diff --git a/CI-Examples/busybox/README.md b/CI-Examples/busybox/README.md
index f599683b26..45fe94dddc 100644
--- a/CI-Examples/busybox/README.md
+++ b/CI-Examples/busybox/README.md
@@ -17,6 +17,12 @@ a working DCAP setup. Then build the example as follows:
 make SGX=1 RA_TYPE=dcap
 ```
 
+If you run in Microsoft Azure cloud with a Confidential Computing offerring and
+want to build the example for MAA attestation, build it as follows:
+```
+make SGX=1 RA_TYPE=maa
+```
+
 Otherwise, you will probably want to use EPID attestation. For this, you will
 additionally need to provide an SPID and specify whether it is set up for
 linkable quotes or not:
diff --git a/CI-Examples/python/README.md b/CI-Examples/python/README.md
index bcfb6c7bb8..b70602fe2c 100644
--- a/CI-Examples/python/README.md
+++ b/CI-Examples/python/README.md
@@ -30,6 +30,12 @@ a working DCAP setup. Then build the example as follows:
 make SGX=1 RA_TYPE=dcap
 ```
 
+If you run in Microsoft Azure cloud with a Confidential Computing offerring and
+want to build the example for MAA attestation, build it as follows:
+```
+make SGX=1 RA_TYPE=maa
+```
+
 Otherwise, you will probably want to use EPID attestation. For this, you will
 additionally need to provide an SPID and specify whether it is set up for
 linkable quotes or not:
diff --git a/CI-Examples/ra-tls-mbedtls/Makefile b/CI-Examples/ra-tls-mbedtls/Makefile
index 5cfa6f6154..801889e79d 100644
--- a/CI-Examples/ra-tls-mbedtls/Makefile
+++ b/CI-Examples/ra-tls-mbedtls/Makefile
@@ -27,6 +27,9 @@ epid: client_epid.manifest.sgx client_epid.sig client_epid.token
 .PHONY: dcap
 dcap: client_dcap.manifest.sgx client_dcap.sig client_dcap.token
 
+.PHONY: maa
+maa: client_maa.manifest.sgx client_maa.sig client_maa.token
+
 ############################# SSL DATA DEPENDENCY #############################
 
 # SSL data: key and x.509 self-signed certificate
@@ -127,6 +130,26 @@ sgx_sign_client_dcap: client_dcap.manifest client
 client_dcap.token: client_dcap.sig
 	gramine-sgx-get-token --output $@ --sig $<
 
+########################### CLIENT (MAA) MANIFEST #############################
+
+client_maa.manifest: client.manifest.template
+	gramine-manifest \
+		-Dlog_level=$(GRAMINE_LOG_LEVEL) \
+		-Darch_libdir=$(ARCH_LIBDIR) \
+		$< >$@
+
+client_maa.manifest.sgx client_maa.sig: sgx_sign_client_maa
+	@:
+
+.INTERMEDIATE: sgx_sign_client_maa
+sgx_sign_client_maa: client_maa.manifest client
+	gramine-sgx-sign \
+		--manifest $< \
+		--output $<.sgx
+
+client_maa.token: client_maa.sig
+	gramine-sgx-get-token --output $@ --sig $<
+
 ########################### CLIENT (EPID) MANIFEST ############################
 
 client_epid.manifest: client.manifest.template
@@ -189,6 +212,26 @@ check_dcap_fail: app dcap
 	./client dcap && exit 1 || echo "[ Success 1/1 ]"; \
 	kill -9 $$SERVER_ID
 
+.PHONY: check_maa
+check_maa: app maa
+	gramine-sgx server >/dev/null & SERVER_ID=$$!; \
+	sleep 30; \
+	./client maa > OUTPUT; \
+	./client maa 0 0 0 0 >> OUTPUT; \
+	kill -9 $$SERVER_ID
+	@grep -q "using default SGX-measurement verification callback" OUTPUT && echo "[ Success 1/4 ]"
+	@grep -q "using our own SGX-measurement verification callback" OUTPUT && echo "[ Success 2/4 ]"
+	@grep -q "Verifying peer X.509 certificate... ok" OUTPUT && echo "[ Success 3/4 ]"
+	@(exit `grep -c "failed" "OUTPUT"`) && echo "[ Success 4/4 ]"
+	@rm OUTPUT
+
+.PHONY: check_maa_fail
+check_maa_fail: app maa
+	gramine-sgx server --test-malicious-quote >/dev/null & SERVER_ID=$$!; \
+	sleep 30; \
+	./client maa && exit 1 || echo "[ Success 1/1 ]"; \
+	kill -9 $$SERVER_ID
+
 ################################## CLEANUP ####################################
 
 .PHONY: clean
diff --git a/CI-Examples/ra-tls-mbedtls/README.md b/CI-Examples/ra-tls-mbedtls/README.md
index d1b2b98982..cfd39005ec 100644
--- a/CI-Examples/ra-tls-mbedtls/README.md
+++ b/CI-Examples/ra-tls-mbedtls/README.md
@@ -11,13 +11,23 @@ verification callback to verify the server RA-TLS certificate via
 `ra_tls_verify_callback_der()`.
 
 This example uses the RA-TLS libraries `ra_tls_attest.so` for server and
-`ra_tls_verify_epid.so`/ `ra_tls_verify_dcap.so` for client. These libraries are
-installed together with Gramine (for DCAP version, you need `meson setup ...
--Ddcap=enabled`). For DCAP attestation, the DCAP software infrastructure must be
- installed and work correctly on the host.
+`ra_tls_verify_epid.so`/ `ra_tls_verify_dcap.so`/ `ra_tls_verify_maa.so` for
+client. These libraries are installed together with Gramine (for DCAP and MAA versions,
+you need `meson setup ... -Ddcap=enabled`).
+
+For DCAP attestation, the DCAP software infrastructure must be installed and
+work correctly on the host.
+
+For MAA attestation, the server must run on the Azure cloud, and the client must
+have internet access to the MAA attestation provider service.
 
 The current example works with both EPID (IAS) and ECDSA (DCAP) remote
-attestation schemes. For more documentation, refer to
+attestation schemes. The current example supports:
+- the IAS-based attestation scheme for EPID quotes,
+- the DCAP-based attestation scheme for DCAP quotes,
+- the MAA-based attestation scheme for DCAP quotes.
+
+For more documentation, refer to
 https://gramine.readthedocs.io/en/latest/attestation.html.
 
 ## RA-TLS server
@@ -33,10 +43,10 @@ This is useful for testing purposes.
 ## RA-TLS client
 
 The client is supposed to run on a trusted machine (*not* in an SGX enclave). If
-RA-TLS library `ra_tls_verify_epid.so` or `ra_tls_verify_dcap.so` is not
-requested by user via `epid` or `dcap` command-line arguments respectively, the
-client falls back to using normal X.509 PKI flows (specified as `native`
-command-line argument).
+RA-TLS library `ra_tls_verify_epid.so`, `ra_tls_verify_dcap.so` or
+`ra_tls_verify_maa.so` is not requested by user via `epid`, `dcap` or `maa`
+command-line arguments respectively, the client falls back to using normal X.509
+PKI flows (specified as `native` command-line argument).
 
 It is also possible to run the client in an SGX enclave. This will create a
 secure channel between two Gramine SGX processes, possibly running on different
@@ -59,7 +69,8 @@ Moreover, we set `RA_TLS_ALLOW_OUTDATED_TCB_INSECURE=1`, to allow performing
 the tests when some of Intel's security advisories haven't been addressed (for
 example, when the microcode or architectural enclaves aren't fully up-to-date).
 As the name of this setting suggests, this is not secure and likewise should not
-be used in production.
+be used in production. Note that this setting is irrelevant for the MAA
+attestation scheme because MAA always expects enclave TCB to be up-to-date.
 
 # Quick Start
 
@@ -125,6 +136,27 @@ RA_TLS_ISV_SVN=<ISV_SVN of the server enclave> \
 kill %%
 ```
 
+- RA-TLS flows with SGX and with Gramine, Microsoft Azure Attestation (MAA)
+  attestation:
+
+```sh
+make clean
+make app maa RA_TYPE=maa
+
+gramine-sgx ./server &
+
+RA_TLS_ALLOW_DEBUG_ENCLAVE_INSECURE=1 \
+RA_TLS_MAA_PROVIDER_URL="https://sharedcus.cus.attest.azure.net" \
+RA_TLS_MRENCLAVE=<MRENCLAVE of the server enclave> \
+RA_TLS_MRSIGNER=<MRSIGNER of the server enclave> \
+RA_TLS_ISV_PROD_ID=<ISV_PROD_ID of the server enclave> \
+RA_TLS_ISV_SVN=<ISV_SVN of the server enclave> \
+./client maa
+
+# client will successfully connect to the server via RA-TLS/MAA flows
+kill %%
+```
+
 - RA-TLS flows with SGX and with Gramine, client with its own verification callback:
 
 ```sh
diff --git a/CI-Examples/ra-tls-mbedtls/src/client.c b/CI-Examples/ra-tls-mbedtls/src/client.c
index 4d2f71ba87..9ae6a1744c 100644
--- a/CI-Examples/ra-tls-mbedtls/src/client.c
+++ b/CI-Examples/ra-tls-mbedtls/src/client.c
@@ -161,9 +161,9 @@ int main(int argc, char** argv) {
     mbedtls_x509_crt_init(&cacert);
     mbedtls_entropy_init(&entropy);
 
-    if (argc < 2 ||
-            (strcmp(argv[1], "native") && strcmp(argv[1], "epid") && strcmp(argv[1], "dcap"))) {
-        mbedtls_printf("USAGE: %s native|epid|dcap [SGX measurements]\n", argv[0]);
+    if (argc < 2 || (strcmp(argv[1], "native") && strcmp(argv[1], "epid") &&
+                strcmp(argv[1], "dcap") && strcmp(argv[1], "maa"))) {
+        mbedtls_printf("USAGE: %s native|epid|dcap|maa [SGX measurements]\n", argv[0]);
         return 1;
     }
 
@@ -171,7 +171,8 @@ int main(int argc, char** argv) {
         ra_tls_verify_lib = dlopen("libra_tls_verify_epid.so", RTLD_LAZY);
         if (!ra_tls_verify_lib) {
             mbedtls_printf("%s\n", dlerror());
-            mbedtls_printf("User requested RA-TLS verification with EPID but cannot find lib\n");
+            mbedtls_printf("User requested RA-TLS verification with EPID but cannot find lib "
+                           "libra_tls_verify_epid.so\n");
             if (in_sgx) {
                 mbedtls_printf("Please make sure that you are using client_epid.manifest\n");
             }
@@ -186,7 +187,8 @@ int main(int argc, char** argv) {
             ra_tls_verify_lib = dlopen("libra_tls_verify_dcap_gramine.so", RTLD_LAZY);
             if (!ra_tls_verify_lib) {
                 mbedtls_printf("%s\n", dlerror());
-                mbedtls_printf("User requested RA-TLS verification with DCAP inside SGX but cannot find lib\n");
+                mbedtls_printf("User requested RA-TLS verification with DCAP inside SGX but cannot "
+                               "find lib libra_tls_verify_dcap_gramine.so\n");
                 mbedtls_printf("Please make sure that you are using client_dcap.manifest\n");
                 return 1;
             }
@@ -194,18 +196,35 @@ int main(int argc, char** argv) {
             void* helper_sgx_urts_lib = dlopen("libsgx_urts.so", RTLD_NOW | RTLD_GLOBAL);
             if (!helper_sgx_urts_lib) {
                 mbedtls_printf("%s\n", dlerror());
-                mbedtls_printf("User requested RA-TLS verification with DCAP but cannot find helper"
-                               " libsgx_urts.so lib\n");
+                mbedtls_printf("User requested RA-TLS verification with DCAP but cannot find "
+                               "helper libsgx_urts.so lib\n");
                 return 1;
             }
 
             ra_tls_verify_lib = dlopen("libra_tls_verify_dcap.so", RTLD_LAZY);
             if (!ra_tls_verify_lib) {
                 mbedtls_printf("%s\n", dlerror());
-                mbedtls_printf("User requested RA-TLS verification with DCAP but cannot find lib\n");
+                mbedtls_printf("User requested RA-TLS verification with DCAP but cannot find lib "
+                               "libra_tls_verify_dcap.so\n");
                 return 1;
             }
         }
+    } else if (!strcmp(argv[1], "maa")) {
+        void* helper_sgx_urts_lib = dlopen("libsgx_urts.so", RTLD_NOW | RTLD_GLOBAL);
+        if (!helper_sgx_urts_lib) {
+            mbedtls_printf("%s\n", dlerror());
+            mbedtls_printf("User requested RA-TLS verification with MAA but cannot find helper "
+                           "libsgx_urts.so lib\n");
+            return 1;
+        }
+
+        ra_tls_verify_lib = dlopen("libra_tls_verify_maa.so", RTLD_LAZY);
+        if (!ra_tls_verify_lib) {
+            mbedtls_printf("%s\n", dlerror());
+            mbedtls_printf("User requested RA-TLS verification with MAA but cannot find lib "
+                           "libra_tls_verify_maa.so\n");
+            return 1;
+        }
     }
 
     if (ra_tls_verify_lib) {
@@ -215,7 +234,8 @@ int main(int argc, char** argv) {
             return 1;
         }
 
-        ra_tls_set_measurement_callback_f = dlsym(ra_tls_verify_lib, "ra_tls_set_measurement_callback");
+        ra_tls_set_measurement_callback_f = dlsym(ra_tls_verify_lib,
+                                                  "ra_tls_set_measurement_callback");
         if ((error = dlerror()) != NULL) {
             mbedtls_printf("%s\n", error);
             return 1;
diff --git a/CI-Examples/ra-tls-mbedtls/src/server.c b/CI-Examples/ra-tls-mbedtls/src/server.c
index d5c63ae87c..cb1095f2a2 100644
--- a/CI-Examples/ra-tls-mbedtls/src/server.c
+++ b/CI-Examples/ra-tls-mbedtls/src/server.c
@@ -118,7 +118,8 @@ int main(int argc, char** argv) {
     if (ret == -ENOENT || !strcmp(attestation_type_str, "none")) {
         ra_tls_attest_lib = NULL;
         ra_tls_create_key_and_crt_der_f = NULL;
-    } else if (!strcmp(attestation_type_str, "epid") || !strcmp(attestation_type_str, "dcap")) {
+    } else if (!strcmp(attestation_type_str, "epid") || !strcmp(attestation_type_str, "dcap")
+                    || !strcmp(attestation_type_str, "maa")) {
         ra_tls_attest_lib = dlopen("libra_tls_attest.so", RTLD_LAZY);
         if (!ra_tls_attest_lib) {
             mbedtls_printf("User requested RA-TLS attestation but cannot find lib\n");
diff --git a/CI-Examples/ra-tls-secret-prov/.gitignore b/CI-Examples/ra-tls-secret-prov/.gitignore
index cc4e300d31..a93d19078b 100644
--- a/CI-Examples/ra-tls-secret-prov/.gitignore
+++ b/CI-Examples/ra-tls-secret-prov/.gitignore
@@ -2,12 +2,15 @@
 /secret_prov/client
 /secret_prov/server_epid
 /secret_prov/server_dcap
+/secret_prov/server_maa
 /secret_prov_minimal/client
 /secret_prov_minimal/server_epid
 /secret_prov_minimal/server_dcap
+/secret_prov_minimal/server_maa
 /secret_prov_pf/client
 /secret_prov_pf/server_epid
 /secret_prov_pf/server_dcap
+/secret_prov_pf/server_maa
 /secret_prov_pf/wrap_key
 /secret_prov_pf/enc_files/input.txt
 
diff --git a/CI-Examples/ra-tls-secret-prov/Makefile b/CI-Examples/ra-tls-secret-prov/Makefile
index 8bd8a3f318..f59c05f67a 100644
--- a/CI-Examples/ra-tls-secret-prov/Makefile
+++ b/CI-Examples/ra-tls-secret-prov/Makefile
@@ -36,6 +36,10 @@ epid: ssl/server.crt secret_prov_minimal/server_epid secret_prov/server_epid sec
 dcap: ssl/server.crt secret_prov_minimal/server_dcap secret_prov/server_dcap secret_prov_pf/server_dcap \
       secret_prov_pf/wrap_key secret_prov_pf/enc_files/input.txt
 
+.PHONY: maa
+maa: ssl/server.crt secret_prov_minimal/server_maa secret_prov/server_maa secret_prov_pf/server_maa \
+     secret_prov_pf/wrap_key secret_prov_pf/enc_files/input.txt
+
 ############################# SSL DATA DEPENDENCY #############################
 
 # SSL data: key and x.509 self-signed certificate
@@ -65,6 +69,9 @@ LDFLAGS += -Wl,--enable-new-dtags $(shell pkg-config --libs sgx_util)
 %/server_dcap: %/server.c
 	$(CC) $< $(CFLAGS) $(LDFLAGS) -Wl,--no-as-needed -lsgx_urts -lsecret_prov_verify_dcap -pthread -o $@
 
+%/server_maa: %/server.c
+	$(CC) $< $(CFLAGS) $(LDFLAGS) -lsecret_prov_verify_maa -pthread -o $@
+
 secret_prov/client: secret_prov/client.c
 	$(CC) $< $(CFLAGS) $(LDFLAGS) -lsecret_prov_attest -o $@
 
@@ -227,6 +234,35 @@ check_dcap: app dcap
 
 	@rm OUTPUT
 
+.PHONY: check_maa
+check_maa: app maa
+	# secret_prov_minimal
+	cd secret_prov_minimal; \
+	./server_maa >/dev/null & SERVER_ID=$$!; \
+	../../../scripts/wait_for_server 60 127.0.0.1 4433; \
+	gramine-sgx client > ../OUTPUT; \
+	kill -9 $$SERVER_ID;
+	@grep -E "Received secret = 'A_SIMPLE_SECRET'" OUTPUT && echo "[ Success 1/4 ]"
+
+	# secret_prov
+	cd secret_prov; \
+	./server_maa >/dev/null & SERVER_ID=$$!; \
+	../../../scripts/wait_for_server 60 127.0.0.1 4433; \
+	gramine-sgx client > ../OUTPUT; \
+	kill -9 $$SERVER_ID;
+	@grep -E "Received secret1 = 'FIRST_SECRET', secret2 = '42'" OUTPUT && echo "[ Success 2/4 ]"
+
+	# secret_prov_pf
+	cd secret_prov_pf; \
+	./server_maa wrap_key >/dev/null & SERVER_ID=$$!; \
+	../../../scripts/wait_for_server 60 127.0.0.1 4433; \
+	gramine-sgx client > ../OUTPUT; \
+	kill -9 $$SERVER_ID;
+	@grep -E "\[parent\] Read from protected file: 'helloworld'" OUTPUT && echo "[ Success 3/4 ]"
+	@grep -E "\[child\] Read from protected file: 'helloworld'" OUTPUT && echo "[ Success 4/4 ]"
+
+	@rm OUTPUT
+
 ################################## CLEANUP ####################################
 
 .PHONY: clean
diff --git a/CI-Examples/ra-tls-secret-prov/README.md b/CI-Examples/ra-tls-secret-prov/README.md
index 16b4dd4cad..6deed06e85 100644
--- a/CI-Examples/ra-tls-secret-prov/README.md
+++ b/CI-Examples/ra-tls-secret-prov/README.md
@@ -5,13 +5,24 @@ examples of servers and clients written against the Secret Provisioning
 library.
 
 These examples use the Secret Provisioning library `secret_prov_attest.so` for
-the clients and `secret_prov_verify_epid.so`/`secret_prov_verify_dcap.so` for
-the servers. These libraries are installed together with Gramine (but for DCAP
-version, you need `meson setup ... -Ddcap=enabled`). For DCAP attestation, the
-DCAP software infrastructure must be installed and work correctly on the host.
+the clients and `secret_prov_verify_epid.so` / `secret_prov_verify_dcap.so` /
+`secret_prov_verify_maa.so` for the servers. These libraries are installed
+together with Gramine (but for DCAP and MAA versions, you need `meson setup ...
+-Ddcap=enabled`).
+
+For DCAP attestation, the DCAP software infrastructure must be installed and
+work correctly on the host.
+
+For MAA attestation, the server must run on the Azure cloud, and the client must
+have internet access to the MAA attestation provider service.
 
 The current example works with both EPID (IAS) and ECDSA (DCAP) remote
-attestation schemes. For more documentation, refer to
+attestation schemes. The current example supports:
+- the IAS-based attestation scheme for EPID quotes,
+- the DCAP-based attestation scheme for DCAP quotes,
+- the MAA-based attestation scheme for DCAP quotes.
+
+For more documentation, refer to
 https://gramine.readthedocs.io/en/latest/attestation.html.
 
 ## Secret Provisioning servers
@@ -33,19 +44,20 @@ verify the client's RA-TLS certificate and the embedded SGX quote and, if
 verification succeeds, sends secrets back to the client (e.g. the master key
 for encrypted files in `secret_prov_pf` example).
 
-There are two versions of each server: the EPID one and the DCAP one. Each of
-them links against the corresponding EPID/DCAP secret-provisioning library at
-build time.
+There are three versions of each server: EPID, DCAP and MAA. Each of them links
+against the corresponding EPID/DCAP/MAA secret-provisioning library at build
+time.
 
-Because this example builds and uses debug SGX enclaves (`sgx.debug` is set
-to `true`), we use environment variable `RA_TLS_ALLOW_DEBUG_ENCLAVE_INSECURE=1`.
+Because this example builds and uses debug SGX enclaves (`sgx.debug` is set to
+`true`), we use environment variable `RA_TLS_ALLOW_DEBUG_ENCLAVE_INSECURE=1`.
 Note that in production environments, you must *not* use this option!
 
 Moreover, we set `RA_TLS_ALLOW_OUTDATED_TCB_INSECURE=1`, to allow performing
 the tests when some of Intel's security advisories haven't been addressed (for
 example, when the microcode or architectural enclaves aren't fully up-to-date).
 As the name of this setting suggests, this is not secure and likewise should not
-be used in production.
+be used in production. Note that this setting is irrelevant for the MAA
+attestation scheme because MAA always expects enclave TCB to be up-to-date.
 
 ## Secret Provisioning clients
 
@@ -109,3 +121,19 @@ gramine-sgx ./client
 
 kill %%
 ```
+
+- Secret Provisioning flows, Microsoft Azure Attestation (MAA) attestation:
+
+```sh
+make app maa RA_TYPE=maa
+
+# test encrypted files client (other examples can be tested similarly)
+cd secret_prov_pf
+RA_TLS_ALLOW_DEBUG_ENCLAVE_INSECURE=1 \
+RA_TLS_MAA_PROVIDER_URL="https://sharedcus.cus.attest.azure.net" \
+./server_maa wrap_key &
+
+gramine-sgx ./client
+
+kill %%
+```
diff --git a/Documentation/attestation.rst b/Documentation/attestation.rst
index 8b5441bbf5..9155a23ece 100644
--- a/Documentation/attestation.rst
+++ b/Documentation/attestation.rst
@@ -27,7 +27,8 @@ Gramine provides support for all three levels of attestation flows:
    application via ``/dev/attestation`` pseudo-filesystem. SGX local attestation
    in Gramine relies on the ``EREPORT`` hardware instruction. SGX remote
    attestation uses the Intel SGX PSW's AESM service and the Intel IAS service
-   (for EPID flows) or DCAP libraries (for ECDSA/DCAP flows) under the hood.
+   (for EPID flows), DCAP libraries (for ECDSA/DCAP flows) or MAA attestation
+   provier service (for MAA flows) under the hood.
 
 #. :term:`Secure Channel` is constructed using the RA-TLS libraries.
    :term:`RA-TLS` uses raw ``/dev/attestation`` pseudo-files under the hood.
@@ -47,18 +48,20 @@ micro-services in the public cloud. Please refer to :ref:`third_party_solutions`
 for specific examples.
 
 
-Remote Attestation flows for EPID and DCAP
-------------------------------------------
+Remote Attestation flows for EPID, DCAP and MAA
+-----------------------------------------------
 
-Remote attestation in Intel SGX comes in two flavours: :term:`EPID` and
-:term:`DCAP`. The former is used in client machines whereas the latter is used
-in data center environments. The details of these flows will be described in the
-following sections. Here we give a high-level description of both of these
-remote attestation schemes.
+Remote attestation in Intel SGX comes in the form of three attestation schemes:
+:term:`EPID`, :term:`DCAP` and :term:`MAA`.
+
+The EPID scheme is used in client machines. The DCAP scheme is used in data
+center environments. The MAA scheme is used in the Microsoft Azure public cloud.
+The details of these flows will be described in the following sections. Here we
+give a high-level description of these remote attestation schemes.
 
 .. image:: ./img/epid.svg
    :target: ./img/epid.svg
-   :alt: Figure: EPID based remote attestation in Intel SGX
+   :alt: Figure: EPID remote attestation scheme in Intel SGX
 
 The diagram above shows EPID based remote attestation. The user application runs
 in an SGX enclave on a remote untusted machine, whereas the end user waits for
@@ -90,7 +93,7 @@ untrusted machine and start sending inputs/receiving enclave outputs.
 
 .. image:: ./img/dcap.svg
    :target: ./img/dcap.svg
-   :alt: Figure: DCAP based remote attestation in Intel SGX
+   :alt: Figure: DCAP remote attestation scheme in Intel SGX
 
 The diagram above shows DCAP based remote attestation. The DCAP flows are very
 similar to EPID flows, but rather than using the EPID keys and consulting the
@@ -109,6 +112,23 @@ local machine (preliminary step 0). When the SGX quote arrives, the user
 compares the certificates embedded in the quote against these cached
 certificates (step 9).
 
+.. image:: ./img/maa.svg
+   :target: ./img/maa.svg
+   :alt: Figure: MAA remote attestation scheme in Intel SGX
+
+The diagram above shows MAA based remote attestation. The MAA flows are very
+similar to EPID flows, but rather than communicating the Intel Attestation
+Service, the MAA flows instead communicate with the MAA attestation provider
+service.
+
+MAA attestation uses DCAP-formatted SGX quotes, so the steps 1-8 retrieve the
+SGX quote similarly to the DCAP attestation. However, then the step 9 forwards
+the SGX quote to the MAA attestation provider (in a so-called Attestation
+request), and the MAA attestation provider replies with the Attestation
+response. The attestation response embeds the JSON Web Token (JWT) that
+contains a set of claims about the SGX quote. The remote user can verify the
+enclave measurements contained in the JWT claims against the expected values.
+
 
 Low-level ``/dev/attestation`` interface
 ----------------------------------------
@@ -120,7 +140,7 @@ below pseudo-files:
 
 - ``/dev/attestation/attestation_type`` pseudo-file can be opened for read and
   contains the name of the attestation scheme used (currently one of ``none``,
-  ``epid`` and ``dcap``).
+  ``epid``, ``dcap`` or ``maa``).
 
 - ``/dev/attestation/user_report_data`` pseudo-file can be opened for read or
   write access. Typically, it is opened and written into before opening and
@@ -186,7 +206,7 @@ remote attestation flow may look like in your application::
 
 The remote user should receive this attestation quote and verify it. In case of
 Intel SGX, this verification flow depends on whether the SGX remote attestation
-is EPID based or DCAP/ECDSA based:
+scheme is EPID, DCAP or MAA:
 
 - :term:`EPID` based quote verification is done with the help of the Intel
   Attestation Service (:term:`IAS`). In particular, the remote user should
@@ -201,12 +221,23 @@ is EPID based or DCAP/ECDSA based:
   :term:`Intel Provisioning Certification Service`, caching these certificates
   in the Provisioning Certificate Caching Service, etc.).
 
+- :term:`MAA` based quote verification is done with the help of the Microsoft
+  Azure Attestation (MAA) provider. In particular, the remote user should
+  forward the received SGX quote to the well-known MAA REST endpoint via a
+  secure internet connection and get the MAA attestation response (that embeds
+  the JSON Web Token, or JWT) back. The user then should verify the signature of
+  the JWT (using a JWK obtained from the MAA provider separately) and examine
+  the contents of the JWT and decide whether to trust the remote SGX enclave or
+  not.
+
 Gramine does *not* provide any pseudo-files under ``/dev/attestation`` for
 verification of the attestation quote. Instead, the remote user is encouraged to
 use the :program:`quote_dump`, :program:`ias_request` and
-:program:`verify_ias_report` tools shipped together with Gramine (for
-EPID based quote verification) or to use the Intel DCAP libraries and tools (for
-DCAP based quote verification).
+:program:`verify_ias_report` tools shipped together with Gramine (for the EPID
+attestation scheme) or to use the Intel DCAP libraries and tools (for the DCAP
+attestation scheme). Gramine provides the RA-TLS and Secret Provisioning
+libraries for the MAA attestation scheme; no separate tools are currently
+provided.
 
 The ``/dev/attestation`` pseudo-filesystem also exposes pseudo-files to set the
 encryption keys (see also :doc:`manifest-syntax`):
@@ -226,6 +257,7 @@ encryption keys (see also :doc:`manifest-syntax`):
    32-character hex value, and the new files
    (``/dev/attestation/keys/<key_name>``) use a 16-byte raw binary value.
 
+
 Mid-level RA-TLS interface
 --------------------------
 
@@ -264,8 +296,13 @@ Also, notice how the SGX report's REPORTDATA field contains the secure hash of
 the ephemeral public key generated by the enclavized application -- this is how
 this RA-TLS certificate is tied to the enclavized application that generated it.
 
-RA-TLS is shipped as three libraries: ``ra_tls_attest.so``, EPID based
-``ra_tls_verify_epid.so`` and DCAP/ECDSA based ``ra_tls_verify_dcap.so``.
+RA-TLS is shipped as four libraries:
+
+- ``ra_tls_attest.so`` for the attesting side,
+- three versions of the verification library for the verifying side: EPID based
+  ``ra_tls_verify_epid.so``, DCAP based ``ra_tls_verify_dcap.so`` and MAA based
+  ``ra_tls_verify_maa.so``.
+
 The interfaces exposed by these libraries can be found in the following header:
 :file:`tools/sgx/ra-tls/ra_tls.h`.
 
@@ -286,10 +323,14 @@ attestation:
 - ``sgx.ra_client_spid`` -- client SPID for EPID remote attestation.
 - ``sgx.ra_client_linkable`` -- client linkable/unlinkable attestation mode.
 
-For DCAP/ECDSA based attestation, the library expects instead:
+For DCAP based attestation, the library expects instead:
 
 - ``sgx.remote_attestation = "dcap"`` -- DCAP remote attestation is enabled.
 
+For MAA based attestation, the library expects instead:
+
+- ``sgx.remote_attestation = "maa"`` -- MAA remote attestation is enabled.
+
 The library uses the following environment variables if available:
 
 - ``RA_TLS_CERT_TIMESTAMP_NOT_BEFORE`` -- the generated RA-TLS certificate uses
@@ -364,7 +405,7 @@ The library uses the following EPID-specific environment variables if available:
 
 Similarly to ``ra_tls_verify_epid.so``, this library contains the verification
 callback that should be registered with the TLS library during verification of
-the TLS certificate. Verifies the RA-TLS certificate and the SGX quote by
+the TLS certificate. It verifies the RA-TLS certificate and the SGX quote by
 forwarding it to DCAP verification library (``libsgx_dcap_quoteverify.so``) and
 checking the result. This library is *not* thread-safe.
 
@@ -377,6 +418,29 @@ SGX measurements may be verified via a user-specified callback registered via
 The library expects all the DCAP infrastructure to be installed and working
 correctly on the host.
 
+``ra_tls_verify_maa.so``
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Similarly to ``ra_tls_verify_epid.so``, this library contains the verification
+callback that should be registered with the TLS library during verification of
+the TLS certificate. It verifies the RA-TLS certificate and the SGX quote by
+sending it to the Microsoft Azure Attestation (MAA) provider and retrieving the
+attestation response (the JWT) from it. This library is *not* thread-safe.
+
+The library uses the same SGX-specific environment variables as
+``ra_tls_verify_epid.so`` and ignores the EPID-specific environment variables.
+Similarly to the EPID version, instead of using environment variables, the four
+SGX measurements may be verified via a user-specified callback registered via
+``ra_tls_set_measurement_callback()``.
+
+The library uses the following MAA-specific environment variables if available:
+
+- ``RA_TLS_MAA_PROVIDER_URL`` (mandatory) -- URL for MAA provider's REST API
+  endpoints.
+- ``RA_TLS_MAA_PROVIDER_API_VERSION`` (optional) -- version of the MAA
+  provider's REST API ``attest/`` endpoint. If not specified, the default
+  hard-coded version ``2022-08-01`` is used.
+
 
 High-level Secret Provisioning interface
 ----------------------------------------
@@ -409,13 +473,17 @@ The established TLS channel may be either closed after provisioning these
 initial secrets or may be further used by both parties for continued secure
 communication.
 
-Secret Provisioning is shipped as three libraries: ``secret_prov_attest.so``,
-EPID based ``secret_prov_verify_epid.so`` and DCAP/ECDSA based
-``secret_prov_verify_dcap.so``.
+Secret Provisioning is shipped as four libraries:
+
+- ``secret_prov_attest.so`` for the attesting side,
+- three versions of the verification library for the verifying side: EPID based
+  ``secret_prov_verify_epid.so``, DCAP based ``secret_prov_verify_dcap.so`` and
+  MAA based ``secret_prov_verify_maa.so``.
 
-The examples of using RA-TLS can be found under ``CI-Examples/ra-tls-secret-prov``.
-The examples include minimalistic provisioning of constant-string secrets as
-well as provisioning of an encryption key and its later use for encrypted files.
+The examples of using the Secret Provisioning library can be found under
+``CI-Examples/ra-tls-secret-prov``. The examples include minimalistic
+provisioning of constant-string secrets as well as provisioning of an encryption
+key and its later use for encrypted files.
 
 ``secret_prov_attest.so``
 ^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -510,6 +578,17 @@ The library uses the same SGX-specific environment variables as
 variables. The library expects all the DCAP infrastructure to be installed and
 working correctly on the host.
 
+``secret_prov_verify_maa.so``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Similarly to ``secret_prov_verify_epid.so``, this library is used in
+secret-provisioning services. The only difference is that this library uses
+MAA based RA-TLS flows underneath.
+
+The library uses the same SGX-specific environment variables as
+``secret_prov_verify_epid.so``, ignores the EPID-specific environment
+variables and expects instead the MAA-specific environment variables.
+
 
 .. _third_party_solutions:
 
diff --git a/Documentation/img/maa.svg b/Documentation/img/maa.svg
new file mode 100644
index 0000000000..a15c12adff
--- /dev/null
+++ b/Documentation/img/maa.svg
@@ -0,0 +1 @@
+<svg width="4175" height="2155" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" overflow="hidden"><defs><clipPath id="clip0"><rect x="44" y="-1" width="4175" height="2155"/></clipPath><clipPath id="clip1"><rect x="-2770.82" y="-0.454545" width="845127" height="795251"/></clipPath><image width="373" height="355" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAXUAAAFjCAYAAADCcptOAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAO+xSURBVHhe7P13dxTHFv6P/l7DXev+ed/Avd/vMUlZZDDO4Tie4+NwnCNIkySRMzbGgDE5J6GcRzkLSeQgkQWIjMhBOcB57rOrezRBM0LCQhZW77We1d013T0dqj69a3d11f9jmGGGGWaYYYYZZphhhhlmmGGGGWaYYYYZZphhhhlmmGGGGWaYYYYZZphhhhlmmGGGGWaYYYYZZphhhhlmmGGGGWaYYYYZZphhhhlmmGGGGWaYYYYZZphhhhlmmGGGGWaYYYYZZphhhhlmmGGGGdaP1t7ent3W1oHWZ6z29kdoa3v0b/1vB5w9fvx4sRyjt2Pva3V0PAL/b5H+1wPOeJ8+bnuW16Jdm7Zxymueqf+tYYYZ9mft4tUbORvj8/DN7K34IGoH3p26C+9MjfVQjC5t+Z9RMXg7chfejuiqfzL9Hf7uuu17U6Px0YwtmLsuGdU1l/Cgofkj/e8HlOXtPrr41w3p+CRyAz6M2oZ3o3iuUxN1xbuck7vkenRek8hoaievww68o6aSFoe3Irg99QF//2rODqyNL0TloTMDEur37j385PCJc5izOgGfzdiIf8/Yjven8zynJeBtXou3eS3e5n39Z9RO3usdavrPKN57/Tq4SrsmTr3F9d6eyes2m/mCeeKHX7YjPrcSdTfvGWA3zLC+sJoLV3OWbM7AP21bMdqUiBCzHSGWLDcFWzIRbM50SZN51+XulIlQcwrGhm3FFwt2IGfPMZy/fHtAQj2j6PDiGX+k49UpmzExPA5jwtMQYuL5m7M7z8Wb5PoE8boFmTKUAk3p3Cadv9n5WxZ/y+VyHkK5r1FhiXjZshPzN+cit/LEgIT6HUK9/EgNvvs5BuMnb8TosBhehzQEW7MRZMulchBk5XWx8hytvEaWDJ6nnKt2LTrFPOOpAF4bP3MSt4/DaPNWvD9zKzamluJS3W0D6oYZ1hd2+vzVnJ83ZeEtemEhLKzDbUVUSRcNsxV7SSvtqohSj/WK4W/LwyhrIiavsGPBtrwBG35JKzq6eOrKTLwYthOjw1MRbMqDv7kEIyw8LyvPt4uKO+V5znK9tHXKMNRazmk591OCIEsuJk1Nw5xtpcjee2rAQn330Vp8+1sawRuLgPB0DDcX8Jx4LhG7MYT3eQjPeai1iGmFnBZiiKWoi4ZaZJ0SD3F95rMRNj74rKy9zInH+rRKXKy7Y0DdMMP6ws5crMv5eWseXmW1OpBe2AiBMgtuV5V1TbN1lRR8Vw0nAPz4oBBP7vvf8zF3W8mAhXpSSfVi26pcjDUlEL7ZPO5iwofnQDB7O9fh6vz03zyvjVwv/ibb+1l3Y4RA3VoKf0s+Jk7NwLwd5cjdf3ZAQ/2bxRl8uKUg0FzEB5L2YJIH93DCebh6mJUS0rznIp6nt3vvvEZOSR7z48MgkHnijZmpWJO2n1A3wi+GGdYndubijZyft+UT6lIlziOESlnoCCEPaYWxa7qnPAuwFOwRBECQOQvfLi/CrM27BzzUx5gTEUCPWq6FAjahPoJTb+frTQ6wyzZ+3Naf0PMnEGU+wCpQtw9oqN8UqB85r0M9jVCXe7iH16FCPZj86KHLPdVqIRW8RnxguZx/53XwkWf8eF38+WAItObg9Zl2rEk/hIs37htQN8ywvjAN6gXPGOpFhHomoV44SKGugd0J9efAUzegbphhz6c5PfVEFjIBmcSEPcGswdl7urukSu6uEgKAVW2znVAvGPBQtxLq8sI4wCJxXwkz8LxEXs61O0n4QQu9aFD3sxBoFgm/5GFCVAbmPg9Q/yUdo8JSEWCS9wqVCup+PCd/WzGnkk8k7FLBe+ztYS7qmmfUNRHxoRBgycZrMzMMqBtmWF9af3nqgaZMfLNs4EPd8NS9e+p+9NRH2Crhz/MKjChBQITkk3KeJ2FveOqGGTZwrN88dZMdXy/LJ9QH9otSw1N/sqceoFo0GZ66YYYNSBOoL9qaj1eikgj1P++pd5UU4mIEWeRF6UCPqR9fbFudR089SUFdmieKty3w8n5u3tXVU3e+KA20FeDFafbnA+pdYuqVCsju4ZdeeupyLdX1MDx1wwx7JtZvUFetX54/qKvwy5+GujP8Emg1oO4G9VmEesZhA+qGGdZX5oR6IgJVHFkKq3uVWVPPwi9dpbVT11q/PB8xdQm/+FuyeezyUZG3c3qyfIVfHDH15y38MtxSiWEW761fehN+EY2Q6+EIv8zKMKBumGF9aUb4xWlG+EUzw1M3zLDn2Izwi9OcUNdelBrhlydBXWokvWynbkDdMMOerblDvXfhFwkveKZ5StYRCAQ/R1+U9kf45blo0thd+MUm/b6UYighPUw9+LxdB+/hF+k2QUGd1/h1I/ximGF9awL1n7cW4tWpKQiy5bOw9sxTl7bGqk8TKdDyOzXMQw5vNYAgCDHn4LvlxYM+/PI8dBPg21OXJo0lfEgXwC+igOdYzPtMULucu9t18MgzDvnTsw9gPgsyPHXDDOt70zz1p4O6CikI9OR3SsE8UpeeJmALpFf23EB91bMNv/g/jx8fsYbhBnUCXYM6vfWngjof9NxPED31Nwj1tRlHCPUHBtQNM6wvTIN6AV6NStFj6j0Lv6gWDBZtKqEG0VARC7mSnibrBgjUTdn4btlAh/qzD788lx8fmR3hl3Leb4mny8M/n+co3eiWdt7nrvIestOuSTFrAFkq/LLW8NQNM6zvrBPqz9RTN8Ivz3X4pS89dXVN5HpoMXXDUzfMsD62/oH6cxR+eSZQ18CuzQ/y8ItcS9bw/CxaO/XXZxtQN8ywPjUH1F8xwi+d4RcVU7cK1CX8IiBynndPZYRfRN5bv0ie8SfUtfCLAXXDDOtT648XpQL1YEL922UDvEljkdah1xhLkhoFSr0o1c/B9dyfJMf1cHrqz1f45eadh5+UHT6Pr12grnXoxXP4s546peUdPfxieOqGGda3JlB/2iaNvYf6APfUvUGdx//noa6B/XkJv8jIR2X01A2oG2bYc2gK6tsK8drU5GcYfil+PsIvOtRHd4ZfHFB3nndP9fyHX87h65/TMHJKCvxNxRhursAwOQcj/GKYYQPbHFBXnjq9yGf3opRQVy9KK43wixF+MTx1wwx7VvbsoS79nZQglFD/nlCfu+35gbpWa5FzcJ53T+S4Ht7CL88F1I3wi2GGPb/mhPpThF8IKumcyZGmwjCqkDvW4wNCIGArQrAlE9/9XkSoPz+tXxxQd5xfb+Qr/PL8tFOvxTe/ZBDqaS59vzhavxTw3Ap4jkVPH36Rj4+kSaPx8ZFhhvWtaVDvfTt15b1K73xK+jpKsp7sQ0QPL0IgUIggs30Qj1HqDL+oXhoJ9YEcU5fwy+7D0qTRjtHh6V76fimkp17IcyzRamQ+rk2XPCOSddX1oKdu9P1imGF9b06oJxPqveh6VwqnB9Q1+YC6xf7cDJJhQN0V6hkuUJeud0sNqBtm2EA2A+pOM6CumQF1wwx7jq3/oC7D2Q30QTKeFdQ1sMt8AKEuMfUBDfXOL0pdoG7pS6jL9Sg2oG6YYc/CNKjnE+q9HCSDBXM4QaXJJV2tJ/sQFVNFBEHB8+Gpu7ZTt+gvStV5up5fz+TzRaklHxOfi3bq8qLUjlFh6R6DZJTwnBwvSou17xF8Xh+PPKNLe8lujFFqmGHPxM5crMuRkY/6J/wywD11Hx8f+fJEfam78IvW+mVgQ/3Zh18MT90ww56ZuUP9z7V+0eQN6vTUzc8P1J9lNwEOqA/0dupa+CVTQT2YtQx/6z6eTx9AndLaqUuTRgPqhhnW59YJ9ajetVPvdfhFQf05Cr+4eOp93U3A89H1rjP8EmSW89jL+1yh8sefCb9oDzrK0fWuAXXDDOtb6x9P/fkKvwz2bgI6u95d7OKp256Np64NkmFA3TDD+sz6DerPYfhFvFLtPF3P78l6cvhFoF4xeKEuDznp0MuAumGG9b2p1i9PMUZp78MvGc9H+GWl1qRRXuLJJ/ESQvmz4RdNBJqVQHxuoK6HX8LTWcsq5T3cw/OS8IvMF3JayHMsUT1y9qabAO1Bp0PdLFDPNKBumGF9aRrUC12g3htP3UWdv8l6Dk9d89Y1qKcR6jmEeuEAhvpRQj0HY80JCLZmE8BF9EoFYhqM3M6/G7l76hJqkPlydQ0lHj1haibmDmCoax16ncPXi9MwyiRNXQnxCB6/SOUDPuyoYby/Q107b/NQlzwjUkAvVy1qQsx5eGNmNtamGx16GWZYn5kG9WJCPY2F1z384hdZ3jnvtYD2SGUIoFcXak7BD8sJs815AxrqEYT6eEI9REG9kFCXh9LTQd3RckZiyBrUZb4I46dlYc5zAfUUQj2O9y+b5yMQ171twny4AJ3nOIR5pDdQl4dcgGU3H5q7mScK8KYBdcMM61vTPj4i1Kemdgm/OAqmpq5V6Z5IHhISgw0m1L9dnkVPfSBDXWLq2sDTKvzCa6HBSM7D+/n5kiMkoUIwAnVCTMJUfnxQDHRPXQu/aFAfSaj78wHngLp2XqWclmII51/g9XEdEMVd3sIvWjgqkNc2mPnt9ZlZWGNA3TDD+s4E6osI9VemPjtP3c9WjABrOr76PQfTtw3c8EtC0fHFllX5GGVJ5oMoT8FqaEQFYVbh1RP1pU5PXZaVd16uJB/ddHYTsH1gt1PXPPVUjDTH01PPwfBI15eiBPRTeuqal1+MEZEF8I/IwquzM7BaxdQNqBtmWJ+YBvUiQt3hqT8LqBdpUF+R+1xAfbQllVAvINTphUZUPhXUO0GnoC6tR6RJY6m6xpOmpmPe9jJC/cyAhvpXhHqoA+quLV2YFzRvXR56vYypC9QjCzEiKh/+kXa8MjudUD9kvCg1zLC+MmnSqPX9Ih8fuff94iiYmp4u/CLbjVBQTyPUB7an3tmkUW/9Ii14NJB5O6/uNYzw02LojnbqnFej/RDqUWmEeumAhbqjSeOXi9MQYkrgsefyOmgQd4RPpCWPAntnSMabvOUZefHM/BCRjyCbHa/NTMOa9IMG1A0zrK/szMXrOT9vycFrUfE61J+Fp16IIGsqvlmRjVkDGuryojQb401xCLHYVajE3ybt7OXB1PPzF6/VIVeo+xOEQfTUXyTU524j1PcOZE+9Fl8szkCIOUkBWGLo8uWoVvOQeyrXREIpBLV+3l2ug7drJiEoSymCrcVq3No3pqdjTeoBXKy7Z0DdMMP6ws5cEKizcE2NZ0GTl4PPCOqWFHz3ezZhNnChnkKoR67MItR3IdScxmPO5TUp5MNO2to7r8uT5AC6AiAh5vrxUaBN7099W9mAh/rnv9gRZJL3C4W6R66fkzyoHFDnfG+gLtchyCwtX0owKjwX/5yeibUp9NQNqBtmWN/YaUJ94eYcvBolIYdnE36R6nagORVfL83C9AHepNFGT32cKYZeZDqBnosQQjiYxy9NG72fn29poQqeP0E2wlquPtTy4wNi4vQczN25B7n7zw3c8EvVBXz1WzaC+XAbZsnHCzyPofKyVz2o5CMq6QNGvrjtLl90/c3PwgdbeBmCJhch5KdsvBmViTUphwl1I/ximGF9Yqcv3shZsK0YL0Wlqr6+n42nLp032fHV8nxCvWRAvyg1S+sX1Z96lgq/BPLYpfldbzx1FaoRgMkDrRPqFbyGlVQJRk/Lxayd+5B9oHbAQr3s6AV88atAPZ3HXoQhfCgNVV+U7uZ1kRGcBOzywJZz9Th/Xd7yjHjqgaZSBJtKMNJSgDdn5WF12lFC3Wj9YtgAtkePHp1oa++AN7V6qCfr+FqvJ+pu+9b2Rzh//T7mbK/E2Ag7RrCQiXflKIB9BfUREpe25OCTZSUoPHoVN+834159C+7cb8SNu/VKdXcbPNToVTd0efut52rAdfUfzv+9zvSCI5fx7QpC3JqJYdZCFUdWrT0IMV/g8iqBOSUhCg18cv0qCcU9qm13yLQCRGzbj8PnbqO5td3rvfkr9aChFTn7z+OTn7MIYEKd92+4NO0UqAuUeU6B9NIDqM4vbr1cB295Rq5FgFwXC2s/8tJ4Zg4WxOzHgdPXUXvtLi5cu4OL126r6QUu1167h9qrnF6901Xqd02yrra+u9zSZT8e6c5tnPvT/lvE47gquolrN++ipaW1Si/ihg0m6+h4dPLqjbvYV3UWuw/WoPTQOZQcFJ1XKj5Yi6JDIs5TJboc88Vcv5jrF3lI0pzruG4n6T6ktnGqROksj+msmi8+fAEJpTX4YVUFRk8toEcpfbX0NdR3EwYleMGch8CILLzzcyFsGyuxPH4f5m7Ih3WFHeYVmQj7IxuTV+ZSeZj8Rx6m/JHPtEKqyE3hK4sRvoriNEzk9rvr+r7nZd8//pGDH1dm8v+y8BP/93v+9uEvBRg1NZtAL8ALhM8/CLEXbOX0UuUcvJ+bVynQCdQlRCGxZ9m+gkCvVPv1jyrCPxeX4JfEw7DvqeF9cL9PrlL3+bBvda7bmUcc91nftnN7Lndup2+jq3M9tW4tUnfXYNrmSrw63Y4g1liGE97ipUvfL+qL0E6oF/ca6lJTGcLrO8Saj+GRrBlaMxBgisM40w68HLYRr01ei9epVydvxEtTtuHFydsx8cfNmPjDJkz4YSOnml78cRMm/bQFL03eyvW24mVKzU/e4pG+Tc1PmryZ6ZvV7y9N2aLWV9uEcf1w7ksUtom/bWT6RrwyZT1e+Wk1Xvvpd7zx4xJ8P289TtVeQcejR9V6UTdssFhDU/PJjKJD+O/UTXidmeQV0y5mmDi8GB6PCdR4aqw5HmPMkpHjMEEpFuMpx3RceAzGhu3q1LhwUYzbOq7bjQ8XxXSuo4nzepqWHsP1YzAxPJrHEo2JsmxJwmhLGoJMdvibpYAVE2jOOKhrwfwzUFchmEhCLqII0od2sCkVo8ITMTosXmkUFRqegJDwpE6FhidjZFgqlYZQTkUyrxSuSaVPcWrkFKY/QbJNSFgygsP4fyZNwTyWIFMKAsx2DKf3OFTAQ/gOIdAljqyaJ3o9L1/itVKw02LOEooRj1/2JW3fh9mKWCvKQpCZ10HyAu/FOOYTdc8cknvmej/NvOcect5nTjvvs+QNh/T8pdbnvbfEYmLntrId/5PbTOD2DknLn/GWZOaLdASbs+hNs/bGPDGMxz6cEk9dvfzlOanwkn5+3q6D1zwTyWvBvCDXYJhNenvMp+cuL6QzMZJ5cTSvyRh1XTIwkv8faspW01EeGmmS37gNp51plKSNUmnZGMW85pDjt1D+5tifbCvzI61cttq5XjrFfMJpKP8/NDyVZTUREwn+j2dswvGzl0GnzYD6YLOHhHpy4RF8NJ1wDktkBstGiLlA9XMRSm81hNCQZm1BKiPnclmUwwKU4z7vS27rautLuqQFMyN3zvN/gzwkaSLHvoLNPAbuI4jHFMDC6wl1h3wW0B5K21b2JQDQYKf1qVLM/yTgpHUJ/9tV8iJOPEKRzLsue6b7+t2X1Poux6COQwAcIbUUHqccs37cjqm383qynNdPJPNyfYfy/4daeK0tAvdCFYaQHgs975e6Z+o+OaZ6HtDnvaV35gk9f4S65BHndq7zzn2Igpgn5N2Knxwb74N46XLMrm3RVSjKIbfzdZev66b2Iw++TukPB/6X/KcjD6hlXidtXFR39UX6CIsutcz7wHLpRw3XQ2/DmC4DkI/lg+6jWdtx7Cw9dQPqg88E6klFR/HhDHqg9P6CpcAyQwUpSfM4afusi4VHCpASPWXHfCABK+tp0rZRclm3c16tK+tQLvOSrvZJiRfunGe6rOcmAYsUYq0AOwqvQ46C6Fk4e6ru9uH4D1dpLxnFG9zdKc07dC57pvv63Zu0Drbcj8H1mDzTff3eE7luK/MiBUkXKZDxPkh+kHvVeb8c97en0vNLkBd5XZ9S+cRtmd6zAmrXfOCQ6/l1J1/rdpfuKW/5sa/S1YhNrHmIFNhZJjtHdOLxyPsPuSdjzAmE+g4D6oPVNKhX4YOZ8azesUrPTCFegeZJStO4AlY5mXlELIR+UogUVLWpJnquXua1l0td57V1HOs552Udr/NyHCy4MlVxUYEKj8/hlXlmfkeB8yyEPZNjH859ecpbuvZpvQ5hFj5v0Hak+/rdl1yhLv/t7f8d6b5+76lct3fdn3tzP/EWeW8IX+0eyv2S+6RJ8k130u4n5wmjAGk+yqnIMS/pnevo9933vNRceDw8Ls9zcZyD5l13/c1TvtbV0t3TfKX3Zt3epmtdHkgzTembR8KD0sWwNviHdCnsCvV/O6BuxNQHnz1sajmZWFyF92fFI9ScqjKFwFINkMDCJUAfHsE0mbLQDWchEi9BJPNKZlbNdTnmh9PTV1VGJZdtmD7crE8d87KNzKt1xBN0l3jBnlJxX/4mVU4Bu6ukQHhrc9xX8ixsAlxPYPelpDWLt+P4a8V7I+L17pSe5kcwKnE9N3lJ18Jbzm0dy67ruKnLPjzuhYe8H3tv5T0veX9YeEvrq3Sm6WB3QF1GdBoR6YA6rxtr2qNN8fj3TD38YkB98JlAPYFQf3dWAoItacwshSo+J73aycACw5lphkUWMtMUMdNIS4AyDLGUauL8UEqqhd7UuZ6+brfrM7OKJ+JNMuCBq9TgB8zkUrD63lN3btvdPqSlTadkmcfp5l3znFyXPdN9/e5Nf1X4xVd6ZwxfpbtIpen3xuV+Oe+be7rMy30fprfW6ZSP7bVtvPzm0urJ9b54HveT1JNz95Tr/zn+0zOtr9JVGs/XL6KCQC9DAMukHzVCXuRGSWduzFNWD0/dCL8MPhOoxxd1hboaYED1dEegRxViSFQxwS7p0nWp3ipCn/clxzq+1u3JPnxJA4kvqDvh3ns9aR9e0nksf8fwi690AauA19t9UeKxSuuTHqXLsiPdVa7ruMrLPhTo1bF5P25v6d7U2304rseT0voqXTk4PHdv4Zdh9NQ7oW4i1A1PffCaA+rvzEok1NM1qBOUDqgPpycgXvoLkfIyhumOQuetIHaRYx1f6/ZkH96kZXpNzy7M0lOpF6UewO5LDcTwS/f3rrf3uzf5wHNdWXbND/0pb3nPV37so3QvL0q1AUF0qNvytfDLjG0G1AeraVCvxjszkxBiyWCmkNi2wytgxpIMI0BXgw4wUynPSCtMjnlfcqzja92e7MOn5PiU99I7D6gncmzbm30PzvCLl/tCafe16++9Tfcm7+tyuQfH/ST1dh/e0vtiH77Su/fUeW3orQcQ8m6euhF+GXymYuqE+ruEunzAIK0JnFAXiEuGEbA7oM7fVAZzmfclxzq+1u3JPnyJ2/rK/F5DJD2WY1tf+/CSzms12MIv3Upf90+ne1M3+/AdIuma7k293YeW/uS0vkp/KqgbnvrgM4F6YmE13p+ZjJFm6ZO7GCMsAiANQjK6/jBdUiVUTceUXOd9ybGOr3V7sg9fclRPfVVf+09yPJ7A7ksNxPBL1/vhKrmv3u5tb9O9yfu6f00+8Pafvo6jj9KN8IthT7JOqM9IwiiBumobTg/RWk4JVCRzUdIahlOt7wyKmUp1AOVDjnV8rduTffiSbKsKs/JetKmnfKX3RI5te7NvN09dxGvn6m27pvv63ZdcPXXRk47L1+89UY/OmfPSnNDbvRGpnh77IN2bvK2rQb0Hx/0E9XYf3tL7Yh++0o3wi2E9MgfU3yPUQy0ZzCxa3xniHUqPffIRkmQgh0fkkFrHI81TjnV8rduTffiSlukdU/fM7zu9J+p+35LWJd0BXV2d6/hI9/X7E+Xr/13Sff3eU/na3i1dpt3I4WX+2XRv8r0PTd6O21voxJt8rdubdG/H0Ffp3UFd2qmLpy5QHy1Qn2GEXwatKagXEeozExFilW5LZQBjCbWIly5flspHROIhOQuOJq1wdS/HOr7W7ck+DBl6ntTbvN7LdB/hFwG6fHwkTRpHmeLxr+lG+GXQmnpRKp46oR4qUI8g1CV+zkyivIHOEIl4Ca5eg3cPw1WOdXyt25N9+NJA3/eTtu3JPnzpr9x3T9Tbffyd9t0X+/CV3mtPvcYIvwxK6wr1fK9Q72lc11WOdXqboZ8szWtxTn397pneE3W/b0l70r59reNI9/V7T+RrW9f9evu9p/K1fW/229t9+Er3pt7uQ0vr+b69rdub9O7XdU/rbboRfjGsR+aA+rszExBiTWOGIdSlrbqA3DP84haC6UnoxLFOb6uehgw9r+ptXu9luhF+MexJ9rCx5WR8QRXenaFD3YenboRfuv7enZ60bU/24Ut/5b57ot7u4++0777Yh6/0p/LUjfDL4DOBekJBNd4h1IPMuqc+iMMvsp2rfP3ume6qJ23r6/eeyNe2rvv19ntP5Wv73uy3t/vwle5Nvd2Hr3Rv0tbzvo+epne/rntab9O7g/oQ/v4Ca9IBtkKMNser/tSPG5764DRHk8YPZidjpC0D/pGFGBYhVT8j/GLIUN+pt2XAR7rP8Mtu1QtqoECdnvpHs3bi+DkD6oPSHE0a3yfU5UWp9J+uvh6lt2GEX55+30/atif78KW/ct89UW/38Xfad1/sw1d69+EXrdfTIFuR6nr3P7MNqA9ac74oTUSwOZUZx4ip98W+n7RtT/bhS3/lvnui3u7j77Tvvjp37/vm1IC6YU8yR/hFQV263mUmUeGXgQx1Hofa1jH19btneg/V3b6lYPVk377WcaT3ZB9e9aRz7qNz72m6N/V2H3+nfas0l+W+TDegbliPrDP8MitZdRMwwlZIT90b1N0zsK/M6CpZR3rQk5HdtUEVRNIXtyaJ0csLWHlg+OmZdYS1nOnukjRXOeKKnfFFldk1ef7mkGfh65TLtmp7JYlfav10dydtXd/78JXuazu1jq9j91jHdd6bXNfvmXhtKee2suz8vTf79bWer330at9e0p4m3Zucx6Bdi67XxF1ez0XEfCXlR/pK0t5H6cM0yr1Xv2lS5UDSJR96yFv50s5Fuy8yLqsn1IcwPVCH+kcG1AevdYZfZkj4JZ0Z1QF1yTgOqBdTzJguGc1bpvOUZGzpZGgIpy9EluEfkaX4BzOgDIs3lPuVMUqlf5kgecFj2Y0AAtvPUoERZhELky6Zd5VK5/rDLSwk1AgXOdKGm13mKW2sU3k4OSXLqrBZnBquxGNjujbMnrtkOL6h/M0xLJ88mKSfHJFWgPV96vOqAy9dznR5mHnp8EsgwfPyJvf9OKfOdfTzVOeq7b/nknuti8eg5LHsPEdHmsx7l3Ndl2X9+DqP0SH9t855Xa7XUV4Kyj2Rqds1VFNNznR3eUt3/ofHMXaem7u8re/cxj1N8oMCtZV521KAQHMegkx5COC8/Lc4A0MJZu3FJsuB5DXegy5lx1cat5dy6CdlshPqMqhNBfddgUAroS5NGo0OvQavdUJ9ehKhTk+dmWIoM414BX8a6gT6sCh6EJz+I0qgXqJGUBo+lfuMkhHkC/ifuRhpykVIWA5CmPFD+FAJ5jTYnK8kBSLQlO9FTOe2gaYcTp0KUsrtomAL/8PqIUsO/8N9e1GAKRsBnPrzd39up001+ZmzMYK/+6nf5bdcFlgWXNf9y34p53/l6ZLfnMuhXhTCfXmTHL83+VzXymPordz2re1HHa/ar3Ne0rXr3FPxPnGq7pdLWqe4P9f/DuK1C7Jkc90sKpP3gjLZ1VSWgyxZ6ndXybpBoh6kB/Ieuh6b8/gcaY50bd493Sk5H+d62nwAIS55Qv43xJSOUeEpSqFy3BFFqty8wAfFC5zKsJEjCOSeNoF0g3qEK9S5r4hKag8dIwfU9Y+PDKgPPnNA/R0d6spTZ6bxhLpkIi0D+s50nlLVTIn1cTqE2w7hPobY8unJsGBZMzHSkoHRYUmYEJ6MCWHxGG+iWHUcZ47vgeKoWE0WXWo5plPjdal0E9fn/rtI/s+S6JQ5EWOZNobrjzbFuGiXmo4RcZ9j+X+icVbu1yL7cd/vWJf9yzk5pC1LehynsV3FfY638DcPTdDluqzNO9Z3bKtdg7Hm6F5qF8XteJ5Kah/6tdT32WXeh8byGo0TdaZ5nBOvmVLn8XLaee6aJlh57xyy7OL/OhTNNNEup/R0Ta7r+kjnuWrSjk1Nec5q2nkMjmv85PPV8pl2HmN4b0czH43ldAL3+aJpJybK9bQk8UGexRpJPr3zYh3o4nG7O0udZcdXmhvUC5j+BKgb4ZfBZ65QDxKoWwh1VhMlXijVRa2depGq7rm3nXWd9ybJiOXMcBUK7mowaxn/VDwlSxr+OS8b4WtKEbmmCFNX5yNqZQ6mrcvB9A3umrZe0rM9lOWiTLflqWszEbXW7iZJk+2mr8+j8js1TbTOm/L4Wy7/n9u4ar3jv7X/lGVNcpxc32P/ndpQ4CJZ5nobvOyfmsFz9ibP6+KQt3VnbOS+NvL4eqoNoq7Hosnb//I6rOe15nXwVJS6/u6aKtdMrpPHviVNftO2lammaet5fUUb7EpT12ua5pCe/rRS++N/yjm4nodj2fVY5Vr6OldJ97x2U3l9opgPpq7j/WV+nrGW6WtzYVpVgHcXsPZpY02PYB/B8iQhmhEEvISHupYfH2kqxMMHgk3KpKOdupStCjpjlSyvRRgdLl+UGlAftOY7/CJv2KVPdT38EkGPwqWaKJnM1YvoIuXpV9CjqFT7UutbC+ihZ+GN2dlYnXEM1+40orm9fbR+KIYZ9re0lo6OcdfuNmIF8/wrs7PoTWfBT8BuLmL5KmU56Vp+vJUvlebmqRvhF8O8mCfU+yz8wu39rRXcdg9hXkHJA6JA1QZempqMxbF7caHuAeqbDagb9ve3g+fqxqXvqcG789IRYrWztqpDnWVMQd0D7D2Dumf4pVKHeqIRfhnM1gXqfRR+kZYECurWSm5Pj51QD1AvQe2YFJmEmZtLcfrSHdyrbzagbtjf3g6evjIuo+Ik3p8rTYfTCPU8euviMElcXWDtWYZ6F34ZKuEXljPV+sWc5Gz9YkB98JkT6skIIXD7Mvzib5EmipUYQflZyxHAjBhsycSLEYmIXF+E47U3cetevQF1w/72pkH9BD6Ym4SR5lQE0FP3s9BpYjnpi/DL0Agd6iyr8lJWOvQywi+D1Fw99RBL34ZfBOQSehkuUg+JEkhztYm2ZEK9BMcv3DKgbtigMAfUP5ybSKgn61Bn2aLn7Rl6EWnly72MdYW6M/zSFeqGpz5o7ZmFXyjxQLSXpNqHEZLuz2rnOFsaItaXEeq3CXUj/GLY39+cnnoiQi3JqhyMMDug7q0M9T78MoROlBF+MUyHelWnp+7+8dGfCL9Q4ulrzRkJdfUiRzz3QoyJyIB1YwWhfseAumGDwjqhPs8B9XzIF8zeXpKKvJUvlebmqTu/KHV46kFG+MWwh03NJxMLj+K96QkIkUEy9PCL1reJeNs61Hv9RalsK96GQL1cQV2FYKwFGBthh3WDAXXDBo+5euoh5hTVpFG6pNAgrcul/Gjly72MqTRVgxaHqYRgF6gXYFhkCcuX1IQr6ZgVYxw9dSP8MohNoJ5UeAQfTo/BqLAk+JvzCWH5+lOaSUmmKkEAvXWRhGMkY2nyVj10Sh4A0lxLmjJqIRjtxau89R8fkQbbBiP8YtjgMQX1ckJ9DmvE5lRCvVDrO0jKBiHtrQx5Snno1nJ6+VprsuEK6CyvUcUYESnNGfch1FSK8eGJ+Mho0jh4TYP6UUI9llDXXuBIdU76axkaKeETAbrW6VYA5e5JOL0Ib9I6zpLM6IB6KaRPlAkRqYR6qQF1wwaNaVA/SagnI1jViItUbVhqsT0Nv8h60kw4wCJfjkoaoR6VjyGE+nBpo27ei9DwEoync/aRMUbp4DWJqUvXux/MSMDI8FSnpx5Z5gF1yVDODPZkqGueutYGV6CuvXiV1i/jI1IMqBs2qMwr1FmeBOpSNnoSfpF1NE9dmghznYhCQr2A5VT6kqH3bqpEaFgxPfUUeuq7CPWrhqc+GE29KC06jvdmprLqlsEMw6e/rYRQl+485eVoMWFeSu9Aqn6u1cGehV9kG8mMWmuaEtWj3Xgbob7egLphg8eOEup2V6jr4Rf17koA7VF+vMkt/MLyONxWRKBzPxJTl+bDpgoEE+pj6Zz9a1YsoX7NgPpgtAeEekzhSbw9MwMhpizCW5oual66ZBaJqQvUxUtXfUu7eRIuXoQXGeEXwwzTrK/CL1IGAywEuwqF0kOP5H4i6GAJ1M3lCAovxig6Z+/NSkTV2esG1Htrx05faD14vBYHjl/EgROXsP/EZeoK9nlISx942sdjLjlyAYt27cPLU+0IMuWqUIt4BAL04dL3OaGutVfXMpUjgxlQN8ywnltfQF2lsRz6i7euHCwJj0qNWrx27oewDzQXs8adidenJSGWNfA9xy+pcr7/z0r20ye66FNd//cCjpy6gJt3HzTql/HZWntHR2vYvHV4J2wt3jRtwZvmnXjdsguvWWLxiiUOL+t6RS3vwivmaLyqfo/xkLc0X/K1bm/TY/CqNRqv2LbjpQjpYzqJXnomAlkl1D6GkMxCoLNqJ1Nt5BhmIgPqhhn2VNZnUOe6AnTNySLMpZWaYz9MC7AU0TnLQmh4Il60xeJlG8u5dQfZ4yKzPrXudMrimLqs57oup6+4abvHcndyrCvTbS7a6jb/qmUbj4GybFfzr5k34uPpa5FdcVRqHM8e7O3tHa1fz9qISWHRGG9KwTizHWMIrFGWXAJSRuzRRu0JNuVQWZQdIWZebHO2myTk4ZnmS77WDTF1TesuXZMdo6wpGGlLRohVRpMpYIYgvNWwYhJ2KXJCnTD2/Ejiz0B9IqEesdFo0mjY4LG+hbp8FMg0znd+B6LKmMTcixFoJXdYvkNMqVSaKusy8pJDIWSRTEdasjrlWHZdT+RYN1Rfb5SukUxzXe5O7uuSO7pGmjOYrs3LKFGh+rJMRaNNCXg7ciPSy6ukFU//QP2L2VtVm9BRhPUoNRRbKS8o4WWpwDATL7SZF9xMr5dVouGmQtXVpvT34KoR/M0zzZd8res13fykfYtXnoUAm53TXJUmGcVPxsMkfAXqIyLlE2ROZdkj8xlQ//tZe/ujGW3tj9Dc2o6mljY0NrcqNYiafMjxuy5ZX7ZtaetAW8fjZfquB731HdQF6BIOlY/7pFxpXXBoY+iyzNuKWaYLEWTNZ1nLY+27AP4W6eqDZV7VuMVx0xigvhbX5cd1/CXddT2PdSU065Cs67rcnZzrypTicYqkC5IAdbzyH2Qjl7VuSTQFWTLxxtTtSKs43n+e+meE+pjwBD5V+KSx5BPociF4ga17MNRCcX4oQTmUMBvKg5SLLjfGVTJIrWeaL/la12u6vFmnuqR3qoTHlYchtlweGzOYPPl5vKpqx+OVr9X8Igh1mwH1v5sRuLMfNrbw2tej7vZDXLv1AFepmit3UF59EZkVp5BSchxJRccg/QLFFx5DXIGmWH0aV3hcS6fiuY6sJ0ouPoaM8lMoOlSLqnN1uFh3T+3/xt16PGxoQWtbxx/6YQwq6zuoS5kSIIpXLuMU7GFZr9T3Rb7QCZOyK1+BC0C1cKpsz//R1dmE0kXCi87lLuvqx+git/WfoC7rup6P27xjWZsPJJtemxaNlIqT/Qf1/87ZRqjHEOqpCFbjbtIbJ2CH0ltXQOcJKKBHFHNaiGES0oiQC+/UMF58zzRf8rVub9NFw+SYIgsxJJJTicsxY6guctWbdck4zBiEugrD8BwEyuoGe7khvqQeDiojGlD/q6yj4/H8+qYWXL5xD6cv1OHEuWvYf/wCoV2N9amV+D22BL/uLMYvO8owY0MxPl+UgTcj4/GSaRcmSmhxyi6MpcZMjsHoybEYMyUOY8LiMTZM5mMo+T0a46bsxISwHZhk2onXI2Lx0dwUhK/Mw7xtpVgSvRurEyqRSOjLy7KTtXU4d+U2bt9vZK2gbbV+qH9r6zOos+xq3XZ4h7rGGC1kqppKSqsY2X+kUxKH95R8m+KY91xXzcu0y7E4l7uTc12ZiiQSIEzRpo4Xvmo+UqStExhBqE+PIdRP9xPUOzpav5i/A2NMsarT+xBblhodX8AlF1jAPoQXdYjyiKU/lQJecPF8CVoXDePN9UzzJV/r9jZdJMCXh80QZhJ5+Kh2rswkql8JQl16ZfRToReury5676GuwjhcT3sgaFBXXe8K1I1uAvrc2to6Fkno435DMy7feoij52+hpOoSYgqqsXBbEcKWpeK7X5LwxYJEvD8jDq9ZdxHe0Tq8YzA+LA7jw2UA8EQqCeNMyRgbnsI8noLR4alUGkab0ilZTsRown0UtxnNbWQINRmwWxu0O57rMN0cx2UZwDkeL9vi8c9pifhsfhq++9WOiNV5WJtyAPn7z+NIDT366w9wv1558nj8+PE6/ZT+NuYKdeljSXo+dcTDewd1qUWXsCwJ1JnOMitdW2tQl5YwUl7puMm8hbC2cB19O4eklq45ak4No1fvSPdc17ks+9Gkredc7k7OdR37kX1q/+c67/pfMh9AR/m1GYR6ZT9C/XNCfTQzcLAlg556LmQQCOnrRG7UMFslYSkj6XOZB935BHU5WfcTfrJ8rdvbdJHjqSwZRTKXexXJZT3uQ1uX63TJYM5lb3KFuuqhkcuBhLq0fokwWr/8aXv8+H+LW1o7cIce76W6ezh65hqyWQC2Zx/B/J0V+HhxJiZFxUNGztdG+CewzTqwwwnsMFEKYZ6MCeEJeJEgfsmSgFdsSXh7ehr+PTcTnyzIxscLsvDxwmx84tACOz5dkIr/zEvC+7MT8MY0bkfvfKItBhOs/B8rvXhrHEZZYjHSHI+RlhQ6PumEGcuJKUNNR/LBIKHLSYT+f+akYs6mUuzKrUY5H0Lnr93F3fomGb92vX6qz705oP6+7qk7oC5lo3dQ1yXzenntLMOqnOpSaVp65za6VJnu/F2TawjXc13X5Sele1NP9qH9r+Nctd8CLNl4ZeoOQv1UP0J9QbQOdTuhnqeC/tKsSEE9Yg/FJ6jcDHnyKKDLk8hx4JrcT6Z7+Vq3t+ne5H1dz4v9pHRXyYscV6gzjcuBVoF6CiKML0qf2uiR/3r3YSPOXLqJ4oNnsSXjIBZvK4N1eS7+RW/4JXreY8J20oPm1CRAj6bHvRPjmDaB8y8Rum9OTSSU0/HD0lyY/siHbWUepq7Jw8wNRZi3dTf+SDqA5JJTyNt3TnnTDhUcEJ2jziJ33xnEFVZjeUIlZm8pwtT1ebCtzYFlDfdJfbcsE+/NTsQkWxwfLPTgzckYRZiH0vsPNaUS+PT+WRsYQ09/XFgMaw5x+OoXOxZsL8XOvCM4ePoq7jxoQmv74436qT+3pqAuw9m5Ql3CIw6oK/g6pZUv9zLmLe3p05+c9jTp3tTTffhFsjZPab9pUH+VUE/tP6g/av1iwS5m0ngEme0IsuTCnzdKPHXt5ajuqfPAHS8wtNCHBkSnuj41fcvXur1N96berPtkCcwF6lID0KqZcqNK6KlnY7wtGbZ1JTheKyMfGVB/knV0PF4qLVJu0SM/dZkgP1KDzRmVhHAG/jsvFm/bovFy2C5MmhKHFycnEOoJeJ3gfndaLD6cFYtP5sXhx99SMG1tFhZsycdvMaXYaD+AnH01akjBC9fv0dO/jys3H+Da7XrU3W2gp9yMhpa2+foheLX29kdWOa7bBO+12w9x5dYDXOY+Lt24j4vU0bPXkVB8DMtiyzF/cxEiVuXiy5/T8f7MJLzOh8oEG0HPmsFoS5LSKNYiRhP+4y2JeHNaCn76PQ/r0g9jz8mruPmgEW0dj/D4f//brP/9c2VdoG4p7CwbPe0moO/kraz3liG94UXP9uEEvFZz8DcT6tN29jPUF+5iJvw7e+p/bt9dwi+8DuKpj49IhtWA+hOtsblt2e17jThJ8ObuP4t19MjDV9nx1tQtmBi+Hi+aNnK6GS+Gb8PLlhj8c2oyPp2XiclL87Fo225szTgA6Su/YH8Nzl65Ta+3cYa+6363lpb2n+ru1GP3kVrE5R/F7/EVCF+ZjX/NT8HL0wn1iESE2JJYjtJYnvRvPcIkTJOAjxdnYG3mQRysuYr7jS14/Ph/W/TdPjfm1VNXjk5vwy/uaX2V3lf79qae7sPdUy+jp57T31DvINSj/+ZQ93yCPindVT7CL7xRhqfu2+iJrpA23tfp+VYcvYDNqfsxfXUePp6Tgles8YR4DLUDL5m24Z1p0fh+SSqmrsvF/O0l2GQ/TPifx8HTdfSWHxLizdP03Q4oa2lv/+FefQtkjNqs/eewNGkfJq/OxzvzUjDWFk+gZyDIVMAasCiLSsSk6fGwbMiDfe8ZXGJtoKG5/bkCuxF+eXK6t/CLiqlX9KOn/iU9dWf4Ja8H4Rd5w6sB0am+r8Y8Od2berPuk+Ut/OKA+qSpaVi0aw/OX7+P+mYD6gT5SuYn9cLzRO115Ow5id9jS/H9L0l4x7odr07ehjfC4/BBVBo+nZ2JKb/lYd6mEmwT7/XUFVy9/QA37jXgAb3YxubWSH23z4U9qG/57s7DZpy8dAsJJccwc1MB/jM/HS/aUumly0vVLDpNogyMi0jDfxZlYln8XhyuuY4HDS1b9d0MeDPCL09OdwLeGX7pZ6jTU//bvyj9c/v2Fn4JsubibYIppvAECg/VjtIv56C11taOlfIR0KHTl7Azex/MvyfhbdsGvPjTarwSvhEfTNuFbxemYs7aQmxNPYzM3TU4cvoGaq/et+i7+NtYfVPLNxKXzyT85m0uxCf03F+yyIvULAK+iB58EUJNUtBTMXtrKcqPXcLtB41obe/Ypu9iwJoRfnlyuq/wi9H6pQfpXeX5pHzadFd5D78I1N8i1HcVHB/UUG9t61h992ETjpy5gh2ZexD5RyL+PW093jCtwruRG/DNoljMXJuNTWn7UHLoPM5fuYsbtx6a9M3/1nbjbv3XZy/fQnz+EYQvy8abEekYF56PUeElhHoxQsLteGlaCqasyceukuO4cOO+gH27vvmAtO7CLwL3/g+/uKdrae7rPU26N/V0HwMg/CLt1KOZ0f4u4Ze+la/wi3x89NZs+6CFemtr25rb4pmfpGeetZcwT8LH0zfgg4g1+HTmJpiWxmNVYglKD9fgUt1d1De2oKmpNVzffNBYW9ujr+49bEb50UtYGr0Xn8zJxYv00seY8gn2HIIxA6MjkvHR4kxszjmKi3X30d7esUPffMDZwAq/eNOzZEvP9uEEvDP88nLU9n7sJoBQ/+/8nUb4pRt1F34ZjFC/d79h7bEzl7EzvQKW3+LxnnUN3rWsxg8/R2PxtmzE5O7FvuPncepi3WR9k0FvbY8efXn9dj12Zlfhq0V2TJKmj+FpKgwTSkdqFOH+8YIMROcdwZWbAxfsRvjlyenewi/9DHXtRamj9UsQoS59Mjy/4RcCWFXJXCX78LX+k/bdXfjFjuiCY4MG6o3Nrevqbt5Byd5q/LwuGf+NWouPbGvx/cJoLNmRj7y9J3Hx+l3cedDwk76JYS7W0tL2xdWbD1RTyO+X2PGKLZkeexZGmUqoIoI+GT8tTYO94jiu3Xnw/ED9KcMv3r/u7loee5Pe/bruad2le1NP9+E1/BK1A6n96al/xUI5yhRHUGUgwJpDoLNKxQPVwi7ePz4S0Kl+G3QJ6FyXu5OvdXub3lUCX+lPQo5PJPPatlpnXJVUBaXdiJ7IV/hFWr+8Oj0dfyQfxNVb9Whubv9bt35pb29ff+nKNUQnZ8K2aDXCFq7HnNWJ2JhUgrJDNbh++wHa2tvx6NGjH/VNDPNiLW1tn0szz4SCKvywOBMvE4wjJ+cjZEopRofn4I2oJMzZWowDp6/iYWPrTn2zAWPdhl96Ua5E4iANpZTDqNK0MIZW5rSp5ky5pzvkuaylPSu29Gwf6pgE7CLOD7cS6mayInIn0vqzQ6+vF+7ESHMMgmxp9NKzeQFl0Gbp0Iseus3VU6eHbiviwRZxPellzSnVh7BHmi/5WteZLoM9S++ImmTQZ9dlT8nAF5rk4so+pMvOAn0qcOfFthLq1r2aeF6Op6rKLPq8L2kPC8lczvCL6iYgcvD0/dLQ1LT+cPVx/L5hK35dtxUZJXtw7nKdDNH1nb6KYT20trZHn9+4U4/4/Gp89XMWxpvtCA4rQnB4MUaasvHGzHTV5r227h46Hj+O1jcbENZX4RcFdHqzQyiNLZIu5UzKsFNap1gCSy/lXrjAWsKT0jrTPdK6S/emnuzDc36Ehaww5eD1iF3IqKjpP6h/s4BQNxHq1nQE2nJ4MaUXRheo696teMH+CugaLF0lN9czzZd8raul8z/kwsiN0SWjGLkuu0obnk6r+mk3X7xzefAU6ipWGUW67pSuPYerLj61qpGqAnrJdO6SJ7CWsVzDL4Ot75fW1tb1V6/X4XDVcZytvYDrN258q/9k2FNYY0vbf6XDr5XJ+/HubDvLXxaCwgsQYs7HaGsqPv8tA9n7T+POw8aBD3WWwe7CL55lTJZlPFLx0js9dT1dnCdPaelaWXcr+4oL3ljRlRe+GNIdWzzVk314zo8wa1B/LSKGUD9HqD/uP6iPMsWqDyMkVuxvFRg6QShernoCWUsIfYJX4Ks6ri/Vp+Jla1PP9K7zfAK7zHtPl/9yuThebpKWzkyijlEePiLJWJIB5IkvMBdJSx39ae9YX38A9ESSqZxQd4RfpO8XvZfGQdShV0dHx7pHjx6hvb39Gz3JsD9hF+ruf7a7+hKi1hfilcgkyEDLMspPsCUdL06NwdwdBTh9+SZYRgcM2Psy/OIAubsc+xFJWdXLqyrvDi5o8lz2laalu3Llyene1JN9+NEzd00fYS5BQHguXomIRXrl+f6D+rfSTj08ESHqi7d8BKhhowSMUqXaQxBq/ZMH8EADBbyEWpenKX/zTPMliTN5T5epQNMh+X+BtnO+q6QWIZ3rUxImYpr2Aob7Uy92HVU48eB5wRXw+T9cx+E1uHoR3qSqgXJ83PdgDb8YphkfaD/VNzaj9uptHD93HdVnr+MYdar2Bq7duo+GxtY1+qo9suMX6j5LKz+Gz39OVr0/StfXgdZMjI5MwFfLUpG17xRuDSBvva/CL8rz5tQROpXlTpCzjGli2XaUaX0dV3Xlhfe0p0n3pp7sw3N+mEDelIeXI+OQ2r9Q34VR4Sm8SbnQBm4mAKXqoC6mhCx4wwhW7QmkAU6NJcgb5JB6keqy3FXO332tq72M5bzAU0m7oTJQhzavLXvOay8/tYygtpep2qf8jw52Ce+o0JEWjnHLYPq8Lw0GqDc1t265duMuDp+8hPIjtSg/egGVVRdw5PQVNYzb/frGr/RVB7U9aGj6qfrMZSynFz1lSRp+/NWOn6ipf2QiLvsgTp6v6xXUW1raPqu5dBOLo0vw+jSWQWsWy1gWgmzJeH12ApYkVODs1Tvire/SN/lLrbvwi4KZR9nxBXUBuoz3GaiYwnSBoJIwxwF0mQoPpOw5fndKY4W71EA5ujzX9dzG27KnXH933bevdPm2xzV9qEDenIeXCPW0yn4Mv3w9T/qsTuVNkgFe6anrAz3LkHbytFGetQqNFMPfIh8mybB2Ihk0Q0YpKdFHRnIsd5Van/uQ+SGyvT7vvo5MBewOycWRj6Ac89qyp0awZiHjGMpxycgnWrxOk8w7oK69CyjkvLNJ5p+CekQKbOsdHXrVP7dQ7+h4vPVa3W3sSt+NHxbE4r2IGLwblYAPp8UjfGkG0stOoOrsNQPqtDv3HvxUeugMvv8lEeOmSP/uKRg7JRlvWuOxZHsp9h672Cuoi52pvf5pVuVpfL0kB6NtdtUELsCagVERSfh2RTaK+JC939gyoKD+wdwU1uy18Is2hnDPoS5lSWr9QfRig/QYtBYWZfnidKhFB6rwh+V2OP9DyrYKo7LsOaQN2uPJEGea57ra1Cm17GN9h1zXd13XVa7/6TkvGsH7+VLkLqRXnu2nF6XthPqc7WoUmVHmTL3jIfHYc3nhJb7OqSVHxZCDLNLTXJbKdH5c9uM6fvxdNELmKX+btHPvqhFcfzgl88NM2Wp9f2kT7xDT/fR5P2u+m0bwQeOWZuE6kiYPIC4H8XhCrSwI5mwMZ1VnOL0HNaaqZAzJWLzArlCXpo6ODPZnoW5dV6z68n6eoc48sPXE2UtYsCYVb4dvx7ifBFQZhFYSPpmbgdiC4zh4pv+h3tTStrCxqRX1jc3TtDFKW3HnYRMaW9rQ3v5opr5av5pAveTQWXz9azprt0kINedgpCkHr0bZsWh7BXZX9R7q9xqbPz12/gbmc/tXZmTSW8+kp848bUvHx4uzkLm3Rs57AEH9lAfUpYxV9B7qhLYn1MXTHULYDxOIWwoUD6RcKwmLbE7528gTlkNX+ZEDjnnPdWXqp8TfXdK1Zff1HVLrRWhyn/f+n34uGsF0mQZZ0/CqbSsy+nM4O9PiaLxmicZL5gRMtCRigjUJ46yJGGvTxXlZHk9vZLwlXs2P4Tpdlcz1vUsNHsB9y3pqEAFOPdfp3I90fmRJ6dRoz2Wz7E9LG8v/HG9NwAS1fRqCTBnwM+cyg8gTU6CuVeHkKa81d5SWMYMb6h0dHTsePX4sbco/kWUN6pcxf1063pAh46bYMcaUSy80A/+Zl02onyLUb/Q71I+cuLiwsPIkssqOI2/facQUHMbmrD0oOXIG567e+MugXnz4HL5cYmfNNpUFmdChkzFpWjbm79xDqF/uNdTF8vee+WRd2kG8MzuND4o0OlFar47v8PpvyTmG81fv/a2g7gi/CNzlfZ0Cuoi/K2+XDps/nbUgSyZG8uE2ysqybxNmiDQujVEcSnDTaItzvpNf+rqd8x7psuya1lXa/2rr6PMu/+36n64aTVbKdLw1Gu9HbUDe3n7q++XRo8etSfn7MWNVNqJW5qhRXWyrc2FdkwPrWk5Fa5jGZduabP7Gqfo9T8nCeZFj2ZssIq5j5r6dU/ktX5dzHUnXlN8p8yrnvGVVHpc1WSSdUxOPe/IfufhY2vzaUlibyORTVjxyCb9oIJbqnMTStZe8hLSewZ4e6rnPZfilvrFph4Rart28jZt37jmhfu4yFmxIx9s2euphzJThKRgXnoBP5qcTpsew72T/e+oJOYcWTvs9HW+ZtuB1HtfL1s14c+pGLNyRjfTyw38R1BsI9fP4YkkmoZNKmLEmSc9t/HQ75kVXYvexp4P64TNXPkkoqsYnC+ic0OkJYW02hM7JhEg7IjeW4eTF29JmPUZf/S+zvoC6SqOkXElrFYnJC9CHCNQjuRwp779y+WBLx2g6a//9rQCmtSV0oApgW5fXqU4+ucjiwi3bWvd1XbdVv1Fd0l2l/+6Q6759pct8p8hKmUaszsSvW+04c7EOdKaePdTFGppaWk+y+nf8HHX+Jo7R8zxWe0Ofui5TXM89vReSfTv0pN996ZyLuFxNVVF7T13HitSDeHtmCmsEqazySBhHYu7yQlW+JJWYH6t6eoZyy2AuGc6bvEFdmn5OlBelzxHUG1tad0qYJSGrBMWVh3H05NlOqJ88fwWLNqWpnhVfMm/FRPN2TDJtxufzYxFPD/ngySv9DvWYnKqF5uV5GDclToFulCUGk6K2Y/a2fCSXHf3roU7vcWhUDoZFZWPsjFTM2VmGsqrap4L6nXuNn1RWX8Dkpem89vGsjWZjJL3VsbZMTFlVyHx+428HdYekwcMQbv8CfxtCoA+PlLCLHQGmRLw2MxnxZTU4cv42jl24jeMXbjpFZnhKOOKW5rqur21d013lug7VZd+6HOmdHPPQcXLz3OUbDfolNKyn9rCp5WRCcTXem8kCYUlW0JV27wLizhY8zHTypZdr5us91CXNAfU0rZ36czDy0cPGluhjZy9jVXQWon7dgpTcchw+dkZBvaOjY+v1W/eQufsw1iQWY3l8CVWK3+NKsD1zL4F+ERev3f0LoH5iYfjvJRgVJiGJdIRYkzB+agxmbCtCYln1Xwp1Cb8E8HiGRmZRdkI95U9BXWxFdP4nkX+k82EaQ6hn8pzzMYpw+2FFPo6eqxs4UC/3gLpFKxu9gboD7OqFKNOG0Fl6gV76PyKKMDRC3rFlIDA8Fu/MjkeVnPujx9X6IRg2WEygHl9QhXdnxNGjS+GTXoura2EXZjh6E9IetvdQ16qJKgNyWVrTSIdmQdYcTIxIdQm/DFyoC9APnbqMJdtz8Mn0tQj7ZStyK47iTO0VBXWHEe5bOh49krhfpx49egzpPlZfpV8tJu/UwvAVZRitxvi0I5T3dUJUHGZuKybUj/9lUC85fA5fL5HRjJKYL7KZLzIxbkYa5u0qx+6naP3isGXROZ9E/JGKSZZo5uEM1VghmA+zr5flqhGSBg7UT+KDOck8fw3qw58G6jJ1kcTShyhJA4dCBEZkI9gUh3dm7sLRs1fR0fHIgPpgM4JLh3qCeoE1wpqvXrhIBpIPqdTXqhLDc4G6ylxeMp1T4k3INlpzqE6o24oRaM32iKkPTKg3tbTvOkZP57edhfj39E34bM42bEjdjXNXbuJeY6Mb1AeaxeSdWGiipz5mShpGhhPq5hRMjEog1Ev/UqiXHjqP7xbbMTIsCf7mHNWya/z0dMyN3o2yY0/vqf9GqFtXpeFFWzRCrWnqvU2AKQ2fL8nGwTMDA+pHCXW7QH02oc5jU02cLSwrDqh7gN1bGXOkKaArh4llS09T7btVWc0j1BNZ845F9dlr4mAYUB9sJlBPKKgm1BMRzGrhcJsD6jrQKQ3ueobqobS+ZBxQl0ynQ93igLqEXwbmx0cCgas372NLWiU+m7kV70VswPzNOTze63jY2Pyxvpqy1vb2LfKl5N0HDZDuYWuv3VUDNly8cR/3G5rprbe5eev3GxrXSM+MV27dk/cJuPOgSQaIdpEsu8qR1oi7Dxv5/2oc0m6Hsosm1MNWlBDo6QgiPOVBOirKjm9XlSK27ByOnLuljk/219zaLtCbrW/qZvyfaQ1Nrbh9v5EPszvYW30ZhfvPo2DfOeRTpYdqCY461N2pR0NzK9o6On7TN+1iAvWyQ+cI9QyMCksm1KU5b99AfVl0/ieWlekYZ45WH/YE0lMPJDi/INQPDVSomwt5/lImCGzKWxnyJa0saeVTfROj0qRZozRoyDegPtjNHerpzCwFrNIJjLXwiepjRqYe3oRkJFcvoqs0T12mnZ56hMNTl/DLwIS6AODO/Qbk7D4Gy5IEfGjbAMuyJDVu5pGa6//RV1MmHx/duHUf+RVV2JSyG7/uLMacLcVYsKMUyxIq1RiaV27c74R6a2vb2tMX67DVXolfdxViRWIlVqUcxOrko1QVVqccxarUI9QhposOU0eYfgRrkg9gXcoeJBQcxZEz1wjkJoG7Vd+1m+3IO7Zw8spiAj2DBV96Di2GX0QRxs0owrsLC/D973lYuL0Qu3L3oursZUK7oQvUb91rnHbq4k2k7z6J9akHMHt9MWsraXjLmoA3LIlUEt6LSkLYb1lYGVeB3D1ncIkPs6Y272B39dRHhScjQL7PoEc9fnoGoV7+p6C+IrbkE9vqbEI9DiFqFLJcBc5vluYMvPCLDvUAeuqOTvU8vXSRt/KloC5TSpVNyhlfr1AfGwaw/AabeW9mxcmHb0b4ZTCaV09doK57Ag6o9z784uqpewu/DEyoNzW1xhw+UYs5q1PxL3roPyyKRWLBYeWNNrc9coO61k79CuauScUbpvUYP2UbRofHYIwpFh8tSEN04XHsc/n46GFD89ryIzUI/z0RE8ybEWqKQSgBNzIsHSOnZHKaQe86lWmJCFEiAMIlhJKKsWHxmDBlJ/4ZFYfI1QVIKj5JiD4g2Ntt+u47TaD+08pCeqxyPwu1Jm/WcvhZtPE9x4bFcl8b8Om87YgvPICzV266QZ01iOmHz1zF0tgyfDwvES+Zd2HclASMnUxveEo2xk7JwRhOx0zJ4Dkn4hWe7zc/p2Fb1iFID4rNbR1L9V11mhvU6akH0FOXj+40qP85T31FfOUnEWsLMMGaQqhLk0YZESkdP/2er70sHICeukD9z4RftPCmMwRjeOqGdZoRfnFae0dH7KXrd7A5uRT/nbYJ/4nagpWxpaoTqubmNjegiwnUj7HgzFqXi1etsRjNqr94iqGWDHy4KBc7C08R6s6Pj+43NK7dffQswlekYWxELK+tnWCTjuCK6FWLpKfBLHqa6QjkvgLoacsXyfKl8khLJvcvX2OmYbwpGf9dlI3o3OOQod4ePXrkBvYdeVX01GVfybzmebyfuzHUUokRpjJCPZdQTyLUtxLq0YgrOIAzl+oU1LmfGfL16Z5jFzF/WyHenhGLsZYYjKJXPpLHEsptQ8MKqSIEh9EjDCc8eXxj+NsEcwI+XZCCDekHUHP5tny9ukwdjG7PKvxy5U7jJyVHL+G7pXk81nQCTV4U0mtnXjavKmQeu4HHRvjFsMFkDqi/NzMJIdZ0VtNZXR+k4Zfrt+/HphYdxlezt+LNKWswZXEiCvedwfnLtz/SV3EzgfrRmmuIWpuPl2ypBG8uYZwH6bXzg4W52FFwEntcPj5SUKenHrYiFaMj4nkNczDMKtVwedjlI8gk3U2kYKQ1gfuI43IClYpAgjyQ3nyQKQuhVkLVXICxJjsmLy9G2VEJnzS6QT0m78jC8JXZBHEcAqyZLPjSJ9Fubl+iRgmaSK/75bDN+HL+TiSKp65D/cad+hl7j13C7A2FeD0yFiPpgYeY5WGfTIkXnM4HC0HMPDI2gg8NPsACwjPUcUvTyTE83v/MS8X27CM4UXuzC9SfRfil5PClTzZnMf/OzqR3bicwc/jgysQrkalYuL0c567eJdT/N6jCL9K66P1ZcRrUjfDL4DNp0phYyEIxi1Cnp+MfUchMI09/p6fep+EXeurjHZ76AOqlsamlNe7ImSuYsz4bb1s24sPIrVgVW4aUwqp/66t0sVZC/ciZq4hYnY+J1lR6SHmEOgsVQfrhwmzsLDjh9kWphF8qquip/5GGMbY4Xp9sqgBB9KYnTc/F50uLELmpFLO2lWDm1iJM31yMaVz+8Y8ivDErm/cnGwGmIkK+hODKx/tzcrHJXoXKY5e7QN38h4y8H6PuqTwwQgj2t+bshmnVHszfVIaFG3OxLqEI+6rPou72fQX14gO1M1bG7ce701K5bTJrHPIxWiJCI+Pw2twUfLOiADO27cfC2COYvn0fPvmtAOOjpIsJPnT4kBFYTeD65pX52H30Iu7VN3eC/VmFXzIrz3yyOuUQ3p6VxYdYFo+BtQk+aN6fnc6aTLXE+QdENwH9FX5xQt3w1AetKagXdQ/1vg6/SJcEAwnq7Y8exV+4fhfrkivx0awYvGrZjrClGSg+eBYXrt32CXXx1I/UEOpr8gj1FEJdPHVWf612fLgok1CXbgKcX5RqUD9HqNOrtcXz2mapzpbGRmThhz/KkFZ5HhfqHuDmvQalG7oO1tzA/F0H8cqMXAK0AP7hZQgKL8ZLkVlYsH03UkqqPKBetdC8IgdjwuO0j494zcWzNq/bj/Jjdbh1t4F6qFrsNLe0qtYvV2/cm5m39yx+XMIHFKE4yiSj9WdgTFQiPltux9qcI9h7pg5Xbjfg9sNmXLxZj5xDlwj5Srw2y67OOZBQHWlKx7sz07EqcR+vnXjJj5fLMT2L8Mude42fHj59DTM3luLlKHmoZCM4PJvHnopPF6ZDenC887BxQEL9WYVfAmx8gLN2ZUB9EJsG9WPMBEms2rtA/ZmHX8oGDNTvPmiMl06Dfvg1GZNMO/D29CT8FrtHxYYbmtu699RrriBibY7qGC2IoAqgVxzM6/jBogxCvboL1MuPnkfYiiyMthJs9FSlpcakyExErd+NvSeuEeZNP+mrd9rl241LBfifLylUPRsGmkoJ91JexyzM2lKG2KIjHlA/tjB8RSFGE54S4w+xZGJCVCamb92LuJKaLu3Um1vbZ526eAO/7izD2/S8x4YRjOF5fBBk4vPleYgtO4kTl+8s0lfvtJv3G627j11B+JpSritQz+GDIBuT5P6y9lJRdRH365s7od6X4Ze2tkef3bjzENFZh/HRnFRelzQEy//zwTLBlgrTyjxUVF9E/UDqerc/wi8R9NQt9NRnG+GXQWsC9SSBumQ2euojbIXMINrT/8+FXzSoew2/DDBP/XRtXfyquGJ8MH0HXrLG4qslebDvOSfH5xPoYiqmfvYKItfJgyqRBVXCKXkIsqXjfUJ9B6G+xwXq9xta15YdvYDJK2Q8zUwEmGXQ5HxMstgRsbqUELqKujsNXaDe3NK2dO/xy5jC7caYMgiFYsJaoJ6NmV6gHp13amHYinKMpNcqD5pAQn3c1HTM2F6JxLLTXaB+/c6DWUWHzsD0RwbPPwljw3Mw2pSHN2fl4Lekg6i5ehdtHY+7QL21vd167to9LE86jNdn8mETrnUxLb2AfkmPPG33CVyuu98V6n0QfnnY2PKZvKSet7EAr/Pah7KGEEzPP9SShbdmZWJF8kHU1t0n1B4P0vCLDnXDUx981gn1WS5Q1zOKM/wi0jNUDyUehGQ6tayHX6TjfuljfiDF1NvaH8UfPXMFthWpeMW8Ba9ExmHaJund74585v9EqFcR6lPX0ROOiKfnncXzzmPBsuO9RZnYXnDMC9Qv4scVRRhlJQQJ5uDwQoI0C9PW7cb+k9dx80FXT725uW3pHnqdYcuzMS48BSHhBfTUizVPfWtXqO/IO71wyh97CLp8FeMP4HGNm5pGqJcT6ie7QP3c1RuzUnYfxReLkzBeunkmcEeZ8/D+wkJszjuJqou3F+qrdrGDZ25adhTU4MOfS1StQ7x16RjuPwvSsCv/KM5cvO0SftGhPoVQN+WqmsqEaRmYt3M3dvcC6jLq0fXbDxGbewT/nZuEcaYkgkxaDbGGYUnDp79kI6nsDK7eGWDD2bmGX3SoyzjB2ghI7uWnO7mFX8RxUmkOqBfyWiQbUB/M1hlTnylQzyCIi5RXLVU6Z/hFk4Da1Wtw9SK8SfMktH1pHXqVqBjy+ChWzzcODKjX3W2ITy45iU/nJ2N82A68HhWLRdHl2JFX9S99FZ8mUK8m1Ketz8LEiFjC085zJkgJ6fcX5tBTP+HR+kWDurSfHkXvOVDajVsLMc6agR+WFyB3fy1qr93rAvVGHerhAnVTKh8EBLWpCOMjszF7227EF7nH1HfQU5+ycjehTtDR4w4ys3YUmYaZ27pC/dGjR7MEkNuyD+KjecmsCaQgVJpW8mHw5twi/JxwFMVHr+DouZuoOiu6haM1N6kbOEIVV13Fr6kn8PYv5az6F/H+Fqrml29PT8Wy2ErUXLotXv7vTk89i1BPRSCPS7z1idPsmB9d0au+X85duvNZwf5zCFuWhUnmeNXaJcCcz/PM5H1IROT6fBw4cw2NLe0DDurvz9FaEUmLJw3olSwj9NY9yo638iXlSFO5VjZZVkeocKmMgSBQ302oSy0ulVCPN8Ivg9WcUJfe4wRKxQrA7lCXQTIkPv60UHd2vSujooyfmgrrpr8e6i1tjxKk/5n52yrwaqQALQb/WZiCuOJq7D15uUdQP3b2KmZsyMaLkbGEdAahlq/CAB8syCfUTxPqru3Um9fuPnoBU1bkYYy8WCQApdfKMbZUfLc8F9n7z3cD9UsI/z0P4wiEIEuhCt0oqG8t9wL1E/TUS1QrEHl5G2ri8UVkYNaWCiSXuIdfmltbZ52ovYGfd5ThjagkjAyT1ixa2/mxUwv5cCrAt8vz1TGHrShgbaEIU5YVYfKyfPzE9K+5/M+fizByeoH6atWf5xRiysSL5gRErs7FwZOX0dzS1gn1b38h1CenIzBcahEySEYmFvQC6nceNv5X2p4viSnHOzOS1YdZAfLy2FzMh1EGPlqQipiCo7hUd3fAAF1Mg/opQl2Gv5QvfelhE+i9h7r0nlrBslWm3n+NiCgg1LUyKx+YBbCcSodhBtQHsfmGungDMmSWDnV6A383qN960JiQVVmDb36lJ0sIjTXH4scVWerT8ubmtl5BfZIb1HMJ9YJuoT6WUA8SqPN6jIkg1H/vJdQJ3fFR2ZjTDdSlMy+J2YeG5+FFWxZmb9lLqLu/KG1sbp116NQVzFiXj1dt8RgVTuAS6n58aARY8xBiS2OtQvpl34Wx4XHqw6VxYazVTJGxRhMx2pzC802HP71zGZYsyCr9mafweu7AlOUp2FN9nteyxQl15alrUA8g1F+kp95TqLe1tX1+6cZ9bEjbj3/PlUExkvgAkrBLIY8hD69OS8evsRWouXJbBpwe4FAv1aBu29OHUK9g+SpVNQED6oPYBjPU624/TEgsPIb/zE1Vzf/GWWJhXp2PExdvyVeafxrqOwvOYN9fBvVSQj1TxexDwwsI9RxCfX9XqDc2zzpEb3rG2ly8ZotVX6xKKGM49z+c5+FPQAeb5avSaIwyUWGxGEuYj5+cRCUS8gn8n3iEhEkYROYJftMOTDCtw0/LdqG86gwaXaAu4ZfRU7TagHjqL07tefjl/NVbn+fuO8OHsJ3/IR9mZaprGGLJV1+Q/sTrWsrre7+xZae+yYAxA+qG9ZsNVqg/evQ48fKNe1iTvBf/nJ5EmMXjtekpWJa4H0llJz/UV+vWnuip5/9VnvoxQr1Y99QL1IdKEwn1Wd6gTk+96sxVzFWtSOJ4HVIJWxmovAjBUwvwyvx8/GtJDj5dmonPfrPjv79m4fOfc/HjkkJ697vVoNE/7yzHzM3F+Gl5Dr78JR0/Lk1F1Jo0bEwrwelL19DS0dEJ9e8J9TFhaQg2Faj/eTEqE/N3dg/1tkePvnjY1MoHxEXM2FiM15h/gtXQi6xN2FgjYS3h/VkpWJu6X/U+2dHx2IC6AfXBa25QN9uZwYogfTM/M6jrL0qtf/GL0pa29kT5GjRyTS4mWuMw0pSIfy/MRFrFGZy8UNdzqJ/7a6HuPaYuUC8k1OWDqCyCXZqRZmLm1r1ILnOHent7+6yL1+9ibcpe5oFkevWp3LeMoFOI1xaUYnZcNZL3X0bhsasoPnYFJdWcHr2G/Sdv4dKNetUVsHS7e/1OAw7X3EBZ1WUcOHUVNZdv4sbdB6hvdGmnfpBQ/yVT9fMeokN9IqE+b6fvMUrrG1u+rOO+8/efg3Ta9XJUMvNpBvzp5UtcOoj59dVpGZi1sRD7TlzGg8bWHfqmA8oMqBvWb+aEerLKbMMJGukA6tlBPQfjI1Ng3VBCqP91g2Q0t7Ql7j9+CVOWZxKU8Qg1JSmoZ1TW4MzlW08PdQLxSVAP6yuoR2bT+96N2AJ3qEfnHVk4ZWUOwRlHcKZBuuAdF5mOmdv2dIG62OnLt2YlFB/HJwszeB3EU89DIB9O7/5cjC35Z3Ds4l2fTRp7ahrUz+H7n+0YOzlV1R6kBczEqXafUL9f3/jV2St3sDP3KH5czmscIU0X0xDAB5WfKUfF5CdE5cK8ugRF3Pedu40DEuhiBtQN6zfrb6jLy7RxAwTqMmDxd79lYIxFPl5Jwb8XEOoVvYN6tUv4JaifoT4uMguzNpcR6h4fHxUcWhi20s5z2skHTRL/Ix3j6M1O377H68dH567emZVWfhJf/pqJ0RaBurShz8Vbc/KwKu0oPfIHePz4f10+PnK11tZ2M6+HhD589qdeRvD+SE99fJh46vmqrfoEL1BvaW//uoE1gOqaq1gZX46P56VgnCVBwSrIksVjY+3DlI4XIzMQvqoUeftrpWvk7frmA9IMqBvWbzZYoU5QJu4+Wqu+fBxpkSp9Kj5amIXMyrO9hPoVTF+fRS8ypmdQr+pbT302PfX4Lp66QD0Do8w7EWxN4X/YMZrwtG2pRHRR14+P7tU3zzpw8oqKi78i8WpTJgKkN0c+NKxr6QUfviDhFZ9Qv/uw0XLh2k0cPcX1bt5Dm4/+1HcfOoefFmdiQli68tQD6KlPmJqJuYR6mQvUj5+78nXx/lOYvyEL703bhbHSFp3XK8CaTe88U3U09nJkEqyr81F4sBY37jds0zcdsGZA3bB+s8EM9dIj5/HZLxkIUS080gn1bGTu6TnUOzo6tp69fBNLoovx+vSEXnrqGYS69ND4DGLqOYcWTvndjlGmGB4LAULPO8iahc9/L0HC7rOouXoP8sFR3e0HuPewCS1tHbOPn7s+Mza/Gh+ztjLSbEcgvWiJx78yLR1TN5Yg98A5XL1dj4aWtp/1v5E+Y6y37jdid3Utfo8rxvTVaYjLO4Rrtx5KJ2Fdut7dfei8gvr4KXr4RWLq07K6QD0l/9DXy3YU4J2IbZjAcxhpSSesJM7PbSx2eujJMK/MRcH+Gty4Wz/ggS5mQN2wfrPBDPUSQv0TQj2IXnogz/1f9NR7E1MXq712e8uuvCP4cJ7ErgmfJ0H9SC0mE+BjCKpAgbrj4yMF9XM9gDr/x1KgfXwUkY1ZmyWm7h5+SSg6tjBidQHXTeI9zYafqRD+3GbCtFx8ujgXMzcVYnl0ITYnlWLvUa3r3cbm1pmHTl9D1PoSTIjI5PWQ7gWk/XcWXoxKxZe/5WBx7F5EF5xAUulpJJWcRmzhKSxNPIBvlucQ/vGYYNmFzxZlYEP6IVSdvQEZcOPx4/+pF6X3HjT8tKfqIkxLczBhSopqOx9sziPUdU+9ygn1mKz9X/+8tRBvRcZhtCkZ/qw5jOC1CojIx6SZOZBBy/P5kKm7Xb9V32TAW/9A3fj4yDCaE+oCgG6g/qe6CRionnotPv0lU4OxyY5/LciBvRfhF7Ebt+u3ZOw+gS9+TqdnnEwY2gnCTHywMN8r1MsE6oTgGAvhbM2jsumpJxPq2YT62W6hHqagngIZCCKInvTEiAzM2VKKeA+oE5ALf4/fj3dmZGC0WQBdBH9zCc8xnx5yiuoO4eXJ6/D1nO1IKTiI8/pwdsdrb8wQYH+1tIgPmmx6xXJ80ke8nf+XhlAe82ibvIOQQZ7TMI7TUE4DpfZgy0So/GZOwPsz47EyoQI1l29JLUBBvaGp5afj5+rw89Yywlq+3uX14gPjJekmQGLqLlDfbt//9YLNRXjdRqiHy4Ah/N+oLLy9IA+zdu7H7uPXcLu+eYu++nNhfQd1R9lkWXLrJkCgrncTYDK6CRjU5oD6uzMTmdnSMUxBXQOxdA3qz8yn9dLITKZnNMlwT4Q6f5eMp60rUJftSun9aR16RfzFHXoJ1MuO1uLzxVn0bDLgH27HP+dkY0fecVQcu9xjqNc3NG/Zf+wCZq7JwRuR8RhrScYoawreX5CFbfmefb9I+KUW4St4DVQcX4a+S8V4Wyy+W56B7AM1qK3zDnXpRvYn1aFXPEaHpVIpeMWWiPlbipHo0aHX9dsNC0sOX8C0dfl4LTKBD5sM1cdMEB/MQZZ8BeJxpp34dH4M4vMPdg5n197+aIY0TYwrPIGveF2kc69QPgSCeJzS+dYIevvDzMX0/OUBUYJAGbCDHn2Qqp1k8n+SMJH7/WpRAmJyD+CqxNc7NKhz3z/dedCI7MpTMPNcXzbvxNjwWLwxNQmLdpQT6s526tvte7+evykfb9q2Y2LYFrxs3YZvl2ZgS04Vqs7fwt3nDOhiblDn/fCzSDcBFSwTAnZCnbB2LT/eypgjTcCu9dJYzGkxl0uVIzbEIk4Ta1d0Lt6baXToNWhNg3qVBnV6Xgrq0iOjDFSsoC69NWpyZqonyx3qu1Xbd8mIMuamjFH6V0NdWr9UVF3A10ukD25CKzwLEyMzMHdbhRoCrSdflIo9fvx4y937DcgjrCJXZuH1qGh6sDvo9SfRU68i1F36U29sXltedR7mP+yYZJEBqhMItl140bQJPy1NRN7+U4T6na5Qb2lbWnnsIqb8nkHIbcOEKdF4kXrTvB0LNuYiseCAG9R5TAvv1Teh6OAZzNqQgw9mJWOilZ42ayOB4en05BIxJnwrPp63HXEF+zqhLtba3j5DBtlOLT2O8GV2esuxPEZ6y6r7gFw1uIM/YR5kEnjkcV8yMEaaegB8ODuR/5cLe9kxAv2+AN0trt7S3v7TbV6r7MoTiFqVgQ+nRePDqdH4bXsx9lQ5e2mMztr79S9bc/DxjE34bhF/35mHwgOn1cAhHY8fb9ZXe67MK9QtTqh7lp/u5N5Lo1bGNKizVi3fSfDhakB9EJsD6u8R6tJL43Brke6pS9yunJlEwE4pKLt7Da5ehDd5C78EWgXqqYjc8NcOkiFQ33PsEn5Yno/RtkzCKgcj6cGGrSzgcd3sMdQddv1u/eaigzVYuD0fPxDQ4SuTkVByFAfPOKHe2Ny6VlrLrEoohnVlpvLYw+i1Wn5Pxoq4Qhw4dRHX7jzoAvWWto6lJy/UYXViGay/p8K8NB3mZRmIWpGG7ekVKDlwwg3qDrt5t2F+dc017Mw+jJkbi/Djshx8vywbP/5u5/8mYeGWDJQcPIFrN+92Qt1hZy/dmlZ04Cx+i+Z//pGLL3+2461pKZhoka5uEyiJocfh9WkJ+OzndEStz8fW7IM4eeEG6lmz0Hfj1S7W3f7h8OkriM46gN93FiE5/zBOn6/rhHrR/uNfJ/Fhsz6xEIX7juPGnQdo73i8Sf/5ubS+Cb+wLMmU0sIvjvK1m2W2XPPUZeBpM6E+Kw5VRvhlcJrTU09weuo6iDVPXVPvBsmg+Ltn+MXVU4/8qz31tvbEg6euwrRa2ntnqrCQDPAsfXEXHL6Iy7ce9Arqjx//b7N8WSnD4u05XovsvcdwpOYSLt642wl1eplrHzQ04dwV6cL2GuSLVoHb0TOXUXP5Bu49bERTS0sXqNPzXkovH9LSRtY9cuoKjpy+jOqaK7h47TZu3r3vFepibR2P59+r57ZX7uDo2TocPqP975Ezl3Cq9iqv/0O0tLV1gXp7e/s0+VpUhqSr4oOhYF8NtmQcxNLo3fiFnvXP24vwW2wZNmYeQDZ/qz5fh7q79WhsavPaTt3TGppafrj7oJHHfxd1tx6gobG1E+o37j74+vqte/ICFw1NrRv05Ofa+jT8IsssS5rT5Omp53H/iXTSjOHsBq0pqBd6QH0QhF+k75fzV+/ht7h96jNz6XNcBk9+bYYdK9OOwr73XK+g7mrtHR0bm1rbBJZoa2vrhPrzaqy1RLW1d+BBQzMkfHLrXj0fJA9xi/P3+cBoaW0HHzxL9NUN82LPLPwiHj+XDagb1mkC9QQXqA+W8IvYtdsPE2ILjuGDuRkqrh5iycL4SDusG8px+OxN3G1o7nbkI8MM66kZ4RfD+s0cUH9nRrxq2tc/4ZeBAfW6uw0JKSUn8NnCDIw1pxLsmRhly8J/fi1E4u6z0kGVAXXD+sT6LfyioE5PfZbhqQ9ac4d6Wj+FXwYG1Bub2xIOnLiM6WsL8EZkCsbQgxJvfcK0bEzbWol9p67h2u0HBtj7wZpaWr5tbW+XFjNr9aS/lfVL+IXLAQbUDesMv8xIYGYYXOEXsbOXbsWvS9yDD6cmYrxJuh+WDqMy8dqMdCxL2IvEkuMG1J+htbe3fycvj0+cvYxDJ87i4rWbf3+oP6vwC/cZEFFAxyQJ7882wi+D1v6a8Mtf3/rFYbcfNMZnlZ3At/OSMCk8XvV7EmzLxUhLGj7/NQvZ+86qPsMfPXr0H30Tw/rAWlraf3jQ0EJv8jricvZj/tpkrI7JQcXR04PHU+/r8IvhqRsm9peEX2x/fesXhz16/Dj+7OVb+GVzMf5pk49ypMOsXB5nJiZNS4d1bREKDp3HfQLIAPuft4amlh/5IMXhmqvYkXMIkauz8dGMHXjHuhZz1qeh+OBJI/zyBHXX+kWDuvai1ID6IDWBelxhNd6eLuGXNNVx0jCVUcR7oHQv3dVTd3gNrl6EN7mGX4ZH8CHB5aABBnWxG3cb4tNLTuCrBWkYF56AwPAM1cVrsDUNk6Ym81iLUHzkogxobED9KU2+JpX28vtPXcXW7COwrCnAm9OTeL1jMTEsGq9bt2PWxhwUHqwxwi+Ut/KloC5TfV7rukPmWROmEzacjlcAy2+wKQXvzU5G9fkbhPpjA+q9scam5taGpmYZsktXy/OlphYQaNiWdxxvzkpXX5QG2AqYOaQ/CS2zDCfUFcxdgO7IYK7L3uQGdcoV6rYBBPW29kfxpy/ewpLoMrzDh9sYSzICrVLwMlR/5C9PS0LkhiKUVl2CjJVJj/0TfVPDurHW1vaw+sZWnL1yF8WHLmKT/SjC/yDMZ6RjNPNasCkbIZT0ZfOSJRYzN0r/6GcNqFO+oa6DXS+fI2wVdLy4HzPLl5lQl07bLHa8OTsLqXsv4fZDcol51mv5H+BirU4GLUdrW3ujfhmfrbFgtybn7MHauEKsiivByvhSajf+iK/ACup3XTK/Ik6T/OZLsp5j6innOuVd1vdMd5cjvVxfR5PMi5bzeJfEVeKHlYWYODUD0le1QH2EjVVDB9QV0CWDOeQ703lKIC7ehCvUgx1Q3zBwoC52v74pTvpXmbo2F69GxmMkvXR/axb8eU2Czcl4OSoRtnWFyNpTg8s3H+DOw2YD7F6M5cLU1Nqu+ms/WnMNEtqbu6kIny+w442oFNV0VLoDDrAWKbAFmosRGm7Hi+Y4TF9vQN2h7qA+TJcG9UpCfQ+BXsHaZRkCFdRzMCbCji+Wl2FJ/H78kVipes1cSRZoKteWHdK5IOryW4JjWf9NV+e6PZDruq786WQS9/8H9++aLlodX4btabtx/OwVOlKPnz3Y29s7Wn+ctRmTflyLcT9uxtiftmLM5J0YNSUGoVNiNU2Ow0hqlOinGE4p/u6mybswktORk2MpmXaVbKfN73KZ90hX+5NpND2faIwSTeHxcDqSU5EsO+ZHTtmB4Cnb6ClFMxMkEuhp8DNlYbj0xEf4SrhkeITE/CTjSAaj191LqMvbeX9Z7zmAuti1m/djBUKfzk3CGOnEivAJMufymLMQShi9GJGIr3/LxNqMgzz2m7h5r/FTfdNBb83NrWYZMOMYq/zZe2uwMnkvbGvy8OFs6bkxDmOmJGFkeDqvJYFuK2R+KMEwi/TaWYSRpgxMsuwi1HOQv98Iv4h8Q70UwyKlq11urxyuCu6rEn6WCvgrT72QD8ocXmcZIUo6cYsnA3ZhDDkwhmwQjWb5V8sOcVnSRk/e0fnbWF3ym2MdV40m6zzTfEn265wnhyaTSZRMFbPChF1amibyidNxZOr71nWwlx6VVjz9A/XvZu3AhHBeNHM6L2AmQqyEgDWfVfcCQlJUCBmlJkQpX/0mgyh4KtDGbeghy2C/SmrZi3z9ZpV9yGDBOVQm5zNZcCg1n4XACG+y8zdmMCrAmoERBJefxNPNRRgqGU5B3empO0IprhnMNcN50/MG9db2jthzV25jTeIe/HtWOsabMgkiQt2cp8JGMpCGdKv7ztw0zNpagow9p1VfL00tqjuA/+q7GRTW2t5uk+4BBOTV524gs+I0ViXuRcSaAnz6sx2vTEvGKIv00Z+KIDoLMpi1vzmfICuk01CMoVIbtJawTBRgNNd52bIdM9fbUbh/ELwo/VNQ53WLLCLUtS53JSzqZyXYCXU/82566yXwN+Uh2Mp8Sx4J3MUpCWat0yEZ51VGwgq28XeRcEvSuK5I1g/h7yK1rSzzYewqb2m+5LlusDhKVIhFlMf/ka6bc+lA5ShJTU6mo8xpeDtiMzJ2V/cX1B+1fjuHTxhTOuGdz6p6kfYm2iqd1VdQlUpy49RF5xNVPN8hBKWbeEOHRnJ9aghv0AuUpA/V1WV9r5JtRKVUsbsiWYD4ZB/iIlkexowxPDIPfhHZGMaHwQssdJJJpJXKMIEw9+sKdUebWNcM5prhvOl5g7pYS2tHTM2lO1iXfBgfz83B+PA0epLysC7kfaTkIcyMPzYiGf9ekIZFO8qQWXlGdZglcH/06NHn+q7+dlbf2Bp5hxCXTr4On7mO9PIaVu33w7KSHvmsZLxs095HSCsqP3OW9tKdAJf209KiSlptiIc5lPlyWEQR80aB+op3XHgM3orYgoVbs1B21PDURb6hTphHsqYjktHImCat1Pws3Ac9dX8Ll8Vbp1PpzzIdYGM558NTGj84NFRfVvuTe8JyKWlDLVJ7koetHJsmz+VOsZblNd2bXNeVeWqEiMuqZZ2cK6eS5vhdFEjQvxG1E2kVJ6QVT/9A/RtCfSSh7scLOEJeLqpYF+Fqq6T2KA2jtGZLlQRpJV6g/uGmCvwjilNRZLmuCrwQRclvvdAL3Fa20STzTjn3remFKD58ongjIwpVIRsi1WECXD460qSB+Jl46hEDF+piTQT72ct3sTb5AD6YmYQxJnqc9DBGsIAMVQWgmIUnX7Vpf4k1nc8WZOLn7eVI330KR+m13rrfhPrGti/13T3XdudB81R5hyBD3eXtPYPNafuxcEsJQV6Aj+dl4mVrMsaEJ7JGk6p9uMXrMpw10yG8Ti/Qifm/EXvwf+nUvGAVJ4UQoZMxIiKfhZmeIeE/zpLAh2cyFmzNh72iGjWXjY+PRE+GujaMnQqLShm18HeTjFSmfTAYyHX9CWR/OmbDyJ6hSnuUhvB/hVFDeW+GRux1pilp6wi3RMo5FXYx3VVDLZrT6pnuTc51Kyg6jUpkJeV4sGiSc3T+Jp2TvTYtFikVp/oJ6h2PWr+bu0sNYebP6sUIHsBwAnKYGlqKTzjeBJH2oYCAjTdRPOlIT4n37DqvLQ/tTHOV67pd04fyv9w9fG25q2cvEs++jMCX/9LWUx66mxwZScTM0ycx9VxMjEwd0FAXo8e+68ylm1iZWI5/zxUPNJEFJZvnwQcgvaFhplIEmOQlXz7GmrLwWmQ6Pl6YCfPqQvyRchCFhy/g0o37kGZ8jS2t9OLbv9F3PeCs/dGjWa3tHXjY1KIGor5CiO8/eYWe+ClszTyMBdtKMXl5Nh9eaXhnWhIm8VqMM6VitCmDDzapWrPqTJhLfFy8LxlWbQgdgxci6KhwOkS8MHkQqsGj7QiyJWPcVNZ0fs7C/B0VENiduXQLdx82orm1zYA65a18aWWRnjNrOZo0qKt1ec0F7H7yfQn3p74AZz6VfQvUHZB2gNp12ZHmCnM5LtEwfV3Hsls6ge2Z7k3OdcVZlGMqhh+PX5wkkcxrYh7hQ1+mkh7AB//LU2OQXHGmv6De0fr93J3M2PH0TtJU/NrPlsOLTK9dDQgrF5wHyBOQsQT9bay6q/EE3TWM63um+ZKvdZ3pvOFy43VJddd12VWqRkGJFy+Ql8+MBbwqgykxU7hBXeSewVwznDd5hbqVUI8i1DcObKiLtbS2R5+7egub7Pvw319SMM4mL5Tt9CB4L808t3CeD72jUFMJQkx5qqfHUZZUPrSS8fEvmZi1rQwrUvYirvgo9p64iFMXb+LijXu419CM+pb27/S/6Xd7/BizG5vbCO/7OMNjqqq5pgZy3pp9FL8n7MG8bSX4fmkW/jmDALfGY5w5QQ0ALYOIyBB8qikiq/bB+nsj1ZLFwvzOKryK8xJYal6lyzrZvDZpvDbxmDQtDp8tScOs7WWIKz2Fs1fvgQ9QPH78v87+1P+O1pcvSkdI2KVTWnnWyqtr+aUE9LoU7HWN0OU1rcs+PJaflO5N+rra9y6EtY0OACUPece8KJAcE8kA4/JboCUDL9NTT64421/hlw566jtZNY9j5pZBhKU5YDarO/m80AJ1GRSWmVoHusQPRX4eGsGT8UzzJV/rOtPlIaJ9PixSMSuXZVdJ7UE8+06gqxuvybVbAMkwbrUOXYMB6mIETvSFurtILDkG6xqpDiYS4tJHjLQwKGQBlbE6S5SXqmBPr1VGv5fQwkhrEsZHxOHduYn4YUUWojbmY0F0KTbY9yOt7Djy9p1ByeFaHDh1HRduPMTNe01dBsj4M3b3Ycv889fuYf+JKyg9dF4NdJG3twY5e84gPr8ay3aVY8baPFj+yMGXi7Px5oxUjCN4R8vLf1OSArGMTypQlhf68iJ9BM9xBM/bn+cbIN435UeNEC+dAPdTDQLkBVgmrxOvQTi9+vAYvDcjHrY1OVidthe5B2pw6vJtaRaK1raO1frh/q2tr6Cu1fpdpaU7QhdOaWVagC7jDAdQgUrMq53LzLt6eoCeLmVWogrPQn426UWS0NYhHmAVqDvBHkR2BgnY9d+CFNTj+hfq386JpgeTxIyfyYyfwwMm0Alx8Va0C61deIGZGpVfLwSukgLhLd2b/Oj5dJ8u/yOSeBQvosu8a7r6jcelvRTljafkhUUAq2uBIrWeli7noIV1NLC7ZTCXZW/6O0BdrLWjY+ddAmgf4fhbXCU+WZiGCdYEQiuZYM/gdcvm9cvnOcq9J/SYcZWnwYe8POwF8CHmZIy2ptCLT8Fr01Px7uxU/GteGj5ZlIFvl+Zi+uYyFbbZlHUEW+gxb8+pQnTeMcQUHFcDQceLiryI6XFcJyb/GHblVmFnzhFsyzqMLfYjWJV0ADM20uv+LRv/5f98PD8DH82z838z8c4sO16JTMN4cwrzcIoCcIhJPgjKVJ64tFaRrxP9VVVZ88DlhecLzB9DKXnpJd74CNVAgLAn9P3NWdyWHjlBPskSR5An4dvFGZi3uRAyutbx83VqnNFmbVCNlfrlHRTWd1DnvKzvok6Qyzq6lCMm5ZrbCLCDyAeHAlmrcl12pAVyKo6hvNyW1jV9LQkXaU6u8EpzgrSpJnmp65D8FmiR8EsioX6OUH/cXy9KJaaexkJN74zei2r9wos4zFZBOWNR2ldfLj0euszLW2tv6V3nCUWLc957Oqf8f4mnOfpsUfMqreu8lkFkXgN9oEVi3vLVpzy55WGkZZChEqKhBivUHdbY1L6j9vo92CtPY+aWInywIAljI2NYGOJ5buk851z4RUotrZDnq3m0fvRg/cyUiQ9dMwuOSEIW0kSS3qxUMQPFI+YDIoQwlHbFo80JGG9NxIu2JLwcmYxXo5LwWqQoUZ+6z78akahanrxEkL5ojsV4aRduSlDe9sjwZO5TXmJKG3FpspaDALPkVwLbxdtW8yzY/pQfj3GEhcCWVgiSR1ibUy23eA9fYB6Tl8XybkFg7sf76SeePEE1kg+I1/nA+vrXTMzZVIQd2Yex++gF1F67KyMkrdAv46C0voE6p0rkSad0qMvvuhw1a/lASSvf0ieMi3i/lWfuJU0+PBzKh7i0kFMiiN2Wn5TuTfq60r5eC8/xuLxIHkAixSYuB5jzCfVkQv18/0H9K9WkMU1rgyvVTx6IwMvxltnx4kG9ICB0BeyqeaOSzLvKNd3bvLdlz3QtbNJTaU9+XkRmMJGAXLx0mcpDQX5TUNfVXYzeU46HhWquJP8lx8b/eF5elHZn9+tbtp24eBOJu49j9o4CvDsvGqOsOwjMBF475gdbFgtKHmFHuJuZkfnQHSYtAMx78IK5EkMs8tDnNYlkBmdGV+9fBJCErR+9ZPF4A8XrpacSaqUI4xCCQMDsqlABqcWuFErJOgIMR80xkN5zgORNFo4R5gIeBz0mgnooj2cI9QIdCoekhYL6MlHPr9KXyDB65LK+eOXDuO1QszguEvPMpXeXjgDpJycsFuP4UPl4cQ5mbavA5uwqFB++gDOXbquXrm0dHcv1yzaozQ3qnR16aVBXoRKXstO9pCwJTzSmKOll2VVa81Ft3gFLR8d8qlzynjqWlfQ0KbfSSkkk2w+NkAYY0vCjp+ne5p3rqgeT4pUX8Tr465KwUQDz7CtR4qn3V/ilo6P1y/niqSeyMLMQqqqqvBySt80sFBEEOr0b6UdcvWSUJxQvmPakfYYifJXUMv/PsexL+nrajXcCX9JdX5A6JNs4Mk6XfbmKvzuhrmW8vwvUxTo6Hm+rb25FzdVbSC47ijnb8vD5khS8NSse422xGCnNIE12BVWJN0sTrSHMG9IaRJr6DYtkoVQtjgT4Ak4pXMwjykOmt8xtxINWHpReHfWTl+0ylQeAY16mSpLmTNdi3A6PWwAiYOb/qNCJ/C9BzqkmaXImrRT2UhWEN9c1cXsWKvHqpTmn9AsULC1ebCl4bWYKPlqUAtPqLPyRvAfxxSdQWn0ZtXV6a5/mtqX6ZTJMNyfUU1grY62OtSFXqLuVXcpbGdPSOO8hr+s61mf5VWlu20iZFHlPcy3v3hjQfbo3OdeV/QtfxBvvfIenLwvMA1gmHL/Je5xXo+KQUlHTf1D/fIHE1OOZ6e0IVkF/8bjEo5VQhQPqclIsTOKNsQrieuHVxZcL6ZHmS77W7W26Nz2LfXsNv/xNoO5q9U3NW2qv30FZ1XlszzmI2Zvz8fXiDLw5NQljwxMREpaiBrWWL36VB2+Vdtri9TI/UNKFqlyrAF4r7Zo53r9I1ViWxSFgHuLvIvlYREk8aK7jkPYuR9bV96lL5qV1ikiWA5kfAyj1P8yzKp7JWoV8sBJkohceZkfQlFSETuHxmxJU+Oc/CzMQtqoAs7fvxjr7IeTsP4MTF+pQd6/+V/0yGNaNuXvq8m0Lof40MXWPtL5K76t9e5Prug6ga+CW/O5cFqA7oS7v93Lx2lRpp96PTRo/n89qN6EeRKgHEepSEAXq0ppEa+wvHpE8oVjgCHXp70JOcDDI3VPnjVVPZb2XxghCfQD10thX1t7+eNPdh02qzXXp4fPYkXUEC7eW4fOF6XjVugsTTdEYb47BWHMCRlmkawl6wNZchBL0nZ9Kqy9WJWySCz9zjhaSkVYlzFt+9HYU3AlmT6lmhOp6C6jFs89X73pEUjgC+T8qJGPWPxOXqVn6B8nEaB7L2PAEjJsSjQmTd+BVczQ+m5+K2ZuK8UfCHmwmxDMqTuPQmes4d+2e+riqqaXjF/20DeuBdYmpq9qTtNsWsIvT470c/d0kXHAL+7jIFfCyLHn3tagYQv10/0NdPHUFdTdPvVKFXlQcSYe6p6feeaIuab7ka93epntTb/fhK91N/N0JdWf4RYN6yt8S6q7W3Nq+4WFDCy7V3UdF1UWklR7Hlox9mLMxFz8uScXni9Lwwex0ZtpUTLImY4JFvOJE1ZpKPmgLDU9GiGo6maqFPqQfD+YxNYAHYR8gPR1yKvNKKoaew9+l3wxpS87tpFmivCw1J2G0ORFj+DAZa45XLXden5aCD+dl4LOfs/Ddb1mYtiYPf8SWITrrAFKKq1F2pBa1V+/i9v1GeckpH0+ho+PxIv30DOuluUJd3n1I7Uni4hLuUk0PWT5cy4+3Muar3PVFem/W7S7dm9zWFQ64gNsT5q6eugZ18dT7Eer/nbfDCL90Iy2UwPUU1B3hl4Hd98uztHsPG9fKKEv7jtWi5OBZJBWfoCe8Dwu2lGL2xiLMWF+AaesKYVmVjy9/seO9mSl4Y2oiXo1MwCRbAsGfQE8/HuNMcXwAaBonkGa6tJR5KTIFr0xNw2vTU/DO7BR8+asdltX5mLqhENOoGfyPOVuK8Ut0OTbZD6tuhKV1yt7jl3Cy9gYB3oCWto65+uEa1ofmgPoHhLq81JayIeEXeUGtYuoeZcdb+eqrMvos9+1Nrus+XfilX6G+Uwu/0DOSarPv8Aurxkb4hTdq8HjqT7LHjx+vlq86r91+iPNX76Dm0i3IQB2iqrN1KDp4HglFx7E9+4gKf2xIP4B1qfuxNnUf1qQ4Jcvr0vZjY8YhbMk6im051diZdwyJJSdRdLgWVeeu4zT3LSGhmsu3ce7KHVxk7eHWgybpFmC2fjiGPWPrAvVOT51QtxrhF5Er4GX5L4G6r/CLG9Ql/NLZdE3g7voU00/ULc27Oi/Kn0z3pt7uw1e6m/i77/DL3zOm3ldG4P/e1t4hrUjUoNcPGppVCERTk4ea1e8yiLOsKyMzyUg3jdIdcMcjtD96NE3frWF/oSmoVxDqc9NUOE1i6tLMtfetX/58OfWW3pt1u0v3Jrd1hQMu4HZ8M+MJdZF0Kf76VGn90p9Q99H6xR3qPKlInpBXqGsn7JnmS77W7W26Nz2LffsKv/zdWr8YZtiTrDuoG61fvENdHOXXp/Uz1L8woN6tDKgbZphmBtS1+YEP9YW7MNpsQN2XDKgbZphmBtS1+ecC6qMI9c526m5Qr+h/qPNCuEqle6R1kWyv78PxxZdIi4WL5Ji7/m9PjlsgLvsRoBtQN2wwW19B3fmVJtM6y7GUU9dl13QfZddjXW9pT5PuTZ7rCtiVCHLHvNb3izavIE9pUO/XQTI6Wj+dtwMhhLq/1c6DyIV09C4nMJQHpJo1qqnW94EMnqE1beRJuoq/y0tE73L/Tet7hfPe9qGmIg2gap4PGOeyq7SL689t5KbLcWoPIfl0vUJdUK0rziJe4CJmBOlhzf2BpG6Uy7I3CcRl/47/lWV5UWpA3bDBZg6of0ioy8dH0oWDQF0Gj+gt1KWptJQnVYbFw7XSeVK/s5xJFxAWll/O+5u1L4ldv0bWOCLr6utLmRdJe3mbPGRk3sEJ2Z+2rmPEIgdTnCMYue7LKdff1VCGrutyWUm6rOCy6jBOfqM06GvL8hHeG9N2IbXyZP9B/ZP52xBojeVFTqc3nsULLt2v8mapiygnwINWIHd0PemlSSNviOowyZtkP+rjJW1dbb/aNp2fiosIYG0qv2kX50mSLxClEzL5RFz2N0SaV0Xs5X/JmKplfEoW0auWQa0L1MNKeyg5M5och2uG8yZXqMuHWJK55FP5CYR6hAF1wwaRdUJ9ngZ16QlT2qlLk8aeQ51gVN++aC1mBOaq21yWf3HE1IdM9PyHmenlEuxBYQUINEu/QHpzar0MK0dT8UkArMNcRiZSkmaWTiBrQ8s5p3KsfvpDxX09dynOOP6jc17SZT/SqRx5JeK8Yhvnh+rzapnz0qX1G1O39+MYpYT65wu28aLu4gVP4Ylm0PPN5gWUASsKOV9MlehTWS7QpvIJt4u0Dpp8SPYTyfVEBKu2H8fUKenISZtymTdQ68+jmPuQ/9CXPSR9ZauOmmS0JsJ7iFQHZcxC3mTpjySQ/6+9J8jHiMhCBXVpnunMYE8BdT7gDKgbNhit76AuZUm20WrT4nxJP+jipEnPmiNYhqUzrBCW51HmPIxi+Q2UkYSUXBkkHJA+gCSWrcWzAyitGbKTE1r/545lrd+gICpA2Ka6pJB1XNfXpvJ+UeuQjutw2ilhnuqAzsk413mNb9o6wVY73p66FfbKfht4uqP1v7PXIzR8M5+GuxCkXpgmIciUqnphC7HYXSRdokp/1pR8wt2pDK7bjaSLVW7jULAMtsCpDLrgqkD5TzUv62jdr0r3nnIcncseks/PpYfJ0WYZVJmZzJqvoC3VO2lPHsCLKiOQyENqGKEu/SIbUDfMsKezvoO6Bnap9Qo4g6ScCtS5rMKoBLqAOdRSgNEmO8s3mWFOIRscjKB0LqjRqSwyxixlli6eZZjCTP6mdePs6MrZMdW20Zimlh1TSdflmJdpkGPK/5N5jU8axzQWOlgmxyZ94mh8U79To0xxeDdiHbIrqvsH6h0dj1rnrk/E29O34vUZu/DGzHi8OTMJb8xIplLx1sx0N8lQYW8pcblTaXhzujelqvXfnJHCbWVfohR9mVN93qE3pidr8+o3bifSt+9c9tBbPM73Zibg81/seG0mb4Qtk5ksn1CXDMInqnj+fLIPp4ZEFamBrSVDOTOYAXXDDOup9Q3UNadLhUGVN1xIqBfQG5ZaeZkO9WI6Y4UYSWC/MSMLHy/Kxj9npyluOFiiWMTp27PSqHQqg8uOqazrYI6sm4J/cr1Pf8nC98vz8MPv+fieUtMV+fj3AnrTs5zri2T9L5Zkd67n0Pe/5+G9ObJOCveXiR+5veijBfK/ZBjVyTfq3ZlxmLkqGXuqzuJRf0Bd7NDJ2tad+YexPf8oduRXY2fBMU6PK+3MP+mhE120Q5TnS479UAX61DGvK9pHuqjzODzSldRvxxBTeAzZ+85hxtY9mDg1nU/4bAVxGZZNG2O1kF46gR5VQjHTeGQw1wznTQbUDTNMs76Dukha0klYRMbzlHEcpIGGvH+TeLYMBJ6Nl6bbsTTpCOx7axFTdIqsOOFDJ5V2uol8cmFFTOEJ5B+sxcHT13C45nqnDp65jow9NdjF3135ElN0AqVHL+Ewfz9SU6dLWz+xhMfCfcr+JO0wf8vae5bHcIzbihz7kaEcq1F95gru3KvvH6CLtbV3tMrI8PcaWlzU2ofqfn/3XeTt9+7VggeNrZCxN+Xh8iaf0MG2LOWdD5NMol7sFmFoZDFeiCol1LWqn2sGc81w3mRA3TDDNFNQLyfU9dYvDqj3vkmjvOwsYjklvBXUJRatNc4YJk2nuSxDC749NwMVx6+ivqmN5bzNjRW9lXCiua2jVj+VTmtubv7/NLa0e12fbKzTV+u0+vr6/7ccz32yp7mt/Y6kPXjwv/9XU2uHShMmOfcjfGoRD71BbWxYz+1hU8vJ+KJjeIfVnRDVNLOQGUQyjjz5JY5OL53zQ5ip+gzqqkOvEhyvvWVA3bBBYQ6oS4deAnUZjUq89KeHuozKLxKo6146vXhpqRZgScU7c5JRda5OYtHV+iEYNlhMoJ5QVI13ZyZCfRShoK41LVLtWxXYtXi6ZBzXDOaa4bzJN9STYV1fTKjfJNTrDagb9rc3V6jLi0T18ZG0UY/Y22uoS+hF89S11m6qjKmmjtLcsEi9dHx3TqLqodOA+iA0gXpiYRXeI9RDCfURtqLOj6ckswjYBc7qC1OPDOa67E3dQn2dAXXDBo/1FdS1MRmkyR89cmnQYGWatC2X9um2CkK9mPtPwfuzE1B97poB9cFoAvUkQv39GQJ1u2qjrr4slQwi7VaZabSvS93B/qehrjx1I/xi2OCwPoO6KlPS3lvagJeyfHJb7meYbb8Cu7QdF6h/MDvegPpgta5Qly+75FNh+bK0nBlHOqvXPiKQZlOSsXoigbmK9all8fyZMblsxNQNG4zWNaaudRPgiKl7lp/uJOPQagOLy1fhAvW9fEAQ6pzK4BshpmRCPc6A+mC1h42EekEVPpiZhJEK6sXqAwb1dZqegeTpL1MVjtE9BpGnJ+Emta0D6uKpS5pAPddo/WLYoDMFdWnSOFegno4R5iJVxiRkIk6PfCHqWn68lTEtjfOUlC3tC04pl7KfPSy3lcr5CjWlGp76YLaHjc0nE/Or8OHMZPXBgsTqpG8IiatL21cVw5MeJlUvk85M9kSoU97CL0GEunToZUDdsMFkRwl1u2qnTqhbCHVLoQK0FursWna8lS9ZT8qSSEKh6nN69YGg9C0lHx5VIIBlLpQPjQ+MmPrgNVeoh5rFUy9k5pAQjMBYQF6M4ZGiEpXReirf4RfDUzds8Jkb1M1pGG4upKcuUBdIaxDvmfRaNMuntFQbYZOvwKXDPTpiEi5lmQ3l/jWoG61fBqUJ1BMI9Q9mJDmhzswj0qDe1VN3ZDBPT8JN/N0IvxhmmGbePHX1Wb8O9Z6FXxxyhEYJdeWpu0Ld1VM3oD4oTUE976iCusTUfYZfopxQd2Q61wznTUb4xTDDNPMdftGh7lF2vJUvB9C1lmkSfnFAvRjDIrVQTgDLWCj3b0B9EJsD6u/rnrp01+sKdfUFmx5+6Quod3rq6wn1WgPqhg0Oc4d6WldP3aPsPDXUDU/dMEf4xR3qWgxcQd0mnyXrMfU+gbpnk0bj4yPD/v7maNL44dwUHeqOctZ3UJeWNIEscyEG1Ae3SZPGxIJqQl17UdoJdYGwAvKzgLrxRalhg8s0qJ/EB3OS1YvSEZ3Ok5SzrmWn91BnGbNVGlA3TIN6EqH+gTRpNGc6M9uzhrrR94thg8gMqBvWb6Z9UVqttVPvhLr0nf4soW58UWrY4DID6ob1m3VCfVaKBnUV63t2UO9s/fI3elHa0Ny65fLN+6g6W4f9J69i7/HL2FMtuoQDJ67g7JU7uHL7wTf66v1uDU1t867dfqgK+f4Tl7DnOMXpXh7bPh7v0bPXceXmAzxsaJmrb2JYH5sBdcP6zVyhrtqpq7fyz9JTf/7bqbe3d2y7fb8BB09dQlLRIaxJLMHcTbkw/5GFn5Zl4YffMvHDkkz8SE1ZmokZ6/KwIm43NqRVYHv2PmTtOYlTl27ifn0zWts60N7+6Ad913/KHj9+vEj2d+12A8qOXkZsfjU2pe3FH3FlmLcpD+YVGfhpaRp+WJqOH5bZqSz8uDwbpj+yMW9jPlbFlmJb2h5k7j6Bk7U38aChBW0dHQv03Xdae3u77e6Dehw6WYucyuOwV5xAZuVp2CtreG5nkVV5BoUHzuLk+Tp1jh0dj3/XN+2VtbW1fdXS2o6rN++hovocsvaeROYe/s+eM1QN588ie88pVB49g1t37/N/Onbomw44c4V6CKHuJ86TdMfRZ1CXfUnrF+nQS//46KzxRemgNAX1Ik+oM4M8I6gHEOrjo1Jh2/j8Qb2lvX1H3d16lFVdwJL4CnxDOL4zOw4vR0VjvC0OYyxJGG1OwWhLspIsj7Um8bckvBiZiElRCXh1ehL+Nd/OB0ARfo85APvuc6i5fA91dxp+1P+m19bQ0vbLjbsN9LjrkFx6EvN3VOK/i/Pw1owMvBqZgpesiZhojsc4UwLGmRMx1izHl4aR1gyMtGVitDUdEyyyXhJej0jCv+dkwLqqGJvsR1F57DIu04u/+7Blkf53/8/N2/dte6tqsHBjOj6ftxP/npuI93lO7y7IwXsLcvHBPDs+nZ+CyD8yIZ3Fnb5w46mgfvbKja/Kj57F4p0F+GpJCj5cmIr3F2TwvzLxIf/jP/My8Bmv/9zVyag+VcuHY/uAh/r7c1M6oT6cUB9BEPe8l8buoa41adSg/v6seA3qHQbUB5118dSf8YvSAGuOgrr1OYP6zbuNOyqqL+GPpL2EeSYhnYAQSwKCbSms8mbAn+flb83n+cmYkflULgtYji7O82EWYM1DgCWP1e9cjDVl4hVLOv4zJwuzNu+mp3tWwfNeQ9NP+l/2yHj/fjlRe4MAPgDzylx8OCeND5E0BJqyEGDOQxD/L8SSy4Keo015DME8xkCbjHFZAj/eEz9rMfwt+QjibyHq+LL4QErH2zPT8P1SO5ZEFyN/7wlcuXEHDU0tP9c3NtuqzlzCgs12vBW5BaNNuxBgkmZ6uRjO/QRw+1HhSXiJ6dbfs7D7yAXcf9i8Qj/kHll9Y8tXpy/WYemuQrwzPZoPoTgeXzqvn4xgn4kxZj6IwhLxjjUGS7bm4yzXHfCeeoUOdT5Q/Qn1EVYZ1KI3Y5QaUDesB+aAurR+6Q+oC/zGRRLqz0n4paPjcfRNeuepxdUIX27HP6clYrw1RX19G8Rz8bPkEGZ56rpJt8Wi4VZeKzUijQwIzHQ1X0IJQFkYLaUIMhfweudglEUeEKn4bFEqFm3LV/CsPndlsv73Po3H9evVm/eRVlqFGeuz8eHseIwn+EJZUwi0Zqv/ViNYqS6TpevkQqbLoMSFvAcyBJoco3xcJuvw+Cx8GMlv0vOfrMdzCrXaMYFe/rvTojF9dQqK9h/H1Vt3fpb/r7120yahlx9/S+b/xiCQkJXt5CEh+wmxZLNmkIL3pifzoVDJc7qBxua2HoH90aNHX1+/8xDbs/bhvwtiMdEay4eRPDhz+R/5fCjl8EGSjhdN8fjh10xklZ/GtTsPtuubD0gzoG5Yv5kr1ENMGSw0/QH1FEK9BMcuDOzWLwL0utsPkVRwFD8tTsMr5jiMmiLXKRvBLJRBBGaARbzcEoqFjNVpGVRE9XMt3i8BqUnr+9pPxPWkMyYN/AJ8erYE+2hTHN6wbcPCTVnYlb2nW6i3tHX8Wnv1LrbZD+LrRSl4RUI/5mR65Xb+Tw7vUyGGRpapcWW1Pnyki1ZtoOIAQlFqFAJHBWGmy3wAH04BrEEI3IdJX988PhmtPoTe8auRsZi1IRuHT11EU0uLgnp7+yPbtVsPsC3zAD6am8yHkzxM8rgvPiC4baClkA8+1soImC8WZSG+8Dhu3m3A48f/+0OdRDd242791xXHalnzSMck604+qJJ5fWXfvN48F1WTCE/AR7OTsSXjMC7VPUB7e4cBdQPqhon9VVC3PAdQv3LzYXRqCb3Rxal42RSDUWGpBEw+gUU4m6hwQobTIFMJQVPEwkrv25LPqYQxJNwh8M/ib5zSK5ewS5Apj/DM5zUpxAuRBRgSKd5tLoLDk/D21DisSSxH0b5TPqHe1vF4yYVr97A57RA+n5+BifSGQ8MzVUhF+u0ZQugNiSzlvks5lfFlBdwS9slS0JdxaGXYQpkG65LPykdyPyHhqSp0MoL7GqYeBEXcbyb+vTALsQXHcPbync64utj9h83Ww2euYu6WYrw2NYXnZ+dDi5CRGotAhw+HIFMOJkWkYs4W1szO3wCP/4lQLzp07uv19n14b248HxYJvN6sefDBKYO2BHGfoeEZeIc1gFWJ+1TLopb2jm36pgPWDKgb1m/mgLp8UdrfnvrxAQz11vaOXcfO1WHGuly8YtlFoCchkB66eOUCF/G4A0wyHmQBRjF9rCkdr0Sk4d1ZGfhwrp1Kp9IgI918MCdNLb87S9ZJpledRI85hd50BgtjFq+THaOtyfhxWS6KDp7HlVv3vEK9raPjt/NX72BDygF8MjcTE0xZBFwRQcyCbq0k0MvpnZdhWBS9ZT4oAmwCewKb/zXWloiXpybh3dkp+JDH9OFsXXNS8K9ZiXh3aizPM4bnoY2AJSANMGdyu3RY15Vi/+nraGrrcIN6+6NH1pv3GuiFH8OXv9hVWCrYIiESGaptN4ZYeFzmUkIsE/+an47tOUdw+tItn1Dn/r65W9+EzH2n8f1KXtOoRHr/MvQbAWghyHiewbze482pCPs9FxVVF1Hf0DLggS72zKHO36U/dW04Ox3qRn/qg9M6PXXpJsD07LsJcEJ9YMfUa6/f27U9+wD+NScWY+ilBxMuI6z5GEJgDRWwWwoJsBxMsGXg4/k5mEbwrU89hPz951X7b6Xjl53icu6+s1iTtBe2NTl4b34iRkXuQpA1FiMtsXifcF2XdhAX6+6jtbW9C9Rb2jp+q712F5vS9+MTeRkaRg9b1RT2EZwHMMS8l8cm17mEhT2bYE7EeBv3S4iYVhdgYXQlNmVVIf9ArftxUfIiM6WoGstjdsO0IodASMUEczzGTInBf+alIzrvOE7UunvpDnvY2GqpuXwHq5P24wNuN5pACaK3PkKgbt1L0OxVcfwJvOcR6/Kx9+QV1De3rdQ3d7O7D5q+OXTmCmZtLcRLM5IQFJFBSLFWIzUjAiuID9KxzD9f/pKLhMITKpzT8fixAXUFdd57SWf+NDr0GuTm+aK036A+wFu/HKm5uuvnnUV4NSoaoVZ6jJE59KqL8A9ejxfkpaIlC6Ntyfji1yzEFJzASdY6bt5rxJ2HLZ/ru+hiDc2ta+vuPET1+etIKT+Oedz/v+fH4nXbJkSttqOy+gLq7jzo0vqF4Fp69dYD7Mw5jC8WpWKiifcqPJ9AryTQD2Ko6QCGmgkHFd/PwpiIJB5XOpbFlSO9/JRq6njp5kMeWzPqG1tn6rvtND5EZjU0teLKzfs4eOoqUkpPYumu3Qj/LQ2/bivG0ZpraGhp8wp1sbv3Gy2V1RdhXZmDl6wJGMl8JO8aRtj4wLEdILzEW8/AO6ytLEvah5MXb6O5taML2CuP1H6zPfsQr0kqQm2pCGBtQ2L0AnWpIYWY8/DGtEz8umsvzvBB0t7RsVXfdMBbv0A9wgn1Dw2oD17rb6irduoDHOr365tiig+dx+QVmZgQEY8gWxpGRNFLjyLQVZxamu2l4APCJzq/CtfvNKClre2/+uZPtLaOx6t53VF7/S49+9PYlbMPlVXn1Ic67e2PukD9Xn3z0vIqgWYeXuYDZlR4JgLCeJ9MFRhGD324uYLHU4wQUxYmRabBtKYIOawVyIOgobmNAG2fru/qidbY3DqjnoCXljXHzl5DzcWbfBC0yAtOn1B/9OiRRbzmhMIqfPuLvNyUvvmlCSfzkYx0b5EXyHkYyev4399ykFx+BpduPXSDen1Ty7eHT1+DbXU+xlmSEWjO5TZFVDECbawVmbOZnsp7UoDSo5dwr6F5i77pc2F/BdSPGVAfnPbXQH1gt1OnxxoTl1+NjxekYYxVayI4NLIY/4gqxz8iS3l9clR448cV2eqT+zv3Gz/TN+211Tc2r3xQ34Q7D3x/fLT/1LWlqxMP4L0ZaSp2Lx6rn4kPFzOvKYEZYC5SXTy8MS0dUzeUouDQBZy/dm+qvnm/WHNzq/ns5VtYGV+OD2YkYpw5DcHy0tTM+y/wYj6SNvsTeYyzd1Tg5KXbEjpZJdvy/L87c+mWCuG8O8uOkPBsQr0EQdYyBNv4sOL1H0XQvzcnFesyDuPExdvPFdDFDKgb1m/mCnV5USpflEozOAG7tGKQ5nDD1HBZBDshLZmtJxKYC9SHS/M9eUioDCnV6ByMi9Bj6qyG36ofeFC/dP1ezM6so/jX7AwVSpD4+RAWmhei9uIfUrisOXhtVjqWJuzFuat30NLS9tRQf5Ldvte4rOhALcKWFWCiKQ2hYVkINBWw8PIeEXx+5kLNQ+fDx7qqEIUHL+BefYt4/P0KdbGrt+6bSg+fh+2PHLxsScBIqVGwBiEvllW+IOQDLRn4aFEWEkpPireuoH76ws3vMstP4bvf6I3bMnl+xayJ7EaQqYzKR3B4Cl6fkYyfYypw9PwN1j7an1Oon1JQl75fJE8N5wPZj4CWbgI8y48vqa4FeD27jFHKfUjrFwnBhfLBLzF1A+qD1ATqiYT6e4S6NEkbwequjHokmUd9SEOoS7tnyTgyCpLmNWgZzNOTcJcGdaen7oB6LiZGpWLG1t04feUOATTwoF577V7M9syjfNDZMdKUqbyqIdYK/F/bPvxfAZRZXnRmYie9eXrqzwzo9GSXXbh+D2uTD+B9HstoHkswIedHUArQpQAH8SE5hl7sd0uzkbP3LO43KKBH6bvoV+P/mu4+aELG7lP4+ucMjA1L4gMnh8fLWh4BJk6CfEA0cVoaZm8rQ3XtDUgYai9rO7M3FeLVqcmEfi6BV8mayB4EhpciNDwLE62JmMwHRfb+s7h2t36z9m/Pl7lCXVqnOKCudRMgU9eyo0HedaQxR5ry1h1QZ1mVmrV81Caeugb1El7zNHwwK9GIqQ9WE6gnFFXjXYG6hVBnNVkGsHVAXb5M9IukRxDJzNMJdUemc2Y4b3KFukiWpdC+PjMD6+1HcONeo/TXMUChfki15hjFqmwAPUy5Jv/XWon/I+EEUy7enJWJVSkHcfH6fYmnPxOw361vXlZedQG2NXmYGJGEIHOWVm038/pK2IWFeiQ937emJ2F5XCVq+QB49OhRpL75X2Ktre2ms5du4bfoUrwVGYtR9LID+CAazmNWnVfROQi02fHuwkysZW2ouOoyfkvYh7dna2EJ+bp1iE1rNRPEcx1nTsFnC1IQnXsEV249QHvH4+cY6ifxgR5+0fp+kevRm/AL0wh1qfn4y/2XZrXyYGC+HMZrNsy2R5Ux6aXxfYH6WQPqg9KUp06ovzcrSffUtTbGw9SXj6zey1ePOtRVfF1B+skSmPszg0mYQPMuJDOWKs/yrdl27Co8gcJDtaP0wxhQdunGvZid0gpjTpLqmEu+tpSeK//BQiOe+lBCfmxEBsxri7D/1DXcf9jyTKB+/Xb9sszKU/hqSTrhncCCnEXvTlqDiEdWwQdkkWpC+MUvdqSWnUDNpZt/KdAdduXG/fDdh88jak0uXo5IZO0iG/58GEoMWfLQCFsuQiPt+GhJPswbd+PfP0tLolSeD68z88sLhNRQ5hd5iH0wJx3r0/aj9todtLZ3bNL/4rkzh6cuUO8co5TnODyiQisfLmXnSXJCXSRe+x7mz33c3x6tnbpJoJ5kQH2w2sOmZkL9KDNBAkIJCGlxoOLgCsICZxbCSBG97s7qoJa5PD0Jd+lQl/WUp+4B9YLjAxbq127fj5GWHJ/OT8ZYcwILYRbPoRQvROzF/yXY/8EqboAtG2/MycBviftw6vId3G9s6XHrl57a2cu3l8XkH8FH85PofSXSu5MOs0qpSl5LabddiBej7IjcUILK45dx+17jgIB6+6NH4dJ0U5pgfrIgldcwjd6p9CdDIInoLARZ8zEmIofHn4Wx1gyCKBN+5gLNoZC8wnOVwVQi1hRgz7FLqG9qfm6BLtYd1HsTfhmmyp6AnDVfbi9dU4xgXhjOfKl1vVuEUFOqFn4xoD44TYP6EWaCWIw00ytlYRtBcMjHI5JpJLMNj9TlkcFcM5w3CdT9O6GuhV/kg51Xp6dhZcpBXLtdj+YBGH6RJo1lR2phWZGFl6STLJMWA32BBen/CNTFu4ooRnBkFv45PxMLdlWi+MgF3H7QhLa2Np/t1HtjbR0dy09euIFFO+QT/FjWolJ5DAUqDuuEegH+OTcHq9IP44J8tNTePiCgLvawoSns1MWb+D2uEu9MT1XNMINN8vUrH/b0LgOpEHMJr20Bla86OBtuLqaHLrW7AuW5f/NblqqB3LonfcY8/htA3T38osJRkb0Lv6gvR5n/ZFtxlLQHAud1jz8wQjqKS2Z5lm4CCHWjm4DBZ06ox2CUOQkyiIUfq/iaR6VlGpVhlNwzmGuG8yZvUBdPfSI9sBlbduM0PdyB+KK0o+NxjLRqkQ9w3o6KxeiwBASEZ2MIH3b/iNiDFyLlhWkZhvABGBSZjZdmZeLr5blYzPXji6px7HwdHjQ2S7hAmu1JnPtrfdc9tpaWjuUHTl6CZVWm6gUxSFrhmFmLkk/vLXt4b8oRbMvHh4tysT3/OA7UXIvQNx0wdu3W/bDSQ+cQtjwLE1nTCDVl8TyK6bFXwN+0h9e0EoFhZQiUL2MlrKTe50hvknYVY18WX4GzV25LHH2jvsvn1voG6qzFcDokskK1xpJ5R61ZyqY0RAiMyCfUk/DB7DgD6oPVtJi6hF9iCfVk1a1pADOcdA+roE54yDBZ8hJGVRU7M9jTQ328LRm2Ad5NwKW6+7viC6rw5YJETAqPxihWaQNtBapl0P9lNVe89Rd4bkPlnYMtl4BNx8SpKXhnbhq+XZaDmVtKsDbtAPIPnMPpS7dx92EzmpraezykXXNL2/I9xy7gx2UZ9HJjEWjO0lqRmPlw1aE+MiIPny8tRHLFGZy8cnvAQb29/VFY3Z16xOZX4Ytf0jHOKi2scrX4unkv/Ez7EEC4+5tYM1SQKyTUszF2aiqmbizCvpOX8bCpdYO+u+fa+grqQ6VprUBdhq9T4RlpoUbp84F80IeYkvC+fFFqQH1wmkA9vrCaVeR4Qj2VUJcvAVlNVs3PmJlYzRegq7frfQB16fBJDTw9wKHe0tqxq+bSLayK341/TduJCQT7aHqQAnZp2jmU5/cCC9kLvE7SM+Iwpo+IyOH52vngSsUoS5JqovfZogxErS3E2pT9yN5D+F64hUs3H3yn/41PE6jLp/ffL83ESFOi+sJSak8SelHhFz50R0fmwLKhDAfOXEd9c+uAg7pYU2vrFBm679fY3XhzZhJCpV90Swkhvpfax/PQzmU4az1Dbdnwi8rAR8vykFR+GpdvP1iv7+a5t74Kv0h3yvIR3JBI8drlPZe8eC7hvqQRg7zryVehuvdmJ6kxcw2oD0J7QKjHFp3EWzNkeLNMeul5LHQymILWB7jE1jVPve+gPjEidcBDXayxpTX6+LnrWBFTgn9PF7DvVLWZIGsWC490WsWCqdr1l7CwSRcCnFdNPwv4ey6CzJnqw5mxBPzr05LVF6qWNQX4I/kgcvfX4urterR3PEL7o65jlDqg/h2hHkrPK1D6Exf4ScsXs7R+KMbYqCzM2FaOXUXHbPpmPq2trWPu5eu3kVN2FDvS9mJbxgFsyTiILfZDnB7C1ozDTDui+iffbD+MTfYjaji7zUzbln4IsVkHULT3JK7U3UVLW8cv+m57ZNLrZP7Bc/j292yMipBBlwt53SowVD2gmC+Y10ZY85jHMjF+TjYWJB7CqSt30dr+2IC6R5qCOr30IZEScpHWadoALNL/vfwurdUCTXa8N8euBibpePTYgHpv7NzFutbjNVdQfeYqqqijNaJrOHqGckzpRblJ0h1Sv/dAf2Z9x7yHqmqu49jZG9h/8jp+SziCl6ZnI8hGoEu7dOWpi6RPbe3DhmERBDunrhnMNcN50/MOdTEB++kLN7AlbQ9++CURr1l3Ymx4nKrVhFiyVDM8GflIYsHisQ9VfcOI9ySDRfBaqv7XpW/1LCpdvQCcNDUN/1mQiXnbKpC99zxu3G1ES3u7WzcBAvXy6gv45rdMhIQn8WGby/1pH/FIG3UZXWjcVDtmbt+N2B5A/dT5a3OT8vYj7OcYfBi5A+9GJeCtqUl4kw+bN6en4O1pqfgnj+stTt+YnorXp6fjjWkZeCsqDe9GxuOTadFYuD4TB47XyoDUvYL6rYcNk8uPXcLkVfmq/5dhlnz8g87CP/iA0r6HkI9oZPSoTEyam4slqUdx7voDtD82oO6ZpmqIupcuQJdy6q8eivI7H/jiiIXn4DWW55Td53Ck5gbLu7DHpfz7YoVnmi+d9ZLWE+nbVenq8rtD+jFUkaenL1zHnfv1jfplfLbGak3rkvVpmPJLEn5YnI7vf83At0vs+ObXTHxNffVrNr5anIOvF+fi28V5+PaXfE5z+Xs2lcV1qMVc7xfKdUqp33Sp9ZfINtmdy66/f704S9umc6rNK3GfnfNdxN9+tuOLRdl4e3YuQuhZDqeHLi9eBL4C9wAZFYcZR+J1Gti7z3Se+jtAXayltX3n9dsPkL/3FGasySIQo/FieLQayHmsRQbOyEAgvXIZl1T641DekwKwhBlEXJZra83nb3xwWmXQjHRM4HX4YkkONmYeRvX5G7h209lDo4J6FaG+hJ46oS4vsAV+0txUWifJ6EXjCN1ZPYR6ZdX5uWsSSvGvqTsxccoujA4jXEwZqjYRxAeOdJgVYpaBNDL5X6yx8RilT/WQ8AyMnZKA10w7ELEiDeVHzuHew6ZeQX1P9cXJ27KP4F8LMhBstfMBKL1dVqiPueSjLukXRs5HupAIjcjET6vLUH78isTTDah7pKnWL7qXLs0Xg8T5UjU4rf96adYo7ydCeF8/nJ+LL37NIYuy8KViEsv9b+QHy7/wRqbCom9F5MG3sixcEIYx3yn9ateWHVOv6d4lLJT8q+Y5dehbpou+WWzvnHeVI/37xamIXBqLsoOnpWnmswd7e3tH6w9ztmH8ZCkgSepFWihvlowkE6gXchn8NzCcBTg8F8FheZzSG5Z0s10pgIUqIDxdTQOlgLHaJK0cZGDdTrGQOSQj16gp13GV/J+a6vtxKMCU3iXNIflAYXR4GsaEySAKPLYoZhhCVwO3wFgb/kz6l5AMJOm9bf0iEJd26gJ0B9SDnkOoiz1+/L8dDxuacezcNSQUVGHqmnx8PJsebmQSXjInqeHkRgrgCa0Qaw7PM195USq0wEIn1WO5vuLJD5UOmOhpS5cJYyLteH9eGuZtLUR51Xk8bGyR1jKTNU/9Ir79LQsjTRLyydHuhfLKZIi8XEI9jZ56GaFe9USoc99zVyaW473p8RgTnqL6VJHjkhe/UqUXz097V1CseqIUybzAdiQfQJMsMTD/kY6yXkL90o07U0oOnoNtZT5ejpSRlbLxAv/3HxF78Y/IffwP8S6lmSO9TnMRy0suXp1mx5LYfTh39a60Hvr7vCgt7xuoa7F0bdxZ+VYhUBwHefcl/dfb9nB+N/OLDCcotUONDzJgt78uYY+DHfLBYYhIMUFbDhKekGMiGXvWMXWVDDTumFfre8h13UCXdcWZCeHv4ggJgxzzrnKky5CF70ZsQnpZtbwb6Aeod3S0fjN/F0aGSzeh2SoW7SdxVhY8GQpMAZJVIel2VFWZ1afdAjjthYa82JB47DC5uTIVz07E7QSq3qS+xtOnrnK8JOkqrZmYN0mIJVDaB7MQ+ZvluJlhIglfEf9DYnMCdplKYRdv/Wmg3tlNgIRuOC+x4UlR6Zi7oxI1V+8NyCaN3ZmMhfmgoVUB5/Dp68isOIMlO8tVs71/z07Ey5ZdGBcWwwd9Ih/0aar3RBnFX7oa0D6BL8MQFuShEZVcLuWDM0+NTPTGtHhMX5+P0iMXcLHunoJ6RfUFfP+b9PmSSA83m/dM24eEdQTqY6emw7axBPtPX8P9xu5flNLrJ9Qr8A7/ZyS9dH/e+yHMj/8gDF7g/ZGQkXTa9g9C/v9Hb+//S9j+X95DSZN3COOt8QhfmYmyo+d7DPWmptawk7U3sHh7Kd6ZmsxCms7/zVNNQ19Q7f338HpU8Jy0T96DWEaCTcUYxWsmI0VtyDiE2uvS/v5v0qRRoD7nz0FdNV0UHrBsS206UDx19e6L91B1FyD5qhyBLK/ixUuYTtaVXlaFE0OENVL+pYyrci5xeackPq8xQtgh62rTLizhfjrnFR88pG+rxONw7EeORWqy2gDnMi9j4TrkTJepfPT3ZtROpPG69RPUH7V+uSAGofSiAlhNlf6itdHj6eHw4gsgVchCgCY3TWKHLDDSLElujPbEpWRdpnVK3TQf6ryp+rYOyT70dDe5rO8pAawWGuANoGQfAl7tIyP+poAs0h4k3jKYZ5qnXKGu4vGcl4+bXp+VhY1Z1bh1v2lA9v3SG6tvaN4i/ZZL87EsVq+3Z+4n5Evw9aJkvGpiTe7HrRg7mZCXJpGEu2rrbt2Doar1R7kqdJJ/pLvUt2bYsSz+ENIrzimoV1afx49LUvmQiGMtUPKYhHDEK5OMTw86IhNfLCtE2p7zqLlyt1uo7yXUZfzT96dFs3a2i556Goabc1WXByOkxZPyxlgbkGq8dR/+j20v/g/voXjrcnzjrYkwrcxGGWsTPYV6Vc21sITCY/jvggyMD09ljUO61GU5oXc5lOcwlPlDa5YnoTrtk/dgXp9QPvjH21Lw/fJc5Ow/jxv3mv5WUNe+KNWgPryXUO9c1sunVsZE/F3F1blPTtWX3CqvCGQ1DjhY8aR9d64rYnpv2eKQ133wOP10aT1NOpc904PJ1FenxiKFjlP/hF8I9S8WxtATS2L1hJ46PS7l1RKC6iR0qMuJyIWSi6wOWF/uvIBM90zzJV/r9jbdm57FvrtAnZlLoP7W7GzsKjg5YLsJeBqTjqYam1sFeLhy4x4OnbyM9NLjWLKjFF8uSMYr5ljlIY+gh6zV3ioIUF5DglpeEgYQ+KOtmfh6aREy99XiDvez78QFmJbL4NLxhH4OoV7E9VlTY0H143bivf9rUR52FpzCoZqb3UL9yKlLc7enV+Dz2Vv5sNmIFy3RGGdJwBhrMsbZEtVgIGOtrPYSqv42CYvswz/4gJd+5KXvGxl/1LQyl1C/0COon7tyJyxvXw3Cl2fjJUuKGsc1xJyvCmqwDDKi3uFkU6wpskYog2H4mVlz4TUJ5INGqumvTEvGPHr51efqZKCP5/+L0r6Eeh+n99W+vcl1XWGgPMBF0g2JY95VjvRgMvWVaQlIrqzpR6gvMqDenXxDPedvB3VXe/z4fxs7Hj1GU0s7Af8AJYdqsTRmDz5ZmIWxNruClnzcJV6UfHAz3JavPO9gUxbemZWJ9elHcOnGfRw5cxXT1hXgZYuMH0v4Sa2KGV7CeuKtS6uad+ZlYxNrPXtOXukW6g8bmuaeOn8NSfmHsD5lD9akHMCqlENYmXIEK9OO4tfEw/hp1R68NI33SAayjqjE0Ch6WZHyIo5Qt6QS6vmE+kVCvfvWLw1NreGnL97Esl0VeHdaKkaHy4vYInrpRZzm0hO3Y1ykHW/Nz8Mb8wswKlJeyuYiUFW7WU5kKi9Nzcn4eGEaEoqPSdt+A+q9LIu9Se+rfXuT67pPBfU9Zw2oPyndm57Fvgcr1F2NgF9PL1PFhmUs008XZWFkuLwwzOe1KaZHXMj8IiGQQgRKl77TM7EicT+kH3XRas6/O82O0HB66nwQSNVadQQl8XhLHiGcgbk7ylF17oaMP9pt3y9NLW1z79c34db9Bty83+SiZpy8/ADrss7gg/llCArXYvdDo4oJHQkP5RLq6YR6IaF+qVuot7e3m7TxVI/g80WZmKBewgmkK+BvLkEgAS+ted6fn4nFCYexIr0a/1mcxxpCemcLHyk/wwk9aWwgXQ6b/shB0aFz0rfO891LowF1A+qe6q8L/2fSXWVA3Wkdjx+vPX3pDhYRwK9FyefymbwuMqJSgdIw5h0B/YsRGZi6oViNui9wTOSD4DN646PCmMfMvJ4WJ9Slg6+R1nR8tzwP+QfP49rtB0/doVd17Z2ZuwpO4z/z81kryGahItgJdJG83B5P79q0sviJUL97v8EkH01Z/sjDi+Y0PsAK4W+i1y/dAvChFByWjtejkvBLdCWOnL2Jc3zYbcmtxvsL7CxH8mGSfIRUBul6VzpRkyaVr0YkYiavyZ5jl+XF+vPbn7oB9YEP9c9dYuoyoot4W6olC0/CgLqcs3eovzojC6vSjqgBmwdiL43Pyq7derg2o/wUvlxsVzCWsMsLkQV4gVAfKm/+zYUYZ8nA5BV5KKBneuNuA3YfvoiIP0oxyZqjejn0lzg8paBuLYI0S3t/nh1bc6px8PS1p4b68dobM2Pyj+PjeZkYzX1Kb38OqAdY8gn1TIT/UYKyowSrD6jff9hsqj53DYt3luKtqckYHS5xdELLvB9DzHt47EUYY07B979lofhQLe42NK+6+6Dpu/2nryJqUxFenJbMcmRXrSWk/bp0MxzA2stoUxr+NScD61MP4lLdfXR0PH4+h7MzoN5jqIuC+IB/ZWo8kiv7GeqjmEmDrAbUvckX1CdG2TF9SyVOXb773DVp/DN272Hj2sKDNfj2N0Ldksprk4chCuoCMQFYkfKIHVB/0NiC87xGK2MP4t0ZOcxruXQgpJmaXFNef4k9m6Q/8mT8yG2kpciFuntPBXaBemx+NT6dn4ExEgqJpMcclc98LL0mFmC89clQrz5/3ZRQdAyfL0rHWPlug+cTJK18rPv//+1dh38cxdn+/qAES5ZVLVdsCBAggA0kfF8SkgApBFunOxVsy6aHEkoIPTSDi2Sr914s2cbg3jDuVBtT3S3jvN/zvLN7t3fak072Scho3t/v+e3suzOzs7Mzz75TdkYHhzn195YlNfJixXuctikXLvz3hf7+H/7y6bHv5c3GjXL7IxWSGyqHhd4M/3hGhMnI79QpobND1XLPk01S0fWhfHzkuCX1JOuTFbcfvH4HI/VMcAThXuM4yzU/CqkHLanHQzxSv7KoVoKvrZHtY/znozNnzy777vhJOXHytJw+ffp/HfVFC0m99f298qcn+ZNHJfKlWVIKWyWF/zaA1Lnh8nXFjfLo0l7ZeeCIcJ733o+/fqa0ebvc+XCjzALhTwGxZwU5Y8b80DQp2KbWOteo/8eytbLr0DHOFBn2HqU79h0pKW3dLr9/pB6kXicZhfzgtEoqSD0DpD5TSb1Dejb7d798/PnX+R0f7JPgv5vl6gL+rdqEj1QXrPO1qKR9+t6vWVgnD+HZNn+kC5D92wn6P98dP/WXHQe+kMeXd8oNC8369ZlotXA2DLtsuMNTLj4I1xRWy6L/dOv4wdn+85cVsVtSN25L6jEYrYy/FL0Xlzup79r36bLypnVSWtcnW3Yfkv2fHLskYv/o029efrtlm8yFNcw/j2mpp2rXS4dwVksOrNKbFjTJcyvXS/2anfMY5vSZ889s3P2ZLHipXa4t4J+r1SBxrjdjwnCOMv/8nRKqk9seqpeXa7bI/s+/JbHfrzdNULaB1FeA1H/7cD1aEXV4V60yobhdUor5oxNJvVYCz7eD1Dn7JXpKY39/f/DDQ1/qeMH1RZUyDa0HPguXCuYMH/7DkYuWyZ1PNEhF9y45+Pm3YUJ35dh3x//ct22/zHumWmYFSmVKXiM+crg34kgPcr31Np01MweW/r/LN8hHn3wlZ/rPv+UEH/NiSd24xz6pP8I+9UrcvAEFrwnNRW7HZZrSXHhHd+XHA/GhlOCQULqjwT9E/fR+iOd3uHo/JDdukjmfWbfG03zgy+2G5dYqMwtB6q+C1A+MXVL/4puTy+t7dsq8R8vkzgVvS9GzVbKyabPsOXxMjn518reOt4Tl6LenX27ZeEj++u82mVpYCZJqULKbWNCqZYa/7E/Oa5ebQeovrNogbet2K6lTYK0/vbJlq/z2wQqZESgDgXNtlnZJRRgOKE4E6aUHmpXYb4dF/0rtVg5oDpvUl7fslDsebgIhN+isnCuKO0Hs/NOwVeew5z3fKj1bBs5T333oaLCia6f84bEGmZlXB0u7E1Y63jt/aoOxk4E6MquoVBa+3g4r+3M5e/78AFKndG/cc8+b1evlN4vKZeb8asnNa9HWCy12zoZhHdMdkZ5pkKb39nAWz2VD6ltA6nW9uz2k3o68QZ0o7NP64VeHBiJZddRPn6y4/RDxqz8WhcFxoch5hODhj+MpaJVeU1w6uqTOn49MnzorKC11krpjqYPUDZHhCwVowh23F/qgPnqFft34lTNg5njPo/WOf0/4QeMm3DCA+vWcX6w+Aj6v11JnGGchKpfUx6iljqb9it1I26NvrpFfBVfKL+Ytk+sCy+T2RWWS91yj/Kf2A+1COPLNCVrEcu6HH+JuPH3qbP+rHx/5VmrW7JK8F1pk9oJqlIV6mZTfApJqRZ5w+qCxSKfmtcnf/tkjPZs+lq++OREm9ZOnzz3N+z3wRqdcX1wm00EK3OMzFaQ5IdQnVwR7JVV3FGqVqYj7hpI6mfdCm7xct0n6dnyKdJ5kd8ciJzpf2fTRkZKlzTvl9odatDJNKOySnxV3g9hJ6i2w1KtgqTeD1A9EkfqBT48F20CwoX81yrX8yWh+m2TNR3kPoAzgwzOpoFYmF5TK3c/USdOGPXLk2+PPO0EHyPFTp+7h/PZ/oaVy68I6mc757YE25FWXPmsa6ldOQb38Atbb/a81yfqdh+T4iTNvO8HHtBhL3SF1tLbUUndIPX59jK5jF1VHvfXdgWnhDa27GL0fvH7HvKVOUp/G3YKC9UhAExKCSooKGvVlAtj1wrXJOcDFh+KOQi7cvUB9oWFZqfg7MJqyHvdAvbmPN/ygcQOa0d4C4CkQF6v3IprUL4/ul/7z51cc/uIbeb1qo9yxpE6uzKsEuVTr4me588pBWmVy44Jy+cvTTfLoO73CLouWDXt1zZa1Oz6R93Z/oejd/ql0bjokld0fyuPwd+ejNXJ1YYVMhgHANVxSg52SAnDFwvRCkFWwUW5Y0CDPlW2UxnX77nOSo3Lhv/99+tvjp6Vl/UcSxEfl2hA3Ca9D/naYfVOBK1C2aFBwkJELuU0JlssvF1bK3U83y1NlG6Si50Np3bBP2t/fL10b90v3xgPS/cF+6XwfOqR/deduWfjGWrl2IcpxfqtMwLvj2i9ctzsTLYpZwQrJf75J1nhI/eTpsyGS8NMr1qCFUSG58+skMw9lMtCHOFDmkZacUIX8askqeXpVr25Nd/78hbikTtl3+Ng9zWs/knufaJSrA/wTtUkyYK2nIj6zfynntFfITSWl8sTyLlj+X8iJM/1jnti93S9crErXfsEHmT95jWj3i9Z1rlkfAafFJqK7GL0fYv1mOOCSFK6byOTYC+Bey0I5vBZGTEXfqJL6cpmuey/W4uvbpLMEOM3MEC0Jl0TeDT0He7pQOVgo+YARDE7qjAMV1QHXlvGeR+sdkveEH5rUI4XhogqMj96Ly5HUj586s2L91gMSerZBrs4rB6HXy9RgC95vC95hq65dkg0Lcgre+dWFNTJnca3c8XCd/O6xOvnTUw1yz7OtcvezbfL7J1vkN482ypwHmtCEbMDHvx6VmYOceFfI+9TCdbr8LBdYSgdBTw2slD8/VSv8tZ4LejnJCcv5Cxf++dV3J6UBxHAv/F0ZXI24GjX8z5DHP0feXgHrmgOb6YVIJ6dAMt5QrfwCH4s5DzbLrx9qkv99uFF+/0ij/PHRJvnjIw1y50N18n8P1MltSxphFTXqCpNpsLC5Vd8VfG9oBucEmuWq/HIJgtR7tfvlzOM//PBDwWdfHZd3mrfK7//RINO19UHy7UMYLoHA6Za0qitl0esdsm7HIW7p9y/nceLKmTP99+w9fEyefrdXbilcJTPzqvAc+AgGevARNIt/0YKbGaqUPzxeL2Wdu+TQkeOXEalXOaSOFn0IhI5yMN5IPZ6eA+qEe43/bVwHUq8cTVL/wyPLZVoA1leAy+E2oUncBhInwRoyMxY6mhEg82wOGDlWtVmAx7j5s5Lr9urVjUrqhfqN0Q3Qh+NhayHi9uoj8ROmQFxUgfHRe3E5kvqHew+veHl5s/ym6C2ZnVcKMq6FZch9W7lULawrVEb272borJMmffdT4WdqsBoECsuyoEqmFNSAHLlMMtcnB5GDlMy+r/jwBmFRw+qckN+tljp/h5+GcL97tErebd4knx37Xs729w8gdcoFEPvXJPa+3XLvM2hFwGLnMqppSFsKyl0K3ivnu3PpAS7TywFOdnfxz1Nuh8df9KcgzVyHZRo+VtNgWU+fX4tjvUzJQ/nlYlvsq0e5mFDEvTBJOmvw/C0yGx+RwPONTp/6mce/Pn6ygKtI5j3fIDNwjVY5B/5SCtbBoqaVzg2Qa/Bhq5d30ZphVxVaHEOSOuXY18fv3rDzY1nwUotcw1YJWsLsn58Q5Prr6zQPc5HWawrrpOClHund+ql8e+LsUif4mJRI94tL6hxvGAVS94GfPqJDWI97uHo/d6LpSEeaCTftmShT1xWXjj6pTwWpc2CJ1gMHr4yVzgTzofglYhODZGas7rTC9ihMjDmPBv2DnEGGulEFSNJ1e2H0RAcQCT943PSLtCJ8uAA4GerFcPVeXI6k/snnx1bUdW6U4udr5FcoUDMCq9Xa5SYi7DYxSyWbjyIXodI1raHPCnHzCy66RX9cibBF0rgUAMifS+Xqanmwegm6GY67IbH77v8erZWlTVuEfe+nzpwJb5ThJyD2p46B2OvX7pa8fzXKLwrKJDeP/bRcPwUkns9BVy5zivvpR5vvgGXPGBVZvDeucx2WrPx2RTbc3OWfO+iwTLDLhftgXsH3iLC5eParC2Gpv9Aka3RBrzOPd238sODlyj6Zs6QMlvxqfKiaQejct5XWPeJGK2J2UY126WzZ96WcPXc+IUJ3Zevez+4q79yGj10FPpir9Y/tFNSjFBAhF0PLxkdxWl6zzF3UKK9UbNI1dtCaeccJPubEn9RB6IXrkccjR+qGF8gjBOs8Z91E3K6efzRH+zPu4er93H73I2L1k4oMWAYZfwbKkFmlcdRI/fzZO7meeqASFaNRrSFdRY8Ei8JNq0WnLAGmHx0ZTyuqCMTgQWrMeTTw4CRtvCBCl/R13F4Yfbfx7wk/eNwkdmSiJfUo6e8/v+Lrb0/oUrpLGzfL7x6ulBnz+Z4rQCR1qIxm6qp2fYHUSexZDmGyBaQD5YC7drQhdC6ZS7QhPCxnWMq58ytkdv5KufORKnm7YZMc+mJoQncF5PXk19+fEs4LL3m1TeYuWCWz5pfJVM4YYVl0LG4ldi2PDlgGPUjTH3ygB0FmEPzgIM2pqGQpKEtpXMwLZJqbX6WrOha8WC992w7IF199L03rd8rfn62UqwqXoVVSifgaYUVzXX6u8c0fpSp0152q3r1y+Ojx55ykJyzHT565a/ehI/Lkim65cRE+HEgD847p5l+12RxYDrTJVYEauRutnIqOzfLx0a8tqcfolSCVF4h2Bd+v63b1ugZRlD/jHq7ez+13PyJWn1ZsMJF7/SL+9FCDXDv6pL4MzdkqEDrnqbdqBVcSA4Fxk2aChMaXRmI3Gew+hPtg0ecR8OHoH8TNOe8Ap0m6bi+MHsSOzPDGMXjc5otoSd1fzvafX370m5M6uPjQW11yx0MVsFbLYFmXS26wRgc22bWSw/52EGgWrN9JsHgnwvKlhc7uB+75msO+7SA3yuCuLtw0Ax+J/DKZu7BUFr3cJLU9O+XTo9+R0KP2KB1KLlz475MnTp+TPYe/BKFtk4UvNsmtC0pBvqUyPcjWYw3KZQPQhDxnK5LlkxtiwwLSDxLevYJk3gn/aDnA2tadufB8maFqHDkVsVJ+/3iDPPJOjzSu3yMffXxE2t/fIcUvrpYbi16VmYHXkScrJDfECQNVMgVhZgbL5I4Hy+WNug/Q+oAFff7CsEmdsuvQkbsa1+2S+56pkl+EluE+q3UOPXf0mRqokxl5NXJV3iq5Ofi6PPhyuWzdc1DOnO0fk8T+45E6DT7yCLnBQHfe8pzH012M3g+JxpFWDCMEIO/xGg2F0Sf1R0DqgQip03IzpE4LGkSGl2UsdQ4EIKNxTS1qD7gTfawugmjLfHBLne7o8N6404p84BC6WwCiCoMHrt6LeHov/Em9DaReJ6HXesc0qVPOX/jvMi6fe+Czb6QF5M7lagPPt8hNsIxnzFsmuX9fIVPnrZbpgWoQTj0Iu1H72CeDbFgupgU40FoKS3+ZzJy3VK4Jvit3PVED67NXKrq2y66DXFnxjJw50/8355bDFhDm44xj94EjUo0PxLOlvfKXf9bKNaEVMk33Il2J9K3Sbp5p7PfHx0V3Y1I0AI1Iaz3SWIU0rpLp93Fj7aVyPT46f3muWV6q2SS92z6RwyDn46fPyr7Dn8pz75TL3PzHZfZf/iEz/vq0TPvrv2Xqva/ItHtfk2l/fkF+ed8LUvJClby3bb98e/z0s05Shy0nz5y769Oj38qy+vXyu5K3ZCbuM+2vL8v0v70G/Edm/u1VufreF+WXf3tKflvwpLy0rEr2HvpEzp49+64TxZiRkSZ1P/AvZT0qj0Rg+CJW5/LN8PRp3C+VG+sMAuMv4o7EER1nxI/xx27Ma+8vlarR/floOZqZVbqgF6d96U78JDLNbL4oM+8yE1Z6JpuNaq3zL1NOZXIRe+7R60O6GTcU4Fe7fRzgI6JggdFC0xcDfnAYBmEduIVEt+Fz4NV7EU/vRXxL/fIgdVdAnO+S3I9+fUJ27D8iXZv2S+PaPbK8ZZuUvNYtdz5cI7curJCbimG9wpr/VdFKmVO8Qn69cKX8/sEymfd0tTyzskdqenbIB7s/kU++/E6+P3VGjp8681fnFpcs586d/8eJU2d1oJXrsLe9v1dWtm2Th9/skrseq5A7FpfKbUjPzUXL5UZYvdcXrJQbkNab7i+X25H2PzxYDWu/Xd6u3yQNa3fpUrdb9n4uX+CZz5w7z3VaHuN9DnzySeHmXXukpe8DaezZKPVrNkvdmq3ANqnv3S71PVulbe122f7RYfnu+CmEu3DRpE7BB+tPnx39Rvo27ZGGNVtwP9xnDe4DNOB+Tb1bpbl3s7T1bZSN2z+UY19/KzC4LKkDbv1VLsE9LgY6lz40uN7tao4Pw0PEgDiidOA9hTnnxvfXoi5Vjx6pn1dSn87ZL5zlgCZuFmcbwDrOAHllILNJ5lnI1GxkLkF3BhKr03ac6Ts8j7hj9BoP4+uGm0d/twFHjznjxjM1yL0XpwzpuQu2HJipnhcPuIVkJEmdf1HOLKyR4CtrxvQfpfEE733p2f7zbObL9yfPyidHv9e/THceOCrb9wP7jijxc+0WWuJ7Dh2Fpf+VHP3mhJw8fQ6E84NwESsnuqQLyfc87nH2XD8+Gobk9358THYfPKpp2rHvC6TRBdN6VHYd+BLp/Eq7Sr49cUZ/qGJ4xoP4HnGiVunv7y88p89/LozTDtzzs8D58/wQXHjGCXZJcu7cuT+e6++PuqcfTJrPj8vuFz9o/eX4iVPfdaqgAuEU7rlHF0R8AI/GjfCKwfWDA+lx3NH+qTfXNN5wmoybm2dfXbBiNC3182f/+PC7MjNvFZqznPbWIDkkdiSEfZaZOsPBzE/PCXYAnCVBfXcMjD/OZ3d1YTfiMbv6Gwzu5ga0sfE7cSMNLEQ8um4tVC7gh4XALSSW1K1YSa6MVp863YTWX9yDU0E5fuKt+xxD4Tx5/leQDvDI8aB0hbkW8R/tdrkj7HbCa7i47g6NP3yuYU28rtv4ccMYN6fgXgNSH11L/cF35Mr5pcJd4/kD0mRn8CwLJJsNkuVu3iTzXC5GlN8Kdxt0ACx6g1acc0CtTa18Vx/X7fgdTB8FN24cY8F51mn57fp7OX/B9hL4SJK6dr9cBmu/WLGSTPkxSJ1/LXONmUzyTEEL+MCA028JHUR3wP8leOTUbF4z/lpRXyNuN5yrD58zzCDgfPPwuTecB/TjTQ/ByQXXFC4fRVLvh6W+5C2Z8fe3ZcrfSyX3vlUyeV6l5Myrlqz5dZKVVyfZOObMq4OeqJWc+biWVwFUOsdYePV0VwE1QK3BfI/bC+iz4Y87xOcE+AeeQXaA85fNMSsGmfCXjjRODHA+dTu+6JyGBxJHwVBCDxoMWOPBpyDFQ/w+dZD6Kz2yzZK6lXEiA0m9E/XsUn4+otsgokc8rG+wzNNA5mn5LZKhs5nAB5wRpbOiysEH4JdAuWTmrQ4jY/4qx81jBEY/EBH9asQ1OLx+Ivco88RR5ujNtQzHPTlvhVwTekuq+0Zp4+kffrhwtqL9A3mj5n15rWYTsEVeq90mrwKv1G6XV+p24LgD5zugJ7aba3VbgK3ySj2OBM9dd71XD7eCYRgfoPH6QOPFvRVb5VXEo3DcJt6I3pwjTP1O+Vf1Tvnrv/tkSmEjCL5NUkDkqUESe68ZCCEK3MGLeAXMH15S52AN3cZSr5bQK92w1L+0pG5lXIghde/aLyR11qvhrf1Co8ss583xNFjigPkPgXqOl/XA6m6RGYU18sCyD+Ql8lADeKEBdb9hi0GYbzyo24zjZl0EzouXaqPPh9IPB9FxmPt78Sr07zR/ILsPfSk/XLgw8qRO+e74qbNcaOkbxZnLEGflky9PyOuN2+WGxQ0oDPzVm1Mk1+EIC4J/7ynWodAQnDUTv9DFIorUAZ6ze2pWUZWEXuuSHQctqVsZHxJF6sEa4RpRZvYH6tSwSZ3XOkHq7TjyJ8IutIT5X8xa7T9n/HMeKJfe7Yfl2Pen5JsTqOte+HKBC5fPRhv+afnuxGk5c7Z/dAj9pyLfnTqza0X7DrlxUbVMCtRr10sqCtpEtSBgSZDU4TaIFL5ESD0DJE7LgYXWJfWcYJP+0GJJ3cp4kjCpPwhSDzmk7ljX3m5NF3FJXcPgnJMoPKSeinjSitajzoHU86vk9gdKhfvFnv/hh21OEqyMF/kepL6yY7vctKRasgvqJZ1/sRYaEmZhi56jGl3AvAXODyR1XfA+itSbZTYs9QJL6lbGkSSH1AnUJbh1LR+H1PnHaAr0NMSyCrslN1SFFsFKkPqnltTHo6il3rZVblywSjLzq0HibSgczqwXtQyMdcC/vExfXvxCFwtfUg9ZUrcy/iSppO7UpYzCDugdS52t6sK1wkXZJgcqQOrLLamPV/n+1OldpW1b5KZFZaawFZDUuVpfNwoMj0RPUkn9qqJqkHq3JXUr40aSS+rOgKgOlHKFQ/5y3wes1SmM2Xmr5FZL6uNXSOpl7VvklhKuW10NEm5BoXEX++LRuHVtBh2giV/oYjG4pU5St1MarYwPiR0o5eqdF0/qa1GXUL9cUoffVOj5G356iAuzrbaW+ngWkvqq9q0yl6SeD1IPxZI6Cp+uosY57Ekg9WATSJ2Weo8ldSvjRrykbjae9pJ6orNfCDMNUkkdLWozpZEtadQxgH+X5wZX4T7vgtQ/saQ+HoUDpatB6rcuWiVTQeqcR67rgEeROiz1ItMFEylgltStWElUDKnz5yMvqaNecHepYZE6Z6Gtg0VOAmcXaQypF1pSH/dCUi9v3ya3LyrX5Q502zb+kYYC4+6ew+3NUtmvjsLDAmRgBlPjgYOstCTM5iAojKE1cHdJNkm9sEoKXrXdL1bGj2wBqde5pM4JCcF2SeU8dVjqhqxj65B//eIPS7q8QJBdLfwPhHWVdZPdL5wV0yaTg2Vy6wPvWFIfr+KS+q8XVci0QK2YjZENEbuzX8z6xgYRq2GgJRENkrp3nrr5GclY6uxT77lslt61YuVSxddSd0h9eH3qtNTXw/DiSqysW4b8vZa6IfWlltTHqxhS3wFSr4whdWeeOsACYzB4oYsFV5vk/qxcRtOQOles5N6VlZbUrYwrifSpcw0WkjpnmcFoKjL1LLbuDEXqaSB1YzA5lrpL6tqnXob7WFIft2JIfbvcXlKpu+JzCV9a6CxoWmhAylqYnEIVKWADC10sXFJnM9FsfNwmOaF6mV1cIaH/dFtStzJuhKRe07sDFnSpTAmVS2aoUSbmt4Gc2YUysO74k7rbzcI/vqFDndJpx3DzxyMSPpffzs1nn7rtfhm3YgZKt8mtiyvwhXfmqbOgFHLDDZKyGezkaLu38A1J6vCbAQudMKTeiQ8GlwOukxmFFZL32hrZevArS+pWxoWopb52l9z+yGrJDa2WNLSKSepmc5uB9ScuqeOYqq1mzkZzF/Qi0cN6B7JCXTDOVsuvl7wr2y2pj08hqa8Cqc8pWW2ahQNInRY2iR0Fa5ikbnZa6QNME5PxcSA2F8R+xxPt8lLNNqns2a2bL9f0bJfaNTuFg0lhrNmlqPXFzrC7Ds3a6Gvx9dQNhlj/A8H7Ru4dC28cJk7P84QRHSYWblp8/SGvFM65m0eRfHLTx7z0h9dPPAzHX6J+/VDnhROXLxw/tWt2DIjDhfHr5B11PTt0C8FYmPzz+FVExxWLaL+RMAPPd0o9LHJu7VcH1MJd07dLyrp3yMMr++S6JZUwbKolNb9JUmHsmIHSRGe/GFJPIanrFGM/Uu8GqZdbUh/PMnKk3oumJZqEofUyEdB+QDQPafFPLuqSK4tb5MaSRrl1UbX8uqRCbl+4Wm4rqUSLoUZxm3O8taRaMdeBuhHGoErmAO4191zh6koiurA/D+gvCuE46B7o3w0zQOfc0xsH9fosS2oN3GcCYsMr3HvDHQVvWhivG7cDr37OokqgAuFwjMHcxQZ03wI/hPFr/Ot1uOd6/KoboB/3mut/AJw4b1nowD3Xe7hxO/GHz3HE9blMd1g/GEyYW2P0GnZxldy6BPmAo9G5945Or4ahHy+0nETyxQsTJsa/YmA8bPHeVrJKbi8pRRpLZc7iUrn5gVVywwOVcuXCKskEoacXtOrMl5SC92RCcC0I2ZK6lSSK2/0yd3G5+dMtiZY6B3M4p5aknooCrAjhPB9We36nZOU1y5RAg8zIr5VpebVwN0pufnMMWmQKrHsil8hvlcnQ5QRaJBvXswMAjw6ycE7QnRM0fsx5U9hPLOjPRbaGgRvQa3TjvpMBHnktNrwfsgboWjxpi9xvAOA3gsg5n5l5waPrdmHyA/6Qn9l5eM5AE+KKBqeS5oQMsrlDV74HumOXP9wwHODOCTnnMXHHg8aB+HOAyTjnzmA85jpQHd4Lr+fgSLcB/PnBCTcliHITQrkAcgH3XuG0AuFnQDh9di88/rxww/jpY3WuPisGOfn1eCd1usXlFNSnySDx7FCNZBbUoT40oC60ad1KQZ1IKdiI4wYQMlqzMfXHkrqVixYl9Y5tsHAqUEFqJb2QpM4Cc4mkDnAwh+s8pwATCtcB6+UKFLwUWvCFa3UQNisEcs9vBzokM8g9TCN98RlBkD+QwR8tALon4YNApOWjgOPcbOjhogfnBjpdjDr1Q79GFwv6MTN9HOA+JhziyefuT+Y+1OmKlbxf+NzAvUcE3eGwvO5u7hvedEQRHUcEuMYPosK4OXuIzx4GP4rhc5Mv1E1CnkzCfdOcHavMXGfCuLmmz0S8T7NNIf0Y6E5XYUT8hP25fl33IOAUOzMVFudOXDxO0v0ouweFGVj3vxaLDAd0T3LSpvdGuaWbi9Lpc+i2cTFg2vwQ9uPmhQM/v4DmD+HRMS26JyjKdUaoA3WoHekCkeOo/31oveFccxg6QRB68D1ct6RuJYnikrpa6lxoSJfyZIG5NFLnT0sTUeBSi7pkAgrghKI1QJ9cATKfULBWUnHkehWGtHAvENdA4jPQQk/Q8nd03JmJFo6uecFKQjjnLqgzCx1FzoeEx38K0pSK+0SFj71nTBiC4TSsRxdGbHyJAPGbzRSYBzF5EqPnh8F8TAHkuf4JrEekB+/UhflDeCDC12Pgp4vEH+PmvXE9HJeSPID3zHdtZlfFA8qBr96E54dbP1geUMd7RJ7ZAe8PvX/aXdCv0alfx380TFy+/qP8UYf3ivdhph7ifWhdQDrDhG8Ml3TOM89fiw8T31+k3oTrD+L208Ulde3mXIf4utDiXS23L3nHkvp4lZEk9dTiNkkpbpUJOE4o7gBA7sU9IPdehRnFZyVA4XcrM+47JJAetYz44dAjKo0HTL+fPhG4YePFkUjcGt4vrKOPd30oeJ99sDzRlTXxMb0Y8ENMJKr3wwC/2p0HcPmJ8BIUEcTT+0HXJYrxaxac4/3ipNtH74cB6fboE43blA/T7WjWaeEHmEYL6xInCnD3L6JHkcUWRxwC99MlTOqLLamPWxlxUr+/BUTeCnJvx7mx3FNh6dD6SUV8kR+bSFxoohd26DrRXIHOHAe66Sed8+lZqHHUcw+4cp2fPhG4YSNxOPdTsBL56xPxMzDu4YHPr26EjeRHtN74bb9oTCpsUySq90NcvwXUtSG97VGIp/eDn1+9J/Qjle64cfvo9f1qXSGZE7DKnXqUCWSBdLODnZKj6MA5yjauD6g/ltStXKyMKKkXdShSQDSpLHy0qhAXw2qfMZqh4W4DxodrnM9uAIIfzK19lnDrcSDi6YcCw3mhz69H446nT8SPq2efq7meGCLPnihA9AUgvIuAkiaQqN4Pfn6V9Kj3I9h4ej/E+FVij3PPwfR+iBtHyD+8n16NDZK0lmdTphXsesHR1CWC9QrvV9+XJXUrSZSRI3VY4VoITbeDIW02Q9mfSHCAr1f7FNPZr0iCd/wkAtM3iSOasDzGIp4+EbhhLyXuocImEocLs2wDP4SR54/nJrSp7yGN4UA/NsPQ+yHWLz802r3iINzdMog7UYQ/ZCOQ7ovR67M6XUKmK6zbqQNOXWC9AEwfPK+Zujag/vBd+ugsqVsZUpTU3SmNySR1+GXfoukvN01RXS4UyFT0oQDiCELPCHLHFg6CmgHBoYH4+FFwPwyMKwrx9InADXspcQ8VNpE4DDigpgPEnmc38Oq8eidvkP9RM4kSBD+4w9H7Idav+zeyts5GANrFEXPP8L19dPEw3Dj89PqRZf1hH7tL6EUkcZBxUa9Cx5SK18gVQIpD9APrjyV1KxcpXlI3Uxrbk0LqUZVYC7sBK3gY0CsxA9oNA13CcOP0xB2FePqhwHBexLseq/diqLDxrg8C77Pr5go+COuHGXcU4qVtOGn28RuVvhjE0/vBz2/4nq7bi0TTTGiL6BL10LFusP4YII1AeHYOoONJQAqP6hfhYnCxpJ5pSd1KmNRLHEu9IEk/HwGun3h+E4kjHkYsbjyjhnWP8a7H6r0YKmwiccSBIbKBYV19vOuJwk1fono/DBaHknCCej+o3zj6pKT7EvWD+Y1NtxL+MOOOS+p2nroVV0jqXCZAST1YDSuvFVbEOCZ1IBlxDxU2kTji4ceMOxEMN46fUtzJiCOenjpL6laGFJfU54DUufaLJfXkxD1U2ETiiIcfM+5EMNw4fkpxJyOOeHrqLKlbGVJiu18499aS+qXHPVTYROKIhx8z7kQw3Dh+SnEnI454euosqVsZUlxS1/XUC9y1Xyype4+xSCTuocImEkc8/JhxJ4LhxvFTijsZccTTU2dJ3cqQMoDUi9pRcFhgLKlfStxDhU0kjnj4MeNOBMON46cUdzLiiKenzpK6lSFFSb3DWaWxoMaSOpCMuIcKm0gc8fBjxp0IhhvHTynuZMQRT0+dJXUrQ0q4T11/PqpGIbHdL8mIe6iwicQRDz9m3IlguHH8lOJORhzx9NRZUrcypESRuu58ZGe/JCPuocImEkc8/JhxJ4LhxvFTijsZccTTU2dJ3cqQ4iV1s52dJfVkxD1U2ETiiIcfM+5EMNw4fkpxJyOOeHrqLKlbGVJI6qvat8qcklUg9SpD6gUgdRQgLgyVGezUguIuLJVOPQscdK47Hlw/8fwOHodZSsAsUsVV7LpwTjAM9M4v2sOtLIlAwzr3MGnhPZ1ncWDS51zTtLl+nFX5POexegM37qGhaSE0ffz7EuFx1HP3GmDSzevOtWFA/24kGJ730Ph5HwOzVrv5K9L4GwxMw6Xpvc/lhT5b1Dng5ImbbhOf63aeISacbx7QzwC9icNdnCsCEKz3nq6e90M8bvl1YcpStG64euq43AAXA9MuUl0REqQeWqNLBHBPYO4kNjWwGqT+jmzfa0l9XMr3p07DUt8ic0vKZDJI3SwTYApmJkiX6z7n5nfK5HyuAw2Sh47gwkGu2w+6NRn8uMd41yO6LhRI3APuLBTeTBRUs0gSWwrtklHYimObZHI1PBZ4Z00P/4oYX58QEJb3zgr2ID1dkhPq0LWvdQ3sfOjye5EXa0xakbZMpE1Bt7vsbci4vXD1GXQjXm9+xIP3WZWYtBXlrsnOJXyZR1z4i2vokAi6VG/I2PNMg4DWn1lwigBhqBXIODrxweK9aA26BGb8p8FajIfw+iwXq4flGVmPPBqRdW3MOUkuBWmdgHTymIJ0cj0VQ7hMt0m/5h1IbxLIjwukaXg8hxf+ZYbxdEhaUbtiYlEH0KV5xBZtKo9F3CcA+mL4gV9+wFl+WIZdZOiqnNG64eq1LOi7bdepx1ofQOIsA1wMbxLKZE6oRWYEVsgdJW8ZUj9vSX3cCUndWOqrUSBqtFCygrNisbAosSlQsABTmXDENbdi+cP1E89vRE8rRHeFUaAwB3lvVkBWPpJTu0wqatWCrNa6swAY4xgZUodlhPi5RyrTpPuossWCj1oWCD0zf61C91DVpVZbgTaEM0Sry8IijHF74dEjXs2DAfniD74PQ3wkdW7owA0ZGB/JyqzkyPx0l6IdLqmb1QO9pM44nI+Hh9Tp15C6xzqNgSHUS9DznccB9wT1nnPf1RTkxQQQ7gQldW4phzTSL/Ihklfwr2VqvTkyX53ndxGX1DUeEDtgdjsikfNjgntxwxfd+IV6+uH7RTjPu1PEqy/D0UPHvGEa+F7MksN8//i44Zm4V252QYtMC6yU35QstaQ+XoXdL2Xt2+TmxZUgr3oUGFo9fSD2tdqc45K4hmBRaADdW1T3FzV+4oP7dtKPe4x3HfHCTcLSgowCyvumofKlwaqiFWcqEisULCSEmRh6z1xHQR8JUjd9lEgbn9m9B8hELWYuERxEunD/1IK1WrFTUKlTUPnNGtlcec+svueuxheG6gnuUeqXJ/4w26MhHUqkJA58QIq46w4IF5ValywmEDc3N1ayR3r8ns0PrqVuQOImuSIeJQ+CTX1+TKjH/dTNdNAyHYiJSB/TeCl6JWIfpME6NTsOOecIl4qPagqOKXjuVLwj3b+W+eKSOgifz2CIcZiWOvOUxIlrzF9THhE/YHbucsF3w48M849bNca8X33fPu98OHrVOR9efQ+EIfTUgnWSgudmSzs3v0xuW/yubLOkPj5FSb1jh9y8pBqWOEgdFXYCCmUKCtFEkBYLDAmUJJaCgjOhaK0BClzYHQ+un3h+HX1KEQsridQQKsk8DcTNfkJTiWgZkThpHa1DAf4A1zbAL4lsZEg9FfeZUPiepi9MdJo+5gvyonCDXFG0Xn5W3Cs/v79H18Y2e6/imfAsCrrd9bPDeh757Ix//ZDQ5+W70LSRTEl+zSAqgISlFZv5wHSR+F1CTpzUw33pLvC85hqPjIfPbohdPxjaIuG948Eh3ovVO4TtByV15EFEh/woaMWzAyF8aNCqTENLj9005uMDP+4HkGWCZE54nt+Fb5nR8kijhh8Dwhg4/DCYHbvoxwHvCbAss0yb9+9Ay7oPhqOHLkXBusJ0ETRyUIdYN3mO/MgJrpa5S5bL1r2fWlIfj6IDpR3bZQ4sdU5pzEDzTffPRIVgP3dG0LFQtQCzwrOisILTCnLc8eD6iec3rDdEwT7nTFRMrgmdicqpfcrQsT89HaA/syP/BhRkWOss2H4VEYinTwSG1A3xsltCNxdGZTHdP0grrUEQKSvXFcXdQCf8cdNi99no3++ZPXp2D/BeQ4JExIFW5EthC9AA1ElGUT3Sw3fFuFxSRwWH/wgpJwiNn3nNAV/ejzpzf+OH1zrxPtrRmmsDcNTuKLPn5kiAZS8xIF9CyJdgM8pqu6SjvE4Kkzq7KvAhAKmzP5ytjvDzeZ/fQXxSN0YGSZ0bnHDzaPP8HZoX2ciTHNw7G2AesSyb9+wek+jmh5X1QvPJvAPWF26ROAn3ZvnIDa6Q25bQUrekPi7lBEi9omOL3LFouczMWy5T8ytkSn61TMuvkenAtEAdzhvRpGtGYanTRb8ITn903blxMDnIY60eXb9e5IRMHLk4TglWyVRgGu8dqJXpgXqgDufUV8BPJfzXohC3KuGzcpk+Rn8Cu1hSZzidTcDKTB0sw8yCeskuYFqrkAe1yIsGPFMTKnQTPjgNkl5Up0SbE6ozeQQ/RC7PQ/VhTMa5AdxoFeUGUQFDHvDcC9XTH94B8nAq8mBKQbnkFq6WnMJKyUK6OFimBKyEzo+R0zSPea7BYAid4xkkB0N62irhdb3WCeJqRToaUT7q8U6aZGqgTabkdVwypgYGYgqQmx8HvBYFpAvlczLSlZ3fIhkBPEM+ygaJHe9yIglRSd1Y62YG1TDKjJK66YpMh5vjK5ODLciLeq0nU/MrkR8VQCXqC8oqjrkoxywrsWA5z9VjBEY/EBH/bhiWP7hRDqbko16gbswI1KDOso6iDqGuTsa9pwbLZGbgdblj8Wuyfd/HdvbLeJTTZ/p3rdvykRQ9XSa/W7JM7nmsUn77wGr59aJSuW1hmdy6EE25RVVyy6IauWVhudwMHXHTgtIwbl5UhuurBoD+eLxpQZn86v6VcmPxCrmhaLncULwcbmKF6k08K+Tm+1fILcUrZU5RmcwtWiW3FuP+95fKnAXLcX2lXL+gQn4BAp2eB1LNbwOx03KJdDOkw6p23cMh9QHh2H8OKywT5JUdQCXNWyZT578h0+99Wa78+2sy6+9v4rhUZsxbKtPy3gLehPt16F7HNYMr7/2PHmfPe0Oumv+mYvY8wjmf95bMvs/gqnlvK+hm3LN4dK7Ndq/B/5VIw8wA0oH7TclbKtnzSyULlTsLpJsBQufMEXc3HdNdkxhI6Jx5RJDUTd8xSRHXOUgMQp9MIsmrwHOWysy/r5CZ967EkW4XIBMcr8QxjPs88Oo9mIVrs+5bZTBvlVwJzARmzCuT6WGUht3T7isFIvppBPJhWqBCJs9HXszHRz+fA+8kYvZ9oyWjM1dMl40ZSE6c1DUvGA/yha2lyYWNMrO4Vn65uEZuLCmXmxatRPlHuV24QuYsXInyjvJa4o+5i1GuYzCnZHDMXbwqDE475oSGuYsqUDdRR1Gv7kDduR2YuxB+UA/veGCl3PvEcil8ZqnsOQhL3ZL6+JTvT57euX3vZ7J++2HZvv+IbNj5iXRvOihdGw9K58ZD0rHpYwdwQ9euOOAcAfiNgnO9zcUHwPv7pfX9fdKyYZ80b9iLI4Dz1g8iaMN524b90r7hgHQQCNNO3ft7Ecd+aX7/oCxv/VDmPdstVxU0wWJnU3ckSL0TxNAscx5plWfKN8ny9m2yvGWjrGjaICubN0hZ8wdS2rxJVrYArRsNWqhz8b4Dry4WG8MoQ9yEOffxw2sOVrZukhXAstYt8kTpe3Lbo7AaQ80gdpMPZrB2+KRuujIQh9NKMQPZ3TIRLaMpILI//LNd/lXBe2+XFS1bZEXzZuSFH7aEUepxG/j5H4gV8EsshzuMFsLRqdvFVlnavE0eWfae/Gpxo2TPa5TMvC6ZBGtdu2A4HsBZKdr9wqmAIPU43VO+pM7+66I+HYRNQ+tp9sJaKXizV1b3oVxuOSztW1AnNh9UdG4+BDhH6M25gy3QUzcAjt7rV+GJx4vNh6V788eKNbjeizrJYzf0PVsPy3u7PpbdBz+XLR8elO9OnJILFy5YUh+vcv78Dzv7z/8gP1y4IDye6x8ZnI2Bn594oP8Dn34jj73eLdcGqyUrv3VESD2d89LzG+TWh5vk3Y498tnXJ+X02X7gnHMcG3h/9+eS90Inmv61kh1kNwwHlEHKwLC7X0DqnFZKy5RjBRzc5RxsjmfMWlAnJW/1ybb9R3Hf8wPS8WPj2xOnYTwclD8+0YIWTL1MDvCjzIFMdkkxP8x4Bgd5h9v9wi4ttn5SUCbSCxrk+gdq5YWaD+TTY9/LOdaTHxlaV2POWYdhoZPQtzrV24qVsSsfHTzS9MTrbXJDQYXkBDlQmHxSzyCp59XJ7Q/VS2XvPtlx6Js7nNuPKSnv2vVE6IU2mZFXjo9QEz5GHKztgVU6PFJnHupPLThythEJ/YpiEjuIrBDW6f0V8uDbXdK4fs9jzq3HlBz95vvf9sDivfuJBpmeVwNSb5eMAPIgyFlDtLQ5xoByos9JDI/UryjoA/iBa5YbH6yVl2s2yKEvvql3bm/FipVLkY8OftH05Ost8qvC1TI52DwipK6WeqBefvNoo1St3S87Ph6bpF7Zte2JoheaZdb8MpmC9HLmBWfWmHnmA58zLpiHgPk7s1d+XtQnP9Mpmpx5VCe/WLBaHlnaKS3rd49hUj8AUq8FqVdILkg9K8ifsdbhfZoBZDPoy35xtkxint+BP6mvlSsK31NiTw+1yA2Lqy2pW7GSTNkDUn/89Wa5oXCVZAebUFFhYWofqVshzVErKCuvF57KGgv6JyayCyIIUgjUyl1Pt8h7uz+X706fG7OkXvxCk8zKK9PZH+kg9Ykh/qBFUh9IUPFB/5z+R1JfI1fgI/dzWOopxRyArZerF5TLI+90ScuGsWmpfwVSX6OkXiPT5q1GK6tZ0gN8j5zDzemekffrzuzxywe9HqNLDaHFwv80CtZJZkGbXF9SKy9Vv29J3YqVZAlJ/R9vtMh1IPWsYAMqaQcsbTSp0cQ2P8qYiulW4PDPJsMl9fwauefZZln8RvtvnFuPOSkHqRfAUp+Rz7xoxDN2qrVt/qb0f04/0Ip1oX3QHCiFZcr84JTJ2Qvq5KF3ejnAPWYt9TWbD8ifYalzhk5WfotM4k9I/HM0BMtcZ67gvbI1gvIRrxXjR+pmSiOt9DU6C+j6kjp5qWajHDryrSV1K1aSIXsOHgGpt4LUV3tIvWtESP3PlwmpT89frT/fsAtFrVJnrrnfc/rBJXMldoYnkYHUmW8ZyN9ZCxrlwXfWjnlSv+dxzt+uRLkAqfM9wsomGZuFsC6W1PlR6NWZQdmhFrl+cT1IfZMldStWkiV7DoHU32yT64osqY8UqTO/LitS/wqkvomkbiz1TGcAnR+n5JN6g7xUuxmk/p0ldStWkiEuqf+yqNzpckg+qfN36+wgSP25Fln8dpcl9cuA1HtA6neD1Key+yXEqa58n5bUrVgZ8zIalroh9Vr5y79aOJXPkvplSOr6gxGewZK6FStjXEav+6V23FvqxtIFqd/fcHmRehCkru8/eaTOhe2ykMfap25J3YqV5MlHIPXH32qX64rZ/WJJfWRJnYTWLleC1B+4jPrUOVCaXFIHuBJioEmu4+wXS+pWrCRPlNTftqROGRVSR16Me1Lnjl/5XZIRaJRfWlK3YiW5Ykk9IpbUjYwaqec32e4XK1aSLZbUI2JJ3ciIkjrCc212br7BpZgtqVuxkmQJ96nrlEZL6qNC6sWXD6mbgdJkkzryAZY689jOfrFiJcmis1/ecme/mF/jI2TuR+oexFZYDwaSup2n7pL6LJD6g+/0jV1Sd/4o5YJeU/LwsXfmqZPUM0DKmciPTOQNiZ3l42JJnbNfbljSIC/X2j9KrVhJmpDUH3uzTa4tokVGInMX9ELFK4pURt8KOggsqZtjLKlzGeLZnKf+7ti11M2CXgfl7ifrJDeAclHA/WT5HB5Sx3tVUh+kXPiWGX7YnCmNnKd+oyV1K1aSK2FSL0blRSUjkbkV8GKX3iUsqZvjT5nUucOTdsvwmg8sqVux8iOIkvpbltQpltSNWFK3YuUyFkvqEbGkbsSSuhUrl7HY7peIWFI3MrqkzimNltStWEmaWFKPyGiQOpcJGPNrv4DUuZ3dXUrq5SBwd/YLyDgppA4EndkvnNLI9dS/sKRuxUpSZPRI3c5Tdxf0Mj8fje0pjbpHKUh9arAyqaSue5o6f5Rm5jfDUm+UFy2pW7GSPLGkHhFL6kYsqVuxchnL6A2UWlK3pG5J3YqVERdD6u0g9UpL6pbUVSypW7FyGUs0qRsiC1dAS+p4BjzLSJD6UkvqltStWBkBIanr2i/a/dKEiusuE+CFU0GVoDyIqbBeDCT1GvnzsyD1N8YzqcMdapeZxfWyBKTeOMZJnbNfpuSbjafT8B4ncSriJZI685Gkrgt6BZrk+pJ6ebF6oyV1K1aSJSO19G4EXNGvU/co/fOzzSD19nFL6hPpxgfOkHrv2Cf1pxxST6KlrqSuH4dufOibzSYZNSB1O0/dipXkyEeHQepLLalTLKkbMT8fHZC7R4XU6808dUvqVqwkRyypR2Q0SD2yScbY7VO3pG7FymUsltQjMqoDpZbULalbsTIS4vapX1tMIqsHgbWj8pmNMtIKugAeOeiJIypzGiq1gRkIHRqs+B2SrQOlTWOe1EMg9WkB5oUZNOZz6mCv77PFx0QH5pz5BWJHvmWElwkYy6R+Utd+CS8T4AyUmvSD0IMg9CA+/KEumTRo3vhcQ3jdJAPhOVB63SL2qVtSt2IlaRL5+Yg7HyV/OztW7EmwTrODJPXxZamrtc7wHkudC3rNur9xTK/9MhqWutmjtBmkztkvdkqjFStJkwipc9sybmeXXFKnlctpfIbU7ZTG8CqN47n7xbHUuaAXN56289StWEmiWFKPiCV1I6NF6tmW1K1YSb6MBqnz56PM/Bq5e9wPlFpSt6RuxcoIiyX1iFhSNzL6pG7/KLViJWliSL3VDJSGkj9QevmSujP7Bc95caSO5yecfDODpYbUZ4HUOaXxcvqj1LxPTsnkM1wqqfcAnObaBFKvs6RuxUoyZc+hL5r+8WarXFfEeerJX/vFnf3CtV/GPKl37Hii4N8tMj3AmUCNICx84DT9fA5D1okBHzJ8GNMKOxGuE3lFix9xIC/TC8zPR0veBqmvH9uk/qenaiQbH7hJoRZJxTOk8sPkR+pxyoIvqQPpDIsPfXZ+g9xYUisv27VfrFhJnrik/ksl9WZUYJCYQ9rphY5FTkJzrdVhA0QW6gSp14LUx/hAKUg9BFKfEVgFK7JBCVgJma0NJWUvcQ8G+CehF3YgnJn3n1ZIkscHs6BVZt5fJ4vfXgNS3zOGSX2//PGpary3VTKxoFkmIO2peJ9RpK7Ezg+V33unX78yA12oC6TeClKvA6nXyCsg9cOW1K1YSY6w++Ufb7aD1CslJ9jiVFRUXCATpO6601FBXffwQAJgU7tB7nm2HaS+Zkx3vwRfaJapILKMUANIuF0mgqAnktidFktiYLcVWzy00mntdwIkdLhDTTLr/hp5YClIfcNYJvV98qcnUSYCK5HmBuRBp/5MxVZLFsoIYaz1+OXCr8wo2euHsl0y0Rq6cXGdvFKzWQ4d+c6SuhUryZAIqVeNHKlzmQAQwz3PdYxxUt/yRPClRpkaKgUJ18vEonZJLeqWVBL7MEg9bLHj2bWrQfO0C24SWYNcVVwlDy3tkeYxTup3gdRzQeqZoXr9ILHV4lrpJHW6dX30Ae/cIB6ppyJfUvGhnxRqluuWNMpLtZbUrVhJmuw5SFLvAKlXw5puDXe/aGUFqYeb1qigpvk8XJDY+KNJo9z9bIcsvIxIPQWkPqG4G0cSu9OvngAmFvTCPxfw6kO+mcFF9s1ziYDLgdR19svmfXL3E5UyJW8l3l090h9N6iRsdsXwWTmA6vvufcoMFzWbgA/eBMQ1MdQq1yxplhdrt1pSv6zkf/7n/wEhfAfaIFksfwAAAABJRU5ErkJggg==" preserveAspectRatio="none" id="img2"></image><clipPath id="clip3"><rect x="0" y="0" width="835573" height="795250"/></clipPath><clipPath id="clip4"><rect x="-2770.82" y="-0.181818" width="845127" height="798022"/></clipPath><clipPath id="clip5"><rect x="0" y="0" width="835574" height="795251"/></clipPath><clipPath id="clip6"><rect x="-0.181818" y="-2770.64" width="504305" height="512618"/></clipPath><image width="225" height="225" xlink:href="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsKCwsNDhIQDQ4RDgsLEBYQERMUFRUVDA8XGBYUGBIUFRT/2wBDAQMEBAUEBQkFBQkUDQsNFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBT/wAARCADhAOEDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9U6KKKACiivnL/goZ8Tr/AOE/7IPxC1jSpXg1S6tY9Kt5o2KNGbmVIHdWHKssbuwI6ECgD4d/bi/4Kra7e+JNR8D/AAT1OPTNFs3e2vPF0AWSe9kHDC0Y5CRA5HmgFm4KFQAW/OXxR428ReOL37Z4j1/VPEF5/wA/Gq3slzJz1+Z2JrFr9B/2U/8AgkzqPx1+FGleO/FnjRvCdtrUf2jTdNsrEXMzW5PySyuzqF34LBQG+UqSQSVFFH58UV+tv/Dj/wAN/wDRVtW/8FEX/wAdo/4cf+G/+irat/4KIv8A47RcLn5JUV+tv/Dj/wAN/wDRVtW/8FEX/wAdo/4cf+G/+irat/4KIv8A47RcLn5JUV+tv/Dj/wAN/wDRVtW/8FEX/wAdo/4cf+G/+irat/4KIv8A47RcLn5JUV+tv/Dj/wAN/wDRVtW/8FEX/wAdo/4cf+G/+irat/4KIv8A47RcLn5JUV+tv/Dj/wAN/wDRVtW/8FEX/wAdo/4cf+G/+irat/4KIv8A47RcLn5JUV+tv/Dj/wAN/wDRVtW/8FEX/wAdo/4cf+G/+irat/4KIv8A47RcLn5JUV+tv/Dj/wAN/wDRVtW/8FEX/wAdo/4cf+G/+irat/4KIv8A47RcLn5O6Xq19ol5Heade3Gn3cZylxaytFIp9QykEV9i/sq/8FQPiZ8DdatNP8aalf8AxF8Du4W4tdSn87ULVCeZLe4c7mIHSORihA2gx53D37x1/wAERzaeF7648I/EyXUNehjMltZappixQXLAHEZkWQmMk4+bawHcc5H5bXVrNY3U1tcRPBcQu0ckUgwyMDgqR2IIoA/qE8GeMtG+IXhPSfEvh6/i1TQ9Vtku7O8hztkjcZBweQexBwQQQQCCK2q/OX/git8Ub3xH8IfG/ga7lkmi8MalDd2Zc8Rw3iyExL7CSCV/rKa/RqpJCiiigAooooAKKKKACiiigAr46/4Ky/8AJlfib/sI6d/6UpX2LXx1/wAFZf8AkyvxN/2EdO/9KUoA/CGv6PP2L/8Ak0v4Qf8AYraf/wCiFr+cOv6PP2L/APk0v4Qf9itp/wD6IWmxs9nooopCCiiigAooooAKKKKACiiigAooooAKKKKACv5h/i1/yVbxp/2G73/0e9f08V/MP8Wv+SreNP8AsN3v/o96aGj9H/8Aghv/AMf3xnP/AEz0f+d7X6s1+U//AAQ3B+2fGg9vL0b+d9X6sUMGFFFFIQUUUUAFFFFABRRRQAV8df8ABWX/AJMr8Tf9hHTv/SlK+xa+Ov8AgrL/AMmV+Jv+wjp3/pSlAH4Q1/R5+xf/AMml/CD/ALFbT/8A0Qtfzh1/R5+xf/yaX8IP+xW0/wD9ELTY2ez14t8cP2yPg/8As66tbaT478YwaXrFxH5yadb2013cCM9HdIUYoD2L4zg4zivaa/nk/wCCgng/xX4R/a7+JLeLEuGl1TVZdR0+7mUhJ7GQ5tvLYjDKkeyI4zhomXqpoEfrH/w9W/Zq/wCh4u//AARX3/xmj/h6t+zV/wBDxd/+CK+/+M1+Ce4etG4etMdj97P+Hq37NX/Q8Xf/AIIr7/4zR/w9W/Zq/wCh4u//AARX3/xmvwT3D1o3D1oCx+9n/D1b9mr/AKHi7/8ABFff/GaP+Hq37NX/AEPF3/4Ir7/4zX4J7h60bh60BY/ez/h6t+zV/wBDxd/+CK+/+M0f8PVv2av+h4u//BFff/Ga/BPcPWjcPWgLH72f8PVv2av+h4u//BFff/GaP+Hq37NX/Q8Xf/givv8A4zX4J7h60bh60BY/oa+Fv/BQb4C/GLxhZ+F/DnjuJtdvWCWlrqFlcWYuHJwI0eWNULkkAJncxOADX0VX8vXgHwr4h8ceNNF0HwlZ3WoeJb66SKwgsciUy5yGUj7u3G4tkBQpJIAzX9PmmxXEGnWsd3Ks92kSLNIowHcAbiPqc0gLNfzD/Fr/AJKt40/7Dd7/AOj3r+niv5h/i1/yVbxp/wBhu9/9HvQgR+kX/BDb/j5+NP8AuaN/O+r9Vq/Kr/ghr/r/AI1f7ui/zvq/VWhgwooopCCiiigAooooAKKKKACvjr/grL/yZX4m/wCwjp3/AKUpX2LXx1/wVl/5Mr8Tf9hHTv8A0pSgD8Ia/o8/Yv8A+TS/hB/2K2n/APoha/nDr+jz9i//AJNL+EH/AGK2n/8AohabGz2esjxF4R0Lxhbxwa9ouna3BE26OLUbSO4VD6gOCAa16KQjif8AhR/w4/6J/wCF/wDwTW3/AMRR/wAKP+HH/RP/AAv/AOCa2/8AiK7aigDif+FH/Dj/AKJ/4X/8E1t/8RR/wo/4cf8ARP8Awv8A+Ca2/wDiK7aigDif+FH/AA4/6J/4X/8ABNbf/EUf8KP+HH/RP/C//gmtv/iK7aigDif+FH/Dj/on/hf/AME1t/8AEUf8KP8Ahx/0T/wv/wCCa2/+IrtqKAOJ/wCFH/Dj/on/AIX/APBNbf8AxFH/AAo/4cf9E/8AC/8A4Jrb/wCIrtqKAOf8O/D3wt4QuJLjQfDWj6JPIux5dOsIrdmX0JRQSK6CiigAr+Yf4tf8lW8af9hu9/8AR71/TxX8w/xa/wCSreNP+w3e/wDo96aGj9JP+CGv+s+Nf00T/wBv6/VSvyt/4Iafe+Nn/cE/9v6/VKhgwooopCCiiigAooooAKKKKACvjr/grL/yZX4m/wCwjp3/AKUpX2LXx1/wVl/5Mr8Tf9hHTv8A0pSgD8Ia/o8/Yv8A+TS/hB/2K2n/APoha/nDr+jz9i//AJNL+EH/AGK2n/8AohabGz2evyG/bb/4Kh/E7QfjZ4l8E/C7Ubbwrovhq+k0yfUDYxXN1eXMTFJyfPRlSMSBlUKuTs3bsNtH681+a/7Y/wDwSb1X4yfFbWPHvw28S6RpFxrs32rUdH10SxwrcEfvJopYkc/OfmKMnDFjuwwVUI+J/wDh55+03/0U5/8AwR6b/wDI1H/Dzz9pv/opz/8Agj03/wCRq9Z/4cr/ABw/6Gn4f/8Agwvv/kOj/hyv8cP+hp+H/wD4ML7/AOQ6eg9Dyb/h55+03/0U5/8AwR6b/wDI1H/Dzz9pv/opz/8Agj03/wCRq9Z/4cr/ABw/6Gn4f/8Agwvv/kOj/hyv8cP+hp+H/wD4ML7/AOQ6NA0PJv8Ah55+03/0U5//AAR6b/8AI1H/AA88/ab/AOinP/4I9N/+Rq9Z/wCHK/xw/wChp+H/AP4ML7/5Do/4cr/HD/oafh//AODC+/8AkOjQNDyb/h55+03/ANFOf/wR6b/8jUf8PPP2m/8Aopz/APgj03/5Gr1n/hyv8cP+hp+H/wD4ML7/AOQ6P+HK/wAcP+hp+H//AIML7/5Do0DQ8m/4eeftN/8ARTn/APBHpv8A8jUf8PPP2m/+inP/AOCPTf8A5Gr1n/hyv8cP+hp+H/8A4ML7/wCQ6P8Ahyv8cP8Aoafh/wD+DC+/+Q6NA0Oc+EP/AAVq+OHg/wAaWN5421uHxz4ZMire6bNptrbS+Vn5mhkhjjIkA6bsqccjvX7h2V5FqFnBdW7+ZBPGssbYxlWGQfyNfkv8Hv8Agiv4qj8Z2Nz8TvF2gN4Yt5VlnsfDctxNPeKDkxb5IovKB6FhuOM4API/WyGJLeJIo0WONFCqijAUDgAD0pCH1/MP8Wv+SreNP+w3e/8Ao96/p4r+Yf4tf8lW8af9hu9/9HvTQ0fpN/wQ0+98bP8AuCf+39fqlX5W/wDBDT73xs/7gn/t/X6pUMGFFFFIQUUUUAFFFFABRRRQAV8df8FZf+TK/E3/AGEdO/8ASlK+xa+Ov+Csv/Jlfib/ALCOnf8ApSlAH4Q1/R5+xf8A8ml/CD/sVtP/APRC1/OHX9Hn7F//ACaX8IP+xW0//wBELTY2ez0UUUhBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABX8w/xa/5Kt40/wCw3e/+j3r+niv5h/i1/wAlW8af9hu9/wDR700NH6Tf8ENPvfGz/uCf+39fqlX5W/8ABDT73xs/7gn/ALf1+qVDBhRRRSEFFFFABRRRQAUUUUAFfHX/AAVl/wCTK/E3/YR07/0pSvsWvjr/AIKy/wDJlfib/sI6d/6UpQB+ENf0efsX/wDJpfwg/wCxW0//ANELX84df0efsX/8ml/CD/sVtP8A/RC02Nns9FFFIQUUUUAFFFFABRXm37R3xmtf2fPgf4v+IN1bC9GiWfmQ2rMVE87usUMZI6BpXQE9gSa/DHxB/wAFD/2hvEPiifXG+Juq6dLI5ZLLTgkNnEuThFhC7SAOMsGY4ySTzQB/QvWb4k8SaV4P0DUNc1zULfStI0+Fri6vbqQJFDGoyzMx6ACvw18G/wDBWf8AaJ8LZF9r+j+KkzkLrOkRDA9M2/lE/iSeetcN+0d+3h8XP2sNOs/D3iO5stP0QSow0Lw7bSQw3UwPyNIGd3kIOMKWKg4IXPNMZ3/7dn/BQzxD+0l4kuPD3g6/v/D/AMM7N2jit4ZGgm1Y9DNcYIOw/wAMR4A5Ybvu+Z/sk/tneNv2UfGdrd6ZeXGreEJH26l4ZuJ2+zzxk/M0YORFKOodR14bKkiuW8P/ALJnxr8URrLpnwn8ZXEDDcszaJcRxsPZ3QA/gata1+xv8dNAj8y8+EXjLy+7W+jTzgcZyfLVsD3NPQeh/QZ8HfjF4V+PHw/0zxl4O1JdS0a+Xj+GWCQY3wypn5JFJwV+hGQQT2tfzk/Af9pr4q/sc+ML9vDVxJpUkxC6n4d1y0Y29wQDt82FtrqwzkMpVu2dpIPtHi//AIK8/tCeJrYxafe+HfCjnH77R9IDsOf+nl5hz9O9IR+51fIH7UX/AATN+Fnx+0u+1DQNMtvAPjdt0sWq6RCIre4lOTi5gUbXDEkl1CyZwdzAFT+TN1+31+0Lea1DqknxY8QLcwtuWOKRI4Dzn5oFURsPYqa/ZD/gn/8AtRX/AO1Z8B4/EGuW0Vt4m0m9fSNUaBQkVxKkccizooJ2h0kXI4wyvgAYoA+Zv+CPvw71/wCEvjz9ofwf4osW07XtHuNFtrq3bkBh9vIZT/EjKVZWHBVgR1r9Lq5XSfh9p+jfErxL4xtkWO/17TtPsLraMb/sj3TI59Wxdbc+iKO1dVSEFFFFABRRRQAUUUUAFFFFABXx1/wVl/5Mr8Tf9hHTv/SlK+xa+Ov+Csv/ACZX4m/7COnf+lKUAfhDX9Hn7F//ACaX8IP+xW0//wBELX84df0efsX/APJpfwg/7FbT/wD0QtNjZ7PRRRSEFFFFABRRXKfEr4reEPg74am8QeNfEWn+G9Iiz/pF9ME3sBnZGv3pHx0VAWPYUAfJn/BYLxf/AMI5+yDJpgyW8Qa9ZafhSPup5lySRnpm3A+pFfh2iNI6oilnY4CqMkn0Ffan/BSH9ubS/wBqvWtD8O+DYLqHwR4flluBdXkflyajcsAgl2HlERdwUHDHzGLAcAfVH/BMb9ge08C6Fpvxk+I+nq3iW6QXWg6XeKNumQEZW6kB485h8yg/6tSD984RjPGv2R/+CR+v/ES0sfFPxguLrwjoMyrNB4dtxs1O4U8/vywIt1Ix8uDJyQRGQCfuPUPFf7K/7AdmLFP+EZ8G6ssKqbWxgN5rMyEHaZCoecqecNIdvXmvjz9ur/gqlqGrahqfgH4J6kbHSYt1tfeM7V8T3LchksmH+rQcjzx8zHlNoAd/zMvLufULue6uppLm6nkaWWeZy7yOxyzMx5JJJJJ9aAP2I8Tf8FsPhnY3Dx6D4E8UavGpIEt41vaK2O4AeQ4PuAeegqloX/BbjwFcXCjWfhx4ksIc/M9jdW90w+isY8/nX4/0U7Dsfvh4X/ai/Zb/AG0rWDw7qlzoOr6hLhYdE8YWCwXIdgcCFpRtZ+v+pcsK+Zv2pv8AgjpbfY7zxD8D76SOdA0jeEdWuN6uAPu21y5yDxwsxOSf9YuMV+VFfcn7FX/BTfxb8CdQsPC3xBu7zxd8O2IhWSdjLf6UvQNE5OZIgOsTHgAbCuNrIR8Va94f1PwrrV5o+taddaTq1lKYbmxvoWhmgkHVXRgCpHoRX6i/8EPvFbtD8WfDUkg8tW0/UYI++SJ45T/47DXuv7bH7HfhP9tb4V23xE+HktjceN1sBd6TqtmyrFrVvtytvK3AyRwjNgo3ythc4/L39jD9pq+/Y1+O769qekXd3pU0Muj69pABjuVj8xSSiOQBNHJGDtfGRvTK7twAP6HKK8y+CP7Snw2/aK0ZtQ8A+KrPW2jQPcWOTFeWuTj97A4DoMggMRtbHykjmvTaQgooooAKKKKACiiigAooooAK+Ov+Csv/ACZX4m/7COnf+lKV9i18df8ABWX/AJMr8Tf9hHTv/SlKAPwhr+jz9i//AJNL+EH/AGK2n/8Aoha/nDr+jz9i/wD5NL+EH/Yraf8A+iFpsbPZ6KKKQgooooA+Zv8AgoL+1FqX7KnwHOveH7aG48T6vfppOmyXCb4rZ2R5HnZcjdtSNsDpuZMggEH8HviR8U/F3xg8SS6/408Rah4l1eTj7TfzF9i5zsRfuxpknCqAo7Cv3k/4KFfs6zftI/s2a1pGlxNN4m0Vxrejxp1mniRw0OO5kjeRAOm4oT0r+fLrTQ0fU3/BOP8AZqt/2kP2irCDWrMXfhDw7H/a+rxyJuiuArAQ27ZGCJJCMqeqJIK+4f8Agrv+1jc/D/wjafB3wzdmDWPElqbjXJ4mIeHTiSiwAjvMVcNz9xCCMSA1vf8ABGf4ax+Gf2ctc8XywIt94o1qQLMv3mtbZRFGp+kpuT/wKvyv/ao+K0vxs/aI8f8AjJrhbq11DVplsZF6fY4j5VsBz/zySP6nJ70AeVUUUVRQUUUUAFFFFAH6Mf8ABIz9rK68FePv+FN+Ir5pPDfiB2l0Rpnytlf4LNEueiTAHjOPMVcDMjE1P+CwX7NcPw9+J+l/FPQ7MQaN4uZrfVFiXCRaki539ePOjBbAH3oZGJy1fAGg65f+F9c07WdKunstU065jvLS6jxuhmjYOjjPcMoP4V+6v7Z+n2P7TP8AwTv1bxRawIGk0C08YWW5cm3MaJcSAeh8kzJ7bjUkn4V6D4g1TwrrFrq+ianeaNq1o/mW9/p9w8E8LYI3JIhDKcE8g96/Z3/gln+2d4t/aL0jxL4O8fXC6t4h8PRQ3VrrWxUku7Z2ZSsyqAu+NggDjlw/IypZvxTr9nP+CPf7Otx8O/hDqvxL1iFodU8ZsiWELjBj0+EttfBAIMshdu4KJEw+8abGz9B6KKKkkKKKKACiiigAooooAK+Ov+Csv/Jlfib/ALCOnf8ApSlfYtfHX/BWX/kyvxN/2EdO/wDSlKAPwhr+jz9i/wD5NL+EH/Yraf8A+iFr+cOv6PP2L/8Ak0v4Qf8AYraf/wCiFpsbPZ6KKKQgooooAK/AL/gpb8H9K+Df7Wvia00TZFpmuRR6/HaoOLZ5y3mp9DKkjgDAVXVR0r96fFHibTfBfhrVdf1m6Sx0jS7WW9vLqT7sUMaF3Y/RQTX83X7SHxt1L9oj41eKfHupB4v7UuibS1c5+y2qAJBF6ZWNVyRwW3HvTQ0ftD/wT5ZdJ/4J3+DJ7PiRNM1WcHOT5n2y6Yn/AL6r8E1+6K/dD/gkv4ps/GH7FumaKPmOhanqGlXKEY5klNz36grdDn6+lfih8QvBd38OfH3iTwpfnN7oepXGmzNtxueGVoyceh25/GhAjn6KKKooKKKKACiiigAr95f2X0Hir/gmPo9rqQVobjwZqVlIsgypiC3EQz7bAK/Bqv3v1+3f9nf/AIJj3VnqDLYajpfw++ySbsDy76e28sL7nz5gPf8AGpZLPxP/AGffhvB8YPjd4E8FXc5tbLXNXtrK5mVtrLCzjzCpx97Zux74r+lfRdGsfDuj2Gk6ZaxWOm2EEdra2sK7UhiRQqIo7AKAAPav5efDviDUfCPiDS9c0e6ex1fS7qK9s7qMAtDNE4eNxkEZDKDyO1f0ifs0/HLTf2jfgl4X8e6cqQtqVsBe2iEn7Ldodk8PPOFcNgnGVKt0NAHp9FFFIQUUUUAFFFFABRRRQAV8df8ABWX/AJMr8Tf9hHTv/SlK+xa+Pv8AgrBbyTfsT+LHRSyxX2nO59B9rjXP5sB+NAH4O1/R5+xf/wAml/CD/sVtP/8ARC1/OHX9E/7BvinSvFn7IXwsn0m9jvI7PQ7fTrjyzzFcQII5Y2HYhlPXqCD0IpsbPfKKKKQgooooA+FP+CxXjjWvCn7LNhpmlyNb2XiHX7fTtRlXq0KxTTiLPbc8KE+oQjoTX4j1/Tn8WvhP4Y+N/gHVfBvjDTV1TQtRQLLEWKujA5SRGHKurAEEencZFfkt+0d/wR78d+AftWr/AAs1EePdETL/ANlXRSDVIl9B0jnwM8rsY9AhpoaLH/BGn47R+D/i54h+GepXCxWPiq2F3p/mPgC+twSUUYxmSEuSc/8ALBRzmqf/AAWA/Zxn8BfF+0+KemWx/wCEf8XBYL51HywalHHjB9PNiQOPVo5TXwzaz+JvhP45tblY7/wx4s0G8juI1uYGgubO4jYOhZHGVYEA4YfhX7s/Bj4pfD7/AIKSfsv6jpOu28Rup4FsfEWjxNtn068xuSeHOcKWXzIn5HylTkq6gA/Aaivb/wBqn9kfxv8Asn+N5dI8R2rXug3Erf2T4it4yLW/jHI9fLlA+9ETlTnBZdrt4hTGFFFFMYUUV3XwY+CfjH4/+PLHwj4J0iXVdVuTud8EQWsWQGmnkxiONcjJPUkAAsQCAet/8E+/2b5/2kP2jNDsbq0abwpoLprGuSOmYjDGwKW5JGCZXCptyCU8wj7pr7p/4LPfHiLQPhz4c+FFhcj+0tfnXVdTiRhlLKFiIlYdcSTDcD/07tXvfw18AfDf/gmV+y/qV/qt99oaBftmraltAudYvyuEhgQnjONkcecKNzMeZHP4kfHf4z+If2i/i5rvjjXyzajq1x+5s4yXS1hHyw28fHRVwOmWOWPLGpJPPa/Ub/giJ4y1ttW+JvhMtJL4cSG11RVP3ILpmaIke8iKM/8AXAeleG/s3/8ABKr4sfGn7LqvimL/AIVt4Xkw3natCWv5l/6Z2uQy/WUp1yA1frj+zR+y34G/ZU8ES+HfBlrOzXcouNQ1S+kEl3fSgYVpGAACqOFRQFGScZZiQD16iiikIKKKKACiiigAooooAK4P47fCfT/jp8H/ABZ4C1NxFba5YPbLOV3eRLw0UuO5SRUfH+zXeUUAfzAfEj4d6/8ACXx1rfg/xRYPpuvaPctbXVu4/iHIZT/EjKVZWHDKykcGn+Dfij4z+Ha3C+FPF2veGFuSDOujanPaCUjoW8tl3Y96/oF/ag/Yv+G37WGlwL4ssJrHXrRPLs/EOlMsV7Cm7d5ZYqVkjyT8jggbmK7Sc18FeIv+CIPiKG/f+wvilpd1ZFiUOo6XJDIozwDsdwT78Z9BTuM+E/8Ahp34x/8ARWvHX/hSXv8A8do/4ad+Mf8A0Vrx1/4Ul7/8dr7X/wCHI/j3/opHhz/wEuP8KP8AhyP49/6KR4c/8BLj/CmPQ+KP+GnfjH/0Vrx1/wCFJe//AB2j/hp34x/9Fa8df+FJe/8Ax2vtf/hyP49/6KR4c/8AAS4/wo/4cj+Pf+ikeHP/AAEuP8KA0Mn9hL/god8cI/GmhfDa50i6+Mdpfz+XCl3csuqWqk5eT7W2Q0aDcx87OAAPMRQK/ZevnP8AYx/Yt8L/ALIvglre1aPWvGWooP7X8QNFtaTuIYgeUhU9urEbm7BeC/b+/b+0v9l3QZfC/heW31X4n6hDmG3bEkWlRsOLicd2I5SM9fvN8uA0knif/Ba74T6RJ4D8EfEmCzSHXINU/sK6uY0AaeCSGWaMSHqdjQvt9PNb1Ffmp8Cfj54z/Zx+IFp4v8Eal9h1GIeXPbzAvbXsJILQzx5G9DgdwQQCpVgCP1E+PmtXvx//AOCQWleKrmefXdZtNO068ubqRjJLLNbXaW1zK57kATMxPoxr8eKaGj95/gX+158E/wBvbwPJ4L8S2Gnw67eQgX3gzX9rea4Gd9rIQBLtILBkxImNxVeDXzr8ev8Agi3bX15c6l8IfFkemo5LLoPiUu8SZOcR3SBnCgcAOjH1fvX5SRSvbypLE7RyowZHQkMpHIIPY19V/B//AIKdfHz4P2MdgviW38Y6bEu2K18WQNeFP+2yukx+jSEDAwBQBV8Tf8Eyf2kPDN5LCfh5JqsKttS60vUbWaOQf3gPMDgf7yg1S0n/AIJuftI6zcCKH4X30Jzy93fWkCj3y8wz+FfWXh3/AILh3kccaa78IoZ3x88+na8YxnHaN4G/9Dq3rX/BcRdpXSPg+xYj/W33iAAA/wC4tvz/AN9CjUNTnPgz/wAEVfE2pXkN38UfGllounhgz6b4bBubqRccqZpFVImz3CSjj34+y/Evj79nr/gmr8NRpNrDa6HLcL5sOi6fm51bVZADh5CxLEfeHmSsqL90EcLX5p/Fj/grN8d/iRaTWOk32l+ArGQsCfD9qftLIc4Uzys7Kf8AajCHjtXx7rWtaj4k1S51PVr+61TUrp/MnvL2ZpppW/vO7Elj7k0Ae1ftZ/th+NP2uPGSanr5XSvD9kzDSvDtrKXgs1PBZmIHmSkY3SEDPQBR8tfRH/BG34S6Z44+PXiPxbqtpFer4T01HskmQMIrueQqkwz/ABKkcwHHBbIwQK+AK/XD/gjLo9v4S+BvxY8d3Q8uGXUkt5JG4Hl2dsZjz6D7S1MZ+mdFfmn/AME6f+Clb/EC6sfhf8XdTUeJpnEWh+JbghF1Ak/La3B6Cfsj9JOFP7zBl/SypJCiiigAooooAKKKKACiiigAooooAKKKKACiiigAoorx79r34meJvg5+zX498ZeDrAah4i0mwEtsjR+YIQ0iJJcFcHIhjZ5SCMYj54zQB4t+39+39pf7LuhS+FvC8tvqvxQv4MwwNh4tJjYcXE46FyOUjPXhm+XAb8N/EXiPVPF+vX+t63qFxqur6hM1xdXt3IZJZpGOWZmPUk0niLxFqfi7XtQ1vWr+41XVtQna5u726kLyzSMcszMepJrPqij9E/8Agmz+214P8B+DtU+CXxdkt4vBWqvMLC/1BN9nEs42z2lyMYWFySwYjaC77iAQR7hqX/BIP4IeKNQbxD4e+I+sWPhS4LTJb2t3a3USI3IWK4ZT8g7Ft5xjLE8n8fKTaPSiwWP18j/Y/wD2Efg+jw+LfHmn+ILuHmSLVvFymf8AGKzaNv8Ax2uf+N3/AATj+Enx++Dv/Cwv2Xru3+3Rb3j0yC/lls9S2/fh/fsXt5xxtDFV6BlUNvX8+P2b/wBm/wAX/tPfEa18J+ErT0lv9TmU/Z9PgzgyykfkFHLHgdyP38/Zv/Zz8Jfsw/DW08H+FLdiinzr7UZgPPv7ggBppCPoAFHCgACkI/m31DT7vR9QurC/tZrG+tZWguLW5jMcsMikqyOpAKsCCCDyCKr1+6X7bP8AwTX8O/tSasni7w5qcHgzx2FCXd01sZLbVEC4Xz1UgrIvAEoydo2lWwpTz79kv/gklpXwh8aWvi/4ma3YeM9QsGEtho1nbsLGKYHIlkaTmUjghSqgEZO7jDuO54t+xl/wTR8P33w+uPip+0J5mj+GRbG8tdDuLprILahdxubuRSrxqRyqBlOOWPO2vUE+AX/BPf4tRFdC8VaL4cuZjtVofE09jLu6DbFeORn2CfhX6DfEf4c+Hfi34I1fwj4s0uHWPD+qw+TdWk2cMMgqykcqysAysCCrKCCCBX4K/tsfsT+JP2RfGwDGbWvAWpysNH14p9T9muMDCzqAfQSAFlxhlRCPutf+COPwW1Ax6pp/xO8SP4fX5pXF1ZS5X2nWIKv1KmuY/bQ/a1+FfwD/AGeZ/wBnr4Gz2eoyXdpJpl9daZMLi2sbaTP2gPNyJbiXc6tgnbvckqQqn8pto9KWnYdgr9cv+Cb/APwUg/4TL+y/hN8WdV/4qH5bXQfE15J/yEegS1uXP/LfoEkP+t4Vv3mDL+RtB96AP6o6K+PP+CWvxo8dfGj9ms3fjp59RuNH1KTS9P1q6VhLqFskcZDSMf8AWujMyGT+LaN2XDsfsOpJCiiigAooooAKKKKACiiigAooooAKKKKACkZQykEZB4INLRQB4740/Y7+CHxBaeTXPhZ4XuLi4OZbq306O2nc+pliCuT75r82P+Cn37D3w3/Zy+Hfhfxj8O9JutFiu9YOl3trJfS3MXzwySRlfNZmBHkuPvc5r9ia+V/+CnPgOXx5+xf47W1tvtN7o4t9YiUAkqsMyGZ/wgMxoA/ASvVP2b/2b/F/7T/xGtfCfhO19Jb/AFOZT9n0+DODLKR+QUcseB3IP2b/ANnDxf8AtQfEa18J+ErX0lv9TmU/Z9PgzgyykfkFHLHgdyP36/Zv/Zv8Ifsv/Dm18J+E7X0lv9TmUfaNQnxgyyEfkFHCjgdyaKD9m/8AZv8ACH7L/wAObXwn4TtfSW/1OZR9o1CfGDLIR+QUcKOB3J9VooqSQooooAK5n4kfDfw38XPBOq+EvFulQa1oGpxeVc2k4OD3DKRyrqQGVlIKkAggiumooA/nw/bY/Yn8SfsieNgCZ9a8BanKw0fXinOeT9muMDCzqAfQSAFlxhlT5rr+n74kfDfw38XPBOq+EvFulQa1oGpxeTc2k44I6hlI5V1IDKykFSAQQRX4LftsfsS+Jf2RPGgz5+teAdTmYaPr5Tvgt9muMDCTqAfQSKpZcYdUoo6//gmf+yj4W/ak+KHiiDxvbXd34a0PS0nMFpcNAXuZJlEYZ1527Em4BBzjniv1k8EfsG/s/fD+NF0v4U+HrhlORJrFudSfOc53XJkIOfTp2r5c/wCCJ/gB9I+D/j3xjLbywvrmsRWEUkisBLDaxbgyZ4K77mRcjuhH8PH6PUhFfT9PtdJsobOytobO0hUJFb28YSONR0CqOAPYVYoopCCiiigAooooAKKKKACiiigAooooAKKKKACiiigAqrqn/INu/wDri/8A6CaKKAPhn/gkr/yTn4nf9jbc/wBa+8KKKACiiigAooooAKKKKACvm7/got/yZn8TP+vBf/Ri0UUAdh+x7/ya98Mf+wHb/wDoNew0UUAFFFFABRRRQAUUUUAf/9k=" preserveAspectRatio="none" id="img7"></image><clipPath id="clip8"><rect x="0" y="0" width="504305" height="504305"/></clipPath><clipPath id="clip9"><rect x="0" y="-2770.64" width="839585" height="795251"/></clipPath><clipPath id="clip10"><rect x="0" y="0" width="832662" height="792480"/></clipPath><clipPath id="clip11"><rect x="-0.272727" y="-2770.55" width="504305" height="512618"/></clipPath><clipPath id="clip12"><rect x="0" y="0" width="504305" height="504305"/></clipPath><clipPath id="clip13"><rect x="-2770.82" y="-0.363636" width="509847" height="507076"/></clipPath><clipPath id="clip14"><path d="M0.0420588 0.0855602 507076 0.0855602 507076 507076 0.03125 507076Z" fill-rule="evenodd" clip-rule="evenodd"/></clipPath></defs><g clip-path="url(#clip0)" transform="translate(-44 1)"><rect x="2457.5" y="152.5" width="1722" height="1985" stroke="#000000" stroke-width="9.16667" stroke-linejoin="round" stroke-miterlimit="10" stroke-dasharray="27.5 9.16667" fill="#FFFFFF"/><rect x="2522.5" y="263.5" width="1627" height="973" stroke="#0071C5" stroke-width="20.625" stroke-linejoin="round" stroke-miterlimit="10" fill="#FFFFFF"/><g clip-path="url(#clip1)" transform="matrix(0.000360892 0 0 0.000360892 3915 203)"><g clip-path="url(#clip3)" transform="matrix(1.0048 0 0 1 0.482666 -0.0209961)"><use width="100%" height="100%" xlink:href="#img2" transform="scale(2240.14 2240.14)"></use></g></g><rect x="2630.5" y="299.5" width="1092" height="191" stroke="#000000" stroke-width="9.16667" stroke-linejoin="round" stroke-miterlimit="10" fill="#FFFFFF"/><text font-family="Intel Clear,Intel Clear_MSFontService,sans-serif" font-weight="400" font-size="110" transform="matrix(1 0 0 1 2953.14 431)">User app</text><rect x="2630.5" y="629.5" width="1285" height="552" stroke="#000000" stroke-width="9.16667" stroke-linejoin="round" stroke-miterlimit="10" fill="#F2F2F2"/><text font-family="Intel Clear,Intel Clear_MSFontService,sans-serif" font-weight="400" font-size="110" transform="matrix(1 0 0 1 2898.43 1135)">Gramine <tspan font-size="110" x="447.448" y="0">LibOS</tspan><tspan font-size="110" x="-160.644" y="-1001">Untrusted </tspan><tspan font-size="110" x="366.439" y="-1001">MS Azure V</tspan><tspan font-size="110" x="937.065" y="-1001">M</tspan></text><rect x="70.5" y="232.5" width="1752" height="582" stroke="#000000" stroke-width="9.16667" stroke-linejoin="round" stroke-miterlimit="10" stroke-dasharray="27.5 9.16667" fill="#FFFFFF"/><text font-family="Intel Clear,Intel Clear_MSFontService,sans-serif" font-weight="400" font-size="110" transform="matrix(1 0 0 1 513.295 210)">Trusted machine</text><rect x="658.5" y="299.5" width="1092" height="194" stroke="#000000" stroke-width="9.16667" stroke-linejoin="round" stroke-miterlimit="10" fill="#FFFFFF"/><text font-family="Intel Clear,Intel Clear_MSFontService,sans-serif" font-weight="400" font-size="110" transform="matrix(1 0 0 1 737.099 432)">SGX Quote Verifier</text><path d="M102.5 304.44C102.5 323.737 215.772 339.381 355.5 339.381 495.228 339.381 608.5 323.737 608.5 304.44L608.5 660.56C608.5 679.857 495.228 695.5 355.5 695.5 215.772 695.5 102.5 679.857 102.5 660.56Z" fill="#FFFFFF" fill-rule="evenodd"/><path d="M102.5 304.44C102.5 285.143 215.772 269.5 355.5 269.5 495.228 269.5 608.5 285.143 608.5 304.44 608.5 323.737 495.228 339.381 355.5 339.381 215.772 339.381 102.5 323.737 102.5 304.44Z" fill="#FFFFFF" fill-rule="evenodd"/><path d="M608.5 304.44C608.5 323.737 495.228 339.381 355.5 339.381 215.772 339.381 102.5 323.737 102.5 304.44 102.5 285.143 215.772 269.5 355.5 269.5 495.228 269.5 608.5 285.143 608.5 304.44L608.5 660.56C608.5 679.857 495.228 695.5 355.5 695.5 215.772 695.5 102.5 679.857 102.5 660.56L102.5 304.44" stroke="#000000" stroke-width="9.16667" stroke-linejoin="round" stroke-miterlimit="10" fill="none" fill-rule="evenodd"/><text font-family="Intel Clear,Intel Clear_MSFontService,sans-serif" font-weight="400" font-size="83" transform="matrix(1 0 0 1 182.045 427)">Expected <tspan font-size="83" x="-4.58333" y="99">measure</tspan><tspan font-size="83" x="317.396" y="99">-</tspan><tspan font-size="83" x="56.1458" y="198">ments</tspan><tspan font-family="Cambria Math,Cambria Math_MSFontService,sans-serif" font-weight="700" font-size="110" x="3798.68" y="351">②</tspan><tspan font-family="Cambria Math,Cambria Math_MSFontService,sans-serif" font-weight="700" font-size="110" x="3396.46" y="935">④</tspan></text><path d="M0-6.875 1.37112-6.875C5.16807-6.875 8.24612-3.79696 8.24612 0L8.24612 281.75 1.37112 274.875 576.172 274.875 569.297 281.75 569.297 233.625 583.047 233.625 583.047 281.75C583.047 285.547 579.969 288.625 576.172 288.625L1.37112 288.625C-2.42584 288.625-5.50388 285.547-5.50388 281.75L-5.50388 0 1.37112 6.875 0 6.875ZM555.547 240.5 576.172 199.25 596.797 240.5Z" transform="matrix(-1 1.22465e-16 1.22465e-16 1 931.172 496)"/><text font-family="Cambria Math,Cambria Math_MSFontService,sans-serif" font-weight="700" font-size="110" transform="matrix(1 0 0 1 2566.95 601)">③<tspan font-size="110" x="1075.51" y="1229">⑤</tspan></text><rect x="2865.5" y="660.5" width="995" height="120" stroke="#000000" stroke-width="9.16667" stroke-linejoin="round" stroke-miterlimit="10" stroke-dasharray="73.3333 27.5" fill="#FFDBCC"/><text font-family="Intel Clear,Intel Clear_MSFontService,sans-serif" font-weight="700" font-size="92" transform="matrix(1 0 0 1 2898.22 750)">/dev/attestation/</text><rect x="2866.5" y="777.5" width="994" height="120" stroke="#000000" stroke-width="9.16667" stroke-linejoin="round" stroke-miterlimit="10" stroke-dasharray="73.3333 27.5" fill="#FFDBCC"/><text font-family="Intel Clear,Intel Clear_MSFontService,sans-serif" font-weight="700" font-size="92" transform="matrix(1 0 0 1 3077.53 867)">user_report_data</text><rect x="2865.5" y="896.5" width="995" height="120" stroke="#000000" stroke-width="9.16667" stroke-linejoin="round" stroke-miterlimit="10" stroke-dasharray="73.3333 27.5" fill="#FFDBCC"/><text font-family="Intel Clear,Intel Clear_MSFontService,sans-serif" font-weight="700" font-size="92" transform="matrix(1 0 0 1 3076.97 986)">quote</text><path d="M0-6.875 347.362-6.875C351.159-6.875 354.237-3.79696 354.237 0L354.237 55.1169 340.487 55.1169 340.487 0 347.362 6.875 0 6.875ZM367.987 48.2419 347.362 89.4919 326.737 48.2419Z" transform="matrix(1.83697e-16 1 1 -1.83697e-16 2776 490)"/><path d="M3803.44 507.432 4133.44 507.432 4133.44 601.432 3803.44 601.432Z" fill="#C0C0C0" fill-rule="evenodd"/><text font-family="Intel Clear,Intel Clear_MSFontService,sans-serif" font-weight="700" font-size="73" transform="matrix(1 0 0 1 3803.44 581)">EREPORT</text><path d="M0-6.875 107.948-6.875C111.745-6.875 114.823-3.79696 114.823 0L114.823 200.547 101.073 200.547 101.073 0 107.948 6.875 0 6.875ZM128.573 193.672 107.948 234.922 87.3233 193.672Z" transform="matrix(1 0 0 -1 3860 836.922)"/><text font-family="Cambria Math,Cambria Math_MSFontService,sans-serif" font-weight="700" font-size="110" transform="matrix(1 0 0 1 2789.92 599)">①</text><path d="M0-6.875 463.007-6.875C466.804-6.875 469.882-3.79696 469.882 0L469.882 127.693 456.132 127.693 456.132 0 463.007 6.875 0 6.875ZM483.632 120.818 463.007 162.068 442.382 120.818Z" transform="matrix(1.83697e-16 1 1 -1.83697e-16 2703 493)"/><rect x="2519.5" y="1487.5" width="1627" height="230" stroke="#0071C5" stroke-width="20.625" stroke-linejoin="round" stroke-miterlimit="10" fill="#FFFFFF"/><text font-family="Intel Clear,Intel Clear_MSFontService,sans-serif" font-weight="400" font-size="110" transform="matrix(1 0 0 1 2925.7 1638)">Quoting Enclave</text><g clip-path="url(#clip4)" transform="matrix(0.000360892 0 0 0.000360892 3915 1421)"><g clip-path="url(#clip5)" transform="matrix(1.0048 0 0 1 0.482666 0.185658)"><use width="100%" height="100%" xlink:href="#img2" transform="scale(2240.14 2240.14)"></use></g></g><path d="M0 6.875-82.5018 6.875-75.6268 0-75.6268 442.656-82.5018 435.781 524.688 435.781C528.485 435.781 531.563 438.859 531.563 442.656L531.563 496.21 517.813 496.21 517.813 442.656 524.688 449.531-82.5018 449.531C-86.2988 449.531-89.3768 446.453-89.3768 442.656L-89.3768 0C-89.3768-3.79696-86.2988-6.875-82.5018-6.875L0-6.875ZM545.313 489.335 524.688 530.585 504.063 489.335Z" transform="matrix(-1 0 0 1 3859.69 956)"/><g clip-path="url(#clip6)" transform="matrix(0.000360892 0 0 0.000360892 2587 1515)"><g clip-path="url(#clip8)" transform="matrix(1 0 0 1.0055 -0.0837402 0.199108)"><use width="100%" height="100%" xlink:href="#img7" transform="scale(2241.36 2241.36)"></use></g></g><path d="M0 6.875-245.898 6.875-239.023 0-239.023 1163.16-245.891 1156.28 13.6176 1156.57 13.6025 1170.32-245.906 1170.03C-249.7 1170.03-252.773 1166.95-252.773 1163.16L-252.773 0C-252.773-3.79696-249.695-6.875-245.898-6.875L0-6.875ZM7.59701 1142.55 47.9554 1164.87 5.88485 1183.76Z" transform="matrix(1 -1.22465e-16 -1.22465e-16 -1 2587 1606.87)"/><rect x="2520.5" y="1866.5" width="1626" height="230" stroke="#0071C5" stroke-width="20.625" stroke-linejoin="round" stroke-miterlimit="10" fill="#FFFFFF"/><text font-family="Intel Clear,Intel Clear_MSFontService,sans-serif" font-weight="400" font-size="110" transform="matrix(1 0 0 1 2819.57 2017)">Provisioning Enclave</text><g clip-path="url(#clip9)" transform="matrix(0.000360892 0 0 0.000360892 3916 1801)"><g clip-path="url(#clip10)" transform="matrix(1.00831 0 0 1 -0.608398 0.154674)"><use width="100%" height="100%" xlink:href="#img2" transform="scale(2232.34 2232.34)"></use></g></g><path d="M3790.88 1716.98 3791.2 1832.16 3777.45 1832.19 3777.12 1717.02ZM3804.93 1825.24 3784.42 1866.55 3763.68 1825.36Z"/><text font-family="Intel Clear,Intel Clear_MSFontService,sans-serif" font-style="italic" font-weight="400" font-size="73" transform="matrix(1 0 0 1 2727.24 1814)">(already done by MS Azure)</text><path d="M2485.3 1987.82 885.358 1984.94 885.383 1971.19 2485.33 1974.07ZM2478.48 1960.31 2519.69 1981.01 2478.4 2001.56ZM892.213 1998.7 851 1978 892.287 1957.45Z"/><path d="M1134.11 1879.56C1126.94 1834.39 1163.85 1792.8 1216.55 1786.65 1237.9 1784.16 1259.61 1787.88 1278.2 1797.22 1297.9 1765.39 1343.94 1753.29 1381.03 1770.2 1387.52 1773.16 1393.47 1776.9 1398.71 1781.33 1414.05 1754.94 1451.43 1744.22 1482.19 1757.38 1490.7 1761.02 1498.13 1766.29 1503.9 1772.78 1528.63 1747.83 1572.33 1744.74 1601.51 1765.9 1613.77 1774.79 1622.04 1787.05 1624.89 1800.58 1665.41 1810.06 1689.32 1845.96 1678.28 1880.77 1677.35 1883.7 1676.19 1886.56 1674.8 1889.35 1707.3 1925.62 1699.34 1977.61 1657.03 2005.47 1643.86 2014.14 1628.3 2019.75 1611.86 2021.77 1611.49 2060.79 1574.27 2092.17 1528.71 2091.86 1513.49 2091.75 1498.6 2088.04 1485.69 2081.14 1470.28 2124.89 1416.53 2149.61 1365.64 2136.37 1344.31 2130.82 1325.88 2119.08 1313.5 2103.15 1261.39 2130.09 1193.76 2115.6 1162.44 2070.78 1162.04 2070.21 1161.66 2069.65 1161.27 2069.07 1127.17 2072.5 1096.28 2051.63 1092.28 2022.48 1090.15 2006.94 1096.13 1991.38 1108.64 1979.96 1079.11 1965.06 1069.19 1932.35 1086.48 1906.9 1096.46 1892.22 1113.96 1882.52 1133.59 1880.77Z" stroke="#000000" stroke-width="9.16667" stroke-linejoin="round" stroke-miterlimit="10" fill="#FFFFFF" fill-rule="evenodd"/><path d="M1145.42 1985.61C1132.81 1986.45 1120.21 1983.96 1109.3 1978.45M1177.29 2063.94C1172.22 2065.67 1166.91 2066.83 1161.48 2067.37M1313.46 2101.59C1309.65 2096.68 1306.46 2091.44 1303.94 2085.96M1489.55 2062.62C1488.99 2068.43 1487.72 2074.18 1485.75 2079.76M1565.15 1956.66C1593.74 1968.59 1611.77 1993.52 1611.52 2020.75M1674.51 1888.4C1669.88 1897.67 1662.81 1905.9 1653.86 1912.43M1624.97 1799.23C1625.76 1802.98 1626.13 1806.78 1626.06 1810.58M1493.13 1785.99C1495.82 1780.76 1499.38 1775.88 1503.71 1771.52M1394.21 1792.89C1395.31 1788.57 1397.03 1784.37 1399.34 1780.41M1278.13 1797.13C1284.86 1800.51 1291.08 1804.58 1296.66 1809.24M1137.35 1892.31C1135.88 1888.14 1134.8 1883.88 1134.11 1879.57" stroke="#000000" stroke-width="9.16667" stroke-linejoin="round" stroke-miterlimit="10" fill="none" fill-rule="evenodd"/><text font-family="Cambria Math,Cambria Math_MSFontService,sans-serif" font-weight="700" font-size="110" transform="matrix(1 0 0 1 2283.62 1947)">⑥<tspan font-family="Intel Clear,Intel Clear_MSFontService,sans-serif" font-style="italic" font-weight="400" font-size="73" x="-510.363" y="-88">(already done by</tspan><tspan font-family="Intel Clear,Intel Clear_MSFontService,sans-serif" font-style="italic" font-weight="400" font-size="73" x="-398.071" y="0">MS Azure)</tspan><tspan font-size="110" x="-86.7424" y="-447">⑦</tspan></text><path d="M2629.3 361.045 1784.34 357.038 1784.41 343.288 2629.36 347.295ZM1791.15 370.82 1750 350 1791.35 329.571Z"/><text font-family="Cambria Math,Cambria Math_MSFontService,sans-serif" font-weight="700" font-size="110" transform="matrix(1 0 0 1 1899.74 462)">⑧</text><g clip-path="url(#clip11)" transform="matrix(0.000360892 0 0 0.000360892 2027 359)"><g clip-path="url(#clip12)" transform="matrix(1 0 0 1.0055 -0.249401 0.0321156)"><use width="100%" height="100%" xlink:href="#img7" transform="scale(2241.36 2241.36)"></use></g></g><path d="M48.5 1270.67C48.5 1244.07 70.0654 1222.5 96.6677 1222.5L803.332 1222.5C829.935 1222.5 851.5 1244.07 851.5 1270.67L851.5 1463.33C851.5 1489.93 829.935 1511.5 803.332 1511.5L96.6677 1511.5C70.0654 1511.5 48.5 1489.93 48.5 1463.33Z" stroke="#000000" stroke-width="9.16667" stroke-linejoin="round" stroke-miterlimit="10" stroke-dasharray="27.5 9.16667" fill="#FFFFFF" fill-rule="evenodd"/><text font-family="Intel Clear,Intel Clear_MSFontService,sans-serif" font-weight="400" font-size="73" transform="matrix(1 0 0 1 187.555 1302)">Microsoft Azure <tspan font-size="73" x="-29.5167" y="88">Attestation (MAA) </tspan><tspan font-size="73" x="121.458" y="176">provider</tspan></text><path d="M698.5 1474.63C698.5 1494.58 811.772 1510.75 951.5 1510.75 1091.23 1510.75 1204.5 1494.58 1204.5 1474.63L1204.5 1691.37C1204.5 1711.33 1091.23 1727.5 951.5 1727.5 811.772 1727.5 698.5 1711.33 698.5 1691.37Z" fill="#FFFFFF" fill-rule="evenodd"/><path d="M698.5 1474.63C698.5 1454.67 811.772 1438.5 951.5 1438.5 1091.23 1438.5 1204.5 1454.67 1204.5 1474.63 1204.5 1494.58 1091.23 1510.75 951.5 1510.75 811.772 1510.75 698.5 1494.58 698.5 1474.63Z" fill="#FFFFFF" fill-rule="evenodd"/><path d="M1204.5 1474.63C1204.5 1494.58 1091.23 1510.75 951.5 1510.75 811.772 1510.75 698.5 1494.58 698.5 1474.63 698.5 1454.67 811.772 1438.5 951.5 1438.5 1091.23 1438.5 1204.5 1454.67 1204.5 1474.63L1204.5 1691.37C1204.5 1711.33 1091.23 1727.5 951.5 1727.5 811.772 1727.5 698.5 1711.33 698.5 1691.37L698.5 1474.63" stroke="#000000" stroke-width="9.16667" stroke-linejoin="round" stroke-miterlimit="10" fill="none" fill-rule="evenodd"/><text font-family="Intel Clear,Intel Clear_MSFontService,sans-serif" font-weight="400" font-size="73" transform="matrix(1 0 0 1 767.407 1581)">Attestation <tspan font-size="73" x="2.56671" y="88">certificates</tspan></text><path d="M1115.4 535.375 1115.4 1112.03C1115.4 1115.82 1112.32 1118.9 1108.52 1118.9L638 1118.9 644.875 1112.03 644.875 1180.05 631.125 1180.05 631.125 1112.03C631.125 1108.23 634.203 1105.15 638 1105.15L1108.52 1105.15 1101.65 1112.03 1101.65 535.375ZM1087.9 542.25 1108.52 501 1129.15 542.25ZM658.625 1173.17 638 1214.42 617.375 1173.17Z"/><path d="M1069.11 1032.23C1061.94 987.178 1098.85 945.687 1151.55 939.559 1172.9 937.076 1194.61 940.788 1213.2 950.102 1232.9 918.349 1278.94 906.282 1316.03 923.148 1322.52 926.097 1328.47 929.835 1333.71 934.246 1349.05 907.925 1386.43 897.232 1417.19 910.362 1425.7 913.995 1433.13 919.251 1438.9 925.724 1463.63 900.834 1507.33 897.759 1536.51 918.857 1548.77 927.724 1557.04 939.955 1559.89 953.452 1600.41 962.905 1624.32 998.715 1613.28 1033.43 1612.35 1036.35 1611.19 1039.21 1609.8 1041.99 1642.3 1078.17 1634.34 1130.02 1592.03 1157.81 1578.86 1166.46 1563.3 1172.06 1546.86 1174.07 1546.49 1212.99 1509.27 1244.29 1463.71 1243.98 1448.49 1243.87 1433.6 1240.17 1420.69 1233.29 1405.28 1276.92 1351.53 1301.58 1300.64 1288.37 1279.31 1282.84 1260.88 1271.13 1248.5 1255.24 1196.39 1282.12 1128.76 1267.66 1097.44 1222.95 1097.04 1222.39 1096.66 1221.82 1096.27 1221.25 1062.17 1224.67 1031.28 1203.86 1027.28 1174.78 1025.15 1159.28 1031.13 1143.76 1043.64 1132.37 1014.11 1117.51 1004.19 1084.88 1021.48 1059.5 1031.46 1044.86 1048.96 1035.18 1068.59 1033.44Z" stroke="#000000" stroke-width="9.16667" stroke-linejoin="round" stroke-miterlimit="10" fill="#FFFFFF" fill-rule="evenodd"/><path d="M1080.42 1138C1067.81 1138.85 1055.21 1136.35 1044.3 1130.86M1112.29 1216.14C1107.22 1217.86 1101.91 1219.01 1096.48 1219.55M1248.46 1253.68C1244.65 1248.79 1241.46 1243.57 1238.94 1238.09M1424.55 1214.81C1423.99 1220.61 1422.72 1226.34 1420.75 1231.91M1500.15 1109.13C1528.74 1121.02 1546.77 1145.89 1546.52 1173.05M1609.51 1041.05C1604.88 1050.29 1597.81 1058.5 1588.86 1065.02M1559.97 952.108C1560.76 955.843 1561.13 959.634 1561.06 963.428M1428.13 938.903C1430.82 933.681 1434.38 928.818 1438.71 924.466M1329.21 945.783C1330.31 941.467 1332.03 937.285 1334.34 933.333M1213.13 950.012C1219.86 953.382 1226.08 957.438 1231.66 962.091M1072.35 1044.94C1070.88 1040.79 1069.8 1036.54 1069.11 1032.23" stroke="#000000" stroke-width="9.16667" stroke-linejoin="round" stroke-miterlimit="10" fill="none" fill-rule="evenodd"/><text font-family="Cambria Math,Cambria Math_MSFontService,sans-serif" font-weight="700" font-size="110" transform="matrix(1 0 0 1 702.944 1051)">⑨</text><g clip-path="url(#clip13)" transform="matrix(0.000360892 0 0 0.000360892 835 895)"><g clip-path="url(#clip14)"><use width="100%" height="100%" xlink:href="#img7" transform="matrix(2253.67 0 0 2253.67 0.0420588 0.0855602)"></use></g></g><path d="M48.5 1859.5C48.5 1827.47 74.4677 1801.5 106.501 1801.5L793.499 1801.5C825.532 1801.5 851.5 1827.47 851.5 1859.5L851.5 2091.5C851.5 2123.53 825.532 2149.5 793.499 2149.5L106.501 2149.5C74.4677 2149.5 48.5 2123.53 48.5 2091.5Z" stroke="#000000" stroke-width="9.16667" stroke-linejoin="round" stroke-miterlimit="10" stroke-dasharray="27.5 9.16667" fill="#FFFFFF" fill-rule="evenodd"/><text font-family="Intel Clear,Intel Clear_MSFontService,sans-serif" font-weight="400" font-size="73" transform="matrix(1 0 0 1 145.435 1911)">Intel® Provisioning <tspan font-size="73" x="-26.3542" y="88">Certification Service </tspan><tspan font-size="73" x="132.344" y="176">(Intel PCS)</tspan></text></g></svg>
\ No newline at end of file
diff --git a/Documentation/manifest-syntax.rst b/Documentation/manifest-syntax.rst
index 6f3160b1c5..eabd81f8dd 100644
--- a/Documentation/manifest-syntax.rst
+++ b/Documentation/manifest-syntax.rst
@@ -762,7 +762,7 @@ Attestation and quotes
 
 ::
 
-    sgx.remote_attestation = "[none|epid|dcap]"
+    sgx.remote_attestation = "[none|epid|dcap|maa]"
     (Default: "none")
 
     sgx.ra_client_linkable = [true|false]
@@ -780,6 +780,9 @@ filled with your registered Intel SGX EPID Attestation Service credentials
 For :term:`DCAP` based attestation, ``remote_attestation`` must be set to
 ``dcap``. ``ra_client_spid`` and ``ra_client_linkable`` are ignored.
 
+For :term:`MAA` based attestation, ``remote_attestation`` must be set to
+``maa``. ``ra_client_spid`` and ``ra_client_linkable`` are ignored.
+
 Pre-heating enclave
 ^^^^^^^^^^^^^^^^^^^
 
@@ -987,5 +990,5 @@ Attestation and quotes (deprecated syntax)
 This syntax specified whether to enable SGX remote attestation. The boolean
 value has been replaced with the string value. The ``none`` value in the new
 syntax corresponds to the ``false`` boolean value in the deprecated syntax. The
-explicit ``epid`` and ``dcap`` values in the new syntax replace the ambiguous
-``true`` boolean value in the deprecated syntax.
+explicit ``epid``, ``dcap``, ``maa`` values in the new syntax replace the
+ambiguous ``true`` boolean value in the deprecated syntax.
diff --git a/Documentation/sgx-intro.rst b/Documentation/sgx-intro.rst
index 9f00c337ba..2d23e13dd9 100644
--- a/Documentation/sgx-intro.rst
+++ b/Documentation/sgx-intro.rst
@@ -267,6 +267,9 @@ SGX terminology
             A |~| way to launch enclaves with Intel's infrastructure, intended
             for client machines.
 
+         :term:`MAA`
+            A |~| way to launch enclaves in the Microsoft Azure public cloud.
+
    Enclave
       .. todo:: TBD
 
@@ -316,9 +319,12 @@ SGX terminology
       .. seealso::
 
          :term:`DCAP`
-            A way to launch enclaves without relying on the Intel's
+            A |~| way to launch enclaves without relying on the Intel's
             infrastructure.
 
+         :term:`MAA`
+            A |~| way to launch enclaves in the Microsoft Azure public cloud.
+
          :term:`SPID`
             An identifier one can obtain from Intel, required to make use of EPID
             attestation.
@@ -413,6 +419,28 @@ SGX terminology
             Provisioning Certification Service, another Internet service
             provided by Intel.
 
+   Microsoft Azure Attestation
+   MAA
+
+      MAA is the attestation protocol (attestation scheme) developed by
+      Microsoft and available in the Microsoft Azure public cloud. Similarly to
+      :term:`EPID`, the remote verifier making user of the MAA protocol needs to
+      contact the MAA attestation provider each time it wishes to attest an
+      enclave. An enclave sends DCAP-formatted SGX quotes to the client/verifier
+      who will forward them to the MAA attestation provider to check the
+      enclave's validity and receive back the set of claims describing this
+      enclave.
+
+      .. seealso::
+
+         :term:`DCAP`
+            A |~| way to launch enclaves without relying on the Intel's
+            infrastructure.
+
+         :term:`EPID`
+            A |~| way to launch enclaves with Intel's infrastructure, intended
+            for client machines.
+
    Memory Encryption Engine
    MEE
 
diff --git a/pal/src/host/linux-sgx/common_manifest_sgx_parser.c b/pal/src/host/linux-sgx/common_manifest_sgx_parser.c
index 5269f30c1a..dfbe96311f 100644
--- a/pal/src/host/linux-sgx/common_manifest_sgx_parser.c
+++ b/pal/src/host/linux-sgx/common_manifest_sgx_parser.c
@@ -63,9 +63,11 @@ int parse_attestation_type(toml_table_t* manifest_root,
                 attestation_type = SGX_ATTESTATION_EPID;
             } else if (!strcmp(sgx_attestation_type_str, "dcap")) {
                 attestation_type = SGX_ATTESTATION_DCAP;
+            } else if (!strcmp(sgx_attestation_type_str, "maa")) {
+                attestation_type = SGX_ATTESTATION_MAA;
             } else {
                 log_error("Unknown 'sgx.remote_attestation' type (recognized values are "
-                          "\"none\", \"epid\" and \"dcap\")");
+                          "\"none\", \"epid\", \"dcap\", \"maa\")");
                 ret = -EINVAL;
                 goto out;
             }
@@ -76,8 +78,8 @@ int parse_attestation_type(toml_table_t* manifest_root,
         ret = toml_bool_in(manifest_root, "sgx.remote_attestation", /*defaultval=*/false,
                            &sgx_remote_attestation_enabled);
         if (ret < 0) {
-            log_error("Cannot parse 'sgx.remote_attestation' (the value must be \"none\", \"epid\" "
-                      "or \"dcap\", or in case of legacy syntax `true` or `false`)");
+            log_error("Cannot parse 'sgx.remote_attestation' (value must be \"none\", \"epid\", "
+                      "\"dcap\", \"maa\", or in case of legacy syntax `true` or `false`)");
             ret = -EINVAL;
             goto out;
         }
@@ -86,11 +88,12 @@ int parse_attestation_type(toml_table_t* manifest_root,
             if (sgx_ra_client_spid_str && strlen(sgx_ra_client_spid_str)) {
                 attestation_type = SGX_ATTESTATION_EPID;
             } else {
+                /* note that it's impossible to specify MAA in legacy syntax, only DCAP */
                 attestation_type = SGX_ATTESTATION_DCAP;
             }
         }
         log_always("Detected deprecated syntax 'sgx.remote_attestation = true|false'; "
-                   "consider using 'sgx.remote_attestation = \"none\"|\"epid\"|\"dcap\"'.");
+                   "consider using 'sgx.remote_attestation = \"none\"|\"epid\"|\"dcap\"|\"maa\"'.");
     }
 
     *out_attestation_type = attestation_type;
diff --git a/pal/src/host/linux-sgx/pal_linux.h b/pal/src/host/linux-sgx/pal_linux.h
index 7ee4aafe5f..d7b1789d6f 100644
--- a/pal/src/host/linux-sgx/pal_linux.h
+++ b/pal/src/host/linux-sgx/pal_linux.h
@@ -44,7 +44,8 @@ extern struct pal_linuxsgx_state {
 enum sgx_attestation_type {
     SGX_ATTESTATION_NONE,
     SGX_ATTESTATION_EPID,
-    SGX_ATTESTATION_DCAP
+    SGX_ATTESTATION_DCAP,
+    SGX_ATTESTATION_MAA
 };
 
 static inline const char* attestation_type_to_str(enum sgx_attestation_type attestation_type) {
@@ -52,6 +53,7 @@ static inline const char* attestation_type_to_str(enum sgx_attestation_type atte
         case SGX_ATTESTATION_NONE: return "none";
         case SGX_ATTESTATION_EPID: return "epid";
         case SGX_ATTESTATION_DCAP: return "dcap";
+        case SGX_ATTESTATION_MAA: return "maa";
         default: BUG();
     }
 }
diff --git a/python/graminelibos/sgx_sign.py b/python/graminelibos/sgx_sign.py
index aeda598760..3e3497e779 100644
--- a/python/graminelibos/sgx_sign.py
+++ b/python/graminelibos/sgx_sign.py
@@ -464,6 +464,8 @@ def get_mrenclave_and_manifest(manifest_path, libpal, verbose=False):
             print('    None')
         elif attestation_type == "dcap":
             print('    DCAP/ECDSA')
+        elif attestation_type == "maa":
+            print('    MAA (Microsoft Azure Attestation)')
         elif attestation_type == "epid":
             spid = manifest_sgx.get('ra_client_spid', '')
             linkable = manifest_sgx.get('ra_client_linkable', False)
diff --git a/tools/sgx/ra-tls/meson.build b/tools/sgx/ra-tls/meson.build
index 2677ec5f20..789fb6b065 100644
--- a/tools/sgx/ra-tls/meson.build
+++ b/tools/sgx/ra-tls/meson.build
@@ -151,4 +151,52 @@ if dcap
         'ln -sf ../../../libsecret_prov_verify_dcap.so ' +
         '"$MESON_INSTALL_DESTDIR_PREFIX"/@0@/gramine/runtime/glibc/'.format(
             get_option('libdir')))
+
+    # Microsoft Azure Attestation (MAA) scheme uses DCAP SGX quotes, so it is
+    # located under the `dcap` Meson config
+    libra_tls_verify_maa = shared_library('ra_tls_verify_maa',
+        'ra_tls_verify_maa.c',
+        'ra_tls_verify_common.c',
+        'ra_tls.h',
+
+        c_args: ra_tls_args,
+        include_directories: sgx_inc,
+        dependencies: [
+            cjson_dep,
+            libcurl_dep,
+            sgx_util_dep,
+            mbedtls_static_dep,
+        ],
+        install: true,
+        install_rpath: join_paths(get_option('prefix'), get_option('libdir')),
+    )
+    meson.add_install_script('/bin/sh', '-c',
+        'ln -sf ../../../libra_tls_verify_maa.so ' +
+        '"$MESON_INSTALL_DESTDIR_PREFIX"/@0@/gramine/runtime/glibc/'.format(
+            get_option('libdir')))
+
+    libsecret_prov_verify_maa = shared_library('secret_prov_verify_maa',
+        'ra_tls_verify_maa.c',
+        'ra_tls_verify_common.c',
+        'secret_prov_verify.c',
+        'secret_prov_common.c',
+        'ra_tls.h',
+        'secret_prov.h',
+
+        c_args: ra_tls_args,
+        include_directories: sgx_inc,
+        dependencies: [
+            threads_dep,
+            cjson_dep,
+            libcurl_dep,
+            sgx_util_dep,
+            mbedtls_static_dep,
+        ],
+        install: true,
+        install_rpath: join_paths(get_option('prefix'), get_option('libdir')),
+    )
+    meson.add_install_script('/bin/sh', '-c',
+        'ln -sf ../../../libsecret_prov_verify_maa.so ' +
+        '"$MESON_INSTALL_DESTDIR_PREFIX"/@0@/gramine/runtime/glibc/'.format(
+            get_option('libdir')))
 endif
diff --git a/tools/sgx/ra-tls/ra_tls.h b/tools/sgx/ra-tls/ra_tls.h
index cb5a780506..3a8baa5440 100644
--- a/tools/sgx/ra-tls/ra_tls.h
+++ b/tools/sgx/ra-tls/ra_tls.h
@@ -23,6 +23,9 @@
 #define RA_TLS_IAS_REPORT_URL  "RA_TLS_IAS_REPORT_URL"
 #define RA_TLS_IAS_SIGRL_URL   "RA_TLS_IAS_SIGRL_URL"
 
+#define RA_TLS_MAA_PROVIDER_URL         "RA_TLS_MAA_PROVIDER_URL"
+#define RA_TLS_MAA_PROVIDER_API_VERSION "RA_TLS_MAA_PROVIDER_API_VERSION"
+
 #define RA_TLS_CERT_TIMESTAMP_NOT_BEFORE "RA_TLS_CERT_TIMESTAMP_NOT_BEFORE"
 #define RA_TLS_CERT_TIMESTAMP_NOT_AFTER  "RA_TLS_CERT_TIMESTAMP_NOT_AFTER"
 
diff --git a/tools/sgx/ra-tls/ra_tls_verify_maa.c b/tools/sgx/ra-tls/ra_tls_verify_maa.c
new file mode 100644
index 0000000000..8810df1507
--- /dev/null
+++ b/tools/sgx/ra-tls/ra_tls_verify_maa.c
@@ -0,0 +1,1138 @@
+/* SPDX-License-Identifier: LGPL-3.0-or-later */
+/* Copyright (C) 2022 Intel Labs */
+
+/*!
+ * \file
+ *
+ * This file contains the implementation of a verification callback for TLS libraries. The callback
+ * verifies the correctness of a self-signed RA-TLS certificate with an SGX quote embedded in it.
+ * The callback accesses a specific attestation provider of the Microsoft Azure Attestation (MAA)
+ * for MAA-based attestation as part of the verification process. In particular, the callback sends
+ * the Attestation request (JSON string that embeds the SGX quote + Enclave Held Data) to MAA via
+ * HTTPS and receives an Attestation response (a JSON Web Token, or JWT, with claims). To ensure
+ * authenticity of the Attestation response, the callback also obtains a set of JSON Web Keys, or
+ * JWKs, from MAA and verifies the signature of JWT with the corresponding JWK's public key.
+ *
+ * The HTTPS Attestation request is sent to the URL in the format:
+ *     POST {instanceUrl}/attest/SgxEnclave?api-version=2022-08-01
+ *
+ * The HTTPS "Get set of JWKs" request is sent to the URL in the format:
+ *     POST {instanceUrl}/certs/
+ *
+ * {instanceUrl} is the attestation provider URL, e.g. `shareduks.uks.attest.azure.net`.
+ *
+ * This file is part of the RA-TLS verification library which is typically linked into client
+ * applications. This library is *not* thread-safe.
+ */
+
+#define _GNU_SOURCE
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <curl/curl.h>
+
+#include <mbedtls/base64.h>
+#include <mbedtls/md.h>
+#include <mbedtls/x509_crt.h>
+
+#ifdef HAVE_INTERNAL_CJSON
+/* here we -I the cJSON's repo root, which directly contains the header */
+#include <cJSON.h>
+#else
+#include <cjson/cJSON.h>
+#endif
+
+#include "quote.h"
+#include "ra_tls.h"
+#include "sgx_arch.h"
+#include "sgx_attest.h"
+#include "util.h"
+
+extern verify_measurements_cb_t g_verify_measurements_cb;
+
+#define MAA_URL_MAX_SIZE 256
+
+/** MAA "Attest SGX Enclave" API endpoint. */
+#define MAA_URL_ATTEST_ENDPOINT "attest/SgxEnclave"
+
+/** MAA "Get Signing Certificates" API endpoint. */
+#define MAA_URL_CERTS_ENDPOINT "certs"
+
+/** Default API version for MAA API endpoints. */
+#define DEFAULT_MAA_PROVIDER_API_VERSION "2022-08-01"
+
+static char* g_maa_base_url = NULL;
+static char* g_maa_api_version = NULL;
+
+/*! Context used in maa_*() calls */
+struct maa_context_t {
+    bool curl_global_init_done;
+    CURL* curl;                 /*!< CURL context for this session */
+    struct curl_slist* headers; /*!< Request headers sent to MAA attestation provider */
+};
+
+/*! MAA response (JWT token for `attest/` API, set of Signing keys for `certs/` API) */
+struct maa_response {
+    char* data;              /*!< response (JSON string) */
+    size_t data_size;        /*!< size of \a token string */
+};
+
+static void replace_char(uint8_t* buf, size_t buf_size, char find, char replace) {
+    while (*buf && buf_size > 0) {
+        if (*buf == find)
+            *buf = replace;
+        buf++;
+        buf_size--;
+    }
+}
+
+/* mbedTLS currently doesn't implement base64url but only base64, so we introduce helpers */
+static int mbedtls_base64url_encode(uint8_t* dst, size_t dlen, size_t* olen, const uint8_t* src,
+                                    size_t slen) {
+    int ret = mbedtls_base64_encode(dst, dlen, olen, src, slen);
+    if (ret < 0 || dlen == 0)
+        return ret;
+
+    /* dst contains base64-encoded string; replace `+` -> `-`, `/` -> `_`, `=` -> `\0` */
+    replace_char(dst, dlen, '+', '-');
+    replace_char(dst, dlen, '/', '_');
+    replace_char(dst, dlen, '=', '\0');
+    return 0;
+}
+
+static int mbedtls_base64url_decode(uint8_t* dst, size_t dlen, size_t* olen, const uint8_t* src,
+                                    size_t slen) {
+    if (!src || slen == 0) {
+        /* that's what mbedtls_base64_decode() does in this case */
+        *olen = 0;
+        return 0;
+    }
+
+    size_t copied_slen = slen + (3 - (slen - 1) % 4); /* account for 4-byte padding */
+    uint8_t* copied_src = calloc(1, copied_slen + 1);
+    memcpy(copied_src, src, slen);
+
+    /* src contains base64url-encoded string; replace `-` -> `+`, `_` -> `/` and pad with `=` */
+    replace_char(copied_src, copied_slen, '-', '+');
+    replace_char(copied_src, copied_slen, '_', '/');
+    memset(copied_src + slen, '=', copied_slen - slen);
+
+    int ret = mbedtls_base64_decode(dst, dlen, olen, copied_src, copied_slen);
+    free(copied_src);
+    return ret;
+}
+
+static int init_from_env(char** ptr, const char* env_name, const char* default_val) {
+    assert(ptr == &g_maa_base_url || ptr == &g_maa_api_version);
+
+    if (*ptr) {
+        /* already initialized */
+        return 0;
+    }
+
+    char* env_val = getenv(env_name);
+    if (!env_val) {
+        if (!default_val)
+            return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+
+        *ptr = strdup(default_val);
+        if (!*ptr)
+            return MBEDTLS_ERR_X509_ALLOC_FAILED;
+
+        return 0;
+    }
+
+    size_t env_val_size = strlen(env_val) + 1;
+    *ptr = malloc(env_val_size);
+    if (!*ptr)
+        return MBEDTLS_ERR_X509_ALLOC_FAILED;
+
+    memcpy(*ptr, env_val, env_val_size);
+    return 0;
+}
+
+/*!
+ * \brief Parse response headers of the MAA attestation response (currently none).
+ *
+ * \param[in] buffer   Single HTTP header.
+ * \param[in] size     Together with \a count a size of \a buffer.
+ * \param[in] count    Size of \a buffer, in \a size units.
+ * \param[in] context  User data pointer (of type struct maa_response).
+ *
+ * \returns \a size * \a count
+ *
+ * \details See cURL documentation at
+ *          https://curl.haxx.se/libcurl/c/CURLOPT_HEADERFUNCTION.html
+ */
+static size_t header_callback(char* buffer, size_t size, size_t count, void* context) {
+    /* unused callback, always return success */
+    (void)buffer;
+    (void)context;
+    return size * count;
+}
+
+/*!
+ * \brief Add HTTP body chunk to internal buffer (contains JSON string).
+ *
+ * \param[in] buffer   Chunk containing HTTP body.
+ * \param[in] size     Together with \a count a size of \a buffer.
+ * \param[in] count    Size of \a buffer, in \a size units.
+ * \param[in] context  User data pointer (of type struct maa_response).
+ *
+ * \returns \a size * \a count
+ *
+ * \details See cURL documentation at
+ *          https://curl.haxx.se/libcurl/c/CURLOPT_WRITEFUNCTION.html
+ */
+static size_t body_callback(char* buffer, size_t size, size_t count, void* context) {
+    size_t total_size = size * count;
+
+    struct maa_response* response = context;
+    assert(response);
+
+    /* make space for the data, plus terminating \0 */
+    response->data = realloc(response->data, response->data_size + total_size + 1);
+    if (!response->data) {
+        exit(-ENOMEM); // no way to gracefully recover
+    }
+
+    /* append the data (buffer) to response->data */
+    memcpy(response->data + response->data_size, buffer, total_size);
+    response->data_size += total_size;
+
+    /* add terminating `\0`, but don't count it in response->data_size to ease appending a next
+     * chunk (if any) */
+    response->data[response->data_size] = '\0';
+
+    return total_size;
+}
+
+static void response_cleanup(struct maa_response* response) {
+    free(response->data);
+    free(response);
+}
+
+static void maa_cleanup(struct maa_context_t* context) {
+    if (!context)
+        return;
+
+    if (context->headers)
+        curl_slist_free_all(context->headers);
+
+    if (context->curl)
+        curl_easy_cleanup(context->curl);
+
+    /* every curl_global_init() must have a corresponding curl_global_cleanup() */
+    if (context->curl_global_init_done)
+        curl_global_cleanup();
+
+    free(context);
+}
+
+static int maa_init(struct maa_context_t** out_context) {
+    int ret;
+
+    struct maa_context_t* context = calloc(1, sizeof(*context));
+    if (!context) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+
+    /* can be called multiple times */
+    CURLcode curl_ret = curl_global_init(CURL_GLOBAL_ALL);
+    if (curl_ret != CURLE_OK) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+    context->curl_global_init_done = true;
+
+    context->curl = curl_easy_init();
+    if (!context->curl) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    curl_ret = curl_easy_setopt(context->curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
+    if (curl_ret != CURLE_OK) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    curl_ret = curl_easy_setopt(context->curl, CURLOPT_SSL_VERIFYPEER, 1L);
+    if (curl_ret != CURLE_OK) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    context->headers = curl_slist_append(context->headers, "Content-Type: application/json");
+    if (!context->headers) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    curl_ret = curl_easy_setopt(context->curl, CURLOPT_HTTPHEADER, context->headers);
+    if (curl_ret != CURLE_OK) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    curl_ret = curl_easy_setopt(context->curl, CURLOPT_HEADERFUNCTION, header_callback);
+    if (curl_ret != CURLE_OK) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    curl_ret = curl_easy_setopt(context->curl, CURLOPT_WRITEFUNCTION, body_callback);
+    if (curl_ret != CURLE_OK) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    *out_context = context;
+    ret = 0;
+out:
+    if (ret < 0) {
+        maa_cleanup(context);
+    }
+    return ret;
+}
+
+/*! Send GET request (empty) to MAA attestation provider's `certs/` API endpoint and save the
+ * resulting set of JWKs \a out_set_of_jwks; caller is responsible for its cleanup */
+static int maa_get_signing_certs(struct maa_context_t* context, char** out_set_of_jwks) {
+    int ret;
+
+    char* request_url = NULL;
+    struct maa_response* response = NULL;
+
+    /* prepare sending "GET certs" to MAA and receiving a response (using Curl) */
+    response = calloc(1, sizeof(*response));
+    if (!response) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+
+    request_url = malloc(MAA_URL_MAX_SIZE);
+    if (!request_url) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+
+    ret = snprintf(request_url, MAA_URL_MAX_SIZE, "%s/%s/", g_maa_base_url, MAA_URL_CERTS_ENDPOINT);
+    if (ret < 0 || (size_t)ret >= MAA_URL_MAX_SIZE) {
+        ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+        goto out;
+    }
+
+    CURLcode curl_ret;
+    curl_ret = curl_easy_setopt(context->curl, CURLOPT_URL, request_url);
+    if (curl_ret != CURLE_OK) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    curl_ret = curl_easy_setopt(context->curl, CURLOPT_HTTPGET, 1);
+    if (curl_ret != CURLE_OK) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    curl_ret = curl_easy_setopt(context->curl, CURLOPT_HEADERDATA, response);
+    if (curl_ret != CURLE_OK) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    curl_ret = curl_easy_setopt(context->curl, CURLOPT_WRITEDATA, response);
+    if (curl_ret != CURLE_OK) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    /* send the "GET certs" request, callbacks will store results in `response` */
+    curl_ret = curl_easy_perform(context->curl);
+    if (curl_ret != CURLE_OK) {
+        ERROR("Failed to send the MAA \"GET certs\" request to `%s`\n", request_url);
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    long response_code;
+    curl_ret = curl_easy_getinfo(context->curl, CURLINFO_RESPONSE_CODE, &response_code);
+    if (curl_ret != CURLE_OK) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    if (response_code != 200) {
+        ERROR("MAA \"GET certs\" request failed with code %ld and message `%s`\n", response_code,
+              response->data);
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    if (!response->data) {
+        ERROR("MAA \"GET certs\" response doesn't have the set of JSON Web Keys (JWKs)\n");
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    char* set_of_jwks = strdup(response->data);
+    if (!set_of_jwks) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+
+    *out_set_of_jwks = set_of_jwks;
+    ret = 0;
+out:
+    response_cleanup(response);
+    free(request_url);
+    return ret;
+}
+
+/*! Send request (with \a quote embedded in it) to MAA attestation provider's `attest/` API endpoint
+ * and save response in \a out_maa_response; caller is responsible for its cleanup */
+static int maa_send_request(struct maa_context_t* context, const void* quote, size_t quote_size,
+                            const void* runtime_data, size_t runtime_data_size,
+                            struct maa_response** out_maa_response) {
+    int ret;
+
+    char* quote_b64        = NULL;
+    char* runtime_data_b64 = NULL;
+    char* request_json     = NULL;
+    char* request_url      = NULL;
+
+    struct maa_response* response = NULL;
+
+    /* get needed base64url buffer size for quote, allocate it and encode the quote */
+    size_t quote_b64_size = 0;
+    ret = mbedtls_base64url_encode(/*dest=*/NULL, /*dlen=*/0, &quote_b64_size, quote, quote_size);
+    if (ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) {
+        goto out;
+    }
+
+    quote_b64 = malloc(quote_b64_size);
+    if (!quote_b64) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+
+    ret = mbedtls_base64url_encode((uint8_t*)quote_b64, quote_b64_size, &quote_b64_size, quote,
+                                   quote_size);
+    if (ret < 0) {
+        goto out;
+    }
+
+    /* get needed base64url buffer size for runtime data, allocate it and encode the runtime data */
+    size_t runtime_data_b64_size = 0;
+    ret = mbedtls_base64url_encode(/*dest=*/NULL, /*dlen=*/0, &runtime_data_b64_size, runtime_data,
+                                   runtime_data_size);
+    if (ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) {
+        goto out;
+    }
+
+    runtime_data_b64 = malloc(runtime_data_b64_size);
+    if (!runtime_data_b64) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+
+    ret = mbedtls_base64url_encode((uint8_t*)runtime_data_b64, runtime_data_b64_size,
+                                   &runtime_data_b64_size, runtime_data, runtime_data_size);
+    if (ret < 0) {
+        goto out;
+    }
+
+    /* construct JSON string with the attestation request to MAA */
+    const char* request_json_fmt = "{\"quote\": \"%s\", \"runtimeData\": "
+                           "  {\"data\": \"%s\", \"dataType\": \"Binary\"}  }";
+
+    size_t request_json_size = strlen(request_json_fmt) + 1 + quote_b64_size +
+                               runtime_data_b64_size;
+    request_json = malloc(request_json_size);
+    if (!request_json) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+
+    ret = snprintf(request_json, request_json_size, request_json_fmt, quote_b64, runtime_data_b64);
+    if (ret < 0 || (size_t)ret >= request_json_size) {
+        ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+        goto out;
+    }
+
+    /* prepare sending attestation request to MAA and receiving a response (using Curl) */
+    response = calloc(1, sizeof(*response));
+    if (!response) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+
+    request_url = malloc(MAA_URL_MAX_SIZE);
+    if (!request_url) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+
+    ret = snprintf(request_url, MAA_URL_MAX_SIZE, "%s/" MAA_URL_ATTEST_ENDPOINT "?api-version=%s",
+                   g_maa_base_url, g_maa_api_version);
+    if (ret < 0 || (size_t)ret >= MAA_URL_MAX_SIZE) {
+        ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+        goto out;
+    }
+
+    CURLcode curl_ret;
+    curl_ret = curl_easy_setopt(context->curl, CURLOPT_URL, request_url);
+    if (curl_ret != CURLE_OK) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    curl_ret = curl_easy_setopt(context->curl, CURLOPT_POST, 1);
+    if (curl_ret != CURLE_OK) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    curl_ret = curl_easy_setopt(context->curl, CURLOPT_POSTFIELDS, request_json);
+    if (curl_ret != CURLE_OK) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    curl_ret = curl_easy_setopt(context->curl, CURLOPT_HEADERDATA, response);
+    if (curl_ret != CURLE_OK) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    curl_ret = curl_easy_setopt(context->curl, CURLOPT_WRITEDATA, response);
+    if (curl_ret != CURLE_OK) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    /* send the attestation request, callbacks will store results in `response` */
+    curl_ret = curl_easy_perform(context->curl);
+    if (curl_ret != CURLE_OK) {
+        ERROR("Failed to send the MAA Attestation request to `%s`\n", request_url);
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    long response_code;
+    curl_ret = curl_easy_getinfo(context->curl, CURLINFO_RESPONSE_CODE, &response_code);
+    if (curl_ret != CURLE_OK) {
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    if (response_code != 200) {
+        ERROR("MAA Attestation request failed with code %ld and message `%s`\n", response_code,
+              response->data);
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    if (!response->data) {
+        ERROR("MAA Attestation response doesn't have the JSON Web Token (JWT)\n");
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    *out_maa_response = response;
+    ret = 0;
+
+out:
+    if (ret < 0 && response) {
+        response_cleanup(response);
+    }
+    free(quote_b64);
+    free(runtime_data_b64);
+    free(request_json);
+    free(request_url);
+    return ret;
+}
+
+/*! Verify the attestation response from MAA (the JWT token) and create a dummy SGX quote populated
+ * with the SGX-enclave measurements from this response in \a out_quote_body; caller is responsible
+ * for its cleanup */
+static int maa_verify_response_output_quote(struct maa_response* response, const char* set_of_jwks,
+                                            sgx_quote_body_t** out_quote_body) {
+    int ret;
+
+    sgx_quote_body_t* quote_body = NULL;
+
+    char* maa_certs_url = NULL;
+
+    cJSON* json_response      = NULL;
+    cJSON* json_token_header  = NULL;
+    cJSON* json_token_payload = NULL;
+    cJSON* json_jwks          = NULL;
+
+    char* token_b64_header    = NULL;
+    char* token_b64_payload   = NULL;
+    char* token_b64_signature = NULL;
+
+    char* token_header    = NULL;
+    char* token_payload   = NULL;
+    char* token_signature = NULL;
+
+    char* token_signing_x509cert_b64 = NULL; /* not allocated, so no need to free it */
+    char* token_signing_x509cert     = NULL;
+
+    mbedtls_md_context_t md_context;
+    mbedtls_md_init(&md_context);
+
+    mbedtls_x509_crt token_signing_crt;
+    mbedtls_x509_crt_init(&token_signing_crt);
+
+    json_response = cJSON_Parse(response->data);
+    if (!json_response) {
+        ERROR("MAA Attestation response is not proper JSON\n");
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    cJSON* token_b64 = cJSON_GetObjectItem(json_response, "token");
+    if (!cJSON_IsString(token_b64)) {
+        ERROR("MAA Attestation response doesn't contain the `token` string key (JWT)\n");
+        ret = MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
+        goto out;
+    }
+
+    /* JWT tokens are strings in the format: xxx.yyy.zzz where xxx, yyy, zzz are the header, the
+     * payload, and the signature correspondingly (each base64url encoded) */
+    char* header_begin_in_token_b64 = token_b64->valuestring;
+    char* header_end_in_token_b64   = strchr(header_begin_in_token_b64, '.');
+    if (!header_end_in_token_b64) {
+        ERROR("MAA JWT is incorrectly formatted (cannot find the header)\n");
+        ret = MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
+        goto out;
+    }
+
+    token_b64_header = calloc(1, header_end_in_token_b64 - header_begin_in_token_b64 + 1);
+    if (!token_b64_header) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+    memcpy(token_b64_header, header_begin_in_token_b64,
+           header_end_in_token_b64 - header_begin_in_token_b64);
+
+    char* payload_begin_in_token_b64 = header_end_in_token_b64 + 1;
+    char* payload_end_in_token_b64   = strchr(payload_begin_in_token_b64, '.');
+    if (!payload_end_in_token_b64) {
+        ERROR("MAA JWT is incorrectly formatted (cannot find the payload)\n");
+        ret = MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
+        goto out;
+    }
+
+    token_b64_payload = calloc(1, payload_end_in_token_b64 - payload_begin_in_token_b64 + 1);
+    if (!token_b64_payload) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+    memcpy(token_b64_payload, payload_begin_in_token_b64,
+           payload_end_in_token_b64 - payload_begin_in_token_b64);
+
+    char* signature_begin_in_token_b64 = payload_end_in_token_b64 + 1;
+    token_b64_signature = strdup(signature_begin_in_token_b64);
+    if (!token_b64_signature) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+
+    size_t token_header_size;
+    ret = mbedtls_base64url_decode(/*dest=*/NULL, /*dlen=*/0, &token_header_size,
+                                   (const uint8_t*)token_b64_header, strlen(token_b64_header));
+    if (ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) {
+        goto out;
+    }
+
+    token_header = calloc(1, token_header_size + 1);
+    if (!token_header) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+
+    ret = mbedtls_base64url_decode((uint8_t*)token_header, token_header_size, &token_header_size,
+                                   (const uint8_t*)token_b64_header, strlen(token_b64_header));
+    if (ret < 0) {
+        ERROR("MAA JWT is incorrectly formatted (the header is not Base64Url encoded)\n");
+        goto out;
+    }
+
+    size_t token_payload_size;
+    ret = mbedtls_base64url_decode(/*dest=*/NULL, /*dlen=*/0, &token_payload_size,
+                                   (const uint8_t*)token_b64_payload, strlen(token_b64_payload));
+    if (ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) {
+        goto out;
+    }
+
+    token_payload = calloc(1, token_payload_size + 1);
+    if (!token_payload) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+
+    ret = mbedtls_base64url_decode((uint8_t*)token_payload, token_payload_size, &token_payload_size,
+                                   (const uint8_t*)token_b64_payload, strlen(token_b64_payload));
+    if (ret < 0) {
+        ERROR("MAA JWT is incorrectly formatted (the payload is not Base64Url encoded)\n");
+        goto out;
+    }
+
+    size_t token_signature_size;
+    ret = mbedtls_base64url_decode(/*dest=*/NULL, /*dlen=*/0, &token_signature_size,
+                                   (const uint8_t*)token_b64_signature,
+                                   strlen(token_b64_signature));
+    if (ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) {
+        goto out;
+    }
+
+    token_signature = calloc(1, token_signature_size + 1);
+    if (!token_signature) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+
+    ret = mbedtls_base64url_decode((uint8_t*)token_signature, token_signature_size,
+                                   &token_signature_size, (const uint8_t*)token_b64_signature,
+                                   strlen(token_b64_signature));
+    if (ret < 0) {
+        ERROR("MAA JWT is incorrectly formatted (the signature is not Base64Url encoded)\n");
+        goto out;
+    }
+
+    /* at this point, we parsed JWT into three decoded strings: token_header, token_payload,
+     * token_signature; the first two are JSON strings */
+    json_token_header = cJSON_Parse(token_header);
+    if (!json_token_header) {
+        ERROR("MAA JWT is incorrectly formatted (the header is not proper JSON)\n");
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    cJSON* token_header_alg = cJSON_GetObjectItem(json_token_header, "alg");
+    cJSON* token_header_kid = cJSON_GetObjectItem(json_token_header, "kid");
+    cJSON* token_header_typ = cJSON_GetObjectItem(json_token_header, "typ");
+    cJSON* token_header_jku = cJSON_GetObjectItem(json_token_header, "jku");
+
+    /* currently only support JWTs with RSA-SHA256 signing */
+    if (!cJSON_IsString(token_header_alg) || strcmp(token_header_alg->valuestring, "RS256") ||
+            !cJSON_IsString(token_header_typ) || strcmp(token_header_typ->valuestring, "JWT") ||
+            !cJSON_IsString(token_header_kid)) {
+        ERROR("MAA JWT header's `alg`, `typ` and/or `kid` fields contain unrecognized values\n");
+        ret = MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
+        goto out;
+    }
+
+    /* verify that we got the set of JWKs from the same endpoint as contained in `jku`; note that
+     * `jku` field doesn't have the trailing slash */
+    maa_certs_url = malloc(MAA_URL_MAX_SIZE);
+    if (!maa_certs_url) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+
+    ret = snprintf(maa_certs_url, MAA_URL_MAX_SIZE, "%s/%s", g_maa_base_url,
+                   MAA_URL_CERTS_ENDPOINT);
+    if (ret < 0 || (size_t)ret >= MAA_URL_MAX_SIZE) {
+        ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+        goto out;
+    }
+
+    if (!cJSON_IsString(token_header_jku) || strcmp(token_header_jku->valuestring, maa_certs_url)) {
+        ERROR("MAA JWT header's `jku` field contains an unexpected URL (got `%s`, expected `%s`)\n",
+              token_header_jku->valuestring, maa_certs_url);
+        ret = MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
+        goto out;
+    }
+
+    json_token_payload = cJSON_Parse(token_payload);
+    if (!json_token_payload) {
+        ERROR("MAA JWT is incorrectly formatted (the payload is not proper JSON)\n");
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    /* json_token_header["kid"] contains an ID that should be found in `set_of_jwks`, so let's parse
+     * the latter, find the corresponding array item and extract the X.509 cert from `x5c` field */
+    json_jwks = cJSON_Parse(set_of_jwks);
+    if (!json_jwks) {
+        ERROR("MAA set of JWKs is incorrectly formatted (the set is not proper JSON)\n");
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    cJSON* keys_json_array = cJSON_GetObjectItem(json_jwks, "keys");
+    if (!cJSON_IsArray(keys_json_array)) {
+        ERROR("MAA set of JWKs doesn't contain the `keys` JSON array\n");
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    token_signing_x509cert_b64 = NULL; /* for sanity */
+    const cJSON* key_json = NULL;
+    cJSON_ArrayForEach(key_json, keys_json_array) {
+        /* in practice, the `certs/` API endpoint doesn't have `use` and `alg` fields */
+        cJSON* key_kty = cJSON_GetObjectItem(key_json, "kty");
+        cJSON* key_kid = cJSON_GetObjectItem(key_json, "kid");
+        cJSON* key_x5c = cJSON_GetObjectItem(key_json, "x5c");
+
+        /* currently only support RSA keys */
+        if (!cJSON_IsString(key_kty) || strcmp(key_kty->valuestring, "RSA")) {
+            ERROR("MAA JWK's `kty` field contains an unexpected value (got `%s`, expected `%s`)\n",
+                    key_kty->valuestring, "RSA");
+            ret = MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
+            goto out;
+        }
+
+        if (!cJSON_IsString(key_kid) || !cJSON_IsArray(key_x5c) || !cJSON_GetArraySize(key_x5c)) {
+            ERROR("MAA JWK's `kid` and/or `x5c` fields have incorrect types\n");
+            ret = MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
+            goto out;
+        }
+
+        /* compare kid from the set of JWKs with the one in JWT */
+        if (!strcmp(key_kid->valuestring, token_header_kid->valuestring)) {
+            cJSON* key_first_x509cert = cJSON_GetArrayItem(key_x5c, 0);
+            if (!cJSON_IsString(key_first_x509cert)) {
+                ERROR("MAA JWK's `x5c` is not an array of string-value X.509 certificates\n");
+                ret = MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
+                goto out;
+            }
+
+            token_signing_x509cert_b64 = key_first_x509cert->valuestring;
+            break;
+        }
+    }
+
+    if (!token_signing_x509cert_b64) {
+        ERROR("Failed to find a corresponding JWK for the JWT received from MAA\n");
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+        goto out;
+    }
+
+    /* note that "x5c" field is *not* base64url encoded */
+    size_t token_signing_x509cert_size = 0;
+    ret = mbedtls_base64_decode(/*dest=*/NULL, /*dlen=*/0, &token_signing_x509cert_size,
+                                (const uint8_t*)token_signing_x509cert_b64,
+                                strlen(token_signing_x509cert_b64));
+    if (ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) {
+        goto out;
+    }
+
+    token_signing_x509cert = malloc(token_signing_x509cert_size);
+    if (!token_signing_x509cert) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+
+    ret = mbedtls_base64_decode((uint8_t*)token_signing_x509cert, token_signing_x509cert_size,
+                                &token_signing_x509cert_size,
+                                (const uint8_t*)token_signing_x509cert_b64,
+                                strlen(token_signing_x509cert_b64));
+    if (ret < 0) {
+        ERROR("MAA JWK's certificate is incorrectly formatted (not Base64 encoded)\n");
+        goto out;
+    }
+
+    ret = mbedtls_x509_crt_parse(&token_signing_crt, (const uint8_t*)token_signing_x509cert,
+                                 token_signing_x509cert_size);
+    if (ret < 0) {
+        ERROR("MAA JWK's certificate is incorrectly formatted (not a proper X.509 cert)\n");
+        goto out;
+    }
+
+    /* perform signature verification of attestation token using the public key from the self-signed
+     * certificate obtained from `certs/` MAA API endpoint */
+    uint8_t md_sha256[32];
+    mbedtls_md_setup(&md_context, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), /*hmac=*/0);
+    mbedtls_md_starts(&md_context);
+    mbedtls_md_update(&md_context, (const uint8_t*)token_b64_header, strlen(token_b64_header));
+    mbedtls_md_update(&md_context, (const uint8_t*)".", 1);
+    mbedtls_md_update(&md_context, (const uint8_t*)token_b64_payload,
+                      strlen(token_b64_payload));
+    mbedtls_md_finish(&md_context, md_sha256);
+
+    ret = mbedtls_pk_verify(&token_signing_crt.pk, MBEDTLS_MD_SHA256, md_sha256, sizeof(md_sha256),
+                            (const uint8_t*)token_signature, token_signature_size);
+    if (ret < 0) {
+        ERROR("Failed signature verification of JWT using the JWK's certificate\n");
+        goto out;
+    }
+
+    /* we verified the header and the signature of the received JWT, can trust its payload */
+    cJSON* x_ms_ver  = cJSON_GetObjectItem(json_token_payload, "x-ms-ver");
+    cJSON* x_ms_type = cJSON_GetObjectItem(json_token_payload, "x-ms-attestation-type");
+
+    cJSON* sgx_is_debuggable = cJSON_GetObjectItem(json_token_payload, "x-ms-sgx-is-debuggable");
+    cJSON* sgx_mrenclave     = cJSON_GetObjectItem(json_token_payload, "x-ms-sgx-mrenclave");
+    cJSON* sgx_mrsigner      = cJSON_GetObjectItem(json_token_payload, "x-ms-sgx-mrsigner");
+    cJSON* sgx_product_id    = cJSON_GetObjectItem(json_token_payload, "x-ms-sgx-product-id");
+    cJSON* sgx_svn           = cJSON_GetObjectItem(json_token_payload, "x-ms-sgx-svn");
+    cJSON* sgx_report_data   = cJSON_GetObjectItem(json_token_payload, "x-ms-sgx-report-data");
+
+    /* XXX: we currently do not use/verify the following fields: x-ms-sgx-ehd, x-ms-sgx-config-id,
+     *      x-ms-sgx-config-svn, x-ms-sgx-isv-extended-product-id, x-ms-sgx-isv-family-id,
+     *      x-ms-sgx-collateral, x-ms-policy-hash */
+
+    if (!cJSON_IsString(x_ms_ver) || strcmp(x_ms_ver->valuestring, "1.0") ||
+            !cJSON_IsString(x_ms_type) || strcmp(x_ms_type->valuestring, "sgx")) {
+        ERROR("MAA JWT payload's `x-ms-ver` and/or `x-ms-attestation-type` fields contain "
+              "unrecognized values\n");
+        ret = MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
+        goto out;
+    }
+
+    if (!cJSON_IsBool(sgx_is_debuggable) || !cJSON_IsString(sgx_mrenclave) ||
+            !cJSON_IsString(sgx_mrsigner) || !cJSON_IsNumber(sgx_product_id) ||
+            !cJSON_IsNumber(sgx_svn) || !cJSON_IsString(sgx_report_data)) {
+        ERROR("MAA JWT payload's `x-ms-sgx-is-debuggable`, `x-ms-sgx-mrenclave`, "
+              "`x-ms-sgx-mrsigner`, `x-ms-sgx-product-id`, `x-ms-sgx-svn` and/or "
+              "`x-ms-sgx-report-data` fields have incorrect types\n");
+        ret = MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
+        goto out;
+    }
+
+    /* construct a dummy SGX quote (body) with contents takes from the JWT payload; this is for
+     * convenience because other functions in RA-TLS library operate on an SGX quote */
+    quote_body = calloc(1, sizeof(*quote_body));
+    if (!quote_body) {
+        ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+        goto out;
+    }
+
+    quote_body->version = 3; /* DCAP; not strictly needed, just for sanity */
+
+    quote_body->report_body.attributes.flags = SGX_FLAGS_INITIALIZED | SGX_FLAGS_MODE64BIT;
+    if (cJSON_IsTrue(sgx_is_debuggable))
+        quote_body->report_body.attributes.flags |= SGX_FLAGS_DEBUG;
+
+    ret = parse_hex(sgx_mrenclave->valuestring, &quote_body->report_body.mr_enclave,
+                    sizeof(quote_body->report_body.mr_enclave), /*mask=*/NULL);
+    if (ret < 0) {
+        ERROR("MAA JWT payload's `x-ms-sgx-mrenclave` field is not hex encoded\n");
+        ret = MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
+        goto out;
+    }
+
+    ret = parse_hex(sgx_mrsigner->valuestring, &quote_body->report_body.mr_signer,
+                    sizeof(quote_body->report_body.mr_signer), /*mask=*/NULL);
+    if (ret < 0) {
+        ERROR("MAA JWT payload's `x-ms-sgx-mrsigner` field is not hex encoded\n");
+        ret = MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
+        goto out;
+    }
+
+    if (sgx_product_id->valueint == INT_MAX || sgx_product_id->valueint == INT_MIN) {
+        ERROR("MAA JWT payload's `x-ms-sgx-product-id` field is not an integer\n");
+        ret = MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
+        goto out;
+    }
+    quote_body->report_body.isv_prod_id = sgx_product_id->valueint;
+
+    if (sgx_svn->valueint == INT_MAX || sgx_svn->valueint == INT_MIN) {
+        ERROR("MAA JWT payload's `x-ms-sgx-svn` field is not an integer\n");
+        ret = MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
+        goto out;
+    }
+    quote_body->report_body.isv_svn = sgx_svn->valueint;
+
+    ret = parse_hex(sgx_report_data->valuestring, &quote_body->report_body.report_data,
+                    sizeof(quote_body->report_body.report_data), /*mask=*/NULL);
+    if (ret < 0) {
+        ERROR("MAA JWT payload's `x-ms-sgx-report-data` field is not hex encoded\n");
+        ret = MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
+        goto out;
+    }
+
+    *out_quote_body = quote_body;
+    ret = 0;
+out:
+    if (ret < 0) {
+        free(quote_body);
+    }
+
+    if (json_response)
+        cJSON_Delete(json_response);
+    if (json_token_header)
+        cJSON_Delete(json_token_header);
+    if (json_token_payload)
+        cJSON_Delete(json_token_payload);
+    if (json_jwks)
+        cJSON_Delete(json_jwks);
+
+    free(token_b64_header);
+    free(token_b64_payload);
+    free(token_b64_signature);
+
+    free(token_header);
+    free(token_payload);
+    free(token_signature);
+
+    free(maa_certs_url);
+    free(token_signing_x509cert);
+    mbedtls_x509_crt_free(&token_signing_crt);
+    mbedtls_md_free(&md_context);
+    return ret;
+}
+
+/*! parse the public key \p pk into DER format and copy it into \p pk_der */
+static int parse_pk(mbedtls_pk_context* pk, uint8_t* out_pk_der) {
+    /* below function writes data at the end of the buffer */
+    int pk_der_size_byte = mbedtls_pk_write_pubkey_der(pk, out_pk_der, PUB_KEY_SIZE_MAX);
+    if (pk_der_size_byte != RSA_PUB_3072_KEY_DER_LEN)
+        return MBEDTLS_ERR_PK_INVALID_PUBKEY;
+
+    /* move the data to the beginning of the buffer, to avoid pointer arithmetic later */
+    memmove(out_pk_der, out_pk_der + PUB_KEY_SIZE_MAX - pk_der_size_byte, pk_der_size_byte);
+    return 0;
+}
+
+int ra_tls_verify_callback(void* data, mbedtls_x509_crt* crt, int depth, uint32_t* flags) {
+    (void)data;
+
+    int ret;
+
+    struct maa_context_t* context = NULL;
+    struct maa_response* response = NULL;
+    char* set_of_jwks             = NULL;
+
+    sgx_quote_body_t* quote_from_maa = NULL;
+
+    if (depth != 0) {
+        /* the cert chain in RA-TLS consists of single self-signed cert, so we expect depth 0 */
+        return MBEDTLS_ERR_X509_INVALID_FORMAT;
+    }
+
+    if (flags) {
+        /* mbedTLS sets flags to signal that the cert is not to be trusted (e.g., it is not
+         * correctly signed by a trusted CA; since RA-TLS uses self-signed certs, we don't care
+         * what mbedTLS thinks and ignore internal cert verification logic of mbedTLS */
+        *flags = 0;
+    }
+
+    ret = init_from_env(&g_maa_base_url, RA_TLS_MAA_PROVIDER_URL, /*default_val=*/NULL);
+    if (ret < 0) {
+        ERROR("Failed to read the environment variable RA_TLS_MAA_PROVIDER_URL\n");
+        goto out;
+    }
+
+    ret = init_from_env(&g_maa_api_version, RA_TLS_MAA_PROVIDER_API_VERSION,
+                        DEFAULT_MAA_PROVIDER_API_VERSION);
+    if (ret < 0) {
+        ERROR("Failed to read the environment variable RA_TLS_MAA_PROVIDER_API_VERSION\n");
+        goto out;
+    }
+
+    /* extract SGX quote from "quote" OID extension from crt */
+    sgx_quote_t* quote;
+    size_t quote_size;
+    ret = find_oid(crt->v3_ext.p, crt->v3_ext.len, quote_oid, quote_oid_len, (uint8_t**)&quote,
+                   &quote_size);
+    if (ret < 0)
+        goto out;
+
+    if (quote_size < sizeof(*quote)) {
+        ret = MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
+        goto out;
+    }
+
+    /* compare public key's hash from cert against quote's report_data */
+    ret = cmp_crt_pk_against_quote_report_data(crt, quote);
+    if (ret < 0)
+        goto out;
+
+    /* parse the public key of the received certificate into DER format -- it should be put into the
+     * Attestation request's `runtimeData` field (MAA will take a SHA256 hash over it and verify
+     * against the first 32 bytes of the SGX quote's report_data field) */
+    uint8_t pk_der[PUB_KEY_SIZE_MAX] = {0};
+    ret = parse_pk(&crt->pk, pk_der);
+    if (ret < 0)
+        goto out;
+
+    /* initialize the MAA context, get the set of JWKs from the `certs/` MAA API endpoint, send the
+     * SGX quote to the `attest/` MAA API endpoint, and finally receive and verify the attestation
+     * response (JWT) */
+    ret = maa_init(&context);
+    if (ret < 0) {
+        goto out;
+    }
+
+    /* a set of JWKs may change over time, so we better get them every time */
+    ret = maa_get_signing_certs(context, &set_of_jwks);
+    if (ret < 0) {
+        goto out;
+    }
+
+    ret = maa_send_request(context, quote, quote_size, pk_der, RSA_PUB_3072_KEY_DER_LEN, &response);
+    if (ret < 0) {
+        goto out;
+    }
+    assert(response && response->data);
+
+    /* The attestation response is JWT -- we need to verify its signature using one of the set of
+     * JWKs, as well as verify its header and payload, and construct an SGX quote from the
+     * JWT-payload values to be used in further `verify_*` functions */
+    ret = maa_verify_response_output_quote(response, set_of_jwks, &quote_from_maa);
+    if (ret < 0) {
+        ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;
+        goto out;
+    }
+
+    /* verify that the SGX quote sent to MAA has the same measurements as the constructed from the
+     * MAA's JWT payload -- just for sanity */
+    sgx_report_body_t* orig_body = &quote->body.report_body;
+    sgx_report_body_t* maa_body  = &quote_from_maa->report_body;
+    if (memcmp(&orig_body->report_data, &maa_body->report_data, sizeof(orig_body->report_data)) ||
+            memcmp(&orig_body->mr_enclave, &maa_body->mr_enclave, sizeof(orig_body->mr_enclave)) ||
+            memcmp(&orig_body->mr_signer, &maa_body->mr_signer, sizeof(orig_body->mr_signer))) {
+        ERROR("Failed verification of JWT's SGX measurements against the original SGX quote's "
+              "measurements (for sanity)\n");
+        ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;
+        goto out;
+    }
+
+    /* verify enclave attributes from the SGX quote body, including the user-supplied verification
+     * parameter "allow debug enclave"; NOTE: "allow outdated TCB" parameter is not used in MAA */
+    ret = verify_quote_body_enclave_attributes(quote_from_maa, getenv_allow_debug_enclave());
+    if (ret < 0) {
+        ERROR("Failed verification of JWT's SGX enclave attributes\n");
+        ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;
+        goto out;
+    }
+
+    /* verify other relevant enclave information from the SGX quote */
+    if (g_verify_measurements_cb) {
+        /* use user-supplied callback to verify measurements */
+        ret = g_verify_measurements_cb((const char*)&quote_from_maa->report_body.mr_enclave,
+                                       (const char*)&quote_from_maa->report_body.mr_signer,
+                                       (const char*)&quote_from_maa->report_body.isv_prod_id,
+                                       (const char*)&quote_from_maa->report_body.isv_svn);
+    } else {
+        /* use default logic to verify measurements */
+        ret = verify_quote_body_against_envvar_measurements(quote_from_maa);
+    }
+    if (ret < 0) {
+        ERROR("Failed verification of JWT's SGX measurements\n");
+        ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;
+        goto out;
+    }
+
+    ret = 0;
+out:
+    if (context)
+        maa_cleanup(context);
+
+    if (response)
+        response_cleanup(response);
+
+    free(set_of_jwks);
+    free(quote_from_maa);
+    return ret;
+}