!ZRP}E{i*bdl*{lF&(QM^g2=#`m|u!QOER zT9F={9PPaT(@Z+%5#O9C0J$`&SRfh036)x{EKCMj1y)nKtjQRO_g_6*e6HXKkGM6)&)JM%XJb5*a|`A7g?ngX6RVY8Mck+=@4ySV z#56A+dg%q4v>u>}mflrJsJtE^60$scBsGG;Bx5v|J_jodC#F<~W+A;MToYffP>8%< zKHAqmdo|{m3v!F|pb>(A-K^%oTDNRp?ir@uvz;q7tM3Ngnup9Ypvf6?BjIjX^jeK( zOrQ0kPCYySxADi)9x2Aj$O;=s4k02&^M?U9{R#x^TZTVqJQl<2}`G0#Fbp_E0XzK_jxOoL*4WV@F;_4JXZaFb@Br3Az zY23K+pnL*z-{%;VZ(%_zOki`pQVPtVF8I0V}@>ac%HZ&N$g zoC7W9Hk%!8V?J-A+oJ$Bt@+$zDW_{8ET}Cfd-navxDv zOImGm3T3Ej32Q0zk*&J|6B{CY!YpniHOeR2U;|R!f2te zx!UPJig*)S0ULF(;RoU36uX-fGf6~mngP6qsfeenHoJr}+E7)M37UqI)NfJiV1C}t zyIcTn!xu^DCb0~)qvT`jpH5M!$j!qbBLo6P6^sV!6d%>=H0))BRggyxl5d4B{GyJh z4XTn7PPbpYsXeHI=zSx?OP9+D8-{{K&VZ2as0MbDTf~d*B(7=n4kB}u`UGE?iYjnKcS#Z7 zgX6+nSOnJ|MZg~|t&ge-jywt`)_oh1_|ls>gbVTVm-E#&x*(!O2(*%We zoHh=|il2u7^~R;(l1D-c)yK-IpI*N9J58}_^F@bW zeE6+I@w`OOfa9PC(f3nL$uezxS*Duoy)wa3B+A=V(MOFEh%o>Q(VdKODSeW3i+t+s z>jBQN0HODbUq?+?q!MwT7fhAY8!ym;2<{rvs^B~JU(c}B9ieSF|2DDViL5?7Iy6|& z0O+mZz|llPI7W7chswPkW~<23v#^1;Ip`(s4zKsK&#y7>_A3+G+=yDQhF#V5J;mS zBFo`Sw4`z$T`vPd;fRU*>%rE*Kmuw?+6tzf^A)<3<|LI_3Jwyw>vug};6`l*1gCNdpwmI8O;s1xd88ki)MQam z4_HH;LX)y16Kb4MiedO^_yVSX>|_=&U{7P!G@=Uj48-&hdCsD51tm@b?%P2@G3e$f zFfFm7iSs3EXyb_xh(Hnh(-X;Pefa@|B?S-$Iq>AS4a5+SBMOEESU?qfj<};sRWQz))J{>`JI}hZ{p-UGfizG9G5zBPf}2NC6au>g zOP62RGqmI_;u0c0X=$`};yIv7q^q0KlsdT54Yo}Br>O=dUz8Rr9p?WEc0e$jtpY4a zh{7d?C7?-<@YjS#B!pz9gvEA)W$WJU;imnmSoWFgz+7WEi3w1!a;vaNPznVt;8fFg z2EqT%>dDJ`G2=Hpl(AG0+Uiks9gQwQdVB~zhKO6yVjWC#z0DupQwF0wGXdGar%;jB z%{p&^L>*B=+IV%d!(m}3`$TaYZT2Qac(zn62V|JRgku1PoX<%lyR5JOI1Y5 z5*L8Yt6$ppD%%OCW|T8li*8N zWldnqoHP}Hnd?qkI2F6RKyBy{yUK?=*^u%Y;>svY6N;omeJFxFaJ)1@@NuODXojq( z`)id`K}xPMgVlFQMREY=-h24txgm-AYzyKEb?68x$dd%5^ z_O*|jh{HX9OCpo+`|P*r#?VFjMr2*k8zRj>I!mGuFzJVaYUt;~9uDx2W<)@zAsbjQ z0*^wGGR|f%ET?Uk6eKicFcjOi$Q;(3Otn2w|9;8L29IUYqpksMju{jP!~XR(E=9T` z2f}gMu16>u{VynDS=#}(zk7GB^+DR&Ve9DeQQF#j+k<_Txw{{hff=mnT(p5aMEa<_ zFjH!$SVXo7U(pFA8prpD{&XC6%~$I_b+KC?vfb~4CZdJM0S@DW^Mypt9SYJsk@_ew zjG$0V28l>45l^BOs^tcaKs?*2wjojHf%{@@uvACSMar z!#-=wsK!TS{^R8XtLvfTc{W(V1}p_+Sjs=!rw2s(8?wz1Nq0l_Q%unmzFeyu4R}Kl zI>fU(j4E2Ipz^IgY2*DjuQPphp2H6P6T422VnUOz42(LoOaF~Pel2sqC2t)0yG62Z$TB?~ufS=u4~WWE`EOdKphbWb!z`b) z?#}#@0vArbEZ;S0CV4~690U5Mg{@p%ej?`MC1TKz@+k>&Iv3ao>V2G(CCWl_Gwvd= z>BU-y603ifG}d9M6-S6BByq!%T0$D;!GG4_n^5`OlZ8DhAWKWvk+YKb{G3BMJn%M7_k7_mdommPX%5K$zKu8HC_(HF_gioTyDa;B!@e@LmgB^!i zGlnzO1YzSsXo}~8S-70+w0?r64#x)v0Dyi8Mg9DC&UOaZ<^EKOT6wGfqnOH4*1 zJPx-{25@A2t9?jBhU`}WY9^Ga+Ld`BwqVXv)+0NV6%@c4qO+k+TcSM77u|qtbuw!s ze3fz%l|N|dEfV@-uQei!lJ$XE^@scxf!^MaLKN#yaFdV&b>d=|o%7iPH!Aek4=VP& zZ`4VsK$gZXpMmV>4v^j~FDx0}?%T3N!`JL09&ecJmS8T-c5bP95nbKf&D-yG%k_UI(~vLsKVSc2@|M@oSs1>h zzifa_K@cHX=3lV{jE?lPQa4AX$t#?6XYS2MMEmgmcaF*@ezO|{2exu%OpoK@Z%}Q( z;~o$2?Kh*SxP`fe7J{Rp#(PJutSNlrO$C*y9I+-J(+VAFv1C&M2s=EducaLz^MG3& z&SoHCw(+MTE~W38QZsKe&@E@c!Y$wq`0Vv%NjYVvZ=Noq6;-D zUyy0ELAT0xaRGKPE62T1f-K8BlAswVKPC5WRyh7FkQ;9hiU}h$%}n&P zgjvc7bX<#n7wi$1+^MxbiUNY7pxIGh10|oTT-uFgC13#Zg?Zh*DPLikmrUgbC5soX z((9&nCCY+HDz+OmGJrO!-&d69zqC8wUXYz5+q5to5w%I5HDEe6IMeb|AZV#Qhd?Pq z)st%}@1lBXD`RN;G^sZOl*Z7ZA0z*u^-)sSGbJ7X6*np*4AP65A25dXA2Q`&zE}!- zv6f{h6BRYYFd!g}VMvl%ec-s=>vuj7DM9pliT37F!?NUT4pH)_$ zUHgXqt=zMWZ(7R1^m@Ph=Za!af8ihYcFKMmDFKpKA>Vjt4b|eS{N+3h{P+-6rmzAiL;K*?>S)sGVSP_& z8kXq=lM+8v-C@f6;i_*Y52s;db4%;Ro;3hSgjw&9Qk?k8kXfb692)k=qUo> zWVl1irh@F{LWl4aLq;y)4a<>|9!|USAbwNZNUAP_jt)tj;>w6+_7zKpkOu14lnZoO zeg_d|YH}R{B-B*?>Tw7tRLuh<)U@Vc5DCR$sWfs8OPL=?j3{n-0YR()ds%m?!i6&M z$X73(KPdJH$qXX3%JglE`(qKfJpTaw0_l*xyQhSHS;XPrFZKNVLLYWZ-|L*_i(_lU zALw5a@XkgbQ3~KHyBbK~n;l=;J4o31@i2)K5Z@5Wy{e~x~ovsl3D z{x?9?*=kDlhCokt-NUZ@d<$hwrR47@O>~lpyL&TiaVI|u_)x!1FH>+w?Uyq}8kBM%O{W93~+Zw}PH zL8=S1_G^^lnL zz@7CdR1kh<=6##)sJMEF4{8W*LlJ4Cl9HyUFdh9UM7hCm7%ud z(Cthij%+o@NBbAxl3_>6zsU0E#MQ>iy53Edf0o6gSF$`+c`z!(K0iRaA56!gw4vf` z_T+%wZ@`XtPYvjIg+R9R(K=bHM=sq?T`}v720bT$uKoC65A>B^pYlU1h$<4`>hD4K zckgW9RKK8q@4bC}AX%cxm3O^eI`cGoWaKYJklA52^@ z_jf!8Ztpa{L3%}LE>3FOkmtK`!g^z`XFZJrkaen=dcPic`%6LFPBX7_8D_r?&p>@g zz`Va;{&9Qo$PGkiGb~#mkkBewt!n}(DaZ+OjJN2I@4hqd+&2uS=#egzvpryxzM#)x zY=q8J10Gtr0N-1YkJIfPq!FuNhYI10J%v>;^NQyi!@M)>{o$bG`z||H5Lixg0L5$wRxK z(rUH4C?b$%Q0N2-i`{tl2u;rwYD8vp54C{@)8b%RD18F4sWQm#U4?v>?Ab}8p7 zUoPqxUux1=I!vQ)o!`tyAKeiKQf)0kc~~KhIP?BnRjtx-qQO2 zMMq&d6c8uRKl3Vl!cz_kxj()r8C**7NO6)NEi7AY|TbBxqLTa3Y`{ARr_lpbWx` zIJcgb!iz}{mwIHDh-j9oXqL$gi+J14wi=UgArdkq5_0@=q*qK#+7d)uEQj{E9lvSd zSQBIO>Spohz=wt!+Q7|bvjHs!Sl?yM!{yQ_VPWCO%+0jW5U7hjA7kBgi448<2LQMW zbVLdv$2Caok zCLe<%=5%lL;)g)VYGj`-K!y>oAD8oZAel9nf5+p33pr<{IIvJAi;ocoy}uqS&fhV6f;KGO|e6p+^&0bf^Wu?38<4gm;l{fi1Ff7_eFR{F#Y{!hy)H&$*+x#1u*UgK#vL73mW?er2WZRf9F(x@?Sg!M&3u` zhc=5F162Do9x5KX*vD=(j$D4`58J2`4$ie3vzReOye=Hx&Q8f;2Mga;9Ko|pa9J+Q zpd~cXdVSck6h8;~d_NB|&3m?AGeOPYWoKJk7{)JRf7VICVP73iC=G{Jmq4jZ^Ubhy z<|DL<9F0zRQKLaU-wl~5zSKkmR*+!BdTyX@TvJS$0}`?b(^uCIkaWi&m?^yBi`Oqp z9%W6wKmefBmA)UJxy+yK^?%Ki}$TxLQmdg|74cGaOMmEaf^xI}{-!t!5ss}~5 z`Vz~>riP7uRVzg)pC0zYbeKysjY$T@PySe^Oj0N$aw4&ynN;j@vVi0#k0q@Ej_glm z%9AL~eA^(x%#fX9m5TghGyUl&M+G_s;=ApY8^D*+?y*@S!OKuco~rh&z@3gZn?gG+ ztEZO$8*(Y0Y?2B{zh;x}=!Y(Ju;8L$b?^0+V&k+g!DPTgIURTG~5{R>A z7_k_gjEL{EjyUA-?-htB5(?*~RnxR?EX}#K_;?R6Me--fRud&eScWq&DteH0&O@h^ zVpNAg?afKHRYTM<8C&-HoShRrEJ=a7T0$v~aq@`0LP2u9-6;1FX&TceBG~YR5J%}L zqeG9{Y>6nEcbSD73Buex-*$5cC*7^UHk|z2n)|_Iy0M}XNcX|fb~Ww{moml>kOhMd zb#~q7%Nf(3jdBD79^rW!r6!(J*Ru(L_C$Yk-KV&+Frg==OCrT1wE-id%oP+%Z_s&k zatYZ2LkH^*+|xSf7kiv81wp$xOX#KH%&hfBb)5dX_o`FA&_oOr_C;flp2OHwx7HiE zADvAlH;nc5GKq4UgxYX)Fqi zP{oyVL(-4pTyZx%*r{{uYxRs<-xxV9lM4HkXet*}K9jZg7`$VcvryHTC4ZS@Ri!jv zn(M#D6#sAUp#`2RF@T(4e?i8s_(U30;+C)c3zEnrnj_Pz;h0+nkA;aGwshkw=d#4C z@vNH@XQ*A%G0VA0DF&*VTA`pwo$T0UQ!)i@V1V?6CJb>6Hez3G4IOW0Ft^f2#0WX} zCvbSnXvJuihZ%neVt{~{rL9Pg!yVyGuo%Or!@PfJv1^H1>qF@o?^}K><6Rz1LN5U#*D0ai?(o8z7VY|&X>IiLK`J%fWB>j7-JfdnkhFqk@g1Dw3{+MyU|}* z8aa5mC4rR!j;EBpkcVxs6||lm+ZJ&u z!lz5M>4E}l;bGO|WE&sO$Vu0VxLu6XIBG3N*eeT>X3nq%4vbZP-y=Ej6|K3Ov-6`f z_k;y>^ka^L22U+XE&j6a)n&K9OE(TD1q~-A7bMpW3N+-jf6lxsM9em$KRnylm&>(F zpA+D>CtV##fBZPMC_a_#MXJR>?LXSZlr@$LXjGQYzQo&<>x&eTG16R=G~^ZW7v%LU z^$PdnrUh`KyeLX_j3rij@3<-#q#<*h;JDKQ)HG3deT z`sif)6~QVM2=haxG5&Sr4*~f4l9|gCbky+l&5|c5REn+>N4#&J$Bo|H`Uy{TR_v(x zx?PU`(6)>*U)`1`0$8aDUjCYvDH9|rMC?WrLEDe>D%lj+Y92LgCZDpZG;AXpZh||D z(Mowe{qzkIN7`YFBsd#vgDw6sN+lvk75bXgdxg<>%j;*Ty?c5|ZHX?BedP(F+7+Pa zBTByD1+&MgF1es;#ag?{1t!&P;dMMLe|}9(4}6eRa8n%MD|&;)dj4*dJDoU%e_ZGx za^ma_rGCHd3}AJ4zmH(Co7r+6rKk@!UM%G(Yt1hbtLLGY>zm&v;-Rg?lOc6z&SU>9 zn8l6MEybe^Ge$vg6Gawz`lQU7PP1jt>}ZOiwBE*EN^=Nc zln!ISMXsf(hplUPe4Rg+V{~0I8CTsDBW=-|(G9o9;j1m*=8RLijpSVxnD30othPI; zNmS_xuBAr4^&SYPH)W&m8@RH`R0k!Yg8;H1tRbnUU(E36zt3v2z52K^9>%xz;h#crRtGQlnvhP{q zET6#lw*TQ0y~z)1g|gv81V0_F(*+~rg?jQ%6c+tT0B{`!sd;NK2kYNWN<=XYT2=tv z%bI8jxTS&@Z*KZ?VJdj5>1jJ+xs^U%I}f-5LSKp13&@n-n1#MrD(2a_J{1cWqt1YH zn`rsKt4vNAg0Cp%)Kshq`z>GrLp@pDje#wpp%Da(!rt>O`^?q|t_LihluIC|+-Tmn zlPc906CwxL%~RnoYx1<`WzboNIYTwr>AtAjGwCcimx4Z1BpxlNha{0c)92nsk&fW_ z#TfY=#}6wZj_5M|V`i3FEg?Ev=)3?N2&p(@Qa$sLF{V?*XrN;`sasdwKoj9pJ51Ks)?2SIbD`Nhbcj5aYQl+Dw60dNKd6Tc!eIMs3-d zSc$owEfpA*-Ujf{IY-!MZq7A4H?5$^@oPrZ6qN{hOv=K~b#!xHxD)UE)4^LAsZQbD zFruR1f4W_5u>xAI+LpNcq~NN4#xz#}-N&zmJCOKnP5@K7+M>jB5BnzK8@tFHXHra6 z6WH1q9`I!##^h8%5}yRA;kJ79N>u zT>fz=9h4ei_8N`gfb43D6q)EAf*YR1NTd8ub+pr^{sqr9qTVUaFuWe#+zhgG%qs)& zBnrBSf4}ih=QF5sN}&2oB<)ZM<9VVPI5J5*MPk&P$A^K&6K1O>W3}!H zN!D!UJClRbklw+&ZYa6A%^H=CmRBfd21Q5jSfr+_Bb7Oqg)sriX8{sz>LX;LpzRcj zHH0w0U1YV{E^SJrwu|)r0`O$4&5#VNuJElZn0vE`DQqbxuj_uBliehNMeS5BOI-vEizp;r<$?U zoFz5Nt^~A9_-+D1u7rt~$>6SdVn8j2a4Ba=D!K5tT&%59p{2U40(VLzfp0PxHYn0Q zT5C(8FMB~G_l!Do=8S$0`<14kc22zuBy&+vN_rQzdKoi3w@BjiO-KOpW5qUDsUYZK z|3>cPOq3Ou*pL)?^FE!ogtx0$^bvz2O|5of1sGJq*hihG4K(}T0yg-?F|n4iGWAY# zI=DH|orzpJKivxnH0t5Ee;olaN5X**A(*8MG{qB2{xV|BSE*Q^*>S?M!*GIC?Fc$^ zR^uG^36bRwXty~beQr0H-!*ky!cYFNZ~ z2md*5{ROB&jfmL1kJSA^?;;? zrK1!OCw?43QMWUyH&2D36xGpiR$1PLoR~f=vZ+lnf9MIJ z$}eO#iS8JV=puEbb0O+T)QZmKq+Xp4Qy7UH<|$}oU*(+$PX*Blq8)f~)Nt9k5C9=&*l!pY-R007qr_2!g(RCaLwo`G~=*a6DDP0D=X6 z_I}#@EWzi$y+F>wySphs7g@S-fR;v-2w#YnN#-R;gwpw4#h*bj>4t?wU0Ha!4~)tL(7_X^%8oL;XE1C=P`}^p54RM9F#$3{i)_R29sAL|0>+abMyTL+K=`(uj;E2hCy* z_Jv-eLEu*|Ux(mCn~DVlThpvF5F8ZMZ1|K#7Q{i-{@hkbQ^c?-(H4a3ic%SOrXAWg zXcKz(mf(>qoVHVbA52Hl zSvnjG#x0)q@FCb!LA)?dP;o-aPa>KUM4#c$7Py>`#_1G|JtbGP>NV|_+9Q{Lsr#sb z{pP0Q`@bb8v9~Z^2`GX~Q;bieCFILXZJA((0rHPsSxWq|@$1=iwn`;!R!ddzsC;HD zSP*5E)rDce(9IfEMoK8B0C*pB^M|?|nfIHVCsw^UO&KWsyEC=f zZY#k5St~6<)84Y$;-k$&P&%Z0IkmtQDSv$f&_-30^h_#44Eode_v|}S#;#+`hO6K{ z!u5larYzOR!{Y-CH3jrN`c9s*hZLTIe?cMY*j+(O;zu^Z;xA&&Z!}V3NBSOO8=}}l zjKA;^!Rv*N?Ey~g)AlI-^Y0=<;IUU1m`OR4-W~D*=pb5^nYHgLj=NHZBAi()ZPk4| zC70(KzG)dmc3@qnm$qeQ<`lIBQpOcHvL^)T55p3kVPy>o*vyD zkcd4;!~p4*1-7{LYSsM*G>ry=AG>}} zL)#s9xuAL8S@TQvbd{j2i6M~Qdt9lfS7mLq8(&}Vp}JkOfn~V-V+IT_RR}0Sl_7ODMS?x?@E$7n=-RI8#2{8JL@yEx*9Sj z@T8RRdJG|pn1LanQWWu+;5Pow?uLx4uDWbBOM63hPG@841niM2CAqd!D5R=U}6o|U;lb4x2rqBoAy5k#(%>NOI-KHUo{POzv~b0 zVY?@A7t6FDO)8J1<-vWxogD3kTx|a)SRdJ)qI^DqyE$U z+O>_VXpgE)RwgXcTf9O$qV69>CSsNg2+)e! zLz|9?M|hjl4xyuVu-Y}|*^qNgCnq0h4#q%6tx}*gl?r}5FU^%4kQ5|H}R2TNIzO!d`AiXB{%hlDK^Baid<^1f1_xeDRZ}TYU$e z#TDIw)yA#Xxt=Z@qU3@cN|$h_aAEm&UX6Ol60T0DI}mz~V0)fuXDT%OpbJ6-R}Hxx zzukO?`}u)VSXrVoh($WRRID{f3pKjH`$lFZ3_8D<$K|VSrs`&aihO<9wy7h+o$QD| zwh}UOwz9*Wfll{Q^*&AKeBgozp&S@jk>k39t=@C0B13LL*&e~UYL zK4L`bvli0GB>ZxjRDh78fV0V*W6-=Ce+`oA7(UDYe>7%{BM8B{#p`SHs;?1CR1I;! zLTbQf2h5_7{4%N-GecB&8?Td6gsMWG<(=ttS^kQ`Rr44|`^R;yH(R#Fe|ei?mllG{4xq){_24o#o{y4jLA%)VWP=A-x=>oIER@aT z2ol!{;9>8GsFr8lJqK+g%Ke*L!>^O9-$IB&Qz33aa{iTxL zC{M-700ucTfqy+;*1fI&uP_nv-dEIlP^Sv%wx-pNV6j#ink z6jz!g<2%OzqJXjIx!9ot$UE)N1N%=Uvvz~!EDaa0fh6q9t2zrbFYB3s91{lMVV_;4 zgrJ$Uka<06l;+SFi>*uoT($p@C*#pF4CA4!4^*F| z{TXlo?L*LmC!?tZDvWaW_tFNU-(k^zrH9?z^3ObioUZe^^A$3VqEZJZ;C40Fq>rN~ z{+Zt+U$_O#iBXWJ&m%8dH(a6^WFwYd9^$POvJSw*@@`_CVd#WDMvpD&ECy!K?Tu9P}dLOUk10DR%BEi6EAf#n47un!{fc^@KxwW<~G zR(9r3SlJH(;B}pghumv#xz`RJNC3OpyV*=(hS$C#L?!8V#Zp~NW7V$*GCJ-C&Vm1B zNMt^fz{tylS{wJRnkOutF803z>baJM&?E0+35;4rP=^Bp}T=qZ_NMs(?@m3d>8obaI&aa#ySV|3Bx(SuLy zRaK{*25_~OM_wL zY1ZAm)4!?KfGXAx&72GTMH1!*jySiA7hRUHYjLR>k7uyX`lWW+*l+Ixr>zQj;-*v? z2nFx~P@^A(LJ85!bC@I|mx;mhnBAt#Y(E-I;K8x^UdOOVA8@Q`HzLtLAo`~YGMF_8n|AC6PYKGKj- z96;26(V}s5JWwP-ng5`Ny0ZUiap17K#%NQ{xsLd~i=Jw5Fnk69ybq*At}YGZi=Q6A zk$A;!Lrz^n$`c}*u2(+tkzbap=DVEQsr8?Mqz|Zn_CAAC2Rz7MgCN;IhdtOV-pH6iEwk& z9d32M7Y45i{`D`VytN4)vvY@NxzhPeR+c!RS84e%+z?B~s=Pq{eM3e8+(AfnFRqH% z@W#`vWvr`z0WvuUjEe4nIvj?E4u|0rmp_}DiKTZ_LcMw3^1S7O zN(tqi(LLAw#)kOsJ_TeVm0VQvq``zi3OXu*O3c7+`$CPFzsPQg&5bQtIrsZmeHuay z<#`{HPEk63Omz~6{agL*)V^JXpj66BFR%8z>VnPVhI;pUg;HuX{VD4pVQ+VP%nw*R z$H7mEgkvq7X94{2ZUl6$SQPRFx7%-W#N_8Uu;XI!l$svFgS)_sb=Z8@tDZL-1XfRq zV#!S3<3mUJ8jY#LRVpZ4G4(cN_}Na8PE-0|nPNIoO->w-dJRRK3nTjOQ<#lIe_`AzDC$Df9+mq}@96lY(kx7?66Fm!1bk**Sy0%go z*&Lsdos?p~Ywo#6O?F-=k(pEGcXqlgU~|4HkzeGtcX`UTJS_uCh*#8AX|Ih3l$R0l zO9TaLuZ;PZ>w&4l~f>Jl<0%>GbVlJsqI_J=bs!f)UV z>SuTQYfUYV$GfR7T|(I2tsnuj=)xwwk(iBXeq1V__Z0NH9jdkLbUN0~@Wc08ik&6U zq*kLXtES`<$_NJ8IZvzYZ~Qc3it`x6x~PW=kK@Ey0%~QHg&t{yq~J5NGzlsav7Su) zL0C)=k4o1eAd?oKUV`$j8Pi6js;>89b5P0{DbiDlC?KKCNgt zp{bC?t*ySAa;Ti0wUgboNzQ$|n4RuAx;$(~ycF{!?%N92o{yR1FHTIUEsU7;S}c^g zkm>bRtzqi2(U57U#3mC4p8)S5bLomnNiNS$l#=<m_ubZ+5~bH?ekwZV+qYc-Eg z9=fk}O+Hc2!EL_S$R8^6SjPtV2r#`_l7wmgZv)yYlM8BMg7a}kEywC75xRN!GOBrD zYXw(#v3}#!64sX67No7V2=+eQ?0O`sC#yZd?^~22JV{C^OjH9{=2MRVk~E@UQkgDb zyc=m%#l4SIA3zKlo}wwQ%LxaY2LZefkJAYC4hjFQy(79i~&VG ze7u0;%X1trWa{=h5*{zo@tYBcK|!Ax@dKWi;zzcG^WE_BpTp-D!^rbte*cd*%!<&5~0B z`qMwuq_knsf7XS-x7|}6JyPZqZ>u{4EJjR>z-LMZSHu z6&M?MAu6~WVa8rUzV^bJ~`AH$vh49hW ztNxx1<(DD23;g5C3S$4X&`L@xI|oKSsg`nER>bF~pg*kWRD(6(WssSwheaebn3q;K zl|}^=aukn5X&LYEfMkuS1ghVQ@^cQNVzyI`u8Ci!xRc=90`#XtDTZw}Mx6D&;PF@f zr}1qbWW(eKMSZJpMNh0x^(H%I&7msu+=O)aA-tYFSHQ&MM2x%~K7&Z&G8Y$J;s)}` z;>Zff+f?gxeW5_*KU(zZ6Fpy?wbtpz%Uony+(Qavl{Al=(KcS}7f%0THXgcG_PgY~ zX)>3z*MC9*1U0Cz!8tg;b&mjve|t9VqKY%3D$6S;jd#;k(?N|%8tS|vi+>0HCZjs5 zM9#ZLIsLK?lCFexh55zy7bn)wcgFV>@3HzZ`jI}BFt4r~1yLX?Lsrmczv^NW-#*W} zr5gl{(tx+oYtl{6n>miWXpKv}H*&LGXmLPdRwm!b6tBRPc%G5};=K-PG92aryye-I zwSmVNSLd%EMMGz3!u@aJcmX^tZ@B-BRSWtaj8n1Ce9eMrPFWT zWW1vKL7+o)u4$x5KXM@S|D&|Bqx6ErqBY3cHRP-+i^3-^Ldotx(qYu&YH9c6f`3Ub zNG*6v!wo|cl=}>NXbk;5rT#;1YQqp_u0dO7SgG;$lZj+o1N#PEE=-iT0G{ z37BNGV3>a{uRCTfL(JG$VBt-VzJ$?V&kE3H>soxTGy z3P&fGI&{#kF8d=<2r6k?Ew0u9Jn(vER952Qy;Ul)waEOt0R7fJ&bwBB>bA{e0p1On z9dN;PPfN!JdCO1GFFDuNvXONWA5KzAzowUMvWIZyDCcxhwR>n6MmS6^-=?J{{(|I) z#ir622e3u{BOdRH))a@ieGNQ@RJd2$)cNqnBB69|<5gyCVA|22)m1{lNl6d|J@L{N zU6QRDH2x-3Auuuj`k6M`)p>tJtY*##9s<|hW4(XPS{?HFb9xr={t9|pl||tl7pdIf z5PwPtJ$K}Z5<@v%N-8W;rI=ok9+u`jew^=8K0vfc1YY~)X5EtTG7Rwg5#8P+7Cg8~ z9IqEUU7P$uRwEaSA>?L9Q8pea>yXVJotpPlClTjjTsH|YX z_B!lE$937waQCRk6wr_uEc7``h1wdCys@lk>azn=vg147_>w1){mv;5m^mPP%|zaD zqcE{iR^wcH=UsJLJC zh{U#wD@BmG?l&BKZ#w!?ixJNQKVqy&3{vyC>rG%Ym}uouB%lFMQ) zmBrf0=%|R<_kUjvI}{I?!)s$&2jX9R-G5ybM*0>6@Mk(4^eC1w&0}fM8 zCrQzseitynk<^|%y86C0qYPm$LdivSNIb7p$0QGX1FFJ3&LMkA%HB|3iUx?>(kbFjD?aFkzrmf_Ay$g%- zv8Lcz_mFWJQ(@*NpG{?BIefRZM|z>pKUhY4&;umYV(}!2x(g^{uQynz$-0bG3ou`|YtBrj&sQu1^VHPdze%rOL6^B|L;l}Qmcl*PyX(r_ z*e7GyKBnV>lYOV=_$DdX^KiG{fP0Z<;AxioPJ5Mcn@;u(eTU`gg@W-&){lnlC4H?e zz*7>f<2Ra&NtmM7Q8tZV7s9^S(tG$mM^eMYFJ7;IhP!kG=hJ--WWk<=X1Dy8TRLl-0{-be8R^DXYT$BZXsa_*SYOV+ z#{Gj7){mNhw{AMK37NomMC89SG3zi6_Jf4$N;|#8pZnGXV)K2q1iVkgVS-Xne#pLK zzGK#E*8Kc-)K3}=d4`Q{vBn%Vv$PRmt-E)d^R<76Cqk2;ne;UNu=W5|Cuj}$)`b#q zhe2|MhLjQgu!0WF!z#1jg1{u$twK8NhrcL<;%FY_5Twh-#Pm%AD5Ot7e91sFuL~y{!8cl=40u_Ym(2dfyDk-}U)xPm0j#>bYNPoNGx}Ou&F@&)6zY zv>V?u=mNI)5-|id+2*V4-D;lV?epB4DMF7mpwfa$V($9iC`|@I3crXbfz& zVm*7@`4~puFGZ^gD0ZH$3(O(*YQjj}l0?&JE%RIQ;0#fFc7qmct+cU_46AA%{o$JX zmvw#KHelEtQ61AX5q&}E@UHrwN8D&+9JSL$V_xUZtf(uhKKNy54eBRz7#j-m%ZJ@V*SHzw z%mPB!N0OeQcael>bP7u^pG)k&-Hg z^>;5`eY1bqcK7-g@s<1(!FX~?BY-ae@wlwG5{>pJBqL5MTPoMNqkXM~jGd{82`A10 zYs=Gow|J-x8-Y}Yj(~N>t(Xg+zLe)_7F87n8$H`&then}zCW7$a8l~7+Y0$U)msd) zkz^p)L&>5Ly-7U~wS$g)W$T>x6>ONmmW95X531av92M7NQS=lNOUPw~2e-!Of?H$P za;#WL8l+@9->nDi@pzi=MEz(YRovS2TS6l%5643#gZWnj<8Qvz7prm1)UbKEXsJ#-7pUBv=CfAq*4)R=Dm$p-|<@UYi2?NVU$tE-ABX6>BlY zT)?E)-g;k>Y1if5SDjEh=%SFe1FoI$C1P1u0BYp-!VLp0ffi5y%g6*#&V1j{8s~lx z1@<@}K(PWs^)xgns#78xp)X{FGT5))3MqOx;DkriPrd?Qf6^Sq2{B*4V;j=G-vW*f zYtF9X5$!3wmaVg$G7E5w@8g&tg9uD=^9OME`MD)(8J0Gvc3qZD( zod?D^^Sg{yE1#Kw$-l2Zoa%|PQE@MfEei7T`3#e@>?H*^6j2lW?`}%T;?=<ym_Y6m8oqPZ(Fe55rqXs@ z+HutmcY$ce+vC0r?F(ZIGA2ui=QM0Cb{<4=vOff@^Bjl*Q>2sckDXks{iI(H6!d?Z zHIP*TZYK?rCekFJRFqI&5L>#Lnz#7Y?&d9A zZeQ1I9qdtYkhRkvO8{-jHQRIZi-prGC@u-L4)!s-6}pv#+6aGNo)7zwZo4`c1#qse zLT=yLUB7<~{f(&{sC*du5coeEePLqGrQkVSCTL=^TF#P=%xg+M%3hkp1+(C=aN(|30WE z=Ycp1u;p%h;vKx$MIu8noq!RsklRaCunWZrn>zJ3jq7OU;c$o+dU0@fTk|hQ_N5RvO>G2mc)RgP@ zsb?ecJ_JtdCveMPspLE&H&FPd>-7VHIha;Em`Oe1ZXT@Yi+Laj+ybINTqyaC`;;43 z4%AU!mc%rvR(+jxGSxf$UwS{+hg>G8c6bd1i0Ash?peljt#6CGM1FWK?g5JIwn)(D zN>Sqzklc*kk`{=DGZ5;)ctD?iQSAhlTP?AQchkRJ*rEQ;Z}o1K;tX***A;R`jdI~O+tbrN7L#=WwkkJ9p|ObDklhpVR>0MB)km$e7?lD%?6S?s>OXB%J;!AZe6SsmK`;-n1C)xJ#OUhlKg`vSo-$xeU zQ^Vh6p{rVHct+~wU86UzqZYVxzWpFR__Qg-2K>Nm99rpN(@hC-oRh<w5;V)uN*K z{>F}2dAj!t#Ql+#lS>-fSqz^lGxX?8w9xN^)wDGi!oQ;E!(-C#(T4rb>3-hz0?8JJ zh$EN`*!Mt|oVQ!mj7~f5`NEk~e8JWoTJh6_2`2LK;e!Pxw^8@=OoyCD6uZaw78pE6 zJTEfsaUSZ5Y!?4S9-y*QAwV{2zwyzE%M?u6h&erCZjY4c%hWhXN!26RdW9R#w+_XiH5NjyrMNoSE63ofqHN(;T~>| zs|h6l4+7BiHL7uEgrs_=Rq>GK_1kLzo?Sn_og1;YI$DS34z8fDpReEEuAXRHlvSS# z(b8r2o|n<|htbM&v&lO1xnRpO@>f5T75&*qm?{ci~ zd95RzbCehWw!1YQj;?V-&qiX>*Gb|IiI1BOMR$ojbw!JQ0B@wP?sunAgGG&aOt4#Y zs&8X!*!r=K`?j>n5MWMIfUbkej#KY9*I3)GBdlk$mN8Tu(t z`zu-cxJUs$PJvG}hDN1WVk%)95IJ!$P65@wjRH!O>lHVWiX=l6G zvr80n!Y>P~`cY<=DCI_6=H7$kE2DESa*M%OFA9_}`RBPM5D0Fi{{U;NfPdZRYScb} z5*9ZtP<@id8NN&nuWWM^wB?7TOl+7{Djutmutch`6_&R27E_RO9RUd{a;R2uWhPFd z{s8hgBzJjRoOwL04_=?kx=c!(Io8#v)EEd&d}Kg-r3a#pB|-EKv-2KmptC?6w>_zkbW8F9a56efP+l@l+-Dz2o?NOW%(MNv6S^N_vZMtFN8q_^q zGS0iJ$TqXpV9Fr&(uY$5)l~cZvIXq-J7;_3K(_y8uwcWN&SIzE!b#L}8qR*t?bNBe zPQB-k#@VT4L$dRMz(oVS$nk`o7&+L@)tJ7;cn95*?wIacBhS>klgs24Xsh^G-0G%c zb6;!<#I7&u{5fVOeM0tmP;r;$*(I6IUWo-8-vHNlbs)v+>j7%6a&!%*CWMRcF@E&{T7&lGdARnNk+B`jI`i zi|)m|*6Gx#+Pe=tS6=Z!;k22Jd%j#_^9i=(90PA#sDj-ePes)cys~dk&dX`>aJm#c>8autt z3*Lq2@!Sm79@X@}=rK>|Ya&Y+N4B0VG=;b}Z=*q~*i?+aUh8Gs-xnQQv7CFntu zHH2NAdnuX{jj2z;AKW+3(h%=bTY!V`n2s)ptHehg^%@7ESb;Z5;n&UT1;=(Lg-pBPjtz_EGTg*;JG5>0 zNZ0AI-!5*R9o48es%PZIS*<`VcKt-HNJx7pu;1f8>2UtaMcS}>u;ZE6Hr{^B_U#a` z;1D-}ymC4<1D@REo;t^j$DtWj3W27@m9sV>AvbZND9J@BWv4wzCtIJ=RZCp|K*N+Le-4lV* zI(P=M7ti~QwyUo~oFHSdw?_#D#!K8Svn6U{Q3*n32U@G-f#f7;5Nx~bFcU11zG*3B z<@jRs8MM!5S*x1L_zCiHyb$6UZTs&N#uccaeg$(!S-tv6w0)a>iyUx#cLbkyj?x+6 z4kyZ&FtXjH&&N)eDu|MwPo4d^Gg9xVz151BRO>@#REGaaA zm*9x+{r{6fWtGvWEMyc1@I;9rrIkT6`^`YiW4rE7sGY3+u(QtxGKd4u>5N9G=>?6q zi)4?Ck+Gvk7?;IC3e|gIc@>@T;7v0U_0N7%&WpE;^Ns=#?T=I%-QjDVWJ+C~pG5%- zav@Q$L$a5d==9^~pdpZ*zRzDq#=m{H0JJ*NUt)!cSH|3FwO7 zD;n%fIw#s3ZR209eiJAZs?l#4JgceBy*7i)9Oxa-$bQ54Lc9ROO_My29-%qJzPpA2 z=pyN^Vun`rZ6%v#K1o&_$Q^jy0;%tRo96>o`PnI;TSYG3yWfo9f?U`w&Yuc)w-h0L zOnUc1KmT|@12($VKYotp|HW1kd;2xLbodD-_PL$JTGxh&OjKubn@YgV;jWvQn1QMX>d<`y za?TzPi6yUlqHQj)VVozN{j!jrV`uj1DfddhL3VexKDp`l!2~BT4D6&@F1W7qA(vlWvcI#oedGQb6k^o*6lmL38L4QLC`80Ia}6`>No$z+*z<_9u!(7TeNkSHCq0;#7C-1o5MjlkFqsFqizq^ zddu}#4ueGEFtA_a_Dz^_jO}jA$k$WRRNZMkO&O}q9c@_!W6##C#q*uO%dBr}ZcWVW zZb?&V?QTg=Y;8%Ue|vEH{DLbWixR3NPnbrX>|cC>j%yGi0xMZFseO5s*@}nUm z|H!sqHWZQLME%c!m2fzKhb`Hlm}cv-Sq>#0)YvMiDm9w4N|R2l8Ij4g%y4n>NN{D< zbTPCo)EuTv33#4maz87WI`ye$oT06;CP^ZOhl^{Dn+vw2?dRTBBGl&N)>gPm1D-3% zzd{}>Zi_ZxEn?F2$h1bkF*E0g#ufwWd`D zo0kZ=+g$ToOsaq(` zHwl3}BQtXE0EHmj6Y{bIQgZ}YH48-!+CCD5dqZ5X;4IMM{G$bbF;p&$S3T@(1;_dV z!X8ZIBkzJX$<5O;)9C4ys}(K%72l|s?KUvwL&kf~UwC+0GMO^4zn@&An|%QCc%IxC zC#90=k7a{*hWXDJ@wu0anZtI&*=@#Fc+ETz5qCi|80IQklBQ zMr?VmBd`~V*<{-m(Xk(KrKkO zbGALy8^T>2TH_hO=BHP<2C`Ce7&;C6RRkTxu0*-ueK9_;m!*D)^%Oj9&R#YT*-ea zFP8XPVyZY~@p!}fQ8vm@^4k;Yya*4@v?C_Rxtk&4-LnMgrt8#|aeq(K3&F`plaHVW zEMh-N%A!A?W))_h6&Y?b+HqQtwZksTc#)CZ=C$6YN08!*3q+^4>Pw_aseT>p#tUib z32pw}4hPUQQ=pq>p*4hQsv9 zIaVM?oU}9GDJ*7ifUt7xuGc=Qc?1duP2N1cYQUoL&#&nNx}sXDO2pum(wJhQDuxX! zKL1G4_u8zlely^^u~GDKY#tukT0SD8v80UwnW0`h_%>fAoe5|9gM& z{^kAu(~~Uv>2F_6o&YniNH5y3UxkDT6B^`lrBKW3CUN@ zm)n*#df{+5z+J_A#kB8aNtf#hik~e@ek!`NrYXO$x)GAsSzh0on^)gnx+a2KaQb$V|g(~E_@}lwyHfV)HGF*QrcbzEs*~H>h!pL zNEaR%Zi>ZZBJ5TBYc&SmYkG|}MJMi)ttd-rmTdMI4B48~6jIs}hta3$ReOS$?+rXQ z@>rv!M{f{_&!E;4xNHK2%igldr;tdiTOSu6vcD-lr=bZbk-WS4{)DRDO&o}nWA2u9 z&<<3?P|7Jb$q zaIvx5%XqCqRbE=BLQH^OL^YHs*5=Ub(1{~*NdY1qVBRB)(1*PcgPQ|#5~SkRV7v@zM?!Q>vA$y>O_ny znay6OR=SonPe5Xwk4F#G(N(Qn5Y$Pd5^1RkzgWrLRP6p{5Y51MZEMrT#S&4tB}kK1 zt0)naj0nLwto!L05hS)lq#%VvP_vR!DXUszGi83v4*AFcn+joaXaY#x0^x>?&A;qD zrtE|3u>FyFiai>^DEp2aY$Qj4v-6FobHX)o&jy|apBpuTV(iD<+@7J+4@#4xp&;So zlPvd#!$bMP*5AV^=X`QxU?de>yA>pb{eAE&`s@0@I^*C~-PJgoI_C}SSdJUOEuTBk zFWyn$c79;K{QLnu{(s&GlTss|T|^%`(HbEOFoZeyg7N($+=oSZVhvAH>*gWY!MM{dzZ!)seE;D<0*2?K; zr3Dp9V3vnhmX&jh8qT)GemTwHRL?VM^4D>JaY<56;oVP1I)V>_aQF^Hkdl(pX*nM4^F8Im(I&JU=kgYKZGT?S#J)_Zq(yd@?3SJ9Z1n#2lgYdlO=t&)4IMfSq4&Ov z!l0fj>s%*OmSXl%Pe-Tmjs$qqX0TBKPO4#KB4*23NCQm&xz9u(7hHa~>bQiLQ+{%w zeUNW{cSq&agk3?NS+cN!8u*k8ZXFvKL(tzB=rH~W)u7a7K7+o13PQ&QoGdr$ z=*@ha)%>{&GD!hQ-gSUea|3DA&qMgW+h5%0YnCc;$U2wp)0TCS98pWS9<|V@`L6FD z+zgf~k|)1@9Y*%u89W3kdJnjN=n>nma99EPu_s9G%#&QYXJrB$CJTMaoCE~uOaL_8 z8BaRmF2WD;mI@5Cb^^8sFMGBJzMTIqC5tkpU|r#Pw0^NhGLN4xRz*^6|znKt8*vzL+B zLV-~6tDb`u0N%SC=QS-}PTK?S2Aj1{#G&alg*t{YfI7d2Tz4rcp9-juil|tYJSs6T z`49MdGXbx55j4xhi%}T(=^@2ut^XOXeIoEL3ju=E`+PVx98!` z-JFjdK%6^20pb3J#6RqOse9YTMlRQlQp+`P@OHGPrenrbt2Y z{F7Ze#y3nK6wQf_Q$)wBM8|2O;zqfcU$tWJ|Mh z`seQ81q9l8H$lPoO-xCN83Wg+n*z`m1VSIY1kpa`PCz#4Il;7*S93Gdvkl`*wlx0u z&-M{eSxbIg5~8}4cd&3U>?9#ZD51PT3FVziD4*uITHH)=7^33%n$MIXpXJtqG@jdQ;&bIY?Mx|h|%<~_BA(G?Mof;Aq;baR_uJQLf z;E+V?#|os@gHw7~Zl*a8p6^NLSB6&Kp!5CHB{+tTjK@dD0Qdfco|e#iey03!TVNSM z5`mP)XaGa2Fj~&Lg*J&4k%X==m@Fte4ygz3D-I_ee23V{raY~NBZ9V!dUhhc=$5O9 z2_hL9^YCIwiUWTf~mb0Ji{UcIUJ5DDKLz%Mz{# z;uteyX0KSL#PVZiHN!TJ314O{-|NA;Ee-E|2%K3OeSoEkG~sA_sQPa%*;tWpGTDeb zRg63n*rr4`-4c%N++VI|cI%HfQps<^Qd|OTGts)MW)T0{hdG{viV$a<@>b@|1bbDS zyo5M-U&YB6nB&6iYvAYg%txA~SC+&JVI50yJyM9ZybaO-OH4|Tx zQ1aXa$Zu?kya?FXf_Z62z1UP!a4k;?mGuK22`<+rx)4-VgSa0Rw0iC^!x)q9o8CYm zQ-56n6BPYw6jA%HA&BYQ2b~QNdp;en8$6s}U~Al%vsWGOpQQ6HVlH03GwZfF_-j#w!&~=r_Gw$Q66qZyr*gnwH^gV z0F@`oG!^TBx_64y7;*GHJ70}WDl%p};?wO>2ow0pPsbW)Ed}8L#eqKtul%{h5Auh{ z<@HGzXBT^v82F-0mihnOkfOkPl4=D4oxpXGG=?bP3c?5;c!6Q^z4c`!*{9wVy2RO(VAU;9x9yzPm7VH#of3*Ox#y zk9KzMt{pr4CghICfPM;^v5*@CbqJgtaBPyJbc z>M!u(R}H{%pz7eM*eSqV*4){wT)%9pcLWN2`(A6yy0cew#2@Xp{_0UAbJfqwJBVth zLpS4|cPTJ^_75|INyC&gj+ZU1!)O`s>^rY(?mBJfD*bgYnm&tPu7h z9xk0lS8ro%PQaknFpOvOzP~t<#l_8rO@iC9Y$q0+7h+4R9X@_$ zk7|NZBq7IUa$bi7n*{hpQDe?>bI@;xQ1pp5v{S-Z+Qjt4z+%FD<`7C$TqK+TPb?*( zU62W)&!>&7h{5A zeYu`&2|9a~!|bT9QlZ$OIv*Qx8r`Zv?ALUQ!Lu4CL6tpOe(+GU;^n<+%w*-Sgi5hS zjgObVr;6!BZ2-IYuS1vo--0POxVk_o8r%(^y}{K59LQX~ps)#K{*Mxymaz}}@TwMm z8^`reC8h2!HsC)Ciyso@5vyN~&yAY{aoQ?6>TmTIc4y=N#^d2lCzx&WV_5*aGJ`Q& zi8!4f2lJUV6f3hYyF_C}4rQlI0I%y^L;%ifg=B#8Q7LvV1G=ufdDqI1APpGZR=F;#jkD%@L!zm zG4xIxC`%T8Y+C#D)+y7ipg#HgSbc8pUClXKZpTGx0pj6chWqIt*to}QaPJnkAHY$P|n)FW^E`CSr@0QA)>|+wSKkjhkaQY0hXC4E*%WIg608jVK=mB_azZ?+& zw{-WsjjunBBluIV8Mft|ZUxkSHbWoZDoNp-X}`j{w6HaK)seV;>oDhJ{SDaAugDu? zyyYx86~DnqTYaW?Qx3o*r(Wa3`&>w9e8{b4D}FNlwTQkK8L0=RG)#=vyQmdW<4@)E zNUS5_j+7MApYCT;347DzQ0ONzYGKb`nSMHAB;ap)gij*k5L$CZL!X3pl=1uEzql>i zls(-!b#fZDP}Jw5=87t;wf=3cmzIe2%OFS%gBP~~c5{W9&6ARNoqdaYB7m^~JB!>^ z+GV=bgN@04#?Q})!aqo@N%SIQ{ORzX2R;O-j>BXI;4E89D6~_?`>+tCyV0dV09jfD zMN9g(VjXN)b9GEQT#omvS;I;5QZr7)gX_w#|7x=Ky^UI_xVKfZSGV_VlUjfK&C-2y zC(*m-IT=k&L;s(+Zh}1D)3sxp*>Gxv*?A8|8ab|zuBDK0Olu!OY%T?B&8|&3*W&~P zJ_>`#C@r|;;&IcZ72DTSoTJl%ww2+t8|F2=H^ri<*4k4o-5KZ7dqjn4Y@6@6-o^ps z-`te};9)#JiySKYXM5vB5&W=>}WVE=Se+1RIuF<2u5)YH*bm`0C z=Spjl&Y4&u5wXeOrez$o#PO6P$bqL(u2|G8wbc`p6q0FHOn(_2ON1w?v?j~Z^aUsN z3RQ!VnLVowWn&itSWv51c;?beZ1(i)9>kH2X7L4oNO&M=4R-f?TH>9T<=xQDO)t;; zD|~fdoudL2tWopR~ocp>E=G|RP7 zC=ZnzH2`~<;K2YC-_LMcbL%RMxHYe?&+%)dHuhQk2J?P}A|GJ{N#?;bo|rtL?KC~XO6T@s6xVx327}SWmFlt5A>7_Jz zjJPIM%x2HM-aSv-^7>vl+OvA|_?2Qx=gyhX0lUo*PqhjiSG5jjvH{Avz8Lg-e$JO>9kZdV?pNY3o#~p0gI^%KG4zYh|Jw@#k!NS65n2)B4ZjkvmbfNZb0FLi+i{7%# zX?|HDmHJ`Mub{aXI7t-|e|7Awv7*mS%N5dr3PZ_54X=Avg^nLU!+mK5bpDkmY1Prw zv6QZ8gZYA zp&v=0Z3~XKV7T?kLsJT{#;44vZ95|w2bc29$@Z15ALU>fC$9}6+&|0hbZIO6Wc^zg z+IIG$(Dn=oAh~bxVNbk-#L!!`Vh8C5MVfoHfP=iHJ5* zz9fbKZ1PPIc(U9Ake!iB-8kl95 z${E@hvl3>9ICF!lH#12Y&6tQu;U%q$Ow=Kxh^z#Xd6f`ZHDWo0`?Pr6#jqN%%R0Iu z)NKAjh~1rb1M&x51Co1$C-?Y2QYL(%U%poXRg_a`pn;(7!{XlD=Qs}%plet-WHJ|N zMu!n{7LbC;$TH*}PASXM|4|OA*3;!-foK(>M^99#IKjY5udiRmESKSl;oZ9~UL@wmYjyQk)y!As-B9z5ois>m!H}?Hl zZo~R(Q`Br8lrXSE2m4+o%o?OqEWjJyDi}nv7Zsp@=t0@ksUR?9Qwq{SV9(;SHXg0o zIh`{S)#-{VA|2_8LiMAUzrKQ(oi)m9G7!BZxpUhK6LR}ZP1-2Pr-AXJor3@mzvdxp zpN-PtG&(IPYqH6?4@aiMbvMk&J>FIM5)}Ie0_tG}qIy4vdV=NSvP3M69b8l?^S%|k z`wEYo$c?e8w=j-oFj(z}F^sIcaX0#9@J71mP-ZBbMGL^k0_roMk&S!ShI<2U(bP%T znt2j;3d3ECAwImNKn?W=j%= znE+o1R^)YVqMAi8RbM6W8k6; zv52+C;vZO4gf~LUa`EYF3dYub$&S%o69fc{z>jc2@P?n%6A1Qm%(-Mcfr5>jfz~_j zhNch61{+;(1QDWB+DvKH8(@Wc1}m2y8YGVP-UhR3DPnX)uC+d*h}e_>!?J>7MCZAc z*dvBU8Pz&oK1TYm(+|Owx9XDJ8H3;VKo(0Q$1^o}RwJWB(g`*ds=(&*^2XoDo ztjkiaU}9{AOlCf$3z`^x-og;|LvH778ZILnnB>#fZl{g9SsN3IT%hr6&c_i^{;^a^ z@KD4BBjC(Ny3_J0=0~A;WS$LAR1px|rHoeR9V67kF-4aykB}W>gxp3h#$|`ZCvO!Z zVp8V)MEw}DcGy=#MqqqegOtU)oTEgf@tl2@#inn6ao3>QAhCkii0Tk|FaELf1I(FhT=cqfR5 zb@Q~syq-@Oh9x0`L*j@g6rxT(V{MJ==3A;2Q$J;+CYk4YTiZdSTpM{w!jhI64j64E zows{o*}}RaWofv+6Z~?Zb(NENU~_!uC(HtI`CyIcImTF?{8_hBq0r?yBJoaUHkBc- ztOdKISuX*BEJqW>vjRDCN?ArX=~b@2y^G`S645lzToSdiIUI7WySg~%2zHb+nQzqIoYwf6>O0L9Q0 zEGEUIrEJ^nGG#JrhFi zhWghP0h*brsusCXNmB9641%DXVjR6e&(3T;`jXQ2x#T5;Yk*5yPE2=@6Vgz!bWy_M z?yCMEZ^FaP)$NAch7+frfTu)bFM0&@7vg^qi1QbHop+NU=T@_g;Vy5N-ZwY8YZ%(U zjYFtvMeBEOy)eu4Y!kxn98sz&tokZVf@yem;RVzo1ls!V(sHpM%dAhkt*c%0!b@#z zfaCicYM-y{;;^Qtr>qw5$If0I)zUdQ$3BV?4}RTh*VS* zU-0F^tBV+=U^q~7KYD*E6@1p7=-J2`Izg)PmyC6svS|6(-adwv8~bJ*wqN0 z2z$&C{O~xrl+Twv7s?B}J3BJaP?D^864_baVVQ3N|E0!m7N%^@TX}&m;G2JijNcsH zSm9^igm~m=)OEB|GhoVzV#N9tK6(XDBp-laOt}>-%H)Zd;^WpDMQdTyS(PnS8f+#S zU{WokIqEGUPhPNh+Y{e+VGqA8ng>*JL~l1hp#|Ewq~hq&AF;}TQZ(kZ9`UR|RjaIm zl+>L?mq>j{^7Gl_^ObPxAsUZM7|{t?4YSI%?{nQ55I!B1Fk$_^mK98z_{}B{AU+-xtjNjLzf~(fbM1$M))>>aqIewtHw&Q%Hnu@VOZI?^W%n3d3 z+G8D@w;J1tW@ymmIdMMowqnS7wDIXNT*?fTbNIL`3BFlrORAc0msV0XicQ9Bshe?Q zTOAc$^=k`Ol2Ycppe|=7&%TOk0;}=CevXy>3T{E=MloecQfOQR2vMjHCWKsx09WmotZGIToB#Y$+I2xH zP&U}gA!8n9SeGtX4i`fq8@Rzkq{!%sK7vZ{ha>@(NZX(36>!XB3ag)Rn`S=;d*Gg? zfyj1fmEX=cwkPSI&Z1uA>kN+IdAZ{dPh*X5GzQ4GpVNlS^Jcq zYRUf%y7YW**##kcI^yiz-9sn|OU#@wxtP_g?hKwnt86_!wZ}%=un-p_KDf~-W-p!I zTy5>_=TIIvQa9*dXpW$p5Y_tcmFOVjiiTAtoYRcGIv~~<(~J`(`;oZ~p2=j}IjZ)2 z#aTXJ3s(GX)^xj(17&V**=tC)xWtGp6CDWO7k2|)0p6@w2F!qRak3{YZIF!xt9jrV z4owWAld-!i+&BH%MLB!8iQzTGIFrNCgL%sosl9adSeX!*g551dg2Wt{HYW9z2?Zws zDWE5fd~Td_Xil;#phkcA0r?!ZBb#%Y6?Wy;jK^L@EP23B$vC9jvc zE*l_}(z({K@jPXQO}&9!oq+3xHOis@4FFA@FDrsC*-~-7N?KrrnLQvOEDl>6XbKc^ zL@S-KTc~!}{;RLv=8(8H);t0RIp~<-F3|6d9lN_bZvb!I^K_Wn0I1PkW1B0KDksy1 zRMXvov0Jo*r@h*&!eZhDhCv``z1(L@YP1)&c^h^2eaMBG1R?O`ludD?H}hq~Uf+}N z1}zzfEZqJ9!$nu6hjABX?sfk!Y&NWIHV)-EEG*K-99{#&%SC<6^xs9LiAjK-3g;ymd5`{}Dx? z6w~v-@w}X8m5GO8X-yvsDvk576@VI_?q3h_C?5aUV<1>o-m!YjC_>XN3f&g1aN`r_ zcDf86wWv2#(8?8HkeXOBK%sV$N}fe9=Li*|QC65krGlAz(G!Xy1A3|93I}x&J&G!z ziM!l22ppz%Z6CSE1=mgB@if_*@m`BU{h(GMSAq3_Mo5(enxPx+~WR!m7X0O0)W;U>tt!QY{F?fI0G_5`>f-uVp zl)J;m;!fD1T&2vQ8dqKzxy-{ZWGaNJt0%^{^WQEpq>^>RrKlY7xASen;_ zRNO~tA3};|9#Lky^rz9v1g!9sqCwEn6X{_R??-e^j`w%N|5k=-g0X>*jm-N9g1dk4 z))odZrQ{WK45AD(HQYJt183?QJghpEaflAp;(ZV7?jF1yLU?$ zD3DPtT&-DF4->PzT{16V<^IiupgV2TM=R!?3vl0?L`=*o&S#4(m@&0g?*{Fy@X0iI zXB`MFD(ewCDkUs71VJC7uHaLML=(4)Rj;70$MnemiYZ^hOo7Li39+0eVZ)53tOXCX z1tCmxDcH^Y1baJ#fS^I{+*Bs~Pl^0Sc|FV$B)0>TL*n2w8?#%Ouk}uosvE*|Z+@uw zc~uYF}m&aV79z@qAEd++QPyL`VewIJLR@-PYZ6Jy}jl7@IPDR z;l}IR`NiVpmK?^@y13t5hT>MZUA8K0f-A;1zXoP<)&N|_d-Hg@xjqMu`Vz`DSqauf z^cg`;=mr^g*rdlL@*cc`pK-1x5Y&XX*iOOj>Z+@t%_mh0%PhgHaDopfdRi<^Cl4|6 zikQ@jkqb8&HqgRKG*Q>ngV>f*dqpXdGb&Z%Gdh%!V8(ziIz$cy+*W9eVsz_-wrVw1 zGOgH)V2l^@AXJhmxrbFfXfbGa(@FOo=3J=>+f?up>_Q}dK#d^dNiIn_NZHrI)lylj zzK4yw$Bp~>ZBLc^Dn!I`lw(tfVa~;1(8A%_+bt)i8TgF(VWB=>%o^`4joa-COZ3V| z^vqj*nF+TJ!QTip8(vRnrntQ zqV{z5E?z@+{f`&Qc|UiB*(vO`aK3cfL241yq0MG@d-g1SAfB*WrFS&~4L>x0Am6O@ zkpDLEA{p05?k<0w?(^;}$+V+1Tn$qC><;5&x4#nlOoQG3rqWg;mjKfYB3?&mGucIe zi&a61xQ+vsYzNBpxW@>STZL@*)F9S{Z`Fk?^->j0Z|IT5a@HNn#r$xGHj>Mr*JB^m z%}lHj!wW!FtASyKda-P)K!U_Tb~mnO3#=<_rvfTk-?HLqb|;rER}LRgazHgpck!5M z)|Z&$Cm3?$LRGz5#ShL35k}v%m{&iAb)2etXe~O-m1Q#Ma#6z zedR2xn6bplYU-He-!Y z#oJu#*g)gLgxM7V#qB>})@^mdJyC{?wkpXKJ84keMDsA^R8TZ-19@izfvz@pE=ISJ zu=134=nC~+?xUg(Xk2-O+X7=NAlq3{JSvViz2sD3vd4Z zFu{$Am`;~{R{X!2OzV_1j*JG8CU-P~Vq+S|)DSlq9AU2 z;o&KKa`eek_}t`ktj`Vp{7r7;RQq%*w@M{dJF0YbW$+jO2v6V%oZ+mViZiA#Gk5~G za0{Qo&!kpoDH1qY71NSgcpZK7G&G-y!SdTXRwHww|zyfPns{^dPNvIv4P|KQo)0#U4ttKK49?;5I<5DUkZo-j!0rx1EJ@=0; z>tH`m-xSV;d0D}6f9LB%@*6r!Q9x<5(LJ#=rqA%1(YN&I=XU;iJOiAzsa$`CI1c#Y z_vP=5s&4cxX?LXup#BiH@N+oB&(&YR!_jl?f5>fud6KeOZq(UJcFdAsxl|6r2hq-D zFT3T^C#Ph@w53AwK2tvG5gyXK$veIhy2WYS!Ii3a6)#qL=ws1bAyur>JS^!S+7ZuSzNb#7$VESY&WbmFvg~Ea=cl+?)(Qk~uZ6uSUH{6BG8JiZsiP(Jc`tdcfOC z4ID64k)dJ>FQ>eMg;$)QanyNGac!zh#ftP43H`Ysn0&ew(wO`CbQsoS!hTQ+sj@lv z?7VT$B;fG53{xCN+)aVEr&)nt({KOC37(R9Zi>1P@G-9KlZEZVt-g#7{@Q8%C*;|- z1)?pi!FlI`F!O?=n+^zw109;M?yVIbC`scVG&$`XOKt)|wG4;~m%$#v#L#IyT<3Wb zgl519EO&H;BIMDO#aE-36`X(@Qn>>VN6sVifdn=85FfN(4FEf98cz`$wM5&R7{$oZ z{6Kr({ra3&c;QwxLZ~C^mmN zbQ$JG1QUbQVtDHUMO~%esAFwR$mWC_Vha2={#$|g_u4y4UkrNh>-gH#ban!wMwIqB z1%U-}LjV@>$-Em|OE(0BLCLzK;n8myR+c5K8$9nXc8qn|n6#(Z>pmN2v0xQ5)#d&9xq5<&UZ{NV*ir$MBBlai%@=yi%@-%Xn_{w9VtQ{6?ojX{5#OD$x}OL- zY7RrK3+(BRJ{x#;wmSNOo!{N^sjDb=e2iIn%CtJNer?dI+)C6iy9^%5$xY(8z!KiKgDPO9CQp>RZewO5<@syM=~f8dy`CZy9}q@YNN#(6QDzG=~Oq)Gn)gW~vn!0^FnTJ}G~`u)u>Lz-;k7#k-m z($@eHG1MXHcTM~-brL*Wh393;5W@@)zf_x;d5rO4XSH!iNVp&C%h)I5v__2LH(*D5 z_Wh8DzxN!v8NAJ_fIl6)L1%?FEs`x^%4$t20IeXQjOn?5c|2VkAAOLpZy6I;MunA`C<~278ftd7!8q_ z^KrvPv4~?B`L`qO+YMgtPySK34Cb5JWg?Q0K_*&* zUC=z1Y(G5@BtQ9K@bmh9m_GL@VBLP^5%wkWVdif>XeT^CKEiSD{9a#RGe(n&5&D_s zRFf075|pWd;*7xAm6Bm~*Q{i7Qn?KLB`$HJ&~yR$%T^Y}K&f=Ja{R#?Bm1-m7J9IH zeQG>}6(Z^&Ws}gCzjirkEp8oKPpxipj(N{{AMbM4dvCS3SfEgUsj~O_;;Y|l?KPy9 zjNBAmk`#P>!F0+Kt^L0d%0(-N#k@E!%7Vox?qcpg?l1f6{=H}~kb)@iPZ>SlS_y}~ zB;iY%A3D6zL-6mI?LMmWnFPDGO72d{oTrJ}OEo$>*-}O(({czRywy@_t;m^vTvQd2 zimQ!bS0mYPHLT;j7(}9^^;{DVG>TP=mi$0CHnA!dk{@3CJK?(si zLz4-b`$F&lDSG`g2}5LxD~xzSuug(5 zkkt-?0;Z~WBQw=>9l~St@yZ#u^L9}24rW3@N;F!9lUW$>p`_zypE2nuj`G+#o-#9{ zTg3yil*x9iq}9v!hhlfGSm=zo@$P$IL9}2?pw|njLfoT^^P1W}cG>t&*t-vj_1QJL4;G0L4J$!e&4VG9-z}r($bMM{TW5Rsw70 z_1S%VvQ(}@ z&1e1}{aW-t)9AATKjBBxokz}IXMuFT ztDV#SUI41Dc@~lA3<)Gd+VLlry<^Z0`khq3?h@pl+!<2@M$BVUgxDdr#X6n+acROqlu2MkR0>`!Ozqx~oUo1eaX z$V%>Nl+Z(Wn-_ zq?t#Gfbay)e9A#z(?ZXA-Qv)GY`5+Hv38UG@8jK}_E>9ceJ``8qpARn(Tl!FI+#-X zQzw*UW?-(zU{rktDpk-qX;$&>XIGCJeBe+=+VQN{Wl~|hpPzaq<_g`4{p#R8y4Uvl zl}igiCt?hV)`|zcS^4C}G8ip%jVmFFs(^#twck)_^=S)wjJ``=8|Hp8mV^hh0(#qL zP&A@Xc5!C9j9nf@?_o;H4oBK69P~7XO{(=(11dUPxIolm@3)cnvIILBeW6rOl;=#Wfi|Via;}QIG zj^PR83EBdREqD90sOuW$W5fCq7aPXP)9f`ESw0pv=r1z| zavU0;&i;iN#yh^sA3r&qK3ec}Kz}*B7~$q6d;O38`hWPH zUQo~mHwNRZL1exF+@MIdkR6aPu`x7)Y#k=#7Usatl#cCCES%401P}ZQNK;DH828S+ zaWNKd>^H%oayP}>mte&TU~3EBXoy6%VOWQL3VQV<9|k7PH=g4x(DNdF|Cs!G&1Q() zSEO;Czi>i_csm#Kj4x@tPcX^gmz-Vv!}2M zWX=6f=S*;}=ljhc*eb;bI|;_b33hc7lQ5>5Seav%UGaZp~34szzdFwlZk2>T_|~d4Oq_ z8JmNY-d-bwfPg&Dkzv|QP7T2Wzd&%TaFjn4uNvl3$}7Abxgza~dN3)3rGlmW0rEhpVhere3VX~Ik zX-z|ej~f~kYxF#Ob>460YvP4JHiIuDXLGq{)snPNF88RFvS7yxH0eA8SLW~Sctl;P zSpN(k+NuQGXM%I{gRFmnj~zn2LnL)}vVV&&9LN5B|5yHgP(qLPf8N|xgfA;2PP$1i zZe@uyzsHf$+cnqHE}O+5^w0b6`e*&OeM%Vn92%pfpYpl_J)0b3!^lmd^Bp&0{5~4A zzve2^V*U61m;SpxGfe%DeKt*N7{bw`hGT&~+dhXrn?CzK>pmx8$C4KOY=$(X8?_l4 zq`S;aZPd^a*M_!0pSGcCtj{p+@nwS|n}|GA*!-m6Z_1yi5dM}lnEvzrH@NQf_-D&j zVoz4Q;hQu1M&J2i)0h`RDW?D{ne7D=nwZ^HeTSn27!nnMf#jCG+dyfgZnT5K=&TNQ zmSy`BQclH}z{mo}3*L^j`O@$LtCy)!D1)9*+?ncTs%x8@5I4AGS^`d5Vr%r)nF48o zhMh0p%04M89JtE%LC)!SsXNXxWAwm$rq;~he7&M1u*1$avU6gEoo22jl_OzmPII(C z+fyZUUz^p(=oYAd>=iq4!q=LBvsf!p19jHUZB;f9j|<`@My7wnYdd3mIg(8h*LLWr z1uCaQ?v1C<209#VU4;e*gX?r}^>lz#DvNOr0UVHqxYHDgG&{TKC_WjEGgiZqZ|Xq} zH`mgj#Tifk9R(!l_eD!k5}@4-DTAcdJxjEKaHBTF6G9Y@=vW!KizAdKh~0p(e}D|W z$r;BPBdS)B5N}2VC0on6i%AU6= z2KwA4J^6rq7QjRx&_&T{2n;T=8}^KmF)EO|qS+WAhH{1IH2_gfV0k1*)n4wRDgz2T zu$zoS5Pqoc=^PZ%Kdxs?f64nb8NI z%fHTg4a}gMSA48ZrNrK5p_@>KLA}Gw1e4&FI>n}BN~@v)i~mL$aC2}+f^|l0il)b} zs;{pD0N?yN6##C2&Z*0-H*e=Uf6xL5fPl3x{O1OM^*8=nGd6Xg=Nn&sUiQi0PZOf8 z?dve?X9d^s(Yd&~H%s&zDfST%!Mr(c1*ed*kExPz;yc?kQAD9~{u^770^W}Ou@7e9 zT%2Kgo?YEya;>B>j&v}!QN3&|$ywAv7VI=CDw^CL#HN$00+CiXSuEMxhhelBTmS+N~rXx~TR=Qt$Eg4aqzucBi5p@S*h?=qp4v5s+g^E(ACVj`ySFdXVmO zRS=#kNkqYw99Kete8gPq@U=`1EfrF4E|otCEtS_t5-pdjTHG2`EpJuhs=*?wf$KA@=&V-9$W_Xm#Vp*XLe&b!Nec&ykh)}E zBbd*p&s`$4jgJp1(Nj6}oqOdWEPq*^=S25@bu`PPrBd!v#vImpmn;KuSfvHv{}_PP z*w_}a*Zp_ip8)#Cy-Jrg+PRiYweQk%r6|*AX|)vZRLzaknJ;-I4J8P^{* zhN!SBuhFDM7sjR*BGr*+Jc)6zuA7K5!&d`|ObbnL^<%31)K1vEcv zR>kbLq0*JtABBEIvI*6?sH0Y9RHT8KE5)mtkL{@OO+zAgtXEcLu(suXi&FrxX5|C? z?;j|nZY@I1b^i)X;S;tc)+IgkvMS_~pWchC${__Wm8<2hU}>g3_=x_h+A^kaunJ8M zQ=RZW&aHgzE@zVQ)GCN;m&Dro_)JrUl5H>A(F_zre~{UD6>8a8Z9}nMq)5x!uPWHtluP%WWhibrk+$>`|qt>hXgqdpPZB1$*lbN7zuxz|8l^bH{x zTqQLvzC!uh4psa4YN^6;j89$UJ-(}~4oTMLFAx46U})I=AnpJG0Q>*|Kt?Ni{k6gxXe(2NxegQ^a^e=Z_=_8R1f(}<@&zUb zS7A8nm&PaRL{a1SYN(0Ku~!Vs6);aku4BPjjEohd)3T}xzMg7c_K}wizP^%ZvpD~Q z7aK{Z;4Q=R0J@*Z$ZzZya}~y+#9B5MPinmoSd(Jvi3DvF=SBlo0!PI*r~zaIoBIZ9 zNs-L(xmMjWeZ*1O(nVuwYQUGK1#Pd2Wt^&b7@MpUfJ-BQq!)Bcy+An}?BH^=yIu zw~R2V9-b>e3;zC00d_?1KOa4hm-AfIKtB)-piZ!XAuXYgx7Ky7qANs{`}CcYm;x1` z3S7v?aKirKbZZtfz)drRIGH1}z)>^8oR0ev8jaY|Mj!a`Tp`Klb6Dygn6*(~NU+Ih z74c^FDre+-&KO8hC^#uXHVm?ZTv{mUL()%wnQf_&LMHN=4_K`9+TtfJdVb!iTmZ!-Qef%po(V5 z_fy(DDOxroX1j^HrM)xLrBaV<_r@?y*5267rE68~?llLZA=769NO;5ZMdOLj<}^3J0S z6t615d1VCk4g<9B)oKtqX9@|arHbXsmZO9f7fzfXsg(edOwt81hXsnHqdDIh6zoP7 z_{E;f^ovZzO4(%;xu{B)MoBDT;(t!5k|`SYU2FYg6F4=D)&4;J`?_de@@fD6RG z2TR!ty>>uPjPSV<*dyyP-+lrzTJX06dUU0?%$D8qzhKX^WuOQ&uus9TXW!drl+oMY hQLwiIdY;H^`AYuZmd$DK`)zwe#2=E)s}P7k0046M-OB&~ literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/_static/fonts/roboto/roboto-italic.woff2 b/ia-terms-updates/en/_static/fonts/roboto/roboto-italic.woff2 new file mode 100644 index 0000000000000000000000000000000000000000..719979294248cc489ad409e0bcf82b66c9a4ee79 GIT binary patch literal 54380 zcmaI7Q;aZ7v@ANdZQHhO+xE;iwr$(CZQHhOoA=-6zU<^Ar?S#`>P~fKb-F9dOQ=$Pm_>F zbfhqMKsF!};5-KCI4uAW0?;5RZ~~Y>5$*lu1klC_wuxKrWE9;tLV=#v#V^Z&n&o<1 zGTyqUR6P!2#%v&08?1GXeuh3A(x1QoL9PjsaVGS0;xWDm6@XTD<;|v@5aS}Tw1j9K zRo5=uI9QMrFX2Mm4r2uHSovK^^SUx=R^Djt;uJ#%Tb5b{U6rL+iW#mNM`czX*5WLi ze~^CTq`1^4pKFN(<=Rdw4@xfOnZ&PR^@7D1wks~u2G_W<&)sXp zY*-bvi~4vmMhXg*oC6f3TtVrZT?J7=z7nablti0}lyq`4pcoMm-DF`h zruhp$Bc0Y)p4%Bh-PzvMlm!^$Bptn4c>)5l5UM0X5d^83wrlT;>Y74HiCRqTh1>6C zq+Q9BhH8s7dX35roM4!MDY&SoK|P4IJ#i!E-*?%gt}Xx|$oj1>{zzd_M4%Nv^0zU+ z)KZ|rIfh*@M6XjJ+YDFmIG7NcB?WehAxCJCs1%xZD#wswqGLU|n378CqCKq`P40B%2!0RW4Ni(mw-alk!7Y&M#%j*0Ux+xb^R>)pOG28I;F)!D1%$Jx>T zn$KNQar&AFzLG3UzIT8+np>$`{@?F@o7b)Pf0>kgYmA2Pz=B0KI zJ&1uHNf5CL8Q0j@sHiA~$}pY+@-@tZe3-!OExng&h31t6xG%wh1_vUPXglAZ*IDmZ zKLVnRKP0O1e%bWss%zV&pLVv_Y0Q4;^?(4Z$~KPUA-L&9qENGJsUTT-!>>m8$sY&K zx9ryvd7)qFr$;H9lW|w7$CyY#Jjg>lPlHgMpMuE@)InhMbBSb0Bjz{x7=O%!)D_k@ zp;n~$UVj=GIP??#8Vg8RNwTtTt1>&cix4ld@2Vzz@l5|F8NSgxLeRdQqdobOkP%=b z;k4y?Hc3?40U}F@0@T{m>Eqy(cP|i_0XU7A_2FB`ix2kU4ugy`49wj3?XCKpA5Nwf ziBwK@a!AO-hYagh2B;xzTrmF7NqdP$Yt=^TvfAYJ=9C)pVm?v1 zgc6$|r+*@plpLW75iVs|eC3nsn@)*F$4tr8tms8$TNV|P_pR+~5Y^xz%;4d6gQVX1 zh%P34tn#-GD2jWGec&JS4AV~^HozDH`_{}+Q8KPPUzaihs=p?F4lL6LLB@wJZ{I@5 zsQm)7bvUlW#Vls7(^C}yT_;x4zxm@`WXdsJ&bF=%%11hxXOs>ZJ|&bqx^NMZzP99E zHNErr1!JTqpi_HweTM000&M4G_RD{YuNO zsJFioRjor71XA*OK)419Rp)D|9V5o}qrEy1E+f1B>Uip~YKTgu3B?iz)ectp1)rmj zI4vk~p0dU#J*xTp(Pcj)z!7DKxptpr98wH0{}y*-(+%@!p8m`~)|FrVZfr8#Q5WTl z(aE)S%I+`8z26d%G$2D)+VD37{&sKlEUPp z_IPg|KIjXiN&E_k9!RRxp%BPZ&DfgAbrSQFw{7X+@+GZjBmAf(zW^c94-d!Dva_XZIha-gG06JP4&sBr{)r=CHz+uH4OpQHU8xSg zX+c~r3SB+}V9{haujeI53^zn3<8L+{D8~uPbp$)k*+P)U5~%Zpb{xtUugxWJdkN%W z1Y$CPu_J)I>)-p1$#O$|Ugsyc2#6vKlMgcvqA-D0-3xB5ACR`)51ZFtnioLZ3$W!2 z?mAh3w^J@pk2RkLhB|+Kz+wm@izT`=x)2S?;)OJmBV-=iZyqPC5B}W+Tm|j9BMkbf zWggJ`<{jYssuu8DO@I718_IDaKL9X@fdNh+<8KNWd~yi`!KZ&Fcwf>96Zls}P4KR@ z12TZhii;K~0Fe(Q0FJO0jtGv+Vzo>d7L5rlxtJDEE>O(0hU3Zs69jNV(}1(E6^k6i zQk^m2>a~M;{OZF1;HJYn9?-4=AOHYJfH11;uM5CR3nB0qkr{YDlqbwAUOCAYC`W`B z!z2}qTFZ1t-FnZF=j!EEDvKC+`|46K0WRGcV%EbNJ&_(_2c6a1ncAhW(O; ztbx}Y+Z0P(*Wzh%s z5>ASLkugRNH1oZmNFamv-HIxiL&X^bAi7H5NfJFG7Nk&!;RxbIkX3DA2&i=CrT0%f zOQ4Nb-yf->8;h+HyLz4$6rifHG)8}h0D`l*7H>do!h`n3v0h~96!4i6S^D!0cl_2OLlhKiE~C_9 zPPGbv*w4`Q0<%k-_Uvaj&91}8-7U6EtdwaY)P=a3k=)@a1 zQ#_&YN)`~mwwP$%8UrqWIuga??+d0XiW;v!)wl~~==ZH^{LYp!u3+sK1|F4NReAFE zEK8Xu1YOoRP2yG>A+Z-0ZY%O|C3+RnRlnnq41EYn14FV0>6;K`wD+sJg=$BUd|IB` z?iufb)Dda1z$X1$pOw54{Q~yO(Jq^<)NsMO7P#?V^}n%}!&A+F`Y&<59&U+OF1nm+ z{-~30XyZ{d*T^1)5Ks?>O$+YV`VkMeGYo$!2ELV*C`0x?@L)hI>l;j(pNblGn-_U4 z?r-2ng_|Ydk^DM~%j9-(x?Xh~W$0tyCmq}WROp<)ic|Gk^L}0KUSzldk^`TPaw^LH z9l#pkd?ao|)uyB0%Syk$RFJYgGG{9fW2*`m^s5=`6X`(aF4WU)?7b|+QmyoTmDUE119VvFZ+bzHConlJPC?Im}SeJr6* z{6598hyth>N(2srNCYG^#RLD=bf)N^NhvnPp_qHuR?nnSZTZ$z?zFL)oUQNl_4V+A zt*AdZl_}I;*d>{C&;5^gsx z`Ns8U4;_Ti3LbH`z=UinaB0-wQoFQ_PI4XB;mSVPW}Y<3&6#%8(?nrZS+AF-r8pcX zP3sMoE`f$xd&rbl8$&~-`Bx! z#=Bv{b~U;#d5hvUdhJNC2K?}4fEUmFj)8NC>@JuOQ70kF9QTCQJE?hQM2-2W>AoGF21jbzzDmg2}Nl4$8DSwKme5-Mc{o5Z4(n_Pz~5u%l#Qf-+L zdyx^4!br@_nEf;EYlfyapw`r4!@D)k)>LD|y*1&QRZW&PVOPnvl6ff`Q;ykE_}YJ! z2F3!8Z7P=(<*}aA@8wTcFY^8abL%$vD?4qsLzkt?u0IJqjY>S&fWD*Ne}yR0jm@!pfetLrdqTw5OI^_Ko=;+lFvi!@e8%o9yv9Wmq`_|HuA>iIB)A70AP^e z{UEVB)Ni6}noaF-Aes{*dVP9SOMXfNh;)~;bRSHW4Q86{M6_jtqcE2r<;YT7cC`F;0x72=&Yo{ieW+ zh7Ks{hWIm({#q|RSnnt9H{-A2?>*0F8HQU_7I}vBfyQuZ{U45;$$~lK)JcT^`HO?G z`5Kn_HOB0usYXLiLzr5c&4abh39IjpHUCMD-a9oO1`9_0e!eLlan-tmQ_LDaX{rt; zySs#+@K6-VWwcp$`iN|MFe$BRh4j|!&F=1veoE(DFY7f2vsr2M;v`npOG|+*Tgaxj zthxiN{@JFS13CI96c9MBO#MJeC?`y{!O#dQ-e0@~lW9jn*oC>oI}xg?7?WD`A&E+0 zVsfEMiDj9qb=_-KWv4DvjJ%_qioDM1(2E24x2rb(e&2lBOUw`axA-qI|Hzj+Kff#@ zQ4SMj7MEz-x^&p^9}59k3!ww&PMvIoC>o{cg@BlG16O)PdaxucV+SQH>-1xFe`K|w zRiajLj}m_xScgyr$(Uz7-}I4Rka`9BGPPBDyz=V{?Hl^n*Gy_8Z93UFKu7C&A_io*@S*#PZfPx?}E=)a$sLimbH;IT5sj6d%%B3W?jeS2T zymvo>AP^2bp!qENY6VN0quo^JQx)*aRx*g z{?gn;BGuw$Gh2;3wk5M|$&DrXjoqr5^{d*Bm9~#{cV^w{mHHJkcnq1jQ$iTs2CA36 zY<5H+E@F3xm$Cyz*(pnQEc3Y3O|&cSE&H1|+u^9|SUqxrzr1ecVa})EQ>AN7G zX}m{Bya%&5uc$ijwm$W~weB^({PMyGx=ok<)hW^7CSg6vNVtD0k#HYQF}(Zz0Vv$ zbt^NLuOjR$+^0U|1SjJ%AFiUf40XMmwM*-nmRGulM5+!YDwpDz%*v`ztIAZXs#-?9 zvCt}>7x!+=-h;lZ-mETkrUbIr;f(gBTQl2Mvwtf!tt)M#6&_YO**60$j8n2FkmCxa zW>}@hxYz7#gK{E=B-|t4Jnv2a34?fh+QAMGg32O42#}3qKM#r%2sG5t z-D6l8)CcXM$$#$uk%At}lOQm(ET$Xd+a;hwBVY(f@IVVmiM|Gf0wE}A#&x%|#9xXU zI0yQ=*=P#SPeN`#5+#L2F1kud6W?c4^6J!I!hynrgM*!Ki%UhbTm==*Rjh^$-kZk_ zrSoYaDWjATOd0FqGFghz$D)s%a{MuR)1!uMA(b?0AH7sb>IMJ{WkRpTAx&9}cRtfe zo>8NWK8i`18{&qi_>oAz)?URSEnZuIY2l632*|w%WnZ?bOP;*}W=(GsCm$&IHOQ?iPQ11JxD-GV%g@Dd(Sxlaol8=|=FdNaaRZAR$+$RR#Q zpntug2Sa|G7(~gk8jpe9m>1n;>X`eVh-6(B$VcgfPHQwIdz0||v}_SSG)emJx@zP= z>F}e{1y&p@goufw#s<-2p*1fVt*G%K3w&^JUI)S4SylNwBXKrj`SZcL!ExgI(IPQK zS@!yJ$8Q$Z8IIEri9MBYQ&%u?P&4r&dBa4x^`+<>f;2(=K&*3B|M-JB}Z^f1dCA+(sqa2gMT7LaPM)V+|{iNIlXp zl?&iN~BD#r}G-j)`hI`%?6??TO-&;un+qR>Tf(52=c24PS;3 zO=^Lb25!YoOWJQ}PsEJ$yJ4z%T@mvwIo6DWGeBZFVJ9Mk<=2>MvUM&f8-^M&2iM$A zREZM@@e7*u$z}Z$S~^!dbHphP@Fv952-POnLpBP~CySDvIe@kJhK6FqWKLJVNbnV6 zsR@I|wXN|qz>V18Z5>L-s)M2TBHP+1OTnzU78WEG-Ouw(G|VMAOYIkuURZjhHN@6K zUKo^6XhXV#YZg44J4Wj`S1ahSYGn7xtt<SH&%9>IKPUq zUk>a5GI`tK9uU6Lt*Ak}*@WQQq48NT+9B2}reGxQC-N{QE^B(;GLiiMgimNG-Yj!H zvUPtMacLjl8!~fhKKd})uPMUpo4P$rOEh(~;Y@nIOkF++Y4U;{bh?Oe>v{{!bXZ7&rs_iiKe%mB2KPPEnG zd&n6?DoO=Nul}v?l1U6KA*U5)Qr_g8v0p+0GALV3=sd_l3>C#+_b<~;5#x1=J|@yP zq?PNWZW`Ez=S`1Te+z&>01c=iXllM&6yc@u-IgVm>?uitF)3|!!eZxD%s9|QqvzUCIeKt+ z-ffJf?X`J7+!NyLmNYvDrE#(yX#0-OLnGGIOx5?DQ_FycX^KumLaZINO2w%O8R3J2 zGQV%q%vU%db?9{oN2AVFXkpAVJKQo!GMn1_7*GM7C0yWU1X#k1b55>RFZALKEIbbk z?<2YhCVha^Ny(>(EIj8_L=pX;aLy(IGVF$%KHG#@dWs#YEn?tNXuyN-%rx((`{_0E zOR(lBL}|uoIPV#@*PH>;lxueE{pYUOFV(9`kdMU`V;4yI(@LP9h7buTwV&imk8s<4 z&oYP0SEO>82}<4>C%-e?JKTo|08vN5CrheO9u#At)MC~tjsa@v#mckWt4}ifdDDW9 z?|naIFqfLm`mRT{Z5k_FG=gd<6v#2cZMOgMs?-PHVlrcs0=OyNlBv`+=09gmg49Tn zOz0U)df_qj;3GzanMg{0ZOsu96$Vd6L>LmUEMyoLc+bjRaO3p%VDJLA?UBqX?63;p zAA7)z3*LybsZ|c+tVM#!yS5$~BL~rN;y6)AL1l&Y0TpJnNFuoy1vyx9!^_>p2oq0U zB#aqLmdnZ^gQmndnW@|VQ63T+8xRxpzxEyK z!Am7ijvfrrKMXWs!6Of3adB=efJuzJEtX~5!mLXVS9`b-#;wh6eEBE%oTdAcQ|D+rM;vgry_#FsgKmhB8M1bqa$UKSya~wP(`u)){^s%vopsC6oQPTSZUr1%yEu@+c_vovX^5>&l;GU5= zhkKP+7Gm%BRC*_{sqtLakDo*K&|bZHZ6_jcyth}W4Y(0*f`U4FWqkQb>R&t|8sJ+J zu56%H@MlUojeS(-L1-zEt)j5xZ)R44Y>MPeaxS+rm8{*25y?*Ip&&8(8#E=zI8{dm z&10nNgwc!|Bfk3dW;_8gB*rKcZx?K60kSR=E=}^=+VBUL=38Xqk!hp<^xqc@)KQ9d zMUNyFkJORu{2{Z}zf`xkwAQP#J^An9?|Y+ zSJocl!u6!v)LYyPy9Cpq)ZXOIw#Wk+teo13(+E4)@4|-V8udo8Ky`ukf`x` zG)?%!WT0CXAQ^)E23k?1ltz92i^YjW!B*E?%)(69KOHak92ggyXfUW4EX#|%I#v2R znT69zkC^;myZ@Zt;C;@qLrjU1gLn*YuJ@7Q&V=+7Qdw~R%kzAO7_SUf0Bpmy_1=Gh zcQN*mItRFj^e&?AjYN*bnV)yuasGojq7bm(Kf#|CZg6k@aOPhzCw+R4h%feVAKF*@ z8Mpi`nUqIZS|wUQ^1Y&+vB7e{#4ngN^8Xs#h(*|}#gvTLNIm*hO))MvFa?<+%cTOl zWxn+NU;|Ag(?+F}xtv%6pQp^xuFw`yr)nSld>L*N5KROn9_IzU0s&Zq+ocXyn)Z;3 zzfx(`$5RKGOS+HGQizweq=TARv}B`Hv~2fta+)=T`f!F5GJw)kXRCFmxkHCjzF!QB z3x=R1->B($tBaq@wGMerq?pHeX?LCAtP7;396o<>kjNCsqIoZFXhMorrZi6mAmB3Rxz=F`N)3itHU(h=g#pFzFx<;R}V$CTk* z_?vt^oxAcNg9SpApet$N1&jmU+l~+pI7+7g3^|!)!iNl+u+^=)89LXFsjoJ1m}>49 zo5S*!QAx9N)#}XmlRn90m>BM2vLDRod=gLbWL`whg4zuB|1e-!6G@9AnhZ~manql$ zH6LStAUk#{REwWJV<3V7vsc0BbjIwgvE0{((ev>A0D&Nh%GvYg3p7QF&%pVc2L&>ySTC^_pno=lDuu$< z=ori{yP@d+EX2_!u^faD-MiMM)hQ2}kXl z|KPP3lg#g2;?MZJ*YmaqKJ>2|pab0_}Awg-ow@qLZ# zmTxAZ);sxLU@Ca7`z7_;BR^OlS>gBI(`I5IL1j@LeF$;|F)!2IX*4}S|2qmyWMimh zNZNC#|F(dPZ-;Ix(x`u|u?L*LQxu^CNJ2)#UY8pnt{e%Gn~I@FeT1sOHcZIe@@@Hs z&7yo=;o?np&5!5!&r{XN$g};UMq8A_gUuXoPZ<5s!BBPi$KXzb_n_=SY|oro^s{VV zRc>BT>;*O%2>Xm9bzJ zl~GC{D_PFLg-{YQ_rII*rt3cF-0R0|j?T8SU0K=&F2 znzcoGJv&ot8k@F7Y%q;i%d)tloXrIkz;J9dA=2~0r)!G?T%~qS{^mORc`&}2mwn-Q z!OeTLG07B0kf%c9iVA9U*Fms(Gjgw#RIc-}{goPN#M#D6zUHXtu^j7GeayT(3R-Xz z>^oxefs1Ji{^LG6khEtKa;#J$1Jd!Y3hcx2Cn*fX%&I!14ZCza3RLzgO7*6kmk^X8 zCs0Kqrzq4eF+5gf@4*N(X-ZTb#V%Hv9qX$F!`Sa<@c(ekkVyRSE#1;1e;vxR7&664 z>raC1X#cAD%#;oEm7H_!m&7FO_-Qu~TAL7%A;kgA{haHD5 zURO^1qHj;dHUf-XDE#`B8S{%teYm#G|&R31RaXFCNSc3`D73#@|8xn z)v=VIki_=T?doCK=wSOc;b^gi^_-CN$pX%_ z+e`qdoMG!BQnc&tGgKSq-h?En1#fLb)y5$FL9nsdBH#*cHWi?CFRS|*dWfg5dV@nf z9qFsP)*pGOfv!VL!bbdGBa-BHSmn*Q)^2jC9%x!tHL|Uo$Ho6O`^ippS-U{X5{0Fn zi!G@|Jq)@p=+@x}i874Hu-Y|jJ)t^nD|X_j+$Y(4DZzs}G*bl7`Ex-?kD~K0#z{W5 zm3yHeZ4NQqoqqwG(353^DTnl3s@gX$%OB`FRbEV&@o}-ddbh|}!z9Hj6^i863IWv^ zh-OO9Tm@r!jMa{roSgT&p8>*n*sQa4uB=u1Ls)Cgr!CjC6mQX3aqC;Ji?08GvA5?# z*?~yPStlhmx#1qAeYd21KYn*4j01GJsEYF~w3f&y^tqH-G`PnX6pQgb8KMu=?I9?_ zE}&N#jYgyyW>FOASRltw44SfeUY5?O!ghj6JlBOUn_)cqViWL?`(m;{&A*7eHOhQq z-!aGK1->@cigI)!R`hig9C}KZReq^okto8?`rPdR|bYSmo=|l^l4*UuWv{Lyc-93k5dEk_;_lS zG-S5L=@_olU3}E<{@^C9Q%O^XY9U}#D+q&)6Ze4+t;KWF2cQ8!5HchWefCeeJP)^j z`gEoYPuef(;B!F5Lth*`j_6_VH&gfL4^_tOvSo5Hq-*~Y-qI~snZ8uj7xQ`rXFM=? zUb^8N@0srKtNS2v?1$_gXAd6+(UM=DUV6kJnDMguv1q9d3CsKEg~Bb3 zfwW`Pq)eR77{%Zt|5ft7p_!g{{0+kw#fy*;>efc^y}Ez@(|k6ZvfHIi1Pu8>B4{2N z2|tlMaYm=&ZcQUnWSGaa?_@u`!BHDgV(&57YlrVOD(@kIj&hLt2f1HaQb_w<{S1GR zsfR<$fgSawTpq~u>r6YC^7xL-VKqy#=DE%UfP zeY(_mJT9zApj~U7p~dmq^8gqI)yYGDgaQuyw4Ayw>_(yPkYWpFo1<9621>v8Z%kp>VM3^ z!gdkc7c?{&ILJ7rhf^cLy$P z_0iHH*!Ib`d&=$YhXOLhfJZjenWEgGs`8goPF2;hS=r>N-Df#tdl!3tyt}07)A7$m zl>e^vciy;%1Hr6*!laoDq-J$;`IGH0T^)@c1b-|NnLsKWtuROdk!w&uBb;|oa4}wZ zoV6IIBS?i{E&&}yraQb)W}yH>VVdHAs~kiNh+eR~sJ5uYxcaEHNtIly&lHYtV((A5 zjx1RXBA&(e@1^dC)whXW3qa{1Zjg~9bnN>*uZA2hmYVxb{?kR3^?VBw2Y0USuu}{5 zrCY1===lkFF#qCakq>u+vZpQ1O*8E+sP^)0XYGg<6D2fEF%!UXo~v55^u_1bg9|FW z=*^g7 zoArB!ba{qjJMm^C7)rXU(3ozVqFy+F_Jz0lyA9vEdG(8|=Oib;w}|VGzIE5TN%_A4 zzr~xipY=Ifxkl31yBdmM!~h8qVP^$(UdUk)6eB`5i}D1TLn6FG>N+57>%yAUO(Lb` zf(|s#%Zj=H6|J{WJ51#JAGCfbP6mP!5mlb(GU>Fo(!7PIjOp|)T(8x0r-a#1l zL5U&~1)V&WB}J2o)Tg(vR#ViTVlmoUl?k))ZFliy*#f z|CB%7aQ6D;Ft(kULt(H98LXz;BXZtGu`YW`3q~`oYD?N$Do=E6!RNo6tqP{JwSCO7 zcV3pOcp-L9gXBJ)H)Q+pz_4s2>h3UK2l&2l?dJ)@FfWP_`I%OnnP;#}Yd_GUA851D z8D|USeZ`CdNe>my#|q}iP+Bd+ z3D20;I$&AfCXKg^)lV~AGc8MSkw|kuXSmI(r;X`M_=M-$Lb2}FKJ0j`f=zjvQZwhO zpR+NsYD-t8uIMUdLEWm`ff~DCr&l&U1pfXiR(GG4=%8q95Zrd(i8CiFiTK#b*4M^g zjq8C}fgsY~!_)c0P!U)`VF$py9B-g_7;Ca3^QmovvF8v6`ut>qJCy{)ag`ChOKyk; zvE6zF*dZna9o^S)Y|%;Vw3EZv%e|XLo#oysML@oJj&34;b5RnC(nfvB=_tZYsf6Sc z2@kUgD2NA{O@g!IKE5aibv|^kc0ZxLK?|`uO2-i=;mQ;cYR_33#pSFgLmnV)qPJ!7 z!_`lu?HOOkhgbohxhilykU>t`uv~N_&+E6xrWatD@W-yu-(do8@$RmOx*e1+#POy4 zy0u{kp-K-4V4WaiDz{Nt@4nX1=^JqI-(IO4kU}KAgNS>j%oU4q{IOXLowpd z?ld9G-#4(z2p3$ z#yHuIFEVjZgwy`s3izXVM*~?$p6CNQcQSOOo>zOK3Cj$7M8}dsl%W488{2hTWN_01 zEIjljWRPmLn6)tTpv#HYRlvsPGDVITlN1B6;d)Saq|8hsPSy{g31f2Bcd$!hyjqPe z3*lc~WAD!~#j#CS-uIF-FmFOfY(QCazhb^gX?}h$TNzpGNUJ{fLo%c;t*;YPaF=&H z#bApqQ4$SJ_kyJZLNnyM1i&yt04y#GJ-^KsXR^Iz8&!DmFaNA4 z7N^2;D)y;D;3A5@hO!7QEqF>NHIYE8FT2Qx+^v1UOb)X@;T zMdpg?P|k!FuGVX#15%=8%$s+bOE}o6Z>bU$jR`kONO>?CngpY;$Xm>v{TOwM`xGvP z@r|aPqm^k1Mo_R-Yh?Omk3|+0#nQ&Z*aQ6elaxju_DJ*xys+mM+EAzgV-=>Q;{+Oz zT)!BOJaudW&SP^CZo}gS?cdFqn@l@NMw{cBT(rS17;yU4{$O4_^wFVvGEmkV*K36A zmRk#(yskZG@Hcw$u($G;t2FK9pW1K8@AzCGd6+QP?W90xfhbVS_FT;X8hs1&)siuZ#5F%P z{y5?7oDotwB`8%sX4@-F_Nu<>BjncUx}OlQgwFHX#zJ#4KV;Nw@Na;WVays~L#^2s zCsWKLr6!IXX;v~Z4fqg3itgz!4b}fPr+UC{84Pj<>c_&{fmxV^DcL}|a`4)P#$B1< zDVQ25DSZMth~m?CZ=a+F_%k{9hQe5 zarXeLCgl}{IdVfL3W3g%!-snz3#ddlsldl@)@$B=iGpa!`V2K!F6!uig`UHo7tX>XxAtpUl{P7fmEY^md z{}8AGgkhG>YxCQr!DW$|YEiXf$w9!snbaVn?kaTN_Y_;T+#WhW>y8f`zNTBaEE-Rx zeR5ti6aBH%=YvCuxurER6-(ih^>I)LF`_yXrl=PicS#JDr(-Z__W%G2l7>R{*emE}(FI#9YxP z$4k@N??zZ-%y-FAL_VCC#Gl2!QN{#uV-_EXBLdKFrItZZqP? zF#fi`cWU;-`3c1iS|oju7DAB^6@=v?Y!=%x4iuzonve4CU!=q}ITZ`Wu%KE%KSgYi zH(6~qPs(xEPjog;3g}k&@xi%T{cI(r_pKh&i>})sJJNvT?!CEPW-M_wXac+_Lc?%*nkOE6`ZE33@wK~T zX1V(QY8;j4ykt+-SM%(#3rM;vFkk6xz*E;r_yl=(T_~8qTc-$KRYt@i=0?9}YQF`|X zq9IWFd&P8!ASBq?DIB*(^d(M@jLLR$-Y8N6V4r+K6O!LCmxaA@m$8=})s}z<$fT%~ zr0zcGI>EDNK~qWL^P&m zhe)^7MCs$qN!z(8K3eew=JzK`$3cdsZlj6c*1|*1!qP0ZF@jghUP5m$V|Cu?04i^T zfEW@MT{)Us|F>G`rJQ}5?3`NiI#P~gSr~#d;N1f4TR@tADx=JcysbyLIx(Fby|m>u zADp{l%fv9W*BCftq6Wp%*ZbsB=HYBs*Q%$V#8`+SPboV&5&e_4tGlJg>#c7SUFuM@ zTp7AXqdjnpqdpVv8N>4)xbN(iPy05y;0uQ_cESq`68K_4j1e(ZJJ2?B4@t8!h&R_M z7CbCO-Ua|yPQ&M6f00O0)ydKx)$4lFY}srfdftD#u8;=ECesNLBHeT(#Q z$P}KZ1f^)>xIN1LbfF)U-LDBp>V7JQCGXhhzmYkBZ?eF|%0^A^GBTj|dWe72A=_4l zAnSNx9fDBvA;k{cgDzSAbyBG2Lb0H~Wb|Kw!PFCP+}MYnzfYL$;OO(SbFPej8Qw?P zWS7KNZg=WQLovO}*?6JFjWyDQeY*Ms`j6S!^5qLk{@?xX^-s~aN`S&LKGJ4m)la}- zwdMC@=#!lI!||fyoiL%r?*d*N0y#oB5)>hhb-AIF@S`U0piSkJ`BGgb`u14_TNj>E z4Nk4hS#0IH(rt-ZP7`q%X9HL22I9&+4mgsyxr3`~QIbmRSx&~=N)M5$TzRw!Qv;%l z7gex{a46+Fcs=BoipQk?%_IaVS|pi5<@#{Y0$#a?pEZP1#5PA^L`SA%l{3sdNF zH0DLUWeV|n)@lE)h(aPG_IvI7qTpXmq_^kqq|Laqoz~%N@u#xap$OL#K)0Fh^h8g8 zue|q&x8q?K*_cO5(cbVr2(0?NHR`P79L*l!SvzNlvVNL(X}H>o{Pv zY>k;Iows$hQ;tToG8qMTi3m)Gt=^zV>mJxRp8 zJL2>+Dj`EYB8+T=L6Gh1{PGq#_)-y-lO`W@Gk9F=ICfzz?qNHQf*wAY+0R)7kY=mVQUqvWbwjF^&o{?M9}81I^wX$zgM$3>@v=71|zaC*7E2 zfr0xFzpFwaRh`0E%5+!Bd=wN?1(qccQ-x&ZF85iE@tXCfLmaW6E|B_K!P!-Zo}*`_&dZg~l|A?0{QQ4f)Pa&*BV!c4!g7kB%fgMD z9#Iwq^T`7M-s_jm3 zH))h3*Ks#x|FNT|sFZHHOD&690U4_Tc?}HGHf24Oh-WCfEg}PkUI!&8PFGdp370Wu zl$fgq=vu=t^SaeoZ<;2M^SX>`OoHO_8bbWFEPgz(7 zh81oRvE6k|z4^~IIUAC95_buXw^s9`Muh8f7t#4@6e?O`sBu+!i7X+%h(n9RupEr% zW~Yh+X)5%ep~_0I7dRDGKIaGVvg^I`O>lkMzJ1tRyk#Z?=|C&6QQKUWtaEOsrN*vI zp=)~vX38j>#3sVYWSMY4AE!b@JunA0v<&mG$X?gcw8VU-&?2Ft^7(t%;?`$Z263`nPaxl0k!I2o!}{%e8J#hU^eH8tS{ObC|8mti{+}d zDI_syR)|qo@(8M%kfhD}*_@sSvp7hi_jIXR1{JCYIcLxLW`g!S0iC{{bRy1ZgOGBz zS=s2S(8;rAfkvPWG7Ty5tdE2u5Vq*foQ`s#tP_oiuv7*Whu#R%#IiLIJ0Yw>v_IW9 zysTR#Tl3FzE?Fu0eos=SN_PrS7MFQm?E7iU@Sh%p3(-SiTQ4o}7pj~mT<|^Mx}bYa zmf6!OKjsTC)b3};(LCk8P~hF;{`q)s%n>$bHG~_ENRCWYCxn&R*%R<(ty3K`KbSDU zfGJ-}j;|1s_1J;HXC%mrjlm7L-a%>v0=3>Ov_4oOQb~#JCBm&PHIZh+5BD;H)~zxJ zOsS}GS+;7GKZ*{t(&(Td^Z6SQ9;g@q47BVnC;Zg~5TWF1lFn6y(-)FSd+qnnS~-cc zncQrfGz6XyZf4`7ME%=!545N>UB9t?w&!T4od)=o9-^__g}lj8rXox4BA!-nzT+$u zQ99#dk#-2FW=FdXtbel*3f2`nE;0P&+R#IG`q&;aV393DPx@G*{S%-K;}HUuGH{-+ z)=pQ=fwtvju4Tw@LA3h`h84I%`;~8(V12E^4CPt~hXd_S3K*snT*elfn#4gs#$}i+ zMNPiTY%pF)^6;4v^!CUng2@W zb`cmb!m|Q5mc$s3ZJ#Ghe0X zB8)KJ`eWTCL@~P|$5plFg$nN+6%hKNm;(UIRI4x+lOpttzp(Xj&U~myiCuW;#m(LS z=gVv^DeLkBv!gL&=-kB}wG=GyOHNdgo(#t>Wp35l(@ZdYxZVVdpehK;x$dFkRXKlm z_%YHGF@;ZyGQ%IdzPxHFKCk@nhs86Y;;E66$A`r)i$hvVV9V2r&>FTb`%n$~*LM;K z=tw$&v(aP}C_G%g-AuTb?%gQKn2}sx# z;FQpF@w!aj-`?R#Dx7jH>r|_8umSHs*f1RpCr>U|SDEz1A0GVI#;jQygVBM42_55v z8sUWUS4YG7`OBVOxA>u(>?2zvW)HZvugce zHIs|?^FZtKZ2i@q2MLxr?O-nXB1rQwHs}3UKfC+nS`p^}r_?k{FLW#M*o7TzL8H#} z$!N%SS($x#U%tn(Rz!jhHnm``28SIvcERIELbgQ+rs@5>)a`0{Y6Ik|N}v4)&*a5U zxkgkg!G=qSC-hps{pwfX_YJ{@+PyHUDr*`?Yb;w&X%H@r`A5}=x1c4MKx44Q>b?X- zcrkQ{cb_FdvWK7Li3{Nc+rx_4O5$wG!*WT|E@lmHc_Fm^Ur1vIi$>nu^|?Lpc+`+?_5sa; zh);KQ&ABP+iUP_+r|K9NDe0MWXv0}D;3T23>pMS7C^DoP4}jRi=oQ3ac8Iuv33;pD zF3Za4w!zL08eV`P+ug(1RKB^4_7qhfrT~T8@MDz|5`-2zeE%;607qs4hIbz0qJXHl zVx~>;pRD*-yRZXp+3Fk@BS^D`nLQa&HHx<|02y-V%BtT-tpCf9(=yV|M&5u8UCQ?$LYLt6uz`J8_I&nlhA#2(Yw{70Gaqst|;C z6gzIA1+v>--<}icjF&8$+#_v%K@BUZ%))I&kPO=za<#WEmI7%b^mG!&&7M41i4$PS zA$n>oyJ%|6c>{rTjd|+=u}Kt?0jD`RB|AeX#3fV6CuB0Fj?z;}Yj)w}cr}iPr3dNh zB!rzmaoCq97VPe^HPOie@^hQR1QgS?{Kf?4u993=VJ)-sHYQH z4G%Bx!8x#dlul-}U+e6N|56#TQBuj3{jE4O^x>)};c(L}JPP+mM|>Mmc>%Zi@X-ok zrd(K62OanT=VpZ+-<*=+M}@=&taDwLQ@T}(YxPO1@%>*9Kg&`3=}{#%sd1Ji4;8*B zO{59^x|v~tjaVMFzd&(;t}o=r^5E;*FZwii6c|>)ijS+f<{ zhu}fv&vNIh0q?K%a_JHiOs)>Ng&Kzmt1Y~HglVC5IuE7M@!H4gW%D(=uK8V?^1F8U zGq%^rlw3kL*t?)pUZ~FKQOVKUQ~h+{zKn5SSic7T!hnBb@pi-|%f)9?_F9OYs0ZB< z4FU)Mp}&C~7lMIL(84=KAB63=jaVGBGDJUS?;Ze!SVqZRSthx*O?pckWb(40tvkWKFiROWcMN(W5K9b6>!kuty zkQ_Kji!ZBBg=x5Jo>#%iDH|`s_K>h5WxXxGm&aaw18crp^P;IqiDO`Wx$h%Zrs#pn zfd!I_S0=cVxDf4LXyHJM&G{mK*jixZMYD#;z*Q9ieoi2P=$PkMN_rWT`-dcZ>~lC1 z>u`OQsoHl{=BTN4gS|v}^LUXJ+T44Rj^|FUdwvCv;`?LVE-GcqOoKJt+;I;b%^4#1 zUgA!Ct6xAtvIr#uc{mw%@8pnK#L~8Gn2Ni%()4tsuxTxEI0{zuu!&S~Mq?Zdhn1W1 zO=D`j*6i~QfHAPH%KIrRgI(10=aag6+==IYh%ch>@@lK1hVqr7C*-SiZ)2tB_rG}K z=4^8`-5w!vWyXO-oJ@3G<}fk^sYlHH)A$NvX=c99%+h8XbPp$To zIUoZ}0A~-yY0n@@nRgL<=R*iVz4m4`&h0Da zsLyn*CDG?4Jb~9fvSzBN_?*rhn1ow*3DZvhO7#r44z#XkXLtj~e!S(+30C#ry}!(XfQoZl_<8b4 zjhm~nCqP*7V2^IK=KlN6i|5!3ZXU`1L{^chj#0y^QNcUPZs0<+lAbrXP~^sRWuff5 zLMmxDPT%itR3MJAzp*hj9u3ldN{{|kCVP(g`X~Fo(XXdU@EXid2B44y8aJi3qXFvz5-rwBz%>G|F$b1jmePC4gzo9Tl9~_&EhmRvCR67CGrO&) z7UsdhdQP;6e$$t3=BTBfq5O|J&~@}vdVL(a5uak+FTV4p2~=wD!Jmjtf>2 z$bpsS|AOHr|Gr;e+jVU zbN9U!qP+dWSj7dau}R$Ra!79csfKO>U^Y6;OCitCENR{>HW_6@j0DvfIY%t6mH((qxNjR9wWC zevosv)fl$=jnAj~9?dgSW|YY8MD7ylFN(dQffMy0sjoG;qAMqIrAz_eqj^s6(Cjqp zQN_*&m30rc>-}Vu%NR-Oy8YXo*L9Z`^TXAT(68;sG}x=4XEEDVC*RBgmOIlwCN~E9 zKw1nBt^^F<+Ma9v;jje@&U5QRr6MrN7Js8H1XhMv!j}Hu3=S#RvjQ1TVM&#%T~$Gi zROZ5=Bs2s2b}mUhz#jl8Gwm~qrg0VSd`?W0!w#=QC8=98a0@0K_J3g8(11g6bz{I^ zDL>Z6!Ky;3?UZCRwwre#88=t1IQ&qwz3A51XiCZDcm9M68A#4baL-AYbNr zyH>42=JTwkrX2O{?d!&Jf`v1)4s{#JC8nbZ8wKtH|p(F(=bPS;MvYeaXR6*1~+;XuJr~JR)J34R< zoGu9e%%*dj2U%~6zW0cvL71_nZAr)rF=J9saY^*6Ygq|pZArKQ&5TI~Y*wFD12tTu z-#Su(1Q=5u$K>;Ep6mglgvPEJ{ag)Km4sVQ_SQ7a#?hN2Xcvn(I0ubBO4p|&rm)`z z?T7;r?M=qxjEX~;3Hb}O2{PGDn7=rm{GEr08!FD;nF?7rwm({A)!L8qkl6<* z6|b50Y;?7ux9aezstPii#Fq45T1!Cf@KGJEoCJ{tS;+~oC?rK|%khNhoGNWLx7GkG z24AZa%3(MPAnRe+R#s-#@F`W=gpp{#jSO<#Ib4b9_k}~m8D-(TkAaAtPk;-W!i4T- zP*hs@r%*fmz(1-O`w3lTi+owAP4BtOT!6UDLU3Tyrc4}oRt;lPCXTY{6wxzO0~(h4 z|9M3B+W!+;;_7opdsmh{Jh|*2r^m03uLe3gudn~Mk+z1i^x(^vzYYeb1g-FOtYGyo z9<%&;AWp`xRxLJi7mONKV}|$BVRTNNKah>ze~y1oqf~>Q&CdRw1=~E z6FS~R+J@x0XK%IRI20BY7U*L4pHo_v0B6(NzK^1-jB9*Btl;?JP9yoYgCOJpjGX#7%p~We zG7?^xS}+uJJWIYIVqHnOinQ3T)T^u^L0{{EY-y*A&DQ*_c1!$af^5bUx9GeXKnsm8 zOTrPjVh=A}>!+CpJJP{2d!}(7Ux#z6hMF?Fwl`{^m>$A%Pwn8s!lCvJdA&!=lvn`s zipK}DyT^L8JXoHBBBWYiNq&FlhE==ya?xHlx0kQSBz*fo@pE1hC&u%}aOrv+i|-sL zdg`Q0(O{Q9d2#a#IK@V*;Q~0>#@uS&%E}y^Y^K#<3Qi%OzQ3F&AuCZY9gwJ(N>MIP z)qk8)g}gm37+;SKN@2HfI<;;+hj-x*Z>Z~!0Eu!)t#u6ruCUDfY61hwf@Nf@c>3vn zh!MTw4Bk!&OlLRJ!y3nmjgwXs3N6ErKeOf@(NpXDD{u}RDCCAv$kgC$U3haDIA8Irb-FrYjC)gKR@pG3Ove2wC}T8zmKfWJ4WH!dZRHWOHw8nN-&@ zp9mK@4IPStSI2orCtCKzPZ^67)oTxH#@?>4C|yuvyfi{QFS+$5!TZW7+>2GatfK3U zq%&)tUN1^TBiP|-t|FY~WYs*pS^!|^1Ni;9%DHSamsW;b0086=^cq^U0VLMn2)0bZ zpDpE~c}gK4B@(j>rdh3ky5O>!PT&Ett}WXg?LARpvz3j6szRfx$<02+kvn&$Kz~T? zgIFB3eOodNfSH>rQ~d4hSDB&wLSrqR&CEQ4Rvq0736L`U9f$Wi4i~F3VjYL}(3L+O zS7jcz-?i0UL`*OUT*q?Aar?^&AiSS%0Tk(QUp0(}`Bemto-|PT?%bvde=#X#4X}bf zb~yiACIoe#Aqu;_w5keGiwJ*O+@MpDAuyeYoUCbpagbh-IcQ>KVPP4u8q3DD6CQvh z{|flg+@MBJ{fSLb4%5v*a-bUxkp4rAKAi#SSyr7=Om@pInCs^qc7Kv@^CUvqoBsX| zdb|pn=TLhe|5;e90^rSwmNaYudrQHGKPG_x;FP0q0xOJzBL-nSLJm zzR(#(<#B@ZiE#cxHBy=E}}S}9m5WYE{K8wFe_JpJ_dwM zpROu!2Ohh^ZR8G|94|tdlSqd%NPWOZi#?QJqJ^OV=dTmH3g>7eE@K+|LTG(g-B^Rcsxc`!T(Z z*aurz9*;vkCl=z!XbDa)tJ^zp^BbMWOysl#&n`GrTjdzn{DonfuFEm)zNy;?KJiO* z{FBba*%CVpr{K$sztC%~a7 z6V%9Y5wHZdj4=zDHUA!aya0&qtl;3%a2yPaGPv$Xh4PHAN2XyotP9bB?HW0Q$*{A^ z>ly!=V(duGKOsZ0f4kZtQ=Y?61a#DQ1t2CF@ttd7083U=?yWqC6k!b5EPOe0Y1 zkQqnHZ(}@#NRGU2y)WV!o{3?5OPkot$46_C06$Vtn&%X?ynEhMk1KFwHs+^q{-f6> z?7J#l@Pw(&&{NCu+*`HQ;XhoqOg%^x;h7d;i(G#7Ob#Lw{3n_du8uFmZfXxMNX^a| zY2x3v0q^I2183mhHL&P-_=$fI^ftux)q}3@vNC9M%Hr*g`Mg<0_@dxW*Yp<34%qE&9z)pQlgUJ|C?H!tb?J z&8)La-=8WR?l)J-q+6stSNepAc?xk@t$lKK0GnEiv{?j$Ed5ahv=%g%s@@%F_yfpYc9W5*Odz1~3wxUO(M#qkwZlZ^?-^DY22Cv=T1t6Ut$ z_Zx?=z8~5!J}wET!I_yI0|Ri+GXOB<{?5^^9%Fk6woUDvxh85PtqIR+< z+m7twc*!XSCd1L(Wxk`2-iu~IK}XOR9$iaM#K@R!pM@a=DZeub6Cog0Ry0>y`Df{D<=Y(9>?d1tw^ zs8i_m%>-lhF;KES03TNlWcYEb=1vTvMzpY5w-{o)VV*8L2mw90PHJ&Zm$()Vl%(l>6OWp1KDO(W9-(CUu71YwwWaEZCG+9akmaR@41 zbEgKO@l_QqdYFE{)&q9ng~IG6=u33|7@IcNw3qD6!iB{AxNJTf z2xTM`wI|~U+}RoNIUq1up>a1`Hm*%r!~&9~+xJgVQI+Dd>KFed45EARC$9RPG=!)! z|M2xl$1AtwY^lCCKB(8-oaSA_dr3)*+aU?QvhF;t!i>zZxqfvq|%-36IW19{1NoyOSpe^_#mu{+1P6w|GYw;vzg08+H zNH|s*%M355iA61BX|`QzdGQ@eWUnPr19r3DAhIx*f~Q3XSwR2dmO{eFkpr8N0$3Jr zq9^L1IItbbXe&hC;K`N4Lnd<%St+AE)i?>3cEf}oKr5-iw!kHbWw}^kKj;+aL)7}N zvM}*Ts9>4^y=$t%1M>@lp=V7+cu;;`e2~5GvXjp40nwILh9?o8dSGEoUAU96K5dj86&1+^(UCUsuQpZZAySIkxuw!WKEO zQkJY@l9!)0;5Ccf6@j;a4*RSubm?h}k7b`_%x|ic|JLzWP03G0zzQp;wy1L}R_E~s z{6$^jYeH@(b<@0i#!IaM4C%*7w&S@;31|}i&sPviVGXDUf1|yUNO0SBI7-;lvjP| ztCZS^4Ti>czfox}y0Dugu}ADC_q!}D_oy_MUf#iy*dzAQcY0#}(yLS#@2J;ZRUP$N za_ptufwvM!`n>Dq4P6YcD}1s^5z{Z6-G`RbODQ@9KD%T=CIj?2CSG>1ec$SXs})C^w& zi71)<$*>-g=6z0E_Eyje2>x$sw<=E<%pSr^y_`nAU@H%8J`6UmcV~7m2Y(2#(t#CVYcl`w*erAM zF0pwZ6;1%?m>-pZ!UrQ*NMXqexdGJ6l3gw+BvKXyM?Q6$UM|nkZX)CW_pF|n+f|~vX{lQ9Be_*hK zOx0f0f+I#46ybpMEDQBilzDM+Q_raMn@cBI&!J zmM0et9VmrCv0U8sqyD?USES%Hghd63J>lpR%X?G0`mBuv#o#Dd)L|{sJul647p$!p z3L9im7{sMV)%Jgz((9DdcNe+Vi4;XE9_1n9gSAMNYt%NFYq})9@gruF4xxrc{oBvM zosp{R)qXUM?ajq>X7_?tAY+oj)R%F7rF2;Cw)f6qTCW#D7m3)VZHx6x3>mYBY}gVi zZ8Cyrem)g>Ou#EG!^uEv0?UO!?K&wgNb9R#%S)S4umNsK;`ja}51 zGY$+^r<+UW61EvTqTD0HTiv}GwwY@r_rJ5cPE(q-Q7A9}CT{TcTFg}vE*g=%V`{%K zHC!YkKznlXDMl<|MYGmA`0?n``(^-}-kh%d9qVyEF*%|(B;n=5h$?JIK%uCyHuR^p z|6%r~o;pq16z5ewAPffevr97C17ziqJ~CyC@E*b^+AG~1)|1<5VqmajrcR0y z8l(^z+$`%=DB6Xa|CB6dQtgH09%(+d(%Kg_H?XMT!A&*k<$6jK*|5eD?)CzF{O{CnBl?;mZ& zVUSrP3akA1KUxqf%5l7n(g^f}Wmnzv^H=$?4-6Qt)#g{{948V{U*Wo&T(UV_2~Cly zNtAn9Vi1Z$j3IH6cFTnBnn-q5Tejlb#Xek&88-y=76EH0v>d@q%Q{iD#NrCJ!-d(< z4tl3CJ+l{WFpPeh;z~o;Ld&nljCrvYG48CN}~j{2E!J70j^#fzILDRhx?`7t76d>^lm|6NwA^w z<{eOqIRJ--xin68^QH!vjGBxR_s?;`N@bcHha|7OmB~`fA0+%vmXJ}t$KSX%J7yXt zp?3%Rb6RuD&KlH7eEDi4d|H#OE27?aR5ZfzWNl(3svxdkFlmnpexpb*vjevv|B3eW5n5&m_(*FUNfw;eYK>vyHO-~aQb>_Ne)9zK~HQMs`aXZu|c z0{j)*^jn1fhu5bhYu?xAeJ;_VMJ!}?U}B}Fg?Z}m%mQ^^g>Q6UQ$fz-p4L-0Mt{%{7l){ilz$e z>ldFqYmfclfSV0Nc)0w3Qk4kayTgxb02;Qg!M#WZTl6gJvwCz?NT^rf=Arz-xq`th zi1}$LMarUajTyf$t7JB-q~}e^3yUF_PtTf`ZkW+W8#wXon7-O-mW=a>tGL+g=#s){Pe*02^7Ss(8vawdra%}l)%}UN z7q2}m4EU&eLp)ypYCkPpw67A%X_PNd|2AsxOI<{{Da2k4*^vs1d3Yb%nv!h#T%Ys4 zM28ki8qBV>bcp>urj0)r&$t?zZ!d_AgSjV9G|} zof2RUcnl^#^G6ltm%e{46aH$n-OzzIJUPR19H54Y0f<6PmP4!k^NZue$;Iyp&QT>6 z-W?GumT67x+d6PN@d{`5`z%1tIhv~>Jhb`tCQKt{udZwx0Y>|F;`cEHXlZ}kue35U z+FS9&rN$+DMGD%4zyC{r9BHMkTq*qUzch1s{&!g^jh|}^wq4R*I^(2P*NB$A1(s_D zTKtz|wlSNNXB~WrA`4bb-~Dz=S~_(}{YPGM!%!tw10>r20c^dnB~gFlpG3&33jUsz zvsC-j5#3cH8&2hh{l%l%!xD}SSdZrN(Bp`uZUT|th^G8kb2c%H?ri-{?qXN6Du1H zKyGUUg=E^rt&KzK^oJm$JAi_#P+!sBg9r=au2&R@%W!mErIArtWOCD2txmW8{ghsP zZos`si%a({F7aLOEf(HIQ9e7lxVp$two?!4{qHLS?w7>hf4gJ-`QL!^RLz=G%C)Bo zVov>dTt!j;PB$n_DG#PQGi(z=!@?momJdG$c=RvhhhPhwyvEFDR-FlR)P`0PNHVy% z|C(PMYJr=TBvS#fOF>2q41%SJl$%QJB6tSmRS}l6HiFrgI1&`5A%uCHO1}h=vYEf$ z;(t9WlM~`fcK4N^p@O&m?NUgeO?GB&Na=C0{(0gsvkzl8`jE4L8xTh(@6_s442pm3 z$Ni**arvP_^+Zw|LXtT^BZ)neelO;Jc#_ip#)6TRtR8vqMZl)AtwKrZad#QITy?;# zFYfJ)qx2g3DNuu#T6v_2F3CRtT55RQREFL6)kT6$l;tn-AV{RgYw3J{FCP^4fKJ+o zLrVVRy!{>;qC8kG%m4jCIh_fiFvynoaUV@*hOs9iM)<$%zklTUtskLZ`f&%e7-+4;*={GIZtw z|LjFKUtZZT8G-UN17rgZG7*b+Od7~I8j#ABF1LVX9n`R6s7EoTe+8z(0kiakhkGn7 z|J4$Vu59tzk@PRvjmM@bCe`rn^6WJVRA=5!bRYNzDwvbYMpGWa8KF2J=KODv2hKdF zSj8OXugGx-Zx$CXBqIcuEbrfe;8XapK`ibYOn}T15qcCbF?FMtW5Pffs!vFmVZ;%Z zq@}*r&tvCThz7hcNN*kmBsQZt788kX#mdfN88eGsoPT7!U-k#5*Ngt0B69I~XUPA# zOok57*z^vO3MVt7zNfMQ;6GUH4s%}Nz^2Z!Nb-rBpMZ#7e98ji#<<#G`s&a6wdw8m z(k=JijF}BOir7Z_P?i5beuD1CgawDL!8!nkpidwTQj-&x^$&|pg{fPoaRn~^PS`I2 zIsk5-nC`A4i8~;c621c+Tlk%h-Lc=47)Ucfk?kuIp zklOtx4l{~M@wpNqxnpF*XKnmU<7?~LUT1npcqBnKQXW5bT6}9kHXM`j0vRJ;qm8fC zb|U$=(n6n6g|Y1&Fq8HezjEM1U`UJXQ9XiCbH|7NSsmp&-2MvF{12jrn=R zKVUB@ILG2}y8pg6iEj~SStA;ZAuH&V71XMc>^t)x42INlRtVcWq&OIp)G&_I+C|A< z!b6T6{6Z|lZ&9K%P>t`lL)a{;B$FnrOnee&T2~SYr%MLA;R_tz9xkJ;y0RILIng z^94)ejU(4$QW?kF3QEhTfZxrewbpN#yG$MMQJ(Ns4m?+0S<%Qlz{^&gcoUuz;U2nA zpJaN3Z+s-?fd16dEDN?g)TZa!XFAcm6v}w?f^SZ zHM5zQ8GAH_yI1+2Mj@r!q9x&3>&KcN;hP*G9?+jUsCV7;Fn`v(`Y6@4b0eLWde^uv zJ}i5;`;BzPmN0J@O}9=|shLM{a5EufKCdLO8nIw=leG9^+?*XjW1IK?vOX}&GY-vU z@PdCd1e6-6w`#Bb_TWB4@O)4H!YI}BN<6DtKcLzWE|hGZq*;;9N0jSk^@}rMWv!H^ zIq*5M<`?&X2oL8r?PlME9u(6n*FtmZ-B^@OADcy6AT}>GU(%YT5S4Yai}BNhpt-!_ z#A--~t#wlRr8xbvW6h_!jnZt@>h(>}LC)uTbs5~ApE>t@Z^6sM?D|*YskW%-*}{z8 zW(jK|=bq4=a$~cy@j6~2%Ri?ypYhldAY*C+%FuL#|3Nx|zbS}HUxqo%ATTpp&;Oc1 zU5P}V4(`0j4j2EjOe_3Oh%D<8IK*j`pI*@^tm+sl@BuW;ZrU(m!drRz$-qh5)MFWD( zc_LqF7QnwHa^bPTn-YC$C;9oS^`F1VjGk6gx| zlHV_315G8w;D}{6l2uf3nol%IKm!NOxNurgmC~OPL65V|R^3=+e{gGMhK_QZR4{_} zE`HK{fV(9+?^v-4=&>y1PYvAfV|EsLC7vQjYl4h&;hHqorpInGOCy~xOYhd2(-M9R z64ffs9J28LSyL@;5~wAPFC9K8bbqfl*BE>f$)=p*3iIti0h2(C+oE%ernkwDW?)6w zH*VmdNg%-uES;h0Jk*@`*2B6<2$Mic*s04k053^2xBt_d)lvzY1d@nhU5>8ug0A-N z*F!R&2Ahp5z_UpXU9K9+fs;Ut$u%rokQ6HiTCcV^mim&mX5Gglqm1rPlG#WLrM%?Z zr?V1q7_5t01aDG2!F2@h1#?K(cip1-QbK9YJXYk~qn$qMX$TVtdHQ8|;V^>LrjqJD zHs?0RAtkq`V1Ja|CoS@Ej)6ib-&9Ys{X8@MwwtJYqOS$iCQC5|=t+b%VgK=y zTI08G9L5UFA)2Ag5ltiEK&K2x=uKpn^6|Q_CKtb=FkxjO&;>;`3DcIJ1wwXJuwOSb z(?g+)ga->%J7MW&-4aufRCq%!cwDA2mmn2jyrm5#pjZy{U-`6coxB<@()0+>n z8eJNLS>#PUp*>V?`tD>h0zj7y{5lkn_jTlFC*BhJ&(VOqe-E-r|BS9H_6x1p0j_|MGQ&l6E@lAK#>w~9lsG>r9E9kt=dObqxSY?7D>?ZML3m)045M2q3`5`0Ww35>t8LCt z9r91!5KAf7t&I97RmB|o^{! zJ@~$GD5S0+I1z|eL2@REXP*Hn*e zNg=`0O%*7{@0ERucywHDYnP{ybZ|wp5@Qb|kZ~P`rVNIQv zShl1G_1}%|MWY7k6RquqphOFJMAfuRKAE!{(8> zc`ds(;6&i|a(cO)e1jSlSfKam@j^$S;ir;ipRjoybG$jxd`?Z$@_*e%|J)AOBzl=y zv`CAbxHog1Z#dn(XexfWeO1L9Y<3&oj&rM2G8{(M$Ik{E?+#9X^~_Hy`JcwBWy~slf_K zefs@wEErj1r;6h*vds906f;);D}x12aBq*{jDq2XD*<5+!rA?x72Vz$a+gElw}1Xm z4(ii%%DLQl9%a-1X54v-oTNb9U1`55!Xg6vH5PH5>sF`jun^r%ulZ#cf79$`c8Q@J7C$Gxux=)asg{Y&~fGh-}s^CoiVXSIxh6Po^#XG_14d8YoQ>0_av|3i^3@MRvOG}A= zr@^;_%-qtL++TB&??~^gRDGc)tfT*el&a{4{nsTk;)%LDV}Jsf*2nJFYJJAz@*6(B zRV>jfCu=e)*pXavTUQU!4K}n0Ub^y2^1(SpUbiy8dzK$ZsC7&o?}I1pcc*am3w75@ z7L?gFjS5Or!`isqTL{>kWRrTuO=Bnep;1gLLM$tE4%f7!p!CzCGwU&~fGm{y(oH|z z)&|stU)@Mpu0FnnV;sWS_8T^Kxp>PtVU(QXD#?EE^cZhuf-_8Ic3pZK){e&TgK5_A z44qislZ7+!ct4NKFUaU_#brQV6Jj#6D@MkGsgNK2d`vLD!|CVG7=FBmM<3J5;3Pe! zVlW41lZ&5hNl6Z=$Wu2Hf-pEfmdcJiv*&6sl(*AWWjVGaN` z1_jb?AB#of`_LP-5ift{8fHM=U0VNg?**sJXT3!au?ZU!hq1sVFy1mogG*DxE;H zwYmB#N~EYhL?SwY0(qDtEDR1Lx6gxAmaeNGIrA)x@!OqCCYb6i_|%X*)4zz zXTSwjgr!e*cA*rQQb9)3VN`*Fc?YPLw}GOzFeXx^dV`VxM3;X9Q^fUaOe#HZ^V(;F zmU2B&Nn?NGOnx8CMT+_xOcO?7=l8`wYJYXAa_?cS%6< z3ArwbWa^04G~3~%y`l1jMfwP5-?(P7R#yZFF!IqOY&3zU&+LZ1I?{zJG5Zw19T(iF zU^Rp<(t|sBI&P=WIEZT32af=p=l1a^II#~^;i_}&7GuK}(@b+dzk4LFyK0rr(l36Q zQP$=D&$Ki-D$5s4Ohhalz4DvMdVOI)Na6tJWyFVmW4Hancn@Sj_62Tphlk1>@#m{> ziRQ#~Ui#fgJ2dhuoQLv*U0bVM2Vgh+OX}WV`UN8vW)Gihgu$pOHRKGah@d==F?(s7 znOvbV=a02sFx25hG$caOL6V57lV;B(CZHTV-X8jyS7M;`^Qie6Y=)sOR#bmGas!-r ztj3cLB5jz&^0w86vBD)e$4}1LqCmsq0nVAu5RdD+!c>L3K>`nR7;rEskm!%GK&STZ zeTJE^<}AD2O@q=9sa77XR_-6?^Yqbq-gOOR9TZ(hAqCF+0mqr)%;VlvcDwtqk&4)w?B-`dv*-JuaUK;$}%%6r0#7o7fiL_n=EvC_tEy*##KMM+D#QW{Ey+_z(A;B_Pr= zw}h*({UVDHUHuixb`*$Hc8PMU?X+7|y3`i`g&~DcEKR_X?0#;_0=sVDH6azpzK}g* zkJOk(Q8ttcdUpK9j{|rPeD2Da>wSb$;XwXxIPVok;I#O(Ii&Z|%ie2hWk+(DWg+v6 zXAHEO@Wqm`(x+z{9XUR&LgCZFX_{c@Sa7m){b_gLu>z8L^*; z>H@~1d?V30kDlx!pafQ?JD+3Wg)IX5EXcL%+kAQ8>6v3sYt)#vUT3bzn9rsbCSN{3 zuy9PU^P`M8Pfq_5j6p1Lzva1opaG=?;;u{@p~`hYljOf|1l zoU+ee#zNy6^y<~nsSjNo2y5Ybv(Z#JIHgdU7u(ru9cV3(*q~3UF(&!wGcv}c!Kc^Y z`a+c<=?@uW5cE7h4K)}W;Pl6+q7(J?fQPOGm_K*I=x{eE@44=^xsbVYAK`W0xm>sp z4A3~}rYEP%wCCTw*R*6y*?SlAM8pO7CHbl~z;hUi`cx#Q;)4Ls;g$p^7c2>vZJzek zXzhd!Fj^R}4n*h({${ID0a@CDe@U?0-148|(b@vBXjPi3Gh*U2$3;G>=)dFOH?4x? z6iJ#&gMMrCVcKa7^X09eWHN{`i`(|)gXGy6!bn=*K=+BD|&nrX5 zgwPdAf>TNha?ZSJ-c31se#6~=0C%u2ruk!vYla`+M*!748-W27RGi($&zDc!*k6Uc z0KpigDIK%DGatvm+)+j?ue*IAWxCUC=nj@a6LxU#t2f)q zF>QoSz6FI_4NjR5dkNTGjoiUu768)=PCpinh2o+;{Ay5n5yh{rf5A5cP1i8 zwI?B@?x7Ghst2XVEW(_#tWt&tzhUJ}Kc?Z@GprK2JC}R+lGhYH&^yHo!Vx}+?9R96o7}s?qgC;)?YGC6MSH03r@phEwO)7C62$@IK-rM z;#S($L76?{T;Yle6R`Bz13v4M`3edOhLHb)A;a4gYOf5$I!=_v1|UaBTVx{@V)nS~ z1wCl`;=1MH6Ks7>HoSQij}Tk1=sKdP^+ZQ`b7(zkuMB=g(HPNrbqSb8OnujT!n8zg zJ*D2R{4FJSe|D0)HLK)%G-@0%`DndwDpAI?QDfe^cIUP<=a-CmcyiYAQefLM4aRY; zCmM$I($gy&d95`CC*&0;FL`VdQ-K=|deteH-#0X%I=t~&Frd_45>8EB#D#dXUavOs z+{d;Sl#WMw!v5wKY6zR#22NaWDc+wB-C$c*^BK8MI^p2ZoVdn68i(M9y7*5~fAN5> zh?c)I4ZFeSw2rgtercq$@7%`xwYZR&5leb)|H=^74UP3dD@T!L$))rvn)W=~R7Rla-mdX`P=TnT^)BxEN;%b5|LS%&vtO{Pbls-HctUn>SeQ zXGL`IUDY;9;N|rjM1rH$h>?T%ZW$^wC+tGbd2Z3aN8d&`HYoPWYyQmr*D0@kaTASOXWY+P8K3AasWW@%Z5xusl;NJJE}aP-mCp zyP!sUbk?F!R|#$6v8`n>5DkfC*q;$WZzSch&}RpQew1D8l2$-8^7TSiS|Lem)jfGg zQ+NZm^Cqk<;oZA}*Rbr^(b-lmB^c#TLG6VQ@is|J=ZuIofyn^?6$XL6p^(?qoPO8B z%pz*>!YL8qo580)a8{cIc1r7v)(H^tq(%!`anNDo6h|biRlRqSRa7=1>&CVVpeffo zsStSv^Z+jC1{^8&?Isa{2YLV(bOX+!iYe0}fFx1|Ip9hYMgwD=lTpimMX99bEc+2f zefssR`aLQakh7NkiWo?;mj8&LK*RTlZ&Is`fwrGk$Yz+i>G=Mw%{@zprB^q4*X$qY z-?XC@lCKHNj-O96^NX_eb~L`~dnMxL=vD7NLPP|RQEf+t$*GlXgL##;ie+hhP&xyr zA7ioDiNel~S}A8j*p^_ zg-9}jHCie)TEf^-C%^7J`SUGnU9`JfV^QZ_DFtcM_RBe|rUA#0$%nVrK@u#kCIWi_ z1Dg%4f&=J~NJlq?%g>2=Gg>m4tUt*8MF2b*;){C7Ff#GT_OH0)5LMtIzQuUceX%h!7S63p1R8&+<1kf_J zc}7?OLoj}KWeFt0yyA27j!qV4mr<)R0qP68yQA?nhoF^a_O`weg~n&$b{SKvVXM8@ zmvxW?GHLukEhNJ%1yy7MUIU}uD`m({TcbmF`QwX@Rm+W>Q;ja6B578UHcmnRv}VW{ zc%gw=^yQEI>aEY+v8f&|VNtGbamns(kr4qd1j0e5G{^y@3r$!=?al3&<86s%vuj(T zYCmtkI{W%TvX%JW)o*!2NbJ4*A6~fGh zU`jSLj@Tji6w{*pkhLzv)r-fj58a~n?j3qObbRgmnqS^fHc?^rM+shWcXe#m3ZnH4Y*7U#sZLDA@Hm?eujDNsy)87CfS z{nM4@8uy+BOhEx#rPVefkOD|S9b__hgn`?Ww*e->lESzy2qaZPiaho>TLKZC;%<=P z9G4LgKt(IxB$p-eZq|pak&b(8e#%tXw<)0E@Afs zd*_x-OmEFsXM9e!g;+jf?AZuNuRc{*tRS}>VOr09yfZJ>qQhTUBHH+;%wZ2Ur#Cf+ z*Ybz`tNmG9*~tQ3_p8W&BtbG4QlpZSk}`*!%7FxC`PQ?7Gg&F~x)qmltuk%{WWRKt zwPM%f|52{yojP?Jk@7C4GysweZt8PhP8?pQcr>l?hCjcNEGwQMu(-jjjTFLk{auRA ziK<}sH3$Dl<=^e&!gG7B^|7~(DLtN?q*hQ>5J*-_WMsO4SW3!qf)#y!OU?N{Nnm8z(K(QkI462wXIvsJWGM7$Ny$B&gFu9ZtGxi1XEO!(fVOIJWxss zCbnTPzR;l53M1iU|I?Cn2|~;G@k=|lk!3dlomKY;aw%|F&?d^m_AJfxAZ(B<{aN10 ze{U+FoA6k62A`34g0bv65Ooo%sKKzLB6BrD84UVb<;uyIlmx&vPh&P+_HHAP0#St% z_e>l``M);!@LO0O>CgUGWsHSI^K)iwZ(I!j5Ic~gPgyil*&!nK(0uWsQ5mCkeP*(p z)8hXf>FW1Cnd|?i5O4JhuULC-tDLoGdQ8)GnTh!mBZ+4#%Z}$TH&(wT`y%V@%r4z| zlXDbx=3d;{n2JNMZ+tX^T&6zPg?yOem`p8jpB?pPzTw?WGoNPO3ziUsGq&=W<$`*J z#XlaWye}5@DHLD1NIl}xm53iqIAbhOR}Z6X$tt9@v@qi*lWdi$8>~4uI4U)hGbm$} z=qBCz$Ed~V`ETX4#FZa*CVqW!^ANW7#ja`U)lbe`+~1;m?f;ai;q{lTS1FF76iD(A zsJPkYHv$7G{0Sf&5UQZIqdKs=SO*LE#{zKqDEjv*98`2z`M(hte+twWpDlo{7_~O} z3}`Mn^435&sNuc_OoCYE1U!0JzoxJ?Pi~WjQUi)p@2bzkf?NS@VBh~{0u3y6yIeya z+33Hq0zf5P+Q(58QgdGYJZ$I%bKY~8WV z=uYM*W#+L0wiUPngyW9ESD5W;IRI6Z4YvDyX8i*Q#j<=R?#`O}D3G_@KiBJ>c8UGS zIpgZg>y7rffOjGPWU~TRv7G;SQOHU0Ik0^-ue_fp_g#g~sRdtc+2gpL7F!Rd8br_5 z9h`C8z>VC*&D@f`z2{|bC-UBvMa*bZD?HrV@NiTY*n8}3H%tqqEsKJT9Z&V-Jc zF~4Iz&0lJzx;{b>Yh5_TjyJ9jd8|G`sor@+T|+gLduF;n)F_%aA7?hwDU2{~gj_g6 zFrDYH=6AGf{*oiPP`z64hN&{b5BZ+M`5miVTpEqwSLlv?E*zBF1{ttphVwh-ZE>l; z!2b*=#-JOVbgWgjH{E{L}N-BkW$(DZ}lYNUX4se2ost5VwNfc^;WLs3xux=oAK#e>R`XLqa!wh3Et-5WCF8V^JxUV0NwUORcU zA1{0ZKRMGH4o>O-0I%Lzzn!3F7xqmur3+JY^eOGC-n&>y-eF2#ft3Dm`Dm?DAN27W zNMfHic!lKC*(m{g+zFL&n&gLI^ih;h@*ynMOPFA2PPO*yV}qV?l&>zL)M6ZRi0_zF ziv<;{IwU^qrg|5;JU16B<4*OuI^N$J*#c&Ggsj=mI|XE~)#kmNJx>Dx53*U(ltk#rcZOM_dH_v(80qC>AxCfY(ou(w#l=>e zAVX89KxA{3c?<_wAV*qd4)+a!B!FY`0@Dcg%ck#2Am^=5OxegE;S}_c+J((QPe5uq z3d)wSEsk;!iq!TgH;HXh)iX}`tVsk}G_MW)u*<9UKttL=6X3nPn%Wdr@TkQ>j_0pB zyc(HnIeb_GNQyeK0u+E)j_D1EH=gy<^yQb&R?)217XWdF*Y_}Ghc&ZVVSbRVXh=iZ zRgeQ}5_};Po1Q8K;TScNX}a97Adyh$a~Qs<)Smb5ZfBc8Fcrh^IEu?K!U>$h8JvYN zOmGgD?8SesLH92iRb`h#{99kOUZ-FDMlK|_*0^Z#aLL=<{?%;P5SHNX`Mzt39L z6M*yH`EQDT-gJ#TcdB5QLxXP$X`fZw-7I3mgMhI(na2mo8eYNo_9Xz7X_StVj3WJA z#1?x8LoQl8F1%J_rTz}e+*9+Ba`7bfZ7=M-Yv;(DMIvrk!uxLuIwW@geOFptfQ*)i z;cUsNcC8~q`30%p$hv%`r8M;DSTY3|IXaJ949Yt)Dw`cV@3X69s+>;PbzezaK{M9s zih-URj2J?5m*ul00gpn@e{Na-rIvKO84L1@QEm!N9Tg&>!=+9MIU4?vxKFlS#rU$Ame zbuq2D=vs!Wy7?%x=w2wUdUz|sZqM9~C4b|8ia8g18+{sd*>^#`qH7x4E7W=#tL@3z z?S~%(y|2R>Exez7RIJ>HE3`tsSY46(A-yVpf3HTRdJY8TwMt5&^eZYs41*_f*lL88 z`_fH`?_&AhDVTWKP&V>zsfm}3W+Q)8sl>~Mv5_B>67jM@FslCmS=AMS&=^B%rEkx& zr=Yy=Gh<{CuH0vCY&T8Yn?VTiHt<3H#ALN{y*<~}Eoq9e0S(>-bt+nVya79|c~^C5 zsT+%~DY&XzpzDh6@#0yJ$gYXVMuSoR3A1X>Aa-hdS)3_j0}nFSvtgW)%tO^!Kp6_x z^x8V{Swm{E)hJli3y^KlGdG1jJ=^*?FR`u62M(H?1~kL_-zpJ<;Lg)?R}kjIqUYh` zJj3V4)ky)RH=tLQkBA}Cf3VdkxYXEQ^_|bjP7U=uJQlzkz~nH$Z47U~Ee`tPk9ATsDhxG9nK%o^Hg}~(Ia}j zQ%^mK0QUaM#4)VD(`x7)`gb`TT9sa)8lYy>4Lce&ptYmTGs-po{itH~S^Xk*Z2Q){ z4%P76_BxbKyH_1CU1!UV>|;rd67MVr=HU*Rx=e)fy3o5yE2GbIWx{@VtkxosaU1{# zwv}XXka=R#_N^t(NDWl*EC}k-N{;qyD9nW2CKZ5Y)9nwwLey~5QIi+tXCHe$KMexm z)w`9dswyq`bqwt7k+`hVjZZ#ZW**4g<<0DicC`@vRX$8m`$&}?d8~eFnMEe=r1}Tx zz6rKQxdxmMW3ow+yBZiI;vO;+3=+8PXR-~`IAbwbeIsK?!FR2z|KC9zAUDtBU^&;4 zoy(Uv1V*b4ua?92tqByigI>(P0Dif(W&YX(uV3qtYl~}hBqWfI@}8c`^8XHxBji`^ zdD#P>{tjKf>gMD90iZoT{zW4#l>Ensi{33a#&@su|F@0H{g~(fq@ksLxa-3GT&)1w zht0FowRTC;99CYt2-4}wuZPHBa|P66l>%YRU5^6yz)PDZcV1Y+DA)P9{y!pmAT#;m zy5mk}d1BAXBt3Psc@EChrFfp59V1Fkcq)r#;Y?~rSj(-_+l4Tj&2`r$c0==kd+S;bKxad zv-TyUo`g1U`b3wOj&tPn3VnikIjo{mluKy=II^(c=xRv(LLz{E0ZjP4Rz4DcY3Paa>1RN=Y$K@_j$l+DOgWauK(}L?|!o&#Y|vamgKJoc! zOQ6u0r&Fg$nE)rAwZOBzN&Wke;=F(N^^2|~7hkcoY0b(svlF1=Ig2I!p8>2UBxJ2a z(Qur>Z(w`IWY?qEwdBa)m|~zS!Acct4&+&PwSWCD5DVfmmQwE*fPmP0tVfw?Psudy z>xY(vj1A{9tu1ao?$T;>ffz0rjnXevrd#7krMBN17KT2Z2HGf9XWC)~?Y>LxnHDz+ zF^ARyYD*<&ay=sl-DnQ(m-ka{Px-k!9|bwk8~2M?=nQ#*T$Wnm1!8jgG;>oQ1&Kq= z@ARI>;jxt5kXpsgPd_7>yYr1S%82?y7MHEhaCV+p6ewF-u(&|z)o(CFqK}@N{;Vdc z_xG=Zn8xy!YGR#BovTmJNuRdmGbOLnzL-9bgL2x&aCc`i0fBHuLbO=BJd&pi5%f@}l*RCUgn!#vD#Q z(?9C}Y*rVKR4f5%#`ISNxyeV@_(^M`y4ychpn{g(Qn_kvmY1*D1@NBu(*xSala1d# zgS&KKm&oo6>(b+k0wcS0F%u)gPJKb&IBIZuFeH2dAICgqnU%MDY8+8?52q!!pZf0R z9y#0JS2VDpqh`-)=hGuqt-$8=tQ{7}D#{9~Mk>ti-{_dOd8;W&Q>p|EVI2i5ITVu%eohr> z+06N9WRcR?wElEN^@+-aRLC4MLKmTL1WD-AZ0e_})FZ_-^^+g6Y}F8p{&2)Nu&^p4 z=7z>YEJj<@#M;uE+x(+Hm&`>Rz4~Gogn&(BD&Tdg-zm)xoLkXXD@mYcV`AUe^<403(5ppYDsz; zdzh)K5>wWB-xVi>VPtfE|G^h-tGjW~NR_`}7M7 zsc=N@nl4|DF?1$yrY(Q=evQu@84?$tM$KEVLpj;`c<&*9Z|oZ2vT*$!k=<4|&VX!` z�C9`zg^%TBxxmv*}JUD%T$iM-;C=s`)cR2W%JX_tI@xkJ(BRI zZenB~XZoj?_S*2lXPsM+dHNzu?2$O|f#Yb;Bh-pMSc@4nc4SzFj9S#}=B;`gt|vzI zjOw+FGNNaCJy^{2^{IOA=fm0j)O&kFjc@h{>q%~+b{|I*!@_Ih2A^}fKs!?f>bo?4 z)5)&>MMLf0M6LBMU>9`54$9YkRab1r^(~95pO4q(r`b0yJB;SNnVHsojO<`|ZTKLL z`9T(dmzLTZ&s?MPlg8|$Y<-_5d>hXi{I&5X;|dfEe?9NQ-4Fqm0-`SvJ$ae3#36oLP8HZ{?YI za*Hft2R<;Sn`V5noVhvm(*(Er8?Nogs}T6E-d-8E&$VC+G%DRTo<^2i1CPPTtlRC> zB_p)cDGNcuJg}Kl-KR;(`X9xZ{k-6f)6Cw0e;6CoB7@AlpK0y-Oj!HjediQ&IWx@p zszE_#dr*w?kV$v5Dff_-)A>#y_PbGESH{fbl)ZsSd+zXPn(F)?TSE5%V5?r=k~vk?nM3t8os*+O_a~?b-pl#F*`whH z2XXTGJrS}S0ReF;&9`7c@HGp`hv;;)W6OleIJu9wiygMuUgnSo{+e$Lh!k|lOVb<% z!xbUStijG$3c|=nA-9OjhwCGba4#YFL9yjC|u>M@JD#BD#XOH5+qkN zm!W9h7Mp_)tt=)cxZRm4hg(|3&D|ftU;}Iy!zw&I`-+7g0N$X0dwg)lnfQbFWdfR- zkPm{@`XHMF(7(_F^H4o!JqFL%;jM|s8+R~5fU)@zOM*v1pJL3TTs9W{H6D`neoS_@ zaX6ihlAKY-wd$y}(QBZ!I!Mq&)98~#mCGK0+QCk@Q>{1MTLctvoFdR_v5|)K3piE) zA}9xna(5mjVBl14h)zBrq11?}n1Kp2Jgg$sT_H&@6l6KG0R@syRA4XkR228p38DqK z`WFF#Iu=%}QqR~Y+^ECK*9H6KpirXN2y0E9-s*>#deai5{@#L_#KqNRX|AZrsRdkO zoau5e$kQEq^p?~k_wq_|4 zDNUp~8ls&tW8Gt^D%%W)uO~+s!F z!cJWQQ{RA9K9SJt#&P5U-%w@+N|`%;sL3w6JF|)7|H~(|25TyO540L1>+6W#&XaiO z>S%PPY-mBo_g>{l0y2d{2C;QrTTMA5SnaEe{5m8Dwlr>agSuArlnWv)yDN*0FUsegQ(^bl1^c?%=ddQVegjn48gFQ>_<1d z7oi$=KcMz%MM?>k04Dr9D)3gx!X@F5j&j|DBGCXwX-B(^^#3FlSy9xBZ)gG&fzp4+ zJYWQqU{@YqAHTQ1Dyj&9pvk7eUwZWHR@wSo9O$74kNygjyPLe_<8p@LNO9zq54bm>P9>R z@4z=;0KfKjE%v;PBtD;UofE*?8gPbt{*@&u9%UX(QZL@m?` zXm58P*quji6*6-Bh_Aa!$zq?PH>IZj>TVNkPYJZsOVJK%d?NCusk^4`Q+nF4{;@kV z?x>g4FzsU|!7qZn>*o;yA_!Ms$>P8;_R3d^xQ~v1ZBIy62tkmwd2;^>qREQt4T^*E z656KbY_BPl&GCrBcxWr+N1-_eMlHc$87E!CV|x}?X6dPotuHN*du_-NaWI@Y(CARL z8NFp~#3HALIsUc-G8-b3cG9q+k&_g#Sv-c=C*en65`dVUFm1%*zC9cH_}t$@CFy+! zcj@;MSdlAmr&*09Bq4DdXO+@jPV>Mq7-O_`W3CerwL8ps=E~hHLI*JMCe-XEk?ty0 zoTN}Ft)+3CZe>rN$sKg3DGqk`h5B)t{7qzXSXe~p6MOp@#z}1}Dv~OJY;Tik*ubKs z*q6?yFGQqhmXXf)k`6JqP@x*&Hi}@y;Q(61b54E6Tn8Cba&W(7{LM= zh`mZIxfe%9dzu!J{1U)}N_YS$+}7JS)<(lZgZf2+&z(p`0{qL3~`V@00G# zI<)F**E!V1^=DCZds(@33W0&)hGUk$DKb=%dy7t2=O&!sDR6}Lnp7!PSCIA|y=KGv zN3mCCoYk$%c+3L%c%~NB2jfNw0x*->+Dr~}n{sMGU^DJRWKy2awgj$%)ufELBMouo zjRRr5eWlL97(wOui}-r4oL&3s)2O@YG>iQ!7mL#t3FxLlLAhUgaPS(hljr!-ykxfK zwswDS0vmL81<+SdpMd^$NV{6(Q+Xdv6)L=_`nI7%_R`;)3=O_{Yt}DTlWOex>`6bh z&X!7l1eH~n#juIivV=AlWYqQ6s1p?2a)|?qO<@D^+)xkNz%~>{z*dZft)-@%jf(mE z&aklWrw(|t>wJ3f4RkRP@p0$%151l1Y!X}H%BO0n#@J}`fNeo#HMnUC%YfA=M4wMB zxKy6#h0_s7as+y2O6#ThkTt=ksO`BR8H6=x@1s#UuQq%O!lJzA(o`_ixx%+x)?bVp zu`PXbApySl`d_?|zl#1nMyOH=eF)(6Y?gu9@22ehd5BG;(x|5l%B0=p-`fT;i34JE zAB+_Q5iUBBjZhE564R!%kr5;IQUjxy8*Y9lIQB>4);6*fxHc56`{fq5_C$0 z*pUr6VECkw<5`n-%K_^62oM>@Vi59r_t8sfaMtP|S24gk-zE7knP##7B@+l=^SyeGw9dV4qTF-54$F zsvdMTbbO!1rs1A>m9y(=-vD-fdK&AF(p471g`3H?tL<< zkZq`NJMtLTjrF7$mq{ts!FwjJXP?aqhUr8@R5;49yUnjN^n51k)U^7#7sqgF?-4wJ zMiI6ln(E<(R=LYCT%$W}i=cWkbip>|R3+|SSHy|99jn@M_ z4fG#Tl}ctOB+~^A;i)nbRZ?a*mt;#qT*U2%3ou!|&J&e}+VDg%Y-DJXrwGmnqe+~z z5bi!>AW2FxFAc#yC2%m;-++U+T*5m(mj+xye#ZwH4H0Q++yP~*GnOdd*aqDypk7SF zsnQ9tX24h-?CX0(-K?hole;&e`5kRUTcA)jl5=*q4;)fI#j2G1T<6LTKgyClp9@w& z-O<wlM4Tj|!NSZAz%};PTvoLKHqhi*kjgb{nW7rbN1@e;{S;CT#ZHMYv)Oz#0eyPut`PRwK=`LMQ{YpVoq?Sd+HUA#9>RK9`ec zx3L=+=J^>FSg$K#D~qI4keJ_AwB0>C44Q^M5%iYe3{Xl#uRMK+W2T+%1LrQ7-|4M3 zM7b=$-U?vU+L)D&xe~Bv>kCpD^)-X$D5b;F`BbZR00X*CWA`eFuYW7VT7s7>?jB`Y zIBE^`59Fod&{o@)z+i~h-zs54oGbT}x;pi?cY^yLlQ~DjvfQ;nP>7*v6~J@ zpm|@Ih0N^bKOE1|C0?KkM5QXJ_HEKrNitHfyDvxrq9CftE7B(4JH!GDi)%T`SGCK? z;U5s2bY{%v^cW`P$?3XT@cn$LR$b8j5b0owwZAqwH={8T4?U5;=BoKcumxdTZLzk) zO}-fpbq0V|l?IqmKFiM}S#^)rl~tf^g|6A^0g}Tfod%I@YbE0eQFYG{c-y-gbuMk_ zFuz+5qr6qD7BD(vcH9M6w%z}^2ubk#xZQDyQ)N9;WO#S4-Bk90T{!Vjp{tM~Ccosi ztNLiT^c>;G;dVjfV!PgXu%itRyMFsuZS?yc)35xLa>Z99v+&{ka{kE9kg$P)fL8e7Dx{A#ile3QC}qGDA8qmtgR$vmDG z&Yr_dvPzhMYSDR0nHo$V4gr#3u9IlG!`-=qu{N4Em^Ee1h)7EXu->6)!g(8V%!AYm zVK^?!od6cPxqqVOP?L?)L3Ylgo0~Mk7+P-{IrL!OBLceL$X`2AB%$8j3GQce%^% zvphe%atjQcIuovgb&niPn)o&5D()9CM9p?#+b(cy97lw3bH9C+Jv7D+jodkpFgWr( zLm@KqT=9py*o=5LMvNAEyaC2$IBQWFtIHFp-klt@^rqR@M0l@XgO|=gc>>~Desyt; z#E#m{3~gH@c))^ax1m)n#mpS$VpIWo zy~M++ohYI^n_bKs(fzQPVMcI}uUyQt@uE?KlUoj>1ILkj`I50gh$I5K>#&X>Z*1x} zz%1n>oOx8F*7-QHbx5}k8Jb3l18G#1K=Y^w5?A2-hH$xWZiEoiWz$3I?dT{-A|wc$>y}I^K@2gS-|yV4?F4y-}`I_Gxh&eupIOaSKj8iRU2w zIrIDO`5`w7Hn=$rBdjrY&S5#oKKTK|N3#0OUP5z zn8{XNV9yGf1{ow-2roz3%p$2L^Ngxa>B5HJO~=gN5xRknyb?6328Z?OwF?NHy?wR- zws44519%SF(Cy-a`(L>>H8V`U3rV^Ol|GwT**gfua>xU%7BA|GJHAcriKJD#DwJfo zC}g+QmcYxr#LNZVBXsAg-!GBQK=))@vq}|mn@v{N)PWAQsH!GBdwdZd zMVUO{ngXPbb{C@?1>_aoZTqESAh~!S3JOE0Oo(^QXg3J|s@`NX^ykrg{r`A3Q{aw-#^Jr|_^d#z672Au?mH zsD4oqukOCg4<5^(&KFBK0Xv9xcfC)rgG%YRe9j)5IdBg1#=ME$Fo`LrtjWr&J~0Ph z63@#U_R8*fna-zzsGeznol@}LIWIl>?a&^wJox+=+Ic&g2U}Jt9!QTm)ChqyNFvo; z7V%mn)dk7GE7gpa0MX+fHDYEZO+}DZxRFCpNy_F|PM^Z~p%J`n8898e!jQV`RA}tW zk+147kjuKavT}g019(XIdp&;^aS(~JhOOMum$r)9V&2`hEWOt@Dv5<=e(-qLEk!b# zM$?p)ncOWY6&(d(y6R^k=N9?qJnjpg^++=2bbDb6Z{z*JG&#O^r#JK6G{8r;sk`5SRWYwfNP=>E?&# zK_q)YxIF;qgApI|SQ@Pf?aBehq1yOn|@HdX~Q z^pk(@w(8>2yJWUB6`<6@3@*m*Fh<4GSe-7WjoPie3Wn6DUVdZP7dWr-)w1FDVqHxQ zPk3^8opImU<04-SB8Kyg0aw4#K6N-kC771gM_%QiX=%{7_YW$fbQGD}|e? z@dT;_y;u&Lai}EEU10z-TM}>3#ljL})f|jJC)<6bsHj$?gGGrE9KBPmO1>G?8P#SBtMpy-n~0NQrdOH1FtZ;N?Vm!F~4UJti*s-G|^F{#GrKAaOX}K&dVd zu5F(_!G>!|=0vB5t1NReV@>g(MpEarDksPj4W$v4{7@BufE9q+*H=~wcb*Gbgkjnj zs!iyvKL5)%0rt$}#=S_bW7Da4Fvy0QZ>H+q!2{%h4mm(Mlep8rA z>8u?*BJ}uLhn|JMPK$0(;`chqaK|2(YF%XM=Ugt4Z%Rj8(pw+^A;3-coqqaP@B<`B zeuAp3S-61!H(Ot1B$my05hL*3;xA`m3BSS)epP>ibN1B3*V2Hd`euIYB6O$t&)d^kMaYA_y!abgF@nh&KjPe*cw z++NYDr##?_U*)T1EsWR>04|$(T6qDS+77cn4(lhWWcMzknqm~U z1w&}uUJ)*^B3qS0)acrWJb3GsA@n;X*%)F!dqIh1MP0d@G>UiTw49?D;HC_vTT(^9 z75WQgrE?d!yCbZF@m6~S@K)On=q24MCdEja8+*ft#f%z zqb^J{-d{QZ>Jg@zXE%Z4laJKi!w9aA?^8YIDC1fk-?TYXcQE#ORFm>i#%am^tcz!$ zC=0NRBnGRLsy3cBEIKK{Udqiw2+aV}?B(gI8Ym;r#(F=Ti<&ZmJLMu6JHToEd$<(2 znz4lF-e@d#r>U&kf>aulh6bz##f7BpBdSLh15`%EJf4-TNfUx_SFfiF;*AJkqr~(P z3*bDEHVx@^j`j$JaxJhgUc=t4=LN!0i7sFrTD9>86s0HyXv-t6VwUJC>EFUM%Z=Wy zwfag~z^t0l11nJxBz|iSdza50){f2a;ZDQ_TowM@HFqKz$;4pF6xBiyfF_*S?B&19 zT$Y>vlfi@R<6g4V_KC7dHa$AnyNiu$mOsbUDHyhUxLUpsuWE%bs3j=1gYdXXn?{nJ zNl@6*W7_qbMxXlE#C1azCLyT?umA6Ght`ia- zt*Gs*3Pn_pD)(x!1f<7U-L-MOJBJ#DG*INDNFwelv;{oTs(DE>mSOtBS|#v#e)GfG z6|7NB@8n!%K4jmK#_(4%Y{?W2CHoUyz*CBr-iyOlghz9vfZZ$4LlbosH&q&F*K^!W zC7RDXCkJJac~xZG9pm|*Gn{HEl~`_Q zv29vbTuiV>=l}+#Dmjz1W5U_}BjraL>*b(2&&tc~PKbT#SLB6m9!c7!T4{F|6}xIT z^fJrQ3U12;wbImcUDP`SUFJjohb(jy+y@t!BI2jJu4rp;TbZq;PSQxNGaoR3Z|GA~ z#7)RnW;tXiwH@fx&@DD|pvAUg!fK2LQFQ}?XwXO&8L@0i9C7J7p_f^bTYmGzRT>5F z9;4EtX6vX9`$^HEYTlfvWZFa+*D~SFuks_k@oZKJDlc6SQE{<9;Pf4Tm(Kj@4h#jy z{A%$_@GhfblF%oZOP}F?{xPEpaOWJHyQ56n+5E6^;!Z_g4Tj!k+rjCSL74(i@&mAi z%>}?ewhEc~_31i2Mb6wbe6fv2Fc>#;RGn1)J)R;Nl{g6L0#|MIo#T|SAdRnr zp*mh44vRaJQd;%KZmjh@kYt~Lr9?+y%BQ+}_1bK>)#t_@1n;uv)_mrJz51;&KOgst zp;Y$gaiq;V`Unt{h_y+2PLlu2bR4yhVI{P*%d|Y~=l1q-vuk@fvf`htj~dq6@Wu}hFrQjL>5L6YQjz14^H;b^J2?g-!2_EtMaBz)V-(VZlU9x^*t(fLU zMeHHIc~4Y#sVG}EKsUHtcdK4nycCHi+YBW-J%=2w-Mii=BOiyWa2=k*=hYXx_{{Dn z5KC2!<+u!iS^DagrvGW^9SK7oQoyEti#-kSfQ!~)Vff9461ds!hkJ7jf!R7&Q;*aF zL{H;zz~{{rdq-8t*B_;`&TbQ14XpH=%GV-dwP)cxXR|h*j@Gm0TiD!m)y=wbXF-$R zZjxgtzgLNCXp?(;E^-HX>k0?7Jo9Xn-0o3Ch-|(DdK3I%c@?bv#dMJ^3LGuBrA}@U za1q{B6a0_fzL}-Vzokfsec#znr)ieE0%gxbs#iXSFuOxVbD?+1-r9p&>4(zT| z?Qb%4L+vk_l#Bu zSU|R`ZRj;rO79+Hj4N>xLh{B2I_!hqGpA3P{q?{c<~FFsAGzUZFdS;=fv#WhpxO~W z9o?UNU*AnxKP;RQ{^~&m)5>^SRoO}QiuV~`ll79wm!C=zr=8~|z9}B0Y@T9p7%!=x z))mkmJVmRp`e)_;xd;e>7w@>}mme6NT*mwTmvvi4s=}T@AOIeY8 z;sAUyPXMRPE`e=;1}}htT$Mk7hKXH;{6PO!3S|%Mx9&;B1sFoFupr6vPV^DhQ%;K0 ztWI!H`MgBiq*d|zC#x1wxo$~LVQuOsBb7PX$$fX&4}E`7@LKYESpvjk614)hZ&HN$ zJi;Xl?qB=}kHKqSe*XoZ!Eb`8^uBCbSwA2I^LH86eE{t z$!Y8S6QLhV)n>sH8puz8Ud9VzyDdj7uGUe8S98%+Hkv1qgEi$NuGB0~?hTTkvGnx< zm5_NP!++fMWK8mUrB^B!IvodDA~orV z?$qP<)C`;{L?r2rG;;qIQxcxTukaGahB;w%$e;+%d|6j~HGUd1X#11A`qziQdY2wi z)wE55>-1)1Uxv5zSP_8zSHQvvg3E#061@mjnS649K38?l3i8U6F~x|VnI z25;Q4n*=g~=UHDV6~+5?AM{lZ^6KCD@aLl&AoaBYpXEkU{g=9X+uE%*)W#V*wfy|K z_NEvY0)I|eoDzawtUly9ur<%>%qcMj-yg_3ygqUNI>A?P31WkspgQPE6GT}5+k7?s zG|eb_|N69F(>b6@-zIr0ON%nHUKmg85!dL*bR!I7!3As27_E(_I8&HJPHi#0&Zh5D zv5i$c&d1ySIM%yO7??(c$exFKKmQK0fy~q(PR%+d>`p!3iGG0eVbZD64B+FusSS4a zBKEslo5RQS2I_FE(n`JB`7>KpYOeY-^J8ETFNgm(0(1O#7eYdmE4YW-h`9VJe$dsu zYC#$^sHPqkoRJeVi^7b%+oa9iQ8{|OB$rEicfC+E;CHuH1x9}25c8Ul( z?BdErPir(_4&U%DL^5J-py6S#CzV zb-0rOr12#yEs(8Q(c@T==%{Xbk1nWWK`EPU=YY9w4f4~E85*uq$4-YIUhtC82t|)C zT~D*)u8&&xxa-*^iDj!vx}%flQJ7lq^Ac`_>5$&Td8z9xJFCv2bL^~ZHXAzZfRF7; z9WVAep)+?%Jd`Y8WS31BlWOubBD>2Y?tKAz75wE6G@c~31EQzd8L5j5_brR9x8+DO z4fP1S#V*#55jsBg!8ba=-ks(>LI7-Od!FW{&klH)fDG4Q!x`xKRM**b&Ye^E6li!2 zJals$A-)N$xAh( zIOwq+jWL{p4!0dJntil($KL`Sw_m9Vf)NKB1q(CKl@p;Rb)93d|5W?_%KwD$I=b*b zSUF0~nVpYLzdT>~uW0ZeIruM)!baG%I)HEh9*zLxyslGps!sf9zhL46Gw>082xTWi z)vDd4hrNwIo!UjT9+C-Em1~W9m5kfTd~x3X9LzVFHc|9hII?seF2`g90EHed+m8-)7h7b0LpL1{~U(8ljHA}xOvp1+F5a@-z@*P1*ek8Q@Es*yLs7K zvOj8blfhbW!meA$)s7aemCo-1u_WAE+9NttvoZ;4^v%_z-PB~VNlnUMaCU1tvPU#- z6seL)!0VM|K z0WX$HwA%?qC)g&3aKX28omJ!ZU(HYaw7fgb_*~biYK~;iq$$^NHUl1PKZG#27`z{_ zgyrDp^;M?>j!UIr0ANpg3Oam*;IxP|~z5R!SPlHbbj`KHsD;lhac?U zdibXS#{s(mhXLCGSFOWwlQ&$-pycLZi85^-7xq)ri-Ve>qniD<2J|&!kKr^%Bm!tW zoOW_(Mb5k)=sUJNc*P{K$=%9>KT(?B!rmpzP4)tPgY6@3FPO4*I3s5+9!Jo=kB4!& zTYNNW87UlRjVM0WV-m62t?RFvusQ%b4Kl3g$NqIwQAxr0*}K_H93+q{Xto+x%O$69 zQ`L>VxRMK@?{&P&VjYVVm_JR_E~+I}5$fBMVUj+EUGMTLWlndVOJshQd;Z5&uK&{- zv>;NQUk|Dz)FRBqC3@&#(3^tFl0%_jEUi5Q*YYJr)Y<;3+ z)IRny+!?9xtliia8ldXiHr--uC)ZmZk~6}-lyQs-1JdB;PRA5KC+BjOB7NWE z&_OvcRxMMl;>yec88J+_i;)MloTgE<-3hxd%369@T=6vjfR&&?%sB)ryGTQ|t9yiM zR}6XAX4k{lSPPO`Lsa6DSRRhD=Zw4Jd2L`60cE#lu5Dv9ehUrNhYd+EGeO+UxR58O zC{v*1kFyB@kW;W1<<9KSMKH(ihXZIw)8H1}brN@sU_YP2x*aOu(})8>PDNCU+&3MZ zWwMP)#pPUk3E(DDqD>qcHgN&ML)QI+z-><1zWBV^rZA%*8COqk86S&3C`NZ4B5O&oNEs!&Ucp{X>5UZhT2m5gb|<6e^LPaDtm z)v03DBiA<+aE*G(_{c6Q(n4X!b{T)&>Ss@iwy*&nd<66t5gWhTvA-l+?P9+9@kyow zi|eS|_J0(_^2@cJQOlQbJoG>JqgySZ%-Soflg+G7T7e9m390@>X!{ec#I+U&w5I^%4|b2)7Yz}Usu_zJ03N%`n-eF{@glEb5$ zF2@{mDF3IGOYs#y=HlXpPj0*vQD7bR5a$nCGh1#3T319JQCs%}5g@(wY^yVtPzxrZ z(f7Dek4y3%JtPNKkA0SNeMsW-xRE;Pb=^hARH|$;m~2It>Pbd6kDS7kVYWgj!{jEd zK24ERLfMT&GFvhtaEC|suo{cZ2w@77j&NGxC9%a;ik%O1{2 z7Rv|0V>Q%t%@WDYdM;3MEKq%dm)kDLcS7UxufnE5(J`LE30PKsv z|AT=4tAv9nCGi6#?>Zsa$w)>c`^w|UG>?>En7*>4AwT0%pGON;EK%=PT9k|lf-b0FUDe9M@$C&7p~oh zp!6LQushhJ6me#bWkz#xQ%W({>8A)g$HOwExN#sdPdFu5+ZM=q%jcX~+5H-qN!H;? z>tA^Mj)FfI_Mn#sQz~;gzmrqHQOHEY4vnn%@)n(=Xk?;QovkV7$yGF*?Q0*j-a(H+ z0WF7)6FSx`dkZ?AX~Ty$);9I!baf>fDYVH%>mkXF1%7N~)~k5wX2R1nLQ7_U6r3+M z^-TtO$>`9`ZM)128R;k07&gA*N#)F}yEW%%d@0sG>u4!$$-rr8A0%2hZI zS;5{m17YckFNN3|T{g4qXh+*9>{=DQ20vHivnN0Qaxs6_*{G2Vhfx>?nD;*{x{_zp z+>H!K!@~Xgu52p^-(H#8n%MPjx(pD41HL)oTwqWYE@4K((i>kX_zp`2wx2-b`<`#K zKSF(Cd>i@WvOiE|eZ7`dO{sm|F*&sf^uW|)Jg~2?L7nxHPOWIGQSU16$XD)Bc$h+HB+aHL=@oj= z+*OW$d{3d)g z4<$7N>flC}`=mwuL6C()R_G@-x+?QFhouN!Ar3$=3w4?eav%oaMVjefwkIt`DX~GS zk|rQ3xe!-c&V!IJt7|}I;5T3RC%@6Cr^Al>`JSP9p34zNd8mYEXm+qRW9(~q-blny z772bbfbm?O^W`qxJm1TOBeEqmPj7?5v`Y>zbfj(J;W3l&y%|v^)#v$h?g~1h?Ao-- z$MwYcX9a8pSzRVvjS5B9$bm|D6V9GGnBpF#Y!_W{BdTQtMkxYqaKx@z(U@~oj1Te8 z*XXN*<&dE?RrA7#5G+C$rJJ(Z;1u#;6zU*+&GjFfm~JKbV32LH-?>#^Tq?I0LA%0* z=L<=#b`#IX0j(1|OZlom-%2LLe3@kYb+9_QcR|s>L!q-y$6>XgeyZxTf5utT-Xve| zb(DOYvr+PSznwdNb0!0}!vC7fwv5S#6y&?=+W0sFYEz6~?Omkc9M`FiE(TKNV&g9@ z%f>d!IMLMV7CXXyg}L$nhAF-eV==BE0BS~|locQhfB;B39smQR4jVt&0i*~95RC^w zPYUerf`AQTD9UEsg@H^vcPH*5!BQ0(+RQ%rYPldt?P4ogDcYk{#Vb~EN)sXr(PfTu zyA6@6k{JvqDEi(!B`H#7#>t}z6MQeX-7wLv6|Ge5v?glP@Q+Od(KN$jX4}#8$1Bpl z5$U@C|H^j7gG-8qnjK=uMt0mb+K@d=fn2px#1ie6*=5Y8qbb@}iIy3=D^;r6J0O>>$kvKrYK1}?yl@P;9Q6*aWbF1#LwcdzcX77eW{$J zVaK7p?MWTwPfG@cJw2_CbjAT)UCazr#)SxcRDWxYagr!E3q$2`QgLxU7TQf|O43@laWeNFv?kh(1LanJ!<%vb?%VY!m=2GA zv8)oNnLPpiKjGW*=N3M=A@j=L?sKb5K^o2=sFE-%Ie00{6OMi&5( z{!@TI_y5^e06@h5SC3MZ2BC4W}W>_&W&5~ZFiWiFA$yw?>?P*q!EC!4d|0<#_# zx}TdNw<^P|k+rXIRpH7)f0MKnO?jcbMzXa)v8@JfLH2*b>TA=#QmIS27D!d8s4I8= zu_jkf$odCt>6+ZIMFb&B0D}q!9S-Yq#aLxj%31pG)Wx+<>CzvD)eZJW`rna^miH*@ z_^IISKiA5h`5W^oi#*-UqI6F8Eph;Kx4fv&g`Yi$aTbqP^Pna=iVW-=KcZJbTg}6& z-!FW6KdB~BVS9D0{gL4rJ){TL8EPWCPEjT6B(=zFnq7_XBE!e&VKLi_=!D&N=Z6IA0 zm9lel`hmEEgGpj-nC3wV@9FJ-5og{TLmmVu#}3)YT7bk6qP-IT745B3UtR4@5T@RW ziOK+s*#~Cuj*^(&!Jn)(GBk}*wW-OtEw#)7!xG90Bi6aY!4IxWE-H?@Ahn+V>d`nW z8IJ5*&*0Q(JcB83l`qc+!9d25VB0787M5~oboEw$>8E|Yu?RpxFC~i2;f;y51T49O zS=i~?o-}>6+0CB`Y`|1#wzi}prn#_7}NC8P2 zAlhnQ`=<+mU&iWv4`-lbt$3GTJ0v*(^EU)>e@lXz2l*&qSg@5A|k70lH! zW*op$*Jz$TKpJCGmPF0wVD?t>ni&lvyh~P%E}3uV9dV}ahM)<}q5zNN_o>|~P7BWY zCeTFo8>et90<(56THy2_@&))9YvqKrAYEsRa)eD&2>TfdgqlQ5;RA~yS^9^(Ze>;S zHE8V#8V##Jpw-R4m^Q>kMZ=LYEf{e0+b^stLsP>5yUQq=ZO7{ZwyOavN^ypA^4pH@ zE}#&V_+?LX{mIi^5SU>!PLkV8~{FkLo-|g2y?Qx?{BLr z`KOvrL^)J6s6x~R>4~)#X zMyQXu$WN)0_-g$0u&UfWntfmc>(GGLZFs3f zAgNTSsRY2OG}tLuC>Jr#^QP&7D?7o}Do|Dn5Z(un=NaY&=XpWfEdkvw0bVb``W~>} z2QU^B5Ee6-=UMgzcYeYC+MwT0Xrw^^3@Al_VPT+v$#RggBq$70)&|*1;bl4Sm_$Sj zX0i-VG=ps8V9ryJ(1`48Q$Tp97eK7}ndGB@F=u))8*nW8t&LOwmH~7=ZcadnK#~bS2nK-Q86Hp@L=YEH z$N<2gBjjd=D8)FcIKNnvtu6Ck%p-BKe4#Gq@#SN`=JT0Xn`B^5vTa&68RzpI!ak$i zyY3qa8>g~Di4xKLPzG{Ob zV-sd<4#H>+DACQswvpP(H39GHZtkxB23HcZm1g|0dH{^_wtVX`?GvPa4lPp7Sr*&9$vfSq;+VS7I#iexz2{>Hk`@MeX23i`#?KoO9?;eHM8Xd z7?&hv%-Ta3qqyFAm=+UngQhM10;Eab0&5R>b*%_4qr>MSM2u)wsON>m*5I#Og~Wkh z8H*6g`de1II|B=mK&BRP>GMY{Q|@57cZ)?fF!A^ds2hPRIUsa(STL&RFfdc=yr5*& z>5vwErVwWH9Kbs;+isFWfds5?$0#M6h_Qf7M!KKh^jpCh{+@^^d# zZYAI6ddu;>qDw8-KHb&rtROp-8cz>R1rIYY@l9WZ52c*FiIm$C9}zMSO?^a#ag#}F z@xzw|5F1tOucMSe{@&9ww)rQ83}n~YyFLiKb16Yk{VHGabrK&Fx@VR<)m~$tohJU( zxasf7Yedq{jh9`P}+>#=`4 zCM>7Am~m6T4s1UUx{t=OZx+NdYDDhnlsVcnpHgPo(@*2OlO9Xw!6nru54;UDtHNEI zCa2nAd&t)Z|Bi_3-aJ#g$bjb}Y+Es(Uh+2@8@josQ$(&^&>AK){jTNbNx#&usnPzV z)XAH_=trZ)%GvLag=7DT0K01`6X4MnBI|M@^Olpboc!tExU}9bs^1YB$6{q#J!WK< z=P|zRK&NdzH!YUOC;Jg|h{--NTBGGJG(lAVqTA8}=pjHg67Ug`1eJ^wa%?0DNhK*u z&)!;GY$FpJe=$#v6wWX?b3D!9PSUj%e;gB&_J8BVW2;*YhDuP^x@4NB(RNRk9kV85 zLS5SMAp%r4p6?vs}s=7-W?cu&WXf zbT*C3s#jVSVilu~e~y9ojAHdG*&F~#P$Nbb;gXSoxM1T&q^Fgg;kM?!4c^VY$E>55 zzvHe2rdm@RjX)|Puy!)DphlwKmeQtFlt_Unh!w7d| z1+^J~8!*YB?1X82OP&TLW`vUdoO({Zg1)&*W~-;Qh|W^bUP=??i5rjPpp=VTK8)E1 z#0Mb&K?EQGgOm^ib1GGkDpj(QHnxmxTR_%zOj`hfKo|%JKvZA|24xr+gkoy|2HbP4 z34s_fAf_XwqlK$%qNNBj7|x53fY-9H>TjFg2Kp#x)t0l+#p0O%+HrAJnXgl;AY5lsR@7TFJisV*2I zJ8ytygBTna7mAP%LCKf&;@A%Y=Zi7I@k{84A)p9B6va`_7{ozq2tln`4ck(JOjW{6 zRR*m#QLUjb<~C7X*{54Ug@yIdFx2Q~n}e=A@xC$taX;#w)b`oHIVc80H4d7bY128W zRxzzo;pMK~_NvtfCM%)LD#Og01=X5{Et_oF(498Fu|H~!q{VR)cR)#CKp+T~_DM>L zNht}>2ci?9OcBFOi3O?>4Yqcw-WIZG(pW^@T}19Zh*dEmLJy@7CH0f7w&dl78z0

e0Vtxj!gu5E0!#@$Ma8+HkhD;stN z#H}n2A@@OyP!IuvB55EnLQ$D9LX>f6jFP<;ny|H$lFp-MQ`VJn%*0X|hEm`%Rf0QF z!aGqew$k}Ptu$N7(NdtUDzjK!K=HT|0gBKdAwtazAt7R{oQ}JujAg2rrmCPoRZ~P& zSGJPeU3Dn28>~%I)2uF1om5(^%hc`4aACeMT$&!Crks?JgHlS0`mR!2?eeNo+_zKP z7Jr21*<;N_keihLD*a>f*X+MuPDztntg+8Zx-Th3PLtQ*O~jB)>ch-RJgHU~{WLM2 z>sgi?XUu7oZbjlYcCR6I#DbsyIimEg+VipxZvPnV<0mg10D#6B5l9cjU`o?{gI$Sz@WW&^Rta@9rR_v7Fp)<=t)v=57&t;f|JL#vL;lqiIcTVZM>` zZfGT01qxsP8K!iu+VQdjZr>d3;ukLrLaf;rkvV4o03K@?#uMkTA{vrB91a%*q(!R|u7!*F+V@9FNe z>(f3*<2Gzxp$+F*ITxWPKYLa=*-|p(m!7(XTL++DMIcdZHGa{eXc0V z;#(sj_iQvF{4dGWY&a(*=bTp2JkRkY0(tU4rkZ~t?6HJ`ksSs=c_yQKVDTSA0T3-7 zYLqyj&qRq?G~<7~50{y(UXMEI=~b%R-OdB#@Vi9X!|~*M^~fy5nzPn}&{{)GYb{i* z$ErpOiOI6S*aA#S*hgl}7;|t=nc`zL10;$HK;ij-LLxBM`ib!-CB)etDT-pKE>~$F zKwyFpQJB#f9BMWigdG$WqZDfn$(R}?$+LZ;D9f{|y|cT$az1^UUEInN$+|yz{4c3* zeCMELt*qYO_~A9p+2@kg(;aU{SS^OZG7c-t!{=atdkUcYV&*f3bxs-cW4Ag!Vq2z( zIVuqG77_84jmJ)H2Gho(YH_jSXvK#TolI~z#RpZLRCU&QuQ=V-E4VGz4E#Ov&br-p zk%tP$f{za>a!|xODfChIksx>|RLxgC)5TUnX8l@8CX@SGtKn8J>ZVJ#x0Q}s0D-b< z4rmu9#9D8Z4^y~G<+BHv;Ng8B2tptpl~S5iO4(uq0|0;n5h-RG0D$4BZ5o0Fx|&k! zjZ&+%)Nj~s*V)C?i?b{WZRa26UT^ja1eTxMJm)8#q@vB&~kK)5Cb=S1L~62pC1 zq>hfslgupQ&@4jNw#2rrBGarg)2u<&olw<_y^1RZ<#+4Q@o!1a*6lg5b&V~Hw=r*m zu9fz+e%cR~P1y^!`;gQxrSvnieNc*VRx3n_FDB*uqLlM4byB~cVi%S(+Io_GIXhhK z{&u*_r1gl~fN^CUF||N|B?h=ifaFYo_Dq0} zEpj{-C&?0Ywg9Xxz$#J%9=>d0zwj5DSJ2f64&e*tBIe8x78BZgt8%7HzqFli2Tj|* zaP8L5dUeMCt7Ton^AI;b*1f+%-DF3wBsYm^d};&R7$G7gt-h34?xFrNg5D&GsI60b z9bZYeZ#ptepTW~=#kHL8o&IeBK6X|4-Q1$R;}|2lN#|s&-)5{HlS2<)CaKdmrVz9D zzLQxIHZtn=h;-Zd=*ndQZy%=RSE7zNG!&mLcKgWd^2nz!))v&DClPE=h>($m?!};q z(G}{-b=C94yvu`;`e-BgjV2)a{hyooKaodWfha-98&5d0QVDY|?OAi-sG_hca$Eao z{2nNBQ>h&-<3X?THWGa_xH+%K2ut({jq+t`yU143<3N`96fC>cIBinkoy;yLp?|Ld zFA5s%%vWy7J+I4^Nh5;iC zBUb#dY$Jn5F`18&AQUD{I@*Ht$?eHeOy!=t{z!&zh0XZp+r`9XdM(<*@KQP85aGSl z&RlSZSB_{Uf)Gj>S)6iZ{>YNTn7t~lqrY}kXc<+`$~wAiD;cAnkH?Ftw^ep3)I~0q z#3wBFh)PvQn%5WZIpq_>t7%L%x@1;paDf(cMU5#DmVt+ed4w^q;@h}zjk3vz=7l^D z6HCh69Xs2{>2yfZLquZeegqv|oqc2)Pt%khMCV#^c06aP@DGK+j77ccRXU( zCwdc(ja2MnC-bh2ABC;^3=^~%!%2T90T`tP`6-8{`V#ycdmY1fkF6vQC5y{7XrLo2 zsxhl1Y?X2hQ^~zMsasxuCcD%Rvod&$v6uJaw?1i-nf*7(YUq=;FDiHVTN$M=rAT_! zNN6^Cy1_hSlQVEIQ|n2BDo@+FbIo>0P4Bd>A?L^%NWmz{XucODDkPnDg`Zo<(BLpq zHc4c>QX&(-HU8_o}s-A0|e0dW0j{80hZ zuaQ%q%FLPr!8^nnKcgsb^l)79D9I|ja&D2ao$_^wsv-R?0g_H5N(Ga{B63Xi`wewD zEFT~+C=?nEg3de!Dz*ONm*l)^Ti<^PUH>GxH1vk8{ERXrM#I+ z4WnfPm&@tg8Zw^o&hSF9CEt$fQNCDn-tHwqhTF|%8c>N24Jp<5x0DYUAAB~%hq?9) zv7V!s;R=?7N!@KYPn-u!pJ?gm5Q*9L&$S7HKD2d3Vtz7rIc9w>jA5y~cWu{U9^!~7 zH2t_%z0^4$Q0!5mpdzh7Z}mG^-vqfVi^j`nNQUxVAxCm6#}6Ym2LCF}%4x4{S@Rs%8-No|M7;|fQggG2w0!P&wp8sA)Jn2f$t~dAY`(mZ8fB6FRjDElnu}6&?*`?e5^L5MO1#435*Jq zqoFBkVx#roJZh~GRgb}Z=_-&Y)CK3`A0TTzr$!tjgp$|mr{`Sc`y-tZ(Q0?SQO14s zoQxRG?<WF=4m4yF*qsSt2WP-K%>X8j3)}BapVNj8( zx7@rTr6kj5G{;QqBojzPvt}r+IvK}&&Qngn9n5X13_R6LztQe_G@geBi2!m zw$GrP-y6T~S6UUZq3*V|PE8zN3FUl9`N(M0_2|r@;ZiZhy6*w*?*;FC8b!iEBoPt> zAz5g6fR-}wcmVc~D8>#P?%Z!Nz6gentjOaRk&HHu@l{j{r|~<f$IyT{i;trr*q>IiSm!Qklf z-VIhb_?Kchq1BvPj{v(^;L>=*^(+tXW51ydR- zIw+-Y*YFEk=y;z9yU}cJx(5m9S~HtubFwol;g7v?PG2f%C6^(8GM;LABlHpnP2R(E z$yx}~uHDj-tG~PPpULRD8%BoXU*vuXzw{x+K*@&-s>hNK*iDvDmmhytA)=l~L?}=* z7gI{-XHcfVrZTg$4~2LsCn)GF5kmB?eQ}3KXi*V?j`UQG*FK6IH#%?o<-;V$&{57j z3?*H@YmknKAO7ZXw&*CWO)LnvA>e18Hp=rV4nF)AsuJ6Li{vrEkVU+fYDk7C15 z(#id>&77>uRta4y`_;%l@sUteC1g~1gDTXhyu=(k-&Umc=VesmO+7OV5vxwCfKMK8{=a8hESo6ILIFX9u$~}j=qlW*|Fck z7DQ3Sh9mOun_ z&;{j&trxk-w9(;wYGj;lIAc)rJvkmg6MsGq#)oBtQ2M=KS}4}TFkJRZL<(!{bvo+# z|7)1ZA=!k2lEv_2LVmXpk8-MsB0)x=vgOBd+7X;+Pc z^_yV1jCmye2K~6~mc^Fdki8f6-4Va_w+R;7<09RcXg8JFGhEY3)ua#Im_dl$Moh z?xL#6StaG>d4-j-*j=B!rS$`X;vEzg}J6B}tVOb3~oW<5;vIqq(aAIHh?{ojvA`0R9c zgP{-dCC*v(5(w{%#r(G+f+Z{2)U$6wKb*dV`!~zuNJNy z^xbmsi&u{r%wXi#89EMEr(yc=@Q+@hN^FR7yCx*I%9BY~l8H+8SuJ{I6X&Q2k`fw(jH;qjsp@j#>Y-K+0d7qKz98MiZU~cH8qXb*N#X`4^B>#C@9I) z)a5GcGNrY-YU=#Cg@$6rM>1t=nYOmhoE*n)PV+|>y61aX55cei00<)bbuSDx9Iz9V zT&AN^BOmhBn)W8?!u6MX8Dwukq>-#o6R}W^Mfykv&vy;3&9MgS7Z=3p*wNC(TGZ78 zM~**R`14!fUk%3f9p3hxUugk@LVmGbBC>i=Qvqf`pL<+1E2QVt`#!#}V^@evX9bl7;kx^$#H$YvXXXBdc=P z3i#2Oe%c~91nVNEa5C%%m(cYoQg3$7AAs$RppMG}Ad5@O;yOVt%}ANLn0h@v=pJBn zt}H&05mb99GsuHJ|l;*hHuL~{-)aUlW)DAX{-maqT$H*AUkoyMM* z%Dazw9?BVUFOh#-aK#2~PT{PRM33;+t&okGrS9Lo`e^Vn&PNa2{mGMR^=0Foi)At~ zBhcZ}2uX#@WI9LW_YUBqgzP|gO=jS?_gy4Tvb4#tdKp#=>HnLT!&!h-UK)E}56^S( z+=sq!2JH0DXQvk(4^lkCOB>nOVFly&cu+idUXzWq{6LB|(%iKiu?-uR*Z_nPS~oc!}S+i_HX-^{U*V>>HELGV9iK1vo?ZAL;m z5`1w^Y7Ye-j5aE23j|~PdamlGH+1JY?;pA6U>GqIUw!XCFkyIDUEHaj_|Yf3;FoXp zKIv8DpV5FDkS>e9_781=uY2fw?Zx-a?jLMc&$ywit$E~H z9IaE^4bEHBvlsrcstTb27jW1jR54OM2WQ?e#4$5OraM67Lqs@0M30z=Eux6rvWTq1 zh`c?IU&M&lXGC=-#K{Pu-3SF6UOZYpo!s<2xjOqZ1V~%Cf(xvgfF*o7Um3P`YyI{4 z1_~1T2@!ScitJWPO`z*@Cl zty6B-`vFrfPkVc9Q&xO4{({5hcFj}49mp|lrkD=@LEjFk*B413P*q1hx6g6}8%y;> zWBR_?^&A_8!iLi%D=US+hYpIyO-B&=IBuZ|+9;)22<#Y(BQBr5hZ4#a5Q9}MQ*n)` zz8tQ~1lu&PxZhBT$!@pW)-$4bdeDIaZyo-c78lCbLja>5N$^KDG=pxFE-evQfU5)& z?Jm`_8Y}`DGuI$#iJGf{s%Nub<;C$2Cz@B8$~pYQXz zYqmcX=Xn14&f#~WLU#fU`pueFc)ru2hH1cPwV|!ir4+Py2Xj(muMWR#-K>bJ_EjZ(epC8^sOHJ{~o*}nA_JIJ^w7h+FqXx-si zp={7)4x&ux_4GHR-s00b@qF_%_w^}&h4Z7Z+HV9Sf@Ukqk|So{9sJ+p{0>j{lJ)hq zfi9R?sl>-)?w|}JZh)I?IXMoCM+}A8jGoWj3k>tI%OWEvQ&eP?XuCS$*bMYet(*}N z7dM0&_l9p6I8kLq?UJ#2gT5lTu1&?nry$RU9QR?u1s64E_H}+#hj+E7nPH(VkeVF> zbT9Req7S;LgnSwp(iGdyy44pMDBS>;C>xk_Q-%n2GC{-FY%llL=aC2>+)0bDTpus#GdGg-ALJ zrlJA-`UmZUU_cq*&|8fs`QULCW%g;@8^gIxPD<1<2#z!#Z(0Z8i&up0ATm{^zOqt5qPcR1KPwt z>~UnLMeFN+KfH?@2;1OK)&SOHZnG1RVqY9^Z5Iv*1r4PRC%uyl?_d`4G~<4ypA*bn zJ?~EcFs`Fwj8?wI%W|ism88(+(y}byy-?J(q!`t$XbNOjWQ31JMr^=?WlL-v1MewP zN}{QO^vg`njGWC$cUD_WEJrEbisv9R50)7KcLKoBdPLgATV9BKqPuTTv2R3R2?r3g?q2vxHaDYZ_)^k&IFF%sRwhn{zX{jbRw%M7F@1}nMr~c=(p=Zr~Y71OVjjN+-eb;J-UftW(6H=XE z!xDR#{~hc1nS*0SvVMmTaDh&q(<-IRiHRvN`JO!fRq4g0%hM8kxp?^B?X~)_yTBi` z`zs`RwvL-~%^S0TJL&B{8{N)S?C%5n=3|tn$#34B5J@N=rvL>QWP50oNIWK@Xp|k z$@Tl)#*K!3&w9G+<%5Ck@al3=+9_>HeDw91IsbRxQ#>p@{ezl*{?nARr_@K-&a5IH zjTLX>Wk@q!*KHm-BHz(fdjF4C;v|n$&M*C+etLc8ybv1k3=-v?E+IseLEed{hgT@X z@X>5He154I!t=>CJbi2okvT)wjM^fjN{y|}jnNw)ogX;l?PL-yI4<#`F^vt54v$X| ziKHh2V)8^PIlrdUFBEEGQewFTrD7{eY8K3Yuz}j%efI zC94HZA!Kif8Et7x+M1eJcU%+Kbn1F&V5N4vp6{pi=YcuxKkM~M?Rvl9Fh5o+AE+YM z_RXO*TW&Y)Hmlm65r1q~ZCI=DZTE;0CEe;7leYhck@yLw95H==K|)lNaRhl1C1OX% zzn!1k&KiB%t99zn*!44g)btX5oke`i=2V){^rHglaTFyP$hg5Fn&6_c+_)yX5_DRx zPb!r1G{cw}giRH(kr@(Y^hJmUPWfSEBWb;28ACHf7-|BcEE#PgQ953!6{aFgfonZY zQ|H1%{VPSA0yP1b;E6g$S_-q8jZ>9lnzhxSBz0t=)+&hx#ULr|6Rt9xn`K%bL{atR zHY#PswtERzDh22Ow`tUsGsPxANai%0j}j^ZcBr-7>XI``$Q^D6007pDUuKl*_EsP~ z?{(5YxYf3BYiO4bbKXE5kHzmvW9X5SQ~`P)`ZGPfAauQNR)rVX&~C;7-g5Ohm-rk# zxZ6dZz5x|`u1Q-WEp)vy0Q#bKc6j`|qZfva_ng~Sy_v~CP;7=#Ge$#e02RuQ`I%Gh zLrXqiL)iDb_^OGWXPaTh*Mh;ZDf)whgE%A}S{baoCU9ObDk+XATrLNW`MzHfnvsi; zc>h9iTOMpiD4-@zcWgbpFyq+}r@66!@Uy39-@K5TY2b!1K-Hoxk00XVc022G64sX9 zJRH+_9Jhu*g8^^zVkMm^N*N?rFxsy{;#k_tA2RGT)&s?35ARqu8VD;7HD-@kfoS9> zPE5A7IA(>W|JX_ptz86m44Y46N`i%M8PIFNE+wItnj`)MWq^EzO8voO-(rGhtOHt+Vpw=eP*{ZrEG&l!H9~|YloZ`* zwI2iPrwOwFMtb*&zK2UB(?F~j(e;|yp!{7KcD>;@#8fK_Kwb}Ez3f*$M`Xf&jgy9KC^IcE^+>f9h&UZwg!l|J5*FqBc}y{l%@=s$v+IZC0FK_>F?l zfQZifa1c=5Krp3hg`_X24z`*%s+=%-8?)GOEK6R2>B8R*?2EEqsC#=czpq3ryqD=kBL0`O~Jm~IrW%d>>ROVsWhl2DZEJ^LJ~N8~a@AFf(QfM291tfR~9 z46iVdK?iYc9~Y}+`P7)1u{-yI+`+Frj!;Gv0of_0DMbnKt$4O`CT;PVDLxx90U!iG zuncUKiBo`t*E!jBLKoh<6E}-k$#nhn;~dlFIUaquo)%LsnH?wksl^xh{HGC`T9T6i z2pnm!2HA?I*u1Jy^rwMp;S53s^93*+e~R1yyi900CLX?wQu3v>%Rps<1`jS?U+N z*phu)sh?6M%LU#y3_K4f&uG{bR|@g{%>A6f%zp41Q60!WQ~{CAg+a(YWL-v$79iKj zq*+UL75@Ica}SNX?lf&S>TPeQJq&s&9CM!CyE5`4-$XHF8j9*HQPs4ktS^qDSYAiU z5fUg)C`rsqby5MKb*C_AQZve;CN%^W7>qONg&60cBz;9$Qc3~E*9cY%L(jNFCSl5v z&Z$d<2-vv$$0ANK>o^1(`8w>i;+{r5V=a%$%G|b2#03khA1Lo$A=ecDlL6%P5H>Y`~h&pOxjC3`%pj z#F@kcb+gsG@6>Gxve1?*+n_2TwsE1%YkJ`I2@QOiiuteXT#caFKaI_s6hlN z?*q9G3a5#Yk{hYCsJS&gm@2iOL}+Vu)-7|R?TWot&YMKkKU3`u9olXMQX` zPh%J6zP0$4_2#VmIHFCC29yHvap1rEHx)%IG z$4N4V1BBI9i)7DwJ6OO@{Asc=ybht2u&tWimfdk~Xh@KbWA6a;VuPx-T5-%KnGa4&N7ZAL1kM^r)+b?#VC0oQq(TsBj}oIgj$4L& zOMZ@XyQM%A_}0C2;R(EgI}d9_Ve!-z<%{JxyPLpKoQrPQRONy!T`JW$B7SuxG{)-h14-nA?tLrmW8Xz>2EVVWW1?H`Mz_@s)#Rch>*Y78(4dX5p z(A&di?g`UK;+GJ0&fvaYL)?4PdiNsUXlq(QcbmBhIglWAG@=kx$+`&xA+;~>n3}H>-oL?f|aagB^E0VOb-*~$kjCShJ!L~*R5AnMhAdbf44~A~~ z8COY1E<+0NwW(pCu$GcxNRIawrZga^gEhq|Enc=t7?e|XX!ghuTz)tXpg}$=m4bAh z_+YtETo%ab44s4-nXF?yl!;S3X4G3DY&LRgzg{Xmlh26a4IQsSkelNeYVuwT+i~a9 zep8Qr%PNMdBlg7AA6k!Ixd=7}uB)#$vl}r!%yi40K|Ha_&fiY#qD^clnoJ2b8kQ%* zf^loggZ5W(fWI%pyVJH5DtiGqks4?Ai;Lo}Wl7WB3Z@olkdj>#j3YVe6kSO-y{=ZC zX`ZEFiS4stykN&E1&sUL5{&WBa=YUvd}c6=J_gLT&by*?jg_BMH;9_i&3Rc_t81gW z%*8^j)Qbu(6CG*WvJO%WSLmhO?GS`rsOXNjESjv{$-KP9Z|uXXci1)0Hd zPidc1{xI*vXWk=QzACOLQ*?;OOw|-hu~g^rK6g)d7%9+8qvhy8`vI0lLRGmSq-Fk5 zGX7xu#jALIsv9Hi%&lXaTm$tZQjFhjiX$n2trLT6kh<>zSA86h(3v(yFm$sCf_uY( z(!oBV)kueb^dYU0w*icQ!{=_d{`LGAD$9b*j@Q_>Q)NJaoK4iK=dkz=cc}W9!5ljw zcsjN*@QzL54%+&|VZ##KUUDobeywDiRTz_O+k z>grF2!)C0s4AxTUb+!I$v2RX{opVD6h!tWaY6J1bfjZQgS>%fGZYdn9kv9p?O~J2K zy};`!=w#Mj>F@kbyh(q+w`WlVFL<9Jd{G=;Dxq~p`=|BTTuI}Q9u-=`aHAGjYsnyc zlS7%yry}J0UD&}_=3-Zbd!n}_cQ&e~wEwRQTjt@UHHs5?^2rv68b?^=+d{$K)|JiG z9qFP^f?(^Yj2DOA+N+B(D}QpD^h)kh>`_W)LCdc8eo}kor~vw}!ptaRuC*u1PSNe(jmQ$@A6}j(uzTtxk4?IRdxVrW-gpJm{aAxD-r!*GLNI zIog1hU?{f1Bhi+?)KNR_$x1E(Sq6bkpA0%>`7ww_f4J=kR4W^v2dk-{zfH&2y^sWkynCa%WL1h=gBO>Ws4p2Ty{8Q=xGC%T(V~jB%exBk-z_@S3%tSo<*ZhiO<#NT zd?tQBznWQOGucy#H_}t)pD}~~QQ9+xCQqbq-6lNnb%Dl7=sMOrU$OEgn{aUK01F;2 zPgl*$%RBF%IW$?r4jvq~q2l+49@`wiiNg7AwC5PS=+NHa`{wlaN(uNdi7#2|f(v!W zqc7Yl%t^!TzK1}Z90lAK?2MNd?~>~z=Du|U|CjTio?WX)qUR9B12DqVeU;;Gfal z{iw(6{2}T|MiikJ`%In+#TT_z<;R3Y-__BLxi?bsme4 z1s9Sds#90o%?=ebrWO;4xdLC0ua)+_G7^7|(dT6lU>h2#^+kAr+A}G91iD7jvQ(jF zC=yo7PMuax_tnlM)pp5IJQycT1G@J19_A<@rC={y+_B0=|0~`wM7u9fhj1NCU>gh` zHe_FUQF(Ok+hTFRI7cVPb$FJK!9v_zEfsnoo~9_f51lmoQf_h8@d1|}Q4%9qT#oZ( zq6SRVC0v)sd|XBjgkKfafym2pZa!nR6M;V3{mqC}kR6Tz3gY|-{EOYiW4Pyk=va8pP)aMF=%i2IS~Ar+al~2 z$DrwMd_W9#s9fre6qf^rCKW+Gp8(LNKZlki1ommQmQ|oWTTH#qZG!YG#~eKG^`cA$ zvG(_?F++A1U5JV|PsDz_U4i&6Mn(m1<DD~5=gNKKu02{-nvcLTLM3qf-oE}3nWGjiA#5{&2yiaY_2Syr=H&o#`ICzLh6b-m-(c3 z$YmK`w@881lGCwIJ!m`%kzC<@k{UNlfEpRYrDA+AFU7I}ebIBU9=8%(_YsGo5d(s( zhagf^hVo{5J%{QlI+5BbuPk zh0NtWxSI82wQl84dkpp@)N}~U`4KSTqHmGGS@$(494hK))p$rq1NDr<0c=1>t!7@} zwebT2I(0S`dd z!@)@Kb|8Xb@m`txw#1D zJSN6Yc?Ax^ibcCUaD$@z&svG4={nx^u}GgG!K_?@N>BZCu$M_r$JvbmRzG_8M9sYh#evP)o()`?MC2@hg9_7rnEjiwH|3a!_XsTL7-qum(O&=NxEV*-R;2Y16h z7X^u4pZ4S}Wzygo65%G9Tp&A-avEZnLF;DBnyatM%<0^9A*;;r2Cq?VNQ3HBMi$R7 zwO(oI-;THHb64l=(``mEXTusb9AGb3;<45z&NIs>o6T72VJB-{ z#EWSWJ$TQ|*twWI6hW*akc(%rgIZzQQ?-cDF00Lqt3@^*W^BSx8~1@KD?y&#CC7q- zQ@u92f}7D1w`Pooel2?Gn{wKkOZ4Qn;)_)Xa`)>}O+076=aHe#9HFP4AQr}N+17+# z#kFr5ph|PK#I|4$={m3~vvc1>ABPV5G#HVGyV!zQ^13FBiKHSAj#2Pbxy1LQBU z-r`5lYZn4ssBMShwv}SO?dr?s=GNI&u?j0!tO|e=BU~#RE7+C%SkFk~dS!&wFlg@= z&Oo2lyn#EQ5&c$e!1%N%5%yO8y`>g)3pC8PuVj`mr+2DM`{{WcDPvJcZ8REb%oG-> z?f0g*pHBDEF}k!vBnOb@W=uIr=vd-#LVm%gADZ-j9_47AUSAdm8N^$aXQYCn*tYU2 zVK9qwrmhFR@u36$xH;P$SBIG#M1qR>jmTUA0+t4woWhlW(RR{7kpV4|O3NxlH&*8f z&6&qG5woeS0=|Zm$L3j)SD)YFZZn|hTbyrus0lOzog~15pG9l|^rdrd?WI;~V?Wnm zdbkoMCc@+r0eHNH(4@3Y?h~Vtgit-rf_3BtE>^#s)d*~1Y)(&r{o&Nv6w^?|v$9fs zLo}y(n8|}%qB4EN?|mRseT!_# zRP5T`Vo%foq|!1#Y<6EvRC{_ex|>4ju{-F~7Szt7aw7g4f%F!U&mb4L{nW8%a@{Y`+dYE6pOfW+xs^7Y}phSE#vR!u8gUT9Lj;H{O=Oc6+uCUhG!-s1=(p7 zjn{dbW)1T`_A3e=RDXC` zD3)bZXqAqmyZb*7BsLMJm{a((bPZEBP00t%s)c4&wPQT_*Q5npUy)vkpX>fX(FuXi+|5#J29uDyS|bpaCFCGa+78J(NF1a6&qhuqCV zr7l2T++1VMg(Is)N916UYiZvu2k9~goEj~YbHx?>dXV%{Suo;Uvup~`-H5skKT&(G>OD@ zC1`7~O@&x0JvBNd%0d|Rs+pp^0{wUAyP+wgeb4z9pM4genS<(oGQ!^5Z)18L?K~Oc zN=rFL+lY?u>?9ELx~!9F7@yLEr6=C(=QD^?{Je~hN+7nsb z8xqD1l`RIGe7nMCy<6c8W$D+pca9KTaI~BQ&%JPW3pLFB) zlr2}c7AyJqnHD(}@$D!U}9GkeK!+7O;RWwEV_%r&%#R}wYAjYN}(JlluIUdb=9v=lwpM}z>tmc<># z{($Mr#_04hkpOZv@T_v1#saVcR_Jyp+dJx>3+1jHr?a`|e*T_YI~*Qk#Ury2QN08p zc$OL2jsgMEjA@{+g)3@&+G)b;zC=U?$V%Sh}v zLd`yJ`*)bvr_t58xTX>`3D6MGn!n!NogvqY?QRm^ge6Tzvs0^x`MK0MS&lv?U-V6k z+icLX_~J_o`Zmx5upfk#4rD># zv)#URYC|KftiFM|p_BPnhGThNX_#KC)J~tf{(M5V|4h9Y^lhmq?)&K``9UF-J+|aA zLzCE$s-)Cb3Q_wUk>oV69-KkeJ`TP=Ik&vE=Xp)C_rc26)Z8k95Y3M>T$ zLC>bz^)Z9-lX+@;2vO>{oV)JFU-bjHtbTGdz~Vu)w@Cw?eu^uYE)M9EVgMEoVusiN zE{lCyX0E&US^c@?#ItwmPT!~|;Ys)ta&zm&pz4mwna{lG)oHCIQ*Bu_K*Q@cd!9*Q}NLA&1CQ3ruL)CxWU2_+_@k=mSsmuNb?l4q?2CWRu)F513W?%Po?!BXkYAOFwE=iS>&{e6KonhXF3mUzOXO(Q+;G`@Fnb&+P%=~m;1 zHspFFY0k?G@{73Qb7fl0$Iaa2h1bWRgnQ89mZ40yCd&wfJge!cSlC7|sZdXuvc z0b~Slz-US{!Wg6S7mErj>E(q5Nzh}k&g-%X;r-tYd>Q)2Q#(&(6+y)y8|&tdS2 zm*`A$(~<>S<%3HRYZ3Mtt_pJEb1;r#ZQH~P>jo|JgU(u^S;=k2M7XcAQqmOjh2%Tt z@Vl2Ch9i;;7#wm8#@Q4*I#$QeurNEi?_}JkZ4`P-MD72ARQUVdEbOL;+D8UYTjg4I zPQ~VEOZ8?ps%q_y!F|zh&n~iugX64>0CuQ`CraKnKKNXf>m;{a zAME7w`SqD$R$vl$z!HERVsHc%uMNGr^1F+hS+tN=aj!?rp|dodviRhzs-LLVp+5pV zgtbB9=-pLUdyT?8-0*UWecYTaQAKXp?QH7W>%}w8s-N&hiYzoT4+%{;U{5K@>Ur77 zK#V>Lo^vsBJZ=q8=IJto_8PeP2702{AR3NvFV`DGP!*K}nZ?8CVJ_E*YX1V=^@g@F zpyer}`|H@^9f~*uMz?$VQ)E!DSNb-rLpl}Kd;Rv*zb&Af4DmJ?Q6wx142mL(m&3XQ zZ3A{)JV$VO-FT3>>MB|2dFMyz5By4iGSBvo?Rz2N!Sf@snp+-%zbN0{t`~R8#d`?- zitN2ZHcW5mqX!=~tJ*rG4Qr;{EiN*swe0nb9`$1uKfMAw8h2aNRh65DG8-={?=L)f zGy@TvHc&_I7yxjO3F2b!C-k|jHea^c9<%;yQs$|ls?wm=ybC;-KUl;p9(DG#J!@1` zC%)jNGFMT?RZ;tKCSCzVYCd}kEa{xiGHcUoD*3@Sb5e0q7VD~kez^ewg4tL+O(L?54W)sw|G5pesIS><}dT7dQz^G6@!p+p(T-|6HK+@E%ac zLoqK2uLYegEjBACB|Om4&y!<)TMNzo{5PS4Et z9-Wv8D#a3$Gq40o)Wsnxyq}bUB<4SvnH=(@=Au(FV36{1<;}t9=Yui9H)6?sa0ni( zxEK|B(?IFyaSi=a;4Ei+%KYt$l;m|o-HOC{-FOS>_p2dTK`Exx81pMr+Nh_gmtmI@ zhHmoM4;|SH9=mqu%hup;86cvSScI$y=jL?yZ0fXM?hj;+1g*6@Ai`3cJQnyyw_ib@ zO*7*66=da>gz`~)Nsaohr2R&6Zfv!D?E^cUBgq;kM5RWP>J6OI4dxK45S85;P|s!0 zkZrIImN|5e)_*IwqMqC5*OyQ!J@XxbhQ9g2lDaYi)}5WfU>CH+DoP4koS00i=>IA8 z#V5t)^>@z~pRBK?D2Xl5O2o^lDxr%L%m=tDNhVjA4>pEd9dMf?!=^Ls4#U3Zo9*$m z>ZqDniEJV2U_ew;9EunnImPdNAQ_dGpPR1j>Of|c1!nD8%MGRgvaKT7vbe1%CQlko zPd4X=awL^k>ZMl+O}x5DslKjAQT*~bsQmn=b-9Ov<7`QQuva(fGW^Lq(Cc>{#M$F5>iV_{fa%w8O^ z5Qh!->$_Jt7%)*qO(rE%sw5;{+#=t?EEPBu209dqP~ji7|4YTkj)yMbc=8jZx%v52 z;*mV`J#fEQ1`Zt`7W~)U8@LGnakrV6ik3on?p_ofVc&lS?Y9`$oLUiIFmcf$4w;IH zi&Tt)_uIusfKievLFHH!tQ0WgH5z_Zhos1aRq=!}8*6b^nA=>`EY2bl-yCW4AylrxQok=lo=Ts^v;#XEzR(80p-En>q%~EYlOv| z`$YFZL18zm(sYu^*6d|hlyZ7-6&X~vQbZJR71VT25s;e<27~eYfEX#8! zV;k#rd(o1wM=RuGuQLnmwfp;+c+WRy$U&A(U+u^rTXN_R{GiX=YHB>f7*%Tu&I_ z-hUx>V-3Ix7(L3zI*W<$@=0O_5WqG%Y|gx4whgru$5(CK(ZI1!q3xT@CMTLZtdE_4 z6fh#3eqO6U&Z0zNIj6DrTC8(gXY8CL`Po0I`V)VX;B0Eur)@drRCU*rD9;&-OIc268O1um8+?tkAR2cAM0gM;7M}5@wkc2e|zCz z+Y>4wj~NY$3hS>G$&^v3Ps2`V+_8Dfo$oji{&5AJp0SYx|6e*T=+BwtD3-FGtP<8CH8kmZl*ixYh_kgq=x`)LQ6=R@7}`zIT=V)NHWR}P972u znL+NkaVrZDbwpTscc!BrfoGLlG&bO=DYKQgh>&l)^%s~hcX>D9Q7aKT^M{Zn1T1OQXNvqGmc}iL-_?j-Qz%iU_l)$N6rvrS0Xqv1 zvG>548w&$(h%UZU@K5W=T+~>&wg4`=7#jTj>p#E4XSiz0hSGbY3b2*UDPJkbONLLE-3g_~P(m{C&4m1tM&No=Z|O~2sBK3~ z-u#`vY&$KwuvUUDxXWn3=Qw>e%(soCNXT31v4Y5s-N zDbRsQNL5uwfsW{o-pyMEsS>8?0dyT4xX{>5yJ-ux>3tA?06Gve8E#p-N>2seD!dNx z9e*C9|HXm&j|BzJ=FHmEDs%IAmjl4!87O4tSg*F!wSVF`NSk)1&Ss$QS|qtw6IEu^ zjazCYXC7-?Nc~rr1V_u6W~4}a^;#A?^zBXO=}Vz}+-6+yJpCz~9|5$^qw~j%L7Ga= zm|MNfYr|rTp?3^WKe@>!DYt+~PiJ%?&o%?rS6kCezNz-=0PU@PXBA#rZVI0Nagq@G zW+gisu=(T9&+uuks*+J8Go}Dj(UvCiV$zLRCV>>Be|Y(X2_N(26Ke1^`2t^rgQJ{n zXahARe1Akk-iz{$EAj=Wtwfh&1uAgx!Mk`OHkC*~@3Fk?u+iQ>96UAE4&`bFvrKa^ zru1Y?DUKGJj0_J$BKXNE;SmT_fNm_9o{1rb#cnS_1=4fGlFXcj{FuEFk&iY5Vj3R% zA9YDMc;f7YTC90NNt>gWiWBSM7WgGH818fXUzWh7nt+hYYnO;O? z#HR6BnJHdLsh?F2KT}bKL^;)KOd7lLa^@S3zsjGvv<93pHAT4)>AraLyn%c#S^|NT z_5~o7=Js%}MvZstFM;@lcjnsY=a$*SdgmRz#xSzn#nraC$HSsY@1$tK9n<}n=14Q^ zK7auB8Ay;A!Jp42kf!vSVxW)A&luEd-4agsT2BroOaa4$A%-otQL<-x%3`uHv} z4Vm6ebc{JWhdMs;k{KmcL%ougVOA|_tcFs<8J6^%@`+PJsGo|rA%g+y04p;?04qib zEMuQd_goPk|91(Q?B30rp>8tI>qdFMDS-ej=pRMY+#i3DWzeR9rk~Jjm!9I|{tGj1 zy|)Ts3}|h2u}7Psysgmwaadk^J8S&*9~ONRfolA1qmm8FwSsJs;)Iv)uv8(xb-#T{ z5r30^rCFlDO!+cix}5E}OGC-z%R>H2f64yh)&JxFkdH;D^JGikQMPCzY>vb zjXOs$0~rn0#y-1K)#>=>iK@4U*l*SwAMpkqg3E$x2N2WWr>5JZ*k3aNY;8d4sTn`7 zdatH*|H6SBAlC9ITGy#Dzc@LvtvtX)Pqr_q)D~JnMC(rVO0|J&%w4I$pH0^VZ+*#{ zpf+WtT?HqJu((ViI;Zpes9TT-0k!zkT*WW zO?@81@4n^?jgL0KSxcxA&xdIbley{kuZ^tiQnQG_l!60>(LCxyb-Un{NJ5r4h(45z z!006moG`2$GKbW|_?n_d$NCzEfUaPMb+dnY_2Zg*9)#U%Fgt{2wZT6&I~(u+gGNs4 zyfxq1esc>Nv3*{3?}N;b$n>m_FHX*=o_>V+!I6CcJ|{>G!OkYh;9&&-{T*xUyHkq( zVA^B1D3Uwd@tA$Y6%`w^!JFp@1n&fzGwG3)=mY*4>2glzzrD?aw}AXYo4r1kbt_ zuO+!mf?a!OFY|hQ^@P+3}$wu`UgW|E!Xy_ z!T(Gp@*uyY^wwn%1_r0|cG4ocR%#x2-LmN2UuCpCDU0b>ZFBEUwPPIns1<$fAW8k`IYKkpcwZ^kNgkX56e&+Pp&JQC+@*Fr=`$Z$QL40-MsAU{}nv0ELO4PNxmS8PpjeL%?!rXNX)e|M$l zquu*6;j{4K(=%7Z-5TFKGU^RmwXs|P=l9-^O@0-w7%@PruB?JMbq$7GxhgNw)s7P{5yw+!Pnc+OMsam@yvmWa~GAA z6g!lY4LUIuqH~@$;`0Eqmz5_K?zp88C;^zs_T9M>@m``%;HRG}3s*}nBD2U9g`|(K z|GjE@fry%ipNCTsQTGQM<;%c>j2pN8)%%h8N%h%2=fe|Dyzt8WEVw@C89N^s3ZRLG zRQ~^5{LU+-H-#0}PR^zpY<=`m_6211C}AYaj`S8}^>3t1-J97!UBgEe(>_~?53 zvn+ChzA)cW)I6gRmcuQHV34xS1|Nd*B7}9S_uWimR{p!zAg?e7NS-G0RaBA$`H5wq z$`EttM3o4M$Zw(N7a>)hm|-q?^sMhs&#dkB%XqJOJD*#AGcmUOdeD*YRnKZCnJ@aU zVUB-%S_7S0y&n0v9FPorcen!C9+d&h`i8VRjO=U->-ZOf^oxE<$h*k_c+w{62U5g| zeyMQghUIaEJ56egC`Z)IC+^GX`V1i=Fxs?PfvaVD{{P`ZIFxhDnrlg?L}t2vGt&(VO) zRezBGDYK7#G9%IsTFF(6Kg)e(E}r!6FM0}@MqlMM_P@xMmtC_8iuu;s-$ClSDYAd` z62J=7G~T6_7h?gX#NA`%ICo#w$EnX!JEHj!Pd8KZ)_Ik`JhcCa`FcJ}+7+EN6fbX! zb#9R_KULl(osX?)Bq57CN<|t=CQzBhlSBC>T^{4G%GG@$_P?BxEH|F5w!v{=oicWL z{jR!NNh8jDIEOpnxblVL4@NU=`iRDaHC#Xt^(+e7grr1{Fv_x)7`jKg44|KW_}!cj zC}PM;TwX>jGnNsTmfj#PJ6ioF*`Iix!Ag)mx9h}Ld+814;*pq{DqF;_^+cV_dE46D zw@^wl$top#o!09i{NKRp{?t*_W!WB_mtW&bWE2ur#-i~a4wPmpi~(aDQ;4)N!Wfcw zewoTp%QTPnzqVV)J*)N>t{(-9@8Psyn|@JA{XrRr>Fli>E5a$hKjJf%KR-)BQGdV~ z;>R9{CrR3RdmCXN9{|Rg!(JwgxperJkp(hnpJ+^&XKWm3&VP)9SSU zILlbNqs%@zr*-nl)8n14DQ*WC)dtSA)u+e5+-3<+W$ni5JrHKyifit_ab=|=xjP27 zC7P!bQ@57PI|O5veJW#=C5x_98id53VIrg5swWp`!TwuD6VqpVNzrbOYeqIg*lhNk zL0M%?m>nDd!$OaJXOxkP!YR2^F%9?-_A}!632>>KR=P3BoG3MT7e*5IQRK7eQl$XM zqg_hh9gJbv4`ZVF4SNL&v`98WP8*Tj>pI-K<1-D8n#Dm6zndIazA9|czLVK@uv10% z>d5pe9`58XA(HWe7y>=bUTO+m;o+KC6qMt8$g5w)iaA~p;UA$Z3>brPrmb>KrhIFp zxoRsrvudqGI~)dEtC0FzJ|@iaR+Ucp^>4K?fMFNQ0&X_ISMr6VR4DL`GRi|N0<@Fb zQx7`UJ9{r6L>KpxT!q{auM4A`T;9ZJlFu-*irB)y;aI$H&@J#+$Z5cJGW_*Q+J9{H z+m}ymKApD+PsZ~Wlk1ChKEsOS+adF9c-(w<2V{k2Z96Y6G5Vq$G?=x`uu5AHn3ohf zr4a%VsdF>a6&yaG(s$}GpFvS>g+8SdNvq7>3BE%fd`};JxEg1v%p-JdE zMxAEth=WfLF_^8;=#c|UmCy{zBfA@ePipUlWk+T&-&34fUI&^r*ebD#7B^)LGS2I& zN_=^fZ+>ZWyeE%-3${idA8s7Ek8|pqsp=m9Zf`QSfQUdfl`k!p{K#DM_9$lN2-N`5 zu$dgtGfNHxs{i_@-tSaYt{l4@+ zsaaSz-!{X+`AnW9FVjz1HCDEnwXrKguhwig`_HrypA+8xD>g@Wo_bOpN;|22!jxf( zA=m$4g|}EwnK0()bxcQXM^6Wp)IO}ZM6Xl4V;FXM&^Kc2@b8%jf8*IWt=}2ha#*qK zBCKzpbvY4cmu;7w)pEZ{+&1fR8A5w;8kA1+la$Gyw9PcV#B0tAL*UO6k1l#h_@3)$ zm@wuT{37L4--ZM@y?na>SxI2Sfv(t^d@#*0Z#{AtNllIcwWqQYAa~y`9BF5ywYW5h z9RK4ET;Bnm8lRivl;7@G*q-Jang?ean9U$2v^ra>w3*R;Ke0W$64>8Ndt|wKN29q6 z2UaX{C-61xnEIeGrIn4e1`XLs&POa~C@9$mR9b2X=}ln$9ZBgWCXBf~C%;woVEB44 zunO4QbQuGNE|#AQ97}9cC!gQuTxs#HE(;B+IfJZ64DsykYGy;8TfYqCs4TDsRAgC_i^ z#xeDx8#Ik8k7=oL)r6@4CWroKTq*^TZ6d`5`{Y))*m9;u&31>0!0N0R^qB>6wNa_ZsCS zkrX|3eOi=c6R6hzAa84*(p0NJpg%QQzbPrO7mUf9J*zj`1MM4?Q#kiq3}@CMwFv7q zBF)sOfYSTQ$&AE@@BYf*5M7HNF*DjeSTiMm<(JNmny5qQACXSK! zGJ13>5&53mJ@mb?aJEY+*cfC~SUtTZvbuS?{e-_U;HdoSsm(j-Zmybd>M&v7dnoXY zt~__e_Z8US4L2pR@gd=OQ}^n@GHh}6pgVZkE;1`J>xiA)xbhM@WxBZXv5D#~A46$p zhm5d;n0}C5A5)VVCXkJ0!;pa!9+LIM^W++(PRlrZg?v}_$v|C!)DI0lYn|tKE(k#i z%p3QLpsSD6-u6z}-@iVf#O`0Ke(Hq3WIAfXpJmNLnd`|b&lUZ$RwXoU6YidW>9f1;I1q;?ek~JQTRta{!M`!xWfi1 zZFRJgDd^(o&LNH>XdHez-WY6~*sX5z?9B44FI;O^s3xo@L!RKX z&M4O1D)U@y*WbUJqgZ>Z%zJ4nKxyeth38VY>HI$FWUW!D+oJg8Xs^n7065A(!DZmR zjP$~>AYFmfyILq%8L%FBsrg0(Fg~F$&+)v?U2vHH{AO%xHY_X+zTN$cq!}Eh0<^Wq zZVyd8vI~`*4U=TZLwv(Ryu5i@(=f{&~vHYA= zjN#^gr+Vyqqk`VhEu{C=D+{3_Nkg|&e6F5*0pjk!Q!byo3UUGaZX;4Jp1T2o_>1fj zA;Ko}09K)&+|OpR4J07!ugv1ySQulxJ~{qQ>~NClC97-+5Vw*eV)jeRc*7aBj(k8nIuY28PW48;o#7HykGc1Raf;j^WS`Qg)2>!v7{FAO5v2BJqW zKDw)Om6{|HS@{TpdvWb}1B*2^m+in^EGriGxTv{(_Yn1|aT(fEcumaZOF3rjBDr(hv z)^u?9j9zUsO6-=DPb2#?hQum{O34pN6`7D@Ir6`0M2PI;l+1;XFbiH7R4GPlA1H7SR~k^GPy7*rd=3NduBT zb4R^7CJ_9S=ez7aNXkRA#=-HCxe-8)qZ3?^pMKWnD7aJ?E3*#m`F4FjvmR3pwwS5( zLXGdnO8FSDQ&^VciCw!H1X|3zJ(bL6)=0F$lpy1AwYAM;ZMB`fTy0kj(GupKv9}!U z4Cf^i&Lpc$Jo8!G!0bBrQCGFwVwqHbKt<`ZRl!&LBZC4jchlE>BF-RKp@sReEu|Rv zcts91hvXM_kp>_31ZeUl}!ca-6yJ!34UNRE~;4OPMg z04q@1<2jrh{rhVN8gTo%b9)IP2|=Zz058W!JV)arz{F>WU&1JVyf^gq6Vg8##1dyoBnlm&0ya!TyP!<{yG%)k&^1UR=;N0&qlVl&&EO@C=x~5| zd=Yfu$bgy=2og#*m~Xp~CY5Ljn%Y0;N{1kW%xjItSEoS&D;g;B!_g|38Z$G3^dMxT zl1%9~Ij#X+c0UXstSJM|#WiqV6&_T22|1b@f4=9wbq8uuQ-gQqUNzIpLz9&|iVBWG zYS9Tj*-_l}PTE#-}xbYpw-&SKc)}D2Sn#uI~Z-Ak&x*-YF3Oovg7ig zgj86z3ay1U>u$wH07Ou5kwDkbv1`5XFit0q{kK2CEx3h1I^vlOoR@qbLxtz1lj~f#&mLKfh;?sPF1CuD5ve&CHvRCYIw7*%$XkGj%4t$gXfP_o@a27ktq4W(b+V zC=cM@*wp*vbY{6fcT>#}IgO_=X?gj1k!z9tW>NYQW=Reyhc72TM~9U@pU6i{u$<*^ zkjj`0MIp;4tEh<0l1j7f(({9vF)a9N`~)Id0u^n^67DX&Q-n3A|X?*jwSUih}i@f`)khDiZn%Zez%7_tHtfB((F z1h@`e!>Om`RDta|r&7dE)#r!^sg94SdWc*w2h0^IeNx$xW(5(Ruak?xwqQA6UuyRu zT{(e)g%L}NcH!xFEFs8%uxvNEy%fIy%_xl@=j?C|GtzAJab*^$$#%qEb#RBggC|

c# z1|)lGV57x5_IpOaaV-Xb6+~~m>lbfFb1}IlOr8a@vNE$tcI%D92HRsJ zgIs-vJx4zDeAZ>Z^}hqYM|y3&BTt=Smyr=3KeHZg9Qtmw%BEZm_FV4@UJp=NZ&hJ8 zDzSZ*+>h@yvz_ypEi zJ{{mGouf~1b|+R=qmr`9Z@|u986k~0@f7n}vH4AkR?xqsK_%G>r2qZCgx^}#z&Q=* z67S{Y9OT$DwWUqmKdoIM_D;_VtiE=ULKbcQ(z@~ProaPHA3(*QIAGKd%0LE>i(fwT zh5PuWaf&Zu7U}`Kj=s(_-(*#=oBkrO??98eNQmPz-uUcYsfl^R0Wp5B1vqTw{Sz8kH+xUwSfpO zdo|<~=BOwgC_$qk->9i+&ofg#LD0GYW>3+`P+hbgD1a1QYUAvxl#9S%FxczjUtWb- zEOJMi&kq%FZcPD9SkDm_I>;^Gj8*T6^1oM}x6ZBnRcP~HjR&M`DzikSmO7J}OZ~o~ zqwAD2>B}aPZ!-Ywqu5O8?VyK8G<1Zt7I52;<^EZ|9*f?>j9GRx5AY^H5v4iJwUgvvtHEG4DDWXdVC` zy0A0HbYJ)bJ8CO7kfA5LHA*YbN%0luFfQcAiVcRd-12b6c3Rk}9?h!UbH}*qOK4|u zbNNI6eG;Ld`U59DR>V_Vdpy3nZhG9Ao>p5tSa3wZ+ zR-N@KY_LGMPT3$`iNNIATOWYExfIwFb@iJe-N_A7fYX=o0Ibl{6G4m7p`pcdj+|fx zCmT!n@qbHbf61IqFzv=5O$qn6{f3;2(`9-#ZWXX^%B4C0F7M3A_*JU%`%-W$B6Ek7C;t|-pUFJRw8Z`GNs!I)_poPu&l z+E?@bf#WpB<0TvkIN0CW>=_UbFniB%3NoLdn*>nykXOk56}^3IcjVP!88Alib4DaJ z0YC-zEb9bB_AI(3!G+?gVjxSysVvVG-LZ6Xn$KxB1%{A8b#snH1&=-rHbP+u2sj~7 z@~%=c9Fth%rY)Ie#9SsNyO2y}F>?KBL4u3dZYnm0LTsvm9c>dqH%nvOT%y&NYMjp3 zgvYqZ7Gbw=iwP1cg$LT+YO1zX&xhNn=fa_C_l2<#NyU7KjbbhYs@QgM$T5=aKd$W< z_UvNF$B+cY`;fOGKSDy?b+V5^V9fiVw?RLG{*4=?+r+(?y$FKAS^bZPu(fL@zKllG z>PjLZuQ(G-_*x8i{zg?4hZ#qQhcMEvJ)EeWFm2`F-~a+9@SNBj2qYDI;=Xx-IA-kj z45=X}tFR8ZkXu&Jkd;HK1B;5dSea?i*4BZnRA`&Ao%opIH<$moj6y!7aWcr)QBuUm})8kdqtNW)>5JUr{Am3Mp6QSSdofPpJP5=t9;x$jPQ?a zHPmWjT45=ElW_1PJUhuxK!g2MejCTq-{qfl+F|E?} zQ={bwd#Km_Q?^h%CqFf`+BC@P`Kjzbb?v+Gg5#=xl9jkFS5s@KBkD@W#>OByj#0wz zhifP`lp!U~q2P@6QE;@N_ONz{fm~1{%-Pc$3#ioxEh^pW;CNJ>=75dEB3Ajs@(5Gl zXsx+$lrpfV>&!yL6s7vPuw2rtlQ=whKsn0SE#A4Q{*i$5V}9ANmrKw*-DxVMF0~|- z)vINafJNcsW4;mr$~ho}olD#lmvuMJJUN04Lz?gKf)@e)ra%HlpRBI^J65W z#vuI)xH9|N%WM7DmPyOE7pPtni??4|gk)@l`I_|FA}oVt@e^sC8Ja;vLM?`!-Bp2$ z5$=pSEnx?-c0Sb1pu9vs-IsWNqCT$A>&|w zlT5$F6%+$On~p{J-ufob8gDJ|ncdU(&Br8?&)h9iMg#MGI|_L@KSKEw50nloZA_R# zR&+um@P&f1vK=b}jltwpJVfuwq;Fk7*}zHQySK?PurhkUY30PTpt#5B$Z08Wwts#lP$-6{ zE!QG<7rF9PEPXi0|9uM5_#>^pC(Vwt#^1j?<*spMcs%vsbq56N+4YU2#wS%1eY1jA z#lN21VeU{#)S-s_qw^>6F&tW5J9PYW*7NtI_q>eyC!DnN`PdgG`z7gRHM4qyw4spz zJFpS`uEFf*NEqL0i(5&Ce+!|a@cn8@)U)j6cbNy7 zt8`P92MuwDM8guw8vtT^gTCZ}2AO{V@C?Z8CGMmN^63tR15#H6;Jg$6`9ETvh`ra= zLdliD_9evvE_%K{)EVqtngV=cuyqUovTcIt$$(SsZJz&jcDk>18UlCZ1%q)u97qD3 zx$-|S0IRhxIrq`v22^H{ZDK%b9o&TUSg;YgbO$%DH6XSn{n z6Sm(a@;N*EX=#_dmzEtmNx$MWJ!?m1Jxr#DbfL~ZnOtCgbt^DFIAJ>RU%p|Q4pl~F z94I=c+-EOnj8fhCuE5<#+u%nbr9$=P4(o}cLw@)i6x;3t%s!CRxA&=0T&mf*7#@3C zzmK}Qiu&55TlU|l)JkpCP94-~y1o?-DE$ZUtm5iH8B{9YI;kSqTo&_@cl(k}JI_Sit z?cFuBE3_1`7Q~Wr7QlYS_7*62$G_(YDqiw_dgTR}Xg{v7Xf9bq3O-asq7UQ<*2Hly z0OBMcF*N3S%q8}ZVO{Mv`Q9N^uNmDFZdSRsKiD;u z+Y<;Gd3pYBPK<^xj?R>7BS!Cw$7@|lshD(SSdt8LFT zU-bjRqYe7tqiAK}@ckUtjzIo@A0vYXjto7p2+X1t5xWOd)Sprr=4B$9jUn*J7)9|M!~$O=!FD{ z!zN%278On;p5voiDT`RmV&xTQiWD+z0JLRQ2_6ZL=$5+b5j-&WNhy~7=*St#5ZwU~ zQ>%VH3;c#Hv(D4HLFbrSj%VG6H6MjAsctu=k>2| zZ*39UANZ+PzohiRg6p3O!>7t$wbKS8khR z+$CMTeX|~*0K8$33hb(BQ-8%4+86ZoN5|HMnvb3S^?BITqo+nAnF$Ntp|%3#P$ zdz`VZEgx3P&;NXc|FBwN|2%}MOPX1pPl2;?SiWmn{7ITb9hx`ch;<8jo43H@i1n%4 z6FOyiHM(DOa3zhI*a-ON(z7Pi)$uJKHuP4wquwZ2*QhS%FKvzw=-4Ux?OO+=xV4-? z{qvh^DhF*4-!37A=fFPCqwO7W^Lc+Rvp3qZEZ@9HY}T(m<+A_9$t7AFM55= z#qocKy1sILnBEDt|1>z@S9(z#3imQjztX<()$q>L)zdR2uKS;C-Cln>kZd)~%qpad z+4=ods4lywh{6$5o;H&FFfRl;q>{qpR}|&2cSQdL%q2|26~sc0c^pyQi8#nHPa>)- zNfSBd$w=L8fXp1`NkE;SLr&L|C-@YV*O7d4@`u9w_og!mgc0Pq-M$mW?1o4~AVGn= zp&S|2K`JNmhJ0eUZ|S4Ac?L1u&#ckgJck(WSE}f3o{Nm#2H@u~&jH5#By+m1J<-qW z+J`gs?uIjvvveGxZL`}_vJLpY9T{$>v#PX1bH$g8Lm&Cb4L>-Rk|8U;BIcVhof=Xj`jI*-lg&#ay6 zMV(84%LK?08j)8WRCYL7LOt=oIawkuN#fzs%`iYaefy&BDu?5ywsT?g#q_MLtkpo_ zwOVsGYGIB3z#`UK(>O8l_FS&p6DPWRF1M!+D5@6@?0SA;0@`19@6=gUHhZ;}&qweN z1qG$3Oq8w(Dic*_akN$fpfC#ZYL8KFYKTTqTmvFH^y}sl zkQP7GlGC&ahzILQ#HkiuLNIt)?WeW z(a$YF1AFKrPZ%IW*o0miE3-?j`t^YXy~U_AJ~X4^L%C!$#DseBYX_Xs>yY@5pX^2jl}uV+`8Suf+tOD`?Ees*CYJYnTlcuKJx_ZN zQr_Wsi0ggiz)Q}moK#la_4sca zjaoF0I1A(>V*qgGLFiud9ldumeLlKt*I)2SaiGtG-swX8vy6AQ2|tO`V?c7H)y3>VkjEaD(E|brxbaWJ}(Z`+_ln|ql>(`qa^4#-Hl>0qy3y2cQS`(v<_~)_!x{0vb05SC>AouDhVmZe_0T=BfRT z!e$?M)9>%Sa(ptLFKNqx`WLh-Du0w|Yc+lo9AB-fBHwsPU*dAEZ^#~j1aP&0sjPvL zsTu7l3It5IKK~`axtW{yb*-|&TLYQ10&`LDDmM~pFTwVjy@V}mi^ih+ZGfpE_#z+w z*4!Pf^6&Gb=8CXiz&dtq?W5RBXtaR0Cy?`Hv9`jk9yMc<sM?WS?I*Uj!Bd+qJA z==u|N{s~imt08@o)N}+lkbA8^T}z-u&KFz2-m6E6zW2oJuR2i9-=EO#d6B!-y+Zl- zIZXEiWwh=UWUr7QkS3Q&N5J0<=!C3_=}Gg8p8$5C^>GE@9VT7#eajwLKP1tw0^z@g zh%cB!17goR<#KyW(A!=)uQahfY7LHw$xS*wO}SnIvUl{4zKJ!F>+tpJ=Vg7Gd%jY> zHQ{@43o;6_tmVLN@tNhL>-UBFSi2#4t$7}z*Xn7A0b+0uPLvskdt1E~4b^VvHv z;azApQ@q>qai9GB7VI*r3ft8QXO|HHvo2PCVQtC2-I@=R8wA*p@_oDaCUmo7-ob#i zr`78pAH`8a!$xg~>5G^0rZT=&cdWXi>ia)q4CeNHx>m^_-xYJ-L5Z#<`ND|>g*VNPCEUcy2UcVws&I@PNNjI`+F-9Fh)!F1dJw_v9r!56n&m zt^0TP*I&(g@tMM9>wb~_)GCzxb>C6MV&m+q9wevfy|eV@>LdT)IDju_NN$w&Wo>T( zJWxYq-??AedEuq`dw~M@hWq(LSF7y`M!s)&e%$K!C;20S*5%VL3tE?dS7yp%J@MmY z?s}!Z%oT5I)e8m~%WRLQEjK&G%AY7dT^O&DbqaHfRVs#(F#>&FaaYsjJBb;jsWLMt zjDer!ZmZpTo)ciX6>M?EFl&iu=qp zR3~j@o{3~Z&%j_PIuRn|9qwCS8dx^oi5q#RuNid{M zP3?-eOGj~YBh^Wh+@;Q**gd{4XCau}W9!|M*U&lHdyekcLC&=A<@PIc<-BVR;{h3} zWx(v48kyrR?ahMFo@@4=?Jc^zernq!Yb=|^!Zu*y zn@M}*sIKiNQc3@QHVro*AT$oHDvPyggRK zj?NwSv|I`OtL$Q|BfYA2TUV@e%81*tURry5@J4okds(oI;des0u@*3Tf8&^vvsCVziXu_HKzFQf9Q8qChA|>8Jx;NS;=k+vyuKSG{fB&Q0cah zXv?q5{Qpz|dDTC&*xd)ixs5OD3Y5!Lr-w(|tw@J*%Ku9M>l^Ew4U(NRXHguW*2oh> zw<;fVgzi64P{UMG0}%)}=L;A)ru1Ny$<`0PZ=LWmTsf{Y!&l|zeZb3NU)JG&iEw3Y zF>Umc>z%Q6&+)ApBySZ%v*%R!=BzAy=X?CU-t#(Yf0xFQp?*On)*o+!!IO|B<#|7z z4&^Rv;>UQUxSh0~^nb)n)V-Hq0#YX}cf1G!x|4NB?KkRDu>aMaF{WwuiWmV>18J6J zRa|Bb?u z|M}+M_Wknvt&mdl!VCAB1PDlU zovkm^)e4N;7`OeRblCBXWP#v<3*nWj9p9o@yxmTnm+CTIR-nJzGnSfsOnU~exFP=A z6ZbaWs^GmjpZ%V*#tyr|DOOoUz{+ZK%wt#&19E&8xa+;#-^znQUUPo2sDBG|C?iDW z&-;|{lV0r%$$UcBZ%G*Rgd<1l(T|aO0bD^+kfh!p4*_kF*@%eZIiX;Zk%9mzt~H>> zAkR3=h&9z3gU`mOZYn&H2=Xf^6b~)5_{OLqn#^V8ekmvmA=1aj?$|=t(@ja)lW!LU zOUpmPp~#Z!3b0>wAv^_4IE1PLu zg$`;k^wYF&9XudiU?4pCCq@uaOefd?{0@<| z^8(uekD!PV|E>{9MVvi2iRo-hRz9qgpCc)%3|dgbd)81aizX#$-`*FzKP)ry#V@~9 zpnTMJe_3#^*IG?wCq1Tq~92n+Uep0eK` zMxvlp8cNv?MU5)}vTH{E)*}fC5+Yu(ecU2x{K$1iKx2G!$pk5;12&i=A#*c;3AA;f zWoV&@H~r8hwy^tvv_NXpTRu)^rLhags3GtE^nvYVm^X#ko%!B>*zI0V_s-C%3IRd4 z)DVE*U$ zXB8;c0Xgsvd;`CMhmT~n&k{BJfA*Z|e~ru`9@^39-|%1fpL~FqwZPhMhS-Ty%>WL} zYX_tz)QJ3hRFskZ(sGuVtigKi;X{Jt9&sY}n3)JV*H1ZZupoI<1DkG~VQgllh!o1D zt&9XxPmKrSVXA|SWmVC#y7^+6_H#g*}Z-;me8?Yo3J1j2?TOy)#${b6~R*GQ!L^XqAop6%*&|do(uUVPp1;LY{Lo(fk8l*oZga3-}2vuqn@L z@o)RD{jYwXD8Kg)NIHSM2j|^%=|3(i5I;vD@o_fNo|8%NGgAhqgdSuXb9j>}DbjVk z3(;K@^RO{o$3m3)l5|c-5>6YaeI#O9kZ7Pr2)WjKTdTdJuyBv%)fo>sLQI*5<;;@& zh9F=C_a*iBgcaMzbQaM`bD;7FI<)kcR%rQ0r3fM$1mmfb=u?+G`;ph?1gg;Pm}}I_ zU46GRC)uHkKuY&$CJskDa5uw7!+y11jZmEd8B1Ed9OzrptBy&#ChZZzl_y3JV90Ab z$uEB6#pe+X+eX3N0f`*P_D6Eg-&3d?63%tab`+9Z*4cB?V5D1O2|54VZxz0%3(@}wbb~v$P zR<-+wLI^g~3||%A`m`!eRzCVp#%!azEaO9&TZvpqX=bz#4<}zG*>qvi7}CK(gm2od zzzkh|ZTi^+`Viej8U_qTB`H=8iKgqMx1;AN5b#+Vlc{P93{(FL`vXPiIV>4^#$|aS z>P>UW&w){yZ^B_>A66jV4&-_CJt`9etC7^Z3KH3n>`9k&bcG)PV2VjSaYGi@U#_gK z+++|fI@`PU6rb)&SS@~uVF0Uqe+0)=qM6ar3C`Lz-ea^bXs808kLYnBr+(C=+w6)T zY6dJAC^nVlDAO5#>20UA&=tZIX78K+nP92e({3=d=18weP0jE)MBo(>n=&NqlQE^KkZ)xK`l9wG zE>HixJ97NwZ$UHLjp(sq;VnFu3zUah?c=T;LRh~XLWBzLP6D`t_nbKDAHFGfxD)%* zBE-%j8)aft-i*AR8Gy{w+kNXa_Dwo`Gs zwuAhJ#60KoZc}Hp`Xnmidyo`jw2|u;ynCw6-mO?l^+MwU$FNz|5ln$nd(f2sygxBl zMnhPADI6zz54;`s%zt+;ZvnaW2b0J1J$7cW-#>obgg6OKY^AJ!!w~HwYX@etCj+!! zl1X$r=GjhA(V|Xlb-JKMX|vrCq2VqoQS}b1lVzZ{o)z;GlZ6Cf3AziU&?d2!s)ytT zp&^VIf)`%4m-s}x4N4A2m2>=R3R96P@0xipSo7Aa}1KRyte~YP4r!|UN&T3 z27TW==?}(Ct0h24W=S49D7?h>zZb;m*-8T$A(_`dbZst*IJ#*p)iUmlFTr_g$0P3( zsrcj($&x8jLR|EPdb#Fx>QZ}-4s8D%8{E0C0J$}FrzB#7XkH`&Ja#i_k1j%wNF-n& zAxA6TS8JCvvKD6y2C~s9F`6s+ACnd$Nmhy=IsV~O|?(ChPz zvRq1?wG}5EH^pzz8*;f$TMxA096h!QYoOAWMxfhQ=$KaKE!sz_5E6FaRNN=XI_?%u zcIU4R`fRL^wov07@zrwhfJxGrMX_Nv9jBjLAad+wlLlSJO+`yb_%XrGSLbk5#Qf`H#% z0{@)7C>H7*b$}zg8ahgqzoTI^(|B)DIo+XFAaAsK3EH4;ycKhl8e=ZE-0hpi9h$D) zixaPHTvU6s!qyi5m6a1u&C;evIcHF>r%+E%qJuZb(B{Ke^*>i3+gK}TaqnlNhSSx9 zVA@&hU}x^z1$Ei)z?M#hfT%iabsJ-+IjN?YO+7*8i+5y97w-_8G#XTgh{u(Rr1!Ht z38hjfESRB1{d!!eO^3p+4Gn?4#QrqKJTpKpY~H3`J~?UQi|*IqD{yvCHSY8wDrl)t z(*cDsb*@ZHf_jXSUqMeR2`F-pZZS`8V{(11c+ntH{A^@#=18*hWmm*KX}rtQH&uDW zv{KcT`CiG;hN`O~R$jF-xS*OWg2Rj;K&OX*+8P-GuKW15(l#WVa8FH^fg@vk6Ba%! z5IcI@xBK8zxs}w$J6^(22s8FjLqx!{LA|>E6kf4FA|5WMt64TkB!W>omTvmrCuMF! zgAr;l#N4(3#%*J@ULy#|BN?VO;;#GTFbLZ3!P&q5aK%B;c^Cg^?7DJ}a9?c+PnEO^heoO?r&G5R_6T(Goq(!9Ds=M7_ zZhi@G6oFB()v%cgFMCrJqz2CIUkSUb61{`9sUIqctZb3gh%B6*Pz%Krl|YuUO);k@ z3gC4CtV9=A1Y1gn1)Bq8@|6X7_;_n1T3Sl@`Vk>sg1d2urBOt7%Wl%n39*bO4TsUt zdSK}w+HlA?A8mHbK#xddO267)yGoN>CvD;Zpz{{ASnGYDNN^8l^x!&H#n~^z%&(N9 zVJ=C%8~|X@oLnbCPVqG1ydgK!#Q-hc6Zh7A`7nd$P@@aOLb4P2;$EfzL1M9Lf>rWP zUZUk0wQC=ug#^dKE}&HeJ)1l#DRN&@pB-V1wLwN?#MuJ0h{GxH@YV)R zIV)VYDo>40fD$9-Y1_82h%DG5Ni}W(cv)y5$QL*|&v^*M5z}Y@SQ8rzkSA^BK*xxQv*GOt^ReQg z(7t#6EBUb1)UGGe{AuKS;{tq=}iYH8#sUhz3_ES zUxvg6UEl=wrUP%IND(S%rEHX1kxCC50|-|NU|vRD5D;|N6lxq$2cQ|M<+yf_F3iVs zMI*IK0;6cW3$Izt)quOvICZ9BOI;!xC{5{iV`5U^2I>}gnv!9XTNE5DHdtw%58P^t zZk&nI>ov^6z=fv*^qdAW98A_S#W*0xf!wFSju3hZeMx(Ih~S22^QO3yzySw?r+`x0 z&)r0{CgJMct25kkv1a6`)32s`o^QF%0TIag8o>dwx_K>oQAG^U&;j7&)PVqdmd??bbL5Cw0>WU%9}s((8M0AIIs#oB z0z9IH8V-OSi6e+f&6(#FOE%+oLmRS5uo{CFF(VEs2DUJB2b<@IeLR~GRStwD{)U97 zka?Q+&>fsRaE+bP&XlL+L5jMS@>g9uB(1KFMeJl9q?N{phOFU~IuEev4E94~M!B=V zo*nPY6KZ(2O}iCdB+Q#+Pk%#Di6Z>a){|Jw7nwDiy+SAREPBPPGW_wCPW11m^gwakOTZuWrwtlQ)*cSEz+qij>QAL zyWQNuf;o%@QE${K0n7DrF8_5oms6?9%NE#PQ%-%GYyGJ|`WSe3@?vW<7u%6oUWMIu zPP?vW#9R`y!Z5s8{InI|@us~&8ln(gYZ4cHVF7+Eh=bourcBI5?ojhK*km1S{*=>M zd*~pS&3t|RyqUh1@^p6eS7Pie3iP<2J3d5@BBSwq+A0Wjkq#-ZKYX`<(#sEc_Q_cf z5P+v>{+UQIRWYq%1Byja3ExKaSdgo}whmdm_QL{M1gm&JTs*B`fU>&rj_ct+Pi1(84QkKSkzSQ zWT7|)9Zg=24}!tZi(bJg3>rLbtBF?uU1XN=jn-|MYbUPLm~DiH$g=XP5g1o3xe76< z1XM`ZACR$`UNN1x3QN|Ls6D+<_OM|$$AO2;^&kZMRN(395Q=Hq$1%$Ec6-{kYhE4n z^E&9K-rpWw?-Rc<2|vTY7@VbgoK6FY-EoUKuSfPtjlRJ{3ag9a?e+q*YTQ0dz&Qjm zwcW3)R_(7x|rULt_piNtV|q_r!k8_c@|!I?onY{LTWHik8#mt{TC1#^ttwLY1!JfSvs6c zJ1<9My`9=LQQ4P6BQCKn*KPJ!p4LaFK??S>GF*-wXv5u{1UX^p4x;h0@gXm;J-l4j z#W=AWy%0BJkcGNI*R8vV74^59(BNG?brB=i&SK0k6VT@}B}5@Q?1CESj{4||=dcZ& zF%(96yO%wJ;Lbb`?3|t%*^Hw-6`oB2x`DZZ#^iHldiSZ$J@Ezhjc&Zx0qDeZ#L59# zOH%ft$uk#R$dK@>n6;dauUx+CDN`bFNaa^vfH*Mh>J)rJ4M5svGZFhc&PV& zl=bWDw)XGGIoqjY9HJ9-P(M%C>#BF){9HCD)3&I_!aDt3&E+Xs>=mkeNfgmTLp!^|8Sa4C)R;{WB`GsZEHk2L*r` zz%&v=ztUPRAjsaC3(JO@5eNGQ44Cj3Gwkrx0im|yV>d@{b+D;pKwdSeYCwz}lQE+^ zZZYHGG}~!ebTP{(K^Oh3WBgR=G?xjxTfXon$a%!At<2k6#w|nNT2hM`YNM2cNRMO^ zo+KvIOj`d4!c~+ms2 z4iulLk2_Ik1FFHmTDip+~Q1`7!if|N3Y&1q6Av9&r`EQ#=r=Q0rNxLBjIM~@V2PmB?3P+3`WFPcET@C!=a zFW06YxhOJwCg7ytH9m+7RkrffxW|^>Yl>q-AZ=DdT<^Pw4}Zi5#!2Kx7n7c9@aFOx zmal(-5AfaHAB{3r9=gx}lwX(B#vcX=^2Vh?-M#o(vS?zDx?-<`&T=%MxV(~Q!uz}L z88`Uy4a+r^a09Q?*D3jH@E*Q%=Q|92P1NTcMF);Mo}P9|8K)PTb|gt0@~jvx6Id=` zE9vWF#$Gt#+RF7q;`V(_6ycW5qSrbou00j@=d+Bdj`6bT>O)5Mu(knCj9)sA%PuKo5mp68Q^8rtZ^R>Ut1snJh zuHZ}gpWr_IkntY4kuaAjTRGEK&)Bj>6N{;0)3FfEV0+pevUp_Itn6{w?XGOBVD%^- zQGdy)Mh|rIG9Kkz5iVX$s(?>N1|GX72k5vxIu=;LbI`|Wc}$7J>zG*JkzSk+%7f4Z zTO~vHXN|Gts!)D5GbDdykqa^z0unw8j7he>~)#SmI~?Bt19z<7@BICzeoJ@k{Bj$u-$(`=PAV;48tuD5mcIq>mWx2~u=gSMuUwMXbYB#*HeJl${C&;AA^tc)~8a^57iVR(XZh z_%G(}PsGTR4#5o;@nHm|LnI{>?Y4V<+_;wPnYzwc!`LIh*sA4F5Lm}zr|KT>H@4zC zSK1j$j_|Hay^7eBl`OxOFP!)}PUE;M@*$`tQmV!?ZSNbI6Pg$VhR4>_3sV_z=5CgL z)04eG~yHxyB5G~D}|C*gi}FIql%q3r}98Ee?*4NGA^-lSN5SGGGo1J)-a!G#3nru?G&G$opLCe z&8rk=F$d@}1SA8BdW!>cieN(~YL8RGtw zj`_I@dE9Ikq7$27b99w<1v02--3B2x;ualj?#6CReVskHIG&AaA@(XRifn?>^|mB_ zMER6%3jv>}NCV!dNCQ3v5kxAuNY~Sh7|f{|d% z_vMWQ*M{Thmr&};vo@s9hz$*~5Vbk^tD_f9s=qAJxVSiLtZ2lD$MiSV^`m;i|ENvM zg&p5wd(ZZ$qMZ}sb&~HMks`}BEiyJtfM5K}aGz7ExApekyQUu<8f9%hj$o3Eiy}2t z#mCOk(XYX}snfL=Y*$&f&DSDV$Hq$cw_P2Ak8i(6d?EaO`UjS2IDQ_<_JblOPOZ+I z9MQ5*Qt@z}Bx!YiqD-&7UQEF|nkmyw5!Ja0>=<@8DWm2&Id+)s+yM@2pp8-3_zNWI z0i#RKR=C^S*1%IU7bnK2Za1Q`Ci5u69{xC#@xUDUzwPMISs^~V{ z&%Ff-@4SyR&3Kq9zBhvbuSn2_6|JYl4wh(q1Qpe*H3=ud}Uqajeo+z?7A2B%OOZR=$&eXC5P zAl=EL^G?qlx?MqKSv8$ayM!wqhz=)tC)#H|0={#e~jemx*0?Qd?@ z)7QnSB_QJRpz|u;N~v9}zs*q7at& zFw|>JRhQ+XAc0Y#Rjp`h;gh%v@2q=nIY>^|P2)op2`Yx}=|%>3n$C=_y4IR|&1a1x zVR<~XI^!6u=%Jtwh+02Zv=2cZkU$zbJhuW7qQN+-nMlK#^`77pX#%|60QL&Ij7vdO ztC@OQY-X@q3)!&zF&a;=ugD^lVyLqyv%h6Bu4G|7(CZ~@~d1+>W}A* zC}zg^HnG*)HSbzpc`vcp(;-g~Ecw#} z-zoPVEh+NK>Tl0u6xJT3i^XFr&egN+=jJ9d2Q-%l>4X@ME41giE|2ac`IVWAkLixS zlfYy5NO*7`P8VcBf{kN39uYRJsH#4t30VVd{eVgfN_b}ZjF>|SzE-D5k4hU?lNV?!6UBRd3z#Qlvs&UA-}Vq0sGHB>=2U0;25mmj0slMRn~$Gp1=pg6Qu_qF`__W*jKrSYgf>$cd*~RaWtxiG3daZJSA{6#{9o5 z*qM@aP)bcrF9t7V*S0 zZXb2i@I8d;AxaJHhb>T^J9ssL^+1Bh$jephPonbu;tghyBMDz8i7~#vCyCA&HHRPO zb+vW5D?`g;TcW};q6>QW{7K582Mf6DkffKW-jBkN2B%L!eHVVY;`&K(e6D zmiMy^1$`)!7u*INIP~ZrLUnPcCbLhPzA1E;IAia~gf_0pep_|szi~3liF0EtWg7v3 z#dEX1&bS?|m}VdL`eRrNBY-T+mfG`MQ(PBqu`3F{LI-DJF51CvHOWG&=K9p>DfjGZ zX#eN~sgv=!e`dNY=9ptnqBG>q)%$!-{|}H<|JN+r0JLt+6~kih62Apm)MB@TUfV6Vp9)^#HasW zO59?F%*D#)WK^<+bM=%!Eby7AI3$7;ETI*eAsq3mDSOE3y=c)0gR_x{Tt&Do77M!; zcTvTn>|GR=c>ljwU_|kwoFdljMI~H)bVQqjqZcn+H=(Tm0CV=O8yW&}IEEMG; zV2i~@t+$vRu8gcgwM5Cko+A#U59e)MPDDTKT>*Qunvbp;p%$s;M$aP{Hyoj?z5bk>L2qFq3ji6v-Zg5O_ zMrx%bmk>$B=nk7TExc?zu!!e0UUqX_Fa9|Vyw7u>*jLwo`g-)Tv+4wKo<)D8{DohJ zLIj?3qTl`NqCNpw(lhm9YZgEiC-g!q1yC>q{^E|aZIEDiuIiF_dw<9mvFbfOkgY#d z9({9MT7`x|yliRwjHLuRW1%g2HzS2ESvz=?Le4q_BFaTT)K%1#XZC4{=5!T*VV3`9 z6m}MNGSCXOAgnU#dQ43^Ohb{cS4I@noMgbjVkxsYSVUCP$!!u#@(w*V+dji+2UFjh)oky|!%>afHXwAU8!AV_^ znOE+Vvt5eZ#g{aXND&iSp)I`K!owEUx$RhGm4iE(l51ZCbi(1aaRtM{Oe?5}-l~F6 zY`mA{Z##{6#^_)t+2|?R-Gg0vw+|RX2E=|3hvE#qd&iH)dEbqG_AkVHB)0j`Z@KiY z`^?n3E7~*i#(fi-xv`Lu?bP@inQ{--DVgwO>mCPqx~ zvydNRa{O=k$3j&!Q0}AGC4y$jPc~R(YzBfP)Rb*|QOT^_&wLD~(p3Wy=)ZXuTIS>o z<#}17S4@q-j0)L+2u|bTK}-ee%7}qWcWRuV#jQ^w%i6?1#j81sM`lGgB5_~mV|2<6 zjhv$1gU|pN5kdhRvCU2Eh_!)rY_kdSK$qUBrk>SA0i>l{Xn2pfH)tsWwU#fz0BGvO-dIp0l5L`FP=7EvPctPI_lY4^mCB`*ejSr(BD$q)vp~}Bh1V=hJ zmW7J4L1H;9tu2k#vCk$5!NTUP_}{Dppu4KzU1kgqyz9Q4B>x5izA{yXam0kj3GRpu zup8)w;(N5t^t zHsDSxC&|BoYy;bffa3->6BJcN?4R5@9GTZFq{d$}DB$!>w=!?jvC!?M0LP&}Ep6od zI7jTU-@tkUyA3QGIO5jstgy?PI?=T6l`XcRX;&y}6ZK|`d)VS&acAU_PaeERgbg-C z7qgBrqYGvi?2H@hj5d@Wb=YDLGX`6zsaFk~q!iZVRLz#y<~Sjl{c@gm8YLQ!RvZ$4 zp#Z&3Qah4!6%-0k0q?*&ZR$$g*R?}imGfobbqQWZput~tV)rD{<5>TS{O1w~Q>75;K9PlCZ)k-J`r6FwXM{AkxJnJVs&qUax=@l(ikYC_{x&^(&zaV^Sy zs`|-F$2xN-BeU$Dc>qF{mL`R@k`SH#;bcCQIXS!6p&HE+;JD`=QvCa^a+T9eicjl% zQkaK&l_9zcimrN91HyvqM|qq2)uanyumuRr;=mY$=39sUY~IW}+hVVuNjh&io4&Py zkJ>=M+0+iK8+v_r*McL6+bpr$9j_zBX*PoFFvWH}0~Y@N_~pR=IDzEzRq+cvB?^|V znKu<0yu06&$ap&g$NILQNxcm`^iCTlA|1ll#Mhg zZUNc3LwPFL!e#7*g}v#LN)9ugpa~@$!HIFZun7m4BfUm4FIzs(J6vupzx);SEqGmDy0)e7=#-s)eri!kDR*J!+1)#9X#940Xu5^G~ zy32hdNUqzo7swS=6ou7Rd;98i3erqdve5G?8n{gW>DnZ5&I(AGQ2SXWCj^c;VQ9Qbbu-S{-V{KMG)YX4@b_y_=i$A3&- zD*$}_)z|*L@_)CB{^L#n6o3E#Kmdri|H%Lp&fm)a<9=5_AbNIAWFEdMvN~{6`X8#2 zxM;L2-rGw8X*b32L&WhUagTJ5(MU39vTZq7sy3!>WkoS#eMf~QENsz6)FY7ZxA1(F zahg$)=7fhKF3HF!mwQ=kuTx>wjcVCjJvYc!0=DLqFlBAi!WY%!C%TvhEb7c}H+pH3 zJr%GiH=g&d)6atu2Gy5WDJoZyWic?Lmn7y{epYZI#{9e<0bKx|A{br~&DphKQ0Qa{ zH67%Qa}Uzy9JviC+a2nbR=K#yqf$`Y_|T(45`L$IR|0dNXiPAIQxdjF0#%JEdTJH; zkK^3M^8s5Qu<~&SK{}V$>@2C|{Ibgj4y4S1utau~?`ZLu8xk{)ePd3*meVAAV7khH z++o`S-4QSxK??E%TajSW>X-~2mF<=h|AoNzMS zqlZwU&k4N9ahmh>K>>CD?h=>hCAiK@;og;A9rgY0Ec3K*uuH5dI);QtGpD4_oceL# z{+)9k6&~5(8b?R61eFi+prFkFIn)JFHYXi9GP3G+V?@Xwy9B653G6@{k>E1=ukygU zLqIL>mEB5$RdyYeJlxGBPca*6;Y9H*r99i%^qe}nl$95kNH8+l*iB(o5f)ifc4u90 zo8nK6U_LAE2Rm30UukA&qh4J`4d&KIPC*paAXoNNH)zXTW=+$T5Aaai{zYe+ZtK+M zW9*2z!8>Kw(&FeUuR@(_(MlgNbYkTu^U|1M!yh64!3&r@{JAHlIt<{Tz>WQvjXe>P z?y4I@Q^Z$$kQ31c8%yC(5Bh+VI--eBQpHW4EgG=I0q$&k`M)PE9CZY{RG z6rz1j%9wi^Gh3B)&4{t*Hbt&|k@olPYFbAg2{>Jkk*LvT7xy}0)skDkJCGUCA52w2 zL{-X}ImKsI@Ml)|_{jk+wz+Q5#2&2c472`N!YokL3?Tv**Nd`(E*&1|*wt~PB^Zie z0=bdPV)}=k0zhU6`m_YM6h8psfmk6-Bna_CSctn>+;zG02y7B&~COceGZk_TFm%A${EVYG&>}IsX`Uq<2dk^ zIzS)rLulSxhvNg1EK7M(n-PS(Kzu|wEedXdJP?S>F3=~{f*>FV1VFIB4=3-M_3m}C z-dVQvXbn%Uk>~pK{YXTfGB#ZnzMXP#5N~h=^h4^HKmp*7W&?e|4${CU=mf5TYP6nv z1S?pej|(6N{6TSm$Y=rtu*PiO%C9`05trUUzSSPT&p)e2414F973bLhAzja7)7> zSOq_z4tRnowOBX0TO4o%2VvYDd4yZIB&^JyvqCDE1j--+UZ+~{3IqbHKp&7^-dx;n zy2O0iWtq*fkG(_Ju!c)8+wsMh&Y^S{iwJRihwk-S@_RX&TC(8!@>G_dDt={Gz)&{^ z%0SL8q0rLda#pV!rxMV$+&|{#rhCaW_mjL(2})q)CUIn#lKxpXpKxYfm1c{-HnZ0x zRs^!ltWZUT5UcaEv&%BpB;Rpw=en5ISyxYYN=A(U1o=oS0C0Qms*qAfUE+#tQt5D? z*FD}{_d7*{Tq{c!z5JMm){|jsBdw7BA9&fz6q4ry``wc(SLP`La!a`R7hNI}3N8Ww zo&rp#L1ZDPAtc1U7hSy6~A7CJg~Z)n*hk%Z?H;V%;F%^S3!d@~%zcQd z7W%M=*Zr$ll#i`AoCxuO4&uCe!P8-vxI$Q|5l-U9L@{Ar;z^K@V;!5<4i)2TSA3CN ze2mNGPw^m{Nnoud(>-2-5+d8JxFn>lzQ=iY3+qSuySUmSR){!1U`34I;yfMrHrVfq zo(xd6;w&aHmrK23Nf2n7_!ouJtmxrP;uMzW2g^YeO1t in e?pn(e,t,{enumerable:!0,configurable:!0,writable:!0,value:n}):e[t]=n,C=(e,t,n)=>(hn(e,"symbol"!=typeof t?t+"":t,n),n),PetiteVue=function(e){"use strict";function t(e){if(a(e)){const n={};for(let s=0;s{if(e){const n=e.split(s);n.length>1&&(t[n[0].trim()]=n[1].trim())}})),t}function i(e){let t="";if(d(e))t=e;else if(a(e))for(let n=0;no(e,t)))}const l=Object.assign,f=Object.prototype.hasOwnProperty,u=(e,t)=>f.call(e,t),a=Array.isArray,p=e=>"[object Map]"===y(e),h=e=>e instanceof Date,d=e=>"string"==typeof e,m=e=>"symbol"==typeof e,g=e=>null!==e&&"object"==typeof e,v=Object.prototype.toString,y=e=>v.call(e),b=e=>d(e)&&"NaN"!==e&&"-"!==e[0]&&""+parseInt(e,10)===e,x=e=>{const t=Object.create(null);return n=>t[n]||(t[n]=e(n))},_=/-(\w)/g,w=x((e=>e.replace(_,((e,t)=>t?t.toUpperCase():"")))),$=/\B([A-Z])/g,k=x((e=>e.replace($,"-$1").toLowerCase())),O=e=>{const t=parseFloat(e);return isNaN(t)?e:t};function S(e,t){(t=t||undefined)&&t.active&&t.effects.push(e)}const E=e=>{const t=new Set(e);return t.w=0,t.n=0,t},j=e=>(e.w&N)>0,A=e=>(e.n&N)>0,P=new WeakMap;let R=0,N=1;const T=[];let M;const B=Symbol(""),L=Symbol("");class W{constructor(e,t=null,n){this.fn=e,this.scheduler=t,this.active=!0,this.deps=[],S(this,n)}run(){if(!this.active)return this.fn();if(!T.includes(this))try{return T.push(M=this),F.push(V),V=!0,N=1<<++R,R<=30?(({deps:e})=>{if(e.length)for(let t=0;t{const{deps:t}=e;if(t.length){let n=0;for(let s=0;s0?T[e-1]:void 0}}stop(){this.active&&(I(this),this.onStop&&this.onStop(),this.active=!1)}}function I(e){const{deps:t}=e;if(t.length){for(let n=0;n{("length"===t||t>=s)&&c.push(e)}));else switch(void 0!==n&&c.push(o.get(n)),t){case"add":a(e)?b(n)&&c.push(o.get("length")):(c.push(o.get(B)),p(e)&&c.push(o.get(L)));break;case"delete":a(e)||(c.push(o.get(B)),p(e)&&c.push(o.get(L)));break;case"set":p(e)&&c.push(o.get(B))}if(1===c.length)c[0]&&Z(c[0]);else{const e=[];for(const t of c)t&&e.push(...t);Z(E(e))}}function Z(e,t){for(const n of a(e)?e:[...e])(n!==M||n.allowRecurse)&&(n.scheduler?n.scheduler():n.run())}const q=function(e,t){const n=Object.create(null),s=e.split(",");for(let r=0;r!!n[e.toLowerCase()]:e=>!!n[e]}("__proto__,__v_isRef,__isVue"),D=new Set(Object.getOwnPropertyNames(Symbol).map((e=>Symbol[e])).filter(m)),G=X(),U=X(!0),Q=function(){const e={};return["includes","indexOf","lastIndexOf"].forEach((t=>{e[t]=function(...e){const n=le(this);for(let t=0,r=this.length;t{e[t]=function(...e){F.push(V),V=!1;const n=le(this)[t].apply(this,e);return z(),n}})),e}();function X(e=!1,t=!1){return function(n,s,r){if("__v_isReactive"===s)return!e;if("__v_isReadonly"===s)return e;if("__v_raw"===s&&r===(e?t?re:se:t?ne:te).get(n))return n;const i=a(n);if(!e&&i&&u(Q,s))return Reflect.get(Q,s,r);const o=Reflect.get(n,s,r);return(m(s)?D.has(s):q(s))||(e||H(n,0,s),t)?o:fe(o)?i&&b(s)?o:o.value:g(o)?e?function(e){return ce(e,!0,ee,null,se)}(o):oe(o):o}}const Y={get:G,set:function(e=!1){return function(t,n,s,r){let i=t[n];if(!e&&!function(e){return!(!e||!e.__v_isReadonly)}(s)&&(s=le(s),i=le(i),!a(t)&&fe(i)&&!fe(s)))return i.value=s,!0;const o=a(t)&&b(n)?Number(n)!Object.is(e,t))(s,i)&&J(t,"set",n,s):J(t,"add",n,s)),c}}(),deleteProperty:function(e,t){const n=u(e,t);e[t];const s=Reflect.deleteProperty(e,t);return s&&n&&J(e,"delete",t,void 0),s},has:function(e,t){const n=Reflect.has(e,t);return(!m(t)||!D.has(t))&&H(e,0,t),n},ownKeys:function(e){return H(e,0,a(e)?"length":B),Reflect.ownKeys(e)}},ee={get:U,set:(e,t)=>!0,deleteProperty:(e,t)=>!0},te=new WeakMap,ne=new WeakMap,se=new WeakMap,re=new WeakMap;function ie(e){return e.__v_skip||!Object.isExtensible(e)?0:function(e){switch(e){case"Object":case"Array":return 1;case"Map":case"Set":case"WeakMap":case"WeakSet":return 2;default:return 0}}((e=>y(e).slice(8,-1))(e))}function oe(e){return e&&e.__v_isReadonly?e:ce(e,!1,Y,null,te)}function ce(e,t,n,s,r){if(!g(e)||e.__v_raw&&(!t||!e.__v_isReactive))return e;const i=r.get(e);if(i)return i;const o=ie(e);if(0===o)return e;const c=new Proxy(e,2===o?s:n);return r.set(e,c),c}function le(e){const t=e&&e.__v_raw;return t?le(t):e}function fe(e){return Boolean(e&&!0===e.__v_isRef)}Promise.resolve();let ue=!1;const ae=[],pe=Promise.resolve(),he=e=>pe.then(e),de=e=>{ae.includes(e)||ae.push(e),ue||(ue=!0,he(me))},me=()=>{for(const e of ae)e();ae.length=0,ue=!1},ge=/^(spellcheck|draggable|form|list|type)$/,ve=({el:e,get:t,effect:n,arg:s,modifiers:r})=>{let i;"class"===s&&(e._class=e.className),n((()=>{let n=t();if(s)(null==r?void 0:r.camel)&&(s=w(s)),ye(e,s,n,i);else{for(const t in n)ye(e,t,n[t],i&&i[t]);for(const t in i)(!n||!(t in n))&&ye(e,t,null)}i=n}))},ye=(e,n,s,r)=>{if("class"===n)e.setAttribute("class",i(e._class?[e._class,s]:s)||"");else if("style"===n){s=t(s);const{style:n}=e;if(s)if(d(s))s!==r&&(n.cssText=s);else{for(const e in s)xe(n,e,s[e]);if(r&&!d(r))for(const e in r)null==s[e]&&xe(n,e,"")}else e.removeAttribute("style")}else e instanceof SVGElement||!(n in e)||ge.test(n)?"true-value"===n?e._trueValue=s:"false-value"===n?e._falseValue=s:null!=s?e.setAttribute(n,s):e.removeAttribute(n):(e[n]=s,"value"===n&&(e._value=s))},be=/\s*!important$/,xe=(e,t,n)=>{a(n)?n.forEach((n=>xe(e,t,n))):t.startsWith("--")?e.setProperty(t,n):be.test(n)?e.setProperty(k(t),n.replace(be,""),"important"):e[t]=n},_e=(e,t)=>{const n=e.getAttribute(t);return null!=n&&e.removeAttribute(t),n},we=(e,t,n,s)=>{e.addEventListener(t,n,s)},$e=/^[A-Za-z_$][\w$]*(?:\.[A-Za-z_$][\w$]*|\['[^']*?']|\["[^"]*?"]|\[\d+]|\[[A-Za-z_$][\w$]*])*$/,ke=["ctrl","shift","alt","meta"],Oe={stop:e=>e.stopPropagation(),prevent:e=>e.preventDefault(),self:e=>e.target!==e.currentTarget,ctrl:e=>!e.ctrlKey,shift:e=>!e.shiftKey,alt:e=>!e.altKey,meta:e=>!e.metaKey,left:e=>"button"in e&&0!==e.button,middle:e=>"button"in e&&1!==e.button,right:e=>"button"in e&&2!==e.button,exact:(e,t)=>ke.some((n=>e[`${n}Key`]&&!t[n]))},Se=({el:e,get:t,exp:n,arg:s,modifiers:r})=>{if(!s)return;let i=$e.test(n)?t(`(e => ${n}(e))`):t(`($event => { ${n} })`);if("vue:mounted"!==s){if("vue:unmounted"===s)return()=>i();if(r){"click"===s&&(r.right&&(s="contextmenu"),r.middle&&(s="mouseup"));const e=i;i=t=>{if(!("key"in t)||k(t.key)in r){for(const e in r){const n=Oe[e];if(n&&n(t,r))return}return e(t)}}}we(e,s,i,r)}else he(i)},Ee=({el:e,get:t,effect:n})=>{n((()=>{e.textContent=Ce(t())}))},Ce=e=>null==e?"":g(e)?JSON.stringify(e,null,2):String(e),je=e=>"_value"in e?e._value:e.value,Ae=(e,t)=>{const n=t?"_trueValue":"_falseValue";return n in e?e[n]:t},Pe=e=>{e.target.composing=!0},Re=e=>{const t=e.target;t.composing&&(t.composing=!1,Ne(t,"input"))},Ne=(e,t)=>{const n=document.createEvent("HTMLEvents");n.initEvent(t,!0,!0),e.dispatchEvent(n)},Te=Object.create(null),Me=(e,t,n)=>Be(e,`return(${t})`,n),Be=(e,t,n)=>{const s=Te[t]||(Te[t]=Le(t));try{return s(e,n)}catch(r){console.error(r)}},Le=e=>{try{return new Function("$data","$el",`with($data){${e}}`)}catch(t){return console.error(`${t.message} in expression: ${e}`),()=>{}}},We={bind:ve,on:Se,show:({el:e,get:t,effect:n})=>{const s=e.style.display;n((()=>{e.style.display=t()?s:"none"}))},text:Ee,html:({el:e,get:t,effect:n})=>{n((()=>{e.innerHTML=t()}))},model:({el:e,exp:t,get:n,effect:s,modifiers:r})=>{const i=e.type,l=n(`(val) => { ${t} = val }`),{trim:f,number:u="number"===i}=r||{};if("SELECT"===e.tagName){const t=e;we(e,"change",(()=>{const e=Array.prototype.filter.call(t.options,(e=>e.selected)).map((e=>u?O(je(e)):je(e)));l(t.multiple?e:e[0])})),s((()=>{const e=n(),s=t.multiple;for(let n=0,r=t.options.length;n-1:r.selected=e.has(i);else if(o(je(r),e))return void(t.selectedIndex!==n&&(t.selectedIndex=n))}!s&&-1!==t.selectedIndex&&(t.selectedIndex=-1)}))}else if("checkbox"===i){let t;we(e,"change",(()=>{const t=n(),s=e.checked;if(a(t)){const n=je(e),r=c(t,n),i=-1!==r;if(s&&!i)l(t.concat(n));else if(!s&&i){const e=[...t];e.splice(r,1),l(e)}}else l(Ae(e,s))})),s((()=>{const s=n();a(s)?e.checked=c(s,je(e))>-1:s!==t&&(e.checked=o(s,Ae(e,!0))),t=s}))}else if("radio"===i){let t;we(e,"change",(()=>{l(je(e))})),s((()=>{const s=n();s!==t&&(e.checked=o(s,je(e)))}))}else{const t=e=>f?e.trim():u?O(e):e;we(e,"compositionstart",Pe),we(e,"compositionend",Re),we(e,(null==r?void 0:r.lazy)?"change":"input",(()=>{e.composing||l(t(e.value))})),f&&we(e,"change",(()=>{e.value=e.value.trim()})),s((()=>{if(e.composing)return;const s=e.value,r=n();document.activeElement===e&&t(s)===r||s!==r&&(e.value=r)}))}},effect:({el:e,ctx:t,exp:n,effect:s})=>{he((()=>s((()=>Be(t.scope,n,e)))))}},Ie=/([\s\S]*?)\s+(?:in|of)\s+([\s\S]*)/,Ke=/,([^,\}\]]*)(?:,([^,\}\]]*))?$/,Ve=/^\(|\)$/g,Fe=/^[{[]\s*((?:[\w_$]+\s*,?\s*)+)[\]}]$/,ze=(e,t,n)=>{const s=t.match(Ie);if(!s)return;const r=e.nextSibling,i=e.parentElement,o=new Text("");i.insertBefore(o,e),i.removeChild(e);const c=s[2].trim();let l,f,u,p,h=s[1].trim().replace(Ve,"").trim(),d=!1,m="key",v=e.getAttribute(m)||e.getAttribute(m=":key")||e.getAttribute(m="v-bind:key");v&&(e.removeAttribute(m),"key"===m&&(v=JSON.stringify(v))),(p=h.match(Ke))&&(h=h.replace(Ke,"").trim(),f=p[1].trim(),p[2]&&(u=p[2].trim())),(p=h.match(Fe))&&(l=p[1].split(",").map((e=>e.trim())),d="["===h[0]);let y,b,x,_=!1;const w=(e,t,s,r)=>{const i={};l?l.forEach(((e,n)=>i[e]=t[d?n:e])):i[h]=t,r?(f&&(i[f]=r),u&&(i[u]=s)):f&&(i[f]=s);const o=et(n,i),c=v?Me(o.scope,v):s;return e.set(c,s),o.key=c,o},$=(t,n)=>{const s=new nt(e,t);return s.key=t.key,s.insert(i,n),s};return n.effect((()=>{const e=Me(n.scope,c),t=x;if([b,x]=(e=>{const t=new Map,n=[];if(a(e))for(let s=0;s$(e,o))),_=!0})),r},He=({el:e,ctx:{scope:{$refs:t}},get:n,effect:s})=>{let r;return s((()=>{const s=n();t[s]=e,r&&s!==r&&delete t[r],r=s})),()=>{r&&delete t[r]}},Je=/^(?:v-|:|@)/,Ze=/\.([\w-]+)/g;let qe=!1;const De=(e,t)=>{const n=e.nodeType;if(1===n){const n=e;if(n.hasAttribute("v-pre"))return;let s;if(_e(n,"v-cloak"),s=_e(n,"v-if"))return((e,t,n)=>{const s=e.parentElement,r=new Comment("v-if");s.insertBefore(r,e);const i=[{exp:t,el:e}];let o,c;for(;(o=e.nextElementSibling)&&(c=null,""===_e(o,"v-else")||(c=_e(o,"v-else-if")));)s.removeChild(o),i.push({exp:c,el:o});const l=e.nextSibling;s.removeChild(e);let f,u=-1;const a=()=>{f&&(s.insertBefore(r,f.el),f.remove(),f=void 0)};return n.effect((()=>{for(let e=0;e{let n=e.firstChild;for(;n;)n=De(n,t)||n.nextSibling},Ue=(e,t,n,s)=>{let r,i,o;if(":"===(t=t.replace(Ze,((e,t)=>((o||(o={}))[t]=!0,""))))[0])r=ve,i=t.slice(1);else if("@"===t[0])r=Se,i=t.slice(1);else{const e=t.indexOf(":"),n=e>0?t.slice(2,e):t.slice(2);r=We[n]||s.dirs[n],i=e>0?t.slice(e+1):void 0}r&&(r===ve&&"ref"===i&&(r=He),Qe(e,r,n,s,i,o),e.removeAttribute(t))},Qe=(e,t,n,s,r,i)=>{const o=t({el:e,get:(t=n)=>Me(s.scope,t,e),effect:s.effect,ctx:s,exp:n,arg:r,modifiers:i});o&&s.cleanups.push(o)},Xe=(e,t)=>{if("#"!==t[0])e.innerHTML=t;else{const n=document.querySelector(t);e.appendChild(n.content.cloneNode(!0))}},Ye=e=>{const t={delimiters:["{{","}}"],delimitersRE:/\{\{([^]+?)\}\}/g,...e,scope:e?e.scope:oe({}),dirs:e?e.dirs:{},effects:[],blocks:[],cleanups:[],effect:e=>{if(qe)return de(e),e;const n=function(e,t){e.effect&&(e=e.effect.fn);const n=new W(e);t&&(l(n,t),t.scope&&S(n,t.scope)),(!t||!t.lazy)&&n.run();const s=n.run.bind(n);return s.effect=n,s}(e,{scheduler:()=>de(n)});return t.effects.push(n),n}};return t},et=(e,t={})=>{const n=e.scope,s=Object.create(n);Object.defineProperties(s,Object.getOwnPropertyDescriptors(t)),s.$refs=Object.create(n.$refs);const r=oe(new Proxy(s,{set:(e,t,s,i)=>i!==r||e.hasOwnProperty(t)?Reflect.set(e,t,s,i):Reflect.set(n,t,s)}));return tt(r),{...e,scope:r}},tt=e=>{for(const t of Object.keys(e))"function"==typeof e[t]&&(e[t]=e[t].bind(e))};class nt{constructor(e,t,n=!1){C(this,"template"),C(this,"ctx"),C(this,"key"),C(this,"parentCtx"),C(this,"isFragment"),C(this,"start"),C(this,"end"),this.isFragment=e instanceof HTMLTemplateElement,n?this.template=e:this.isFragment?this.template=e.content.cloneNode(!0):this.template=e.cloneNode(!0),n?this.ctx=t:(this.parentCtx=t,t.blocks.push(this),this.ctx=Ye(t)),De(this.template,this.ctx)}get el(){return this.start||this.template}insert(e,t=null){if(this.isFragment)if(this.start){let n,s=this.start;for(;s&&(n=s.nextSibling,e.insertBefore(s,t),s!==this.end);)s=n}else this.start=new Text(""),this.end=new Text(""),e.insertBefore(this.end,t),e.insertBefore(this.start,this.end),e.insertBefore(this.template,this.end);else e.insertBefore(this.template,t)}remove(){if(this.parentCtx&&((e,t)=>{const n=e.indexOf(t);n>-1&&e.splice(n,1)})(this.parentCtx.blocks,this),this.start){const e=this.start.parentNode;let t,n=this.start;for(;n&&(t=n.nextSibling,e.removeChild(n),n!==this.end);)n=t}else this.template.parentNode.removeChild(this.template);this.teardown()}teardown(){this.ctx.blocks.forEach((e=>{e.teardown()})),this.ctx.effects.forEach(K),this.ctx.cleanups.forEach((e=>e()))}}const st=e=>e.replace(/[-.*+?^${}()|[\]\/\\]/g,"\\$&"),rt=e=>{const t=Ye();if(e&&(t.scope=oe(e),tt(t.scope),e.$delimiters)){const[n,s]=t.delimiters=e.$delimiters;t.delimitersRE=new RegExp(st(n)+"([^]+?)"+st(s),"g")}let n;return t.scope.$s=Ce,t.scope.$nextTick=he,t.scope.$refs=Object.create(null),{directive(e,n){return n?(t.dirs[e]=n,this):t.dirs[e]},mount(e){if("string"==typeof e&&!(e=document.querySelector(e)))return;let s;return s=(e=e||document.documentElement).hasAttribute("v-scope")?[e]:[...e.querySelectorAll("[v-scope]")].filter((e=>!e.matches("[v-scope] [v-scope]"))),s.length||(s=[e]),n=s.map((e=>new nt(e,t,!0))),this},unmount(){n.forEach((e=>e.teardown()))}}},it=document.currentScript;return it&&it.hasAttribute("init")&&rt().mount(),e.createApp=rt,e.nextTick=he,e.reactive=oe,Object.defineProperty(e,"__esModule",{value:!0}),e[Symbol.toStringTag]="Module",e}({}); diff --git a/ia-terms-updates/en/_static/js/theme.js b/ia-terms-updates/en/_static/js/theme.js new file mode 100644 index 000000000..bf36d744c --- /dev/null +++ b/ia-terms-updates/en/_static/js/theme.js @@ -0,0 +1,108 @@ + +/** + * We add extra br tags to the autodoc output, so each parameter is shown on + * its own line. + */ +function setupAutodocPy() { + const paramElements = document.querySelectorAll('.py .sig-param') + + Array(...paramElements).forEach((element) => { + let brElement = document.createElement('br') + element.parentNode.insertBefore(brElement, element) + }) + + const lastParamElements = document.querySelectorAll('.py em.sig-param:last-of-type') + + Array(...lastParamElements).forEach((element) => { + let brElement = document.createElement('br') + element.after(brElement) + }) +} + +function setupAutodocCpp() { + const highlightableElements = document.querySelectorAll(".c dt.sig-object, .cpp dt.sig-object") + + Array(...highlightableElements).forEach((element) => { + element.classList.add("highlight"); + }) + + const documentables = document.querySelectorAll("dt.sig-object.c,dt.sig-object.cpp"); + + Array(...documentables).forEach((element) => { + element.classList.add("highlight"); + + var parens = element.querySelectorAll(".sig-paren"); + var commas = Array(...element.childNodes).filter(e => e.textContent == ", ") + + if (parens.length != 2) return; + + commas.forEach(c => { + if (c.compareDocumentPosition(parens[0]) == Node.DOCUMENT_POSITION_PRECEDING && + c.compareDocumentPosition(parens[1]) == Node.DOCUMENT_POSITION_FOLLOWING + ) { + let brElement = document.createElement('br') + let spanElement = document.createElement('span') + spanElement.className = "sig-indent" + c.after(brElement) + brElement.after(spanElement) + } + }); + + if (parens[0].nextSibling != parens[1]) { + // not an empty argument list + let brElement = document.createElement('br') + let spanElement = document.createElement('span') + spanElement.className = "sig-indent" + parens[0].after(brElement) + brElement.after(spanElement) + let brElement1 = document.createElement('br') + parens[1].parentNode.insertBefore(brElement1, parens[1]); + } + }) +} + +function setupSearchSidebar() { + const searchInput = document.querySelector('form.search input[type=text]') + if (searchInput) { + searchInput.placeholder = 'Search...' + } + + const searchButton = document.querySelector('form.search input[type=submit]') + if (searchButton) { + searchButton.value = 'Search' + } +} + +function setupSidebarToggle() { + const sidebar = document.querySelector('.sphinxsidebar') + document.querySelector('#toggle_sidebar a').onclick = (event) => { + console.log("Toggling sidebar") + event.preventDefault() + sidebar.style.display = window.getComputedStyle(sidebar, null).display == 'none' ? 'block' : 'none' + } +} + +function setupRightSidebarToggle() { + const sidebar = document.querySelector('#right_sidebar') + + const links = document.querySelectorAll('a.toggle_right_sidebar') + + Array(...links).forEach((element) => { + element.onclick = (event) => { + console.log("Toggling right sidebar") + event.preventDefault() + sidebar.style.display = window.getComputedStyle(sidebar, null).display == 'none' ? 'block' : 'none' + } + }) +} + + +document.addEventListener("DOMContentLoaded", function() { + console.log("custom theme loaded") + + setupAutodocPy() + setupAutodocCpp() + setupSearchSidebar() + setupSidebarToggle() + setupRightSidebarToggle() +}) diff --git a/ia-terms-updates/en/_static/language_data.js b/ia-terms-updates/en/_static/language_data.js new file mode 100644 index 000000000..367b8ed81 --- /dev/null +++ b/ia-terms-updates/en/_static/language_data.js @@ -0,0 +1,199 @@ +/* + * language_data.js + * ~~~~~~~~~~~~~~~~ + * + * This script contains the language-specific data used by searchtools.js, + * namely the list of stopwords, stemmer, scorer and splitter. + * + * :copyright: Copyright 2007-2024 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ + +var stopwords = ["a", "and", "are", "as", "at", "be", "but", "by", "for", "if", "in", "into", "is", "it", "near", "no", "not", "of", "on", "or", "such", "that", "the", "their", "then", "there", "these", "they", "this", "to", "was", "will", "with"]; + + +/* Non-minified version is copied as a separate JS file, if available */ + +/** + * Porter Stemmer + */ +var Stemmer = function() { + + var step2list = { + ational: 'ate', + tional: 'tion', + enci: 'ence', + anci: 'ance', + izer: 'ize', + bli: 'ble', + alli: 'al', + entli: 'ent', + eli: 'e', + ousli: 'ous', + ization: 'ize', + ation: 'ate', + ator: 'ate', + alism: 'al', + iveness: 'ive', + fulness: 'ful', + ousness: 'ous', + aliti: 'al', + iviti: 'ive', + biliti: 'ble', + logi: 'log' + }; + + var step3list = { + icate: 'ic', + ative: '', + alize: 'al', + iciti: 'ic', + ical: 'ic', + ful: '', + ness: '' + }; + + var c = "[^aeiou]"; // consonant + var v = "[aeiouy]"; // vowel + var C = c + "[^aeiouy]*"; // consonant sequence + var V = v + "[aeiou]*"; // vowel sequence + + var mgr0 = "^(" + C + ")?" + V + C; // [C]VC... is m>0 + var meq1 = "^(" + C + ")?" + V + C + "(" + V + ")?$"; // [C]VC[V] is m=1 + var mgr1 = "^(" + C + ")?" + V + C + V + C; // [C]VCVC... is m>1 + var s_v = "^(" + C + ")?" + v; // vowel in stem + + this.stemWord = function (w) { + var stem; + var suffix; + var firstch; + var origword = w; + + if (w.length < 3) + return w; + + var re; + var re2; + var re3; + var re4; + + firstch = w.substr(0,1); + if (firstch == "y") + w = firstch.toUpperCase() + w.substr(1); + + // Step 1a + re = /^(.+?)(ss|i)es$/; + re2 = /^(.+?)([^s])s$/; + + if (re.test(w)) + w = w.replace(re,"$1$2"); + else if (re2.test(w)) + w = w.replace(re2,"$1$2"); + + // Step 1b + re = /^(.+?)eed$/; + re2 = /^(.+?)(ed|ing)$/; + if (re.test(w)) { + var fp = re.exec(w); + re = new RegExp(mgr0); + if (re.test(fp[1])) { + re = /.$/; + w = w.replace(re,""); + } + } + else if (re2.test(w)) { + var fp = re2.exec(w); + stem = fp[1]; + re2 = new RegExp(s_v); + if (re2.test(stem)) { + w = stem; + re2 = /(at|bl|iz)$/; + re3 = new RegExp("([^aeiouylsz])\\1$"); + re4 = new RegExp("^" + C + v + "[^aeiouwxy]$"); + if (re2.test(w)) + w = w + "e"; + else if (re3.test(w)) { + re = /.$/; + w = w.replace(re,""); + } + else if (re4.test(w)) + w = w + "e"; + } + } + + // Step 1c + re = /^(.+?)y$/; + if (re.test(w)) { + var fp = re.exec(w); + stem = fp[1]; + re = new RegExp(s_v); + if (re.test(stem)) + w = stem + "i"; + } + + // Step 2 + re = /^(.+?)(ational|tional|enci|anci|izer|bli|alli|entli|eli|ousli|ization|ation|ator|alism|iveness|fulness|ousness|aliti|iviti|biliti|logi)$/; + if (re.test(w)) { + var fp = re.exec(w); + stem = fp[1]; + suffix = fp[2]; + re = new RegExp(mgr0); + if (re.test(stem)) + w = stem + step2list[suffix]; + } + + // Step 3 + re = /^(.+?)(icate|ative|alize|iciti|ical|ful|ness)$/; + if (re.test(w)) { + var fp = re.exec(w); + stem = fp[1]; + suffix = fp[2]; + re = new RegExp(mgr0); + if (re.test(stem)) + w = stem + step3list[suffix]; + } + + // Step 4 + re = /^(.+?)(al|ance|ence|er|ic|able|ible|ant|ement|ment|ent|ou|ism|ate|iti|ous|ive|ize)$/; + re2 = /^(.+?)(s|t)(ion)$/; + if (re.test(w)) { + var fp = re.exec(w); + stem = fp[1]; + re = new RegExp(mgr1); + if (re.test(stem)) + w = stem; + } + else if (re2.test(w)) { + var fp = re2.exec(w); + stem = fp[1] + fp[2]; + re2 = new RegExp(mgr1); + if (re2.test(stem)) + w = stem; + } + + // Step 5 + re = /^(.+?)e$/; + if (re.test(w)) { + var fp = re.exec(w); + stem = fp[1]; + re = new RegExp(mgr1); + re2 = new RegExp(meq1); + re3 = new RegExp("^" + C + v + "[^aeiouwxy]$"); + if (re.test(stem) || (re2.test(stem) && !(re3.test(stem)))) + w = stem; + } + re = /ll$/; + re2 = new RegExp(mgr1); + if (re.test(w) && re2.test(w)) { + re = /.$/; + w = w.replace(re,""); + } + + // and turn initial Y back to y + if (firstch == "y") + w = firstch.toLowerCase() + w.substr(1); + return w; + } +} + diff --git a/ia-terms-updates/en/_static/minus.png b/ia-terms-updates/en/_static/minus.png new file mode 100644 index 0000000000000000000000000000000000000000..d96755fdaf8bb2214971e0db9c1fd3077d7c419d GIT binary patch literal 90 zcmeAS@N?(olHy`uVBq!ia0vp^+#t*WBp7;*Yy1LIik>cxAr*|t7R?Mi>2?kWtu=nj kDsEF_5m^0CR;1wuP-*O&G^0G}KYk!hp00i_>zopr08q^qX#fBK literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/_static/pkce.py b/ia-terms-updates/en/_static/pkce.py new file mode 100644 index 000000000..95e8fe415 --- /dev/null +++ b/ia-terms-updates/en/_static/pkce.py @@ -0,0 +1,21 @@ +import hashlib +import base64 +import re + +def get_pkce(code_challenge_method: str = "S256", code_challenge_length: int = 64): + hashers = {"S256": hashlib.sha256} + + code_verifier = base64.urlsafe_b64encode(os.urandom(40)).decode("utf-8") + code_verifier = re.sub("[^a-zA-Z0-9]+", "", code_verifier) + + code_challenge = hashers.get(code_challenge_method)( + code_verifier.encode("utf-8") + ).digest() + code_challenge = base64.urlsafe_b64encode(code_challenge).decode("utf-8") + code_challenge = code_challenge.replace("=", "") + + return { + "code_verifier": code_verifier, + "code_challenge": code_challenge, + "code_challenge_method": code_challenge_method, + } \ No newline at end of file diff --git a/ia-terms-updates/en/_static/plus.png b/ia-terms-updates/en/_static/plus.png new file mode 100644 index 0000000000000000000000000000000000000000..7107cec93a979b9a5f64843235a16651d563ce2d GIT binary patch literal 90 zcmeAS@N?(olHy`uVBq!ia0vp^+#t*WBp7;*Yy1LIik>cxAr*|t7R?Mi>2?kWtu>-2 m3q%Vub%g%s<8sJhVPMczOq}xhg9DJoz~JfX=d#Wzp$Pyb1r*Kz literal 0 HcmV?d00001 diff --git a/ia-terms-updates/en/_static/pygments.css b/ia-terms-updates/en/_static/pygments.css new file mode 100644 index 000000000..0d49244ed --- /dev/null +++ b/ia-terms-updates/en/_static/pygments.css @@ -0,0 +1,75 @@ +pre { line-height: 125%; } +td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; } +span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; } +td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; } +span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; } +.highlight .hll { background-color: #ffffcc } +.highlight { background: #eeffcc; } +.highlight .c { color: #408090; font-style: italic } /* Comment */ +.highlight .err { border: 1px solid #FF0000 } /* Error */ +.highlight .k { color: #007020; font-weight: bold } /* Keyword */ +.highlight .o { color: #666666 } /* Operator */ +.highlight .ch { color: #408090; font-style: italic } /* Comment.Hashbang */ +.highlight .cm { color: #408090; font-style: italic } /* Comment.Multiline */ +.highlight .cp { color: #007020 } /* Comment.Preproc */ +.highlight .cpf { color: #408090; font-style: italic } /* Comment.PreprocFile */ +.highlight .c1 { color: #408090; font-style: italic } /* Comment.Single */ +.highlight .cs { color: #408090; background-color: #fff0f0 } /* Comment.Special */ +.highlight .gd { color: #A00000 } /* Generic.Deleted */ +.highlight .ge { font-style: italic } /* Generic.Emph */ +.highlight .ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */ +.highlight .gr { color: #FF0000 } /* Generic.Error */ +.highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */ +.highlight .gi { color: #00A000 } /* Generic.Inserted */ +.highlight .go { color: #333333 } /* Generic.Output */ +.highlight .gp { color: #c65d09; font-weight: bold } /* Generic.Prompt */ +.highlight .gs { font-weight: bold } /* Generic.Strong */ +.highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */ +.highlight .gt { color: #0044DD } /* Generic.Traceback */ +.highlight .kc { color: #007020; font-weight: bold } /* Keyword.Constant */ +.highlight .kd { color: #007020; font-weight: bold } /* Keyword.Declaration */ +.highlight .kn { color: #007020; font-weight: bold } /* Keyword.Namespace */ +.highlight .kp { color: #007020 } /* Keyword.Pseudo */ +.highlight .kr { color: #007020; font-weight: bold } /* Keyword.Reserved */ +.highlight .kt { color: #902000 } /* Keyword.Type */ +.highlight .m { color: #208050 } /* Literal.Number */ +.highlight .s { color: #4070a0 } /* Literal.String */ +.highlight .na { color: #4070a0 } /* Name.Attribute */ +.highlight .nb { color: #007020 } /* Name.Builtin */ +.highlight .nc { color: #0e84b5; font-weight: bold } /* Name.Class */ +.highlight .no { color: #60add5 } /* Name.Constant */ +.highlight .nd { color: #555555; font-weight: bold } /* Name.Decorator */ +.highlight .ni { color: #d55537; font-weight: bold } /* Name.Entity */ +.highlight .ne { color: #007020 } /* Name.Exception */ +.highlight .nf { color: #06287e } /* Name.Function */ +.highlight .nl { color: #002070; font-weight: bold } /* Name.Label */ +.highlight .nn { color: #0e84b5; font-weight: bold } /* Name.Namespace */ +.highlight .nt { color: #062873; font-weight: bold } /* Name.Tag */ +.highlight .nv { color: #bb60d5 } /* Name.Variable */ +.highlight .ow { color: #007020; font-weight: bold } /* Operator.Word */ +.highlight .w { color: #bbbbbb } /* Text.Whitespace */ +.highlight .mb { color: #208050 } /* Literal.Number.Bin */ +.highlight .mf { color: #208050 } /* Literal.Number.Float */ +.highlight .mh { color: #208050 } /* Literal.Number.Hex */ +.highlight .mi { color: #208050 } /* Literal.Number.Integer */ +.highlight .mo { color: #208050 } /* Literal.Number.Oct */ +.highlight .sa { color: #4070a0 } /* Literal.String.Affix */ +.highlight .sb { color: #4070a0 } /* Literal.String.Backtick */ +.highlight .sc { color: #4070a0 } /* Literal.String.Char */ +.highlight .dl { color: #4070a0 } /* Literal.String.Delimiter */ +.highlight .sd { color: #4070a0; font-style: italic } /* Literal.String.Doc */ +.highlight .s2 { color: #4070a0 } /* Literal.String.Double */ +.highlight .se { color: #4070a0; font-weight: bold } /* Literal.String.Escape */ +.highlight .sh { color: #4070a0 } /* Literal.String.Heredoc */ +.highlight .si { color: #70a0d0; font-style: italic } /* Literal.String.Interpol */ +.highlight .sx { color: #c65d09 } /* Literal.String.Other */ +.highlight .sr { color: #235388 } /* Literal.String.Regex */ +.highlight .s1 { color: #4070a0 } /* Literal.String.Single */ +.highlight .ss { color: #517918 } /* Literal.String.Symbol */ +.highlight .bp { color: #007020 } /* Name.Builtin.Pseudo */ +.highlight .fm { color: #06287e } /* Name.Function.Magic */ +.highlight .vc { color: #bb60d5 } /* Name.Variable.Class */ +.highlight .vg { color: #bb60d5 } /* Name.Variable.Global */ +.highlight .vi { color: #bb60d5 } /* Name.Variable.Instance */ +.highlight .vm { color: #bb60d5 } /* Name.Variable.Magic */ +.highlight .il { color: #208050 } /* Literal.Number.Integer.Long */ \ No newline at end of file diff --git a/ia-terms-updates/en/_static/searchtools.js b/ia-terms-updates/en/_static/searchtools.js new file mode 100644 index 000000000..b08d58c9b --- /dev/null +++ b/ia-terms-updates/en/_static/searchtools.js @@ -0,0 +1,620 @@ +/* + * searchtools.js + * ~~~~~~~~~~~~~~~~ + * + * Sphinx JavaScript utilities for the full-text search. + * + * :copyright: Copyright 2007-2024 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ +"use strict"; + +/** + * Simple result scoring code. + */ +if (typeof Scorer === "undefined") { + var Scorer = { + // Implement the following function to further tweak the score for each result + // The function takes a result array [docname, title, anchor, descr, score, filename] + // and returns the new score. + /* + score: result => { + const [docname, title, anchor, descr, score, filename] = result + return score + }, + */ + + // query matches the full name of an object + objNameMatch: 11, + // or matches in the last dotted part of the object name + objPartialMatch: 6, + // Additive scores depending on the priority of the object + objPrio: { + 0: 15, // used to be importantResults + 1: 5, // used to be objectResults + 2: -5, // used to be unimportantResults + }, + // Used when the priority is not in the mapping. + objPrioDefault: 0, + + // query found in title + title: 15, + partialTitle: 7, + // query found in terms + term: 5, + partialTerm: 2, + }; +} + +const _removeChildren = (element) => { + while (element && element.lastChild) element.removeChild(element.lastChild); +}; + +/** + * See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions#escaping + */ +const _escapeRegExp = (string) => + string.replace(/[.*+\-?^${}()|[\]\\]/g, "\\$&"); // $& means the whole matched string + +const _displayItem = (item, searchTerms, highlightTerms) => { + const docBuilder = DOCUMENTATION_OPTIONS.BUILDER; + const docFileSuffix = DOCUMENTATION_OPTIONS.FILE_SUFFIX; + const docLinkSuffix = DOCUMENTATION_OPTIONS.LINK_SUFFIX; + const showSearchSummary = DOCUMENTATION_OPTIONS.SHOW_SEARCH_SUMMARY; + const contentRoot = document.documentElement.dataset.content_root; + + const [docName, title, anchor, descr, score, _filename] = item; + + let listItem = document.createElement("li"); + let requestUrl; + let linkUrl; + if (docBuilder === "dirhtml") { + // dirhtml builder + let dirname = docName + "/"; + if (dirname.match(/\/index\/$/)) + dirname = dirname.substring(0, dirname.length - 6); + else if (dirname === "index/") dirname = ""; + requestUrl = contentRoot + dirname; + linkUrl = requestUrl; + } else { + // normal html builders + requestUrl = contentRoot + docName + docFileSuffix; + linkUrl = docName + docLinkSuffix; + } + let linkEl = listItem.appendChild(document.createElement("a")); + linkEl.href = linkUrl + anchor; + linkEl.dataset.score = score; + linkEl.innerHTML = title; + if (descr) { + listItem.appendChild(document.createElement("span")).innerHTML = + " (" + descr + ")"; + // highlight search terms in the description + if (SPHINX_HIGHLIGHT_ENABLED) // set in sphinx_highlight.js + highlightTerms.forEach((term) => _highlightText(listItem, term, "highlighted")); + } + else if (showSearchSummary) + fetch(requestUrl) + .then((responseData) => responseData.text()) + .then((data) => { + if (data) + listItem.appendChild( + Search.makeSearchSummary(data, searchTerms, anchor) + ); + // highlight search terms in the summary + if (SPHINX_HIGHLIGHT_ENABLED) // set in sphinx_highlight.js + highlightTerms.forEach((term) => _highlightText(listItem, term, "highlighted")); + }); + Search.output.appendChild(listItem); +}; +const _finishSearch = (resultCount) => { + Search.stopPulse(); + Search.title.innerText = _("Search Results"); + if (!resultCount) + Search.status.innerText = Documentation.gettext( + "Your search did not match any documents. Please make sure that all words are spelled correctly and that you've selected enough categories." + ); + else + Search.status.innerText = _( + "Search finished, found ${resultCount} page(s) matching the search query." + ).replace('${resultCount}', resultCount); +}; +const _displayNextItem = ( + results, + resultCount, + searchTerms, + highlightTerms, +) => { + // results left, load the summary and display it + // this is intended to be dynamic (don't sub resultsCount) + if (results.length) { + _displayItem(results.pop(), searchTerms, highlightTerms); + setTimeout( + () => _displayNextItem(results, resultCount, searchTerms, highlightTerms), + 5 + ); + } + // search finished, update title and status message + else _finishSearch(resultCount); +}; +// Helper function used by query() to order search results. +// Each input is an array of [docname, title, anchor, descr, score, filename]. +// Order the results by score (in opposite order of appearance, since the +// `_displayNextItem` function uses pop() to retrieve items) and then alphabetically. +const _orderResultsByScoreThenName = (a, b) => { + const leftScore = a[4]; + const rightScore = b[4]; + if (leftScore === rightScore) { + // same score: sort alphabetically + const leftTitle = a[1].toLowerCase(); + const rightTitle = b[1].toLowerCase(); + if (leftTitle === rightTitle) return 0; + return leftTitle > rightTitle ? -1 : 1; // inverted is intentional + } + return leftScore > rightScore ? 1 : -1; +}; + +/** + * Default splitQuery function. Can be overridden in ``sphinx.search`` with a + * custom function per language. + * + * The regular expression works by splitting the string on consecutive characters + * that are not Unicode letters, numbers, underscores, or emoji characters. + * This is the same as ``\W+`` in Python, preserving the surrogate pair area. + */ +if (typeof splitQuery === "undefined") { + var splitQuery = (query) => query + .split(/[^\p{Letter}\p{Number}_\p{Emoji_Presentation}]+/gu) + .filter(term => term) // remove remaining empty strings +} + +/** + * Search Module + */ +const Search = { + _index: null, + _queued_query: null, + _pulse_status: -1, + + htmlToText: (htmlString, anchor) => { + const htmlElement = new DOMParser().parseFromString(htmlString, 'text/html'); + for (const removalQuery of [".headerlink", "script", "style"]) { + htmlElement.querySelectorAll(removalQuery).forEach((el) => { el.remove() }); + } + if (anchor) { + const anchorContent = htmlElement.querySelector(`[role="main"] ${anchor}`); + if (anchorContent) return anchorContent.textContent; + + console.warn( + `Anchored content block not found. Sphinx search tries to obtain it via DOM query '[role=main] ${anchor}'. Check your theme or template.` + ); + } + + // if anchor not specified or not found, fall back to main content + const docContent = htmlElement.querySelector('[role="main"]'); + if (docContent) return docContent.textContent; + + console.warn( + "Content block not found. Sphinx search tries to obtain it via DOM query '[role=main]'. Check your theme or template." + ); + return ""; + }, + + init: () => { + const query = new URLSearchParams(window.location.search).get("q"); + document + .querySelectorAll('input[name="q"]') + .forEach((el) => (el.value = query)); + if (query) Search.performSearch(query); + }, + + loadIndex: (url) => + (document.body.appendChild(document.createElement("script")).src = url), + + setIndex: (index) => { + Search._index = index; + if (Search._queued_query !== null) { + const query = Search._queued_query; + Search._queued_query = null; + Search.query(query); + } + }, + + hasIndex: () => Search._index !== null, + + deferQuery: (query) => (Search._queued_query = query), + + stopPulse: () => (Search._pulse_status = -1), + + startPulse: () => { + if (Search._pulse_status >= 0) return; + + const pulse = () => { + Search._pulse_status = (Search._pulse_status + 1) % 4; + Search.dots.innerText = ".".repeat(Search._pulse_status); + if (Search._pulse_status >= 0) window.setTimeout(pulse, 500); + }; + pulse(); + }, + + /** + * perform a search for something (or wait until index is loaded) + */ + performSearch: (query) => { + // create the required interface elements + const searchText = document.createElement("h2"); + searchText.textContent = _("Searching"); + const searchSummary = document.createElement("p"); + searchSummary.classList.add("search-summary"); + searchSummary.innerText = ""; + const searchList = document.createElement("ul"); + searchList.classList.add("search"); + + const out = document.getElementById("search-results"); + Search.title = out.appendChild(searchText); + Search.dots = Search.title.appendChild(document.createElement("span")); + Search.status = out.appendChild(searchSummary); + Search.output = out.appendChild(searchList); + + const searchProgress = document.getElementById("search-progress"); + // Some themes don't use the search progress node + if (searchProgress) { + searchProgress.innerText = _("Preparing search..."); + } + Search.startPulse(); + + // index already loaded, the browser was quick! + if (Search.hasIndex()) Search.query(query); + else Search.deferQuery(query); + }, + + _parseQuery: (query) => { + // stem the search terms and add them to the correct list + const stemmer = new Stemmer(); + const searchTerms = new Set(); + const excludedTerms = new Set(); + const highlightTerms = new Set(); + const objectTerms = new Set(splitQuery(query.toLowerCase().trim())); + splitQuery(query.trim()).forEach((queryTerm) => { + const queryTermLower = queryTerm.toLowerCase(); + + // maybe skip this "word" + // stopwords array is from language_data.js + if ( + stopwords.indexOf(queryTermLower) !== -1 || + queryTerm.match(/^\d+$/) + ) + return; + + // stem the word + let word = stemmer.stemWord(queryTermLower); + // select the correct list + if (word[0] === "-") excludedTerms.add(word.substr(1)); + else { + searchTerms.add(word); + highlightTerms.add(queryTermLower); + } + }); + + if (SPHINX_HIGHLIGHT_ENABLED) { // set in sphinx_highlight.js + localStorage.setItem("sphinx_highlight_terms", [...highlightTerms].join(" ")) + } + + // console.debug("SEARCH: searching for:"); + // console.info("required: ", [...searchTerms]); + // console.info("excluded: ", [...excludedTerms]); + + return [query, searchTerms, excludedTerms, highlightTerms, objectTerms]; + }, + + /** + * execute search (requires search index to be loaded) + */ + _performSearch: (query, searchTerms, excludedTerms, highlightTerms, objectTerms) => { + const filenames = Search._index.filenames; + const docNames = Search._index.docnames; + const titles = Search._index.titles; + const allTitles = Search._index.alltitles; + const indexEntries = Search._index.indexentries; + + // Collect multiple result groups to be sorted separately and then ordered. + // Each is an array of [docname, title, anchor, descr, score, filename]. + const normalResults = []; + const nonMainIndexResults = []; + + _removeChildren(document.getElementById("search-progress")); + + const queryLower = query.toLowerCase().trim(); + for (const [title, foundTitles] of Object.entries(allTitles)) { + if (title.toLowerCase().trim().includes(queryLower) && (queryLower.length >= title.length/2)) { + for (const [file, id] of foundTitles) { + const score = Math.round(Scorer.title * queryLower.length / title.length); + const boost = titles[file] === title ? 1 : 0; // add a boost for document titles + normalResults.push([ + docNames[file], + titles[file] !== title ? `${titles[file]} > ${title}` : title, + id !== null ? "#" + id : "", + null, + score + boost, + filenames[file], + ]); + } + } + } + + // search for explicit entries in index directives + for (const [entry, foundEntries] of Object.entries(indexEntries)) { + if (entry.includes(queryLower) && (queryLower.length >= entry.length/2)) { + for (const [file, id, isMain] of foundEntries) { + const score = Math.round(100 * queryLower.length / entry.length); + const result = [ + docNames[file], + titles[file], + id ? "#" + id : "", + null, + score, + filenames[file], + ]; + if (isMain) { + normalResults.push(result); + } else { + nonMainIndexResults.push(result); + } + } + } + } + + // lookup as object + objectTerms.forEach((term) => + normalResults.push(...Search.performObjectSearch(term, objectTerms)) + ); + + // lookup as search terms in fulltext + normalResults.push(...Search.performTermsSearch(searchTerms, excludedTerms)); + + // let the scorer override scores with a custom scoring function + if (Scorer.score) { + normalResults.forEach((item) => (item[4] = Scorer.score(item))); + nonMainIndexResults.forEach((item) => (item[4] = Scorer.score(item))); + } + + // Sort each group of results by score and then alphabetically by name. + normalResults.sort(_orderResultsByScoreThenName); + nonMainIndexResults.sort(_orderResultsByScoreThenName); + + // Combine the result groups in (reverse) order. + // Non-main index entries are typically arbitrary cross-references, + // so display them after other results. + let results = [...nonMainIndexResults, ...normalResults]; + + // remove duplicate search results + // note the reversing of results, so that in the case of duplicates, the highest-scoring entry is kept + let seen = new Set(); + results = results.reverse().reduce((acc, result) => { + let resultStr = result.slice(0, 4).concat([result[5]]).map(v => String(v)).join(','); + if (!seen.has(resultStr)) { + acc.push(result); + seen.add(resultStr); + } + return acc; + }, []); + + return results.reverse(); + }, + + query: (query) => { + const [searchQuery, searchTerms, excludedTerms, highlightTerms, objectTerms] = Search._parseQuery(query); + const results = Search._performSearch(searchQuery, searchTerms, excludedTerms, highlightTerms, objectTerms); + + // for debugging + //Search.lastresults = results.slice(); // a copy + // console.info("search results:", Search.lastresults); + + // print the results + _displayNextItem(results, results.length, searchTerms, highlightTerms); + }, + + /** + * search for object names + */ + performObjectSearch: (object, objectTerms) => { + const filenames = Search._index.filenames; + const docNames = Search._index.docnames; + const objects = Search._index.objects; + const objNames = Search._index.objnames; + const titles = Search._index.titles; + + const results = []; + + const objectSearchCallback = (prefix, match) => { + const name = match[4] + const fullname = (prefix ? prefix + "." : "") + name; + const fullnameLower = fullname.toLowerCase(); + if (fullnameLower.indexOf(object) < 0) return; + + let score = 0; + const parts = fullnameLower.split("."); + + // check for different match types: exact matches of full name or + // "last name" (i.e. last dotted part) + if (fullnameLower === object || parts.slice(-1)[0] === object) + score += Scorer.objNameMatch; + else if (parts.slice(-1)[0].indexOf(object) > -1) + score += Scorer.objPartialMatch; // matches in last name + + const objName = objNames[match[1]][2]; + const title = titles[match[0]]; + + // If more than one term searched for, we require other words to be + // found in the name/title/description + const otherTerms = new Set(objectTerms); + otherTerms.delete(object); + if (otherTerms.size > 0) { + const haystack = `${prefix} ${name} ${objName} ${title}`.toLowerCase(); + if ( + [...otherTerms].some((otherTerm) => haystack.indexOf(otherTerm) < 0) + ) + return; + } + + let anchor = match[3]; + if (anchor === "") anchor = fullname; + else if (anchor === "-") anchor = objNames[match[1]][1] + "-" + fullname; + + const descr = objName + _(", in ") + title; + + // add custom score for some objects according to scorer + if (Scorer.objPrio.hasOwnProperty(match[2])) + score += Scorer.objPrio[match[2]]; + else score += Scorer.objPrioDefault; + + results.push([ + docNames[match[0]], + fullname, + "#" + anchor, + descr, + score, + filenames[match[0]], + ]); + }; + Object.keys(objects).forEach((prefix) => + objects[prefix].forEach((array) => + objectSearchCallback(prefix, array) + ) + ); + return results; + }, + + /** + * search for full-text terms in the index + */ + performTermsSearch: (searchTerms, excludedTerms) => { + // prepare search + const terms = Search._index.terms; + const titleTerms = Search._index.titleterms; + const filenames = Search._index.filenames; + const docNames = Search._index.docnames; + const titles = Search._index.titles; + + const scoreMap = new Map(); + const fileMap = new Map(); + + // perform the search on the required terms + searchTerms.forEach((word) => { + const files = []; + const arr = [ + { files: terms[word], score: Scorer.term }, + { files: titleTerms[word], score: Scorer.title }, + ]; + // add support for partial matches + if (word.length > 2) { + const escapedWord = _escapeRegExp(word); + if (!terms.hasOwnProperty(word)) { + Object.keys(terms).forEach((term) => { + if (term.match(escapedWord)) + arr.push({ files: terms[term], score: Scorer.partialTerm }); + }); + } + if (!titleTerms.hasOwnProperty(word)) { + Object.keys(titleTerms).forEach((term) => { + if (term.match(escapedWord)) + arr.push({ files: titleTerms[term], score: Scorer.partialTitle }); + }); + } + } + + // no match but word was a required one + if (arr.every((record) => record.files === undefined)) return; + + // found search word in contents + arr.forEach((record) => { + if (record.files === undefined) return; + + let recordFiles = record.files; + if (recordFiles.length === undefined) recordFiles = [recordFiles]; + files.push(...recordFiles); + + // set score for the word in each file + recordFiles.forEach((file) => { + if (!scoreMap.has(file)) scoreMap.set(file, {}); + scoreMap.get(file)[word] = record.score; + }); + }); + + // create the mapping + files.forEach((file) => { + if (!fileMap.has(file)) fileMap.set(file, [word]); + else if (fileMap.get(file).indexOf(word) === -1) fileMap.get(file).push(word); + }); + }); + + // now check if the files don't contain excluded terms + const results = []; + for (const [file, wordList] of fileMap) { + // check if all requirements are matched + + // as search terms with length < 3 are discarded + const filteredTermCount = [...searchTerms].filter( + (term) => term.length > 2 + ).length; + if ( + wordList.length !== searchTerms.size && + wordList.length !== filteredTermCount + ) + continue; + + // ensure that none of the excluded terms is in the search result + if ( + [...excludedTerms].some( + (term) => + terms[term] === file || + titleTerms[term] === file || + (terms[term] || []).includes(file) || + (titleTerms[term] || []).includes(file) + ) + ) + break; + + // select one (max) score for the file. + const score = Math.max(...wordList.map((w) => scoreMap.get(file)[w])); + // add result to the result list + results.push([ + docNames[file], + titles[file], + "", + null, + score, + filenames[file], + ]); + } + return results; + }, + + /** + * helper function to return a node containing the + * search summary for a given text. keywords is a list + * of stemmed words. + */ + makeSearchSummary: (htmlText, keywords, anchor) => { + const text = Search.htmlToText(htmlText, anchor); + if (text === "") return null; + + const textLower = text.toLowerCase(); + const actualStartPosition = [...keywords] + .map((k) => textLower.indexOf(k.toLowerCase())) + .filter((i) => i > -1) + .slice(-1)[0]; + const startWithContext = Math.max(actualStartPosition - 120, 0); + + const top = startWithContext === 0 ? "" : "..."; + const tail = startWithContext + 240 < text.length ? "..." : ""; + + let summary = document.createElement("p"); + summary.classList.add("context"); + summary.textContent = top + text.substr(startWithContext, 240).trim() + tail; + + return summary; + }, +}; + +_ready(Search.init); diff --git a/ia-terms-updates/en/_static/sphinx_highlight.js b/ia-terms-updates/en/_static/sphinx_highlight.js new file mode 100644 index 000000000..8a96c69a1 --- /dev/null +++ b/ia-terms-updates/en/_static/sphinx_highlight.js @@ -0,0 +1,154 @@ +/* Highlighting utilities for Sphinx HTML documentation. */ +"use strict"; + +const SPHINX_HIGHLIGHT_ENABLED = true + +/** + * highlight a given string on a node by wrapping it in + * span elements with the given class name. + */ +const _highlight = (node, addItems, text, className) => { + if (node.nodeType === Node.TEXT_NODE) { + const val = node.nodeValue; + const parent = node.parentNode; + const pos = val.toLowerCase().indexOf(text); + if ( + pos >= 0 && + !parent.classList.contains(className) && + !parent.classList.contains("nohighlight") + ) { + let span; + + const closestNode = parent.closest("body, svg, foreignObject"); + const isInSVG = closestNode && closestNode.matches("svg"); + if (isInSVG) { + span = document.createElementNS("http://www.w3.org/2000/svg", "tspan"); + } else { + span = document.createElement("span"); + span.classList.add(className); + } + + span.appendChild(document.createTextNode(val.substr(pos, text.length))); + const rest = document.createTextNode(val.substr(pos + text.length)); + parent.insertBefore( + span, + parent.insertBefore( + rest, + node.nextSibling + ) + ); + node.nodeValue = val.substr(0, pos); + /* There may be more occurrences of search term in this node. So call this + * function recursively on the remaining fragment. + */ + _highlight(rest, addItems, text, className); + + if (isInSVG) { + const rect = document.createElementNS( + "http://www.w3.org/2000/svg", + "rect" + ); + const bbox = parent.getBBox(); + rect.x.baseVal.value = bbox.x; + rect.y.baseVal.value = bbox.y; + rect.width.baseVal.value = bbox.width; + rect.height.baseVal.value = bbox.height; + rect.setAttribute("class", className); + addItems.push({ parent: parent, target: rect }); + } + } + } else if (node.matches && !node.matches("button, select, textarea")) { + node.childNodes.forEach((el) => _highlight(el, addItems, text, className)); + } +}; +const _highlightText = (thisNode, text, className) => { + let addItems = []; + _highlight(thisNode, addItems, text, className); + addItems.forEach((obj) => + obj.parent.insertAdjacentElement("beforebegin", obj.target) + ); +}; + +/** + * Small JavaScript module for the documentation. + */ +const SphinxHighlight = { + + /** + * highlight the search words provided in localstorage in the text + */ + highlightSearchWords: () => { + if (!SPHINX_HIGHLIGHT_ENABLED) return; // bail if no highlight + + // get and clear terms from localstorage + const url = new URL(window.location); + const highlight = + localStorage.getItem("sphinx_highlight_terms") + || url.searchParams.get("highlight") + || ""; + localStorage.removeItem("sphinx_highlight_terms") + url.searchParams.delete("highlight"); + window.history.replaceState({}, "", url); + + // get individual terms from highlight string + const terms = highlight.toLowerCase().split(/\s+/).filter(x => x); + if (terms.length === 0) return; // nothing to do + + // There should never be more than one element matching "div.body" + const divBody = document.querySelectorAll("div.body"); + const body = divBody.length ? divBody[0] : document.querySelector("body"); + window.setTimeout(() => { + terms.forEach((term) => _highlightText(body, term, "highlighted")); + }, 10); + + const searchBox = document.getElementById("searchbox"); + if (searchBox === null) return; + searchBox.appendChild( + document + .createRange() + .createContextualFragment( + '

" + ) + ); + }, + + /** + * helper function to hide the search marks again + */ + hideSearchWords: () => { + document + .querySelectorAll("#searchbox .highlight-link") + .forEach((el) => el.remove()); + document + .querySelectorAll("span.highlighted") + .forEach((el) => el.classList.remove("highlighted")); + localStorage.removeItem("sphinx_highlight_terms") + }, + + initEscapeListener: () => { + // only install a listener if it is really needed + if (!DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS) return; + + document.addEventListener("keydown", (event) => { + // bail for input elements + if (BLACKLISTED_KEY_CONTROL_ELEMENTS.has(document.activeElement.tagName)) return; + // bail with special keys + if (event.shiftKey || event.altKey || event.ctrlKey || event.metaKey) return; + if (DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS && (event.key === "Escape")) { + SphinxHighlight.hideSearchWords(); + event.preventDefault(); + } + }); + }, +}; + +_ready(() => { + /* Do not call highlightSearchWords() when we are on the search page. + * It will highlight words from the *previous* search query. + */ + if (typeof Search === "undefined") SphinxHighlight.highlightSearchWords(); + SphinxHighlight.initEscapeListener(); +}); diff --git a/ia-terms-updates/en/algorithms.html b/ia-terms-updates/en/algorithms.html new file mode 100644 index 000000000..9fd5bdf0a --- /dev/null +++ b/ia-terms-updates/en/algorithms.html @@ -0,0 +1,368 @@ + + + + + + + + Cryptographic Algorithms — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

Cryptographic Algorithms

+

The following algorithms MUST be supported:

+ ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Algorithm `alg` parameter value

Description

Operations

References

ES256

Elliptic Curve Digital Signature Algorithm (ECDSA) using one of the enabled curves listed in the section below and SHA256.

Signature

RFC 7518, [SOG-IS], [ETSI] .

ES384

Elliptic Curve Digital Signature Algorithm (ECDSA) using one of the enabled curves listed in the section below and SHA384.

Signature

RFC 7518, [SOG-IS], [ETSI] .

ES512

Elliptic Curve Digital Signature Algorithm (ECDSA) using one of the enabled curves listed in the section below and SHA521.

Signature

RFC 7518, [SOG-IS], [ETSI] .

RSA-OAEP-256

RSA Encryption Scheme with Optimal Asymmetric Encryption Padding (OAEP) using SHA256 hash function and the MGF1 with SHA-256 mask generation function.

Key Encryption

RFC 7516, RFC 7518.

A128CBC-HS256

AES encryption in Cipher Block Chaining mode with 128-bit Initial Vector value, plus HMAC authentication using SHA-256 and truncating HMAC to 128 bits.

Content Encryption

RFC 7516, RFC 7518.

A256CBC-HS512

AES encryption in Cipher Block Chaining mode with 256-bit Initial Vector value, plus HMAC authentication using SHA-512 and truncating HMAC to 256 bits.

Content Encryption

RFC 7516, RFC 7518.

+

The following Elliptic Curves MUST be supported for the Elliptic Curve Digital Signature Algorithm:

+ +++++ + + + + + + + + + + + + + + + + +

Curve Family

Short Curve Name

References

Brainpool

brainpoolP256r1, brainpoolP384r1, brainpoolP512r1.

RFC 5639, [ETSI] .

NIST

P-256, P-384, P-521

[ETSI], [FIPS-186-4], [ISO/IEC 14888-3].

+

The following algorithms are RECOMMENDED to be supported:

+ ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Algorithm `alg` parameter value

Description

Operations

References

PS256

RSASSA (RSA with Signature Scheme Appendix) with PSS ( Probabilistic Signature Scheme) padding using SHA256 hash function and MGF1 mask generation function with SHA-256.

Signature

RFC 7518, [SOG-IS].

PS384

RSASSA (RSA with Signature Scheme Appendix) with PSS ( Probabilistic Signature Scheme) padding using SHA384 hash function and MGF1 mask generation function with SHA-384.

Signature

RFC 7518, [SOG-IS].

PS512

RSASSA (RSA with Signature Scheme Appendix) with PSS ( Probabilistic Signature Scheme) padding using SHA512 hash function and MGF1 mask generation function with SHA-512.

Signature

RFC 7518, [SOG-IS].

ECDH-ES

Elliptic Curve Diffie-Hellman (ECDH) Ephemeral Static key agreement using Concat Key Derivation Function (KDF).

Key Encryption

RFC 7518.

ECDH-ES+A128KW

ECDH-ES using Concat KDF and content encryption key (CEK) wrapped using AES with a key length of 128 (A128KW).

Key Encryption

RFC 7518.

ECDH-ES+A256KW

ECDH-ES using Concat KDF and content encryption key (CEK) wrapped using AES with a key length of 256 (A256KW).

Key Encryption

RFC 7518.

+

The following algorithms MUST NOT be supported:

+ ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Algorithm `alg` parameter value

Description

Operations

References

none

    +
  • +
+

Signature

RFC 7518.

RSA_1_5

RSAES with PKCS1-v1_5 padding scheme. Use of this algorithm is generally not recommended.

Key Encryption

RFC 7516, [Security Vulnerability], [SOG-IS].

RSA-OAEP

RSA Encryption Scheme with Optimal Asymmetric Encryption Padding (OAEP) using default parameters.

Key Encryption

RFC 7518, [SOG-IS].

HS256

HMAC using SHA256.

Signature

RFC 7518.

HS384

HMAC using SHA384.

Signature

RFC 7518.

HS512

HMAC using SHA512

Signature

RFC 7518.

+
+ + +
+
+
+
+ + +
+
+
+ +
+ + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/authentic-sources.html b/ia-terms-updates/en/authentic-sources.html new file mode 100644 index 000000000..c46747c35 --- /dev/null +++ b/ia-terms-updates/en/authentic-sources.html @@ -0,0 +1,253 @@ + + + + + + + + Authentic Sources — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

Authentic Sources

+

Authentic Sources are responsible for the authenticity of the User's attributes provided as Digital Credentials by the PID/(Q)EAA Provider. During the Issuance Flow, PID/(Q)EAA Providers, after authenticating the User, request from Authentic Sources the attributes required to provide the requested Credential. If PID/(Q)EAA Providers and Authentic Sources are both allowed to use PDND, the communication between them is accomplished in compliance with [MODI] and [PDND] and according to the rules defined within this specification. In particular,

+
+
    +
  • The Authentic Source MUST provide an e-service registered within the PDND catalogue which the PID/(Q)EAA Provider, as the recipient, MUST use to request the User's attributes.

  • +
  • In case of unavailability of the User's attributes, the Authentic Source MUST provide a response to the PID/(Q)EAA Provider with an estimation time when a new request can be sent.

  • +
  • The PID/(Q)EAA Provider MUST provide to the Authentic Source an evidence that:

    +
    +
      +
    • the request for Users attributes is related to data about themselves;

    • +
    • the request for User attributes comes from a valid Wallet Instance.

    • +
    +
    +
  • +
  • The PID/(Q)EAA Provider MUST make available to the Authentic Source an e-service for notifications on attributes availability and validity status (revocation or updates). The Authentic Source MUST use this e-service to notify to the PID/(Q)EAA Provider the notifications on the availability of the User's attributes as well as those relating to the attributes updates.

  • +
  • The protocol flow MUST ensure integrity, authenticity, and non-repudiation of the exchanged data between the Authentic Source and the PID/(Q)EAA Provider.

  • +
  • The e-services MUST be implemented in REST. SOAP protocol MUST NOT be used.

  • +
+
+
+

Security Patterns

+

The following security patterns and profiles are applicable:

+
+
    +
  • [REST_JWS_2021_POP] JWS POP Voucher Issuing Profile (Annex 3 - Standards and technical details used for Voucher Authorization [PDND]): REQUIRED. It adds a proof of possession on the Voucher. The client using the Voucher to access an e-service MUST demonstrate the proof of possession of the private key whose public is attested on the Voucher.

  • +
  • [ID_AUTH_REST_02] Client Authentication with X.509 certificate with uniqueness of the token/message (Annex 2 - Security Pattern [MODI]): REQUIRED. It guarantees trust between the Authentic Source and the PID/(Q)EAA Provider and provides a mitigation against replay attacks.

  • +
  • [INTEGRITY_REST_01] REST message payload integrity (Annex 2 - Security Pattern [MODI]): REQUIRED. It adds message payload integrity of the HTTP POST request.

  • +
  • [AUDIT_REST_02] submission of audit data within the request (Annex 2 - Security Pattern [MODI]): OPTIONAL. The Authentic Source MAY request an evidence about the User Authentication related to the User's attributes requested by the PID/(Q)EAA Provider and/or a proof that the Wallet Instance is valid. In this case this pattern MUST be used.

  • +
  • [PROFILE_NON_REPUDIATION_01] Profile for non-repudiation of transmission (Annex 3 - Interoperability Profile [MODI]): REQUIRED. This profile uses the following security patterns:

    +
    +
      +
    • ID_AUTH_CHANNEL_01 or ID_AUTH_CHANNEL_02

    • +
    • ID_AUTH_REST_02

    • +
    • INTEGRITY_REST_01

    • +
    +
    +
  • +
+
+
+
+ + +
+
+
+
+ + + + + + +
+
+ + + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/backup-restore.html b/ia-terms-updates/en/backup-restore.html new file mode 100644 index 000000000..f2529c72f --- /dev/null +++ b/ia-terms-updates/en/backup-restore.html @@ -0,0 +1,267 @@ + + + + + + + + backup-restore.rst — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

backup-restore.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +
  • req 1

  • +
  • req 2

  • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + +
+
+
+
+ + + + + + +
+
+
+
+ + + +
+
+ + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/contribute.html b/ia-terms-updates/en/contribute.html new file mode 100644 index 000000000..a4575eeae --- /dev/null +++ b/ia-terms-updates/en/contribute.html @@ -0,0 +1,270 @@ + + + + + + + + How to contribute — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

How to contribute

+

The IT-Wallet project, including this document, follows an open development process. This approach ensures the development process is accessible to all, inviting all interested parties to participate.

+

Consequently, stakeholders, national and international community members are not only encouraged but also heartily welcomed to contribute to the refinement of these technical rules.

+

Below are several methods available for contributing to this project:

+
    +
  • GitHub issues. By opening an issue, you can seek clarification, propose enhancements, or report editorial typos. If you are working on an issue, we encourage you to open a draft pull request and link it.

  • +
  • Pull requests. Pull requests represent active contributions to the project, typically, but not always following issue-based discussions. Once a pull request is initiated, it facilitates discussion and review of the proposed changes before they are merged into the main branch (versione-corrente).

  • +
  • Developers Italia Slack channel. Slack is a messaging application designed for businesses, connecting people to the information they need. Developers Italia is an open community based on contributions and participation from public administrations, developers, technicians, students, and citizens. Developers Italia has initiated a Slack channel that [everyone can join for free](https://slack.developers.italia.it/), where you can learn about all their activities and partake in discussions.

  • +
+
+

Acknowledgements

+

We would like to thank the following individuals for their comments, +concerns, ideas, contributions, some of which substantial, to this +implementation profile and to the initial set of implementations.

+
    +
  • Alen Horvat

  • +
  • Amir Sharif

  • +
  • Andrea Moro

  • +
  • Andrea Prosseda

  • +
  • Elisa Nicolussi Paolaz

  • +
  • Emanuele De Cupis

  • +
  • Emiliano Vernini

  • +
  • Francesco Grauso

  • +
  • Francesco Marino

  • +
  • Francesco Ventola

  • +
  • Gabriella Cefalù

  • +
  • Giada Sciarretta

  • +
  • Giuseppe De Marco

  • +
  • Klaas Wierenga

  • +
  • Kristina Yasuda

  • +
  • Leif Johansson

  • +
  • Lorenzo Cerini

  • +
  • Mart Aarma

  • +
  • Marta Sciunnach

  • +
  • Michele Silletti

  • +
  • Nicola Saitto

  • +
  • Niels van Dijk

  • +
  • Oliver Terbu

  • +
  • Paul Bastien

  • +
  • Pasquale De Rose

  • +
  • Peter Altmann

  • +
  • Riccardo Iaconelli

  • +
  • Roland Hedberg

  • +
  • Salvatore Laiso

  • +
  • Salvatore Manfredi

  • +
  • Stefano Alifuoco

  • +
  • Takahiko Kawasaki

  • +
  • Thomas Chiozzi

  • +
  • Torsten Lodderstedt

  • +
  • Vladimir Duzhinov

  • +
+

If anyone has been forgotten, please accept our apologies with the +request to propose the modification of this page via a [Pull Request](https://github.com/italia/eudi-wallet-it-docs) +with a brief description of the contribution offered, during which +event or channel, and during which period. We will then have the opportunity +to apologize again and make amends as soon as possible, including you in the list.

+
+
+ + +
+
+
+
+ + + + + + +
+
+ + + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/defined-terms.html b/ia-terms-updates/en/defined-terms.html new file mode 100644 index 000000000..8ac8bbc89 --- /dev/null +++ b/ia-terms-updates/en/defined-terms.html @@ -0,0 +1,491 @@ + + + + + + + + Normative Language and Conventions — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

Normative Language and Conventions

+

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

+
+
+

Defined Terms

+

The terms User, Trust Service, Trust Model, Trusted List, Trust Framework, Attribute, Electronic Attestations of Attributes Provider or Trust Service Provider (TSP), Person Identification Data (PID), Revocation List, Qualified Electronic Attestations of Attributes Provider or Qualified Trust Service Provider (QTSP), Electronic Attestation of Attributes (EAA), are defined in the EIDAS-ARF.

+

Below are the description of acronyms and definitions which are useful for further insights into topics that complement the it-wallet and the interacting components.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Name

Description

Notes

User

A natural or legal person, or a natural person representing another natural person or a legal person, that uses a trust services or electronic identification means provided in accordance with EUDI Wallet Architecture Reference Framework. [ARF v1.4]

User Attribute

A characteristic, quality, right or permission of a natural or legal person or of an object. [ARF v1.4]

Other alternative terms: User Claim

Digital Identity Provider

Entity responsible for identifying citizens for the issuance of an digital identity.

Digital Credential

A signed set of Attributes encapsulated in a specific data format, such as mdoc format specified in [ISO 18013-5] or the SD-JWT VC format specified in [SD-JWT-VC]. This may be a Personal Identification Data (PID), (Qualified) Electronic Attestation of Attribute ((Q)EAA). [Revised from ARF v1.4]

Differences with ARF: The definition from ARF restricts the data format to mdoc and SD-JWT VC. For the scope of the Trust Model, a Digital Credential definition should be neutral on the format. ARF alternative terms: Electronic Attestation, Attestation. Other alternative terms: Verifiable Credential, Digital Attestation.

Organizational Entity

A legal person (only considering organizations and public entities, not natural/physical persons) recognized by the Member State through a unique identifier to operate a certain role within the EUDI Wallet ecosystem.

In this category the following entity roles are included: Wallet Provider, Credential Issuer, Relying Party, QTSP In general, any kind of Entity that must be registered through a national or European registration mechanism. ARF alternative terms: legal person (only considering organizations and public entities, not natural/physical persons)

Wallet Solution

A Wallet Solution is the entire eIDAS-compliant product and service provided by a Wallet Provider to all Users and certified as EUDI-compliant by a Conformity Assessment Body (CAB). [Revised from ARF v1.4]

Differences with ARF: editorial ARF alternative terms: EUDI Wallet Solution

Wallet Provider

An Organizational Entity, responsible for the management and release operation of a Wallet Solution. The Wallet Provider issues the Wallet Attestations to its Wallet Instances through an Attestation Service. The Wallet Attestation certifies the genuinity and authenticity of the Wallet Instance and its compliance with the security and privacy requirements. [Revised from ARF v1.4]

Differences with ARF: editorial ARF alternative terms: EUDI Wallet Provider

Wallet Instance

Instance of a Wallet Solution installed on a User’s device belonging to and which is controlled by a User. It enables the storage and management of Digital Credentials.The Wallet Instance provides graphical interfaces for User interaction with Relying Parties, PID, (Q)EAA Providers and the Wallet Provider. [Revised from ARF v1.4]

Differences with ARF: editorial ARF alternative terms: EUDI Wallet Instance

Wallet Provider Backend

Is the technical infrastructure and server-side components, including a set of endpoints, managed by a Wallet Provider.

Credential Issuer

An Organizational Entity providing Digital Credentials to Users. It may be PID Provider or (Q)EAA Providers. [Revised from ARF v1.4]

Differences with ARF: (i) merged the PID Providers and (Q)EEA Providers definitions using the general term Digital Credential, (ii) renamed “Member Stare or other legal entity” in “Organizational Entity” ARF alternative terms: PID Providers,(Q)EEA Providers, Attestation Provider Other alternative terms: Verifiable Credential Issuer

Relying Party

An Organizational Entity that relies upon an electronic identification or a Trust Service originating from a Wallet Instance. [Revised from ARF v1.4]

Differences with ARF: renamed “natural or legal person” in “Organizational Entity”.

Relying Party Instance

A Relying Party Instance in the context of a mobile application or a standalone embedded device refers to a specific deployment of the application or device. These instances depend on an User Authentication through a Wallet Instance to confirm User identities before granting access to their functionalities. Each version or environment where the application or device is running, be it a particular release of a mobile app installed on a User's smartphone or a specific embedded device in use, constitutes a separate instance. In case of proximity supervised scenarios, it belongs to and is controlled by a Verifier. [Revised from ARF v1.4]

Differences with ARF: added a sentence on proximity supervised scenarios. Other alternative terms: Verifier App

Verifier

Also known as Credential Verifier. It is a natural person or a legal person using an Relying Party Instance. [New]

Trust

Trust, within the technical field, is the confidence in the security, reliability, and integrity of entities (such as systems, organizations, or individuals) and their actions, ensuring that they will operate as expected in a secure and predictable manner. It is often established through empirical proof, such as past performance, security certifications, or transparent operational practices, which demonstrate a track record of adherence to security standards and ethical conduct. [Revised from ARF v1.4]

Trust Framework

A legally enforceable set of operational and technical rules and agreements that govern a multi-party system designed for conducting specific types of transactions among a community of participants and bound by a common set of requirements. [ARF v1.4]

Trust Model

Collection of rules that ensure the legitimacy of the components and the entities involved in the EUDI Wallet ecosystem. [ARF v1.4]

Trusted List

Repository of information about authoritative entities in a particular legal or contractual context which provides information about their current and historical status. It serves as the bedrock of trust, acting as federative sources that publish the crucial information about root entities within the ecosystem. [Revised from ARF v1.4]

Differences with ARF: added the last sentence

Registration Authority

A party responsible for registering all the Organizational Entities by issuing a Trust Assertion.

ARF: Registrar

Conformity Assessment Body (CAB)

A conformity assessment body as defined in Article 2, point 13, of Regulation (EC) No 765/2008, which is accredited in accordance with that Regulation as competent to carry out conformity assessment of a qualified trust service provider and the qualified trust services it provides, or as competent to carry out certification of European Digital Identity Wallets or electronic identification means. [ARF v1.4]

National Accreditation Bodies (NAB)

A body that performs accreditation with authority derived from a Member State under Regulation (EC) No 765/2008. [ARF v1.4]

Other alternative terms: Accreditation Authority

Trust Evaluation

The process of verifying the trustworthiness of registered Organizational Entities, in accordance with pre-established rules. For example, involving the retrieval and validation of entity configurations and trust chains.

Other alternative terms: Trust Discovery, Trust Establishment

Trust Assertion

Cryptographically verifiable artifact that proves the compliance of an Organizational Entity with known rules and requirements defined within the Trust Model.

Other alternative terms: Verifiable Attestation, Access Certificate

Trust Relationship

Positive outcome of Trust Evaluation, which produces a reliable relationship between Organizational Entities, where one Organizational Entity trusts the other to securely handle data, execute transactions, or perform actions on its behalf.

Metadata

Digital artifact that contains all the required information about an Organizational Entity, e.g., protocol related endpoints and the Organizational Entity’s cryptographic public keys (for the complete list check requirement “Metadata Content”).

Policy Language

A formal language used to define security, privacy, and identity management policies that govern interactions and transactions within a Trust Framework. This language allows for the clear and unambiguous expression of rules and conditions, facilitating the automation of processes and interoperability among different systems and organizations.

Registration Process

Process performed by a Registration Authority verifying necessary information to ensure Organizational Entity eligibility and compliance with the relevant rules and standards. The main goal of the Registration Process is for the Organizational Entity to receive one or more Trust Assertions to be used for the Trust Evaluation processes.

Accreditation Process

Process performed by the National Accreditation Body to accreditate CABs. As a result of the Accreditation Process, a NAB issues an accreditation certificate to a CAB.

Currently, out of scope of the Trust Model requirements

Certification Process

Process performed by Conformity Assessment Bodies to certify the Wallet Solution. The Certification Process aims to periodically assess technical Wallet Solutions (e.g. performing vulnerability assessment and risk analysis). As a result of the Certification Process a certification is provided to the Wallet Solution. [New]

Currently, out of scope of the Trust Model requirements

Notification Process

Process defining how information is transferred to the European Commission and the inclusion of an entity in the Trusted List.

Supervision Process

Process performed by a Supervisory Body to review and ensure proper functioning of the Wallet Provider and other relevant actors.

Currently, out of scope of the Trust Model requirements

Federation Authority

A public governance entity that issues guidelines and technical rules, and administers - directly or through its intermediary - Trusted Lists, services, and accreditation processes, the status of participants, and their eligibility evaluation. It also performs oversight functions.

Wallet Secure Cryptographic Application

An application that manages critical assets utilizing the cryptographic functions provided by the Wallet Secure Cryptographic Device.

Wallet Instance

The application installed and configured on a Wallet User’s device or environment, which is part of a Wallet Unit, and that the Wallet User uses to interact with the Wallet Unit.

Wallet Unit

Unique configuration of a wallet solution that includes wallet instances, wallet secure cryptographic applications, and wallet secure cryptographic devices provided by a wallet provider to an individual wallet user.

Wallet Unit Attestation

Also known as Wallet Attestation or Wallet Instance Attestation, it is a Data object issued by a Wallet Provider that describes the components of the Wallet Unit. It allows authentication and validation of those components, and is cryptographically bound to Wallet Secure Cryptographic Devices.

Wallet Secure Cryptographic Device (WSCD)

Hardware-backed secure environment for creating, storing, and/or managing cryptographic keys and data. A WSCD MAY implement an association proof in different ways. This largely depends on the implementation of the WSCD for example: remote HSM, external smart card, internal UICC, internal native cryptographic hardware, such as the iOS Secure Enclave or the Android Hardware Backed Keystore or StrongBox

Credential Status Attestation

Verifiable Attestation proving that a related Digital Credential is not revoked.

Device Integrity Service

A service provided by device manufacturers that verifies the integrity and authenticity of the app instance (Wallet Instance), as well as certifying the secure storage of private keys generated by the device within its dedicated hardware. It's important to note that the terminology used to describe this service varies among manufacturers.

Cryptographic Hardware Keys

During the app initialization, the Wallet Instance generates a pair of keys, one public and one private, which remain valid for the entire duration of the Wallet Instance's life. Functioning as a Master Key for the personal device, these Cryptographic Hardware Keys are confined to the OS domain and are not designed for signing arbitrary payloads. Their primary role is to provide a unique identification for each Wallet Instance.

Cryptographic Hardware Key Tag

A unique identifier created by the operating system for the Cryptographic Hardware Keys, utilized to gain access to the private key stored in the hardware.

Key Attestation

An attestation from the device's OEM that enhances your confidence in the keys used in your Wallet Instance being securely stored within the device's hardware-backed keystore. Its content is therefore defined by the operating system manufacturer. For Google Android, the term Key Attestation refers to the Strongbox Key Attestation feature. For Apple iOS, the reference is to the Device Check service, specifically the attestKey feature.

Qualified Electronic Attestation of Attributes (QEAA)

A digitally verifiable attestation in electronic form, issued by a QTSP, that substantiates a person's possession of attributes.

Qualified Electronic Signature Provider

The Electronic Trust Service Provider responsible for the issuing of Qualified Electronic Signature certificates to the User.

Qualified Electronic Attestation of Attributes Provider

Organizational Entity which serves as Credential issuer providing Qualified Electronic Attestations of Attributes (QEAAs).

PID Provider

Organizational Entity which serves as Credential issuer providing Person Identification Data to Users.

Differences with ARF: renamed “Member Stare or other legal entity” in “Organizational Entity”

National Identity Provider

It represents preexisting identity systems based on SAML2 or OpenID Connect Core 1.0, already in production in each Member State (eg: the Italian SPID and CIE id schemes notified eIDAS with LoA High, see SPID/CIE-OpenID-Connect-Specifications).

Relying Party

A natural or legal person that implements an authentication system requiring electronic attribute attestation submissions as an authentication mechanism.

Verifier

See Relying Party

Trust Attestation

Electronic attestation of an entity's compliance with the national regulatory framework, which is cryptographically verifiable and cannot be repudiated over time by the entity that issued it. A Trust Attestation is always related to a particular Trust Framework.

Trust Layer

Architectural component that enables IT-Wallet system participants to establish trust, in terms of reliability and compliance of all participants with the regulatory framework governing the digital identity system.

Trust Model

System defining how the participants of the ecosystem establish and maintain trust in their interactions. The Trust Model outlines the rules and the procedures for the entities (like users, systems, or applications) should validate each other's identities, authenticate, and establish the level of trust before exchanging information.

Level of Assurance

The degree of confidence in the vetting process used to establish the identity of the User and the degree of confidence that the User who presents the credential is the same User to whom the Digital Credential was issued.

Holder Key Binding

Ability of the Holder to prove legitimate possession of the private part, related to the public part attested by a Trusted Third Party.

Holder

Natural or Legal person that receives Verifiable Credentials from the Credential Issuers, manages the Verifiable Credentials within the Wallet, and presents them to Verifiers. The Holder is the User in control of the Wallet.

Pseudonym

Pseudonyms are alternative identifier used to represent an entity (such as a person or organization) without revealing their true identity. It provides a layer of privacy and anonymity while still allowing for consistent authentication and authorization within a system.

+
+

Acronyms

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Acronym

Description

OID4VP

OpenID for Verifiable Presentation

PID

Person Identification Data

VC

Verifiable Credential

VP

Verifiable Presentation

API

Application Programming Interface

LoA

Level of Assurance

AAL

Authenticator Assurance Level as defined in https://csrc.nist.gov/glossary/term/authenticator_assurance_level

WSCD

Wallet Secure Cryptographic Device

+
+
+ + +
+
+
+
+ + + + + + +
+
+ + + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/genindex.html b/ia-terms-updates/en/genindex.html new file mode 100644 index 000000000..e3169ecfd --- /dev/null +++ b/ia-terms-updates/en/genindex.html @@ -0,0 +1,292 @@ + + + + + + + Index — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ + +

Index

+ +
+ R + +
+

R

+ + +
+ + + +
+
+
+
+ + +
+
+
+
+
+ +
+ +
+ +
+
+
+ + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/index.html b/ia-terms-updates/en/index.html new file mode 100644 index 000000000..c6097a27f --- /dev/null +++ b/ia-terms-updates/en/index.html @@ -0,0 +1,457 @@ + + + + + + + + The Italian EUDI Wallet implementation profile — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

The Italian EUDI Wallet implementation profile

+
+

Introduction

+

The European Parliament has adopted the revision of the eIDAS Regulation concerning electronic identification and trust services, introducing a significant innovation: the European Digital Identity Wallet. This update marks a pivotal advancement in the EU's digital strategy, aiming to enhance the security, interoperability, and usability of digital identities across Member States. For further details, resources, and notes on this legislative development, please refer to the official EU Commission and Parliament websites.

+

Italy has launched the National digital identity Wallet solution, known as IT-Wallet, established by the Legislative Decree of March 2, 2024, No. 19 (commonly referred to as the PNRR Decree)., in direct response to the European community's directives. This initiative ensures full interoperability with the digital identity solutions provided by other European Member States, aligning with European regulations.

+

The purpose of the following technical rules is to define the technical architecture and reference framework to be used as a guideline by all the parties involved in the development of the IT-Wallet project.

+

This documentation defines the national implementation profile of IT-Wallet, containing the technical details about components of the Wallet ecosystem, as listed below:

+
+
    +
  • Entities of the ecosystem according to EIDAS-ARF.

  • +
  • Infrastructure of trust attesting realiability and eligibility of the participants.

  • +
  • PID and EAAs data schemes and attribute sets.

  • +
  • PID/EAA in MDL CBOR format.

  • +
  • PID/EAA in SD-JWT format.

  • +
  • Wallet Solution general architecture.

  • +
  • Wallet Attestation.

  • +
  • Issuance of PID/EAA according to OpenID4VCI.

  • +
  • Presentation of PID/EAA according to OpenID4VP.

  • +
  • Presentation of pseudonyms according to SIOPv2.

  • +
  • PID/EAA backup and restore mechanisms.

  • +
  • PID/EAA revocation lists.

  • +
+
+
+
+

Index of content

+
+ +
+
+
+ + +
+
+
+
+ + + + + + +
+
+
+ +
+ + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/objects.inv b/ia-terms-updates/en/objects.inv new file mode 100644 index 0000000000000000000000000000000000000000..3301deda8d17df6df01b5d3b0ef44ce1d4ba301a GIT binary patch literal 4480 zcmV-`5r6I@AX9K?X>NERX>N99Zgg*Qc_4OWa&u{KZXhxWBOp+6Z)#;@bUGkZXk{Qt zbYX01VQwHrRYXZ3S7B^yWpp5EZE$R5ZDnqBVRUJ4ZXj@SZ)Rz1WeOu8R%LQ?X>V>i zAa-SPb7^mGIv{LebY*jN3L_v?Xk{RBWo=<;Ze(S0Aa78b#rNMXCQiPX<{x4c-pO8O>^8f620?Ru*yEz2PC!Ey=f(Rtt~m8l@#YV zfk?~@V-87^94WKEejDEn5Fo*ktCA`U#Cxv^0*!8b%!eNz8KrsCHl%6$BOR+3mb1U< zv8&mT4`cbynm)5SC;!O1sw7aClys!z*p{sRDe&0y|viX&gf}8fYHD3*+{F}YxtfW+mVr7 z-M-G~5RDD$x_f*6lWKXaV~1+ckh?BkRP+IhH;qi zTO1O&*M(T2>s$EV@L$&s15A*U54or%7m6*x=y)r`>Rr>9N$Ref7RuYQ3sp{DSynKaF|YrE}V zuj7{ey|y#89RVOjgxuX(LJQog23pUJD(JaY$w1EpclJ^h;7wu50A4zthP*hi;ybva zrpyOcoFEQ6FHAFnibyI^Oe7VNR0ODqp}H2jH&XW#*L{?_*H-sYRR$w*Sm=e4HkNaP z$#)KlAXGHUEEz2z>JE7HS6bI>gkY{d@rOFlyg>j!?_f%0rEbQ>VW$D2v4Bg#d23`U zn$ATuy%=aaMVv`spZH&y`wUGSQ=a@clXu+HW`Cl4CO!mAPcOV5K~Hz-rt`^?abi|U zk`X=Xct&322$2@g*Yfe)v9xqf zu@E%QGz$?dH%bP1kS|*12`XgexuHksghhJ`^597{_qGC~ttW4a>x01n$m%_9)qc2R3VVKk5v$L|IliY1Vk4P5bHe8mF zA^E-4yu-D_7VKxS&DhPO0YJ)J-%M|Y)n0E4y57%o&zwTY+>ePdxquK05$S7wrT@;8D@|xNDZqyv^;`uBdtb*Qx5Xl^86&XcI48V8vM<5!u?%uw13Qv) z>?L4OH6qA|@Q5{&6}(_%rcnf;Zl_EcS_Yt9WwOxtII{o(0Ac}l!63id+*u|p(YG~A zqLvjAR%1TvCF217Kz(|?fs->d<%>YVn) zp&D5+o_ZO+akgBri3s?Y1$!aAf*vAYxEk8@_-@{EpY}7ac`vMj;qrHNPNVH?DFFxPSU zyQUg>pjYDD{8Pjbm5{EQSpw!vXjJZMrW>9kN*w4XOZkAx zv%Ts_Fqd>J5F#RfqpA{ARd>UUDKdm{!^8bbvpYD=@0(mTrN5w|OJ!bq$N!lf7%lw( zC6btb7F9DlAoV1knwz7cEN5o{M9xGF1JUJ?46t3I!7KO*-0wTz*_&!dY8E=;x$Di7zt)tZC zvRmInx$MNUs9x91Eq7@sxP>eIpW(tuJV}<)-^9AY)u0fJ?(R9Z7~+r7z4oJPdb-cQnWS% z734}{=Bx+D1*`HO?wT$j+vkceHR!#L_W3Ue=@W;(z?yv$qOe~irQQ+Azlvf|Dg&`o zcP9FQoLaxYd{Q$NMK$yYu8kI{&ggy45sw0qHDdp$JCzj$gT%|p4fDE%Jie}8APz?h z)$wMV5b2$HPDBI|afp74Dc^JDd!c-V0GT~QRpU*D!frAw?p)YITAD)5q?RIKE2C-0 zYF8EOPxxS<-8KI$MCXdE*jIKmG|rLGQ>&+tzPs#6D4?gICfjzmtKlnn%T;D5#(I;2 zc?(bm_EoXE>rHyp8d0@mZ95SN7YEu@!*N)YR;$()Ob}Qbpcbx?!WUD?m?52Fz?vl! zl)s%=V&qjsJ+UI==^ni>MMYRQ+xv=0os6%e=enh3QX;pJbq(gviNF3cfk&YO;fCT5 zL>fGkD{5LD6a6GFSM_=3b}jxXSl)7Cl$S@&i*gn26|D<0q2ZJbCtVROyt;G4hs_uM zD4UB*Lafo?VBH>o?@K~bj-LrFPGxA5Pj~{`7D+At!*9iC6KRz-Yj0LzZh;N64<$b! z65Z8Weicc8x3!Ss;|=-GA5Vy#OK$Pz58 z-2T-LY#UlcntKHfA__#ZuCHEbaprjy?Z3xo1yzsedK-m%kbeV@UW%S()^mxf!O67R zThaEO;t}IKQR5{7-tsDt$P|~F#iQ2=yIDnY%yQS3@{Rf12h8l*1wnxhil7I_3+WeVo4UJM`#HqDzYRSRV+7a z^v|)d!9H{o&3fNjkud zx%9DZOsNlRyHT?qqUpmp{LBlRA62oZCc{lP>0qXSPf;8tyf!X(Ued*T7&+wB%0=4c z2tAr5$Xtrh!&feMn9C4aLJS~1{u4)%)DZ(oA?=8gtYScERx`4!Vr+SNM#@02hH;db z{Iwbn@)UE|PM5@IBsfr>TNXepBsj%!<;~Z}r!1b}MRG7FdF$DD>KneDgp)>b@F;;y zqWSg|P8%iq!7zXInKQHjylV3nl~S}hYsl;YA*8??cv#6UG2RyRfLZldem?6AztVfy z>!kEoe?IGs-w+}F2P@}onPa0)&?gHzu(huXI3jUK@^^k#o)>05-gO=U?(kI&TXje~ z68j#RGh{kjO5YvP=@CY#tjO6HQT1L5e1Lc-^6<3G!VusEd_^Dy$+v6VD4)c$Y+(F| zh^ryXWHUa>=Nr0bP`42K%J8jvvSuaYJzl^77QQZ@5~m44sJbRdoM)xxuA?SiIfP13m=Pf{Kb+L|e6yW)D3 zC-0v%GU;OU%u&GOd*;1X+e#msy0quLR>W{j`rd*m;!^r{MGnoi1<1U;xXNzwVYAiN z@hPEi(r$U1O*Vrv`)eCj0?eSmr`EEf`<@=rwxzQ+PYdV`LlwO_G?}V2F;T>L#}w}( zU}7?Bj)?-i^DJ*RM-vl|n42T7Jn}uWs-f%h76m34{HO?@Y*_{+WO8;!1rz==dz46D zy}2vZO26ue{G@(a?T-`M>55U1{GDGaR*%vYp%qKomrgij3YF=sI5bru{EIoJEMnl~ z5J(*Pm!J!87D=dovFK3}diRRdb-`6p`QrJ>DQj{}KJk|lIq{Zidh~VHUS^%hIrms6 zs?HVGn0Wf_)tI_sh{@~N%h&G$)9Q7tYO;!!!V7Wvae<*m3?(xLs)H)xxk(*^OLChH06K`R%Q*N$0lS=w#L zpV3_sy2?*!uC%6_{LF-KLc>KeX#0>;Xc2Yd6M60RzCDm7IUXLLY>KL0JhKGUgYyhN z<)tIO(M0#D2kH$%=GZnp5PL0_FLpiBO)n4~0t9mo9(w6tNvL#2qoS-%Wi%=25|8-w z?<8m*-G+uIDShG=Rn4xaFlnFU6*+zcRO}GOHXFIRixKBc1x8#rned4nN2#SQqp(w1 znfNkz86|p~L&!@S!f8xg>E5ByG%K&b$lvx`vy(2@Pz>V9Ay9m4rqh`v8BLac3PH0e zgr-x;3IuA6S_Xl{-~}3~Ox|^}Se}CjtlD#Wa#+7vR-~7lcv~_UKBil$Jl}T8`Hm-W z#er7w9dx;8F6+n*@@xKY2fG7uX#Ix0(mI8RZ~)N&#F~GiVmnbh$R@k|=8)@xh=tg5 zv6J0>dm2^=dBZ*FBIQKd8~?E@mC_jRyTsOerAR;Ld4zVq;Aa9WiOb!2+5 + + + + + + + PID/(Q)EAA Data Model — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

PID/(Q)EAA Data Model

+

The Person Identification Data (PID) is issued by the PID Provider according to national laws. The main scope of the PID is allowing natural persons to be authenticated for the access to a service or to a protected resource. +The User attributes provided within the Italian PID are the ones listed below:

+
+
    +
  • Current Family Name

  • +
  • Current First Name

  • +
  • Date of Birth

  • +
  • Unique Identifier

  • +
  • Taxpayer identification number

  • +
+
+

The (Q)EAAs are issued by (Q)EAA Issuers to a Wallet Instance and MUST be provided in SD-JWT-VC or MDOC-CBOR data format.

+

The PID/(Q)EAA data format and the mechanism through which a digital credential is issued to the Wallet Instance and presented to a Relying Party are described in the following sections.

+
+

SD-JWT-VC Credential Format

+

The PID/(Q)EAA is issued in the form of a Digital Credential. The Digital Credential format is SD-JWT as specified in SD-JWT-VC.

+

SD-JWT MUST be signed using the Issuer's private key. SD-JWT MUST be provided along with a Type Metadata related to the issued Digital Credential according to Sections 6 and 6.3 of [SD-JWT-VC]. The payload MUST contain the _sd_alg claim described in the Section 5.1.1 SD-JWT and other claims specified in this section.

+

The claim _sd_alg indicates the hash algorithm used by the Issuer to generate the digests as described in Section 5.1.1 of SD-JWT. _sd_alg MUST be set to one of the specified algorithms in Section Cryptographic Algorithms.

+

Claims that are not selectively disclosable MUST be included in the SD-JWT as they are. The digests of the disclosures, along with any decoy if present, MUST be contained in the _sd array, as specified in Section 5.2.4.1 of SD-JWT.

+

Each digest value, calculated using a hash function over the disclosures, verifies the integrity and corresponds to a specific Disclosure. Each disclosure includes:

+
+
    +
  • a random salt,

  • +
  • the claim name (only when the claim is an object element),

  • +
  • the claim value.

  • +
+
+

In case of nested object in a SD-JWT payload each claim, on each level of the JSON, should be individually selectively disclosable or not. Therefore _sd claim containing digests MAY appear multiple times at different level in the SD-JWT.

+

For each claim that is an array element the digests of the respective disclosures and decoy digests are added to the array in the same position of the original claim values as specified in Section 5.2.4.2 of SD-JWT.

+

In case of array elements, digest values are calculated using a hash function over the disclosures, containing:

+
+
    +
  • a random salt,

  • +
  • the array element

  • +
+
+

In case of multiple array elements, the Issuer may wish to conceal presence of any statement while also allowing the Holder to reveal each of those elements individually (Section 5.2.6 SD-JWT). Both the entire array and the individuals entries can be selective disclosure.

+

The Disclosures are provided to the Holder together with the SD-JWT in the Combined Format for Issuance that is an ordered series of base64url-encoded values, each separated from the next by a single tilde ('~') character as follows:

+
<Issuer-Signed-JWT>~<Disclosure 1>~<Disclosure 2>~...~<Disclosure N>
+
+
+

See SD-JWT-VC and SD-JWT for additional details.

+
+

PID/(Q)EAA SD-JWT parameters

+

The JOSE header contains the following mandatory parameters:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

typ

REQUIRED. It MUST be set to vc+sd-jwt as defined in SD-JWT-VC.

RFC 7515 Section 4.1.9.

alg

REQUIRED. Signature Algorithm.

RFC 7515 Section 4.1.1.

kid

REQUIRED. Unique identifier of the public key.

RFC 7515 Section 4.1.8.

trust_chain

OPTIONAL. JSON array containing the trust chain that proves the reliability of the issuer of the JWT.

[OID-FED] Section 3.2.1.

x5c

OPTIONAL. Contains the X.509 public key certificate or certificate chain [RFC 5280] corresponding to the key used to digitally sign the JWS.

RFC 7515 Section 4.1.8 and [SD-JWT-VC] Section 3.5.

vctm

OPTIONAL. JSON array of base64url-encoded Type Metadata JSON documents. In case of extended type metadata, this claim contains the entire chain of JSON documents.

[SD-JWT-VC] Section 6.3.5.

+

The following claims MUST be in the JWT payload. Some of these claims can be disclosed, these are listed in the following tables that specify whether a claim is selectively disclosable [SD] or not [NSD].

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

iss

[NSD].URL string representing the PID/(Q)EAA Issuer unique identifier.

[RFC7519, Section 4.1.1].

sub

[NSD]. The identifier of the subject of the Digital Credential, the User, MUST be opaque and MUST NOT correspond to any anagraphic data or be derived from the User's anagraphic data via pseudonymization. Additionally, it is required that two different Credentials issued MUST NOT use the same sub value.

[RFC7519, Section 4.1.2].

iat

[SD].UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in RFC 7519.

[RFC7519, Section 4.1.6].

exp

[NSD].UNIX Timestamp with the expiry time of the JWT, coded as NumericDate as indicated in RFC 7519.

[RFC7519, Section 4.1.4].

status

[NSD]. It MUST be a valid JSON object containing the information on how to read the status of the Verifiable Credential. It MUST contain the JSON member status_assertion set to a JSON Object containing the credential_hash_alg claim indicating the Algorithm used for hashing the Digital Credential to which the Status Assertion is bound. It is RECOMMENDED to use sha-256.

Section 3.2.2.2 SD-JWT-VC and Section 11 OAUTH-STATUS-ASSERTION.

cnf

[NSD].JSON object containing the proof-of-possession key materials. By including a cnf (confirmation) claim in a JWT, the issuer of the JWT declares that the Holder is in control of the private key related to the public one defined in the cnf parameter. The recipient MUST cryptographically verify that the Holder is in control of that key.

[RFC7800, Section 3.1] and Section 3.2.2.2 SD-JWT-VC.

vct

[NSD]. Credential type value MUST be an HTTPS URL String and it MUST be set using one of the values obtained from the PID/(Q)EAA Issuer metadata. It is the identifier of the SD-JWT VC type and it MUST be set with a collision-resistant value as defined in Section 2 of RFC 7515. It MUST contain also the number of version of the Credential type (for instance: https://issuer.example.org/v1.0/personidentificationdata).

Section 3.2.2.2 SD-JWT-VC.

vct#integrity

[NSD].The value MUST be an "integrity metadata" string as defined in Section 3 of [W3C-SRI]. SHA-256, SHA-384 and SHA-512 MUST be supported as cryptographic hash functions. MD5 and SHA-1 MUST NOT be used. This claim MUST be verified according to Section 3.3.5 of [W3C-SRI].

Section 6.1 SD-JWT-VC, [W3C-SRI]

verification

[NSD].Object containing user authentication information. It MUST contain the following sub-value:

+
+
    +
  • trust_framework: String identifying the trust framework used for user digital authetication.

  • +
  • assurance_level: String identifying the level of identity assurance guarateed during the authentication process.

  • +
  • evidence: It MUST contain method claim identifying the digital identity system used for the authentication.

  • +
+
+

OIDC-IDA.

+
+

Note

+

Credential Type Metadata JSON Document MAY be retrieved directly from the URL contained in the claim vct, using the HTTP GET method or using the vctm header parameter if provided. Unlike specified in Section 6.3.1 of SD-JWT-VC the .well-known endpoint is not included in the current implementation profile. Implementers may decide to use it for interoperability with other systems.

+
+
+
+

Digital Credential Metadata Type

+

The Metadata type document MUST be a JSON object and contains the following parameters.

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

name

REQUIRED. Human-readable name of the Digital Credential type. In case of multiple language, the language tags are added to member name, delimited by a # character as defined in RFC 5646 (e.g. name#it-IT).

[SD-JWT-VC] Section 6.2 and [OIDC] Section 5.2.

description

REQUIRED. A human-readable description of the Digital Credential type. In case of multiple language, the language tags are added to member name, delimited by a # character as defined in RFC 5646.

[SD-JWT-VC] Section 6.2 and [OIDC] Section 5.2.

extends

OPTIONAL. String Identitifier of an exteded metadata type document.

[SD-JWT-VC] Section 6.2.

extends#integrity

CONDITIONAL. REQUIRED if extends is present.

[SD-JWT-VC] Section 6.2.

schema

CONDITIONAL. REQUIRED if schema_uri is not present.

[SD-JWT-VC] Section 6.2.

schema_uri

CONDITIONAL. REQUIRED if schema is not present.

[SD-JWT-VC] Section 6.2.

schema#integrity

CONDITIONAL. REQUIRED if schema_uri is not present.

[SD-JWT-VC] Section 6.2.

data_source

REQUIRED. Object containing information about the data origin. It MUST contain the object verification with this following sub-value:

+
+
    +
  • trust_framework: MUST cointain trust framework used for digital authentication towards authentic source system.

  • +
  • authentic_source: MUST contain organization_name and organization_code cliam related to name and code identifier of the authentic source.

  • +
+
+

This specification

vc_claims

REQUIRED. Object containing useful information about the Digital credential graphical rappresentation. It MUST contain the for each credential claim the following objects:

+
+
    +
  • display: MUST cointain name human-readable display name.

  • +
  • graphics: MUST contain position, font character, color, size.

  • +
+
+

This specification

+

A non-normative Digital Credential metadata type is provided below.

+
{	
+    "name": "Person Identification Data",
+    "description": "Digital version of Person Identification Data",
+    "template_uri": "https://pidprovider.example.org/v1.0/templatepid",	
+    "schema_uri": "https://pidprovider.example.org/schema/v1.0/mdl",
+    "schema#integrity": "c8b708728e4c5756e35c03aeac257ca878d1f717d7b61f621be4d36dbd9b9c16",
+    "data_source": {
+        "verification": {
+        "trust_framework": "pdnd",
+        "authentic_source": {
+            "organization_name": "Ministero degli Interni",
+            "organization_code": "m_it"
+            }
+        }	
+    },					
+    "vc_claims": {
+        "unique_id": {
+            "display": [
+                {
+                    "name": "Nome",
+                    "locale": "it-IT"
+                },
+                {
+                    "name": "First Name",
+                    "locale": "en-US"
+                }
+            ],
+            "graphics": {
+                "position": {
+                    "x": 10,
+                    "y": 10
+                },
+                "font": "arial",
+                "color": "black",
+                "size": "12pt"
+            }
+        },
+        "given_name": {
+            "display": [
+                {
+                    "name": "Nome",
+                    "locale": "it-IT"
+                },
+                {
+                    "name": "First Name",
+                    "locale": "en-US"
+                }
+            ],
+            "graphics": {
+                "position": {
+                    "x": 10,
+                    "y": 20
+                },
+                "font": "arial",
+                "color": "black",
+                "size": "12pt"
+            }
+        },
+        "family_name": {
+            "value_type": "string",
+            "display": [
+                {
+                    "name": "Cognome",
+                    "locale": "it-IT"
+                },
+                {
+                    "name": "Family Name",
+                    "locale": "en-US"
+                }
+            ],
+            "graphics": {
+                "position": {
+                    "x": 10,
+                    "y": 30
+                },
+                "font": "arial",
+                "color": "black",
+                "size": "12pt"
+            }
+        },
+        "birth_date": {
+            "value_type": "string",
+            "display": [
+                {
+                    "name": "Data di nascita (YYYY-MM-GG)",
+                    "locale": "it-IT"
+                },
+                {
+                    "name": "Date of Birth (YYYY-MM-GG)",
+                    "locale": "en-US"
+                }
+            ],
+            "graphics": {
+                "position": {
+                    "x": 10,
+                    "y": 40
+                },
+                "font": "arial",
+                "color": "black",
+                "size": "12pt"
+                }
+        },
+        "tax_id_code": {
+            "value_type": "string",
+            "display": [
+                {
+                    "name": "Luogo di Nascita",
+                    "locale": "it-IT"
+                },
+                {
+                    "name": "Place of Birth",
+                    "locale": "en-US"
+                }
+            ],
+            "graphics": {
+                "position": {
+                    "x": 10,
+                    "y": 50
+                },
+                "font": "arial",
+                "color": "black",
+                "size": "12pt"
+            }
+        }
+    }
+}
+
+
+
+
+

PID Claims

+

Depending on the Digital Credential type vct, additional claims data MAY be added. The PID MUST support the following data:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

given_name

[SD]. Current First Name.

[OpenID Connect Core 1.0, Section 5.1]

family_name

[SD]. Current Family Name.

[OpenID Connect Core 1.0, Section 5.1]

birth_date

[SD]. Date of Birth.

unique_id

[SD]. Unique citizen identifier (ID ANPR) given by the National Register of the Resident Population (ANPR). It MUST be set according to ANPR rules

tax_id_code

[SD]. National tax identification code of natural person as a String format. It MUST be set according to ETSI EN 319 412-1. For example TINIT-<ItalianTaxIdentificationNumber>

+

The PID attribute schema, which encompasses all potential User data, is defined in ARF v1.4, and furthermore detailed in the PID Rulebook.

+
+
+

PID Non-Normative Examples

+

In the following, the non-normative example of the payload of a PID represented in JSON format.

+
{
+  "iss": "https://pidprovider.example.org",
+  "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs",
+  "iat": 1683000000,
+  "exp": 1883000000,
+  "status": {
+    "status_assertion": {
+      "credential_hash_alg": "sha-256"
+    }
+  },
+  "vct": "https://pidprovider.example.org/v1.0/personidentificationdata",
+  "vct#integrity": "c5f73e250fe869f24d15118acce286c9bb56b63a443dc85af653cd73f6078b1f",
+  "verification": {
+    "trust_framework": "eidas",
+    "assurance_level": "high",
+    "evidence": {
+      "method": "cie"
+    }
+  },
+  "unique_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+  "given_name": "Mario",
+  "family_name": "Rossi",
+  "birth_date": "1980-01-10",
+  "tax_id_code": "TINIT-XXXXXXXXXXXXXXXX"
+}
+
+
+

The corresponding SD-JWT version for PID is given by

+
{
+  "typ":"vc+sd-jwt",
+  "alg":"ES256",
+  "kid":"dB67gL7ck3TFiIAf7N6_7SHvqk0MDYMEQcoGGlkUAAw",
+  "trust_chain" : [
+   "NEhRdERpYnlHY3M5WldWTWZ2aUhm ...",
+   "eyJhbGciOiJSUzI1NiIsImtpZCI6 ...",
+   "IkJYdmZybG5oQU11SFIwN2FqVW1B ..."
+  ]
+}
+
+
+
{
+  "_sd": [
+    "BoMGktW1rbikntw8Fzx_BeL4YbAndr6AHsdgpatFCig",
+    "ENNo31jfzFp8Y2DW0R-fIMeWwe7ELGvGoHMwMBpu14E",
+    "VQI-S1mT1Kxfq2o8J9io7xMMX2MIxaG9M9PeJVqrMcA",
+    "Yrc-s-WSr4exEYtqDEsmRl7spoVfmBxixP12e4syqNE",
+    "s1XK5f2pM3-aFTauXhmvd9pyQTJ6FMUhc-JXfHrxhLk",
+    "zVdghcmClMVWlUgGsGpSkCPkEHZ4u9oWj1SlIBlCc1o"
+  ],
+  "iss": "https://pidprovider.example.org",
+  "iat": 1683000000,
+  "exp": 1883000000,
+  "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs",
+  "status": {
+    "status_assertion": {
+      "credential_hash_alg": "sha-256"
+    }
+  },
+  "vct": "https://pidprovider.example.org/v1.0/personidentificationdata",
+  "vct#integrity": "c5f73e250fe869f24d15118acce286c9bb56b63a443dc85af653cd73f6078b1f",
+  "verification": {
+    "trust_framework": "eidas",
+    "assurance_level": "high",
+    "evidence": {
+      "method": "cie"
+    }
+  },
+  "_sd_alg": "sha-256",
+  "cnf": {
+    "jwk": {
+      "kty": "EC",
+      "crv": "P-256",
+      "x": "TCAER19Zvu3OHF4j4W4vfSVoHIP1ILilDls7vCeGemc",
+      "y": "ZxjiWWbZMQGHVWKVQ4hbSIirsVfuecCE6t4jT9F2HZQ"
+    }
+  }
+}
+
+
+

In the following the disclosure list is given

+

Claim iat:

+
    +
  • SHA-256 Hash: Yrc-s-WSr4exEYtqDEsmRl7spoVfmBxixP12e4syqNE

  • +
  • Disclosure: +WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImlhdCIsIDE2ODMwMDAwMDBd

  • +
  • Contents: ["2GLC42sKQveCfGfryNRN9w", "iat", 1683000000]

  • +
+

Claim unique_id:

+
    +
  • SHA-256 Hash: BoMGktW1rbikntw8Fzx_BeL4YbAndr6AHsdgpatFCig

  • +
  • Disclosure: +WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgInVuaXF1ZV9pZCIsICJ4eHh4 +eHh4eC14eHh4LXh4eHgteHh4eC14eHh4eHh4eHh4eHgiXQ

  • +
  • Contents: ["eluV5Og3gSNII8EYnsxA_A", "unique_id", +"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"]

  • +
+

Claim given_name:

+
    +
  • SHA-256 Hash: zVdghcmClMVWlUgGsGpSkCPkEHZ4u9oWj1SlIBlCc1o

  • +
  • Disclosure: +WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImdpdmVuX25hbWUiLCAiTWFy +aW8iXQ

  • +
  • Contents: ["6Ij7tM-a5iVPGboS5tmvVA", "given_name", "Mario"]

  • +
+

Claim family_name:

+
    +
  • SHA-256 Hash: VQI-S1mT1Kxfq2o8J9io7xMMX2MIxaG9M9PeJVqrMcA

  • +
  • Disclosure: +WyJlSThaV205UW5LUHBOUGVOZW5IZGhRIiwgImZhbWlseV9uYW1lIiwgIlJv +c3NpIl0

  • +
  • Contents: ["eI8ZWm9QnKPpNPeNenHdhQ", "family_name", "Rossi"]

  • +
+

Claim birth_date:

+
    +
  • SHA-256 Hash: s1XK5f2pM3-aFTauXhmvd9pyQTJ6FMUhc-JXfHrxhLk

  • +
  • Disclosure: +WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImJpcnRoX2RhdGUiLCAiMTk4 +MC0wMS0xMCJd

  • +
  • Contents: ["Qg_O64zqAxe412a108iroA", "birth_date", "1980-01-10"]

  • +
+

Claim tax_id_code:

+
    +
  • SHA-256 Hash: ENNo31jfzFp8Y2DW0R-fIMeWwe7ELGvGoHMwMBpu14E

  • +
  • Disclosure: +WyJBSngtMDk1VlBycFR0TjRRTU9xUk9BIiwgInRheF9pZF9jb2RlIiwgIlRJ +TklULVhYWFhYWFhYWFhYWFhYWFgiXQ

  • +
  • Contents: ["AJx-095VPrpTtN4QMOqROA", "tax_id_code", +"TINIT-XXXXXXXXXXXXXXXX"]

  • +
+

The combined format for the PID issuance is given by

+
eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0.eyJfc2QiOiBb
+IkJvTUdrdFcxcmJpa250dzhGenhfQmVMNFliQW5kcjZBSHNkZ3BhdEZDaWciLCAiRU5O
+bzMxamZ6RnA4WTJEVzBSLWZJTWVXd2U3RUxHdkdvSE13TUJwdTE0RSIsICJWUUktUzFt
+VDFLeGZxMm84Sjlpbzd4TU1YMk1JeGFHOU05UGVKVnFyTWNBIiwgIllyYy1zLVdTcjRl
+eEVZdHFERXNtUmw3c3BvVmZtQnhpeFAxMmU0c3lxTkUiLCAiczFYSzVmMnBNMy1hRlRh
+dVhobXZkOXB5UVRKNkZNVWhjLUpYZkhyeGhMayIsICJ6VmRnaGNtQ2xNVldsVWdHc0dw
+U2tDUGtFSFo0dTlvV2oxU2xJQmxDYzFvIl0sICJpc3MiOiAiaHR0cHM6Ly9waWRwcm92
+aWRlci5leGFtcGxlLm9yZyIsICJpYXQiOiAxNjgzMDAwMDAwLCAiZXhwIjogMTg4MzAw
+MDAwMCwgInN1YiI6ICJOemJMc1hoOHVEQ2NkN25vV1hGWkFmSGt4WnNSR0M5WHMiLCAi
+c3RhdHVzIjogeyJzdGF0dXNfYXNzZXJ0aW9uIjogeyJjcmVkZW50aWFsX2hhc2hfYWxn
+IjogInNoYS0yNTYifX0sICJ2Y3QiOiAiaHR0cHM6Ly9waWRwcm92aWRlci5leGFtcGxl
+Lm9yZy92MS4wL3BlcnNvbmlkZW50aWZpY2F0aW9uZGF0YSIsICJ2Y3QjaW50ZWdyaXR5
+IjogImM1ZjczZTI1MGZlODY5ZjI0ZDE1MTE4YWNjZTI4NmM5YmI1NmI2M2E0NDNkYzg1
+YWY2NTNjZDczZjYwNzhiMWYiLCAidmVyaWZpY2F0aW9uIjogeyJ0cnVzdF9mcmFtZXdv
+cmsiOiAiZWlkYXMiLCAiYXNzdXJhbmNlX2xldmVsIjogImhpZ2giLCAiZXZpZGVuY2Ui
+OiB7Im1ldGhvZCI6ICJjaWUifX0sICJfc2RfYWxnIjogInNoYS0yNTYiLCAiY25mIjog
+eyJqd2siOiB7Imt0eSI6ICJFQyIsICJjcnYiOiAiUC0yNTYiLCAieCI6ICJUQ0FFUjE5
+WnZ1M09IRjRqNFc0dmZTVm9ISVAxSUxpbERsczd2Q2VHZW1jIiwgInkiOiAiWnhqaVdX
+YlpNUUdIVldLVlE0aGJTSWlyc1ZmdWVjQ0U2dDRqVDlGMkhaUSJ9fX0.NE_Q2unPGzoh
+rIyVI0kAZ8nz3DLhUXBBd-jji8302PyIU0xqLnGtcWrdM9NPE_-BfUe3H-XFahYOMI54
+PUvdZw~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImlhdCIsIDE2ODMwMDAwMDBd~
+WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgInVuaXF1ZV9pZCIsICJ4eHh4eHh4eC14
+eHh4LXh4eHgteHh4eC14eHh4eHh4eHh4eHgiXQ~WyI2SWo3dE0tYTVpVlBHYm9TNXRtd
+lZBIiwgImdpdmVuX25hbWUiLCAiTWFyaW8iXQ~WyJlSThaV205UW5LUHBOUGVOZW5IZG
+hRIiwgImZhbWlseV9uYW1lIiwgIlJvc3NpIl0~WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm
+9BIiwgImJpcnRoX2RhdGUiLCAiMTk4MC0wMS0xMCJd~WyJBSngtMDk1VlBycFR0TjRRT
+U9xUk9BIiwgInRheF9pZF9jb2RlIiwgIlRJTklULVhYWFhYWFhYWFhYWFhYWFgiXQ~
+
+
+
+
+

(Q)EAA non-normative examples

+

In the following, we provide a non-normative example of (Q)EAA in JSON.

+
{
+  "iss": "https://issuer.example.org",
+  "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs",
+  "iat": 1683000000,
+  "exp": 1883000000,
+  "status": {
+    "status_assertion": {
+      "credential_hash_alg": "sha-256"
+    }
+  },
+  "vct": "https://issuer.example.org/v1.0/disabilitycard",
+  "vct#integrity": "2e40bcd6799008085ffb1a1f3517efee335298fd976b3e655bfb3f4eaa11d171",
+  "verification": {
+    "trust_framework": "eidas",
+    "assurance_level": "high",
+    "evidence": {
+      "method": "cie"
+    }
+  },
+  "document_number": "XXXXXXXXXX",
+  "given_name": "Mario",
+  "family_name": "Rossi",
+  "birth_date": "1980-01-10",
+  "expiry_date": "2024-01-01",
+  "tax_id_code": "TINIT-XXXXXXXXXXXXXXXX",
+  "constant_attendance_allowance": true
+}
+
+
+

The corresponding SD-JWT for the previous data is represented as follow, as decoded JSON for both header and payload.

+
{
+  "typ":"vc+sd-jwt",
+  "alg":"ES256",
+  "kid":"d126a6a856f7724560484fa9dc59d195",
+  "trust_chain" : [
+   "NEhRdERpYnlHY3M5WldWTWZ2aUhm ...",
+   "eyJhbGciOiJSUzI1NiIsImtpZCI6 ...",
+   "IkJYdmZybG5oQU11SFIwN2FqVW1B ..."
+  ]
+}
+
+
+
{
+  "_sd": [
+    "8JjozBfovMNvQ3HflmPWy4O19Gpxs61FWHjZebU589E",
+    "Dx-6hjvrcxNzF0slU6ukNmzHoL-YvBN-tFa0T8X-bY0",
+    "GE3Sjy_zAT34f8wa5DUkVB0FslaSJRAAc8I3lN11Ffc",
+    "VQI-S1mT1Kxfq2o8J9io7xMMX2MIxaG9M9PeJVqrMcA",
+    "Yrc-s-WSr4exEYtqDEsmRl7spoVfmBxixP12e4syqNE",
+    "aBVdfcnxT0Z5RrwdxZSUhuUxz3gM2vcEZLeYIj61Kas",
+    "s1XK5f2pM3-aFTauXhmvd9pyQTJ6FMUhc-JXfHrxhLk",
+    "zVdghcmClMVWlUgGsGpSkCPkEHZ4u9oWj1SlIBlCc1o"
+  ],
+  "iss": "https://issuer.example.org",
+  "iat": 1683000000,
+  "exp": 1883000000,
+  "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs",
+  "status": {
+    "status_assertion": {
+      "credential_hash_alg": "sha-256"
+    }
+  },
+  "vct": "https://issuer.example.org/v1.0/disabilitycard",
+  "vct#integrity": "2e40bcd6799008085ffb1a1f3517efee335298fd976b3e655bfb3f4eaa11d171",
+  "verification": {
+    "trust_framework": "eidas",
+    "assurance_level": "high",
+    "evidence": {
+      "method": "cie"
+    }
+  },
+  "_sd_alg": "sha-256",
+  "cnf": {
+    "jwk": {
+      "kty": "EC",
+      "crv": "P-256",
+      "x": "TCAER19Zvu3OHF4j4W4vfSVoHIP1ILilDls7vCeGemc",
+      "y": "ZxjiWWbZMQGHVWKVQ4hbSIirsVfuecCE6t4jT9F2HZQ"
+    }
+  }
+}
+
+
+

In the following the disclosure list is given:

+

Claim iat:

+
    +
  • SHA-256 Hash: Yrc-s-WSr4exEYtqDEsmRl7spoVfmBxixP12e4syqNE

  • +
  • Disclosure: +WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImlhdCIsIDE2ODMwMDAwMDBd

  • +
  • Contents: ["2GLC42sKQveCfGfryNRN9w", "iat", 1683000000]

  • +
+

Claim document_number:

+
    +
  • SHA-256 Hash: Dx-6hjvrcxNzF0slU6ukNmzHoL-YvBN-tFa0T8X-bY0

  • +
  • Disclosure: +WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgImRvY3VtZW50X251bWJlciIs +ICJYWFhYWFhYWFhYIl0

  • +
  • Contents: +["eluV5Og3gSNII8EYnsxA_A", "document_number", "XXXXXXXXXX"]

  • +
+

Claim given_name:

+
    +
  • SHA-256 Hash: zVdghcmClMVWlUgGsGpSkCPkEHZ4u9oWj1SlIBlCc1o

  • +
  • Disclosure: +WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImdpdmVuX25hbWUiLCAiTWFy +aW8iXQ

  • +
  • Contents: ["6Ij7tM-a5iVPGboS5tmvVA", "given_name", "Mario"]

  • +
+

Claim family_name:

+
    +
  • SHA-256 Hash: VQI-S1mT1Kxfq2o8J9io7xMMX2MIxaG9M9PeJVqrMcA

  • +
  • Disclosure: +WyJlSThaV205UW5LUHBOUGVOZW5IZGhRIiwgImZhbWlseV9uYW1lIiwgIlJv +c3NpIl0

  • +
  • Contents: ["eI8ZWm9QnKPpNPeNenHdhQ", "family_name", "Rossi"]

  • +
+

Claim birth_date:

+
    +
  • SHA-256 Hash: s1XK5f2pM3-aFTauXhmvd9pyQTJ6FMUhc-JXfHrxhLk

  • +
  • Disclosure: +WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImJpcnRoX2RhdGUiLCAiMTk4 +MC0wMS0xMCJd

  • +
  • Contents: ["Qg_O64zqAxe412a108iroA", "birth_date", "1980-01-10"]

  • +
+

Claim expiry_date:

+
    +
  • SHA-256 Hash: aBVdfcnxT0Z5RrwdxZSUhuUxz3gM2vcEZLeYIj61Kas

  • +
  • Disclosure: +WyJBSngtMDk1VlBycFR0TjRRTU9xUk9BIiwgImV4cGlyeV9kYXRlIiwgIjIw +MjQtMDEtMDEiXQ

  • +
  • Contents: ["AJx-095VPrpTtN4QMOqROA", "expiry_date", "2024-01-01"]

  • +
+

Claim tax_id_code:

+
    +
  • SHA-256 Hash: 8JjozBfovMNvQ3HflmPWy4O19Gpxs61FWHjZebU589E

  • +
  • Disclosure: +WyJQYzMzSk0yTGNoY1VfbEhnZ3ZfdWZRIiwgInRheF9pZF9jb2RlIiwgIlRJ +TklULVhYWFhYWFhYWFhYWFhYWFgiXQ

  • +
  • Contents: ["Pc33JM2LchcU_lHggv_ufQ", "tax_id_code", +"TINIT-XXXXXXXXXXXXXXXX"]

  • +
+

Claim constant_attendance_allowance:

+
    +
  • SHA-256 Hash: GE3Sjy_zAT34f8wa5DUkVB0FslaSJRAAc8I3lN11Ffc

  • +
  • Disclosure: +WyJHMDJOU3JRZmpGWFE3SW8wOXN5YWpBIiwgImNvbnN0YW50X2F0dGVuZGFu +Y2VfYWxsb3dhbmNlIiwgdHJ1ZV0

  • +
  • Contents: +["G02NSrQfjFXQ7Io09syajA", "constant_attendance_allowance", +true]

  • +
+

The combined format for the (Q)EAA issuance is represented below:

+
eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0.eyJfc2QiOiBb
+IjhKam96QmZvdk1OdlEzSGZsbVBXeTRPMTlHcHhzNjFGV0hqWmViVTU4OUUiLCAiRHgt
+NmhqdnJjeE56RjBzbFU2dWtObXpIb0wtWXZCTi10RmEwVDhYLWJZMCIsICJHRTNTanlf
+ekFUMzRmOHdhNURVa1ZCMEZzbGFTSlJBQWM4STNsTjExRmZjIiwgIlZRSS1TMW1UMUt4
+ZnEybzhKOWlvN3hNTVgyTUl4YUc5TTlQZUpWcXJNY0EiLCAiWXJjLXMtV1NyNGV4RVl0
+cURFc21SbDdzcG9WZm1CeGl4UDEyZTRzeXFORSIsICJhQlZkZmNueFQwWjVScndkeFpT
+VWh1VXh6M2dNMnZjRVpMZVlJajYxS2FzIiwgInMxWEs1ZjJwTTMtYUZUYXVYaG12ZDlw
+eVFUSjZGTVVoYy1KWGZIcnhoTGsiLCAielZkZ2hjbUNsTVZXbFVnR3NHcFNrQ1BrRUha
+NHU5b1dqMVNsSUJsQ2MxbyJdLCAiaXNzIjogImh0dHBzOi8vaXNzdWVyLmV4YW1wbGUu
+b3JnIiwgImlhdCI6IDE2ODMwMDAwMDAsICJleHAiOiAxODgzMDAwMDAwLCAic3ViIjog
+Ik56YkxzWGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcyIsICJzdGF0dXMiOiB7InN0
+YXR1c19hc3NlcnRpb24iOiB7ImNyZWRlbnRpYWxfaGFzaF9hbGciOiAic2hhLTI1NiJ9
+fSwgInZjdCI6ICJodHRwczovL2lzc3Vlci5leGFtcGxlLm9yZy92MS4wL2Rpc2FiaWxp
+dHljYXJkIiwgInZjdCNpbnRlZ3JpdHkiOiAiMmU0MGJjZDY3OTkwMDgwODVmZmIxYTFm
+MzUxN2VmZWUzMzUyOThmZDk3NmIzZTY1NWJmYjNmNGVhYTExZDE3MSIsICJ2ZXJpZmlj
+YXRpb24iOiB7InRydXN0X2ZyYW1ld29yayI6ICJlaWRhcyIsICJhc3N1cmFuY2VfbGV2
+ZWwiOiAiaGlnaCIsICJldmlkZW5jZSI6IHsibWV0aG9kIjogImNpZSJ9fSwgIl9zZF9h
+bGciOiAic2hhLTI1NiIsICJjbmYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6
+ICJQLTI1NiIsICJ4IjogIlRDQUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxz
+N3ZDZUdlbWMiLCAieSI6ICJaeGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0
+NGpUOUYySFpRIn19fQ.FAIV8Cncch43N07yBcWleJg4ZO9o_XdefgIejdShK1cCj8yT9
+S022cvSpdxuV44x-c_XmTn3Db9t0jJJPtqebA~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STj
+l3IiwgImlhdCIsIDE2ODMwMDAwMDBd~WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgI
+mRvY3VtZW50X251bWJlciIsICJYWFhYWFhYWFhYIl0~WyI2SWo3dE0tYTVpVlBHYm9TN
+XRtdlZBIiwgImdpdmVuX25hbWUiLCAiTWFyaW8iXQ~WyJlSThaV205UW5LUHBOUGVOZW
+5IZGhRIiwgImZhbWlseV9uYW1lIiwgIlJvc3NpIl0~WyJRZ19PNjR6cUF4ZTQxMmExMD
+hpcm9BIiwgImJpcnRoX2RhdGUiLCAiMTk4MC0wMS0xMCJd~WyJBSngtMDk1VlBycFR0T
+jRRTU9xUk9BIiwgImV4cGlyeV9kYXRlIiwgIjIwMjQtMDEtMDEiXQ~WyJQYzMzSk0yTG
+NoY1VfbEhnZ3ZfdWZRIiwgInRheF9pZF9jb2RlIiwgIlRJTklULVhYWFhYWFhYWFhYWF
+hYWFgiXQ~WyJHMDJOU3JRZmpGWFE3SW8wOXN5YWpBIiwgImNvbnN0YW50X2F0dGVuZGF
+uY2VfYWxsb3dhbmNlIiwgdHJ1ZV0~
+
+
+
+
+
+

MDOC-CBOR

+

The PID/(Q)EAA MDOC-CBOR data model is defined in ISO/IEC 18013-5, the standard born for the the mobile driving license (mDL) use case.

+

The MDOC data elements MUST be encoded as defined in RFC 8949 - Concise Binary Object Representation (CBOR).

+

The PID encoded in MDOC-CBOR format uses the document type set to eu.europa.ec.eudiw.pid.1, according to the reverse domain approach defined in the +EIDAS-ARF and ISO/IEC 18013-5.

+

The document's data elements utilize a consistent namespace for the mandatory Mobile Driving License attributes, while the national PID attributes use the domestic namespace eu.europa.ec.eudiw.pid.it.1, as outlined in this implementation profile.

+

In compliance with ISO/IEC 18013-5, the MDOC data model in the domestic namespace eu.europa.ec.eudiw.pid.it.1, requires the following attributes:

+ +++++ + + + + + + + + + + + + + + + + + + + + +

Attribute name

Description

Reference

version

tstr (text string). Version of the data structure being used. It's a way to track changes and updates to the standard or to a specific implementation profile. This allows for backward compatibility and understanding of the data if the standard or implementation evolves over time.

[ISO 18013-5#8.3.2.1.2]

status

uint (unsigned int). Status code. For example "status":0 means OK (normal processing).

[ISO 18013-5#8.3.2.1.2.3]

documents

bstr (byte string). The collection of digital documents. Each document in this collection represents a specific type of data or information related to the Digital Credential.

[ISO 18013-5#8.3.2.1.2]

+

Each document within the documents collection MUST have the following structure:

+ +++++ + + + + + + + + + + + + + + + + +

Attribute name

Description

Reference

docType

tstr (text string). Document type. For the PID, the value MUST be set to eu.europa.ec.eudiw.pid.1. For an mDL, the value MUST be org.iso.18013-5.1.mDL.

[ISO 18013-5#8.3.2.1.2]

issuerSigned

bstr (byte string). It MUST contain the Mobile Security Object for Issuer data authentication and the data elements protected by Issuer data authentication.

[ISO 18013-5#8.3.2.1.2]

+

The issuerSigned object MUST have the following structure:

+ +++++ + + + + + + + + + + + + + + + + +

Attribute name

Description

Reference

nameSpaces

bstr (byte string) with tag 24 and major type 6. Returned data elements for the namespaces. It MAY be possible to have one or more namespaces. The nameSpaces MUST use the same value for the document type. However, it MAY have a domestic namespace to include attributes defined in this implementation profile. The value MUST be set to eu.europa.ec.eudiw.pid.it.1.

[ISO 18013-5#8.3.2.1.2]

issuerAuth

bstr (byte string). Contains Mobile Security Object (MSO), a COSE Sign1 Document, issued by the Credential Issuer.

[ISO 18013-5#9.1.2.4]

+

During the presentation of the MDOC-CBOR credential, in addition to the objects in the table above, a deviceSigned object MUST also be added. deviceSigned MUST NOT be included in the issued credential provided by the PID/(Q)EAA Issuer.

+ +++++ + + + + + + + + + + + + +

Attribute name

Description

Reference

deviceSigned

bstr (byte string). Data elements signed by the Wallet Instance during the presentation phase.

[ISO 18013-5#8.3.2.1.2]

+

Where the deviceSigned MUST have the following structure:

+ +++++ + + + + + + + + + + + + + + + + +

Attribute name

Description

Reference

nameSpaces

tstr (text string). Returned data elements for the namespaces. It MAY be possible to have one or more namespaces. It MAY be used for self-attested claims.

[ISO 18013-5#8.3.2.1.2]

deviceAuth

bstr (byte string). It MUST contain either the DeviceSignature or the DeviceMac element.

[ISO 18013-5#8.3.2.1.2]

+
+

Note

+

A deviceSigned object given during the presentation phase has two purposes:

+
+
    +
  1. It provides optional self-attested attributes in the nameSpaces object. If no self-attested attributes are provided by the Wallet Instance, the nameSpaces object MUST be included with an empty structure.

  2. +
  3. Provide a cryptographic proof attesting that the Holder is the legitimate owner of the Credential, by means of a deviceAuth object.

  4. +
+
+
+
+

Note

+

The issuerSigned and the deviceSigned objects contain the nameSpaces object and the Mobile Security Object. The latter is the only signed object, while the nameSpaces object is not signed.

+
+
+

nameSpaces

+

The nameSpaces object contains one or more IssuerSignedItemBytes that are encoded using CBOR bitsring 24 tag (#6.24(bstr .cbor), marked with the CBOR Tag 24(<<... >>) and represented in the example using the diagnostic format). It represents the disclosure information for each digest within the Mobile Security Object and MUST contain the following attributes:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + +

Name

Encoding

Description

digestID

integer

Reference value to one of the ValueDigests provided in the Mobile Security Object (issuerAuth).

random

bstr (byte string)

Random byte value used as salt for the hash function. This value SHALL be different for each IssuerSignedItem and it SHALL have a minimum length of 16 bytes.

elementIdentifier

tstr (text string)

Data element identifier.

elementValue

depends by the value, see the next table.

Data element value.

+

The elementIdentifier data that MUST be included in a PID/(Q)EAA are:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + +

Namespace

Element identifier

Description

eu.europa.ec.eudiw.pid.1

issue_date

full-date (CBORTag 1004). Date when the PID/(Q)EAA was issued.

eu.europa.ec.eudiw.pid.1

expiry_date

full-date (CBORTag 1004). Date when the PID/(Q)EAA will expire.

eu.europa.ec.eudiw.pid.1

issuing_authority

tstr (text string). Name of administrative authority that has issued the PID/(Q)EAA.

eu.europa.ec.eudiw.pid.1

issuing_country

tstr (text string). Alpha-2 country code as defined in [ISO 3166].

+

Depending on the Digital Credential type, additional elementIdentifier data MAY be added. The PID MUST support the following data:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Namespace

Element identifier

Description

eu.europa.ec.eudiw.pid.1

given_name

tstr (text string). See PID Claims fields Section.

eu.europa.ec.eudiw.pid.1

family_name

tstr (text string). See PID Claims fields Section.

eu.europa.ec.eudiw.pid.1

birth_date

full-date (CBORTag 1004). See PID Claims fields Section.

eu.europa.ec.eudiw.pid.1

unique_id

tstr (text string). See PID Claims fields Section.

eu.europa.ec.eudiw.pid.it.1

tax_id_code

tstr (text string). See PID Claims fields Section.

+
+
+

Mobile Security Object

+

The issuerAuth represents the Mobile Security Object which is a COSE Sign1 Document defined in RFC 9052 - CBOR Object Signing and Encryption (COSE): Structures and Process. It has the following data structure:

+
    +
  • protected header

  • +
  • unprotected header

  • +
  • payload

  • +
  • signature.

  • +
+

The protected header MUST contain the following parameter encoded in CBOR format:

+ +++++ + + + + + + + + + + + + +

Element

Description

Reference

Signature algorithm

-7 means ES256, SHA-256.

RFC8152

+
+

Note

+

Only the Signature Algorithm MUST be present in the protected headers, other elements SHOULD not be present in the protected header.

+
+

The unprotected header MUST contain the following parameter:

+ +++++ + + + + + + + + + + + + +

Element

Description

Reference

x5chain

Identified with the label 33

RFC 9360 CBOR Object Signing and Encryption (COSE) - Header Parameters for Carrying and Referencing X.509 Certificates.

+
+

Note

+

The x5chain is included in the unprotected header with the aim to make the Holder able to update the X.509 certificate chain, related to the Mobile Security Object issuer, without invalidating the signature.

+
+

The payload MUST contain the MobileSecurityObject, without the content-type COSE Sign header parameter and encoded as a byte string (bstr) using the CBOR Tag 24.

+

The MobileSecurityObjectBytes MUST have the following attributes:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Element

Description

Reference

docType

See Table.

[ISO 18013-5#9.1.2.4]

version

See Table.

[ISO 18013-5#9.1.2.4]

validityInfo

Object containing issuance and expiration datetimes. It MUST contain the following sub-value:

+
+
    +
  • signed

  • +
  • validFrom

  • +
  • validUntil

  • +
+
+

[ISO 18013-5#9.1.2.4]

digestAlgorithm

According to the algorithm defined in the protected header.

[ISO 18013-5#9.1.2.4]

valueDigests

Mapped digest by unique id, grouped by namespace.

[ISO 18013-5#9.1.2.4]

deviceKeyInfo

It MUST contain the Wallet Instance's public key containing the following sub-values.

+
+
    +
  • deviceKey (REQUIRED).

  • +
  • keyAuthorizations (OPTIONAL).

  • +
  • keyInfo (OPTIONAL).

  • +
+
+

[ISO 18013-5#9.1.2.4]

+
+

Note

+

The private key related to the public key stored in the deviceKey object is used to sign the DeviceSignedItems object and proof the possession of the PID during the presentation phase (see the presentation phase with MDOC-CBOR).

+
+
+
+

MDOC-CBOR Examples

+

A non-normative example of a PID in MDOC-CBOR format is represented below using the AF Binary encoding:

+
a366737461747573006776657273696f6e63312e3069646f63756d656e747381a267646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316c6973737565725369676e6564a26a697373756572417574688443a10126a1182159021930820215308201bca003020102021404ad06a30c1a6dc6e93be0e2e8f78dcafa7907c2300a06082a8648ce3d040302305b310b3009060355040613025a45312e302c060355040a0c25465053204d6f62696c69747920616e64205472616e73706f7274206f66205a65746f706961311c301a06035504030c1349414341205a65746573436f6e666964656e73301e170d3231303932393033333034355a170d3232313130333033333034345a3050311a301806035504030c114453205a65746573436f6e666964656e7331253023060355040a0c1c5a65746f70696120436974792044657074206f662054726166666963310b3009060355040613025a453059301306072a8648ce3d020106082a8648ce3d030107034200047c5545e9a0b15f4ff3ce5015121e8ad3257c28d541c1cd0d604fc9d1e352ccc38adef5f7902d44b7a6fc1f99f06eedf7b0018fd9da716aec2f1ffac173356c7da3693067301f0603551d23041830168014bba2a53201700d3c97542ef42889556d15b7ac4630150603551d250101ff040b3009060728818c5d050102301d0603551d0e04160414ce5fd758a8e88563e625cf056bfe9f692f4296fd300e0603551d0f0101ff040403020780300a06082a8648ce3d0403020347003044022012b06a3813ffec5679f3b8cddb51eaa4b95b0cbb1786b09405e2000e9c46618c02202c1f778ad252285ed05d9b55469f1cb78d773671f30fe7ab815371942328317c59032ad818590325a667646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316776657273696f6e63312e306c76616c6964697479496e666fa3667369676e6564c074323032332d30322d32325430363a32333a35365a6976616c696446726f6dc074323032332d30322d32325430363a32333a35365a6a76616c6964556e74696cc074323032342d30322d32325430303a30303a30305a6c76616c756544696765737473a2781865752e6575726f70612e65632e65756469772e7069642e31ac015820a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a025820cd372fb85148700fa88095e3492d3f9f5beb43e555e5ff26d95f5a6adc36f8e6035820e67e72111b363d80c8124d28193926000980e1211c7986cacbd26aacc5528d48045820f7d062d662826ed95869851db06bb539b402047baee53a00e0aa35bfbe98265d0658202a132dbfe4784627b86aa3807cd19cfeff487aab3dd7a60d0ab119a72e736936075820bdca9e8dbca354e824e67bfe1533fa4a238b9ea832f23fb4271ebeb3a5a8f7200858202c0eaec2f05b6c7fe7982683e3773b5d8d7a01e33d04dfcb162add8bd99bee9a095820bfe220d85657ccec3c67e7db1df747e9148a152334bb6d4b65b273279bcc36ec0a582018e38144f5044301d6a0b4ec9d5f98d4cd950e6ea2c29b849cbd457da29b6ad30b58203c71d2f0efa09d9e3fbbdffd29204f6b292c9f79570aef72dd86c91f7a3aa5c50c582065743d58d89d45e52044758f546034fd13a4f994bc270cdfa7844f74eb3f4b6e0d5820b4a8eb5d523bffa17b41bda12ddc7da32ae1e5f7ff3dcc394a35401f16919bbf781b65752e6575726f70612e65632e65756469772e7069642e69742e31a10e58209d6c11644651126c94acdaf0803e86d4c71d15d3b2712a14295416734efd514d6d6465766963654b6579496e666fa1696465766963654b6579a401022001215820ba01aea44eee1e338eb2f04e279dbd51b34655783ee185150838c9a7a7c4db7122582025ba0044439a3871a7b975a0994a85e79b705a9ac263b3fe899b0a93412ee8c96f646967657374416c676f726974686d675348412d32353658400813c28fd62f2602cbc14724e5865733c44a0fca589b55c085ec9d5c725d6cce25ba0044439a3871a7b975a0994a85e79b705a9ac263b3fe899b0a93412ee8c96a6e616d65537061636573a2781865752e6575726f70612e65632e65756469772e7069642e3188d818586da4686469676573744944016672616e646f6d5820156df9227ad341eaa61aabd301106fd21bdc18820e01dfc16bcf5fecc447111b71656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032342d30322d3232d818586fa4686469676573744944026672616e646f6d5820a3a1f13f05544d03a5b50b5fdb78465808393bcf3b7953a345fe28f820c7be0d71656c656d656e744964656e7469666965726d69737375616e63655f646174656c656c656d656e7456616c7565d903ec6a323032332d30322d3232d8185866a4686469676573744944036672616e646f6d5820852591f90f2c9ded57a03632e2c1322ab52a082a431e71a4149a6830c8f1ad0c71656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565624954d818587ca4686469676573744944046672616e646f6d5820d1d587b3512acce15c4f6b20944ceb002a464e4a158389788563408873c3fce571656c656d656e744964656e7469666965727169737375696e675f617574686f726974796c656c656d656e7456616c7565764d696e69737465726f2064656c6c27496e7465726e6fd8185864a4686469676573744944056672616e646f6d582094fdd7609c0e73dc8589b5cab11e1d9058cf8bff8a336da5f81fcba055396a0f71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c7565654d6172696fd8185865a4686469676573744944066672616e646f6d5820660c0a7bf79e0e0261ca1547a4294fb808aa70738f424b13ab1b9440b566ae1371656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756565526f737369d818586ba4686469676573744944076672616e646f6d5820315c53491286488fa07f5c2ce67135ef5c9959c3469c99a14e9b6dc924f9eba571656c656d656e744964656e746966696572696269727468646174656c656c656d656e7456616c7565d903ec6a313935362d30312d3132d818587da4686469676573744944086672616e646f6d5820764ef39c9d01f3aa6a87f441603cfe853fba3cee3bc2c168bcc9e96271d6e06371656c656d656e744964656e74696669657269756e697175655f69646c656c656d656e7456616c7565781e78787878787878782d7878782d787878782d787878787878787878787878781b65752e6575726f70612e65632e65756469772e7069642e69742e3181d8185877a46864696765737449440d6672616e646f6d5820717df3f583b1484366c33a1f869f2b5d201d466a8b589c79ab1a2d85e595432571656c656d656e744964656e7469666965726d7461785f69645f6e756d6265726c656c656d656e7456616c75657554494e49542d585858585858585858585858585858
+
+
+

The Diagnostic Notation of the above MDOC-CBOR is given below:

+
{     
+    "status": 0,     
+    "version": "1.0",     
+    "documents": [        
+    {             
+      "docType": "eu.europa.ec.eudiw.pid.1",                         
+      "issuerSigned": {                
+          "issuerAuth": [                
+          << {1: -7} >>, % protected header with the value alg:ES256                    
+          {                         
+              33: h'30820215308201BCA003020102021404AD30C…'% 33->X5chain:COSE X_509  
+          },
+          <<                       
+              24(<<    
+                  {                            
+                  "docType": "eu.europa.ec.eudiw.pid.1",                                
+                  "version": "1.0",  
+                  "validityInfo": {                                
+                      "signed": 0("2023-02-22T06:23:56Z"),                                     
+                      "validFrom": 0("2023-02-22T06:23:56Z"),                                   
+                      "validUntil": 0("2024-02-22T00:00:00Z")                               
+                  },
+                  "valueDigests": { 
+                      "eu.europa.ec.eudiw.pid.1": {        
+                          1: h'0F1571A97FFB799CC8FCDF2BA4FC2909929…',                                          
+                          2: h'0CDFE077400432C055A2B69596C90…',     
+                          3: h'E2382149255AE8E955AF9B8984395…',                                        
+                          4: h'BBC77E6CCA981A3AD0C3E544EDF86…',                                     
+                          6: h'BB6E6C68D1B4B4EC5A2AE9206F5t4…',
+                          7: h'F8A5966E6DAC9970E0334D8F75E25…',              
+                          8: h'DEFDF1AA746718016EF1B94BFE5R6…'
+                      },
+                      "eu.europa.ec.eudiw.pid.it.1": {  
+                          9: h'F9EE4D36F67DBD75E23311AC1C29…'
+                      }
+                  },                             
+                  "deviceKeyInfo": {                              
+                      "deviceKey": {                                  
+                          1: 2, % kty:EC2 (Eliptic curves with x and y coordinate pairs)           
+                          -1: 1, % crv:p256                     
+                          -2: h'B820963964E53AF064686DD9218303494A…', % x-coordiantes                                        
+                          -3: h'0A6DA0AF437E2943F1836F31C678D89298E9…'% y-ccordiantes                                     
+                      }                            
+                  },                             
+                  "digestAlgorithm": "SHA-256"    
+                  }                       
+              >>)                     
+          >>,                        
+          h'1AD0D6A7313EFDC38FCD765852FA2BD43DEBF48BF5A580D'                 
+          ],                 
+          "nameSpaces": {
+              "eu.europa.ec.eudiw.pid.1": [                         
+              24(<<    
+                  {      
+                  "digestID": 1,                                  
+                  "random": h'E0B70BCEFBD43686F345C9ED429343AA',                                 
+                  "elementIdentifier": "expiry_date",                                
+                  "elementValue": 1004("2024-02-22")                             
+                  }                         
+              >>), 
+              24(<<             
+                  {       
+                  "digestID": 2,                                  
+                  "random": h'AE84834F389EE69888665B90A3E4FCCE', 
+                  "elementIdentifier": "issue_date",   
+                  "elementValue": 1004("2023-02-22")                                
+                  }
+              >>),                         
+              24(<<   
+                  {                              
+                  "digestID": 3,                                 
+                  "random": h'960CB15A2EA9B68E5233CE902807AA95',                               
+                  "elementIdentifier": "issuing_country",                               
+                  "elementValue": "IT"                                                    
+                  }                       
+              >>), 
+              24(<<       
+                  {                        
+                  "digestID": 4,    
+                  "random": h'9D3774BD5994CCFED248674B32A4F76A', 
+                  "elementIdentifier": "issuing_authority",   
+                  "elementValue": "Ministero dell'Interno"  
+                  }   
+              >>),                 
+              24(<<        
+                  {                              
+                  "digestID": 5,                         
+                  "random": h'EB12193DC66C6174530CDC29B274381F', 
+                  "elementIdentifier": "given_name",
+                  "elementValue": "Mario"                             
+                  }                         
+              >>)),            
+              24(<<                            
+                  {                               
+                  "digestID": 6,                             
+                  "random": h'DB143143538F3C8D41DC024F9CB25C9D',
+                  "elementIdentifier": "family_name",  
+                  "elementValue": "Rossi"    
+                  } 
+              >>),                         
+              24(<<               
+                  {                          
+                  "digestID": 7, 
+                  "random": h'6059FF1CE27B4997B4ADE1DE7B01DC60',
+                  "elementIdentifier": "birth_date",
+                  "elementValue": 1004("1956-01-12")% the tag 1004 defines the value    
+                                                      is a full date 
+                  }  
+              >>),         
+              24(<<  
+                  {                              
+                  "digestID": 8,                              
+                  "random": h'53C15C57B3B076E788795829190220B4',
+                  "elementIdentifier": "unique_id",
+                  "elementValue": "xxxxxxxx-xxx-xxxx-xxxxxxxxxxxx" 
+                  }   
+              >>)
+              ],
+              "eu.europa.ec.eudiw.pid.it.1": [
+                  24(<<
+                      {
+                      "digestID": 9, 
+                      "random": h'11aa7273a2d2daa973f5951f0c34c2fbae',
+                      "elementIdentifier": "tax_id_number", 
+                      "elementValue": "TINIT-XXXXXXXXXXXXXXX"
+                      }                         
+                  >>)                    
+              ]            
+          }  
+      }           
+    }
+    ]
+  }
+
+
+
+
+
+ + +
+
+
+
+ + + + + + +
+
+
+ +
+ + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/pid-eaa-entity-configuration.html b/ia-terms-updates/en/pid-eaa-entity-configuration.html new file mode 100644 index 000000000..2436d6d70 --- /dev/null +++ b/ia-terms-updates/en/pid-eaa-entity-configuration.html @@ -0,0 +1,1021 @@ + + + + + + + + Entity Configuration of PID/(Q)EAA Providers — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

Entity Configuration of PID/(Q)EAA Providers

+

The PID/(Q)EAA Providers, as Federation Entity, are required to adhere to the guidelines outlined in Section Configuration of the Federation. Specifically, they MUST provide a well-known endpoint that hosts their Entity Configuration. +The Entity Configuration of PID/(Q)EAA Providers MUST contain the parameters defined in the Sections Entity Configuration Leaves and Intermediates and Entity Configurations Common Parameters.

+

The PID/(Q)EAA Providers MUST provide the following metadata types:

+
+
    +
  • federation_entity

  • +
  • oauth_authorization_server

  • +
  • openid_credential_issuer

  • +
+
+

In cases where the (Q)EAA Providers authenticate Users using their Wallet Instance, then the metadata for wallet_relying_party MUST be provided in addition to the metadata above. In case a national eID scheme is used by the PID/(Q)EAA Providers for the User authentication, they MAY include a metadata for openid_relying_party within their Entity Configuration. The openid_relying_party metadata MUST be compliant with the current version of SPID/CIE id OIDC Technical Specification.

+
+

Metadata for federation_entity

+

The federation_entity metadata MUST contain the parameters as defined in Section Metadata of federation_entity Leaves.

+
+
+

Metadata for oauth_authorization_server

+

The oauth_authorization_server metadata MUST contain the following parameters.

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

issuer

It MUST contain an HTTPS URL that uniquely identifies the PID/(Q)EAA Provider.

pushed_authorization_request_endpoint

The URL of the pushed authorization request endpoint is where a Wallet Instance MUST submit an authorization request to obtain a request_uri value, which can then be used at the authorization endpoint. See RFC 9126#as_metadata.

authorization_endpoint

URL of the authorization server's authorization endpoint. See RFC 8414#section-2.

token_endpoint

URL of the authorization server's token endpoint. See RFC 8414#section-2.

client_registration_types_supported

Array specifying the registration types supported. The authorization server MUST support automatic. See OID-FED Section 5.1.3.

code_challenge_methods_supported

JSON array containing a list of Proof Key for Code Exchange (PKCE) RFC 7636 code challenge methods supported by the authorization server. The authorization server MUST support S256.

acr_values_supported

See OpenID Connect Discovery 1.0 Section 3. The supported values are:

+
    +
  • https://www.spid.gov.it/SpidL1

  • +
  • https://www.spid.gov.it/SpidL2

  • +
  • https://www.spid.gov.it/SpidL3

  • +
+

scopes_supported

JSON array containing a list of the supported scope values. See RFC 8414#section-2.

response_modes_supported

JSON array containing a list of the supported "response_mode" values, as specified in OAuth 2.0 Multiple Response Type Encoding Practices. The supported values MAY be query and form_post.jwt (see [oauth-v2-jarm-03]).

authorization_signing_alg_values_supported

JSON array containing a list of the JWS RFC 7515 supported signing algorithms (alg values). The values MUST be set according to Section Cryptographic Algorithms. See Section 4 of [oauth-v2-jarm-03].

grant_types_supported

JSON array containing a list of the supported grant type values. The authorization server MUST support authorization_code.

token_endpoint_auth_methods_supported

JSON array containing a list of supported client authentication methods. The Token Endpoint MUST support attest_jwt_client_auth as defined in OAUTH-ATTESTATION-CLIENT-AUTH.

token_endpoint_auth_signing_alg_values_supported

JSON array containing a list of the JWS signing algorithms ("alg" values) supported by the token endpoint for the signature on the JWT used to authenticate the client at the Token Endpoint. See RFC 8414#section-2.

request_object_signing_alg_values_supported

JSON array containing a list of the JWS signing algorithms ("alg" values) supported for Request Objects. See [openid-connect-discovery-1_0].

jwks

JSON Web Key Set containing the cryptographic keys for the authorization server. See OID-FED Section 5.2.1 and JWK.

+
+
+

Metadata for openid_credential_issuer

+

The openid_credential_issuer metadata MUST contain the following claims.

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

credential_issuer

The PID/(Q)EAA Provider identifier. It MUST be a case sensitive URL using HTTPS scheme as defined in OpenID4VCI Sections 11.2.1 and 11.2.3.

credential_endpoint

URL of the credential endpoint. See OpenID4VCI Section 11.2.3.

revocation_endpoint

URL of the revocation endpoint. See RFC 8414#section-2.

status_attestation_endpoint

It MUST be an HTTPs URL indicating the endpoint where the Wallet Instances can request Status Attestations. See Section Credential Lifecycle for more details.

notification_endpoint

It MUST be an HTTPs URL indicating the notification endpoint. See Section 11.2.3 of [OpenID4VCI].

authorization_servers

OPTIONAL. Array of strings, where each string is an identifier of the OAuth 2.0 Authorization Server (as defined in [RFC 8414]) the PID/(Q)EAA Provider relies on for authorization. If this parameter is omitted, the entity providing the PID/(Q)EAA Provider is also acting as the Authorization Server.

display

See OpenID4VCI Section 11.2.3. Array of objects containing display language properties. The parameters that MUST be included are:

+
+
    +
  • name: String value of a display name for the PID/(Q)EAA Provider.

  • +
  • locale: String value that identifies the language of this object represented as a language tag taken from values defined in BCP47 RFC 5646. There MUST be only one object for each language identifier.

  • +
+
+

credential_configurations_supported

JSON object that outlines the details of the Credential supported by the PID/(Q)EAA Provider. It includes a list of name/value pairs, where each name uniquely identifies a specific supported Credential. This identifier is utilized to inform the Wallet Instance which Credential can be provided by the PID/(Q)EAA Provider. The associated value within the object MUST contain metadata specific to that Credential, as defined following. See OpenID4VCI Sections 11.2.3 and A.3.2.

+
+
    +
  • format: String identifying the format of this Credential. The PID/(Q)EAA MUST support the value string "vc+sd-jwt". See OpenID4VCI Section A.3.1.

  • +
  • scope: JSON String identifying the supported scope value. The Wallet Instance MUST use this value in the Pushed Authorization Request. Scope values MUST be the entire set or a subset of the scope values in the scopes_supported parameter of the Authorization Server. [See OpenID4VCI Section 11.2.3].

  • +
  • cryptographic_binding_methods_supported: JSON Array of case sensitive strings that identify the representation of the cryptographic key material that the issued Credential is bound to. The PID/(Q)EAA Provider MUST support the value "jwk".

  • +
  • credential_signing_alg_values_supported: JSON Array of case sensitive strings that identify the algorithms that the PID/(Q)EAA Provider MUST support to sign the issued Credential. See Section Cryptographic Algorithms for more details.

  • +
  • proof_types_supported: JSON object which provide detailed information about the key proof(s) supported by the PID/(Q)EAA Provider. It consists of a list of name/value pairs, where each name uniquely identifies a supported proof type. The PID/(Q)EAA Provider MUST support at least "jwt" as defined in OpenID4VCI Section 7.2. The value associated with each name/value pair is a JSON object containing metadata related to the key proof. The PID/(Q)EAA Provider MUST support at least the parameter proof_signing_alg_values_supported which MUST be a JSON Array of case sensitive strings that identify the supported algorithms (see Section Cryptographic Algorithms for more details about the supported algorithms).

  • +
  • display: Array of objects containing display language properties. The parameters that MUST be included are:

    +
    +
      +
    • name: String value of a display name for the Credential.

    • +
    • locale: String value that identifies the language of this object represented as a language tag taken from values defined in BCP47 RFC 5646. There MUST be only one object for each language identifier.

    • +
    +
    +
  • +
  • vct: As defined in [SD-JWT-VC Credential Format].

  • +
  • claims: JSON object comprising a collection of name/value pairs, where each name represents a claim related to the subject described in the Credential. The value associated with each name MAY be either another nested object or an array of objects. To provide detailed information about the claim, the innermost value MUST contain at least the following parameters. See OpenID4VCI Section A.3.2.

    +
    +
      +
    • value_type: String value determining the type of value of the claim. The values that MUST be supported by the PID/(Q)EAA Provider are String and Boolean.

    • +
    • display: Array of objects containing display language properties. The parameters that MUST be included are:

      +
      +
        +
      • name: String value of a display name for the claim.

      • +
      • locale: String value that identifies the language of this object represented as a language tag taken from values defined in BCP47 RFC 5646. There MUST be only one object for each language identifier.

      • +
      +
      +
    • +
    +
    +
  • +
+
+

jwks

JSON Web Key Set document, passed by value, containing the protocol specific keys for the Credential Issuer. See OID-FED Section 5.2.1 and JWK.

+
+
+

Metadata for wallet_relying_party

+

The wallet_relying_party metadata MUST contain the parameters as defined in Section Metadata for wallet_relying_party.

+
+
+

Example of a (Q)EAA Provider Entity Configuration

+

Below is a non-normative example of an Entity Configuration of a (Q)EAA Provider containing a metadata for

+
+
    +
  • federation_entity

  • +
  • oauth_authorization_server

  • +
  • openid_credential_issuer

  • +
  • wallet_relying_party

  • +
+
+
{
+    "iat": 1718207217,
+    "exp": 1749743216,
+    "iss": "https://eaa-provider.example.org",
+    "sub": "https://eaa-provider.example.org",
+    "authority_hints": [
+        "https://trust-anchor.example.org"
+    ],
+    "jwks": {
+        "keys": [
+            {
+                "kid": "FANFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
+                "kty": "EC",
+                "crv": "P-256",
+                "x": "jE2RpcQbFQxKpMqehahgZv6smmXD0i/LTP2QRzMADk4",
+                "y": "qkMx5iqt5PhPu5tfctS6HsP+FmLgrxfrzUV2GwMQuh8"
+            }
+        ]
+    },
+    "metadata": {
+        "federation_entity": {
+            "homepage_uri": "https://eaa-provider.example.org/",
+            "organization_name": "Organization Name",
+            "contacts": [
+                "informazioni@example.it",
+                "protocollo@pec.example.it"
+            ],
+            "tos_uri": "https://eaa-provider.example.org/public/info_policy.html",
+            "policy_uri": "https://eaa-provider.example.org/public/privacy_policy.html",
+            "logo_uri": "https://eaa-provider.example.org/public/logo.svg"
+        },
+        "oauth_authorization_server": {
+            "issuer": "https://eaa-provider.example.org",
+            "pushed_authorization_request_endpoint": "https://eaa-provider.example.org/as/par",
+            "authorization_endpoint": "https://eaa-provider.example.org/authorize",
+            "token_endpoint": "https://eaa-provider.example.org/token",
+            "client_registration_types_supported": [
+                "automatic"
+            ],
+            "code_challenge_methods_supported": [
+                "S256"
+            ],
+            "acr_values_supported": [
+                "https://www.spid.gov.it/SpidL2",
+                "https://www.spid.gov.it/SpidL3"
+            ],
+            "scopes_supported": [
+                "EuropeanDisabilityCard",
+                "MDL"
+            ],
+            "response_modes_supported": [
+                "form_post.jwt",
+                "query"
+            ],
+            "authorization_signing_alg_values_supported": [
+                "ES256",
+                "ES384",
+                "ES512"
+            ],
+            "grant_types_supported": [
+                "authorization_code"
+            ],
+            "token_endpoint_auth_methods_supported": [
+                "attest_jwt_client_auth"
+            ],
+            "token_endpoint_auth_signing_alg_values_supported": [
+                "ES256",
+                "ES384",
+                "ES512"
+            ],
+            "request_object_signing_alg_values_supported": [
+                "ES256",
+                "ES384",
+                "ES512"
+            ],
+            "jwks": {
+                "keys": [
+                    {
+                        "kid": "f10aca0992694b3581f6f699bfc8a2c6cc687725",
+                        "kty": "EC",
+                        "crv": "P-256",
+                        "x": "jE2RpcQbFQxKpMqehahgZv6smmXD0i/LTP2QRzMADk4",
+                        "y": "qkMx5iqt5PhPu5tfctS6HsP+FmLgrxfrzUV2GwMQuh8"
+                    }
+                ]
+            }
+        },
+        "openid_credential_issuer": {
+            "credential_issuer": "https://eaa-provider.example.org",
+            "credential_endpoint": "https://eaa-provider.example.org/credential",
+            "revocation_endpoint": "https://eaa-provider.example.org/revoke",
+            "status_attestation_endpoint": "https://eaa-provider.example.org/status",
+            "notification_endpoint": "https://eaa-provider.example.org/notification",
+            "display": [
+                {
+                    "name": "EAA Provider",
+                    "locale": "it-IT"
+                },
+                {
+                    "name": "EAA Provider",
+                    "locale": "en-US"
+                }
+            ],
+            "credential_configurations_supported": {
+                "EuropeanDisabilityCard": {
+                    "format": "vc+sd-jwt",
+                    "scope": "EuropeanDisabilityCard",
+                    "cryptographic_binding_methods_supported": [
+                        "jwk"
+                    ],
+                    "credential_signing_alg_values_supported": [
+                        "ES256",
+                        "ES384",
+                        "ES512"
+                    ],
+                    "proof_types_supported": {
+                        "jwt": {
+                            "proof_signing_alg_values_supported": [
+                                "ES256",
+                                "ES384",
+                                "ES512"
+                            ]
+                        }
+                    },
+                    "display": [
+                        {
+                            "name": "Carta della disabilità europea",
+                            "locale": "it-IT"
+                        },
+                        {
+                            "name": "European Disability Card",
+                            "locale": "en-US"
+                        }
+                    ],
+                    "vct": "EuropeanDisabilityCard",
+                    "claims": {
+                        "document_number": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Numero Documento",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Document Number",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "given_name": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Nome",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Name",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "family_name": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Cognome",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Family Name",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "birth_date": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Data di Nascita (YYYY-MM-GG)",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Date of Birth (YYYY-MM-GG)",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "tax_id_code": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Codice Fiscale",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Tax Id Number",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "expiry_date": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Data di Scadenza (YYYY-MM-GG)",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Expiration Date (YYYY-MM-GG)",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "constant_attendance_allowance": {
+                            "value_type": "boolean",
+                            "display": [
+                                {
+                                    "name": "Diritto accompagnatore",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Constant attendance allowance",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "portrait": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Foto codificata in base64",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Portrait base64 encoded",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "link_qr_code": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Link QR Code",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Link QR Code",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        }
+                    }
+                },
+                "MDL": {
+                    "format": "vc+sd-jwt",
+                    "scope": "MDL",
+                    "cryptographic_binding_methods_supported": [
+                        "jwk"
+                    ],
+                    "credential_signing_alg_values_supported": [
+                        "ES256",
+                        "ES384",
+                        "ES512"
+                    ],
+                    "proof_types_supported": {
+                        "jwt": {
+                            "proof_signing_alg_values_supported": [
+                                "ES256",
+                                "ES384",
+                                "ES512"
+                            ]
+                        }
+                    },
+                    "display": [
+                        {
+                            "name": "Patente di guida",
+                            "locale": "it-IT"
+                        },
+                        {
+                            "name": "Mobile Driver's License",
+                            "locale": "en-US"
+                        }
+                    ],
+                    "vct": "MDL",
+                    "claims": {
+                        "given_name": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Nome",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "First Name",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "family_name": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Cognome",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Family Name",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "birth_date": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Data di nascita (YYYY-MM-GG)",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Date of Birth (YYYY-MM-GG)",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "place_of_birth": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Luogo di Nascita",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Place of Birth",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "issue_date": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Data di rilascio (YYYY-MM-GG)",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Issue Date (YYYY-MM-GG)",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "expiry_date": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Data di scadenza (YYYY-MM-GG)",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Expiry Date (YYYY-MM-GG)",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "issuing_country": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Paese di rilascio",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Issuing Country",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "issuing_authority": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Autorità di rilascio",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Issuing Authority",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "document_number": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Numero di documento",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Document Number",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "portrait": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Foto codificata in base64",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Portrait base64 encoded",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "driving_privileges": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Elenco delle categorie di abilitazione separate da spazio",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Driving Privileges separated by space",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "restrictions_conditions": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Annotazioni/Restrizioni valide per tutte le categorie separate da spazio",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Restriction/Condition for all driving privileges separated by space ",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        },
+                        "driving_privileges_details": {
+                            "value_type": "string",
+                            "display": [
+                                {
+                                    "name": "Dettagli delle categorie di abilitazione",
+                                    "locale": "it-IT"
+                                },
+                                {
+                                    "name": "Driving privilege details",
+                                    "locale": "en-US"
+                                }
+                            ]
+                        }
+                    }
+                }
+            },
+            "jwks": {
+                "keys": [
+                    {
+                        "kid": "f10aca0992694b3581f6f699bfc8a2c6cc687725",
+                        "kty": "EC",
+                        "crv": "P-256",
+                        "x": "jE2RpcQbFQxKpMqehahgZv6smmXD0i/LTP2QRzMADk4",
+                        "y": "qkMx5iqt5PhPu5tfctS6HsP+FmLgrxfrzUV2GwMQuh8"
+                    }
+                ]
+            }
+        },
+        "wallet_relying_party": {
+            "application_type": "web",
+            "client_id": "https://eaa-provider.example.org",
+            "client_name": "Organization Name",
+            "contacts": [
+                "informazioni@example.it",
+                "protocollo@pec.example.it"
+            ],
+            "request_uris": [
+                "https://eaa-provider.example.org/request_uri"
+            ],
+            "response_uris": [
+                "https://eaa-provider.example.org/response_uri"
+            ],
+            "default_acr_values": [
+                "https://www.spid.gov.it/SpidL2",
+                "https://www.spid.gov.it/SpidL3"
+            ],
+            "request_object_signing_alg_values_supported": [
+                "ES256",
+                "ES384",
+                "ES512"
+            ],
+            "authorization_signed_response_alg": [
+                "ES256",
+                "ES384",
+                "ES512"
+            ],
+            "authorization_encrypted_response_alg": [
+                "RSA-OAEP-256"
+            ],
+            "authorization_encrypted_response_enc": [
+                "A128CBC-HS256",
+                "A192CBC-HS384",
+                "A256CBC-HS512",
+                "A128GCM",
+                "A192GCM",
+                "A256GCM"
+            ],
+            "vp_formats": {
+                "vc+sd-jwt": {
+                    "sd-jwt_alg_values": [
+                        "ES256",
+                        "ES384",
+                        "ES512"
+                    ]
+                }
+            },
+            "presentation_definitions_supported": [
+                {
+                    "id": "d76c51b7-ea90-49bb-8368-6b3d194fc131",
+                    "input_descriptors": [
+                        {
+                            "id": "PersonIdentificationData",
+                            "format": {
+                                "vc+sd-jwt": {
+                                    "alg": [
+                                        "ES256",
+                                        "ES384",
+                                        "ES512"
+                                    ]
+                                },
+                                "constraints": {
+                                    "limit_disclosure": "required",
+                                    "fields": [
+                                        {
+                                            "filter": {
+                                                "const": "PersonIdentificationData",
+                                                "type": "string"
+                                            },
+                                            "path": [
+                                                "$.vct"
+                                            ]
+                                        },
+                                        {
+                                            "filter": {
+                                                "type": "object"
+                                            },
+                                            "path": [
+                                                "$.cnf.jwk"
+                                            ]
+                                        },
+                                        {
+                                            "path": [
+                                                "$.unique_id"
+                                            ]
+                                        },
+                                        {
+                                            "path": [
+                                                "$.tax_id_code"
+                                            ]
+                                        }
+                                    ]
+                                }
+                            }
+                        },      
+                        {
+                            "id": "WalletAttestation",
+                            "format": {
+                                "jwt": {
+                                    "alg": [
+                                        "ES256",
+                                        "ES384",
+                                        "ES512"
+                                    ]
+                                },
+                                "constraints": {
+                                    "limit_disclosure": "required",
+                                    "fields": [
+                                        {
+                                            "filter": {
+                                                "type": "string"
+                                            },
+                                            "path": [
+                                                "$.iss"
+                                            ]
+                                        },
+                                        {
+                                            "filter": {
+                                                "type": "object"
+                                            },
+                                            "path": [
+                                                "$.cnf.jwk"
+                                            ]
+                                        }
+                                    ]
+                                }
+                            }
+                        }
+                    ]
+                } 
+            ],
+            "jwks": {
+                "keys": [
+                    {
+                        "kid": "f10aca0992694b3581f6f699bfc8a2c6cc687725",
+                        "kty": "EC",
+                        "crv": "P-256",
+                        "x": "jE2RpcQbFQxKpMqehahgZv6smmXD0i/LTP2QRzMADk4",
+                        "y": "qkMx5iqt5PhPu5tfctS6HsP+FmLgrxfrzUV2GwMQuh8"
+                    }
+                ]
+            }
+        }
+    }
+}
+
+
+
+
+ + +
+
+
+
+ + + + + + +
+
+
+ +
+ + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/pid-eaa-issuance.html b/ia-terms-updates/en/pid-eaa-issuance.html new file mode 100644 index 000000000..ccde5f1a1 --- /dev/null +++ b/ia-terms-updates/en/pid-eaa-issuance.html @@ -0,0 +1,1529 @@ + + + + + + + + PID/(Q)EAA Issuance — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

PID/(Q)EAA Issuance

+

This section describes the PID and (Q)EAAs issuance flow with an high level of security. +The relevant entities and interfaces involved in the issuance flow are:

+
+
    +
  • Wallet Provider,

  • +
  • Wallet Solution,

  • +
  • Wallet Instance,

  • +
  • PID Provider,

  • +
  • National Identity Provider,

  • +
  • (Q)EAA Provider.

  • +
+
+

PID/(Q)EAA Providers are composed of:

+
+
    +
  • Credential Issuer Component: based on the "OpenID for Verifiable Credential Issuance" specification [OpenID4VCI] to release the PID/(Q)EAA.

  • +
  • Relying Party Component: The component to authenticate the User. PID Providers authenticate users with the national Digital Identity Providers, based on OpenID Connect Core 1.0 or SAML2 while (Q)EAA Providers authenticate users with the PID.

  • +
+
+

The (Q)EAA Provider acts as a Verifier by sending a presentation request to the Wallet Instance, according to [OpenID4VP]. The Wallet Instance MUST have a valid PID, obtained in a previous time, to get authenticated with the (Q)EAA Provider.

+
+

High-Level PID flow

+

The Fig. 2 shows a general architecture and highlights the main operations involved in the issuance of a PID.

+
+_images/High-Level-Flow-ITWallet-PID-Issuance.svg +
+

Fig. 2 PID Issuance - General architecture and high level flow.

+
+
+

Below the description of the steps represented in the previous picture:

+
+
    +
  1. Wallet Instance Setup: the first time the Wallet Instance is started a preliminary setup phase is carried out. It consists of the release of the Wallet Attestation issued by Wallet Attestation Service asserting the genuineness and the compliance of the Wallet Instance with the shared trust framework. The Wallet Attestation binds the public key provided by the Wallet Instance, related to one of the private keys generated by the Wallet Instance.

  2. +
  3. PID/(Q)EAA Provider Discovery: the Wallet Instance discovers the trusted Digital Credential Issuers using the Federation API (e.g.: using the Subordinate Listing Endpoint of the Trust Anchor and its Intermediates), inspecting the Credential Issuer metadata and Trust Marks for filtering the PID Provider.

  4. +
  5. PID Provider Metadata: the Wallet Instance establishes the trust to the PID Provider according to the Trust Model and obtains the Metadata that discloses the formats of the PID, the algorithms supported, and any other parameter required for interoperability needs.

  6. +
  7. PID Request: using the Authorization Code Flow defined in [OpenID4VCI] the Wallet Instance requests the PID to the PID Provider.

  8. +
  9. User Authentication: the PID Provider authenticates the User with LoA High, acting as an Identity and Access Management Proxy to the National eID system.

  10. +
  11. PID Issuance: the User is authenticated with LoA High and the PID Provider releases a PID bound to the key material held by the requesting Wallet Instance.

  12. +
+
+

In the following sections the steps from 1 to 5 are further expanded into more technical details.

+
+
+

High-Level (Q)EAA flow

+

The Fig. 3 shows a general architecture and highlights the main operations involved in the issuance of a (Q)EAA, following the assumptions listed below:

+
+
    +
  • the User has a valid PID stored in their own Wallet Instance;

  • +
  • the (Q)EAA requires a high security implementation profile.

  • +
+
+
+_images/High-Level-Flow-ITWallet-QEAA-Issuance.svg +
+

Fig. 3 (Q)EAA Issuance - General architecture and high level flow

+
+
+

Below the description of the most relevant operations involved in the (Q)EAA issuance:

+
+
    +
  1. Discovery of the trusted (Q)EAA Provider: the Wallet Instance obtains the list of the trusted (Q)EAA Provider using the Federation API (e.g.: using the Subordinate Listing Endpoint of the Trust Anchor and its Intermediates), then inspects the metadata and Trust Mark looking for the Digital Credential capabilities of each (Q)EAA Provider.

  2. +
  3. (Q)EAA Provider Metadata: the Wallet Instance establishes the trust to the (Q)EAA Provider according to the Trust Model, obtaining the Metadata that discloses the formats of the (Q)EAA, the algorithms supported, and any other parameter required for interoperability needs.

  4. +
  5. (Q)EAA Request: using the Authorization Code Flow , defined in [OpenID4VCI], the Wallet Instance requests a (Q)EAA to the (Q)EAA Provider.

  6. +
  7. User Authentication: the (Q)EAA Provider, acting as a Verifier (Relying Party), authenticates the User evaluating the presentation of the PID.

  8. +
  9. (Q)EAA Issuance: the User is authenticated with a valid PID and the (Q)EAA Provider releases a (Q)EAA bound to the key material held by the requesting Wallet Instance.

  10. +
+
+
+
+

Low-Level Issuance Flow

+

The PID/(Q)EAA Issuance flow is based on [OpenID4VCI] and the following main reference standards/specifications MUST be supported on top of OpenID4VCI:

+
+
+
+

The PID/(Q)EAA Provider MUST use OAuth 2.0 Authorization Server based on RFC 6749 to authorize the User to obtain a Credential. PID/(Q)EAA Providers MUST support

+
+
    +
  • Authorization Code Flow: The PID/(Q)EAA Provider requires User authentication and consent at the Authorization Endpoint before collecting User information to create and provide a Credential.

  • +
  • Wallet Initiated Flow: The request from the Wallet Instance is sent to the PID/(Q)EAA Provider without any input from the latter.

  • +
  • Same-device Issuance flow: The User receives the Credential on the same device that initiated the flow.

  • +
  • Immediate Issuance flow: The PID/(Q)EAA Provider issues the Credential directly in response to the Credential Request.

  • +
  • Deferred Issuance flow: The PID/(Q)EAA Provider may require time to issue the requested Digital Credential, due to the Authentic Sources data provisioning rules, and allows the Wallet to retrieve the requested Credential in the future.

  • +
+
+
+_images/Low-Level-Flow-ITWallet-PID-QEAA-Issuance.svg +
+

Fig. 4 PID/(Q)EAA Issuance - Detailed flow

+
+
+

Steps 1-4 (Discovery): The User, using the Wallet Instance, selects the PID/(Q)EAA Provider from those listed in the list of trustworthy entities. The Wallet Instance then processes the Metadata for the selected PID/(Q)EAA Provider as defined in the Trust Model section of this specification.

+
+

Note

+

Federation Check: The Wallet Instance must verify whether the PID/(Q)EAA Provider is a member of the Federation, obtaining its protocol specific Metadata. A non-normative example of a response from the endpoint .well-known/openid-federation with the Entity Configuration and the Metadata of the PID/(Q)EAA Provider is represented within the section Entity Configuration of PID/(Q)EAA Providers.

+
+

Steps 5-6 (PAR Request): The Wallet Instance:

+
+
    +
  • creates a fresh PKCE code verifier, Wallet Attestation Proof of Possession, and state parameter for the Pushed Authorization Request.

  • +
  • provides to the PID/(Q)EAA Provider PAR endpoint the parameters previously listed above, using the request parameter (hereafter Request Object) according to RFC 9126 Section 3 to prevent Request URI swapping attack.

  • +
  • MUST create the code_verifier with enough entropy random string using the unreserved characters with a minimum length of 43 characters and a maximum length of 128 characters, making it impractical for an attacker to guess its value. The value MUST be generated following the recommendation in Section 4.1 of RFC 7636.

  • +
  • signs this request using the private key that is created during the setup phase to obtain the Wallet Attestation. The related public key that is attested by the Wallet Provider is provided within the Wallet Attestation cnf claim.

  • +
  • MUST use the OAuth-Client-Attestation and OAuth-Client-Attestation-PoP parameters according to OAuth 2.0 Attestation-based Client Authentication [OAUTH-ATTESTATION-CLIENT-AUTH], since in this flow the Pushed Authorization Endpoint is a protected endpoint.

  • +
  • specifies the types of the requested credentials using the authorization_details [RAR RFC 9396] parameter and or scope parameter.

  • +
+
+

The PID/(Q)EAA Provider performs the following checks upon the receipt of the PAR request:

+
+
    +
  1. It MUST validate the signature of the Request Object using the algorithm specified in the alg header parameter (RFC 9126, RFC 9101) and the public key retrieved from the Wallet Attestation (cnf.jwk) referenced in the Request Object, using the kid JWS header parameter.

  2. +
  3. It MUST check that the used algorithm for signing the request in the alg header is one of the listed within the Section Cryptographic Algorithms.

  4. +
  5. It MUST check that the client_id in the request body of the PAR request matches the client_id claim included in the Request Object.

  6. +
  7. It MUST check that the iss claim in the Request Object matches the client_id claim in the Request Object (RFC 9126, RFC 9101).

  8. +
  9. It MUST check that the aud claim in the Request Object is equal to the PID/(Q)EAA Provider authorization endpoint uri (RFC 9126, RFC 9101).

  10. +
  11. It MUST reject the PAR request, if it contains the request_uri parameter (RFC 9126).

  12. +
  13. It MUST check that the Request Object contains all the mandatory parameters which values are validated according to Table of the HTTP parameters [derived from RFC 9126].

  14. +
  15. It MUST check that the Request Object is not expired, checking the exp claim.

  16. +
  17. It MUST check that the Request Object was issued in a previous time than the value exposed in the iat claim. It SHOULD reject the request if the iat claim is far from the current time (RFC 9126) of more than 5 minutes.

  18. +
  19. It MUST check that the jti claim in the Request Object has not been used before by the Wallet Instance identified by the client_id. This allows the PID/(Q)EAA Provider to mitigate replay attacks (RFC 7519).

  20. +
  21. It MUST validate the OAuth-Client-Attestation-PoP parameter based on Section 4 of [OAUTH-ATTESTATION-CLIENT-AUTH].

  22. +
+
+

Below a non-normative example of the PAR.

+
POST /as/par HTTP/1.1
+Host: eaa-provider.example.org
+Content-Type: application/x-www-form-urlencoded
+OAuth-Client-Attestation: eyJhbGciOiJFUzI1NiIsImtpZCI6IkVVRzBFdlRWaUk1RU5aQXdVQ0lVTWdQQVk4X1VISW5fMkhIWlMxN3RfQzAifQ.eyJpc3MiOiAiaHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5jb20iLCAiYXVkIjogImh0dHBzOi8vYXMuZXhhbXBsZS5jb20iLCAibmJmIjogMTMwMDgxNTc4MCwgImV4cCI6IDEzMDA4MTkzODB9._v3bjJelKI0TNpbc4ysS7yJupwSZzMPQ0ZQ9N5zj8XGQ_T3NN9bghUyVzegR60xokqBnqmMS4iYgPOL7ekEspw
+OAuth-Client-Attestation-PoP: eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiIgaHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5jb20iLCJhdWQiOiIgaHR0cHM6Ly9hcy5leGFtcGxlLmNvbSIsImp0aSI6IjVlZmY5YzFiLWVkMGQtNDdlOC1hNTUzLWY3NGRmMWJiZWVkZCIsImlhdCI6MTcyMjI0OTQ0NywiZXhwIjoxNzIyMjQ5NzQ3fQ.aZpx7u7R-W8q7fJh9BEaRf8LM7RQRxAVc-okalAVqxHWqUMh3ehYukMLaCsiDQ33pyS41Y5PEsZ3HXwAXQ3nMg
+
+&client_id=$thumprint-of-the-jwk-in-the-cnf-wallet-attestation$
+&request=$SIGNED-JWT
+
+
+

Below an non-normative example of the Wallet Attestation Proof of Possession (WIA-PoP) header and body:

+
{
+    "typ": "jwt-client-attestation-pop",
+    "alg": "ES256",
+    "kid": "47b982369791d08003a7283f059cb0d1"
+}
+
+
+
{
+    "iss": "47b982369791d08003a7283f059cb0d1",
+    "aud": "https://eaa-provider.example.org",
+    "iat": 1715842560,
+    "exp": 1778914560,
+    "jti": "f8555ceb-c65c-4025-9378-b6672b6149af"
+}
+
+
+

Below an non-normative example of the signed Request Object without encoding and signature applied:

+
{
+    "typ": "jwt",
+    "alg": "ES256",
+    "kid": "b01b8208d9e6cc834d87dc356ab50170"
+}
+
+
+
{
+    "jti": "f8555ceb-c65c-4025-9378-b6672b6149af",
+    "aud": "https://eaa-provider.example.org",
+    "iat": 1715842560,
+    "exp": 1715842860,
+    "response_type": "code",
+    "response_mode": "form_post.jwt",
+    "client_id": "47b982369791d08003a7283f059cb0d1",
+    "iss": "47b982369791d08003a7283f059cb0d1",
+    "state": "fyZiOL9Lf2CeKuNT2JzxiLRDink0uPcd",
+    "code_challenge": "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM",
+    "code_challenge_method": "S256",
+    "scope": "EuropeanDisabilityCard",
+    "authorization_details": [
+      {
+        "type": "openid_credential",
+        "credential_configuration_id": "EuropeanDisabilityCard"
+      }
+    ],
+    "redirect_uri": "https://client.example.com/cb"
+}
+
+
+
+

Note

+

Federation Check: The PID/(Q)EAA Provider MUST check that the Wallet Provider is part of the federation.

+
+
+

Note

+

The PID/(Q)EAA Provider MUST validate the signature of the the Wallet Attestation and that it is not expired.

+
+

Step 7 (PAR Response): The PID/(Q)EAA Provider provides a one-time use request_uri value. The issued request_uri value must be bound to the client identifier (client_id) that was provided in the Request Object.

+
+

Note

+

The entropy of the request_uri MUST be sufficiently large. The adequate shortness of the validity and the entropy of the request_uri depends on the risk calculation based on the value of the resource being protected. The validity time SHOULD be less than a minute, and the request_uri MUST include a cryptographic random value of 128 bits or more (RFC 9101). The entire request_uri SHOULD NOT exceed 512 ASCII characters due to the following two main reasons (RFC 9101):

+
+
    +
  1. Many phones on the market still do not accept large payloads. The restriction is typically either 512 or 1024 ASCII characters.

  2. +
  3. On a slow connection such as a 2G mobile connection, a large URL would cause a slow response; therefore, the use of such is not advisable from the user-experience point of view.

  4. +
+
+
+

The PID/(Q)EAA Provider returns the issued request_uri to the Wallet Instance. A non-normative example of the response is shown below.

+
HTTP/1.1 201 Created
+Cache-Control: no-cache, no-store
+Content-Type: application/json
+
+
+
{
+    "request_uri": "urn:ietf:params:oauth:request_uri:bwc4JK-ESC0w8acc191e-Y1LTC2",
+    "expires_in": 60
+}
+
+
+

Steps 8-9 (Authorization Request): The Wallet Instance sends an authorization request to the PID/(Q)EAA Provider Authorization Endpoint. Since parts of this Authorization Request content, e.g., the code_challenge parameter value, are unique to a particular Authorization Request, the Wallet Instance MUST only use a request_uri value once (RFC 9126); The PID/(Q)EAA Provider performs the following checks upon the receipt of the Authorization Request:

+
+
    +
  1. It MUST treat request_uri values as one-time use and MUST reject an expired request. However, it MAY allow for duplicate requests due to a user reloading/refreshing their user-agent (derived from RFC 9126).

  2. +
  3. It MUST identify the request as a result of the submitted PAR (derived from RFC 9126).

  4. +
  5. It MUST reject all the Authorization Requests that do not contain the request_uri parameter as the PAR is the only way to pass the Authorization Request from the Wallet Instance (derived from RFC 9126).

  6. +
+
+
GET /authorize?client_id=$thumprint-of-the-jwk-in-the-cnf-wallet-attestation$&request_uri=urn%3Aietf%3Aparams%3Aoauth%3Arequest_uri%3Abwc4JK-ESC0w8acc191e-Y1LTC2 HTTP/1.1
+Host: eaa-provider.example.org
+
+
+
+

Note

+

User Authentication and Consent: The PID Provider performs the User authentication based on the requirements of eIDAS LoA High by means of national notified eIDAS scheme and requires the User consent for the PID issuance. +The (Q)EAA Provider performs the User authentication requesting a valid PID to the Wallet Instance. The (Q)EAA Provider MUST use [OpenID4VP] to dynamically request the presentation of the PID. From a protocol perspective, the (Q)EAA Provider acts as a Relying Party, providing the presentation request to the Wallet Instance. The Wallet Instance MUST have a valid PID obtained prior to start the transaction with the (Q)EAA Provider.

+
+

Steps 10-11 (Authorization Response): The PID/(Q)EAA Provider sends an authorization code together with state and iss parameters to the Wallet Instance. The Wallet Instance performs the following checks on the Authorization Response:

+
+
    +
  1. It MUST check the Authorization Response contains all the defined parameters according to Table of the HTTP Response parameters.

  2. +
  3. It MUST check the returned value by the PID/(Q)EAA Provider for state parameter is equal to the value sent by Wallet Instance in the Request Object (RFC 6749).

  4. +
  5. It MUST check that the URL of PID/(Q)EAA Provider in iss parameter is equal to the URL identifier of intended PID/(Q)EAA Provider that the Wallet Instance start the communication with (RFC 9027).

  6. +
+
+
+

Note

+

The Wallet Instance redirect URI is a universal or app link registered with the local operating system, so this latter will resolve it and pass the response to the Wallet Instance.

+
+
HTTP/1.1 302 Found
+Location: https://start.wallet.example.org?code=SplxlOBeZQQYbYS6WxSbIA&state=fyZiOL9Lf2CeKuNT2JzxiLRDink0uPcd&iss=https%3A%2F%2Feaa-provider.example.org
+
+
+

Steps 12-13 (DPoP Proof for Token Endpoint): The Wallet Instance MUST create a new key pair for the DPoP and a fresh DPoP Proof JWT following the instruction provided in the Section 4 of (RFC 9449) for the token request to the PID/(Q)EAA Provider. The DPoP Proof JWT is signed using the private key for DPoP created by Wallet Instance for this scope. DPoP binds the Access Token to a certain Wallet Instance (RFC 9449) and mitigates the misuse of leaked or stolen Access Tokens at the Credential Endpoint.

+

Step 14 (Token Request): The Wallet Instance sends a token request to the PID/(Q)EAA Provider Token Endpoint with a DPoP Proof JWT and the parameters: code, code_verifier, and OAuth 2.0 Attestation based Client Authentication (OAuth-Client-Attestation and OAuth-Client-Attestation-PoP). +The OAuth-Client-Attestation is signed using the private key that is created during the setup phase to obtain the Wallet Attestation. The related public key that is attested by the Wallet Provider is provided within the Wallet Attestation (cnf claim). The PID/(Q)EAA Provider performs the following checks on the Token Request:

+
+
    +
  1. It MUST ensure that the Authorization code is issued to the authenticated Wallet Instance (RFC 6749) and was not replied.

  2. +
  3. It MUST ensure the Authorization code is valid and has not been previously used (RFC 6749).

  4. +
  5. It MUST ensure the redirect_uri matches the value included in the previous Request Object (see Section 3.1.3.1. of [OIDC]).

  6. +
  7. It MUST validate the DPoP Proof JWT, according to (RFC 9449) Section 4.3.

  8. +
+
+
POST /token HTTP/1.1
+Host: eaa-provider.example.org
+Content-Type: application/x-www-form-urlencoded
+DPoP: eyJ0eXAiOiJkcG9wK2p3dCIsImFsZyI6IkVTMjU2IiwiandrIjp7Imt0eSI6Ik
+OAuth-Client-Attestation: eyJhbGciOiJFUzI1NiIsImtpZCI6IkVVRzBFdlRWaUk1RU5aQXdVQ0lVTWdQQVk4X1VISW5fMkhIWlMxN3RfQzAifQ.eyJpc3MiOiAiaHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5jb20iLCAiYXVkIjogImh0dHBzOi8vYXMuZXhhbXBsZS5jb20iLCAibmJmIjogMTMwMDgxNTc4MCwgImV4cCI6IDEzMDA4MTkzODB9._v3bjJelKI0TNpbc4ysS7yJupwSZzMPQ0ZQ9N5zj8XGQ_T3NN9bghUyVzegR60xokqBnqmMS4iYgPOL7ekEspw
+OAuth-Client-Attestation-PoP: eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiIgaHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5jb20iLCJhdWQiOiIgaHR0cHM6Ly9hcy5leGFtcGxlLmNvbSIsImp0aSI6IjVlZmY5YzFiLWVkMGQtNDdlOC1hNTUzLWY3NGRmMWJiZWVkZCIsImlhdCI6MTcyMjI0OTQ0NywiZXhwIjoxNzIyMjQ5NzQ3fQ.aZpx7u7R-W8q7fJh9BEaRf8LM7RQRxAVc-okalAVqxHWqUMh3ehYukMLaCsiDQ33pyS41Y5PEsZ3HXwAXQ3nMg
+
+grant_type=authorization_code
+&code=SplxlOBeZQQYbYS6WxSbIA
+&code_verifier=dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk
+&redirect_uri=https://start.wallet.example.org/cb
+
+
+

Step 15 (Token Response): The PID/(Q)EAA Provider validates the request, if successful an Access Token (bound to the DPoP key) and a fresh c_nonce are provided by the Issuer to the Wallet Instance. The parameter c_nonce is a string value, which MUST be unpredictable and is used later by the Wallet Instance in Step 18 to create the proof of possession of the key (proof claim) and it is the primary countermeasure against key proof replay attack. Note that, the received c_nonce value can be used to create the proof as long as the Issuer provides the Wallet Instance with a new c_nonce value.

+
HTTP/1.1 200 OK
+Content-Type: application/json
+Cache-Control: no-store
+
+
+
{
+    "access_token": "eyJ0eXAiOiJhdCtqd3QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImM5NTBjMGU2ZmRlYjVkZTUwYTUwMDk2YjI0N2FmMDNjIn0.eyJpc3MiOiJodHRwczovL2VhYS1wcm92aWRlci53YWxsZXQuaXB6cy5pdCIsInN1YiI6ImQ0ZTBiYjM4N2FhMjU1NmZmMzA2OTI1ZmRmYjlhNzY1IiwiYXVkIjoiaHR0cHM6Ly9lYWEtcHJvdmlkZXIud2FsbGV0LmlwenMuaXQvY3JlZGVudGlhbCIsImlhdCI6MTcxNTg0MjU2MCwiZXhwIjoxNzc4OTE0NTYwLCJqdGkiOiJmOTY1NWNlYi1jNjVjLTQwMjUtOTM3OC1iNjY3MmI2MTQ5YmciLCJjbGllbnRfaWQiOiI0N2I5ODIzNjk3OTFkMDgwMDNhNzI4M2YwNTljYjBkMSIsImNuZiI6eyJqa3QiOiI5NTE1NzRhZWUxYmI3OTA3YWUxZWMzMTA5ZGIyYjIyNSJ9fQ.3ZfQN6KuNtJHjbGiYxHYqXIe0WrFIqYXNUio2a0bFy4eWystd7ZNCcmfoRojmmHQwccjNADqBKG7beYwbQ4jPg",
+    "token_type": "DPoP",
+    "expires_in": 3600,
+    "c_nonce": "ts_EtUQs0ieiIS1NYNBHEQSoy3ct4gpy-4FZKwHilkY",
+    "c_nonce_expires_in": 86400,
+    "authorization_details": [
+      {
+        "type": "openid_credential",
+        "credential_configuration_id": "DisabilityCard"
+      }
+    ]
+}
+
+
+

The non-normative example of the DPoP Access Token is given below.

+
{
+    "typ": "at+jwt",
+    "alg": "ES256",
+    "kid": "c950c0e6fdeb5de50a50096b247af03c"
+}
+
+
+
{
+    "iss": "https://eaa-provider.example.org",
+    "sub": "d4e0bb387aa2556ff306925fdfb9a765",
+    "aud": "https://eaa-provider.example.org",
+    "iat": 1715842560,
+    "exp": 1778914560,
+    "jti": "f9655ceb-c65c-4025-9378-b6672b6149bg",
+    "client_id": "47b982369791d08003a7283f059cb0d1",
+    "cnf": {
+      "jkt": "951574aee1bb7907ae1ec3109db2b225"
+    }
+}
+
+
+

Steps 16-17 (DPoP Proof for Credential Endpoint): The Wallet Instance for requesting the Digital Credential creates a proof of possession with c_nonce obtained in Step 15 and using the private key used for the DPoP, signing a DPoP Proof JWT according to (RFC 9449) Section 4. The jwk value in the proof parameter MUST be equal to the public key referenced in the DPoP.

+

Step 18 (Credential Request): The Wallet Instance sends a request for the Digital Credential to the PID/(Q)EAA Credential endpoint. This request MUST include the Access Token, DPoP Proof JWT, credential type, proof (which demonstrates possession of the key), and format parameters. The proof parameter MUST be an object that contains evidence of possession of the cryptographic key material to which the issued PID/(Q)EAA Digital Credential will be bound. To verify the proof, the PID/(Q)EAA Provider conducts the following checks at the Credential endpoint:

+
+
    +
  1. the JWT proof MUST include all required claims as specified in the table of Section Token Request;

  2. +
  3. The key proof MUST be explicitly typed using header parameters as defined for the respective proof type;

  4. +
  5. The header parameter alg MUST indicate a registered asymmetric digital signature algorithm, and MUST NOT be set to none;

  6. +
  7. The signature on the key proof MUST be verified using the public key specified in the header parameter.

  8. +
  9. The header parameter MUST NOT contain a private key.

  10. +
  11. If a c_nonce value was previously provided by the server, the nonce claim in the JWT MUST match this c_nonce value. Furthermore, the creation time of the JWT, as indicated by the iat claim or a server-managed timestamp via the nonce claim, MUST be within an acceptable window of time as determined by the server.

  12. +
+
+
+

Note

+

PID/(Q)EAA Credential Schema and Status registration: The PID/(Q)EAA Provider MUST register all the issued Credentials for their later revocation, if needed.

+
+
+

Note

+

It is RECOMMENDED that the public key contained in the jwt_proof be specifically generated for the requested Credential (fresh cryptographic key) to ensure that different issued Credentials do not share the same public key, thereby remaining unlinkable to each other.

+
+

A non-normative example of the Credential Request is provided below.

+
POST /credential HTTP/1.1
+  Host: eaa-provider.example.org
+Content-Type: application/json
+Authorization: DPoP Kz~8mXK1EalYznwH-LC-1fBAo.4Ljp~zsPE_NeO.gxU
+DPoP: eyJ0eXAiOiJkcG9wK2p3dCIsImFsZyI6IkVTMjU2IiwiandrIjp7Imt0eSI6Ik
+    VDIiwieCI6Imw4dEZyaHgtMzR0VjNoUklDUkRZOXpDa0RscEJoRjQyVVFVZldWQVdCR
+    nMiLCJ5IjoiOVZFNGpmX09rX282NHpiVFRsY3VOSmFqSG10NnY5VERWclUwQ2R2R
+    1JEQSIsImNydiI6IlAtMjU2In19.eyJqdGkiOiJlMWozVl9iS2ljOC1MQUVCIiwiaHRtIj
+    oiR0VUIiwiaHR1IjoiaHR0cHM6Ly9yZXNvdXJjZS5leGFtcGxlLm9yZy9wcm90ZWN0Z
+    WRyZXNvdXJjZSIsImlhdCI6MTU2MjI2MjYxOCwiYXRoIjoiZlVIeU8ycjJaM0RaNTNF
+    c05yV0JiMHhXWG9hTnk1OUlpS0NBcWtzbVFFbyJ9.2oW9RP35yRqzhrtNP86L-Ey71E
+    OptxRimPPToA1plemAgR6pxHF8y6-yqyVnmcw6Fy1dqd-jfxSYoMxhAJpLjA
+
+
+
{
+    "format": "vc+sd-jwt",
+    "vct": "EuropeanDisabilityCard",
+    "proof": {
+      "proof_type": "jwt",
+      "jwt": "eyJ0eXAiOiJvcGVuaWQ0dmNpLXByb29mK2p3dCIsImFsZyI6IkVTMjU2IiwiandrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoicFZVM2phdHU0YTN0azljOWFvd1ZnTHlCQl9ySjdNLTNXbGprMWVqVXoyRSIsInkiOiJUTDVPTnZSLUlnYXJuZ3J6NWpkdnNwb2ZmekZ3Y2pQUnRGVWtlbmVIRUkwIn19.eyJpc3MiOiI0N2I5ODIzNjk3OTFkMDgwMDNhNzI4M2YwNTljYjBkMSIsImF1ZCI6Imh0dHBzOi8vZWFhLXByb3ZpZGVyLndhbGxldC5pcHpzLml0L2NyZWRlbnRpYWwiLCJpYXQiOjE3MDU1NzAwNTUsImV4cCI6MTc3ODkxNDU2MCwibm9uY2UiOiJ0c19FdFVRczBpZWlJUzFOWU5CSEVRU295M2N0NGdweS00RlpLd0hpbGtZIn0.ILIEIk_mBJp8BHyngsPHIUyM3WGaOkt9hsdref3Qek4kYAtAfRRER6DgTeRURNAWKBem8m1mILYhBTNFfZcJjg"
+    }
+}
+
+
+

Where a non-normative example of the decoded content of the jwt parameter is represented below, +without encoding and signature. The JWS header:

+
{
+    "typ": "openid4vci-proof+jwt",
+    "alg": "ES256",
+    "jwk": {
+      "kty": "EC",
+      "crv": "P-256",
+      "x": "pVU3jatu4a3tk9c9aowVgLyBB_rJ7M-3Wljk1ejUz2E",
+      "y": "TL5ONvR-Igarngrz5jdvspoffzFwcjPRtFUkeneHEI0"
+    }
+}
+
+
+
{
+    "iss": "47b982369791d08003a7283f059cb0d1",
+    "aud": "https://eaa-provider.example.org",
+    "iat": 1705570055,
+    "nonce": "ts_EtUQs0ieiIS1NYNBHEQSoy3ct4gpy-4FZKwHilkY"
+}
+
+
+

Steps 19-21 (Credential Response): The PID/(Q)EAA Provider MUST validate the DPoP JWT Proof based on the steps defined in Section 4.3 of (RFC 9449) and whether the Access Token is valid and suitable for the requested PID/(Q)EAA. It also MUST validate the proof of possession for the key material the new credential SHALL be bound to, according to OpenID4VCI Section 7.2.2. If all checks succeed, the PID/(Q)EAA Provider creates a new Credential bound to the key material and provide it to the Wallet Instance. The Wallet Instance MUST perform the following checks before proceeding with the secure storage of the PID/(Q)EAA:

+
+
    +
  1. It MUST check that the PID Credential Response contains all the mandatory parameters and values are validated according to Table of the credential response parameters.

  2. +
  3. It MUST check the PID integrity by verifying the signature using the algorithm specified in the alg header parameter of SD-JWT (PID/(Q)EAA Data Model) and the public key that is identified using using the kid header of the SD-JWT.

  4. +
  5. It MUST check that the received PID (in credential claim) matches the schema defined in PID/(Q)EAA Data Model.

  6. +
  7. It MUST process and verify the PID in SD-JWT VC format (according to SD-JWT Section 6.) or MDOC CBOR format.

  8. +
  9. It MUST verify the Trust Chain in the header of SD-JWT VC to verify that the PID Provider is trusted.

  10. +
+
+

If the checks defined above are successful the Wallet Instance proceeds with the secure storage of the PID/(Q)EAA.

+
HTTP/1.1 200 OK
+Content-Type: application/json
+Cache-Control: no-store
+Pragma: no-cache
+
+
+
{
+    "credential": "eyJ0eXAiOiJ2YytzZC1qd3QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImM5NTBjMGU2ZmRlYjVkZTUwYTUwMDk2YjI0N2FmMDNjIn0.eyJfc2QiOlsiQ1JJQkdpbWhhbE1TSzhLZUxmNzg2N0w4cHV6MEZnRTVaS1VXLW12N0hiYyIsIlhhZjVJZFVGc0UzYWtabEszT0E5d3dHcjJKcVAwUU01M3BBY2hiempRZmMiLCJjR2FuQVdySG9WQVoyalBhNXk0SzE3U0xpYWFKcGRNUF9PdnBmTGx0VWJjIiwiNEFuZU1ZVVAxRWh3emRHdkRQOEhobnRaRGN1ejZrOHhHWVJ0NXo0SHh0SSIsIjRuYTVXSHRMYzdrYnNxdHFVaHd6WXdVdUQtY3hKVmdENmRaLTl0ZUdhZ3MiLCJiZS10a2U3YVU0WmhDNWUxcGZqRjcxUWpFRzRsZG1IaFRoUFl1TnQyOHo0IiwiSnNkaHhTMWRVTTJaN29MUmZYWVJvOFFEaDJ4M1dQNkdILUJnY21DdzJGayIsIlVobXBRSy1HS3hzaHJwXzZwYVpfZzROVG5fX29aeVdOb01zTGNaMUhlMjgiLCJOdDdQU3RxMkEyWkliUHBHdTJpdmVSek9rbWpYUEN1V0RBdy0tdktSQTBjIiwiV3Rtck5JVzFTVkN0UnZNUF9UM2YtRGlhRUdHNS1iVk5rWGJRckowRnpzRSJdLCJleHAiOjE3NDY1MTU5NzIsImlzcyI6Imh0dHBzOi8vZWFhLXByb3ZpZGVyLmlwenMuaXQiLCJzdWIiOiJOemJMc1hoOHVEQ2NkN25vV1hGWkFmSGt4WnNSR0M5WHMiLCJzdGF0dXMiOnsic3RhdHVzX2F0dGVzdGF0aW9uIjp7ImNyZWRlbnRpYWxfaGFzaF9hbGciOiJzaGEtMjU2In19LCJ2Y3QiOiJEaXNhYmlsaXR5Q2FyZCIsIl9zZF9hbGciOiJzaGEtMjU2IiwiY25mIjp7Imp3ayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6InBWVTNqYXR1NGEzdGs5Yzlhb3dWZ0x5QkJfcko3TS0zV2xqazFlalV6MkUiLCJ5IjoiVEw1T052Ui1JZ2FybmdyejVqZHZzcG9mZnpGd2NqUFJ0RlVrZW5lSEVJMCJ9fX0.v9ynFXhKXPOhQSMmuLvIBKRWfPEPDf4QwDoNmDOjMROxr5J4Hshh9mBEM5qohH_PDE62i1TLc36C65jFYa7x3A~WyIwQUx5SzRfUi1aVUpTekVKdW5HTFdRIiwiaWF0IiwiMTc0NzExOTU5NSJd~WyItT25uM29FcGh6TDNncHJUcVF0YUd3IiwiZG9jdW1lbnRfbnVtYmVyIiwiMDAwMDAwMDIiXQ~WyJ2bmtVX2tJV2RSa1dPZzBoNlRYcDd3IiwiZ2l2ZW5fbmFtZSIsIk1hcmlvIl~WyJvRUdnaVZQaXV1dEJVby1wcTd6WURBIiwiZmFtaWx5X25hbWUiLCJSb3NzaSJd~WyJGVU1iQm5hLWhlLUlaWTZkOVZ1UkNBIiwiYmlydGhfZGF0ZSIsIjE5ODAtMDEtMTAiXQ~WyJjQ0ZDeXljV1J4alZINkZURVR5OTd3IiwidGF4X2lkX2NvZGUiLCJSU1NNUkE4MFIwMUg1MDFCIl0~WyJVSEFhaWZ1bzloTW9pbkVDU0loOG9RIiwiZXhwaXJ5X2RhdGUiLCIyMDMwLTAxLTEwIl~WyJ3TW1xYkkzTFRPMDVLajFoLXNpWWhRIiwiY29uc3RhbnRfYXR0ZW5kYW5jZV9hbGxvd2FuY2UiLCIwIl0~WyJBODVjeFI1REZyOElfaFZFQTZqZGNBIiwibGlua19xcl9jb2RlIiwiaHR0cHM6Ly9xci5leGFtcGxlLmNvbSJd~WyJHWHRYNXNueTctVEVpblhZajNMdGdBIiwicG9ydHJhaXQiLCIvOWovNEFBUVNrWkpSZ0FCQVFFQkxBRXNBQUQvNFFCV1JYaHBaZ0FBVFUwQUtnQUFBQWdBQkFFYUFBVUFBQUFCQUFBQVBnRWJBQVVBQUFBQkFBQUFSZ0VvQUFNQUFBQUJBQUlBQUFJVEFBTUFBQUFCQUFFQUFBQUFBQUFBQUFFc0FBQUFBUUFBQVN3QUFBQUIvKzBBTEZCb2IzUnZjMmh2Y0NBekxqQUFPRUpKVFFRRUFBQUFBQUFQSEFGYUFBTWJKVWNjQVFBQUFnQUVBUC9oRElGb2RIUndPaTh2Ym5NdVlXUnZZbVV1WTI5dEwzaGhjQzh4TGpBdkFEdy9lSEJoWTJ0bGRDQmlaV2RwYmowbjc3dS9KeUJwWkQwblZ6Vk5NRTF3UTJWb2FVaDZjbVZUZWs1VVkzcHJZemxrSno4K0NqeDRPbmh0Y0cxbGRHRWdlRzFzYm5NNmVEMG5ZV1J2WW1VNmJuTTZiV1YwWVM4bklIZzZlRzF3ZEdzOUowbHRZV2RsT2pwRmVHbG1WRzl2YkNBeE1DNHhNQ2MrQ2p4eVpHWTZVa1JHSUhodGJHNXpPbkprWmowbmFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdk1UazVPUzh3TWk4eU1pMXlaR1l0YzNsdWRHRjRMVzV6SXljK0Nnb2dQSEprWmpwRVpYTmpjbWx3ZEdsdmJpQnlaR1k2WVdKdmRYUTlKeWNLSUNCNGJXeHVjenAwYVdabVBTZG9kSFJ3T2k4dmJuTXVZV1J2WW1VdVkyOXRMM1JwWm1Zdk1TNHdMeWMrQ2lBZ1BIUnBabVk2VW1WemIyeDFkR2x2YmxWdWFYUStNand2ZEdsbVpqcFNaWE52YkhWMGFXOXVWVzVwZEQ0S0lDQThkR2xtWmpwWVVtVnpiMngxZEdsdmJqNHpNREF2TVR3dmRHbG1aanBZVW1WemIyeDFkR2x2Ymo0S0lDQThkR2xtWmpwWlVtVnpiMngxZEdsdmJqNHpNREF2TVR3dmRHbG1aanBaVW1WemIyeDFkR2x2Ymo0S0lEd3ZjbVJtT2tSbGMyTnlhWEIwYVc5dVBnb0tJRHh5WkdZNlJHVnpZM0pwY0hScGIyNGdjbVJtT21GaWIzVjBQU2NuQ2lBZ2VHMXNibk02ZUcxd1RVMDlKMmgwZEhBNkx5OXVjeTVoWkc5aVpTNWpiMjB2ZUdGd0x6RXVNQzl0YlM4blBnb2dJRHg0YlhCTlRUcEViMk4xYldWdWRFbEVQbUZrYjJKbE9tUnZZMmxrT25OMGIyTnJPamxqTmpabVpUZGxMVFkzWTJRdE5ETTRZeTA1WlRobUxUSXdPREE1TkRObU9UWTJaVHd2ZUcxd1RVMDZSRzlqZFcxbGJuUkpSRDRLSUNBOGVHMXdUVTA2U1c1emRHRnVZMlZKUkQ1NGJYQXVhV2xrT2pSaE16ZzBZVFUxTFdJek1UZ3ROR05rWVMwNE4yVXpMVE14TVRZd00yTmhaVEUzT0R3dmVHMXdUVTA2U1c1emRHRnVZMlZKUkQ0S0lEd3ZjbVJtT2tSbGMyTnlhWEIwYVc5dVBnbzhMM0prWmpwU1JFWStDand2ZURwNGJYQnRaWFJoUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQUtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQW9nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBS0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUFvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQUtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQW9nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBS0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUFvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQUtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQW9nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBS0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lBbzhQM2h3WVdOclpYUWdaVzVrUFNkM0p6OCsvOXNBUXdBRkF3UUVCQU1GQkFRRUJRVUZCZ2NNQ0FjSEJ3Y1BDd3NKREJFUEVoSVJEeEVSRXhZY0Z4TVVHaFVSRVJnaEdCb2RIUjhmSHhNWElpUWlIaVFjSGg4ZS85c0FRd0VGQlFVSEJnY09DQWdPSGhRUkZCNGVIaDRlSGg0ZUhoNGVIaDRlSGg0ZUhoNGVIaDRlSGg0ZUhoNGVIaDRlSGg0ZUhoNGVIaDRlSGg0ZUhoNGVIaDRlLzhBQUVRZ0JhQUZvQXdFUkFBSVJBUU1SQWYvRUFCMEFBUUFCQlFFQkFRQUFBQUFBQUFBQUFBQUdBUVVIQ0FrRUFnUC94QUJDRUFFQUFRTUNBZ01OQlFVSEJRQUFBQUFBQVFJREJBVUdCeEVoTVZFSUVoTVVGeUpCVm1GeG9hVFNRb0dSa3NFak1rT0NvaFVXWW5LRHNzSVlObEoxcy8vRUFCWUJBUUVCQUFBQUFBQUFBQUFBQUFBQUFBQUJBdi9FQUJZUkFRRUJBQUFBQUFBQUFBQUFBQUFBQUFBUkFmL2FBQXdEQVFBQ0VRTVJBRDhBM0xBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFCNXRTejhMVE1HN25hamwyTVRGczA5OWN2WHJrVVVVUjJ6TTlFQXdudmZ1bHRwNlZjcnh0dDRPVHIxNm5uSGh1ZmdNZm43S3FvbXFyN3FlWHRJTVY2MTNTWEVQTnVUT0JScEdsMGVpTFdOTjJxUHZybVkrQ3dXWHk5Y1ZlLzc3KzgxUHU4UXNjdjloQmV0RjdwTGlIaFhJblBvMGpWS1BURjNHbTFWUDMwVEVmQWd5cHNqdWx0cDZyY294dHlZT1RvTjZybEhodWZoOGZuN2FxWWlxbjc2ZVh0U0RObW01K0ZxZUZhenRPeTdHWGkzcWUrdDNyTnlLNks0N1ltT2lRZWtBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFFTTRyOFJkQzRlYUY0OXFkVTM4dTl6cHc4SzNWRVhMOVVmN2FZOU5VOUVlMmVVQTB2NGs4UXR6YisxT2NyWE15ZkZxS3BuSHdiVXpGaXhIc3A5TlgrS2VjKzdxVVJKUUFBQUJMZUczRUxjMndkVGpLMFBNbnhhdXFKeU1HN016WXZ4N2FmUlYvaWpsUHY2a0c2SENqaUxvWEVQUXZIdE1xbXhsMmVWT1poWEtvbTVZcW4vZFRQb3Fqb24yVHpoQk13QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQVdQZm01OU4yZHRYTzNEcXRmTEh4YU9jVVJQblhhNTZLYUtmYlZQS1BqNkFhRWI4M1ZxKzg5elpXdjZ6ZTcvSXZ6eW90MHo1bGkzSDd0dWlQUlRIeG5uTTlNcUxFb0FBQUFBQXZ1dzkxYXZzemMyTHIralh1OHlMRThxN2RVK1pmdHorOWJyajAwejhKNVRIVENEZmZZZTU5TjNqdFhCM0RwVmZQSHlxT2MwVFBuV3E0NktxS3ZiVFBPUGo2VUY4QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQnFSM1l1OHE5VDNkajdReGJzK0o2VFRGM0ppSjZLOGl1bm5IUC9MUk1mZlhLNE1ES0FBQUFBQUFBTTg5eDF2S3ZUTjNaRzBNcTdQaWVxMHpkeG9tZWlqSW9wNXp5L3pVUlAzMFFtamJkQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFCK2VUZHQyTWU1ZnUxZDdidDB6WFZQWkVSemtIT1RjK3JYdGUzSHFXdDVGVXpkejhxNWtWZnpWVE1SOTBjbys1UmJsQUFBQUFBQUFGeDJ4cTE3UWR4NmJyZVBWTVhjREt0NUZQOHRVVE1mZkhPUHZRZEc4YTdidjQ5dS9hcTc2M2NwaXVtZTJKam5DRDlBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQVI3aVhmcXh1SFc1TWlpZVZWdlNzcXFtZmJGcW9ITytpT1ZGTWRrUkRRcUFBQUFBQUFBQ2xjYzZLbzdZbUFkRU9HbCtySjRkYmJ5SzU1MVhOS3hhcXA5czJxV1JJUUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFXWGZtSlZxR3lOZHdhSTUxNUdtNUZxbVBiVmJxaUFjNktPbWltWjdJYUZRQUFBQUFBQUFVcjZLS3Bqc2tIUmZZZUpWcCt5TkN3YTQ1VjQrbTQ5cXFQYlRicGlXUmVnQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQVVxaUppWW1PY0E1NThUZHYzTnJjUU5iMEt1aWFhY1hNcjhEempydFZUMzF1ZnkxUW9qaWdBQUFBQUFBQ1I4TXR2M04wY1FORTBLaWlhcWNyTW84TnlqcXRVejMxeWZ5MHlnNkdVeEVSRVJIS0VGUUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBYTNkMlRzV3UvalltKzlQc3pWT1BUR0xxVVV4L0Q1L3M3ays2Wm1tWi94VTlpNE5ZRkFBQUFBQUFBR3ovY2JiRnJzWTJYdnZVTE0wemtVemk2YkZVZncrZjdTNUh2bUlwai9BQzFkcWFOa1VBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFIbjFIQ3hkUndMK0JuV0tNakZ5TGRWcTlhcmpuVFhSVkhLWW4yVEFOSGVPWEREUDRkN2hud1ZGM0kwSExybWNIS21PZmUrbndWYytpdU8zN1VkUGJFVVk1VUFBQUFBQVpHNEc4TU0vaUp1R1BDMFhjZlFjU3VKenNxSTVkOTZmQlVUL3dDYzl2Mlk2ZXlKZzNpMDdDeGRPd0xHQmcyS01mRng3ZE5xemFvamxUUlJUSEtJajJSQ0QwQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUE4RzRORzB2WDlJeU5KMWpDczV1RmtVOTdkczNZNXhWSDZUSFhFeDB4UFVEVTdpMzNQbXZiZXUzdFMyalRlMXZTZWMxZUx4MDVWaU96bC9FajJ4NTNiSHBXakNOeWl1M2NydDNLYXFLNko1VjAxUnlxcG5zbUo2WWxSOGdBQStyZEZkeTVSYnQwMVYxMXp5b3Bwam5WVlBaRVIweklNM2NKTzU4MTdjTjJ6cVc3cWIyaWFUemlyeGVlakt2eDJjdjRjZTJmTzdJOUtVYlk3ZjBiUzlBMGpIMG5SOEt6aFlXUFQzdHF6YWpsRk1mck05Y3pQVE05YUQzZ0FBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBY3dlRFU5WjBqVEtacTFMVk1IQ3Bqcm5JeUtMY2YxVEFJSnJPQndlNGxabHpGeWIyM2RYejZQTjhKajVWRk9SSHVyb21LcCtNQWhldGR5OXRYSXJtdlNkd2F4cDhUOWk3RkYrbVB4aUorSzBXYi9wV283Ly9BTDVxNzMvMWtjLy9BS0ZGNTBYdVh0cTQ5Y1Y2dHVEV05RaVBzV29vc1V6K0VWVDhTaWFhTmdjSHVHdVpieGNhOXQzU00rdnpmQ1pHVlJWa1Q3NjY1bXFQaENDZDZack9rYW5URldtNnBnNXRNOVU0K1JSY2orbVpCNytZQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFMSnZEZG0zZG82ZC9hRzR0V3h0UHNUUEtqd2xYT3E1UFpSVEhuVlQ3SWlRWWIxM3VvdHM0OTJxalJ0dTZycU1SMVhMMWRHUFRWN284NnJsNzRoWUlacTNkUmJvdmQ5R21iYjBqRXBucW0vZHVYNm8vRHZZSUlocTNIdmlobnhWVFRyOXJDb243T0poMjZPWDMxUlZQeElJanErK041NnZFeHFXNjlieXFaNjZhczJ1S2Z5eE1SOEFSKzVNM0s1cnVmdEtwKzFYNTAvaktpbnBpZlRIVlBZQ1JhUHZuZW1rVVJiMHpkbXQ0dHVPcWlqTnJtbVA1Wm1ZUVhmeXZjVGU4NzMrK3VxOHZmUnovQUI3MGd0R3NiNTNwcTlFMjlUM1pyZVZibnJvcnphNHBuK1dKaUFSMzB6UHBucm50VVZ0ek51dUs3ZjdPcVB0VWViUDR3Q1FhUnZqZWVrUkVhYnV2VzhXbU9xbW5Ocm1uOHN6TWZCQkx0SjQ5OFVNQ0thYXRmdFp0RWVqTHc3ZGZQNzZZcG40a0V2MG51b3QwV2U5alU5dDZSbDB4MXpZdTNMRlUvajMwRUV6MEx1b3RzNUYybWpXZHZhcnAwVDEzTE5kR1JUSDNlYlZ5OTBTUVprMmZ1emJ1N3RPL3REYnVyWTJvV0lubFg0T3JsVmJuc3JwbnpxWjlreENDOWdBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQWhuR0hmdUR3OTJmZDFqSW9wdjVkeXJ3T0ZqVFZ5OE5kbU9jUlBaVEVkTXoyUjJ6QU5HTjI3ajFuZFd1WHRaMTdPdVptWmRuOTZyb3BvcDlGRkZQVlRUSG9pUGpQU290S2dBQUFBQUFBQUFBQUFBQzdiUzNIck8xZGNzNnpvV2Rjdzh5MVA3MVBUVFhUNmFLNmVxcW1leWZoUFNnM240UGI5d2VJV3o3V3NZOUZOakx0MWVCemNhS3VmZ2JzUnptSTdhWmpwaWV5ZTJKUVRNQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUdtZmRkN2l2YXR4VHEwZUxremk2TmowV2FLWW5vOEpjaUs2NnZmeW1pUDVWd1liVUFBQUFBQUFBQUFBQUFBQUFabDdrVGNWN1NlS2RPanpjbU1YV2NldXpYVE05SGhMY1RYUlY3K1VWeC9NbWpjdEFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFucUJvRnh5ditNY1lkMTNPZlZxZHlqOHNSVC94WEJERkFBQUFBQUFBQUFBQUFBQUFFejRHMy9GK01PMUxuUHIxTzNSK2FKcC81Sm8zOWpxUUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUpCenM0aDVIamUvOEFjV1Z6NStGMVhLcWlmOVdwUllsQUFBQUFBQUFBQUFBQUFBQUY5NGVaSGltLzl1NVhQbDRMVmNXcVovMWFVSFJPRUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUZLcGlLWm1laUk2UWMyZFV2VGthbmw1RTlNM2NpNWMvTlhNL3FvOHlnQUFBQUFBQUFBQUFBQUFBRDA2WGVuSDFQRXlJNkp0WkZ1NStXdUovUkIwbXBtSnBpWTZZbnBRVkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQjRkd1gvRmRDejhtWjVSYXhydGY0VVRQNkE1dVVUem9wcW5ybUlsb1ZBQUFBQUFBQUFBQUFBQUFBQlN1ZVZGVlVkY1JNZzZSN2Z2K05hRmdaTVR6aTdqV3EveG9pZjFaSHVBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUJIT0tHUkdKdzMzTGs4K1hnOUp5WmlmYjRLb0hQR21PVk1SMlJFTkNvQUFBQUFBQUFBQUFBQUFBQUtWUnpwbU8ySmdIUTdoZmtSbDhOOXRaUFBuNFRTY2FabjIrQ3BaRWpBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUJCTzZDeVBGdURHNnJrVHk1NmZYYi9OTVUvcURRdWV1V2hRQUFBQUFBQUFBQUFBQUFBQUZZNjRCdnAzUHVSNHp3WTJyY21lZkxUNkxmNVptbjlHUk93QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFZLzdvckN5Yy9ndHViSHhLS3E3bE9MRjJhYVk1ek5OdXVtdXIrbW1RYUh0QUFBQUFBQUFBQUFBQUFBQUFBRGZEdWRjTEp3T0MyMmNmTG9xb3UxWXMzWXBxamxNVTNLNnE2ZjZhb1pHUUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQWZOeWlpN2JxdDNLS2E2S29tS3FhbzV4TVQxeE1BMWI0cGR6ZHFsR3FYdFEySGN4NytGZXFtcU5PdjNmQjEySm43TkZjK2JWVDJSTXhNZFhPVm9nUGtINHErcS93QTlZK3NvZVFmaXI2ci9BRDFqNnloNUIrS3ZxdjhBUFdQcktIa0g0cStxL3dBOVkrc29lUWZpcjZyL0FEMWo2eWg1QitLdnF2OEFQV1ByS0hrSDRxK3Evd0E5WStzb2VRZmlyNnIvQUQxajZ5aDVCK0t2cXY4QVBXUHJLSGtINHErcS93QTlZK3NvZVFmaXI2ci9BRDFqNnloNUIrS3ZxdjhBUFdQcktIa0g0cStxL3dBOVkrc29lUWZpcjZyL0FEMWo2eWg1QitLdnF2OEFQV1ByS0hrSDRxK3Evd0E5WStzb2VRZmlyNnIvQUQxajZ5aWZjTGU1dTFTdlZMT29iOHVZOWpDczFSVk9uV0x2aEs3OHg5bXV1UE5wcDdZaVptZXJuQlJ0SmJvb3RXNmJkdWltaWltSWltbW1PVVJFZFVSQ0Q2QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFCLy9aIl0",
+    "c_nonce": "ff_EtUQs0ieiIS1NYNBHEQSoy3ct4gpy-89JKwHilrT",
+    "c_nonce_expires_in": 86400,
+    "notification_id": "dab8ef51-fb43-43a5-a5c1-247c93ddb942"
+}
+
+
+
+

Note

+

If the issuance of the requested Credential cannot be issued immediately and it requires more time to be issued, then the PID/(Q)EAA Provider MAY support the Deferred Flow (step 24) as specified in Section Deferred Flow.

+
+

Steps 22 (Notification Request): According to Section 10.1 of [OpenID4VCI], the Wallet sends an HTTP POST request to the Notification Endpoint using the application/json media type as in the following non-normative example.

+
POST /notification HTTP/1.1
+Host: eaa-provider.example.org
+Content-Type: application/json
+Authorization: DPoP Kz~8mXK1EalYznwH-LC-1fBAo.4Ljp~zsPE_NeO.gxU
+DPoP: eyJ0eXAiOiJkcG9wK2p3dCIsImFsZyI6IkVTMjU2IiwiandrIjp7Imt0eSI6Ik
+    VDIiwieCI6Imw4dEZyaHgtMzR0VjNoUklDUkRZOXpDa0RscEJoRjQyVVFVZldWQVdCR
+    nMiLCJ5IjoiOVZFNGpmX09rX282NHpiVFRsY3VOSmFqSG10NnY5VERWclUwQ2R2R
+    1JEQSIsImNydiI6IlAtMjU2In19.eyJqdGkiOiJlMWozVl9iS2ljOC1MQUVCIiwiaHRtIj
+    oiR0VUIiwiaHR1IjoiaHR0cHM6Ly9yZXNvdXJjZS5leGFtcGxlLm9yZy9wcm90ZWN0Z
+    WRyZXNvdXJjZSIsImlhdCI6MTU2MjI2MjYxOCwiYXRoIjoiZlVIeU8ycjJaM0RaNTNF
+    c05yV0JiMHhXWG9hTnk1OUlpS0NBcWtzbVFFbyJ9.2oW9RP35yRqzhrtNP86L-Ey71E
+    OptxRimPPToA1plemAgR6pxHF8y6-yqyVnmcw6Fy1dqd-jfxSYoMxhAJpLjA
+
+
+
{
+    "notification_id": "dab8ef51-fb43-43a5-a5c1-247c93ddb942",
+    "event": "credential_accepted"
+}
+
+
+

Steps 23 (Notification Response): When the Credential Issuer has successfully received the Notification Request from the Wallet, it MUST respond with an HTTP status code 204 as recommended in Section 10.2 of [OpenID4VCI]. Below is a non-normative example of response to a successful Notification Request:

+
HTTP/1.1 204 No Content
+
+
+
+
+

Deferred Flow

+

The PID/(Q)EAA Providers MAY support a Deferred Flow which has the aim of handling the cases where an immediate issuance is not possible for some reasons due to errors during the communication between the PID/(Q)EAA Provider and the Authentic Source (for example the Authentic Source is temporarily unavailable, etc.) or due to administrative or technical processes that do not allow the Credential to be provided immediately.

+
+

General Requirements

+
+
    +
  1. The Deferred Credential request MAY also happen several days after the initial Credential request.

  2. +
  3. The User MUST be informed that the Credential is available and ready to be issued.

  4. +
  5. The Wallet Provider MUST NOT be informed about which Credential is available to be issued or which Credential Provider the User needs to contact.

  6. +
  7. The Wallet Instance MUST be informed about the amount of time to wait before making a new Credential request.

  8. +
  9. As, in general, an unavailability may be an unexpected event, the PID/(Q)EAA Provider MUST be able to switch on the fly between a immediate and an deferred flow. This decision MUST be taken after the authorization step.

  10. +
+
+
+
+

Technical Flow

+

If PID/(Q)EAA Providers, supporting this flow, are not able to immediately issue a requested Credential, they MUST provide the Wallet Instance with an HTTP Credential Response cointaining the amount of time to wait before making a new Credential request. The HTTP status code MUST be 202 (see Section 15.3.3 of [RFC 9110]). Below a non-normative example is given.

+
HTTP/1.1 202 Accepted
+Content-Type: application/json
+Cache-Control: no-store
+
+
+
{
+    "lead_time": 864000,
+    "c_nonce": "ff_EtUQs0ieiIS1NYNBHEQSoy3ct4gpy-89JKwHilrT",
+    "c_nonce_expires_in": 86400
+}
+
+
+

The Wallet Instance MUST use the value given in the lead_time parameter to inform the User when the Credential becomes available (e.g. using a local notification triggered by the lead_time time value). PID/(Q)EAA Providers MAY send a notification to the User through a communication channel (e.g. email address), if available from the PID/(Q)EAA Provider.

+

Upon receipt of the notification (by the Wallet Instance and/or by the PID/(Q)EAA Provider), the User opens the Wallet Instance and start the Issuance Flow again from the beginning as defined in the previous section.

+

If the lead_time parameter is less than the expiration time of the Access Token, the Wallet Instance MAY use it along with the c_nonce provided in the Credential Response to perform a new Credential Request without requiring the User to submit a new authentication request.

+

In the case where the Authentic Source and the PID/(Q)EAA Provider are both enabled to use PDND, what is described in Section Authentic Sources MUST apply.

+
+
+
+

Pushed Authorization Request Endpoint

+
+

Pushed Authorization Request (PAR) Request

+

The request to the PID/(Q)EAA authorization endpoint MUST use HTTP Headers parameters and HTTP POST parameters.

+

The HTTP POST method MUST use the parameters in the message body encoded in application/x-www-form-urlencoded format.

+ + +++++ + + + + + + + + + + + + + + + + +
Table 3 PAR http request parameters

Claim

Description

Reference

client_id

MUST be set to the thumbprint of the jwk value in the cnf parameter inside the Wallet Attestation.

RFC 6749

request

It MUST be a signed JWT. The private key corresponding to the public one in the cnf parameter inside the Wallet Attestation MUST be used for signing the Request Object.

OpenID Connect Core. Section 6

+

The Pushed Authorization Endpoint is protected with OAuth 2.0 Attestation-based Client Authentication [OAUTH-ATTESTATION-CLIENT-AUTH], therefore +the request to the PID/(Q)EAA authorization endpoint MUST use the following HTTP Headers parameters:

+ + +++++ + + + + + + + + + + + + +
Table 4 http request header parameters

OAuth-Client-Attestation

It MUST be set to a value containing the Wallet Attestation JWT.

OAUTH-ATTESTATION-CLIENT-AUTH.

OAuth-Client-Attestation-PoP

It MUST be set to a value containing the Wallet Attestation JWT Proof of Possession.

OAUTH-ATTESTATION-CLIENT-AUTH.

+

The JWT Request Object has the following JOSE header parameters:

+ +++++ + + + + + + + + + + + + + + + + +

JOSE header

Description

Reference

alg

A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms listed in the Section Cryptographic Algorithms and MUST NOT be set to none or any symmetric algorithm (MAC) identifier.

RFC 7516#section-4.1.1.

kid

Unique identifier of the jwk inside the cnf claim of Wallet Attestation as base64url-encoded JWK Thumbprint value.

RFC 7638#section_3.

+
+

Note

+

The parameter typ, if omitted, assumes the implicit value JWT.

+
+

The request JWT payload contained in the HTTP POST message is given with the following parameters:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

iss

It MUST be set to the client_id.

RFC 9126 and RFC 7519.

aud

It MUST be set to the identifier of the PID/(Q)EAA Provider.

RFC 9126 and RFC 7519.

exp

UNIX Timestamp with the expiry time of the JWT. The claim value MUST be not greater than 300 seconds from the issuance time.

RFC 9126 and RFC 7519.

iat

UNIX Timestamp with the time of JWT issuance.

RFC 9126 and RFC 7519.

response_type

MUST be set to code.

RFC 6749

response_mode

It MUST be a string indicating the "response_mode", as specified in [OAUTH-MULT-RESP-TYPE]. It MUST be one of the supported values (response_modes_supported) provided in the metadata of the PID/(Q)EAA Provider. It informs the PID/(Q)EAA Provider of the mechanism to be used for returning parameters from the Authorization Endpoint. In case of HTTP 302 Redirect Response the value MUST be query. In this mode, Authorization Response parameters are encoded in the query string added to the redirect_uri when redirecting back to the Wallet Instance. In case of HTTP POST Response the value MUST be form_post.jwt according to [OAUTH-V2-JARM-04]. In this mode, Authorization Response parameters are specified into a JWT encoded as HTML form value that is auto-submitted in the user-agent, and thus is transmitted via the HTTP POST method to the Wallet Instance, with the result parameters being encoded in the body using the application/x-www-form-urlencoded format. The action attribute of the form MUST be the Redirection URI of the Wallet Instance. The method of the form attribute MUST be POST.

See [OAUTH-MULT-RESP-TYPE] and [OAUTH-V2-JARM-04].

client_id

It MUST be set as in the Table of the HTTP parameters.

See Table of the HTTP parameters.

state

Unique session identifier at the client side. This value will be returned to the client in the response, at the end of the authentication. It MUST be a random string composed by alphanumeric characters and with a minimum length of 32 digits. Special characters MUST be considered non-alphanumeric characters as defined in [NIST].

See [OIDC] Section 3.1.2.1.

code_challenge

A challenge derived from the code verifier that is sent in the authorization request.

RFC 7636#section-4.2.

code_challenge_method

A method that was used to derive code challenge. It MUST be set to S256.

RFC 7636#section-4.3.

scope

JSON String. String specifying a unique identifier of the Credential being described in the credential_configurations_supported map in the Credential Issuer Metadata. For example, in the case of the PID, it MUST be set to PersonIdentificationData. It MAY be multivalued, each value MUST be separated by a space.

RFC 6749

authorization_details

Array of JSON Objects. Each JSON Object MUST include the following claims:

+
+
    +
  • type: it MUST be set to openid_credential,

  • +
  • credential_configuration_id: JSON String. String specifying a unique identifier of the Credential being described in the credential_configurations_supported map in the Credential Issuer Metadata. For example, in the case of the PID, it MUST be set to PersonIdentificationData.

  • +
+
+

See [RAR RFC 9396] and [OpenID4VCI].

redirect_uri

Redirection URI to which the response is intended to be sent. It MUST be an universal or app link registered with the local operating system, so this latter will provide the response to the Wallet Instance.

See [OIDC] Section 3.1.2.1.

jti

Unique identifier of the JWT that, together with the value contained in the iss claim, prevents the reuse of the JWT (replay attack). Since the jti value alone is not collision resistant, it MUST be identified uniquely together with its issuer.

[RFC 7519].

+
+

Note

+

If the request cointains scope value and the authorization_details parameter the Credential Issuer MUST interpret these individually. However, if both request the same Credential type, then the Credential Issuer MUST follow the request as given by the authorization details object.

+
+

The JOSE header of the Wallet Attestation proof of possession, contained in the HTTP Request headers, MUST contain:

+ +++++ + + + + + + + + + + + + +

JOSE header

Description

Reference

alg

A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms listed in the Section Cryptographic Algorithms and MUST NOT be set to none or any symmetric algorithm (MAC) identifier.

RFC 7516#section-4.1.1.

+

The body of the Wallet Attestation proof of possession JWT, contained in the HTTP Request headers, MUST contain:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

iss

Thumbprint of the JWK in the cnf parameter.

RFC 9126 and RFC 7519.

aud

It MUST be set to the identifier of the PID/(Q)EAA Provider.

RFC 9126 and RFC 7519.

exp

UNIX Timestamp with the expiry time of the JWT.

RFC 9126 and RFC 7519.

iat

UNIX Timestamp with the time of JWT issuance.

RFC 9126 and RFC 7519.

jti

Unique identifier for the DPoP proof JWT. The value SHOULD be set using a UUID v4 value according to [RFC 4122].

[RFC 7519. Section 4.1.7].

+
+
+

Pushed Authorization Request (PAR) Response

+

If the verification is successful, the PID/(Q)EAA Issuer MUST provide the response with a 201 HTTP status code. The following parameters are included as top-level members in the HTTP response message body, using the application/json media type as defined in [RFC 8259].

+ +++++ + + + + + + + + + + + + + + + + +

Claim

Description

Reference

request_uri

The request URI corresponding to the authorization request posted. This URI MUST be a single-use reference to the respective authorization request. It MUST contain some part generated using a cryptographically strong pseudorandom algorithm. The value format MUST be urn:ietf:params:oauth:request_uri:<reference-value> with <reference-value> as the random part of the URI that references the respective authorization request data.

[RFC 9126].

expires_in

A JSON number that represents the lifetime of the request URI in seconds as a positive integer.

[RFC 9126].

+

If any errors occur during the PAR Request, the Authorization Server MUST return an error response as defined in RFC 9126#section-2.3. The response MUST use application/json as the content type and MUST include the following parameters:

+
+
    +
  • error. The error code.

  • +
  • error_description. Text in human-readable form providing further details to clarify the nature of the error encountered.

  • +
+
+

Below is a non-normative example of an error response.

+
HTTP/1.1 400 Bad Request
+Content-Type: application/json
+
+
+
{
+    "error": "invalid_request",
+    "error_description": "The redirect_uri is not valid for the given client"
+}
+
+
+
+
+
+

Authorization endpoint

+

The authorization endpoint is used to interact with the PID/(Q)EAA Issuer and obtain an authorization grant. +The authorization server MUST first verify the identity of the User that own the credential.

+
+

Authorization Request

+

The Authorization request is issued by the Web Browser in use by the Wallet Instance, the HTTP methods POST or GET are used. When the method POST is used, the parameters MUST be sent using the Form Serialization. When the method GET is used, the parameters MUST be sent using the Query String Serialization. For more details see Section 13 of [OIDC].

+

The mandatory parameters in the HTTP authentication request are specified in the following table.

+ +++++ + + + + + + + + + + + + + + + + +

Claim

Description

Reference

client_id

It MUST be set as in the Table of the HTTP parameters.

See Table of the HTTP parameters.

request_uri

It MUST be set to the same value as obtained by PAR Response. See Table of the HTTP PAR Response parameters.

[RFC 9126].

+
+

Note

+

In the case of PID issuance, the Wallet Instance MAY include the idphinting parameter as a URL encoded string. This parameter specifies the Identity Provider where the User wishes to authenticate.. See AARC-G061 - A specification for IdP hinting. for more details.

+
+
+
+

Authorization Response

+

The authentication response is returned by the PID/(Q)EAA authorization endpoint at the end of the authentication flow.

+

If the authentication is successful the PID/(Q)EAA Issuer redirects the User by adding the following query parameters as required to the redirect_uri. The redirect URI MUST be an universal or app link registered with the local operating system, so this latter is able to provide the response to the Wallet Instance.

+ +++++ + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

code

Unique Authorization Code that the Wallet Instance submits to the Token Endpoint.

[RFC 6749#section-4.1.2], [RFC 7521].

state

The Wallet Instance MUST check the correspondence with the state parameter value in the Request Object. It is defined as in the Table of the JWT Request parameters.

[RFC 6749#section-4.1.2].

iss

Unique identifier of the PID/(Q)EAA Issuer who created the Authentication Response. The Wallet Instance MUST validate this parameter.

[RFC 9207], [RFC 7519, Section 4.1.1.].

+

If any errors occur during the Authorization Request, the Authorization Server MUST return an error response as defined in RFC 6749#section-4.1.2.1. The response MUST use application/json as the content type and MUST include the following parameters:

+
+
    +
  • error. The error code.

  • +
  • error_description. Text in human-readable form providing further details to clarify the nature of the error encountered.

  • +
+
+
+
+
+

Token endpoint

+

The token endpoint is used by the Wallet Instance to obtain an Access Token by presenting an authorization grant, as +defined in RFC 6749. The Token Endpoint is a protected endpoint with a client authentication based on the model defined in OAuth 2.0 Attestation-based Client Authentication [OAUTH-ATTESTATION-CLIENT-AUTH ].

+
+

Token Request

+

The request to the PID/(Q)EAA Token endpoint MUST be an HTTP request with method POST, with the body message encoded in application/x-www-form-urlencoded format. The Wallet Instance sends the Token endpoint request with OAuth-Client-Attestation and OAuth-Client-Attestation-PoP as header parameters according to OAUTH-ATTESTATION-CLIENT-AUTH.

+

The Token endpoint is protected with OAuth 2.0 Attestation-based Client Authentication [OAUTH-ATTESTATION-CLIENT-AUTH], therefore +the request to the PID/(Q)EAA authorization endpoint MUST use the following HTTP Headers parameters OAuth-Client-Attestation as OAuth-Client-Attestation-PoP +as defined in the "Pushed Authorization Request (PAR) Endpoint".

+

The Token endpoint issues DPoP tokens, therefore it is REQUIRED that the request incluides in its HTTP header the DPoP proof parameter. +The Token endpoint MUST validate the DPoP proof according to Section 4.3 of the DPoP specifications (RFC 9449). This mitigates the misuse of leaked or stolen Access Tokens at the credential endpoint. If the DPoP proof is invalid, the Token endpoint returns an error response, according to Section 5.2 of [RFC 6749] with invalid_dpop_proof as the value of the error parameter.

+

All the parameters listed below are REQUIRED:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

grant_type

It MUST be set to authorization_code.

[RFC 7521].

code

Authorization code returned in the Authentication Response.

[RFC 7521].

redirect_uri

It MUST be set as in the Request Object Table of the JWT Request parameters.

[RFC 7521].

code_verifier

Verification code of the code_challenge.

Proof Key for Code Exchange by OAuth Public Clients.

+

A DPoP Proof JWT is included in the HTTP request using the DPoP header parameter containing a DPoP JWS.

+

The JOSE header of a DPoP JWT MUST contain at least the following parameters:

+ +++++ + + + + + + + + + + + + + + + + + + + + +

JOSE header

Description

Reference

typ

It MUST be equal to dpop+jwt.

[RFC 7515] and [RFC 8725. Section 3.11].

alg

A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms in Section Cryptographic Algorithms and MUST NOT be set to none or with a symmetric algorithm (MAC) identifier.

[RFC 7515].

jwk

It represents the public key chosen by the Wallet Instance, in JSON Web Key (JWK) [RFC 7517] format that the Access Token MUST be bound to, as defined in [RFC 7515] Section 4.1.3. It MUST NOT contain a private key.

[RFC 7517] and [RFC 7515].

+

The payload of a DPoP JWT Proof MUST contain the following claims:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

jti

Unique identifier for the DPoP proof JWT. The value SHOULD be set using a UUID v4 value according to [RFC 4122].

[RFC 7519. Section 4.1.7].

htm

The value of the HTTP method of the request to which the JWT is attached.

[RFC 9110. Section 9.1].

htu

The HTTP target URI, without query and fragment parts, of the request to which the JWT is attached.

[RFC 9110. Section 7.1].

iat

UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in RFC 7519.

[RFC 7519. Section 4.1.6].

+
+
+

Token Response

+

If the Token Request is successfully validated, the Authorization Server provides an HTTP Token Response with a 200 (OK) status code. The Token Response MUST contain the following mandatory claims.

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

access_token

The DPoP-bound Access Token, in signed JWT format, allows accessing the PID/(Q)EAA Credential Endpoint for obtaining the credential.

RFC 6749.

token_type

Type of Access Token returned. It MUST be equal to DPoP.

RFC 6749.

expires_in

Expiry time of the Access Token in seconds.

RFC 6749.

c_nonce

JSON string containing a nonce value to be used to create a proof of possession of key material when requesting a Credential.

[OpenID4VCI].

c_nonce_expires_in

JSON integer, it represents the lifetime in seconds of the c_nonce.

[OpenID4VCI].

authorization_details

Array of JSON Objects, used to identify Credentials with the same metadata but different claimset/claim values and/or simplify the Credential request even when only one Credential is being issued.

[OpenID4VCI].

+

If any errors occur during the validation of the Token Request, the Authorization Server MUST return an error response as defined in RFC 6749#section-5.2.

+
HTTP/1.1 400 Bad Request
+Content-Type: application/json;charset=UTF-8
+Cache-Control: no-store
+Pragma: no-cache
+
+
+
{
+    "error": "invalid_client",
+    "error_description": "Client authentication failed"
+}
+
+
+
+
+

Access Token

+

A DPoP-bound Access Token is provided by the PID/(Q)EAA Token endpoint as a result of a successful token request. The Access Token is encoded in JWT format, according to [RFC 7519]. The Access Token MUST have at least the following mandatory claims and it MUST be bound to the public key that is provided by the DPoP proof. This binding can be accomplished based on the methodology defined in Section 6 of (RFC 9449).

+

The JOSE header of a DPoP JWT MUST contain the following claims.

+ +++++ + + + + + + + + + + + + + + + + + + + + +

JOSE header

Description

Reference

typ

It MUST be equal to at+jwt.

[RFC 7515].

alg

A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms in Section Cryptographic Algorithms and MUST NOT be set to none or with a symmetric algorithm (MAC) identifier.

[RFC 7515].

kid

Unique identifier of the jwk used by the PID/(Q)EAA Provider to sign the Access Token.

RFC 7638#section_3.

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

iss

It MUST be an HTTPS URL that uniquely identifies the PID/(Q)EAA Issuer. The Wallet Instance MUST verify that this value matches the PID/(Q)EAA Issuer where it has requested the credential.

[RFC 9068], [RFC 7519].

sub

It identifies the subject of the JWT. It MUST be set to the value of the sub field in the PID/(Q)EAA SD-JWT-VC.

[RFC 9068], [RFC 7519] and Section 8 of [OIDC].

client_id

The identifier for the Wallet Instance that requested the Access Token; it MUST be equal to the to kid of the public key of the Wallet Instance specified into the Wallet Attestation (cnf.jwk).

[RFC 9068], [RFC 7519] and Section 8 of [OIDC].

aud

It MUST be set to the identifier of the PID/(Q)EAA Provider.

[RFC 9068].

iat

UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in RFC 7519.

[RFC 9068], [RFC 7519. Section 4.1.6].

exp

UNIX Timestamp with the expiry time of the JWT, coded as NumericDate as indicated in RFC 7519.

[RFC 9068], [RFC 7519].

jti

It MUST be a String in uuid4 format. Unique Token ID identifier that the RP SHOULD use to prevent reuse by rejecting the Token ID if already processed.

[RFC 9068], [RFC 7519].

cnf

It MUST contain a jkt claim being JWK SHA-256 Thumbprint Confirmation Method. The value of the jkt member MUST be the base64url encoding (as defined in [RFC 7515]) of the JWK SHA-256 Thumbprint of the DPoP public key (in JWK format) to which the Access Token is bound.

[RFC 9449. Section 6.1] and [RFC 7638].

+
+
+
+

Credential endpoint

+

The Credential Endpoint issues a Credential upon the presentation of a valid Access Token, as defined in OpenID4VCI.

+
+

Credential Request

+

The Wallet Instance when requests the PID/(Q)EAA to the PID/(Q)EAA Credential endpoint, MUST use the following parameters in the message body of the HTTP POST request, using the application/json media type.

+

The Credential endpoint MUST accept and validate the DPoP proof sent in the DPoP HTTP Header parameter, according to the steps defined in (RFC 9449) Section 4.3. The DPoP proof in addition to the values that are defined in the Token Endpoint section MUST contain the following claim:

+
+
    +
  • ath: hash value of the Access Token encoded in ASCII. The value MUST use the base64url encoding (as defined in Section 2 of RFC 7515) with the SHA-256 algorithm.

  • +
+
+

If the DPoP proof is invalid, the Credential endpoint returns an error response per Section 5.2 of [RFC 6749] with invalid_dpop_proof as the value of the error parameter.

+
+

Warning

+

The Wallet Instance MUST create a new DPoP proof for the Credential request and MUST NOT use the previously created proof for the Token Endpoint.

+
+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

format

Format of the Credential to be issued. This MUST be vc+sd-jwt or mso_mdoc.

[OpenID4VCI].

vct

CONDITIONAL. REQUIRED only if the format identifier is vc+sd-jwt.

See Annex A3.4. of [OpenID4VCI]

doctype

CONDITIONAL. REQUIRED only if the format identifier is mso_mdoc.

See Annex A2.4. of [OpenID4VCI]

proof

JSON object containing proof of possession of the key material the issued credential shall be bound to. The proof object MUST contain the following mandatory claims:

+
    +
  • proof_type: JSON string denoting the proof type. It MUST be jwt.

  • +
  • jwt: the JWT used as proof of possession.

  • +
+

[OpenID4VCI].

+

The JWT proof type MUST contain the following parameters for the JOSE header and the JWT body:

+ +++++ + + + + + + + + + + + + + + + + + + + + +

JOSE Header

Description

Reference

alg

A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms in Section Cryptographic Algorithms and MUST NOT be set to none or to a symmetric algorithm (MAC) identifier.

[OpenID4VCI], [RFC 7515], [RFC 7517].

typ

It MUST be set to openid4vci-proof+jwt.

[OpenID4VCI], [RFC 7515], [RFC 7517].

jwk

Representing the public key chosen by the Wallet Instance, in JSON Web Key (JWK) [RFC 7517] format that the PID/(Q)EAA shall be bound to, as defined in Section 4.1.3 of [RFC 7515].

[OpenID4VCI], [RFC 7515], [RFC 7517].

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

iss

The value of this claim MUST be the client_id of the Wallet Instance.

[OpenID4VCI], [RFC 7519, Section 4.1.1].

aud

The value of this claim MUST be the identifier URL of the PID/(Q)EAA Issuer.

[OpenID4VCI].

iat

UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in RFC 7519.

[OpenID4VCI], [RFC 7519. Section 4.1.6].

nonce

The value type of this claim MUST be a string, where the value is a c_nonce provided by the PID/(Q)EAA Issuer in the Token response.

[OpenID4VCI].

+
+
+

Credential Response

+

Credential Response to the Wallet Instance MUST be sent using application/json media type. If the Credential Request is successfully validated, and the Credential is immediately available, the PID/(Q)EAA Provider MUST return HTTP response with a 200 (OK) status code. If the Credential is not available and the deferred flow is supported by the PID/(Q)EAA Provider, an HTTP status code 202 MUST be returned.

+

The Credential Response contains the following parameters:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

credential

CONDITIONAL. REQUIRED if lead_time is not present. String Containing the issued PID/(Q)EAA. If the requested format identifier is vc+sd-jwt then the credential parameter MUST NOT be re-encoded. If the requested format identifier is mso_mdoc then the credential parameter MUST be a base64url-encoded representation of the issued Credential.

Section 7.3, Annex A2.5 and Annex A3.5 of [OpenID4VCI].

lead_time

CONDITIONAL. REQUIRED if credential is not present. The amount of time (in seconds) required before making a new Credential Request.

This Specification

c_nonce

REQUIRED. JSON string containing a nonce value to be used to create a proof of possession of the key material when requesting a further Credential or for the renewal of a Credential.

Section 7.3 of [OpenID4VCI].

c_nonce_expires_in

REQUIRED. JSON integer corresponding to the c_nonce lifetime in seconds.

Section 7.3 of [OpenID4VCI].

notification_id

OPTIONAL. String identifying an issued Credential that the Wallet includes in the Notification Request as defined in Section Notification Request. It MUST NOT be present if the credential parameter is not present

Section 7.3 of [OpenID4VCI].

+

If the Credential Request is invalid, the PID/(Q)EAA Provider MUST return an error response as defined in Section 7.3.1 of [OpenID4VCI]. The response MUST use the content type application/json and MUST include the following parameters:

+
+
    +
  • error. The error code.

  • +
  • error_description. Text in human-readable form providing further details to clarify the nature of the error encountered.

  • +
+
+
HTTP/1.1 400 Bad Request
+Content-Type: application/json
+Cache-Control: no-store
+
+
+
{
+    "error": "invalid_proof",
+    "error_description": "The proof field is not present or the provided key proof is invalid or not bound to a nonce provided by the Credential Issuer."
+}
+
+
+
+
+
+

Notification endpoint

+

The Notification Endpoint is used by the Wallet to notify the PID/(Q)EAA Provider of certain events for issued Credentials, such as if the Credential was successfully stored in the Wallet Instance or in case of unsuccessful Credential issuance caused by a User action.

+

This endpoint MUST be protected using a DPoP Access Token. TLS for the confidentiality of the HTTP transport is REQUIRED according to Section 10 of [OpenID4VCI].

+
+

Notification Request

+

The Notification Request MUST be an HTTP POST using the application/json media type with the following parameters.

+ +++++ + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

notification_id

REQUIRED. It MUST be equal to the notification_id value returned in the Credential Response by the PID/(Q)EAA Provider.

Section 10.1 of [OpenID4VCI].

event

REQUIRED. Type of the notification event. It MUST be a case sensitive string and it MUST support the following values:

+
    +
  • credential_accepted: when the Credential was successfully stored in the Wallet Instance.

  • +
  • credential_deleted: when the unsuccessful Credential issuance was caused by a user action.

  • +
  • credential_failure: in all other unsuccessful cases.

  • +
+

Section 10.1 of [OpenID4VCI].

event_description

OPTIONAL. Human-readable ASCII [USASCII] text providing additional information, used to inform about the event that occurred. Values for the event_description parameter MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.

Section 10.1 of [OpenID4VCI].

+
+
+

Notification Response

+

The Notification Response MUST be use an HTTP status code 204 (No Content), as recommended in Section 10.2 of [OpenID4VCI].

+

In case of errors, what is described in Section 10.3 of [OpenID4VCI] MUST apply.

+
+
+
+ + +
+
+
+
+ + + + + + +
+
+ + + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/proximity-flow.html b/ia-terms-updates/en/proximity-flow.html new file mode 100644 index 000000000..9337c1f87 --- /dev/null +++ b/ia-terms-updates/en/proximity-flow.html @@ -0,0 +1,631 @@ + + + + + + + + Proximity Flow — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

Proximity Flow

+

This section describes how a Verifier requests the presentation of an mDoc-CBOR Credential to a Wallet Instance according to the ISO 18013-5 Specification. Only Supervised Device Retrieval flow is supported in this technical implementation profile.

+

The presentation phase is divided into three sub-phases:

+
+

1. Device Engagement: This subphase begins when the User is prompted to disclose certain attributes from the mDoc(s). The objective of this subphase is to establish a secure communication channel between the Wallet Instance and the Verifier App, so that the mDoc requests and responses can be exchanged during the communication subphase. +The messages exchanged in this subphase are transmitted through short-range technologies to limit the possibility of interception and eavesdropping. +This technical implementation profile exclusively supports QR code for Device Engagement.

+

2. Session establishment: During the session establishment phase, the Verifier App sets up a secure connection. All data transmitted over this connection is encrypted using a session key, which is known to both the Wallet Instance and the Verifier at this stage. +The established session MAY be terminated based on the conditions as detailed in [ISO18013-5#9.1.1.4].

+

3. Communication - Device Retrieval: The Verifier App encrypts the mDoc request with the appropriate session key and sends it to the Wallet Instance together with its public key in a session establishment message. The mDoc uses the data from the session establishment message to derive the session key and decrypt the mDoc request. +During the communication subphase, the Verifier App has the option to request information from the Wallet using mDoc requests and responses. The primary mode of communication is the secure channel established during the session setup. The Wallet Instance encrypts the mDoc response using the session key and transmits it to the Verifier App via a session data message. This technical implementation profile only supports Bluetooth Low Energy (BLE) for the communication sub-phase.

+
+

The following figure illustrates the flow diagram compliant with ISO 18013-5 for proximity flow.

+
+_images/High-Level-Flow-ITWallet-Presentation-ISO.svg +
+

High-Level Proximity Flow

+
+
+

Step 1-3: The Verifier requests the User to reveal certain attributes from their mDoc(s) stored in the Wallet Instance. The User initiates the Wallet Instance. The Wallet Instance MUST create a new temporary key pair (EDeviceKey.Priv, EDeviceKey.Pub), and incorporate the cipher suite identifier, the identifier of the elliptic curve for key agreement, and the EDeviceKey public point into the device engagement structure (refer to [ISO18013-5#9.1.1.4]). This key pair is temporary and MUST be invalidated immediately after the secure channel is established. Finally, the Wallet Instance displays the QR Code for Device Engagement.

+

Below an example of a device engagement structure that utilizes QR for device engagement and Bluetooth Low Energy (BLE) for data retrieval.

+

CBOR data:

+
a30063312e30018201d818584ba4010220012158205a88d182bce5f42efa59943f33359d2e8a968ff289d93e5fa444b624343167fe225820b16e8cf858ddc7690407ba61d4c338237a8cfcf3de6aa672fc60a557aa32fc670281830201a300f401f50b5045efef742b2c4837a9a3b0e1d05a6917
+
+
+

In diagnostic notation:

+
{
+  0: "1.0", % Version
+
+  1:        % Security
+  [
+      1,     % defines the cipher suite 1 which contains only EC curves
+      24(<<  % embedded CBOR data item
+        {
+          1: 2, % kty:EC2 (Elliptic curves with x and y coordinate pairs)
+        -1: 1, % crv:p256
+-2:h'5A88D182BCE5F42EFA59943F33359D2E8A968FF289D93E5FA444B624343  167FE',% x-coordinate
+-3:h'B16E8CF858DDC7690407BA61D4C338237A8CFCF3DE6AA672FC60A557AA32FC67' % y-coordinate
+        }
+      >>)
+    ],
+
+    2: %DeviceRetrievalMethods(Device engagement using QR code)
+    [
+      [
+        2, %BLE
+        1, % Version
+      {    %BLE options
+          0: false, % no support for mdoc peripheral server mode
+          1: true, % support mdoc central client mode
+          11: h'45EFEF742B2C4837A9A3B0E1D05A6917' % UUID of mdoc client central mode
+        }
+      ]
+    ]
+}
+
+
+

Step 4-6: The Verifier App scans the QR Code and generates its own ephemeral key pair (EReaderKey.Priv, EReaderKey.Pub). It then calculates the session key, using the public key received in the Engagement Structure and its newly-generated private key, as outlined in [ISO18013-5#9.1.1.5]. Finally, it generates its session key, which must be independently derived by both the Wallet Instance and the Verifier App.

+

Step 7: The Verifier App creates an mDoc request that MUST be encrypted using the relevant session key, and transmits it to the Wallet Instance along with EReaderKey.Pub within a session establishment message. The mDoc request MUST be encoded in CBOR, as demonstrated in the following non-normative example.

+

CBOR data: +.. code-block:

+
a26776657273696f6e63312e306b646f63526571756573747381a26c6974656d7352657175657374d818590152a267646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6a6e616d65537061636573a2746f72672e69736f2e31383031332e352e312e4954a375766572696669636174696f6e2e65766964656e6365f4781c766572696669636174696f6e2e6173737572616e63655f6c6576656cf4781c766572696669636174696f6e2e74727573745f6672616d65776f726bf4716f72672e69736f2e31383031332e352e31ab76756e5f64697374696e6775697368696e675f7369676ef47264726976696e675f70726976696c65676573f46f646f63756d656e745f6e756d626572f46a69737375655f64617465f46f69737375696e675f636f756e747279f47169737375696e675f617574686f72697479f46a62697274685f64617465f46b6578706972795f64617465f46a676976656e5f6e616d65f468706f727472616974f46b66616d696c795f6e616d65f46a726561646572417574688443a10126a11821590129308201253081cda00302010202012a300a06082a8648ce3d0403023020311e301c06035504030c15536f6d652052656164657220417574686f72697479301e170d3233313132343130323832325a170d3238313132323130323832325a301a3118301606035504030c0f536f6d6520526561646572204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004aa1092fb59e26ddd182cfdbc85f1aa8217a4f0fae6a6a5536b57c5ef7be2fb6d0dfd319839e6c24d087cd26499ec4f87c8c766200ba4c6218c74de50cd1243b1300a06082a8648ce3d0403020347003044022048466e92226e042add073b8cdc43df5a19401e1d95ab226e142947e435af9db30220043af7a8e7d31646a424e02ea0c853ec9c293791f930bf589bee557370a4c97bf6584058a0d421a7e53b7db0412a196fea50ca6d4c8a530a47dd84d88588ab145374bd0ab2a724cf2ed2facf32c7184591c5969efd53f5aba63194105440bc1904e1b9
+
+
+

The above CBOR data is represented in diagnostic notation as follows: +.. code-block:

+
{
+  "version": "1.0",
+  "docRequests": [
+  {
+    "itemsRequest": 24(<< {
+      "docType": "org.iso.18013.5.1.mDL",
+      "nameSpaces": {
+        "org.iso.18013.5.1.IT": {
+          "verification.evidence": false,
+          "verification.assurance_level": false,
+          "verification.trust_framework": false
+        },
+        "org.iso.18013.5.1": {
+          "un_distinguishing_sign": false,
+          "driving_privileges": false,
+          "document_number": false,
+          "issue_date": false,
+          "issuing_country": false,
+          "issuing_authority": false,
+          "birth_date": false,
+          "expiry_date": false,
+          "given_name": false,
+          "portrait": false,
+          "family_name": false
+        }
+      }
+    } >>),
+    "readerAuth": [
+      h'a10126',
+      {
+        33: h'308201253081cda00302010202012a300a06082a8648ce3d0403023020311e301c06035504030c15536f6d652052656164657220417574686f72697479301e170d3233313132343130323832325a170d3238313132323130323832325a301a3118301606035504030c0f536f6d6520526561646572204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004aa1092fb59e26ddd182cfdbc85f1aa8217a4f0fae6a6a5536b57c5ef7be2fb6d0dfd319839e6c24d087cd26499ec4f87c8c766200ba4c6218c74de50cd1243b1300a06082a8648ce3d0403020347003044022048466e92226e042add073b8cdc43df5a19401e1d95ab226e142947e435af9db30220043af7a8e7d31646a424e02ea0c853ec9c293791f930bf589bee557370a4c97b'
+      },
+      null,
+      h'58a0d421a7e53b7db0412a196fea50ca6d4c8a530a47dd84d88588ab145374bd0ab2a724cf2ed2facf32c7184591c5969efd53f5aba63194105440bc1904e1b9'
+    ]
+  }
+  ]
+}
+
+
+

Step 8: The Wallet Instance uses the session establishment message to derive the session keys and decrypt the mDoc request. It computes the session key using the public key received from the Verifier App and its private key.

+

Step 9-10: When the Wallet Instance receives the mDoc request, it locates the documents that contain the requested attributes and asks the User for permission to provide this information to the Verifier. If the User agrees, the Wallet generates an mDoc response and transmits it to the Verifier App through the secure channel.

+

Step 11-12: If the User gives consent, the Wallet Instance creates an mDoc response and transmits it to the Verifier App via the secure channel. The mDoc response MUST be encoded in CBOR, with its structure outlined in [ISO18013-5#8.3.2.1.2.2]. Below is a non-normative example of an mDoc response.

+

CBOR Data: +.. code-block:

+
a36776657273696f6e63312e3069646f63756d656e747381a367646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6c6973737565725369676e6564a26a6e616d65537061636573a2746f72672e69736f2e31383031332e352e312e495483d81858f7a46864696765737449440b6672616e646f6d506d44f21ee875f2c1d502b43198e5a15271656c656d656e744964656e74696669657275766572696669636174696f6e2e65766964656e63656c656c656d656e7456616c756581a2647479706571656c656374726f6e69635f7265636f7264667265636f7264bf6474797065781f68747470733a2f2f657564692e77616c6c65742e70646e642e676f762e697466736f75726365bf716f7267616e697a6174696f6e5f6e616d65754d6f746f72697a7a617a696f6e6520436976696c656f6f7267616e697a6174696f6e5f6964656d5f696e666c636f756e7472795f636f6465626974ffffd8185866a4686469676573744944046672616e646f6d50185d84dfb71ce9b173010ddd62174fbe71656c656d656e744964656e746966696572781c766572696669636174696f6e2e74727573745f6672616d65776f726b6c656c656d656e7456616c7565656569646173d8185865a4686469676573744944006672616e646f6d50137f903174253c4585358267aae2ea4e71656c656d656e744964656e746966696572781c766572696669636174696f6e2e6173737572616e63655f6c6576656c6c656c656d656e7456616c75656468696768716f72672e69736f2e31383031332e352e318bd8185852a46864696765737449440c6672616e646f6d5053e29d0ddbbc7d2306a32bdbe2e56e5171656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756563446f65d8185855a4686469676573744944036672616e646f6d50990cba2069fa1b33b8d6ae910b6549dc71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c756567416e746f6e696fd818585ba46864696765737449440a6672616e646f6d504086c1379975f805f1b1f4975e6a126571656c656d656e744964656e7469666965726a69737375655f646174656c656c656d656e7456616c7565d903ec6a323031392d31302d3230d818585ca4686469676573744944016672616e646f6d50ab4ca30c918dd2fd0bf35242c15fa2d871656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032342d31302d3230d8185855a4686469676573744944076672616e646f6d508d9066f6c8da16619867cd4e2fab0c8871656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565624954d818587ea4686469676573744944056672616e646f6d5059fe68db795dee4c20976380ea24770571656c656d656e744964656e7469666965727169737375696e675f617574686f726974796c656c656d656e7456616c75657828497374697475746f20506f6c696772616669636f2065205a656363612064656c6c6f20537461746fd818585ba4686469676573744944026672616e646f6d5008b3f1ca5517019767be3dee3bb0614571656c656d656e744964656e7469666965726a62697274685f646174656c656c656d656e7456616c7565d903ec6a313935362d30312d3230d818585ca4686469676573744944096672616e646f6d50a2395ec214350c26066306e23279b3ae71656c656d656e744964656e7469666965726f646f63756d656e745f6e756d6265726c656c656d656e7456616c756569393837363534333231d8185850a4686469676573744944066672616e646f6d50a25e1a5b915d2d6eafee9674e023293971656c656d656e744964656e74696669657268706f7274726169746c656c656d656e7456616c75654420212223d81858eea46864696765737449440d6672616e646f6d50eeed6a3b856563627589a360939d12f771656c656d656e744964656e7469666965727264726976696e675f70726976696c656765736c656c656d656e7456616c756582a37576656869636c655f63617465676f72795f636f646561416a69737375655f64617465d903ec6a323031382d30382d30396b6578706972795f64617465d903ec6a323032342d31302d3230a37576656869636c655f63617465676f72795f636f646561426a69737375655f64617465d903ec6a323031372d30322d32336b6578706972795f64617465d903ec6a323032342d31302d3230d818585ba4686469676573744944086672616e646f6d50c0ef486b2a194ed3cbf7f354fd40092171656c656d656e744964656e74696669657276756e5f64697374696e6775697368696e675f7369676e6c656c656d656e7456616c756561496a697373756572417574688443a10126a118215901423082013e3081e5a00302010202012a300a06082a8648ce3d040302301a3118301606035504030c0f5374617465204f662055746f706961301e170d3233313132343134353430345a170d3238313132323134353430345a30383136303406035504030c2d5374617465204f662055746f7069612049737375696e6720417574686f72697479205369676e696e67204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004c338ec1000b351ce8bcdfc167450aeceb
+
+
+

In diagnostic notation: +.. code-block:

+
{
+  "version": "1.0",
+  "documents": [
+  {
+    "docType": "org.iso.18013.5.1.mDL",
+    "issuerSigned": {
+      "nameSpaces": {
+        "org.iso.18013.5.1.IT": [
+          24(<< {
+            "digestID": 11,
+            "random": h'6d44f21ee875f2c1d502b43198e5a152',
+            "elementIdentifier": "verification.evidence",
+            "elementValue": [
+              {
+                "type": "electronic_record",
+                "record": {
+                  "type": "https://eudi.wallet.pdnd.gov.it",
+                  "source": {
+                    "organization_name": "Motorizzazione Civile",
+                    "organization_id": "m_inf",
+                    "country_code": "it"
+                  }
+                }
+              }
+            ]
+          } >>),
+          24(<< {
+            "digestID": 4,
+            "random": h'185d84dfb71ce9b173010ddd62174fbe',
+            "elementIdentifier": "verification.trust_framework",
+            "elementValue": "eidas"
+          } >>),
+          24(<< {
+            "digestID": 0,
+            "random": h'137f903174253c4585358267aae2ea4e',
+            "elementIdentifier": "verification.assurance_level",
+            "elementValue": "high"
+          } >>)
+        ],
+        "org.iso.18013.5.1": [
+          24(<< {
+            "digestID": 12,
+            "random": h'53e29d0ddbbc7d2306a32bdbe2e56e51',
+            "elementIdentifier": "family_name",
+            "elementValue": "Doe"
+          } >>),
+          24(<< {
+            "digestID": 3,
+            "random": h'990cba2069fa1b33b8d6ae910b6549dc',
+            "elementIdentifier": "given_name",
+            "elementValue": "Antonio"
+          } >>),
+          24(<< {
+            "digestID": 10,
+            "random": h'4086c1379975f805f1b1f4975e6a1265',
+            "elementIdentifier": "issue_date",
+            "elementValue": 1004("2019-10-20")
+          } >>),
+          24(<< {
+            "digestID": 1,
+            "random": h'ab4ca30c918dd2fd0bf35242c15fa2d8',
+            "elementIdentifier": "expiry_date",
+            "elementValue": 1004("2024-10-20")
+          } >>),
+          24(<< {
+            "digestID": 7,
+            "random": h'8d9066f6c8da16619867cd4e2fab0c88',
+            "elementIdentifier": "issuing_country",
+            "elementValue": "IT"
+          } >>),
+          24(<< {
+            "digestID": 5,
+            "random": h'59fe68db795dee4c20976380ea247705',
+            "elementIdentifier": "issuing_authority",
+            "elementValue": "Istituto Poligrafico e Zecca dello Stato"
+          } >>),
+          24(<< {
+            "digestID": 2,
+            "random": h'08b3f1ca5517019767be3dee3bb06145',
+            "elementIdentifier": "birth_date",
+            "elementValue": 1004("1956-01-20")
+          } >>),
+          24(<< {
+            "digestID": 9,
+            "random": h'a2395ec214350c26066306e23279b3ae',
+            "elementIdentifier": "document_number",
+            "elementValue": "987654321"
+          } >>),
+          24(<< {
+            "digestID": 6,
+            "random": h'a25e1a5b915d2d6eafee9674e0232939',
+            "elementIdentifier": "portrait",
+            "elementValue": h'20212223'
+          } >>),
+          24(<< {
+            "digestID": 13,
+            "random": h'eeed6a3b856563627589a360939d12f7',
+            "elementIdentifier": "driving_privileges",
+            "elementValue": [
+              {
+                "vehicle_category_code": "A",
+                "issue_date": 1004("2018-08-09"),
+                "expiry_date": 1004("2024-10-20")
+              },
+              {
+                "vehicle_category_code": "B",
+                "issue_date": 1004("2017-02-23"),
+                "expiry_date": 1004("2024-10-20")
+              }
+            ]
+          } >>),
+          24(<< {
+            "digestID": 8,
+            "random": h'c0ef486b2a194ed3cbf7f354fd400921',
+            "elementIdentifier": "un_distinguishing_sign",
+            "elementValue": "I"
+          } >>)
+        ]
+      },
+      "issuerAuth": [
+        h'a10126',
+        {
+          33: h'3082013e3081e5a00302010202012a300a06082a8648ce3d040302301a3118301606035504030c0f5374617465204f662055746f706961301e170d3233313132343134353430345a170d3238313132323134353430345a30383136303406035504030c2d5374617465204f662055746f7069612049737375696e6720417574686f72697479205369676e696e67204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004c338ec1000b351ce8bcdfc167450aeceb7d518bd9a519583e082d67effff06565804fc09abf0e4a08e699c9dba3796285a15f68e40ac7f9fc7700a15153a4065300a06082a8648ce3d040302034800304502210099b7d62e6bf7b1823db3713df889bf73e70bb4d9c58c21e92c58d2f1beffe932022058d039747a00d70e6d66be4797e6142b3608a014ee09b7b79af2cae2aaf27788'
+        },
+        24(<< {
+      "version": "1.0",
+      "digestAlgorithm": "SHA-256",
+      "docType": "org.iso.18013.5.1.mDL",
+      "valueDigests": {
+        "org.iso.18013.5.1": {
+        1: h'0E5F0B6B33418E508740771E82F893372EAF5B2445BC4C84DCF08B005E9493FC',
+        2: h'DE21BB62FF2897D8B986D2CDA9F9BC5865C02807F7B4D9DD1FA4A79DF4C0D37F',
+        3: h'BC5568239E35CE9FF8798C27FFDCD757B134B679F0FE05729AA3491381912E65',
+        5: h'E6048BDC7FD6454296F1E3F54536107C9C5B24C4064DE46A98121E3630EECCA2',
+        6: h'73690D92DCAA61B0203870F67C6AA9FDFEA889B6F0C720DE757B4B0A8516A206',
+        7: h'E353EA0B0FD92B6BE90C64CC3B2EE1284153A8F0F5066B99AAC599200E6EEEB2',
+        8: h'29227872CEB49923D267B5F4BADE6D387B42AC2DC4B2AE26C9013067FEE7018A',
+        9: h'A6A119F7CACAC0B8C6AACAC747FD3FE7E50B6D9BB8A507FDA79F0DF6646F285D',
+        10: h'6D8025D2F02A5E7E1406FB6AAEB67F9EDE9B07191A53F3E23B77C528223A94E2',
+        12: h'B0D43E4E2EA534E4D5304E64BCF7A0F13E2C8EE8304B9CD23ABA4909652A4647',
+        13: h'FBF4DE318982F2DBAD43C601CAEB22628B301AC18AA8264C5831B2AAAC89C486'
+        },
+        "org.iso.18013.5.1.IT": {
+        0: h'CF57377B675F64F37314739592C1E8A911A7DDAF341CE2902FE877C5A835E4C1',
+        4: h'4A4B4CC64EC9299C1A2501EA449F577005E9F7A60408057C07A7C67FB151E5F5',
+        11: h'78824FBD6FBBA88A2AAB44DF8B6F5E9759126D87D1F4415995E658FD9239E1FE'
+        }
+      },
+      "deviceKeyInfo": {
+        "deviceKey": {
+        1: 2,
+        -1: 1,
+        -2: h'AFD09E720B918CEDC2B8A881950BAB6A1051E18AE16A814D51E609938663D5E1',
+        -3: h'61FBC6C8AD24EC86A78BB4E9AC377DD2B7C711D9F2EB9AFD4AA0963662847AED'}},
+        "validityInfo": {
+          "signed": 0("2023-11-24T14:54:05Z"),
+          "validFrom": 0("2023-11-24T14:54:05Z"),
+          "validUntil": 0("2024-11-24T14:54:05Z")}
+        }  >>),
+        h'f2461e4fab69e9f7bcffe552395424514524d1679440036213173101448d1b1ab4a293859b389ffa8b47aeed10e9b0c1545412ac37c51a76482cd9bbbe110152'
+      ]
+    },
+    "deviceSigned": {
+      "nameSpaces": 24(<< {} >>),
+      "deviceAuth": {
+        "deviceSignature": [
+          h'a10126',
+          {},
+          null,
+          h'1fed7190d2975ab79c072e6f1d9d52436059d1fc959d55baf74f057d89b10fcc0dc77a50d433d4c76ddf26223c5560c4ab123b5cb5eb805a90036aa147493076'
+        ]
+      }
+    }
+  }
+  ],
+  "status": 0
+}
+
+
+

Step 13: The Verifier App is required to validate the signatures in the mDoc's issuerSigned field using the public key of the Credential Issuer specified within the mDoc. Subsequently, the Verifier MUST validate the signature in the deviceSigned field. If these signature checks pass, the Verifier can confidently consider the received information as valid.

+
+

Device Engagement

+

The Device Engagement structure MUST be have at least the following components:

+
+
    +
  • Version: tstr. Version of the data structure being used.

  • +
  • Security: an array that contains two mandatory values

    +
      +
    • the cipher identifier: see Table 22 of [ISO18013-5]

    • +
    • the mDL public ephemeral key generated by the Wallet Instance and required by the Verifier App to derive the Session Key. The mDL public ephemeral key MUST be of a type allowed by the indicated cipher suite.

    • +
    +
  • +
  • transferMethod: an array that contains one or more transferMethod arrays when performing device engagement using the QR code. This array is for offline data retrieval methods. A transferMethod array holds two mandatory values (type and version). Only the BLE option is supported by this technical implementation profile, then the type value MUST be set to 2.

  • +
  • BleOptions: this elements MUST provide options for the BLE connection (support for Peripheral Server or Central Client Mode, and the device UUID).

  • +
+
+
+
+

mDoc Request

+

The messages in the mDoc Request MUST be encoded using CBOR. The resulting CBOR byte string for the mDoc Request MUST be encrypted with the Session Key obtained after the Device Engagement phase and MUST be transmitted using the BLE protocol. +The details on the structure of mDoc Request, including identifier and format of the data elements, are provided below.

+
+
    +
  • version: (tstr). Version of the data structure.

  • +
  • docRequests: Requested DocType, NameSpace and data elements.

    +
      +
    • itemsRequest: #6.24(bstr .cbor ItemsRequest).

      +
        +
      • docType: (tstr). The DocType element contains the type of document requested. See Data Model Section.

      • +
      • nameSpaces: (tstr). See Data Model Section for more details.

        +
          +
        • dataElements: (tstr). Requested data elements with Intent to Retain value for each requested element.

          +
            +
          • IntentToRetain: (bool). It indicates that the Verifier App intends to retain the received data element.

          • +
          +
        • +
        +
      • +
      +
    • +
    • readerAuth: COSE_Sign1. It is required for the Verifier App authentication.

    • +
    +
  • +
+
+
+

Note

+

The domestic data elements MUST not be returned unless specifically requested by the Verifier App.

+
+
+
+

mDoc Response

+

The messages in the mDoc Response MUST be encoded using CBOR and MUST be encrypted with the Session Key obtained after the Device Engagement phase. +The details on the structure of mDoc Response are provided below.

+
+
    +
  • version: (tstr). Version of the data structure.

  • +
  • documents: Returned DocType, and ResponseData.

    +
      +
    • docType: (tstr). The DocType element contains the type of document returned. See Data Model Section.

    • +
    • ResponseData:

      +
        +
      • IssuerSigned: Responded data elements signed by the issuer.

        +
          +
        • nameSpaces: (tstr). See Data Model Section for more details.

          +
            +
          • IssuerSignedItemBytes: #6.24(bstr .cbor).

            +
              +
            • digestID: (uint). Reference value to one of the ValueDigests provided in the Mobile Security Object (issuerAuth).

            • +
            • random: (bstr). Random byte value used as salt for the hash function. This value SHALL be different for each IssuerSignedItem and it SHALL have a minimum length of 16 bytes.

            • +
            • elementIdentifier: (tstr). Identifier of User attribute name contained in the Credential.

            • +
            • elementValue: (any). User attribute value

            • +
            +
          • +
          +
        • +
        +
      • +
      • DeviceSigned: Responded data elements signed by the Wallet Instance.

        +
          +
        • NameSpaces: #6.24(bstr .cbor DeviceNameSpaces). The DeviceNameSpaces structure MAY be an empty structure. DeviceNameSpaces contains the data element identifiers and values. It is returned as part of the corresponding namespace in DeviceNameSpace.

          +
            +
          • DataItemName: (tstr). The identifier of the element.

          • +
          • DataItemValue: (any). The value of the element.

          • +
          +
        • +
        • DeviceAuth: The DeviceAuth structure MUST contain the DeviceSignature elements.

          +
            +
          • DeviceSignature: It MUST contain the device signature for the Wallet Instance authentication.

          • +
          +
        • +
        +
      • +
      +
    • +
    +
  • +
  • status: It contains a status code. For detailed description and action required refer to to Table 8 (ResponseStatus) of the [ISO18013-5]

  • +
+
+
+
+

Session Termination

+

The session MUST be terminated if at least one of the following conditions occur.

+
+
    +
  • After a time-out of no activity of receiving or sending session establishment or session data messages occurs. The time-out for no activity implemented by the Wallet Instance and the Verifier App SHOULD be no less than 300 seconds.

  • +
  • When the Wallet Instance doesn't accept any more requests.

  • +
  • When the Verifier App does not send any further requests.

  • +
+
+

If the Wallet Instance and the Verifier App does not send or receive any further requests, the session termination MUST be initiated as follows.

+
+
    +
  • Send the status code for session termination, or

  • +
  • dispatch the "End" command as outlined in [ISO18013-5#8.3.3.1.1.5].

  • +
+
+

When a session is terminated, the Wallet Instance and the Verifier App MUST perform at least the following actions:

+
+
    +
  • destruction of session keys and related ephemeral key material;

  • +
  • closure of the communication channel used for data retrieval.

  • +
+
+
+
+ + +
+
+
+
+ + + + + + +
+
+
+
+
+ +
+ +
+ +
+
+
+ + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/pseudonyms.html b/ia-terms-updates/en/pseudonyms.html new file mode 100644 index 000000000..355f03057 --- /dev/null +++ b/ia-terms-updates/en/pseudonyms.html @@ -0,0 +1,260 @@ + + + + + + + + Pseudonyms — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

Pseudonyms

+
+

What it is useful for

+

Pseudonyms are useful for: +- Protecting user privacy in online platforms +- Allowing anonymous participation in discussions or transactions +- Maintaining consistent identities across multiple services without revealing personal information +- Compliance with data protection regulations that require data minimization

+
+
+

Example

+

In a social media platform, a user might choose the pseudonym "SunflowerDreamer" +instead of using their real name "Jane Smith". This allows Jane +to participate in discussions while maintaining her privacy.

+
+
+

General Properties

+
    +
  • Uniqueness within a given context.

  • +
  • Consistency (the same entity always uses the same pseudonym in a given context).

  • +
  • Reversibility (optional, depending on the system's requirements).

  • +
  • Non-linkability to the real identity (without additional information).

  • +
+
+
+

Requirements

+
    +
  • IT-Wallet MUST be able to generate or assign unique pseudonyms.

  • +
  • The pseudonym SHOULD NOT contain information that directly reveals the entity's real identity.

  • +
  • The system SHOULD maintain a secure mapping between pseudonyms and real identities (if reversibility is required).

  • +
  • The pseudonym generation process SHOULD be resistant to guessing attacks.

  • +
+
+
+

Implementation Considerations

+
    +
  • IT-Wallet MUST use a pseudonym format that balances uniqueness, readability, and security.

  • +
  • IT-Wallet MUST implement a secure method for generating and storing pseudonyms.

  • +
  • IT-Wallet SHOULD use different pseudonyms for the same entity across different contexts to prevent cross-context linking.

  • +
  • IT-Wallet SHOULD implement access controls to protect the mapping between pseudonyms and real identities.

  • +
  • IT-Wallet SHOULD implements policies for pseudonym rotation or expiration.

  • +
+
+
+ + +
+
+
+
+ + + + + + +
+
+
+ +
+ + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/relying-party-entity-configuration.html b/ia-terms-updates/en/relying-party-entity-configuration.html new file mode 100644 index 000000000..97667cdf2 --- /dev/null +++ b/ia-terms-updates/en/relying-party-entity-configuration.html @@ -0,0 +1,447 @@ + + + + + + + + Entity Configuration of Relying Parties — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

Entity Configuration of Relying Parties

+

According to Section Configuration of the Federation, as a Federation Entity, the Relying Party is required to maintain a well-known endpoint that hosts its Entity Configuration. +The Entity Configuration of Relying Parties MUST contain the parameters defined in the Sections Entity Configuration Leaves and Intermediates and Entity Configurations Common Parameters.

+

The Relying Parties MUST provide the following metadata types:

+
+
    +
  • federation_entity

  • +
  • wallet_relying_party

  • +
+
+
+

Metadata for federation_entity

+

The federation_entity metadata MUST contain the claims as defined in Section Metadata of federation_entity Leaves.

+
+
+

Metadata for wallet_relying_party

+

The wallet_relying_party metadata MUST contain the following parameters.

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

client_id

It MUST contain an HTTPS URL that uniquely identifies the RP. See RFC 7591#section-3.2.1 and OpenID Connect Dynamic Client Registration 1.0 Section 3.2.

client_name

Human-readable string name of the RP. See RFC 7591#section-2.

application_type

String indicating the type of application. It MUST be set to "web" value. See OpenID Connect Dynamic Client Registration 1.0 Section 2.

request_uris

JSON Array of request_uri values that are pre-registered by the RP. These URLs MUST use the https scheme. See OpenID Connect Dynamic Client Registration 1.0 Section 2.

response_uris_supported

JSON Array of response URI strings to which the Wallet Instance MUST send the Authorization Response using an HTTP POST request as defined by the Response Mode direct_post and direct_post.jwt (see OpenID4VP Draft 20 Sections 6.2 and 6.3).

authorization_signed_response_alg

String representing the JWS [RFC 7515] alg algorithm that MUST be used for signing authorization responses. The algorithm none MUST NOT be used. See [oauth-v2-jarm-03] Section 3.

vp_formats

JSON object defining the formats and proof types of Verifiable Presentations and Verifiable Credentials the RP supports. It consists of a list of name/value pairs, where each name uniquely identifies a supported type. The RP MUST support at least "vc+sd-jwt" according to OPENID4VC-HAIP Draft 00 Section 7.2.7. The value associated with each name/value pair MUST be a JSON object "sd-jwt_alg_values" that MUST contain a JSON array containing identifiers of cryptographic algorithms the RP supports for protection of a SD-JWT. The alg JOSE header (as defined in RFC 7515) of the presented SD-JWT MUST match one of the array values. See also OpenID4VP Draft 20 Section 9.1.

presentation_definitions_supported

JSON Array of supported presentation_definition objects that MUST be compliant to the syntax defined in Section 5 of [DIF.PresentationExchange] and Section 7.2.8 of OPENID4VC-HAIP Draft 00. For presentation_definition objects see also OpenID4VP Section 5.1.

jwks

JSON Web Key Set document, passed by value, containing the protocol specific keys for the Relying Party. See [oauth-v2-jarm-03] Section 3, OID-FED Draft 36 Section 5.2.1 and JWK.

+
+

Note

+

The claims response_uris_supported and presentation_definitions_supported are introduced in this Specification.

+
+
+
+

Example of a Relying Party Entity Configuration

+

Below a non-normative example of the request made by the Wallet Instance to the openid-federation well-known endpoint to obtain the Relying Party Entity Configuration:

+
GET /.well-known/openid-federation HTTP/1.1
+HOST: relying-party.example.org
+
+
+

Below is a non-normative response example:

+
{
+    "iat": 1718207217,
+    "exp": 1749743216,
+    "iss": "https://relying-party.example.org",
+    "sub": "https://relying-party.example.org",
+    "authority_hints": [
+        "https://trust-anchor.example.org"
+    ],
+    "jwks": {
+        "keys": [
+            {
+                "kid": "FANFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
+                "kty": "EC",
+                "crv": "P-256",
+                "x": "jE2RpcQbFQxKpMqehahgZv6smmXD0i/LTP2QRzMADk4",
+                "y": "qkMx5iqt5PhPu5tfctS6HsP+FmLgrxfrzUV2GwMQuh8"
+            }
+        ]
+    },
+    "metadata": {
+        "federation_entity": {
+            "homepage_uri": "https://relying-party.example.org",
+            "organization_name": "Organization Name",
+            "contacts": [
+                "informazioni@example.it",
+                "protocollo@pec.example.it"
+            ],
+            "tos_uri": "https://relying-party.example.org/public/info_policy.html",
+            "policy_uri": "https://relying-party.example.org/public/privacy_policy.html",
+            "logo_uri": "https://relying-party.example.org/public/logo.svg"
+        },
+        "wallet_relying_party": {
+            "application_type": "web",
+            "client_id": "https://relying-party.example.org",
+            "client_name": "Organization Name",
+            "contacts": [
+                "informazioni@example.it",
+                "protocollo@pec.example.it"
+            ],
+            "request_uris": [
+                "https://relying-party.example.org/request_uri"
+            ],
+            "response_uris_supported": [
+                "https://relying-party.example.org/response_uri"
+            ],
+            "authorization_signed_response_alg": "ES256",
+            "vp_formats": {
+                "vc+sd-jwt": {
+                    "sd-jwt_alg_values": [
+                        "ES256",
+                        "ES384",
+                        "ES512"
+                    ]
+                }
+            },
+            "presentation_definitions_supported": [
+                {
+                    "id": "d76c51b7-ea90-49bb-8368-6b3d194fc131",
+                    "input_descriptors": [
+                        {
+                            "id": "PersonIdentificationData",
+                            "name": "Person Identification Data",
+                            "purpose": "User Authentication",
+                            "format": {
+                                "vc+sd-jwt": {
+                                    "alg": [
+                                        "ES256",
+                                        "ES384",
+                                        "ES512"
+                                    ]
+                                }
+                            },
+                            "constraints": {
+                                "limit_disclosure": "required",
+                                "fields": [
+                                    {
+                                        "filter": {
+                                            "const": "PersonIdentificationData",
+                                            "type": "string"
+                                        },
+                                        "path": [
+                                            "$.vct"
+                                        ]
+                                    },
+                                    {
+                                        "filter": {
+                                            "type": "object"
+                                        },
+                                        "path": [
+                                            "$.cnf.jwk"
+                                        ]
+                                    },
+                                    {
+                                        "path": [
+                                            "$.unique_id"
+                                        ]
+                                    },
+                                    {
+                                        "path": [
+                                            "$.tax_id_code"
+                                        ]
+                                    }
+                                ]
+                            }
+                        
+                        },      
+                        {
+                            "id": "WalletAttestation",
+                            "name": "Wallet Attestation",
+                            "purpose": "Wallet Authentication",
+                            "format": {
+                                "jwt": {
+                                    "alg": [
+                                        "ES256",
+                                        "ES384",
+                                        "ES512"
+                                    ]
+                                }
+                            },
+                            "constraints": {
+                                "limit_disclosure": "required",
+                                "fields": [
+                                    {
+                                        "filter": {
+                                            "type": "string"
+                                        },
+                                        "path": [
+                                            "$.iss"
+                                        ]
+                                    },
+                                    {
+                                        "filter": {
+                                            "type": "object"
+                                        },
+                                        "path": [
+                                            "$.cnf.jwk"
+                                        ]
+                                    }
+                                ]
+                            }
+                        }
+                    
+                    ]
+                } 
+            ],
+            "jwks": {
+                "keys": [
+                    {
+                        "kid": "f10aca0992694b3581f6f699bfc8a2c6cc687725",
+                        "kty": "EC",
+                        "crv": "P-256",
+                        "x": "jE2RpcQbFQxKpMqehahgZv6smmXD0i/LTP2QRzMADk4",
+                        "y": "qkMx5iqt5PhPu5tfctS6HsP+FmLgrxfrzUV2GwMQuh8"
+                    }
+                ]
+            }
+        }
+    }
+}
+
+
+
+
+ + +
+
+
+
+ + + + + + +
+
+ + + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/relying-party-solution.html b/ia-terms-updates/en/relying-party-solution.html new file mode 100644 index 000000000..fda29aa01 --- /dev/null +++ b/ia-terms-updates/en/relying-party-solution.html @@ -0,0 +1,1382 @@ + + + + + + + + Relying Party Solution — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

Relying Party Solution

+

This section describes how a remote Relying Party or a Verifier App requests to a Wallet Instance the presentation of the PID/EAAs.

+

In this section the following flows are described:

+
    +
  • Remote Flow, where the User presents a Credential to a remote Relying Party according to OpenID4VP Draft 20. In this scenario the user-agent and the Wallet Instance can be used in the same device (Same Device Flow), or in different devices (Cross Device Flow).

  • +
  • Proximity Flow, where the User presents a Credential to a Verifier App according to ISO 18013-5. The User interacts with a Verifier using proximity connection technologies such as QR Code and Bluetooth Low Energy (BLE).

  • +
+
+

Remote Flow

+

In this flow the Relying Party MUST provide the URL where the signed presentation Request Object is available for download.

+

Depending on whether the User is using a mobile device or a workstation, the Relying Party MUST support the following remote flows:

+
    +
  • Same Device, the Relying Party MUST provide a HTTP redirect (302) location to the Wallet Instance;

  • +
  • Cross Device, the Relying Party MUST provide a QR Code which the User frames with the Wallet Instance.

  • +
+

Once the Wallet Instance establishes the trust with the Relying Party and evaluates the request, the User gives the consent for the disclosure of the Digital Credentials, in the form of a Verifiable Presentation.

+

A High-Level description of the remote flow, from the User's perspective, is given below:

+
+
    +
  1. the Wallet Instance obtains an URL in the Same Device flow or a QR Code containing the URL in Cross Device flow;

  2. +
  3. the Wallet Instance extracts from the payload the following parameters: client_id, request_uri, state, request_uri_method and client_id_scheme;

  4. +
  5. If the client_id_scheme is provided and set with the value entity_id, the Wallet Instance MUST collect and validate the OpenID Federation Trust Chain related to the Relying Party. If the client_id_scheme is either not provided or is assigned a value different from entity_id, the Wallet Instance MUST establish the trust by utilizing the client_id or an alternative client_id_scheme value. This alternative value MUST enable the Wallet Instance to establish trust with the Relying Party, ensuring compliance with the assurance levels mandated by the trust framework;

  6. +
  7. If request_uri_method is provided and set with the value post, the Wallet Instance SHOULD transmit its metadata to the Relying Party's request_uri endpoint using the HTTP POST method and obtain the signed Request Object. If request_uri_method is set with the value get or not present, the Wallet Instance MUST fetch the signed Request Object using an HTTP request with method GET to the endpoint provided in the request_uri parameter;

  8. +
  9. the Wallet Instance verifies the signature of the signed Request Object, using the public key obtained with the trust chain, and that its issuer matches the client_id obtained at the step number 2;

  10. +
  11. the Wallet Instance evaluates the requested Digital Credentials and checks the elegibility of the Relying Party in asking these by applying the policies related to that specific Relying Party, obtained with the trust chain;

  12. +
  13. the Wallet Instance asks User disclosure and consent;

  14. +
  15. the Wallet Instance presents the requested information to the Relying Party along with the Wallet Attestation. The Relying Party validates the presented Credentials checking the trust with their Issuers, and validates the Wallet Attestation by also checking that the Wallet Provider is trusted;

  16. +
  17. the Wallet Instance informs the User about the successfull authentication with the Relying Party, the User continues the navigation.

  18. +
+
+

Below a sequence diagram that summarizes the interactions between all the involved parties.

+
+_images/cross_device_auth_seq_diagram.svg +
+

Fig. 5 Remote Protocol Flow

+
+
+

The details of each step shown in the previous picture are described in the table below.

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Id

Description

1, 2

The User requests to access to a protected resource of the Relying Party.

3, 4,

The Relying Party provides the Wallet Instance with a URL where the information about the Relying Party are provided, along with the information about where the signed request is available for download.

5, 6, 7, 8, 9

In the Cross Device Flow, the Request URI is presented as a QR Code displayed to the User. The User scans the QR Code using the Wallet Instance, which retrieves a URL with the parameters client_id, request_uri, state, client_id_scheme, and request_uri_method. Conversely, in the Same Device Flow, the Relying Party supplies identical information as in the Cross-Device flow, but directly through a URL.

10,

The Wallet Instance evaluates the trust with the Relying Party.

11, 12

The Wallet Instance checks if the Relying Party has provided the request_uri_method within its signed Request Object. If provided and it is equal to post, the Wallet Instance provides its metadata to the Relying Party. The Relying Party returns a signed Request Object compliant to the Wallet technical capabilities.

13

When the Wallet Instance capabilities discovery is not supported by RP, the Wallet Instance request the signed Request Object using the HTTP method GET.

14

The Wallet Instance obtains the signed Request Object.

15, 16, 17

The Request Object JWS is verified by the Wallet Instance. The Wallet Instance processes the Relying Party metadata and applies the policies related to the Relying Party, attesting whose Digital Credentials and User data the Relying Party is granted to request.

18, 19

The Wallet Instance requests the User's consent for the release of the Credentials. The User authorizes and consents the presentation of the Credentials by selecting/deselecting the personal data to release.

20

The Wallet Instance provides the Authorization Response to the Relying Party using an HTTP request with the method POST (response mode "direct_post.jwt").

21, 22, 23, 24, 25

The Relying Party verifies the Authorization Response, extracts the Wallet Attestation to establish the trust with the Wallet Solution. The Relying Party extracts the Digital Credentials and attests the trust to the Credentials Issuer and the proof of possession of the Wallet Instance about the presented Digital Credentials. Finally, the Relying Party verifies the revocation status of the presented Digital Credentials.

26

The Relying Party provides to the Wallet Instance a redirect URI with a response code to be used by the Wallet Instance to finalize the authentication.

27, 28 and 29

The User is informed by the Wallet Instance that the Autentication succeded, then the protected resource is made available to the User.

+
+

Request URI with HTTP POST

+

The Relying Party SHOULD provide the POST method with its request_uri endpoint +allowing the Wallet Instance to inform the Relying Party about its technical capabilities.

+

This feature can be useful when, for example, the Wallet Instance supports +a restricted set of features, supported algorithms or a specific url for +its authorization_endpoint, and any other information that it deems necessary to +provide to the Relying Party for better interoperability.

+
+

Warning

+

The Wallet Instance, when providing its technical capabilities to the +Relying Party, MUST NOT include any User information or other explicit +information regarding the hardware used or usage preferences of its User.

+
+

If both the Relying Party and the Wallet Instance +support the request_uri_method with HTTP POST, +the Wallet Instance capabilities (metadata) MUST +be provided using an HTTP request to the request_uri endpoint of the Relying Party, +with the method POST and content type set to application/json.

+

A non-normative example of the HTTP request is represented below:

+
POST /request-uri HTTP/1.1
+HOST: relying-party.example.org
+Content-Type: application/json
+
+{
+    "authorization_endpoint": "https://wallet-solution.digital-strategy.europa.eu/authorization",
+    "response_types_supported": [
+      "vp_token"
+    ],
+    "response_modes_supported": [
+      "form_post.jwt"
+    ],
+    "vp_formats_supported": {
+      "vc+sd-jwt": {
+          "sd-jwt_alg_values": [
+              "ES256",
+              "ES384"
+          ]
+      }
+    },
+    "request_object_signing_alg_values_supported": [
+      "ES256"
+    ],
+    "presentation_definition_uri_supported": false
+}
+
+
+

The response of the Relying Party is defined in the section below.

+
+
+

Authorization Request Details

+

The Relying Party MUST create a Request Object in the form of a signed JWT and +MUST provide it to the Wallet Instance through an HTTP URL (request URI). +The HTTP URL points to the web resource where the signed Request Object is +available for download. The URL parameters contained in the Relying Party +response, containing the request URI, are described in the Table below.

+ ++++ + + + + + + + + + + + + + + + + + + + + + + +

Name

Description

client_id

REQUIRED. Unique identifier of the Relying Party.

request_uri

REQUIRED. The HTTPs URL where the Relying Party provides the signed Request Object to the Wallet Instance.

client_id_scheme

OPTIONAL. The scheme used by the Relying Party for the client_id, detailing the format and structure and the trust evaluation method. It SHOULD be set with entity_id.

state

OPTIONAL. A unique identifier for the current transaction generated by the Relying Party. The value SHOULD be opaque to the Wallet Instance.

request_uri_method

OPTIONAL. The HTTP method MUST be set with get or post. The Wallet Instance should use this method to obtain the signed Request Object from the request_uri. If not provided or equal to get, the Wallet Instance SHOULD use the HTTP method get. Otherwise, the Wallet Instance SHOULD provide its metadata within the HTTP POST body encoded in application/json.

+

Below a non-normative example of the response containing the required parameters previously described.

+
https://wallet-solution.digital-strategy.europa.eu/authorization?client_id=...&request_uri=...&client_id_scheme=entity_id&request_uri_method=post
+
+
+

The value corresponding to the request_uri endpoint SHOULD be randomized, according to RFC 9101, The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) Section 5.2.1.

+

In the Same Device Flow the Relying Party uses an HTTP response redirect (with status code set to 302) as represented in the following non-normative example:

+
HTTP/1.1 /authorization Found
+Location: https://wallet-solution.digital-strategy.europa.eu?
+client_id=https%3A%2F%2Frelying-party.example.org%2Fcb
+&request_uri=https%3A%2F%2Frelying-party.example.org%2Frequest_uri
+&client_id_scheme=entity_id
+&request_uri_method=post
+
+
+

In the Cross Device Flow, a QR Code is shown by the Relying Party to the User in order to provide the Authorization Request. The User frames the QR Code using their Wallet Instance.

+

Below is represented a non-normative example of a QR Code issued by the Relying Party.

+
+_images/verifier_qr_code.svg +
+

Below is represented a non-normative example of the QR Code raw payload:

+
https://wallet-solution.digital-strategy.europa.eu/authorization?client_id=https%3A%2F%2Frelying-party.example.org&request_uri=https%3A%2F%2Frelying-party.example.org&client_id_scheme=entity_id&request_uri_method=post
+
+
+
+

Note

+

The error correction level chosen for the QR Code MUST be Q (Quartily - up to 25%), since it offers a good balance between error correction capability and data density/space. This level of quality and error correction allows the QR Code to remain readable even if it is damaged or partially obscured.

+
+
+
+

Cross Device Flow Status Checks and Security

+

When the flow is Cross Device, the user-agent needs to check the session status to the endpoint made available by Relying Party (status endpoint). This check MAY be implemented in the form of JavaScript code, within the page that shows the QRCode, then the user-agent checks the status with a polling strategy in seconds or a push strategy (eg: web socket).

+

Since the QRcode page and the status endpoint are implemented by the Relying Party, it is under the Relying Party responsability the implementation details of this solution, since it is related to the Relying Party's internal API. However, the text below describes an implementation example.

+

The Relying Party binds the request of the user-agent, with a session cookie marked as Secure and HttpOnly, with the issued request. The request url SHOULD include a parameter with a random value. The HTTP response returned by this specialized endpoint MAY contain the HTTP status codes listed below:

+
    +
  • 201 Created. The signed Request Object was issued by the Relying Party that waits to be downloaded by the Wallet Instance at the request_uri endpoint.

  • +
  • 202 Accepted. This response is given when the signed Request Object was obtained by the Wallet Instance.

  • +
  • 200 OK. The Wallet Instance has provided the presentation to the Relying Party's response_uri endpoint and the User authentication is successful. The Relying Party updates the session cookie allowing the user-agent to access to the protected resource. An URL is provided carrying the location where the user-agent is intended to navigate.

  • +
  • 401 Unauthorized. The Wallet Instance or its User have rejected the request, or the request is expired. The QRCode page SHOULD be updated with an error message.

  • +
+

Below a non-normative example of the HTTP Request to this specialized endpoint, where the parameter id contains an opaque and random value:

+
GET /session-state?id=3be39b69-6ac1-41aa-921b-3e6c07ddcb03
+HTTP/1.1
+HOST: relying-party.example.org
+
+
+
+
+

Request Object Details

+

Below a non-normative example of HTTP request made by the Wallet Instance to the Relying Party.

+
GET /request_uri HTTP/1.1
+HOST: relying-party.example.org
+
+
+
+
+

Request URI Response

+

The Relying Party issues the signed Request Object, where a non-normative example in the form of decoded header and payload is shown below:

+
{
+  "alg": "ES256",
+  "typ": "JWT",
+  "kid": "9tjiCaivhWLVUJ3AxwGGz_9",
+  "trust_chain": [
+    "MIICajCCAdOgAwIBAgIC...awz",
+    "MIICajCCAdOgAwIBAgIC...2w3",
+    "MIICajCCAdOgAwIBAgIC...sf2"
+  ]
+}
+.
+{
+  "scope": "PersonIdentificationData WalletAttestation",
+  "client_id_scheme": "entity_id",
+  "client_id": "https://relying-party.example.org",
+  "response_mode": "direct_post.jwt",
+  "response_type": "vp_token",
+  "response_uri": "https://relying-party.example.org/response_uri",
+  "nonce": "2c128e4d-fc91-4cd3-86b8-18bdea0988cb",
+  "state": "3be39b69-6ac1-41aa-921b-3e6c07ddcb03",
+  "iss": "https://relying-party.example.org",
+  "iat": 1672418465,
+  "exp": 1672422065,
+  "request_uri_method": "post"
+}
+
+
+

The JWS header parameters are described below:

+ ++++ + + + + + + + + + + + + + + + + + + + +

Name

Description

alg

Algorithm used to sign the JWT, according to [RFC 7516#section-4.1.1]. It MUST be one of the supported algorithms in Section Cryptographic Algorithms and MUST NOT be set to none or to a symmetric algorithm (MAC) identifier.

typ

Media Type of the JWT, as defined in [RFC 7519].

kid

Key ID of the public key needed to verify the JWS signature, as defined in [RFC 7517]. REQUIRED when trust_chain is used.

trust_chain

Sequence of Entity Statements that composes the Trust Chain related to the Relying Party, as defined in OID-FED Section 3.2.1. Trust Chain Header Parameter.

+

The JWS payload parameters are described herein:

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Name

Description

scope

Aliases for well-defined Presentation Definitions IDs. It is used to identify which required Credentials and User attributes are requested by the Relying Party, according to the Section "Using scope Parameter to Request Verifiable Credential(s)" of [OID4VP].

client_id_scheme

String identifying the scheme of the value in the client_id. It MUST be set to the value entity_id.

client_id

Unique Identifier of the Relying Party.

response_mode

It MUST be set to direct_post.jwt.

response_type

It MUST be set to vp_token.

response_uri

The Response URI to which the Wallet Instance MUST send the Authorization Response using an HTTP request using the method POST.

nonce

Fresh cryptographically random number with sufficient entropy, which length MUST be at least 32 digits.

state

Unique identifier of the Authorization Request.

iss

The entity that has issued the JWT. It will be populated with the Relying Party client id.

iat

Unix Timestamp, representing the time at which the JWT was issued.

exp

Unix Timestamp, representing the expiration time on or after which the JWT MUST NOT be valid anymore.

request_uri_method

String determining the HTTP method to be used with the request_uri endpoint to provide the Wallet Instance metadata to the Relying Party. The value is case-insensitive and can be set to: get or post. The GET method, as defined in [@RFC9101], involves the Wallet Instance sending a GET request to retrieve a Request Object. The POST method involves the Wallet Instance requesting the creation of a new Request Object by sending an HTTP POST request, with its metadata, to the request URI of the Relying Party.

+
+

Warning

+

Using the parameter scope requires that the Relying Party Metadata MUST contain the presentation_definition, where a non-normative example of it is given below:

+
+
{
+    "id": "presentation definitions",
+    "input_descriptors": [
+        {
+			"id": "eu.europa.ec.eudiw.pid.it.1",
+            "name": "Person Identification Data",
+            "purpose": "User authentication",
+			"group": [
+                "group1"
+            ],
+			"format": {
+                "vc+sd-jwt": {
+                    "alg": [
+                        "ES256",
+                        "ES384",
+                        "ES512"
+                    ]
+                }
+            },
+            "constraints": {
+                "limit_disclosure": "preferred",
+                "fields": [
+                    {
+                        "filter": {
+                            "const": "unique_id",
+                            "type": "string"
+                        },
+                        "path": [
+                            "$.credentialSubject.unique_id"
+                        ]
+                    },
+                    {
+                        "filter": {
+                            "const": "given_name",
+                            "type": "string"
+                        },
+                        "path": [
+                            "$.credentialSubject.given_name"
+                        ]
+                    },
+                    {
+                        "filter": {
+                            "const": "family_name",
+                            "type": "string"
+                        },
+                        "path": [
+                            "$.credentialSubject.family_name"
+                        ]
+                    },
+                    {
+                        "filter": {
+                            "const": "bith_date",
+                            "type": "string"
+                        },
+                        "path": [
+                            "$.credentialSubject.bith_date"
+                        ]
+                    },
+                    {
+                        "filter": {
+                            "const": "tax_id_code",
+                            "type": "string"
+                        },
+                        "path": [
+                            "$.credentialSubject.tax_id_code"
+                        ]
+                    }
+                ]
+            }
+        },
+        {
+			"id": "WalletAttestation",
+            "name": "Wallet Attestation",
+            "purpose": "Wallet Authentication",
+			"format": "jwt",
+            "group": [
+                "group2"
+            ],
+            "constraints": {
+                "fields": [
+                    {
+                        "filter": {
+                            "enum": [
+                                "https://issuer.example.org"
+                            ],
+                            "type": "string"
+                        },
+                        "path": [
+                            "$.iss"
+                        ]
+                    },
+                    {
+                        "filter": {
+                            "minimum": 1504700136,
+                            "type": "number"
+                        },
+                        "path": [
+                            "$.exp"
+                        ]
+                    },
+                    {
+                        "filter": {
+                            "minimum": 1504700136,
+                            "type": "number"
+                        },
+                        "path": [
+                            "$.iat"
+                        ]
+                    },
+                    {
+                        "filter": {
+                            "type": "object"
+                        },
+                        "path": [
+                            "$.cnf.jwk"
+                        ]
+                    },
+                    {
+                        "filter": {
+                            "const": "aal",
+                            "type": "string"
+                        },
+                        "path": [
+                            "$.aal"
+                        ]
+                    }
+                ]
+            }
+        }
+    ],
+    "submission_requirements": [
+        {
+			"name": "Sample requirement",
+            "count": 1,
+			"rule": "pick",
+            "from": "group1"
+        }
+    ]
+}
+
+
+
+

Note

+

The following parameters, even if defined in [OID4VP], are not mentioned in the previous non-normative example, since their usage is conditional and may change in future release of this documentation.

+
    +
  • presentation_definition: JSON object according to Presentation Exchange. This parameter MUST not be present when presentation_definition_uri or scope are present.

  • +
  • presentation_definition_uri: Not supported. String containing an HTTPS URL pointing to a resource where a Presentation Definition JSON object can be retrieved. This parameter MUST be present when presentation_definition parameter or a scope value representing a Presentation Definition is not present.

  • +
  • client_metadata: A JSON object containing the Relying Party metadata values. The client_metadata parameter MUST NOT be present when client_id_scheme is entity_id. Since the client_metadata is taken from trust_chain, this parameter is intended to not be used.

  • +
  • client_metadata_uri: string containing an HTTPS URL pointing to a resource where a JSON object with the Relying Party metadata can be retrieved. The client_metadata_uri parameter MUST NOT be present when client_id_scheme is entity_id. Since the client_metadata is taken from trust_chain, this parameter is intended to not be used.

  • +
+
+
+

Request URI Endpoint Errors

+

When the Relying Party encounters errors while issuing the Request Object from the request_uri endpoint, the following error responses are applicable:

+
    +
  • invalid_request: The request_uri URL is missing in some part within its webpath or urlparams, therefore it does not point to a valid Request Object and then it cannot be retrieved. This error is returned when the Request Object is not well referenced in the request_uri.

  • +
  • server_error: The server encountered an unexpected condition that prevented it from fulfilling the request. This error is returned when the Relying Party's server is unable to process the Request Object due to a server-side issue, such as a malfunction or maintenance. The Wallet Instance should advise the User to try again later.

  • +
+

The following is an example of an error response from request_uri endpoint:

+
HTTP/1.1 400 Bad Request
+Content-Type: application/json
+
+{
+ "error": "invalid_request",
+ "error_description": "The request_uri is malformed or does not point to a valid Request Object."
+}
+
+
+

Another example:

+
HTTP/1.1 500 Internal Server Error
+Content-Type: application/json
+
+{
+ "error": "server_error",
+ "error_description": "The request_uri cannot be retrieved due to an internal server error."
+}
+
+
+

There are cases where the Wallet Instance cannot validate the Request Object or the Request Object results invalid. This error occurs if the Request Object is successfully fetched from the request_uri but fails validation checks by the Wallet Instance. This could be due to incorrect signatures, malformed claims, or other validation failures, such as the revocation of its issuer (Relying Party).

+

Upon receiving an error response, the Wallet Instance SHOULD inform the User of the error condition in an appropriate manner. Additionally, the Wallet Instance SHOULD log the error and MAY attempt to recover from certain errors if feasible. For example, if the error is server_error, the Wallet Instance MAY prompt the User to re-enter or scan a new QR code, if applicable.

+

It is crucial for Wallet Instances to implement robust error handling to maintain a secure and user-friendly experience. Adhering to the specified error responses ensures interoperability and helps in diagnosing issues during the interaction with the Relying Party's endpoints.

+
+

Warning

+

The current OpenID4VP specification outlines various error responses that a Wallet Instance may return to the Relying Party (Verifier) in case of faulty requests (OpenID4VP, Section 6.4. Error Response). For privacy enhancement, Wallet Instances SHOULD NOT notify the Relying Party of faulty requests in certain scenarios. This is to prevent any potential misuse of error responses that could lead to gather informations that could be exploited.

+
+
+
+
+

Authorization Response Details

+

After getting the User authorization and consent for the presentation of the Credentials, the Wallet Instance sends the Authorization Response to the Relying Party response_uri endpoint, the content SHOULD be encrypted according OpenID4VP Section 6.3, using the Relying Party public key.

+
+

Note

+

Why the response is encrypted?

+

The response sent from the Wallet Instance to the Relying Party is encrypted to prevent a malicious agent from gaining access to the plaintext information transmitted within the Relying Party's network. This is only possible if the network environment of the Relying Party employs TLS termination. Such technique employs a termination proxy that acts as an intermediary between the client and the webserver and handles all TLS-related operations. In this manner, the proxy deciphers the transmission's content and either forwards it in plaintext or by negotiates an internal TLS session with the actual webserver's intended target. In the first scenario, any malicious actor within the network segment could intercept the transmitted data and obtain sensitive information, such as an unencrypted response, by sniffing the transmitted data.

+
+

Below a non-normative example of the request:

+
POST /response_uri HTTP/1.1
+HOST: relying-party.example.org
+Content-Type: application/x-www-form-urlencoded
+
+response=eyJhbGciOiJFUzI1NiIs...9t2LQ
+
+
+

Below is a non-normative example of the decrypted payload of the JWT contained in the response, before base64url encoding:

+
{
+  "state": "3be39b69-6ac1-41aa-921b-3e6c07ddcb03",
+  "vp_token": [
+      "eyJhbGciOiJFUzI1NiIs...PT0iXX0",
+      $WalletAttestation-JWT
+  ],
+  "presentation_submission": {
+      "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
+      "id": "04a98be3-7fb0-4cf5-af9a-31579c8b0e7d",
+      "descriptor_map": [
+          {
+              "id": "PersonIdentificationData",
+              "path": "$.vp_token[0]",
+              "format": "vc+sd-jwt"
+          },
+          {
+              "id": "WalletAttestation",
+              "path": "$.vp_token[1]",
+              "format": "jwt"
+          }
+      ]
+  }
+}
+
+
+

Where the following parameters are used:

+ ++++ + + + + + + + + + + + + + + + + +

Name

Description

vp_token

JSON Array containing the Verifiable Presentation(s). There MUST be at least two signed presentations in this Array:

+
    +
  • The requested Digital Credential (one or more, in format of SD-JWT VC or MDOC CBOR)

  • +
  • The Wallet Attestation

  • +
+

presentation_submission

JSON Object containing the mappings between the requested Verifiable Credentials and where to find them within the returned Verifiable Presentation Token, according to the Presentation Exchange.

state

Unique identifier provided by the Relying Party within the Authorization Request.

+

The items contained in the vp_token array are Verifiable Presentations of Credentials. +Both SD-JWT and mdoc CBOR provide indications for the presentation, according to their specifications.

+
+
+

SD-JWT Presentation

+

SD-JWT defines how an Holder can present a Credential to a Verifier proving the legitimate possession +of the Credential. For doing this the Holder MUST include the KB-JWT in the SD-JWT, +by appending the KB-JWT at the end of the of the SD-JWT, as represented in the example below:

+
<Issuer-Signed-JWT>~<Disclosure 1>~<Disclosure 2>~...~<Disclosure N>~<KB-JWT>
+
+
+

To validate the signature on the Key Binding JWT, the Verifier MUST use the key material included in the Issuer-Signed-JWT. +The Key Binding JWT MUST specify which key material the Verifier needs to use to validate the Key Binding JWT signature, +using JOSE header parameter kid.

+

When an SD-JWT is presented, its KB-JWT MUST contain the following parameters in the JWS header:

+ ++++ + + + + + + + + + + + + + + + + +

Claim

Description

typ

REQUIRED. MUST be kb+jwt, which explicitly types the Key Binding JWT as recommended in Section 3.11 of [RFC8725].

alg

REQUIRED. Signature Algorithm using one of the specified in the section Cryptographic Algorithms.

kid

REQUIRED. Unique identifier of the public key to be used to verify the signature.

+

When an SD-JWT is presented, its KB-JWT MUST contain the following parameters in the JWS payload:

+ ++++ + + + + + + + + + + + + + + + + + + + +

Claim

Description

iat

REQUIRED. The value of this claim MUST be the time at which the Key Binding JWT was issued, using the syntax defined in [RFC7519].

aud

REQUIRED. The intended receiver of the Key Binding JWT. The value of this parameter MUST match the Relying Party unique entity identifier.

nonce

REQUIRED. Ensures the freshness of the signature. The value type of this claim MUST be a string. The value MUST match with the one provided in the request object.

sd_hash

REQUIRED. The base64url-encoded hash digest over the Issuer-signed JWT and the selected disclosures.

+
+
+

MDOC-CBOR Presentation

+

TBD.

+
+

Authorization Response Errors

+

When the Wallet sends a response using direct_post.jwt to the Relying Party, several errors may occur, including:

+
+
    +
  • Invalid Credential: This error occurs when one or more Credentials or VPs, included in the vp_token, fail validation because they are malformed. The correct HTTP status code for this error is 400 (Bad Request). The error should be set to invalid_request, and the error_description SHOULD identify the malformed Credentials.

  • +
  • Issuer Credential Trust Failure: This error arises when the Relying Party cannot establish trust with the issuer of a presented Credential, included in the vp_token. The appropriate HTTP status code for this error is 403 (Forbidden). The error should be labeled as invalid_request, and the error_description SHOULD specify the issuer for which trust could not be established.

  • +
  • Invalid Nonce: This error happens when the nonce provided in the request is incorrect. The HTTP status code for this error should be 403 (Forbidden). The error SHOULD be labeled as invalid_request, with an error_description indicating that the nonce is incorrect.

  • +
  • Invalid Wallet Attestation: This error occours when it's not possible to establish trust with the Wallet Attestation's issuer (Wallet Provider), or if the Wallet Attestation is invalid or does not meet the Relying Party's minimum security criteria. The correct HTTP status code for this error is 403 (Forbidden). The error SHOULD be marked as invalid_request, and the error_description should clarify that the issue stems from the Wallet Attestation's failure to establish trust with its issuer or its non-compliance with required security standards.

  • +
  • Invalid Presentation Submission: This error occurs when the presentation submission is not valid. The appropriate HTTP status code for this error is 400 Bad Request. The error should be labeled as invalid_request, and the error_description should specify the invalid aspects of the presentation submission.

  • +
+

To enhance clarity and ensure proper error handling, it's crucial to provide detailed error responses. Below are two examples of HTTP responses using application/json that include both the error and error_description members:

+
+
HTTP/1.1 403 Forbidden
+Content-Type: application/json
+
+{
+  "error": "invalid_request",
+  "error_description": "Trust cannot be established with the issuer: https://issuer.example.com"
+}
+
+
+
HTTP/1.1 400 Bad Request
+Content-Type: application/json
+
+{
+  "error": "invalid_request",
+  "error_description": "The following Credentials/VP are malformed: [CredentialX, vp_token[2]]"
+}
+
+
+
+
+
+

Redirect URI

+

When the Relying Party provides the redirect URI, the Wallet Instance MUST send the user-agent to this redirect URI. The redirect URI allows the Relying Party to continue the interaction with the End-User on the device where the Wallet Instance resides after the Wallet Instance has sent the Authorization Response to the response URI.

+

The Relying Party MUST include a response code within the redirect URI. The response code is a fresh, cryptographically random number used to ensure only the receiver of the redirect can fetch and process the Authorization Response. The number could be added as a path component, as a parameter or as a fragment to the URL. It is RECOMMENDED to use a cryptographic random value of 128 bits or more at the time of the writing of this specification.

+

The following is a non-normative example of the response from the Relying Party to the Wallet Instance upon receiving the Authorization Response at the Response Endpoint.

+
HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "redirect_uri": "https://relying-party.example.org/cb?response_code=091535f699ea575c7937fa5f0f454aee"
+}
+
+
+

The redirect_uri value MUST be used with an HTTP method GET by either the Wallet Instance or the user-agent to redirect the User to the Relying Party in order to complete the process. The value can be added as a path component, as a fragment or as a parameter to the URL according to Section 6.2 of OpenID4VP. The specific entity that performs this action depends on whether the flow is Same device or Cross device.

+
+
+

Redirect URI Errors

+

When the Wallet Instance sends the user-agent to the Redirect URI provided by the Relying Party, several errors may occur that prevent the successful completion of the process. These errors are critical as they directly impact the User experience by hindering the seamless flow of information between the Wallet Instance and the Relying Party. Below are potential errors related to the Redirect URI and their implications:

+
    +
  • Mismatched Redirect URI: This error occurs when the Redirect URI provided by the Relying Party does not match any of the URIs linked with the User session. This mismatch can lead to a HTTP status error code set to 403 (Forbidden), indicating that the request cannot be processed due session/URI mismatch.

  • +
  • Redirect URI Security Issues: If the Relying Party incurs in security issues when evaluating the User session with the provided URI, the Relying Party MUST raise an error. In such cases, an HTTP status code set to 403 (Forbidden) MUST be returned, indicating that the request is valid but the server is refusing action due to security precautions.

  • +
+

Handling these errors requires clear communication to the User within the returned navigation web page. It is crucial for the Relying Party to implement robust error handling and validation mechanisms for Redirect URIs to ensure a secure implementation.

+
+
+
+

Proximity Flow

+

This section describes how a Verifier requests the presentation of an mDoc-CBOR Credential to a Wallet Instance according to the ISO 18013-5 Specification. Only Supervised Device Retrieval flow is supported in this technical implementation profile.

+

The presentation phase is divided into three sub-phases:

+
+

1. Device Engagement: This subphase begins when the User is prompted to disclose certain attributes from the mDoc(s). The objective of this subphase is to establish a secure communication channel between the Wallet Instance and the Verifier App, so that the mDoc requests and responses can be exchanged during the communication subphase. +The messages exchanged in this subphase are transmitted through short-range technologies to limit the possibility of interception and eavesdropping. +This technical implementation profile exclusively supports QR code for Device Engagement.

+

2. Session establishment: During the session establishment phase, the Verifier App sets up a secure connection. All data transmitted over this connection is encrypted using a session key, which is known to both the Wallet Instance and the Verifier at this stage. +The established session MAY be terminated based on the conditions as detailed in [ISO18013-5#9.1.1.4].

+

3. Communication - Device Retrieval: The Verifier App encrypts the mDoc request with the appropriate session key and sends it to the Wallet Instance together with its public key in a session establishment message. The mDoc uses the data from the session establishment message to derive the session key and decrypt the mDoc request. +During the communication subphase, the Verifier App has the option to request information from the Wallet using mDoc requests and responses. The primary mode of communication is the secure channel established during the session setup. The Wallet Instance encrypts the mDoc response using the session key and transmits it to the Verifier App via a session data message. This technical implementation profile only supports Bluetooth Low Energy (BLE) for the communication sub-phase.

+
+

The following figure illustrates the flow diagram compliant with ISO 18013-5 for proximity flow.

+
+_images/High-Level-Flow-ITWallet-Presentation-ISO.svg +
+

Fig. 6 High-Level Proximity Flow

+
+
+

Step 1-3: The Verifier requests the User to reveal certain attributes from their mDoc(s) stored in the Wallet Instance. The User initiates the Wallet Instance. The Wallet Instance MUST create a new temporary key pair (EDeviceKey.Priv, EDeviceKey.Pub), and incorporate the cipher suite identifier, the identifier of the elliptic curve for key agreement, and the EDeviceKey public point into the device engagement structure (refer to [ISO18013-5#9.1.1.4]). This key pair is temporary and MUST be invalidated immediately after the secure channel is established. Finally, the Wallet Instance displays the QR Code for Device Engagement.

+

Below an example of a device engagement structure that utilizes QR for device engagement and Bluetooth Low Energy (BLE) for data retrieval.

+

CBOR data:

+
a30063312e30018201d818584ba4010220012158205a88d182bce5f42efa59943f33359d2e8a968ff289d93e5fa444b624343167fe225820b16e8cf858ddc7690407ba61d4c338237a8cfcf3de6aa672fc60a557aa32fc670281830201a300f401f50b5045efef742b2c4837a9a3b0e1d05a6917
+
+
+

In diagnostic notation:

+
{
+  0: "1.0", % Version
+
+  1:        % Security
+  [
+      1,     % defines the cipher suite 1 which contains only EC curves
+      24(<<  % embedded CBOR data item
+        {
+          1: 2, % kty:EC2 (Elliptic curves with x and y coordinate pairs)
+        -1: 1, % crv:p256
+-2:h'5A88D182BCE5F42EFA59943F33359D2E8A968FF289D93E5FA444B624343  167FE',% x-coordinate
+-3:h'B16E8CF858DDC7690407BA61D4C338237A8CFCF3DE6AA672FC60A557AA32FC67' % y-coordinate
+        }
+      >>)
+    ],
+
+    2: %DeviceRetrievalMethods(Device engagement using QR code)
+    [
+      [
+        2, %BLE
+        1, % Version
+      {    %BLE options
+          0: false, % no support for mdoc peripheral server mode
+          1: true, % support mdoc central client mode
+          11: h'45EFEF742B2C4837A9A3B0E1D05A6917' % UUID of mdoc client central mode
+        }
+      ]
+    ]
+}
+
+
+

Step 4-6: The Verifier App scans the QR Code and generates its own ephemeral key pair (EReaderKey.Priv, EReaderKey.Pub). It then calculates the session key, using the public key received in the Engagement Structure and its newly-generated private key, as outlined in [ISO18013-5#9.1.1.5]. Finally, it generates its session key, which must be independently derived by both the Wallet Instance and the Verifier App.

+

Step 7: The Verifier App creates an mDoc request that MUST be encrypted using the relevant session key, and transmits it to the Wallet Instance along with EReaderKey.Pub within a session establishment message. The mDoc request MUST be encoded in CBOR, as demonstrated in the following non-normative example.

+

CBOR data: +.. code-block:

+
a26776657273696f6e63312e306b646f63526571756573747381a26c6974656d7352657175657374d818590152a267646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6a6e616d65537061636573a2746f72672e69736f2e31383031332e352e312e4954a375766572696669636174696f6e2e65766964656e6365f4781c766572696669636174696f6e2e6173737572616e63655f6c6576656cf4781c766572696669636174696f6e2e74727573745f6672616d65776f726bf4716f72672e69736f2e31383031332e352e31ab76756e5f64697374696e6775697368696e675f7369676ef47264726976696e675f70726976696c65676573f46f646f63756d656e745f6e756d626572f46a69737375655f64617465f46f69737375696e675f636f756e747279f47169737375696e675f617574686f72697479f46a62697274685f64617465f46b6578706972795f64617465f46a676976656e5f6e616d65f468706f727472616974f46b66616d696c795f6e616d65f46a726561646572417574688443a10126a11821590129308201253081cda00302010202012a300a06082a8648ce3d0403023020311e301c06035504030c15536f6d652052656164657220417574686f72697479301e170d3233313132343130323832325a170d3238313132323130323832325a301a3118301606035504030c0f536f6d6520526561646572204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004aa1092fb59e26ddd182cfdbc85f1aa8217a4f0fae6a6a5536b57c5ef7be2fb6d0dfd319839e6c24d087cd26499ec4f87c8c766200ba4c6218c74de50cd1243b1300a06082a8648ce3d0403020347003044022048466e92226e042add073b8cdc43df5a19401e1d95ab226e142947e435af9db30220043af7a8e7d31646a424e02ea0c853ec9c293791f930bf589bee557370a4c97bf6584058a0d421a7e53b7db0412a196fea50ca6d4c8a530a47dd84d88588ab145374bd0ab2a724cf2ed2facf32c7184591c5969efd53f5aba63194105440bc1904e1b9
+
+
+

The above CBOR data is represented in diagnostic notation as follows: +.. code-block:

+
{
+  "version": "1.0",
+  "docRequests": [
+  {
+    "itemsRequest": 24(<< {
+      "docType": "org.iso.18013.5.1.mDL",
+      "nameSpaces": {
+        "org.iso.18013.5.1.IT": {
+          "verification.evidence": false,
+          "verification.assurance_level": false,
+          "verification.trust_framework": false
+        },
+        "org.iso.18013.5.1": {
+          "un_distinguishing_sign": false,
+          "driving_privileges": false,
+          "document_number": false,
+          "issue_date": false,
+          "issuing_country": false,
+          "issuing_authority": false,
+          "birth_date": false,
+          "expiry_date": false,
+          "given_name": false,
+          "portrait": false,
+          "family_name": false
+        }
+      }
+    } >>),
+    "readerAuth": [
+      h'a10126',
+      {
+        33: h'308201253081cda00302010202012a300a06082a8648ce3d0403023020311e301c06035504030c15536f6d652052656164657220417574686f72697479301e170d3233313132343130323832325a170d3238313132323130323832325a301a3118301606035504030c0f536f6d6520526561646572204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004aa1092fb59e26ddd182cfdbc85f1aa8217a4f0fae6a6a5536b57c5ef7be2fb6d0dfd319839e6c24d087cd26499ec4f87c8c766200ba4c6218c74de50cd1243b1300a06082a8648ce3d0403020347003044022048466e92226e042add073b8cdc43df5a19401e1d95ab226e142947e435af9db30220043af7a8e7d31646a424e02ea0c853ec9c293791f930bf589bee557370a4c97b'
+      },
+      null,
+      h'58a0d421a7e53b7db0412a196fea50ca6d4c8a530a47dd84d88588ab145374bd0ab2a724cf2ed2facf32c7184591c5969efd53f5aba63194105440bc1904e1b9'
+    ]
+  }
+  ]
+}
+
+
+

Step 8: The Wallet Instance uses the session establishment message to derive the session keys and decrypt the mDoc request. It computes the session key using the public key received from the Verifier App and its private key.

+

Step 9-10: When the Wallet Instance receives the mDoc request, it locates the documents that contain the requested attributes and asks the User for permission to provide this information to the Verifier. If the User agrees, the Wallet generates an mDoc response and transmits it to the Verifier App through the secure channel.

+

Step 11-12: If the User gives consent, the Wallet Instance creates an mDoc response and transmits it to the Verifier App via the secure channel. The mDoc response MUST be encoded in CBOR, with its structure outlined in [ISO18013-5#8.3.2.1.2.2]. Below is a non-normative example of an mDoc response.

+

CBOR Data: +.. code-block:

+
a36776657273696f6e63312e3069646f63756d656e747381a367646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6c6973737565725369676e6564a26a6e616d65537061636573a2746f72672e69736f2e31383031332e352e312e495483d81858f7a46864696765737449440b6672616e646f6d506d44f21ee875f2c1d502b43198e5a15271656c656d656e744964656e74696669657275766572696669636174696f6e2e65766964656e63656c656c656d656e7456616c756581a2647479706571656c656374726f6e69635f7265636f7264667265636f7264bf6474797065781f68747470733a2f2f657564692e77616c6c65742e70646e642e676f762e697466736f75726365bf716f7267616e697a6174696f6e5f6e616d65754d6f746f72697a7a617a696f6e6520436976696c656f6f7267616e697a6174696f6e5f6964656d5f696e666c636f756e7472795f636f6465626974ffffd8185866a4686469676573744944046672616e646f6d50185d84dfb71ce9b173010ddd62174fbe71656c656d656e744964656e746966696572781c766572696669636174696f6e2e74727573745f6672616d65776f726b6c656c656d656e7456616c7565656569646173d8185865a4686469676573744944006672616e646f6d50137f903174253c4585358267aae2ea4e71656c656d656e744964656e746966696572781c766572696669636174696f6e2e6173737572616e63655f6c6576656c6c656c656d656e7456616c75656468696768716f72672e69736f2e31383031332e352e318bd8185852a46864696765737449440c6672616e646f6d5053e29d0ddbbc7d2306a32bdbe2e56e5171656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756563446f65d8185855a4686469676573744944036672616e646f6d50990cba2069fa1b33b8d6ae910b6549dc71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c756567416e746f6e696fd818585ba46864696765737449440a6672616e646f6d504086c1379975f805f1b1f4975e6a126571656c656d656e744964656e7469666965726a69737375655f646174656c656c656d656e7456616c7565d903ec6a323031392d31302d3230d818585ca4686469676573744944016672616e646f6d50ab4ca30c918dd2fd0bf35242c15fa2d871656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032342d31302d3230d8185855a4686469676573744944076672616e646f6d508d9066f6c8da16619867cd4e2fab0c8871656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565624954d818587ea4686469676573744944056672616e646f6d5059fe68db795dee4c20976380ea24770571656c656d656e744964656e7469666965727169737375696e675f617574686f726974796c656c656d656e7456616c75657828497374697475746f20506f6c696772616669636f2065205a656363612064656c6c6f20537461746fd818585ba4686469676573744944026672616e646f6d5008b3f1ca5517019767be3dee3bb0614571656c656d656e744964656e7469666965726a62697274685f646174656c656c656d656e7456616c7565d903ec6a313935362d30312d3230d818585ca4686469676573744944096672616e646f6d50a2395ec214350c26066306e23279b3ae71656c656d656e744964656e7469666965726f646f63756d656e745f6e756d6265726c656c656d656e7456616c756569393837363534333231d8185850a4686469676573744944066672616e646f6d50a25e1a5b915d2d6eafee9674e023293971656c656d656e744964656e74696669657268706f7274726169746c656c656d656e7456616c75654420212223d81858eea46864696765737449440d6672616e646f6d50eeed6a3b856563627589a360939d12f771656c656d656e744964656e7469666965727264726976696e675f70726976696c656765736c656c656d656e7456616c756582a37576656869636c655f63617465676f72795f636f646561416a69737375655f64617465d903ec6a323031382d30382d30396b6578706972795f64617465d903ec6a323032342d31302d3230a37576656869636c655f63617465676f72795f636f646561426a69737375655f64617465d903ec6a323031372d30322d32336b6578706972795f64617465d903ec6a323032342d31302d3230d818585ba4686469676573744944086672616e646f6d50c0ef486b2a194ed3cbf7f354fd40092171656c656d656e744964656e74696669657276756e5f64697374696e6775697368696e675f7369676e6c656c656d656e7456616c756561496a697373756572417574688443a10126a118215901423082013e3081e5a00302010202012a300a06082a8648ce3d040302301a3118301606035504030c0f5374617465204f662055746f706961301e170d3233313132343134353430345a170d3238313132323134353430345a30383136303406035504030c2d5374617465204f662055746f7069612049737375696e6720417574686f72697479205369676e696e67204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004c338ec1000b351ce8bcdfc167450aeceb
+
+
+

In diagnostic notation: +.. code-block:

+
{
+  "version": "1.0",
+  "documents": [
+  {
+    "docType": "org.iso.18013.5.1.mDL",
+    "issuerSigned": {
+      "nameSpaces": {
+        "org.iso.18013.5.1.IT": [
+          24(<< {
+            "digestID": 11,
+            "random": h'6d44f21ee875f2c1d502b43198e5a152',
+            "elementIdentifier": "verification.evidence",
+            "elementValue": [
+              {
+                "type": "electronic_record",
+                "record": {
+                  "type": "https://eudi.wallet.pdnd.gov.it",
+                  "source": {
+                    "organization_name": "Motorizzazione Civile",
+                    "organization_id": "m_inf",
+                    "country_code": "it"
+                  }
+                }
+              }
+            ]
+          } >>),
+          24(<< {
+            "digestID": 4,
+            "random": h'185d84dfb71ce9b173010ddd62174fbe',
+            "elementIdentifier": "verification.trust_framework",
+            "elementValue": "eidas"
+          } >>),
+          24(<< {
+            "digestID": 0,
+            "random": h'137f903174253c4585358267aae2ea4e',
+            "elementIdentifier": "verification.assurance_level",
+            "elementValue": "high"
+          } >>)
+        ],
+        "org.iso.18013.5.1": [
+          24(<< {
+            "digestID": 12,
+            "random": h'53e29d0ddbbc7d2306a32bdbe2e56e51',
+            "elementIdentifier": "family_name",
+            "elementValue": "Doe"
+          } >>),
+          24(<< {
+            "digestID": 3,
+            "random": h'990cba2069fa1b33b8d6ae910b6549dc',
+            "elementIdentifier": "given_name",
+            "elementValue": "Antonio"
+          } >>),
+          24(<< {
+            "digestID": 10,
+            "random": h'4086c1379975f805f1b1f4975e6a1265',
+            "elementIdentifier": "issue_date",
+            "elementValue": 1004("2019-10-20")
+          } >>),
+          24(<< {
+            "digestID": 1,
+            "random": h'ab4ca30c918dd2fd0bf35242c15fa2d8',
+            "elementIdentifier": "expiry_date",
+            "elementValue": 1004("2024-10-20")
+          } >>),
+          24(<< {
+            "digestID": 7,
+            "random": h'8d9066f6c8da16619867cd4e2fab0c88',
+            "elementIdentifier": "issuing_country",
+            "elementValue": "IT"
+          } >>),
+          24(<< {
+            "digestID": 5,
+            "random": h'59fe68db795dee4c20976380ea247705',
+            "elementIdentifier": "issuing_authority",
+            "elementValue": "Istituto Poligrafico e Zecca dello Stato"
+          } >>),
+          24(<< {
+            "digestID": 2,
+            "random": h'08b3f1ca5517019767be3dee3bb06145',
+            "elementIdentifier": "birth_date",
+            "elementValue": 1004("1956-01-20")
+          } >>),
+          24(<< {
+            "digestID": 9,
+            "random": h'a2395ec214350c26066306e23279b3ae',
+            "elementIdentifier": "document_number",
+            "elementValue": "987654321"
+          } >>),
+          24(<< {
+            "digestID": 6,
+            "random": h'a25e1a5b915d2d6eafee9674e0232939',
+            "elementIdentifier": "portrait",
+            "elementValue": h'20212223'
+          } >>),
+          24(<< {
+            "digestID": 13,
+            "random": h'eeed6a3b856563627589a360939d12f7',
+            "elementIdentifier": "driving_privileges",
+            "elementValue": [
+              {
+                "vehicle_category_code": "A",
+                "issue_date": 1004("2018-08-09"),
+                "expiry_date": 1004("2024-10-20")
+              },
+              {
+                "vehicle_category_code": "B",
+                "issue_date": 1004("2017-02-23"),
+                "expiry_date": 1004("2024-10-20")
+              }
+            ]
+          } >>),
+          24(<< {
+            "digestID": 8,
+            "random": h'c0ef486b2a194ed3cbf7f354fd400921',
+            "elementIdentifier": "un_distinguishing_sign",
+            "elementValue": "I"
+          } >>)
+        ]
+      },
+      "issuerAuth": [
+        h'a10126',
+        {
+          33: h'3082013e3081e5a00302010202012a300a06082a8648ce3d040302301a3118301606035504030c0f5374617465204f662055746f706961301e170d3233313132343134353430345a170d3238313132323134353430345a30383136303406035504030c2d5374617465204f662055746f7069612049737375696e6720417574686f72697479205369676e696e67204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004c338ec1000b351ce8bcdfc167450aeceb7d518bd9a519583e082d67effff06565804fc09abf0e4a08e699c9dba3796285a15f68e40ac7f9fc7700a15153a4065300a06082a8648ce3d040302034800304502210099b7d62e6bf7b1823db3713df889bf73e70bb4d9c58c21e92c58d2f1beffe932022058d039747a00d70e6d66be4797e6142b3608a014ee09b7b79af2cae2aaf27788'
+        },
+        24(<< {
+      "version": "1.0",
+      "digestAlgorithm": "SHA-256",
+      "docType": "org.iso.18013.5.1.mDL",
+      "valueDigests": {
+        "org.iso.18013.5.1": {
+        1: h'0E5F0B6B33418E508740771E82F893372EAF5B2445BC4C84DCF08B005E9493FC',
+        2: h'DE21BB62FF2897D8B986D2CDA9F9BC5865C02807F7B4D9DD1FA4A79DF4C0D37F',
+        3: h'BC5568239E35CE9FF8798C27FFDCD757B134B679F0FE05729AA3491381912E65',
+        5: h'E6048BDC7FD6454296F1E3F54536107C9C5B24C4064DE46A98121E3630EECCA2',
+        6: h'73690D92DCAA61B0203870F67C6AA9FDFEA889B6F0C720DE757B4B0A8516A206',
+        7: h'E353EA0B0FD92B6BE90C64CC3B2EE1284153A8F0F5066B99AAC599200E6EEEB2',
+        8: h'29227872CEB49923D267B5F4BADE6D387B42AC2DC4B2AE26C9013067FEE7018A',
+        9: h'A6A119F7CACAC0B8C6AACAC747FD3FE7E50B6D9BB8A507FDA79F0DF6646F285D',
+        10: h'6D8025D2F02A5E7E1406FB6AAEB67F9EDE9B07191A53F3E23B77C528223A94E2',
+        12: h'B0D43E4E2EA534E4D5304E64BCF7A0F13E2C8EE8304B9CD23ABA4909652A4647',
+        13: h'FBF4DE318982F2DBAD43C601CAEB22628B301AC18AA8264C5831B2AAAC89C486'
+        },
+        "org.iso.18013.5.1.IT": {
+        0: h'CF57377B675F64F37314739592C1E8A911A7DDAF341CE2902FE877C5A835E4C1',
+        4: h'4A4B4CC64EC9299C1A2501EA449F577005E9F7A60408057C07A7C67FB151E5F5',
+        11: h'78824FBD6FBBA88A2AAB44DF8B6F5E9759126D87D1F4415995E658FD9239E1FE'
+        }
+      },
+      "deviceKeyInfo": {
+        "deviceKey": {
+        1: 2,
+        -1: 1,
+        -2: h'AFD09E720B918CEDC2B8A881950BAB6A1051E18AE16A814D51E609938663D5E1',
+        -3: h'61FBC6C8AD24EC86A78BB4E9AC377DD2B7C711D9F2EB9AFD4AA0963662847AED'}},
+        "validityInfo": {
+          "signed": 0("2023-11-24T14:54:05Z"),
+          "validFrom": 0("2023-11-24T14:54:05Z"),
+          "validUntil": 0("2024-11-24T14:54:05Z")}
+        }  >>),
+        h'f2461e4fab69e9f7bcffe552395424514524d1679440036213173101448d1b1ab4a293859b389ffa8b47aeed10e9b0c1545412ac37c51a76482cd9bbbe110152'
+      ]
+    },
+    "deviceSigned": {
+      "nameSpaces": 24(<< {} >>),
+      "deviceAuth": {
+        "deviceSignature": [
+          h'a10126',
+          {},
+          null,
+          h'1fed7190d2975ab79c072e6f1d9d52436059d1fc959d55baf74f057d89b10fcc0dc77a50d433d4c76ddf26223c5560c4ab123b5cb5eb805a90036aa147493076'
+        ]
+      }
+    }
+  }
+  ],
+  "status": 0
+}
+
+
+

Step 13: The Verifier App is required to validate the signatures in the mDoc's issuerSigned field using the public key of the Credential Issuer specified within the mDoc. Subsequently, the Verifier MUST validate the signature in the deviceSigned field. If these signature checks pass, the Verifier can confidently consider the received information as valid.

+
+

Device Engagement

+

The Device Engagement structure MUST be have at least the following components:

+
+
    +
  • Version: tstr. Version of the data structure being used.

  • +
  • Security: an array that contains two mandatory values

    +
      +
    • the cipher identifier: see Table 22 of [ISO18013-5]

    • +
    • the mDL public ephemeral key generated by the Wallet Instance and required by the Verifier App to derive the Session Key. The mDL public ephemeral key MUST be of a type allowed by the indicated cipher suite.

    • +
    +
  • +
  • transferMethod: an array that contains one or more transferMethod arrays when performing device engagement using the QR code. This array is for offline data retrieval methods. A transferMethod array holds two mandatory values (type and version). Only the BLE option is supported by this technical implementation profile, then the type value MUST be set to 2.

  • +
  • BleOptions: this elements MUST provide options for the BLE connection (support for Peripheral Server or Central Client Mode, and the device UUID).

  • +
+
+
+
+

mDoc Request

+

The messages in the mDoc Request MUST be encoded using CBOR. The resulting CBOR byte string for the mDoc Request MUST be encrypted with the Session Key obtained after the Device Engagement phase and MUST be transmitted using the BLE protocol. +The details on the structure of mDoc Request, including identifier and format of the data elements, are provided below.

+
+
    +
  • version: (tstr). Version of the data structure.

  • +
  • docRequests: Requested DocType, NameSpace and data elements.

    +
      +
    • itemsRequest: #6.24(bstr .cbor ItemsRequest).

      +
        +
      • docType: (tstr). The DocType element contains the type of document requested. See Data Model Section.

      • +
      • nameSpaces: (tstr). See Data Model Section for more details.

        +
          +
        • dataElements: (tstr). Requested data elements with Intent to Retain value for each requested element.

          +
            +
          • IntentToRetain: (bool). It indicates that the Verifier App intends to retain the received data element.

          • +
          +
        • +
        +
      • +
      +
    • +
    • readerAuth: COSE_Sign1. It is required for the Verifier App authentication.

    • +
    +
  • +
+
+
+

Note

+

The domestic data elements MUST not be returned unless specifically requested by the Verifier App.

+
+
+
+

mDoc Response

+

The messages in the mDoc Response MUST be encoded using CBOR and MUST be encrypted with the Session Key obtained after the Device Engagement phase. +The details on the structure of mDoc Response are provided below.

+
+
    +
  • version: (tstr). Version of the data structure.

  • +
  • documents: Returned DocType, and ResponseData.

    +
      +
    • docType: (tstr). The DocType element contains the type of document returned. See Data Model Section.

    • +
    • ResponseData:

      +
        +
      • IssuerSigned: Responded data elements signed by the issuer.

        +
          +
        • nameSpaces: (tstr). See Data Model Section for more details.

          +
            +
          • IssuerSignedItemBytes: #6.24(bstr .cbor).

            +
              +
            • digestID: (uint). Reference value to one of the ValueDigests provided in the Mobile Security Object (issuerAuth).

            • +
            • random: (bstr). Random byte value used as salt for the hash function. This value SHALL be different for each IssuerSignedItem and it SHALL have a minimum length of 16 bytes.

            • +
            • elementIdentifier: (tstr). Identifier of User attribute name contained in the Credential.

            • +
            • elementValue: (any). User attribute value

            • +
            +
          • +
          +
        • +
        +
      • +
      • DeviceSigned: Responded data elements signed by the Wallet Instance.

        +
          +
        • NameSpaces: #6.24(bstr .cbor DeviceNameSpaces). The DeviceNameSpaces structure MAY be an empty structure. DeviceNameSpaces contains the data element identifiers and values. It is returned as part of the corresponding namespace in DeviceNameSpace.

          +
            +
          • DataItemName: (tstr). The identifier of the element.

          • +
          • DataItemValue: (any). The value of the element.

          • +
          +
        • +
        • DeviceAuth: The DeviceAuth structure MUST contain the DeviceSignature elements.

          +
            +
          • DeviceSignature: It MUST contain the device signature for the Wallet Instance authentication.

          • +
          +
        • +
        +
      • +
      +
    • +
    +
  • +
  • status: It contains a status code. For detailed description and action required refer to to Table 8 (ResponseStatus) of the [ISO18013-5]

  • +
+
+
+
+

Session Termination

+

The session MUST be terminated if at least one of the following conditions occur.

+
+
    +
  • After a time-out of no activity of receiving or sending session establishment or session data messages occurs. The time-out for no activity implemented by the Wallet Instance and the Verifier App SHOULD be no less than 300 seconds.

  • +
  • When the Wallet Instance doesn't accept any more requests.

  • +
  • When the Verifier App does not send any further requests.

  • +
+
+

If the Wallet Instance and the Verifier App does not send or receive any further requests, the session termination MUST be initiated as follows.

+
+
    +
  • Send the status code for session termination, or

  • +
  • dispatch the "End" command as outlined in [ISO18013-5#8.3.3.1.1.5].

  • +
+
+

When a session is terminated, the Wallet Instance and the Verifier App MUST perform at least the following actions:

+
+
    +
  • destruction of session keys and related ephemeral key material;

  • +
  • closure of the communication channel used for data retrieval.

  • +
+
+
+
+
+ + +
+
+
+
+ + + + + + +
+
+ + + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/remote-flow.html b/ia-terms-updates/en/remote-flow.html new file mode 100644 index 000000000..aac632064 --- /dev/null +++ b/ia-terms-updates/en/remote-flow.html @@ -0,0 +1,932 @@ + + + + + + + + Remote Flow — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

Remote Flow

+

In this flow the Relying Party MUST provide the URL where the signed presentation Request Object is available for download.

+

Depending on whether the User is using a mobile device or a workstation, the Relying Party MUST support the following remote flows:

+
    +
  • Same Device, the Relying Party MUST provide a HTTP redirect (302) location to the Wallet Instance;

  • +
  • Cross Device, the Relying Party MUST provide a QR Code which the User frames with the Wallet Instance.

  • +
+

Once the Wallet Instance establishes the trust with the Relying Party and evaluates the request, the User gives the consent for the disclosure of the Digital Credentials, in the form of a Verifiable Presentation.

+

A High-Level description of the remote flow, from the User's perspective, is given below:

+
+
    +
  1. the Wallet Instance obtains an URL in the Same Device flow or a QR Code containing the URL in Cross Device flow;

  2. +
  3. the Wallet Instance extracts from the payload the following parameters: client_id, request_uri, state, request_uri_method and client_id_scheme;

  4. +
  5. If the client_id_scheme is provided and set with the value entity_id, the Wallet Instance MUST collect and validate the OpenID Federation Trust Chain related to the Relying Party. If the client_id_scheme is either not provided or is assigned a value different from entity_id, the Wallet Instance MUST establish the trust by utilizing the client_id or an alternative client_id_scheme value. This alternative value MUST enable the Wallet Instance to establish trust with the Relying Party, ensuring compliance with the assurance levels mandated by the trust framework;

  6. +
  7. If request_uri_method is provided and set with the value post, the Wallet Instance SHOULD transmit its metadata to the Relying Party's request_uri endpoint using the HTTP POST method and obtain the signed Request Object. If request_uri_method is set with the value get or not present, the Wallet Instance MUST fetch the signed Request Object using an HTTP request with method GET to the endpoint provided in the request_uri parameter;

  8. +
  9. the Wallet Instance verifies the signature of the signed Request Object, using the public key obtained with the trust chain, and that its issuer matches the client_id obtained at the step number 2;

  10. +
  11. the Wallet Instance evaluates the requested Digital Credentials and checks the elegibility of the Relying Party in asking these by applying the policies related to that specific Relying Party, obtained with the trust chain;

  12. +
  13. the Wallet Instance asks User disclosure and consent;

  14. +
  15. the Wallet Instance presents the requested information to the Relying Party along with the Wallet Attestation. The Relying Party validates the presented Credentials checking the trust with their Issuers, and validates the Wallet Attestation by also checking that the Wallet Provider is trusted;

  16. +
  17. the Wallet Instance informs the User about the successfull authentication with the Relying Party, the User continues the navigation.

  18. +
+
+

Below a sequence diagram that summarizes the interactions between all the involved parties.

+
+_images/cross_device_auth_seq_diagram.svg +
+

Remote Protocol Flow

+
+
+

The details of each step shown in the previous picture are described in the table below.

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Id

Description

1, 2

The User requests to access to a protected resource of the Relying Party.

3, 4,

The Relying Party provides the Wallet Instance with a URL where the information about the Relying Party are provided, along with the information about where the signed request is available for download.

5, 6, 7, 8, 9

In the Cross Device Flow, the Request URI is presented as a QR Code displayed to the User. The User scans the QR Code using the Wallet Instance, which retrieves a URL with the parameters client_id, request_uri, state, client_id_scheme, and request_uri_method. Conversely, in the Same Device Flow, the Relying Party supplies identical information as in the Cross-Device flow, but directly through a URL.

10,

The Wallet Instance evaluates the trust with the Relying Party.

11, 12

The Wallet Instance checks if the Relying Party has provided the request_uri_method within its signed Request Object. If provided and it is equal to post, the Wallet Instance provides its metadata to the Relying Party. The Relying Party returns a signed Request Object compliant to the Wallet technical capabilities.

13

When the Wallet Instance capabilities discovery is not supported by RP, the Wallet Instance request the signed Request Object using the HTTP method GET.

14

The Wallet Instance obtains the signed Request Object.

15, 16, 17

The Request Object JWS is verified by the Wallet Instance. The Wallet Instance processes the Relying Party metadata and applies the policies related to the Relying Party, attesting whose Digital Credentials and User data the Relying Party is granted to request.

18, 19

The Wallet Instance requests the User's consent for the release of the Credentials. The User authorizes and consents the presentation of the Credentials by selecting/deselecting the personal data to release.

20

The Wallet Instance provides the Authorization Response to the Relying Party using an HTTP request with the method POST (response mode "direct_post.jwt").

21, 22, 23, 24, 25

The Relying Party verifies the Authorization Response, extracts the Wallet Attestation to establish the trust with the Wallet Solution. The Relying Party extracts the Digital Credentials and attests the trust to the Credentials Issuer and the proof of possession of the Wallet Instance about the presented Digital Credentials. Finally, the Relying Party verifies the revocation status of the presented Digital Credentials.

26

The Relying Party provides to the Wallet Instance a redirect URI with a response code to be used by the Wallet Instance to finalize the authentication.

27, 28 and 29

The User is informed by the Wallet Instance that the Autentication succeded, then the protected resource is made available to the User.

+
+

Request URI with HTTP POST

+

The Relying Party SHOULD provide the POST method with its request_uri endpoint +allowing the Wallet Instance to inform the Relying Party about its technical capabilities.

+

This feature can be useful when, for example, the Wallet Instance supports +a restricted set of features, supported algorithms or a specific url for +its authorization_endpoint, and any other information that it deems necessary to +provide to the Relying Party for better interoperability.

+
+

Warning

+

The Wallet Instance, when providing its technical capabilities to the +Relying Party, MUST NOT include any User information or other explicit +information regarding the hardware used or usage preferences of its User.

+
+

If both the Relying Party and the Wallet Instance +support the request_uri_method with HTTP POST, +the Wallet Instance capabilities (metadata) MUST +be provided using an HTTP request to the request_uri endpoint of the Relying Party, +with the method POST and content type set to application/json.

+

A non-normative example of the HTTP request is represented below:

+
POST /request-uri HTTP/1.1
+HOST: relying-party.example.org
+Content-Type: application/json
+
+{
+    "authorization_endpoint": "https://wallet-solution.digital-strategy.europa.eu/authorization",
+    "response_types_supported": [
+      "vp_token"
+    ],
+    "response_modes_supported": [
+      "form_post.jwt"
+    ],
+    "vp_formats_supported": {
+      "vc+sd-jwt": {
+          "sd-jwt_alg_values": [
+              "ES256",
+              "ES384"
+          ]
+      }
+    },
+    "request_object_signing_alg_values_supported": [
+      "ES256"
+    ],
+    "presentation_definition_uri_supported": false
+}
+
+
+

The response of the Relying Party is defined in the section below.

+
+
+

Authorization Request Details

+

The Relying Party MUST create a Request Object in the form of a signed JWT and +MUST provide it to the Wallet Instance through an HTTP URL (request URI). +The HTTP URL points to the web resource where the signed Request Object is +available for download. The URL parameters contained in the Relying Party +response, containing the request URI, are described in the Table below.

+ ++++ + + + + + + + + + + + + + + + + + + + + + + +

Name

Description

client_id

REQUIRED. Unique identifier of the Relying Party.

request_uri

REQUIRED. The HTTPs URL where the Relying Party provides the signed Request Object to the Wallet Instance.

client_id_scheme

OPTIONAL. The scheme used by the Relying Party for the client_id, detailing the format and structure and the trust evaluation method. It SHOULD be set with entity_id.

state

OPTIONAL. A unique identifier for the current transaction generated by the Relying Party. The value SHOULD be opaque to the Wallet Instance.

request_uri_method

OPTIONAL. The HTTP method MUST be set with get or post. The Wallet Instance should use this method to obtain the signed Request Object from the request_uri. If not provided or equal to get, the Wallet Instance SHOULD use the HTTP method get. Otherwise, the Wallet Instance SHOULD provide its metadata within the HTTP POST body encoded in application/json.

+

Below a non-normative example of the response containing the required parameters previously described.

+
https://wallet-solution.digital-strategy.europa.eu/authorization?client_id=...&request_uri=...&client_id_scheme=entity_id&request_uri_method=post
+
+
+

The value corresponding to the request_uri endpoint SHOULD be randomized, according to RFC 9101, The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) Section 5.2.1.

+

In the Same Device Flow the Relying Party uses an HTTP response redirect (with status code set to 302) as represented in the following non-normative example:

+
HTTP/1.1 /authorization Found
+Location: https://wallet-solution.digital-strategy.europa.eu?
+client_id=https%3A%2F%2Frelying-party.example.org%2Fcb
+&request_uri=https%3A%2F%2Frelying-party.example.org%2Frequest_uri
+&client_id_scheme=entity_id
+&request_uri_method=post
+
+
+

In the Cross Device Flow, a QR Code is shown by the Relying Party to the User in order to provide the Authorization Request. The User frames the QR Code using their Wallet Instance.

+

Below is represented a non-normative example of a QR Code issued by the Relying Party.

+
+_images/verifier_qr_code.svg +
+

Below is represented a non-normative example of the QR Code raw payload:

+
https://wallet-solution.digital-strategy.europa.eu/authorization?client_id=https%3A%2F%2Frelying-party.example.org&request_uri=https%3A%2F%2Frelying-party.example.org&client_id_scheme=entity_id&request_uri_method=post
+
+
+
+

Note

+

The error correction level chosen for the QR Code MUST be Q (Quartily - up to 25%), since it offers a good balance between error correction capability and data density/space. This level of quality and error correction allows the QR Code to remain readable even if it is damaged or partially obscured.

+
+
+
+

Cross Device Flow Status Checks and Security

+

When the flow is Cross Device, the user-agent needs to check the session status to the endpoint made available by Relying Party (status endpoint). This check MAY be implemented in the form of JavaScript code, within the page that shows the QRCode, then the user-agent checks the status with a polling strategy in seconds or a push strategy (eg: web socket).

+

Since the QRcode page and the status endpoint are implemented by the Relying Party, it is under the Relying Party responsability the implementation details of this solution, since it is related to the Relying Party's internal API. However, the text below describes an implementation example.

+

The Relying Party binds the request of the user-agent, with a session cookie marked as Secure and HttpOnly, with the issued request. The request url SHOULD include a parameter with a random value. The HTTP response returned by this specialized endpoint MAY contain the HTTP status codes listed below:

+
    +
  • 201 Created. The signed Request Object was issued by the Relying Party that waits to be downloaded by the Wallet Instance at the request_uri endpoint.

  • +
  • 202 Accepted. This response is given when the signed Request Object was obtained by the Wallet Instance.

  • +
  • 200 OK. The Wallet Instance has provided the presentation to the Relying Party's response_uri endpoint and the User authentication is successful. The Relying Party updates the session cookie allowing the user-agent to access to the protected resource. An URL is provided carrying the location where the user-agent is intended to navigate.

  • +
  • 401 Unauthorized. The Wallet Instance or its User have rejected the request, or the request is expired. The QRCode page SHOULD be updated with an error message.

  • +
+

Below a non-normative example of the HTTP Request to this specialized endpoint, where the parameter id contains an opaque and random value:

+
GET /session-state?id=3be39b69-6ac1-41aa-921b-3e6c07ddcb03
+HTTP/1.1
+HOST: relying-party.example.org
+
+
+
+
+

Request Object Details

+

Below a non-normative example of HTTP request made by the Wallet Instance to the Relying Party.

+
GET /request_uri HTTP/1.1
+HOST: relying-party.example.org
+
+
+
+
+

Request URI Response

+

The Relying Party issues the signed Request Object, where a non-normative example in the form of decoded header and payload is shown below:

+
{
+  "alg": "ES256",
+  "typ": "JWT",
+  "kid": "9tjiCaivhWLVUJ3AxwGGz_9",
+  "trust_chain": [
+    "MIICajCCAdOgAwIBAgIC...awz",
+    "MIICajCCAdOgAwIBAgIC...2w3",
+    "MIICajCCAdOgAwIBAgIC...sf2"
+  ]
+}
+.
+{
+  "scope": "PersonIdentificationData WalletAttestation",
+  "client_id_scheme": "entity_id",
+  "client_id": "https://relying-party.example.org",
+  "response_mode": "direct_post.jwt",
+  "response_type": "vp_token",
+  "response_uri": "https://relying-party.example.org/response_uri",
+  "nonce": "2c128e4d-fc91-4cd3-86b8-18bdea0988cb",
+  "state": "3be39b69-6ac1-41aa-921b-3e6c07ddcb03",
+  "iss": "https://relying-party.example.org",
+  "iat": 1672418465,
+  "exp": 1672422065,
+  "request_uri_method": "post"
+}
+
+
+

The JWS header parameters are described below:

+ ++++ + + + + + + + + + + + + + + + + + + + +

Name

Description

alg

Algorithm used to sign the JWT, according to [RFC 7516#section-4.1.1]. It MUST be one of the supported algorithms in Section Cryptographic Algorithms and MUST NOT be set to none or to a symmetric algorithm (MAC) identifier.

typ

Media Type of the JWT, as defined in [RFC 7519].

kid

Key ID of the public key needed to verify the JWS signature, as defined in [RFC 7517]. REQUIRED when trust_chain is used.

trust_chain

Sequence of Entity Statements that composes the Trust Chain related to the Relying Party, as defined in OID-FED Section 3.2.1. Trust Chain Header Parameter.

+

The JWS payload parameters are described herein:

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Name

Description

scope

Aliases for well-defined Presentation Definitions IDs. It is used to identify which required Credentials and User attributes are requested by the Relying Party, according to the Section "Using scope Parameter to Request Verifiable Credential(s)" of [OID4VP].

client_id_scheme

String identifying the scheme of the value in the client_id. It MUST be set to the value entity_id.

client_id

Unique Identifier of the Relying Party.

response_mode

It MUST be set to direct_post.jwt.

response_type

It MUST be set to vp_token.

response_uri

The Response URI to which the Wallet Instance MUST send the Authorization Response using an HTTP request using the method POST.

nonce

Fresh cryptographically random number with sufficient entropy, which length MUST be at least 32 digits.

state

Unique identifier of the Authorization Request.

iss

The entity that has issued the JWT. It will be populated with the Relying Party client id.

iat

Unix Timestamp, representing the time at which the JWT was issued.

exp

Unix Timestamp, representing the expiration time on or after which the JWT MUST NOT be valid anymore.

request_uri_method

String determining the HTTP method to be used with the request_uri endpoint to provide the Wallet Instance metadata to the Relying Party. The value is case-insensitive and can be set to: get or post. The GET method, as defined in [@RFC9101], involves the Wallet Instance sending a GET request to retrieve a Request Object. The POST method involves the Wallet Instance requesting the creation of a new Request Object by sending an HTTP POST request, with its metadata, to the request URI of the Relying Party.

+
+

Warning

+

Using the parameter scope requires that the Relying Party Metadata MUST contain the presentation_definition, where a non-normative example of it is given below:

+
+
{
+    "id": "presentation definitions",
+    "input_descriptors": [
+        {
+			"id": "eu.europa.ec.eudiw.pid.it.1",
+            "name": "Person Identification Data",
+            "purpose": "User authentication",
+			"group": [
+                "group1"
+            ],
+			"format": {
+                "vc+sd-jwt": {
+                    "alg": [
+                        "ES256",
+                        "ES384",
+                        "ES512"
+                    ]
+                }
+            },
+            "constraints": {
+                "limit_disclosure": "preferred",
+                "fields": [
+                    {
+                        "filter": {
+                            "const": "unique_id",
+                            "type": "string"
+                        },
+                        "path": [
+                            "$.credentialSubject.unique_id"
+                        ]
+                    },
+                    {
+                        "filter": {
+                            "const": "given_name",
+                            "type": "string"
+                        },
+                        "path": [
+                            "$.credentialSubject.given_name"
+                        ]
+                    },
+                    {
+                        "filter": {
+                            "const": "family_name",
+                            "type": "string"
+                        },
+                        "path": [
+                            "$.credentialSubject.family_name"
+                        ]
+                    },
+                    {
+                        "filter": {
+                            "const": "bith_date",
+                            "type": "string"
+                        },
+                        "path": [
+                            "$.credentialSubject.bith_date"
+                        ]
+                    },
+                    {
+                        "filter": {
+                            "const": "tax_id_code",
+                            "type": "string"
+                        },
+                        "path": [
+                            "$.credentialSubject.tax_id_code"
+                        ]
+                    }
+                ]
+            }
+        },
+        {
+			"id": "WalletAttestation",
+            "name": "Wallet Attestation",
+            "purpose": "Wallet Authentication",
+			"format": "jwt",
+            "group": [
+                "group2"
+            ],
+            "constraints": {
+                "fields": [
+                    {
+                        "filter": {
+                            "enum": [
+                                "https://issuer.example.org"
+                            ],
+                            "type": "string"
+                        },
+                        "path": [
+                            "$.iss"
+                        ]
+                    },
+                    {
+                        "filter": {
+                            "minimum": 1504700136,
+                            "type": "number"
+                        },
+                        "path": [
+                            "$.exp"
+                        ]
+                    },
+                    {
+                        "filter": {
+                            "minimum": 1504700136,
+                            "type": "number"
+                        },
+                        "path": [
+                            "$.iat"
+                        ]
+                    },
+                    {
+                        "filter": {
+                            "type": "object"
+                        },
+                        "path": [
+                            "$.cnf.jwk"
+                        ]
+                    },
+                    {
+                        "filter": {
+                            "const": "aal",
+                            "type": "string"
+                        },
+                        "path": [
+                            "$.aal"
+                        ]
+                    }
+                ]
+            }
+        }
+    ],
+    "submission_requirements": [
+        {
+			"name": "Sample requirement",
+            "count": 1,
+			"rule": "pick",
+            "from": "group1"
+        }
+    ]
+}
+
+
+
+

Note

+

The following parameters, even if defined in [OID4VP], are not mentioned in the previous non-normative example, since their usage is conditional and may change in future release of this documentation.

+
    +
  • presentation_definition: JSON object according to Presentation Exchange. This parameter MUST not be present when presentation_definition_uri or scope are present.

  • +
  • presentation_definition_uri: Not supported. String containing an HTTPS URL pointing to a resource where a Presentation Definition JSON object can be retrieved. This parameter MUST be present when presentation_definition parameter or a scope value representing a Presentation Definition is not present.

  • +
  • client_metadata: A JSON object containing the Relying Party metadata values. The client_metadata parameter MUST NOT be present when client_id_scheme is entity_id. Since the client_metadata is taken from trust_chain, this parameter is intended to not be used.

  • +
  • client_metadata_uri: string containing an HTTPS URL pointing to a resource where a JSON object with the Relying Party metadata can be retrieved. The client_metadata_uri parameter MUST NOT be present when client_id_scheme is entity_id. Since the client_metadata is taken from trust_chain, this parameter is intended to not be used.

  • +
+
+
+

Request URI Endpoint Errors

+

When the Relying Party encounters errors while issuing the Request Object from the request_uri endpoint, the following error responses are applicable:

+
    +
  • invalid_request: The request_uri URL is missing in some part within its webpath or urlparams, therefore it does not point to a valid Request Object and then it cannot be retrieved. This error is returned when the Request Object is not well referenced in the request_uri.

  • +
  • server_error: The server encountered an unexpected condition that prevented it from fulfilling the request. This error is returned when the Relying Party's server is unable to process the Request Object due to a server-side issue, such as a malfunction or maintenance. The Wallet Instance should advise the User to try again later.

  • +
+

The following is an example of an error response from request_uri endpoint:

+
HTTP/1.1 400 Bad Request
+Content-Type: application/json
+
+{
+ "error": "invalid_request",
+ "error_description": "The request_uri is malformed or does not point to a valid Request Object."
+}
+
+
+

Another example:

+
HTTP/1.1 500 Internal Server Error
+Content-Type: application/json
+
+{
+ "error": "server_error",
+ "error_description": "The request_uri cannot be retrieved due to an internal server error."
+}
+
+
+

There are cases where the Wallet Instance cannot validate the Request Object or the Request Object results invalid. This error occurs if the Request Object is successfully fetched from the request_uri but fails validation checks by the Wallet Instance. This could be due to incorrect signatures, malformed claims, or other validation failures, such as the revocation of its issuer (Relying Party).

+

Upon receiving an error response, the Wallet Instance SHOULD inform the User of the error condition in an appropriate manner. Additionally, the Wallet Instance SHOULD log the error and MAY attempt to recover from certain errors if feasible. For example, if the error is server_error, the Wallet Instance MAY prompt the User to re-enter or scan a new QR code, if applicable.

+

It is crucial for Wallet Instances to implement robust error handling to maintain a secure and user-friendly experience. Adhering to the specified error responses ensures interoperability and helps in diagnosing issues during the interaction with the Relying Party's endpoints.

+
+

Warning

+

The current OpenID4VP specification outlines various error responses that a Wallet Instance may return to the Relying Party (Verifier) in case of faulty requests (OpenID4VP, Section 6.4. Error Response). For privacy enhancement, Wallet Instances SHOULD NOT notify the Relying Party of faulty requests in certain scenarios. This is to prevent any potential misuse of error responses that could lead to gather informations that could be exploited.

+
+
+
+
+

Authorization Response Details

+

After getting the User authorization and consent for the presentation of the Credentials, the Wallet Instance sends the Authorization Response to the Relying Party response_uri endpoint, the content SHOULD be encrypted according OpenID4VP Section 6.3, using the Relying Party public key.

+
+

Note

+

Why the response is encrypted?

+

The response sent from the Wallet Instance to the Relying Party is encrypted to prevent a malicious agent from gaining access to the plaintext information transmitted within the Relying Party's network. This is only possible if the network environment of the Relying Party employs TLS termination. Such technique employs a termination proxy that acts as an intermediary between the client and the webserver and handles all TLS-related operations. In this manner, the proxy deciphers the transmission's content and either forwards it in plaintext or by negotiates an internal TLS session with the actual webserver's intended target. In the first scenario, any malicious actor within the network segment could intercept the transmitted data and obtain sensitive information, such as an unencrypted response, by sniffing the transmitted data.

+
+

Below a non-normative example of the request:

+
POST /response_uri HTTP/1.1
+HOST: relying-party.example.org
+Content-Type: application/x-www-form-urlencoded
+
+response=eyJhbGciOiJFUzI1NiIs...9t2LQ
+
+
+

Below is a non-normative example of the decrypted payload of the JWT contained in the response, before base64url encoding:

+
{
+  "state": "3be39b69-6ac1-41aa-921b-3e6c07ddcb03",
+  "vp_token": [
+      "eyJhbGciOiJFUzI1NiIs...PT0iXX0",
+      $WalletAttestation-JWT
+  ],
+  "presentation_submission": {
+      "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
+      "id": "04a98be3-7fb0-4cf5-af9a-31579c8b0e7d",
+      "descriptor_map": [
+          {
+              "id": "PersonIdentificationData",
+              "path": "$.vp_token[0]",
+              "format": "vc+sd-jwt"
+          },
+          {
+              "id": "WalletAttestation",
+              "path": "$.vp_token[1]",
+              "format": "jwt"
+          }
+      ]
+  }
+}
+
+
+

Where the following parameters are used:

+ ++++ + + + + + + + + + + + + + + + + +

Name

Description

vp_token

JSON Array containing the Verifiable Presentation(s). There MUST be at least two signed presentations in this Array:

+
    +
  • The requested Digital Credential (one or more, in format of SD-JWT VC or MDOC CBOR)

  • +
  • The Wallet Attestation

  • +
+

presentation_submission

JSON Object containing the mappings between the requested Verifiable Credentials and where to find them within the returned Verifiable Presentation Token, according to the Presentation Exchange.

state

Unique identifier provided by the Relying Party within the Authorization Request.

+

The items contained in the vp_token array are Verifiable Presentations of Credentials. +Both SD-JWT and mdoc CBOR provide indications for the presentation, according to their specifications.

+
+
+

SD-JWT Presentation

+

SD-JWT defines how an Holder can present a Credential to a Verifier proving the legitimate possession +of the Credential. For doing this the Holder MUST include the KB-JWT in the SD-JWT, +by appending the KB-JWT at the end of the of the SD-JWT, as represented in the example below:

+
<Issuer-Signed-JWT>~<Disclosure 1>~<Disclosure 2>~...~<Disclosure N>~<KB-JWT>
+
+
+

To validate the signature on the Key Binding JWT, the Verifier MUST use the key material included in the Issuer-Signed-JWT. +The Key Binding JWT MUST specify which key material the Verifier needs to use to validate the Key Binding JWT signature, +using JOSE header parameter kid.

+

When an SD-JWT is presented, its KB-JWT MUST contain the following parameters in the JWS header:

+ ++++ + + + + + + + + + + + + + + + + +

Claim

Description

typ

REQUIRED. MUST be kb+jwt, which explicitly types the Key Binding JWT as recommended in Section 3.11 of [RFC8725].

alg

REQUIRED. Signature Algorithm using one of the specified in the section Cryptographic Algorithms.

kid

REQUIRED. Unique identifier of the public key to be used to verify the signature.

+

When an SD-JWT is presented, its KB-JWT MUST contain the following parameters in the JWS payload:

+ ++++ + + + + + + + + + + + + + + + + + + + +

Claim

Description

iat

REQUIRED. The value of this claim MUST be the time at which the Key Binding JWT was issued, using the syntax defined in [RFC7519].

aud

REQUIRED. The intended receiver of the Key Binding JWT. The value of this parameter MUST match the Relying Party unique entity identifier.

nonce

REQUIRED. Ensures the freshness of the signature. The value type of this claim MUST be a string. The value MUST match with the one provided in the request object.

sd_hash

REQUIRED. The base64url-encoded hash digest over the Issuer-signed JWT and the selected disclosures.

+
+
+

MDOC-CBOR Presentation

+

TBD.

+
+

Authorization Response Errors

+

When the Wallet sends a response using direct_post.jwt to the Relying Party, several errors may occur, including:

+
+
    +
  • Invalid Credential: This error occurs when one or more Credentials or VPs, included in the vp_token, fail validation because they are malformed. The correct HTTP status code for this error is 400 (Bad Request). The error should be set to invalid_request, and the error_description SHOULD identify the malformed Credentials.

  • +
  • Issuer Credential Trust Failure: This error arises when the Relying Party cannot establish trust with the issuer of a presented Credential, included in the vp_token. The appropriate HTTP status code for this error is 403 (Forbidden). The error should be labeled as invalid_request, and the error_description SHOULD specify the issuer for which trust could not be established.

  • +
  • Invalid Nonce: This error happens when the nonce provided in the request is incorrect. The HTTP status code for this error should be 403 (Forbidden). The error SHOULD be labeled as invalid_request, with an error_description indicating that the nonce is incorrect.

  • +
  • Invalid Wallet Attestation: This error occours when it's not possible to establish trust with the Wallet Attestation's issuer (Wallet Provider), or if the Wallet Attestation is invalid or does not meet the Relying Party's minimum security criteria. The correct HTTP status code for this error is 403 (Forbidden). The error SHOULD be marked as invalid_request, and the error_description should clarify that the issue stems from the Wallet Attestation's failure to establish trust with its issuer or its non-compliance with required security standards.

  • +
  • Invalid Presentation Submission: This error occurs when the presentation submission is not valid. The appropriate HTTP status code for this error is 400 Bad Request. The error should be labeled as invalid_request, and the error_description should specify the invalid aspects of the presentation submission.

  • +
+

To enhance clarity and ensure proper error handling, it's crucial to provide detailed error responses. Below are two examples of HTTP responses using application/json that include both the error and error_description members:

+
+
HTTP/1.1 403 Forbidden
+Content-Type: application/json
+
+{
+  "error": "invalid_request",
+  "error_description": "Trust cannot be established with the issuer: https://issuer.example.com"
+}
+
+
+
HTTP/1.1 400 Bad Request
+Content-Type: application/json
+
+{
+  "error": "invalid_request",
+  "error_description": "The following Credentials/VP are malformed: [CredentialX, vp_token[2]]"
+}
+
+
+
+
+
+

Redirect URI

+

When the Relying Party provides the redirect URI, the Wallet Instance MUST send the user-agent to this redirect URI. The redirect URI allows the Relying Party to continue the interaction with the End-User on the device where the Wallet Instance resides after the Wallet Instance has sent the Authorization Response to the response URI.

+

The Relying Party MUST include a response code within the redirect URI. The response code is a fresh, cryptographically random number used to ensure only the receiver of the redirect can fetch and process the Authorization Response. The number could be added as a path component, as a parameter or as a fragment to the URL. It is RECOMMENDED to use a cryptographic random value of 128 bits or more at the time of the writing of this specification.

+

The following is a non-normative example of the response from the Relying Party to the Wallet Instance upon receiving the Authorization Response at the Response Endpoint.

+
HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "redirect_uri": "https://relying-party.example.org/cb?response_code=091535f699ea575c7937fa5f0f454aee"
+}
+
+
+

The redirect_uri value MUST be used with an HTTP method GET by either the Wallet Instance or the user-agent to redirect the User to the Relying Party in order to complete the process. The value can be added as a path component, as a fragment or as a parameter to the URL according to Section 6.2 of OpenID4VP. The specific entity that performs this action depends on whether the flow is Same device or Cross device.

+
+
+

Redirect URI Errors

+

When the Wallet Instance sends the user-agent to the Redirect URI provided by the Relying Party, several errors may occur that prevent the successful completion of the process. These errors are critical as they directly impact the User experience by hindering the seamless flow of information between the Wallet Instance and the Relying Party. Below are potential errors related to the Redirect URI and their implications:

+
    +
  • Mismatched Redirect URI: This error occurs when the Redirect URI provided by the Relying Party does not match any of the URIs linked with the User session. This mismatch can lead to a HTTP status error code set to 403 (Forbidden), indicating that the request cannot be processed due session/URI mismatch.

  • +
  • Redirect URI Security Issues: If the Relying Party incurs in security issues when evaluating the User session with the provided URI, the Relying Party MUST raise an error. In such cases, an HTTP status code set to 403 (Forbidden) MUST be returned, indicating that the request is valid but the server is refusing action due to security precautions.

  • +
+

Handling these errors requires clear communication to the User within the returned navigation web page. It is crucial for the Relying Party to implement robust error handling and validation mechanisms for Redirect URIs to ensure a secure implementation.

+
+
+ + +
+
+
+
+ + + + + + +
+
+
+
+
+ +
+ +
+ +
+
+
+ + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/revocation-lists.html b/ia-terms-updates/en/revocation-lists.html new file mode 100644 index 000000000..061851b21 --- /dev/null +++ b/ia-terms-updates/en/revocation-lists.html @@ -0,0 +1,1048 @@ + + + + + + + + Credential Lifecycle — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

Credential Lifecycle

+

The value of a Digital Credential is conditional on its validity. A Credential that has been revoked, due to legal requirements, inaccuracy or compromise, is valueless and potentially harmful. +For these reasons a robust mechanism for managing the life-cycle and the revocation of a Digital Credential is required.

+

This section outlines the key technical requirements and processes related to the revocation of Digital Credentials. +Furthermore, it provides the technical details that the Verifiers MUST implement to verify, in a secure and reliable manner, the validity of a Digital Credential during the presentation phase.

+

The verification of the validity of a Digital Credential is based on the OAUTH-STATUS-ASSERTION.

+

A Status Assertion is a signed document serving as proof of a Digital Credential's current validity status. The Credential Issuer provides these assertions to Holders who can present them to Verifiers together with the corresponding Digital Credentials.

+

The Status Assertions have the following features:

+
    +
  • automated issuance, as the User authentication is not required for the provisioning of the Status Assertion;

  • +
  • verification of the Digital Credential validity status in both online and offline scenarios;

  • +
  • privacy-preserving, according to the following evidences:

    +
      +
    1. the Verifier can check the validity of the Credential during the presentation phase. It is not able to check the validity of a given Digital Credential related to the User over time and out of the scope of the User authentication;

    2. +
    3. the Credential Issuers is not able to know to which Verifier the Digital Credential or the Status Assertion will be presented;

    4. +
    5. it doesn't reveal any information about the Users or the content of their Digital Credentials.

    6. +
    +
  • +
+
+

Operational Requirements

+
    +
  • Internet Connection for Status Assertions: Status Assertions can be obtained only when the Wallet Instance is connected to the internet and actively operated by the User.

  • +
  • Role of a Credential Issuer: A Credential Issuer is responsible for creating and issuing Credentials, as well as managing their lifecycle and validity status.

  • +
  • Involvement of Authentic Sources: When one or more Authentic Sources are involved in the issuance of a Digital Credential, the information exchanged between the Authentic Source and the Credential Issuer is crucial for the Digital Credential's issuance. Furthermore, in cases where the Authentic Source initiates a revocation or data changes, revoking the Digital Credential becomes necessary.

  • +
+
+
+

Functional Requirements

+

In addition to the requirements in Section 5 of OAUTH-STATUS-ASSERTION, The Status Assertion:

+
    +
  • MUST have a validity period not greater than 24 hours;

  • +
  • MUST NOT reveal any information about the Relying Party, the User's device or the User's data contained in the Digital Credential the assertion is related to;

  • +
  • MUST be non-repudiable even beyond its expiration time and even in the case of cryptographic keys rotation.

  • +
+

The Credential Issuer MUST:

+
    +
  • ensure that the data contained in a Digital Credential is kept up to date, including the status of validity of the data from the Authentic Source;

  • +
  • revoke a Digital Credential when the following circumstances occur:

    +
      +
    • the Digital Credential requires to be updated, whenever one or more attributes are changed; in this case the User will request a new issuance for that Digital Credential;

    • +
    • the Holder needs to address the loss or compromise of cryptographic key material associated with the issued Digital Credential. In such case, the End-User should request the revocation of the Digital Credential through a service provided by the Credential Issuer and using an authentication method that offers the same Level of Assurance obtained during the Credential Issuance;

    • +
    • the User deletes the Digital Credential from the Wallet Instance. The Wallet Instance therefore should request the revocation of such Digital Credential to the Credential Issuer;

    • +
    +
  • +
  • provide a web service for allowing a Wallet Instance, with a proof of possession of a specific Digital Credential, to

    +
      +
    • request a revocation of that Digital Credential;

    • +
    • obtain a related Status Assertion;

    • +
    +
  • +
  • provide out-of-band mechanisms through which the User can request the revocation of their Digital Credentials, using a robust procedure for identity proofing and User authentication, in particular when the User is unable to use the personal Wallet Instance.

  • +
+

The Wallet Instance MUST:

+
    +
  • check periodically the validity status of the Digital Credential that is stored in it, requesting a Status Assertion for each Digital Credential;

  • +
  • be able to present a Status Assertion if required by a Verifier, along with the corresponding Digital Credential;

  • +
  • request a revocation of a Digital Credential when the Users delete it from the storage.

  • +
+

The Authentic Sources MUST:

+
    +
  • provide web services for the providing of updated User data and the validity status;

  • +
  • store in local databases only the minimum information required to provide the Credential Issuer with the User data or a change in the validity status.

  • +
+
+
+

Revocation Use Cases

+

The revocation of a Digital Credential MAY be triggered by:

+
    +
  • Users using their personal Wallet Instance or by some out-of-band touchpoints.

  • +
  • Revocation of the Wallet Instance.

  • +
  • Authentic Sources (e.g., for attribute updates) following administrative purposes.

  • +
  • Law-Enforcing Bodies for the fulfillment of their functions and any other judicial reasons (e.g., Police).

  • +
+

Credential Revocation Flows can start under different scenarios, such as:

+
+
    +
  • The User reports the loss or theft of their own physical document to the Law-Enforcement Authorities: this implies that the Credentials, if any, shall be revoked.

  • +
  • The User notifies an Authentic Source that one or more attributes are changed (e.g. the current resident address): in this case the Credentials MUST be revoked, as they are no longer valid due to the change in attributes.

  • +
  • Users who lose access to their Wallet Instance (e.g., due to theft or loss of the device) can request the Credential Issuer to revoke their Credentials or ask the Wallet Provider to revoke the Wallet Instance. If the Wallet Provider is authorized by the User and is aware of the types of Credentials and their issuers stored in the Wallet, it can then initiate the revocation of all Digital Credentials contained within the Wallet Instance on behalf of the User.

  • +
  • The Law-Enforcing Authorities, for the fulfillment of their functions and any other judicial reasons, may request the Authentic Source to revoke entitlements, licenses, certificates, identification documents, etc., which in turn leads to the revocation of any linked Credentials.

  • +
  • The Authentic Sources that for any update of one or more User attributes, SHOULD inform the Credential Issuer that has previously requested those data for the issuance of a Credential about that User.

  • +
  • The Credential Issuers, for technical security reasons (e.g. in the case of compromised cryptographic keys), SHOULD decide to revoke the Credentials.

  • +
+
+

The revocation scenarios involve two main flows:

+
+
    +
  • The Revocation flows: these flows describe how an Entity requests for a Digital Credential revocation.

  • +
  • The Status Assertion flows: these flows define the technical protocols for requesting and obtaining a Status Assertion and how the Wallet Instance SHOULD provide it to a Verifier as a proof of validity of a corresponding Digital Credential.

  • +
+
+
+
+

Revocation Flows

+

Depending on the different scenarios that may involve the revocation of a Digital Credential, different processes and technical flows may be implemented, according to national laws or Regulations of specific domains. +The subsequent sections define the protocol interface between the Wallet Instances and the Credential Issuers during the revocation request. The communication between the Credential Issuers and other Entities is out-of-scope of this technical implementation profile.

+
+

Revocation Request by Wallet Instance

+

A Wallet Instance MUST request the revocation of a Digital Credential as defined below.

+
+_images/Low-Level-Flow-Revocation.svg +
+

Fig. 7 Wallet Instance Initiated Revocation Flow

+
+
+

Step 1 (Credential Revocation Request): The Wallet Instance initiates the process by creating a Credential Revocation Request. This request MUST be sent to the Credential Issuer who has previously issued that Credential. The Credential Revocation Request MUST contain a JSON object with the member revocation_requests.

+

The revocation_requests MUST be set with an array of strings, where each string within the array represents a Credential Revocation Request object, enabling the Wallet Instance to request multiple Credential Revocation Requests to a single Credential Issuer.

+

The request MUST be signed with the private key related to the public key contained within the Credential (such as the Credential Issuer Signed JWT in the case of SD-JWT, or the MSO in the case of Mdoc CBOR). Then, the Wallet Instance sends the request to the Credential Issuer as in the following non-normative example representing a Revocation Assertion Request array.

+
POST /revoke HTTP/1.1
+Host: pid-provider.example.org
+Content-Type: application/json
+
+revocation_requests : ["${base64url(json({typ: (some pop for revocation-assertion)+jwt, ...}))}.payload.signature", ... ]
+
+
+

Below, is given a non-normative example of a single Revocation Assertion Request object with decoded JWT headers and payload and without signature for better readability:

+
{
+  "alg": "ES256",
+  "typ": "credential-revocation-request+jwt",
+  "kid": $CREDENTIAL-CNF-JWKID
+}
+.
+{
+  "iss": "0b434530-e151-4c40-98b7-74c75a5ef760",
+  "aud": "https://pid-provider.example.org",
+  "iat": 1698744039,
+  "exp": 1698744139,
+  "jti": "6f204f7e-e453-4dfd-814e-9d155319408c",
+  "credential_hash": $Issuer-Signed-JWT-Hash,
+  "credential_hash_alg": "sha-256"
+}
+
+
+

Step 2 (PoP verification): The Credential Issuer verifies the proof of possession of the Credential requested to be revoked, using the the confirmation method that was attested in the Credential. If the verification is successful the revocation request is allowed.

+

Step 3 (Credential Revocation): The Credential Issuer revokes the Credential provided in the Revocation Request object. After the revocation, the Credential Issuer MAY also send a notification to the User (e.g. using a User's email address, telephone number, or any other verified and secure communication channel), with all needed information related to the Credential revocation status update. This communication is out of scope of the current technical implementation profile.

+

Step 4 (Credential Revocation Response): The Credential Issuer sends a response back to the Wallet Instance with the result of the revocation request.

+
.. code-block:: http
+            HTTP/1.1 200 Ok
+            Content-Type: application/json
+
+            {
+                    "revocation_assertion_responses": ["${base64url(json({typ: revocation_assertion+jwt, ...}))}.payload.signature", ... ]
+            }
+
+
+
+

Credential Revocation HTTP Request

+

The requests to the Credential Issuer Revocation endpoint MUST be HTTP with method POST, using the mandatory parameters listed below within the HTTP request message body. These MUST be encoded in application/json format.

+ +++++ + + + + + + + + + + + + +

Claim

Description

Reference

revocation_requests

It MUST be an array of strings, where each represents a Revocation Assertion Request object. Each element MUST contain a signed JWT as a cryptographic proof of possession to which the Digital Credential to be revoked shall be bound. See Section Credential Proof of Possession for more details.

OAUTH-STATUS-ASSERTION .

+

The Revocation Endpoint MUST be provided by the Credential Issuer within its Metadata.

+
+
+

Credential Revocation HTTP Response

+

In case of succesfully Revocation Request validation, the Credential Issuer MUST return an HTTP response with the status code set to 200. If the Credential Issuer is able to provide a valid Status Assertion for a requested Credential, the response MUST contains a revocation Assertion object within a JSON Array. Otherwise, a Revocation Assertion Errors related to that Credential MUST be included in the Response JSON Array as an entry.

+

If the Revocation Request fails (e.g. invalid request, server unavailability, etc.), an HTTP Error Status Code MUST be provided within the Revocation Response.

+

In the following table are listed HTTP Status Codes that MUST be supported:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

Body

Description

200 Created

Revocation Assertion Response

The Revocation Assertion Response has been successfully created.

400 Bad Request

Error code and description

The Credential Issuer cannot fulfill the request because of invalid parameters.

500 Internal Server Error

The Credential Issuer encountered an internal problem. (RFC 6749#section-5.2).

503 Service Unavailable

The Credential Issuer is temporary unavailable. (RFC 6749#section-5.2).

+

The response MUST:

+
    +
  • include a JSON object with a member named revocation_assertion_responses;

  • +
  • be encoded in application/json format.

  • +
+

The revocation_assertion_responses object MUST contain the following mandatory claims.

+ +++++ + + + + + + + + + + + + +

Claim

Description

Reference

revocation_assertion_responses

the Revocation Assertions and or the Revocation Assertion Errors related to the request made by the Wallet Instance.

OAUTH-STATUS-ASSERTION.

+

The Revocation Assertion object MUST contain the parameter credential_status_validity with the value set to false. +Below a non-normative example of a Revocation Assertion object in JWT format, with the headers and payload represented in JSON and without applying the signature.

+
 {
+   "alg": "ES256",
+   "typ": "revocation-assertion+jwt",
+   "kid": "Issuer-JWK-KID"
+ }
+.
+ {
+   "iss": "https://issuer.example.org",
+   "jti": "6f204f7e-e453-4dfd-814e-9d155319408c"
+   "credential_hash": $CREDENTIAL-HASH,
+   "credential_hash_alg": "sha-256",
+   "credential_status_validity": false,
+   "cnf": {
+     "jwk": {
+       "kty": "EC",
+       "crv": "P-256",
+       "x": "_2ySUmWFjwmraNlo15r6dIBXerVdy_NpJuwAKJMFdoc",
+       "y": "MV3C88MhhEMba6oyMBWuGeB3dKHP4YADJmGyJwwILsk"
+     }
+   }
+ }
+
+
+

The Revocation Assertion Error object MUST contain the following parameters:

+
+
    +
  • error. The error code, as registerd in the table below;

  • +
  • error_description. Text in human-readable form providing further details to clarify the nature of the error encountered.

  • +
+
+

Errors are meant to provide additional information about the failure so that the User can be informed and take the appropriate action. +The error parameter for the Revocation Assertion Error object MUST be set with one of the values defined in the table below, in addition to the values specified in RFC 6749#section-5.2:

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Error Code

Description

invalid_request

The request is not valid due to the lack or incorrectness of one or more parameters. (RFC 6749#section-5.2).

credential_already_revoked

The Digital Credential is already revoked.

credential_updated

One or more information contained in the Digital Credential are changed. The error_description field SHOULD contain a human-readable text describing the general parameters updated without specifying each one.

credential_invalid

The Digital Credential is invalid. The error_description field SHOULD contain the reason of invalidation.

invalid_request_signature

The Revocation Assertion Request signature validation has failed. This error type is used when the proof of possession of the Digital Credential is found not valid within the Revocation Assertion Request.

credential_not_found

The credential_hash value provided in the Revocation Assertion Request doesn't match with any active Digital Credential.

unsupported_hash_alg

The hash algorithm set in credential_hash_alg is not supported.

+

Below a non-normative example of a Revocation Assertion Error object in JWT format, with the headers and payload represented in JSON and without applying the signature.

+
{
+  "alg": "ES256",
+  "typ": "revocation-assertion-error+jwt",
+  "kid": "Issuer-JWK-KID"
+}
+.
+{
+  "iss": "https://issuer.example.org",
+  "jti": "6f204f7e-e453-4dfd-814e-9d155319408c"
+  "credential_hash": $CREDENTIAL-HASH,
+  "credential_hash_alg": "sha-256",
+  "error": "unsupported_hash_alg",
+  "error_description": "The hash algorithm is not supported"
+}
+
+
+
+
+
+
+

Status Assertion Flows

+

The Status Assertion process is divided into the following phases:

+
+
    +
  1. The Status Assertion Request by a Wallet Instance: it involves the Wallet Instance and the Credential Issuer.

  2. +
  3. The Status Assertion Presentation to a Verifier: it involves the Wallet Instance and the Verifier.

  4. +
+
+
+_images/High-Level-Flow-Status-Attestation.svg +
+

Fig. 8 High-Level Status Assertion Flows

+
+
+
+

Status Assertion Request by Wallet Instance

+

The presentation of a Credential to a Verifier may occur long after it has been issued by the Credential Issuer. During this time interval, the Credential can be invalidated for any reason and therefore the Verifier also needs to verify its revocation or suspension status. To address this scenario, the Credential Issuer provides the Wallet Instance with a Status Assertion. This Assertion is bound to a Credential so that the Wallet Instance can present it to a Verifier, along with the Credential itself, as proof of non-revocation status of the Credential.

+

The following diagram shows how the Wallet Instance requests a Status Assertion to the Credential Issuer.

+
+_images/Low-Level-Flow-Revocation-Attestation.svg +
+

Fig. 9 Status Assertion Request Flow

+
+
+

Step 1 (Status Assertion Request): The Wallet Instance sends the Status Assertion Request to the Credential Issuer, where:

+
    +
  • The request MUST contain the base64url encoded hash value of the Digital Credential, for which the Status Assertion is requested, and enveloped in a signed Status Assertion Request object.

  • +
  • The Status Assertion Request object MUST be signed with the private key corresponding to the confirmation claim assigned by the Issuer and contained within the Digital Credential.

  • +
+

Below a non-normative example representing a Status Assertion Request array with a single Status Assertion Request object in JWT format.

+
POST /status HTTP/1.1
+Host: issuer.example.org
+Content-Type: application/json
+
+    {
+            "status_assertion_requests" : ["${base64url(json({typ: (some pop for status-assertion)+jwt, ...}))}.payload.signature", ... ]
+    }
+
+
+

The Status Assertion HTTP request can be sent to a single Credential Issuer regarding multiple Digital Credentials, and MUST contain a JSON object with the member status_assertion_requests. +The status_assertion_requests MUST be set with an array of strings, where each string within the array represents a Digital Credential Status Assertion Request object.

+

A non-normative example of Credential Proof of Possession is provided in the previous section.

+

Step 2 (PoP verification): The Credential Issuer that receives the Status Assertion Request object MUST validate that the Wallet Instance making the request is authorized to request Status Assertions. Therefore the following requirements MUST be satisfied:

+
    +
  • The Credential Issuer MUST verify the compliance of all elements in the status_assertion_requests object using the confirmation method contained within the Digital Credential where the Status Assertion Request object is referred to;

  • +
  • The Credential Issuer MUST verify that it is the legitimate Issuer of the Digital Credential to which each Status Assertion Request object refers.

  • +
+

Step 3 (Check for validity): The Credential Issuer checks that the User's attributes are not updated by the Authentic Source or that the latter has not revoked them. The technical mechanisms for obtaining this information are out-of-scope of this technical implementation profile.

+

Step 4 (Status Assertion Creation): The Credential Issuer creates the corresponding Status Assertion. When a Status Assertion is requested to a Credential Issuer, the Credential Issuer checks the status of the Digital Credential and creates a Status Assertion bound to it. If the Digital Credential is valid, the Credential Issuer creates a new Status Assertion, which a non-normative example is given below where the format is JWT.

+
{
+"alg": "ES256",
+"typ": "status-assertion+jwt",
+"kid": $ISSUER-JWKID
+    }
+    .
+    {
+            "iss": "https://issuer.example.org",
+            "iat": 1504699136,
+            "exp": 1504785536,
+            "credential_hash": $CREDENTIAL-HASH,
+            "credential_hash_alg": "sha-256",
+            "credential_status_validity": true,
+            "cnf": {
+                    "jwk": {...}
+            }
+    }
+
+
+

Step 4 (Status Assertion Response): The response MUST include a JSON object with a member named status_assertion_responses, which contains the Status Assertions and or the Status Assertion Errors related to the request made by the Wallet Instance, as in the following non-normative example.

+
HTTP/1.1 200 Created
+    Content-Type: application/json
+
+    {
+            "status_assertion_responses": ["${base64url(json({typ: status-assertion+jwt, ...}))}.payload.signature", ... ]
+    }
+
+
+

The member status_assertion_responses MUST be an array of strings, where each of them represent a Status Assertion Response object as defined in OAUTH-STATUS-ASSERTION.

+
+

Status Assertion HTTP Request

+

The requests to the Credential status endpoint of the Credential Issuers MUST be HTTP with method POST, using the same mandatory parameters as in the Table of Credential Request parameters. These MUST be encoded in application/json format.

+ +++++ + + + + + + + + + + + + +

Claim

Description

Reference

status_assertion_requests

It MUST be an array of strings, where each of them represent a Status Assertion Request object. Each element MUST contain a signed JWT as a cryptographic proof of possession of the Digital Credential. See Section Credential Proof of Possession for more details.

OAUTH-STATUS-ASSERTION .

+

The typ value in the credential_pop JWT MUST be set to status-assertion+jwt

+

The Credential status endpoint MUST be provided by the Credential Issuers within their Metadata. The Credential Issuers MUST include in the issued Digital Credentials the object status_assertion_requests with the JSON member status_assertion set to a JSON Object containing the credential_hash_alg claim. It MUST contain the algorithm used for hashing the Digital Credential. Among the hash algorithms, the value sha-256 is RECOMMENDED .

+
+
+

Status Assertion HTTP Response

+

In case of succesfully Status Assertion Request validation, the Credential Issuer MUST return an HTTP response with the status code set to 200. If the Credential Issuer is able to provide a valid Status Assertion for a requested Credential, the response MUST contains a Status Assertion object within a JSON Array. Otherwise, a Status Assertion Errors related to that Credential MUST be included in the Response JSON Array as an entry.

+

If the Status Request fails (e.g. invalid request, server unavailability, etc.), an HTTP Error Status Code MUST be provided within the Status Assertion Response.

+

In the following table are listed HTTP Status Codes that MUST be supported:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

Body

Description

200 Created

Status Assertion Response

The Status Assertion Response has been successfully created and it has been returned.

400 Bad Request

Error code and description

The Credential Issuer cannot fulfill the request because of invalid parameters.

500 Internal Server Error

The Credential Issuer encountered an internal problem. (RFC 6749#section-5.2).

503 Service Unavailable

The Credential Issuer is temporary unavailable. (RFC 6749#section-5.2).

+

The response MUST:

+
    +
  • include a JSON object with a member named status_assertion_responses;

  • +
  • be encoded in application/json format.

  • +
+

The status_assertion_responses object MUST contain the following mandatory claims.

+ +++++ + + + + + + + + + + + + +

Claim

Description

Reference

status_assertion_responses

the Status Assertions and or the Status Assertion Errors related to the request made by the Wallet Instance.

OAUTH-STATUS-ASSERTION.

+

The Status Assertion Error object MUST contain the following parameters:

+
+
    +
  • error. The error code, as registerd in the table below;

  • +
  • error_description. Text in human-readable form providing further details to clarify the nature of the error encountered.

  • +
+
+

Errors are meant to provide additional information about the failure so that the User can be informed and take the appropriate action. +The error parameter for the Status Assertion Error object MUST be set with one of the values defined in the table below, in addition to the values specified in RFC 6749#section-5.2:

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Error Code

Description

invalid_request

The request is not valid due to the lack or incorrectness of one or more parameters. (RFC 6749#section-5.2).

credential_revoked

The Digital Credential is revoked. The reason of revocation MUST be provided in the error_description field.

credential_updated

One or more information contained in the Digital Credential are changed. The error_description field SHOULD contain a human-readable text describing the general parameters updated without specifying each one.

credential_invalid

The Digital Credential is invalid. The error_description field SHOULD contain the reason of invalidation.

invalid_request_signature

The Status Assertion Request signature validation has failed. This error type is used when the proof of possession of the Digital Credential is found not valid within the Status Assertion Request.

credential_not_found

The credential_hash value provided in the Status Assertion Request doesn't match with any active Digital Credential.

unsupported_hash_alg

The hash algorithm set in credential_hash_alg is not supported.

+

Below a non-normative example of a Status Assertion Error object in JWT format, with the headers and payload represented in JSON and without applying the signature.

+
{
+  "alg": "ES256",
+  "typ": "status-assertion-error+jwt",
+  "kid": "Issuer-JWK-KID"
+}
+      .
+{
+  "iss": "https://issuer.example.org",
+  "jti": "6f204f7e-e453-4dfd-814e-9d155319408c"
+  "credential_hash": $CREDENTIAL-HASH,
+  "credential_hash_alg": "sha-256",
+  "error": "credential_revoked",
+  "error_description": "Credential is revoked."
+}
+
+
+
+
+
+

Status Assertion Presentation to the Verifiers

+

During the presentation phase, a Verifier MAY request the Wallet Instance to provide a Non-Revocation Assertion along with the requested Credential. If a Verifier requests a Status Assertion for a requested Digital Credential, the Wallet Instance MUST provide the Status Assertions in the vp_token JSON array. If the Status Assertion is requested by the Verifier and the Wallet Instance is not able to provide it or it is expired or it is issued far back in time, the Verifier MAY decide to accept or reject the Credential according to its security policy.

+

Law-Enforcement Authorities or Third Parties authorized by national law, MAY require deferred non-revocation status verification but the definition of these protocols is currently out-of-scope for this technical implementation profile.

+
+
+
+

Credential Proof of Possession

+

The Credential Proof of Possession (credential_pop) MUST be a JWT that MUST contain the parameters (Header and Payload) in the following table.

+ +++++ + + + + + + + + + + + + + + + + + + + + +

Header

Description

Reference

typ

In case of revocation request it MUST be set to revocation-request+jwt. In case of Status Assertion request it MUST be set to status-assertion-request+jwt, according to OAUTH-STATUS-ASSERTION .

RFC 7516#section-4.1.1.

alg

A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms listed in the Section Cryptographic Algorithms and MUST NOT be set to none or any symmetric algorithm (MAC) identifier.

RFC 7516#section-4.1.1.

kid

Unique identifier of the jwk or COSE_Key inside the cnf claim of the Credential to be revoked, as base64url-encoded JWK Thumbprint value, according to OAUTH-STATUS-ASSERTION.

RFC 7638#section_3.

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Payload

Description

Reference

iss

Thumbprint of the JWK in the cnf parameter of the Wallet Assertion.

RFC 9126 and RFC 7519.

aud

It MUST be set to the identifier of the Issuer.

RFC 9126 and RFC 7519.

exp

UNIX Timestamp with the expiry time of the JWT. It MUST be greater than the value set for iat.

RFC 9126 and RFC 7519.

iat

UNIX Timestamp with the time of JWT issuance.

RFC 9126 and RFC 7519.

jti

Unique identifier for the PoP proof JWT. The value SHOULD be set using a UUID v4 value according to [RFC 4122].

RFC 7519#section-4.1.7.

credential_hash

It MUST contain the hash value of a Digital Credential, derived by computing the base64url encoded hash of the Digital Credential.

OAUTH-STATUS-ASSERTION.

credential_hash_alg

It MUST contain the Algorithm used for hashing the Digital Credential. The value SHOULD be set to S256.

OAUTH-STATUS-ASSERTION.

+
+
+

Revocation Assertion

+

When the JWT format is used, the Revocation Assertion MUST contain the following claims.

+ +++++ + + + + + + + + + + + + + + + + +

Header

Description

Reference

alg

Algorithm used to verify the cryptographic signature of the Revocation Assertion. Revocation Assertion that do not need to be signed SHOULD set the alg value to none in according with OAUTH-STATUS-ASSERTION.

[OIDC4VCI. Draft 13], [RFC 7515], [RFC 7517].

typ

It MUST be set to revocation-assertion-response+jwt when JWT format is used.

[RFC 7515], [RFC 7517], OAUTH-STATUS-ASSERTION.

+ +++++ + + + + + + + + + + + + + + + + + + + + +

Payload

Description

Reference

iss

It MUST be set to the identifier of the Credential Issuer.

RFC 9126 and RFC 7519.

jti

Unique identifier for the JWT.

RFC 7519#section-4.1.7.

credential_status_validity

Boolean value indicating the absolute validity of the Credential linked to the Status Assertion. It MUST be set with the value false.

OAUTH-STATUS-ASSERTION.

+
+
+

Status Assertion

+

When the JWT format is used, the Status Assertion MUST contain the following claims.

+ +++++ + + + + + + + + + + + + + + + + + + + + +

Header

Description

Reference

alg

A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms in Section Cryptographic Algorithms and MUST NOT be set to none or to a symmetric algorithm (MAC) identifier.

[OIDC4VCI. Draft 13], [RFC 7515], [RFC 7517].

typ

It MUST be set to status-assertion-request+jwt when JWT format is used.

[RFC 7515], [RFC 7517], [OAuth Status Attestation draft 01]..

kid

Unique identifier of the Credential Issuer jwk as base64url-encoded JWK Thumbprint value.

RFC 7638#section_3.

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Payload

Description

Reference

iss

It MUST be set to the identifier of the Credential Issuer.

RFC 9126 and RFC 7519.

iat

UNIX Timestamp with the time of JWT issuance.

RFC 9126 and RFC 7519.

exp

UNIX Timestamp with the expiry time of the JWT. It MUST be greater than the value set for iat.

RFC 9126 and RFC 7519.

credential_hash

Hash value of the Credential the Status Assertion is bound to.

OAUTH-STATUS-ASSERTION.

credential_hash_alg

The Algorithm used for hashing the Credential to which the Status Assertion is bound. The value SHOULD be set to S256.

OAUTH-STATUS-ASSERTION.

credential_status_validity

Boolean value indicating the absolute validity of the Credential linked to the Status Assertion. It is REQUIRED and it MUST be set with the value "false" or "true".

OAUTH-STATUS-ASSERTION.

cnf

JSON object containing confirmation methods. The sub-member contained within cnf member, such as jwk for JWT, MUST match with the one provided within the related Digital Credential. Other confirmation methods can be utilized when the referenced Digital Credential supports them, in accordance with the relevant standards.

[RFC7800, Section 3.1] and [RFC8747, Section 3.1].

+
+
+

Error Assertion

+

When the JWT format is used, the Revocation or Status Assertion Error MUST contain the following claims.

+ +++++ + + + + + + + + + + + + + + + + +

Header

Description

Reference

alg

Algorithm used to verify the cryptographic signature of the Assertion Error. Assertion Error that do not need to be signed SHOULD set the alg value to none in according with OAUTH-STATUS-ASSERTION.

[OIDC4VCI. Draft 13], [RFC 7515], [RFC 7517].

typ

It MUST be set to status-assertion-response+jwt or revocation-assertion-response+jwt when JWT format is used.

[RFC 7515], [RFC 7517], OAUTH-STATUS-ASSERTION .

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + +

Payload

Description

Reference

iss

It MUST be set to the identifier of the Credential Issuer.

RFC 9126 and RFC 7519.

jti

Unique identifier for the JWT.

RFC 7519#section-4.1.7.

error

Status code returned from the Credential Issuer after revocation. The value SHOULD be assigned with one of the error types defined in {{RFC6749}}[Section 5.2]<https://tools.ietf.org/html/rfc6749#section-5.2> or defined in OAUTH-STATUS-ASSERTION.

[RFC6749, Section 5.2], OAUTH-STATUS-ASSERTION

error_description

Text that clarifies the nature of the error, such as attribute changes, revocation reasons, in relation to the error value.

OAUTH-STATUS-ASSERTION.

+
+
+ + +
+
+
+
+ + + + + + +
+
+ + + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/search.html b/ia-terms-updates/en/search.html new file mode 100644 index 000000000..6ef6e17ce --- /dev/null +++ b/ia-terms-updates/en/search.html @@ -0,0 +1,201 @@ + + + + + + + Search — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +

Search

+ + + + +

+ Searching for multiple words only shows matches that contain + all words. +

+ + +
+ + + +
+ + +
+ + +
+
+
+
+ + +
+
+
+
+
+ +
+ +
+ +
+
+
+ + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/searchindex.js b/ia-terms-updates/en/searchindex.js new file mode 100644 index 000000000..32b989772 --- /dev/null +++ b/ia-terms-updates/en/searchindex.js @@ -0,0 +1 @@ +Search.setIndex({"alltitles": {"(Q)EAA non-normative examples": [[6, "q-eaa-non-normative-examples"]], "Access Token": [[8, "access-token"]], "Acknowledgements": [[3, "acknowledgements"]], "Acronyms": [[4, "acronyms"]], "Attributes": [[2, "attributes"]], "Authentic Sources": [[1, null]], "Authorization Request": [[8, "authorization-request"]], "Authorization Request Details": [[12, "authorization-request-details"], [13, "authorization-request-details"]], "Authorization Response": [[8, "authorization-response"]], "Authorization Response Details": [[12, "authorization-response-details"], [13, "authorization-response-details"]], "Authorization Response Errors": [[12, "authorization-response-errors"], [13, "authorization-response-errors"]], "Authorization endpoint": [[8, "authorization-endpoint"]], "Configuration of the Federation": [[17, "configuration-of-the-federation"]], "Considerations about Decentralization": [[17, "considerations-about-decentralization"]], "Credential Lifecycle": [[14, null]], "Credential Proof of Possession": [[14, "credential-proof-of-possession"]], "Credential Request": [[8, "credential-request"]], "Credential Response": [[8, "credential-response"]], "Credential Revocation HTTP Request": [[14, "credential-revocation-http-request"]], "Credential Revocation HTTP Response": [[14, "credential-revocation-http-response"]], "Credential endpoint": [[8, "credential-endpoint"]], "Cross Device Flow Status Checks and Security": [[12, "cross-device-flow-status-checks-and-security"], [13, "cross-device-flow-status-checks-and-security"]], "Cryptographic Algorithms": [[0, null]], "Deactivation": [[19, "deactivation"]], "Deferred Flow": [[8, "deferred-flow"]], "Defined Terms": [[4, "defined-terms"]], "Device Engagement": [[9, "device-engagement"], [12, "device-engagement"]], "Digital Credential Metadata Type": [[6, "digital-credential-metadata-type"]], "Dynamic Component View": [[18, "dynamic-component-view"]], "Entity Configuration": [[17, "entity-configuration"]], "Entity Configuration Leaves and Intermediates": [[17, "entity-configuration-leaves-and-intermediates"]], "Entity Configuration Trust Anchor": [[17, "entity-configuration-trust-anchor"]], "Entity Configuration of PID/(Q)EAA Providers": [[7, null]], "Entity Configuration of Relying Parties": [[11, null]], "Entity Configurations Common Parameters": [[17, "entity-configurations-common-parameters"]], "Entity Statement": [[17, "entity-statement"]], "Entity Statements": [[17, "entity-statements"]], "Error Assertion": [[14, "error-assertion"]], "Example": [[10, "example"]], "Example of a (Q)EAA Provider Entity Configuration": [[7, "example-of-a-q-eaa-provider-entity-configuration"]], "Example of a Relying Party Entity Configuration": [[11, "example-of-a-relying-party-entity-configuration"]], "External references": [[2, "external-references"], [19, "external-references"]], "Federation API endpoints": [[17, "federation-api-endpoints"]], "Federation Roles": [[17, "federation-roles"]], "Functional Requirements": [[14, "functional-requirements"], [17, "id3"]], "General Properties": [[2, "general-properties"], [10, "general-properties"], [17, "general-properties"]], "General Requirements": [[8, "general-requirements"]], "Header": [[19, "header"]], "High-Level (Q)EAA flow": [[8, "high-level-q-eaa-flow"]], "High-Level PID flow": [[8, "high-level-pid-flow"]], "How to contribute": [[3, null]], "Implementation Considerations": [[10, "implementation-considerations"]], "Implementation considerations": [[2, "implementation-considerations"]], "Index of content": [[5, "index-of-content"]], "Initialization Process": [[19, "initialization-process"]], "Introduction": [[5, "introduction"]], "Libraries and code snippets": [[2, "libraries-and-code-snippets"]], "Low-Level Issuance Flow": [[8, "low-level-issuance-flow"]], "MDOC-CBOR": [[6, "mdoc-cbor"]], "MDOC-CBOR Examples": [[6, "mdoc-cbor-examples"]], "MDOC-CBOR Presentation": [[12, "mdoc-cbor-presentation"], [13, "mdoc-cbor-presentation"]], "Metadata Types": [[17, "id1"]], "Metadata for federation_entity": [[7, "metadata-for-federation-entity"], [11, "metadata-for-federation-entity"]], "Metadata for oauth_authorization_server": [[7, "metadata-for-oauth-authorization-server"]], "Metadata for openid_credential_issuer": [[7, "metadata-for-openid-credential-issuer"]], "Metadata for wallet_relying_party": [[7, "metadata-for-wallet-relying-party"], [11, "metadata-for-wallet-relying-party"]], "Metadata of federation_entity Leaves": [[17, "metadata-of-federation-entity-leaves"]], "Mobile Security Object": [[6, "mobile-security-object"]], "Non-repudiability of the Long Lived Attestations": [[17, "non-repudiability-of-the-long-lived-attestations"]], "Normative Language and Conventions": [[4, null]], "Notification Request": [[8, "notification-request"]], "Notification Response": [[8, "notification-response"]], "Notification endpoint": [[8, "notification-endpoint"]], "Offline Relying Party Metadata": [[17, "offline-relying-party-metadata"]], "Offline Trust Attestation Mechanisms": [[17, "offline-trust-attestation-mechanisms"]], "Offline Wallet Trust Attestation": [[17, "offline-wallet-trust-attestation"]], "Operational Requirements": [[14, "operational-requirements"]], "PAR http request parameters": [[8, "id6"]], "PID Claims": [[6, "pid-claims"]], "PID Non-Normative Examples": [[6, "pid-non-normative-examples"]], "PID/(Q)EAA Data Model": [[6, null]], "PID/(Q)EAA Issuance": [[8, null]], "PID/(Q)EAA SD-JWT parameters": [[6, "pid-q-eaa-sd-jwt-parameters"]], "Payload": [[19, "payload"]], "Payload federation_entity": [[19, "payload-federation-entity"]], "Privacy Remarks": [[17, "privacy-remarks"]], "Proximity Flow": [[9, null], [12, "proximity-flow"]], "Pseudonyms": [[10, null]], "Pushed Authorization Request (PAR) Request": [[8, "pushed-authorization-request-par-request"]], "Pushed Authorization Request (PAR) Response": [[8, "pushed-authorization-request-par-response"]], "Pushed Authorization Request Endpoint": [[8, "pushed-authorization-request-endpoint"]], "Redirect URI": [[12, "redirect-uri"], [13, "redirect-uri"]], "Redirect URI Errors": [[12, "redirect-uri-errors"], [13, "redirect-uri-errors"]], "Relying Party Solution": [[12, null]], "Relying Party Trust Evaluation": [[17, "relying-party-trust-evaluation"]], "Remote Flow": [[12, "remote-flow"], [13, null]], "Request Object Details": [[12, "request-object-details"], [13, "request-object-details"]], "Request URI Endpoint Errors": [[12, "request-uri-endpoint-errors"], [13, "request-uri-endpoint-errors"]], "Request URI Response": [[12, "request-uri-response"], [13, "request-uri-response"]], "Request URI with HTTP POST": [[12, "request-uri-with-http-post"], [13, "request-uri-with-http-post"]], "Requirements": [[2, "requirements"], [10, "requirements"], [18, "requirements"], [19, "requirements"]], "Return to Operational state": [[19, "return-to-operational-state"]], "Revocation Assertion": [[14, "revocation-assertion"]], "Revocation Flows": [[14, "revocation-flows"]], "Revocation Request by Wallet Instance": [[14, "revocation-request-by-wallet-instance"]], "Revocation Use Cases": [[14, "revocation-use-cases"]], "Revocations": [[18, "revocations"]], "SD-JWT Presentation": [[12, "sd-jwt-presentation"], [13, "sd-jwt-presentation"]], "SD-JWT-VC Credential Format": [[6, "sd-jwt-vc-credential-format"]], "Security Patterns": [[1, "security-patterns"]], "Session Termination": [[9, "session-termination"], [12, "session-termination"]], "States": [[18, "states"]], "Static Component View": [[18, "static-component-view"]], "Status Assertion": [[14, "status-assertion"]], "Status Assertion Flows": [[14, "status-assertion-flows"]], "Status Assertion HTTP Request": [[14, "status-assertion-http-request"]], "Status Assertion HTTP Response": [[14, "status-assertion-http-response"]], "Status Assertion Presentation to the Verifiers": [[14, "status-assertion-presentation-to-the-verifiers"]], "Status Assertion Request by Wallet Instance": [[14, "status-assertion-request-by-wallet-instance"]], "Technical Flow": [[8, "technical-flow"]], "Technical References": [[16, null]], "The Digital Identity Wallet Paradigm": [[15, null]], "The Infrastructure of Trust": [[17, null]], "The Italian EUDI Wallet implementation profile": [[5, null]], "Token Request": [[8, "token-request"]], "Token Response": [[8, "token-response"]], "Token endpoint": [[8, "token-endpoint"]], "Transition to Valid state": [[19, "transition-to-valid-state"]], "Transitions": [[18, "transitions"]], "Trust Chain": [[17, "trust-chain"]], "Trust Chain Fast Renewal": [[17, "trust-chain-fast-renewal"]], "Trust Evaluation Mechanism": [[17, "trust-evaluation-mechanism"]], "Trust Infrastructure Functional Requirements": [[17, "trust-infrastructure-functional-requirements"]], "Wallet Attestation": [[17, "wallet-attestation"], [18, null], [18, "table-wallet-attestation-claim"], [19, "wallet-attestation"]], "Wallet Attestation Issuance": [[18, "wallet-attestation-issuance"]], "Wallet Attestation Request": [[18, "wallet-attestation-request"]], "Wallet Instance": [[19, "wallet-instance"]], "Wallet Instance Initialization and Registration": [[18, "wallet-instance-initialization-and-registration"]], "Wallet Instance Lifecycle": [[18, "wallet-instance-lifecycle"], [19, "wallet-instance-lifecycle"]], "Wallet Instance registration http request parameters": [[18, "id6"]], "Wallet Provider Endpoints": [[19, "wallet-provider-endpoints"]], "Wallet Provider Metadata": [[19, "wallet-provider-metadata"]], "Wallet Solution": [[19, null]], "What it is useful for": [[10, "what-it-is-useful-for"]], "backup-restore.rst": [[2, null]], "http request header parameters": [[8, "id7"]], "mDoc Request": [[9, "mdoc-request"], [12, "mdoc-request"]], "mDoc Response": [[9, "mdoc-response"], [12, "mdoc-response"]], "nameSpaces": [[6, "namespaces"]], "wallet_provider metadata": [[19, "id1"]]}, "docnames": ["algorithms", "authentic-sources", "backup-restore", "contribute", "defined-terms", "index", "pid-eaa-data-model", "pid-eaa-entity-configuration", "pid-eaa-issuance", "proximity-flow", "pseudonyms", "relying-party-entity-configuration", "relying-party-solution", "remote-flow", "revocation-lists", "ssi-introduction", "standards", "trust", "wallet-attestation", "wallet-solution"], "envversion": {"sphinx": 62, "sphinx.domains.c": 3, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 9, "sphinx.domains.index": 1, "sphinx.domains.javascript": 3, "sphinx.domains.math": 2, "sphinx.domains.python": 4, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.intersphinx": 1, "sphinx.ext.todo": 2}, "filenames": ["algorithms.rst", "authentic-sources.rst", "backup-restore.rst", "contribute.rst", "defined-terms.rst", "index.rst", "pid-eaa-data-model.rst", "pid-eaa-entity-configuration.rst", "pid-eaa-issuance.rst", "proximity-flow.rst", "pseudonyms.rst", "relying-party-entity-configuration.rst", "relying-party-solution.rst", "remote-flow.rst", "revocation-lists.rst", "ssi-introduction.rst", "standards.rst", "trust.rst", "wallet-attestation.rst", "wallet-solution.rst"], "indexentries": {"rfc": [[0, "index-0", false], [0, "index-1", false], [0, "index-10", false], [0, "index-11", false], [0, "index-12", false], [0, "index-13", false], [0, "index-14", false], [0, "index-15", false], [0, "index-16", false], [0, "index-17", false], [0, "index-18", false], [0, "index-19", false], [0, "index-2", false], [0, "index-20", false], [0, "index-21", false], [0, "index-3", false], [0, "index-4", false], [0, "index-5", false], [0, "index-6", false], [0, "index-7", false], [0, "index-8", false], [0, "index-9", false], [6, "index-0", false], [6, "index-1", false], [6, "index-2", false], [6, "index-3", false], [6, "index-4", false], [6, "index-5", false], [6, "index-6", false], [6, "index-7", false], [6, "index-8", false], [6, "index-9", false], [7, "index-0", false], [7, "index-1", false], [7, "index-10", false], [7, "index-11", false], [7, "index-2", false], [7, "index-3", false], [7, "index-4", false], [7, "index-5", false], [7, "index-6", false], [7, "index-7", false], [7, "index-8", false], [7, "index-9", false], [8, "index-0", false], [8, "index-1", false], [8, "index-10", false], [8, "index-100", false], [8, "index-101", false], [8, "index-102", false], [8, "index-103", false], [8, "index-104", false], [8, "index-105", false], [8, "index-106", false], [8, "index-107", false], [8, "index-108", false], [8, "index-109", false], [8, "index-11", false], [8, "index-110", false], [8, "index-111", false], [8, "index-112", false], [8, "index-113", false], [8, "index-114", false], [8, "index-115", false], [8, "index-116", false], [8, "index-117", false], [8, "index-118", false], [8, "index-119", false], [8, "index-12", false], [8, "index-120", false], [8, "index-121", false], [8, "index-122", false], [8, "index-123", false], [8, "index-124", false], [8, "index-125", false], [8, "index-126", false], [8, "index-127", false], [8, "index-128", false], [8, "index-129", false], [8, "index-13", false], [8, "index-130", false], [8, "index-131", false], [8, "index-132", false], [8, "index-133", false], [8, "index-14", false], [8, "index-15", false], [8, "index-16", false], [8, "index-17", false], [8, "index-18", false], [8, "index-19", false], [8, "index-2", false], [8, "index-20", false], [8, "index-21", false], [8, "index-22", false], [8, "index-23", false], [8, "index-24", false], [8, "index-25", false], [8, "index-26", false], [8, "index-27", false], [8, "index-28", false], [8, "index-29", false], [8, "index-3", false], [8, "index-30", false], [8, "index-31", false], [8, "index-32", false], [8, "index-33", false], [8, "index-34", false], [8, "index-35", false], [8, "index-36", false], [8, "index-37", false], [8, "index-38", false], [8, "index-39", false], [8, "index-4", false], [8, "index-40", false], [8, "index-41", false], [8, "index-42", false], [8, "index-43", false], [8, "index-44", false], [8, "index-45", false], [8, "index-46", false], [8, "index-47", false], [8, "index-48", false], [8, "index-49", false], [8, "index-5", false], [8, "index-50", false], [8, "index-51", false], [8, "index-52", false], [8, "index-53", false], [8, "index-54", false], [8, "index-55", false], [8, "index-56", false], [8, "index-57", false], [8, "index-58", false], [8, "index-59", false], [8, "index-6", false], [8, "index-60", false], [8, "index-61", false], [8, "index-62", false], [8, "index-63", false], [8, "index-64", false], [8, "index-65", false], [8, "index-66", false], [8, "index-67", false], [8, "index-68", false], [8, "index-69", false], [8, "index-7", false], [8, "index-70", false], [8, "index-71", false], [8, "index-72", false], [8, "index-73", false], [8, "index-74", false], [8, "index-75", false], [8, "index-76", false], [8, "index-77", false], [8, "index-78", false], [8, "index-79", false], [8, "index-8", false], [8, "index-80", false], [8, "index-81", false], [8, "index-82", false], [8, "index-83", false], [8, "index-84", false], [8, "index-85", false], [8, "index-86", false], [8, "index-87", false], [8, "index-88", false], [8, "index-89", false], [8, "index-9", false], [8, "index-90", false], [8, "index-91", false], [8, "index-92", false], [8, "index-93", false], [8, "index-94", false], [8, "index-95", false], [8, "index-96", false], [8, "index-97", false], [8, "index-98", false], [8, "index-99", false], [11, "index-0", false], [11, "index-1", false], [11, "index-2", false], [11, "index-3", false], [12, "index-0", false], [12, "index-1", false], [12, "index-2", false], [13, "index-0", false], [13, "index-1", false], [13, "index-2", false], [14, "index-0", false], [14, "index-1", false], [14, "index-10", false], [14, "index-11", false], [14, "index-12", false], [14, "index-13", false], [14, "index-14", false], [14, "index-15", false], [14, "index-16", false], [14, "index-17", false], [14, "index-18", false], [14, "index-19", false], [14, "index-2", false], [14, "index-20", false], [14, "index-21", false], [14, "index-22", false], [14, "index-23", false], [14, "index-24", false], [14, "index-25", false], [14, "index-26", false], [14, "index-27", false], [14, "index-28", false], [14, "index-29", false], [14, "index-3", false], [14, "index-30", false], [14, "index-31", false], [14, "index-32", false], [14, "index-33", false], [14, "index-34", false], [14, "index-35", false], [14, "index-36", false], [14, "index-37", false], [14, "index-38", false], [14, "index-39", false], [14, "index-4", false], [14, "index-40", false], [14, "index-41", false], [14, "index-42", false], [14, "index-43", false], [14, "index-44", false], [14, "index-45", false], [14, "index-5", false], [14, "index-6", false], [14, "index-7", false], [14, "index-8", false], [14, "index-9", false], [16, "index-0", false], [16, "index-1", false], [16, "index-10", false], [16, "index-11", false], [16, "index-12", false], [16, "index-13", false], [16, "index-14", false], [16, "index-15", false], [16, "index-16", false], [16, "index-17", false], [16, "index-2", false], [16, "index-3", false], [16, "index-4", false], [16, "index-5", false], [16, "index-6", false], [16, "index-7", false], [16, "index-8", false], [16, "index-9", false], [17, "index-0", false], [17, "index-1", false], [17, "index-2", false], [17, "index-3", false], [18, "index-0", false], [18, "index-1", false], [18, "index-10", false], [18, "index-11", false], [18, "index-12", false], [18, "index-13", false], [18, "index-14", false], [18, "index-15", false], [18, "index-16", false], [18, "index-17", false], [18, "index-18", false], [18, "index-19", false], [18, "index-2", false], [18, "index-20", false], [18, "index-21", false], [18, "index-22", false], [18, "index-3", false], [18, "index-4", false], [18, "index-5", false], [18, "index-6", false], [18, "index-7", false], [18, "index-8", false], [18, "index-9", false], [19, "index-0", false]], "rfc 2119": [[16, "index-0", false]], "rfc 2616": [[16, "index-1", false]], "rfc 3339": [[16, "index-2", false]], "rfc 3986": [[16, "index-3", false]], "rfc 4122": [[8, "index-61", false], [8, "index-87", false], [14, "index-19", false]], "rfc 5280": [[6, "index-3", false]], "rfc 5639": [[0, "index-9", false]], "rfc 5646": [[6, "index-8", false], [6, "index-9", false], [7, "index-10", false], [7, "index-11", false], [7, "index-9", false]], "rfc 6749": [[8, "index-0", false], [8, "index-122", false], [8, "index-25", false], [8, "index-29", false], [8, "index-30", false], [8, "index-35", false], [8, "index-46", false], [8, "index-49", false], [8, "index-5", false], [8, "index-74", false], [8, "index-76", false], [8, "index-93", false], [8, "index-94", false], [8, "index-95", false], [16, "index-14", false]], "rfc 6749#section-4.1.2": [[8, "index-68", false], [8, "index-70", false]], "rfc 6749#section-4.1.2.1": [[8, "index-73", false]], "rfc 6749#section-5.2": [[8, "index-96", false], [14, "index-0", false], [14, "index-1", false], [14, "index-2", false], [14, "index-3", false], [14, "index-4", false], [14, "index-5", false], [14, "index-6", false], [14, "index-7", false]], "rfc 7159": [[16, "index-4", false]], "rfc 7515": [[6, "index-0", false], [6, "index-1", false], [6, "index-2", false], [6, "index-4", false], [6, "index-7", false], [7, "index-5", false], [8, "index-100", false], [8, "index-117", false], [8, "index-121", false], [8, "index-123", false], [8, "index-125", false], [8, "index-128", false], [8, "index-129", false], [8, "index-80", false], [8, "index-82", false], [8, "index-84", false], [8, "index-86", false], [8, "index-99", false], [11, "index-2", false], [11, "index-3", false], [14, "index-21", false], [14, "index-23", false], [14, "index-28", false], [14, "index-30", false], [14, "index-39", false], [14, "index-41", false], [16, "index-5", false]], "rfc 7516": [[0, "index-17", false], [0, "index-3", false], [0, "index-5", false], [0, "index-7", false], [16, "index-6", false]], "rfc 7516#section-4.1.1": [[8, "index-36", false], [8, "index-52", false], [12, "index-0", false], [13, "index-0", false], [14, "index-8", false], [14, "index-9", false], [18, "index-0", false], [18, "index-11", false]], "rfc 7517": [[8, "index-124", false], [8, "index-126", false], [8, "index-127", false], [8, "index-130", false], [8, "index-83", false], [8, "index-85", false], [12, "index-2", false], [13, "index-2", false], [14, "index-22", false], [14, "index-24", false], [14, "index-29", false], [14, "index-31", false], [14, "index-40", false], [14, "index-42", false], [16, "index-7", false], [17, "index-2", false], [17, "index-3", false]], "rfc 7518": [[0, "index-0", false], [0, "index-1", false], [0, "index-10", false], [0, "index-11", false], [0, "index-12", false], [0, "index-13", false], [0, "index-14", false], [0, "index-15", false], [0, "index-16", false], [0, "index-18", false], [0, "index-19", false], [0, "index-2", false], [0, "index-20", false], [0, "index-21", false], [0, "index-4", false], [0, "index-6", false], [0, "index-8", false], [16, "index-8", false]], "rfc 7519": [[6, "index-5", false], [6, "index-6", false], [8, "index-103", false], [8, "index-105", false], [8, "index-107", false], [8, "index-109", false], [8, "index-111", false], [8, "index-112", false], [8, "index-114", false], [8, "index-116", false], [8, "index-131", false], [8, "index-132", false], [8, "index-133", false], [8, "index-18", false], [8, "index-39", false], [8, "index-41", false], [8, "index-43", false], [8, "index-45", false], [8, "index-51", false], [8, "index-54", false], [8, "index-56", false], [8, "index-58", false], [8, "index-60", false], [8, "index-62", false], [8, "index-72", false], [8, "index-88", false], [8, "index-91", false], [8, "index-92", false], [8, "index-97", false], [12, "index-1", false], [13, "index-1", false], [14, "index-12", false], [14, "index-14", false], [14, "index-16", false], [14, "index-18", false], [14, "index-26", false], [14, "index-34", false], [14, "index-36", false], [14, "index-38", false], [14, "index-44", false], [16, "index-9", false], [17, "index-0", false], [17, "index-1", false], [18, "index-14", false], [18, "index-16", false], [18, "index-18", false], [18, "index-20", false], [18, "index-3", false], [18, "index-5", false], [18, "index-7", false], [18, "index-9", false]], "rfc 7519#section-4.1.7": [[14, "index-20", false], [14, "index-27", false], [14, "index-45", false]], "rfc 7521": [[8, "index-69", false], [8, "index-77", false], [8, "index-78", false], [8, "index-79", false], [16, "index-17", false]], "rfc 7591#section-2": [[11, "index-1", false]], "rfc 7591#section-3.2.1": [[11, "index-0", false]], "rfc 7636": [[7, "index-3", false], [8, "index-2", false], [8, "index-7", false]], "rfc 7636#section-4.2": [[8, "index-47", false]], "rfc 7636#section-4.3": [[8, "index-48", false]], "rfc 7638": [[8, "index-119", false], [16, "index-10", false], [19, "index-0", false]], "rfc 7638#section_3": [[8, "index-101", false], [8, "index-37", false], [14, "index-10", false], [14, "index-32", false], [18, "index-1", false], [18, "index-12", false]], "rfc 7800": [[16, "index-11", false], [18, "index-10", false], [18, "index-21", false]], "rfc 8174": [[16, "index-12", false]], "rfc 8259": [[8, "index-63", false]], "rfc 8414": [[7, "index-8", false], [18, "index-22", false]], "rfc 8414#section-2": [[7, "index-1", false], [7, "index-2", false], [7, "index-4", false], [7, "index-6", false], [7, "index-7", false]], "rfc 8725": [[8, "index-81", false], [16, "index-13", false]], "rfc 9027": [[8, "index-26", false]], "rfc 9068": [[8, "index-102", false], [8, "index-104", false], [8, "index-106", false], [8, "index-108", false], [8, "index-110", false], [8, "index-113", false], [8, "index-115", false]], "rfc 9101": [[8, "index-10", false], [8, "index-12", false], [8, "index-14", false], [8, "index-19", false], [8, "index-20", false], [8, "index-3", false]], "rfc 9110": [[8, "index-34", false], [8, "index-89", false], [8, "index-90", false]], "rfc 9126": [[8, "index-1", false], [8, "index-11", false], [8, "index-13", false], [8, "index-15", false], [8, "index-16", false], [8, "index-17", false], [8, "index-21", false], [8, "index-22", false], [8, "index-23", false], [8, "index-24", false], [8, "index-38", false], [8, "index-40", false], [8, "index-42", false], [8, "index-44", false], [8, "index-53", false], [8, "index-55", false], [8, "index-57", false], [8, "index-59", false], [8, "index-6", false], [8, "index-64", false], [8, "index-65", false], [8, "index-67", false], [8, "index-9", false], [14, "index-11", false], [14, "index-13", false], [14, "index-15", false], [14, "index-17", false], [14, "index-25", false], [14, "index-33", false], [14, "index-35", false], [14, "index-37", false], [14, "index-43", false], [18, "index-13", false], [18, "index-15", false], [18, "index-17", false], [18, "index-19", false], [18, "index-2", false], [18, "index-4", false], [18, "index-6", false], [18, "index-8", false]], "rfc 9126#as_metadata": [[7, "index-0", false]], "rfc 9126#section-2.3": [[8, "index-66", false]], "rfc 9207": [[8, "index-71", false], [16, "index-16", false]], "rfc 9396": [[8, "index-4", false], [8, "index-50", false], [8, "index-8", false]], "rfc 9449": [[8, "index-118", false], [8, "index-120", false], [8, "index-27", false], [8, "index-28", false], [8, "index-31", false], [8, "index-32", false], [8, "index-33", false], [8, "index-75", false], [8, "index-98", false], [16, "index-15", false]]}, "objects": {}, "objnames": {}, "objtypes": {}, "terms": {"": [1, 4, 5, 6, 7, 9, 10, 12, 13, 14, 15, 16, 17, 18, 19], "0": [4, 6, 7, 8, 9, 11, 12, 13, 16, 17, 18, 19], "00": [6, 11], "00z": 6, "01": [6, 9, 12, 14], "02": [6, 9, 12], "03": [7, 11], "04": [8, 16], "04a98be3": [12, 13], "05z": [9, 12], "08": [9, 12], "08b3f1ca5517019767be3dee3bb06145": [9, 12], "09": [9, 12], "091535f699ea575c7937fa5f0f454ae": [12, 13], "095vprpttn4qmoqroa": 6, "0a6da0af437e2943f1836f31c678d89298e9": 6, "0b434530": 14, "0cdfe077400432c055a2b69596c90": 6, "0e5f0b6b33418e508740771e82f893372eaf5b2445bc4c84dcf08b005e9493fc": [9, 12], "0f1571a97ffb799cc8fcdf2ba4fc2909929": 6, "0fe3cbe0": 18, "1": [2, 4, 6, 7, 8, 9, 11, 12, 13, 14, 16, 17, 18, 19], "10": [6, 8, 9, 12, 13, 16, 17, 18], "1004": [6, 9, 12], "1024": 8, "11": [6, 7, 8, 9, 12, 13, 17, 18], "11aa7273a2d2daa973f5951f0c34c2fba": 6, "12": [6, 8, 9, 12, 13, 17, 18], "128": [0, 8, 12, 13], "12pt": 6, "13": [4, 8, 9, 12, 13, 14, 16, 17, 18], "137f903174253c4585358267aae2ea4": [9, 12], "14": [4, 8, 12, 13, 16, 17, 18], "14888": 0, "15": [8, 12, 13, 17], "1504699136": 14, "1504700136": [12, 13], "1504785536": 14, "16": [6, 8, 9, 12, 13, 17], "1649373279": 17, "1649375259": 17, "1649450746": 17, "1649623546": 17, "1672418465": [12, 13], "1672422065": [12, 13], "167fe": [9, 12], "1683000000": 6, "1686645115": 18, "1686652315": 18, "1687171759": 19, "1687281195": 18, "1687288395": 18, "1698744039": 14, "1698744139": 14, "17": [8, 12, 13, 17, 18], "1705570055": 8, "1709290159": 19, "1715842560": 8, "1715842860": 8, "1718207217": [7, 11], "17487": 16, "1749743216": [7, 11], "1778914560": 8, "18": [8, 12, 13, 17, 18], "18013": [4, 6, 9, 12, 16], "185d84dfb71ce9b173010ddd62174fb": [9, 12], "186": 0, "1883000000": 6, "18bdea0988cb": [12, 13], "19": [5, 8, 12, 13, 17], "1956": [6, 9, 12], "1980": 6, "1986": 16, "1997": 16, "1999": 16, "1_0": 7, "1ad0d6a7313efdc38fcd765852fa2bd43debf48bf5a580d": 6, "1fbao": 8, "1fed7190d2975ab79c072e6f1d9d52436059d1fc959d55baf74f057d89b10fcc0dc77a50d433d4c76ddf26223c5560c4ab123b5cb5eb805a90036aa147493076": [9, 12], "1h0cwdyggvu8w": 19, "1jeqsisimnydii6ilatmju2in19": 8, "1knr9ar3mzmokyty8brvriue85nixryx4xd3k4jw7vi": 17, "2": [1, 2, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 16, 17, 18, 19], "20": [6, 9, 11, 12, 13, 16, 17], "200": [8, 12, 13, 14, 18], "2002": 16, "2008": 4, "201": [8, 12, 13], "2013": 18, "2014": 16, "2015": 16, "2016": 16, "2017": [9, 12, 16], "2018": [9, 12], "2019": [9, 12], "202": [8, 12, 13], "2020": 16, "2021": 16, "20212223": [9, 12], "2022": 16, "2023": [6, 9, 12, 16], "2024": [5, 6, 9, 12, 16], "204": [8, 18], "21": [8, 12, 13, 17], "2119": 16, "22": [6, 8, 9, 12, 13], "22t00": 6, "22t06": 6, "23": [6, 8, 9, 12, 13, 16, 17], "24": [6, 8, 9, 12, 13, 14, 16, 17, 18], "247c93ddb942": 8, "24t14": [9, 12], "25": [12, 13, 17], "256": [0, 6, 7, 8, 9, 11, 12, 14, 17, 18, 19], "26": [12, 13, 17], "2616": 16, "27": [12, 13, 17], "28": [12, 13, 17], "29": [12, 13, 17], "29227872ceb49923d267b5f4bade6d387b42ac2dc4b2ae26c9013067fee7018a": [9, 12], "2c128e4d": [12, 13], "2e40bcd6799008085ffb1a1f3517efee335298fd976b3e655bfb3f4eaa11d171": 6, "2f": [8, 12, 13], "2fcb": [12, 13], "2feaa": 8, "2freli": [12, 13], "2frequest_uri": [12, 13], "2g": 8, "2glc42skqvecfgfrynrn9w": 6, "2hnofs3ync9tjicaivhwlvuj3axwggz_98urfaqme": 17, "2ow9rp35yrqzhrtnp86l": 8, "2w3": [12, 13], "3": [0, 1, 6, 7, 8, 9, 11, 12, 13, 14, 16, 17, 18, 19], "30": [6, 17], "300": [8, 9, 12], "302": [8, 12, 13], "308201253081cda00302010202012a300a06082a8648ce3d0403023020311e301c06035504030c15536f6d652052656164657220417574686f72697479301e170d3233313132343130323832325a170d3238313132323130323832325a301a3118301606035504030c0f536f6d6520526561646572204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004aa1092fb59e26ddd182cfdbc85f1aa8217a4f0fae6a6a5536b57c5ef7be2fb6d0dfd319839e6c24d087cd26499ec4f87c8c766200ba4c6218c74de50cd1243b1300a06082a8648ce3d0403020347003044022048466e92226e042add073b8cdc43df5a19401e1d95ab226e142947e435af9db30220043af7a8e7d31646a424e02ea0c853ec9c293791f930bf589bee557370a4c97b": [9, 12], "3082013e3081e5a00302010202012a300a06082a8648ce3d040302301a3118301606035504030c0f5374617465204f662055746f706961301e170d3233313132343134353430345a170d3238313132323134353430345a30383136303406035504030c2d5374617465204f662055746f7069612049737375696e6720417574686f72697479205369676e696e67204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004c338ec1000b351ce8bcdfc167450aeceb7d518bd9a519583e082d67effff06565804fc09abf0e4a08e699c9dba3796285a15f68e40ac7f9fc7700a15153a4065300a06082a8648ce3d040302034800304502210099b7d62e6bf7b1823db3713df889bf73e70bb4d9c58c21e92c58d2f1beffe932022058d039747a00d70e6d66be4797e6142b3608a014ee09b7b79af2cae2aaf27788": [9, 12], "30820215308201bca003020102021404ad30c": 6, "31579c8b0e7d": [12, 13], "3166": 6, "319": 6, "32": [8, 12, 13], "32f54163": [12, 13], "33": [6, 9, 12], "3339": 16, "36": [11, 16, 17], "3600": 8, "38": 18, "384": [0, 6], "3986": 16, "3a": [8, 12, 13], "3abwc4jk": 8, "3agrant": 18, "3aietf": [8, 18], "3ajwt": 18, "3aoauth": [8, 18], "3aparam": [8, 18], "3arequest_uri": 8, "3be39b69": [12, 13], "3e6c07ddcb03": [12, 13], "3wljk1ejuz2": 8, "3zfqn6kuntjhjbgiyxhyqxie0wrfiqyxnuio2a0bfy4ewystd7znccmforojmmhqwccjnadqbkg7beywbq4jpg": 8, "4": [0, 4, 6, 7, 8, 9, 12, 13, 14, 17, 18], "40": 6, "400": [8, 12, 13, 14], "401": [12, 13], "4025": 8, "403": [12, 13], "4086c1379975f805f1b1f4975e6a1265": [9, 12], "412": 6, "4122": [8, 14], "41aa": [12, 13], "43": 8, "43a5": 8, "44b5": 18, "45efef742b2c4837a9a3b0e1d05a6917": [9, 12], "47b982369791d08003a7283f059cb0d1": 8, "48f1": [12, 13], "49bb": [7, 11], "4a4b4cc64ec9299c1a2501ea449f577005e9f7a60408057c07a7c67fb151e5f5": [9, 12], "4c40": 14, "4cd3": [12, 13], "4cf5": [12, 13], "4dfd": 14, "4e5b": 18, "4fzkwhilki": 8, "4hnpti": 18, "4ljp": 8, "5": [4, 6, 7, 8, 9, 11, 12, 13, 14, 16, 17, 18], "50": 6, "500": [12, 13, 14], "503": 14, "509": [1, 6, 17], "512": [0, 6, 8], "521": 0, "5280": 6, "53c15c57b3b076e788795829190220b4": 6, "53e29d0ddbbc7d2306a32bdbe2e56e51": [9, 12], "54": [9, 12], "5639": 0, "5646": [6, 7], "56z": 6, "58a0d421a7e53b7db0412a196fea50ca6d4c8a530a47dd84d88588ab145374bd0ab2a724cf2ed2facf32c7184591c5969efd53f5aba63194105440bc1904e1b9": [9, 12], "59fe68db795dee4c20976380ea247705": [9, 12], "5a88d182bce5f42efa59943f33359d2e8a968ff289d93e5fa444b624343": [9, 12], "5b": 8, "5izghriiwgimzhbwlsev9uyw1liiwgiljvc3npil0": 6, "5t5yypbhn": [18, 19], "6": [6, 8, 9, 11, 12, 13, 17, 18], "60": 8, "6059ff1ce27b4997b4ade1de7b01dc60": 6, "60a8": 18, "61fbc6c8ad24ec86a78bb4e9ac377dd2b7c711d9f2eb9afd4aa0963662847a": [9, 12], "646d": 18, "6749": [8, 14, 16], "6ac1": [12, 13], "6b3d194fc131": [7, 11], "6d44f21ee875f2c1d502b43198e5a152": [9, 12], "6d8025d2f02a5e7e1406fb6aaeb67f9ede9b07191a53f3e23b77c528223a94e2": [9, 12], "6ec69324": 18, "6f204f7e": 14, "6hjvrcxnzf0slu6uknmzhol": 6, "6ij7tm": 6, "6s0a": 18, "7": [6, 7, 8, 9, 11, 12, 13, 14, 16, 17, 18], "7159": 16, "7166": [12, 13], "73690d92dcaa61b0203870f67c6aa9fdfea889b6f0c720de757b4b0a8516a206": [9, 12], "74c75a5ef760": 14, "7515": [6, 7, 8, 11, 14, 16], "7516": [0, 8, 12, 13, 14, 16, 18], "7517": [8, 12, 13, 14, 16, 17, 19], "7518": [0, 16], "7519": [6, 8, 12, 13, 14, 16, 17, 18], "7521": [8, 16], "7523": 18, "7591": 11, "7636": [7, 8], "7638": [8, 14, 16, 18, 19], "765": 4, "7800": [16, 18], "78824fbd6fbba88a2aab44df8b6f5e9759126d87d1f4415995e658fd9239e1f": [9, 12], "7e": 8, "7fb0": [12, 13], "8": [6, 8, 9, 11, 12, 13, 17, 18], "814e": 14, "8174": 16, "8259": 8, "8368": [7, 11], "8414": [7, 18], "86400": 8, "864000": 8, "86b8": [12, 13], "8725": [8, 16], "8808": 18, "8949": 6, "89jkwhilrt": 8, "8d9066f6c8da16619867cd4e2fab0c88": [9, 12], "8jjozbfovmnvq3hflmpwy4o19gpxs61fwhjzebu589": 6, "8mxk1ealyznwh": 8, "9": [6, 8, 9, 11, 12, 13, 17, 18], "9027": 8, "9052": 6, "9068": 8, "9101": [8, 12, 13], "9110": 8, "9126": [7, 8, 14, 18], "917dd5391bd9": 18, "9207": [8, 16], "921b": [12, 13], "9360": 6, "9378": 8, "9396": 8, "93d8": [12, 13], "9449": [8, 16], "951574aee1bb7907ae1ec3109db2b225": 8, "960cb15a2ea9b68e5233ce902807aa95": 6, "987654321": [9, 12], "98b7": 14, "990cba2069fa1b33b8d6ae910b6549dc": [9, 12], "9biiwgimjpcnrox2rhdguilcaimtk4mc0wms0xmcjd": 6, "9d155319408c": 14, "9d3774bd5994ccfed248674b32a4f76a": 6, "9t2lq": [12, 13], "9tjicaivhwlvuj3axwggz_9": [12, 13], "A": [4, 6, 7, 8, 9, 12, 13, 14, 16, 17, 18, 19], "As": [4, 7, 8, 18], "At": [17, 18], "By": [3, 6, 19], "For": [4, 5, 6, 8, 9, 11, 12, 13, 14, 17, 18, 19], "IT": [3, 4, 5, 6, 7, 9, 10, 12, 19], "If": [1, 3, 6, 7, 8, 9, 12, 13, 14, 17, 18], "In": [1, 4, 6, 7, 8, 9, 10, 12, 13, 14, 15, 17, 18], "It": [1, 4, 6, 7, 8, 9, 11, 12, 13, 14, 15, 17, 18, 19], "Its": [4, 18], "NOT": [0, 1, 4, 6, 8, 10, 11, 12, 13, 14, 17, 18], "No": [4, 5, 8, 17, 18], "Not": [12, 13], "On": [8, 18], "One": 14, "Such": [12, 13], "The": [0, 1, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 18, 19], "Their": 4, "Then": 14, "There": [7, 12, 13, 17], "These": [4, 11, 12, 13, 14, 17, 18, 19], "To": [7, 8, 12, 13, 14, 18, 19], "_2ysumwfjwmranlo15r6dibxervdy_npjuwakjmfdoc": 14, "_qt5": 17, "_sd": 6, "_sd_alg": 6, "_v3bjjelki0tnpbc4yss7yjupwszzmpq0zq9n5zj8xgq_t3nn9bghuyvzegr60xokqbnqmms4iygpol7ekespw": 8, "a10126": [9, 12], "a128cbc": [0, 7], "a128gcm": 7, "a128kw": 0, "a192cbc": 7, "a192gcm": 7, "a2": 8, "a2395ec214350c26066306e23279b3a": [9, 12], "a256cbc": [0, 7], "a256gcm": 7, "a256kw": 0, "a25e1a5b915d2d6eafee9674e0232939": [9, 12], "a26776657273696f6e63312e306b646f63526571756573747381a26c6974656d7352657175657374d818590152a267646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6a6e616d65537061636573a2746f72672e69736f2e31383031332e352e312e4954a375766572696669636174696f6e2e65766964656e6365f4781c766572696669636174696f6e2e6173737572616e63655f6c6576656cf4781c766572696669636174696f6e2e74727573745f6672616d65776f726bf4716f72672e69736f2e31383031332e352e31ab76756e5f64697374696e6775697368696e675f7369676ef47264726976696e675f70726976696c65676573f46f646f63756d656e745f6e756d626572f46a69737375655f64617465f46f69737375696e675f636f756e747279f47169737375696e675f617574686f72697479f46a62697274685f64617465f46b6578706972795f64617465f46a676976656e5f6e616d65f468706f727472616974f46b66616d696c795f6e616d65f46a726561646572417574688443a10126a11821590129308201253081cda00302010202012a300a06082a8648ce3d0403023020311e301c06035504030c15536f6d652052656164657220417574686f72697479301e170d3233313132343130323832325a170d3238313132323130323832325a301a3118301606035504030c0f536f6d6520526561646572204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004aa1092fb59e26ddd182cfdbc85f1aa8217a4f0fae6a6a5536b57c5ef7be2fb6d0dfd319839e6c24d087cd26499ec4f87c8c766200ba4c6218c74de50cd1243b1300a06082a8648ce3d0403020347003044022048466e92226e042add073b8cdc43df5a19401e1d95ab226e142947e435af9db30220043af7a8e7d31646a424e02ea0c853ec9c293791f930bf589bee557370a4c97bf6584058a0d421a7e53b7db0412a196fea50ca6d4c8a530a47dd84d88588ab145374bd0ab2a724cf2ed2facf32c7184591c5969efd53f5aba63194105440bc1904e1b9": [9, 12], "a3": 8, "a30063312e30018201d818584ba4010220012158205a88d182bce5f42efa59943f33359d2e8a968ff289d93e5fa444b624343167fe225820b16e8cf858ddc7690407ba61d4c338237a8cfcf3de6aa672fc60a557aa32fc670281830201a300f401f50b5045efef742b2c4837a9a3b0e1d05a6917": [9, 12], "a366737461747573006776657273696f6e63312e3069646f63756d656e747381a267646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316c6973737565725369676e6564a26a697373756572417574688443a10126a1182159021930820215308201bca003020102021404ad06a30c1a6dc6e93be0e2e8f78dcafa7907c2300a06082a8648ce3d040302305b310b3009060355040613025a45312e302c060355040a0c25465053204d6f62696c69747920616e64205472616e73706f7274206f66205a65746f706961311c301a06035504030c1349414341205a65746573436f6e666964656e73301e170d3231303932393033333034355a170d3232313130333033333034345a3050311a301806035504030c114453205a65746573436f6e666964656e7331253023060355040a0c1c5a65746f70696120436974792044657074206f662054726166666963310b3009060355040613025a453059301306072a8648ce3d020106082a8648ce3d030107034200047c5545e9a0b15f4ff3ce5015121e8ad3257c28d541c1cd0d604fc9d1e352ccc38adef5f7902d44b7a6fc1f99f06eedf7b0018fd9da716aec2f1ffac173356c7da3693067301f0603551d23041830168014bba2a53201700d3c97542ef42889556d15b7ac4630150603551d250101ff040b3009060728818c5d050102301d0603551d0e04160414ce5fd758a8e88563e625cf056bfe9f692f4296fd300e0603551d0f0101ff040403020780300a06082a8648ce3d0403020347003044022012b06a3813ffec5679f3b8cddb51eaa4b95b0cbb1786b09405e2000e9c46618c02202c1f778ad252285ed05d9b55469f1cb78d773671f30fe7ab815371942328317c59032ad818590325a667646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316776657273696f6e63312e306c76616c6964697479496e666fa3667369676e6564c074323032332d30322d32325430363a32333a35365a6976616c696446726f6dc074323032332d30322d32325430363a32333a35365a6a76616c6964556e74696cc074323032342d30322d32325430303a30303a30305a6c76616c756544696765737473a2781865752e6575726f70612e65632e65756469772e7069642e31ac015820a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a025820cd372fb85148700fa88095e3492d3f9f5beb43e555e5ff26d95f5a6adc36f8e6035820e67e72111b363d80c8124d28193926000980e1211c7986cacbd26aacc5528d48045820f7d062d662826ed95869851db06bb539b402047baee53a00e0aa35bfbe98265d0658202a132dbfe4784627b86aa3807cd19cfeff487aab3dd7a60d0ab119a72e736936075820bdca9e8dbca354e824e67bfe1533fa4a238b9ea832f23fb4271ebeb3a5a8f7200858202c0eaec2f05b6c7fe7982683e3773b5d8d7a01e33d04dfcb162add8bd99bee9a095820bfe220d85657ccec3c67e7db1df747e9148a152334bb6d4b65b273279bcc36ec0a582018e38144f5044301d6a0b4ec9d5f98d4cd950e6ea2c29b849cbd457da29b6ad30b58203c71d2f0efa09d9e3fbbdffd29204f6b292c9f79570aef72dd86c91f7a3aa5c50c582065743d58d89d45e52044758f546034fd13a4f994bc270cdfa7844f74eb3f4b6e0d5820b4a8eb5d523bffa17b41bda12ddc7da32ae1e5f7ff3dcc394a35401f16919bbf781b65752e6575726f70612e65632e65756469772e7069642e69742e31a10e58209d6c11644651126c94acdaf0803e86d4c71d15d3b2712a14295416734efd514d6d6465766963654b6579496e666fa1696465766963654b6579a401022001215820ba01aea44eee1e338eb2f04e279dbd51b34655783ee185150838c9a7a7c4db7122582025ba0044439a3871a7b975a0994a85e79b705a9ac263b3fe899b0a93412ee8c96f646967657374416c676f726974686d675348412d32353658400813c28fd62f2602cbc14724e5865733c44a0fca589b55c085ec9d5c725d6cce25ba0044439a3871a7b975a0994a85e79b705a9ac263b3fe899b0a93412ee8c96a6e616d65537061636573a2781865752e6575726f70612e65632e65756469772e7069642e3188d818586da4686469676573744944016672616e646f6d5820156df9227ad341eaa61aabd301106fd21bdc18820e01dfc16bcf5fecc447111b71656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032342d30322d3232d818586fa4686469676573744944026672616e646f6d5820a3a1f13f05544d03a5b50b5fdb78465808393bcf3b7953a345fe28f820c7be0d71656c656d656e744964656e7469666965726d69737375616e63655f646174656c656c656d656e7456616c7565d903ec6a323032332d30322d3232d8185866a4686469676573744944036672616e646f6d5820852591f90f2c9ded57a03632e2c1322ab52a082a431e71a4149a6830c8f1ad0c71656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565624954d818587ca4686469676573744944046672616e646f6d5820d1d587b3512acce15c4f6b20944ceb002a464e4a158389788563408873c3fce571656c656d656e744964656e7469666965727169737375696e675f617574686f726974796c656c656d656e7456616c7565764d696e69737465726f2064656c6c27496e7465726e6fd8185864a4686469676573744944056672616e646f6d582094fdd7609c0e73dc8589b5cab11e1d9058cf8bff8a336da5f81fcba055396a0f71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c7565654d6172696fd8185865a4686469676573744944066672616e646f6d5820660c0a7bf79e0e0261ca1547a4294fb808aa70738f424b13ab1b9440b566ae1371656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756565526f737369d818586ba4686469676573744944076672616e646f6d5820315c53491286488fa07f5c2ce67135ef5c9959c3469c99a14e9b6dc924f9eba571656c656d656e744964656e746966696572696269727468646174656c656c656d656e7456616c7565d903ec6a313935362d30312d3132d818587da4686469676573744944086672616e646f6d5820764ef39c9d01f3aa6a87f441603cfe853fba3cee3bc2c168bcc9e96271d6e06371656c656d656e744964656e74696669657269756e697175655f69646c656c656d656e7456616c7565781e78787878787878782d7878782d787878782d787878787878787878787878781b65752e6575726f70612e65632e65756469772e7069642e69742e3181d8185877a46864696765737449440d6672616e646f6d5820717df3f583b1484366c33a1f869f2b5d201d466a8b589c79ab1a2d85e595432571656c656d656e744964656e7469666965726d7461785f69645f6e756d6265726c656c656d656e7456616c75657554494e49542d585858585858585858585858585858": 6, "a36776657273696f6e63312e3069646f63756d656e747381a367646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6c6973737565725369676e6564a26a6e616d65537061636573a2746f72672e69736f2e31383031332e352e312e495483d81858f7a46864696765737449440b6672616e646f6d506d44f21ee875f2c1d502b43198e5a15271656c656d656e744964656e74696669657275766572696669636174696f6e2e65766964656e63656c656c656d656e7456616c756581a2647479706571656c656374726f6e69635f7265636f7264667265636f7264bf6474797065781f68747470733a2f2f657564692e77616c6c65742e70646e642e676f762e697466736f75726365bf716f7267616e697a6174696f6e5f6e616d65754d6f746f72697a7a617a696f6e6520436976696c656f6f7267616e697a6174696f6e5f6964656d5f696e666c636f756e7472795f636f6465626974ffffd8185866a4686469676573744944046672616e646f6d50185d84dfb71ce9b173010ddd62174fbe71656c656d656e744964656e746966696572781c766572696669636174696f6e2e74727573745f6672616d65776f726b6c656c656d656e7456616c7565656569646173d8185865a4686469676573744944006672616e646f6d50137f903174253c4585358267aae2ea4e71656c656d656e744964656e746966696572781c766572696669636174696f6e2e6173737572616e63655f6c6576656c6c656c656d656e7456616c75656468696768716f72672e69736f2e31383031332e352e318bd8185852a46864696765737449440c6672616e646f6d5053e29d0ddbbc7d2306a32bdbe2e56e5171656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756563446f65d8185855a4686469676573744944036672616e646f6d50990cba2069fa1b33b8d6ae910b6549dc71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c756567416e746f6e696fd818585ba46864696765737449440a6672616e646f6d504086c1379975f805f1b1f4975e6a126571656c656d656e744964656e7469666965726a69737375655f646174656c656c656d656e7456616c7565d903ec6a323031392d31302d3230d818585ca4686469676573744944016672616e646f6d50ab4ca30c918dd2fd0bf35242c15fa2d871656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032342d31302d3230d8185855a4686469676573744944076672616e646f6d508d9066f6c8da16619867cd4e2fab0c8871656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565624954d818587ea4686469676573744944056672616e646f6d5059fe68db795dee4c20976380ea24770571656c656d656e744964656e7469666965727169737375696e675f617574686f726974796c656c656d656e7456616c75657828497374697475746f20506f6c696772616669636f2065205a656363612064656c6c6f20537461746fd818585ba4686469676573744944026672616e646f6d5008b3f1ca5517019767be3dee3bb0614571656c656d656e744964656e7469666965726a62697274685f646174656c656c656d656e7456616c7565d903ec6a313935362d30312d3230d818585ca4686469676573744944096672616e646f6d50a2395ec214350c26066306e23279b3ae71656c656d656e744964656e7469666965726f646f63756d656e745f6e756d6265726c656c656d656e7456616c756569393837363534333231d8185850a4686469676573744944066672616e646f6d50a25e1a5b915d2d6eafee9674e023293971656c656d656e744964656e74696669657268706f7274726169746c656c656d656e7456616c75654420212223d81858eea46864696765737449440d6672616e646f6d50eeed6a3b856563627589a360939d12f771656c656d656e744964656e7469666965727264726976696e675f70726976696c656765736c656c656d656e7456616c756582a37576656869636c655f63617465676f72795f636f646561416a69737375655f64617465d903ec6a323031382d30382d30396b6578706972795f64617465d903ec6a323032342d31302d3230a37576656869636c655f63617465676f72795f636f646561426a69737375655f64617465d903ec6a323031372d30322d32336b6578706972795f64617465d903ec6a323032342d31302d3230d818585ba4686469676573744944086672616e646f6d50c0ef486b2a194ed3cbf7f354fd40092171656c656d656e744964656e74696669657276756e5f64697374696e6775697368696e675f7369676e6c656c656d656e7456616c756561496a697373756572417574688443a10126a118215901423082013e3081e5a00302010202012a300a06082a8648ce3d040302301a3118301606035504030c0f5374617465204f662055746f706961301e170d3233313132343134353430345a170d3238313132323134353430345a30383136303406035504030c2d5374617465204f662055746f7069612049737375696e6720417574686f72697479205369676e696e67204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004c338ec1000b351ce8bcdfc167450aeceb": [9, 12], "a5c1": 8, "a5ivpgbos5tmvva": 6, "a697": 18, "a6a119f7cacac0b8c6aacac747fd3fe7e50b6d9bb8a507fda79f0df6646f285d": [9, 12], "a766d85790ea": 18, "aal": [4, 12, 13, 18], "aal_values_support": 19, "aarc": 8, "aarma": 3, "ab4ca30c918dd2fd0bf35242c15fa2d8": [9, 12], "abil": [4, 15, 17, 18, 19], "abilitazion": 7, "abl": [6, 8, 10, 14, 17, 18], "about": [1, 3, 4, 5, 6, 7, 8, 12, 13, 14, 15, 18, 19], "abov": [6, 7, 8, 9, 12, 17, 18], "absolut": 14, "abstract": 17, "abvdfcnxt0z5rrwdxzsuhuuxz3gm2vcezleyij61ka": 6, "accept": [3, 8, 9, 12, 13, 14], "access": [1, 3, 4, 5, 6, 10, 12, 13, 14, 15, 17, 18, 19], "access_token": 8, "accommod": 17, "accompagnator": 7, "accomplish": [1, 8, 19], "accord": [1, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 17, 18, 19], "account": 17, "accredit": 4, "achiev": 18, "acknowledg": 5, "acquir": [15, 18, 19], "acquisit": 18, "acr_values_support": 7, "acronym": 5, "across": [5, 10, 15], "act": [4, 7, 8, 12, 13, 17], "action": [4, 8, 9, 12, 13, 14, 18, 19], "activ": [3, 9, 12, 14, 15, 17, 18, 19], "actor": [4, 12, 13, 15, 18, 19], "actual": [12, 13, 18, 19], "ad": [4, 6, 8, 12, 13], "adapt": 17, "add": 1, "addit": [6, 7, 8, 10, 14, 17], "addition": [6, 12, 13, 18], "address": [8, 14, 17, 18], "adequ": [8, 19], "adher": [4, 7, 12, 13, 17, 18, 19], "adjust": 17, "administ": 4, "administr": [3, 6, 8, 14, 15, 17], "adopt": 5, "advanc": [5, 17], "advis": [8, 12, 13], "ae": 0, "ae84834f389ee69888665b90a3e4fcc": 6, "af": 6, "af9a": [12, 13], "afd09e720b918cedc2b8a881950bab6a1051e18ae16a814d51e609938663d5e1": [9, 12], "aftauxhmvd9pyqtj6fmuhc": 6, "after": [1, 8, 9, 12, 13, 14, 18, 19], "again": [3, 8, 12, 13, 17], "against": [1, 8, 17, 18], "agent": [8, 12, 13], "agre": [9, 12, 17], "agreement": [0, 4, 9, 12], "aid": 17, "aim": [4, 5, 6, 8, 18], "ajx": 6, "akhaw": 16, "alen": 3, "alg": [0, 6, 7, 8, 11, 12, 13, 14, 17, 18, 19], "alg_values_support": 18, "algorithm": [5, 6, 7, 8, 11, 12, 13, 14, 16, 17, 18, 19], "alias": [12, 13], "alifuoco": 3, "align": [5, 17], "all": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "allow": [1, 4, 6, 7, 8, 9, 10, 12, 13, 14, 15, 17, 18, 19], "allowed_leaf_entity_typ": 17, "alon": 8, "along": [6, 8, 9, 12, 13, 14, 18, 19], "alpha": 6, "alphanumer": 8, "alreadi": [4, 8, 14, 18], "also": [3, 4, 6, 7, 8, 11, 12, 13, 14, 15, 17, 18, 19], "altern": [4, 12, 13], "altmann": 3, "alwai": [3, 4, 10, 15, 17], "ambigu": 16, "amend": 3, "american": 16, "amir": 3, "amministrazioni": 16, "among": [4, 14, 17], "amount": [8, 17], "an": [1, 3, 4, 6, 7, 8, 9, 11, 12, 13, 14, 15, 17, 18, 19], "anagraph": 6, "analysi": 4, "anchor": [5, 7, 8, 11, 19], "andrea": 3, "android": [4, 18, 19], "anew": 17, "ani": [4, 6, 8, 9, 12, 13, 14, 17, 18], "annex": [1, 8], "annotazioni": 7, "anonym": [4, 10, 17], "anoth": [4, 7, 12, 13, 15, 18], "anpr": 6, "antonio": [9, 12], "anymor": [12, 13, 18], "anyon": 3, "api": [4, 5, 8, 12, 13, 18, 19], "apolog": 3, "apologi": 3, "app": [4, 8, 9, 12, 18, 19], "appear": [4, 6], "append": [12, 13], "appendix": 0, "appl": [4, 18], "appli": [8, 12, 13, 14, 17, 18], "applic": [1, 3, 4, 8, 11, 12, 13, 14, 15, 16, 17, 18, 19], "application_typ": [7, 11], "approach": [3, 6, 15, 17, 18], "appropri": [9, 12, 13, 14, 18], "april": 16, "ar": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "arbitrari": 4, "architectur": [4, 5, 8, 15, 16, 17, 18, 19], "area": 18, "arf": [4, 5, 6, 16, 17, 18], "arial": 6, "aris": [12, 13], "arrai": [6, 7, 8, 9, 11, 12, 13, 14, 17, 18, 19], "articl": 4, "artifact": [4, 17], "as_metadata": 7, "ascii": 8, "ask": [9, 12, 13, 14, 19], "aspect": [12, 13], "assert": [4, 5, 6, 8, 16, 17, 18, 19], "assess": [4, 17, 18], "asset": [4, 19], "assign": [10, 12, 13, 14, 17], "associ": [4, 7, 11, 14, 17, 18, 19], "assum": [8, 17], "assumpt": 8, "assur": [4, 6, 12, 13, 14, 16, 19], "assurance_level": [6, 9, 12], "asymmetr": [0, 8, 18], "ath": 8, "attach": [8, 17], "attack": [1, 8, 10, 18], "attain": 17, "attempt": [12, 13, 18], "attend": 7, "attest": [1, 4, 5, 6, 7, 8, 11, 12, 13, 14, 15, 16], "attest_jwt_client_auth": 7, "attestkei": 4, "attribut": [1, 4, 5, 6, 8, 9, 12, 13, 14, 17, 19], "aud": [8, 12, 13, 14, 18], "audit": [1, 17], "audit_rest_02": 1, "autent": [12, 13], "auth": [7, 8, 16], "authent": [0, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19], "authentic_sourc": 6, "authenticator_assurance_level": 4, "authet": 6, "author": [1, 4, 5, 6, 7, 11, 14, 15, 16, 17, 18, 19], "authorit": 4, "authority_hint": [7, 11, 17, 19], "authorization_cod": [7, 8], "authorization_detail": 8, "authorization_encrypted_response_alg": 7, "authorization_encrypted_response_enc": 7, "authorization_endpoint": [7, 12, 13, 18], "authorization_serv": [7, 17], "authorization_signed_response_alg": [7, 11], "authorization_signing_alg_values_support": 7, "auto": 8, "autom": [4, 14, 17], "automat": [7, 17], "autonom": 17, "autonomi": 17, "autorit\u00e0": 7, "avail": [1, 3, 8, 12, 13, 17, 18, 19], "avoid": 15, "aw8ixq": 6, "awar": 14, "awrlci5legftcgxllm9yzyisicjpyxqioiaxnjgzmdawmdawlcaizxhwijogmtg4mzaw": 6, "awz": [12, 13], "azpx7u7r": 8, "b": [9, 12, 16], "b01b8208d9e6cc834d87dc356ab50170": 8, "b0d43e4e2ea534e4d5304e64bcf7a0f13e2c8ee8304b9cd23aba4909652a4647": [9, 12], "b16e8cf858ddc7690407ba61d4c338237a8cfcf3de6aa672fc60a557aa32fc67": [9, 12], "b3jniiwgimlhdci6ide2odmwmdawmdasicjlehaioiaxodgzmdawmdawlcaic3viijog": 6, "b6672b6149af": 8, "b6672b6149bg": 8, "b820963964e53af064686dd9218303494a": 6, "back": [4, 8, 14, 18], "backend": [4, 18], "backup": 5, "backward": 6, "bad": [8, 12, 13, 14], "balanc": [10, 12, 13], "band": 14, "base": [3, 4, 8, 9, 12, 14, 15, 16, 17, 18], "base64": [7, 18], "base64url": [6, 8, 12, 13, 14, 18], "basi": 16, "basic": 19, "bastian": 16, "bastien": 3, "bb6e6c68d1b4b4ec5a2ae9206f5t4": 6, "bbc77e6cca981a3ad0c3e544edf86": 6, "bc5568239e35ce9ff8798c27ffdcd757b134b679f0fe05729aa3491381912e65": [9, 12], "bcp": [4, 16], "bcp47": 7, "bearer": 18, "becaus": [12, 13, 14, 18], "becom": [8, 14, 18, 19], "bedrock": 4, "been": [3, 8, 14, 18], "befor": [3, 4, 8, 12, 13, 17], "begin": [8, 9, 12], "behalf": [4, 14, 17], "behavior": 17, "being": [4, 6, 8, 9, 12, 18], "belong": 4, "below": [0, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 17, 18, 19], "berner": 16, "best": 16, "better": [12, 13, 14], "between": [1, 4, 8, 9, 10, 12, 13, 14, 15, 17, 18, 19], "beyond": [14, 17], "bfue3h": 6, "bgcioiaic2hhlti1niisicjjbmyioib7imp3ayi6ihsia3r5ijogikvdiiwgimnydii6": 6, "binari": 6, "bind": [4, 8, 12, 13, 17, 18], "biometr": 19, "birth": [6, 7], "birth_dat": [6, 7, 9, 12], "bit": [0, 8, 12, 13, 16], "bith_dat": [12, 13], "bitsr": 6, "black": 6, "ble": [9, 12], "bleoption": [9, 12], "block": [0, 9, 12, 14], "bluetooth": [9, 12], "bodi": [4, 8, 12, 13, 14, 17, 18], "bomgktw1rbikntw8fzx_bel4ybandr6ahsdgpatfcig": 6, "bool": [9, 12], "boolean": [7, 14, 18], "bootload": 18, "border": [15, 17], "born": 6, "both": [1, 6, 8, 9, 12, 13, 14, 15, 17, 18, 19], "bound": [4, 6, 7, 8, 14, 17, 18], "bradlei": 16, "bradner": 16, "brai": 16, "brainpool": 0, "brainpoolp256r1": 0, "brainpoolp384r1": 0, "brainpoolp512r1": 0, "branch": 3, "braun": 16, "breach": 17, "brief": 3, "browser": 8, "bstr": [6, 9, 12], "build": 17, "built": 17, "busi": 3, "bwc4jk": 8, "by0": 6, "byleaf": 17, "byte": [6, 9, 12], "bytrustanchor": 17, "bzmxamz6rna4wtjevzbslwzjtwvxd2u3ruxhdkdvse13tujwdte0rsisicjwuuktuzft": 6, "c": 16, "c05yv0jimhhxwg9htnk1oulps0nbcwtzbvffbyj9": 8, "c0ef486b2a194ed3cbf7f354fd400921": [9, 12], "c3npil0": 6, "c3rhdhvzijogeyjzdgf0dxnfyxnzzxj0aw9uijogeyjjcmvkzw50awfsx2hhc2hfywxn": 6, "c5f73e250fe869f24d15118acce286c9bb56b63a443dc85af653cd73f6078b1f": 6, "c65c": 8, "c8b708728e4c5756e35c03aeac257ca878d1f717d7b61f621be4d36dbd9b9c16": 6, "c950c0e6fdeb5de50a50096b247af03c": 8, "c_nonc": 8, "c_nonce_expires_in": 8, "c_xmtn3db9t0jjjptqeba": 6, "cab": 4, "cach": 8, "calcul": [6, 8, 9, 12], "call": 17, "campbel": 16, "can": [1, 3, 6, 7, 8, 9, 12, 13, 14, 15, 17, 18, 19], "candid": 17, "cannot": [4, 8, 12, 13, 14, 17, 18], "capabl": [8, 12, 13, 17, 18, 19], "capit": 4, "card": [4, 7, 18], "carri": [4, 6, 8, 12, 13, 17], "carta": 7, "case": [1, 4, 5, 6, 7, 8, 12, 13, 17, 18], "catalogu": 1, "categori": [4, 7], "cater": 19, "caus": 8, "cb": [8, 12, 13], "cbor": [5, 8, 9, 14], "cbortag": 6, "ccordiant": 6, "cefal\u00f9": 3, "cek": 0, "central": [9, 12, 15, 17], "cerini": 3, "certain": [4, 8, 9, 12, 13], "certif": [1, 4, 6, 14, 15, 17, 18], "certifi": [4, 17, 18, 19], "cf57377b675f64f37314739592c1e8a911a7ddaf341ce2902fe877c5a835e4c1": [9, 12], "chain": [0, 4, 5, 6, 8, 12, 13, 18], "challeng": [7, 8, 18], "chang": [3, 6, 12, 13, 14, 17], "channel": [3, 8, 9, 12, 14], "charact": [6, 8, 16], "character": 15, "characterist": 4, "charset": 8, "check": [4, 5, 8, 9, 14, 17, 18], "chiozzi": 3, "choos": [10, 15], "chosen": [8, 12, 13], "cie": [4, 6, 7, 16], "cipher": [0, 9, 12], "circumst": [14, 19], "citizen": [3, 4, 6, 15], "civil": [9, 12], "claim": [2, 4, 5, 7, 8, 11, 12, 13, 14, 17, 18, 19], "claimset": 8, "clarif": 3, "clarifi": [8, 12, 13, 14, 18], "clariti": [12, 13], "clear": [4, 12, 13, 17], "cliam": 6, "client": [1, 7, 8, 9, 11, 12, 13, 16, 17, 18, 19], "client_data": 18, "client_data_hash": 18, "client_id": [7, 8, 11, 12, 13], "client_id_schem": [12, 13], "client_metadata": [12, 13], "client_metadata_uri": [12, 13], "client_nam": [7, 11], "client_registration_types_support": 7, "close": 17, "closur": [9, 12], "cm": 8, "cmsioiaizwlkyxmilcaiyxnzdxjhbmnlx2xldmvsijogimhpz2gilcaizxzpzgvuy2ui": 6, "cnf": [6, 7, 8, 11, 12, 13, 14, 18], "code": [5, 6, 7, 8, 9, 12, 13, 14, 16, 17, 18], "code_challeng": 8, "code_challenge_method": 8, "code_challenge_methods_support": 7, "code_verifi": 8, "codic": 7, "codificata": 7, "cogfqwztpbirqpnlrg": 18, "cognom": [6, 7], "cointain": [6, 8], "collect": [4, 6, 7, 8, 12, 13, 17], "collis": [6, 8, 18], "color": 6, "com": [3, 8, 12, 13, 18], "combin": [6, 17, 18], "come": [0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "command": [9, 12], "comment": 3, "commiss": [4, 5], "common": [4, 5, 7, 11], "commonli": 5, "commun": [1, 3, 4, 5, 8, 9, 12, 13, 14], "compani": 15, "compat": [6, 17, 19], "compet": 4, "complement": [4, 17], "complet": [4, 12, 13, 15, 19], "complex": 17, "compli": 17, "complianc": [1, 4, 6, 8, 10, 12, 13, 14, 17, 18, 19], "compliant": [4, 7, 9, 11, 12, 13, 16, 18], "compon": [4, 5, 8, 9, 12, 13, 17], "compos": [8, 12, 13, 18], "comprehens": 19, "compris": 7, "compromis": [14, 17, 18], "comput": [9, 12, 14, 18], "concat": 0, "concaten": [17, 18], "conceal": 6, "concern": [3, 5, 17], "concis": 6, "condit": [4, 6, 7, 8, 9, 12, 13, 14], "conduct": [4, 8], "confid": [4, 9, 12], "confidenti": [8, 17], "configur": [4, 5, 8, 18, 19], "confin": 4, "confirm": [4, 6, 8, 14, 18], "conform": 4, "connect": [3, 4, 6, 7, 8, 9, 11, 12, 14, 16, 19], "consent": [8, 9, 12, 13, 17, 18], "consequ": 3, "consid": [4, 8, 9, 12, 17, 18], "consider": 5, "consist": [4, 6, 7, 8, 10, 11, 19], "const": [7, 11, 12, 13], "constant": 7, "constant_attendance_allow": [6, 7], "constitut": 4, "constraint": [7, 11, 12, 13, 17, 18], "construct": 18, "contact": [7, 8, 11, 17], "contain": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "content": [0, 4, 6, 8, 12, 13, 14, 18], "contenuti": [0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "context": [4, 10, 18, 19], "continu": [12, 13], "contractu": 4, "contribut": 5, "control": [4, 6, 8, 10, 15, 17, 18, 19], "convei": 17, "conveni": 19, "convent": 5, "convers": [12, 13], "cooki": [12, 13], "coordiant": 6, "coordin": [6, 9, 12], "core": [4, 6, 8, 16, 17], "correct": [12, 13], "corrent": 3, "correspond": [6, 8, 9, 12, 13, 14, 17, 18], "cose": 6, "cose_kei": 14, "cose_sign1": [9, 12], "cost": [15, 17], "could": [12, 13, 17], "count": [12, 13], "countermeasur": 8, "countri": [6, 7], "country_cod": [9, 12], "creat": [4, 8, 9, 12, 13, 14, 18], "creation": [8, 12, 13, 14, 17, 18], "credenti": [1, 4, 5, 7, 9, 11, 12, 13, 15, 16, 17, 18, 19], "credential_accept": 8, "credential_already_revok": 14, "credential_configuration_id": 8, "credential_configurations_support": [7, 8], "credential_delet": 8, "credential_endpoint": 7, "credential_failur": 8, "credential_hash": 14, "credential_hash_alg": [6, 14], "credential_invalid": 14, "credential_issu": 7, "credential_not_found": 14, "credential_pop": 14, "credential_revok": 14, "credential_signing_alg_values_support": 7, "credential_status_valid": 14, "credential_upd": 14, "credentialsubject": [12, 13], "credentialx": [12, 13], "criteria": [12, 13, 17], "critic": [4, 12, 13], "cross": [5, 10, 17], "crucial": [4, 12, 13, 14], "crv": [6, 7, 8, 9, 11, 12, 14, 17, 18, 19], "cryptograf": 17, "cryptograph": [4, 5, 6, 7, 8, 11, 12, 13, 14, 15, 17, 18, 19], "cryptographi": 17, "cryptographic_binding_methods_support": 7, "csrc": 4, "cupi": 3, "curfc21sbddzcg9wzm1cegl4udeyztrzexforsisicjhqlzkzmnuefqwwjvscndkefpt": 6, "current": [4, 6, 7, 8, 12, 13, 14, 16, 17, 18], "curv": [0, 6, 9, 12, 18], "custom": 18, "cycl": 14, "d": 16, "d126a6a856f7724560484fa9dc59d195": 6, "d2jhy2nhbg91cmvqdwfuzgft": 18, "d4e0bb387aa2556ff306925fdfb9a765": 8, "d76c51b7": [7, 11], "da": [0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "dab8ef51": 8, "dai": 8, "damag": [12, 13], "data": [1, 4, 5, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "data_sourc": 6, "databas": 14, "datael": [9, 12], "dataitemnam": [9, 12], "dataitemvalu": [9, 12], "date": [6, 7, 14, 16, 17, 18], "datetim": [6, 19], "dati": 16, "db143143538f3c8d41dc024f9cb25c9d": 6, "db67gl7ck3tfiiaf7n6_7shvqk0mdymeqcogglkuaaw": 6, "dbjftjez4cvp": 8, "de": [3, 16], "de21bb62ff2897d8b986d2cda9f9bc5865c02807f7b4d9dd1fa4a79df4c0d37f": [9, 12], "deactiv": [5, 18], "decemb": 16, "decentr": 5, "decid": [6, 14, 18], "deciph": [12, 13], "decis": 8, "declar": 6, "decod": [6, 8, 12, 13, 14], "decoi": 6, "decre": 5, "decrypt": [9, 12, 13], "dedic": [4, 17, 18], "deem": [12, 13], "default": [0, 17], "default_acr_valu": 7, "defdf1aa746718016ef1b94bfe5r6": 6, "defens": 18, "defer": [5, 14], "defin": [1, 5, 6, 7, 8, 9, 11, 12, 13, 14, 17, 18, 19], "definit": [4, 12, 13, 14, 16, 17, 19], "definition_id": [12, 13], "degli": 6, "degre": 4, "dei": 16, "deleg": [17, 18], "delet": [14, 18], "delimit": 6, "dell": [6, 7, 16], "della": [7, 16], "dello": [9, 12], "demonstr": [1, 4, 8, 9, 12, 16, 17, 19], "denot": 8, "densiti": [12, 13], "depend": [4, 6, 8, 10, 12, 13, 14, 18, 19], "depict": 18, "deploy": 4, "deriv": [0, 4, 6, 8, 9, 12, 14, 17], "describ": [4, 6, 7, 8, 9, 12, 13, 14, 17, 18], "descript": [0, 2, 3, 4, 6, 7, 8, 9, 11, 12, 13, 14, 17, 18], "descriptor_map": [12, 13], "deselect": [12, 13], "design": [3, 4, 15, 17], "destruct": [9, 12], "detail": [1, 5, 6, 7, 8, 9, 14, 17, 18, 19], "detect": [17, 18], "determin": [7, 8, 12, 13, 15, 17, 18, 19], "dettagli": 7, "develop": [3, 5, 17, 18], "devic": [4, 5, 8, 14, 17, 18, 19], "deviceauth": [6, 9, 12], "devicecheck": 18, "devicekei": [6, 9, 12], "devicekeyinfo": [6, 9, 12], "devicemac": 6, "devicenamespac": [9, 12], "deviceretrievalmethod": [9, 12], "devicesign": [6, 9, 12], "devicesignatur": [6, 9, 12], "devicesigneditem": 6, "dhljyxjkiiwginzjdcnpbnrlz3jpdhkioiaimmu0mgjjzdy3otkwmdgwodvmzmixytfm": 6, "di": [6, 7, 16, 18], "diagnos": [12, 13], "diagnost": [6, 9, 12], "diagram": [9, 12, 13, 14, 18], "dif": 11, "differ": [4, 6, 8, 9, 10, 12, 13, 14, 15, 17, 18], "diffi": 0, "digest": [6, 12, 13], "digestalgorithm": [6, 9, 12], "digestid": [6, 9, 12], "digit": [0, 1, 4, 5, 8, 12, 13, 14, 17, 18, 19], "digital": 16, "dijk": 3, "direct": 5, "direct_post": [11, 12, 13], "directli": [4, 6, 8, 10, 12, 13, 17, 18], "diritto": 7, "disabilitycard": [6, 8], "disabilit\u00e0": 7, "disabl": [7, 17], "disclos": [6, 8, 9, 12, 17], "disclosur": [6, 12, 13, 16, 17], "discov": 8, "discoveri": [4, 7, 8, 12, 13, 17], "discret": 18, "discuss": [3, 10, 18], "dispatch": [9, 12], "displai": [6, 7, 9, 12, 13], "disput": 17, "distinct": [18, 19], "distribut": 17, "divers": 17, "divid": [9, 12, 14, 17, 18], "do": [8, 12, 13, 14, 17, 18], "doc": 3, "docrequest": [9, 12], "doctyp": [6, 8, 9, 12], "document": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "document_numb": [6, 7, 9, 12], "documentazion": [0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "documento": 7, "doe": [9, 12, 13, 18], "doesn": [9, 12, 14, 17], "doi": 16, "domain": [4, 6, 14], "domest": [6, 9, 12], "don": 17, "download": [12, 13], "dpop": [8, 16], "draft": [3, 11, 12, 14, 16, 17], "drive": [6, 7, 16], "driver": 7, "driving_privileg": [7, 9, 12], "driving_privileges_detail": 7, "due": [8, 12, 13, 14], "duplic": 8, "durat": 4, "dure": [1, 3, 4, 6, 8, 9, 12, 13, 14, 15, 17, 18, 19], "duzhinov": 3, "dvhobxzkoxb5uvrknkznvwhjlupyzkhyeghmayisicj6vmrnagntq2xnvldsvwdhc0dw": 6, "dx": 6, "dynam": [5, 8, 11, 17], "dzhuvinov": 16, "e": [0, 1, 4, 6, 8, 9, 12, 14, 15, 16, 17, 18, 19], "e0b70bcefbd43686f345c9ed429343aa": 6, "e151": 14, "e2382149255ae8e955af9b8984395": 6, "e353ea0b0fd92b6be90c64cc3b2ee1284153a8f0f5066b99aac599200e6eeeb2": [9, 12], "e453": 14, "e6048bdc7fd6454296f1e3f54536107c9c5b24c4064de46a98121e3630eecca2": [9, 12], "e9melhoa2owvfremtjguchaoek1t8urwbugjsstw": 8, "ea90": [7, 11], "eaa": [1, 4, 5, 12, 17, 18, 19], "each": [4, 6, 7, 8, 9, 11, 12, 13, 14, 17, 18, 19], "earli": 17, "earliest": 17, "eavesdrop": [9, 12], "eb12193dc66c6174530cdc29b274381f": 6, "ec": [4, 6, 7, 8, 9, 11, 12, 13, 14, 17, 18, 19], "ec2": [6, 9, 12], "ecdh": 0, "ecdsa": 0, "ecosystem": [4, 5, 15, 17, 18, 19], "eddsa": 18, "edevicekei": [9, 12], "editori": [3, 4], "educ": 15, "eea": 4, "eeed6a3b856563627589a360939d12f7": [9, 12], "eevzdhferxntumw3c3bvvmztqnhpefaxmmu0c3lxtkuilcaiczfyszvmmnbnmy1hrlrh": 6, "effici": [15, 17], "eg": [4, 12, 13, 17], "egieei5iuzr6r0mr02lnvq0omekmnkcji": [18, 19], "ehh4ec14ehh4lxh4ehgtehh4ec14ehh4ehh4ehh4ehgixq": 6, "ehh4lxh4ehgtehh4ec14ehh4ehh4ehh4ehgixq": 6, "ei8zwm9qnkppnpenenhdhq": 6, "eid": [7, 8], "eida": [4, 5, 6, 8, 9, 12, 15, 16, 17], "either": [6, 7, 8, 12, 13, 17, 18], "ej9vmzwmcxoccuwin0zt0js4m_shneig6tlxrqj": 17, "ekfumzrmohdhnurva1zcmezzbgftsljbqwm4stnstjexrmzjiiwgilzrss1tmw1umut4": 6, "electron": [4, 5, 17, 19], "electronic_record": [9, 12], "eleg": [12, 13], "element": [6, 9, 12, 14, 15, 18], "elementidentifi": [6, 9, 12], "elementvalu": [6, 9, 12], "elenco": 7, "elig": [4, 5], "elimin": [15, 18], "elipt": 6, "elisa": 3, "ellipt": [0, 9, 12, 18], "eluv5og3gsnii8eynsxa_a": 6, "em3cmnzghiyfsq090n6b3op7laaqj8rghmhxgmjstqg": 17, "email": [8, 14, 17], "emanuel": 3, "embed": [4, 9, 12], "emerg": 17, "emiliano": 3, "empir": 4, "emploi": [12, 13, 17], "empow": 17, "empti": [6, 9, 12], "en": [6, 7], "enabl": [0, 4, 8, 12, 13, 14, 15, 17], "encapsul": 4, "enclav": [4, 18, 19], "encod": [6, 7, 8, 9, 12, 13, 14, 16, 18], "encompass": [6, 18], "encount": [8, 12, 13, 14, 18], "encourag": 3, "encrypt": [0, 6, 8, 9, 12, 13, 14, 16, 17, 18], "end": [8, 9, 12, 13, 14, 17], "endpoint": [4, 5, 6, 7, 11, 14, 18], "energi": [9, 12], "enforc": [4, 14, 17], "engag": [5, 19], "enhanc": [3, 4, 5, 12, 13, 15, 17], "enno31jfzfp8y2dw0r": 6, "enough": 8, "ensur": [1, 3, 4, 5, 8, 12, 13, 14, 15, 17, 18, 19], "enter": [12, 13, 17, 19], "entir": [4, 6, 7, 8, 17, 18, 19], "entiti": [4, 5, 8, 10, 12, 13, 14, 18, 19], "entitl": 14, "entity_id": [12, 13], "entity_typ": 17, "entityconfigur": 17, "entitystat": 17, "entri": [6, 14, 17], "entropi": [8, 12, 13], "enum": [12, 13], "envelop": 14, "environ": [4, 12, 13, 18, 19], "envis": 15, "ephemer": [0, 9, 12, 18], "equal": [8, 12, 13, 17, 18], "ereaderkei": [9, 12], "errata": 16, "error": [5, 8, 18], "error_descript": [8, 12, 13, 14, 18], "es256": [0, 6, 7, 8, 11, 12, 13, 14, 17, 18, 19], "es256k": 18, "es384": [0, 7, 11, 12, 13, 17, 18, 19], "es512": [0, 7, 11, 12, 13, 19], "esc0w8acc191": 8, "esempi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "especi": 17, "essenti": [18, 19], "establish": [4, 5, 8, 9, 12, 13, 15, 17, 19], "estim": 1, "etc": [8, 14, 17], "ethic": 4, "etsi": [0, 6], "eu": [5, 6, 12, 13, 17, 18, 19], "eudi": [3, 4, 9, 12, 16, 17, 19], "eudiw": [6, 12, 13, 17, 18], "euicc": 18, "europa": [6, 12, 13, 17], "europea": 7, "european": [4, 5, 7, 15], "europeandisabilitycard": [7, 8], "evalu": [4, 5, 8, 12, 13, 18, 19], "even": [8, 12, 13, 14, 15, 17], "event": [3, 8], "event_descript": 8, "everyon": 3, "evfusjzgtvvoyy1kwgzicnhotgsilcaielzkz2hjbunstvzxbfvnr3nhcfnrq1brruha": 6, "evid": [1, 6, 8, 9, 12, 14], "evolv": [6, 17], "exampl": [0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 16, 17, 18, 19], "exce": 8, "except": 17, "exchang": [1, 4, 7, 8, 9, 12, 13, 14, 15, 16, 17, 19], "exclus": [9, 12, 18], "execut": [4, 18, 19], "exist": 18, "exp": [6, 7, 8, 11, 12, 13, 14, 17, 18, 19], "expand": 8, "expect": 4, "experi": [8, 12, 13, 15], "experiment": 19, "expir": [6, 7, 8, 10, 12, 13, 14, 17, 18, 19], "expires_in": 8, "expiri": [6, 7, 8, 14, 17, 18], "expiry_d": [6, 7, 9, 12], "explicit": [12, 13], "explicitli": [8, 12, 13], "exploit": [12, 13], "expos": [8, 17], "express": 4, "exted": 6, "extend": [6, 19], "extens": 17, "extern": [4, 5, 17, 18], "extract": [12, 13], "ey71": 8, "eyj0exaioij2yytzzc1qd3qilcjhbgcioijfuzi1niisimtpzci6imm5ntbjmgu2zmrlyjvkztuwytuwmdk2yji0n2fmmdnjin0": 8, "eyj0exaioijhdctqd3qilcjhbgcioijfuzi1niisimtpzci6imm5ntbjmgu2zmrlyjvkztuwytuwmdk2yji0n2fmmdnjin0": 8, "eyj0exaioijkcg9wk2p3dcisimfszyi6ikvtmju2iiwiandrijp7imt0esi6ik": 8, "eyj0exaioijvcgvuawq0dmnplxbyb29mk2p3dcisimfszyi6ikvtmju2iiwiandrijp7imt0esi6ikvdiiwiy3j2ijoiuc0yntyilcj4ijoicfzvm2phdhu0ytn0azljowfvd1znthlcql9ysjdnltnxbgprmwvqvxoyrsisinkioijutdvptnzslulnyxjuz3j6nwpkdnnwb2zmekz3y2pqunrgvwtlbmvirukwin19": 8, "eyjfc2qioibb": 6, "eyjfc2qiolsiq1jjqkdpbwhhbe1tszhlzuxmnzg2n0w4chv6meznrtvas1vxlw12n0hiyyisilhhzjvjzfvgc0uzywtabeszt0e5d3dhcjjkcvawuu01m3bby2hiemprzmmilcjjr2fuqvdysg9wqvoyalbhnxk0sze3u0xpywfkcgrnuf9pdnbmtgx0vwjjiiwinefuzu1zvvaxrwh3emrhdkrqoehobnrargn1ejzrohhhwvj0nxo0shh0ssisijruytvxshrmyzdrynnxdhfvahd6wxdvduqty3hkvmdenmraltl0zudhz3milcjizs10a2u3yvu0wmhdnwuxcgzqrjcxuwpfrzrszg1iafroufl1tnqyoho0iiwisnnkahhtmwrvttjan29mumzywvjvoffeadj4m1dqnkdilujny21ddzjgayisilvobxbrsy1hs3hzahjwxzzwyvpfzzrovg5fx29aevdob01ztgnamuhlmjgilcjodddqu3rxmkeywkliuhbhdtjpdmvsek9rbwpyuen1v0rbdy0tdktsqtbjiiwiv3rtck5jvzftvkn0unznuf9um2ytrglhrudhns1ivk5rwgjrckowrnpzrsjdlcjlehaioje3ndy1mtu5nzisimlzcyi6imh0dhbzoi8vzwfhlxbyb3zpzgvylmlwenmuaxqilcjzdwiioijoemjmc1hoohveq2nkn25vv1hgwkfmsgt4wnnsr0m5whmilcjzdgf0dxmionsic3rhdhvzx2f0dgvzdgf0aw9uijp7imnyzwrlbnrpywxfagfzaf9hbgcioijzagetmju2in19lcj2y3qioijeaxnhymlsaxr5q2fyzcisil9zzf9hbgcioijzagetmju2iiwiy25mijp7imp3ayi6eyjrdhkioijfqyisimnydii6ilatmju2iiwieci6inbwvtnqyxr1ngezdgs5yzlhb3dwz0x5qkjfcko3ts0zv2xqazflalv6mkuilcj5ijoivew1t052ui1jz2fybmdyejvqzhzzcg9mznpgd2nqufj0rlvrzw5lsevjmcj9fx0": 8, "eyjhbgcioiairvmyntyilcaidhlwijogimv4yw1wbgurc2qtand0in0": 6, "eyjhbgcioijfuz": 18, "eyjhbgcioijfuzi1nii": [12, 13], "eyjhbgcioijfuzi1niisimtpzci6ik5gttfxvvzpvwxzelvxcexhbwxmy0vwufjwwtjwwfpjumpcblfywm1ssghlwvvwwvvszfrrbkeytkeilcj0exaioijhchbsawnhdglvbi9lbnrpdhktc3rhdgvtzw50k2p3dcj9": 17, "eyjhbgcioijfuzi1niisimtpzci6ikvvrzbfdlrwauk1ru5aqxdvq0lvtwdqqvk4x1visw5fmkhiwlmxn3rfqzaifq": 8, "eyjhbgcioijfuzi1niisimtpzci6ilnurkrxv2hky0dwwfgzqjnsvmraywtsq0xutnvna000wtngnlfutk9krxryzfhgwvlywjjjwgn0uveilcj0exaioijhchbsawnhdglvbi9lbnrpdhktc3rhdgvtzw50k2p3dcj9": 17, "eyjhbgcioijfuzi1niisimtpzci6imtoakzwte9nrjnheg": 18, "eyjhbgcioijfuzi1niisimtpzci6imvxa3pubwt0ww5kblzhmwxhmju1zdjkq2rvzersazqwuwt0wvlvmwfhrfzyt1robfphdfdxsgq1wncilcj0exaioijhchbsawnhdglvbi9lbnrpdhktc3rhdgvtzw50k2p3dcj9": 17, "eyjhbgcioijfuzi1niisinr5cci6indhbgx": 18, "eyjhbgcioijfuzi1nij9": 8, "eyjhbgcioijsuzi1niisimtpzci6": 6, "eyjlehaioje2ndk1ota2mdisimlhdci6mty0otqxnzg2miwiaxnzijoiahr0chm6ly9ycc5legftcgxllm9yzyisinn1yii6imh0dhbzoi8vcnauzxhhbxbszs5vcmcilcjqd2tzijp7imtlexmiolt7imt0esi6ikvdiiwia2lkijoitkznmvdvvmlvbfl6vvdwtgftbgzjrxbqulzzmlzywklsakjuuvhabvjiaetzvvzzvwxkvffuqtjoqsisimnydii6ilatmju2iiwieci6invzbemzd2qtcfgzd3o0yljzbnd5m2x6cgjhwkzotjk2aewyquhbm01rnlkilcj5ijoivkxdqlhgv2xktlnosxo4a0gyoxzmujromthca3dht1gynnprb3j1utfnncj9xx0sim1ldgfkyxrhijp7im9wzw5pzf9yzwx5aw5nx3bhcnr5ijp7imfwcgxpy2f0aw9ux3r5cguioij3zwiilcjjbgllbnrfawqioijodhrwczovl3jwlmv4yw1wbguub3jnlyisimnsawvudf9yzwdpc3ryyxrpb25fdhlwzxmiolsiyxv0b21hdgljil0simp3a3mionsia2v5cyi6w3sia3r5ijoirumilcjrawqioijork0xv1vwavvswxpvv3bmyw1szmnfcfbsvlkyvlhasvjqqm5rwfptukhos1lvvllvbgruuw5bmk5biiwiy3j2ijoiuc0yntyilcj4ijoidxnsqzn3zc1wwdn3ejriullud3kzbhpwykdarmhootzotdjbseeztve2wsisinkioijwtencwezxbgrou05jejhrsdi5dkxsne4xoejrd0dpwdi2elfvcnvrmu00in1dfswiy2xpzw50x25hbwuioijoyw1lig9migfuigv4yw1wbgugb3jnyw5pemf0aw9uiiwiy29udgfjdhmiolsib3bzqhjwlmv4yw1wbguuaxqixswiz3jhbnrfdhlwzxmiolsicmvmcmvzaf90b2tlbiisimf1dghvcml6yxrpb25fy29kzsjdlcjyzwrpcmvjdf91cmlzijpbimh0dhbzoi8vcnauzxhhbxbszs5vcmcvb2lkyy9ycc9jywxsymfjay8ixswicmvzcg9uc2vfdhlwzxmiolsiy29kzsjdlcjzy29wzsi6imv1lmv1cm9wys5lyy5ldwrpdy5wawqumsblds5ldxjvcgeuzwmuzxvkaxcucglklml0ljegzw1hawwilcjzdwjqzwn0x3r5cguioijwywlyd2lzzsj9lcjmzwrlcmf0aw9ux2vudgl0esi6eyjmzwrlcmf0aw9ux3jlc29sdmvfzw5kcg9pbnqioijodhrwczovl3jwlmv4yw1wbguub3jnl3jlc29sdmuviiwib3jnyw5pemf0aw9ux25hbwuioijfegftcgxlifjqiiwiag9tzxbhz2vfdxjpijoiahr0chm6ly9ycc5legftcgxllml0iiwicg9sawn5x3vyasi6imh0dhbzoi8vcnauzxhhbxbszs5pdc9wb2xpy3kilcjsb2dvx3vyasi6imh0dhbzoi8vcnauzxhhbxbszs5pdc9zdgf0awmvbg9nby5zdmcilcjjb250ywn0cyi6wyj0zwnoqgv4yw1wbguuaxqixx19lcj0cnvzdf9tyxjrcyi6w3siawqioijodhrwczovl3jlz2lzdhj5lmvpzgfzlnrydxn0lwfuy2hvci5legftcgxllmv1l29wzw5pzf9yzwx5aw5nx3bhcnr5l3b1ymxpyy8ilcj0cnvzdf9tyxjrijoizxlkacbcdtiwmjyifv0simf1dghvcml0ev9oaw50cyi6wyjodhrwczovl2ludgvybwvkawf0zs5lawrhcy5legftcgxllm9yzyjdfq": 17, "eyjlehaioje2ndk2mjm1ndysimlhdci6mty0otq1mdc0niwiaxnzijoiahr0chm6ly90cnvzdc1hbmnob3iuzxhhbxbszs5ldsisinn1yii6imh0dhbzoi8vaw50zxjtzwrpyxrllmvpzgfzlmv4yw1wbguub3jniiwiandrcyi6eyjrzxlzijpbeyjrdhkioijfqyisimtpzci6ilnurkrxv2hky0dwwfgzqjnsvmraywtsq0xutnvna000wtngnlfutk9krxryzfhgwvlywjjjwgn0uveilcjjcnyioijqlti1niisingioijyql9bogdcunh5njhvtkxzrkzlr0zmr2vmwu5xymgtszh1os1gylqyzkzjiiwiesi6ilnuwvk2y3njznkxcjbisfhltgjuvfzsamfndzhozznrues2wfvoc2uzdkuifv19lcj0cnvzdf9tyxjrcyi6w3siawqioijodhrwczovl3rydxn0lwfuy2hvci5legftcgxllmv1l2zlzgvyyxrpb25fzw50axr5l3royxqtchjvzmlszsisinrydxn0x21hcmsioijleupoyibcdtiwmjyifv19": 17, "eyjlehaioje2ndk2mjm1ndysimlhdci6mty0otq1mdc0niwiaxnzijoiahr0chm6ly9pbnrlcm1lzglhdguuzwlkyxmuzxhhbxbszs5vcmcilcjzdwiioijodhrwczovl3jwlmv4yw1wbguub3jniiwiandrcyi6eyjrzxlzijpbeyjrdhkioijfqyisimtpzci6ik5gttfxvvzpvwxzelvxcexhbwxmy0vwufjwwtjwwfpjumpcblfywm1ssghlwvvwwvvszfrrbkeytkeilcjjcnyioijqlti1niisingioij1c2xdm3dklxbym3d6ngjsww53etnsenbir1pgae45nmhmmkfiqtnnutzziiwiesi6ilzmq0jyrldsze5ttkl6ogtimjl2tfi0tje4qmt3r09ymjz6uw9ydvexttqifv19lcjtzxrhzgf0yv9wb2xpy3kionsib3blbmlkx3jlbhlpbmdfcgfydhkionsic2nvcguionsic3vic2v0x29mijpbimv1lmv1cm9wys5lyy5ldwrpdy5wawqumswgigv1lmv1cm9wys5lyy5ldwrpdy5wawquaxqumsjdfswicmvxdwvzdf9hdxrozw50awnhdglvbl9tzxrob2rzx3n1chbvcnrlzci6eyjvbmvfb2yiolsicmvxdwvzdf9vymply3qixx0sinjlcxvlc3rfyxv0agvudgljyxrpb25fc2lnbmluz19hbgdfdmfsdwvzx3n1chbvcnrlzci6eyjzdwjzzxrfb2yiolsiulmyntyilcjsuzuxmiisikvtmju2iiwirvm1mtiilcjquzi1niisilbtnteyil19fx0sinrydxn0x21hcmtzijpbeyjpzci6imh0dhbzoi8vdhj1c3qtyw5jag9ylmv4yw1wbguuzxuvb3blbmlkx3jlbhlpbmdfcgfydhkvchvibgljlyisinrydxn0x21hcmsioijleupoyibcdtiwmjyifv19": 17, "eyjpc3mioiaiahr0chm6ly9jbgllbnquzxhhbxbszs5jb20ilcaiyxvkijogimh0dhbzoi8vyxmuzxhhbxbszs5jb20ilcaibmjmijogmtmwmdgxntc4mcwgimv4cci6idezmda4mtkzodb9": 8, "eyjpc3mioii0n2i5odiznjk3otfkmdgwmdnhnzi4m2ywntljyjbkmsisimf1zci6imh0dhbzoi8vzwfhlxbyb3zpzgvylndhbgxldc5pchpzlml0l2nyzwrlbnrpywwilcjpyxqioje3mdu1nzawntusimv4cci6mtc3odkxndu2mcwibm9uy2uioij0c19fdfvrczbpzwljuzfowu5csevru295m2n0ngdwes00rlpld0hpbgtzin0": 8, "eyjpc3mioiigahr0chm6ly9jbgllbnquzxhhbxbszs5jb20ilcjhdwqioiigahr0chm6ly9hcy5legftcgxllmnvbsisimp0asi6ijvlzmy5yzfilwvkmgqtnddloc1hntuzlwy3ngrmmwjizwvkzcisimlhdci6mtcymji0otq0nywizxhwijoxnziymjq5nzq3fq": 8, "eyjpc3mioijodhrwczovl2vhys1wcm92awrlci53ywxszxquaxb6cy5pdcisinn1yii6imq0ztbiyjm4n2fhmju1nmzmmza2oti1zmrmyjlhnzy1iiwiyxvkijoiahr0chm6ly9lywetchjvdmlkzxiud2fsbgv0lmlwenmuaxqvy3jlzgvudglhbcisimlhdci6mtcxntg0mju2mcwizxhwijoxnzc4ote0ntywlcjqdgkioijmoty1nwnlyi1jnjvjltqwmjutotm3oc1injy3mmi2mtq5ymcilcjjbgllbnrfawqioii0n2i5odiznjk3otfkmdgwmdnhnzi4m2ywntljyjbkmsisimnuzii6eyjqa3qioii5nte1nzrhzwuxymi3ota3ywuxzwmzmta5zgiyyjiynsj9fq": 8, "eyjqd2sioib7imt0esi6icjfqyisicjjcnyioiaiuc0yntyilcaieci6icjuq0ffuje5": 6, "eyjqdgkioijlmwozvl9is2ljoc1mquvciiwiahrtij": 8, "f": 16, "f10aca0992694b3581f6f699bfc8a2c6cc687725": [7, 11], "f2461e4fab69e9f7bcffe552395424514524d1679440036213173101448d1b1ab4a293859b389ffa8b47aeed10e9b0c1545412ac37c51a76482cd9bbbe110152": [9, 12], "f8555ceb": 8, "f8a5966e6dac9970e0334d8f75e25": 6, "f9655ceb": 8, "f9ee4d36f67dbd75e23311ac1c29": 6, "facial": 19, "facilit": [3, 4, 17], "fact": 15, "factori": 18, "fail": [8, 12, 13, 14, 17], "failur": [12, 13, 14], "faiv8cncch43n07ybcwlejg4zo9o_xdefgiejdshk1ccj8yt9": 6, "fals": [9, 12, 13, 14, 18], "falsif": 18, "famili": [0, 6, 7], "family_nam": [6, 7, 9, 12, 13, 17], "fanfs3ync9tjicaivhwlvuj3axwggz_98urfaqme": [7, 11], "far": [8, 14], "fast": 5, "faulti": [12, 13], "fb43": 8, "fbf4de318982f2dbad43c601caeb22628b301ac18aa8264c5831b2aaac89c486": [9, 12], "fc91": [12, 13], "feasibl": [12, 13], "featur": [4, 12, 13, 14, 17, 18], "februari": 16, "fed": [6, 7, 8, 11, 12, 13, 16, 17, 18], "feder": [4, 5, 7, 8, 11, 12, 13, 16, 18, 19], "federation_ent": 5, "federation_fetch_endpoint": 17, "federation_list_endpoint": 17, "federation_resolve_endpoint": 17, "federation_trust_mark_status_endpoint": 17, "fetch": [12, 13, 17], "fett": 16, "ff217bdb0653": [12, 13], "ff_etuqs0ieiis1nynbheqsoy3ct4gpi": 8, "field": [4, 6, 7, 8, 9, 11, 12, 13, 14, 15, 16], "fifyx03bnosd8m6gyqifnhnp9cm_sam9tc5nlloiirc": 17, "fig": 8, "figur": [9, 12], "filter": [7, 8, 11, 12, 13], "fimewwe7elgvgohmwmbpu14": 6, "final": [9, 12, 13, 17], "find": [12, 13], "fingerprint": 19, "fip": 0, "first": [6, 7, 8, 12, 13, 18], "fiscal": 7, "flaw": 18, "flexibl": 17, "flow": [1, 5, 17, 18], "fly": 8, "fmlgrxfrzuv2gwmquh8": [7, 11], "focus": 17, "follow": [0, 1, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 15, 17, 18], "font": 6, "forbidden": [12, 13], "forc": 17, "forgotten": 3, "form": [4, 6, 8, 12, 13, 14, 15, 17, 18, 19], "form_post": [7, 8, 12, 13, 18], "formal": 4, "format": [4, 5, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 18, 19], "forward": [12, 13], "foster": 17, "foto": 7, "found": [8, 12, 13, 14, 18], "fr": 17, "fragment": [8, 12, 13], "frame": [12, 13, 18], "framework": [4, 5, 6, 8, 12, 13, 16, 17, 18, 19], "francesco": 3, "fraud": 15, "free": 3, "fresh": [8, 12, 13, 17, 18], "friendli": [12, 13], "from": [1, 3, 4, 6, 7, 8, 9, 12, 13, 14, 17, 18, 19], "frystyk": 16, "fswginzjdci6icjodhrwczovl2lzc3vlci5legftcgxllm9yzy92ms4wl2rpc2fiawxp": 6, "fulfil": [12, 13, 14], "full": [5, 6, 17, 19], "function": [0, 4, 5, 6, 9, 12, 18, 19], "further": [4, 5, 8, 9, 12, 14, 17, 18, 19], "furthermor": [6, 8, 14, 17, 19], "futur": [8, 12, 13, 17, 18], "fyziol9lf2cekunt2jzxilrdink0upcd": 8, "g": [4, 6, 8, 14, 15, 16, 17, 18, 19], "g02nsrqfjfxq7io09syaja": 6, "g061": 8, "gabriella": 3, "gain": [4, 12, 13, 18], "gather": [12, 13], "gdpr": 17, "ge3sjy_zat34f8wa5dukvb0fslasjraac8i3ln11ffc": 6, "gener": [0, 4, 5, 6, 9, 12, 13, 14, 16, 18], "genuin": [4, 8, 18], "get": [6, 8, 11, 12, 13, 17, 18, 19], "getti": 16, "gg": [6, 7], "giada": 3, "github": 3, "giusepp": 3, "give": [9, 12, 13, 17], "given": [6, 8, 10, 12, 13, 14, 17, 18], "given_nam": [6, 7, 9, 12, 13, 17], "gli": [0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "globalplatform": 18, "glossari": 4, "goal": 4, "goland": 16, "good": [12, 13], "googl": 4, "gov": [4, 7, 9, 12], "govern": [4, 15, 17], "grant": [4, 7, 8, 12, 13, 15, 16, 18, 19], "grant_typ": [8, 18], "grant_types_support": [7, 19], "graphic": [4, 6], "grauso": 3, "greater": [8, 14], "group": [6, 12, 13], "group1": [12, 13], "group2": [12, 13], "grow": 17, "guarante": [1, 18, 19], "guarate": 6, "guess": [8, 10], "guida": [7, 16], "guidelin": [4, 5, 7, 18], "gxu": 8, "h": [6, 9, 12, 16], "h9gw": 18, "ha": [3, 5, 6, 8, 9, 12, 13, 14, 17, 18, 19], "hain": 16, "haip": [11, 16, 18], "handl": [4, 8, 12, 13, 17], "happen": [8, 12, 13, 17], "hardt": 16, "hardwar": [4, 12, 13, 17, 18], "hardware_key_tag": 18, "hardware_signatur": 18, "harm": 14, "hash": [0, 6, 8, 9, 12, 13, 14, 18], "hasn": 17, "have": [3, 6, 8, 9, 12, 13, 14, 15, 17, 18, 19], "header": [5, 6, 11, 12, 13, 14, 17, 18], "heartili": 3, "hedberg": [3, 16], "held": 8, "hellman": 0, "help": [12, 13, 18], "henc": 18, "her": 10, "here": [4, 19], "hereaft": [8, 18], "herein": [12, 13], "high": [4, 5, 6, 9, 12, 13, 14, 16, 18, 19], "higher": 17, "highlight": 8, "hildebrand": 16, "hinder": [12, 13], "hint": [8, 17], "histor": [4, 17], "histori": 15, "hmac": 0, "hold": [9, 12], "holder": [4, 6, 12, 13, 14, 15, 18], "homepage_uri": [7, 11, 17, 19], "horizont": 17, "horvat": 3, "host": [7, 8, 11, 12, 13, 14, 18], "hour": [14, 17, 18], "how": [4, 5, 6, 9, 12, 13, 14, 18], "howev": [6, 8, 12, 13, 17], "hpcm9biiwgimjpcnrox2rhdguilcaimtk4mc0wms0xmcjd": 6, "hriiwgimzhbwlsev9uyw1liiwgiljvc3npil0": 6, "hs256": [0, 7], "hs384": [0, 7], "hs512": [0, 7], "hsm": [4, 18], "hti70g": 17, "htm": 8, "html": [7, 8, 11, 14], "http": [1, 3, 4, 5, 6, 7, 9, 11, 16, 17, 19], "httponli": [12, 13], "htu": 8, "human": [6, 8, 11, 14, 18], "hybrid": [18, 19], "hypertext": 16, "hywfgixq": 6, "i": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 15, 17, 18, 19], "iaconelli": 3, "iam": 15, "iana": [8, 14, 18], "iat": [6, 7, 8, 11, 12, 13, 14, 17, 18, 19], "icjqlti1niisicj4ijogilrdquvsmtladnuzt0hgngo0vzr2zlnwb0hjudfjtglsrgxz": 6, "icjywfhywfhywfhyil0": 6, "id": [4, 6, 7, 8, 11, 12, 13, 17, 19], "id_auth_channel_01": 1, "id_auth_channel_02": 1, "id_auth_rest_02": 1, "ida": [6, 16], "idea": 3, "ident": [4, 5, 6, 8, 10, 12, 13, 14, 16, 17], "identif": [4, 5, 6, 11, 12, 13, 14, 16, 17, 18, 19], "identifi": [4, 6, 7, 8, 9, 11, 12, 13, 14, 16, 17, 18, 19], "identitifi": 6, "idp": 8, "idphint": 8, "iec": [0, 6, 16], "ietf": [8, 14, 18, 19], "igarngrz5jdvspoffzfwcjprtfukenehei0": 8, "ii": 4, "ijhkam96qmzvdk1odlezsgzsbvbxetrpmtlhchhznjfgv0hqwmvivtu4ouuilcairhgt": 6, "ijogimm1zjczzti1mgzlody5zji0zde1mte4ywnjzti4nmm5ymi1nmi2m2e0ndnkyzg1": 6, "ijoginnoys0yntyifx0sicj2y3qioiaiahr0chm6ly9wawrwcm92awrlci5legftcgxl": 6, "ik56ykxzwgg4durdy2q3bm9xwezaqwzia3hac1jhqzlycyisicjzdgf0dxmioib7inn0": 6, "ikjvtudrdfcxcmjpa250dzhgenhfqmvmnfliqw5kcjzbshnkz3bhdezdawcilcairu5o": 6, "ikjydmzybg5oqu11sfiwn2fqvw1b": 6, "ilieik_mbjp8bhyngsphiuym3wgaokt9hsdref3qek4kyatafrrer6dgterurnawkbem8m1milyhbtnffzcjjg": 8, "illustr": [9, 12], "immedi": [8, 9, 12, 17, 19], "impact": [12, 13], "implement": [1, 3, 4, 6, 8, 9, 12, 13, 14, 17, 18], "impli": [14, 18], "implic": [12, 13], "implicit": 8, "import": 4, "impract": 8, "improv": 15, "inaccuraci": 14, "includ": [3, 4, 6, 7, 8, 9, 12, 13, 14, 15, 17, 18, 19], "incluid": 8, "inclus": [4, 18], "incorpor": [9, 12, 16, 17, 18], "incorrect": [12, 13, 14], "increas": 17, "incur": [12, 13], "independ": [9, 12, 17], "indic": [6, 7, 8, 9, 11, 12, 13, 14, 16, 17, 19], "indirectli": 17, "individu": [3, 4, 6, 8, 15, 17], "info_polici": [7, 11, 19], "inform": [3, 4, 6, 7, 8, 9, 10, 12, 13, 14, 15, 16, 17, 18, 19], "informativi": 16, "informazioni": [7, 11], "infrastructur": [4, 5, 15], "infrastruttura": 16, "inherit": 19, "initi": [0, 3, 4, 5, 8, 9, 12, 14, 17], "innermost": 7, "innov": 5, "input": 8, "input_descriptor": [7, 11, 12, 13], "inquir": 17, "insensit": [12, 13], "insid": [8, 14, 18], "insight": 4, "inspect": 8, "instal": [4, 18, 19], "instanc": [1, 4, 5, 6, 7, 8, 9, 11, 12, 13, 17], "instead": [10, 17], "institut": [15, 16, 17], "instruct": 8, "int": 6, "integ": [6, 8], "integr": [1, 4, 6, 8, 15, 16, 17, 18, 19], "integrity_assert": 18, "integrity_rest_01": 1, "intend": [8, 9, 12, 13, 17], "intendersi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "intent": [9, 12], "intenttoretain": [9, 12], "interact": [4, 8, 12, 13, 15, 17, 18, 19], "intercept": [9, 12, 13], "interchang": 16, "interest": 3, "interfac": [4, 8, 14, 17, 18, 19], "intermedi": [5, 7, 8, 11, 19], "intermediari": [4, 12, 13, 15, 17], "intern": [3, 4, 12, 13, 14, 16, 18, 19], "internet": [14, 16], "interni": 6, "interno": 6, "interoper": [1, 4, 5, 6, 8, 12, 13, 15, 16, 17], "interoperabilit\u00e0": 16, "interpret": [4, 8], "interv": 14, "introduc": [5, 11], "invalid": [6, 8, 9, 12, 13, 14, 17, 18], "invalid_cli": 8, "invalid_dpop_proof": 8, "invalid_proof": 8, "invalid_request": [8, 12, 13, 14], "invalid_request_signatur": 14, "invit": 3, "involv": [4, 5, 8, 12, 13, 14, 15, 17, 18], "io": [4, 18, 19], "iphon": 18, "irregzaml7pnfjqh2apz82blqo5s0sl1jr0tefp5e1t913g8gnuwggtmquqhpzwv6bvtla8g": 17, "iso": [0, 4, 6, 9, 12, 16], "iso18013": [9, 12, 16], "iss": [6, 7, 8, 11, 12, 13, 14, 17, 18, 19], "issu": [1, 3, 4, 6, 7, 8, 12, 13, 14, 15, 17, 18, 19], "issuanc": [1, 4, 5, 6, 14, 16, 17, 19], "issue_d": [6, 7, 9, 12], "issuer": [4, 6, 7, 8, 9, 12, 13, 14, 15, 16, 17, 18, 19], "issuerauth": [6, 9, 12], "issuersign": [6, 9, 12], "issuersigneditem": [6, 9, 12], "issuersigneditembyt": [6, 9, 12], "issuing_author": [6, 7, 9, 12], "issuing_countri": [6, 7, 9, 12], "istituto": [9, 12], "itali": 5, "italia": 3, "italian": [4, 6, 17], "italiantaxidentificationnumb": 6, "item": [9, 12, 13], "itemsrequest": [9, 12], "its": [4, 8, 9, 11, 12, 13, 14, 17, 18, 19], "itself": [14, 17, 18, 19], "j": 16, "jane": 10, "jar": [8, 12, 13], "jarm": [7, 8, 11, 16], "javacard": 18, "javascript": [12, 13, 16], "je2rpcqbfqxkpmqehahgzv6smmxd0i": [7, 11], "jfxsyomxhajplja": 8, "jji8302pyiu0xqlngtcwrdm9npe_": 6, "jjla": 18, "jkt": 8, "johansson": 3, "join": 3, "jone": 16, "jose": [6, 8, 11, 12, 13, 18], "jrrtu9xuk9biiwgimv4cglyev9kyxrliiwgijiwmjqtmdetmdeixq": 6, "json": [6, 7, 8, 11, 12, 13, 14, 16, 17, 18, 19], "jti": [8, 14], "judici": 14, "juli": 16, "june": 16, "jurisdict": 17, "jw": [1, 6, 7, 8, 11, 12, 13, 16, 17, 18, 19], "jwa": 16, "jwe": 16, "jwk": [6, 7, 8, 11, 12, 13, 14, 16, 17, 18, 19], "jwk_thumbprint": 18, "jwkid": 14, "jwt": [4, 5, 7, 8, 11, 14, 16, 17, 18, 19], "jwt_alg_valu": [7, 11, 12, 13, 17, 18], "jwt_proof": 8, "jwt_vc_json": 18, "jwt_vp_json": 18, "jxfhrxhlk": 6, "k": 16, "kawasaki": 3, "kb": [12, 13, 17], "kdf": 0, "keep": [17, 18], "kei": [0, 1, 2, 4, 6, 7, 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19], "kept": 14, "key_attest": 18, "keyauthor": 6, "keyinfo": 6, "keymast": 18, "keystor": [4, 18], "kid": [6, 7, 8, 11, 12, 13, 14, 17, 18, 19], "kind": 4, "klaa": 3, "klyne": 16, "know": [14, 15, 17], "known": [4, 5, 6, 7, 8, 9, 11, 12, 17, 18, 19], "koiwai": 16, "kozihvcnaqccoiawgaib": 18, "kpku_xycocunt2o0bwsliqtnpu6im": 19, "kristina": 3, "kty": [6, 7, 8, 9, 11, 12, 14, 17, 18, 19], "kz": 8, "l": 16, "l3iiwgimlhdciside2odmwmdawmdbd": 6, "label": [6, 12, 13], "lack": 14, "laiso": 3, "languag": [5, 6, 7, 17], "larg": [4, 8], "last": 4, "later": [8, 12, 13], "latest": 17, "latter": [6, 8, 14], "launch": [5, 18], "law": [6, 14], "layer": [4, 16], "lc": 8, "le": 7, "leach": 16, "lead": [12, 13, 14, 18], "lead_tim": 8, "leaf": 17, "leak": 8, "learn": 3, "least": [7, 8, 9, 11, 12, 13, 18], "leav": [5, 7, 11], "lee": 16, "legal": [4, 14, 17, 19], "legisl": [5, 19], "legitim": [4, 6, 12, 13, 14], "legitimaci": [4, 17], "lehmann": 16, "leiba": 16, "leif": 3, "length": [0, 6, 8, 9, 12, 13], "less": [8, 9, 12, 17], "level": [4, 5, 6, 9, 12, 13, 14, 15, 16, 18, 19], "leverag": [15, 17, 18], "liabil": 17, "librari": [5, 18], "licens": [6, 7, 14, 16], "life": [4, 14], "lifecycl": [5, 7], "lifetim": 8, "like": [3, 4, 17, 18], "limit": [9, 12, 18], "limit_disclosur": [7, 11, 12, 13], "line": 16, "link": [3, 7, 8, 10, 12, 13, 14, 18], "link_qr_cod": 7, "linkabl": 10, "list": [0, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14, 15, 17, 18, 19], "live": [5, 18], "liznsb39vfjhygs3k7jxe4r3": 18, "lm9yzy92ms4wl3blcnnvbmlkzw50awzpy2f0aw9uzgf0ysisicj2y3qjaw50zwdyaxr5": 6, "loa": [4, 8, 19], "load": 17, "local": [6, 7, 8, 14, 17, 18], "locat": [8, 9, 12, 13, 17], "lodderstedt": [3, 16], "log": [12, 13, 17], "login": 15, "logo": [7, 11, 17, 19], "logo_uri": [7, 11, 17, 19], "long": [5, 8, 14], "longer": [14, 17, 18], "look": 8, "looker": 16, "lorenzo": 3, "lose": [14, 18], "loss": 14, "lost": 18, "low": [5, 9, 12, 19], "lowercas": 16, "ltp2qrzmadk4": [7, 11], "lues_support": 19, "luogo": [6, 7], "lzbiiwgimdpdmvux25hbwuilcaitwfyaw8ixq": 6, "m": 16, "m_inf": [9, 12], "m_it": 6, "mac": [8, 12, 13, 14, 18], "made": [11, 12, 13, 14, 17, 18], "mai": [1, 4, 6, 7, 8, 9, 12, 13, 14, 16, 17, 18, 19], "main": [3, 4, 6, 8, 14, 15, 17, 18], "maintain": [4, 10, 11, 12, 13, 15, 17, 18, 19], "mainten": [12, 13], "major": 6, "make": [1, 3, 6, 8, 14, 17, 19], "malform": [12, 13], "malfunct": [12, 13], "malici": [12, 13, 18], "manag": [4, 8, 14, 15, 17, 18, 19], "mandat": [12, 13], "mandatori": [6, 8, 9, 12, 14], "manfredi": 3, "mani": 8, "manipul": 18, "manner": [4, 12, 13, 14, 18, 19], "manufactur": [4, 18], "map": [6, 8, 10, 12, 13, 17], "march": [5, 16], "marco": [3, 16], "marier": 16, "marino": [3, 16], "mario": 6, "mark": [5, 6, 8, 12, 13, 17, 18], "market": 8, "mart": 3, "marta": 3, "masint": 16, "mask": 0, "master": 4, "match": [8, 11, 12, 13, 14, 18], "materi": [6, 7, 8, 9, 12, 13, 14], "matter": 17, "max_path_length": 17, "maximum": [8, 17], "mb92k27uhbuju1p1r_ww1gfwfoejxk": 8, "mc0wms0xmcjd": 6, "md5": 6, "mdawmcwginn1yii6icjoemjmc1hoohveq2nkn25vv1hgwkfmsgt4wnnsr0m5whmilcai": 6, "mdl": [5, 6, 7, 9, 12, 16], "mdoc": [4, 5, 8, 14], "mean": [4, 6, 8, 17], "meant": [0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "measur": [17, 18], "mechan": [4, 5, 6, 8, 12, 13, 14, 15, 18, 19], "medeiro": 16, "media": [8, 10, 12, 13, 17, 19], "medium": 19, "meet": [12, 13, 17, 18, 19], "member": [3, 4, 5, 6, 8, 12, 13, 14, 15, 17], "mention": [12, 13, 18], "merg": [3, 4], "messag": [1, 3, 8, 9, 12, 13, 14, 18], "met": [18, 19], "metadata": [4, 5, 8, 12, 13, 14, 15, 18], "metadata_polici": 17, "method": [3, 6, 7, 8, 9, 10, 12, 13, 14, 17, 18, 19], "methodologi": 8, "meyer": 16, "mgf1": 0, "michel": 3, "might": [10, 17], "miicajccadogawibag": [12, 13], "minim": [10, 17], "minimum": [6, 8, 9, 12, 13, 14, 18], "ministero": 6, "minor": 17, "minut": 8, "mismatch": [12, 13], "miss": [12, 13], "misus": [8, 12, 13], "mitig": [1, 8], "mix": 18, "mjqtmdetmdeixq": 6, "mm": [6, 7], "mobil": [4, 5, 7, 8, 9, 12, 13, 15, 16, 18, 19], "mobilesecurityobject": 6, "mobilesecurityobjectbyt": 6, "mode": [0, 8, 9, 11, 12, 13, 16], "model": [4, 5, 8, 9, 12, 15, 17, 18, 19], "modi": [1, 16], "modif": [3, 17], "modul": 18, "mogul": 16, "monitor": 17, "more": [4, 6, 7, 8, 9, 12, 13, 14, 17, 18, 19], "moro": 3, "mortimor": 16, "most": 8, "motherboard": 18, "motiv": 17, "motorizzazion": [9, 12], "mrvy3vtzw50x251bwjlciisicjywfhywfhywfhyil0": 6, "mso": [6, 14], "mso_mdoc": 8, "mult": [8, 16], "multi": 4, "multipl": [6, 7, 10, 14, 15, 16, 17, 18], "multivalu": 8, "must": [0, 1, 4, 6, 7, 8, 9, 10, 11, 12, 13, 14, 17, 18, 19], "mv3c88mhhemba6oymbwugeb3dkhp4yadjmgyjwwilsk": 14, "mzuxn2vmzwuzmzuyothmzdk3nmizzty1nwjmyjnmngvhytexzde3msisicj2zxjpzmlj": 6, "n": [6, 12, 13, 16], "n3zdzudlbwmilcaiesi6icjaegppv1diwk1rr0hwv0twutroylnjaxjzvmz1zwndrtz0": 6, "nab": 4, "name": [0, 4, 6, 7, 9, 10, 11, 12, 13, 14, 17, 18, 19], "namespac": [5, 9, 12], "nascita": [6, 7], "nation": [3, 4, 5, 6, 7, 8, 14, 15, 16, 18, 19], "nativ": [4, 18], "natur": [4, 6, 8, 14, 18, 19], "navig": [12, 13], "nazional": 16, "ne_q2unpgzoh": 6, "necess": 17, "necessari": [4, 12, 13, 14, 17, 18], "necessit": 18, "need": [3, 8, 12, 13, 14, 15, 17, 18, 19], "negoti": [12, 13], "nehrderpynlhy3m5wldwtwz2auhm": 6, "nest": [6, 7], "network": [12, 13], "neutral": 4, "new": [1, 4, 8, 9, 12, 13, 14, 15, 17, 18], "newli": [9, 12], "newman": 16, "next": 6, "ngpuouyysfprin19fq": 6, "nhu5b1dqmvnssujsq2mxbyjdlcaiaxnzijogimh0dhbzoi8vaxnzdwvylmv4yw1wbguu": 6, "nicola": 3, "nicolussi": 3, "niel": 3, "nist": [0, 4, 8], "nmhqdnjjee56rjbzbfu2dwtobxpib0wtwxzcti10rmewvdhylwjzmcisicjhrtntanlf": 6, "nmilcj5ijoiovzfngpmx09rx282nhpivfrsy3vosmfqsg10nny5verwcluwq2r2r": 8, "nome": [6, 7], "non": [0, 1, 2, 3, 4, 5, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 19], "nonc": [8, 12, 13, 18, 19], "nonce_endpoint": 19, "none": [0, 8, 11, 12, 13, 14, 18], "norm": [0, 1, 2, 3, 5, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "normal": 6, "normativi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "notat": [6, 9, 12, 16], "note": [4, 5, 8, 17], "notif": [1, 4, 5, 7, 14], "notifi": [1, 4, 8, 12, 13, 14, 17], "notification_endpoint": 7, "notification_id": 8, "novemb": 16, "noy1vfbehnz3zfdwzriiwginrhef9pzf9jb2rliiwgilrjtklulvhywfhywfhywfhywf": 6, "nsd": 6, "null": [9, 12], "number": [6, 7, 8, 12, 13, 14, 17, 18, 19], "numericd": [6, 8, 17], "numero": 7, "nzblsxh8udccd7nowxfzafhkxzsrgc9x": 6, "o": [4, 16], "o2nmbxrvyxbwbgutyxbw": 18, "o2nmbxrvyxbwbgutyxbwyx": 18, "oaep": [0, 7], "oauth": [6, 7, 8, 11, 12, 13, 14, 16, 18, 19], "oauth_authorization_serv": [5, 17], "object": [4, 5, 7, 8, 9, 11, 14, 16, 17, 18], "obscur": [12, 13], "obtain": [6, 7, 8, 9, 11, 12, 13, 14, 17, 18, 19], "occour": [12, 13], "occur": [8, 9, 12, 13, 14, 17, 18], "oem": [4, 18], "offer": [3, 12, 13, 14, 17, 18, 19], "offici": 5, "offlin": [5, 9, 12, 14], "often": 4, "oib7im1ldghvzci6icjjawuifx0sicjfc2rfywxnijoginnoys0yntyilcaiy25mijog": 6, "oid": [6, 7, 8, 11, 12, 13, 16, 17, 18], "oid4vp": [4, 12, 13], "oidc": [6, 7, 8, 15, 16], "oidc4vci": 14, "oir0vuiiwiahr1ijoiahr0chm6ly9yzxnvdxjjzs5legftcgxllm9yzy9wcm90zwn0z": 8, "ok": [6, 8, 12, 13, 14, 18], "okalavqxhwqumh3ehyukmlacsidq33pys41y5pesz3hxwaxq3nmg": 8, "oliv": 3, "omit": [7, 8], "onc": [3, 8, 12, 13, 18, 19], "one": [0, 4, 6, 7, 8, 9, 11, 12, 13, 14, 17, 18, 19], "ones": 6, "ongo": 17, "onli": [3, 4, 6, 7, 8, 9, 12, 13, 14, 17, 18, 19], "onlin": [10, 14, 17], "opaqu": [6, 12, 13], "open": [3, 8, 19], "openid": [4, 6, 7, 8, 11, 12, 13, 16, 17, 18, 19], "openid4vc": [11, 16, 18], "openid4vci": [5, 7, 8, 16, 17], "openid4vp": [5, 8, 11, 12, 13, 16, 17], "openid_credenti": 8, "openid_credential_issu": [5, 17], "openid_relying_parti": [7, 17], "oper": [0, 4, 5, 8, 12, 13, 17, 18], "opportun": 3, "optim": 0, "option": [1, 4, 6, 7, 8, 9, 10, 12, 13, 15], "optxrimpptoa1plemagr6pxhf8y6": 8, "order": [6, 12, 13, 18], "org": [6, 7, 8, 9, 11, 12, 13, 14, 17, 18, 19], "organ": [4, 7, 11, 15, 16, 19], "organiz": [4, 17], "organization_cod": 6, "organization_id": [9, 12], "organization_nam": [6, 7, 9, 11, 12, 17, 19], "origin": [4, 6, 17, 18], "other": [4, 5, 6, 8, 12, 13, 14, 15, 17, 18, 19], "otherwis": [12, 13, 14], "our": 3, "out": [4, 8, 9, 12, 14, 17], "outcom": 4, "outlin": [4, 6, 7, 9, 12, 13, 14, 17, 19], "outsid": 8, "over": [4, 6, 9, 12, 13, 14, 15, 17, 18, 19], "overal": 17, "overload": 17, "overse": [17, 18], "oversight": 4, "own": [8, 9, 12, 14, 15, 17, 18], "owner": [6, 15, 17, 18], "ownership": [15, 19], "p": [0, 6, 7, 8, 11, 14, 16, 17, 18, 19], "p1": 17, "p2": 17, "p256": [6, 9, 12], "p3": 17, "p4": 17, "p5": 17, "p6": 17, "p7": 17, "p8": 17, "p9": 17, "pad": 0, "paes": 7, "page": [3, 12, 13, 18, 19], "pair": [4, 6, 7, 8, 9, 11, 12, 18], "paolaz": 3, "par": [5, 7], "paradigm": 5, "param": [8, 18, 19], "paramet": [0, 2, 5, 7, 11, 12, 13, 14, 19], "parliament": 5, "part": [4, 8, 9, 12, 13, 16, 17, 18, 19], "partak": 3, "parti": [3, 4, 5, 6, 8, 13, 14, 15, 18, 19], "partial": [12, 13], "particip": [3, 4, 5, 10, 17], "particular": [1, 4, 8, 14, 17, 18], "particularli": 17, "pasqual": 3, "pass": [7, 8, 9, 11, 12, 18], "past": 4, "patent": 7, "path": [7, 11, 12, 13, 17], "pattern": 5, "paul": 3, "payload": [1, 4, 5, 6, 8, 12, 13, 14, 18], "pc33jm2lchcu_lhggv_ufq": 6, "pdnd": [1, 6, 8, 9, 12, 16], "peak": 17, "pec": [7, 11, 17], "peopl": 3, "per": [7, 8, 14, 16, 18], "perform": [4, 8, 9, 12, 13, 18, 19], "perimet": 17, "period": [3, 4, 14, 17, 18], "peripher": [9, 12], "permiss": [4, 9, 12], "permit": 18, "person": [4, 6, 10, 11, 12, 13, 14, 15, 16, 17, 19], "personidentificationdata": [6, 7, 8, 11, 12, 13], "perspect": [8, 12, 13, 17], "pertain": [17, 18], "peter": 3, "phase": [6, 8, 9, 12, 14, 15, 17, 18], "phone": [8, 15], "physic": [4, 14, 18], "piattaforma": 16, "pick": [12, 13], "pictur": [8, 12, 13], "pid": [1, 4, 5, 12, 13, 14, 17, 18, 19], "pidprovid": 6, "pin": 19, "pivot": 5, "pkce": [7, 8], "pkcs1": 0, "pki": 17, "place": [6, 7, 18], "place_of_birth": 7, "plai": [18, 19], "plain": 17, "plaintext": [12, 13], "platform": 10, "pleas": [3, 5, 17, 19], "plu": 0, "pluggabl": 18, "pnrr": 5, "point": [4, 8, 9, 12, 13, 17, 18], "polic": 14, "polici": [4, 10, 12, 13, 14, 17, 19], "policy_uri": [7, 11, 17, 19], "poligrafico": [9, 12], "poll": [12, 13], "pop": [1, 8, 14], "popul": [6, 12, 13], "portrait": [7, 9, 12], "posit": [4, 6, 8], "possess": [1, 4, 5, 6, 8, 12, 13, 15, 16, 17, 18, 19], "possibl": [3, 6, 8, 9, 12, 13, 17, 19], "post": [1, 5, 8, 11, 14, 17, 18], "potenti": [6, 12, 13, 14, 17, 18], "practic": [4, 7, 16], "pragma": 8, "pre": [4, 11, 17], "precaut": [12, 13], "predefin": 18, "predetermin": 18, "predict": 4, "preexist": 4, "prefer": [12, 13, 19], "preliminari": 8, "prerequisit": 18, "presenc": 6, "present": [4, 5, 6, 8, 9, 11, 15, 16, 17, 18, 19], "presentation_definit": [11, 12, 13, 18], "presentation_definition_uri": [12, 13], "presentation_definition_uri_support": [12, 13, 18], "presentation_definitions_support": [7, 11], "presentation_submiss": [12, 13], "presentationexch": 16, "presentationexchang": 11, "preserv": [14, 18, 19], "prevent": [8, 10, 12, 13, 18, 19], "previou": [6, 8, 12, 13, 14, 18], "previous": [8, 12, 13, 14, 17, 18], "primari": [4, 8, 9, 12, 19], "primarili": 18, "principl": 17, "prior": 8, "priv": [9, 12], "privaci": [4, 5, 10, 12, 13, 14, 15, 18, 19], "privacy_polici": [7, 11, 19], "privat": [1, 4, 6, 8, 9, 12, 14, 17, 18], "private_key_jwt": 19, "privileg": 7, "probabilist": 0, "problem": 14, "proce": 8, "procedur": [4, 14, 15, 17], "proceed": 8, "process": [3, 4, 5, 6, 8, 10, 12, 13, 14, 15, 17, 18], "processor": 18, "produc": [4, 18], "product": [4, 19], "profil": [1, 3, 6, 8, 9, 12, 14, 16, 17, 18], "profile_non_repudiation_01": 1, "program": 4, "project": [3, 5], "promot": [15, 17], "prompt": [9, 12, 13], "proof": [1, 4, 5, 6, 7, 8, 11, 12, 13, 16, 17, 18, 19], "proof_signing_alg_values_support": 7, "proof_typ": 8, "proof_types_support": 7, "propag": 17, "proper": [4, 12, 13, 18], "properti": [5, 7, 18], "propos": 3, "prosseda": 3, "protect": [6, 8, 10, 11, 12, 13, 17], "protocol": [1, 4, 7, 8, 9, 11, 12, 13, 14, 16, 17, 18], "protocollo": [7, 11], "prove": [4, 6, 12, 13, 17], "provid": [1, 4, 5, 6, 8, 9, 11, 12, 13, 14, 15, 17, 18], "provis": [8, 14, 17], "proxi": [8, 12, 13], "proxim": [4, 5], "ps256": 0, "ps384": 0, "ps512": 0, "pseudonym": [4, 5, 6], "pseudorandom": 8, "pss": 0, "pt0ixx0": [12, 13], "pub": [9, 12], "pubblich": 16, "public": [1, 3, 4, 6, 7, 8, 9, 11, 12, 13, 14, 15, 17, 18, 19], "publicli": 17, "publish": [4, 15, 17], "pulido": 16, "pull": 3, "purpos": [5, 6, 11, 12, 13, 14, 15, 18], "push": [5, 7, 12, 13], "pushed_authorization_request_endpoint": 7, "puvdzw": 6, "pvu3jatu4a3tk9c9aowvglybb_rj7m": 8, "q": [1, 4, 5, 12, 13, 17, 18, 19], "qeaa": [4, 19], "qg_o64zqaxe412a108iroa": 6, "qkmx5iqt5phpu5tfcts6hsp": [7, 11], "qr": [7, 9, 12, 13], "qrcode": [12, 13], "qrjrj3af_b57sboirrcbm7br7woc8ynj7lhfpteffuk": 19, "qtsp": [4, 17], "qualifi": [4, 17, 19], "qualiti": [4, 12, 13], "quartili": [12, 13], "queri": [7, 8], "questa": [0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "quickli": 17, "r": 16, "r3uoi": 17, "rais": [12, 13], "random": [6, 8, 9, 12, 13, 18], "rang": [9, 12], "rappresent": 6, "rar": 8, "raw": [12, 13], "re": [8, 12, 13], "read": 6, "readabl": [6, 8, 10, 11, 12, 13, 14, 18], "readerauth": [9, 12], "readi": 8, "real": [10, 17], "realiabl": 5, "reason": [8, 14, 18], "receipt": 8, "receiv": [4, 8, 9, 12, 13, 14, 17, 18], "recipi": [1, 6], "recogn": [4, 15], "recognit": 19, "recommend": [0, 4, 6, 8, 12, 13, 14, 17, 18], "reconstruct": 18, "record": [4, 9, 12], "recov": [12, 13], "redact": 18, "redirect": [5, 8], "redirect_uri": [8, 12, 13], "reduc": [15, 17], "reduct": 15, "refer": [0, 4, 5, 6, 8, 9, 12, 14, 15, 17, 18], "referenc": [6, 8, 12, 13, 14], "refin": 3, "reflect": [17, 18], "refresh": 8, "refus": [12, 13], "regard": [12, 13, 14, 17, 18], "regist": [1, 4, 6, 8, 11, 17, 18], "registerd": 14, "registr": [4, 5, 7, 8, 11, 17], "registrar": 4, "registri": [8, 14, 15, 17, 18, 19], "regul": [4, 5, 10, 14, 15, 17, 19], "regulatori": [4, 17], "reiniti": 18, "reject": [8, 12, 13, 14], "relat": [1, 4, 6, 7, 8, 9, 12, 13, 14, 17, 18, 19], "relationship": [4, 17], "releas": [4, 8, 12, 13, 15], "relev": [4, 8, 9, 12, 14, 15, 17, 18, 19], "reli": [4, 5, 6, 7, 8, 13, 14, 15, 18, 19], "reliabl": [4, 6, 14, 17, 19], "relianc": 17, "reload": 8, "remain": [4, 8, 12, 13, 15, 17], "remark": 5, "remot": [4, 5, 17, 18], "remov": [17, 18, 19], "renam": 4, "renew": [5, 8], "repeat": 18, "repetit": 15, "replai": [1, 8, 18], "repli": 8, "report": [3, 14, 17], "repositori": 4, "repres": [3, 4, 6, 7, 8, 9, 11, 12, 13, 14, 17, 18, 19], "represent": [6, 7, 8, 17], "repudi": [1, 4, 5, 14], "reput": 18, "req": 2, "request": [1, 3, 5, 7, 11, 15, 17, 19], "request_object_signing_alg_values_support": [7, 12, 13, 18], "request_uri": [7, 8, 11, 12, 13], "request_uri_method": [12, 13], "requir": [1, 4, 5, 6, 7, 9, 11, 12, 13, 16], "research": 17, "reset": 18, "resid": [6, 12, 13, 14], "resist": [6, 8, 10, 18], "resolut": 17, "resolv": [8, 17], "resourc": [5, 6, 8, 12, 13, 16, 17], "resp": [8, 16], "respect": [6, 8, 17, 19], "respond": [8, 9, 12, 18], "respons": [1, 4, 5, 7, 11, 16, 17, 18, 19], "response_cod": [12, 13], "response_mod": [7, 8, 12, 13, 18], "response_modes_support": [7, 8, 12, 13, 18], "response_typ": [8, 12, 13, 18], "response_types_support": [12, 13, 18], "response_uri": [7, 11, 12, 13], "response_uris_support": 11, "responsedata": [9, 12], "responsestatu": [9, 12], "rest": [1, 17, 19], "rest_jws_2021_pop": 1, "restor": [5, 18], "restrict": [4, 7, 8, 12, 13, 17], "restrictions_condit": 7, "restrizioni": 7, "result": [4, 8, 9, 12, 13, 14, 17], "retain": [9, 12, 17], "retent": 17, "retriev": [4, 6, 8, 9, 12, 13, 19], "return": [5, 6, 8, 9, 12, 13, 14, 17, 18], "reus": 8, "reveal": [4, 6, 9, 10, 12, 14], "revers": [6, 10], "revert": 19, "review": [3, 4, 19], "revis": [4, 5], "revoc": [1, 4, 5, 7, 8, 12, 13, 17, 19], "revocation_assert": 14, "revocation_assertion_respons": 14, "revocation_endpoint": 7, "revocation_request": 14, "revok": [4, 7, 14, 15, 17, 18], "rfc": [0, 6, 7, 8, 11, 12, 13, 14, 16, 17, 18, 19], "rfc2119": 4, "rfc3339": 16, "rfc6749": 14, "rfc7515": 16, "rfc7517": 16, "rfc7519": [6, 12, 13, 16], "rfc7800": [6, 14, 16], "rfc8152": 6, "rfc8174": [4, 16], "rfc8725": [12, 13], "rfc8747": 14, "rfc9101": [12, 13], "riccardo": 3, "rich": 8, "right": 4, "rilascio": 7, "risk": [4, 8, 15], "riyvi0kaz8nz3dlhuxbbd": 6, "robust": [12, 13, 14, 17], "roland": 3, "role": [4, 5, 14, 15, 19], "root": 4, "rose": 3, "rossi": 6, "rotat": [10, 14], "rp": [8, 11, 12, 13, 17], "rsa": [0, 7], "rsa_1_5": 0, "rsae": 0, "rsassa": 0, "rst": 5, "rule": [1, 3, 4, 5, 6, 8, 12, 13, 17], "rulebook": 6, "run": 4, "s022cvspdxuv44x": 6, "s1mt1kxfq2o8j9io7xmmx2mixag9m9pejvqrmca": 6, "s1xk5f2pm3": 6, "s256": [7, 8, 14], "safeguard": 18, "said": 15, "saitto": 3, "sakimura": 16, "salt": [6, 9, 12], "salvator": 3, "same": [4, 6, 8, 10, 12, 13, 14, 17, 19], "saml2": [4, 8, 15], "sampl": [12, 13], "satisfi": [14, 18], "scadenza": 7, "scalabl": 17, "scale": 17, "scan": [9, 12, 13], "scenario": [4, 12, 13, 14, 17, 18], "schema": [6, 8, 17], "schema_uri": 6, "scheme": [0, 4, 5, 7, 8, 11, 12, 13, 15], "sciarretta": 3, "sciunnach": 3, "scope": [4, 6, 7, 8, 12, 13, 14, 17], "scopes_support": 7, "scurtescu": 16, "sd": [4, 5, 7, 8, 11, 14, 16, 17, 18], "sd_hash": [12, 13], "sdk": 18, "se": 18, "seamless": [12, 13, 15, 17], "second": [8, 9, 12, 13, 18], "section": [0, 6, 7, 8, 9, 11, 12, 13, 14, 17, 18, 19], "section_3": [8, 14, 18], "secur": [0, 4, 5, 8, 9, 10, 14, 15, 16, 17, 18, 19], "see": [4, 6, 7, 8, 9, 11, 12, 14, 17, 18], "seek": 3, "seen": 18, "segment": [12, 13], "select": [6, 8, 12, 13, 16, 18], "self": 6, "selfissu": 17, "selhausen": 16, "semant": 16, "send": [8, 9, 11, 12, 13, 14, 18], "sensit": [7, 8, 12, 13], "sent": [1, 8, 12, 13, 14], "sentenc": 4, "separ": [4, 6, 7, 8], "septemb": 16, "sequenc": [12, 13, 17, 18], "seri": 6, "serial": 8, "serv": [4, 14, 17, 18, 19], "server": [4, 7, 8, 9, 12, 13, 14, 16, 17, 18], "server_error": [12, 13], "servic": [1, 4, 5, 6, 8, 10, 14, 15, 17, 18, 19], "session": [5, 8, 13], "set": [3, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 16, 17, 18, 19], "setup": [8, 9, 12], "sever": [3, 8, 12, 13, 17, 18], "sf2": [12, 13], "sha": [0, 6, 8, 9, 12, 14], "sha256": [0, 18], "sha384": 0, "sha512": 0, "sha521": 0, "shall": [4, 6, 8, 9, 12, 14], "share": [8, 17], "sharif": 3, "sheffer": 16, "short": [0, 8, 9, 12, 17, 18, 19], "should": [4, 6, 8, 9, 10, 12, 13, 14, 17, 18], "show": [8, 12, 13, 14], "shown": [4, 8, 12, 13], "side": [4, 8, 12, 13], "sign": [4, 6, 7, 8, 9, 11, 12, 13, 14, 17, 18, 19], "sign1": 6, "signatur": [0, 4, 6, 7, 8, 9, 12, 13, 14, 16, 17, 18, 19], "signedjwt": 17, "signific": [5, 15, 17], "significantli": 17, "silletti": 3, "similar": 17, "simplifi": 8, "sinc": [8, 12, 13, 15, 17, 18], "singl": [6, 8, 14, 17, 18], "siopv2": 5, "sistemi": 16, "size": 6, "slack": 3, "slow": 8, "slt14644zbyxyf": 17, "smart": [4, 18], "smartphon": [4, 18], "smith": 10, "snapshot": 17, "snif": [12, 13], "snippet": 5, "so": [8, 9, 12, 14], "soap": 1, "soc": 18, "social": 10, "socket": [12, 13], "sog": 0, "solberg": 16, "solicit": 18, "solut": [4, 5, 8, 13, 17, 18], "some": [3, 6, 8, 12, 13, 14, 17], "sono": [0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "soon": 3, "sourc": [4, 5, 6, 8, 9, 12, 14], "source_endpoint": 17, "space": [7, 8, 12, 13], "spazio": 7, "spec": 17, "special": [8, 12, 13, 18], "specif": [1, 4, 6, 7, 8, 9, 11, 12, 13, 14, 16, 17, 18, 19], "specifi": [4, 6, 7, 8, 9, 12, 13, 14, 18, 19], "spid": [4, 7, 16, 17], "spidl1": 7, "spidl2": 7, "spidl3": 7, "splxlobezqqybys6wxsbia": 8, "sri": [6, 16], "ssi": 15, "stage": [9, 12, 18], "stakehold": [3, 17], "stamp": 17, "standalon": 4, "standard": [1, 4, 6, 8, 12, 13, 14, 16, 17, 18, 19], "stare": 4, "start": [8, 14, 17, 18], "state": [4, 5, 8, 12, 13, 15, 17], "statement": [5, 6, 12, 13, 18, 19], "static": [0, 5, 17], "stato": [9, 12], "statu": [1, 4, 5, 6, 7, 8, 9, 16, 17, 18, 19], "status": 17, "status_assert": [6, 14], "status_assertion_request": 14, "status_assertion_respons": 14, "status_attestation_endpoint": 7, "steel": 16, "stefano": 3, "stem": [12, 13], "step": [8, 9, 12, 13, 14, 18, 19], "still": [4, 8, 17, 18], "stolen": 8, "storag": [4, 8, 14, 17, 18], "store": [4, 6, 8, 9, 10, 12, 14, 15, 17, 18, 19], "strategi": [5, 12, 13, 17], "streamlin": [15, 17], "string": [6, 7, 8, 9, 11, 12, 13, 14, 17, 18, 19], "strong": [8, 19], "strongbox": [4, 18], "strongli": 18, "structur": [6, 9, 12, 13, 17, 18, 19], "student": 3, "sub": [6, 7, 8, 9, 11, 12, 14, 17, 18, 19], "subject": [6, 7, 8, 17, 18, 19], "submiss": [1, 4, 12, 13], "submission_requir": [12, 13], "submit": [7, 8, 18], "subordin": [8, 17], "subphas": [9, 12], "subresourc": 16, "subsequ": [9, 12, 14], "subset": 7, "subset_of": 17, "substanti": [3, 4], "succe": 8, "succed": [12, 13], "succesfulli": 14, "success": [8, 12, 13, 14, 17, 18], "successful": [12, 13], "successfulli": [8, 12, 13, 14], "suffici": [8, 12, 13], "suit": [9, 12], "suitabl": 8, "sull": 16, "summar": [12, 13], "summari": 17, "summaris": 17, "sunflowerdream": 10, "superior": [17, 19], "supervis": [4, 9, 12], "supervisori": 4, "suppli": [12, 13], "support": [0, 6, 7, 8, 9, 11, 12, 13, 14, 17, 18, 19], "suspens": 14, "svg": [7, 11, 17, 19], "swap": 8, "switch": 8, "symmetr": [8, 12, 13, 14, 18], "syntax": [11, 12, 13, 16], "system": [4, 6, 8, 10, 15, 17, 18, 19], "t": [9, 12, 14, 16, 17], "t6dahp3tuwa_27kle8i9z_spk2ftqlky6pgmpchbsi2ahxy3aaxdurobpo4chtqgg3j2xcrghdfucfgeq": 17, "ta": 17, "tabl": [2, 6, 8, 9, 12, 13, 14, 17, 18, 19], "tag": [4, 6, 7, 18], "takahiko": 3, "take": [14, 18], "taken": [7, 8, 12, 13, 18], "tamper": [17, 19], "target": [8, 12, 13], "tarjan": 16, "task": 17, "tax": [6, 7], "tax_id_cod": [6, 7, 11, 12, 13], "tax_id_numb": 6, "taxpay": 6, "tbd": [12, 13], "tcaer19zvu3ohf4j4w4vfsvohip1ilildls7vcegemc": 6, "tech": 17, "technic": [1, 3, 4, 5, 7, 9, 12, 13, 14, 17, 18], "technician": 3, "techniqu": [12, 13], "technolog": 17, "technologi": [9, 12, 16], "tecnica": 16, "tecnologica": 16, "ted": 19, "tee": [18, 19], "telephon": 14, "template_uri": 6, "templatepid": 6, "temporari": [9, 12, 14], "temporarili": 8, "terbu": [3, 16], "term": [5, 17, 19], "termin": [5, 13, 18], "terminologi": 4, "text": [6, 8, 12, 13, 14, 18], "tfa0t8x": 6, "than": [8, 9, 12, 14, 17], "thank": [3, 17], "theft": [14, 15], "thei": [3, 4, 6, 7, 8, 12, 13, 14, 15, 17, 18], "them": [1, 4, 12, 13, 14, 15, 17, 18, 19], "themselv": 1, "therebi": 8, "therefor": [4, 6, 8, 12, 13, 14, 18], "thereof": 17, "thi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "third": [4, 14, 17, 18], "thoma": 3, "those": [1, 4, 6, 8, 14, 17], "threat": [17, 18], "three": [9, 12, 19], "through": [4, 6, 8, 9, 12, 13, 14, 17, 18], "throught": 18, "thu": [8, 17, 18, 19], "thumbprint": [8, 14, 16, 18, 19], "thumprint": 8, "tild": 6, "time": [1, 4, 6, 8, 9, 12, 13, 14, 16, 17, 18, 19], "timestamp": [6, 8, 12, 13, 14, 16, 17, 18, 19], "tinit": 6, "tklulvhywfhywfhywfhywfhywfgixq": 6, "tl": [8, 12, 13, 17], "tl5onvr": 8, "todo": 2, "togeth": [6, 8, 9, 12, 14], "token": [1, 5, 7, 12, 13, 16, 18, 19], "token_endpoint": [7, 19], "token_endpoint_auth_methods_suppor": 19, "token_endpoint_auth_methods_support": [7, 19], "token_endpoint_auth_signing_alg_va": 19, "token_endpoint_auth_signing_alg_values_support": [7, 19], "token_typ": 8, "tool": [14, 17, 18], "top": 8, "topic": [4, 18], "torsten": 3, "tos_uri": [7, 11, 19], "touchpoint": 14, "toward": 6, "track": [4, 6, 18], "tradit": [15, 17], "transact": [4, 8, 10, 12, 13, 17, 19], "transfer": [4, 16, 18], "transfermethod": [9, 12], "transit": [5, 17], "transmiss": [1, 12, 13, 17], "transmit": [8, 9, 12, 13], "transpar": [4, 17], "transport": 8, "treat": 8, "trigger": [8, 14], "true": [4, 6, 9, 12, 14], "truncat": 0, "trust": [1, 4, 5, 6, 7, 8, 11, 12, 13, 15, 18, 19], "trust_chain": [6, 12, 13, 17, 18], "trust_framework": [6, 9, 12], "trust_mark": 17, "trust_mark_id": 17, "trust_mark_issu": 17, "trust_mark_own": 17, "trust_mark_statu": 17, "trusti": 19, "trustworthi": [4, 8, 17, 18, 19], "try": [12, 13], "ts_etuqs0ieiis1nynbheqsoy3ct4gpi": 8, "tschofenig": 16, "tsp": [4, 17], "tstr": [6, 9, 12], "turn": 14, "tutt": 7, "tutti": [0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], "two": [6, 8, 9, 12, 13, 14, 18], "typ": [6, 8, 12, 13, 14, 17, 18, 19], "type": [4, 5, 7, 8, 9, 11, 12, 13, 14, 16, 18, 19], "typic": [3, 8, 15], "typo": 3, "u": [6, 7], "u0tx0gdflndditbcwznupy7m2tnh08jld": 17, "u2tdugtfsfo0dtlvv2oxu2xjqmxdyzfvil0sicjpc3mioiaiahr0chm6ly9wawrwcm92": 6, "u9xuk9biiwginrhef9pzf9jb2rliiwgilrjtklulvhywfhywfhywfhywfhywfgixq": 6, "uicc": 4, "uint": [6, 9, 12], "un315hdckvhya": 17, "un_distinguishing_sign": [9, 12], "unabl": [12, 13, 14], "unalt": 18, "unambigu": 4, "unauthor": [12, 13, 15, 18, 19], "unavail": [1, 8, 14, 17, 18], "under": [4, 12, 13, 14, 15, 17, 19], "undergo": [17, 18], "understand": 6, "unencrypt": [12, 13], "unexpect": [8, 12, 13], "uniform": [16, 18], "unilater": 18, "uninstal": 18, "uniqu": [1, 4, 6, 7, 8, 10, 11, 12, 13, 14, 17, 18, 19], "unique_id": [6, 7, 11, 12, 13], "unit": 4, "univers": [8, 18], "unix": [6, 8, 12, 13, 14, 17, 18, 19], "unless": [9, 12], "unlik": [6, 17], "unlink": 8, "unlock": 19, "unpredict": [8, 18], "unprotect": 6, "unreserv": 8, "unsign": 6, "unsuccess": 8, "unsupported_hash_alg": 14, "unus": 18, "up": [9, 12, 13, 14, 17], "updat": [1, 5, 6, 12, 13, 14, 17], "upon": [4, 8, 12, 13, 17, 18], "uppercas": 16, "uri": [5, 8, 11, 16], "url": [6, 7, 8, 11, 12, 13, 17, 18, 19], "urlencod": [8, 12, 13, 18], "urlparam": [12, 13], "urn": [8, 18, 19], "us": [0, 1, 4, 5, 6, 7, 8, 9, 11, 12, 13, 15, 16, 17, 18, 19], "usabl": [5, 18], "usag": [12, 13, 17, 18, 19], "usascii": [8, 16], "useful": 2, "user": [1, 4, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 17, 18, 19], "utf": 8, "util": [4, 6, 7, 9, 12, 13, 14, 18, 19], "utmost": 19, "uuid": [8, 9, 12, 14], "uuid4": 8, "uy2vfywxsb3dhbmnliiwgdhj1zv0": 6, "v": 16, "v1": [4, 6], "v1_5": 0, "v2": [7, 8, 11, 16], "v4": [8, 14], "v9ynfxhkxpohqsmmulvibkrwfpepdf4qwdonmdojmroxr5j4hshh9mbem5qohh_pde62i1tlc36c65jfya7x3a": 8, "valid": [1, 4, 5, 6, 7, 8, 9, 12, 13, 14, 17, 18], "validfrom": [6, 9, 12], "validityinfo": [6, 9, 12], "validuntil": [6, 9, 12], "valu": [0, 2, 6, 7, 8, 9, 11, 12, 13, 14, 17, 18, 19], "value_typ": [6, 7], "valuedigest": [6, 9, 12], "valueless": 14, "van": 3, "var": 18, "vari": [4, 17, 18], "variou": [12, 13, 17, 19], "vbexjksm45xphtanncig6mcyuu4jfgnzopgukvogg9c": 18, "vc": [4, 5, 7, 8, 11, 12, 13, 16, 17, 18], "vc_claim": 6, "vct": [6, 7, 8, 11], "vctm": 6, "vdflegzxmm84sjlpbzd4tu1ymk1jegfhou05ugvkvnfytwnbiiwgillyyy1zlvdtcjrl": 6, "vdiiwieci6imw4dezyahgtmzr0vjnoukldukrzoxpda0rscejorjqyvvfvzldwqvdcr": 8, "vector": 0, "vehicle_category_cod": [9, 12], "vendor": 18, "ventola": 3, "verif": [6, 8, 9, 12, 14, 15, 17, 18, 19], "verifi": [4, 5, 6, 8, 9, 11, 12, 13, 15, 16, 17, 18, 19], "vernini": 3, "version": [3, 4, 6, 7, 9, 12, 16, 18, 19], "vet": 4, "via": [3, 6, 8, 9, 12, 17, 18], "view": [5, 8, 19], "vital": 19, "vladimir": 3, "volum": 17, "voluntarili": 19, "voucher": 1, "vp": [4, 12, 13], "vp_format": [7, 11, 17], "vp_formats_support": [12, 13, 18], "vp_token": [12, 13, 14, 18], "vqi": 6, "vulner": [0, 4], "vwh1vxh6m2dnmnzjrvpmzvljajyxs2fziiwginmxwes1zjjwttmtyuzuyxvyag12zdlw": 6, "w3c": [6, 16], "w8q7fjh9bearf8lm7rqrxavc": 8, "wa": [4, 6, 8, 12, 13, 14, 18, 19], "wai": [4, 6, 8, 17, 18], "wait": [8, 12, 13, 16], "wallet": [1, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13, 16], "wallet_provid": [5, 17], "wallet_relying_parti": [5, 17], "walletattest": [7, 11, 12, 13], "walletprovid": 18, "want": 15, "war": 18, "we": [3, 6], "web": [7, 8, 11, 12, 13, 14, 16, 17, 18, 19], "webpath": [12, 13], "webserv": [12, 13], "websit": [5, 17, 19], "weinberg": 16, "welcom": 3, "well": [1, 4, 6, 7, 8, 11, 12, 13, 14, 17, 18, 19], "were": 18, "what": [2, 5, 8, 15, 17, 18], "when": [1, 4, 6, 8, 9, 12, 13, 14, 17, 18, 19], "whenev": 14, "where": [3, 4, 6, 7, 8, 11, 12, 13, 14, 17, 18, 19], "whether": [6, 8, 12, 13, 17, 18], "which": [1, 3, 4, 6, 7, 8, 9, 11, 12, 13, 14, 15, 17, 18, 19], "while": [4, 6, 8, 10, 12, 13, 15, 17, 18], "who": [4, 8, 14, 15, 17, 18], "whom": [4, 15], "whose": [1, 12, 13, 18], "why": [12, 13], "wia": 8, "wierenga": 3, "window": 8, "wish": [6, 8], "within": [1, 4, 6, 7, 8, 9, 10, 12, 13, 14, 17, 18, 19], "without": [4, 6, 8, 10, 14, 15, 17, 18], "wnz1m09irjrqnfc0dmztvm9isvaxsuxpbersczd2q2vhzw1jiiwginkioiaiwnhqavdx": 6, "word": [4, 16], "work": 3, "workstat": [12, 13], "would": [3, 8], "wp": 18, "wqhydymfksp95ifqpzdedww4l7avna2fn4jcewhytbu": 18, "wrap": 0, "write": [12, 13, 19], "wryzxnvdxjjzsisimlhdci6mtu2mji2mjyxocwiyxroijoizlvieu8ycjjam0rantnf": 8, "wscd": [4, 18, 19], "wsr4exeytqdesmrl7spovfmbxixp12e4syqn": 6, "www": [7, 8, 12, 13, 18], "wyi2swo3de0tytvpvlbhym9tn": 6, "wyi2swo3de0tytvpvlbhym9tnxrtd": 6, "wyi2swo3de0tytvpvlbhym9tnxrtdlzbiiwgimdpdmvux25hbwuilcaitwfi": 6, "wyitt25um29fcgh6tdnnchjucvf0yud3iiwizg9jdw1lbnrfbnvtymvyiiwimdawmdawmdiixq": 8, "wyiwqux5szrfui1avuptekvkdw5htfdriiwiawf0iiwimtc0nzexotu5nsjd": 8, "wyiyr0xdndjzs1f2zunmr2zyeu5stj": 6, "wyiyr0xdndjzs1f2zunmr2zyeu5stjl3iiwgimlhdciside2odmwmdawmdbd": 6, "wyj2bmtvx2tjv2rsa1dpzzbonlrycdd3iiwiz2l2zw5fbmftzsisik1hcmlvil": 8, "wyj3tw1xykkztfrpmdvlajfolxnpwwhriiwiy29uc3rhbnrfyxr0zw5kyw5jzv9hbgxvd2fuy2uilciwil0": 8, "wyjbodvjefi1rezyoelfafzfqtzqzgnbiiwibglua19xcl9jb2rliiwiahr0chm6ly9xci5legftcgxllmnvbsjd": 8, "wyjbsngtmdk1vlbycfr0t": 6, "wyjbsngtmdk1vlbycfr0tjrrt": 6, "wyjbsngtmdk1vlbycfr0tjrrtu9xuk9biiwgimv4cglyev9kyxrliiwgijiw": 6, "wyjbsngtmdk1vlbycfr0tjrrtu9xuk9biiwginrhef9pzf9jb2rliiwgilrj": 6, "wyjgvu1iqm5hlwhllulawtzkovz1uknbiiwiymlydghfzgf0zsisije5odatmdetmtaixq": 8, "wyjhmdjou3jrzmpgwfe3sw8woxn5ywpbiiwgimnvbnn0yw50x2f0dgvuzgf": 6, "wyjhmdjou3jrzmpgwfe3sw8woxn5ywpbiiwgimnvbnn0yw50x2f0dgvuzgfu": 6, "wyjhwhrynxnuetctvevpblhzajnmdgdbiiwicg9ydhjhaxqilcivowovnefbuvnrwkpsz0fcqvffqkxbrxnbquqvnffcv1jyahbaz0fbvfuwqutnqufbqwdbqkffyufbvufbqufcqufbqvbnrwjbqvvbqufbqkfbqufsz0vvqufnqufbqujbqulbqufjvefbtufbqufcquffqufbqufbqufbquffc0fbqufbuufbqvn3qufbquivkzbbtezcb2izunzjmmh2y0nbekxqqufprupkvffrrufbqufbqufqsefgyufbtwjkvwnjqvfbqufnquvbuc9orelgb2riundpath2ym5ndvlxunzzbvv1wti5dewzaghjqzh4tgpbdkfedy9lsejowtj0bgrdqmlav2rwymowbjc3ds9keujwwkqwblz6vk5nrtf3utjwb2fvadzjbvzuzws1vvkzchjzemxrsno4k0nqedrpbmh0y0cxbgrhrwdlrzfzym5nnmvemg5zv1j2ww1vnmjuttziv1ywwvm4bklizzzlrzf3zedzouowbhrzv2rst2pwrmvhbg1wrzl2yknbee1dnhhnq2mrq2p4evphwtzva1jhsuhodgjhnxppbkprwmowbmfiujbjrg92tdnkm2r5ntnnetv2y21jdk1uazvpuzh3twk4eu1pmxlar1l0yznsdwrhrjrmvzv6sxljk0nnb2dqseprwmpwrvpytmpjbwx3zedsdmjpqnlar1k2wvdkdmryutlkewnlsuncngjxehvjenawyvdabvbtzg9ksfj3t2k4dmjutxvzv1j2ww1vdvkyoxrmm1jwwm1zdk1tnhdmewmrq2lbz1biunbabvk2vw1wemiyedfkr2x2ymxwdwfyustnand2zedsbvpqcfnawe52ykhwmgfxoxvwvzvwzeq0s0ldqthkr2xtwmpwwvvtvnpimngxzedsdmjqnhpnref2tvr3dmrhbg1aanbzvw1wemiyedfkr2x2ymo0s0ldqthkr2xtwmpwwlvtvnpimngxzedsdmjqnhpnref2tvr3dmrhbg1aanbavw1wemiyedfkr2x2ymo0s0led3zjbvjtt2tsbgmytnlhweiwyvc5dvbnb0tjrhh5wkdznljhvnpzm0pwy0hscgiyngdjbvjtt21gawizvjbqu2nuq2lbz2vhmxnibk02zucxd1rvmdlkmmgwzehbnkx5oxvjetvowkc5avptnwpimjb2zudgd0x6rxvnqzl0ylm4blbnb2djrhg0ylhctlrucevimk4xyldwdwrfbevqbuzryjjkbe9tunzzmmxrt25omgiytnjpamxqtmpabvpuzgxmvfkzwtjrde5ettrzeta1wlrobuxusxdpree1tkrobu9uwtjavhd2zucxd1rvmdzsrzlqzfcxbgjuukpsrdrlsunbogvhmxduvta2u1c1emrhrnvzmlzkukq1ngjyqxvhv2xrt2psae16zzbzvfuxtfdjek1uz3ror05rwvmwne4yvxpmve14tvrzd00ytmhaveuzt0r3dmvhmxduvta2u1c1emrhrnvzmlzkukq0s0led3zjbvjtt2tsbgmytnlhweiwyvc5dvbnbzhmm0prwmpwu1jfwstdand2zurwngjyqnrawfjougdvz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0npqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqutjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjqw9nsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnq2lbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbs0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0lbb2djq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwddaufnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0flsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsufvz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0npqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqutjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjqw9nsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnq2lbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbs0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0lbb2djq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwddaufnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0flsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsufvz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0npqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqutjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjqw9nsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnq2lbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbs0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0ldqwdjq0fnsunbz0lbbzhqm2h3wvdoclpyuwdavzvrufnkm0p6ocsvoxnbuxdbrkf3uuvcqu1gqkfrrujrvuzcz2nnq0fjsej3y1bdd3nkrejfuevosvjeeevsrxhzy0z4tvvhafvsrvjnaedcb2riujhmshhnwelpuwliavfjsgg4zs85c0frd0vgqlfvsejny09dqwdpsghrukzcngviadrlsgg0zuhongviadrlsgg0zuhongviadrlsgg0zuhongviadrlsgg0zuhongviadrlsgg0zuhongviadrllzhbquvrz0jhquzvqxdfukfbsvjbuu1sqwyvrufcmefbuufcqlffqkfrqufbqufbqufbqufbqudbuvviq0frrufnuc94qujdruffqufrtunbz01oqlfvsejrqufbqufbqvfjrejbvudceevotvzfsuvotvvgeupcvm1geg9hvfnrb0dsa3nfak1rt0nvafvxww5lrhnzsvlobeoxcy8vrufcwujbuuvcqufbqufbqufbqufbqufbqufbqujbdi9fqujzukfrrujbqufbqufbqufbqufbqufbqufbukfml2fbqxdeqvfbq0vrtvjbrdhbm0xbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufcnxrtejhmve1hn25hamwytvrgcza5own2whjrvvvvujj6ttlfqxdudmz1bhrwnlzjcnh0ddrpvhixnm5usgh1zmdnzm43s3fvbxfyn3flwhrjtvy2mtntwevqtnvut0jscedsmgvptfdotjjxuhzybvkrq3dxwhk5y1zllzc3kzgxuhu4uxnjdjloqmv0rjdwtgliafhjblbvmgpws1burjnhbtfwudmwvevmqwd5chnqdwx0cdzyy294dhlzt1rvtjzybehodwzoogzun2fxwwlxbjc2zvh0u0robw01k0zxzuzhenrpetdhwgkzcwurddnytnllnks0n1ltt2lrzwtbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbquffttryofjkqzrlyuy0oxfkvtm4dtl6chc4sznwrvhmovvmn2fzou5vouvlmmvvqtb2ngs4uxr6yisxt2nywe15zkzxs3bushdivxpgaxhic3a5tlgrs2vjkzdxvvjkuufbqujmzuczruxjmndkvgplmfbnbnhhdxfkeu1hn016wxz4n2fmulyvawpsuhy2a0c2senqauxvwevquxzide1xbxhsmmvwt1powetvbtvzcw4vzfrqb3fqb24yvhpoqk13qufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqvdqzm01ou4yzhrytznecxrmteh4yu9jvvjqblhhntzlyutmylzqs1bqnkfhrwi4m1zxkzg5elpxdjz6ztcvsxz6ew90mho1bgkzsdd0dwlqulrieg5uttlncuxfb0fbqufbqxz1dzkxyxzzemmythiralh1ohlmrthxn2rvk1pmdhorowjyajawejhknvrivenezmzzztu5tjnqdfhcm0rwvmzqshlxt2mwvfbuv3e0nktxs3zivfbpugo2vuy4qufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqnfsm1l1ohe5vdnkajdregjzk0o2vfrgm0ppsjzlogl1bm5iuc9muk1mzlhlne1es0fbqufbqufbttg5edf2s3zutjnarzbnctdqawvxmhpkeg9tzwlqsw9wnxp5l3pvulazmfftamjkqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufck2vuzhqytwu1znuxzddiddb6wfzqwkvsemtit1rjk3jydguzshfxddvgvxpkejhxnwtwznpwve1sotbjbys1umjsqufbqufbqufgedj4cte3uwr4nmjyzvbwtvhjret0nuzqohrvve1mzkhpuhzrzec4ytdidjq5ds9hctc2m2nwaxvtztjkam5drdlbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqvi3avhmcxh1sfc1twlpzvzwdlnzcxftzmjgcw9itytpt1zgtwrrukrrcufbqufbqufbq2xjyzzlbzdzbufkru9hbctysjrkymj5szu1mvhos3hhcxa5czjxv1jjuufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufxwgztslzxr3lozhdhstuxnudtnuzxbvbivmjxaufjnktpbwltwjdjyuzrqufbqufbqufvcjzls3bqc2tiumzzzupwcct5tkn3ytq1vjqrbtq5cxfqylricglxumvnqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqvvxauppww1py0e1nthuzhyztnjjuu5imet1awfhy1hncjheempydfzumzf1znkxuw9qawdbqufbqufbq1i4txr2m04wy1fortblawlhcwnytw84tnlqcxrvejmxewz5mhlnnkdveevsrvjis0vguufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbytnkmlrzv3uvalltkzlqc3pwt1bur0xxvvv4l0q1l3m3ays2wm1twi94vtlpne5zrkfbqufbqufbr3ovy2jirnjzwtjydnzvte0wemtvemk2ykzvzncrzjdtnuh2bulwai9bqzfkcwfoa1vbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufibjfiq3hkundmk0juv0tnakz5tgrwctlhcmpuvfhsvkhlww4yvefosgvpwereudrkn2hud1zgm0kwsexybwnis21pzmurbndwyytpdu8zn1vkugjfvvk1vufbqufbqvphnec4tu0vaup1r1bdmfhjzlfju3vkennxstvkotzmqlvul3ddyzl2mlk2zxlkzznpmdddegrpd0xhqmcys01mrng3ze5xemfvamxuuljusetjajjsq0qwqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbque4rzrorzb2wdljeu5kmwpdczv1rmtvotdkcznznxhwsdzusfhfedb4ufvevtdpmznqbxzizxuzdfmyalrlmxztzwmxzux4mdvwau96bc9fajj4ntnishbxaknoewl1m2nyddnlyxflnko1vjaxunlxcg5zbuo2wwxsogdbqstyzezketvsynqwmvyxmxp5b3bwam5wvlbarviweklnm2nktzu4mtdjtjj6cvc3cwiyawfuemlyegvlakt2edjjdjrjztjmtzdjoutvylk3zjbiuzlbmgpimg5soet6aflxufqzdhf6ywpsrk1mck05y3pqve05yuqzz0fbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufby3dlrfu5wjbqvetactfmvk1iq3bqcm5jeutmy2yxvefjsnjpqndlngxabhpgewiym2ryejzqtjhkajvwrk9sshvyb21lcctnqwhldgr5oxrysxjtdlnkd2f4cdhuowk3rkyrbvb4auorszbxyi9wv283ly9btdvxnzmvmwtjly9bs0zgntbydvh0ctq5y1y2dhvev05ravbzv29vc1v6k0vwvdhtawfhtmdjshvhdvpiegnhoxqzu00rdnpmq1phvljwa1q3njy1bxfqaendzdzack9ryw5urldtnnbnnxrnovu0k1jsy2orbvpcnytzqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufmsnzezg0zzg82zc9hrzr0v3h0uhnuuetqd2xyt3e1ufpsvehuvlq3swlrwwixm3vvdhm0otjxalj0dtzycu1smvhmmwrhufrwn284nnjsnzrowulactnkumjvdmq5r21iyjbqrxbucw0vzhvynm8vrhzzsuloctnidmlobnhwvfryoxjdb243t0pomjzpwdmxulzqeeljanerk041nnzfehfxnjliexfanjzhczj1s2z5ee1soefskzvnm0s1cnvmdetwkzfyntavaktpbnbpzlrivlbzq1jhuhzuzw1rvvjimhpkbxq0dhvpcwlqtnjtbva1wm1zuvhmexzjvgu4nzmrk3vxohzmunovqui3mgd0r3nintnwctlfmjlum1pyzvzibnjvcnphnhbuk1dkaufsmzb6uhbucm50vvz0ek51dus3zjdpcvb0vwviudr3q1fhunzqzwvrukvhynv2vzhxbu9xbw5ocm1uohn6twzcqkx0sjq5ofvnq0thyxrmdfp0rwvqthc3zgzqnzzzcg40a0v2mg51b3qwv2u5alu5ddzsbdb4mxpzdtnmrluvajmwruv6mex1b3rznuyybwpxzhzhcnawvdezte5kr1jusdnlylz5otbtuvprmmz1emj1n3rpl3reynvywtjvv0lubfg0t3jsvmjuc3jwbnpxwjlreendowdbqufbqufbqufbqufbqufbqufbqufbqufbqwhur0hmdur3otjmzdfqsw9wdjvkexj3t0zqvfz5oe5kbu9julbavevktxoyujj6qu5htji3ajfuzfd1whramtdpdvptwmruotzyb3bvcdlgrkzqvlrusg9pugpqu290s2dbqufbqufbqufbqufbqzdiuznick8xzgnznnpvv2rjdzh5mva3mvbuvfhunmflnmvxcw1lewzoufnnm240ugi5d2vjv3o3v3nzouzoakx0mwvcemnhs3vmz2jzunptstdhwmpwawv5ztjkuvrnqufbqufbqufbqufbqufbqufbqufbqufbqudtzmrkn2l2yxr4vhewzuxremk2tmowv2flww5voepjaus2nnzmew1pudvwd1livufbqufbqufbqufbqufbqufabddrvgnwn1nls2rpanpjbu1yv2nldxpyve05sghmy1ryuly3k1vwec9nbwpjdefbqufbqufbqufbqufbqufbqufbqufbqufucujvrnh5ditny1lkmtnpzlzxzhlqohnsvc94wejerkfbqufbqufbqufbqufbquffejrhmy9gk01pmuxuuhixtznsk2fkcc81sm8zowpxuufbqufbqufbqufbqufbqufbqufbqufbqupcenm0adviamuvoefjv1z6nstgmvhlcwlmovdwullsqufbqufbqufbqufbqufbquy5ngvasgltlzl1nvhqbdrmvmnxcvovmwfvsfjprufbqufbqufbqufbqufbqufbqufbqufbquzlcgllwm1lauk2uwmyzfv2vgthbmw1rtlnm2npnwmvtlhnl3fvohlnqufbqufbqufbqufbqufbrda2wgvusdfqrxljnkp0wkz1nstxduovukiwbxbtsnbpwtzzbnbrvkfbqufbqufbqufbqufbqufbqufbqufbqjrkd1gvrmrdejhtwjvsyxhydgy0vvrqnke1dvvuem9wcw5ybulsb1zbqufbqufbqufbqufbqufbqln1zvzgvlvky1jnzzzsn2z2k05hrmdatvr6atdqv3eveg9pzjfashvbqufbqufbqufbqufbqufbqufbqufbqujit0thukdkdzmztgs4k1hnoup5wmlmyjrlb0hqr21pvk1smljftknvqufbqufbqufbqufbqufbqutwunpwbu8ysmdiutdozmtsbdhooxraufbunfrty2fabjirq3barwpbqufbqufbqufbqufbqufbqufbqufbqujctzzdevbgdurhnnjrvhk1nmzyyi9otvuvcurrdwv1v2hrqufbqufbqufbqufbqufbquzznjrcdnazuhvsnhp3wtjyy21lzkxunkxmnvptbjlhuk93qufbqufbqufbqufbqufbqufbqufbqufzlzdvckn5yy9ndhvishhls3e3be9mrjjhyvk1ek5odxvtdxirbw1ryuh0qufbqufbqufbqufbqufbqufbrgzedwrjtep3t0mymmnmtg9xb3uxwxmzwxbxamxnvtnlnne2zjzhb1phuufbqufbqufbqufbqufbqufbqufbqufbqwzoewlpn2jxddnls2e2s29ts3fhbzv4tvqxee1bmwi0cgr6zhfsr3fydfeysgn4nytgzxftcu5pdjnmqjeysm43tkzjk2jwvdjstxhnzfhpvm9nugtinhercs93qtlzk3nvzvfmaxi2ci9brdfqnnlonuirs3zxdjhbufdqcktia0g0cstxl3dbovkrc29luwzpcjzyl0femwo2ewg1qitldnf2oefqv1bys0hrsdrxk3evd0e5wstzb2vrzmlynnivquqxajz5advck0t2cxy4qvbxuhjlsgtinhercs93qtlzk3nvzvfmaxi2ci9brdfqnnlonuirs3zxdjhbufdqcktia0g0cstxl3dbovkrc29luwzpcjzyl0femwo2ewg1qitldnf2oefqv1bys0hrsdrxk3evd0e5wstzb2vrzmlynnivquqxajz5awzjtgu1dtftdlzmt29iohvzowpdczfsvk9uv0x2aes3ohg5bxv1ue5wcddzavptzxjuqlj0smjvb3rxnmjkdwltawltswltbw1pvvjfzfvsq0q2qufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufcly9ail0": 8, "wyjjq0zdexljv1j4alzinkzurvr5otd3iiwidgf4x2lkx2nvzguilcjsu1nnuke4mfiwmug1mdfcil0": 8, "wyjlbhvwnu9nm2dttkljoevzbnn4qv9biiwgi": 6, "wyjlbhvwnu9nm2dttkljoevzbnn4qv9biiwgimrvy3vtzw50x251bwjlcii": 6, "wyjlbhvwnu9nm2dttkljoevzbnn4qv9biiwginvuaxf1zv9pzcisicj4ehh4": 6, "wyjlbhvwnu9nm2dttkljoevzbnn4qv9biiwginvuaxf1zv9pzcisicj4ehh4ehh4ec14": 6, "wyjlsthav205uw5luhbougvozw": 6, "wyjlsthav205uw5luhbougvozw5izg": 6, "wyjlsthav205uw5luhbougvozw5izghriiwgimzhbwlsev9uyw1liiwgiljv": 6, "wyjqyzmzsk0ytg": 6, "wyjqyzmzsk0ytgnoy1vfbehnz3zfdwzriiwginrhef9pzf9jb2rliiwgilrj": 6, "wyjrz19pnjr6cuf4ztqxmmexmd": 6, "wyjrz19pnjr6cuf4ztqxmmexmdhpcm": 6, "wyjrz19pnjr6cuf4ztqxmmexmdhpcm9biiwgimjpcnrox2rhdguilcaimtk4": 6, "wyjvrudnavzqaxv1dejvby1wctd6wurbiiwizmftawx5x25hbwuilcjsb3nzasjd": 8, "wyjvsefhawz1bzlotw9pbkvdu0loog9riiwizxhwaxj5x2rhdguilciymdmwltaxltewil": 8, "x": [1, 6, 7, 8, 9, 11, 12, 13, 14, 17, 18, 19], "x20": 8, "x23": 8, "x2zomhngsdc4zlbrcxhmt3mzrmrzog9jd3o2qjzdam51cuhhufruowd0wq": 17, "x5c": [6, 17], "x5chain": 6, "x5d": 8, "x_509": 6, "xfahyomi54": 6, "xmw7apdlbmuw3t1urwi4nafmtkri": 17, "xr2pjyrjkgmnz4wmdnqd_ujsq4r95nj98b44": 18, "xrtdlzbiiwgimdpdmvux25hbwuilcaitwfyaw8ixq": 6, "xxx": 6, "xxxx": 6, "xxxxxxxx": 6, "xxxxxxxxxx": 6, "xxxxxxxxxxxx": 6, "xxxxxxxxxxxxxxx": 6, "xxxxxxxxxxxxxxxx": 6, "y": [6, 7, 8, 9, 11, 12, 14, 16, 17, 18, 19], "y1ltc2": 8, "y2vfywxsb3dhbmnliiwgdhj1zv0": 6, "yasuda": [3, 16], "ylpnuudivldlvle0agjtswlyc1zmdwvjq0u2ddrqvdlgmkhausj9fx0": 6, "you": 3, "your": 4, "yqyvnmcw6fy1dqd": 8, "yrc": 6, "yvbn": 6, "ywy2ntnjzdczzjywnzhimwyilcaidmvyawzpy2f0aw9uijogeyj0cnvzdf9mcmftzxdv": 6, "yxr1c19hc3nlcnrpb24ioib7imnyzwrlbnrpywxfagfzaf9hbgcioiaic2hhlti1nij9": 6, "yxrpb24ioib7inrydxn0x2zyyw1ld29yayi6icjlawrhcyisicjhc3n1cmfuy2vfbgv2": 6, "yyyi": [6, 7], "zecca": [9, 12], "zneybzhkowlvn3hntvgytul4yuc5ttlqzupwcxjny0eilcaiwxjjlxmtv1nyngv4rvl0": 6, "zspe_neo": 8, "zu": 16, "zvdghcmclmvwluggsgpskcpkehz4u9owj1sliblcc1o": 6, "zwwioiaiaglnacisicjldmlkzw5jzsi6ihsibwv0ag9kijogimnpzsj9fswgil9zzf9h": 6, "zxjiwwbzmqghvwkvq4hbsiirsvfuecce6t4jt9f2hzq": 6, "\u00e5": 16}, "titles": ["Cryptographic Algorithms", "Authentic Sources", "backup-restore.rst", "How to contribute", "Normative Language and Conventions", "The Italian EUDI Wallet implementation profile", "PID/(Q)EAA Data Model", "Entity Configuration of PID/(Q)EAA Providers", "PID/(Q)EAA Issuance", "Proximity Flow", "Pseudonyms", "Entity Configuration of Relying Parties", "Relying Party Solution", "Remote Flow", "Credential Lifecycle", "The Digital Identity Wallet Paradigm", "Technical References", "The Infrastructure of Trust", "Wallet Attestation", "Wallet Solution"], "titleterms": {"The": [5, 15, 17], "about": 17, "access": 8, "acknowledg": 3, "acronym": 4, "algorithm": 0, "anchor": 17, "api": 17, "assert": 14, "attest": [17, 18, 19], "attribut": 2, "authent": 1, "author": [8, 12, 13], "backup": 2, "case": 14, "cbor": [6, 12, 13], "chain": 17, "check": [12, 13], "claim": 6, "code": 2, "common": 17, "compon": 18, "configur": [7, 11, 17], "consider": [2, 10, 17], "content": 5, "contribut": 3, "convent": 4, "credenti": [6, 8, 14], "cross": [12, 13], "cryptograph": 0, "data": 6, "deactiv": 19, "decentr": 17, "defer": 8, "defin": 4, "detail": [12, 13], "devic": [9, 12, 13], "digit": [6, 15], "dynam": 18, "eaa": [6, 7, 8], "endpoint": [8, 12, 13, 17, 19], "engag": [9, 12], "entiti": [7, 11, 17], "error": [12, 13, 14], "eudi": 5, "evalu": 17, "exampl": [6, 7, 10, 11], "extern": [2, 19], "fast": 17, "feder": 17, "federation_ent": [7, 11, 17, 19], "flow": [8, 9, 12, 13, 14], "format": 6, "function": [14, 17], "gener": [2, 8, 10, 17], "header": [8, 19], "high": 8, "how": 3, "http": [8, 12, 13, 14, 18], "i": 10, "ident": 15, "implement": [2, 5, 10], "index": 5, "infrastructur": 17, "initi": [18, 19], "instanc": [14, 18, 19], "intermedi": 17, "introduct": 5, "issuanc": [8, 18], "italian": 5, "jwt": [6, 12, 13], "languag": 4, "leav": 17, "level": 8, "librari": 2, "lifecycl": [14, 18, 19], "live": 17, "long": 17, "low": 8, "mdoc": [6, 9, 12, 13], "mechan": 17, "metadata": [6, 7, 11, 17, 19], "mobil": 6, "model": 6, "namespac": 6, "non": [6, 17], "norm": [4, 6], "notif": 8, "oauth_authorization_serv": 7, "object": [6, 12, 13], "offlin": 17, "openid_credential_issu": 7, "oper": [14, 19], "par": 8, "paradigm": 15, "paramet": [6, 8, 17, 18], "parti": [11, 12, 17], "pattern": 1, "payload": 19, "pid": [6, 7, 8], "possess": 14, "post": [12, 13], "present": [12, 13, 14], "privaci": 17, "process": 19, "profil": 5, "proof": 14, "properti": [2, 10, 17], "provid": [7, 19], "proxim": [9, 12], "pseudonym": 10, "push": 8, "q": [6, 7, 8], "redirect": [12, 13], "refer": [2, 16, 19], "registr": 18, "reli": [11, 12, 17], "remark": 17, "remot": [12, 13], "renew": 17, "repudi": 17, "request": [8, 9, 12, 13, 14, 18], "requir": [2, 8, 10, 14, 17, 18, 19], "respons": [8, 9, 12, 13, 14], "restor": 2, "return": 19, "revoc": [14, 18], "role": 17, "rst": 2, "sd": [6, 12, 13], "secur": [1, 6, 12, 13], "session": [9, 12], "snippet": 2, "solut": [12, 19], "sourc": 1, "state": [18, 19], "statement": 17, "static": 18, "statu": [12, 13, 14], "technic": [8, 16], "term": 4, "termin": [9, 12], "token": 8, "transit": [18, 19], "trust": 17, "type": [6, 17], "uri": [12, 13], "us": [10, 14], "valid": 19, "vc": 6, "verifi": 14, "view": 18, "wallet": [5, 14, 15, 17, 18, 19], "wallet_provid": 19, "wallet_relying_parti": [7, 11], "what": 10}}) \ No newline at end of file diff --git a/ia-terms-updates/en/ssi-introduction.html b/ia-terms-updates/en/ssi-introduction.html new file mode 100644 index 000000000..d22b7e8c0 --- /dev/null +++ b/ia-terms-updates/en/ssi-introduction.html @@ -0,0 +1,221 @@ + + + + + + + + The Digital Identity Wallet Paradigm — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

The Digital Identity Wallet Paradigm

+

The Digital Identity Wallet Paradigm refers to a new architecture in Identity and Access Management (IAM) that improves the privacy and grants complete control and ownership over the personal data by their owner, the Users. +Users possess their digital documents and determine to which actors they present these documents, with the ability to revoke the use of said documents, all while maintaining a history of their activities.

+

The main difference between this new approach and the traditional IAM infrastructure is that during the presentation phase there are no intermediaries between the Wallet and the Relying Party, while in the SAML2 or OIDC based infrastructure an Identity Provider is always involved, knowing which services a citizen is accessing to.

+

SSI is also significant in the field of data exchange and data governance. This is relevant at both national and European levels, including the new eIDAS Regulation. In fact, it envisions a login option designed for European Users - be they citizens, public administrations, or companies - who want to access another Member State's services using their national authentication systems.

+

The main roles in an Wallet ecosystem are are listed as follow:

+
+
    +
  • Issuers: parties who can issue digital credentials about a person;

  • +
  • Verifiers: parties who request Holders' digital credentials for authentication and authorization purposes;

  • +
  • Holders: individuals who own a Wallet and have control over the digital credentials they can request, acquire, store, and present to verifiers;

  • +
  • Verifiable Data Registries: Authorities that publish certificates, attestations, metadata, and schemes needed for allowing the trust establishment between the parties.

  • +
+
+

In this model, the credential Issuer (e.g., an educational institution) provides digital credentials to the User, who can store them in their digital Wallet. +The Wallet typically comes in the form of an application on the User's mobile phone.

+

Other key elements that characterize an SSI system include:

+
+
    +
  • Privacy and control: Wallets enable individuals to maintain control over their personal data. They can choose what information to release, to whom, and for what purpose;

  • +
  • Security: Wallets leverage cryptographic mechanism to ensure the integrity and security of identity information. It avoids the risk of identity theft, fraud, and unauthorized access since the data remains under the individual's control;

  • +
  • Interoperability: Wallets promote interoperability by enabling different systems and organizations to recognize and verify identities without relying on a central authority. This allows for seamless and trusted interactions between individuals, organizations, and even across borders;

  • +
  • Efficiency and cost reduction: individuals can manage their own identities, eliminating the need for multiple identity credentials and repetitive identity verification processes. This can streamline administrative procedures, reduce costs, and enhance the user experience.

  • +
+
+
+ + +
+
+
+
+ + +
+
+ + + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/standards.html b/ia-terms-updates/en/standards.html new file mode 100644 index 000000000..0bdaf8bfb --- /dev/null +++ b/ia-terms-updates/en/standards.html @@ -0,0 +1,328 @@ + + + + + + + + Technical References — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

Technical References

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

OID-FED

Hedberg, R., Jones, M.B., Solberg, A.Å., Bradley, J., De Marco, G., Dzhuvinov, V., "OpenID Federation 1.0", May 2024, Draft 36.

OpenID4VCI

Lodderstedt, T., Yasuda, K., Looker, T., "OpenID for Verifiable Credential Issuance", February 2024, Draft 13.

SD-JWT-VC

    +
  1. Terbu, D.Fett, B. Campbell, "SD-JWT-based Verifiable Credentials (SD-JWT VC)".

  2. +
+

EIDAS-ARF

EUDI Wallet - Architecture and Reference Framework.

OpenID4VP

Terbu, O., Lodderstedt, T., Yasuda, K., Looker, T., "OpenID for Verifiable Presentations", November 2023, Draft 20.

PresentationExch

Presentation Exchange 2.0 for Presentation Definition.

RFC 2119

Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels" BCP 14, RFC 2119, March 1997.

RFC 2616

Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, “Hypertext Transfer Protocol -- HTTP/1.1,” RFC 2616, June 1999.

RFC 3339

Klyne, G. and C. Newman, "Date and Time on the Internet: Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002.

RFC 3986

Uniform Resource Identifier (URI): Generic Syntax.

RFC 7159

Bray, T., “The JavaScript Object Notation (JSON) Data Interchange Format” RFC 7159, March 2014.

RFC 7515

Jones, M., Bradley, J. and N. Sakimura, "JSON Web Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May 2015.

RFC 7516

Jones, M., Hildebrand, J., "JSON Web Encryption (JWE)", May 2015.

RFC 7517

Jones, M., "JSON Web Key (JWK)", RFC 7517, DOI 10.17487/RFC7517, May 2015.

RFC 7518

Jones, M., "JSON Web Algorithms (JWA)", May 2015.

RFC 7519

Jones, M., Bradley, J. and N. Sakimura, "JSON Web Token (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015.

RFC 7638

Jones, M., Sakimura, N., “JSON Web Key (JWK) Thumbprint”, September 2015.

RFC 7800

Jones, M., Bradley, J. and H. Tschofenig, "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)", RFC 7800, DOI 10.17487/RFC7800, April 2016.

RFC 8174

Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", RFC 8174, DOI 10.17487/RFC8174, May 2017.

RFC 8725

Jones, M., D. Hardt, Sheffer, Y., "JSON Web Token Best Current Practices", February 2020.

JARM

Lodderstedt, T., Campbell, B., "JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)", November 2022.

RFC 6749

The OAuth 2.0 Authorization Framework.

RFC 9449

    +
  1. Fett, B. Campbell, J. Bradley, T. Lodderstedt, M. Jones, D. Waite, "OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)".

  2. +
+

RFC 9207

Meyer zu Selhausen, K., Fett, D., "OAuth 2.0 Authorization Server Issuer Identification", March 2022.

RFC 7521

Campbell, Mortimore, C., Jones, M., Goland, Y., "Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants", May 2015.

OPENID4VC-HAIP

Lodderstedt, T., K. Yasuda, "OpenID4VC High Assurance Interoperability Profile with SD-JWT VC".

OAUTH-STATUS-ASSERTION

De Marco, G., Steele, O., Marino, F., "OpenID4VC High Assurance Interoperability Profile with SD-JWT VC", June 2024, Draft 2.

OAUTH-ATTESTATION-CLIENT-AUTH

Looker, T., Bastian, P., "OAuth 2.0 Attestation-Based Client Authentication", May 2024, Draft 3.

OAUTH-V2-JARM-04

Lodderstedt, T., Campbell, B., "JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)".

OAUTH-MULT-RESP-TYPE

de Medeiros, B., Scurtescu, M., Tarjan, P., Jones, M., "OAuth 2.0 Multiple Response Type Encoding Practices", February 2014.

ISO18013-5

ISO/IEC 18013-5 2020. Information technology — Personal identification — ISO-compliant driving license — Part 5: Mobile driving license (mDL) application. International Organization for Standardization.

OIDC

Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., Mortimore, C., "OpenID Connect Core 1.0 incorporating errata set 2", December 2023.

SD-JWT

Fett, D., Yasuda, K., Campbell, B., "Selective Disclosure for JWTs (SD-JWT)".

OAUTH-ATTESTATION-CLIENT-AUTH

Looker, T., Bastian, P., "OAuth 2.0 Attestation-Based Client Authentication".

USASCII

American National Standards Institute, "Coded Character Set -- 7-bit American Standard Code for Information Interchange", 1986.

MODI

"Linee Guida sull'interoperabilità tecnica delle Pubbliche Amministrazioni", November 2023, Version 1.2.

PDND

"Linee Guida sull'infrastruttura tecnologica della Piattaforma Digitale Nazionale Dati per l'interoperabilità dei sistemi informativi e delle basi di dati", December 2021, Version 1.0.

W3C-SRI

Akhawe, D., Braun, F., Marier, F., and J. Weinberger, "Subresource Integrity", 23 June 2016.

OIDC-IDA

Lodderstedt, T., Fett, D., Haine, M., Pulido, A., Lehmann, K., Koiwai, K., "OpenID Connect for Identity Assurance 1.0", 24 July 2024.

SPID/CIE-OpenID-Connect-Specifications

SPID/CIE OpenID Connect.

+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+ +
+
+
+ + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/trust.html b/ia-terms-updates/en/trust.html new file mode 100644 index 000000000..c9e5f9f0d --- /dev/null +++ b/ia-terms-updates/en/trust.html @@ -0,0 +1,989 @@ + + + + + + + + The Infrastructure of Trust — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

The Infrastructure of Trust

+

The EUDI Wallet Architecture Reference Framework (EIDAS-ARF) describes the Trust Model as a "collection of rules that ensure the legitimacy of the components and the entities involved in the EUDI Wallet ecosystem".

+

This section outlines the implementation of the Trust Model in an infrastructure that complies with OpenID Federation 1.0 OID-FED. This infrastructure involves a RESTful API for distributing metadata, metadata policies, trust marks, public keys, X.509 certificates, and the revocation status of the participants, also called Federation Entities.

+

The Infrastructure of trust facilitates the application of a trust assessment mechanism among the parties defined in the EIDAS-ARF.

+
+federation portrait +
+

Fig. 1 The roles within the Federation, where the Trust Anchor oversees its subordinates, +which include one or more Intermediates and Leaves. In this +representation, both the Trust Anchor and the Intermediates assume the role of Registration Authority.

+
+
+
+

Federation Roles

+

All the participants are Federation Entities that MUST be registered by an Registration Body, +except for Wallet Instances which are End-User's personal devices certified by their Wallet Provider.

+
+

Note

+

The Wallet Instance, as a personal device, is certified as reliable through a verifiable attestation issued and signed by a trusted third party.

+

This is called Wallet Attestation and is documented in the dedicated section.

+
+

Below the table with the summary of the Federation Entity roles, mapped on the corresponding EUDI Wallet roles, as defined in the EIDAS-ARF.

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

EUDI Role

Federation Role

Notes

Public Key Infrastructure (PKI)

Trust Anchor

The Federation has PKI capabilities. The Entity that configures the entire infrastructure is the Trust Anchor.

Qualified Trust Service Provider (QTSP)

Leaf

Person Identification Data Provider

Leaf

Qualified Electronic Attestations of Attributes Provider

Leaf

Electronic Attestations of Attributes Provider

Leaf

Relying Party

Leaf

Trust Service Provider (TSP)

Leaf

Trusted List

Trust Anchor

The listing endpoint, the trust mark status endpoint, and the fetch endpoint must be exposed by both Trust Anchors and Intermediates, making the Trusted List distributed over multiple Federation Entities, where each of these is responsible for their registered subordinates.

Wallet Provider

Leaf

+
+
+

General Properties

+

The architecture of the trust infrastructure based on OpenID Federation is built upon several core principles:

+
    +
  • [P1] Security: incorporates mechanisms to ensure the integrity, confidentiality, and authenticity of the trust relationships and interactions within the federation.

  • +
  • [P2] Privacy: designed to respect and protect the privacy of the entities and individuals involved, minimal disclosure is part of this.

  • +
  • [P3] Interoperability: supports seamless interaction and trust establishment between diverse systems and entities within the federation.

  • +
  • [P4] Transitive Trust: trust established indirectly through a chain of trusted relationships, enabling entities to trust each other based on common authorities and trusted intermediaries.

  • +
  • [P6] Scalability: designed to efficiently manage an increasing number of entities or interactions without a significant increase in trust management complexity.

  • +
  • [P5] Delegation: technical ability/feature to delegate authority or responsibilities to other entities, allowing for a distributed trust mechanism.

  • +
  • [P7] Flexibility: adaptable to various operational and organizational needs, allowing entities to define and adjust their trust relationships and policies.

  • +
  • [P8] Autonomy: while part of a federated ecosystem, each entity retains control over its own definitions and configurations.

  • +
  • [P9] Decentralization: unlike traditional centralized systems, the OpenID Federation model promotes a decentralized approach. This ensures that no single entity has control over the entire system, enhancing privacy and security for all participants.

  • +
+
+
+

Trust Infrastructure Functional Requirements

+

This section includes the requirements necessary for the successful implementation and operation of the infrastructure of trust.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 1 Functional Requirements

ID

Description

[FR #1]

Federation Trust Establishment: the system must be able to establish trust between different entities (Credential Issuers, Relying Parties, etc.) within a federation, using cryptographic signatures for secure information exchange about the participants in the ecosystem.

[FR #2]

Entity Authentication: the system must implement mechanisms for authenticating entities within the federation, ensuring compliance with the shared rules.

[FR #3]

Signature Validation: the system must support the creation, verification, and validation of electronic signatures and provide standard and secure mechanisms to obtain the public keys required for the signature validation.

[FR #4]

Time Stamping: the signed artifacts must contain time stamps to ensure the integrity and non-repudiation of transactions over time, thanks to the interfaces, services, storage model and approaches defined within the federation.

[FR #5]

Certificate Validation: the system requires confidential transmission, secured via TLS over HTTP, and validation of certificates for website authentication, ensuring they meet eIDAS criteria.

[FR #6]

Interoperability and Standards Compliance: ensure interoperability between federation members by adhering to technical standards, facilitating cross-border electronic transactions.

[FR #7]

Data Protection and Privacy: implement data protection measures in compliance with GDPR and eIDAS regulations, ensuring the privacy and security of personal data processed within the federation.

[FR #8]

User Consent and Control: design mechanisms for obtaining and managing user consent, empowering users with control over their personal information.

[FR #9]

Audit and Logging: the system must minimize data, anonymize if possible, define retention periods, secure access, and storage encryption. This protects privacy while enabling security and accountability.

[FR #10]

Dispute Resolution and Liability: establish clear procedures for dispute resolution and define liability among federation members, in accordance with eIDAS provisions.

[FR #11]

Accessibility: ensure that the system is accessible to all users, including those with disabilities, aligning with eIDAS and local accessibility standards.

[FR #12]

Emergency and Revocation Services: implement mechanisms for the immediate revocation of electronic identification means and participants in case of security breaches or other emergencies.

[FR #13]

Scalable Trust Infrastructure: the system must support scalable trust establishment mechanisms, leveraging approaches and technical solutions that complement delegation transitive approaches to efficiently manage trust relationships as the federation grows, removing central registries that might technically or administratively fail.

[FR #14]

Efficient Storage Scalability: implement a storage solution that scales horizontally to accommodate increasing data volumes while minimizing central storage and administrative costs. The system should enable members to independently store and present historical trust attestations and signed artifacts during dispute resolutions, with the federation infrastructure maintaining only a registry of historical keys to validate the historical data, stored and provided by the participants.

[FR #15]

Verifiable Attestation (Trust Mark): incorporate a mechanism for issuing and verifying verifiable attestations that serve as proof of compliance with specific profiles or standards. This allows entities within the federation to demonstrate adherence to agreed-upon security, privacy, and operational standards.

[FR #16]

Dynamic Policy Language: develop and implement a dynamic, extensible policy language that allows for the creation and modification of federation policies in response to evolving requirements, technological advancements, and regulatory changes. This policy language should support the specification of rules governing entity behavior, metadata handling, and trust validation within the federation.

[FR #17]

Automated Policy Enforcement: the system must automatically enforce federation policies as defined by policy language and verifiable attestations, ensuring that all operations and transactions comply with current rules and standards.

[FR #18]

Decentralized Dispute Resolution Mechanism: design a decentralized mechanism for dispute resolution that allows federation members to independently verify historical trust establishment and signed artifacts, reducing reliance on central authorities and streamlining the resolution process.

[FR #19]

Adaptive Load Management: implement adaptive load management strategies to ensure the system remains responsive and efficient under varying loads, particularly during peak usage times or when processing complex tasks.

[FR #20]

Cross-Federation Interoperability: ensure the system is capable of interoperating with other federations or trust frameworks, facilitating cross-federation transactions and trust establishment without compromising security or compliance.

[FR #21]

Future-Proof Cryptography: the system should employ a flexible cryptographic framework that can be updated in response to new threats or advancements in cryptographic research, ensuring long-term security and integrity of federation operations.

[FR #23]

Autonomous Registration Bodies: the system must facilitate the integration of autonomous registration bodies that operate in compliance with federation rules. These bodies are tasked with evaluating and registering entities within the federation, according to the pre-established rules and their compliance that must be periodically asserted.

[FR #24]

Compliance Evaluation for Federation Entity Candidates: registration bodies must evaluate the compliance of candidate entities against federation standards before their registration in the federation.

[FR #25]

Periodic Auditing of Registration Bodies and Entities: implement mechanisms for the periodic auditing and monitoring of the compliance status of both registration bodies and their registered entities. This ensures ongoing adherence to federation standards and policies.

[FR #26]

Certification of Compliance for Personal Devices: trusted bodies, in the form of federation entities, should issue certifications of compliance and provide signed proof of such compliance for the hardware of personal devices used within the federation. These certifications should be attested and periodically renewed to ensure the devices meet current security standards.

[FR #27]

Certification of Compliance for Cryptographic Devices: similar to personal devices, personal cryptographic devices used within the federation must also receive certifications of compliance and signed proof thereof from trusted bodies. These certifications should be subject to periodic renewal to reflect the latest security and compliance standards.

[FR #28]

Transparent Compliance Reporting: develop a system for transparent reporting and publication of compliance statuses, audit results, and certification renewals for all federation entities. This transparency fosters trust within the federation and with external stakeholders.

[FR #29]

Automated Compliance Monitoring: the system should include automated tools for monitoring the compliance of entities with federation standards. This automation aids in the early detection of potential compliance issues.

[FR #30]

Secure Protocol Capabilities Binding: the secure protocol must enable the exchange of protocol-specific capabilities data as cryptographically-bound metadata attached to a specific identity. This metadata should define the technical capabilities associated with the identity, ensuring verifiable proof and tamper-proof association for robust trust establishment and access control.

+
+
+

Federation API endpoints

+

OpenID Federation 1.0 uses RESTful Web Services secured over +HTTPs. OpenID Federation 1.0 defines which are the web endpoints that the participants MUST make +publicly available. The table below summarises the endpoints and their scopes.

+

All the endpoints listed below are defined in the OID-FED specs.

+ ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

endpoint name

http request

scope

required for

federation metadata

GET .well-known/openid-federation

Metadata that an Entity publishes about itself, verifiable with a trusted third party (Superior Entity). It's called Entity Configuration.

Trust Anchor, Intermediate, Wallet Provider, Relying Party, Credential Issuer

subordinate list endpoint

GET /list

Lists the Subordinates.

Trust Anchor, Intermediate

fetch endpoint

GET /fetch?sub=https://rp.example.org

Returns a signed document (JWS) about a specific subject, its Subordinate. It's called Entity Statement.

Trust Anchor, Intermediate

trust mark status

POST /status?sub=...&trust_mark_id=...

Returns the status of the issuance (validity) of a Trust Mark related to a specific subject.

Trust Anchor, Intermediate

historical keys

GET /historical-jwks

Lists the expired and revoked keys, with the motivation of the revocation.

Trust Anchor, Intermediate

+

All the responses of the federation endpoints are in the form of JWS, with the exception of the Subordinate Listing endpoint and the Trust Mark Status endpoint that are served as plain JSON by default.

+
+
+

Configuration of the Federation

+

The configuration of the federation is published by the Trust Anchor within its Entity Configuration, it is available at the well-known web path corresponding to .well-known/openid-federation.

+

All the participants in the federation MUST obtain the federation configuration before entering the operational phase, and they +MUST keep it up-to-date. The federation configuration is the Trust Anchor's Entity Configuration, it contains the +public keys for signature operations and the maximum number of Intermediates allowed between a Leaf and the Trust Anchor (max_path_length).

+

Below is a non-normative example of a Trust Anchor Entity Configuration, where each parameter is documented in the OpenID Federation specification:

+
{
+    "alg": "ES256",
+    "kid": "FifYx03bnosD8m6gYQIfNHNP9cM_Sam9Tc5nLloIIrc",
+    "typ": "entity-statement+jwt"
+}
+.
+{
+    "exp": 1649375259,
+    "iat": 1649373279,
+    "iss": "https://registry.eidas.trust-anchor.example.eu",
+    "sub": "https://registry.eidas.trust-anchor.example.eu",
+    "jwks": {
+        "keys": [
+            {
+
+                "kty": "EC",
+                "kid": "X2ZOMHNGSDc4ZlBrcXhMT3MzRmRZOG9Jd3o2QjZDam51cUhhUFRuOWd0WQ",
+                "crv": "P-256",
+                "x": "1kNR9Ar3MzMokYTY8BRvRIue85NIXrYX4XD3K4JW7vI",
+                "y": "slT14644zbYXYF-xmw7aPdlbMuw3T1URwI4nafMtKrY"
+            }
+        ]
+    },
+    "metadata": {
+        "federation_entity": {
+            "organization_name": "example TA",
+            "contacts":[
+                "tech@eidas.trust-anchor.example.eu"
+            ],
+            "homepage_uri": "https://registry.eidas.trust-anchor.example.eu",
+            "logo_uri":"https://registry.eidas.trust-anchor.example.eu/static/svg/logo.svg",
+            "federation_fetch_endpoint": "https://registry.eidas.trust-anchor.example.eu/fetch",
+            "federation_resolve_endpoint": "https://registry.eidas.trust-anchor.example.eu/resolve",
+            "federation_list_endpoint": "https://registry.eidas.trust-anchor.example.eu/list",
+            "federation_trust_mark_status_endpoint": "https://registry.eidas.trust-anchor.example.eu/trust_mark_status"
+        }
+    },
+    "trust_mark_issuers": {
+        "https://registry.eidas.trust-anchor.example.eu/openid_relying_party/public": [
+            "https://registry.spid.eidas.trust-anchor.example.eu",
+            "https://public.intermediary.spid.org"
+        ],
+        "https://registry.eidas.trust-anchor.example.eu/openid_relying_party/private": [
+            "https://registry.spid.eidas.trust-anchor.example.eu",
+            "https://private.other.intermediary.org"
+        ]
+    },
+    "constraints": {
+        "max_path_length": 1
+    }
+}
+
+
+
+
+

Entity Configuration

+

The Entity Configuration is the verifiable document that each Federation Entity MUST publish on its own behalf, in the .well-known/openid-federation endpoint.

+

The Entity Configuration HTTP Response MUST set the media type to application/entity-statement+jwt.

+

The Entity Configuration MUST be cryptographically signed. The public part of this key MUST be provided in the +Entity Configuration and within the Entity Statement issued by a immediate superior and related to its subordinate Federation Entity.

+

The Entity Configuration MAY also contain one or more Trust Marks.

+
+

Note

+

Entity Configuration Signature

+

All the signature-check operations regarding the Entity Configurations, Entity Statements and Trust Marks, are carried out with the Federation public keys. For the supported algorithms refer to Section Cryptografic Algorithm.

+
+
+

Entity Configurations Common Parameters

+

The Entity Configurations of all the participants in the federation MUST have in common the parameters listed below.

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

iss

String. Identifier of the issuing Entity.

sub

String. Identifier of the Entity to which it is referred. It MUST be equal to iss.

iat

UNIX Timestamp with the time of generation of the JWT, coded as NumericDate as indicated at RFC 7519.

exp

UNIX Timestamp with the expiry time of the JWT, coded as NumericDate as indicated at RFC 7519.

jwks

A JSON Web Key Set (JWKS) RFC 7517 that represents the public part of the signing keys of the Entity at issue. Each JWK in the JWK set MUST have a key ID (claim kid) and MAY have a x5c parameter, as defined in RFC 7517. It contains the Federation Entity Keys required for the operations of trust evaluation.

metadata

JSON Object. Each key of the JSON Object represents a metadata type identifier +containing JSON Object representing the metadata, according to the metadata +schema of that type. An Entity Configuration MAY contain more metadata statements, but only one for each type of +metadata (<entity_type>). the metadata types are defined in the section Metadata Types.

+
+
+

Entity Configuration Trust Anchor

+

The Trust Anchor Entity Configuration, in addition of the common parameters listed above, MAY contain the following parameters:

+ +++++ + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Required

constraints

JSON Object that describes the trust evaluation mechanisms bounds. It MUST contain the attribute max_path_length that +defines the maximum number of Intermediates between a Leaf and the Trust Anchor.

check-icon

trust_mark_issuers

JSON Array that defines which Federation authorities are considered trustworthy +for issuing specific Trust Marks, assigned with their unique identifiers.

uncheck-icon

trust_mark_owners

JSON Array that lists which entities are considered to be the owners of +specific Trust Marks.

uncheck-icon

+
+
+

Entity Configuration Leaves and Intermediates

+

In addition to the previously defined claims, the Entity Configuration of the Leaf and of the Intermediate Entities, MUST contain the parameters listed below:

+ +++++ + + + + + + + + + + + + + + + + +

Claim

Description

Required

authority_hints

Array of URLs (String). It contains a list of URLs of the immediate superior entities, such as the Trust Anchor or +an Intermediate, that issues an Entity Statement related to this subject.

check-icon

trust_marks

A JSON Array containing the Trust Marks.

uncheck-icon

+
+
+

Metadata Types

+

In this section are defined the main metadata types mapped to the roles of the ecosystem, +giving the references of the metadata protocol for each of these.

+
+

Note

+

The entries that don't have any reference to a known draft or standard are intended to be defined in this technical reference.

+
+ ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

OpenID Entity

EUDI Entity

Metadata Type

References

Trust Anchor

Trust Anchor

federation_entity

OID-FED

Intermediate

Intermediate

federation_entity

OID-FED

Wallet Provider

Wallet Provider

federation_entity, wallet_provider

--

Authorization Server

federation_entity, oauth_authorization_server

OPENID4VCI

Credential Issuer

PID Provider, (Q)EAA Provider

federation_entity, openid_credential_issuer, [oauth_authorization_server]

OPENID4VCI

Relying Party

Relying Party

federation_entity, wallet_relying_party

OID-FED, OpenID4VP

+
+

Note

+

Wallet Provider metadata is defined in the section below.

+

Wallet Solution section.

+
+
+

Note

+

In instances where a PID/EAA Provider implements both the Credential Issuer and the Authorization Server, +it MUST incorporate both +oauth_authorization_server and openid_credential_issuer within its metadata types. +Other implementations may divide the Credential Issuer from the Authorization Server, when this happens the Credential Issuer metadata MUST contain the authorization_servers parameters, including the Authorization Server unique identifier. +Furthermore, should there be a necessity for User Authentication by the Credential Issuer, +it could be necessary to include the relevant metadata type, either openid_relying_party +or wallet_relying_party.

+
+
+
+
+

Metadata of federation_entity Leaves

+

The federation_entity metadata for Leaves MUST contain the following claims.

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

organization_name

See OID-FED Draft 36 Section 5.2.2

homepage_uri

See OID-FED Draft 36 Section 5.2.2

policy_uri

See OID-FED Draft 36 Section 5.2.2

logo_uri

URL of the entity's logo; it MUST be in SVG format. See OID-FED Draft 36 Section 5.2.2

contacts

Institutional certified email address (PEC) of the entity. See OID-FED Draft 36 Section 5.2.2

federation_resolve_endpoint

See OID-FED Draft 36 Section 5.1.1

+
+
+

Entity Statements

+

Trust Anchors and Intermediates publish Entity Statements related to their immediate Subordinates. +The Entity Statement MAY contain a metadata policy and the Trust Marks related to a Subordinate.

+

The metadata policy, when applied, makes one or more changes to the final metadata of the Leaf. The final metadata of a Leaf is derived from the Trust Chain that contains all the statements, starting from the Entity Configuration up to the Entity Statement issued by the Trust Anchor.

+

Trust Anchors and Intermediates MUST expose the Federation Fetch endpoint, where the Entity Statements are requested to validate the Leaf's Entity Configuration signature.

+
+

Note

+

The Federation Fetch endpoint MAY also publish X.509 certificates for each of the public keys of the Subordinate. Making the distribution of the issued X.509 certificates via a RESTful service.

+
+

Below there is a non-normative example of an Entity Statement issued by an Registration Body (such as the Trust Anchor or its Intermediate) in relation to one of its Subordinates.

+
{
+    "alg": "ES256",
+    "kid": "em3cmnZgHIYFsQ090N6B3Op7LAAqj8rghMhxGmJstqg",
+    "typ": "entity-statement+jwt"
+}
+.
+{
+    "exp": 1649623546,
+    "iat": 1649450746,
+    "iss": "https://intermediate.eidas.example.org",
+    "sub": "https://rp.example.it",
+    "jwks": {
+        "keys": [
+            {
+                "kty": "EC",
+                "kid": "2HnoFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
+                "crv": "P-256",
+                "x": "1kNR9Ar3MzMokYTY8BRvRIue85NIXrYX4XD3K4JW7vI",
+                "y": "slT14644zbYXYF-xmw7aPdlbMuw3T1URwI4nafMtKrY",
+                "x5c": [ <X.509 certificate> ]
+            }
+        ]
+    },
+    "metadata_policy": {
+        "wallet_relying_party": {
+            "scope": {
+                "subset_of": [
+                     "eu.europa.ec.eudiw.pid.1",
+                     "given_name",
+                     "family_name",
+                     "email"
+                  ]
+            },
+            "vp_formats": {
+                "vc+sd-jwt": {
+                    "sd-jwt_alg_values": [
+                        "ES256",
+                        "ES384"
+                    ],
+                    "kb-jwt_alg_values": [
+                        "ES256",
+                        "ES384"
+                    ]
+                }
+            }
+        }
+     }
+}
+
+
+
+

Note

+

Entity Statement Signature

+

The same considerations and requirements made for the Entity Configuration +and in relation to the signature mechanisms MUST be applied for the Entity Statements.

+
+
+

Entity Statement

+

The Entity Statement issued by Trust Anchors and Intermediates contains the following attributes:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Required

iss

See OID-FED Section 3.1 for further details.

check-icon

sub

See OID-FED Section 3.1 for further details.

check-icon

iat

See OID-FED Section 3.1 for further details.

check-icon

exp

See OID-FED Section 3.1 for further details.

check-icon

jwks

Federation JWKS of the sub entity. See OID-FED Section 3.1 for further details.

check-icon

metadata_policy

JSON Object that describes the Metadata policy. Each key of the JSON Object represents an identifier of the metadata type and each value MUST be a JSON Object that represents the metadata policy according to that metadata type. Please refer to the OID-FED specifications, Section-5.1, for the implementation details.

uncheck-icon

trust_marks

JSON Array containing the Trust Marks issued by itself for the subordinate subject.

uncheck-icon

constraints

It MAY contain the allowed_leaf_entity_types, that restricts what types of metadata the subject is allowed to publish.

check-icon

+
+
+
+

Trust Evaluation Mechanism

+

The Trust Anchor publishes the list of its Subordinates (Federation Subordinate Listing endpoint) and the attestations of their metadata and public keys (Entity Statements).

+

Each participant, including Trust Anchor, Intermediate, Credential Issuer, Wallet Provider, and Relying Party, publishes its own metadata and public keys (Entity Configuration endpoint) in the well-known web resource .well-known/openid-federation.

+

Each of these can be verified using the Entity Statement issued by a superior, such as the Trust Anchor or an Intermediate.

+

Each Entity Statement is verifiable over time and MUST have an expiration date. The revocation of each statement is verifiable in real time and online (only for remote flows) through the federation endpoints.

+
+

Note

+

The revocation of an Entity is made with the unavailability of the Entity Statement related to it. If the Trust Anchor or its Intermediate doesn't publish a valid Entity Statement, or if it publishes an expired/invalid Entity Statement, the subject of the Entity Statement MUST be intended as not valid or revoked.

+
+

The concatenation of the statements, through the combination of these signing mechanisms and the binding of claims and public keys, forms the Trust Chain.

+

The Trust Chains can also be verified offline, using one of the Trust Anchor's public keys.

+
+

Note

+

Since the Wallet Instance is not a Federation Entity, the Trust Evaluation Mechanism related to it requires the presentation of the Wallet Attestation during the credential issuance and presentation phases.

+

The Wallet Attestation conveys all the required information pertaining to the instance, such as its public key and any other technical or administrative information, without any User's personal data.

+
+
+

Relying Party Trust Evaluation

+

The Relying Party is registered by a Trust Anchor or its Intermediate and obtains a Trust Mark to be included in its Entity Configuration. In its Entity Configuration the Relying Party publishes its specific metadata, including the supported signature and encryption algorithms and any other necessary information for the interoperability requirements.

+

Any requests for User attributes, such as PID or (Q)EAA, from the Relying Party to Wallet Instances are signed and SHOULD contain the verifiable Trust Chain regarding the Relying Party.

+

The Wallet Instance verifies that the Trust Chain related to the Relying Party is still active, proving that the Relying Party is still part of the Federation and not revoked.

+

The Trust Chain SHOULD be contained within the signed request in the form of a JWS header parameter.

+

In offline flows, Trust Chain verification enables the assessment of the reliability of Trust Marks and Attestations contained within.

+
+
+

Wallet Attestation

+

The Wallet Provider issues the Wallet Attestation, certifying the operational status of its Wallet Instances and including one of their public keys.

+

The Wallet Attestation contains the Trust Chain that attests the reliability for its issuer (Wallet Provider) at the time of issuance.

+

The Wallet Instance provides its Wallet Attestation within the signed request during the PID issuance phase, containing the Trust Chain related to the Wallet Provider.

+
+
+

Trust Chain

+

The Trust Chain is a sequence of verified statements that validates a participant's compliance with the Federation. It has an expiration date time, beyond which it MUST be renewed to obtain the fresh and updated metadata. The expiration date of the Trust Chain is determined by the earliest expiration timestamp among all the expiration timestamp contained in the statements. No Entity can force the expiration date of the Trust Chain to be higher than the one configured by the Trust Anchor.

+

Below is an abstract representation of a Trust Chain.

+
[
+    "EntityConfiguration-as-SignedJWT-selfissued-byLeaf",
+    "EntityStatement-as-SignedJWT-issued-byTrustAnchor"
+]
+
+
+

Below is a non-normative example of a Trust Chain in its original format (JSON Array containing JWS as strings) with an Intermediate involved.

+
[
+  "eyJhbGciOiJFUzI1NiIsImtpZCI6Ik5GTTFXVVZpVWxZelVXcExhbWxmY0VwUFJWWTJWWFpJUmpCblFYWm1SSGhLWVVWWVVsZFRRbkEyTkEiLCJ0eXAiOiJhcHBsaWNhdGlvbi9lbnRpdHktc3RhdGVtZW50K2p3dCJ9.eyJleHAiOjE2NDk1OTA2MDIsImlhdCI6MTY0OTQxNzg2MiwiaXNzIjoiaHR0cHM6Ly9ycC5leGFtcGxlLm9yZyIsInN1YiI6Imh0dHBzOi8vcnAuZXhhbXBsZS5vcmciLCJqd2tzIjp7ImtleXMiOlt7Imt0eSI6IkVDIiwia2lkIjoiTkZNMVdVVmlVbFl6VVdwTGFtbGZjRXBQUlZZMlZYWklSakJuUVhabVJIaEtZVVZZVWxkVFFuQTJOQSIsImNydiI6IlAtMjU2IiwieCI6InVzbEMzd2QtcFgzd3o0YlJZbnd5M2x6cGJHWkZoTjk2aEwyQUhBM01RNlkiLCJ5IjoiVkxDQlhGV2xkTlNOSXo4a0gyOXZMUjROMThCa3dHT1gyNnpRb3J1UTFNNCJ9XX0sIm1ldGFkYXRhIjp7Im9wZW5pZF9yZWx5aW5nX3BhcnR5Ijp7ImFwcGxpY2F0aW9uX3R5cGUiOiJ3ZWIiLCJjbGllbnRfaWQiOiJodHRwczovL3JwLmV4YW1wbGUub3JnLyIsImNsaWVudF9yZWdpc3RyYXRpb25fdHlwZXMiOlsiYXV0b21hdGljIl0sImp3a3MiOnsia2V5cyI6W3sia3R5IjoiRUMiLCJraWQiOiJORk0xV1VWaVVsWXpVV3BMYW1sZmNFcFBSVlkyVlhaSVJqQm5RWFptUkhoS1lVVllVbGRUUW5BMk5BIiwiY3J2IjoiUC0yNTYiLCJ4IjoidXNsQzN3ZC1wWDN3ejRiUllud3kzbHpwYkdaRmhOOTZoTDJBSEEzTVE2WSIsInkiOiJWTENCWEZXbGROU05JejhrSDI5dkxSNE4xOEJrd0dPWDI2elFvcnVRMU00In1dfSwiY2xpZW50X25hbWUiOiJOYW1lIG9mIGFuIGV4YW1wbGUgb3JnYW5pemF0aW9uIiwiY29udGFjdHMiOlsib3BzQHJwLmV4YW1wbGUuaXQiXSwiZ3JhbnRfdHlwZXMiOlsicmVmcmVzaF90b2tlbiIsImF1dGhvcml6YXRpb25fY29kZSJdLCJyZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vcnAuZXhhbXBsZS5vcmcvb2lkYy9ycC9jYWxsYmFjay8iXSwicmVzcG9uc2VfdHlwZXMiOlsiY29kZSJdLCJzY29wZSI6ImV1LmV1cm9wYS5lYy5ldWRpdy5waWQuMSBldS5ldXJvcGEuZWMuZXVkaXcucGlkLml0LjEgZW1haWwiLCJzdWJqZWN0X3R5cGUiOiJwYWlyd2lzZSJ9LCJmZWRlcmF0aW9uX2VudGl0eSI6eyJmZWRlcmF0aW9uX3Jlc29sdmVfZW5kcG9pbnQiOiJodHRwczovL3JwLmV4YW1wbGUub3JnL3Jlc29sdmUvIiwib3JnYW5pemF0aW9uX25hbWUiOiJFeGFtcGxlIFJQIiwiaG9tZXBhZ2VfdXJpIjoiaHR0cHM6Ly9ycC5leGFtcGxlLml0IiwicG9saWN5X3VyaSI6Imh0dHBzOi8vcnAuZXhhbXBsZS5pdC9wb2xpY3kiLCJsb2dvX3VyaSI6Imh0dHBzOi8vcnAuZXhhbXBsZS5pdC9zdGF0aWMvbG9nby5zdmciLCJjb250YWN0cyI6WyJ0ZWNoQGV4YW1wbGUuaXQiXX19LCJ0cnVzdF9tYXJrcyI6W3siaWQiOiJodHRwczovL3JlZ2lzdHJ5LmVpZGFzLnRydXN0LWFuY2hvci5leGFtcGxlLmV1L29wZW5pZF9yZWx5aW5nX3BhcnR5L3B1YmxpYy8iLCJ0cnVzdF9tYXJrIjoiZXlKaCBcdTIwMjYifV0sImF1dGhvcml0eV9oaW50cyI6WyJodHRwczovL2ludGVybWVkaWF0ZS5laWRhcy5leGFtcGxlLm9yZyJdfQ.Un315HdckvhYA-iRregZAmL7pnfjQH2APz82blQO5S0sl1JR0TEFp5E1T913g8GnuwgGtMQUqHPZwV6BvTLA8g",
+  "eyJhbGciOiJFUzI1NiIsImtpZCI6IlNURkRXV2hKY0dWWFgzQjNSVmRaYWtsQ0xUTnVNa000WTNGNlFUTk9kRXRyZFhGWVlYWjJjWGN0UVEiLCJ0eXAiOiJhcHBsaWNhdGlvbi9lbnRpdHktc3RhdGVtZW50K2p3dCJ9.eyJleHAiOjE2NDk2MjM1NDYsImlhdCI6MTY0OTQ1MDc0NiwiaXNzIjoiaHR0cHM6Ly9pbnRlcm1lZGlhdGUuZWlkYXMuZXhhbXBsZS5vcmciLCJzdWIiOiJodHRwczovL3JwLmV4YW1wbGUub3JnIiwiandrcyI6eyJrZXlzIjpbeyJrdHkiOiJFQyIsImtpZCI6Ik5GTTFXVVZpVWxZelVXcExhbWxmY0VwUFJWWTJWWFpJUmpCblFYWm1SSGhLWVVWWVVsZFRRbkEyTkEiLCJjcnYiOiJQLTI1NiIsIngiOiJ1c2xDM3dkLXBYM3d6NGJSWW53eTNsenBiR1pGaE45NmhMMkFIQTNNUTZZIiwieSI6IlZMQ0JYRldsZE5TTkl6OGtIMjl2TFI0TjE4Qmt3R09YMjZ6UW9ydVExTTQifV19LCJtZXRhZGF0YV9wb2xpY3kiOnsib3BlbmlkX3JlbHlpbmdfcGFydHkiOnsic2NvcGUiOnsic3Vic2V0X29mIjpbImV1LmV1cm9wYS5lYy5ldWRpdy5waWQuMSwgIGV1LmV1cm9wYS5lYy5ldWRpdy5waWQuaXQuMSJdfSwicmVxdWVzdF9hdXRoZW50aWNhdGlvbl9tZXRob2RzX3N1cHBvcnRlZCI6eyJvbmVfb2YiOlsicmVxdWVzdF9vYmplY3QiXX0sInJlcXVlc3RfYXV0aGVudGljYXRpb25fc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBvcnRlZCI6eyJzdWJzZXRfb2YiOlsiUlMyNTYiLCJSUzUxMiIsIkVTMjU2IiwiRVM1MTIiLCJQUzI1NiIsIlBTNTEyIl19fX0sInRydXN0X21hcmtzIjpbeyJpZCI6Imh0dHBzOi8vdHJ1c3QtYW5jaG9yLmV4YW1wbGUuZXUvb3BlbmlkX3JlbHlpbmdfcGFydHkvcHVibGljLyIsInRydXN0X21hcmsiOiJleUpoYiBcdTIwMjYifV19._qt5-T6DahP3TuWa_27klE8I9Z_sPK2FtQlKY6pGMPchbSI2aHXY3aAXDUrObPo4CHtqgg3J2XcrghDFUCFGEQ",
+  "eyJhbGciOiJFUzI1NiIsImtpZCI6ImVXa3pUbWt0WW5kblZHMWxhMjU1ZDJkQ2RVZERSazQwUWt0WVlVMWFhRFZYT1RobFpHdFdXSGQ1WnciLCJ0eXAiOiJhcHBsaWNhdGlvbi9lbnRpdHktc3RhdGVtZW50K2p3dCJ9.eyJleHAiOjE2NDk2MjM1NDYsImlhdCI6MTY0OTQ1MDc0NiwiaXNzIjoiaHR0cHM6Ly90cnVzdC1hbmNob3IuZXhhbXBsZS5ldSIsInN1YiI6Imh0dHBzOi8vaW50ZXJtZWRpYXRlLmVpZGFzLmV4YW1wbGUub3JnIiwiandrcyI6eyJrZXlzIjpbeyJrdHkiOiJFQyIsImtpZCI6IlNURkRXV2hKY0dWWFgzQjNSVmRaYWtsQ0xUTnVNa000WTNGNlFUTk9kRXRyZFhGWVlYWjJjWGN0UVEiLCJjcnYiOiJQLTI1NiIsIngiOiJyQl9BOGdCUnh5NjhVTkxZRkZLR0ZMR2VmWU5XYmgtSzh1OS1GYlQyZkZJIiwieSI6IlNuWVk2Y3NjZnkxcjBISFhLTGJuVFZsamFndzhOZzNRUEs2WFVoc2UzdkUifV19LCJ0cnVzdF9tYXJrcyI6W3siaWQiOiJodHRwczovL3RydXN0LWFuY2hvci5leGFtcGxlLmV1L2ZlZGVyYXRpb25fZW50aXR5L3RoYXQtcHJvZmlsZSIsInRydXN0X21hcmsiOiJleUpoYiBcdTIwMjYifV19.r3uoi-U0tx0gDFlnDdITbcwZNUpy7M2tnh08jlD-Ej9vMzWMCXOCCuwIn0ZT0jS4M_sHneiG6tLxRqj-htI70g"
+]
+
+
+
+

Note

+

The entire Trust Chain is verifiable by only possessing the Trust Anchor's public keys.

+
+
+
+

Offline Trust Attestation Mechanisms

+

The offline flows do not allow for real-time evaluation of an Entity's status, such as its revocation. At the same time, using short-lived Trust Chains enables the attainment of trust attestations compatible with the required revocation administrative protocols (e.g., a revocation must be propagated in less than 24 hours, thus the Trust Chain must not be valid for more than that period).

+
+

Offline Wallet Trust Attestation

+

Given that the Wallet Instance cannot publish its metadata online at the .well-known/openid-federation endpoint, +it MUST obtain a Wallet Attestation issued by its Wallet Provider. The Wallet Attestation MUST contain all the relevant information regarding the security capabilities of the Wallet Instance and its protocol related configuration. It SHOULD contain the Trust Chain related to its issuer (Wallet Provider).

+
+
+

Offline Relying Party Metadata

+

Since the Federation Entity Discovery is only applicable in online scenarios, it is possible to include the Trust Chain in the presentation requests that the Relying Party may issue for a Wallet Instance.

+

The Relying Party MUST sign the presentation request, the request SHOULD include the trust_chain claim in its JWS header parameters, containing the Federation Trust Chain related to itself.

+

The Wallet Instance that verifies the request issued by the Relying Party MUST use the Trust Anchor's public keys to validate the entire Trust Chain related to the Relying Party before attesting its reliability.

+

Furthermore, the Wallet Instance applies the metadata policy, if any.

+
+
+
+
+

Trust Chain Fast Renewal

+

The Trust Chain fast renewal method offers a streamlined way to maintain the validity of a trust chain without undergoing the full discovery +process again. It's particularly useful for quickly updating trust relationships when minor changes occur or when the +Trust Chain is close to expiration but the overall structure of the federation hasn't changed significantly.

+

The Trust Chain fast renewal process is initiated by fetching the leaf's Entity Configuration anew. However, unlike the federation discovery process that may involve fetching Entity Configurations starting from the authority hints, the fast renewal focuses on directly obtaining the Subordinate Statements. These statements are requested using the source_endpoint provided within them, which points to the location where the statements can be fetched.

+
+
+

Non-repudiability of the Long Lived Attestations

+

The Trust Anchor and its Intermediate MUST expose the Federation Historical Keys endpoint, where are published all the public part of the Federation Entity Keys that are no longer used, whether expired or revoked.

+

The details of this endpoint are defined in the OID-FED Section 7.6.

+

Each JWS containing a Trust Chain in the form of a JWS header parameter can be verified over time, since the entire Trust Chain is verifiable using the Trust Anchor's public key.

+

Even if the Trust Anchor has changed its cryptographic keys for digital signature, the Federation Historical Keys endpoint always makes the keys no longer used available for historical signature verifications.

+
+
+

Privacy Remarks

+
    +
  • Wallet Instances MUST NOT publish their metadata through an online service.

  • +
  • The trust infrastructure MUST be public, with all endpoints publicly accessible without any client credentials that may disclose who is requesting access.

  • +
  • When a Wallet Instance requests the Entity Statements to build the Trust Chain for a specific Relying Party or validates a Trust Mark online, issued for a specific Relying Party, the Trust Anchor or its Intermediate do not know that a particular Wallet Instance is inquiring about a specific Relying Party; instead, they only serve the statements related to that Relying Party as a public resource.

  • +
  • The Wallet Instance metadata MUST not contain information that may disclose technical information about the hardware used.

  • +
  • Leaf entity, Intermediate, and Trust Anchor metadata may include the necessary amount of data as part of administrative, technical, and security contact information. It is generally not recommended to use personal contact details in such cases. From a legal perspective, the publication of such information is needed for operational support concerning technical and security matters and the GDPR regulation.

  • +
+
+
+

Considerations about Decentralization

+
    +
  • There may be more than a single Trust Anchor.

  • +
  • In some cases, a trust verifier may trust an Intermediate, especially when the Intermediate acts as a Trust Anchor within a specific perimeter, such as cases where the Leafs are both in the same perimeter like a Member State jurisdiction (eg: an Italian Relying Party with an Italian Wallet Instance may consider the Italian Intermediate as a Trust Anchor for the scopes of their interactions).

  • +
  • Trust attestations (Trust Chain) should be included in the JWS issued by Credential Issuers, and the Presentation Requests of RPs should contain the Trust Chain related to them (issuers of the presentation requests).

  • +
  • Since the credential presentation must be signed, storing the signed presentation requests and responses, which include the Trust Chain, the Wallet Instance may have the snapshot of the federation configuration (Trust Anchor Entity Configuration in the Trust Chain) and the verifiable reliability of the Relying Party it has interacted with.

  • +
  • Each signed attestation is long-lived since it can be cryptographically validated even when the federation configuration changes or the keys of its issuers are renewed.

  • +
  • Each participant should be able to update its Entity Configuration without notifying the changes to any third party. The metadata policy contained within a Trust Chain must be applied to overload any information related to protocol specific metadata.

  • +
+
+
+ + +
+
+
+
+ + + + + + +
+
+ + + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/wallet-attestation.html b/ia-terms-updates/en/wallet-attestation.html new file mode 100644 index 000000000..a87c08eaf --- /dev/null +++ b/ia-terms-updates/en/wallet-attestation.html @@ -0,0 +1,881 @@ + + + + + + + + Wallet Attestation — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

Wallet Attestation

+

Wallet Attestation contains information regarding the security level of the device hosting the Wallet Instance. It primarily certifies the authenticity, integrity, security, privacy, and trustworthiness of a particular Wallet Instance. The Wallet Attestation MUST contain a Wallet Instance public key.

+
+

Requirements

+

The requirements for the Wallet Attestation are defined below:

+
    +
  • The Wallet Attestation MUST use the signed JSON Web Token (JWT) format;

  • +
  • The Wallet Attestation MUST provide all the relevant information to attest to the integrity and security of the device where the Wallet Instance is installed.

  • +
  • The Wallet Attestation MUST be signed by the Wallet Provider that has authority over and is the owner of the Wallet Solution, as specified by the overseeing registration authority. This ensures that the Wallet Attestation uniquely links the Wallet Provider to this particular Wallet Instance.

  • +
  • The Wallet Provider MUST ensure the integrity, authenticity, and genuineness of the Wallet Instance, preventing any attempts at manipulation or falsification by unauthorized third parties. The Wallet Provider MUST also verify the Wallet Instance using the App Store vendor's API, such as the Play Integrity API for Android and DeviceCheck for iOS. These services are defined in this specification as Device Integrity Service (DIS).

  • +
  • The Wallet Attestation MUST have a mechanism in place for revoking the Wallet Instance, allowing the Wallet Provider to terminate service for a specific instance at any time.

  • +
  • The Wallet Attestation MUST be securely bound to the Wallet Instance's ephemeral public key.

  • +
  • The Wallet Attestation MAY be used multiple times during its validity period, allowing for repeated authentication and authorization without the need to request new attestations with each interaction.

  • +
  • The Wallet Attestation MUST be short-lived and MUST have an expiration date/time, after which it SHOULD no longer be considered valid.

  • +
  • The Wallet Attestation MUST NOT be issued by the Wallet Provider if the authenticity, integrity, and genuineness are not guaranteed. In this case, the Wallet Instance MUST be revoked.

  • +
  • Each Wallet Instance SHOULD be able to request multiple attestations with different ephemeral public keys associated with them. This requirement provides a privacy-preserving measure, as the public key MAY be used as a tracking tool during the presentation phase (see also the point listed below).

  • +
  • The Wallet Attestation MUST NOT contain any information that can be used to directly identify the User.

  • +
  • The Wallet Instance MUST secure a Wallet Attestation as a prerequisite for transitioning to the Operational state, as defined by ARF.

  • +
  • Private keys MUST be generated and stored in the WSCD using at least one of the approaches listed below:

    +
      +
    • Local Internal WSCD: The WSCD relies entirely on the device's native cryptographic hardware, such as the Secure Enclave on iOS devices or the Hardware-Backed Keystore or Strongbox on Android devices.

    • +
    • Local External WSCD: The WSCD is hardware external to the User's device, such as a smart card compliant with GlobalPlatform and supporting JavaCard.

    • +
    • Remote WSCD: The WSCD utilizes a remote Hardware Security Module (HSM).

    • +
    • Local Hybrid WSCD: The WSCD involves a pluggable internal hardware component within the User's device, such as an eUICC that adheres to GlobalPlatform standards and supports JavaCard.

    • +
    • Remote Hybrid WSCD: The WSCD involves a local component mixed with a remote service.

    • +
    +
  • +
  • The Wallet Provider MUST offer a set of services, exclusively available to its Wallet Solution instances, for the verification and issuance of Wallet Attestations.

  • +
+
+

Warning

+

At the current stage, the implementation profile defined in this document supports only the Local Internal WSCD. Future versions of this specification MAY include other approaches depending on the required AAL.

+
+
+
+

Static Component View

+
+The image illustrates the containment of Wallet Provider and Wallet Instances within the Wallet Solution, managed by the Wallet Provider. +
+
+
+

Dynamic Component View

+

The Wallet Attestation acquisition flow can be divided into two main phases. The first phase involves device initialization and registration, which occurs only during the initial launch of the Wallet Instance (after installation). The second phase pertains to the actual acquisition of the Wallet Attestation.

+
+

Wallet Instance Initialization and Registration

+
+The figure illustrates the sequence diagram for initializing a Wallet Instance, with the steps explained below. +
+

Step 1: The User starts the Wallet Instance mobile app for the first time.

+

Step 2: The Wallet Instance:

+
+
    +
  • Checks if the Device Integrity Service is available.

  • +
  • Checks whether the device meets the minimum security requirements.

  • +
+
+
+

Note

+

Federation Check: The Wallet Instance needs to check if the Wallet Provider is part of the Federation, obtaining its protocol-specific Metadata. A non-normative example of a response from the endpoint .well-known/openid-federation with the Entity Configuration and the Metadata of the Wallet Provider is represented within the section Wallet Provider metadata.

+
+

Steps 3-5: The Wallet Instance sends a request to the Wallet Provider Backend and receives a one-time challenge. This "challenge" is a nonce, which must be unpredictable to serve as the main defense against replay attacks. The backend must generate the nonce value in a manner that ensures it is single-use and valid only within a specific time frame. This endpoint is compliant with the specification OAuth 2.0 Nonce Endpoint.

+
GET /nonce HTTP/1.1
+Host: walletprovider.example.com
+
+
+
HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "nonce": "d2JhY2NhbG91cmVqdWFuZGFt"
+}
+
+
+

Step 6: The Wallet Instance, through the operating system, creates a pair of Cryptographic Hardware Keys and stores the corresponding Cryptographic Hardware Key Tag in local storage once the following requirements are met:

+
+
    +
  1. It MUST ensure that Cryptographic Hardware Keys do not already exist. If they do exist and the Wallet is in the initialization phase, they MUST be deleted.

  2. +
  3. It MUST generate a pair of asymmetric Elliptic Curve keys (Cryptographic Hardware Keys) via a local WSCD.

  4. +
  5. It SHOULD obtain a unique identifier (Cryptographic Hardware Key Tag) for the generated Cryptographic Hardware Keys from the operating system. If the operating system permits specifying a tag during the creation of keys, then a random string for the Cryptographic Hardware Key Tag MUST be selected. This random value MUST be collision-resistant and unpredictable to ensure security. To achieve this, consider using a cryptographic hash function or a secure random number generator provided by the operating system or a reputable cryptographic library.

  6. +
  7. If the previous points are satisfied, it MUST store the Cryptographic Hardware Key Tag in local storage.

  8. +
+
+
+

Note

+

WSCD: The Wallet Instance MAY use a local WSCD for key generation on devices that support this feature. On Android devices, Strongbox is RECOMMENDED; Trusted Execution Environment (TEE) MAY be used only when Strongbox is unavailable. For iOS devices, Secure Elements (SE) MUST be used. Given that each OEM offers a distinct SDK for accessing the local WSCD, the discussion hereafter will address this topic in a general context.

+
+

Step 7: The Wallet Instance uses the Device Integrity Service, providing the "challenge" and the Cryptographic Hardware Key Tag to acquire the Key Attestation.

+
+

Note

+

Device Integrity Service: In this section, the Device Integrity Service is considered as it is provided by device manufacturers. This service allows the verification of a key being securely stored within the device's hardware through a signed object. Additionally, it offers verifiable proof that a specific Wallet Instance is authentic, unaltered, and in its original state using a specialized signed document made for this purpose.

+

The service also incorporates details in the signed object, such as the device type, model, app version, operating system version, bootloader status, and other relevant information to assess whether the device has been compromised. For Android, the DIS is represented by Key Attestation, a feature supported by StrongBox Keymaster, which is a physical HSM installed directly on the motherboard, and the TEE (Trusted Execution Environment), a secure area of the main processor. Key Attestation aims to provide a way to strongly determine if a key pair is hardware-backed, what the properties of the key are, and what constraints are applied to its usage. Developers can leverage its functionality through the Play Integrity API. For Apple devices, the DIS is represented by DeviceCheck, which provides a framework and server interface to manage device-specific data securely. DeviceCheck is used in combination with the Secure Enclave, a dedicated HSM integrated into Apple's SoCs. DeviceCheck can be used to attest to the integrity of the device, apps, and/or encryption keys generated on the device, ensuring they were created in a secure environment like Secure Enclave. Developers can leverage DeviceCheck functionality by using the framework itself. +These services, specifically developed by the manufacturer, are integrated within the Android or iOS SDKs, eliminating the need for a predefined endpoint to access them. Additionally, as they are specifically developed for mobile architecture, they do not need to be registered as Federation Entities through national registration systems. +Secure Enclave has been available on Apple devices since the iPhone 5s (2013). +For Android devices, the inclusion of Strongbox Keymaster may vary by manufacturer, who decides whether to include it or not.

+
+

Step 8: The Device Integrity Service performs the following actions:

+
    +
  • Creates a Key Attestation that is linked with the provided "challenge" and the public key of the Wallet Hardware.

  • +
  • Incorporates information pertaining to the device's security.

  • +
  • Uses an OEM private key to sign the Key Attestation, therefore verifieable with the related OEM certificate, confirming that the Cryptographic Hardware Keys are securely managed by the operating system.

  • +
+

Step 9: The Wallet Instance sends the challenge with Key Attestation and Cryptographic Hardware Key Tag to the Wallet Provider Backend in order to register the Wallet Instance identified with the Cryptographic Hardware Key public key.

+

In order to register the Wallet Instance, the request to the Wallet Provider MUST use the HTTP POST method. The parameters MUST be encoded using the application/json format and included in the message body. The following parameters MUST be provided:

+ + +++++ + + + + + + + + + + + + + + + + + + + + +
Table 2 Wallet Instance registration http request parameters

Claim

Description

Reference

challenge

MUST be set to the challenge obtained from the Wallet Provider throught the nonce endpoint.

OAuth 2.0 Nonce Endpoint

key_attestation

It MUST be a base64url encoded Key Attestation obtained from the Device Integrity Service.

hardware_key_tag

It MUST be set with the unique identifier of the Cryptographic Hardware Keys and encoded in base64url.

+

Below is a non-normative example of the request.

+
POST /wallet-instance HTTP/1.1
+Host: walletprovider.example.com
+Content-Type: application/json
+
+{
+  "challenge": "0fe3cbe0-646d-44b5-8808-917dd5391bd9",
+  "key_attestation": "o2NmbXRvYXBwbGUtYXBw... redacted",
+  "hardware_key_tag": "WQhyDymFKsP95iFqpzdEDWW4l7aVna2Fn4JCeWHYtbU="
+}
+
+
+
+

Note

+

It is not necessary to send the Wallet Hardware public key because it is already included in the key_attestation. +As seen in the previous steps, the Device Integrity Service (DIS) creates a Key Attestation linked to the provided "challenge" and the public key of the Wallet Hardware. This process eliminates the need to send the Wallet Hardware public key directly, as it is already included in the key attestation. The hardware_key_tag serves as a reference or identifier for the corresponding Cryptographic Hardware key stored by the Wallet Provider. Therefore, the Wallet Provider can associate the received hardware_key_tag with the appropriate Cryptographic Hardware key in its storage.

+
+
+

Warning

+

During the registration phase of the Wallet Instance with the Wallet Provider it is also necessary to associate it with a specific user +uniquely identifiable by the Wallet Provider. This association is at the discretion of the Wallet PRovider and will not be addressed +within these guidelines as each Wallet Provider may or may not have a user identification system already implemented.

+
+

Steps 10-12: The Wallet Provider validates the challenge and key_attestation signature, therefore:

+
+
    +
  1. It MUST verify that the challenge was generated by Wallet Provider and has not already been used.

  2. +
  3. It MUST validate the key_attestation as defined by the device manufacturers' guidelines.

  4. +
  5. It MUST verify that the device in use has no security flaws and reflects the minimum security requirements defined by the Wallet Provider.

  6. +
  7. If these checks are passed, it MUST register the Wallet Instance, keeping the Cryptographic Hardware Key Tag and all useful information related to the device.

  8. +
  9. It SHOULD associate the Wallet Instance with a specific User uniquely identified within the Wallet Provider's systems. This will be useful for the lifecycle of the Wallet Instance and for a future revocation.

  10. +
+
+

Upon successful registration of the Wallet Instance, the Wallet Provider MUST respond with a status code set to 204 (No Content). +Below is a non-normative example of the response.

+
HTTP/1.1 204 No content
+
+
+

If any errors occur during the Wallet Instance registration, the Wallet Provider MUST return an error response. The response MUST use the content type set to application/json and MUST include the following parameters:

+
+
    +
  • error. The error code.

  • +
  • error_description. Text in human-readable form providing further details to clarify the nature of the error encountered.

  • +
+
+

Steps 13-14: The Wallet Instance has been initialized and becomes operational.

+
+

Note

+

Threat Model: while the registration endpoint does not necessitate any client authentication, it is safeguarded through the use of key_attestation. Proper validation of this attestation permits the registration of authentic and unaltered app instances. Any other claims submitted will not undergo validation, leading the endpoint to respond with an error. Additionally, the inclusion of a challenge helps prevent replay attacks. The authenticity of both the challenge and the hardware_key_tag is ensured by the signature found within the key_attestation.

+
+
+
+

Wallet Attestation Issuance

+

This section describes the Wallet Attestation format and how the Wallet Provider issues it.

+
+The figure illustrates the sequence diagram for issuing a Wallet Attestation, with the steps explained below. +
+

Step 1: The User initiates a new operation that necessitates the acquisition of a Wallet Attestation.

+

Steps 2-3: The Wallet Instance checks if a Cryptographic Hardware Key exists and generates an ephemeral asymmetric key pair. The Wallet Instance also:

+
+
    +
  1. MUST ensure that Cryptographic Hardware Keys exist. If they do not exist, it is necessary to reinitialize the Wallet.

  2. +
  3. MUST generates an ephemeral asymmetric key pair whose public key will be linked with the Wallet Attestation.

  4. +
  5. MUST check if Wallet Provider is part of the federation and obtain its metadata.

  6. +
+
+

Steps 4-6: The Wallet Instance solicits a one-time "challenge" from the Wallet Provider Backend. This "challenge" takes the form of a "nonce," which is required to be unpredictable and serves as the main defense against replay attacks. The backend MUST produce the "nonce" in a manner that ensures its single-use within a predetermined time frame.

+
GET /nonce HTTP/1.1
+Host: walletprovider.example.com
+
+
+
HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "nonce": "d2JhY2NhbG91cmVqdWFuZGFt"
+}
+
+
+

Step 7: The Wallet Instance performs the following actions:

+
+
    +
  • Creates a client_data, a JSON structure that includes the challenge and the thumbprint of ephemeral public jwk.

  • +
  • Computes a client_data_hash by applying the SHA256 algorithm to the client_data.

  • +
+
+

Below a non-normative example of the client_data.

+
{
+  "challenge": "0fe3cbe0-646d-44b5-8808-917dd5391bd9",
+  "jwk_thumbprint": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c"
+}
+
+
+

Steps 8-10: The Wallet Instance takes the following steps:

+
+
    +
  • It produces an hardware_signature by signing the client_data_hash with the Wallet Hardware's private key, serving as a proof of possession for the Cryptographic Hardware Keys.

  • +
  • It requests the Device Integrity Service to create an integrity_assertion linked to the client_data_hash.

  • +
  • It receives a signed integrity_assertion from the Device Integrity Service, authenticated by the OEM.

  • +
+
+
+

Note

+

integrity_assertion is a custom payload generated by Device Integrity Service, signed by device OEM and encoded in base64 to have uniformity between different devices.

+
+

Steps 11-12: The Wallet Instance:

+
+
    +
  • Constructs the Wallet Attestation Request in the form of a JWT. This JWT includes the integrity_assertion, hardware_signature, challenge, hardware_key_tag, and cnf, and is signed using the private key of the initially generated ephemeral key pair.

  • +
  • Submits the Wallet Attestation Request to the token endpoint of the Wallet Provider Backend.

  • +
+
+

Below an non-normative example of the Wallet Attestation Request JWT without encoding and signature applied:

+
{
+  "alg": "ES256",
+  "kid": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c",
+  "typ": "war+jwt"
+}
+.
+{
+  "iss": "https://wallet-provider.example.org/instance/vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c",
+  "sub": "https://wallet-provider.example.org/",
+  "challenge": "6ec69324-60a8-4e5b-a697-a766d85790ea",
+  "hardware_signature": "KoZIhvcNAQcCoIAwgAIB...redacted",
+  "integrity_assertion": "o2NmbXRvYXBwbGUtYXBwYX...redacted",
+  "hardware_key_tag": "WQhyDymFKsP95iFqpzdEDWW4l7aVna2Fn4JCeWHYtbU=",
+  "cnf": {
+    "jwk": {
+      "crv": "P-256",
+      "kty": "EC",
+      "x": "4HNptI-xr2pjyRJKGMnz4WmdnQD_uJSq4R95Nj98b44",
+      "y": "LIZnSB39vFJhYgS3k7jXE4r3-CoGFQwZtPBIRqpNlrg"
+    }
+  },
+  "vp_formats_supported": {
+      "jwt_vc_json": {
+        "alg_values_supported": ["ES256K", "ES384"]
+      },
+      "jwt_vp_json": {
+        "alg_values_supported": ["ES256K", "EdDSA"]
+      },
+    },
+  },
+  "iat": 1686645115,
+  "exp": 1686652315
+}
+
+
+

The Wallet Instance MUST do an HTTP request to the Wallet Provider's token endpoint, +using the method POST.

+

The token endpoint (as defined in RFC 7523 section 4) requires the following parameters +encoded in application/x-www-form-urlencoded format:

+
    +
  • grant_type set to urn:ietf:params:oauth:grant-type:jwt-bearer;

  • +
  • assertion containing the signed JWT of the Wallet Attestation Request.

  • +
+
POST /token HTTP/1.1
+Host: wallet-provider.example.org
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer
+&assertion=eyJhbGciOiJFUzI1NiIsImtpZCI6ImtoakZWTE9nRjNHeG...
+
+
+

Steps 13-17: The Wallet Provider Backend assesses the Wallet Attestation Request and issues a Wallet Attestation, if the requirements described below are satisfied:

+
+
    +
  1. It MUST check the Wallet Attestation Request contains all the defined HTTP Request header parameters according to Table of the Wallet Attestation Request Header.

  2. +
  3. It MUST verify that the signature of the received Wallet Attestation Request is valid and associated with public jwk.

  4. +
  5. It MUST verify that the challenge was generated by Wallet Provider and has not already been used.

  6. +
  7. It MUST check that there is a Wallet Instance registered with that hardware_key_tag and that it is still valid.

  8. +
  9. It MUST reconstruct the client_data via the challenge and the jwk public key, to validate hardware_signature via the Cryptographic Hardware Key public key registered and associated with the Wallet Instance.

  10. +
  11. It MUST validate the integrity_assertion as defined by the device manufacturers' guidelines. The list of checks that the Wallet Provider MUST perform are defined by the operating system manufacturers documentation.

  12. +
  13. It MUST verify that the device in use has no security flaws and reflects the minimum security requirements defined by the Wallet Provider.

  14. +
  15. It MUST check that the URL in iss parameter is equal to the URL identifier of Wallet Provider.

  16. +
+
+

If all checks are passed, Wallet Provider issues a Wallet Attestation with an expiration limited to 24 hours.

+

Below an non-normative example of the Wallet Attestation without encoding and signature applied:

+
  {
+  "alg": "ES256",
+  "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY",
+  "trust_chain": [
+    "eyJhbGciOiJFUz...6S0A",
+    "eyJhbGciOiJFUz...jJLA",
+    "eyJhbGciOiJFUz...H9gw",
+  ],
+  "typ": "wallet-attestation+jwt",
+}
+.
+{
+  "iss": "https://wallet-provider.example.org",
+  "sub": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c",
+  "aal": "https://trust-list.eu/aal/high",
+  "cnf":
+  {
+    "jwk":
+    {
+      "crv": "P-256",
+      "kty": "EC",
+      "x": "4HNptI-xr2pjyRJKGMnz4WmdnQD_uJSq4R95Nj98b44",
+      "y": "LIZnSB39vFJhYgS3k7jXE4r3-CoGFQwZtPBIRqpNlrg"
+    }
+  },
+  "authorization_endpoint": "eudiw:",
+  "response_types_supported": [
+    "vp_token"
+  ],
+  "response_modes_supported": [
+    "form_post.jwt"
+  ],
+  "vp_formats_supported": {
+      "vc+sd-jwt": {
+          "sd-jwt_alg_values": [
+              "ES256",
+              "ES384"
+          ]
+      }
+  },
+  "request_object_signing_alg_values_supported": [
+    "ES256"
+  ],
+  "presentation_definition_uri_supported": false,
+  "iat": 1687281195,
+  "exp": 1687288395
+}
+
+
+

Step 18: The response is returned by the Wallet Provider. If successful, the HTTP response code MUST be set with the value 200 OK and contain the Wallet Attestation signed by the Wallet Provider. The Wallet Instance therefore performs security, integrity and trust verification about the Wallet Attestation and its issuer.

+

Below is a non-normative example of the response.

+
HTTP/1.1 200 OK
+Content-Type: application/jwt
+
+eyJhbGciOiJFUzI1NiIsInR5cCI6IndhbGx ...
+
+
+
+
+

Wallet Attestation Request

+

The JOSE header of the Wallet Attestation Request JWT MUST contain:

+ +++++ + + + + + + + + + + + + + + + + + + + + +

JOSE header

Description

Reference

alg

A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms listed in the Section Cryptographic Algorithms and MUST NOT be set to none or any symmetric algorithm (MAC) identifier.

RFC 7516#section-4.1.1.

kid

Unique identifier of the jwk used by the Wallet Provider to sign the Wallet Attestation, essential for matching the Wallet Provider's cryptographic public key needed for signature verification.

RFC 7638#section_3.

typ

It MUST be set to var+jwt

+

The body of the Wallet Attestation Request JWT MUST contain:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

iss

Identifier of the Wallet Provider concatenated with thumbprint of the JWK in the cnf parameter.

RFC 9126 and RFC 7519.

aud

It MUST be set to the identifier of the Wallet Provider.

RFC 9126 and RFC 7519.

exp

UNIX Timestamp with the expiry time of the JWT.

RFC 9126 and RFC 7519.

iat

REQUIRED. UNIX Timestamp with the time of JWT issuance.

RFC 9126 and RFC 7519.

challenge

Challenge data obtained from nonce endpoint

hardware_signature

The signature of client_data obtained using Cryptographic Hardware Key base64 encoded.

integrity_assertion

The integrity assertion obtained from the Device Integrity Service with the holder binding of client_data.

hardware_key_tag

Unique identifier of the Cryptographic Hardware Keys

cnf

JSON object, containing the public part of an asymmetric key pair owned by the Wallet Instance.

RFC 7800

vp_formats_supported

JSON object with name/value pairs, identifying a Credential format supported by the Wallet.

+
+
+

Wallet Attestation

+

The JOSE header of the Wallet Attestation JWT MUST contain:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + +

JOSE header

Description

Reference

alg

A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms listed in the Section Cryptographic Algorithms and MUST NOT be set to none or any symmetric algorithm (MAC) identifier.

RFC 7516#section-4.1.1.

kid

Unique identifier of the jwk inside the cnf claim of Wallet Instance as base64url-encoded JWK Thumbprint value.

RFC 7638#section_3.

typ

It MUST be set to wallet-attestation+jwt

OPENID4VC-HAIP

trust_chain

Sequence of Entity Statements that composes the Trust Chain related to the Relying Party.

OID-FED Section 3.2.1. Trust Chain Header Parameter.

+

The body of the Wallet Attestation JWT MUST contain:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

iss

Identifier of the Wallet Provider

RFC 9126 and RFC 7519.

sub

Identifier of the Wallet Instance which is the thumbprint of the Wallet Instance JWK contained in the cnf claim.

RFC 9126 and RFC 7519.

exp

UNIX Timestamp with the expiry time of the JWT.

RFC 9126 and RFC 7519.

iat

UNIX Timestamp with the time of JWT issuance.

RFC 9126 and RFC 7519.

cnf

JSON object, containing the public part of an asymmetric key pair owned by the Wallet Instance.

RFC 7800

aal

JSON String asserting the authentication level of the Wallet and the key as asserted in the cnf claim.

authorization_endpoint

URL of the Wallet Authorization Endpoint (Universal Link).

response_types_supported

JSON array containing a list of the OAuth 2.0 response_type values.

response_modes_supported

JSON array containing a list of the OAuth 2.0 "response_mode" values that this authorization server supports.

RFC 8414

vp_formats_supported

JSON object with name/value pairs, identifying a Credential format supported by the Wallet.

request_object_signing_alg_values_supported

JSON array containing a list of the JWS signing algorithms (alg values) supported.

presentation_definition_uri_supported

Boolean value specifying whether the Wallet Instance supports the transfer of presentation_definition by reference. MUST be set to false.

+
+
+
+

Wallet Instance Lifecycle

+

The ability of the Wallet Instance to obtain a Wallet Attestation is bound to its current state. +The Wallet Instance assesses its current state based on the Credentials stored locally and the Wallet Attestation issued by the Wallet Provider.

+

The lifecycle of a Wallet Instance encompasses all the potential states it can configure, along with the transitions from one state to another. This lifecycle is depicted in the diagram below:

+
+Illustration representing the Wallet Instance lifecycle, with the states explained below. +
+

A Wallet Instance SHOULD obtain a Wallet Attestation if it's in either Installed, Operational or Valid state; that implies that a Deactivated Wallet Instance cannot obtain a Wallet Attestation hence it cannot interact with other entities of the ecosystem, such as PID/(Q)EAA Providers and Relying Parties.

+
+

States

+ ++++ + + + + + + + + + + + + + + + + + + + +

State

Description

Installed

The User has installed the Wallet Solution on the device.

Operational

The Wallet Instance has been verified and the Wallet Hardware Key has been registered; no valid PID is present in the storage.

Valid

A valid PID is present in the storage.

Deactivated

The Wallet Instance has been revoked and its Wallet Hardware Key has been marked as not usable.

+
+
+

Transitions

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + +

Transition

Description

install

The User performs a fresh installation or restores the initial state of the Wallet Instance on the device.

verify

The Wallet Instance has been verified by the Wallet Provider and its Wallet Hardware Key has been registered.

validate

The Wallet Instance obtains a valid PID.

invalidate

The PID expires or gets revoked.

revoke

The Wallet Provider marks the Wallet Instance as not usable.

uninstall

The User removes the Wallet Instance from the device.

+
+
+

Revocations

+

As mentioned in the Wallet Instance initialization and registration section above, a Wallet Instance is bound to a Wallet Hardware Key and it's uniquely identified by it. +The Wallet Instance SHOULD send its public Wallet Hardware Key with the Wallet Provider, thus the Wallet Provider MUST identify a Wallet Instance by its Wallet Hardware Key.

+

When a Wallet Instance is not usable anymore, the Wallet Provider MUST revoke it. The revocation process is a unilateral action taken by the Wallet Provider, and it MUST be performed when the Wallet Instance is in the Operational or Valid state. +A Wallet Instance becomes unusable for several reasons, such as: the User requests the revocation, the Wallet Provider detects a security issue, or the Wallet Instance is no longer compliant with the Wallet Provider's security requirements.

+

The details of the revocation mechanism used by the Wallet Provider as well as the data model for maintaining the Wallet Instance references is delegated to the Wallet Provider's implementation.

+

According to ARF, Section 6.5.4 and more specifically in Topic 38 the Wallet Instance can be revoked by the following entities:

+
+
    +
  1. Its owner, the User

  2. +
  3. Wallet Provider

  4. +
  5. PID Provider

  6. +
+
+

During the Wallet Instance initialization and registration phase the Wallet Provider MAY associate the Wallet Instance with a specific User, subject to obtaining the User's consent. The Wallet Provider MUST evaluate the operating system and general technical capabilities of the device to check compliance with the technical and security requirements and to produce the Wallet Instance metadata. +When the User consents to being linked with the Wallet Instance, they gain the ability to directly request Wallet revocation from the Wallet Provider, and it also allows the Wallet Provider to revoke the Wallet Instance associated with that User.

+

Regarding the reasons for revoking a Wallet Instance, the following scenarios may occur:

+
    +
  • The smartphone is lost;

  • +
  • The smartphone has been compromised (e.g., a malicious actor gains control of the smartphone);

  • +
  • The smartphone has been reset to factory settings;

  • +
  • Any other scenarios where the User loses the control of the Wallet Instance.

  • +
+

If any of the previous scenarios occur, the Wallet Instance MUST be revoked. +To allow the User to revoke the Wallet Instance, the Wallet Provider (WP) MUST offer a remote service, such as a web page, where the User can authenticate and request the revocation of a previously activated Wallet Instance.

+
+
+
+ + +
+
+
+
+ + + + + + +
+
+
+ +
+ + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/en/wallet-solution.html b/ia-terms-updates/en/wallet-solution.html new file mode 100644 index 000000000..eb22da55d --- /dev/null +++ b/ia-terms-updates/en/wallet-solution.html @@ -0,0 +1,524 @@ + + + + + + + + Wallet Solution — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

Wallet Solution

+

The Wallet Solution is a comprehensive product offered by the Wallet Provider to cater to the needs of Users in managing their digital assets securely. It is issued by the Wallet Provider in the form of a mobile app and consists of services and web interfaces for the exchange of data between the Wallet Provider and its Wallet Instances to meet the requirements of the trust model and ensure full respect for the User's privacy, in accordance with national and EU legislation.

+

The mobile app serves as the primary interface for Users, allowing them to access and interact with their digital Credentials conveniently. These Credentials are a set of data that can uniquely identify a natural or legal person, along with other Qualified and non-qualified Electronic Attestations of Attributes, also known as QEAAs and EAAs respectively, or (Q)EAAs for short[1]. Once a User installs the mobile app on their device, such an installation is referred to as a Wallet Instance for the User.

+

By supporting the mobile app, the Wallet Provider plays a vital role in ensuring the security and reliability of the entire Wallet Solution, as it is responsible for issuing the Wallet Attestation, which is a cryptographic proof that allows the evaluation of the authenticity and integrity of the Wallet Instance.

+

The Wallet Provider MUST offer a RESTful set of services for issuing the Wallet Attestations.

+
+

Requirements

+

This section lists the essential requirements that must be met by the Wallet Solution to ensure its functionality, security, and compliance with relevant standards and regulations.

+
+
    +
  • Trustworthiness within the Wallet ecosystem: the Wallet Instance MUST establish trust and reliability within the Wallet ecosystem.

  • +
  • Compliance with Provider specifications for obtaining PID and (Q)EAA: the Wallet Instance MUST adhere to the specifications set by Providers for obtaining Personal Identification (PID) and (Q)EAAs.

  • +
  • Support for Android and iOS operating systems: the Wallet Instance MUST be compatible and functional on both Android and iOS operating systems and available on the Play Store and App Store, respectively.

  • +
  • Verification of device ownership by the User: the Wallet Instance MUST provide a mechanism to verify the User's actual possession and full control of their personal device.

  • +
+
+
+
+

Wallet Instance

+

The Wallet Instance serves as a unique and secure device for authenticating the User within the Wallet ecosystem. It establishes a strong and reliable mechanism for the User to engage in various digital transactions in a secure and privacy-preserving manner.

+

The Wallet Instance establishes trust within the Wallet ecosystem by consistently presenting a Wallet Attestation during interactions with other ecosystem actors such as PID Providers, (Q)EAA Providers, and Relying Parties. These verifiable attestations, provided by the Wallet Provider, serve to authenticate the Wallet Instance itself, ensuring its reliability when engaging with other ecosystem actors.

+

To guarantee the utmost security, these cryptographic keys MUST be securely stored within the WSCD, which MAY be internal (device's Trusted Execution Environment (TEE)[3]), external, or hybrid. This ensures that only the User can access them, thus preventing unauthorized usage or tampering. For more detailed information, please refer to the Wallet Attestation section and the Trust Model section of this document.

+
+
+

Wallet Instance Lifecycle

+

The Wallet Instance has three distinct states: Operational, Valid, and Deactivated. Each state represents a specific functional status and determines the actions that can be performed[2].

+
+

Initialization Process

+

To activate the Wallet Instance, Users MUST install the mobile Wallet application on their device and open it. Furthermore, Users will be asked to set their preferred method of unlocking their device; this can be accomplished by entering a personal identification number (PIN) or by utilizing biometric authentication, such as fingerprint or facial recognition, according to their personal preferences and device's capabilities.

+

After completing these steps, the Wallet Instance enters the Operational state.

+
+
+

Transition to Valid state

+

To transition from the Operational state to the Valid state, the Wallet Instance MUST obtain a valid Personal Identification (PID). Once a valid PID is acquired, the Wallet Instance becomes Valid.

+

The Wallet Instance MUST demonstrate to the Credential Issuer adequate security compliance to maintain the Credential at the same LoA at which it was issued.

+

Once the Wallet Instance is in the Valid state, Users can:

+
+
    +
  • Obtain, view, and manage (Q)EAAs from trusted (Q)EAA Providers[1];

  • +
  • Authenticate to Relying Parties[1];

  • +
  • Authorize the presentation of their digital Credentials to Relying Parties.

  • +
+
+

Please refer to the relevant sections for further information about PID and (Q)EAAs issuance and presentation.

+
+
+

Return to Operational state

+

A Valid Wallet Instance may revert to the Operational state under specific circumstances. These circumstances include the expiration or revocation of the associated PID by its PID Provider.

+
+
+

Deactivation

+

Users have the ability to deactivate the Wallet Instance voluntarily. This action removes the operational capabilities of the Wallet Instance and sets it to the Deactivated state. Deactivation provides Users with control over access and usage according to their preferences.

+
+
+
+

Wallet Provider Endpoints

+

The Wallet Provider that issues the Wallet Attestations MUST make its APIs available in the form of RESTful services, as listed below.

+
+

Wallet Provider Metadata

+

An HTTP GET request to the /.well-known/openid-federation endpoint allows the retrieval of the Wallet Provider Entity Configuration.

+

The Wallet Provider Entity Configuration is a JWS containing the public keys and supported algorithms of the Wallet Provider metadata definition. It is structured in accordance with the OpenID Connect Federation and the Trust Model section outlined in this specification.

+

The returning Entity Configuration of the Wallet Provider MUST contain the attributes listed below:

+
+
+ +
+

Payload

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Key

Value

iss

Public URL of the Wallet Provider.

sub

Public URL of the Wallet Provider.

iat

Issuance datetime in Unix Timestamp format.

exp

Expiration datetime in Unix Timestamp format.

authority_hints

Array of URLs (String) containing the list of URLs of the immediate superior Entities, such as the Trust Anchor or an Intermediate, that MAY issue an Entity Statement related to this subject.

jwks

A JSON Web Key Set (JWKS) RFC 7517 that represents the public part of the signing keys of the Entity at issue. Each JWK in the JWK set MUST have a key ID (claim kid).

metadata

Contains the wallet_provider and federation_entity metadata.

+
+

wallet_provider metadata

+ + + + + + + + + + + + + + + + + + + + + + + + + + + +

Key

Value

jwks

A JSON Web Key Set (JWKS) +that represents the Wallet +Provider's public keys.

token_endpoint

Endpoint for obtaining the Wallet +Instance Attestation.

nonce_endpoint

HTTPs URL indicating the endpoint +where the client can request the nonce.

aal_values_supported

List of supported values for the +certifiable security context. These +values specify the security level +of the app, according to the levels: low, medium, or high. +Authenticator Assurance Level values supported.

grant_types_supported

The types of grants supported by +the token endpoint. It MUST be set to +urn:ietf:params:oauth:client-assertion-type: +jwt-client-attestation.

token_endpoint_auth_methods_suppor +ted

Supported authentication methods for +the token endpoint.

token_endpoint_auth_signing_alg_va +lues_supported

Supported signature +algorithms for the token endpoint.

+
+

Note

+

The aal_values_supported parameter is experimental and under review.

+
+
+
+

Payload federation_entity

+ + + + + + + + + + + + + + + + + + + + + +

Key

Value

organization_name

Organization name.

homepage_uri

Organization's website URL.

tos_uri

URL to the terms of service.

policy_uri

URL to the privacy policy.

logo_uri

URL of the organization's logo in SVG format.

+

Below a non-normative example of the Entity Configuration.

+
{
+  "alg": "ES256",
+  "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY",
+  "typ": "entity-statement+jwt"
+}
+.
+{
+"iss": "https://wallet-provider.example.org",
+"sub": "https://wallet-provider.example.org",
+"jwks": {
+  "keys": [
+    {
+      "crv": "P-256",
+      "kty": "EC",
+      "x": "qrJrj3Af_B57sbOIRrcBM7br7wOc8ynj7lHFPTeffUk",
+      "y": "1H0cWDyGgvU8w-kPKU_xycOCUNT2o0bwslIQtnPU6iM",
+      "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY"
+    }
+  ]
+},
+"metadata": {
+  "wallet_provider": {
+    "jwks": {
+      "keys": [
+        {
+          "crv": "P-256",
+          "kty": "EC",
+          "x": "qrJrj3Af_B57sbOIRrcBM7br7wOc8ynj7lHFPTeffUk",
+          "y": "1H0cWDyGgvU8w-kPKU_xycOCUNT2o0bwslIQtnPU6iM",
+          "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY"
+        }
+      ]
+    },
+    "token_endpoint": "https://wallet-provider.example.org/token",
+    "nonce_endpoint": "https://wallet-provider.example.org/nonce",
+    "aal_values_supported": [
+      "https://wallet-provider.example.org/LoA/basic",
+      "https://wallet-provider.example.org/LoA/medium",
+      "https://wallet-provider.example.org/LoA/high"
+    ],
+    "grant_types_supported": [
+      "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation"
+    ],
+    "token_endpoint_auth_methods_supported": [
+      "private_key_jwt"
+    ],
+    "token_endpoint_auth_signing_alg_values_supported": [
+      "ES256",
+      "ES384",
+      "ES512"
+    ]
+  },
+  "federation_entity": {
+    "organization_name": "IT-Wallet Provider",
+    "homepage_uri": "https://wallet-provider.example.org",
+    "policy_uri": "https://wallet-provider.example.org/privacy_policy",
+    "tos_uri": "https://wallet-provider.example.org/info_policy",
+    "logo_uri": "https://wallet-provider.example.org/logo.svg"
+  }
+},
+"authority_hints": [
+  "https://registry.eudi-wallet.example.it"
+]
+"iat": 1687171759,
+"exp": 1709290159
+}
+
+
+
+
+

Wallet Attestation

+

Please refer to the Wallet Attestation section.

+
+
+
+

External references

+ +
+
+ + +
+
+
+
+ + + + + + +
+
+ + + + + +

+ + \ No newline at end of file diff --git a/ia-terms-updates/it/.buildinfo b/ia-terms-updates/it/.buildinfo new file mode 100644 index 000000000..1f9da0289 --- /dev/null +++ b/ia-terms-updates/it/.buildinfo @@ -0,0 +1,4 @@ +# Sphinx build info version 1 +# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done. +config: 32b31b48cb58ccfb0a4e0ae83365da92 +tags: 645f666f9bcd5a90fca523b33c5a78b7 diff --git a/ia-terms-updates/it/.doctrees/backup-restore.doctree b/ia-terms-updates/it/.doctrees/backup-restore.doctree new file mode 100644 index 0000000000000000000000000000000000000000..f43e3dd8413f960cf4d7df338df4bee237ba899a GIT binary patch literal 36599 zcmcIt3v?V;d3GX8w&b_tIB^m;8#{>|C$p=kl{imDk{$UWJC>4=1ZOka9cgC0+TF~| zN_Ijh0Yca96k6DxK4{?peef=nLtCJwh0;O`lon`9TMjKbhn|yDpe=1Vw9rGp|DU<@ z*qzxO?T&MzyYskn@BO~}|NnjeeogN$eEW^-_&;l#QBk$hg|wW{m&$p?s9PKJ`H zDVg=R)NgyC{(SwQ)vwE|M!Blzl)AMJF># zy1{v-4Ltp1I-NfEbavpS*Zea6e)Xl-{90YzaIUWQTkGeQ3zTb{*e}+pR90U_MiI=q zy4hHetpV9Ib#0+)0sCf7Yc5cYT7LeRyhQ2yD6J{ABaWqE^yO ztz0tFx?$F>^+m0u)KBzQ7XbPiqq<<2nh6TaC0|^ZeXzGTold=KL4Q>W^>E}!N;Q{@ z0|Tj4>YfEXbKiiVuLp1aU-j~9`|S?PxwFXwgki9zUIVJsJs|&j{O!fxjrh9>RP`;E z^<|mLN}1Kw{p!tC^%iwdJ)j;`Z#&V41n#JYBw$^+px0%Q41IFQ_eqa>tJ(w9x7%_B zWDgUvoT}u`OIog6dR0nWmX{P@Os6yWpYM#!bUB;T^juNNF6oL=%JK)xvVJ~otSk`` zM^?4GsUArUkGX90^0$6I9_Ti0o61PedgLMq8}QIT;<#LO>&oG=y46$FwYqgEJ~B#7 zF6FhnY)iFu#i6?TltHYXLIun?%npQAg!)8iEwJ#0*Fv@AmAq{|=t@3YR7_LRr3)dI z;MBsbThI5l;l6cxv54R72M|jAfe7jwGq0=J=j*DhKIc-cI#h27rFu1#>Mdj^ny7w` z1b$W4OIm43f;BQA?viFgwUtT{RtKU#Uo}lFwN%tnus+KbEd|9el@bg@N-L$FsVask zr-b#9pM}{_QbxH{PUU4pK+L?N8}!w(k}8!;_#;);Ry1J>9>07!xaQ?`Vdll!*^E5g zTI>iVPY)wcfz|NHn4oV}3)3*Jm23iS|hEf+j4LSJE1kK|@oUL61$Y7R}6}1`CpbaVg_@S-+UI9~6sAOIf$SnU$-i zTGr9QQ;h6jx{_aPAgZ^xB+0Um6Ze4!|C|ty%Tpjh&h?Sx1Xan=gzQjy*yAdm%?L^^ z5@=w2Mo1=zU^r zcn$7NYh+`rTf2b-+RDaQ8@oYiB*q3MCNyPVBpc@f-7}|!mB!Ltw7?nmizRs3-vKXOT2v}PWADR7?dlEj;_rXBF#@~Mmx{`TG=9q!89$k#vLqKJdu_tZOwVTKUooG#A2Yu9;*XY1ZyA|5eLQ_Kn;sq< z!eDZ2JUuv+9vmDWq2KA*V-3{wDp=?;d>Z3E@KoeU(c!op#Sz9tiX`SN5p(=8-~1s> zHk&%uj}<+wDdu9jtS@D-Hj|-g^Gsfs7fp$tONFwbNChm@NUO?%Bo~)x#!y{08c66V ztommPom-E989_kz84I}SNVu~$+<8w5V&__>Nl_24Sw4>ijG!t2o9U}<=hlNdy=JJP znF^ShNSIEoPImw^SgT4Yr(dkl5<)XnB?y&nJ*eH*sxM;!cQ6v}3A9A8<|+*mOgRdGLy-V!PXV;lXS`yIZ7@4S!bFzQtq1d= zE@6843b4bGU}XZ!wpyAvd(^AbC0Lj0LK=&}8Ko-aHQd8mYk7O=MOu}MSiaB5I=1qd zn1=^Q30n;$tl25pRg+VsMIF0cR?GVN2JroCrX^Wl^wo6Wp-047K}3S35tNKXQu0co zVf zPcM8tcuzbIT$zZil(t!KRSv<#SR@nnWQrpbXVxeZybY{`h8~vPU||>@3=@WaAq*8C z2Z4tk4M*1`3ehDH&<{sKXL~<4bNb9mjPWqKb0t(adZ)!jmVYdHuM89BFu;9=R<5l0 zN5I|_4{F;nZ@Wwd#_>pu+*7dyU3zrVtKLW%^YzRe@nYGPR&tra(M*G2_uGPvm;QS7 zKMVoeY1RVlosnSYNUP7#)VvmrF|u@BGND z45tUvjjFue{{hAK0S|lU;diG5J1d4je^(^>y9xdAiL<9X#Ld=}d!LZof~+q~*nKG% z!^C$zz4jp!_a2%dL2CRg1cD=x2xbVu*`t%GyGBRv@=!zyOyf|(7TA2HTxpQgjrw9v zqC|a|=ox2(XCAJ*1+Gpq6$tN+L^wixO*8B}f^Ba!gZ}x( zuy-DIq!zUiFf?C*@BT=9_cOkkDPQXwA(S*{#GQ;>8C}VUuEly!paF?APZ5}Zs#a=A*kG8fEJ^to|7`3qiYbv%N z^ub6%%S7l2?nmN!l?YZAw|ua!P8F4vmB|R)P94 zU+x}x?gQufJ3iyk(An5*zmn{C-U62MJSCocG`O}0Uy6!~k*z>D6^Zb*gwQ4*!qFkT zOg<-9Dt0O~5f8dD_8qGBh^;Xs?W%03M=(PKzK9_V3i3roZy=}N{n95RfrlO~Mu>E@ zr=`o{3R0&dNmYo{Q>UkVQ$gX|Y-uO3v*~wuaClT29LvyAEgUD%!A^t*>sn^Ks^(Q`U$F%xid3UnaP=H=`>I5Ns~^$atlMf4zlDlMPh(_bhBxh>Q*mOkU=^(F}h&j?h=)09N62&$@MCXRrh%KwUV6IO^`gar(g#R`o#P7+vBZ zESIz&N0H?vU9PD90&RZsF;zBGIB}+#I6g&7NIR_HL$?sw7=<`TS-LrI^p&T&Pd%t#VDC0B$p61C?wk&+30(6{`Ayo zmkM#~=JqQwatlfW&Px_V#?=MIJFB;I$p%a_Q5a7!V6QzAZ&QJ{j#(nXe~7?%)#`~K zVQS0v=CjH(RZUmO8-UAm@S%(OBQY>L41cJJ;j38-_w*n+lfzo<{+SCyB*;P}wu8^qVDSQ@bd*Vmj{7H=5KGpP< z5T1aRYzBN!P(A%b{Q>)kc^5z(&3`z@*R~1BoS$BI)Dw$8oY#l^P z-)AoA)A(s;c!E`mlMID(F}`}z&fpasweU*( z1PKp9-gfBFlw#y`jrUbKzzd4+tHSFkK^yQUUtACN8xSET?AIdd+F;}GLg6Q4d=-El zZTCo=9wk7#3v)42eb|m_OD{{_LOCBIMvoz0kmiGJsqevTk?0)pwX5&Hi`3c?8Wav3 zYAAdp1|El{4{_ACCG1_1i&bZL7TPfT&MoB^*IY^*F(~}ST1y$LE)%PI|3Sie| zbgI^RGJ5qBSCXiV+uw|aByVjKmd=otuz!afNcdd*(AUHE*TN912WHjVW&;hQ->s6@ zEC!#(X%wj`YTI4hJ3~{E)LG<_JGt&Ku#Ld>N8$D#+r)CKzpuBwkUC9g526N}&f6QC z&h^w|7usOoxH;{LkyB6|u*J9_G7a#(R|`-;Ygm2?yeepj*vOSTXHV4}*;OHwZENNF zliGqV>li7eFhPur@^Cj((kd0j>(jT4v3Xs}C<)2uty5gAlf@jjN_Fpv#60Ef~@`TQyzH2z}?WKOch=hy90} z*dJdD`wKC03bK#wJ_V6!fc>lB5su+v4$Fn>vF^V1vk{MNAo6VN!NO4t6v%1ZP+bun zz0heRPCVib9H)8eX8V5fMl5~SfD0jCKXHY%N4bEWtC{tlW*07I*~i@T^}_Suuy8jD zWmwmQM#Ll?qEWH!Xnr^XftbQ_{nPQZm9+~e7D`5ujcgVpe>hb$Y_EB}W*Kv&^%Lu? z0TD+*Vb@iGOTEI{iZw^_xtDd^-OXB?#S?aEH*0M);1mq5t>8y+2Q9y`U%*9lQOPY8 z+{!&l4YuKSSFOHs)vQ#_`Ycbe&078TbOmNB>$t%p6|E01S8%h*&J#oR(s|qtIJZ^3 zh`TLjImeTo^wy{ss2gGJTr8K(66OMYZ@~K&npP}Tm$Mhh#~szgR&=7ZN|wC#@kGU} zb-n!rTVMG}mIh2&;YkqLIUhK#1wjM(h|w{RK+Az>nymp9&fvstueC$Dpn)~s+TuO! z%_|GlB@}qR`A}y=HCIO5g}yb6|YHEqt3*aiZi-_(=@D$SS&C z*0W+Aj|T@@4nFC&*(`^ou(#n&LlT7#Kn$&|cDfNi&vssVqK*x*b0(|^Fz#+WAinp&JA$ThsJMFBYyg|JmeG;(--P$pS2ac z1Ik(Nk#!|aSZ~Q!mn&IU{6H!{;59p#OG0Slgj)IILqY zWI125gg{qUGiSw7AL0dM2P%R?xw9_ z$j8~~gzBLL^QiGnaOLRULPB?tdO>hXOOV5&wyc@;Q`-+%TPsS%vmbsqn2gvUm@auJS-O1xrKx2~p`TmZzxQYQKx&^B^Z}$-DdS zBKJ=4-o-k^Szdq=!AE2L#71i`)NMKIYNu-ev$o&OOV)PdBKm+Avb4Ldh(Gq3NyA)g zvw^*0rai@HfT*kZo@e}wEN1^?IBX(n_hO4HGze{nt!`kMDI}+nm`k|CUQ2li!7&4u zAVB4uR$7D@2)nS8ECt+iHpF9BhR95|m65!8p07h}mKWd@(J(Kf2&$r($mDA5mzU3H zvA<0#X5nF#>@3PxvvxR38<5xHqHWSHSv^W=rH<~mwb8aFSc-= zqtRz5TW|HKdWZT1+(NFZs`@7Nb?V#HH&?Blfw;EQQ*w|>jylz&0e6+^6IRfPqPiOD zu}^(d^J7{!ds~%?z9{mr`bcHrhSh1O&egf4k_~GEMX}!;RNt?@NBy|^d+KM^&!}Hj z|62W~`VIBF>c6T#RDV#|cmIX_!1z)1z3lw~vg1@KWWeWa< zg6~uCpA_^^Cu1E2+bP&W!Cnfkqu>w)2Phb)V3Y#xy>Q>;19bad3bvz7E^MJ-9rbPg zkFE~T)y)*lQgDKTDg`=%s?|?&!u#jQr?2|{n)>mY`q`TL)tdUvn)=8dq_RtGC8gTjOf2 zah2A%I%`~&HLk`QS7D8-uf|nZ<7%sMmDRYqYFt${uBIASQH`so##K|}YN>IR)VMlo zTopC0h8kBvjp?s3^);p)h`?B_Ky+VXsxL9kmzd&9Oz$P8_EJ^dLu9^3eHWDO!%(_U zLg_varTZF`?px{))bFvzsXw;WZ8OO)tJ@yBVs*Qfu2|hh=!(_t0lH#!J4IKlZcoq^ ztJ@M?vAUUb#p?C~U9q~ok*-+X-bz=jZttcmR=1DR6|38)>5A3uOLWER_I0{qb$gkv zSlzx)SFCP5B)_a~+v$qcZ7*H1x*eh`R=07wVs)FMD^|CM>5A3uDY{~HJ5N`vZWri^ z)$K*PVs(2nU9q~oovv8j-cMJoZXcs7R<}Q+D^|C!&=srOKhqVf+jr=S)$M=jiq&lc zX%MU1F1liMyNRw?-O_Z$>P9Qng=a~F_=*+p5-9uoaJnzpQvX z6suZW{4F$DacfHs+Y_ieL%jm~3H8N9JiBf3Ke6MXJw}VZyihK>jXp=+)$q`b-5*G? zU*yUk?F^)kF12n_AO7mbw465>$)Km0!%-OY1?tu&%!%=NHq5KQIryaW{4LZ*eFFGT zTw%OeKZ~vpR!7i@avbzh#+Y2)YFsqXQ4&wxQH)qH49;ASO;syJ+JvH{Xi`T5ij>`k zr^u`wN$qRi_^>Z6rkFbX+8yoh>1#jx#bfZ@h24nSYR;SGNw#{O!Oa!cdNRpy4L&n_ z^fbnF&S22)^*X-I`)DA%3khRjPm&m%UBj*k+1lxL#08;5^TEQ^_$oM69pKejmDyqC zCLnrq*ms80iHq1Od0951xO|Ss=X10TpG`~_GWa6Mqo5DdE^+yg9zw0?)EO0Gwh!By z$Z739+Jl0Dus2DPPkXB)XW}C})g3bRpm2SEZ3p;{gyLhbyne5{t-%)JgI!7r?4Az5 zKF|VelOx^MkY67k@(W2pzODnvw>Lv($GNT1y)8bvwwl3p`z=aux-S+Z$s?9Ne`m7 z>YKD_OT8B7#>)nFtaZ(%;)C6r6xh^d1ADkN*dy`5jwc27rpp8tUR_&*osSRp;iSOs z>j3OM%?&H>cSk?M^}EK-T3f>{#fN)7DY*MDBiuGdsumyai%G$ye`AS9O>5}(-x;HJ z+i2}O<3oLWQc!Q{0BVdr6#0g2EyjNkAMD4H0()x*VB=^lJ4kH}_iy9F{Yp}B4|D)G zUfs6Q*?*4@_B%;|J$Tu`j;vLNpZ7*i6;XN21-u+3z8|wgGh>VIFth7e>%J>K$PYU7T4iJV_ zAp7fV4R0krJR>Q1;~l^YsX*7uUTcIu7a!rzCWY|M4iFx0*1$%;oUMVrH$KqcN($&* z9RNMl43u1Rwg&f^_~1U36u2WDfJ--n!!BC($=Mp-2uQ5JHvk3+Dz8` zAU?eRP6{5M)}?JJYnWgiZLUAjP}sgYTi4>wf!IBoZHSskkLKPEYB6l)0$Z(A$v(B< zIpk~&_m22*Z%Yd9eI39Jv8}dqLC=|HYoJHt1D#9?==~i44Y94X`qLWR)A7NbOA6cr z9e@j)e`28xI@D|p_SyJgSCaxe(E-@W5JSXZZ4Z6CG1Korvo-2^eAGXm6zT^%Kt0xs zy1_wZYn&g9kMn&=;hgLM=WsJl+byN-ezG;l&&3D%r%8dF>HuU&pWSsY*&5+X@e%%0 zQV6FzKp0|f$q{60a6gIT!$2tHPvVYcb;Mf}9 zV0?U1QurR~0AI*BgtvjfuVZU~$KwM$mK4C54gj8PwxHy@vArk8*6{Q3;mb+EKi&cS zkc}Y00|w;7u{G3J$A|h{cTfX|1!g_8inYl-7Qp8pH)*9@v6{!>*YXk_?7Xgp*T{pj Z_|L4rp)Okkc{)<;9KEH(2l%(J{vRmw+r9t* literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/.doctrees/contribute.doctree b/ia-terms-updates/it/.doctrees/contribute.doctree new file mode 100644 index 0000000000000000000000000000000000000000..7c14e9396f0848e2d6d97c829523a5d0b7fd0236 GIT binary patch literal 32057 zcmcIt3yj>xdDiPrcc+IX*_JKYve#1duq^K0WADy7Tei;kkWP=2a(9+%r83Ri@^L_LG|2+T6^Btc`KevhgGjGx=l3ZR*3;BFm$%~q0 zcIA~^wIr5x>yy^KFIdl6C(LeDSkaWKniDN^6XeKAaxt%pW$Ok!+>QBlxu~U`0=DOr zQqB8Phk2)yCigt~fpj{3<4L~fo##ITf1i8j`OjO@_8XSeZEl+rSMjS&a=&C@t<27f z09DW}X{RY3YfMM2Xb5#k+Xp=8Ip^3{s>V_wKDsp10V z>0T`rN3@E7P`fIssEO*bXjRSax=_G3EU8D@FKsoud6y>m)ydd745?ZM!763vA3iTG z$YoiVm9myrHQh3|73H#MUF@jN1L)hd>b$1QI#8&TeR*B>fxScNbn4l8_1P4(!^lWV z(o4mjo>VIJ;Jli7sE5(F6`uOv>Y&H=)4iti%O(#X^aE?sZ9tWD0LZ@s{tm(4-SBr0 zP}RAhs3igGiXXG2Bhve-(ov~bIxd}%?!DLv1)Qn|6ku+dS1o}RgRh+Qy|Pt0CT#`O z_t|m<$lj00a*~)^;^drCel{hSgn|ed)9DQSkA7*H35CzeYOW~q1yvNwJiSm7)TOkx zTtFg5R^+@cjimYqT{b%CT|XaZ+b!FsGL*BeLJ!Ql7 z1~h`x3e#>opJ~EgzvlN&It`BuLM=R7(!ky8@|R38Z=#+KC3L zpFx3N5!A9=E^uItG!S=A)slqzxx6hjxwU?5U*IrUUk z)N~=mtdHEr6QK)e7Y>^8Lc8hmt`k#3nB;)2#ZqY`uJXMU?^?df9#-{;WM`@avpO+ zjhueNpX7ES(4~^a8*1^RXy;yq&gOOo5tR^nk3V&-%Hs~UF$8yH<|l`pD4rlVy#_HhUz#u=yKu{8W@nlr+mz~xsG_bcsG|LEA8_$WHEjYhVmmJKbOvN zqoW=bD=RB$p#YjtP?pm&D1!`LZ3aecLba%87G$s>889viq$}zgZzmLsg#z!6H+i9| zONt5uJW=C&)0O-}9Z?;{0w)MQPTT|!{tYG`8&e@h&K;rT)T)xB34C9=-{UHt&8U@J zD4>oFS5-L8QMW#>-$#!7{D|`$E0LTkVPTAoJJ-p^K)SCzHlTo}Yz%OHk!)ZYZcosz z;$UHnjYI2Wg99ts9ve|+mdQponhmT(a%^B>jE%e2%|@G=l8vD$*=S7xHWJhnER3;n z_qy2_Y*#i0n`%my8;sHvU<03fHnzm5sqBb_2^uj14S|Y0BYHHg41m&zv5X8%(#|t56YjjO=#@XUvig zaT8x(?E%4H&Ma2r#k3L+~uHGOo{_%&KqlTASyV^D{ zo@ISsC@+r&%1fJ;q~4C~YmgJa6>*=sT-4f-GwsNSXF-mJau7Hw<%Zj}AW%S^zBJm? z;U*RY%SgbWl}lSZPaB?BWtMwkU@doDMeZk)}z_Q7XCYUguq4xhf% z&*<8;ApSYseWARBS&%koF~cwep}kFa>D1K;A1BeX7%U?}De-18r$X6Sz>&wq)cEME zrzB!k<%;5J8va!(0{oLHiUpy_*?SXuW@0)s_j_}hhhfF{4E*7?>Cu7FD;Lt2_;i17 zA510(hts`%>E7Pq0sMDj`dl3~9U^RWX+Di{6Fe3902^>@M0J=k;X;X-L1HdE=376+ z#b#ZF{bNy0%c8!JR@6cU_GU7;Y@W%h!h+6WI=853BDVt{6%st&W7P zi!1(>Lg%MPz!W2({SPy^=}@@SHrzQ+3Sxg%!9`IIudXb?21cza05;v%+Rjf8>cqOC z27Z*m%!I;pT6LlYn6<4cmUHS_1-B3yp^CLo@uvs1-B$H|n8EE0g?rI%)r)PzT@u$C zaW2*3#Gf9{N7mh>wFKiA8Nj|!fOw_=wA5$3VvB9<=QJ6PeCSmb4t><@e}Sm_?UeJ= zgL%G9nBI38*#1zk0)i!5&5h1XdTm+&>r$Oh!zOS>ta5o7euK4^^Y+#Yw;~i_`#vM6 zaFj=fb$9^D!BGPa_UuGBRg)9B1r<)atSIVI9r$iC)106#_*%Lq(IaAp5s_eR7$pOt zl>9zYas@Uxr^d6_#-=<@!d5Y|+_I?33$id@6uBIn20)UKElsNm$OUeN_6-DWh4$EG zW|woakB-_@kB>`?k3?$1n8=1Q@dPq4JI-BrtaTf%iACI}Sr$Qvv|LfqP*lKlbA7#a zlF_N<@qv#AFU8})m5JC&X`A(^dN3viLz%D_QyiJNx=xXxV_;?I=)tmUBn(P?pk8L*e)L2WwcZT3-yaX1tsjZ|zw=dO);%^NCXzLA+DUL?ERaxT-G&D05Yw=LN4 z(BH29!~n3Zewu;3KNRdNYV}n-n&`;n#A*)CzA=GfHa@+eRLf8c5Za7iemD`b3*~}H zCqFXF{psFxy(;hVzkvCDz=NK7_}wMJ)~dnKpAJR;0HVJzI&;}W+-OZ{^a*miD5xb4 zPG1VeAo1OXkA2A4Zx2l$BQ^df7=n>d1XGA$W^ycbI-5Q1p$HY2`l*C1u=$Eosgu(# zbs@)Lp*~EQMjwJS57z?>S1TW72p~WCK=E%;Q-Knkd1~4EzlZ zLzQcXSe*p2#mp4>O~hbMt}*W6fMqhEWZNY-V}~>h=Cm<7>Vbe6%&q=%%guzLsGT z4i-l^AE8Hlac;SOx8kO{+&=E`QOfr+Jo4DO?y{A94H;=;p`@Kd(#FMQIVYyZ&}k%) zu?nak@#UV8r!jDz-XkA}y1~Xy`w?e9^ER-Y^b||?XmD*0yvZ6W#%CGA@lb>xMuax` zARH~i%j9!HrDB(Y3-Lf##{LCOJ7Q}LO1mUz(g>^&0bj@vObYTvQLQ7V+kMj~BQ=R0 zEn0wdG^eG_>M~L%LP-^o)XP`KeM>>X$87N=uyg3Qzqdcj^$upxRSVpXs<1b~*NyIY zSU4-oIe~}$kj7KL+e%8_zb3?fdu+Lz85>a<#>!+UD`bJLj!*l%0%BHVD08WX6<8|N zbQQc-U=&Ou-%yHwY+#I=ov9O{l>wT^ z%*|xrQGIWwg-!aC)hMi|H8b<@QgQBdr z7VJ%5LdIfUbVvv^z=y=2=0S1yY})%gLp>FW`Z_kr?A599%-GZfcZC-AxG`s3ISU>w zu$-H-7wkMva0y%%(#~SEtiS>YII`qqkt2ZQy4kQzb9_c8No zMgsq`j9P`Eyqdv%0@!EB%g)9Ec(idgodId|0DLXHuaH|TdBbjZjw|~7Hlqjm5wi-!zeht zQVqMo?N}(NLPhdd%t_ArJ0p zvr7XXSn%WoxB0y|+9Wsl1(p0YL6JJI2}N+%bOpuiRH}NVs$0_}Wz%MNK?L;?U_H!& zA224v=}@TxKX%yP;_?#D_|bTQD1{1@32!~vj^o=<5yt+kY~R0@I~hZ$C)0OK(8oO z2Pa?{09zNgm^~7>KeL}5=3a4C2I6Qj$4l+Vi}Te2d~Ubn2nsn=Q7A!5Hy)!95tL<^ zyX7*_1b$*U7(|r|fUpW@DDH=w0cs!cqN*w?&ql7$@PI1^Uf4I;L2XCTH)cc1IV=pG!BlZ*h4qxO_C5$*JYVp->@tmHUM#p6nhoBmfM+T z*ow9j@W53DuxAdl33y|dlhbya!y6d(<6&YII%knBo=ht~iIT7SL+F1>!8sgA&251lGka^ALz-iFdWr zwSl~S)5Oc>9&HUab5?m=PcFhA-4daoBSMbOkzwf8z5JIHHs!M18I zn_I>5vNc_uH@j?W0+UaWMj5U=0R7N;+nJfr?XABhgABMdDV>t8!$k-yk|cdXdQtj< z^h(v-SCiMi<^!(;!K*2x$(joqr0ZtwwE@yfppUxriN<6cDSn}fRbOD=FgsCY;o=de ztGZ!PXC-LncFbZwIU&6!eMNdh`lj?9>2IXBq#sH@k^V(`SNetY8|l}JU7MkY>%ibv z4EAAg7=ybp$Y5{^g9kA1WM22Wy8!Jve}a~M30!N)N8CISgtF zgPOshCNPM8gQz!%c7rH4h;D*gQzu#R)Z)th)#p3G>ArnC^U#ZgQzoz zHlr#XK%%}PeG!!6bx?{oK`FimO7S)*#ZRSQOYf0JNWZhyVJFHLslx$`kvbg17^%Ym z#z-B`VvN+`GR8<9u49bUp@1<`2OVRi4liJg)Zyb8BX#&J#z-B$j4@J&Z(xkn;oBG^ zb@&0sNF9ERF;a)0V~o_{R~RF8*oyK+>aYi6qz;ELM(S`9W26ql7$bEU#~7)@`!Po9 z@C3$49hNXg>adD2Qiqo?M(Xei#z-Ch7-OUkuVIYT;jb`8>hO0MBX#&EjFCG08^%Z- z{tIKI4*!cWQits*^`s8BV2sq^9*mJXq%lULb(}{nDi~m_YVPv)f@mqtT{)Qa;*bG* zUONTHJ1n1V|NSX;KIrqH*DTE|MYm(6thdx9y1Bb+O6+D|rI+^Aln=vJRmXAit@UL& zPhi3Tqp=(uuz>#7GI!(@I8H~CKNyW~A9K<_iT%LqfcoNQ?Imjlh8Hk*gn^24?F)Vw zX0^MuH4O$MEY+PXNFDafcku}*!M*aLZ@gM5;?jl)S0!OghKoz+(vK9Hosrbx+G+J+ zcedHWo9>kJrftpV%{1lQzqk{!2Huk6EOwAA2xf;faoB8bLsJPCO-)TtUV$l-GuN_5 zl+I0AojA|zfr5SWSl?6=K4{TB<(f%Q4qOVdkVh*3-5_9 zZ@64?@wq(Ngv$mN7mvalwHz|)s`IhA;Lbyfs5r=DqIDP+$ng4;!zs8w2PT+s;f`}o zG@o{_vRRyrk8G?xWYP(CiQ4Tg;2R0VNB6tG+UWl7f7&1<3a`LZ&NNqS0CL(fwgk=}JRsH3(}maPYd<)P{i_iU!*oA1s#?*n2hzEZh$g4faBOu;-Ejd$oqJv~vpM z2-ky`uKkFHn~x7yNDA(e4TRgoNPRFq+-H)4i?{XCjACM`cx~H6XMYwS?7t@k z_QZyP9f)q(O`Wj^7XOzN*n2k&Y&II~!T4ZrgRF^+qE5B|HlEftoepHDhorFeC526k#`d4_vHeF< z*!o+*mT9yl?)?+d2)AvIJ*e3XSrh5!2Ud9WR$gFB^u#Oe1un$LO9d{!k`AEn;)X#730H`lY%$g0=$3* zbp5rX5q=~-!WWZ5cz+8BhZ;4o{)UHWpnnn{=;xCHdb$OmCmVs{B@fZy-iQzGn@NEi zX#rfi5geROrQ02%0lpO<;181m_&^H)1MCcW{5Dyvc{e`1UnB+Z!4}|U8{3a{6!xtT z(XH6k6?;U}0a+6n(VS@kX3)w79Iui%+Z({U+94Y5;rMXxP73ZrEx--1t+t!GcP&FS z&-`t~!Xu`K9^DW>Dn1|3Y5V#>A8sORZ0M8@^ zaH<7>ml`c7-U86vr#~A0_4x1~OA7vl7T^cWQ#_{vyb&N8rXC;WQ|-a5aT1vJkc#FG w*ByX-3U|omT(O!5hf<|LeyAaL5S*BX|8(mk7W^NI=g~#iab>mtZ+z4L4|OCoegFUf literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/.doctrees/defined-terms.doctree b/ia-terms-updates/it/.doctrees/defined-terms.doctree new file mode 100644 index 0000000000000000000000000000000000000000..81c86a151364e0224141022a3d2542f74c0b0dc3 GIT binary patch literal 43201 zcmdU23y>T~dA4=BlkW7eB-^rOTX-#DOFnycPxp{)*~UKKovhR2bm-19*s+(n-MO1t z?MpMeC&}1ggAFT~n2K2f2?4^ZuoDL`1q4V6s(^x2NFY2y;VOp!6;k05sDcU@?BINV z&-6TYXJ&hM=P2T``eu82diwkRN57{Z>V4ZMpE!^GXI@~GRjqg?DQC0AQdTkQ=Gts2 zQ!OaPO8u?%YagyZSl?~->+)%%RMj&|-8>H|GOCu(>PoSGFK%w6^c5{{B<&2=WJ(3! z^J=eog&n62yy~80GI{T-(gQzu=+E%)FMjaQyXxwid+Tbyxq4nXLvL-7`q4U-%Iqu4 zC_<&Kt~VBBb3m?CbZwzp0R$>?kCru1JabJZFB=9Taot;#3)a=zY_;tESdcR(b!CyI z=|5A*?>EXaL0wzc6+_XNm3q}&Q<0bGiMl$VZdH5C{R()^R}oA<*Y}}gRlV?4K$9Gt8T6u9;=%@Rb8u_ zgW||2Gr5@6va+Ss=J|tl^*)1GJqiI#+sqCG2|~R)Pzp?WgQZX{x+QNZ2VKdg^GcKUh~~_0qV`&B*7aQPw8TFR#QQ2I|A(9cI_IRJ;RbFXhn;>vIkI$wHN=1gZ zl-mW$Q0|;lG7R}>a*yBRm=^(Yh9FCN8CGk(!~@^Czf&(eg>VI?e#E@BJrbG=#M#&u z%0}A9#sNo?>8T>x7iYWWWN!l}mpPnxlm-nlyvoCjlWM1%D($4Qb)|cL_SQK+mxc19 z5dh}nvh3l+iE!cH%hh9L3dG5|Jd_;2DcP2g-jf`5 zxf1gke$7P&4Qx23A{n;1?U9B(7)|P$A-DgEHf6yrgY5y0ny00ZSQ;wiK`t zqoq)0oQ*5nW@D^d-56_WDWlR@l%;?Ty6^hfF00@%hmAzrZ0zlpjmFB?@sf@g9hLUB zV1w?*#)ezrUezWWW8L}$bLvS?sr ztJ65+o^(v|*DOv7Ue8)Z@v$<_TP2-T{Z_F!FFQNnrAv=W1!!!2IH(=FAzr-g4=06> z7r$TanitozzBH7VI|KElOHb11N47NSiPwubcO5SLKIE2e^uzTaSBG*C*eaFwb?ZTp zL4&&(Zq;j2actH5g#W`3P(FwQGBd)Whqv6 zoR?jpyo6~I298mQ@2FwtdrEXIj&P2?Wl;8=;`aAzWg5_6o0 zIdqq2{E!BlD>~+n6+NjbmBnO9UrJ$aCPl;MsjMz9RwRm-awS8Na+s!(PAdzNoL{05 zL$zQukkFGm?Hwt!f4T%ra{{`5F^8KBg*#)xop-fB_^l-x6m{`dN+&Ua;Wq_ft9Ybs z|8${FwGB1!r5t7|6s9fJsSaTJrK%J&`q?r~Av8l({7~tq3$gSn^S+>R9yQoBx8U zdi|9B(}j7kOPKC^IoRP)urh&VzFHbTe!!LK61+=wA&E)glv0(l8h*oDYgudRMLI3# zF@2wsbu8tnU>qJGB`h_NFlVP=RZT{b7Imz4IbG6EHh}MEZd#J{MUSL?kuDL(IT10I zhEp;UO35D)CC4zqIXyXgVq)6mBy1F8R9aSaZBdgK@`{wfY5*dM*fNZ&OkB`Z=$?_F zsn7u{&(Y+*4g^ASr)I1{6xOx#CI%uPy%?&{o!8%mz$X_gfzk&(%l3{n-i zZfVa@gJ$#@S-Roj!Hsb_aCAc0C@r@hRSwR?SSSLU;){^u3|bnZKW#J~q27&>u!~t_X3Xb(&vf`j08^=yp|P!Y}-?&0?AD>(-Rf{MEls4tnA4x%S zxwxdTl^?0);p9-V(UdoNAE5Le;6e9X{LYYIXT{*?Zwy6$6QMsee*CD5xY?Vs)+h8f zC+h_Xt1snzkovBs+a6^6w~J;ECsq6v9Krrj1k;4z_<@PUjiaMCx+p>wrm-twDQvb} zDmUoqT75AiQKlYD6vtkKI2YGV99JhV zu)w&gvxWjKzeE2ROQ;sKJQl)8WxYgeMkL2sgt^javKOw_8GaV?zZ@($d`g`23x7()irm)baW0V>1GpZF%9Wf~CBfl4Lt#)U#ECI8}63 z;iiU$8y)i2;G`b44^QEecZh3Gs1b;lk2CeMP^Kmwn~+WnOXR?$p~yiS9o}wpZ zl+j#Nq{`W{!di_%61>QgAU(yNV5vQ@!|uB@IDP6a%EUPt59MUp)!y;>`6;q>n7A}? zWO{05ULvl9&7BR0S+KE&jutbMnM(_@fwpEQuc1{V5u2%@kw&}U-u#&70S|306T1A( zaW!h;1==b$C-nAELQ6#GVdZRM+~vSSp|Y&xAy7SuPPq*6gt}V-%v#g_zX?+Z{ zR?epQg@nNo$wTN)&$YDNI9qW+LuwCqbSvR`7`I%u?snLUzl5B$iBQt+Akrq4Wi6v5 zCTP=0AY)~iALGkeBhT8vS@s;;m3u~zg@PR$&8gK3}@v)C@ahZ%}&mEb_EC)WN+$- zj};6R8WkP8R?rG=Bnj+fi`gK4DBhz|tL@(|KML2Tl`R%$>W)yRux}`lzH4McnmgX0 zLZ?SqKW6@T3bz_-t2L)bGLnHkU#>^-M7cOG^WtpCkr(b@XyMps0QPrGNSLs59Y%9& zz~3kub;p9;?n_8pY%NM+=5?GuD8e%LxsEYjV;ajMhpR0KrCNUu^ZTN;d>F=AIrAIuCdoG zdNy#XeKba}8+&GZvB@N_cy2Y6mu15S6gCIl;d`%g$9m2?FKGJ}rvs34N0CO|nma^) zuzOYAmAiv3u?Lowvmd*VAI4K)+Xe9!XAM`5_>y#DM7oeaW9)d?T&GU61IlYK5M+Hny8=? zUD41|q1FoR{i8}<#-_mht^~wj&G+DiY+oQcChR$M#1L_+3bSB42Z01*{7TYNlFjD- zcNmVK(*lCNm&EEwcdbX})rH(NZt`tswjSnYJaOjQaa*XIJ2%29MOmN}wz?IlFg|r# z&(y8ALX%V;RkI2Mo9L@7>7{D9=@!`wcI4;DT{Ycw_VhJ5g0*|3znfn;-wsH<1r5v{Ap2DBNox!$)C-8pt z!v5CWlLAkD$a=vCSkl}R_~WPD5B!3`!AZx}C^q)o)1Iet|3VoOBb&{2p0qCPZy$|L^mJT!hTPS6lm1%eG{YdENd3Q_h z2L=bx3L8B!8%X==)eh}_Rx+3IKHL*zd=-+m$M}Wd=0yQ+Y{p+;Nn3*5VYRpt_)0|L zgfn-Z@J>o`KPZya@sK+NsPG%oMZkBZ04qLxLK^iOi;7NkVa?zmnx=t@Fp09-_Sb_n zt`-~+fNr~++Xe9YS-Kc3-74^u&C<;*X-h4*Y!)9HKoeq`Etud9?!+X97P$1Ik~mUd z5P)Zd^VbQW^>cIyIC`zXQ?|?> zU`bob{9=!}PdH0uxVS^^I+A{$0AN1~Z2r%^r(G1k4@n36`7ffVj-+Q@Nq#Ne0Dm} zuvhmw;_g8jSKfWNAzG&+X?t}#cJb$46lduLF?l~aj-gt6&;&Jk37y(P0bi*}Ow*+H zBEC(N#HFDr_^b@|FYP`g`l-trK46u=Yz6wf=y$R~5qwpJzF>piWKq^xua`zok*D>& z8uWsz=$!H~lu}|2d7umHbUpt-O5^DA4grDsbs1k5$XzKQTi!BZQffn&qm%v`trrx) zYU_q4HCI#Duzq+IHKku~J@XK2`1n5#W?sPigNC$(#enoR8qfE_=;_y3PrE(W8THzk z>Vo@jb1fhE@C=rD<2=2kgH~qEqb}$Mx9*IiXX6a3@T$od=ZN(l0kPU$@>d|Kze}D# zSze2R`nw9bN1CE`x8Gs*cDnOSi`vh_+v&FRcz09TI_m7OjwYu#xT9$jT~0^SN$a}E z#{{UitHd`k0{j};sD6Iq!zRky8wH-Sjqeebv}Khj(7%2PIk~X;u%F_>{xA{<)(n3o z0Kg9$dn9uo5_rl7+qKZfQ6NwM`eA`w-(?xCt!mFTsaj_p>k9`5?_#UfsrJE;W+qtQ zzKa6d#9z>m-X;HgNF+%9vjTwqj+R+l$k|_z)&TMFR2`eUO zkoJ0fwXA?mMEBn>V^|mC!KhuA6dG;zwA#M@Gsc*!MLBU?$)BYbz^ts}qfR!ve>eqly!Z?vjG4ui5@qcRpH7^ZwNyVt-%%vhM;j9B2Dzrjo2jF1Hw)0~*EVcC z&E428XKiR(bW*!1Xu0L^q(MzVEx<%_M-Um-`g0peO|8Fmp1Ceh1F#`lqzy>zu9g!r zTkcRWCy9wPbY;*rp|7)Xy$HJHNVg&&UAski3Q7Gf!W2s8n~LbWXa3maF$}j`Eg}BX zdE4s*-saaO?0d`c7yDY*Tb3-qwC0!tc2^$oyHr!ScSYDHOfA`7e_T0L)pYa?ixr1w zf24!?odTF`hTqY|@EDs0TepxeWlp9~RZ;7CW^~NW5AD!;u{mpHHy4Pf^J%q1tI2e4i1(=a(rqw&XsEr&@X9 zkJC%H=ALFrbDzK;-t{ooP(e9fUr{X#_J?rr9cY%&tt`HdTv}BY{?cM+O75Ro5u#h< zzS2hcojyx6b@P0Q78&F|g1p^{SmNfd1>W{#(^Fh|d{(j^@Lff9?V~YX#4@0Ztu13< z-2E`QtuWpwM{9nE^0$(MZ57WGRNv(A&5eF%$362jQJgr9ZJ-HSqJWQr%iB>%ysGU<>YGXX?1^qWkC^(){ey!Od08t2 zw&-p_ak(pDsa)f{Re)~0k9-pY9c__*$zT;~?goLU?3UaZOWLv}=k$@;M)*L$_aY}7 zussKDZJKwqER6)MY{7@023*`DPtB-7}S92e^qv4ny ztn1}X40i1>`NslG`su-f(cGH^fY|iBktJ=Z6}`)HzUnm0?O#qQKhSn5u~;+r-gZkV zB*aGqaD21sxMC_|QF8@8d;Tbb^ao zxvaR&@W?a{Pd#f}`&?Th=OL+IA}?=8BAW%?<$2|L_OcL)1a*dRgAVH*ltnYi!oB z9Bvn*&m3?7Wb22|H@7Kguv)T`c4N~EXVdKXp9kx?IWU;J2}Lr@O9B&O0X33Qp{-5Cg>-EFunFBnHg2J9x1upe` zb0fBc(Q!y=`y`?nb3Kn?rwz@RYYm*&g3(+Y@wA!N6tg3n7O^IhP7J|`KPRY$Hk{6{ z*;lGo%GFAJhAn}fG5f9Y1?=6f;|KN+(bl~}89&xp??m6acoIJc?4MOVk6#-qrA(Sm zSfaZ|JxA>ZbIW3>R4JnK?zscrH_)Q*VzrPyL&p!1BsOBzrdCd4zS$aCm@zN6V(?WG z7L%qPPMRO`gxA>**rz^$2Ks!zj*dU=)WSrkIiTX49{#h}+^n3@z#7|i?8f$Hm4)gO zioel5u>>h}MJ^zwpT75{5Tbg`+^7}75e_tf>jAeocBYDtecgZ~to%39imsRRG~Z$c zsRLIA#|2$ru^f=Y_J%tRS>#?1H8eL``3Ah-f1}}Ha}$*xdSc&)h|YFS7-*6BFFv~?ufIdhY77A?RtY5MR%9{<>JX0)!_ zTyJ0-f5jS;GeFdZ>^B>tGtwBYlW~>?QM(;qAAtp-=CI5SEHet}JTI(YKgSM~V;ekd zH*gLLRLW?@MW_My3tPxj;N-N1bnKKVyiB%?kq%lrS%=yb7I0pbQ8|kusESg-OD@Kz zjO3GPEIHBgX&in>eir4cnVap6C(zgYqUF-gnLSEzxsJsQ=32{}V3#DcQNsod*heL8 zow~!&ZEifyjd^eNfO@@pH%{z2t*Yu<)Yq%;Rv)jLTYPD)^XTa8Iyys5J>WY@OugIm zpKqm}4m?areM@sRZE1RUm5RQ|-(mKV$>M}OyPmqY&T1;zFxOBL>&|ZVDfLP9GwR=} zUsk`UeoOtj`hE4g>d(}lsL!j<<<_2$>aCZ8iz(Pb!43+pq##AX^%UGp!HpD5Q*eNS z6BNu*kfGpJ6qG3_Q1BoH_fzmD3f@S;+bO71@Bs?mOTp6=e3*jIQt)>ae1(F4px`?c z{3``Nq~He>{DOj?Q}7}MFHo?46@q>Wwo$N^f@>()Nx=vOLloRb!7UUVrQi?+cT;c| z1xplUDX36zih_qJcnt-QQSfF8-bukbD0qT`4^r?63O+``=PCFc1z)4!pD1{if@diB z5e5HA!LKOzB?Udy$T*LJO%!aPU^@kuQ7}lsE(-QhFiHVyy|A{)otVeT9jBm(0ma-& z3f@M+;}kqc!T(V3ZS)zt6T)SuPV=W9%DYD{HnOkHYBRccI4YD`6HOg(B$HEK*PYD^_+OdV=W6>3Zk zYD@)cO#C$_`Wh2^jfuR*#9d>et}!v!n22jkyfr4;8WU@ciL}PVS!1HCF)`Md2y0Ay zH72?m6I+dmtj5GuW1^}tG1ZueYD_#eCYl-(OO1)7#>7!$qNp)3)N&+(bBz9TjQVqo z_H&H#bBykDjOufY=5tkb8xi}Y`hFPY(=f`Mxi@sxMmRxSsTz znd3IPV&-@aT`_YUp(|#Nx6u_d$D?$`%<*ozV&=F+SIitMbj8f^VY*`G_!wO=b9^UV zF>`!^u9!J~g07f3ex9zFIev|57@- zAYCzY+(%c;94G0Dnd8gpikahmbj8f^BwaCcJVRH^93Q1CW{!{36*I^8&=oVsr|62A z57@-_vnh5*WOd9OFQO}Ej#oM6n4~LajO{`jmNt1t;VbTPLWtcQbWEmz6Tv&!l9cE^jtn*eiH+XAx^8Dt8 z40fBco(5_ID~8%{Je^gad1I)>!D7)0C@hrnPD6o3Uepljr0)0S*w5d}9@^r|AI)&R zLhb&G8}qX7p!b8;Wd>h1L;Im_uEVNC_IW~##Ne#g2|NC+RImLB@E<_MeT$Sz2?-W1XIl+H1`U`e)HbC#%--SnQ#sMXo@RuFd*efF)npCW10G$PY5+3dBuL+6{T$zkK1*Xfx9$IuJ3yN^~o z**>VYkGjr3M#dNjXkL+teXz2*#c8^8I*H`nxu4)EK1UhAsuhL3Xba;|yg7VC0H2y% z#CI=NVqdXC=Z1b^ItP$6iq0k?bG>-NPa|g!qcoy)NCzPlom#J4$97j3O+5n!7R zMT~}gw>adx;(~lx2avC8hRhB@j7C=xM|UbNbeDI4E=qfO?-Az=MuUA!9PFFp0(->@ zfyEJ4(O{nt2m8Uez;0g|uyo{LG}zCJgZ*4wU|+IgU|Xp1v*KW%i3{wND+YEfTC%?q z2m8yoz$R7@^*L6|q`&*j+T-r^Mkt85i7L9l#ZnZ3~;SBo)wb*oT(nNO9km%rV`)cS*8yBHt8LLj zPKtxQE-tXwcK|kEfP$TC6s@@j#nDa0g-+@K-L=i_2%IYyjcq|3TRJXm$+)mpqOm<7 zj_qt**ivy}Q=+l`sW`T`#)WMtE^H^Gv3*n=+uy{6ZBJa-jA(5CD30yRabX+o09&fr zmpCWDMI-zVafIKG3*kry2#1;xVvA%^%hIWC(GY(p4)OW8AdYqb@%mLH@Gf01 z+;q7ZNn>fcjCBAnKu5U*%h3pj#Sy0BLb$gBgh2viXRk%WJ0cEmIxcwoI)E1-K?1AQ&A~lfEgJ5s4Z_v`i*dnySqE?fe5-X( zlzT8*G|(%=fo?<6SlT(ab^tWMx6YO<0rMOVv-T~^dX4DObjYZ>pL>%YCap9ck0OxQs zPV0y<>nO2kkna`;`OdgNPIdq?pv~?a6&8)~Q{o6e5f{R#4iE;oTRPM$8r(O;!F??* za0lW6M<;MagZrsCxF5v@?v4(?1+1U7595l)*SAr)#nXeNu`~n@c7QLSAHtS_;Eb+l zfC+Jc+v5T_-2uQO%^sA_;c9)VRy6$m;_&yy1^-Y7@b@*t_w6pA1G%D+&Wj^`d3Q*C zTLorZu!_0P*%ZL`ORm$3nS3>i&9bE>+6cNW{0Ok!Gx)Dke?wh12ePyS+1{y3U!ABf GB>xW%_Lvd? literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/.doctrees/environment.pickle b/ia-terms-updates/it/.doctrees/environment.pickle new file mode 100644 index 0000000000000000000000000000000000000000..e72f90f2a59b810a8bd863e8a80689b0278f00b7 GIT binary patch literal 60461 zcmd6Q3z#HDl`iw_$8`7fya$Fy!SI*?s~g2pgq3Av#u0mHScVZFKy6l4c4uZ+WfqxP zGuuXtEby0Tlg`%w9)m2yb`nbBHsH^wlTU31O%Ds5q{m+SvjI8SE zuCD0L8K&pUj5rZ-BI2AA5r3SFtbE0a*Pij%3H&cw8`Lb@og6aV1GewERnrX{(cp9H zcBQ;KMY^l8{g%efjcw5~qgHE-M!jXP6#AxFw*5x5KITym?aEN0W`tJ7E;gd>!oJYI z3bDprD7a*}5iPg8s@aHE`gPYeQE>S|&!1>S>&$xD&L1=?6*J7+VII7LhBbifVYPzR z*hW4y{c4b}*UCm{290Q`jaK#y#f=CWVdHAB4g3uh*qZ(hyl8uqLjP?rf-ZxKxwKyCR?~Am6sY2n57V{s~API(lDd$is6pex%^Vo zZA7aoUdgDK1&D+?5Os-o&@j*rukM%3g6WpLvh6||E9&7`{=!Do=R&7JA#U(!)K&96 z2lX_fp=&HNcX?=3Y{Sj%-oNYe+_kK*oL#L|OtKq;T9ZS8F}p%qMjI^;T3)x413A~I znmN}CbAbtdYhuoYl2@DZ?QsjV6VOV?fMgC~#i5IG6;e8qyL_`^8iCoco*Aux{EVrF zwIk}`P+_bZ!Y(&Mw{_nvNLdu9EmSeI@>1XP!kdR)D${O$DKva@Bg&1NVTfP>{qYVK z#_BiSG*t+F!wpa|tA9E=ITbIU<>S5?1cg$?2m;vSbkt3}3v3cAY`1JqHlp6D5kU7$ zv@V6c37H4=u`zp+$I|j4pSm>&UZGzvg=l!08q$cC4OPnxYj-^wG$%`ydfB8=1!l1+ z_6+UXhr#9fB<8Dk@7#68ZVU$zppwzbp#vDu=R&VEu+N2c4BGAtM$yu9&xJMgmCZ4u zUI`1n2faatM!5_rxNKdh*oST{llplm8l<$USFXdbNUTI#8+xUJS0pomMTNf2)YE2C z3xNgs3WgZOE6ZNhu%YQwP^MZKg9Kq6X2CbdOw1y%tKDq=KZjFYmM zWZnp|!|u3=qtPmvPjoGb24<}hEg3?+VI?SFRKL%Z?qVG)Gp0zW0gEy8 ziB**63=@(NHeG-z0f#oV% zAvIQ3GubYqoA#JZi+ESvop8N_Xviu~3rft#x;yITc-_WSc6TJ|;5DwXJ&uhd%|vW~ zGhz_%bj{rr_0&ArKTY9G8z4MTC}HAFNTQW;l1#|`%n&nBY>><1wh^UXgYuFL0hS*u zDAz@zLX5%!MiYhzw6>nPz`O*haL_K3b)OKomxne65*e}WlFeZ%;U>Zq3St$&jLA&O zW>E5No^nVSf{2A3Bf5yC9H8ayXbtB)=-Xu5G|7TrFIG_dCgd{!gnF5Itfqbp+!7{+ zLL6VM5|deMZHlIJxGmaHst2K0m6i|`iU!SU(ei8jI&SO0w_?=L3D-DakMknfu>PqY zH$cp}qfrlY$JFG(;QKf-hWzLi;{6LI)d`Dz)O}WY_^j&iSuX;Z6TD$fMFV34Q=KS;)e6$|T%!VRq*SD=>JIRN%fvOF!`d=2uZ;tzw6=PbrDuPDL zLEk9KGbSKXA;tyK@}ZCrfM_Kd6716rOv5i(gmy%|WazTQXiQ6U8I8+xy$WC*iZ+XC zX&n|k!KF&82bvUjiPLyf0Gd!M87kotNKeSbtB18Zt@f?>QCJ*SHLToNf-z5%AcZo- z8bOn=?Ca8@oa7j{MoxLKAR&R6uB;bJJk0{K^(CxT7(F|rKne1eeu|fbrPsZL(yvE)Qas*3#490Md;xF=?}9**;5XJ8*?}a{ zhJi*8*@2|hX*$P(CgZdbDe$6%Tqh+|HSR*g2bJgVO){CsvP9IhML6-f`}gk6jqbc+ zckWMiU$OJ@y_fFXwd?BL`}SRek*rFI{SBa*QH9;?-8s5v|IR%qvUl&L6?@3@$B}(C z0l7&+-F1eDBo)B#&8A&80@_{1`%GjAhLE#iJvCa1b+nEdHpC3nE6T^y+MtMG(+fM` znF8=Bva)DpY~a!(Rz_MbNUhV)S9x?rTt-w zOfwh&3j<(5#&$^b5d(9hAf;x!WHnqPk{DIRh?z{OyXbinAj0~3XeIG|?_dDCSrupJ zW!&jqa>5C+8NAe_(LgL7LFZur@eI04|~NFRK-Ffo3!Ur|Kq|vlgcM{ zr*&6sgY28kGMckB#mB69e!?Rt7+BVQZvw7>Ls1V5JYE6Ca9Dq|;eeq4v7Wcf#ukm5 z;)Y%hs~`5?xodnQV4!>x<^wag%O1A@Nz8^ZvV;arKk-+#I~|=wgsL%tRZ3Vtxgikp zu+jj2W8B&9nAbW=ooB(=tf$gn)PIE?luY0d7g`EPOsH4%FWkSjK06~*oDp>{b3}shK7GaR6>)dDOUw+1Ue-3oQ zsjhht$^zDime*Zu_M&x6rVVwnGV)?6dBr=Hrp2;%5^EoTav0Kzy}DGe%LRA_7)63L z)VG$v6;`bl@?fbTP}PJv1sg9@-fdAAunsm&)LIUCV`v?w1%S;iS`aGa$mk(JY`X*! zuw%q}i#-<5et!(*$OYm9vGj$OkKtEfHxs6j(@HRaxp!upO0}9mPct{dYdEd7ck79I zwEmq=3GM0|q)b@#>*HvpH-VkNG{9~`V}l^CCdk_ygTirGN!$zT zFg_}#WmalfncXs=BGzmyJ&Ig5572I&*7j(H>E3&{*!{-zO)9T&e8?FU%cV-H+AbD%zpD1`8&x8g19%i@YxQtF@P~`GJ8aqH zcWy+fDhS${z%Cs^XF`kskHU+%>1Y!tRq4I@t$sli>=E6uuhZH>+c$ZU+je>LwT(Ptc>Vxt)T2s9XUc*}I)-hsgDwb62@eW+ zb5t#q84eyB%3{p0c_x?G*%Phckpt8uv&1esI86Y9e9WyU$rRhQ;PPSTuIM67(kIGP za`~D50l3+P6P4^{BYH+2Yq25*^%8cN!hPB&QzTZ}A_<&dMtEC-Mm_Nt;uT?< zaGhh;qU}ygLJ6L6S0rtaNm60LQ#i6cT9hwq-%}$!;B%z6)Wxo@0if^P+U53M@i4CTt?>4q4>Y)}1o=S28_z7?Tr8;DGJd zSZ4e*lpcnPXQ9oHLgkZC?%L}UZ@cwIh~y2{8~Oew>&UKUWC65Yn99_$jbW%`=_e^+Pa(Xe-q!|V%;sf`_}C;^tVaq zZPwc*@g3IR#X;wD7-i1qX}3l!-(}q^^ZfnDG8z1bMD+J5<9oN1sP&$a6J*Z!TJKAB zB;`G4?)S$H{Xl&Gp!ERLKV*HF&GA9&ANl?f>!Wm+ZgQ4ov=@5n;IVbC<)L#9^C$a} zVkbE9PyD33+a`@=P>c0(F(m(4+&&?0_gL@bu71+`6yN{F`ZVAF)%u@&|E%>nzJK2O z0^k3a^+mpa=@8%kP29e0J;c%Xi|ALTIrdc%dsy7QW__Kh--u_;e-{n-rnr4eWcuIY z_J73f5$oGr)T?7kf1%+2CLev*~Sh-qsPa@OI(vGoXuyc>wVQPMY2 zY_p7=NU@V->=cTTtB*OHO0m;qEJv}^<5)BxI*D;1_8B*e-km|2w#p)BQtT`lJDXzX z$k;ZDZI`igDR!QWJq3Z0CESKQ1yAMR5CvCoa2P?+=kpPAo{9_8FF;^Bhn|j5;y+`` z4p2myXC$F#BII0%3+H$?0zzV!$Pmup02g5w%?}&ogC#MnoIj<~m&($YQEZot?WWjs zWo!=uqVDGr{c=fvJ_4e~ktD}n%5eo2HApiVh6GX_-hb%UXDUWCnZY_4HXu&i(Cd9?bE?z-(+=2_w53fXk7ZB$!WGGr4`((80q7}=z zRq}FPg^+U_E=<3jVuxgGnqr6P63+^MN#Q6(xP!v4P7&^;@R1bZzayN?8?T{+yHcqQ z3cof*cpZiRDn)obh2M}Oyph6hN)g_Sa8koxrz3YGl8p1ep%fPBTM%;IiVMg7mIBvt z@NG=v;M-O39SDwy3I6X8bnc-`ERc6nnphs*g`ikf@1+cXpUQO~!i*%GcPF9uB%${r zB-p0-w4P?MB&BmSB^$(CMyk5)G5l1>zhI5-f&YqCBFEre;K@TFLUK};4mpyk14icOT zwaaBRs9`3dvoJfQ|*#SX2 zg=mAa*CZ-I-%RuklAefFByOU_wK7qNN~CO|lmVq0LET8y^{v7YX{T{ot6)Uh>6Au~ zjD*q!aRU*1*dhdBJrPcuL#-m)NtA6}i_S#SsYt@HS*Zb12K!o}2^P9@CNelAXy+`t zkYt^+=|UoP&Y=ql(%D8A5}mW1E+i-CT)L24ob%{HvT&Y47wWl_rwjGd8KMhy&Kaf) z^~yP)F4S=6sdS-sI#0s|Bi4Eb*~wr$0L25#V5rm>Sr%<>C0aP-4UaP(TQ7+=wI<@3 zEL$(qgwCh}uvoTywArvck-I)r5nMFS|n5UwyuPdZ3wA0?;_q=z8m@=CE_^`5XviM!dhuo7=QJ9& zhr53J1`(s7d$`N_iHOngJ>2#9ML*!2G=vX#{VozQ8pema)_+>WXeb}?;jX7Yz_B_VtEWRlI3q^~;-gh`s8XDTpjiBD24{*wydERY^}=+Kw2Vgg zU5!`al@>8&(K?#LAxYs^k8kw6$;SC?XeQv9FFHpYrDXFChIe~~lI`QE5Nrm|%Qe!pb<#O&|+6&P^b*JI+lYTR+ZCpaFKAn?R%b zI5&Z&lH=S2n!k>76KK*r&P|}1`Zza%mWSiq1X`1ha}#JGJkCv^)%W-|0hlH};!til z2AboPacN%1Po8TXZ>Yt#T|T)Yw#z4%t#BTu7l3t1w$?! zydx(MKYW#rqo~I>4#p=?;C1RQS$KyHM^tIg@Ndli8hX0~F!*S`l2f9@B_mcwBS>?8h6@_#d>eOiJA4;+l>5H8 z{ZQN<6}O-8t?oRAyR4pF5_4C76dzH#1^*A+7SaNCh0NW8PG1L4H?M2?!kWkanYo+S z>>5i~zJ7s~vrB01%4hoE(hWF$feoOk)tS2ivpDTtCq2J# zY|wlzrb=&tHPf=&ru!-Pa=PZ1EwE-<$lKK1){mWT&-4P@!~W#Cb#PRNdAbd+TUZ3aHok`INWK56b^TqrG&$sCJW(kr*SJB z?lgFW!<{TxINZsigu|UQEFA76Tj6l09@g=~eA?|OAjqm>oqm1>zEC)-C2(n3`5CM9 zP!2vXJ4?20$J@KnFi^5~#E9iXBv}SMA0WxO3B|%Bp9` z^sA_UfinHFE{lIaL7~|%GK)nQe&5x2XA|!PiWgYZVt)b^W+V3gt@NU3Qt1qVKdvh+ zWyHVJWs$kSdv~h$1k>U^bwyUa*1cJmMdrdjBS0&$qNZ)H^(1W@xl1tT`^@4PZfd%B;`b?B{G3SBn%1*&aX{V-sYN|o z4O!ug8FVFTT_D6;rprRv{|U@u(I=TzyZ8hS{UA!Ste=vZtoyc#Q$M248RFiqD=THL zXX~=aT-2S0D zbzNC1b$nHqMds>gyIKEZW@?z{X8j3W*(vcquFIlT{2DuLwOJP%1`QUf72na_w!|Ag zKK^m+Hhc>?O7e`Z#o5?HZgDZEtHRWigc ztB*#@>37obF4IcOF5}f3g!^j9MXecP7%XVb z*t_snh{u~2$-rZ`a?O6q@C)e3Vm!m94z*jCKC3G<1${olEM{Goj{VV# z$Fh>&Jda-dc;Pbrp)LyrVFZYt4enh8Z1;RKBbEzVs8$= zuyX7$@!T)JJhVubMV)Ggi@&660m_KJz$~6bxcJvu$#0&x_!kS8>0`Pq)R6eGP|LBy z#T$AS2N%yU+qSrPEoxpME?%w6B6ESyhKn!EOx$zh;vKq@QZvTWbXjCB><)18OEQyx z$GG@~y7E*i*{{nYbCt{+7r#6+g>;CEU#crhrH)Bm7MZJ~EiQg*W@?xxF1}k=c1rwj z(q+*qehpBoaIpYZ8Z1;RKC6o(VqDDcQ6D>8Jdby>zp+T>MLlZ=jvv-F17%4MF^eY= zIDR}U`OOm?|8C(j{k1L&H7D8$i7t!GRWfgId~0S3=@1;>qAN?K zj+g7Q$Xp$5!SOwrsbQYr`0cu~Q{sQCE{j(2Yam+%js>vNV4+&^C0!g5gJb@ApJNA( z+x=9~Ba38P)U9^N_*=R*pv>qS%;HIejQ^OG{N{;_pIEp|AJ=7}2F34$T8&<{iFUO7m8DY0t-35SS4Uf9d|zg2m?tv6S66mQ{P*axXcfN( ztX0TZ04og^sud6G;)oa-^RG@GJ7hf9FIfIyk?e}P)D9JYS6BbagdSlQPa;&jyl-*f z*$ny36BRE({R;$Xf7Dfr8W2wiwH!NCd`@O!Z+FP}%!Ld5bX^vi3w$OWm1 z>!Oae!^V&5T7fd8A25q25jO7aUmR>aLw@tb#$Bj?f!KJtE(oQYFhuHWoU0Eu19MNTwxjNcn;|DWS!#uI^1G=(P;=f;)MXUHV zfUUyD0$6FVP_6i`F1(AeF@K}y7-HkrU!dX71E+uX=U0nlUDUC5*!btVR-g>&r_AC> zgpCIW76%*8kl#G9aX;!`AU5vRWub;e7qd8q*!Y6X#NG}YpRX$|WyE=17MTltHf;QY z%)~u6Hr}TzDJATybXjCB><+N;RA%z;7#knZm8Vikpvxk2mCPF(zd197bcl`LpeswI zj@Rk3$Xp$5vGK<;Q^P#5@ke!Kr^NrDE{j(2YXDn?jRmmMV4+&^s4l#Vu`z!-vSVzl z>vx;wE0n)qB#WZXw8O){)z!Q*o?q#*P-^?RE{j-g{N2rt)u#O`rn7v*^NiJtgTtve z?eumU>RKS?KABlOiS{u&vy$ID_c50&T&5T6vQT5;LZOypcmAcEnb_OyV+>tssmbRC zT^5-Oe71ee?U{*t?tRRyx{^}DzD1Ws=ECk^A9HVJ^6z*bbC0e(l}g^O%OZ1?%zGd6 zh0GMv;XdZGy0TR2_>3-#%+=9$AM?x1)G*I|%+GXXr^NpgT^6n4*Vu%peT)EB8Z1;R zPSov442b!2@W&1icl2rbZG(#glc|sGVDee0Yk@HN3}*2pg2{WblHWXG@~(x;bf+#0 zH9{^CYB_c=*~v`o?O^h_uC&y|Sk`5cxxicnVc)LHB6DGP0F&RF znfyD3$@l5XQ>o-$T^5~t}K;0zM#t@b9J2@TB$)^HB&Wh}2JxZYMH(qzps8q}_A9$5|i0|~y zI0-YfW^te~^{X8;J`Z&*5E^e|7PAWQ*ng(wimc=}PiXx7h0Ao0E(&tH2y|r3h59UKddWDrH+SmS!Aw`w$S(wnWv8C_qa#cC zV~0qiZ%W`szn+U5{Ztrk^ph00(c5>p(LrO}=zI#e&~XRE$eoKDLD!M4dNe@Q2WClp z9W!X$+z_NOdpt!NjK8H?h`*{y`M5p!_~{~j+cSs;`E#L#&@1?6v2It&s6=qT6L;$U z5&ndziqW@3Rg69=s$%qYQ5B=ljH(!YZ&bzT!=oxjUm#U6`V^^((Kks|j6P1PV)T_# z6{F9UCb4?dPv0j+&q|?hnnB~vMzltLj+t_jgDe7w{(swm>T4IRQ)XYJr>Go5ETT2m-l(3Nkxh2m6! zbHj$#H&G=UGOmK*dTx>mQPhi3msfPmQb<;1J!9mAdel?040qfN%#i!v6-Sfw?vfpf zMnXzd1SMh$n{dC3!IZ{`QjeCEYBgf!>|KjZ+exi5tkn`JI-|(ZEJ5dLkVc(-bd7pg zT37m4)*zyR(5%)fMrd9Iu~h?5`XptiKaRMwpNqbLuPjC9T7;*g9wmh98&N;Y<+50m zjq4#6=Z8>UED`I{xTDTZPy}^@rikksJVoF}Qv_}_NN}UihvG(41a34%;6_sfZZt*U zMpFcCG)3S>Qv_}_Mc_tL1a34%pdIySsY4>%=G=gGLxo*cuUxOdjHR}gSB=n0=jgYL zpkUruXBCOE)ZA%q?KC%bn%g?fO`YbJPIE)2xt-J8%xP}rG&gdZ+c?cloaPoza|5UA zY%x|7l?s3!QZ}&Ew zw}7v;BkGTBr{a~2iix3IxW+f!07igObCvH+PKi%WTQ82fP}uYh4B8c!(-*lLw>OHn zH}Dx_uPk_?1ylJXX6Wcy|n(~~UUOpBUdsz#Y!BaA;yElZ>+ zQF^zB+^5(WzRaK1N8d{iFuuhUC>gY5qHmk0GevDSHK=Aw#V+~=eJ?y`xMkE*Hgkb% z*J@_cFO?;aEU2Sw=94VZoFE+)tTQJ=(|3(Z4l|yK*|?MlJV}B|lceaVFcXXh)Th0L z>IsCTsY30o*-&y#)7Q>LVVaj(5=8ltJTu1hyf;SH#`I{AXMuE9lyCkR zHP5GtCS={5h3c%?<-BPac>)?jQT&OrCb}rwM3RGhmXDh71Rl*y6r5(#CA*{j3^XqT zQA>(o)IyY8T7NQ+myjq$6{S-IS@P&VE5eIUG$T!LnL$o?9rZO#Uc#dFt!Xi@R#?CX3*5WYqPno*sv3&J-O!nXwBk%aJVLHHgK2o*Zt7la=rghvJ8r$ivY=sYF} zzaRol2hJ}A;WtDe5b69@5PnYtf|JhUg75?p2v|CQ5QP6E0zpjYgmo;jWw`MmaFz=~ z7ZLb1kZwU(l@R&_VKouRFr7g`SVsgtakX9$HW7ib^&DFDL3=VG0q?b3eNzHygb3I%A~<~V2+ zZ5`R*xc@9B7B6dob;CMkVXz|DDp-pw4;DR}4gvfl(J8yVLdo_^6|*po9VqR;%+f^F z@F#|X1LF;tw4Fh%C#hO}vs}O;Y&vSAh`q@A3}1 z70)P>paLPCXszel<2GPUfu&lg`!@6&_0XQH5O15KRlqp~UNt8P`(raI5Hq|Nz~F_@ z4#n;z+SHstwUb83MxqVPX;q_E!w#BKwlt?OyFw~`b8|WXK&r}?!lFgW^%HGuE{u(F vI8_rZnwgX|c8v{);0yaIlniK>yO5^Z?g3Qe`BU75bP91PLpCbCUL5)_>d>)> literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/.doctrees/index.doctree b/ia-terms-updates/it/.doctrees/index.doctree new file mode 100644 index 0000000000000000000000000000000000000000..045fbab8e63ef578f01b257e71c5cf5ead46ce54 GIT binary patch literal 36616 zcmcg#4R9P+eUD>Hw&agkCU!m?Czm*}9VdGy>%&f*Peqaw#g1$wB>|`5yt-Ry_k4GI z+1-<@l9T`gTwqJ4uO8BTJe4?in;Tew8YO0 zTqqTf>lKlpZmDRJE@>-Ly=rbY#ASM;E)U9kyr22w0P^09Eo;Ab&6Z?Zdz8@b7w1 z)xV@_C6U@nmDT0_@{LvbCV5ysC?AqpyKMCFyM8|I?X_%+%9fmM6pJ8i&_e@_<95}}OGn1*=Eka~)Xl^3 zkx^k{Ij`hJORLQdhwJj2bYk@(2w=u$b}&p3^4U-+u=0jWp<4D@-c}Bpl+P9=!;m!L zLWmG-Da^WZzN-!Q(dES=ew!aaDD?+hP~TX2UCusLmqq!_F4eM4_4ZJzS3{}ZPJW_^ z>Nk_ZuZmh(DK87~Mmp48Pz;#1R4KyiK=l`@hM}aEi%JUKr&Li=FbqQ~!$G8!a_Why zq#I(&@jl|O!)-_@T`jAryod+zWM0yAdaER*%4!+^$dr{8#c>61T)!Gz_wx2I_hRm9 zMjq}hhC<2H!pM{0H9Ybrip7*6ODXAsSgI5yoyim7Z}UW+AuGB^9eLaoI+0XK63a%) zP*aP{nBXub4cdx4WX>jAaNQ;9eesAwXB(FSs(Aiw+KqMnX@9}%CS9zn2ZIZz4pF5K+Nrnh-DRv5! zQSP6Ya*TW|eI)2{%*%l|N00@r0;{zu@xgcR@7F4BBRql07tMP*BcZuL4jWgsWFs43 z~tC9i?v=kIoiO<)h;JKrNMv zUznKis90THO^eI0gk^Olt-u%*bhR0b*u-kl$Sf)FAQ?Cp75S>RmbEg9#pUI!JKoHS zRYO)a4Dcj9JDjfMml}xbD=rJ7=;OrA@Zdl0sK@#=$RTHMOLBsyWLrY^NP5KMDxS{> zYAyT#@qM}DkCvAs4&M;ZfMEI7IKPE~0^vJ?`Ml z@ucHIuxD|faQa!RDFId{oKZ51QqxOZJHfU*68-pB6kH)Z>QAppJ6AEL4 z?k6+`p$0i@+}tr6W4*F57K4qkHf+%S#Ml^f**M&ijaD9{=Wn@V>E^FF*FX3?Nbq~k zeZprijbC&ToA7ZG{S`xHB&a3cSIn&~*;t~H z$Mnq9#Jp!DQdJX*(uFkssudA`GDT@wEDF}zgprw^%`CiOA#)FAeDA_PS~k6DbmH`b z=~LPC$nX(-OpYH*4#J$52Bnbzo*%!nCD2-382`RHbrGTdU9#LNin;2$g<%PV7kp>B-8XbT~S^}g!1+Y?|^NOvu!RmAcTRx1chD{%V^)INZ z-%r^;J(v&l2-B&UmIr15I}Zf6B4J6x=9g7fJKw;?0DEmg)RugL z4`h10%sIRy*cykSQ9nb4jh9|>Ndq&#M$DYXvggdy*dvoO9yP7zHpYY%NmG^-aj_@~ zIqVT2u81^UuZrNF7f6qchAof|T4j!{~B@X_JrcvQF=65C=epC8o@hmi4hgjf?U zwuYSPP(gUBSQ&!>cz>N$V`Ml?H3l5jsQ9P|WO{6z=twbIx4>cGXgdbDYnY!oeP$)b zr!z)=We6Vw+2Rr#1y;vbMhJQs?tWcSD=YqwWiQ7=-1hUhU8N4xW9^{w*v8U+;gLyC z*ew;$Hg99;=_R#VMk}Dg8NW6O5*`=J%M$Mu$*hc|htrMrz0>~!J?{e^cF)7_P9k>K z3}h$t3iU0BT1miuO|clJ#hd8151I4ZLvzF-HGUNig5xa_ z%n*XP6O*ai$Hs2=P_$H-#*Yt6Ve=KW(x9hXw56Oth59g29#@1s57!+Iu5K!I5Z=)e z;Rqo-J@N3u13u3~dm*TSQl55S@TV1iX7KOmF*G?iDC=jC0SDvecrXq)Fxr&uwD``J zEq;Pqd}ex<#}mQ>6Ep3*3=9YaSy`3^Y)P(aJcytTd-$TprmIDzh^;e1MN?^)iQqbm zRvvYS)03b~QSo;t&38Nk+>Iv9`pH|udTgS@+g&YrLY0Ubm_fr;^6qZ)SL;(IM{%f7GY;t)KA7d(hFImPQc2eGXH1 zw`6L{wF%*o5rG_-FdR8;8Sr7lV_^<#r^SQg=!X3>lwtQg>?p0(*1^zv9enq+#CH$l zo0;R)NF^)`&tsJ5}_xhwbX>ifsaCI zMJhs|S{mQ&8ccz|^(&gPBIefkTOJz$FfnVaWtsZ^_HfPdWJ>4X*FOn~tDjRO=v|YKib|gwP@%%F!jfOg<-8Dpn~pbq~5S)-Q!@n1#6vZZ-B+n^#A3f{s&So=5Rz zc{s23<7_C=Y1{)X8^^N&I1w@_V2RIj7|o-B;Gk&Cn=bY~Us{aCw(zzhSbz_SKhJ~W zuJZI&y@PtDCF-*zlKC?;Q<=$`Y2h?a^9hsoxN;t6U@+C2v!?GnPH2`~5!3d3wW4AI z1V>+TiX<>VKJ3}Fuyw$DD99k4wDD^3QNwR!xY#ytc*MEm@tAFN7<#aQp#gKVy+zP> zR#NV#kLyD?p4x}=97V}@%SsxZ0nl1swQNI7E+04q%38F^3PZu)~Grt(4aWJbpMw~SWBhl7@(g$pcv;qO^EX*UwcE8eyC z^LzE2TEUS^2@7X9ez>gSkJY=&_HyBn8TpLcF0g3_(&hEz(4IZQ(2nHe>8&RuFf zmrV}}shP4pvf(9Eep##PhW&9wFKH6>DArtG3d84=RK#Me{oAe#PR3AjN(F~fbt)B| z7C$;YF@e*o7>1{Gd|=@4Fy~^lZ3R9^>5}_=2G7!g*N3J~r6%t?J(sf1^V_94ch6Z1 zAm_5a+qN^GSBo5xAhj&PfkI9EYr|BG{oG6$pW|2!^?#LGZNz9+DpDKHVJ$vT#f-gz zO8iiVOl=L)YIV=FPHXY%U%P1k)|v2^Dmr=qwY*jWZvi1%D_-_Xc6%r$M76>MV_pW+ z&vZ(dRzVcKpgUQtxR-pl&9QEj zkF7D#ITXGKBeA;iA@g9>n2@g+FBzgP{z#n*jWc+~!w(#}y2?=3tkDU8;o_sTqBy z?_TI3dV6GJZsI5#g>TSX7YjRKjnu(^m45EwMwwe65Vg4CY4YzExCu4o!zMZ z(L%6)-Hmd;fa0TCMNRme)r8ORqlM4okJ}B;uY=u(2=rBIfi=2Vml|F7`h8T?ZpalR zaSurRS7xSlP?0ty3LUw*5PE*$(bHjBF7RJ=4EzcJ|9Nk~_c}f>#9xQNeBCBj3nJfi zLG8v1ok8djon~w_}bF>_r

D%G><$9tnGXp_& z?6-zGjxKJ*z{jVERjRVj@}b7~<>McmSPkt&FbGjlct1*vYEK)%jC4MD4w21^1lE?#O|eS!Q`i06z?Ixkbr7(aUVqR4QB^AGga#lo?maHu7%gk!a`6X76YLgA|@F{(YC z3a9-?N{Dd&i@@5#In*eeRwa7!`4L`kln;7V-UsLjr{Bu(N#-Y1E%mJYWIc)oM=Zaj zS1uN&f?}Ztv=WQexK6}^&<%wjpv0*5v=PezX9N=c85kmpEBh=_pj(Msh})@Njdwfi zR1uePsAA2Ki~A0GX;(L!n<(O8L8Ue{Du2`dFIX;nqj8-4D4?~+&09r zv_@miH(cf(iNTyb8$ORmt=VvAD)~n23LQZBPMXBSPEX(WywyJW62!Swa|VJeHs5p3 zur+>B%X`c|o+?MMO<>S4YesQFXU(0ut_WBGr3q>dtW|$!eb(I0;V`jr1N+`^{E4#q zuoQ?H61v<*>noBd3N+2dIYUlP3G?zoZc)`Zdxw*4?<=R5FI(k>2m!MLJa@$p?zJ-& zd!ov}FK_}b3WFaBt&Z_j(-o(#8_U`5Qp@g zb;;bOlyk)@fk#X!BB-zm`4rYDc{3$XQSuf_-b%^aDR~Da@1o=xO5Q`sZ&LCsCBKD4 zGPjh(3wfzx$n}$#BHXEH9YC5jH!T;{#riX5zpUhOb^%x0?IySxTguhaB2JRv7|A8( zAg}b`gj#V8&kiD(s3%Rb5Cye)7J^gig(c)PdLHvKTY-dCER$eA3YNKifkmmHJQakG z0s6y>HMV-rRu?^kHFvU33F?w_#L%~1X5I4}j=ST8D!7xZ(wpw}8V&vT)sRMKIk-b`6a=FOZ3m%u_=XN89JnuhfyuW5}Y=Ej$0rp(K6 z;;^h2xsEKB*$@;}x1!$m87lBt(zKsp;Z{M5yusXo9Y7Q_H*1Hhg}pgB9Flg{+=4k| z1M}2~13UzKgBc;N?~=yuDUYzQkBCLYpLCsr*{@cOO4X>(@)F#vIbcl}!&G3812AIR ztyQYv$5yLOOoo=v88h_0nlA@`zuI1#Ea5tYwoB z`r#9o6yj$<$wO7){Vvqyesc%5>#12U%e+*9c5TmBOO>pvfgqJLcoPjakIbN!HF1`%Tu6oRM8oIF=ukmBpbYI^6{zb}KhKmSGv%HsC>Q zW*h>^xgC{B49dRSCSicx=P z=RtEvMXF@o8Fs?6jdEyjW0q{gywch0fowfpSwpPBGH)TNo4e^rZUCOd-Xgdy7#zi| zmMX$c!(*Uy2R6$$6i+!`@$QCr>Tp}1WUfP<#YGqq!YtQMZZY>kElXL~I$Z!+D|GfV z==|5P5#U0Ww!346OXjfGDrx>U9hL z-5<0OJ(&XgFtS#3R*o}1)EM@g9k_f#zEwVp$j+;>EI%v1UH*vtzN)z^@T?WL9D%zz z*0y{i5OG>QYX;*W%d4S5cjafBvuPvCN2=8HC9e+OQO?Kfyp|)vDOqRvkU^8HqRA&< z@r!1-5Q<&pO)Px+5t%f*BANqEW(8(bpl^CAN8vMJ$e>S2v1;~{hrod8DU2nl4c7G` z`IGVs@|WZ<$}h=Zm%l0ho&1XY&+-rDAIPuCKPzn6fT2(yCA%rvMad16Tt`WUl3OXc zlakvhnW5waC67=tPf3oFbCgslDN*tiCBII|yD51WB_E)qPRYk9`4}airR39;e1(!P zQ}Qw;e@V%=Dft#9uTt_oN`6eqk0|*SCBL9#JHCkvgOprN$rY3wq~u0Q#wa;L$pj^L zQ!-1*NlG50?b zjRjj{q1ITSH5O)#1zBSu)>wcw7G8}7S7V{oSYS04R*eN!VGg6JBGoYfN;FNv<)$H72*l#MYS98WUP$GHXm^jY+IA zfzL2`&s62Bh^`mp--nTW7DnLv+RFah9&wJeKK-&BLH8HjlT`6`RL<>59$ccj$`E<9WJb^Y{W? zv3a~mS8N`CLsx7b-=QlukN==6Hjkgs6`RK<(l<7bA-ZDoxR$QiJZ_;YHjmrrip^u1 zuGl>0=!(rFOIK_jMY>}1SfeX8k9X1)o5yo>#pdx*x?=PA6kV}-e2K2uJYJ$JHji)8 z6`RK^bj9ZJL%L$~c#W>uJhqS(uzBpJD>jcCT=U4#6`Kc5DX@9)CsWnj?(cTlS8mVY zV}!;i)YV%#G{AD6vpO7qj`bYIFX*OAi)zvB$@$UC8#3Le2LdGyIJNRiy8`87oU9o% zFyGx+mVF1`n;8D(FbzSSq`5VREk@`ffdRw+&69TibMON1sLx>>gFP`A5!nIrtqR>y zpg)`TEbg$j>Nwf%*NWU{O>+chwCtIWA@l46D4WMr1X{6#jr2)wAoQkh`eRP<;rkem zHhx|EKc&q+`%`6uxrsa`{#zY0vnNjDBhCK0<1s9K55JyED$LqR9#wo<3q3g_{Li%dS`{5Mpt>;m8MP<$NT z-5(&kIc(i2ijSu#&q`;=u4eZfquxI0geKaYs*RK;; zga?lXYs3fpL{eaH=mPAW%^fQrgTgq%4dBU9zoX&4H$L3=Bn5Z>I>K$^q@Irt_YabS zOaHOHPKW)s#gJ|rt9>y()IUoK>P=lhjWLE25PUjXjlUBg>^~+2_COb4<5(?6+Kz_% zllXA|J1MvayMP-{wry;7=a$%`sO@+(kx|s4bptyZE!o5I!5&Ns?9J;2b}Sm~RD7@# zNr64w1=x62+xBzdP4VGAmK5Aux_}$cYTJyEFT@91O$zL-U4RXlpx`K~(VF|d_~@QZ z3Z2jex|^HF5eRA>jqQ{1vAvKKwscb1jA(3s5g*&vlERir3Y!#-?O)7>9N?*d%98637Eaiq~`fQ#_~W|IPVM;8EZZ3f8E z=h}R0JQ*L}T2k=t>;m3c2s~$_4@V%4mf~;6hxuGmFz@ODX4t?ROWU$wZTPIiHFq#36bY|{#=84dDOe2_Cqft>0BWXPD^4VoE^a49~*Tv7<9 zyFeJ?ZYjKFG`OeZgL^6|a3_)hN3kfQ!F?z`xDO-+?*1;og>3(_!%{}$`+R(SpG^wi z16|+?`3~V#Ohl`U2Kd+U0lu6Rz?m)po@(}>6p^xhe936|{~jOyt4YCs(1S0TTip$x ue5_)teVP%+IF{)s4xLxiGl95`hi36VI#`NB33)o8WFO?AV~6;!Vf`NmlS`NY literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/.doctrees/issuance.doctree b/ia-terms-updates/it/.doctrees/issuance.doctree new file mode 100644 index 0000000000000000000000000000000000000000..66a9420523ce85dbcc2787d546608450da76ba39 GIT binary patch literal 36527 zcmcIt3v?XUS#}~zw&b_tIB^n_jh)1fliAhNN}Q)6$&UPx9ZN}?q|RovJJQU0wY!;_ zmF%P`P1}?;3@xhZH$gE9P~jR6mE8TPeM%6^*o$!G>IUIq<#O zYu(_)X#-C`nNFwAJ)IqR={3KMf4}pl!$^|O5P3jlxR4c2mBBKgs zUEORf$ku>tn!2`7H35OD+@s|URL|OwE6Rp}NIdtJDPek{nj^SZLgY5FfL z7mpYfnV@d0=!&7}D@wg;Z7}5}`l7B5sJqo3t3T_~gkODvoqdQkG6c3Rt@TB%q|{IJRu=&J8l$>kn3@R+%Ozi0mwm9eH=RzsYC(Th3hi*@NJ=%A zivt6xRO+4uJ#*iHpsxpS{a^L+Yy0gE%lT!K2MEJpO}z$Gse3^F_4v0J|8B&;n?P0H zVp(67sjgI5UEQzVTvcyT2h{`WLG`v1eaPUBYDfmwl?!@Z7TM4zhkT#(sJE&;Kz+L{ zS3veKAFkpN|K+&D*9jlCvJU2*L(DG>|y1SKYdDc&u*qRCTRx9g2^P zGLuVrEic+YY*t&lVNaRCMV= zNFz9{FzdGSy=}N}onI{CH~RsEQhy+V`o_ZRYWDfMDyz@ARI3ivTSBQ`4W)Vu*@-5q zpCf@^mGzQVT9ROm42Zj=nNV$|QiRok=+9S8Q%fxswG^z+az#r)F-)Zd1Ci27sb{K+ zVah3CedK3hHk6c6E|pVx83~XwujmGSwXCE{=2WN}mIL{iI&TryK; zIkmuyNrEwDz!Bsf)@-sF*IlCC9FHh;wxLqC(??Xl)o053lH&E;u&|ThEPHxpN;*0{ zMO}wkF^*(1<%&|$^68RdW{ir0F3XOP78M8&gr!`PhO&dw$lN)L6-CiwAL=f2j6|aU$3~8@ET10E$jZZk#FzDpSv#UwTw2Py0ytncs3&_ zxyYb_4Odkp!%?>(Y1l`O`+mRko+^=?Dp6*FjT_d;#z=aoJ2sF(TQ)|dp_Xh=9&S(2 zt>RE-f{ndvV?%(0?Xlpj863MYanF%(2V$E!HsVSo|G-b54rhttEHH9)0 zY}~kJHpaS@jj^_xGAfO=(iE^k?>!saWfwf=vXNRd8;84Pqp|aKt)y#3N2SAU*r4}` zvEg;NH?5J4v2N`KGH5FsV{PmP<&hX0l$p?!eUWUO3k=Vk9#$GlcipRS77dK-b_Zv| zl8#Bip2bZe`dPaw0ahl&sHBsw->#P6Wq${}bZJqk0*#{&7qzQ5#EXCY;id@i611yb z^Ws_7nv zo{qP%Ae2X97KAbrnsRF-8{rlN-zLCE6Calx#%K&SM%%DK?-OHV)MevPBpXo{r0codc)EEu=h_FK1qsgQ+!Q{2 zX`In@X+ivRy4xdpiLxMF&SJ(f1L3_*cj?sC2_Gk|XEBsVf>PqmV(y4!W06K4(=$^O zbDokYRb4777t;7!uE_Y4DJn~HQL^_Y%*^y`X8slPnftNgdoTXcw&^V+6Q_@-PiE7@ zgF~21j*X`Whth+C<0JHUdiGcYHN6Tpx(uJjxDlR;JSheom!mqum`IVtoF!t8KjvFM zq{U`a$NsURr!~b~Oqcbg4EAO+v}~Tq>++&0QM^_`Q_fEh z=0jb=^vV@rha*pK5_p_OnWPQ=s(t${ih_ix-1ZyKG8HuFi zl|;#DY;ev@jXpX#<8czTiZLp!D7v<&$qPkA%HcEskwk16MpY&*Xe)GRBy1~mz|M1Y zC8zo52*!GRoD_T{QWL?%Xe1L)5fgJ$((%VSx8a6TqF6bU{CRzgP)%WkkR3=f70L%$G) zijRXpq({TiHHkuW4FvSVkkyz}^`Nc8;|A3>{5$WODjK4rkwlKnWY4UMyEjs0D;J_4L5TBk-7Ro+Qm8<9cO=4LLU?-Ok@<&wCWlToPz9Adou%N35`Jdz@9;RP z92{cxG01>rabr9fw+a|-@)k9|C$h%RaE;GQ&+?c-dT3&%eJ6oVUsAOtRl)(|s?Gxi zI(~=wF^*6zXhj@^kt%wb&WuQ|v4}FITSec2JY~(_fi%DI2yl;$G|ML+@anRPg137k zdE=!5ZfR+5eq#QSIcZ{UZu;!}%<0(}l5Jbzyn>^=xw7OKV)V0BgE&=m?r<}M!;J=c zcX(2t*hi=E$U82iCsGOG*H18YUnEmgu1-jg4ohUfq`{VpkO3PuI2vZaw%a@iLpSJO zZw!0qVMlIJ2LVIN75MIt#CJdAo0;(#i<69tTMkZKW#8ZMx;$CD_TxTP12>2P{t}y zKjzClBhO>tJb%Y`92y22o9$PU{m$FKa^h1W-lM^_J@`^IRE%N;!l_7vuO);w`4El{ z;brnUxl*xnp@n$Rm9c-JX^+?%L(;CwhI#}mMBs}U!lWQyRP+XN`rR*mG7^aNXfZ;h zqdhHMR#%WZ9Z9M}q@FrG`hQ5Aa=*@n?w77J%3 zEhlHOAJTm4cl~lX?_U!Vzdg3x&5X-Y8NtfYNLJVaotc{T-3o|Vk;9pj0amb7XqY-~ ztzZ<~ND|n|m-1o!P`pp1);qsFeiR{1m$zDisbi5$;oeXx``E~&G4^yTLiA=)1A0_R*riL0ppU#jTQ} z;(O)Ql5^n2gB=Z#;)+$_bkDkVVYjRVbYLu;LK<~<;W+)lB~|r6;TS#Qsw>y7AD4~g zC0(wlfl562m@1no+$qycT#%woB2*#}=~f~eqY~$+NVnvTzWP)b3Qyssd-Lg9rw}f@ zYT%|7?!Dp8u3L-f1a6I%*IXmq9(5UNtWp1y)Ap4+w+g-(x6J3(T;}FrnKM2X9Qi2B z`r@pe#}r7VTuhzeg&4Y(BU&cxm0L3_M$H@{xrC%aA=%c*M&Fb3r>9Q4REVE$X}=Pq zw4gNLMr1)0TwPGS+ju*dY{0bEgc$<^_Ie!gHWhg57#&rutUNX&}ULZ1NPrxac{HV z+Oz=8P|R#mgE12h4b)!GwDi-PEH*)xeXq$FB0CnGfZ`SYl4@ovx|7Dm_mvpq!*gzE(cmq|nF*paHasQtay7x{CFC&+BMlo1h z+`}wn>w66yJ_my6%utbh0h^xPyC3RKaNq_r<=YK!V}Pv&4BL- zs;3`~@jligH3PEPUNZ(JJcksH!1$wFsoA~0eLFZ>aTSsV?amF2c4yy{^R$bdTE+H% ziux>ER>f^_n*KT7F<*jX4#LA?=BK zn)2WQiK@u?=1TQjJ$l*ig~Ky6y)cpb#imb!I@^Ef&}328mJh+x16di6gQ-=ywB-A) zut0zu8^ozStzN{dc3PdM&vzG|#-DbEC)lL8t57%>1D}VDCa}O=rN=V(tNNj^*vY*5`!atcJ=*tkXt)KgTjGp3x$uyz~iv= zVNTk%hP^9tvFe<^LLX-Ta%=geHP;fC2nv6`)>_7D%MZrL_5DbL3fOHKovXE;j9&f3 zl_VPsLL2NK zZb`dhloV7493n1=LIZs7)dCdIE|s4GuL&9wHge^z%2P8(4pj(c+g7>$q_&{TI%Y~K zECHjSJRHiDv`R(s#`G=IxI9TQcye0gP*aNxt))foj!{yuMQ~uSAPNn%$n`}5pLbRW zzU0F9+QUm0!cx4}AcSpO!UfETzvHaI2lKpSZ%>qg=pf)y#Ua*@cT)_8j+oz3@DEE8LBW7}hnR39$f& zWK>liB`JC))L0uHeTeyG%^aOXu-(!1-C#i}4I1B_0>bb$Lm(z+ET=M!YVwOf$cmT zCtiu6h;@~&;DARSE)B5?jw97r5I4XAk3mfmP{p77iVeYCF^oS8(j@Dd$U;5a{ZP z#_oM6uPhEZ(=-)8oLX)WYGG^HX5fLlM%)X)jw!y_;-s`)1Cf`>-E`m!<8i5OfhsoB1?*4T`M+>5N)I@ z7vX-W#QRWn>uO5L6+lXCP-3hBZ6jBfN=3S5a1@ko#fiIy>?y{}-aSj#(E7b$NQIA-7y1gML@&a5P8s;d?UHphPQlCPvpBV;6|?Z0 zN_H0Yt64joEeyzOanUwum#iM8v{J{A+uCSb6Kt?U8a23egnpP=+hH4{+tKI=l&!aV zRJ}ue0?r;+RaJeH`a1P(>YJ<9&Oln*l_|MBCHI@^(SQ?5^$9EJ8c|&h^~0yWsX3Z< z!`@bH6AVa|&6x>6>T@=hvaFl{aDVU=mN5Rt+R47=c z;CTw3rQoM2_$dm0k%Bq}@221#6nun&4^i+b3O-4}7by5V1z)G&uPOL81us$XJqrGf zf*(`xBMLTOiJ+f?JrwMw;8qIuQ!qloAO#Ola4!X?C^$~R6BIl~!4d^|3QP)~q2L7y zUQNLpDfk%*-b%qQQScrLew~7kQSjRoe1?KQq~OaGe3620Q1EvYyiCDAQ}BHX{*!_p z8f2`aU^@j{DA-HEbrc+;-~a{V6pT{9qZb~Ve2{*=kAm&!lM7oYSVv=<|D&e^^mH=? zvlN`5ph|&`plbD#obahQ^3<*(r6*Rm5qe^Edw`x;-A>UHtJ@Rw#Ok(0Ppobx zJ+ZpIKu@f0Z=@$yx3|(0tJ{0%iPi06^u+4+8G2%M`!YSTx_yJ5SlwQxCsw!b(-W&( z56Lg9+je?lb=yl%tZs+siPdeKo><+c=!w<-9 zOi!$CZ>J|#w-3-0tJ}xviPh~->50|ttMtU`_D}T0>h>LaVs-mpdSZ3kKpMpAwu_!v z-EN{MR<|@gvAWT&bm3XjAbw)SyF_uUc(mVPD;_QL*osF>54Pgbl$RBcr(acTi@%2^ zD{gJc;m`pMXJ}Ml$Iw_zq_g`be~g_D{V{s<<%M$5?esb6u7*fAb$=koeo-oav@?)D zhSa)AWB98Z^K#x`CWDb;4i{W77N}dBunxwz)UcKUm*104{9CAx`Xun5xWag`eilO? z?1*3x<+$CYg0Y~w)wpP2pd@15S&Y~u46asZrmB@99W7B(w2-3#Mau5OQ)JeTr1trb zHtb7_1*J8A=g#W)^tE5*;<@(j!fqsOwYJSNBwM}CgysrsJ(*!R`JS0QdK&XMX98%C zbR93{eKh&qg^V$QC+Q2WqTzIeZ0&Rh--1M<_F&;^d=*@h4shx0zU;8hO+eh{aDoi? z3>R_eG2!DSE|cT&nH+7yWD|#l48905D2T(tN?azShtM864LyZW?ZeR|ay+|_PMKiZ z>n(%i)878anfS;~b%#tnDBRay+X22Kq4?OduHSQRYp{j*V3(2tyQc%N53~T=Hv?ah$c`E6@-Z;Oxatx2J~z5{fvq*qM+;9s^i*x!o}_G3wbz2P!} zh3mrBV80R{?3a@QyZ7>dC0Dbp!TxJ}urDVC_9reI*fwI^w;}eZqz6e`jY`_|rCyJ7 z<7ERo*1Ba=@xks*3T*1Kfj!(B?2-6j$CCnk(`5n+&#bM%&c_G)a8h9RbpZCB=8l!m ztYaME`c7kqtF7Ud;=?_k6x{un5pEkJRf`Yz#iZcUe$?QfI9Hk1@Lqcyhw zijVC-lEOCJ0k%xDEpa`6wnn(MKlY$z6Otw}s2S-1;b1dDT%g2%7LmMpwuX2xKEzv+ zf;id%#5H`#OLdVq0wofu2Lm)kfO@PMb%T@1);K>D zALsj%!a3Oi&f#X9wrfe-g=A}xpN|jnPm%&T)d9$mF}v#`vNgh&;v@XWq!3PbfH1_| zk~7EF;C>Vz-2Ws6?r1XL$n#=raJx6f9spg1q=^iGj&%SoNe6!s{%dbq$N#go85LD4T}aFMe5ssQjJmZkU(QvR zm6BP1YyGwt>d)5?TK&4bYLu&bPN`e#kRqpQ#k{VR>gVusE2THJqLFqo*pMqP2fkN( zts9&;ZQ$uA)9LiNr?Ueuz4n*z?^j-W?XT9=4d?1=zqNi|xj?11N&RA-YGw6RWK_Yd ztDB7l*&2{dQ`Z)%CLmCid$hcP>RB6dMcFVAiRa#uylg*h%vUSkj|Dk*URM@5P5*`E z;t``F6V#0rT`?4WMX6V<4W_(AU)0qBb+_7M^=Dn0@T*U-vk$RGhQO9f&Yx^vS=36J zsg+AcS~twPwZ5p8l=_L@>Huibq~nD9{={@-;MZp6R7H2 zEbGfM)s+gXtNYcPtLiQ4pn5<(sNQy>4;kE14avZ|azU@lA{+YTknfWo^;We9sBgFB z3dkNNWI0vIotLy+x%BFkwk$6xz?e>F@PGbgWTwm6oTlfBN_I(Clv0*ISeEtkX=7!H zh&ZyUJLOv-&lBE%|2gOW%W6iYSp27ODNT=p;T`nJJCe- zb0qMqvR=|kOA@S+0dbc!6RNFLim*Bm{rReCYN@57mV)(Ju4pMJhN+ZbAW~W>^-NVU zOgSa2kNhmmhLSSMrE)4SBLPz872Tk(mX%bgT*5z6Wo<z@RQ1bLJ@)TGNkGzRuF=eVsO1U5}SBi?kR} zrxutoNie1iID)*xnoTz2x=Yks;t_?;HdM-X`iSbc`b=40QoNoU7IqSxWlzscNk^xr zsOvB*#*s{>Tv19|K3!7Gj8Re0W!VwZq5|Q8u#`*EPlL>WUW2K>W!=9v5}GR{*w_=vMmE64 zQMV!xyKrF(u3*9AYa)PSlXhL=uz3akyJH8arRtO1f5bR65*-4SJs# z8(xQd(;C?r>(*`{gSN6U*2Zp79*MC*nF&qV7sw z>6jGkS=KK?P>{L_IJQbmll;O&^Y>VQM-CWy!gi-Zi)aeLA%;D zFP>$+Ig*!0Lgl4POVVgZb~ee0--@_zT`qz)3ACpLU|-+K`1k!DYr(l5pF^7Z328WG2-fht0`b4z=@l}l@6{-fR(N^#m-Lfav+kI zC@JaEevCI+k1#3m+Ya}=kCC9|=xPi?6%uS5Tr(RZ-Hk!U(<3o-W(2J-)`Y^?p!W%l zL8wB4joa4D#%Q-}jK*MNv<(~dJ~1{%T{aFyvJquLx}M98r<-SUu6^)Xkl=jIP2tm* z#u;6g7Q{cNyFHSZC=1f%EM^=t5Z>E#mrh-s@Nv?57DIU?C?(!3=8i}<7HQ-$Ju@{i z=P8L&)up0xA&tM~ii|&*qOv3xC3|ne%uLT_=3hCVxgRUO_u?OIo8B@qar$`rWHvoK zIE2aM*m!zyC_OkhK0<$|XOA^d)2m>k%kXK88{w(QlVZSeIjSR!i4;l9St926W4`r6 zT5L9T>>n$7T2su$bXi}@U~eWv%jTK9E-#uA#Y=^hzkS zh88MdW+GuatvcNS%wVf3rJR1TLR$#UP?aE5`sqRKwpD!v3%G-ka8KB+dZKH%=aq}i zIL`-h(oYZPgKKWmAi-3k05}v0kj@l9OMS*Gw%7)XGc+9eFsnKaeFXNuAgX>l<^1$u zKGY>luUr9kI1;Q(VA)nn6K9WlZMp>OQe8-66F8$(rM!mUu-01M-g=Q%^w(T za+;5hV64Z-Nx?@VH4#jVMl$gfF)=qK9e=EI8*V5?+NW7jAVfy4ST;yhV7jHD!3N3b zGxGGp$AcH+ap1~CY^Ai#daHT}CdML}uoqJtnK-jXk>F!sC3N(#>;?3H77|xZ@+!&n}7g_$X<-IaYn8N_~8Ctor z;-3L~F&@;mbKZ7^3XJ2C7W>To+iB4P?46Nd=SZv1(9uLkCZ{jtaQ00Il(6yX#d5WTT0m$se)*9UB$rD|3ZMMQ ztPH0I(~YXU-Twil_W=)k=izsk1UsvSKz~;x`nw7J@rkpiJjBh`lt-VC+k&hwOE`Tg z7sJGNJ-zlJ6Tdw)LxR-!MF<2(A`#3Gg0n{_Q+JJy-sPc)6qv@Tge|c7O1aV?ryKRf zoJ5)WFi{*Agg6h^-2zu9g$jgsMO4@O z<9C=J;|SG)R>VOVsiK$Z%!uR~izrjNRrDRmQ`Y<)Nb?(y0QcBPvwZRauP&=7c)K@} zH(n~>mX_w`C*~iSlP2corq9mLoSuy#*|rtVD>%xVD@%?cMn79Mh*L%94mUG6+-Q(@ zhbQ%keRK+syyHT8B9$P1{RC6@MKU$z>V)*@utWw-8f>`;8L(l4qhSVYyUl|zbc6o& z#;|uDcH|ay5HPe{f$#oEeD^cHnJHiI8zGdmX2gSxTp2^jh@r)L+L-b+sQB$c7>kC$ zvL8{5K=ME&5_|qY)=N6|$jN!>?DX6jY5wsuz6FA2WP-J2oEy_{@DwvCqk`e0BAFK} z3XdAYT5y-$g7g)C!Kr<)quzToxO3_*>LfUsh~#9&lirE>`DxO1sJJwFa%OsVULvky zt2-};*|2ejjt(=EnoA3^fw5+;s9{ti5u2I8kw(4W+x(gD10QW|6MFp32{CG81=dt; zLFj{#gqDfW6UxQZgvWu8LS;oMqCxdECgnO*fhY16U0acJ7kQ$NZG9}Wnin(TLBisQ zz# zUM8QDD-}BzT8IZ-8T%KS_K2-9B<-qfs7J6u1ipwNObYTvMQZ#LHzNMh>W43e>*g5n&JUBcm4UT2#sur#tRk1gbZ5Z8Uv2a$> za&i{?A&nIh;8eU9=}kFz01QMrdAE61w=xZg1;VZ+Wd7|o-B;Gk&KTMPE4 zFA-z0jeJN58sJ0XkMp3odp6w_FHp}!qJDy!WbVw&RAzE!S~|@Od(xycuAIY-7A)uH z>;*fI6Iue-VP&h`9xcU z>RP8{F1%{s_7(2J;U2GBi|7Pyjh5G3Bitx;8EULi|C7`9H9WTpz8JU6=hj^2=3tpK zJ{BA~Da`uftewXcNT^&)o#Dk9x~U^tChV14Gb={T93i=cq(LFs*2qTRlk=yiPP!nM$6QbPmw z-(hi=v)|gZ0L@U$Y*B+@6HX4)UeCnz)0-?dMwflB$v7fA7My_M75MxQ z82Ey1dJTyG3w#xN)7aNWU!+2J7ygWs7QTc(t|8b!6%}{`RkblVhoa#VfD^iRQ4234 zmv%-mSXedw!bvcF4A#YFoh?_r-QQD`Qz7oO{ z(2~u7?+L1>AC2)o)+03ove;fT1|~cw6^_98qg<)ky}o@rI9hQPk_PS04UKkZ-;?vS zvz=PSk$@ESS-8N88{#x2bUbFbHYrY0x0W}@sAW)EaH*;wD$KguYf{a8N@nXIdig$c zNiSC`O|NJK00$#Q8htgrbPZsWTy4ZBwl9VgyGX9?A=-8q?!q6?bua!1?Qv=#PV6=2 zR5*sTC+=y=g9j$6BIlbc)o=CaWxr<*&(QS3MCuotJ_+h<|Di*ZMOj-u1n&=IWk3$5 zTjkP{@4LbR0di~*r}ngZ5wF^5b)G)oU3eOQ+8Lf;lj8nD;arTbp0o>iB_}Ps3V(ux z2O)1ebZAO3a=ON+sT|-1#rIX=4V0k`c#|)!2m6gk5EJ(6kaTUZab=cqj6~!CVw@l;mB*oy#X^}%sEi$y07P&h{Nx>GuA;N+vG|(c~ z7X^IYZ6WxQ3*T!GFIfmn@mhlrwr!28rY~T~hGQ(4(l`e+UCju6=dwQ^gA<4Shnv_R zUkm#SF-i)uk3&8MQD}hutKbKY;bKqJh3m2IzV@>bk8L3GZ0y0pQA`xbRoqZr5d*!D zMI+8SG#;+fJXN#3J$bX0K5M|Oe!hO<3TuyY0i#wk>&0dlE@s)Q-1GIq^Wd*=H!5UU z*Mug-!W@!OmF;AHD5Caa`O5W3$4ge$F5FQl8AUd*SYIR|PKh3TrEN8Oh6D)^Tt*Yi$-W?8I)?+GxNH7@S$bbKnlzaAQw^ix{4gBPuwO zdz3nB!yT$xedVfIshag!US6BE`t79(90{u92No)6M|in{ADiqlF-$Ik)hXH_ra z*A}y!%aY?hdTZ1RG=#8rE|$w?3F`p9H{g8>Ehm<$%h?O$)s9+XD+bV7B};z#c#&e( zy55e#VONgH(qt(sd{hRpNYwb`jXkd*Gvv{$+ zd1axxgz9f~9AP1auE@)X>8EQX3L&c3tgTuJ9KlZx3=g=4H?u14klYE+h`|?GMc2!E zR_xsI#6Ziz3*9!G<&YfqHoR%bqVPe8p|#b{H>CXFi-wP_?NoornV~u!x$4%IBF-9C z;pGf$=iyZGN(@P?t8@j2Kk{&Qh!t`ix5i?*0S@}m@hxh^PrsIjoMJKhLS5~%w&FZM zIqOAPSJEQ&mV9-&l6A!oq;drB(!o?xhTAxX1)G}Qi>eq{sV-;X>=CK9L)~ya$KJYf zzGMl3uC8e8`iJt$;s7*FR{_MSS(ftVt-9hRF!6_|44vX5dX4X$_KVWUGC>76s5T4BxLx(4_q!`w< zVlxTRM!Iqlu8B&#M^(43rj%R(q{QYW#vIT#a&xIvq+13@LFrbU#%su)V!Z6#6L*oP zCHS;r9pWr6K#Aa$v3_EswHNBPoOQL+HGo;$)8-{>yKxcYzYAG9Pglf0_L50cTx+v| z(_yB)yk~%@tN1ss_8D2M{K;_9MAYuZp;l-R`VCv%z%o-vZX&UcaEbkt^45W41};H> z$~mpH2r&?LVJBG%IOJ?d$Ic5;m~1N}`R_cBO%i2!0d5ct^CGICDsa1Y$+{XR}QQ-l0ALN06(ks=ir$z4~_bEmdo0Ag%4@lw6{cYfklOz(J+@gcWp~sIG?k z=u_X^98EiAZ?96-7eyIXAE_)HuR8tIxjOe$vSDqYB=(zw>Ic;Ks-IAQSN)v&S@mn` zU#Z_xzo~v#{TKCz>JJJVuR!M!_#q@E!_&oq~^1@Y@u8hJrt&;L8+zk%Dhf@OKovOu;`> z@O=vYlY$-^WUQlLI|W-P*h|566da=900rX|j8ed(7ap5@kbb_8g6-&&3tK2yM`N4+ zqo)J(bTb9B6r7--N`a1`YW0(x@QFF{;;Vk3rhcNPey*l|t)_mfrhd1k{;Pt-XC8qci(|d`jy;N2A5Si~)-wmbv2$b$q zP`WQb>Anu7`?mT6^?R&w>W^)8+f4Gy>b8fTSlw==Cswx+dSZ2ZfSy?0PSF#q+Y|J} z>b68rtZpVfvAVrLPpoclq9<0jx6u=;+k5DV)$L>S#On4LdSZ3^GCi@neS@A@-Cm|A zR=4ld6RTSf$uFzhc6wrU+e=TZZincJ)oq-fSly=RiPi04dSZ2Zik?{A&eIdC+XZ@J zb$gMXSl!-2Ppoe5peI(h56}~<+sEmN)$LE|iPi0^^u+4+PxQp<_8od+b^Bj>Vs+a< z8pP_hi=J5BZlWhvw=_Mmy3y`*;aSokeqzPDL~*QmwC`an9xeCSibqQjw&Ky$mlcnv zVO493zlSC(Zf(ioKmrYCXjEXw&{#~Qv->80jGYesF?#gng>upD^f~FShDbMce;~(x zQ7V75Gmt-q)VfJy_^TW9a^7GjgOOqmmtQazs9T$`9>zD=u%-fc;FC`LTd9xwB=DcO z!g#TM7DFHGj9?Juxa6gRv9P+;xM*OYBx2oJjMyv;u3C>wRVzh0cA}(cK}Q3Ml--A? z$gCYn?Q1;lurDnZmpb~^o#pT8YrpEnbMM`S-ALMMt(#>@wtAh3%@x*qGRJTPJ~Mmt zH0E>8M9?1bI-bn?XcD{&8Dm0EQW#uS!)XcG+UX9$1(`(g!NS$}D!4=);MCcT*iVE+qwaPX}Nh zXaTm#X>M!CZ-@{1g`^-~*8$|)n<2B4+}7yc9v|J?l0tWV2k2T!ub2kH4{d9(zZW0u z$C3hj!({>s7l*CEekDHGFDC_d@8tnYE@@kX{nz+lUrq|_D=r(@He%ejA@<0m2T5Cv zOxpCNUXOF*Wdl3bx@A-G!R}28Z0fRsJ=_}Xk@#T8lLC9wWdaKiuC2k&#|QgxQegLW z0QR2dj+M{0V;tf7SYyYmt>Kp9!#$rA-2ImkZW|+2ix2n3q~OwjPl@MDYZ&(58KZUE zXzjb=Lw!e5P;cn~YK$=y`GIXM#=jpQ?8lP=dus<^<7h2ALv0QBZ{oxKYEp0ybO1MA z+qTi!e~%CLJ4t~(c-g>?v~Jmfjj=~j8;~@SQPgdh4eV%Zus6pCds9+i4|M=Gp4PUV z4%`F%q!9J1{*gHA^8?r#be(zdKt{xvFXjk-UDk zhIlYO#9NYrINAZkJDMTd9?M$8doVt{`;&q<)&aZ_85J#9X^rqz@ew|r6vD$DAPj3j z_RZNE-b#FUMpE#`JAfC`fUZZq)(C$#KEj_#3gMj{AUxcxfsH;mTLXPxe4xLX6wtdm z0D7nyD7oQm4eqn?!F@U@a7Q`-mu?1!^Rw)Kvo*kP#s~NhNddgO1ArlRhJCWNS*-a% ze0cwz6gEqjZpEDgu}3u9kTj7I&AlD8V%W+B4q2&^eP6+I zzS$b?9r5AbmK5CkI)EEuTWv>zp5x5cK##@;I++yE`#S&{Vq0nVr!}~zMCIxn)1F(}JhKRx1-uU=Prr%j+Yt;4lsDCag)DL!mdaN0B zgEPw3I6o90=lhewIoScu;bxq+3rgG7WNVP0j}P)sk^(u^0mzUsyX#7_HNuzTBmBpt z5Kec1FvQ%F)5q4}eiR?v|0D(OXfoi)Lt|@jyEnxi09}Qoi41^_bpS5p{H)`wu{FNI z`1qux@IBN4zL0qc9|M68$JPLk#|L;UDS$H_06f`jLCH^Jd#{VF;pgMSmy?2jyaV_l zBU=B}0`l0{8t7}{1AVSLpn;15vmRE(+T>md;Cqjov{J5E&EwK*d5JD`UK{Bn^587~ YXV%|Xm#u+3T_koc+|soJ{5P-uA3hb!+5i9m literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/.doctrees/pid-eaa-mdoc-cbor.doctree b/ia-terms-updates/it/.doctrees/pid-eaa-mdoc-cbor.doctree new file mode 100644 index 0000000000000000000000000000000000000000..bd902f94f6cdf9d030e9d20a8f70b1e3e6fe9003 GIT binary patch literal 36635 zcmcIt3v?V;d3GX8w&b_tIB^n_jh)1fliAhNN}Q)6$&UPx9ZN|_g0mUzjx@7g?QUjf zB|9OM0HN!43N36;AGC0QK6n?(p)JtTLTRA|N(;25Er*tzL(j=+p)GAWw9rGp|DU<@ z*qzxO?T&MzyYskn@BO~}|Nnjeer@m1Z-4VT{?FQGR8*~WAuZ?grE*>|>ej}5Iagg) zN@o47_1j*kKVLs+_3QGgQLgGarEaZ5jGU?!^SV;1pToRQCA1l-D;23pLJ=%U7uiQAD$W+0$VOQKiRypsFgHR zE0>J4ZkTmzeNihZ^%K3-1%STBs4f_$W`e?U$rsmUAMEW-r&F(9&|jTGJsdfbQqAS! zz(6XMx@SSp+&3WT>%m+9SH1k&e!IhR?rib^VHm8b*MKT@56HhBe|zzFBmQmzReg(P zeOacmQf75^zj||3y+s{V52y##+fMW$fjg=p30PMy=yh2nL!TV-ebS@es`dc&?Y3M2 z*~5e^rz*Mgl9nr%UY*jGpl2f9t$rZSSV9=Qm@20S#7I4)P+x^j4|ZuL}kt!^EPkBkzN zOL;9X+fr>^aj337We}^UPysUzvjbrjp*|5>3oN|hwNNd2C2v~~x{}Wp71LC7=|V^) zIJGeA*7Ln>xNn_aEaEr&0fbV2AcFeF%kxbGMREkDQWq1Nij1=`+mP(aSP#9nEG4R{c9tkxj=%AJ&|l=18f|1 zYce}sLjU4ox11bq;N&`&6Q9taLx!w;%($`kd$F=^EJs$l=jU);@N-=xKPvHa@|ZL+ z;Zd==x|)`kpb1Omm9z$B(9qOo&|{OUMKiOg!GdI9T*`P})-Pu52gTyjQr7KnX634> zmUVRS6eByBuH+XRi0UmaNwVzY#C_nwKPSZF@)SsrbA2Q^K~-`zAv=^F_PB~?GlG(f z1RB_IRYfu!bsLg~edM_B_dD;Y5Xq?$B_`OoVU28zq=&j=0|~TcV?-Ki$p)q2wglZO z4kaeo*t<41Bv{Gr*l1;Dg=~zrW`hcm92=CFVB-~QW}{0@8I7SSqpdXsY$T{Dl$c=S z#x=7s)~#%ewbhhSX{?o|fDL-@+1M_d;4znt)SB5i+$|f8jjwAZT`M{&9d5%0y-$n{ zufe@(jckl{Yd4TUTiFc*`#Mq$3gr@9^WaC_*d*-yT(pb9dR)v#jU}U%3ITMz2 zObWIvZVb`R+C>SlG9h{;oizP+u>>#sJK&{Di%JD(?0vYXUA-Y*{QVC%Mu3-~UG16| z&$8Ye$;%_5^3tUxX|y9do8-iAMclV87eO0xZ#VMcS&&;IISB2QO5@#H5G2r`FU|IJ zyp08+G!nBQl$g+zTO-*Bw;=d70X~`-arMB}6fhFt#Es!f2Nxy4N>`d;);IB7kKp)?Yd5^of9MDkQuE9W!!W5)Mh{L!-MEh7`BkEc&&)5C*9 z7)*|hrw519gM;HE^gBI!tbv+d1q)qd%dv7)Cn#av96^`#8fW->Hwp2_R-qAAgHsZcf)seok~X;oQ}BM9g|V*xiE33t|pJMT$B>|Dzs$5tK_ z^Y8#EVXJ|JH9G~nYI2ISsAIRwYFR(u0KT8iv?S|`zM2j^^oTesh)A$Bf|8L)N?t{j zoW=s@%+%o$m>7*@;wfTcZb~}-Sm!p}P>Qrpv!XzVj9js7kf^|POGASVlF?`6 z>4lF6?}^8OD-*Gm(l+a@$|0B-i)6x{OmSr5%o;_4w}F+=(8IDDEDXbgVZzWagrVZ& zAn?$m;pmz~A-V(t`r%0EZ13l0PM=wcF&;*Du7v7F@3gqc@{c9&m0`jh2Ds1A%9R!W z2-th#L2WzcZI`LQI39_Sdn&e|OOH-^)f*{ezMh#QUM#!PN-i@vnrRU1ep|5d(qFIs zhaq4)&02uHGZO3^Y4sV}n&`;n^o1Puz6pU6Ha@*ru9i>=2yMnMKazsza%oB7ogbN% z;q+j-QI)s*KcM(N;9>7P{O*)sXT=cc?}|i!H=#d1arTslxY?R=?-O!cko9E=yD#Np znE0-z*FI$8-a|7aNR6L`KyV}y!3-fddvr2&*XZb79*RhTX&g$}0-LXtD-CkGQD4kS zl&B9AJ>!h<%)@oJz|~2n0^!|}2!{#b>4`_?AM%+T+Sxz_RPwZ!f(J^t&EW6wIEozX zV)Ze|fMs!?crb1iFxsRoN_Qe&Z3~ZX0QqPu}3wWf28$_eS!@ zQw3bp(%k&S{3CPH#N6EU+4-5%voR#ww!(P@TX}P3$uY!eXR8Krs_5L{W(J2F4f5{r zs6Mfej^UAaTu4u(62vc`VCud|rlwq-kRBbD$bd+SkYvzg?dNmTUnHd~u)cd{7pZPxU(bhJi$KRX~qc&DxO~n?3 zJ{U=8nFu|hTue=P9QY_yR+J(tR8M12u0s`gAYak76*+g22kKbX$26;XF(WP{OpZuC zLihWwrIp6jifs+CecaKjl<#A_^4NO9Wh?m-3eqMcNjpZQO(`o{PDxGDp^;F=Do{V> z%iSZ-ec(KQ$7dWGIvbnqSCakCTflOjr^IuQ2G{oBOHolVvK0uYA`!lh5ZdHJI68!v z$>-!s#ZHAL;z3u&zC+a>u{DOIU6l>>2xf@D7cqoELB6Qy4dnE@U;1Pu@X({h2$7EV zv~*cqLF#lQsS1&L>hzRvDkyxLE$sw$HvJ9{4v$KMV;MTCg=0rmtW9JadUsh&oRzek zoW*)b^RD0Z%jLX(PDtE)Y`KdWm!mL(m7|fYumw6ZHS0SS5VIhMGbaPAV5-nCb(~s3 zFSwB;u#+$4!}y`+K9O4Q+@1cBALRup;Y#lOYc~IOno9?m~sAnQkKS5P8cV=cPGdVLYo#u%>Y0~Le&f!E0rgL-l zgq_C;O@V82+L?^j%9sGbL6)4RNDPpVZZ<7b-ReaOGDzoUyj*ty=lU!}YC$^J@6T3*R?jhQC7w*Cj=(-m_LVKJN zh^>5$DHV<(?umPv(%>$Ns>u1~LiJlcdfD%?!!tC!Fp>JjrcZ)8+kfcLWKq_Z55X-2 zSs9Rnaag&uS@IUj`4BOB4Do_AA8bo~4`mryje|2K&a%X;+M#g6e=B#|4pTfbYFpfC5_5@>AedK|{nwuG}ens^-Y93ZZOU zE7zaY7Iaz1NGXN+Vq}zu_nDGbsVH8bzGWPjCn*L`PK_LDs*$0!)X3d2athW6b{7^z zrhyu{z9``HG7Q0&T=-snc+o;widP$iux)KzHGKhHHtcV~kjB}$>1sykJD2_W7@Rol zKitIr_*&Rsh>=r}eeC`zh)e_QUj+wo3>S-~E?kdw_qCsmcx(faXJZc*j$)udKIDe# zis9Yo0Ao==MK{xO4Y2-@_Tqhi6qBGr1Ga6N4|Z zimsRStXSORA%d2Jqq=Q2%ONT3ZFtj=MB#%FLu;#@Zb<&Y7Y!d<+o}AJGedQpcGayd zMQlf`!VwzS&cpBGmFS#USLq7&hveZA5tHcHk&XFu103|B30%~OpMEV5ImJ}a@KofT}e~eTk_TAO4b!Wkjf8uArD5A65Pg5Sg@(;y+;)TQ`qG!{6QktcBmUp z@Yt(c&X+79(A5=iD`QlA}5u* zX}=iqakf99dMLp>YJ3y?JG!@!&>f^+5S-Eykwyo0ZIhNjr9{7t-VmU<*cint^v&2&Nwew+l`Cp30}z3mb)VU*pVg; zcCF0@HjtV2M4thouHt*1_cOAX1C-&#iKyL+eXr0Uv>>*+fn}zUJV|0k;S#$t<>ds& z3|xW$m2+BY5n>?h!cMXj@Y&fAkNq1WGuc)~a`Ab-4zXEYfTu*myoe&G3Ouu2vaZG^ zdii`7o8Giy7H(I`&Z2xZYlpMU0eLMh+9vIi)uWVF>ga@98*OWX^?6962CtCN4>N1~ zdt-Dv8XbwU^;VCncc@RmSLCXys&7_bufAPaBw^ym?iy{xJk5m@ES)F$3T%B7g*|0WH6#LCV^#kgA)laCutA0-X ztok+euheg;-&DV={)_rU^#_HGSD<<8rQm7`c2cm9f*UEwP;dtY_fT*b1v3;JrQlHt z<|xQf@H7P#3YIB&o`Pp7_$dm0l7e5LpiaTBQSeR*K0?8VDEJfwpQPXm6nvh7uT${X z6nvY4mniri1^-6Dk16;O1)Hx#&`-f03U*U)D+T*07@=U0f(IzLmx5Ci9H-z33Lc|i ziGn-@CI!z>@B#&|q2Nsv{4@n`qu>`Qcn<}?PQk}0_-zV4L%|yNkI>FGS*SBoq{bC?4{s33Jy_lfP!%fMk(Ol3-?VvNVo5!U_096!WIhF zQQzkO=;{Dn-AutO1t%z|QlKNKTKyy^ys3^H{i+|Rsh_B+pR1`~tEu0rso$-sKdiBc z)L1-fEE+WyiyDhWjm4qHqEKTosIdstxcX~c^);^c8drIZtGmWkUE^x5aTV9NdTU&@ zHLlhgS80u_v&L0f<7%vN71p@=YFu?SuC^LiS&gf!##L40YN~M+)wp_UTs1YWmKs+{ zjjN-^RZ-(=sBsn4nEo15Ut`*V2#nPVME518`V!N8i7CFs^j>0WFICk&MCN2W^2_SBovv8j_RoeTS}C-Ts%Z zSlu>|2C=&BqAOOno9K$wElpRfZnREac$PGXuUPRe(KA*&S^=>Yk0yR>#iPjxTk&WR z%!G8v*`L@jRc)2$7?TTj49Tw#zg}iCGpf9#fW9Y;QaNSQ`Jh5cBUvPn%dET zB4xMXDKcwEQu{*pLF`M5xu(t&a7X@o`r6Ng@pyc9VK<_-n*V00lC556h;xOto(wa* zhR@6%J&lo_GbFV8zK+}TJ{k`1Lc$p2lRO4z+OUH{wsyMRaX~AQeXwvfz6wrT2iSF1 zXm(hO6A-{TY)Qkx#YOC*yj;6eTuR5|Q##s)(k3zs8GI3>QZR^Fn7EWk520do>Xiz4 z+lNh0JFKDP&mfFwgY@eLh-TBUcXP?)?f?q!7e2Q zc25UjA7}x#$<1zS$Zv=b`Guq)U)KTT+nXV?Tiw>^-X0&_+mb?eeFx}TNv{|c!gFnF zu)h}{?8lM?@xks*3T*1Kfj!(B?2-6j$CCnk(`5n+pRcXK&c_G) za8h9RbpZCB=7yDb!=oSJdSzo*uC3vg;=?_k6x{un5pEkJRf`Yz#iZcUzre%;r!{o@ z?~GBqZM61X@u9vWDX6z}05wJ*iaf`*7USQK5BB3pfxWc@uyM4O-KVyO`#167el;n$ z2ReWouWsAu?7znc`<_+TGN3hW&nfDM_TU{86iC0CD+uACG)sRMMk zHTNUnskAjVD?YYMNnuMTh0Sb@?Kk3Mdv{XUGD%@mT4Vd8_}Km+DQtsDVLRU%+uz5> z_P0r48%heB(Hh%-#mDv^NnsoA09&TnmbgAeTO-`sAG=et2~iX2)Qoh1aIhI6PFvz1 zTqHlCtsx$a5Al|yAdYqb@s4JQwvV&c@E(j0@BXCVjdcJoL`FpoR$3!`ReXexCx!5E z2MEI|kiB`fhPM(Qo{<#1@ebgHRG{mFuQkG-jgRnWl0tZA2M7;0Yha_-&elNR7a!}(D2oACkuLs9_m?f_tjonbF- zZ6<4e5Fg%uCk2lW@6yhcHB7LMHrJnMC~Qxjt!r`TK#E>GK=m6|wh#_LIw*Nlfq3L(8*&1~{KI)%K3iX2> zpdM>R-Qd2mHO>#k$NB!Ga87oBbGR9&?X=Q%PT3md=i`I?lcYdSbpSG?&+a;(Y>n`x z_z3?oDTLD|C$p=kl{imDk{$UWJC>4=1ZOka9cgC0+TF~| zN_Ijh0Yca96k6DxK4{?peef=nLtCJwh0;O`lon`9TMjKbhn|yDpe=1Vw9rGp|DU<@ z*qzxO?T&MzyYskn@BO~}|NnjeeogN$eEW^-_&;l#QBk$hg|wW{m&$p?s9PKJ`H zDVg=R)NgyC{(SwQ)vwE|M!Blzl)AMJF># zy1{v-4Ltp1I-NfEbavpS*Zea6e)Xl-{90YzaIUWQTkGeQ3zTb{*e}+pR90U_MiI=q zy4hHetpV9Ib#0+)0sCf7Yc5cYT7LeRyhQ2yD6J{ABaWqE^yO ztz0tFx?$F>^+m0u)KBzQ7XbPiqq<<2nh6TaC0|^ZeXzGTold=KL4Q>W^>E}!N;Q{@ z0|Tj4>YfEXbKiiVuLp1aU-j~9`|S?PxwFXwgki9zUIVJsJs|&j{O!fxjrh9>RP`;E z^<|mLN}1Kw{p!tC^%iwdJ)j;`Z#&V41n#JYBw$^+px0%Q41IFQ_eqa>tJ(w9x7%_B zWDgUvoT}u`OIog6dR0nWmX{P@Os6yWpYM#!bUB;T^juNNF6oL=%JK)xvVJ~otSk`` zM^?4GsUArUkGX90^0$6I9_Ti0o61PedgLMq8}QIT;<#LO>&oG=y46$FwYqgEJ~B#7 zF6FhnY)iFu#i6?TltHYXLIun?%npQAg!)8iEwJ#0*Fv@AmAq{|=t@3YR7_LRr3)dI z;MBsbThI5l;l6cxv54R72M|jAfe7jwGq0=J=j*DhKIc-cI#h27rFu1#>Mdj^ny7w` z1b$W4OIm43f;BQA?viFgwUtT{RtKU#Uo}lFwN%tnus+KbEd|9el@bg@N-L$FsVask zr-b#9pM}{_QbxH{PUU4pK+L?N8}!w(k}8!;_#;);Ry1J>9>07!xaQ?`Vdll!*^E5g zTI>iVPY)wcfz|NHn4oV}3)3*Jm23iS|hEf+j4LSJE1kK|@oUL61$Y7R}6}1`CpbaVg_@S-+UI9~6sAOIf$SnU$-i zTGr9QQ;h6jx{_aPAgZ^xB+0Um6Ze4!|C|ty%Tpjh&h?Sx1Xan=gzQjy*yAdm%?L^^ z5@=w2Mo1=zU^r zcn$7NYh+`rTf2b-+RDaQ8@oYiB*q3MCNyPVBpc@f-7}|!mB!Ltw7?nmizRs3-vKXOT2v}PWADR7?dlEj;_rXBF#@~Mmx{`TG=9q!89$k#vLqKJdu_tZOwVTKUooG#A2Yu9;*XY1ZyA|5eLQ_Kn;sq< z!eDZ2JUuv+9vmDWq2KA*V-3{wDp=?;d>Z3E@KoeU(c!op#Sz9tiX`SN5p(=8-~1s> zHk&%uj}<+wDdu9jtS@D-Hj|-g^Gsfs7fp$tONFwbNChm@NUO?%Bo~)x#!y{08c66V ztommPom-E989_kz84I}SNVu~$+<8w5V&__>Nl_24Sw4>ijG!t2o9U}<=hlNdy=JJP znF^ShNSIEoPImw^SgT4Yr(dkl5<)XnB?y&nJ*eH*sxM;!cQ6v}3A9A8<|+*mOgRdGLy-V!PXV;lXS`yIZ7@4S!bFzQtq1d= zE@6843b4bGU}XZ!wpyAvd(^AbC0Lj0LK=&}8Ko-aHQd8mYk7O=MOu}MSiaB5I=1qd zn1=^Q30n;$tl25pRg+VsMIF0cR?GVN2JroCrX^Wl^wo6Wp-047K}3S35tNKXQu0co zVf zPcM8tcuzbIT$zZil(t!KRSv<#SR@nnWQrpbXVxeZybY{`h8~vPU||>@3=@WaAq*8C z2Z4tk4M*1`3ehDH&<{sKXL~<4bNb9mjPWqKb0t(adZ)!jmVYdHuM89BFu;9=R<5l0 zN5I|_4{F;nZ@Wwd#_>pu+*7dyU3zrVtKLW%^YzRe@nYGPR&tra(M*G2_uGPvm;QS7 zKMVoeY1RVlosnSYNUP7#)VvmrF|u@BGND z45tUvjjFue{{hAK0S|lU;diG5J1d4je^(^>y9xdAiL<9X#Ld=}d!LZof~+q~*nKG% z!^C$zz4jp!_a2%dL2CRg1cD=x2xbVu*`t%GyGBRv@=!zyOyf|(7TA2HTxpQgjrw9v zqC|a|=ox2(XCAJ*1+Gpq6$tN+L^wixO*8B}f^Ba!gZ}x( zuy-DIq!zUiFf?C*@BT=9_cOkkDPQXwA(S*{#GQ;>8C}VUuEly!paF?APZ5}Zs#a=A*kG8fEJ^to|7`3qiYbv%N z^ub6%%S7l2?nmN!l?YZAw|ua!P8F4vmB|R)P94 zU+x}x?gQufJ3iyk(An5*zmn{C-U62MJSCocG`O}0Uy6!~k*z>D6^Zb*gwQ4*!qFkT zOg<-9Dt0O~5f8dD_8qGBh^;Xs?W%03M=(PKzK9_V3i3roZy=}N{n95RfrlO~Mu>E@ zr=`o{3R0&dNmYo{Q>UkVQ$gX|Y-uO3v*~wuaClT29LvyAEgUD%!A^t*>sn^Ks^(Q`U$F%xid3UnaP=H=`>I5Ns~^$atlMf4zlDlMPh(_bhBxh>Q*mOkU=^(&1Y1c zGt1~zbm{dBtruXuA+I?L3^>^)*|df{;}b$Fb2>b!up{)9IDl0+-Lr08*cmKA2~ZbKA&$DcaGZW{gjGFII7XK^2+Jky z$5CW?NtY|Czd)Oxd`y+i6i%FJCXP?h64DMU_|PpxHbx=NQI>Ab8-3-eE)<@^OZQyV zwNB2QdDXx{i17vGm- z;0xC2H6Z>k@m1)VV_zM8fim4)_;Ze0_#%E>L$HAgD)0u1YGZJ=N5eY+M|4l67G6dw z?Tliuv^b?%_!bu-+N}UdRG_q;pf)u`eRkEFC4?uS zC7S`?6I4$>8lU@EkJJpvVtdUPnDE?HI0EB;cTQAA&NmmT-|ErJejgp4q3MN*)Gs!D64crLLx(1dvbKB(ejv!ofE*0G z%B3aWcZCH4KQUbWNeJbk{q@HBqf8J=L3;v_@iT#T=tv@>`GM=iV(KS9ES zkhdK=G^H3hUE_UK4)B8F`>ODIO3((p$rsmy{RTvc3H!B(x;EH2yioYb7+(coN83FT zr$-6U?!sJ*R3EmZ+S1FCw@}W9h|yz+7o_=MTk3l-TO>M1eC_J{?;^E!ga(BJhZ+hW ziGjyq=|dc~Z3%l<|Y#Wj}_M+^#ovDQ+?s>=_=NcDY)g96xf8J()N zo{V1o#FZo}VaAHw%I_#=y$8+HH*Qg zaT-NxirRJ;_s-B%By|>fhJ4qFQiV>*@LLTrt|j3rgJ^@ z*o8LOH*QY5V&oK52W&Aeh)e@~@6`en&>EJX0BnM|M>RW!qZ0{-m~` z%Q{9%DNGO}qdeTrl(b4k@%r>FxoPz9QyH7!68esn_c!XoPSRHlYdaS#z{cOZz8;Cp`d$4d60|jy#H&j{DT>o@DZDsAkiG`9;WFwo!$RAGC4BKm7uUW<%Y5l}HYe2+N zP}p@<;8L%!wqnhZeC}l(cXzYaX7Pkw+Ra)U4LAjZYb*E>+(FB4>=$qmT~u;Q1-EjK zQiE-{-BqivTs13Ivp&mHY_nFsJzaqfLUr6=k&4!bmn*p0Wao*Ydg(lF2b|lgUc}uN zvz*J48$Wt$)C<&&uy!t%%Vr640lqijeG5%1ma5Cy3*_UDYGNxo(OM--Ui)~WV%ECe zeuAy9{3J^QrmXNJi0qsX9M^)Nfqca1m`9-HKs3$PfC^`D;QN3nu)k@$9UUOi4z%6{6RdJ%^PWVX-zQ`)NUe>c> z9ghbGS`I$xw%II)q_DT)O+yle4?qm9t#-O0`3GM#d~9u}@hx0?smt*rarp^s;(1*rvQ6ql(wLIh$6Vn&!YM-?gy93Hu z?~!#SO;~TqSC=bUSNuRKKj1Yxm`h4<8$V&ermFWIRSe8om$PvFh*;a9ZaA!CFJw7i zvV=faS2T76L}_KQ9h!!$0OFK#gHQ`w%QgcK96RC!0oGRW#TF-~?L>(DQSPR#VaUhX z>4fT`1oNozO>pJt-aTTLwo#=~nE`Ye=4+c*(o_?;`h3 z@ZQBb#93Z|62V7f{lrFVFVt;0>uRTK0JFB=%}dsH<0ATi7qYawu82SOnMuQ3YqNp9 zVx~RCXMm`y_?~C{j4WpVWH@XhYWHG`D>Mjghpld4nJFZvk(f)k#9m8z3BfS~mmomp zoK{+d7zn$tlPm??b2h|dSBA(;wv~~*d7iIBY?c?`6wxp*q6n%2Cv2CjtFd2RKA*+@ zHm#V2hgGt(C|}Lm;Vf-HUW<#iNxNkAD5aG;y5H7D+nQi09@4160VMRp%-XKq7~PIW zpP_8M)uZYi>JxAaxvHw_o7C5-Z&Tk~wRQ&L+D=c&K`J@wRF4MSRjN-|K_`mpYN*FP z^-ax>Y2EB?RVw!esfTLzxp2aC@3W&R0SfM=;1mVNDR_c{$0%5$AWwlw z!7~)RK*6gicq0WrL%~}q_$3P7O~G$a@KFkWhk{R2@JAGUiGnXs@O29Qo`RPt_!kPk zPr-ju&_kV!brfu;U<(C%DY%Y;LlhjKV4Q+c3b^;eeUlH+?RzQMjyAclg@Sd|xA{N1 zIzU%9Q!q=x2@0wd=m@G-KgkL2pCg~X>icWz$7||mYwA~P>NjiZcWdeoYb+u)7LOW> zMvcXy#v)N;aj3B<)L0B^ECMyI{u)<(jjO%JRbJ!ju5ne@xSDHR#Wk+p8dq(NtF^{e zTI1@haaGp18f#pIHLkuIS6z*(t;SVWZoy5 z)VLaITm?0zzsA(pn06onW3>X&eTk{Q#57-GiZ3y}mzdg1Rdo-M`5yIMP`VF8={^ai z`#hBHYf!pxsXtJ^#~P>p*jBgAB)_a~d+3VQ?N+*CbsM28R<{S}iq-8DU9q}7L07D9 zOLWERX3`a_+Y5BX>h?yuVs(2fU9q~oo32>hK1x@tZl9(rR<|$F6|39V>5A3uWx8T@ z`#xQ>h^ZJVs(2zU9q}-jILPS{*10z-M&IstZx5ISFCQ|p(|Fm|D`Kdw+*C0 ztZuvLiq-8Vx?*)p(-o^5txy-9B@N;$R=i8}j1`a8K5WIKDIZ($Xd1#+JR1J8;_* zD}S^zkUqN9x=DTbs~gjD-e4qyo?;G1VbB+-TbnQ^#^>2EuL9@blg{(EP#g6L;6HJN z@nZcfx;|JPK_|*_&`TL(a&@b5(LhH@JatDgV!<#tb3HaytrTe!ijty99StZ_b{n1| zvvwr4uX*FczOhNoKw7;jX{p=Ty!FLySBWkNTZU9P;S6J)GB*QiM%W-;8b;hS7%jbhn1Uv z=*?l@8BQlIVyon3*@)uuIUb+S(KdWGFK-Wro#b6M=X}CtsQ`kqqXcHwKd$ojSu%LNx?nP0o-_X z+eT;qJwDj)Bn9^1Wdl3Xx@HG9#_mOJK-5HfQMX+-u%oTP-W(t7O-X@0)B)IdTHAIw za9@15cP9n+_7332)7myYJf8%zq@`PSI}AwIUhOA6ai zQrL{v*#0X%w*N>9+i(ZiGR?Nc^%~k5;nx1xotjOEnn-+> z@nC$2wJo zud_A0mH6u8~t*&2KwIkKz}PKpm%iu z^iVTUa?RNq+-Ks0`&3fkj&uMn-3$)9XxS%cYk=Q~5AYw80(f@^07L8y`)O-4S@VPV z@cug~czjxywxz6Lf_1dH{zOAz`|506i#rEm_h_~uY9c+FdpoGbu$c>NwNfSf)Pm=b zvo+j1;={cyDY*A_05`<8+Rg<%XPT{n9*qxlGAW?Q$;09?raS;v86YkY(8 z@kvSHd#D3^A>$C<1_Hm1tpOg75Aax00B1S?c(U1olJCa$o)}xh&&P)^Ck6j_2k=8S zf&>p3kPpY!P+uJ%>T}&e4ICDj_0THTCihqXpMTt>m2$;u9*1AcOLVaFx)xp|56|C$p=kl{imDk{$UWJC>4=1ZOka9cgC0+TF~| zN_Ijh0Yca96k6DxK4{?peef=nLt7rDh0;O`lon`9TMjKbhn|zuLR;E$XrYIG|37o* zu{*On+8uN7)$E-+_ulWj|Nr0jpV##M!YALjj{j$EGb*Z9x{#Lh`BFKr7oKm;eAw^Erig{fr)z9JOR!VPbMI-HGupw7o4t%fn zS~oax+Q8FKrqk(jPiF^Sdd)B6-><&(nqRA{8_w0$erx@_a)C;1llsLv)ynFt$f$x@ zS2r6AvNa%^rmihiO+cV3_h@+o)w4F_in3uK63@LQdD(v2n6Fm69}9Bsysj*An*IyR z#Un;VCa4=Lx?(8$ic+sy8%%kLzNo7M>Tb2i>d(3~;a8tvXCGpX41q0|oIlyTvZ$3b zQ!AH@v~HMnYkg5GDfJV*)dhgQ#;7hBre=b|a>z50m3j?Q?CJ4>K>4PJ^t;*zZ>!ICQ#M4 zSk{+isw)*%SNE$oSJhk8LG^%oP`&L$A2PV38j^u^<$_+9MK<)wA>SuG>aA)IP~UFL z6_7nl$a1QZJ1=Rua_LnmZCPGYfH9rU;Q#!~$V`{BIZe+MmF$wPD5Wfauq^B6)5gjY z5piTy%bV(v)bNM1n9jKl0eSVO2!gth_;Z+I(IOJ2>}wu7$Zvqi-;6Y1uy zm~u*3ANg6B4JBoiOXXBvMgpYFE4o2nEi0)~xrBeD%G!!1Ou^%quLRe;ye`bVSUa1M zhg*vsq2%dd^_jB1qkBs5n@u(2nSjckC8 zqi#!Pr%M=LTS8A17{v2mhQ9kIPdbLC*D&r%EKJN|c#kf1OhtXsQ*4BE=ZSR1=Rc_hXLWhOLbUnCpn0>d+>hn2?CUH2-SMFS(d-NBi# zq+?RBXK_=Ae%7u^fRza`D(R%_x2q+1+1~*#U0PJCK;!7cMeXVh@!}tUxG4g>1np|q zym*%N=15*136+;FElHyt+1Vr~ekb-4)IkbAq456^8K_F&cx7(Kc+*`^4B7b=f!+$wrg~>3S|Vo^GDax%RD9Mipr8)l+;q4eP3_z3--o;}t;O|OEDF2koWZiJ^IPl^G@<*1G@CQ>9ZXNj2OkNMUQ zX|dVVv45=SX-zQ~(`9`rgT0vyEt_ZZy1Zyg6fYIZh9VWPO(U%;3zA%1q7_4R*=Qi4 zr?Bc@DRh2%1k4Bmx-VG3O-I6=wc*ZtQV_e;GA)XFc+K*8Y+wXc0oY7mYdb$ZsMBkP z8d|7;nTdqywCZ#RFoUhClydsT3T+`YLsf!M>8A&^+g9}zEZ`1C!aZTP>WQx5o>wk5 z<2)b4Nk2WD53adMg9KBF0^m?2Ksr+ZE%h0%*kT(j&d_k=!>sB!^by$qf~flKl=IVr z`B0ZIy>bQE;YhGDfn{4QO`JXIwdoS9OLZZQP2h}DmGT;X!&+;3d+SA7m5bQE&&WEC z@|akM2S^D=4J7Q@DL7S=Q=~;5r(IUd`uPU%{cNTsSzq+EbRg0r;;bMd!P*E)Mj|PB zB~fx38=Ny!qmNF`c$`G7VvI^Fimokc@3f$5fp1{)-! z&&bmY9}ixP$AK#ov6a#`>#gb`m>7#>!d^^qWa7*kMS_okmC(_{vKuT6!-HYM&@Y6c z;^QC?>Ctd>O`;H80|EVTBy_g-b2F#Uti+fPV>nkrb7OQ`Tx9vjmiNjqVGaY_XK3Zh zihl;|#duKL&UxDvDlm>mV&svEE$GstlV0;i%9w9t=7<-|uC$WN431_R1iRlBY`pZh zt3NUXY^OyFuy;m+og=M2Lq`)GnVi0m!`U|>P{PKi7t7TWY5}3m_~l1ZkX$Y;DSYxH zvof3>OgF0XcK-*I-UmGForm9D66~xR0{vZ)=7a5gqGb55~ETT;5R?&ALPg(PKAkA+)0^DOG&GN|yyt=HS;O*W> z-gv2iTUwf%pO}ASPMVmTn?5@~b9y$0WZPCauiz+et}Ho*82xP3AWjvXJKW6RaHB!q z9iG%D_R%Rk@{SAXiBy94^%G3p7s=F=s}s_r!x9-VX|UxYWWa_Ej)obq?KTg>&<*<6 z8^hjt*pXY*LBP;*1-|P3ZAAC&Z|Y6UF3;6w)L^hYF^BU2MLQK zl8?~+zGrErakpYyLuwy)^eW~17_U6Go^aVpzJ`Ld$w<za4HhvYYCxEK7^w~ zc$s`ou2k$?XdxbSW$a&Q+9S5ckhH6^p&r2s5%?m8Fe%6v6}^F+e)mhCj07S*T8t3s zXirO*)fJ>pN0O=#si#g)`IdshkJ-{mVCT^9@Zj*MG&q)_t6I2rRK?yzwqbOa#ll%h z%gI^nhcuu1UB6t;``3iTZ;vf^GvjhpMzC@;k`=ZfE6qi8m5k0 zD;Nbgk_2}0rFzM_0DgPA4N#h<*k-r>R2RGxHpu_J~lEb&7Ex!q16$d$IPG2 z;8kO9wPAH6CmFc&`9Z(xN;6RTCkj( zvlr|7e08&Fo9b3CQIJ8pH{+G!qlUl8aJFr}@Q8EA z<1ytD>-3uQ2OO zM#cTIj9$f1UeC}z0rna4nzONh8*P$JXGk2sz+DTk6uuVAw_!Ip#}$3|Hq|~_8aRln zvc0%lQdE4e{59n~coAVoQ?$5jRXE+VZe7@YD?tH}7EU3Jy1Q_k{@}W*dZ2KO9&zcF zYuJx#$MTXcS5$vRHb428Dw`?XF4Ih0m7?vU9ab>Xtwc6PCC*WiZpj;c^{Fltp2AD_ z4%D?y$y|8Vz@01HfWz%ww-(U}+!`&fxkk80>N3<=qy8tS?aOy=6?`#nna{1c%+0|v zXM8L;GE$iJ#aTO#DUeOMm^#BtGIT#jv`pA5w`Nw1nmIyp2}y%OvaOMgz9;8TPn~wD z5I^10ekDd}L21C<$bu-ix}bRX@^&uSfN9kUa|Z_O^*!QkD)81ZK_vJO5g4yoJ@F$< zZQ0&@R(YnX=?dNacXXALb04XpM9oUHUk!6hlI8CeYY=3i|+w>X`{}=cw^nS6gjlM{Q?k@ZpCoOyle_TVbfhsES2C8afaE?O5696Z4Z=e=l zMlS7)Vz9Qjky-dQS0UPk07+D!ww|Cibv%7`)6}giBPH+?09 zC!i&p0pAl;Pd^&teXK`n24u0lW(-Vtt|=UW@khB*vwMB}c5t-fDkKfsof{hM&b}w- zX+Jx)ih}?t>a%cd75BnvBIx+ZaBWhYq;4&5j#0~?wBRaLK~$J^x7Vba`IOAoLG?+>>kMH+K8y>ty=lU!}YC$rdAkOJE z=2SR_v?uOq%7X_bsv_r`E7foH=w-h@4$si^!bIv9n?4EZZ2zG{lSNruJ_Mf+WMx1O zCRydulJC310s(St5U2LEdJ(VMX?31H-(7ebf7%(IV3Xq3Lg8GDub#9Ecm*ddyb^zc zga;vSJ9KDDF><=bXQ&+D1;zJO;q{cE4S16;tq1!JNDveDYmszquyIkL@RKpV3c!xG zdn8Ve5}@6Mxfr=VY$vs)mnCnZoDUJB$B-^a^TD>%_h4m6437BO)%V{;ZtVyS3I{GQ z6h0CIkHgZ3IBDA&_O8gqs&f(xeVF~rt>u^2TuWRhDE#?aYZ*TeSL!Vs$mX4Ttf10AE^g_74T z24mxNiqsXg9WL&jp=C!JEb=U!+;kW?GGP0jaL12rQn}6F*V|r5ovyP7NrPSI?TuaM zdK$3{ZLoj1CGCn)QcxXmoVXwg4e-5J3s6A&RelP*CTK|5$d$W3Pt6=TR3VgYTjlzb z+JY|Ym?@>O7>t7Qa4l2PDiy^W)3;3H@+8IJ$!U>8O)WCCmKM1?MoGaI!O_8jC^XO_ z*B1qR-eV#7k_+E!4=-5=OYvHR5VmcNtEMkt$cDo!n9?}MGF{CGedn@2AA=Kz{fC>_ zA72am3o%LxvX7%Z1yN{#{j1>pjp1S^)P?J@?!NZ35sz&k@@(wE!cj~V$U)ptT@eGl zrX?fJI3yO%(L6P?{X2Oxl|F00t$MzG;tFezaseY&Gwa1>7cOSmkKFV1!t>y+a5pMr zSl5Im#9|zhQFZNPei)+WV(H5DLC4Eg)-K#iC>cdIu360Z;W*8(J>&J7WvqkNPpq>B zL>dK^T~`Gz^$Ke%_7%ymUeT(*4k*m@fX}z!B^l8+G1nhe~TEJlItnB zj(e0kYQr6-T7BiJS*e=!SzcP3wfgO43LFBe;|DgPXb*U~f*+ggGBHIjoyX4s=Vw(f z;@1|loXe7{K6-1^3p9MNb}p97W(jKmzBk}~3oRp-s>|66jMSw+{& zdRFY!@uWb@!SCEQo8^!k_BOm}$fEE8h@rLB&Nrm|;ERTjt?g8Q$eE!!KDg@EmLg6U zR^itSZ0F%d@k$IwtgCbd$360JaELW=9I(dnxB(9O(CIB|#81DLhn!*o`a)gpv$o;{ zKsoD0Sy$4+^p<>exsr9o52SJg@5{kVQij_&h6S6N-ixwVo3n85h*aC5Zn%(RZ&o>9 zvV=faS2T9^LwRL!o!f{)B|?AoYUal$IceMQvF#>!-FKfC*A6p8X&^n<<8lOJqqgtZT*g z5u%NBl714Y;IKpRj_C64ljEuYBs8 znxkoN>}^%5`l2Yq>LZnft5v6;I#=hON;a$wl*E2>P<_Ap9`)nu@2Q_tKdXLC{VVlb z>NnNzs{f+?Q2jw+;}z)MdMUV?f}IrXqu@pgG8EiF!95h*MZpXOM=5xef;kFu6g*8q zg@R=Yo~Phh3Vxb`pQ7LwDX3HM>lD0$f)7*hK?*)a!6zvA0tKI^;Oi9pH3i?M;3W#a zN5Q{Q@M8*oM8W1O5%g2Ahl1S{+)BZI3Pvaxq~HMx?xo-q1;;6Pf`Z2=SfU_Lfl0wL z6udyet0{OR1wTW8>1^ulA4575u|Qm`F;a$ySv>u7BAfAn;K zo^GaKmVy%$R4LFARIPrJ6FwtHetXsT*VK>K)X&w_uhrCV)zt6S)F0MZL~1M^H5QE; zi$#q^qQ>G-V^OHF7}Qtwo2BQ+bszHABNI>3QG3{ zDBahgbl+Bgpni`vPW`d1ZktJdS>5)~6RX>;^u+2mLQkx256}~<+bMctb$f!ISlyQB ziPg=dCswx?=!w<*JLr<)3U#2Hkw{OrBtJ}-;#On5a zdSZ3!A^Bx>+fGlcZhPs8)$I^HvAT`Z6RX=4J+ZnyOi!$CPtg;r+j)9ob-O@MtZpyT z6RX>s>50|t?exUz_I`R|b^91SvAX>!J+Zodm7ZAL{)wJg-M&LltZx5HPpobmNP}42 zcF_~7+fDSu>XxP_RyW$2E<8&b#80evmne=EkM=xl#iOMjTk&Z5!B#w)_Ojyf6s&4( z@%PYV#jPzl96_Mr42=rx7#fR-bavn5kFnFCKSqzfyihK>ojxbs)ez~X?hoYHFG}T) zb_VjtkXkos41aZFUd|iLWH3_9;kpaP0(EN>*24JC8rD*GUyAt}h$bpZMHX2|Riw>7%A#Ygwnq|ja80lHSwD<**OIolfS@5cxG(WJoM zaGAiuondRRUx^R)%SnOVdwIZ;``OlD|200?my-hf6PFEa8!_(N5PMwGgQTs-C2jgr zugAIZvVk3I-Lk3pVD}~kHg(y+9&QcxNPMv4NrAoTGJ%D+*4AL>~|J-r51!I9kh&Pg}$NoA_|QniSjv9l(v(wrzCw z-{XV*PEueGUN*2Jty^|rW9(7X1|&^n6m{EW13TIp?9K7P-jo#BLmhyPr?qXT1NX&; zdv{WBZ|?wZJgsdrLViVju#Y4K_Kps~hAdF9kGs~AtH(!IP70mW0lM3o#}V)`+8Ub` zAKRs*u%(m2X12!moAI%|D=BQ5q_8QivHekeY=4jxw!x&Zoo|ip@8e_p+oZ4!C56ps zjqShUWBZS!unl*BEz@jETyLPQ5pL~|J*e4)q=^h_Mmj(^*o+WYDe<35BoCjhAs&nm z@s^|@j&=a?j%J9qce2*-9*hs~{-ofIbpS6!Mnwx&S|faAe1wlDh463(2*VnX{cyI1 zw-O(okrce~4&a3}pzA%aHNu~ZkML)cLU?Bf2oE=FV57gy)J+>s8zrJKRw=Dg2Bu!*Qb8iQ&7`AeO<5j9;-&F7%ZMKGc zM|`-qB?b4s4&a8^R@-Ty=OnW=(4+BzP9_EP{tkeK*jC#8X$|h__~6bZ1@3_kz=f?p zvCsw`Wwr+UY<#e*Nr9c{0PJLlA!4w$=RH1*>359T8g)HB>Yq;v^@AOt9&1M3;CQk% z&JV`N`M#uZPIiEExEZJIZqjxu*&5{M&rDgwq`$ z3^BLl;ITEhAH@gvKS_Z*nhZGd#@HI%?oF`=KvyAYA_Jgf9e@itKkGPVY>jU)K0YZa zd=GViFJvCV$3Wn(u{FTs@c|x73gAo!08chsQ1Z#x-os*R`1$zo<)q*r?*M+tJjJ_I zK>it9!+dpon9p?wGjK^@)~Etd0ciaFYz7O2#=5lXYoI?{)W12 S4dm(iuyf6pE*#*$ZT0_C49lJX literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/.doctrees/revocation-lists.doctree b/ia-terms-updates/it/.doctrees/revocation-lists.doctree new file mode 100644 index 0000000000000000000000000000000000000000..aaaf6fa0bf4aeee077a42b9236a8b54e76ed1b4b GIT binary patch literal 36623 zcmcIt3v?V;d3GX8w&b_tIB^n_jh)1fliAhNN}Q)6$&UPx9ZN|_g0mUzjx@7g?QUjf zB|9OM0HN!43N36;AGC0QK6n?(p)JtTLTRA|N(;25Er*tzL(j=+p)GAWw9rGp|DU<@ z*qzxO?T&MzyYskn@BO~}|Nnjeer@m1uYdD8{?FQGR8*~WAuZ?grE*>|>ej}5Iagg) zN@o47_1j*kKVLs+_3QGgQLgGarEaZ5jGU?!^SV;1pToRQCA1l-D;23pLJ=%U7uiQAD$W+0$VOQKiRypsFgHR zE0>J4ZkTmzeNihZ^%K3-1%STBs4f_$W`e?U$rsmUAMEW-r&F(9&|jTGJsdfbQqAS! zz(6XMx@SSp+&3WT>%m+9SH1k&e!IhR?rib^VHm8b*MKT@56HhBe|zzFBmQmzReg(P zeOacmQf75^zj||3y+s{V52y##+fMW$fjg=p30PMy=yh2nL!TV-ebS@es`dc&?Y3M2 z*~5e^rz*Mgl9nr%UY*jGpl2f9t$rZSSV9=Qm@20S#7I4)P+x^j4|ZuL}kt!^EPkBkzN zOL;9X+fr>^aj337We}^UPysUzvjbrjp*|5>3oN|hwNNd2C2v~~x{}Wp71LC7=|V^) zIJGeA*7Ln>xNn_aEaEr&0fbV2AcFeF%kxbGMREkDQWq1Nij1=`+mP(aSP#9nEG4R{c9tkxj=%AJ&|l=18f|1 zYce}sLjU4ox11bq;N&`&6Q9taLx!w;%($`kd$F=^EJs$l=jU);@N-=xKPvHa@|ZL+ z;Zd==x|)`kpb1Omm9z$B(9qOo&|{OUMKiOg!GdI9T*`P})-Pu52gTyjQr7KnX634> zmUVRS6eByBuH+XRi0UmaNwVzY#C_nwKPSZF@)SsrbA2Q^K~-`zAv=^F_PB~?GlG(f z1RB_IRYfu!bsLg~edM_B_dD;Y5Xq?$B_`OoVU28zq=&j=0|~TcV?-Ki$p)q2wglZO z4kaeo*t<41Bv{Gr*l1;Dg=~zrW`hcm92=CFVB-~QW}{0@8I7SSqpdXsY$T{Dl$c=S z#x=7s)~#%ewbhhSX{?o|fDL-@+1M_d;4znt)SB5i+$|f8jjwAZT`M{&9d5%0y-$n{ zufe@(jckl{Yd4TUTiFc*`#Mq$3gr@9^WaC_*d*-yT(pb9dR)v#jU}U%3ITMz2 zObWIvZVb`R+C>SlG9h{;oizP+u>>#sJK&{Di%JD(?0vYXUA-Y*{QVC%Mu3-~UG16| z&$8Ye$;%_5^3tUxX|y9do8-iAMclV87eO0xZ#VMcS&&;IISB2QO5@#H5G2r`FU|IJ zyp08+G!nBQl$g+zTO-*Bw;=d70X~`-arMB}6fhFt#Es!f2Nxy4N>`d;);IB7kKp)?Yd5^of9MDkQuE9W!!W5)Mh{L!-MEh7`BkEc&&)5C*9 z7)*|hrw519gM;HE^gBI!tbv+d1q)qd%dv7)Cn#av96^`#8fW->Hwp2_R-qAAgHsZcf)seok~X;oQ}BM9g|V*xiE33t|pJMT$B>|Dzs$5tK_ z^Y8#EVXJ|JH9G~nYI2ISsAIRwYFR(u0KT8iv?S|`zM2j^^oTesh)A$Bf|8L)N?t{j zoW=s@%+%o$m>7*@;wfTcZb~}-Sm!p}P>Qrpv!XzVj9js7kf^|POGASVlF?`6 z>4lF6?}^8OD-*Gm(l+a@$|0B-i)6x{OmSr5%o;_4w}F+=(8IDDEDXbgVZzWagrVZ& zAn?$m;pmz~A-V(t`r%0EZ13l0PM=wcF&;*Du7v7F@3gqc@{c9&m0`jh2Ds1A%9R!W z2-th#L2WzcZI`LQI39_Sdn&e|OOH-^)f*{ezMh#QUM#!PN-i@vnrRU1ep|5d(qFIs zhaq4)&02uHGZO3^Y4sV}n&`;n^o1Puz6pU6Ha@*ru9i>=2yMnMKazsza%oB7ogbN% z;q+j-QI)s*KcM(N;9>7P{O*)sXT=cc?}|i!H=#d1arTslxY?R=?-O!cko9E=yD#Np znE0-z*FI$8-a|7aNR6L`KyV}y!3-fddvr2&*XZb79*RhTX&g$}0-LXtD-CkGQD4kS zl&B9AJ>!h<%)@oJz|~2n0^!|}2!{#b>4`_?AM%+T+Sxz_RPwZ!f(J^t&EW6wIEozX zV)Ze|fMs!?crb1iFxsRoN_Qe&Z3~ZX0QqPu}3wWf28$_eS!@ zQw3bp(%k&S{3CPH#N6EU+4-5%voR#ww!(P@TX}P3$uY!eXR8Krs_5L{W(J2F4f5{r zs6Mfej^UAaTu4u(62vc`VCud|rlwq-kRBbD$bd+SkYvzg?dNmTUnHd~u)cd{7pZPxU(bhJi$KRX~qc&DxO~n?3 zJ{U=8nFu|hTue=P9QY_yR+J(tR8M12u0s`gAYak76*+g22kKbX$26;XF(WP{OpZuC zLihWwrIp6jifs+CecaKjl<#A_^4NO9Wh?m-3eqMcNjpZQO(`o{PDxGDp^;F=Do{V> z%iSZ-ec(KQ$7dWGIvbnqSCakCTflOjr^IuQ2G{oBOHolVvK0uYA`!lh5ZdHJI68!v z$>-!s#ZHAL;z3u&zC+a>u{DOIU6l>>2xf@D7cqoELB6Qy4dnE@U;1Pu@X({h2$7EV zv~*cqLF#lQsS1&L>hzRvDkyxLE$sw$HvJ9{4v$KMV;MTCg=0rmtW9JadUsh&oRzek zoW*)b^RD0Z%jLX(PDtE)Y`KdWm!mL(m7|fYumw6ZHS0SS5VIhMGbaPAV5-nCb(~s3 zFSwB;u#+$4!}y`+K9O4Q+@1cBALRup;Y#lOYc~IOno9?m~sAnQkKS5P8cV=cPGdVLYo#u%>Y0~Le&f!E0rgL-l zgq_C;O@V82+L?^j%9sGbL6)4RNDPpVZZ<7b-ReaOGDzoUyj*GDdhjV_F5+KHWhg57$_3_hX{;Ut)BQ1 zrnYQvKC3)a)pUjY0=PT}AG(-78UwS#@Q0fizM9o=(?YSFJD+`~S~dgLVTXjHqR*s; z2JGKqalW(P+Oz=8P|PfuNuTO^rlz0XWU*Mf?0Zed63MaP1Qf6EmsB!a(VaLhzOTf< z7p&83K>T0etI*TOzB>9MWxBiYXB@TgCH%OCU;`CY;0+Yj#^7v}hMxeA=$=n4yo^-Z z8O2~}abC0VZ7xEzg8`DLKxsWeZEBGE?5e3-S4hD?mCUDPwhp4T?=zS5 za<$U*ih2TYI#Q$_S<_3`05-|hMtoxXXE?EoiZD~1+eQfI#p{u z8NK?6D@jzw?QcdylDD=AOJ_(+*vUh#Bz(?(=<8woYhj4h1GDOFvw?=u?_kMm7K2aY zG>X&|we2qMouNrd>MZgYo}73X*ic}5rf~a@ZDP6A-`Cq-NS&s$2T_Af=k1M6=X&a~ z3vIA(+?;mB$SJ4}*lb)7nFjdYs|6^a)hs^+UKKP%Y~;$Fy{Br9?5YsTwzYEoNo_%w zb&Ql!m?}m_c{rXaX_boN_32y2ae0zr@Z{9Up{5!cT1$=G9V4e;jbLM8L1Y@Jk?V^B zKCi$Ke949H)rS`?gr#`3K?vK{##Pf7&}GBc77S^eO`EP}guZjxpO3+b!~Vlf?2oU7 z{e>7g1=+{OpMuCV!2VV64aab?PU^z-Sa)Ch*@(wB5P3HCVBshR3gkX+sIG{PUc|%^ zCm;C^Zqz)Lvpqq1qn18vz=e^opSZ%>qg+7m)x?aQ11_IkxR_;+bI;cc&x6Op-6)u0 zT@xA+6LyG3MYp5*Aqf;>8q4)o$5U6+L7l2+L2hG-%2Szk6r zURkIvq4--JCs~N0EAld)^wSX&g%H(i)>f?qj^INF1_<23(^(bgOYVf%#NdmpqU&Wn zD^~S*fS~2zp>CVaa!3k$8{RY|QTQOl(AsLJ8Td`N5 zob?`ASJLG5mV9-&l6A!or1Aq^!Gp=91h?@M7Hq0|?@`6T>~%Q{N05lM9qNXoJNB}c z^Ce3Nbah2zw?LFu7Mr7K*a{#{DK`kUu(fP6@W9O@&J$pz6<=&|V%jc+$UEh3+9-y6 zoPAHI9!fBe8s7xRj_xfabO)&y1gEqFIV@_+npr=!{eZQ#qEtNlL3lRP6WUmjCB?9= z6$?#xY@{m};kKy6>sNK_YKqAPKuj!bqVEB1BNv!TMY?5h6qIhoPQ8ZY>4}%TyBjZZ zCk5|htV5jT1t<|bHr7vUwDv;Xmb0#Qx&|<7d*QrfZ8t8WA9x{4d+mz&V-K1%)U`Gn z*g0m}(|iVqx{B|4*3Zad22h6kCZcvPHoQWE(0eDz*%QQJa%k|%w$^`$+zeEI>csq0WJ~^^CF6%Dsahm$+{Z5=jHQR z>~_HeJB#wwtR2o02jsQ5Xq&W4R*zCzsiO;SZM3Zk7Um(18r(rbKg_J{=#A0s zX!Ib;)>}QQ-l0ALCy}eFs=ir$z4~_bEmdo0Ag=8KmE5J0+fMapz@K2ljYWp&!Ab9HX1WW(A(QS3Jd)eoreRX?HruKGFkv+CE> zzf!-YepCIf`Y-Aa)gKf#UV-MVmx8M)*h#@Y3T~tzL%|&s+(W@#6wFX?l!8Yon4=&^ z!P68}C|IW8c?zDT;HN0~NeX^}f;t7iM!`EN_y`3bqTo{$e3F7MQ1E#QzD~hkQ}AsH zUZUW86#N?nKc?VE6l}f{K|ck1DA-NGtrYC1V1$A}3Lc=~UJ6c8aGZiCD0qy5B?|Hs zm=rui!3z|;hJrUy@Y58$je=jK;5`)lIt3r2;I}FG3aB6r*0@@0 zT%|Rx&Kg%`jjOT7RaoQdt8vxUxY}x5Wi_s@8dp_~tEt9SRO9NYan;ngT54P+HLi{t zS4EAhp~h8EWBO}MeT``cA~04f5Z#xU>Pt-XC8qci(|d`jy;N2A5Si~)-wmbv2$b$q zP`WQb>Anu7`?mT6^?R&w>W^)8+f4Gy>b8fjSlw==D^|A=x?**EfUa2GPSF*s+Y@xf z>b68ztZpV+sEmO)$LE|iq-9_bj9lSPjtoV_8q!nb^BksVs+a< z8pP_hi>_GRZlWtzw=`X`y3s0i;aSokzGB6@M9*09X#K-hJeu~g6_2JOY{jD?Fe@Gp z$EwyAe+x}k+}e`EW(DfbP_Mv#LVYn2&u*LiPwaSTkI|wpFO-XJqt8)yH9T}<_Xkq! z7rF9BI|J#XORbyKhrhZpE$0nJGUzGha4-gafx5K`^J09u4Rb4S6+Y=ae=D_7p9KCB zR~RqW&!X#t6%ur!9Cy8xF(z2I8W#<8l*Cha6r=XqbNRv9>+z{-rAS*+loUfrNu;3$KSi7{ylx|XTf+ZzPqp+QCrP@vrNfWuQR~8!dg#e8P39I zW{;l6xXu|6+C5*#+j$=ihIb)h4Dd-BgR^YdJt12=-Ojimm8d>gxEfytr>q0qI;%4~ zEM)@XH;0{QIIp;f&6AgDTZ+r*czi}j+c4V1Wg&wvf=mhmF#!{o5$Pe+i%wlqA#D4w z)rlP0?xWo(7!G^WCHb_sPI4wbvQyn5Qx6Jv_}6xT??@;<_SEb5#M>HdAwJlpq`>a! z0PF)Tz&1J8Z4LPi@gcvE6y)nVfP8y1WOk<88r|FDqkCIY=&tVoT`TDoLqhngZ4LJK z;)DHIQebbmOkm*(u{GGQ#0UH3q`>aIJYdOnZELXq8XxS-Nr8REWdqwrjQcjk?w#}? zYOCH!o3_+zac;b9V8>e5Y$`t3y-9&hT{f_XTZ26kAMAKiU~jriVBzVtHQ4$1U>{Bj z?7j}b-qYN$@*a5fBV1o>?7+1(+){kF=aYiF|1!dDW29>F;l7v@T>5vHc-*vxZvUMz zYPXHnzAHY|cO(V%mJXoC=tGge*w$kF`|-hkJSniZb^tbx*0R&o)^PtOKHRS+1@}M) zaO2f&8=d|4_+Y=26xf584eUtknjP2}yBDLJAfNcYuogYUl||lBT0e1qXV!Z6BO(pueIdr@zIr&LML^A?zZNB z1pJe>#%9IGb}1=r>7=lkt+D+^d~EMd3R@;AY)Wfve-t0vA0&lsFez;3TVwnC_}Kn7 zDQrVYVKZ7|`>*)e{v#=D!yRDDG}{u_lW1#%Tl-^oYBnKiBAuF%4iFADBg8>V{4 z9keyXgYhBWk`%pN$Xh(@B9l(gC=1GdS#}Wj~#*0e&++z<)>z;N2Yn46!rpyRFS+ z%@5+k`|qUS@wr{vn6icm*3str6Agv!zq55M?i`5SquGY2iS%gh?VuLJW-hSdN|o%h z3!anC)^P8L5BIjD;NI5(+z{JpI~?>JY_+Ab+ugZzAakbjaC$f*uMhV|n?$H1~2f0Zr<%-oj4#Ad}=z!-9E&WIy aoW*};{f%|m8pzY(V&@Pp9YMgqk@f!@3+5vL literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/.doctrees/ssi-introduction.doctree b/ia-terms-updates/it/.doctrees/ssi-introduction.doctree new file mode 100644 index 0000000000000000000000000000000000000000..1eedb0ba0c30f6d169dcdb26ac825632e2a13769 GIT binary patch literal 36623 zcmcIt3v?V;d3GX8w&b_tIB^n_jh)1fliAhNN}Q)6$&UPx9ZN|_g0mUzjx@7g?QUjf zB|9OM0HN!43N36;AGC0QK6n?(p)JtTLTRA|N(;25Er*tzL(j=+p)GAWw9rGp|DU<@ z*qzxO?T&MzyYskn@BO~}|Nnjeer@m1uYdD8{?FQGR8*~WAuZ?grE*>|>ej}5Iagg) zN@o47_1j*kKVLs+_3QGgQLgGarEaZ5jGU?!^SV;1pToRQCA1l-D;23pLJ=%U7uiQAD$W+0$VOQKiRypsFgHR zE0>J4ZkTmzeNihZ^%K3-1%STBs4f_$W`e?U$rsmUAMEW-r&F(9&|jTGJsdfbQqAS! zz(6XMx@SSp+&3WT>%m+9SH1k&e!IhR?rib^VHm8b*MKT@56HhBe|zzFBmQmzReg(P zeOacmQf75^zj||3y+s{V52y##+fMW$fjg=p30PMy=yh2nL!TV-ebS@es`dc&?Y3M2 z*~5e^rz*Mgl9nr%UY*jGpl2f9t$rZSSV9=Qm@20S#7I4)P+x^j4|ZuL}kt!^EPkBkzN zOL;9X+fr>^aj337We}^UPysUzvjbrjp*|5>3oN|hwNNd2C2v~~x{}Wp71LC7=|V^) zIJGeA*7Ln>xNn_aEaEr&0fbV2AcFeF%kxbGMREkDQWq1Nij1=`+mP(aSP#9nEG4R{c9tkxj=%AJ&|l=18f|1 zYce}sLjU4ox11bq;N&`&6Q9taLx!w;%($`kd$F=^EJs$l=jU);@N-=xKPvHa@|ZL+ z;Zd==x|)`kpb1Omm9z$B(9qOo&|{OUMKiOg!GdI9T*`P})-Pu52gTyjQr7KnX634> zmUVRS6eByBuH+XRi0UmaNwVzY#C_nwKPSZF@)SsrbA2Q^K~-`zAv=^F_PB~?GlG(f z1RB_IRYfu!bsLg~edM_B_dD;Y5Xq?$B_`OoVU28zq=&j=0|~TcV?-Ki$p)q2wglZO z4kaeo*t<41Bv{Gr*l1;Dg=~zrW`hcm92=CFVB-~QW}{0@8I7SSqpdXsY$T{Dl$c=S z#x=7s)~#%ewbhhSX{?o|fDL-@+1M_d;4znt)SB5i+$|f8jjwAZT`M{&9d5%0y-$n{ zufe@(jckl{Yd4TUTiFc*`#Mq$3gr@9^WaC_*d*-yT(pb9dR)v#jU}U%3ITMz2 zObWIvZVb`R+C>SlG9h{;oizP+u>>#sJK&{Di%JD(?0vYXUA-Y*{QVC%Mu3-~UG16| z&$8Ye$;%_5^3tUxX|y9do8-iAMclV87eO0xZ#VMcS&&;IISB2QO5@#H5G2r`FU|IJ zyp08+G!nBQl$g+zTO-*Bw;=d70X~`-arMB}6fhFt#Es!f2Nxy4N>`d;);IB7kKp)?Yd5^of9MDkQuE9W!!W5)Mh{L!-MEh7`BkEc&&)5C*9 z7)*|hrw519gM;HE^gBI!tbv+d1q)qd%dv7)Cn#av96^`#8fW->Hwp2_R-qAAgHsZcf)seok~X;oQ}BM9g|V*xiE33t|pJMT$B>|Dzs$5tK_ z^Y8#EVXJ|JH9G~nYI2ISsAIRwYFR(u0KT8iv?S|`zM2j^^oTesh)A$Bf|8L)N?t{j zoW=s@%+%o$m>7*@;wfTcZb~}-Sm!p}P>Qrpv!XzVj9js7kf^|POGASVlF?`6 z>4lF6?}^8OD-*Gm(l+a@$|0B-i)6x{OmSr5%o;_4w}F+=(8IDDEDXbgVZzWagrVZ& zAn?$m;pmz~A-V(t`r%0EZ13l0PM=wcF&;*Du7v7F@3gqc@{c9&m0`jh2Ds1A%9R!W z2-th#L2WzcZI`LQI39_Sdn&e|OOH-^)f*{ezMh#QUM#!PN-i@vnrRU1ep|5d(qFIs zhaq4)&02uHGZO3^Y4sV}n&`;n^o1Puz6pU6Ha@*ru9i>=2yMnMKazsza%oB7ogbN% z;q+j-QI)s*KcM(N;9>7P{O*)sXT=cc?}|i!H=#d1arTslxY?R=?-O!cko9E=yD#Np znE0-z*FI$8-a|7aNR6L`KyV}y!3-fddvr2&*XZb79*RhTX&g$}0-LXtD-CkGQD4kS zl&B9AJ>!h<%)@oJz|~2n0^!|}2!{#b>4`_?AM%+T+Sxz_RPwZ!f(J^t&EW6wIEozX zV)Ze|fMs!?crb1iFxsRoN_Qe&Z3~ZX0QqPu}3wWf28$_eS!@ zQw3bp(%k&S{3CPH#N6EU+4-5%voR#ww!(P@TX}P3$uY!eXR8Krs_5L{W(J2F4f5{r zs6Mfej^UAaTu4u(62vc`VCud|rlwq-kRBbD$bd+SkYvzg?dNmTUnHd~u)cd{7pZPxU(bhJi$KRX~qc&DxO~n?3 zJ{U=8nFu|hTue=P9QY_yR+J(tR8M12u0s`gAYak76*+g22kKbX$26;XF(WP{OpZuC zLihWwrIp6jifs+CecaKjl<#A_^4NO9Wh?m-3eqMcNjpZQO(`o{PDxGDp^;F=Do{V> z%iSZ-ec(KQ$7dWGIvbnqSCakCTflOjr^IuQ2G{oBOHolVvK0uYA`!lh5ZdHJI68!v z$>-!s#ZHAL;z3u&zC+a>u{DOIU6l>>2xf@D7cqoELB6Qy4dnE@U;1Pu@X({h2$7EV zv~*cqLF#lQsS1&L>hzRvDkyxLE$sw$HvJ9{4v$KMV;MTCg=0rmtW9JadUsh&oRzek zoW*)b^RD0Z%jLX(PDtE)Y`KdWm!mL(m7|fYumw6ZHS0SS5VIhMGbaPAV5-nCb(~s3 zFSwB;u#+$4!}y`+K9O4Q+@1cBALRup;Y#lOYc~IOno9?m~sAnQkKS5P8cV=cPGdVLYo#u%>Y0~Le&f!E0rgL-l zgq_C;O@V82+L?^j%9sGbL6)4RNDPpVZZ<7b-ReaOGDzoUyj*@=332G|Ry5J%lzI8Hw}%&HzJ9HUDd ziRIGv<504^q{|i6U#QJbKBmfM3TMwW69=hiF=>YteCQS;8>0~CC`&izjlS|!7Ya|| zrF%l^S|?}DylUV?7S6}vY_D62=m>6!me*V&oHBJ8YAjLzlhgLmJhuqGCvKk4tvS!l z!8~VtEI9H~nDsrgb{Ruvc!$tQaM8gya&U28Co>BO85B&Yzw- z?NT9b-Q0dTMs7iAz{$yi$hf+oc&GMuF4=%-P6{In2JE#=;%zGM)-g~d_zw{nuUb9v zBTQ}C-h5VhrmE=*`2}!!4nA}-e>4VWhv5%5F?=~{250rde1X9#y;ZQ41jngpE@uK0{q&QLCQr;Y+ltF31L92o&FzarwNhR|snXQ9p z?fc9nyKB_n3F>VBp+l2JSzA5?j}T;K zKn{jr<RC_OyBtui9yKo<84Qcp5+L3{S91ai*bgF2+|++8Ml(qZVF; zpCI8u$lDGbno^9MuJH~l2Y5m8eN}h^C1?ZQ_T# zj84^BPe!kP;z|;gar>LmkmRjx!qOSi5_a;CD+!;oANqRO{#qDf^}wup+iaj=^gCGc zn#JJLIE^ATMQyu_duM1;k~)h#h9@T;1~wGfo+;e^W1CoR_4oC*7gDF`>_OCE(|LPi z)485{>_Qvt8#kw2F>(s312!8MM5Y10_i6zOXf?}Efma0$5gWO3XYZ++BfBbuvTdzg ze^Oh}WgR1>6sC%iQ67$GN?N6&czyboaa^9H7(6*Oa;T|BhSpLecgM&nSR>e2SP+>8 zYUKK&fX^#11YdIDd-dT(3t=f%a! zqZcu8#K}j#gBvwZnEfp zH6Y?BDD1i_aH&^VTd@L39{943^SfDVvv|S|?q;ox23&-}(G|Q3?x4ju_7b>=ZYnvc zf|I#NsnIsvF00j7u9}sqS)b);wppv+p0dDpp*n7`WJRmR%N5*gvh&1ny>uS81I}$# zFXC>CSILdbSUVTXWwV6&0N)$%zJ;b2OV#D<1@d@DHL(>PX|0kaAAUSp zF>76KKfy*=ev+j@Q&#vDM0U;xj-x@)Kptas%q7s`Aev`uK!s~KaocO{P%da-jW@b@ zPkZyqLUjqn-|9HYLJVDzm+_>Zj+iKfs9v+SY9(+4A388V;1-_FsyJVAC%h&GUt|?s zFY8&cs>cHaEe8*E+iaFYQrO$@rXh*K2O);mRy*C0{DUtVKDM?~`5|Y9>Uis_TU(0Q zhggLNG_akA!^JDnHLJR2!xbWC&#@I76X^yx=tBdzs1ZN?S{`zWN$LxAwa?m$ zy#nQ|_sF`ECa<^TtIL(FD}ErAAMgquOeQ6`ji0b!Q`LKqDh6h+%UL*rM6B&lHyquu zm$jTPSwf(zD;m26qO`Ku98JSk0C7sWL8yhTWt)KqZXR)-04uHdVv7^gb}2;ODRVCOCFQ{ zhIOr2Xu@M7UAYLiMI~Ops#{l6OfCRoVqp_~4`>^?z*H*IErX+=bSrl1H6%|@yyV^8 zc#%6Pcqd~W;w&#fiQuuZeqy7w7wWd0b+ywqfLYrM=Ot^qaS{E%3t8H0SHvHC(4?WR zwb{VVG1H#rGeFc;e9yCfMiw)GGTb*2wR^GQ6&i&0!&W!2%oLIfNz5l)Vjrfwl;D_w zOAw%PPAe@!41`_SNtOc6Ive7#V?$&n+sa73Jfek!Y9~Q3O?iOSVha)!02R zpU+~qn^w%i-zwQzl&@y(aF#eAuf;{%q+POll+sEaU2tooZB4K+4{6lk4ifrdW^G4r zjBZDx2T``(>QVI$^$9qMTvb)|&Fbsbx2tcdS~~-AZ5OEIE|uJNsz(FPE7d2gpi4z{ zHPnBf`sU`xw2JojDiwWEUY(DQGclZps?`@G;h5WTus4F3ieTOBLx`>?x5fv3hts{hJvFMJW9bF z1vv_yrl3N>G6m05@GJ#CMZr%}@Cy{wDfl%C-buknDEJTspQ7NC6nue#&r|Sq3jUgc zZ&UCR1>d9K-zfMo1wW!-^OXqtDcD27ZVGOtU_S*T6bw@E00s9_aEgNC6g)w}V-ze= zkf*?;;28>Dpx`wWyorLJrr>Q9{2~SKq2Sjk_!tGhO~Gd<_(KZ5Ou-i^_yz@kN5RV! z{4)jLr{F&+=%G%=ItsQ^u!VxX6kJEaAqoyqFiycJ1>Ae#zR3sa_I(s=N1I&OLcu!f z+x#D09iXe5DVU|;1O-(JbOcqapX7vh(~*Z?^#e8a6E*d7HT7#X^;q8dqP9tFFe?R^uwGadp+Ws%l(KHLju>S5J+rrpDD$<0`3f zb=0^jYFrI9u7VoVUt{WPOgj*Pv08!XzQj~tVwx{8#g~}gOHA#hs=9~Be6RX$DBVY( zbf1FKeE~}Mbtv7p)gP$eV~taPY^&R5l3!N0J#@wDb}L=6x{c5ktJ?!~#p-s7u2|ik zpet6lCAwmDGwF)e?FG7Gb$b(CvAVsDu2|jPLszVBAEPT)x6jZOtJ|09iq-8Kbj9lS zGF`E{eV?va-FirVS>3kN6|37`x?*)ZL|3eC<8;O9HbqygZV%HHtJ_m_#p-sRu2|hJ z&=srOi*&{6_7=Kgb$bV0vATVLu2|hZPFJjMe@a)ZZeOJ5A2jR;dfmk_Pb=E8Zn~#)?PlAGYGrw2!TLG!!pk_!MfGBXrQAcp1PwLv1k~ay&j*cR*JMGMM=@bjs_Gd zyA4l~Sv!*27q$grUs_Bwb^N_M>fh7Xein?!;=2pG5w+FaH_Mc4^*RHbE3EZomfl(ov<;(8Toy9;BFLm55EC$Q8Ic}Bz39{>6~eX; zTb;;}?LOL#g5j_?U6N0G>m+C5BRka{GWDQvhktDc_>P3)V^6()PrR+c7UF|lN($_r z4!}Op0&J6W-PVxb5FhdjNkP7@1IV{GLuO~Xt^;p5EAN3vKf?9J#tvLt!!5;!dp;?+`!6HhHb$xzAMT4u!KHt9iN{TA==R?k zqjuY9?YrVbeMeGIZ|MMPj6M|ki)}5&zaJm$$CCnkYX@NCXe~QUZ4LKt;=}!FQg9D+ z05@LUw$a&tj}P`cNr63h*}#spuGxW&v3pS)5H*or)NPjy>}YGSH^&EiQ&M0LbpSS= z*0voE+!r72-ATc{y#u)Mw6;wT`IYg(K9UsJJ30UxGC{%q@mfo+9v@vfDRfc?=x%H7 zN5DU6Yiw40Y?qS4mQD(r*&5q##K-pTq_Aa@!ltyw_DAut{XtUL29v^ezBRVLkB{wd zlfpKX6gHzZw*QKc?LU&jHrxTWOtURXwiGeR7+#6Po0 z-a%VKJQyG1ElEKf?EvB(%@A$RX072p7$4sKNx>WI0A7fUiW;o6M)<1u2p>-h;o%Mt zhE*W@@N5llB|bbODR|=@zzeBB*YjR$gg+Y};m;(6@Xihp9&XmaMqiz+fxa(3(BDi7 z=v^HEJ=6@8+;z4F_u2U1KAjY}BOQQCH-p1oTK3b~8sInM1N?`i0N&jJzz{pbzT4VN z*8Ctoy#G!L9-rH#jVWuGU>$9)KhaRw{ySUO;?9BCJ(_KZnn;i4-VSOpY~}(Ru2jiB zyWlzLYz_C0_;7Da3hsR!zzwmjw!=Zs!DefqN8#9(c&eY`!>?^Lrj>Uw;UI*Gfvx8rR|ckHOSA$2l*#Sft>09WJsUgbvfA@;Y;xm z{$o-Ir#nCxVs6PfWNUCgiVyC8k^*-$8F1vuu{F5en__o>u0qsAIzY!d02i`<)^Y0C z8sA`id{R>Q9_j#J$T)eYk}%qKeXcvOfdd1x9$v-T~Qm$Cd;}C3li4J()(9)0O b!CCxg*56o{t${opE_M##(h&sw8(IGkj~3>G literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/.doctrees/standards.doctree b/ia-terms-updates/it/.doctrees/standards.doctree new file mode 100644 index 0000000000000000000000000000000000000000..dc64ede2b7d71f86ba9b99093a033eb67e3f39bb GIT binary patch literal 31644 zcmcIt3vAp*dUh;JvgAi>pY6m+eA(FXBaXSN$4W|+mla92<%i^0N^)^(Gt@4%q_n%- zkX$`3Ns-(&E!`3qG+}#f)8=q#3tWKok)lC+*WwCXi%ZcI4cfaFSKwM)f~IKD-nF;_ z*Tbb~`u{&UBzKqOQoB@;9g)M~%zWSc|344TKYqURmwxe?P4u66qgIjR@@iVh=gUf7 z)GTvrUddHUVp+FdvF>`odd@m-_Nc;&rc~9OXqlTJMNX27c~vZ1SK;AKOs~sDE$w8` zol{CR?@OKLZBCrr`_z-^bo%O3eD4R(|0?``{e$O!!;-qMT2ha>WlmhhQk$fH(ZX7p zT@?YUpj*;*ZC)^Y1zlI=`Kk^Ou*w~BUW4kH-MONmX%Gq5on@h9Uv14-E8fk#kXus4 z1xnMiS}Kle6#=1ct*D|Vs>`BPHM@18fNxk*ue4w4Fnf5HCb;Wj>>PqvErVc{vh#<} ziwkmD)@7xvrBzM0%q>N^EL!I~tMdT*CapTJ>9P(KDrH|tGS}c7gSL!^YlVVP?yr$ zasi1LU6J#;G@2S1a@pvlcl~^vYBz72%23Wagdz~u>!AUOqk389=7Ay0?5L`;WuAzS z3^NnTc{wlGQf=OF!ji6O$m&ICfGLOB-k^q%t^~FM32$&KRLfq?o3?{0=J}$i>!Ql7 z1~h`x3e#>oKhT8x==@?4zugZYkosdG)YlhoN&It`BuLM=R7(!kI|8X*38Z=l+KC3L zpFx3N5!A9=E^uItG!S=A)slqzxx6hjxwU?5U*IrVf^ z)N~=mtdH^8Lc8hmt{wA3nB;)2#ZqY`uRR?a5!z-f9#-{;WN7xIgcr! zMoz!sk8-;Z=u*kz4Yyb*+PN=7XLB=yh)M{($Lp?DdBVXqj^GYozQmVAT>xt-tQRPu zJUlDr2zfT$Uu$v9y?{7}kU6yiT5A{LgYP~+tXAAgcnv1~p83%FNNB7OW8*+58+;8L zr`?w1C(AItSZkM);W|!kaXIk`4GhSjC?7L!s>5C?-c9AmO8fi_Ta2GuLiv%9p9^QW zu`!Q|m6esWPykIRD9dRXltG5BHUlFzp<2{43o=-c3>X&$;uUp`wS`D%|@G=l8vD$*=S7xHWJhn%#5*d z`?}c}YF9Rfnrcdx8;a5tU<03fHnzT8x*&E%4H&Ma2r#k3L+~uHGOo{_%&KqK21RyV^D{ zo@Ko=l$S>X<)uwaQg280G{}kHinvc*E^2Ma1MSF%XF-mHau7HwtLb+(y6NxK2D-%F_=e!QsT{GPKL6vfFqB|sfn>! zPf5h8$`!@cH2hU60{qDo#ez`e>~9l#W^y_+_nEoOL$Koe0Q~T?>5;*)nRDq2e0rd- zA10GSBk8{WbYI`dApV`4K2t|crwAXqG@r(}5uS=X$p#!7Q5|MXxKLs)BQfV5_pKk| zVzaKo_hV5_%c8!JR@6cUzRhHC**ue1g$13%cy3YAL~ap2({L-|JSP+jxMC=kv^o+x z7FYZ$h0d)ZRgg5I=ODB zfrT=dnNXNct4_86v$j>ma!y^V;3tGesA4Tty!D{A+p4~T8Qi{5xaaLwJ>NFmC2_40 z=Ta?By!CKCyzVBgB^XO&0Q*A$;+_J~QlIgPEw;7AX)c1Yfl#mlf+btcja@$NwP^vYOLaaCAAvJsmCMU;57t`F+n-*z6`=^9?=yl5 zTX}R?hX;@xY&GEEo1F-|YH}jCpu%pK6-8aD1K&etniJFoUrX0SdPH1iL?l=nM#*3( zB|n9f%)kfEsfp}k<5M0dVXGKfZdp|21zDIcid+tM10YGrmZnt&GNABoh2F_8^r;u^Z zc79}*2hx4%dR5-#e*x3`fCoME@ViTbtyP1ezc&>9eTe?t*yW2J;znyqqfe0AML{ib zu=`Rd28r($eC$KU?maa9jMVr=Fa)Ea2&NFh<T8 zfhyMyvAPIkjb(9TJQznAj3#-r8s8sU{mnNra%)p%;n`+)kK&Q`1azWx?gK<@* zfdX#7gZVLRp_-SAun~rp#kIiA{QZRY*=45$bjv#d0>XF z&%fRn^vuH!xrJ>63@n%7dngp&LxgW?!q@wT2qmr=(I6wIz)&(|Xt4!9O!*p=-Fpy* z!Xc3ChZMt*oC-x^&mYiwaTg!GFvne1!2{MvXx&xYuq$e2dm)gf2K1%sshDRP-S6sG|uOTCCJe0IENZN$BEa$}3I6934 zGFAcgBfi`{@-zm{(|hFOP&e4vZa?DeXWj=aCqBjEJsMow18=g1icu^>I1!5QbBNF; zAB3Ytc$s`os8sA+a3LP(%Gh_%w4=7hptMVZCXK=h5%7f!!K5Hx6xBL%dfYdCGEx)i z(V_)NM{`=*tS%#UGL%#iNxe8T;ads{-e!wCft^ji1APNou5T!Vu3F%BRE2L7eBJ1d zhlR7UoD+EX9@4n$cS}jh``3iny~mdOF=Hbt!&o^T$_iPaOB2&RuYi~p8O~g&VFi{7 zHC+X-6&MBAlLYMK%lROFFy1FpTbz53ACXDZ##W0lbtaT4@Ec0;j}MM>vzO~cXl0P* zF>{wQ@Tk7G>RuVlaT@r1c^1VN<>9==kFzdER=KmGm7~=F@b4Js;DeoKFd9b#wS%Ip zw-)S8UqZ%WTWOOJXn+riKhA^VezR$>c!qi^6!jHslG#gB6PfX;Np6M~_PB9pTsaFK zEwG%Mvlr|B#L)xvwD4EWB3IaMXRo5qX;bRLb%EpH zC)){*B}LKq$n2SAS=hjK`(v1Y)#6OYrcFUERtz@4Tf7Kqr2UKM@DF&XO2-z@;3fFE zQoVY>(^x2|LPhcyzh!P_VuqD$-?)YHF$%qkMYttx^_5?p7hPv7aK3h#vKCLnJ0fei znn%7?BPV0gkMArN<#;1{MRu77#8nVtop-8bo=HVkLzi3JBuN&>S=SU27amFT?wx2yKw|auIURZ`A~v%cReN)!G+RoNwZ6- z>XoW)O_LZ*n>_^)gj#?#DhqC4oP<-9QUz|d*=6!j&=TDCI=5A|2zNVlCC8&DIX;E5 zJE4;5nq}@;P!zqa=%Vl8`5U0QfcSE?#IK^KwFNOdp%0ZSJo=8qs~Ti^s~rO$U?_%P zfp2;|^Jj+=ofjMjcVGfNl~f%Zb74?wo!@NsO5l>rZadB0;;Ib9(E^JX+nE>Vs|6@- zr{kOnDO6D?K}-*BZ4eQZWtcnVGSCFRTR9lmlna2c3i}%F0dM`<2fV1NipsOmBs4tW z%7JI}jW*E%IUKBeQkTWz>mXw0PCMU#@@pT|y=?Bn`h%!xlH(-`7On{E-&OFu1-A3x z=)W1PzWFItgawH_xZs1;hEITCz_Ag!V6|dFMt*waJcugT$W=?~GIzopRpGrTb2Hh_ ze6>{JT?qtIDS}3hunLVC-bgVd+t~D8R7C?Ds_<|C0i@am8V6fO?BSI2CP@gW>#|Jl zXqXodALa0~B>-`1+08V=RJ=_&Uza(4`!H$ z7T*R33b?l*p}SGTKyb;Q8&z+*#HNkwRB|- z+~vwNZnDgMn35_0DPceja}iKDJbFQ_a7X&Gps+h(g}5$zjPbH}SAj!k@U((%fjA5E zphR#|fOUSWc@V_1#Jk$*+Cbhu{o%T~OIw2vEUP@O@fP7nCpRc4`P(&EvDEpetDx2z z5cMg#w{Q8Pk`usf5UD)~A6h_zU`^OoH(;44#G?zU73(^kok9JYV+O99JHTYge7)zJrpL`%7|x5ELk8nrFn48*Yq{0f+T_~@O5(^e67;Z84kuWVBu}K48-ZGu3FSt37XlBN$e-br8lKFq_0VTB)ud3h4gLdZ>9I8f0lkA z{k!zB^y9^?H$V^9iNQV$_F!-bgWEC4U~m$H`!To|gDDJ7WAGRTvl!$scnX6G1|u1|MSZ0R}(B;6E|= z1cU#@VEbkWdN4SE!F~*mVsIFPK@9pZIEBFj7+l2Q90pe~cpQTQ26+s044%f|1q^-~ zgD+t43mCkL!LMNO6%2kGgSRpG0}Q@_!JlF99tMAn!FMtEM+`o~;9oKL5eEN_K?jaA zHes*}gB=(g#NZYTPGE2hgAoj}7|;NQh9@fCDiBo79&B}5lf`plq&E%eYlifWA${AB z-Z!Kl7}CcEHMl{IZBRoS)W`-kutAM$P{SJ3s0KBtL5*opLmJeG1~s5Tjb~898PsS7 zHJCw-Wl%#I)JO(3kU@=OP{SD1CBSLC3y>!BrI!NkgPhZ1vcV@`JpNIkxSSEL?q;}xmLH}Hzo<2}40_4qDck$QZDSEL?4!Yfjb4wN@i zk6n00>TwXSNIg#A6{*JvUXglC;1#LIBX~vXaSg9XJ(lo_)MFK|NIhP}D^ib_@ru;r zOL#@<@g`o8dVCeHNIkxZSEL@_!Yfjb@8K1x$M^Ay)Z-_3Me5OwVo&O^7q3V??!YTj zk2GG9df>!|)Ptr#Rda{GS47Kc?#RK!6o(Ml6WcL3{$c6t{=gq&r-MEadePFnQgl07 zO1if$(oNk{lVcAnm0sFYlRpe&RUOC8`|9&@p1=eGMrS$L1Off8Wp2wUu;q;oc!1G) z_qY@P3ZQ$@x(ve%nB>8L#W|A2F3=sM`J-_%x>H-zV6eiX-N}U1X-`-euK}a%m@h{^5Uj%B85@UEa7YWxnBY_w zXES0x?Vgvicp^TwW9!AXcm&>Xkx9qdNnJO$fNwMq9~~m%KO`g?>_mL9V@ZKM&;r;~ z5nvn6{fLHqEk5KYlY)Fp3y|+_giPmrM59}ckFJ^&x?5X77bU%H)&NIoM1y@fKG>I% z0(;vAfdwz^Xs~a_2m3}+U=MB#SUgoD8tgaYgZ=ZQz(>AJ>AVPlCqHV7;nLJP+c$7u782@s7u&*Qq_Gk-W<7h3N=MW9|_v6F;ouuF%YXNS&wr!%be-$6> zJ4t~(zF}Yoqg(c0;)8uZDX@2K7}#ty*#CEl0wI|fbOowaReNl5RGjiKDJy^ z*wRU1)1$FHA0OLuNny(*g-wjc_G|I6eK9F)eMw~F~ zK3X8U75^hX%#V_S`9KRWgH|qJe~`r4+uObK1ES$}ZH+y;>42n(bpH>w05`z4+P=`9 z?|(GVRD7TZlLGos3qS*GD}Mcn1~(cX+(=U3PPG6oX#I(Vw$}eY8thzru#Y4KcB}=k z;{k?N&!b!mlQUaIyu20p=F{)}z7wLws=GN($WRWWb@5 zc{I5HiVyDlNr5}l0=R(vvyQ)cG``-R*dv~9NSerq=WGl30_GvK4FufKqXFI-AK)EH z0i0?9;DtsDimv9(9mk{LKNuhWeM!MT*8=>(0Qk(G8~x6sQGO;q%17HnX}eK6|77#D z2UIk-x$XhvBezX1=Ze)lI7li5bpG2H?CE}d8vfI*pS9rMtj?pyspFYx|4Xsy{|Dl2 Br;h*t literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/.doctrees/trust.doctree b/ia-terms-updates/it/.doctrees/trust.doctree new file mode 100644 index 0000000000000000000000000000000000000000..ae5b516e590a1d70adc89925eed13d525d94ff31 GIT binary patch literal 36491 zcmcIt3v?V;d3GX8w&b_tIB^n_jh)1fq;Mw6suKXo1oKZE4G)CFjs{a$0ChTMjMs(C`0e z?mTv9c1OEo4!)YbbLZasefR(W`~LHM@6SK~rZxOOYl~4)wbI43oX?ladBvz(>+|JY zbxA3i^|#jVc%lAWeZSSO%PU5?s^^rtwFW72s#eVFN~wMxFE>+qQ!5&2Cxdml@>1Y? zwb#1IiPHw2dLo@ppMNSl@Y3_Ygnz&C((}JsSJ$1dtNqs6Iprdi+9vgjb*h!sSCLT# zv#xG5=4ER@HcefdubO~BRqoO92C8SR%N1qAKqQ`fOY)Nav_4<0ct7Ul+yz}(;57Xg zmx@P>icC<~S9HZt^kt=9wbq&PB7IR;2h^QvkJX=bX~M5Q!OkAU8W{pxE;)a)d1XN> zX{J^#8EM@x>(<($R#NIGdaLsQeVtLAH%!e0h2@ejt;;^x+nr9QUNf)1CWUr5awMgi zOT~eKR4R4vyqVEZ(6Me|wU^OHI>*{&EE{kmFlLNj_deqz19-zL{ zmMb88n2_aEC3iv6a^=!%QreQdr~qR+ox%V4myww&XLFjKD=OJVT~SI|{$NSgFQkp- zMIz$Jik3IkBdMWLmyKTj*3ZWS-R5mm8Od3XTm)eQ9vVm-*Q;(_Jv3UkdaAlsw+_Td zMw!W_yq1@3skW{fv|>9&xN)E3vYNUR7+mX+qQ$QF!5q15k-puVy2x|)5iuFC4OF4d|-^`=m&S3;@YM0TQy z>SsydS7g1Ul@=vfBLm_tX(m)#sT5&#Ao_Dv)6`OnMJ)yEvsBSiPz+Nk!9b+6QtIid zVwiGDSReTrm<=UmluPAQUPc0>%qzMW8XkG$#bU}-m6UQ(UaAxogUOR&Z}UW+scMEt9a-EII+4_pBA3jR zSx(I}W0GJ@8E^!7n>CYc#&wsdx5Og~oo%R;ZTAt?Z}pk7zNmOTH!SP~ILn@%o|KMG zO;XokR*WN=Ou3?zw0ydxm>Hv@pv$r&qy+`S17Rtbq(j+3Y4~v3w*S;Y3&UrvD{Fa5 zi5fZmhCj;fLeQnM#XH<#p=9UYiO%MF0g;pty~n#;tMa&mZGynPiQb8Ls33v+*EtLR9QEbBP-qWbGR<}xgnAtmH0V% zOd22es90H9Nz04SgvIi5T7xoZ=xQ?WLOiZag#mva;ij`2{vw8B^$%(L*21~4BE0WEFEge2Ib-Q z1l=kQWhU6zy*f4|Sjq0#Xk})FY>c#KgDR068VYtu+N~B&aEr znPB7QRkJbLt!#|8)szuww3ViS4SMg{*e<)^QJ0O>s@XW)EgOxUuWKb;D>@<_Zo>w> zPmB$(!@XsdY>akmH;_SF*%)nOHz<$9*r3dWrtFDi<9uLv=Jc@AXu9iOg|ld2WT!hg z6P9#T3id2+3enHnRSB>%E=DDtbp3X<1TT9#;H688N)>1veYmJyy&+!w;}17QfR~_M z?V1FcRRzP2oxhS0%toSDIpHCwSQx z$xD=!bZI}vnyg2dl=y9j``*V$&~kJ&2B8WGHukTYjp6RbAY2ek`h8YO&ZMsXRu1@$kX+4XfJQ9==Zx(Yfl8pr#c}z`D zj?a2ZqEvOMs9a3rZ@D7lPo}6W%0$U zs-cD!DqvA`%cOPF4{0_;#ESed}Gt(L~m9`)LE5!R(TpT;I|MyX194ZmTnwYO z9Y=XgtiuDOgrf!$_Usg#s>vzRf{xQJD`ovc1NeS6(~_(&_*yy;=@D^O5RqVQ1SP|f zl)RcKIgJg@>B*5tC#F44qE<0Rq-90d7BqRjs7N`S1|X7%EyJkF#071I9vTkY3LUWX z99hn3K01Q29v>$KABogNFfkIz#FNCt?4)%3vCeI{p%iJKW?6v{8M$KFAW?zomJSUz zNJgKLrx!jRycmxIS0-XBrES(*)k82b8p(vcnBvI9nN^Ae9|J3)qlaZTSQv%|!-Sz< z2t&okK_Jqj;pnPFA-V2FtmWC++!ixyz-iUd1LT78C&COR@XbuovtZ$hAijZZI>t0mL|LYwi+kE9^ETv}B4 zpFQOvZnma8`h?sTWPM4( z=}Wm7CcbOwwGWy2?V&j&NR3~FKyV}y!89Q_dvqdo_sGcI9*RhTX`D*f0-LXtD-CkG zUSG&bl&KFB#c@H1^KjiGaCK6sKzL6i!XZLFa$Xgp$^bc#x4RV<;Ihv{*|UQ@#cjzdZ<} z(GXbnBZ?779*9I@&mYKoNv9q;IVYW+nmr@UJ$}ZwK+ud#u(pJAV;T;gVkTu&FkDn5 z^HN3OQDayO?yy^szTz)9wGVdGdyfWpPTfVF1SjK>oGg3NJ3cozMY;|ZmnKe5PtD9p z#8qr{=jAXPHqOw|VP;ZuXukk7ZW#Qbs&T zSR9djgzoh{OUsSB6%RM8{W8gf0$9EhW1{)jgSCakC+rV<-QzG7@!L>d3QZ!VIVg?~ix|SBAYWAU26Fn{FMTo+i1cVN zLZqWTEnQYukUAAfszRimIz8!I3JO1FODBPyL%&0VLnG4QXojw8;o4CZdlT7)(Onh` zXC*BsXR#mBeCl`YQaSHm6B55Yw%pB(D^VH2%F#$x*aDrIoblZXh*^=tnUeuluvBQ6 zI&Q6C6x>J>*vXgjVf;|MPo&m5zde2wAx&4dT7s!#kxb#nmEoLZ;Lew4QG8Jz&KvwV8*&ttdnmGUyc&S}9TO5Z>^y_fJQ@fNiblM( zU~l>oF&10ThlHR3J|zA)4~n~I(_Qfb^>ifabJQfWXQn4J6Vp@DX z=Z?o?)=@BYJd&Z!#1OR7FzM3ik)TxU6zR zG8bMoaJ32--Ec|QtwnSKw?<2=t`V+_x(qeesQ-y6`;MJk1z(I?=Ci9Vb7Qc~X&(!Y zWE5t6an|-@3WQNErq1xn3thtzEfe<2t(g_0W{!|tM$({=Y-wbp?}@q7lc!xO#80=h zUye~)P#SOrvLFhs&MV&ayX}iMU|L+l6oCPIU5t2}3cPhJ4GI231jcJtPy7f|Tedfz zRi3VDx&KdvEIM->%#168##I47QQ;hz(_7flNH&mnJ5{D_-Bj#1jDo4yjl6VQ^4 zfbR*aryq^+KGq{O1G3m&GX};z4-}5T_@i8@*}1lTJ2+Z#4Uz`!&P|PWXU`LJv~8VQ z!G3>=`YhZ|#r1ER?>X);T$>apsawliW7IMzEx0jN5EW+K?KP=pJ|(kt5dC_exu}<` zm8MtJ=fitQk%m@HFI@xJBvu1~O7&YkdfD%G!!tC!Fp>JDrcZ)8+kfD|L{Zk34#2eoSs9Rnxm3Bd z==-iPPk%o2_62yf4IwV~kY}`jE{6vhe0KwR2A7=k@Yx$*B*Alk|3V*)ZTE=S255~y#{YZlf*lih|tF@Ml zUj4+?Br0R}HzOh0TU&&sGo(cv$swN*KCeCW^^pCwFvRM<8TF2tK*#9!l;m}b!Pq#R zB6US=hl{(XX?2kXi#!=8ZyW|r2G}kp-0@?ZRBrS4^|lvMr|axN(qPwlXJgm7mPYJC z8|)u$NjqYc6jTSC8ZL-J1AOn+0u<1;l%E2x2^tbMa^)_=Q!_^nRS0F11?$%XH=hnFmbrFgAD2-~*CHB%QcWWyO1Olh3cm#$`nzH`~1i@}M*{=-e|kFAFN z`4}Yy*~bZB99`cVGM2h{rY%c{X-`;V32wcdIsaeeP;T6rW-QM+@Wh`>mPpq*9L>dK^ zT~h@v^(t#KHVw&XUe@tfH)CxSG3=9W##(Q{s~3Dz!4cp#+CO8*ehV0ol3ywKg?p5` zXTu$wT7BiJS*e=!8D3DEvHI=B37qh$;|F$`XoGjDf*%{~GBGhPUBJ%)=Vw(f;@2j# zoXe6QK6-1^3p8l3wl9>+W(hNY-y870iIxmY)urr3a#BYvu^B^Vt&%0Td%P?$W8G-S z;Or{LWNCVo6|MkLob!R>8xS;*lNTMU2DG1tj@TMd;mu9_?6tNj7d5cPXH&e`-n=qj zT}1UaJASQ@LRaJ^#9$#6-nB^*er+Su)E<+Ll%V(LJY0VcD^Cy2VXRNY;C3bL(UAViC1F~VqK#vILncT_d+aqUlch3`hB+6r~UZ5w+h%K4Hd z1iHGcu_qtOD~t2YG(iOrruYKC3qSt@s?BFx|ULM1&|VZkr-t_+sJFBQju;O908@9ak#D_dy4V0cMs4-9)94% zhqNys&qImeWU+o?y|o+awv=_X(=~uu+i~V)YpZbyBfg7SIv!WVKX!UalUi$|fx}*= zy`X1+sB8E)ukRUIto6z8xJ1c40eN3i#J-NXNbiQJ8EiBe~0wo&BLpqVO~NNR0UqtE?d{)z`J}Qivwy} zF$))|WM@&onzhZ@wt&1A7i^Pu+3HbB%XJL4t@XAw!CpF~QG*9Z=!coLeX}vTZH-Pp z*?Ox-)r0Ce_;p-SRrSs4>(#fbZ>d__18HrqrR3q1JZ-8+1O6t}b5_s`qPi05a!-A8 zb2M#yy}e3RUl3(jeWbGRqw4fi=j+^4$%eI#lGtzds~=F`tA0ZLUG;P7XVtH%f2Dp) z{iga|^WfhJu3>+)KgT6iical!8Yon57^`!BZ4e zC|IK4ISQVk;HN0~NeX^}f;t7iM!`EN_y`3bqTo{$e3F7MQ1E#QzD~hkQ}AsHUZUW8 z6#N?nKc?VE6l}a2K|ck%DA-BC?G)^#V3>kI3Lc=~J_=4zaGZj36g)=3A_aL0ObVW+ z-~|d^OTn8c_-P8>M!_#q@E!_&oq~^1@Y@u8hJrt&;L8+zk%Dhf@OKovOu;`>@O=vY zlY$-^WUQfJD+QY<*iFF=6da&n9|dC+j8MR%7ap5@kbb_8g01M23!5ldLt~r&qo;lJ zbSnij6r7--N`a1`YW0(x@Buh-%By~$rhcNPey*l|t)_mfrhd1k{;dQ>?Wv2Kt(|ehzyAnu7`?mT6^?R&w>W^)8+eq@u>b8rXSlw=?Cswy%dSZ2ZfSy?0PSF#q+c|n-bz7t- zRyUKLSlwQrCswyN(G#oN+vtha?LG9w>h>{uVs-lrJ+ZodnVwkPzCll{ZZFdltK0YK ziPf!#NZACtZtL^#On4iJ+ZnyNl&b97wC!A?IJy~y1htG ztZr|iCswz2&=afM2k42_?c?;s>h`Df#On4{dSZ3^CwgLa`wl&^y8SObvAV4z4PtfM zK~Jo1x6l)-TbiC&-Dp3$@C<1XKe6InrZ`qS+Uc+rj}~}r#iKIT)zJP`^G%B!TXe=hu*?p5g#!iR+7(M#Ze7Wd$`kZt}L!_I!KagX;D3w3j z9>^a`9Atq}6@o&g6IXwO`rd`Ss4iP9$x$p3TxDTfNRy<|=C~8DMzwo}M{+8Z$U& z>SvE}9arRiH0|Aij4^2^xeKnG;Y5UNZFh&=f<7X3f8knu6@5u{JBhLx1KG)NDjF?1Sn3R&8N!$;&=b`KpZ z!ED!C_sFNc4UaSNk)7%enYv#%sK34gd`Cj@vF}{JZ`{^k3-Q4&CIxm^2Vfs)0k+BA zZEMJHh!6RNq#)nW0pvTIA+vki*67|IAKlxMLU&^a=vqmynDN1bY-_N;7a#1$k^+0v z6#@(Agss7TB|g|MCk1x*l>tl6WLty%*Z5#xP73TRt{B)hV%)bb_K>6pNm~s`+VrJf zk8|@C13TKfWmECN?oJA9>WYCq+#2kW_+ZD90(;990t?@(t-;R42m5eRVE1$Y_TJ`> zl~1K(9N~ILW0$I};g;gVy^s{#y;l%!8zWVV5BJ5S;L?8yi6={|81~;4qjlS8?YrVb zeMeGIZ|eYRj4>2>aBVHdzaJm$$CCnkdk0|SXf3-jZ4LKt;=}!FQgHWm05@LSw$a&t zj}P`cNrBye#lQ}?ZrOqLu}4wskTj7|)E!q0>_}^{x5fv1OHyDDbO1J<*0!AvyfQxA zdy;~CX9sZOX>FSk@~h&5eIzNc2Ri^8vOvKe>sm{$9v@vfDRfc?=+kYg5ZKwlmnPyw!`u1#%aC3j`LCppvO=M6r+yTPDW`wvgiU05+`Ri;AaesV> zw+tPZU%>=vg|ptHNbDi2lx+30lcRJfFX8kRg zJidTSr%_h1z&g_0exjqWJ!-aY#q9&JM>JcIG?5X_eI2x7*vbXYQ>l`DHNkV6*&6P_ z_;Bw?3hpaAfE!|4Z5M!^%gfe4kH!Z&krdGTI{+GDTWR;FHMpnZgFBxTxCc4_7qA1S8_Cu< zKNKJ5`;)>s(E-k(W}LS3NZUzdYmlFh5Asiv0y)_M$dEC+>jbhj!k6MB{KupaPIZ7V z#N3j*#@66|6d&CGBn9qhGT_L!Vry_aH^d$QU4x{F41kVx050VGtm9^}HNL_4_@t!p zJ=6idka-9n1A+I&)&P&k2Y4(gfYTiSJlSkP$-`oMe~GQ(=i|edlY)P|1Nb4f)pfbp z8sTf>BYd_ygn_F8Gag9A+TdOS;Jb|*v{J5E&EsNgd66z{(v5K=6L9jle+K_E>u;>f T)4pLR`&9oAF#NJA literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/.doctrees/wallet-instance-attestation.doctree b/ia-terms-updates/it/.doctrees/wallet-instance-attestation.doctree new file mode 100644 index 0000000000000000000000000000000000000000..b1e9665f25103d74e135f18b2724ffd75da68500 GIT binary patch literal 36755 zcmcIt3y>T~d6s>;lkW7EW!bVVyq0WBmOZ=o)Y0tMv3I}nN_Ktci`fdmK%kc1=@39celt^|^hgd%|y`Tl>V z=drspJGVP>`Fdx1db<1j`v3p#>Bq0v_WpeB&FlC-YnxF~wbF&OoX?ladBvz(8}sE{ zby+Ey^|#hS@^avP zwb#1AiPHw2elnd-pL;qx@X~9434g!x(rbUUu5LJ2SNpB?^U4J(wN2_5>r^YNuOg!g zW?kKEEXdY?Y?`{ZP&EO8s@$XH4OGwCkSofDfk<5UmgHsoYGb}y@opC6+<9GDicC;9R&>Qs^cAIEwKkaY61`DZ2h`nakJX=bX~JEfU}qm>#`5__NLRRS1;(VPN5x+97(C> za&cfFl}g>Spl9wI5cKunssF8Ber!M8VL5j;d4Mns*3@f2mAVJyUyr}N_`4B*H-W0Y z#j?IEQ(dXBy1HMzxvJix4yp&#gX(Q3`jEjL)fO38S1#yvS!6@69P+)=qu#3a0QK#* zTmjj`ge<2jx$}~iE0FlpN|K+&D*9jl(QbW2*L(DG>|y1SKYdDc&u*qRCTRx9g2^P zGLuVrEicOSS4yy`?49t1YSCLUy8w z>gPz{S7p7Vm6jw}BLm_tX(m)#sT5&#Ao}xF)6`N+MJ)yEvs}?qPz+Nk!9b+6QtFwi zVwiGDSReUWm<=UmluPAQUPc0>%qzMB$us-%<)@^Yo97)+iFdz&ZnOjR>H>d4}z(21m$6}e=l z%yMdh8IuHK%77!tJFMAcGp@Tty(Jz|=xkd`*-jr({Z^kT>r0B)bHl<;g0t-DnJMY$ z^b~a+X2m#?$&@QfNz128ikUGg3c4&iLRwTHJP?+0NgB!yN+XBUw*99LS{OcSLs`pH zO4P{dH~dj<7lJO8E#Bb{3ne@EPINZc3W%hH=sn)$T9wBgY?B0T|JgIyWyO?XE#EsA^|!41*G58fg#;UWLfOa$ z*f{F8WOllQ@x{e%IXT?G$#pI#KB2*Y3`O~vaZ~O0Qf1v#j;wUg&*8e@=ekgSRO094 zF==ALqhfV+H7zee6PC&=X${Jtp{vbc#3omZW@b@?1y9_G za@ADJItF-(ksVA|@{0{b^%j>TS@v<_MtJbg3Gui*6%yoJA4*P8l^jjT4yA`ZuHxB@ zpyVQh1~yz(kqk%OhNNL1IqviQ&U30na;ij`2{vw6BO4>>q3+l~25s3Gk%l7Kpgi23 zpj*YE%mf>I*T#kfE7=_zQD#=i#%MGfREgx+pv(jtuUIo1U24i`3{4r0))cUjpr%k} zf{h#3%*I%^vN6_HQ%0q+C`|zy^xU(tU3S4^E*q&evvIgvHX1u$*GjrpbW}Rrh7Ee2 z7#m)Pd(#@(80*$0za@bl1HKXVJjOZg+4d zEa{jO>{;9tqMx;^5@2OQj7mD``t527UiNpuOP3avD$qFka8bK@L%jIMA8v{OFG0K7 zH7}lJy*ZSZM_S5DmzJc_j_hob6TcO4pSoNGZOFad$cJY^ZVBa}<)~B|@797Kg9d$R zwx{E5EC}V1m<6HCgr?jY%0_Dof_D?(qlpn$4_r+FBLPm_6s~k|RRXMZr73oHf|moK zyo5c*HgPteG#;D82p-?u$EJ)Yia^vaduQ}H~_$)~9d(KVa z)0f6Cx-Kn<|C{diP+r0;NS9wRG)YSdNwov%K6OwnDM70QMp6|hVrtttzWTwJ0VLv`6` zAfczQ>YpieZao5K1OeR_Ea0X?;m+D{=RGNiU22&oMLoP``8*adf~o*)rmwY~TMz2= znxVEVRKU!H!gN}7x&xTOR#i$l{bGfd5SpPXL8x@=LG89xeFY1+gQ0Lw*sXe^Yq;l? zi_JLC2XWG^hx5TTH))VyDp3F&3I#}e3ZSJv;}u(MgT)ydwtSdX9h*J^>t7I6znyY! zJ(v%53DYZAfE^A6D-&3@)zZY-qh6aX!Maoz(pUt}C{-!1;U3mn%iBvY(yCm<@_k0u zv6aWfJUl>3*lHkQ%}&9tnw%mn>e%hFTGr1ufbVBBEy?<#ucZT#9ua2+5ee2tP%;uq z$*YKx(^%k~nHqg`a>nB%Y!+iwT2XXuQIi*nij>1{03wOlGK{KBT+mYJ&`7JL&;dKo z(UqL$qazsW@o`e{kw{Gh6QiL_JVi{*O-aWe>)eJLN|DxSRul-4kt>!B5*3(kX=t!P zGWv`>J@E11#dsXJG7(!TZL=O#55dG(C=>Q%iX#(e)+iFZ4XlKY9+ur;VHh54B@F#S z7%Dyv0+AjKN7p0@;WZG@4~If$dp|dG`pimj)!98k%}$o(xa1J^M=ZpZ)E0(7t5}+lFJN^W*P*$-xh2< z^tY=&vIW>qixyz-3Pv&EW6w zII0{RV)Ze|fMs!GJQ%kM7;W+vHNGdb#?Nq#&rHwqm_d4IVy1m3flgmiwIx-;2IH#E z0|nZChwo!-p<2+2*a#z4^fK)kkz8XDW=gk;z5{v6n!f{Se&P|}ZX0QqPu}3wWfcW) z_lEMuQw7}8(%k&S{3CPH#N6EU+4-5%voR#ww!(P@TX}P3$uY#}XR8Krs_5L|W(J2F z4f5{RNqu4;p28#VxR9PuC5T@?!PI@BOij5uAw4=QkpYtiBPSsPHf(UTl>yss^B@e} zpntxx)iVz}atqrC*s@%K@BUDH_cOkkDPQj!B9t^|#Dk1n8AHjCp~ZSynDRBKxc4B8 zg+pN34=F|(p&rnr}n`Pd+yQTep7c*C&9@?C?_kP^iIsrPm``g#ihxUGt;y4 z5^)t<-FZ69hK)URw3(UITw0I~j5Tvb4Wk-~*vt%$H0u4{=GS~L_-JdJ(Bp4Th*29W zu%>DYLLUqzv`mDaP%fq>JPv#mDl1A64XUT{QLaN3_(Q&;Yb$c@B7dl3Ss&A^=EaP- zkT5wS`3T+byOvfOS1YzPr1o(~k5ayu@yKKA374(pYbZ#Y3?=Otkv65QXgMV{Nry&S zGFE~5F<JiKkfiGeR9|ifMqBoG!@4o4ikwBzJ zi_tZ#LHzNw(r+iYnku(RoRcyM@B8XU{eQ7s%hs$y*-+c3Jz zV&bf%<>V~ZLz;K}u3s+a{c}R%-eb#M%(xtt5v&{yWrZ!!nW`9Z(xN;6B zS}>iPvnT94PG|~Tlhe**v{uFh2oAF3G(}>7d~~yEnd(+AQIJ78H{+G!qlVweaJFsU z@Q8EA<1yB6hS-Cr)q`PWP-^*Xj_Lpb_L0P9crDyKtO- za0XUAP&h`HI7!PG`f-+7Uee`?>aXhNCm&N~Gle5-nu+sQv<9`q3P!q>$i}F|IV#dE zd84mB)rG=Sc<3Iiy4ER~3$GeD$c1BdI1=pEB0PaxqvbW%2!~T$h8k@fV{CWfzOHQcmNEa%Q=pQ)D3 zfX&z;;e_cksi6V;cUT+??YA~9Kr<9GThw3$g}(%~*E2x<^dyTl)@9#gGOWms1t*|* zg}))vP+3*Y7{g!?5Ri3-%#6V#^8tIuwlx^;y_{Zrv{$lDV? z;^vQIl=kVSw}kKnv}7~jdxGleM`OH?^-#@#EVkE-feFvwg(EQjC|7EBuW#QDj#gZS zq(QrLL!;f<_vAb+lBZU&yC6k<7S6)rusMBQI?gv-n-nLhTg#hc)G{b7IG1G&3}zK6^(0k^04^SAsg*f9TL; zQP!3Z!I1=68IXf7w{mI8_g-Ov068{@Q+ryyh)3>Z!cUO!AmnX_4oxXWPS<#2mIJ(?_}(hKfikoKZ}O$}V80OwV#0nMlCBLl zPCpcWBF0+**x`1M#OYB2w7W1DBiD!Rq_*_3(H7ZT+k~Yvq$O+sA`cWkA3^l?u>H0$#Oi@r z^|skS$LROVsMnQS_t0`%fisFswBh$D%NileGTI5huiwv!$MedGK zQm{p^AF&_`4YbJhMFF1|ZV0~Q!uQ(4OV)y=c&$MQ+qTA4(-$yg!;Tny(l~oPUCn6u z%w>N*1}6^t4>z$tz83ZuVw4nQANz$0qR;^QSHYzm!^QHd3)f@aee7o=9@{|V+1P`H zqxeuDuX96nMGW-X&mnP1agxC&o2Q7jTPg2brq3F1!R6~GuCVqf7cizZvtDd=;bNBE z*F9e^JP&pYccZ$7bxq5JnDRq10%Rxi0~OfB4R;`G^_8n;rE1n^dGc-6>bEB{u=l8r8?1lP((`f!H=FD- z@eyA-kJ|y~wyGC#x5X^yvg9Foi{-Le!YqOB33%T^Q<0_Wa`pnb&!d*u zis7|Z$&y1rp2C>5uD4^btCnN3^eL4UP6|<+^Md2G5Hyhc867hWw9<%9+Zs^eXHMMq zT04{r8d&39GhS?OURkIvq54}Lk6TEgEAld8`suuiLWt@$YpYfQM{vjkvjlG8Hm!=o zDtE#KWAH&%(e<*P6-$Kt*`Vd%?rxjSa*G`HHauy_qVPe8p|#b{w?+BE2MsS<+o}GL zGedP;f7PumMQm!U!krq}&cl1-l^C#CSLq6NndISD5mWKl*Ns_u103|BTU^wLpMEV5 zImI;hg}T~jZNq7gaGZ>0Qpk zt0Yowhq~b$kiACcyvY&*U0u=G#}MU}#ZGJbm<150mK%gx*jlz3c;GVJx`WgUf>T<892T`@&8(l=e!$vVQ7WGO zAUvBXhIVOWNinQz#i|vejdbNAd?1y0F|2M~O)0qoNQqTaj7XqucFCfD*y|WBtTNYcJGoIqPbtYXGyhOV3NzcH<&OhZnN6 zaj%F!cE?E{z}991+t5sV^3MQKSMfd11sYk*3(D{XMbz%a?pbIMdKFvUz%o-v{wOia zaETqF^0I?t1};H>$~mpH2r&?LVJBG%c>Zii$6gXqm~1N}ISM^rhuADHz~7=_UPKjC z1^(SGSyy8#zI;B5t#ev23+Jt5XHmbJwZmBsfxH$MZIgD%>QPE7bqvg{jkYzxDnF!A zgKtUbhncm##xc4bjqXU)zy~H0M$1)N7Itr+pARdMNx*;M=A>suTDR8uFgG`Y*-s8iT&iD`T_O5 z>L=9SRX?YGR{fg#SL(OaZ>rx_|3&?w`h&v8E6~05QgAf|J1N*l!HpDTD7b@ydnmYz zf*A^qQt&7Ra}?w#c$$I=1j%L_wYclY(a`c!7e~Q1B)Sewu=}QSgftyoZ8cr{H50{5A!jq2LcG_%a1w zq~IGA{2c`^Q}E9ee4m2vXxaWmGq32WSZHEy~ZH(QOHtj5h%YTP_E zZkif5OO2bP#?4XVrl@f<)VK+1On;53uQBaF1jcFwqWcn4eTiwl#1vm*dM`1xm#XR> zBJ;iKyPh^uQVs+~w`DJz6PFJjMd+CbR?GRnDx{cEntJ@S^vAR7>SFCPN z(G{!PdAeeCyFgd0ZZFamtJ_=Xiq-8Mbj9lS0lH#!`#4>(y8S6#vATVgu2|jviLO}P zzC%~6ZvRVHtZo}fgIL{m(G{!PO?1WTmZmFKH(I+cJWCqHSFCuKD2^46Rz+;Zqsbs! z@o0j=Ry_JJX2s)=w5qkm-$RoXx3=W4^MQslG%B!TXe=hu*?p5g#!iR+7(M#(Lb>R6 z`kZuEL!_I!KagX;D3xE@8OR?)YTcwU{MC(lIZyB)qcr0hOCMP}_tYG0e36Z_I)CMt=n+!=yBeeGw=_`7{~VKi=po{Tm8kE+30~{<| zjkki++X2R%m7E<`WdcGuhs|y{61j-|nU{Z$i%af!d~!$IklRFSA%i!9qzW!EZxfds z=^-?cPGeRfjr*{%irnVzqfIRMUiM~L@@a2*pMUf zCB5RC5#Dj5!Tw%+updhb>?{AL=`jf_h5_P-Bdt$UAMc82^5Jupdtf?5!Pujia^fqBR=s z-^7Re)uiAa=m2iKwr!)c{~jOgcaj2o@Unp&iEi0}jj=~j8;~@SQPgdh4eV$%*qh^n zy(uZMhdKZoPixzL4%`F%q!9J1{*gHA^+hT%(z41j$t{xv< zIVp5f2k35V9!J0%YBV-0KDJ9qVM`~4&5XwO8}YHdJ1K0Lq_8Q`*#0O!wm(P;+h9`I z&PQYW`}o-YHYsdFNntahvHe$kZ2yrIw&4!2Wtwe?>$fx-;nx1xgPKi9n#iDLqyvP5 z%?NQm6aT0q`67*mcrZT1Tatn}+5yBnnjzYL)S}@%7$4sKNx>WI0A33j6)jkaM)<1u z2p>-h;o%MtwrW837#a<4B|bbODR|=@z-!TfuAjeXgg+Y};m;(6@Xihp9&XmaM$e$p zK;IW1=x-(k^sWwo9%=?k&OxKWeKtP0PbUTLNC)83&ET-vmc4>T1N>%ufd7ybz`HvD z*uu`Rr?@tgH9v?C@4u6R$H#qXkIEV*SVx=NPjnQvx6tTT+&K_?M6(S^6B*Im+d(U~ znz_J^ELE}(H+U{Vqv75WAMR~Q!M(2oxGij}?cUIH=NS$3XndfPNddjT1E4KzE3N)S zgL^tYxN}K?d!Pewt>&LtXoD_2qrpBKAM9#UU?(~NJK4ezF<75pDZdNPXw>!isDCag z)DL!mdaN0BgNw{)oF9sh^ZiNToa_MSa5GNZF{bSRGaBUQVz-2Ws6?r1XL$ZupcxZRs#4}h*h(nJP8$2tJl zV*jk;LNXfPV0?U1QurR~0AGvm5Z(p?&yvvqkH-giEGd999RNJpY(dF;WP4wb(eU%} z;mb+EKi&cS>1Oy5=MczoWHj#A#K-+ycen$`2xdL#inYl-Fu-RfH)*9@v6{z$+42${ h20akhRpr51{AbqRSeLDVJe^5)&hF9~1^hc*{|_Ze8xjBj literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/.doctrees/wallet-solution.doctree b/ia-terms-updates/it/.doctrees/wallet-solution.doctree new file mode 100644 index 0000000000000000000000000000000000000000..e05b36652bdb40b42caea3396e6c56aa9071fcc6 GIT binary patch literal 36611 zcmcIt3v?V;d3GX8w&b_tIB^n_jh)1fliAhNN}Pm5kz_}H$d08XB*EE?c1N07uXZ;x zvyz<{DqPz3BbMO7W`~Uxa|9)NX&%gZUb^M>T&8Vna=|Wo0=S$_hV$`jT`Esth ztdz|9+v>MHUw^KC(CXLaRij+hb4uM>hZs3kE9P~jR6mE8TPeP&6^*o$z=m9TIq<#O zYu(^H(*~Y;BArg3dn!Bd;_H41f4}nL>wdMaZa7z0`>pl!$_2``P3#xyR4S{lBBKaq zUEORf$ku>tn!2`7H35N&+@s|U6wlg_E6Rp}hq&%7$; zrdBQ)Y27gE*7~AWQtBsqs|x^qjZs}NOw9y^<&rP1%RboKn@*=*v!K5wg?c!0B&C|m z#esoTDs|6-o_XbfpsxpS{a^L+Yy0gE%ek}31B79)rd|W8)IA{odi?Fh-;MaY2~_nh zmi1+s%1W8l)&1(tRrMBiP(7d?RBt=chXn4Zh9qEJxuDl&kqmuu$oEN)daK$4)VJGm z1!NBqvYe{q&P!UZTzXAPTb7p;U`(eo_@D2L%yc=M)AU?X$u8-NQp)lN%d&nxZLBO2 z5l2?Fyr~{Z4Uf5O^zyfUKJM=}ZJWwS&U)k`2pjOwK;pPub?eIEvAWe$)wQ~HC_XYu zOfKcMylhLgb;Y5&`lLauo<17^{ecMT8#Aw~+2`u2tUl{ftvXb138i{9lk)MItP*O&@R8Hk(L_o~Eq8s$pvXUy5OZX#I)>brO3Ld+BIk@KK4PoZR+S!ae z+*<4iB~K3{Pl46&$eSn@Q>Ln^_Vmn@baZ-( znhvvK9LZ$L6{V!*(x`0o4tdc`e-S7GXJS@*4tgysSXHuglakqxkM z)UC7Jj%b-~Ydk^HE{&&gxb z#Dqu1>gsA*UVXlltDvNn?a9Ft`^PAq6Q0+fpID0d0D@hwI39VOG{a|znPV* zrdrm~!BdRvV7iiDY#^$)xFpH4j}!NS2mhQ9kIPdaLC*D&r$QvBN|cyjfsC2ju8}vRg zHoOM+rZuuL)~($@0&Qhutc~5EG!kQj5)+!TFOrROf$o{p!b)T5u3HsOqJfd!Zs$x` z(lII6vbZrsJ8Ksuz{-T^m2}ed+r<*R?C*e=E-fk*pt1MiqIUI$c=7i?+!z5~f_AlQ zUOdZsb0jYhhssNrmZZ^+>}-+~zZG%cx?BWp$i3ajhi5@2^YQ*Mo9Biw@E+XVP%V#L)0S5v@9fD<={D;->v04rT-ik+O`&WkXd5=@ePV2kx@;VZWFyLgbUl_EPdAU|T>Id&Ai?pR8^fnB zjU&1)Er@?icY7o+Q5K}jQOr0-AiTEePMx|s;p3$BD2CEVP)fW}%pH+zEK<*7dS+^3 z&QlVls!K)XLK?s2ij1F3QCX6UlD#%zW~OH|^RJrE+=m(8d+|rhrnihtoIajDnN1H5 z4q-4kHl7|FN)HZ>kI?V*?6C%FdKD~m89t41A9yPAgy?Wwj^YSoB1IB&mWVn2sBiv| zCYwzi>&J?o))aFwUDlT}Sewbvw0S14%ZsK&&!s}yP^1EuX{1$UL6VD0G-IeP8x17% z6juE+h0d)FZE`-}zLbR^ta8}7U(1+jB2)1;_}*DRmM0!C03fX(#PwsY%2onAB4 z&`br)Oe9RFR;N3F8LU;Ml+!O(XbGVisuF}sw;t4PYt@&rfIAoo_k>-mC%T4vUb)ze z^L!8|-Fi45SaX#I38owcz@bQhw5I@C>N8%k#Wt9op<&C1S=F)WBe4DjQT5v?=hlPy zV3#nxd#K;EYn0@*3`8t+l+p^dhawMJ(TEWF1?1 zOw7Xrq=c;o64vY#?5fEr(xQ&tE~{nzd;|D?Hq(-l3LP2=TM8Yp(;QvN zX+AoFPdz?P3O*7kiC|(hl8GmYiMc81_@kZMa6>85I?aj#Au@8svO%H((=81RHb_RF zk*60v9=sl@ECB}Fd-MJE~8@Z9&$TCG5VG zi(%rso?iQqiF*&tkRUaF76QSMNCY#4;Ox=K)Lo;acX=ox1*UN*VGC@&Qm!<}=|+7q zCsCq4O!SO1!ZQ!o-2zu9nF@q=MT;yxkkg z8&4H*O-pn06Y~$xNfUE((`V;rPS3`WY}*Rw6>R0rl_kdzqn)i9#HpflgPR!~ZZycd z!=w7dK01a+-fV)*jutWw-8f-ZU8L(l4qhSVYyUl|zbc6o+ z#;|uDcBB@y5im4gf$zRZeD^WFnJHiE8zGc5XT+V1Tp3--h_1zYTA1=xsJQnaj739W z*^kIZAh|yhi9LQG>m{9f_~g8Fc6#oNH2>Hc-vmK3GQrw1_Kj)Sc#4sfQ9*Z6k<5z~ zg?o)*HMq;JLHdfn;MhLcQSUt(+%a_*WfGiBL~^p?N$E1cisY)^E@SV~ZLz;K}u3s+a{c}R%-eb#M%(xtd5v&}IWQ8rznWlDRW8Q<=$`Y3Vdi>`9YOzj6*IS}>iP zvnT94PG|~Tlhe**v{uFh2oAF3G(}>7d~~yEnd(+AQjkG9H{<2vqlUl8aI$T_@Q8E! z<1x!97&;!w(6z*nJJ_pDnNb`VR@0^o&Hh@VMqhcV3xy}~ z(mfn?t&=lnUNvwS3rFK{tk*3?bOg6V%WEzX4w$+OHI}IViD~;(o?8Up6F1Li*PQ3( zV4gER7943Q%=(^LJC7+4Rk@ft!*exsa7WZk*ekbWR*aH4LUIXFgF>>ck&V75=1)(Z zcBv4zZf?IEBe$S5;Lv12WL#ZPyaRhXmu$c^9fd&!1NIsv@irBB>)0j|{09k)SFN7- z5vI0mZ$7I$UDb4jTmrZ}2OqkaKNbVC!|+F%7`~d-aMMDuoI9U=x>_~^wqb{aQ=(6& zh6e24VR5vx-`cbQ%}~s2QG&E4mZM z#rM@1_=0tM4T%2>d=+}|*jGniqD*%e{*0p*zKkE&5Nx1=3cP`$+8CTY(r^*L5#6Jy zg_n>@JEIsZEskmyzQaX`_ANjX6)3GIs7;MgpItR|>k5h5p2FvmwkLkX%^%0e?K4eZ z3E>H7$!5U!1l7}z#^*lPBQ*oE*j_URCOn@Nj==aIxl*%xefxTFwBjm64ceU>8tu-$ zC+2CPJGF`(0x4>}lR%+^7) z^?l}&UanS}UQs^){zi(_8Ebm!8o(yG+K5kV*9<3ikzCzFwCyh3g&)v$FMfpfI3*Ap z_!?6x97Eg__cW!!-4j)j^Ua0ow|exl-%*EWXnJ8H^@~lP1a-Fm(4onqtSujcGYGOW zAP1wba%su;U15O$IW~x6ds@ASSM9VqPoM8DJcXZjh9_91IL=Tw7vrlZ>(EtK;iV)Q8D1!+Fmmiit{8HvsjU%UGLJ4me^p+Vum z$%ewmV&HLD`UppDTf*KIxmb0!XrT?W@7z*;dCjH7IfKHVueFr1>heP|QvCqppa6DV zMyG16C!<$CaV3e$xc$v&Nb=S;Vd)HM37dGxi-gb54}Cpse=Q8LdSF()Z8p#_`h6>T z&0_FroJNtFqPE?|y)!f)Nu5O=zLWnB1A7TAbzM z>0D1ecA*XSjhoZ17&!&i0sD*#BGUlhd$j-sw2cvi6ZcfjkzEx+*|t`$ zKdCL~vW}5b3bVw>C=Z`AC9P6Xygq%)I4)0844#}CIn-1mLu;v#yJO@OtP$)fEQm}4 zHFAAXz~{vmf-kx7z54K?g|HN_HV9$c+PG@^0=jJ2)q)|7vtQHIjL>&3`|~k4aoB&T ziT&}lu)h!^ry%>-^HUI+2H3v}Zs8a%mPlQ=9_#LFKO6Db1|rYK9xNQiK!H5R4b>IV z(F>n9;?$#F!GD^kaJCC5Z_LtX4Y(lk^%GZEdz1_4yP8?=X?EdamR-#~S1&vV77KTy zScY{?XhclaAsQ9jj^+m>Fo;Pk*G(NyTv@wtaG_)r+014!_J?mZ!*-t6YnCxpT0gPQ z8W3?56n0$|xYR4Gtyp>_*LzvV>)ouiSv+CScC*$-1HQrF;R@~qchD*vy9ZoECzZTY z!Mofe)MOiOht=vUSItV*tk3c!+pN`ZPgr1|P#rf|tD#*?D5HUOJE40q3@= z7jd`6Ea$T1&5zz1^#XMyteuPHvRT4xfbR`>-$GN1rRs9_0=c@Qn%IhNv{uQI^FE%c zn6<9ApI`?pKgrUNDJvWbB0J{;$HO3KAXhOuW)f&s5RJ1npu#7dxb3xeC>J!a#yecR zr@eV)p}K_PZ*{z5A%?EV%XrdHXG;`9RIgcEwGudj^BkBTa0?e_RU9n26Ydg&FS3fR zm-Vbz&g0>MmV;}$Z8pmxDeP@{(~v~rLl8r2tDSC0{=pXwA6wh0{E#z4b=-8-tt~}t zK&-;`8Q9Ll)8durm{?co3U-9#;R6xV=GcRc8FT|2^r87%)QF#cEe|=x^z?sij1EFsX<6^;D?QCeB-il#v;fH3CKmuPv7(8d2egfRUn&*pmcda_x)odW8j`0cUh?iX zyvQvSyoIq2ah4aLL~zwuKe5r;3w2x0y4vX)z^v_l^OCjQxQJfhg)D8dE8>q`XVO5| z+H7FUm}yV)86fH^zUMhVBa8Vz8Gf6H+P&E63JpT*VXGThW(vu7BxVyXvGY=1MsUo) zB?wSCr`Z&BpuBxi~7WED4JJh#Ut(}3mw(nE&lS=+N)uREgmFnYG(3hgR z8tS-DeM|FWT0VP6m5RP7^04|yW#Nt0X{XNBxuuc~YXe2G-yBpwsJ>7Ar24z+=he@t zUswN1{kHlo^?T~Ss6SL+E^NF4&08-8S5vT)f_)U+NI`~zJ1Dq^g1ab~q2MS5k5Dj2 zL5_l_D5y}dOu=&$JVU`xQSg%#`~n4a3Vw}(cTwqkCHdYm(+)&ntX3epFEQ1ZnC44N@g=7B5>tDrs_r2&->1F@O7~GH z-KU{+Uxd5A3u<8;O9_F1}Ob^8ikvATVeu2|h( zqAOOnAJ7%6TMx-EtJ`+EVs+a~SFCP_=!(^CoUT~irs#^*?IF5ib$gPoSl!Ok6|36? zx?**Efv#BH-bz=jZttWkR<{q*6|37P=!(_tPw9%)?Q3+!>h@1`#p?E5x?*+vU%Fy- z+dvw`>b8rnSlw=-D^|BOU9q~+8g=0r(jdNK#k)k$Sn+7}!&W?+^syC>CL(ObqX950 z9uLN<))s#YO;+66lEW?q>dsKFzwbYu4i zQtTJG@<%%Z>7z@no79KDx-l*14MsBPDdun@27Q6LwF$Fge5?&KEASCM={$cMwNak} z{u5UiFVxSX>x1`0m1PL~S+i%@QSBz0UCF3Tr(XW%vl6 znLT7&=Y(wSbi3k$QX=|b;c9#poURTq>#WS| zu<{cSzBz0_!!gB0?3uhg`%zp%$Kw+^+J?|3DhnBW5hPOZhq;%ygh&sfT6F4<3Q60C z4Nl~~b{}m-!C2UvDaoh3C6Y7ok)7%enR-w-!N0Zxd`Cj@v438_|J~ML3-Q4&B?Wd* z2Vn1S0k+AdZfnSIj1T$wq#$3{0p#18A+rnJ*67|5AKlxNLU(-!=vqmy7!SfrZELW< z7a#1$lLC9gWdaKah^@hXH9pv{Bn5Wwc;*Z5#xN($^NE*sc3V%)bOcITuA zQCoFR+O(x!i*w^;13T8bW>fLO?oA48>au}7+#2kW_+ZDA0(;YC0t^4Ht-;R62m4S` zVE1(Z_MYa3m3O|QAK`jnW4EoX;g;gVJ)acZ{g)AL8zWVV5BG(n;L^Xg#KWdFbo=j& zQM+xl_TBNJzB4JPw{!qCMjwj2#I_dW-;WRW6G?%+wF9tmw3c0^wubvR@!@_gDYyqZ zfE%xF+vx1S#|Qh}q`)4$Y+y%P*X+Q?*uAI?h?+<*>bA=UcCXwiGeVrP#6PY` zK0#YUJQyG1ElEKf?EvB(%@A#WX072p5Fg%sNx>WI0A7fUiW;o6M)>OZ2p>xd;o%Mt zhE*VY?raTjB|bbODR|=@zzeBB*WX@igg+Y};m;(6@Xihp9&XmaMh~5>fxbUJ(BDi7 z=v^HEJ=6@8oOHGZ_qq7sK9dx#9(b-eY`i*?@F^Z>Uw;UI*Gfvw09WJsUgbu`%;;fwJR z{$o-Ir#nCxVs6PLWNUCgiVyC8k^*-$8F1vku{F5en__o>u0qsAIzY!d02i`<)^X+7 z8sA`id{R>Q9_#>L$T)%mp5P42+}J_ET)E9HvSJPyE?m*{Zk^{w1T b9-PI0X8lcd*&4{xxnk%1EuBBWzl-(%Q`F*S literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/_images/Eo_circle_green_checkmark.svg b/ia-terms-updates/it/_images/Eo_circle_green_checkmark.svg new file mode 100644 index 000000000..19e0bd7f0 --- /dev/null +++ b/ia-terms-updates/it/_images/Eo_circle_green_checkmark.svg @@ -0,0 +1,2 @@ + diff --git a/ia-terms-updates/it/_images/Eo_circle_red_letter-x.svg b/ia-terms-updates/it/_images/Eo_circle_red_letter-x.svg new file mode 100644 index 000000000..4c3c8e785 --- /dev/null +++ b/ia-terms-updates/it/_images/Eo_circle_red_letter-x.svg @@ -0,0 +1 @@ + diff --git a/ia-terms-updates/it/_sources/backup-restore.rst.txt b/ia-terms-updates/it/_sources/backup-restore.rst.txt new file mode 100644 index 000000000..186042348 --- /dev/null +++ b/ia-terms-updates/it/_sources/backup-restore.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _backup-restore.rst: + +backup-restore.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/ia-terms-updates/it/_sources/contribute.rst.txt b/ia-terms-updates/it/_sources/contribute.rst.txt new file mode 100644 index 000000000..9d984dea8 --- /dev/null +++ b/ia-terms-updates/it/_sources/contribute.rst.txt @@ -0,0 +1,8 @@ +.. include:: ../common/common_definitions.rst + +.. _contribute.rst: + +contribute.rst ++++++++++++++++++++++++++++ + +Instruction to join in the development here. diff --git a/ia-terms-updates/it/_sources/defined-terms.rst.txt b/ia-terms-updates/it/_sources/defined-terms.rst.txt new file mode 100644 index 000000000..e0b9acdc3 --- /dev/null +++ b/ia-terms-updates/it/_sources/defined-terms.rst.txt @@ -0,0 +1,89 @@ +.. include:: ../common/common_definitions.rst + +.. _defined-terms.rst: + +defined-terms.rst ++++++++++++++++++++++++++++ + +Di seguito le descrizioni di acronimi e definizioni, correlati al presente documento utili ad approfondimenti su tematiche che completano l' it-wallet e i componenti con i quali interagisce. + + +Acronimi +-------- +.. list-table:: + :widths: 20 80 + :header-rows: 1 + + * - **Acronimo** + - **Descrizione** + * - **OID4VP** + - OpenID for Verifiable Presentation + * - **PID** + - Person Identification Data + * - **VC** + - Verifiable Credential + * - **VP** + - Verifiable Presentation + * - **API** + - Application Programming Interface. Insieme componenti previsti per semplificare gli scenari di integrazione di uno specifico Sistema. + + +Definizioni +----------- + +.. list-table:: + :widths: 20 80 + :header-rows: 1 + + * - **Definizione** + - **Descrizione** + * - **Wallet Instance** + - Mobile App che gestisce, memorizza e protegge le Verifiable Credentials di un holder e ne consente la presentazione ad una Relying Party + * - **Relying Party** + - Entità che riceve da una Wallet Instance una o più VP e processa le stesse + + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/ia-terms-updates/it/_sources/index.rst.txt b/ia-terms-updates/it/_sources/index.rst.txt new file mode 100644 index 000000000..abe2399cd --- /dev/null +++ b/ia-terms-updates/it/_sources/index.rst.txt @@ -0,0 +1,55 @@ +.. include:: ../common/common_definitions.rst + +============================================== +The Italian EUDI Wallet implementation profile +============================================== + +[TODO INTRO] + +Introduzione + +cos'è eIDAS + +cos’è IT-Wallet + +scopo delle regole tecniche + + +In this documentation you can find the technical specification +for implementing the following components: + + - Entities of the ecosystem according to `EIDAS-ARF`_. + - Infrastructure of trust attesting realiability and eligibility of the participants. + - PID and EAAs data schemes and attribute sets. + - PID/EAA in MDL CBOR format. + - PID/EAA in `SD-JWT`_ format. + - Wallet Solution general architecture. + - Wallet Instance Attestation data model in `JWS`_ format. + - Issuance of PID/EAA according to `OpenID4VCI`_. + - Presentation of PID/EAA according to `OpenID4VP`_. + - Presentation of pseudonyms according to `SIOPv2`_. + - PID/EAA backup and restore mechanisms. + - PID/EAA revocation lists. + + +Index of content +---------------- + +.. toctree:: + :maxdepth: 2 + + ssi-introduction.rst + defined-terms.rst + trust.rst + pid-eaa-data.rst + pid-eaa-mdoc-cbor.rst + pid-eaa-sd-jwt.rst + wallet-solution.rst + wallet-instance-attestation.rst + issuance.rst + relying-party-solution.rst + pseudonyms.rst + backup-restore.rst + revocation-lists.rst + contribute.rst + standards.rst diff --git a/ia-terms-updates/it/_sources/issuance.rst.txt b/ia-terms-updates/it/_sources/issuance.rst.txt new file mode 100644 index 000000000..1effd9399 --- /dev/null +++ b/ia-terms-updates/it/_sources/issuance.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _issuance.rst: + +issuance.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/ia-terms-updates/it/_sources/pid-eaa-data.rst.txt b/ia-terms-updates/it/_sources/pid-eaa-data.rst.txt new file mode 100644 index 000000000..8ab0305c9 --- /dev/null +++ b/ia-terms-updates/it/_sources/pid-eaa-data.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _pid-eaa-data.rst: + +pid-eaa-data.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/ia-terms-updates/it/_sources/pid-eaa-mdoc-cbor.rst.txt b/ia-terms-updates/it/_sources/pid-eaa-mdoc-cbor.rst.txt new file mode 100644 index 000000000..d96df2fff --- /dev/null +++ b/ia-terms-updates/it/_sources/pid-eaa-mdoc-cbor.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _pid-eaa-mdoc-cbor.rst: + +pid-eaa-mdoc-cbor.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/ia-terms-updates/it/_sources/pid-eaa-sd-jwt.rst.txt b/ia-terms-updates/it/_sources/pid-eaa-sd-jwt.rst.txt new file mode 100644 index 000000000..b4daf4770 --- /dev/null +++ b/ia-terms-updates/it/_sources/pid-eaa-sd-jwt.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _pid-eaa-sd-jwt.rst: + +pid-eaa-sd-jwt.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/ia-terms-updates/it/_sources/pseudonyms.rst.txt b/ia-terms-updates/it/_sources/pseudonyms.rst.txt new file mode 100644 index 000000000..7b20567f9 --- /dev/null +++ b/ia-terms-updates/it/_sources/pseudonyms.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _pseudonyms.rst: + +pseudonyms.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/ia-terms-updates/it/_sources/revocation-lists.rst.txt b/ia-terms-updates/it/_sources/revocation-lists.rst.txt new file mode 100644 index 000000000..49cc7b174 --- /dev/null +++ b/ia-terms-updates/it/_sources/revocation-lists.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _revocation-lists.rst: + +revocation-lists.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/ia-terms-updates/it/_sources/ssi-introduction.rst.txt b/ia-terms-updates/it/_sources/ssi-introduction.rst.txt new file mode 100644 index 000000000..bf8e0a9e6 --- /dev/null +++ b/ia-terms-updates/it/_sources/ssi-introduction.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _ssi-introduction.rst: + +ssi-introduction.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/ia-terms-updates/it/_sources/standards.rst.txt b/ia-terms-updates/it/_sources/standards.rst.txt new file mode 100644 index 000000000..924e882fc --- /dev/null +++ b/ia-terms-updates/it/_sources/standards.rst.txt @@ -0,0 +1,8 @@ +.. include:: ../common/common_definitions.rst + +.. _standards.rst: + +Standards ++++++++++ + +TODO diff --git a/ia-terms-updates/it/_sources/trust.rst.txt b/ia-terms-updates/it/_sources/trust.rst.txt new file mode 100644 index 000000000..aa613216a --- /dev/null +++ b/ia-terms-updates/it/_sources/trust.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _trust.rst: + +trust.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/ia-terms-updates/it/_sources/wallet-instance-attestation.rst.txt b/ia-terms-updates/it/_sources/wallet-instance-attestation.rst.txt new file mode 100644 index 000000000..35d4b69c0 --- /dev/null +++ b/ia-terms-updates/it/_sources/wallet-instance-attestation.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _wallet-instance-attestation.rst: + +wallet-instance-attestation.rst ++++++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/ia-terms-updates/it/_sources/wallet-solution.rst.txt b/ia-terms-updates/it/_sources/wallet-solution.rst.txt new file mode 100644 index 000000000..bb3964a70 --- /dev/null +++ b/ia-terms-updates/it/_sources/wallet-solution.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _wallet-solution.rst: + +wallet-solution.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/ia-terms-updates/it/_static/basic.css b/ia-terms-updates/it/_static/basic.css new file mode 100644 index 000000000..f316efcb4 --- /dev/null +++ b/ia-terms-updates/it/_static/basic.css @@ -0,0 +1,925 @@ +/* + * basic.css + * ~~~~~~~~~ + * + * Sphinx stylesheet -- basic theme. + * + * :copyright: Copyright 2007-2024 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ + +/* -- main layout ----------------------------------------------------------- */ + +div.clearer { + clear: both; +} + +div.section::after { + display: block; + content: ''; + clear: left; +} + +/* -- relbar ---------------------------------------------------------------- */ + +div.related { + width: 100%; + font-size: 90%; +} + +div.related h3 { + display: none; +} + +div.related ul { + margin: 0; + padding: 0 0 0 10px; + list-style: none; +} + +div.related li { + display: inline; +} + +div.related li.right { + float: right; + margin-right: 5px; +} + +/* -- sidebar --------------------------------------------------------------- */ + +div.sphinxsidebarwrapper { + padding: 10px 5px 0 10px; +} + +div.sphinxsidebar { + float: left; + width: 230px; + margin-left: -100%; + font-size: 90%; + word-wrap: break-word; + overflow-wrap : break-word; +} + +div.sphinxsidebar ul { + list-style: none; +} + +div.sphinxsidebar ul ul, +div.sphinxsidebar ul.want-points { + margin-left: 20px; + list-style: square; +} + +div.sphinxsidebar ul ul { + margin-top: 0; + margin-bottom: 0; +} + +div.sphinxsidebar form { + margin-top: 10px; +} + +div.sphinxsidebar input { + border: 1px solid #98dbcc; + font-family: sans-serif; + font-size: 1em; +} + +div.sphinxsidebar #searchbox form.search { + overflow: hidden; +} + +div.sphinxsidebar #searchbox input[type="text"] { + float: left; + width: 80%; + padding: 0.25em; + box-sizing: border-box; +} + +div.sphinxsidebar #searchbox input[type="submit"] { + float: left; + width: 20%; + border-left: none; + padding: 0.25em; + box-sizing: border-box; +} + + +img { + border: 0; + max-width: 100%; +} + +/* -- search page ----------------------------------------------------------- */ + +ul.search { + margin: 10px 0 0 20px; + padding: 0; +} + +ul.search li { + padding: 5px 0 5px 20px; + background-image: url(file.png); + background-repeat: no-repeat; + background-position: 0 7px; +} + +ul.search li a { + font-weight: bold; +} + +ul.search li p.context { + color: #888; + margin: 2px 0 0 30px; + text-align: left; +} + +ul.keywordmatches li.goodmatch a { + font-weight: bold; +} + +/* -- index page ------------------------------------------------------------ */ + +table.contentstable { + width: 90%; + margin-left: auto; + margin-right: auto; +} + +table.contentstable p.biglink { + line-height: 150%; +} + +a.biglink { + font-size: 1.3em; +} + +span.linkdescr { + font-style: italic; + padding-top: 5px; + font-size: 90%; +} + +/* -- general index --------------------------------------------------------- */ + +table.indextable { + width: 100%; +} + +table.indextable td { + text-align: left; + vertical-align: top; +} + +table.indextable ul { + margin-top: 0; + margin-bottom: 0; + list-style-type: none; +} + +table.indextable > tbody > tr > td > ul { + padding-left: 0em; +} + +table.indextable tr.pcap { + height: 10px; +} + +table.indextable tr.cap { + margin-top: 10px; + background-color: #f2f2f2; +} + +img.toggler { + margin-right: 3px; + margin-top: 3px; + cursor: pointer; +} + +div.modindex-jumpbox { + border-top: 1px solid #ddd; + border-bottom: 1px solid #ddd; + margin: 1em 0 1em 0; + padding: 0.4em; +} + +div.genindex-jumpbox { + border-top: 1px solid #ddd; + border-bottom: 1px solid #ddd; + margin: 1em 0 1em 0; + padding: 0.4em; +} + +/* -- domain module index --------------------------------------------------- */ + +table.modindextable td { + padding: 2px; + border-collapse: collapse; +} + +/* -- general body styles --------------------------------------------------- */ + +div.body { + min-width: 360px; + max-width: 800px; +} + +div.body p, div.body dd, div.body li, div.body blockquote { + -moz-hyphens: auto; + -ms-hyphens: auto; + -webkit-hyphens: auto; + hyphens: auto; +} + +a.headerlink { + visibility: hidden; +} + +a:visited { + color: #551A8B; +} + +h1:hover > a.headerlink, +h2:hover > a.headerlink, +h3:hover > a.headerlink, +h4:hover > a.headerlink, +h5:hover > a.headerlink, +h6:hover > a.headerlink, +dt:hover > a.headerlink, +caption:hover > a.headerlink, +p.caption:hover > a.headerlink, +div.code-block-caption:hover > a.headerlink { + visibility: visible; +} + +div.body p.caption { + text-align: inherit; +} + +div.body td { + text-align: left; +} + +.first { + margin-top: 0 !important; +} + +p.rubric { + margin-top: 30px; + font-weight: bold; +} + +img.align-left, figure.align-left, .figure.align-left, object.align-left { + clear: left; + float: left; + margin-right: 1em; +} + +img.align-right, figure.align-right, .figure.align-right, object.align-right { + clear: right; + float: right; + margin-left: 1em; +} + +img.align-center, figure.align-center, .figure.align-center, object.align-center { + display: block; + margin-left: auto; + margin-right: auto; +} + +img.align-default, figure.align-default, .figure.align-default { + display: block; + margin-left: auto; + margin-right: auto; +} + +.align-left { + text-align: left; +} + +.align-center { + text-align: center; +} + +.align-default { + text-align: center; +} + +.align-right { + text-align: right; +} + +/* -- sidebars -------------------------------------------------------------- */ + +div.sidebar, +aside.sidebar { + margin: 0 0 0.5em 1em; + border: 1px solid #ddb; + padding: 7px; + background-color: #ffe; + width: 40%; + float: right; + clear: right; + overflow-x: auto; +} + +p.sidebar-title { + font-weight: bold; +} + +nav.contents, +aside.topic, +div.admonition, div.topic, blockquote { + clear: left; +} + +/* -- topics ---------------------------------------------------------------- */ + +nav.contents, +aside.topic, +div.topic { + border: 1px solid #ccc; + padding: 7px; + margin: 10px 0 10px 0; +} + +p.topic-title { + font-size: 1.1em; + font-weight: bold; + margin-top: 10px; +} + +/* -- admonitions ----------------------------------------------------------- */ + +div.admonition { + margin-top: 10px; + margin-bottom: 10px; + padding: 7px; +} + +div.admonition dt { + font-weight: bold; +} + +p.admonition-title { + margin: 0px 10px 5px 0px; + font-weight: bold; +} + +div.body p.centered { + text-align: center; + margin-top: 25px; +} + +/* -- content of sidebars/topics/admonitions -------------------------------- */ + +div.sidebar > :last-child, +aside.sidebar > :last-child, +nav.contents > :last-child, +aside.topic > :last-child, +div.topic > :last-child, +div.admonition > :last-child { + margin-bottom: 0; +} + +div.sidebar::after, +aside.sidebar::after, +nav.contents::after, +aside.topic::after, +div.topic::after, +div.admonition::after, +blockquote::after { + display: block; + content: ''; + clear: both; +} + +/* -- tables ---------------------------------------------------------------- */ + +table.docutils { + margin-top: 10px; + margin-bottom: 10px; + border: 0; + border-collapse: collapse; +} + +table.align-center { + margin-left: auto; + margin-right: auto; +} + +table.align-default { + margin-left: auto; + margin-right: auto; +} + +table caption span.caption-number { + font-style: italic; +} + +table caption span.caption-text { +} + +table.docutils td, table.docutils th { + padding: 1px 8px 1px 5px; + border-top: 0; + border-left: 0; + border-right: 0; + border-bottom: 1px solid #aaa; +} + +th { + text-align: left; + padding-right: 5px; +} + +table.citation { + border-left: solid 1px gray; + margin-left: 1px; +} + +table.citation td { + border-bottom: none; +} + +th > :first-child, +td > :first-child { + margin-top: 0px; +} + +th > :last-child, +td > :last-child { + margin-bottom: 0px; +} + +/* -- figures --------------------------------------------------------------- */ + +div.figure, figure { + margin: 0.5em; + padding: 0.5em; +} + +div.figure p.caption, figcaption { + padding: 0.3em; +} + +div.figure p.caption span.caption-number, +figcaption span.caption-number { + font-style: italic; +} + +div.figure p.caption span.caption-text, +figcaption span.caption-text { +} + +/* -- field list styles ----------------------------------------------------- */ + +table.field-list td, table.field-list th { + border: 0 !important; +} + +.field-list ul { + margin: 0; + padding-left: 1em; +} + +.field-list p { + margin: 0; +} + +.field-name { + -moz-hyphens: manual; + -ms-hyphens: manual; + -webkit-hyphens: manual; + hyphens: manual; +} + +/* -- hlist styles ---------------------------------------------------------- */ + +table.hlist { + margin: 1em 0; +} + +table.hlist td { + vertical-align: top; +} + +/* -- object description styles --------------------------------------------- */ + +.sig { + font-family: 'Consolas', 'Menlo', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', monospace; +} + +.sig-name, code.descname { + background-color: transparent; + font-weight: bold; +} + +.sig-name { + font-size: 1.1em; +} + +code.descname { + font-size: 1.2em; +} + +.sig-prename, code.descclassname { + background-color: transparent; +} + +.optional { + font-size: 1.3em; +} + +.sig-paren { + font-size: larger; +} + +.sig-param.n { + font-style: italic; +} + +/* C++ specific styling */ + +.sig-inline.c-texpr, +.sig-inline.cpp-texpr { + font-family: unset; +} + +.sig.c .k, .sig.c .kt, +.sig.cpp .k, .sig.cpp .kt { + color: #0033B3; +} + +.sig.c .m, +.sig.cpp .m { + color: #1750EB; +} + +.sig.c .s, .sig.c .sc, +.sig.cpp .s, .sig.cpp .sc { + color: #067D17; +} + + +/* -- other body styles ----------------------------------------------------- */ + +ol.arabic { + list-style: decimal; +} + +ol.loweralpha { + list-style: lower-alpha; +} + +ol.upperalpha { + list-style: upper-alpha; +} + +ol.lowerroman { + list-style: lower-roman; +} + +ol.upperroman { + list-style: upper-roman; +} + +:not(li) > ol > li:first-child > :first-child, +:not(li) > ul > li:first-child > :first-child { + margin-top: 0px; +} + +:not(li) > ol > li:last-child > :last-child, +:not(li) > ul > li:last-child > :last-child { + margin-bottom: 0px; +} + +ol.simple ol p, +ol.simple ul p, +ul.simple ol p, +ul.simple ul p { + margin-top: 0; +} + +ol.simple > li:not(:first-child) > p, +ul.simple > li:not(:first-child) > p { + margin-top: 0; +} + +ol.simple p, +ul.simple p { + margin-bottom: 0; +} + +aside.footnote > span, +div.citation > span { + float: left; +} +aside.footnote > span:last-of-type, +div.citation > span:last-of-type { + padding-right: 0.5em; +} +aside.footnote > p { + margin-left: 2em; +} +div.citation > p { + margin-left: 4em; +} +aside.footnote > p:last-of-type, +div.citation > p:last-of-type { + margin-bottom: 0em; +} +aside.footnote > p:last-of-type:after, +div.citation > p:last-of-type:after { + content: ""; + clear: both; +} + +dl.field-list { + display: grid; + grid-template-columns: fit-content(30%) auto; +} + +dl.field-list > dt { + font-weight: bold; + word-break: break-word; + padding-left: 0.5em; + padding-right: 5px; +} + +dl.field-list > dd { + padding-left: 0.5em; + margin-top: 0em; + margin-left: 0em; + margin-bottom: 0em; +} + +dl { + margin-bottom: 15px; +} + +dd > :first-child { + margin-top: 0px; +} + +dd ul, dd table { + margin-bottom: 10px; +} + +dd { + margin-top: 3px; + margin-bottom: 10px; + margin-left: 30px; +} + +.sig dd { + margin-top: 0px; + margin-bottom: 0px; +} + +.sig dl { + margin-top: 0px; + margin-bottom: 0px; +} + +dl > dd:last-child, +dl > dd:last-child > :last-child { + margin-bottom: 0; +} + +dt:target, span.highlighted { + background-color: #fbe54e; +} + +rect.highlighted { + fill: #fbe54e; +} + +dl.glossary dt { + font-weight: bold; + font-size: 1.1em; +} + +.versionmodified { + font-style: italic; +} + +.system-message { + background-color: #fda; + padding: 5px; + border: 3px solid red; +} + +.footnote:target { + background-color: #ffa; +} + +.line-block { + display: block; + margin-top: 1em; + margin-bottom: 1em; +} + +.line-block .line-block { + margin-top: 0; + margin-bottom: 0; + margin-left: 1.5em; +} + +.guilabel, .menuselection { + font-family: sans-serif; +} + +.accelerator { + text-decoration: underline; +} + +.classifier { + font-style: oblique; +} + +.classifier:before { + font-style: normal; + margin: 0 0.5em; + content: ":"; + display: inline-block; +} + +abbr, acronym { + border-bottom: dotted 1px; + cursor: help; +} + +.translated { + background-color: rgba(207, 255, 207, 0.2) +} + +.untranslated { + background-color: rgba(255, 207, 207, 0.2) +} + +/* -- code displays --------------------------------------------------------- */ + +pre { + overflow: auto; + overflow-y: hidden; /* fixes display issues on Chrome browsers */ +} + +pre, div[class*="highlight-"] { + clear: both; +} + +span.pre { + -moz-hyphens: none; + -ms-hyphens: none; + -webkit-hyphens: none; + hyphens: none; + white-space: nowrap; +} + +div[class*="highlight-"] { + margin: 1em 0; +} + +td.linenos pre { + border: 0; + background-color: transparent; + color: #aaa; +} + +table.highlighttable { + display: block; +} + +table.highlighttable tbody { + display: block; +} + +table.highlighttable tr { + display: flex; +} + +table.highlighttable td { + margin: 0; + padding: 0; +} + +table.highlighttable td.linenos { + padding-right: 0.5em; +} + +table.highlighttable td.code { + flex: 1; + overflow: hidden; +} + +.highlight .hll { + display: block; +} + +div.highlight pre, +table.highlighttable pre { + margin: 0; +} + +div.code-block-caption + div { + margin-top: 0; +} + +div.code-block-caption { + margin-top: 1em; + padding: 2px 5px; + font-size: small; +} + +div.code-block-caption code { + background-color: transparent; +} + +table.highlighttable td.linenos, +span.linenos, +div.highlight span.gp { /* gp: Generic.Prompt */ + user-select: none; + -webkit-user-select: text; /* Safari fallback only */ + -webkit-user-select: none; /* Chrome/Safari */ + -moz-user-select: none; /* Firefox */ + -ms-user-select: none; /* IE10+ */ +} + +div.code-block-caption span.caption-number { + padding: 0.1em 0.3em; + font-style: italic; +} + +div.code-block-caption span.caption-text { +} + +div.literal-block-wrapper { + margin: 1em 0; +} + +code.xref, a code { + background-color: transparent; + font-weight: bold; +} + +h1 code, h2 code, h3 code, h4 code, h5 code, h6 code { + background-color: transparent; +} + +.viewcode-link { + float: right; +} + +.viewcode-back { + float: right; + font-family: sans-serif; +} + +div.viewcode-block:target { + margin: -1px -10px; + padding: 0 10px; +} + +/* -- math display ---------------------------------------------------------- */ + +img.math { + vertical-align: middle; +} + +div.body div.math p { + text-align: center; +} + +span.eqno { + float: right; +} + +span.eqno a.headerlink { + position: absolute; + z-index: 1; +} + +div.math:hover a.headerlink { + visibility: visible; +} + +/* -- printout stylesheet --------------------------------------------------- */ + +@media print { + div.document, + div.documentwrapper, + div.bodywrapper { + margin: 0 !important; + width: 100%; + } + + div.sphinxsidebar, + div.related, + div.footer, + #top-link { + display: none; + } +} \ No newline at end of file diff --git a/ia-terms-updates/it/_static/basic_mod.css b/ia-terms-updates/it/_static/basic_mod.css new file mode 100644 index 000000000..0df77588f --- /dev/null +++ b/ia-terms-updates/it/_static/basic_mod.css @@ -0,0 +1,1194 @@ +@font-face { + font-family: Roboto; + font-style: normal; + font-weight: 400; + src: local("Roboto"), local("Roboto-Regular"), url(fonts/roboto/roboto.woff2) format("woff2"); +} +@font-face { + font-family: Roboto; + font-style: italic; + font-weight: 400; + src: local("Roboto Italic"), local("Roboto-Italic"), url(fonts/roboto/roboto-italic.woff2) format("woff2"); +} +@font-face { + font-family: Roboto; + font-style: normal; + font-weight: 700; + src: local("Roboto Bold"), local("Roboto-Bold"), url(fonts/roboto/roboto-bold.woff2) format("woff2"); +} +@font-face { + font-family: Roboto Mono; + font-style: normal; + font-weight: 400; + src: local("Roboto Mono Regular"), local("RobotoMono-Regular"), url(fonts/roboto-mono/roboto-mono.woff2) format("woff2"); +} +@font-face { + font-family: Roboto Mono; + font-style: italic; + font-weight: 400; + src: local("Roboto Mono Italic"), local("RobotoMono-Italic"), url(fonts/roboto-mono/roboto-mono-italic.woff2) format("woff2"); +} +@font-face { + font-family: Roboto Mono; + font-style: normal; + font-weight: 700; + src: local("Roboto Mono Bold"), local("RobotoMono-Bold"), url(fonts/roboto-mono/roboto-mono-bold.woff2) format("woff2"); +} +@font-face { + font-family: Roboto Mono; + font-style: italic; + font-weight: 700; + src: local("Roboto Mono Bold Italic"), local("RobotoMono-BoldItalic"), url(fonts/roboto-mono/roboto-mono-bold-italic.woff2) format("woff2"); +} +/*****************************************************************************/ +/* Typography */ +:root { + --codeBackgroundColor: #f8f8f8; + --inlineCodeBackgroundColor: #f8f8f8; + --codeBlue: #0000ff; + --codeGreen: #008000; + --dividerColor: rgba(0, 0, 0, 0.08); + --faintFontColor: rgba(0, 0, 0, 0.6); + --fontColor: #252630; + --linkColor: #2980b9; + --mainBackgroundColor: white; + --mainNavColor: #3889ce; + --notificationBannerColor: #176bb0; + --searchHighlightColor: #fff150; + --sidebarColor: white; + --navbarHeight: 4rem; +} +:root[data-mode=darkest] { + --mainBackgroundColor: black; + --sidebarColor: black; + --codeBackgroundColor: rgba(255, 255, 255, 0.1); + --inlineCodeBackgroundColor: rgba(255, 255, 255, 0.1); +} +:root[data-mode=dark] { + --mainBackgroundColor: #242429; + --sidebarColor: #242429; + --codeBackgroundColor: rgba(0, 0, 0, 0.1); + --inlineCodeBackgroundColor: rgba(255, 255, 255, 0.06); +} +:root[data-mode=dark], :root[data-mode=darkest] { + --codeBlue: #77baff; + --codeGreen: #38c038; + --dividerColor: rgba(255, 255, 255, 0.1); + --faintFontColor: rgba(255, 255, 255, 0.6); + --fontColor: white; + --linkColor: #319be0; + --searchHighlightColor: #fe8e04; +} + +body { + font-family: Roboto, "OpenSans", sans-serif; + background-color: var(--mainBackgroundColor); + color: var(--fontColor); +} + +h1 { + font-size: 2rem; +} + +h2 { + font-size: 1.5rem; +} + +h3 { + font-size: 1.17rem; +} + +a { + color: var(--linkColor); + text-decoration: none; +} + +/*****************************************************************************/ +html { + height: 100%; + scroll-padding-top: var(--navbarHeight); +} + +html, +body { + padding: 0; + margin: 0; + min-height: 100%; +} + +body { + display: flex; + flex-direction: column; +} + +/*****************************************************************************/ +/* Top nav */ +#searchbox h3#searchlabel { + display: none; +} +#searchbox form.search { + display: flex; + flex-direction: row; +} +#searchbox form.search input { + display: block; + box-sizing: border-box; + padding: 0.3rem; + color: rgba(0, 0, 0, 0.7); + border-radius: 0.2rem; +} +#searchbox form.search input[type=text] { + border: none; + background-color: rgba(255, 255, 255, 0.6); + flex-grow: 1; + margin-right: 0.2rem; +} +#searchbox form.search input[type=text]::placeholder { + color: rgba(0, 0, 0, 0.6); +} +#searchbox form.search input[type=submit] { + cursor: pointer; + color: var(--mainNavColor); + flex-grow: 0; + border: none; + background-color: white; +} + +div#top_nav { + position: fixed; + top: 0; + left: 0; + right: 0; + color: white; + z-index: 100; +} +div#top_nav div#notification_banner { + background-color: var(--notificationBannerColor); + box-sizing: border-box; + padding: 0.1rem 1rem; + display: flex; + flex-direction: row; + align-items: center; + justify-content: right; +} +div#top_nav div#notification_banner a.close { + flex-grow: 0; + flex-shrink: 0; + color: rgba(255, 255, 255, 0.85); + text-align: right; + font-size: 0.6rem; + text-transform: uppercase; + display: block; + text-decoration: none; + margin-left: 0.5rem; +} +div#top_nav div#notification_banner a.close:hover { + color: white; +} +div#top_nav div#notification_banner p { + flex-grow: 1; + margin: 0; + text-align: center; + font-size: 0.9rem; + line-height: 1.2; + padding: 0.4rem 0; +} +div#top_nav div#notification_banner p a { + color: white; + text-decoration: underline; +} +div#top_nav nav { + background-color: var(--mainNavColor); + box-sizing: border-box; + padding: 1rem; + display: flex; + flex-direction: row; + align-items: center; +} +div#top_nav nav h1 { + flex-grow: 1; + font-size: 1.2rem; + margin: 0; + padding: 0 0 0 0.8rem; + line-height: 1; +} +div#top_nav nav h1 a { + color: white; +} +div#top_nav nav h1 img { + height: 1.3rem; + width: auto; +} +div#top_nav nav p#toggle_sidebar { + transform: rotate(90deg); + letter-spacing: 0.1rem; + flex-grow: 0; + margin: 0; + padding: 0; +} +div#top_nav nav p#toggle_sidebar a { + color: white; + font-weight: bold; +} +div#top_nav nav a#mode_toggle, div#top_nav nav a#source_link { + margin-right: 1rem; + display: block; + flex-grow: 0; +} +div#top_nav nav a#mode_toggle svg, div#top_nav nav a#source_link svg { + height: 1.3rem; + width: 1.3rem; + vertical-align: middle; +} +div#top_nav nav p.mobile_search_link { + margin: 0; +} +@media (min-width: 50rem) { + div#top_nav nav p.mobile_search_link { + display: none; + } +} +div#top_nav nav p.mobile_search_link a { + color: white; +} +div#top_nav nav p.mobile_search_link a svg { + height: 1rem; + vertical-align: middle; +} +@media (max-width: 50rem) { + div#top_nav nav div.searchbox_wrapper { + display: none; + } +} +div#top_nav nav div.searchbox_wrapper #searchbox { + align-items: center; + display: flex !important; + flex-direction: row-reverse; +} +div#top_nav nav div.searchbox_wrapper #searchbox p.highlight-link { + margin: 0 0.5rem 0 0; +} +div#top_nav nav div.searchbox_wrapper #searchbox p.highlight-link a { + color: rgba(255, 255, 255, 0.8); + font-size: 0.8em; + padding-right: 0.5rem; + text-decoration: underline; +} +div#top_nav nav div.searchbox_wrapper #searchbox p.highlight-link a:hover { + color: white; +} + +/*****************************************************************************/ +/* Main content */ +div.document { + flex-grow: 1; + margin-top: 2rem; + margin-bottom: 5rem; + margin-left: 15rem; + margin-right: 15rem; + padding-top: var(--navbarHeight); + /***************************************************************************/ + /***************************************************************************/ +} +@media (max-width: 50rem) { + div.document { + margin-left: 0px; + margin-right: 0px; + } +} +div.document section, +div.document div.section { + margin: 4rem 0; +} +div.document section:first-child, +div.document div.section:first-child { + margin-top: 0; +} +div.document section > section, +div.document div.section > div.section { + margin: 4rem 0; +} +div.document section > section > section, +div.document div.section > div.section > div.section { + margin: 2rem 0 0 0; +} +div.document section > section > section > section, +div.document div.section > div.section > div.section > div.section { + margin: 1.5rem 0 0 0; +} +div.document h1 + section, +div.document h1 + div.section { + margin-top: 2.5rem !important; +} +div.document h2 + section, +div.document h2 + div.section { + margin-top: 1.5rem !important; +} +div.document img { + max-width: 100%; +} +div.document code { + padding: 2px 4px; + background-color: var(--inlineCodeBackgroundColor); + border-radius: 0.2rem; + font-family: "Roboto Mono", monospace, Monaco, Consolas, Andale Mono; + font-size: 0.9em; +} +div.document div.documentwrapper { + max-width: 45rem; + margin: 0 auto; + flex-grow: 1; + box-sizing: border-box; + padding: 1rem; +} +div.document div.highlight { + color: #252630; + box-sizing: border-box; + padding: 0.2rem 1rem; + margin: 0.5rem 0; + border-radius: 0.2rem; + font-size: 0.9rem; +} +div.document div.highlight pre { + font-family: "Roboto Mono", monospace, Monaco, Consolas, Andale Mono; +} +div.document div[class*=highlight] { + overflow-x: auto; +} +div.document a.headerlink { + font-size: 0.6em; + display: none; + padding-left: 0.5rem; + vertical-align: middle; +} +div.document h1, +div.document h2, +div.document h3, +div.document h4, +div.document h5, +div.document h6, +div.document str, +div.document b { + font-weight: 700; +} +div.document h1 { + margin: 0.8rem 0 0.5rem 0; +} +div.document h2 { + margin: 0.8rem 0 0.5rem 0; +} +div.document h3, div.document h4 { + margin: 1rem 0 0.5rem 0; +} +div.document h1:hover a.headerlink, +div.document h2:hover a.headerlink, +div.document h3:hover a.headerlink, +div.document h4:hover a.headerlink { + display: inline-block; +} +div.document p, +div.document li { + font-size: 1rem; + line-height: 1.5; +} +div.document li p { + margin: 0 0 0.5rem 0; +} +div.document ul, div.document ol { + padding-left: 2rem; +} +div.document ol.loweralpha { + list-style: lower-alpha; +} +div.document ol.arabic { + list-style: decimal; +} +div.document ol.lowerroman { + list-style: lower-roman; +} +div.document ol.upperalpha { + list-style: upper-alpha; +} +div.document ol.upperroman { + list-style: upper-roman; +} +div.document dd { + margin-left: 1.5rem; +} +div.document hr { + border: none; + height: 1px; + background-color: var(--dividerColor); + margin: 2rem 0; +} +div.document table.docutils { + border-collapse: collapse; +} +div.document table.docutils th, div.document table.docutils td { + border: 1px solid var(--dividerColor); + box-sizing: border-box; + padding: 0.5rem 1rem; +} +div.document table.docutils th p, div.document table.docutils th ul, div.document table.docutils td p, div.document table.docutils td ul { + margin: 0.3rem 0; +} +div.document table.docutils th ul, div.document table.docutils td ul { + padding-left: 1rem; +} +div.document form input { + padding: 0.5rem; +} +div.document form input[type=submit], div.document form button { + border: none; + background-color: var(--mainNavColor); + color: white; + padding: 0.5rem 1rem; + border-radius: 0.2rem; +} +div.document span.highlighted { + background-color: var(--searchHighlightColor); + padding: 0 0.1em; +} +div.document div#search-results { + padding-top: 2rem; +} +div.document div#search-results p.search-summary { + font-size: 0.8em; +} +div.document div#search-results ul.search { + list-style: none; + padding-left: 0; +} +div.document div#search-results ul.search li { + border-bottom: 1px solid var(--dividerColor); + margin: 0; + padding: 2rem 0; +} +div.document div#search-results ul.search li > a:first-child { + font-size: 1.2rem; +} +div.document dd ul, div.document dd ol { + padding-left: 1rem; +} +div.document dl.py { + margin-bottom: 2rem; +} +div.document dl.py dt.sig { + background-color: var(--codeBackgroundColor); + color: var(--fontColor); + box-sizing: border-box; + font-family: "Roboto Mono", monospace, Monaco, Consolas, Andale Mono; + font-size: 0.9rem; + padding: 1rem; + border-left: 5px solid rgba(0, 0, 0, 0.1); + border-radius: 0.2rem; +} +div.document dl.py em.property { + color: var(--sidebarColor); + font-weight: bold; +} +div.document dl.py span.sig-name { + color: var(--codeBlue); + font-weight: bold; +} +div.document dl.py em.property { + color: var(--codeGreen); +} +div.document dl.py em.sig-param { + margin-left: 2rem; +} +div.document dl.py em.sig-param span.default_value { + color: var(--codeGreen); +} +div.document dl.py span.sig-return span.sig-return-typehint { + color: var(--fontColor); +} +div.document dl.py span.sig-return span.sig-return-typehint pre { + color: var(--fontColor); +} +div.document dl.py em.sig-param > span:first-child { + font-weight: bold; +} +div.document dl.cpp, div.document dl.c { + margin-bottom: 1rem; +} +div.document dl.cpp dt.sig, div.document dl.c dt.sig { + background-color: var(--codeBackgroundColor); + color: var(--fontColor); + box-sizing: border-box; + font-family: "Roboto Mono", monospace, Monaco, Consolas, Andale Mono; + font-size: 0.9rem; + padding: 1rem; + border-left: 5px solid rgba(0, 0, 0, 0.1); + border-radius: 0.2rem; + line-height: 1.4; +} +div.document dl.cpp span.sig-name, div.document dl.c span.sig-name { + color: var(--codeBlue); + font-weight: bold; +} +div.document dl.cpp span.sig-indent, div.document dl.c span.sig-indent { + margin-left: 2rem; +} +div.document dl.cpp span.target + span, div.document dl.c span.target + span { + color: var(--codeGreen); +} +div.document dl.cpp span.sig-param > span:first-child, div.document dl.c span.sig-param > span:first-child { + font-weight: bold; +} +div.document div.admonition { + box-shadow: 0px 0px 0px 1px var(--dividerColor); + border-radius: 0.2rem; + margin: 1rem 0; + overflow: hidden; +} +div.document div.admonition p { + box-sizing: border-box; + font-size: 0.9rem; + padding: 0.5rem; + margin: 0; +} +div.document div.admonition p:first-child { + padding-bottom: 0; + margin-bottom: 0; +} +div.document div.admonition p + p { + padding-top: 0.2rem; +} +div.document div.admonition p.admonition-title { + font-weight: bolder; + letter-spacing: 0.01rem; +} +div.document div.admonition.hint, div.document div.admonition.important, div.document div.admonition.tip { + border-left: 5px solid #56b79c; +} +div.document div.admonition.hint p.admonition-title, div.document div.admonition.important p.admonition-title, div.document div.admonition.tip p.admonition-title { + color: #56b79c; +} +div.document div.admonition.note { + border-left: 5px solid #587f9f; +} +div.document div.admonition.note p.admonition-title { + color: #587f9f; +} +div.document div.admonition.danger, div.document div.admonition.error { + border-left: 5px solid #e6a39a; +} +div.document div.admonition.danger p.admonition-title, div.document div.admonition.error p.admonition-title { + color: #e6a39a; +} +div.document div.admonition.attention, div.document div.admonition.caution, div.document div.admonition.warning { + border-left: 5px solid #e7b486; +} +div.document div.admonition.attention p.admonition-title, div.document div.admonition.caution p.admonition-title, div.document div.admonition.warning p.admonition-title { + color: #e7b486; +} + +/*****************************************************************************/ +/* Sidebar */ +div.sphinxsidebar { + background-color: var(--sidebarColor); + border-right: 1px solid var(--dividerColor); + position: fixed; + left: 0; + top: 0; + bottom: 0; + width: 15rem; + box-sizing: border-box; + padding: var(--navbarHeight) 1rem 1rem; + z-index: 50; +} +@media (max-width: 50rem) { + div.sphinxsidebar { + display: none; + } +} +div.sphinxsidebar div.sphinxsidebarwrapper { + height: 100%; + overflow-y: auto; +} +div.sphinxsidebar ul { + padding-left: 0rem; + list-style: none; +} +div.sphinxsidebar ul li { + font-size: 0.9rem; + line-height: 1.2; +} +div.sphinxsidebar ul li a { + display: block; + box-sizing: border-box; + padding: 0 0.2rem 0.6rem; + color: var(--fontColor); + text-decoration: none; +} +div.sphinxsidebar ul li a.current { + color: var(--linkColor); +} +div.sphinxsidebar ul li a:hover { + color: var(--linkColor); +} +div.sphinxsidebar ul li > ul { + padding-left: 1rem; +} +div.sphinxsidebar p { + color: var(--faintFontColor); +} + +/*****************************************************************************/ +/* The right sidebar, showing the table of contents for the current page. */ +div#show_right_sidebar { + position: fixed; + right: 0; + top: 0; + z-index: 20; + background-color: var(--sidebarColor); + border-left: 1px solid var(--dividerColor); + border-bottom: 1px solid var(--dividerColor); + padding: var(--navbarHeight) 1rem 0rem; +} +div#show_right_sidebar p { + font-size: 0.9em; +} +div#show_right_sidebar p span { + color: var(--faintFontColor); + vertical-align: middle; +} +div#show_right_sidebar p span.icon { + color: var(--linkColor); + font-size: 0.9em; + padding-right: 0.2rem; +} + +div#right_sidebar { + position: fixed; + right: 0; + top: 0; + z-index: 50; + background-color: var(--sidebarColor); + width: 15rem; + border-left: 1px solid var(--dividerColor); + box-sizing: border-box; + padding: var(--navbarHeight) 1rem 1rem; + height: 100%; + overflow-y: auto; +} +div#right_sidebar p span { + color: var(--faintFontColor); + vertical-align: middle; +} +div#right_sidebar p span.icon { + color: var(--linkColor); + font-size: 0.9em; + padding-right: 0.2rem; +} +div#right_sidebar ul { + padding-left: 0rem; + list-style: none; +} +div#right_sidebar ul li { + font-size: 0.9rem; + line-height: 1.2; +} +div#right_sidebar ul li a { + display: block; + box-sizing: border-box; + padding: 0 0.2rem 0.6rem; + color: var(--fontColor); + text-decoration: none; +} +div#right_sidebar ul li a.current { + color: var(--linkColor); +} +div#right_sidebar ul li a:hover { + color: var(--linkColor); +} +div#right_sidebar ul li > ul { + padding-left: 1rem; +} +div#right_sidebar p { + color: var(--faintFontColor); +} +@media (max-width: 50rem) { + div#right_sidebar { + display: none; + } +} + +/*****************************************************************************/ +/* Footer */ +div.footer { + box-sizing: border-box; + padding-top: 2rem; + font-size: 0.7rem; + text-align: center; + text-transform: uppercase; + color: var(--faintFontColor); +} + +p#theme_credit { + font-size: 0.6rem; + text-transform: uppercase; + text-align: center; + color: var(--faintFontColor); +} + +/*****************************************************************************/ +/* Buttons */ +div.button_nav_wrapper { + margin-left: 15rem; + margin-right: 15rem; +} +@media (max-width: 50rem) { + div.button_nav_wrapper { + margin-left: 0px; + margin-right: 0px; + } +} +div.button_nav_wrapper div.button_nav { + max-width: 45rem; + margin: 0 auto; + display: flex; + flex-direction: row; + width: 100%; +} +div.button_nav_wrapper div.button_nav div { + box-sizing: border-box; + padding: 1rem; + flex: 50%; +} +div.button_nav_wrapper div.button_nav div a { + display: block; +} +div.button_nav_wrapper div.button_nav div a span { + vertical-align: middle; +} +div.button_nav_wrapper div.button_nav div a span.icon { + font-weight: bold; + font-size: 0.8em; +} +div.button_nav_wrapper div.button_nav div.left a { + text-align: left; +} +div.button_nav_wrapper div.button_nav div.left a span.icon { + padding-right: 0.4rem; +} +div.button_nav_wrapper div.button_nav div.right a { + text-align: right; +} +div.button_nav_wrapper div.button_nav div.right a span.icon { + padding-left: 0.4rem; +} + +/*****************************************************************************/ +/* Pygments overrides in dark mode */ +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight { + --black: #000000; + --red: #ff9393; + --darkBlue: #6b83fe; + --grey: #a8a8a8; + --pink: #ff99d8; + --torquoise: #68e9e9; + --brown: #d48a00; + --purple: #ce04e9; + --paleYellow: #454534; + background: var(--codeBackgroundColor); + color: var(--fontColor); + /* Comment */ + /* Error */ + /* Keyword */ + /* Operator */ + /* Comment.Hashbang */ + /* Comment.Multiline */ + /* Comment.Preproc */ + /* Comment.PreprocFile */ + /* Comment.Single */ + /* Comment.Special */ + /* Generic.Deleted */ + /* Generic.Emph */ + /* Generic.Error */ + /* Generic.Heading */ + /* Generic.Inserted */ + /* Generic.Output */ + /* Generic.Prompt */ + /* Generic.Strong */ + /* Generic.Subheading */ + /* Generic.Traceback */ + /* Keyword.Constant */ + /* Keyword.Declaration */ + /* Keyword.Namespace */ + /* Keyword.Pseudo */ + /* Keyword.Reserved */ + /* Keyword.Type */ + /* Literal.Number */ + /* Literal.String */ + /* Name.Attribute */ + /* Name.Builtin */ + /* Name.Class */ + /* Name.Constant */ + /* Name.Decorator */ + /* Name.Entity */ + /* Name.Exception */ + /* Name.Function */ + /* Name.Label */ + /* Name.Namespace */ + /* Name.Tag */ + /* Name.Variable */ + /* Operator.Word */ + /* Text.Whitespace */ + /* Literal.Number.Bin */ + /* Literal.Number.Float */ + /* Literal.Number.Hex */ + /* Literal.Number.Integer */ + /* Literal.Number.Oct */ + /* Literal.String.Affix */ + /* Literal.String.Backtick */ + /* Literal.String.Char */ + /* Literal.String.Delimiter */ + /* Literal.String.Doc */ + /* Literal.String.Double */ + /* Literal.String.Escape */ + /* Literal.String.Heredoc */ + /* Literal.String.Interpol */ + /* Literal.String.Other */ + /* Literal.String.Regex */ + /* Literal.String.Single */ + /* Literal.String.Symbol */ + /* Name.Builtin.Pseudo */ + /* Name.Function.Magic */ + /* Name.Variable.Class */ + /* Name.Variable.Global */ + /* Name.Variable.Instance */ + /* Name.Variable.Magic */ + /* Literal.Number.Integer.Long */ +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight pre, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight pre { + line-height: 125%; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight td.linenos .normal, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight td.linenos .normal { + color: inherit; + background-color: transparent; + padding-left: 5px; + padding-right: 5px; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight span.linenos, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight span.linenos { + color: inherit; + background-color: transparent; + padding-left: 5px; + padding-right: 5px; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight td.linenos .special, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight td.linenos .special { + color: var(--black); + background-color: var(--paleYellow); + padding-left: 5px; + padding-right: 5px; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight span.linenos.special, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight span.linenos.special { + color: var(--black); + background-color: var(--paleYellow); + padding-left: 5px; + padding-right: 5px; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .hll, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .hll { + background-color: var(--paleYellow); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .c, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .c { + color: var(--torquoise); + font-style: italic; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .err, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .err { + border: 1px solid var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .k, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .k { + color: var(--codeGreen); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .o, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .o { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .ch, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .ch { + color: var(--torquoise); + font-style: italic; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .cm, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .cm { + color: var(--torquoise); + font-style: italic; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .cp, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .cp { + color: var(--brown); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .cpf, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .cpf { + color: var(--torquoise); + font-style: italic; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .c1, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .c1 { + color: var(--torquoise); + font-style: italic; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .cs, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .cs { + color: var(--torquoise); + font-style: italic; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .gd, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .gd { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .ge, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .ge { + font-style: italic; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .gr, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .gr { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .gh, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .gh { + color: var(--codeBlue); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .gi, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .gi { + color: var(--codeGreen); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .go, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .go { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .gp, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .gp { + color: var(--codeBlue); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .gs, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .gs { + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .gu, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .gu { + color: var(--purple); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .gt, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .gt { + color: var(--codeBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .kc, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .kc { + color: var(--codeGreen); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .kd, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .kd { + color: var(--codeGreen); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .kn, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .kn { + color: var(--codeGreen); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .kp, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .kp { + color: var(--codeGreen); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .kr, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .kr { + color: var(--codeGreen); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .kt, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .kt { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .m, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .m { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .s, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .s { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .na, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .na { + color: var(--codeGreen); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .nb, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .nb { + color: var(--codeGreen); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .nc, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .nc { + color: var(--codeBlue); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .no, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .no { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .nd, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .nd { + color: var(--purple); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .ni, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .ni { + color: var(--grey); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .ne, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .ne { + color: var(--red); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .nf, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .nf { + color: var(--codeBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .nl, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .nl { + color: var(--codeGreen); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .nn, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .nn { + color: var(--codeBlue); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .nt, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .nt { + color: var(--codeGreen); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .nv, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .nv { + color: var(--darkBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .ow, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .ow { + color: var(--pink); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .w, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .w { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .mb, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .mb { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .mf, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .mf { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .mh, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .mh { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .mi, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .mi { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .mo, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .mo { + color: var(--grey); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .sa, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .sa { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .sb, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .sb { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .sc, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .sc { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .dl, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .dl { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .sd, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .sd { + color: var(--red); + font-style: italic; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .s2, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .s2 { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .se, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .se { + color: var(--brown); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .sh, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .sh { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .si, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .si { + color: var(--pink); + font-weight: bold; +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .sx, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .sx { + color: var(--codeGreen); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .sr, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .sr { + color: var(--pink); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .s1, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .s1 { + color: var(--red); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .ss, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .ss { + color: var(--darkBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .bp, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .bp { + color: var(--codeGreen); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .fm, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .fm { + color: var(--codeBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .vc, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .vc { + color: var(--darkBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .vg, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .vg { + color: var(--darkBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .vi, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .vi { + color: var(--darkBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .vm, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .vm { + color: var(--darkBlue); +} +:root[data-mode=dark] body[data-dark_mode_code_blocks=true] .highlight .il, +:root[data-mode=darkest] body[data-dark_mode_code_blocks=true] .highlight .il { + color: var(--grey); +} + +/*# sourceMappingURL=basic_mod.css.map */ diff --git a/ia-terms-updates/it/_static/basic_mod.css.map b/ia-terms-updates/it/_static/basic_mod.css.map new file mode 100644 index 000000000..332d772fb --- /dev/null +++ b/ia-terms-updates/it/_static/basic_mod.css.map @@ -0,0 +1 @@ +{"version":3,"sourceRoot":"","sources":["../../src/sass/basic_mod.scss"],"names":[],"mappings":"AAGA;EACC;EACA;EACA;EACA;;AAED;EACC;EACA;EACA;EACA;;AAED;EACC;EACA;EACA;EACA;;AAID;EACC;EACA;EACA;EACA;;AAED;EACC;EACA;EACA;EACA;;AAED;EACC;EACA;EACA;EACA;;AAED;EACC;EACA;EACA;EACA;;AAaD;AACA;AAEA;EACE;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACE;EACA;EACA;EACA;;AAGF;EACE;EACA;EACA;EACA;;AAGF;EAEE;EACA;EACA;EACA;EACA;EACA;EACA;;;AAIJ;EACE;EACA;EACA;;;AAGF;EACE;;;AAGF;EACE;;;AAGF;EACE;;;AAGF;EACE;EACA;;;AAGF;AAEA;EACE;EAEA;;;AAGF;AAAA;EAEE;EACA;EACA;;;AAGF;EACE;EACA;;;AAGF;AACA;AAKE;EACE;;AAGF;EACE;EACA;;AAEA;EACE;EACA;EACA;EACA;EACA,eAhHS;;AAmHX;EACE;EACA;EACA;EACA;;AAEA;EACE;;AAIJ;EACE;EACA;EACA;EACA;EACA;;;AAKN;EACE;EACA;EACA;EACA;EACA;EACA;;AAEA;EACE;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACE;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACE;;AAIJ;EACE;EACA;EACA;EACA;EACA;EACA;;AAEA;EACE;EACA;;AAMN;EACE;EACA;EACA;EACA;EACA;EACA;;AAEA;EACE;EACA;EACA;EACA;EACA;;AAEA;EACE;;AAGF;EACE;EACA;;AAKJ;EACE;EACA;EACA;EACA;EACA;;AAEA;EACE,OA9Na;EA+Nb;;AAKJ;EACE;EACA;EACA;;AAEA;EACE;EACA;EACA;;AAKJ;EACE;;AAEA;EAHF;IAII;;;AAGF;EACE;;AAEA;EACE;EACA;;AAOJ;EADF;IAEI;;;AAKF;EACE;EACA;EACA;;AAEA;EACE;;AAEA;EACE;EACA;EACA;EACA;;AAEA;EACE;;;AASd;AACA;AAEA;EACE;EACA;EACA;EACA,aAnSa;EAoSb,cApSa;EAqSb;AAOA;AAqDA;;AA1DA;EARF;IASI;IACA;;;AAgBF;AAAA;EAEE;;AAGA;AAAA;EACE;;AAOJ;AAAA;EAEE;;AAIF;AAAA;EAEE;;AAIF;AAAA;EAEE;;AAGF;AAAA;EAEE;;AAGF;AAAA;EAEE;;AAKF;EACE;;AAGF;EACE;EACA;EACA,eA7WW;EA8WX,aAhXO;EAiXP;;AAGF;EACE,WAlXW;EAmXX;EACA;EACA;EACA;;AAGF;EACE;EACA;EACA;EACA;EACA,eA/XW;EAgYX;;AAEA;EACE,aArYK;;AA0YT;EACE;;AAGF;EACE;EACA;EACA;EACA;;AAGF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;EAQE;;AAGF;EACE;;AAGF;EACE;;AAGF;EACE;;AAOA;AAAA;AAAA;AAAA;EACE;;AAIJ;AAAA;EAEE;EACA;;AAQA;EACE;;AAIJ;EACE;;AAOA;EACE;;AAGF;EACE;;AAGF;EACE;;AAGF;EACE;;AAGF;EACE;;AAIJ;EACE;;AAGF;EACE;EACA;EACA;EACA;;AAGF;EACE;;AACA;EACE;EACA;EACA;;AAEA;EACE;;AAEF;EACE;;AAMJ;EACE;;AAGF;EACE;EACA;EACA;EACA;EACA;;AAOJ;EACE;EACA;;AAGF;EACE;;AAEA;EACE;;AAGF;EACE;EACA;;AAEA;EACE;EACA;EACA;;AAEA;EACE;;AASN;EACE;;AAIJ;EACE;;AAEA;EACE;EACA;EACA;EACA,aAzjBK;EA0jBL;EACA;EACA;EACA,eA3jBS;;AA+jBX;EACE;EACA;;AAIF;EACE;EACA;;AAIF;EACE;;AAGF;EACE;;AAEA;EACE;;AAKF;EACE;;AAEA;EACE;;AAMN;EACE;;AAMJ;EACE;;AAEA;EACE;EACA;EACA;EACA,aAlnBK;EAmnBL;EACA;EACA;EACA,eApnBS;EAqnBT;;AAIF;EACE;EACA;;AAIF;EACE;;AAIF;EACE;;AAIF;EACE;;AAMJ;EACE;EACA,eAlpBW;EAmpBX;EACA;;AAEA;EACE;EACA;EACA;EACA;;AAGF;EACE;EACA;;AAGF;EACE;;AAGF;EACE;EACA;;AAGF;EAIE;;AAEA;EACE,OAJM;;AAQV;EAEE;;AAEA;EACE,OAJM;;AAQV;EAGE;;AAEA;EACE,OAJM;;AAQV;EAIE;;AAEA;EACE,OAJM;;;AAUd;AACA;AAwCA;EACE;EACA;EACA;EACA;EACA;EACA;EACA,OAnwBa;EAowBb;EACA;EACA;;AAEA;EAZF;IAaI;;;AAGF;EACE;EACA;;AAvDF;EACE;EACA;;AAEA;EACE;EACA;;AAEA;EACE;EACA;EACA;EACA;EACA;;AAEA;EACE;;AAGF;EACE;;AAKN;EACE;;AAMJ;EACE;;;AA6BJ;AACA;AAiBA;EACE;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACE;;AAxBF;EACE;EACA;;AAEA;EACE;EACA;EACA;;;AAuBN;EACE;EACA;EACA;EACA;EACA;EACA,OA9zBa;EA+zBb;EACA;EACA;EACA;EACA;;AAzCA;EACE;EACA;;AAEA;EACE;EACA;EACA;;AA1EJ;EACE;EACA;;AAEA;EACE;EACA;;AAEA;EACE;EACA;EACA;EACA;EACA;;AAEA;EACE;;AAGF;EACE;;AAKN;EACE;;AAMJ;EACE;;AAoFF;EApBF;IAqBI;;;;AAIJ;AACA;AAEA;EACE;EACA;EACA;EACA;EACA;EACA;;;AAGF;EACE;EACA;EACA;EACA;;;AAGF;AACA;AAEA;EACE,aAx2Ba;EAy2Bb,cAz2Ba;;AA22Bb;EAJF;IAKI;IACA;;;AAGF;EACE,WAn3BW;EAo3BX;EACA;EACA;EACA;;AAEA;EACE;EACA;EACA;;AAEA;EACE;;AAEA;EACE;;AAGF;EACE;EACA;;AAKF;EACE;;AAEA;EACE;;AAMJ;EACE;;AAEA;EACE;;;AAQZ;AACA;AAOE;AAAA;EACE;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EAEA;EACA;AAoCE;AAGA;AAIA;AAGA;AAIA;AAIA;AAGA;AAIA;AAIA;AAIA;AAGA;AAGA;AAGA;AAIA;AAGA;AAGA;AAIA;AAGA;AAIA;AAGA;AAIA;AAIA;AAIA;AAGA;AAIA;AAGA;AAGA;AAGA;AAGA;AAGA;AAIA;AAGA;AAGA;AAIA;AAIA;AAGA;AAGA;AAIA;AAIA;AAGA;AAIA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAIA;AAGA;AAIA;AAGA;AAIA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;AAGA;;AA9PF;AAAA;EACE;;AAGF;AAAA;EACE;EACA;EACA;EACA;;AAEF;AAAA;EACE;EACA;EACA;EACA;;AAEF;AAAA;EACE;EACA;EACA;EACA;;AAEF;AAAA;EACE;EACA;EACA;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;EACA;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE;;AAEF;AAAA;EACE","file":"basic_mod.css"} \ No newline at end of file diff --git a/ia-terms-updates/it/_static/doctools.js b/ia-terms-updates/it/_static/doctools.js new file mode 100644 index 000000000..4d67807d1 --- /dev/null +++ b/ia-terms-updates/it/_static/doctools.js @@ -0,0 +1,156 @@ +/* + * doctools.js + * ~~~~~~~~~~~ + * + * Base JavaScript utilities for all Sphinx HTML documentation. + * + * :copyright: Copyright 2007-2024 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ +"use strict"; + +const BLACKLISTED_KEY_CONTROL_ELEMENTS = new Set([ + "TEXTAREA", + "INPUT", + "SELECT", + "BUTTON", +]); + +const _ready = (callback) => { + if (document.readyState !== "loading") { + callback(); + } else { + document.addEventListener("DOMContentLoaded", callback); + } +}; + +/** + * Small JavaScript module for the documentation. + */ +const Documentation = { + init: () => { + Documentation.initDomainIndexTable(); + Documentation.initOnKeyListeners(); + }, + + /** + * i18n support + */ + TRANSLATIONS: {}, + PLURAL_EXPR: (n) => (n === 1 ? 0 : 1), + LOCALE: "unknown", + + // gettext and ngettext don't access this so that the functions + // can safely bound to a different name (_ = Documentation.gettext) + gettext: (string) => { + const translated = Documentation.TRANSLATIONS[string]; + switch (typeof translated) { + case "undefined": + return string; // no translation + case "string": + return translated; // translation exists + default: + return translated[0]; // (singular, plural) translation tuple exists + } + }, + + ngettext: (singular, plural, n) => { + const translated = Documentation.TRANSLATIONS[singular]; + if (typeof translated !== "undefined") + return translated[Documentation.PLURAL_EXPR(n)]; + return n === 1 ? singular : plural; + }, + + addTranslations: (catalog) => { + Object.assign(Documentation.TRANSLATIONS, catalog.messages); + Documentation.PLURAL_EXPR = new Function( + "n", + `return (${catalog.plural_expr})` + ); + Documentation.LOCALE = catalog.locale; + }, + + /** + * helper function to focus on search bar + */ + focusSearchBar: () => { + document.querySelectorAll("input[name=q]")[0]?.focus(); + }, + + /** + * Initialise the domain index toggle buttons + */ + initDomainIndexTable: () => { + const toggler = (el) => { + const idNumber = el.id.substr(7); + const toggledRows = document.querySelectorAll(`tr.cg-${idNumber}`); + if (el.src.substr(-9) === "minus.png") { + el.src = `${el.src.substr(0, el.src.length - 9)}plus.png`; + toggledRows.forEach((el) => (el.style.display = "none")); + } else { + el.src = `${el.src.substr(0, el.src.length - 8)}minus.png`; + toggledRows.forEach((el) => (el.style.display = "")); + } + }; + + const togglerElements = document.querySelectorAll("img.toggler"); + togglerElements.forEach((el) => + el.addEventListener("click", (event) => toggler(event.currentTarget)) + ); + togglerElements.forEach((el) => (el.style.display = "")); + if (DOCUMENTATION_OPTIONS.COLLAPSE_INDEX) togglerElements.forEach(toggler); + }, + + initOnKeyListeners: () => { + // only install a listener if it is really needed + if ( + !DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS && + !DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS + ) + return; + + document.addEventListener("keydown", (event) => { + // bail for input elements + if (BLACKLISTED_KEY_CONTROL_ELEMENTS.has(document.activeElement.tagName)) return; + // bail with special keys + if (event.altKey || event.ctrlKey || event.metaKey) return; + + if (!event.shiftKey) { + switch (event.key) { + case "ArrowLeft": + if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break; + + const prevLink = document.querySelector('link[rel="prev"]'); + if (prevLink && prevLink.href) { + window.location.href = prevLink.href; + event.preventDefault(); + } + break; + case "ArrowRight": + if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break; + + const nextLink = document.querySelector('link[rel="next"]'); + if (nextLink && nextLink.href) { + window.location.href = nextLink.href; + event.preventDefault(); + } + break; + } + } + + // some keyboard layouts may need Shift to get / + switch (event.key) { + case "/": + if (!DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS) break; + Documentation.focusSearchBar(); + event.preventDefault(); + } + }); + }, +}; + +// quick alias for translations +const _ = Documentation.gettext; + +_ready(Documentation.init); diff --git a/ia-terms-updates/it/_static/documentation_options.js b/ia-terms-updates/it/_static/documentation_options.js new file mode 100644 index 000000000..9feebd4c3 --- /dev/null +++ b/ia-terms-updates/it/_static/documentation_options.js @@ -0,0 +1,13 @@ +const DOCUMENTATION_OPTIONS = { + VERSION: 'version: latest', + LANGUAGE: 'en', + COLLAPSE_INDEX: false, + BUILDER: 'html', + FILE_SUFFIX: '.html', + LINK_SUFFIX: '.html', + HAS_SOURCE: true, + SOURCELINK_SUFFIX: '.txt', + NAVIGATION_WITH_KEYS: false, + SHOW_SEARCH_SUMMARY: true, + ENABLE_SEARCH_SHORTCUTS: true, +}; \ No newline at end of file diff --git a/ia-terms-updates/it/_static/file.png b/ia-terms-updates/it/_static/file.png new file mode 100644 index 0000000000000000000000000000000000000000..a858a410e4faa62ce324d814e4b816fff83a6fb3 GIT binary patch literal 286 zcmV+(0pb3MP)s`hMrGg#P~ix$^RISR_I47Y|r1 z_CyJOe}D1){SET-^Amu_i71Lt6eYfZjRyw@I6OQAIXXHDfiX^GbOlHe=Ae4>0m)d(f|Me07*qoM6N<$f}vM^LjV8( literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/_static/fonts/roboto-mono/LICENSE.txt b/ia-terms-updates/it/_static/fonts/roboto-mono/LICENSE.txt new file mode 100644 index 000000000..d64569567 --- /dev/null +++ b/ia-terms-updates/it/_static/fonts/roboto-mono/LICENSE.txt @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/ia-terms-updates/it/_static/fonts/roboto-mono/roboto-mono-bold-italic.woff2 b/ia-terms-updates/it/_static/fonts/roboto-mono/roboto-mono-bold-italic.woff2 new file mode 100644 index 0000000000000000000000000000000000000000..595f902d68935d83d57867dd7db0cb06c6caddfa GIT binary patch literal 41628 zcmV(>K-j-`Pew8T0RR910HT}#4gdfE0a8c+0HQ$v0{{R300000000000000000000 z0000SHU?lnQ&d4zKmd+V5eN!|xd?;2TLCr#Bm<3d3ypFB1Rw>490#`<3tMyYn!|v&-vh{`z(Tk|Rit1bM2f%*ZhlKLoSo{aBIqx8Jkh2Xor^!x}3- zE$MIlw)TDByjU>*-FGc`_vDKHfy-Py%3TJ=#z^Z&)QXcn^@Setum7q}_uTizC1w^G zoRW$*r&5!5dI;v$-HHWc8?1|MEQ%gWwq``7fQm|3{YK;)uUPrKRj*&^|Lcbp-|7I( ztwZPm8T*cK}7%k!Z-RI0=wNm zKbC+0&&ybkXTP_f@^Alp{_Ryp18Hfn8%Bf%yR7k6Mhj`t)FiWMRkWyt-@E+%orKyP z5@TE4U0U5t%IpiJb|Eny;V~Y5JN_RJ|If3=@AsL9O6VjKT{3h@B)(Ym9IVt|x>#hr zxlro%j0AzfNDW4l^*1nby;5b1u#T)b$(R~Z6M+A<$8y$*!pXM+fe7(BOxmtk!rHg8 zqRv!K?d~ht1=Nf(V;3L4gU1K|t6jD0juICDbfmBLYXMnFEpdP(+i`&Gl)!R)zp1|B zZagNWN~DW^tn71hT|>4|Y5VwCtN<3k0=5>%K*yj=0420Bet1@-^?&xdytXe3Aw&%c zk|8SM&bqb6$4~cFInDZZV8J=OFXUee@1E&}U9==coWeqX@K^fc)7ndw@ZoSN;R`7t z@x$D{kSo-?iciFmZMc1&9J6K6LgJ&$og*ue_o@@q%77vk7jl)e&cNO-ubBD6I%~go zehRMw$YzPjq~HMx#rL;n-d+}X6r>bG0qL*({{aYs%ZzmX2D4RLM8c|Vp$0-oRK_Gd z;}#0$CZzZYH;5l{Q3XSfZ!i64H!Xb4+$zz0JVWozz`G<7#t|45GsLr$>hs0^)?N4*uwL_pQtV59twl2 zMkmFrY?7z;D+UpA!b}J|tp??4=xnG`(AQD+A)$m2&Ud~({ylQLla3WiFu?@lx<(ig zge#0l+c!SfW2yfEBawDvw;2*89xm^Xd5uk2RHBWObv*yZ?SI>}CKC}P3K9QF*$$V! zvW?|`L#@Eb|k3j$$zVcJ&CdDf4v9}F^bVE z`28RlvGq4X`(mWElwV)(_Xom)V4p-q>C})v8x*E32w&K`pO~-{bfC&AnegNI3-=<|YpV zE%`I#-^#y}|DwPU;({cEe4$t<7wUy3VVW>Q=oXd;>x4TM_b47vvJNJR=pwO5E2+i)M$TxXMo(nsb9mNh~J^R<1H~jf;f5j!=vCErp&s5cm zSM=leW|=(?*?tU+ACLYxD)7m(A%+_d13P=1eY#r$AAW0f3zz#ucRm%bId{!In3ClE z!QN({uJ)}JK(4R#z=KmRH$wnvd~Uh3G5_18qhzs7*fH#U>+1D&CAN;W1(Acb1MS{6 z=VPzhYUJI4>rMxIlN$Jc2BciBbzH4*QM3}JIvtb6KxwHEYRyt)2(aEk%N(-F&N8X6 z$`P9nZ)AA*G6}3!TnKHf%VEjk!`cGrZ~}yw)Lb?SPY(z#4>ANwVY_mb>Qt%WV83o{ zI&>O#%b+2B#=Q32OH*D+^4OBk7A*RW6LuDO!xjWifEE56s7*0ymZ*|)DyT@PSsF^0 zAyWe;XR3p+WKnrA6R;yFHrk{*5$pdDeMBr50 zIGI%ZBj;?=oK2Q9$#6LpE~d;#@?46_`SxhCfGeqTH8pZvi^h#KxSl#U)8tlKe4I9S z(&ctK3FJhQe3J>ErO($H6M%V^Id|L6k6G|jJGd8{iCDbIGGWp3Dr+XQ;;qj7lOw-p z%al(19hZOO@lFAsbmudF_2RoeeA8Pq4>ICW9Cio8`yudMX8Nl&OQmWJ%GFq5Wpq|W zA47~*yD$YYr_h=drP$h(q|~~US>GWWI-E)yOSDOPN3$?BsZCw#ODR=u>18-unmqZ= zDNv}$`7&K_v1?^3Ek{|ooh`3?`QhiHOK#B?jUW8BW_>%0!7u(Uuw-SZ;Ry=IZ#EWLvi)Imu7&5% z0E9{@t;*DAcjsONx!nE5m*OHUqFAd6y;LNzRaL557jaOvIuuo|HqvNVRj>C;VVqT? z-Y)qivq+1n6oimhz3g>w8gHVviHBJHi#$`UMhZFK`>}*l8jt+k!F=fV{nC~H`mE59ICx8$1Qz;O_vi zz*_(_F8)DB6IUWu+t5cmtCbE3`_pUfcj6*=Hbw{^ee|=q(D46yfukElllZuOgU~%6 z%KvuDt7*o+wpF;xkEBU@7bl{0CkQaw!Z;=-MOxSCNHcn7r%n?)Xf;%FQzd;jT}mXv z922xCrBG7I)=io?O&lTZ`_|;L24xmo1?OdK4bK*QA*=~lHGmqNf%oH@`YOECtV)`6 zAj!qVUD+?AVl`_h1sw1cSD0WdAS`n&LJ%VTu5Fi@Wnn;?cVra&Y3`s0D9suvFodd~ zf)6U}FYr!>`;^$6(-?-X_b2|Z>Q2@F5r)Y)41E~8^Ewaf-gNURoF>(wI~?-HEYbD) zDBA>ZGzg3_=bz;GE;-n_z&});rcFDIw~7MGl6wo#b^@YR35N zEA1xxi4gsjAbVX8^HEkFRJ27EZc>JV8`O@lz+Tr=rywgGWZI{TqC*?z%HduSi3zrC z>AKbuxMOt+XS=mAqAfba=jSc@c!7;8^R3|v0OgPIk7wu8(TpX8gpuw%J+uO7JwYTt z75S8`eU5u9PkdXMrpVdGhZ@u=C~4c>A!C%fZlNCJdE$8>K!|;|=c-GYD+AlX?E0%jr75+?ZI8#wDFvV?VxONmWtXIhU;yUtwC#AXMM zpdhC(YH2IBdLqKlUTC_dEbs6&-{ksrco>-Y%a8^yKxVjPFkGH5k zODpf|ZLqs9j>LMW{^Jrcl1b=xAcslh#`8(ugT&giIJpXX;OcBXH<_VzZp`sSj|)Ow zQDz1|$w=&|14F`#j1_Y}4%Eu5R?AhYV~hf`bU!iX+yu-Zb%1~&q(k%$AZS|9fQxDA z$)8rmW(g5W@QM~Tvq36pLCc^Ve#@x+VPem1kw8Yy#xP+gDk%lCr2|N(eJqhoh}F%u z!B=I8d_`BP++LxHxDjg8?v^F(nW#w>OB`adL}_Z+W%PnubgW0Urp@cO)d)}`g;}Ez zA!C~)osx2JzT{TxQeEjwJ!OlWUh063XvP_*{_`X6l4a*~{)!W_*sqs(VYUUjvo+DB zK=l*`V2;TEs-RfDUlc1aRkL%+ldSE>)gip%mvPW;Gg{7A0`mror;QMRxI2Hq<62 zm)DDy-c@#u;%ou@3M{?(B9kmBb=H=Teywml>)L~rlOM=tC1y3P&6tzd+S~!dj>vgU z)9W-EQ1{wFAVfgAKtg%g%wk7Vq z9c>I?_^Yp#9xf98EKx3l7yCbeFan(ufH5kkA%9mGSNwQ^=L<9u^Wf^-K6H~5V@+Vq ziNr%igtrPqq%%%7qR}kr5q&eJibTg4=XnQ6En6X%?n!98qw!q};`m|V{m zYw@$Sz_8v`F9eyXnr8nA1*&}f=hLdE1ODXB$Mp%aU} zolnT6`~c__*31}U_vktL?>`gNd0bf=uF;4aTEOZ3Eov37XCnbhu{NcL{~{bo6STVX z|DjQYAT@%ju*giCQt6J#2VxS}DMr_TAcASTA4A1e$YTf((TJ$$BZ06Y7xFW4;=T^? zK9946`KGN>4}pN}4Jr1%7~Dg5yn>^zB|DJLabqX`KIM1|txeL=trxxd3p^Ar;g~x8 zmRh`x!fu@Wh?K0R&IM9bd6O7OE9H%PBdkf)?h66|5Gi$y={ecaXm z;0H4;gBEZ|4km_Y;V;x^^Q&-WU{Vg{xQOb~11!d@P*ezL$s%cBz>F*w(h!?&h6J|R zKmsI5u4XQU4mXFLO&WH`pYulTzHicYa zU)RkiwXWe^hz)QwohRJYUYbw0DJe3T_6y;xD6>&`YRp-i6L{-Vp=x)Ex*_J63zP1! z*ME6Kd98zqTsh3F_#PS}0LV&20vlS-@pC1Mh9T_p0&*-j%xXT}vPqRqaHGeiZ-RgU zpKlNU=gJ6s6`Gp>A9#5r%ifu`0CpXO!&AZ=da+V=So*Jo9_QlS#R;#AAqKdH4v+ar63fT9NT6IQhW} z(vA(!f@M}Igr;$)VLTCaad z&5A+!|3CyZ`RBk^Z3>=_Oda)W+d$Ncqz}m z7&j?j!YKWkazs~YFeFw&s#B5c&n(6V6tRvgJHB{bB{L{GtwHn(2J_4SMD30l4vY`d z;2Y^{*O|=32EP+Grf_ku)5gvDE-%{G9MO@B{}H3KQ2izPys7rmf$Fo7ch8LCgOZgs z{*H=bxAxY}Kq0RE{7SYIari|^7#K?G>nt-(wto6-U(k=)ONN~93)(8AZr?Ijhbv{E z8!2X~JZ1*`TTjI-ng61=*^BlQh@2V11RaQ@qd#4@H(KYGK}I5s3#tNX|3~3|YEr z0)_*e0^ftM_%BN;Kd0r@5vJ63e};WA~ef4jlI zx<*Z>!3#l8@cg3u5Pf>iz~?YvoB&M8An3mduavrs-}^9<&?KdlL%vETRRdrCjY;b9 zIky8!*XZ2RM%`FBAiyKceZutzkyz4E#S|B}B6n5u!$>z?h~KH5d$BOXI(gd*x`Vw^ ziWqwG0Ao~j1?U;G7@~nxAX_Nwy#A?nAE+jxm}ZBqWKMf3LXiPh&VyW&D)*Lm9IEMS z5lBNWgjkkQbf?>9LPztI@)AvW7QjRc$KCDJ5B-ZtMFiOXEuz1Ek_ubP)wxy7>3Tj{ z{sqz6j1k)$2HcR7srTuDKAZp0e!Mf%A1U1*r3+GOf$OX(x3o2!~oKPRBR ztX<-l$ZQe}XeQ{xA&qG4KsXJ2I0x(it3iM>B=)D94?)J(8cWs&t}q&>-aARf2fr#= z(0pjFhl4)Ps!hSPl5QNadh&{OOj~0GZ!=sn?PXWT{+FbR>+%oQDWQkYHU`3F z1;uvBc@M6@h%9x(Gb5jpatotM6TK=(*yl~V$=J=L9L(kwhn0xBDN7=MM>&ws&V0s# z7R?=5Cx{|0O$Z_y)6tR40G&3hq0>piy`Cx-^1;-k?*eS{uq#*9-T~ zBcJM?FD~_~qIh_N%vvh^>_**gG6H4P6>ISU02}fe2mn(JHFZ&Wz2{cydOehe=v0Oj zD;F@DyzqUE5tBIEB(3#cC#_dF*^3^YH$pzY_d##G=&pqZ=;=HuT8c}@4}Nf~Ad$fM z63t23vuu!&HlPOO3(=(-(UMz2Bu1@1$Am1Y>wgUFH0V{KuKT(Q`~%irwrMc;AAc1i z0VT@bZ3&8zO^Uznm-#Z*6`*_aAn8?fVW~+o#6-V9YicdBtj*tUoH1|-0@1A2{9O8s zz(lg+Krp5@tH{XYqy!+3vA9q~e-Q$5J~2Ynfj#iX4c$x1+x7~9O}7JoWvhXEV$3Xl zhy%NBFFeImxwZ-E$yt$_BEjq$nxXEYl{ceZj8A>CG=oSbC9C$&20Us-q8m-7D zv#xjjCt#-b@OeBi(&wf{|C2vOOwK`An($re#k@|59>-Nt_bB6_;Fb=e=IVpj<46F= zD5vw=fAk9zih=;*bAnjtVYc^eF4OF`CV@mi_+~NZk-~*C|P5y~}}BwORA*!7KMu3N#|sjr43Ul1s+xp8iC% zfYR5LbXzxVtE+BH-!Eqhhmm>7-gP2NNiRzfQ$tg-&PLg7-~22p$`a+R3SDye#NAR3 za0mQ0{LiS%)b3e)eQW(obK%o3b&y`ZtIueqSVbSt`m)p#o##D5j%#lhI5R3%J^vY; z8W+~j$Z2->Ev}v!17YJ-MWyPnCKWH%O%}|{3mh+kvlTI7{~W-+Nr6x505O~A-l^be ztv^GY9CWbL=%mjsthcWsLp9u}Gw7j1`-GpI{4Q=x&GQuOzSLEW`#~F*+z{WTCPLWF z23Vf?_Ly{a4zsEHtWT&6Zn5ftLe=K!DjdOHel!&aX*_<3T$}zmP z-qPErX@P?;LugOA{%a!&c=@+Wf6>f9w;Ga_w|zFW9|L0o;gIkt}8P%(`0j%9CW{B_N8QE@lVt@d$y++m8!C&xj)wvwiFP0HI0 z^N0zewXvVo>XWKGS=%@Dbdh)j`Z--LnO0CZl8I0sk;fPlt!=zOm=r;mVbM2XG30)y z{1NeyA#ti!vu|A{2hTM>gg~cP8W3K2Tf4c7ADpfF>6k}~CD;+bh%N)k0kt!N;UE`? zSKHUv2-zI;9;a0ggd1O&gxPr*dDcN<6E;HNzk1|ZMrwEBM1yitHa7!p1m5hjjkIJ<6&{SMn2L4$3fzW`zzyI`Z^?K3d?s1DC|e6ETUe&yC_||Y z2X#BnTGwWr9E)nCi4L2#_GtyKS_Wg1zA9)c=|3j8h z=eC-ExKD;_<*rh6_k6ilXqJ{V8~ymzmzHv3F^3@W7fA&2SY@FU73wTrj-B znT?=3Cr}*BOlxM%*i(Zc!a)oSf11uxB3#5PeNonzc9B&@L)wUlP%2<5>!RwP*np!k z+17?p`;U=D+Rb(4K)E^$vL7v%&5YSWF3aS>Ds`>V+PnanEpMJ;pb{>idV3oe2RsAX zreXxq1I`Q140iw(OhCu)TC2llEEOr*G2U(yq~uXaSpww;Hw5P_%iwGRaCI6xp%zEh zd##Th<1e%dTGL~=9;T``se^zm#d{z@2`T*boZr&Mk|=(AIs`ijL;)j*k!&1l>E{?V zkZy$T15fvJiK{jN3{E^)Mg5cwfo7M+bH0u2vio+E*LCBliePX%*5U#puctwn3Sbcx z<3T_Cv~1S-vj8Y;&mNcdy7d)mo_uWsh=L#8jsqSwsuD89hrE^W18P`&3?{JxYt__h z3X$8oHl)wz)qw=>RDY7X0yXK5hD;CcZTTiK2|O~6)R;o+p-z#Mcs|y`Jm7BEFJL5O z3<|%E#gWx64@kiH7zuCYsxnf>${Os26LOKD902oyqp+qNJaSlc?eLj3ScPV@i*K}o z-Td3VsmEpVrIN(o-VH7|%d7NZE{qT1yn`j1gF8N%dTaACNT`5FaiJXngAc1GVA615 z*TXrM^L6)riGYIOoya@x13K%~4MN%Zvw{aB{X6tNkWL(omZ^_fgIP2MF&uPKa*7bO z?}u(4FX%5v^-6k_7Fpk_3wEK^LO(Mf35_i3+kGxcLq_^(dt)qb(R5PRUR05q0(tAQ zs>^CE6+v&3*3^w$1_{L$CqG+ahm79^+l>|sSTSV4XzdyTFF!efoiAtUn6;{0EXJVq zQ0V+_7U=8B&Xy*-A*+C7FmK$@Zg0Y;NS)5&PUm)Np{`~(rr6p*`}j$=-MLF|1K?`QQKEv5;aX7|{ zz&BHgO48&#q@9Ze?I6ueTGw|F30=sScP!EY6dZ#sa27JRAT#Yk*~V#ZtWDpF7*hVZ z!FIQp!G3y0`cb(oS2&~aO*e&%3md>`aWT^2BSzSaJQtvMVsIJ$0RJdC^OIRsPNVzF zN(`GB2Kb{74;x&OENJ`}cq((Mw0h%ic*Jea`XgbHtGE4+yP>Nwe z1n5agwdwkg-}!I|P@1!D^t5FD9(@+Z3jaZ@|Utc$+XFkBd2B4Qr*z>)4A<_EjU z*1Z;vGt5`ushq2 z-aZ-hA)bfOvz_f?mF{O{zXv)H9`!=i!iV-9jEPZEA6OnOZ2UJsWIhmlz0~L zAd32WAuR}bklaENBTnk~;LMHp%rZ&_3$a-V%jhZpw#ut*P6TN}3yjn~t)Dd@h$iof z7P(b~j<9Y>RLjxtE3ou|Tq1A#x=oqwDa@h|9w@k$jzsaMLwWyr;e4rW1meFM&! z9NW$m-1{-wMWZY@PubHlAO9sK*CpTUZ?&S!t)9!{t6GO6Pv)>`w5IZh`U2dLg;{E_ zq~%%*+&3V(q{+*LXdQm=LL0C82|s`xA`3Nkh{1(NQG18Sn7e&M5=)r~n2$5~9<#Pt z79!SGwM{m1j$_VqiKupSyqOUP@={!#n63s7_$h=FSPBIPjZzvAu6kj?sb2u`;#xmuQKw-y zV09ehx^R$(S!;9lKE(&CImVUP4H~dZhoyJ;aO(`up{pt)hJ?IN2j?meT^D!%=pEQb zxxg07liEJ3QU8{?qaPRi=pr!)&bXbTIx@|+v0ZnyC36i#0?TLwa!%^nNabpzZm#KT zsq?rR(~6WkQhq{gS(Z*8VR@`C=VdOD0@jwiTiFghlzET_+HcT-C7qs-6e8aAuXI$% z;IDKd91P3bbpY1}K%-~#ieK9ZrIXoom0czgFpVaHGEK2jo$3%naS9Uhi7L0Eb&m%Q zH1NRY=gM3~_g1Y7sDg-;=&w1o7b_g7=r5ohlhEHh(a~Rt1z@wr>9|`rzA+EkXFX@B z1sv*p9@X`g_DB%@xpBb{DSN4RPX3(KvK?D^d*E}C>h_lWFXTu~fW5^j>xL!;(|X=j zd)BLOhSyl6egIa$HPw77Z3gpl^-f*HhGZ)yf(dq#C){RU1j5mm!c1D#-xKCtNQ(q&Ax|w9cPeH( z3@#@>r}S?-4i%)4zcDNebZmw^BQ0+2TOZJZ5qnA*Zf+22><=F!0&e(%$ly@>qG5H2 zOIochqLM2_HU)%-(En8#v(LE!%VgjS@0gHDpNq!=O;iaN(rv6{`B;DCHfRMM;l=9T ze-yFAH1aK58701eOPLTdZ#Y_Ij9iREJfQ1 zR)n?;K9*!ePt(n&t%p$u*`L@^&om+@B^Q-rt&TSh_^VnTQge*T`o?J*9@M+oq9@fM zPcA*qWn>YUj44##ACeDwR(t9qG+YSmm&Zv{%O%vw#>@Mr_ih<>E2CLA=PcV9A=PnuD7PDc0sm?E;zp z0x}$z6HG2`T91i>q)hg_Gw;Vx%v!54#Y%plrW>SAf%ORL1M7vx->6( z&q}IM!HC@4ryOQ{S>C}Zy+?~?pxA19-ot7{)3@N%IT{CnCd!AQ!uEhFd>P@4L51`0 zp2I21>UWq5Rrf?hr>GYTV}=G9Lg31b$cr!&)(fMJK-)DS6e=7BTaV-c3fG$xUG3h+ z2OyVo(bYg%_xNjVPCD=>|GWPvZy;u9^jEH~Ux2FvD}_S7FWebeZh6qcSq#p3WX+SL zpf7vh@+j~Uxs1J$NfjZxD|#hV(D|%$*433$!>F}B8TQzJb+)ps0eRTVFVF<1c>jU85^i(Gy$wt z*(dL~>u_HoLbV(Jjcn|KA znyl}uBSjap^rZTSXv``eWiB*I>TA%fU_aAcJO>X$fre|9aQ@mZ**>*+0l zMszKioAlcd#@*e!AP$*p*7$P0f;ZcCrMz4s^h|K@P+h4vDi724Q+3xw35nBv~q1S#-j3*L{Kem^0dy4N0P-D6kC!TMBXs@mzW4y;#t5XgOer zWvp#wxl$ACA47MvLawJK-;MU_t~!S(6f-8%rzEQp^`lL?;`m)Obuyh1sidNn1Dh3b ztx8Xs2gt;Weu3Z>s{=A+JDC@=HstgkkcBEsDExMa)#+qk%DeIxqtZtsa@$Ag(C9(* z@RkXUp6@f!M8^j>`-umR>IF$-J*ru@ub{Y5#WE|d+!9||XdfOz?%gV??9a4#aqkpS zikejPToz@k@`etfQ9jT-z9(-;HH+?&{VhToeB|!y^r!3NNSeRMqR^-U`EEMKsd(}% z`b94V15)iUu0SrsqWaFOv$3>eHMld(T3>6)5&Xrn zAh#Q83e^+=K&7AV=Z9z$aLk(j%KoP2QYDE!4@4&doxqXNl(i?G||dqt9k2kwEmJXmb-=HX5c zt$t^xO+?`*&Xmr(1>OM_&*|;(e9fE`@AMc)VD*2@y+@$WuROzRY#sq*Vc`zfJlo6U zf!F<63MFOPu&T%PY;c|07u$DZv`=b+JmL=gqj#H9uEz>oXIhtLAhrWG-Bad!fpCVB z1Gj9WpZ}i?Vf`%hasNvR_{AAjoF3ZGlTvnlR3E5w37*YGHJcy4-jD(ecw?tU!E_AV5dFt$Qy1**Mw8g8?gpi?y}q)ec^P(4#oUk2u_FfxNj z<8rtq&*?hhjMO>R)?1ve;q4!*YH2u$ApP3dU;R2Q4^_v z>ed2=;^}70tlEw!61mirlw@bQc*-&&=!tc~7^8PFOA99L*ObER0IShD01$+aB|1?$ z#uym>vI-XA9wevLIrKRg!Km#;47hfziB{ZPNlO4O!&RKcPPL3osFWOKyHtq=l1S@h zTk7Uq@~5dt&Uz1lvq;*|9#nCiadHbDfMzEjF#@gNcJ3%Bg_{hZ=Gv+slu>>B zV}f~|sn5!dl`sqZHPH;V7s{Uxi20L70c|z8s*j($fJ!Q?+{X}76Urd4*p5=GBe1@d^iQyi-yu=%b4p)>9D32d}903$r*^4lnxs=Z=* zeBX1R#eM0T>~UUExG;Fj)VkK5`6T>ZAsO8a>VC#)Z<6sN!g|FEAh+(#1=Y@J!(nUG z77P6xS=GQS-ieL-*)X3^i>1 zED!o3nwCWj)X$F#^bm7Ipek5I5+pg=6gq|Xd=nIJzUXk@eVrAnM5IK}p1@Q4qeY;T z_8hccuwbMyQnkC01z1Dco~Bbf9Sw*(fHWc`HvJLYnFbV8uE-&Bs~Yu!aJW(k0&+Z2 z{*~RUMdQit0d4FYVBd0cRoj>%c1z+mzwqVe=P6aCP`EV*ta_3 z`P^4o3^E1#6v9YX+&!Ga(2`U`9h#2KwQqcJZ?CZiUIPODQ70Ef{KCKd0#Go1)j$HL zzQri2?5yLb0n?GRQ3lwOT11^W>?iznh9_m?0BF8%uT=&y;~1+2s^CRkS~6-@ErT1; znQ3kI#R~-yHdZPWHz$$vstx4i)FOH>oi5mv&Ex=k0IIWZ?K`nEOAQt9tbuN#n{;bo z2DHq%sA&0$P?)*WO=AC5nF?6jMwKrQC|s4IFTsI#X}`qq)qJV`R{WI* zUxS(eKJ+e8`RyJ?Cp$rh^~eU-PFRLGAMm(6uHrKUGcYk`pnI)8t}iO!6!g#|1u*IF zkKY9P9x(Y?x^#H!?*Pg-3>a`f?|l6$r$OokpVk5Oq5A5WWXeV2AA)?+VN#O99r#mc z5IIEZE)^19mitm%3LmKLxRVNu`q{8u#`nN)m6tV!?PUL>=#Y2dG||G3t(wcdjg+M< z-#2lkJ|D8dPB|%&q>@a9N#ZPO&IQ$u(3M}E*j-t3sm8TolV#>OE=C4%77Y9q%J7zu#$g;ZDtqW07^ zeNOYZE*%vH`7p{lFW9y!3FIB%&&cBYDhq~c`0OyOS4GIf?PqU@mxzj}NhIvxgpRIk zOgH(y3tsRji+ezNf9|Hc_C+U{b_AB#6-frJSLg_3J%#2KPowD4tJ&(dV?nt`>=^@9 zn;budtoR>@%FJCRnqU4lh-^@LjP8_i8KX|HPMw+@ z={WmX(jqFR8b#&LR;(vRzPxvUCr%g=FO4-y&*@W*l&xOf2sT`!yn_=&GZQ`bohV6)eSYeh?QjNi(1kdZ zGUyiOmQ%2H-wCaRLW+ez0mulrwVe~BH&VfkR!!>HAuWP2x&r@3V3J7vRe=3}e zBulr6XYa)TDmTbL123!`UGw0rIeXUOE*%O6*c9STuURw448&E{wZb)ASZ=?1rp8rp z)w><$BQ9jn(y3{x5AgYfFv{P6YK-aZEGnT-Il)F1xj47|hiTbTn3!smSCE1F3=-)5 zk6V#)-Q|YbqTTzqn#sA!NSo0B$-uvOYkUQXa21g3w#Erwlw7+(wsd8=Rr5aG1QpSAMFs3U&zQH;yk^GaUhiDfy@+2sYE$DM3SihxSKv*nkzCpa?V0`lN;tMx^zYA% za>}|N0Avc>W2kY4P z7xIP5Zfs_fv*qPvpe`MTMIM89AEMGjt&ouu=k=ZIrlF>K)%5%-$@kgap%)Vd9YTKriirPx=CFO6H#F@^WK6M{kz(R z(F(e&dB-m0T!d@G!>g>QpN7&Yv|t1bw0!qARL!+fea^U+PCW_$Ax$^kpg~O#@MMlG654FW>FM&16gsDHM9E{|AnK0;GI*{8>hhgR3+S0pN>(x zeqn~0gz0MqL`{KKIJPVZI8xbglf z?y*VnGvGLjxug^(QSeYqmmD z7mQJ-cN8qyXqG}LJZM6Uh%s|HTuHPTuK+LI@iSTl+YDMHs8tObwko=mn*>r5dAN54 zGI1~a$)~v1d8AbHZE9m{nag6G0C@lQcPYn$l)bTj712q^v=<2VSKbsG1_vC1%rXYb zvRByFXUaY@?<53TzoyfDM z*juLX(VjD&^webYEQ@GULjT{`ZbP^nFH46c+TYf_3=PQ}lul_P)xMLw7|@p7R0llN6pYNe#yW3>u?S|t{T9eVv~btLHOZbWdoee=itDp0DzqjP zF-Dcyd2ZUqWGPU?6Bg8pTBMucMie5ct7rV#t|4?{?UZ4a(TJS$_`i!77$FL=0ErgJ zk#paEaTOCr*didV&Q&Gl8Q9ntsb<7 zh;eU=E|jNe=sA_PqNgz=+$REu#nuz42z{r?`b$nK2;eAVwfwssoemnH zCoV<05t-eix!VU46;dEoy;f!mA2yW@6xdSCx)NHfy0o*Sk!!xYSGM+wS(kGWcvF6U zdyok)YxJE}N!~7>@~_ltklMF0mR0|_r_lXADaM#L=Tb9+kkZ21P+}DXuY#X8tGfK% z+q*|RXNhLa_24{wOND*h@8ct>Y15=*u1oq1eA_UEyZ~&m<(*ZH{MOh$rX$Yg2O;I6H{ihpnTWGx~xk6bo3#3=kqE*fc z1QH*Rd;MV^KhX^eQZB-s_qI?eSKs_7k5j*wvv<<~#qjFfvB6A$)}Ihtj3$dK+ADgE zD8yis)}Lb^#L{9*Fv{gtwD*`OkbaELpZk)n8YGlwbKwaSoZQyfiMTIlqQtT6!&h`( zYjX8J>o_7<^K|q%NvxUG)*=%;HX=TgTBT!AnwvsTnSw;~$zJkkVstqxsJmXo9;KD~ z4*(DK>2wa$?Pg4gBG$SZ>gp2fIVaKZYgv7$@`O*>R|$?kLH7E5yy4s0fmnD9Q?K=2 z*v?w*%xOEbdH<)0LvJmW?;poc$`w9tm78L4m3hL{EBDUOl574!RZ+bH*H87q1IbZ& zYTt5Bys(XavM+^;w_qBc7A2pSOA_~z!;=C<*%h<_135!fqNjU~J`RZRm+R_gQ&PL| z_H*qB-e$6Y_d$x7gOOK_DPBC!%6~?ih}299Wjma1m@$;;_qTk0g0HUe5sa}on}1Jr zu$a+ddpLNw>Fdp*S=3u;xrFQk>BY0%#M@@9*m zUQn17kD5gpj};^KN{K3xS}+%;MnFPyN>qy$2CaUYW$hQ9w#+wQZDZ~8r{rC#$;G>g z6`luYLys4}{_)#f9)v!fO-Y_Vc}gP#8vC_)qRtDv%mcc7}XA>OfeCJdjqh&~uVWbhtq2MAaL8q%$Dw#qM0MhwGm@M5X4cT$u^y;tojh*V?r{#VA|55GasLU$R z%nlla@ZrjT7uf_tEaH5?>+-saPa#cMUFw0hRB$J!0U?0vRG{)xRJVepAeuVSOe|># zSw0J*>C8eQC#cbkresD7RoN<^YV&+yHr5BdBRw`QD=&fkNkcmjFA|dRcZGyR;UA#= ziU~7?nWEo~D#m6zHoyLLkC__Y0P^Sa0MhvzvS`ej31-3IP(4?93j!?IT1K;?7HE=b z=c$Vk5Ow%wWwXvV^_Y7C=>s)Gn+ES;zZ0(nROUf(jMDlvH?IHVVcB_|s)NoK%-`HN zHt;O@1k*=Qto?~4$-P-rad$m(;>7*HwCBps5H0`X(WdH}_V(xv0} zA1+sa&J;~1?{$xJOPzHHqSIoj?d5CGv2J(gq6)wW&A`YO1QtOv6fA*hNdV&15paeT zcCnN?)FzG_!VJRX$t#SK=Ltf>ERVG70*6>d5cV~eKs{VgDk31+?p%yMEQzU?;FfirX2Kx)3Jb#ar-I@H0)m*7?xE1{Q4)NNZg#wR z@caG~VMrFa=Xd(tO& zn=xwM9~ab~luPb%`u4#$vzG!eauyOXmjgX(&@BM=#$o1^<2VqqaNd&W^8>7ZjT5ap z#NFv+2#h!I9o(H(v{E$4-L?GmD#&o_6x_IvXZ9vh8D2$ng2YbxSNq;pkatic>@^e3 zB#UqZR*z+_Q@BxzZ0av&QOnyM!U08;GNAH!tSWvg6l}0nG&|Q}WZ0&DkZ|)QyGs^d zDDYjS=CZOMh&z+A7&{`eNL>r}BmB=L;ycf=x-L)(S4(%*fMu2cJ{X_97yyxDkjS}Q z=naNupC`aZZ`;<?IncP^ zl#T*8u+2R5Jiz5OHaoNXic6SNg4g+e2Kt7xNW>uJ2^wda6N_5Q*o0v_&WZX&($UK( z8aVYohIB~Mo_8p;U$n@|H64i7xx2@UL&mwBGl00urm!FUnT+EdpxE;cL{76RD{??G z6ji!hc9ncGW~)GBG0L=6Cl(ZI#ZU{&d z;EvjCW-Gl=SP~C)bQ*co@UWe&2-w!|-DzDGwL?;Qk=I#P=zvH`75HBF807zP|LWjn zZb#Yq;fzW&HAZGyVVSXnA%Y6H+wk8idl^y{2ZZc0T4u`|AXrcQY_RIm3S(@7ZuJKy znPEflKNvwkvbx)|U4(R7@0~e&5U}WB-)_+s2#U}qefE1!F@kEkN76XJSnbqQo0HSs znjdaz$SG*=1XCy2#kqC}l@z-i#d&r}Dk=lMyjVXvH*&f;B8(Rn3V-|$=Nh8`hr91a zj+kIB692y$CID&XuhkwLl05*{t4Ikz3d+F zrG)-vdgyeI8|PeNKA;EX4t&&ktP-ozo>%89_~YMm(`78n^G_wys5H`c5Cv@FdMu=L z8L+=LG@H!J?lpx~8-i5Z((Jj8yrwg%8kyF316UGmay%b-9MxH}kjY4ZcI&$zOY+(_OY zz{u&G7{~-%aBk^fcn0ZidKHjqHdJk#nzC^qGE)T5?b9aBfx>gb)jz_s*Fw>?Vd@`X zJF!&p!bb2w*H>dzJjDm3uN_khpSp8MUSlk`n?%|(G{3bv`9G5*7hjvJ(^j-hX~12V zd4%s>th+Y13xb*ROQKGjD0G0GmydlHZ4(7DmQ;k{JB$JVJ8#k^E&$GOu#NWO0u8bf z_)OPiUr%2$?qrJl+@0&S-mrTLgUWOIRhnR&t93OX^o_>fDyc?VdYLnxUF+K&ILm8R zEs)!p!<}S$?9Jl+_kP+kBRR}*S7Sa*>QqA@5@t-icemd_jg}O={DCr~xQcOqO#PH$ zNL(OyG49-!$OyMf(qD>_8BrW&^Od6?w=#Q19tk6z%-heUz${e4vsjJQ&ub!F?#vS! zZmA!|0@`fmky!aSgYP)xc`BvN^$E=)};|{TlBt#^)vr#z3Vi$5=tW~pvJT2-&Xrn7Jijpw~Ll=gT?%#ONJ;xC{ z!0})TQ3(~_J>&nP zc&!jb8NmCJFbSh(dr^K;{a}NdoUPFZq!Fz8quoVGy-#bkUP@&PGVQx-Uj0oR5Y`jX zz@F$mfQX-vJ2;=n2U1_Ji8sLJrK|L{e_AQIgGH~BURYip8T|pzL!SB9jW3ssi(w%` z&oL~_JZ3%Y8wt=xVC?Si0{OYn0+I!v_V=SfzOB^g=}L=Uq#km9@S`bWMIh3z4k^`wE<$lwJc%QS!pQRt|?_uTvc&6E4sBSR0ggqxg7P z{yw(T>D=R7hmgVLQ4N>`%613}@CMVc89jxuH?RxAfUSuiK1R1q8f93Gpkd(n#m5Fh z&GPUeH5D>pt8(&JRNKT!x(Eo;Y!HeEgSxVai5kikh(fz6!WoRiri>K2e^gE9cU0>n z&#T;mIC;SbYROAk+tClWB9g<8VL7srl=%PKQ^mRNpYJ>*9whR7@iK?H?GC6P?6xX- zC&GYv#ljz-1e5Ef{dTheJmyym-e4tf&9yFrX?Y;8+NRNKJRqWvXq+cH)42yu{t^ao zlXp?4SH67jtp*o`YxG50y&{-j_1TM}ByiErB>gzOey-7sQR0w4WqcY&+ONrHR6>`R zGTyyE&U^!eJ5FRkTT+nP#ruyR`OJQaui*aC4Uzj^3Hv;E23!QWt8-T$d2jU#xxKF% zM1RZed$zdZ$fAv>7j8VXc;j2SeeW7XpXBzweecrY1*=o`hKtUIi2!LX;lQ`I--jsR zUMou%7nLpjQd`~p7}N3_4zo5tK5D4-6{fe9pbKM~wvEgXIf$GbC-$V-aaLa7F#l|v zDs(BjjZ5EK2*5eJV?bLj-eG_5j#~v7ozS9qs6VgK4K3ILTB60>(de!{&z?{SsP#6t zh2}n0#s4K6@SqMJ&A_Z!a@7hQfmV=l5+{k}ZO7B%Fvn!)thFX8fWVcaPKl)#2e@M# zpii>#RBkRUjj33ThBa%H5D{G3|6cYS0|%0zLOH$ziG762k=T*Pk7w{GE;tMFmW;HT zH-U7bUfMg*ByG*Jm-bFo%$pX8($(bCKn3W%@8~iY|Qjq3RE-by-PzQ z6w=6;0(?K?j~dKC$b>tM?w9YMTp2J&f7@&IY6ZxY_c@gc;lH}*=lmd2(9N?CBh z$EkZNokl@i{oMe2=_w{Aa0W!Ov$l30e&3>nqsJ*bI$JWU<{1>A5Is(c-Fs8UcNkXu zRF@^&C>%2?rcZslzesS-bJVqwpfN-k84TJTg+!%+L%Z}!K#{s3^8M>rM$pu&uLafc zgF{YXzp(&?Se&&LQ!}0^pE+WgSsTKW=i6n7Iilhu(qvv2a-3Ijc-JAjo1PV=ykx7= zHO(>W-JnzZg^OV2r=$@f9q2g2_GVBrGxwwNv0B3(zlu%P4G0hb_YQq}dQwe_gsbj6 z!M}qHgY2oRUE=gPv`DRp^*t|GMdDpJu_r`m4ui7HrnIDH7_x^f-DR8_7I{DMEAJxx zwW8z_qRxzfGW+y&Z3{3D^eTHT<I}#1J_$se7coQGK0V92D!wb=Y;u&z*VOJE2sv ziME1%gg^A0RC0C|F3STivdhcLO2@t=Eg_U+5lqXY1aAJKj$e1NT45H*A3veA`y-*oEBcGKg*h!HYto{m?Pu#Ie}G`JASG1H^Yn3#zLWQB`)fZK?c; z34#j`SZs#49ZN7G`bPh;w{BHss*y^XvNy_PAHm~cQC7rrZz%C^yntLF?p`loHyy`k zkT*(@a1D%sSzmGb1&U{Ku^dhGFqEK9fcE&dR1n%3k_eFWyJNadiPt*nL6@iJ`TCcfx^Tl+zJ<1dB2560j_SOww*zaP`nQ-6}AYXja4yuuOER8xaoo$MN) zybPf_3+kxCEYP7$#y(^?ezk;Bcvy>c-L>y|)#3mE45siSQOY4c!YyxCw0-*@msMVV z>rrYKRtSzUtcLcUWr7pp5tyorXYh|8Nod-v??YPOJI{Ox|GZ+jy1c%e63b3i%)HG< zY$D(?eOS;}&1fO`%vuukEvWzU#U27aN<9*wB?uyQzyQIUuDk8uM_lr-e&Q*d0Gnl7 z@JGotJ0RzYZ*XLV^!8}3#|wEN3U9ZSlJsHB=||)-_nS9Bz*=~gU&-(a%X}Dp@@FPw z99X&73^s#HFrx0WNG56Hw#GS84zG_hLv;l zGo?-&*EsQ1aC^pq0M|shZT0ItdBUV5J!27{qP}Xh(=?w2iFP74K1i~QvO99x2 zG{usopB1Z&;cMZ2={}nhMYTIk(MPqq)H-nZb^1o7^zjG8Q^#Q*gPw$YG{s!OeF;eVrRBe3 zF3!b>f`c6zkv_go1_40KGBmle?tZ;X;WjebT4aU)DQs=f|^7?8GOeXiVP?Eo(Hj`L74 zML&ovB!4zGvL7=50GyONJ)>Jm1Td(QefYpMfv`#EOn&gA?fe{vO%Oa_m6H#=7P(lM zu4E|eNllHq%$%_Ij!9~c+X6+rscHF6vNGrc)8Wg=0PCF>v)NJV5ckoDgvzn?x0!R% z&5cq=c#oE3SeMdW_T)>H=Ki!ayO-id`+mw!bG=?XdKjea`pU7J@WeK}L_Sfs19Vfm z#}57ov3>hzzvWlT-%!A~_oJgK+qR%O;<8uzvWVq*AjIk#P%nqPFiIUrr7qewBu7HEaB=){}uLN(HHw$CTuZ+hCOilk&y7}smcR+`xFg8Ij4a+@9eA4 zo>v0y;_nKFwg{~P(hU@w#$M64s6hVUpB49Gh^NN zg1Gn0fL&v_+vl^Al=_5P$>=~adJlWAS2H$s=N5|-J%J546=A3SXStr~N%ubtFjZuG zi+h(>m=N#Ccnf)|pX5v*7yr#LVODANZ{WJxKz;)XXWVB_tM!$&xeb!u*h}HsyN4pN z^*!K>!(&5il0$eC@V1&u`x$MY-#t-*e$maP4X^^3H0m$+O0h;yykR#GFaf6LI;SZF z?+mZs3BmW7h+_r8Uxqhci{{Tga=67Ghx^;ESn9*Mc=BM1gO4^~Se>q|ymdYRxWC$V zEoi?;76^U$?Gu0{-Y*Kt-3krh1fGTV#vUOz#M8Smgx2wjZa1{y zo4p97!xAy*UO8YIR~zr7jZb&UAI$)Jv`R5?q7v{S>8`MoG_oc}xoh*Ws73ub#O*`4 zV&VyNIX}(I!|7g@KTiN@?TgA0V&wUKgi~d1uiIO27Hz`HC5N;T4YDw(HZJ0(c*N;F zgp~*lc7N@_REhBKgs~IVlTzydyft zdq6RW=VsWyOQ6`li+@2!<`p9q;KL@;}9Ue%3QV-0StnfSdtz9v4GlUnY`DPLprJsY$v`VxpTTa7!i@kp?2* zfy}Re7~2s#E1{{P!{=3eakc-o7NPKAWT~ryN3AqC8+BLiMjUtx$>OvGR(YM4r%5jr zB=Ilzd9F~fo8+W@F;(MX^*5O;_pO(mmYXSW$8M@f{QnEf69q!(g5CL~nQyB!wop>1?@& z(e?KlgE8V6aCKFYazf(enw42#OBwP|nf;gu?FK4ammPSf{cw|oNEQyI61Hv<3H`$`ENsjDGjncN{+0vuf z5P1*w@xzHI9Po(_{Pla23LOgIH3g0mlZhuFr09Y`pzYmCQU~f(1t6_ncZNJy6H_L| z9gu%|GnY*uRp98Z2`_&Xly}{!lIs~zJm(NT+NQ5b%0M&G!tF>6hAyob>>QJhlC}y$ zi9NeNFjG5U|4Ox3GG?upKa`$O2mJfZzk<8L*FzYRDv9hKc|bmL9cz#G_z3+03T~$# z%cXak%^q-;xZLzM#7)Tl?xyKPvyNYlI5q=1G0OX;%5^5Q}H}u+rFBKW-%mzGI2TM8iUGg zRlR+=qheaZDZuI!We4$8(oOwhgA0|7SF}H*!rEEHMAPN`;}496qT)vF6qzse|F$xI z^N{6K-xUk4Z}evjm8YOO3COdIP1~ZbLdSh zZH8kA%_X#s+p$yU-77ni{ObRyhSQQcUH3m)Eoyt$`1s3%My)JH9_2)ri~Y;#kNgDD ziL&r`9H+4P=Jh-pc?d*KR!Hp_{;Xb@AxUc`B;7 zfo!j7c6`|Aue(9pnj^cjfUBjvZ*xr*UYE&-e`VBv5QrsWN8ZuI3>6SPcN zinz%4dVSu?kMJh^j=LlcF{&*jX{_Z=fhr4w!7ps zCXYsq&#{jLR{8u?gUlT3SZ#&i5m&}v%g`96+EXo?laAZ52Uw7t^>Yh*0W>;a`Kp!n z%02WcQov}n^$cW6;oAh}3e>HDAT2uao4Q(J67NgEyTc^Z7bR3^&p2i7wC#jEuw34h zP}%ZE1<`Ir^GUThYenK4Aiof8NlBWcy2SWhkjDv>Z-2bAmUMt+XwjDh(I;_~{!mB2 z9*BH|HMgRxuZ^3G&3)}UGJrsVs7XPLOB=d%5g^WZitnUE8r)&ve$r6 zf%!RqVAcN7=iiO%!mFwFY1ag#1Slvt50vO*HRDRMiEC{_G+s zMyyE}6grk5cyt@7x?302LURL37%ue#0@0SsVO4_An+QeY1d&7wOQ8M}E!utjob`_N zFb{Fk?Xe-Y%wfEdq`rUS?Ndc0oOritfS4B1w?q>WxEVN84?JIWV1n7rZFiPzgPb`l z3zC%ge|c%UpYG}hKOBiCj%F5JPJ}iUmI4>f*9Qg~G$Wrw3h6^~^Hcnv6jpyt^Iqy-4oHIOdH8_Gasjs#4AI;K;x~&6I-bj>m`x0N z5zc8`=y$`suOSxQU<~jV+@MWhBHyby@ox|d+iUJ3lqB=;68nDG{Oyj+aF|CKzlSFX zp??+u`>e19wg@&Nb7QooZtv!%$DNVXR`FX9>L7sORWXa5Y6UsCQZgt`l%|Ih7%XoL zuORm$pm^~Ng!-ubzvYvPLti?wr=GbeihAP}SQlts`cYGGVWYPP3cy;`<$HCbvLZaD zEm)4)7Yn0W-r!Ns0DIbM zg8wlgMpOUga!l=2WTLs{`JQHtdox41mNG=1@tkMP4Lyqrf`lUHYBIBNTpDL}LlZOT zwln+6eF23;00@I`JZ1Jk81$@oSj$4HJTS7(OyWGlo7Re^x zJSjSpF5HTtR?|X={2L^oby(x)$xT@|DQlzLwv^XA`WT%|^3(X1*OH)&fJTj|sJK%C zYTVZw?VZrL8H#rYGEU&MACsNf_)DQF6soVf#;8>6;v+BtRuGYf$Ltrt6_p$3D`SiS_Zzed8kzU32Q_CY|(Qqhzv zcgAg3!*1uE#_X+#EHsndZbqGuU5sFUK8SecY_o)936vb@nzUGL{DqC&nFA7V*PgFn zxgBw>K6dwL`?5%8f@qhmKW0p{kajqAA(|1l{lmH5Oj+Fu<%)%RaabyDO+1tUxw~0W z)9GAT053U)+#z?(8Kfx=u!v~2hS#egIL?;PGu;A;C^W~}(xG^9d|V@y`DxSTKizxm zQDmFX7-@}B0n$$!cE@+ZiU|{>Muu0t9)Tz{X?E9TWCzOG)#DTD3cLDW;YWl&qRI=1 z%6epJX{jjZ@A*I@45_eKb*Y=x(%#0c-ATdTs#2?})USR|tfsX4OR{1$Jw)s+Q4|Ri zUcX-Z^uX4uk>Ia08dOs8Bf?jp?J}KdW|{TdkR@oCQ;p0xWpc2{n4fVgU|+PEKhRds zp8Y0}*Yv>I&g`xE5h{V;ZsyvVwihj+gL-Ysg6I>4slK>i7v zd2v>D+uEk9Bf$02TQPnbGt6|h&o2ScccBQH1V|x`Pa*vuFYZL~%Kx|NY#^$ZRSS%B z&iGRA%rlzj+Iy_iQVqx37I3G4Z`K>F7b&sMLii6Bt6^)Ff~(czRwK(F*@hT{#rljj z%fZzk=NfP%-0bQ8;7&`6WtKiCHbl`w_;os0;UEo7`h9+#8Vi7Zgu@%!j2-DFEdrE> zmXd=XH^zoF-Cx)@0rv?xsq;5EmNalmFSB;YFZr@~ZZVA_*6%l5e7%87Lu1jF8Z zi|{$l$&Ukif$$`->|}nbI2pjgsOl^;uUr44zEYfg@Ij-3JWywYNkY(=^&1Bh);+X~(! z+y9H>Z$R-X$Pp`VvjPvoHKQv3cW5SX0GTRiBqMoNJ}K1=pPjm)W6KVMTByPMT2}(! zex_}mp%a$0wXZLq)MoTF@^ojfrSimwiFy5_9 zIXLL%W&3Fe?mK{HrF2C!t}&OxD#TUSfZy-0xQZ*$+Oa5YxlVi0LbYZsE?|KzDp1BT zn${rFeL)1$dBbn8(U<3iY?Bq(qe07^lc2PoR532R`DWG*Z#F|hSt*zt`Sho~<7kF5I1Y3Dp< zkA37x2zmevezCxS3qcSE=XBu#ho)p4y8^VPC7ZLBU_=FPV1a!)pmR}>lwDTj$Q-6m1CUqfpxR|&wKzqCiIv}P z+D%iudhf07j@^4Emm`Kfd;wpu^eWD*m12s{UsR&i7->6v#z3~wC2P}4LN_cNm~)G{ z+-UT2o}%wlZ2@dBJN>ZkXCQQ#+lGb}Z=!Id5|R*X)jpq&%!f%)Y+c=V5zWRCvhO#7 zSAB&Ot!XLv0dq^y6wtfMVUswnKaCJNaWHg3Ljbz;hueJfU=kEl({SS^`F!SCyJ{$u zP5(-9M`dgBGox(dq~U&G4ba^WDD=Ssit)b1d4j%tqI>(U8vtE>4-flBU^3s?HN5o_ zk1jKu0J(PNb;3QvrX!~}25%4(T|NusE*HMVl-O};a+;3NE`#2u=lyCQq7#mV;oIK` zgHM&wF7Q9$dV65GnJ*(2&z8=>EcnwHz9t7D9bMIrjfi*Vfl)f|i@fVE1*wm&g}DPB zurce^m`3=+k;9rm@D=k@+ySZ$xPkxZ%&FEmd|AufY;t;*r2D}C*aK<~#524jhxdNf z2NmU}r;|B`r0xT2@xur-e$C>e&Fu$03EKpA>XEAFyj!fvDKF@61qqhV<*}3c9cVg8 z3^NN3K~wZ8X2W{rq7Jb6}_~ zYco!~-|4rFaqxT$Z;!bRVs5* zqZ)x6SZn=%>((&gQbGBpi@;(rqHwZ5TU%()-01&Ov3>=wZ^n47LmBK<65(SVMNp6E zjGCdp^ku^R8Vg% zBgz`mrq2_j>zvOfIqx|(_}rirtnP=aI?+C%gf!Yb{JR?)6Kz29MmnNM^q^9PZy52KS9=v@Y@ z#*Z4lQ(>doaZi9X3AbfO!i9>vUUY@zAKN7UDzQArVj^+zkss4^rVC{aNiIz)cD!-g zepI^E5)!x=PNO$KenzKbSiiy3&={9^PUbW~10Vjy>EBN;A4xp@i}1Af2p98>Biz!k zr-ZP_0kNgs6=Bx~!y0dqcl$~=cI&^m~Q<4ngJO$#6L(hT-z467-NWhi- zT`D=03aHY&@81%JnUC!^9E2&-p;o!&sJ_+g4|k4a-$rBWo_g0n36>euurvfcs%yOv zU!a-kaZMEbvDopwZsOPSjX2)G%T&+MlI!i~JFkeXpBYxNcED|NT z?7c`90umMS0_vSV`|nCTwF+?xrysY7A=G!Wp4JL1CL%kh%9vu- z)bj1UZQ9%aaa!W2efC(w5Y3Ypy~8giI{HQ6M}Gk7bpo*HuVO?;wbFxIa`@X_AJNW) z2t&KK{UlwK&JxW|&AFsKL}-k9=4L)epmJP*0)aliuO`|~-_fu@WZ8-#1I+xU<~IgP z;3nO-IoFbx`wSg&|FfM*A(B`zp>ISbL;UBNIABFV$4wuV$yiBwTaa|H&KY(%*gw>E5(| zv);pEKOWX=J$J)7c3o4a(hN-ByS(BdbBc<1`uBSZjf2lBwUNojmKa;w-pbt94rrq# zg4r_XbdITeHB_xHvg(zQ%pUnaGMgI^&Bn-@ReS!!Tmm56!fEx4MBn6m{l|}5ibpcd z?+@Het$phkkmN+8ROp{S=jRr6mA3<;Zh8Yx>W>c_Pdxa?!r5nwpSQI^h(Em%%m|i6 zktM+(&;0Gf3M&aBFkip%OnPBB(|f2<2BOMBL4M(lx0O~BB*Q$zvXZo-OeUlD1cw?G z!y4>hNKA=y<0#f3_s(POFx0!J-LA&n9y(U4$~ zI6=1|ZeZc5n%H&z$3p}_cw8Ep;6x<0t&QZO{rwL9p!ADy*pu?%7k52Q*S^Nk5}7zt z2_D#zmc|3@BC-71$?HQY`<8S0V?MCc(zvLH=~HBiw|$Khn!mhI1hxN`!!AR4eo9+y zV2Wa0rDz@NN~|EY8L~Fd>sP;Df}GbP$(Tsw}mp3o8^ly zye|xVCZ$n?;GKB5u%92P@8xJ2(KCF`pIogxcusSPMfaxI1~SQ_3i-o9Tp zo?0mVJTi5^S_<9{k-SUfQZvJ+hjovvJe5tTlubT5HBS>#qvNK+9Jc=_gxfxx=ZS+7 zwJf($9F+SU2vSN*ty(rYV5)q2UQScwqOV zIV%w&)%i?FotHIiw6g83-_B3k5jzIJ{LoG+z{5YPX2L6dRwVNf`h&oaG!4V6i5XrufXounsj z;P*g2Y}KCXs~RmKNl4muG%YE(s;V-|m6s;67bY~*NwuJ@t1jgv zu!VoudyjtCsJXf4k@x>bkG}sK(M4|>-NyXesM^{8oBjU=w=uwHmm)#_Z8Msopd`v(xHPeXOG1I5+h%x zP2>lpX4c|fG(g@(Iz2>h?nAlkj*JFD+E@Erh_kosEbn(Y#|u#TI8W>52|mu~K!A1P zz68N!n91w?GGRTeiu(iHu>n5|u2h@{z#mHn$8fx#=H$4&G&+tp6cQ3RTTJF9w1ZoT z#&S7Z5l=NgchuWn3AxEL%62yE{7N~XBuk>=Bo{b|2&)CXRnz!SW1WZtKRDC^SYh!T zhsKCOF8`N(9S3uVZo0IHqO_DwKDUeviX%67&)WjuB>+Uvjh zzBk#LY>l}m5T71fn`0)g%9L3N+oF*{goh7BK3fgSB*6hJR>3~kjkUk#Ms(T$!GrR> zk@m+u05jj%nMcm(+Cqq_GW)!D1s9*n-1vj5dc@4qGFBboBQ%+7@(J}=1PdoNxa4)& z7znQy>Ck&#k#IO%{ROUpSZ}>$iP-~}+^0ahT(f~Y|9jcO#}0N1e?5k~(i%kOH#De) z&!If?f4(Emtai^mO`+uoF|IJHcVn5WIsCMlVqT#%2#N}a{c}o)iO`)%K&ZLsm+T~y zvdhBCm(^O61M_^Nu}xGUVxC+3utGEPqYJ8o?9j&FNdINnzrsp<@Pg<7LA{KBQv;Y2 zneD8)Fu(1t*97ac-L~jwx=vxY#B*{$&FsM0z9ZWCvAXXH*ukZ&#J8IEp$>HF9Kf(t zH0Q?PKNli$8s9`W#yFX8u~k!?rd&`om%ERG8)kZW*8=ZaihU>tHDg7Fwh!p~SnZ>> z;zxuqCuvVP(Y*(jo1?#@ZLZ0YrQ*N@5QmMOAx#N}4i_*djwAb9GI?L=WhJ;Vx|-Xk zRqRVDu4wPF(h$JHR;Sekgkh$Yy@@jimBhiYhgoH{HMJ_V`xBGE1lC=s0LRvrUb4U^oz8yJ1*xq)u|sd)xN)x||YQU3&4-oJljW)R*CSC@=U z*Jc;73u=rR3m{c%(u9WG7@L^qR&r()jhQ+J!E+g5>B_iTD*WHSz9HUU99XHd_2Rbf zy)J1)fkp_25jtrw4GxYi56)%q00b+8WT3vabE92><;`m6WW7S6J&$}%Vl%g z#!n_(DW3>n(8T)a#Mwq!AdX*+!Ll;8?E7IH+`Z$ZSOR!Iq)R>u%`6>C?>Rn%fPnk( zEnM=gi3|lSD_DjL>nAvc^%^@AUw);Ux~DM(2$ob_C}*Duh$+&xqLO$_`y_6Rv1Etl z)Pck);KFbGaXIxReK;QmDN(v@@1!l#HW)jMfjB5TqvhMo9d@I2xfD=TPEhxzPTVL+PnU_K(;hgm%Y@E9^idm{ZmULWWT= zvK@!wQA0!3=AjHBWWg3~O|ik(9X4{o_LysN{kEAA|LOz53#M-1LBy)gaj{?ckJOiub4>1@UP8HN4REW*l*C$KY$?@Wyqf8Or9UvW7QQ!{ee*t%jje`Nr z@{{R=bH(BOHEghuV>RJzztGf#fHGt}U_Xx@jeY~9y5aMGQzaYAzk*N^Jhv$cxv(9J zBsQ?~M%ft9>s1=`u2&=+3D%`5+|T{K778 zZ=V`e$%v|w`TTW2_QZr73q_Uhw);i;@S2p@(+&dfFeO(+-5M3X&aYzH)c5yJ`C}T2 zTVw{CGZugUKzJWY#*RdR=v~8`g3+Im5&?xXk?h9WV;4lTgHUF#UD3%7LL#|D^f3@# zN6}FoWD*(9Dq-Um8%0nE*J(l3m&maSSPq-kV;E|;N+9;fz?y~5bk2vt@$H`%y(tiH z52yr0gQN5zSj849XBY!`TrMB5wvS8=5DgZ9077l7eT(GO)Eil4<&_+Z0b5@71P02% z15kD5rkWL-)3Trrju6F32XZ;vdKx!;yK45z$6pYsUqpYwlgh~ z7Bq=$f-l5P5FqE1UK8_LX$5)tUSBQCY3H5zETC*b9`t8{c6)djsg99JcRaqefLDX& z-%)>bqZ!R}xe-BOPgyfNmn;Dhz>CB$=RjS30Z+BPHdoiGRMK3XzQen`mr= zEyy=+EY2*f46_$D5jChwI1K~{8q5`(mP|DgiPU|q|Azni7-3AlX}U3`_>yUc+gM%M*{Qy)4!lc_cy>*70{F+mzQLFw*Suq3 z_GCgH5*FrL!dsOvz(9@0ixKKL(;``f1c@5-2u_0p#5L$EVwx0tsCSwa%<-op`X3~x z(TTWDqeE6=l*1ue66z@PYrm!Vpfq$C5LX(@5U08ypkIR8();kOo>CSZ_$^316$&HY zcR~~SH8lVM=TEl@EI|~>65Gw?d9VcOZPK1>CL6iZ|pH zZJqhiOC-zzqpQvLx00xxBe>f&3Ny<(>rr2J>c{{FdB%+;8HH70R`pn-8gm(@`3<2V zUBPKYQfD3sz4FxoHWef@nkdE&6(#Pz#bTFKNs&s$>!*!r7$n02!|8r|PiH5mb{tWIzJ%4F0D=a66{itp zI-O+7nMbL`CL`Ki24hD?0Jrv%O2w8?`=q04ShtP_AYe#pIhbzrr}&O(h?OJH#3-O` zRqQ!}T#%HRdG^wpixv->jUm9<#>HTfXfkJamVY+^H_UVi>;*FSPQ;J}JsnHe?iVxR z1=xKtf*1hD2Z!PW%ju#>q*_=A5V>h0n;9sD0=Lr6!D(7n7fc#>>WPo?ffeEx?zi~* zgX%Jff(G7lxX@mlTiAS;Sf#M8L>6u0#pxF<$u{()%NQtzd(=cNF-bfhnH9mvssK<2 z!C^R{M$r^7mLzX5y)?V1R2*# zpa@FxoPQ=W&gDIGnSDwbm2;o37>}2a1O946PH3HtiDc?$D4+(OHd8HBOV%c2HpQYw zO~pCnaYl87%+G5fw7d?JXrRB5HTM9JKYj#mQ&{EW642^;3%#Yenm(1hCg8d&IS=g4+-ujIq20|T$7M`$ zrW1`h@n_}jSIABi zstz8=F-jjl{V6>8W4nMgWLJsl*m98f!fvb0RGqhQ>|Pt~TvDgJDWXhYvfl>sty6 zbrv>Z*^#cpWy7%>JPLSbL7EMl)>98JRGVMCAQLN`c_JX%5$v^5vh-V!@-!=0P??n8 zX+sIkV#Jy9&;8JGq*HU{nEQ&ZovAxtf4Se><$+`3SGUZv#XtAGO(knRev;hI{|YgKHCd5qXxg_FvGb z>Eg?@0C|>vUpB68!awB9Td1sA;c{1USeD&cnIG@^N+(c9@VpHVLU`_wb>)S7r@R#o zjf>B4r>GJMwP3EY0vNCQX@0IuC<$&@VYy{NeMGlWsm|+TMr=c12Z9Dys$P9=?U=NX zu>wxEV^kjq6Q!4H?d&Vg*Ra`j@LamB=Bf=SP3<$7PDqmY-C6@?G2($QUZ;gu$`tt4 zH6q=mZG$$TuV6^Zv`mc6?!_DT;Ll6KX=9;>R=}E8MjKVsGAiaUI4sAPANG&1R<*tS z5&tVWH1c4vEWzcghWb6?(256t%-qOd_SWy>6UhJeJ@}VMSbeyqi66|l+B;8n*>$+N zXrf{-b&LuxN<=S*J(O4L-y-t>{AFFN!jxdfiH}iu2X?T#7Tu!)UPtoI7S!{D?scM06Kq_v1c8xUR^`mb~WH{F;`$0lX zIBiZTcPwwG*xaqlV!Lp1Pd7(-N!<1|dbLu3xvDQ^qD9$UFs**lw6V}Ybhg2Ku=DR7 zKd!y~cvpP+xY>sV!J4Z*Z^*7Ej}&{_C2V)3YV>Pc6u;Dr>DsjJVflyPHSr0=n z$+;FOV^=Xo%%Ds+&-kA8Dm6shDxOyq&--m%3%xcG;=LWTw>tR1^!5a!BA4Y;tp`$q z{vzzI8$~`|7w=qp-8pX2bzr?{Yba^{nKtIcT;BQ7u7{lN{fe=_U@m3Og#bgzI zLQ^pOiGL?r$_KQ%QmGFm*-eMJ|3;)y0D&i%!zKO;xii*lzEFAV(ce5?w-YQ+uD8b> zJ{t#1!g#7+wDO;sh%_o7@I~`@qUGKHG8^TkdIB3fKNESxtcHI?8Pd!HqlUS*^2O8gTYpZrA@Vv&4? z^U!PDteQN*J*R2}1jeS$j&;O=eIkG`JeD&y!RX{fGrtJe+&Pp(tSvY z65I}PA~_t-6XCsq3rMVIB)#lPAMjgt?E6X6Dmf596%4 z^JrCd(A9b;Bqh(P2@(R+12>ex4P+F02R{ql!I2ahe=8u6mfm(PBaoK$xt0(}OCWc^ zG7@p=uyZMaxU}E7gg{*4Epsi@^k!_|_FTuWv%Xhk|Fc$prFr0clE2EYFb|xcx`7FI zC~waplMxBP1Sw=j9LR)uvZRk?{;J%5a{u2Edf}FHilNflV@DCbhVN9R7D`?R9+lRf zrR2@FH_Ah)(k6Ri0muJR;C`&4x@gSqk=?KfcN95-=sC^twz;=>@2@82r{_I|)0XYJ zUn)r7fBd~PxE;B2KHX31V6`zaO4R*?G-J}`On{AkvU zdABBq4K^&ou{Ov@eDx94^FO}*Fn7B zhy%1zKDT@`z3Z?_-+TOEcH6bMeK==ev%UQoD4l^*-6jP5kMrL~?1%UiuWO@SO!MS} zbU!>)^0!^j$+0c{K*Il$wD=9Znuu7c%jXK_TB4<`Tp2*Nw;zKG|Mss4@B;qD`m4KE z_q;ZO(R?pR`zu=4rA0a_E{g?bIalQ#9?qvZK-dro{dU*~i43=tU+~e23QyJlA?r?V zzH$O&Ts)=FS0(5Jsbxo>U%LcE*ONOG&(B|QvLck(oW1pYI5C3jn03<0j!=5Jd;0`P zoy`5k=v%E@0`c^zrwQ)QM@N&~5@N4i`wH~hP14-^>NbZ#>ThD^$>KTh({i4+pUF@&wS9m|A%#NK(`a<402QqZrWC2{mQ8xRF- zFi`!K*S=O&^!Vqo?rA50YXX!=A%I6#i=^b;<{%Y@r_B>#x%7@T82Is2~>5!h;wdgR&JTmQzx4BzNp0qsfG5p>=^a65_l=H5I_(J;6Y z5_CumfQd|x&jICK3#++T0W~&VFi{w}SPDb+Yk)%M{n|QLezj$4%U%1nh8+toj>5J- z80lP)F_Cj-nhtHxn(f+Hh$}Q)%_pKBZd)mHzJQg&T$;Du{HX(qxTnC_hnHoBIaNMK z%gq9nud!ox+*N`G5;uZPPxtGt}*4=Xo5gJk~(RG6n`Z%vQmI( zfR&c!?N)AqgVG#?r5=4-D03_SV4dyfI>H&ut7|+*+0(VgLncZNc(euZi@p&JM74+J z?PC5FM{rh5WOM`(0?ss=*0HRJ>FiR(aI_t7es~F;CU=Qt`Q_(m5Qw>)(j@-qm>?R7 zDxk7X={d}JpmUmBlAUQUQ4d@{WqONWDa@pKYbw>6;3b4f)*i5dC2(8+~7fu2#?v~Fkmv$hNI z5zSj`KHE#21$CrlNedMH7g#Rmrr&};FlW67z%!ABT+tt07}TccZ^i<{r`b}{8Dx=K5#Gj+zY>I zi=JdiV^Fx|}yzSpniSqSM zqU>J$UPk0+CFkfGSnA0l)o#Ng6wzI8hCKLuii|6NadEQ*zTqP!8s#+IxNl@SG`o_P z7;aI>s6fOv>~OGsSl^pQ z2|k|$cjXTb63-g+Tk7Tb?*C<45Mo1MSq_1WnK>FtJ|6&gnbqK; zU}5Us%+Fh@Ey^NGZ@LYAc34;vDD=;urXXzF5#?ZDy8z<>clb8{7t8#kG&~1j*wO6( zFgjcs0x)2*@X#^e{dXs1Yu&5Q{_h8xrcIqT;PRGNnvM@}Nz%jrNch=kP8`MAKt*{L zK*H1*jZGpM7F$27#5q~MtgZiR)LCz~wKhUpppnA!G3bVe&#kmjM{{M|BKC!Yec7|l z`&9sK%qlDK)-=EohuQ?Z%u46Ux5xnj4*QAxze1;UG*3$JC};DM)GV8^4Xot#Y2|9n5uvkXE@Ehg`Ybrp{F zpWrE|Q&@+tB!;K1&B($!Eouno&^@9opagd5k$py7DXeAo8C~~RcWE4`m(25X$gz81 z&J=5;_S}%pPlxCa$y9%qu|sXJulLJ3s7T7s;yj{OMr1pR zL}X@%v7XiB@DZFv{*;;RGnMDQJJyDWp2=={cI?B2UR(}1J$2*IyL^|Noz*HE1@B2H zxmL|{GT&}*7xWhHEY1Z*Mt3mGk9BU-TdWMn>X`?rQ>sUz&VYY5f4iD@J@d=_I)cMj z+w#xfX69YTYJBn_F0~=bRk;;<)BIUcAvX7+{7CFPDN_Dm$=>hMBA<1*rLC*XeX>qe zaCGD$@-ES@&rjj#N4^f2-|29VnV4>P&i+Cb3!S#E?&C`;My&5NJhI?#3y9b&Q)pkF9VS^?FW?oDl z`>RH`{kP+o4*htIX;Mz7h>Mp^y@p=sI7s{b@o%HHP2$C7MJDg3b8SnuKX)B`RNfYB zWbTHEVG%iXXb>(Q8kovy{f`+#)_#z5#quDJdPnCJxrGU?k|D707HEcFrhfJyG-XzX ze){Tvnh+kNm^}SYjeZF+&z^^^2g>#U`1HCyT=z^yzt3rwC07<|X@sr=nQZ#jK$UfV z-vd3ZPkBWQ_Z&dnJ(=Eqtg^qA1#)KN!s2JI0Gi^PtDk+PhLCbD#;wjPL(YniRl z1vLL?J!SI&X?j}6Sw@gu-?Dzho?OWXI3^Sxk)HgQIHol`n!I5}97#0>GFspg$3(y* z((|nWhs*&0n;bYAHXj=7{BlDgmbLcmWkK8+tuqL6|`CM1x+CC;C`W_I>=_wto7!@e}{|x1{K)0qR#2dE^$7 zZUx!U=)cC9?}-1@$1k5xTQ`9E$xq0?EnNiHcF3Q9`{Gx4l3Toz%g3hueEcrPL*?aj z>%3jx+~hj|w=7fpdjL=Yw&DRTRoJ}LT6yW^csZqe7FC`U`8`Iby^qiHnez>s{H380 z3UDJ+l}F)S9XByintS;Ct~wyzmSeR>ZD%rGNdhyl1{To34sZJs7jTVTDEm>kSci2I zI+#1))$c0{&OKGwSWhv419aeH<&NLuKOTmC-2HBc3!o5Eu+r7GMc>pkpbl7aoGzej~S;Zw)4CAekxv2k1nZ z{-R|SfCKb`^46d9qO!nwBM)XvTr%a+1fIGGkCCsQOlHT-2;pe&ohdnBsy;jQgRb8}Pxh_uUD zoX4;Ac;lVRu(vCpyr_I3@p-{CB=5#M6LW#r_%Q<mDX8v6Mb>krJXfG za9cMwTPuMXv5~EF%_NJIqxv}!(m;xPtTR|z3}MAnQ}#~_gS0I%TQUh<>RtIfq*_$i znT7QT=YZPE8spV?p97^=MF_bqZ4%ZRAx1H_u6mz@C9<5>fE6wh&x~GSO-FJU^_W{t z6k^mPHr8uHt!BN66-d`nCD}M$ea0-vLRe?wt4)_#XT>Au86PcH0v00PC6l0^~Yq~4S zL}FP|*>cp25!^pH5jijm78G00jE*yJvngeM6r*wD(q{i}p<%-CRWI}IC-r^!E-KYi zxeA-TJ~LBmb&dtcWyQ@YJ@)jN*+Pm{tYyaB&wtJCfgE?PHK*+USx}v4dmBqOpLbbH zs6<4&bGN$@C+c+0a1kYH1e;lStgYKf5@h+9SGch(X38~NXU?8vEfss5+H9$z2IgVb ztxd%2=$?x=NoK-pt%H;P!J(1+@wa*qaVww=K0;;IT|LZW?36FPcbx25)yHn7S3i1y z#DbajW~Xu&huCF#f_&9JH|v0GE%2xwR<4^)g(f>LT$w73-O|vwmsP8oWq#r%jptqC zw7d6 zIu5l``5x1XtU4kS*{BXZ6pU1S)o?>+1n^CjeBvJFN^ zTy;d!F}%V@3~bJsWQ9MQ4vJ`~$w)2Xh>7AP*BWkIB4v7stR&9~G3CIO zgTs=ziLm$*vfcRp_(9y;=dx*Po`O`NTq$LSk3)#gal9I-(XWI7O;TvjV5hQ~je+&L zJ*Y#&=?z=I0hkxwFTu*?dZxoAqZIMIT^*qkX^fU667971HwmJ~+zGU=Pf&fyBHI(L>Su_swDnZqC^X-!U-zKV_5UB}D+&?6)-DTs9jGQ*wQ9eqQVS zqpPW1aUyXD*Ufzma1cQfl(%&!+bRk8X<`AYRmRsYUE-eF!K#hGJn0y^+yG-Px82@~ zb0E;yzARM8_W1sR@cBONlZwrd1lu=@Ar(Np!gVr7gt^;bZJqm#uY|~)&F_P-t&!v0 z!@VV`Xx&?(hzJiy(H`&JDmJyx(L21?ga0~thRDi`VyA4Xc>GwbV3XkMwT|)Sbw*fQ35mI|Sz{E3T81=J9Wn0VT6Sks z8|N$6A-j2b^(oP&6T|wH)TG%`>CjB}L>Q%hu3VQxidD8wpe=&>WIxB+@3EA;qnlQ= zV&h9TtfUDzK!6gL?`|>^uvo*(HP^a-TcV4(LQuXow7h)l1J>?tV`DS*ulJFsm&B@r zf6YUp-2GOx)ktz=y!^33kUEUx(Wv`ZOA4z1Sw}iuXe=Ec$((B^%Nq*@wAGXk5f}&+ z@5o2nEQ7;VeA!wtH&OxF`400gPErFMo&K~W+-0rvMixGj8A`Qbk)&LCnvh3A{22Lh zuAdND;Jins@gnes)0^4adbi4N!@FH;)_|5XM+=u&85ztBH(!XnQK9hW>j+Lf4V2HK z!bBPpmDvOOL4YnH1L-sp;+de+l&znkWJ!=8#Y1-tL8)xqQ7ZT_(Nd0D@7p4<7eih8 zqiL*YtNI0V|Ls8c(h$1C3}IipG!nb9OQX=Hcxg23oG*<*Rph1OD5&kq2w~uQaq3a$kC6pXZjeVuzvfGnC^k!MGsus{%-9o2 zgqA#7=_jd5mDx0sXz3e4`Z3-|v3X02$iyaN$r&B>OtzF4(j|5FJas`^o~5mcv&BP? zYsk35Ml)4jC+^%z1MscDiQ<}4x0E~*EY7D^tQ*Q0ov~R>3UL47#v3yU{wftV9D zP$L>6D9#ll5xE{ovJ(7ZT}dfQxs4l1bJJsgd6JB>$|nk-I>{b{SCu6o?_PrCXt_$&iH7wKMx8fmPFrkcsrTno4JupOMrQWmdblO2&< zd2%8NV+tWZGXD#}k)cwwKzCGW6e$j)FuDwxe336(j$BIOQKnpJd<6;>DOO^pQe{jO zpu#LFRHmfbLRG0$tD(DaYSO9Kppi)%Mww$SwdGMSMN;{iEYNJBMHX9Psb&1tAx?ML zN?w-;$x3gGoAB18TvKMub(CjjJH|A2xuDVOj$3P;^-`otlP*K1lTJD9%+;4ATaH|3 z<;lMaq!uy3CB;gh=}I_IJ4uzxuE?}6vpV$}G-}eUMXNSK?K)gq9_euC6>!UdK|^jE zcE?@!-1oqUQOC<1q}Yt$1vOXTc3k_91ei6~Cew(N9!s;>vb(RebQWqDCn zbkf4&XV&t{>e~9o=GOKOk*KVwnr@g<8&%w;YC2bGeH_^wE{`t|iU0<214AQYlR^Pz z<`$ODUAS~5^&Zlldk-ExdDeOn2!|X(I5e%&yCLm)W}ZBC`b<`K4$eE}TtQ)x%j?hq zE{VK6N~&vW5nhKJa>$`{yh`mIon75mdwTo&uU)@!)8IuC-Y$Gy=(?_^`{h+N-7qcN zaXnwseN%}bjN&BC@}jH=TsLjk%eruN&0^~QjIbZ)bwBU-Gc^Ec7+84l5g9Zi@EfK{@+LoPePxbX+I2uo;vn(&lYJOpHX?bOJZGB^NYkP-CR8~|?H%!ZR zT+a`}2pICg(DaQaQw$i)@04?MR;U3mFgRc!!Q}i#3()%|26*iggbOzwy!i0PBlzw9 zeW5QvW{%8lq$eK9uEkW$5B@#MeanRRTOs{B#QHs<{dZ9vpOumdMI8z}xie2yIiNqA zOC#wgfKC6^Lc>0ZHjexJS6*K5qk8+Qmxyg&jz!5fE)?zh!a8B-vE%bdWmlAfc6LwnGrFO1y zos3;_KfZJ&jc&amYuj@<=tu4}ZclEmg9m}7Do~-kLSaEiY1>9ZQ!x<~SI0W;DvqNv z(?ZL}9d6rnA4)$Sq&XMkCLXPn%8}Mk-n9A0XbUQOVWE|_<#GkCxynO4&x>${YX!Q- z5CQ-b0K#omYjxoc_s~O+`|waT;t5YxlQrQ5FI5Xhgw+TbM!e&_YR5ML`+?>A2#b$q$8KaTbuAlYBpOoL1D z%=qEcle!bBt9`>A)|}GGl(59#MH_ORT-_8*My0mBHzOBz>Q?&GX-+C*<*^C5YzdxY zcoUmrvER_8p=H|I{5bjh9`yRGkxqXh#Xdce^mQ+;Z6{3EJ&fInJ(jJjd8nf>UOZ~n z$Lh}eKNlHni;@^7bBQ_lh&Fo&5Rpn}i%1w3=@K(8q|(N5vt>k>FfNofPPRgXaUqp9 zj+?C#kxFN405PGA3#qhm+-#jNp+YKc95>qlh%li{NH^OANT|ta0VI@hk!%YUQkk3% z6P|E-A=s_09}0jlp^OWuv~k?*8^Q+xK!gcpTu2q5)o)Mh03ZK?>G!XHzCAew@t7B= z@4supchu!&HyR1)lQD_nixkPRM;EzgFGtE?`ck?d<6zMG_03olh}S)Tzy9a{;=k#@8l$nk)`H`bc zswOR^e&%<)d2x-<7J044|R$;JIBmR10Qs0xZ7v(G-{&NvHK}6H|@{y1n z$2wa5_+@RrCFFgmf*r7<*KZ*GHXNoS18omUbIGvruY13%WkKaQ?x}u4E3SW>qg^C- zJfy7R(h=Z>DdRK4#{(D_AWY>62yb`*Ktz@TP&qSo!3ObCKs+hNh575gEcS1Ie);SB z*FT@X`<5-hhOeFe&(u!q5SXb577~j$BiSnLW;*~;wg(`>gfgzAHjbO^ zB}^#eLMm+>H`@h>Frh-4br3vNAN|2wKoDU<85dG%3YzMa)3>)lEd_!CUkH#>uT)WRs^0}q)f{?q8)}$)LkR6mDbo9L_1e%*K zm~SLcWUbOYkxabG`xN_==U2mk>iROi>YI_tQ+H{LwA`-wxQzR>w{h&tJVkxR$y4+H znfKmXPpJjF{l5ynEl(eE)Fb0EFm@S~Xd_mf^Mb^1QlJOjtGR3p!Q8qLCA|({j4@a+ z#$eHmjqcH4OwEO4!9}v_vR51RnG5X&VAi#Km@ho*t6S3nYR7 zun8@J_F5nSVBo+!Lrd>(6L63n3Q3T{q+OOanSEg}IEj%K=#_5&McqQnZ}FD|vG~Q1 z7(pz8ugv_)ES$5t#>#2}6}V3Ucw1((WaZWv&^mg&Y?H6%V`WuWQn+-F%X~PD|GaDt zsBy^!9Mto^ixhGSWkn|5#}?bFlc19}NMRvcI?lkV*gbDSr;%i{AW7SMgc)#{|93+i zr^H8KTZ_H6>j6^xKvWoV(~wX(;MJy|#{XeEsl3}}vZgCyaqw8{5UV?&x+!4^+1eiv zwt?Wv&K-1j++jozVqocLT$${@4Szsx{?}^t|2Z*ldzUm6YlxP_Ba#08vzgO5bPjwE z*;{lD5p7}-npv~i!)6aL+gr>$iH0mzBD83hpqZ9ViF4R!Lh(0`KwxCze67v(R^>+&R>%rdA#~w? zQ>pI@h8sGRP#g{kB2sv2-?SUqxN?$&q0E&yRr`JWYknC(hy2FV*k&M7!}jBz`v1eF z4^DIKR#mnb5CR{Q$|iFi{+PoF%2JB$PSO;P<+iop`O|~o4(2g zlUah9`^F8ZM6-O}m6=Y0!!$V_XXYX!eF1Q2j7xnC8i>Tf1>cO1n}9&md42&|^bG?f z@7ri82r@_=;C6zdPe5`}uOIi{chu*KP?<>E-Q+1AQOL53DVSStjS87jC${njyJ!>Z*pgy_rRxvplNMw?QR`xoph_) zywaOI>H|LS%f9AYLm%%^NvLE=E~fer}K4n`|uYaJP31FZ>xy#yIexLlaM45iEidg z@`uYjeyAjR{HQbspA;hi3vl}lViAN+)d<+7CaVA3pOfm6w5G1;@-FJ!mZy>*^nC#c z-f)M*b*@fR3j`ZrDJ+D);CBGa@qG6KE~*wq)kumIU8|4$;|7pIrfQ&}V^4PO`JM_q z$x3vh%5tQT{o_k<1!OgRH1M!H+(8Fg1PF?tum*jrHPds`2LTQTxF6tUfRB9+y?MI> z;wx$Ob_o!ik0%CucPsc~JKVDyR)js_Y_MEIGQxtOs&6S$>IPP1O>h1y_f=RwSyI2` zlCpi(Kv7SDZV}q7k*`vf)n-eTBh3=&GAuMtvt(;kYgMC{sf21RQ)m6fl_XM>1kpOI zE4`Hz<=1lYttzE1jb!8{DyT zvFQ3UW0Bu2&zv>cu)bNk?h+fwmJQjnF$Z=AZ!{;i2W@}I#&YgZ=njTj(vq7D(~)o; z4%=C@PNQ@Tp);tRRHRr*=g>QkQK$>tn&Qz#?p?y{GS9AH^%r(mc`c=VA^MwNH~4gy zpkR6r1@u^8kBECBs2Q@RNqb7N%w_eQqG#lNVC)@z|4{Xwp|^tjS4f|P^-Wa&^;c{^ z#rH#;((d5*hOTW{vN~(-^Oqz`sx%pLB+GO%Ja+-Rsx{hf-601{538-G9q#4W8_);n z(ihw>7UJ&V>E(?=r(o`GRV~>NRSL z*tNtGsZ6e2%h0(Ceb#)xglmxLfxgCXS{( zd-Z<7-?>lUe*IPCaVPrZ^W|T`WnHE(zWV0BGhL4VeZQ1T-ASh&cHw^bdAXP8m){q0 zk^X43(pr03^a*Dkb@xVlH-;+IqDwe%3mm!+1?+r^9)TFMa1-aFM-^;B~&T zIqFDW`zyMHOT6MMne%SB>9#xW`rAD&bG@WX-urzRbg+Hgr>nfG!T0&9_hn!EA)=2$ z`z*Zw#gr@WQ8S+k6)8U7N|Y+I+zQ#pE%OmN!DP(=K{+Q9fY&T%W_Z>-q^O5-o5mAdUA>{LDT)uxuY6B@ zGjyU}Q!Y+G6K{MK=GT%dHytOncQr1;5PT9s2sfVDhk&kXAm&F43n9Yc_78$T_SEoy zx15@|Wm6m~98%*j;N3RSL|bW!{vM(hHu+^4Qe7r=;u1<-!8YAXn5k)Xx=Kg=ugJg?UI@t zo2Zs1DJO$5B_h4`n;L-(?sN!?3|i{2q6OAOcH|d&C$vDV@HRV*{ z@^Vi1Cumuy2DP$A>rJd!usM&eJ&c% zTAE{qapk+z9nbWs;rv8Q5RT08!WE6}vaD@ak_>FE<$>QH4Hy$UrK25#P{clKZHhCr z1BPg+xSGr9DoV;EiOk4?8^0CWP^D!)JI(!Vwo-9Np*nH;$4}bh$nG%E1zRUY4viei@NMo`^YIqPQ2xG_6Bxk*=V;hwkGVx#zW(&Gaq=^iIHZJU>y`4JP zg*$W)+G8vnMSPJyKWe^Htj8FwIpG);Xo5C}B^&nKJ`U=M!~bQUsBbep;NithvQNUF zP(v>Wpc$100lKuthhA)t+m@?8#S>p@_0==bKwttTRJ5R#j1GmC6tNaNAXDu5T>az1 zx;C4#lpM0|V!Q{id=L=uYa5YIbnDf*+WxD+}J87KM zoIgu*yeEZYC;94J3y6KIb?w035UPM6S7ODgx3vNAbhvRW?umzXDvmfF$>c~b+;W-^ z=O3>}Y~l@@xTH{wGH;b;zcd6E{>`fu`Gh##*I$^f0*++_@<2B?o7YfL^i-21yBFC# z4h{G31_H{tlJ&A-ddz+M)XYPLzr@ytex7Yi$@6VV#Hu;_oYXVWxhLT?aNd!>k=1Ac zA!a@GJLy+y{tGDe0x`SNx}_j@Y+Dq~pK>F}A<(p~vCfU!YE| zs?D#2t&5QCob9hTfc{ySKyw|x(=koy^M5`3SjOsP4Dyxv>$V0HMn_>Wn!?`dVH#}o z&`wQiTtf@P7hrIS>JwyTP0}JL>-H8)G1tg&Kjw>x-;ae-rF}ParAwLD50FNla#r$3tbr~4`l=ezId4u|} z(ScK^F;asBiYaTLRLDBq8;JUelY7{yonMz38ZRL|VmEmL3zk(AZtc=is=&y-xzE8| zwu`-2jgm02T{P-OW&0ZY5$IsGWz`gl%ShCxS82)4%&b?(h@sMtT8_oJT0IyFqB_*F zMTA}Orsv$K%*aIMLD!!_J2GridWz{4Q*9$i|PiH8%$Z`<$ZD}FdlHLC8dP!(GSgA`2B6Z9#? z`P_`|n(-G7z1;Kq2%sIBCXu$$cGOp;uQ81YHc5;LveS}to+Ss+tGI(YO!MEC?fQxy zr0vI}VeEeYqr$%$G$oGaP!7ZKU~huRL&tCtVy*6uXJLuz?W!cDzJ?3#s4G!bBiZY1zgo}A7%5V;Tv4;?Q)ra2Ok9m|^QA?U>~6-czxsG$o} zJe9ybox|d*So|R9#e7H%|KtZR!xv)#1@~T^Z{!e<)sqBnN=GqPH(|76Xr_{r` zZt?G%HszB-1bxSQM==|FIa)}vp()-$T5G$1h*ALH<~nt2ha)#H2dZKTHy!X)VHGg) z(}#OsslZ1QkMxZQv|yq`ZNi!-+9K{FHDgCYSmffA9)R7%CT9p7K15gh8!&ck;a@)u`xX~|wawcb+C)8BAiAJMex^0e%MObWu`4b|@n3#Q(eY46SJQ^iFt{*SqB-O- zAUO^FU7`DyfR3Lg)Vrrg7E(1d=OKo+UldM1YetxAaiQVcC}&jrSaIx_yfI=_6BZ%&|h2hh!C?CU7 z-2K%l^;f@VsH}Z;3QynUSYco_oIobnl8-@2ahuQO_g6q*^r_0cn&6?p_)|1~J767lQ*hL=twql1y* zJ|cXp1{s#$%Q>kRMq|~r8)~NDNOsr^R(ii-(R}R2O&J z7QsUfNa_=6&roXBdDt)U(0^)%Gt~$6wA)E@5cMdAE3&QW{B<`MTGJuuHs_^%8Dl$p z@#yjEH2R!y&RaVsscD8%r|5bjY}d-%GH=p=XzIiAESGs&a6^_kIAoQWlP+$T8}nY; zl$$KG6ZQ@!W7MP)klClz;^}M4_ZOH>owl)?$d^5{{Q24G|DTFeoK`&oR-2l&Zh)X| zPFvuMCPDK_C=#|8a;RKnxPz4#OBR^=$@ZTnMZIIN=k7!Sp?FC~nCfmCGghd8t@f-% zxFYac>x-8_?m@lD95oW}riyHlN2fYvHZd|2Le-JxsT)IqjX1RsCbs<36H1;J^2|~< zb(JtU#5o-8&1Pr2;tu@ga$gMPDZg^){VlY7q@t9-Ha76oM=H06rH>Y%#0E@ORoV7i z`v5=dv0u~0E@@J8aG~PpYwxyYTA`Znvp>8mk>8?fC@$@?5ZKA7gd{0r-ot7_s}Kx755BMZ3390 z?Ab`euC`D`9bixHtPrkQu@iRXdZ5l6EIR1nM*bp#eCVKKzjy5r@nZ|$9df>NX2(*G znjw_zE|^{BH_o>&c3YMA*JQ7cFg6Jf?cr>PKt@7EG1?IyVWJVYI>h0jtC(Cb=G6Q1 zG_h)P*`U6SWgGIUEzlfrp0Z`FgcTGiGh-(Vp_F;sI`=J%dX<6hf%%TvzGEa^*a^)a z`iNbce+j2Lbja2-u?BoB*g`5BD0>_EN*TdCFCrav;sF~LeNN9*ccviF^CX|megdS6 za>u(;M2Cjd-cJ#MXHcZE1Z~*>YA;cv+M*6t?X`4Tz_EpG?i{}TCNA=U2f!XdA1NHQ zZ*70I{juv`FCTI~v;HPux1r7zT4!#mNp_n2ab z^?VSiG=~XnpilJBQI+gRRA#HvFY5`Q?ry4aqcg!ySoItMBuAcarL7TF z^t8t=y2K8ToC8^%$EB|kKBBF$q~iKmzOGjHQSOr~9N4h)H{JHAUG5imIl*~2{E{jC z2!i-^6?{u5YovCvT?2j9r9iMdl703eE^eZR3YMv^1d?~4jl5}TH~M1@3ApAshbd_j zWLVmnR@Y}~#*WG&57Dua&q-}N!0kiHDGD=i4*H=iclYNQ+6i&b-OPr5&V>del*KyU z1)+gnT>F|ee4)D{n2j_ROq6MznJbwb+r(B>f^T6=yv5{MU3nuSyPJVJq1H@E@l(WX zcMpA?&C}xD-wW$X9yWi!2aTQn@!BSz_M#{2JGno6A61rDmKgNRhIE}NhAvn+^nOU)(cs#S z_>~v^UBT5J(B6cv`e+_rD1=0P0-$>;z{R-WN0#}bRpHY&YwXBJhTZz6%S0e&m*sQ9 z{xZdaIsEy3TT~hTqxOE5v&MId+^2y5p+pKc*F_Dp=`zPzDJmcYKf^;xt~l~StS&9= z&tf-6x_Zt$cwkz0lyZBeQ?`3)u%~iXx2H)~bW}jWTNydiL{jSdLkVvuDdWQrrr%>- zEDi$lYoEH2p+;Cg=OA2%!uaI+Np}-9V>JEijKJA_s9l1gFMoA(&<)MV=xsIs)=_u! ziUGc-$>Zh$xS_ZvdOwF9nKv>0+)Bh!!EkGFsFNnTgtu~A(aKPQp``%djgLuDdK~{LYjkb#TUU3wXP2M#grl<**SsX&ABf@(Az%_2%_iz8Iwqo+ z9%6R>6;^+fEzm6>GZ4S9refbn)OJzlu?$S7;3Zk8)w?9esa3%?TA6{g9w?)TQ4&z> z8VU)sMY^Pz2l9b)(d(;~)JLXxGv<@VZcGT}np;#8nQx3%=x=nBSGG@zoiJ-SjkOff$>L=%~C690IIns|o_8$E?46yBIalGcyvg zKh3iq$1)X*BeN&e@u(85V*dpY`JrY(rJKO{-B@wunRj<(<&$quO_IW|(%xnb*mM(-?t~CtqS}#+T1g-5_(J(Sj;YvU1E2 zca*SMhnw*FVS{wF6dJc7cb)XuGABq^DQ&im<3QbF9g*=oQDBsrQMqa0F7*-c&d|B` zfi$CGlifg2pz5OCGE3ebakScu1$&^O>pyV|_fOg@k`z1;L!VxW;bEWzI_Z@NWQ|;a zW<%eGvfN0o#tl^zQVsB&{d!vYr7sjPqh6F*a|f(0>8P&`Fficl^KOMsN9pQ0*qmIa zJ;!n0hDSa*YK)+<#&jE>k>zoqc)9wO)yd@}t1l!+=#!apd8FgXXq%nJDPl-zDy+;7 zrbUM^^w1lwKEZCdLNZN)VnJyXv=6(Vy5f>`2`GDoxUiTU`DA9kV8n>`=_(=9xy8%2 zVS$my)F(qz(5YC|ke65_G3n5REng4>lm};;AYx#FEdB)*9Z?cps+fgr(Tr9!GJYZ@ zN&BV&vUEX4txq^ii=5`2CIx8`fDVEc!=2%qiLhImgjwkk-DVtHgMC5-kQ&=&N}p#d zN2XA`QwbyQra0)YA2w0)hG?)<{sUpIK1ftIf4Z^VJaEzGkSo;N8J^nuvy6nyU|)6` zzA%-~Fq$pd+F_E7s805?xb5|lh)CF|r}91S?JA8ri?8SL<1W+G$qP|dr>47np=H}j zX;$$xSY)!(*xp}$AMA~!$y%Vcm+Yh>y~1mqrUmeb9S|lIl%ga3E{{Znq0oZ@sXO}B z^@PbI*GH;=JVg9<)XQR!=74>od{M6OgpLzjanB*eIRuPnL7qmwN|oo*Cr=!V;eRQh zT*P$JGFO)P~Nai0L=9@Kr%+g+xHk2aa#k6;Ye`kTe^Z*&wiK+XG&rqJ_ zSwmar6XWjqw(lM>c>IArevWrK-pP3HJFBwbSzIQF5|q09GJ|`eJ=Sr z6_qmhie8Od7a5;vCbNM^&l}l>+pXD2QsujSQZi`|g@!H_Y0l!Ea7gUVsU8&p_z+BT z0Oy%^Ec8~NxMWIiQ7S^WK@W9Iuq&awIM7m6vJLkqL##2bLT7ay{`SA=(t?7+q%q~u zm`O`*@~}5(;ep1_MEww4hfK_5f_|7H{jc&2BSVW9Uy7ZCe-5OLVlJa6>h7_SX8fr+ zR{zg^d#cb9k*QWWY4%E5tWo>(t?uB5x5N|(2bI1%r~CO}8l|a%z`S&sf3SM}6z@!8 zg(+4V$&pmT20?hgSbsvi(n}63R+yc51&SJKT{cE8EE7<22PK___p&CAV4}4n+?xLs zJ}#hqtkl}O;ti$ef=F^_KTL&U=#gt8$`z@gfxl>-tu)xEk{XnJB7rRD)9GukiCzV99D;Cv=k93m;49xpsDl3IfZHztFe>(pCTaa)P6&$>mP zQ+)=Mz+RsHPom2sx_OrDyVV8!omx#)3UAU~Ys461sH{Wftjo0$TSKA-=mM4 zV(=(_=tr$(P&3n^zxDwIjE7npvlDJzvb#;wT8Fovjp2ytx&L?AM`)bJtJb<**0Q}J z-+^%*L?OnS`@tWL=j4%>!u-ovkeT{VX#IN`IP&+uv7PBCA^J2n`9cH=+UyXPL;jz? zMiiwq|Mjs4y2izXWKDP!iOUt1kJy`<9TEp8E5Ux7sm?CV8#ztB7&WbpjZ-G!+}Y8= znUUn7e7Z`onUt8X&23L!yCS}6^~xC}6R@0GQLi20+6OeV;@A=*b*Nr8JnW#9(VN;l z_A54&#%7e?9&_Fl6*dfdVErK}q%5@~J~$g=RQkb~hsl{Tr0YbsnLYNU;mta4ZX{_j z{8lz9H=(UCP9fF7gOqnd0yM~cbwzjE!r2Kxo9gUO_1Q0e_5*XPY2$!}-CQd3Osi+HM)y)v2?VZ4eRK zNYFVEF_x&fhcvPb4IE`WpVdaPRe3?oRKDM#G~TIceL5A7d%^_ALkePzJlpH1Jgm=wL zmwvX@#%TQD0LtLwP11iq8-w-xp5J&?0kW_Uvk@{D6C+!6KOOfTXwuK2&1KZ&w{K&y zejaky{(0Hgd|g{&&q!w#U$PU%EuPa(4vHf^Iz~u0m!fRT^b@imS3-;WTU7N=~ zzzi{FVHv0NKaHnbNi+&+Y)rQA{FG9~%IHw%0xY>!EG?_y120iz5A@Jf0-O=7pY3u?#(FToaul-* zj6A(mb9`zV;7^YxOE(*t)jp84^hnLD9V2F3lH5xHiqY5rx*bj3jvc=ugB?Ui4g$^Y zq8pjC5sHo|jVsu?eI+w0vfX1*cU%cUNz{@C({3c-Her>7;Kb^++dDj?!&(_Dzh%~t zHAD@02abD7V3)b`COZndO@(B#l<4gjm@!+{TBq}G32n01on=R2=TEzN$l?7MpQvXC z?Xtiw_}!YL3WZo6pxv60ryZ0BD#S;XH6MZHDEj-gyW&{-)nm9=E(;fS`C%+o4776D zPXoLy86TU|uH>BW@`{OB;k8rhl{_CChLob#ME=yGTiURygu06dS9!;|X>HwMf5tby zzndkF3p;{q$7+AO+ZsEsa-vz|DwHQvj%;Rm#ZHu4=^4MhEF+@&Sf;Sm3Z$o(7QOd^ zSICk3vkE{d(S_*cAdEYhrXxGkW*ZBG`;`Kf;H0qbA7D9(Ce56?B8tbpWKrTo9E_po zX$DOO{K{s#5v8|o#h`_fT&yA4BN-xtmBnli4m1YckQS93;wiWa-;mC4&C`6O8^5R26B~QsSbR~s}7I$~= zO|B&wV7VOoUl;|@!!ABs{p`?1%tfHQIf?|((?E?a*t60|;d*OGbNewxKntL!(Exh7 zUU?))8YCT66j$w4NMu1$`QdtSn}F>a6*w)}i^)KxJ5}rxfTzE$`(5pHb~@`%uD|WK zj+$9lT0z+m;AXzpMP7=FrvF~Bz1vtuk8amald_+VVL@UqyeDXL`;AMWtZDB2;|Ff49RA@EMl zzMomX!Kg)5vl-H!+WpLbR4i3%g4(YdgK71Sq}pr#-vDh%(o5&1?Lqp{I(uw zrGyX!tLSZu=F7eGgq=IF8l)8@Rk7~O&7A>Rb0(uDI*CqlrkqeNJtNTt=?+IVCT|l> zPis3Mkyh}x6B9ZlD51ft{m%)sd~I(;X5tbR+oALaumVUoC9ikGfg|2^A#|v)l`n5JNLX=Jo3-vTQNX;Ks*T_x< zsU)hsAys8Z!&N$!&M-CGy~ub(tJ113hFhMT#}6YNnj{)nh;yB8(GM>hNMIeZXwjub z0UVTm?d5c$T9!I1*5xkz<@B`Ff?Bdi_~M14zaRj22?t7P@M`fnp;oBf7?I75gDcwi z@Pqsav6tSbkOLWNM@PcL;n_P_>C&vM5~xr4q*x)6i-HG>k-zLr!vBsa6JUO(O`$@q zP%FNO=zuG+)l-L}eFI1Z`9o`8U$_(7K6@7}Alm29K};pUaJMERfE7SEd`@pz|BKGi zqjv7ZMT%A+I%e z)FZw}qOVqWpD;2tk*UR;EOWuYz8Xv`1C&o!Jrw{;0)TE2{VV##44J4IIOOWQe_-7{ zqSY6Iy`x$1)kWJDJ3E~l7(7d~{AH0qnf>Bx6xGK~23=ub+-_Oq5HZFu7KRa2pdAUh z2@P2xcX8+FUAJ$?MMzg8)>R9(SU?wh`%x*Qe%Rw;aPImEObmF9;+#w;)g6hbuR9ze zoe*bg;MFT~rO0%LBkSuYBYmVf;jM5vx@vMVmK!7?dUD9Kz>bZxCGIYx$b>#vI=mnC~M|f^8mT%muDMR`>Qsa0BQ^ ziW+t2PugQ^Clba=J!9AC@Vt&cEqB3wzk;F_OEVEOkK=OW$zBhd*+ zLC%IyzDA(+Tca&isOrHF`cQWj&Jo<1x+|PBdzcmw!R_rqRssJkW6{1`St8PIjkyTX z>gBI!c8zfr@XGBA-C?%*&VX0ufnL(l7v?JPigGbG+u&&{m(G7WeNa+gvWN5IwX#-g zRFJ+M=yqelx zVTx<8Lpt`+v25Tzp+MMvyY%f%f!`Vqc{w|tono_Zp8<6YbA+b5J|njzvDDDTi!jE3 zzdA2XaYYoHeYx;lb ztQtnXt0(XqkE-|Eu|t@OqD0;2er<3sz!!b1MU1NyqR)L!8Jl9B>ZGJs=B#CL-FS7+-hZrY=~?D5lpp+l!z;`h^8fT%yCNRp{%7x2Et1I%!L}?x zsXbY!;3d0aNMaDM62A(=P@J*bl`KYxcRoP`ycxlRbyE)nf5iFuhdl!0>DR8|(nJA> z?8=2k4`E_uj%|voSyoi9g0J8Y`=!jDFa*d0%1$rTg%nZCQZ3a)&eF_#;Qlt+%{+9W7f zjc?iEU+fJ1hZp9)XB?jy5P;9vvnSNuhZF90`xdDtEaJhu`KMF}pj5$o{ye)!U3iHO zWS_k@09V|HF3hVy*!p+kcqcn&87e`p9FiVI<( zw0U_l9Fr-><<%jzUMz$*H%^A}WXiF%d1wvL--o`0ABR`R=f~$oQ-{;$%kKsmCB})^ z^3vU5L8>5?{9t~LU^idJldae1`h+_>zTqmZY(vF!6X*1MFZ)Xn%IeyR&K3%>rtZ}t zY#%R!+u5_Eny}0xSu6XcaNuLM$`x8((|d&J0Yn)+eVLU>389+Jn=u*|j~MmV)ZiYW zDPdMtd1MIBBhEg2v>A^IIe2gs>iEL?xUiXEwg`}TC5z(-w%_f{u`Wjs-M>O2y!-k0 zTjvW3zoe^umv>#2TTQEf{raB6V@ZfP4Q((k;p^^4mY zIHCQ*p+ioHPuROlu;Ayhv3s*(eMBk`Q$%_`MW!jEEL-Lo#T{~h9lHqTG6V9~#q*z@XOaZF@J?Ua7Xd7gFl=!~ykmf~x)kvC_A*JrVq|hJU1w@rJi^1`s$8jfI zR}Nh%$Dvq5b*)YgCuTN5BO(9PFOv{(M|G{PPQ3>&6yve$?_T)ZX>Xu!L|uI*(pOS|ZOvmD zeBB$e9LKlksD3G%DLx({I&BVGB1l7Pb)I^k3H$NAXN54V{=mQvN9d&s=j$={k^MAZ zq^^DHu=eis-Qxdds_l-_ zs$Ivd)@ePeT579U1`nm{qbskGh>7;-1bD*~e&q6{Gblc{pwFcfikWEUQ6`^U7={jPg;;@x#G7Tar*djmTaxgyTMtG^cq#(9Uix&((nobrP! zl3@bRV8=J>hMWTS*u1l_tirhMnVPGHzvt@C4l=KHtb(3Ehf zckE)x->{&*6?V06^BP)o zKZXdSi$|6=3;`kU{b;(O^h}YIzbZHq7JG-KB3oXoG?aW;II5TfGsZ9S(w9$Yf}|3e za$l(_cuXl%$dBqPb&Dt~G;U>0)QBEjyHR;8pN}=)6Oh21`9w+;2njj2&qR6)3R?ZX zz?`gQ-u6)^-*VM9dlYbh{xW*$JekSU^G?eZ0dkRQOGdhCi(I4-otDp=emt#ArN4WK z4fpiKhCO_jN>fe))k^3ojWTaoIpHqkOKx#21hC$Y_+zGuYtzsoQ}4-7et0WffjG^H z^~#(^|MMr_4qehE5Jizb>zvLWCfIeH=9=E3M=m6%FU| zTIpP@mc7^`MJ01fzja0_eR#!9?m=O=fWPomnccp#*ZLiO|DVd0Ui+r~YQW%z`I z1bcr;8iV}aEpEQK8RYPWlE6KekM34gm4O2hGM!ATIbY*mraP|CDAlLJt;`n)420HJ zWUv={$2>~pu3;So@IN%tJF0g^;{3g$k@i@RG%d1LH*ouGpD4=uRNtv&n{IJLgnwIH zT2Ncpmj19Tx*QqL-g%(V%?%-|tqI0(Sz7G6%fwVEB1^Cl%k0p_&$_$ucA`y}M4|9+ zi%yrcZRy+^nnisU$2vHGl7fYoPXiIjTl&Rfu`RIf&C!3IsxK4Ma zCVKty+&>}qi{!2lzb1(8Lh2sttz|zD*u3PTjd}5Z(`ZuH=4PCl>yRw!u4>*YD#+R< z+PhD-ImhZ{&x6et+X%+`)-zS{Pl-=ATvcQa*~;kP5t^vqs-Laj_Py~u-`1zaY_YAc zpy|BBw%FORTVp{0wCK|1P%o6K`(PYK%#u4DM&2f+Ah{*Of>WoYy{6Djmp0W4k&)fb zJ`_}jv&8ZK=VT{NN~eHN7p%{z2fX7q*HSIY+}E-#R&!AddPlad=Brn)?J+Ccu(sco z$z|w?DQmF96%K;Ux2ztvIA;-M9nM=aHd-ez{6UVM^Ysg<y5YZq{5+N;QO-Gj0%sEfx!eN?=Ne79?aNC_v9wlWxciFa zntH}lQGH;km%-4=I#5>G)-iA-Ggn0#>Fu5cMZ-X5WF@A^`nR7T`_D5(L={DheA!NbT?E2YsfA;GaRQh97_a7c74fbbyDF#^PV z%x#V$K2GOS$IJUKG`jd`@bSQRcVSHq{()UuLPWTCr6x_XV(i$6Pf6xZ&XXs))gT+` zK$30gRJhXEYUqM0w4BW#>-)zQO2Q0Rdiso2s(S@37^e{z_f!xEe9D{tx3)5wUcY&r zoG6do2@iym<@|#pVJB&i}3U7+y=gD+!cUs{%Q16Vo5g(8+QztM7Oc^SI|GJ(7@IhWs6 z6dEr^in`#jzcJV6V4ASE5pn25Wl!yEiQ*f-JGU}vKpIK$1e22aAMkS(A(nW4rsvV~ zvWA69p`s?Wh1YpYEIqd?WG5yc7LB@Cjj2OjIb%+ib{CkbLOgg~Ej6jbp=LbJpn84= zye}tj9|hJgkKP^tRsjHQweI$yju^asEHVE8(eYgJdY9)ooPDvNzoufM!MonOa$ilq zz@qrg8=2rZxi@{OZYNjnJs#b^xS^uyTvJ0ubAKpvi?@;`TOI@S=gI3cmq)SKoxp3m zvESP<`1PJ5cI3I>T>80WShTP|gtpmJ=A~T`Q$X%LE)%?YV^J*VSJCUsHtGC6?TAuO zPGWLI{Q`$#9PT;Da{SOSfo_JPnd^nt>QAv4#wX>~!-eae{&g%^{j zXMB?DgCcr??SgXKYu>6xz1#>fc}Piz(-^^uLOolRan4p&gedf>j9n#Xdl(^#I-~Ht z%v@e;RKRTKyHXi?d8L7^aL-ZH8sx!gjKhkQml=S}dASpHuL7w+Q4cu!g_k@58Ji0Yg9Ugvn}YB%ryRh^aug{G$OhIuJuMtbGv1KFpPI#IN7r?HHGZO1HlJP~$fuLD z{fz)9K-a(ifB`)%Jm~_e3nOyv#*qjtcF@)$ji~s($dw;X}YJSB{|!_U{21qg2ybS{~o@zYGCRsvZ06Kkcihj z;-t{g{7G4sUz0rpCF!0BOG=hMO+?Oy!!uaYz$Dg}FQjbDr>6{L-rSCB2>7**xphbe z%D<`f8X9(OZr?g*Xb%mUe*@RW*ZbzyBLlL&9B~4UP))68R1{4DN|Z3{)$h0wF=@#w z8=P1Rtb>Qm=z|vyzp%f44t@Rg6(|=({9~#{R;T}y9)XMi$&XBRrl)PoZrandy0k}W z8<86U|H;8B^3^M5QaUXW<>sPfCVIFi-BF1&iUj=mNUie2M@>S~$r5oI6ON$fOA}<& zJUBefLo7)rL5A>;&D7Rq-rITP$VT;p#6ETRh%(50t{gmav`;gdv{BPLqKp!r)kID; zMUDPAn~Q;F^%LUs-%$zQLxMXsg0&HdXpyH4PfpmC933;21L+x#CT@fwZiN~`Bgc@w z6ZNR6{871rAVa7O!t{lyCD-SarSH$st@VR@fB)Wt021Z5?Ae4BO%*j2YYDSWW!dWb z@x0EwmfiD84iHhh{h8@XWx9t@kmkYTd8GRbJu>*bG*5vr-BYPzW-Rx^2DyL}81#wv zAJ|x|*Pr*t(U=o}Cuuxj64Vmw#rT{nEVp0AJZ;E_mzr7=8YdfLAX zc?M1uZFohb6&-!WcpVpuRJg;7cdp&AH_9rSnI<@Q!1CmLqLqb(9~G%Oe*6K-mKc%w zeL6{bD!1a`NuZVnQ+5cb<;TgSlK$9Bi_#e|5`9}kaj8JiU#~$4?azQvt0|&@Ez;e{H zW}o`OJIP>Hwq)?_!+olnNN{8L@z7~lBrI~|^dsmr;1hsTA-CVXC1 zyDH&JL|kO-tBe(Ob$iG6{vMz1N{N{-Ie&n)F{3`$Yx9o%vjaj4HvwhUD7qYFUSft; z!5!B!6tv8Z15+yhZ9-#c(GCydzcS)lxn>`@ooRS)$4#jyc+Q5(I0~GD2v_@3EHc=M zcZher?~w0&27QpK-QFOOX9xXO%Y*y7OQMLkt&apN2^}9-Dp$2 zs*mi+l*Yz$DXJ({l4_>*n*cK&2`%aPMAZSKLJa*)=hdC_biX;%CorT|jGA zbfZ=MToFC**?vXM@^yC;BWHP$9I)K6{`oUj`rTgmzJ$J=9n2WuY@Ek!Km$VG@pH3! z*Ss5tws*CD|B7bpexYtBS6!&Gjs$@jU&fzPj^mX*pgbFY_673=s8pEcE~Uj4o!A&c z_T?EoTI7gqSpa0ik(Fw;h`)ISqciiI*e2oE@4tMJPh|R$x2ivs#`6iLEi6aptAc~E zMs_ejx?zht%figcy#0Y8A`7|{4xO-y(#Brg+4K--8*@_z@I7XC>dJo-n4Gf0>V%7B za+9;t1N+?gM%)sfjyj}T*%*CB&oXqRY(U+vA6r?^x$l3Xoe?q6PL1zuLAHDz|NPo4 zlvS645n_WiHYgC;eo5$@zL!GGc4};o%COhuIf=t_-t4_ADsDVRR~t^IE`;-Oe88~W z*`4_%PKyW^AMtXPTfAR^!SJIU9_gf3^w?G|WVbncI$Gnq?Z)-F-l6_k_}-b^j9Igm znt_t9Ce^r9DN*f>&9jwq%(v2$J?Bc>TCQj@`H`;?$_@_W#Ftw<3ewmZP|3vb2JAuQ zX>n})cN?N@m@sVIaXmA%H&bECr4?jQ6y}!2MQ9>E zT}%|-5bBR0na)#MSos*M&umpeacwB0{Ly9b;@QP zl&#p3>eT%c^q{-X0wGk?n3BF4ck5u@ozHRU=E1M&NG)y2%v->3W@HrMYmETZt}_P_ zcVGx0*z!O9<0kTZ!re8EYa1T`e)Ef^1o(-;!)z!+fdNDn#@)y0xqCMumbDa*ym4{z zr>ooFfBvX3oRq%DiLr?Qf+p;@{JjN;pKU&mdHlgl#c)%ZK^|ky$=C&__s(I48j1VN z1iJv>niNLulnjfML2mk>-Pp=h=1s`z*dW~2tAm9dT0|S3z1ZdtB zCP{tnyaCH%>9Gg)6V*&6QFGvc9?xPK@aNByG-V!$>B&neaJbjhNDV+e)rkthL6qM3pSS_Ho&d9WW}7fFt;BgZa<-K!N*79=+Kbh*idmmOt{_<6%P6> zt`OQXYHe+Pz>wbm|F;8e)fe4FKC;U*n(x`GRK$#fH){g=l|DUj^hEXop6R%8)e&t7 zZGK9r-k{JO2RNDt0WAMU9MZ%i`Rq`rD--jtrN&%@g!GTG`h#IU9t!B}rI^exU|%Vk zR#t5r8RLNZ=95s*%be!XVy3MpV2^uaSTXRl5DnZ} zt*52`bcjXzI=Sd}i7`_4dcW*!VPCHF&)R3tUk`K+JXwAN;l07%f0*q( z^44gdn$NEouAMc93D0n)@Mp?UNHzH1b{@Ul}s>)d`P1q*N~rbi1O-L|^XrhBc5 zRz;mlZ4&)cilOv#-QvfEz0db}*HUNJ%m59r9KFob%Z$BK zfIt6+OaAlXnKx^WijFF~Z67ZOzREYJP^Yr(c0>oL#A^BB@>2PJu_8dZBQo3WFzRr& z-S#N4GC(QcUs^7o3{Z(x+oO4|N?hL7G^t0Ps!rxnIv<-gU#h_8?kT*bRemc`!|9d4 zw_H+&Dy#buu?StF7oY`mr6&Ru0g4?VIks`A_>5T_Lxl>VJn(3v03!&2m#WAOV2hLU ztr?dAQypDL(=i8=xGjchRfIbHR6EE+jt_{m+z$`Zz^`*Sjule9)L>`(m(@{Dn&TNW zV`-_{Zycv^sxh29&s!MGc;{AQ>YVE*+imXQhepl*Qq>tYm&tNCnb*uQ{rmhyh-NC zu6Mr4W5RIunuAHo> zAU&Uaj{C@6F#FC(J{B3WVtEW)?i1nk?q5$F!eFSEGZh|tSlP8l+~o{~o2JUZq#B6T zQbzHVhOwPPiv#l0qxTKM4xTS+N&an8(;iuwk@JOmQ5Y{{g`!QDrP zs*6QvI69QBoWJ2Cq{S;zQ9=JWZf>-hwaN_4hUM*01t>)d>G|faX6dB>Re)-zCNFP? zriQpM@q$TqK0pzm+^Nca=%qxb79(;(`wIF(5jn*r3iOlaxkh+yTB-u;<)y@yq#<&R zbHOa0Xd3%DhqLVGo270^q?<2pKlsKvx6z3ABE$p*H3+T&!+0RBm9wOf?I+INzN5lh z4?D%Tyz8>u8FLxs-gg+jr_x%G*0QG5Pv;Tu_`>pvPlXF@V{1K4ehjZe!AL;1)5Zf@=S zpLUKyJPma%hKGxiTtV=3)~(=Mi?R?|zkL&_4SYcnDcIKpy~R50KbweR3?AI&Mggi1 zf8cY(R|E6``rVP$l?Ov)O1V;Vyy`K+p0RCNOEyMq>M`=vJQe>0dZ|M3{qh zb#+-x-I^W6>cd04VmUbCjS4v*ROo>!9@R1p^{lk`vO;vxsuY<~c0 zmLun{?2nX)y@JuZb`jFF;Frx!7N<;w!b zMG7p|DOcp^lHug!6VEu*?H*Z-m*eH6HBlzk5nqF^VQbN{TMDP#+8Crgrs?io$8sPS zIAt+C1LeTSLWGDStqll9R2lw7y=fI+5o-N(n_{zEZX&KXxsH_Z!}(#}XA3v*K2hQ< zaaHbLK%>O9%$TZD!vH2rK$<-up-{AhR@Mf!L)Kn)Zws{0v*T&;p$>&( zsb_L(t?gXfGSV&Qt0B$40EB#0+x$}%f66|?ckRsQMSjtdt$bIC--;wex_rA>79iV} zkO@tf6Eojs@1qMMsmC4>;`k6-0CJSO-u*kKE-cz3|MgZiT$J%;gXleqeC+7)G8FXh zo_}9?Vv=s>T2N8}PdVJR^5K>4ZmeFOn^qc+<5Hz|J&1ecr}i%Yox7b^O4{@Z`GUSH z*|Pg}2;AYR5904Z*({1Mo!(6j%m$&K%Fc%YaJ~?iPMewQX&IU|2Ol1mKUbE@PhhB2 z2~RIu&=S);{Zr=3@>y7A%^K@OUxnS=)`iHd2Y;PG5n&)y+_(h>3p}1a$?`XsF)q_C zQ#{-`;~9Si!eLt)1C0JBSYZ~rP4jPpy7u75QEt>0LbDKQNj3+kvz^n|NpX z4z_~bH#r%M_mZa&|2!sTSjbSe41Tf{+opY_G$@UyqUKb- zAOJ$;z?m3LD)urna;OKZ7KNVgim``1MGF#;ni;WQ5x&-1$2X7kYHgYN5ZA6I5O}+C zO@t2Qm(Mt-r%v=1GQ~C4+s8QpVwOiof<%aEm+8NRWhyqFKV&lT2MAuvR0-BrA98o) zLN>gxcI)PlU1QiB=U5k)95*K*@0^-3oAH=Jw^<#tIw42Js^MDhDfFpA)rOg)n|bNx zX-?KD!0P5GupG_I#pZ^A6wKw`%RoV!ni;u2-5qH>r%;KNV%nQkw_XwRL`nJGR^VZ~Ma-BJW zEZOxcpwzA2(NOP@t`b=$10PrY;$Wr|)#~q^j7AeP=WC8vvx)I&r&Fet`?6r6{;M7s zR+Xmoh4|{ZM>!dFQ$n3U%a77tv^6SqkChOT5~ReCM`ju|pLiG;#C1ZT?dhtRrRh`nv4Fha~)ZX2v0&!W(+9#Fj%P6MbP;T$$qe0AWK&0wUqfgI~kKa8%EGVQ`IvPAN z0Kp%1{RB!*#kyQ>y=;5At-aXc6bMv2@2@N{pUiiE+%B)4klej1*_f6t>AQPpBB(lE z>k%(B5|=h0^ei^QFuTo262=1rH!W;-*?yVb5`TYQs}xS}i*HNCiC)ubDcrpz^F?f8 z-@S{odN!?DVV53mCa?ke`f3bjJ*iv&lVBtRrqO2Ax`RroLOQ7^nR6~&9ir0f@3(m` zH9S;>%+5|kRMj2}Q>a#O?SVYBg&dnVGo3;Y^iT4%|3z7v=GHXbXuZP6YUtSDv z32i{m&JeBeauGk-KjDitUVM{IP)zQhl&9f-Uc`k1Cigcl1-dd!#rfmF^9!=Gv)EJF z&<_4Tx0w}@PY89(HW=Uu#mGHXL77nBdCnnDD(B6~fwl4ra(3cH*4IrMq)LfWez+7~ z7_iS@;V<72viY$jmbG;oDoY3tL=|k`9^(~sA-#^ODh(%C?U0pyeHhSAXz&LL&T!#-W3}9x^}l-y8H%JB50o zaA>+%{9rjyP~)EVi{No!`J+-8)mquEG=oysCAwM`K@zRDI?5bn;<&npkcF?x1E=Ak zOC2;$+W_aUwR6^>pDJ&CMmMbST>D|IN5dM_o$rr>V6)fo9xEj%lf*|isoa$wqi%^M z2R#)Y3XhOlgC8SawpvbY!>^2#x`lfg)K%Z4j0yMRj9sk%rOe=Z1046`%8?K!FF^== zZdno%iS+)vw99oBYU;ogX4==%>ixr)7|h7#-4O^sK{WjM@pl;Dn0f%Yq(5A1f_?X*?BQEf}+@ zg>ziu81S}=?229l!#Q5Bg!{N8Fa*2Gb1Q}f43{`y-6;~WWe_M~LlQEvCK05IkUzO5 z-%m1gYCyE>!~{kwh(bgas(NHTQr|Pq z?M!~v!V}BO6zXMp0ToPyDA>Ut83~$i%q-|h@%VQq?q>bZ2E@4wn24xIIhqY{Hmv^? z3K?*xZ5w~N4Y6%vd}1rs0r~7=T|Eg5E)^Uk!qv2QB`6FV{tX$$e)!$A498H1{Ey&+Ke0&Vb z)@(wGkOvzMQd3v)NhJQFurPkJxA!W3s(mVQ6Qb9ieCz48<2d}O>oa%A_JDa~Y}~E~ z(bGBJIfihs8Xs&Oq#)z}vf?J8b7}V$+5@zO2q}s+AxtqMWMUTxt{SzFaAwIi_bqdF zIX^&#ss$1Y3Ex@uq^H%%dF?u9SGAwST$09J@%UlIf2aA*7+Pe z=CdLVXm5yqjd5+X)y-Wl2*~bR_922X^D+Lc;Juw6;m{kM+w63_v0q~*pLKio)bn(l z2qJj9YRjGfyzN3UY)uufzn{I%1lUo$aa&)c@8)BRiH-&* zwEKpHRB#3k1ys2xT%^uRASxIT`kX$n*M;WlhtyTx@dH>g}ck?YDEL<*H7^hv!q|>9UT)@IJnc{ zt7IeB-5dq@E4DRnr4vq%;t9`2>CIasx4qwHey*|@mxxQOC+hIWn?N7X=!oO(gL5gaN&O#JILA_s~8ZB&BBFIcq@w= zmKL$hh3gJ!sCOV|Xa1ZYgg<=Dy*g;PEp#{B2BiL!)&F$pOUUGlcq13Fxa^@LuJs;O z9KL{Z{kl(4Fi?BeZkSyu4R#415PC#pT&KduChz}C76z3#zt^BjV?~E?B{H2?)s#zu zZ`ta2<^9!|RG|=+VtSIQ-M6(39%lF4PMJbDl$}7uj%+!5>P_u=NdFp)|6=7<)<3o$ zeS)(3yz9Tuk&e0f6YtU0i^+U_9dTqMJ5vFq?2_5D^JII%dr>ca<$I{EBZvMCclTk1 zTWRBAOQPAooK|NgIOI9{6m zcWBl}IXG!m{549Nl|?rsj+HaS>gMq@u6_<)9k#@6VK6(t2cPQc+N`^wahYd}PcwC^ zyw@!Ej1F&i+oEO{EG5MiBUf;q;B5rf>1!`|#b6eEcK49O`}_P#W~m}9^&U3k7_M#7 z;#b~@;;l*~(^HOI9mL8Q$+nDQV?f%7HqKvH_@Ru^O{B!Avr+h!9vcmoU%_U6C~fp8 zDK6_w7AbCI)IbB}tT0pfvGT@2iG?l2B}y!7*Dm%xoS?Kf|-Jw1)jZVrqQ9=eur<7SX2E9mA8Xb$Rn zhDB?7DcX%4b{=MR|2GaRE9>;B)Am_!uAaJD{rN_qL&bGs?UH?I+~5YhI;_R5Q{`FE zO-yFNT0?GxAyyR=<8#`ztn$V5(1>>TEoye&Vsc_Jas`fd%WqcJz%^#L-3|?!<*ml; zeCHOwy2dKr=T-u8^`8FuKUd3$AQ5 z!gDxuMplWo@r(%TOho1f^`weALPJ+@Vmx%vnGnSnR9Deem5W=KE2r$bL-;$L=^nNTE}qek)#-B4)XiE zaABK0lUaZ_b)_;WYT%n?JWkm3?52H)D95W~^Ri(mCgF1JAO(YS{`~5*D*;Pti5m_^ zyAJmL zV19g4hIl1OvdG(iMT;wPQ}30dSolyL+erH$3U~7MTI9(#y0FB5-u!$*5hdc@4B(9X zzc9?5ew=HpOI?~Knkc1*V=N>>C-sNAID6OElk1)c*i@LrLIS4|_{Up&dYqgG*15Q- z1jh}%0~eRASmr;#OQ!ibS)BP}5-pw(Q;%;pfNK6PxBC z^R(!C>7hrDcFQWt_s2^^WufYa3n?{{3ju~X_MKUIPHBMeQ{q1=iQ>2Qz+Oy%@W~Rv z4`Rv*d3i{UyH%QW-RiE*0qL50JXS_dFTlyB@XHJYQ*?Lbs8^+?J7UHTLAn7 zblW9RH)#RtMCAZA{;AAuy&wOcN2v!+xnsWp>*HgNVZA377DSGVcFc=|E03Uc zI9k4rzhe=X$dRrb)A|8KDo8NwGg#WJy`Zf~b>&nfvSdHG8(sA&4i68QfB*t0-zl3m z)VFOvILNSySlvz49Jmlh6y98QF+&nA2^U^1Ss8uLs55FG>Xr<(0L23QU|}2|l$uDP z5=Oezj}Z5?P0M~-GMPbWFMM>xW3gRb#9p0P7jRKrKX@D%zl_GeiE)8!hlIysfaNGA zG5p!~XZW89*$5~Z1dof7cdYk1w)U9HfB&nUYH00{?`UUMpa66mKN%HaUswlJ*W`Rf z=m)=}s8BH6vbCks+u!w1Mz}(~GVCK)i(dj@CsQIEfaR!z$=c*_G~`2k1gK~oA&3aQ zcD)3h{RidZABC(c{P58(($iyB`1Gf^zRHt&m#Pdm znVZzDQ;`!eERgz1`}A36kTu&t@MD*I)Z6>I-QpjAb8e7(SNb0JQnOWa4WYW4U=Jx% z<~5cp)xa0%Xo55k3v2U@PDQU}87|UJ+ej~^!oK`KdhMy{+Or6_RS1mjLcs7-E97RBCWUHdZIY<-A_m7zQZwG(@I`Bu9~ zV34A=dK#?-LoDg1Vnl(cBM4T`iIv5zPfWz~IMFD-rHb$YfNvl$&@|>f7|M`6VA89H1p^GuSRRS*-CmX39I97V*=IdQ<(ZLJR+coF`%u4DS zOsXO-{^HtJN5}egQ=gYx0U)QTmESB6G_W9QMM?^CUvqShQl?w6l^@ZsJE z;BZ~1J1MhwWp{=UgI(f>J}mkG))78${Y;0g!1S-K+q}mWhLp0P)IFQ)SHJDL`?t*9 zI#;}6}I=OF>0Mz(qDG4g5rM9`2XySkQAQF1#G0A zfk$|Q_t5&&Ny@02o_{j=@m^}mhBjhok);7Ng95=}zM8Mz6rP{BTGp~ezuqY!o}Ol* zJOBwH&oeViQyrUSnQ9on6e!)Uu{1BEg`jMml}L=}ezBf2Y z*8|h2lu55Hki)PFU)@d79NgEP-0r-XDTx@u;s*Z{JPlvnosb9xzPl3)k5ay^ui7)G z(4P58q+h=&@nUmq;#Pv5}Ca7aW$iG3B)Y6D2~-(YI7jF`cAe<|#^`a=ah^6+%I`CyETj-fBSQpEfkO z-hX@VHs@)b6uG1}#a_tPyF9)V5HT}u8_7~ROr;Zc;FWlJbWV2Xa<^C=Xkm2T$SkEO zs7iW&5-bF{WHv2sPJ5htPbm&R^X`>MHnILQ^qgld6GVC*yH_;0F%cE}SP z%uBn$zMV6Gb3HDyXuMUOPvCH9IXV_O_|=ajqKF%@0z0h-ssxl1s*&1Y$`9Oj04xcL zb}-9d1NII*1>DHdsm8M^Rp9JQH)P7y?NSAa&Z--qwdfytFHgzSJU)IPB=~p}Vm^FG zbCXX2Xh6=oP_CA%;a`B%LsFP_=mZyh0?`=~XXjAy>z6Q%co_}MO`BBh?cyO*u6Wn7 zWt-HwPt4s9P<)^XKHkt6AM!qTbC3|)&asKBaSm0?dG=p0n#EL;E?p{F(U)*&Q7J_Q zQPe8fiv7$Y2YJ11hNYREY5odS#xduo$ei*ts|?^|9^vaYlo|GPuFb1pjR}XtgG)%W znxD-EN35p~^CDQY(lO0s6*F?v*3QUN?a%DWc5sMW?40cHMklo6QSPZOI;-AgPIj~f z^3~wToP4uTcG-f8a*_rT(Ixj+e(}wib;PmI9%5piN2j|!LZmfS*yNepS_P+O;U@kG z4zu@&%Zqm`^hajz+z}o4SJ?k+9C>pLrl56O`iJ;Mm!Dr|D^W2yaHS^)suMMZ5&g@b z4HDU&ELa$L{WU~XTideLvtY*Z$wTH}l5iga>cwxe9O}~nxqglK``!KLD80cmq3!5m zTp~nPAvoK}FkI=H6%Vnt3+wJi8P7Q34aCh5gN=1!T2|~;=bW00J8d}bP)%~7mX-9t zo8m|c1FzNQ{;|Z%lej2;u8WyGIvS8LC9+k!KZ>k=M%E%8RTDdrggXBE;6Vye7dZ zw*C_|6LA5O2?Eg6IkC-k@9kb{X<}=Xx&6}aQ63}-1+|p2M5Rh+SrQ#SLr!jyaHQwh zg^r3I$4s@4d5QP}@a+_}Pq82&z{6S*Kg>i+&EIonCVCdQa~6t?Th(K?Jn}^?lZaG!K<{_oap$PICyT=O;5f#g68P!4-o@5pow;1Qr@vv0L?oi7|% z^Iu9vDK6UZe9LnHzaIC@BGrB3c#IxrjWg6!&pGUo{I)LMkW__FxW){YepQ<;{IJ0kLUuSd3*BEF6z&*dui~FSOs`bMk5lE}en>S(&*v*?ae?=f5!yC3hC;5~#7}dm7%1z!VcWPmfA&^?= z=5F#TN1zw<1|iQtYd505l#}vfqFE5 zYhLoUBunlgpCqd@4kpPqsp!WkNyd8;*F^(8>;Q9G-@bl7hQ&c9td(5>Zxqdv0;g34 zN2;J?U`w38*xd3$sbW-%$narH6i z6KGX_yt|{Ldt5>EWo3qU29S|bAUSbC`$Z|nrJ@Wi@UAkPmTTmiJ>fa>Cb!Nl8QFnG z_hp9K_-mSAwfaD0UgiO@%k{H{7O{eWgSWIv!O<7mNY*lO+EX98-orf=EfS`pQ63Dv z581>Ynz0cg9@MO7a6LkFIuj~DoQ2Zq+(WpG4K-5;q4n;b?A(3_*Fy&m>XDensU>Ti zom*Ni&Ou`e@3pLPhPn)$>)!4PySsMHPG`s3nzcXR$RBHJYm;bm`lfSKF4t&si}+t_ zoe?#!?>fxJwH=i6x7oPi%TuS2@aFYLq&SusHUYd13Hg~gzB<>#)rAzt;o~Bv-X#%( z7z&qh*9Py7lPc~wuXtPMC5!qw*Ka<3P)ly`XR+|Mh}Stz5d#BcXz@p8ww zL(7EhM?QMY__*)tLXtQn5+-{!8Y7eh#dvMsjw%R*i;#Kyx5u)9JnS2=+P;JwP{8tH z!mi?8I+> zeXV%}+=sY+>8}PYKUJJXB!cT5PGmBL z8dJmDN+qcHT*`lg=oYws-6z068-)&Asm>$fK!8NM2 zIe(iQaa@VKSsOCTBWbx0k;HFLy5{Aqw!B_}L7x`b-PfIA#J2K3ee~@D#OTrTJC(Oy zSKO+)Q}F_!m>inioeGm58#y!tUeSUCN}0dES|$h*s4P;0zTs89caGm}Pk4InzP(7# zR*UK&Mk|%t%E0-9My+>nyy|<^YlRnQlFh}uz#tz8J`4{?3QK~7&cg%4fh9#kC@Cnp zP&y!VmKG%kt{*Tss*~0D?Qq1-MVHq~*WQy%9D5~eq-z}Z{9G&HR1h$GgVsC;@i!xq zOa6jD{vkiv(i+qnczH?ClE4kX$Vaa-{Z{eih$Z3;zy=IP1f6?jk}vK0m1o~CaLP8X zbUWF*ZQouq4DSye)q%JORLm@?Bn>Z=W;3WTnn~(Wg2kOl8L>}Ejj0^CFkm?yWie$0 z`Af=$NIt(pej8EDRDYM5m?_g46xaEMb5iXw)Sey%j>tx#B;<6gYsc&YqdjiAp&^n& z^m0c@Ku`~Zcr~UFkZpRlot~R&FW>0+TTk!|mG0Ntvdkl>+tiv`SEp#f^(-Wie*T7k zwVCkh_L_NX<{equ=P>ig0Z_i&>>zI+^F-xHpW~Ltj(~M@qV~|4p+oB|CJ{CS;tD2n z6OsKNVv_3}b?L|)a;UM9eB`iq6u>XM)A9h)5bD;nak=4c#0Us#9u@b%iojm(!Q4n- zTRAQcHnY2_D)>fYjrVT$ekeDzFmv)@KB?-cjM*mZg|C-?P{!thZehi z2SHK9a3?buPuv+#7z{G-RBpsZ9`=AwV6T+TFCZ2bqlXY*34|3) z<_ZGgE8-B39ew%8Y_icfhkWD+JK9@OL8h1DiIqc>3(3LpC7KFiI3q}~-nK1n+N46@ z1IhA2cmW>i3j*)yEVYB*)j`a`(eY9Fos{tyT2@`gIezO_kAIohH8Y&O zZG2ldx*IGyGd}%b+0*``ljDXyd@hs-J=iBg?;hrAp zoa3{_S9MFK54@^nhR=)vtN{SlX5qiD|BhK3febQfq}@s)4M%Stw}5gc$0 z&6l(A?)?!JF0p!tLPi0Zik86ji#Q&sE#&`5UBH;VTW$7+YOu(7<^-S?tztct{Ij`F zaCKKG$+7#b=xl(iU*6Dp_t9dMM7t@X9SqOKg6w|dW<0(oJ+W#jn-NEm{lT)P?>0M1 ztlDFTVZ{ly>Q#9x@`r8*t~dA7DXwO@x~mddGFEC1Y@7ghgF|{uDpz3M3e-&#?;5p?bH8{=?4~8t18^q5F!3Ef;sDc)lh^Sa(JX46tJWBpX z10U%k!L-0!#K2s{z+1$C39)|uq=Gd;{aRwBVyV^??uk{6Cb3>xxu0yYNxZ@?)+3@O zjA;1|m<`-J?Rlv47g8#STE`ciDq0Up2yA>F$R}3$|JavJ#2{gE9#{s%&z0yO<$yra zzS}Z(vGOFv`X{(~*m9m-8`rlio{2)j8dCBQ;wiB5D0vi{$Kxn1)68NmP|u^Ic(PE@ z(T;@}H}57bCid_gkTVwju=R;VPV}m}Bt|fkvex0(?$b7mD?+QAK)2gl>?5h~8x*a%!Q`JQaCPrSlj*2c!v zFl;ScC8L=$`2vElXHh8{&wO((!;F`%61?>3^TsQ4-vYZr*Eei+Yw@s4F@N2}`aT-* z{{8AZ!bZc{?WbYor`BRWTiEM*B1+E^IcFA7WBJ<~7huhXl9-P*_{K(SO%_|*!fwLi+KL zA1Y@lPdrfqEDQir@e~^o2!^6x2ahe;|94IhVRSpRPuL8)5l(|$M(?Ayq2n_9<7V0j z@0+93K9yZ`5_}@SmQ`g&kuu9|8&b~vF6`pfa_)SQUSJgS#$mo7g$r+* z!wSr7@a8|j3b0@cc3=;V-~`U#0&u`6bSt%-zB2}D9=m^Xb=Kc3Nxs>crE5*Rb&hT3Zos8uVQ}H@_y^!Tsh2v?vpct= ztjWN0h}YginI`rdJt8)qeXeM&-B2As4+pDy<(4k``w~Hm8;RAtx=W(nHBh$iTYUSZ zi@wJ(A&NVrZjj!rvMQBjz#TgWBBZrH)P-Q2mS^v6ZDYTbQSZ)e9l-O7Tn;ODKh2^h z|5SW@EOBbS;WY6H*IO^qCHG)*hW7W$3M}a9RL>QzWw3Q3behouKiG^ojKN@l)V2z${~b@@D95{oGNGTg`eqazJZ0c6t z&l&ev&AiM$S9E7Av&ALUSLIajmH8UViW%L<4oThX7iQ*2p2(jO_XCkO>aVdGbSxtRMP>v-(+kC5sqh?e@MoNXC@2DDq-=Z``~ z$KUUj%vFA*QD_YQMQ1v3-;fy(-`C=furf zi1#-B;-`zbTMiqK-TNL=J=||;Y|7a_@sz@y#|@fHr%8{o(J7WVQ+L_2n8oNYAKa1r zrC@g?#{o}>MVh)<>KWfH$~d5sKcGtxphNcuIWZX^yCbzB4lob_hzYR-ye>CUA3Bx@Q0 z5fkq0UHtQ5Tdt+dX!Ttc+gQO&#WcuA13`{vzKlsz4s3T#_*@*K7-Lg)=o%fTcF8~t9?>#gi*pJEi5&;=>@KzL?k6g6` zZ%mj4=XrBVBy_K-@dQ%W0i(l`v?djgA@!X6#5eTlGweWkPMEN zLmV=vXh0XQ^l_?ioudT{h+zgvHDNm<`XHe(z$ml9CJ zP%)qA1ar6suFWEBZ)os&Knzl#bp5KeO~bX;z}Y6|Hkn^r#{z(CE|i=gj{2M(C4O&d zEAPfh<-F{k!uwOe0%S`yH0}*X9|r_M4VFvnY^oM(_Fn{k^Y-ar0J5t@=-?evAP=1` z5juE>6yk@56bH@rIx6-Cy?LPi_|`fwZ}C`0&y?EwFbXNKpEa-#soHDA`+zt$T!0-T z_E>}ao*xGPj1=10l z{=>fPXLY4F=LoOx5qI2+)yDlys@GZ{7za;R3-=uG5qGw~2roUC_8dOqPSnj+1Ef<1 zeER)gI7ISk*?Pe=O()A6eoOf0H1Ad|Q;)mzyhz;BvvNn#rDl$Z*boIafKToXY8Af$ z&W-!HPNM!4eWLfA*hQA;JyP2JFRi8rCqAbu+pLeovPc|*ca%df8%2h~6=abd&b!%j zyR+cdmrK+1OQ%$K^1P?H+q`cOGn@Iht~s8o*t2&?a;$ZAN4=xx2Cbsj6i-9aDD}-~ zUPJGwX`ykn`DXNxIYk#Vk+8Id$aInpNM{GZ}R|LtG+7`?Zn zUo;B$M}$4Vc%3`2xOERJ!I-(c*rCdE5EcWWxmx5@86w>B)=k|@W$%bqIDEesj#UW7 zrk3wlNn{*zw+NWv8HP^y?#N7NHW54FnicnoO8XzZPDRIlQJJG+jNA-H7COtO+zKh? z&FtyipV{5Pw-)WsWB?JtXkDl?r%0!eB1W#0@6*T3H%Mhr*&fwV)6|nTFIOhLMHn1+ zAm96$_2@>OnH}Nb48h&O^(Irg|FlV%tRyS~V#yy5b%g;SRYjQ&#Y=dFYwgNwn{q4F z*%jN&CrtcK_r7JxT|FDPcDrOnt^2-OnvqN?tk(AH-hOp~wZ>s-D8R|z1g?DKpvu!; zt}I!7xvC9UwJfdkN@c6Yks=}_k=LjbCPn}5{mjz4cQ$bTcGp%+$ezBi%M%4QKy7Wm z8Rh#@Yi*)NzIJ`HFh^bLQGGj-t67G%G%CuR7G3eoBkKN&ZRX>#>-;?1ESH zW9=9-a$Hq<5oJd?wY&F}(VSb!kj-kQl4{O@f{W^GqgJxuIB-jOpK+aM$U4X!ih`0C zB?7Y@(?08Yn=+29*Ev9XN4ORMX0<-fU*?+Yjk?(o%Y0L-4l#tKF-oT0M4+z}Pg|Y! zUeL~LKX{*1k92CM0P1jj`Tp|~8?B z^Xs?Oe98zy7&HJ1o(0yDTxj_B&)Yx0lK~|cPK|G#P;>0kF0mRMujJUfTGL;L-LH?f zKs>BQL>L6*q$`HqDy2$`e_fe&w|mrbXVYt!V}-Ja)oZkx7FIl-YVCGWOB0|<9+e{L zwPK=kVMlB-WE^Z73=Az+=(Aa`Cd*WS>jdbeL1d?Tx{WT#wavKkvU^u&onZ>(-}%s9 zcde_bvB-Egp4jr|?}{%(i+N@0vdVgeHdtesUYiUUbin=ILq(-OxPO*!u6S`O%5EJG zdUP@FbTbUx%@9ZEd~4fQaS{3GPxm<2#QVe5?#Hy?rl z$Zq_ODu&pq=5v>>RCm!T!%p|}CY;r`F;7=-=6$Pf)?Vs452coCB6iv=`eH+)9IGF$ zhF}3+t@=Nq9*xa2Hy3nwvQ^W%*8d+7AUn+g3$V|S>CVc2|W~9mpuk)oDgiHr5QeWPa~&+ia0S31w$!T?eDt%DK}qNRmiGZ--+!k(!oLre;cVa`oTz zg`M2L98|jM@NHD1Q#u?htrETH=!E`hK0qx_DlzBhtDJedlNgJa<9(LoJ9*uJid(2E zvC3u=uRh{gX#ux2>wCR9c!TVDLd&lb{{Wkq_cXSEMMk*uWclPSXV0fy`{Wp+6>m5> z+hMENF8;yjbT4J*%V}R;i65tKIiW^mixo=MJ>@M_;fYWA4)qU++@qS0J^`M(wkCRS zbX153SUakx-k$V~$`7a?nY-i9eij5Q}5T~@y_v+1uWxhn+C?6*0@qoDY>EeLjZ+q+qG(Qgd#(7&)wVZbnbX(QMUsyrLto?y|UyjCriak0^}_> zt3HX0mrK`u);6evm3#;|9F!54I1MaL7uvyh{c&C_V;ZM~+2@;-9WYKP+!hz|2jNsb zyDb%7$L@e4Eo&R*b=-L(sZ#93Wnh#TVqOTwh*N2Gcw zS5OdMZ6)Di2ffI?Aty)4UU`aG`Buv1$&srPi7yTx{3nfh6`^o3X+q%3;2DVI7MLA9h^*IVE;i2KoB$f3`)LH&3-!IEtwR&roR}L2qw;b)N&egSDGr>gsu?Ku zOP`Z2oL0p?O}QN2Iww!2Y>LY694v&6f{Ib(oA=^dU@2DiWpZ@eOLtO6FRIA&%y3PQ z(pDA_hl2g}?Rz9g$Kb}D2PRJ}Uf8@Z{Qpn!#l^!X;77=xNC2@wN-Am^S~|h>LKql@ z3KK3uq$ts1#EKIyL82tdpkUw-kWkPtuy8)~wQnu3!RLPTv&l9ZHRe@sd&i71nd38D zv(>iw#zGkmuwWUA&76n=k6_Tr7L#+f+a7ipcG~Au<0hPDrF_B>o`R%Oq&ea!M?SU6 z`*tJgupJRur!HH#l9*(}$x{8(d?#9}RhtDIu!JF*MOw(DJI{twW!ROi3QMzQu`zps zIhyC7BC1HV$eBy$y1=!IpkUy=>^}%dDCnkOy42;qcL^2_9sv;v83nbcXy_Q3T;3HTB6ClWv`u-Ae*l!UbBWaTBVK%x8; zloh9{D0RO9I;Einp>sOHm8(c!Ss@IJ{V!CQa1m7&S+yEfMTr(8R-AYV5+yY)S&GzZ z)s0q_$dZ9jr zc6Ykl-`(qe%RJ~&Pc-zf$7W~78r=rmHb$A+O%7y!*VO? zL(D;!SZkdghU(#XxfM3qte-3QJ=<=FodygVvdgd$qsHu}%5k-n`VZi!V;%2ACp*>Y z&UChOo$o>yjkh^Y?q}$FH@exaZg;1<{oTFp_n?P80?Yk~&GfA2z387__Nv#t>22@& zxA#8yNSU(;bKuK?EC;S!m?~E=A1ab02L(e81UVfa8pnWfzfJ%VCX{g@l{VJ-B+c@o ztm>xi`eF1_=H+*5+mG|QpZEI_NE8~tU~zcDx?+(ATWWI&5}87!(HTq@o5SVt1wzrx zBZ*WdS145=XKz!T-e5FgzGLk{q135EsW)ZpjWA!67eq-`R1K}S%643jsz?1pL_9sN zHT6alp+}uMb?TP>NR#PozF4l-o9%9YI1=`yb&rulsqw-yb*vMU|Rvn3nCho*#r!3?RaUGA^Xj z#yX#*SzeS?-LzdljMKcV+kTwa{k-2#kQ5CVmg5Cck`-0c4b!q6*Yk;dK@_9>0O?y* zloiDK0pG5!4|}VFqQ` zsH?2|EGokOpP-^9+TVRh4@oAK26akUGfJ=VCJO4y-#eqe$)ok}Lv||KfiQlfrUJ79 zlT*dI%%{N9EQVR8DGdOpIp|8yLDyw0iA>IZKt?`fR&cg=ea2C6dA4Hw08dj-KV#!V zCP0i8lS*Qh?u?VYa*2Fa@>Cm829&W%QmLsem1?B1E4KNiD`C`$2Bayia*)l`DNIe# z_l$&tY-70Q;u>R)3d^RHHP>95O4Q!g_UvgLuxTADA*t*sPANA(#(iYsdJG>jm=;bh zM_9-BTKVm?CmQTXgO!p}`C`4mDQn3GTU#K{*fT<`TY4#aG7?aUaiW&A(uDrtY~ z?vutHUhn)W`FkWp;*HuSWnKe6%v}^MQ9az}c)-b>I+_ZWSPShK>gbkDK#(l7?WV1` z-?1hCZCek_L#ClLv21~B5xF*@w2gLB6oRB|MrL;FW;N{d3k`MRY9-Ihok&)6q*H1H zT6IRgMp9dtyvfAomBOO&cv*gkF8;AXqBfMk@R!-V4_44&4*?=Vs$3BX^LVPn%;Q2T zZEUWL2ovUUskF&eh%k=}skE`VDiI-7t_Bbj$~-Ql(#Gcc2ouVMRNB~F9U#JlGA?Yc z0gzCgX#ymac|6e)%7xUKHWM#yx)AK;Q4a+`m{8_%A(b{ZcSm><07RHj=5ZlOl2xq2 z&SGYea>d)Guol@gLfQ3$J%XEi@|n$pmf|D9u%K`Q^|vDLu#f4=l>~LcFy&;-jX&m% z3#Y8cRpmx6n;|Bye1Cm^`zL&Vf2{j_lSV>Zbi8&#a3DA4&6G4@U&tJF5}cxc=ZpB7 z9%+WBD*7^#VpuVuGL|{N-@=%j*65_NS2{sE@zDf>(^+|pKHH#+GA?%kStrFaH1iTp zU31CXx6=#;YAZn*e=``nyf{)HLnk$!d$EY6Ia%7s4fsn4K_);`IgnngsbIj|qnPki zO6IDi)o$l?+C%D8m2<2({DNV*oRox^C1hFy(HaR1AO+#WOA-1Wn7lA$(eO*T5s6#C z&GOT7Dq_x)^`5#~{<<`ug>B##xTW*nrF0Vx<-kBnBid}i{7H}cVDrMuhkeg_z&*z^H;6_2Yzn*zoe692&}CL28rc0Jkd;Lb8Ubq*8zwyq0Ey) zX=8I;!h|x93#qiRxgJ1-3FSi1Ab7bx`iq-D5Me@@$Awhd*jx)B!h|x93#qiRxi&zA z31uD^QfXsz9e@ZE$~-Ql(#Gbx01+mXd0a@Pjm`A{63RS&rL7eqJCatUpke4ti!jS; zS9-3v2@<=O+=cCf^3atF5=3_Q%s8f7L$IzA(AMB|c)kryifGGlMs!PwVKWfSIJEh+D147Jzi5V~&k(nLR zC|2bQ49qa@NL%p(nbpzXag9wsxWLQuf8g}hudU{+=`};g|L`OSXWWrPC+@PVo@0Zn z0LRIP#G*$%;r~nK@7$ODVhSV-otc)RQq!491)ZrTJ3QF!-x;?#W8GPoW9Qsi$64pB zb?43+XRHvrtd1xpMPmz%iO$a<8puu=WmROAG!&5^Vu+v9zk4B~B*cUSh(N?iNRSwT z2qcJ?V8y(&6faewrDD{K8dO(ZJJWWZx82tL?r(qVO#bTkE#05A4&4caNo}*UW$rdb zL)X>fFdiZEJVJvK8Q|yEKO{<#76u4yAPOewy|=B`9Mth6Lb$s|V&8YP`}!oM>>0|Jl3!zc?#|vAIGV6TOJNx)uFC zeqQ_j@14j0gYJ?@8+!9eARUjn^SP=PVY-y5P!(!L0MApq#($1o*9u)NqLBrm6qjpx zu^+q3Pi=EKDzK}OK0q zw|O=&syW5zH)G)b)n&KsjJ^bpyoWD@{CcONng0hQLEgx&LqcL2+_J5MY;*>v7*DMJ z|2FOSFeaRnj``Xan|85!?_Fj{4{g3%TE4O6Z398$Sg07(lvH$tD>F3I~FPp+0XN$RFt_Z@RtE~}b z9lFlT5vI)9EfZz0K(tU`R)h{v0m%wkTjv;6E2~xAHxezY|NqaX+0M?Ne{bp18=`vL*uSPiY4U*R+>GpsE0PA3>m&(_)DXQZtL~UNGF7TgjsOh~627$!M z|E+5XvQ5aiWD|07){f`l4}ZGuXqPK!;owdyczrWdUdhQC=)YW zr-!x4^mT_i6POGFIuXPjro5dlV_MITHE(p-RyQahfg}+7zflAr86;=`;99hDWdq!s zmy~#*^x-ygA5i+LX^B7y4zM}DoAMRikFtaTQ7aCEfJ#2y8n{x_fnr>02Gw7*^b0fg zTS_W`AmaaB2@8)7c$3B709^Ysr}YkAih*w(oS(*IK1jutDMMn?An6)mRoBtf0!3D(<89gZ+{DsOQv$n3@g8KgLx;-SW zy6Q9K_YhRgdB^nP!TsCszkX!hp9sZ9ZHq#qSW%j&qNwtymZ*<}J{5W@^jg@#*&FRA zg6lIxOO;+IttkDb%n*AW;nd{sOSIPzi+iz z7n>thiUcv}tMb5yA2SlZepux6={;RvwZP~MI+l*4VfvS3E^ElL zsQmm&zRJ#B$cdAK(SQIr1#mmS(*SS#1+ZOH7a&Ap`yc^4Jgzx1Blhh+6R<_w(eZQ< zSvTsc(0Zg3CkE-okEol!f2VWVym{rW&nee#8~m3BBEUWucsk*tIBC+Imm@^9P{(kD zDU`2BkV`Tgm+7jgq#SV4K^2EDfmqo5c{$~B98R+-m*T^ZGX--_9&7Yu%HxWN4A9t? zk3BmMf?an_l{>24;^+ashyL?OXV10Q(PJZx_omUN8tahveQU9$zV-(~tpdraFCEMA=x*E1C$xWascoMGbDReFQUZ&bzD&3^iO9;IvL4_)!ms+n< zFQlJFZ_w&>n!QQ8x9Ie?y}gUrJ9HXc8Pf#MSqlafq+Rkx(h&?H{q}n7%Jhs;{8Sd$9^#P5P8 z00L715dAq|#{#Wx0x;qk0NJkrl9%;lY~m_`-F}-yU^`Ae^PMIs2z(Wq=30@Qi%7G{!w?H@@@FcPh2RNLII%B9-3ajeSf2e(&2?Vv ze`+r&3qps(wWHMb8Re<{+Y?WscIE`w zL92<9n@aTEY)MFj8762^O0J}mt(#2Lu&t#l46Vs!1FAf=O2(?x8lEkLoLdvH8UPJA z1MmAa4OMcfqgn)XAj!qVUD>bN&igBI{<@wNqr5t(X^Scx&Y!`r05{mAzkEM z+B7qLdqpHA*tVtX%5$J?R;M7cwK1YCI>hJaHs0d}Hoiy*h9dyg_wn~<=hM+qBnU~` zdV<>E09p&U_^HSzS=;BB!}27wm1*+2OJi9BpMsLM-5W*`rLJ452YD_$4>)kXAMLqn zF3T3fJoo9ac{X=@wMLf7(b3Y<&cbwhNg5z_7C47lg0zGQj(uA=n@e(uHP9ttlg63W zBh&UH*E3Pq0X+)b6p~rmN-ZG=90>14r}K=Nh--++&03321g;xJUX#x`@K!;Jc!osd zRta14ob}3@RG*;D!+Pt?dhVW>7Q))&)y7e)L3;(lLdDarjumP(7Gg+rPRus#Xv(_O zU4wmHZI+0`;$AAK8_|ATl{E@QO4TP0WY zKH~tLmmRxnRALf<*zSEzsJTR}$*pCMG~qI(kJ!%qA_mkKfJLMdDF8a!rS=)_O)%P= zua1(D=|Hu`VI96xXA%pr43jN5E8(;ar!q7?h5&>!VmTM}JVxr?relCAQXZ}sb-SHEKNRHNn`=dc11%*a(8zjB`RHR=ITL4T>(duF z-3)~!fVcQP+u3z6`yu<2+MTH(%hn^L96d12=sZGRNGi}b*V#Lx?snEJd&jncD!F8< zPP%xk0GCVQ2Dbs@O7YpdVRafcZU{Zz9W?MXaehk&A8S&)cVCoxfzwPp< z0s77p^#QxH)`yoP`D6JDrYDBWag-}RY^&w5aXJn+2<(hHC zb@~OI(*bBEJJF7cqUhJ)?hFmNfLfwFNsSHU5i)su-yu=KdJJ5K0zNs_rkrNA!b}9W z(=aj+x<`wt)ZoNr7~f5wT)24(N5yMeuv?;IU{b56j59iX!qk=3y3SG~R-9kF0WWnO zcC!ZIIfSt7wt8x}Gi@*byjyg&7`%2`E^hxVmIP^~;iCj|Y80*h(f`R5eY+3R7;iMQ z-`4(}gi5Smf^tdQGVPU(s*f41bfDpS#42FcOeXqu{_M zTrOlb@jIY{U)G%E_3ic!OW3lD4lI+Kd2oc#Cdh4!8>*%>>4Lc1Ubt-2JOeN!x1N-) zzI*OA(b^p&m?_O|C?IsWqmiTP6lmP*lojJP7PWYfvp@s1;Dda7O>su!yJ`DE|0Q@J z_Ju7><=!MWfK5BuA-i6KemO*s`?u8*J!^wy`#H(pdG;G8DrbERQq6a+u>;1mMpYI) zO08p=kUo6U-S}-Q^2Vekf$8Q!6S4I&tXdS_$5aVc;#i0KY2#nIcqB4+%N2mPE%M6_z3|1pvj2=Oh3FkI43yOkluH#5{gkArcgOgb}_Le-QX1G>=!?Er<)idkko|`e zr%oD2!~~1kN(_;ivYj}82`#t$aGw2ncF3VCZlhRD1f^nH8!<}|I9ma0k1LZPPzkq3 zsFxaA%Y!rC)h2QL`YpELW?&3VSG?wF=l#X!aS7KdK({1ak62F1ZzxM%_^ zM684g$^KHbu8X}RbZG}YHHy=L#Q?x+uN<>&*4>1T z8Vc)gvKwWc-mJtua1Kln>`U@OTGH-)mRtVUK*a&VCG>-38$cP)RAOWsr4wUqKw?9C z!<2B$70?Pup)PtoECdD?9Ao`uSzw^71B&v5aECTdQzcn_-?^?N7gRvD&7Bx1Vt$;P ztEvq^GLtdN975UA>dH%GlVO+|WA^`~03P)o?knk6>a0@-Y^%=pd<@^iml8x_(QL zg>H;$-S`VGr$JUo8>iM3O3{0O^tMyDgVtu=`UGi5`j-<5dW6c_TDa@&PaOANVsh^d zZu*bnO!Tc;V|#HK0Fl)><}#*%UubKi-NCDyeQ0yzJABt?+};1X>kBf43Vf-6SB^e~ zyWM=Cab#(&j@(*pDFLO0^+_fhrOJPnKTdzS zCfVPDA1Cl(BEjzI&Gh05RPdV!Jl)qYAt3MJn8m8sk`EbV?C%7?N(G=0CWvClPgd%& z83^QYq6+xH7P(bn#Ua8n#;Ggve?;A*|GOt%)1uJ$(cMVjbS^3Dt2PPuvFMt6}F zJm=r}Qd7wU8wGM438;We0Qx`!I5oksA^9h2g_U;Ux@wlgsX`MgMp#lCVWQ|IlBE%U zCt-k=VH%f&SPtzx3q*<1vVgT9SJSK0y65T zNR^}l2B-^yjm5PSYzcPE>!a@K#NuO0;n>g=zPwVJda}rF!&E)cI&F?Q415{`g(?kH z8*w64F9Agkqw8K{eu&@sO8(B-7&f^#&(`niLs!^!xbvd;idiq40U^X^+eUi}GmVm- z)We96#Uznw*dxzC-4z|&2b>lhHjs-mkXv@tyKh3UibH$%Pq zV08|BtuhUo*Qqx0(Nejqad1s>OT`8@&Cuo&36H|){$fUb<+NglW{T{@vJrO+cQA-b z><-w8T?FGvKE~EE-7{usQB4bIc_>PcdpdiY&Ngcfd3U2jy7A!dync)yS*iE%wgz0m z5o_vqmL?ox_3ONK-+tS=AcJClU<;-<-CcDdD0evPx_Rq#;@m`zV^uf1Ol&M)@`ht> zkwZtrOaAC&kJ6zpr(cQmo{E<}Er;;c4r zMz-UO;MSEr3uHO@djb;CwBcYuonMID;1qFV1)PX|Iy!DJ`MO~@cb&5~RK0fJn|CJe ztKgU=SxF1XnSZiC>qjrvag|5B>zcj$^T#*KU1@P26=cpYqopbGy0kz-Hq zL(M5?#*=l4XoBWvCl}7ICDadV@6Pbu#g$Hzk&6g%q=^1f0MTtph=Tsc`qvS2l5?k9 z@y^C~dkTMiQl%$`;Sh0@jnjUK8{PpT&SghBQfxhW7b+s6t$%)&E4(xJwOYzwc>ut-4pw{6JcZ@)3a`DRrxu zuJuuA18QVkGj=Sg>c(Wk=(_gkeA+CFt} zh~(_eFHF}QWbAJ(SlkKnTK`gnEt$(4LU<3^sdbd)ZRD6><+5_I$Whbz8E-j5(_1>m zPWB|xBe4qsFzp}LZSq*D&52VZau$#@>le3dStwN=?J)QUn)W_9QmAHnLljbWYIz(x zNC8WlbhX;93k8xuGUP;8NgnDuauR*#Myw%n_fjD{Eb;==zJe_BkNLsLwz3@597<*x zNS_+o@mm1q$Rs@j}SX!Xd} z0@D86={GU%Z3DOyT&?y^b7YXn5#=Sdvl?~+bgXTN18ET(s{7wh$Xt>#T{hfI9U#Po zCK7T>u(%_942@w-UVLl{5LtZfX=C1)A%?1Ru7`x$A#7)i!xqBgFtf!V=JCNWWZRYFH6 zH4WODD-LkRrT-qSj>|5CUVx*GZL}V%053#zAB?D^2w?&*h-6wiP2CBl1{ z^hC~>9Kdo`Fhx87e704HmQGwIgR4hMK!mE~Q~WcW0Lk)6E?G=Aygj$C3rvLpt(9N` zEVo%j1J!34=ZC-_pds-_+B=?=_nzRIs{rdFgtnUbe%2~``{(>*ezFfT!=9fKicTOL zOL(_>QZoAc28kM%hHZqcc0G)hFOxs=w#~#E!iohjtUt3iUFFShR=S)JDD$~EIUp#gKqjn-c@vL+Y0 zmTG*G4q6SWW36xcC{@!1(CASYX33P9KgVSOE`cYcs%BzPu(Z;rJ&4bn7pRcuM6&9@ zResDN_s*>`dG?+mysAxW1Uwmc-}D{ys)YT}KpzKvjMnaNo^1YFg(GL9lkWpsPxCx3 zKrX>+nMh%QSvn@=BW-NM!fS4%wCTA3L?<^m%T)33NPmeM9J}3E{)h2RSAER$aRgQ) z+W^WAv-^j?khWx&s?bGwpRyAe7~==%jGLo5Ih*-uoXD3hBw(x3DTNiQv~CZURsJ&ZQ!7$(5=-yXsCUUlpM(|>VZfY$JRH!J@` z$pS$F8gPY>HVJcjesdeUJ^#sZB=mr`4}Apwd1iY+TiMZ0uT3A=_LYXk({qQ%NuUbvqFNw1&eBAvIl+8gt|K`fh7iDk=WUXJfw5z)w^W0 zy*@{(r*ohy^)% zrf1DFd*u5ifdnN8%m-6#^fCBo?v(dWWs$7aG*LCXEbwoniC;>N!6RQb4?+yS#+e#& zHg$~s`V@on=Kq9T&ed`2?ejj#xOQ3+Fd*gayW*JT+E>BnAFnxyJ8AdRx0p`~icKGI zN1;@^j0n>qRPa3QR=DcN2(H$?Logb%(O8W}T+kWV1YbaTRcqYuxB9CKs<*Vpg&Oqe zmEP*hFz=Sm9VA^=sbQ`<_$HfJV?*OOHrJ&c~*R3 zsUfW7)?jaG6tYjCGrl?-{!t#_)PpX7CE>|3=nijr)M9P!Re$J-W}f%BEgCu?e_Rba zsDaGSuR{h~Z{R(955b5wS!f`!2R|Mc64eJ-Io66c% zJ>~bp#or9bthMmd_J*5RgU(9pDd9Z~XCsOv(IerJg-MuY z{#Y6hlqSr?I-0}Vg$`RB@<$i8?)s*`0=}hxZA%jq4ve;*i%~f%u4hGtwD4kxmzb*G zkwSy(icITW>f+|VvN8v}!M_oFxUV?!bD)(efsO~q`k?c@Ey6yAFd;bQ1J#1W!f#)= zPz6PStm+p_S6^QFCKe)`X}U3)DK1Hb4404!%Ut=UW%sQ9Je+rYfS!r^WBTP_E#gZ* zbblYFC`PJt!HC<{16RCT>4oYkAp2FK#a=D#-$jn$PKV@Ic0E~H5a4j@N<$=`)x4ry zMNAaKk-P>L8GZErdEW9LPQjK4O#podxyP6lMvXy9G!@$7r{c~3bbM<168(ke$Jkk4 zGS_|e0dI9L!QaUXoDS*r6xWiQZLHz-ui4A#hn=qcuOvh5Z?|eL5CC?X*qDp`w&C|E zG)T6rex29!%(7af$(uMeXUc)QK{q#5zoyOJz@~0xqxuOS$fM=0-wBW=Jipv+l`-;k zltI;J{Ggu21$-w}E6ROFtc_U}#>{Kixzl;pJiMq>@-b=1ZjTXpl0D^D{tX(EOMzvf z!C#wFcsLymcbpjyA3YWbL4xEZqVW+7fy3<6r5ANmWzpRvV+gpK^O3Gj-o=Hw$56+= zn7ds+iVoCbTDeL~6|#fW^5vJ3`8d>&Bp+E~q7BZ;;hXN(@g>7$oTul6)wfa&fb{8n zUuEloDIVja8}v{E+2H{7@%@4D5y*xaA=UJ&o(^&^7M&(OB(p4A8>xf!4PCxSWXZM> zoJiMM1NP|9MImV9ThHpFO+!GkS5XL7j_jcmF9evVKa}urJktHz$m-xQXqUh4$RqPb zRO|!=wa}$G!V$cGYKrsgO}R1COQ|U~T8v%n5|xY@0vN*|0s%9*Be9eMkt_Ll%3yx; zq-HY-YDhOfO{2N7I7J;_K?}&g^OI(t{lg+Y-Eo?L=S#O?G6!C(k|!-OkWG`2;HTK% z+TP8wSbZjOKiMa}lUuW5>;k4*JaNytAMGzO2{T{G6M2djS(&@o=8^v9+b$&Rfo`N4 z*8_SKs)=rxYQUC95q7B_56yx})~tq{5yLH%?gTpPd&zgHRM52UrpDxx%VA;vVWJ#4=NH4et9P8bgk zK&&odU!eRI&T$XRZ&)niG`cqysvsjJ{=2nsC{}(&#jLkt68=Y|X=tv(W_{`9mxb>Y zNtCI>ChJLeTVj1Q`gI1LtZc%XgU|Vn( zs^Rd#)iI0vyG(PXN2vfml+>BF*n(d!>ZzMxK(@i2S#(8&c*qwmeSoeP7G3tPD7I&t zdxb(CfGqqxMi;f#686_1;UW~B=u0D$*6vTexrnDT)IzOf&aM`-En`(luM05zKm|$5 zFfYQQ#Q5rK;PnWE%Okc?a^8CPL}4Z`lOfVr+SmlwJ*o7tdHG>@f_mK5i-T#K}di-V9B-It^p8KRG6Xlh=|F>Ncz2LpYZ11d z5BuiHt5)a=hefd)3cE?@RY#Ews&H&yRs!EU&)zr#F?|Ow)^snmDj9f|!Wqbe{;K~> zSiDzl9zy^`TE?a00MxTC41maK0aXy28wIqS9IfTrpO1)M4!Ut$DD38;N1%8hk6RIT zMd=_xnN?OJ*IDPC@(WH|)W|zFf1>E5x1D7uvm|nmWM zIMItHVq)Mc|M(Jsi>|1rdYc06F^8GIgOcqrj$1{KiAd(O=@z2k>9n5psymv788aZc z1eOo323q6ovy+dQsE%m?`nlhz`b_Lm`W-1jd==*O9#43NPl5IoLJeozVPemqkn&{5 z=2r~zY#{8C+3=xKD6GG&#Ow!+36)#A{O%0d1t^|$lA47jpA+F;u0#z;5CynjMuhS~ zIg`<06(tupzITYFaGX-bB0Qh|5%H$kb1b6-(*)fif#*foU$IiNN52*}2HqU~O=Ba? zAkt;%oun_x-j`lQ?#;!ITO+Nke7^JpqIY!AQKl-C$Kn)-M7UcA;Rgs)$C7nF^aZ4Z z-D{ms^UHBAyLDDWhoG_&lA}uII58ExJ|eGT0|`VBEsqG%)5hHJ^VR*~Tr1?VOJepi zeXB>;#|_TQ6v@h_f-=c(uW_u@%OXQxF;k)T8!1mS#acS#-D75*rEbXf8<7Q0&h{OxphOS#b?u9Ev|Q!b&GHi7 z-zlo<8EK&kB6sGuMsZhDKhZ%{=3A(iK41lq(yOKtO!ae&uprPPil6vg>Ma7eO!ljQ zucvV~L!XzXe*400wLTj{*qZld5*{4nF~x*2Ol!3dJZi45{}20@KKins>?>PxH;VV@ zAqV8FzU0oUzTER0X}Hi#3{ASbY&wVoCL>zEn3*!P_UOW`;0yts8GYz(9yZMA-`y@} z_rJ&&X$}oBh~`z~@!jFWMhQZx!i&7Wyirc=fHKI%NLkLAlv{R~hLlZn-K-6^w8BNC z3PAV~c4n>OLP2QHn9oKlwdUEI%e@20(Aj8HKgc5z4LLvtK7KU9-7@JhxA@DW zmx`ahY_ic~pn>L3x@x2P3HrvvvxIZhP7(8hgY)!l=oYp;b&&J6PgGn$|C>t=y*yNF zNL+jl;Tx*FZvBiz-T;z&_D+C%37(sDi zpv%khdI%%Q3Vq!BV`KPpaQeTO=YCf4x#j<2|1buCe=4ao&B;(17y%>Yp zzkc^ z1rVX&e_xf@^(}VE_3N#%Dgf17I)#MWx{n>}(&ETdAKiSTK$n?`&hL_K^RJt-*3ehDW?T9O(%$3w>mdKDYP5D`oS5B#}f$M5SkhL9)dvGs8}?XRzvxx z&_n>Ukx7py4Nj9C2O3_}B|SrpDykN!aSbKooM}Mo2Gi01}ZM> z0Dh!c)kHT)&;2FXfFnm25HWQVJgB_7Yw=1M3p4>>_Oe?3h%rk7AZ}3Zk$aHKT3ItbsCk(Dc)8I5&YJrRqn~Ozuep1#>6{ zrxETkt@m=O0NEe)dm@;}Jmx)U>vpwuAK!zyKX1x4Zwk;w6h>W1{LTP>#D_Q*z9S)KO`9sg+M~v! zgR&2`^-KS|DKm6);Ogb*$Gpb{UjU6Gq5Kp;GX(@Lcfgyur3WcyW&dwH?3!wzs%pVVh zE{>zbQ#HeAI(MRo*(n5SM+Nb|9Sm74$tQ^uT=FaKRH4vR(v+rOx~w?~grBet7n}H5 zUN1Ut4*%rgc)(4K>AK0KO>2~X{tn-ene37WawN05xZ;jd+a~8{}QmTHu{JvDfQBg&6 zOGeJ&Bkf8Af>3O_)F+>7B{0U0w8A5z@_}YY)5XJWDtI!I7%x74kSAk`KwaL+yc>d> zu})rz?1Hta% z{#Lv6%~uHmKW--PN+^cs&6o){$+n`EQNoNSPX212m-jSG zSy-hM0>*4i$Zjkp=Tib=&WNw!fJ@Pt(}Y{^o>MBPug^=yAQ?(i&(+aPEd<^tHOR3~ zkP78FeX<_jo?i!Z;A~E&JJVHho}vXOE0O}vbSoiFAsJ7@%~-F3Ev@wDql6+*0U8II zvCfmz(a%REnSc(Sk6)8)d@RMHFL)H6WdpHABlhQ5%}G2 zpX?MjEvrmC8BC9T|LQo{Izn-(VGMA&Lv_iI4l)MsaE^d~=Ed%Sgk=T4!G*?VrG&M5 z97q8N)qkPMMg2I=4A?~m6a4e(qae(`+`?nzlLT)9^D2sEW4$G-NtcI0QMj)7<)#Bl z7%ZE`8K>3E>QqJhn44YJ$AtW*ckF1FkJS&6_v`?&FK^nW>X*)81J*rk|29-|o{^jU>AHUbn?Qd$+q0l&&{mx+As+i(~)HyI4txtJyGNYX3 z9fbADJz4p!pHHi`-YZFP!wuH^#|Ed_X$3&ytx#F z_zlA!VtkE_B^l73P$fdZoU|7!K{Z(D8#I@s6<*y-QBk&+cOrDykvP#<-JH%;cfc?| zE=zOC2s2}ci=v}nsrE5kY^G-|)9-+kjN+>&I!%D<1;UOKXF2=N5$Jn#n%bJicn~D& z=zyyIXAT<#T5yay*WY_AwdpWuoXfuWOkPe`l0a+T zmP1_%1oEIIq#-wSq)A>1ZH3v$Ifu&*+4x7uIwBH(T&0Zn-l?o=E|>!?N<1sv`uVhK z+uf1`cU*71zdZy-Vls<2=NW&U{nOb2)t4@eQ8F>%0(x1QT+pqHsg1J%xm3aX=u`9* zfhV7JzuHy7Eg;GZdrr)DAH{LlHq(^B%nHb^=ACE?x`9s1Lvnws6q^q+l&j6cWS{Xy|&#Ox{dbg)R4uS<=%suQuhX&m4`u(XFn*w{uYGS{0 zCwJ|oA6Kqm5?^0gISW4eqxoh$vmL(wy*zZu03mvRBXtg3uq*(9Wgv7kioElNU9Ucr z*P+1wJF`(hoUy%);6={8^;iD=vLUa18*`J~`c!YjpVN!`{!iX6id|B@DXesBRK5*2 zDKJWQbAN$;$-X(guT)tuJQRzAJm)sxn8lg!V~%tzvyijIb5n3#1VwSriP^3LL=Jb< z1Rr#lLv{^kzA49z4VE|lAgAKJ8%L$?xVg8#|4?=T!ay>ED_7y#JD7xhq;K+2Rz89vnHk1U zMf!l#5Ol7hSC_$dEd^Q|xt|XP48)Wj095p2ekg9w2c;LP*%5AFj$8XHXOW1qU0ib_ zpCRYSmF#rMDVsz9<~d_}$~S-EPmseY1(&;wCnSf}Cr;lIC`xKrE4oHa2007*+qF0Z z{9+oG@7$|_vsCosyUKY1?sax4W62#hBw^mXi|M;{ZFkEOs4Nj4OqZ{(tQ6PN9Q5Au z@#hNJk+aAu3d2gGBy^Vw809TxAa!RrHJA76UqMzy6}z*BIAfd5yg=kv*jvI_$smOM zyYBQ*2mvsNly$7{?kS5l>IIx%H)3h1X#jFgz zp7IiIJCsQWKyl!lbl6o$Gj0g7pY-g3)fWKpOsn?$)+lKZ1dWP6ImG3yM5GAS)s+AJ zeuV-{(3nljpD!PQ1k`as?d-={C#4QxD4Zs7-_BGvz~DjVGqI+CHoE%REXvb^7N`ks z;Os90FGyy?iHZy+tN#Y^Hgyhe!rMPHDl2CtJ+`rY@fDJt*RpiBbsWc~9@_(o!GSQC zIWE=N7I0c^s3!_0IwqY0;O;4Em+4u7gZj~v+!^Zl@?*mx$U)7ubp8qBVc~Y<>Ml@y z?Ea}PqSsH_-*R?5zT8P6eWA1j1j~-zZWmkGHtbZzJB}ZB#;cgKOvPa5eMP84^{-Kv zn)ivf=iVqfrUBZdW<@Swl@EI`LSv!@t}o!&fb*PoSH1^fMLS^9116g@w-mM^eAt;( zw!EZ078HYtRwTvD$04Zp?>|xsUTMzKu^<_iaNVdf<02X3xt3LO+VMxW)_#r@FJ#NO>B#|QTBXokcj_@)+j5?v$L5|W8VJQbif2i1u&eA-Aubar#+06+C%vsa zS+btI^9GofwLQOf#M#yP?=pQgnvM|}t%MyLO$1N}Cmn7ZY!@8HYtI85q%T}PzdZ?q zP@dvwHB*{DY%3ZcuPk4|^$1u4c#cWDEhXS=h~%GLp=j?kW-ngSCIg|RL^|1qlUb%g zl+4m+V;V4(Kn*-^gRNvMe;-a~UaRq!XS<}kD>KB|T3rAu)$|GZZJY^q&RDm^72O72w+SZ5}I1<16| z>2x|nv-oVBB=)oxoJ3xeHy18vh*Z5x?BVCffw}VqM$KF1++<#|<$^}0k*7Vx7>PoH zN_>mR(y(^acOd!5`A`O$fdnt&^jKl+2`zFWv@*X20s*Xky2td5<&NHG`{q`in_ey9 zfYmAgr9p05Z6~Rus6)N4y1G3DgATa7ZdAZ&Z7DU?wPer+Tj#_APIoPRx?kWP{Y#Fe z+y(ZG42)3ME#SMxln>?bnC0;&*KHVu*?;b8DuKDw=p7!`8PPCSp4`VOoV1EzCOl__ zlVP)P4_0IHt*dDD`aU+1xl=Z&8qhhFX2ZnhHu)!9AK6s9tfHjNm@~PoJ#i`DJL%RV zIaN-3kxFTRt7S$pU1nTQ7lw+ID&zJlxdl&`Tk;t~5Oz##?Ku1Rzp#pudF{&ryahNJ zOGb52z#mLXuDo`@$O0&+67Rhe)GP)M#Z^{e1)`H$a3Z{-um(oVVf52oru&kJu^bL} zRc8x!4ltLdXprj&SChf>XKJy>T92p zKdtR<{=Fc@@y$?7|EFO^MHlHCm3jWMYHm`vj#stX%q`vZoVIs6d-b<(3z~cXN@yRR z3IPvOF&IU}^A+i7-v)J53P!(gZ##!Q3I*15~NVaSI?lXsZD2hqJtWe7`8z~$pPRtFI$$ndvy-szW%G32&7s2Tebq_kmB3!b+^lq0AZT1z`1Jv% zXuG#J$Oi6<-RNxp|bAwo3BEna#@(3r(Ht;-FqY10ajtJ3c*%V>UBB1kY z`d!Jl>KPSx$qG)A>szUkqUrJ9ZBrK7H0Vm-_?)MI+1#b1YOyk+5jCy`6>DR|A1MY1 zPPA^6mIr1SJF6V}y+qb;(^}DI=OYT)ex82Y?7p`*9P8 z?MU&wKCga8DcZP5EK2Uft}A9GJo94{)=>mDy_vtUm!sySZYdQ5#ye#H;5H=fXLry4gp0FZ|2dZm0_g@zkvKV6 z{;g&k0?WGX48= zhs;070f77~4=*q(k2h-}+W*y>;2{4t6Xa|hm&tyd^G{q@iA}oGpK3l*oj;ZWqGr_rPuL!IF(8pI-&rZ;c0(`jHMkCGX_r>@=G%oGw9lmVqXJbv_J9zQvm1tKpe z6Un$)u@9GvRa*zs=Iye|k$(WzE(4SY$)C>QGFxzPde)conF$bZ07l@CSsA~a)JCE{ zB(%Vw1R1QodR3QO+Sslmpm%vpNd~0*CLuV(EWa>YO{`w?eRyfi(hw{9-12G{{pj^W zKlx+t*ru62qf-(kzWA&n6Brt{V(3CD+BoUPWg+m{duf^FLhl!&{=_- zCEljanzF#psD4Lpyy^Ll*g-^{|JOGptVabfB{FXmO?HdKlgsVYrF{ZUXIUI_X;Bq5?-`y(njf<$7Kzzw5WghXrRwQ6SDGwfq7a2>XAda z$&iKYIzf^U$1?z}CU-|0X>UfvU`ngaHlH+-A~dLVolEwu(D_iQA4*gZHSuTlKn=Jp z(1cK6v%LRoRYPjLdMOME;Y@H9wsaPMdgpI-*r=PQRc_p)y?KGUgcfQVJBIW8*}|t@>c2%J^Gk_&6HB{c zHHz|zuzm(VG>?2nvf;DS>R;ZK{Q5QOZM0C^H23CEz$aK>ssG-^b3jm@dW#}_rLQB6 z-c~+GpynR*MCM{8`jo$${PHGU7uu$K&`l&pHrB>tuKg0KF} z0o!TapX(pSQ47|uDqYD2(pE|&x=fXA-BYVsv<}ACj>ZTivjD|U?Cj_$qza)1p2`4I zKpS@-Q6+Xf!nIckpVDLKKM4e;IRI&331=IGJkhVgV*put=194L03_-?-xuXSHudlC z7M@IEly_UvSu5JlEFYANdv_oK{aXLGf$7)-=Kj|rnpIk9Rc@VVlmJq`#rHicVJ!v2 zBgtcre4B}KqUI!Xe+|CzVStFgaidS+t;?n@%l9&KW2}C#(;6M0x(><1n;wGSPoyiu zjCN0ERS9c8O6?Ih+65+{N5V9S;w5(R%=s&=TfdjyeuG(g3J{5WI?X?me%GLe07pQ$ zzlaiWK&v~!+5bT8Jgat=14l&AC>h=E2q6E1RO~(U8%-DxE>3lPNng&S<}{DHaRoVP z4BIjur#?hCGjQr;wFQg!ZCU!p%>G<2^6XS^^A(C$iZqv>y?R%!-2#kO&%CyEBNc-> za(W+F5Su&}lLog3E-4=vH+fC=`KphQXk+R>^p3*y;L6yb1E7Xuk>?O4B{ZQm** z4e;TB<Av%o1q+9Lsudj-Tz%$u`d%6jEZze}k zKyJ|>lg2iFKMf7y{IR@TnWPkawu1t;G=%8~e0V$e8rEevXg;Y9 znDqDT$`3Glkp~DAQ_<8=SM~3ot?Ho+j7Zli>eZ#^K>-|6fAxd894|fxHj-)9#UMuu6#|O z{*PJ6j{qzK@eC*Mi5EX7(?13pU?$7F@n3CX|~9L0JO}Gez<0fbeu{EEOa# zUBKD0xi((ivw{ikbvj`RfVMP87$K?}%2V)-DG?eYS*Vo}egG>&6Z@ z(}m`!dV9qvh;bTaS$VvEQGtKLh(vr}xs~0jQ`LiA1BL9KdhP&5;1k2%cP$Z9%Le)& ztFM7)6Xk>1WI}5FC0Pq@gAXpO-nM)HCSwjd#q3@_*M?D|lqc@x?^USkfY{IT6h_^^ zt8i-d4Gp18)Uzcgd28ovXbqe7#p!22k*3IF1YG1d?to72x0X-cO9=D!MYO}m9EFa; z#v4+-OmF%K7;t@tNO5XBDamJ+y<2jV6FLv&u10rk##tRaHUqKA3$0aCA0&qPCF{H& z{d8OBUt41ZsCT}|*$e2ROXF<&xR`JSh zu4dbj&%GrU#Tc`G@jwX68tuk#`h)e0`*To?v7RUffX7S4^Zm;6BR@nhJsxfqO}I8Y zTY+#?s?Qv(WwpR{fD|$nE*K>*R?3fr3r0ZN(**v=jYI!xg-lIZW@hSD8%3d0L-%%= zf)OF^P)-F!2RrDcKPbLK>B$1R8!3x9Tr0UJJ9dus^PoMw_a`Xdq0veoD9%uN zytobPZ1D;GPumv*C-W37AEWh-6J~ChH@7}Juh=oxCy>54nTfNj7x<3KLZ?zSu7EbPr0i1lPUP?W>s_j#3J}8bb?)ZV9RnaP`zo z%Xw?1KI`H7Rcf0*GlS5HTL8d0F z1B53BMZywzmP2jE0n!^(5_l zLCdarmo~f&+CnrNSn|fK3>H%}Ux_*k?Th-Jlq(Bqtv8$uFkPixr;s;&WE}L`MDKI_ zdfoEOWS4mED?JkrFIf8WBQ{*sBYZtod)AAW9|ajH%`UEe#~abKXmdV{p}by0RN1Ud zk6~7CSsK<@c$J!Un7DecDvD7ze_2>(9SYXE2FaSiw9;IPf9Q z;>OssBfP`E@@awrws;?V@R+T1)>gWhGgyR=-p9xL?E@dm+Dfo}gieN*z(rfU0_+$; zK5T6T&b_may}meBSI=ZTYuYx{!MT)(us)DTEsd> z4F@~|cxBPF>l4#?D#rmf;fFknF@ylGC_dxF7^ib7>|6jH1A^R#gVQu0KAk=9xSiq6u*7kc2!#?N9tMb zTCVecNrb(S@b#gW1C$FC`kTb-OW$p0DZIl~%AH1Kb;34b*}2<{B=71PC6cMq%-55; zjZtg?Z)wBw_*9nENsGdS@Fs?4-UEVZQcYgcfhZ?iw>G`(FkZ=-PnoDZG@W?TeOvGt zSaoU3_Klmj|0LTsd8p>0Y)99H$_?B0{&lf(M4hi;7`Ja%C|Z z%&K72Ra|Lo8>|4tVt&9z;*L4BkBX>bsD-B;Sym#&v?EEN6k2CR_#_S-C)3FEv}RJ| zCQ~(lL90nU-o%hX>HvNqOC&{y+j62D|ny?8IJVUbDQTX4bL>BvTNaCxtP+jVbus(S>s(#9*g`@q{lEt;D zl4f0A6qMm1We+YJK6bO*98nV*U6pAqdGl&Nk0=pepR{3yQD#cAbFv1Uh2Lx@vOx#P zk?t_YH%391pi@r9NLSZAiWW-XOd>^1sMPDRx)k50Q+r3gAN5FnHliwghy1xMYrW{c zZ)vEcL~Fn6jH8ZY8ZIw>1(P3trd7vV-zGy}Nj=G71h~L?e)MCW6cB&Sm7PkY$*1uJ zIGyfzKya^TE`kGK@n${sJ9!i!txv8YpQCC3QTz1)ib;eF3_2tmg^uCj1FmIdXO2Zg zpcfd;-4%v%3^-2JilFAE=bE98;gNItKj{XtfyGMjg5s0|r?gcdDdG#`IM>xHPSrA9 zhFY2I`&!~{%_82t*3=LL0~q-H;pJlf!7VXE}ann5@Nx36iTkUePr=$VlP zL4}d*sW19=;-~<}uJUwIWQy-Q))MbMyD&f06ot*vqi7^04 z!kyS*j@L#`*d^L(PU}#_0W@_n(*MfrpRpXj!mktqi58)ZH@dR zkID$1T;WOJiEGA=qvfQ#iqc4N^1tLa_F&LGpq_>DL$k7S;vOEX6HUTG!Zj+d?SLaO z&De1clI`&@4Vtgi?M3J1@0G>W3N4pvhf(`39h#b&1qEFntJ+Jh{KPdEwW>y*bg|?h zWZ%no$Ir|9%+we>J_e0Vyz0O)Vd>`8o@?i!%RpKqg*5re1fBs-kQ@BqntUAooHA(& z4SZt%c24GDYPIi)q^^N0_JD3KI}-VA+@!ExpPnv+M0P@#tR}B6s=xsNsJI`$@E&q) zc;IVVjU>v?koYNl!aP>o1Fj>ds^Yuv7Ck5?coSssTRs_4Ws_Y3oEDLjZ%rZhhGzn} zqMz(K)*Uje`9n5LUeO3|TH+U)JHFM{EjwV$nfGwE=Uf|~Z(GON*7O|n0}ts1F$;)< zvcSk72LDyHtoffgJ6cQDy=QQt7q1}j-kbLm>J1Nn{-r2K25a%EN}a_$)Typ|$AHUN zYIjcB5s%3%9DdG{MN+6Y5`)Oh zQ@?<9s0siJ@2il99x{M6+MQjUojcBG5~sMYmxIow`X<~d zVne7Ju)afxFD{PiNRvVq>`?UIiZrRWs@A{>sfS*AgG5{A${2`Y3;@#(DzFe1P5G`J`a{S<{dU2p%lJnPLa4q(*z?IKCZZu=kbN%HKA2 zsv9;vIvl;Xu7bts9A7!6?7?S!jd$Yl;i%oqs=4(CkQ*hL;mlC!Yc~rz1N0s{bma)y zKhuN&YKe>K5jD43K59#DZ5OBhCyp3*00*!`Q_i!^D_x>|JE)zRoNGW*e-d3Pd!x$IylVK;3)TXt7zt3yzF+)a~H)d zH^#CYReJ9cNjO4~imYw1!mp&>sREmzRQB$2#p~K^;L?^Fr(!j*Z-LxvKgy*? z!>uA-UkuIGRBE?f9-3_xNxU*MTMNVka;_xziWP3bMrA;X=1)qcRx# z{s4hiEf26h|5+d#0MAZurpL&?-{r^zL|;8M11$O<@T+HwNzqTxM+K{az2AHHO>PFP zPktwH-UyCDzzF=_4JIXAXT85P?rox*McEs2LZv%)9-BhtQK`61K2Ka*)D657E%W>H z=RhMOu-^%`>-&rf%mt=V;MF}Catcon347hHI$utPdK&P*qt1w-A2;~k?@bU-Y7x<1 zkzf5MVcH+Tht#x~SNw&2G2Q1(B|az`r29n?8K5E?@XCK58W?(~v})#&oC-_WXj%C` zZQRwCmMAiH4xn&RRa!!ai3T{ZLG#0RY8`<|@^1%QA5lZ6CJ+xRD>PbHetp7nn=g7^ zIONcX-`%j^ez7UAhpZ-!XFOCGT{!&z7x|G4{>UWK@z5?N7%3hpG5Xyl*%{2XlaPxV zLH;bszX1=LjoVgqs!*W1YbV)H!HMi9aDx8E2e+eS4G3^b6- zDFcBR`?CMwkNzOi>GNZNfTQPXYiAh&M)$nMRnhh2>}TY%`F~SW)r|`hAP{W+suS_w zO~m;X_)psq0O?8A_;}UR0$_-{5s2-a!fLwpf6hX_Ns!s5JN`>b`fe8TQ?dZ*Kb#VW zIHawd=*PT9N-PKH>^h^j>r5nBa7KZ0Ll2a>S5Vtv@CIOfc@}GXfwR35#oor-;&g~W z13E{ZII~9`d!`Lo+Hkg#iRieEvriFi$vk_G95{fv!%M8JPe9qliSmw+T=J%tRQFkY z?$onelD&3gIj4guu{BjS#JIZ+8n@zc zv!^V#w@@mLI}6Ye?!>xb+J?iuJ(+%d+cO&?+vjp&%5S+Q0?;(1&g=GSS(9G7oCcRN zV1JKXdCNyWANtQO006R%(hI)dGb6Ophp-Zc4qBAmQ)8IDJnWA(!ot%4?lG9i} z(^O9&tII;6MmHdC2yZm=Y(lFThN@*MmWr8jUPMY@;Ba(*G)hI&_x-!mV8VwYXw&^L z6*iE7#pAleNCuHf$!C70sn+f&#r`P}GTAI#u%qMkG1yWJTaijAtRQmc3r!7u8LIsU zTI3LX=B1f!7wF}KJV??G z1DRr^{L&?j&g*SdBjB|!{zIjg%k4`sE{^rr{?qu*vlF*M192|lxHTK_l^?6gnL4Vs zzEl!XDyci`<=p(9P+dY=(>RzS!p8f`d~~$2!i=G_}%LJ zT9oZ zcwnH%$bcN!s3Ls1T>?-5O1ltCClP152`<3H`upuR0ARV?xsJx023ZelQ+?~bVlRGlq!$~)p9 za~ZX7J&&}oAP9@aTz-?akF!~&ywoF1?iu_akVC(d`z3<7AH)FSPqwzUNd=9BCdp4i z51Q&a6K|-ipL}L(jtw1sD>}HZXKG)@1pl@j@j3rLl?v@7Q2};+xY)_zTspX6g!IkF zWaC^@avlnci!6F~#KSb@%4)X>hdqli0$gtD!1akKX9bgWDH6t^F75Hs5-#ri zpi4ub-WBitdfk(EIf`3duYp}sH5MeOBBPm7B;kaja0HO-=Rh0-EiQ5M%a^gp9c9;l zU1RWDkAzTB))od}U$BoiI7Z321iyWJ@ojfl>#A&gc4>Cl0D>1>cDq8O&zo|g_n9^7 zz>Z1a%==5tg^X(beA>9+*wKDH6Kau*LAN_6JNFgwT*CC1d=8cP{o1=Yt}y^=6#fXc z`sgQW&38)@+)#bn*)9E!5LCHo3#;0$Nz&5>&F7c(xc!jhOH|dcMQMAZ1`{e*neITO$V9w}&~@&4%Vx6{E%Ek|cQv#K@g(%LdjI`vj=X8#JOgjSvt zy*rCskiJbL7{C%`c+A>8KAz_eLt~lb$7w~e;uJv1lCApC=48O>{c7BxK9F{;AT!IG zU2+>;AoI}0EfQ%O`tC?Kl80Q%^?E&?%Im}&xeG0(>-pnDyBADI-BDv#(}e+77@;8w z@6!4B#&)SYX0YD7GL)5%Fc5j5xgXaCJm+`uhvNA|!PPlfj8c30^xPB{TuK&i7c9XO zoDE9hrDlX|)|3L0zilSEiD(d?*9Fz!c7HqM!46ehadBrX6bmV=2nyALbc!9Cg;7H^ zXWua-ZXS84gcjx&01Wa{S-BW?+pb6q*kVCYp$3AGmO5IB4Ruxb#$5hBIdQM|pkFu(xh z%_%o+2TIXCtNn4MqP6}*8y6L&gD@gD?yrA|jO_AQ+Rj~BlKVC=%c`m}Rns6E#H^_q z#n(FlNUs040TMC>ar9oK?#k`z;^-6`^Bq9EcQ1;`bgH9mRbC**%kkK= zFMiEHm!3hO#=0YlW-P=3Q|bWG(+m1x5YgY1PJpAbUx}1WNf^^ukOAwAKkb@YU=*s0 zN_$ct(vv4EA~9h{OOgr{$#bam90sq@&q5O9r{|(*?{F1cd(E`gXF|;2f>puEcrlmmB+V@_JW36AG zsd!QKw*+C|?;-kJxp#?}IXzPEKVNIDn7ek}TE|0ePh?9%-_yV|MuBXtw<#Y`&+iiq zI`RkO;9I?+=a|=QMD1|$WD|>XR7MFi{;wY-hE*C%JGm=MvQ+J_h>p?CL9Oy@s*K); ztO!)!UY5wqtBpav-6~g%Yzj2sOvL`pSN}r`oevnV{5q82?<#)3ae7GUN25A*s?6AbEl(EjwX$rB_u^^UvSeqbi)c%PIEWqQ-@l;Uw}8 zx+SDg?s!%Ufu37Qza|>X;XI0oJ9o`d)KkMR%);O_`}B{*ydo4825;p+pFrs(2MS;8mjO&d>M4&oQx-=}OY{en={QIMsa^zPCKy}bJ{hdvTAzn`a2kARuEZZ7iW=s1&P) zhuwpN&MBN6!x8kyG>*7S5yR#>7|~78|({brz-0TVvAOoXjPFpP4T(c^z5Vc{YWk{ z=l3`>UB%~#hO^KEHtyTAd!Ct&@DW47p6e7OCI(VmWW_z4ZA?T`%Hm-ks6lhcZGkcb zhcer6MRX~EZwnzu8jy;Xh4Fc~pgIEzacESXxSN(=QNgcX$gwB%?ws+@GT1TH9#dI| zDlID)=YO*lY(gLfnw9q&ty_j#1+@)d(@!{w+#Sco?2&bzxTndVT(3s)6hU}G4xLE% zVDDHdvdSe*yFAS`Qj-7-&YiNwW`Eh-N3XzP(D zbQ?~%8YL0KvG5a!BGv(@=SY2Nq8hMS`%gTatMUg#jL=9ZqnTC^&7d?VBuSi|IPn%R zeX%NBOl=9F9cH}J7q~&p7ITu$Aw@U@6Gza=uj=D^Vydhi79*DnJ=vb@f?KFuxvN}y zRu|TgC-OIJ_QFit^=Gv5N|qaHXuox6p)(huL#21=7E(h*<_4RpPfyQJ1}Oh0Ws&~g z;ptXZ#$@qkl zaWL%OQKa92TZLO{sQOp?)J)UYv(vgziT|Z9{=H6M-d@LqnXs@EygAAp9ca~5Q@?;O z7;|s(nK#R#Z@gT!U2Ohb^@*|Y13vo$5d0zOnEv)wtanFUoy&V?G>SIKo5K{=>u~xM zfRe!IhZ9%TnIO?fE~=_A@(VR;^(x3@`0?wWxUR5r&7aydZL+ZRR-1?RqiGI#$qgLG zV^U128N`cczzu8X%=udCB!L$l`JkZW?G|m#-bITdq|FZj?l7?V+Z0ARu8%&0x=p>J z86AV`i%42EYj`p4Lc=dFi%`)Bqb~Cmg+~4veYtNpGSDe4YP$kQl z2dI2dXa4aAZ6OO`BK#gCY~Hm98NII&;C>OBc73fa>w}joE)Ux}l2;iL<9krW^UQm@ z#2RY-<}NS-raAl6nCVVf3w*|L?7%v~s~7HIWGy}j+Qo4=KJyd-k0Tbgma}M+Gl7XF z>NqDAx8uH9lAh%zV7#qDi6;iy=CC+dXYwvL(Z<7Vgq_H~@aZN3=8NpY_d7vyUBUsa z%9!Y?5XRBf9p(}?{);b?@}&nfE9t8;!(eTb&GR-j(Be2y_aKiDeW1}GbF7oq8Oo+m z`eLZCCs(TKB1?;nX|wvNczII)?}ai`86dy`F)W6<8gTfw05w1F8=C{Yj9w+|1G3|S zLXHL8U-zN6EXsbVWfneTBW)#k`0XzU0lW75Ew1BeVHDF?_H=`*O~4u8-CnJGA0#`t zhGIIHU8TlZfradZ3jo;f@$Q%=KB7kCf=(hm=v)-Vjw0mdg)4hC7!2I)2Fg5|K7!`} zDE&VZC&{P)EO{X)USzy^cbU-Y|;qeW3HQ`sM|1_c2boBg2J#VKuI zLSXca2)9p@N%vZeC2@?}Suna{^28qAxltk3M$gNn+7rFHUD&%{( z(E&Qw_A6lRkbkzs97T)LBDw<7=TAfK4AKu~P!7&|pM>f$%kC1^BoVMMlmY00ZJ`R# zdGr`(gG8L>i_SOkY|Z4D%haebjPeo}urWLRd?HD{K-fER?-v8qn%Hd3C=)rwenG1` zRd?4o<@6d@tXdO6vIR#3oeCt_yG8MiaeLBcT<^q|{kiYgl5wpJ>Q+(%~ zA|BFF_f~WxoZ1ZewwRo^Jn)L~34y+;-)-E+kJ(OUASEe1TuZ$KN<&!f$4tAfUW}T} z0Ubnoz&RGhM&UB^!i7Cr460}YHn1f3X~O{>MU3q@o)tT43RsTXZ;Q8Eru^~Cet7R3 z&`1g+rH@82P)MA~MrqTb2n_LEGg;fV?oKvDCxSVY z@aQm-fA3Y2e|N0W5&EoDftLq1$qG# z#?l|2xr+f8XfhwDkP$COO(_89duFqTo}2kNzRk7HH-97MbLry6r|vruFsbHw3->uw zip;Cdy!aHGsJmX$v{ac#SvT^$0UiyL(aZx2zuR+~DU9gyFdlXYgZn(=o1AoT$`}1l zPBp!oT#Z9O5@I54HBAZ3q|mPL?5)HZ)B7G^Q2YHBx0{3XkBxeN{{rYlRg!}M^Dh3A=3V0q`6ADF0L)N$NOa?@#Q^0e* zp`LdvGfU51B)ruD6A?Vz=!$ha#YvNrUb+yO|H4%Xf5VtZ`Ux-PhZ^9#gpx)b13EX& z^=oqW_y4>T>Yboj{mulveQ1r)a-5<8DM|0(Y}#1%cXfOTJ~;Sxa^96w(61oC#k1p=#=x?MiyP)phXP zgcMVl@2H10cG_;;)~q#coHf|^>4nzZL?H$VR)alB_tB4Pg(lAIVvd>JML4FtDxvpltDM z&v+OvdA;xgq-J|h%w`_PGC2);VGHcEPVn3D;o*aa0WuT!#eS}!Yt$#>yvx4BXWpq^ z`Df*#nC9?L`1miNFv&8pagH|&Yw7s%T;r!)Z%nP_<6)x?ltACm`^mn#ITNHl6dw!T zaW84>!rrY%q960_bc}9?aqZG8aAna?=UG3y#yh@Tk6cV0o$MYR6JILc{-)S^QEdJ% z=b1lyk+j7UNawWn)pQ61)Dx~(cEBiBW}hKplDsu&baZ?T;<+zu4PVK7 zSEjg@vRSL!qPNw7Q?lYb=Iq2D`!m0$mrSR=l?qhGjOrk1@+`RNLH(zu@fDOOHG+jw z4e!56m4Y{|hq+$s)8`@-M);f$y4}<7dJLR|0Sq*#3tN|a@*SFcgi~=fx5t|--G|Li z4{raq&?)7mSG~P8!=%r}$kV#Gd$${SFcjeIh5%VC_+xuLuMvwls{Sup#&?T8%GyjW znKc4}g99{n=5C{E1Wn@XPJw!tRMO(RoI||zZXjko7o4IQGoAXdwO7GkhI!EuvE`;1 zMq;%xnB|?*`c3d?NcrdXW~w%T41N4>wXn5tA)n$7~rG z2$_$rhHFGw$vKK3c8~0w#KQ^!e{E9pwh?0J0|3+=*7nRJ1X~JpZ$9fNzLS47f9rK< zFI%LI>CCTXVt=DvKqmi_Fa+^9pJtIr6Vp+f&p?TP%&hQ)tJ@Kb7TE;0M9Cs(lRci- z{ldvI3j`6Er|-;4DM?FU56+b{F{R2hUe60Jlv~LVg}H`(gI1GzFKg(ypS20gZf|2t zO*>X6OH@nx=GfB+1pS3$*lk0=n0dZf-M0jk+fzk5ZdH5llKjNkXf>)F5YX$+yB5v3 z7okvxXVom-r)s|#+NvO-&)&V{0{857co&gT9PuC>=bxN!`Ivc*uY z>|C4(pT8DV2b-UGScob#pjo{is2izs?q8UOwWot$T+`v@g@@Lsrju9s$IiPSFBB|V zl${hso%Dy@w&?iu^(bNAJv}dmV-EglY#J3Tgy_X5Qo21p$+=jP$O*xHmZ{jBcb{U& z&c1tOfSy~#hSjmXuDmGs!F$S6?jhi`h1vH2Uz#6!n5(Ji(zTq($)SW(!cwSPth%s+ z4zJ3o2o_cFM?TxwU1Nc=L>JJj{-+h_v_ubr$Q|!qU4TXE%jG}Y`|QK(Mmhho$hzf# znz>Vtg55DWAA$6$OlsNu(*rvq@_rmNJ8v2bJ7BNm!LS zf#NG6B@Z-nc{O=1)k`s(FVbdP`JLL0(reuL>~ls5SF8>0ML(SbvUnAHrQR{jP~#;9w3c?%DgtyVi3 zvt4XhnGoNiqEP5j0NfaYV*sT~q?jIcNFX=+kNN-yR)ec90s!kg8Iy+#963nCWBau7 zcCq_s?3>&?zeHL_Ye@SNj=ytuP&c+E1`t*SP`IqN@`IJ$|4fG)#*(qy^Ne=b%dxmX zlWEv!<;iPt)IIk9Ox!1mZJ|WwcOZJW?0GtnpbD#m_;CuTPXqoXvfq+~`So+tluLT+ z6jKgRY9BrsT^gLlXp+v7AU(7rw;2kcReyCLq(2UgN40h&MfQdX^wnX$vOH0+d7zDf zc7gPo(&vc~3W}d&CD2VxWjM02>+ZJxtQ;gVsIYKZ0?{de;%N6T{61pAgT=_@GIzie zEVzTt_T#wplXyZ*%x^1aBHbWi4rBiFF1zdB`#QrlKf3&VkJbCneYE-i_n6&(-B<1B zePjLiU1m2}KR|GgeNY8xdBjams{z2FlTy#xXEGDEO#y*&vR8VvDr5LW9ma1Vh$GQ5 z6Z?Fm)}d6X&D|#u7rq44VxMpa-K??Qd>apF_3XJ;RwIvD?>-NN@qgLxe0X(;#SeO3 zT3Q%YKnV8qugK)Z-*o2A_o||px4H@$9}W=Laek1RfM13$|r8g&1NcPbsF3u*W#gA$OJYlIPrwHZgT9*?aanp%=k?T73uAaa`rsXQJ z6W-^QLO{XxlqCYSRrM#r;MLS&SQD9hJe>BYXlDjOl_l3^zcYe4FqkSGSbB-4w8nVd zoF3d}ivHSX8et2De;b6$nj#Y#a;iMnaPw(&)g}#+Htq7kTlE8CuedbI3gXIJ;y@D<$)tEoBq^47D zu||;zkar*07L>#-53Dbz0PT6LfABFZqzwy=>J1Hz^~pB~11#F0=L=VJx8o%EEbFPO z{r&%bj^|Ew0}=@^e&u~QU8GNfy()mywd7CzboETsC|{i>zGl39X8iLypqNs>c7Bbk z{iIy&k#}{M620RV%hhk&u@C~!~Bz%6GcU3T}z+g>=s_TI5R1mz{J3# z;vhD4M^XQ>el;!h>Mz`&88bVZ&>KLC7hAHyuCeG`*4VXdh7!xM@wP4}ZvbLl=@;hl zW)jW#j%Q5T_AQhJ#1$)JS8YA5ko)T~pJy|7SAXzVFEJ*Z6oM9-lPS`xZ>V#w-w4Vg zD82KL@klcLkV5eNu2fE82dqDJOhCUIPxFm_xEJiQ_>f&k{r${s^uFD~^5$Cjg4WsOKA zCCiWG6xE9iM=ur_j<$1D!Un4$8Rr#tnz=X-Se~9zRmgqK)G;@G#d5YjVP}-SSQ(s4 z;+;ArmdvaB-)WH%FRIA;_7g{Mq(f*qt_sAF5i13wU{*_8Tds`*tosBh&yOnob;VGe z;7;zF$Ds+sP|G}Q-6)Dq_iqy=xAt%hu@Q!Hwntob&p2oX;23$$(1tLkEflW4g)x$| z15h_M7B9Iy!b&RM7>QFxZ2VA&XQ(1)VL(D{(hs`)|D^q1#t0-f4Kidm>al7550_I@e@BqvC zzcW1Y!ONrKh%D;re3Hnu=LdX3;MG1M2?)`1yka>A86jGKl`@Q$QK=?1E&3W~tLEAO zOFbW~vqly{j~kPF+41tUd6vFI|n>F||Xo$e77 zsIdZ@r#a6V3OvH~B5+JM4Wxn2PTX%?J(uYsL#JGBg1^328e5TcVRlS$eKdpP=E~N2 zcY&Qt$e-DU=(M4yba_Hfm~yo1K}7833qPZ|iM}yZOc$V)6J^{pny`YrI==zQM2-aB zdhNTH$9`+dzlFbLJ&>;{tc-+QpUO~+d02d-`qp1M>k<+`0ECep#;z^$>oG4u-Iekg z5Zm4wOwF_c_}PzTtPH)|zXZNWiRbG@F)N&jW2kzLZX3)j0q(tnsB49;Y-e`v%jhzE zCi|iWEe@JDH=i9M9{GGLbsX#n`DAjbwKopjN@l3X8!y3%F2OfOP>+RLRGG$|5o2L& zKZDxizH&wOCLABj5_d&6^anxsguP94E_s~u*-JZGJ+at;>Eof);VIM>#B9&RBOtG{ zT}9+(17ut_Ucnel@E=j!{+@#(qT2NFYoqx~C7CB?^6t$7ozfS1f%x}cvZQH}m8l^~ zRU&~`J@!{Ve2Z7s6{7O0$qHrgAp`~06Ae+wcGI6<3-p12!5Dw~5k4X%q>tPqD4OJR z1Qlbap)|zRFNj}m;45|3ge6y6CG^1|m>D5Uht5li=Pz^CZ9deL1WMK$OCCh_Yv^r2=Za%ohkY@)b-oELpypb~?h!ko5D3H($W5Lwy_vh0SUX=SNZ@<8)lczzH!g$cZ zVz-n-En*T%3>sbrapn?lO)N=GeHaARTM0TK`m&WNI0SqiPHP&9YTTWciTV&A zJ|BEsEf@(<-FYjkAH*W5c~9PE$`GCd&}0qsWXG;MBYk~B(*lwLbBQcJ45AfLm&uAz zUh$%hVb58mmtHU%;pzvP9iEm!=M+|swk+txy z(K-zNp^CdJs+GAj*R16!OuO2gxBAR!Nxo#{2|tX!ti3ViV=fKqbdnZJLDFVU-;bMe zODq?C|0Bw?riO=@& zpjh`_i*?snGlH&y(&+f5fHUw2 z=g-+yjq#6+9t_&a&v0&tmwmJ#!(Q%h#DfYEa$n4c#vXK8nya6 zfUbB5QbI{3Jv2o@Op^sew4Td3uN6q+B_`YGD_D5FAk^heZslZ1vb9-JAWmnsB`=yX zD&Ri=XO{))gJS>wiIcbEsE&F{_%IKh07rkmLE_rviF?J1R|#6Ma&a9}{DkdMrI1vz z1gY%Lm1#i#8BX())F~c}XP{*LRIc*R?;7+tXKt$5jI4^op(}tJPzI8GwCNi+Dr-$p zenEM3!fjANGyPHQR(`vdpaWYbS=KV>fr%T9{M1+XQI>r`#JgJG)EgCY| z;-`3l`lSX3?s2ZZwCqcsRN(%-G+1aa={7Zpqg0g9depf6 zdfX`AEya%9$tpHO00eq(Q5+!uvGq35@CzjherBhb>i zWdfF37q~#9{0)A3 zlX7SCSFvjc(YV6`7j;WUal6xmro1qT9Ew~3s8 zIwj~{0-G{SVI2lE7HX8lw$2}4kbCD9E9GeZ-wz)mgjOBs;0?rc2SC$H>sc2i7*WJgUOZGj73_4NB(uF7e?K2@wbE?qUvX|H8eo(GCVPGOSmfth}~q93OA zkcUx++S_9+-Z0559N2vPc!}Se*>FQ@lA^5? z!>G#^n-*un^{G80Fti-QR&FEwE*Sy5R}CUFQgxpnsk*~C4DQ#hW4qH`;Y@g z)4K*D`V|yWani9|XO1(c&3kOSGTl3bH0=Fzd;@>F%2tF1yOaL47}qws-p~cZ^nk4+38G6Sp&;+NcsUa$;ZMV*UszwzR=yZEp5cS*NG z{Nz6NhGNzN;Ba%Abu6~m>-8H;T3u~|e)-2lnVBp)Y zbIK%U-9KC1(*FD_{ST#L3;scMF$0uW@0~v3il%BX`j5W9Fl_&8i7M8t%(pr9m-Xj# zk3loKC;zS2kJs`Ms6-5B^2 z$>T3`!{S(Bl{_($pLgs_R-x}VjAAN6qWN>NUxal*qPGa?UpPp|~!^`lx>)|7B+=)kK0xp-^ zU3h_HV7qG*E|Ul?vAeV#5yD>6jk-Bw5<)^K4a7%70 zYP^Fz7+{Go2qt2qujbV!4b_1OR8HDX0k|MX-_I6*&gPA!0*Wmm2;9JKUcTFtqNuH_ zl`py=3h(?rd_%j;9kEou{ro^OU}C&4CR|!?jAtp2e{8KGz~BL$yU?mh+PWpzGCbTr zfVJ82?BU=u`+}E9HGkg3+F(N*dgW6<_@%;a6r8En$mpsFk-#Ut}yZ=*g>-diy zZc1-IEOypcO0b#1qdi`mPqC{+IOFBfM25feG8dSaF)%T0Bo1HXJyraxhcRAFJ75Wc z0MA|F99!VVn7l7ev3c-5d0$2(=gXGFf@u?@)g^EHV6--CR7ESIJGlZxF<7nV%fyV6 zJAL9r_60BTehq>I=7R>~`!goZa7N)Jlgz?W)6Z)K;r0BU-s8$_P;LD9nUMt~-r;S& zMlT)T8W4HL-jRO@L})YgL(i2Gz^F>7$L$Q?d;?}sB(>Y)3|m3Z@}~uqt)*haA76A` zLcX&|X~zWV{@kp(mp&>wfREjfG!lD&6uSZ7Bi|+mzY|w;OB{@SD)W^>@N?4_yqkau zwS%Cd)ScopcR=hp)1c0|U~9CcdaL)p^3}RP0`RMxU$oS0XN^JZKi+|mmL!na8s$wr|2DC;i1jX6hnsVdi0j< zTZ*0Lp{r#+QtadjIt%s+I;#Yoma4ZEI;mj^Qo%An@?n`H3#3@SbjRB?XH_2#e%kCO z74P39zjgKY#R~|@^js}yz0CW-E=lLePzjSA^|EM2LW3i*h#&e=@M)5=s(9Y<*X|2H zXGh5xK-|j3AJp1>wXiJQn~k3OxUOn?{l9h$wd8}A*J4LMCAR-2A9vcf`9?Sx!vfc8 z9^*$pCsaOFh`r&PeI2;&EldetOm;pGK5wkNxMSt~oij!-V?;UOHGE<|DUu?4r{2zd zLOSk4W9&QxY?plXU3kEYe)sv+6}yg}sz9!7K>(f7|2m>Scy@L9u8ZFZS02BB^!^|K zSZAJ{fZ6r`XYJPkddpM2$R6mH7;0*&VMUmlm?tl!u%EbXxO1bU3#ffB;xjVCD8H`H zGi4PEQaugzA|3#Ltv>;)jtN9}?`?{M$R>F&?(pvG8zsb9=Jx&c%MB06yAsx}ByjTuFnw8qv+d*AfaQ4d z$=Q{^@@4x~4zddmOQK(kE|0Ki43*TJ0S6lk1!e|h=Gd-MUA ztPYp?syGpj2KK??WR40BFx9c|-(MzuqEWjpalQO=-!dNL%BQnMS6U;)g6#f0>kPT> zm(2lzqoEAU`U0Tl{EX~pPd03$P9+BY5yczsIrt89xYA_EG_a;ObJIKAg|OE?C^naM zEiF4PHJiR+($TB#pJ~{nX*Ess;Oy-!U(MK#cp|yGrzg*qk2FssCCH6@cb3mr@w!Nn zzZ_$FQ5I23_MoL9Ol`U zRNmoJ^oqT6uhC9y^#2Rn{Kj@I`R&d(U^?RjFAH<-*+X_tYunj(^q;rxLf;7x{`~l2 zz_|G!ZqPsXMLy2fnEyE~fxWusyF;wU@sZl|){&6r*`7@&qJ7%3w>;vsxb#ioL?cE0 zaCiM8J8v~w7VKZ~?TKGwb1m3Ijv-B6j=cr@^!X%cpX?M}fsOEN(|)v*K{P;r0Y#d8 z6yI2P`-xBs8ovn)JUz>^joEF!;N1*TZeGLL&cBiMu-Np0>AS*J2YI%8Pb+>G^PS5K z0ZY|EZ)M|9-Msi1Aso6rME|Zp)t5XFf4!=8%J(9w9ZNzt-g00 zp?Xj8Xas%Ea!=Gs2rjTYJOUS3%-~oB)wVDduR^sivXbD=MTAIz`GBNSOQfSvJDd0$zl{x9Le*;1_UGagEY|byg=#A_m+Dm%WJZENNjtQf*J> z|3Sj@_C66oBAh@15Qvb3hm9z}AptN*fICP4c_OF`R~!*D`jI=5B=`RpAirdMUV9?b zC!@)I8OA+|JweO zDR20iBe+cXL>u~?t68RHAia2;3m%AA#K;6g6fu%)lSE>`n)RY!1id$q0d>f<4%vu> zVxCK+Jy~^W;T@0lO0s6Zll#e(MP55n+S^TTa4@S=uF4BJ#lw7p7H$`iDi&EO+uudR zyCWO&Mjk!j4Tv5Y$ie)OUkq@8jxb^m10M1>1-+k>rcN}w6})$|@58banolWjWvMHG zpGoq==4=wHYj%G?nS90M4KgH(?6uM$Dq=ZqSKBtg$YAG~LF|vAm^n`FT@v56#krhV z{C8_A)sS)taz^z4GVHgp zX0>pa(1bQVQa&%JT$44UT%|2!B)KLG?Jbbi_UQfpx+S-4zal4Bh_$uMuk5+}f8Kp> zzZ`xqdWkH0f1326VgzT>ZO{Nxq6AyqKuod)ErX=O=XoEgOvA3xRK=^A8KH?I*osSo z?=q1w7$~)yVo>hXp*LuEYJvQ%P)EL=G?JjuX;Qq{=87!+>8VTU4-X++mMER90Wj#y1pXCOBxim{8-3?MYq=p6-YJXFGCrY za4h(WIR1|(_DS%Q(w+ddJw^XtlP0nU<~}hY_x+zhE%ZBPZ|pY&?8z-x*RqE^NBRdC zV5)^E+=F=8H~}QU?U;JaE+!$bmw>!N-p-o?l)m-lPOAVE0!moH2S7m{5P$?Uhyn)0 zKpdn2$FRq*E#;{(r~)>Z?N?Ck2in6526V~_fs^Y#0^+h8kjXEA2iJ}q@__tpgNh0@ z&FMy={y}KeCn^YBzv7#$ZV=xYv%CW4a9{6^Z$U)$m+RU1aMWOxh}}Z3oeWLjNzYhT zHgec!p)%=sLV?3BRaYS<9W2^{kd@}30kEK8@wvQ947!)(I7piaI;#vzGbqCEn;93D zc+FJH)1m$XHE1bJRWRPtSElodiv*k$C%9zn4BWoq33(JnZ1eg-ib&oeZIQ&{wj!9| zXK&wuW$k;~G~Bk+t9R~pbluC`=VrU^3NQQ~(rcf-i$~^OcycE34d-Q0s@^S}xA~*< zOEmkxtKy>gM<={AAs@-pn##);AjJ6T;$sNx1I?K6tzAWx2Nua(TIt!Cl$inL;xN0zC)pqJ-v z{gHnG@4pv38VMEugt6J3mqrkemF6Xj-XM&nyFw~4QR7TO={nxME;`xlX;Ydql|}t? zp5gwK`hUARZUjLgR~I5QMYq>6jC;`*`bS$bM!lY@A}G_Hv%N*w`t9qDA8yjMC1(HQh!t<7)fEx(ogG{y2#) zw0^gwwlnAv)Y!$yOYFLjZB=PMHdznZn^QXc0@E`v8dqo6F)lPL$I0mhhvxIUhsh#& zE+mTS8gI0;kCa7mF`PJQ%PX7*EEhx~&Qymufe(I^Lnx30K6nB{C~Oh<;P-We!g_%Z zzWIYtoc)~qp89VUK3@eQ`LP5RjPC7j^Nl21eUnrpc#2~3;`3ioyEy**m!Qj{zK3Mh zv4eewVsei|q0r{vqL_?#PzY`Q5XD9r4pcS+{}ILHHV2x}=3ff2?6>*HN$jbw@Shh7 z6U#Di4*uwxjSne25g=-*Wm6xQi6q z4gAiJCy-($G2zILCJDpyXw~y@5NF>TMluAPAYAs*Er^P5MAM@YK{1H^w{~Apwc%^_ z_SL2`9G^GY+f-wtBFIF4OHdLy`0g>@Ohj>%C+4@89nJ(?7erKTo%R@_%m~dN%F0 z(Y%1~$vdaZ! z?&-EcVR#|}S89Yxc|+cUrYPNbp{PL+yUUq%#xYQB2wl(_9Z?141>r7k5?ZaOp-(Jm zAhtvouUbPLp^eWLPw0Ykh_WB&crG#u4Y);YdbuA2j+bN`kZ55vf&!UR2Doc zo;mxH+xRGxs8CjoP)%qk1|fx;T+FZ`xZRmzcDsKO3@kXl+p$LBFyK(7h*|oQ&xZ%A z8kg1xEW}67(;W_j=;(SI-5AFFN(Hn+bClt-dpT0#GIBp@$GL$7VR)b;s#FNPU9eJR zbih4Q1<7iDrO@)(7{G~9GOgrAC=3)jQqD|>glET$G+%+UVmtbK?8WS^EV+@7WCffu zO%*HQZ$Yznm~?HgP(bS3;KV9Te8`~N2vr@Ch!C(Ov-l3?-tU^n=;HFE3542nz4QXU z`w2t^rccqbrqr@BWt*3?vy_23>ACrP_GJ^u&X-%hKnIEtgyk!ZLS{OwLfcYqHcsBv zl{4>Es+q1R3-=`t#slv+5Cg&kq{>htLO_$uz^qyn{&4#=(cr~8O8sJuyt??(fC>-!E z{lHZmc>Sx*m++)&0$0UAorhpCz`hAw`!~CIx{Pb%oaX#4UK5A^r-T;v)vwp+jXToE z70AxVa(KIq*F7BSPXDKSHUN%|r{_U}H}CxJWwJv0iVr*M7s|qg)&bgyUj$XsGus) z{g)#8c=sN{JS!=bn?*R&Yjt*S5{Jv}#6NXt@As)nR* z1X)K|O{v>@RtPB5nW=H~z{F^5UVpedc{4l> zxMnK6n4tH}MlDLRmWk4FMAfI8U!IqZlE;ktfjmm*_JC93All|ky6}*KI_^XSXr!_L z3m3h$jtW%+W!S>el`A`SS+N$|v&M-PC!8%ILf{I+IygJ#hOwH+nLyoEVqN2SRka$A zPfVf|Lsa?UmkOf3xBf40-cH~r?T`5gnrXz%Y^@Zapohb3ZC$=tku_H;zEg_q6?NbWDhoSQ)FmG2 z_#=0=iW)>vsB-W0P|~Xy`d*=!6z(ds>#~c1wN~xB_#=|jxw6)0$Z!!jIzOu2_`Idl zYV4vy0CS42*ldkmzFfYwS1_e?y{Zzg;AvA|MsEtiVxmTG` znwu8KRNX(!m9a?xZXGj3QKV88;emkhJ%-xlH#u#i3M6x6_v2^=kQAJ$3y#TuD9*3( z-1p*d2qyg(jw%5FXJ6t(0O0Xw`fI!9j6QCj!w>+0zz>xL5IewcFIh1{w7vhgNJqYZ zi8+?$BFe@TYL+Ui*S{S~X^7K+DTo7>j$*v(+*Z6zQVnZaGQ@k8E{8w_E`eJ`6TS@@ z#>>%JsXB$Aeu0J2NJXQEZ@qNSalP=7hw_Ar!DV;E?Y~x-prFaN4X(_rk|_@YZvuXt zAd;wYF}1E@9Zq_VPF=f@dr5gCPd-PSYoj%C@Ji%zVf!l@d#Vz}rVKk*hPKqBMyP!I z<;fDPS|krXo=T~Lr3wUABr&(iaD4adlu;9x?@ zD5~s3s*bq9K-_SH4tY$kn;?t>axB`hw-^(P!a3yLW+kVnxzAQ)y*QFa@yZ#a3lnN~ z8)!)DXUJ?KEo&)-2NU$T#+$bq=Z0W859^Glw7cxEg_zjF7>oa|%0aM**fYgwZlbh* z;Iz`>U(HPx1hoLCK{+pw)IQ}2M9t&JnLQ%^UfZqr<4%rIS!)xuUaHKZU?|*Q(c4iW z07C&|hb`@wj!4{3Ay__kkPk1$I<==^zm&C1#uY})YmPS}^ZG$B^;P0%jw7(ih4RB9 zQTTSJ8}mSsyb%g4EcOUvZZByBk`P#h3Hxa#7Os=D3|3Z3?Zj#JxJAMU`ET3Vr+sG2 zR|s46Zc``HAe0h|bSmrILN8IOaqay7K~Klr21kxuIHNIk$bL`+fB=WXUA=u4x+zU6 z4}R=9vg0P20_ZnTDY!jUlnB;5uYQ6cC{W}@Tr@BK!2Wl*{*@{xl2v#D%@JK?iq(We zWtV5hpinj7e}U*;Dh4I$!*SJDPnqH9N43*m7}PQYIA4S;p>#17$k9>f%gUZ(x|>P5 zwn303Lrb$s4p_<3##TCdyH`Hn-rJ%v82hG!T!n*D2O6pHof^v?DjY^-p9bbqS#!mR zoY+>3|bajZ29_6%Be@ z1=@Js7%d6jb2C(q%{4d29p?e55zG6uL3sNCkL->C;un}-U5PMYE1+boe~y_~0Qz zs3!UlVQ}d`1d2+o4;F=8;Y$%fq7ER{N%|Q#i0apzaK^?*=r?~*idfNNq`@=L(K8b( ze9=gi-%w$jrm;kGOyZaQVJWWSY7>5Izf(FYX6{dsnvEhGn<^>or_%nXjbbkkPZx%$ z&P)QM_5(8^jTDs`Y(ncnmMkP}XQL$~b&@tHB({kG4c%K~uM9$u*&Vs{=%S+<{p-|Q zWG)kX(Svi@eGVi%#vAHrLeI} zmBz!4y*&4({P{sIIFB8h>Cg^h!Yhfm-~R{2eZYt~rj z4`r(G)ce|xmI>fkf`Cz|$a%MINQm-yN{Aa&?1w>|kjM!yI*LxrIgcO_rcsm58t`?2 zQV}T7SaJv!>Y3+6`Pmu2Xok1m9m*s&JLe_|8D0RVyAWS0&{2uwPB=^iCHfu_FM+go}^^lA?%8iqvQ%M;Aj({>npaal|Dp z9vL#F$Cp4ti6oXpQpqG|UXYZ^z$d)53wKURFT?D!5Wl)x~`P8;zm8(4R%7-i8 zp$b%}A{kYz5}9OHsmk~+la>ysl0{kAC^gY!?|R>dPMYdtv$C0PMh*hpbHRO&mXEb{ z761?ghCpF(1Tv38W3V_pA=T?HZ0i_I79)x1ad(42C~~#?JQ>hz{&j&^Yi zH|9Tpv&;E%z1<(r*ZcD|+|k4C&!FjsY1xkJ`9T=@+WispqO58_;->BTVRXD3I^6}A zyWngWTvnjo@oToUwzYS3c6ECjZt3moA8<6x{FNMZ zF^pTo_{4Fq!pxa7XC7`p($t0Nnc2Ddi9f1%snt_i_^a?}Yc~`}_MpvNHyHgVCg@W{cHk z*BpK`2%|V*E#6K=){))boa*bra5SDwXL(Up_58x(((=mc+WN-k*7goXGc4kGL6l@g z)pWzOY{&KdAaqh(NmB2|;J3J?`s=Kr0qp4*{2Ozx$CVK#x5ePVnEN&U@+SaXaKi&H zeDD{84|DOFjZFFtICZ$Vp&V&My@n~w3;x-4tJnE_UQ>3XmCYNf{U5M0G0ml{g*v0w zah>^rA_nI3ad*zl)NHsxjFvU)P-W0%ypFR*;~DZV4rR#m+zfx!JuwL55}>X;5o=%0 zqnIoBMTNzVWhvO+{#+nnMYeL{ka&JA&eZsjOE~i7SSzfug>$m2P|%kZ&!uV6&{TW0 zPVHCek;m?2ze`u*$nFMP%jg_@a(%ki6nCffaA7fP*l>xxOUIUWlr~%<;kr9rQE_|u zG{U1@flK?R;{T_$HO;NdnQ{21Z63+sMppGfOPK4u*Yta>vt& zCH{_ejC6c#69^TLZEKwq<4&ZU-?sHA0ulx(o5~i!hy=z&YK{44WThfjZErrC0cC^x z^h(2>{Ms5$^@*e`3A03xm|7l!J+eOb<2%@HP)i$1WcX>`&2#V( z?b^8j5vg>xh=g&GE-~XmDs3D$TSkNl<3efUWGh4%7gA~CxY;TZsdTmm5EII{kV+fJ z&DIGMDx}iJakCA82ouVLbhAx>gqoZdKtdT8$+l1-mC5Na;R&Y~g5BEfa|J+{P{xH+ z+Bk0Z2;qVNAi{()E~KJ~`|a!-@I^|ffB*XD+c`uK3zJ~K|6U+`FL8M}FByY=vT#&< zuZp0%lgRt*<#Hy}U-JB8u@d56-z*3MzCQHt*Z<@{^JXCw#6FC!@7>+KVR!n@=VB!D zMc1d#kU8Ka@3Sa0{;n)JCd_l@ls|Xh^4HSHGd|7fM~+flagOw{+ud&$s{zYa{nDd}h25 zJGso27&mLQUEx<$7UUT;DNym^Z>kBJzj3K3FaPZ!dP{EXFWinU)5{z`AHDtNm*rSd zd6v?%2IbaFM39z3#qhm+-w&h!h{NG z=0R}X_0bQ!1q2Z$lyM=IHjbNZ14Nim#)VYcIBvEB5Me?Y7gA~CxY-_n2ouVINs8W!@NMZ;3iWSE>bVHWRnW^S-ENxt_byT*GQjNhz; kHVN#G-(096VJ0cZrLi^)>u|^NyW|%C$048p-$mq<0$tH>&j0`b literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/_static/fonts/roboto-mono/roboto-mono.woff2 b/ia-terms-updates/it/_static/fonts/roboto-mono/roboto-mono.woff2 new file mode 100644 index 0000000000000000000000000000000000000000..9e69f6d1a0ba027ab480c536dd4d7887d5735a58 GIT binary patch literal 97472 zcmV(-K-|A~Pew8T0RR910erv!5&!@I0+NgX0en>e0{{R300000000000000000000 z0000SHa|#KK~gFPU_Vn-K~#YNCmsNfU@uk?2nvLPaD$$1Fom&l0X7081C4SEjdB14 zAO(j|2e%mv2U}NIawpnEJk1w^9d7f_@wD47B@|xT?x+%(+3L$!Og1T!iP8A_k2SE*1%cLkDyeXuq>_m{->n>%VDd-CjqGQ# zbV@qT(Y$M54pIWMnHk9U%oY&TSSOGcvGWRMpadh(pVp zZ8LkzQC#(gn*4l7s(K?20rA*8QYDVoMqF#fGrm6Gx90!vlJ2hV>FFL*@R>n83FH!P z4P0^mdb<9*rXb02g_uJ^ga~lNoFitL;rY4!@7&m31sfX-m_)UL7||0Gv;KSHz-$b# z`U?j76g#Puaz(Fi48q)Y;zXUO6F=1_>V#y80#cG8v{V_S$&sh z2LLAp!pScZPHxKzg-wm?s*9>`g=Arp&L;X;d$MQ$0XbAe8UpHoU05-D-rA5bQ4tcD z6cF2k_XcR@`cGC8A92mhM0D4y6g!2d_Ep#pPu$OpbHmCBw9w)$))uJP4$p7%|ESZR zfr1zyf*{!n+)IXvs2C_l#AYs97fxL`T^b9wW>qi#-rnBo#a_jKwO73j(Nt@kQUFU7 za>51_&;pQfS1V#$WIkn^M}qVKsO1ze1x}-%aHaM23Ru`ucMp(f3>a8~-exZ7*|K58s3-e;q6Rn3pNU~Y+ z*%9~E#E0JdufC$gi*B!}uSX~8eS#NKV`i>=7?*7RujTV6WQ9}pM9KW!1|}sye`gy3 zG4TJ~{{JBj{5=hTJ@&F+746518k*Bu-YyTU%nSQM1|ERq0PS?RNmIBSmLM=72!Y{o z&OQ}`!t75OCu(JUH6uKr=x9ev>q*)swOAuwaf(jtMD&a9_RyBF-mO4L@?TB7vbNLk zI#o=tnC|k>wIaArJ~s?4fwuD|%2WT+tuN}9YyYp$gG$8E$PyE>kS8<8L>xAVsS7Jn zcEGnWE-p^$Dj#H)EQ3s1S!NkDAX-;jITvlisaG-QXe&9lvOvAl~EDo9-Prw2oJ&j7PM1M;>pAa5H(a<4JKN`D%} zUQdI&zV6nYagK77-}A2<0QqOI=FfnR|d;-o+oE_Pu4_=T%_#63qoCx zDO8XeXR|<=6opE{3#A~I&u6Mt+C`#=AjfgmICJN7P@I>av6)Mf!mlb+byYV2b^`*~ z0FMwL1A;OTKx!zEvx@?xc`b^&kJQ;U-c#gQ&KYN;i;a&qJma#^X2FG*a1wQpdVl5EOUBuSpQ(v6!kkZ}%DY zYxUqUw;lV=x}Ap1gOt#W6cG{8uQ4|yy&TksO{h4@%5z8vq1N{G@2A>iKLc~KY=fLM zA|fKDkwzLZ!_D7Y=dG8y<@!T2r6yrLLhmI`y6#0~TCp{069)ntRFyyJv$`$t@UdGS zKxieQ8GYcmhwF=X-9y$gg0j|rV%z&3+w(l@Ql!WtV)&AfOeRC*Aj;gTh-y+tEEzt( zTL=Sz1`ie-7JRb5DRb;h(r9uH6I!GK zd3a|7G`?QJqU0gVVFnN;0Cl&)JNxKz*U1ceDNc|zLmXt(xD*uzSj(h0GP9dCeV76) zMHRu-Gw28YXZGVK%=h=BH2_YJPVE3$O+i251?_z+b9eGAB4Q3yJ_l&H`9vV?zcmCk z|1VD0+X~766oinc!iv3c(TP!(%7xW2+*+r}nx*yHM;o<8tL`BoM3I1O?c6 zU5KAP8X#}I#RGsaN+@WmtT~8KmMoR2MaOW7nec~Um^mImVsLts-BdQMO;7Ww`NozG zAWJ#QwcNy=+|M8TGoSDoU-dr>&p&#h3j0pszJ{`fQ`bq10m!8iDXoT%_fDh%RDR^f z2!DBKpc7o;>s9 z*{6T&$=9B$85bX4e0%|-Jv(^j&NH_^^{Y?*@KeW5Gm+-R1^19Al6)oDi0qbmr6BudHu_#_&+hKtEIvDa0G}hi9sd!ZFpU=sQ>pTK3KA?& zBs*^GJ?FqtqBu!x6$p_mR590B@mRVrCBp-3+;g85GZ_lwKo<3Q@@%jqI}gbfO_f@# z#%G4@XO-G{+EnaIg=(!JGdF;Cizm=&|?qBnC+G%K+7%~Y2 zgxi!5!12WSetUfYFNBOIlKPk#J(0vv+8?{i4h(^$W<;-&Ii$C%VkyrVsek{HHE>07 zM;l18yZ3BMu&Yb<_P*_{+TV(Od*{;iI#9*I)(q9fT^naL>~(O}vZ zf(ZoS4vyQ<5B( z;jl$M{*ob~mKXwIf~71Al@=}&9wFjLSy3@@2}uaF985|&J|QtlCOIV)o|c|b8Bs-6 zuBv=BJ7vYz99pNMG1xYG)G<|XRrC@9vY+sO1v&;MmUSBp`K+~C`EtC&H@@?u#!7s^ zuXMJL+Uirue8iuctMD=ZDote^fdperFvVZC)92FtjJ+lXQ6R$T##RpObT617j1RC?fI=^UWBt`jStLfURSBZ!6Ws^6gKfYnlk|N{4IPV#jBcccULj1QI#Ym|DCKNb_Tt z8(Wn3&f>;B%sbf$o>V*dE_j?Jv?q1{9?q`99=HD>^h1yM|8Chw=yD`kljDz2kirGS z_zmBO`a2LZBx79&8@Iy4AE{h(p{5^6neIbUnAwr0y2ByTZz-jGp71{^bZXm5 z|EU4CO{6Sg*hW%35T?U#vC;#@0KfpB0_)`uk;BP5sWUJabBey|%`dKdy4)vRh5!P% ziWMC~3RXv+K!-Gqs`e*EfdD!{r2`118czWY$N=adSm$Zc1 zY;7%H62e=8ctC4*R1nh|9$yhbcdwgG4V{`6rad$l05kz8WW_N2Adtm+qJxO*f!pUH z1c1drFYC)d0+cFUR1rt0yf1Oxz$^Xwl2ME|)6bmIH)0xBv)g=qCi5^g=NU(sLl=9< z|5{HNgl@sK!PWqub4u`$GK^(MPwWpd1XVRPO&FiHjw#)d>#@ZVZs6r2?QcKYFBu@M zHc}@~(jxt;{jCYlqX-2XN|~$xAVl`qf0yWc%&NYwUiyisr7V-hanj8O*cfoCs(J2t z7@Ou&envk_EeoU|rdMw?>w@zGnI;=o_>1D3F9}BE0>{T`Z9hc@NY8sp!ASI_lxwsv zflogYQ$lGt#ws%26rzI&5C^6LDxILX_OixpN4 z<1jMsg>DBtFz0E0{z=fMf;0Cajh@J3A-R9%t&I}YffEu`=@cYA$gVLcRy%qWyn7a1 z{;el(^6!(t^ejr)%9|RLE1`%or%>DbQl>z4dHo*e1EjOicCwS zRo3ICou%=yg-$oD>qMt3TD*yV`*)cTE#GGSd%`|2OIi7i?c~9eRvC|oRmRz^sk3Fh zrx1@vTx)U#MZ(`_@IeVb&L!n+c+p*xKW`m`*8DBd;(?1|AVLTQ#e=t@1U|%*ni1La z+=^+zJ}B@OqSOib^8&R2a0RG@wMcfnqUc_&5Et^C^L#?_EB^V%WGDT@Pwemgb&Hw} zZa2BrrUm!&PO4nfG^4`;Lg7Z`TPMgX9Jv#`0`MzcX0f`ZlPxF5qhT_=+lS@1#oFYp%9@)8%`9$q2?)?}6|@D_^P@Ql)`cT(VoTW9Z( zz#!oS!F)$_>~4m~ z9Qh}L6picNA-xwmo0!yU`J% zlpYEp*K;7n`FnHHm@ybmPsA+D>=!=qBnzp8QbWx~mD#rq3Cg^g4v#j}haAW-aW`M# z(xH|@S>znq%YtafLa7n)sF<5nK}!6^6xX7ls>VHk;xAm7znQ7eg>yaHsxnlA+}NVT z-ysNTek1VI#E%+z@4y}{h@Ui|shwtT@^kNA;N=wh%5&s~bO6PFuo7n6G4$#mJ-G{K z>RLqn%VzwwY_H}YYxTq%ICAB!@Y(=u)tF)U)M@`*j*M6 zVKr7|_~yCY)J!9o`87{YJzoW?W6gUa3+BpCXqnQyZY|`Zr?)eWARSV5wX5RL$GYZ= z*hGcAyp`1|GsT|;S zI9BC}S~by#=iH2}p2?#w&Dk?Vt+VjOl<>k??I6MF2I0keLMl+uiQL^irG5=jJJp0m zI89M~kEwC` zk3#=L_HXer=Atz7UjBhAW|@DS#hCrwi%$lfne;nUTfiV;Eepk4#_iXTpe$go)KQ3~ z$d%)5jM_%Tq&rW>!Bxbawa6{1T$%80J2li4n>a@lIN%75eN@?XIqjpK-Qk&eMnoT> zJw;ca>Y(o<67TA9Z|iR(Pv5~)qU0cein&LaPjz{!YU^=>10&@0Loxhx@HB10;yeVs z$)93^{#1Qb1sU*_WNI{ol?k-s?Ee|3x_DMwtQ5Zkf@bvwxfx-l& zRRe_4>(At6hGgBn`;|j>DXr_dv)PHWcY_?^SC;Z}Ojkm5?vgKypp~qNYt<%RQ+1%F zSE6*HrcoB*&9Nv+D$9we%EXf4af-=$ubv_4USPp!AJaPAkvwWU0NrWs!eZ^c za+ayQ`$vjrE_FPwPW2&pi9*sEI3Z9viJq*6*hM_!9XiC? z!}QT#1qGyFLG(VT?c?a(FL9B&4PvT#pp~DCcG{%|2FEe&0XeOT89(Y>on~Q5aNA3LIdtnBXyQGmQLrKzJ6 z?#@KqD~*YI z9TV@I&FV)ExN=yRLM98$9@V0BL#h)dQ*2SG@{is!&!YtHzO{VTLqs>^)~wWo#LS$7 ziJz(VKO4m5s4^2y##Em6HcRsdcJ=3Edm4wZSBsM=EBg@8M z^X^Zp?EDzn{Ltg&ujWYO2JjetI%QzSkxI;8(Cyj(XhziO`s0I~FJ05g z0{?^I$gLY%&>(Kfe*H@H+2*T8AVdkFkt{Y=Dx4C>mySnXYV(qxKiY91Qs_w!K}L%c z&boK+3T1=J_u3L?%DFQc74{b`zruzLQLPc?dx!10m@p_Vd{TB{GrT8L5orn70kTqM8D0K zTrgLF2q+}h$2ux~Mt>lyg})FqcBX3yn}ORvVy9iwBw!^L1P_w~huxf!rOEAnMhWMV z2|*=Gj)PR$a$xHFclVfAYE6Bcpl87nd!Egvw2P^3;T&TJ^8mfPp6Zx4BL6n<+G~;N zLu5j|(F{VG`f4yXC}3c|PX7=q>$sCy=2@=rXF5s!UU+$kqc zl{k8RZsGCpgF@f0W47grbXMQQy=Hf^je(C=C?y8=2H5N%mC?j#a#`^318I`uJ{R8m zKW^EmIhl^WvFCm3Ae4FC`kK5lj!pQ!MK$k^rN}t2n+*sli8655j!JH0toxc?_{8&6 zp_^F>Q$1+fF`T@U0u|fjoAXaX5T_HcqgM){Zf5Ra-&*%P3}c!)av%Uq#3a1$J8@A( z{b-X%arzas@NVlKrxGS?u{==5B+LMkufv*&K)&Y9zTAuznS#D*=ZGIWdD-Xa6~~m{ zMppqod{^|o7w6B;+>-gfsA*lq*f7|g0nXM$M#>ig-6!h3PkYCqEFx|n=YXBje#hj3 zVC9Zg!Tq2@WnJRB4hfp!>1LQ7$kGhOxh)jzWmD&0uv(mguvb$K=oBnZPm(K4!t`4| zGT$d5sH~BLWR_@c@$mipz>@x)*-?0<`L4$3%&Wzf`Z~-1!~@$O3mtSO^qL6ycFF9A;xSej5K^mz3Z0|{8gyjEpgoC=xB{I zX&)VOw&_jqlKjG)sv#O5cC>cULM+fd8#-g%F&zcTwI*SeXOZ^#RUcS(law;MBPe1Q z@-};hW4hLMKGE0;P86Wo(8mipA-5jNaL!z>vlo%(u;Cr{uy<@dwzFo|nSZhk_-T(d zSg=2!5PfH$P`-UJuFP_BEpIR0jEdSg zN@R_G9NNw1;r%-dTMYd$U8Fb<1<21XF#!EIxLoQbk5xm7hmpq6*xFur#Xj;yFW1>) z2=u+~a;_r%H8Oq@f>i?@Mk00|tFPEP7J;eMFMqA}w{a~|6 zqv0TcXL7+Z@?eBB1%=_XS~5(mWfl?zM56QqLH5h9-;7?RbjI7e*MKhf^T&F=s#ZRB zrC7;2&OA+C)M+DVg*j@0N3T3c4by3cfJG$kDrWL z%CFkmxgq0C4Vf>lus*o*&iCX)Dpq9hqm_+~u^xNSMZ{Bx2Ic}szBWNdWiqmcAEKDd z?umV{?b;r`L>Dq^Gvhp@T_bI9dYDP^pSm&*zu<$5hl2M869Ol*3U~SHck5GxL004Wt3u zLh4bI;p2dBPAtn^%ZZ!jq;P#&&ZDOyl96JsTQT@1c;hJ}B32z^azlb{>!ut6)8DFb zq99Iz;NyRZC#3n2iP>V4-z-{W+90u`yr+h=QjP#KTw>Ahi6aY%@(~e)o_32PaQPbu z^U=m6Chd*)F*ip&xB<#6@Hi8J{2rVLO~r^;3nT$uQ_aR zTdlu7Wi~I(ifuY>9rc8*lcduVVR77lWKKOBCrU7EShnR1FtM6fW&c+!G1~j=XiZ}Z zCYDvDxq(@@sYxNcrGNhw3f^+riIfr7rsjAhPuz19DN~+pIJ_zo_ohT5=t?19#}Jqk z2XpF5C}orlgB6+8VtS?b=WQ8SV)Lmu8M+b4$&2^_N;&J08{3?tqn!2(iMlS7%xI?t z%AftoFc;PHqFC9yrkg#)s&dWb9F65*4DF7BIt(ew+g9kk+3eK7rVHS_Cde47&m**G zYI_X-48x8Ooag?b25xay=x~U1#&TpHO5C2VAA>2Qp;eE`k)4G+L;Jr5YH|3~+=GM! zRVFxa6+QyB1-S}Rd>@-~~XiVnI(K4jqToEai^`z*P znVR>Uu6_Mw^*3O(yfP#eD{<+sPYdJkzl9&Y#;uB9f2runwG)oja_LMCS#KAbqqrB+ zrB6Pq2pnK7@Td9U^EhiMU_A7>^}-zJI}3{B;B6M!+!Sv4!YuAunnJl+qfpJO%E>;z z<%>+^@`3mn2cf`{YluE|EifQ={H?L z5Oa)5;>xa*dj0m_jOU)lk?I7PytxlVx7T^(*uG9H0bJZGl=S&u!%7Z6`VYvi$zMTp z#Q@&A*Y5l@a`abiu6BHNhsdz74x6h52`D`t3+-$JPc3|7mf?ZEVBK`Aj13QvSu=I< zVQX5D>oq39_&4881XN8!O)qb|3L)Z*Q=PHO7%fj9thx~TTNQA9lKi`oH0SDjb+<&5 zy#T#3)KrrZWHO-sYtuES|M*a?6pENpBu!fz0gR!)R*+nT{xR{71IV;?FVwxI#{01{ z(u+~F-b-9$$ww7_xdr&^rLifTKun~-9i9x1hBz2YURnUXiveI}7Bhy<)zp_W?|!eZp@8!huJ^?kbSue4_?Ix z^37oz;;CplrqZ-O^}%C*K<6YkuS% zF?f8vi$CXkJ>RSO&R-pm=gs#zIw8DO#YfjVn8NAK_Elg?2Q%ShhoY++Rs3=SiVsB3 z`*W*r62N}HwnvE9iA*dD&LI^pTX(al7_kSy7GGkQog5Wj2|{53pIj4^$RiS|z_o%Q zdxK!KH>5^TB(foJ4tty2)ig^x?$z;^)*QDMg#ENKvSbR)1A3>Fy?XY0k8wiCmyx}qJE;FI|QO?Ws@VsQH7-t#xw#GVz#o=+Vh97=T1!SFdUmJ4iHAA z4z*F^@&9~2{N^`TyI$-O6Uw~XY0ROsZaU>=UqE_|CdFC_&fDY@(}6$u$^Sh&<2W6P znuX4;6PtoW?t2N6d_o<|91}AYJD;cESG|FeLA5@#c}Az_*leo4cx&=IUX|0FX0}Ec z^RmIQ9aykvb~*_ThCw`#?14E93fr}~b3adv;D{v+?GO3HaW7^k;QC&QU{#MtAr|Ba zD4e`GM!j(7DaB&DDIYo$gFNW^3}_kCN2d09emjS)-AiJjo>JPc$XH6ye9%c6W#B#4 z!^C@&OsUTszh^c_1}xRu#+7hgALhI~UDAcpHCLTegDppFPvMZwz0#HJqUf<$X=x|e z!7MA?MuPNaHNG?JVF8Y`c@J9Yjm7&eDTSP&0PmCRqfu*;XC=E$Iwz2t#080(!MeV68PD{GT+OW{b0Q2!Z+?xL(uQZF&@D8z6Js`f%p}MhM0@%AzYg+_=e^jR0OXBNg3Hbrqg7M-}khM{1#X2-5)ubiBF;drB zkSsi+WE^CJ#5bUQH*+{~$oMmfMnNg=kc$PQ!)JtCgv@m?ckrDhiyHS99PHJ9XK1q7 zTGBHH0Ibv*_gy)}pAnl)d?1A3abFZf2yZ$$z|ygew!`UoLeuoH%fD@-N7zZOEI# zgZSdBZZ6^q*t8MG`Zm0jz||Z3w00}89Yq`D-h~^;*gR-s#dJsjrr877^n9L$R?77o zdphhCSgb$op#O9MUPPCUCCTkJ|DPj?)4p2%!GvGmeoxc;7LyZO4r&Ti@I@1|oIQKw z_?=|Rz$OF_})dx!v;r(ER@UpIX1#5U^pi%%}tQ)vcC7)7#Al%mTDMfYgtL z;j`^i(tp+ibGnW9KP3D)Ljl!@i%S0(%n7w#!m{$GD`o(rdpz zT_!J@y!i^JzO{yTm~SdYJgA*V`9BFXHpxUU$EB!0AsY9o35yc4fKueKU=n=wZ`c9j zo(78ydLW@XN=%EXLS$lA;0VeZNs=(sqU7TGv?|m-PY$v@nEFCW=hHpyq1iWDK>D^` zoo45${%#8Z6*=c&#d;-vCr1F`-JaI&3&~$#i`Xibd_mounVX^4y1>zgHsH8O$yf4h zyFmp^YNCf!sOkf>M&1`cIg3I-g>9>nsbntF^TEmR14QYw6$HD3TC!ZmENO18N*lu* ze)GRcWkPQq(ckPlv}V1bmSIqNsTwt_^s7zsR^b~m5v^ZtqDs~L za;nl$%QhNmEg`Tkyvn%v!9t^2gL^A?(;m~_L|u|DaWAm{57-m;e*V5jm({apQ|emSJv zu>YOW8l}pL1@-s)I`e+zzk#sIuF4gTUwHqn_@seh(}|C7K_K?+KIq>A0%?695F1wl z;&YcaKp?hVGt&6`-=5KrV38%7GawMVc{>f{AQ1Zo@RbQU^2>mzM1X)6vFb3ep!X#h z5)Jmjfq|{Uf`T#OK(o{=6Fp6*wVAM2(aCV|)nh#a_5nzUtM^W`*IGw9N#l!D_DSZG}4nVK5&>=*Up zF7_r%C@#T(vLv>&^4O(D+MaS zX+eeGA_&BGn@%!+QG#Z|@Q6sYR>>+K-sY3`07&DSGkLiiH@PPY)vak~PRmw@sIK@I znI~bf0e)4p+I5VrHZikux0aRKx5Heea8_$aM>eK^|6eILQp$9#Y$(SFl-1;%97bjT zRX?v|RwZVt6Y`SWdA^dn@T~2{#aSC*F2tGEn$b`z<;BbPJAht;m=;gp1c5YX?C&r@ z9k|p6cykbl*d?>p33a-9k<3Es0uWHWhXsT=P@y>`gJsHNrrPRbX1P)h>rPgJ*z)AF zOG9*NGNe9E8@Ehx7ySK>EG_(4FxJ;xZ_CL7zG<`!+P;qk>9idJ z>AN-GS{LWlG_d9!>|)KgIZ*Ie@4X+a*<1awNByzq-)27q>OGA1HGZ3lN=HO;hW$nd zNy{M13zic65~Klay4eIN)dg!H01N~QxhXVT8T zC;BKR+lK!AcXHZy@gsiUFh;ZKy4V}}@~*ho$vvQV$knb+7h*T)s9NlLk+5BzEA|j^ zIC3sHkp++Ls4P?T^qqHQ8e~S(4B~&n@#586tIDa zY?r+%YY-Wxv&+iIRRTD;WdQ^MAICBVm3sF%M0&A4^Y!jDdRyuiA+b?mb@${D;NJ<_ zp6nt^gPbTx-3&IyPCtznIGSBtc*^EA^@)~_p}K;s!GYN=;v4chiT1d?qiD&b)@pRw z_Y(wLOxIKzmFB7?@W3bSN?t+&v6UOD4KoT`yE?sOaI>eeJfqw|jju>~;lV28^>Le# zlRM$7axEcb&u&3^d*+^MGj)^-HWHET8L!G3gob_D-i!+L&f{C!McVW_RZb02Ni;-4 zkWP#)X;fG0+AHc1)XF0nui?}V)e+`GI?|8yU#`c%6=|a)FNLddb1_Y*&({A^|A_eO z@wx$uoj!uApaQ3==yvn)ArxtkEc27N*KP5iPOy2PMPI!Se>xyw1Ih`3R>IGZ%|S#v zdbatm=9vv;4!a((FzUpjK1RY{|BXi{CT_WRvjY&hm#3N;3#mFK#hu8H1Y2jM{39k3 zrW{UgMU?LmS31S}s^N#Mj6$(^1%uHq78iq`{-yr=_Fu@^n=6jq?xCYSAP8LS1QDHJ zw)t8luk#?#9z;t?4@;MdN@%ZBM5bczA04l8(w3+}p@C%d%bRYFlpk(?{lZCIB3lWq zu|HVi#DnVCrDE69x-F5dY6Q&$Y84^ixQ`f5d7|S==4BKly?BoB>KA=2-uylO{u{)c zAN%27p6&FH*jEF3NT?3gD|ZZX!@2CX*0b3w>Knlk`Bi0u0&;RW7Ui7oWCj~?tTML+ zvRGQ7(;&| z>WoVC#7BzmkdFCxXpuJjs8HAhS=iS2Ur)ACgr>&-d{ZZuW^Gbvg!nB*0;Cj&GLu~; zaL1N?uifqM1A%i5M76pizaX!^KMzvD4cY}C&Ww3%#agoJ;b z9R(sOYv+YZI4>-C42!;aj#_9pjW*!a0#BG5eddzyav=JKNR;89`{0eNlGv&)zD4ZQ z$Oo>?G@=_lvy7=Jl@7g1T#@VCEA+;hBFj>4{qV=7ygNDcAR$9ikn-1GTuOpZm)W~= z zgy8_=kXTDGWEPVV{`g`c9htRv+N?pLeV=+YKs#}EuF`Bx8EmGPsWqf>4yOXAP*f7w zY*LZL=h2Tp`cWtCDVq~Noz&c0$wgIMdE=o$i<-+ZF3dCMQ!5lx+q281$|?@Z4;@z7 zmVHq|bmO8u_zYPw_C*wj2Nn_CY^au~1(FXtABXsFo%l><`Lh0pF+Msu{SEvuo6WQO zlg3812&T4FRE)FymSBCUd{?AS37-M184Zk>4RLy35P`=VY94Tw%wH)fn3=-;QQ zuyqmV$RoBh-vU9>N!Xs>a-GfSvh?5yxywlpT1W2iXtOZx*5`IixlKC4qQQyL6rm!hg7DJkt+DSigbmn zGF_!6SEN>o3GSC*g%=3(@IOXz7Dy!c!XJOMzzc=>Y2YVrH)uZ)dnoqI-(^}`$A~Ux zUeyIZSG9>$2eX=+=jzRmB%{9RddyQa_Ys!D6jW%l>ag}Yf)|7bWzRzOubC{ zlB%~C(i2uNlD#}wQZDl5&?ibWBc*0jVICIzmQRl;Z6ACpmk*?ly9YB~y{OUBZX1GY z$)faJtF;EF)HIUIyp$5*G$uMa#!JNfaC7sQ3CT1)OvWH0>j7@vr9FqCjul+K#f1L- zKg3WPVTko#EOJ`Lb?x5dnJ9spuzNO%I>p3HZCsON{?c*RhEx$XyS}b28Op4}y6fo< z-rksd^^g_Ln18&u=_t$FOa#|QZ=PY>8QoSnwHf5Ep(^<3|V~KzpN9) zln1xRy?~!)=}q2!RKz9Wr(}Ki-xinoqb2^KE&hhU%&X1>){BdMbSNYiRwL<~8d|)Y zr^`SLK}Uz4)%(BRXpY^sl5_czXs^D*!0f&Jzi5taFfZLpp!=@`Q;^!)d?kj#uxw2M zN=xaWN+Vw|bfyZEUn3%d)^CPk^6Iu55||ACZv(6L3_HGTULHu}5UgQI#mh@m?oDH| z)0~_wVgG;^00-av?BI+c=J7^<#GL;x4r%Wr2^U*nT&dcw;{mlJ^pd8B~nJ8pWf>c?>_NF*)oz zMA)PHDF0t?7bjc*LUe-Z_w??hnh>}&9PSYU&tH*$K0s~&F^E$rM9`Dp9~D{qx2vZ2 z7-=aNcTu%3ziu=w_pfj6Q`e2X4Cgyo4kR+e_VcffZbA-%tM8z$nGkN&oC+pVV$(FZ zl!qrgF)($9qGF28h~Nx5G^A#&u8yW-+u{QP(&%A}aYY`<_j0+b;s~S^8rJ;A_&vNp z1_M|@OOLrXeSzNF@}EJ2UEj0!o^xarhBz&j#6kpccmhL_H<|Z-T7JcJ5}BrSmr4K& zV9CwcfmrlS8CU@CQkH5)BA!BrigF(Z{LOH~2>$=w&Q}2zP};Y!37Nu#aBD zX;;YP=+-q5F>Uz^N<*qMW*NR%T9378p0fk~B=q59z4wcR)pQ*jQat^UIeEkLXF6q} z6HAsyPz`G*)$?jj=^-Vo)L&|=)SZN32tH%1*A3u3UpjQ9nl>elWy$Xc>Emxx8e64J z{giIGfil$WX%cHz?sFoS2QP=@F-<+MVdu2`Scmj_A}U{~h>FYfDSVHhKqB>(Qe%y<83;dC{l5}jbv#vtfs7Rlyv zsS;Uub>z2~dWn=>3RS|o9#@xu+++)|M;k4-FmS zH#tY;87Aq8W(6S8*-R@?{s<#$PQPN+ZKbhFgv{C@8M4xPmuUh+1Ah&x5iN~oG--E~ zfa5l$4%S-k1k*dTcU1MT?y^1bz?gOwJrIfW3KInyF{d1nY=0m=6RDm z&78&@Ukf~2Ua>`F3BH#5-aKTBLQJ%9y(?e1n#&zG6=BT@^}-ZZiiOKd&bsp8Apy#8 zGyeELvRQQjv}P=A>sW90PUnh=^#+pHY^J*am z{?N}qCurEhKg6xt#f+7)v@9L_cnP(Hed42Q0~*=yx43Pc@L|=cNJ)E?nDuV?egBL} zD0rDFt@hVn9*}tK+{B~^Ql8?XOSGA*oDg|D2QrS#sm)e~ESt%%Ci(;!Y(H>N`><&u z2<-f{U#RL}SQZro;j~tFubxi|lOKHZr>d2aWQ(FW*Kj{x z79TD82yi*x4$lu*Z`)TIcp;%A{dgbQFI`Zj>1%u$abVf{y6~g^T3m?zz(HAT7dLsY zekj;T^w$EzXN?(Hs1KSS>=3Lwi47N7UzCjh1(McSdxbZ!QtN{q`6Jo*uHU{iBk-wq zqz656x}FZnK6PVHc-7e@0}TV>h$Vv2X-mW4<(nhwd* zENaAPWRJ|W21_-XPU-BD_y{=pbhc-fx`Vk{B00unpO8pKL8#-~xM{jxwiFUeBoLc9 zEfF6FFA8vcnZ3OM@9)@`R#$QQ^#ziR9?vwl!o7#Rd0Krn$oBCmMsj=}iX|&bdH#mg z&gT;IUzyP|ATSxqUw$RAK@LW6sE^8Ue6*V0pYDCKDii6M1Ns8tMuYoXUCeFoPS%f)3^WXs4jX6X&OZ1Bg7*p&#e*eAr2eITI{C8Z_n=6C5O zvsiEzrdV{eV7(;$)Vw|>0%mH8RS#5PVj>poE6#IovUyX48tN7DnK zWCKXa-R`qlhjZuPz%*%CyBMhI{H6AK%)tp68)7>omO9Z zOr#a4n@W>N&0!j|KNWHuPi}}c_R_a$VYnA`_rH%XX!MlIjPYj)CkmNOT;>2 zE&U(BbNPRMDhTdQ&0hpT&p?9t;N+4RTFOroe`*0Tj>fpww@ef*gR#BxdC=K#rj60Y zY&_GwAPetvKsgGXUtDXs|7MeGOeJ;Bv9R@7Y+7b2SU2>d-h{EA4l~u8vw`yOxYkm? z&1Os`LrL3jpVy{T_#tX>I)#=9z(G_o0_R-R3VY=LY}=UEjC=uXS$arJrK zc>}lsOgE7Cr(o140R5h8&s=d_eq3o?sn?|c0dwFxqwnlB+D-PEq_fC+tIjH-wE)ew zybE7;KRssD359(O#!ALC0D=v@zTLcnz7tt_AYwLZR`k}(vZxuLENz%M6Z3*U`#H*E z<{Gy1W4R=@Vp8(Y?t7DpEH^ z(QlD_|KUjVD0{lGYe*uc*uqks9U!PDL1}tQFH;9KFUq`3<1Ayia-`8QZ*XW2OCaM)(NdH8VG2L>%WTSUE@6P_B1R=B1P* zr$t3;*SvgoH8Gf7LHwO@h!n&Ck-`}sHfYkPeQ7A7YsP!t= zuQ5t_w(m@-H{67=`Gy%@^n1e)-3|VsmPyPpc_qAp$fhZ%X+W8`g}>%=}QFbQ=9S%>%_TC+;;}0kS zkBY@?3_|YKX3mQH527_%H!WIPZdmBdT9eX)C;flI(iv|cwC;wf&Y(9q?}OYVB;815 z;b|tV5$;*08|I>P(|koyGH;Ke|6PpasdLNv8@FL$q{bpH9WHKo z6j4`vx!Q0^gk*ht`Nj{(COI|~Bs7n1Szq(~5(?IDcqUc#%H3hd_E)W61*n|sGUUQk zL}5CgSCEc~NiPxz(u-pe1!Nw-kc=RZi~IP=P>kO%EJ=^3{cy=iOc3*(CFy5Bm=&aE zZzs@ht$F0|#B*!IOY~8Z;AHK1^1>;mgY`QF$HC14|wzho|udFpe|KgP{(}oY)_cdMm_hM^-D}92+ z-Bx5(c5yrRs62ne%wCQtUNg*s*W;cB;p5AgoAafHx{)KSy zV(0vSQnH}WE04F~79m?qSiqP3NNs@;N};7n(~x9r{OIA@sLz86M~JGW$t<96Lk8@; z^SiMzj~Z-kzCZZ$4<|8~A$G zBZ9T~W4b>popRfBZmDP7z|(LwoY(OCfj)MKgQSmau!{@ zSTuccfyfSY@QGq*)tg(oxxL+NZTCyr)06P5*5VkA}^nSnB$k zQnZ;}$v^$5P;0&5*PVY*&(U))(#sl7u_5LQ?b!)oW3a`J2B;noh^6j4r~Up=Wuc-HTKxW? zQ?t_rzN~8M-=I`Qs_tww(*6=20}MCUlc-4vn*7=~xgJCxulsrYk&#zgnuTDh8u;}q zXkE(H(Fj!Lx$berAJIP>A#Gu@!ydyrkEp+&)&uA~l&I@v`_i-IEg4Y*tBA$IXeTB# z<0)`X(lu=NAIcx8VtiV%@~CSO&;F2^;N~wlCctyYtUQM+_jfQ}2gVQEk(cEPmw&>~ zG4KUuBOkM{l^g80Xe?5TG@{F(u>mv+uZT2a&7!>nj0XVt4i+brvWiGd6MtMqQqIua z0(4f-%MpXvDOkR3ln-m}U~XDL9n2z=pX=ZQ-$Ea=+tRxyVN~T^_?&X{efM<})$I(9 z6RFPB_NS}np}ixNfm!>3X8)=hh&TN;Ay+@l9{3j70dz;gm+RmAXtMUYn$UZ$Dn7Gi zK1Zgv6*&+a4+qP>K^JFuu7|E&-4mcFmK8{TJ;OHVmyNqh(xs{Ua`N)J91OaJbi-`U zO?xC~Fr5K9*6o>M-BlD^gm zgvXJD9^+%AgM8o%F;+w_RtXN1il!e(9~al$DF(WmmBCT!wWK}73}JAXTXR1Ad3Q_m zUC@~&$V-P6Dr-f>acyAp%J$5M)9JXza#$qY+WD8q9=bndci07*QQvg zD_$rsNV(Yp_o`nmQI<6?Cz4{%X_oJqwZIzMD4oy5*5n1$bEZFAeJY--ZXrF)?pF*A z8?6Cres9uWR;nTOSzAMZUw|J=SS^^IeUehtS8~_+snJcv2rBe>utI!%8D~SL-@~_L zKS#TQNBM%kO%zOjddZ0oF*FlC%xm+5_#H>1h{-#hBd??o7P&OAg2 zYp*jWZ&(P@7M!BLhWhQdoZ}?5?vDgT-#0t^Cu>hd^RxZo@AckWLY`i{jIt-pzFZgI z#mrujX4QYb!R+=BXK$aff8Aau9pU)roezK0dWbI`N@O>ZjRmx@upM=r+YlR111yAY z>%k4`eT)>(ZRp0>D%yN<0b^laLvgi6H_QdxpM9@LKKe@nh&-=#k!&Ih1)TN&e~_m}P>(;>_!$7&cV(?~pif<22-6~9~z(UY!7sCoHDSt`Rs zIDU-X0Wv#MM_Kk|B1MB1f@oo5k%r0Lu_Q9}RsuL1x4K{Es1 z*=_%qG@Yxlt6MJ_q@0ALgYLSE_@G)@IZ~M@aEfVrRM}Ox!83DFZ-M6b-#N1=tFhht zn(IJ%op#A!O6#{&>$Eb%IS_weN(TQt#7!pnry2OU@xsB&f+1~3q!&{b|I3Of#lmcR z((Rv!f$}nb2}s;@+8zmU!BPV~QX7xH$W+_%y%$}a0iQ3NY;X-S7I*XaI~o9W9X*Oh&DJr~~s?Ou}CZaMqF&C4ZlbBoqaQ83w=bt)d2~u6- zhYH$#1%N{LZX(d0ZgV&ek=ShG+xM#D;Gmk+^VQYIP$;7gCGrD!g3m8VR>VV(_maGM zP69|Zz0h#M{4hw@y2c7#8yw7NWR6NC`)=hUkN(Zt!hk9eJ=q5Wu|44B1q96{T*cBF z_9+@mMM7NmEw;SGe8lOSfd4%Q^A)p3br{ki{z19Kyg^=RTitWo1Lf<>;XnOiYal&} z-(ZhC??S`Ss=gp;fudOY(>eAzKPT>npq{AewB@-v9T{|U`fanhoV4pA*1~p&%h_q6 zuxx}|fK;`IamSvw?9QcGcFociFt!s@gONrYnLM48%4(h5nGdKS5c}+w7nx8tGT>yr z!F*HvtNhO|*0ny@8GD(}0J_wtUvOU>f)1Kys=2MY)YJ@ZWgc|g?c2CP`{=ayGBp`$ z^~L5UwJ!s3(t~V-5nQxa3I#n^2|UTeIp&vnwjx7zV5zPo-P0!OZY7{ri%=&&Z$ zhO-ft@@*Rp->BuNvac3*bX+M`W~*}a-=rAl6Hef5srIrpA3`SvKN!ZecH+vA5bBWE z(ZM)#tT;?zvGysB?iD`M;qW34$HBPL#!etVlQuIt)208;jCo;T?@kxj%(d_yMz``BbgJj%_Z7rI!aU?>&OvbRLZHL zIE`2;*%Bd^eBn+WG7_hm_S}u>fk;7v|7j(pIekNWTUVwXXv15LBddg0D3BK7`Z8}v zrX#B>)7wg14>qu@x-OUuQBG6qOOMesl*eX6AlH}9Q1@(T!YGX`iLS~4BKh(eqt(QN zkGOu>@tgG9j-;0t%jS6S;Ur>Rf=ODHP*M4u#|Mn2&c7h?03LG)pjd2)%;?e zI(f@(P5jPgvKuIWTk6UGDW2iZU41~%L^Dy=NF2nTjVt=4c~NIL*Pa(ij*Llo`LBps zSDJlRuAbP*=?s#SjU-Y@g8O~(3o2}NO}v3?B@flP8`{kR_5_@>65NuBssr zo`|0HSSl!Mx~rR0^+a7Tt?G{<{-NuJNsLrqSxcf327iFy^JdmgddJ~2jIh`XaonjH z5#mFBJ6}U$&=bo7&Q>rSIJbo=*1Kv1`UGDb*nB;3Io?xHkg9$tvju%71So<-5_bH! zkzUvTim-;Jr5OjZImBFkT7?vfvm#gOmadDgG&k#}U@pw_K`qEV^J}8tT+?FiwGGPm zda@76R7ZAlW(Ud029lr{UD$|LhW9caugg@ZGqI(Qt-pyOj38`VCe!Z^#NHzRb?SVQ zJ)Nxb%{^f&ku}Ew^{w)P-&2X@xN_f(IVmlle7D3%ShdJj7Egu8fx7fp zWWV^4oJC?j?&`?jE&f|2bKTBe#ldoek6*MVsVa9__!^#CaP>kWy(wii0$(pR^RiLP zV#PROfp8x$I+w_|)M&!OFuMWC+1ho^B{#^8@J(-Ojq*4QL&{qgLx@~Q%;lqlB;$@#|gMcC|xSLuBCyF7AmU_104# zYNdeQJ3A%YddeZw8Z~s&57hy^qGVuBXScPUc7kMzpZCUF@axd)VckmgD9TJ&r{Xnb znk~(lCw28^lpQ~&)ix=Df2XVvY6)XNMc6Z)RO)W6NMBQ(-$>A754|$nFv&kWV~|Ks z-IbMvswLGb`L5fpjAm1p9aSeGiA#ka-v9Np?{D^x^&Yn3gJedZI3tiy+x z2B26(9iJd8ebsqYWp3%)e0tI`PbK{_$H+15sibVY!nkeGEiaO(QdQ)l*86D`iGxq4 zZ5@C%i1r;daw^~6MDDKoKW;Ns_NlZTmC=XXyo!mcY&2}W!>>Q$b5;o_ZH6z z_DjffjpX%TU%EK;F(95!defCS6k(bV8`f#UJm9qB?JcF*5;r|8{rmRzMZUxWx>TIU z2x;c53%9QdZk5`WZ+=UzB6KNl3a^wb^IIbwP+@kW3SNFT37Pad>0b<%>`Z@%NV`ZQ z1*quR@#c`w*Wh@D_SqiUuKRv#IY-Ey+vCC?ug#WB2)4tDqwbMb#>mWz!iwJ+k?R8LuuX`{x*L zoR&nYz^AWAQxOhPt~RO(E^0_`0lb{I+wvG)@vc)lOXXbOTxz1yG1?i_j`HltSn4;U z)-9BE&;@n+s-oZ5QH?T2WtSs&%xEQ(HK=bcWnIAFot<)@s=?Ke|K5b4%R(Id^_LD! z@q9@>EiwIhM;8aI56&ZtthL6-m*j!!%AjnTI&`S$B}>=uO+VrNVLGWBzTm+mo)7th zL0@7GFi`)wctu-gROBI`yOb~3qEGDQi*q^Skx71i%zug9zYx2b{{qz$rpeezHwa|9 zaN=7VQc;}x(q&8sFlHh>EkpJ+so$9O7S{4I(cbFXjD=l=b$9AhZhiX*v?tHwNX*n$ zO>RBOWb0J+ZXnN;yU7d8F+i1g5^>WZ)fBg}EA37j~Ok+e0v^w|Kc zdzo4kutEi5hd>}xT+X0saY1OdxR^G(*bu9cc)8*WXOl15f0I@q zkjZx?%QRV*m-xYFmSXj5xKU5Zgx$V};T_99eH(=FEP+6*ca^WoTk8Vm9n1iJQdj&l z-eAxf`8zWz`#h!4?zgAf723nDnTJ`MsVX(TOf11yYPHP_YZ%a$R>b@>00NoUr|A8R zAtUa=a9r~nOfF6H2datx?RC51lBB*zzmzg`y;PthO7lJ4SddK?=mmc#e@@<@cxP*B zrYTi<^Z7K*W1FToX2_pzjwdT`Jf8ycwm0R^=y*EbId)0gEm@sVE3i*jSy(+E+?cX( z9wl`SBWMT8O2cj?PsO{;YxABIDY+`1bw`m;$aW76K1x$$^`s9E^B0NuxZKE?Z*Z69 zu6!S`eh<+)xoeknpl0y0+oP>C1f%5DU zJy3;k{PWV68IfIKE|r)?p5RG}Foma~#yHcL)WgdR(SGVQzotW(-f2*|e3yH?I=hpy zeLK3?o7#ST8gX0ul=dp`!UIH_oRafD+3|7BL}q$^%uW#ILIuXW}P(yTX*oe%uRqe>qZ)QSPbaq*oqC$Y8 z1(!QekRDR#PG=F+uQ<@4JoS9JMWeCfO19FhH0hrt7>wwju4xccN8<^T43@*nlc3xO zOr#YiV?9e}>rqTj3QZRmeU4eTDyHw9C`_v^N)srl7ijkf%*Qb9im1(;>vZniAstms zQ&aE8Ot$W!uP3UtcYt`zO3P5)HS6qRc8_-n9KdC0F^p?;&68MBZ*2 z<0I`F8GaC-!GBNs2PIF;&j=bN#m@PsF2Mwp2WATbr59(x?wzhNk86~Fkspb9oKlIS z8i%%_E+JG1mDDN<3i-z9&x;YbrZ8m~9614got&EdCBO|1diu6c;X3ZU!sTmIgh6EP zM^lpuPjORVjlyBVw9CHQvUi=r_0L6=YWew^7rIprY*E=wiRwaf3BLZykvp) zCqyxK0;7-kJfxy3K?-{lkU=y&etekqvmxhp+)sN>Qns&3e9O!yLQLYQ&Q+5L!A;l= z>qXS*K)8-hjZI0pAiaDkw@KMIR*=&wLJ+V=$Z z1c&zBhusJ1=wYdE7B&lXrw``Q?wqgcsRBJDRJGt7Ps`PAFD{H4$K}{Y?s&-4akav8 zHKcW(r)#ktB}GveaXmKC+lxmEI!C?`g;FN=?%!r?gi#KgVcUM@-ikbwI&?P^Jo%#MF0*;yWjv(C5b!HoG#o^X+&*iLGk4K8>=qhvf>=CxwCGGV z=A!odTqNinvNnq3GGe!F*JPp5@s(ngHHfVyO7FI?6Q%q&nWIpCmgRj{{w}0Ez~3cO z(3PELONLUG0vdt?l7u(QuUxD7Z;Xrf>h#R+dt*uBF6DQ+_!yPc2;o`E79|V9>cuHQ zS~i74`@;SrCC}>TAKN3;tJBfC_bf(pvaT#K;IZAu#~*iTNB0+V+8Rhm1dv$dj5NUR&OIAy-bdc9ld=&qQXXa=}ykkQykWxQ>_^6kjxU`QVAmc5CYWh#7KkI@Xy>)w} z`8eliN15kGfnLu?K-x;oNxOpNOZPnvd?Uyw^${n^(ykPy*@%0I7iL_b-rhn81VoqHI1uRlatY3-5_Qu0@p7w(pLuvFWI^io!YUq1j^-;uc@xS&hKl~eb#O6NY zH2V#ppBg^+mdw!ksR{_6Bs7kGJOzS6(>?Akv$~d7SV->flyHVixOf%RXm1d=Whl_a=HXV6sZ z@GwD%ztr|gApRl&#w*)}XbjCdqLK)cE?x*{=)>DynR&y3TYU8+S(_eu>x*eX;$EK~ zkzEQ$K0OPMli2v@4|BNJM8$nt!k-ne^rPtQZK)^@Qf|uQ7aJg#di>1<v7mebw&92&mLwiIzn@$Tz?r|8_LhjH;_<0>0{DLf-F=J5Z;p{r|GUrZu9 zuz~5pWDE`HT=`s{6BCFu)dwM6>$l)Pfugbv0SDnpxACts8&e08&kf3q+g zZ99{o9#X0naDN(3Bz;D68B?z7<;Ph6`XVF&J^J!Mm(SwG zEx$;CU^9z1W52UOq01kUAnd|kU9$Hm;SuYEsh6{K61COS>!ObI)i=;pR0HyJho)&Yd!CQvY{N!X9<6M;Kxdi%&ghF|1#Y{Q zTE;!a*0FVCp5mxxkbmV(@0596PujwlnCdrr_yx_1)P;NAX$z`e+``9cbsZ}Bc~vin z4<;nOQw2a>68L{L00@_z)PB0GD(+21W%B!M4-rZC567qAh`}^ol4aq!4K{r--D>=cC>sH@LEmq#wJs?*YbY>kNq{CA_Jw#?jT7<&jz z>9%A@8Sxc$6*NixY{L`KP%9=w4m>C=y(0*zw`*kFEBF!UZ9!POLk(0hkG#H(*R1_k z>f$&YZ>h@TU(?ZCRNLNNHz<7l%qsNcb)f=Hm4ENV!p}>)+|lOanyJ+F)F-cgWYlKP zq3aM2PWe(pQ{zAVrW0oykQClW`epdXEJdRxi!)uM+x=Ln>DDl1DDb<+t&3 zp=SG6jHms8W{316yw`-Eo*0Ov%b#&(U!9H!Xr-u*IuZZsGj_HD(F-y&mmbK-ZbL_>zE*kyerH303t*{yQi8nG~!`qdUkJJ1VbODem}8AGhCIWfIO zyXk83&g2H!iIppN!$l!yErAALOX!ve+8E6glBB`R09SQ2^>n&29d0%0^{tk-uJr%H zSdr~W+`cbdRk`rXFVsvcCfqLd(0+;Tf)hkR<$d$G!upT7;=o?6lgN2jeI(ZQ6=lCV z-WtCZ1!1yFH$hBIKUJSupZxdpOk~}jJXK`ZfB#M*Q$D@kr|i+xX%GXXTbz*bxwt7w zja&irOA&ifuCSg0;}3-_s|_{M==vz4&{fFDP2qA2v9GDHm5GYDHbu3SxH+>bQ)hMF zVbZrKYilTb-I+>ctI_a)e_Bz`oO&*9i{Qq#DWo~LDGYS~epOo4DyrEyj2~4e?M>dP zt|tfU`UAN!eKxs3g<}#*~G<$?tMY)nt8~2gJFcK_HW_6m&bcK%KLnmE}@v9s_YP^l(vp-4-%5# zm~egTIsQ;)rx5WF?Ta5b9=K~4#DhF3KYhqv1W9IgeunGOYWGc^++TSG2kyF{QIxJt zg5rz*tl{r0G2vE5zWl*uQ21D^+EWz^WWDNI(R2XjFxM7Y{*5q*V&(N|>Us&&1?vv? z-isQ&iZiNP0v|pm7!+-!fLL2~GK5v9&UpiCY_~;Ya{SVNk9MPW>i;}ZJ**y2ru^Ri zF0bumXK+5d8T?1P{>1&C41ND?P%hV0OE?_jYJa`|;m0-HlRQWDW-NA?~n8x z6x0Iq4rOA)!jE2sI^3@VzN4ti)E~D82E4A6$G9`h;uWI5$`ES!^N)KBK+hJO?|r*4 za7%lciLLOL?FP}~L6Ip?CJnEA{VU2q`NAZg=eITRxL&G}sxx0p2+g=Hr#I6dDXfVE z$Gw}L{0e<7RC>2uAGJGEPVN`4H}lX1r_Y#+en4&Y#B3U=4V zc_f{DXrZi!gSLMARTZ#&+o&w27cfx#K_tGM6Mz~--?6nPdR3lc>CyOYm##jes7sSg{XhtUanr5lx0 z?*?MF1`MW`YZ&!o_=16iZMOHUFtZpn&RE*<=k_$-fZxkF$ab9qqQC}LM_c|Zr5`uk9pwS}$M z<7*^he1%ri!mzTyn>M=sjDNnBJL%WqSCW1$vEX!aLCS4N0ni~kjmG=200hE)s@CFB zMMx-TUr7mPHY|Kp?ajOZp_$X&jjR!ikQJSsW`?j8lq*KKp@r+CwepT_f7>uDmKpQU zi}t}068WDwXg0rq+}p?Wq4sF0gfMD)4RLY_KK9};GOO7n!;LTl zU6nP7`cO(lO7cy_+MmJi{#E`E)_c>iooWHbVJ%y8h*J7qGkIOOUnS)==F-!Dpqs1Q zf%)`^psXCnzw`GY=}gkn{H z&GwG?3Aj8}m4V5-Puqak`*Gd4rtzqFM^Zm9FAFiW?@DyO+sK`+nj2J;Ds49zRp`q@^N=rJ1W@nT{+pRG#aH57iym&Y`on%1sA< z#jRv59fB?oUZ;evTU<1QANi|j^WUSojFs@NM{6BY?QxTF)>eWYCU`P4Q`}MIgGBcM zfbRZ@ZHqs=`W1i4a;)A^BFphl56ixA0HH1k^Us+)b0RV}W?4iqGtTbu=sEKK-#VWo zt!#^=v$}dOwLBS&W8mVX*YeVMNk?xFTB8(?0ZAGS;z;6Ra=}aGezQu1UD>LmYA%!8 z!?aaFxlvJp#YIj;?ZHzZ)+z2a;3WoVSds|C=4Ij05#+87my8v71c)n_fD=qVXHY;v z^w<~m3ld-u9Y2AW7U7^dhB6^poq9f~iRoV<1o41XB^BLM@o$o)_PXA^v>fqk^2;Nhi_JTY%1=Jymk(fKtw7gE)d5?dVc!Yi`H~Q6bOXpx z^IoH5Cv$SQ;31rJL`geFYgYH-@?{h*qew2ViCD$xV1Mu zE3=B|vD4jwK3mg{Um)J1sHE*OU&&MP4ZA9NxT3FSEZ|CZ4)=#%(Qc4@Zs42DD*X$E zn6@cr{?$PLqIMD))rgn#-E2=+ciro;MVH@DxDwCNl3Iu6`>>JQOd|$0)Pr1LneZ*o+n*6BZ*1?pZM>E6k+MItr+jcfbJ+=N{25W8g50alC!agZP_K5C z@V1RfI5>9RoQ0w%wMoS66(LhmNy?sVdNM?j$NgyEZMk$wTon->S;0MI%-9PLK6|Ph z>o$Fw&4NVk*j~>=6DKt97&j^bpMgLu7Q|*m-^yrNTiMa4HxB=w`}}cQgYTL04SlLBx6*igl>V@xr1;Ppm!y#SOxDEJ}DK0B$b!tICsK z$S4BVjnXnbUCtij{JYPZ^gj7NQivqvCu6%l=%g+0 zk4?}aAB@dMCdSvjetDXtn%%$YBCDQG0P`*)I@NzIr@9*dhe<$?t|{qA;gg>-@vu%M zN&fJ7?UKz8HlNDP&M3-812|hTNkxcD{)PV)i|WZV&M~E)fwtTCjEr5mabr@>)lF8c=gp7 zNLn@er!|RfZqj*J(`&WXD(z1|P*SvAhXa8JLqCxb5@{zAf=9qeK?pNy8&}P6~zZ#3P(EKHHQ?*}`>wmO-rPvrv;% zI?n}1h*bTXQdg7eZY=8Fp%d0^LYRSvhWgY8}i@;8s-i`{ARr-oM>CgK6XW9buI{G z5hi4t4 zRKpU978brhLwW1d--NTOL~jcrORLYHW29|Z)+r}#AP_c?bi_15@AAk85)VYSGT4`y zyu`2I@gKO%38$oV=(WTJT$i8j56l7Yrk{MOw@eBx-)mmjack zXLn}g+?`2ia{1}&sXH)~VVzT+oLYQA%I2m1hKhg5ai%I+d4uf!bLI82X;{jo2VT#H z%=<&@GpA7tNW57@-kYks+>a(UEQK$wQ5z{s%PFa!BF9h@lD+ zAug>FqBJEX-+g!@qPQftec|;6!q4t6Tg#w!{d^_J&pzi49OnvL7-$)6x$~bH74x8} zcNvEHt-cvG(^EqeWBuC)w`Vz+Z(wvI->IfddpMS#@ zc-QYjUC9t&g zE^d&L8#RP`EK97R)@J?XUI3Enr7Xsf7qC_msT7M%4Bje6G1a>3FiK?|#%*N36!$6y z82d{s=1B}G>=VPXNLi2rH}1?m91|UjL<(bolyE7s*T_FY{O-6OxC1gcH%>%N048ti z*7K3ix~9^(FSS>^&4qv4C1)`$?U=LT9ZteKE*)2L2!Sza1V57hPh4p+fO<9!x1XmX z=Mv6tidYj|@65B_(e@uOyjpz%GI@@VGliw3l#$ZQQli4p<1C7`&RvgHsVqIIcsUFa zXT_6##^Z!r_G+c-iyC#=ae)uHQooF9%q8oJYQWV>KOY2ekQ2URdbH|~cnLld4ni*9 zGpdbs4vN~t@ZBa5ku{XH#`yg3{m-7H;wLriE0aB??^{si-fs};#lDPE@a;OBRvQuS z($HuPRJ;2g+-c2knc8ik{?UJK8E5vGllO1OaK?PG*_dpuo;8n2KLPF@`#TdRnB(5^ z=*fTo`LSl7&rfFlyZ7;*|M(?E4B2G;KO%nIjp=UcX#!o3VTgpnslZk*rgvFehEmj! z?`+3JzjfGlOuL7g4K8XS-uOvbZ!({^jGo+ob>BkYptT1Pp#x02h<<%Q#2ZxqxON$v zKC!xUiMJP`iY8hSvJ+3?yIx(TI{~8|ApOB7qKWT()rDCK_T&QTbETM)z(35%52eww z=Xf>dbxO(j#@yr*AZ=d3q?^`fZ}}aJ?F&$n{OvOpDaU33Azh~er1ran@R?=M{ zV^D@rlJ?u`m`!5l4WEGk9cR*4W=RBgn;DtnmQ@ZkSnzJ!g(WKHecIk(Qqw~kSp2-m zQcB=`C6A<7c-BCrbt`!q>-7#QE3!aVRzn-T3$;*c`ztHWYpX$9ksSxtDU8!hK&Bzy z=j)M<|65ayYXP<`X^LMYj5(TfV8hV#5Rr|ctso&o(S$}>NmQ)Cjd&Bb+a_iZ6iJvk zdty#ASxIL6+Re1q1e5T=pO~~p)Rv?wzcXpnYTXUTQE$R_t3qo@s&a}+MMkqohNJo* zBO=$GwT%>Syp%CncNI&W_Fs0QOjoV8EkVbJn5uq!$W%SRU8YLGM5d|(y%~n^yvGa^ z4`~SoDSdCfgVu^H(W77MDB#-~#@KDmD_|=ZZ3QMFM4KK*-<_`qU&X#+EM~f>5MLwH zAy8;h(q+58M|7CDMSp{0WBqr9zLF7w?OcgOaMf=B`;G2QGN0rxJ7dlCn#B#GF`sj%O{C(WA@YT<( zQFr3d(_2%fmpN-C37CI!y$&Pp92(t^c)7Nx<4G%>=ImwA84#qa^D!{H3)!WSJ=HG+ zcT0`i17Algx1~gUJ`_iXWoQApCGUc}oiSly>MM(p7u~gYnS+rRHTHG??ZW>W+FTIm1e%zTJbFD{!yVj?I6%H_fNd*SgM~6_wgyaR#~mi zKN=5>ea!nG=UGs2O?oEo&T0;#%rkY9_Hs zH|Mlen?{~=0x~I4T`&Q!PPm06`tXVbx+!JVC5YEE=K>+R@nUuzEvcDws z_`h9(5cmjh9TpMh8I03*M7s#w-t1kq#mt+?|B!hy0Hs815AutKyGfyx7gm|ZV)BmN z7Vc0E8sC<=B1?(xVexX5w|5!dwI_fNu%N$4%vq!cgRkv^%uLK8v*Z+0qQHDSdi;P! zBRbttUs%)&brYZIp(|@fiYXCBdTs1)4A@^ADPPDg>g~R#(NIEHbE?x$B)S6O5vk5Z zkQ}xsOhplVXn`t;eE4n*nD%kspeGaxNQeM`Ksq`j6IsYX9`aFuLX@Br$m`C6z zV7z}cv#S9<))oI^j%jIuT>d+UTz@5&R!~Y3f>#gb_jED(fEQV`FBubA4>1~G|7uxT zCkJJ%-IZ##-{WO8HC;%!52J){0i0+>aV@Okd5>G_zR;RhKnSXzn^rMC53&20Y|C;8 zL`wG7>^*f)a;C3`N>zOZ3Mb7j`GHkGP1RSN`mK&zPz=ruL+YoOF)K!8FeU0M6M->~ zcsIFa;8lSm?*@uV1Pu=cano;evfqJ#&qBm1M}BlK3o6Ft=>J@+~L7Y9eI=T8r&j@r)oU})op zBB4zT*)Qg&S7C*f!?5`j%nz;72&9dYUZL!!6x_J>K71p3(;V;otp;BPu{JAt+wCJV zb+|i-0M}T4o}1-{iT&}6H=CFHpkwle(QPgerJCICna#=HCbN_?))>pD`*AhK^737; z)n~B90J29ao<(!B1>mdS6d-4d^2~Hi(KsSooLFUujxxcF-XGvDSupz!_pc*TIuG@ay=P~O45t#)?KU> znJ+6NZW*q0`$w4$dJiy~fh@oEv4wzb@E_2egs~c!0eS=)p`f(yY`1Sp%RzVN4)52F zK~gt63(!73le*b;g!ZwEbQ3PO$pPa@Hzgv47mY3OPQL&UJPbrhsRyMtzd}7q?YavG z81KU>Vq)*)2nHD?;{V0_fy7LE(cWH{m`<6+J62&xh?uLV)DjjpGMC4_Xx98y2i_=J!O) z1GU-35+(1G=r1x}5i!T9d^dtkB2MJH7z{de4oeFF4ufv&qNU|BzojBUJ?aptxQ21* zRElYt_L_o}=c|u<^**(&(&RkUWjHK@RM}Ew{wYf$+H2H6LHjgMMX;K^0d>3Ocn)=cr6Y(z%R-=OGh^jCoxPU4TDSk=RVf?d3wL zJGUaRnKt%v640$(=|H8EDR8D^DpQtB5Klw72wYL!CUiNq7lx2uUzRzrU$QLeAkt+x zbR#!`A`|zqzF^=fTFtTy6C@;_CJII13|CLZky_@IEr<#ISay1d##gA17;B4rmQnuR z?1bYutDe6?*wQEGY#X;!sAmA2udWne@^TQUF8R4y0Mqsh?X8D&_Se2Gvd-7 z;$J^5+Gy_( zSn}TRT$G~>W6h}%nd{sx5s`OQQLhNG@;q_noV7wX9CVU;xL|3LLkyi*0|8h&w$g=y zO=Iu`at1qCTYv=T%OKBzb76ohtdb84++2HMz0wN$<2s_r5p5|O?IVh+a-c#KwJmy5 z%I2L2rxkVD!L@gp8_`?#6!z;m!aLFf-w;c=t&CC=S`DIe#GV*i8l{{qq$9t|EEuj0 z*6%SWsn5UF^51f$L_mK_JF1>!EXS~Pq+)rwsw@$gP=bdjq*P2BG?J1L&CIKrrIp;s zYO?NCN6Sl>-%^lfbq8G2LnJNB6qlkF{67b`mcoGbto$y0@<7QYawl_#lr!Ys=do+S zTG0Jnu^oMOBA=&VXz9rniEaOBWr;EML<&{x$Q|bM7E597Zm(Q4ttPpd@YSdG9<_*5)GAkN=f(jiu;sGKHWsJ)fyd zrBuUfk?6eP_3-9KH05^4TTF{vm;33aOsfw(i)+jOyOlM3v zr1@d^`|9pb%QcFu17sxtZC91iQ2TpiVz{B3V%bvU(2<`#@*r7uaDda=H5eWY;hw`+$Zg}9Y3KJiEBNW zZ<~Ci2b!91?QH#Ci%cn$cb@pE6aVeRFST56sk!a!ZCCEw*rwD_z5V3>Jo#6xuWx_w z_9yP(HA4%v-)b}5S-HPh{~xE`ctH1@ZcL0rr+@zR@0Nbu_1xXG`RnCt<+pdAy9c%u zE3&56v2*sIn>tM0NxKkHL0gkpGrNK`dbhrUb=WJq+9Y)OfvPSPbAk&H@qOIxHXrR$~R(pl*-sZV+b{TBKIg^G-p zjFlPdGsZJ!Gmd5WGVUsJGv8JGLh+}}|73Zxa#^!%g>0Q{hipc6RF08Tb#yItKaR1egr- zVF)(Ed2l&=6@FdyshUmcR#qw7lmp6*$_eEG1XSPrCndT2#f!a*%Rqd}jp>DNqN_SLuUiY^?T2Ihd z>Ra?f`WZulfo@P6at(uqe~eb+1N~NWqFHVUw4AeMSl3uzim7eh-ef=PpgPWG(X(2! z?%d1CKAuzT^mEqcvU5jWA+D{iZyt#A?0I|gzO$s}ziathfxKXK!M=hItbTFFxXaup z-G3Ff75-CXDEh6qwRpJrww+(e`I3irzj(MFr>DU);MrD+EM=9pmaZ$EFa5ntTeig; z;O+Om;;b(BRb*7`sQAG(sB);vzsgk|SAD+v3y-K8bIrP%?>+Ns?|Nm_$JhVUu)h)A z=x7{kf}6he+trfPTG%$!j%`2L5!2DtG1qZ7gxsm=EbFp&)pwPt-pBWL8$EV-{QB|v zU+!@Zdl9CEoempJT!nW=1S9_v`7*K+wPU4yR7vzlqQA%7HxM54A(kliavW*gVmJ(b z9`|)z7ofqf6ZuJZCcm31c#8I(dB#6I|D0`R)AOC#G%%|VR+!wEJU)9gCo^|+(}L32 z7A~ffq-%Xf{myLTM%CqBEITjDmRIFfVwgiEA)nAl=;+v$ zKPEf!PcjlqVp&(Jp>k?#rVHgYu0>tZ9sL>YbxY6nO)1sX*Fq~0SfmhOBEkS`V4)$6 zD*CvDDR`IHaD;2T009dP5vGl_psh5srR}reQUd`a;E*$82bly#S_~O+;0%A)dgIB5 zKR_5%ynSieRoCC89e3GvkG=OBGGXS@ZPrS;j=GVVLj_G8>kfUylX&;#*MBi3ZF8Gs zBrU&c-6pBo)f)6jr|8kUUr0h`QPZ=z6AygFE${il2PMsvU3~&cvm-4!?)n;a+$so=}}pT~u9L-B#UKJ%&%?Yxog zvSvlu+-y=UuJ&VgGP{yJ$X?{oI$;izGv}gmO?C6R_1xJA)C6WAeF^L{AQ%p+R)0KV z*WEzzT-882<%d2|DbenkNO#vin13I8juj=S0^s~4eivGeCIo{`u;4lFVPhn~@k}u& z9NJp#=^fw1aSSC{(Q+UBm-tJR^({QTyzTDm3ZUyy{QA2>SjkjCU4~513F7EY5FsDe zxsmCkE{=%x72Awzmn#fmXM|lQ;wrYf0IC0b{D=4T1P~V@(Q7mS`BMz>v?+;4nvtO~ zT1%`}Ih!JaVMwEbH`eprr=P^Il|>^fN;GuqafYJN$6D2CH>Qant`ur7WgVbaOE9iS zXsKXqGGWTNAS+f0qVB}I<0U^GZxY1b$IK}6>V}%k2&r{JFvx+NrI(98mSQ4dXWocJ z_X3l{P!!8CViyGf|)>RcX$Y_G|;#CJ0P}X+d2g2bQr0>ipAp z)k>7h+!*&?BN%4tAHSRWvhiUfQ{fLD+mtzurkFq0@D9KjXNYW+JHVRHL^a-1NtK(; zx@n#aJNhZUv#N`10YwmS?VoF*8ta&_F{P~K`rf0IY27-z*RqGN0xdO7}{drNZb@g-%d?5o7JH6=vmc<`Qz>vq@_}WW% zo%x#S(@&2`-T=DG9G=P(tLqOaQ^sScz#*Iy4ep@_Z#;AN-;kCAf+6vsrRY0PRyPi( zL6v~LWUnA(jWV6TIVlA^ab;GraAScakXRgAC@Jf#HmHW@dkZuD176guL7l`TCn+k3 zBJm8;l?~t9_u*aIDd6h5YV|VDFD&OXNCbW|ot3IxC3vX6D;c(1DAUEXO3%tNUZ;?| z5MeeZ_26v2&@Kf~9PBY94R{2|8RL6J`KaV>bfYzGaJyxy8Y@g!^@PD3yG2eoXhqt= z?~_!wj3u**wg_XS0;&XW5RJyo99eegPNJuj8=^IwB5*vAO0STxQ1}Co(D9sJMb$<5 zqSh{W`;(_wUf<6P9XQ!sGn#^x?EyZkvH|hcFMath+Hd^kDL#3_Dv9y$e)aE*zcV2& zSE3vhJvTpnvi!*0PyGsx|A!glkDh$xp;zWUJ)zMr0OCn}B;=oh8xa`WK^5&wg=i$4DvGD#cu*Oaag@|`O~bDMnf{HZu)Vy6^NLiMOoG0tFlNFNCT>_@=aY;euRdm#P~d=1G6Kh ze~BY;;wL$E_2|>uII!D6|A1uLp4EODYY7T)-36FQldvzO6KVWk>!hsW&BP+BO)ghXun(cnprC+HqaS57PC@8eV%r zL2b-_XkHW*Rn?mM)Lu*m(>0Rgd5%I6cwb5nzH(f@Bq_)EMc~w&^2Xy-z&g3l?Tb;C z+vHhAP!%s3=iOar5=CIbsk7b~(?ke1#GjRkI-SphQyjd)CQG)=b4MjM`^mIKe=3(JEeP~{k_3ANwVk3fP zN&x5KyeWGv5O!^TN^IiwDF&d07?!0;9N@va)_i2X!5iW5Pq9)fju}f0kT+8SUL@1u zP$--pyfweZ+gr>(n@sPv%RNt&K4ftu(iAlJ5utk&Zv`g=J4mOM$@(yRJoJKzj|0Oa z-$Wmev^Uoj<>zL@&&@BaZfg7ZQ#8ZsEUKz)XyWEkUsGA=v;uRmlv09ZMXp{8?h?rz zMwD^R7@@{v+yd^n$1nE?7$x36$MLcvs|{;sFxsX$(MZuiKRBF3u>g5%)~m|GdVIin zqvX+UhcVL5eRfPxs9+oac5q!X;$oil0hr$1U|yvkJ z)kzdulS(FLw|n*otWyjwepGzNDVyBIL^H_1gQ%TsMftWjYgyM!5#HF8bM;=s4eD^k6`Qw=5{SVK%SDuFN<)YNp{u4eUiS9pQ#! zd2Z9P?5LP!&4d!LjtrF}3D(Xw5^Hp4(yhe0F~##lN7CG51gUCEhSOW%@Vv?2FTZ0} zx?z+*6!moYj2;flSZ#%YuPOpi#p@av45Td24GvwEWZJkKai{5{l)BS1L$gH=f3vlA zYKDQTCpUmQI9tVd4FwCPz9LE8PMQD@lg78p(c~2s6hjqTlM}dGuc$!>Wy1B632ieU zSI^mcigt5NqFFwtD{uw{O5Q*MnEsVJ)}SkYY*|tj4dg=Csz z1Sr=3kZsGDpIADAt6V0Nz06DJ2xtYvwDn~ffZbHpT`op~n^!u~p5j!@8O=FNuc9t5 za{uQZQmXXa&A3?OEGzlu5J9VBsvp8|$9~92z!g2-bZ1&7yQxx=>XeDI&5Q;q*5E+% zf&p0nx8$E5QR+`x)q0c%xYDM|dCdWt4|^ zvJf#lL2jcxaC$y8`r3hav49geh=kg;m5nK>JZezMQz4FuN06LJ=q-fg%3il?4K3Uv zxBu$fH^n0w;kN&as;wy8aNHzv$A;>@$ zhkf%ON+NrG>Tu8a~>TEoNiYEUwq7X<`It>B#j_K3nqya_?l7vui7+&UauEN&F%BIJfhr2`4oVipk-IjW2J3Y1kRBnbXXj2 zyP}WMPR>TTQj}B$U6v!XK<&uAb)K*BEvGmuOikJcY??t%G}x8c6+^Wsn0}lDp(QFj z)mfnFo5MaeUwL-7YsF{>#z(>;_Xm;*QDd5@Zh_tn@p3?cGS+Uq2Dx4H4~nI z@FB;D(Xh<8l@v%BSiRsk>PcP_3L;k18sqAeBHCpt;#eY`uhR$l1)nH^NYTVHm|7v_ z#DFwy!f-sVxIu5afSiZjs~?D4|AF9Z~^^l+)6|Y{RhFC>61D!WysWOs-VRCv|^= zG_V-5TtoJvzs8E67F+JEbVr{{XSeA;WEeqBH*ib|x~Ay@g|5_Os_~5cc_EfLKw+Gl zp|x%}zg;ri)?9BVA(LmoAnt0BGh8d3GL)$ZIL59DhvS_~41t1MyOV97wC3jz)RoZ` z@72z;4yK?`5>$sGU*sT4hBMofT8l>x)%%nW>>Er40=3H)a1ZY+sntpwmTY^_ddSld zCdisNt&L{}pb^h&>0nM(J}?<3n_XTK!~x}P@&|bQYsBX?^_K2IX7pd`=*j6BbRli9ya}pX{wh>V$ez zxJlnBsFDK6gv=QG={Fk0>27BxRW2QfMxU`Q-EtG z^ydM1XSw>-U?PbqYx*huZE<{#1Vx_d4BcS_4sfWARL3>KPhaQU-aFlLy?&mz%2p{& zjXA-|40DnI1_y;0Pb@0{iHljp#s?e$!TB&12sNNkJMH8#`3{1M8u5xINxM`qnrCdB zatEj}ToWojy2?98pk;E1cdK%WU?2=+o5DYOXbU@UF>PtXU;`+1okZdGR&R@=aDSc+ zhgqpildVxo>>ZK~8I@B2=QT$~b*4L%(QiCnQ{|Hx!(+%3>dexZU(<#+gbpur!I@Z>T1d2uGIPHwD`0mE{l!Vzzh2&&Bx518a-%1a)Y63C0qB5BVqk#&Dj0yC)~eB}sw zFNa1@GRDScAzLxm3&PmuNF0F?WfUtNo>FOg-lz$DKOVZIQ*rP2oLXZ@l8Z%%0VUOOJ_TA{FElF?-@)5&uAP)g4`E}p(&zh#Cd;I zf}>q~cff$Fy4FG{-JQ3#<&|;2X8|H)X#(%@jAT8ioS+u>b!Y*!6$X*Em^@XvR`~jE zFjlnPUskTx&-@Bp#2-C$sBWhz)!s*3*FJ{lI40y#(FuCde~1<u=uqnyxL_B``MlZ1J^&m-7V!q!Gc2s2R6mS}La~ zvc0~txlvLFZXn0_yFdNS|M};G;OV^jWz$vrX*ov#pfMTDDLK0hKttRO|K5vL?uk?5 z@o62l#Jfq8Vyeejsv+6egq_XFQ;q$kb|YWh+-CQ#NL^M7a$&tqCqG@Be>YlZv;Dp^ zBboIg=?$l&@$@s-)oZmLXBW$(AK1pgICfwgwjn2h3bCTPQoSi19`3_nts>+XN7xap zfxGyDlfh=OTww!dOJzPwavsKWsaUR(bL?f7a?2LX*z+#1z$J$;;jm08HRXYOVqQ%@ zFdC+Tg|5t|hQ#yyjSEam=rpQ# zU|yQv)~9^aut zmg)GO>xTItdkTQv)`~?sx@G7sh_s@4i*DTd+yIF5TtCb^bVZC}P*)Q`R*LF0O^ONk zfRzog-#Oo(;TzEmITthSPN$s_q5G8XUlV&{?W=mdS2Bx-d-oki6C?6#DrtkLpH>oQw_lEe}o zyB_3IT*EsW^ZOyZxK+D=XxB_pJQ;69mG`tM6FFSAc~n9|!0W+)4M+*dlb!UL0C)S@ zv(S>xb1cKKtWZos8h`2=V@2M$m`oPo*lm}4-L)~ZiQB9|0m=zNY-JHd{qv)pSl@kG zM!{9Rr%ekMtbk?au$R0Hfq<)|Xk^#M`q#-<1@Zz-5FF_BDg7VhEvYBc?agp@=gRI{ z$YZZG#07?HirU9vAm@k-ol(h)@5(lttk_pe;p~#UFg@rRCL;@tqnI!AIRvG#BJLE! ztqmW;cnVQx={NV9|AT0g zPmff|`N{3w{yUkjO2Ld2CB8@t&HK`s(p}tpu-o*aT4EuG5<`l}E1k~j8tvDL zOc2X4Sm+vLOM6;ShhRv#Qi&+Z9Eo%_Z)u|m42GK^g=9=61#ba9E?Jw#o^7bA=BLB3 zkZ?Jw^r|n%eMRObEkhGU=qP&a4oFm|QXS#ikzo=NnKy`d$R1w2vI zcE0lU^F-8QkXn>M&s$5!+L)Zkys}XFfcGFqh(_gkEy~Me z5fG5`m9w-H`rszBZ~t!i`G>l*le>^BlZ9bmE#p*nw7GD7>4y~d3{(<&fA5=Jxjbb4 z>l+E_#DfRH;pWT03b{FRM@4Op{IBzSG~`EShyhOEBoeaz>(Icne@vG@(V&0AL!p8g ze`Gd~F%{x}&ui`I%>L>}?w&qbB`E|U?*sak zVHjCHFLz_kBlsAJo@m#~Lu&tNb?^Z4or|qrIsN`VVu@Ger~lrg_~q-X7^X>eWo}AB6xh zX%BV#l!D_gU!}S8TagJ!T-Q5mwSQem=NYN(ZFNE3-Hb_IVE_0^N^Ps|blGZlIu|9h zyRB$t;4YYcS~a|+L=gpy%rh{TevGjBy5u67*12i?#`o74rv3iJHBQWbn-D67<09&L zuFlgBYPta`YcwPM0@^mZyVVtBx4w*Oy6={rPYhxVpGZy}8(&8F2l`UGN{ljTYoq^^F-%21$M zkM?@K<;TZF;|E^*PkUnh`O^Mq<*C(Qfq>{R#kP5ZTKj5VfBDAikNZMx-Vt!Fw7aVJ zD?v!`Z};X30_*tnYd=JSB&vyA-KqMh9Ie>Pl8_gGcR_M*uD$18)A_FX>w^@I0OQ6S zmR8*8rfFENvzk@UQ#&q{`Ms;f#KFq1y$_W8^LFpER1FLc$ z6^f(oQ%#`_YW1&AF8AO3@W4<65@{_IGkvDoVYOq@IORTmNUe4_*-ncohawEtgEH+T}<-K_{2Jlz%YWt z7)`Vrjv5KOwqb@!wUl0*n@{nbiSc1L7t>8%3v!k)MZCO}i!98~&!VM9=|H>1D15rn zIjTOwq|-7>u>BZb)kX=7an;Sb3ymv(M4(LDmSSwH0*pk9h&5Cl~AXzb!t>Z1@OI@$haKgg%s%oGgO+H6!E^CZNC zK#&lKzF=R^{51VP8p_DXlKN#6Hyh0VlrNf+uUnokkr6&i&ztO&MKD)N&y5`B`~r>aMHL- zmWrIEmly&8!D;D4u$Swzd=N{b_b=oViGn~#(b|oT4Z(ET%@Xj_rA)4f5VX-;nm2hD zUX(E<$1_L<`_3-YC-L`QfTgFforUaR<|qB{Vapb)1)v<@tds`0kl~_(^1%8*BGnL@lDJxu?f9bRz9k4& zbeNT87HH0}sw}VIHcjAwv;%%AS|xFlhcBs;5j*tp%u8)O6YbL+izsWd-5m@zvPtUL z8^Y`D{UPTlIA zbUN=Ptz>i4@e4#tS3}!%Wc{i!2t%3dmfdl`RZ-b@k1=O^FK=Jsjj%*@djdqf=gjCH zYnS!{D}?($w8nKiF?2(Yy4NYwOuvY7v^(p$vSH z-POLLnTGQ5#nb*UwmP(Wv!jTG619PgY{PAeY&cruNT|phi%QU&=9cylk|%JjIJW?5 z;)0=IRB%dgo`wl!gsjdE@RGzBG_1kZlgidLz+sn{ z=~64iDQ}CKp>G5t;DM;~-*n7`XyP36EC-m38LaXD_A|V8CcXS>99y=1j;pN*H1Kp= zAQ>$xr4Ul}ICMs7B^W^vQcNJ!Vw~NW)^oxfYMnFz!Ai=RtSHp+a-hhSiSjAH6s0;l zLu$T1C+w}#0ZxK|fy!*2l9VZ185S0GY(fwoc1Rfi=_@U;NE*2|WQf-=WtM0lYr9Za zBuUila07@WE1M52Xl<0sK`59`wke8?^c=X7Z=vlK09z1FNzM=^*dW`aG6w!&Q-^AtmjNc_8{3& zR6*{R{@-OQep26#P%aFt5U4miS%+vEd5l0aihM*#k98+K@1eCYKqB`){08^Pf zfnw}t;v7=2zEVJhFc(s}tVkLy7^`jFu&ioZULhJbjtmbgmvsX{;f7d<I1>~Zh1 z`{mB9H|2fRlO2Zd^xMP-?mk}Tfjuo=Fg=<^?O8D1kKNUg?NIxCT4gIB_8?q)V{v%F3hj}r14F2 z<7pcNXN~M&hz4AxtLSLLRJ6U$EJZ>9Ou9M+@qLpfSTM!2XE4j?^=GG+ib~}S+`Lt;LK68N|HbX^nl}kNPvc9YgLYL@RM9FcHUmo_ z+SCf6rSwQjP6=lOlRS{}Fq_mjg>fjTK>KavSmw9Cy5xTC@lf~AC9kQ6jpO01rnF)e z|7J%+txRD2R8&;-x(3)((n~3Zr^wLmur$qZ5~fKJ2b5w2T6=$8RVAz~S|up^(13NTNk!J}jVC`FSyJ0jGCa!dL z1`dRjfDrJFf!;^_#Rx+yoI6CHa>c90O~GF-?+*U?D?54MD44z_d=Y)!^^Cz3n7H{X zz)m%Om3$MukiOP^DUwOP6ny-ZaF02RJ=iz$ADY($LsGgYu8%cHM3#u6w&4HnR9CEI zuZE>736dfat*Wj?hhNQdAfpV{m8$7F>F0*ca^s0me{18BWNytqdT&1H^|IN!Z;97~ z8ehe!HneL zl&YQ@f|S2AJc%wbITXb*1hXc()9I_EcQo0G&N+>(wwPef_<3GLq&E=Fa6>R$x=#mu zQNOMgA&7ZtB+pl2LEjyE0HrAZTBf{~?nR~+Yoa7&Q(K0wxB7H*A^Gp}OE=k5esyrb zB^rDldxi!)EfO#5+2qi7JwGYD`-a1QmK6{ORpV%_afyy`1oXWiL@1sBt(Nka6Cx1} zZMKGN6y-Bx>KZkX&9ygJ<+de76d-N$!j@vDb8?cp5Q_KY2vpkjp_09S_$G{8ok6=5 zoWRZ5Pt277JY*A$naAbhIY!gWfJA+$QS&BMH zy7_8!QmWW0iXmTR=eTf!Y$(CoWJ6m;J7m)M27-IRn}%*DQS7i-CN(-@Nwi&&d8Q67 zCPSryG>^_?f8+>!AO#I@h4vNL%6MM)H+2wa0?ua^+{sqF?_q~719#e9dCuA8H|XWr z%w5i(@(sb?g!!Wq#TotP`-vm+2kx~J$R3LZ=-RG-F0D71f4#If4BukKlh&Va%L4d@ zu(%2-Xx|G?F{jW8HL!q~m~w%GEz^q-_DluD&M0NC1&%TDv-X|(XO_k<2e^bXMpV^` z;nf8FnREPxWhne5$X6C5ZxqDXSF|Nq`+x_PmMf+-R93Sb|`9Cq2qUib!Qw zZgEJfQBgRwT~b`sy*!g)Xt{O{oth%r-S-6$5nmY_ZbO?o8!i8Ow>)&o^nALZIM7J$ z>e$QZ_r^w9!NstsyKyj%eK?5%oW&XY5l5-s=pc-BqBJ^B#yUkFXAa8ne?TC_*ZW1R zn&n|(`ux{gi*yb_F}Y2Gdys66<$EUN(vycsdW+YoiEQ?}%;yHsG|{dVtz6Zi0LUj}zZsr}3Uf^&z-|tLm*v9#2ECH?$H|$_r<=?dDMYLMHmNmiI%!Cwe z(#bc=s-_2=f#WWI&9yyrr5P-yFj)RTW4d{vbN^ks@^AwocCZ|x1SludYy@Wn2zGnD z?&7mb^I{>)hM7|J#Y5Al?y?C@+r`Tm1t zaNz3a!X-`*YgDR{)6L|+Y%Pk_r*_vbrQ-Es@5L*}nbvWn8bI@q+L0TO7;tybxEI&F9dzuZSC+4Kgv)KdCn zFRs4a>|++&B)0C-nQ0xD$^}V82?DS~&`KW}4pV+#X~Jj|X|C|yb=Eh+ygk_6S&L>1 zoYIs*n;UzB|9y|EQ&nV3qq3rAhsO@sTbP1CjMY5Ve!f~?^eU; z6)C<#vc?M`r6v?Q6`;#Z8?T^CFNO2gXsw0eC^MDcbIR*g0SPQ!;7`Wu7sdx=$tq!| zE%vZ7eZ_qgMXUK_I@g|~xe{_^VV_2h>HPE(;+XfWs5h>LMTdissEv29&RT3TrIaX9 zZG-3noYJRbPOj&v?od5$bn56WQpb2&=g4lNjZQZg)OY|l9#*Pg%4z%S)vw&RaQM!c zOhsZzlk_Cuvosy|g;yXD7Zbnx!Wwebk)|naLT*b^YGB}9I8Y2XW1;)^Q}06OPA>CY z)|dbOUD*|fQjJ!%V8s*3R4SdxI3Y?bDmPH;nFfdIVSbziuFP`0!c8g5lE8BeP2ott z({6*<;m6#;VTmH2#BmweW1qb6%*h|$CO`@YkV%L zPQ>FeB)fx&5tTK<81tM}m=LqqN=LHJ+(rA=WXrt$k4%f=%QgJ`WOE7fh zcw5ufv@Ap7<#B5_7E-e_Gv7Oxt403Mw>uj%6532n<@< ztzV3X>$LGN$GU_(%+&!vsF05%ou+!FGpnM1WKA?(w}uGkvJA|G@e~6@`N6}%P-|m= zKtRtHF}Mtuqe<_YiY@WN&Fd8gOz zd>~$Lz8V#Zo>J5!Q4ZecXcS%4?ZCoYTiH&-i#H+f5s5%xDJQq>IG$=Hxk=X&va15q za4bzi!A=`xx9`z^d#=(zEEku2rU_qTfugTj`*lhSvY6u1oMJc{_q52v zspf`A13R##s2I<%M@6EoM}`}WWTSTN9RS9KpHhryXdD6UlLbeDH61po1)J73sv7V3 z#snCVR`50q0!P*3frv>8Zl?{fUU)5DLX}bq!&0TnYOra}_vW(k7>A2bGRzkYYB_QY zT{oO4-V$Yf=ZsSN;@>3i5E$F{v> z1$P5iJ=y5j79-qffRg7W)5>NM&}Kr*bO||u8R6gn%Z{u(iH0MYCejunAf|?X<4R-R zq(<9MJpS{q%4eVQll!Zl9qfC%!S{53 z@&l#T?|vKG?REq#0Csex12t%6%w<_;r`n5VXXAvqpo*_=W#^j|>E%^IfCivqI@sbh zL)VVLx2pHJ`ofd`V9*O(g_n6z;s|8<$TLLIw`jf^$qtjjX;+OWb{w-c1+>H~ z<z!n->&BFSrw;#iO-rQGad}dEN&!h;;I_Yw za9}6*8~wx0uXJ+L35i}>rb~4BjN{!LMVvMvRcgT=FGu~IAGFifdor0^)iWtA)dQZb z%V>jww|l%ZI!9{^AV$uj-*3CD>twwQd3S!5ZL7I!Rf3kyRknP_EtkWHm`nx}PZn>v zkPDkSH`t3$&7Us$2mLIu6w~~hnM*=uYd9SIiDF4YeWuS|6+`FS`AsR>=F-%Gn*{LT z5*{zz7jb}Y#!k>*>-iFq+ojSj_W(;kw7+~UyO?fimi2?(1c9nqzH9m~!AP_#cUWKk z(q~?G9fL#9;>&jws@DbXs~0&_s+87-#u_s=t(Ka|o#R6pLu?2R03nQ8=_N;^u8GA< z^Rcu!tSKQ~Mgg0zcS~uB+#Dl~yD}nj;Q-UjhpQ57SSB zg@-m@SksmUWk1}eAL1bwZY#G9?i2srJGc7SQaCI@{Gs(H^Ow~v ze`9R82-JrFB;0Hh5QEwlrm7|+yyFYh)kB@1E zt_b;L{;}{;aaQb%B(Sm(9rcV~>*Z~Xf6m^{G~Xm!+TmZam4~tTj~#2HTvUwbI^P$9 zvC7o;ov4@=;RHLji4{){i>v9TLMt*)h4Wmxx!Xig+}X^_sEN6YoYBitR~OMPY0TtsMt zRy*EAZaL{Xk3`2qZ+JV!go4s>DAi+WH$jv#PO)>=X>-{F=7@zt(=1HpckeI4E*I$E@<7lx-vpM75fXm?ENcvD(>^!?IS$$Z4l%h4fI&&u$nJk&z3 z$;a*S=+a}=MA8k(6m;l4FQo%-86cXHM%);<*gLkIG2RhAp+JnRM(jE64z1uvO z^6IC9R2xQd>T(x;-I=kT@Poj!BBa~6MhB>qC+|%dj29DKn{aCtxTWX9Q~H`TY%9<_ zTe`m1t+=I{WP=kV)hgY;vrGHBYAdp$YIZ2nv197tXnsA!+7&rawoHb`y0q37LLpY% zpec_@A}@^7fo3;8%)3;^`Cj0MaRC4Y)I-SYz@&*>yIquDa{TU7Y?mPgVw<_Qfgj^o zK|O>Y(OB=SR2eC=DQSXF?V5+j*JG2uXXUGG+1gY#I-K8UUu<^SW9n9PUJp#gy*N(N z{GI73Ja%%YtmZoksOhHMa*t#XYbgGjoBQ2=z{(J z8)z`eK6vZsW%?US<6Z98uOuIwX;U?389#SbEkmu&~s(iF7oS=$QOL085|UIx<% zegvt|-uPi%I$sOK-FkrlmTvu-DNU5PR{QS1D04D?j6GQ{U>w%nIk}pI3EwV% zumZ`4#H)iw?rd3BMsrn`c#ei!jqIw}b6geRx?*U~xEVzZC(8W1mddg*IDx3mkCMo5 z^=Q>_13iZ+CPMej&`-KrNx=xNb4HgPVty-p?1_iUuqpqqLH_)8hi-B@d(RUH2XO!T z{5NNQ_;-}W{_U-6%P-t>_Idy+GBp(TC%oz{We+bb%+pLCI74kM*=aCp;8+U#^Ls=6U_Ua<#g0>f#J;el)D_xYO0f)DG%rc4TCtvpL) zOT-DG6@*0v;RSyZ2+0X21c8lYl^+!6TCcU%?JFMY z91MoN`YHkvrHfzWbIj^+cGUDUyh}U6mQ~twKYUkviB6Z!P3m;$!0$fJ6^bPul2GzV zRr>zzy>TH_&Og1*QM9NjoIbH1nTae1yxyQ6*px14ZAvNuW`vEs&*+*CSN^h2_N?Ktvb@t&{4Y zkH#}1SP?b9TIDQC?9EXN~(_1o5@!D$k9SBI^6hZ;wr{se#b z48A`7?y1Yc-GkAQ8xOhl3U*xaL}+|)|Jz?&*t&W7ji>MOLho<9I7hh)C z_<^+}cYl3uQ(Ap?RX=m@CVuY5vAzvfXwj>3lP!YS3mK`NY+hjF1%_I$fSy}l(31W2 z!LrPA&5Qo!l~D8^1jfHMfCHdk5~`_flidd`#0}p)fXQ= z^wQ*lsj!H+vT)=z3@*6(&&ACYK>HN~cJ(5nm;) zt3V4h5&<}2GAiT3c<+Dq2C7=DlCSWH!WQ^ zaY{6lQjNn>Y4z-Bm6GfwSy42YQsA07#)lm1KR1bI>Fg;%IQp-jHPr}}A{PVxJ?cRH z?9=9po^T}JLYaJbT|~L~a_VV6|19T!4uArwN-;7&Zi)MZ(y?dlpMDrw{j7#MM_Xt1 zEdqa?=k!x$8~ou{Jo{Qs!dW}`$Z^qzOfw8>QxiXX1%m(3Rp$fu2;+*7+fl`tSCW(H zHD$9aeqbgWwSU|^%=~!qegGce+K`XA?qs?K;_R_)PI4MEm2UF%1@DI+fL6Y8DO|Iu zmcbh+^5Psjh?$vBe-yd?5Zk!xfuATnKn7qG7!yog-QkJ1UU^<06SAO-w! zusSyQwzecY0W7n)_U+L4>cKzgeMr{&?y9zxEBpJfl`HyME8RKSSve;OYQeVl3{A|; z&hftkHa9!_br6TewzP5+fX5T)BDL9UF|zb#lMxou2n2kZ1AcikY^8c6&3QW_Sb7*aS8$}kgEp2Tq=};^RJA3G<-1nyY{-kkNd}G z@g%<pR&&g~AjSzppf1A*SH^je zb5g!y9TZW5qFGKf9Y2cVKg@Sbkz;9!#Ay$}VSu)za4j9oi?R*dk8z6bBiM_4l|!4H z6lIv}l+%JF>x%@iB-X-J8~F}V{~Y3idTa-*ATl%MW-e`@z*HM4)*ML1b}RKqVkwF^Qt{mfTy@z*Uu4k;Y7hP(c-hh zbuWB$ZY%4W0MNHR>0Vg9pdV1OCn-o@_V^?BRTUdilj!4)rQzvqIJhFe+rz|7HIr$xWG#@~B5TYI zYWPSpHgd`J(xzi)wv)5bj(DZr9;6-^hj)n96_dh)EiKJjzh|s-1OT$c$wG53-JWUmH{450r0>+YYhh@%ytIQ5G|S|WhzUO=Nx+&$V=76Zdh97 zlc-w!B&8b|WU|ph?FgK0#-*5v(hYvnN!pVu_9q-6I48pEZB`&Wj9KWDsR(xFI@tc@kBJ;o4ih;Q$fAfM!{|BMB11pq6^TnM(IJ z6mFdso?}^Fm=0{}6B@Q@l4jWeQ^p7)1_ToKS1ov7gC0Bj1J9%U`UHFRLigU1%&#Dz z&2i7Oss@3)$fZ5v+>6178bP!&;Tw?H;Spo@>ocQ))`YJBWfP5!RDD z!OolB>hq58;4Q}IR(HxLl0QTb^olPZf0`>NEjRakde@J$OuMwFPeS^_cSuo0QL4nT zE-V`V8{g!v67AF({xPQJpT7MKSt*^?X{KFzNT0HC!jJwhd~Ve7coa$kiRp6=0?8+K z3`$M=6dw!U^#s0c<@vAnw z5;gb9lO2?eCc#j$dy1;kAZBmaJkcuyt1ifi$T-5na50MO@;P7Y=66E}(xRi`AoEQM zZslXR3wpND1cXJG;dJSHZ=g6Oo`|lP9W+x$@txx`n?tXT+?C_5+Dz#}$meSvs{#6Q{)+80sL+^2!C*3ubWzg|uIbLv?MYHP$^t5I#Dv^nJ3 z`GGjp%}Gk22lPjaq_7v`>3p)&u(m*`7_{qSf50nVIOv%Y4VXL4HHxO$4sM^)#)ml$ zLy?ds^VIdZ>qOCD`Q+J+$_vL+U3?omd8~qv-~@)^7)}GGUC;l}A*I=ovO{MRcdCJ= zY<$vQDA7Fdw9@WCt}Ik~j*_wy3Uh#1^7FM-MdCnOpuF$&VvugiAR(81b2|K&GlNOg ztH#FFrnYZsBds9za=!;vpQYX#f-Ny+znc%pVl?;i)vMdt=&00-(qL#k+kP9wB6PHS zO35}#3Sp4pSKD@+AWE||M}$eGB%}E3Y>)g1(Mo7R?P-T9PuC6G3)dqRp*TenaJE`A z1Yy_2In}E}tfNT9bwEhVWI%=46nTbhW7o}T6co%|(KT6;#4_SeEbE=-DE(ka+k(np zlOmihItbh%bGl@3f)U~keLs&Q2uh%Wnq)NDVvT#i)G%(gdZ@w#qsEdo+lvQxyNI|A z6Qq9ZD7e(Lh(e5;tVcVkke-e&xs)X9q@P=i=wZNQ2{2A|R{7*ImXc_7UE5dTbo93p z>F;xbVh+(-SQP4@UNmn(U}j(iH04cV(SVs6hV3KAz0w)nlS)Qh<`#JEx=S>ky4;sR znk~3}pNJ^hE9XZUl4Y~;qjzCK>2H!)cjS`WV@l0aS3WWGZpt8pc@Yw7Mee3lx<5T&%u0Vv$C}kjvc_j=(yC?l1`A;Y2(+ zaTBJhqR)iZfh7?N^LJE&NrMd`l``J&s0iZ>%k>rRIc}Uqh9dDd@MKIW0j$+(HtZnxLJ#dq)%DM$hJuToOhR1iRKI zsbH2*7=wiuM)9EQ*>!&{*J!o~%9-3nnqdS*$x`8+z9j%W0T3@(ajB40QS9CjH zu47caf#bSX-%N(_Gkb)C5(kp`I0>e_SI6!6f8H|OzI*M65HM?()D!7dBpt` zyoENw)fdGNUkgRbnAqWxpc=YH**HZL1SvXUnvJyswkYyfykgJc7|8~6R?&XUXBWe8 zwig$2*%HT_V>=aGFkF1}A170@SXm|@z$#f%5ju5DugMkxbCMf#R`CH(YY+WtzRr4FpSBG zjpF;}Cf?sbiWu1=ei&zII^PX~1GRHn>JZAt_gJvvn|(XHSd8JOHXTg@!yN&+i=K@h zKw#n9v)IH%!S7ChV@QM4kH~%dH@ZK5_D<1n zoc*httJ^RD*y?2xh^845OT-j(^*96IkvuHj=2eq+7-D@i>Hc4onM#|HoH?*EbAK`5 z8_-MmRp%A_3+x6)QZ$3mBq{lMbDowR=iP`@z&>DA2joMkuo@nDuhF!6izAJlg5Vc0a(Mn-v8;cmm^3$Y+sJ$ zC+Vn7Y2Fn#t1FSc>2x?erF1}oQUec22eW`{-|v7I!C9tuhzm^kd6c~FCgFjFslD{1 zGpQzMut+TmEu*}mo*XpWEl&0v|gU(o|*tZ>hkyO0( zmzD!wmhix;yCa$>$pRa?Y7~qL?>Y=7!1#29*O)_j$}TpoIkD#|PqxS#6l04FL)NO* zUZ2uLSuPt2L7%y0QRP=Ig%8+kJKie7nL!i{Ov)D7hKxrlV)RieXM7#P2sMe+fTAAGk#3@*RjK7n9@)1=hba^Ctdy18gr?D>W>^f_(-hg8QCCldr2!H+cr?!r7le>xg zL%57`f}bP1xijj_h!)&CX8ff(the2ZnvDx3AMnJ)))avV&3sq8C0bkUzF5xlIHwY~ z<|K^D+5x1%ON>m3SS^IH4{#xlFZY+ux(r@}1(<_|;{gNd8_2^Yu&4DNhZ%gx7TXOA zwI)z)^H;Vu`z`j2B{L)_2~`6(7BOvuXeU&}2&6t5iLJbF$X@>G zj8pWI?WchS>AW8yZPOhQwYTV+9*=TcZ<({~3)y(AvLfCL4~I0ph$Bn#W7~-2omRc* zP>Z*No7b6A1_x1p9SLR@!&U-2qTC`2eI4t#nUQX?yP=M-HjODM`f9I_u=3Qb4;M<7 zkA|PM@D3)2F4F^cYfiy0%hniNH+9mj)(T98G?{H&7DMtZNy^^2VZA9+8fPCDeY+(? zZRGjyvG{i@)$hAmfwjx>UGf3zSS#1KC0qt4;CRcjT3~hGc$h+$OKAx#&7UEaSAcgWXJNk?_IBH(S7s)L4MLq&C&fVsAvp}0q?j*fX`)RPEWz=Mf z%4WU^lJUw5o?{uRb^?K0d6btxSJu<^c*ANbsN@(SZ!vc1)&IjXDDO&}imT2R|;Z+QP+lUaAH*`$_J8Uy`7JVhy=LR$vy=)>ksCejFR~O zdb96m2d~G$wtE6>0R5U%N#-r#`(2*w=DrZ)Z1Sw_Mup>@Yesq0NDIN!()Ed0R(Tzq z3x*GZx!6Cpw6uTqXLipfg5e?3|B`Z~rQ!yRidP~Cln z*>#NEulUy?Q-w(hl(fFoesw&l5cOiV#De=W3m-b$J&e`>K(P+s^74IVydrO`^ z&dYMlG9 zJ5ZwIe2IyNV&B74iWw$TYb8bylF}`^q6<8p+J;xAGAbGT4>pt5`3p3Gp!&8Y1e3^( zKuw_9^e)Xh63bHcTJ5>@*(O0t*Hn~mzsxQw!q6G-LI#s6E!wSdh*S3Npwxq%X0ruz z&N={)F2EREzK;7p_fT>j@;1*UlLMwr6#uSGlPJy#257ji09I6kv>1(Ce>hpASQd$- zWQ|jz5K}53!Ac|ZwgC4xB-K+uSTsXa1lyjaNCIoW4~`vA*AWB?<&I7*m3XFGJC`$z zp2TlgEtt9ub*#RlQ!icJUtO}T)^+Rxg!Ef4)P`4Heyhg^F5pR2&4{X`d*j&eWkx>^#&Y%?TNj2HV;QMf$08_k_#rRP!Fat*lGM=SS~ zfCZQvrl&+{YRPpFF5)$|mh`ekNm*HW(N+p*$fK58wHQ*Sb};XKf%RW*5ayY}drxTS`mXP^f>4`3_lE=OvlZv#{NwpbDhT%Y29 zu`OH*(_9G^!Cd}Bhsv7!zg)73Y&mXsVPOu;w-8>&9>!&yZ8<3MT!=&9{cJp)YNFVA zm!!C>)M|uw>)+Kq(h`2qIq+4XbaRSdT;hmA5i^|ILPo$Uw=aXN4OqeHH{Z-p-ctA6 z5Kw1!Xz7T8I}N>j563AQVQ5-%ldYKLWqc%Av7^xrM@Dw~4Nd{@zBU!>H&*4>##leU zZ?Hk&DEo{c<8f}YQr3=NSw}!~gBkb|)1G&@1ZQ4ZptE5yNr?%G;$}721jfLc?LNx~ zdfF;WR4fi8kq!OvM8VdYH1f5gmb#Zqi6f>}MdM*+->l`oNwJlq>9WOig0IIwpFY7u^ zYNnU?yfTTRqAFO|p;!>I!q5xNy?)5ipk1AE0y{H;p$3Mmo0W3SwZs6Y&=UJ8p zDkwOo9C_!|1sy)US>Zx419PXBaWFP5QnG&FEt;ZCe^RSCz-K4GS5Wka@yhsdD35}e zE(5M>T$j$uQSFBLVJ(@K+m%wLUR6aPOVb|0%W*mtU|Tf7$&7n1exthVYoWaKFCfy( zCmaojZf(5aC_G4ulI#@q%#wB-H5toqdX&z)?PR7RtGd{Z z4&F&$=RDX2UCIjfD`v}zwkQ|a1})=#B`3Y&mnp#=0Dp6Kt@i@Y7#6d9dVoQ0Z2@Qa z21usi>-yNvBz{+^IaOR4Ug7z)Ry@mK=t`5*(>6uyblrnk6d;GG>R%T_@ zK7II)&iv7(U4lW+T^d35X!5kBUsgAyGf(zV56-g^!Ex5JMTg_1*^9`CoBIL!`Ih)8 zt#&y<}Xp@q}8j(vSzIzw#$Jp#P$4#(zOS!0qx?mJep zYa=Ks1K&_YhGl7_BTs5;%n#KIDHFOGDVJd}5k|1jj^(d4|Hf5?6Tx0({+1PwTZGT5 z?vme&&5u-TQDbmw5!-h?GN9A~$CEcXkrj!xZOHWV{M7}*c%(yZJVR2qj21^$aim#( zvS&4}aTPAty<*J-0H47_5YIO&i7YRKbsdBHyxw5?z@+}}z_N(t6iT3s8 zJMn)GcH6VadJpN-@qy^zf=cqdf`K!iod;tFfHPJpDzo!b z)4iw-U5_i4w`An3TIbW){n6IKfq&S+2(1WMC*V>9&Z10^8fYXfq;_x$?v^^OE?Hv?ID!?LGdeze9uXFriwLA>G!F|Kp6}{I4H*ly7dA*RS3pD+2}GK3q^4z z{O{65N<5U~(^gc;$4<=qmROlBvE@ORyD(9bhLKh?+K8gCQIzmxRjt?YQKBYUovqbi zqyQ5b-#PjG*Y(&4>rO0d1tFpw<8KayI6w~Qe9;W>)IeAJm@-~dQtq0wQ!(J+M&me6 zX3mb17f%9X{1&}TSVSvz{KD@EJ`WsX6zXV3c;-5v|Nm>EXfDBfbeifb%gQC(X%k!f z|HFqWN)J!oScSTVBmQaq#e&PF!rJ!A*n z+0CF2axjOL%IXwG7E`8|<@|0tCD7BDMtkQQ64T{-Ebl2i&omniT5){jnk)a>f>Mwy zHHGTmY0Q~!T7P}S$*PSWsk+(0sXWW_9_(aG0Sj@O=exnGI4Czx5n0^g&2e0qO)kDUX^nJwLDwJ|nH?=wm~N zAi+pFgnpzK;h{=}{`3(hpl&2q#iUpbS`g_~*<|JU10Sw4Jc3FdBVJ$W?XtGJ@E#xV zV`=;ka=ZP=fF9^I8-fc+>&Wk`IC$-4JM{ac_1@_dh>UaWJI>7tG5q0IYPA`re$*4V zw+XQ2WTS|~Xfi4Y?O$g);96rChun26QhtJ*HkV_E=Ys`fL-dD@CNd~+xdDSa78C7O z9~Z>8!Xh%;V7;<7+ts*GfYK_U=rnJ4y(+B-$_2%U@QvV#au@nlthUH?RDX~p6w3=j z+2DYayd-NHmL<`=-7Oo`h8>Y=bRcADw3{=!_LCA+L3;WDd1{ormPzzY~taIFRX=4>K{t0Aj~9Zs|jl`B2&F*joZLhixddsj7zYICV)vi`I25h0rdbY%xp`IUdNJ_YF;J%Xb$uwL9OYmGRh22Et_X zWLk~RV0Ivzje4!Dgyb2BTmfsu=B1@e44|n*VcbC{4gj?UJyPg4+LtBGZLn6LkwHtJ%W`v_RuP3MQ{Ky z8;&K`9AiSOX%J36fj5!Wf}C&y0XEx(w`!+zRR-_rL82|`$|^C1^yl(KAU`hsCvX|* z+)X#_oZRLZbKRrhSoWYfl6m%I-KkCK>{3HPo9ACoXHHGjjz8Be<#F|Ox0ED8_?y?? z#1RYuz_c2@#5t*Ur0i7{3eCPQ)ZPg3Rc*))fD1-k%U{mZb36$FvQzxE>brQAjh3Bw zx=vLYPrKR%PI%4X5e>LqjikR|`D&n{gjgz)mVDkinYjB!BeRml$EX6)Qh<_iFT8NK z5MY) zy$)k8>?mF}XrY{Q%5eL@!)hsz<5`tdfHd<5gecyqcEE0{)vQ&zFhQfO+A>|prm?RN zdV9ik_qU2R2rwGMB^1yOyF0MjEDt(4T-n1<^6TMt$bdH#fb( zCg!PK%gPBuW;u?fUQ5F;*ig%dnqIQ>;b45%5(v5pU`V*@mZn70TV3rM2G*BDFl(A| zkKB3y3LjD0MYj0^R!#6RzB>w@L$L`G0&dV2HIb)B4~*?ZC8ioI_`CA;nD8v+`KyiR z#EO#dMN3x;L7D`P&7pRj=l40!-a2>y?XU?MGq+)SdI%>OTkhm2sMiiAr0+Od>>A7l zHq*8^iZJ$grWleeDc3e+(I#=-b#y!H)$Pjlqza+nf{D)W8+$x`yWsP?pdUQ~072a52Sx-RSx$kWuv1)d)KYFCRPGWO- zCvo}uP z`rFh0RnIv*?Tgc&agT}rToiXG|85?7LcZJL{ysT?JF?Y_)w+M-G$E4k%)k8Rb~-@Z z2=0}^JNplE%deDEskHIePkprwN+q z z$1|1SCJ71sGfVXr!KbrWSnODejSYmv^7ugL)dAP9>zPM_Q@$-?$8Eq!*me(ihIQ_;Khh`MLkZU2>s{nWD`_Hg

{((>2{#~@dzWO)WUb%8VSZJQ&u&7dR z@UyF0NIkPA@Z@d7JK7!u*{%RXVZi!f4$#WW+PP9{J9-I)2!;b&J7%%J@|Qd04zuOg zceF3y#b4Yh$C(r5@SN-}s8b_tP31&i%wi=-iByD&@wmdoxFx(Y*_Pvbm_aIUt+fN+ zRTruNOSvpgFe0^f4J}vNZne(dS`IV7MAY3Tv|6A(v!4!loqDhnZ^q5P-rLoqjTFOh z7%tNKqV@{@;M3Szv5>z$(05#~n9_L!T$E%{6n;3JV*UDA0J5Z}8IIQDcb1>Zg}qKS zXQr6xdbZr^T?CAUsd=F}%3EhU6Ck({_vg`P+sj%9m^+1XrCKqvo12Q>VGpx2b5>d= z;ic%Q3^f=MLor4|FuZ8Zo+Bf)Hz$>h2Q2GXaIYj^Q;)H-C>aToF>&>v9BoBIMK!(k zuFw6DIgnqtF&>A(ms)RwdkMQ9NF`u{wg4Ofm0->&%8>D7sPkc6 z{!^ z(&Sv<=v7K)Z-pD)`D|jDo;{L&I1OhS%AZ#b#)Z&U!gSh(#&S%lJ_46^bG#Pr^&{Jt z8+9LAeTE@0LHw04e>~Mtrf0J)OGDp(?1D0j)$S^t@1lWO0NajS!aiQiGrPM8CMm9q z1aw@`^>8i8pTdB=Vz2($zbK1saf|d&M%_8ycW^{r{p>X#?GNPOw=NWufY=lcms0ZO zYPH^jNzD(!fI$1PRbMAzxZlTBFWm-88D+)`F zK_#b#T{uNxZ|*eS#8Ct+%T=D=|MKqn!GSDDO5>)nD_dx*B1YVCigvLL13xLilfY(CO}ma~hQ#1k-ECPd@>~{^nBz@t`l2 zfrWj=YinoIUj25h4DZR~MW6ta9&hyGOvPZp_dGv>p%zpGYv#pHp9kiMU-fF`7*w5| z`3*0=`dc`li#Rmch;U**Hf@FGI9&nRFy(7Ro?OM+EI zR&YK?p-S)wgp)f{omu0mnjQ_R)gi5zfv4ID1yZGwft!iz;%=fvI!b*q(M&7+*$NjlSA=}( zZ6c=TL{UDe4`cF_a*C=R%NGdDdSPWnI#3ro`A)I?g29XOi3|Pnq2FHn~oofJc3i4;7zK2FFL4ZvS4mfUqn%cfIEO+ zN-qXA={(?c)P_)=ORMx$ubP@44JYH%dNOhG^wD?`WN=Evs#l3POfnITCbAS7jm}`p z#cPDcyGUi=8>HHYKR+E0a>O^;Hgi(p+8W6Tf>h=lYD3^T!wu-t0q(Zjn<#M53q`Em z3fd+y8DTcbw^_n_ z6ga80y@rA(3k`B5%<(&{*jmFtx{UTUDM{?AkP_noPFY}6-=GKr1i^avAMA5ryDRV_ zM^}me7V3_6F-$&WvkwK5|^wG&wNUsIFj8>jF#SOqa_SNb;;Ttbn+5Jf`Zht{=jv+UQDJF`KJ9 z9vwSJhrB{nQ5CC=a)5QR-EbSh2#Q|^CPD~`>_qtj^A%YdnHsZNcZVEbdB8wO>p)ZB zzwSgbLVdEH9*}j@vcAR8x*MggfWT#%W{m4pn%GLipS<7i|8T@ZEXYfpcjd8S$Mbfu zAhR{1IC)XsvxCCZ1prTuc%%v3il~|$1+Ek3eKeWjN~eLe>~>A3*LwcU9w&^kY9+TP zq$k~nVHH_jhhebaTYD_>0C}w&%@E_QQv`^<86v8S!nm+R?N6^Xw6kKTM+zt80zxx- zTT4+q<@$?y_vt6~n-c1HMVcrlk#)FL7hY zH;{m0c?DJefIDfV!_xoY+G(zJlXl&|sVDVx=d|8^5f)zG8zdgnjk3)KaS?JMVbj_H zE14#C;aHQ!%@Je=7qZd$pu5EEi>v>7cQmXsZfipxIx`-Wt1lLop`>Pgrp(#(Cpq+T z8}Ya2b&z)n5R94eV;m>SVBfRFy^^kCZaARi+1SL142eQ>#{I8g9?XifN^c6j^ztY1 z8I@X^D@2RX@XTNQAP6qw51xZ zisfGO7;=0qWG=!Ua;=j|Q|0-K_xEJnf~rR$jFCswrh>w$nj#9Ez-M~r^fT@_rjV?Z(Cs{*eG0kWS~#{w7qU1eR9`F+aPU@@c%3BhJGY4Ezy%D32yS4n9n!Knd|6L= z^b`{+@j4=e)r6H3nJ5NejnRP(Yjf0w2q$SVWp}fNbAsnM8b|!`WOhK*GnneWaY%HO znTo1%YlEwsXD<%pp!2_`9aXL+`fLL!Y0*b*=37Z?$|MMKQE_S#hBL{uA>3esQX))3 z5hOuZk_gTkPBfb1yub=@AYwYz5ywyjc^Lh)t{y8nQ^jVEK9^YG2PV+eBPSP@l41|U^NRGFlh53W`Ow(Y5Q@~=_c)8>K$%kT4w zMRp(C^L~HzL-Adt)`EB;akRp-yrh^g9$qWcYbW-w8}POuxeMg?qGI!L6bj{ENCqr} z<($}Qi`{hT5lS!&&;q#Ud&!%W7xybFyG8Tqaaj-N|xwlf?sd%;*+| z>+(N88TJxaAW4KRjY5wP2PXC`X>Ip z$jm6+1K#W2y8t`0uhMYmayS&Nk^0(D`{%PYEAg~qxY2H*EEG=G+SkF)^zOF!HdZl) zCTNOyz+^!3YUdJ;g#C+QtSCM_zs+gRBBVD?DfF4P5f~np#>O%<)t5q6xW*zv@dX6M zPy|UNR$!G+Mmhus-0@c3x__LFSf0q>m!~tVTNOn&#|T>I>OKe)CzFN?piHg-iri(3z8fs8Vge;zzSF~am_ywa_imY<~-?xDsGhIrtyxv z=%#U^D>*r(qHX919|bwQy?uSX6;4gcoClT<>hGa*08$OuxK@Fg$4ZL49o7DlkVJ8B z%XZ&8y42s437MQ1_tWiph1M4(r0U??Y z2Un=B`kQjg>CHV9*KPsa10&U_+(I5T+?PXW-TavE}UHvka0V0h3=Vgzg&FZiOy zCI2shSz-+&vJH~u1yNF5)m9YUv^>uRpkie&K6t@x1tX2x3&j^=Bz@c!*&FPIc)lFkthphD56v-`Nkyyo0~0#>3y==tE0S z?KzhRJE_D3bxIIU>4u`V_$Nd0cc$zd0{Id<;(ssY176_ihOZPg3t}LdbP}D^@iv@L ziMO0oqBo$(Z1Jlwh6$Qv-3UJ!14mOBGL1B0Aw=ZE(x3#YzKSS62z=|b3oV_{9FLB^ zl;mKa#NZu4YPq6YBvzMb5<}WQ|3kXpwZnLf1ZSXZ8c%jDFo4>xpHUusmV-91A7z+m zFBnXnFCh@vYiM+GHF;^=L7I-m>gzuMVEeIiN-NszwKQtGnm3BZh!)H3e~An67^vU zkv9Xp{FULx+S;JosW|F|?sS*xciQz@t+F#6Md8S(h%9h^`*#wHv$NB)0CpJ{q0sFP zwYIsiBYj07?j6ruOp{%TXS%g6Ef!g#d!xmOGz+&cqA0>w*EDq)0$CKE7Oc=);|jB7 zY^du(+e?LLBtoiPXRsR#nwWUQQmoZw{(=s}r9#RP4X)Kg^EDlIg3_H9;d@sAwil*x%2f1DksGYLLXq`D* zY~*hF1rnaO+R0VeM8dgQaX zzSOx2BbH(3F%$Iu@9-QWLl@}$pu;S6*vjs=fJJv$KtTm6q}P+WdCDk37~fylI7wBb zZMrg87gD*{>{F*gh|q$pNxQbfimFC|A;Oix-r7r#l=fbV3qTY%A8K@a{RA<$GJDis z-0RZtUB~QxuiGeJU-t;!t=tH>fqgNZzRl$Eh|QC2Yh?s_S}Lvkh^J?S zQgCO3qu0Irsr6AGQ4wGkQsKc62mH2*HkB74)S(y#HF|~yn5MlP8J@2RC=xF+RJOk3 zaJ1L$wwo(05LgIhLDws}iN`(AF6W<}`&FNI-LNs6G0zR6;(0zXv$51daok0g5i-jR4**cs{S2@xb8 zHRG-bqG2TkuLOLH4MaUiC%d#DTFSC25Xf`R3D!$T+bmV^W?F@d4c6&)+q2?A20-{3 z);Q(1Jhtlr;fQf>-@8+2H0rgQMFp@Wgi}&^!LHNLj;fEWZM+xXLBelCMhFS#Rn#JZ z)?XuQ-%LSp-U=;r6-#f)V>s7)-7B-rlzs=i&!H|AI)!#>)#?T%T8g|+vn>G@?edEI zWoJs9JX~_hZL9XWc)C}ZKb}XY*YzdE)w>DYRri@&a6jRN)q*{Nwx26oY?NJn zt+q&{F$~AC5Ej z^&TN{_5Kaf5ynMB0ANm-@Py87(ZL_y3OK@XM)svr49h-7Es^y%?O8vYSkL3)^R2EE zLEyk*@P1X>FUJ5?R*COeDsvjPKd8*W>#=3O5auEfI^LX4HT^c3iU`;}L8Go=KlupM+gDZvF* z)&1q1_J?bW#z5%3EDFKWKhXMwZF?e-hH87`@Q4Oa4-bAXdfZ8=y<72Z`1mlQjQ`=jYPefbBYAk`X&YE=OMrQbE)3@W*0CET?#+(Ezu)2eO4 zyI!v|8P)#R=QftO7;VrW4hHD;v&913cjGF&R6fJ8i`X~3s0nQQJikl4zgc@PdSrGY z$TKXDfz1}TTiN)+y7jxh!@XX+i_qa#=Gbj4g&!jX^C2w~MwizA`_*6i#Q;t!p+M5vy7XU)hsC^G*|EE*cW=5_0I9qH=G{^h zSh!PP(e-b1aV(8=PIs!g4B|R2cCiFMV@S>h$jB58SWKm}iXUKAUE*v>uWnh@!~Mx2 zoj*p><6eJa(udyjE5Or|RZP||iOdp)!r*Q+|ExY^Kf8@1u}Nw>VVtw?n|;sf|6lsy zh0B+boKmjT>wuZ@@26q+hQjIU?QhOSlOwZ_b+j3O)^&Svw87*X<}nD2>5HxF+v+KX z5oB57#T(yS|3T_+_TLu$#ny*O9E;?=;Fgqn>4uSOTz$*tyvRA5BhLiL!W8}Zyq}9# z66C$NG%c`@3_TDU9V`2l+`7x+2<@A@_0BPQhunDSFG`L=bX&|mrSr0eCTXW(tquHW zLJagI4aCI;dQ$q()v@-S{S@_mp;-EQOSA7piht}_;=3F8=E6W&JK^RBGm5WA{KEKL5TQz zEP98mT$grDa2Q%o&6U$-3M&#Y9$% zD>%sj-X^XQSrR9RN8>0CeO)B?E9Bk05UvfJQ6B#jkC7@*Y>*0)qA`!@Mbo2lSnov@ zNx(sca7pRwbsAdc!0t@IT55$0Bc@KQM=LbC@cG!axk|lJ@#3OWqH5?bn2qP~f*}e3 zur)nutv(;fjnIbnJwdLa0m>d3R*=1_5ZrPHb0_M2pg=G!E6S6E1*0ltLaC)>cqQ6H zEOTc(Y8CxjGH=*+l_@?sCif**~SIz-W1tc;bYn4r(2}T^+D%;t7ToP?| z&WZ>XM0*n?_{sX1%yE2$K2w`Vd|=1|sAUI&7R1t*sGZ%XziU7gYhp5bqaR9yN9iWy zwLK#I?+}o_YCT8Ac#g4gDUR3_;cd1|`LV;q^d0|qujTFwkgngWSx%t<^jnz6v-bZg zZDRvL#RPE>C7k{IX_;C|z*mXJ1%bairXL5c6I<(*cD?|>F1|0MJXh?NDsy~MI?y+1;q)!PA6CJ4~mn{ac3`uB}?H!wm)1F09+A z+J_wNqhx&GO9xh0?BXc4-xX>T?HOI>K;3nbPuPWt<0m9mA2pE;lr-d+{or@{D^iJq zDM{KY`@zd+Ov=e#{8M4IfD6xS@G=wu>B@b}H$0N&nBl>0PgG4^_|t7#ml}DS#q=&W zpFa$xt8q=pr*y}++Lv%(GmP+`+DjM9Yk{v+Ua}PIMh-GVHYMHcfAH;>r}Q&Kwlpgn9{Ga<*}7S=g~oCBUnky8o%FVwwX)m`I@$65 zTDIjG3x8d&Z!a=hL%ch}T9j9(3Od^1L*EM{2fUc=g9HIx!CvD}DXD*jDRG6diar_8LYN$U6sJepqt?3WGyCB6FXS9#9f3cUqVtxSnDJ>{$wuF|8 z`TTZ{Jvv@&s#(|li`_-hXvx6f-ZvAlxgrZCy1)yhe}wIZKS9&kJA}*gng#!6eoGou zNmNckK$(OfO+4zdNWJQaovJ244(ed7f0-<}1XoyD$8~GVtj)Vfvny`71NCYCxkAF4 zO){MB%#pClzwXH;kd+YZ)bY_&d8SmN8a|L3tgQ{5LnFgTrMYPV^-fKB(^9V}q8(}E z8hE3g9Fz~Uk`UJ`7TbE?1 z!D}pTcpt&TBkn&t*hV-{qkyM{hW_u0K6KgX-_dMIKvA<)dqK@{J81QbBfF631ZqVj z3Tl@Yg9G0)rImf;Z30VS*wG(R(`?EN3)gOk5CRA8ZrigvNvVPe6k6?69ATgaRg!eG z7sqcOP+%EF3#8J$3B`@UHd3K>V_D;+qh)Qkc1fSZbG5E-G}J2Pb9x)zd^+e$aX#CL z{1GXJw^5xoyurK|!=>`?+B-M?RS)CF`+uSUGz3r4VG-j%*i1EBb9^rqws{LzH^k`zA_i&rOQpZVkg;G4&J{yAs* z_DkQna_f~N9nrnyH4zQ^m>&nh5mRn~UT4g}15W)V?o{Fhg`EOM%Ph~E&A4E2bz4H` z-ED!5jvM32Ec4$x+r*t?U3zwMH(q<&{@Qj9S&~=Kpf$i*nH*cgfEQ}yY~yq?^fL1Tv$Pg&MoW>ChY9FYFGRR5)g;kKl|GQH-*0U zXFI-5>Q6Vry((k9>(OBN3Hq^*9pl^2hL$>xK7j({9`}o%zxs{#=k9)^_!;G`dMG`E zB_-u-kGmW8f#H8bpYBbbo-uN5i4T*eKrfxHc~po!+VZbnT};v_)JY8VV!U!Nix&z- znr7=SV^;vUuQ}mc%gbKBZ_x+$fjt=Nt{wHP*WJr`$>&?GPNxT>q^$diKQTQ@kf4FA zj~&~6oqr!hwV%jFG@H#YF}u<>WdMKl=wvXU)WT{7^=DBlcVd43qHBNsOyz0w4DfyF z>Ac32dv8B}*+qZm1^-U{h1*`s9`HV@p^1(>1-;mSEh_ZHXaBnY_RpT;k20kJTjC>w zrH_4NLfo#fT$%iRpLpawKa-Ou9{cF(;tQi{y2$v#@PPoY%Ly@WE?@13i%}fH7TD5s zRE%P*WE7kDl?JL>zI&v$XQ}AK^$PCOMP_3co6-#$eduKCE&tgzpe3I>yTS(d%YcFVf~R5_vF#brx)ZpmmZY(x7TVW`-D}0;> zc0jeUnq^^BThrly2+k-|X|s(HeyT75>bSFZ9?yPmKMyZql^~HV__+0F+xhBR3P5e6 z)NeS~)crl)dTpXWc@K7<2Y#UEJqCgIK@ucHD*UECuZxSiEZNQg*jRWG4MBhUS92&Q6`!N}!i5 z{U+lqsG4CJLbvg;H}7gUHHiLL2;`r%l5X#B#X5iM|6Wu0Jo5OH_ntg$FnAxx5~4mm zw)9tfNRbKv^>=^udcGz4>PGSn}fsDUgY`G79yI_K8Ou^ zqXnmXB5=sS#HLMG`A&TT5c##a-w&qW7k(`J`(s0MjUfUim!ZbSW}c1wt%k@vlmTp~ z1>?d@!o68`TA?D`$`M#*p4&vHhx#ZL4Cy;_fwN@!{N$8!`&nP2k$Q+DwB!f3myqW; zFcV&cU^qe3rPql)TG*kj_0!=6TS<^0xA)x`a-vpl^aMk}X1RLu?UUj`vA74@C)Qt> zPy@2vX;&p%(n!|2ciI`-k}s^hbb(9l^KfJPJ{6BQpq|cMB9cN`q}uSp$|H3J;w*;&dP|-uKVHFZ}6AJ;@&LE;hQ$IbxWs zOtlMhMtINmF`>Xj7+zNRf7+#W>1mNuxvWn;ONOM}c)B^zYU8x>(6+G-5|N`C5=P_2 zojcr^B-`fVAua8CtNHB_1FacXcz@zVhmf~I!VHUb^tH5@%3g@mOyHp@3?x(3)@Xgg zvag|KP6Efb!Ps%Oy=o7Y3L&9PV_ATJ%WTpb&lVnsUJSeIZtBQLrz#hU+#0?R68qr! z`($|D1vwUf*!S&F={$mcsJd`AF<&k z0-STZ4*GPpdMsax9=ak}9EC6%V1TFb?7M16;%#HzvY7stTW+4R8@#x(78h)DmKW73%}>_?z;evM3ruiFU)f!g;Q;`_pG0r5@QLpkPlX ztofb6aJo)-H3!b|(h8H{cI}xTtfM>ivTVe>hgOgoz@K|sofYlAM3T(3iN^pk6=#7t@=C@mCFVj z=HQChN0*b@7nZglxy^|%0GVtHnH17O{5JJk1!u>>bR4JMLNi0eZomnJ!4L%Z`!LGM zq^_t=J_{07wn8IH!Q&Oji~GZ2NexF@8S@E;$^0IBV=V{OnlP!k4=01^I_2jj$wzEP zkZK{Mn*w91?BPWy#vNf|QsMA8`kCFocQwIPp5C$-vV~$k&T*2S*Kxu~reT;8gV$O% zH$+bTq6GUqsLY+4(KfAXMQcxwyH>eE`?t)Ko$_EpBoVL*abfSOF$+fq1?U854rw^}gz+hsg@oe)p z-kFKT!)PoTgRS6Xv;RLMwBnPGT7zs_JGLAcB1B7-513WnSPXVgd_T~boB43~=@3zP z3T(DWJ1X|qBZiR-Cq#8p4#p-zFv7ud-N-t3jRcKRef6oQb8MM?mmf-|pep|(J!@j4G z*Oz=nBvTj$_RFeciverDYRk;(mxE#P{ih$ecTlZ*q(V1OJ&^vfDwIlsq92`y?y6mY zCPtbMrxn4N8x57XKivUJ^wi4#5kBAq_?dPQ7DI&gR%|aQK~|Kn;+UXXu1Ym4RHRP5 zC*!I^z4$7j-aC%!YoAFY{fcR$o{zuBUHi@pY`;k^~!{sop~^ZmbWC8E`Mn<(I8{H?E}I-wf`|jsl~!bu0eS!EBHz z-!rhf;<*`(SblkXyCvdh(OVO_SvIuyt-;~5;_5NC!uTg9Kp#_yRrFfB>AHvjs2&9L znxpwvrE=w79)Gr6LQz!eW;99TE5Y zHb>EDKTgNJ$!LMgkU#dTnFt+j%brh^ai=WC>^FMf7U^mBz*e%R0;JR2OT%#*`;zOb z$cf9}T2mvby(=)%tH0R!cI=%DahsT&_7_|?J#cF-hZ{`@&WjkO6-%X6f-2i6|7&aC zL{|}wp59(LqKtcYKX`p}9VwoDDIH<^?k<%Hk>DOQ@ndi&=VE4&O?xBa2Zb||QPf`A zRFdRVAYM8qDp=xGoAPt6>$tmHg`9*hJFCtJz_57JUCpS~&(xCfz`dAz+^uJ%GvE$eOZUlb4N z2bkcnJ;T;-PFdij|Cg;Vg|@?&jXS$?^Ae47VcC)Xn{Md@ zXG`Uac>w&tiwDmh#-09b7URtyAouhxZ95n$yt=e{zYobCC(D(c$DFBM3#Qx{l)zo5 zlz;8zUO9ip(6pt8&Ux`pF>QS}8H_%VHFzqLs8{z^eDHhdkR^qQw%uU`)9?KyJ&Pla zLxZ)hUpe;hAW@PnUe6YW8cQc{UymhX4;l ze)2@pZzv8?x6;iy#QnE!MN><{pieC}TCh85EXFR@OQPmdeBM2;97ATBPIho1&@6G) zH+zlh4kgh>`gd<}EN|JW$nyZ?qPAZ*KSi9zT9am)yR!bq^ptlrTHnwy$w^rD<`4!|h@~1mr56^k0Cx66A6)8N8=PBx;T`Zhk)wpuwjXfH@QGXIn z#!DWgUmEx5GGu${eH(p=UU+=Cqvva{r}+tNLqpMm_11FnkDIUd%M1N?$)yv!-M$zN zCm7Y)&*gP82<(IZJwN$wwhy_1{5MsYr!uZOgIG1v$vvWr_USi@@M8C7!VGZ`Lf4j> z0Im$;LE=U;C(G#Zq^Q9~QOh^F7xm9#U!`OvkGL&QK0SGJsAtLq-YsiiV$d#lis%Yt zgqX1zO^_t9f8_%QGwq{N1P-?<9epr$kxIy~^+?H#)5C879#b7J4!mqLUL}`b!NFEl zEPzSXE-#8ZJp^8cwFzExQLq+Ph0He6#gN%#{63nrNV#^|%?_%1!gjZG?jqei*2WnK zKH$^U$l&J7#G~?GUH2OKX!DIXar#pp(w~!bY(&z(_aa!r59FXqJNk;xnBR9l0gud> z;^1v^?;HSiY>_(BeRN#2HjeWv^{ImW0neQKaaDdl^f>mM_0KEHPqtQ{o70aH)dE%S zh^oN-slbb*oJa@z#2w$8{9LqSd+6F7B>PR;W@&ThZEXkMb=zC^<3T)xbMTuKjHN8s zpW;4p#FLVR?)3fZlXu5G#(eucV*a29Uo|N?#e4W#d+U8_LQO2v0=7>h%nD})O5HSs zA8v1>*Hpp=w>-N04r!6-Txzk?I)|<0z~`anNpBOI_?pN1-RJyw@4GcZ_{YZm&4Xv4 zZ?hMk-f!F^GGDT5X?`&+gwFry6A-AABOhIQ^uml&Xno6+zNa4Os_acKdPN!}08)cS zMRf-aGynF;n8+ig;E)|+3Q{Y47KLIT{1 zN4r$#AT<9E4Lho}9dEUlWj(c;9@lM;#JSU2tF@>w=iSC5n^nCfzW(L&o3DG_mCvYY z>YI4umU$N5gBP~S^9yt^nr>4>;CYD`L~#Y7c_joqhNexmZS9?bIaOKVDHonUw#+^md#c&VJ? zTW1p4XM~t{{?LyVDOtO{Jxko|jB)|V!U$=Vb;I7t(>TtaBx)+nmp#Dz_nRzoj#`he zqu;at`NNhMx~~8EPMcQ3{HgiG^@BgteHlxlpYXG2M~EMM&N9x7cU(CRO`je6ZxijQ z)#QzR^uPRbZ{W{xCmCkmBolDgI^gWj@vr;8@pfwN8$PJL-7pkcpzv$zaXpHH+N?2= zegR4fLZ}Fr7I$HucTEG%a$LtruM2d|Q;z4yE3FQSAie%o5o;@gScUD+7dJ&?>T-h6 z!u?G#oJe)5y^r&tp9A_D;;)SOI{B0Ql*+&``fvLvuH4D4l3Disb7ajrii@hMe`2xH z0o!jaj<8;Fyl>c6@sInTHI2Ukuw#Dsq0BqrTc=1{1gT3RD(h#%$*)}#pVUSHs+S>d(a zKJk|Z8yvIkDMyQK$O6x@^UiXdWO*%8*1WS;vl#+L?0_8Q#yaW(#xlZG8E^S8LO+{I zsDbb2w(95W_v3rE(s%jI!wb|%ZBK--H&^_8;j>`_r=rw<_-CfQQ+G^ub~3(GXj1m021r5Tl*%{$2;c6AehP#lJgy&I=qEs#UQlpN&->g}^RYs|Q(o zmi8l*fP;d@adomxojlIs09XitzV(bcyIj*OGTI4r%IA6Od@oJWfM*vNX@$jey8qM{ivbx_Z*1AsJ-^qlrmez2{T6eqiE!JXNyUe7rQ z4tPNzK(&CMJdh|1j zq^7x&H7|l?@5M9F@pGNdqc+v`7xZ0PgONx-CM&0lf}p4ZmuJThPF!Mi;x2x*2uDc! zK@SEz8&VW+g^@2*8!yO<=5nQ#ew8@O0&20a4FkCh7{V|r`Wu4J+{vAOwbk!qBB;7B zWq6*g+YG~Ufw8>gPufriJqivE14>9*i`9#sE^wE!s)&q>14h8>xnt+b*2ZEBt0=`} zGRrV8wb|-)h#evgc&8V`iop@H6J2G11gU8|_Rc zswz)%3H@eW_$(nr2tyZp1&O4r$rksAznqkfmwMxiKCR?0 zbJhKgSdrV+)uVLo{_dGmpy}dzl4-ZWc+O11$%zfpJ2pdZEyKM_H%Agr@5EJ4^MEkp zzreu_Ttu?p5 z6F{UCN)t#m|KDw*f8EcPSEy+O_-_gwaijcu3NXUG?g!<^($#IWA&qK42f>0?`BHc) z@Qyc)AHHa+vOuG0`Q)~0~F1x>NUzXVBN)Av#p=rs*5cPg{4IQ>^@d;2IG!tg9uu= z^B{sJ3JZPGFfx*YlkM~Qmd`Tg*P zrAR`xHKo%8Y@2>`>rpK`=jzn(uY3P+cvgasGocjS3y)nP&ZeW6Z~Q0N)^y{4!2qeN zntro4$3H3MeCyVqug-r=m0;zW)+n9euG90qzH;I|eAVpST#(*S81&0Za6<54AqiPj zD3?lJUpqV6?~2-slF^bRZY8zpGXxURL2XL!1$s2&5YzQ0u;D@(ES&HfHRz^^`WEwrH8Ra0AXXkaQRh zwVBkMp0SNpkrgKDb=EGZ4)Nc`MsobI(MYgjWs2Qo!P7IY%x3)E{`)j~#J9K2U85*Q#0uKk%Na+5`V?E}(=e}V zJj)He5~d9;*9n7YwNuJJHxoiJUicKD)XZ8Zw*7AusDPNiE+R8}bQmyoxmzQ8y9H6_ z^eNJ?G<*e@6E`alkKCK^@xJ17Sz%XnVaE8A_b`9)M%Ee;8JgP(91piqWPpd zR@qPUr9>hR^pLk!{HB~)a$9*#dq1oMv{V5D{rv+F7*g~!Yf~bA-CzDTKJ>ott)@yT z6YE$?uEn&W8fgd1DDy6h~74&CC7@O^cpF0X0XV z@_=j*T;AC2uNn~&tg|?CO1sry5R8EJU<25MRY0&(r#EL8*ETe_wigki{pR$AI-S&x zAo7oe!MK#vyAE^kY;AlBc7G^!|K(dA7c|vYb6C4Q-|6Jl6Sev6P4!gqwtno+^k;~v z9b{{~?TkO}^;>u7er@iZLvAvQ`foPnBNk>B zsq|V2OX03;Re`~+5V5l%AN~Cajm(zibY`3MYI$acfwT#vki!}+oRO*2<@CX}xO`DH zb{U>brqYJcJSS^{A5r+7Y488~H4Gms}Pet_Ds63y|a#;tiBRT ziRW3C6C_bG#LkfvnI$y=LwhSyoxoAwXQ&amukgVoh#S$bp)Cr;aTynJ3a8s;%)@bH zXI7CX+DEnk_iANbJCw#oz0eTQi#u<=pCNTzvN!?6U!R=izqOz;S{rk0+hNddPjHJ< z<*dKctSsUAem~Yh5ctFC?a$hiWmWg%<=xk7%cF6Kw5M)Jjvw0E%kcExSA|-=**vFe@LW~JdH*ZdBDT(EomaC@%R1^K9p(_fo;eUFu`jd7$Rcd)Lvkj=-ViA7V? zm)adxPmc|WIu6Lr!Mlw_mO_1r%Ap$>${IC-&RJ>j>l3VYfs6rcGU{F&r6Y%D0c z<3S9dgi_k^)}qyHV*AWIfZ_l}z?6ctDmJk|6=~Cw)KJ2VN;$88TRf8vG{Dq}CX_p? zYhGod;EWI(k!{zdla6omb>LY}V3l#0a&9tM&_Z~WJE}mU*VIK6r;O1eR`B>^o5h!= zhudf>&j69W%eBqbCYj(ak#Ji80yT$pB+>}$41qjDh#*pVQDWNwj`V!mgq(;Uj{*Y^ zA-hsi8)CB+Ii&8(gClc^{ZiQ`Op=hZhft+zke->#YV9y zu8zL_MsQ|wa-yH5$Azxvb53o9u^nJArkfmeUFTNam9S}M@2UB1%PS|Bo_WLTO2)>9 zck$lVtk#)9s?T;VCj0ng`A1d4a=D@oEavBq3w9)Jn&<-^nbW9aRS1k@xl4UqoH!Rz z@z{o%=1j1+Dl2{Kl5Se{+$#%K+{oF;5l({VK&EEU_M*)eOd$U%N#;j5emX75=~-0{&MFXYVSbdS>RdZVQ*~wiO%T+N#B`w zuSDlLaI*hC{4V-b0zsC*aaj@gVB0|?OM;S*Vw-{qu8r&kLH1R=|Fwf>YcGx-7@yDcIIQ+bqi*<(zIs$>H(3A6vi?-V-{L1NA%)YMgS$4+uFT~ry zV3St;o_KS~Efo;I?~M_Hun7X+_goO$G-RF!4hRo|`7HYK@~Zml9Jq+8g$YrbZjx)s zUCe|yb~YL>T#OZ`VHTOyK6-u}wW4}{8+7P2T z7K*7B(mccVdN+$aOG7;LSX0N@K$bq;e6h@P{2z3G_jtsW9cR!1sQIWA6~y9eG9W++ z4$=Ys;O~pK%v5jN>+e)`(LNT3SEfCHwbk{UGjI9`vLaxtDEu2%rgIsI)}O-uf#|sm6Dbi3Em`QcJYb?bd#Lo+}VIC2jsGhV+_l+X)5~J|@rys=|U+DPVoKUFSghp2$sr31wVRpIhiRXu@!e zyKz^3$OCIgD?!on8zWELc;bzx-gvq{=Z`H7w7mfD#|K$QbETyJF^6;`q;fH_mLbFc z`}u$R{6BvFFFya5ndgy%c2t zm$8QLbWXFA#uTVuYZBL#vyBWH#YbbG{K?`<-7h;#gqj#1ZN}7^@*I0G{I7bN^t2Ux z@e3dM%<1?;|M$6HNS8SJ@?9GEQu?s(oL}z9i>t(M`OgWPVO{f4^+)ggiYW5cP_izX zj!F8UrFp2;b1H}`nj)#R%R_`PsR?IhoA%v zUEq0+V}r0phZvYx)cw(78d^mSJDNn-Y?tY|QtFFnnn@^Q3vQyAsJGiipAT!tawIgT zrd4Q$7prp5`>Ff?2wvGx1?A_>v*4oh72V(Cw(k7Ik>5j%BKT45xr$p=3>jo(6f{eT zqWIvUC&z1kwt%215qecunO>{57EZ0zV~lzR9H6aLD;*16;$ZYfC0DcquD#(b?!b2# zW$b;LHzuBuIyJ`9(y1W$erUG_+x?$*Wvh{ncTEABiK5W;!Qgv5)ToUJkA1eWEgu|H+3&j? zm#HqTL|m2pl}zICcN-oiR_!O%AImy*I*iQx>^I(i%Pwb+cb&>k$6n7wRqe{d9CY2u z!~_oB{`5B=vL-YZ6Ti|bruK%Ci zFE0wOYDpx~4E`eFEt(@z?ZIEWcXR3!W<>h5Nl`iKd8!~xku)@qU)=#iPYY?m>zLeU zs$k4*{F}|6e52Vs3sclRGx{dcNlj>OZiICAdVe=F{^7s);w{-T7C~6%cm(>yv3(Ht z^R*~4vGd(ylCPzoQUa$)aWXy(d_ymq^0#jNup|1gvNn`zkwQDfs`9#=;Qvp;Uy!DL z$~^qS$A55Uf6a${E6o9OfCSy7%mo6@&i?)La?frR`um4qw*ed20j9tt7zLZ!HS57T zW25MFXaelX=&IP(md?gXeNuGzvIs?B$Vyv5UG)eEOgMuksZBBGYlW#eL~sm=jwgiu z`Kz}Fj*(}(vm|mx%x@q6THHSVOGr2(78!YGh&kcXr7jW{4Sro6=xJ-Hug7-2`?0#Y zyRmVLu#&>UqGA<_PNwE{cR5l=fM0@+oymJjKPM{-bBh~ajci^sBvE;6QatL;@Y2!g z_SDMnKU)inefe4MA$~rzCJfOzCMRtQAO94$);6{_HPqKuS9v`OMy$7^#-a-R5>>Gm z*9UJcFM{xV27zA`z>_iu7rdm+Q~f>WqmRfX`g+WSW* zs8ceKVMG!uW9s5QjY-+b?r!M!T)6S|(Bj;jcZ!B{{s3Am|9yq7jXU1c3jBPN(dLw) zwW94S>3=LFgcZ;3kM5}qw~4qlXy+E8SJ!AP06dKUu!&ZCv%2dk-&v45^q9~Mq$;1j zygptEjq3C^yP$08`@l29KH5%1R*$xeWpJ*s&50ts*RQ=d(i~UEkEbzfRPa=9Jqhkn z^ab(e_vqXBrP25Pc7)A1cYjaZ({g5}G}zu=AJ***0ft0}dTHR<1`TD7Y+?U=*1y{^ zCE3j2$(M5y9P;%#i$hS0H=Vc-Jl}-*);by~W(OoaIV51Eo}(5GxJ4a@VETN}-%REj zLvI!LM_2-(OCX+-QB{KE9-;gV`owEHQp~A&4?#>F7E=joXi|DWwv;4dKDn z*+8dX-3*2+x2!x*AyV6=m9TouE&9Q&OTo_kO7f$_Ed)$rJJf7#HA$cdTA?vOHe2i} z-HpZ*@v$(0*CPn16@v*Q>OQ<6497pbURvJ~)45(ihc_Z>hV9pl@ z3z~xsI0RHFUr#Nlnw#*)uyNRXWo`rT450-x>69zQtQw{hCP(2=bWTEHTQ@B*=sMiR ztfO+UM*U}eTI7((qT?)-W#EK9EaE-*LYR&~g>s?n1u?DYCQxLQhrXo=IMSgcE>UT) z`G9*?&|mXb^%*0XaN%qp8P2T(;Ami1xM>gz<%=7ar*jx0I8F#V?CS@m(>r<)N)hul1=o&>xXe#F*Fvby$~y){W8a{ zE>OQj9`8vXFLfjnCV|fn;>xlxl0QABH}|+X-~6;JaxA)RK&09~<|MWCF}F--nAFJS zhk$ROL=wVY84mkNq}52L&Mlu=YNNC^!>VDD4}(08xcTB7d+V6TJN4_hNX@jjDd*ssZAz^GFGV5EE$^qf@!I;C|lP0XTr2a zNf6R;SJo^ErtPsAwS)Wh`3~eFmag@~{Rc75AGB9>CmW0`%Ch00x}-0^QVazwzi!|j zIp=of6?J6a=fZ;gB(p5Ug0C!K=qFpKZXd`uwXB!7=J9Q5~{ePS6j-u7z+(l zC}`Lp{^D!6OD-Q8vP{V^vLJ-d1gxyqxH+n}t5UV)^whglTXXH&*4uFbqc)23iL1Lq z0>=f-8`SQsa!eun?nR^7#!{n7qh{*`$X2f3ydl_yW`8jB%GTbpZ1;+*t0@9vQzi3f z@Fg~vil%g!!Q$zYKtPb?QmCx8d#)f55?yv$4JR*t*qErcSQZUje2+oV$@8J~B&~gt~qvSS4!)oAT zQ6D0m6@kxT@nz$IE5YcHr_lbb0@{_1ZtZ$sOysMret%HUnm+mcbE?u~Db>yM7$X6N zJ9@-y9SGhPq2tG?3suia=l*_#UhUQ^6H7CkYwqyE%p$Vp0MmmSHiSA)*X#J`4M}bO z`?UJKRi@g;HufO`#|Tmlc!K8KsQ>@be=n5aq)D?VaP?q!Cz&gnhU`pByc^|Q)B@n0 z@P)6unM6=y%REfpCf!r3;s|Fgot`FGJf9>R{*s*ZZ?30s7pacZ%i86$G~L?Hc3kf( zy_3!0rg<3ij##-$A-|7f1S1HHy^4*|(K2zNoitVnUi`=m^DKxUk{agotcCQ5g~D3r@Dayg{pv|4o1*`|Lur$RYwfJFTFPbtjD^we zD(hpv@xyPRRM9Lr6nxmqx0=mL-nMi;6o+aXm!)^gH>LJ_0Q#v+pZdUXOpyyfcgTul zuk|h-0%MO`yUezmJUvB>0IryI&mXiTO-{-t7(vfVqR8`#ZVwh(Gjcg8#(m=rrwiHk zK&He)EsL*ckM;9OyN}{@(~xQU1f6ZG@H%Omk?z10Do|Hwbnb&yh znPfZ`iu+=_S!qL}z_l+G=79FLQ^^DS)8mHu9RAIn`d63d#>Za@@XlK0L4P!%1#roh z$YmR~lC^nr;cI0^5gDKT_7s!6-wOc({%hGWPl<~Zm+1}$U zuxuxVrG}Jm4(r^cwE4Icg&SSYC?o}_XPdh?$7Mj5dd%l$6}MuaP_(1@~^&hREnm*VEn~t{WKI@ z>T&Jns-(;gdXV(TTo-pzes;kB$9b{cpj`xJbbrXbgbgaVTP|lG{h_;@6>Dq~#|WBe z5+W?_4l7Y&g;9apsr*{3s8DG?XskSL?TW9(*@uIQ%W1o2>6tAfZ9-8CbBZy5S< zt+J6YJpy1X;%TJXdUMp_{_1d(k`)zw_cpuHL-fybP8tTILWS4^hv{Mt_jyo)Trsvv zED>pUdZQ`qU>Fi-=|-hV8>i<#9`#laZNo1oxLAVM+NGu+I-Q3?cu+ACO5-F!t0KEc ziIc%>TS)yNgmsS%8QDMTfjN;Gr^}rEQSXsN|$FUL5Th}lbsi` z4ZY>Yw3`%nKmf4C<> z6}%Mu!2D>t++tbR{W&{f#HlK=y7(@XAT|WsHO)=sxEkMiaO!j6W1?GTS;f3!LC&a# zcR@XJeG ziGO)+gwRCCB1v+UT$;&EMqsh1$iNqu$8augaReYRs94$4-O{{3um zc6NStZg%=%QLc=Uo)8lf8W9$ajK>rfy7OJR5EJ*eZ|mbX{<~YTu3=*E&+Dgc?0^4P zfLoj1!tzA@$E1LnWG-E%$>F6*gf#^q5J7R<@c0TZy>u%}+Xt-a{?tka%&VP#7IfE zvkB=lE4x9bKdL!!f>G^w2IAxXf|IJgmjjVyVAwA~wAWlfbh!y>QG^SQK98Y^P;ZD!M% zxMF3$5)6YOFhp9})$CG9)038YVnHo^8C%=j`bXnu{+#F}3@sxdAVXKvqXp~0-t8;b zPA~@6hj!McrZNpBWtC;H=NS?`l2CZh0i!J?$#yj&!mLE^(MTO3Z!6vZnp;jHNR3Oc z*KrI*5g1^x>MlY73ChQiAeKpSp_GM|Ms4;fi4UhXRmu;6^S0+`-X@U|hLdba5Fb6v z3zDkPzFyGJ#9I+9Swd8SZq#u^a0(obL@IP3rx#yjF|fh>VNMD1$MDI%K%qUr&QVnr zja_Eqs`-3>y^S%Hs0M;VVb_cN!)gNiLb7Q!r_f04@ITXAtRh)tNV!WyTV}_x9r{oC zU6ajjxY~b?C=%Z46Gc?#(Q3r|JHD7%k>HYBZY)Ad&x>M^rEa&088)8fjdNuBNJsil z-`n2a>Xi~_Zp^OuW~(ff1YW9Ej7p``Z?^%Pj07}uX;)@Gmrd(Fp}uRHwq?Ca;5Zgm z+9j78!DQUnzL%wJWxZ$U0a*^>2!5Gve8a(% zc~P~lPa1RY<{L7D7>Cs3NvI|VBms-1Dk@nNW#uc~P6#eKvxETIuC2yCXKy-5bPnqH zK|v`0aF??p9$YqqaTNzP-Qxr)*})W*6u)jaotkfO&;ymo@ie)fW-bYmswk2K_x?L@ z+D;HAH5VpVu!Ms?BiUM7*UOYwxtT5O>e+++X3xwp)Alhebr9_94A}2~fW2KK2O6;~ zZ?1Dh+N`LJCmzOLm>sY+R+iA15Kx)}yex(%Q4)Go#WR;M;rxHz$|`!R;LXsZu2qgt4f^Wu=if)rI9lM=uSTd&SL;ZafYQeA9AJtQ_Pk zzUHJ$TXl}6O9BhRw4mkcfu`%F=i5R=kJ`ZTuA@R{-XkGKy~CQ>tPJ|}WgcKY3zKMo zUPbkQ5o`u~!0AF}%Q*v1f#YBrjI!$M>uRA*I40uf?O!vqv)3qC$cZs_dRi);&dHF8 z`OHmcFjXa7R*Ab+3s!+ia3KuY1=a_26_w}%VlV7d+u_9?Sw%fnIKo*te-mGBV$@&{ zx>OAM-$jAVwbJ|#N2)K(wv40;iu|aN1(I;vrQR$%lh4`k(VIsi%`yz&X~-f=lh{x& z6w$3--Ow;}&D^F`GnLO5^b-jjU+O>&M0q{n8m2+0$l!I<`4KvN5Iqd;?II*&gkH|j zg<%B6Na|oFq%vt)JKPOyO+pDlwa4y?9TbDCzU7BDG8f3@H*`Z&bjOcInd+*vd!%Sj zTY*|%2p8anm|Rw`rWInpu@wHlRyw;JB{mIS+YW zoaAdXC$QLgwCStBI>sxTSSr!^d=@xWj8n;4ew*40gYmwqv(bSH*wGQ5C8!V~uMn;O z_eYWlqO8kvl(WTLa>by#@1mY^aj#)YxWjIcO34ooI^jl&Ro>(BGYr)h86wR*y4{3a z7|#!az$j&dM==7wi8W&dW7GOE&Z?&Ex*pzId?+q?>3$TgE%aKg?!KcLrUp-Yeh`GE zU6cyGEzbLVd_VOUv{7wB4(JApZy`XkDB>rK;f)T*0tAr`CN4)D=Qa!<^gmGG$2r`> z4Ytv~^Ou<0?C2T5*~excv#wA$@XyIC(e`^HbhSNACtg8F|)9vF9ddffgeFOT~d zeefO-^ce<7$xez?-gDf4Na4s?6|ZKkEI(|uuH_j?;8})Yc;3=^0c$RvZFWuC7Ry=R zav_ZiLkYf~tXHy^x~U3x6WI(4L>?x{UR4+QT5??3)%e)3=Tf%qZ<=^%jvy$(O38-l z`d)~Wf`!S6l{J@x6(V&ekCSP(4h$nhqW$mJlx93DnFD9eFwl)T1|cKvWt^HUg>;6@ z#AN{|czMk7;AQa=T~19+p^4|fVl~M)G%N~y)+1i^s`2^MRXM6hb(K3uFX2!ySQQ9) zWtsSnt*NT*$D{F2=G|P5Wp^|ZniA^!wqaP7;{dSfI|jHyBYkodBhHKHo&_d{?sVRZ z_87x6>@r**dy50V>W}iZEp=D+ExjD^`eN(3;r9j6ZjSbv%u)sMp>dfQFGgtfk~mJ% zA3Lt;?cC)`y#?9RCYBK=DY{-Z*AK<1;I4BIaP)$U?x#MkIO?DVBEev_V&%bxqNG{F zqj8l2PfYXhsy)J7T2mVP$SlLq8cllNL-`41wy)60=uWLWmga*iMdLNi1@T6c zyot05R@pX<-Bp`ro8;_w^t&puu{@HAJrdxSXw+))>^euP1&h*}ua`g8Y_*zc2|Gi+ z@vUVNv!dK$Nh&wV?Lmi&o9cK_pX1(^rE9uTWm&*r2q~3~8xe3N)Gmbdx317h1W{L| z%`DB_j?>|q=Bqq{PJ<w1B`YiLq)^gKW$9VnV^(=9@o=4Y8(MOJsSn4s&mgr0rcoGI zz(PpIawY=%)}EkkOIQv|Tx)t4{W4|G?nvgux>4McbOb^u+8VU0G0Cwk#}G($ys&I1 ziqkOs@nWadr03X6xlu4(kQ)B{fNZ?ek?pS*Z(~W$GCme$5hf!53X@PAHlsSV2-*2D2gMEE;Lbn21|#KFrW1z#tPCwkf96T%=FUzr7?_+rZ$j; zyS**f!W`rVMKY%c_b{l;M5IYsw4Pa5!WzY76G9pm!~F7u0GBRa+OoM~U;#@bUsc^O zjC|iKMn7Dt*4$UlaebKrc(T~kvjv3?mA%>wOKE#z(RpiRgl%QVB`*G-_ z3A#mdyQrYljG#!!{nRA1z#URK5t7BRgh4z0<-_ccW3Y21PH`VN2v_hh5hijfgGhYd zq?g?JT2{|=lR35Fs_NBvY0Lo!l_arO1S@(J;>vK7 z;m}!n?c&A6P4v*Q5$1U1^#=hMZ;TxFBAhc|tX)eC!uCFE)OUITCrj6w53gS{6nzY9dDw z`D5SlP?{tV2q8$C1^T;=@<=t=XL;7eznsl961>5LZqAMbS#@%opT(gHn_-=`2Eas+ z3@0;bY&C0PKk7r%K3$X#K}kj=${%Oj7V9)G6$l{5 z%DR8HE{zY`aj+7;zzEsKab`qRqy}(K%w%AfsB(7h0YoA&n8eGk9+ZlW>&QN0bfDSG z<0U+ALR+@Cz??;ZAix=^|6pZxcmn&I`S1W2!a4b+<64=87ajvbBM7?8gB;vi#64ci zvC`iDYB9X9HxO+1d)__GevjX|Z2h$9CELHBTfKw-6>e0Qk#vp zA6yQ58^`3N-yuGX1hUxVP+3)V0g!k?MJa@s0Fs{iJwlLCMt8GKhL@%CBAR_<&ey9i z*P5$>0v|hZF+{nJXSB3SM0SI4fTC0eG{pA)E`FQ4Sq5*R3QBph+hZXcog2goU(BSV z%_65AGn|~-k^ixyTD3_Tc2W@JPhry4wm~;4s(fcmKM5RJXTxP)Fp< zOfgLv%QJG2t+>%-rqx2mwAHeiaH&0JmYUST*39_Lkaql1g_nnkSMJ~*OkW>ZgT>#h+jBb2{p zz)UDKY&HQiG7%zOZ?X`;Cz~zBn;O>!0DHiLD{a?!vN_q1%(Ae5hE~G4RAL3$Ib%yj zE4U1ieIQcTE;*Oh?|Zp^!; zys7V?RM<5BxrJY#MZM4BM~jeas&@bD7m>t1r*IAIlwt7lKO71Dj~JN45uA&fIsep5 zUw`r78R$Y7cto(N25IXA$B(m6S7lbp;hIRTR2%3Iqein?EI=FefK39tNI&!vDDkLS=nw_3Rv|)RJZ+>dZ!ATK< zkS8%E$}}UZ)m(0T6NxOpp3Qt4eSj$N<8xgMM(Bs{$Tw!+MH_7EYKEPgH!z=G#fH(v zQ>V{aI~43cI%mc^6+0Fm-M-=@Hx4S^aoOHoH0(7t#{;>`*7IUYwtexPxf>hGt$GKs z;H}ka=T^MBZ@PI58fI#=Z&@NtGszS-c2}HHhV07tDeM@)9AAdr!RNfFL7oYT+LC7= zz*Qu7*C@t3Z?;NEvsZcC@`@>|^c#9GIFv~*waHz<=zw8>4cy4G@5w9`rF!DWZ;0G)z>!#z5^RlkX(DuWN7n@=X>#+jpTlIZ%;{ z2(I#ONqCovP0KLQB?lDvu8c18{qnlt?upPHY#86q9-_>S)dNxRN!kLb^G*Oh|v0VuvJ?CqUG@N7DM$t(Wh5`J*Ra*M)yL7ufknUcg z7B~upJ622jQ>Pf=o^P}^FgC(yju-igrkkcN3zB@9yGJd{uxP8M8)-hK#1kmemN1vn z+R#r}!>x+%*KAFqP_(095uwii^YkQ)KSsHC=pqbP;0n*^cyjZJZ|}jNz}a2vMHfPY z5!sq%7eN?uq|j(ML|65P7vvcK6lGid^wLcw9cDP6!hLCQ@Plq+*!Nb&-SsM9RQWV3m zSl;f>w+GeJI*E+*_!LDH4uRAXIt!BT%;t(g!le^%V$rrWNpS6JA&!lwYkGV zO9=S_MpVjw%ew4p?%?%t;ekv9%ElNgE0W+*kPZiFly^?8LOIg~n&-2_=Wl`awK@$z zT%P45syT?7?^qX@9tnhG8RA%@C4~`lykadNF+*brqS?BHCegd?-5(6smmg!`NjwHI;koos zw~QHj>(-nDjNhLdnVGvz*QtMd4KRhpbFe5fh&KnfF6Mm{g)e9eVn2EmHd_WV zbG#|D1SgQi=e(r-)*zTZ{^xzJs|C+L#P4-1kzb|k4*%NA@s+2Zd-zQoqu{N>q_3xe zsXMM4;P=8A4ZnM#jHC!C!H^*CLaA9M5k_EI=%Qri<2H@(C~|p*QNuA1PE9AH-VPMs z7EuU6-ljGzO%XZlJlUSLz9I?YGp8g-c#5A*&A^_MqM1m<|5VX)MT%3ZXTymKDOI;j zO*1WBrQznRV9O#?EG$O>S3J3HWkcV2*Imv^r{gH}l7l`CJ2w|c+vAuFbcrRde5byu zMaSPy4~ZxbV&ukd#XX!Ckcm#tg+K5pLdaMt8KWiSX}pvYt-_uopEMS|AEtuFafV&J z`}N&#v_r4$&iBplnY@{9>E&Z>{)jgHk2sjbNfa^XaCl?-p&j&1w%!>=_74v0Yy7xp z6t2!U*IF4>n>X5*h!4{xPK=d~yR&1i|MlI&J=@)fZQ0%{{AO?J8z#2$M0biCA95(k$mR7FF5yf)Pzc<6)hbEOTuMOGH?gW?ej!q zPM`rIBkPW55nVc-+4ErA)8Qpa5MbUf*C){}Tvb85iS;ly0*F@WXD(rBm*rqbwC2@; zhal0ELu<`33AgJP3o%EI$g4Fpm$+K!To(YiF(YW3yuHnPLVttZKa$fw+PlFb7bU6# zr7cZRvGUWWr8zm33bPZ+m!0yRz56ym|l)!xUVeamFGRB-^_CBn2|=;qrrUKsDj zd$vZXqBRh+kBL|jFDnUc4dP74i-Mwv6jqh#bI6oneuzZsBDfYUR66) zLyfhXX2!r7(mXxqM3yE;Nq>$r?vfOiL~sV@B@Fko{-Z9tzx&XBs{Pu3iYdo58)UcS zpqU=77(Md@nKgsY9bQGltbFUfzXh7OE)LQf+Dd2)$Y>xXsr*m6Kjid!od1*4!c3Ui zyy!;xbgXDRLlV5G8Mb4nB-~*|V5$=4uVkV8^A69? z&&{eFjHidRns7p;h2g9q8>S^vR%qH<5!p1jPQWh*_rd4a7t)2?pQ3uzDjW3gVN!j~}#~*XI*a*G4jAVpW#8p6l4=`#7#2Zi(W2hhZ=@MC_VB z=ySr`{^B1$Xawi}3&Tmm=CLq09i*AO(!yQO=ZQ|a_55AHkTw)0$QuF8lPRRt4ud3# zEf#LI>VJHA0WJ{%OIVIwdX;sc2<^pob4d_&r);6`M+f+G2U_by1YXG) z?h4yZOiSw7LqaGgVhJwbbampaBX3{$*yGz5Y7c@Wv(DsCJe#6I-Wxj(^hsG5Gl|u7 z>CR5>h_8r?=;ezSjDd%9+irWjwEg-i8azARz;GN=kRpy((W?!{TMH1 zfbac{@8=UcXOIf1f<>}t9vYs1jT8*!CL@PBRaS>w^_ZJnoy;631}tAB37+rMi?W~? zPI2LUpP6zM$f&xoyyzod)K4KPhHEqFpdCsCzmgP84|}{H=fje9&%GjbU@jO9R5){R z0-JD8X+caruRo>lGERYTSN;?HsArE5gakV;of7XC(xB~QEN-~M=FvyUS%p}JZXx3<$~$DDAi&kpqb>40cv7J&CE1BAbdMoMHmUy1_swRUaUP2?$r=tc2sPiFQeIY{tgs z{zQhFw7?iRFppZ=1qR9uDUc#i-2Vi(?DDJNmNIrp-0LLAF+r=NQ^W8dz3~G9_mHJpuRo&q)t(n{4nRabkHzlk>g%sg zgj@-hZ=!W@jTW!%yfC|puE(`bsi`Y3JzO;~O~v+beLZFyyl;M$r5pAtFKxTr-~Lom zbs?%GVBvk&R0Yba>Gt>Q>+jO1lE zyNQHA;}>Sfo(lk8oOjpSIcZ(}0CO6j0lU$=79ol#?7HCY9laqx4_3n0j$0TaAsi~Rim2F-sV?AJ%ba%6H=t4}8 z1uuYGJ2M$<*J7*HlSYp31z{#t7OOSKSFVaX6SMV!c;149Meitj9Z4g8dZ*&9mFUu zqc8-FdmaX7CXwojRPpe9cETck*8)HFcFHfaLU2YOs{WT+&0nTdt(dEKk)I73$LX)W4V(cMU)v$ z+h;DkE)^-k%D%Q`EiiJl2`d>+d(kf5vzLTIKinfwTE_PaT=ky@ZRyrB#c5|jZzFR@ z{&F*SCB_u;D<#)$nv>!=R~@cz5lA>ZR*&p$?AKZ8cGzw>)BI#Hw?FOP^icAe+{ zss3W^ZA?x)RG@$Bh5;Bi*GS7yK^oS3>$;JneT`uM5vRZUWW#=FZSA22^juvx%GeD? zVf5{;`$+^{+V9X8W>Dil(abOYGBJ3mJlY%zvxjx8NFlYqf{T}Zhfq);Nrr(CDFt{j zCboJecNINMtl3E<;vY}iH8*66us|UFU5EQu!jBc}EStw?7xCQR6B(7sWl|EOV$mcT zi@gpJy^5h_r5>yUTfsK45sW@|gss{R*7~)OM=%c>>)6?;<*QWSH(%`8e6e|g`||rb z6nigxfH&t@znv=Wm#g6U2RCgu*KaOw!+qmfXG3Fm zXKkSkyABa&2zc8DATauh>d)g#L;@ilJyL#hU-0NpgQ5y67)MVQx7@lZ@Lue?Eh55y z<-dq5E!J%Pp7mk>eP)3w`??k&`%5|uQ`-sFKd&RzR|3d3N>*%}r|k~28CaWxa z+u^(w=*bP@h7fZx=+Y+O$zIT~bMzH3YN7PM(D{K&AB5H*GB5p7Tq2%mcPIM%y9|X0 zNLX+0deREr`b`v1ja#B9)r2~ic*|@hA7}f1f}RMCNqQKeHRV9T#NS}t6CKw^vnNSP zYIb1*tAEWm>&vlZk6Pru0bm0`jxOI3Z&?(w%}Ni`stm+Csa?&=o2$1(hj;NaZ5=&l z4Ew6=Rbsf7>u{LRy$<4JCdVd}pWyvb@PU_ut49H`A==J?evt5BqRJJPo34H~Fr~18(y2yrm>wB6y#MD!n`KDv!w2H^xT_p`(ViA~`@PR61$89=H zq$$Aq?G$oP_&*r%glc34hvn(n7v5_9@TXmPx$sT&e<8lDr9%8)+e#dG@e0m5zqVc< z2sA%4;tTB_$G~>`sau3@Zg=A*4)7chE_^4 z9*5y`g?(#RJ+Wt)MDeTWlKxNA^b9WSz-JJ8fDu2DlMSy;Z;umL!85BuJ`DpA5#heA z&Pdwo3#Jx0G=X;n+R816Xhty}oWXuBZX6EE{UmcaEOI0O?qdM33AM zO=Ss?bvb0>q?ddE&u?h9RMwyhhfll!ex`-tf<3j93DL9Q;Oc}+j=*fn=y7WpkQ{ru z!r+3H&xgEwgzWq~({GTk9=})I>K7Y7#>tC(tE4qSJ>?yo1Gx)5C794Hf(>0H_@Zxw zXULgQj~)LjqE(r1kFw}?2Pk#5^SVexz{PsH7?5jMIzE!kug#6Pr z`5`b~FSWG?Twbm`_usnqxf?%O%x6Uv^$*@;9sd~~uic&dD9~5X%@x=2UKoKGV_`TI z<5((g)WZ!AyB)v$KZka_lJeY8Js@Q_JnXhmdA4$YMq&#RO8ie-Klw8HIOIqud?zZbwPO@+Jo^h}!sPtOg|a+Ha@}F51F)$yIkv9L{1UduGVK5kd1d)o*Iy!! zJn+&6v{!dWdVf!DM{aLI&%CDNly2|H_{AE@3U^5`+#?C$Jqd#&VcP%&UoV=%-?sn# z!Joe|`JLj-_oh#pNkh~CX2mB?z@`J|!Pd??s9;iaIafvl+#eHPxsKj^78y;BXV*}d z_w-n=5K`ipx^-1jZJN)(Lg0~`e8(1_{>sz}e)ii}j+p>%hEqL}@O`uJMz>Ge+aat% zR7Tyz1IIr3F(KyrpF017PdPj(*OXKghI?ye_8%33?EBc0erN^v|BwFW?h}1W_Ar0% z93sBR*MT|e1Wl8&JfbJF&7(!Bqn_F!|5x|c3@yBxEX*jPf3Uoi5Vrm(Q+!cS&yhFQ zDgS=*CvLkuw0zk-G=FBohc5anHrNb=sH1`2-P0!@rCDt}{rvhx?)7Nbsz=i*<9efR zecdj>%vH_VMZP5I|GBaQpZ`DdkN;Gg_~yV!v_JdCccP$j)0Jzl-}41)Hx6v?R++K0 zYGn)(`2U8OBL6B$-~2V)*}Ebkqo2x8H1SfTQy*t(UU6(@_;=Fjd5)j@LmfgGNTE%a z1tkHBwaBoQr}CwiSH}EycY8Cwf6~G=ON}lq(zSDh;!8uBOkYj#kiIw4_-U1!cqvL< ztb)M}g%^?#W1@7`Y1X4&s|wltaVSI0LkzcU>J;@EkE4z;XaALv@COu9WX@2=Ih3RJ z^;x~rm59V%T<#(jH7Hl=(@DK4q3RXu5UBb2txeP5wKw{exV9A`gvku7x+PQ?D;C`1 zK^Y}pRQR#|&@R+ndOVWX_f*tv^iZ`R8< zpW^DeN|OQe6&Hkxy*Fo(p2F*mP65Ja+ku(TO>EvN+H}OLXUezS9F5Wg6}kM8!N}Dv!KqqXH%*aZ?qo_SsjSw13h8{2qQMqPYeO88dYOrc#r% zzUdr-3`$EqfX8KNb7N|+5Tb>_EB3B^w-?>#Q{}z-E4ig^L#uTP7_dT8FERXMCwk8r&l`FdXXij8#+l^8~^z8j%jUPoW7kkdU+U+m*WqG^hI3d>u`putyG zyR;ZHMDNnE;tre7Z+dOrRos7>0ntozZ8#N{U=8&u(e?`4&v_7qcgzgE&a7&sb%JM+ zwF=em&~Nk~^pyj|5u#CRl=g?s8MNRlg&5gfIcoMc;?oraB`v%~55PVwAA|}dUK7;+ z_Fub`P<+c$v_Daa#=(*5RY_CLfO`vQhf%FVmkiM9$}2Sec*X?!7cPe+h=*#?Fa#Ct z2gd)~a8_F}czWWpcEkKQ7v(Pt9^4;y<^ceyb`U&1fr&Q*!8^*@Mjwt*-utQNv3%qD&)m zH!9!NNi>^j)c^Oz>^w{W4{qEAL6U$XP8!nv11@4(5XXg}Kwwz-eyL0ZT;iD*PDzcb zU|W($kpybNpDpO(Cl#95Y}|MR?+@lkloJadMjj#9H@&%V%`8FXTnt%B>+^g&0+m#z zTzGUaZw>-Trc>y;0&T`qw4b(WCFP!PBZ4bxb5w+9E@;nqgc8V7SDjx9!k?Sa2TwHg z{FZT&+lb0X%S6ocIO*m2(zpl$A;vL%!**Sxw@Wg``AASM^ zefh155GD4|{>&suk|IrpEIIPf6exa}Hfz$NO@}UYn|=d^j2K&GV@eB$s{dcZoP`H0 zS+Qor7A-pT7%*bO42}h>6Q_PFQR>XOKVB$<)oPbPNAR#K_`t}KBu|aMA)r4>5O5Kv z3RDQOVb^HD4r*XtYeNdkLtO^l*I_7727(QTWGWuA_f8*5IvsJW8&ZZ^2pn?cszT$A zUc|gJ%eHO$?U5{10t)Cb@$kemsvL}l81JbxhlC-R8#3GpIS98N9MwDEdiu7*;Cl7Z z1fhk&3tGp3M4^MhLqgkZ0t*gLAd<)wY9?+vqo3?6zKDLRANbjv{?WC)>pH$bnB5kX zSQ1S#rk`$#luWMBH!w6ZHYuXqDvx=aRP%u3m3N*{SibOl5ZwUKGZJN@pP?}Y6o}0q zhbMHwm_()&L@lJyf@yRHlO--8Db*TV8Fr5g;}lV3;j&!0%6+RS1w|$0HrnQ)s#dgm zvBCXSLsLsz$BI>5J^l8D*5h~9+7h06X`M|-OiJ$WdNeIVL`&%+!-IUG3Y`&U+m26w zjRPi3n&LHW#%wur<}EmEk&i!wH4aK$BBEkQ7vr39*1)8s0pt9>wlRkaWO1A{}uA4f(%jS1f1TycIKKYmV5P0!5E%`Yr2EfdE1eOTYv+}hsR z-P=DnJUTu({e6ZSXW-)U>bha$#i^fPz!p**lpe))T+fFQayWmOI6+c0!*aYJO0uGA zx?x(j<9dD&MscE^+{^xa75%|*G@eXnb1(!7gCmeAG-gboR?X>L4j;tf2}BZ^LZ#6e zOqRHWq}0@gFUznwvRpZN1>idOtD>r=uAvEC2PKrKq6#IdM#9#a0YC1PcY0=aZhnEW z&cKnSKoGAERX2!$)#0U{3{J4rp^7T1sLGXoStX7aL`hauO*hIFlsa&MO$V5C07*wc z(fPZD5fsA-lA;+Fh|d50WkuC=!?bM2_52`=;v~&-h%ljy3#qiR?(0Yb3W$=dsG4q= zmhHG;2owfKAW>)x7KbMgNn{F@MrSZtYz~*l7YIdSiBwM}SLhoU8X23InwbY-6sx4y z9}Gw1$#gbfELZEzcDFwqPv^_^cGt!_c%(>KUX-4zx@kLkzTThj?|(=Ac6{)8Y@7I{)lvv~orA{u6kD2y8K^&=>x zIgsrqSZtv(+ta26cc#v#oNZ`(%GrB0#9~z9N@D{nKRK>-m)}!yT=Zlu$`7oPzInRa z??>PdlI0Fk0~-7A-LenHAL_^)MQof@da#u25o7h$v9r0&YmPx4%LIg?XOs+rTI+RS#M zOLZxkl)2)HE0dCv)GPBf^-8@mKdDdZJN5OPg+W0|`U&2E217&{EpR{6jf-ET<~Ob# zyGpW!Vdu8_6zO5^DnYi}VGk0*eL6nbTaYBSL?6(dV&iTWpgnyYL%7EGjvBlDy8+Oi z(46Rsrf37tak2D?pMoxcS@>+Sd>_yY2Zz`LCe}O zQgoznrvBh^S`}BgWIt;tmu7+l|1f)Sj1GH6KtxEDDh!aOdO zHn|EB=5ZmFHa1r!BBaXI0AfO!$Awhd*jyiBLb;Gi8=I>GM3_*ArDg1tQI6$2nlDD$|GN*kMdAiT8%h%lkd<3hR@)gS&QCX=Vu(Cq>UbIk}NSBTUbp`6*j$E;?pq^STdn1>p#wEP;q*MzP^6jiiu%a4-@Z20zbb&Y-L?^|BD(Ah^v|L}jm!X=qkUa6M|Qgu5) z6Mwyy;M3~Wo@cX8o4`Fc+!W`Pjog@j0wc%_Xh|sR#TM$0>b5Mo1D-}=#y`qGdCARz zp*OR0tU3L&*mgOhfte*?nJd#eadea>iXWJc^!W^EB4{dHe>YyD#cS=0_J_q0E@GfI z_}ZBBcX>JwbKn-Zg@S)8JtBoVPe6%t)C?rd-zcm`Ua-YQP|;&ZAmaIUjeJk0m|KPF z8}JjR%!}W+0%!{mreYe#&H+F~qMHF!WGeu1w2GKAkL&;T3-5l1W9atnsSdu{#D7#% z{B&sx@=$j>{ZH;gGX&OD1cSu#8lGsTvbi=ulBvLk6(3L1va zvn;@}k$z9k!Sf`cH9l&;-F663Vf~2uD)`Ddnb}hdj?)*=-^|yb1jND%N H3Qq$7iB`6k literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/_static/fonts/roboto/LICENSE.txt b/ia-terms-updates/it/_static/fonts/roboto/LICENSE.txt new file mode 100644 index 000000000..d64569567 --- /dev/null +++ b/ia-terms-updates/it/_static/fonts/roboto/LICENSE.txt @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/ia-terms-updates/it/_static/fonts/roboto/roboto-bold.woff2 b/ia-terms-updates/it/_static/fonts/roboto/roboto-bold.woff2 new file mode 100644 index 0000000000000000000000000000000000000000..ed8b5520cabda5a8856fd0cf64afa7d72be193f3 GIT binary patch literal 50452 zcmZU)Q>-vN+l9IPY}>YN+qP}nwr$(CZQHhO?|Hv}k~x`m()6ggnsnXGy;?UpQAPkj zfd4dt41oCG0Qiv%05Dtw07Ue^+5b4e${03PN_S$iA;NE$ni z$X7hFa&trRt3z#u1})}s0>*^&IL!Y3Pm{-C?^$=W_q1uv7EnJD3xS+2ke8)S`OL%U zAzX^G5V@6{W^*Nt*-l6ckZ-g%^>vPVlk|m|rZv$mt9$*&!hF=+yPr5b1{z*+&q}yT zh(8{JNuSaUqS>Yg-E;OYucf1r?I>^qQVW%}mK5gVM$=46gBskL#FPkPZpne1CCz-r z)7dh2iH-Snn1oSZdYAkxS8~b|_h%4P5iXt!k9I%0WvSMy*cyH-U!ZoRjx2Zl%(~1) zo%B`9hSBE8UBS?xG1K_4YS6fz`elk%qUq-Mo*7?dbL3&2-ppjwH!Yhc8LWMwT%3~#7HB6KlW6S$3%x7t4K7xHHiu#P`Lpqv zSeglXbRya#a@%b-G>VelTR(I6qS>^<#r6zYhYB@Z?aXRuwl|#kxLHIg=0#JrWQ4OE zM^XycV`g)`e{t)C6-mMoK#I_qF3T#DNSDgko8U+Xw6G)#@O?9VUUCZs>oOGj_$4v< zhRERxO^Bz$X|fDvG&|AT&I#=;4b(?n;f@P?GG_xeKcO#ji|+|H9w?FD%y+Zx<&1vX zt!OEza+NC)LiM6D=nV|!F5f@CdLFccM4xcH@=E}8&Hw{|FW_n5Y)Zat5%v-GNsr{( zP#NH9fZ1EP%DItu`T%5#>^X`gISvAyHnib|%HfjW>FNN0-+YZ{vp#{iHBr%zLHJ+{ z5*zB@zH@f2uBLN74^{cMF|`Sb<+v7yD$RmR;=^~j0O@Bt%wR}HJOa$(FkG}^PT0oL zrWTSykW9EPUV2BgVMUyG9q5k48m<~jv99ArK^6~V8Werz

3~j7indmdALuwtkd|9SGqqkLpYe3_e>$h65$)7jB+K4itc@Q(9a5 z0($kK48=n`=Wm6woDJ|cGb(E=3b0u=U}h`d0kryAf@S$#fUd}p0?*_9%DW;M1camQ=E&h5hI(O<-wloj( z!i0R^?gadRed|l@Q%T_COhOcJOB1Ab+IIm{Xjd2dY5v=XW8mk9xj(gj@?KaT686@-oNi(%)aEeCdjVa!vSc3bz6+VmYxRhe?56sbtuoVJS8H>vtnQnK3|Fk@7~v zg(}U}@_291+PVE^6p^y7WgCxudv+&(WTMa9P{nf-_N zoWmIaC|R3+$IHKFZUP3bVACHz@JasBn(GQ&E*)_MqfR(3s%8Zb(CN1qCodn;jPrC%3w^-#!(WFMf%M z;++Z7MY6Oqu9e>G3zB@KWyh&rpEq|~Ki_|MdmC|pIjLGn*}Gpq$K)l+Ll3FhjvS%>n|CX{c=}@Wyo#b7US7zBgfVi)Drb@A z$}z(aIC^Jae^r-iUUc}9tR&UY?_-7Awvmqk$vlsAW>Kb@iJc(7CHDZ5q~&VKCnAE zQIj%vi*XEJe96>y)Ph$PC>bAb+b~3F?t4pwik*anvrYoSg5Za_XCZ!d`+IJ;C4NgX zBS?+#qbb_g5Yoog>SJ(^sGfME;KZP@`NbPS8+0| z7q5n#rS$syEyXeOe}5*GJl9w`Z8=Xa?I((erGP>Ff>&15N#9XH_{;$3OyIoSbntqN z<`pIRk}3I=D*2i%`75eHm^MHy7ho{x05|n$mgDf|>)_|bN%>2`{ALjWw28nvC19Ph z|CkGa&-rrr-=2YaOu#%RV4pLQ&U*;*{Y3pwk^1Gsfzm0p0rbH#{4-3zOjBUeb==Kg zIs6x#K#fL0oaTV1*>KhQ1M~+%0!2_ENGVaND~#)#7yB6}0j4PaQP%<07e@9MOALf! zg|aTP7o&0bUrcN@ctP)Aj|_<%mc&g0|=cpOpruq9JNd#^zvfX(MCm&TR-9KByWu5MI@J(>6$v+QC|0mx+LX=+2(hH zrY(Q*3QG|_==Ij~xa)F4zlHw}Q^f)}^g0}ehc!b;=ckO9&9KhyHrlQGj6_Eo@XRmEK2tK|) zBT^$ex^&pT&Z`W4K_u{|Ou8#H!;v_#Ip`7o+SRQpM8a}o=p=jdn zbzJV+C9h6Ke|qcboMZ^y$VAP&ehPOBLAbIWgv)5R&Rus}GmWojnv(rA+kUvWmDJHatx}#Z0Ta7Pv}z>bO5iRhu(@(4&fJsv zZdY|ih`?Mbu@Qr_9EP~Dkr<#XfOZ<)+1RvloOKi^@-Q94?vj9e77YZFX*;ZJr}!0g zd;8OS72<)g^F6#Qc*qwjsHx3V= z4eaONPJH2RT~CwL-mK=hWO!K5UY*|DXKnZwx6sw^H^}VV-)u5EeW_k6E~;PU;@m>` zI|5@RZ?&z#hdDac>X*=X%?_0xIIP;22d!e)Nk6iBeTG+iCZJRMCAjEi3vb|2%bp@| zaBX2MY)^66GntX^u`uYL6#?dK%+V(I6n4oc8|X&l)HKz8ab-J9k!E|Ll~`;wYKZEy zI!RVNc^=zK3Fbt}DRnbwA@_Q5ZMR@_-FT(Zn&OG@bRO)no6{=xQ@KlXrh?Cn#QQW7 zxaN*5uqm}CtLj6sy*BBX#30WA;>nNp+W+HtJ$ggu#w$tv6N;fVDYsp#?X&8H(b=K$ zbnhYAo;ul``)0MvbsNpN$adZRZW^51 z#i7+^Y13fpHy;L2yT*=5{$&QTDh*vO7do%SO5Wd4 z5)~*JML>eZ%Hn0)g}(n_B7z?l42M@83~54@7!FNG7pPVjen^Zj78h8^2V5b|ns>fB zH6J&Sjpd9r7zS@;Fk+WQnAB|(G|Dl%bf8_tu)F*#@$R(vapVq|dJCE3<`bD_vsx!~ z0^HA#FNb~{5~L=F{O7=*s6bl0VQl2koSiHjS3s>wJ#{$T!2PyeGftPA5`n0Z!rl-m z9i@_CGI30jTwZ#txbnhM$CDGMua`y>O~J3BNM0D(4B}#3V!aP+$EG~b6@#q0pssMo z`my3ABPNvfV9xfJWLwq8W2@7jFN09j+LYc#Wwg;7=n}?Z%{gndW&xNtd-d+JfuDax zDzI}IeezrP!2QdXaHjC&fzuZJW-;}i*8;@qyK!Ri>e6O5e%CT>9z0%wzzoU3RH&E$ zMHCgQjjIBEylHMkaI}PCW*gU_cJ_GkA@?L*HL^fuwW&^C9P_3OjS7kwR- zQDggrg(Q-1Wu<^JZq8H*t6?JmVM|19f>o%2v^^ zF=J`#Fr}%r*ZJBXz{#~;a%<~m)jY<7*;XglJ)&o1UY#r+vONByEEo_0Bnf0B5+6gG zU`~Hw%7ACpfG74~@v`&d`UeqNi0PP=H>fQAPl8MWttvZ+@pTCP%<6M3?oDt@j+MvT z?^wM9b?s0CR5d~6dP#cE)Pw5Hb-J=`_WgBzihzy?buVjBQPXlSpK*tBscvTTdTkKZ ze(^=~MfJt?#nc2JXz4z3=Ae>ss7GQRGTDiQi((#lOU|J` z6z)4bfIqY&dA@K11w%>cbTSvE7!9)|mGdP{ff_!vzkV=&@_eBxTHmrA-nGW}2(a zxaLi~Y>&|Ga@Vo#O<~rHwJ{UVbE2`oKq!VuwuEbAR?oFrqy=ts*o}hJ1_77h*mW@1 z$!xn54}shz_1r_^48t5PqB!TR%dQd7p5UGSzr#VVk2`a=(O4Y_g+@x%naqCa=_r;4 zy4c~L)w6q;zI!?WT1iI|J;;(_)#U!xq1vU|seI5q{yU=C?y$e;*Rk{lq5(ceV)`r>1S|fAqTlj^P8yhw))KnDaq#&IbTQ?O6{cguejkxfD$C8PbDL zq7P2_NTt$AW)saQnwB2`@fyRIxcAw1?_Iw+elx&@2>>A^gfk{pYg?OvClCYv1q&b_ zCd45=8?rV|g2(Kp$E>WwFnc&P=>;Rmavvu7e z)HGsMOP}Lr1t=O&?$B}qzig?-TSi>^T;@a@C|?7$8!%ladkn(|(dX_RrL929}eI1|(z4v1Hfe50+h78EcjE574naJgYNc<$0 zB?_9wDuw5XwiZ~X%oa$Ycns#P3DmlB>johQYtI*Y6BMO^UNg~w4EArqO40obP`~e^`TbH zqgIWstG2I=c@>$b1HSEeH_CXIL_XDW(-j;{eA7o6Cmo&@XX$5lA7ZrAB?BRo^j`CC z;|1D>h;fnTrA$zh2k0wH7-bpn_>XzStQmHYiiwl|T8bV>tW!n6>k}1T872&PUyE~v z<_^d-#c;6~B4wWq;m0UAO3JR2g+S#65fjpfLlTmWiOE1IBt$G17hg)Ht z>xFPG&b{7odzNuJiQKMb?IW3{Js(fI_i11mr0^Ug(H9wx{k8i+x#dA(1$dZ)h*?49 z1L=(n0F)S$KhP%zt?Rdo9Oou^=}3k!wExKhZFjl>=B^c zgVN1;42c*dAn;)_CPZv2%S0_n;XERWZ7)lFC6!Q5$l)fGd)>bwdh&gPw3zv;5C{Pj zUvh6qjPi}D`TI~MbVsT{=|wVFO1X90U_?G(fq{=g zF<|_8G~$)yS0B&iUTUl5X@I;Kh-FO*>y$g3wI{q^uT)YM%BdFiVBVg_Zy5Bu$rN(y zR%@KD(4SMNM0|HPRaEMigwp`O(1D&?)fzxvAtcq6wH42GR^pvoFMNYTj_i^kup=NMWHg>^ zHZr;N+v!dy6^yl+z$EhYG(hEFyi%7lwm(Aap#TLKWzxPr*{9`ixu5yr6$)RN1KY@n z=YeNtw?qn*-cRT2CstCDtki^Zcnuq^KJ3|Rjr;k%C&>@mNJ*#J1PbF+Us)ZzVdOLr0w~4gsxVGL?<;D;1A+-rmdN~@2 zp|^4Uf=$4M1P5$C2kMV8m)%Lf4W(}s1aAj}^ZEh~pcbMesE3j-bBD6Xi07uN28dI) z&CG%>855|MRYpDTSgto&Z5ib21Y$fp6zNKFXW4LdZtCA;WrjV8SRIy;zzc^E44D`o z+LYdLQ=GSi`RB{`NW&v3s6#tRuZyroojaUbD^X~&ZsYWx;(TEH4)d~=HPLFXVEsju zne3Gu;#r98A?>0JLB@7x9JG2}gGq)Zm8+tbIGu|@1G~&+ zY0jZnGRV?|N@PswOnL}n3hL2GP1$Dan7STg?*TSGV!pZT;T;W`C%NxLk6Jo6x07LlfZAVB2U^i-tvv&#lD}vm7Fybp<==l*K!P(2W(X%pfZy0f9||Q z=aFI_n4hBJ^fPHE(mRideagMd0iDnwTaZFF)&!ZRP}E{i*bdl*{lF&(QM^g2=#`m|u!QOER zT9F={9PPaT(@Z+%5#O9C0J$`&SRfh036)x{EKCMj1y)nKtjQRO_g_6*e6HXKkGM6)&)JM%XJb5*a|`A7g?ngX6RVY8Mck+=@4ySV z#56A+dg%q4v>u>}mflrJsJtE^60$scBsGG;Bx5v|J_jodC#F<~W+A;MToYffP>8%< zKHAqmdo|{m3v!F|pb>(A-K^%oTDNRp?ir@uvz;q7tM3Ngnup9Ypvf6?BjIjX^jeK( zOrQ0kPCYySxADi)9x2Aj$O;=s4k02&^M?U9{R#x^TZTVqJQl<2}`G0#Fbp_E0XzK_jxOoL*4WV@F;_4JXZaFb@Br3Az zY23K+pnL*z-{%;VZ(%_zOki`pQVPtVF8I0V}@>ac%HZ&N$g zoC7W9Hk%!8V?J-A+oJ$Bt@+$zDW_{8ET}Cfd-navxDv zOImGm3T3Ej32Q0zk*&J|6B{CY!YpniHOeR2U;|R!f2te zx!UPJig*)S0ULF(;RoU36uX-fGf6~mngP6qsfeenHoJr}+E7)M37UqI)NfJiV1C}t zyIcTn!xu^DCb0~)qvT`jpH5M!$j!qbBLo6P6^sV!6d%>=H0))BRggyxl5d4B{GyJh z4XTn7PPbpYsXeHI=zSx?OP9+D8-{{K&VZ2as0MbDTf~d*B(7=n4kB}u`UGE?iYjnKcS#Z7 zgX6+nSOnJ|MZg~|t&ge-jywt`)_oh1_|ls>gbVTVm-E#&x*(!O2(*%We zoHh=|il2u7^~R;(l1D-c)yK-IpI*N9J58}_^F@bW zeE6+I@w`OOfa9PC(f3nL$uezxS*Duoy)wa3B+A=V(MOFEh%o>Q(VdKODSeW3i+t+s z>jBQN0HODbUq?+?q!MwT7fhAY8!ym;2<{rvs^B~JU(c}B9ieSF|2DDViL5?7Iy6|& z0O+mZz|llPI7W7chswPkW~<23v#^1;Ip`(s4zKsK&#y7>_A3+G+=yDQhF#V5J;mS zBFo`Sw4`z$T`vPd;fRU*>%rE*Kmuw?+6tzf^A)<3<|LI_3Jwyw>vug};6`l*1gCNdpwmI8O;s1xd88ki)MQam z4_HH;LX)y16Kb4MiedO^_yVSX>|_=&U{7P!G@=Uj48-&hdCsD51tm@b?%P2@G3e$f zFfFm7iSs3EXyb_xh(Hnh(-X;Pefa@|B?S-$Iq>AS4a5+SBMOEESU?qfj<};sRWQz))J{>`JI}hZ{p-UGfizG9G5zBPf}2NC6au>g zOP62RGqmI_;u0c0X=$`};yIv7q^q0KlsdT54Yo}Br>O=dUz8Rr9p?WEc0e$jtpY4a zh{7d?C7?-<@YjS#B!pz9gvEA)W$WJU;imnmSoWFgz+7WEi3w1!a;vaNPznVt;8fFg z2EqT%>dDJ`G2=Hpl(AG0+Uiks9gQwQdVB~zhKO6yVjWC#z0DupQwF0wGXdGar%;jB z%{p&^L>*B=+IV%d!(m}3`$TaYZT2Qac(zn62V|JRgku1PoX<%lyR5JOI1Y5 z5*L8Yt6$ppD%%OCW|T8li*8N zWldnqoHP}Hnd?qkI2F6RKyBy{yUK?=*^u%Y;>svY6N;omeJFxFaJ)1@@NuODXojq( z`)id`K}xPMgVlFQMREY=-h24txgm-AYzyKEb?68x$dd%5^ z_O*|jh{HX9OCpo+`|P*r#?VFjMr2*k8zRj>I!mGuFzJVaYUt;~9uDx2W<)@zAsbjQ z0*^wGGR|f%ET?Uk6eKicFcjOi$Q;(3Otn2w|9;8L29IUYqpksMju{jP!~XR(E=9T` z2f}gMu16>u{VynDS=#}(zk7GB^+DR&Ve9DeQQF#j+k<_Txw{{hff=mnT(p5aMEa<_ zFjH!$SVXo7U(pFA8prpD{&XC6%~$I_b+KC?vfb~4CZdJM0S@DW^Mypt9SYJsk@_ew zjG$0V28l>45l^BOs^tcaKs?*2wjojHf%{@@uvACSMar z!#-=wsK!TS{^R8XtLvfTc{W(V1}p_+Sjs=!rw2s(8?wz1Nq0l_Q%unmzFeyu4R}Kl zI>fU(j4E2Ipz^IgY2*DjuQPphp2H6P6T422VnUOz42(LoOaF~Pel2sqC2t)0yG62Z$TB?~ufS=u4~WWE`EOdKphbWb!z`b) z?#}#@0vArbEZ;S0CV4~690U5Mg{@p%ej?`MC1TKz@+k>&Iv3ao>V2G(CCWl_Gwvd= z>BU-y603ifG}d9M6-S6BByq!%T0$D;!GG4_n^5`OlZ8DhAWKWvk+YKb{G3BMJn%M7_k7_mdommPX%5K$zKu8HC_(HF_gioTyDa;B!@e@LmgB^!i zGlnzO1YzSsXo}~8S-70+w0?r64#x)v0Dyi8Mg9DC&UOaZ<^EKOT6wGfqnOH4*1 zJPx-{25@A2t9?jBhU`}WY9^Ga+Ld`BwqVXv)+0NV6%@c4qO+k+TcSM77u|qtbuw!s ze3fz%l|N|dEfV@-uQei!lJ$XE^@scxf!^MaLKN#yaFdV&b>d=|o%7iPH!Aek4=VP& zZ`4VsK$gZXpMmV>4v^j~FDx0}?%T3N!`JL09&ecJmS8T-c5bP95nbKf&D-yG%k_UI(~vLsKVSc2@|M@oSs1>h zzifa_K@cHX=3lV{jE?lPQa4AX$t#?6XYS2MMEmgmcaF*@ezO|{2exu%OpoK@Z%}Q( z;~o$2?Kh*SxP`fe7J{Rp#(PJutSNlrO$C*y9I+-J(+VAFv1C&M2s=EducaLz^MG3& z&SoHCw(+MTE~W38QZsKe&@E@c!Y$wq`0Vv%NjYVvZ=Noq6;-D zUyy0ELAT0xaRGKPE62T1f-K8BlAswVKPC5WRyh7FkQ;9hiU}h$%}n&P zgjvc7bX<#n7wi$1+^MxbiUNY7pxIGh10|oTT-uFgC13#Zg?Zh*DPLikmrUgbC5soX z((9&nCCY+HDz+OmGJrO!-&d69zqC8wUXYz5+q5to5w%I5HDEe6IMeb|AZV#Qhd?Pq z)st%}@1lBXD`RN;G^sZOl*Z7ZA0z*u^-)sSGbJ7X6*np*4AP65A25dXA2Q`&zE}!- zv6f{h6BRYYFd!g}VMvl%ec-s=>vuj7DM9pliT37F!?NUT4pH)_$ zUHgXqt=zMWZ(7R1^m@Ph=Za!af8ihYcFKMmDFKpKA>Vjt4b|eS{N+3h{P+-6rmzAiL;K*?>S)sGVSP_& z8kXq=lM+8v-C@f6;i_*Y52s;db4%;Ro;3hSgjw&9Qk?k8kXfb692)k=qUo> zWVl1irh@F{LWl4aLq;y)4a<>|9!|USAbwNZNUAP_jt)tj;>w6+_7zKpkOu14lnZoO zeg_d|YH}R{B-B*?>Tw7tRLuh<)U@Vc5DCR$sWfs8OPL=?j3{n-0YR()ds%m?!i6&M z$X73(KPdJH$qXX3%JglE`(qKfJpTaw0_l*xyQhSHS;XPrFZKNVLLYWZ-|L*_i(_lU zALw5a@XkgbQ3~KHyBbK~n;l=;J4o31@i2)K5Z@5Wy{e~x~ovsl3D z{x?9?*=kDlhCokt-NUZ@d<$hwrR47@O>~lpyL&TiaVI|u_)x!1FH>+w?Uyq}8kBM%O{W93~+Zw}PH zL8=S1_G^^lnL zz@7CdR1kh<=6##)sJMEF4{8W*LlJ4Cl9HyUFdh9UM7hCm7%ud z(Cthij%+o@NBbAxl3_>6zsU0E#MQ>iy53Edf0o6gSF$`+c`z!(K0iRaA56!gw4vf` z_T+%wZ@`XtPYvjIg+R9R(K=bHM=sq?T`}v720bT$uKoC65A>B^pYlU1h$<4`>hD4K zckgW9RKK8q@4bC}AX%cxm3O^eI`cGoWaKYJklA52^@ z_jf!8Ztpa{L3%}LE>3FOkmtK`!g^z`XFZJrkaen=dcPic`%6LFPBX7_8D_r?&p>@g zz`Va;{&9Qo$PGkiGb~#mkkBewt!n}(DaZ+OjJN2I@4hqd+&2uS=#egzvpryxzM#)x zY=q8J10Gtr0N-1YkJIfPq!FuNhYI10J%v>;^NQyi!@M)>{o$bG`z||H5Lixg0L5$wRxK z(rUH4C?b$%Q0N2-i`{tl2u;rwYD8vp54C{@)8b%RD18F4sWQm#U4?v>?Ab}8p7 zUoPqxUux1=I!vQ)o!`tyAKeiKQf)0kc~~KhIP?BnRjtx-qQO2 zMMq&d6c8uRKl3Vl!cz_kxj()r8C**7NO6)NEi7AY|TbBxqLTa3Y`{ARr_lpbWx` zIJcgb!iz}{mwIHDh-j9oXqL$gi+J14wi=UgArdkq5_0@=q*qK#+7d)uEQj{E9lvSd zSQBIO>Spohz=wt!+Q7|bvjHs!Sl?yM!{yQ_VPWCO%+0jW5U7hjA7kBgi448<2LQMW zbVLdv$2Caok zCLe<%=5%lL;)g)VYGj`-K!y>oAD8oZAel9nf5+p33pr<{IIvJAi;ocoy}uqS&fhV6f;KGO|e6p+^&0bf^Wu?38<4gm;l{fi1Ff7_eFR{F#Y{!hy)H&$*+x#1u*UgK#vL73mW?er2WZRf9F(x@?Sg!M&3u` zhc=5F162Do9x5KX*vD=(j$D4`58J2`4$ie3vzReOye=Hx&Q8f;2Mga;9Ko|pa9J+Q zpd~cXdVSck6h8;~d_NB|&3m?AGeOPYWoKJk7{)JRf7VICVP73iC=G{Jmq4jZ^Ubhy z<|DL<9F0zRQKLaU-wl~5zSKkmR*+!BdTyX@TvJS$0}`?b(^uCIkaWi&m?^yBi`Oqp z9%W6wKmefBmA)UJxy+yK^?%Ki}$TxLQmdg|74cGaOMmEaf^xI}{-!t!5ss}~5 z`Vz~>riP7uRVzg)pC0zYbeKysjY$T@PySe^Oj0N$aw4&ynN;j@vVi0#k0q@Ej_glm z%9AL~eA^(x%#fX9m5TghGyUl&M+G_s;=ApY8^D*+?y*@S!OKuco~rh&z@3gZn?gG+ ztEZO$8*(Y0Y?2B{zh;x}=!Y(Ju;8L$b?^0+V&k+g!DPTgIURTG~5{R>A z7_k_gjEL{EjyUA-?-htB5(?*~RnxR?EX}#K_;?R6Me--fRud&eScWq&DteH0&O@h^ zVpNAg?afKHRYTM<8C&-HoShRrEJ=a7T0$v~aq@`0LP2u9-6;1FX&TceBG~YR5J%}L zqeG9{Y>6nEcbSD73Buex-*$5cC*7^UHk|z2n)|_Iy0M}XNcX|fb~Ww{moml>kOhMd zb#~q7%Nf(3jdBD79^rW!r6!(J*Ru(L_C$Yk-KV&+Frg==OCrT1wE-id%oP+%Z_s&k zatYZ2LkH^*+|xSf7kiv81wp$xOX#KH%&hfBb)5dX_o`FA&_oOr_C;flp2OHwx7HiE zADvAlH;nc5GKq4UgxYX)Fqi zP{oyVL(-4pTyZx%*r{{uYxRs<-xxV9lM4HkXet*}K9jZg7`$VcvryHTC4ZS@Ri!jv zn(M#D6#sAUp#`2RF@T(4e?i8s_(U30;+C)c3zEnrnj_Pz;h0+nkA;aGwshkw=d#4C z@vNH@XQ*A%G0VA0DF&*VTA`pwo$T0UQ!)i@V1V?6CJb>6Hez3G4IOW0Ft^f2#0WX} zCvbSnXvJuihZ%neVt{~{rL9Pg!yVyGuo%Or!@PfJv1^H1>qF@o?^}K><6Rz1LN5U#*D0ai?(o8z7VY|&X>IiLK`J%fWB>j7-JfdnkhFqk@g1Dw3{+MyU|}* z8aa5mC4rR!j;EBpkcVxs6||lm+ZJ&u z!lz5M>4E}l;bGO|WE&sO$Vu0VxLu6XIBG3N*eeT>X3nq%4vbZP-y=Ej6|K3Ov-6`f z_k;y>^ka^L22U+XE&j6a)n&K9OE(TD1q~-A7bMpW3N+-jf6lxsM9em$KRnylm&>(F zpA+D>CtV##fBZPMC_a_#MXJR>?LXSZlr@$LXjGQYzQo&<>x&eTG16R=G~^ZW7v%LU z^$PdnrUh`KyeLX_j3rij@3<-#q#<*h;JDKQ)HG3deT z`sif)6~QVM2=haxG5&Sr4*~f4l9|gCbky+l&5|c5REn+>N4#&J$Bo|H`Uy{TR_v(x zx?PU`(6)>*U)`1`0$8aDUjCYvDH9|rMC?WrLEDe>D%lj+Y92LgCZDpZG;AXpZh||D z(Mowe{qzkIN7`YFBsd#vgDw6sN+lvk75bXgdxg<>%j;*Ty?c5|ZHX?BedP(F+7+Pa zBTByD1+&MgF1es;#ag?{1t!&P;dMMLe|}9(4}6eRa8n%MD|&;)dj4*dJDoU%e_ZGx za^ma_rGCHd3}AJ4zmH(Co7r+6rKk@!UM%G(Yt1hbtLLGY>zm&v;-Rg?lOc6z&SU>9 zn8l6MEybe^Ge$vg6Gawz`lQU7PP1jt>}ZOiwBE*EN^=Nc zln!ISMXsf(hplUPe4Rg+V{~0I8CTsDBW=-|(G9o9;j1m*=8RLijpSVxnD30othPI; zNmS_xuBAr4^&SYPH)W&m8@RH`R0k!Yg8;H1tRbnUU(E36zt3v2z52K^9>%xz;h#crRtGQlnvhP{q zET6#lw*TQ0y~z)1g|gv81V0_F(*+~rg?jQ%6c+tT0B{`!sd;NK2kYNWN<=XYT2=tv z%bI8jxTS&@Z*KZ?VJdj5>1jJ+xs^U%I}f-5LSKp13&@n-n1#MrD(2a_J{1cWqt1YH zn`rsKt4vNAg0Cp%)Kshq`z>GrLp@pDje#wpp%Da(!rt>O`^?q|t_LihluIC|+-Tmn zlPc906CwxL%~RnoYx1<`WzboNIYTwr>AtAjGwCcimx4Z1BpxlNha{0c)92nsk&fW_ z#TfY=#}6wZj_5M|V`i3FEg?Ev=)3?N2&p(@Qa$sLF{V?*XrN;`sasdwKoj9pJ51Ks)?2SIbD`Nhbcj5aYQl+Dw60dNKd6Tc!eIMs3-d zSc$owEfpA*-Ujf{IY-!MZq7A4H?5$^@oPrZ6qN{hOv=K~b#!xHxD)UE)4^LAsZQbD zFruR1f4W_5u>xAI+LpNcq~NN4#xz#}-N&zmJCOKnP5@K7+M>jB5BnzK8@tFHXHra6 z6WH1q9`I!##^h8%5}yRA;kJ79N>u zT>fz=9h4ei_8N`gfb43D6q)EAf*YR1NTd8ub+pr^{sqr9qTVUaFuWe#+zhgG%qs)& zBnrBSf4}ih=QF5sN}&2oB<)ZM<9VVPI5J5*MPk&P$A^K&6K1O>W3}!H zN!D!UJClRbklw+&ZYa6A%^H=CmRBfd21Q5jSfr+_Bb7Oqg)sriX8{sz>LX;LpzRcj zHH0w0U1YV{E^SJrwu|)r0`O$4&5#VNuJElZn0vE`DQqbxuj_uBliehNMeS5BOI-vEizp;r<$?U zoFz5Nt^~A9_-+D1u7rt~$>6SdVn8j2a4Ba=D!K5tT&%59p{2U40(VLzfp0PxHYn0Q zT5C(8FMB~G_l!Do=8S$0`<14kc22zuBy&+vN_rQzdKoi3w@BjiO-KOpW5qUDsUYZK z|3>cPOq3Ou*pL)?^FE!ogtx0$^bvz2O|5of1sGJq*hihG4K(}T0yg-?F|n4iGWAY# zI=DH|orzpJKivxnH0t5Ee;olaN5X**A(*8MG{qB2{xV|BSE*Q^*>S?M!*GIC?Fc$^ zR^uG^36bRwXty~beQr0H-!*ky!cYFNZ~ z2md*5{ROB&jfmL1kJSA^?;;? zrK1!OCw?43QMWUyH&2D36xGpiR$1PLoR~f=vZ+lnf9MIJ z$}eO#iS8JV=puEbb0O+T)QZmKq+Xp4Qy7UH<|$}oU*(+$PX*Blq8)f~)Nt9k5C9=&*l!pY-R007qr_2!g(RCaLwo`G~=*a6DDP0D=X6 z_I}#@EWzi$y+F>wySphs7g@S-fR;v-2w#YnN#-R;gwpw4#h*bj>4t?wU0Ha!4~)tL(7_X^%8oL;XE1C=P`}^p54RM9F#$3{i)_R29sAL|0>+abMyTL+K=`(uj;E2hCy* z_Jv-eLEu*|Ux(mCn~DVlThpvF5F8ZMZ1|K#7Q{i-{@hkbQ^c?-(H4a3ic%SOrXAWg zXcKz(mf(>qoVHVbA52Hl zSvnjG#x0)q@FCb!LA)?dP;o-aPa>KUM4#c$7Py>`#_1G|JtbGP>NV|_+9Q{Lsr#sb z{pP0Q`@bb8v9~Z^2`GX~Q;bieCFILXZJA((0rHPsSxWq|@$1=iwn`;!R!ddzsC;HD zSP*5E)rDce(9IfEMoK8B0C*pB^M|?|nfIHVCsw^UO&KWsyEC=f zZY#k5St~6<)84Y$;-k$&P&%Z0IkmtQDSv$f&_-30^h_#44Eode_v|}S#;#+`hO6K{ z!u5larYzOR!{Y-CH3jrN`c9s*hZLTIe?cMY*j+(O;zu^Z;xA&&Z!}V3NBSOO8=}}l zjKA;^!Rv*N?Ey~g)AlI-^Y0=<;IUU1m`OR4-W~D*=pb5^nYHgLj=NHZBAi()ZPk4| zC70(KzG)dmc3@qnm$qeQ<`lIBQpOcHvL^)T55p3kVPy>o*vyD zkcd4;!~p4*1-7{LYSsM*G>ry=AG>}} zL)#s9xuAL8S@TQvbd{j2i6M~Qdt9lfS7mLq8(&}Vp}JkOfn~V-V+IT_RR}0Sl_7ODMS?x?@E$7n=-RI8#2{8JL@yEx*9Sj z@T8RRdJG|pn1LanQWWu+;5Pow?uLx4uDWbBOM63hPG@841niM2CAqd!D5R=U}6o|U;lb4x2rqBoAy5k#(%>NOI-KHUo{POzv~b0 zVY?@A7t6FDO)8J1<-vWxogD3kTx|a)SRdJ)qI^DqyE$U z+O>_VXpgE)RwgXcTf9O$qV69>CSsNg2+)e! zLz|9?M|hjl4xyuVu-Y}|*^qNgCnq0h4#q%6tx}*gl?r}5FU^%4kQ5|H}R2TNIzO!d`AiXB{%hlDK^Baid<^1f1_xeDRZ}TYU$e z#TDIw)yA#Xxt=Z@qU3@cN|$h_aAEm&UX6Ol60T0DI}mz~V0)fuXDT%OpbJ6-R}Hxx zzukO?`}u)VSXrVoh($WRRID{f3pKjH`$lFZ3_8D<$K|VSrs`&aihO<9wy7h+o$QD| zwh}UOwz9*Wfll{Q^*&AKeBgozp&S@jk>k39t=@C0B13LL*&e~UYL zK4L`bvli0GB>ZxjRDh78fV0V*W6-=Ce+`oA7(UDYe>7%{BM8B{#p`SHs;?1CR1I;! zLTbQf2h5_7{4%N-GecB&8?Td6gsMWG<(=ttS^kQ`Rr44|`^R;yH(R#Fe|ei?mllG{4xq){_24o#o{y4jLA%)VWP=A-x=>oIER@aT z2ol!{;9>8GsFr8lJqK+g%Ke*L!>^O9-$IB&Qz33aa{iTxL zC{M-700ucTfqy+;*1fI&uP_nv-dEIlP^Sv%wx-pNV6j#ink z6jz!g<2%OzqJXjIx!9ot$UE)N1N%=Uvvz~!EDaa0fh6q9t2zrbFYB3s91{lMVV_;4 zgrJ$Uka<06l;+SFi>*uoT($p@C*#pF4CA4!4^*F| z{TXlo?L*LmC!?tZDvWaW_tFNU-(k^zrH9?z^3ObioUZe^^A$3VqEZJZ;C40Fq>rN~ z{+Zt+U$_O#iBXWJ&m%8dH(a6^WFwYd9^$POvJSw*@@`_CVd#WDMvpD&ECy!K?Tu9P}dLOUk10DR%BEi6EAf#n47un!{fc^@KxwW<~G zR(9r3SlJH(;B}pghumv#xz`RJNC3OpyV*=(hS$C#L?!8V#Zp~NW7V$*GCJ-C&Vm1B zNMt^fz{tylS{wJRnkOutF803z>baJM&?E0+35;4rP=^Bp}T=qZ_NMs(?@m3d>8obaI&aa#ySV|3Bx(SuLy zRaK{*25_~OM_wL zY1ZAm)4!?KfGXAx&72GTMH1!*jySiA7hRUHYjLR>k7uyX`lWW+*l+Ixr>zQj;-*v? z2nFx~P@^A(LJ85!bC@I|mx;mhnBAt#Y(E-I;K8x^UdOOVA8@Q`HzLtLAo`~YGMF_8n|AC6PYKGKj- z96;26(V}s5JWwP-ng5`Ny0ZUiap17K#%NQ{xsLd~i=Jw5Fnk69ybq*At}YGZi=Q6A zk$A;!Lrz^n$`c}*u2(+tkzbap=DVEQsr8?Mqz|Zn_CAAC2Rz7MgCN;IhdtOV-pH6iEwk& z9d32M7Y45i{`D`VytN4)vvY@NxzhPeR+c!RS84e%+z?B~s=Pq{eM3e8+(AfnFRqH% z@W#`vWvr`z0WvuUjEe4nIvj?E4u|0rmp_}DiKTZ_LcMw3^1S7O zN(tqi(LLAw#)kOsJ_TeVm0VQvq``zi3OXu*O3c7+`$CPFzsPQg&5bQtIrsZmeHuay z<#`{HPEk63Omz~6{agL*)V^JXpj66BFR%8z>VnPVhI;pUg;HuX{VD4pVQ+VP%nw*R z$H7mEgkvq7X94{2ZUl6$SQPRFx7%-W#N_8Uu;XI!l$svFgS)_sb=Z8@tDZL-1XfRq zV#!S3<3mUJ8jY#LRVpZ4G4(cN_}Na8PE-0|nPNIoO->w-dJRRK3nTjOQ<#lIe_`AzDC$Df9+mq}@96lY(kx7?66Fm!1bk**Sy0%go z*&Lsdos?p~Ywo#6O?F-=k(pEGcXqlgU~|4HkzeGtcX`UTJS_uCh*#8AX|Ih3l$R0l zO9TaLuZ;PZ>w&4l~f>Jl<0%>GbVlJsqI_J=bs!f)UV z>SuTQYfUYV$GfR7T|(I2tsnuj=)xwwk(iBXeq1V__Z0NH9jdkLbUN0~@Wc08ik&6U zq*kLXtES`<$_NJ8IZvzYZ~Qc3it`x6x~PW=kK@Ey0%~QHg&t{yq~J5NGzlsav7Su) zL0C)=k4o1eAd?oKUV`$j8Pi6js;>89b5P0{DbiDlC?KKCNgt zp{bC?t*ySAa;Ti0wUgboNzQ$|n4RuAx;$(~ycF{!?%N92o{yR1FHTIUEsU7;S}c^g zkm>bRtzqi2(U57U#3mC4p8)S5bLomnNiNS$l#=<m_ubZ+5~bH?ekwZV+qYc-Eg z9=fk}O+Hc2!EL_S$R8^6SjPtV2r#`_l7wmgZv)yYlM8BMg7a}kEywC75xRN!GOBrD zYXw(#v3}#!64sX67No7V2=+eQ?0O`sC#yZd?^~22JV{C^OjH9{=2MRVk~E@UQkgDb zyc=m%#l4SIA3zKlo}wwQ%LxaY2LZefkJAYC4hjFQy(79i~&VG ze7u0;%X1trWa{=h5*{zo@tYBcK|!Ax@dKWi;zzcG^WE_BpTp-D!^rbte*cd*%!<&5~0B z`qMwuq_knsf7XS-x7|}6JyPZqZ>u{4EJjR>z-LMZSHu z6&M?MAu6~WVa8rUzV^bJ~`AH$vh49hW ztNxx1<(DD23;g5C3S$4X&`L@xI|oKSsg`nER>bF~pg*kWRD(6(WssSwheaebn3q;K zl|}^=aukn5X&LYEfMkuS1ghVQ@^cQNVzyI`u8Ci!xRc=90`#XtDTZw}Mx6D&;PF@f zr}1qbWW(eKMSZJpMNh0x^(H%I&7msu+=O)aA-tYFSHQ&MM2x%~K7&Z&G8Y$J;s)}` z;>Zff+f?gxeW5_*KU(zZ6Fpy?wbtpz%Uony+(Qavl{Al=(KcS}7f%0THXgcG_PgY~ zX)>3z*MC9*1U0Cz!8tg;b&mjve|t9VqKY%3D$6S;jd#;k(?N|%8tS|vi+>0HCZjs5 zM9#ZLIsLK?lCFexh55zy7bn)wcgFV>@3HzZ`jI}BFt4r~1yLX?Lsrmczv^NW-#*W} zr5gl{(tx+oYtl{6n>miWXpKv}H*&LGXmLPdRwm!b6tBRPc%G5};=K-PG92aryye-I zwSmVNSLd%EMMGz3!u@aJcmX^tZ@B-BRSWtaj8n1Ce9eMrPFWT zWW1vKL7+o)u4$x5KXM@S|D&|Bqx6ErqBY3cHRP-+i^3-^Ldotx(qYu&YH9c6f`3Ub zNG*6v!wo|cl=}>NXbk;5rT#;1YQqp_u0dO7SgG;$lZj+o1N#PEE=-iT0G{ z37BNGV3>a{uRCTfL(JG$VBt-VzJ$?V&kE3H>soxTGy z3P&fGI&{#kF8d=<2r6k?Ew0u9Jn(vER952Qy;Ul)waEOt0R7fJ&bwBB>bA{e0p1On z9dN;PPfN!JdCO1GFFDuNvXONWA5KzAzowUMvWIZyDCcxhwR>n6MmS6^-=?J{{(|I) z#ir622e3u{BOdRH))a@ieGNQ@RJd2$)cNqnBB69|<5gyCVA|22)m1{lNl6d|J@L{N zU6QRDH2x-3Auuuj`k6M`)p>tJtY*##9s<|hW4(XPS{?HFb9xr={t9|pl||tl7pdIf z5PwPtJ$K}Z5<@v%N-8W;rI=ok9+u`jew^=8K0vfc1YY~)X5EtTG7Rwg5#8P+7Cg8~ z9IqEUU7P$uRwEaSA>?L9Q8pea>yXVJotpPlClTjjTsH|YX z_B!lE$937waQCRk6wr_uEc7``h1wdCys@lk>azn=vg147_>w1){mv;5m^mPP%|zaD zqcE{iR^wcH=UsJLJC zh{U#wD@BmG?l&BKZ#w!?ixJNQKVqy&3{vyC>rG%Ym}uouB%lFMQ) zmBrf0=%|R<_kUjvI}{I?!)s$&2jX9R-G5ybM*0>6@Mk(4^eC1w&0}fM8 zCrQzseitynk<^|%y86C0qYPm$LdivSNIb7p$0QGX1FFJ3&LMkA%HB|3iUx?>(kbFjD?aFkzrmf_Ay$g%- zv8Lcz_mFWJQ(@*NpG{?BIefRZM|z>pKUhY4&;umYV(}!2x(g^{uQynz$-0bG3ou`|YtBrj&sQu1^VHPdze%rOL6^B|L;l}Qmcl*PyX(r_ z*e7GyKBnV>lYOV=_$DdX^KiG{fP0Z<;AxioPJ5Mcn@;u(eTU`gg@W-&){lnlC4H?e zz*7>f<2Ra&NtmM7Q8tZV7s9^S(tG$mM^eMYFJ7;IhP!kG=hJ--WWk<=X1Dy8TRLl-0{-be8R^DXYT$BZXsa_*SYOV+ z#{Gj7){mNhw{AMK37NomMC89SG3zi6_Jf4$N;|#8pZnGXV)K2q1iVkgVS-Xne#pLK zzGK#E*8Kc-)K3}=d4`Q{vBn%Vv$PRmt-E)d^R<76Cqk2;ne;UNu=W5|Cuj}$)`b#q zhe2|MhLjQgu!0WF!z#1jg1{u$twK8NhrcL<;%FY_5Twh-#Pm%AD5Ot7e91sFuL~y{!8cl=40u_Ym(2dfyDk-}U)xPm0j#>bYNPoNGx}Ou&F@&)6zY zv>V?u=mNI)5-|id+2*V4-D;lV?epB4DMF7mpwfa$V($9iC`|@I3crXbfz& zVm*7@`4~puFGZ^gD0ZH$3(O(*YQjj}l0?&JE%RIQ;0#fFc7qmct+cU_46AA%{o$JX zmvw#KHelEtQ61AX5q&}E@UHrwN8D&+9JSL$V_xUZtf(uhKKNy54eBRz7#j-m%ZJ@V*SHzw z%mPB!N0OeQcael>bP7u^pG)k&-Hg z^>;5`eY1bqcK7-g@s<1(!FX~?BY-ae@wlwG5{>pJBqL5MTPoMNqkXM~jGd{82`A10 zYs=Gow|J-x8-Y}Yj(~N>t(Xg+zLe)_7F87n8$H`&then}zCW7$a8l~7+Y0$U)msd) zkz^p)L&>5Ly-7U~wS$g)W$T>x6>ONmmW95X531av92M7NQS=lNOUPw~2e-!Of?H$P za;#WL8l+@9->nDi@pzi=MEz(YRovS2TS6l%5643#gZWnj<8Qvz7prm1)UbKEXsJ#-7pUBv=CfAq*4)R=Dm$p-|<@UYi2?NVU$tE-ABX6>BlY zT)?E)-g;k>Y1if5SDjEh=%SFe1FoI$C1P1u0BYp-!VLp0ffi5y%g6*#&V1j{8s~lx z1@<@}K(PWs^)xgns#78xp)X{FGT5))3MqOx;DkriPrd?Qf6^Sq2{B*4V;j=G-vW*f zYtF9X5$!3wmaVg$G7E5w@8g&tg9uD=^9OME`MD)(8J0Gvc3qZD( zod?D^^Sg{yE1#Kw$-l2Zoa%|PQE@MfEei7T`3#e@>?H*^6j2lW?`}%T;?=<ym_Y6m8oqPZ(Fe55rqXs@ z+HutmcY$ce+vC0r?F(ZIGA2ui=QM0Cb{<4=vOff@^Bjl*Q>2sckDXks{iI(H6!d?Z zHIP*TZYK?rCekFJRFqI&5L>#Lnz#7Y?&d9A zZeQ1I9qdtYkhRkvO8{-jHQRIZi-prGC@u-L4)!s-6}pv#+6aGNo)7zwZo4`c1#qse zLT=yLUB7<~{f(&{sC*du5coeEePLqGrQkVSCTL=^TF#P=%xg+M%3hkp1+(C=aN(|30WE z=Ycp1u;p%h;vKx$MIu8noq!RsklRaCunWZrn>zJ3jq7OU;c$o+dU0@fTk|hQ_N5RvO>G2mc)RgP@ zsb?ecJ_JtdCveMPspLE&H&FPd>-7VHIha;Em`Oe1ZXT@Yi+Laj+ybINTqyaC`;;43 z4%AU!mc%rvR(+jxGSxf$UwS{+hg>G8c6bd1i0Ash?peljt#6CGM1FWK?g5JIwn)(D zN>Sqzklc*kk`{=DGZ5;)ctD?iQSAhlTP?AQchkRJ*rEQ;Z}o1K;tX***A;R`jdI~O+tbrN7L#=WwkkJ9p|ObDklhpVR>0MB)km$e7?lD%?6S?s>OXB%J;!AZe6SsmK`;-n1C)xJ#OUhlKg`vSo-$xeU zQ^Vh6p{rVHct+~wU86UzqZYVxzWpFR__Qg-2K>Nm99rpN(@hC-oRh<w5;V)uN*K z{>F}2dAj!t#Ql+#lS>-fSqz^lGxX?8w9xN^)wDGi!oQ;E!(-C#(T4rb>3-hz0?8JJ zh$EN`*!Mt|oVQ!mj7~f5`NEk~e8JWoTJh6_2`2LK;e!Pxw^8@=OoyCD6uZaw78pE6 zJTEfsaUSZ5Y!?4S9-y*QAwV{2zwyzE%M?u6h&erCZjY4c%hWhXN!26RdW9R#w+_XiH5NjyrMNoSE63ofqHN(;T~>| zs|h6l4+7BiHL7uEgrs_=Rq>GK_1kLzo?Sn_og1;YI$DS34z8fDpReEEuAXRHlvSS# z(b8r2o|n<|htbM&v&lO1xnRpO@>f5T75&*qm?{ci~ zd95RzbCehWw!1YQj;?V-&qiX>*Gb|IiI1BOMR$ojbw!JQ0B@wP?sunAgGG&aOt4#Y zs&8X!*!r=K`?j>n5MWMIfUbkej#KY9*I3)GBdlk$mN8Tu(t z`zu-cxJUs$PJvG}hDN1WVk%)95IJ!$P65@wjRH!O>lHVWiX=l6G zvr80n!Y>P~`cY<=DCI_6=H7$kE2DESa*M%OFA9_}`RBPM5D0Fi{{U;NfPdZRYScb} z5*9ZtP<@id8NN&nuWWM^wB?7TOl+7{Djutmutch`6_&R27E_RO9RUd{a;R2uWhPFd z{s8hgBzJjRoOwL04_=?kx=c!(Io8#v)EEd&d}Kg-r3a#pB|-EKv-2KmptC?6w>_zkbW8F9a56efP+l@l+-Dz2o?NOW%(MNv6S^N_vZMtFN8q_^q zGS0iJ$TqXpV9Fr&(uY$5)l~cZvIXq-J7;_3K(_y8uwcWN&SIzE!b#L}8qR*t?bNBe zPQB-k#@VT4L$dRMz(oVS$nk`o7&+L@)tJ7;cn95*?wIacBhS>klgs24Xsh^G-0G%c zb6;!<#I7&u{5fVOeM0tmP;r;$*(I6IUWo-8-vHNlbs)v+>j7%6a&!%*CWMRcF@E&{T7&lGdARnNk+B`jI`i zi|)m|*6Gx#+Pe=tS6=Z!;k22Jd%j#_^9i=(90PA#sDj-ePes)cys~dk&dX`>aJm#c>8autt z3*Lq2@!Sm79@X@}=rK>|Ya&Y+N4B0VG=;b}Z=*q~*i?+aUh8Gs-xnQQv7CFntu zHH2NAdnuX{jj2z;AKW+3(h%=bTY!V`n2s)ptHehg^%@7ESb;Z5;n&UT1;=(Lg-pBPjtz_EGTg*;JG5>0 zNZ0AI-!5*R9o48es%PZIS*<`VcKt-HNJx7pu;1f8>2UtaMcS}>u;ZE6Hr{^B_U#a` z;1D-}ymC4<1D@REo;t^j$DtWj3W27@m9sV>AvbZND9J@BWv4wzCtIJ=RZCp|K*N+Le-4lV* zI(P=M7ti~QwyUo~oFHSdw?_#D#!K8Svn6U{Q3*n32U@G-f#f7;5Nx~bFcU11zG*3B z<@jRs8MM!5S*x1L_zCiHyb$6UZTs&N#uccaeg$(!S-tv6w0)a>iyUx#cLbkyj?x+6 z4kyZ&FtXjH&&N)eDu|MwPo4d^Gg9xVz151BRO>@#REGaaA zm*9x+{r{6fWtGvWEMyc1@I;9rrIkT6`^`YiW4rE7sGY3+u(QtxGKd4u>5N9G=>?6q zi)4?Ck+Gvk7?;IC3e|gIc@>@T;7v0U_0N7%&WpE;^Ns=#?T=I%-QjDVWJ+C~pG5%- zav@Q$L$a5d==9^~pdpZ*zRzDq#=m{H0JJ*NUt)!cSH|3FwO7 zD;n%fIw#s3ZR209eiJAZs?l#4JgceBy*7i)9Oxa-$bQ54Lc9ROO_My29-%qJzPpA2 z=pyN^Vun`rZ6%v#K1o&_$Q^jy0;%tRo96>o`PnI;TSYG3yWfo9f?U`w&Yuc)w-h0L zOnUc1KmT|@12($VKYotp|HW1kd;2xLbodD-_PL$JTGxh&OjKubn@YgV;jWvQn1QMX>d<`y za?TzPi6yUlqHQj)VVozN{j!jrV`uj1DfddhL3VexKDp`l!2~BT4D6&@F1W7qA(vlWvcI#oedGQb6k^o*6lmL38L4QLC`80Ia}6`>No$z+*z<_9u!(7TeNkSHCq0;#7C-1o5MjlkFqsFqizq^ zddu}#4ueGEFtA_a_Dz^_jO}jA$k$WRRNZMkO&O}q9c@_!W6##C#q*uO%dBr}ZcWVW zZb?&V?QTg=Y;8%Ue|vEH{DLbWixR3NPnbrX>|cC>j%yGi0xMZFseO5s*@}nUm z|H!sqHWZQLME%c!m2fzKhb`Hlm}cv-Sq>#0)YvMiDm9w4N|R2l8Ij4g%y4n>NN{D< zbTPCo)EuTv33#4maz87WI`ye$oT06;CP^ZOhl^{Dn+vw2?dRTBBGl&N)>gPm1D-3% zzd{}>Zi_ZxEn?F2$h1bkF*E0g#ufwWd`D zo0kZ=+g$ToOsaq(` zHwl3}BQtXE0EHmj6Y{bIQgZ}YH48-!+CCD5dqZ5X;4IMM{G$bbF;p&$S3T@(1;_dV z!X8ZIBkzJX$<5O;)9C4ys}(K%72l|s?KUvwL&kf~UwC+0GMO^4zn@&An|%QCc%IxC zC#90=k7a{*hWXDJ@wu0anZtI&*=@#Fc+ETz5qCi|80IQklBQ zMr?VmBd`~V*<{-m(Xk(KrKkO zbGALy8^T>2TH_hO=BHP<2C`Ce7&;C6RRkTxu0*-ueK9_;m!*D)^%Oj9&R#YT*-ea zFP8XPVyZY~@p!}fQ8vm@^4k;Yya*4@v?C_Rxtk&4-LnMgrt8#|aeq(K3&F`plaHVW zEMh-N%A!A?W))_h6&Y?b+HqQtwZksTc#)CZ=C$6YN08!*3q+^4>Pw_aseT>p#tUib z32pw}4hPUQQ=pq>p*4hQsv9 zIaVM?oU}9GDJ*7ifUt7xuGc=Qc?1duP2N1cYQUoL&#&nNx}sXDO2pum(wJhQDuxX! zKL1G4_u8zlely^^u~GDKY#tukT0SD8v80UwnW0`h_%>fAoe5|9gM& z{^kAu(~~Uv>2F_6o&YniNH5y3UxkDT6B^`lrBKW3CUN@ zm)n*#df{+5z+J_A#kB8aNtf#hik~e@ek!`NrYXO$x)GAsSzh0on^)gnx+a2KaQb$V|g(~E_@}lwyHfV)HGF*QrcbzEs*~H>h!pL zNEaR%Zi>ZZBJ5TBYc&SmYkG|}MJMi)ttd-rmTdMI4B48~6jIs}hta3$ReOS$?+rXQ z@>rv!M{f{_&!E;4xNHK2%igldr;tdiTOSu6vcD-lr=bZbk-WS4{)DRDO&o}nWA2u9 z&<<3?P|7Jb$q zaIvx5%XqCqRbE=BLQH^OL^YHs*5=Ub(1{~*NdY1qVBRB)(1*PcgPQ|#5~SkRV7v@zM?!Q>vA$y>O_ny znay6OR=SonPe5Xwk4F#G(N(Qn5Y$Pd5^1RkzgWrLRP6p{5Y51MZEMrT#S&4tB}kK1 zt0)naj0nLwto!L05hS)lq#%VvP_vR!DXUszGi83v4*AFcn+joaXaY#x0^x>?&A;qD zrtE|3u>FyFiai>^DEp2aY$Qj4v-6FobHX)o&jy|apBpuTV(iD<+@7J+4@#4xp&;So zlPvd#!$bMP*5AV^=X`QxU?de>yA>pb{eAE&`s@0@I^*C~-PJgoI_C}SSdJUOEuTBk zFWyn$c79;K{QLnu{(s&GlTss|T|^%`(HbEOFoZeyg7N($+=oSZVhvAH>*gWY!MM{dzZ!)seE;D<0*2?K; zr3Dp9V3vnhmX&jh8qT)GemTwHRL?VM^4D>JaY<56;oVP1I)V>_aQF^Hkdl(pX*nM4^F8Im(I&JU=kgYKZGT?S#J)_Zq(yd@?3SJ9Z1n#2lgYdlO=t&)4IMfSq4&Ov z!l0fj>s%*OmSXl%Pe-Tmjs$qqX0TBKPO4#KB4*23NCQm&xz9u(7hHa~>bQiLQ+{%w zeUNW{cSq&agk3?NS+cN!8u*k8ZXFvKL(tzB=rH~W)u7a7K7+o13PQ&QoGdr$ z=*@ha)%>{&GD!hQ-gSUea|3DA&qMgW+h5%0YnCc;$U2wp)0TCS98pWS9<|V@`L6FD z+zgf~k|)1@9Y*%u89W3kdJnjN=n>nma99EPu_s9G%#&QYXJrB$CJTMaoCE~uOaL_8 z8BaRmF2WD;mI@5Cb^^8sFMGBJzMTIqC5tkpU|r#Pw0^NhGLN4xRz*^6|znKt8*vzL+B zLV-~6tDb`u0N%SC=QS-}PTK?S2Aj1{#G&alg*t{YfI7d2Tz4rcp9-juil|tYJSs6T z`49MdGXbx55j4xhi%}T(=^@2ut^XOXeIoEL3ju=E`+PVx98!` z-JFjdK%6^20pb3J#6RqOse9YTMlRQlQp+`P@OHGPrenrbt2Y z{F7Ze#y3nK6wQf_Q$)wBM8|2O;zqfcU$tWJ|Mh z`seQ81q9l8H$lPoO-xCN83Wg+n*z`m1VSIY1kpa`PCz#4Il;7*S93Gdvkl`*wlx0u z&-M{eSxbIg5~8}4cd&3U>?9#ZD51PT3FVziD4*uITHH)=7^33%n$MIXpXJtqG@jdQ;&bIY?Mx|h|%<~_BA(G?Mof;Aq;baR_uJQLf z;E+V?#|os@gHw7~Zl*a8p6^NLSB6&Kp!5CHB{+tTjK@dD0Qdfco|e#iey03!TVNSM z5`mP)XaGa2Fj~&Lg*J&4k%X==m@Fte4ygz3D-I_ee23V{raY~NBZ9V!dUhhc=$5O9 z2_hL9^YCIwiUWTf~mb0Ji{UcIUJ5DDKLz%Mz{# z;uteyX0KSL#PVZiHN!TJ314O{-|NA;Ee-E|2%K3OeSoEkG~sA_sQPa%*;tWpGTDeb zRg63n*rr4`-4c%N++VI|cI%HfQps<^Qd|OTGts)MW)T0{hdG{viV$a<@>b@|1bbDS zyo5M-U&YB6nB&6iYvAYg%txA~SC+&JVI50yJyM9ZybaO-OH4|Tx zQ1aXa$Zu?kya?FXf_Z62z1UP!a4k;?mGuK22`<+rx)4-VgSa0Rw0iC^!x)q9o8CYm zQ-56n6BPYw6jA%HA&BYQ2b~QNdp;en8$6s}U~Al%vsWGOpQQ6HVlH03GwZfF_-j#w!&~=r_Gw$Q66qZyr*gnwH^gV z0F@`oG!^TBx_64y7;*GHJ70}WDl%p};?wO>2ow0pPsbW)Ed}8L#eqKtul%{h5Auh{ z<@HGzXBT^v82F-0mihnOkfOkPl4=D4oxpXGG=?bP3c?5;c!6Q^z4c`!*{9wVy2RO(VAU;9x9yzPm7VH#of3*Ox#y zk9KzMt{pr4CghICfPM;^v5*@CbqJgtaBPyJbc z>M!u(R}H{%pz7eM*eSqV*4){wT)%9pcLWN2`(A6yy0cew#2@Xp{_0UAbJfqwJBVth zLpS4|cPTJ^_75|INyC&gj+ZU1!)O`s>^rY(?mBJfD*bgYnm&tPu7h z9xk0lS8ro%PQaknFpOvOzP~t<#l_8rO@iC9Y$q0+7h+4R9X@_$ zk7|NZBq7IUa$bi7n*{hpQDe?>bI@;xQ1pp5v{S-Z+Qjt4z+%FD<`7C$TqK+TPb?*( zU62W)&!>&7h{5A zeYu`&2|9a~!|bT9QlZ$OIv*Qx8r`Zv?ALUQ!Lu4CL6tpOe(+GU;^n<+%w*-Sgi5hS zjgObVr;6!BZ2-IYuS1vo--0POxVk_o8r%(^y}{K59LQX~ps)#K{*Mxymaz}}@TwMm z8^`reC8h2!HsC)Ciyso@5vyN~&yAY{aoQ?6>TmTIc4y=N#^d2lCzx&WV_5*aGJ`Q& zi8!4f2lJUV6f3hYyF_C}4rQlI0I%y^L;%ifg=B#8Q7LvV1G=ufdDqI1APpGZR=F;#jkD%@L!zm zG4xIxC`%T8Y+C#D)+y7ipg#HgSbc8pUClXKZpTGx0pj6chWqIt*to}QaPJnkAHY$P|n)FW^E`CSr@0QA)>|+wSKkjhkaQY0hXC4E*%WIg608jVK=mB_azZ?+& zw{-WsjjunBBluIV8Mft|ZUxkSHbWoZDoNp-X}`j{w6HaK)seV;>oDhJ{SDaAugDu? zyyYx86~DnqTYaW?Qx3o*r(Wa3`&>w9e8{b4D}FNlwTQkK8L0=RG)#=vyQmdW<4@)E zNUS5_j+7MApYCT;347DzQ0ONzYGKb`nSMHAB;ap)gij*k5L$CZL!X3pl=1uEzql>i zls(-!b#fZDP}Jw5=87t;wf=3cmzIe2%OFS%gBP~~c5{W9&6ARNoqdaYB7m^~JB!>^ z+GV=bgN@04#?Q})!aqo@N%SIQ{ORzX2R;O-j>BXI;4E89D6~_?`>+tCyV0dV09jfD zMN9g(VjXN)b9GEQT#omvS;I;5QZr7)gX_w#|7x=Ky^UI_xVKfZSGV_VlUjfK&C-2y zC(*m-IT=k&L;s(+Zh}1D)3sxp*>Gxv*?A8|8ab|zuBDK0Olu!OY%T?B&8|&3*W&~P zJ_>`#C@r|;;&IcZ72DTSoTJl%ww2+t8|F2=H^ri<*4k4o-5KZ7dqjn4Y@6@6-o^ps z-`te};9)#JiySKYXM5vB5&W=>}WVE=Se+1RIuF<2u5)YH*bm`0C z=Spjl&Y4&u5wXeOrez$o#PO6P$bqL(u2|G8wbc`p6q0FHOn(_2ON1w?v?j~Z^aUsN z3RQ!VnLVowWn&itSWv51c;?beZ1(i)9>kH2X7L4oNO&M=4R-f?TH>9T<=xQDO)t;; zD|~fdoudL2tWopR~ocp>E=G|RP7 zC=ZnzH2`~<;K2YC-_LMcbL%RMxHYe?&+%)dHuhQk2J?P}A|GJ{N#?;bo|rtL?KC~XO6T@s6xVx327}SWmFlt5A>7_Jz zjJPIM%x2HM-aSv-^7>vl+OvA|_?2Qx=gyhX0lUo*PqhjiSG5jjvH{Avz8Lg-e$JO>9kZdV?pNY3o#~p0gI^%KG4zYh|Jw@#k!NS65n2)B4ZjkvmbfNZb0FLi+i{7%# zX?|HDmHJ`Mub{aXI7t-|e|7Awv7*mS%N5dr3PZ_54X=Avg^nLU!+mK5bpDkmY1Prw zv6QZ8gZYA zp&v=0Z3~XKV7T?kLsJT{#;44vZ95|w2bc29$@Z15ALU>fC$9}6+&|0hbZIO6Wc^zg z+IIG$(Dn=oAh~bxVNbk-#L!!`Vh8C5MVfoHfP=iHJ5* zz9fbKZ1PPIc(U9Ake!iB-8kl95 z${E@hvl3>9ICF!lH#12Y&6tQu;U%q$Ow=Kxh^z#Xd6f`ZHDWo0`?Pr6#jqN%%R0Iu z)NKAjh~1rb1M&x51Co1$C-?Y2QYL(%U%poXRg_a`pn;(7!{XlD=Qs}%plet-WHJ|N zMu!n{7LbC;$TH*}PASXM|4|OA*3;!-foK(>M^99#IKjY5udiRmESKSl;oZ9~UL@wmYjyQk)y!As-B9z5ois>m!H}?Hl zZo~R(Q`Br8lrXSE2m4+o%o?OqEWjJyDi}nv7Zsp@=t0@ksUR?9Qwq{SV9(;SHXg0o zIh`{S)#-{VA|2_8LiMAUzrKQ(oi)m9G7!BZxpUhK6LR}ZP1-2Pr-AXJor3@mzvdxp zpN-PtG&(IPYqH6?4@aiMbvMk&J>FIM5)}Ie0_tG}qIy4vdV=NSvP3M69b8l?^S%|k z`wEYo$c?e8w=j-oFj(z}F^sIcaX0#9@J71mP-ZBbMGL^k0_roMk&S!ShI<2U(bP%T znt2j;3d3ECAwImNKn?W=j%= znE+o1R^)YVqMAi8RbM6W8k6; zv52+C;vZO4gf~LUa`EYF3dYub$&S%o69fc{z>jc2@P?n%6A1Qm%(-Mcfr5>jfz~_j zhNch61{+;(1QDWB+DvKH8(@Wc1}m2y8YGVP-UhR3DPnX)uC+d*h}e_>!?J>7MCZAc z*dvBU8Pz&oK1TYm(+|Owx9XDJ8H3;VKo(0Q$1^o}RwJWB(g`*ds=(&*^2XoDo ztjkiaU}9{AOlCf$3z`^x-og;|LvH778ZILnnB>#fZl{g9SsN3IT%hr6&c_i^{;^a^ z@KD4BBjC(Ny3_J0=0~A;WS$LAR1px|rHoeR9V67kF-4aykB}W>gxp3h#$|`ZCvO!Z zVp8V)MEw}DcGy=#MqqqegOtU)oTEgf@tl2@#inn6ao3>QAhCkii0Tk|FaELf1I(FhT=cqfR5 zb@Q~syq-@Oh9x0`L*j@g6rxT(V{MJ==3A;2Q$J;+CYk4YTiZdSTpM{w!jhI64j64E zows{o*}}RaWofv+6Z~?Zb(NENU~_!uC(HtI`CyIcImTF?{8_hBq0r?yBJoaUHkBc- ztOdKISuX*BEJqW>vjRDCN?ArX=~b@2y^G`S645lzToSdiIUI7WySg~%2zHb+nQzqIoYwf6>O0L9Q0 zEGEUIrEJ^nGG#JrhFi zhWghP0h*brsusCXNmB9641%DXVjR6e&(3T;`jXQ2x#T5;Yk*5yPE2=@6Vgz!bWy_M z?yCMEZ^FaP)$NAch7+frfTu)bFM0&@7vg^qi1QbHop+NU=T@_g;Vy5N-ZwY8YZ%(U zjYFtvMeBEOy)eu4Y!kxn98sz&tokZVf@yem;RVzo1ls!V(sHpM%dAhkt*c%0!b@#z zfaCicYM-y{;;^Qtr>qw5$If0I)zUdQ$3BV?4}RTh*VS* zU-0F^tBV+=U^q~7KYD*E6@1p7=-J2`Izg)PmyC6svS|6(-adwv8~bJ*wqN0 z2z$&C{O~xrl+Twv7s?B}J3BJaP?D^864_baVVQ3N|E0!m7N%^@TX}&m;G2JijNcsH zSm9^igm~m=)OEB|GhoVzV#N9tK6(XDBp-laOt}>-%H)Zd;^WpDMQdTyS(PnS8f+#S zU{WokIqEGUPhPNh+Y{e+VGqA8ng>*JL~l1hp#|Ewq~hq&AF;}TQZ(kZ9`UR|RjaIm zl+>L?mq>j{^7Gl_^ObPxAsUZM7|{t?4YSI%?{nQ55I!B1Fk$_^mK98z_{}B{AU+-xtjNjLzf~(fbM1$M))>>aqIewtHw&Q%Hnu@VOZI?^W%n3d3 z+G8D@w;J1tW@ymmIdMMowqnS7wDIXNT*?fTbNIL`3BFlrORAc0msV0XicQ9Bshe?Q zTOAc$^=k`Ol2Ycppe|=7&%TOk0;}=CevXy>3T{E=MloecQfOQR2vMjHCWKsx09WmotZGIToB#Y$+I2xH zP&U}gA!8n9SeGtX4i`fq8@Rzkq{!%sK7vZ{ha>@(NZX(36>!XB3ag)Rn`S=;d*Gg? zfyj1fmEX=cwkPSI&Z1uA>kN+IdAZ{dPh*X5GzQ4GpVNlS^Jcq zYRUf%y7YW**##kcI^yiz-9sn|OU#@wxtP_g?hKwnt86_!wZ}%=un-p_KDf~-W-p!I zTy5>_=TIIvQa9*dXpW$p5Y_tcmFOVjiiTAtoYRcGIv~~<(~J`(`;oZ~p2=j}IjZ)2 z#aTXJ3s(GX)^xj(17&V**=tC)xWtGp6CDWO7k2|)0p6@w2F!qRak3{YZIF!xt9jrV z4owWAld-!i+&BH%MLB!8iQzTGIFrNCgL%sosl9adSeX!*g551dg2Wt{HYW9z2?Zws zDWE5fd~Td_Xil;#phkcA0r?!ZBb#%Y6?Wy;jK^L@EP23B$vC9jvc zE*l_}(z({K@jPXQO}&9!oq+3xHOis@4FFA@FDrsC*-~-7N?KrrnLQvOEDl>6XbKc^ zL@S-KTc~!}{;RLv=8(8H);t0RIp~<-F3|6d9lN_bZvb!I^K_Wn0I1PkW1B0KDksy1 zRMXvov0Jo*r@h*&!eZhDhCv``z1(L@YP1)&c^h^2eaMBG1R?O`ludD?H}hq~Uf+}N z1}zzfEZqJ9!$nu6hjABX?sfk!Y&NWIHV)-EEG*K-99{#&%SC<6^xs9LiAjK-3g;ymd5`{}Dx? z6w~v-@w}X8m5GO8X-yvsDvk576@VI_?q3h_C?5aUV<1>o-m!YjC_>XN3f&g1aN`r_ zcDf86wWv2#(8?8HkeXOBK%sV$N}fe9=Li*|QC65krGlAz(G!Xy1A3|93I}x&J&G!z ziM!l22ppz%Z6CSE1=mgB@if_*@m`BU{h(GMSAq3_Mo5(enxPx+~WR!m7X0O0)W;U>tt!QY{F?fI0G_5`>f-uVp zl)J;m;!fD1T&2vQ8dqKzxy-{ZWGaNJt0%^{^WQEpq>^>RrKlY7xASen;_ zRNO~tA3};|9#Lky^rz9v1g!9sqCwEn6X{_R??-e^j`w%N|5k=-g0X>*jm-N9g1dk4 z))odZrQ{WK45AD(HQYJt183?QJghpEaflAp;(ZV7?jF1yLU?$ zD3DPtT&-DF4->PzT{16V<^IiupgV2TM=R!?3vl0?L`=*o&S#4(m@&0g?*{Fy@X0iI zXB`MFD(ewCDkUs71VJC7uHaLML=(4)Rj;70$MnemiYZ^hOo7Li39+0eVZ)53tOXCX z1tCmxDcH^Y1baJ#fS^I{+*Bs~Pl^0Sc|FV$B)0>TL*n2w8?#%Ouk}uosvE*|Z+@uw zc~uYF}m&aV79z@qAEd++QPyL`VewIJLR@-PYZ6Jy}jl7@IPDR z;l}IR`NiVpmK?^@y13t5hT>MZUA8K0f-A;1zXoP<)&N|_d-Hg@xjqMu`Vz`DSqauf z^cg`;=mr^g*rdlL@*cc`pK-1x5Y&XX*iOOj>Z+@t%_mh0%PhgHaDopfdRi<^Cl4|6 zikQ@jkqb8&HqgRKG*Q>ngV>f*dqpXdGb&Z%Gdh%!V8(ziIz$cy+*W9eVsz_-wrVw1 zGOgH)V2l^@AXJhmxrbFfXfbGa(@FOo=3J=>+f?up>_Q}dK#d^dNiIn_NZHrI)lylj zzK4yw$Bp~>ZBLc^Dn!I`lw(tfVa~;1(8A%_+bt)i8TgF(VWB=>%o^`4joa-COZ3V| z^vqj*nF+TJ!QTip8(vRnrntQ zqV{z5E?z@+{f`&Qc|UiB*(vO`aK3cfL241yq0MG@d-g1SAfB*WrFS&~4L>x0Am6O@ zkpDLEA{p05?k<0w?(^;}$+V+1Tn$qC><;5&x4#nlOoQG3rqWg;mjKfYB3?&mGucIe zi&a61xQ+vsYzNBpxW@>STZL@*)F9S{Z`Fk?^->j0Z|IT5a@HNn#r$xGHj>Mr*JB^m z%}lHj!wW!FtASyKda-P)K!U_Tb~mnO3#=<_rvfTk-?HLqb|;rER}LRgazHgpck!5M z)|Z&$Cm3?$LRGz5#ShL35k}v%m{&iAb)2etXe~O-m1Q#Ma#6z zedR2xn6bplYU-He-!Y z#oJu#*g)gLgxM7V#qB>})@^mdJyC{?wkpXKJ84keMDsA^R8TZ-19@izfvz@pE=ISJ zu=134=nC~+?xUg(Xk2-O+X7=NAlq3{JSvViz2sD3vd4Z zFu{$Am`;~{R{X!2OzV_1j*JG8CU-P~Vq+S|)DSlq9AU2 z;o&KKa`eek_}t`ktj`Vp{7r7;RQq%*w@M{dJF0YbW$+jO2v6V%oZ+mViZiA#Gk5~G za0{Qo&!kpoDH1qY71NSgcpZK7G&G-y!SdTXRwHww|zyfPns{^dPNvIv4P|KQo)0#U4ttKK49?;5I<5DUkZo-j!0rx1EJ@=0; z>tH`m-xSV;d0D}6f9LB%@*6r!Q9x<5(LJ#=rqA%1(YN&I=XU;iJOiAzsa$`CI1c#Y z_vP=5s&4cxX?LXup#BiH@N+oB&(&YR!_jl?f5>fud6KeOZq(UJcFdAsxl|6r2hq-D zFT3T^C#Ph@w53AwK2tvG5gyXK$veIhy2WYS!Ii3a6)#qL=ws1bAyur>JS^!S+7ZuSzNb#7$VESY&WbmFvg~Ea=cl+?)(Qk~uZ6uSUH{6BG8JiZsiP(Jc`tdcfOC z4ID64k)dJ>FQ>eMg;$)QanyNGac!zh#ftP43H`Ysn0&ew(wO`CbQsoS!hTQ+sj@lv z?7VT$B;fG53{xCN+)aVEr&)nt({KOC37(R9Zi>1P@G-9KlZEZVt-g#7{@Q8%C*;|- z1)?pi!FlI`F!O?=n+^zw109;M?yVIbC`scVG&$`XOKt)|wG4;~m%$#v#L#IyT<3Wb zgl519EO&H;BIMDO#aE-36`X(@Qn>>VN6sVifdn=85FfN(4FEf98cz`$wM5&R7{$oZ z{6Kr({ra3&c;QwxLZ~C^mmN zbQ$JG1QUbQVtDHUMO~%esAFwR$mWC_Vha2={#$|g_u4y4UkrNh>-gH#ban!wMwIqB z1%U-}LjV@>$-Em|OE(0BLCLzK;n8myR+c5K8$9nXc8qn|n6#(Z>pmN2v0xQ5)#d&9xq5<&UZ{NV*ir$MBBlai%@=yi%@-%Xn_{w9VtQ{6?ojX{5#OD$x}OL- zY7RrK3+(BRJ{x#;wmSNOo!{N^sjDb=e2iIn%CtJNer?dI+)C6iy9^%5$xY(8z!KiKgDPO9CQp>RZewO5<@syM=~f8dy`CZy9}q@YNN#(6QDzG=~Oq)Gn)gW~vn!0^FnTJ}G~`u)u>Lz-;k7#k-m z($@eHG1MXHcTM~-brL*Wh393;5W@@)zf_x;d5rO4XSH!iNVp&C%h)I5v__2LH(*D5 z_Wh8DzxN!v8NAJ_fIl6)L1%?FEs`x^%4$t20IeXQjOn?5c|2VkAAOLpZy6I;MunA`C<~278ftd7!8q_ z^KrvPv4~?B`L`qO+YMgtPySK34Cb5JWg?Q0K_*&* zUC=z1Y(G5@BtQ9K@bmh9m_GL@VBLP^5%wkWVdif>XeT^CKEiSD{9a#RGe(n&5&D_s zRFf075|pWd;*7xAm6Bm~*Q{i7Qn?KLB`$HJ&~yR$%T^Y}K&f=Ja{R#?Bm1-m7J9IH zeQG>}6(Z^&Ws}gCzjirkEp8oKPpxipj(N{{AMbM4dvCS3SfEgUsj~O_;;Y|l?KPy9 zjNBAmk`#P>!F0+Kt^L0d%0(-N#k@E!%7Vox?qcpg?l1f6{=H}~kb)@iPZ>SlS_y}~ zB;iY%A3D6zL-6mI?LMmWnFPDGO72d{oTrJ}OEo$>*-}O(({czRywy@_t;m^vTvQd2 zimQ!bS0mYPHLT;j7(}9^^;{DVG>TP=mi$0CHnA!dk{@3CJK?(si zLz4-b`$F&lDSG`g2}5LxD~xzSuug(5 zkkt-?0;Z~WBQw=>9l~St@yZ#u^L9}24rW3@N;F!9lUW$>p`_zypE2nuj`G+#o-#9{ zTg3yil*x9iq}9v!hhlfGSm=zo@$P$IL9}2?pw|njLfoT^^P1W}cG>t&*t-vj_1QJL4;G0L4J$!e&4VG9-z}r($bMM{TW5Rsw70 z_1S%VvQ(}@ z&1e1}{aW-t)9AATKjBBxokz}IXMuFT ztDV#SUI41Dc@~lA3<)Gd+VLlry<^Z0`khq3?h@pl+!<2@M$BVUgxDdr#X6n+acROqlu2MkR0>`!Ozqx~oUo1eaX z$V%>Nl+Z(Wn-_ zq?t#Gfbay)e9A#z(?ZXA-Qv)GY`5+Hv38UG@8jK}_E>9ceJ``8qpARn(Tl!FI+#-X zQzw*UW?-(zU{rktDpk-qX;$&>XIGCJeBe+=+VQN{Wl~|hpPzaq<_g`4{p#R8y4Uvl zl}igiCt?hV)`|zcS^4C}G8ip%jVmFFs(^#twck)_^=S)wjJ``=8|Hp8mV^hh0(#qL zP&A@Xc5!C9j9nf@?_o;H4oBK69P~7XO{(=(11dUPxIolm@3)cnvIILBeW6rOl;=#Wfi|Via;}QIG zj^PR83EBdREqD90sOuW$W5fCq7aPXP)9f`ESw0pv=r1z| zavU0;&i;iN#yh^sA3r&qK3ec}Kz}*B7~$q6d;O38`hWPH zUQo~mHwNRZL1exF+@MIdkR6aPu`x7)Y#k=#7Usatl#cCCES%401P}ZQNK;DH828S+ zaWNKd>^H%oayP}>mte&TU~3EBXoy6%VOWQL3VQV<9|k7PH=g4x(DNdF|Cs!G&1Q() zSEO;Czi>i_csm#Kj4x@tPcX^gmz-Vv!}2M zWX=6f=S*;}=ljhc*eb;bI|;_b33hc7lQ5>5Seav%UGaZp~34szzdFwlZk2>T_|~d4Oq_ z8JmNY-d-bwfPg&Dkzv|QP7T2Wzd&%TaFjn4uNvl3$}7Abxgza~dN3)3rGlmW0rEhpVhere3VX~Ik zX-z|ej~f~kYxF#Ob>460YvP4JHiIuDXLGq{)snPNF88RFvS7yxH0eA8SLW~Sctl;P zSpN(k+NuQGXM%I{gRFmnj~zn2LnL)}vVV&&9LN5B|5yHgP(qLPf8N|xgfA;2PP$1i zZe@uyzsHf$+cnqHE}O+5^w0b6`e*&OeM%Vn92%pfpYpl_J)0b3!^lmd^Bp&0{5~4A zzve2^V*U61m;SpxGfe%DeKt*N7{bw`hGT&~+dhXrn?CzK>pmx8$C4KOY=$(X8?_l4 zq`S;aZPd^a*M_!0pSGcCtj{p+@nwS|n}|GA*!-m6Z_1yi5dM}lnEvzrH@NQf_-D&j zVoz4Q;hQu1M&J2i)0h`RDW?D{ne7D=nwZ^HeTSn27!nnMf#jCG+dyfgZnT5K=&TNQ zmSy`BQclH}z{mo}3*L^j`O@$LtCy)!D1)9*+?ncTs%x8@5I4AGS^`d5Vr%r)nF48o zhMh0p%04M89JtE%LC)!SsXNXxWAwm$rq;~he7&M1u*1$avU6gEoo22jl_OzmPII(C z+fyZUUz^p(=oYAd>=iq4!q=LBvsf!p19jHUZB;f9j|<`@My7wnYdd3mIg(8h*LLWr z1uCaQ?v1C<209#VU4;e*gX?r}^>lz#DvNOr0UVHqxYHDgG&{TKC_WjEGgiZqZ|Xq} zH`mgj#Tifk9R(!l_eD!k5}@4-DTAcdJxjEKaHBTF6G9Y@=vW!KizAdKh~0p(e}D|W z$r;BPBdS)B5N}2VC0on6i%AU6= z2KwA4J^6rq7QjRx&_&T{2n;T=8}^KmF)EO|qS+WAhH{1IH2_gfV0k1*)n4wRDgz2T zu$zoS5Pqoc=^PZ%Kdxs?f64nb8NI z%fHTg4a}gMSA48ZrNrK5p_@>KLA}Gw1e4&FI>n}BN~@v)i~mL$aC2}+f^|l0il)b} zs;{pD0N?yN6##C2&Z*0-H*e=Uf6xL5fPl3x{O1OM^*8=nGd6Xg=Nn&sUiQi0PZOf8 z?dve?X9d^s(Yd&~H%s&zDfST%!Mr(c1*ed*kExPz;yc?kQAD9~{u^770^W}Ou@7e9 zT%2Kgo?YEya;>B>j&v}!QN3&|$ywAv7VI=CDw^CL#HN$00+CiXSuEMxhhelBTmS+N~rXx~TR=Qt$Eg4aqzucBi5p@S*h?=qp4v5s+g^E(ACVj`ySFdXVmO zRS=#kNkqYw99Kete8gPq@U=`1EfrF4E|otCEtS_t5-pdjTHG2`EpJuhs=*?wf$KA@=&V-9$W_Xm#Vp*XLe&b!Nec&ykh)}E zBbd*p&s`$4jgJp1(Nj6}oqOdWEPq*^=S25@bu`PPrBd!v#vImpmn;KuSfvHv{}_PP z*w_}a*Zp_ip8)#Cy-Jrg+PRiYweQk%r6|*AX|)vZRLzaknJ;-I4J8P^{* zhN!SBuhFDM7sjR*BGr*+Jc)6zuA7K5!&d`|ObbnL^<%31)K1vEcv zR>kbLq0*JtABBEIvI*6?sH0Y9RHT8KE5)mtkL{@OO+zAgtXEcLu(suXi&FrxX5|C? z?;j|nZY@I1b^i)X;S;tc)+IgkvMS_~pWchC${__Wm8<2hU}>g3_=x_h+A^kaunJ8M zQ=RZW&aHgzE@zVQ)GCN;m&Dro_)JrUl5H>A(F_zre~{UD6>8a8Z9}nMq)5x!uPWHtluP%WWhibrk+$>`|qt>hXgqdpPZB1$*lbN7zuxz|8l^bH{x zTqQLvzC!uh4psa4YN^6;j89$UJ-(}~4oTMLFAx46U})I=AnpJG0Q>*|Kt?Ni{k6gxXe(2NxegQ^a^e=Z_=_8R1f(}<@&zUb zS7A8nm&PaRL{a1SYN(0Ku~!Vs6);aku4BPjjEohd)3T}xzMg7c_K}wizP^%ZvpD~Q z7aK{Z;4Q=R0J@*Z$ZzZya}~y+#9B5MPinmoSd(Jvi3DvF=SBlo0!PI*r~zaIoBIZ9 zNs-L(xmMjWeZ*1O(nVuwYQUGK1#Pd2Wt^&b7@MpUfJ-BQq!)Bcy+An}?BH^=yIu zw~R2V9-b>e3;zC00d_?1KOa4hm-AfIKtB)-piZ!XAuXYgx7Ky7qANs{`}CcYm;x1` z3S7v?aKirKbZZtfz)drRIGH1}z)>^8oR0ev8jaY|Mj!a`Tp`Klb6Dygn6*(~NU+Ih z74c^FDre+-&KO8hC^#uXHVm?ZTv{mUL()%wnQf_&LMHN=4_K`9+TtfJdVb!iTmZ!-Qef%po(V5 z_fy(DDOxroX1j^HrM)xLrBaV<_r@?y*5267rE68~?llLZA=769NO;5ZMdOLj<}^3J0S z6t615d1VCk4g<9B)oKtqX9@|arHbXsmZO9f7fzfXsg(edOwt81hXsnHqdDIh6zoP7 z_{E;f^ovZzO4(%;xu{B)MoBDT;(t!5k|`SYU2FYg6F4=D)&4;J`?_de@@fD6RG z2TR!ty>>uPjPSV<*dyyP-+lrzTJX06dUU0?%$D8qzhKX^WuOQ&uus9TXW!drl+oMY hQLwiIdY;H^`AYuZmd$DK`)zwe#2=E)s}P7k0046M-OB&~ literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/_static/fonts/roboto/roboto-italic.woff2 b/ia-terms-updates/it/_static/fonts/roboto/roboto-italic.woff2 new file mode 100644 index 0000000000000000000000000000000000000000..719979294248cc489ad409e0bcf82b66c9a4ee79 GIT binary patch literal 54380 zcmaI7Q;aZ7v@ANdZQHhO+xE;iwr$(CZQHhOoA=-6zU<^Ar?S#`>P~fKb-F9dOQ=$Pm_>F zbfhqMKsF!};5-KCI4uAW0?;5RZ~~Y>5$*lu1klC_wuxKrWE9;tLV=#v#V^Z&n&o<1 zGTyqUR6P!2#%v&08?1GXeuh3A(x1QoL9PjsaVGS0;xWDm6@XTD<;|v@5aS}Tw1j9K zRo5=uI9QMrFX2Mm4r2uHSovK^^SUx=R^Djt;uJ#%Tb5b{U6rL+iW#mNM`czX*5WLi ze~^CTq`1^4pKFN(<=Rdw4@xfOnZ&PR^@7D1wks~u2G_W<&)sXp zY*-bvi~4vmMhXg*oC6f3TtVrZT?J7=z7nablti0}lyq`4pcoMm-DF`h zruhp$Bc0Y)p4%Bh-PzvMlm!^$Bptn4c>)5l5UM0X5d^83wrlT;>Y74HiCRqTh1>6C zq+Q9BhH8s7dX35roM4!MDY&SoK|P4IJ#i!E-*?%gt}Xx|$oj1>{zzd_M4%Nv^0zU+ z)KZ|rIfh*@M6XjJ+YDFmIG7NcB?WehAxCJCs1%xZD#wswqGLU|n378CqCKq`P40B%2!0RW4Ni(mw-alk!7Y&M#%j*0Ux+xb^R>)pOG28I;F)!D1%$Jx>T zn$KNQar&AFzLG3UzIT8+np>$`{@?F@o7b)Pf0>kgYmA2Pz=B0KI zJ&1uHNf5CL8Q0j@sHiA~$}pY+@-@tZe3-!OExng&h31t6xG%wh1_vUPXglAZ*IDmZ zKLVnRKP0O1e%bWss%zV&pLVv_Y0Q4;^?(4Z$~KPUA-L&9qENGJsUTT-!>>m8$sY&K zx9ryvd7)qFr$;H9lW|w7$CyY#Jjg>lPlHgMpMuE@)InhMbBSb0Bjz{x7=O%!)D_k@ zp;n~$UVj=GIP??#8Vg8RNwTtTt1>&cix4ld@2Vzz@l5|F8NSgxLeRdQqdobOkP%=b z;k4y?Hc3?40U}F@0@T{m>Eqy(cP|i_0XU7A_2FB`ix2kU4ugy`49wj3?XCKpA5Nwf ziBwK@a!AO-hYagh2B;xzTrmF7NqdP$Yt=^TvfAYJ=9C)pVm?v1 zgc6$|r+*@plpLW75iVs|eC3nsn@)*F$4tr8tms8$TNV|P_pR+~5Y^xz%;4d6gQVX1 zh%P34tn#-GD2jWGec&JS4AV~^HozDH`_{}+Q8KPPUzaihs=p?F4lL6LLB@wJZ{I@5 zsQm)7bvUlW#Vls7(^C}yT_;x4zxm@`WXdsJ&bF=%%11hxXOs>ZJ|&bqx^NMZzP99E zHNErr1!JTqpi_HweTM000&M4G_RD{YuNO zsJFioRjor71XA*OK)419Rp)D|9V5o}qrEy1E+f1B>Uip~YKTgu3B?iz)ectp1)rmj zI4vk~p0dU#J*xTp(Pcj)z!7DKxptpr98wH0{}y*-(+%@!p8m`~)|FrVZfr8#Q5WTl z(aE)S%I+`8z26d%G$2D)+VD37{&sKlEUPp z_IPg|KIjXiN&E_k9!RRxp%BPZ&DfgAbrSQFw{7X+@+GZjBmAf(zW^c94-d!Dva_XZIha-gG06JP4&sBr{)r=CHz+uH4OpQHU8xSg zX+c~r3SB+}V9{haujeI53^zn3<8L+{D8~uPbp$)k*+P)U5~%Zpb{xtUugxWJdkN%W z1Y$CPu_J)I>)-p1$#O$|Ugsyc2#6vKlMgcvqA-D0-3xB5ACR`)51ZFtnioLZ3$W!2 z?mAh3w^J@pk2RkLhB|+Kz+wm@izT`=x)2S?;)OJmBV-=iZyqPC5B}W+Tm|j9BMkbf zWggJ`<{jYssuu8DO@I718_IDaKL9X@fdNh+<8KNWd~yi`!KZ&Fcwf>96Zls}P4KR@ z12TZhii;K~0Fe(Q0FJO0jtGv+Vzo>d7L5rlxtJDEE>O(0hU3Zs69jNV(}1(E6^k6i zQk^m2>a~M;{OZF1;HJYn9?-4=AOHYJfH11;uM5CR3nB0qkr{YDlqbwAUOCAYC`W`B z!z2}qTFZ1t-FnZF=j!EEDvKC+`|46K0WRGcV%EbNJ&_(_2c6a1ncAhW(O; ztbx}Y+Z0P(*Wzh%s z5>ASLkugRNH1oZmNFamv-HIxiL&X^bAi7H5NfJFG7Nk&!;RxbIkX3DA2&i=CrT0%f zOQ4Nb-yf->8;h+HyLz4$6rifHG)8}h0D`l*7H>do!h`n3v0h~96!4i6S^D!0cl_2OLlhKiE~C_9 zPPGbv*w4`Q0<%k-_Uvaj&91}8-7U6EtdwaY)P=a3k=)@a1 zQ#_&YN)`~mwwP$%8UrqWIuga??+d0XiW;v!)wl~~==ZH^{LYp!u3+sK1|F4NReAFE zEK8Xu1YOoRP2yG>A+Z-0ZY%O|C3+RnRlnnq41EYn14FV0>6;K`wD+sJg=$BUd|IB` z?iufb)Dda1z$X1$pOw54{Q~yO(Jq^<)NsMO7P#?V^}n%}!&A+F`Y&<59&U+OF1nm+ z{-~30XyZ{d*T^1)5Ks?>O$+YV`VkMeGYo$!2ELV*C`0x?@L)hI>l;j(pNblGn-_U4 z?r-2ng_|Ydk^DM~%j9-(x?Xh~W$0tyCmq}WROp<)ic|Gk^L}0KUSzldk^`TPaw^LH z9l#pkd?ao|)uyB0%Syk$RFJYgGG{9fW2*`m^s5=`6X`(aF4WU)?7b|+QmyoTmDUE119VvFZ+bzHConlJPC?Im}SeJr6* z{6598hyth>N(2srNCYG^#RLD=bf)N^NhvnPp_qHuR?nnSZTZ$z?zFL)oUQNl_4V+A zt*AdZl_}I;*d>{C&;5^gsx z`Ns8U4;_Ti3LbH`z=UinaB0-wQoFQ_PI4XB;mSVPW}Y<3&6#%8(?nrZS+AF-r8pcX zP3sMoE`f$xd&rbl8$&~-`Bx! z#=Bv{b~U;#d5hvUdhJNC2K?}4fEUmFj)8NC>@JuOQ70kF9QTCQJE?hQM2-2W>AoGF21jbzzDmg2}Nl4$8DSwKme5-Mc{o5Z4(n_Pz~5u%l#Qf-+L zdyx^4!br@_nEf;EYlfyapw`r4!@D)k)>LD|y*1&QRZW&PVOPnvl6ff`Q;ykE_}YJ! z2F3!8Z7P=(<*}aA@8wTcFY^8abL%$vD?4qsLzkt?u0IJqjY>S&fWD*Ne}yR0jm@!pfetLrdqTw5OI^_Ko=;+lFvi!@e8%o9yv9Wmq`_|HuA>iIB)A70AP^e z{UEVB)Ni6}noaF-Aes{*dVP9SOMXfNh;)~;bRSHW4Q86{M6_jtqcE2r<;YT7cC`F;0x72=&Yo{ieW+ zh7Ks{hWIm({#q|RSnnt9H{-A2?>*0F8HQU_7I}vBfyQuZ{U45;$$~lK)JcT^`HO?G z`5Kn_HOB0usYXLiLzr5c&4abh39IjpHUCMD-a9oO1`9_0e!eLlan-tmQ_LDaX{rt; zySs#+@K6-VWwcp$`iN|MFe$BRh4j|!&F=1veoE(DFY7f2vsr2M;v`npOG|+*Tgaxj zthxiN{@JFS13CI96c9MBO#MJeC?`y{!O#dQ-e0@~lW9jn*oC>oI}xg?7?WD`A&E+0 zVsfEMiDj9qb=_-KWv4DvjJ%_qioDM1(2E24x2rb(e&2lBOUw`axA-qI|Hzj+Kff#@ zQ4SMj7MEz-x^&p^9}59k3!ww&PMvIoC>o{cg@BlG16O)PdaxucV+SQH>-1xFe`K|w zRiajLj}m_xScgyr$(Uz7-}I4Rka`9BGPPBDyz=V{?Hl^n*Gy_8Z93UFKu7C&A_io*@S*#PZfPx?}E=)a$sLimbH;IT5sj6d%%B3W?jeS2T zymvo>AP^2bp!qENY6VN0quo^JQx)*aRx*g z{?gn;BGuw$Gh2;3wk5M|$&DrXjoqr5^{d*Bm9~#{cV^w{mHHJkcnq1jQ$iTs2CA36 zY<5H+E@F3xm$Cyz*(pnQEc3Y3O|&cSE&H1|+u^9|SUqxrzr1ecVa})EQ>AN7G zX}m{Bya%&5uc$ijwm$W~weB^({PMyGx=ok<)hW^7CSg6vNVtD0k#HYQF}(Zz0Vv$ zbt^NLuOjR$+^0U|1SjJ%AFiUf40XMmwM*-nmRGulM5+!YDwpDz%*v`ztIAZXs#-?9 zvCt}>7x!+=-h;lZ-mETkrUbIr;f(gBTQl2Mvwtf!tt)M#6&_YO**60$j8n2FkmCxa zW>}@hxYz7#gK{E=B-|t4Jnv2a34?fh+QAMGg32O42#}3qKM#r%2sG5t z-D6l8)CcXM$$#$uk%At}lOQm(ET$Xd+a;hwBVY(f@IVVmiM|Gf0wE}A#&x%|#9xXU zI0yQ=*=P#SPeN`#5+#L2F1kud6W?c4^6J!I!hynrgM*!Ki%UhbTm==*Rjh^$-kZk_ zrSoYaDWjATOd0FqGFghz$D)s%a{MuR)1!uMA(b?0AH7sb>IMJ{WkRpTAx&9}cRtfe zo>8NWK8i`18{&qi_>oAz)?URSEnZuIY2l632*|w%WnZ?bOP;*}W=(GsCm$&IHOQ?iPQ11JxD-GV%g@Dd(Sxlaol8=|=FdNaaRZAR$+$RR#Q zpntug2Sa|G7(~gk8jpe9m>1n;>X`eVh-6(B$VcgfPHQwIdz0||v}_SSG)emJx@zP= z>F}e{1y&p@goufw#s<-2p*1fVt*G%K3w&^JUI)S4SylNwBXKrj`SZcL!ExgI(IPQK zS@!yJ$8Q$Z8IIEri9MBYQ&%u?P&4r&dBa4x^`+<>f;2(=K&*3B|M-JB}Z^f1dCA+(sqa2gMT7LaPM)V+|{iNIlXp zl?&iN~BD#r}G-j)`hI`%?6??TO-&;un+qR>Tf(52=c24PS;3 zO=^Lb25!YoOWJQ}PsEJ$yJ4z%T@mvwIo6DWGeBZFVJ9Mk<=2>MvUM&f8-^M&2iM$A zREZM@@e7*u$z}Z$S~^!dbHphP@Fv952-POnLpBP~CySDvIe@kJhK6FqWKLJVNbnV6 zsR@I|wXN|qz>V18Z5>L-s)M2TBHP+1OTnzU78WEG-Ouw(G|VMAOYIkuURZjhHN@6K zUKo^6XhXV#YZg44J4Wj`S1ahSYGn7xtt<SH&%9>IKPUq zUk>a5GI`tK9uU6Lt*Ak}*@WQQq48NT+9B2}reGxQC-N{QE^B(;GLiiMgimNG-Yj!H zvUPtMacLjl8!~fhKKd})uPMUpo4P$rOEh(~;Y@nIOkF++Y4U;{bh?Oe>v{{!bXZ7&rs_iiKe%mB2KPPEnG zd&n6?DoO=Nul}v?l1U6KA*U5)Qr_g8v0p+0GALV3=sd_l3>C#+_b<~;5#x1=J|@yP zq?PNWZW`Ez=S`1Te+z&>01c=iXllM&6yc@u-IgVm>?uitF)3|!!eZxD%s9|QqvzUCIeKt+ z-ffJf?X`J7+!NyLmNYvDrE#(yX#0-OLnGGIOx5?DQ_FycX^KumLaZINO2w%O8R3J2 zGQV%q%vU%db?9{oN2AVFXkpAVJKQo!GMn1_7*GM7C0yWU1X#k1b55>RFZALKEIbbk z?<2YhCVha^Ny(>(EIj8_L=pX;aLy(IGVF$%KHG#@dWs#YEn?tNXuyN-%rx((`{_0E zOR(lBL}|uoIPV#@*PH>;lxueE{pYUOFV(9`kdMU`V;4yI(@LP9h7buTwV&imk8s<4 z&oYP0SEO>82}<4>C%-e?JKTo|08vN5CrheO9u#At)MC~tjsa@v#mckWt4}ifdDDW9 z?|naIFqfLm`mRT{Z5k_FG=gd<6v#2cZMOgMs?-PHVlrcs0=OyNlBv`+=09gmg49Tn zOz0U)df_qj;3GzanMg{0ZOsu96$Vd6L>LmUEMyoLc+bjRaO3p%VDJLA?UBqX?63;p zAA7)z3*LybsZ|c+tVM#!yS5$~BL~rN;y6)AL1l&Y0TpJnNFuoy1vyx9!^_>p2oq0U zB#aqLmdnZ^gQmndnW@|VQ63T+8xRxpzxEyK z!Am7ijvfrrKMXWs!6Of3adB=efJuzJEtX~5!mLXVS9`b-#;wh6eEBE%oTdAcQ|D+rM;vgry_#FsgKmhB8M1bqa$UKSya~wP(`u)){^s%vopsC6oQPTSZUr1%yEu@+c_vovX^5>&l;GU5= zhkKP+7Gm%BRC*_{sqtLakDo*K&|bZHZ6_jcyth}W4Y(0*f`U4FWqkQb>R&t|8sJ+J zu56%H@MlUojeS(-L1-zEt)j5xZ)R44Y>MPeaxS+rm8{*25y?*Ip&&8(8#E=zI8{dm z&10nNgwc!|Bfk3dW;_8gB*rKcZx?K60kSR=E=}^=+VBUL=38Xqk!hp<^xqc@)KQ9d zMUNyFkJORu{2{Z}zf`xkwAQP#J^An9?|Y+ zSJocl!u6!v)LYyPy9Cpq)ZXOIw#Wk+teo13(+E4)@4|-V8udo8Ky`ukf`x` zG)?%!WT0CXAQ^)E23k?1ltz92i^YjW!B*E?%)(69KOHak92ggyXfUW4EX#|%I#v2R znT69zkC^;myZ@Zt;C;@qLrjU1gLn*YuJ@7Q&V=+7Qdw~R%kzAO7_SUf0Bpmy_1=Gh zcQN*mItRFj^e&?AjYN*bnV)yuasGojq7bm(Kf#|CZg6k@aOPhzCw+R4h%feVAKF*@ z8Mpi`nUqIZS|wUQ^1Y&+vB7e{#4ngN^8Xs#h(*|}#gvTLNIm*hO))MvFa?<+%cTOl zWxn+NU;|Ag(?+F}xtv%6pQp^xuFw`yr)nSld>L*N5KROn9_IzU0s&Zq+ocXyn)Z;3 zzfx(`$5RKGOS+HGQizweq=TARv}B`Hv~2fta+)=T`f!F5GJw)kXRCFmxkHCjzF!QB z3x=R1->B($tBaq@wGMerq?pHeX?LCAtP7;396o<>kjNCsqIoZFXhMorrZi6mAmB3Rxz=F`N)3itHU(h=g#pFzFx<;R}V$CTk* z_?vt^oxAcNg9SpApet$N1&jmU+l~+pI7+7g3^|!)!iNl+u+^=)89LXFsjoJ1m}>49 zo5S*!QAx9N)#}XmlRn90m>BM2vLDRod=gLbWL`whg4zuB|1e-!6G@9AnhZ~manql$ zH6LStAUk#{REwWJV<3V7vsc0BbjIwgvE0{((ev>A0D&Nh%GvYg3p7QF&%pVc2L&>ySTC^_pno=lDuu$< z=ori{yP@d+EX2_!u^faD-MiMM)hQ2}kXl z|KPP3lg#g2;?MZJ*YmaqKJ>2|pab0_}Awg-ow@qLZ# zmTxAZ);sxLU@Ca7`z7_;BR^OlS>gBI(`I5IL1j@LeF$;|F)!2IX*4}S|2qmyWMimh zNZNC#|F(dPZ-;Ix(x`u|u?L*LQxu^CNJ2)#UY8pnt{e%Gn~I@FeT1sOHcZIe@@@Hs z&7yo=;o?np&5!5!&r{XN$g};UMq8A_gUuXoPZ<5s!BBPi$KXzb_n_=SY|oro^s{VV zRc>BT>;*O%2>Xm9bzJ zl~GC{D_PFLg-{YQ_rII*rt3cF-0R0|j?T8SU0K=&F2 znzcoGJv&ot8k@F7Y%q;i%d)tloXrIkz;J9dA=2~0r)!G?T%~qS{^mORc`&}2mwn-Q z!OeTLG07B0kf%c9iVA9U*Fms(Gjgw#RIc-}{goPN#M#D6zUHXtu^j7GeayT(3R-Xz z>^oxefs1Ji{^LG6khEtKa;#J$1Jd!Y3hcx2Cn*fX%&I!14ZCza3RLzgO7*6kmk^X8 zCs0Kqrzq4eF+5gf@4*N(X-ZTb#V%Hv9qX$F!`Sa<@c(ekkVyRSE#1;1e;vxR7&664 z>raC1X#cAD%#;oEm7H_!m&7FO_-Qu~TAL7%A;kgA{haHD5 zURO^1qHj;dHUf-XDE#`B8S{%teYm#G|&R31RaXFCNSc3`D73#@|8xn z)v=VIki_=T?doCK=wSOc;b^gi^_-CN$pX%_ z+e`qdoMG!BQnc&tGgKSq-h?En1#fLb)y5$FL9nsdBH#*cHWi?CFRS|*dWfg5dV@nf z9qFsP)*pGOfv!VL!bbdGBa-BHSmn*Q)^2jC9%x!tHL|Uo$Ho6O`^ippS-U{X5{0Fn zi!G@|Jq)@p=+@x}i874Hu-Y|jJ)t^nD|X_j+$Y(4DZzs}G*bl7`Ex-?kD~K0#z{W5 zm3yHeZ4NQqoqqwG(353^DTnl3s@gX$%OB`FRbEV&@o}-ddbh|}!z9Hj6^i863IWv^ zh-OO9Tm@r!jMa{roSgT&p8>*n*sQa4uB=u1Ls)Cgr!CjC6mQX3aqC;Ji?08GvA5?# z*?~yPStlhmx#1qAeYd21KYn*4j01GJsEYF~w3f&y^tqH-G`PnX6pQgb8KMu=?I9?_ zE}&N#jYgyyW>FOASRltw44SfeUY5?O!ghj6JlBOUn_)cqViWL?`(m;{&A*7eHOhQq z-!aGK1->@cigI)!R`hig9C}KZReq^okto8?`rPdR|bYSmo=|l^l4*UuWv{Lyc-93k5dEk_;_lS zG-S5L=@_olU3}E<{@^C9Q%O^XY9U}#D+q&)6Ze4+t;KWF2cQ8!5HchWefCeeJP)^j z`gEoYPuef(;B!F5Lth*`j_6_VH&gfL4^_tOvSo5Hq-*~Y-qI~snZ8uj7xQ`rXFM=? zUb^8N@0srKtNS2v?1$_gXAd6+(UM=DUV6kJnDMguv1q9d3CsKEg~Bb3 zfwW`Pq)eR77{%Zt|5ft7p_!g{{0+kw#fy*;>efc^y}Ez@(|k6ZvfHIi1Pu8>B4{2N z2|tlMaYm=&ZcQUnWSGaa?_@u`!BHDgV(&57YlrVOD(@kIj&hLt2f1HaQb_w<{S1GR zsfR<$fgSawTpq~u>r6YC^7xL-VKqy#=DE%UfP zeY(_mJT9zApj~U7p~dmq^8gqI)yYGDgaQuyw4Ayw>_(yPkYWpFo1<9621>v8Z%kp>VM3^ z!gdkc7c?{&ILJ7rhf^cLy$P z_0iHH*!Ib`d&=$YhXOLhfJZjenWEgGs`8goPF2;hS=r>N-Df#tdl!3tyt}07)A7$m zl>e^vciy;%1Hr6*!laoDq-J$;`IGH0T^)@c1b-|NnLsKWtuROdk!w&uBb;|oa4}wZ zoV6IIBS?i{E&&}yraQb)W}yH>VVdHAs~kiNh+eR~sJ5uYxcaEHNtIly&lHYtV((A5 zjx1RXBA&(e@1^dC)whXW3qa{1Zjg~9bnN>*uZA2hmYVxb{?kR3^?VBw2Y0USuu}{5 zrCY1===lkFF#qCakq>u+vZpQ1O*8E+sP^)0XYGg<6D2fEF%!UXo~v55^u_1bg9|FW z=*^g7 zoArB!ba{qjJMm^C7)rXU(3ozVqFy+F_Jz0lyA9vEdG(8|=Oib;w}|VGzIE5TN%_A4 zzr~xipY=Ifxkl31yBdmM!~h8qVP^$(UdUk)6eB`5i}D1TLn6FG>N+57>%yAUO(Lb` zf(|s#%Zj=H6|J{WJ51#JAGCfbP6mP!5mlb(GU>Fo(!7PIjOp|)T(8x0r-a#1l zL5U&~1)V&WB}J2o)Tg(vR#ViTVlmoUl?k))ZFliy*#f z|CB%7aQ6D;Ft(kULt(H98LXz;BXZtGu`YW`3q~`oYD?N$Do=E6!RNo6tqP{JwSCO7 zcV3pOcp-L9gXBJ)H)Q+pz_4s2>h3UK2l&2l?dJ)@FfWP_`I%OnnP;#}Yd_GUA851D z8D|USeZ`CdNe>my#|q}iP+Bd+ z3D20;I$&AfCXKg^)lV~AGc8MSkw|kuXSmI(r;X`M_=M-$Lb2}FKJ0j`f=zjvQZwhO zpR+NsYD-t8uIMUdLEWm`ff~DCr&l&U1pfXiR(GG4=%8q95Zrd(i8CiFiTK#b*4M^g zjq8C}fgsY~!_)c0P!U)`VF$py9B-g_7;Ca3^QmovvF8v6`ut>qJCy{)ag`ChOKyk; zvE6zF*dZna9o^S)Y|%;Vw3EZv%e|XLo#oysML@oJj&34;b5RnC(nfvB=_tZYsf6Sc z2@kUgD2NA{O@g!IKE5aibv|^kc0ZxLK?|`uO2-i=;mQ;cYR_33#pSFgLmnV)qPJ!7 z!_`lu?HOOkhgbohxhilykU>t`uv~N_&+E6xrWatD@W-yu-(do8@$RmOx*e1+#POy4 zy0u{kp-K-4V4WaiDz{Nt@4nX1=^JqI-(IO4kU}KAgNS>j%oU4q{IOXLowpd z?ld9G-#4(z2p3$ z#yHuIFEVjZgwy`s3izXVM*~?$p6CNQcQSOOo>zOK3Cj$7M8}dsl%W488{2hTWN_01 zEIjljWRPmLn6)tTpv#HYRlvsPGDVITlN1B6;d)Saq|8hsPSy{g31f2Bcd$!hyjqPe z3*lc~WAD!~#j#CS-uIF-FmFOfY(QCazhb^gX?}h$TNzpGNUJ{fLo%c;t*;YPaF=&H z#bApqQ4$SJ_kyJZLNnyM1i&yt04y#GJ-^KsXR^Iz8&!DmFaNA4 z7N^2;D)y;D;3A5@hO!7QEqF>NHIYE8FT2Qx+^v1UOb)X@;T zMdpg?P|k!FuGVX#15%=8%$s+bOE}o6Z>bU$jR`kONO>?CngpY;$Xm>v{TOwM`xGvP z@r|aPqm^k1Mo_R-Yh?Omk3|+0#nQ&Z*aQ6elaxju_DJ*xys+mM+EAzgV-=>Q;{+Oz zT)!BOJaudW&SP^CZo}gS?cdFqn@l@NMw{cBT(rS17;yU4{$O4_^wFVvGEmkV*K36A zmRk#(yskZG@Hcw$u($G;t2FK9pW1K8@AzCGd6+QP?W90xfhbVS_FT;X8hs1&)siuZ#5F%P z{y5?7oDotwB`8%sX4@-F_Nu<>BjncUx}OlQgwFHX#zJ#4KV;Nw@Na;WVays~L#^2s zCsWKLr6!IXX;v~Z4fqg3itgz!4b}fPr+UC{84Pj<>c_&{fmxV^DcL}|a`4)P#$B1< zDVQ25DSZMth~m?CZ=a+F_%k{9hQe5 zarXeLCgl}{IdVfL3W3g%!-snz3#ddlsldl@)@$B=iGpa!`V2K!F6!uig`UHo7tX>XxAtpUl{P7fmEY^md z{}8AGgkhG>YxCQr!DW$|YEiXf$w9!snbaVn?kaTN_Y_;T+#WhW>y8f`zNTBaEE-Rx zeR5ti6aBH%=YvCuxurER6-(ih^>I)LF`_yXrl=PicS#JDr(-Z__W%G2l7>R{*emE}(FI#9YxP z$4k@N??zZ-%y-FAL_VCC#Gl2!QN{#uV-_EXBLdKFrItZZqP? zF#fi`cWU;-`3c1iS|oju7DAB^6@=v?Y!=%x4iuzonve4CU!=q}ITZ`Wu%KE%KSgYi zH(6~qPs(xEPjog;3g}k&@xi%T{cI(r_pKh&i>})sJJNvT?!CEPW-M_wXac+_Lc?%*nkOE6`ZE33@wK~T zX1V(QY8;j4ykt+-SM%(#3rM;vFkk6xz*E;r_yl=(T_~8qTc-$KRYt@i=0?9}YQF`|X zq9IWFd&P8!ASBq?DIB*(^d(M@jLLR$-Y8N6V4r+K6O!LCmxaA@m$8=})s}z<$fT%~ zr0zcGI>EDNK~qWL^P&m zhe)^7MCs$qN!z(8K3eew=JzK`$3cdsZlj6c*1|*1!qP0ZF@jghUP5m$V|Cu?04i^T zfEW@MT{)Us|F>G`rJQ}5?3`NiI#P~gSr~#d;N1f4TR@tADx=JcysbyLIx(Fby|m>u zADp{l%fv9W*BCftq6Wp%*ZbsB=HYBs*Q%$V#8`+SPboV&5&e_4tGlJg>#c7SUFuM@ zTp7AXqdjnpqdpVv8N>4)xbN(iPy05y;0uQ_cESq`68K_4j1e(ZJJ2?B4@t8!h&R_M z7CbCO-Ua|yPQ&M6f00O0)ydKx)$4lFY}srfdftD#u8;=ECesNLBHeT(#Q z$P}KZ1f^)>xIN1LbfF)U-LDBp>V7JQCGXhhzmYkBZ?eF|%0^A^GBTj|dWe72A=_4l zAnSNx9fDBvA;k{cgDzSAbyBG2Lb0H~Wb|Kw!PFCP+}MYnzfYL$;OO(SbFPej8Qw?P zWS7KNZg=WQLovO}*?6JFjWyDQeY*Ms`j6S!^5qLk{@?xX^-s~aN`S&LKGJ4m)la}- zwdMC@=#!lI!||fyoiL%r?*d*N0y#oB5)>hhb-AIF@S`U0piSkJ`BGgb`u14_TNj>E z4Nk4hS#0IH(rt-ZP7`q%X9HL22I9&+4mgsyxr3`~QIbmRSx&~=N)M5$TzRw!Qv;%l z7gex{a46+Fcs=BoipQk?%_IaVS|pi5<@#{Y0$#a?pEZP1#5PA^L`SA%l{3sdNF zH0DLUWeV|n)@lE)h(aPG_IvI7qTpXmq_^kqq|Laqoz~%N@u#xap$OL#K)0Fh^h8g8 zue|q&x8q?K*_cO5(cbVr2(0?NHR`P79L*l!SvzNlvVNL(X}H>o{Pv zY>k;Iows$hQ;tToG8qMTi3m)Gt=^zV>mJxRp8 zJL2>+Dj`EYB8+T=L6Gh1{PGq#_)-y-lO`W@Gk9F=ICfzz?qNHQf*wAY+0R)7kY=mVQUqvWbwjF^&o{?M9}81I^wX$zgM$3>@v=71|zaC*7E2 zfr0xFzpFwaRh`0E%5+!Bd=wN?1(qccQ-x&ZF85iE@tXCfLmaW6E|B_K!P!-Zo}*`_&dZg~l|A?0{QQ4f)Pa&*BV!c4!g7kB%fgMD z9#Iwq^T`7M-s_jm3 zH))h3*Ks#x|FNT|sFZHHOD&690U4_Tc?}HGHf24Oh-WCfEg}PkUI!&8PFGdp370Wu zl$fgq=vu=t^SaeoZ<;2M^SX>`OoHO_8bbWFEPgz(7 zh81oRvE6k|z4^~IIUAC95_buXw^s9`Muh8f7t#4@6e?O`sBu+!i7X+%h(n9RupEr% zW~Yh+X)5%ep~_0I7dRDGKIaGVvg^I`O>lkMzJ1tRyk#Z?=|C&6QQKUWtaEOsrN*vI zp=)~vX38j>#3sVYWSMY4AE!b@JunA0v<&mG$X?gcw8VU-&?2Ft^7(t%;?`$Z263`nPaxl0k!I2o!}{%e8J#hU^eH8tS{ObC|8mti{+}d zDI_syR)|qo@(8M%kfhD}*_@sSvp7hi_jIXR1{JCYIcLxLW`g!S0iC{{bRy1ZgOGBz zS=s2S(8;rAfkvPWG7Ty5tdE2u5Vq*foQ`s#tP_oiuv7*Whu#R%#IiLIJ0Yw>v_IW9 zysTR#Tl3FzE?Fu0eos=SN_PrS7MFQm?E7iU@Sh%p3(-SiTQ4o}7pj~mT<|^Mx}bYa zmf6!OKjsTC)b3};(LCk8P~hF;{`q)s%n>$bHG~_ENRCWYCxn&R*%R<(ty3K`KbSDU zfGJ-}j;|1s_1J;HXC%mrjlm7L-a%>v0=3>Ov_4oOQb~#JCBm&PHIZh+5BD;H)~zxJ zOsS}GS+;7GKZ*{t(&(Td^Z6SQ9;g@q47BVnC;Zg~5TWF1lFn6y(-)FSd+qnnS~-cc zncQrfGz6XyZf4`7ME%=!545N>UB9t?w&!T4od)=o9-^__g}lj8rXox4BA!-nzT+$u zQ99#dk#-2FW=FdXtbel*3f2`nE;0P&+R#IG`q&;aV393DPx@G*{S%-K;}HUuGH{-+ z)=pQ=fwtvju4Tw@LA3h`h84I%`;~8(V12E^4CPt~hXd_S3K*snT*elfn#4gs#$}i+ zMNPiTY%pF)^6;4v^!CUng2@W zb`cmb!m|Q5mc$s3ZJ#Ghe0X zB8)KJ`eWTCL@~P|$5plFg$nN+6%hKNm;(UIRI4x+lOpttzp(Xj&U~myiCuW;#m(LS z=gVv^DeLkBv!gL&=-kB}wG=GyOHNdgo(#t>Wp35l(@ZdYxZVVdpehK;x$dFkRXKlm z_%YHGF@;ZyGQ%IdzPxHFKCk@nhs86Y;;E66$A`r)i$hvVV9V2r&>FTb`%n$~*LM;K z=tw$&v(aP}C_G%g-AuTb?%gQKn2}sx# z;FQpF@w!aj-`?R#Dx7jH>r|_8umSHs*f1RpCr>U|SDEz1A0GVI#;jQygVBM42_55v z8sUWUS4YG7`OBVOxA>u(>?2zvW)HZvugce zHIs|?^FZtKZ2i@q2MLxr?O-nXB1rQwHs}3UKfC+nS`p^}r_?k{FLW#M*o7TzL8H#} z$!N%SS($x#U%tn(Rz!jhHnm``28SIvcERIELbgQ+rs@5>)a`0{Y6Ik|N}v4)&*a5U zxkgkg!G=qSC-hps{pwfX_YJ{@+PyHUDr*`?Yb;w&X%H@r`A5}=x1c4MKx44Q>b?X- zcrkQ{cb_FdvWK7Li3{Nc+rx_4O5$wG!*WT|E@lmHc_Fm^Ur1vIi$>nu^|?Lpc+`+?_5sa; zh);KQ&ABP+iUP_+r|K9NDe0MWXv0}D;3T23>pMS7C^DoP4}jRi=oQ3ac8Iuv33;pD zF3Za4w!zL08eV`P+ug(1RKB^4_7qhfrT~T8@MDz|5`-2zeE%;607qs4hIbz0qJXHl zVx~>;pRD*-yRZXp+3Fk@BS^D`nLQa&HHx<|02y-V%BtT-tpCf9(=yV|M&5u8UCQ?$LYLt6uz`J8_I&nlhA#2(Yw{70Gaqst|;C z6gzIA1+v>--<}icjF&8$+#_v%K@BUZ%))I&kPO=za<#WEmI7%b^mG!&&7M41i4$PS zA$n>oyJ%|6c>{rTjd|+=u}Kt?0jD`RB|AeX#3fV6CuB0Fj?z;}Yj)w}cr}iPr3dNh zB!rzmaoCq97VPe^HPOie@^hQR1QgS?{Kf?4u993=VJ)-sHYQH z4G%Bx!8x#dlul-}U+e6N|56#TQBuj3{jE4O^x>)};c(L}JPP+mM|>Mmc>%Zi@X-ok zrd(K62OanT=VpZ+-<*=+M}@=&taDwLQ@T}(YxPO1@%>*9Kg&`3=}{#%sd1Ji4;8*B zO{59^x|v~tjaVMFzd&(;t}o=r^5E;*FZwii6c|>)ijS+f<{ zhu}fv&vNIh0q?K%a_JHiOs)>Ng&Kzmt1Y~HglVC5IuE7M@!H4gW%D(=uK8V?^1F8U zGq%^rlw3kL*t?)pUZ~FKQOVKUQ~h+{zKn5SSic7T!hnBb@pi-|%f)9?_F9OYs0ZB< z4FU)Mp}&C~7lMIL(84=KAB63=jaVGBGDJUS?;Ze!SVqZRSthx*O?pckWb(40tvkWKFiROWcMN(W5K9b6>!kuty zkQ_Kji!ZBBg=x5Jo>#%iDH|`s_K>h5WxXxGm&aaw18crp^P;IqiDO`Wx$h%Zrs#pn zfd!I_S0=cVxDf4LXyHJM&G{mK*jixZMYD#;z*Q9ieoi2P=$PkMN_rWT`-dcZ>~lC1 z>u`OQsoHl{=BTN4gS|v}^LUXJ+T44Rj^|FUdwvCv;`?LVE-GcqOoKJt+;I;b%^4#1 zUgA!Ct6xAtvIr#uc{mw%@8pnK#L~8Gn2Ni%()4tsuxTxEI0{zuu!&S~Mq?Zdhn1W1 zO=D`j*6i~QfHAPH%KIrRgI(10=aag6+==IYh%ch>@@lK1hVqr7C*-SiZ)2tB_rG}K z=4^8`-5w!vWyXO-oJ@3G<}fk^sYlHH)A$NvX=c99%+h8XbPp$To zIUoZ}0A~-yY0n@@nRgL<=R*iVz4m4`&h0Da zsLyn*CDG?4Jb~9fvSzBN_?*rhn1ow*3DZvhO7#r44z#XkXLtj~e!S(+30C#ry}!(XfQoZl_<8b4 zjhm~nCqP*7V2^IK=KlN6i|5!3ZXU`1L{^chj#0y^QNcUPZs0<+lAbrXP~^sRWuff5 zLMmxDPT%itR3MJAzp*hj9u3ldN{{|kCVP(g`X~Fo(XXdU@EXid2B44y8aJi3qXFvz5-rwBz%>G|F$b1jmePC4gzo9Tl9~_&EhmRvCR67CGrO&) z7UsdhdQP;6e$$t3=BTBfq5O|J&~@}vdVL(a5uak+FTV4p2~=wD!Jmjtf>2 z$bpsS|AOHr|Gr;e+jVU zbN9U!qP+dWSj7dau}R$Ra!79csfKO>U^Y6;OCitCENR{>HW_6@j0DvfIY%t6mH((qxNjR9wWC zevosv)fl$=jnAj~9?dgSW|YY8MD7ylFN(dQffMy0sjoG;qAMqIrAz_eqj^s6(Cjqp zQN_*&m30rc>-}Vu%NR-Oy8YXo*L9Z`^TXAT(68;sG}x=4XEEDVC*RBgmOIlwCN~E9 zKw1nBt^^F<+Ma9v;jje@&U5QRr6MrN7Js8H1XhMv!j}Hu3=S#RvjQ1TVM&#%T~$Gi zROZ5=Bs2s2b}mUhz#jl8Gwm~qrg0VSd`?W0!w#=QC8=98a0@0K_J3g8(11g6bz{I^ zDL>Z6!Ky;3?UZCRwwre#88=t1IQ&qwz3A51XiCZDcm9M68A#4baL-AYbNr zyH>42=JTwkrX2O{?d!&Jf`v1)4s{#JC8nbZ8wKtH|p(F(=bPS;MvYeaXR6*1~+;XuJr~JR)J34R< zoGu9e%%*dj2U%~6zW0cvL71_nZAr)rF=J9saY^*6Ygq|pZArKQ&5TI~Y*wFD12tTu z-#Su(1Q=5u$K>;Ep6mglgvPEJ{ag)Km4sVQ_SQ7a#?hN2Xcvn(I0ubBO4p|&rm)`z z?T7;r?M=qxjEX~;3Hb}O2{PGDn7=rm{GEr08!FD;nF?7rwm({A)!L8qkl6<* z6|b50Y;?7ux9aezstPii#Fq45T1!Cf@KGJEoCJ{tS;+~oC?rK|%khNhoGNWLx7GkG z24AZa%3(MPAnRe+R#s-#@F`W=gpp{#jSO<#Ib4b9_k}~m8D-(TkAaAtPk;-W!i4T- zP*hs@r%*fmz(1-O`w3lTi+owAP4BtOT!6UDLU3Tyrc4}oRt;lPCXTY{6wxzO0~(h4 z|9M3B+W!+;;_7opdsmh{Jh|*2r^m03uLe3gudn~Mk+z1i^x(^vzYYeb1g-FOtYGyo z9<%&;AWp`xRxLJi7mONKV}|$BVRTNNKah>ze~y1oqf~>Q&CdRw1=~E z6FS~R+J@x0XK%IRI20BY7U*L4pHo_v0B6(NzK^1-jB9*Btl;?JP9yoYgCOJpjGX#7%p~We zG7?^xS}+uJJWIYIVqHnOinQ3T)T^u^L0{{EY-y*A&DQ*_c1!$af^5bUx9GeXKnsm8 zOTrPjVh=A}>!+CpJJP{2d!}(7Ux#z6hMF?Fwl`{^m>$A%Pwn8s!lCvJdA&!=lvn`s zipK}DyT^L8JXoHBBBWYiNq&FlhE==ya?xHlx0kQSBz*fo@pE1hC&u%}aOrv+i|-sL zdg`Q0(O{Q9d2#a#IK@V*;Q~0>#@uS&%E}y^Y^K#<3Qi%OzQ3F&AuCZY9gwJ(N>MIP z)qk8)g}gm37+;SKN@2HfI<;;+hj-x*Z>Z~!0Eu!)t#u6ruCUDfY61hwf@Nf@c>3vn zh!MTw4Bk!&OlLRJ!y3nmjgwXs3N6ErKeOf@(NpXDD{u}RDCCAv$kgC$U3haDIA8Irb-FrYjC)gKR@pG3Ove2wC}T8zmKfWJ4WH!dZRHWOHw8nN-&@ zp9mK@4IPStSI2orCtCKzPZ^67)oTxH#@?>4C|yuvyfi{QFS+$5!TZW7+>2GatfK3U zq%&)tUN1^TBiP|-t|FY~WYs*pS^!|^1Ni;9%DHSamsW;b0086=^cq^U0VLMn2)0bZ zpDpE~c}gK4B@(j>rdh3ky5O>!PT&Ett}WXg?LARpvz3j6szRfx$<02+kvn&$Kz~T? zgIFB3eOodNfSH>rQ~d4hSDB&wLSrqR&CEQ4Rvq0736L`U9f$Wi4i~F3VjYL}(3L+O zS7jcz-?i0UL`*OUT*q?Aar?^&AiSS%0Tk(QUp0(}`Bemto-|PT?%bvde=#X#4X}bf zb~yiACIoe#Aqu;_w5keGiwJ*O+@MpDAuyeYoUCbpagbh-IcQ>KVPP4u8q3DD6CQvh z{|flg+@MBJ{fSLb4%5v*a-bUxkp4rAKAi#SSyr7=Om@pInCs^qc7Kv@^CUvqoBsX| zdb|pn=TLhe|5;e90^rSwmNaYudrQHGKPG_x;FP0q0xOJzBL-nSLJm zzR(#(<#B@ZiE#cxHBy=E}}S}9m5WYE{K8wFe_JpJ_dwM zpROu!2Ohh^ZR8G|94|tdlSqd%NPWOZi#?QJqJ^OV=dTmH3g>7eE@K+|LTG(g-B^Rcsxc`!T(Z z*aurz9*;vkCl=z!XbDa)tJ^zp^BbMWOysl#&n`GrTjdzn{DonfuFEm)zNy;?KJiO* z{FBba*%CVpr{K$sztC%~a7 z6V%9Y5wHZdj4=zDHUA!aya0&qtl;3%a2yPaGPv$Xh4PHAN2XyotP9bB?HW0Q$*{A^ z>ly!=V(duGKOsZ0f4kZtQ=Y?61a#DQ1t2CF@ttd7083U=?yWqC6k!b5EPOe0Y1 zkQqnHZ(}@#NRGU2y)WV!o{3?5OPkot$46_C06$Vtn&%X?ynEhMk1KFwHs+^q{-f6> z?7J#l@Pw(&&{NCu+*`HQ;XhoqOg%^x;h7d;i(G#7Ob#Lw{3n_du8uFmZfXxMNX^a| zY2x3v0q^I2183mhHL&P-_=$fI^ftux)q}3@vNC9M%Hr*g`Mg<0_@dxW*Yp<34%qE&9z)pQlgUJ|C?H!tb?J z&8)La-=8WR?l)J-q+6stSNepAc?xk@t$lKK0GnEiv{?j$Ed5ahv=%g%s@@%F_yfpYc9W5*Odz1~3wxUO(M#qkwZlZ^?-^DY22Cv=T1t6Ut$ z_Zx?=z8~5!J}wET!I_yI0|Ri+GXOB<{?5^^9%Fk6woUDvxh85PtqIR+< z+m7twc*!XSCd1L(Wxk`2-iu~IK}XOR9$iaM#K@R!pM@a=DZeub6Cog0Ry0>y`Df{D<=Y(9>?d1tw^ zs8i_m%>-lhF;KES03TNlWcYEb=1vTvMzpY5w-{o)VV*8L2mw90PHJ&Zm$()Vl%(l>6OWp1KDO(W9-(CUu71YwwWaEZCG+9akmaR@41 zbEgKO@l_QqdYFE{)&q9ng~IG6=u33|7@IcNw3qD6!iB{AxNJTf z2xTM`wI|~U+}RoNIUq1up>a1`Hm*%r!~&9~+xJgVQI+Dd>KFed45EARC$9RPG=!)! z|M2xl$1AtwY^lCCKB(8-oaSA_dr3)*+aU?QvhF;t!i>zZxqfvq|%-36IW19{1NoyOSpe^_#mu{+1P6w|GYw;vzg08+H zNH|s*%M355iA61BX|`QzdGQ@eWUnPr19r3DAhIx*f~Q3XSwR2dmO{eFkpr8N0$3Jr zq9^L1IItbbXe&hC;K`N4Lnd<%St+AE)i?>3cEf}oKr5-iw!kHbWw}^kKj;+aL)7}N zvM}*Ts9>4^y=$t%1M>@lp=V7+cu;;`e2~5GvXjp40nwILh9?o8dSGEoUAU96K5dj86&1+^(UCUsuQpZZAySIkxuw!WKEO zQkJY@l9!)0;5Ccf6@j;a4*RSubm?h}k7b`_%x|ic|JLzWP03G0zzQp;wy1L}R_E~s z{6$^jYeH@(b<@0i#!IaM4C%*7w&S@;31|}i&sPviVGXDUf1|yUNO0SBI7-;lvjP| ztCZS^4Ti>czfox}y0Dugu}ADC_q!}D_oy_MUf#iy*dzAQcY0#}(yLS#@2J;ZRUP$N za_ptufwvM!`n>Dq4P6YcD}1s^5z{Z6-G`RbODQ@9KD%T=CIj?2CSG>1ec$SXs})C^w& zi71)<$*>-g=6z0E_Eyje2>x$sw<=E<%pSr^y_`nAU@H%8J`6UmcV~7m2Y(2#(t#CVYcl`w*erAM zF0pwZ6;1%?m>-pZ!UrQ*NMXqexdGJ6l3gw+BvKXyM?Q6$UM|nkZX)CW_pF|n+f|~vX{lQ9Be_*hK zOx0f0f+I#46ybpMEDQBilzDM+Q_raMn@cBI&!J zmM0et9VmrCv0U8sqyD?USES%Hghd63J>lpR%X?G0`mBuv#o#Dd)L|{sJul647p$!p z3L9im7{sMV)%Jgz((9DdcNe+Vi4;XE9_1n9gSAMNYt%NFYq})9@gruF4xxrc{oBvM zosp{R)qXUM?ajq>X7_?tAY+oj)R%F7rF2;Cw)f6qTCW#D7m3)VZHx6x3>mYBY}gVi zZ8Cyrem)g>Ou#EG!^uEv0?UO!?K&wgNb9R#%S)S4umNsK;`ja}51 zGY$+^r<+UW61EvTqTD0HTiv}GwwY@r_rJ5cPE(q-Q7A9}CT{TcTFg}vE*g=%V`{%K zHC!YkKznlXDMl<|MYGmA`0?n``(^-}-kh%d9qVyEF*%|(B;n=5h$?JIK%uCyHuR^p z|6%r~o;pq16z5ewAPffevr97C17ziqJ~CyC@E*b^+AG~1)|1<5VqmajrcR0y z8l(^z+$`%=DB6Xa|CB6dQtgH09%(+d(%Kg_H?XMT!A&*k<$6jK*|5eD?)CzF{O{CnBl?;mZ& zVUSrP3akA1KUxqf%5l7n(g^f}Wmnzv^H=$?4-6Qt)#g{{948V{U*Wo&T(UV_2~Cly zNtAn9Vi1Z$j3IH6cFTnBnn-q5Tejlb#Xek&88-y=76EH0v>d@q%Q{iD#NrCJ!-d(< z4tl3CJ+l{WFpPeh;z~o;Ld&nljCrvYG48CN}~j{2E!J70j^#fzILDRhx?`7t76d>^lm|6NwA^w z<{eOqIRJ--xin68^QH!vjGBxR_s?;`N@bcHha|7OmB~`fA0+%vmXJ}t$KSX%J7yXt zp?3%Rb6RuD&KlH7eEDi4d|H#OE27?aR5ZfzWNl(3svxdkFlmnpexpb*vjevv|B3eW5n5&m_(*FUNfw;eYK>vyHO-~aQb>_Ne)9zK~HQMs`aXZu|c z0{j)*^jn1fhu5bhYu?xAeJ;_VMJ!}?U}B}Fg?Z}m%mQ^^g>Q6UQ$fz-p4L-0Mt{%{7l){ilz$e z>ldFqYmfclfSV0Nc)0w3Qk4kayTgxb02;Qg!M#WZTl6gJvwCz?NT^rf=Arz-xq`th zi1}$LMarUajTyf$t7JB-q~}e^3yUF_PtTf`ZkW+W8#wXon7-O-mW=a>tGL+g=#s){Pe*02^7Ss(8vawdra%}l)%}UN z7q2}m4EU&eLp)ypYCkPpw67A%X_PNd|2AsxOI<{{Da2k4*^vs1d3Yb%nv!h#T%Ys4 zM28ki8qBV>bcp>urj0)r&$t?zZ!d_AgSjV9G|} zof2RUcnl^#^G6ltm%e{46aH$n-OzzIJUPR19H54Y0f<6PmP4!k^NZue$;Iyp&QT>6 z-W?GumT67x+d6PN@d{`5`z%1tIhv~>Jhb`tCQKt{udZwx0Y>|F;`cEHXlZ}kue35U z+FS9&rN$+DMGD%4zyC{r9BHMkTq*qUzch1s{&!g^jh|}^wq4R*I^(2P*NB$A1(s_D zTKtz|wlSNNXB~WrA`4bb-~Dz=S~_(}{YPGM!%!tw10>r20c^dnB~gFlpG3&33jUsz zvsC-j5#3cH8&2hh{l%l%!xD}SSdZrN(Bp`uZUT|th^G8kb2c%H?ri-{?qXN6Du1H zKyGUUg=E^rt&KzK^oJm$JAi_#P+!sBg9r=au2&R@%W!mErIArtWOCD2txmW8{ghsP zZos`si%a({F7aLOEf(HIQ9e7lxVp$two?!4{qHLS?w7>hf4gJ-`QL!^RLz=G%C)Bo zVov>dTt!j;PB$n_DG#PQGi(z=!@?momJdG$c=RvhhhPhwyvEFDR-FlR)P`0PNHVy% z|C(PMYJr=TBvS#fOF>2q41%SJl$%QJB6tSmRS}l6HiFrgI1&`5A%uCHO1}h=vYEf$ z;(t9WlM~`fcK4N^p@O&m?NUgeO?GB&Na=C0{(0gsvkzl8`jE4L8xTh(@6_s442pm3 z$Ni**arvP_^+Zw|LXtT^BZ)neelO;Jc#_ip#)6TRtR8vqMZl)AtwKrZad#QITy?;# zFYfJ)qx2g3DNuu#T6v_2F3CRtT55RQREFL6)kT6$l;tn-AV{RgYw3J{FCP^4fKJ+o zLrVVRy!{>;qC8kG%m4jCIh_fiFvynoaUV@*hOs9iM)<$%zklTUtskLZ`f&%e7-+4;*={GIZtw z|LjFKUtZZT8G-UN17rgZG7*b+Od7~I8j#ABF1LVX9n`R6s7EoTe+8z(0kiakhkGn7 z|J4$Vu59tzk@PRvjmM@bCe`rn^6WJVRA=5!bRYNzDwvbYMpGWa8KF2J=KODv2hKdF zSj8OXugGx-Zx$CXBqIcuEbrfe;8XapK`ibYOn}T15qcCbF?FMtW5Pffs!vFmVZ;%Z zq@}*r&tvCThz7hcNN*kmBsQZt788kX#mdfN88eGsoPT7!U-k#5*Ngt0B69I~XUPA# zOok57*z^vO3MVt7zNfMQ;6GUH4s%}Nz^2Z!Nb-rBpMZ#7e98ji#<<#G`s&a6wdw8m z(k=JijF}BOir7Z_P?i5beuD1CgawDL!8!nkpidwTQj-&x^$&|pg{fPoaRn~^PS`I2 zIsk5-nC`A4i8~;c621c+Tlk%h-Lc=47)Ucfk?kuIp zklOtx4l{~M@wpNqxnpF*XKnmU<7?~LUT1npcqBnKQXW5bT6}9kHXM`j0vRJ;qm8fC zb|U$=(n6n6g|Y1&Fq8HezjEM1U`UJXQ9XiCbH|7NSsmp&-2MvF{12jrn=R zKVUB@ILG2}y8pg6iEj~SStA;ZAuH&V71XMc>^t)x42INlRtVcWq&OIp)G&_I+C|A< z!b6T6{6Z|lZ&9K%P>t`lL)a{;B$FnrOnee&T2~SYr%MLA;R_tz9xkJ;y0RILIng z^94)ejU(4$QW?kF3QEhTfZxrewbpN#yG$MMQJ(Ns4m?+0S<%Qlz{^&gcoUuz;U2nA zpJaN3Z+s-?fd16dEDN?g)TZa!XFAcm6v}w?f^SZ zHM5zQ8GAH_yI1+2Mj@r!q9x&3>&KcN;hP*G9?+jUsCV7;Fn`v(`Y6@4b0eLWde^uv zJ}i5;`;BzPmN0J@O}9=|shLM{a5EufKCdLO8nIw=leG9^+?*XjW1IK?vOX}&GY-vU z@PdCd1e6-6w`#Bb_TWB4@O)4H!YI}BN<6DtKcLzWE|hGZq*;;9N0jSk^@}rMWv!H^ zIq*5M<`?&X2oL8r?PlME9u(6n*FtmZ-B^@OADcy6AT}>GU(%YT5S4Yai}BNhpt-!_ z#A--~t#wlRr8xbvW6h_!jnZt@>h(>}LC)uTbs5~ApE>t@Z^6sM?D|*YskW%-*}{z8 zW(jK|=bq4=a$~cy@j6~2%Ri?ypYhldAY*C+%FuL#|3Nx|zbS}HUxqo%ATTpp&;Oc1 zU5P}V4(`0j4j2EjOe_3Oh%D<8IK*j`pI*@^tm+sl@BuW;ZrU(m!drRz$-qh5)MFWD( zc_LqF7QnwHa^bPTn-YC$C;9oS^`F1VjGk6gx| zlHV_315G8w;D}{6l2uf3nol%IKm!NOxNurgmC~OPL65V|R^3=+e{gGMhK_QZR4{_} zE`HK{fV(9+?^v-4=&>y1PYvAfV|EsLC7vQjYl4h&;hHqorpInGOCy~xOYhd2(-M9R z64ffs9J28LSyL@;5~wAPFC9K8bbqfl*BE>f$)=p*3iIti0h2(C+oE%ernkwDW?)6w zH*VmdNg%-uES;h0Jk*@`*2B6<2$Mic*s04k053^2xBt_d)lvzY1d@nhU5>8ug0A-N z*F!R&2Ahp5z_UpXU9K9+fs;Ut$u%rokQ6HiTCcV^mim&mX5Gglqm1rPlG#WLrM%?Z zr?V1q7_5t01aDG2!F2@h1#?K(cip1-QbK9YJXYk~qn$qMX$TVtdHQ8|;V^>LrjqJD zHs?0RAtkq`V1Ja|CoS@Ej)6ib-&9Ys{X8@MwwtJYqOS$iCQC5|=t+b%VgK=y zTI08G9L5UFA)2Ag5ltiEK&K2x=uKpn^6|Q_CKtb=FkxjO&;>;`3DcIJ1wwXJuwOSb z(?g+)ga->%J7MW&-4aufRCq%!cwDA2mmn2jyrm5#pjZy{U-`6coxB<@()0+>n z8eJNLS>#PUp*>V?`tD>h0zj7y{5lkn_jTlFC*BhJ&(VOqe-E-r|BS9H_6x1p0j_|MGQ&l6E@lAK#>w~9lsG>r9E9kt=dObqxSY?7D>?ZML3m)045M2q3`5`0Ww35>t8LCt z9r91!5KAf7t&I97RmB|o^{! zJ@~$GD5S0+I1z|eL2@REXP*Hn*e zNg=`0O%*7{@0ERucywHDYnP{ybZ|wp5@Qb|kZ~P`rVNIQv zShl1G_1}%|MWY7k6RquqphOFJMAfuRKAE!{(8> zc`ds(;6&i|a(cO)e1jSlSfKam@j^$S;ir;ipRjoybG$jxd`?Z$@_*e%|J)AOBzl=y zv`CAbxHog1Z#dn(XexfWeO1L9Y<3&oj&rM2G8{(M$Ik{E?+#9X^~_Hy`JcwBWy~slf_K zefs@wEErj1r;6h*vds906f;);D}x12aBq*{jDq2XD*<5+!rA?x72Vz$a+gElw}1Xm z4(ii%%DLQl9%a-1X54v-oTNb9U1`55!Xg6vH5PH5>sF`jun^r%ulZ#cf79$`c8Q@J7C$Gxux=)asg{Y&~fGh-}s^CoiVXSIxh6Po^#XG_14d8YoQ>0_av|3i^3@MRvOG}A= zr@^;_%-qtL++TB&??~^gRDGc)tfT*el&a{4{nsTk;)%LDV}Jsf*2nJFYJJAz@*6(B zRV>jfCu=e)*pXavTUQU!4K}n0Ub^y2^1(SpUbiy8dzK$ZsC7&o?}I1pcc*am3w75@ z7L?gFjS5Or!`isqTL{>kWRrTuO=Bnep;1gLLM$tE4%f7!p!CzCGwU&~fGm{y(oH|z z)&|stU)@Mpu0FnnV;sWS_8T^Kxp>PtVU(QXD#?EE^cZhuf-_8Ic3pZK){e&TgK5_A z44qislZ7+!ct4NKFUaU_#brQV6Jj#6D@MkGsgNK2d`vLD!|CVG7=FBmM<3J5;3Pe! zVlW41lZ&5hNl6Z=$Wu2Hf-pEfmdcJiv*&6sl(*AWWjVGaN` z1_jb?AB#of`_LP-5ift{8fHM=U0VNg?**sJXT3!au?ZU!hq1sVFy1mogG*DxE;H zwYmB#N~EYhL?SwY0(qDtEDR1Lx6gxAmaeNGIrA)x@!OqCCYb6i_|%X*)4zz zXTSwjgr!e*cA*rQQb9)3VN`*Fc?YPLw}GOzFeXx^dV`VxM3;X9Q^fUaOe#HZ^V(;F zmU2B&Nn?NGOnx8CMT+_xOcO?7=l8`wYJYXAa_?cS%6< z3ArwbWa^04G~3~%y`l1jMfwP5-?(P7R#yZFF!IqOY&3zU&+LZ1I?{zJG5Zw19T(iF zU^Rp<(t|sBI&P=WIEZT32af=p=l1a^II#~^;i_}&7GuK}(@b+dzk4LFyK0rr(l36Q zQP$=D&$Ki-D$5s4Ohhalz4DvMdVOI)Na6tJWyFVmW4Hancn@Sj_62Tphlk1>@#m{> ziRQ#~Ui#fgJ2dhuoQLv*U0bVM2Vgh+OX}WV`UN8vW)Gihgu$pOHRKGah@d==F?(s7 znOvbV=a02sFx25hG$caOL6V57lV;B(CZHTV-X8jyS7M;`^Qie6Y=)sOR#bmGas!-r ztj3cLB5jz&^0w86vBD)e$4}1LqCmsq0nVAu5RdD+!c>L3K>`nR7;rEskm!%GK&STZ zeTJE^<}AD2O@q=9sa77XR_-6?^Yqbq-gOOR9TZ(hAqCF+0mqr)%;VlvcDwtqk&4)w?B-`dv*-JuaUK;$}%%6r0#7o7fiL_n=EvC_tEy*##KMM+D#QW{Ey+_z(A;B_Pr= zw}h*({UVDHUHuixb`*$Hc8PMU?X+7|y3`i`g&~DcEKR_X?0#;_0=sVDH6azpzK}g* zkJOk(Q8ttcdUpK9j{|rPeD2Da>wSb$;XwXxIPVok;I#O(Ii&Z|%ie2hWk+(DWg+v6 zXAHEO@Wqm`(x+z{9XUR&LgCZFX_{c@Sa7m){b_gLu>z8L^*; z>H@~1d?V30kDlx!pafQ?JD+3Wg)IX5EXcL%+kAQ8>6v3sYt)#vUT3bzn9rsbCSN{3 zuy9PU^P`M8Pfq_5j6p1Lzva1opaG=?;;u{@p~`hYljOf|1l zoU+ee#zNy6^y<~nsSjNo2y5Ybv(Z#JIHgdU7u(ru9cV3(*q~3UF(&!wGcv}c!Kc^Y z`a+c<=?@uW5cE7h4K)}W;Pl6+q7(J?fQPOGm_K*I=x{eE@44=^xsbVYAK`W0xm>sp z4A3~}rYEP%wCCTw*R*6y*?SlAM8pO7CHbl~z;hUi`cx#Q;)4Ls;g$p^7c2>vZJzek zXzhd!Fj^R}4n*h({${ID0a@CDe@U?0-148|(b@vBXjPi3Gh*U2$3;G>=)dFOH?4x? z6iJ#&gMMrCVcKa7^X09eWHN{`i`(|)gXGy6!bn=*K=+BD|&nrX5 zgwPdAf>TNha?ZSJ-c31se#6~=0C%u2ruk!vYla`+M*!748-W27RGi($&zDc!*k6Uc z0KpigDIK%DGatvm+)+j?ue*IAWxCUC=nj@a6LxU#t2f)q zF>QoSz6FI_4NjR5dkNTGjoiUu768)=PCpinh2o+;{Ay5n5yh{rf5A5cP1i8 zwI?B@?x7Ghst2XVEW(_#tWt&tzhUJ}Kc?Z@GprK2JC}R+lGhYH&^yHo!Vx}+?9R96o7}s?qgC;)?YGC6MSH03r@phEwO)7C62$@IK-rM z;#S($L76?{T;Yle6R`Bz13v4M`3edOhLHb)A;a4gYOf5$I!=_v1|UaBTVx{@V)nS~ z1wCl`;=1MH6Ks7>HoSQij}Tk1=sKdP^+ZQ`b7(zkuMB=g(HPNrbqSb8OnujT!n8zg zJ*D2R{4FJSe|D0)HLK)%G-@0%`DndwDpAI?QDfe^cIUP<=a-CmcyiYAQefLM4aRY; zCmM$I($gy&d95`CC*&0;FL`VdQ-K=|deteH-#0X%I=t~&Frd_45>8EB#D#dXUavOs z+{d;Sl#WMw!v5wKY6zR#22NaWDc+wB-C$c*^BK8MI^p2ZoVdn68i(M9y7*5~fAN5> zh?c)I4ZFeSw2rgtercq$@7%`xwYZR&5leb)|H=^74UP3dD@T!L$))rvn)W=~R7Rla-mdX`P=TnT^)BxEN;%b5|LS%&vtO{Pbls-HctUn>SeQ zXGL`IUDY;9;N|rjM1rH$h>?T%ZW$^wC+tGbd2Z3aN8d&`HYoPWYyQmr*D0@kaTASOXWY+P8K3AasWW@%Z5xusl;NJJE}aP-mCp zyP!sUbk?F!R|#$6v8`n>5DkfC*q;$WZzSch&}RpQew1D8l2$-8^7TSiS|Lem)jfGg zQ+NZm^Cqk<;oZA}*Rbr^(b-lmB^c#TLG6VQ@is|J=ZuIofyn^?6$XL6p^(?qoPO8B z%pz*>!YL8qo580)a8{cIc1r7v)(H^tq(%!`anNDo6h|biRlRqSRa7=1>&CVVpeffo zsStSv^Z+jC1{^8&?Isa{2YLV(bOX+!iYe0}fFx1|Ip9hYMgwD=lTpimMX99bEc+2f zefssR`aLQakh7NkiWo?;mj8&LK*RTlZ&Is`fwrGk$Yz+i>G=Mw%{@zprB^q4*X$qY z-?XC@lCKHNj-O96^NX_eb~L`~dnMxL=vD7NLPP|RQEf+t$*GlXgL##;ie+hhP&xyr zA7ioDiNel~S}A8j*p^_ zg-9}jHCie)TEf^-C%^7J`SUGnU9`JfV^QZ_DFtcM_RBe|rUA#0$%nVrK@u#kCIWi_ z1Dg%4f&=J~NJlq?%g>2=Gg>m4tUt*8MF2b*;){C7Ff#GT_OH0)5LMtIzQuUceX%h!7S63p1R8&+<1kf_J zc}7?OLoj}KWeFt0yyA27j!qV4mr<)R0qP68yQA?nhoF^a_O`weg~n&$b{SKvVXM8@ zmvxW?GHLukEhNJ%1yy7MUIU}uD`m({TcbmF`QwX@Rm+W>Q;ja6B578UHcmnRv}VW{ zc%gw=^yQEI>aEY+v8f&|VNtGbamns(kr4qd1j0e5G{^y@3r$!=?al3&<86s%vuj(T zYCmtkI{W%TvX%JW)o*!2NbJ4*A6~fGh zU`jSLj@Tji6w{*pkhLzv)r-fj58a~n?j3qObbRgmnqS^fHc?^rM+shWcXe#m3ZnH4Y*7U#sZLDA@Hm?eujDNsy)87CfS z{nM4@8uy+BOhEx#rPVefkOD|S9b__hgn`?Ww*e->lESzy2qaZPiaho>TLKZC;%<=P z9G4LgKt(IxB$p-eZq|pak&b(8e#%tXw<)0E@Afs zd*_x-OmEFsXM9e!g;+jf?AZuNuRc{*tRS}>VOr09yfZJ>qQhTUBHH+;%wZ2Ur#Cf+ z*Ybz`tNmG9*~tQ3_p8W&BtbG4QlpZSk}`*!%7FxC`PQ?7Gg&F~x)qmltuk%{WWRKt zwPM%f|52{yojP?Jk@7C4GysweZt8PhP8?pQcr>l?hCjcNEGwQMu(-jjjTFLk{auRA ziK<}sH3$Dl<=^e&!gG7B^|7~(DLtN?q*hQ>5J*-_WMsO4SW3!qf)#y!OU?N{Nnm8z(K(QkI462wXIvsJWGM7$Ny$B&gFu9ZtGxi1XEO!(fVOIJWxss zCbnTPzR;l53M1iU|I?Cn2|~;G@k=|lk!3dlomKY;aw%|F&?d^m_AJfxAZ(B<{aN10 ze{U+FoA6k62A`34g0bv65Ooo%sKKzLB6BrD84UVb<;uyIlmx&vPh&P+_HHAP0#St% z_e>l``M);!@LO0O>CgUGWsHSI^K)iwZ(I!j5Ic~gPgyil*&!nK(0uWsQ5mCkeP*(p z)8hXf>FW1Cnd|?i5O4JhuULC-tDLoGdQ8)GnTh!mBZ+4#%Z}$TH&(wT`y%V@%r4z| zlXDbx=3d;{n2JNMZ+tX^T&6zPg?yOem`p8jpB?pPzTw?WGoNPO3ziUsGq&=W<$`*J z#XlaWye}5@DHLD1NIl}xm53iqIAbhOR}Z6X$tt9@v@qi*lWdi$8>~4uI4U)hGbm$} z=qBCz$Ed~V`ETX4#FZa*CVqW!^ANW7#ja`U)lbe`+~1;m?f;ai;q{lTS1FF76iD(A zsJPkYHv$7G{0Sf&5UQZIqdKs=SO*LE#{zKqDEjv*98`2z`M(hte+twWpDlo{7_~O} z3}`Mn^435&sNuc_OoCYE1U!0JzoxJ?Pi~WjQUi)p@2bzkf?NS@VBh~{0u3y6yIeya z+33Hq0zf5P+Q(58QgdGYJZ$I%bKY~8WV z=uYM*W#+L0wiUPngyW9ESD5W;IRI6Z4YvDyX8i*Q#j<=R?#`O}D3G_@KiBJ>c8UGS zIpgZg>y7rffOjGPWU~TRv7G;SQOHU0Ik0^-ue_fp_g#g~sRdtc+2gpL7F!Rd8br_5 z9h`C8z>VC*&D@f`z2{|bC-UBvMa*bZD?HrV@NiTY*n8}3H%tqqEsKJT9Z&V-Jc zF~4Iz&0lJzx;{b>Yh5_TjyJ9jd8|G`sor@+T|+gLduF;n)F_%aA7?hwDU2{~gj_g6 zFrDYH=6AGf{*oiPP`z64hN&{b5BZ+M`5miVTpEqwSLlv?E*zBF1{ttphVwh-ZE>l; z!2b*=#-JOVbgWgjH{E{L}N-BkW$(DZ}lYNUX4se2ost5VwNfc^;WLs3xux=oAK#e>R`XLqa!wh3Et-5WCF8V^JxUV0NwUORcU zA1{0ZKRMGH4o>O-0I%Lzzn!3F7xqmur3+JY^eOGC-n&>y-eF2#ft3Dm`Dm?DAN27W zNMfHic!lKC*(m{g+zFL&n&gLI^ih;h@*ynMOPFA2PPO*yV}qV?l&>zL)M6ZRi0_zF ziv<;{IwU^qrg|5;JU16B<4*OuI^N$J*#c&Ggsj=mI|XE~)#kmNJx>Dx53*U(ltk#rcZOM_dH_v(80qC>AxCfY(ou(w#l=>e zAVX89KxA{3c?<_wAV*qd4)+a!B!FY`0@Dcg%ck#2Am^=5OxegE;S}_c+J((QPe5uq z3d)wSEsk;!iq!TgH;HXh)iX}`tVsk}G_MW)u*<9UKttL=6X3nPn%Wdr@TkQ>j_0pB zyc(HnIeb_GNQyeK0u+E)j_D1EH=gy<^yQb&R?)217XWdF*Y_}Ghc&ZVVSbRVXh=iZ zRgeQ}5_};Po1Q8K;TScNX}a97Adyh$a~Qs<)Smb5ZfBc8Fcrh^IEu?K!U>$h8JvYN zOmGgD?8SesLH92iRb`h#{99kOUZ-FDMlK|_*0^Z#aLL=<{?%;P5SHNX`Mzt39L z6M*yH`EQDT-gJ#TcdB5QLxXP$X`fZw-7I3mgMhI(na2mo8eYNo_9Xz7X_StVj3WJA z#1?x8LoQl8F1%J_rTz}e+*9+Ba`7bfZ7=M-Yv;(DMIvrk!uxLuIwW@geOFptfQ*)i z;cUsNcC8~q`30%p$hv%`r8M;DSTY3|IXaJ949Yt)Dw`cV@3X69s+>;PbzezaK{M9s zih-URj2J?5m*ul00gpn@e{Na-rIvKO84L1@QEm!N9Tg&>!=+9MIU4?vxKFlS#rU$Ame zbuq2D=vs!Wy7?%x=w2wUdUz|sZqM9~C4b|8ia8g18+{sd*>^#`qH7x4E7W=#tL@3z z?S~%(y|2R>Exez7RIJ>HE3`tsSY46(A-yVpf3HTRdJY8TwMt5&^eZYs41*_f*lL88 z`_fH`?_&AhDVTWKP&V>zsfm}3W+Q)8sl>~Mv5_B>67jM@FslCmS=AMS&=^B%rEkx& zr=Yy=Gh<{CuH0vCY&T8Yn?VTiHt<3H#ALN{y*<~}Eoq9e0S(>-bt+nVya79|c~^C5 zsT+%~DY&XzpzDh6@#0yJ$gYXVMuSoR3A1X>Aa-hdS)3_j0}nFSvtgW)%tO^!Kp6_x z^x8V{Swm{E)hJli3y^KlGdG1jJ=^*?FR`u62M(H?1~kL_-zpJ<;Lg)?R}kjIqUYh` zJj3V4)ky)RH=tLQkBA}Cf3VdkxYXEQ^_|bjP7U=uJQlzkz~nH$Z47U~Ee`tPk9ATsDhxG9nK%o^Hg}~(Ia}j zQ%^mK0QUaM#4)VD(`x7)`gb`TT9sa)8lYy>4Lce&ptYmTGs-po{itH~S^Xk*Z2Q){ z4%P76_BxbKyH_1CU1!UV>|;rd67MVr=HU*Rx=e)fy3o5yE2GbIWx{@VtkxosaU1{# zwv}XXka=R#_N^t(NDWl*EC}k-N{;qyD9nW2CKZ5Y)9nwwLey~5QIi+tXCHe$KMexm z)w`9dswyq`bqwt7k+`hVjZZ#ZW**4g<<0DicC`@vRX$8m`$&}?d8~eFnMEe=r1}Tx zz6rKQxdxmMW3ow+yBZiI;vO;+3=+8PXR-~`IAbwbeIsK?!FR2z|KC9zAUDtBU^&;4 zoy(Uv1V*b4ua?92tqByigI>(P0Dif(W&YX(uV3qtYl~}hBqWfI@}8c`^8XHxBji`^ zdD#P>{tjKf>gMD90iZoT{zW4#l>Ensi{33a#&@su|F@0H{g~(fq@ksLxa-3GT&)1w zht0FowRTC;99CYt2-4}wuZPHBa|P66l>%YRU5^6yz)PDZcV1Y+DA)P9{y!pmAT#;m zy5mk}d1BAXBt3Psc@EChrFfp59V1Fkcq)r#;Y?~rSj(-_+l4Tj&2`r$c0==kd+S;bKxad zv-TyUo`g1U`b3wOj&tPn3VnikIjo{mluKy=II^(c=xRv(LLz{E0ZjP4Rz4DcY3Paa>1RN=Y$K@_j$l+DOgWauK(}L?|!o&#Y|vamgKJoc! zOQ6u0r&Fg$nE)rAwZOBzN&Wke;=F(N^^2|~7hkcoY0b(svlF1=Ig2I!p8>2UBxJ2a z(Qur>Z(w`IWY?qEwdBa)m|~zS!Acct4&+&PwSWCD5DVfmmQwE*fPmP0tVfw?Psudy z>xY(vj1A{9tu1ao?$T;>ffz0rjnXevrd#7krMBN17KT2Z2HGf9XWC)~?Y>LxnHDz+ zF^ARyYD*<&ay=sl-DnQ(m-ka{Px-k!9|bwk8~2M?=nQ#*T$Wnm1!8jgG;>oQ1&Kq= z@ARI>;jxt5kXpsgPd_7>yYr1S%82?y7MHEhaCV+p6ewF-u(&|z)o(CFqK}@N{;Vdc z_xG=Zn8xy!YGR#BovTmJNuRdmGbOLnzL-9bgL2x&aCc`i0fBHuLbO=BJd&pi5%f@}l*RCUgn!#vD#Q z(?9C}Y*rVKR4f5%#`ISNxyeV@_(^M`y4ychpn{g(Qn_kvmY1*D1@NBu(*xSala1d# zgS&KKm&oo6>(b+k0wcS0F%u)gPJKb&IBIZuFeH2dAICgqnU%MDY8+8?52q!!pZf0R z9y#0JS2VDpqh`-)=hGuqt-$8=tQ{7}D#{9~Mk>ti-{_dOd8;W&Q>p|EVI2i5ITVu%eohr> z+06N9WRcR?wElEN^@+-aRLC4MLKmTL1WD-AZ0e_})FZ_-^^+g6Y}F8p{&2)Nu&^p4 z=7z>YEJj<@#M;uE+x(+Hm&`>Rz4~Gogn&(BD&Tdg-zm)xoLkXXD@mYcV`AUe^<403(5ppYDsz; zdzh)K5>wWB-xVi>VPtfE|G^h-tGjW~NR_`}7M7 zsc=N@nl4|DF?1$yrY(Q=evQu@84?$tM$KEVLpj;`c<&*9Z|oZ2vT*$!k=<4|&VX!` z�C9`zg^%TBxxmv*}JUD%T$iM-;C=s`)cR2W%JX_tI@xkJ(BRI zZenB~XZoj?_S*2lXPsM+dHNzu?2$O|f#Yb;Bh-pMSc@4nc4SzFj9S#}=B;`gt|vzI zjOw+FGNNaCJy^{2^{IOA=fm0j)O&kFjc@h{>q%~+b{|I*!@_Ih2A^}fKs!?f>bo?4 z)5)&>MMLf0M6LBMU>9`54$9YkRab1r^(~95pO4q(r`b0yJB;SNnVHsojO<`|ZTKLL z`9T(dmzLTZ&s?MPlg8|$Y<-_5d>hXi{I&5X;|dfEe?9NQ-4Fqm0-`SvJ$ae3#36oLP8HZ{?YI za*Hft2R<;Sn`V5noVhvm(*(Er8?Nogs}T6E-d-8E&$VC+G%DRTo<^2i1CPPTtlRC> zB_p)cDGNcuJg}Kl-KR;(`X9xZ{k-6f)6Cw0e;6CoB7@AlpK0y-Oj!HjediQ&IWx@p zszE_#dr*w?kV$v5Dff_-)A>#y_PbGESH{fbl)ZsSd+zXPn(F)?TSE5%V5?r=k~vk?nM3t8os*+O_a~?b-pl#F*`whH z2XXTGJrS}S0ReF;&9`7c@HGp`hv;;)W6OleIJu9wiygMuUgnSo{+e$Lh!k|lOVb<% z!xbUStijG$3c|=nA-9OjhwCGba4#YFL9yjC|u>M@JD#BD#XOH5+qkN zm!W9h7Mp_)tt=)cxZRm4hg(|3&D|ftU;}Iy!zw&I`-+7g0N$X0dwg)lnfQbFWdfR- zkPm{@`XHMF(7(_F^H4o!JqFL%;jM|s8+R~5fU)@zOM*v1pJL3TTs9W{H6D`neoS_@ zaX6ihlAKY-wd$y}(QBZ!I!Mq&)98~#mCGK0+QCk@Q>{1MTLctvoFdR_v5|)K3piE) zA}9xna(5mjVBl14h)zBrq11?}n1Kp2Jgg$sT_H&@6l6KG0R@syRA4XkR228p38DqK z`WFF#Iu=%}QqR~Y+^ECK*9H6KpirXN2y0E9-s*>#deai5{@#L_#KqNRX|AZrsRdkO zoau5e$kQEq^p?~k_wq_|4 zDNUp~8ls&tW8Gt^D%%W)uO~+s!F z!cJWQQ{RA9K9SJt#&P5U-%w@+N|`%;sL3w6JF|)7|H~(|25TyO540L1>+6W#&XaiO z>S%PPY-mBo_g>{l0y2d{2C;QrTTMA5SnaEe{5m8Dwlr>agSuArlnWv)yDN*0FUsegQ(^bl1^c?%=ddQVegjn48gFQ>_<1d z7oi$=KcMz%MM?>k04Dr9D)3gx!X@F5j&j|DBGCXwX-B(^^#3FlSy9xBZ)gG&fzp4+ zJYWQqU{@YqAHTQ1Dyj&9pvk7eUwZWHR@wSo9O$74kNygjyPLe_<8p@LNO9zq54bm>P9>R z@4z=;0KfKjE%v;PBtD;UofE*?8gPbt{*@&u9%UX(QZL@m?` zXm58P*quji6*6-Bh_Aa!$zq?PH>IZj>TVNkPYJZsOVJK%d?NCusk^4`Q+nF4{;@kV z?x>g4FzsU|!7qZn>*o;yA_!Ms$>P8;_R3d^xQ~v1ZBIy62tkmwd2;^>qREQt4T^*E z656KbY_BPl&GCrBcxWr+N1-_eMlHc$87E!CV|x}?X6dPotuHN*du_-NaWI@Y(CARL z8NFp~#3HALIsUc-G8-b3cG9q+k&_g#Sv-c=C*en65`dVUFm1%*zC9cH_}t$@CFy+! zcj@;MSdlAmr&*09Bq4DdXO+@jPV>Mq7-O_`W3CerwL8ps=E~hHLI*JMCe-XEk?ty0 zoTN}Ft)+3CZe>rN$sKg3DGqk`h5B)t{7qzXSXe~p6MOp@#z}1}Dv~OJY;Tik*ubKs z*q6?yFGQqhmXXf)k`6JqP@x*&Hi}@y;Q(61b54E6Tn8Cba&W(7{LM= zh`mZIxfe%9dzu!J{1U)}N_YS$+}7JS)<(lZgZf2+&z(p`0{qL3~`V@00G# zI<)F**E!V1^=DCZds(@33W0&)hGUk$DKb=%dy7t2=O&!sDR6}Lnp7!PSCIA|y=KGv zN3mCCoYk$%c+3L%c%~NB2jfNw0x*->+Dr~}n{sMGU^DJRWKy2awgj$%)ufELBMouo zjRRr5eWlL97(wOui}-r4oL&3s)2O@YG>iQ!7mL#t3FxLlLAhUgaPS(hljr!-ykxfK zwswDS0vmL81<+SdpMd^$NV{6(Q+Xdv6)L=_`nI7%_R`;)3=O_{Yt}DTlWOex>`6bh z&X!7l1eH~n#juIivV=AlWYqQ6s1p?2a)|?qO<@D^+)xkNz%~>{z*dZft)-@%jf(mE z&aklWrw(|t>wJ3f4RkRP@p0$%151l1Y!X}H%BO0n#@J}`fNeo#HMnUC%YfA=M4wMB zxKy6#h0_s7as+y2O6#ThkTt=ksO`BR8H6=x@1s#UuQq%O!lJzA(o`_ixx%+x)?bVp zu`PXbApySl`d_?|zl#1nMyOH=eF)(6Y?gu9@22ehd5BG;(x|5l%B0=p-`fT;i34JE zAB+_Q5iUBBjZhE564R!%kr5;IQUjxy8*Y9lIQB>4);6*fxHc56`{fq5_C$0 z*pUr6VECkw<5`n-%K_^62oM>@Vi59r_t8sfaMtP|S24gk-zE7knP##7B@+l=^SyeGw9dV4qTF-54$F zsvdMTbbO!1rs1A>m9y(=-vD-fdK&AF(p471g`3H?tL<< zkZq`NJMtLTjrF7$mq{ts!FwjJXP?aqhUr8@R5;49yUnjN^n51k)U^7#7sqgF?-4wJ zMiI6ln(E<(R=LYCT%$W}i=cWkbip>|R3+|SSHy|99jn@M_ z4fG#Tl}ctOB+~^A;i)nbRZ?a*mt;#qT*U2%3ou!|&J&e}+VDg%Y-DJXrwGmnqe+~z z5bi!>AW2FxFAc#yC2%m;-++U+T*5m(mj+xye#ZwH4H0Q++yP~*GnOdd*aqDypk7SF zsnQ9tX24h-?CX0(-K?hole;&e`5kRUTcA)jl5=*q4;)fI#j2G1T<6LTKgyClp9@w& z-O<wlM4Tj|!NSZAz%};PTvoLKHqhi*kjgb{nW7rbN1@e;{S;CT#ZHMYv)Oz#0eyPut`PRwK=`LMQ{YpVoq?Sd+HUA#9>RK9`ec zx3L=+=J^>FSg$K#D~qI4keJ_AwB0>C44Q^M5%iYe3{Xl#uRMK+W2T+%1LrQ7-|4M3 zM7b=$-U?vU+L)D&xe~Bv>kCpD^)-X$D5b;F`BbZR00X*CWA`eFuYW7VT7s7>?jB`Y zIBE^`59Fod&{o@)z+i~h-zs54oGbT}x;pi?cY^yLlQ~DjvfQ;nP>7*v6~J@ zpm|@Ih0N^bKOE1|C0?KkM5QXJ_HEKrNitHfyDvxrq9CftE7B(4JH!GDi)%T`SGCK? z;U5s2bY{%v^cW`P$?3XT@cn$LR$b8j5b0owwZAqwH={8T4?U5;=BoKcumxdTZLzk) zO}-fpbq0V|l?IqmKFiM}S#^)rl~tf^g|6A^0g}Tfod%I@YbE0eQFYG{c-y-gbuMk_ zFuz+5qr6qD7BD(vcH9M6w%z}^2ubk#xZQDyQ)N9;WO#S4-Bk90T{!Vjp{tM~Ccosi ztNLiT^c>;G;dVjfV!PgXu%itRyMFsuZS?yc)35xLa>Z99v+&{ka{kE9kg$P)fL8e7Dx{A#ile3QC}qGDA8qmtgR$vmDG z&Yr_dvPzhMYSDR0nHo$V4gr#3u9IlG!`-=qu{N4Em^Ee1h)7EXu->6)!g(8V%!AYm zVK^?!od6cPxqqVOP?L?)L3Ylgo0~Mk7+P-{IrL!OBLceL$X`2AB%$8j3GQce%^% zvphe%atjQcIuovgb&niPn)o&5D()9CM9p?#+b(cy97lw3bH9C+Jv7D+jodkpFgWr( zLm@KqT=9py*o=5LMvNAEyaC2$IBQWFtIHFp-klt@^rqR@M0l@XgO|=gc>>~Desyt; z#E#m{3~gH@c))^ax1m)n#mpS$VpIWo zy~M++ohYI^n_bKs(fzQPVMcI}uUyQt@uE?KlUoj>1ILkj`I50gh$I5K>#&X>Z*1x} zz%1n>oOx8F*7-QHbx5}k8Jb3l18G#1K=Y^w5?A2-hH$xWZiEoiWz$3I?dT{-A|wc$>y}I^K@2gS-|yV4?F4y-}`I_Gxh&eupIOaSKj8iRU2w zIrIDO`5`w7Hn=$rBdjrY&S5#oKKTK|N3#0OUP5z zn8{XNV9yGf1{ow-2roz3%p$2L^Ngxa>B5HJO~=gN5xRknyb?6328Z?OwF?NHy?wR- zws44519%SF(Cy-a`(L>>H8V`U3rV^Ol|GwT**gfua>xU%7BA|GJHAcriKJD#DwJfo zC}g+QmcYxr#LNZVBXsAg-!GBQK=))@vq}|mn@v{N)PWAQsH!GBdwdZd zMVUO{ngXPbb{C@?1>_aoZTqESAh~!S3JOE0Oo(^QXg3J|s@`NX^ykrg{r`A3Q{aw-#^Jr|_^d#z672Au?mH zsD4oqukOCg4<5^(&KFBK0Xv9xcfC)rgG%YRe9j)5IdBg1#=ME$Fo`LrtjWr&J~0Ph z63@#U_R8*fna-zzsGeznol@}LIWIl>?a&^wJox+=+Ic&g2U}Jt9!QTm)ChqyNFvo; z7V%mn)dk7GE7gpa0MX+fHDYEZO+}DZxRFCpNy_F|PM^Z~p%J`n8898e!jQV`RA}tW zk+147kjuKavT}g019(XIdp&;^aS(~JhOOMum$r)9V&2`hEWOt@Dv5<=e(-qLEk!b# zM$?p)ncOWY6&(d(y6R^k=N9?qJnjpg^++=2bbDb6Z{z*JG&#O^r#JK6G{8r;sk`5SRWYwfNP=>E?&# zK_q)YxIF;qgApI|SQ@Pf?aBehq1yOn|@HdX~Q z^pk(@w(8>2yJWUB6`<6@3@*m*Fh<4GSe-7WjoPie3Wn6DUVdZP7dWr-)w1FDVqHxQ zPk3^8opImU<04-SB8Kyg0aw4#K6N-kC771gM_%QiX=%{7_YW$fbQGD}|e? z@dT;_y;u&Lai}EEU10z-TM}>3#ljL})f|jJC)<6bsHj$?gGGrE9KBPmO1>G?8P#SBtMpy-n~0NQrdOH1FtZ;N?Vm!F~4UJti*s-G|^F{#GrKAaOX}K&dVd zu5F(_!G>!|=0vB5t1NReV@>g(MpEarDksPj4W$v4{7@BufE9q+*H=~wcb*Gbgkjnj zs!iyvKL5)%0rt$}#=S_bW7Da4Fvy0QZ>H+q!2{%h4mm(Mlep8rA z>8u?*BJ}uLhn|JMPK$0(;`chqaK|2(YF%XM=Ugt4Z%Rj8(pw+^A;3-coqqaP@B<`B zeuAp3S-61!H(Ot1B$my05hL*3;xA`m3BSS)epP>ibN1B3*V2Hd`euIYB6O$t&)d^kMaYA_y!abgF@nh&KjPe*cw z++NYDr##?_U*)T1EsWR>04|$(T6qDS+77cn4(lhWWcMzknqm~U z1w&}uUJ)*^B3qS0)acrWJb3GsA@n;X*%)F!dqIh1MP0d@G>UiTw49?D;HC_vTT(^9 z75WQgrE?d!yCbZF@m6~S@K)On=q24MCdEja8+*ft#f%z zqb^J{-d{QZ>Jg@zXE%Z4laJKi!w9aA?^8YIDC1fk-?TYXcQE#ORFm>i#%am^tcz!$ zC=0NRBnGRLsy3cBEIKK{Udqiw2+aV}?B(gI8Ym;r#(F=Ti<&ZmJLMu6JHToEd$<(2 znz4lF-e@d#r>U&kf>aulh6bz##f7BpBdSLh15`%EJf4-TNfUx_SFfiF;*AJkqr~(P z3*bDEHVx@^j`j$JaxJhgUc=t4=LN!0i7sFrTD9>86s0HyXv-t6VwUJC>EFUM%Z=Wy zwfag~z^t0l11nJxBz|iSdza50){f2a;ZDQ_TowM@HFqKz$;4pF6xBiyfF_*S?B&19 zT$Y>vlfi@R<6g4V_KC7dHa$AnyNiu$mOsbUDHyhUxLUpsuWE%bs3j=1gYdXXn?{nJ zNl@6*W7_qbMxXlE#C1azCLyT?umA6Ght`ia- zt*Gs*3Pn_pD)(x!1f<7U-L-MOJBJ#DG*INDNFwelv;{oTs(DE>mSOtBS|#v#e)GfG z6|7NB@8n!%K4jmK#_(4%Y{?W2CHoUyz*CBr-iyOlghz9vfZZ$4LlbosH&q&F*K^!W zC7RDXCkJJac~xZG9pm|*Gn{HEl~`_Q zv29vbTuiV>=l}+#Dmjz1W5U_}BjraL>*b(2&&tc~PKbT#SLB6m9!c7!T4{F|6}xIT z^fJrQ3U12;wbImcUDP`SUFJjohb(jy+y@t!BI2jJu4rp;TbZq;PSQxNGaoR3Z|GA~ z#7)RnW;tXiwH@fx&@DD|pvAUg!fK2LQFQ}?XwXO&8L@0i9C7J7p_f^bTYmGzRT>5F z9;4EtX6vX9`$^HEYTlfvWZFa+*D~SFuks_k@oZKJDlc6SQE{<9;Pf4Tm(Kj@4h#jy z{A%$_@GhfblF%oZOP}F?{xPEpaOWJHyQ56n+5E6^;!Z_g4Tj!k+rjCSL74(i@&mAi z%>}?ewhEc~_31i2Mb6wbe6fv2Fc>#;RGn1)J)R;Nl{g6L0#|MIo#T|SAdRnr zp*mh44vRaJQd;%KZmjh@kYt~Lr9?+y%BQ+}_1bK>)#t_@1n;uv)_mrJz51;&KOgst zp;Y$gaiq;V`Unt{h_y+2PLlu2bR4yhVI{P*%d|Y~=l1q-vuk@fvf`htj~dq6@Wu}hFrQjL>5L6YQjz14^H;b^J2?g-!2_EtMaBz)V-(VZlU9x^*t(fLU zMeHHIc~4Y#sVG}EKsUHtcdK4nycCHi+YBW-J%=2w-Mii=BOiyWa2=k*=hYXx_{{Dn z5KC2!<+u!iS^DagrvGW^9SK7oQoyEti#-kSfQ!~)Vff9461ds!hkJ7jf!R7&Q;*aF zL{H;zz~{{rdq-8t*B_;`&TbQ14XpH=%GV-dwP)cxXR|h*j@Gm0TiD!m)y=wbXF-$R zZjxgtzgLNCXp?(;E^-HX>k0?7Jo9Xn-0o3Ch-|(DdK3I%c@?bv#dMJ^3LGuBrA}@U za1q{B6a0_fzL}-Vzokfsec#znr)ieE0%gxbs#iXSFuOxVbD?+1-r9p&>4(zT| z?Qb%4L+vk_l#Bu zSU|R`ZRj;rO79+Hj4N>xLh{B2I_!hqGpA3P{q?{c<~FFsAGzUZFdS;=fv#WhpxO~W z9o?UNU*AnxKP;RQ{^~&m)5>^SRoO}QiuV~`ll79wm!C=zr=8~|z9}B0Y@T9p7%!=x z))mkmJVmRp`e)_;xd;e>7w@>}mme6NT*mwTmvvi4s=}T@AOIeY8 z;sAUyPXMRPE`e=;1}}htT$Mk7hKXH;{6PO!3S|%Mx9&;B1sFoFupr6vPV^DhQ%;K0 ztWI!H`MgBiq*d|zC#x1wxo$~LVQuOsBb7PX$$fX&4}E`7@LKYESpvjk614)hZ&HN$ zJi;Xl?qB=}kHKqSe*XoZ!Eb`8^uBCbSwA2I^LH86eE{t z$!Y8S6QLhV)n>sH8puz8Ud9VzyDdj7uGUe8S98%+Hkv1qgEi$NuGB0~?hTTkvGnx< zm5_NP!++fMWK8mUrB^B!IvodDA~orV z?$qP<)C`;{L?r2rG;;qIQxcxTukaGahB;w%$e;+%d|6j~HGUd1X#11A`qziQdY2wi z)wE55>-1)1Uxv5zSP_8zSHQvvg3E#061@mjnS649K38?l3i8U6F~x|VnI z25;Q4n*=g~=UHDV6~+5?AM{lZ^6KCD@aLl&AoaBYpXEkU{g=9X+uE%*)W#V*wfy|K z_NEvY0)I|eoDzawtUly9ur<%>%qcMj-yg_3ygqUNI>A?P31WkspgQPE6GT}5+k7?s zG|eb_|N69F(>b6@-zIr0ON%nHUKmg85!dL*bR!I7!3As27_E(_I8&HJPHi#0&Zh5D zv5i$c&d1ySIM%yO7??(c$exFKKmQK0fy~q(PR%+d>`p!3iGG0eVbZD64B+FusSS4a zBKEslo5RQS2I_FE(n`JB`7>KpYOeY-^J8ETFNgm(0(1O#7eYdmE4YW-h`9VJe$dsu zYC#$^sHPqkoRJeVi^7b%+oa9iQ8{|OB$rEicfC+E;CHuH1x9}25c8Ul( z?BdErPir(_4&U%DL^5J-py6S#CzV zb-0rOr12#yEs(8Q(c@T==%{Xbk1nWWK`EPU=YY9w4f4~E85*uq$4-YIUhtC82t|)C zT~D*)u8&&xxa-*^iDj!vx}%flQJ7lq^Ac`_>5$&Td8z9xJFCv2bL^~ZHXAzZfRF7; z9WVAep)+?%Jd`Y8WS31BlWOubBD>2Y?tKAz75wE6G@c~31EQzd8L5j5_brR9x8+DO z4fP1S#V*#55jsBg!8ba=-ks(>LI7-Od!FW{&klH)fDG4Q!x`xKRM**b&Ye^E6li!2 zJals$A-)N$xAh( zIOwq+jWL{p4!0dJntil($KL`Sw_m9Vf)NKB1q(CKl@p;Rb)93d|5W?_%KwD$I=b*b zSUF0~nVpYLzdT>~uW0ZeIruM)!baG%I)HEh9*zLxyslGps!sf9zhL46Gw>082xTWi z)vDd4hrNwIo!UjT9+C-Em1~W9m5kfTd~x3X9LzVFHc|9hII?seF2`g90EHed+m8-)7h7b0LpL1{~U(8ljHA}xOvp1+F5a@-z@*P1*ek8Q@Es*yLs7K zvOj8blfhbW!meA$)s7aemCo-1u_WAE+9NttvoZ;4^v%_z-PB~VNlnUMaCU1tvPU#- z6seL)!0VM|K z0WX$HwA%?qC)g&3aKX28omJ!ZU(HYaw7fgb_*~biYK~;iq$$^NHUl1PKZG#27`z{_ zgyrDp^;M?>j!UIr0ANpg3Oam*;IxP|~z5R!SPlHbbj`KHsD;lhac?U zdibXS#{s(mhXLCGSFOWwlQ&$-pycLZi85^-7xq)ri-Ve>qniD<2J|&!kKr^%Bm!tW zoOW_(Mb5k)=sUJNc*P{K$=%9>KT(?B!rmpzP4)tPgY6@3FPO4*I3s5+9!Jo=kB4!& zTYNNW87UlRjVM0WV-m62t?RFvusQ%b4Kl3g$NqIwQAxr0*}K_H93+q{Xto+x%O$69 zQ`L>VxRMK@?{&P&VjYVVm_JR_E~+I}5$fBMVUj+EUGMTLWlndVOJshQd;Z5&uK&{- zv>;NQUk|Dz)FRBqC3@&#(3^tFl0%_jEUi5Q*YYJr)Y<;3+ z)IRny+!?9xtliia8ldXiHr--uC)ZmZk~6}-lyQs-1JdB;PRA5KC+BjOB7NWE z&_OvcRxMMl;>yec88J+_i;)MloTgE<-3hxd%369@T=6vjfR&&?%sB)ryGTQ|t9yiM zR}6XAX4k{lSPPO`Lsa6DSRRhD=Zw4Jd2L`60cE#lu5Dv9ehUrNhYd+EGeO+UxR58O zC{v*1kFyB@kW;W1<<9KSMKH(ihXZIw)8H1}brN@sU_YP2x*aOu(})8>PDNCU+&3MZ zWwMP)#pPUk3E(DDqD>qcHgN&ML)QI+z-><1zWBV^rZA%*8COqk86S&3C`NZ4B5O&oNEs!&Ucp{X>5UZhT2m5gb|<6e^LPaDtm z)v03DBiA<+aE*G(_{c6Q(n4X!b{T)&>Ss@iwy*&nd<66t5gWhTvA-l+?P9+9@kyow zi|eS|_J0(_^2@cJQOlQbJoG>JqgySZ%-Soflg+G7T7e9m390@>X!{ec#I+U&w5I^%4|b2)7Yz}Usu_zJ03N%`n-eF{@glEb5$ zF2@{mDF3IGOYs#y=HlXpPj0*vQD7bR5a$nCGh1#3T319JQCs%}5g@(wY^yVtPzxrZ z(f7Dek4y3%JtPNKkA0SNeMsW-xRE;Pb=^hARH|$;m~2It>Pbd6kDS7kVYWgj!{jEd zK24ERLfMT&GFvhtaEC|suo{cZ2w@77j&NGxC9%a;ik%O1{2 z7Rv|0V>Q%t%@WDYdM;3MEKq%dm)kDLcS7UxufnE5(J`LE30PKsv z|AT=4tAv9nCGi6#?>Zsa$w)>c`^w|UG>?>En7*>4AwT0%pGON;EK%=PT9k|lf-b0FUDe9M@$C&7p~oh zp!6LQushhJ6me#bWkz#xQ%W({>8A)g$HOwExN#sdPdFu5+ZM=q%jcX~+5H-qN!H;? z>tA^Mj)FfI_Mn#sQz~;gzmrqHQOHEY4vnn%@)n(=Xk?;QovkV7$yGF*?Q0*j-a(H+ z0WF7)6FSx`dkZ?AX~Ty$);9I!baf>fDYVH%>mkXF1%7N~)~k5wX2R1nLQ7_U6r3+M z^-TtO$>`9`ZM)128R;k07&gA*N#)F}yEW%%d@0sG>u4!$$-rr8A0%2hZI zS;5{m17YckFNN3|T{g4qXh+*9>{=DQ20vHivnN0Qaxs6_*{G2Vhfx>?nD;*{x{_zp z+>H!K!@~Xgu52p^-(H#8n%MPjx(pD41HL)oTwqWYE@4K((i>kX_zp`2wx2-b`<`#K zKSF(Cd>i@WvOiE|eZ7`dO{sm|F*&sf^uW|)Jg~2?L7nxHPOWIGQSU16$XD)Bc$h+HB+aHL=@oj= z+*OW$d{3d)g z4<$7N>flC}`=mwuL6C()R_G@-x+?QFhouN!Ar3$=3w4?eav%oaMVjefwkIt`DX~GS zk|rQ3xe!-c&V!IJt7|}I;5T3RC%@6Cr^Al>`JSP9p34zNd8mYEXm+qRW9(~q-blny z772bbfbm?O^W`qxJm1TOBeEqmPj7?5v`Y>zbfj(J;W3l&y%|v^)#v$h?g~1h?Ao-- z$MwYcX9a8pSzRVvjS5B9$bm|D6V9GGnBpF#Y!_W{BdTQtMkxYqaKx@z(U@~oj1Te8 z*XXN*<&dE?RrA7#5G+C$rJJ(Z;1u#;6zU*+&GjFfm~JKbV32LH-?>#^Tq?I0LA%0* z=L<=#b`#IX0j(1|OZlom-%2LLe3@kYb+9_QcR|s>L!q-y$6>XgeyZxTf5utT-Xve| zb(DOYvr+PSznwdNb0!0}!vC7fwv5S#6y&?=+W0sFYEz6~?Omkc9M`FiE(TKNV&g9@ z%f>d!IMLMV7CXXyg}L$nhAF-eV==BE0BS~|locQhfB;B39smQR4jVt&0i*~95RC^w zPYUerf`AQTD9UEsg@H^vcPH*5!BQ0(+RQ%rYPldt?P4ogDcYk{#Vb~EN)sXr(PfTu zyA6@6k{JvqDEi(!B`H#7#>t}z6MQeX-7wLv6|Ge5v?glP@Q+Od(KN$jX4}#8$1Bpl z5$U@C|H^j7gG-8qnjK=uMt0mb+K@d=fn2px#1ie6*=5Y8qbb@}iIy3=D^;r6J0O>>$kvKrYK1}?yl@P;9Q6*aWbF1#LwcdzcX77eW{$J zVaK7p?MWTwPfG@cJw2_CbjAT)UCazr#)SxcRDWxYagr!E3q$2`QgLxU7TQf|O43@laWeNFv?kh(1LanJ!<%vb?%VY!m=2GA zv8)oNnLPpiKjGW*=N3M=A@j=L?sKb5K^o2=sFE-%Ie00{6OMi&5( z{!@TI_y5^e06@h5SC3MZ2BC4W}W>_&W&5~ZFiWiFA$yw?>?P*q!EC!4d|0<#_# zx}TdNw<^P|k+rXIRpH7)f0MKnO?jcbMzXa)v8@JfLH2*b>TA=#QmIS27D!d8s4I8= zu_jkf$odCt>6+ZIMFb&B0D}q!9S-Yq#aLxj%31pG)Wx+<>CzvD)eZJW`rna^miH*@ z_^IISKiA5h`5W^oi#*-UqI6F8Eph;Kx4fv&g`Yi$aTbqP^Pna=iVW-=KcZJbTg}6& z-!FW6KdB~BVS9D0{gL4rJ){TL8EPWCPEjT6B(=zFnq7_XBE!e&VKLi_=!D&N=Z6IA0 zm9lel`hmEEgGpj-nC3wV@9FJ-5og{TLmmVu#}3)YT7bk6qP-IT745B3UtR4@5T@RW ziOK+s*#~Cuj*^(&!Jn)(GBk}*wW-OtEw#)7!xG90Bi6aY!4IxWE-H?@Ahn+V>d`nW z8IJ5*&*0Q(JcB83l`qc+!9d25VB0787M5~oboEw$>8E|Yu?RpxFC~i2;f;y51T49O zS=i~?o-}>6+0CB`Y`|1#wzi}prn#_7}NC8P2 zAlhnQ`=<+mU&iWv4`-lbt$3GTJ0v*(^EU)>e@lXz2l*&qSg@5A|k70lH! zW*op$*Jz$TKpJCGmPF0wVD?t>ni&lvyh~P%E}3uV9dV}ahM)<}q5zNN_o>|~P7BWY zCeTFo8>et90<(56THy2_@&))9YvqKrAYEsRa)eD&2>TfdgqlQ5;RA~yS^9^(Ze>;S zHE8V#8V##Jpw-R4m^Q>kMZ=LYEf{e0+b^stLsP>5yUQq=ZO7{ZwyOavN^ypA^4pH@ zE}#&V_+?LX{mIi^5SU>!PLkV8~{FkLo-|g2y?Qx?{BLr z`KOvrL^)J6s6x~R>4~)#X zMyQXu$WN)0_-g$0u&UfWntfmc>(GGLZFs3f zAgNTSsRY2OG}tLuC>Jr#^QP&7D?7o}Do|Dn5Z(un=NaY&=XpWfEdkvw0bVb``W~>} z2QU^B5Ee6-=UMgzcYeYC+MwT0Xrw^^3@Al_VPT+v$#RggBq$70)&|*1;bl4Sm_$Sj zX0i-VG=ps8V9ryJ(1`48Q$Tp97eK7}ndGB@F=u))8*nW8t&LOwmH~7=ZcadnK#~bS2nK-Q86Hp@L=YEH z$N<2gBjjd=D8)FcIKNnvtu6Ck%p-BKe4#Gq@#SN`=JT0Xn`B^5vTa&68RzpI!ak$i zyY3qa8>g~Di4xKLPzG{Ob zV-sd<4#H>+DACQswvpP(H39GHZtkxB23HcZm1g|0dH{^_wtVX`?GvPa4lPp7Sr*&9$vfSq;+VS7I#iexz2{>Hk`@MeX23i`#?KoO9?;eHM8Xd z7?&hv%-Ta3qqyFAm=+UngQhM10;Eab0&5R>b*%_4qr>MSM2u)wsON>m*5I#Og~Wkh z8H*6g`de1II|B=mK&BRP>GMY{Q|@57cZ)?fF!A^ds2hPRIUsa(STL&RFfdc=yr5*& z>5vwErVwWH9Kbs;+isFWfds5?$0#M6h_Qf7M!KKh^jpCh{+@^^d# zZYAI6ddu;>qDw8-KHb&rtROp-8cz>R1rIYY@l9WZ52c*FiIm$C9}zMSO?^a#ag#}F z@xzw|5F1tOucMSe{@&9ww)rQ83}n~YyFLiKb16Yk{VHGabrK&Fx@VR<)m~$tohJU( zxasf7Yedq{jh9`P}+>#=`4 zCM>7Am~m6T4s1UUx{t=OZx+NdYDDhnlsVcnpHgPo(@*2OlO9Xw!6nru54;UDtHNEI zCa2nAd&t)Z|Bi_3-aJ#g$bjb}Y+Es(Uh+2@8@josQ$(&^&>AK){jTNbNx#&usnPzV z)XAH_=trZ)%GvLag=7DT0K01`6X4MnBI|M@^Olpboc!tExU}9bs^1YB$6{q#J!WK< z=P|zRK&NdzH!YUOC;Jg|h{--NTBGGJG(lAVqTA8}=pjHg67Ug`1eJ^wa%?0DNhK*u z&)!;GY$FpJe=$#v6wWX?b3D!9PSUj%e;gB&_J8BVW2;*YhDuP^x@4NB(RNRk9kV85 zLS5SMAp%r4p6?vs}s=7-W?cu&WXf zbT*C3s#jVSVilu~e~y9ojAHdG*&F~#P$Nbb;gXSoxM1T&q^Fgg;kM?!4c^VY$E>55 zzvHe2rdm@RjX)|Puy!)DphlwKmeQtFlt_Unh!w7d| z1+^J~8!*YB?1X82OP&TLW`vUdoO({Zg1)&*W~-;Qh|W^bUP=??i5rjPpp=VTK8)E1 z#0Mb&K?EQGgOm^ib1GGkDpj(QHnxmxTR_%zOj`hfKo|%JKvZA|24xr+gkoy|2HbP4 z34s_fAf_XwqlK$%qNNBj7|x53fY-9H>TjFg2Kp#x)t0l+#p0O%+HrAJnXgl;AY5lsR@7TFJisV*2I zJ8ytygBTna7mAP%LCKf&;@A%Y=Zi7I@k{84A)p9B6va`_7{ozq2tln`4ck(JOjW{6 zRR*m#QLUjb<~C7X*{54Ug@yIdFx2Q~n}e=A@xC$taX;#w)b`oHIVc80H4d7bY128W zRxzzo;pMK~_NvtfCM%)LD#Og01=X5{Et_oF(498Fu|H~!q{VR)cR)#CKp+T~_DM>L zNht}>2ci?9OcBFOi3O?>4Yqcw-WIZG(pW^@T}19Zh*dEmLJy@7CH0f7w&dl78z0

e0Vtxj!gu5E0!#@$Ma8+HkhD;stN z#H}n2A@@OyP!IuvB55EnLQ$D9LX>f6jFP<;ny|H$lFp-MQ`VJn%*0X|hEm`%Rf0QF z!aGqew$k}Ptu$N7(NdtUDzjK!K=HT|0gBKdAwtazAt7R{oQ}JujAg2rrmCPoRZ~P& zSGJPeU3Dn28>~%I)2uF1om5(^%hc`4aACeMT$&!Crks?JgHlS0`mR!2?eeNo+_zKP z7Jr21*<;N_keihLD*a>f*X+MuPDztntg+8Zx-Th3PLtQ*O~jB)>ch-RJgHU~{WLM2 z>sgi?XUu7oZbjlYcCR6I#DbsyIimEg+VipxZvPnV<0mg10D#6B5l9cjU`o?{gI$Sz@WW&^Rta@9rR_v7Fp)<=t)v=57&t;f|JL#vL;lqiIcTVZM>` zZfGT01qxsP8K!iu+VQdjZr>d3;ukLrLaf;rkvV4o03K@?#uMkTA{vrB91a%*q(!R|u7!*F+V@9FNe z>(f3*<2Gzxp$+F*ITxWPKYLa=*-|p(m!7(XTL++DMIcdZHGa{eXc0V z;#(sj_iQvF{4dGWY&a(*=bTp2JkRkY0(tU4rkZ~t?6HJ`ksSs=c_yQKVDTSA0T3-7 zYLqyj&qRq?G~<7~50{y(UXMEI=~b%R-OdB#@Vi9X!|~*M^~fy5nzPn}&{{)GYb{i* z$ErpOiOI6S*aA#S*hgl}7;|t=nc`zL10;$HK;ij-LLxBM`ib!-CB)etDT-pKE>~$F zKwyFpQJB#f9BMWigdG$WqZDfn$(R}?$+LZ;D9f{|y|cT$az1^UUEInN$+|yz{4c3* zeCMELt*qYO_~A9p+2@kg(;aU{SS^OZG7c-t!{=atdkUcYV&*f3bxs-cW4Ag!Vq2z( zIVuqG77_84jmJ)H2Gho(YH_jSXvK#TolI~z#RpZLRCU&QuQ=V-E4VGz4E#Ov&br-p zk%tP$f{za>a!|xODfChIksx>|RLxgC)5TUnX8l@8CX@SGtKn8J>ZVJ#x0Q}s0D-b< z4rmu9#9D8Z4^y~G<+BHv;Ng8B2tptpl~S5iO4(uq0|0;n5h-RG0D$4BZ5o0Fx|&k! zjZ&+%)Nj~s*V)C?i?b{WZRa26UT^ja1eTxMJm)8#q@vB&~kK)5Cb=S1L~62pC1 zq>hfslgupQ&@4jNw#2rrBGarg)2u<&olw<_y^1RZ<#+4Q@o!1a*6lg5b&V~Hw=r*m zu9fz+e%cR~P1y^!`;gQxrSvnieNc*VRx3n_FDB*uqLlM4byB~cVi%S(+Io_GIXhhK z{&u*_r1gl~fN^CUF||N|B?h=ifaFYo_Dq0} zEpj{-C&?0Ywg9Xxz$#J%9=>d0zwj5DSJ2f64&e*tBIe8x78BZgt8%7HzqFli2Tj|* zaP8L5dUeMCt7Ton^AI;b*1f+%-DF3wBsYm^d};&R7$G7gt-h34?xFrNg5D&GsI60b z9bZYeZ#ptepTW~=#kHL8o&IeBK6X|4-Q1$R;}|2lN#|s&-)5{HlS2<)CaKdmrVz9D zzLQxIHZtn=h;-Zd=*ndQZy%=RSE7zNG!&mLcKgWd^2nz!))v&DClPE=h>($m?!};q z(G}{-b=C94yvu`;`e-BgjV2)a{hyooKaodWfha-98&5d0QVDY|?OAi-sG_hca$Eao z{2nNBQ>h&-<3X?THWGa_xH+%K2ut({jq+t`yU143<3N`96fC>cIBinkoy;yLp?|Ld zFA5s%%vWy7J+I4^Nh5;iC zBUb#dY$Jn5F`18&AQUD{I@*Ht$?eHeOy!=t{z!&zh0XZp+r`9XdM(<*@KQP85aGSl z&RlSZSB_{Uf)Gj>S)6iZ{>YNTn7t~lqrY}kXc<+`$~wAiD;cAnkH?Ftw^ep3)I~0q z#3wBFh)PvQn%5WZIpq_>t7%L%x@1;paDf(cMU5#DmVt+ed4w^q;@h}zjk3vz=7l^D z6HCh69Xs2{>2yfZLquZeegqv|oqc2)Pt%khMCV#^c06aP@DGK+j77ccRXU( zCwdc(ja2MnC-bh2ABC;^3=^~%!%2T90T`tP`6-8{`V#ycdmY1fkF6vQC5y{7XrLo2 zsxhl1Y?X2hQ^~zMsasxuCcD%Rvod&$v6uJaw?1i-nf*7(YUq=;FDiHVTN$M=rAT_! zNN6^Cy1_hSlQVEIQ|n2BDo@+FbIo>0P4Bd>A?L^%NWmz{XucODDkPnDg`Zo<(BLpq zHc4c>QX&(-HU8_o}s-A0|e0dW0j{80hZ zuaQ%q%FLPr!8^nnKcgsb^l)79D9I|ja&D2ao$_^wsv-R?0g_H5N(Ga{B63Xi`wewD zEFT~+C=?nEg3de!Dz*ONm*l)^Ti<^PUH>GxH1vk8{ERXrM#I+ z4WnfPm&@tg8Zw^o&hSF9CEt$fQNCDn-tHwqhTF|%8c>N24Jp<5x0DYUAAB~%hq?9) zv7V!s;R=?7N!@KYPn-u!pJ?gm5Q*9L&$S7HKD2d3Vtz7rIc9w>jA5y~cWu{U9^!~7 zH2t_%z0^4$Q0!5mpdzh7Z}mG^-vqfVi^j`nNQUxVAxCm6#}6Ym2LCF}%4x4{S@Rs%8-No|M7;|fQggG2w0!P&wp8sA)Jn2f$t~dAY`(mZ8fB6FRjDElnu}6&?*`?e5^L5MO1#435*Jq zqoFBkVx#roJZh~GRgb}Z=_-&Y)CK3`A0TTzr$!tjgp$|mr{`Sc`y-tZ(Q0?SQO14s zoQxRG?<WF=4m4yF*qsSt2WP-K%>X8j3)}BapVNj8( zx7@rTr6kj5G{;QqBojzPvt}r+IvK}&&Qngn9n5X13_R6LztQe_G@geBi2!m zw$GrP-y6T~S6UUZq3*V|PE8zN3FUl9`N(M0_2|r@;ZiZhy6*w*?*;FC8b!iEBoPt> zAz5g6fR-}wcmVc~D8>#P?%Z!Nz6gentjOaRk&HHu@l{j{r|~<f$IyT{i;trr*q>IiSm!Qklf z-VIhb_?Kchq1BvPj{v(^;L>=*^(+tXW51ydR- zIw+-Y*YFEk=y;z9yU}cJx(5m9S~HtubFwol;g7v?PG2f%C6^(8GM;LABlHpnP2R(E z$yx}~uHDj-tG~PPpULRD8%BoXU*vuXzw{x+K*@&-s>hNK*iDvDmmhytA)=l~L?}=* z7gI{-XHcfVrZTg$4~2LsCn)GF5kmB?eQ}3KXi*V?j`UQG*FK6IH#%?o<-;V$&{57j z3?*H@YmknKAO7ZXw&*CWO)LnvA>e18Hp=rV4nF)AsuJ6Li{vrEkVU+fYDk7C15 z(#id>&77>uRta4y`_;%l@sUteC1g~1gDTXhyu=(k-&Umc=VesmO+7OV5vxwCfKMK8{=a8hESo6ILIFX9u$~}j=qlW*|Fck z7DQ3Sh9mOun_ z&;{j&trxk-w9(;wYGj;lIAc)rJvkmg6MsGq#)oBtQ2M=KS}4}TFkJRZL<(!{bvo+# z|7)1ZA=!k2lEv_2LVmXpk8-MsB0)x=vgOBd+7X;+Pc z^_yV1jCmye2K~6~mc^Fdki8f6-4Va_w+R;7<09RcXg8JFGhEY3)ua#Im_dl$Moh z?xL#6StaG>d4-j-*j=B!rS$`X;vEzg}J6B}tVOb3~oW<5;vIqq(aAIHh?{ojvA`0R9c zgP{-dCC*v(5(w{%#r(G+f+Z{2)U$6wKb*dV`!~zuNJNy z^xbmsi&u{r%wXi#89EMEr(yc=@Q+@hN^FR7yCx*I%9BY~l8H+8SuJ{I6X&Q2k`fw(jH;qjsp@j#>Y-K+0d7qKz98MiZU~cH8qXb*N#X`4^B>#C@9I) z)a5GcGNrY-YU=#Cg@$6rM>1t=nYOmhoE*n)PV+|>y61aX55cei00<)bbuSDx9Iz9V zT&AN^BOmhBn)W8?!u6MX8Dwukq>-#o6R}W^Mfykv&vy;3&9MgS7Z=3p*wNC(TGZ78 zM~**R`14!fUk%3f9p3hxUugk@LVmGbBC>i=Qvqf`pL<+1E2QVt`#!#}V^@evX9bl7;kx^$#H$YvXXXBdc=P z3i#2Oe%c~91nVNEa5C%%m(cYoQg3$7AAs$RppMG}Ad5@O;yOVt%}ANLn0h@v=pJBn zt}H&05mb99GsuHJ|l;*hHuL~{-)aUlW)DAX{-maqT$H*AUkoyMM* z%Dazw9?BVUFOh#-aK#2~PT{PRM33;+t&okGrS9Lo`e^Vn&PNa2{mGMR^=0Foi)At~ zBhcZ}2uX#@WI9LW_YUBqgzP|gO=jS?_gy4Tvb4#tdKp#=>HnLT!&!h-UK)E}56^S( z+=sq!2JH0DXQvk(4^lkCOB>nOVFly&cu+idUXzWq{6LB|(%iKiu?-uR*Z_nPS~oc!}S+i_HX-^{U*V>>HELGV9iK1vo?ZAL;m z5`1w^Y7Ye-j5aE23j|~PdamlGH+1JY?;pA6U>GqIUw!XCFkyIDUEHaj_|Yf3;FoXp zKIv8DpV5FDkS>e9_781=uY2fw?Zx-a?jLMc&$ywit$E~H z9IaE^4bEHBvlsrcstTb27jW1jR54OM2WQ?e#4$5OraM67Lqs@0M30z=Eux6rvWTq1 zh`c?IU&M&lXGC=-#K{Pu-3SF6UOZYpo!s<2xjOqZ1V~%Cf(xvgfF*o7Um3P`YyI{4 z1_~1T2@!ScitJWPO`z*@Cl zty6B-`vFrfPkVc9Q&xO4{({5hcFj}49mp|lrkD=@LEjFk*B413P*q1hx6g6}8%y;> zWBR_?^&A_8!iLi%D=US+hYpIyO-B&=IBuZ|+9;)22<#Y(BQBr5hZ4#a5Q9}MQ*n)` zz8tQ~1lu&PxZhBT$!@pW)-$4bdeDIaZyo-c78lCbLja>5N$^KDG=pxFE-evQfU5)& z?Jm`_8Y}`DGuI$#iJGf{s%Nub<;C$2Cz@B8$~pYQXz zYqmcX=Xn14&f#~WLU#fU`pueFc)ru2hH1cPwV|!ir4+Py2Xj(muMWR#-K>bJ_EjZ(epC8^sOHJ{~o*}nA_JIJ^w7h+FqXx-si zp={7)4x&ux_4GHR-s00b@qF_%_w^}&h4Z7Z+HV9Sf@Ukqk|So{9sJ+p{0>j{lJ)hq zfi9R?sl>-)?w|}JZh)I?IXMoCM+}A8jGoWj3k>tI%OWEvQ&eP?XuCS$*bMYet(*}N z7dM0&_l9p6I8kLq?UJ#2gT5lTu1&?nry$RU9QR?u1s64E_H}+#hj+E7nPH(VkeVF> zbT9Req7S;LgnSwp(iGdyy44pMDBS>;C>xk_Q-%n2GC{-FY%llL=aC2>+)0bDTpus#GdGg-ALJ zrlJA-`UmZUU_cq*&|8fs`QULCW%g;@8^gIxPD<1<2#z!#Z(0Z8i&up0ATm{^zOqt5qPcR1KPwt z>~UnLMeFN+KfH?@2;1OK)&SOHZnG1RVqY9^Z5Iv*1r4PRC%uyl?_d`4G~<4ypA*bn zJ?~EcFs`Fwj8?wI%W|ism88(+(y}byy-?J(q!`t$XbNOjWQ31JMr^=?WlL-v1MewP zN}{QO^vg`njGWC$cUD_WEJrEbisv9R50)7KcLKoBdPLgATV9BKqPuTTv2R3R2?r3g?q2vxHaDYZ_)^k&IFF%sRwhn{zX{jbRw%M7F@1}nMr~c=(p=Zr~Y71OVjjN+-eb;J-UftW(6H=XE z!xDR#{~hc1nS*0SvVMmTaDh&q(<-IRiHRvN`JO!fRq4g0%hM8kxp?^B?X~)_yTBi` z`zs`RwvL-~%^S0TJL&B{8{N)S?C%5n=3|tn$#34B5J@N=rvL>QWP50oNIWK@Xp|k z$@Tl)#*K!3&w9G+<%5Ck@al3=+9_>HeDw91IsbRxQ#>p@{ezl*{?nARr_@K-&a5IH zjTLX>Wk@q!*KHm-BHz(fdjF4C;v|n$&M*C+etLc8ybv1k3=-v?E+IseLEed{hgT@X z@X>5He154I!t=>CJbi2okvT)wjM^fjN{y|}jnNw)ogX;l?PL-yI4<#`F^vt54v$X| ziKHh2V)8^PIlrdUFBEEGQewFTrD7{eY8K3Yuz}j%efI zC94HZA!Kif8Et7x+M1eJcU%+Kbn1F&V5N4vp6{pi=YcuxKkM~M?Rvl9Fh5o+AE+YM z_RXO*TW&Y)Hmlm65r1q~ZCI=DZTE;0CEe;7leYhck@yLw95H==K|)lNaRhl1C1OX% zzn!1k&KiB%t99zn*!44g)btX5oke`i=2V){^rHglaTFyP$hg5Fn&6_c+_)yX5_DRx zPb!r1G{cw}giRH(kr@(Y^hJmUPWfSEBWb;28ACHf7-|BcEE#PgQ953!6{aFgfonZY zQ|H1%{VPSA0yP1b;E6g$S_-q8jZ>9lnzhxSBz0t=)+&hx#ULr|6Rt9xn`K%bL{atR zHY#PswtERzDh22Ow`tUsGsPxANai%0j}j^ZcBr-7>XI``$Q^D6007pDUuKl*_EsP~ z?{(5YxYf3BYiO4bbKXE5kHzmvW9X5SQ~`P)`ZGPfAauQNR)rVX&~C;7-g5Ohm-rk# zxZ6dZz5x|`u1Q-WEp)vy0Q#bKc6j`|qZfva_ng~Sy_v~CP;7=#Ge$#e02RuQ`I%Gh zLrXqiL)iDb_^OGWXPaTh*Mh;ZDf)whgE%A}S{baoCU9ObDk+XATrLNW`MzHfnvsi; zc>h9iTOMpiD4-@zcWgbpFyq+}r@66!@Uy39-@K5TY2b!1K-Hoxk00XVc022G64sX9 zJRH+_9Jhu*g8^^zVkMm^N*N?rFxsy{;#k_tA2RGT)&s?35ARqu8VD;7HD-@kfoS9> zPE5A7IA(>W|JX_ptz86m44Y46N`i%M8PIFNE+wItnj`)MWq^EzO8voO-(rGhtOHt+Vpw=eP*{ZrEG&l!H9~|YloZ`* zwI2iPrwOwFMtb*&zK2UB(?F~j(e;|yp!{7KcD>;@#8fK_Kwb}Ez3f*$M`Xf&jgy9KC^IcE^+>f9h&UZwg!l|J5*FqBc}y{l%@=s$v+IZC0FK_>F?l zfQZifa1c=5Krp3hg`_X24z`*%s+=%-8?)GOEK6R2>B8R*?2EEqsC#=czpq3ryqD=kBL0`O~Jm~IrW%d>>ROVsWhl2DZEJ^LJ~N8~a@AFf(QfM291tfR~9 z46iVdK?iYc9~Y}+`P7)1u{-yI+`+Frj!;Gv0of_0DMbnKt$4O`CT;PVDLxx90U!iG zuncUKiBo`t*E!jBLKoh<6E}-k$#nhn;~dlFIUaquo)%LsnH?wksl^xh{HGC`T9T6i z2pnm!2HA?I*u1Jy^rwMp;S53s^93*+e~R1yyi900CLX?wQu3v>%Rps<1`jS?U+N z*phu)sh?6M%LU#y3_K4f&uG{bR|@g{%>A6f%zp41Q60!WQ~{CAg+a(YWL-v$79iKj zq*+UL75@Ica}SNX?lf&S>TPeQJq&s&9CM!CyE5`4-$XHF8j9*HQPs4ktS^qDSYAiU z5fUg)C`rsqby5MKb*C_AQZve;CN%^W7>qONg&60cBz;9$Qc3~E*9cY%L(jNFCSl5v z&Z$d<2-vv$$0ANK>o^1(`8w>i;+{r5V=a%$%G|b2#03khA1Lo$A=ecDlL6%P5H>Y`~h&pOxjC3`%pj z#F@kcb+gsG@6>Gxve1?*+n_2TwsE1%YkJ`I2@QOiiuteXT#caFKaI_s6hlN z?*q9G3a5#Yk{hYCsJS&gm@2iOL}+Vu)-7|R?TWot&YMKkKU3`u9olXMQX` zPh%J6zP0$4_2#VmIHFCC29yHvap1rEHx)%IG z$4N4V1BBI9i)7DwJ6OO@{Asc=ybht2u&tWimfdk~Xh@KbWA6a;VuPx-T5-%KnGa4&N7ZAL1kM^r)+b?#VC0oQq(TsBj}oIgj$4L& zOMZ@XyQM%A_}0C2;R(EgI}d9_Ve!-z<%{JxyPLpKoQrPQRONy!T`JW$B7SuxG{)-h14-nA?tLrmW8Xz>2EVVWW1?H`Mz_@s)#Rch>*Y78(4dX5p z(A&di?g`UK;+GJ0&fvaYL)?4PdiNsUXlq(QcbmBhIglWAG@=kx$+`&xA+;~>n3}H>-oL?f|aagB^E0VOb-*~$kjCShJ!L~*R5AnMhAdbf44~A~~ z8COY1E<+0NwW(pCu$GcxNRIawrZga^gEhq|Enc=t7?e|XX!ghuTz)tXpg}$=m4bAh z_+YtETo%ab44s4-nXF?yl!;S3X4G3DY&LRgzg{Xmlh26a4IQsSkelNeYVuwT+i~a9 zep8Qr%PNMdBlg7AA6k!Ixd=7}uB)#$vl}r!%yi40K|Ha_&fiY#qD^clnoJ2b8kQ%* zf^loggZ5W(fWI%pyVJH5DtiGqks4?Ai;Lo}Wl7WB3Z@olkdj>#j3YVe6kSO-y{=ZC zX`ZEFiS4stykN&E1&sUL5{&WBa=YUvd}c6=J_gLT&by*?jg_BMH;9_i&3Rc_t81gW z%*8^j)Qbu(6CG*WvJO%WSLmhO?GS`rsOXNjESjv{$-KP9Z|uXXci1)0Hd zPidc1{xI*vXWk=QzACOLQ*?;OOw|-hu~g^rK6g)d7%9+8qvhy8`vI0lLRGmSq-Fk5 zGX7xu#jALIsv9Hi%&lXaTm$tZQjFhjiX$n2trLT6kh<>zSA86h(3v(yFm$sCf_uY( z(!oBV)kueb^dYU0w*icQ!{=_d{`LGAD$9b*j@Q_>Q)NJaoK4iK=dkz=cc}W9!5ljw zcsjN*@QzL54%+&|VZ##KUUDobeywDiRTz_O+k z>grF2!)C0s4AxTUb+!I$v2RX{opVD6h!tWaY6J1bfjZQgS>%fGZYdn9kv9p?O~J2K zy};`!=w#Mj>F@kbyh(q+w`WlVFL<9Jd{G=;Dxq~p`=|BTTuI}Q9u-=`aHAGjYsnyc zlS7%yry}J0UD&}_=3-Zbd!n}_cQ&e~wEwRQTjt@UHHs5?^2rv68b?^=+d{$K)|JiG z9qFP^f?(^Yj2DOA+N+B(D}QpD^h)kh>`_W)LCdc8eo}kor~vw}!ptaRuC*u1PSNe(jmQ$@A6}j(uzTtxk4?IRdxVrW-gpJm{aAxD-r!*GLNI zIog1hU?{f1Bhi+?)KNR_$x1E(Sq6bkpA0%>`7ww_f4J=kR4W^v2dk-{zfH&2y^sWkynCa%WL1h=gBO>Ws4p2Ty{8Q=xGC%T(V~jB%exBk-z_@S3%tSo<*ZhiO<#NT zd?tQBznWQOGucy#H_}t)pD}~~QQ9+xCQqbq-6lNnb%Dl7=sMOrU$OEgn{aUK01F;2 zPgl*$%RBF%IW$?r4jvq~q2l+49@`wiiNg7AwC5PS=+NHa`{wlaN(uNdi7#2|f(v!W zqc7Yl%t^!TzK1}Z90lAK?2MNd?~>~z=Du|U|CjTio?WX)qUR9B12DqVeU;;Gfal z{iw(6{2}T|MiikJ`%In+#TT_z<;R3Y-__BLxi?bsme4 z1s9Sds#90o%?=ebrWO;4xdLC0ua)+_G7^7|(dT6lU>h2#^+kAr+A}G91iD7jvQ(jF zC=yo7PMuax_tnlM)pp5IJQycT1G@J19_A<@rC={y+_B0=|0~`wM7u9fhj1NCU>gh` zHe_FUQF(Ok+hTFRI7cVPb$FJK!9v_zEfsnoo~9_f51lmoQf_h8@d1|}Q4%9qT#oZ( zq6SRVC0v)sd|XBjgkKfafym2pZa!nR6M;V3{mqC}kR6Tz3gY|-{EOYiW4Pyk=va8pP)aMF=%i2IS~Ar+al~2 z$DrwMd_W9#s9fre6qf^rCKW+Gp8(LNKZlki1ommQmQ|oWTTH#qZG!YG#~eKG^`cA$ zvG(_?F++A1U5JV|PsDz_U4i&6Mn(m1<DD~5=gNKKu02{-nvcLTLM3qf-oE}3nWGjiA#5{&2yiaY_2Syr=H&o#`ICzLh6b-m-(c3 z$YmK`w@881lGCwIJ!m`%kzC<@k{UNlfEpRYrDA+AFU7I}ebIBU9=8%(_YsGo5d(s( zhagf^hVo{5J%{QlI+5BbuPk zh0NtWxSI82wQl84dkpp@)N}~U`4KSTqHmGGS@$(494hK))p$rq1NDr<0c=1>t!7@} zwebT2I(0S`dd z!@)@Kb|8Xb@m`txw#1D zJSN6Yc?Ax^ibcCUaD$@z&svG4={nx^u}GgG!K_?@N>BZCu$M_r$JvbmRzG_8M9sYh#evP)o()`?MC2@hg9_7rnEjiwH|3a!_XsTL7-qum(O&=NxEV*-R;2Y16h z7X^u4pZ4S}Wzygo65%G9Tp&A-avEZnLF;DBnyatM%<0^9A*;;r2Cq?VNQ3HBMi$R7 zwO(oI-;THHb64l=(``mEXTusb9AGb3;<45z&NIs>o6T72VJB-{ z#EWSWJ$TQ|*twWI6hW*akc(%rgIZzQQ?-cDF00Lqt3@^*W^BSx8~1@KD?y&#CC7q- zQ@u92f}7D1w`Pooel2?Gn{wKkOZ4Qn;)_)Xa`)>}O+076=aHe#9HFP4AQr}N+17+# z#kFr5ph|PK#I|4$={m3~vvc1>ABPV5G#HVGyV!zQ^13FBiKHSAj#2Pbxy1LQBU z-r`5lYZn4ssBMShwv}SO?dr?s=GNI&u?j0!tO|e=BU~#RE7+C%SkFk~dS!&wFlg@= z&Oo2lyn#EQ5&c$e!1%N%5%yO8y`>g)3pC8PuVj`mr+2DM`{{WcDPvJcZ8REb%oG-> z?f0g*pHBDEF}k!vBnOb@W=uIr=vd-#LVm%gADZ-j9_47AUSAdm8N^$aXQYCn*tYU2 zVK9qwrmhFR@u36$xH;P$SBIG#M1qR>jmTUA0+t4woWhlW(RR{7kpV4|O3NxlH&*8f z&6&qG5woeS0=|Zm$L3j)SD)YFZZn|hTbyrus0lOzog~15pG9l|^rdrd?WI;~V?Wnm zdbkoMCc@+r0eHNH(4@3Y?h~Vtgit-rf_3BtE>^#s)d*~1Y)(&r{o&Nv6w^?|v$9fs zLo}y(n8|}%qB4EN?|mRseT!_# zRP5T`Vo%foq|!1#Y<6EvRC{_ex|>4ju{-F~7Szt7aw7g4f%F!U&mb4L{nW8%a@{Y`+dYE6pOfW+xs^7Y}phSE#vR!u8gUT9Lj;H{O=Oc6+uCUhG!-s1=(p7 zjn{dbW)1T`_A3e=RDXC` zD3)bZXqAqmyZb*7BsLMJm{a((bPZEBP00t%s)c4&wPQT_*Q5npUy)vkpX>fX(FuXi+|5#J29uDyS|bpaCFCGa+78J(NF1a6&qhuqCV zr7l2T++1VMg(Is)N916UYiZvu2k9~goEj~YbHx?>dXV%{Suo;Uvup~`-H5skKT&(G>OD@ zC1`7~O@&x0JvBNd%0d|Rs+pp^0{wUAyP+wgeb4z9pM4genS<(oGQ!^5Z)18L?K~Oc zN=rFL+lY?u>?9ELx~!9F7@yLEr6=C(=QD^?{Je~hN+7nsb z8xqD1l`RIGe7nMCy<6c8W$D+pca9KTaI~BQ&%JPW3pLFB) zlr2}c7AyJqnHD(}@$D!U}9GkeK!+7O;RWwEV_%r&%#R}wYAjYN}(JlluIUdb=9v=lwpM}z>tmc<># z{($Mr#_04hkpOZv@T_v1#saVcR_Jyp+dJx>3+1jHr?a`|e*T_YI~*Qk#Ury2QN08p zc$OL2jsgMEjA@{+g)3@&+G)b;zC=U?$V%Sh}v zLd`yJ`*)bvr_t58xTX>`3D6MGn!n!NogvqY?QRm^ge6Tzvs0^x`MK0MS&lv?U-V6k z+icLX_~J_o`Zmx5upfk#4rD># zv)#URYC|KftiFM|p_BPnhGThNX_#KC)J~tf{(M5V|4h9Y^lhmq?)&K``9UF-J+|aA zLzCE$s-)Cb3Q_wUk>oV69-KkeJ`TP=Ik&vE=Xp)C_rc26)Z8k95Y3M>T$ zLC>bz^)Z9-lX+@;2vO>{oV)JFU-bjHtbTGdz~Vu)w@Cw?eu^uYE)M9EVgMEoVusiN zE{lCyX0E&US^c@?#ItwmPT!~|;Ys)ta&zm&pz4mwna{lG)oHCIQ*Bu_K*Q@cd!9*Q}NLA&1CQ3ruL)CxWU2_+_@k=mSsmuNb?l4q?2CWRu)F513W?%Po?!BXkYAOFwE=iS>&{e6KonhXF3mUzOXO(Q+;G`@Fnb&+P%=~m;1 zHspFFY0k?G@{73Qb7fl0$Iaa2h1bWRgnQ89mZ40yCd&wfJge!cSlC7|sZdXuvc z0b~Slz-US{!Wg6S7mErj>E(q5Nzh}k&g-%X;r-tYd>Q)2Q#(&(6+y)y8|&tdS2 zm*`A$(~<>S<%3HRYZ3Mtt_pJEb1;r#ZQH~P>jo|JgU(u^S;=k2M7XcAQqmOjh2%Tt z@Vl2Ch9i;;7#wm8#@Q4*I#$QeurNEi?_}JkZ4`P-MD72ARQUVdEbOL;+D8UYTjg4I zPQ~VEOZ8?ps%q_y!F|zh&n~iugX64>0CuQ`CraKnKKNXf>m;{a zAME7w`SqD$R$vl$z!HERVsHc%uMNGr^1F+hS+tN=aj!?rp|dodviRhzs-LLVp+5pV zgtbB9=-pLUdyT?8-0*UWecYTaQAKXp?QH7W>%}w8s-N&hiYzoT4+%{;U{5K@>Ur77 zK#V>Lo^vsBJZ=q8=IJto_8PeP2702{AR3NvFV`DGP!*K}nZ?8CVJ_E*YX1V=^@g@F zpyer}`|H@^9f~*uMz?$VQ)E!DSNb-rLpl}Kd;Rv*zb&Af4DmJ?Q6wx142mL(m&3XQ zZ3A{)JV$VO-FT3>>MB|2dFMyz5By4iGSBvo?Rz2N!Sf@snp+-%zbN0{t`~R8#d`?- zitN2ZHcW5mqX!=~tJ*rG4Qr;{EiN*swe0nb9`$1uKfMAw8h2aNRh65DG8-={?=L)f zGy@TvHc&_I7yxjO3F2b!C-k|jHea^c9<%;yQs$|ls?wm=ybC;-KUl;p9(DG#J!@1` zC%)jNGFMT?RZ;tKCSCzVYCd}kEa{xiGHcUoD*3@Sb5e0q7VD~kez^ewg4tL+O(L?54W)sw|G5pesIS><}dT7dQz^G6@!p+p(T-|6HK+@E%ac zLoqK2uLYegEjBACB|Om4&y!<)TMNzo{5PS4Et z9-Wv8D#a3$Gq40o)Wsnxyq}bUB<4SvnH=(@=Au(FV36{1<;}t9=Yui9H)6?sa0ni( zxEK|B(?IFyaSi=a;4Ei+%KYt$l;m|o-HOC{-FOS>_p2dTK`Exx81pMr+Nh_gmtmI@ zhHmoM4;|SH9=mqu%hup;86cvSScI$y=jL?yZ0fXM?hj;+1g*6@Ai`3cJQnyyw_ib@ zO*7*66=da>gz`~)Nsaohr2R&6Zfv!D?E^cUBgq;kM5RWP>J6OI4dxK45S85;P|s!0 zkZrIImN|5e)_*IwqMqC5*OyQ!J@XxbhQ9g2lDaYi)}5WfU>CH+DoP4koS00i=>IA8 z#V5t)^>@z~pRBK?D2Xl5O2o^lDxr%L%m=tDNhVjA4>pEd9dMf?!=^Ls4#U3Zo9*$m z>ZqDniEJV2U_ew;9EunnImPdNAQ_dGpPR1j>Of|c1!nD8%MGRgvaKT7vbe1%CQlko zPd4X=awL^k>ZMl+O}x5DslKjAQT*~bsQmn=b-9Ov<7`QQuva(fGW^Lq(Cc>{#M$F5>iV_{fa%w8O^ z5Qh!->$_Jt7%)*qO(rE%sw5;{+#=t?EEPBu209dqP~ji7|4YTkj)yMbc=8jZx%v52 z;*mV`J#fEQ1`Zt`7W~)U8@LGnakrV6ik3on?p_ofVc&lS?Y9`$oLUiIFmcf$4w;IH zi&Tt)_uIusfKievLFHH!tQ0WgH5z_Zhos1aRq=!}8*6b^nA=>`EY2bl-yCW4AylrxQok=lo=Ts^v;#XEzR(80p-En>q%~EYlOv| z`$YFZL18zm(sYu^*6d|hlyZ7-6&X~vQbZJR71VT25s;e<27~eYfEX#8! zV;k#rd(o1wM=RuGuQLnmwfp;+c+WRy$U&A(U+u^rTXN_R{GiX=YHB>f7*%Tu&I_ z-hUx>V-3Ix7(L3zI*W<$@=0O_5WqG%Y|gx4whgru$5(CK(ZI1!q3xT@CMTLZtdE_4 z6fh#3eqO6U&Z0zNIj6DrTC8(gXY8CL`Po0I`V)VX;B0Eur)@drRCU*rD9;&-OIc268O1um8+?tkAR2cAM0gM;7M}5@wkc2e|zCz z+Y>4wj~NY$3hS>G$&^v3Ps2`V+_8Dfo$oji{&5AJp0SYx|6e*T=+BwtD3-FGtP<8CH8kmZl*ixYh_kgq=x`)LQ6=R@7}`zIT=V)NHWR}P972u znL+NkaVrZDbwpTscc!BrfoGLlG&bO=DYKQgh>&l)^%s~hcX>D9Q7aKT^M{Zn1T1OQXNvqGmc}iL-_?j-Qz%iU_l)$N6rvrS0Xqv1 zvG>548w&$(h%UZU@K5W=T+~>&wg4`=7#jTj>p#E4XSiz0hSGbY3b2*UDPJkbONLLE-3g_~P(m{C&4m1tM&No=Z|O~2sBK3~ z-u#`vY&$KwuvUUDxXWn3=Qw>e%(soCNXT31v4Y5s-N zDbRsQNL5uwfsW{o-pyMEsS>8?0dyT4xX{>5yJ-ux>3tA?06Gve8E#p-N>2seD!dNx z9e*C9|HXm&j|BzJ=FHmEDs%IAmjl4!87O4tSg*F!wSVF`NSk)1&Ss$QS|qtw6IEu^ zjazCYXC7-?Nc~rr1V_u6W~4}a^;#A?^zBXO=}Vz}+-6+yJpCz~9|5$^qw~j%L7Ga= zm|MNfYr|rTp?3^WKe@>!DYt+~PiJ%?&o%?rS6kCezNz-=0PU@PXBA#rZVI0Nagq@G zW+gisu=(T9&+uuks*+J8Go}Dj(UvCiV$zLRCV>>Be|Y(X2_N(26Ke1^`2t^rgQJ{n zXahARe1Akk-iz{$EAj=Wtwfh&1uAgx!Mk`OHkC*~@3Fk?u+iQ>96UAE4&`bFvrKa^ zru1Y?DUKGJj0_J$BKXNE;SmT_fNm_9o{1rb#cnS_1=4fGlFXcj{FuEFk&iY5Vj3R% zA9YDMc;f7YTC90NNt>gWiWBSM7WgGH818fXUzWh7nt+hYYnO;O? z#HR6BnJHdLsh?F2KT}bKL^;)KOd7lLa^@S3zsjGvv<93pHAT4)>AraLyn%c#S^|NT z_5~o7=Js%}MvZstFM;@lcjnsY=a$*SdgmRz#xSzn#nraC$HSsY@1$tK9n<}n=14Q^ zK7auB8Ay;A!Jp42kf!vSVxW)A&luEd-4agsT2BroOaa4$A%-otQL<-x%3`uHv} z4Vm6ebc{JWhdMs;k{KmcL%ougVOA|_tcFs<8J6^%@`+PJsGo|rA%g+y04p;?04qib zEMuQd_goPk|91(Q?B30rp>8tI>qdFMDS-ej=pRMY+#i3DWzeR9rk~Jjm!9I|{tGj1 zy|)Ts3}|h2u}7Psysgmwaadk^J8S&*9~ONRfolA1qmm8FwSsJs;)Iv)uv8(xb-#T{ z5r30^rCFlDO!+cix}5E}OGC-z%R>H2f64yh)&JxFkdH;D^JGikQMPCzY>vb zjXOs$0~rn0#y-1K)#>=>iK@4U*l*SwAMpkqg3E$x2N2WWr>5JZ*k3aNY;8d4sTn`7 zdatH*|H6SBAlC9ITGy#Dzc@LvtvtX)Pqr_q)D~JnMC(rVO0|J&%w4I$pH0^VZ+*#{ zpf+WtT?HqJu((ViI;Zpes9TT-0k!zkT*WW zO?@81@4n^?jgL0KSxcxA&xdIbley{kuZ^tiQnQG_l!60>(LCxyb-Un{NJ5r4h(45z z!006moG`2$GKbW|_?n_d$NCzEfUaPMb+dnY_2Zg*9)#U%Fgt{2wZT6&I~(u+gGNs4 zyfxq1esc>Nv3*{3?}N;b$n>m_FHX*=o_>V+!I6CcJ|{>G!OkYh;9&&-{T*xUyHkq( zVA^B1D3Uwd@tA$Y6%`w^!JFp@1n&fzGwG3)=mY*4>2glzzrD?aw}AXYo4r1kbt_ zuO+!mf?a!OFY|hQ^@P+3}$wu`UgW|E!Xy_ z!T(Gp@*uyY^wwn%1_r0|cG4ocR%#x2-LmN2UuCpCDU0b>ZFBEUwPPIns1<$fAW8k`IYKkpcwZ^kNgkX56e&+Pp&JQC+@*Fr=`$Z$QL40-MsAU{}nv0ELO4PNxmS8PpjeL%?!rXNX)e|M$l zquu*6;j{4K(=%7Z-5TFKGU^RmwXs|P=l9-^O@0-w7%@PruB?JMbq$7GxhgNw)s7P{5yw+!Pnc+OMsam@yvmWa~GAA z6g!lY4LUIuqH~@$;`0Eqmz5_K?zp88C;^zs_T9M>@m``%;HRG}3s*}nBD2U9g`|(K z|GjE@fry%ipNCTsQTGQM<;%c>j2pN8)%%h8N%h%2=fe|Dyzt8WEVw@C89N^s3ZRLG zRQ~^5{LU+-H-#0}PR^zpY<=`m_6211C}AYaj`S8}^>3t1-J97!UBgEe(>_~?53 zvn+ChzA)cW)I6gRmcuQHV34xS1|Nd*B7}9S_uWimR{p!zAg?e7NS-G0RaBA$`H5wq z$`EttM3o4M$Zw(N7a>)hm|-q?^sMhs&#dkB%XqJOJD*#AGcmUOdeD*YRnKZCnJ@aU zVUB-%S_7S0y&n0v9FPorcen!C9+d&h`i8VRjO=U->-ZOf^oxE<$h*k_c+w{62U5g| zeyMQghUIaEJ56egC`Z)IC+^GX`V1i=Fxs?PfvaVD{{P`ZIFxhDnrlg?L}t2vGt&(VO) zRezBGDYK7#G9%IsTFF(6Kg)e(E}r!6FM0}@MqlMM_P@xMmtC_8iuu;s-$ClSDYAd` z62J=7G~T6_7h?gX#NA`%ICo#w$EnX!JEHj!Pd8KZ)_Ik`JhcCa`FcJ}+7+EN6fbX! zb#9R_KULl(osX?)Bq57CN<|t=CQzBhlSBC>T^{4G%GG@$_P?BxEH|F5w!v{=oicWL z{jR!NNh8jDIEOpnxblVL4@NU=`iRDaHC#Xt^(+e7grr1{Fv_x)7`jKg44|KW_}!cj zC}PM;TwX>jGnNsTmfj#PJ6ioF*`Iix!Ag)mx9h}Ld+814;*pq{DqF;_^+cV_dE46D zw@^wl$top#o!09i{NKRp{?t*_W!WB_mtW&bWE2ur#-i~a4wPmpi~(aDQ;4)N!Wfcw zewoTp%QTPnzqVV)J*)N>t{(-9@8Psyn|@JA{XrRr>Fli>E5a$hKjJf%KR-)BQGdV~ z;>R9{CrR3RdmCXN9{|Rg!(JwgxperJkp(hnpJ+^&XKWm3&VP)9SSU zILlbNqs%@zr*-nl)8n14DQ*WC)dtSA)u+e5+-3<+W$ni5JrHKyifit_ab=|=xjP27 zC7P!bQ@57PI|O5veJW#=C5x_98id53VIrg5swWp`!TwuD6VqpVNzrbOYeqIg*lhNk zL0M%?m>nDd!$OaJXOxkP!YR2^F%9?-_A}!632>>KR=P3BoG3MT7e*5IQRK7eQl$XM zqg_hh9gJbv4`ZVF4SNL&v`98WP8*Tj>pI-K<1-D8n#Dm6zndIazA9|czLVK@uv10% z>d5pe9`58XA(HWe7y>=bUTO+m;o+KC6qMt8$g5w)iaA~p;UA$Z3>brPrmb>KrhIFp zxoRsrvudqGI~)dEtC0FzJ|@iaR+Ucp^>4K?fMFNQ0&X_ISMr6VR4DL`GRi|N0<@Fb zQx7`UJ9{r6L>KpxT!q{auM4A`T;9ZJlFu-*irB)y;aI$H&@J#+$Z5cJGW_*Q+J9{H z+m}ymKApD+PsZ~Wlk1ChKEsOS+adF9c-(w<2V{k2Z96Y6G5Vq$G?=x`uu5AHn3ohf zr4a%VsdF>a6&yaG(s$}GpFvS>g+8SdNvq7>3BE%fd`};JxEg1v%p-JdE zMxAEth=WfLF_^8;=#c|UmCy{zBfA@ePipUlWk+T&-&34fUI&^r*ebD#7B^)LGS2I& zN_=^fZ+>ZWyeE%-3${idA8s7Ek8|pqsp=m9Zf`QSfQUdfl`k!p{K#DM_9$lN2-N`5 zu$dgtGfNHxs{i_@-tSaYt{l4@+ zsaaSz-!{X+`AnW9FVjz1HCDEnwXrKguhwig`_HrypA+8xD>g@Wo_bOpN;|22!jxf( zA=m$4g|}EwnK0()bxcQXM^6Wp)IO}ZM6Xl4V;FXM&^Kc2@b8%jf8*IWt=}2ha#*qK zBCKzpbvY4cmu;7w)pEZ{+&1fR8A5w;8kA1+la$Gyw9PcV#B0tAL*UO6k1l#h_@3)$ zm@wuT{37L4--ZM@y?na>SxI2Sfv(t^d@#*0Z#{AtNllIcwWqQYAa~y`9BF5ywYW5h z9RK4ET;Bnm8lRivl;7@G*q-Jang?ean9U$2v^ra>w3*R;Ke0W$64>8Ndt|wKN29q6 z2UaX{C-61xnEIeGrIn4e1`XLs&POa~C@9$mR9b2X=}ln$9ZBgWCXBf~C%;woVEB44 zunO4QbQuGNE|#AQ97}9cC!gQuTxs#HE(;B+IfJZ64DsykYGy;8TfYqCs4TDsRAgC_i^ z#xeDx8#Ik8k7=oL)r6@4CWroKTq*^TZ6d`5`{Y))*m9;u&31>0!0N0R^qB>6wNa_ZsCS zkrX|3eOi=c6R6hzAa84*(p0NJpg%QQzbPrO7mUf9J*zj`1MM4?Q#kiq3}@CMwFv7q zBF)sOfYSTQ$&AE@@BYf*5M7HNF*DjeSTiMm<(JNmny5qQACXSK! zGJ13>5&53mJ@mb?aJEY+*cfC~SUtTZvbuS?{e-_U;HdoSsm(j-Zmybd>M&v7dnoXY zt~__e_Z8US4L2pR@gd=OQ}^n@GHh}6pgVZkE;1`J>xiA)xbhM@WxBZXv5D#~A46$p zhm5d;n0}C5A5)VVCXkJ0!;pa!9+LIM^W++(PRlrZg?v}_$v|C!)DI0lYn|tKE(k#i z%p3QLpsSD6-u6z}-@iVf#O`0Ke(Hq3WIAfXpJmNLnd`|b&lUZ$RwXoU6YidW>9f1;I1q;?ek~JQTRta{!M`!xWfi1 zZFRJgDd^(o&LNH>XdHez-WY6~*sX5z?9B44FI;O^s3xo@L!RKX z&M4O1D)U@y*WbUJqgZ>Z%zJ4nKxyeth38VY>HI$FWUW!D+oJg8Xs^n7065A(!DZmR zjP$~>AYFmfyILq%8L%FBsrg0(Fg~F$&+)v?U2vHH{AO%xHY_X+zTN$cq!}Eh0<^Wq zZVyd8vI~`*4U=TZLwv(Ryu5i@(=f{&~vHYA= zjN#^gr+Vyqqk`VhEu{C=D+{3_Nkg|&e6F5*0pjk!Q!byo3UUGaZX;4Jp1T2o_>1fj zA;Ko}09K)&+|OpR4J07!ugv1ySQulxJ~{qQ>~NClC97-+5Vw*eV)jeRc*7aBj(k8nIuY28PW48;o#7HykGc1Raf;j^WS`Qg)2>!v7{FAO5v2BJqW zKDw)Om6{|HS@{TpdvWb}1B*2^m+in^EGriGxTv{(_Yn1|aT(fEcumaZOF3rjBDr(hv z)^u?9j9zUsO6-=DPb2#?hQum{O34pN6`7D@Ir6`0M2PI;l+1;XFbiH7R4GPlA1H7SR~k^GPy7*rd=3NduBT zb4R^7CJ_9S=ez7aNXkRA#=-HCxe-8)qZ3?^pMKWnD7aJ?E3*#m`F4FjvmR3pwwS5( zLXGdnO8FSDQ&^VciCw!H1X|3zJ(bL6)=0F$lpy1AwYAM;ZMB`fTy0kj(GupKv9}!U z4Cf^i&Lpc$Jo8!G!0bBrQCGFwVwqHbKt<`ZRl!&LBZC4jchlE>BF-RKp@sReEu|Rv zcts91hvXM_kp>_31ZeUl}!ca-6yJ!34UNRE~;4OPMg z04q@1<2jrh{rhVN8gTo%b9)IP2|=Zz058W!JV)arz{F>WU&1JVyf^gq6Vg8##1dyoBnlm&0ya!TyP!<{yG%)k&^1UR=;N0&qlVl&&EO@C=x~5| zd=Yfu$bgy=2og#*m~Xp~CY5Ljn%Y0;N{1kW%xjItSEoS&D;g;B!_g|38Z$G3^dMxT zl1%9~Ij#X+c0UXstSJM|#WiqV6&_T22|1b@f4=9wbq8uuQ-gQqUNzIpLz9&|iVBWG zYS9Tj*-_l}PTE#-}xbYpw-&SKc)}D2Sn#uI~Z-Ak&x*-YF3Oovg7ig zgj86z3ay1U>u$wH07Ou5kwDkbv1`5XFit0q{kK2CEx3h1I^vlOoR@qbLxtz1lj~f#&mLKfh;?sPF1CuD5ve&CHvRCYIw7*%$XkGj%4t$gXfP_o@a27ktq4W(b+V zC=cM@*wp*vbY{6fcT>#}IgO_=X?gj1k!z9tW>NYQW=Reyhc72TM~9U@pU6i{u$<*^ zkjj`0MIp;4tEh<0l1j7f(({9vF)a9N`~)Id0u^n^67DX&Q-n3A|X?*jwSUih}i@f`)khDiZn%Zez%7_tHtfB((F z1h@`e!>Om`RDta|r&7dE)#r!^sg94SdWc*w2h0^IeNx$xW(5(Ruak?xwqQA6UuyRu zT{(e)g%L}NcH!xFEFs8%uxvNEy%fIy%_xl@=j?C|GtzAJab*^$$#%qEb#RBggC|

c# z1|)lGV57x5_IpOaaV-Xb6+~~m>lbfFb1}IlOr8a@vNE$tcI%D92HRsJ zgIs-vJx4zDeAZ>Z^}hqYM|y3&BTt=Smyr=3KeHZg9Qtmw%BEZm_FV4@UJp=NZ&hJ8 zDzSZ*+>h@yvz_ypEi zJ{{mGouf~1b|+R=qmr`9Z@|u986k~0@f7n}vH4AkR?xqsK_%G>r2qZCgx^}#z&Q=* z67S{Y9OT$DwWUqmKdoIM_D;_VtiE=ULKbcQ(z@~ProaPHA3(*QIAGKd%0LE>i(fwT zh5PuWaf&Zu7U}`Kj=s(_-(*#=oBkrO??98eNQmPz-uUcYsfl^R0Wp5B1vqTw{Sz8kH+xUwSfpO zdo|<~=BOwgC_$qk->9i+&ofg#LD0GYW>3+`P+hbgD1a1QYUAvxl#9S%FxczjUtWb- zEOJMi&kq%FZcPD9SkDm_I>;^Gj8*T6^1oM}x6ZBnRcP~HjR&M`DzikSmO7J}OZ~o~ zqwAD2>B}aPZ!-Ywqu5O8?VyK8G<1Zt7I52;<^EZ|9*f?>j9GRx5AY^H5v4iJwUgvvtHEG4DDWXdVC` zy0A0HbYJ)bJ8CO7kfA5LHA*YbN%0luFfQcAiVcRd-12b6c3Rk}9?h!UbH}*qOK4|u zbNNI6eG;Ld`U59DR>V_Vdpy3nZhG9Ao>p5tSa3wZ+ zR-N@KY_LGMPT3$`iNNIATOWYExfIwFb@iJe-N_A7fYX=o0Ibl{6G4m7p`pcdj+|fx zCmT!n@qbHbf61IqFzv=5O$qn6{f3;2(`9-#ZWXX^%B4C0F7M3A_*JU%`%-W$B6Ek7C;t|-pUFJRw8Z`GNs!I)_poPu&l z+E?@bf#WpB<0TvkIN0CW>=_UbFniB%3NoLdn*>nykXOk56}^3IcjVP!88Alib4DaJ z0YC-zEb9bB_AI(3!G+?gVjxSysVvVG-LZ6Xn$KxB1%{A8b#snH1&=-rHbP+u2sj~7 z@~%=c9Fth%rY)Ie#9SsNyO2y}F>?KBL4u3dZYnm0LTsvm9c>dqH%nvOT%y&NYMjp3 zgvYqZ7Gbw=iwP1cg$LT+YO1zX&xhNn=fa_C_l2<#NyU7KjbbhYs@QgM$T5=aKd$W< z_UvNF$B+cY`;fOGKSDy?b+V5^V9fiVw?RLG{*4=?+r+(?y$FKAS^bZPu(fL@zKllG z>PjLZuQ(G-_*x8i{zg?4hZ#qQhcMEvJ)EeWFm2`F-~a+9@SNBj2qYDI;=Xx-IA-kj z45=X}tFR8ZkXu&Jkd;HK1B;5dSea?i*4BZnRA`&Ao%opIH<$moj6y!7aWcr)QBuUm})8kdqtNW)>5JUr{Am3Mp6QSSdofPpJP5=t9;x$jPQ?a zHPmWjT45=ElW_1PJUhuxK!g2MejCTq-{qfl+F|E?} zQ={bwd#Km_Q?^h%CqFf`+BC@P`Kjzbb?v+Gg5#=xl9jkFS5s@KBkD@W#>OByj#0wz zhifP`lp!U~q2P@6QE;@N_ONz{fm~1{%-Pc$3#ioxEh^pW;CNJ>=75dEB3Ajs@(5Gl zXsx+$lrpfV>&!yL6s7vPuw2rtlQ=whKsn0SE#A4Q{*i$5V}9ANmrKw*-DxVMF0~|- z)vINafJNcsW4;mr$~ho}olD#lmvuMJJUN04Lz?gKf)@e)ra%HlpRBI^J65W z#vuI)xH9|N%WM7DmPyOE7pPtni??4|gk)@l`I_|FA}oVt@e^sC8Ja;vLM?`!-Bp2$ z5$=pSEnx?-c0Sb1pu9vs-IsWNqCT$A>&|w zlT5$F6%+$On~p{J-ufob8gDJ|ncdU(&Br8?&)h9iMg#MGI|_L@KSKEw50nloZA_R# zR&+um@P&f1vK=b}jltwpJVfuwq;Fk7*}zHQySK?PurhkUY30PTpt#5B$Z08Wwts#lP$-6{ zE!QG<7rF9PEPXi0|9uM5_#>^pC(Vwt#^1j?<*spMcs%vsbq56N+4YU2#wS%1eY1jA z#lN21VeU{#)S-s_qw^>6F&tW5J9PYW*7NtI_q>eyC!DnN`PdgG`z7gRHM4qyw4spz zJFpS`uEFf*NEqL0i(5&Ce+!|a@cn8@)U)j6cbNy7 zt8`P92MuwDM8guw8vtT^gTCZ}2AO{V@C?Z8CGMmN^63tR15#H6;Jg$6`9ETvh`ra= zLdliD_9evvE_%K{)EVqtngV=cuyqUovTcIt$$(SsZJz&jcDk>18UlCZ1%q)u97qD3 zx$-|S0IRhxIrq`v22^H{ZDK%b9o&TUSg;YgbO$%DH6XSn{n z6Sm(a@;N*EX=#_dmzEtmNx$MWJ!?m1Jxr#DbfL~ZnOtCgbt^DFIAJ>RU%p|Q4pl~F z94I=c+-EOnj8fhCuE5<#+u%nbr9$=P4(o}cLw@)i6x;3t%s!CRxA&=0T&mf*7#@3C zzmK}Qiu&55TlU|l)JkpCP94-~y1o?-DE$ZUtm5iH8B{9YI;kSqTo&_@cl(k}JI_Sit z?cFuBE3_1`7Q~Wr7QlYS_7*62$G_(YDqiw_dgTR}Xg{v7Xf9bq3O-asq7UQ<*2Hly z0OBMcF*N3S%q8}ZVO{Mv`Q9N^uNmDFZdSRsKiD;u z+Y<;Gd3pYBPK<^xj?R>7BS!Cw$7@|lshD(SSdt8LFT zU-bjRqYe7tqiAK}@ckUtjzIo@A0vYXjto7p2+X1t5xWOd)Sprr=4B$9jUn*J7)9|M!~$O=!FD{ z!zN%278On;p5voiDT`RmV&xTQiWD+z0JLRQ2_6ZL=$5+b5j-&WNhy~7=*St#5ZwU~ zQ>%VH3;c#Hv(D4HLFbrSj%VG6H6MjAsctu=k>2| zZ*39UANZ+PzohiRg6p3O!>7t$wbKS8khR z+$CMTeX|~*0K8$33hb(BQ-8%4+86ZoN5|HMnvb3S^?BITqo+nAnF$Ntp|%3#P$ zdz`VZEgx3P&;NXc|FBwN|2%}MOPX1pPl2;?SiWmn{7ITb9hx`ch;<8jo43H@i1n%4 z6FOyiHM(DOa3zhI*a-ON(z7Pi)$uJKHuP4wquwZ2*QhS%FKvzw=-4Ux?OO+=xV4-? z{qvh^DhF*4-!37A=fFPCqwO7W^Lc+Rvp3qZEZ@9HY}T(m<+A_9$t7AFM55= z#qocKy1sILnBEDt|1>z@S9(z#3imQjztX<()$q>L)zdR2uKS;C-Cln>kZd)~%qpad z+4=ods4lywh{6$5o;H&FFfRl;q>{qpR}|&2cSQdL%q2|26~sc0c^pyQi8#nHPa>)- zNfSBd$w=L8fXp1`NkE;SLr&L|C-@YV*O7d4@`u9w_og!mgc0Pq-M$mW?1o4~AVGn= zp&S|2K`JNmhJ0eUZ|S4Ac?L1u&#ckgJck(WSE}f3o{Nm#2H@u~&jH5#By+m1J<-qW z+J`gs?uIjvvveGxZL`}_vJLpY9T{$>v#PX1bH$g8Lm&Cb4L>-Rk|8U;BIcVhof=Xj`jI*-lg&#ay6 zMV(84%LK?08j)8WRCYL7LOt=oIawkuN#fzs%`iYaefy&BDu?5ywsT?g#q_MLtkpo_ zwOVsGYGIB3z#`UK(>O8l_FS&p6DPWRF1M!+D5@6@?0SA;0@`19@6=gUHhZ;}&qweN z1qG$3Oq8w(Dic*_akN$fpfC#ZYL8KFYKTTqTmvFH^y}sl zkQP7GlGC&ahzILQ#HkiuLNIt)?WeW z(a$YF1AFKrPZ%IW*o0miE3-?j`t^YXy~U_AJ~X4^L%C!$#DseBYX_Xs>yY@5pX^2jl}uV+`8Suf+tOD`?Ees*CYJYnTlcuKJx_ZN zQr_Wsi0ggiz)Q}moK#la_4sca zjaoF0I1A(>V*qgGLFiud9ldumeLlKt*I)2SaiGtG-swX8vy6AQ2|tO`V?c7H)y3>VkjEaD(E|brxbaWJ}(Z`+_ln|ql>(`qa^4#-Hl>0qy3y2cQS`(v<_~)_!x{0vb05SC>AouDhVmZe_0T=BfRT z!e$?M)9>%Sa(ptLFKNqx`WLh-Du0w|Yc+lo9AB-fBHwsPU*dAEZ^#~j1aP&0sjPvL zsTu7l3It5IKK~`axtW{yb*-|&TLYQ10&`LDDmM~pFTwVjy@V}mi^ih+ZGfpE_#z+w z*4!Pf^6&Gb=8CXiz&dtq?W5RBXtaR0Cy?`Hv9`jk9yMc<sM?WS?I*Uj!Bd+qJA z==u|N{s~imt08@o)N}+lkbA8^T}z-u&KFz2-m6E6zW2oJuR2i9-=EO#d6B!-y+Zl- zIZXEiWwh=UWUr7QkS3Q&N5J0<=!C3_=}Gg8p8$5C^>GE@9VT7#eajwLKP1tw0^z@g zh%cB!17goR<#KyW(A!=)uQahfY7LHw$xS*wO}SnIvUl{4zKJ!F>+tpJ=Vg7Gd%jY> zHQ{@43o;6_tmVLN@tNhL>-UBFSi2#4t$7}z*Xn7A0b+0uPLvskdt1E~4b^VvHv z;azApQ@q>qai9GB7VI*r3ft8QXO|HHvo2PCVQtC2-I@=R8wA*p@_oDaCUmo7-ob#i zr`78pAH`8a!$xg~>5G^0rZT=&cdWXi>ia)q4CeNHx>m^_-xYJ-L5Z#<`ND|>g*VNPCEUcy2UcVws&I@PNNjI`+F-9Fh)!F1dJw_v9r!56n&m zt^0TP*I&(g@tMM9>wb~_)GCzxb>C6MV&m+q9wevfy|eV@>LdT)IDju_NN$w&Wo>T( zJWxYq-??AedEuq`dw~M@hWq(LSF7y`M!s)&e%$K!C;20S*5%VL3tE?dS7yp%J@MmY z?s}!Z%oT5I)e8m~%WRLQEjK&G%AY7dT^O&DbqaHfRVs#(F#>&FaaYsjJBb;jsWLMt zjDer!ZmZpTo)ciX6>M?EFl&iu=qp zR3~j@o{3~Z&%j_PIuRn|9qwCS8dx^oi5q#RuNid{M zP3?-eOGj~YBh^Wh+@;Q**gd{4XCau}W9!|M*U&lHdyekcLC&=A<@PIc<-BVR;{h3} zWx(v48kyrR?ahMFo@@4=?Jc^zernq!Yb=|^!Zu*y zn@M}*sIKiNQc3@QHVro*AT$oHDvPyggRK zj?NwSv|I`OtL$Q|BfYA2TUV@e%81*tURry5@J4okds(oI;des0u@*3Tf8&^vvsCVziXu_HKzFQf9Q8qChA|>8Jx;NS;=k+vyuKSG{fB&Q0cah zXv?q5{Qpz|dDTC&*xd)ixs5OD3Y5!Lr-w(|tw@J*%Ku9M>l^Ew4U(NRXHguW*2oh> zw<;fVgzi64P{UMG0}%)}=L;A)ru1Ny$<`0PZ=LWmTsf{Y!&l|zeZb3NU)JG&iEw3Y zF>Umc>z%Q6&+)ApBySZ%v*%R!=BzAy=X?CU-t#(Yf0xFQp?*On)*o+!!IO|B<#|7z z4&^Rv;>UQUxSh0~^nb)n)V-Hq0#YX}cf1G!x|4NB?KkRDu>aMaF{WwuiWmV>18J6J zRa|Bb?u z|M}+M_Wknvt&mdl!VCAB1PDlU zovkm^)e4N;7`OeRblCBXWP#v<3*nWj9p9o@yxmTnm+CTIR-nJzGnSfsOnU~exFP=A z6ZbaWs^GmjpZ%V*#tyr|DOOoUz{+ZK%wt#&19E&8xa+;#-^znQUUPo2sDBG|C?iDW z&-;|{lV0r%$$UcBZ%G*Rgd<1l(T|aO0bD^+kfh!p4*_kF*@%eZIiX;Zk%9mzt~H>> zAkR3=h&9z3gU`mOZYn&H2=Xf^6b~)5_{OLqn#^V8ekmvmA=1aj?$|=t(@ja)lW!LU zOUpmPp~#Z!3b0>wAv^_4IE1PLu zg$`;k^wYF&9XudiU?4pCCq@uaOefd?{0@<| z^8(uekD!PV|E>{9MVvi2iRo-hRz9qgpCc)%3|dgbd)81aizX#$-`*FzKP)ry#V@~9 zpnTMJe_3#^*IG?wCq1Tq~92n+Uep0eK` zMxvlp8cNv?MU5)}vTH{E)*}fC5+Yu(ecU2x{K$1iKx2G!$pk5;12&i=A#*c;3AA;f zWoV&@H~r8hwy^tvv_NXpTRu)^rLhags3GtE^nvYVm^X#ko%!B>*zI0V_s-C%3IRd4 z)DVE*U$ zXB8;c0Xgsvd;`CMhmT~n&k{BJfA*Z|e~ru`9@^39-|%1fpL~FqwZPhMhS-Ty%>WL} zYX_tz)QJ3hRFskZ(sGuVtigKi;X{Jt9&sY}n3)JV*H1ZZupoI<1DkG~VQgllh!o1D zt&9XxPmKrSVXA|SWmVC#y7^+6_H#g*}Z-;me8?Yo3J1j2?TOy)#${b6~R*GQ!L^XqAop6%*&|do(uUVPp1;LY{Lo(fk8l*oZga3-}2vuqn@L z@o)RD{jYwXD8Kg)NIHSM2j|^%=|3(i5I;vD@o_fNo|8%NGgAhqgdSuXb9j>}DbjVk z3(;K@^RO{o$3m3)l5|c-5>6YaeI#O9kZ7Pr2)WjKTdTdJuyBv%)fo>sLQI*5<;;@& zh9F=C_a*iBgcaMzbQaM`bD;7FI<)kcR%rQ0r3fM$1mmfb=u?+G`;ph?1gg;Pm}}I_ zU46GRC)uHkKuY&$CJskDa5uw7!+y11jZmEd8B1Ed9OzrptBy&#ChZZzl_y3JV90Ab z$uEB6#pe+X+eX3N0f`*P_D6Eg-&3d?63%tab`+9Z*4cB?V5D1O2|54VZxz0%3(@}wbb~v$P zR<-+wLI^g~3||%A`m`!eRzCVp#%!azEaO9&TZvpqX=bz#4<}zG*>qvi7}CK(gm2od zzzkh|ZTi^+`Viej8U_qTB`H=8iKgqMx1;AN5b#+Vlc{P93{(FL`vXPiIV>4^#$|aS z>P>UW&w){yZ^B_>A66jV4&-_CJt`9etC7^Z3KH3n>`9k&bcG)PV2VjSaYGi@U#_gK z+++|fI@`PU6rb)&SS@~uVF0Uqe+0)=qM6ar3C`Lz-ea^bXs808kLYnBr+(C=+w6)T zY6dJAC^nVlDAO5#>20UA&=tZIX78K+nP92e({3=d=18weP0jE)MBo(>n=&NqlQE^KkZ)xK`l9wG zE>HixJ97NwZ$UHLjp(sq;VnFu3zUah?c=T;LRh~XLWBzLP6D`t_nbKDAHFGfxD)%* zBE-%j8)aft-i*AR8Gy{w+kNXa_Dwo`Gs zwuAhJ#60KoZc}Hp`Xnmidyo`jw2|u;ynCw6-mO?l^+MwU$FNz|5ln$nd(f2sygxBl zMnhPADI6zz54;`s%zt+;ZvnaW2b0J1J$7cW-#>obgg6OKY^AJ!!w~HwYX@etCj+!! zl1X$r=GjhA(V|Xlb-JKMX|vrCq2VqoQS}b1lVzZ{o)z;GlZ6Cf3AziU&?d2!s)ytT zp&^VIf)`%4m-s}x4N4A2m2>=R3R96P@0xipSo7Aa}1KRyte~YP4r!|UN&T3 z27TW==?}(Ct0h24W=S49D7?h>zZb;m*-8T$A(_`dbZst*IJ#*p)iUmlFTr_g$0P3( zsrcj($&x8jLR|EPdb#Fx>QZ}-4s8D%8{E0C0J$}FrzB#7XkH`&Ja#i_k1j%wNF-n& zAxA6TS8JCvvKD6y2C~s9F`6s+ACnd$Nmhy=IsV~O|?(ChPz zvRq1?wG}5EH^pzz8*;f$TMxA096h!QYoOAWMxfhQ=$KaKE!sz_5E6FaRNN=XI_?%u zcIU4R`fRL^wov07@zrwhfJxGrMX_Nv9jBjLAad+wlLlSJO+`yb_%XrGSLbk5#Qf`H#% z0{@)7C>H7*b$}zg8ahgqzoTI^(|B)DIo+XFAaAsK3EH4;ycKhl8e=ZE-0hpi9h$D) zixaPHTvU6s!qyi5m6a1u&C;evIcHF>r%+E%qJuZb(B{Ke^*>i3+gK}TaqnlNhSSx9 zVA@&hU}x^z1$Ei)z?M#hfT%iabsJ-+IjN?YO+7*8i+5y97w-_8G#XTgh{u(Rr1!Ht z38hjfESRB1{d!!eO^3p+4Gn?4#QrqKJTpKpY~H3`J~?UQi|*IqD{yvCHSY8wDrl)t z(*cDsb*@ZHf_jXSUqMeR2`F-pZZS`8V{(11c+ntH{A^@#=18*hWmm*KX}rtQH&uDW zv{KcT`CiG;hN`O~R$jF-xS*OWg2Rj;K&OX*+8P-GuKW15(l#WVa8FH^fg@vk6Ba%! z5IcI@xBK8zxs}w$J6^(22s8FjLqx!{LA|>E6kf4FA|5WMt64TkB!W>omTvmrCuMF! zgAr;l#N4(3#%*J@ULy#|BN?VO;;#GTFbLZ3!P&q5aK%B;c^Cg^?7DJ}a9?c+PnEO^heoO?r&G5R_6T(Goq(!9Ds=M7_ zZhi@G6oFB()v%cgFMCrJqz2CIUkSUb61{`9sUIqctZb3gh%B6*Pz%Krl|YuUO);k@ z3gC4CtV9=A1Y1gn1)Bq8@|6X7_;_n1T3Sl@`Vk>sg1d2urBOt7%Wl%n39*bO4TsUt zdSK}w+HlA?A8mHbK#xddO267)yGoN>CvD;Zpz{{ASnGYDNN^8l^x!&H#n~^z%&(N9 zVJ=C%8~|X@oLnbCPVqG1ydgK!#Q-hc6Zh7A`7nd$P@@aOLb4P2;$EfzL1M9Lf>rWP zUZUk0wQC=ug#^dKE}&HeJ)1l#DRN&@pB-V1wLwN?#MuJ0h{GxH@YV)R zIV)VYDo>40fD$9-Y1_82h%DG5Ni}W(cv)y5$QL*|&v^*M5z}Y@SQ8rzkSA^BK*xxQv*GOt^ReQg z(7t#6EBUb1)UGGe{AuKS;{tq=}iYH8#sUhz3_ES zUxvg6UEl=wrUP%IND(S%rEHX1kxCC50|-|NU|vRD5D;|N6lxq$2cQ|M<+yf_F3iVs zMI*IK0;6cW3$Izt)quOvICZ9BOI;!xC{5{iV`5U^2I>}gnv!9XTNE5DHdtw%58P^t zZk&nI>ov^6z=fv*^qdAW98A_S#W*0xf!wFSju3hZeMx(Ih~S22^QO3yzySw?r+`x0 z&)r0{CgJMct25kkv1a6`)32s`o^QF%0TIag8o>dwx_K>oQAG^U&;j7&)PVqdmd??bbL5Cw0>WU%9}s((8M0AIIs#oB z0z9IH8V-OSi6e+f&6(#FOE%+oLmRS5uo{CFF(VEs2DUJB2b<@IeLR~GRStwD{)U97 zka?Q+&>fsRaE+bP&XlL+L5jMS@>g9uB(1KFMeJl9q?N{phOFU~IuEev4E94~M!B=V zo*nPY6KZ(2O}iCdB+Q#+Pk%#Di6Z>a){|Jw7nwDiy+SAREPBPPGW_wCPW11m^gwakOTZuWrwtlQ)*cSEz+qij>QAL zyWQNuf;o%@QE${K0n7DrF8_5oms6?9%NE#PQ%-%GYyGJ|`WSe3@?vW<7u%6oUWMIu zPP?vW#9R`y!Z5s8{InI|@us~&8ln(gYZ4cHVF7+Eh=bourcBI5?ojhK*km1S{*=>M zd*~pS&3t|RyqUh1@^p6eS7Pie3iP<2J3d5@BBSwq+A0Wjkq#-ZKYX`<(#sEc_Q_cf z5P+v>{+UQIRWYq%1Byja3ExKaSdgo}whmdm_QL{M1gm&JTs*B`fU>&rj_ct+Pi1(84QkKSkzSQ zWT7|)9Zg=24}!tZi(bJg3>rLbtBF?uU1XN=jn-|MYbUPLm~DiH$g=XP5g1o3xe76< z1XM`ZACR$`UNN1x3QN|Ls6D+<_OM|$$AO2;^&kZMRN(395Q=Hq$1%$Ec6-{kYhE4n z^E&9K-rpWw?-Rc<2|vTY7@VbgoK6FY-EoUKuSfPtjlRJ{3ag9a?e+q*YTQ0dz&Qjm zwcW3)R_(7x|rULt_piNtV|q_r!k8_c@|!I?onY{LTWHik8#mt{TC1#^ttwLY1!JfSvs6c zJ1<9My`9=LQQ4P6BQCKn*KPJ!p4LaFK??S>GF*-wXv5u{1UX^p4x;h0@gXm;J-l4j z#W=AWy%0BJkcGNI*R8vV74^59(BNG?brB=i&SK0k6VT@}B}5@Q?1CESj{4||=dcZ& zF%(96yO%wJ;Lbb`?3|t%*^Hw-6`oB2x`DZZ#^iHldiSZ$J@Ezhjc&Zx0qDeZ#L59# zOH%ft$uk#R$dK@>n6;dauUx+CDN`bFNaa^vfH*Mh>J)rJ4M5svGZFhc&PV& zl=bWDw)XGGIoqjY9HJ9-P(M%C>#BF){9HCD)3&I_!aDt3&E+Xs>=mkeNfgmTLp!^|8Sa4C)R;{WB`GsZEHk2L*r` zz%&v=ztUPRAjsaC3(JO@5eNGQ44Cj3Gwkrx0im|yV>d@{b+D;pKwdSeYCwz}lQE+^ zZZYHGG}~!ebTP{(K^Oh3WBgR=G?xjxTfXon$a%!At<2k6#w|nNT2hM`YNM2cNRMO^ zo+KvIOj`d4!c~+ms2 z4iulLk2_Ik1FFHmTDip+~Q1`7!if|N3Y&1q6Av9&r`EQ#=r=Q0rNxLBjIM~@V2PmB?3P+3`WFPcET@C!=a zFW06YxhOJwCg7ytH9m+7RkrffxW|^>Yl>q-AZ=DdT<^Pw4}Zi5#!2Kx7n7c9@aFOx zmal(-5AfaHAB{3r9=gx}lwX(B#vcX=^2Vh?-M#o(vS?zDx?-<`&T=%MxV(~Q!uz}L z88`Uy4a+r^a09Q?*D3jH@E*Q%=Q|92P1NTcMF);Mo}P9|8K)PTb|gt0@~jvx6Id=` zE9vWF#$Gt#+RF7q;`V(_6ycW5qSrbou00j@=d+Bdj`6bT>O)5Mu(knCj9)sA%PuKo5mp68Q^8rtZ^R>Ut1snJh zuHZ}gpWr_IkntY4kuaAjTRGEK&)Bj>6N{;0)3FfEV0+pevUp_Itn6{w?XGOBVD%^- zQGdy)Mh|rIG9Kkz5iVX$s(?>N1|GX72k5vxIu=;LbI`|Wc}$7J>zG*JkzSk+%7f4Z zTO~vHXN|Gts!)D5GbDdykqa^z0unw8j7he>~)#SmI~?Bt19z<7@BICzeoJ@k{Bj$u-$(`=PAV;48tuD5mcIq>mWx2~u=gSMuUwMXbYB#*HeJl${C&;AA^tc)~8a^57iVR(XZh z_%G(}PsGTR4#5o;@nHm|LnI{>?Y4V<+_;wPnYzwc!`LIh*sA4F5Lm}zr|KT>H@4zC zSK1j$j_|Hay^7eBl`OxOFP!)}PUE;M@*$`tQmV!?ZSNbI6Pg$VhR4>_3sV_z=5CgL z)04eG~yHxyB5G~D}|C*gi}FIql%q3r}98Ee?*4NGA^-lSN5SGGGo1J)-a!G#3nru?G&G$opLCe z&8rk=F$d@}1SA8BdW!>cieN(~YL8RGtw zj`_I@dE9Ikq7$27b99w<1v02--3B2x;ualj?#6CReVskHIG&AaA@(XRifn?>^|mB_ zMER6%3jv>}NCV!dNCQ3v5kxAuNY~Sh7|f{|d% z_vMWQ*M{Thmr&};vo@s9hz$*~5Vbk^tD_f9s=qAJxVSiLtZ2lD$MiSV^`m;i|ENvM zg&p5wd(ZZ$qMZ}sb&~HMks`}BEiyJtfM5K}aGz7ExApekyQUu<8f9%hj$o3Eiy}2t z#mCOk(XYX}snfL=Y*$&f&DSDV$Hq$cw_P2Ak8i(6d?EaO`UjS2IDQ_<_JblOPOZ+I z9MQ5*Qt@z}Bx!YiqD-&7UQEF|nkmyw5!Ja0>=<@8DWm2&Id+)s+yM@2pp8-3_zNWI z0i#RKR=C^S*1%IU7bnK2Za1Q`Ci5u69{xC#@xUDUzwPMISs^~V{ z&%Ff-@4SyR&3Kq9zBhvbuSn2_6|JYl4wh(q1Qpe*H3=ud}Uqajeo+z?7A2B%OOZR=$&eXC5P zAl=EL^G?qlx?MqKSv8$ayM!wqhz=)tC)#H|0={#e~jemx*0?Qd?@ z)7QnSB_QJRpz|u;N~v9}zs*q7at& zFw|>JRhQ+XAc0Y#Rjp`h;gh%v@2q=nIY>^|P2)op2`Yx}=|%>3n$C=_y4IR|&1a1x zVR<~XI^!6u=%Jtwh+02Zv=2cZkU$zbJhuW7qQN+-nMlK#^`77pX#%|60QL&Ij7vdO ztC@OQY-X@q3)!&zF&a;=ugD^lVyLqyv%h6Bu4G|7(CZ~@~d1+>W}A* zC}zg^HnG*)HSbzpc`vcp(;-g~Ecw#} z-zoPVEh+NK>Tl0u6xJT3i^XFr&egN+=jJ9d2Q-%l>4X@ME41giE|2ac`IVWAkLixS zlfYy5NO*7`P8VcBf{kN39uYRJsH#4t30VVd{eVgfN_b}ZjF>|SzE-D5k4hU?lNV?!6UBRd3z#Qlvs&UA-}Vq0sGHB>=2U0;25mmj0slMRn~$Gp1=pg6Qu_qF`__W*jKrSYgf>$cd*~RaWtxiG3daZJSA{6#{9o5 z*qM@aP)bcrF9t7V*S0 zZXb2i@I8d;AxaJHhb>T^J9ssL^+1Bh$jephPonbu;tghyBMDz8i7~#vCyCA&HHRPO zb+vW5D?`g;TcW};q6>QW{7K582Mf6DkffKW-jBkN2B%L!eHVVY;`&K(e6D zmiMy^1$`)!7u*INIP~ZrLUnPcCbLhPzA1E;IAia~gf_0pep_|szi~3liF0EtWg7v3 z#dEX1&bS?|m}VdL`eRrNBY-T+mfG`MQ(PBqu`3F{LI-DJF51CvHOWG&=K9p>DfjGZ zX#eN~sgv=!e`dNY=9ptnqBG>q)%$!-{|}H<|JN+r0JLt+6~kih62Apm)MB@TUfV6Vp9)^#HasW zO59?F%*D#)WK^<+bM=%!Eby7AI3$7;ETI*eAsq3mDSOE3y=c)0gR_x{Tt&Do77M!; zcTvTn>|GR=c>ljwU_|kwoFdljMI~H)bVQqjqZcn+H=(Tm0CV=O8yW&}IEEMG; zV2i~@t+$vRu8gcgwM5Cko+A#U59e)MPDDTKT>*Qunvbp;p%$s;M$aP{Hyoj?z5bk>L2qFq3ji6v-Zg5O_ zMrx%bmk>$B=nk7TExc?zu!!e0UUqX_Fa9|Vyw7u>*jLwo`g-)Tv+4wKo<)D8{DohJ zLIj?3qTl`NqCNpw(lhm9YZgEiC-g!q1yC>q{^E|aZIEDiuIiF_dw<9mvFbfOkgY#d z9({9MT7`x|yliRwjHLuRW1%g2HzS2ESvz=?Le4q_BFaTT)K%1#XZC4{=5!T*VV3`9 z6m}MNGSCXOAgnU#dQ43^Ohb{cS4I@noMgbjVkxsYSVUCP$!!u#@(w*V+dji+2UFjh)oky|!%>afHXwAU8!AV_^ znOE+Vvt5eZ#g{aXND&iSp)I`K!owEUx$RhGm4iE(l51ZCbi(1aaRtM{Oe?5}-l~F6 zY`mA{Z##{6#^_)t+2|?R-Gg0vw+|RX2E=|3hvE#qd&iH)dEbqG_AkVHB)0j`Z@KiY z`^?n3E7~*i#(fi-xv`Lu?bP@inQ{--DVgwO>mCPqx~ zvydNRa{O=k$3j&!Q0}AGC4y$jPc~R(YzBfP)Rb*|QOT^_&wLD~(p3Wy=)ZXuTIS>o z<#}17S4@q-j0)L+2u|bTK}-ee%7}qWcWRuV#jQ^w%i6?1#j81sM`lGgB5_~mV|2<6 zjhv$1gU|pN5kdhRvCU2Eh_!)rY_kdSK$qUBrk>SA0i>l{Xn2pfH)tsWwU#fz0BGvO-dIp0l5L`FP=7EvPctPI_lY4^mCB`*ejSr(BD$q)vp~}Bh1V=hJ zmW7J4L1H;9tu2k#vCk$5!NTUP_}{Dppu4KzU1kgqyz9Q4B>x5izA{yXam0kj3GRpu zup8)w;(N5t^t zHsDSxC&|BoYy;bffa3->6BJcN?4R5@9GTZFq{d$}DB$!>w=!?jvC!?M0LP&}Ep6od zI7jTU-@tkUyA3QGIO5jstgy?PI?=T6l`XcRX;&y}6ZK|`d)VS&acAU_PaeERgbg-C z7qgBrqYGvi?2H@hj5d@Wb=YDLGX`6zsaFk~q!iZVRLz#y<~Sjl{c@gm8YLQ!RvZ$4 zp#Z&3Qah4!6%-0k0q?*&ZR$$g*R?}imGfobbqQWZput~tV)rD{<5>TS{O1w~Q>75;K9PlCZ)k-J`r6FwXM{AkxJnJVs&qUax=@l(ikYC_{x&^(&zaV^Sy zs`|-F$2xN-BeU$Dc>qF{mL`R@k`SH#;bcCQIXS!6p&HE+;JD`=QvCa^a+T9eicjl% zQkaK&l_9zcimrN91HyvqM|qq2)uanyumuRr;=mY$=39sUY~IW}+hVVuNjh&io4&Py zkJ>=M+0+iK8+v_r*McL6+bpr$9j_zBX*PoFFvWH}0~Y@N_~pR=IDzEzRq+cvB?^|V znKu<0yu06&$ap&g$NILQNxcm`^iCTlA|1ll#Mhg zZUNc3LwPFL!e#7*g}v#LN)9ugpa~@$!HIFZun7m4BfUm4FIzs(J6vupzx);SEqGmDy0)e7=#-s)eri!kDR*J!+1)#9X#940Xu5^G~ zy32hdNUqzo7swS=6ou7Rd;98i3erqdve5G?8n{gW>DnZ5&I(AGQ2SXWCj^c;VQ9Qbbu-S{-V{KMG)YX4@b_y_=i$A3&- zD*$}_)z|*L@_)CB{^L#n6o3E#Kmdri|H%Lp&fm)a<9=5_AbNIAWFEdMvN~{6`X8#2 zxM;L2-rGw8X*b32L&WhUagTJ5(MU39vTZq7sy3!>WkoS#eMf~QENsz6)FY7ZxA1(F zahg$)=7fhKF3HF!mwQ=kuTx>wjcVCjJvYc!0=DLqFlBAi!WY%!C%TvhEb7c}H+pH3 zJr%GiH=g&d)6atu2Gy5WDJoZyWic?Lmn7y{epYZI#{9e<0bKx|A{br~&DphKQ0Qa{ zH67%Qa}Uzy9JviC+a2nbR=K#yqf$`Y_|T(45`L$IR|0dNXiPAIQxdjF0#%JEdTJH; zkK^3M^8s5Qu<~&SK{}V$>@2C|{Ibgj4y4S1utau~?`ZLu8xk{)ePd3*meVAAV7khH z++o`S-4QSxK??E%TajSW>X-~2mF<=h|AoNzMS zqlZwU&k4N9ahmh>K>>CD?h=>hCAiK@;og;A9rgY0Ec3K*uuH5dI);QtGpD4_oceL# z{+)9k6&~5(8b?R61eFi+prFkFIn)JFHYXi9GP3G+V?@Xwy9B653G6@{k>E1=ukygU zLqIL>mEB5$RdyYeJlxGBPca*6;Y9H*r99i%^qe}nl$95kNH8+l*iB(o5f)ifc4u90 zo8nK6U_LAE2Rm30UukA&qh4J`4d&KIPC*paAXoNNH)zXTW=+$T5Aaai{zYe+ZtK+M zW9*2z!8>Kw(&FeUuR@(_(MlgNbYkTu^U|1M!yh64!3&r@{JAHlIt<{Tz>WQvjXe>P z?y4I@Q^Z$$kQ31c8%yC(5Bh+VI--eBQpHW4EgG=I0q$&k`M)PE9CZY{RG z6rz1j%9wi^Gh3B)&4{t*Hbt&|k@olPYFbAg2{>Jkk*LvT7xy}0)skDkJCGUCA52w2 zL{-X}ImKsI@Ml)|_{jk+wz+Q5#2&2c472`N!YokL3?Tv**Nd`(E*&1|*wt~PB^Zie z0=bdPV)}=k0zhU6`m_YM6h8psfmk6-Bna_CSctn>+;zG02y7B&~COceGZk_TFm%A${EVYG&>}IsX`Uq<2dk^ zIzS)rLulSxhvNg1EK7M(n-PS(Kzu|wEedXdJP?S>F3=~{f*>FV1VFIB4=3-M_3m}C z-dVQvXbn%Uk>~pK{YXTfGB#ZnzMXP#5N~h=^h4^HKmp*7W&?e|4${CU=mf5TYP6nv z1S?pej|(6N{6TSm$Y=rtu*PiO%C9`05trUUzSSPT&p)e2414F973bLhAzja7)7> zSOq_z4tRnowOBX0TO4o%2VvYDd4yZIB&^JyvqCDE1j--+UZ+~{3IqbHKp&7^-dx;n zy2O0iWtq*fkG(_Ju!c)8+wsMh&Y^S{iwJRihwk-S@_RX&TC(8!@>G_dDt={Gz)&{^ z%0SL8q0rLda#pV!rxMV$+&|{#rhCaW_mjL(2})q)CUIn#lKxpXpKxYfm1c{-HnZ0x zRs^!ltWZUT5UcaEv&%BpB;Rpw=en5ISyxYYN=A(U1o=oS0C0Qms*qAfUE+#tQt5D? z*FD}{_d7*{Tq{c!z5JMm){|jsBdw7BA9&fz6q4ry``wc(SLP`La!a`R7hNI}3N8Ww zo&rp#L1ZDPAtc1U7hSy6~A7CJg~Z)n*hk%Z?H;V%;F%^S3!d@~%zcQd z7W%M=*Zr$ll#i`AoCxuO4&uCe!P8-vxI$Q|5l-U9L@{Ar;z^K@V;!5<4i)2TSA3CN ze2mNGPw^m{Nnoud(>-2-5+d8JxFn>lzQ=iY3+qSuySUmSR){!1U`34I;yfMrHrVfq zo(xd6;w&aHmrK23Nf2n7_!ouJtmxrP;uMzW2g^YeO1t in e?pn(e,t,{enumerable:!0,configurable:!0,writable:!0,value:n}):e[t]=n,C=(e,t,n)=>(hn(e,"symbol"!=typeof t?t+"":t,n),n),PetiteVue=function(e){"use strict";function t(e){if(a(e)){const n={};for(let s=0;s{if(e){const n=e.split(s);n.length>1&&(t[n[0].trim()]=n[1].trim())}})),t}function i(e){let t="";if(d(e))t=e;else if(a(e))for(let n=0;no(e,t)))}const l=Object.assign,f=Object.prototype.hasOwnProperty,u=(e,t)=>f.call(e,t),a=Array.isArray,p=e=>"[object Map]"===y(e),h=e=>e instanceof Date,d=e=>"string"==typeof e,m=e=>"symbol"==typeof e,g=e=>null!==e&&"object"==typeof e,v=Object.prototype.toString,y=e=>v.call(e),b=e=>d(e)&&"NaN"!==e&&"-"!==e[0]&&""+parseInt(e,10)===e,x=e=>{const t=Object.create(null);return n=>t[n]||(t[n]=e(n))},_=/-(\w)/g,w=x((e=>e.replace(_,((e,t)=>t?t.toUpperCase():"")))),$=/\B([A-Z])/g,k=x((e=>e.replace($,"-$1").toLowerCase())),O=e=>{const t=parseFloat(e);return isNaN(t)?e:t};function S(e,t){(t=t||undefined)&&t.active&&t.effects.push(e)}const E=e=>{const t=new Set(e);return t.w=0,t.n=0,t},j=e=>(e.w&N)>0,A=e=>(e.n&N)>0,P=new WeakMap;let R=0,N=1;const T=[];let M;const B=Symbol(""),L=Symbol("");class W{constructor(e,t=null,n){this.fn=e,this.scheduler=t,this.active=!0,this.deps=[],S(this,n)}run(){if(!this.active)return this.fn();if(!T.includes(this))try{return T.push(M=this),F.push(V),V=!0,N=1<<++R,R<=30?(({deps:e})=>{if(e.length)for(let t=0;t{const{deps:t}=e;if(t.length){let n=0;for(let s=0;s0?T[e-1]:void 0}}stop(){this.active&&(I(this),this.onStop&&this.onStop(),this.active=!1)}}function I(e){const{deps:t}=e;if(t.length){for(let n=0;n{("length"===t||t>=s)&&c.push(e)}));else switch(void 0!==n&&c.push(o.get(n)),t){case"add":a(e)?b(n)&&c.push(o.get("length")):(c.push(o.get(B)),p(e)&&c.push(o.get(L)));break;case"delete":a(e)||(c.push(o.get(B)),p(e)&&c.push(o.get(L)));break;case"set":p(e)&&c.push(o.get(B))}if(1===c.length)c[0]&&Z(c[0]);else{const e=[];for(const t of c)t&&e.push(...t);Z(E(e))}}function Z(e,t){for(const n of a(e)?e:[...e])(n!==M||n.allowRecurse)&&(n.scheduler?n.scheduler():n.run())}const q=function(e,t){const n=Object.create(null),s=e.split(",");for(let r=0;r!!n[e.toLowerCase()]:e=>!!n[e]}("__proto__,__v_isRef,__isVue"),D=new Set(Object.getOwnPropertyNames(Symbol).map((e=>Symbol[e])).filter(m)),G=X(),U=X(!0),Q=function(){const e={};return["includes","indexOf","lastIndexOf"].forEach((t=>{e[t]=function(...e){const n=le(this);for(let t=0,r=this.length;t{e[t]=function(...e){F.push(V),V=!1;const n=le(this)[t].apply(this,e);return z(),n}})),e}();function X(e=!1,t=!1){return function(n,s,r){if("__v_isReactive"===s)return!e;if("__v_isReadonly"===s)return e;if("__v_raw"===s&&r===(e?t?re:se:t?ne:te).get(n))return n;const i=a(n);if(!e&&i&&u(Q,s))return Reflect.get(Q,s,r);const o=Reflect.get(n,s,r);return(m(s)?D.has(s):q(s))||(e||H(n,0,s),t)?o:fe(o)?i&&b(s)?o:o.value:g(o)?e?function(e){return ce(e,!0,ee,null,se)}(o):oe(o):o}}const Y={get:G,set:function(e=!1){return function(t,n,s,r){let i=t[n];if(!e&&!function(e){return!(!e||!e.__v_isReadonly)}(s)&&(s=le(s),i=le(i),!a(t)&&fe(i)&&!fe(s)))return i.value=s,!0;const o=a(t)&&b(n)?Number(n)!Object.is(e,t))(s,i)&&J(t,"set",n,s):J(t,"add",n,s)),c}}(),deleteProperty:function(e,t){const n=u(e,t);e[t];const s=Reflect.deleteProperty(e,t);return s&&n&&J(e,"delete",t,void 0),s},has:function(e,t){const n=Reflect.has(e,t);return(!m(t)||!D.has(t))&&H(e,0,t),n},ownKeys:function(e){return H(e,0,a(e)?"length":B),Reflect.ownKeys(e)}},ee={get:U,set:(e,t)=>!0,deleteProperty:(e,t)=>!0},te=new WeakMap,ne=new WeakMap,se=new WeakMap,re=new WeakMap;function ie(e){return e.__v_skip||!Object.isExtensible(e)?0:function(e){switch(e){case"Object":case"Array":return 1;case"Map":case"Set":case"WeakMap":case"WeakSet":return 2;default:return 0}}((e=>y(e).slice(8,-1))(e))}function oe(e){return e&&e.__v_isReadonly?e:ce(e,!1,Y,null,te)}function ce(e,t,n,s,r){if(!g(e)||e.__v_raw&&(!t||!e.__v_isReactive))return e;const i=r.get(e);if(i)return i;const o=ie(e);if(0===o)return e;const c=new Proxy(e,2===o?s:n);return r.set(e,c),c}function le(e){const t=e&&e.__v_raw;return t?le(t):e}function fe(e){return Boolean(e&&!0===e.__v_isRef)}Promise.resolve();let ue=!1;const ae=[],pe=Promise.resolve(),he=e=>pe.then(e),de=e=>{ae.includes(e)||ae.push(e),ue||(ue=!0,he(me))},me=()=>{for(const e of ae)e();ae.length=0,ue=!1},ge=/^(spellcheck|draggable|form|list|type)$/,ve=({el:e,get:t,effect:n,arg:s,modifiers:r})=>{let i;"class"===s&&(e._class=e.className),n((()=>{let n=t();if(s)(null==r?void 0:r.camel)&&(s=w(s)),ye(e,s,n,i);else{for(const t in n)ye(e,t,n[t],i&&i[t]);for(const t in i)(!n||!(t in n))&&ye(e,t,null)}i=n}))},ye=(e,n,s,r)=>{if("class"===n)e.setAttribute("class",i(e._class?[e._class,s]:s)||"");else if("style"===n){s=t(s);const{style:n}=e;if(s)if(d(s))s!==r&&(n.cssText=s);else{for(const e in s)xe(n,e,s[e]);if(r&&!d(r))for(const e in r)null==s[e]&&xe(n,e,"")}else e.removeAttribute("style")}else e instanceof SVGElement||!(n in e)||ge.test(n)?"true-value"===n?e._trueValue=s:"false-value"===n?e._falseValue=s:null!=s?e.setAttribute(n,s):e.removeAttribute(n):(e[n]=s,"value"===n&&(e._value=s))},be=/\s*!important$/,xe=(e,t,n)=>{a(n)?n.forEach((n=>xe(e,t,n))):t.startsWith("--")?e.setProperty(t,n):be.test(n)?e.setProperty(k(t),n.replace(be,""),"important"):e[t]=n},_e=(e,t)=>{const n=e.getAttribute(t);return null!=n&&e.removeAttribute(t),n},we=(e,t,n,s)=>{e.addEventListener(t,n,s)},$e=/^[A-Za-z_$][\w$]*(?:\.[A-Za-z_$][\w$]*|\['[^']*?']|\["[^"]*?"]|\[\d+]|\[[A-Za-z_$][\w$]*])*$/,ke=["ctrl","shift","alt","meta"],Oe={stop:e=>e.stopPropagation(),prevent:e=>e.preventDefault(),self:e=>e.target!==e.currentTarget,ctrl:e=>!e.ctrlKey,shift:e=>!e.shiftKey,alt:e=>!e.altKey,meta:e=>!e.metaKey,left:e=>"button"in e&&0!==e.button,middle:e=>"button"in e&&1!==e.button,right:e=>"button"in e&&2!==e.button,exact:(e,t)=>ke.some((n=>e[`${n}Key`]&&!t[n]))},Se=({el:e,get:t,exp:n,arg:s,modifiers:r})=>{if(!s)return;let i=$e.test(n)?t(`(e => ${n}(e))`):t(`($event => { ${n} })`);if("vue:mounted"!==s){if("vue:unmounted"===s)return()=>i();if(r){"click"===s&&(r.right&&(s="contextmenu"),r.middle&&(s="mouseup"));const e=i;i=t=>{if(!("key"in t)||k(t.key)in r){for(const e in r){const n=Oe[e];if(n&&n(t,r))return}return e(t)}}}we(e,s,i,r)}else he(i)},Ee=({el:e,get:t,effect:n})=>{n((()=>{e.textContent=Ce(t())}))},Ce=e=>null==e?"":g(e)?JSON.stringify(e,null,2):String(e),je=e=>"_value"in e?e._value:e.value,Ae=(e,t)=>{const n=t?"_trueValue":"_falseValue";return n in e?e[n]:t},Pe=e=>{e.target.composing=!0},Re=e=>{const t=e.target;t.composing&&(t.composing=!1,Ne(t,"input"))},Ne=(e,t)=>{const n=document.createEvent("HTMLEvents");n.initEvent(t,!0,!0),e.dispatchEvent(n)},Te=Object.create(null),Me=(e,t,n)=>Be(e,`return(${t})`,n),Be=(e,t,n)=>{const s=Te[t]||(Te[t]=Le(t));try{return s(e,n)}catch(r){console.error(r)}},Le=e=>{try{return new Function("$data","$el",`with($data){${e}}`)}catch(t){return console.error(`${t.message} in expression: ${e}`),()=>{}}},We={bind:ve,on:Se,show:({el:e,get:t,effect:n})=>{const s=e.style.display;n((()=>{e.style.display=t()?s:"none"}))},text:Ee,html:({el:e,get:t,effect:n})=>{n((()=>{e.innerHTML=t()}))},model:({el:e,exp:t,get:n,effect:s,modifiers:r})=>{const i=e.type,l=n(`(val) => { ${t} = val }`),{trim:f,number:u="number"===i}=r||{};if("SELECT"===e.tagName){const t=e;we(e,"change",(()=>{const e=Array.prototype.filter.call(t.options,(e=>e.selected)).map((e=>u?O(je(e)):je(e)));l(t.multiple?e:e[0])})),s((()=>{const e=n(),s=t.multiple;for(let n=0,r=t.options.length;n-1:r.selected=e.has(i);else if(o(je(r),e))return void(t.selectedIndex!==n&&(t.selectedIndex=n))}!s&&-1!==t.selectedIndex&&(t.selectedIndex=-1)}))}else if("checkbox"===i){let t;we(e,"change",(()=>{const t=n(),s=e.checked;if(a(t)){const n=je(e),r=c(t,n),i=-1!==r;if(s&&!i)l(t.concat(n));else if(!s&&i){const e=[...t];e.splice(r,1),l(e)}}else l(Ae(e,s))})),s((()=>{const s=n();a(s)?e.checked=c(s,je(e))>-1:s!==t&&(e.checked=o(s,Ae(e,!0))),t=s}))}else if("radio"===i){let t;we(e,"change",(()=>{l(je(e))})),s((()=>{const s=n();s!==t&&(e.checked=o(s,je(e)))}))}else{const t=e=>f?e.trim():u?O(e):e;we(e,"compositionstart",Pe),we(e,"compositionend",Re),we(e,(null==r?void 0:r.lazy)?"change":"input",(()=>{e.composing||l(t(e.value))})),f&&we(e,"change",(()=>{e.value=e.value.trim()})),s((()=>{if(e.composing)return;const s=e.value,r=n();document.activeElement===e&&t(s)===r||s!==r&&(e.value=r)}))}},effect:({el:e,ctx:t,exp:n,effect:s})=>{he((()=>s((()=>Be(t.scope,n,e)))))}},Ie=/([\s\S]*?)\s+(?:in|of)\s+([\s\S]*)/,Ke=/,([^,\}\]]*)(?:,([^,\}\]]*))?$/,Ve=/^\(|\)$/g,Fe=/^[{[]\s*((?:[\w_$]+\s*,?\s*)+)[\]}]$/,ze=(e,t,n)=>{const s=t.match(Ie);if(!s)return;const r=e.nextSibling,i=e.parentElement,o=new Text("");i.insertBefore(o,e),i.removeChild(e);const c=s[2].trim();let l,f,u,p,h=s[1].trim().replace(Ve,"").trim(),d=!1,m="key",v=e.getAttribute(m)||e.getAttribute(m=":key")||e.getAttribute(m="v-bind:key");v&&(e.removeAttribute(m),"key"===m&&(v=JSON.stringify(v))),(p=h.match(Ke))&&(h=h.replace(Ke,"").trim(),f=p[1].trim(),p[2]&&(u=p[2].trim())),(p=h.match(Fe))&&(l=p[1].split(",").map((e=>e.trim())),d="["===h[0]);let y,b,x,_=!1;const w=(e,t,s,r)=>{const i={};l?l.forEach(((e,n)=>i[e]=t[d?n:e])):i[h]=t,r?(f&&(i[f]=r),u&&(i[u]=s)):f&&(i[f]=s);const o=et(n,i),c=v?Me(o.scope,v):s;return e.set(c,s),o.key=c,o},$=(t,n)=>{const s=new nt(e,t);return s.key=t.key,s.insert(i,n),s};return n.effect((()=>{const e=Me(n.scope,c),t=x;if([b,x]=(e=>{const t=new Map,n=[];if(a(e))for(let s=0;s$(e,o))),_=!0})),r},He=({el:e,ctx:{scope:{$refs:t}},get:n,effect:s})=>{let r;return s((()=>{const s=n();t[s]=e,r&&s!==r&&delete t[r],r=s})),()=>{r&&delete t[r]}},Je=/^(?:v-|:|@)/,Ze=/\.([\w-]+)/g;let qe=!1;const De=(e,t)=>{const n=e.nodeType;if(1===n){const n=e;if(n.hasAttribute("v-pre"))return;let s;if(_e(n,"v-cloak"),s=_e(n,"v-if"))return((e,t,n)=>{const s=e.parentElement,r=new Comment("v-if");s.insertBefore(r,e);const i=[{exp:t,el:e}];let o,c;for(;(o=e.nextElementSibling)&&(c=null,""===_e(o,"v-else")||(c=_e(o,"v-else-if")));)s.removeChild(o),i.push({exp:c,el:o});const l=e.nextSibling;s.removeChild(e);let f,u=-1;const a=()=>{f&&(s.insertBefore(r,f.el),f.remove(),f=void 0)};return n.effect((()=>{for(let e=0;e{let n=e.firstChild;for(;n;)n=De(n,t)||n.nextSibling},Ue=(e,t,n,s)=>{let r,i,o;if(":"===(t=t.replace(Ze,((e,t)=>((o||(o={}))[t]=!0,""))))[0])r=ve,i=t.slice(1);else if("@"===t[0])r=Se,i=t.slice(1);else{const e=t.indexOf(":"),n=e>0?t.slice(2,e):t.slice(2);r=We[n]||s.dirs[n],i=e>0?t.slice(e+1):void 0}r&&(r===ve&&"ref"===i&&(r=He),Qe(e,r,n,s,i,o),e.removeAttribute(t))},Qe=(e,t,n,s,r,i)=>{const o=t({el:e,get:(t=n)=>Me(s.scope,t,e),effect:s.effect,ctx:s,exp:n,arg:r,modifiers:i});o&&s.cleanups.push(o)},Xe=(e,t)=>{if("#"!==t[0])e.innerHTML=t;else{const n=document.querySelector(t);e.appendChild(n.content.cloneNode(!0))}},Ye=e=>{const t={delimiters:["{{","}}"],delimitersRE:/\{\{([^]+?)\}\}/g,...e,scope:e?e.scope:oe({}),dirs:e?e.dirs:{},effects:[],blocks:[],cleanups:[],effect:e=>{if(qe)return de(e),e;const n=function(e,t){e.effect&&(e=e.effect.fn);const n=new W(e);t&&(l(n,t),t.scope&&S(n,t.scope)),(!t||!t.lazy)&&n.run();const s=n.run.bind(n);return s.effect=n,s}(e,{scheduler:()=>de(n)});return t.effects.push(n),n}};return t},et=(e,t={})=>{const n=e.scope,s=Object.create(n);Object.defineProperties(s,Object.getOwnPropertyDescriptors(t)),s.$refs=Object.create(n.$refs);const r=oe(new Proxy(s,{set:(e,t,s,i)=>i!==r||e.hasOwnProperty(t)?Reflect.set(e,t,s,i):Reflect.set(n,t,s)}));return tt(r),{...e,scope:r}},tt=e=>{for(const t of Object.keys(e))"function"==typeof e[t]&&(e[t]=e[t].bind(e))};class nt{constructor(e,t,n=!1){C(this,"template"),C(this,"ctx"),C(this,"key"),C(this,"parentCtx"),C(this,"isFragment"),C(this,"start"),C(this,"end"),this.isFragment=e instanceof HTMLTemplateElement,n?this.template=e:this.isFragment?this.template=e.content.cloneNode(!0):this.template=e.cloneNode(!0),n?this.ctx=t:(this.parentCtx=t,t.blocks.push(this),this.ctx=Ye(t)),De(this.template,this.ctx)}get el(){return this.start||this.template}insert(e,t=null){if(this.isFragment)if(this.start){let n,s=this.start;for(;s&&(n=s.nextSibling,e.insertBefore(s,t),s!==this.end);)s=n}else this.start=new Text(""),this.end=new Text(""),e.insertBefore(this.end,t),e.insertBefore(this.start,this.end),e.insertBefore(this.template,this.end);else e.insertBefore(this.template,t)}remove(){if(this.parentCtx&&((e,t)=>{const n=e.indexOf(t);n>-1&&e.splice(n,1)})(this.parentCtx.blocks,this),this.start){const e=this.start.parentNode;let t,n=this.start;for(;n&&(t=n.nextSibling,e.removeChild(n),n!==this.end);)n=t}else this.template.parentNode.removeChild(this.template);this.teardown()}teardown(){this.ctx.blocks.forEach((e=>{e.teardown()})),this.ctx.effects.forEach(K),this.ctx.cleanups.forEach((e=>e()))}}const st=e=>e.replace(/[-.*+?^${}()|[\]\/\\]/g,"\\$&"),rt=e=>{const t=Ye();if(e&&(t.scope=oe(e),tt(t.scope),e.$delimiters)){const[n,s]=t.delimiters=e.$delimiters;t.delimitersRE=new RegExp(st(n)+"([^]+?)"+st(s),"g")}let n;return t.scope.$s=Ce,t.scope.$nextTick=he,t.scope.$refs=Object.create(null),{directive(e,n){return n?(t.dirs[e]=n,this):t.dirs[e]},mount(e){if("string"==typeof e&&!(e=document.querySelector(e)))return;let s;return s=(e=e||document.documentElement).hasAttribute("v-scope")?[e]:[...e.querySelectorAll("[v-scope]")].filter((e=>!e.matches("[v-scope] [v-scope]"))),s.length||(s=[e]),n=s.map((e=>new nt(e,t,!0))),this},unmount(){n.forEach((e=>e.teardown()))}}},it=document.currentScript;return it&&it.hasAttribute("init")&&rt().mount(),e.createApp=rt,e.nextTick=he,e.reactive=oe,Object.defineProperty(e,"__esModule",{value:!0}),e[Symbol.toStringTag]="Module",e}({}); diff --git a/ia-terms-updates/it/_static/js/theme.js b/ia-terms-updates/it/_static/js/theme.js new file mode 100644 index 000000000..bf36d744c --- /dev/null +++ b/ia-terms-updates/it/_static/js/theme.js @@ -0,0 +1,108 @@ + +/** + * We add extra br tags to the autodoc output, so each parameter is shown on + * its own line. + */ +function setupAutodocPy() { + const paramElements = document.querySelectorAll('.py .sig-param') + + Array(...paramElements).forEach((element) => { + let brElement = document.createElement('br') + element.parentNode.insertBefore(brElement, element) + }) + + const lastParamElements = document.querySelectorAll('.py em.sig-param:last-of-type') + + Array(...lastParamElements).forEach((element) => { + let brElement = document.createElement('br') + element.after(brElement) + }) +} + +function setupAutodocCpp() { + const highlightableElements = document.querySelectorAll(".c dt.sig-object, .cpp dt.sig-object") + + Array(...highlightableElements).forEach((element) => { + element.classList.add("highlight"); + }) + + const documentables = document.querySelectorAll("dt.sig-object.c,dt.sig-object.cpp"); + + Array(...documentables).forEach((element) => { + element.classList.add("highlight"); + + var parens = element.querySelectorAll(".sig-paren"); + var commas = Array(...element.childNodes).filter(e => e.textContent == ", ") + + if (parens.length != 2) return; + + commas.forEach(c => { + if (c.compareDocumentPosition(parens[0]) == Node.DOCUMENT_POSITION_PRECEDING && + c.compareDocumentPosition(parens[1]) == Node.DOCUMENT_POSITION_FOLLOWING + ) { + let brElement = document.createElement('br') + let spanElement = document.createElement('span') + spanElement.className = "sig-indent" + c.after(brElement) + brElement.after(spanElement) + } + }); + + if (parens[0].nextSibling != parens[1]) { + // not an empty argument list + let brElement = document.createElement('br') + let spanElement = document.createElement('span') + spanElement.className = "sig-indent" + parens[0].after(brElement) + brElement.after(spanElement) + let brElement1 = document.createElement('br') + parens[1].parentNode.insertBefore(brElement1, parens[1]); + } + }) +} + +function setupSearchSidebar() { + const searchInput = document.querySelector('form.search input[type=text]') + if (searchInput) { + searchInput.placeholder = 'Search...' + } + + const searchButton = document.querySelector('form.search input[type=submit]') + if (searchButton) { + searchButton.value = 'Search' + } +} + +function setupSidebarToggle() { + const sidebar = document.querySelector('.sphinxsidebar') + document.querySelector('#toggle_sidebar a').onclick = (event) => { + console.log("Toggling sidebar") + event.preventDefault() + sidebar.style.display = window.getComputedStyle(sidebar, null).display == 'none' ? 'block' : 'none' + } +} + +function setupRightSidebarToggle() { + const sidebar = document.querySelector('#right_sidebar') + + const links = document.querySelectorAll('a.toggle_right_sidebar') + + Array(...links).forEach((element) => { + element.onclick = (event) => { + console.log("Toggling right sidebar") + event.preventDefault() + sidebar.style.display = window.getComputedStyle(sidebar, null).display == 'none' ? 'block' : 'none' + } + }) +} + + +document.addEventListener("DOMContentLoaded", function() { + console.log("custom theme loaded") + + setupAutodocPy() + setupAutodocCpp() + setupSearchSidebar() + setupSidebarToggle() + setupRightSidebarToggle() +}) diff --git a/ia-terms-updates/it/_static/language_data.js b/ia-terms-updates/it/_static/language_data.js new file mode 100644 index 000000000..367b8ed81 --- /dev/null +++ b/ia-terms-updates/it/_static/language_data.js @@ -0,0 +1,199 @@ +/* + * language_data.js + * ~~~~~~~~~~~~~~~~ + * + * This script contains the language-specific data used by searchtools.js, + * namely the list of stopwords, stemmer, scorer and splitter. + * + * :copyright: Copyright 2007-2024 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ + +var stopwords = ["a", "and", "are", "as", "at", "be", "but", "by", "for", "if", "in", "into", "is", "it", "near", "no", "not", "of", "on", "or", "such", "that", "the", "their", "then", "there", "these", "they", "this", "to", "was", "will", "with"]; + + +/* Non-minified version is copied as a separate JS file, if available */ + +/** + * Porter Stemmer + */ +var Stemmer = function() { + + var step2list = { + ational: 'ate', + tional: 'tion', + enci: 'ence', + anci: 'ance', + izer: 'ize', + bli: 'ble', + alli: 'al', + entli: 'ent', + eli: 'e', + ousli: 'ous', + ization: 'ize', + ation: 'ate', + ator: 'ate', + alism: 'al', + iveness: 'ive', + fulness: 'ful', + ousness: 'ous', + aliti: 'al', + iviti: 'ive', + biliti: 'ble', + logi: 'log' + }; + + var step3list = { + icate: 'ic', + ative: '', + alize: 'al', + iciti: 'ic', + ical: 'ic', + ful: '', + ness: '' + }; + + var c = "[^aeiou]"; // consonant + var v = "[aeiouy]"; // vowel + var C = c + "[^aeiouy]*"; // consonant sequence + var V = v + "[aeiou]*"; // vowel sequence + + var mgr0 = "^(" + C + ")?" + V + C; // [C]VC... is m>0 + var meq1 = "^(" + C + ")?" + V + C + "(" + V + ")?$"; // [C]VC[V] is m=1 + var mgr1 = "^(" + C + ")?" + V + C + V + C; // [C]VCVC... is m>1 + var s_v = "^(" + C + ")?" + v; // vowel in stem + + this.stemWord = function (w) { + var stem; + var suffix; + var firstch; + var origword = w; + + if (w.length < 3) + return w; + + var re; + var re2; + var re3; + var re4; + + firstch = w.substr(0,1); + if (firstch == "y") + w = firstch.toUpperCase() + w.substr(1); + + // Step 1a + re = /^(.+?)(ss|i)es$/; + re2 = /^(.+?)([^s])s$/; + + if (re.test(w)) + w = w.replace(re,"$1$2"); + else if (re2.test(w)) + w = w.replace(re2,"$1$2"); + + // Step 1b + re = /^(.+?)eed$/; + re2 = /^(.+?)(ed|ing)$/; + if (re.test(w)) { + var fp = re.exec(w); + re = new RegExp(mgr0); + if (re.test(fp[1])) { + re = /.$/; + w = w.replace(re,""); + } + } + else if (re2.test(w)) { + var fp = re2.exec(w); + stem = fp[1]; + re2 = new RegExp(s_v); + if (re2.test(stem)) { + w = stem; + re2 = /(at|bl|iz)$/; + re3 = new RegExp("([^aeiouylsz])\\1$"); + re4 = new RegExp("^" + C + v + "[^aeiouwxy]$"); + if (re2.test(w)) + w = w + "e"; + else if (re3.test(w)) { + re = /.$/; + w = w.replace(re,""); + } + else if (re4.test(w)) + w = w + "e"; + } + } + + // Step 1c + re = /^(.+?)y$/; + if (re.test(w)) { + var fp = re.exec(w); + stem = fp[1]; + re = new RegExp(s_v); + if (re.test(stem)) + w = stem + "i"; + } + + // Step 2 + re = /^(.+?)(ational|tional|enci|anci|izer|bli|alli|entli|eli|ousli|ization|ation|ator|alism|iveness|fulness|ousness|aliti|iviti|biliti|logi)$/; + if (re.test(w)) { + var fp = re.exec(w); + stem = fp[1]; + suffix = fp[2]; + re = new RegExp(mgr0); + if (re.test(stem)) + w = stem + step2list[suffix]; + } + + // Step 3 + re = /^(.+?)(icate|ative|alize|iciti|ical|ful|ness)$/; + if (re.test(w)) { + var fp = re.exec(w); + stem = fp[1]; + suffix = fp[2]; + re = new RegExp(mgr0); + if (re.test(stem)) + w = stem + step3list[suffix]; + } + + // Step 4 + re = /^(.+?)(al|ance|ence|er|ic|able|ible|ant|ement|ment|ent|ou|ism|ate|iti|ous|ive|ize)$/; + re2 = /^(.+?)(s|t)(ion)$/; + if (re.test(w)) { + var fp = re.exec(w); + stem = fp[1]; + re = new RegExp(mgr1); + if (re.test(stem)) + w = stem; + } + else if (re2.test(w)) { + var fp = re2.exec(w); + stem = fp[1] + fp[2]; + re2 = new RegExp(mgr1); + if (re2.test(stem)) + w = stem; + } + + // Step 5 + re = /^(.+?)e$/; + if (re.test(w)) { + var fp = re.exec(w); + stem = fp[1]; + re = new RegExp(mgr1); + re2 = new RegExp(meq1); + re3 = new RegExp("^" + C + v + "[^aeiouwxy]$"); + if (re.test(stem) || (re2.test(stem) && !(re3.test(stem)))) + w = stem; + } + re = /ll$/; + re2 = new RegExp(mgr1); + if (re.test(w) && re2.test(w)) { + re = /.$/; + w = w.replace(re,""); + } + + // and turn initial Y back to y + if (firstch == "y") + w = firstch.toLowerCase() + w.substr(1); + return w; + } +} + diff --git a/ia-terms-updates/it/_static/minus.png b/ia-terms-updates/it/_static/minus.png new file mode 100644 index 0000000000000000000000000000000000000000..d96755fdaf8bb2214971e0db9c1fd3077d7c419d GIT binary patch literal 90 zcmeAS@N?(olHy`uVBq!ia0vp^+#t*WBp7;*Yy1LIik>cxAr*|t7R?Mi>2?kWtu=nj kDsEF_5m^0CR;1wuP-*O&G^0G}KYk!hp00i_>zopr08q^qX#fBK literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/_static/pkce.py b/ia-terms-updates/it/_static/pkce.py new file mode 100644 index 000000000..95e8fe415 --- /dev/null +++ b/ia-terms-updates/it/_static/pkce.py @@ -0,0 +1,21 @@ +import hashlib +import base64 +import re + +def get_pkce(code_challenge_method: str = "S256", code_challenge_length: int = 64): + hashers = {"S256": hashlib.sha256} + + code_verifier = base64.urlsafe_b64encode(os.urandom(40)).decode("utf-8") + code_verifier = re.sub("[^a-zA-Z0-9]+", "", code_verifier) + + code_challenge = hashers.get(code_challenge_method)( + code_verifier.encode("utf-8") + ).digest() + code_challenge = base64.urlsafe_b64encode(code_challenge).decode("utf-8") + code_challenge = code_challenge.replace("=", "") + + return { + "code_verifier": code_verifier, + "code_challenge": code_challenge, + "code_challenge_method": code_challenge_method, + } \ No newline at end of file diff --git a/ia-terms-updates/it/_static/plus.png b/ia-terms-updates/it/_static/plus.png new file mode 100644 index 0000000000000000000000000000000000000000..7107cec93a979b9a5f64843235a16651d563ce2d GIT binary patch literal 90 zcmeAS@N?(olHy`uVBq!ia0vp^+#t*WBp7;*Yy1LIik>cxAr*|t7R?Mi>2?kWtu>-2 m3q%Vub%g%s<8sJhVPMczOq}xhg9DJoz~JfX=d#Wzp$Pyb1r*Kz literal 0 HcmV?d00001 diff --git a/ia-terms-updates/it/_static/pygments.css b/ia-terms-updates/it/_static/pygments.css new file mode 100644 index 000000000..0d49244ed --- /dev/null +++ b/ia-terms-updates/it/_static/pygments.css @@ -0,0 +1,75 @@ +pre { line-height: 125%; } +td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; } +span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; } +td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; } +span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; } +.highlight .hll { background-color: #ffffcc } +.highlight { background: #eeffcc; } +.highlight .c { color: #408090; font-style: italic } /* Comment */ +.highlight .err { border: 1px solid #FF0000 } /* Error */ +.highlight .k { color: #007020; font-weight: bold } /* Keyword */ +.highlight .o { color: #666666 } /* Operator */ +.highlight .ch { color: #408090; font-style: italic } /* Comment.Hashbang */ +.highlight .cm { color: #408090; font-style: italic } /* Comment.Multiline */ +.highlight .cp { color: #007020 } /* Comment.Preproc */ +.highlight .cpf { color: #408090; font-style: italic } /* Comment.PreprocFile */ +.highlight .c1 { color: #408090; font-style: italic } /* Comment.Single */ +.highlight .cs { color: #408090; background-color: #fff0f0 } /* Comment.Special */ +.highlight .gd { color: #A00000 } /* Generic.Deleted */ +.highlight .ge { font-style: italic } /* Generic.Emph */ +.highlight .ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */ +.highlight .gr { color: #FF0000 } /* Generic.Error */ +.highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */ +.highlight .gi { color: #00A000 } /* Generic.Inserted */ +.highlight .go { color: #333333 } /* Generic.Output */ +.highlight .gp { color: #c65d09; font-weight: bold } /* Generic.Prompt */ +.highlight .gs { font-weight: bold } /* Generic.Strong */ +.highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */ +.highlight .gt { color: #0044DD } /* Generic.Traceback */ +.highlight .kc { color: #007020; font-weight: bold } /* Keyword.Constant */ +.highlight .kd { color: #007020; font-weight: bold } /* Keyword.Declaration */ +.highlight .kn { color: #007020; font-weight: bold } /* Keyword.Namespace */ +.highlight .kp { color: #007020 } /* Keyword.Pseudo */ +.highlight .kr { color: #007020; font-weight: bold } /* Keyword.Reserved */ +.highlight .kt { color: #902000 } /* Keyword.Type */ +.highlight .m { color: #208050 } /* Literal.Number */ +.highlight .s { color: #4070a0 } /* Literal.String */ +.highlight .na { color: #4070a0 } /* Name.Attribute */ +.highlight .nb { color: #007020 } /* Name.Builtin */ +.highlight .nc { color: #0e84b5; font-weight: bold } /* Name.Class */ +.highlight .no { color: #60add5 } /* Name.Constant */ +.highlight .nd { color: #555555; font-weight: bold } /* Name.Decorator */ +.highlight .ni { color: #d55537; font-weight: bold } /* Name.Entity */ +.highlight .ne { color: #007020 } /* Name.Exception */ +.highlight .nf { color: #06287e } /* Name.Function */ +.highlight .nl { color: #002070; font-weight: bold } /* Name.Label */ +.highlight .nn { color: #0e84b5; font-weight: bold } /* Name.Namespace */ +.highlight .nt { color: #062873; font-weight: bold } /* Name.Tag */ +.highlight .nv { color: #bb60d5 } /* Name.Variable */ +.highlight .ow { color: #007020; font-weight: bold } /* Operator.Word */ +.highlight .w { color: #bbbbbb } /* Text.Whitespace */ +.highlight .mb { color: #208050 } /* Literal.Number.Bin */ +.highlight .mf { color: #208050 } /* Literal.Number.Float */ +.highlight .mh { color: #208050 } /* Literal.Number.Hex */ +.highlight .mi { color: #208050 } /* Literal.Number.Integer */ +.highlight .mo { color: #208050 } /* Literal.Number.Oct */ +.highlight .sa { color: #4070a0 } /* Literal.String.Affix */ +.highlight .sb { color: #4070a0 } /* Literal.String.Backtick */ +.highlight .sc { color: #4070a0 } /* Literal.String.Char */ +.highlight .dl { color: #4070a0 } /* Literal.String.Delimiter */ +.highlight .sd { color: #4070a0; font-style: italic } /* Literal.String.Doc */ +.highlight .s2 { color: #4070a0 } /* Literal.String.Double */ +.highlight .se { color: #4070a0; font-weight: bold } /* Literal.String.Escape */ +.highlight .sh { color: #4070a0 } /* Literal.String.Heredoc */ +.highlight .si { color: #70a0d0; font-style: italic } /* Literal.String.Interpol */ +.highlight .sx { color: #c65d09 } /* Literal.String.Other */ +.highlight .sr { color: #235388 } /* Literal.String.Regex */ +.highlight .s1 { color: #4070a0 } /* Literal.String.Single */ +.highlight .ss { color: #517918 } /* Literal.String.Symbol */ +.highlight .bp { color: #007020 } /* Name.Builtin.Pseudo */ +.highlight .fm { color: #06287e } /* Name.Function.Magic */ +.highlight .vc { color: #bb60d5 } /* Name.Variable.Class */ +.highlight .vg { color: #bb60d5 } /* Name.Variable.Global */ +.highlight .vi { color: #bb60d5 } /* Name.Variable.Instance */ +.highlight .vm { color: #bb60d5 } /* Name.Variable.Magic */ +.highlight .il { color: #208050 } /* Literal.Number.Integer.Long */ \ No newline at end of file diff --git a/ia-terms-updates/it/_static/searchtools.js b/ia-terms-updates/it/_static/searchtools.js new file mode 100644 index 000000000..b08d58c9b --- /dev/null +++ b/ia-terms-updates/it/_static/searchtools.js @@ -0,0 +1,620 @@ +/* + * searchtools.js + * ~~~~~~~~~~~~~~~~ + * + * Sphinx JavaScript utilities for the full-text search. + * + * :copyright: Copyright 2007-2024 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ +"use strict"; + +/** + * Simple result scoring code. + */ +if (typeof Scorer === "undefined") { + var Scorer = { + // Implement the following function to further tweak the score for each result + // The function takes a result array [docname, title, anchor, descr, score, filename] + // and returns the new score. + /* + score: result => { + const [docname, title, anchor, descr, score, filename] = result + return score + }, + */ + + // query matches the full name of an object + objNameMatch: 11, + // or matches in the last dotted part of the object name + objPartialMatch: 6, + // Additive scores depending on the priority of the object + objPrio: { + 0: 15, // used to be importantResults + 1: 5, // used to be objectResults + 2: -5, // used to be unimportantResults + }, + // Used when the priority is not in the mapping. + objPrioDefault: 0, + + // query found in title + title: 15, + partialTitle: 7, + // query found in terms + term: 5, + partialTerm: 2, + }; +} + +const _removeChildren = (element) => { + while (element && element.lastChild) element.removeChild(element.lastChild); +}; + +/** + * See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions#escaping + */ +const _escapeRegExp = (string) => + string.replace(/[.*+\-?^${}()|[\]\\]/g, "\\$&"); // $& means the whole matched string + +const _displayItem = (item, searchTerms, highlightTerms) => { + const docBuilder = DOCUMENTATION_OPTIONS.BUILDER; + const docFileSuffix = DOCUMENTATION_OPTIONS.FILE_SUFFIX; + const docLinkSuffix = DOCUMENTATION_OPTIONS.LINK_SUFFIX; + const showSearchSummary = DOCUMENTATION_OPTIONS.SHOW_SEARCH_SUMMARY; + const contentRoot = document.documentElement.dataset.content_root; + + const [docName, title, anchor, descr, score, _filename] = item; + + let listItem = document.createElement("li"); + let requestUrl; + let linkUrl; + if (docBuilder === "dirhtml") { + // dirhtml builder + let dirname = docName + "/"; + if (dirname.match(/\/index\/$/)) + dirname = dirname.substring(0, dirname.length - 6); + else if (dirname === "index/") dirname = ""; + requestUrl = contentRoot + dirname; + linkUrl = requestUrl; + } else { + // normal html builders + requestUrl = contentRoot + docName + docFileSuffix; + linkUrl = docName + docLinkSuffix; + } + let linkEl = listItem.appendChild(document.createElement("a")); + linkEl.href = linkUrl + anchor; + linkEl.dataset.score = score; + linkEl.innerHTML = title; + if (descr) { + listItem.appendChild(document.createElement("span")).innerHTML = + " (" + descr + ")"; + // highlight search terms in the description + if (SPHINX_HIGHLIGHT_ENABLED) // set in sphinx_highlight.js + highlightTerms.forEach((term) => _highlightText(listItem, term, "highlighted")); + } + else if (showSearchSummary) + fetch(requestUrl) + .then((responseData) => responseData.text()) + .then((data) => { + if (data) + listItem.appendChild( + Search.makeSearchSummary(data, searchTerms, anchor) + ); + // highlight search terms in the summary + if (SPHINX_HIGHLIGHT_ENABLED) // set in sphinx_highlight.js + highlightTerms.forEach((term) => _highlightText(listItem, term, "highlighted")); + }); + Search.output.appendChild(listItem); +}; +const _finishSearch = (resultCount) => { + Search.stopPulse(); + Search.title.innerText = _("Search Results"); + if (!resultCount) + Search.status.innerText = Documentation.gettext( + "Your search did not match any documents. Please make sure that all words are spelled correctly and that you've selected enough categories." + ); + else + Search.status.innerText = _( + "Search finished, found ${resultCount} page(s) matching the search query." + ).replace('${resultCount}', resultCount); +}; +const _displayNextItem = ( + results, + resultCount, + searchTerms, + highlightTerms, +) => { + // results left, load the summary and display it + // this is intended to be dynamic (don't sub resultsCount) + if (results.length) { + _displayItem(results.pop(), searchTerms, highlightTerms); + setTimeout( + () => _displayNextItem(results, resultCount, searchTerms, highlightTerms), + 5 + ); + } + // search finished, update title and status message + else _finishSearch(resultCount); +}; +// Helper function used by query() to order search results. +// Each input is an array of [docname, title, anchor, descr, score, filename]. +// Order the results by score (in opposite order of appearance, since the +// `_displayNextItem` function uses pop() to retrieve items) and then alphabetically. +const _orderResultsByScoreThenName = (a, b) => { + const leftScore = a[4]; + const rightScore = b[4]; + if (leftScore === rightScore) { + // same score: sort alphabetically + const leftTitle = a[1].toLowerCase(); + const rightTitle = b[1].toLowerCase(); + if (leftTitle === rightTitle) return 0; + return leftTitle > rightTitle ? -1 : 1; // inverted is intentional + } + return leftScore > rightScore ? 1 : -1; +}; + +/** + * Default splitQuery function. Can be overridden in ``sphinx.search`` with a + * custom function per language. + * + * The regular expression works by splitting the string on consecutive characters + * that are not Unicode letters, numbers, underscores, or emoji characters. + * This is the same as ``\W+`` in Python, preserving the surrogate pair area. + */ +if (typeof splitQuery === "undefined") { + var splitQuery = (query) => query + .split(/[^\p{Letter}\p{Number}_\p{Emoji_Presentation}]+/gu) + .filter(term => term) // remove remaining empty strings +} + +/** + * Search Module + */ +const Search = { + _index: null, + _queued_query: null, + _pulse_status: -1, + + htmlToText: (htmlString, anchor) => { + const htmlElement = new DOMParser().parseFromString(htmlString, 'text/html'); + for (const removalQuery of [".headerlink", "script", "style"]) { + htmlElement.querySelectorAll(removalQuery).forEach((el) => { el.remove() }); + } + if (anchor) { + const anchorContent = htmlElement.querySelector(`[role="main"] ${anchor}`); + if (anchorContent) return anchorContent.textContent; + + console.warn( + `Anchored content block not found. Sphinx search tries to obtain it via DOM query '[role=main] ${anchor}'. Check your theme or template.` + ); + } + + // if anchor not specified or not found, fall back to main content + const docContent = htmlElement.querySelector('[role="main"]'); + if (docContent) return docContent.textContent; + + console.warn( + "Content block not found. Sphinx search tries to obtain it via DOM query '[role=main]'. Check your theme or template." + ); + return ""; + }, + + init: () => { + const query = new URLSearchParams(window.location.search).get("q"); + document + .querySelectorAll('input[name="q"]') + .forEach((el) => (el.value = query)); + if (query) Search.performSearch(query); + }, + + loadIndex: (url) => + (document.body.appendChild(document.createElement("script")).src = url), + + setIndex: (index) => { + Search._index = index; + if (Search._queued_query !== null) { + const query = Search._queued_query; + Search._queued_query = null; + Search.query(query); + } + }, + + hasIndex: () => Search._index !== null, + + deferQuery: (query) => (Search._queued_query = query), + + stopPulse: () => (Search._pulse_status = -1), + + startPulse: () => { + if (Search._pulse_status >= 0) return; + + const pulse = () => { + Search._pulse_status = (Search._pulse_status + 1) % 4; + Search.dots.innerText = ".".repeat(Search._pulse_status); + if (Search._pulse_status >= 0) window.setTimeout(pulse, 500); + }; + pulse(); + }, + + /** + * perform a search for something (or wait until index is loaded) + */ + performSearch: (query) => { + // create the required interface elements + const searchText = document.createElement("h2"); + searchText.textContent = _("Searching"); + const searchSummary = document.createElement("p"); + searchSummary.classList.add("search-summary"); + searchSummary.innerText = ""; + const searchList = document.createElement("ul"); + searchList.classList.add("search"); + + const out = document.getElementById("search-results"); + Search.title = out.appendChild(searchText); + Search.dots = Search.title.appendChild(document.createElement("span")); + Search.status = out.appendChild(searchSummary); + Search.output = out.appendChild(searchList); + + const searchProgress = document.getElementById("search-progress"); + // Some themes don't use the search progress node + if (searchProgress) { + searchProgress.innerText = _("Preparing search..."); + } + Search.startPulse(); + + // index already loaded, the browser was quick! + if (Search.hasIndex()) Search.query(query); + else Search.deferQuery(query); + }, + + _parseQuery: (query) => { + // stem the search terms and add them to the correct list + const stemmer = new Stemmer(); + const searchTerms = new Set(); + const excludedTerms = new Set(); + const highlightTerms = new Set(); + const objectTerms = new Set(splitQuery(query.toLowerCase().trim())); + splitQuery(query.trim()).forEach((queryTerm) => { + const queryTermLower = queryTerm.toLowerCase(); + + // maybe skip this "word" + // stopwords array is from language_data.js + if ( + stopwords.indexOf(queryTermLower) !== -1 || + queryTerm.match(/^\d+$/) + ) + return; + + // stem the word + let word = stemmer.stemWord(queryTermLower); + // select the correct list + if (word[0] === "-") excludedTerms.add(word.substr(1)); + else { + searchTerms.add(word); + highlightTerms.add(queryTermLower); + } + }); + + if (SPHINX_HIGHLIGHT_ENABLED) { // set in sphinx_highlight.js + localStorage.setItem("sphinx_highlight_terms", [...highlightTerms].join(" ")) + } + + // console.debug("SEARCH: searching for:"); + // console.info("required: ", [...searchTerms]); + // console.info("excluded: ", [...excludedTerms]); + + return [query, searchTerms, excludedTerms, highlightTerms, objectTerms]; + }, + + /** + * execute search (requires search index to be loaded) + */ + _performSearch: (query, searchTerms, excludedTerms, highlightTerms, objectTerms) => { + const filenames = Search._index.filenames; + const docNames = Search._index.docnames; + const titles = Search._index.titles; + const allTitles = Search._index.alltitles; + const indexEntries = Search._index.indexentries; + + // Collect multiple result groups to be sorted separately and then ordered. + // Each is an array of [docname, title, anchor, descr, score, filename]. + const normalResults = []; + const nonMainIndexResults = []; + + _removeChildren(document.getElementById("search-progress")); + + const queryLower = query.toLowerCase().trim(); + for (const [title, foundTitles] of Object.entries(allTitles)) { + if (title.toLowerCase().trim().includes(queryLower) && (queryLower.length >= title.length/2)) { + for (const [file, id] of foundTitles) { + const score = Math.round(Scorer.title * queryLower.length / title.length); + const boost = titles[file] === title ? 1 : 0; // add a boost for document titles + normalResults.push([ + docNames[file], + titles[file] !== title ? `${titles[file]} > ${title}` : title, + id !== null ? "#" + id : "", + null, + score + boost, + filenames[file], + ]); + } + } + } + + // search for explicit entries in index directives + for (const [entry, foundEntries] of Object.entries(indexEntries)) { + if (entry.includes(queryLower) && (queryLower.length >= entry.length/2)) { + for (const [file, id, isMain] of foundEntries) { + const score = Math.round(100 * queryLower.length / entry.length); + const result = [ + docNames[file], + titles[file], + id ? "#" + id : "", + null, + score, + filenames[file], + ]; + if (isMain) { + normalResults.push(result); + } else { + nonMainIndexResults.push(result); + } + } + } + } + + // lookup as object + objectTerms.forEach((term) => + normalResults.push(...Search.performObjectSearch(term, objectTerms)) + ); + + // lookup as search terms in fulltext + normalResults.push(...Search.performTermsSearch(searchTerms, excludedTerms)); + + // let the scorer override scores with a custom scoring function + if (Scorer.score) { + normalResults.forEach((item) => (item[4] = Scorer.score(item))); + nonMainIndexResults.forEach((item) => (item[4] = Scorer.score(item))); + } + + // Sort each group of results by score and then alphabetically by name. + normalResults.sort(_orderResultsByScoreThenName); + nonMainIndexResults.sort(_orderResultsByScoreThenName); + + // Combine the result groups in (reverse) order. + // Non-main index entries are typically arbitrary cross-references, + // so display them after other results. + let results = [...nonMainIndexResults, ...normalResults]; + + // remove duplicate search results + // note the reversing of results, so that in the case of duplicates, the highest-scoring entry is kept + let seen = new Set(); + results = results.reverse().reduce((acc, result) => { + let resultStr = result.slice(0, 4).concat([result[5]]).map(v => String(v)).join(','); + if (!seen.has(resultStr)) { + acc.push(result); + seen.add(resultStr); + } + return acc; + }, []); + + return results.reverse(); + }, + + query: (query) => { + const [searchQuery, searchTerms, excludedTerms, highlightTerms, objectTerms] = Search._parseQuery(query); + const results = Search._performSearch(searchQuery, searchTerms, excludedTerms, highlightTerms, objectTerms); + + // for debugging + //Search.lastresults = results.slice(); // a copy + // console.info("search results:", Search.lastresults); + + // print the results + _displayNextItem(results, results.length, searchTerms, highlightTerms); + }, + + /** + * search for object names + */ + performObjectSearch: (object, objectTerms) => { + const filenames = Search._index.filenames; + const docNames = Search._index.docnames; + const objects = Search._index.objects; + const objNames = Search._index.objnames; + const titles = Search._index.titles; + + const results = []; + + const objectSearchCallback = (prefix, match) => { + const name = match[4] + const fullname = (prefix ? prefix + "." : "") + name; + const fullnameLower = fullname.toLowerCase(); + if (fullnameLower.indexOf(object) < 0) return; + + let score = 0; + const parts = fullnameLower.split("."); + + // check for different match types: exact matches of full name or + // "last name" (i.e. last dotted part) + if (fullnameLower === object || parts.slice(-1)[0] === object) + score += Scorer.objNameMatch; + else if (parts.slice(-1)[0].indexOf(object) > -1) + score += Scorer.objPartialMatch; // matches in last name + + const objName = objNames[match[1]][2]; + const title = titles[match[0]]; + + // If more than one term searched for, we require other words to be + // found in the name/title/description + const otherTerms = new Set(objectTerms); + otherTerms.delete(object); + if (otherTerms.size > 0) { + const haystack = `${prefix} ${name} ${objName} ${title}`.toLowerCase(); + if ( + [...otherTerms].some((otherTerm) => haystack.indexOf(otherTerm) < 0) + ) + return; + } + + let anchor = match[3]; + if (anchor === "") anchor = fullname; + else if (anchor === "-") anchor = objNames[match[1]][1] + "-" + fullname; + + const descr = objName + _(", in ") + title; + + // add custom score for some objects according to scorer + if (Scorer.objPrio.hasOwnProperty(match[2])) + score += Scorer.objPrio[match[2]]; + else score += Scorer.objPrioDefault; + + results.push([ + docNames[match[0]], + fullname, + "#" + anchor, + descr, + score, + filenames[match[0]], + ]); + }; + Object.keys(objects).forEach((prefix) => + objects[prefix].forEach((array) => + objectSearchCallback(prefix, array) + ) + ); + return results; + }, + + /** + * search for full-text terms in the index + */ + performTermsSearch: (searchTerms, excludedTerms) => { + // prepare search + const terms = Search._index.terms; + const titleTerms = Search._index.titleterms; + const filenames = Search._index.filenames; + const docNames = Search._index.docnames; + const titles = Search._index.titles; + + const scoreMap = new Map(); + const fileMap = new Map(); + + // perform the search on the required terms + searchTerms.forEach((word) => { + const files = []; + const arr = [ + { files: terms[word], score: Scorer.term }, + { files: titleTerms[word], score: Scorer.title }, + ]; + // add support for partial matches + if (word.length > 2) { + const escapedWord = _escapeRegExp(word); + if (!terms.hasOwnProperty(word)) { + Object.keys(terms).forEach((term) => { + if (term.match(escapedWord)) + arr.push({ files: terms[term], score: Scorer.partialTerm }); + }); + } + if (!titleTerms.hasOwnProperty(word)) { + Object.keys(titleTerms).forEach((term) => { + if (term.match(escapedWord)) + arr.push({ files: titleTerms[term], score: Scorer.partialTitle }); + }); + } + } + + // no match but word was a required one + if (arr.every((record) => record.files === undefined)) return; + + // found search word in contents + arr.forEach((record) => { + if (record.files === undefined) return; + + let recordFiles = record.files; + if (recordFiles.length === undefined) recordFiles = [recordFiles]; + files.push(...recordFiles); + + // set score for the word in each file + recordFiles.forEach((file) => { + if (!scoreMap.has(file)) scoreMap.set(file, {}); + scoreMap.get(file)[word] = record.score; + }); + }); + + // create the mapping + files.forEach((file) => { + if (!fileMap.has(file)) fileMap.set(file, [word]); + else if (fileMap.get(file).indexOf(word) === -1) fileMap.get(file).push(word); + }); + }); + + // now check if the files don't contain excluded terms + const results = []; + for (const [file, wordList] of fileMap) { + // check if all requirements are matched + + // as search terms with length < 3 are discarded + const filteredTermCount = [...searchTerms].filter( + (term) => term.length > 2 + ).length; + if ( + wordList.length !== searchTerms.size && + wordList.length !== filteredTermCount + ) + continue; + + // ensure that none of the excluded terms is in the search result + if ( + [...excludedTerms].some( + (term) => + terms[term] === file || + titleTerms[term] === file || + (terms[term] || []).includes(file) || + (titleTerms[term] || []).includes(file) + ) + ) + break; + + // select one (max) score for the file. + const score = Math.max(...wordList.map((w) => scoreMap.get(file)[w])); + // add result to the result list + results.push([ + docNames[file], + titles[file], + "", + null, + score, + filenames[file], + ]); + } + return results; + }, + + /** + * helper function to return a node containing the + * search summary for a given text. keywords is a list + * of stemmed words. + */ + makeSearchSummary: (htmlText, keywords, anchor) => { + const text = Search.htmlToText(htmlText, anchor); + if (text === "") return null; + + const textLower = text.toLowerCase(); + const actualStartPosition = [...keywords] + .map((k) => textLower.indexOf(k.toLowerCase())) + .filter((i) => i > -1) + .slice(-1)[0]; + const startWithContext = Math.max(actualStartPosition - 120, 0); + + const top = startWithContext === 0 ? "" : "..."; + const tail = startWithContext + 240 < text.length ? "..." : ""; + + let summary = document.createElement("p"); + summary.classList.add("context"); + summary.textContent = top + text.substr(startWithContext, 240).trim() + tail; + + return summary; + }, +}; + +_ready(Search.init); diff --git a/ia-terms-updates/it/_static/sphinx_highlight.js b/ia-terms-updates/it/_static/sphinx_highlight.js new file mode 100644 index 000000000..8a96c69a1 --- /dev/null +++ b/ia-terms-updates/it/_static/sphinx_highlight.js @@ -0,0 +1,154 @@ +/* Highlighting utilities for Sphinx HTML documentation. */ +"use strict"; + +const SPHINX_HIGHLIGHT_ENABLED = true + +/** + * highlight a given string on a node by wrapping it in + * span elements with the given class name. + */ +const _highlight = (node, addItems, text, className) => { + if (node.nodeType === Node.TEXT_NODE) { + const val = node.nodeValue; + const parent = node.parentNode; + const pos = val.toLowerCase().indexOf(text); + if ( + pos >= 0 && + !parent.classList.contains(className) && + !parent.classList.contains("nohighlight") + ) { + let span; + + const closestNode = parent.closest("body, svg, foreignObject"); + const isInSVG = closestNode && closestNode.matches("svg"); + if (isInSVG) { + span = document.createElementNS("http://www.w3.org/2000/svg", "tspan"); + } else { + span = document.createElement("span"); + span.classList.add(className); + } + + span.appendChild(document.createTextNode(val.substr(pos, text.length))); + const rest = document.createTextNode(val.substr(pos + text.length)); + parent.insertBefore( + span, + parent.insertBefore( + rest, + node.nextSibling + ) + ); + node.nodeValue = val.substr(0, pos); + /* There may be more occurrences of search term in this node. So call this + * function recursively on the remaining fragment. + */ + _highlight(rest, addItems, text, className); + + if (isInSVG) { + const rect = document.createElementNS( + "http://www.w3.org/2000/svg", + "rect" + ); + const bbox = parent.getBBox(); + rect.x.baseVal.value = bbox.x; + rect.y.baseVal.value = bbox.y; + rect.width.baseVal.value = bbox.width; + rect.height.baseVal.value = bbox.height; + rect.setAttribute("class", className); + addItems.push({ parent: parent, target: rect }); + } + } + } else if (node.matches && !node.matches("button, select, textarea")) { + node.childNodes.forEach((el) => _highlight(el, addItems, text, className)); + } +}; +const _highlightText = (thisNode, text, className) => { + let addItems = []; + _highlight(thisNode, addItems, text, className); + addItems.forEach((obj) => + obj.parent.insertAdjacentElement("beforebegin", obj.target) + ); +}; + +/** + * Small JavaScript module for the documentation. + */ +const SphinxHighlight = { + + /** + * highlight the search words provided in localstorage in the text + */ + highlightSearchWords: () => { + if (!SPHINX_HIGHLIGHT_ENABLED) return; // bail if no highlight + + // get and clear terms from localstorage + const url = new URL(window.location); + const highlight = + localStorage.getItem("sphinx_highlight_terms") + || url.searchParams.get("highlight") + || ""; + localStorage.removeItem("sphinx_highlight_terms") + url.searchParams.delete("highlight"); + window.history.replaceState({}, "", url); + + // get individual terms from highlight string + const terms = highlight.toLowerCase().split(/\s+/).filter(x => x); + if (terms.length === 0) return; // nothing to do + + // There should never be more than one element matching "div.body" + const divBody = document.querySelectorAll("div.body"); + const body = divBody.length ? divBody[0] : document.querySelector("body"); + window.setTimeout(() => { + terms.forEach((term) => _highlightText(body, term, "highlighted")); + }, 10); + + const searchBox = document.getElementById("searchbox"); + if (searchBox === null) return; + searchBox.appendChild( + document + .createRange() + .createContextualFragment( + '

" + ) + ); + }, + + /** + * helper function to hide the search marks again + */ + hideSearchWords: () => { + document + .querySelectorAll("#searchbox .highlight-link") + .forEach((el) => el.remove()); + document + .querySelectorAll("span.highlighted") + .forEach((el) => el.classList.remove("highlighted")); + localStorage.removeItem("sphinx_highlight_terms") + }, + + initEscapeListener: () => { + // only install a listener if it is really needed + if (!DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS) return; + + document.addEventListener("keydown", (event) => { + // bail for input elements + if (BLACKLISTED_KEY_CONTROL_ELEMENTS.has(document.activeElement.tagName)) return; + // bail with special keys + if (event.shiftKey || event.altKey || event.ctrlKey || event.metaKey) return; + if (DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS && (event.key === "Escape")) { + SphinxHighlight.hideSearchWords(); + event.preventDefault(); + } + }); + }, +}; + +_ready(() => { + /* Do not call highlightSearchWords() when we are on the search page. + * It will highlight words from the *previous* search query. + */ + if (typeof Search === "undefined") SphinxHighlight.highlightSearchWords(); + SphinxHighlight.initEscapeListener(); +}); diff --git a/ia-terms-updates/it/backup-restore.html b/ia-terms-updates/it/backup-restore.html new file mode 100644 index 000000000..c9df1ff14 --- /dev/null +++ b/ia-terms-updates/it/backup-restore.html @@ -0,0 +1,256 @@ + + + + + + + + backup-restore.rst — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

backup-restore.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +
  • req 1

  • +
  • req 2

  • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + +
+
+
+
+ + + + + + +
+
+
+
+ + + +
+
+ + + + +

Styled using the Piccolo Theme

+ + \ No newline at end of file diff --git a/ia-terms-updates/it/contribute.html b/ia-terms-updates/it/contribute.html new file mode 100644 index 000000000..49f9e26b0 --- /dev/null +++ b/ia-terms-updates/it/contribute.html @@ -0,0 +1,187 @@ + + + + + + + + contribute.rst — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

contribute.rst

+

Instruction to join in the development here.

+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+ + Standards> + +
+
+
+ + + + +

Styled using the Piccolo Theme

+ + \ No newline at end of file diff --git a/ia-terms-updates/it/defined-terms.html b/ia-terms-updates/it/defined-terms.html new file mode 100644 index 000000000..65bf6d8ef --- /dev/null +++ b/ia-terms-updates/it/defined-terms.html @@ -0,0 +1,309 @@ + + + + + + + + defined-terms.rst — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

defined-terms.rst

+

Di seguito le descrizioni di acronimi e definizioni, correlati al presente documento utili ad approfondimenti su tematiche che completano l' it-wallet e i componenti con i quali interagisce.

+
+

Acronimi

+ ++++ + + + + + + + + + + + + + + + + + + + + + + +

Acronimo

Descrizione

OID4VP

OpenID for Verifiable Presentation

PID

Person Identification Data

VC

Verifiable Credential

VP

Verifiable Presentation

API

Application Programming Interface. Insieme componenti previsti per semplificare gli scenari di integrazione di uno specifico Sistema.

+
+
+

Definizioni

+ ++++ + + + + + + + + + + + + + +

Definizione

Descrizione

Wallet Instance

Mobile App che gestisce, memorizza e protegge le Verifiable Credentials di un holder e ne consente la presentazione ad una Relying Party

Relying Party

Entità che riceve da una Wallet Instance una o più VP e processa le stesse

+
+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +
  • req 1

  • +
  • req 2

  • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + +
+
+
+
+ + + + + + +
+
+
+
+ + +
+ + trust.rst> + +
+
+
+ + + + +

Styled using the Piccolo Theme

+ + \ No newline at end of file diff --git a/ia-terms-updates/it/genindex.html b/ia-terms-updates/it/genindex.html new file mode 100644 index 000000000..c40e17e62 --- /dev/null +++ b/ia-terms-updates/it/genindex.html @@ -0,0 +1,181 @@ + + + + + + + Index — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ + +

Index

+ +
+ +
+ + +
+
+
+
+ + +
+
+
+
+
+ +
+ +
+ +
+
+
+ + + + +

Styled using the Piccolo Theme

+ + \ No newline at end of file diff --git a/ia-terms-updates/it/index.html b/ia-terms-updates/it/index.html new file mode 100644 index 000000000..1810d8c4c --- /dev/null +++ b/ia-terms-updates/it/index.html @@ -0,0 +1,341 @@ + + + + + + + + The Italian EUDI Wallet implementation profile — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

The Italian EUDI Wallet implementation profile

+

[TODO INTRO]

+

Introduzione

+

cos'è eIDAS

+

cos’è IT-Wallet

+

scopo delle regole tecniche

+

In this documentation you can find the technical specification +for implementing the following components:

+
+
    +
  • Entities of the ecosystem according to EIDAS-ARF.

  • +
  • Infrastructure of trust attesting realiability and eligibility of the participants.

  • +
  • PID and EAAs data schemes and attribute sets.

  • +
  • PID/EAA in MDL CBOR format.

  • +
  • PID/EAA in SD-JWT format.

  • +
  • Wallet Solution general architecture.

  • +
  • Wallet Instance Attestation data model in JWS format.

  • +
  • Issuance of PID/EAA according to OpenID4VCI.

  • +
  • Presentation of PID/EAA according to OpenID4VP.

  • +
  • Presentation of pseudonyms according to SIOPv2.

  • +
  • PID/EAA backup and restore mechanisms.

  • +
  • PID/EAA revocation lists.

  • +
+
+
+

Index of content

+
+ +
+
+
+ + +
+
+
+
+ + + + + + +
+
+
+
+
+ +
+ + +
+
+ + + + +

Styled using the Piccolo Theme

+ + \ No newline at end of file diff --git a/ia-terms-updates/it/issuance.html b/ia-terms-updates/it/issuance.html new file mode 100644 index 000000000..87c92a085 --- /dev/null +++ b/ia-terms-updates/it/issuance.html @@ -0,0 +1,256 @@ + + + + + + + + issuance.rst — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

issuance.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +
  • req 1

  • +
  • req 2

  • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + +
+
+
+
+ + + + + + +
+
+ + + + + +

Styled using the Piccolo Theme

+ + \ No newline at end of file diff --git a/ia-terms-updates/it/objects.inv b/ia-terms-updates/it/objects.inv new file mode 100644 index 0000000000000000000000000000000000000000..63a6cce059f42ef56bbcfbd105c810cbc92110fa GIT binary patch literal 895 zcmV-_1AzP^AX9K?X>NERX>N99Zgg*Qc_4OWa&u{KZXhxWBOp+6Z)#;@bUGkZXk{Qt zbYX01VQwHrRYXZ3S7B^yWpp5EZE$R5ZDnqBVRUJ4ZXj@SZ)Rz1WeOu8R%LQ?X>V>i zAa-SPb7^mGIv{LebY*jN3L_v?Xk{RBWo=<;Ze(S0Aa78b#rNMXCQiPX<{x4c-oa#O^@3k5WV|XSfW=d_1asdT~(1hNEPvm#6Z9>8*K#-u37lHcgL!+gLr>nc zAL7!6S*yiqvS2Xlne{zbYE(a2q2$V2mp3QY{hCIq!C0kXW^>hfE}ogGC8mvSwh*>Z zks%nPo=I~k-n=q&Q|oHO-T5i(NoI^#*zMzz~#s5P#j_>^bm< zw7P*8Hzir$YB+-i+3h;~g+(*g<5sD80twndqgEqmD|U%T63s{-qt0=KytI%UUa;VT zhH@YLuo1)9!vNAUpTi%h5!}i7XpbMvrv?9TPrXSNV^d`AzFnX_Sk?3 z7bnfMKRzb8%gtRrDaH}(o~o~G>e$q?>B|0eTe%q&uk^)urOQOv;Ah3B9%6@#f>U6O za%NdxlN=8;g!tN&K#{f-AUP82v_ON)O1qQNH4Ez`_L1P+3_|OUupZgKg*U_L&u3dR z7G|)kh~<_NRQHp~5R5HO3`|_fE52hB8Xcr~&W^$&Gp3RhFBwzMywXg^tG&1{74?*c z-;>bucf9X8{gM$J`;Y3vebWnL(Vok>;9-OM{ntQjrYc5CG*-j_)7=FN1T1*?8s?Ae z2^wPr74E5YHR + + + + + + + pid-eaa-data.rst — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

pid-eaa-data.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +
  • req 1

  • +
  • req 2

  • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + +
+
+
+
+ + + + + + +
+
+
+
+
+ + + <trust.rst + +
+ + +
+
+ + + + +

Styled using the Piccolo Theme

+ + \ No newline at end of file diff --git a/ia-terms-updates/it/pid-eaa-mdoc-cbor.html b/ia-terms-updates/it/pid-eaa-mdoc-cbor.html new file mode 100644 index 000000000..c084c23b5 --- /dev/null +++ b/ia-terms-updates/it/pid-eaa-mdoc-cbor.html @@ -0,0 +1,256 @@ + + + + + + + + pid-eaa-mdoc-cbor.rst — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

pid-eaa-mdoc-cbor.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +
  • req 1

  • +
  • req 2

  • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + +
+
+
+
+ + + + + + +
+
+
+
+ + + +
+
+ + + + +

Styled using the Piccolo Theme

+ + \ No newline at end of file diff --git a/ia-terms-updates/it/pid-eaa-sd-jwt.html b/ia-terms-updates/it/pid-eaa-sd-jwt.html new file mode 100644 index 000000000..04c1807d3 --- /dev/null +++ b/ia-terms-updates/it/pid-eaa-sd-jwt.html @@ -0,0 +1,256 @@ + + + + + + + + pid-eaa-sd-jwt.rst — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

pid-eaa-sd-jwt.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +
  • req 1

  • +
  • req 2

  • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + +
+
+
+
+ + + + + + +
+
+
+ +
+ + + + +

Styled using the Piccolo Theme

+ + \ No newline at end of file diff --git a/ia-terms-updates/it/pseudonyms.html b/ia-terms-updates/it/pseudonyms.html new file mode 100644 index 000000000..41ff303c5 --- /dev/null +++ b/ia-terms-updates/it/pseudonyms.html @@ -0,0 +1,256 @@ + + + + + + + + pseudonyms.rst — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

pseudonyms.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +
  • req 1

  • +
  • req 2

  • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + +
+
+
+
+ + + + + + +
+
+
+
+ + + +
+
+ + + + +

Styled using the Piccolo Theme

+ + \ No newline at end of file diff --git a/ia-terms-updates/it/revocation-lists.html b/ia-terms-updates/it/revocation-lists.html new file mode 100644 index 000000000..d3fb38b75 --- /dev/null +++ b/ia-terms-updates/it/revocation-lists.html @@ -0,0 +1,256 @@ + + + + + + + + revocation-lists.rst — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

revocation-lists.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +
  • req 1

  • +
  • req 2

  • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + +
+
+
+
+ + + + + + +
+
+
+
+ + +
+ + contribute.rst> + +
+
+
+ + + + +

Styled using the Piccolo Theme

+ + \ No newline at end of file diff --git a/ia-terms-updates/it/search.html b/ia-terms-updates/it/search.html new file mode 100644 index 000000000..baa17b341 --- /dev/null +++ b/ia-terms-updates/it/search.html @@ -0,0 +1,190 @@ + + + + + + + Search — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +

Search

+ + + + +

+ Searching for multiple words only shows matches that contain + all words. +

+ + +
+ + + +
+ + +
+ + +
+
+
+
+ + +
+
+
+
+
+ +
+ +
+ +
+
+
+ + + + +

Styled using the Piccolo Theme

+ + \ No newline at end of file diff --git a/ia-terms-updates/it/searchindex.js b/ia-terms-updates/it/searchindex.js new file mode 100644 index 000000000..bf8549751 --- /dev/null +++ b/ia-terms-updates/it/searchindex.js @@ -0,0 +1 @@ +Search.setIndex({"alltitles": {"Acronimi": [[2, "acronimi"]], "Attributes": [[0, "attributes"], [2, "attributes"], [4, "attributes"], [5, "attributes"], [6, "attributes"], [7, "attributes"], [8, "attributes"], [9, "attributes"], [10, "attributes"], [12, "attributes"], [13, "attributes"], [14, "attributes"]], "Definizioni": [[2, "definizioni"]], "External references": [[0, "external-references"], [2, "external-references"], [4, "external-references"], [5, "external-references"], [6, "external-references"], [7, "external-references"], [8, "external-references"], [9, "external-references"], [10, "external-references"], [12, "external-references"], [13, "external-references"], [14, "external-references"]], "General Properties": [[0, "general-properties"], [2, "general-properties"], [4, "general-properties"], [5, "general-properties"], [6, "general-properties"], [7, "general-properties"], [8, "general-properties"], [9, "general-properties"], [10, "general-properties"], [12, "general-properties"], [13, "general-properties"], [14, "general-properties"]], "Implementation considerations": [[0, "implementation-considerations"], [2, "implementation-considerations"], [4, "implementation-considerations"], [5, "implementation-considerations"], [6, "implementation-considerations"], [7, "implementation-considerations"], [8, "implementation-considerations"], [9, "implementation-considerations"], [10, "implementation-considerations"], [12, "implementation-considerations"], [13, "implementation-considerations"], [14, "implementation-considerations"]], "Index of content": [[3, "index-of-content"]], "Libraries and code snippets": [[0, "libraries-and-code-snippets"], [2, "libraries-and-code-snippets"], [4, "libraries-and-code-snippets"], [5, "libraries-and-code-snippets"], [6, "libraries-and-code-snippets"], [7, "libraries-and-code-snippets"], [8, "libraries-and-code-snippets"], [9, "libraries-and-code-snippets"], [10, "libraries-and-code-snippets"], [12, "libraries-and-code-snippets"], [13, "libraries-and-code-snippets"], [14, "libraries-and-code-snippets"]], "Requirements": [[0, "requirements"], [2, "requirements"], [4, "requirements"], [5, "requirements"], [6, "requirements"], [7, "requirements"], [8, "requirements"], [9, "requirements"], [10, "requirements"], [12, "requirements"], [13, "requirements"], [14, "requirements"]], "Standards": [[11, null]], "The Italian EUDI Wallet implementation profile": [[3, null]], "backup-restore.rst": [[0, null]], "contribute.rst": [[1, null]], "defined-terms.rst": [[2, null]], "issuance.rst": [[4, null]], "pid-eaa-data.rst": [[5, null]], "pid-eaa-mdoc-cbor.rst": [[6, null]], "pid-eaa-sd-jwt.rst": [[7, null]], "pseudonyms.rst": [[8, null]], "revocation-lists.rst": [[9, null]], "ssi-introduction.rst": [[10, null]], "trust.rst": [[12, null]], "wallet-instance-attestation.rst": [[13, null]], "wallet-solution.rst": [[14, null]]}, "docnames": ["backup-restore", "contribute", "defined-terms", "index", "issuance", "pid-eaa-data", "pid-eaa-mdoc-cbor", "pid-eaa-sd-jwt", "pseudonyms", "revocation-lists", "ssi-introduction", "standards", "trust", "wallet-instance-attestation", "wallet-solution"], "envversion": {"sphinx": 62, "sphinx.domains.c": 3, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 9, "sphinx.domains.index": 1, "sphinx.domains.javascript": 3, "sphinx.domains.math": 2, "sphinx.domains.python": 4, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.intersphinx": 1, "sphinx.ext.todo": 2}, "filenames": ["backup-restore.rst", "contribute.rst", "defined-terms.rst", "index.rst", "issuance.rst", "pid-eaa-data.rst", "pid-eaa-mdoc-cbor.rst", "pid-eaa-sd-jwt.rst", "pseudonyms.rst", "revocation-lists.rst", "ssi-introduction.rst", "standards.rst", "trust.rst", "wallet-instance-attestation.rst", "wallet-solution.rst"], "indexentries": {}, "objects": {}, "objnames": {}, "objtypes": {}, "terms": {"1": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "2": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "IT": 3, "In": 3, "accord": 3, "acronimi": 3, "acronimo": 2, "ad": 2, "al": 2, "all": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "api": 2, "app": 2, "applic": 2, "approfondimenti": 2, "ar": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "architectur": 3, "arf": 3, "attest": 3, "attribut": 3, "backup": 3, "can": 3, "cbor": 3, "che": 2, "claim": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "co": 3, "code": 3, "come": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "completano": 2, "compon": 3, "componenti": 2, "con": 2, "consent": 2, "consider": 3, "contain": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "contenuti": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "contribut": 3, "correlati": 2, "credenti": 2, "da": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "data": [2, 3], "defin": 3, "definizion": 2, "definizioni": 3, "dell": 3, "descript": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "descrizion": 2, "descrizioni": 2, "develop": 1, "di": 2, "document": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "documentazion": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "documento": 2, "e": 2, "eaa": 3, "ecosystem": 3, "eida": 3, "elig": 3, "entiti": 3, "entit\u00e0": 2, "esempi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "exampl": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "extern": 3, "find": 3, "follow": 3, "format": 3, "gener": 3, "gestisc": 2, "gli": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "here": 1, "holder": 2, "i": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "identif": 2, "infrastructur": 3, "insiem": 2, "instanc": [2, 3], "instruct": 1, "integrazion": 2, "intendersi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "interagisc": 2, "interfac": 2, "intro": 3, "introduct": 3, "introduzion": 3, "issuanc": 3, "join": 1, "jw": 3, "jwt": 3, "kei": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "l": 2, "la": 2, "le": 2, "librari": 3, "list": 3, "mdl": 3, "mdoc": 3, "meant": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "mechan": 3, "memorizza": 2, "mobil": 2, "model": 3, "ne": 2, "non": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "norm": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "normativi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "o": 2, "oid4vp": 2, "openid": 2, "openid4vci": 3, "openid4vp": 3, "paramet": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "parti": 2, "particip": 3, "per": 2, "person": 2, "pid": [2, 3], "pi\u00f9": 2, "present": [2, 3], "presentazion": 2, "previsti": 2, "processa": 2, "program": 2, "properti": 3, "protegg": 2, "pseudonym": 3, "quali": 2, "questa": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "realiabl": 3, "refer": 3, "regol": 3, "reli": 2, "req": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "requir": 3, "restor": 3, "revoc": 3, "ricev": 2, "rst": 3, "scenari": 2, "scheme": 3, "scopo": 3, "sd": 3, "seguito": 2, "semplificar": 2, "set": 3, "siopv2": 3, "sistema": 2, "snippet": 3, "solut": 3, "sono": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "specif": 3, "specifico": 2, "ssi": 3, "standard": 3, "stess": 2, "su": 2, "tabl": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "technic": 3, "tecnich": 3, "tematich": 2, "term": 3, "thi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "todo": [0, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "trust": 3, "tutti": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "un": 2, "una": 2, "uno": 2, "useful": [0, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "utili": 2, "valu": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "vc": 2, "verifi": 2, "vp": 2, "wallet": 2, "what": [0, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "you": 3, "\u00e8": 3}, "titles": ["backup-restore.rst", "contribute.rst", "defined-terms.rst", "The Italian EUDI Wallet implementation profile", "issuance.rst", "pid-eaa-data.rst", "pid-eaa-mdoc-cbor.rst", "pid-eaa-sd-jwt.rst", "pseudonyms.rst", "revocation-lists.rst", "ssi-introduction.rst", "Standards", "trust.rst", "wallet-instance-attestation.rst", "wallet-solution.rst"], "titleterms": {"The": 3, "acronimi": 2, "attest": 13, "attribut": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "backup": 0, "cbor": 6, "code": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "consider": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "content": 3, "contribut": 1, "data": 5, "defin": 2, "definizioni": 2, "eaa": [5, 6, 7], "eudi": 3, "extern": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "gener": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "implement": [0, 2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "index": 3, "instanc": 13, "introduct": 10, "issuanc": 4, "italian": 3, "jwt": 7, "librari": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "list": 9, "mdoc": 6, "pid": [5, 6, 7], "profil": 3, "properti": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "pseudonym": 8, "refer": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "requir": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "restor": 0, "revoc": 9, "rst": [0, 1, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "sd": 7, "snippet": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "solut": 14, "ssi": 10, "standard": 11, "term": 2, "trust": 12, "wallet": [3, 13, 14]}}) \ No newline at end of file diff --git a/ia-terms-updates/it/ssi-introduction.html b/ia-terms-updates/it/ssi-introduction.html new file mode 100644 index 000000000..22b999f9a --- /dev/null +++ b/ia-terms-updates/it/ssi-introduction.html @@ -0,0 +1,256 @@ + + + + + + + + ssi-introduction.rst — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

ssi-introduction.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +
  • req 1

  • +
  • req 2

  • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + +
+
+
+
+ + + + + + +
+
+ + + + + +

Styled using the Piccolo Theme

+ + \ No newline at end of file diff --git a/ia-terms-updates/it/standards.html b/ia-terms-updates/it/standards.html new file mode 100644 index 000000000..230fa154d --- /dev/null +++ b/ia-terms-updates/it/standards.html @@ -0,0 +1,184 @@ + + + + + + + + Standards — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

Standards

+

TODO

+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+ +
+
+
+ + + + +

Styled using the Piccolo Theme

+ + \ No newline at end of file diff --git a/ia-terms-updates/it/trust.html b/ia-terms-updates/it/trust.html new file mode 100644 index 000000000..ef47dde8a --- /dev/null +++ b/ia-terms-updates/it/trust.html @@ -0,0 +1,256 @@ + + + + + + + + trust.rst — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

trust.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +
  • req 1

  • +
  • req 2

  • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + +
+
+
+
+ + + + + + +
+
+
+
+ + + +
+
+ + + + +

Styled using the Piccolo Theme

+ + \ No newline at end of file diff --git a/ia-terms-updates/it/wallet-instance-attestation.html b/ia-terms-updates/it/wallet-instance-attestation.html new file mode 100644 index 000000000..53f26e50b --- /dev/null +++ b/ia-terms-updates/it/wallet-instance-attestation.html @@ -0,0 +1,256 @@ + + + + + + + + wallet-instance-attestation.rst — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

wallet-instance-attestation.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +
  • req 1

  • +
  • req 2

  • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + +
+
+
+
+ + + + + + +
+
+
+
+ + +
+ + issuance.rst> + +
+
+
+ + + + +

Styled using the Piccolo Theme

+ + \ No newline at end of file diff --git a/ia-terms-updates/it/wallet-solution.html b/ia-terms-updates/it/wallet-solution.html new file mode 100644 index 000000000..0c67e5e1d --- /dev/null +++ b/ia-terms-updates/it/wallet-solution.html @@ -0,0 +1,256 @@ + + + + + + + + wallet-solution.rst — The Italian EUDI Wallet implementation profile version: latest documentation + + + + + + + + + + + + + +
+ + + +
+ + + + + +
+
+
+
+ +
+

wallet-solution.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +
  • req 1

  • +
  • req 2

  • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + +
+
+
+
+ + + + + + +
+
+ + + + + +

Styled using the Piccolo Theme

+ + \ No newline at end of file