From nobody Sun Feb 23 23:54:08 2020 Return-Path: X-Original-To: pkix@ietfa.amsl.com Delivered-To: pkix@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 810A03A07DE for ; Sun, 23 Feb 2020 23:54:06 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.638 X-Spam-Level: X-Spam-Status: No, score=-1.638 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LxSqCT75Gmmz for ; Sun, 23 Feb 2020 23:54:05 -0800 (PST) Received: from mx1.luxtrust.lu (mx1.luxtrust.lu [185.69.225.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35F313A07D8 for ; Sun, 23 Feb 2020 23:54:04 -0800 (PST) Received: from SV-1447WVP06.corp.1447.local (sv-1447wvp06.corp.1447.local [10.82.96.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.luxtrust.lu (MTA) with ESMTPS id 48QvTM1lyVz25dL for ; Mon, 24 Feb 2020 08:53:59 +0100 (CET) Received: from SV-1447WVP06.corp.1447.local (10.82.96.76) by SV-1447WVP06.corp.1447.local (10.82.96.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1847.3; Mon, 24 Feb 2020 08:53:58 +0100 Received: from SV-1447WVP06.corp.1447.local ([10.82.96.76]) by SV-1447WVP06.corp.1447.local ([10.82.96.76]) with mapi id 15.01.1847.003; Mon, 24 Feb 2020 08:53:58 +0100 From: Thomas Kopp To: "pkix@ietf.org" Thread-Topic: OCSP reponses without nexUpdate Thread-Index: AdXq547Yj5JHBOWqRKivA/b474BBgw== Date: Mon, 24 Feb 2020 07:53:58 +0000 Message-ID: Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.82.96.71] x-tm-as-product-ver: SMEX-14.0.0.3006-8.5.1024-25250.005 x-tm-as-result: No-10--20.984600-8.000000 x-tmase-matchedrid: vWvnoyq7eMzfVqwz+CynaRgO7sCGTR0NXF/PXQ6xePmJmZ8FliAav78t Q+d++9tXYff3A5nWjkYzvWHRIxWXwncbVuybnN+MvGAx/1ATZ5v/RWw03+xdxabN5Xxnq7eXf9k rIFPI8jVu7xCoxCPC8oDcpVWyPxAMqAn+yHbzwCcwMfxyID/dnTRGWZgDtiVIW2ODhN5BegkIbN RWsGR4loxtAsEN+OC7JhFEQZiq2ZSZEoWHC6Rh/ZZ5dyXMk0sSuiVf0/zK7a97lO0ZaWJUb/wlk T6z2PDaYkckb91vQ/65MbvpgqUSoxMaLJ/+JuBNPJ29SD5V9Ka2VoZZTnkHA4SmmYJGput1v5vm 3HFlS5BNxPCWgt1qATKVTrGMDe/DIPwiH5Xl/Q9vn11REP3xnsWELCnhv5MlMA5Zzu16lhLOqsg MyN+7e34fz8lQaWOgIvzeaaWnD0zOwndHdfxk9+eU0qFv58B+KR7YPxW6k1SEcppKRi10PcUJPU eTzbOZemDiYy/ldLcwo+sXt0rns/ioIsi7Sa0g41KbbIPm6wQxmN3SRonD6lcPyLd5264FncIDK rVDD8imX9aA/5jnEHTnOygHVQpOJd2n2XoSRFnMEmMJ+LiV/REQuhnt7JpjVR1qD7x/JlNYgjHT P2eBN1v/A5xvXuA1vHKClHGjjr1RvgR0hkbG4GukPpgdThA66/+JI9oIzb8Lr5mO/KWaCxComHE HwE+Cnh9cdMtMf0qj3Qz+FyEjBh35gqXq1LNl/zIkW73uAA48FBU9zIgkJ/i3gC6KqlRJgr8k01 hGTLzhD3VLjruNvZN65fjGjYMQQxkr2KQr+ojsWjO/lPD2Sf7E6GNqs6cePUWPd028fB4+1twsN 5Hv44RtqopBKUBleC3yW6NuHyER4v4YaBLsTX3H1dx1DkpgBM6369GIz1iOkrXRx8gGrQ== x-tm-as-user-approved-sender: Yes x-tm-as-user-blocked-sender: No x-tmase-result: 10--20.984600-8.000000 x-tmase-version: SMEX-14.0.0.3006-8.5.1024-25250.005 x-tm-snts-smtp: 624C08F8D34776CFACDC49AF9A6DFECA5A064ABE67F063ED4FDC62E0FDA65E8C2000:9 Content-Type: multipart/related; boundary="_006_ae45cae10fe24054b56af6af5a629f9aluxtrustlu_"; type="multipart/alternative" MIME-Version: 1.0 x-msw-jemd-newsletter: false Archived-At: Subject: [pkix] OCSP reponses without nexUpdate X-BeenThere: pkix@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: PKIX Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Feb 2020 07:54:07 -0000 --_006_ae45cae10fe24054b56af6af5a629f9aluxtrustlu_ Content-Type: multipart/alternative; boundary="_000_ae45cae10fe24054b56af6af5a629f9aluxtrustlu_" --_000_ae45cae10fe24054b56af6af5a629f9aluxtrustlu_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dear all, OCSP real time responders typically produce responses without a nextUpdate.= RFC 6960 stipulates in section 4.2.2.1 that ... If nextUpdate is not set, the responder is indicating that newer revocation= information is available all the time. It seems that the former wording is ambiguous with regard to the semantics = of the word "newer". Does it mean for subsequent requests that one of the fields thisUpdate or = producedAt must change even if certificate status has not changed? [LuxTrust_logo_blue_signature] Thomas KOPP Chief Scientist Email: thomas.kopp@luxtrust.lu Mobile:+352 621 229 316 Office: +352 26 68 15 - 574 LuxTrust S.A. | IVY Building | 13-15, Parc d'activit=E9s | L-8308 Capellen= | Luxembourg | www.luxtrust.lu [cid:image004.png@01D2B49A.E51F9060] [Banner_Email_jobs_hiring] ________________________________ The information in this e-mail and any attachment is confidential and for u= se by the addressee only. Access to this e-mail by anyone else is not autho= rized. If you are not the intended recipient, please inform the sender and = erase all copies of it from your system. Internet communications are by def= ault not secure. LuxTrust S.A. cannot guarantee the integrity and origin of= e-mails unless they have been properly digitally signed. Confidentiality o= f e-mails can only be guaranteed if they are encrypted properly using a sec= ure digital certificate.LuxTrust S.A. takes precautions to ensure that e-ma= ils are scanned for viruses but cannot accept liability for any damage sust= ained as a result of software viruses. ________________________________ --_000_ae45cae10fe24054b56af6af5a629f9aluxtrustlu_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Dear all,

 

OCSP real time responders typically produce response= s without a nextUpdate. RFC 6960 stipulates in section 4.2.2.1 that …=

If nextUpdate is not set, the responder is indicating that newer revoc=
ation information is available all the time.

 

It seems that the former wording is ambiguous with r= egard to the semantics of the word “newer”.

Does it mean for subsequent requests that one of the= fields  thisUpdate or producedAt must change even if certificate stat= us has not changed?

 

<= b>3D"LuxTrust_logo_blue_signature"
Thomas KOPP
Chief Scientist

Email: th= omas.kopp@luxtrust.lu
Mobile:+352 6= 21 229 316
Office: +352 26 68 15 - 574
LuxTrust S.A. |  IVY Build= ing | 13-15, Parc d’activit=E9s | L-8308 <= /span>Capellen | Luxembourg | www.luxtrust.lu

3D"cid:image004.png@01D2B49A.E51F9060"

3D"Banner_Email_jobs_hiring"


<= span style=3D"font-size:6.0pt;font-family:"Arial","sans-seri= f";color:#A5ACB0;mso-fareast-language:FR">The information in this e-ma= il and any attachment is confidential and for use by the addressee only. Access to this e-mail by anyone else is not authorized. If you are n= ot the intended recipient, please inform the sender and erase all copies of= it from your system. Internet communications are by default not secure. Lu= xTrust S.A. cannot guarantee the integrity and origin of e-mails unless they have been properly digitally s= igned. Confidentiality of e-mails can only be guaranteed if they are encryp= ted properly using a secure digital certificate.LuxTrust S.A. takes precaut= ions to ensure that e-mails are scanned for viruses but cannot accept liability for any damage sustained a= s a result of software viruses.


 

--_000_ae45cae10fe24054b56af6af5a629f9aluxtrustlu_-- --_006_ae45cae10fe24054b56af6af5a629f9aluxtrustlu_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=2845; creation-date="Mon, 24 Feb 2020 07:53:58 GMT"; modification-date="Mon, 24 Feb 2020 07:53:58 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAJ0AAAAYCAYAAADgW/+9AAAAAXNSR0IArs4c6QAAAAlwSFlzAAAO xAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUATWljcm9zb2Z0IE9mZmljZX/tNXEAAAqdSURBVGhD 7Vp9bFtXFT/v+forses6TdoygSBsWXG3dmNAupUISKky1DF1bLQCVmBldGiimfgDKmCsjxeGQIA0 RFqVrisVqBuIbWWwhkEnmKbBJjq1f2yL3ChTI6Z2yZYPJ7Gd+OP5PX7nPmeJ3cR+8dKQVj7Sy4ff veeee87vnq9roes6VamqgcXUgFjMxaprVTXAGqiCroqDRddAFXSLrvLqgkKL7HWRGFxPZACAPpUS qfN636FzTlWjRdpXkjAayTBMzDEpNtmtDxxNlZuvNe6qp4C4Us4TZJH/Pa9QPOYjynwUT5yEsMjt c1Esdk7vO3q+FD8tsnMdnLafDKzv8wnwVPTogZe0yJ4GEvEPYm+5cvLM+t4gpUA2w4iQr1JehgIZ 8fi6sacchf2QmWONUCFvrx49NFJORm1jew3FU2uxT8jF80QPBQcnKBZcDzltWSsi6NmgPtoeHqRj /dfnI+C74JXqx37eYFFgm6vIG2qkdO41PdrZnw+vZwNk1PybfAE/+QOwz1s/x4s9zmXPfJEC9b+k yQRRepIo6I/QAJ0pO9+nbqWa5Y9QegJrZoniDHzxXyLrfqp73yYaH8afbqJA6E2t6Qtteu8fumfj qa25ezf5gr+iHIzqxbnx+onGh76LsS8Rxe6k2pUPUXK0rDizDvC4cIyA11h/Iwm1icLhE5TCPq0K 7OHGeXJ7cZ7SzdQQjpNLPSn5eGuIxmJfwvq/LyvkIADn87ws9+nBPuPDt1O84SR5jJdJeCCrUZbF rAOCy7HHgW/RH2kfGcoL5KutJSNTGa9ACLzS+zF5txa59zMQqoVy2QRZmVYtsutJgPEUh1fWoEE5 KJcVrMBbzI9MOY/nMx/hcL5pTs+Tc003vNM4TvOtNDZ8jILhm2lskKhm2RWkqMe1xp2b9L4jfTNF A+C+gved2JT9MRt1fGgPNsYHByxNBfsByR/TxP9ieflMvVYBMAUvCvDEA9k54VcK+2KjsqwMFtds 44sUJ9fBWKlX/FYx344IzMDmI/XuUGesW6krMObfBvjw48MiVk6Rn6mq/cznXPC+JT2OpwX/5Pdd tB25/ym+c60jeVlZrXmvoLH+a8lDJwDgVsx7Fmw34aUEnTQPWXkjWPM9xtgwG4/n2z+ckQoxpufZ ygPpL3ZOIGR/Dp7uKQquaJPAC9Z9AAYC8Npb9b7Ot3mctmbnHfDOR+DhbAPUBAG4ke/pPXnA2VLk KJsx4EmLTMBIUGB1trwNAcjCbgLyv2MBGI91Ig+Tva8peVlFxizjL9g51lFgHcuy9TxTPfw38+Hf KsvjkOS8/DM9D7A1XfLzHATOWYy+opNWgn82za7GIHUbeA9MACSeAp2xnKwWGcAtmy+vkcteuE42 g4OuZKmB3BRXRykFpQn1ahyEE2Rm0jx1SRYSiP2TAN5tlBz5C4UaNkvgLVuxlqzRp3GCPkHx/g0I S49BAar0crVw6WNDe/Wewz8tUK2qPgrQ/MN2NwWUgwLvRFh+gDJICUwDnl65HYbrJQGeUzTlCelf 50ndeJ38WMFrFx4j9VXEuFP4wwbu7JQDoD8NWfdTtmya6xB1JYb5cfAmx3+AfO9JSpWUq5DJZFah DJKiLwN6j7taEGI5r5geo2AXwhVCatyFMF5HHrj+ifEDGLAP4wr3n5qAcrxDelcHbLgrAIRdg3GH oePNgJuMVEsSdCyYBN7q9q1EI09TqH4TQMXgaqb4wHM4xY2wvoeyODiB5fBwww8CcD8qNgfCLBJD 4ucCgkLOEYdUJvgjnMSo3nPw9blMqjXdOK1cBp5QX9dfPdBTDila5O6rZLhbDOKQb9JZyNVb0XId ctase4ITqGU3Kj2eCtiYVj+iSun9xyZ/jYJpO7TbCn2d0rsPPrWkQSeBN4BQG96xlZLqcQqEP0mJ GKHYuUkWHlyASMCN/EI/c+iBCpSMzLvAASIzL0GqWuwtOdMrTybVIjG30yTBhcQQugWozJ0H1PJr TI2YiAMQ9CAO1Dd5NccTA2GFEsP79Ojhx+aek6oB4PIhm/NThM8yJLsYA/S74mHOBSu3wkV6r0eP JrTm5s2UvOEFAO5GSiXtlTiHi4906mce+c5FWnph2KoUQ2UflXK7cVgMwh9oT7nK2mz+63N+6/U3 kXA3zQvUtTg/4+L4/BesbMaSB53cVuya66jGs8quUmV1ZBcPwnu1FtmxDMAcr2z7F38WvMezWiRy LW3bZhdKHR0WPFHzgqyM8g98XEg7XOSG42bQOSUuOpJjdjEj+ACYFfZInC44PW7Jgw7NxY+RO/A3 cok62QvkXiIrl/tlofqbKWl2oc2yBVUvYsvSJD0aNanDTpgWlITHQyIcQ2H1Q5lnwY06Im7RqMpy IG438lqgdXGpEHQcsk1CsjQPMgtKcxwb36jD2YmZ3YnZ5mhNOz8CwP1VVkwMMq5SE6M/gbO7iZbV fwr9PAZeC42N/hlFx2c5B3S49tIZZqdJ2JwTMuCaZoRl0/TpPR08t6KvCmmRe76Ow/x/Bh3fKKjU Ave/2y5R5iAVQOO+VnDVATQA7c6sbO9xqZ25D/PR4yjRJ0KLE8BpRnd+ziUAuA+jD/cMAFdPk3Bi oXqi0SHkcIe+r93QvgqfPY/iYo2sakP1rYjBf9LCt9ymR7uwiUuIuAJXlW1a5BtXQuq52y+ygWy9 lzX9Tq+MzLS8Gotl7oHduNfmrDwxuX+ohMHKm2/qL6rCCoHFya7X34Y+TFtJKTgJnkAaJWK/QWPT Bp3dRBVI8O931CLIIoXg9VwXYltr2nE9+WufQZ7SINcJNXCV+lv9zMP38SL66c63AMotAPk/4f3e nwdeGyWUJ7TVG+/QB15chKbYQtgJGMlAVH/gLuRVd5XlyDrmCnWqyWyaaepPraC60EPzzum4B8mH 2bbbopJAbaVQOF/WizwAuCVRivg8MWjIYwFgblyyI53AHaIEH/IK3D6VJR7iRyuBe2V8b0rcVMRN w7p7N5Ai/o5rsBAlAbjwani4wWNkPf+1mTz13iNnAbxbcOqfg6drkE3e+oYtZK3v0q5o+bx++mfo r5Qgk+XmLgk2k027KGOUbqaZprBbHxCVD10yVaopXHr7fFnPd65Tt0AsQzmdS46cvWAey8CyxEew hxrcJcAW/Nl8CgnmxffUTD5E2DHooyT50CJO2+0fL8YnccFVIQlcYgPq6dNAfRBCO7vGUtGSt6xJ ioUh+fkhSiR6KDXhMIstklRBGLb4xkCM4psnYXS9f0we9xCN9J9DdSoQUl+lwMod+kkk40UE4HUD eLfCW+4H6Gohgwkv3USp2Lfx7Zm9erSjxDE236ZkvAeehu+A+VKxdFgWnlEcgh4ANIeDoiKcVV64 pFITCIVRue95XztKJeCeFTcBwhPDnTAuEFOvIVXhy1xn9itWpMLhxhwojaEUdKQyTmAjLwfzNyvE HAl0/jkR3VApA8x7Iv+8Cxb2VHlJ/MZZFAQPOw6PAN5/MBVfh5om2T3fDrOWSK/RTX8UM/hxRHr0 IK7T6EOOBpcZBJlfwZC1C8Erz2PdAvKalVX+q1cfX4h1llTLRD/Zwd6yMo85Qxs4SMnK6rmFUGmV RzkNLCnQlRO2+v7y0EAVdJeHHS+pXVRBd0mZ6/IQ9n/LX0NQYGMrbQAAAABJRU5ErkJggg== --_006_ae45cae10fe24054b56af6af5a629f9aluxtrustlu_ Content-Type: image/png; name="image002.png" Content-Description: image002.png Content-Disposition: inline; filename="image002.png"; size=2172; creation-date="Mon, 24 Feb 2020 07:53:58 GMT"; modification-date="Mon, 24 Feb 2020 07:53:58 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAEIAAAAWCAYAAAB0S0oJAAAAAXNSR0IArs4c6QAAAAlwSFlzAAAO xAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUATWljcm9zb2Z0IE9mZmljZX/tNXEAAAf8SURBVFhH 7Vh/bNVXFT/3x/d933sFCqsycJRCKShuczrjD4zojFvMjEBQJ4mlvLQrprHTFE3UzLi3MveXUZvo sJvl1WcDoyxmm7JlWUwG2qBQCph11DYs6Eop/QFbf9DX977fe6+f+21LS1v6nonJgtlNvun33nvu +Z7zOed8zn2VtbW19N4gku+BMIHALQ1EfONjnNqeKyK5mJH0Te5BlZyYP1TLTg9OnbmlgaB/vPIo RQp+QN44kccngGAsOx6MCeRAf1x8clstP/l6zhkRj8cZuOS/QDy7Lf8bCbOZ3Ohi8jwiDgA0TLRA cA71C5jLsC/kWvJS64nTBBBN+xv/yBiPGlKHyioqGmYa2B5vF6eLTsXXr1m7JZlI1MUqKpLZHEg2 NpYLYru00eeF6z5SWlqaznYml/3GROLrISa+rbTuNiND1bGamlH4Ok6pFN2zMo/qHtxIF4fGqfpP 52g4hU8KC8ZNhgXCaLvpT5cGZ1sEDnmeOjf7WMvKlvyoCe1x3PAinR7fjf2sQCAid0kh78tkMusH BgYWsCYX96dlUMMbhBRf0Bl91Q2n9lzfyWjatnEF3VdcECw9faqbWroGFgZink9LY0xKax3BHgrt xtHb2/t2SdGaH8GpLYzYUzmZbkwa+myKjuYkn6MQNAZ6DSOrdzrvXUHPnu2hu9+XRxeGUnSmZ2ii NDIItv1rS8ZTOIEj4EiSoIf5gFjIDssLyWTyiOd5p33f7zpw4ICLv3dLz9PUHXk9VZi6y+Vindbq Uqyy8vjNdNXX138gEokUIqphP0VvxKpig8mGhhIYeg/oO8IFP18ai/195nmcWeWGQptgeoi0PglZ EME8A9ncPZyix4+9SWNw+Bqe2/LDtHpZhAZH0zR4LUOfRrYscgSd7R+hi4PXoHFuombvGkoloo67 2ePiCT+VepZx0aKESNPqzFHU7FZuUWdMg0N+Aw55hOF90lxWU1OTApCroqHwa8JQidKqjSLiy8lE 44+h51EhRNRyPOqekg2/2y8jTrXlFOj6YtQNN3LGCjki6vvKZmuXslGdzYJpnx7YUEDN37yX3kl5 VPKLY7T9w7fTvq13UnvvMKV9TZuKlgUm9QynaedzZ+loF7pmOHQDqtmBwBE45xhtHBjNkGIhzoVr uNlqyLTCiSKAsZxpVtXc3ByH3Dgh+yA7BhBWMKUPSylLfOX3ZbR+yCX6ihDOTzHv8bWqgAFWbZ3j iIe9dKa1rq7u4LIl+QnBeaFSKqWUOY5GcDtn/CMo43mTwgFYEaS9Dk2kvYMsCWHt3jvyqX80Q3/9 99u0qXAp3bHEpR9uLqZjb14FV9oOM60uOxCMIRAGQUek4TleLNM62ph4rKJ8b1Nj45ew/wrjTIyP jHyQhAhuNngWA4QDiPomOHTJKLW1srLyArLhBWEVGfMaUv5fvuPgC/o0jjzIydxfkJ9/GV1sNfjA M8RLYw/Hnkf7lutWr90nJN8NXXPAsD7Z4U2+wLZgfhUZ8rmGE9R54Qo9s/PjtPsThVSYH6GwKymF 6p4XCJDhVEovRBvWAdgLDiL6mxVMK9UVYtznAmZyngclEAkMWQXw1tl3tNKj4JA21P1t0ZC73JYC 9nZy4ey0ugxCHsgRrcR8gwyuBKZXus5LVhG4yke5HDKG7cbBnDtRN9pp51VwAkZH38ikXzaWc128 nhEwJMgroD/1ITPvJSpQEsQ8KDIHIaXQRCjgSAAmahsvrB3O/EUwtgeEuA2O3F9VVfXn3+9vHAE5 rvCVehmckYA4qoWWolQ0sumfUL3eKoOKAtwR7sTrmQmz2WcRLNv/c77YWUGBElF4LNfMGXzyNooN aQMSpBJnu2Dk59cVrZGIFrLWjKLGyyAzp63O1TjPCjOhVDT6ZOTa2GccIT4FRmxM1ic/Rg4dhP64 dRhPCgX9FkrjewKVNZZON0ek7LGtMsguTgdxQTuEXF0Bk6omMy1nIKzrU+7Pe/H2ff7qk/H39xYX L5WIXtQ6HhAeY8sD7DFXviIm5SKVTkdBXITeFQF9Cx6OAGSksmccK+uRJ1wmHds9lNF2LWzlEfHl VTt2XEk2JKsV063SkasyJvM8+vhDiP5GKfg38J2XguhLaTvDZbTY+lgsdqKpIfF9w8zPhZQfQso+ jvM2MOfBQyWkyLaAab+gwJKlHUvDTrDhTt4q88EFUwkctncIjJlrcrR/yVCIPqqVWi210tUo+Fmk GdRhKjwyckm77s8yvv8HMvw4RSJ9OPRd0kxqh5+1ip2I0+t76jtILAdovoEr6kCGaFiRGbRlhvJq A6Fu932vGFaFbRbuKi/f0ZRINoF/H0AyLtPMnEIONwOEPquzrLLiKQDYikr7KjFTAOJ8OSzEmXEv sx3fGPJ7xycKn4GvcEE6gTb5rSPnaCytwFmaXj0/GMz7R9JIRCAVlvRC5wD1ZRQNYi2tsAawdF7+ GNd0Gc4qGaus2Jcl1V+ctf+rmXMY/w7mv56x1o33tpkyZeXls3VQWUXsCGTsM++IVcZOYsM+M8cv b5wiYHmL6K2RIfpty8WJH1yRMHVe8aizF3ObKWFgjzxtR3jaeybXIGNvnVqY9Nd+Upv7r88sQL2L 2+YZGhvKJ50WcHaCO7zJ31FB4c6Y2/fra1qSUhdwCWidKrLs94h30c1sn64NnbKZ9mL8icfQUHL4 P8SUwsOHWW1Hxw3XhVsaiCm/avfuNbhsZMNter+jY07n+b8AIncEbi75H9MMd3zckA5eAAAAAElF TkSuQmCC --_006_ae45cae10fe24054b56af6af5a629f9aluxtrustlu_ Content-Type: image/png; name="image004.png" Content-Description: image004.png Content-Disposition: inline; filename="image004.png"; size=77225; creation-date="Mon, 24 Feb 2020 07:53:58 GMT"; modification-date="Mon, 24 Feb 2020 07:53:58 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAnAAAACjCAYAAAAKJiMLAAAAAXNSR0IArs4c6QAAAAlwSFlzAAAO xAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUATWljcm9zb2Z0IE9mZmljZX/tNXEAAP+QSURBVHhe 7F0HYFRF89/rl1x67z2BQBIggdB7BwFpIvYuUkTEioiK2HvvgoqKolIEpffeewikkd77Jblc+//m 3V24tLv3ov6/lv2+k9y9fbOzs7uzs7NTpC+88ALrLJ0U6KRAJwU6KdBJgU4KdFKgkwL/ORSQ/ueg 2olpJwU6KdBJgU4KdFKgkwKdFOikAFGgU4DrnAedFOikwH8lBfz8/JwaGpiLVCp11jGdj9hgcDKI xfhXJzEYxEY912sdY3pWKJGI1fi7uL6+Hv+ySo1GU/NfSZTOTnVSoJMC/zUU6BTg/muGsrMjnRT4 36UAhDVvnEcjpHJJT63O2FMiYiFavT5UpmQ+zGjwkoskIqNRzGRiCXduNRqNpg/+1ut0zGAw4IPn CodK/JwvU6pyDFpttlHEzhp0hlMQ7jIh1BX+71K4s+edFOikwL8bBToFuH+3EenEp5MCnRSwS4Hn nntO9NW33yZImHSoTq8bJWKiBJGIhULbxhRKCWQ2A5NodUyvp4+eE9Y4fZtO2wSbhDbL7wwvi8Vi /CNxE4vEbmKJuBtTKDjhTisBDJ04T6mUnxOJDPvx2lYHB9m5yspKqO86SycFOinQSYF/DQU6Bbh/ Dd07W+2kQCcFOkCB8PDYOLHUMPWb776fAJmsj1KpgEpNwRq1WqbDB1qyJqGsSctm0bbhXxEENRLc qNDfljr0nf6mZ3qjjhkh53HCnVnwk8pkgVKJNNBoNIyvb6h/uV6jP6F0dPlTq9Fv0OvVJzvQlc5X OinQSYFOCvwlCnQKcH+JfJ0vd1KgkwL/NAViY2NVOp34BqPIcCfaGqZQOjoY9AbW0FDPYLPWTGAj ocwijFn+tsaPhDLStFmEOMvf9HvTuyTckeBGAp5ZsCNNnA4f7n0Rrlplst4isbi30VC/RCJ13Gs0 6Fc3NjasA4zKf5oenfA7KdBJgU4KEAU6BbjOedBJgU4K/FtSIDw83FMqVd6tZ+J75Up5VzgaQGhr YHVq8jMwachsCWzWz/+KEMe1ZS3Uod1G0vTRA7FYopBKR+CnEUaRaKnRKPpG11j3BfAq+LckaidS nRTopMB/DQU6Bbj/mqHs7EgnBf47KACHBGdXT7/7JMwwX+ngEKGF5qvBStNmufpsqWFrS2Cz/Nby mVBNXCshjuzlOMcHaAIbG7mrVrlMHiGRSF6oF7H7jXrD51ptw8disajsv2NUOnvRSYFOCvy7UaBT gPt3G5FOfDop8D9MgfievWfi4vJZuVwer4VNW11dXZOmzeJw0Na1p4Vk7Qlxlneshb6WQlxb2jxr zZu1EAdtG2nfGEKTMLKoo3qErxbCHOzlgqRK6XJRg/h2o173sl6vXfU/PKSdXe+kQCcF/iEKdApw /xBhO8F2UqCTAvwpEB+f2F0sE78gk8qm01sWwY3+tghW1rZrLYUta+cEk50a/FIhVpFFHAULERnh lSqC1ykELs6+jfvVCIcFxglg5E5KQhn9TfHh6HeygbMW2qy/i8nhwVqIM9vLUX1ypqCPTC6PhjS3 UquV3NzYWP8McOp0duA/JTprdlKgkwJ2KNApwHVOkU4KdFLgX0qBxN7Jc0Ui8YsKhdKjtrYG15L6 JqGNE6CsbN2sr08tQhv3HPUUYpPzgRShQyBc6WpFMkmNUWJoFMnqakQyUZFI6dgAtVmlUQYhDZUh rrkZNUyGkL6++ga1k75eL9U3OjogcIijtk6PK1KJViQW6QBdZxbmLIQi+Y6EOBL6jBZNHP1NgiN5 uZKdHF2t4rtSoRiL6oNQe0VMVMTrKSkpJjfYztJJgU4KdFLgL1CgU4D7C8TrfLWTAp0U6DgFYmMH +Kucje8q5PKbKAwICW+ma1IIQSLTv00Ck1mIa3Z9ahbapNCuwXlABwGNlYocG89JXJVlEsfGHJGT Ik/kINYxiVIPQcyAj9nzwApp0wUoHigAxygx6iTexgZjqLZKo9LXKOO0ZVpPTYXUQ6dmuA6V6kQS puU0dWbczEKc5TqVsEa2B06A465X8W89HC+kEokKYUheSU3LGI7fHoY2LrXjlOt8s5MCnRTopECn F2rnHOikQCcF/gUUSExMHiZViD5zUDrG1NS0pXUj5ZUlbpsJQYsmTgY5TE6JsHADmsccjClid8Np kafhjMhVViuSKxiDu6pI5AiJyxTHTcRk3L+I72YCZNVhixwmEkmhbYNwJmc5TCHKkXqqqOJWo17k ZGhgsbqKxtj6PGNUfT7z0dVANtNJNCIprl4RANjqOpW0b5xuz+p6lbRyOgQTpoDCSqVyTCMT74Rj xhyRUbvpX0D6ziY7KdBJgf8SCnRq4P5LBrKzG50U+E+hQHJyvwekMsU7EqnEkYQ30xUoad1M9mhU rtu0Udw2Cr7LJcBCyF69sY5JDEdFfvrdzFt0nrlJILQhmC9p18wCG0MUXutLSovARsIaPpDTIGSR Fg2XmmTsRg2b7eKaaGjOlEq1a0UKdlwRrDyuCDI6OjcYYxqL9X3qsgxd6nJFTrp6SQOs67SkwzML bXSNa329yn0noQ4filsnR1BgJpKu12vZU0aj9s3/lHHrxLOTAp0U+PeiQKcA9+81Hp3YdFLgv5oC ffr2X+7g4PgsaaPq6+s4Qa1JWDM7H3CXmlYBd5EYizmLDcYKo1S/zeBv3CnyFV01OstMqRTI3oxz O7iuWSMhDclQOZs4/OsihR0aJ1yZhEQF/sXPsJdD1vpGA8tXI0Bve1QXm7Mx6DXczW6dWCo64xAi PuMQbAx0rdAn16Zrk2vSxG5ataSeBDmSDk1yoln7Z7q1bRLicL1KtnEINyJRKJVvaBqM4c8+u2T+ 8uXL20Xhv3pCdHaukwKdFOgwBToFuA6TrvPFTgp0UkAIBfr1H/yes4vTw+Rhqm3UchkNyBOU7MSa PEythDiSyCC4sXqjRLdB72vYaPSX5BhV4Fkk65gFNovYA7lJDkFNIRMzJ/wrg4Sm4oRDTm7jIpaT aMUp4TiNG3fRylwcJawWWR2q6iEIXje5M3VLJmLOyNTlAljVDQZW00CCIgmMcE5A7Typm3SdWx+2 zylGP6T2iq5/VapIpauX1otk3BVqMyHOHDeO+00iYXqyj9M2MgeVau6LK151UigUDyINWIMQenbW 7aRAJwX+tynQKcD9b49/Z+87KfCPUwCpsMQeHt5fOzo53VlXr+ZswcifgLtTJAGLE+IorJopxRVp 3xyg+RIjGu4hg6dujT5QlKJ3lpskIis7NhLMSLsGoU0FYUsJQYvs4zghzRwehBRodEtq5NqxCHF0 pUl5UPE+fpe08DDlCEJAAE9vFih9HMWsTos8qdyVq5lkBhMuZRJnyTr3ZMlRVYRuQuW5xh41mTId vCoa4fBgEeJaxo0jpwe6F6YAxQ6ODnfgatUTgu0sR0dHU5qJztJJgU4KdFLADgU6BbjOKdJJgU4K /KMU8PL2fd/ZxeXOWrJ3gwDUFMONpCtSfEETx1mkmYU4FTLJFxkV2lXaALZF7wMeRRWsBDfIPjII bE5yMXOQIi8pXYeiB/S+DpIgxYBr0rbhdxLSqJDMaDaD4yQ8alUNfGpwjdpmwc8NeKEWdRy4O9d2 yETOEQhdki/zkH7pM9SYqArVTy0/aXRrqJDVQRtH/W1ydLD8Tfiabe8aoJF0VKkmogOrXF1Usysr K82d/UeHpRN4JwU6KfAfToEOC3DLli2Dlxa7tbBKMxrMV+rr6rAL31fBlqOmIzQBvHC8d+e1kpo+ nm7OFU4y9gdg/dARWJZ3AHM6mPPkovJajyg/l+P4/VvAzOooTMBLxrtzrpVU9/DzcilWiNhqwPv+ L8CT4927yusaR9VpdLIgd8eD+P41YJb/BZhJeHf21cKq2Gg/10z8vRbw9v4FeM6EY1FVPeV71Pu5 OezG928As/YvwByAd29OK6iKivJ3pXAKPwAejU+HCsbFEy/em19RN0AukzZ4Ocl3mMeau+vqSAHM ETCFn5ldWB0e6edyFjC+A44XOgKL3gG8APxzT05ZbR9nlUONm1KyBfBWdxSeGebEOj2bWlha7R/h 63LaPC5XOwIT+DngvbtLahpHNGp1okAPxwP4/hVwrO4IPHpnyZIlyZcuX3kCmqXptbW1nHbNcn3Z JAxRxA0IXSTESRFoV2nUGQ4a3PUfaUJEeQZH8CcuxK45GSmEMRLccK3pAKmME8jMGjaT5ZlJxiKN nilenOntWh0uaknFh/9raBKb/6XvjXims9aqWTrL3dJCMwjAdLuq0bXQvrVFFANmDFo+5Rgpvabw MUytPGFMrEoT1UH9pwNWnKbRrHnjgglbBf+thxCHtGEzKmpqa9GHu63BY2zG4251en5RtR/G+bx5 nC93dFwALwTv3nWtVN3X3cmh1EUpXo9xXtdReOa5OFWtZ1OKS6u9wn1dKGDxyr/Ia6MIx4zC6l4B Pi4FSjFbB3ibO4oj+jwM785KK6wKjfLjeM73gHfiL8Dzxbt3ZJfWDnJyUNR5qGR/4vuPgEmToEMF OE7GJf2UrMIq/0g/V+I5tL9c7BAwvAR4wfjnzoyimmQPV1WVm1JMXs8//xV7S8CcWa9nk4rKa7zC vJ2PmenYIZ5jnjfR+Pe29MLKpBA/t2IZYxuB3/qO9vl/7b0OCXC0YeZU1K3/aH/KoD+OmPa0Mclx Nz4ysvtMPJuBASgWQki80/t8UfWv7/x5KuTwxXSmcnJk94zsfesTTy8djuuRuUIXBeCJcUvz8Yf7 rz64atcJVlNTx5Jiw294ZlLy/TQBAe+IEPzME2326byqb1ZsPCw7n5bLPNyc2PyJA8ctfWbZMLGE PQSYgk7NwMO5sq5x9Xv7Uiev23+aCzMwMqnbjfNHJ9xKCxnwcjqA4x2bL+Z+/s62U4qcvGIW6OPB Hhqd9BDgkZH0Jx2A55VTU//rezsvDdl2DOOMPWdC//jpC4bE3gyYNwKm4DyPeO/hX8/mvP3J1uOS nKJyFh7sM37BmMS5+P2ejgjDeC8oq6Ju4xvbz/XaeyqF4m2xaYN7zXpoYMxUPJvdEQEE7y375ljG C1/sPMVKy6pYl1C/sY/e0PcB/HxbRzYRvNclvaR2wytbT3c5dO4qNmoFmzmk160LHn9qkruD/E7A FGz79PiSpe99eOjqw98Ax5rqWtYzOnjC0zf0uxttzQI8Er54F7zjVohxfmfP5RFbjpxnBtiEje0X P+1h0zhPAbxC3sDMFZ9auvSh/MLSdw06vbyhvoGzdSOBxWzS3ySQUXUjhCQHOCPgqfHbxiDdVxp/ k9aNvEm5ChDKILA5wiuBBDepWTgz38CatG1m7RjJYnX4TyMErjqz4KY1C29NngokPFFFTqtmQ7PG 3b0aoYVDHS41A59CWkUNKxM7ir/yHMKy5V5sdNkJpkA+Vw2jK1VQwmwPZwpxYg5Nh79hA8dUSse7 atV1BWKmW0KtLVm67LXPD6U98eXu06y6oorFRQZPfGJCn/vMc5sOKoIK3ut5saTm1zc2nYg4lpLJ HByU7LbhiXcsfuqZVSq55IEO8FqJRmv48MP9qXNW7T7F1OC1iV3CJz45MYnm4rSOCEl4b/DxnPKf 3/jjpN+5q9nMFbz2nuGJ9y5Zsuydl19e/qigDqMy4D3+w8ms1z/ddZoVFZaybmH+4DlJc/D7XcDv pw7Ai75Spl7/zraz3faeSWVI+8ZuHJRw8wMDYqabx6WuAzBfWn0ia8ln24+zYvCcbpHB4xePSyQc bwGOJBwKKniv16Wi6t9e+/N02NGLacwR4anvHJF02/xBXcbj2X0d2K8ker3h3c8Opc3/cjv21Fo1 S+4aPn7RxN7EF2nPPyQIQdO4DDuRXb7mzS0nfc9cMY3zvSOS7l66dNm7WCKP/hVBUygu/6n1OyTA 1Wn1zz+35eyglas3MnBVru/nz11mRXWawZ9M7/scvs7jSxAMoiyztObjW7/cFnL+EA5uKiWYpYGd PHWJaR69/b5FQ2NIK7WKLzxzvVvfO3D5wcXvrcFXij8gYVcup7PLhWVBPz8w9gO0OQiTA25l/Arq B6QWVn4y5d3fZDkpaaY+Z+rZUQgM+iV333dnnzDSPv7ID5qpFm5tFj+3/eLk97/4hcGIh1MdXDx/ haVWqHt+d8uA11FlthB4wDFi16WcD27/YL2ioqAIrnYydiUtix1JyRQ7PDL9XTw/hD7TqY53qdbo n3tm05kh332PcYbQYRnnYvXkQR/OSH4e3xfwBoaKtHlsOJP55q3v/CrRVFWR1TmH4+HL1+RrH77x Yzw/DBwzhMCEZvCtRWsP91q/AXsZjQv2xLNnL7NqzfQJb05JImZPePIuwGHId8fTXrjrnbVQu4AP S6Us9UoGO5RR4PbrQxO+oD4IOaCgvqSoqu79+1bv6bJnB6ayI+Y3hJXTp1OYQXfzTc+MjaP5/T5v BE10nPrewasPP/I2FNTkgYn5nYr5fTq7JOC7B8Z9juf9hAiuVfXapS9uOT/i42/WYy5CKYy5eOF8 KsurHJf85exBK9DkfQLxi83MK3onPzdXrtfUN9O6kRjUUohTQfNWY5Bq36gLEu9pdIetG4lm5CzA VWZyCG4qfOgq1CR7ma5JqXChR/BbPYS1BtioNeBfzk7NWt6yXH1y96wmu7mhvgp2tBzBg1HfZjG5 xLZ/fdrey7hWhRkc2+Ycz3JkrlBtHmDKhhqmIQcHEuJaOjlwHTFwQhxixT2dV5h/4oO33yxadTjt iQffAWtBzBFunFMz2LlrRV6/zJ3wKcY5CeOMhcSvEK9NK67+8NavdkScPQiFN4Q3SOvsFNaLjt16 1+PDunBaV37QmmrN+uzQ1TkL38VcpCtxHKAup6SziwWlwT/eN+YztNkfOPLWhKO+06lrpZ/f8sUW v7Szl0x8J0PPjp2+zMSLb1mE5/sADxOVX0H93r+eznr11rexF9TBvFAGnnM1ix1IyVb+9kgTz8nm B41be5KyWs2b89Yc7Lbjj91N6/nsmRTMwZsmvzYxYSFgvcIXHtUDzHHfHctYcscbuMzRg1TgOVeu ZLLj6bluGx+eQjQknsP7VobGOaO05v27V+0MO7Yf40x8EXvq6XOp0CbPvvOp4V1J2PpcCI6oO+vz Ixnz5775nUntTXMR43w4u9h/49xxH5l5jpA91elibvmHt33+p2/qWSgZLeMMgVi2+NZH7u4fuR9t /iYQx/+56oIFOAyU885LuZO/3YY54OxocuWiggFdveUguz0haBLqPCtgwvVcf/Jq0vmT0PC40a0s GBnkGaZpZB9vOcwmxQbcjG+rhIxMZqn6JtKecBuB0iR4MFcpO33iAtvYO6L3o2OTEvCLkCu7cb+c y3bNSU0HHMIRBYyA1WvY+9tPstFd/CbhF94CHOgjPpJedNNXoBd2Jo52Fphbdx9le3uHjkWdINAw V0C/h359KsulIh/CmzPdhplwrC8vZ58fS5eP6xE2Eb/wFuDQvtu2i9k3fLcVONI409UPFTDob/Db zXGBpOF6RoigAKXIhNUnMmSaykrGnK7jWJ1fyH44ke4yplvwaLTwGd8+k2C95tiVketBM25cLGoY aFY+23KETekWSBrhFUJOm5Vq7fRv9oOhwNieqa7jWJqWyf64kO0/JCZgBPCjkwHfErH2VPqIPQcx H61xhE3X+1uPsMk9AqcBxw+BI+/0SupG/bSvdwEeCW9mwZrbmM6nsG0XusUmh3jSNTp2F/sFbav2 puZN+mIr1rMTNnSML1cwJ9fsPMJmJARPRh1XIYJCTkHRRE2dWqHXaqBH49wFIJuQ9AW4nMaJtG0m 6cwRa7REL298Wh0sStG6QEV13dYNPgBYvrguJSM3UmxZy1FmpZgaQls9TkNaEsQsshgJau3aqxlZ EGB+3cuFTT5Syc5WQDAiTZytYudx+6+atHEpyhD2id9ow93F+4yu9aWIG0deqiYbOAr8S9epnJwI WlGuViOEKneV6pMTKanp7+7CjSlt6iRsUcE4X710hX1/OjYyIcSLTBGEaGfit5zN6H/2ONiAq5MZ bfAx8NrPwGtndPOfhR8FCXCZpbWzPt2JgzexBytee/bkRfZ778jEWP+kXniCBcq7JG84l9k1DQcI 5mLFaxs07JNdZ9iE2CDaD9bzhQa6Tv3iYIqYqWHxYb2ec/PYmrPZHoNjAoYD1jd84aFeyNbzGSN3 7MP2Yb2eke/ja6yhWxO49fyakPVcWqud+uk+jLMO40wHPPM4513NZGtOpgcnhngNxE+/C8Cx6x/n 0vsdO3qO3KxNfNG8p36+7Sib1s3/JsASJMBll6tv+WgrbkxJSLcaZxKyN56M6hk7oTeZF5HQxbf0 XHv+WvfUC63H+W1oSkfGBkwDoE4Bzg41BQtwgOd0Kb/MW49rEc4IxVK4awYdyyiqcGFxIbTy+J4Y PPMr1OSShVes4GEDKYc6/lp5Jdk3CSolNWq5mvCzCEaWt8Eo1XV1xObNnIE32LDKGnIOa8HJwUzT yivZtepashMTUiRZpVXOGjClVjRESqGs/DInlhhJ/RYiwEXlF+NGs2WfgWNmBU7+GDchCKKuc3pB hQdDuIcmwYgAUFBV4J1aVOExJp4bZ942UsUN2qALRRWc5q1ZgdBAAV1RXATi6FqjrpMz0IwprGAC Xq1azc4VVzgPjvYjmHznIiuorgvKKwezb4mjTMIKKtQwkmceAnH0uFxejVBmpuuypoJxKqusYlXV ag/m505cm/e1S2p+RUBpWaXpEGFdMDYlNdxtrFny5IWpU219vVILb8gmIZ1eI1w1Wna6qNxxOovw wS+8ND0TJ050zMm6dhNdzUlIIEG/Tc4JFiHOZO+mx3p3EutZgVbZ+Fh1sChd7whr/+vCmxhCmyMM n+i6lIL4Wm46OUUVkCGhTY2PwaJB4wLx4qHFGM5G10lEJS0eb7mMQHOd4P1G89YhxGXKvMQf+44y 3Fe8S+9dV4yYcbSjmq5TqYOckwP9gu/mjA0+e3ft9bmagXGm5BLWhW4UsKZRXHmN8PVKHvlVdSRR t4AnZUVVtSylsNxPIDzCwyOtHFOj5VxEb6qxBlGErhdXNQlbLQvgp5ZWsKuVNV4CcfQqKcPyh1ar WQG8c8SLGBMKT5VdUgs1NY2W1WTDuDUgZRps7JwSgj2pMd5ax9y6OvfU0jZoiMlOPALFW2CfVfBu JsNPLInmfLEOSoeSmnqafIJKbqXapawa49mSjiBBfjk3zkLp6JBRiTlsUQxYsMHczkM7ZQ2NZB/e WexQoCMCHNmqtMvJDHRMFlY6yBVtN2LxdGtZq4ONmSxVuE2ieTH9Ihwq0akNcBw0aLs7Uowi2NG1 VTiD7uaXSrzg095rcu9rXV3CxYEQVsjMSUu7cRvFEjVLGESq3R4Vm4ZFEJ5aMly3CAMtx1rw1OYA cDJMW5OEEOMhb7QiCQzy2+4TCTttDZZtorY/Ea8jzZuGWq3xOTc31z5VdEVOxXxVaC3EEX2dIUUV ahVm4c2hmfAmlSOeG7RkJGhZtG4cAvhPA8anXmNgOovGzTw/A5ykrAq/q7UkaNnrsAkur+Gk2yJc uforJSwHVvodLoZGVih1Fn/pM1J/X/FOkxBHHqokuFnlTiWc6LsBi6WxvJgNdxWxzXWtyW+ao/y6 YI1zO8vPzMGEz0aLbNs2XTqEo3lYeE85m0Ni8UZuq1JHG2qPSnStD17La1pZ46Pn1nPbr5mpIJQY dEpqky7t7Yv25jXZxZrYWMvS1I5QHE0otvGWCUfBZLTXhf/K5x0R4OpDvV0qmELuzxpx2reeKGA8 gR4upEngrU1A3Wp4sDZPfUOkhqrDGXf3Qa7ObRzHbI+Fq1Khl5Mmqg1hUiTD7oADvMDRLHBQtqHU gGFyqIsTC1QphcZu0vu6qtQyaHn0DVYT1aylCfRyJvx4a7bMfcnz8YbSrqUQp9OzAFxXQsXD+0Ro hlcb5u1ShSs1V6bFxmVZaISjTMYC3VS0Qwuio7dSUtLD14Ola6FpkVsdArGryBw4+gqlo1qmdDAy CaaxtYYL8ByUStbFzZngCaJjqIeq2AfGtFcIR2utAhiYm5OCIWqFWTLhPYPUEW4qK/nUTEhckzk5 OzGFg5Lg8bYdoVajA9wKPdxcWH5OfnONK4Qbd5NNqhB4DXIHpY7T8jSAXJb1bB7nWA9nUumV8unt +PHjh0mkssWULoqKyePUrHmkQwRdF2L3U4E5VxpkjU9WBTbXvOEdKbRuFJCXBBs93rE4KJDYr4aA 1ohPkzhsmZMQ5p6LUTEvvDt9P7QqthwT+HTEug4Ewo8TXZgnXM6n76/kgvt2uMBLFUKcZJX3MP3c wm1aR021rAH3xG3nUoX2EvN6kJeRpePS4HIl6Gi+3aYTXpQ7p6wWul5qvJ0VlmPZ9W6AZ7jBTCLC y6VUqFtmmItDZQiuYzOK4ecisShNTOcVhSOu74TjWKvgeG2LDRzrMdrDFf12Kt8nbADKnV2hqOT4 ohXPAbxYD46GQtdzvZuLshHoAZjVuYzmK7zZfN0caL0IkvQDHeXqcFdnVkY4WvMcwHRy5i53OFWh gNIoplNHy4L1p4AGzd0R611g8XN1rKX9uIi0C9a3PPju7cpd+/K+5TA3rfEjs4CW2gp894IdrrtC JhhHgV36r6guWIDD3X7lw088vfnGwb3vW79um8luhkptA7th0kg2tHvQTtQR4p14elRc+MXo7jHd r56D0arZiYGub+4c3pt18XcVfA+OdzbfMrDH+OVwCuAKnXDrGlhQbAwbHR+Rgl/IFV9I+XNC98D6 d0MDHapz8kx2RxCMGDaOh0YmsRB31V4hwMg+YsnSpRtvHdbn8a++h2kD9Zk2HdBwyMj+bET30MOA x9uw1tz2rpt7hdev2e3mwKrBk+DEAMMg/Asvs8RwikS/SyCOFQufeHonxvnu9eu3NxvnGycPYENj g/6kuSAEplwq3jQlPnjpb7scRbhvMDErjLPIxZXN6h1FAqZA3sxyR3ULOzigb8KEQzvJhguMnwQG dQObPWkEw/XpVuAoyK3f1VG2bla/2DkHjpyFQAOUcHVK/zr5+rJJPUKJ2Qux8yDyXJ3eI/LIqoSu /S8cA0waaw5HDbtjZDKL9/eicCKCGL6LUvb73UN7zl58GusF9COpktVpmF9EGJscH5yJNk/zHRey YVzw2NM7pg9JeuDXtTCnIhoS68dcHDt+KBsXH76bjz3rbbfd5lRWXvkBMgpIKGQIBeU1XZ/S1SnZ vJnWoZw0S0xseLoqQHxZh6wKlmtTPJbAUUFm3nc4gwq65oSiF2Zu0Lrh0pW0a22d2tH9DzPq2IkR Hmx0gIJtz6e51b42iZ7YM3vj6If1negtZ3eHObCR+7A//QXZrWk8oInLlblJvvIZYrg/f5tObtBK GyHVtsqdSnTD7+TyMAEBK9LVRqYFDchezS0ogM2KD4axKxMqb50b3zPi3Kex0T3SzsHOE56J3P10 g5bdOrQ36xrgJpjXdvV123z3sJ43PEu2TOQ1TDbRWH/+sdFsYlwEhTrhPRfNNDo9pVdk7qd7goPK M66ZDPBxmKexuHVgPAtyc1zPd26b6/1xW7+uT+05dAb9xLnGzHMcvL3YjPhgUjTsEQjv2sj48COJ PbuNPHUI5Ce7OjPPuXlqb9YrzId4jqD17OfiuOnuQd3vPHEcNmsYX05AqgfPwTjfmBBKhyehHp6X R3SLuBjZPbpHOjmCkF0djTNgzhrUg3X1c9sssM8sysfl13tG9B6/BB6t3DqgcQbPCcM4T+gRQWFE KHSMkHJ+anzItS/DgkPLM7NMeyoJc416dvvAOBbmroJw0VnsUUCwAEcA3ZSy5e/cmNzHVS7useMk vIMgfAzrGcOenZCU6qaUL7PXqPVzTPY6GH3OWXnv2HUv/O7udTYth7ko5OyWkb3ZY8O6wUWTfSEE nrnuVwuGdh2tN06fsnbvGXgkNrLYMH+25Ia+tcmh3gupTSEwUT8TOD667tGbPlm+dh9LyS1m7phw 907oz+7uG05MT5DhL7UtFYtfe2FCz6EIRJq86fAFpsHpq//ISPbilL7pAa6OhKMgJoD6qcDxqZUL pr334aajLLusGtpLFXtgYj82IynsJTwXKngwV6XshbcwzkgnFLfnVCp3tTg6qSt7bmLv826O8ueE 0JDqAodjCC+xvOHhmc998ucxeDnWsFBPVzbvhn7EqJ7Ac+wq/AsJwujz41/eNjT2JReH8D3nM0BX EZuQ3J09M6HXUYVMSh6UQsv2Of2j39MbZi38Eka7hbDDjArwYo9NSNaOjg1+GG0KEqxRvxE4Lvrq njG/v+ru7H3kag5CYUjYjUN6ssdGxO6AEvY9oQii/i8P9o8aU6u/+a41246zMth7xof6sccmJtf1 DvN5lI/AZd2mu6Ps+ben9kl2k4l77jgBj0SM87CESPbspOQrHo7yp/ngV1ZW8aSbh0dcZUWFOQbb 9YC9lgwLJDghc5VhebmP8VRDC+ENQXmlkKost9ecrIT/aMi7FGmsmnswtMAI750vbWTvpdezD3o6 s7hiDe337QpcpPSm5zblMbMC6K0eTmxNbgPbV4CNlVPe/w0FQly60l/2g89A2MTtRWxjI1w5rmsr OdRBCKKXBv/1dzCw8X4SdrjWnXUL9WWPTenfkBzpRzxCUHgX1K/HXHzk63vGrHt5k7vb6fQc5gSB ZvaI3mzx0C4b0NzXHejdqrmDuoxs0M6Y8TPCiFTDZjY+1J89NblvTWKI5wK0KegGhQ7/wHH+D3Mm /fDK70cdU7ILmScEkNuwHzw4MHo18PtZCI7E9xCWYoVm0c1LP910mBXCvioM4ZUW39DXMDY+hNaz oBhmqK8Dfk98fceIjS+6qwLhQY8MIBI2sX8ce3pUwkHwc4ogILT8dveA6I/rdbPmfg2eU6KuhzDt zR6f0k8zLCbgwQ6O88Mr7x23fvkGN/cLGbncnnojhLdFI7ptwTnqU6EIov53Dw/pOtJgmDX72x3H WCWEwW7hAWzZ5H5ViSHehCNnlMm3oH4FjfO3cyb+/NbGow6XsKd6OMjZLMzFOYNiKLQLXHI7iz0K dEiAA/FzyD181R1DHz49PG4gGSsnBLofQWPvC12whCDeOQB4vbYtnLjgcEZRrKeToy7Gx3kDfv/G Xgfaeo73SI194wrE+bmnb/SkUhhtJkd4kzruEzyDK6nwgvfIbf/C0CenzT2aVuQc4uWC06ADaU8+ Eg6N6zMxqv4f3NRvwYMDiQHqWO8wbzpRk0eiUHU0hwLeex8wT0ztEXHPhWtFPt1DvKvc5GIKBrm1 gzheA7zkb+8YOv/cyITBiAPEeoV4wi2Vw1Ho9Q2HwqsrVjwPmAem94y4PSW/xL1XuF+ZSsIFjKUQ BoIL3rsEeImr7xu18HR2aZIcVwTdA9xI2/gRngnSvplpSPvnI4C5e1ZSxOy0gnLH/tF+BTgTfwp4 QrUJlnE5Cng9f1swYcHxzNLuzg5S7hQMeLw9bq0JY+4Xxdnadmdi+PT88hp5/yjfLNT5GM9I6yGo 4J0Cmotf3jZ4/sUR8UMaoV3GOJPnII2z3SumsWNv7CJXSh6mtFAWmzdCgLRvFpsbEuJcRHrj9zUu hl/UrvA2tbKFhGAkwtUkl07LjDkppBuhcdNaX5na6hW0kC9cqmV3hnqxB6JU7OMUTM+2BC4I+LmA OeNEFbRaOCO1Z8oJrc/0MEfW203GbjsKJYjl+lIQZW1UhmfpOVWUeI9bWeOI8rNStYiSgHFE42ho iRVHv5H8OsBHzu6fNujyDf0TaG4TH4PbvvCC9/bQXPwTvPZIRkmMq4PCEOvv8jt+F3wINa8X4rUz wWvvuLNP5I1ltQ3Sfn+d124Ajklju944F/tBGMxyGkPcHH4Fjrw9/a0ps2LF8mcBb//0+JA7rxaU OydG+BXgIPEF4AnVYFrW8ynar355aNyCE1mlPZ1x5dfFz4U0RjQugg7eZhrSYpgHmDtu6hk+K7us yrFflO81TDmCBxWa8IL39tE4b3/khrnHMkq6eboo9ZFezhQcvyMKEdpb6IbkFsDcNDspYlpBRY18 YJQv7anEczKEY8jtV5uIjhO7Tp1zJKMoMtjTTRPoqqCg0p3CG0+C8hbgQGgyTJiJWEsD8strVZnF tXUwAWiM8HTLIQO2zKJafxwb37ptziLHQE/netgg03UYLbo27aQAjzyeZpSrG5Mq1BpJRnFtrUwi 1nf398rRQpgBvKTbH1o8GIYzinAfZwoMvAOwbLrMAyaFoRiHMCI+wE0DGHXODrJCL1wL5ZTUKrVG w+Lb5yxSuSF0h7tKThsUCYm4E227AF53PLkdcX8Saxsaddml6ho5+GxCoFdDIzRmiMI9+K65i8eC 3yqDPVV0pUFRrtt19wY84sczIAeNQDYHp0zOZVBUH+jqlENC8LWSWm+cxl8GDVXeLo4aZ6WEhGLK pNDuJgqY3VBnSm6ZuptWb9BnFFfXOspkDfGBXjl1uMpIrzDcAHg3QxslDXR3oIVGC6RdQcQ8ztNx WzMkr6zGgcYZO4sm1N0J4yymcQmCsuDt2x58xDHAw0mNQMuk3icc27WHA8wehGN2mToa12m69KLa Wge5uLZnoHdtTXW9sVinn4VxuU+JNAr+bkq64qZ5064gAngwamHT4YU4qLhSLcXcqYMSRhvh5Z4D v0SiYwSEgY/Qb4dgL+dq3KbRXPzFFnMFTArJMAnR6YOwh2rTi6rVzkpZWc8g77KCijojshPcBxyd HHEPDDsXuoInHNs9DAAeeWXNRAL0PsWVdcCxWi2TSHVdfN1zKJF5Zklt99sfevQLbNhKzG+ycaH5 vdHWugXMkXg+HmPiB8FIAxhqJ4WsqHugF0OGBzHkrgW3AkdcsTJvF+UZc58xbq0LYJGx3I3cXCyt cUwvqqmH9rIhwE2VQzkDQEM/mNS9BniO/q6qegTRpfXyE3BsJbhL5YZlzk6uLhXQvpE23tp6iYQ4 Ekgo1ltKo5K9X+Vl5jn4nSpCcBPTFbD5Jcu7mkbYFFlSXPFRfNHNHULELzlfw97t6cLWQ2uWj+9t Cmho5GypOXxIW7CxnXo6YIfv5cxeTVWzvBqy2RRu4G9rLLkOI2XYOrde0tCGUkNEXZ6YS7tFL9HV M0mw4AliSnpPXrs62M+dO1KfGRFGhoQP0Thjfop8XJS4d+PWH+4b2+VjuIRlMxEip3eZukFMvBbr xdDN3yMHPIPWdA/w2i+N4LURPs5k/kJzcZOduTgOz8dkFtd4A91GmoseSnmBL2zpmvNapchdJaOQ TbReYLTZLo7BtKZLaxqTquClgjmO/YAZaT/Q0H5QUtv/jocWjwKOcqwX0jySMLLbBrzeNL/Bc0J1 HM+prlUpZZVYz5WV1XXGQq3hLqznBUq5hPm7ORKv+Q3w6B64zYL14oEH09QN+v6F1XUy0FANGkLR 4J5DjlnALwaOaZ/ePnexMtyLsw/eiQ/tL+26pAHmYNSZYOI5Bi1g1CKYchl4d1lBWZ2oUa+bRzxH BXthHzelheeQiUR7ONKeemNlnbYfBGlunOXYU7vSOJv21PjbHlz0JaYW7al0NbuN5546FrFafeGe 0QgYauypRV7Ec0x76mM0F91wEPB0ltO+QnzW1p4aQjhi30/Evi8y4ciM3SzjXFTbF3NxuFhkVIZ6 ORWgLpnqCDL/sTVv/9ue8RLgMNECS+t1P76z89zgvWeusirYTIixq3PM2aqY0tcYmSvUtSN7xdw/ b1h3ynxA0eubbSK0WV4orP7uw51nI07jSqkeTMTyrgVcU75ELA5vGMlO7Rv76GNPP7PKUSahrAdc rARLoc2oRqv/9MMDV+5af/QiK0a4B4uTpDWOljYccH/fJzr4jgWjez2JdykS/p6WA4vf7ztXWPnu 23+eVF3MKmSkCDDZZF/vc5NHD37zdnNmtw7redvTy5athPUZRTRvZoQJeG6V9bpvP96fMmkrrp3L YQNli4YqXG0MjIu8d+HIBEs0brNBX7N+378ttfDtL3addkrLL4PlrMk/uHWfSYFgZMG+7uze4T2f AC4Up+/NNvrsW1Sr+emT/ZeH7jyZCq++xlbjQu9Qv8mLFlesbGiP6AcXjoinyPAUMbxV2BP8/viv 53JfWLnvrEMu3PYNTV6JzenI2cwD98gAT/aACcfHAK/VaRG/hxVUN/70/q5zyfvOpyOPJWzozPOu 5VwkHN0d5WxUYte5c4Z1+9M8F5tpN81C9Ys/ncp6+rv958U5JZXcxkmlrbkjx7yPDfZlc0f2pLlD V0SIYNq84Pf4qxV1P3647Wz3Y5ezWC2cQFqOtclXwLRePGBHM7FP1wULH1+y1tVBeg9gNrt2AjwZ pt+b3x5Lf/jb/ecxv2u4+Grt4aggjXhEwB0PjUh4DO8SvGYaWPzmDgb640f7L4/djqvxSoQWsEVD F4RoGRQf9cD8UQm0nmmcmzaRiTdO7K2UKaerETKimdOCFUmkdJrSi9iL5R4itR56BbF5TyNDNHOM tya/Wvykg+bN0F5+UlscGJL6V1kNrIuzFPGIAciWoUQbNt7XQRsZ+Az7IrOOvZ4GIDbs6f7ShgB7 QKNYJv7Fs49hYWOZXqrXSXTm9dEqdyrWR3VtXa9FX2/olVkL+0KEZVHQXMTV+dwxvR7HuNzbltBF vPZKSe03H+w4E3X8Sg6yU4BLtFgvFj5GtopeiBs2o38czF+XfovDGfHaZlTkeK3e8NG7+y7fu/Fo CivFlWQTr27BG2luk7lAYmTg7Q+P7klBeGnu0KG0WcHvY8/lV3/9/vZTAecy8+FpbGc/gPPBzf27 PQZe+wF47WLAbKZpB7wnfjlz7cWV+87J80qq7PKccOI5oxJpPVPGGrqmbYlfQl6V5vsPd52N23sO PAc05A4qzfprvZ6VbErfbvPu7hdDGiba/5odwM0856Wvj2c8+eOB8+Lictw+mp2HbPGch0ZxfJHG uZWSwDzO336881zkkdRrNseZnIm84ah1Y99ujyx++pkfVTIJZWZoOc5yCPfvfXogdc5ajHOJHZ6j xJ4KnnPnvJE9FwMXynDRSujC7+NO5Vd/9emO0wFnca1LGVNa09F8ogJtfTyc2ewB8Y/hCvwjsLRF Lcf5L629/5KX7QpwILoYV5Cf3r/m0OD1GzEmFB/LXgQJbJwHjp5lF/PLh7x3U78vAWMCiM+plvG3 //m88jWzP/kz+CIZ0pI3Yjsuz000xoLeBSPUIvXMu14YH0enuGes6Y/5+PSru1LuevmTtWQ8YjLq tlVQ5RgCTe64kBGyZu6k74BTX+DXdDrE9+QTuRWfTHnjJ2l+JmRPDkc7I45FvfPgaVay6Na7nxgc TQLrc9ZvVNc3frB4/clJX/8I+1HCzxIAuT2wmMBHYNR6IqsoadWdQ78FTsOsBVd8H/zrmazPbnt/ naiB4hzhGGOvnDmvZ5sPX1CuWnzzG3g/BfCajFnxXVJU3fD1gp8PDV27AYdHnuN88Mg5diG/fPDX tw3+BDAo7VLTiRPfJ60+de31uxAFXQ/Dds4hwE45dTaF/XE8xeXnR6ZTBHLCselqFd8drpXVfH/v 6v3JO7fjZ3LU4DEX98Mh4XLZxPGfTe9DGSlIYLc+edz+yaG0Z+ZS1g5EweeD40k4D+w4c9Xju3mT aW5fADzSgnAF390uFFSsuW3lrm5nD8Oul3DkMb/3Hj7DsqtvnPnmpF50el1kTSbc5j389p7LDz/5 EUxDDDgXtIz115Km6N2JUxfYrguZAavnjP8eOPWxCF20nqFR/vzh346N/WHtFn7jjLl4CEFBj+WW 9Vt92yDq83jA47yaZUz+hEqlUjTZvuE3S55PC1pO0L59XOHMztVT4G/z9KD1ZPbopAAFYkhwRCY9 jNM6JLxRYwQTfX/iNDZEEtB4eSq0MSExp3KQZPbJM5izBMfe2rc3qW09h2dqjsJHutMtQXtD6TGx Wizn4lBYbOAsuVOJoxl1GuZQfo2dy8Ac4H7AOGMubjuf6bN67g00zskYlyYtEr77nM4u++Her7eF nj4JBQ4O1nb7Al6759BZlnvf9DtenNCD+NjSFug/9trOlHtf+gSmaISpXT4GXnviPNt7OTv8+wfH rwVOlJmh6aCH7+FHM4pW3/rpn17pKTBH49aLHYJiQew6eIYVz5+14JnhXbNQ+22r9XczUlK9did4 joHLvMCP5/x5+orr6nk3rgQ+6cCPnMgs61l1pajym7tW7Y47fAA3rhRvks96xn51+ZZJN7wztTcd lO9v0aO57x5Me3oR8ZxGATznXLr32oenriZhDTg22Qvju/eF/IrV2FPDL5zBz3xoSHvqgdMs675p s1+b0JPsep9qgeMTr+1KmfMs7akUT47Hnnr81EW27+K14DXzuLlI2WCatML4HrY/o+jbWz7e7J17 BRcXvPZUA9uBNJMlC2+Z9+TQGMKxI/aFf2V1/tu/a1eAQw8G/HDs6g3r/8AtFHmctgy8114XMYl+ 2bSH9QnzHPPE6B6kKt5jrnrTxwcuB1+k9BmWSNt8yISQHS+t2cKGhbpS7rV3MDm40Ab422t3Su78 N36kzQhcrVVAyXaAA79URPv+eH9k0Oe3DKII5O9Y1Vzw8pZT0vwMzBm+ONKEhDboxe+3sMFBLqSp eB04ctdN+Lvb6sOps77+Dd6clHmBLw0Bc++eI+z72KC+z4zvSVcW6y045lXVz3v5z1OihgrceFiy GtijI+AZkGHg+V/3s75BbmTnReppi8A14NtjqRPWYswEjTMEvY1b9rPVUb43LBwZT+O814JGenHN Iyt+3cf0xEjJ+5JPAY7qsjL23Kbjon4RfnPxirVt3MhVR9MG7CSPU0uEcV4wpezH9TvYmHCPW+8a 0JWYAGc/hP7LzueULXz+ZxxMKFWRABwLs3PZy9vOOgDHBwFqnhUa0746km4S3vjOHXoZV/If/rKd 9Q92vdc8vzlnCfzteii9cO5zP8HERoINE+FReBXM76zLV9kn+8I9+4T63Yl3nje/13vN8SszflgH IV3Iesa47IHQ/FPXwBGPjoobCljbJ06c0QOhcCbVWbRv5gYsAghtdEps8lcbZOybGjfMeyu5mQQj sxDC2e/jQ45y7QpvloC9NjVnQMBKMGxFJyNt5lin3L/UOKnVIQxxnrAtTJdswWkJ2JK6i8utymt0 mlfC3NvhEivtUZ/NAtRFrEEsa2YDZwn2SyRI8JCzfZVill9DwhPAYJyL0jLYe7suuPQP9boXvzxh Bfzmjw+lmoQ3IXMRvPbVn7ey4eHupP0nW1K6yqK56L7jUs7cN9dAoUu8tmVQ1/a6DhxT4A35/t6w oJW3DboF1aw34tvf3nMRwhsuGPjiSNFKELz7FeAxLNB1AfD6jHgtHUKvllTPXfLLXiTAgEJJwHqu Kyxib207LR0Y7vcQoDcJcPj7hlXH0npywhtlpOE7vpjMn6/bwQaGuNwOvN4AftwNCv6WH80smbf8 R+wFuEIXgmNh1jX22s5zLv2iRtF6th7n2Z8fTIXwBrbGl4aEDJQO7/y0lY0McqVxfhs4kqkSx3MO XMl7aPmPGGdab7IWgaRtjPPVi6nsk/0Rfl/cOng2qr1qqYoVdvf7ey9756bCi5UvjuZxfv6HLSzZ z5lwJJtcQQ6IHViN/1Gv8BHgos7mV5uYHblz06nZ3gnEPDnIUPlSfiV964nPHvojp7y+7/FUHOzo JNNItiU8UCBVNZo2QouzJ63Qa2S34HCAssSmCt16JddTS5kSiKHRLkCnwua3u60HhYtFJmVHoW6+ Vtqzj3WF3HJ1zxMpMBejvJB8ceRizolYLaKFH0zL9+4f7huHH8huiErc7qxSGaKPogr1F3XtaY4s NERXTmYUsOqGBLLHW29eYLIT1wojU7NAR8Rk4+K0kQbOVp+J8dD4QXuTkVPA0orKY2J8XN3xqyXk S8/zORWmUzUXm4c2WB7cimAipdPZPG6caVw4AQ6LTfXdqfTQ1PwSE6OnsCv2NEfUHPUFQvjFjBx2 Ma+0B+AosGi5uGZoKvFEOhRUNL5cPfSZz1yk/mC8d2YViyHAEY4WA3Cn45lFEcUlIAEJ1YQjwbQ3 d6ge5k5KZi47n1Oa1GJy9TiYmmU6YdIcoz7bw5HmNwkB9XXsSk6hM+sdRThyAhxK4PGr+UENSGTO CR1cHCY785voCHd82tz3wUQhtay6pxWOPc5kY0woDReuNfmPM+qj+lbMxUeRUh0vblc4iOaonJyU Fu2bdVwsIiEu+rjIW19WOrMqHeYAad/oAW0KXGLT61ghODEzwu6tZUIW+u7vKGYrujmxldn17EA+ FH+0zoVo14xo26hASMMqFiC7zPwkJSBhPa51nVme3ocVa0OhZHBC/8gkVYANOo0ZPklwMJgT6cje vlLHUirNtnUtJoXtr0gFJlKINrvEsQfqik2KRCsbOCITmR4Qi4FpHhvoKWZra03jwa0DjPOJq9dY cU1dgnU7uRX1vc/QeuEOl8J4LVKZsONZJZ5juoeQXRUnwKEE7Mgo8NbUQDNJbdNctKeB4+Yi2saa PnklC1euvZutl+zSmqST4MGcdpAvjuYozGpc6+3MKPAdGOPvj1YgGTDPC9nFETlcfESePId6xa1n GfhsLksvq+oKniMFz+FMYBp0LOF0JtYL8QXznmF3aLkBw380Dex8fjVJP7ReLCYwIUezCoIqOJ4D mIL4ooydTs1k14qrm41zXnldL9rHuL1UCA1pzcHjdUdGoeuEnuGEIyfAoYRvS80L0FZDk017AF+e w+1DUnbkcja7UlCZbE0ndX1j17PIQSt4nMFFGsoq2LmcfL/hXfyjALPptsPuOPwPVOAhPWH4SIWK FTtmYA92DIJNJaXUaE+LhM1IArfqYX0T2F4kpK9ErBiUpjvNygaNA64TmQhBHvv16soOIyE8F2Sx vU0OApmrizPrGxvKtu09zXLrOFt5N6uxEddR7hm9XtIvsRsrRFqXrFz4E9gSFrAQhyHUxKWMPBzk 9KysWmOJQMmBRWoQUT3s/JxxUugXH822HydttUlAa7Nggrt6ubNouM+f2HeaSfVaoquzVV2HfDUO DujLsL7d2ZXsApZfiGvPdnFEW/j/sD5x7MSldAguSHLdPIS6SIyYHmSYGhbkwwJ9PdnBU7DDtdln PQuNCEKAWwW7fCmTaE4dsr5fkKuJQaH06RvHUtJzWW05BPf2GDRnnC7m5sQe0Mc0R5qpMeBziO+A GRMWwJxh53WSYgjZ0pAiplnPbuGcDH4pu5hVIhaZNdEByqEO40JMZSxc4g9eyGC12GhszUUScPv3 7s4OH70AXtl6c9aR5IA5kAC5Doaz7AzRxjrIcMsBBxJJ3aPIHokVwAeltlHbclIojdxVrJSNTI5j B89fRRgMCB3tCcOgoyMOCoP7dmFb952heH1ESGsRUqShQGjAPbZHNAz1G1g25q29sR6IcC95BSWs EPEPa3Vaa5sCRS3REEQe0S+OXcwsYEUlmIuWHKitJrhp3if3jWcnz1610LCOUmbB8Wa6BvH8mkd3 N3me0hg6gp7Ha2XsTzUyrlm0b0StFsIb1yTFeKMp2ZKa+F4JwY5+3jrInf2a08Ceu1DLMsmxgM9h 0uAAUlWzQap1rK9qF/OS5kMr2Aj5T4tQInJWb1RCgAtmB2rHsqN1I0B5aDhFxGNsHF6IJBgTX0RC WRarYneEO7A/8jWsgtxFeZx52uQhCC1yXhnMLjkGs+51sAvGQY+EuCZvVPobn0ZMjwSkjN2tNLDS Gi2L6xnNyiDINIIvGvWGZveFasxNDW3oWPP9e3djh5EonEs7Z4PXOjmpYHsbzrbuP4sLBY4fNJlE mL/oMQlkfRK7sAqE2EnLwly0s6aH9OnGruYUs1rsBcU1mmY4Vqi1EmrHEbcIg3p1YduOw+nSkjut LULhmROCGMeClx0/eonpuJNI0/7iCKcmFcVS6xodyFzQl2NnITfZwg9tR3UJ4+zZMq9h39BqyFmP hC6u88R3yWFNhDU6Fmtgx0m0SUJXezQEHLlczhKiItmJs5e58FAtipNYq0GSaoT+wXqmcp4OfHZo mIy6lTX1rKBSzXLLalytYVbUNUp0ON2K0d9khPM6coL8wMyH8LZoiP3KE0GRE6OD2HaE2VKTYqH5 XuBcALtYulFKTu7GajC3UnAQtM0X9axfQgzLQzrHMgiFNRotFr1VoRy/aMcVtnd9ukeyHbSncmul vT1Vzzx8PLn97dSh80xqSj1ixzaqzZX1X/0jHwHORACQb1ZiFMvE6aayEiew9kiJejIIdzPio9hh 2rCb3jb9AZ7OHcPFOHGN7YU6xFS4BdEOncmwFov7ZrS9bc8pSzVrpmIkQ0jSbo2JDmZHM0QsC4aw 9gS4qfHhrAr5/2rAiMUS65gGJLOIwBWMjLxVZwHH7cfM5ga2cISjxXDAPLH3lGX7tcbRIOEMfAxs akIEW4tcf/m5UCC2J3DRVMV8vRGKjjRoy3SQMVrqXChlSyMWbRdfNzakWyg7COcNe5t6TKA383F3 ZpfPpdEmy7VivcS4IQXWIxEDrKC4HNrEShsCHMlvIoxLNDty4ao5/VTzMeTIhXHphXaDEO/t5BkI mbYYFTabQRF+2BvFsPMpoGCwzXRhpJ+xpFmZjXYvQrtQW21rLmLjh7ZqHM0zGOube9sMJuaOkXAc EBEAuULPzsBJx54ANywykGVC03rtwjUIAq1S55jyf2BsZyRE4cScxRqIGbY3wVHbGRoU6s/WA+fa oiP2cLRBgmNUIA4o1Sw7Fco5O8L6BMyJfbCvys6r5W4om40zt14QJqNHBKuqqGVFhZiL7Qlw5jdH 9Yhk5yDUmzOX1SNg743Ozs7e1dXVnIMGJas3kQKMmg5x+I2+flflxBrpypIcF+gxJ3RZYUN/091g W8IbxzCgmMSze45Wsc8z6tnyeCd2ZJQnp+36KL2O1bb3HjeXVSxYcZlNd3+fxSoQaxECm84oAz64 osSH/GXlEInC5CksyvMC66Hax34sXwgj9QC0Szc1bSx4oIp4w+weZH54GsJbfr2BTTxQwfYVmjWD fLTWbbI6AMbV6S7XWBbbkG+64OVkZ5MQx3mjctQVM2eZkcW5itmeMj1L7gKhD4LHxaucCW+zuc3J fPQr1hytAVqnnJazXQEOPA/xLWlNkwDXVjXTmjawkVHB7HJBKUtLg+bHjoA0BQLhLzjE5FQ10Hmw BY5GTgJzgoBE7W4/ntIUC7BNMoEOlDViJPjo8SOXLCNkgUmWlFBn6llikBcLRbDeYycgENrBLz7c jzvPpqfnAx63FzThSGuH5rMYB8HZSdFsH3iYzjozTUskUVeJ9kaAPicsgeRbrD9uZWDP6wflJtHz /AU7B1sIUqNiglhaMZQTpWm03ppJhTTORDQJBPWxPTHOcJKzJb+RgOwL5cRNtLftPs05ErSYOwbK QUx0HBkTDIGxgqXYPdjq2ZiYENi7GJBjtoYI2EzwJ/ha4Ojl7MBmAscdOFBzh9r29lTslb6eLmxY 93B2al+T0q3Z3GlzfvyP/chfgANhaqEhgTrOLomoBjQTrbxUm72IwayjKPI8CrVJbdssmHB12OTI Ld7uKRh1cTrFGqLwmW1LojSvyIvRbrtmpCg0RD0lfrdT1OgHLxwBh3AkHNo91HNrzMDq6JRt7+RP dcE0yCXf3pVePXDkm9OW6NPSG7kZCUBrDdqt59Eu4dUApsHlS7Vz7UjtmvNB2qY4JiM3z1p4TLfE keLwSYl327vuxHPqC8VKs5lXEO3apY0ZCeqH3XlGdKT5beuwY+kUxprmBM2NdruDOjQXSbvLp9Cc IGUl5UREcZFJZNMsc4ToYElWT4nqiXc7QPa+UCNj+9Wk0TLzDHpEV5+cYGJulf7mlME2CtWF4Hek pJGN2V3OZiMzworuKuYHSWrRGWiJ27KLMzowH/lV9oDXcuYJrVuNwaVVA7SyaCfUo24jxiDR4Shz 9FrBvihZxtS4WmUi7vageQGuC7uo2CLEmltysYatzIK2jhQYfyXFlqUFCNypSj98fFnX+gLWAC0c OTM0CylC1AW949wgwKHNeo2O0wjZnLYWXmufdXNryv5chFBNa8DWzUnTXLTmtW2PMcdr+bRrWS+Y hzQf2y0CeU4jeA63r9kiohk/HiTk+CHH72zOafA6Gjeqw5PnEB+1zXOE7KkGHuNs4nXUrn0cwXPM +6+tPOS89nIz3SjuKLen2tvbbFP6v/qpIAHuv5oSnZ3rpEAnBexSoKGhHkKcPtEoMvbTwMaHBDZT wF7i8ZwigPtNatSxtVVKXFGCxVjChrTUThFj5q5OaROz23RTyJEfM+vZ5iIN8yJD+rZs4dCmTFzL Znm8jyvTPKY2WFsztN0OCXO1ehfWVX6JzXD7jH1TtgQVzY4O1q+gvR9wjbsS4UpK1GTjiDpk6Pe3 FBIP5OyUawxL0BRxCW0JL+tcqaSJoxv1YESiVTmY0ox1lk4KdFLgf5MCnQLc/+a4d/a6kwIdoACM GknTXFc7WCySeJDpqUl5YEqBRWax9C/FfcttkLAtapgTWbRvVM9a2CJZhT52c1q1QNOsjatGYEb6 tB2oV8GSVRtZN8U5CG9wThBQ6lC/t+NBdqTuCEutGwL4LZze0H4uZXCg8k/Eh4Pge0nhz0rkrsy5 sRrODaY7R+tcqXS3qoRHMl2jCnC5EECFzqqdFOikwH8CBToFuP+EUerEsZMC/yYU4K6HGrTdyf5R zAluFknM/DckOnJe2KeWswry5aHQJ1Qs2jfr61MS3qy/C+lju7ZmkCKhfevruBc3m8Te+Kj2rjdM NmYSmBgNVO1kqfWUnIPeb3Fx1mE7Nz4dNLAqsSM7rQxkozUVTEeeimYMLPH1jGaD2CgnJJbF404l HB+6dtbppMB/HwV4CXB1ZLSJtEyNuJMmD1IGz7Z2YwDhdKiBkSsZ2NfD60hN9llWBSd4UTW84PR4 1kAhKMhLle65281JqOXapLYJBw6XFqVei3gIeEb2U2TXQ3+bLIDbKcCf7vVrYFhbD4N53Ms34/Jk j0Hes41i8/0/wSMm3p6tAu7+CUfgAcMnhCcgm4EWhaMD4NAzzguQYJrsiVoX2hTh1Uk0JLhq2Lm0 tOzTGdBn4Ej2KmRLYbfPMKSvBQ6OZJvBjSUXQ6JZseBI41JNnpOEY3semeSCDsN3Gpca4FFHYSta FI0elu00BwhH8xyyGaID7dUDx0a8Ru/Ba7QVjpx9Du+5CFcUDK1lnrU1d2DLxs0dshmTkQ0c9dmW TQrmDtmF1GHOaoAj7PVa4iiqofGl+QM6Ii2Qab205yQALVYVQupY5jdgt+qzxjy/ycaExpDPWNOc 4GxWMX90+ubzm7OZJBqa1wAHj9Zie3MRQgzRUIN+VcD7VqtrhN0zXS+a1pjlCpWuHMmeWof5u6um RdDYluvbYvsmTL5qf01bnsA5wVt2jbs6JYeFjhQt3guSpzEFwo1o9F6YD/ZtWzvSTvvvGNlZRQAb LL7CZVDRm+cjJ+ua7qi5m+dgBzEzKETscD3xSA1s+ZrPRfpumYs0fkbitfB+5MJXtFXgzGPNazm+ 0qJw87MVr7XRezPPIzwINpwFmo04zU36nRx9aA1wOJJtna39ALzJwvPAV5rBA381r2eePAdrk/ge ZwNHPKf1esY6wnNaz2STRfiZPeHb7LUB+4pIYuJ3HK9ogy+a1zPxOq7Q+rNlXNdEb+xHbeCI9Ivc OGtBw6Y9FXi0y8fAu4i/E3+ittvCkfvN3K6FX9g8DFHbeIf2tqo2xhl7KjfOrNHcLvFEUtm3x2vh SUxyQr15b+N4YGdpRQE+ApxsLLwSJbWDWK/IIHbbsERWRKk/2vVaQ+wneMj1govy7aOTWe+uFF4G hh3m4qFSKG8bnMAKq6rYwKggVjK2r9kLtZ3xwWL28XBjvSKC2ewbBrFRcREEyZoDSYZ2DRXXTBrM BnWPYH5erizC2822JyEmcJ+YMHilSRiSgjEXh+aRCj2dlE4PjukL0xYd6wMX89vQLlfam0JYCD5+ XiwJHmGaacNYv1gOR2vayib3imb+sB9KjkHMKUzahGCELmrPO4oT4GBUDa/aO0cksYgAP7LGaTZW XojLMRu0iw9wZ10CfVn+xIF2+9y9WwRiKCqZKxKdhnhQJNxmPZJPTIxhbnoNGwxvIgmEhYrYMJvj TOmcaE7cPbovG8CFBmtmDSSKQV6e2eP7sb7w2nRFu/UUXsNWiA4wlRE9YrARiZhUrmDBnhQ583qB B5tiat9uLMJFwXoijADRprzS1lyEET9c+mmeFY/rx4ZgHrcYF1EXP3fV7BsGshFwv8d2yAy0M1L8 v/YK5s4weFgjVSoLwrgEuiE+SvOimDUwnl0N9eXWwL2jkhE+wcys2oKJK0kXeDtTf2ZPHMAGxIZz l42WqrU6nbhHmK989qRBbADarcIBIQaegjbpCBwp3J0nvLejqxqZr1Oz6L+ycRhnh8YGlhQdinQ2 yG8LD9x2D2Schk2EORHM1CN7M3+kqNJS+jJKpWf2+aBE9ZSGiXgxiUw5Whk72kACnHlXoh61XDvm WF4CFWTtj4vlCda0n7SUqRDnTUeqqg4UPcjvBC9UP0kpu6anNKL/zwIc/DKzlF6sUuHKPKGFI1cr y0ZnEeKIhzjAeaOrs4SJ+nVnpViHrg7Nozy7KRWK2YPiWWa0r4nXgqcZsYFS+J82C3itB1ICmubi QDawK9Z/83gD4v7hAYpSzMXBWO8R8C4PcEW0CFtrGhtxMnioWK5ECkaEkVDhD6vi5axU3jmsF2ts qAOPD2K3YJ1Sqqd2N3bg6O7tzgaAj1ZjvSQFe1G4CkuHxF0DPLj13C8+DPmAEX+QeLct/DCXk7D2 aToGwYvT15WLit40W3FLrpiW3JXFeDmaeA5oSE4P7YcRgQOPQsEGIRxSTcMANgIeuC14jjguxMdh 9uTBbDBCwFB0Au4m3iZfBE9G6I2YkHoWgJBRfq7NeQ682OWzMM5Z5cEY52BWChraDMUCGgb6eLBE 1CW+MhL7pjXPob/pt0bgOATjXIa4f84yrGeK1WeDLw5An309EfKrphEp2RyajbNCJlPcgXE2YP4l YV+bPR7abZPhbNsQcZgICPJl8eEBTAMciWYt5mIHVvZ/3yt8BLjD9/QJeRwf7rgwEszAXIiXkGrK ksTcEj+niTuM704xIDnBY5flpWAP1cdvTutD3zl4N3UZa3lEKgCCRTAJBm3eNGOaRnhEzBSqS98p 0I2lZN2SEPIIPmaVQBh+52JFEn7EecmIhY5BNKGaTYKJ3QOpngSINKUloR8ifF3e/Xj2QJrVHI7D I5twpO+IW8H9Tu0R82iG4y2xk+l3ahdxK5rK4UX9IhezfpGcmmNCN2yYpkI4kq0y4Uh/E36EZxMN JydwdRHnh+2xgqcP93Z76Yf7RtNDDua0HsGWx9RXygBBOBDtCcdm47ygXxTBr8QH0k9T2T5vQIQe H67Pt3aj2JhcIfiEo/U4E47XxyV6DNWjNqwjmDcMi/B9ZticcZ4WHO8aYIp7hEJtWHAk+tFYN8Px /kFdCEdE0Ly+e0JR9duTo7oXsFHduWPt8Gh4Cl7HkeYNFzjODI9iOTXhONM0z+j7WctLhAOCQi/E h+jOSRv3DOxK/3DWWfjQuNC/Fhxbqi7oe+5vVgDx53fLb0iCj7zJPGl8N24NUCE6WtZLm/N7ePRE wo/qWYJ+MqlOmndDz9D5+BAOJoloZLwFR+v5Tf0lOl7fnU1zgnBEbJSmsvvBAVGP4cPhNy622Vy0 uZ5nx/rrGqorby6rrR+oM5ADA50zTCmwLEKcEq1drJcZuZynIrO25f9L+9bUxb92qUh9UsADVUX2 byQE/n+f/SEZ68QKdhXeqP6aMtjBQUgza94sA0/fVSpHpivPO/3q7Ju/xO80hzOsxpn5uzp89dKk XsfwG7emZ3YZbT0XbfPa6ElUl3qOAGBNJX92z7AF+JCcbpqL43pYz0Va00T8Vrx2cnzTXESMi+sl xMvp/Q9mDfgTv3DzcUT0OGscaf0R76E5THOb2m0ajVu7B9Df9BwB3LhSOjo+dCE+Tet5dm9OgKJi zXMsa6X5eh7SldYOBbNtcj92kIrXPTUytpiNjOWk+GFRzfYr6/Vs2f+a8LujL9c2tXHeqsu5Y+LD 5+PTtJ4fGNKM5xANiRaEI8FsyXMIR8TzuV6CvZ2+fHFS4nHze2xW12Y0tDnOo7pMIXxpLJtiftHf t/cIXoSP5RmbP7xNntNqnBkLs/Q53RpHR4X0s3dm9N9vwXF0l4mWxzRfbI7znQlBhAdOHs3mojX4 /9m/7Qpwy5cvJ2HJWmBqIhal3MAXqNC4chx1K+xREnU2oQ59WhXAI4mKOAJiA7CDqGtLscy9jzq0 eN9rr13AJPUZxRCgnJXZ9vAzw7QFj/pLuzIt3p2AacdfnMPRFg2JMeHIxAkJJ1AXQblsF9ShBb7G Rp+74RlxjwLUPWUPnrnPVK/NuqChG571xoeYx1HArLIHE3WI4X1jA8deeBaETybqksBjt6DeIVSi T6tCKdXwI0nuNB6HUbeF9Xnrd1CHGPWnNnCkDB001ldRt9nG0947qEeHk6YDi3U94EiwEvEh3Gh+ 21XtvP46t6Y+soFjfzyjvl8EvGYbeFvvoM45/E6ftmhI7prJ+BBfONbWer799rvGuLq5IG2sxnx4 Js/T60KcTKQ3HFZL9Ih1IWuyf2spANGqtreyuTqkiW6BJsHiTu7tUYR+/+sSF3l/2gjgY2q8PRzp ma0YV7ZQb3omZllyz/phYgl0niLOkrClEKeAdjk7O0+Ncfq4nbHeit/p09ZYh+DHOHzoQEpz0a4/ BOqUoe6H7aFv5rW0J5xDXWvBr90eo95GG/DoEE28rNy89m1SDnXoQGprPRPPIUnyioD1bIvn0AmS 1jPxkUNmfmIPR+LvttYzrT/SklwCvGZCUHuAX16+fAee0aetcaY9NcFqnO2ebtBuPuq/a2NccN3D BdM/L2BPJSGdPm3hGIYfaZwr+YyzTQLjIeWGxT/EF8mD6RTfsbbRX+or9ZnmdrPc1/Zw+aef2xXg bHRq0Y7Ugmd2n8/yhB0DgtiGlINwb4FYLwtFGu/RxvHOj4cvzzqaUerk5iBj4/p2ScPvTwPeL0Lh UX28O+lYXtWbL6w/FlNRhyvTCE/1M8uW/YTjzMOASaccQQXwgjVGtvLbw6kjz2RXMD83RzY5KSoT vy8GvHWCgJkr492HtqQWPrv/fKa/FjQc2MW/kvK94fFzgGl3obVsE++GILTB5+/tODMqrahWEuzp yO59dMneQCfpPMBrpmXkiy+NwZZLuYt3nbvmSVfjg7oHleG31wDvDb4wrOvh3S7Z1ZovX9t6elBe WR2L8FIZ5j/57A4PhehBwMwSChPwSKh8ad2pjDmHrhS6OSmlwDGsAL8/D3ifC4Vnnju9sqoav3zt z5OJeeX1rHuQi3bRU8/86SyXEI6FQmECFzqpvrHm2NU7TmWWuhCOCGJ9Db8/CXg/CYVnxnHEpVL1 Byt+P96trLaRxQa7Nzz+9NJ1DjLxfMAsFwoTuDy2LSXviV3nr3nLYB7Ru0sArWfK4fiqBdb999/v qdFoEzS4FmuZfYGEOBmElgqIAefUkDesMy+01MDZiyUJaYWsC/xBp+uqHpNYRiHjCuB9qhHqvSqU IDzqU1orf4fmLJRwpBNEMbIy1P8VHOGNmibzVFRJlCKFHnaMEFpbCnFaqOWlUkmCpkERLBJpeAlM GFM6ML7749HUW46ll6hg0sImJcdk4PdHMNa/8+h2qyp4d+zpgur3V/x+IqYU2UmSQj3US5ctW4uF uRAw6TAuqACee6OBfbTywKWpp6+VK/3dHNjUBx+9FO/rRHxsjyBgqAx4STnV2g9f+v14vyJc70X4 qLRzH1uyw8tROvcv8JxX15/JfOBASr6rA9IYjukVlYt2lgHeSqH4mdfz0Culde++uOFYzxI1MmwE ujY8umTZH05SRn3uEM/BBvLOmqOptx1JK3HyUMnZqKTodKD41F/ZU4/mVb2xfP2xLmXYU5PCuT11 LZbBo4BpV3nTxn7l2oAU0CsPXpp+JqvcwdtFyaY9+Oj5OF8ngtemQGqPtujfLYevlb38x/EroWrE 2OkT6VOD30iRQLzW7qG+DRwnn8yvfuP3o5djKmHDlxTmUQd4P6Ie4Sh4btvDX+jzDglw6MDt3xzL fPuhT9ax+nLTXvGui6vHB/Onv4RnpUI3zup6/SvLdly4971vcRjTQlOKk/fn+85FfX7f+O8ALwPw eGmRLJ3HOz22p+T/cN8Xfzhlp2eZTuxSmerwHZPveXlsPJ2W5gohFOApyus0P8xbf3LQmp9wiCDb HmxCn3WJDP/uwYlr8Lx/B3C84YcTmR/f/+lGVleCm0Kg+LbK2e31udOXPjowik6SrwvE0TG7vObH uT8dGbB5K2mqTdqL9eeyh35x25DfgOMA4EgnaN4F79z5xbHMl+d/+AtrhM0iFbm7u+cXC2a8bh5n QcwK73imFlase+C7/bH7DkDjzylKROLfrxaN+fzmAT/j+QjgSBoBIWXRa3uvPLXk01+Zoc4kl7v6 +vh/OWfyZ4BXCHjtnvDbagTvBJ/NK99w71c7gk9SEnAaa5FEtiejYvJbU3s74PlEwLSrObOGDZOe ZS9svzB/+dcboLc13UR/HBIU+uUDE1cDXpHQTQnvdDuQWfLL3Z//6Z52CbetREeJTHl65tjZL93Q U0RMDDDt6biaUET92V8cy3jj4Y/XsYbKSm79SV1dPT6ZM/UVPCPtBycI63Q6f6lMGqTTUfdNWrfr BZHg8aVELzZebpRAm2xuvi1lmK2gygQQUlo3dzn7qa8Lsh6YBBdupuBDp5p5J6vZljws478jeG47 M82kf7NBQuAY6SJjP/VzZY4Ij9IKx9M1bEsulPRtBRnmM7txjVopcRTrlM5GZW0pVonpZrylECeR Sl2cnMShajU/Aa5Oo3/jhe3n73/9G8hqZl775Z7QiK/nTPoRYz0SY32UD3qWOnin5/6rhT/f9fmf LhlXoDDi5qJcdbjkhrvenNiDrr0eFAhPXKJu+PixzWdv/vanLZgLmGsY9G8OxHT7+v6xv6K9wcDx El+YqO99Mqd87b3f7Q4/e/SMhefI9qaXjf/wpr6r8Hws4DVdmfKE+9Rbey4//sRn65ihHjwHg/Lh Nt+grx6a/BXg5QHeNp5wuGp4J+xQWsGv96/a5XnpPC5rOJsEiXJXTtW0D6ckSvB8OmDa1ZBatwln k5eWbr805+1VYH+wdyUcP90ZHLnyoYm0p2YDHl2t8y54p/s27Kn3fvGnU2565vU99ZaJd700LoGW 5b28gZn6LKpUN3yw5M/zt32yBnsq8RTwhVUHouK/vpcbZ9pTeY+zmY6DfjuX/d0Dn20Wl+UixRsV BwfntPumzX9sWBfaHJ4SiGPinyn5Pz74xR+OOdflCMfTZZPvXT6GkyPmCYH3T9QVLMCBsPLTOaUL H/txB6uvroSS0mTD3Vhfy576fjvrFzB9Hup8C+Jb7JFs4o264T+fuHrHez/8YQo5YLZxLcjIYq9u O6UcFOEzHwDuEdL5oqq6Ba9sOemUnYYbJWcyAUOB4eZHqzezJC/l3WiTNIW81NPmdoetO5czaM1a MBScZCxGwBmX09h7ey7KewV73Y16vIVMmrxpJTWLl647wOrKoFE301DfWM+eWrmJJXnf9BDqfAYc 7V5VWtFlxLfHMwds/mMP+owxMe+uh/cdZSujA2Nen+oxA3U/40tHtK+8VFDx8JIftiPPImQqyzjX VrP532xh3b2nLUKdHwQyv6kQ/GP37T0CKcs8LkBo15Z9bGWYT58VE3uRkQ5vbSbad96Vmj//he+3 MIMO68mMYxUE4qd/2c96BXk8DniCBDjUv+WjvZeCTx49jUsC0sCjgLGsWbeD9Q1xH/3IyITBhLIA Ovr9eT5r3ovfY36TbsaMY1FOLlu28ag0PtBzAR5g0ASVu97aed49jZg9UrhxBVLip5ifSYEuN903 uBtpzc7ygQgayi4UlC96fu1e1lCN6QZnEyo6jPni1dtYgq/z46izCuOMzVgcgRRakgYu/+l1+zdL OxTTtlgjrtcYxEps5OAtJPy2IcHZ0y1D6LlYpWUj91Vwfq3NCr6WUM5RG4IRRU6zKXzZIQy9q4Xu T2MkM6R2hDgIbReqdWwUcOTSDrUoxRSjrq0gw3wGxVxHCxLmSlxE8aISTqtn0Xo2CXH4TSKRwnOy vgv+PGAPNPHaX8BrX1/dnNfSIXfF5uOqXkFj5wCGIAGurFbz4CtbTrtkXIaZJdIzcQW89pMf/2AD /FTEa9/E3LG2wbSHZrefj125+ds14LWUs0xs2l9SL1xm7+4K8ugV7E17wWP2gFg9v+mrw1fCzx46 eZ3nYD2v37wH6fN8hj4+On4Y6rZ5zdxWG+iP185L2fOf/GYzAlqD55j9CSqLi9nSdQdFfUI8HsF7 ggQ4OKPe9dnBq56XzuKSxEJDrOefftvOBgS4THl4RDxd05KNG68CHIN/PH71/re/24xJg3loxrEg O5st33RcCZ6zEIBu5QXMXAnjPPeVbaedctOwbVrtqZ9C+Orvr7oFbb6OcU4VADPu19MZEN4wF8mL Q2HiO+k4kL65M8AlIdjrAXwlWvIuFerGh17ZfNwkvJn5LKUsWwYhNt7rpgeA4wfA0SzZ2QdbqW6c 99KfJxxz0iCwWvzpMLff+X4z6+PjcLt5buPhv64IFuCAqvuJ9MIupYXQGll7pcCLpqK0jB1LKwgB 8ckmp5mhpY0udjmfXerMaSYciWGaC/6+mpXPUgoqOOtJISW7vDb0ah7wI289SyGvWbg6XysswUzp SnYQQgS4vpcIHrldW3twAce9V7NZall1mBD8UFd6JrMwOicP9rLWHo+gobaymp3NLPQfGhNAOAoR 4OL3XIGJH+XItN5QAH9nOtLyMBYqEEfP42kF4aXFEDCtPaTwdw1+O5VZFJkUAncwxnir98s0urjt l3HTo2wR3gHupZeu0bpCcj5hJTCtoMSzvhzae+QTbSoY97S8InbwWnEoFpmrEEE4vaS259FU4Gg9 F4meIOvZa6U0BWiz5C3AoW7QzrQCF6Ma2nvrfsNJ63xWLsstrwwHjgohgnBWSXXCqcs4nDiamB5X SENDCdELqklVQ3YvvAQ41HPLKqnwzc+HKWmLuViNHIh7Mgv9kiN9yXaP7EfDSGAwad9IaLlu/0Yo KHFteqZB5MTdc1qbXnMShxlPe9en5mp0+5hHAXPbkp9s2pcZWTWC8TYi76mYUp0Lm08mUmLTq9E7 QJuI6d087WQraAV1HcGRD1JIWwbnhXT4ICVhRCEym8O1mAhp6ZcMd806nSScD0TUCT+TVQLiQPBw IJNbc8E8OpOezc5kl/bgCaep2qXS6q4H07BezII/94B4LUJQXMotwqLsEolfhAhwURlFuNXRQ2TF OeA6jgq278o1drGosrtAHOOP4r1ma49bzyK2DXwRAhzZAfIW4FDX93RmsZdeDYWO1IrnYC/Mxho6 k1VG61luOvDwKxkVNd13U7J46/VH6xlX52dzse8wRnsgbwEOdQOvFZU6cCFjSOFgKfCyTcM+llla RfaPgkpGSXV8KvZjZu1cSuOMbCwXc8tooMiGTYgA538gt4ySKGOcrcQQ8N2DWQUsq6aOeBjvAppL 9qXmd0vNwj5ive/TflhXx87llLvf2DOcbK55C3CX8iviSAZpthdQnxFV4Bxkltl9u9Be8B8nwIkR IwbB1ul03YK+WBhcXC2BVsR17cTV0YLZqzWUfVlw0VMy7VYFv8nEXF4foTAVsCRuo1cIOQSJvJZi 7ggsiCnUIiKSGQDaUdc30ibc0vvIXgtuIlqwbWgDEF2J3rWn92gJX4yYPlCAkKqlddOIYSR4nBHD zLGoHoJ6Sxzx3byEheIIpW07EgHGpKKRYoIIS3SEeEpKdVt5W4EjxQfkmTrUmmCiBiNNkNbBt0TY pCQGA3WdPryvcfLL65SNXP7bltop2uQ5EgqZ3yIxdcwkjzUv+LlCy90Wc2oQmUwSSAKDtdep+VKP WxzIsW0s1Eow3SB5WF+hmkORtNmGrVndkYC5Yi3L1obCFs+T+SAWnAFhRYQWCQS/cp0vq+byodrx UeoIjrwRQm5LxKTTUXBhbOiUBcMUc88sxOFvCTYUkVFMAjafIkbMMJJQW9UlG9y6Rk2Lk5V9kNWN jbIa2OK1Yo7cmuYmlJC5yNWn2Hdtze3yBg2r1GitTuX28aMaEhIGW25WoEEdh7fwQuHquANTiyLB Ekd+bcE8rBbB8RAuqI0+Y6g43AUXI7fPtTHOtC/CKkTwhoW4oW0bPoAO3P4tvIBObWvoxYQ3IjoJ BYmc11za4NbFlCe99SSw3UKdVisiGaRVQZ+5UDL/BqUjGjgdrDYbMIEhdbfoBPqqUsiJUkJ6p3dA fIhWQW0BS4qBVMnlQhkA3pNI20x0jsHQGjsUHApmpW3MDExpN5mMucukQiebUaWQUSitNgnl6qwk GvI+wZnnUYkEYQVaJW0HjljM5D7a5tS2MQf1Lko5Mpi3tR5EzFmpoDEW1G83pbQ62EnFclryOODY aNJsCsUR4Yzb4FLEarCxeZs0xLyu8i29dFFIa1Vyuv1r0XHgLIOmENeEQuej3kEMzs4JVlbCBG3E iK1kkMJj0xzmgS8/CPRU1SpI49gGjnIpt6Rb7y7tA28/5T1I669EpFhzCBmwcD8p4GMLIN1bU+gQ EioQ2RdzWayrRnxjfMG9bhsHPA4HoeTjSxVLPQRd1Xuws3X92ETXH7HeBe/3MK3TsVP1gzC7sZ7E gv2dhCLcfn3QtVauQjBmGtPm9LYIcRR/DxzNk2ejegVpJNpYfw4yCXNRKgWtFWrTW6nUeCLuWWnL uUiHHdOZRfCAU/qw1nPbyHwdHJiPI/YeYQVHpLbWs5G5wosXRchexfVHTrYCFIS9xZmMZDdHBZiE wD47y6UGZ+BY0RYNOY23YBxFCKaNNB2tSU/7oljUXiTn9gnrKJMaKWZdq66BDs6OHaKjSEZotCHv ctoLbssSVIxujgpTMMpWU87A3E0aZ0Fz0c1RaeTWSxt8lpNZhI+LoA7xqdwRAa68T5T/Bf/ggEEF V9KuX+PgejIwOpL17eJP6nJO78uznO8X5VfKXFy8WAOYJQQirkAFnxQbzroHehzazhOQpVqkj8uF 3tEhI3NSgIrFRog0Cc5OrHuoP3mOAHFBZW/fCH/TlTFFCSc1Kg0qcByLgIdRni5thllprwWo13X3 PfL42a6RIcHnybDWcr+OQLYu/n4sOTIwC+9C7y+onBnfPZxt3XbYtCgsiSkRRXxy1xAKzHRZEDSM Yd8Yv7TAIH+vvKs0ziZbFIZTsH9UJEuO9oOFPxPk7egqk56c2C2EHdoNGziF+fRFuOLPPtGcVv+c QByzuwf7Fjj5+TjXFuAm13IFARV3z25d2NAIfwqtIcgpIsLH+XC/7uG3nTuB7pErJDEEGnORFGH8 fIispwXimDU+OrjkfTcX78YaTD3LdTRw7JfcC1647uSKz1v7Rm2HejkfHRAfPfHaJVgBuNEmCRwp YrnCgfUL8yBYQswDKiN9PbNCQ4NCrl3CFGka50bmFxaCuI+BtFa4awfwVBcKskr7qxhSAwkPFP+N S6eFjw6JAKp0lsz1Lahk0cIJEvkFUtpSHQLYXvVE1ke1l7kjm0Kj0eoqzg5IB8R+S2+MYcfVI0FW oWeoDuLb7msGVi5FrDds4qSJIUnDEm/PWhMHRD3c3NyklZWV9tQ1V/pH+1cwJ2d3Rsb3VnOxR5dw lhjmc3yPwC7E+7qeHdY1dMQvtBc08Vqg4ahi8SH+5PUniDei/qX4EF8tU8LegOa0ZQPFehmJQLEx nq5CrhKpN4eHdo966ORhWBTQoYfWM8dzRGxiNKe4hHGcoJLXNzogV+XlEaEm5zOLGRHwi+sVxxIj /Mjb3944NGsw3MXx+MS48FmfnMGr1jwHB7zkMD9aMUL7fK17iH+l2M3F06CuuT7O2K8SwWdjfF0v CjLSAwIxvm6H+nSPGJpHjiotxjkp1If2VKF8MXNMhI/mCyXudUn7aBln2lMRQDrSzVnIdSyF6jI8 9uQzZ/p2i0zavg3moBZbQgRqlri7w2PWm0KjwO6Ef+ke6HYosWt48h9kA2ctRzg5s/7RARU0V/lD +2dqChbgQCg97pvfeHfWsEHzV9azkjyiC07qQYHsvdnDWFdfdwoxwVunirqFS5Yue/+t+29c/uxX G1hdFeYCdogefXqwZWN7lSBLQpsxjmyRA++8/+z4XjPySyoDj568gKpG5oCo3EvvnsSm9ox8R4gh o7mdo5Pjgn59+v7p01/5er0p/RcYQb9Bfdj8obFlCqn4S6HDE+Di8MYrk/uOmVdZK79GHi7Y4Dy9 vdibd45nvcO8KXyDUJfn/bf1jthw6ZaJUz7/bScnaJEwPGPqGHZncgQZOP8qBEcaQ4zza+/fMvy3 hSs1otwc7OHYp70xzhh71t3P/RUh42xue8M9/aP2XywaO/iHTXtMdi44vd8xeyJ7sH803OKEGfOj /Qbg+Opbd477+pmvNrHSIjBU8OeQqAj24pR++kAPRzLmF1rWPDok9sGMgoqEHfvgqAXhTQyhZtHd 49isPjHfAJgg7y3gWE50fPveyW8+/fUmVkNe25g70XFd2dMTEtV+Lsp3hCKI+isfHxl/T1ZBWdjh o9iYoN2TODmx526byCYlhH2MNnkL6+b1/PJrs4YMevzrenFONkxXMRe9/H3Zu7eNRggVDxpnTksh lohUptynpn3wegYGyouKHKm4Oi3Vi0gN3E6XBB2AO0AW8ysQvGq0QWx95b3sHs/XoFFrhCbOyhao HcgKEdLxGVRsbeUDrAFavFaJ7DuOUQffxBW2SM5doSpJw2kmn7UQx42LGEFuoVix1wjxPXLgevf+ KSue+fp3pq6s4gaye2ICe3ZcYrGTQvKePRgtn0MT8fHiUQm3ZRaWe588i/0MwpGDiwt78i7w2sTI d9EmjLv4F9S/+viSpR+m3Td10VvfbmKNtTh/YT8YMqQve2J0fKZSLv6CPzSu5roHBkafvFw4POmP nTg46iCUI2HFnFvHstl9IoknHhQCD/hVEc/56O6Jnz8CnlNZTDxHxCK6d2GvTO1f4+2kIGN+QRMd Gr3vHhzUZU5KfnnUnkPwhQNfFDs6soW3j2e39u3yFeAJEhRQn8IovfH6fVNeff6rjayWPMspaw72 1Ocm9i72cFII5jkqpfSzZ0f3uCOvsDzw+CnsqRhnBRQiz909mU3sGfFRB8Y57aklS99dcd/UJ5fD I7oR2R5IMTJgcF+2aGT3bEe5WHAIKGg/3186off0wpJKt/MXIP+BVzm4u7HX77qBjeoaRPu+EMUS c5BJP146pseteUXl3mfP4RxCGlZXF7YcfR6fEPZeB+QIIVONV13BAhxBBeIbMUEmhnjPWLLrZFpP jV5vmJTc7VzvYG5Th+uLsPLyiuUvAl5ZL5/ZD2w7ld7F181JPWlA9/2RrgqKAyfEAJZrGO9kAN6g tfMnvbX2YMSg4qpa55GJkamjuwTSYvhQGHYcPDpRzXgZzG9UiMstf55Md4v089BOH9j9oLdSQvGT hGr0COY+4Dgi5PGZz28+fKkPbP1kE3pHX+wf4UvC29oO4Eialxs/wsIdFuE17WRqTkDXML+i2wbE /qkUM8JRkJbHTMf1wHFc5JM3Pfv7kcs9dEaDeFxylzP9gr0QO3I5uVUKKniHYuiM+Oz2Ie+Ojvad dCGrwCcxOijv5uSoDSuWL18sCJi5MmCuBMyaHt6zHt18/EqCQibVT+nf/WScrzPF0tsvFCbeIYFr 6PcPjH13Q4+Q0VdzSz36dA25NjMp/Cc8e04oPDMd36L5Hecza+6O0+lx7ipFw6R+3Y5Fe6pofgs9 udLcoZhTg39dMOntDb0jh2YWVbj0jYtIm5YQ/B2eCQo/Y8ZvK+CNin1y5nObjqX20usMkjFJUef6 hnnTYWzD9T4jtQJdx2NDNUBotBbiyG4FsbvEFbjTbmb/Zk0wQduaHUpbUnG15+mJVFqn60aw75FR Ybr7p8xJXI28x464829tE0fJ6x2QOqtE581+qXiYZdX3wYZn4+rUcjX1j9q/mfoPknICDF2Z0jU1 aT2pWIQ47ouR87TgRV2MJ4V6Ko8Fr919Oq2Lv5tz/di+XQ92cXegOFmCtB7muUPxOgf+unDKaxuP RA8uqKhxGt0j4vLw2CDyXBYsEBLMN15e8Sh4bcEgf+c79p3PiIKvVPWUft0onuUioZsm6tcCv+Fr 7x/95k9xQePPZxZ49+8enjMzkVvPz3ZwPX9BPCfC66ZFW49f6e6slGsmDIg7Ge+tohhrkMCEFbxT TPvVL3MnvL62V9hoOBq4D+8ZnjkxLoy8/FcIg2aqjfdeA8yKRO9ZD24/k9HVw8mhburA+EORboon OjjOFLdyyNqFk1/bcChqaF5ZlfOoXpFXR3cNWgl4ggVCwvHVl1c8BZjFvXwd79x7Lism0NOlcvrA +P0Y50eJxwntN945Rzj+/uj0V349dL5/SXW948ikqEujov0pooNggRDvXCV4vz5y4yt/HI0ZXFBe oxrdKzJ1eJfAL/DsI6H4/RP1BQlw6AyOpawnPs741GIj/xQf8goi5kGnBA3qTMG/pD06jU7ChbH9 grpheBqLD+FxGYT5BB/yWqJgWbSxhaBOV/xLcCjTg00hBHXpriQJHy+CEeyq+PbRCYlQUXARmUnI ImYzCf+SQHYZ8KAbtV1Qvx9qkK6d7lO2jegaXIGPixkG4UiejtQHss2gaNykTm63oC7Rrjc+BEMd 7+P0RfyUZHLdp7tj0pyQADHZDI+u1wp44EieVGH4EHffMbtPVAE+hDOdOEgFOQIwCX4uHwaDumRT 0xMfopu6R4D7pz2m9adxplM+wRM0zoQ/YBI88qzVOUnY5rsGdslG5GIaJ/JivYDnE/Av7a5ZwJGu Z20W1Kdo5Qn40N1uRd8wn0/xIU8o2szofYV5LtJ4UIYL3CXYhUlzh7yfGn2U4l/uH9odQda4iOPE TC4B3kT8S0YW6YBn92oI9QkWjQ2pf7KHRvt/ig/NZ5orhKMn6tyIf8vwOQmYNrWuqEvrhEIK4D6f Nfg7Sr+fMzKBxoPGiebyFdS5Af/SeqTsEYR/uwV13fGwJz7cXEzwd/s0YUpf8nijcaD1TJsfzUXC 61RRSamWs70iYYIyx1oJcSL8TfKMmMt/KtSU0RaWLZ4ReATo9EOEUx+EmTiHUB5tN0dX9A3sSO1E lqsLZqOd17I45Sl4ytZxOW9NVnwQiPCtXu/EDjaMZn9Uz2JljdHohI1hANiuzlJ4qRpZHrVN4Uz+ YUHORHL8B21bC270NxWMg+vqgwekk+Pi2r35wDiGoiqtYRrb1DFdAj7BJwp/E68lHhmEOuRVRzyD 1os9XktzmtYLPD1YXSh47YKxvQiOCh9rXkvrkXit3esrtA/iM/pQx05NiAtW4xNG89CMYxzqEO+E yzSHo82rStSltUI8R+MoYevvHhSbyQbF0h5G10bWPIfWs10tF+AF4D1az7TPlAyO8P0EH1rPRCta h7Seaf+rJPzt8RzUpX5SfwhuvadSvHbO8Dhas674ZOOTYuY5+NP+eqZKqE+2KMQHid+nmfdUoilN ajJRsexXtKcSjvZ4DsHBicY8zk7y1Q+P6Ul9pXEmnpNq5jm09/AdZ5p3MfhQ/89MiAvFOIfSvk+8 mnDsDpg0txCmgeOLNm0ZUBdaf24u0r6lDnVTrHx0Qm+6Gqe9geiZgTqWfZ8yKdjUCqMuGc5Sn2l/ qoMi6ZsFY7i5Te2QeQoJdhZ4KYCXhd/+JYW3AAeEF+1NL3r46KWcsGy1aW1r4dmh4QKTIncgrrJl uLOnK5YgJwVL7hqYjXdIhd5KOsfvNEFXrD2VPutcVql3GZIc0wleA5fkRkR5J8akhMEq/SvH3Xio k4wN7xl1Bu8BXNtZD2gSnS+qWbHz1JUeWTVapsXVF51WG4Af/StHcnTEsOLw84QBYs8wz1JEC/8F M4hOJK02dzPD+2DdqbSJp3OqxGWUkBwctA4uyQbO7FtkwhFqXxh4si4+rkhRGXYZ7z0DeL+1NZp4 du+RrNIn9p7PjMmFWwRtITrYeRCOpO6VIxaOnLNLETE/ZKPoEeGbj3foyuAlwGzFnPEsuFbP3vvu cMroC7nVTpwnE2BSnC4dxoYMzpW4LuASXwPPWF8XDbIeHEDWA4qQTrYarQqN844rhQuPXc4OzSPX Dbyrhf2gBjAJtkLpgHGmaSNiYc5KlhjpR+P8PuC91Q68uOIG4xtf7L809EpRtYMa3juUEqge8PQU SR6wlIBJ+7ITxjo+yFX92DPLdoPhEo6tmD7aog3o6e2Xcx88nJIXVIS5w+GIJMk0fwgvJVzdKdyF FPMnxFnO+ncJpgX3NuB92g6O/a7VaF/+bPeFgVdKauX1ZPMGHBvgMQtnYfRXxpQYG+JQrnBwiA92 r35i6bJN0Gw+BpitBGy0RQx++R/ns247erXIv7QRfcYPjQjfYEpBBRzRZ/IgJAeTMGcZGxgfQQIi abBXt4PjqKvl9Su2nkxNyqiol2owB5vmN/6WwyCb1iAphzwwv3uFeVUA3nrAIhxb2Sri2bzDmcWL d5/LDM+vNylwaM7Q3KF5SfOG+k30DHaSsx5h3mn9g92d60ETwp/Gy1qI4wQMyx3fP8XKyKkYo/9g tIqtiHNi32bVs8VnsXTbjQlHEo+a5Wri2EpNV+Ynv8y6KC6zQFk2okg0QA5UsVxtCLvSGMuKSXCj /cSe0wL6ONVfwR6LVbFXU9Ts/bQ6poFASd4t/4TcyonCZqGZM88mI3TMGYsmDpcfzNvD3evAZ+/5 vv7BF1ktSY9xJuF+xW9nM2efzSjxKYHHIGnyaB7SfKRxc+B4rYRbLxEuCja8V9RpM6+l+dMWj5hy vrD62d1n0hIzqjUirWUuYm5wvBZ81sJrPbBe+kR4lQLezwC0BHMR97bNC555goJvgNfeeCKzzL0S HtbUZQ3MQBqxrsWwaHfAeqFrQAXWTKSbUj+2d8wJvLcU8Ha0AS+pQK1/9eOd5wanldUpcEPEred6 8Fk9+C23nokv4kUX8NtYf+eax5cu+9NBzB4HPBKcmhW0Qwzv+d/PX7vnbEaxf34dcAKChFujeT0r AA9ZMTgHnzBnBRsYF0aHKbqpILOLtmg4NLOyYcXvx1L6ZVQ0SLVmD2OO5wBfGfCy4OiOv7sHuVZC XbURUjNpSunQ2xJHElaQHSLj5jOZNM4mvkj4aTDOpDUnvmgZ5zDwRYwzCbGUsaZN8xo8m3ixpOb5 7SeuJGXWaEU64EU2sMQDTHsq8RzQkUwuYLLYNci9zLyn0ji3xXPooPgWYhFOO51d7lEJ+2zC0bLv Ez+kPpOWn/hihJvSMDG5K81F0my2GmciAJ7NOpZb8ey+s+nds5GRhpw0aIyJjxGONA9pPhKOfnC2 SAj1LMI7xGNJmGglvOLZlLMFVc9jbve8VqulqBomPts0t9Fn2gvAaD2RKSYhzKvEPLdp3281t9sa +7/zN14CHBHwg0Npryxd+QerLoXgbu+AjZWh8vAIefnuiW/jXWeSuixI02Ior9WsfGHr+anv/wr3 BC6shJ0uAV5QRGjPd+4c8xvenwRwm6zfwG9jNlzK/W3B19tkOenXAM/ObQI9Viq9HpkxZs5z4xO8 8P7NgMnZ+ZgnhQcCF/65eN2x2G827KIQ9GAeNpAkeBjkqK5RXT+7fwJlFJgAeM3sRPHbA5+fyPps yZebWFkRDhZ2+4xo+M4uAS/eMfG5RUO7ksC7qEWfvbPL1ZsXrDkYv5FsOwztaSLMb3E7rkSx+miP ke/eOvQP4DO8pYCE35785HD6q49/CfsYzlbLzrhgEtM4P3/f5DexcB1xDfpiCxzDzxVW/TH/+73B +8m2g65/bMEk+ypkzPhpSJ8b3pk5MBr4DAWOdNpuKgDx8pt7Lj/xPIJU1pNtB+d1ZKMARw9fn+jX 7r3hE8ATA14zm0r81utETvmfc1btcDt5Godw8ha1iSPaksldpo0ZcMu70/oSjqMAs0nrSm3UNOo/ enXnpXve+OFPpuVseOzRESre4IBun97PRUlvBDza7JoKfhuCaPe/P7Rqh/IiOeYQnezhqFC43zZl xN2vTewRbF4zTd57+P7IF4fT33ly1R+sgrPhsYcfbEk8PaPWLLiBjYn0ZtVcBBmTmu+6EGeKDdds 5bVchvTdztJsExN6B4HhhvrJ2UtxzizYUcxWXFazzzPAO/gEyxXRIVPMChu7s0INKW2tO0zjjaXP OSzwQA7tvZ1ex/IQqPfZbip2C/KmP30BWRcoMwTpE/5mbRxs7TmhgDC2Dh9iEeIMyFSgkTp6Fegc KasAZQlpuvvleG2d5usV2y7OfGct2BEOn3bHGg2GRIT0eveO0evw/mTAI9tU67k4ctOl/F/mfb1F ms2L10LP6eDoNX/a6LkrJiaQlu8mwGzS7uG7sri67selm8+O/mLjbuiVMU3tzUekRonpGtX30/vG kinPGMA7YEEQ32PP5lT8+dB3u7wPkyOS3fVMPEfuvHZ435veuak/aX4o00OFdZ8hoL/zyu5L81/6 7g+mq8WBwR7PAUjPAL+Yd+4eT2NiBLxvW9AwedfVok0Lv93hdOEirWd7PAcA5Qq32yYOveO1SUlR 5j5bj7Oktl77xYptF259/aetzFjPb5z9Q4Pi3r177Fozf2hm+kR8bd2F3A2PfLNdwmUzsrc2aOko lJ6Hpo96cPmEHiF4/0b0u0lzhu/ykpr675/78+wNn/wKG22KRWiPh4lE4k/2RCa9f+dozpTHepyJ nvht+i9nstfM+/pPVkw22vbmDZ3nHB19H75l/OJlI2J98P5dgGmySTDBG/fL+Zx1i1ZtE+VmkBxh hy9ycoSD94IZo+Y9PzYhwDy3BTmw2GnB7mO7AhyQitp8NnPpI5/8xgwNmBjWAU5tgFcjS8NCvBPg MONJwCDbnExz9XGfH7k69f1vN5iCSfKEl5uRyR7+bjvrsnDKcsCjJPLElYno8tTCypcWrt4ly6HM C+ao03Z7DkPRd4FDkLvjjMUjutHV2Eard+Z9ejg99huKEu0Crak5SrQ9mGnYXB9avVOydcENJMg0 CXDA0f/g1YIXH/lsgyn1GM8+6zT17OnPfoX7/MxHAONb9Pm0BYd6neHRF7efj9+4GUyPshqI+IRL MLK9yMywxFkVsvr2YU8D1v1Wkzdi47msZxd88ivCFggY59oq9vhHv7AYx5lkz7AGODbZLCJtzzPP bTwevH83PGO5zAv2VgTxCSPbvHUf83Rz7vLZ7AGP4BfC07LAEtaeSH/8yc9+wXdsutaBbG0MTjmy Xcz/YgOLdrvpBeD4G3DkTrD4W1RVr1u2eO1Bt5PHzlz3XLI30MDxt3XbMXec+rw3PZloaK19HPb9 iYx7Xv4ch1qKJM9zrAsRPfw+MCK/hTeSjdIfwJGujQhHGQJTr5j/wx7lxQu4tXUiLT6PAkl39feb WJSr46jnJvS4GW+sMsML2n4x58X5n62HgTjkTj74kfYCqdSyKmuYQuqP/es6j7IIcXR7r0AgX3fu 8GS2M6M/6VhkMa/nGcS3We/Qtju0W5/0dWUT/RTsa2jdJh2qZRVq8F1KpWVSUWHegJXRx74tP00y qyas322HrhTNnqwuqN/oHyVZ+BZC3G95Dezxriq2uo8rOxGpZfedqGa5SO74twlxQFNGl7ycco/i d11fPxZNnBwC5eHLmSzL7drQZWMTbgOin1n1YtTKo2kz3/l6HcYZ2lQ+Y42Xs5EFZ8F3O1gXrxth isbxWk5TQXMxtbDqtfmrd0i5LDc8ea0Rh8sPvl0Pj2unyY8M60q81vqGYtaHB6+O/uIHnMmdoLjm ieOVi6nsoW+lDtsXTnkVeNFBjzuAIw3XU0+sP+J9+PAJrGdSPvIomGObwEe9PZy7fzqj7zy8scLy FmAnf3Po8vwXPgcNKVMQT55TVljIFnz1B7RI08i++3droTCnQv38orX7nS6Q04clAoE9NIHj6p// YEFuqgGvTE68HdWtbxNGfXM8/dbXVgJHChbOk4YF17LZotU7RN08b6SUebua76lVyx/7Ybck+ypu DHmOM66m2IffbWReLsrxz41NINMLYtRcwZKZ8fmRjBs++Q7nAQHjfPlSKnt4jVy1cd5EmovDLAIX /lYdvVb64ryVW1gxZV7g2WcDgiO/++VvLNrp5tvnDo39DqhBi8TNbYeLeWUvP/LdDlEepQrj22fI ER8gBWiAq8PUp0bFjQOoZsole8P6V5/bFeDQQPLWy4UqQzWYvSX2lL0TCGFFdbBB7EgtdJyRFDkK v3DeQ0gsP2HzaezxxONJI8OFzbFTOM2MlBVk5rAdl7J7xQd5RuANyxVg5IazmYnXrmSZ8LOE0OAD E8z412Mp7IF+0WQ31CTA1TXqpqzeCwZAi4GL98MDR9qcUP9KSgbbkpJNthrRVsJMD+RU86kvgfaS 4sdQXV4nddSDCnxXah6b3TdmBHDkBDjAlpzJKxv68wF8pYlLVwSm+F+2C11xIUr1thMX2MlhsUNo EVid2IfvuFyg0pMXMPWb0/LwELho80R4jF1Xix0n94zoCwQ4AQ6wFX9cyh385wkME0XGpiwW5Cpu q1BzRG+EA1l/5Cx7ZGjXkYAjBY4WiWH0hvNZIu6ULmQuYvw0JWVs3YUcL2S46IlWtpjRcN52IWvQ PtK8EY4cHYGjPUUMh6MMOF6guUMbUpMAhyejfj1BZheAhbAaXFJ3e3QkWuMquRSZGXZezIzqG+5D dmiQerkSvON8Vq9zKTAr4sLY8FwztA4Q2+u3E5cZPH/HAs4qM7xBmy5cc2qsqEQfaC7ynN+4LpKZ NdHNE9lbyIVrDwg5zkbaR2kumolIfWvSbduboG08x+suiKJdhGvK0fsr2JEinNxJ62aJrG3AzREE K5W0gAVLcxBVpRrLi8d65YkKZWUo17txwYEbKLAvwRZj/snFrBZawefO1LCfcjRsXqQDc4XAnstd R/9NBfPGHdk1YJiCPrZKKsZdC1GAX0p0/83+s+zevlHEZ5sEOPDaSb+fxLzheC1g2Fl+HNbmuZiX mc2QAi6uW6AH8VqyeaISsuF8Zty1NGgnyNSD91w0tf3DIayX/tE0F5sEuOp67bh1WEewleHPawlH 1E9FNpLfz2f2nDukO9makimHC9JcDdx2EjyHBC1LGBJ7w0FrACYrvx+/xBYM5ngOmaxwExiPxv5x EQKCljSsZFLAo9Cb4MdVCG2EnNwhA6P8e+EXXOVwfNHnq8OXk89dxLhQ2CNLWCpbYIkvEv8EzX85 eoE9PipuJH5pEuAq1doJa4/icMfl6ObJH8zjnJ+RzTZfvBYfF+RB9o9nzGiE7U7J7pdxFYIM8VmB 47z5JITr/jG0pzYJcAgKP+aHw9CIgifx31PRF/C8y+B9u1OuJUZ7x9FcJPtKKj33puTEcpo3Munh y8eo3xA0t1zMZvcM7DIccDgBjub27pTcXjTvBc1tbp/EAeDUVZrbNwLOv50AJ6vWwPwKglZwiD8r La1g9Yit0u6mhA7RHXZIsD/LzilgpbXczY2rZX7mVar9SiqhXIC9TrC/D8spglDDXa21IywAnhSD GBjgza6l57OLFZzmmAz0LQKcc3YtDohYCAGBvshioGFV5JJsS+hCe8GoW1BWxapr1CytuJqMH5vK lfwqh4oqNZPBZsDPz4vlFOCayZZAg2dKMAwPxIrJz8hndep6UpOE4mPRRvmcLank4AcE+kGurWHV iHdj+1rWyEJQNxcpy6phc6hupJ2qqUgMiIDeiCsRV1dnpoRWpojoaKfPru4umOsSjGE1NNgNZKdF R1SLKt6toBJ0BIxAtFuClF6NFIrExrhQ3RDMiZzsAgjmnLbceueUF9Y3iDSIbefh4QZ7CSkrLKmw LbCDSfl6uUPDQbaGDSyvtMa5V4gXcU1OgINZh1dRGdk8wS6S2i2tRPYotGsLR9hV0LzNuVbA8imd lcmhwFKk5WpESYXtl7u3BycTFAGmzUMFmJmfjweitDSyKnU9K6hWO1vPHRDAs5yudmFnExrsx/Ig OJKdoy0cyc7TL8AXmg9kDtBymUes1akOJVX1CprfXpiLWghRVRgbe2Pti7XVgHWQAa1ZrrreGkev EhpnMB2aX4VVtchjTGYMNoR1PPMEPKk5jZypaov6pJyApszXkQR6OqBYU+Uv/I2DzrU6A1t4tMos uBFgwOfCgohZjMMxNsBpK4uUn2cqcS3GkNJn8Tl48MOJLoU1yIZQa3Bmqbh+PVo7nqVraD/GvBNj WmLSXKrUsnnH8J00gnyudPk1zdHYU1fP5LhiIwPYloIzfSfTu1oIlWVVNTR33K1Bl9bWu5XXYmzB P4nf5RSXmWMats9rxbBrCg5wY9cy81k1bJRQrE+GyKSCfmIN+AcibCf2gQq0a3Muom4weHcheH4F 5mJeRR0ZhjeVa6U1rtXAUQJhJhBzLJtSNNrZD+TYO7x9vVhebinNbYJl4Y3uWUVViHFXzzzdXRn1 pYT6bEtJAPw8PN05YbgcKfka6uo8kC2SeCMHWK0zOJQRDYFfKPY04sdcsgUbPEcEnuOJLIOluUWs 1GQvTvAsxU9dU+vA6uqZd4CJFCVllXb4IvY2X0+MRyMrK69mqfll5MTUVHIraj2JhnQIDfL3ZrlF 6LMdHGWwNQtwd2bXsF9lYK9DseYRPudKq0VkOuQNHmaEDXRpBXiOLTqivQDwJ9pPaX+nfd4aR4NO p2pE+jE5Uq75+HiyXNpTbfEcjIcDAtO7Ie9qAVJrwdaeFr41ji751dhD0a6fH/Z97FU11Xb2fcCk /beqrJydKyxjubUN1jgGXizHXIaNtk+oH9NBcVJOcoqdPgeC3jSviypobtc3kyOs+/9P/c1DbcPp ETgd6KNjk9kHfxxkGfmYIO1pU+hwhAk8b0Qf9twv23EI4k6k14+lsJDWY4OWILbWbMB7/futJom8 PZ6L9wPdXLi2F370G+ykuStr69oGZGwgbwBoqeLY6cw8tuvU5eZ55VpSDwLpnOG92A+HLzGktCLG 2OzYTOlQyKjUx03FFo1JZo+uamYe0HossEHTpn5D/zj24ZUcJja5+jfdreNvYA3CoN7ckYns92MX 2NGLOMVa5++0hkrCIj4PDEtiHyEwr641PMLZ0ACBZ0CXAARPDmev/AA6WufSa4klDIN7dQllXm7O 7JdNB8kIl/CzxhGjQqcTI5sxMomt3XOK5UPo4U43bRU6eOB/j47ry5b+CLuL1imcEAoc4wLhaEiP SObv6co+2bi3eZ66lnAh7E3qGQUBTsS+23cWB4Hm4RFABnMQBSN7bHxf9vL6/aygGIu43blI2Q6k 7BaM4WvfbuFuQFqOCzQY2B11aDcGe7GBfbnpUPO8jq3oqGVTk2JZNgS9Ham5lGy9pcrFwN0iot15 I/uwV9bvZhXVYJDtbeygtyu0qNSfhz/dQOSnt5vNHYkEOGL8hvfuyorBSPfuP2N3rO8Z3IMdTUln e4rqWs5vA8c3wajmjUpkqw9eYOcpV6R1vtuWcxHjPHl0H1YB2zdKIUMOR2TEa70M6ZsS4+BFRxea v39nIXyh8TIVWhsO8CatYpPcVrGBqi0YNxiTI1gvad40POK9CUWNhDhXSSUbrNrGejscYDtqb2Rb qu5AexAiEaaEG9u/VXCzYChmTnoIcJiXlNie6GotxHEx+TCYSIXGSVn403reEKX05DBEAtwtxGvX bGfGtlI2WZoDL/TFld7iccmYi+sx6tw4Wg8meC2+Y73M7NOdpRWWsj+OnOMO4+0WCB33De3JNp5O Y8W1GvKYbY6j0cglaXJH8vFHxyezRbCz5qaPjf3AC7xkxtBe7L1VWyAzc6utCaaO5iUEz2GxISzQ y5O9T/ZW1rkx21jP/ROisAUZ2RZoMc3NNrXO6bRI0wkaPo41+vjqP+EMYWO/Ql1kI0LMyDj2Eehj vmhp1mdOEQrhd1xcFNfet9uhbLeFI/jirL6xLK2kmm27kAnym7ZkS6H9i36QIcvN7NHJ7I3VlguG dkYF+1C4lyubAz7/6Efr2sLRtF+BjrP7dmOFEGx/3nXK9vUx+NPsfvHsKHKDXy6tJSG3GRMgHGls Ajxc2Dzg+PgqKKpoSbcnxGGOBUPAHdmrC/skLY/4bCu+yBEB7Y4fkMDO4fB78iRuUqzzs1t3nyYV eNdDIxLZuoNnWAbmpU7fTFUvbiCUMS63D4hnV3IL2O/gjTbHBTjejrZ3nL/KCmE60XL9CeUzHanP R4Brgtuus1cbLdvS1ltmH99DOtWz8Efzu23uENQm37M3x3M53tT6Des5JaTPNpUYZhpxjJbnSFF/ 7NGI2uSLI9Xlg6O9Nq3R59MfapPP7Q3BtdcfC+340MaCJ5/+EA3t3XRa4HFt23OUoTnLc5ypGp+F aG/8mo2LuT+25pppDfArlNYuswKMmZRr0MQZOfm/+fqhXwJkNrSN/JqyUYuENwVzkpSxuz1eZXEO x5kaievrjDxtnTrYPhduBLxeB00c5Umd7PID85cWstVlj0JghPAiajd6RwdbvP6aqwSe2pwPlcnz tHkGBhoBWBSYnUpsNcZnDdD71rzWFjyO1/JkZNd5rW1y8FkD9ta0BSWS6/4uvti07nn2l6rx6Qu3 nnnOEBIEJWaeA2Go3RMSL8scHuNswasjfLGlpti6ixxteHaaqvGZY4L4IsHk+DfFVWx2OGmS5gT3 mecY/hPV+MyzpnbbzC/aDlZ86vKpQ+A50ZvHqZ7q8D37863Lp10LCSxR6m0NFN92CQafutyVPg/a cHSk/Y9HXb7wLDjam5jCcEQORR6DyIc2Frz49IfLEchz9nBt88TRHm2E4Ehjx6fdprljB0chNKSG 03FNQGNDDPo6k74uxJEtVlc5XWlDDCB2yJNR86URbYsIGMNucX+PdXc4wWoMLmZ2zB/CX62pBw4k NCardiLZvTNbW7HAvB02U7L81WZM/TJqWZgBQrPIJGZbe6FyY8DxRkpfRnH5bBc+a0Awr+WxBvjy Mb68hO96Ecpz/jV8kScBLXsBj+r/8nG2gyPfvdwyF/mMi2C+yGOtCOKzf8Nq7ygIQQJcRxvpfK+T Ap0U+M+mAF2b1sDWQ404YpS8uvlGYRLi6Cos3E3GHOWwYeSMtv7mPhuUrL/LWtbT8SCEKDKH+bsb 4IcvCU1qvYoNcd7ELmh6shQ1/IvsxY/jB9qqFuzbDFrmp4MAB1tTaw9UbnOjAweEOAqNlwuzSb6a F8FodL7QSYFOCvzbUqBTgPu3HZpOxDop8O9DAbJrzalUs5TiKjYkxp9p61vaAUFzCsHGH0b93RU6 dlzL93KWZx8RIkSBxPQjnTZxV5l/p6MCTwyaVaOUXKT1GuH0O0upJ+dr6u/f6IEKWgYgYYenRNvk VdvK+xdXqjLYEtdK4JQCj9jO0kmBTgr8b1GAlwDHed1QRGKc+igLAef63N7hF3csBj3Za9C/epPH jlWhbxQ9nKJNcwanBIuLlN0OQIJBkb5JpwkczAb9zWCSASqHH7VpxpWD2V4x1+XgAqGWrI+aIvwM sE/n2uVgcXdHbUOkvgAW1x/ANrZxB8jhbcHRQkPQqc1idmKw0NASdb1ZXTNe9IyzF7XQsb0+c/Qm HE14mJ0Omo+N+Rn1g/rDwWzvaG+xtufmROtxJsCkkTH12ZQ1gHPrtzsumBtko0tRv02OEc1xNOPF Rdy29LnduQibIat51tbcscwrmqcUMoIvjtQfbo60oWu3rBHL+DXNn7bGhuagBU47c4cbX/Pc5/rA Y6wta4HDsSUNrdYzrQETPBtzkRY7/p+HK9RMeFMP6xYMRwadaUytaE+08EQojUQ3CTtehUbt3esJ 4bVwUohV7mU+0lzOYeHfoWigEYySp7JIRQpLb0gELTjHxb+n4Bo6Ul+BHGc6VocrVC71F+hrLcSR Q5ebqyvCVNaxBorp16IQX7OML61pWgsmXtuOsMfxWvOcNvOqljBb8Vp7c9Ga19Kabomjhdea272O Iz9ey/EYq8JduVnzHHv4mfki1692aGPZr0z7n539yswXLPDa4t3WOHK9tIejuT/Eo2h8Wl4rcteS tP9Y8ToKlWFrv7LeUzlcWxTLXsabd9P4cXu+BcfWy8BEO6v9iotSzW+c27pKtewpzfar9vaXpv3S hCPyerfii636bG9cmvW5Nby/hxHYhsJHgJN7+/owVWAA8/L0ZM5w2VWR91V7nn8YRCVCRnh5U11/ 5uXrSxg0uSkpJWJHd38/5oX3w1DH1d+f6eBJ0q6gAK8pT7jqeqBtwiHIx5vgWeMtCfD0kKgCA5mn jxdzw92NKhC7R3veKPQ2XI49vL2YJ7kfw1dSJhE1i46KsA4qZx8fxJtAeAk3N+bg40vs06bHjDfg BSNchpLo4+HeEkd5kIWGqOcCmqjKYStkxwvV00wfd9TH+b6Zq5dIKnFS+QcwF+BGbdPfNr1Q4ckU CBx8EVCX6CiVy1veQSk8CS88o3Hx8wdt6BqsvfhyWBASpN+hOeGEMaQ5gmIdokPkppA5Ezw3PHOH 9yv9bdNjDaFDXL0p1paIqQIC0B0Ox6YiQzYYN6Iv+uqJdj3Qbq0Umzm0Q20WMDwFvLu4eQZ4gRhT FOtgTiInhdyF8PLGM9IhcTjaCtaJueOJOVgtkTP3agOuC6UtLegdXPz8mKpGw7zgBedC89vJFJ6l PRydXB05OlLbzl4eVLFpfut0OomLq7OCnoWgXZncgddY05xwLqtlvkjq7iQRURRlS5EjMwXXloen aQ2okIKGwp60WUhowP/CAM8P7xVTVASzHVxTSiczD+Y2EjDkwW4i9lkOiY1/1xUnMXqEo4CgJEOY EE17h73/D45p1QblUXUS17BApOhKr+/z93WXa8PAuopqObaIgPTovkkMtxbiaMP08fFjUWGIlSWF x6NEbD3O8F418VpXeNzRGqD1okGYpXbnIjYkD4S/oLXFrQmMOYr14pL4ujgrublDvBZ2jia+Y8ML tb6BuXvRPKtm9WAocrG4Ga9VgNe6Aa86tRO3BlywTikVkq39gHhTKPpDeHg6OtD6sywusYODaT27 Yj17eXmY8LPl4Ql60J5CQgzxHIlcRvCaJi4iwyg90Z5bUblp/wOuUgqv0p7ggXFyRRBYH8IPbXuZ eE6z/UrppHIkHN3RLiFuF0eESnHz9mZeYiVzLdMglGhzniMTixxdgKMPt06Jhv4mwb09HGlPBY+y 7KmBpnG2xlEaRHsK7floVw1eR7SxzRcRLgptu9VgvBUN5JHebC4iooAj0Q4TkJMNOHi2vA8QusQf vCnUjIdShZgizeeilGjL8UXUKcXcSvOvsO2FinlFc9oJcP2xnaokYuvQXNIgzGlLn10asRfYmztY V56A5+pbjZA6WAaQbf6fWRAvZ5msef3DdkzuOtMQ7eHEInxGwo3ZhgaOZj+4Tgjo/dNDE1iQq4rm KEU25UqYl9PhT2/uL23UNhoi4bKeiPQ8nOTbXsEjFYLf+iIm26YnZ4oigQMKclE1lYq7eoVu6R9y kwRtGcd0D2CPjOlhm5kCZggEmb5hXrj0EIkDXZSIHXG9RPq7Hlr30LgKnHYMIc4ObPvj0+2Mi5G5 IEChFxjFsBduZ6EeKuK2CHTTVLKeGRS9/fY4f2OEuxNLCnZn6huICbQPlkgSivhuPcNGMWelQiwV G+Aj3VQMUT6eOzcvmJjnJBMbvSGsJobOsNtnXxVyFELYmdo9UBTv50bZCKwTVl95bGj0jlt7+Bmi gePwUHdWyzGq9nGkjT3CXcV+enAiRQincc6yqq0bGem/ZfMjk4I8HeTcljs2HvE2be3p6LQXwglQ PLYpvcNEPX3cCF6TAgmROc6/MD5+x8Ih0YZINye26u5RrB6u3LZggrkxmmc9Ft6AnJ4UpIxLZG0p jWPjQjdsenyaS6CT0kgR2Kb0CLUTnw+elhiXGizeuSMTRD18XFJ2NCfRqTenJgdWN/QwhLuoWJeg 8ZZQOu0SkuzLwjEfNy2+URTWYu7U6KSVExKCN3V9aqYi1Fll1CBQ7twBiLlpi47oB8EbHONDXqPi rl5uB60aT184tMv2m3oEGkMxzn1CPFgVxXm0I2vFAF5//9F6D6XME/kBk4n30qG2pRDXiB/7eIiN nkqjsQwpI+3BtbOwzI8JuQbmLyk1hdP4NyokxHlKkO2N80QlPG3wMt54Q2owNiJreiVrNDswWOc/ tWgjKBcl8pee+nBy76IyrV7q5+p40rqJYHfHY+/P6ONap0kwRCGeVuLcCcj/apvXOmCRBSBW16bH pomiPbjzU6UVzKo7EsM39QmZqQjEXKzWBrE5w7rZmYtGFoy5MzTah9UbReIgT5UlQDUHNszX5cCq O4biDK810pz9fcEk02G5vYJHTtgP/MFr+zx2o6iblzMFd0TALq7UjesRsWHTk54u7iqFkXjykBgo EOyslUD0l1q8q0+kqKu/Wwb+tAQOR3xf8YXl4+J2VAyJNBB+vzxE8Wltj7GUDrY4nA+J9QV/dCK+ aJ27tHJ8fNjvUUtuVnqq5EaKyzmtd1j7whb1CmPmh32Ihu7uId1FcT4uFxA0qqn4uDoceWdGspum sdEQQXvGgsm8aOgNGm56eqYoxtOJOoRAok2l9P6kkG1DQ24WhbqrjLXY72/vF2OXL/qCjhMTAlmD QSSO9nY6Zj2EjgrZkS9vHeIALZwhBDx+86Ib2x9jegKMoABAvlE5G7hkpijay5kCylZavVR4R1Lg jiFhs7lxqcHeUjoy3u5YR2DfSAiBogWnnUBnuLFfL8VzeoduHx02i4W5uxjHQ454cEh32+MCHIOR qWlIFx8mlkrFJNvY7tTf/9QuN0REagTSYfRhe/+G9l99ecVyC5gWGx8v6Pta1AJ+JByO5/Uyz0oq ueTO3v6wxjavVH9oSMyFJjotbssKJvo1U634I3YcigF4NcUW6CgN97eDL+ARDg/z7E6b1dqg42+o SB9B47ynfRzpPumev4Jjy/mGfq8CPPoIwrG9eQZ4xPgh+Xa8cAvDqgDm+/hKH3ZAANjd5rotx+WD 15fn4NEkAaC4qta0s2b2wO93PKaPoGKBR2nh6urqzyHptFc9tCvNkqtjo6RJH+0kNYzwNBrW5hrE f4+8RS7/yPKAQL3GVto3EcIraLnwHv/U1SrpIKXttEF2f85886jypbhIyuIg/vqxekmDGCcus9Bl fX1Kib9xhdSQduXSzVc3b+AChu9pAf/ll1e8jp/oY2LgAksbPOJaR+aidbPbWuDw+ssrlll+sqwB IWha44i5TXmT/9J6tsVzOoJfSx4OHDOB42QhfWxZt+U4f/Dmq2+hDn06VNoYZwqSTxkzOlxajvPL K1a8DGD06VBpA8cTADSagAmRS6zrWjNBjMtpgBpD8Fq2xRfhP/lW/Bvr2RXg7LVF+fFQRwQCcKH4 /2qhFEyAoQW8v8Uvn9JOAZ4M8JqSedvDEXXJ6K1dIzozjs2ENHswbT3/u2lIbVFuN/TjbzPKMePI rAXTv9LnfwhHmjt/27iYcVQKmTv2aAI6kgEXze+/xeKd8rkCHuH4t4y1vbmIdgoee+yxExAgxpHm kAvXAAGDEy7wN51sIGNJpvhI9GvzOMnj77pHbVPvIcYyrdD5sEq9FwuRkxzzd17dmkaThMMynR+r QUqtYDll8mneLRLi/uZiTDKWQYwzwPhNBi2nybbXEr6F/pYrFMhWUn/ulluk6S+80LHW/4G5SIdZ +T+wXjSA+XeoNokv/t3rmXiO3nyo7thAtHjrH8Dx7+Y5NM60p1rf4PylvpvnYuPfvO9TGsa/Dce/ 1MF/6OUOC3AgeAx2oCe3nLs2TAIjjWeWLdsLSekNEMyS4koQyoA3srJeN2/t0au9Azycq/Cd0h8Q vDJBgMyV8b4b/lx8JKP4xoKyGvf5jy855uEg/RTwWh4OeIMHzHtL1I3z1p/ICAjxcm3A91/x8grA rOANxKoi3o8ADZ/YcTF3JNKTSR5/ZtlBBwl7B/BOdQQevQOY92RW1N/+y7H0rjPnLMqM9XH+BvCs E1wLAg143QjHP85kDaYXkbF+DwzdaFyQ7qJjBTDnpRTX3vLL0bSIWxc8fjnS3WEV4H3TMWhcn3sj BeWiTacyBykVMs3SZcu2g8O8DpikMRBczEL/4gsFVTPWH08Puu/RJy4GOCk/B7y1goFdn4+Dqhr1 Czeeyujv6uBA85vCpROOpDUQXPA+qXofO3GtdEp+SbX/A489ddLPUf4J4NlJG9J2U7SeIfo8se1c 9nCd0Sh+YumyPUoxexvwzrd8A9cFf+C3cRaNkMXUhsQYEtkoovlIb4kk2ElvyKmFEPI3O6Ra4yNH XtJLtX3ZfvU49pjPYmjj4FzxNzeoEGvYuZpB7GTdYPao7+MQ1+AZ+je3cb1PYuZhrDP0M5YxDUQ4 i70h0dpydUrXqWR/imDSW194IUXwQRdjPaJKo1uw7nhaH38P5wp8p/F89S/wMbprfeJQWtGU0qo6 zwWPP3XC3UH+0V/ktRNL1JqHfj12NTHMz7MIOK43rxfBBxW8SwLHwjN5VTN/OnI19Nb54DkeDl8D v+8FL7zr67mfWm94+PdTGYNcHRT15vVMfDG3IzDNAswjJ7LKZvx85Krf/YuePOfvrCAcm/KJCoUL mMMxznM3nEjv5+vuXI3vGwHjLcC0vi7lDdaypx5KK55UUF7tMfexp057mXiOndQP7TcBmBMwznPW Hc/oHeTtUozvdAtEeyDyWgkveJ+MDp/ck5I7tqJW4zL/iacPw+zjY8AToqgT3vC/6I0OCXDE7C8V Vm15Zv2x8J3Hz3OMZWjP2LDlU/uNwbNxINY5If3BOzPWn89d89Kv+yQXsvKRn10ePGlo77gXxiYM pgEGvCqB8FwLq+rXvbD1/LCfdx1ldTA8jw8LnPrkjMGTAW8W4JHgJajgvWU/pRS98NzKTSwTBq0w fmd3jB/06FMju/XHo/EdwDH0Un7l1iWbTkbtPnqO89btFxcd/vyMQRMBbzLgCbmB4/qC91745HDG sjd+3Y0cnOXM083F7+EpQ/o//vTSHm+8smKuoA6b4HU7lVu+fdlvRwL2njHJa0N6d494a1rTOAsW 1pcsWfrem3tSH35n/V7k16tiAV7ufoumDx8GoSsGkvAzHcCx/97M0j+Wr93vdiQlg2yC2LgBPaNf npxEc3E06JglBCbekdU16r94e2/qnR/9vhe5HmtZuJ+X/5KZw0fh2WOAJ/iqAu+N3Z5asO65tfsd TqdlM6VMFjhlaFK3FyYmDqdngGltL2kXXRLewPTWvLYr5YZv/zzAapBXMSLIb+Lz0wbT3LkP8L6y C8SqAt6JOpFbvuPFjceDdyMROGnUBvSMveutmQMmmGnYbD2Dxltgb1MPGywHDXIGmlJrmYLKUoYK LTy8/BRMchP8Qt6qhkT3j6SZut4BLlPC3+ry2pp6/x9tmFqVsH6iMr2PSCOtJiHR7IltsYHjEtjj +lTTqNEYdMb1QsbZzCOmbbmUt+b5tftlZzNymEqpCJw9ul/c0rEJfTDW04UKcXjHpaxW8/PyrefG rkZKqDpYc3cL8Z/89MwhN+DZrYC3pgM43vvDmewvX/tlL0vNKWQuKkf/O7Gol4zqngiYtwCmJX+z XdCoLyqva/z6/UPpd366YQ/S2tWyQG+PgKemDxtB+xhgPWcXSIsKeG/QoczS35/5eb/bMaSrk8Fu cOKAXjEvTk6i9Uz7lSAhDu/ICyvrfnpn35XJK7Geq2GaAJ4T+PjM4ePx7GHA+6ADOE7emJL/86u/ 7FecTs+BH4eMTR2a3O3FCT1pT70BMCuFwKRxzqtQr39h+4Whv3J7aiPrGuwX/PSMIbSn3gF43wmB Z56Ld6w9c+2bl37dzy5nFyK+pNL/1tH9ejw5qtsAwJwGmFzyar4F73hfLanesmLLuV4b951gGthH d48OCX5p+uAp5rndocMt3/b/FfUEC3C0IApr6lc8vPZQ+M6tuC2G0STdIGzetp9VaXX+vz0wegXq TAHxeam8UdfpSEbRy/d++Yek/Fo2PIaUrKGhjn3z/SaadAM+mdrnARDmDSHEQaiF+9/YdXHYp9+u gwcEHE2wwRw/c5HdU14t8Vo45S20uUOIwIX6XXam5i2b/cYaZqyELAnhrRw4vvvlL8zH6bb+T4/u fjfwe1cIjjVa/TNL/jgVtWEDLLRgZE803Ln3KMtT17v/PnfCS2hzBHDkfc2G+om/nspYOvc98Esd tMZgKgX5avb0hz8xH8UtD+H5OsDbzhdHGueyOs0Li389HLBnO2RJwhHljz/3sBqtLmjNPSNeNC8K XuNsXrAjvzmS9vDjHwBHXAuRh2vWtRy2EDi7Smc9DXi/Akfe2kfUF6eX1Lwyb/Vut4vHYMIA41jS WPz82zY6VER9cctgsq8Raoc3+aujaXc+++GPGGcsDyQzvpyWye56r4S5Lp5B47IROHI2R3wK6jum Fla+ef/XWx2uXcZr8HDl5veazUwmFvd6e3ryY4DzJB9YVnVu/fDA1Rve+gwKQQTVJRwvXbzC7i2q YN6Lp72CNjcDR2vDaZvgS9WNLz694Vjwjj9wSIVRLpXtOw6wOZpGn7X3j34d8OiA0jTOL7/88tUn nnxyHwSJsRbNkCU/Kl2pktckGcvf7i8WfZWjx/UmAP7tt4zXu0QhNhC4SCAJhVX//2iDiIRss8YR rEisE0nAtSAQ40BiCUVBf5uizhuYu6urfuzMUdUYC94doU34xLXiN27/bLOsNAu8Fjl4Gxrq2Ycr 1zEkYB/+/tSkOQD2Cm+AqAjB/cE3d10c+z5gQBrkeO2pcyns3vJqcdDi6cRrtwoRClHfd+ul3Nfu +Gg905fiXAMP15L6OvbmF78wF4V08jOj429Hs58KwHH0Dycy7nzhI/AcypEEnpOZmc0e+vAX5i2f gQuFZWuAXwpfeKivTCuuevPeldvcLp+5YNpfYJzzw9ot5AUc//ktAx8HrIV84ZnrTV91LH3y6+gj c4RFEsb58pUM9uBHFSzgkWnEZ38Djnl8YdKeejSz5M37vvhDUZKeZRpn0PDr7zcCvHjgW1P7LACs F/nCo3oY5zve3Jc69ItvNoDPmsb5zIVUGmfm+8iNtOf/LkQopHHen5r3xr2fbmQ1RfBJhLOCpkHN 3vv6N+amlI19fkIP2lM/EoQjY3Nf23mx17fgrQxOH+TleuLYOXZnpVqxeeGUl9HmHiHCv5C2/1V1 BQtwQNRt/+W8ITuhNWLwbGpy94bH3YHTl9ielNjkmcnR5JfMV6uQuOdydnR5Ng4ttBi4gpMnPCY3 HjrL5vaNJANuQQIcNFujfjuKxUXu45ZwJ4BdfS2P7buYGTo00g/uJayZ56mdARi3I7VAYizFTSlN DCpikM5Bzr49eJ7NTgql68V3+Q4iJpJk2/nsUX9SImiChw2YKxCSLl+4wvanxCVGDe4ehl/S+cJE vf4/nMkSMyxUTpChQgnAEZrj+9MZ7LaBMYPwC28BDnW9Dl7OG7TnOOiIsW1ySceY78fY7+8XPWxW 3xgP1ON9xY0c0MN+PgUnLwN8MJTmWF4U7qW2nm05lym6MzmK6MhbgEPdkH1Xc3teBCPh5qJFSAAd Nxw+x+7uFz2UGC4WLW/7x9JazdifKIkxaY0gBHMFm4ihComkL+UpJveMIDryFuBQN3LdmYy4a2lZ pvltuW/E3z9ifj8wMHoIzQchwnplnWbMT/tBJiXws+AIwbCmuJhtu1zgPaxrUALa5SXAoW23rZeu 9dthGWdL3D/Q8NCZFLYtpWu/uwZ09QS85tcuItFq/DaWbOwpPzl9LJo4MoxrgCFcD3cZm+yjZ99S SBHEY+gs9iggYX1FpfourEbSQA68ZpJdF9w46ZjpEGKhQeXtKJVKYwGRjPL4lu47zl8LLyVea+ER xHogeK3dd5LBm5+cwQQJcAjsPPJ78EDihc14bW4+23ohI6BfuE8PwNzDF0HUS8J+4KkvxvZBggIV 4rWYX99jXd6cGD4KvwgR4Mb9fBz8gWI8ys3wICwYamvYT+dz5VOTIocBHm8BjnjOjvNZPS6ngOxI Hn+d5ziw9QdPs/uTI4dhTZHtVZMnq72+F1Q3jv+JcCR+bQnbhL1LV1bGNl/KcR2XEDoQMH62B8fq ecy+1Kzwkkz4P7UY518Pn2d3J0eNRF1BAlxqYcWkdYewX6msxhk8pzavgO29nBsyNDqAollb+0vZ Q7f7bym5PjWFEN5I8OfGGf13MLKVhy+yW/pF0l7AW4Cjw/z53PIx65Gonps3ltBS6H8hhNh9KTkJ iUEecN8XtL/Y68O//HlHBDhlYaXalSGWTKtbCzDukio1jYaQSJuOZVXYX1vyd2wkDQhvUFSjto7V wotgGksQypZBaNGGWE/puJvFAuMD09uog39dS10TJklerZrl1zVYxz/jA09cpm6QcoFoW8bqAQ2L ymvJMLZlfDF7cIMqyyFgtoyJBuGwGCp5eJgIHWtlbnmNg+UKp1njYKZFNfU0xoL6Xaxu8LlIQnDL GIJYuFpcxXVgXBwMmgbkcAIdrePVYdwRpoalVdWQgw3ZivEW4PIq1V5F1TCzaYmjVMyq6xoR8kbQ 3KY+OUCrSkGZru/IZmbVWKemfhN+NN68rwuuFlR6VtcAxzbGuoZCgvDPUU915XotkmnSem65BrGO rlapyYKNBPVmAhxi9G1q1GpzcI0aTNeoItIOmYU4i2ODHl1+OFTK1hc1Im8oMWh7U/h/+Tk8P2BI MUNcaBQZ6SKanEKaB+4lutIeXwiDzwNF9QzBjYTGnVJV1mvRUIuBwNjV1jeygiq1u9ARyKpRq4gH thWLUWda00L2Am4+6hrpvRaTEesxC4eonBrBOKrqauFsDpvBZgXwcmu5JceFDRBQZFV1WnGrOHWU HB0bBK6TiecImun5dXUO2TVt0BAw6+lAjuOpAPyoqkxs4Pa55sVsR9lAa11gKVdrYC4B3kJ5jq0L 5hLsHjtCR3EFTJtazRvwbjXwq9PqhZ74RAXlNY7axjZwBHbFtdxctBGwUCBB/k2qC93UCW2jlELW t0VecBjKzyew4Mal/Xckog4Y0MAIu70kuNAVEHpCkWxrOXDdlKK/9BFasNjbzZ0ulUo4Zz6BMDXG 9oLF0sFdeJ85e7L2sOhInxEgWQu1QZvd6uC44OIMqp52KCUzxdASdLcmFon1dHnVujQlbxI82M3z FVyHjHBJzNCBJJYKmRTpMdtAg4tKz/0uCEesFZM7acsCKErTgm5FQ7ouWbJkyY94+AR3jYpKlus+ k7ckY5AzWJKXnN0eqGcfZeJLB/oqcA38B1eXsiGSfEO8qEpaS5kXzKFDrAP30t6pxDXg/vxaVivi ziSCxrnphTbGmuY8PkJ5DlPgHQTnbfOEZAYmFEfSlbXJ/pQ4sCClm1AczfBaTA1A6cBeZSJhy8S0 ZtDmrCxC+0vSHp3u2uGL3M9CYVqmTyuYNJ9g4ypIwOQQaJPhEGcw4qzbIS8lETcN28pkQ3Of7AcE FrINbS+GoKzloUUg7H/X6h0R4KpjAjwKJCpVpL6m+rqmgk7fjo4sJsiDrtSqBHQ4L8zbSYsZggSH pisCrsAA0dPdhYV4OPG++7e06ePiWOsG27wcCvJqERg42Iic7sQFLYQaSFC57I1MAq3OVZD2u/t4 sjAXlVB4+ig/j1JnxAyvLICzDR2rqZAlOMIDxAS4E/2sgxXzQfZq12B/tluL8Dh0nWEpyHIR5+PO oMYUMib0dlX3EM9SqYPSVacGjpZFSuOscmIx/h50RY6jLf/io5BlJQd6s5TD0AfKrSL/Q9Pjbspe IdQ7qszNxQVhvxXODIm/myLMY9zdPTxZor8HjQsmKf+C+ZYR6uPGUs8DnuV6kpuPBkT8doZQy4R6 jZb28HbTAbcW8xuRxhEp3sPJiejIW0NIqET5umT6Y97lZeGKxFpTiOkT7skpFIR4cNW4qFRqhUrF NFWVzdezgyPrE+BFsNqci1Im/RxxOefIZDIX0ngS17UIcRabOC1kw8ej5Oy34gZWQP6DHeL1/Mfv P7MmMhqINIbbxPkiLbRv1Iem62j8bRHiKCh1tVbPtqaXs0cSufUilEcUcbyWtZiL4BFeHq6sq79H ZrPoqzyIGevpWhTr48FO5yE+tiXjgZnXurtwiiOh66XExcWFm0vNCrQ/3X09WYyHU84uHnhZVckJ 8vVmp0/hltQ68w14TpIfR0NBDgeoXxXh46qGRs8Nucmua6RwC6DC/tfF3w2LSFhS3BAXh/x4Xw+2 OxWWGdY8BzuVnyeH4zVhXWbVLk4qaFPICcZqT4VmyxX7oo+zoxD+wDUd7OqY5+3pwgqzYTtpzXOw vkO9nEnmFkrHmlgvjDMJa03nTkDBXIzEvu/joBC0t+BNQ4y/e5G3uxurKSsHnzHvgdR/yADhnk6k guNt7iOQ3v+y6oIFOJy8655YuvSHORMGP/vRqvWYcGZ1LDa4h28exgZGBf6COkI2zfOTekXv/HVY 33G7tiLsoRIbO+6pkDOILRqfzCJ9XL4WSp1QT6eVi8b1mXovvBKN8NDjrgwatGzg6IFsamLMHsCD kZOgsnVaQkj+yqS4gMtHz5oEJMpGoXRkC0b1woJQwpqcfwF9DLizX7VwwsB3XvgUr+rpChkMq1HP brlpOBsaG7IedXjZMFm1uvfupIiizccifbMvw3SO6Aim5x6EiNL9omtAAQwW/0Jj+NTSpb8+MmXY E29+Aadd5LHieKrWyObOGsaGdA36DnUEMQIc1Dfc3Tdy2Z/Hg52L4bzAMVQsWJ+YCHZ33xhi9EJs KCgmXfGiJ57+fdaEwff89CMiISiIYZnY5yOTBrPkcG/CkbcjCFHH1UH60/zhCY8ePndVWlMC2YoY KuZObK/ubEZSBNkb7eRPRa5m1rSeEX9sHtV/ysZNuyG4kj0PMVUJe3h8P9bNx/V7mg9CYCKq+ZoF oxPvu+vCVWak6yFEnCcc+w/szSbHh9IefJwvPLRd/8SSpT/PmTz0uffIiFpivkpFKpk508exkbFB ZOTd5npe/vLy9KeffuZbnG7nQ3OJbpGusbkQpwEDDXWSsqURUjaPhOIOKNT59uU/t56Y3SbN14dJ GqRVBpO9F+fTa6XZJyFOAdr9dqmEhYZHsTuSwomHUTBTIeXS5F5Ru34b3nfstj/3gY9h/VHKJZmC LZ7Yn7LkfCsEGNUNdHNcPW9U4oz7MBfJ3tbCa/uMGMBuTIwGQ2cwnBJUTsxMijr+W/9efc4dwDTm 9gM9kzk5M6xL4rVCQ3+svW9g7NM7TqY41MNGlFvP4IthsTHs9qQwEoyE2AVTR3JHIJPCreMH3/79 z4ieQY5OnBZJzBbfOJR1C3T/VijP8XRUfP/goK4L9p9OYboqnLPN6zmmdwLsqyNpnK0zqfAh5uUb ekbuGDWq34Qdm/eYaEjjLJWzRyf0YzF+Lqv4ALGuE+zl9PUjY3rPuvcCWKAa44yTLNLgsP7D+7GJ PcNpnE8KhHl6Vo/ww78PTOp/CM57lnEWOzqxRSMTWICz8ich8EBzI/bU7xdNGjB2wdtZzebixInD 2ZiEUAqVI8ReVEjz/7K6ggU4wlQpFr/40vj4GC8H8aw9p8nO3sjG9IpkD4/ssVYhFT8npDdmws9f ecewn9/3cUo8fCWfucE4clK/rroH+kVSnKwNQuBRXbzzOwZzqWjRzOfW7LsoqwBj6R8TwOaP6306 zN2RwiwI2tRRvwzwZm+YN/mnD6MD/I5dzWd+rk5s9uA44029Ql6m9oTiiPrvPTG8a5yjbOa9O05c xf6rY8PiQ9kjo5O2uSqlTwmFBxxygePNP86bsvqjbScDL+eVIk2NO5szKrF0WIzvHDyHlaywgquR 554blxDmrRDdtPVUGqVlQriYCPbosLh1UBryd38zNwscrgLHW9YsnPb1R9tPeWcVV7KugV7swdGJ +YPCPO/EcxzjhRVnpeyxT2b2C4h1ko2DcTGuWBBGpHcMmzM4hjajd4RB4+bOKeD4wHeLZ72zavsp 17zyGtYz3Ic9NKpXVo9AdwphUCkEpllYn/fJ7MGesZ6Og/ZdymHOEFwnJsewuwZGf7h8xXLBBxTA 3AkcHxMtmoXoKecdC6vrWM8oP7ZwRGIKtHP34rkgjZ5SKl6xYmx8VLCc3br55FUoGw1sZHw4paTb LJOKn7fVX5lM8i5sOe+USaXOWpzwTQnu6QrVFLeMrqkaMHHuD1ew38uMxi35sLfrdGiwIqmU9ZBU aqdIi8R1RkTUxBOyJzQF7rVSTVDybYmCdevRk81PiLkSG+hB60XIQZnmth7z5sHPbxnyy4c+Tr0P XM5jbjiMThrQTf9Q/8hX8BwnNWGF+POSpUtXsIUzn/ztcIqsFA5Jg7qA147tcybc3YHmoiCDK5q7 wPHu7+8etfbzYI/YI2kFzBee0bcNSaiflRS2FM/bS6zSJuKofxnwHlr76E3vrNx12j2ntJp1DfIi vpidGOpxD/F2IT0271ePfHjTAL9gZ/nofReyIAdLsF91Y/OGdHkfzz8RAs+8Xx0Fjo9IFs968fu9 550LKmpZj3Bv8Jyk9PgAV8KRt32sGR4pCB78EuP8gaeq78HLOcwFjhvTB8bpHxgQReMsSOFghrkN MJexxTc/89vBi4pyjHNypB9bMK73hUgPFe0vQvdUDY3z13eO/OX9ANe4Y1cLmA+c5W4flqC5OTHs WcATdJg34/jd00uX9pA/OmvR+sMp4ioImH26BLJHRyUeDnB2eIR4sdCx+Xev3yEBDoTQgvi3Pz++ 129sfC/yaCG+QwFySXMkaMGaCZ8OeCPfnDX4Znzvhw9d91HYiz0dISBgUWYICvmw/66+0VOg2PKU Sziv07X4nQJX0nPethTk4YL6+/Dv4PdnD7kHcALwoTsjcu/eIhSeuc90Yrj/iZHx6/GZiN9oLHAs 5nAUtAETPDOOewjHAQ+MmYGblu7gK5lmeJfMzwVNYDMzvfWJsT3X4kNpRohmpIGifgseZzMOm/Dv 0OHR42dCaRsBxR4Jlj8DHs0BorNQHGk8pz43JXkaPiPM40KhCwQL/lZ0XAmYZ6fETpwJRZQ/hFW4 2XE45nQQxzy8N+7VGQNmonPDcHal+f0nzZ2/ML8pRMOR23uH3wjO6Q0dHGneCMdSofORxhLv3LF4 TI9f8BkHOHSnD3Uho7AuNjOs0Lg9/fTT38L+ZJ512AsSQkiTREKcHmKJHNd/H3dXGvvC4Lmk3kD5 rzrS9f+yd8TMQaQ1zJNni+XMKMG9HCe0Wa5MTbdfJiGO8p56ubmeXjq4/0r8QFrREqHjbK5/Df+O fuOmQTOhlBmA8w7NRQoBQYcCQXzRvF7onWfx7s57B8RMAt/xBN+hnJA/4fdKoTDN9S/i3yHv3zr0 JvCIZPAIMjOg/eBQB+ART/kG752eGOs/A+svBDOTvE5/MK9nwX3Ge+XEc16Z2neaYWrfoYBHAtYW /E5aHsHF3Kf38O/BGT1CZgIAEriyM2YaFnSgz9QnOtCPffOmgTNAw0GgYaV5nAXeQJu6Y8aBQprs vic5chp+8sCHeA7NRaKHIDqa66fi3+Ef3TqM9oK+wJFuYTYC3kGh8CxEf2XFisfw7tYHBnadjLGm BN2kvSS+KOi2SPAg/ote4C3AgShRwHHO8fTi4VkV1S6/nEjT6fTGOhklIkTR6o1JUonoxdgJt0hD 3F2q+kb6kFqVojRTrtJWBfAGIJL1PUcu5yfDI9Nh7fG0RiS1r5cjlLoeRtU4cA6JHX+rIwxrxdG+ 7gXxQe6k5aJo+G3acgEeGU7MuVJYNXHj6cyA2HGzjT8du6omh0TYkxgbdcY4nG8XAj/57ku5jU8t XXYEGzNlKSChqc0CmDepdfoHd13KDcF77OfjafU6vaFBAR8fIEnSTO/Y8be8t+FUhnj2g4vqon2d 1wHQe4DZpk0c4AXh+dwTGSWjrlVUu689fhXKC2OdBDSEpsLYqDf2gmZ6Sey4W6S+zo61A2MDDmBj pj6TANEejtPLNbrZm89kxgNHMeGI07tGLpXqtXp9N7w0DfAcN525xu5/5KlUfxc5XXGvsgEvEs8e OppWODy7srZpnDG2cF/jxrk3/n6h24RbpYGuqur+0X578PP/tXcdAFIUWbu6J+zM5iUuWTJLUkGy SMaAARVFhBMDpvM/Rb3z9FQQTGc69U49c0TlDAgKBpRkIEkUYRXJOW6enTz9f19PzzK7TOjZACx0 YTmzPdVVr15VV3396gVGuIjqWgP9Hrun2DN69uqtHUCLhHHBgqe4LSZzgDRCWjMG1+1frd2m/Plv 966vZ7dy8Yfjpqh97oxfbv5p495+e4ocaeCjD7pYpZAGQXikSNiYemHuPEG97GaZaYd7tmnARYs0 QoEj4lykZta12/JKr5i1amtrjCnnDmn0mE1ywOsLdIJu17Udzrva9s267YE77rt/TYbFNA31RZW8 os9nAVhN+DF3d58DDmfyRys2oatKqdUswU0haFREf84dzE25Vb2M/We2qMejHD4vEfWaUB+V227c tL/4ohkrtzTvCBqnL9tYivvdVD4njSZZ/jPmQNK3v+7w3H3fA6tTLDLnd8QjItTXAvXd9vPm/QN3 5JcE52JAOMrG2efvbjLJkzrieW6YmlLUv0MjPs+voL6jXC5AB+4R8Oo8ODRt7YUkucyYQQNxPGKi HW7LdFl+qbNVjPnZJXzhei/RBvqkvo6nCTy43bbL18HkshT6zao7Ykouw99gCOJMAHF+gLutSlq9 7cs2XgPjops5zl+v5Tjf/0uKxcRIJlElFhjrPnDhMwHrXk/O4bK1VpuLWHcHYC4mY17Joybcvrdj 40w6POW6E20dy8DvN/26q2AE7mmCZ/eotRaGbrdzrf3u152ue+5/YKXNJL+O+n6M8UwPd/nFuG/X 7ezGvoFGN5ybOyEBxrxUcvDMDMOcT8ZaK11985072jRM4wvaG6jzKKe+3Pzx2/jtea5R2AvaYS8o W3PCnudxaMc2e802P7z1r4W3fqoyfB6DvjOw0d244o/9Z+/KL07+GM8zLNtKzUee57NzLhj7L7yX mNo1rHOoc9Os0PO8N8qaQ4vI6zcdKBk5c+WWVqE1B8Nf9jxjLkxQx3ndDs/E++5fnW4xRX2e2QbH GTRe9/1vu/uwbxXHGTwcyHHGKYXcoVG9fe0bpTN8J9ecaONMTwg35u4tvHjGqi1NcW+A6yJo9GAv Vbx+rIuSdBvmlPXbdTvcd973wM9pFvmtOHvqIIzz+Pnrd/Xg/OA4+wJ+FwzcuC7mQLtkONpJwbhx nHdinDkXuXZHdN6MPtfF77es25V/7h/78xphrgSmY9/HOHi1fb8rvt+Ntix1U+zO/jlNFuNAmREu ElX3PCFXI10ADkzqtWZf0YxHZi5rvBh+yg7D5DxcPyO8Z3x7rANl1r5d2nV/8KKzRuPeUWBWOZ9r uDbh8192/ffJr5aZc7fuESVY9KPVxyexQWpymwv7nd5/4tDOrO8i1FfuocC1BjuLnJ8+9d36s7/4 cTVdj+C4j1aDR7/lk75U6EF0Oq1Rx79d0Psa3HsT6uNbbbmE689+nrtv4qMfzRe/7z4Ii7rg4np0 ohNRSdSHv5mxQ3t1nTig43m4l5EUym3EuJaz7mDJ58/Aee+3K9aDhxSyRZZCkMYMHLOd2a7lGQ9d 0nss7uXR3VHSGlx/6o1lW/76/OyfxNZ9ecKjxUusSCProwJ003pZbW49v8+Iv9/3wNkAoRR7l5Oi ob6ev+wtnDHli5+bLP7ld5EXY5zZRiYMEc7u0rbbvZf2vgr3XhFhnE0AMa//6/uN177y1RKxGy5E 6OA1Eh+DOj6yaN6gTts7RvQdiYgNvRGMe2KEcRmybHve/x6fvazukvWbRQH0WaLNHQIHzMU2Q7t1 7HXPiO5XgsZLK4JhAqMSn3/as/M2jHz3u5/FnoIiqGBGp9EOhN2qSYN20F9jfVNQ30MRaLxy3h/7 33z6i2UpP/+xg46PY5hUKaJ+sq3Neb279rtv2OmXa/O7nNIyrmXBDP6TZxZsGPzJwhViT6Ejqoky +ZgCJeOc5o063n5hL84dHh08H04jrnVbv6/o0ye+WnXadys3wCl17DDGGXhe+nZu3e2ei3qNwb1X oT5K58oS/t6H65T2tlYfESg2h3TiVElc0K+IcGK2jWpiESvz/eKfG7HV0LHqqSqIU0zKiKR9gQss h6wlCqxOVTYFpZY8doaMUrX95RqWjDfN11fvETNz1zeTkyzNyHiOsx2GRR2bN+x4xwj1+bsH4/BU hLk4fta6na8989UKy4Ytu4JzMYrVPJtsmGpvc0HfM/r/bUgnrrUjIq212/Ods56at673Fz+ugXuG 0phzMRXiuK4tm3S+8wJ1Lt6G+l6NQOMdM9bueO65OcvEr9v3wo2EP+Zam52e2uaKQd0H3zW4c8jD fkGoTrRhK3L5337px99Gv/HtcrE3rxBqu9H3Aq45rbLrtf/z+b34PDMU1j0R6BuxaPPB9x/7fGnG mj+2x15zwI36KfY2Q3p07v2P89TnmXtBOX+euJZ+CJFUnl/02/kfzF8h9hYUA6BHp9EOGts3a9jx /85Techj5Ecj0Djm6w173npi9rKkdVsxztAtjrZfcU41xJ56ft/Tz/7b0C4jUedI1FlOfYV76paC 0s+eX7Ch7+ffrxL7ijnOkd+61DUH49yueaNOfz2/53jcy+gRL0Sg8aaZa7e//NTsZVLuzv3CEWUu sh0qE2SnpbS5ctBZg+4e1JFRdbjulAOauNZsa55j9iPfrO367bJ16lyMtaemYR3r2rppl3su7nMt 7r0O9cFbe+1OcQEcOpr62778V8e+/E3jDSshCIJX53juAPbBSeKM2bvEr7v2N/rk1vNfQx09wCz1 HB/f289et+P5q/89w+w4BPUDnM3HW8R3FBWKl97eKnYXO7u/eVVfOpq8NpzthS7vY/d8vurs6fTA TPrimAznYR7+sHS/WLtpl/l/d13xImhaBvo2hC0Cl8zdeHDiJVPegMIrgBadzcbZaEjj4y/9T+x1 jOz18qgefMBuDF9UduYVvzLh7fltli9cGnSuGMelwkGHIuYu2Ctyd+7L+vDWC18HjWeAxjIrTfw9 +k2AtwlPTcNqDphE5fgYiVv07/n5YuKGTaLkL2NuuH9ox1W49FIYjSm/7St4bdyrXzdZtwJ6x9BD jEfj/mJFfPrlbrF67+HGs24ZznHuBRrDrYduQkiqa+957oOg9WG4hVUEWj0Yl/WwILoJxie+u8be gfqWor4ySRz+rrtm56E3R7/wed3tv2NN5FjHceGyF3PxPURm+P1QQeuPbxz6MuoYjDpVp0Ba+uvj c9ePfIxRDag8zByLj6Bx9cHD4jqAR+muMZNR30+or0zKhb9bfvv77ldHPz8rJV+1zOPciT15dhUX i9cReWR3QUmXd8YP/A+avzichFJvYOrkOasHv/weBAQ65jf5uHjFIbH4t61CunPUv7T5jYmnPn/2 7YeK3hj/xtzTVi7BFNC858fq8wEs0DO/2SPW7DrY4PP/G8FxPgt9LgibOzc8+vWaoe3qpwoooMPR LA0hNBAXCsKu6XV5gEweykkSuY6AmLUb8/ZU1IcDYDvbWqDcbd+rePE96EkhqC9IV0CqPz3K4zBt UgDeVu0rER+vwzsrFdF9R7QrOM5LVh0SS3K3Ct/EKxgxg88LJaVqwt9tv/p154tXP/+ppfQQlg44 pI63jm3HOvbf92aJvUWlZ749pt8zqObq8LlR7PI+fu/slb2nT8dpIZyt61lrFy45KJb/tt0842+j eUxIGssMG/B3z09XbX16zLMfCy+eVT1r7VbQ+OQrW3EU7xn84qU9HgZ9fwnRCA79+bmFG0ZPxlqs GhhU9OdYYaKTh2ux5ty8YYvw3z3mb6DnB9BXJlnH3w1//GPvG1e9NDtj35ZtQR7GWbt3wTvDO9O3 i52Hizq+c82Al1AHI5mUCVbxdPx98tx157/0Bg5saEiig8blqw+LazZsFZa7rmTUA9JYdnKEv9vM /23PK2P//WlS3j6cQqp7auw1h+P88jtbBXxz9njzqj4E/mPDWVPk8k55YPaqvh9ynHWuOcv2HxTj Nu6Q5DtHPQ2avq8wzmfOWrvthTHPfiq5aO2uY0/dCoOOJ7AuHy69ZPi/L+v+EOi7I5zGg6XuZ+/4 aHHXL2bjgIX7VZx9Hyq4YsFP+8XyLXuSPrv94v9q6+KWmAv+Cf5jXAAH+s/BA9Z1wyoYw2jhKeL2 iRo0ACkbEVLloxXtO3a5uA715NSHAgamo99Y8nuygxZ+4Z7pY1XKt3i0PevbxeLbjo2uAOP5FqKa LeN7Y4hhr5z+JeazGuKD1pI6Xusx4EXw9v3qjxvs53VsQt27SWEk3PT4bAgNnbBg5Qanpz6VRpt4 G3Rc0qHhZaDrXtAYUpDtOnvtjv7LF2PDZKgivm7rIJH82blxs5i+ekuTPm0aXgD6VCsx1C1tziu+ 9tEvoGqiRjWI/8CqfVNdd3jFv2b/KM5t14BvITwmCUnhBn28ZmvXdavWawCTgxgnsQg89m9ZvV7M WtuhY+fGdQfiymyNRnntzsM3PDsT40JMxLZ18ZHWsx7x5JzFYkRONmnkcWpIX/H8d3/e3Hw7rWwT mYsouxxg5aMzW/b967DTzwQ1ZWBm8aZ9f3p25sKgBStdzuihkfyGYcx/vlspzu2QPQH1hR9TXvz+ iq0Z+bvg/YZAXU99Kh/t4qsFy8SMzk3ORZ87oM+/aXxsMOeXbaNengM+ci5ykdJTJ4FjUZF4+8ff 5PNymv0p1Gd89v5gxeYzVi5fe4SHeuqD+4Ft638X76/o2PqfTeryeS5TeM/dk3/907OXiFTJL4Z0 mCDqgE4epZYLBaVZp+KcROA4Tbx9uk1c5i4VC/hKEuZRJt6Uq/W/A7B1MRWL+1N2csWQ3QH6hA3K NuhHTJWaaCCOBjmlWDBfW70bj48ZQbboAaTCc8m56CgRL36/QZzbufkYVFMG4CCEufKtJb+nlKpR DfTORVIliZlYa+d0akzpzGmYi9u0udgYx1Ojpn+Nk1DV273OuQgAUIqoAv/9YYPt3I5NRqGuMgCH 6TDuxe9/NXvpkoqbsJ65SB5AoeCtLxaJi9rWp/RxMmjMw6d17c5DVz+N9U0Fb3xh1FUfJiCcyv57 7koxvF32daAvXDVi5PRVWxvuYyQV3WsO94JkMX/RcvFF12ZDbh3U5XTUuVrjoX3O+h1jX5mDYWIY PII3PTSqa45D/GfhOnFp95Yc5zIAB5WZK15bnJuWtweOCxIZZ/RnBjw/XN4hm5LC+8PGOfvzVZuv /hBxWRPaU3Hy5s7LE6/9mJt0QacWpLFsnB2+wNh//5BrceXDxUci+z7G+XWsfRe0b0Dp/8MhIQa+ 57y9OPeiL+ZjKVdDUVKar2NTxRxz7N4tpq/YljGobbNLQSNfUmpt0gPgGvxxCEIVHneofmV06phz MzR5BGJVkjkMYaE+FNsOlnTajCNJdUNPtD54wl+6Jz95tBCnoSoVwCE1+XHngVRu+kH/Z1gKIzgH PGqE2DbeAjbv2i/+2FfcIfz3bQeKT9uEIMrqW0IiNFrQJ4iaNx3IywKJncIestY/7OJORYUW8CXo wTD+pGHbkKztgbVmYamPOkuhZEFQ5vp7tBhyumnkwgc/c3mH8sS+vMKGonk90FkW8qzd73sK0V9c SZRGHCtuOqgK3uqF0Zi8an9+5l4ErIcGdvCtVde4BGncd+Cw+G334ebwy0ZdEVXsgA0pZ8N2jAul ZCEfR3r4yP5AVXPl/gJWQwXhULL/uutQPafqikMDmHppxGK1fd9h8fu+opbhA4mno8Ov2zA1E57f 3EScYt+hfE7iRsgqgEOqn7vzUB0ErdQ2JE4dnXMHi/7K3QfEpvyS5mE05oCvlRxns/h5r/pO0iC8 z7l78xs4QV/B/kPibx/9KN64bijcBjJARvBYqCyepwbiXJAkZdrN4oPudnHZcqdYQpG4VcfiG95o bfwO8NYBpgoPpe0SqbJflAK8SYwJTFEbl1f0iQ6tVdUPPKtQVhJPL94Gr/QB8frlZ4qnFm8R6zZD M4PgJJT4TEMqtGnnHlFQXNomnC2IrNBxE1QrVHc9utcxtG1Geadb/H6giFFwuEZs0+qtu3Jfvk1d a0mDelyuZy4Gafx9+x6x43BpTjiNWw8Utd6OOZrY86LRiKP/Vfvyk7ELc91BR0X9DTsPNCtmRJrQ C2MC9G0GANqbX9yCQBBAQdUrKPYETvt9L+pjf3XzEDeqa6hH/HawhK+vfJ5VAIfU4o+9h+v6Cylt 1N5cEqER+9Ife/K5n5alrYccHf7YwXlRiXEudYslew4nQcxK/ezQODdfvPNQurrmhHyKJkDj9j0H xdYDBdRTLktel7fFtl2QIie0p2Kc4U5MOBxi58HDadCiJY2hU6gWv+0tsuJN8UiINF00Bvf9lTsP iP0ud7nnJZze2vJdD4ALxrSAXsst8Fv1OWJM7oEpdlRxJfSHoMwsrhvcU7w9f7koZWiLMMeGDq/X WoqdWMYb/ejBPcSH38IHDI9cooml4SCxPhyeXtGnk3jp4wUij4sHplUYg7niBTCQJpyXA4wdFKt/ xzwMdxRbcTSgN3X9iL5i7rotcAnkE0VOT7nd40BRqUIa62alilH9zxSvfEkVPixU0RA+dDaymzQU fTq3Ep99tlCYfXCVUF6uYMkn3ejL+KE9xM8Q12/Yhskc7UiRExH5+mG9xIyl6+AeDi4EKjiHhNYM IiD5xZktG4t2LRqL/32LN5FYfcY4nHF6ezhytItFi9fRCPAoJO7kw4CmR4HGBauh67gPz0o08T71 xKCDc8v5fcRbc5cEfYBVoBFHQn6Obb/2p4m6GSnic+jMlHOmWXFcsCBf0LcLFN4lsWjdZvS7/NsC hBESlPXVjeP/Lugjpv2wVhQQIEbzBM7jO4DBMUN6iA+gg6e9fISbu+PEKkjjkF6dRBIkIV+CN6pE M1rC3Ln47DPEfizA6/bk41RLddpVllTZKn0EAhDeNKy3+OCHlaLEAUlutCgZuD2T+pODeogXZyzi Js76ytEITiukcWC/rtykxZq1sAuKM9aj0fZGAMl1JR7EJS1HI3iI6pFvHNZDfQa278RcjBIhI7hB S+KKYT3FZz9g/IKLZDmXAdBX8cOiSZx+Zjuxv6hEvLzoV3HLgM4o6qfX9yMgTh3OIKCjZCk71SJm 9BRizCq3WHgQv53MkjiAt46mEvFo+i6RbfaJYj+eYC3wAeLGIPKCBuLAXupDIXC7WLAtT8z+/YB4 7NyOok2WTTw0oK2YBH6u34oXYAIKzMVhA7uL7fvzxIFDhQzlVG4dc8NEiuPCuMNXD+8lPpz3M0yH oD0QbS5ifcrMyhBjz+4qXvxskbqsIoXPbzV4COfiZeecKXZDv2zZerjWijUX8UyPxxrx/cadwIQI keQqv9YWuz0w3gqIdEhRxuI5ffnLJdAIAc0x9oO6DeuJQWe0FZ98uZRLMukLoUhLgcNrEWjznG5t RFZmppgFndGYaw542KdXZzzHilj+yyZhUvx8+DkT1Y2Gw8FHXAYA/fMFfcVr3ywBfo2xX1HCbLeJ oWd2FLN/WKHqKlbgoc0S8JkIkIf1gI0Zfv6WcYjDnQwftS66xahBGOd8h/gVQO1QsQuiyiPJ6fEh qgH0xtKgwjCwm5g+F3tqADyMsV81blRfXNK9vfjvJwvV/SWMh/xuVfdZ8OYStFtYVCwWroSzgFjr IvaXKwf2EOsBMA/BT5zD7Sm3iGKuczEQDetmiIv7dBWvfQXj0FhSM7gkaoZ9rVu75mLW5z9hXMqN M2mUnNwLMBfP73eG2ALQ+PvvW4Mv4pESxwH9HH9eL0H97p1Yp6APCtFd7U56AFywh+h/N/js+o4P axykS12OLtn1sCccrU+ExR7vneA+NozWqC+u2BNtpaHNM5vQ2ITKjSo15TbNIMBURNv6GdjgIE3R wtBEHRoMZOdGWWLV5iRRgmexYggZGOmoT10ypF/sc9yEtpPxptKSnr2PvJCGv5oGPTyBrtPR7h/b Mbfj0YhGO8E791w82DTIiJS46NSHGLxzw0zxv3j14XeCqAZZeJGJXBY+4Cklw3tOozpiyYb440ya yJ/3AUSjhS5jW43RbhN4eg86KI2R8ECeVicVhg6SWKBu/EclJaSYeybanYl2C+IJALARqPMsRlgw 0ti6DqIsMOgOF4VYCX1ohb6YAEZW7+JL/9E0qlfQbhfwkcdgMYWEFD5BgqnOM+pARahQ5QP5WC9D 9dAfd+6gLOdEPnRMA3geKhy6BXmIMl0aZ4mVm6xie7y5g+ZbNa4DP6DR5wTnYgvMrbaIVjHx5Vmi X+tGoktTPrNhIE7d/Y+AOByrAMSZxRd9zIExq5y+2Tu9VlUn7mQTxgUQpN5SKB7K2CsyAd4cflld x1S2a31VQZyGv+wYsE35peKf328Wl3ZpLPo1yxSHSr0iHfpwUwe3E5Og8rN+C0Ac5mITrHlFOM7f exAvMhFmmlp92TMQh7GghwZeZ8JPWrQUWmtbYy76+MIX75nGWtsR6+JGnLrsLGLM3PLhumh9TzYg PJzutdaGNZFrlPpOXZ5QRV3LIfltnJkiWoA3s+LRh98b4EWd81czGgkHhGrt6jBh/egGvkSLKBVO BkOLdQB/ZkcGUHwDpa8Y0SwzNUh/PBrxnLRGX0jI2u3YAxnKMizheVaXDRk8VNe6eAltZ4KHXZuQ h9S9PHoNU/cr8LED2t0lU3wQb13k/pspDuKFen8p9mDs8xVrJYtTaJxHGsPmfkRyUTgFR+/0ZRoF bwRjlqBcM0TOOVwEI9V46xh+74q5uGFTkjjEd4QgKKzVST+AQzedQLtavLe4nWbA3KibuvpUKAg4 rs+VGNtk2/ESg9hTxyZuwsC74LCID22skGt62w0+g+gP33bjpFC78crxdxfqU/ViYhRmf1lOT6Kf CFX6Eid5wJuYYxd2P8clXlmYm+MtL3677CjfBgng4qVE5qKeeaZKObnmxG9a7Qv7FK8ox1qPVJ9l 9Mxvjh3HUE/inODciEVjInNRz5wgTyyQhroP54txL80S8x8YJ+pSz4cyJVWqrBk2aCAOL0qqJC7F JOSPu9vkv9pk/4tbPNTfZ2Tw2p8IyJCH2Q+L+9MOIG4oxlmBuxB1b9PWnnAQp1nfpSfbxXtL94im 6TZxY7fmsNYLPjvkVTqcZRHETcbfv27YrT7PEBHFnYt6ngF1HdO51nKt07vWBtfl2OsY54eeZ4A0 siznY9QEtnMusl09Ca6hggAuzgOtmz40qqdtPWuISj/XRfQlbvkE9lQKBfj8x0xol/1gu/F4w3pC +28sVTS980udizr31NAzoGesuS4G9/2TIyUE4E6OLhu9MDhgcKCmOBAUXdvFL+u3iLEvfyFm3XEp 7ENMAJ7cLI4GcTxOheNCOPqVzS90TVK6pkreOze4zRA4yapr69qa4BIEsnNxa/phMTatgDamiEjB fZBAAYed9PkWEkNoIA4++HDc7haHTemiFeIaX942U41g51Sd5gX3UII4+NoSUwa1E3/FUWERPE3r 0d2urWw06DY4YHAgOgdq8xJpjKvBAYMDJyoHYIn6zaLV4v8y0sSrNwyHmmIEEBcWO5U+DKE5Kt3U ymLpmikHJv7iEsvy8ObPs8ZaJY3j0ZMs2lqd4s6Mg+Jsu1OUAMxRAhXya6yKZSuAuNDR5IvLtwtr RrG4t19LUViYrwK2cGkBv1P3Jw3HqQ8ObCuKECP0pR0w7DGSwQGDA6ccB/QDuHi6RpVgXWWqjHSP ek3PWVUlaEzkllh0nAg0kgY9dFRmXKLyqbKVVfa+CIQE+xxDFa2yc6caaVTJjlUfaCwbv0QmZbSy CfY5blcrFqBYCDosr3/xg6oH+MJ4WqYGQZwaKkozZgiPncrjlVLE3epdx2z6qpdNPP2HRzy93Yfj Mhyn6F+pqoM7lasD2r0IJCOuSC8QN2cUiLrmgCiGvroqYIPCjurfjVYqVBFQQVxQBgedJlEHRl3f bTkk5m7YLx48t65wl8K5K45fIx31hEBcI7gtamvziPrQt98W52Q97vjp7LGe9UNnVVUqFnqmI1aS YGer9bnS26sEnz/d1eotGCoXZV08scY5xoDGWtcT5UUtLK9nWZQQhkX14QD/2KKI5+awJlIjm0dK eNN0442TZZ0IQuoMHrOXvUPjXNtU7IWeKX5TT6LdKBDLqge6dMUwo1d92bt80I9S6yv3Uoozeije +BGJgEcMoIv00ddatITfvVgcS1BZKe7BxlHO2gJH/qYC1OfGYqyeXrhoSRtccCMm6IEVoz+qehJo JB0VaXTzGur0sV0qypPGaCfxqr6QopYtQr2lQV6X6xDO8U1QxoLXcuiM8WcdfXajHpV/uA8xpypa mMgMd0T6EelJ5Y1aZ7SNAeNMrnGc2Xd1jlTokE9BGxr9Kk9YH03xoyW0zXpUOwKVn+XHhbIYB3mB etS5iDKx5yKcMiAWhDrPUDbCuGDqARrgN46PajsMGmBGHHPusKwTdLiDepRH8bFYm4OksTBEYzQn k5g0LMOyfA7cgaCNTxgBEvRfzJw76pBo/Y8/v4U6z/y4CSF/wmkMjnNoLobGubwB45Hm1Y0Gpn74 3R3heWZBH58f8ILzlI5Rj/CQI2YSL/1vPqI9+MQr1w2DdSVJqWCdSh2usNipDgxrKso92tkuLmzs E1N/84mvDyGSg5/+l/XpAEYfwOr+BXTRkTZAWQ+7Q9wE4NYvxQ3LXzxDmP50E0Lgpg4oARv4Qxup IIijtwkaAAVEanLSZ/WbNOt54zl5TQa3rqd60o+VWB+jmhQjosttZ2SLt1JS8OyUVxxnUyXqXAw+ AzD31J7BKGsj9IP4TKlzUVsjK85FWIGrc5HPEp+B4LoT45nW6uE6VcS5WGGt5d+87tLaVbgf+GNY eWI/4NrE+cjnRX02wp4X6KfieYa1K+einjUH9HnAR7q8CT4TR685pSQJv4X2tOA6FmUvwFgXW4LP Ksu5g89VuefZpfGQa51qwqFjXSxbcyKsi3ghMnHN8eI3daaRh/QPGmu/Cu2paFuz2ypHo3otfJy5 Lppir4vch0LjrFRcFyVJ5jhznVD38hAPo9GIMWRdfIkhHSrPKq6L6m/BPbps348mrief2TbuIZ4o VqX/tUu2H2k90APgAqPOaqU0sJ+v9GqVLW67sJ/IL4F/mGgTGHxCvDnRs022mDhqoOjWojEnRpm2 ZJPMZN/tI85SCkocyoWts4Vy1eDYSpI0PU5PET1aNhK3X3eBGN6lJfsRjh6Vyzu39FquH2Ea0qmF aN28ruiZ0yy2d2ssVH3aNxUpcCjowqtx/dQk1ddJKDWrm6JMGjMI5uw+cXa7ZuLua+lDt8L0Cb8B m3BTWODRuibl1pGiT6fTKtIYmNCrXaAT3Cac3b6JsMOD+U649BCwPoyYVPymiN7tGom7kvqLZnUz JThDK/f0ZNfN8N5+1eBA6zopoj0snlzXIAZ5LI/e6PMZLRpgA7WK0+BMuE3j+uX6zDEa07ud0jrT qlzSvrFobOst9hXCmiiaywF1I5JET8yJu0cNEr1aNeU4l9td+zVt4L193LBA10aZqiVxchp6EYtG AOFebRpD9UkSDbLriA5N6pSjEZ4T/OMHdFZ6tqyndG+ZLf42sr84rLroiLKYgsYktHcx5pn/6iGi X5smZHc5Gnu3aeS5ffz5gbNRxouHuk5GauyIEeDjgLZN6cFcdOvcWrTPzvTCQUm52XDjsO7KjjNa KT3wDNyDZ6CUJvnRFiqMczIss85q2VDcfs25on+n5qSvjMYSny/QJ6ep5/brL0ga0KGpKITeU69m 9eOO9WA8C40aZIhhTr/UJivF990RCv2jercPNEtPEr3aNhFJcHmwvQfmYjSAyfcW3HsJ5mLa5eeI ttl1yz3PrLZL03reO8YMDnRpkK6GlPNfd34YD4OSJ7pe2HywQDmzaV0I4mKAOC60KM8XLA++96lr FjN7msSne8xwn9AOG/0GLMIl0A2zg64YwCHyk1VtV6nDBtiPDVoRbaxZYkrDfHExdN2SgKFK4CKE 0kTV9SFaLIsNq82BoPCN7pYscJGYJAoKC+5tldP53f2rf/m1fsdGamhBvYmbZhYs4P/aq7nwFx6k z8Sy1DDF5v/zud2UvXmtFD4D4opBQeX6KI8LrfgQLxJzMRtz8TwxpBPW0Qpr7chOLTyB6y+QB+U0 F12Ks0UXPP+xn2m/6NuhmagHK+88WCc1TLeX61wTzM27L+4ToB/Bnmh3Ip5TKq9HpxGWy3hGezZv IGQ8LyNymtPdR9l+0LN9E8/t154f6NKivmiIvpitnIsx5gk2dawBqgFjlyb1RZN6GeXoS0Es1usH dFL6ta2v8Bm968rBAo9kdPr4PGOt69W0gbAknyuGd25RcV1UerZv7rn9hhHms7DWUfqaXT89No14 dgZ0bC56IrRhl/YtRMv66b4yL77ofFay1XsTxvlwUYlyPvdU8DCmUQaer8ZQbehxWgOBdUWc3/Wo /UoZ1fW0QMqEEWJol9PEAVg5t4TbkZh8xLwa2L65aN2srjjo8kst6qaW46PVIvv/cmFvRfF6lT6w UL993LnBeRptLmJPPQ37WidYjdpvuED0AM8qzMXAiK7NFfOECxTwWPSFhfBv2NNj7alcV/pj/7Uk WxDxxCI1slv1WbnofRiPQzk9AO6ryzs37YOsbip9uRDoTIM60H+hinK3hW6pm5Z0732DOjF0h1pf f2xyetPZR8rCKU1Zyh3SoUlf5GhTIWr1wzCYGn2wyT+SGmUlT5g8pAt9IKg09jpNh2m2dvuANqqf WE6MlWFVfnVV1+Z9kNWFZlC7xnq7LIZ3DNIIyLw97CZv04zkG56/pCfQRnDxOjcHk1dnuvyMlqqs CTk/7JYPx57RfAmy2ufBCdDYt7XaZ44znEKVpdIO2RlXPn9ZL/rsU2m8snsrnRSybGvSyPBrZYE6 gSVfvqV32y9E77Yqjf2C7epK2txhnXCiVpaKujWvdy4ynwOVxqsRCiqBxPqAcsulJ/56Ts47uBLk Y3v1GdCVND6ybMiJrziww7wV86U/8hG036ucH8+odWtzgvflhRX69OozWqxEVvubyDhr85b1bQlv tF3D9NHPXdKzbJwv7tIiGk1c1AcjPwoQB7ARQRIHkENpHI9W6e6EEiS6t7m6uUWUeO4Qm4v6Krn5 c8Qux0q8mBdLiCWuGgQci8RWIFvBy5UDR6XpSj3T6Upj8zliqK2TbJeKhANSNQcFqABnnBjqUbEG 2sKdGZNWO3yz8TjZUeq4bcOvrlc9vgWfmMymOj68NCZyuhaSxFngBHrv7t1nnXFWzyvWrFiOuHCI VZxinXL3OR0YLk9lUNj6GZdd/Y6s83+EFd4yoG2jc5AT1ko8L7g+8b7D4Y3XT7ffPXlY10fILl4P ewbi0jgEL5pa33Zqhff1bNHgXOSy5/miLs3j1hMqMPasNqE1pyxeGdecm3q2mg1HOioP+7TSv+aM PPO0UJ/Lnmdc+KN/6+yByGU8vPqshNcc1Tt+KDWpkzIFa87LoXE+p63+NQdjGaomN6zKtRiv3tqY BS/rXHO0Oti38L0FEcMsDzw0tOtzIRr7t9W/7w8Pzh3yP3wuLr0gp3Ef5IQf/kHBeUMay8Ur1z1R TqCCcQEcPFLzgSv30FWFftTHTT58o69KdQL1wQGMWFGlSircjDorCFWqVnsN8JCLXVns1qpRF7wb NCKInmCuloT6+GDBK271JdS5C7UxV0tCfQTaq6qlMq0S1EmgHQ62q1T9tGlTuZmEvwxUqT7Qx0Wr Whcu1JnIOK+Gp3uWfxMgrgldatA1SqSIDaoDVUgoKJEppjI/jmPbZw2UWmX0U/aV5ip/FCxQDjkW SAxHVeDzSz4FfsYA6IJrc8LvcxH4Sr1Deq5zQ9XCS6mgkio1EPWsnZVsU2+RaWqJE1IL2nWKYjpO VSVr5dsNB3H8jb+mpCJwjNuT7/X4rt6xLX9Zmw4p39lTkgeUICZuZZMXYNAiy6lJtuR3u53VO7Bq xdJPMS4E2uXAdmXr532oD+Lu6puLWp3hm3JVyCN9PGOv7ucZMfEEc7WkGuLhNhDHXC0JNPKl9Odq qUyrBHVuxlfmakmorxAVwWPxqZ3iArhTmz1G7w0OGByobg5g8Z0LEDcM4OYVSKb6UzoVLXbqERCn +f+C9IswqXFKR+TOitszWjSqU6p0PeRW6kkdpBLfdsXlL4SWGTVt6HMNsUYJD1Wd2KDQIwijVBmZ +i+YGMSK/lW1T/V+E/wKpyvJUiNxXkYz5Qo4cO6b8iAcPmdBdQmAMeBCKQiJURXBGWuKBBtDfhJ5 ZJoCXbUSR8kyZ2nJ1XnFxal1s5OXJSentC1mLNAqJo/Hg6ALNpvVZpt2Rs/e0prlSz+pYpXG7QYH DA6cwBwwANwJPDgGaQYHTlYOAMTxyOYcALkH8HkXwu9l+aCgrjr71Y5QqTcY+h6SxIWiRRE8UeBl MqeLc+qlSwOgLlnoeyKQ79qrFHo2KYecu3wF3i3mEu9u+F/zBCCdk/wBBxAcDkEhqaNZFGxGAcaS VF1mSU4PmBWrYjUnySmm+iLV1MqXYW5gTpGaB9JM2VKybIa0zSs5FHrtdwZDxxG40Tgg7Kg0/Hv4 2JlxYmw12UqcDt+L8IzyaJ7DeYk9Of0ls9mcVh3gTQWm4JcLumQ2xHJKstre69azt1hlgLiT9REy +mVwILqrTGXI3KxkYf4zglKn4b201iv7GWNtcMDgwInFAW/A7Z2y6ENPj8Z/+qNP0/Hds+xNTDyJ 9MOCTgVuYbFTgy44glacPFKVGZYL12A/GLTSpvGUbJIbJp8mspPbiLbpitkbcEFK5g6UeksDTl+B 7A3k435YOvuLYQjhoXwN/5IBfEz4noXD0JSA3ZSMmhmQyWqm3C6guE0+HJ+6cJ8CcMn4rjwlDQJK giZK9Sh7C+rs8Vq5Y1PCRAnx3+WDgd8907bsd//haFU64d205MyRPvSzFIG6Kx67VmWUgiDOKZIg iZOlpPda97cO2mn/MN8iMkh1Vao27jU4cEpzAPaOCJWrFCzb1eCpHk0PjLaYpTMRl1DBEjPH57Ss N6f67sBDZiFe8lks/5E9vjNgZD6UYn2sa785vh38ZnUzMKoELtVszsIKOik1y2r1av4Xqrtxoz6D AwYHTl0O2PD+mBqwizUHPhVb8haLPk2vEadnjxQWs1UwvBETIZoqXQKgU91xqFI5DcSVSeqCEIrH n9SDU5CDvmPoB9gsZ1gzkDNxvSVrUqV8xIaqJSlWVvXYVPGboO1m4kobAEjzK041QHhQsS0Uci94 SKq5cNPcgYT03oKSuBCwYxkLgBuNHnb7F4lN3hmy2ZfVtZN0a1ezPV2UOkvKAb3qnAXkkRuSOIs5 yZZt7ftnJWmPyLesROxHS1BiWJ2NGXUZHDhFOGCB8+ziPI/j7NPXPuPLazQ2o0HSBXzO8/e6HTg/ 2A9/lw8k2eFRCXjJVeT9BO+F52c1tN3uhyFWwQH3UrDp2AE4OMWiq51iZ4mvrs8AcKfIFDW6aXDg 2HPAZkqDz6c88c2WJ0Xu4XmiT5PxonVWXxAC3ThYZdIDl+q0Kcw6lVKwIGAKSuLKK5+FNNuCAMyv AjRK6QDZVKmeJjPT4iarpgpl14PwJhQ1gVK38nYJFUFcEEwGJXEqKoQxgU0FiIf9uWKrb7Y4GPhF BYt2OUmUlB4SNm8yMGTNwiiCOJ/fI/zFFpFVMlK4kv0i37pCyAFbEMQayeCAwYGEOOADgMNzrVoa 0ee4s7jMYtyNN8eAxw1zLPjcJF7yweWVGeFmWYYATjVdr4EUXQfObJYlvzczOcMifHQMaCSDAwYH DA7UEAfsOMyEBy2AnnXiqz33irauAaJ79mhRz9IZv5gBRuCEEzpy5XXiYoO4ikCFkIkmDQRrwWPQ I+5KVCMEzWlxEByGXPfRsCEaiAu6CSHYI4Cz2VLht1gR+b5NYrt3vtjrWwpNO5dIFSmqnl1AyheH Mt4XTR1XC7ujlXC6K3qgqX7mwr2rGsYi23G5Ci4Lk1cKu530GCCu+rlt1Hgyc8AM5+JFHncG+4in JzUF2IjrhKvEZ8fSZEpNM5msyVirgJdKS3xYCZRklvEBwLlLfWk1wZuoAM7nc5aYJfO7zkJfGj08 G8nggMEBgwM1z4EkQA6fWF4wS6zbvlD0gjSuZ/a4eoh1P8CWlKSiDrfbrfpQO3JcGV0SpxfElUny VEvUowFb+LWgjhtBG4wgoORihzPkoqIS6LOV/gTgtnej61PhhOs9K6CbhP8H3UIym4RDPohoGx+J 5t4b26fa63bhUWpNJwWuVSTFLJp4RgHEWXYd9v843xxA7K6ydASu1jQtRv0GB2orByxWVde2oFG7 0wM7fjrwnaPIW0KhO/5bAz/7hS6H+MjvFTLxEvRb82SzZVlpkTdblcAJKRFXS7pZFBXAuecNPwBN kut112QUNDhgcMDgQDVygF6cF4g9yE+Kf/zjH/3g6+xPEHZdmJSUpHq3JojzegH34AU+1nFqdYI4 Aj2L1SoAJtV2S0tLDxSXFH8Fod67XTrnLJgydQpW6wEqF6LFU6Bjv+y+SXVcHuenaenpA4uLqu5C JB7bCeIEwGRz79ik5nm3TFu67qNv491j/G5wwODA0RzIDYa1eabimSjw0ugKpbfDceK0muSh4Uak Jrlr1G1wwOBAtXDgscce+wkV/QS3I/Wh8zbC6/NdCNQ2AGCuns0WPA6Ec1z1mJXAju53j6SjPbRV PE7lESiNGcIlcSG9OxW0wYcbs8vpFk6Xs6A0ULoIVg5zLGZ5zrRpH+xhW1PwT2/KXbw4LycnByIx 8UlaGkBcNfiBi9e21+sWcpJUP5BWOvusnmffsGL5j+rm0m/Q0CechUVzV61aPi9eHcbvBgcMDpw4 HDAA3IkzFgYlBgcMDsThAPzHMezd28z33HNPQ0jg+gK0DQbI6g6JWGf6VUtJCZ4O+hlT1eeFEjFB HQ0ZglI7SutC2aSeHoYa5dEp3PciViszjSMcjlLh8bgd0MHLxfcVJtm0SJZs30977zUVtFUl5ebm HiaIg1TxmIA41TrV7RJZWXWsBQX5U6+66qqPdu09/E84Er7T6/Ze161bz5EAcYur0ifjXoMDBgeO HQcMAHfseG20ZHDA4EA1cuDJJ59k6LfPmCGZM+fn5zeCXlyXkpLSHPivbOnxeNtBna0x3I9kA7DZ EGDeJClSEuCb6iKEWbVgVRQXfTfhb5cSUA7iy26LybzF4/FtleXAeiXgXwuQuHf69OllcXmrqxsh EAcqPqnx41QGWlcjQRTvttjMo3ftO/SYyWK+89Chg8Jmt9cHev2sW8+el65aboC46hpfox6DAzXJ AQPA1SR3jboNDhgcOCYcgGSOSl4Mas78ZahRALskADu71WKp5/R67XDxVleGQzQ/3aH5/bRF8MP/ L6V6LkjvDqKsa9q0aWXBzI8F8QRxffv2vdzhKK5RnTg7wJvP690DDyYXWmXr5Saz+e6SkqA/OjoU RpivBkIkf9YFkrh1q5ZXazzoY8FHow2DA6caBwwAd6qNuNFfgwOnEAe0AOcMcl5wInd7cVAn7nKo 4X1a3TpxBGiMwYrj5j1C8Y6wWpNHmcyW+0tKioMSSCQerzoA4nCc2gChuGZ169l3DE5TDZ24E3nS GLSd8hwwANwpPwUMBhgcMDhwInAAkri8bt26XVbiUD7DceqA6rBOJXjjsanXA/Dm844wJwfBG40m gn7vjiSCuNJSh2jQMLv+wYMHJuIXA8CdCBPDoMHgQBQOGADOmBoGBwwOGBw4QTiwatWqfIC4S0uK pRlV1YkLB284MR5hsduvwDHxP+D25CjwFup+enqGyDt08HuL1/vXPucM+a+z1PHpmhVLg44TjGRw wODACcUBA8CdUMNhEGNwwODAqc4Bgjgcp14KidgMHKcOqoyLkfLgzTvCYgF4s1j+UVwcHbwBMApn aekia2FgjDvd+kxWevoYn897BaxTL4F1Kt24GMnggMGBE4gDMQHc5MmTU0BrPeSdU6ZMCXespKsL uL8xCubh3oSVgnFvHdxrwr1UMD4q4Xco3IpMlkFONLAgAxcejFa3rs7pKKT1QUY7h3QUj1gEdZD/ Ki+i9JNOEKjAzf4UVKEdO+7NRk6qRB0hGraChmj+S3VVi/4yWGN95L1VqQv10AV+qJ6Ycxdl+Rxw Pu1HmzHDjmjPBPnE+iPNO/KC1wtR115dnY5SSOsDx39fvOcPZfksJKEcLTMrnVAP50GWnjajNaLx szt+b4/cQpufO/C5BXl1JdcDOu8twr1qLMKTPeE4tSCnb99LJUcJJXGDEzlODYE3j9u9V/b7KXm7 0myx3hfp2DTExxB4K8k/OCYlvc6zqelpow8c2I8oE8l1oSE3EzpxI6ETZ4C4k33iGf2rVRyIJ4Fr iN7MQr4SOTeRnmERb4ryy5AfR34hwXu5Cb6D/E2Me5/Eb2cjH0AmuEkkWVD4zUTpSqQBbfOlt/Ni fB8cbwOOUfcD+G0EMoFspH4SLKTyfrSTjw/6cXoX7a1PhF6U7YH8ATJBRzB6uP5EQHwY+RptPPTf eXTJLrj0stbnfVWoqBPu5Rw6V+tTrKo4zz9EvhaZICNWGoofn0cO0VaRTxwPglArxoMvLr8gf4Tx KLOMTKBPrTReXIHPiC8yYXVdhu9ocvJ5aCuhZ7UCPafj70nIfOYTivOEtumA7f+Qr0ImEOR83I3M 5+1CZMYRVFDuC3w+q/cFCuU579/XeDE9Af7V6qJw9lvYsmXLUUJqQj9xg/VI4kIGCwg3thextS9I T4oP3tIheUNEiYWWfN/VdoC3lPT00SHASJ046NDVwxEsQRxcjCz+sVYz1SDe4MBJxIF4AG4bF1xk blqJbgrn4B5K4M5HTgjAoTzfts9CfjgGr5vjt9nITyAnCuC46RbW8Dj2R/2tkRkRiH1ZXsn2KO35 WOMhgVLFROkSAVwmcmdkbpRzselxw7s3AeCYjvKsiyCMsX0SAXCkiaCPIK6qiZs9AVWiY1qxXYIo vkTEm+O8j3xlm5SqxUuQSIityOO0ghX5RB5SipmJTOnTQOR/Yzxuw+ctGA+6udCbSDvHX08fWIbP BNsiiKtsAGPygH1MaPzRZg7uoWd/tvs08oKKEkhNat4Lv92K/DP+vgll5upkBiWkHNNTKm3dujU/ KytrlFNIHwPEDYkF4sLBW0CSzk9PSb7SbDLHlbzBhciikgL/1cnp4jlI4q4sKjyyNKqGDUHr1HpC lmbgOPUyHKcaIO6UmoVGZ09UDsTcGLj5Y5H9AcQzuN9/EuzEBShPqUZb1NEadW1O4H5K1vKQV8S4 hxvFgaoeUyVAU6JFr8MNBK4EV+ORKwvg2E8e7enx/M423gS/++Hzv8jt8P1ynZs5gTrB5haUp9uF 45VIBx2mJnosXpFeAin2Q089ibQZOh6lZCleWo0CMzEGj+Hzn8g/4vsw8HdjvBu13xOhi6DxZ2SC nPuQH9HZRiS+eRO5F33qhvJzkCk5nYr+ReQ5rlNaTunbF7iHz8c7/MT1r3W0xzmRsBqHjnpP+CKa YcMViL34MQDWkJJIemyaqxCPx7MbkrcL0+0Eb9R5O9raNNRhVfKmgrdDY1IyIHlLBXiLEJc1ZJ0K EFdfJIsZOT17Xp67fDn3BSMZHDA4cBw5oOfNnseAT/J4BAstN/i4SdPH6YqCDO7KzWsYciIAbiDK r9QhPdJDf1x6q7sA+k/dK4JQShAzkafhWir6k9CRVBhdCfUT7fyE9nrjfgI6BmjkMayeRKkLgcDx BHB66DzeZSJJQqPSpAGX6zEmz6HQ+/g8B9cQ57haEyWXlIDegfw92piPNmo8LBLaobSOEuLn0B6l 4boSyr6FewkUX8NnD/xdleNyXW3W5kIEcS27deNR+sepaWlDwnXiQpI3gjcXYsSmqzpvlpiSN4I3 +H1b5AB4S06v+1xKWlo5yVtFXpWBuJSU+hDVfwpnv5fB2a8hiavNk8qgvdZzQA8w4CaQhsxjwO91 9ngIypVQF0eT4FEPiW/ncRPKk6Y+yP+KW/jELUD9od3o/+/oD4+k8PKs6rH971iRTLCNtiegvRn4 fA1/bz9WbRvtROXAPfhlLfJY5NermU+UeqVRuofxpvTtVXz2wt+cezWZ+IL2eyLgLUQM7uGLDY+i KTEk8DRSDA5sBYjLAogD8lclcQRxZeDN693ldwG8pdlH02CBTnor+nkLVa1J3hY69uHYtEHd52Cw EBO8he4LHafCKXD95GTjONWYrAYHjjcH4gI4Sg+wyFIhfiCyXgBHvbfQ2z8NEa5DHVmoi0rN8RL1 xqjsXJvf7gjgZrKj6LMHff8cX/+EfMwAnNb2UrRNySfB40vxGG/8XrMc0OYC9cQuR65uAFdGPNp5 AeNOowYa+lD3rkYS2uCzSp1LStgrm6hmQHrvr4KEurJt17r7wo9TKYljJAWvx7PTr3gvsmekjDab TPepft60CAsVO0hr0xKHY2Epdd4ayNB5S7uyMMKxaTTGlEVsAIiDYtyMLj0hiVtuSOJq3UQyCD4p OBAXwGm9pL7DYOSp8XqNhZg6ODy+u1sr+xs+KQXg/Z/Gux+/D0KmblsiR646qj02RdB/GhI0Q6YR QShx0x6H31qhX/GsHKub0JWokBamRjoxOMAXk6sxF+w1cIwa3kO+MCxDO3PQTmUsYPVwawwK/YL6 N+gpHKUM+UHVAqpc1PiRbxXoPGFuLTtOVfxfWCzWNojxenF6CsCbGQYLmlQuErEEb6UlJYtKCw9f nZJZ77mU1NQrC8MMFvR2MMywob7dYv/McDGil3NGOYMD1csBvQBuIZq9gfouWKzjWRr2RFkqG6s+ g1Dej/uW4uvFyHoAHK1XK6vwX73cqVxt3Dh/Rb/LjA60Yy1aH1KHRbeeUOWaP+ou+qCjhaWRTgwO 0MSPvvLoY7G69eDKeog5txvPHY8m/4XPZTqe28pwZyhu+qQyN4bdQ37wGHVXFes5pW7ncaotp+8l 5rTSBunJ6TcAvN2tB7w5Cg+PScnEsWklwVuIyWGGDfVwzfATd0rNPqOzJwoH9AI4Wrdxs+mLTCuy WInWp3wrD1fYp4XaU9hILLge1cINv1OBnm/i954oDEqEDk36eBHueTDCfe/h2i0o8zRBbSL1VrEs gcIpab1XRb7V1O2UUPO5o1VljSbMs/cw30aikeeQ+WJRbQn10rk0XZwsqUqloJG6e2uqUsepem9u 7uLDfc4Z/CAMFu6IB96cODZ17IfkLTsoeYtkbZooH8MMG+rBCPZzSOIuNpz9JspFo7zBgcpzQBeA 0xTieUzCN+6oAA6LOq0YByL/uwJJlMDRco/GCbH06M7A73QGWluPUuhuhTyI5BZhJq7fj0w/WMey f2eivfmVnyLGndXMAR5nU0WAvvaORboFjSynsQCNBqqxwUaoiy91VYr8UI30nFJV/eUvf7H/vPrX V5OSbOOKigqjGiwEj01LFzgK/WND4C0W2EuUiWHHqQD0AYI4RmwwXIwkykijvMGBSnBAF4DT6iUI GE+Qpr01R2qOzjwZhqccYEB5RiNYh+s0bogF4Kj/Rj9k9AFXGxOPgr4D/UdZ/uHaIfCAfack5JgA OLRHXbw2yBMTYKYev2kJVFfpolWlo6r3V5rwODdegt9n11TlFevFvDuIeXAXrr/I+Ye/GdKqOhId LdPdTEI+46qjYaMOhLjIz5e9Po/ZquDQAs52geCOYotqbep0zHcUHhqXnFH3+ZSU1CvCnfRWFx/D JHF1hOKZBWe/I+HsV6/BW3WRUWP1TM6ZJLdybamHtxV4FLA7btn6WkxjvHdyxmWKfFeasNvcW2yt Dk3JnRrxBATlMlAuneXM9X2FvnxzI6cPz5PNLuz5zsLx+6ZFdDv1cssbGwmnUzKn+WwWs/kw4p0E nHYB7y52nSctTimtV6uDxWv3pgkX7tR1n1OyO4V3i2tjfqusdnWE04WJ5ywev29OQSTGT540SWr1 8d56mKg4cbAx/B1bqoO+KYLxaeKmfJPLZlP5bHO5gCmy4p9agSeI/aak1W90eOzyqZ6XW47KErYs 6Zbc12ornojLpUQAHP3B8WizLXI0R6QEaNT1ivRWzvt5hBgLADJ6wcK4VAcLUNJV48dQOmlhDCMe KfGImS4ioiU6NqanfLp74KSu6fQsGuCmTUMSPYkLgC5ff3oqq0KZkFPhKlShb5moSgOJ3otxJ3gn qH4z0XurUh7j/xnaprXoa8h06VMdiWPEZzChiA3V0bBRBxxLTpvmQMD7cQG/4kxNT7+u1FEiaJEa SpqrkPl+t2MswNt/YLE6qibAW6i9I5K45CwASho2MOzWSQHiGrk2ZPhk22xbelYzpbiAHgVujjUH /V7xmKlx08v8xYe3tcrfch7KFkQq7/OJv5sbNbk+UJy331dcf1ggUDg+yWa5UwR8TiUzaffr9lHX Ttj6ya/h977V+ppnk5LEFVKSLUnxuRD20H5RIMV5vS059caAqzQMwOFr6C+5nNtKSTInSc5lGy+0 mqx3y8kpgwIeB0rGcm0ZEJLFJvlNrg3N0jrd7Be+D0yNmpzmL85n6EW+HB6VWn2cnxzwuT6VGzdt Fyg8hH1P/jrJYn5T8XkUYY7/bi0nNzQnlZTwxEpI6Q0fDZQWh8XYjtK3dLMkAq6AL3/niHfaXqdY Fd/tisftf73tuDcm/DGNamAnXUoEwP2O3lMhnseg0QAc9d9mR5HQUSo3Cbkj8lFxOrHB4A1CDX6t V8mfUq4rcR/DFentB8utBX3P1cBI0mkxA8rzuDha+g4/UGpBtx6JxHTU+WYVbBY8oXSELiQIFvRu 2ATDNHZgJAfSqGdjDj31z1TREjGcX3xQORf+Czr4BqqHjor8Jr+on8WVIiHe6ZwX8VegChWhL5fi Ev2zjQev9LjT0UmK7mK3oyTDV92O9iuqOOiuxCh44nAAAe/9AHEThKRICLN1LdyDqO5DQuCtZN+h cfb6dVTwVoxj1ppOQUlcKWOn1pElMQMg7rKTAsQ5bSYpVbSQbakN/CUFXFdiJ0VkS/bUhqL4sOJ0 2aOGBJQUpT7LKcX5qU6Xy+RqlPFU+oHCrqY6DS8D0MmWFf9n77QcN3T81mmqD8+32l4zRUrOmCiZ LQLgCYMt7hyf+9r2N9tc086c1aCRBBAfSorXJRQvlnFJFrINatD4VBMGBu3yo2AAAC2NSURBVGBM yHs3p0Ck1UhKsjeiAFdOoqp05KS48U6PNoXbXWyxeC1+n9RCSmb/ChjeLlqSsEg2V/lQmNdAkQOp cpKtsfD6hGRNEpKJfsejJ1NmqvCWFqv1m+vVbegvoHp8MCk+NwS9FOOhL/YUvC9oLDbj0+sV/sJ8 Ohdvid/XoGs2OSD6QSK4YsrUqQmv27EH+vj/qhf40JpUoTUbSB6O/E5F0vEb4062Qo4Y25BHNyhD FxoEL5ECrVN6xc2bbi/0JM5Irko8EtLbD440w/nURKJvr5hWtuCBDzygQQePWhMBcLo8/6NuTngC NsaapCTtUrRZoLOzBErkPyWowacjfgqV0SUUj1+dWoJ1UlzOUFUcXz10VKw6HLRV5v54pOqqE+NB fU7qPN6A3A2ZsVAXxqu8Jn7nsT7ooeTgI3x+hb//qIl2jDqPLQcA4gKTJk26/ouvvlPg0+062WQS jpKSeYht+id7gzr/gQ7c5TUpeavY2zCduLrYLRk79XIcpy46tlyp5tbsLhxQ29wEDehT3FMfRUge FWAoeFm3xQrlJ3mDQES47E6n9ZbFr5VOzsm5skV+z3fk1Iyxsj2tjd9f+ClA3GV+WYbUzQ4BSADg Le9wwOu7eMLWaUFVHEX6yLt35x4l4Fdpk0xKQAmIoaak5J4AX56Ax/U2YuMexq1APPgmmWWTMG/D jbKCgoqrdK/fWTpNEQrW3fJbDesSAWW0nJrVGncHQxOiX0FeKPHUJ9RyuMUrCdmveIIREgOOgk9Q J1SqgCajpICjMEn2BeZ7zdjbd+98LuD1q4xS6VGkfpLZOkDxeYVSdPgtRRL7RAB1AauiiN8cCGwJ yKKFIst1wYmm+CFWSM5qnizHtjq9wCdEFY9BH8IGEMmalAr8PDqlpC5amocfGKWB0qGKaSAuUDqm 13M8zu4FN6JIdR1TLoIflCrSqakeR720Rv0a97QE7Vt1EMqJewfK0w1LNCBHwMJoGZRcUTr6NvLr qD8R6RMjRhzGPXrDbukgvVJFCLI5B0BKpUOPUQrZCXWQZ7rAVgKU8jW3H+qPpajNNz0+W42RtyFz ob2T+mgJtFPtRdH+D6D7XW1+MF5ujSe0Rz5wTuGNWAXm4Sk0NlQneBX0lTsuqnHiTpIGpkKyAD7f MPurb20mk6kFYptea08HeEs7tuAtxM4jLkaS60IniWG3LkfYrdoN4mp6rtiDQG8KpKqTc8T4FsU9 hZyaPlayJXf3u0rgkktpBPRCqVppwB+4ugy84Z7rN7/zGT6Yy9Kbbf+kQPrVE+DMLVuVB6/Lfe8o wcUbbf5kx3EqJFjS1us2vcsoMRHTm23GdZWT01r7SgqxNldBiKWK+kyAt+451rqtPvQV50cXw0HH E8R4Juybxv1PdUkWSm+1HncnjpAHiIBf+D3ywxO2vnXUPgrQ+yVUCi6H4PGgO2D79GSUvpEfiQI4 bkQMzk5ntasrjDY3y8WUMsWY65Q+TcBi0wjlcH5fLvFoVg8ACt3EmUSXDCdCokSN4DOugjjKrNck kYzWoOe4mGO0AJnSvWjjxTchSnj+gkxrw8oobZKfMo+ycf+xspCMNnbc2AlGIyrx6hxwztOaSJTl 08n0v7TKIwFEAmdK33hU+Qb4SdB+oqTJIIRAbhLomlpFojhn4q3oXIj5snXkDORIo6H7Kb2m5N0A cJUcEJ6QbN644ZqsrFZ1M+pnvZORkXFuQUFBJWur+m1lx6nJyXWTAeJOmuPUqrMmbg1BEHfFNaeV 7nAIk/kmyWrn6RbOR7z7/a7S8RO2fhDxlKtCxZD9QUYGmRvOVTLw21EADmeceP74n2J+v+dV1rHL p0eVLipeT0DCwWVc4qMUwNE+4RtqQBWS/II7b+tT+DPK8bIUMDWuI/mLC5+BbI2h+solRch2HD+r 1yzCy33iqIRjZ/b3v5Wlt7bclxCAwyJB56Db0Dm6EykDcLhG6c+ZyFSSjpWoTM+jvUHIVIBUk3b8 2hxfqSdXqxJo58ZE3b+JCRD+AsrejXv1+ITjWwqBMZVnY6UvUF9XFHgG+boEaDGKJsYBSip3YTzK vfFGqoKSalx/EJ+fo3zNKyHp6AfocIEeuhaZi8+v8fdyHbdFK8L1I6qOD29C/Vz0/x6rDU2tILZS TBWIPFVuBWDDy/OWvMz6HfP8fr+QobwebthwrPkQphNHnaST4zj1GDGRlqtvthy3UjJD4x9KZ6oO mseFAU6pyvNaKepNfhhWuNwPy5JSBJ2+EqvJndizSrSlyCZIzbBaQAdOllMgiUuJZDmtgk4cu0qW JHz1RwRnlerESXpTQgBO4wGPjs5BJoIOpYH4QqlDOVFnRZ5xMcdivRDX6ey2DMDh+9nIjPCwqRby mWHD6KrjPPSNVrR6Un0UosSMOZ51DF81IkkvIrUzERfp82sweF3rwLAexp0AZULHo3FJwRi8g7Gg VTKNFygdPSES6FoJuvj8kr6z8LdetYVw+mnQxAWW1tdlUUcq2UFuCHokedV9HF5Jck/c2wDivBed N3Tc7G/mO1JTUyY4YNhw3EEcaIBhA0CcBElcTxg21FYXIxBnKUqsE6bQxNDmqRRIcxVHfbZUHTJV LnV0erP1uBuh7P8C0A4EZX4hAZBDYb+91e387uXscRfdsm9aVZ853ZN4/Na3yvZluD5p4PfgYJJ0 S1JUHbjxuf8pwTGuqsKjKFKqJ5C0OKmkcDQ12IJivwiJXRXKaciPKv5AEl4A9PBadz9OxoKVAXA8 zhtd4aiN7kNWYiPQExqIPrBeotQO5UOuNAbj2qo4x68nKv+vBmG7kLsg630z4bk+lfSvQo4H4HT3 G/zbqW3Mz+GzJ6Utum82CtYUB+5AxYswHu9VUdpV3fQRwNHghUcUpDGhRBUI9IkvXVSnOBZHn3y2 KrNeJdSvk6EwdOICOZMm3Sy+mScQMuuEAXEpAHHYlz/p1q3vOatWLdbr2uiEGRLF78ORpNzwnbbj egO5QPJ81HIv+Xzm9VbFCe16YBdJsbvrJg1+vf51BehEmP6yl3dCrCY3oyJ+xaSCN4vtZckKA0pn iUPyByYokm8U9OEul1MyuiWJgg/eESMugQ+2Yy/Vh3BM7Ql8oADMNoG7jl5eAVOD8rwIWAKBFJgr QMpGDKfQp1shCq0TvuKoL2HwaecL+GDsUDOeA06YeVSdhFRmQSTg4BDSuu5bLOLUb6FC9KM6CaMI mKPK++lWg6k7crhET2dVx7cY+k5JGq1yx2JDS8g5L+6lzuAzmi5SZSQg0TpPvSv6G2McTOo7Gek4 cgDzIhdjTNUCvrT0wt/xHVIeA3pJB+ihVeoSfNL1Dw2UEk3UW+P8T8SiOtE2QvGU/w830ordSDo4 kKuCuByAOCgtp6ZNKIGLCboYOV6Jx6mUBsIqtr4jUPIG3J8MhQWtnhf+40XyUe2q7jSg/oPD6SVB NBbGTwqk4J4DLnWvgtSsCDpjtA7NFrLypaza7oTjFlyhDAqXFJeq5ssf1co0ydsrAG8S2vPCsHTs hM0fzHon5y9f+ksL65pSsgaK5PQBAUn+3zti3Gg4+z32II7EOkG3JC7wK/4LZNVFSfjcgswQl+Dd Bsehbpq+FmX4CocJi/UzRQKPIjidZt/9Pk0wx4+AIXzTM/ETBnBUcMeCn8uJjMxFPxR94Xs9DeL+ fNz/C8ryGPU7fKe1IHXoYln16an6eJS5DI3yKGlJJRr/Gvc8jUy3Kh9V4v6It1CKCZ7ehh+pE/cR /o7ksqW6mjPq0ccBGgtcinwX8gnzooK5sRFz5G+g6WVNYkuJWiLpYxR+F/dm8blO5MZEy6J+WrAb KQEO5E7NDQAo3QxXEfQTd0PIT1wCVVRrUYK4kuJi+qnrC48VN6JyvmzWgmSTcLiXAelX0Ldaece4 QfrRN8kCU9JSZ5JiEnaWVVOksqEeA1BLFqsIFBxMcwq7/82219xmSq/7goCPNDj3RVueWwjeWBxH kkU4vhwDEDfHlF6vm5yaea5f2fnty2Lc5ThOpeuniskup6ainvxUYfJG8V6gpMmpySKQp+6/+pIN eMwbhxdh/ZOT04W/tIgGXVa4IoEPN0gcValclKSaNQEip2bAXcphCoeOTpJiU8cCfPJ6aBl76qaE AZzGKkrOaDnGNAz5Nyyw+xJg45coS0VqJuq/7cb9PFKsbYnOez8B7fH0d47ql6YPOBM/UFpWbQCO DVEaiE31fXzlAkm3LUY6jhzAeLgxHtSBex+fnC9bjyM55ZoGLXTcrEqDka9FTmQu86VrO/JEZEPa e6IMahgd9BNHECdJsoIg9hNKj7NOHEnzwBIRloQTQde7oK/gBGRbOZLS6vuKPPnW0fC/lgxL0Ojk Wu1wEhdYbpfEL4jY8EWgVIdwjMYJiuKy25wOeDrbBp9tV8qi1O93uQ7AVciP4Y2Nz522753sUSP8 sqWvKDooTEk2uz3NZ4Kl5lEJqmYvBxwl84QX574mVV3nqCQF5NsCxSV14I4tb2NxO10iL4Tvyvcf No8CL2wxeaG1JgUgjZPM230+715r4aHLhY/gLf4hBOarCJgtEY/ZTX7lfaW4cI3fUyIsNj89Apyy qbIAjj59aEXJI8QByHQPkkji2/S9uJ8BsXl/ZSRYibRX7WVBO32/tUOeUIXK6V7iS9TVAhspN8Lq TA+isrWo+1rU/XZ1VmzUlTgHKEHCWND8/1nkkYnXUKN38GVqlQbk6OBXl7EA+hTAPbQwnY3PT/E3 JeuVSVzRT+k36cowTe89jNgwCceps3GceiKAOLfbLZKTU1pikvHFgX4JT+ikudfgiYneRJ3oNXoL h5WLu4+O3/fJPgC2GfHqRugoOMqFzlmMdN3WdxeKBF8lwQs686UApjIpLt16KoWLEPqajeVvVk81 J0WZygI4HssR91+LnIWckMUjFvptWPCpz0ILPYKgN2ohNyk5W4e+VFovB/euAx8I3OgTrlqP1lB3 Ieq+F/U+i88v8XdNRaCohUN33Egm2FmN8RiF8fjkuFFRoWFKz0ETDRl4pE9Jmu54uLiXOnScu5/g cwT+JgDUnXBPBxSmDmxtXAN09/N4F5xadpwKnbi04yuJU6ADpbo4URSq0ZzwAK4mxu7xxx9vCDsA +ncL+HyuP/DcRPV5+fDDD3f0+XybVUn+44/XMft8dcxmM2McuKbcd1+l1/XJzz2XYXM6M1GPB5pp 8n333VcmqUM7DXDNjGsRrV1BUzuf2ZyH9qlCpDvhvi7oC/sLd0bPpZrNxY0efPDBhNYM3Y2dAgUr BeC04z9Kze5E5lt3ZfSs8D4oCDB4fl8Z3zaUEhwXJVhsOuQb3x71Gm7Emko8PiUYrFYAxwYxTtNB 63h85fEY24iVyE8/7jneTnxP2scOvKXl5iSOB6VxJxKvQcvHoInW4P9Bpo9H3RrvuPefuJeubugg mACQUUBinpOgWDbKUXpN4EgjCFqnR00abYWol4YTRqoEB3icCj7e9PlXc1WduOPpYgRHaowA0KVv 376pixcvrorD7kpw4vjfgofjIYSFckHRf7fNZiMIKsHYqBGO8Mm1OCUE6iTZfL/ZLKhH+zs2nm7C bB7sCYhV5oDqnPcAypvCnzfWo63l6jOMv6mD5q74TFodjiE+IXcxy+InuJqhvhn9vPI5BjazdcKZ qvLw449TwCL7XC6qS3Df86Ien2Qy3SYHApRKfhWNm6jLSqwQ+p37pjkpaRLopzrJPrPV0Qdhvagb /OfjPyK1k4JKATitqzxG5UC8xaOUSnSfBhAEFstwf8idSCLV0KHqSEwKbhSViciwFO0mJDkMI47G C9RS/SIRgqOU5eb1APpxHuiJJKangmlkZU59jfPh4PGYHqlPW5TjQkEJTBTF16iN8p43qwGUcE5S qpto+xUJYz30UaanHpbJRNZzjMe5VmkHk+DPq+AxXc+8gM/r4gAd0kO69PSBc0TTnNY3MSKU+geu XYhM1yDxFVXCKkA/pqA/NG6agsxoK5/jcwUyX9C4iDMyBlUmTkc+C/kMZG5AE3CrqqgdLaGu9viN ahcEwC0piah0D0/xG8E7ZfXyJRPO7NlPSYMk7niBOB/9mgmR7XIJquGccgAOfU6DG47PZVn6hZK0 Rx59/D1zkj3j4cef+EXYbC9i8br1kcf+mel1K0/BuNUsS+Z/P/LYY7mQWs5FyM9iBGhPA5za8/Cj j99rTrINfOTxxw8rPt+jAEdXWWz2dpIS4MnO3/G8pJitttthY9ECYOzNB++7bzmka6cB4T0GMWhD vKbNk+UA9lI5Db9PsFhtfXGfhIf/czNiVUFWeiEEps0g8duP8mfDCe/prAfou0CWJBWcgYb7IEec JZssD+OOh4Uc6Asa91uSbEPwW77PI15AHx4x22xbMeb5kCBmg95/QgqbDR9xxlFoFdakqgA4Wp2+ hExl+cokKihSH6gy7gvYHtsdiEynwokoXvNevuFUxREi+fZIJYFnOV6hDr5B/RMXo4V+4kZYaf04 1L8V9dMFQzAcS/S0ET9NQ+5SicEkP6mxq9fhcKwmKMZnCJTKgPrwehmq7UVkPRJFlnkdWY8V5lqU 0wP0YvWR7juod0ZwXhCj4EH8xqNFPW5mKMXWpYgcrT3MlXzMlSvwOyOLJPxShvs/wv3Uj6FxD19y LkEm4NWcJqj94LguRX4C5ZfpnGt8Vl9FZqzlGFrkOmszionVy3+6sVuvvkpqavqNDrgYOdbOfgOM FGEypcMOU78F5Mk1bsAupuG+gL8Fgq9/h0gLWDuVf8Lxxl+Ey1UQsCYvMUuBO6xW0R9HzvsRiOpp GATcgje5ZmCDG690jSABywvAXhO72RQ8YX+SZfNIGLbCbEBZAsDWWGOXE2WXIIZ9F0VS6K91uTUQ OANgbAfG/B0Aty6BgNwA9Z4GQJkmmU0z4UT3YrOE5zYg+/0B8S03u/sffHA9gFu6FBBn42Gm/0jg ToSMDyYTJHLX43pL2aRcDTcqwJmiK/zmvYp2zjeb5eHobAP4FXkZBhtjcK03DFF3IL+G8K5UHzJS JTlQaQCHxZebC91VVCpRVIwb6VahUgn3v4IbmY95QtvhUSSq3D7q+1e0SvAbgUWVEuqIC7JRhgDu uio1VA03gw7qFFISVKWk1aNrfqFsARqj5ChuQln6+0vI51/FSlEH3zqpfhAzoRxBqF66aBke8qsY r+qov6NNgivmSiXcT2kKQecbAHN8KaG0kgs9wWUhfk9Y7UF7USLoNVI1cmDVssU3ndkbkriU1JuO kyQOcTrhz/bUTGbFr3zo86VshB5YNmBXMY4yd0DkVShbrSPMkjIOgMiqyAJfhRVPD4RaeIzoVC6g vhTxJZL7txMP1m8WoUAqLeUCuE3E51pZCsZqhuSsK8DdPQB5lKjz1EpNiiTZUV9z1JWCP/MB5g7D 8rMp6BgDLx7PwAi0uVbeD1CY/vDDT7VDHPoHASRdAGF8ni14w1PxA8jaBEndv/0B5WaTJE9WAsp0 kqoIcwboRTuQ1ynKLq/dvsFS6sSaoEDwCIdwsnIawCbbN1IlOVBpAFfJ9ozbDA4YHDhFOKCBuVPx eKzWjPDqpT/d3L13P5FyjEEcpG9w3OotBMDQ4Wuj1rBTN6FArWsBze62mJ0lADrvAKzxpckLn32r rbK8F0AOJxHSNoCd3yGBqyOZpbvgiPknwKWfgY2CPj8Cgd0BWoMEAdkGSLxyhWz9nyQFOkOqRjWI beBvvl9RNitCogMP1UoctyzHtUtAQy+gwS+ADCkZB8iStwFQDccRaA/cvwHX4I/Xd0Aymf+Kujeh lXXwdpeEe34xI6A82qdEnFYYjNn6NVygzDEl2fsDsC0L+My4z38rwNwunyy+NisBvsgBxwXW4r75 ilm+A6ByEPqNPhmpshwwAFxlOWfcZ3DA4IDBgZOAAyOGD71lztz5CkJd3XysJHEmADifx3vAbPHl nQQsTLgL9993Hw1/aGzA5MPLDlWSmEKnSuHAZhnKvoQyIYMAqnGEUkha/hp02xriODYJIKsp9dBQ YDasSKl+Q131sqRZlpY7bUH9stkm/wnSPossmc73+JxvhNrDb7fiOyV41Hs/KmlWpNdoP4SfelB1 J5T+rX2hWgvTrZHqMq4lxgEDwCXGL6O0wQGDAwYHTioOTJ06RZk0adCtc+bOQ9D51JuPhbNfxL0U bllav3jxT3p0VE8qfoc6o6kR6epbGHiLXt6FuFw2GyR0yi8uuz0hzw6oP/Dww4+vg/raQUjo1oS3 p4E3XXQahY4tBwwAd2z5bbRmcMDggMGBE44DU6dOBYibpII4HKfWuCSOvuDgRiSu49oTjlEnMEEA WjwKLRe9IRFyH3zwvlWJlDfKHn8OGADu+I+BQYHBAYMDBgeOOwfKQNzX86TktNSbakoSl5SUJEoc JQfcZokW9kYyOGBwoJIc0A3gUobM7wKlS6vjm0HlHGnm5EyWtzQe2BPtH3TPG7S5knTEvS1pxOdp Zl9aK0u+bX3B8j5x3SVkj/gh3aH4HzDJ0lluh/cx54KhVbbQi0tkDReALsK1aKI93rTuq+GmTorq wS96+aeTTFpDKuBbTHcsmsNLOrKl/keVLE3DGYh6O+FvOrilmxU6VqbPNjpupl80+kFLMKDNSTE8 RidOQA5oIO6WL77+DhEb0moExCUl2YTL7X4hd/HiSkcROAFZZ5BkcOCYc0A3gINZ8ZswTT4rZciC lo55g7aFKN3ReEDvzLqWn4rzPYwoQP9PNZLMrrThFrv0oTPNlYMG4gLFYrfvJdkiuspm6VFY1MQt XyNEV3+lDDl0NnKVABwARRPUQe/dO6qTRNSbSVCCeunQ9bgmjZY3QcT1yCG/coyeEStRqXgUMsF+ tQA4jY6ZqI+RS+h+hlZjnyLTRQgVlguOK6OMxg0OVOBACMTNmfutkpySXm06cTw2BSgURcVFa5PN reDmoloeMWP8DA6cshzQBeByJv1q2r5EccM/TDG2H8avo5QimMzSlaVF3nyYBEdzRFstzPU5zV/D Z1APe6M9O/W5YVeGehxidPFXAyJazlQLUce+EvrQqqqDW1JNQEN9h4equQsjUR99A/ao5norUx3n 6QGAyd8Aoij10pPocJZuDfRNMT01CtERxTJBh2qlBVpa44ORBYZrbjb01WKUMjhwDDlAEEfrw8+/ oiSuegwbkpOT4aPWVQBfEtctXjxNj3PqY9hjoymDA7WPA7oAXP6WfEomeOyzCGbGDLWjAjil7+d1 RSC1j4/hPSSpYc6kyXLu1GBYrZRzFzBkztnCpxSVOH1zpMXDVXNxSPAYY81n9ilegL9uzfvV/yx3 amc/yneHU8Gz4Egw1zFvcMik+ghH7U74kTHXabR2o68Rjm13NR043OPY8YPZ3qw7QGUHiywWFHwz +I/Mq963+vMb3gQ336n2JOliedj8hs5vB1M6KNLOXzDUJIv2cDi45a4ei76eAusrXk8a8kODLFu+ a9+ciyNaRGEhOxPFGmDDZfxWbsL18EEzbQaJ9+FvOkikd2oe0bVCno/rRTTNxnfyawX+ViM/4Boj RxCEkae2kPk4QwTh7xz8TU/2LEcP5cOQ5+HaUb6S8DvDJg1G/k5zdMp7CJxYLz3cX4X8Q0jKht8G 4m+ODe87AzkZ1wi2KA0KhevicSPp+wx5EPIm3A//Pyo9jOTQDfkrWk/h7yx8H4nMPjIeHkPi8O/m Wr2/otxR4Bm/0T8R2yBIYt+2afUT2AxB5ph8jesMwcR2W+CDEkM6v6UEzYHf1PHEb2P5ifQprsEz eLl0Kf76RLvC+8uiLOA+zmVGG2A8ztVhx6V0Ksr23SjDvvZBZuDluRXqPupPlGd4qF7IdHBNHhVr ks4J+NuM7zTlJ/8J3jhfbsO1H1HuJ3wyViEBJz/n4Jp6tITr/fFB6TG9qmfj+mxco+NL9o2fC3HN CEUTb3CM3yvFAcwthN366ZbuPeEnLj3tZpfTKbzeygXCgIsS4fZ4Ctwuz+XrVi1lrF0jGRwwOFBF DugDcHudWWbJnIqtbboiiccBtjpBF259akrqebjmkxXlO5gU3bn36/O4mQdSh82fiiPXsUpAWidb pDoZFsuD/iELrsHRK33WXGo1K1cgCAc2M+WQ+Fh8hvruxVvZZYgBssZskW5MGb5goWPuoL+G980s mwcCPL66UrTK7n7FP52BxS++aU5t9iuk8iUmk1THG1CeTBn2HY9wFwQUubvZBNeHktQLwFJRhsz9 NtVkfttskhv7vMpu2Sy3+NeyARM9fX8Y3So/q3iHyftDiTeVZtd/isJPArjnCWI0MHUt/qYOE6+v Qe6H/BYywdrbyPSxQxDEQMCzkOlN/yHcTw/a/0OmF34Cov/DtVaokxv735Bv1dpgOCmGImKsWAKb SInAhgCFoa/odJGJPngILgkmCeBuR+6FOqkLxrit7B/Lc/Onp20CRB4XMsQKAQZBJj18E0S+hkxv 3gx3xkQwwXBG9VAfAQXbppNW0k7/RAXIpJV9ZL1H+Q3CfQwZxvBKBB0EmgSm23D9Bnw+hEz/RtQT m4prt4MvH+M7QdHzyPSLxDr74jfymUCJPCTIuhLXGOtV3V3wnSCJ+mUz+TcSjyoXIt+O39rg80Nk Aj6CujtxbT4+6ZeI9zOm693IBLMEWpPw+2x83kywrtVX9oHfyK/nkAk+Gc2C/L8f1y/HJ/tCwBri CXnF39l3AuT9KLcLn4yUweNsgse7cO0atMVN7h7kBsh1kOfjOs+cCF4JNAmAM5GfqEiT8bfBgerk wEqAuG69++6wmJMmp6SmWp2lpbpDb5nNFrgmSRbFxcW/ez2eCetWLa+0lWR19smoy+DAycABXQAO +0064qjZrEmWeV63dxekZNyc1mMfGQXfynMQGQPfhZ3GBfYh84cD5E30esRQGDWovmjSzl34rjAF GF6nU0BWiiwWxF9zK5dZCm2zt2UfHCT7Azemljq67Vt8cSGMFTLM/tQNSUPmf+aeN/iIM0NZ8sCr c0FWVpaSOzU3kDIMm6siDv2t76KxfFNMHjZ/BhwYTiqYPvYb1PFnyZ16folH/MW/aPDq1GELngOd bZIUU5/8b/oXJfX9IdOcGlhlTvZOvWLox3c8s6T/fxXZxI00WuIG/ggypYqUDlL6tgX5POQ1yJSe rAQdS7HJEqRSMkYAR6BBsEIjDyYCPoIQAqSGyNRlo8SKgI2SO0rweO97yJQQzYwkfdPqYj0FWn3a JTXWZAoBIeokWFuNz4n4HI78Cq7PZJ24RrCxAH8TWBLwDNXaJz2km0CCdYUfJaogDbdQOkVJWGd8 p3dt3i9rbVLSdQu+jwwRFPpEmXH4TolfX/y+TrtPwnUq+BMo3hgmWXsAfzPo+9f4pFSUIOZN/P4l rlHS9TMyyR+tgVN6GB+IHIqrOwbfKfUMRQFgHaHvBKYcu6s4b3A/AdYKZEqzPsDflIIRxI3D3x6t Pc7jufhO3lB6x0QwxjrZFnndi9IwlCG4Ilh+B3/3w98MC0baVf07/E3JHsf/Eo2XLPsTvv9d+/1J fD6GTFDNMeiK3JM8w72MGzgAOQ1/V5Q4amQZHwYHqp8Dq5YufuyMs3ovCQT8Uy0W69kWq0V43G7h R0xT6rYxM+GlGVkWVvxusViEA6as+O814Qk8CvDGlyIjGRwwOFBNHNAF4MxCSWdcNqfILzRLqTOx vV+UNOKHlxD4oxMi2d2FraypWRE2HF9aPAezr0Tg2oUAX2WOBD2+wOM4uvwZwAmx1oTZ6wqsd3w3 eCb7kDxs3iVmi0kpllJvAwizSZ5Un8UqpwVcAYKeiGE2ciblyDuWzHOLgDSdmzDrgVch+BSSVOV+ l8hKtwivbLNJKUFFC+VCxHN7Yt+c/uoRqXtx/wLzsPn/weHfrXRiiUvPxeIn2mDAeSrmn4NPSlkI XAg6rsDflMQR0BF0MdG30TiCGpbXyl2Lvykx4+bLo0Uer/IYlVIX3su6Kd15AflC/EYpHcEeJWrx UnDlDCZ+V/9GGwWoZzy+8hiTR3XhEk2OewiIsDglRJvDAFRoXlSsmwCEUiUCqxvxfSE+XyXw0don +IkW6J3g45MQeNNoJIAage+7Q21r9ZC3E5F5JEygRIV/tslE/u9DVucG7qOOGyWHzfg3vlNqRj5X NPQg8KQkiwBqUGje4PNXXJ+JayPxOV1rg30iYGX9K3B9Xhgtk7Uy3Iwo6VSPagnetPLsE6Vic/BJ SSd5K+M7j8sJujh3ODdScI1H1xz/vfj+ED4J/ijFpLEKEyV1BPEq4EWi9IIvCJTG8YWIwDB8jLRi xofBgernwJoVSxfk5OQMTKvb4AJHiecqoLYBkiw1gONXYDW8TyM6ucfj4Wcpjks3uD2urzx+5aN1 yxf/Wv3UGDUaHDA4oAvAIWRtqhSAtCc/SxFpvpnCr1wvl3pvw/Wd7rmDt8LFSD1sPe784uYpabIH AjqUDks+iL8AAgPC7kToNmirCSUsoLWUDsmaE9t0MXYiP17eEClX+nuSWZofO+o1DlSFxA1OTagU GBJtRE7q0W75n0CjArMM/YmSEkrH8pGpl/QmMo9KKVkhGCJwY6I+2J+RKZXLQH4HeSDySOTeyDNY SJP+LMRXgo2OyLRSnIZM6aaq64V8lA6Z1gY/uNkzhyulsI+8FkqqhAzJTjCBNkOKwywT3nf+HZJQ he4lEAs/MmQ7LEcgwmNPHqnehMzjzoG4xu8EE9HGgOCOwKtiYjsV7+HfrIs0hsaYn5QIhv5W564G lFk2RCuPJj2gJ1JA9hBvKoKeUFv8ZJmK9JAOAjFKzjhOTLxGkMfrFcuH6AnVF6Hb6j3kCftTgExA zz79gBwCkpy3vK4m9GkP+sv+Ua+O4P48/H01rldOMSkSVcY1gwMxOJCbm4t5n8u18IucnL4ZaVnm Vh6ftyUinkM1IOANCHlvsixv2rDhl+0FBQXGvDRmk8GBGuSAPgAXgN4ORFwiK19yzLl4Y8qw+Rvt aaa/up1+6ujQEtULUGeH6CsFxWZIsjIjaciCM3CEuoY/J5ulfwQCykb3vOF7IPmihIQbk5ogmVvo 9ytDS4RvmjRvOMGRilx0pnCwEv49eLtPkwZJ0jyTUCZCAjgd0jcHj1CBDyYCAlKfCEYM8wGifIdA H4+CoyUaMFyj5UewaTqxebJ/k5A3ENRoNxLcURpzP/IiXKfkh6COEiHqXPF7KM3CF+p3URfsTpTd h7LkAe/lkR4V4XPwvQO+8/guHChQB4zSMEr5tqJcXXxS92w1K8ffPM6kztoo5JuRX0S+VmuY407p TyiRd2Vjgu8EJ5Qw8Wj1NdTF31mPCnQohQM9PGZ8Dt+JsymFJIAjfSHQSBpIE0Evgc+nLIdrT+He P8LaJl+n4PqlWh/5E6WFpIFHpaSB6ejxLX89BMoo6WOdFZMV9R9GO5Tgcd7y6JM08giVgJlHppSe sR0eifLYPHTkSR4/owHgctMT5T/X+vUEfufYM3GsV5FH+L3sJaMCQXwOCGi3IrtQ9pkINHNMyiSa qIt9IGh8Gd95L3nKccyLcK9xyeBAjXIgN3cx1y2uN+qaYySDAwYHji0H9AK4bGFSpFZbVrpzsddh V1kB0flFPqtP3eR8Qim0SCItS/E2LZg3+MuU4fPfSEqSZlnPm78URgR1YZyQ7ZPF1SyL3TEVOy0l U2oy5dvfC6Q7z8lIsi5Vzl3wi2ySvF5PoMRab+9t0GcLe4OTseH5s/JFvrqRQ9qWpcgSN0E1ATnY 8EOm+ofLKQuTOQul1N99fvP9Fov3E3sd/yLQtNlslltBfSP3YGnJo1l9f7CZZUo8zEsh3uFxWLSk HpEhEVAt0L4TmFAB/z+hmzQQQOBBnTlVrwlpLvK7yLRa3RnWAJXSCbToZHaldn0hPnkEd6f291/w SeMGAgGOlwqQUJ4K8Dxy/Q8+Ke2jBIqgyoS/KRWiAcBylPsUf/+G7zwqpFUqj95ogEBFe+rhEXgx ZYbo0vpAg4MPUSakh8ayBC88BuTRMUHhfuSuyARwTNQPxE+TCaCoy0WaCJIvQ34FeSAydcnIH/bl fY0+6ry9gusEyOwn67xBA0Cp+I6xLANwHH/+HQ6M1N9xfyY+qVNHUB2eCO5Cc539nY6ypJVHs2ci v0bwqN1PMNRQA2YEpzzi/C9+D+nXVahaNV7ph/w17lmFz/rInN8Ekkwci3D6SbdKP+qkBTP1At/G JyWaBzQ638NvM/Gd4Cxc1+0ClOO8IHij1PZZ5IKKBBl/GxwwOGBwwODAyc8BXQAOR6ALcD65PTc3 6CLEZLW8XVroXuVeMDwIRoote5UU3/UwMlf/dswdfFvKufOnW8xST69HOehzlMxyw0CBvyke6X8w PyBwUZMWVeG6zHPnnwNJXg+/T3FDMrb6jnYbfVPC+O/zyYvNsv+6xr527ivFlcrTYsC1/oC5TM8O Om5fybJqBCCcNldBqidtHHzHqbpD7nn9D9iven+IN7/xxRaz6TSfP/BW6beDv+b5VStGkkgbcKXZ Jan6cdESNlQaBhBMUYE8dNxIC05Ka8KlaqziHeRtyMv4hwa2LsFXGiuUJUpTUCeBbfhpMe+lTleo b5TQ0S0FN3vqmrFNNeHa33FtIb62QyaY5PgQEBIkEKjN1MqtRzkaXKjjjfsoCaMkivpWBAiUBIYA aqjuWShD8DIQmcBkDTL/Jhiaj0xwjGMT8RLqW6TVuxr30ECC9xCMbEKm5O578g+fNDrg72cgFyDT eID0PInrBLmU1hEk3oRr5AETdd2uRVZ10pB4pEigFwK8rJcgmqCQIIjGGeX4jGukVZXQ4TfS2Adf RyITSD2Ha6FjUfKCAIl18Wib1qwEbwu1to/60CRi14T1axcKzcL1EPCqSD/nJA06VKkZyv2Ie3m0 Tikg6WG/1XmDxJeAcABHHThO20bIjBZBnhnJ4IDBAYMDBgdOQQ7oAnA4Cv0V0qkyRdSCOf2pfM+s JhxLuvA7Fe/LkuObwdTlYS6XHIsGrcUF5nIJPtwoEWFW05R53MuPJICw7WhDBWhTlvfhLk8JU1kC jQQgKghJnnOxE7+Xo0eT5vHIqVxSQWmu+IHKVfESNkxVcb6MRhgj4Dv11sollOMm/n6FsjxqOypV 3IQJ9sLrxN9l/cJ3AqmKbRE8hgPI0DEeAVw4reWOFVEXQVsoEcwxV6x7DS4wh1LIkIA0EmhG6k/F I5VyPEe783ATc7y21N9RnmOujrv2N4dKPfrW/iYwU9sAENqD8tTPKUu4xiNSSuUmh91D8PRmBBoI lghOmShdViXMelKMflWkn9KzcnMT9/K4OhI9IVpCfWU5gngjGRwwOGBwwODAKc4BXQDuFOeR0f1a wgFKKcNJBXijnhulWG8jG9KqWjKOBpkGBwwOGBwwOBCfAwaAi88jo0Tt5QCPoccA2JUdtdferhiU GxwwOGBwwOCAwYEjHDAAnDEbTloOALjxODl0pHzS9tPomMEBgwMGBwwOnHocMADcqTfmRo8NDhgc MDhgcMDggMGBWs4BA8DV8gE0yDc4YHDA4IDBAYMDBgdOPQ4YAO7UG3OjxwYHDA4YHDA4YHDA4EAt 54AB4Gr5ABrkGxwwOGBwwOCAwQGDA6ceB/4fwjqn/biDr7kAAAAASUVORK5CYII= --_006_ae45cae10fe24054b56af6af5a629f9aluxtrustlu_-- From nobody Mon Feb 24 01:10:54 2020 Return-Path: X-Original-To: pkix@ietfa.amsl.com Delivered-To: pkix@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 367963A0969 for ; Mon, 24 Feb 2020 01:10:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JuHhrtNBhr7e for ; Mon, 24 Feb 2020 01:10:51 -0800 (PST) Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8B133A0968 for ; Mon, 24 Feb 2020 01:10:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1582535451; x=1614071451; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=jrojnSXO+HF7OPwwd3FzEYFvwIg0EV/KPzgPr9GRUbE=; b=UXI+mrzI4Wx3atZHLrueqWo3NaJ6lfEOjweYHUVznwMxO+9CtFA/hfp4 1Ut/ij9ZNMTIFU+2OcrCpnzWfV1AhWofvpEq2lqUYdSAVrrjT53MC3X3v jskkZhnvxOU0wXCQAC4U3R71nV+lSjDB0vQ9r0KX94PNddDvq71SoOnQ2 dym150kT4zWHXbftkOVTe0jll+SIcb4ZHC7c6Bh5l8LofO3Qh7YNirL5u r3TxUFqoKRHhwq1wuziAw2/4xa1Ms+RBrZiGc7Ytr7ASmyBJT2Yz3ZoGl fdrf5br+dkn3em+229hlEdIJzE5HeUc0r4Hc+GQcFieJM1TPxtYhp9HCX w==; X-IronPort-AV: E=Sophos;i="5.70,479,1574074800"; d="scan'208";a="116982224" X-Ironport-HAT: MAIL-SERVERS - $RELAYED X-Ironport-Source: 10.6.2.8 - Outgoing - Outgoing Received: from uxcn13-ogg-e.uoa.auckland.ac.nz ([10.6.2.8]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 24 Feb 2020 22:10:48 +1300 Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-e.UoA.auckland.ac.nz (10.6.2.8) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 24 Feb 2020 22:10:47 +1300 Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1395.000; Mon, 24 Feb 2020 22:10:47 +1300 From: Peter Gutmann To: Thomas Kopp , "pkix@ietf.org" Thread-Topic: OCSP reponses without nexUpdate Thread-Index: AdXq547Yj5JHBOWqRKivA/b474BBgwACl3bg Date: Mon, 24 Feb 2020 09:10:47 +0000 Message-ID: <1582535446443.55285@cs.auckland.ac.nz> References: In-Reply-To: Accept-Language: en-NZ, en-GB, en-US Content-Language: en-NZ X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [130.216.158.4] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [pkix] OCSP reponses without nexUpdate X-BeenThere: pkix@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: PKIX Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Feb 2020 09:10:53 -0000 Thomas Kopp writes:=0A= =0A= >Does it mean for subsequent requests that one of the fields thisUpdate or= =0A= >producedAt must change even if certificate status has not changed?=0A= =0A= Yes, no, and maybe. If you're applying strict CRL compatibility, you set i= t=0A= to the CRL nextUpdate time. If you decide that since it's an online servic= e=0A= another update can become available at any time, you set it the current tim= e.=0A= If you're running CRLs at the same time, you set it to the next CRL product= ion=0A= time. If you're doing batch signing to deal with OCSP's non-scalability, i= n=0A= other words pre-producing responses, you set it to when the next batch of= =0A= responses get signed. If you believe the Martians are coming, you set it t= o=0A= just before they land so there's no expectations of OCSP responses after=0A= they've killed us all.=0A= =0A= If you don't believe any of the above then feel free to come up with anothe= r=0A= interpretation and use that. See long-ago threads on this list for more=0A= suggestions on how this field can be interpreted (I can't remember all of t= he=0A= variants).=0A= =0A= Another interpretation is to do whatever makes sense to you and put it in y= our=0A= CPS.=0A= =0A= Peter.=0A= =0A= =0A= =0A= =0A= = From nobody Mon Feb 24 03:27:26 2020 Return-Path: X-Original-To: pkix@ietfa.amsl.com Delivered-To: pkix@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F6383A081B for ; Mon, 24 Feb 2020 03:27:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gyuAq1AtCH3E for ; Mon, 24 Feb 2020 03:27:24 -0800 (PST) Received: from mx1.luxtrust.lu (mx1.luxtrust.lu [185.69.225.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B33143A081A for ; Mon, 24 Feb 2020 03:27:23 -0800 (PST) Received: from SV-1447WVP05.corp.1447.local (sv-1447wvp05.corp.1447.local [10.82.96.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.luxtrust.lu (MTA) with ESMTPS id 48R0CW2Hqkz25cw; Mon, 24 Feb 2020 12:27:19 +0100 (CET) Received: from SV-1447WVP06.corp.1447.local (10.82.96.76) by SV-1447WVP05.corp.1447.local (10.82.96.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1847.3; Mon, 24 Feb 2020 12:27:18 +0100 Received: from SV-1447WVP06.corp.1447.local ([10.82.96.76]) by SV-1447WVP06.corp.1447.local ([10.82.96.76]) with mapi id 15.01.1847.003; Mon, 24 Feb 2020 12:27:18 +0100 From: Thomas Kopp To: Peter Gutmann , "pkix@ietf.org" Thread-Topic: OCSP reponses without nexUpdate Thread-Index: AdXq547Yj5JHBOWqRKivA/b474BBgwACl3bgAASbi/A= Date: Mon, 24 Feb 2020 11:27:18 +0000 Message-ID: <83b22afec0ed4ced9bdbcc90d6be6e6f@luxtrust.lu> References: <1582535446443.55285@cs.auckland.ac.nz> In-Reply-To: <1582535446443.55285@cs.auckland.ac.nz> Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.82.96.71] x-tm-as-product-ver: SMEX-14.0.0.3006-8.5.1024-25250.007 x-tm-as-result: No-10--18.513600-8.000000 x-tmase-matchedrid: gTucSmrmRMPuo96mfIBuopzEHTUOuMX33dCmvEa6IiGoLZarzrrPmdsb V356Z7V+rhp6tj810/e02s6J8TOQrrxKbSUBo7jQCuDAUX+yO6YpWss5kPUFdMuSXx71bvSLJ45 LyBqJh7q0mAsENODr4j3VnTxtk/KPEvPO5aZGu9urhCEFTnVAD5rMXFchDcicMv8YehqjR1UJFL hkHEcmSlcmup4sNCdTc3cn9RSV9s9Cj5bjhCk9/4SSxX6w03pu6qG5M9QNAO1O+elk6C5rQNN0i v48FC5CqxPr5qDiQQWE8dia6GlRDzTlcOjKUeYRJsXvSOBK3vrlPUem/J5c5AZdkpcZ5vP2yYfo Fmd9ELiD57Cy1hk9vgKuii9yxTyzmsV/pxO5my/M1jffIgQXhhCAX4XPOvyZtXl9IxEPXOqya7S 9hFc8qJvnD9kB0hQHhCqP3/EyOI/lbHXjaXb4vxjDRPpHuqhaU+Pb9sY4d7ObDVHFQhoExi1MHn ltY21OlQyrbycuruxT6t2V0P1GHAgi4HdkwTWaseLlFiOdASghBdUXaqx1XThdESD0qLXTFQl51 n3NhXc5jLtvL+siFmyTEFFaVEke5wuS8mCcA9/iCAiZxTARskGh+IOD+jrWuqWf6Nh7tmHfkKFD +lHaTaB2Jk8cTgr+Q7GHbf2+kKPkbDt/ykGDZqubsOtSWY2QX7bicKxRIU2No+PRbWqfRMprJP8 FBOIaDBbGvtcMofyUTGVAhB5EbQ== x-tm-as-user-approved-sender: Yes x-tm-as-user-blocked-sender: No x-tmase-result: 10--18.513600-8.000000 x-tmase-version: SMEX-14.0.0.3006-8.5.1024-25250.007 x-tm-snts-smtp: 137A11DBD7A2DA5030E121BCFECC1764CC0AA96BBE8A58B5678BDAC113E5A4212000:8 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 x-msw-jemd-newsletter: false Archived-At: Subject: Re: [pkix] OCSP reponses without nexUpdate X-BeenThere: pkix@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: PKIX Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Feb 2020 11:27:25 -0000 Thanks a lot Peter for this obviously very flexible interpretation of the R= FC's "newer" semantics. Hopefully also others, in particular authors of RFC 6960, might provide som= e complementary advice. Thomas KOPP Chief Scientist Email: thomas.kopp@luxtrust.lu Mobile:+352=A0621=A0229=A0316 Office: +352 26 68=A015 - 574 LuxTrust S.A. | =A0IVY Building | 13-15, Parc d'activit=E9s | L-8308 Capell= en | Luxembourg | www.luxtrust.lu The information in this e-mail and any attachment is confidential and for u= se by the addressee only. Access to this e-mail by anyone else is not autho= rized. If you are not the intended recipient, please inform the sender and = erase all copies of it from your system. Internet communications are by def= ault not secure. LuxTrust S.A. cannot guarantee the integrity and origin of= e-mails unless they have been properly digitally signed. Confidentiality o= f e-mails can only be guaranteed if they are encrypted properly using a sec= ure digital certificate.LuxTrust S.A. takes precautions to ensure that e-ma= ils are scanned for viruses but cannot accept liability for any damage sust= ained as a result of software viruses. -----Original Message----- From: Peter Gutmann [mailto:pgut001@cs.auckland.ac.nz]=20 Sent: Monday, February 24, 2020 10:11 AM To: Thomas Kopp; pkix@ietf.org Subject: Re: OCSP reponses without nexUpdate Thomas Kopp writes: >Does it mean for subsequent requests that one of the fields thisUpdate or >producedAt must change even if certificate status has not changed? Yes, no, and maybe. If you're applying strict CRL compatibility, you set i= t to the CRL nextUpdate time. If you decide that since it's an online servic= e another update can become available at any time, you set it the current tim= e. If you're running CRLs at the same time, you set it to the next CRL product= ion time. If you're doing batch signing to deal with OCSP's non-scalability, i= n other words pre-producing responses, you set it to when the next batch of responses get signed. If you believe the Martians are coming, you set it t= o just before they land so there's no expectations of OCSP responses after they've killed us all. If you don't believe any of the above then feel free to come up with anothe= r interpretation and use that. See long-ago threads on this list for more suggestions on how this field can be interpreted (I can't remember all of t= he variants). Another interpretation is to do whatever makes sense to you and put it in y= our CPS. Peter. =20 =20 From nobody Mon Feb 24 03:29:48 2020 Return-Path: X-Original-To: pkix@ietfa.amsl.com Delivered-To: pkix@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D12F3A0829 for ; Mon, 24 Feb 2020 03:29:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8R4LZE0Xo5Eg for ; Mon, 24 Feb 2020 03:29:45 -0800 (PST) Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0781A3A0821 for ; Mon, 24 Feb 2020 03:29:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1582543785; x=1614079785; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=oycfIB4VEc2a7Q5cJZZhwFki4V3NwcwypEQRhUFOhdc=; b=0iGbcWJAHKfiWErZAtkVeZNgOyAlZXayiAezZ3iCaobuYIMcQggVMzhI Ok5jzt/u0Gh+J3YBL9+udacuKMepn5Oqizd11kOdFK86gkWQudbWFLzQb rlVxPm9LjRTkBad4x+pkM8iLq49oVD/7PMR/qXyUa0w2fzLb8mJnmXbA4 jXvDCGwsJKUK4rc0Jm8kQGmLwjKSHoqUg3hgB7kv3dWWPdsmuT+WJY+D+ 3sVzZk6LLVViT/cJJ87AMwn+NJWAR8fyVoqpsa8eMr/zuL9FGvRTDt6Aw 0/rBlIAMF0Wlb52xQNWW4Ew3P1YqRJX/4+wyJsqSYSFNcGa3oRQaIZ0ZS A==; X-IronPort-AV: E=Sophos;i="5.70,480,1574074800"; d="scan'208";a="116996937" X-Ironport-HAT: MAIL-SERVERS - $RELAYED X-Ironport-Source: 10.6.2.4 - Outgoing - Outgoing Received: from uxcn13-ogg-c.uoa.auckland.ac.nz ([10.6.2.4]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 25 Feb 2020 00:29:43 +1300 Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-c.UoA.auckland.ac.nz (10.6.2.4) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 25 Feb 2020 00:29:42 +1300 Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1395.000; Tue, 25 Feb 2020 00:29:42 +1300 From: Peter Gutmann To: Thomas Kopp , "pkix@ietf.org" Thread-Topic: OCSP reponses without nexUpdate Thread-Index: AdXq547Yj5JHBOWqRKivA/b474BBgwACl3bgAASbi/AAAEgzLw== Date: Mon, 24 Feb 2020 11:29:42 +0000 Message-ID: <1582543781851.26991@cs.auckland.ac.nz> References: <1582535446443.55285@cs.auckland.ac.nz>, <83b22afec0ed4ced9bdbcc90d6be6e6f@luxtrust.lu> In-Reply-To: <83b22afec0ed4ced9bdbcc90d6be6e6f@luxtrust.lu> Accept-Language: en-NZ, en-GB, en-US Content-Language: en-NZ X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [130.216.158.4] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [pkix] OCSP reponses without nexUpdate X-BeenThere: pkix@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: PKIX Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Feb 2020 11:29:47 -0000 The point is that no-one can agree on an interpretation, so if one person s= ays=0A= X then the next person you ask might say ~X. That's why I suggested puttin= g=0A= it in your CPS, at least then it's documented for anyone who wants to see i= t.=0A= =0A= Peter.=0A= =0A= ________________________________________=0A= From: Thomas Kopp =0A= Sent: Tuesday, 25 February 2020 00:27=0A= To: Peter Gutmann; pkix@ietf.org=0A= Subject: RE: OCSP reponses without nexUpdate=0A= =0A= Thanks a lot Peter for this obviously very flexible interpretation of the R= FC's "newer" semantics.=0A= Hopefully also others, in particular authors of RFC 6960, might provide som= e complementary advice.=0A= =0A= Thomas KOPP=0A= Chief Scientist=0A= =0A= Email: thomas.kopp@luxtrust.lu=0A= Mobile:+352 621 229 316=0A= Office: +352 26 68 15 - 574=0A= LuxTrust S.A. | IVY Building | 13-15, Parc d'activit=E9s | L-8308 Capellen= | Luxembourg | www.luxtrust.lu=0A= =0A= =0A= =0A= =0A= The information in this e-mail and any attachment is confidential and for u= se by the addressee only. Access to this e-mail by anyone else is not autho= rized. If you are not the intended recipient, please inform the sender and = erase all copies of it from your system. Internet communications are by def= ault not secure. LuxTrust S.A. cannot guarantee the integrity and origin of= e-mails unless they have been properly digitally signed. Confidentiality o= f e-mails can only be guaranteed if they are encrypted properly using a sec= ure digital certificate.LuxTrust S.A. takes precautions to ensure that e-ma= ils are scanned for viruses but cannot accept liability for any damage sust= ained as a result of software viruses.=0A= =0A= =0A= -----Original Message-----=0A= From: Peter Gutmann [mailto:pgut001@cs.auckland.ac.nz]=0A= Sent: Monday, February 24, 2020 10:11 AM=0A= To: Thomas Kopp; pkix@ietf.org=0A= Subject: Re: OCSP reponses without nexUpdate=0A= =0A= Thomas Kopp writes:=0A= =0A= >Does it mean for subsequent requests that one of the fields thisUpdate or= =0A= >producedAt must change even if certificate status has not changed?=0A= =0A= Yes, no, and maybe. If you're applying strict CRL compatibility, you set i= t=0A= to the CRL nextUpdate time. If you decide that since it's an online servic= e=0A= another update can become available at any time, you set it the current tim= e.=0A= If you're running CRLs at the same time, you set it to the next CRL product= ion=0A= time. If you're doing batch signing to deal with OCSP's non-scalability, i= n=0A= other words pre-producing responses, you set it to when the next batch of= =0A= responses get signed. If you believe the Martians are coming, you set it t= o=0A= just before they land so there's no expectations of OCSP responses after=0A= they've killed us all.=0A= =0A= If you don't believe any of the above then feel free to come up with anothe= r=0A= interpretation and use that. See long-ago threads on this list for more=0A= suggestions on how this field can be interpreted (I can't remember all of t= he=0A= variants).=0A= =0A= Another interpretation is to do whatever makes sense to you and put it in y= our=0A= CPS.=0A= =0A= Peter.=0A= =0A= =0A= =0A= =0A= =0A= From nobody Mon Feb 24 04:49:05 2020 Return-Path: X-Original-To: pkix@ietfa.amsl.com Delivered-To: pkix@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18AFB3A0A20 for ; Mon, 24 Feb 2020 04:49:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C90yigvDkupS for ; Mon, 24 Feb 2020 04:49:01 -0800 (PST) Received: from mx1.luxtrust.lu (mx1.luxtrust.lu [185.69.225.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71AC03A0A1C for ; Mon, 24 Feb 2020 04:49:01 -0800 (PST) Received: from SV-1447WVP05.corp.1447.local (sv-1447wvp05.corp.1447.local [10.82.96.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.luxtrust.lu (MTA) with ESMTPS id 48R21k4Vd4z25m6; Mon, 24 Feb 2020 13:48:58 +0100 (CET) Received: from SV-1447WVP06.corp.1447.local (10.82.96.76) by SV-1447WVP05.corp.1447.local (10.82.96.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1847.3; Mon, 24 Feb 2020 13:48:58 +0100 Received: from SV-1447WVP06.corp.1447.local ([10.82.96.76]) by SV-1447WVP06.corp.1447.local ([10.82.96.76]) with mapi id 15.01.1847.003; Mon, 24 Feb 2020 13:48:58 +0100 From: Thomas Kopp To: Peter Gutmann , "pkix@ietf.org" Thread-Topic: OCSP reponses without nexUpdate Thread-Index: AdXq547Yj5JHBOWqRKivA/b474BBgwACl3bgAASbi/AAAEgzLwACzuyA Date: Mon, 24 Feb 2020 12:48:58 +0000 Message-ID: <451e8a8a260640d5858f7dcb6fcf689c@luxtrust.lu> References: <1582535446443.55285@cs.auckland.ac.nz>, <83b22afec0ed4ced9bdbcc90d6be6e6f@luxtrust.lu> <1582543781851.26991@cs.auckland.ac.nz> In-Reply-To: <1582543781851.26991@cs.auckland.ac.nz> Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.82.96.71] x-tm-as-product-ver: SMEX-14.0.0.3006-8.5.1024-25250.007 x-tm-as-result: No-10--19.661800-8.000000 x-tmase-matchedrid: HLMPCFyIyBPuo96mfIBuopzEHTUOuMX33dCmvEa6IiGoLZarzrrPmfHz e89PLksNoYg/qeYu7ouyHAQ4LHNtQYiyP6gHWR1GwrUhv0kAAvHtjZF0DaZLCWA5wZjJx9Gwm8v RekL51zanZc9e41urlJC1TqckX+qaePs/Cx1DJd1LIfps09VJ27vHoEoNlEQfvGAx/1ATZ5vr/4 kj2gjNvwuvmY78pZoLEKiYcQfAT4KeH1x0y0x/SqPdDP4XISMGHfmCperUs2X/MiRbve4ADjwUF T3MiCQn+LeALoqqVEmCvyTTWEZMvOEPdUuOu429k3rl+MaNgxBR3sGN+j7mNPD2ovoq2qto4Zxk PtBlIAhHeQQDmUpegJk0t4TFYrTkHoSVM1aVdxHaize54oCwVAILzOoe9wbadz3bnI4leYX2n2B csltpualO8QSEwd94tNrOifEzkK68Sm0lAaO40B3EEAbn+GRbDvc/j9oMIgXOgl7GwkcgALJrtL 2EVzyom+cP2QHSFAeEKo/f8TI4j+VsdeNpdvi/GMNE+ke6qFpT49v2xjh3s5sNUcVCGgTGLUwee W1jbU6VDKtvJy6u7FPq3ZXQ/UYcCCLgd2TBNZqx4uUWI50BKCEF1RdqrHVdOF0RIPSotdMVCXnW fc2FdzmMu28v6yIWbJMQUVpUSR7nC5LyYJwD3+IICJnFMBGyQaH4g4P6Ota6pZ/o2Hu2Yd+QoUP 6UdpNoHYmTxxOCv5DsYdt/b6Qo+RsO3/KQYNmq5uw61JZjZBftuJwrFEhTY2j49Ftap9Eymsk/w UE4hoMFsa+1wyh/JRMZUCEHkRt x-tm-as-user-approved-sender: Yes x-tm-as-user-blocked-sender: No x-tmase-result: 10--19.661800-8.000000 x-tmase-version: SMEX-14.0.0.3006-8.5.1024-25250.007 x-tm-snts-smtp: 17B8F2918ADA7EBD258C1EE44DB700F94A77167256F8703F745DFAE00003E6AC2000:8 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 x-msw-jemd-newsletter: false Archived-At: Subject: Re: [pkix] OCSP reponses without nexUpdate X-BeenThere: pkix@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: PKIX Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Feb 2020 12:49:03 -0000 Indeed, this makes sense. Thanks, again! Thomas KOPP Chief Scientist Email: thomas.kopp@luxtrust.lu Mobile:+352=A0621=A0229=A0316 Office: +352 26 68=A015 - 574 LuxTrust S.A. | =A0IVY Building | 13-15, Parc d'activit=E9s | L-8308 Capell= en | Luxembourg | www.luxtrust.lu The information in this e-mail and any attachment is confidential and for u= se by the addressee only. Access to this e-mail by anyone else is not autho= rized. If you are not the intended recipient, please inform the sender and = erase all copies of it from your system. Internet communications are by def= ault not secure. LuxTrust S.A. cannot guarantee the integrity and origin of= e-mails unless they have been properly digitally signed. Confidentiality o= f e-mails can only be guaranteed if they are encrypted properly using a sec= ure digital certificate.LuxTrust S.A. takes precautions to ensure that e-ma= ils are scanned for viruses but cannot accept liability for any damage sust= ained as a result of software viruses. -----Original Message----- From: Peter Gutmann [mailto:pgut001@cs.auckland.ac.nz]=20 Sent: Monday, February 24, 2020 12:30 PM To: Thomas Kopp; pkix@ietf.org Subject: Re: OCSP reponses without nexUpdate The point is that no-one can agree on an interpretation, so if one person s= ays X then the next person you ask might say ~X. That's why I suggested puttin= g it in your CPS, at least then it's documented for anyone who wants to see i= t. Peter. ________________________________________ From: Thomas Kopp Sent: Tuesday, 25 February 2020 00:27 To: Peter Gutmann; pkix@ietf.org Subject: RE: OCSP reponses without nexUpdate Thanks a lot Peter for this obviously very flexible interpretation of the R= FC's "newer" semantics. Hopefully also others, in particular authors of RFC 6960, might provide som= e complementary advice. Thomas KOPP Chief Scientist Email: thomas.kopp@luxtrust.lu Mobile:+352 621 229 316 Office: +352 26 68 15 - 574 LuxTrust S.A. | IVY Building | 13-15, Parc d'activit=E9s | L-8308 Capellen= | Luxembourg | www.luxtrust.lu The information in this e-mail and any attachment is confidential and for u= se by the addressee only. Access to this e-mail by anyone else is not autho= rized. If you are not the intended recipient, please inform the sender and = erase all copies of it from your system. Internet communications are by def= ault not secure. LuxTrust S.A. cannot guarantee the integrity and origin of= e-mails unless they have been properly digitally signed. Confidentiality o= f e-mails can only be guaranteed if they are encrypted properly using a sec= ure digital certificate.LuxTrust S.A. takes precautions to ensure that e-ma= ils are scanned for viruses but cannot accept liability for any damage sust= ained as a result of software viruses. -----Original Message----- From: Peter Gutmann [mailto:pgut001@cs.auckland.ac.nz] Sent: Monday, February 24, 2020 10:11 AM To: Thomas Kopp; pkix@ietf.org Subject: Re: OCSP reponses without nexUpdate Thomas Kopp writes: >Does it mean for subsequent requests that one of the fields thisUpdate or >producedAt must change even if certificate status has not changed? Yes, no, and maybe. If you're applying strict CRL compatibility, you set i= t to the CRL nextUpdate time. If you decide that since it's an online servic= e another update can become available at any time, you set it the current tim= e. If you're running CRLs at the same time, you set it to the next CRL product= ion time. If you're doing batch signing to deal with OCSP's non-scalability, i= n other words pre-producing responses, you set it to when the next batch of responses get signed. If you believe the Martians are coming, you set it t= o just before they land so there's no expectations of OCSP responses after they've killed us all. If you don't believe any of the above then feel free to come up with anothe= r interpretation and use that. See long-ago threads on this list for more suggestions on how this field can be interpreted (I can't remember all of t= he variants). Another interpretation is to do whatever makes sense to you and put it in y= our CPS. Peter. From nobody Fri Feb 28 10:39:35 2020 Return-Path: X-Original-To: pkix@ietfa.amsl.com Delivered-To: pkix@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B7DA3A1BED for ; Fri, 28 Feb 2020 10:39:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0RwvXiHky065 for ; Fri, 28 Feb 2020 10:39:16 -0800 (PST) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 671473A0D5E for ; Fri, 28 Feb 2020 10:39:16 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 447E1300B0C for ; Fri, 28 Feb 2020 13:39:13 -0500 (EST) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id a_Wu5GjXT9R5 for ; Fri, 28 Feb 2020 13:39:09 -0500 (EST) Received: from a860b60074bd.fios-router.home (pool-108-51-198-163.washdc.fios.verizon.net [108.51.198.163]) by mail.smeinc.net (Postfix) with ESMTPSA id B5E423005DB; Fri, 28 Feb 2020 13:39:08 -0500 (EST) From: Russ Housley Message-Id: <48F9976F-C087-4695-BA63-8DAA730A4906@vigilsec.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_F9835CB2-E008-47FC-BDB7-E03FF4934CB7" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Fri, 28 Feb 2020 13:39:10 -0500 In-Reply-To: Cc: SPASM , IETF PKIX To: Ryan Sleevi References: <20200227225404.CA7ADF40714@rfc-editor.org> X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [pkix] [lamps] Fwd: [Technical Errata Reported] RFC5280 (5997) X-BeenThere: pkix@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: PKIX Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Feb 2020 18:39:26 -0000 --Apple-Mail=_F9835CB2-E008-47FC-BDB7-E03FF4934CB7 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Ryan: I see the point you are trying to make, but the exact substitution that = you propose breaks the sentence that follows. OLD DNS name restrictions are expressed as host.example.com. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, www.host.example.com would satisfy the constraint but host1.example.com would not. NEW For DNS names, restrictions MUST use the dNSName syntax in Section 4.2.1.6. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name = satisfies the name constraint. For example, if the constraint contains host.example.com , then = www.host.example.com would satisfy the constraint but host1.example.com would not. > On Feb 28, 2020, at 1:03 PM, Ryan Sleevi wrote: >=20 > I've heard word that this may not have gone out to the PKIX list, but = I did want to pass this along with LAMPS. >=20 > As both the current syntax and semantics are ambiguous, judging by = implementation behaviour, I'm totally appreciative that the suggested = change might be rejected or might be held for a hypothetical document = update in the future. >=20 > However, I did want to bring to broader attention and document the = fact that the ambiguity has lead to different levels of guarantees. It = was recently pointed out to me that Apple adopted the "URI-like" syntax, = as discussed at = https://cabforum.org/pipermail/servercert-wg/2020-February/001676.html = = , while as mentioned in the Errata, Go and OpenSSL seem to have adopted = the "PEBKAC" syntax of assuming it's an encoding error. >=20 > Within the Web PKI, tools like Amazon's certlint treats this as an = error, while tools like ZLint inherit Golang's permissiveness. As a = consequence, unless the CA applies both checks (which is strongly = recommended, due to certlint attempting to compile the ASN.1 modules to = offer stricter validation), it's possible that such certificates might = continue to proliferate. As discussed within the linked Golang issue, = there's unfortunately a number of documentation examples that use the = leading period example, and so RFC 5280 CAs that don't participate = exclusively in the Web PKI are even more at risk of the varying = interpretations. >=20 > ---------- Forwarded message --------- > From: RFC Errata System > > Date: Thu, Feb 27, 2020 at 5:54 PM > Subject: [Technical Errata Reported] RFC5280 (5997) > To: >, = >, = >, = >, = >, >, >, = >, >, > > Cc: >, = >, > >=20 >=20 > The following errata report has been submitted for RFC5280, > "Internet X.509 Public Key Infrastructure Certificate and Certificate = Revocation List (CRL) Profile". >=20 > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid5997 = >=20 > -------------------------------------- > Type: Technical > Reported by: Ryan Sleevi > >=20 > Section: 4.2.1.10 >=20 > Original Text > ------------- > DNS name restrictions are expressed as host.example.com = . Any DNS > name that can be constructed by simply adding zero or more labels to > the left-hand side of the name satisfies the name constraint. =20 >=20 > Corrected Text > -------------- > The syntax of dNSName MUST be as described in Section 4.2.1.6. Any = DNS > name that can be constructed by simply adding zero or more labels to > the left-hand side of the name satisfies the name constraint. =20 >=20 > Notes > ----- > Currently, the syntax for a dNSName nameConstraint is left implicit, = and thus has resulted in ambiguities in encoding and processing that = have resulted in ineroperability issues. >=20 > One interpretation is that the dNSName nameConstraint must be a valid = "host name" (as discussed in RFC 8499), which is to say must be a = Fully-Qualified Domain Name in the preferred name syntax. This = interpretation is supported by Section 4.2.1.6, which explicitly states = that for the subjectAltName. As 4.2.1.10 does not define an exception to = this (as discussed in Appendix B), the interpretation, along with the = existing example, would conclude that this field uses preferred name = syntax, and that "DNS name" here matches the "host name" interpretation = from RFC 8499 >=20 > A different interpretation is that the dNSName nameConstraint uses the = modified syntax similar to the URI nameConstraint. That is, it = explicitly permits a leading period to indicate that one or more labels = preceding is required in order to satisfy the constraint. This allows = subdomains, but does not allow the base domain to match. While the = language for the DNS name constraint makes it clear that a host name = with no preceding period matches both that host and sub-domains, the = existence of a preceding period would constraint it to only subdomains. >=20 > Aligning with Section 4.2.1.6 would prohibit the latter = interpretation, as the preferred name syntax does not permit leading = periods. Alternatively, if the latter interpretation is intended, this = section would benefit from making that explicit. >=20 > This has been a source of interoperability issues, with additional = information and discussion captured at: > - https://github.com/golang/go/issues/16347 = > - https://rt.openssl.org/Ticket/Display.html?id=3D3562 = >=20 > While "running code" has aligned in being permissive with a leading = period, implementations have gone and seemingly aligned on a third = interpretation: >=20 > The syntax of a dNSName MUST be as described in Section 4.2.1.6, with = the exception that it MAY contain a leading period. Any DNS name that = can be constructed by simply adding zero or more labels to the left-hand = side of the name, ignoring any leading period, satisfies the name = constraint. >=20 > This seems to support implementations expecting the first = interpretation in the certificates they receive, and seeing leading = period as an encoding mistake, not an explicit desire for the second = interpretation. >=20 > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party =20 > can log in to change the status and edit the report, if necessary.=20 >=20 > -------------------------------------- > RFC5280 (draft-ietf-pkix-rfc3280bis-11) > -------------------------------------- > Title : Internet X.509 Public Key Infrastructure = Certificate and Certificate Revocation List (CRL) Profile > Publication Date : May 2008 > Author(s) : D. Cooper, S. Santesson, S. Farrell, S. Boeyen, = R. Housley, W. Polk > Category : PROPOSED STANDARD > Source : Public-Key Infrastructure (X.509) > Area : Security > Stream : IETF > Verifying Party : IESG > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm --Apple-Mail=_F9835CB2-E008-47FC-BDB7-E03FF4934CB7 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Ryan:

I = see the point you are trying to make, but the exact substitution that = you propose breaks the sentence that follows.

OLD

   DNS name = restrictions are expressed as host.example.com.  Any DNS
 =  name that can be constructed by simply adding zero or more labels = to
   the left-hand side of the name = satisfies the name constraint.  For
  =  example, www.host.example.com would satisfy the constraint = but
   host1.example.com would not.

NEW

   For DNS = names, restrictions MUST use the dNSName syntax in
   Section 4.2.1.6.  Any DNS name that can be = constructed by simply
   adding zero or = more labels to the left-hand side of the name satisfies
   the name constraint.  For example, if the = constraint contains
   host.example.com, then = www.host.example.com would satisfy the
   constraint but host1.example.com would = not.

On Feb 28, 2020, at 1:03 PM, Ryan Sleevi = <ryan-ietf@sleevi.com> wrote:

I've heard word that this may not have gone out to the PKIX = list, but I did want to pass this along with LAMPS.

As both the current syntax and = semantics are ambiguous, judging by implementation behaviour, I'm = totally appreciative that the suggested change might be rejected or = might be held for a hypothetical document update in the = future.

However,= I did want to bring to broader attention and document the fact that the = ambiguity has lead to different levels of guarantees. It was recently = pointed out to me that Apple adopted the "URI-like" syntax, as discussed = at https://cabforum.org/pipermail/servercert-wg/2020-February/0016= 76.html , while as mentioned in the Errata, Go and OpenSSL seem = to have adopted the "PEBKAC" syntax of assuming it's an encoding = error.

Within = the Web PKI, tools like Amazon's certlint treats this as an error, while = tools like ZLint inherit Golang's permissiveness. As a consequence, = unless the CA applies both checks (which is strongly recommended, due to = certlint attempting to compile the ASN.1 modules to offer stricter = validation), it's possible that such certificates might continue to = proliferate. As discussed within the linked Golang issue, there's = unfortunately a number of documentation examples that use the leading = period example, and so RFC 5280 CAs that don't participate exclusively = in the Web PKI are even more at risk of the varying = interpretations.

---------- = Forwarded message ---------
From: RFC Errata System <rfc-editor@rfc-editor.org>
Date: = Thu, Feb 27, 2020 at 5:54 PM
Subject: [Technical Errata = Reported] RFC5280 (5997)
To: <david.cooper@nist.gov>, <stefans@microsoft.com>, <stephen.farrell@cs.tcd.ie>, <sharon.boeyen@entrust.com>, <housley@vigilsec.com>, <wpolk@nist.gov>, = <rdd@cert.org>, = <kaduk@mit.edu>, = <kent@bbn.com>, = <stefan@aaa-sec.com>
Cc: <ryan-pkix@sleevi.com>, <pkix@ietf.org>, <rfc-editor@rfc-editor.org>


The following errata report has been submitted = for RFC5280,
"Internet X.509 Public Key Infrastructure Certificate and Certificate = Revocation List (CRL) Profile".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid5997

--------------------------------------
Type: Technical
Reported by: Ryan Sleevi <ryan-pkix@sleevi.com>

Section: 4.2.1.10

Original Text
-------------
DNS name restrictions are expressed as host.example.com.  Any DNS
name that can be constructed by simply adding zero or more labels to
the left-hand side of the name satisfies the name constraint. 

Corrected Text
--------------
The syntax of dNSName MUST be as described in Section 4.2.1.6.  Any = DNS
name that can be constructed by simply adding zero or more labels to
the left-hand side of the name satisfies the name constraint. 

Notes
-----
Currently, the syntax for a dNSName nameConstraint is left implicit, and = thus has resulted in ambiguities in encoding and processing that have = resulted in ineroperability issues.

One interpretation is that the dNSName nameConstraint must be a valid = "host name" (as discussed in RFC 8499), which is to say must be a = Fully-Qualified Domain Name in the preferred name syntax. This = interpretation is supported by Section 4.2.1.6, which explicitly states = that for the subjectAltName. As 4.2.1.10 does not define an exception to = this (as discussed in Appendix B), the interpretation, along with the = existing example, would conclude that this field uses preferred name = syntax, and that "DNS name" here matches the "host name" interpretation = from RFC 8499

A different interpretation is that the dNSName nameConstraint uses the = modified syntax similar to the URI nameConstraint. That is, it = explicitly permits a leading period to indicate that one or more labels = preceding is required in order to satisfy the constraint. This allows = subdomains, but does not allow the base domain to match. While the = language for the DNS name constraint makes it clear that a host name = with no preceding period matches both that host and sub-domains, the = existence of a preceding period would constraint it to only = subdomains.

Aligning with Section 4.2.1.6 would prohibit the latter interpretation, = as the preferred name syntax does not permit leading periods. = Alternatively, if the latter interpretation is intended, this section = would benefit from making that explicit.

This has been a source of interoperability issues, with additional = information and discussion captured at:
- https://github.com/golang/go/issues/16347
- https://rt.openssl.org/Ticket/Display.html?id=3D3562

While "running code" has aligned in being permissive with a leading = period, implementations have gone and seemingly aligned on a third = interpretation:

The syntax of a dNSName MUST be as described in Section 4.2.1.6, with = the exception that it MAY contain a leading period. Any DNS name that = can be constructed by simply adding zero or more labels to the left-hand = side of the name, ignoring any leading period, satisfies the name = constraint.

This seems to support implementations expecting the first interpretation = in the certificates they receive, and seeing leading period as an = encoding mistake, not an explicit desire for the second = interpretation.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
= rejected. When a decision is reached, the verifying party 
can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC5280 (draft-ietf-pkix-rfc3280bis-11)
--------------------------------------
Title               : Internet = X.509 Public Key Infrastructure Certificate and Certificate Revocation = List (CRL) Profile
Publication Date    : May 2008
Author(s)           : D. Cooper, S. = Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk
Category            : PROPOSED STANDARD
Source              : Public-Key = Infrastructure (X.509)
Area                : = Security
Stream              : IETF
Verifying Party     : IESG
_______________________________________________
Spasm = mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

= --Apple-Mail=_F9835CB2-E008-47FC-BDB7-E03FF4934CB7-- From nobody Fri Feb 28 10:52:28 2020 Return-Path: X-Original-To: pkix@ietfa.amsl.com Delivered-To: pkix@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24CBB3A0043; Fri, 28 Feb 2020 10:52:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.398 X-Spam-Level: X-Spam-Status: No, score=-1.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id whVB5nkpT78f; Fri, 28 Feb 2020 10:52:21 -0800 (PST) Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com [209.85.208.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF46D3A00B0; Fri, 28 Feb 2020 10:52:20 -0800 (PST) Received: by mail-ed1-f53.google.com with SMTP id c26so4515041eds.8; Fri, 28 Feb 2020 10:52:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MSNSRKjoyzTGtYvz6dR00ka9cPyfK0J09Wis2MJ9kWs=; b=CLdp+RPNnOVC1+HwhIdaQ2XBb0Dofhp8CxTN/4L5cfVfaydzP+zmXMu2fdRgOiOK5D 9WbQlqgOSxVGUnA3Pg7suofdBZ4djke3LmEvPnClNRAGzK03wsSvqQX4b8OMYXDeXZMw 6CArSU68YcgFLngtt9CDBr+pNjmZpunluracPJnVKelq2maiduQWYeR2oNeNqOzNZXkC 4ARmOKl+BZ7ZYvCNarqWNIXx6OuSxE4zRrDeuqkSR2aT2dz9m6FPEhhd/2Yby73ZWfKE ynDlzK5g3PdwRwVGQAUMEwJgfp3n92YQqOo6j6sFK0sSfiZWyOnaH2aK4JS33QIFmc6n PhuQ== X-Gm-Message-State: APjAAAXxXyu1F1wwiQnBk7Dc15kdf24ROBi59EGn213CW5MfeHqucTrL kifHVjHakDw3BCFFsCcVY9rSiCsR X-Google-Smtp-Source: APXvYqwQACk205jC2PjdFHqq1VF6wrllY+HeGNlJSmVii5WT1565HQfPkGBjcGCaj7JmObmtPI/K7A== X-Received: by 2002:a17:906:6d03:: with SMTP id m3mr5148247ejr.39.1582915938737; Fri, 28 Feb 2020 10:52:18 -0800 (PST) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com. [209.85.128.54]) by smtp.gmail.com with ESMTPSA id l9sm115234ejg.42.2020.02.28.10.52.18 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 28 Feb 2020 10:52:18 -0800 (PST) Received: by mail-wm1-f54.google.com with SMTP id m3so4383648wmi.0; Fri, 28 Feb 2020 10:52:18 -0800 (PST) X-Received: by 2002:a1c:9c4c:: with SMTP id f73mr5831973wme.125.1582915937880; Fri, 28 Feb 2020 10:52:17 -0800 (PST) MIME-Version: 1.0 References: <20200227225404.CA7ADF40714@rfc-editor.org> <48F9976F-C087-4695-BA63-8DAA730A4906@vigilsec.com> In-Reply-To: <48F9976F-C087-4695-BA63-8DAA730A4906@vigilsec.com> From: Ryan Sleevi Date: Fri, 28 Feb 2020 13:52:07 -0500 X-Gmail-Original-Message-ID: Message-ID: To: Russ Housley Cc: SPASM , IETF PKIX Content-Type: multipart/alternative; boundary="0000000000002fcf12059fa75634" Archived-At: Subject: Re: [pkix] [lamps] Fwd: [Technical Errata Reported] RFC5280 (5997) X-BeenThere: pkix@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: PKIX Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Feb 2020 18:52:25 -0000 --0000000000002fcf12059fa75634 Content-Type: text/plain; charset="UTF-8" Thanks. You're absolutely right, that was an oversight on my part. I think the higher-order question is what the syntax is "meant" to be, as the use of an illustrative example alone has lead to confusion. Even if a future revision retroactively 'blesses' ".example.com" as an ambiguity within 5280, the semantics of that are also ambiguous. On Fri, Feb 28, 2020 at 1:39 PM Russ Housley wrote: > Ryan: > > I see the point you are trying to make, but the exact substitution that > you propose breaks the sentence that follows. > > OLD > > DNS name restrictions are expressed as host.example.com. Any DNS > name that can be constructed by simply adding zero or more labels to > the left-hand side of the name satisfies the name constraint. For > example, www.host.example.com would satisfy the constraint but > host1.example.com would not. > > NEW > > For DNS names, restrictions MUST use the dNSName syntax in > Section 4.2.1.6. Any DNS name that can be constructed by simply > adding zero or more labels to the left-hand side of the name satisfies > the name constraint. For example, if the constraint contains > host.example.com, then www.host.example.com would satisfy the > constraint but host1.example.com would not. > > On Feb 28, 2020, at 1:03 PM, Ryan Sleevi wrote: > > I've heard word that this may not have gone out to the PKIX list, but I > did want to pass this along with LAMPS. > > As both the current syntax and semantics are ambiguous, judging by > implementation behaviour, I'm totally appreciative that the suggested > change might be rejected or might be held for a hypothetical document > update in the future. > > However, I did want to bring to broader attention and document the fact > that the ambiguity has lead to different levels of guarantees. It was > recently pointed out to me that Apple adopted the "URI-like" syntax, as > discussed at > https://cabforum.org/pipermail/servercert-wg/2020-February/001676.html , > while as mentioned in the Errata, Go and OpenSSL seem to have adopted the > "PEBKAC" syntax of assuming it's an encoding error. > > Within the Web PKI, tools like Amazon's certlint treats this as an error, > while tools like ZLint inherit Golang's permissiveness. As a consequence, > unless the CA applies both checks (which is strongly recommended, due to > certlint attempting to compile the ASN.1 modules to offer stricter > validation), it's possible that such certificates might continue to > proliferate. As discussed within the linked Golang issue, there's > unfortunately a number of documentation examples that use the leading > period example, and so RFC 5280 CAs that don't participate exclusively in > the Web PKI are even more at risk of the varying interpretations. > > ---------- Forwarded message --------- > From: RFC Errata System > Date: Thu, Feb 27, 2020 at 5:54 PM > Subject: [Technical Errata Reported] RFC5280 (5997) > To: , , < > stephen.farrell@cs.tcd.ie>, , < > housley@vigilsec.com>, , , , > , > Cc: , , > > > The following errata report has been submitted for RFC5280, > "Internet X.509 Public Key Infrastructure Certificate and Certificate > Revocation List (CRL) Profile". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid5997 > > -------------------------------------- > Type: Technical > Reported by: Ryan Sleevi > > Section: 4.2.1.10 > > Original Text > ------------- > DNS name restrictions are expressed as host.example.com. Any DNS > name that can be constructed by simply adding zero or more labels to > the left-hand side of the name satisfies the name constraint. > > Corrected Text > -------------- > The syntax of dNSName MUST be as described in Section 4.2.1.6. Any DNS > name that can be constructed by simply adding zero or more labels to > the left-hand side of the name satisfies the name constraint. > > Notes > ----- > Currently, the syntax for a dNSName nameConstraint is left implicit, and > thus has resulted in ambiguities in encoding and processing that have > resulted in ineroperability issues. > > One interpretation is that the dNSName nameConstraint must be a valid > "host name" (as discussed in RFC 8499), which is to say must be a > Fully-Qualified Domain Name in the preferred name syntax. This > interpretation is supported by Section 4.2.1.6, which explicitly states > that for the subjectAltName. As 4.2.1.10 does not define an exception to > this (as discussed in Appendix B), the interpretation, along with the > existing example, would conclude that this field uses preferred name > syntax, and that "DNS name" here matches the "host name" interpretation > from RFC 8499 > > A different interpretation is that the dNSName nameConstraint uses the > modified syntax similar to the URI nameConstraint. That is, it explicitly > permits a leading period to indicate that one or more labels preceding is > required in order to satisfy the constraint. This allows subdomains, but > does not allow the base domain to match. While the language for the DNS > name constraint makes it clear that a host name with no preceding period > matches both that host and sub-domains, the existence of a preceding period > would constraint it to only subdomains. > > Aligning with Section 4.2.1.6 would prohibit the latter interpretation, as > the preferred name syntax does not permit leading periods. Alternatively, > if the latter interpretation is intended, this section would benefit from > making that explicit. > > This has been a source of interoperability issues, with additional > information and discussion captured at: > - https://github.com/golang/go/issues/16347 > - https://rt.openssl.org/Ticket/Display.html?id=3562 > > While "running code" has aligned in being permissive with a leading > period, implementations have gone and seemingly aligned on a third > interpretation: > > The syntax of a dNSName MUST be as described in Section 4.2.1.6, with the > exception that it MAY contain a leading period. Any DNS name that can be > constructed by simply adding zero or more labels to the left-hand side of > the name, ignoring any leading period, satisfies the name constraint. > > This seems to support implementations expecting the first interpretation > in the certificates they receive, and seeing leading period as an encoding > mistake, not an explicit desire for the second interpretation. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC5280 (draft-ietf-pkix-rfc3280bis-11) > -------------------------------------- > Title : Internet X.509 Public Key Infrastructure Certificate > and Certificate Revocation List (CRL) Profile > Publication Date : May 2008 > Author(s) : D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. > Housley, W. Polk > Category : PROPOSED STANDARD > Source : Public-Key Infrastructure (X.509) > Area : Security > Stream : IETF > Verifying Party : IESG > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > > > --0000000000002fcf12059fa75634 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks. You're absolutely right, that was an over= sight on my part.

I think the higher-order questio= n is what the syntax is "meant" to be, as the use of an illustrat= ive example alone has lead to confusion. Even if a future revision retroact= ively 'blesses' ".example.com" as an ambiguity within 5280, the semantics of that are also ambigu= ous.

Ryan:

I see the point you are trying to make, but t= he exact substitution that you propose breaks the sentence that follows.

OLD

=C2=A0 =C2=A0DNS n= ame restrictions are expressed as host.example.com.=C2=A0 Any DNS
=C2=A0 =C2=A0nam= e that can be constructed by simply adding zero or more labels to
=C2=A0 =C2=A0the left-hand side of the name satisfies the name constraint.= =C2=A0 For
=C2=A0 =C2=A0example, www.host.example.com would satisfy the constr= aint but
=C2=A0 =C2=A0host1.example.com would not.

NEW

=C2=A0 =C2=A0For DNS names, restrictions MUST = use the dNSName syntax in
=C2=A0 =C2=A0Section 4.2.1.6.=C2=A0 Any= DNS name that can be constructed by simply
=C2=A0 =C2=A0adding z= ero or more labels to the left-hand side of the name satisfies
= =C2=A0 =C2=A0the name constraint.=C2=A0 For example, if the constraint cont= ains
=C2=A0 =C2=A0host.example.com, then www.host.example.com would satisfy the
=C2= =A0 =C2=A0constraint but host1.example.com would not.

On Feb 28, 2020, at 1:03 PM, Ryan Sleevi <ryan-ietf@sleevi.com> wro= te:

I've heard word that this may not ha= ve gone out to the PKIX list, but I did want to pass this along with LAMPS.=

As both the current syntax and semantics are ambiguous,= judging by implementation behaviour, I'm totally appreciative that the= suggested change might be rejected or might be held for a hypothetical doc= ument update in the future.

However, I did want to= bring to broader attention and document the fact that the ambiguity has le= ad to different levels of guarantees. It was recently pointed out to me tha= t Apple adopted the "URI-like" syntax, as discussed at=C2=A0https://cabforum.org/pipermail/servercert-wg/2020-Febr= uary/001676.html=C2=A0, while as mentioned in the Errata, Go and OpenSS= L seem to have adopted the "PEBKAC" syntax of assuming it's a= n encoding error.

Within the Web PKI, tools like A= mazon's certlint treats this as an error, while tools like ZLint inheri= t Golang's permissiveness. As a consequence, unless the CA applies both= checks (which is strongly recommended, due to certlint attempting to compi= le the ASN.1 modules to offer stricter validation), it's possible that = such certificates might continue to proliferate. As discussed within the li= nked Golang issue, there's unfortunately a number of documentation exam= ples that use the leading period example, and so RFC 5280 CAs that don'= t participate exclusively in the Web PKI are even more at risk of the varyi= ng interpretations.

---------- Forwarded message ---------
From: RFC Errata System <rfc-editor@rfc-editor.org>
Date: Thu, Feb 27, 2020= at 5:54 PM
Subject: [Technical Errata Reported] RFC5280 (5997)
To: = <david.cooper= @nist.gov>, <stefans@microsoft.com>, <stephen.farrell@cs.tcd.ie>, <sharon.boeyen@e= ntrust.com>, <housley@vigilsec.com>, <wpolk@nist.gov>, <rdd@cert.org>, <kaduk@mit.edu>, <kent@bbn.com>, <stefan@aaa-sec.com>
Cc: &l= t;ryan-pkix@sleev= i.com>, <pkix= @ietf.org>, <rfc-editor@rfc-editor.org>


The followin= g errata report has been submitted for RFC5280,
"Internet X.509 Public Key Infrastructure Certificate and Certificate = Revocation List (CRL) Profile".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid5997

--------------------------------------
Type: Technical
Reported by: Ryan Sleevi <ryan-pkix@sleevi.com>

Section: 4.2.1.10

Original Text
-------------
DNS name restrictions are expressed as host.example.com.=C2=A0 Any DNS name that can be constructed by simply adding zero or more labels to
the left-hand side of the name satisfies the name constraint.=C2=A0

Corrected Text
--------------
The syntax of dNSName MUST be as described in Section 4.2.1.6.=C2=A0 Any DN= S
name that can be constructed by simply adding zero or more labels to
the left-hand side of the name satisfies the name constraint.=C2=A0

Notes
-----
Currently, the syntax for a dNSName nameConstraint is left implicit, and th= us has resulted in ambiguities in encoding and processing that have resulte= d in ineroperability issues.

One interpretation is that the dNSName nameConstraint must be a valid "= ;host name" (as discussed in RFC 8499), which is to say must be a Full= y-Qualified Domain Name in the preferred name syntax. This interpretation i= s supported by Section 4.2.1.6, which explicitly states that for the subjec= tAltName. As 4.2.1.10 does not define an exception to this (as discussed in= Appendix B), the interpretation, along with the existing example, would co= nclude that this field uses preferred name syntax, and that "DNS name&= quot; here matches the "host name" interpretation from RFC 8499
A different interpretation is that the dNSName nameConstraint uses the modi= fied syntax similar to the URI nameConstraint. That is, it explicitly permi= ts a leading period to indicate that one or more labels preceding is requir= ed in order to satisfy the constraint. This allows subdomains, but does not= allow the base domain to match. While the language for the DNS name constr= aint makes it clear that a host name with no preceding period matches both = that host and sub-domains, the existence of a preceding period would constr= aint it to only subdomains.

Aligning with Section 4.2.1.6 would prohibit the latter interpretation, as = the preferred name syntax does not permit leading periods. Alternatively, i= f the latter interpretation is intended, this section would benefit from ma= king that explicit.

This has been a source of interoperability issues, with additional informat= ion and discussion captured at:
- https://github.com/golang/go/issues/16347
- https://rt.openssl.org/Ticket/Display.html?id= =3D3562

While "running code" has aligned in being permissive with a leadi= ng period, implementations have gone and seemingly aligned on a third inter= pretation:

The syntax of a dNSName MUST be as described in Section 4.2.1.6, with the e= xception that it MAY contain a leading period. Any DNS name that can be con= structed by simply adding zero or more labels to the left-hand side of the = name, ignoring any leading period, satisfies the name constraint.

This seems to support implementations expecting the first interpretation in= the certificates they receive, and seeing leading period as an encoding mi= stake, not an explicit desire for the second interpretation.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, ple= ase
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party=C2=A0
can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC5280 (draft-ietf-pkix-rfc3280bis-11)
--------------------------------------
Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: Internet X.50= 9 Public Key Infrastructure Certificate and Certificate Revocation List (CR= L) Profile
Publication Date=C2=A0 =C2=A0 : May 2008
Author(s)=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: D. Cooper, S. Santesson= , S. Farrell, S. Boeyen, R. Housley, W. Polk
Category=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : PROPOSED STANDARD
Source=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : Public-Key Infrast= ructure (X.509)
Area=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : Security
Stream=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : IETF
Verifying Party=C2=A0 =C2=A0 =C2=A0: IESG
_______________________________________________
Spasm mailing list
Spasm@ietf.org
http= s://www.ietf.org/mailman/listinfo/spasm
--0000000000002fcf12059fa75634--