From f7c328f1f655626b1acab74770f8f92ad3d86d61 Mon Sep 17 00:00:00 2001 From: "Binh Q. Nguyen" Date: Tue, 30 Aug 2016 14:46:35 -0400 Subject: [PATCH] [ci skip] Creating a home for proposals This commit creates a folder `proposals/r1` in the root of Fabric source code tree to hold mature proposal documents. It also includes 4 documents from the Fabric wiki archive as they are relevant for the current development. Change-Id: Ic8e338318792e83376e42a58c00dde036184f69b Signed-off-by: Binh Q. Nguyen --- .../Custom-Events-High-level-specification.md | 98 +++ .../Next-Consensus-Architecture-Proposal.md | 756 ++++++++++++++++++ .../r1/Next-Ledger-Architecture-Proposal.md | 223 ++++++ proposals/r1/Release-Process.md | 55 ++ .../r1/System-Chaincode-Specification.md | 114 +++ proposals/r1/blocks-2.png | Bin 0 -> 44980 bytes proposals/r1/flow-2.png | Bin 0 -> 67362 bytes 7 files changed, 1246 insertions(+) create mode 100644 proposals/r1/Custom-Events-High-level-specification.md create mode 100644 proposals/r1/Next-Consensus-Architecture-Proposal.md create mode 100644 proposals/r1/Next-Ledger-Architecture-Proposal.md create mode 100644 proposals/r1/Release-Process.md create mode 100644 proposals/r1/System-Chaincode-Specification.md create mode 100644 proposals/r1/blocks-2.png create mode 100644 proposals/r1/flow-2.png diff --git a/proposals/r1/Custom-Events-High-level-specification.md b/proposals/r1/Custom-Events-High-level-specification.md new file mode 100644 index 00000000000..5e5bbd6ddd4 --- /dev/null +++ b/proposals/r1/Custom-Events-High-level-specification.md @@ -0,0 +1,98 @@ + +@muralisrini and @pmullaney + +## Introduction + +The events framework supports the ability to emit 2 types of audible events, block and custom/chaincode events (of type ChaincodeEvent defined in events.proto). The basic idea is that clients (event consumers) will register for event types (currently "block" or "chaincode") and in the case of chaincode they may specify additional registration criteria namely chaincodeID and eventname. ChaincodeID indentifies the specific chaincode deployment that the client has interest in seeing events from and eventname is a string that the chaincode developer embeds when invoking the chaincode stub's `SetEvent` API. Invoke transactions are currently the only operations that can emit events and each invoke is limited to one event emitted per transaction. It should be noted that there are no “transient” or “ephemeral” events that are not stored on the ledger. Thus, events are as deterministic as any other transactional data on the block chain. This basic infrastructure can be extended for successful + +## Tactical design: Use TransactionResult to store events + +Add an Event message to TransactionResult + +``` +/ chaincodeEvent - any event emitted by a transaction +type TransactionResult struct { + Uuid string + Result []byte + ErrorCode uint32 + Error string + ChaincodeEvent *ChaincodeEvent +} +``` +Where **ChaincodeEvent** is + +``` +type ChaincodeEvent struct { + ChaincodeID string + TxID string + EventName string + Payload []byte +} +``` + +Where ChaincodeID is the uuid associated with the chaincode, TxID is the transaction that generated the event, EventName is the name given to the event by the chaincode(see `SetEvent`), and Payload is the payload attached to the event by the chaincode. The fabric does not impose a structure or restriction on the Payload although it is good practice to not make it large in size. + +SetEvent API on chaincode Shim + +``` +func (stub *ChaincodeStub) GetState(key string) +func (stub *ChaincodeStub) PutState(key string, value [\]byte) +func (stub *ChaincodeStub) DelState(key string) +… +… +func (stub *ChaincodeStub) SetEvent(name string, payload []byte) +… +… +``` + +When the transaction is completed, SetEvent will result in the event being added to TransactionResult and commited to ledger. The event will then be posted to all clients registered for that event by the event framework. + + +##General Event types and their relation to Chaincode Events + + +Events are associated with event types. Clients register interest in the event types they want to receive events of. +Life-cycle of an Event Type is illustrated by a “block” event + + 1. On boot-up peer adds "block" to the supported event types + 2. Clients can register interest in “block” event type with a peer (or multiple peers) + 3. On Block creation Peers post an event to all registered clients + 4. Clients receive the “block” event and process the transactions in the block + +Chaincode events add an additional level of registration filtering. Instead of registering for all events of a given event type, chaincode events allow clients to register for a specific event from a specific chaincode. For this first version, for simplicity, we have not implemented wildcard or regex matching on the eventname but that is planned. More information on this in "Client Interface" below. + +## Client Interface + +The current interface for client to register and then receive events is a gRPC interface with pb messages defined in protos/events.proto. The Register message is a series (`repeated`) of Interest messages. Each Interest represents a single event registration. + +``` +message Interest { + EventType eventType = 1; + //Ideally we should just have the following oneof for different + //Reg types and get rid of EventType. But this is an API change + //Additional Reg types may add messages specific to their type + //to the oneof. + oneof RegInfo { + ChaincodeReg chaincodeRegInfo = 2; + } +} + +//ChaincodeReg is used for registering chaincode Interests +//when EventType is CHAINCODE +message ChaincodeReg { + string chaincodeID = 1; + string eventName = 2; + ~~bool anyTransaction = 3;~~ //TO BE REMOVED +} + +//Register is sent by consumers for registering events +//string type - "register" +message Register { + repeated Interest events = 1; +} + +``` + +As mentioned in previous section, clients should register for chaincode events using `ChaincodeReg` message where `chaincodeID` refers to the ID of chaincode as returned by the deploy transaction and `eventName` refers to the name of the event posted by the chaincode. Setting `eventName` with empty string (or "*") will cause all events from a chaincode to be sent to the listener. + +There is a service defined in events.proto with a single method that receives a stream of registration events and returns an stream that the client can use to read events from as they occur. diff --git a/proposals/r1/Next-Consensus-Architecture-Proposal.md b/proposals/r1/Next-Consensus-Architecture-Proposal.md new file mode 100644 index 00000000000..cb01e36f645 --- /dev/null +++ b/proposals/r1/Next-Consensus-Architecture-Proposal.md @@ -0,0 +1,756 @@ + +Authors: Elli Androulaki, Christian Cachin, Angelo De Caro, Konstantinos Christidis, Chet Murthy, Binh Nguyen, Alessandro Sorniotti, and Marko Vukolić + +This page documents the architecture of a blockchain infrastructure with the roles of a blockchain node separated into roles of *peers* (who maintain state/ledger) and *consenters* (who consent on the order of transactions included in the blockchain state). In common blockchain architectures (including Hyperledger fabric as of July 2016) these roles are unified (cf. *validating peer* in Hyperledger fabric). The architecture also introduces *endorsing peers* (endorsers), as special type of peers responsible for simulating execution and *endorsing* transactions (roughly corresponding to executing/validating transactions in HL fabric 0.5-developer-preview). + +The architecture has the following advantages compared to the design in which peers/consenters/endorsers are unified. + +* **Chaincode trust flexibility.** The architecture separates *trust assumptions* for chaincodes (blockchain applications) from trust assumptions for consensus. In other words, the consensus service may be provided by one set of nodes (consenters) and tolerate some of them to fail or misbehave, and the endorsers may be different for each chaincode. + +* **Scalability.** As the endorser nodes responsible for particular chaincode are orthogonal to the consenters, the system may *scale* better than if these functions were done by the same nodes. In particular, this results when different chaincodes specify disjoint endorsers, which introduces a partitioning of chaincodes between endorsers and allows parallel chaincode execution (endorsement). Besides, chaincode execution, which can potentially be costly, is removed from the critical path of the consensus service. + +* **Confidentiality.** The architecture facilitates deployment of chaincodes that have *confidentiality* requirements with respect to the content and state updates of its transactions. + +* **Consensus modularity.** The architecture is *modular* and allows pluggable consensus implementations. + + +## Table of contents + +1. System architecture +1. Basic workflow of transaction endorsement +1. Endorsement policies +1. Blockchain data structures +1. State transfer and checkpointing +1. Confidentiality + +--- + +## 1. System architecture + +The blockchain is a distributed system consisting of many nodes that communicate with each other. The blockchain runs programs called chaincode, holds state and ledger data, and executes transactions. The chaincode is the central element: transactions are operations invoked on the chaincode and only chaincode changes the state. Transactions have to be "endorsed" and only endorsed transactions are committed and have an effect on the state. There may exist one or more special chaincodes for management functions and parameters, collectively called *system chaincodes*. + + +### 1.1. Transactions + +Transactions may be of two types: + +* *Deploy transactions* create new chaincode and take a program as parameter. When a deploy transaction executes successfully, the chaincode has been installed "on" the blockchain. + +* *Invoke transactions* perform an operation in the context of previously deployed chaincode. An invoke transaction refers to a chaincode and to one of its provided functions. When successful, the chaincode executes the specified function - which may involve modifying the corresponding state, and returning an output. + +As described later, deploy transactions are special cases of invoke transactions, where a deploy transaction that creates new chaincode, corresponds to an invoke transaction on a system chaincode. + +**Remark:** *This document currently assumes that a transaction either creates new chaincode or invokes an operation provided by _one_ already deployed chaincode. This document does not yet describe: a) support for cross-chaincode transactions, b) optimizations for query (read-only) transactions.* + +### 1.2. State + +**Blockchain state.** The state of the blockchain ("world state") has a simple structure and is modeled as a versioned key/value store (KVS), where keys are names and values are arbitrary blobs. These entries are manipulated by the chaincodes (applications) running on the blockchain through `put` and `get` KVS-operations. The state is stored persistently and updates to the state are logged. Notice that versioned KVS is adopted as state model, an implementation may use actual KVSs, but also RDBMSs or any other solution. + +More formally, blockchain state `s` is modeled as an element of a mapping `K -> (V X N)`, where: + +* `K` is a set of keys +* `V` is a set of values +* `N` is an infinite ordered set of version numbers. Injective function `next: N -> N` takes an element of `N` and returns the next version number. + +Both `V` and `N` contain a special element `\bot`, which is in case of `N` the lowest element. Initially all keys are mapped to `(\bot,\bot)`. For `s(k)=(v,ver)` we denote `v` by `s(k).value`, and `ver` by `s(k).version`. + +KVS operations are modeled as follows: + +* `put(k,v)`, for `k\in K` and `v\in V`, takes the blockchain state `s` and changes it to `s'` such that `s'(k)=(v,next(s(k).version))` with `s'(k')=s(k')` for all `k'!=k`. +* `get(k)` returns `s(k)`. + +**State partitioning.** Keys in the KVS can be recognized from their name to belong to a particular chaincode, in the sense that only transaction of a certain chaincode may modify the keys belonging to this chaincode. In principle, any chaincode can read the keys belonging to other chaincodes (state of the confidential chaincodes cannot be read in clear - see Section 6). *Support for cross-chaincode transactions, that modify the state belonging to two or more chaincodes will be added in future.* + +**Ledger.** Evolution of blockchain state (history) is kept in a *ledger*. Ledger is a hashchain of blocks of transactions. Transactions in the ledger are totally ordered. + +Blockchain state and ledger are further detailed in Section 4. + +### 1.3. Nodes + +Nodes are the communication entities of the blockchain. A "node" is only a logical function in the sense that multiple nodes of different types can run on the same physical server. What counts is how nodes are grouped in "trust domains" and associated to logical entities that control them. + +There are three types of nodes: + +1. **Client** or **submitting-client**: a client that submits an actual transaction-invocation. + +2. **Peer**: a node that commits transactions and maintains the state and a copy of the ledger. Besides, peers can have two special roles: + + a. A **submitting peer** or **submitter**, + + b. An **endorsing peer** or **endorser**. + + +3. **Consensus-service-node** or **consenter**: a node running the communication service that implements a delivery guarantee (such as atomic broadcast) typically by running consensus. + +Notice that consenters and clients do not maintain ledgers and blockchain state, only peers do. + +The types of nodes are explained next in more detail. + +#### 1.3.1. Client + +The client represents the entity that acts on behalf of an end-user. It must connect to a peer for communicating with the blockchain. The client may connect to any peer of its choice. Clients create and thereby invoke transactions. + +#### 1.3.2. Peer + +A peer communicates with the consensus service and maintain the blockchain state and the ledger. Such peers receive ordered state updates from the consensus service and apply them to the locally held state. + +Peers can additionally take up one of two roles described next. + +* **Submitting peer.** A *submitting peer* is a special role of a peer that provides an interface to clients, such that a client may connect to a submitting peer for invoking transactions and obtaining results. The peer communicates with the other blockchain nodes on behalf of one or more clients for executing the transaction. + + +* **Endorsing peer.** The special function of an *endorsing peer* occurs with respect to a particular chaincode and consists in *endorsing* a transaction before it is committed. Every chaincode may specify an *endorsement policy* that may refer to a set of endorsing peers. The policy defines the necessary and sufficient conditions for a valid transaction endorsement (typically a set of endorsers' signatures), as described later in Sections 2 and 3. In the special case of deploy transactions that install new chaincode the (deployment) endorsement policy is specified as an endorsement policy of the system chaincode. + +To emphasize a peer that does not also have a role of a submitting peer or an endorsing peer, such a peer is sometimes referred to as a *committing peer*. + + +#### 1.3.3. Consensus service nodes (Consenters) + +The *consenters* form the *consensus service*, i.e., a communication fabric that provides delivery guarantees. The consensus service can be implemented in different ways: ranging from a centralized service (used e.g., in development and testing) to distributed protocols that target different network and node fault models. + +Peers are clients of the consensus service, to which the consensus service provides a shared *communication channel* offering a broadcast service for messages containing transactions. Peers connect to the channel and may send and receive messages on the channel. The channel supports *atomic* delivery of all messages, that is, message communication with total-order delivery and (implementation specific) reliability. In other words, the channel outputs the same messages to all connected peers and outputs them to all peers in the same logical order. This atomic communication guarantee is also called *total-order broadcast*, *atomic broadcast*, or *consensus* in the context of distributed systems. The communicated messages are the candidate transactions for inclusion in the blockchain state. + + +**Partitioning (consensus channels).** Consensus service may support multiple *channels* similar to the *topics* of a publish/subscribe (pub/sub) messaging system. Clients can connects to a given channel and can then send messages and obtain the messages that arrive. Channels can be thought of as partitions - clients connecting to one channel are unaware of the existence of other channels, but clients may connect to multiple channels. For simplicity, in the rest of this document and unless explicitly mentioned otherwise, we assume consensus service consists of a single channel/topic. + + +**Consensus service API.** Peers connect to the channel provided by the consensus service, via the interface provided by the consensus service. The consensus service API consists of two basic operations (more generally *asynchronous events*): + +* `broadcast(blob)`: the submitting peer calls this to broadcast an arbitrary message `blob` for dissemination over the channel. This is also called `request(blob)` in the BFT context, when sending a request to a service. + +* `deliver(seqno, prevhash, blob)`: the consensus service calls this on the peer to deliver the message `blob` with the specified non-negative integer sequence number (`seqno`) and hash of the most recently delivered blob (`prevhash`). In other words, it is an output event from the consensus service. `deliver()` is also sometimes called `notify()` in pub-sub systems or `commit()` in BFT systems. + + + Notice that consensus service clients (i.e., peers) interact with the service only through `broadcast()` and `deliver()` events. + +**Consensus properties.** The guarantees of the consensus service (or atomic-broadcast channel) are as follows. They answer the following question: *What happens to a broadcasted message and what relations exist among delivered messages?* + +1. **Safety (consistency guarantees)**: As long as peers are connected for sufficiently long periods of time to the channel (they can disconnect or crash, but will restart and reconnect), they will see an *identical* series of delivered `(seqno, prevhash, blob)` messages. This means the outputs (`deliver()` events) occur in the *same order* on all peers and according to sequence number and carry *identical content* (`blob` and `prevhash`) for the same sequence number. Note this is only a *logical order*, and a `deliver(seqno, prevhash, blob)` on one peer is not required to occur in any real-time relation to `deliver(seqno, prevhash, blob)` that outputs the same message at another peer. Put differently, given a particular `seqno`, *no* two correct peers deliver *different* `prevhash` or `blob` values. Moreover, no value `blob` is delivered unless some consensus client (peer) actually called `broadcast(blob)` and, preferably, every broadcasted blob is only delivered *once*. + + Furthermore, the `deliver()` event contains the cryptographic hash of the previous `deliver()` event (`prevhash`). When the consensus service implements atomic broadcast guarantees, `prevhash` is the cryptographic hash of the parameters from the `deliver()` event with sequence number `seqno-1`. This establishes a hash chain across `deliver()` events, which is used to help verify the integrity of the consensus output, as discussed in Sections 4 and 5 later. In the special case of the first `deliver()` event, `prevhash` has a default value. + + +1. **Liveness (delivery guarantee)**: Liveness guarantees of the consensus service are specified by a consensus service implementation. The exact guarantees may depend on the network and node fault model. + + In principle, if the submitting does not fail, the consensus service should guarantee that every correct peer that connects to the consensus service eventually delivers every submitted transaction. + + +To summarize, the consensus service ensures the following properties: + +* *Agreement.* For any two events at correct peers `deliver(seqno, prevhash0, blob0)` and `deliver(seqno, prevhash1, blob1)` with the same `seqno`, `prevhash0==prevhash1` and `blob0==blob1`; +* *Hashchain integrity.* For any two events at correct peers `deliver(seqno-1, prevhash0, blob0)` and `deliver(seqno, prevhash, blob)`, `prevhash = HASH(seqno-1||prevhash0||blob0)`. +* *No skipping*. If a consensus service outputs `deliver(seqno, prevhash, blob)` at a correct peer *p*, such that `seqno>0`, then *p* already delivered an event `deliver(seqno-1, prevhash0, blob0)`. +* *No creation*. Any event `deliver(seqno, prevhash, blob)` at a correct peer must be preceded by a `broadcast(blob)` event at some (possibly distinct) peer; +* *No duplication (optional, yet desirable)*. For any two events `broadcast(blob)` and `broadcast(blob')`, when two events `deliver(seqno0, prevhash0, blob)` and `deliver(seqno1, prevhash1, blob')` occur at correct peers and blob == blob', then `seqno0==seqno1` and `prevhash0==prevhash1`. +* *Liveness*. If a correct peer invokes an event `broadcast(blob)` then every correct peer "eventually" issues an event `deliver(*, *, blob)`, where `*` denotes an arbitrary value. + + +## 2. Basic workflow of transaction endorsement + +In the following we outline the high-level request flow for a transaction. + +**Remark:** *Notice that the following protocol _does not_ assume that all transactions are deterministic, i.e., it allows for non-deterministic transactions.* + +### 2.1. The client creates a transaction and sends it to a submitting peer of its choice + +To invoke a transaction, the client sends the following message to a submitting peer `spID`. + +``, where + +- `tx=`, where + - `clientID` is an ID of the submitting client, + - `chaincodeID` refers to the chaincode to which the transaction pertains, + - `txPayload` is the payload containing the submitted transaction itself, + - `clientSig` is signature of a client on other fields of `tx`. +- `retryFlag` is a boolean that tells the submitting peer whether to retry the submission of the transaction in case transaction fails, + +The details of `txPayload` will differ between invoke transactions and +deploy transactions (i.e., invoke transactions referring to +a deploy-specific system chaincode). For an **invoke transaction**, +`txPayload` would consist of one field + +- `invocation = `, where + - `operation` denotes the chaincode operation (function) and arguments, + - `metadata` denotes attributes related to the invocation. + +For a **deploy transaction**, `txPayload` would consist of two fields + +- `chainCode = `, where + - `source` denotes the source code of the chaincode, + - `metadata` denotes attributes related to the chaincode and application, +- `policies` contains policies related to the chaincode that are accessible to all peers, such as the endorsement policy + +**TODO:** Decide whether to include explicitly local/logical time at the client (a timestamp). + +### 2.2. The submitting peer prepares a transaction and sends it to endorsers for obtaining an endorsement + +On reception of a `` message from a client, the submitting peer first verifies the client's signature `clientSig` and then prepares a transaction. This involves submitting peer tentatively *executing* a transaction (`txPayload`), by invoking the chaincode to which the transaction refers (`chaincodeID`) and the copy of the state that the submitting peer locally holds. + +As a result of the execution, the submitting peer computes a _state update_ (`stateUpdate`) and _version dependencies_ (`verDep`), also called *MVCC+postimage info* in DB language. + +Recall that the state consists of key/value (k/v) pairs. All k/v entries are versioned, that is, every entry contains ordered version information, which is incremented every time when the value stored under a key is updated. The peer that interprets the transaction records all k/v pairs accessed by the chaincode, either for reading or for writing, but the peer does not yet update its state. More specifically: + +* `verDep` is a tuple `verDep=(readset,writeset)`. Given state `s` before a submitting peer executes a transaction: + * for every key `k` read by the transaction, pair `(k,s(k).version)` is added to `readset`. + * for every key `k` modified by the transaction, pair `(k,s(k).version)` is added to `writeset`. +* additionally, for every key `k` modified by the transaction to the new value `v'`, pair `(k,v')` is added to `stateUpdate`. Alternatively, `v'` could be the delta of the new value to previous value (`s(k).value`). + +An implementation may combine `verDep.writeset` with `stateUpdate` into a single data structure. + +Then, `tran-proposal := (spID,chaincodeID,txContentBlob,stateUpdate,verDep)`, + +where `txContentBlob` is chaincode/transaction specific information. The intention is to have `txContentBlob` used as some representation of `tx` (e.g., `txContentBlob=tx.txPayload`). More details are given in Section 6. + +Cryptographic hash of `tran-proposal` is used by all nodes as a unique transaction identifier `tid` (i.e., `tid=HASH(tran-proposal)`). + +The submitting peer then sends the transaction (i.e., `tran-proposal`) to the endorsers for the chaincode concerned. The endorsing peers are selected according to the interpretation of the policy and the availability of peers, known by the peers. For example, the transaction could be sent to *all* endorsers of a given `chaincodeID`. That said, some endorsers could be offline, others may object and choose not to endorse the transaction. The submitting peer tries to satisfy the policy expression with the endorsers available. + +The submitting peer `spID` sends the transaction to an endorsing peer `epID` using the following message: + +`` + +**Possible optimization:** An implementation may optimize duplication of `chaincodeID` in `tx.chaincodeID` and `tran-proposal.chaincodeID`, as well as possible duplication of `txPayload` in `tx.txPayload` and `tran-proposal.txContentBlob`. + +Finally, the submitting peer stores `tran-proposal` and `tid` in memory and waits for responses from endorsing peers. + +**Alternative design:** *As described here the submitting peer communicates directly with the endorsers. This could also be a function performed by the consensus service; in this case it should be determined whether fabric has to follow atomic broadcast delivery guarantee for this or use simple peer-to-peer communication. In that case the consensus service would also be responsible to collect the endorsements according to the policy and to return them to the submitting peer.* + +**TODO:** Decide on communication between submitting peers and endorsing peers: peer-to-peer or using the consensus service. + +### 2.3. An endorser receives and endorses a transaction + +When a transaction is delivered to a connected endorsing peer for the chaincode `tran-proposal.chaincodeID` by means of a `PROPOSE` message, the endorsing peer performs the following steps: + +* The endorser verifies `tx.clientSig` and ensures `tx.chaincodeID==tran-proposal.chaincodeID`. + +* The endorser simulates the transaction (using `tx.txPayload`) and verifies that the state update and dependency information are correct. If everything is valid, the peer digitally signs the statement `(TRANSACTION-VALID, tid)` producing signature `epSig`. The endorsing peer then sends `` message to the submitting peer (`tran-proposal.spID`). + +* Else, in case the transaction simulation at endorsers fails to produce results from `tran-proposal`, we distinguish the following cases: + + a. if the endorser obtains different state updates than those in `tran-proposal.stateUpdates`, the peer signs a statement `(TRANSACTION-INVALID, tid, INCORRECT_STATE)` and sends the signed statement to the submitting peer. + + b. if the endorser is aware of more advanced data versions than those referred to in `tran-proposal.verDeps`, it signs a statement `(TRANSACTION-INVALID, tid, STALE_VERSION)` and sends the signed statement to the submitting peer. + + c. if the endorser does not want to endorse a transaction for any other reason (internal endorser policy, error in a transaction, etc.) it signs a statement `(TRANSACTION-INVALID, tid, REJECTED)` and sends the signed statement to the submitting peer. + +Notice that an endorser does not change its state in this step, the updates are not logged! + +**Alternative design:** *An endorsing peer may omit to inform the submitting peer about an invalid transaction altogether, without sending explicit `TRANSACTION-INVALID` notifications.* + +**Alternative design:** *The endorsing peer submits the `TRANSACTION-VALID`/`TRANSACTION-INVALID` statement and signature to the consensus service for delivery.* + +**TODO:** Decide on alternative designs above. + +### 2.4. The submitting peer collects an endorsement for a transaction and broadcasts it through consensus + +The submitting peer waits until it receives enough messages and signatures on `(TRANSACTION-VALID, tid)` statements to conclude that the transaction proposal is endorsed (including possibly its own signature). This will depend on the chaincode endorsement policy (see also Section 3). If the endorsement policy is satisfied, the transaction has been *endorsed*; note that it is not yet committed. The collection of signatures from endorsing peers which establish that a transaction is endorsed is called an *endorsement*, the peer stores them in `endorsement`. + +If the submitting peer does not manage to collect an endorsement for a transaction proposal, it abandons this transaction and notifies the submitting client. If `retryFlag` has been originally set by the submitting client (see step 1 and the `SUBMIT` message) the submitting peer may (depending on submitting peer policies) retry the transaction (from step 2). + +For transaction with a valid endorsement, we now start using the consensus-fabric. The submitting peer invokes consensus service using the `broadcast(blob)`, where `blob=(tran-proposal, endorsement)`. + +### 2.5. The consensus service delivers a transactions to the peers + +When an event `deliver(seqno, prevhash, blob)` occurs and a peer has applied all state updates for blobs with sequence number lower than `seqno`, a peer does the following: + +* It checks that the `blob.endorsement` is valid according to the policy of the chaincode (`blob.tran-proposal.chaincodeID`) to which it refers. (This step might be performed even without waiting for applying the state updates with sequence numbers smaller than `seqno`.) + +* It verifies that the dependencies (`blob.tran-proposal.verDep`) have not been violated meanwhile. + +Verification of dependencies can be implemented in different ways, according to a consistency property or "isolation guarantee" that is chosen for the state updates. For example, **serializability** can be provided by requiring the version associated with each key in the `readset` or `writeset` to be equal to that key's version in the state, and rejecting transactions that do not satisfy this requirement. As another example, one can provide **snapshot isolation** when all keys in the `writeset` still have the same version as in the state as in the dependency data. The database literature contains many more isolation guarantees. + +**TODO:** Decide whether to insist on serializability or allow chaincode to specify isolation level. + +* If all these checks pass, the transaction is deemed *valid* or *committed*. This means that a peer appends the transaction to the ledger and subsequently applies `blob.tran-proposal.stateUpdates` to blockchain state. Only committed transactions may change the state. + +* If any of these checks fail, the transaction is invalid and the peer drops the transaction. It is important to note that invalid transactions are not committed, do not change the state, and are not recorded. + +Additionally, the submitting peer notifies the client of a dropped transaction. If `retryFlag` has been originally set by the submitting client (see step 1 and the `SUBMIT` message) the submitting peer may (depending on submitting peer policies) retry the transaction (from step 2). + +![Illustration of the transaction flow (common-case path).](flow-2.png) + +Figure 1. Illustration of the transaction flow (common-case path). + +--- + +## 3. Endorsement policies + +### 3.1. Endorsement policy specification + +An **endorsement policy**, is a condition on what _endorses_ a transaction. An endorsement policy is specified by a `deploy` transaction that installs specific chaincode. A transaction is declared valid only if it has been endorsed according to the policy. An invoke transaction for a chaincode will first have to obtain an *endorsement* that satisfies the chaincode's policy or it will not be committed. This takes place through the interaction between the submitting peer and endorsing peers as explained in Section 2. + +Formally the endorsement policy is a predicate on the transaction, endorsement, and potentially further state that evaluates to TRUE or FALSE. For deploy transactions the endorsement is obtained according to a system-wide policy (for example, from the system chaincode). + +Formally an endorsement policy is a predicate referring to certain variables. Potentially it may refer to: + +1. keys or identities relating to the chaincode (found in the metadata of the chaincode), for example, a set of endorsers; +2. further metadata of the chaincode; +3. elements of the transaction itself; +4. and potentially more. + +The evaluation of an endorsement policy predicate must be deterministic. Endorsement policies must not be complex and cannot be "mini chaincode". The endorsement policy specification language must be limited and enforce determinism. + +The list is ordered by increasing expressiveness and complexity, that is, it will be relatively simple to support policies that only refer to keys and identities of nodes. + +**TODO:** Decide on parameters of the endorsement policy. + +The predicate may contain logical expressions and evaluates to TRUE or FALSE. Typically the condition will use digital signatures on the transaction invocation issued by endorsing peers for the chaincode. + +Suppose the chaincode specifies the endorser set `E = {Alice, Bob, Charlie, Dave, Eve, Frank, George}`. Some example policies: + +- A valid signature from all members of E. + +- A valid signature from any single member of E. + +- Valid signatures from endorsing peers according to the condition + `(Alice OR Bob) AND (any two of: Charlie, Dave, Eve, Frank, George)`. + +- Valid signatures by any 5 out of the 7 endorsers. (More generally, for chaincode with `n > 3f` endorsers, valid signatures by any `2f+1` out of the `n` endorsers, or by any group of *more* than `(n+f)/2` endorsers.) + +- Suppose there is an assignment of "stake" or "weights" to the endorsers, + like `{Alice=49, Bob=15, Charlie=15, Dave=10, Eve=7, Frank=3, George=1}`, + where the total stake is 100: The policy requires valid signatures from a + set that has a majority of the stake (i.e., a group with combined stake + strictly more than 50), such as `{Alice, X}` with any `X` different from + George, or `{everyone together except Alice}`. And so on. + +- The assignment of stake in the previous example condition could be static (fixed in the metadata of the chaincode) or dynamic (e.g., dependent on the state of the chaincode and be modified during the execution). + +How useful these policies are will depend on the application, on the desired resilience of the solution against failures or misbehavior of endorsers, and on various other properties. + + +### 3.2. Implementation + +Typically, endorsement policies will be formulated in terms of signatures required from endorsing peers. The metadata of the chaincode must contain the corresponding signature verification keys. + +An endorsement will typically consist of a set of signatures. It can be evaluated locally by every peer or by every consenter node with access to the chaincode metadata (which includes these keys), such that this node does *not* require interaction with another node. Neither does a node need access to the state for verifying an endorsement. + +Endorsements that refer to other metadata of the chaincode can be evaluated in the same way. + +**TODO:** Formalize endorsement policies and design an implementation. + + + +--- + +## 4. Blockchain data structures + +The blockchain consists of three data structures: a) *raw ledger*, b) *blockchain state* and c) *validated ledger*). Blockchain state and validated ledger are maintained for efficiency - they can be derived from the raw ledger. + +* *Raw ledger (RL)*. The raw ledger contains all data output by the consensus service at peers. It is a sequence of `deliver(seqno, prevhash, blob)` events, which form a hash chain according to the computation of `prevhash` described before. The raw ledger contains information about both *valid* and *invalid* transactions and provides a verifiable history of all successful and unsuccessful state changes and attempts to change state, occurring during the operation of the system. + + The RL allows peers to replay the history of all transactions and to reconstruct the blockchain state (see below). It also provides submitting peer with information about *invalid* (uncommitted) transactions, on which submitting peers can act as described in Section 2.5. + + +* *(Blockchain) state*. The state is maintained by the peers (in the form of a KVS) and is derived from the raw ledger by **filtering out invalid transactions** as described in Section 2.5 (Step 5 in Figure 1) and applying valid transactions to state (by executing `put(k,v)` for every `(k,v)` pair in `stateUpdate` or, alternatively, applying state deltas with respect to previous state). + + Namely, by the guarantees of consensus, all correct peers will receive an identical sequence of `deliver(seqno, prevhash, blob)` events. As the evaluation of the endorsement policy and evaluation of version dependencies of a state update (Section 2.5) are deterministic, all correct peers will also come to the same conclusion whether a transaction contained in a blob is valid. Hence, all peers commit and apply the same sequence of transactions and update their state in the same way. + +* *Validated ledger (VL)*. To maintain the abstraction of a ledger that contains only valid and committed transactions (that appears in Bitcoin, for example), peers may, in addition to state and raw ledger, maintain the *validated ledger*. This is a hash chain derived from the raw ledger by filtering out invalid transactions. + + +###4.1. Batch and block formation + +Instead of outputting individual transactions (blobs), the consensus service may output *batches* of blobs. In this case, the consensus service must impose and convey a deterministic ordering of the blobs within each batch. The number of blobs in a batch may be chosen dynamically by a consensus implementation. + +Consensus batching does not impact the construction of the raw ledger, which remains a hash chain of blobs. But with batching, the raw ledger becomes a hash chain of batches rather than hash chain of individual blobs. + +With batching, the construction of the (optional) validated ledger *blocks* proceeds as follows. As the batches in the raw ledger may contain invalid transactions (i.e., transactions with invalid endorsement or with invalid version dependencies), such transactions are filtered out by peers before a transaction in a batch becomes committed in a block. Every peer does this by itself. A block is defined as a consensus batch without the invalid transactions, that have been filtered out. Such blocks are inherently dynamic in size and may be empty. An illustration of block construction is given in the figure below. + ![Illustration of the transaction flow (common-case path).](blocks-2.png) + +Figure 2. Illustration of validated ledger block formation from raw ledger batches. + + +###4.2. Chaining the blocks + +The batches of the raw ledger output by the consensus service form a hash chain, as described in Section 1.3.3. + +The blocks of the validated ledger are chained together to a hash chain by every peer. The valid and committed transactions from the batch form a block; all blocks are chained together to form a hash chain. + +More specifically, every block of a validated ledger contains: + +* The hash of the previous block. + +* Block number. + +* An ordered list of all valid transactions committed by the peers since the last block was computed (i.e., list of valid transactions in a corresponding batch). + +* The hash of the corresponding batch from which the current block is derived. + +All this information is concatenated and hashed by a peer, producing the hash of the block in the validated ledger. + +## 5. State transfer and checkpointing + +In the common case, during normal operation, a peer receives a sequence of `deliver()` events (containing batches of transactions) from the consensus service. It appends these batches to its raw ledger and updates the blockchain state and the validated ledger accordingly. + +However, due to network partitions or temporary outages of peers, a peer may miss several batches in the raw ledger. In this case, a peer must *transfer state* of the raw ledger from other peers in order to catch up with the rest of the network. This section describes a way to implement this. + +###5.1. Raw ledger state transfer (batch transfer) + +To illustrate how basic *state transfer* works, assume that the last batch in a local copy of the raw ledger at a peer *p* has sequence number 25 (i.e., `seqno` of the last received `deliver()` event equals `25`). After some time peer *p* receives `deliver(seqno=54,hash53,blob)` event from the consensus service. + +At this moment, peer *p* realizes that it misses batches 26-53 in its copy of the raw ledger. To obtain the missing batches, *p* resorts to peer-to-peer communication with other peers. It calls out and asks other peers for returning the missing batches. While it transfers the missing state, *p* continues listening to the consensus service for new batches. + +Notice that *p* *does not need to trust any of its peers* from which it obtains the missing batches via state transfer. As *p* has the hash of the batch *53* (namely, *hash53*), which *p* trusts since it obtained that directly from the consensus service, *p* can verify the integrity of the missing batches, once all of them have arrived. The verification checks that they form a proper hash chain. + +As soon as *p* has obtained all missing batches and has verified the missing batches 26-53, it can proceed to the steps of section 2.5 for each of the batches 26-54. From this *p* then constructs the blockchain state and the validated ledger. + +Notice that *p* can start to speculatively reconstruct the blockchain state and the validated ledger as soon as it receives batches with lower sequence numbers, even if it still misses some batches with higher sequence numbers. However, before externalizing the state and committing blocks to the validated ledger, *p* must complete the state transfer of all missing batches (in our example, up to batch 53, inclusively) and processing of individual transferred batches as described in Section 2.5. + + +###5.2. Checkpointing + +The raw ledger contains invalid transactions, which may not necessarily be recorded forever. However, peers cannot simply discard raw-ledger batches and thereby prune the raw ledger once they establish the corresponding validated-ledger blocks. Namely, in this case, if a new peer joins the network, other peers could not transfer the discarded batches (in the raw ledger) to the joining peer, nor convince the joining peer of the validity of their blocks (of the validated ledger). + +To facilitate pruning of the raw ledger, this document describes a *checkpointing* mechanism. This mechanism establishes the validity of the validated-ledger blocks across the peer network and allows checkpointed validated-ledger blocks to replace the discarded raw-ledger batches. This, in turn, reduces storage space, as there is no need to store invalid transactions. It also reduces the work to reconstruct the state for new peers that join the network (as they do not need to establish validity of individual transactions when reconstructing the state from the raw ledger, but simply replay the state updates contained in the validated ledger). + +Notice that checkpointing facilitates pruning of the raw ledger and, as such, it is only performance optimization. Checkpointing is not necessary to make the design correct. + +####5.2.1. Checkpointing protocol + +Checkpointing is performed periodically by the peers every *CHK* blocks, where *CHK* is a configurable parameter. To initiate a checkpoint, the peers broadcast (e.g., gossip) to other peers message ``, where `blockno` is the current blocknumber and `blocknohash` is its respective hash, and `peerSig` is peer's signature on `(CHECKPOINT,blocknohash,blockno)`, referring to the validated ledger. + +A peer collects `CHECKPOINT` messages until it obtains enough correctly signed messages with matching `blockno` and `blocknohash` to establish a *valid checkpoint* (see Section 5.2.2.). + +Upon establishing a valid checkpoint for block number `blockno` with `blocknohash`, a peer: + +* if `blockno>latestValidCheckpoint.blockno`, then a peer assigns `latestValidCheckpoint=(blocknohash,blockno)`, +* stores the set of respective peer signatures that constitute a valid checkpoint into the set `latestValidCheckpointProof`. +* (optionally) prunes its raw ledger up to batch number `blockno` (inclusive). + +####5.2.2. Valid checkpoints + +Clearly, the checkpointing protocol raises the following questions: *When can a peer prune its Raw Ledger? How many `CHECKPOINT` messages are "sufficiently many"?*. This is defined by a *checkpoint validity policy*, with (at least) two possible approaches, which may also be combined: + +* *Local (peer-specific) checkpoint validity policy (LCVP).* A local policy at a given peer *p* may specify a set of peers which peer *p* trusts and whose `CHECKPOINT` messages are sufficient to establish a valid checkpoint. For example, LCVP at peer *Alice* may define that *Alice* needs to receive `CHECKPOINT` message from Bob, or from *both* *Charlie* and *Dave*. + +* *Global checkpoint validity policy (GCVP).* A checkpoint validity policy may be specified globally. This is similar to a local peer policy, except that it is stipulated at the system (blockchain) granularity, rather than peer granularity. For instance, GCVP may specify that: + * each peer may trust a checkpoint if confirmed by *7* different peers. + * in a deployment where every consenter is also a peer and where up to *f* consenters may be (Byzantine) faulty, each peer may trust a checkpoint if confirmed by *f+1* different consenters. + + + +####5.2.3. Validated ledger state transfer (block transfer) + +Besides facilitating the pruning of the raw ledger, checkpoints enable state transfer through validated-ledger block transfers. These can partially replace raw-ledger batch transfers. + +Conceptually, the block transfer mechanism works similarly to batch transfer. Recall our example in which a peer *p* misses batches 26-53, and is transferring state from a peer *q* that has established a valid checkpoint at block 50. State transfer then proceeds in two steps: + +* First, *p* tries to obtain the validated ledger up to the checkpoint of peer *q* (at block 50). To this end, *q* sends to *p* its local (`latestValidCheckpoint,latestValidCheckpointProof`) pair. In our example `latestValidCheckpoint=(hash50,block50)`. If `latestValidCheckpointProof` satisfies the checkpoint validity policy at peer *p*, then the transfer of the blocks 26 to 50 is possible. Otherwise, peer *q* cannot convince *p* that its local checkpoint is valid. Peer *p* might then choose to proceed with raw-ledger batch transfer (Section 5.1). + +* If the transfer of blocks 26-50 was successful, peer *p* still needs to complete state transfer by fetching blocks 51-53 of the validated ledger or batches 51-53 of the raw ledger. To this end, *p* can simply follow the Raw-ledger batch transfer protocol (Section 5.1), transferring these from *q* or any other peer. Notice that the validated-ledger blocks contain hashes of respective raw-ledger batches (Section 4.2). Hence the batch transfer of the raw ledger can be done even if peer *p* does not have batch 50 in its Raw Ledger, as hash of batch 50 is included in block 50. + + + +## 6. Confidentiality + +This section explains how this architecture facilitates the deployment of +chaincodes that involve processing of sensitive data that must be kept +confidential from certain peers. + +**Fabric-level confidentiality policies.** In a nutshell, this architecture +offers certain confidentiality features at the *fabric* layer, where: + + * endorsers of a confidential chaincode have access to the plaintext of: + * the chaincode deploy transaction payload; + * the chaincode invoke transaction payload; + * the chaincode state and state updates; and + * other peers are prevented from accessing plaintext of this information. + +Here we make the assumption that the endorsers included in the endorsement set +of a confidential chaincode are trusted by the chaincode creator to access the +resources of a chaincode and to maintain their confidentiality. + +The degree to which a chaincode employs the fabric-confidentiality features +is defined in a **confidentiality policy** specified by the deployer at +deployment time. +In particular, the fabric offers support for the following confidentiality +policies: + +| Policy ID | Deploy Payload | Invoke Payload | State Updates | +|---|---|---|---|---| +| Policy `000` | In-the-clear | In-the-clear | In-the-clear | +| Policy `010` | In-the-clear | Confidential | In-the-clear | +| Policy `011` | In-the-clear | Confidential | Confidential | +| Policy `110` | Confidential | Confidential | In-the-clear | +| Policy `111` | Confidential | Confidential | Confidential | +| Policy* `0xx` | In-the-clear | any | any | +| Policy* `1xx` | Confidential | any | any | + +**Table 6.1.** Fabric confidentiality policies. + +*Confidential* means that access to the cleartext of the corresponding +transaction component (i.e., deploy/invoke payload or state updates) is restricted to the endorsing peers of the +transaction. +*In-the-clear* means that the corresponding transaction component can be +read and accessed by all peers. *Any* denotes either *Confidential* or +*In-the-clear*. + +In the following we assume that the payload of a deploy transaction +includes both code and application data/metadata as a single item. However, +in future revisions of this design, we may treat the two independently from a +confidentiality policy perspective. + +In the rest of this text, a `Confidential` *chaincode* is one with a +confidentiality policy different from `000`. Also, in the rest of +this text, we make the assumption that every peer is associated with an +enrollment (encryption) public key, as described in +[Hyperledger fabric Protocol specification](https://github.com/hyperledger/fabric/blob/master/docs/protocol-spec.md). In particular, for every endorser `e` a public key `ePubKey` is known to all +peers and peer `e` knows the corresponding private key for decryption. + +**Disclaimers:** + +*Hiding the transaction activity w.r.t. a chaincode*. +It is important to note that the design does not hide the +identifiers of the chaincode for which transactions are executed nor does +it hide which parts of chaincode state are updated by a transaction. +In other words, transactions and state are encrypted but activity and state +changes can be linked by the committing peers. With respect to third parties, +the committing peers are permitted by the chaincode creators to notice activity +of a chaincode and trusted to not leak this information. +However, we aim to remedy this in a revised version of this design. + +*Granularity of the confidentiality of the state.* This design currently +treats the a chaincode and its state as one confidentiality domain, not +distinguishing different key/value entries. It is possible to assign +different confidentiality policies to different parts of the state at the +application layer, supporting goals such as some parts of the state need to +be visible to a subset of the clients, but other parts not. That is, such +guarantees are not prevented by the architecture and can already be implemented +at the application level, using adequate cryptographic tools in one or more +chaincodes. This would result in *chaincode-level confidentiality*. +Other requirements, such as hiding the identities of endorsers and/or the +endorsement policy from the committing peers will be tackled at future iteration +of this design. + + + +### 6.1 Confidential chaincode deployment + +#### 6.1.1 Creating a deploy transaction + +To deploy chaincode `cc` with confidentiality support, the client that +deploys `cc` (the *deployer* of `cc`) specifies: + +* the chaincode itself, including the source code, and metadata associated to + it, subsumed in `chainCode`; +* the policies accompanying the endorsement of transactions associated to that + chaincode, i.e., + - an endorsement policy, denoted `ccEndorsementPolicy`; + - a set of endorsers, denoted `ccEndorserSet`; + - a confidentiality policy `ccConfidentialityPolicy` for the chaincode, + specifying confidentiality levels as described in Table 6.1.; +* cryptographic material associated to the chaincode, i.e., an asymmetric + encryption key pair `ccPubKey/ccPrivKey`, intended to provide confidentiality + of the transactions, state, and state updates of this particular chaincode. + +This information is incorporated into a (deploy) transaction `tx` that is +subsequently included in a `SUBMIT` message passed to the submitting peer. +The client constructs `txPayload` of the deploy transaction of `cc` as follows. + +The deployer first sets `txPayload.policies` to +<`ccEndorsementPolicy`, `ccEndorserSet`, `ccConfidentialityPolicy`>. + +To fill in `txPayload.payload`, it first checks if `ccConfidentialityPolicy` +specifies `Deploy Payload = Confidential`. If so, then the deployer encrypts +`chainCode` using `ccPubKey`, so that the chaincode and its metadata will +only be accessible by peers entitled to see them. That is, +`txPayload.chainCode := Enc(ccPubKey, chainCode)`. + +Furthermore, the chaincode-specific decryption key `ccPrivKey` is +distributed to all endorsing peers of chaincode `cc` (i.e., endorsers in +`ccEndorserSet`). This is done by wrapping `ccPrivKey` under the public key +of `e` for every endorser `e` in `ccEndorserSet`, +`wrappedKey_e := Enc(ePubKey, ccPrivKey)`, where `ePubKey` is the +enrollment public key of `e`. Thus, the deployer creates an additional field +`txPayload.endorserMessages := ccEndorserMessages`, where `ccEndorserMessages` +includes `wrappedKey_e` for all `e` in `ccEndorserSet`. + +We emphasize that a deploy transaction may include more fields, that are +intentionally omitted here in favor of presentation simplicity. +In addition, for sending the wrapped chaincode-key to all endorsers, and for +actually encrypting `chainCode` hybrid encryption schemes could be used to +achieve better performance. More details can be provided in future versions of +this document. + +Chaincode `cc` is assigned an identifier, hereafter referred to as +`chaincodeID`, as described in Section 2.2, for instance, as a hash of the +deploy transaction `tx`. We assume here that it is unique per chaincode and +it may become known to all peers. + +**Endorsement of Deploy Transaction:** Recall that every deploy transaction is +treated as an invoke transaction of a system chaincode handling chaincode +deployments; let this chaincode be denoted by `dsc`, and the respective +endorsement policy and set of endorsers are `dscEndorsementPolicy` and +`dscEndorserSet`. This means that the deploy transaction of any chaincode, +needs to be endorsed according to `dscEndorsementPolicy`. + +**TODO:** Consider whether for confidential chaincodes, the endorsement +policy of deploy transaction itself should satisfy the endorsement policy +of the chaincode being deployed, that is, whether the deploy transaction of +`cc` should also satisfy `ccEndorsementPolicy`. Alternatively, see if it makes +sense to split a deploy transaction into two parts, e.g., a `deploy` (that only states the deploy info) and an `install` that sets up the running chaincode. + + +#### 6.1.2 Peer processes a deploy transaction + +When a peer `e` commits a deploy transaction for chaincode `cc`, then it +has at least access to `chaincodeID` and to `txPayload.policies`, which contains `ccConfidentialityPolicy`, `ccEndorsementPolicy`, and `ccEndorserSet`. + +If `e` is also an endorser for `cc` then in addition `e` obtains the following +values: + +* the secret decryption key of the chaincode, as + `ccPrivKey := Dec(ePrivKey, wrappedKey_e)`; +* the cleartext of the deployment payload, as + `chainCode := Dec(ccPrivKey, txPayload.chainCode)`, if `Deploy Payload = Confidential`. + +Given the in plaintext deployment payload `chainCode`, and prior to actually +installing it, the peer performs a consistency check as described below. +The peer then uses cleartext `chainCode` in the remainder of the +deployment procedure, as described in Section 2. + + +**Consistency:** For deploying a chaincode, the protocol should ensure that +every endorser `e` will actually install and run the same code, even if the +creator of the chaincode (the peer that submits the deploy transaction) +would intend to make endorsers run different code. To this effect, `e` +should run a verification step during the execution of the deploy +transaction, which ensures, roughly, the following. The deployment +transaction either *succeeds* and the peer outputs the chaincode `cc` to be +executed or the transaction *fails* and outputs a corresponding error. The +deployment ensures the following condition: If two deployment succeeds for +two distinct [correct, non-faulty] endorsers, then they both deploy the +same chaincode. This condition is equivalent to the *Consistency* property +of a Byzantine Consistent Broadcast [[CGR11; Sec. 3.10]](http://distributedprogramming.net). + +Since every endorser executes the deployment transaction as a result of +obtaining it from the consensus service, all endorsers receive the same +`chainCode` blob, which may contain encryptions. But when an +endorser decrypts that with its own key, it does not automatically +guarantee that the resulting code of `cc` is the same for every other +endorser. + +This can be addressed in multiple ways: One solution would be to use a +specialized multi-receiver encryption scheme that includes randomness in +the ciphertext. Alternatively, verifiable encryption can be used with a +zero-knowledge proof that the plaintext for all receivers are equal (this +seems less efficient than the first option). In any case, this additional data +that ensures the consistency condition must be included by the deployer in +the deploy transaction `tx`. + +**TODOs:** Many details are not yet addressed, such as: + +* Give more information on the implementation of `dsc` (perhaps in a different + section). More specifically, information on: + - the `dsc` code itself, and its `dscEndorsmentPolicy` implementation (ref. section 2.4) + - details of `tran-proposal` of `dsc` . Perhaps in a separate section? +* Consider alternative implementations for the identifier of the deployed + chaincode (`chaincodeID`). +* Describe how to react on detecting a violation of the consistency + property above, for example, because the creator provided the + wrong wrapped keys to endorsers. + + +### 6.2 Confidential chaincode invocation + +Invoke transactions for confidential chaincode will comply with the +*static* confidentiality policy that has been specified at deployment time (in +`ccConfidentialityPolicy`). Future revisions may consider +possibilities of *dynamic* confidentiality policy that may evolve during +the runtime of the system. + +A confidential chaincode is invoked similarly to any other chaincode. +The difference is that here a submitting peer of a transaction pertaining +to confidential chaincode needs to be an endorser for that chaincode. This +means it has access to the keys protecting that chaincode and its state. To +help maintain stateless clients, every peer knows which peers are endorsers for +a given confidential chaincode (see Section 6.1, `ccEndorserSet`), and can +direct clients to an appropriate submitting peer. Hence, in the rest of this +section, we assume that a submitting peer is also an endorser. + + +#### 6.2.1 Creating and submitting a confidential transaction + +The client is aware of the chaincode for which it creates a transaction, +and of its endorsers. The `SUBMIT` message of a confidential transaction +invocation consists of the same fields as non-confidential (see Section 2.1.), +i.e., ``, where +`tx=`, and where `clientID` is +some form of identification of the client at the fabric layer, e.g., a +transaction certificate, `clientSig` is signature of a client on other +fields of `tx`. + +Notice that for security purposes, `tx` may also consist of more fields, that +are intentionally omitted here in favor of presentation simplicity. + +The difference with respect to non-confidential transactions is as follows. +If the confidentiality policy associated to the chaincode (`ccConfidentialityPolicy`) +specifies +`Invoke Payload = Confidential`, then the client additionally encrypts +the invocation arguments, and metadata, say `invocation` with `ccPubKey` +into `txPayload.invocation`. That is, +`txPayload.invocation := Enc(ccPubKey, invocation)`. + +Again, hybrid encryption schemes can be used for better performance. +Also keys defined at deployment time can be used to generate other keys, e.g., +keys the key state would need to be encrypted with to reduce the overall +number of keys that need to be managed/distributed. + +**TODO:** Optionally provide a customized encryption method that also +hides the chaincode identifier. + + +#### 6.2.2 Endorsing a confidential transaction + +Upon receiving and verifying ``, for tentatively +executing the code associated to the transaction, +and for preparing the transaction to be sent to the consensus service, the +submitting peer first decrypts a confidential transaction payload. More +precisely, if `ccConfidentialityPolicy` specifies that `Invoke Payload` is +`Confidential`, the submitting peer first retrieves the corresponding +chaincode-specific decryption key `ccPrivKey` and then decrypts +`txPayload.invocation`. Recall that the submitting peer is assumed to be an endorser +for the chaincode. The peer, say `e`, may retrieve `ccPrivKey` from the deploy +transaction of the chaincode `chaincodeID` and obtain `ccPrivKey` through +`wrapped_e`. Then the peer computes `invocation := Dec(ccPrivKey, txPayload.invocation)`. + +With the operation and metadata in `invocation` the submitting peer tentatively executes the +transaction using its copy of the state for producing a transaction +proposal. If the confidentiality policy of the chaincode specifies that +`State` is also `Confidential`, then the peer uses `ccPrivKey` to +access the state, decrypting state values while reading. + +Moreover, for the state updates when the confidentiality policy specifies that +`State = Confidential`, the submitting peer encrypts +new state values in `stateUpdates` using `ccPubKey`. With the state +in the form of key/value pairs, only the changed values are encrypted. +The version dependencies are not encrypted. + +The transaction-proposal from the submitting peer now consists of + +`tran-proposal := (spID, chaincodeID, txContentBlob, stateUpdates, verDep)`, + +where `txContentBlob` is some form of invoke transaction `tx`, as submitted +by the client. + +The submitting peer creates a `PROPOSE` message to send to the rest of endorsers +in the endorser set as before (Section 2.2): + +``. + +Notice that is imperative that endorsers check that the chaincodeID that appears +in `tx` is consistent with the content of `tran-proposal`. Endorsers follow +the same process as before to endorse a transaction. + +In summary, this mechanism ensures that in case the state is encrypted, the +endorsers for a chaincode have access to the state in the clear but other +peers have not. Once the `stateUpdates` is applied to the state after the +consensus service has delivered it to a peer, every peer updates its state. +Note that also the endorsers of a chaincode apply the updates and +transparently operate on the ciphertext; they only need access to the +plaintext again for endorsing a next transaction. + + +**TODO:** Revisit section 4 and describe in more detail which parts are +added to the ledger. diff --git a/proposals/r1/Next-Ledger-Architecture-Proposal.md b/proposals/r1/Next-Ledger-Architecture-Proposal.md new file mode 100644 index 00000000000..b2894557e92 --- /dev/null +++ b/proposals/r1/Next-Ledger-Architecture-Proposal.md @@ -0,0 +1,223 @@ +**Draft** / **Work in Progress** + +This page documents a proposal for a future ledger architecture based on community feedback. All input is welcome as the goal is to make this a community effort. + +##### Table of Contents +[Motivation](#motivation) +[API](#api) +[Point-in-Time Queries](#pointintime) +[Query Language](#querylanguage) + + +## Motivation +The motivation for exploring a new ledger architecture is based on community feedback. While the existing ledger is able to support some (but not all) of the below requirements, we wanted to explore what a new ledger would look like given all that has been learned. Based on many discussions in the community over Slack, GitHub, and the face to face hackathons, it is clear that there is a strong desire to support the following requirements: + +1. Point in time queries - The ability to query chaincode state at previous blocks and easily trace lineage **without** replaying transactions +2. SQL like query language +3. Privacy - The complete ledger may not reside on all committers +4. Cryptographically secure ledger - Data integrity without consulting other nodes +5. Support for consensus algorithms that provides immediate finality like PBFT +6. Support consensus algorithms that require stochastic convergence like PoW, PoET +7. Pruning - Ability to remove old transaction data as needed. +8. Support separation of endorsement from consensus as described in the [Next Consensus Architecture Proposal](https://github.com/hyperledger/fabric/wiki/Next-Consensus-Architecture-Proposal). This implies that some peers may apply endorsed results to their ledger **without** executing transactions or viewing chaincode logic. +9. API / Enginer separation. The ability to plug in different storage engines as needed. + + +## API + +Proposed API in Go pseudocode + +``` +package ledger + +import "github.com/hyperledger/fabric/protos" + +// Encryptor is an interface that a ledger implementation can use for Encrypt/Decrypt the chaincode state +type Encryptor interface { + Encrypt([]byte) []byte + Decrypt([]byte) []byte +} + +// PeerMgmt is an interface that a ledger implementation expects from peer implementation +type PeerMgmt interface { + // IsPeerEndorserFor returns 'true' if the peer is endorser for given chaincodeID + IsPeerEndorserFor(chaincodeID string) bool + + // ListEndorsingChaincodes return the chaincodeIDs for which the peer acts as one of the endorsers + ListEndorsingChaincodes() []string + + // GetEncryptor returns the Encryptor for the given chaincodeID + GetEncryptor(chaincodeID string) (Encryptor, error) +} + +// In the case of a confidential chaincode, the simulation results from ledger are expected to be encrypted using the 'Encryptor' corresponding to the chaincode. +// Similarly, the blocks returned by the GetBlock(s) method of the ledger are expected to have the state updates in the encrypted form. +// However, internally, the ledger can maintain the latest and historical state for the chaincodes for which the peer is one of the endorsers - in plain text form. +// TODO - Is this assumption correct? + +// General purpose interface for forcing a data element to be serializable/de-serializable +type DataHolder interface { + GetData() interface{} + GetBytes() []byte + DecodeBytes(b []byte) interface{} +} + +type SimulationResults interface { + DataHolder +} + +type QueryResult interface { + DataHolder +} + +type BlockHeader struct { +} + +type PrunePolicy interface { +} + +type BlockRangePrunePolicy struct { + FirstBlockHash string + LastBlockHash string +} + +// QueryExecutor executes the queries +// Get* methods are for supporting KV-based data model. ExecuteQuery method is for supporting a rich datamodel and query support +// +// ExecuteQuery method in the case of a rich data model is expected to support queries on +// latest state, historical state and on the intersection of state and transactions +type QueryExecutor interface { + GetState(key string) ([]byte, error) + GetStateRangeScanIterator(startKey string, endKey string) (ResultsIterator, error) + GetStateMultipleKeys(keys []string) ([][]byte, error) + GetTransactionsForKey(key string) (ResultsIterator, error) + + ExecuteQuery(query string) (ResultsIterator, error) +} + +// TxSimulator simulates a transaction on a consistent snapshot of the as recent state as possible +type TxSimulator interface { + QueryExecutor + StartNewTx() + + // KV data model + SetState(key string, value []byte) + DeleteState(key string) + SetStateMultipleKeys(kvs map[string][]byte) + + // for supporting rich data model (see comments on QueryExecutor above) + ExecuteUpdate(query string) + + // This can be a large payload + CopyState(sourceChaincodeID string) error + + // GetTxSimulationResults encapsulates the results of the transaction simulation. + // This should contain enough detail for + // - The update in the chaincode state that would be caused if the transaction is to be committed + // - The environment in which the transaction is executed so as to be able to decide the validity of the enviroment + // (at a later time on a different peer) during committing the transactions + // Different ledger implementation (or configurations of a single implementation) may want to represent the above two pieces + // of information in different way in order to support different data-models or optimize the information representations. + // TODO detailed illustration of a couple of representations. + GetTxSimulationResults() SimulationResults + HasConflicts() bool + Clear() +} + +type ResultsIterator interface { + // Next moves to next key-value. Returns true if next key-value exists + Next() bool + // GetKeyValue returns next key-value + GetResult() QueryResult + // Close releases resources occupied by the iterator + Close() +} + +// Ledger represents the 'final ledger'. In addition to implement the methods inherited from the BasicLedger, +// it provides the handle to objects for querying the chaincode state and executing chaincode transactions. +type ValidatedLedger interface { + Ledger + // NewTxSimulator gives handle to a transaction simulator for given chaincode and given fork (represented by blockHash) + // A client can obtain more than one 'TxSimulator's for parallel execution. Any synchronization should be performed at the + // implementation level if required + NewTxSimulator(chaincodeID string, blockHash string) (TxSimulator, error) + + // NewQueryExecuter gives handle to a query executer for given chaincode and given fork (represented by blockHash) + // A client can obtain more than one 'QueryExecutor's for parallel execution. Any synchronization should be performed at the + // implementation level if required + NewQueryExecuter(chaincodeID string, blockHash string) (QueryExecutor, error) + + // CheckpointPerformed is expected to be invoked by the consensus algorithm when it completes a checkpoint across peers + // On the invoke of this method, the block in the 'RawLedger' between the 'corresponding to the block currently checkpointed' and + // 'corresponding to the block checkpointed last time' can be pruned. + // (Pruning the raw blocks would need an additional time based factor as well, if forks are to be supported in the raw ledger.) + // (Does raw ledger in the case of a consensus that allow forks (e.g., PoW) make sense at all? Or practically, these consensus + // would always produce the final blocks that contains validated transactions). + CheckpointPerformed(blockHash string) + + RemoveInvalidTransactions(block *protos.Block) (*protos.Block, error) +} + +// RawLedger implements methods required by 'raw ledger' +// CommitBlock() of RawLedger is expected to be invoked by the consensus algorithm when a new block is constructed. +// Upon receiving the new block, it is expected to be 'processed' by the ledger - the processing includes - +// preserving the raw block, validating each transaction in the block, discarding the invalid transactions, +// preparing the final block with the rmaining (i.e. valid) transactions and committing the final block (including updating the state). +// The raw block should not be deleted as yet - until the corresponding 'final block' is included in one of the following checkpoint performed by the consensus. +type RawLedger interface { + Ledger +} + +//Ledger captures the methods that are common across the 'raw ledger' and the 'final ledger' +type Ledger interface { + //GetTopBlockHashes returns the hashes of the top most block in each fork. + GetTopBlockHashes() []string + //CommitBlock adds a new block + CommitBlock(block *protos.Block) error + //GetTransactionByID retrieves a transaction by id + GetTransactionByID(txID string) (*protos.Transaction, error) + //GetBlockChain returns an instance of chain that starts at the + GetBlockChain(topBlockHash string) (BlockChain, error) + //Prune prunes the blocks/transactions that satisfy the given policy + Prune(policy PrunePolicy) error +} + +//BlockChain represents an instance of a block chain. In the case of a consensus algorithm that could cause a fork, an instance of BlockChain +// represent one of the forks (i.e., one of the chains starting from the genesis block to the one of the top most blocks) +type BlockChain interface { + GetTopBlockHash() string + GetBlockchainInfo() (*protos.BlockchainInfo, error) + GetBlockHeaders(startingBlockHash, endingBlockHash string) []*BlockHeader + GetBlocks(startingBlockHash, endingBlockHash string) []*protos.Block + GetBlockByNumber(blockNumber uint64) *protos.Block + GetBlocksByNumber(startingBlockNumber, endingBlockNumber uint64) []*protos.Block + GetBlockchainSize() uint64 + VerifyChain(highBlock, lowBlock uint64) (uint64, error) +} +``` + +# Engine specific thoughts + + +### Point-in-Time Queries +In abstract temporal terms, there are three varieties of query important to chaincode and application developers: + +1. Retrieve the most recent value of a key. (type: current; ex. How much money is in Alice's account?) +2. Retrieve the value of a key at a specific time. (type: historical; ex. What was Alice's account balance at the end of last month?) +3. Retrieve all values of a key over time. (type: lineage; ex. Produce a statement listing all of Alice's transactions.) + +When formulating a query, a developer will benefit from the ability to filter, project, and relate transactions to one-another. Consider the following examples: + +1. Simple Filtering: Find all accounts that fell below a balance of $100 in the last month. +2. Complex Filtering: Find all of Trudy's transactions that occurred in Iraq or Syria where the amount is above a threshold and the other party has a name that matches a regular expression. +3. Relating: Determine if Alice has ever bought from the same gas station more than once in the same day. Feed this information into a fraud detection model. +4. Projection: Retrieve the city, state, country, and amount of Alice's last ten transactions. This information will be fed into a risk/fraud detection model. + + +### Query Language +Developing a query language to support such a diverse range of queries will not be simple. The challenges are: + +1. Scaling the query language with developers as their needs grow. To date, the requests from developers have been modest. As the Hyperledger project's user base grows, so will the query complexity. +2. There are two nearly disjoint classes of query: + 1. Find a single value matching a set of constraints. Amenable to existing SQL and NoSQL grammars. + 2. Find a chain or chains of transactions satisfying a set of constraints. Amenable to graph query languages, such as Neo4J's Cypher or SPARQL. diff --git a/proposals/r1/Release-Process.md b/proposals/r1/Release-Process.md new file mode 100644 index 00000000000..ffa63b1cbfb --- /dev/null +++ b/proposals/r1/Release-Process.md @@ -0,0 +1,55 @@ +##### Procedure to cut a Fabric release: + +1. Create a release branch, and name it vM.m\[.p\]\[-qualifier\] where _M_ is the ```major``` release identifier, _m_ is ```minor``` release identifier, _p_ is the patch level identifier (only for LTS releases) and _-qualifier_ is from the taxonomy of release maturity labels \[TBD\]. +1. Tag the master branch with the same name as the release branch +1. Publish release notes +1. Announce the release, linking to the release notes on Hyperledger ```fabric``` and ```general``` slack channels and ```hyperledger-fabric``` and ```hyperledger-announce``` mailing lists + +##### Perform if necessary: + +1. Select [issues](https://jira.hyperledger.org) to fix for the release branch and label them as such with a label of the release identifier. +1. Submit pull requests for those selected issues against the release branch. +1. Decide on whether to merge the changes from the release branch to the master branch or requesting the authors to submit the changes on both branches. +1. Maintainers resolve any merge conflicts. + + +___ +##### Release Taxonomy: + +##### Developer Preview: + +Not feature complete, but most functionality implemented, and any missing functionality that is committed for the production release is identified and there are specific people working on those features.  Not heavily performance tuned, but performance testing has started, and the first few hotspots identified, perhaps even addressed.  No "highest priority" issues in an unclosed state.  First-level developer documentation provided to help new developers up the learning curve. + +Naming convention: 0.x  where x is < 8 (Developer Preview is not used after it hits 1.0) + +##### Alpha: + +Feature complete, for all features committed to the production release.  Ready for Proof of Concept-level deployments.  Performance can be characterized in a predictable way, so that basic PoC's can be done without risk of embarrassing performance.  APIs documented.  First attempts at end-user documentation, developer docs further advanced.  No "highest priority" issues in an unclosed state. + +Naming convention: y.8.x, where y is 0, 1, 2 (basically the last production release) and x is the iteration of the alpha release. + +##### Beta:  + +Feature complete for all features committed to the production release, perhaps with optional features when safe to add.  Ready for Pilot-level engagements.  Performance is very well characterized and active optimizations are being done, with a target set for the Production release.  No "highest priority" or "high priority" bugs unclosed.  Dev docs complete; end-user docs mostly done. + +Naming convention: y.9.x, where y is 0, 1, 2 (basically the last production release) and x is the iteration of the beta release. + +##### Production: + +An exact copy of the last iteration in the beta cycle, for a reasonable length of time (2 weeks?) during which no new highest or high priority bugs discovered, where end-user docs are considered complete, and performance/speed goals have been met.   Ready for Production-level engagements. + +Naming convention: y.z.x, where y is the production release level (1, 2, 3, etc), z is the branch level (for minor improvements), and x is the iteration of the current branch. + + +##### Example: + +Today's Fabric "Developer Preview" release is 0.5.  It could continue to 0.6, 0.7, 0.7.1.... +but when it's ready for Alpha, we call it 0.8, iterating to 0.8.1, 0.8.2, etc.  +When it's ready for beta, 0.9, 0.9.1, 0.9.2, etc.  +And when we are ready for production, 1.0.0. +A bugfix patch release or other small fixups, 1.0.1, 1.0.2, etc.  +A branch would be called for when there is something small that changes behavior in some visible way: 1.1.0, 1.1.1, 1.2.0, 1.2.1, etc. +And when it's time for a significant refactoring or rewrite or major new functionality, we go back into the cycle, but missing the "Developer Preview": +1.8.0 is the alpha for 2.0 +1.9.0 is the beta for 2.0 +2.0.0 is the production release. diff --git a/proposals/r1/System-Chaincode-Specification.md b/proposals/r1/System-Chaincode-Specification.md new file mode 100644 index 00000000000..0d4d62bbc77 --- /dev/null +++ b/proposals/r1/System-Chaincode-Specification.md @@ -0,0 +1,114 @@ + +System Chaincode +================ + +Introduction +------------ + +User written Chaincode runs in a container (called "user chaincode" in +this doc) and communicates with the peer over the network. These +chaincodes have restrictions with regards to what code they can execute. +For example, they can only interact with the peer via \`ChaincodeStub\` +interface such as GetState or PutState. There is a need for chaincode +that have these restrictions relaxed. Such chaincode is broadly termed +"System Chaincode". + +The purpose of system chaincode is to enable customization of certain +behaviors of the fabric such as timer service or naming service. + +The simplest way to design a system chaincode is to run it in the same +process as the Peer. This document goes into this design. + +In-process chaincode +-------------------- + +The approach is to consider the changes and generalizations needed to +run chaincode in-process as the hosting peer. + +Requirements + +- coexist with user chaincode +- adhere to same lifecycle as user chaincode - except for possibly + "deploy" +- easy to install + +The above requirements impose the following design principles + +- design consistent with user chaincode +- uniform treatment of both types of chaincode in the codebase + +Though the impetus for the in-process chaincode design comes from +"system chaincode", in principle the general "in process chaincode" +design would allow any chaincode to be deployed. + +Key considerations for a chaincode environment +---------------------------------------------- + +There are two main considerations for any chaincode environment +(container, in-process,etc) + +- Runtime Considerations +- Lifecycle Considerations + +### Runtime Considerations + +Runtime considerations can be broadly classified into Transport and +Execution mechanisms. The abstractions provided by the Fabric for these +mechanisms are key to the ability to extend the system to support new +chaincode runtimes consistent with existing ones in a fairly +straightforward manner. + +### Transport mechanism + +Peer and chaincode communicate using ChaincodeMessages. + +- the protocol is completely encapsulated via ChaincodeMessage +- current gRPC streaming maps nicely to Go Channels + +The above allow abstraction of a small section of code dealing with +chaincode transport, leaving most of the code common to both +environments. This is the key to the uniform treatment of runtime +environments. + +### Execution mechanism + +The fabric provides a basic interface for a “vm”. The Docker container +is implemented on top of this abstraction. The “vm” ([vm interface](https://github.com/hyperledger/fabric/blob/master/core/container/controller.go)) +can be used to provide an execution environment for the in-process +runtime as well. This has the obvious benefit of encapsulating all +execution access (deploy, launch, stop, etc) transparent to the +implementation. + +Lifecycle Considerations +------------------------ + +| Life cycle | Container model | In-process Model | +|------------------------|------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Deploy | User deploys with an external request. Participates in consensus | Two possibilities +++ (1) comes up automatically with the peer, does not participate in consensus (2) user starts the chaincode with a request. Participates in consensus | +| Invoke/query | User sends request | User sends request | +| Stop (not implemented) | User sends request | User sends request | +| Upgrade *** (not impemented) | | | ++++ System chaincodes that are part of genesis block cannot/should not +be part of consensus. E.g., bootstrapping requirements that would +prevent them from taking part in consensus. That is not true for +upgrading those chaincodes. + +So this may then be the model - “system chaincode that are in genesis +block will not be deployed via consensus. All other chaincode deployment +and all chaincode upgrades (including system chaincode) will be part of +consensus. + +\*\*\*\* Upgrade is mentioned here just for completeness. It is an +important part of life-cycle that should be a separate discussion unto +itself involving devops considerations such as versioning, staging, +staggering etc. + +Deploying System Chaincodes +--------------------------- + +System chaincodes come up with a system. System chaincodes will be +defined in core.yaml. Minimally, a chaincode definition would contain +the following information { Name, Path }. Each chaincode definition +could also specify dependent chaincodes such that a chaincode will be +brought up only if its dependent chaincodes are. The chaincodes would be +brought up in the order specified in the list. diff --git a/proposals/r1/blocks-2.png b/proposals/r1/blocks-2.png new file mode 100644 index 0000000000000000000000000000000000000000..7fd8b11c4fe3e94ea180b9e7aeac7f55ef0158ec GIT binary patch literal 44980 zcmdRWgkM^uF)k{rsN);NkV+H9p(fIoG-BystQfyi=AVC8i|?fk31R@^92YpqmOH&<*3; zH-L9u6u5f=FL;h>a#EnOp+{@L!%fTAkk=qkWfaMU@h#w)=!3kDBM5Z2{m(C6w_Sl5 z2vn}1@aDCKo8i`_=a)Fww0U>ynY7=5$7E!U6qVb*Jxnb}>5c|oiBd3F6q{}Zr%tWf zHh7|3Xo~e{ilO{m)2}e2tDln8EFX`xv8%qz(hT6g?etuOy`kEv^}%zcu-7sl+PtIKu+YkR?}|S6 z`JYXJ2pF*hz>6gP7sQ{(alHRe9t+}bkx=P_Z8j!KjWs^AvaunEvVQWSBx+h*mz7gq z@d*nHzj$F{6CFT8Z9Q;s;IxVd0-e!d2@2xgA&p$HfuwY81q563trDCIRsH;rx{iV> zbhtJRh;9iDD~BkT+y#MZ=>Lumk3rC`B-q4$fOp5abai!6aq05&@fmxsuXKb^q^$;j z0QtS1#K5!9GFIoavJ{G*$jZsp+0GUv;CRXWWc`CEuz9Z+7Z;635)7b=%rUu44_!Qu z6kdhj0=?&T7Ql7zWbNx#nJKh3Pcp9h{@j&DS)o@~3%J~;);+68K^e*(@d#v+m4}C} z>G+eY2jw-*pX~MOY-=@Fm%aSBDM(i>5{j3V4@2n{tj;Q5reG~bvSd(Zr2eYyACGhJ zKwB*Nl;kxswyW60A6sZp@Crsk$HIknh3rNUjR<`9jEY3Rnu{JQ{_S&CAcH z=GLcaFm%CAO=%~h#qo7jCSMSY|Ig?)hh8uUbf-#u5S-;kVbpBp86l8y=)`3z$>mz4 z)n?C(o+@eJUUbMjyjS*+qJp{qlEbFGja zH|do$sPUpeM&4|k!u2LC213ZToku!mqBt~aR%{|12v*p1vli;bH=bJ-5wUG)xW7N= z3IZ*yAH%aJ+jynt5{RE+n3rXsYWYxi9n6cxNh^fQseV$?)}3a$%*h?()+Dp~`1 z_9-mm20D`@LNTCB)iUn6u|}Hv&X1gL1J;wuwN)Bo(HvJ2tyx0ngmPR$Uv zP#TX^V_ID*%(iyD?~UCf5esF^r!B`y=iiuaoLLqT14~be*2@Vf_4k8?k@m0Cy&HOp zkcgV(UGMRQ$RGyHkeI}VQ%22qfhTID*ecN&)pOg_va`HO(c+p6!4mw|n6$e*8%qr@{KjXuK+#czQg->d(fh=ATRkv!?|zvTKl4)d{I5{@JOh`nk>RPLx{9KvE@f0$ zlg?x115jlx&YiAnXxr@(J){X+?;3=XP)alSLG+ zmB@5IQm;vpG^jEzKuA%gbi!3ssmx{Dospi=x!Sl?CRN7qRK5}`ZR$d`k$0;(=hgt(J5l*VJ^aduuYPJTZng ztm7|z1O{8opffas#ajBle99d>7c4BQWv`OWN$$qor7icqvn7OyGG67E6H(JJf4j;* zZx~xH#ywfJF^YF^x7SCYQoR&znaG>J)WdA4>Y}<%PHm|`DB)Z!lbi$%>#l|CP0^-; zMM4PgPp)E_3Y%|_?L``jYKkOoCWIuEllB~i>||{I3Xu@z_oNZ%mko_4mmRd`o03ng zKN+{~j|{SM9M4};U5lblc*HSC$2wq(B!zud_#Rv*>blcbb6OQK5{k^%M+8Ex)t!ri zDx=-xs?O==U9o_@XFS3Gf>@aBTz3rV#E-eOGjXJgp-e#4FDu_Gm*FRu)qLk&EuAmK z!V>GR%w-n%t%##=vNTeGJ(1O=Xl*N&*I2nXI;6O4##cUU+o^Sk+%B#QC$E~z(B)#N zyx^ny+J>4xVqMC0wY1c5ki+TU=Xoi9j9hPR;Pu@t z#GFMc0*ty)E#xA)v{>HO^^$lyBE}#AF~5HJfOQG+!Rv**YC#yIeJ_&?j)L`p1o?s~ zoh%**9gEik-aU+1cT~7YO7b4GwKc6;P|M3)_ILlqF-CzA6md$5o4tIqIw@uGTeu`- zJtrj9+CzjzDN)nGY~h1iOT)>d-+gKuq}l9`uEE5`DVh$vi+-7BufkI)?cA&UU&%ZO z5L>xbOuWr&4fWbtGIZj)XAySSO7ByIzs!S~Nd(rua@S(6x{Xm?t;S|Il|=>zZMig- znq%$k=OG5)Pghp(3)$Ju;-r@7O<0lzfqn^quzB_MN{L)M0*!H;}f$@uz2wGzN zKg1THF3`2u0rGA?)-qN8N_9jpcv&vbLx?UP)@nh?7{e^;q@isdAksGcJ?G}+z3N@$ zBe8N+af*ihQW#lAxfZ^$hB-KUl^d!qXGmvfs!IemA&H(*FXj^AHip+OpSQenmz6%9^INaA zI~=^5y0;!z@|QkF|GgW}v?xR{GcHNI#w|=^=tffMRz-?{$-GgMWdj3kqkwa%8TR_Xy$^e6X$HPO0EQq8%3q6iep^&o+5FFm}>!2ryBz)u22tNsu#F zw|PN>J8GcWRfbIw z3Y5XrCJ zop~zDRBPrOmM!)4yl8&4OG!zoAZ66yLX1}j+n14IxORCdB-@x#8|!sD^UNYh8G~YX zN-Y;<*Yy+?54V2vUrtj93p~T}mWl}(J4M-Xof!9_ZWkARXtlvfO)5sIWiKlF&y5&c znLMfd!)AnJP~Fn5S}GT$Dj%xnGUH!~VTfyq!a_oI7z?Mk8rONB*r^?Q^Gr{>5!HK^ zc7KwPO>#?q3Lt5~tn3dNWd~J@cB#i5uv(YvblDo}$Rv~c@|k_w)`Pm_pqXUr=7 z@>;`dB+tff_9kdt6L8;goW_9zig|`im#yAe)baseayp2{_6%(~Y{Lz0r1P=VzbY#$ za~vI#04s{<;8T|B#QkgyZf9S`F@FevQ2eHG2kOmt6VRq7_aKcXNVRYzh zRqSMrjHveIUP46N9+u~qBC8R;I&mHM}Ydy+_AuR^VQZa`4HGil7Qn)@fil&Q_{4`6))*Q zO*7@@ihbfDLM9D0{J^Tm0~{^du^R9{hoc6fSZeaLFFUKY`(Dk`_OsFd5~@*uoSfGv zz}Yan(@sQE`k}Qr>5c&psom~#dPXsNe_oXCm*6nnD85~(q-U1xDI;^8D~1%ty#X>y zssB|E#S+I;tgUyBN!?~qyML2{44X7`Wa4a59$y%9IJsC*P<_|x6bX2>vhr$({!`}i z1bZtQ*<~WJJ;TFdc(||ZQ<26nqx0f%4ob>qY~C5)omASAteQDqc9oIoMbDy;Pqk;t zwcq~5T8)9>!I1uCcGq{##+j7cwzof6ZOe=G7#i%eb_ii_#phdmZF5jPMpZ*~i+rh>F z8(v!$&SP3$8@A>tkjoso9vndQHJds=c+d0gMXdbL&l5%pg*AzCUcFx#r;akGh6xo| zmg66D@$}SmJeu1FS!^Hu|EsidDR)A$N^7G>=Qd*gz~gy11+^r$E~z6|*490zO)ydx za1bZnMl#p$4p<&wHj1(qUNpRIR*U9=V!UVsiu){*|9FYcYpWry*T}`^y<#-;_1N=% zow_{NqC)^qWVS``IzWDjnbO^t3q!VJ{43BpECD`EHoZ*pp0uoHN5Vs%!b8UJw3D>A zRQGu#geXjeDQYh7Pgl3Wzn&}8<)wiY@FQedE8SVn^`8K)gNUL?jQvu)Z)oB^BfiUvH{-Y@ zYf}xCzp@{OR!V1<_Hl_RvY)UgBcuTH%l*W}O&W71%~5-UWo~|nVVu+cUd$|y^Y3Er z-dR=eeBF6vA`13L54m^^4P5fWhXlhG>GxuR@3Z8pJ2UEG)x^cD9cLE&0Y8D ztieMU-zD|Y*ar@q;7*)vm^*@gThC+ca$9VIOkn&t^~NGS*%q#sldyu#(yvM#dOihRnqZ0`E7y@vY45DlzyV4OE&yiqKmIb4e;WiUTD3-v*l4R>vU_01!m^6^uI*ry>m_%{d7%9x z9J$SR&RYv=wKvky8^yxi0tJCF)NY7@iBi4GINVg8?%7_grDCOn2hpU|g0)hO+5FX0 zO)##mXlYt2ej=GuXignb5i#BtwoXQ0wwaoB%er#8JHJo49*U~2XELSKcCf_uLLIuM z^>@IH0>enqIki^7H8$1-{wi?yjN zDx13B>;gRkD?uRsf?_Pe_a==@-2k@bd(^9r!XMiU^?&~;O1$B_I(uZV33hk(#lq%kww{bB)M*Aep3lg=A5b zYP3(%QbapQHB$ZEv!uu&GcG(Tip^AM#O+Vk3gqYR^aN*yn5uYfqhAA4g$+NaHBvOA z`@^Qx9&oc13dlBsxHCn0U%beYuXz9C)5ypO1)H)zk&#y>9~N!0Lq4WI5nc^xDgcn- z+M3k{(@`A0Vm#-FymK{6@qR~#zw>YRLqYd_?F;3XMg~g8d9Ws~*XOx;JYX!1QTa}+ zI^kBZv%Eh;v-IDke1^n>?}zbtOeLZdvq2fr4EUlNFj=|}B-GqB;wH2FvhX5xr`{pD zZaTeegtjBLD?T0WxZTyUEBk{L_ai|0-_v~R?Nz|6GBGg~9b#(2XtJ}j!I}0mqF(62pH18>rp=$Hsw9U za`6%f)$3-Wk4~wEX|Nq?vBsfY)aG_i(GR(fQXw)1i|9`zqEZ4 z1=-|9TMG2HdzeklC=^u#pVQirq_`%>99qoBSkNyND~ZKAb^zk^GX~RpYbCmY$mu9( z9XTZik|~%OB!aPBWuwdwZe0#KG{^lN2MYGZ^PAjO82dZ-l-u=NzbxB&rkL<(2&c@$ zKXUvqhftodndi=ErMif<=AU8vA^R^i%gp&!x5F1E@j*gNEY(XZapk7xVtn=cjG+n6 zPzqp*!5-H5kdP2FfYEj&aDLoW<01STSu_F!f(Scq^W=+*&!^WNUtL<3U!SsFx{K^x zv7JYzZsTy(F%q5&zcqa4u9k+C5jfW>JG;7_3#<7#pXT&522^wZO2?g4TVUsT=U#75PjH0l$jJC>Yllkjw_53S22X0ue5hZsNFdj-da?#l-eC<H()_ zJ$?0;L`YQA*QUNB%vM_S4hv7srK9I+CmE7@`l?>+a50^wyvp0zbGf2g1DZEp^Zp+(fi6}nE8>?_1hIHXndfY_$wB*Vu!2gM^)f)-d>d zOdSOX#48Ha2Pom2xA-!(e!lvBKnyG~D&3&sIDv<{6%5SUj);YAFjUvoP&LKW`$v;b_FV>0!g5gvV(u z8Z_OVR=<$sct$U~T$wc2%Hm>(tsZZ&kuSQ)uNGl*r+^p# z^46b{@VI2^Pes=S-If&GeejM^Wpk!+ZH_(@uO=#v1Uuas8YlC0{>Dbj_BcN()ZOOQ z9bp#I#&Si6#!K?F*p+ncBhK2oQpLDB*CWJFTRnlD#VnIL=)u;L8)%5=t?};hgEbE5 z%zawPbM5*sTyIN|k8v43oONvTCA8H%%3Nz-;=~jwvo;$bae@vt4oJbuS_~FCc>b+m zs+6+y(Nj?E4|U1XlBUy0Cb_5}0yHa>+bj%OS;-fnQWeoxdxH2@ghSfV|Mm@KJ4{Kc zUz8ykIYC|{w92gj>96DR&T3aLf9NK(t|`yL=S#mnA{;CW(0-nR?m=5k0OtkIOHb`^ zOvbc4*MxAfr9{()-P9CrG-tIcJT-=NR)7mSS2|$Z8ZwgUD?J5ei3%$Toz)##xJU4g z4A@&=WVfqW#o`*k`HsGToM*dsZ&igDWM%4EIIgrmVFG$ZcAArvx;Q{nCrH6-jY2Da z&x;>&`4J;P!l+uKBGBqyx}f;ow~tXg^$T#*Ocsvkk);HhD{htaT!hhz$0hU^GY6v` zbfY<)eT{KgpneocsDfAPaItk<*5HDGfedqvmedhEtxB}%s+DdLx~WtP#r?Bx>X#lC&`#UwidQ(BbH_#VLuqDR zsS*2NYQyDMQwDj1V-*aU6FOoDc0V6UR3V*tvg^DAC9R~$Knr^1T|K#$yv#+LB24c3 z=eKC1%D%unZ5Pmcq{q(9sZTHoQK|Ci|i2zOLCOI(}zZJFR z=A{J#ZIK%`^8i&lWa+7cyTCt_jQrUVAv~D{g)g2K(q1y+mN)vK5kwnbG~`){XeI`> z-0g2AP+5XmiMV=iAda2Cl{~C2Rl7!~C2Ms*sTmRR*=DJqM%F8jqtluvo!Vecskvtx z_0Q5Kw{3~GKEW4fYsmF7sO~4sPC)n*hB%zVK8IqCdrvJ^G`;d3a?QuXC&l17E*-L6 zQ8#u9m-STW(_g*nj0)4=ciGR*6hG4E+lfv&CdX2Qxv5CJA!eJ9D`F&^mmhI}i!3&h zN&ayxzj{U%CnLO>`2Aces2zCTUa%PPY(cr1H7pC>1S^tKXn~-V?(W8v;YsXF3%k0p zNxIPjVQ!@q(+{DzxZlmyf?wTU#veSuk(3`Ts13MI)RoHX+f!jOR*4!#oOptcI7MU@ zJp>a5>C(A;Sp8jIqbdoN9SDj7QK9;61vgp-&}o`ZhS;?v`gDWf!*LV~nY+Z#7}BAn zx@57WD*DZDopd^v@93KXLu$^2|i~#@uYFFMNXl*?@1M3ZzLN@?0WZ)mDJ;# zAT-CmsGR!R9}eg*&tANX ztw6v6O zews8zLM5M#S}JS=bb~Q0KBW0?Pno+XQsW)- zgdEz6-6Go3r@L>=;beowlqQdA&0~ ze+11cAdo3{v#s3!!5!6M86D)6TDkl6OEX8cWnrq+!ppPIok^9On;4!Ls#Gm(nhd=A zaw!Tc<-qobR*N8)%D}tPTu>3)hnh7^!nQu&!XZU~%8C>_5uhpdC8FMwm(G4e47W%F zhi;c)f3-|Vg16x_?dcICjw}ATVp4@7JRaiG-+KX5ZgG!MHSS}7OTS& zO3yAXPSFIq?}roX?F#pj9@khJoga1-MT6(kg0~9mm##|`zAhZsNvWI=>b zt^QD`F`f?C3|w38Xter%C1A@#c4g{c18R)KHXv&M526ev$Mx2fAsQzM+?* zakf+#+vcw$uE|!4d9>S`?K#sBlD?H`@a`E-=#28`O4bWas+Zn%qXCv|6q4Q z-4~%Q5XPlLGGZ}&)a+(rqn&)uuE}Hi{`eRJ&)G(l)7RrnVLL$yq;3hLS!pN3tKD!6 znW~p$c!QOdu8fyg5o6E{z?|Sz8DVUPGFv`h<`}00#&q2@$|##q(Q8jc?3q;5vn3pJ z$ng5v6WsX3x^uGc!JbVfUdC(*e6&~wCI?q*HWCdCO}J|x?uxx3Q<4}wj8|SQ-I(zX zib0lY@OR<+u2KhlOhmooC+8W93E3}HU=L<_D3VOk@z$3VX1%KQ{cL5A+4P#DcbQMN zi1FzmP$LY7QlDvx->r9jh$fc^dqeh!gk2aP5pH?k({JPEQ4Az1cC&qO=z~$@)pVAV zIF6>W{!QwZFU3_xF-sK$Ay(iJx=&honY;1N zI?9N&Pw&ea@w}1}34NrHnt97wmZSDit9{)nwKg7Y6+e-M8RRxi>(42QY3iHgG&~6Q zu%>Le)Xk31NFhH4N*?_0WfD`j48KtBZViOG&L8z08PsT6TTmPBl4JQM^SaLOGx87K z2kNSKQN)F=R>6@~Y=jERa4{bNHOo|iElvnSptW^Q`jRjiW}xK`Rz03)K8=E3tE#5q zDZpm{ME56@-z5cYS+JxMKW_GM3&_Fq^hUy86J*$Ebm^Rg;D=We78VVl2^u=9A+X`f zU16(IEALQkM&J70+`@^$st7@wD7d;Mhh57eaIOOqD`h2_TZTK7uYgu*%O6)?7ysHL z@hEtPlNX%}bacOZJ`BE6R<0slH|<_*M2TIP!9XxUP5D0Fqbg%r;OFH$IVj^?^gCz$ zK{EbDs`GB+q+glUGu+gNd;Q@3Kq}yyizm1p1Lv)2Gzj!Qaf(jP@%hw;5dtyQSOmOD z&UQonis&IQv<2b^|E#Nuaz9Uv$;1PF=Y7b?XjEkuvfhc6+I@;~ub+4zr zq+KnMSP!`1>({R&2|Pw(0^Y(kKsE!-l!gF8x$dqm&adGESK^wh_W)|^%$}})J$F=L z|1i)6_J!rC)Rti`jG)052w^I~9H@tTj~F1u>p65e{b z-f|IFfj~}jRm&{dxYA?x*JmDjBGQbgXoTN{X6qbm=S%dG)+nyWC*X_VPtfX(s=*33 zla)DO8@GW`I$tq!@Ug!0z8)~m8_clYwOKVmTY<}1I~ICx8ieK(9k~-$xHbmxjGk7K zv6{93DAL7wjrKK3mTO4Z0Wr+FKU>n1s=Z$#k&na}XeC>#XoKPSHCbowiYUByY{1u} z>7#b0kA4HXaKKUgQR5CoMI|aSl3Tk%5^{;D=<-)~WMyULpKH;D@Mru2GLvmf^~5|J zSFn$78(0+Mr$XOU!)F^Xla!Oe)9iX$BS#?br{Z?~K)Pp~NQGZ|>3?+cEDj@SKlP!H z(mv(g4I&Ee+=pUwFd^g3Tv41GCXNOW>s=@lcZzvT3iM6WYhNH0N23goM{S;5H!t*% zR??`7RzCL8171#1xA2Gb^tHBGpA>SF&)kq-6B8@mJaCQ45*{uVZk^7?SbZc`)r~!@ zbdQ)wghzF03ucsetTYX&wW11Z(!CgU6;LCIC#`ovkFUt(SAS*`MwiQo0V;O!v9KQA zBoN{4p5!J7g3)6wzQH|DdI9zjlVtxA@ z8^KxKkpW*$@Q}%fi-V(n9v6j|B8@m@JYahCqYI^l* z?&cn$mvX*V$%VL~I}DnO;tptC59Bn!5y_$kMT zh809f>4Xl`6k3(nTe{!m$Ke~Jry8+Z9dz`4&$q!c>NBeXtR`gkwV~`v(P%f8{sHYn z_B;X2CMs93!pO6ljoj5H%H$=HZObag46?54~suiaqB12>0Z3}L~YiKA@B@B`X7~K=?<1%m~|K5 z*uR#xv9@KL_d_#iPv4^73ZsU-FtVBrp|3g5diz{|?q7R%5nP@N5r1B@!Qz?_0ofzb z@nJp3t6Q8$J16h?l237F8G9<~Z97YWV6)#_*|Uj=!J&eHu>y;~$wl3|gOSAU=pPkx zvyX7zf+#C{RNULJXsW5YrrIdSXzI2^90#nHb9HEGXfS!m(EQ=S&{gKPC&J>md{6{- z9FQVRLVCoV!{ymU3u^JP&xZ#Za3$M|iVq7r9EwTx zn|CQmH=g7Lp#nF~Y$ZX>0>8`qU~O2HAub>Y*xz4~rdwr$;_DQq%3nE0^d>OXAPMk?{o!u2aOU_Z4t>C-nildQ#@ z$)-Q5sWcKcCku2YEtoFE-H_bq0ZXs18Awby?L-2J*76dm+Oy%evXu%@dUj^FH6T|N zsFPb}GH#(II2_tSt~zG@j_U`zmR<(rJ{^_fTV44o*}+`nh~7a0R=rfAw6mF1&wzpY%;Y+%PItawt+o-9;j<>&ZqhzYKx)Yotn)i~ zehE4RjXtPbn3}ZlZhA3M;Q}tqPo>YAdCvs>c7CO6xnUaPHNW-JpoMgZoB8fcE?uKh zO}_98+6g=jbzgy$M+!0|5agz~wTp;}YMbmXOHAiTi9+gSor9p0MG)Mo!NG zybLR|Xk{=a--Iamki`LPQD7QScPiOvUrn8F(a0Z)TH(T6MPZi(xA`wKrfg!m+Hr+sy zj8AcQ%KzuU&MWL%Ny1k5UEcrv<}piO4OokE;k)6MkB65BL;?G3mf40Fo#p1uS-D#cG(a? z#;gac?q=FTCftog)bn61RKQB#Z1F+({_vOMv543YQuvbdVG_!ww;Bwxdd)i<*iX=D z<~vQHHr@iwErNgyeLH1!`$=`hcy(rS7Rn;fSUq$Nj0!N2;%PCLe`6R}|_- z5_=b~EiO;xpo6Ev8SaP2|3mE?D>&X=POAwN@#|}V!VdPbibL7nOzk@BaN3Oy43;Gs z`Jjs0{U@P`2qAj*L<^CacOMRV?*|;lvp~crTIpy90~x$Qt%XQjElNN!X{CoiXBi%V zXhlv&qyLq=k}*p@Jq;ist+6^8X7oNtzZ&x`@>d_t&;5DduI03okkS9=7LL&Fo7WBq zRZ3mi?pAL)z&7Fz__TOC7UWp#c4Yz9Ew*yM3f4&RE z9CdEkqT%6mGDHT)p9vD2dOr==y`Ij=lQ2`E4^&o1=^SnKBHjK}&Z|hdb(?MXKT1b< zM{}UF7%b?{q07u&Ul8b(SOipMrh2{5GHihqC?5BKzpeg{k8j8d!diHF>HEeg3YyU! z2$?6Bi@P4z8D3e+?6QgzRkz-Y)y$3Rzlwa9zngdieG^zFDM{S>bPoe0bOA`!G}G4U zV>9aG?_*|WW@7SGDUtH}gV_-wqYV8;5OwV%E(CCkM^`sdl=}VnpwCA`?>7HWaP`ZC zM+xw=F}-y62)eqV*)lp`2-aeMX#u!~BawHZLAE8TdG@Mt`XTMZn3x!9M&<#Z4fz314D)}a(^3A!yDyqilkKxEgGSqqBY>-?rqzQHV^1-+bK5#qxsr{4O z#}B%OMn)gV^OJkL=}dVV%2EJyFLcB#z_SBvl%)CxA_TSOuBW%o?UuSqv+L|0>6XFO zAJ{E)Ya~=hP&w@W0av$ zAkNWtd#C=ojaBEty;h{DI>y)Gg_p*FNw`6os=7|kXqYx(NSF}ak&_wZvNn%}h3iMF z>fq$6w@Duu>g2FEk*WutI}pWbr!#k*RU<*fbK{f~N7~tU^);Yh3w{Bwt^^WZnn%3M=BR95;?(Dum+{Y3~ zx_&{>PF!Pu{r=hRd%bh*JvjOfb(XWx++vauK%}^tgL%HCB>>s`z)Nd& z`X=`GB_pu{>T60$O?NOC`bPM#+Ur*x*XBKgV4yt%-8FTe*)aM)g7;2CjAK7V@FyYu z?YXhMXsdcM7K{ResRjd!vnID96Eqk5Vc^VP){t-I+Cn-0gFUM0PK<_IB)q+pt!@t< zbD8hwpu8G={GsAOY=y$^*K#wHN@kz#yriSwm1(^>uW)YMZ<()0fEEpy)DQ=M-ys5Z ziXHZGS&R@Y%CCYrP9lKltObad;WVo?$ROnX$WZ2DAI`Zck&cC@oW@%3MZbOvqg1y- zRg#FaH^GrSKNsNc4+A&AGiNK{9naA>yIph6g=6AG%)RYD7)aipgJsF2#Y!%S!!79| z>f~NOlHm{QnriP3^p>^h!gg6qex3#oFznD~1GTwBfR%o%fM}pBIJbc>MyGK`*m_6H zM169NyNu#qhZrrr$ETwSEjjMB{=8gCGP4KA3sSzj)EJ{dv}rtKbiGLr=n(i%DF&3v zZ}-#0&bHFJ_bnsckolqdg@jcl*-v@ciaA}Sq9C;4l)dC@lM3sxx>z8(- zrPT=nIxL1S*Tq>M5%oAXXIjoy|^Hj$$uhIAgzH02|qu7r)HdUCYu`-cxhA* z<-!J?lpa)GZ?2cKvuVmt7;XBFUQzHTt?zhN-bFre?2?MzT^QiLX+^|f$N&EMvqI{K zD#)I5^USx}%ZUY7Nxib)iO~lm6;mJLJ1HAKC3)Xw#&$u?CXJDB(91rvYb7Lte>CsvC*xJ7^E>@YSWfFiw?!o%mDc$FdU5##%`JwF z7??2bk=I%ekbVWSKRGk->;=}m>7Kb-qzDE`WL+zCZ!!*;(05QFA9$HKCwJt=4Kt`C zs9B9d=eL(8*7Wpz8r7Nfdcoi@o*yh&*-hc_E`Y{(@?(B13vi*8|08^?f*s51Ly*09}Gd5(Ku{uQ~y?v0TXCf{x2&6^_8alD8$v}sdA_rFXhs9PG0svu3XYU%8sWio?3AYw(uxwTrkgkQax6-B)J3IHRlumu40#qPc-jeI<;r1 z#}c}^a=s`^L8hpBTh(Ob`|ce343`yOwELcrU3a#gP+t-8liK8vCIjbaK~#LXap!$fwtnhm7U%N~ z-^=oIx}V`^^IrRdwB_d3&cL!4$y$c)EK14$i*-GL#OKN{J@MqLAky-ntvf2NPAy8BJSB6 zp$?Of`@y-?*YVZNxD!{&d4MUsu9D}6jL9{BG?W(1C5zsOO-;#{i1Bz(PZ$>f72BN)G3@ zHBLt4ldTuTL#V1F^aYP1{?%B6C%~a!(2jPLkRW38++4_Sa}x1%c^qWEFDgb^i=e52*sYA`vGc_W{ z-F^%s?lghcnHG)s86y8)W`u!W$ir)S5GV(sZO4rzJ%Rm!svzya9b&yIIRNRI|LGb4 zAvB#9mVM@Bnt|%A=19n- z)?XNNG`j&{+}5O2|Nm$|aAzofb0o^p2k|%Y|97kew(D~QfScLoF2WpNQeUz2b9Y)! zf&AcOykb8CGaH^^vjI$Q)C9+Tjq<(vj4#>vAl1zqiP&!35hnrb*S$7!U-&(q>U$<@ z+ho;QP%x z-ost}eEcs&8iXJfUuvTOzyuO(vb+1Yfjg$qR66D*R?P(ne`F=d}-^ zgA!Jep7~b|u7`Nqy6qLho2+)32gLJe&7)oe2P4DNf5~;()9L?qO*IN5A(liPf9#w# z`$LvTf0tXA{CdTX_m1bp>uT*p0GQ-Arw(wGhAL7;NlT$#8>ymB*BxDbH} zGGdr{K4s#|3E%Q&s@2&!fR3&%u~B1F`I8PnJ?G#NmLRSPa2gzPcBG^k^nKNXfEMSX z)5gk%aRZG@H-S*&dR{mIagl0OuTBBjo`T_EA2#by+4V8r{`ZFQ%e3tk zwiHeV?I(>`R5Rr0m(3vhT~-O=TxL zF~$-iyF_;8cYSou`99C{`hB1O&Z{#%^O<|O?(2Fl*X_-o{)n*q`BUdhC+E}pD&Fbe-9b(*CI+EvqCto(c zJVsN{X#=%Al0{g2{10Zyc`)`chL=uayIFYls(s@rzqBxH;V0P}211QBC$F@l{rT49 z(A%$2q;`Rr=)N_~llcu%U_bjH_<1o`?+j*^04~-U9qj|-Qz1<-`&}nSFklfm5{%G< zLCTpAt|4zMEy~}Ja<9wu3(h>I`mo+nDzbE6%ySAikG&mWIzdy5F7~E-gY{zPBzj63&cb|BvcM{ z+#w5kIQB5O^m_dED!&*{6MC8&fQluN2r6`P=p!U$>pD$38%;6KB^0uxO26H{I`lNP zgb$|j!|=Oz<;Mrf?!)K=5sH@X2jsgG|O7n+YI zxfWthF_PUs1E24jYm3C&8FMkK9|}AgS>LMG_f4lT!6TVkx}$HN^*i4osL)XY7zkKv z+jEj!DrJZ!HkA3U&)UZdn|V}dUd>H7F`;rLBT!InBf+NX$5^oP%;OWu*Uq}0N3FY=gO6_mP?#G2v<$|D<3BZXdP{vYnP?e>kXu_%l!7e$Ew;1jCMkq#HNuL1clhbgMmVtsqXs|}&r^ws=SaWo zep2zvLlYS2ag1#x`RbblWNPPp1!FKy-=+;6*2#k{y#ATrs{gWy4qtTV-&{IO?o*pX zqw-qC7F|^r-peQ43fBaI19al4cr+&U`!p5!cl<2h(h3dlAsgkn$g$yHka@?H|5S&g zLgI+I8Bgr)_gE^LSXhb#mVkf0CggVvGvn&0-mN^1vBLF_3P4egHq^O9VQ=)+p)mu; z**ms=t|HkMn}FE^za&w>BOQJu)VxF4{+C-(X%&J3zXVkZQ32i)p{QXEV(w-GhG=4P zOU}&h*SP2;yzA}Tw|RYIT6uc%9o`r>juH^*0AB#SXcFd0U#Wi0iqdFP1M1IohCE5| zz&Q~vlNfapMYweAk1mLA7^6JXp)G7%|-%HwO#*hxHw4s_)f9CCYZ0P*Z<4K=Ew3 z81J7gd^sxwyR&OxgTZjGHkqLMG|HL7yQHLotpeJ#@(sMVHe9q>0s&p}(QUVT$`ee7BzEb~slzVCLQhWG1-f?>mRsMKxXaVIH!9_HgP&`S2 zRN$W?U%!wQR5U?V{?gprES{}#?0>$uD*$H}wA7*$WjTs)KM{{DcC86wuZSEG5S(0!Me>~c01Hh z?Z1w6;9A-2UPGvH-+2do=@IjxBM2>0}g}l>sjQ(>*Z4r6W5T71DCT>bh6Z1ks+HM zG`6zpby93||4UeGEBheNmf34NmlMtgjXg;>aWg0vn_lvOQ zUT2du?#!*TM#YV9QySGr+#t=SRcS_NhVF>bL_8E|=urTeWJjy)QBw6*W{g>Ze5-zN z7B}w3K>AvXdngV3U?rQ$QMUYTpXU&(Bm^#VwxC-suiXy`;k{ehsJ_^5r}EY<=Wjx) z(tz&h>hNHPS%*cT;_#!FUFiLAU-4akO7d0NBhAXk+P?(H)mTkEMOZxC6$=%0JnF;r zq=JtIs2)9AW=!?Lxtl`NoRao@Y^|jXlF&8izFOQo! z3_o}{)4aWt=L3gf9NF3pj6O9J`)2Rpnun&D^}g}D&#|RY~`4^%8%yAw{Rg;drB)j6`wR5R+JDMKx%~PJM7rOuJpd# zK4jxbUVze(IAKQPw=7dXV&dNwDGN4)$~k5R^`8`&H&4ZVO|3}YF;EU|Q&Z;s>+2_` z6XLFmbn;a(j&(*ghF^;ft0^qY>iv#EA<&721fc@bilhTyICyj@COJY*V|M%woq|CA zdLKD7c^+iXL(~vUd)Cp?^PRa*?Mq3u`~+Vg%{)`E(ks>@8$OTcGL)N=U$)bUVt1~+ zboeQ5L`wL@-*`_VsMsQj+R+N= zY(Tbxx$VY3e`2ii+lA3+_C;fLV}G6}mLbP6B0-qvj#~K5q#tWl42+T)WsjWKca@pr z_c#S8PVK+lJ{mxU4skun1n@JJHQJ}aEnC*!Dl@R?S$A!qs_o<6=I|>ITd|;1`#$*` z-Y{Q*tGwRjtZoQDhgq7xiE)TUpm_*kQFv!7P@ffKZ{tZh!;vXZ`o4Z>_dhOo`jxKE z)(7CQKMp(s7i03c;*x>&m`kE~?%*lX*b! zxTm^mwh?aGpwk|=Or6}L6!X4FVZy;*OX?0Z<+>y4%0?~47sJT-L?jM7KOtGOY#|D} zWd>3;5E#jON~1W@k9=BjehJ*pwlpwK6XEOa9xmb%>8ImfwC3S+wus#>Y}<-4H&VB} zZxb*#URt{-lus@dMGFx*3si#ZBDCkv*_0C+IK8d6fjaw8&MIJL=_%Mi4pacQG8_G~ z>|m_in&$yN#gkM6+>?Hkico8}spS#fzTMvwdU3Fz?9sbu@m)lHALQXs@2@RCa{V?G z16(3Um?6Cr??C?$-<|(8nI&yZ9h@O<7-^GDw{DWWH8K(x)w?^3iDX$-XRDEV)^W`i zS74BcXJYDgZXW7*KA7)0&@k?;S7vQlCc|DYbTOA8I1@<+kd z%of`@Edd5c?bTMaugEb35BR|;6ZrbImM{;aM#$y?zIukB;#qx9!L#&>jvqd!yzXM? zU`_Uy&Uuw!ELT6AA`jVelwRqZs~zQ5*&F2$ry?VL^5%9BlfJ=9sgw@RJ`+5vqP*kbILXYLVo*n&AT}oST@moQ zAvb2X5uP%kv_KssUSzf#ffVsU2O(0IhlKuw`pyym=&Hchm*vt?Z4gH!ofzZm6HF7| za%-hrA}v1k_*FNSk*u$Dkm3-5;@o3UH-!t0LKPSP{?R+P-$96?LpDJZ(9)`eL;qFI zeTU=)iED8?>Z8?BR(rKS_zk(QHbGe*_JOPMp2t&;_dh5lztX&X zk(k(VNh-T+X03CY<6nP?B!_0^=J3+aEziw9#$H+iMONfMG`fo)91>Gm7bCSGYZ*KIQ zc}V5^7Ytsp$BJ~vf-|3hmjY1E1=gZdw!6%GN~B@ZoE=qQP}@qVqDjoG$FEPGe@jp2 z!pM@QC;O#RBoN*)`nR?e`MICW;t2@)jNe*RS|p9h!GoaQg z-D~$tlQeLrgYS5Brd|JCjL{+?NVXShftBjqFPIknKi_{ z+WoY!z5}ld*;W%8Yd^W0r(3kpNITIMJi57&xvjtZwOy!aS=M-Q)P1LPY5S?)$ZVd= zx#^r0eovXqPn|F!Mf=gUv!3Kh{tCk|;QH-D(E1GkKc%30HRzJ^4DF~kdET!E8N}--z+ZrV;E$Wvquie%U z_Ef!JJL)p~+je)4+;&%=lr=iM_3Q1r#F0~87gAM<=9>Ka=da@?eb(g!8SVjc^c6y= ziUXX>tSAaSiM0q4&@6Adx*qHX)hD>h6$U*Eaz7v`MR`Ol^9mX*ENt1z-7MjYQI0EY zqmR@@+g1rXZxxMJFNHIcQb=hcb8Ew+nx$rqC$>L&J!`92s@_`g-2D9xzecG_cPNeH z`@Rp?-2iH^&&RbUGNyv}R&__xUm42cZkoG0ZKXh5m@1`w6HY}gqO?;>Mkhtbt&w;? zsWX`m+U&*!U5Jdk{`lgeac#0&a%yrD^a{a#0jN77@vV4jixJzN$bl}q&o7K>L@y7O zx49OTJq(dMjmdTX7A{R%*DsBSUca7IQ|rv)$$MMd!+F`SIL>X^dj5{y<`7hmVm^c( zt~6e!JS?5kA6B@vVx4ig^@|VQWsD7F=B_)Vw8 zD2FRxICcB<1M?siwF0y7dVkXx{7S-ZBx!kcW7JYoAzo;tj=-KNoF6>#t+r$%B#)Xz*B(k11);yQcL&BDK z!==7?QOB*++apy^gfb}phSgfOoaSh|AH1Jrf^sIxxL;#u!SFG2JuQ`Wpx`hxTSiL2 zHt0*R9rU3e@3G3kn3pk5?+F=hbj@S~iWWOMxH(nfpyaV7v}e{$O7mQ2W;O2p5nNNT z8yxS>vL{JxhX^J2BVzSh+-=9Le!s*E@m4mYn?3!cSelpv5)c&{|3rRg57b}MoI=EG zK&JYGt3P-T9Z$ATdJ9|AKDEA2rl40Jmq~(Y0j*c?NjqxtX9>+)@0URUup1;Ux)ep)d~*k z-OVM>C;AVnx;6w+dpQ^HPg5PM$q4T7OFH%;x`0FJjTO@9$G&!L+1z>Jz{zrg8GvDc zY(W=}zvaXkj9EC?*~e3<0(|RhE_~FqSCVH3DEZ6h z4C&rMDxy>i{vHrEt2s9Y=3OSug@$&=oAJ8|Y)=RaUq-i-JW0WNPO}|SM`dWC&e=L# zI(mw+dSz@T*hyN;2n2vRo{MQN)SD?1yPF@HketC`)H6nfT;&$-W+b<+u;Z`i8J%QD z3z3B-y0WYZL(;sbr+D^i2qs0q=mKlf>PZ(Bjcj+0n`%2O!Z6Ei!!6I-)~T!3w`0~K zJV#`e`$v}DMVM^?LA}S1(=6d zdbI#43ki6EP5rdgyjIJ=KolF@p^)!bW5*4dQX8!Zi!T!EVhu?O z<8Jw?$4H!qF(Gxwzpd1BV^1BwXIrFCwoBUnz^m^-%BuAET^hPfXIoPpyu_VhG9gC8 zeBHh|t-Zn)%7>lRcSXSjr~CqJ9&B_<~a|b|M>tex>lYzFJt)4pSCo1yEqch zlUFjQv%BLqrcOI~k*JcE4D;O7+>@aDg!Da$w5C2mRy5b|@gw@M-sZ9>Gik3>-vfdl zd;I%DdyDRXJ=6C-BRAg37_PclhO~Q84jP93A7tq-G0zt@|E<*+T;K~KBdY;6taI82 z_!O;E3B~OHd>ey9*+z{D+^PZ!5u=8xaMvL*1|CBF}()FLwB`#`L(-U9}WlC|8C8s*6^jpi{MoFI>^81?vB z;xGKYX**$O@oS{#)>G1_r=I4+70WElo?9#W_|4TFA0o5+E|K(WZfQ4;M0C*hu%FHe z{`{8;vW(})zb{ER-pEK3b*bD+N@LV!>zjF9RC!VohIg@`bZd2O zL3Wy1#?Sy}W65L8z~UHnp`ruTS=7Fg83q&$$n2}r; zn~s1vA&JwB3^u!GC_KO$o4F~Ka>4|4EP~vReL?ZFSVj}++nQ^cP0z(bsy6}fCkPUb zSPc0?YfAr;PM4_t2rVT9*JDt~AMrCM=)!@*I4viWOaF{VCyDLP7ui%Awy}HkkUcz2 z@%o&nIihEf?YHb}+ZBC>d48ZT)W1p;KPZPg;0sLUFnX_d@d}ZdlImDN^3_Lw2#BLW zi`|*{op4l4W$qo^C$G%MGWY)ZI1(`+HI^cm&SpKvX|OtrIuyOf2h=Yu);V!sNzP{=$vJ=!REz50A;~OwmGH(2n0E##kVJfh zDD40;W!q!Z{YvC*2r2^X%PxLkuy1KnT?Rq<%5idZPxv z?T0TJ+w7e7|L~Mq2i`cT%g_X6@Hb#bsL?9hoi6i=t!MrRehtOb3yrKivak(p>vUU_}8ysy~S?EX7tD7kQxd>4YvxVoD_Lkn0&&1$x-UIkbAgtWz#G%ueaVc_fUlVl9`}ph?$*cxoR}5edfh@R*>^(-SDfivG*Rn-KhB zRsye=H>6v(+r9?d;q{1`Tbe@F+%J#aJ>$mOIKP`Kq`hj<^>aIqE$l}~KT=&Q*YvN% zy)#Vbnyvn`lKJ6yEr#N%lZ>aYBoeFLRWPvxEEhkj=Yj4>UT)GCMjeGc3whrw_@_6w$!xs!jJ(p~=ld;*5H-`0au!0S%G9&S$S^?kFX zWX6QczdcU>Oe9A@JcTudpSrF~f)xMT2aJWX3HDGsLJWtua@1`-(Za2wGNJroB={hc zy(AQ+E*J=tPbGeWH|j~nTA^;g-HU6Kw0#>Y8S5!thtDCqjS0BIURWakKM%2mdib2^ z-aQMlqW|R~BSi7NY#VsQ?Emr}OOO-fAoU!XnZy5mK->*yS_%;MmZGyha-kxEB}_9t zy&+BheZ%S_RIg*QFk{q zoBI4OEzY<4zx*1Hf`3=v)&Kn?P=xhokDg>?aM5)oi65UGP#MJ z=_%J1>i?h}sh%dvGvq@C8Q*Ha|CDFPgsScQlBnkf{f})QB9r_9(f0P&?9oDatTcIT z(6LSkhGhHu@ivl8Z?)0*Q23(GB+39Ew7=W~q1&o$ZKP~FqxxNCbps#n8 zl&l{Bl?Mb^4Gb_Z1QM+ZJ8pribxla4$72^%b2IgU8)Y1feCVB(=D{2j34bojP@jQH_~O>E6A;_fd2o z4z;@;Bzq3$YfTZvx8QT090FIf|NWlgOl#ymk-@iMAULfkpC0o<_Hbbk?PyZhvtLz@ zA2Sa|%7PFj>_N#xrArm`yLX_k(xekFlYl`u9;8(^$*PVS+U++i!anrBWDw=jrj4a&d(5{umcO zW``@7!^CU6htC)r8#CJ4-Z@3=O~x40w>fDu&gNtVt0pG@i@-3*n|RT^#ri5Qx^`gR zN7i3<6T~b%?$)R6d|Z(A_9Ub8l3dTcnq)v*)`6fSq4*6WxSB;YFfefAM}Lk;aJ|A; z9lDRVVj|s)ZdDr4^W38BSJ9Snqp z?o-5@>eDQY8FF&6L8Goy0@uU?aTziM_B|8o`|7ZMQ~uk5$Jq9VPP#SIk#;)CeFoK? zjk}kA9v5$9EXC6ErHx~2P9ficje8`_1l4i!Ug(X>>CvSnb(lbhrb6+g#~EMyO*b#J z(t+@Q>_7wcGY+ohdHSN`A-7If-a2J|p;D;ic9NJrt{`~md+v$!pwB-JCHnn$$Vk6J zc1K%hq5TO`tA2QK=96tteCF8Ow`A{f zs0l^wXu7QS@!R5Nx8>%JE@4zd(3*oGPDcnBW7M0ljmJW$ zdm^j>iWUzSdtqpn&r{PZ3(~dPEq|bWB|0$gv2?nbi7n-M-m=Kl$lXQi7`~CJs1Gc^ zk6;sDA5Eb58u^c+U=Rn0B-O5*vNUTy26Yi_Ju4Nmw&NCVhw`1Pp4mIPes;@?wrow` zvyx|w{^6|&T8C_TM?EU-9$z*aE#3H>z|gl^{UPNYD`i)&=-o)8}e$b&U{yEhNVtqWvHkV}fZ&#;~Yke~*6Fe^Wc!XnUtfDH!Q|An*KYl#h*(4i!;06Ht;`@K%q9i}jA%JI+fzIWyMu z*!TukTk-&c_GkGKj))I(<;XhlIfeiE0Wac(mg81sUy=(D48z*7_}eC_T``=G4LMW) zwfzV7zO7FOrDR8rCLR$KK|724?@SrECMP@>v=`%6J?BF^9S--6}hrYG$=W= zUbijQSNMiwxl!rCvmSyIYy%VjS)bPtr&VT_= zPV9*9)QM(H6AkK;2P&SnC84Dqi2X53_6 zE!i(4zw2*{k7%x?M`5$Czt$XFHX62C)Bx^R;3>L$MfwXbFDKK0RBUuaMz(Z>gTjC~ zu8fD0gYVn{nG^VvrehpQJ_9N-?jsoEr^+^e7i^fo6<6)e!=n1Hu`xe*5+nA%5vphc zsGJ)1#gt^}U#wO!?%8~5*;&v1?E<(wE=aM!%D432(vI(P%9;`UMvzpjM+H4NoFgMA zn-vgga85uKZio@BRK;m@c}2(5-HI_+PrgN-IrCeHkgs9$YH2ek+`%&QT=k0x<8!zC znuH|dO7Kil0+q5>-e0+m4y2~XVD)SyyK8iG=01Q`1Uj{gQufk-TzBC=hC$qb!3vV+nZ#D)(fg<9uMpm)#`E2jR%-ow;NH#Djl2X0*t|RU z;|C#iGASWkuZ7Up1b9pnRPGfX_i{FsxNkDJ7kgD~`;fhsu0`pW-0RD}0=-NGid~y} z#Zo-NaC|fg{bf`_t;TJe`;B8A z`r*0HFJAgYeE+*R9*a4$%=Z_WLFZfSRkDcOvyii@SQwD8$>8uDij!qQ4^HNb^93J> zFu`bWFWiYWxxxCv@jWZ?E+iHab>pQDmZ;AI!e2*AuMj_J;NCsm#9^1WwLibOgI1I) zRNjjhVBT6D$9+kWg%Yv4jq>n z?=$0H8a8vpXA)Ff8YNyE8cR()gkZ&f39Z5T@N40V#Pq~eS*>dYiOH!rLW5KHePztp ztig#^e(lX))z2dgTz^a$(f z(XyU>Rd`E`u9CrMX}H@oE0OUl-g8l+%iJ2;{ua~{DTd3{dv7%olW@) zhLc$oWCr4Rj6OrV7xS)`}t z(G|vl9*x!*$e-Cn8~N);r3_Uj{;O#y{118|t+)Brtg=4irjz;n56km9&NR3%b{x^G z3}_3{>A7Q(*~YM<30fX%^4-2iCmDKsc<=+h8F=3-`j$mco`=HqQ*T=$^HLicUBeWz zzE&miaXppYJ|DWIwTRms6x4}70_z^8PQVzdKagi5#GzRAOzc0mH%!vy~4{ON}BA z1+IRj)3%7rFRAM#kg2; zaFDFHX>=skZB<~s@0QZHy<}teLj5EB&NDx5lzjP~b!*qX-Q`G;4dba)D)B-p#z$+R zPXL75MMSQZUL^j?@7B&rii*|`lzY;oE3dI-0SrZpG~jxEck>ooXxdwiUuq_;tgnFl zYglGqr#hr%x5I9taC^CX)}Ac^QKYZbEMK-gLP-ny>LQ^p!(V_Mi8Xhs@v3iPKYh(fg}w|OlxgvRG*F5 z1dYdF=^9z6;Or+gq({Y|u~=t9wuygU76U5pjepXS zpVg15Yw!^fr;Abjm81s*u*d;R8NVJX!JyTwzUltsZJgoXlIA}-$)nYf7IdDXMZO<) zPFIVliE3lC^H-ep`3nrE2I56HaOk&fT8)%*H#qhTolvbDfwP&m+y0 zi0ZBL$&><~c();J^s75*f%tT9Ro`a2CmZZP$%5##$wyEVpX*3P0or`{nHPQ?h)6CD_?{@;!sQ+b~Q z?*G{RWvh3}mrS7P+TFF#UB;B)r7dO9v-)STTzc+W=Zm#T6*LmW4t#HSTwmF3~$0dXv8apH}W&=n! z`V!ZiJ<;KNEh|m&`q}`=(F(IN5fHJ{ky+regxemMBlYwdx7=8c!i_GH45KHlo)CY1 z-j@42uLs+vY|BOx%jf~ve%Iw!LLT*SgpKozdgREP!1>iH1cJyg(l)>Ol~x+Dbge4# zMzj5@<1c#!3Bi$b5!gC>rRIf34>wuk8$Sm`Niw_G_j`j%&Mxx8eB0so3Qd|%dM;_`bdeO<(NPdv}GM~R!U^+3b^kT3N* zCzs(Wuf38sjo61b4zj@=Bv!+5>*}PMDSv|5=qF~OWid;{z6(Grq%LZJ=uU&0Z#tvF zMrmp5X4DO9h*+Ru01(llG~NW2h|V^7IC8(wM8b##gyCOy2Lh7=*iJp5dq`p>A?&!| zNNC8GEyxHwYGX`UgN`k@0FRvszP+~XZFH^?F5_2qw~RoF8DKALrcv-)**?h%nND>Y ze}#0Q0})e0cgq;J-&8e~CoQ7QV>)H6p?l%KF=IbEl+J@yyW}GnJd%dbV_(ewTd8~T^R(<$KmM+Gb0(}Eu1AUgvfk=35iS|*95e1Afmof zb9UrE;4S3yLQ2Ptyfc@$EAkH@YjK>AT8$WnfI_GMC)zLl z@{IH=0o|0dLQ4vxX8sotU&!*)BjDt5i@G}ZF-gwhZ+JjM8nd_BKpF|T$9B*H@zp$t zEdwFVdq+$!>~BEdmyqV$LJD0L0H}6;%pU}Y6LfWSh*QbTJskzkbXxW=!eC1Qia~5N z^RWFhJ?hoOiN>%4tI#`=5eL8NipNV*%z99sCjP?}=5S5tm2=>p;1am%hKTBc#M|gk zywvc0PkaktwB1bVQgJ*;u%Z?VZznj5pXtc4wFL)))E=X&zXsMHz zG$pvhdV&nGClz~#d;usHY>tf%#-n8rmSNbdZ5Zz>v(TK4#*Bvw_gVJsu&(7Jx>7i9 zhgWIv$q9-zTfT)<>fhl$j`Ku=Z*5<662F{7`?rmb?$&lnR>$rb$P*gy+tg%Uv#_S0 zgT!Y19CxjBhAe?y;Jzpr@4~UGLeQNP;b29s|I=5~TWk9dueN`rqe>9p4S>nWbwcUn z+lt3(D4iG()@D;CWl$M6GwrtuH#vhaPBHtRPR!oXBG4lU{KyJ@+O9igaHllbi+bz+ z)iFw*gPgYrF$e6lbaldA;AN)?6oQZckZa=-TY|WSF^*SxaK8kIt$sfS?s-QUpNmW* zEtk!MXH-}?3XdT@QeVZn3Jq7X2;66ZR2t+K4Uk15?Ku%~!R*BM!^)s9_o1-5l@U%8 zNe(yYyv5$<`nQRzw^mg2et#S=R9!~;lOBaLm98xu3Pv!>{K|hDf*6y{+|z;mh6K^U=?DxXAJT%wNs(&7D&#}Z>(`l=#w!)4++4o)edjP}#pVWq?Kx@%-ZA@iESfg%)a%_jDeBS?ctb4$bPvQd1p^hJ_3Z zEeD?zwD@p`0a{rG374~=J|Jx_$j-rhQ@Q_R9dzH)v@lNG0p%FN93*+?w(2Fzjl3~i z65wC1?B&r5(=2W>qrdWrev&0f>h+ad3e^0b%RUvBfiB2w1%Vx)}Y?^XT)q z|K*DgLjEH5X|zjQt#9|s!zWwOa4}a@gDIE1=E5aiJum`AOE(IiY;P1Ld3%&V>_m=Yi$q(v(4)|n7A#Qh zm)lHH+R^T_6l4h7aNiu#%Oy}v_)=_j!>-d4TBGvlG_wfz^gT@Gfbj!%y(R-C8JRC=O@BZA z*7<$Exs3Za;C(MuxFJQyYb3P>izX;KlEBbGnKG5~A_aqxSDW1sD}2wwAEpgH1&Clr zAMXjYobqD0z@ZozweF#(5;v;n4nvf+Api^01uzYke@n<=} zX^3*D7*z^J97GqsZg(6$4FKJ-L#ov>35$|Kmz;FKG`H9n4%rDFMn9=58-#T$d(!X* zbOZ|NF&JAo_Eq;j+1q=coPwV&&4RRghDfe$e^@u-!7Be6#2~dHd)MavJi~9(i&Kqa zPZmb;`iK4W4{bJ3nIAULD z2Zu-t8n`ztmAi!VcTsoYjA^<^G|+(FbAOtSSKNDx%sL0uHN`Cd5{lOt+t79pi#NMa ztYO&k!1s3&SL9iwUCH{c5m}#}A`<}BvEgIrGzrJ~3yKOGSXcXAz_MOYfQQ$$vlq5O zhSl!=1LdoUv%q1X9Aq4P?h7}wX~Iyw{crowpYz-nJJbq+foee^N3V1fOj}YcDX%aq zDUte>U>i>IrtZ;A5#`+bOXcAc>j45of%sOImKwQQ`(Sb)@6}6=3vQ1do95XVDWDmt zdye{>9YQ%!29@Vrdu)!4GVAxkVz2e_9C+sx#3rxyo{uqKE+lpn_bK^Gfe-8LkE!yG zl)Igpu`BI3>vr`E%b)ucL&xJvwwr?GhBU`r`9~;o)W=y24qwqL%y7DT;JhsE)A7xA z7ExwIdY-5aJAl(N%6?dmi1owDn3ePwDwjZZAyx(RjlHn^XvJwLkh)xQ|AIp{=ltjO!sWIaa@ zGz2L6Q?74h7p>eUXS5{mYpcA7LXQZ`{e99loXS<|IPt1>7*!)zU((AM_K}k*;vP zP(=InaYm-=N)O)r}^a5mRULg6Kz`sIrs_mv9VcsCaV_p>tYeOlp2HV4bG91Wkc~h_92Gx0_12$vYP1%>amI92 z)(iAGN{HqSRMgQ#FEXM+^D~+c6q`20WTp<6*L=U#16xkzHtrK*BA^mC9T9{>Ef-)j zq(ah7+^PJlP~`|4$@bnO-lwDWEiO3LK7IUC`NfPfo{nzT0z+QMD^gA;Fxi1N6&5%v zJ@QH7sl0jX)WMs&TFVj!Ck}HaK?DQkDGBB2$RfNLP4mtDsb>asWcW@a{*zg_Eo<@%*K_ z9u}r(28W*8Vf#qU4_OCxe=}-5ReKP}*gvWHc=#-RCE>HWB5&A)VTw=K>9)ted6yr3 z_W$i<{lwU7LB;09%eKnojn%I(fgIXg%W9_P#l{w>Q#9t5`f$UJpBVCf?N(a2OA^#t zcbbO=}?GeTSMeN%fHmErw9ZR4`QycqUfgg_m-p`X*rH%Y;~_kn+K z(${fHIqJkK{3E?iLCdNBBHLArFV!#1S{_!OXBfN+9jMHYABzJOUMn6)nd1scE1d3H zyQqV?fQzDBw6$I}tB)cXO_DcHVP$}NZ*6>$h;PzJYxX+;(wP4bcsWG>I@bS>6DvDPlxhpFs=JKvcPQx@3+J9 z;OI7p0uJlFT2A%cZC*Sb79kBO$8<7>1TsBT%2NJx60n zW>}d{P`!^qUIwpU8S(`Q_gj^a&j?IGg{K5Iqb>MT;BdYmzIsr*`^hrF4I9Re%}<#( zoeEwWJ!YHgV%zhUXjO>E)-^OrSemmeh*{3&jfGr!<;mV*v350Q1vwF2i{~1J;8Bpg zfBN}9_BjpQ3911GD%bQ*ui(=7kuQ3s4=k34lFN*0nO^jcvRe*B0yk##s@`n1e7ujK z6A@P-d+9MiT7DE(jrT6gophkL2-^F2<~(V`CkEQg^3Vj0CGPg=`B9LqLY^zFNSJ~| z5PGt+MQj|r6DxF*F#(0HiwKS5dc|qf8tgZLIc585>Q^-HyD$OK1;|rD4CzLu&Et6NMSo!)G+35>JgLG&I zwo_4H`$E=N)d6ZM)yU{vR^s=s=4yu;gjsW0CPeaX5bIhy)cnqsfUzlr{N>HCSj?ok zip^R++s3PNyq|n0_=O{M=?O^oMTI;Oc5WFUT*>Ron%zxiC{)S;T0OY_$ouzYqQw}a z<1)q5ULauf3dZR?_=?QNL)+RpBV)A)J>B*1>N-s3m=k^$1aQ3^NNJ8R4n7@oT_IwyPUb zUdkYfm;>S!>DhIb;(=XZ{SU*>?33}X%Q_>9p5a2-(z){$z52#=(QEqTOUH%aS{yX`l z0eSSl#mvM*I5K8$aK&?ftgAKh2@}FLluar3WQnv{le+I^@)exPIT$ck^?vAdj8&~( zL-~+hQ8myJ6Og@2AXlh7pl@!DXhY?Wv!dwmAN+RL-! zaUsLL)q0U-ziYj%i`9!saZXdMa!BPw_XkoVjt4 z2KA*;_n_dXmx%-dtHk~0K-^vJl&((&)aVS0(F2Llo}>0&-zMld?L6%thQFD;pemEu zEO0(vuTEYvC0V{iBKAeJsjXQ zRM_4-euY7#66*3o%H9c1xmz`FHa;1R^Re+qtVrFs)B+NQYp;yGE?wT8i2uqF-#SoX zPq`pGNobfV6qG-yeuK5l=`JLzFYbPJtBmT!ZdpO)|Ix zH5!$ViSh1!QpTMc!VHW>g*Vd|YF3)s0l7O$)r-*Eb~OnRBWoe__9`^ZMA z;+jDr25M8wSBNz z?xH}vPv6GZ-N7kt^+-a*Xt{xnO_zw+5fGe@!Ya)LcOniWe9`g4uj@$3l*d@W0w?*G|+npQH1mdZm5= z=YtbV4sX!5j+16#(F|KY#*X`$Jgnq+brC~6yObKO6-U*W^~U6I0ITa!G9WZQ$^b&P z*VUTmL*Xw5#$$kZVRDe(Zz7GF^$m3iVhRxk2iQ^ktePcZw@)jo_V~*1Z$$tpru1ebK%@=630~X?5(R0ljSoca^Q;&@#Ll%A6^ncLk zM~}|^;|D#Po`f+DyV%=kdBpH@_WVhCaVO)@I=iN-6ZP8xhfx_(*t!<`N=pp~TzIcq zp>_sVdE(^I)WZ^N$^WVDy8o$e|33}g4csjWMP((kM3Iz2wnHdnL>!z$$(}9AILeCb zl~wl0*5Gi|G0Hj)$DLz4avwXw=k;#7ACK=p@bw$s?`yoS>wR6X@q9gBmG%jYys=o! zA(NNZUmcx-)O<}ViFSH5ePM%un~nNgOsdiao1xVq5*)8r1I4LyaB0 z%0~$v6kl??$9yLc5gf#X^-BDiwjuuGTG-dE47S9e<<^=Ah`S^_z7ck+c(#1HZwr!W z&3Ny(EsjT+AHknMzc0nUYmz8c8@*6%xdPPNX6K;vk{S5L79&><2TFogsyhGfU$jMO zLGu!4&wVHy|NV)7epN1d{XAl6@ysr$;B*`I)<^_)G0CeFtfeXld;Y2&SeL(ST?xtNT$?CtDyf)*yc@aq6%vXn7!^CBzisykN1mx>8g- z?HfR+-_kft-Vw%fgR`<|w#(@d8SN$Dvgw=#h_?M#{j6)n;1L7&g$cQEr2xRayprPT z!sIK_Do#RVr^|8Jrbys9o|;kH(sBP{kQ3JcmE?yx64R4Bx;@DSB7mxItPq7sY2Tby z>1mg5@!{yLt@J9mIuL91%Fx)i#FF_6343H^7<1%glyj#Drcu_;JrX zTF%?~@lGK}LT8hZUrsEOm&?Sk2JuUfs;VWkXMlrUn@AMCVW=iYLAswE7x4ZTv!|~2 zKr>;u9?GPUrRHXtchAwSj#n~ay73KLl&L52u2K}d!&Pp&pBL6mF`p}a^{hK&vW4mO|9*3nl>1Nh48 z3vo)KhQ*EehW7J)3Km~Dn$I{`=vEsQnAWRGXXv z46q~~S25$NE{;d9>TXCMrH~eRq8Fp19L$A1AGM3r6xDU@bi6bq`b5*D2>8D%6;JYoIG)h2}}9AGe``GjN&r zMSgYfW9v|4bQFEtz0U#y}iYp2}7rgv*Q zA2`tLeKK(|Qv8%OH;cHI*giM%8SZdN#w73xH)aT}A;AKr5$~CrThFr)a}P;WLG?Xn z9<_RUq2Crve_Yp{p}1c6_jS&tyhDyUUD>fR-IrD(EnVo-JrAqZA0MM(N^uEf7v6pL#==ys7Z{2F4HmAC}hO9mv)pSsT zY(_SX<>3Bo8UFIV^!HH-reSv1Ucdm<3luIy$)?8qUo+{vUzQZ!erhETgju%QZ4~_-m&_M zXJ7B*u4GL*=crQ3a!ayq$zk;z&)}E3HHJ#;Yc?^vF~>(V(v1ycG>Cf_A}|4BrFt$! zETxB?izGxfS=g9pY+~96FlkJft<5oKJHEP+7cd9&v!GVC$dFOAww8wTc)C@UN)4Wd z3SkF1I zSq6LvJ8*rb@XkAheAMK^|Co6i`%Rz+4ct`Wy{wh+b?*7v4CLxPu(@vongU;?nLHXv zkyYSiP+dIvG`Ao~fxcOgK~SlbaT^3{$C11|_&9vOO6L`j!KQo&??EUhfiic$H5wr( zL=y4Q46mzJ3G(HGSey9Hp$&C5EM{Wb&+dd^2WP|%t34-I$;G!-9;eRpxuw!&L$iUwKVA0;B?bLAOm}S zcVV0+h7A;48$rWea#c?RCk@2Bk&u7qCJ39|^R5g&9&DO|YHnk%j|Bi7e>f0NZ5-6D zB0zv*ytZ6c{ooY{nibe$7kg3wJP34hFPR}KCTTs%{0mB6s@yWJ5+rH!g5Z;7u(Au4@751u zepxCtHI<{;DwY-xUMnlE^J^Sadb2j?=(5FX?-(L zPe@e^VuKu-g*b$|D_Zl&y0!p>t+vNZ$(r;U1`v6ZW|X{7#Bk4&^FdPj{Zn1w;Ty+! zXu*d%x!hU^(AaKb;xzBN*UJL}0zh%}<0`Twgwg4A@f@S|eg8*}t^;)ekcT+ofHt*t zbS$)!?>)LsT-CINvkf%zW+;}U@LxF$k86`qOmIh2m?rdN?{B|M1BjMsOI| ziW%BD=S-sHQMw`PWGW3i4c(UVWlh~$v`}Nqtz2jZdCn9n<^EobXJcbyFmdM1^R5#k zvV?V;DCKgI*_#c^+wK}eWlB5$KNHAY(2P4}&IkmumKe+j(RSX7c|E9=_kHI$-P^YL z1^nT*8$+P>)L1~{JtAydWP`F^$)=E;PgyCZ2gl$4ug z9j^`u*eZ7buqzK;wAObE9bTlT+i_Gboz0R!q++1P*5;eO z^RN|NYWV~^9S>z=cTpMF2W6tghC$GS{n8K;HR-@7U!pTyK@6Pc*I_o8R(Xk^DgUO%@_B&CTG zdU@c}r=!E>vj+mMaE4t%m9CkoPhuSf_BlUAx3b8ZE{4G~U**vRbjzn%>c$k4VrbM-!WORlZeOF8jLE+}Lmnt1cVJ zZp7#A-eDmDxGhfHHePU4A%r&#=8ooY#QmW*((#>)ERDJmb|f zsi7V*LLOmLn|_FNV}lw#Otrm!ZMj9nU6EQX6P(BT2p56L-ziqZ7aTK04H~CK*M8uA z;bI~quok^QeZnk-*HzXrT3#%>BdW9KnlWk%=TVZlHY$-ziOP7STuI>U(bEYvgZd%0 zi-fDi?mk;37KAtRz~#5L@%U=HrBCoc6n_o1MV>!JWvC!|3_~@)AlvOk>|^zB zTcjDH*iSYX#B&i+_{f*C9G}&{b1x(n1XeQaI593Kcb*j90ZNXXOHZb* zuJ}zRJ~Dgcu%T7l;jk9x2L*e16KA7cyM`xuvKv>37X0pOSB{bJXlqF4;LuFnchkd- zJ-+mfhlk8ZrYnwW(_u#q3vm&xq8-|$gyCZh4?S8ELTO`y2c_m~V+RS@5C=t+4%po3 zFT4WZCA{HVHT8VDwjfu2*x`pTw>f7&#W?5J*%e6a>WTcCySJKyNPd%LyO0_aF_vS^ znZa^UGp6Qk>&iR!nFm%!-%_ZD%B>CB!mw$h`TnT-Gvv`z{wM|xrg_Z8D#6tivoT-|}SSovYCi7;cWe2~k2bH|df9<|S9nsb=e(dWS_ zA4x>=q0euQ__)sy)pQbP9BZ3`QcRbgh-crrb~aeTwB*K#+QG=mk12f1J74T-u9p#b zw)@P~X&LsMc~J}#oj(;NrjUlcgq#dLzvbJ-j%uTZaem)YH0Gc6 z;nmRA4+tGX&i&J6f?b_f%KE6wGL`PKypFo6gg0#ka~BWk6>507K0x6nrp<%v$y29u zGI<0I3;kz$t8ye{hIjR#?q$2lZ)i-RgcH^ra0HkGa_>6S3|2oc$p z7#ou)Cp_j`Ph`louzMJSFB`+zV`%k6!+xCL@xZxQ&thicVb)#gsoYOSj%1S zEnMC(+G(;}mj^x_S(C(Qsa!k(q>+O;R$yu7Y7QYAo*zj$j;{Ky0x7DvwscQo& zxd+8w{wvW4_Qkd@Sd)KLbFke@q{% zHQM8_ql0z*i)SPx3PAnMtv;l&{(=AK^#3)RtUNqCyu7?FF#7bTv;4LmB5V;`$&~Yn z8lB&1QvAo^{auqz@ZI0j*w_ffY}YbXAaVF1<$%(6wGv?I9;uWfu{$BPOXdFSdk0<= z?NXqp|8jI)I~2H@5aS1pUVxzfpA`Y;z#fN+`Q(^gKegxYb{Q)Bs<_?t>(_k~a=rHe zar7zFj8-0!TBOA6}e{(Jo^&p;_( z<{w2WW>kEuZ(Tp4fLcwn&u{&}tMSp)PV`ECQY`)9x^YR%$>lJlvY!BWWi6}5JIK0% zyVd;i$okC#I-=@^;A#{WViC!G=IdIo2BfH9^_~?O>#yyl>jwl(C!2qnl%#!Ifr&=2 zSgZt+oHY8NWCYq32>pMHvZYq-+#!MB7;1l_3z%`@+3%RdzB?Uc{F#Q>q>!9M=ZJP6 zZy(71!R7a1Z#bL@2d9c{H?-QQ6oSL~`NTIk$Fh9fy5}K0tF7GbX$5{1mpT46qS=vk zqm_fn%AGxXFt-QOomBj(T z(SJ>zrc$XKEh7N02Nd!hI8eHk?Fy&P&E#oQJwGCUoRwWp89^v`=ASDmE1x{MJlA>v zviRUXt!d0azz0};@2u%8tn!b)@v4a_a%Z=>0YMP#O-Aw4r?X}Y&EDJt<4@c+#FxUq zd~)Nj_p893zgk7AaGqE_y=s>LYn5yYYlZYG=>T5{taPBn)ooH>nE(Dqu`PTzV2cM0 zquoF*BVl+h9az&<9tD>lpj-Qx~g8Ybi^qWZzYz@I+E%tffD?NDSQ_4O{vs!Ag9d zoX%yHmv*@zyZv$UwtoWimz8ZfHCe0V`1vH`t*Lo#`{mBi1F$L_oNlN5gL^;don9i| z`youNl6UWimzL+|_kO_XcKKiRp|Ci2cX!n*9esV6PWmrjzVP$&Z`$?y2Y%I}rlyu3 z9If&*W4WJz1_alm+`f_MDDrEID1BT$EmwGA}Kn$!mF&+oHR+D#`bARKRn_TaHh4dZE6865mel~=mAGNOgMa? ze_q-*u9)c&<^A)pN%)^Mkqv&W4eJCo>{M89^c>;7>B1L>Dwp}&4Z`s+93Hu%WXuD{7YIL^03eBE<@LuZ8h517-~xP21oN4)08u^_CC zTT;@M;8EnPTSKv`EaYU=o1r&v-sD(@H?5m9kdl%zg=v9txcp-V7+aH*R1Y#Gz1K@L zJhApntZB#g#fzoQdK%Gw_bESA%^#ac6@)Y2~j+SqU&;O_B6A8%I)+T4lLeu zX@fMsacip;LmYKX)UaqqSl8Auh31$Cy(V=DZO7Up8+gUTrA@UBmXt0|&dfa5o<17Q z)PP17bm?PG{vCl(s}lbUuN&|VYDp;&%3|=1fPJ$5R*f{v^dP)!7y48*O*#HB*vxSM{XZIyLGVDnolq5`^fV zj5@e|N~|JpKHyHK$F6eXLEGR}B-C|OGna@ppGW3w@*d$(A95~tc2rO}dlIi4jCJSE z9nHw_L22_N*hVG~@7{*CoUf1KKUAL3Gj>SiaKr?O-`zmPH|ghnePrk=KpjTZ%4aVb zS5f}aU|{^7R(u8}QWop(s87egr<&;DdSafwOYOi*^HTJo@XQu27Hc?q4QrVo{hh~hoYc43vs z_ncGV_QA4)8x{Xu3Q>1!y$BS$}R99h`=@O-BZ zjUO5(O!_W$J3mvHbvs?^PpH>I`S#woa;7>B)z-o~l9EbF$HFz)>p{`-V=?GN`w>t`|^^XiRZQVkcQJW5G*Y^FpnuISCPD30vSA!SdNH2@<+1IcNP^Jw_Gcflo-XMHt%-Ta6FoA5|?KR8QC1FZk6k=xW8{I z8!2ds4!CyC<=>&G;|k6q;8x1(@nR*V>G9G%UVKvlO~q?83%-=cNM%QSKHv6s+A20p zUuPv!GJ^=-P-}apnwP^tSID5aG2SwLoItXmy~s=d7JZWjg)}GU@}z;zGF6pidKj2t zA-Ok^`t~k4Ni4ZxmZhPag*tt=i9CJV`^L&3;g~9R?uR1*heAVAc0{Zd+biXr-O=SO zF7OVVYaguitj^N7s%J!SD#TRD5uhp+w0C!(9dozgwx$oJ6*V?)y{~7`f37#FU29wQ z%0yH$O?xK1!Pm}UTK*yO265K1*t?;@G0&D?CmZEWGA5K$W({#{@ZiDYUmk+=%y=wb zU(6s$+AqF!aHmA;D|^CPb?paH`G)x-N~yEybZ`CoV#+yAYPdbt-?^Iax-gE_U$iu+ z$jp8^e!KtN14-A%OaiGVpPbpz-!K%(pue8)_r?vWoG+u^S?PT!CKI`wqxxX^==^$8 z4022v7w74Q>_*D%Wi>#T2 zZeCh!!>Yc#jW}L4+;W`yzCdVlpnanm)#s90Fs4=Q5WX^l(2Gim2tAxlsV4LAw_+#wcFKvt*ikxR%;8FlcU|)0#j(jFdzs4X zP^TtO_w9^(ir2kLN8zk{In2+^ACG2~%%HE+JzkBrJW;qVRMy*h8ITZH;jj}G@*;iu zd1<8$tA{R^+y%YlPvMDVlrSk=GVU)rlL2a@Gb#7` zM(>H-DdHt$ZqH1&H1rI9a%GfyxHU4?a`|-woosD(m(=@>Hm|XL`!S4CGZE5%#-q;_ z#Wfirs1xlk+CXnf=zb%?&wRRU-+B=|{K!G&ycUEs6`GrVb-3UHiOcrA;>o&<1 zsN)nG+tGfCyh1{m9*2ID3I>=3g2X-&$H<)io^iTiaa zzS8X+G#UmWnm^++;;1qD5yeXxcb-)}=nwDXJVS6@tI&0NylH2+_>0WQCFD4zAxFg( z|GdYMqeVj7!lWqkiv2tR{Q~mZ)=?&xaJ8~cgVo-KM;zv5YMQvWAB~yil-|r6s7^Oo z7BM#$iM}8&cdzOD$;bK$anAP?E=@-W*O}|-#efa8rY`iB=T0X`5@#u-OS4`|(DXlw z6*tyT&N<56?xp`W_{rQTbz~yvndVocQOEQ$=O&nnwX5`u`b?114-)GS4_G=9N$L5f z_Xo=ub>t#hKu8Eps8~#lWH6g@5*okogvGp>LS@jA$D~YnC3Se61g@A4B1&2AYR*s9 zyyDyX*UtIo9B1vu$ctEibWSZn62dKmO5WCRx;V>Q20q>@n%w$pOT=IOW2u^+dQ!d} z?oQndX%Ank6_INl?5)On&;;#bh@%u)+7n45G&pw-Iv6R{@QMfPUlXbb46Zpvoiyh* zRXzWHL5v3;{gS-)TfP&?Im)9ne6&p&X9F)2H+=<&Uu>XEbG;4NO5r}h4vP-xFfhb%hb^kSYE@;tD8J_^ZA;rodpa6u5Z`g`t^GI&?4=U=J^1|_H|X1Rpe2N#OYgw5zq{@=a>Gbh zsD%6i2WJtU_A+6wP5j^Vc=HA+!GRn0YsHxb$q7}ns?F;O%GG7e=2MQw>opOyZzmNL zV25<}zYZkuUJ{n)2D`Oh(bBGD4{^TL*2uk&6(;w|IUT-R-@{O*jk$abQQZ1a{T7Ak zXM}x=ll?lfaaR;AU+1!xgXVm0N52CKV{FK(o{bG8R_F~^9u+u5TTyVhWX5qu+iJk0ATbH?e z-;P8JsODc=?<3*vWrr+oNdN0oZFBv319_IqR2S>BhsM1e*fR}Rf7GdD^&y{1IRD3| zGV>RjUkzy+hskYbiFO!uO(OvC3E3}uPg+baZG3M#m@#m^>x~E&Zgzn;M>4ru7g*G)^tBxf6epd)5qTP16tp1^m|S zgK~z$c85Zt#X(NaK&$NCklgSuhJ_G+{Ve<4xo8${P zIDrUFgM?aSYvpwG8nwXG-e0nRc66K9`$|bI!fQEW3U5pY`eZNkE?ZzKs=!%|!=mt( ziJ3$CZ#t~na=%;y>PeLscf(E~xl4cC*g7i1b{C%BpAk$p6rI^Jl|y!zeV|}*GIILP zsZr`?gSM?%FFySy@&53IF>a1;*A3vn;%r(vI&|qL^!kM=q<|$_jn~x=mY}TCKY-JC zq--sT&0nVQ18q=&vE3IL z84aaZLmMU%(bUk6>DkLBxFm@2$m!}%%rH{2ShXnI*KbuHL?9#%9YZCruxS6eHZCLH zca8?FM2B2mT~7u3PftymG2kW_U<6D)d{&Cncl5b)2s+8mT6^eb8?FLF_c zc2FLBgr}KwZsxR#hwgH^3j1w&#omQe+)QCaN3*^u|4i~78g-Wo3d+*f=Hs^XNQ`?- zzLT!SoJ^zQ5$&If%jF)M{X&z0N>ax5%K@B4u<^T-qtxf)kGs*y6>bleep=f$K_ z8JAC{ohE0QpRjm;y?%IfNrk3*nV53r*>@>!#h>w7g{am6@%|$6t8$}OntERpb2}-} zAp-g9)fZy}ti)@p*E`gmw=liwyY0y|Uh7m>hGf^`xw`PmxCVS;GhN?r#CG32i1P#~ zGna+>&wUp>bWS{aTJS*<X)U$2t19O5L`95d1pH&5Bj z9(rMeUnf|5`h(P5tj>9chtFX9X<(6;AL!JmW508XsPVnno zTg1iIf@j0EKk>Dv2v80Y#yeB%+>D-6y`{_DeYWdav-XdhJczn?x=n&wlbOxXHbqt~uQlkjP@s=9@q6S~Mn9h-WWM{os=3?Q=6yjpEoxHvQ*Lq~6ndE6;W! z=A+x(Idp*lo3!?cAfGKGolB~^5lfWXn6>y&w9yCJ4@+0o%lz3;x+N8U=Oc_y_P1)B!>$$`tYNgXAL}XpIDjOt00RmeOl!QD)Y+R$QIF5J8+G*vrr1IN z1w{XxQ!3D~!R9w8>1AX*CA94@>e;UTw0xRVkIgvSW_k_Iy20B%b9%56d_i`+dF)y6 zA<3shhjcVk4tKg&3ZB4Yo@+~H8gW&r<5kq5`5t=m-sx@5BDPd59Msk4>xPns+I6ig zes=xg!wH5M%(%E${+-S8pi=!{4`x(hy=yt+H6}iRsk4`XJiR5+C?Oh^cX5DZRH1AeZlo7r>UxCG9_2+g+ zFhGF;x4~Qa)h(Z$SMe5!)UN~#z28}-IAD0?rbw>ZmE}8yI^OV?ePwDNY1uC{CP$|# z;U%&YVi5=g6>UP|aJ9iw=}jui;L4bVjTrOD<9lAoe5NbEn)iOi7t|b6h(e=rl}nm- zD3qeL{z)I!)s*>#rXq}3=B$0$Nm7E1k1PD~dXDvDEYd0lVuNo-sbzVN4H|`zf9`Q^ zr*-|QrI~}dFhvqE9s2{Ve==O_gZi_`MbAu{o_DbfvR6!Oh`5iZC=)z78gM#gcL~KA zD1JuvQQ{o4`0^y<9qj6RQOXO=et}ArmM}#Rn)ETGFVZcO+D%px+T2~SmJfv z+Em80G6Aa8FkaOA7U62&kBG>Zhs(*YX9ZXtIjHT~`HgR0Lr@9LT2CUO<(?U**_ebo zl&)!Q5;sO|C|{Vrm8jS!vO&};E~x8&V!A_|jFjqwDbrDICBw}2Pz?(xs>x~LsqSwH ze0*+-5$xrf^!JeX0w4R8sX!blB&%hO7DJ*D6{O&Gn7VV1f9597wQOwVkHK^I?km36 zDq3>L@B|l)b?lltU`BpDrii|A;_&_R7uJNbZ%?x~CVsIxPW#FrvaFVCf_d(2Q_0p7r)gL59peJw|u`)LAl=t;5??U$UH& zk80vl>u+n5o*|>5weUU#<&lm-kAa?kp53i4@P&>xM16oN#g`XhBNwu z@9Rt3YV_qM4W+CDzBx-|1HGe5s{3zeJ!6BLD>7JbK`vP3o+pUc1> z0@AFlR_N;{YBxOt(l+MYsFbS_F!fsZLx6F7I^=@IN3;U4Ca;Fd6M@zwx4E8W{$aCk zd?`|!QwIWt_Uv|xZ>{OLMSxNaCj8O1-W&T%vVD*vI6Ctz(=c1Tb04Gq(iUv+rvnmc zDDtfDj@-aabF!!Yb*M7I(_1o^$Kvrd@R}qX&xvyv=R|GCq5$|@ZnB`%}*VGJXG?HUYlu+@Ukm9Nf+&9PxMJK$l@ z{4~`^4F9mA%%gw3P-&EQAY~4Yb)8z^1*YPz_m3G3l-RHMlA-C0wp+!irGpr&Rz{>OYef;GdFIk#h%Bpok1R;{_tA?Rga6DP8?nNtZZ3ojKi1=yGD}J_d zF?B(U@tv~xj-(#hKq;P{e@8U(HmEHlTeuJup6gzHfh_80(3ZQmhc;qKNPNx?EEV4a z)Cs6L%mJGtS$pua(LZWHqK?ie^~?AAVuOIT0R`Lcw7MBnnA84waDU`8aFMXc@)LTr zGtUnOZvVH1;4pA{-&!JGKK8r674O#!8T#{t|2hhs53M}7RlK#=|NGh~#prC@Y+V0K zFdUSY898!cp1r~JPnY{EP2foApM5n-J$|O1%lF~X;=>8?a{yUoUhi4|)?F|9cljlJ zC0+lnC*WI`VxJv)ZxyKfe>eHR$dY3=ZZMy&z_quxpTn;`{5x0CI6t4FUEy6pW6KiS zkT)cV&B@E-<&VWzDR6f`%Ki4*Z~rdP3K?a8eNnc?6$tQXYWR1KT9SVUg$n)pVmi6< zBxwj9@M^o}&^j_bcv>`D zI)vc2K~R$Kv1eW5>^ghgoZ5lH}Q!EgJy6WI|$m3|>R%~id|ErU_&QU{`WEAa%^ zt?MB#2LFd;&W082bgS{of9@qS!t^v!9ljN0@zl)EQ zqWn97lnb(o^ofGC#NswP^SU(SbbMHYM>hB>%%OenmaZ!OHh#GLt;9>0HN7?Dmxwbz zn2k~&C;E4J+zWfyak1^;O(^&_Zkhe_8rsU0ygD~(q`iL^?#Gsi$;&UkCk%0r=p{Pw zuUS-Jef3TcWC+jiI3&~dl*ivkXcIpnxH%H^Z12%-3(zO6C zW2+>#ZhRcD^i?DxTS%*B{N2g0`&u2pcg9-aFkQfl1sD)`tOZx|>d6OOdnX+A<2|9M z3uljMy#rHSQMt2$|6-)mZ_^VvwdJx6KKI)*W&gh?A_~Fzmzlpki~lLzBBkK;T2jxl z)-Du%s4K=S<1GLEEN1B!#uIy>&~Y2_rleS@Sv5>C*f*?^%=Blj`vb&nC7Kwp0muXB z((IeB@qdrLZm~hAzc%wL6@W5ht!Br8b5QHdGX`S8q}%ex5;5>W@2mpv{4O8=fZp$l za;jzxAzJ}ZRg3Wh*sZ}=+Xu}5E6_oz7!MFEfWnM%eqZPU-_I+ptgiB}i6MLhI{eIk zUpu9kM%)sy@nC~vNMK;fjMIzWOB}x~RrhuKi}dazYLr{rzunB_D0Q{p;Y~Yr?fNgg zx=vH;hHrl=5KRq$7-sdkm6d@`S^ga@yl z)&;sx3&uE-`eLLtZC;pHLoLpFciMd1_)?<)ijvU*e`6aJg(&Z z@E2(N7o>m}9(Npg^};S@-Vb+-vVk||t*Ek0MC=*m{&T5s-u`}}p;oXjmevk5*LPcw z)r%Y)osKf1%@lL6w#U-Z!u9T(;b0UysrA)to>&-%Ize2ExI%y{l!UcK%&P{Op@wG7}eA zS^1k7{r`Y;e%QRTy7k}MkpGRyD-b9!(52DX&ZHu>o^SoPM{UkLFU=|$<_lQDIPAu?W*P-UA7_PMI>(zuKxFgh#dAE`g<4WU+Vvp z5BP8sKB6tPu~fRtBw@2D$XVt@}%t|;ZZiO z@&VN_2lShzVn&vhzP>~uRILofR)<3yf#<5h`;^EhbGll=gZMS`R+mDJBxFc_m+l5R zmWefIW|bP}t`m+GUn=19e;3$(-Y%3<{1g}Er%GPu$2-H-E%;+D{Fu?}r^ZO9E~14~ zbtDuuGXFD0K?EQmy``2{u{T7V|I*uzN=h4iNrv`NafT203qygx_X?miR{RKJDj2hT zqq>iYJd&&7?Zk6cQ4@IbKR)oyu$@cqFufyTG0@1UTG<+2MQ4<;=n`>Z1so}Xb=wkg z0KsLk{&P;hHB%~1zZub(4gTQ;%`0I@9ypH`b`I4*%h&R5l*!fdb_RCCVkvf~qThSi zxN+#5ss63QUH7*-E;8xSmWa~KkvjAt`dm~q@s;^^;tYyI`seI76H3412wc{fJScdl z$)jud@u#t7&SdbglVejDW_03seLFrjq%U)j!PvX;Gp9T1z+%^d zk@5$u^-msy)aPQIFxu5~Ej}_Mv{pVa*<_Gb%Z zYsQuhT!I+8iIpzGp0&be;56?Jq_xLlbNbkP9N42!YB@H}Ew=w8Tp$z79?1u0^T%K~ z_k+*RN&>f^OdFa513-O`Fkl@3%3whY?difDQElV<Pm<0iM`iyf1W-MRr2)eMIU zM;gABf!*!Y<Tj?SKLGgK8YpuStXcu0jSD- zXny9uyoQ8!H>z>YF%;{FZOi?bHRq6H(zhmpeKvyHsSDjTn|y?gTBkj|+n0M7yZdP_ zgp(isljBx}5mnY4ZLgya54PUG1TDB#q&QS#lBAxO6w_QsXf9lv=0)ry!p!wH-=Ug_ zdj#l<)5*2=Kv8n@={|e$FAfk#;-uIh&`{{YrCDGA)%jm&!5-QTdpAw6#(gN(X{?|; zcEV8+jhWQNZpOktRg&0z#w>F%xD<=MMCzDFbQZu=`5|D5Pw9F)uyXFEZ;L9ZwE@qPK|^z)K(=8Icm5mX_;JO%$?RDoHo&x@eNlsQsZ!z>k$FwozY ztKF*}Bty(^Tcv=ER=3^8*t_`{_vWG=j*;FAZAK$@>Pek%J6Mv8Hd`sh+F@E98_{dNGeQK-$#a(rSK=n7(nmtgtSG&ho@ zANjE<_M`R6Tw!oX33eJ?eH7iG-gvegixz}IuR4R6AVte-Sw%Ecr0Qnv^1ZE)**T>| zM^08L^K_NZX?5RfMr!0qS{*!f=%1S+vzUva4MW#2{D%XDMeZO0mHD~=Cb;P;RKQI^ z>(B>0=&a3EY`Ob&?bB>PW95GJ-&tAy!aULe6V^aSgXbMZzA#+@G7Cn}tq?H?wFMKN z&AFdqL5>^4wiN+-bZgke)W`v%d1%`{Uh#pn$MxB90urEs0K$|%^1VL44Z@LKnEqn zb<~YZL2VvS`Dc61_VLG`PV8(1zS%Ko1PIshu9mYW>bbg=;;wQxzJv=4z#7f;=9n92 z*Io>DTpf*4GuB8N`j6=PkiL3EHbKB)b^H1R8|)g_P7UwlruJ%59G4jB7qrwn`3icRa%e?>%lX=>3!i; zVU2;o!24Jq*LwHp8~O<#&GWJ}e&izp{a;5tZ;Y1Q#D8B|sUR-dU2nDg6^J5R^;*H4 zrya%p7M}8ko!J)H!V)o<-7NSupmQPmn7dzwIutIi`kP3F7J#B67P@tgJ9S1N`B>l# z2z7X-L})>Jzof(s4Y8>IOc@K+3exQGkA zSEHXlf8Od)KRj2k4OzCDsFw3{|6lXQUtBZC*;fI)){usf@hq6FY=MB2tbjSP0nPaW zcxxCcd2Fgp;_W~W&)DQ_@|h=Xe&J!TE>H^~mf$k(Gf7TuO&(D|o9q~S;=#20Y33R% zXlxdct^I08=#*lhVcd6@?79AgPt8z?7OVARvS@LiGj0j)jaKnSZ zVHyt|kJ&!u&Lwf$w;iM$+;-8Tus-`p>Ipo3CUQ^9w35OIYy%lNaJFFK*rLi39@g@ zs)(Lqc%l9MVW?nhkirlh3sea{cDvdJ)rSScSdhgmnRtcVaC~^rWRo+XI=hS9s5izN;a)FycsExVd(RdmiCg>6U$`R ziIE#d+dR)|l-2oh%!z;br;X(y<-)-om)BpPxeOba@q#fGT8*r(}bNr`JP9wy36^SCx4o209Apre=j1tpO6)FI^aWAgmDmsFhJA|kYJ`lzL6zQ7qjzc*0AVNl}1HR;b) z+gPH?GuMPnPVjd23qp(KudQvb9dlvseh8sm8^^|D32hQWS~y(c+p{OdC>g$ezBG|cx4YPl@#+a zBBGpBpHrS9UMp62IILw7V=~$fvY*}`!Ck5vKcV;OH6%geiGhbYg~OAH0Enkis|IiR zZ(YTlEdm>lupk`} z8|YRDnE$mT!dLd;(kafbKO;>rD``Jz(-JEQjIL((#-azMi%c8U6;kGe;;7 zoH<{hqOq!f>dCf17bq{auw7{ofBi#%@&(M(d^@B-j!v@oG}v4pccnKA^;)DlGr*lI-@PX>Aqo zubcv?_i~0VgQU#znQ9W>ys72Pb)#*a#Q=b+8x3U0KwAG?%0Q~N+ZUR)5mC7&>neS~ ztX)FPXAnlhnLgz*=w;YJQ6*9aLGuDI?AlM^`R=-dPHx0LXB8s(>soKU#+?WK-vBRW z5z-lJ{ao=8ly+<=BnC65MVnfC3&?e#P-oNcBaq%2&XqGgnR^x$4pM}Cau)wKusUF+nR9!*T#&6?oI=q zW>rotLYK>UhSVFdP;mfY0sIUx@wBAjGde~n?|?A2+lvaaNGJ7qz=Ay&mJj|~TjJq0 z&=LknSB{w(%bsyeb0WxlSO>B-9sKWD7MK_eglLyQu}ZKDf}y-UbX*Uh4QVgIKgb3;*qyeOuV)!n zf*_;&CL*96@$9$~^up_#y!L)Cr`K|id7NO^yzK9qAjk#`XJ0LsB$Lo|@=~Gz;z8Ey zsbHBI^93vuDquTQy^(>Y4r(vR_Cge1Py!+6z+9&bMm+mT_NipLz#3%@m~U%zIT^IW zT~KnO@PF;6<=D*frk#|Ol$e;C?Z=W2Nl8hnR}>aEJ)is|8VC6-wZF&EVL>bm9yCwe ziD4sOXM?d0bh+Eav>6SGrJGUXh|cTcQg_e1fh0gdG?e?K=c^_gl=u8UaibbJb|yR! zu~5d@&eNVESUFF9%bCt0i7bzQ1XbFdZRJ-O2p#)<5DH4?7;sB~A&-;2(g(4CK%3@- z5q&J;CLn%EtOa4-cUz7f0~S!=>hZIw(S+tDr;h&Vl!b~cNZOydEs0RdK>?rw|67`| zl_~cMx{1wv39_sy2i&gA4=)AXXktOROj@%`-jm?$5vN~30|tas z4oP1Z-?#nC&1$O)~W(qJO6T8Sw_B1V{$j z-h-yy^2BXK8wCO)=pHwr1yA~Em<^l>0GrtpCvDTl0q7wucycY`aTcbf>e@Dsce-Kp z+Z3nVTy&F+m(Q%XP^9{oa{=HJ2+cCQEhXhcCFkOpaRG#t7Qc|^(2-hij(LM^yK&oS zK>_Hiw^hqtk72-V1|TWzs6>Ftfmt*z+F{APsS%ZKs>(T7Kyl{Uzt;t6MlY_h% zsED?|lHv0QruIb4rw9Th^>zy0L(VtX4sI=mrX}K6(_(t)NkwmW$J*?DTmDG<_}fAb zzc3QDjX9_%p$)X1_?VZpGGhbzBGmXu9uzspf=S2R+izS*DP_bj9_r|Li%bMBaV$~S zd3zIc$Jrz%(!9*sSEJnmG-6rnWY4dZzY2T{q8f&F9rRdvdS!S>7snanyER#^(6!q2%pS2l%a0+8p}smQ!M6{k73%apC+>&qN8-`};% zll)K>{sZ{2^Nx=dW+p!Yj>Hm9#{L`VC3it9iv=kjsLmb_)FdoQR8F?MX6ZvX7Ufqh zx@;R|i@#joOk>_eHzqMYKE6DS0`C6(Bj4%hpn5LCt$<6T1C-Q2!$}%XfOUWz1j*wd zK(zsC%ui^|fqxj0km>=T0rh)A9ag2(f^5 z1p5-A9L&MlfG#rX&2YugL32*L-zMRL{b*Bc_sG>0nnnr=J_v{n$T5%`fPzYrkogah-2NkaCdzddfi-$DQu+yaY+%iS zTyV;*P%v&81gJ3;T{XwJdI}cP6 z^cJ)fe63Ji_Tv`0i1ZhEj*LORUA@Coxd)SZr|bpNJ~KWe<^Cr)M)aXdUyBj^4<#Ey z9+&~*Il=Gxn6<+-+qNCX{l9=Rh(aJhw_6&lRG+3hJN+dd|LeSUyks}Pr;vUX_B6+9 z_Z$!$BAi@HvNdZ-0wpFge}V22DUzp%2I&A~9PjL~uRs5>CdaNs+lPpV=nJn^lA__F zD%?B!r!#pcWDubD+2g;EDUgNJuy?SAItF3+7lG26IN+s^Y}$wbAXEMrHGK7l@`Hc7 zKmPX3?`IMgel>|ONMoQ(h~ z)=Qt}pV5RoE>nI3(s0gmo1MNUAL3)QJ#cV9n*;NKcrQF2-r@-TFto;cE87|MW(&fO-P-a!nt22Jco;Cp1*V$7rV1@-`77cYh{^FimJ_ zKto$VgXT1w6XD;GiAj8Aub^-miV@LQM39Xz4|^LPmv9lZ+vwT901*K53TO&J$GcnF z91Y|O4TKvs{eYb9;hqIAy4T`cix+reYaw(rLE}|^7yCN@)ty50(g(MYIs6;7?ZS3h zX4E=h?@)eWCfOv#&8UJkMs1tI0V*GvA#^GB4%*t<+M!|)!5CMM|0_EqkJTk}_y;Zn ze2Z`(5H^U7%=1tVAlgE%EP(xBB&a&MZ**W17JnuZ5$SI}!G|kj{|s-j02c!6e}h{v z{eUYM;8wPf%z#L6+}iYJraX*qlQVbO7$+?pz7PV)cev`7Q>6?S+xBAT+7~Nn(l)r9 zg~>hssou*bke27bW5iVr_gwX|-DVv?DryRWOz?M*oL!kw%YyM9^k7IU25}1EG2~J2 zTU*7@Z- zsol302$oh+e4l^NnN%7vLqu`iFJ}fp95{0-)B|}qC?tME`r~#%OGfDkSO#FC+T;_M zn*dy9MxbIy_)RH}WaF7$xDQqzgbw)XkgqaEOhm39-GU|yF0XSPQ| zY`>ySE!yB)zyM+jwK^-^0EsMdnzpk5u9yM~{3|hf@zrUv8kUhuvOck%e~Bkot9&bU zp`Y>eK&wa85~+ve;~dwN0lmye*Ehb@wd{5tUy40c*Y5RVCUxl}q4K?1yf_q};#EN# zE&m;IcU00*$EC3nhg8Cob-e*6m;BEff2TcThUWh|)~-I0-gI?xE9fB$dB&@+G~99g z$|}G$pHN`*t=r7MV?FukN)tuT<5wn?iA9+Xb;4=i9SqViQe6J4o?DocoVo+F4_@E! z_`?f(G{0L~PaWkloG@fEVOj z80JQI?VSkF_h`{`W{0_~kWmCmNdff0XtULO?VxKfxVe0)t44mae_nUT@)fE)0Ol_Hy%x_KxKDQ@IqvRTr zzZWhImwQdol1+opWk^^PXkOm%VD_sVH}4PEnx;}uaBguOsZn_$$jA~Ptu4u}VERYc zs$f=@sYCTrjG;F|{o{p{NY zzNX3}DH5zlnhdvlEbnOc7|lW~~sT!P&VjO?OT ziJskv4Sr%|`2}Z-F;Gu^NH)I-2&!idz97y#B1+L-LP6nU=FR-|@G*(KWc({ahKK1t z=nYCLs-w3U(cK$|$Vj;t#5kjhRg3<}2}VfA1bh@Cx1kD=$*K>A3$vkLSi{4R1(N%z zpcQcp%ickr4l(t9kZiRVEN`p+fYpPZU%u3RW0=#hNi+2^&#i0-e`DPx$7DsX|I zyoF+*)(z9HvAwHbm&xg1Jm|w=V}0ON&YM4CcqCqBBJI7EwB`U?`x}*e)S2B}0y{OY zuy;>hk8R?(r?q;&%(tAa`-S111hke}xSef5smm+YRukFHB4JVjH&gL9FJ_= zZij2omju%>1sD<_kPeb}f<7-lvvLon{heE4LiwB3pBD$Xrkll_+S#VEv`(s%b$yfT z)SJARC!JD5DCjS`MVM?#{8y0i73Nx~bI*r~vKp$i?QA}Iz+bqT7S+D>jgOe5r-Ge5 zvt2%+DC20NVAFAfB~xjB%3}vjh_+TwB+Bq4nq(A|-gM*W|JcE2f3;350mXs!C=)I- z>@&RFZZgecdE=aB#v3Dt>^P?5@)5fJex00c@{C3RR%Qczfj!}#de|oc-{}?sY@{9@ z9O<|C$NDzw+gw%7b(togE*K7qXct@N=5Ma=$i2Sc@O|37)SAlahTGo{)dIc}ZS4vy zT`R6H-N8UN5oH+1&h#KXMSv&WcPjN#6XVJW?auG13Dq-F zbt-G+160X0%uoE>J`y}S?0CA})mhMGda@$kPU~^;RL0d|*Jx*pz`+hwO9{q#8X_<_S;HLDM%C1w2R zk2V2dUwlgHJm&~pj_*Izv^U6wYPdg=Vc)NHi*1R^EThz?UPrC5VY^zDHRcD#k4yB< z44S4^sF(kalMbAPG5ZG-^(!RiZeVQ!D2*uz4I2g8L9)L#JR z-%m1MB7Wn8+*$ndPX~9_pixCCxB2eyknf1&CJEaL%(bAL&vB=p0jijO{^hA42Mxii zSA82MX61;-VSM9m#h(rk`yKV48~v<{+%t#P7oY~*7I<3Lq7n*o7*IIjuhZH<$Bms` zp6|=I=<&a^jc^r9#Ny$Tht^zfpWAu! zBNohlmb6)FtmA{b#M-Kox{P+Q{#AE|0Fy6xW%J2OMMw2AKcI2U;2KL0AsrAxK`i}d zV^4^;bNi4z6c}qmhnUW7yStgNeIWJz^?ABSlB!?)Yzz{PnjWlt5A$Tdi&78N=yryx zONq}NB`JeENfmpy_tzBjUQs1{8{WGm>(1&!H+o>xX+kxoaNiFk=f&Npz1_bBmWmVUhZN%WbzUA@WpQVa@4YE0SJ)fK zbD-=Q1O$lKb_nS}H`lI?6MH;n=kPnD;=&Lm7-Mh&VGmRwd^Ny0Furh4D6PW?WFa>| zxv_Scj0V+rGdb8Q#`W2QF8WIDHH~}ez0JgCJ?pboBZV3! zCYtYMR(s93;p4Zo>7n}RM&zI3qwR9WJehTw-(_bKCbv~{Hxf>m_+4n{@;xk`QtZCf z8Ys*kbE|CggGurQ3Hjb!j~Y(-{*Bm^gakE#rc$3guCMbP$Uv?LFS5N<_3L@c_7WJh zm$*IH97k7GhQdlX~-P2LV?hg&Vy#d-`1JHC)xN*M;)&$Uy0kSC+8hT zL%P;vt=-;ut=$#lf^?TMW{%I5T3m)hTKJW4eQd`mtg zHKR3QDyUm~5x!+)u_4CZs)6%rNR;T}sL7DQiSLCK-f@ zqj9_&xy#Pp9(FX^f8l%8mDU|uvW`sEY+QBg#DHvLLOB-lB-ho8?KgBDZGJQOfA~7@ zc&hvV|Cf>w6`@EftBhn;A)6KTKxv7pO*%joKZL*3jpk=!|0x1rT+-)_GK0a)Ev8;uV!#!=# zQ1KdFaI5%;Sa96{^-`shMz4*})J1ZwRK|?n8y&u?m18DT)9O<;KEVo=3Hg}XJihO! z;M#)7S_O*2J3P8Y@=w#H)&*V@F6cu|GkghB7X)7rV z#wqvmV^`V~SAiNRCTSL%#8x9GE|^2e5-m}_1#LOJeoQCzE&ToYS5mFy$?(Y}2{$>L z^B|ahM?WBv-2$Z`Y-h`yZNW%(c7dmSQc;Co&~7{V+V@heLj9 zG`Z}Jb>h=dlr5mT-lTBpiaJ+CrV;WGL8StFh84r?X^fOv;(Y0`XqtT7%gk>7_ z7utIp-+8aTzHH`lxsr+HNC-d0lu))E#j1YwtmMPI%R^7d%oOi4DJAInpU`VH<#;3r zB2V-3Jvq```I!w?Mk*k<`#jJjOO@`7oJ#M?+^x)}%c75)xD)!=-y%y~UBKh3S%8;O z3dB{A>X06ur~8l>pRG}cuDrh+Jmd)FZRBQ*_G@!$u~)KudHb|7Lhku%*{RiPywS(m zqQ%t7sb~2opD(30w%zU#Z+@aRRVbNpvprgtlS@V;RZ%0n){B|x#UQ_psYu>I{uDCy zo=+Z(+u}4ld|xsp>KbLFjB};UHR}k;xAK!WY8I$fS50fsabnq0(T}F_1E58AkK>U7 zTS^9~a!`Bk31GfQpIUU*#)1kPdax%4nqpB%kTp_!!apWB)UpLy0EJC7p9TJDin>xW z>s-Q18JLcl zhB%);%pr@I+CN!E%VqB%U4brNaF=H&Q4(QZOl`(%h5C&8PaKivu3IhSat^Ts zXFg)c=rDg(aIL=HLsCZStP+!4+F6U(;H6Z#`{}i}H!urJ!mrgnjmvAD0ZXZzg>XUm znN%tEbJ?;&sWyvi`;jsd20tLOfK~;lJ^gA{9FMj@x?spi87;bKqP<(l&9^;F>m)DW z0Gc&>0rvyEcZHH4v0iaD?#HdiaoR0HK0#EEIO+>p#)mv-nPxkMv%;U19a1FM29f#)QmB1M7Hs6E?kq$~P4Dy z_uidZv(o4xP!$|lrE9g+%ql~np{M7Ez6yEZfaAcsrX-BZl&8_cT<3y4bE}lHd6@Zm zipb-iX?7JVNUrly31y$X*-BliMnZnUhv%02*pH)^RLe%SA!=yX+5^%GabeG^RWV+b zj)|X6_H^0~!;%N#Bl6}n3)ITZ%Nz_dg0M`S5bg}50P9s5N;Pcm+nnt8r*3K5jvm~a zXeB-kZL~tF>l@b}K&utR1Y>RR^BEd9ufPf3pPB=OJs@Ub`drT)nZAhorklQ`Jf-6!zA!Y^esxrCQmzQ+cX?r~Jh*K=0&S6!4Y(@%)iiYF3f>3M@RY%B z@_J_KX&-DOxSxQ_2$0V?J6RIpS{j6tSKw~co|iX45-LRr*8)~1GB`ixKHS&Zb3%S| z#SQ|25b=n?Lhkmu3FKMc8Q43Yzv<@v<2s|UMXwB3yAybvDBbq;CD_FrE-c8?N# zOlOSO@WeOO3(NN`fQ~!k+;GIZ+{T@@hGBCZn^w3wc(Xy21C3V`DiGwqa&V!(GYh!| zlJ#ZMK6cGknVy`?DXZbpK8h>n@BUzhXV>e3kaBryzya-Kge?cH7cm} z1%zQvd+$BWb17)Olc$0BU!bLb*vbfiFg}G=3N^nk=X};-`NQmk)2DyuT_2*5b|@GK zpvntx^aPZAq4R)Le>bP3v27F^i!mT!%)W73^GTAt;6(ia2ykbLU9ouLjp!dq%=@Kt z>zn!dnl92Ky4-=iNNc7-_MFNx&+@H;gZ;^&))>-C6|Ff}~v_ z{j$a$)wE!>L{taJbFRPFT2e=FO*tDBxZq=#3_^6Rok;nlIIgGL ztM^2Y2l^^5Wre;Kbf)FQz0n+bJtYtK-1Wr0d^bf0bnUNJI9kk1KYCULD*<3Rb0-L< z0JYYcM-7`82z1VJJc^py>Sltqah2LuXRQlDM)bR?nM2&3xRrhF)*>lD>E+`L2-7D| zzGmuJ&VP(uz#q)rBTEI5xxx3#elS#lSJYA`O86Y=SB0+c`vxy%o3zzTvyXd_YyktZQZ&c!y^BO~8CdH?uf$v>B*8{L$?{Evim z%9Po@(l6wIVVNAp)fD7_=A@aQ$qXI4ZDp)uk;9B(1FuIv)U0hhFLo-x?lgGlrpOqT zo*ovHo}R@KRrD?A_QjzuidsURW*H}X9BHJ|Omi0{+Fy08wWl~=)x}|Rw4FCyMH7e0 z50_Qw-Vra0j;o(J#Djy*z?#@boq+N@Gyy@bhJyA4JPiz-Gyr|Hnk^0QPK)Y!;maPn ztUg@jQJ2E&>7y!fi9eZB1g0?zl7=)BS#&(B(z^A}1v!^5!fF-NChsTriZjE4iu86O z$PVkiATZ4(N=C(~r|&ZI#_##fz0DU~T`I0`N1!(>nDiDUULG1Z5%R1|8PuNdvI~w$ z=Qx@1iX%cH1-l|AQ`S0A3ezkl-e z7U(jXXWUdfN1?&qr}D<9e44u~dI-^Z(q2 z8N3@gpLAEuO>|dN?c`|mw|yi@THktA_8gSFeKwD>6w@N=Lqp0?-}_{m>w_VU7TJ3B zs9#pKz3xjDy6mYlk-^K}#2vx%myFGi@`=QEr@UECeZT70*hWQKSeU%dKm--QbfM8n zEg1y?JVZPIy3GDPhR;{3K@SEE<c_Vy_l?!&d-Ce*R$MpLX!OV>dH+&7 zXN~ogdW`kaA?gs021Bz>k~QruJUcnVjeg^iQB3A@;+eMXt52jr_+d`ey`(IbzyWLTQgWz7nc^ z^}8~!XvJXY%LQ@u>eRE%hU!g}FT>J}eJH&H`70`ZmHo%745f0LyH8H1ev#K7A89m3$F0pCLW{Am$83#VK(u$0Z zi)kT=Z@hb|3#a)*LdnOg)26zs>Q(03qsoUj6sgW3zl1Wwuy2lz(U3L5NApfcMa6mT z5KVT)QoaRqrh0&R6nev!0=VGFjJ}DHZ4F(b5p(`;O~p)3VZa*FA=oW$XOdWkNOVI}|scB+r+@ z{gC6NSm_-tlYhN(qtV+cLX_mT zQ-c``pQjI#M4I9Pcd~%Upqqq~`qKg&8Uv0mHcbl);!>e9y{xarY6Edw%9=$U$}}t! z#LQiHx86QC9F`2x&iT&lzqIWWs5hn4DN*r8%(O+Dh4Df``^b1u*hLKw|5u<< zI+?U7Q%8Wo`-X<1g|vh7blZBM=dU^ztL(ki_;h3z5YONrA9{@ydfbYfFCK?MX;t9L z6*d`#R}SBuA8;p!8=n26bbsQ;fbJDA3t-`XfjQ3_?jA_kkcu|MEnqT(wiXoDRC_ET zF2}*}AXNso#2PeCnx*?$S)eQoO}=7{CO4w>O-}XeyD0_)(udB>w!8!nHwai{Rk(oV z+&%diFp9K=kB5fBu3hz@0RjOk}BHL7giu-TccRhh=6rKKV{`RZ{4kdZ8#LVM%h2f-!*g|cW}5bPtec-qZr z(41xTNjb006++Y9_&kU-p}K*#>0npC8v72^5l8@tuxNb~c8PeuD*UsR@x}V@pF!lf zt}MQ?ybKJ@z}1o4X6R_}=vNbbWSj0M{fbVV%qQ-~;JIVs$rt5~ zYPl!f^m5kf>LtgaNZQ)U`M6PUHXu#!_G)z1s6Ps*h;%J5M_+UwlN}fW4I%7Z;HUv( z`&|%?Ahu|**+4--t_llmXruX+z3dOcRSilu5ESyK?B%!W*D5rag(5Q|7^30rH8w}k zg^*t@3e2{EGPJvU;=rkFetd@Ejsp-#9&IC>&L4qlL!MDSN6!OQoHGOol@^`6Cp1KO zQu7T|Evrd%l-}~q>J)M#c0SP9#(;eXS`2W}yW&*v#yEmfADG{^qDH~!T!;f;!Kkay zNpnS^ZUuFgi=HLjp}j(i2xNHaw_~gcWGUh4W&0+4dj2?&J_zu{N6|V2J2l z3Ip1Us;wC@Yh(DO7v|0H)fq5e2&-N_WkO4qdSxAKnOmp3O64^StK0i6N_X|~ z2LcB-JYvH^cOSdubh{}78PSl<4B2bFcq`BJW&RUZ^I%lLW$ux^P6QGfBLDc$&y;A& zc;E|azF2$U{&3n<1nZ^DGP&wL+K>|tINQty(&Z^_)b`7wyKNPF6wotd43 z7Cx+-uLr0@ilXC6jg}FAKS;TeO%;*UL7O4+#p>-o5aoi<7veNa$BO7-3aTDY>YRVU3k2-gA5S#;`Cwz6ySr;V4NXeroPqXJbzbw+z z#7K|8u6^Z$nf79`8i>fsXu=qOW(!Dn&g{CY_^fB6vFL_k;;|{2yfMCJYqj7dd@@ge z>EYh{%iadnZ?1Q3&;++12PMSDNB&VC7;1Jx>vC6A|Miu;lU=Dy>6SFQ0@?UKtBMcu zUD&5FwY)bSTfYWtUp=nL=+UNhFZ3p#g`TQjWsm6dZ8f*xprZYRMt9vVKUo1~@(QGL zC68IQkW$WD@!mkv$tLY{U5@fI_Ff>b!-4`S!Vh*~djPY8>NLeb2I%Dvjx)nvUmTMP ziV=QL*7IMa`L$peN+7;Upz&!VtR=Qc6{8b-~)nYpF@5gh!>`gCY;ABpsT+nW%^8)PY_B>ag3}8L|}i``y6P zN0jUOMYtb?b&H$utahL*|InO^uTgoQi`D*$-CX0OFiC_i*ZqCDk8ucUIC@T9o;_`E zb7U}(DMBt@>5K1)!Rx6XNp1I{%R+Ls$vypf+uSB5SGoBkYPk-M2K5g2UANxWF=vrD zmg`laVHk-)<88ty8s+=)JV`{EL&(g(PfYnZ(=YN4#(=KpRjH+;6}~ykl+1oPN ze8+b+q zfNer!{D^jO6w7fV8UD)LQb<;iC|LdV zna}v&?^f|+#oULMg+*Cp=kL;k?1v*2=xb3da0z^LrIdu@UMF<<1zZ4|0VQTZ(BZ-f z0mU0&sZS$t;O|6=TwsZyV#UbBm>nzy?~t7*7lH^(c;%BNBt=1la=gSSylD((I+`$& zon-{u`w_kbpPP?Jyx8NdqD8NEP=B{sF?;=Z#R(OUvG%I4Q$jgaTxYcC$qHM)IyLvb znm+rV+5yCNNh@}SVZlVI%!i;L*GH*NuYp?5E z6~(7l5Q=qt4P{#rsv~v8#-twTNSTWK`TJRBV=2+ps#Be+)oPz_9{GB^113Nk6a3hIZy5+PwvVY zhxzvso1ZOf_Mc{g_exT^ueaw%A)gjmdIgnMyoZYk0%)`F63VRdth*Sw`-LMAC$=}YsKF#vH~Q0j=#;kbV_mXqa()}bQ01eM8m zNyUYFqe3R6ddm3qnSlv8oGd!}3~b@T>{08kXt*IZvy2T~kWu?)WA`fV>t(;RI9%lLVv+Rxn;=Cx z)SiD*J*x(coFH82ODgyo&O;PI+fPzvgU6i#aQ`>+tG6lr>Rhf_X$z!odndyi`q`P0 z+Y^@#2065Z!<^B3V3oyC2KHEyMnK^Xr{+E3yN9PGGQ21X=(39M|?>Rrr5KrW(gEW&QKBu8+7JchPSDLBf8>>{sPjr3ccfaH7J%(AG^X>tgaiCKJz*@!Gbc8{ziqp z(q=(xj=jcXLnVrD@J30J4BvLERgUtK=~f!2Sl5{cTHnZ)zLORldd{4To;OLtaLC!jGPaPArq#D zGApaGMdEoYZN)CPKQ7Z=7PCc@aO&my>1aluGMNW;k0`n zdgLkEWOT`u?ptcTcIAZUNgbV4UchN;%u>Kxkb=IL{K!8~G3On1q>1^f(T4P*A{(C) zt_ax%5KJ6+=(FC-;FHg8Wi6uAMIuGW-*-4A(dF7`uNfI5tEJ|;O*ti=b1K34Oh)z| zH=hSt%Tz7 zu}*bnnp&m{X?P?JV(&@kFdVSJH$UoTKpp;Eb1%c~5baM4^&Z4Ilef)Z#snvP$wONa z=et3=H5LD{L)$Hz><*XT2Z1X6o$a%<3EF2mV10o7qj>0cntzhxN(TDe%R*Y}rI|ag zE!dT_v&Hi?M!B;+)lfxx_0Q#=cZr)Vm|rzBPf(FCyGL%O*RXulkvD=N`}S)>*S2KL z0v?mxXXwu7cfR9mES!FQ*&{M`y({e#&5s36rtDf@bt)yR8^n*dTUr9fm?~JF4&H}! zLhUsNQ%A+92KbV8q&rHBblSwFgZ$z35fWy4>D|PUy;)gqL^Ky!&1X`Vy=M%%Y}8Rj zvW?6qm$nZ1H=-jh7N}+N_QYm<(06oMD0h~1^8jOxW(Ga@m_#G#C@YcsXSz;M;qK43?WD1^LP72rqWMu8Nef4U4iw zPV_)%VM0Od%~G?v>bKtdWPazg=}>WP?JhUvyC3?-_#|?&%&yxNIC-(29{OBE>}NV6 zqQqPfI7HNZ0rqd)CeU$ip|I>x36$QTnOg4v6dRgtozD&{Djs&QO~PQH;ZneGRH#GK z3=YnYZ6WN~`RFCgu$3EX)VBm8+*xn+YZHnj+6|->^{9r5_EpGIX@~O0b=|E62JNlO+_V#<|=p zXc3*S$5)|I6zG$FN6O3{(^*^K?32u5si~LfVaPJ8lgg~yp~$vFl>#xc>h=m(f}umD zl^t1H`T5Ee*^zrxCr6Q+wV`*$Kf54Z&&;%eYgGS6!L=c~M_pfPoHiQL62|D=pp0J2 zN~dogZ~p34{vbLtdCOC@sKxp|A1F{2uu;MtI!Z6#&iJ0r>$7LAN;*;-@pZ{yAF++Z$|l3U&V`#vA1VFQex8J zPfyXF`8b?@BGWb>ui~vZ4^f3dwpYBGtlB^qqk=gH8G9&^$6}tu78#@5X$=Ci>AXO6 z0h8L*_-YJuZ&X&;*qCy{J2bn-UKw)Jg$0bPqrq8SPIc7w6l))mvl~nAy;NK2AIe$@ zd~bQav%Wt-F1flzW+7{PZm@*9qZc~#^OuR$NeHbh=I9%gOCezeG4S1sISM!3wQ}JA zjW_-jd3A8ut1*kv=&jyl;ry$56?f%p=|L@tyASyL8b?OVz10o((JXg?U})+sL8VqRBh&p`L9+VU}a+(_1C=7RpAI*xt?U>C*;bj@rJG>X;-3+)oU8_ zsz=SMsksRmm8y(y4018?wGemStd_VLB>tL@`Ekq&4I(k6V#P3asQ>d`?$GO5AjS(`l70z& zhP-ODY_QDnf^DCvNBhm5cj%MY=j-_}6_;gI5}BA@BU2JDDo^OC^EbYx>-o>^4L?W` zHH_EK3Z|Y*4anj$I_gB=I6XB{3KO>IAA-Il9IMoKg>^DQw6|QJ2PH8u;%qE@px^JLZy8#_iQZ`Jn0o@ z80ZRU@0N-NWx3A7OJ}9wg3|NS-J4uQN}Y^i%_xXT3|?B~JmA- zr28mqP}iI_S@v=sNvm3McCd&%#7L_yuq1|t>ctv zDhBch-6megyy+nufoRyO;>Q$JXzApbPaTn+o*9_~?hBE~(%jy?q6@k@nU@CNZ(;WC zwR3w@0yF`-JHtkAe*iR4-2=u>YgECEy6TQnfJbOACTLxKWSW2qn3|^LlNwqVG(Xm^ zZ{*y}J-fEic6AkZqt70BweU=a^?W&C$yCade&95rP4jYCP#?=>eZloVQG;XEe zSM_p%;z%%Iq-11bCVw{P&=>Nce}W~Bu^M$;7&2ARU}ZIt%yt{BaP~2k_?%dFgA58w zh$yR@2?PTkgXvkKy^g^%qyP)akcJd z%8Qj$5B75Q3uR*S>?IzHRA#TF*I)Nve=EtE->tiTV4Qw~S3{koM?vYZPdAf?rEmB52##4B-D+I%qycH&ca$eJ3*@zRJphk#J0ebsI#Vi3&xy>CJQN>Twf z%dQfM*Z1fBpSTem=Bv4xf80N>BtL~b()L42c|^#* z%{lJyFRiUZLi)OS8tG+uTb#r{)94PXR6V`bW^SLn{S zv3lNLgEEhci<{#&$K&NzeIJ57+s|mN-iQIa^>5D2c8aBKL621$&j4JzZx% z8rx*E7ps@-?D`czDMBBi6|vpdZt{E+A0R%uS2 z;~ucKx&V>l{R8^*A8##BRuk+;5Nm4r2=-%reiEo-4Kg`E&lKWE*oIqA5EX(oFEH71 zw9BD5Qyt9FjK9;E<4}w4?H-s)!|>3_7M^*fxibW7w?hWM19VxQnFtgDPv4H{QUBrG zamcTAFVS8*ja215g&i^Ja&$59gIc`SlC+Mx9iL;xto8zc3bhs#a}zmgti9ZXCkHOw zXVM_4d^kx~{0M2DsPoeNo^jD$R8*mG`;S>*UV?~<$!ct!-Wp2efO=a#T4d*2IMeBY zP(k!3Abj$Av4ZRtrv;xjA3j7!EV6nrMMm&+OMh-pCW5wf+k#MFNCCM&%@&ZFS*wC} z<9LQxkyp>%%7w{3CWAe{#uo)pbNxO2>q7u+T54Hk+H&Q3Zl1#+ZP^N1Uvaxe`xr=` zAb070zpgtzc=Y(S)3JBluTcR6$u^9*C5`$cKDcY4un9zserCM9YXu8os=rD3raYS3 zEN}l91f~ud{S4xlhO8JIEWi-dL8d5jWQ`MJOt-U$VD=uTOIfu8y!`A`vYQEnp9%l? zG^xKoZ4cwn(KUD?K+jo`Ah4r;P^tUl_w0+?PC79Q;PG_d<)pl%dkkO?l0&CJhzD_I zzshIV-ye-@E&kx$Z?#BACzPKvUP$D0t|e&wh1GGH!XZWEvDOLt{im)LsZ6L zTRQ)L&$KhY28K1>Sb%g=q>s{`jl44;44ZlkHtn*p6d2cNEQ><8p8WFpA>=&BWd)=Hpp^Z$IA_@{#yH#8DVbb~PaK$7YNHMLFr zsq@E(N}A+$y~(>UrJVIB2iZ&MVjoDPvIBb8Vq9V^M;PZT_Q5t@$#MF{!7PF+)$7cs zjI8w&J%ozob#5<;ogOo3s~vy0a+cj>6?3$Oe47nVK? z)VMG%CY_y1g_vl0r5tBP8bWz~UODo;mkLilX85u{?q=)--=PM5yX^2TL2~YP23@zS zY^txcFR}!v_~yr|En3@6Db67aOQS&vEZYJv54JPH00)mVkrH7C1HeK($IKDc*L7uTu=bN=(WSvOCY6u1 zV@ZQnen!$oV*3#63TO*Cs1@)hU>QlF=fo?|VFhkCsHSha^_hn1I^L(Zzj%uyav&!8Og;(q$q zI}QP|eehY(fLbcd@rMB!QVe_?Er$Sf2wxyfMk3=#C6Xlgbd@oE@8VvkFzJKjd+*ZE z>TqYz$K9Oc7>YoijoAZ>`}uAAeHtY`-})3p-GRR7{`YDCrADX1FkNyM>j{Z6lP?z@ zzuB^lB>BnhnegQ^vR`Gk*-NRJnw}%fdxz4Q8P5*T3Vw60|6rWu(JsJ`aGlGf$O=T8 zZd_&vF)%auh`%XOUFWmxSHHQ=3|jz(Ia}3J|Bc|jK-H*6Ilt#QnzCngdVZP>6_!sX z805gDd|X?-?Zq$51F0bnTGu#UCUO>!O7iOQ7^ZU^38(vRjSVpjMdSH{=swn{d;dJ4 z^N8))dL=2g^RcHYFA?_kUwj_Wb&~bSg5)X>SCmM|UvC6pBL^xQ&%7+^eusTwcm;JE z7pNfn-{n~yIoGpcxA5|h{W8Ae)@cKRn+42k)NQt{45;;@>Z_%sq^85}VpfB9EHz48 z$W{?B*MzU|W+S{w`@qFJ$~Y3@xu`58bmxVm_wD#mC3Xo+~2!1!jT$7I2Y& zEQ5T?E-E7YP&LQtY@oQn8n<$hmC@GLhSn`f3XJr|Gv5E39QS)<=Ks%fdMy?t>;FP1 z?Jhb%2FOTBsoW6WDnH~?=B~ho#yPllA=o?YtlgohzYwsAz;-uMVOc8*esBHnJiR#GYg!pIzLdN9J!0_(pnW)*JbO|B2X>!vt zadG$|RtgL_Wgv9nnASv8>#2kO={GAYfImhSHE{{ETS2LXsW{zfCNr}fucz{kwulH-UBWe58LVwSd4 zxC&yaEMQFm{#6Tm|BL@^5>gw4G3g3!snKIw1YE8IXU@blt3Te+p8oYiB~hL-lvYRs z2S}%uMJEs$ucN^agjY5600-+r-cnC!Rf8fO#Zd#r(*_>FFP)wIoSeFq1vroSUk_FF z6YCa)!N3Eqgp`cNasWVS0I&n{cP~le9=KlP1N#tvE@0$s<@=IM{(FTX3q;6h0I2yD zKURW#0pZ=!i0?(N>GwMS!@X~kF$eYs=tw1PQ+^afWF>GT+!mbF3SRziVj27auotgD z{RS}SsJEH0Oyvv^U^=ATvj+@m;79(R8~h7Xbyt1p7l|DF3n32zdJYF6W8`s?ja20Q z`xza=*$kjxWXx?y4-p+W;lYn#8SAT;-F3On(kUt00hxnw3HyvDOc7yiAw5JH<@UG# zV!s7e4lD^F#9H&^>)0wwJBY5Gpk5C68iY~#BnV(|?XIA~K$v)3ZZq}w{r9AzT;N|ZXPAwZuLWjc@nhAxotL=~`$)Q#!E%@hXLa0pFMOU= zLDxq8MjWh#Nu=Wmm1zLGAzxVnDyVjgo#D$MHUoH6N}ItaP#d)80>V5bD@zZ7vPwWg zN|JWb~EL)E3JWJ7{<<|(f7D1B(+G(7{%zQ;ZYTz%U8`;uT8OLg{Ifz#iZOsnvlXN&CK0 z&qd|y!s7-oIwfC+_7UHzuEk#3xZp>gp$UJ^jD<~ zBUC+(tiofuYjg!aLsD3qvRvNa9pVd-EqdTo20skaHJJGgG%@-=W`4&(RUNok1`@u& zz5;?nYT`VVO8Y2ir^VF2;BKtTn7`J9W(YxPj9M!p}klE|Eyrb_Nh%dzjFH~^21^_2Wt zo}+KPDok9^FwmlkWeK^z$7g^I~_COy z74cEYZsusczo`fk_)^Yg!4E*71mtaFSDhprP)NZOZnzVt5DZyIh{ztEjOS0mXq{nV zHia(aLW$Wwu;*|>$NJ|klT+RHb;Zz|TA_+!J05x)vQ`>8x|zf-d3`d7CW&-tCwCBybP$(lYb+JLh4_ivm5hF7ycE9W2sP2mb zpH}nxwO*{nCiiP)!#uBdIfo;z!Sd6LOSu(YUZn>IG;A=*WE@#p>$jYd58o0BUD1RJ z3%{)9Oj!+Z7GnbWZ&Tkf#<2_Q^f+Uhr?BUnRre(M{XXzMw^!V8X+gm0@ru`sOPC7V z0*`?+i<~2?3r-vsrFncx1m8P0I8Ds#OMUxDFx=UhI;`y9sRbTi0wLSHo1JX|Kq*{zT27z)p#W$kXAb zLC#@~3!P9oTp)Q4N%vphRl4~Q2xns51k&)vE}I4)j$k>34t~&2rE<=u;E;HvmJTN~ z%hty8pp@4TeIQyYm{~SdGe`;;UJ$s$nDkP))5$lHv7+6U2~^I1-gl zrSdtLsB^;#z`Jl_H?&w%$T4lYDCc{BoH1ach`JVkd zcI!XA89M>$9`@oRZY>XBbANjVJYs{`_lF}ks8o#0u85AI))UL&4nNf_dvhWICZ_@- zw9^zqu|lxC_S_@sA!mi&Lk09+p-_g5Z38arCyf$8%b+($kdO@09<4!HjG$+|v5UXV zXP*CrkNuWJtycT#cr=UF{ox!2-etuGe0@qT-1iTi6qV&wV1qK;MD74mSu{L81iK3s z`bKbkUNs5QZn16M$YS$t|ci;T0mJCb#cD$w*E;Yo8@5 z>u?0jD!NyEpj58WViAIsSb>>z%i5ZORKjDq}huDVEw_(1b8`eGgERgu!XdIi;!^V$PzyT0ob22 z?RWna_DE2fH~GVQMT&Kq$OZ%t_*ghVC(cX4(4A0914n3gKB;Zcm$U@7~(K9qX z$B=Xp#@MWnbHMwOBbUfe+7m-vsq_h#6eDZcOCcRgo+bGhQ1%+{a_(ZJ+E#{=MK`UU~`$8xj#gVi)8*$BtSp1#Sc5RJet zX@)7QI(x=V2W9C?lLR03=cIt2Rhj`(pTiM|hCL5{2?XLZV5kPi268RQC3E|Ka2pl}6^n3aML^(JJId{C4)z6^s>|GQRk!0Kc@IvxlKT#;)< z0!-v7LI4ArW(BToShMyfqsr-n8TnAFHQAYBGfGN5UTHLxXfa1jwOczx0>oVgFOtPC zI(>x$fh`g?)g>4wpgw>sJ;)bSy@p{R5`|zdF&l`bvoyrub#Z~bBf>~POD9g$m^Q8L zbtd-Ggxgm)f<4K9uVmbhRSj8-od9sxtp+%AfjSFu14IK5OMng-pAsz5ri8?-;c%B5 zbL-)G4U8G~gN**vsmqo!&x~6>-INa-J}~K1`EZXR@xPWHOq7hrUlDGD2cvHDj*JBU z39YX@9*?&S)yV!urIMyrsVTJnLO1aR5?o)klt_O0XR-g!dJt##32^PKW4sys<-li*MpocNx%~|D*xr zRV1Qy3-dvWNwB(R4t`r)2NLw^;?iyz{ogMpr#e88wSsz`z$cG%hvH9#-_b!WeESHZ z(#>n4#Xo-hs2`+LCHc=$u~X#A9Ys?43NChn6@Z~#cqc3G4t#pA|NY_uotiz14l4Xk zp69_P^y8@Cd4OR82_IyWwn4lAru$#7JMOP$zkkn)x}mJBT<3kB=Zg^?IQ{#(#{S4F zcaZ3a@M(934|fb;DA8esEB zVGV3;u>g$qt(R018Q41ttt2EV1M}JH;c2a%0i24!csm6kE|^n-frYPp%$DfCuNJ-M z2LT<@VnAI(wgQtSQPP%)58*gpfDwh@*`92V7xr(LL2$Xyrl+tE(tY-8q!tcr{i`%q zj;a*tA7|T2WrPO$gcvXQ7!k-XL>)EYXF^mE@hP%KyCOBLpx(;>4-w=23Zhcja{9qY0}!wK@d1{0|82ZeSi0~k|ST`lX@s*Km$)^;7kLIt*8LB z^HY})WQrmHy)I~;a;On!{Ob)dFJKXD&=wwnd>Lforl2(LgrKbWF&9Q6MiwxdLZO#| zPK3Dd_x<}Xl~@EvcK#9y)KCW0fKn|42E>~Q;NBUvDV``pzoVZGP(_MFU8NcIr40S8 zE4QGT0lITbXw_QonGpHw!bLNzE1obR1t8qDceS;Rye?trNQSI;_9CSD;VzZeCcueh#LcEa(^0Fl5XBo&UNyZfeAJcrT6Xm z;{DeS<)<{{g5QYT5~xTc;o=u$J`9{i5cNNoYsSre$QAxLzG#^P3;ILaKz^i|5P6(P zYIj);MBz}OnmQ10?XRb!nnxs5rQC9AXy-#Wl{eO-ZUCx?6F!v>hMcz5=RGPDF+`-# zJ(-jR@eSV}O;1cDZz^^oRhJ6KbeiiMe^;jOvqWXadhQl^eSffZ5t9?ai1GQ^$TXTG zu*}cof~Cw6!L$e|!?ln8&QqX-pL2;qYlPJpV-*(%D8N-)M%!&xg|M+f9*1qan)uh{6@S$!`X^gZNFa2 zD;?X<3}Iupq&2sUC98-JxB2_#dJtu9cd`(RM>Gn2o~Ts9(f=bH<_3Gxw%c7vzR_}} zuF%?!`qt^aKgO@|F{(oU0`cFs;~<6BCaWY`o9G8q00Ddf`jb{}QM%ByfuiQo91E`&sTu{$n%>>{p_2Pps%y<$PNi z^a~JSUx`98EgCVF z-=l620{l^yvg9)NR>k~j;S`IcaDuZl(@M#wB5I!Kvk!U@n*XkP7`CzUhfB3XFGe7% zIX68GHmPKR(tc0J_pfh{-+_CD_T;nVlW&_3!XI~8cX6^8U zyt0S>5KX(oT)G`C?-)#wgn7w04bd=+ygUK0*qu(!lt=EH*={JPsFCAF#H<0AK8*`b z>eMZ`9uu|bXr36bZO1v04L8L?W&-8**yt~6D@M?)0B_A#rqIie|K7`FhZ^1R8?}^_ z1!k)pcpis$psU{?ZlbYNfzCIjsl(O(A)+YL|tO$we; zncl$y&DJOk5jDYOy&R#jUJ-&78xJ_&wS{LvqfGROqVD{0B?YO0xb$Q5rW{av$SAko zn8u$$#t@otz(B3n<+0b*oa3O3F!K*gG6Tw(_Em_LQ(lza<`$Or=`W5YN{)2Jg$*II zfmLaL#~#B9j`^9f-R#}a5PP+auEY$@QLh>{FK5Qy573V|CVhS^ZyFR4k&}_PVE>^R20^ffy%MM#V?l!xDZFp5Vi?W;$+QOWzM=cl1U@QiOUO0#c z!vis+Lb;Br&kRH9aYM5V3Z*l{$n0*bNuH$WOgKm|M zDj&%yq2;)g8~6$|ePb8L|Gn9l^(eP&IjoVHmMPerazU2CD4<{OoNdah^ky~9Stagr zKC-<^jj3tFj>p)z(-i#Zg+(fW!Y0%V%>WZ(+#b7XR7j^VWQ1vWg;J?>g&G&CP|y8F z<`2Bk=G4T~D`#T*d$k9-&_=qZ>o~TqqSI*6%SGTrjGuf?E18=J~2=FvK ziveNSgRL%2b^s~GkKB4!Od1C>FR!p5F63uXAQe^&|7(ejeM;q-9VkWFPv=6lZ5ri` zG3&yTl9>7}VUvE492IB&`<+qqocfYAtlV6h?Yh2-7$?{?Kif@4`fH-ghC(7D22*v#I|C=m1A-H?`NSZecp-u~SR8 zV$Qu$c$5UsD}>1Q znQJB{luBzOas04g@k9)?H(Z)geQTkTXiRUV`syrpN&D4CGqwy$g^*f96gK&7Vo~ia zb{UOb9>k9KVwdZ%`H;p!F9#->zGRZCO;Uvl{|J<9`r2nkztPINU#*;jF4YqD^-7|| zOb}h!ZSsFrxa!j8B3uLaR3wEUIBfren>|q%4i5gm*#m>^eSd#bY^T%kjSCkFX zhoFdV6=T>3V}G|fy9X*`-JIF9<)X?3WJh^}6Ut%MP<8I^97a3qo9b~zmH?lVeyt;8 zi%bYN6$u^*>10_T4HLfdaSCgaFB6oKiw#_fkrN12HaYvR7$L)2lWTz@Z{0P(j84_G z>IUi5w3y}8bhho(bP$p5$=6L7Q`6|HewOcw?I^=lj8M1o@611KTtuC8o`u(ceDI{= zA?z3I)S4vy`_)s|O7sV3QGtrput{r_tHJoUbM%`rSh?a<@V1rCbo?zow{$>Qj_2ezd!NiE%cz1Tty@OX<${A(G~3jTI4;k5amzQZ zr8FYWDJ`XOQoCiKa5u>K#-w3dPIf&`aR>qK^aeucHbED{Oxuz?cvng$!nRL0Pll|uC?%X|-)6HvW)%}+J&?$7I zowjnA9A>br=2-6@Q&+obX2yTJORJ!BB=!A|V_D8`W(@Z_k4ITl|G)O$GpfmUYZpZ< zs3_O~0Rcq;>4Nl*GzICM5UP>G9 zaXtV*SCy*CvXj{RmG-``w7E_ScL7dEHpGU=@pfoCzi))O{8a*6NOdy0|31sYEB|hN zN=$?iQ=%M~ux*v0p-1WQaE6Ck9*#pb@rpnJ`9m@5Zyyw_^=d1FFD& zCsk@l8r*b@08QHcbaO9k@#te9*gGk1nB(@^mu*o=FEz{@^D?F~NSdw*)9H|y`O4Pq zuZ_4;=Wf}U?Acu}=bm^MB3Eu~UnF!40FwZ-vf}52t$iu=JZl^|fR_%Ni(1zStFn8T3bNX49uv#uhyLSXsJw}0E)nB0q1(s3Xw z_4Qo4)xfi>ZY)-b;7LR$#eUa%qd$60ePh(H{6(T^$%-jyzeD1r+)$r|gDT;<{~ z@8|iPU-ntEVE9cWPelGO;-foGmG535ZccKHV4qjmjNOY$Odf zn{nFsn!+bSsdP-VD;%fX*7FX~%m$&8!0kbn%CqP0XRE5CZxjYZJM()E4-Tt3{(?|b zrq;rwJ#zO}yzH*HC+S#)WvV54P*?a4j*NS8S}xcd*$HraN`w}DAE{k=>I)dn!V+(Q zqW-|v|3$D%Vz2#J+)wyokthkwrs3OW(I_R_RKd_g(*kB$(jOp$zEQL)rU=#^KULR( z5(~9Kj59sUw;QH8rCqoo>wt`{oLhrVZPi%#?xuULMqjBdEw2+@OP$?Xu)6qBFtupQ zdZ-kCbrYbcPb5s*PC9>eH`!et{s?f<*GDbH)z%{1C+0LY&i81R3vVts!yqWvcRcm5=hokrEJ5;S~ z`drU#vV(vOs=C@im!kKkWs(2f((tG2cI3PTWkHV$#6g>ZXK}ac+&%Q`-9wi1@p^7c zN{1gktTNp_>}qRIaE$59 z%`%P}NvcqCT|ewa@odM!4vRQaKH`iEDem<(qnL!yLq$CMT%u`I05yfS$73a~T*=aH zc{Qa%SZZwB=JQE9$9Sqps4%+w+4d-a8IKZg;DtvNwz_9RqbJxW#3xiIOt)Q`Tm!^=(q9RsuW zHsv(aKC()LpbNC+tP>lg2gH1Lr^M{&3d*EK^2!W`#Og2_iFhicm>qvX*%`RIhijeK zQC+z^wU$wAWn2)^_>OqU8b|kzvIqPfu2hnJYkmaOc*7UnR9qf8^)Z(;01m~$4sJ>vo4uNv0cL#4Z{I4B$;Q#Q(gF31Y{CjfTq>38 z*V4qj%%dPVde|sgnDzh^)YpG;o2)0EOS+4LUmj-gzS%6eI6kH)Wst06OYek-hwr32u;sd0Dxztz?=%ax)BB z#L>#sk@=(pj#l~lsfh6ZE$VbSW`$6+ieU zc0`}!j*AgTuQf}fxhC|jJRu;ftBLN=XK@S~H|CeNfU>+}1LM5?kM5$^96LuN$&(vv zynL$WhIjPDB)Gm+vKe#rR?>^FpVGmOg>m47{SvfH_|Gp!kcQ}FC2hG5ixr}1!WOg^ItS_SGJ18wel`?t;{{jyUz7+=-KjZ#$>)=xR% zmi_D#74D9X7ub!C2YQT-KU`W}^KeG5@ivSae#q>H`94XM?6gm85a<;1?MW2#t(~l; z?VBU^u7HNFVQzg%u6?F}!W}nv5%w|ZAsVY4(T;slJ&e3dAoj4)= zQa|6dpqPLhTU?r^tFYH!I|-7m=P=>zBHC^1p%r9eI;f3dXV>_<8^PfU)TD_wyW9u@~OdU zx~n5|-!eZ+YS>R9e3-a2vVvP`YniyL0n<}G2~Z&`6+A4mbO3#FLg%N)JV>#3<5P+B z5L5Op%VP!v;X&nRQ?BTgCjzOg$fvt-lZS4u$#!m{U!&nbX!?5qtODu8j!2nmnVe%1BDHeC-10hQB=*)BRV*%hQw-4=qLzT zTRr2y(xA$lj1+~h0Ey5i(ZF}or0({$=$YWcA#R*r7P;qp^6icIwgg2AT7hhaAoTG9es&e@Q zrmCbv`W2&~l7^R-|q|9HJiES{3Rl{egkT?mH_ZG@S04K-Z~^^hZ{jh*lsFzV5Tz-VHcKi>k^j%vPyfHe-+x>5X?Hb-bO0U=`RNvi@zqoM=P{&KpIzMHXKYLbiZ|ab zn_}(W;}5_PoiURwb6!F@^2(u3%WThj%68^?a;8u z)qWpf-??wqQv;S7;;VL^?IsXrn~P{P5ZyGrf139%52@)A^VTmHNDF#~!$pHj7G+Mz z@v1xk<`@$2L&ivz+HpL2RJ!1RrIRhQQ9t*AI-btPa})IVh42=LL)P5zo%Mf~AXs~2&G${@oBcL*U z8iy4!omWo^2#l?&27S%dA>%O3e+@*-KV17;f9Ep10#29*pn)7nFpn%uIc>G9N2bb* z%xmbWLM0Czr`d}Kky5%T`=f;HLZ_;|q1fBpXP?82fP#zgi_4w6IcJVe*ZEfn*zaZQ z9}j$`(laX(^lY^^^A1zdPL3&`l*9pzBsvsz!aUN0a@~OB1HEJ*Fr3d{z`C?M$$8zq zFwPWok`(;IDGv&q5@iIU61ZIbELOAu=mHAp3I@Of_tASZ0H=XjDE{lnf!vw9Kadys z@$`~FD8<<_>(24Dj0UCRZ?U%lXg;r_QQM4?2&^H1W%wHAShNce!3|g65sfEq+2clPt`1!*e@fM&CaQ;`Dj|th^$k)7lBZawJ7}fUX8Oi#I?Vq7v8JX&foi$=&sR zgh5g`kXO&a`zH&rT^TD;b+iD)RkIE(SQ0V<2mdl;nl8wVuZO(U5-g!nBcJGq$hr3ZvnPoc^KSc7CsJ1l+ z*CYhfM&9}+qB-aGOyli)`I0*7tG3GK4uMJw>eQUu#%gl zhxCD4C*UFL6?@Rp+zC6$tkqk@u^+I-EzUalnFDh84mzO?>aoHrdl-9uH0O2l4?IFn z^}TxvD>P|0w?*rSWVRh!;D}%76AX$hT$>r zeLGV^LD34BELazWDR)-*24^k@jSjp3sWg(dXa*0EM4 zbRSwR67Ij&zCid0e-7aQI6*M4!gqzNFL*uRvLApFY;!coO+10gul~@zfRH7^`S#+X zG*Lf!FF8hsmWX)oc+}6foy9`sMEt0tFbOwk7PMq)Kh85fl2qa+uy+z9S>eX`_HLyJ z=~NBQoz>%uJNk`>?gR@KHTlG1F83Tv&uJ(5OGi-vFvq&vBzrtWBy1J=DIH~L;nmBE zh+Fi;CsC6$!~^(&)uNv&{yvVyXLr+b6Sk`40XO(bZhE}q=(kWs<*oYu!V&0jSo#P9 z$L+!DFH{imiR#Bqd&e^oFkF@+^rt=)Uj;pCXCg#M&+_UqhxwQpu4*mClFbC)#IXT< zyr;{r=Js*Phf}8b?~c$V>B9~_S_~ZC$HXHV=182u7P-G@M9jjNi1S%0cW!kFOZhEq zruGsWh*QbzZ(h3ocEN{6;d@80Ejel2LxT3z!@ZI{>4kNX!t?tlqd3e-KJvr{5i8cf zB59PS{uoC;BK&}CnwWmoig=VajqB1P6(MtPDINLR&r8{Km2XWQ01n~?Pj?KJW0_zW zbtr)b)(595ebJ&Rc!~&vZPT0xfd8}=v?c0iDV5Sf9BhB}v+4e9Ec(ouY4c`UcY@E- z`uUq=|CESOd;Ez&0$YMD4M?BZn?3v%R3x=`z{`JK>THMcPwccU0uDcV$FvUumOOC4 z{}tTtohy)Vm~#EU_RM*3wClWAWAH&$BQ|z=e+xl8Hl5y2oW|o#2^GZs@#MyX!cDyS zCh13Dj|VR(vUUNc`*oig5o`3bGZNFvz469Bje(Dr&)kjrhoqLf^OGhyvMfF=bm9RL zc-#Uap8)5+={2JW#e^8`se!6%uB`eZG(hhSvF6TufWcz+i1HShed7CAnZv`{{2xX? zyx0gIfu`XnCjRe+M5$J|$YgKb_{`be{i|-M>F`W>fb!vII)cxen1&g#Ks`%+ufyFO zk8NKjo}1oeB#CCvJ_4k{2dQM?ft6~CO_+kVy=0Qrgiqi zv;E?a@$cS>)y$BVRCPgul@f30b z9~Pn`WUn7qbcW}`?+4)5Gv93*y5)jzeyt>qawvf$>0Mbj0_sLv#ajtDdH-RvL9F^% zeeP9WLu=Vd`aPgQ0aw3ub{x9-EO0tguK(w0d!DVZ)j}9@c`?# z{fFn%v+1jQn)+=Kc^!%0hV5qjy}y-B zN2|NZuU>7wcfVlBTLPXGMHB>=$x-8`*a-u$IG{&OcE*0j|8 z;jG0QCw2~JsWVAUdB&5M|o`C{@e19jG zO#Uu{>eK)g&8~43!bXwLLtW;!xijx!5@^{I6TB2!;*(H7mmy_|X^0Ss z<>BARUK@Upr=_3QBK9D+0T`MhuS(Rjp|hVD9FxF#xx;J~V-9^^Q5B3q4U6lJCk;DK z#KGgWQs>p7V-eneQK%78H9Mawk{s={*1O8!_kVgabJg*|3QzP3}Q{d4 zNbhFsoh0AbXvu_78sr>giJ_j$-5g&8NuDq^fYjeA^UUM@)`NZWSr@}@oSI{_UFy+Z zTHSx&m~34QJMsn#j{%CcS4;e-C?#9C=nhy~qBaceBohm(stqJ*W3ctDV9pT_`yB1l zt~?K=yFqSzs)sUl5|j~>m#}B8Q~M(x`}1L52diapH%6vdVCEHG*r*K|N8FuLY0#Do zuPiDnoIk;ves@D<#Tg@_OjJ`PBe0h|`peKhF^mGVNlOeC-=N5g=p2HSlx;sYf1bfD z!U(6B$9p^EtZ6;(b7;N@_IBjiVD1Xvd4>%gb^k2Tm=#Z8GBE8ue6u3MM(U@863GJdJXifG=HQu|b>Xp&%ZlUM=7LsVRw5C0lu(`Z24i^AAZ)WCcVTjI=@v?`qSaEZLTdqZ*dz0p{# z=avgtD{od?z{=B!neF>LgO13m4aJDd+BF7)&51bA59`={(p|XzXKHVif4q6+VB~ZH z(~`nJErNp;R{ew`<%d;!pTs{E9APMUs4YluQRpqNU(>eR)`5$Hw@mV~#*Iw6#DgiX z+V8$;XP0J!N|~XWrOT&dKgs}o7k;Oy4qgJ9%8@X7;r|9bELii)xGp8V z_Xn*9`x$CVKu>Q|N)x)&VSo`jTPE#~sTqK25}{ZXxS_{swm+;Ev0EQb08C@7urxsu zw%H|(Ph~oaXF7P7d^G+U22b+z+Fc$BWFXM7pw9h4hKJ_V{Qz4R0_pnaUD1wE0I2VE z_43=t2bfaJrJ-~s4h=o2!^gTg?}cLAFa1M<{g0mBM^{)>gwB_p1FR^He0~T% zJ;K4kA%R;J)%+x+G$8U1chzQsr*-MMFxGan!aGt}4P?qft;?l9T$GKHn==FaBg*eU zoTkl#xK1T`RBD%!834-v&f3MSdy^Fv0wqeAOzv|!+Dgr(Kw!j2(Y|-j0U1TVlR#+) zlz9&iciy9T*xl1|f3QoFSvFG^&}ci|o>;Dvpycl!G|(k(U5E1#4OxL9*1~R{B%A%t z;tU2FeLPd0T!QOsu~bOzT)he8KK$W}WJ_0d8uO=(a$ZgIhyqsqZ$?wV4kxP;H{^6F}C z{;g7chE=clvWJ^CWFZl#+Wb2SV%r?Nz4-yiZuy-OgysX9@~3Pbig0}3TI3_-fMS_g zK5!l1Ud$KQTY7i84_6`Ff31G19BEZF_2WnO*eqhS!)U~G)U#f}xXTA+j>jn=wJSG5 zR*0;mvbr`ZU{pQ$Mp|i3t&5F?R;9je z@c8-||4(d_e9hE|2gFzKP;c7;V!BLJr9q9+yQl>64rXG{lvoy5bpg5|AQ!M&<0+s45um4Nw;&`P^@mfG_B=|5-$P2dWrv{R!mvru=FjG7kS#>M!AIP{Bq z8IrqSlqs_-7!4}Ypxt(f@&q<&$i@Hr^NQ4lQ12j-sqS@Ob5m3^**DZ;Az=LbxHBPc zL%yE=gQiV?S}34f$X1Shit53RObtUfv9C-j#gqnbEq{_vj5GLIW?fqd(bZaF&@0r_ zDV548w1Oy`n%ZaE0gTq@e9j{BBO!l0V5xY}2r^{LEynWccVv+L`DGGMaK;l4=MAvN zMzczLM&Y7mti337S25c+zPeEtNy~`b)i6O_bd--FOT&-epZbM*Zf24}dr#(O6@1f+ z_eR-Y9@fv2mU}Y@AW39=fL7y1yulFEVKoq4`NwTuQ@ltr3tAi$%~gD6Z5pt5Mu} z;mE=Ci_e3CRk67kG*~mj^IcUaPtiDYD9hIut3aynZ!dt6sJw&MHH!x@!*Q7?++pi^ zJP3|&{(}=Somw9#?WqA6f^J^2!O2l65cXi)K|@BHt^nEuxk^8W|k@&D_4 z2HAET0Y6|PF2D(UMSfVc^g$UBH-WMZ~4c{Sx}DXa9!WDfJHB`E|mz`Tq^JySupj%eI(dkN-FA za@E!Cr0$Q})~BccW~c>=iv2Quyp&o04Nqyi#qetu5-fj1%73A7QWoJ9zho@w5hY{|x^ZmiRxbe}ZlQkMR5g-T&w4{=!`UFV#HzEt`G@F&}{1NB;~3 z{B?Xu-UHb2|CtYSit10p`p^6mdjZt?UXNT?iLB!MOpaoS~vx zU!V(#(l0W}xkdvtX8nm-8mK_Ghtl-BS)UZ^)A<(Ei4Wh|qceU=W?PfF6H4!&kKQe< z&ggdsLRs2%8A35rRc<_+1qz9?rlLPpYVZAX;IslAqn8Y?6H1|WQbp98-|r+?#;Qgi zI2u@U7(P8UGObiSt%>plLLCFk5a+Ig20LH&5*4ve1&$$N?bsii`e5AJJ#VtJ4k%(j z;0Ug&A?IQTS^U*kJ_^JuG=U%SPL_si?@Xp!n2bgS6wkE)Gv;Y6vl`g-^4XbxVmQ6+ z=r?%W6LkR0&E_HlEWLTyMRMpEaS0|N3lf06kGSI{#XIpejDt4nAbZp*vPz=cYR|;3 z^g<;hJ?~?+I4mx$pWSO@^-DluGn4(`E0kTos(@w#30pjzUCZ`usY`-1Uuj|;QsUi= z`u_feJYK5+&BHvwW1^@}ZHiO+sZYRv4BdGA)PJA_oCYi#%y|9jkE3DhUdr-h5{SJ zp5a|-Ye+K#8G2(Ay2_3g7p27e0lm|voba76i?;Ql-5rJ6Yl#i{KU{dfg!XuNtTGc{ zch#xcXJoQ-DlMFOhIi2Qd{^vsDrgT##kfe3vN5ZWZG3$zAB%kV zI^SkRSgZ={U0a8buV0faeFa@?gV$}J8GT1XQNBcLRMbOW5>U0m>}3Wv_nd*2{;M9w zHv#d4Y(1@ukF*K>6fMjhLnFOtapYIruz$=7ahq>zoh%Fr%e$yk#>;O zK5JZ2vqnDncJux<<^^0ZswN`J7OP&|-Ur(n%Ol5MXWgt_q=IUNN{V7gi{F4Uykk4w z8LyTVyS`?i0RRFgT8UwY=eiTjkOkGyg#~D`r_+DDN+2uGrjb_qd{ui-BZ>WfrLXhR z-eY;~T{cAWJsai)3kXE1xuFq{W)@OHGHK0*v3 zBEP_&mT%8+2N#Y;>d+!)p6ANl!M@XZN+pD~uDfWR4#3~H82jeC8#IkUhTcdM4d=+T zH;YF;6LHr)n9_XQP8D`v)vkK4ZRhLny+`hAY^$mpJ=JvWWJ8@AWzrK%8|ReXGRi?3 zX04(we!_yFBrDEyx)Id%FG2@orL$(`_r!AzqrD|dA#?Q{&a{prcMa6Frl1my6%UwB zb17m;%YROG{N}rCREHC0ZOCcPI|m(52hK8@m|2@ zEafHG2`*I7ZCdhgD#Tz4(}FxjO}|nE=ux6tjuET0&ly76ujeEkiso|n)s#CQfttm4 z0}|kZPcCK1=ZTsp!&ChBCEoM!?wzme>5cSk68m)w$}*u6Pb8#{4UnhR2Dl_U>yhd* zl01SN-*X9j+C@+k;eoq`qLBm4Cksb~oEtKd(A5|6FwZo!t?olz5D*@_%agv&=Qf(- zUwgBn?wa#-aOl;7+}u(ZyKUyrVTHP?6NLklmm-(^GYI*x7TW0oqWud!gHn};)Ia0X$Fg*h~ zA~>khK_p#-4Uoo_-c}My|M_8m-nH266`dz-8Jf~!_-t-Ynt7?J`B5WU18YagiM$|w zMl)KU-ZNNf&baqlMLm?fFr#KB^L=tA=CiFs zrPRF_FiwLPys02lDQCHo0l)Y}Twr93Qcq%ZXHxE0|=>3O%p`N_n}Fg3+^cT-w;;)onAQ{8#K*yv!+BA`<(7h`z32B%j*77?wOU#C16<1=RwpDEqjlkawJ-N-ol z;7+O6slIRCy0iQxL+LQMDq6K8D(oG~dz=>h9K>wpLre5N9+leQMBT&$}qe=tsM;yush1V$Xh8^)*_~mZNf^ zz^tSpL3?j2;5+S};e|II2>Q=QrQDDVicgd|>9$vI)%alclxrtSOYf}ZD)-om7v(zE zQ7zJ5P64d)>YGsNw(A!;kIfK7#={WCMAXf9=a!s#cAiYAC07Q2h{nceVi0n)K`sjh z&Uj8shM|^bALC4KS}*>TWy@{TTw&jS+W7ekcwFFW&c_YgArss{QC4znEG*CL>!g^UiRJS+xRFCXh8s zE16zs-{r;F-k2PO)G@6y5WX?-bKIQq)bf_r^K%a9VZ)eA7&hLujH8h-wyeGUzEJ`{{bS;Z zpfjj^n>t}nM#-h&sX%vQe%}|0oE~f0JQM2VuQt4~+lmaRR`T4&41b-J3+?Y(Hf(jj z`_dfn(Lnt0CNY8Ld+axCVZE}dDHPN7yDt?0(^n;JDLjc3t$r(xG114tM~K762|YwR z$3lF+t|cur2JHIQd39OMy`A%Nd|GELS&P8f>Rj4xFEgDW139MXcdeA+?rp6Mx?jmZ zWap;xYXQt&5;if-TiF){-wuPlbp2@SUx%wW>uDFft?^mTgH27}tx3Cl&S^7DJ zr8t2i5n%Chi}k3U>|J4)y$~T^4rW!$FiHKk1Je8AQ}W6!rLyihe$yxIeGHl~oF7so zEmT`G$G{rjpI4?*4m#M4p7s4(o#i;l<~Z-foEClF%4SuX}wO-vU!b)#vAD43q@ScH~=TM=moh z@agqwr_>ylel{cvwD*nCj>T}IHotke-# zIr?iQR<)+w18s-J)s0wN_C#nlgN#hzXXD|zJ}ThMm99+RJ-@MX$hL8q7pI1Kfsdiy z1gDV4PQZ??pc@~=(_##4U+?h(#pz~0#OA+!B3j6rdOEjLK9WK~B(8u1Y9`>=+qWTq zx-IU=COef+grj^4V4k-^p{C9JQhJ$i)p4ESXb_E1_e?=t0Q z>Y$`tc;h*6u|sOowd$SHfH}={`GKKF!ydLYo4Ui++3U^)F+Ceo+4^}Cg*X>XAE)7( z%S75b#J^+et{4K4o>(P>SmZ_DbTx*ufb3$?xn`++Wxs7#=d_-=!GmZPTamNM^bJV+ zkspnBbBH}Yi2G?1y9xFan&p~x%q<~)!*bO0j|H;P+u6gC0x;E8Eu5^>2Q~@J}%E+EV2)kqJr1W-p55dQ;^=?YTHNCxGL~ ztCS8c&3H3~5UMI7#oB35iM{kd7TY1wMlk|Pr!N1J5b|Vw-teW$!3Wz=GE$H=e+otB z1sTKXJ~DyO!EXn@l5Z!UZw^ z7pC#@p%32u@GI{Kl4;i0aW8fPt)BbMio<^4E)<{y>f<@IM;#k};C}{~!(CMV3uh9c zA*y9B?lHlAu(7u-_RnxoSr$I5rPk2b{&$BnifO&Kxd@BaA~*P6!0(O&pLX`u9? zle;?=lat0NZabAk&up0G3;=N)UkJ{sf{7UgiFl`S7YN3_xhaFdRGW*3lfnTnM0Tf^2htb9pg6Xzbr}U2Me+_eP@RG5%54VK>;RqaP zJkVivCV+LF0CeLfO(+3M-W}aN2e`ZL2{H>6U{@%&b&-TGE`Kd=zld6B7@Aylu-N{k z8z41}utIpbi9Zw)MeHFMAP1o_A zs&=yPEANjxqK?7cr5_bqgMB*rZ#PVGQM^?PDYhgB?pP6tzR_XXIi9Qw63o{qL&`OM zS)@`^N~#{7=M(j05gQa-Zd#PP*bmS<$WlooKV~1qN(nK&*?I+mNJqcR%H==`$RhK@ zLgD$%G{$uI_X2#@Jw`N zSuK`Q$YHDMNGCIY`uj?`a})dc@i)t+q2O3WZJA~yy0D8R*C>qfmTf#uT-A=o;-=6x z3K4uo@a&?abK0F0p>I91K?2exv=VD$fM`CT7-*tlqJ};`NS*F&t;h|dv$HYmu&p8Z zy|%uT85Vhd>zN4xh&!7;eQ1`AHcYi}J?i&*usH*w2Rb>K#iKs%W?r$;*%mjGYuzaI z9XQg&(>@sT0)qhZm~7uq?-z#C>;+g>D$cqp!NQn>xhJmB#?jLhj`5#~BWYL5tX1tS zS3!A7*FsxAIa{}Bdzx+EwB|{8Uh{;21dBGhMOhw0Zhe zKIqFUapX)*mFtzzV*zJYf6Ys|k}lTQF1j|xd81OjEqHwV8$)t)qmIJb>x4{mH~sGe zb^!#FJaNF5=R>wzui0uBZL>q+1Gw`lFjJ*P1ao|{Nnd)JOBw$VM4!k#jA_$EEBBTwC(<0F(^Ve4}S>UbnjL*~ZivjzE^`R`xlv!~n^ z&mF=bn2q$7JUOj(f9k$EfyR^1~9Y_Pl{w3Hm&3G`0`*M^F2?gu6J*Me6qGCqpTBzVMDfu zR|S`0+{go!2J(HSOh($gx6cVSNnC=MR%DhjK0DxKHjEWWdP(sKLZ$nuTdv&MB{!U= z2$FPa<#d9HYIh5KK+w;A3{4HxXWRJ%*g&i{P ztTMOg#k5@~a|sREX6Sa5=@U;0+7a`RihZzdkBabX?o+gnAMoXkv)mxs`Al-N2nl?l zUe$ZZaLxXwl@>VjLS4@BY@z=`D^R6+Ew|I9C~it?zL)M)CO2hDxX zD!tmTedHqQwO*f0K0=d6Y7$-<83BTT$FwR?l1mEi)?blcnA^TOKu0r3jW4oFPV(e4 z*|{mB-sP2R8<3LV9;`3C$YA`G7>i{{?8l--88H-zkC7?b@`)TNy1YyRu#9t?VqQ71 zR`%yfpMB@l*e%_=4RSoi7+@DlZXJqBy@$HG8-kU1h>AW|4zJ>FfOt(@-&E$g0>Y^h zsUJq>4rg806^FqGabD6|=2O9idh}?Uz%RC?$dq9?b-7dU6MJSi~S6`lIZMdoGM3cYCRzcCn0Hi zdF-@(`m0_<3N_ieYZ0Q-%u5NcEbtnjc^`}2n{LdKAWz-OG&OFtNqv2`xBTeps}Jfr zzwWt)K~9aRkmu0Zwe*gPqxuh4IR|$ z#R`8Pd%32*fnH26Q{)}SPmJ{WNY|X3)G0KfypJf`@T{}(tIX<#*ins9t6kR8JV*OS z2CgOkjwVpckgEPttVcG3PM1Z1Wy4NS*-ckzMhS!jATAN84#$O%tQd3+npxd?sl8ki zX{Z-dFQpAJotv2Do@^u+iSc)K^2C-hel;?gcW!D%CRlq*S}dlYOy7KgWrkFiCSS#c z;H<_VDN{qJmuslcCR{y~qMtr8ez9P@IIj6cvj+o;n>09RH+b(oWk5#X zp9}&;6f7B`3wTwd-UMQS0tujc$mEHH@lpT)2YNw)%+xN86hxY40eIM==Q)9|n2|+M z>>Tdq3H#nqx&SDvG*YtGjnH@+&`OL)aT7BWLLjE{M>+>d(?ZR3>q17MN4GLF?4{>) zl^ZYP$?%Hg8qSU+uOLdvW>L#Ioqo@laAB2pz$lLsSNCtXO7T!9M~iuRV4mhQ4)-j^ z2}@I86_vbHT612CwJHzdRFCP@TsmUUw#1N+0UD!@6F3rM6&rodUdM~PbX$t<5=DnQ z9yPb?xgRZ7Re1=8P(=*V8u&O1-@81ufS`h zZn+CbiMTz!JpD)nZBwMixZsXJ92PNfz2hqT)|nO z&Rmm(gzVfCd0Cy|nDgOGRUxnp=^GyFx}0sRh2a&*1f0W#&RKlz>HIT4%}#+M9F_HT zg}9vsDvg&wJMa7oeS`33r?%ORGJut?*33lQZ- zQJq$W4vJEm2riC30?K%~wv|QJ+`pbqRD5bmNs-@&ZTq6f+%uS+C21rnGBWzrf!*WD zE!Tl&TlZxOp)ZT^s?)`FiwyGZI=Y566?yr(G{dVtc{LCk1s?@J8py(#TS4CC6<-@K z2`i^JP6rkVayzbkD`cA(!s#-$8_Vp?B5M4Ll!n@>Z%k}aC0UBpP%g$uriO_mhA+MMFd4#`)$tM_sg)e@TUvIxTo9I6)^DO&8{BLC z0V}Hc`Af-vsQ(`3cadVG14AR;9`7coCFwFVF+4w}>& z^oy?A>tEJ<+TccL8KP#WtJbe*HyMh~t}Jzw!`B6(uDqMUCgADx&BHDme?zR^$9g0x zfXe*|no=Y$fdcKkyS*D6o44uY9vh0DBUXa|>xFMO#`6knbv^?_6irlPlf?Svw_b4S z4;z3~x&)a^BkTGMO^hGUz4yE8(+Gm69>6jfb-sh@IY){ZtT^lZQ|Ye46%RJhz%86(xQ-nH{Rn>aQP1m6U!b8+eV5 zbRZ3LaR077&>^7Q53dN6pl9ba+>QAdv$p(j&8Mmhrrmc*d?!acC$A&x<_HGSA>r<+ z{D|RpDcHxy$B2>lGPkwvuJP9A)ajeO1? zGNHDEt3hah+`4u{*SGwL$K=KC9v1+iNM#c&B1PVmM5s9AOm_tw@>GsUNO${riYX90 z6G&#J{&MWey!51#eJ9bPhgzuSVJNR-7kO}qXlN>N&MoPH7bsfPCH^AE8~Vv+6T9wM zQ9Zk-Oxgtfg>pE(w8CO)s=PPAdK{kkdb#SFnr;1i06dVUOQfcv!l4vEtI1YZPTrb} zv)wzo{e|-mmV_kq7hh+Fgt*x0k8xGs{A^g2wX0tR*Emq~CL8i=luD18JAFQMBi8dn zpdc?J!pU#6hotEwr-OuKhD5aof7f5NKvDs=J=;Fl5rN<1n&nlJUzH^%GzE}%HrKx- zAZ@{c9tx=DX=|_jE%W1#kGZWakDqr0VneCRbIFIfJA0;>iba6Ev30pK2l_A1DT(~S;6FETJUT&WC{_T@lCl;%$WXjy_{>Xnojar5)A;O`1Pj-KqtTc zBSHm0YbSp*I={vXyjJ@cj|lka|8HL!-d|29Qg&(OWQvue0m&dCd7_{uU--x@;Qs;L Cs8OH* literal 0 HcmV?d00001