From 93a6bfaf0e0ef073aeda415db273402e134c3495 Mon Sep 17 00:00:00 2001
From: Hugo Shaka <hugo.hervieux@goteleport.com>
Date: Tue, 9 Jan 2024 16:27:41 -0500
Subject: [PATCH 1/8] Document managing users, roles and accesslists through
 IaC

---
 docs/config.json                              |  12 +
 docs/img/management/access-list-web-ui.png    | Bin 0 -> 77697 bytes
 docs/img/management/check-users-web-ui.png    | Bin 0 -> 32824 bytes
 .../kubernetes-operator-troubleshooting.mdx   |  70 ++-
 docs/pages/management/dynamic-resources.mdx   |   6 +
 .../dynamic-resources/access-list.mdx         | 303 +++++++++++
 .../teleport-operator-helm.mdx                |  99 +---
 .../teleport-operator-standalone.mdx          |  16 +-
 .../dynamic-resources/teleport-operator.mdx   |   3 +-
 .../dynamic-resources/terraform-provider.mdx  |  36 +-
 .../dynamic-resources/user-and-role.mdx       | 501 ++++++++++++++++++
 docs/pages/reference/user-types.mdx           |  91 ++++
 .../resources/terraform/provider-cloud.tf     |  30 ++
 .../terraform/provider-self-hosted.tf         |  31 ++
 .../terraform/terraform-user-role-cloud.tf    |  85 ---
 .../terraform-user-role-self-hosted.tf        |  86 ---
 16 files changed, 1074 insertions(+), 295 deletions(-)
 create mode 100644 docs/img/management/access-list-web-ui.png
 create mode 100644 docs/img/management/check-users-web-ui.png
 create mode 100644 docs/pages/management/dynamic-resources/access-list.mdx
 create mode 100644 docs/pages/management/dynamic-resources/user-and-role.mdx
 create mode 100644 docs/pages/reference/user-types.mdx
 create mode 100644 examples/resources/terraform/provider-cloud.tf
 create mode 100644 examples/resources/terraform/provider-self-hosted.tf
 delete mode 100644 examples/resources/terraform/terraform-user-role-cloud.tf
 delete mode 100644 examples/resources/terraform/terraform-user-role-self-hosted.tf

diff --git a/docs/config.json b/docs/config.json
index 7c5878168614a..d0dd0cc06a486 100644
--- a/docs/config.json
+++ b/docs/config.json
@@ -608,6 +608,14 @@
 	  "title": "Using Dynamic Resources",
 	  "slug": "/management/dynamic-resources/",
 	  "entries": [
+        {
+          "title": "Managing Users and Roles",
+          "slug": "/management/dynamic-resources/user-and-role/"
+        },
+        {
+          "title": "Managing Access Lists",
+          "slug": "/management/dynamic-resources/access-list/"
+        },
 	    {
           "title": "Kubernetes Operator",
           "slug": "/management/dynamic-resources/teleport-operator/"
@@ -1670,6 +1678,10 @@
           "title": "Signals",
           "slug": "/reference/signals/"
         },
+        {
+          "title": "User Types",
+          "slug": "/reference/user-types/"
+        },
         {
           "title": "Helm Charts",
           "slug": "/reference/helm-reference/",
diff --git a/docs/img/management/access-list-web-ui.png b/docs/img/management/access-list-web-ui.png
new file mode 100644
index 0000000000000000000000000000000000000000..2e1b1b0cd2e996835fc27e68c7d665e9a367c6e1
GIT binary patch
literal 77697
zcmbTeXIxWV^d)S0?0^*!kfKtQs#GCT6r~sG9i(^AAcT$$P?26DARtJuQUZohR1^rk
z*91fYNDD}nK0Er9|IGX0{mqaMB1!H&_uPH<UVE)|?u)ysa@0o|j_%pBhgw1Yw#J@4
z2c!1v*>8AwAN=Kl*}|PYd->%RZr{}M7@Q>@@agW~+1=F`)Od-xYec6<aC?B_rTI!{
z6Y-S@KZ)PT<n#}821f(-1rWXGQEPtwyW9TmZGNt<f^kz?k7BDQe)=rDR!|k-<cv%6
zbd9|JY-fWX&O`a>2-&al=eIrKguQ=$W5w?O^NT$B|9p!L_4i-?eXC!Qyt6&Od%!$}
zZZH2x)$#2U8&{Uc_*ta3DHpeA&jL1ru-DylV|INgd~IIJhwbl!v!SGg7JuOdBN4wp
zCXGCFyPiaD8AAPiibo`x=O)Y&eu~ILzdryc{P&}B$V2}OHWC3J{QUv=_n(2oA@EGU
z{|NuWk^erx|2)LM2Y>_pcgBAX0RR4Tf&U!<4)oty|2yx02k`OaT&s!~`SIy(S-F=;
z<y6dWWVq;}`oYG_gFz%d$C=5hAH;q&Cy7*x6~-}d$-}<8j47x7KF{+<x;K+EsJ+@#
zyJ>k{uCX6TdwnM3t2{Yxk<YgW+4ZyPgksiTe^0<?hm~0yGi&$2Eme*bqC8pouc}{}
zQ?g?v;?M6M`TJs?<>n^3Ydd=2pFOO;gcTI`XZ!NdHBO9l?cX!L@5*<$Fgk5-Gq|p5
zeM>2lu+6)??E>SvO4Je8sX4j)J-LI85E1YAn&s_<xr={p8*9Z%S+J#J=EE%a#3WSF
zHSAK=39ej!pSDACsDrtgYVhHEUO@<nD}{@=V{$Uq)V@69Xk{P!F~iR|vB2EL(Zr*F
z2KY$NYCAB5SmDOM)TcD;*#BWF*w^hDf244gW2`nkE)v(iRzrWQBDBZFcHUcb(NN%L
z_I$wIuQqP&znIrBMFJ^igG+L^<jEJ~Qae4v|AfGafYvt>$=57o4;>0(Q;3Y_GnQ>&
zT)({Es(W&0Ra-DwR@*VNfl5EK=rWdZa3^%iy&V^kjIn7r2-7E7)3wCstGzOK2^%bb
z*KLzd{CFhc!ag6D;l@~A?;Ndc8fI~22TCBd8@|6E@${)oAQe3+#OwoAw0hvEI(JS%
zlrUi-)WO<932F1ZYPs$0`?DYILT5cJ#OF3V`IVcR?n|s6-PV#BB3?W5JOH2AHq9D|
zvyCL+(RCq=x~t#FWOAG7Ukr7zg?B%V7NQFaO`D0Q$D89cdB4Wy51HRCch?@e`7}r`
zlu6jWlwqjUPH<=m>%J{J*=pQ~=C83^IvXkrqmy?0;l!Eg=D9S1xlwXj;I6E~<F>vf
z=jo4!)ES4a2n=1$BN058>R&O{_nu;kLdf`J1lXRGkDr}#x4HD7L@H-9Fbd(TCTor>
zOdt@eUE4-?O=^R}+QY=%x1NdEuO<0jdnig8D={>Dd6bsBZkgmfva?@RRaL-!^$oUc
zvc#*!KscFQ3H?BblE|t(r$6g;^{XD6Pm_)lu#(g~kXl)r*gMB}lzZT<SuKZ3e2xjv
zK*{85VQ(6|@k0f2r4l`h%mtZQJaNah$O#b@?8HLcVb6)A#8T;G9ogWt<+`$=cO+t4
zIh0H#lK4VI2X|4g+8N@nBv7)KnP4_O@%8R@t&<9xh};p7iK}Tg+R<jQlH5o**eJ)o
zaidODhaDvs%G~uNKl+MhHMM79NRH`<5+lX~-+8WrF~<NC|CH=DwHRY-Vm5?NT)??a
zeoudoe)2oOo=cE~KGi8alRYYb?aKLa+UrGYF^LL<kFltoUo*lfnN_~amJ{kpgl*5(
znQ@F~lTIY=M<gMjdN&_+Nvi8FC)-U#S@v^9e+LoTtpN}DJ0BtuabY|9^zrFYNmH&u
zaK7d*%NMW$r)y&>2eU3AhAFG*GQV)qD^gz1-GdCyC$o}kl-Wx<?b&&)=i<lZS7q6-
z!LQtAM1MTZ4+uW%;QO;%yL4LEo!}w7MXov&ldGi=#Sv0c;=1+g=Mo7o=r;Y(x88z2
zL3n13%*?F8YEkz}!h7|o7i}Kx>#GkmhATZ!bE?jgNYOVukpt=`HKVzOZ7H>K_T5==
zLUsb{?r{o_pBxw}bJ&HvJvV5Qt*|;PW@Kcfk)b?LY?ZrtoOwXfOH5o`al0voJM(Os
z>m*;G0RK~y<L8C+rqA=6+)z_%Q;gvrsqobe5x>81w<o8EKqOiz)a*(oXqiy^PwZA|
zPPTR))(B~iD{1(omh8bS;cmom)0$n=sxdm-&zC>Di~(agRs1C2D7#{`yaB6R=y_O&
z)GkQWLc5u;`}Z{bAVY+^Jen`DTgq*^yEsj^(72BiHJEFWscP1Hg0eo8)5!Pftl2X6
zRkuATM{M%PNO&(KDw4POe76?qnx~@>KCc4XVtY&lb5|CQx}NU%oE_S;qgqG`k*J!R
zRUqdPZ_m$X+6b+daAFMwI(oYdA;&q!=f!dOa)otq1`1&3RwM3QP27bvwPJd$l*k0D
z{57E^UfA%f_!W(`aQ|bpe0hPpgv`R}fXuqp9c<WH12MhIQlmnj^~G3=T;0MHU*me!
zL@Eo-bVb?|=hEu<Osh3m=<NC3E*-RcGl-cvC!4N>CQk|aJ1F%P?(Wf^C9DTyk>eXn
z?taY7pImO0?&IHQGSQl7C?%8q2-1`5M5|_Y^6GTQyG$x{;U=G}wTy6%PJTu&F($W<
zKp-r?6R>Gbt#;`6&K{UOSZc?JC#i}gI1UsuT6@p$$S~p)Ll`Kl`FV<#jkvesV3#oe
zMOs_erX;EY-}IT?&H3H=p5Wb+{#!rg!Zt+b;uNi!A9ID!BltWQNd*N3kcx;{SF{xp
zeL?16K4;?+-D8*yT_TS`x%0b~s_@f%^cvN-4#;Fi9X9Qlog)go3Jx{&P%6@kCu}EH
zZ}*^@aoyV6R___+QVq7HdDFV~2{^Q+!acV+C+yl_L66*#e_rkVR%h4%$vM7Kn;sb}
z*zsA|w>ZN$n@Y&&Se|dT*#uKAF<gC-*5G;eDQVt=m^U@m=F_2%1HEbN)us>Y=0+0k
z#F*6v=KiuKHK<Rwyf~eiCXkerwCK0|y2$=*+2kpxQ^|s;;X$_<t4NQZ-|>0_=&2~g
zfM9F9gw0}fcD81wPLydiQk%BF*lp<f$xCQ{(<_QGT={hcMpy&c1AiUN&WvdyEmq;y
zW*rD=FC?*Dk%bJx_5}u26Pd|gTZvq&I|C0p(j>GGSc>wp)Q2SB^IWmrWI<#-K5+ER
zIVrR6&t61rEYES)&J(KUzkk12o0yo0dpITTI+2&Wxh(PU*Yj8Q1I01%5bwhp)N}R(
zry=)-e)V_tSz(KAo5#;bf9<Zgrc<DCC$K5vUTvL9@x#vBo2x9(Es>eT;JcyM4$&}2
z+NFC^>ozG$l)H>v={9(;E(5oG4;$)aS4oO7Jz>LhFWlhzx&x0B&K_(`sG2by5{zlS
zu}?d)E1e19L(0qaTsjLi43@j05}Bl2d3W?PWOltG^O!dS*-EzK%Um~~{Dl;_>>92~
zyy3Zcd*_*PtJ8RCpR7k;YC!p!Up{IlU(n+d=WH}>_r_v^>SUdeqNUqRGVjyfj&G^$
zR!@sMa-ue7^n7&=P1&R#zo@c7h^fe#7t1<6U&`OpW;9~E!I1N-O$ZxRc)fTmq}#}L
zYPftkE5wBrJ2Qw$Xna5>R3&q$FnC@<M8NuKO8E72Y*XrZxN%Hnp>}Q=hWPST2pxY?
z4pxzDDfh0f_4PH)7N3?ux84oACZzxs1M?Nv<mwHJuvkKNToaA%jF4{XZ3X&^h`U`C
zPQ)_f5%z`AcbqvgrmzyV9*3h?PH`w_iIb-g-;eOtzY%c?^!o+)H>cJhy)mXI{H^XM
zuIky&^jx3wQf8^~?_Fwk3`}pO%Z9{rp`)KZ4$0N5jUgn8`|8Z}XBm?m<jGWP*ph$m
zh{dE^;V1sxS^K{H(86%h8o!MZjywEAf@YS}s~5ke^Q`<F<IHDAA>4m`d2zbFJ(tga
zXKVjK8jX2hm*JN=Lm5Md=c|1j<&bo;NV<(3(e3-SOZ3ZXrrLc4@dr%;ar5*^{3*xB
zc%p=5E}bhFiqWUHcK%S9Jo?$Ni_|)($s<orRYP)a9*Y^Pr13*M{Bf1GAJ43K$3sKf
z&9F;+Mp5F>apuTNax|i%qF3UsKQI@@DpphBiLHsaZoT|Ni<E-Wn-_EO&QVTI&YpZV
z+!@qhDgE@=w6KFp6e9mn^62<zMEBtKvF@J2<IIveGF)1Dmu1c~F+uF}vlJTFq)fEu
zXgk!FhA@cs?o-*mKM;e^^X$ntR69z*?Y0wZWvCUxS#J)x&n4gR%~%nI`D9>k5<rr&
zQ1ddE;s|&V%~IQI!nb2{?R)Gq+uoEU5(cs^K&(GHr>HtGTluAPClZQy$PbVCFsU66
zpUL^pVb0rJESbkWmg6FEn3-NWE~9=TQ35Ita$~H-Aq+!uZtj0z*Ojqdcw=UaAIUd0
zJ9~b9*F+#_ZU`l-U>FyOGG#9d9@cG&t!8*k;<GP|#rSrKHZjh{9W+^OV{0b0Ughpl
zZ<Xb-J(n9P$GF6a4Nk%vCyKjS9U^`Ip6Zp34^;?G4P}zLu)oBnEyeggmwiu8ejSHm
z^kpdFkYhz6aaEf%=lJHdHgVS<d~a~>xPMw=&RlP9;8-9@mH46!kH6C5UxOTPwAx7K
zG9dDp=AcI)`{xl|RMY(iCB}pX*^ZoIyQ=jL5(h-0*r_b`7&K4z?$RD%dq8+lemh2(
z_#^R&)60FCE;W|;ozR=(-s!KXOiSDoF*Z$ue`fIYWtf!Sf@pzob0intif)t0;Z6I2
zC~uja_a4TG)9!f}1dqG;@|j{8M4btro(8><K;2A~9gru>hA>A-`g+MAIc=ih5HYUO
zAr-@`uFp`W++~~RsFUxe`1e1tLtO=o<UW-(wO>!l6q#AwB(zYx{U}(T0~JW~unevA
zHJA-`jSsuIc}nZ}@s*-#G+NQMG^+qo(W3gQ?c(srZopYF-^1H%GG5C+?EH~^SXVk<
zj?3N>zDU$qoywd(y;3aSP_=L7YUMG^u0~&7<FMw8j7@Fj`mytQHQgcWX{}t@&C5ho
zAlYU65S14DB)?u3%Z~W3{P;BKPfs!=CWO?IB)iDZMQzA8wzGoK1!t~kXoW<kheD!l
zC{~UWP+6JMtWP0&uVzPD)P){%p{BIlUswV88zf!QyYw~fz4EEA=$XKkXD>6p7H-WX
z?^1&Bu-A^%<F+04CtJJhEW0DSI~`?Pn9KgRzP_Z*{r)vLvqn~r9YxJ3Y!9{N0(Pj>
zGx*)RcZG$?el+Wg;|}fbM<)#(3_LiibsXuces@+Y&a-qAQOZtis6ZvTDkW1)$z)<8
zp16MLLQX;gJL6-tot&7GLF>5!QtN`p(V?b0$+&az1X>;~dE?4#N&5$FdHN-of^LJ-
z$=w^$O)C(Y4=D3zPJ!lgNnT@|%9Y5K!70H>s^bMtooU&2?HTT7ni<NPEM1vuQnm}>
z`X!UE7$oX)Z|?81Y05cfF)r-gN@y`Gvqw%eX9woyDq@0q&hi>K5`G=&%51aUwFm-q
zi5JZog<vP*cG>c;`TTm0*UV^SbDQbaeE0Iq6|Sg;%h|7bN1a#VF&ZW`r;u9hNsb7!
z?`-tK9t+`6-3yJ&hwE)nE%BJ;o~tTkXzRGgS1gZRV?z}mjTd#f=Ktw46tY-;(<u^(
z?VaU>z;y2%ZZHPhc^CkcVZ}r2+#eM5;w+C*TB7K{>2nHZacuT8SKYqtADS9k-W#^_
zYb-4M+irzRe*(G&|1tgawv!sdfA-x%?<7F92j9O$bY(?xs<BA<X(*8^+-7!+Cz>bu
zjXF6|$eb8%-2#AIO$t$GG&5D<Ke1vB16`|gh;bpOfnwU^E0vosi;R~Qp+zzk&hwx*
z|FG5Nj?DCre>NBDy(*RRxz3n0OI7*AWJ}O!rD#_Y6>FBB5-6GbbXhI+u<H&RszVUF
zxwGk5d@M==En>O87z3ex43NKM4ri*km{@k$^tEHL{N9ncclDt&g>^k921vR^vdr$@
z{esrbm%nOcs`75CXiLv&1IN?jH9BPqutJEZyUS*0+U(4rjEnGKly=W)JC_ZjY7AG5
zS>W`<0S)fjg^PDy`fbe=l|XhBeieB%m(L^L03-71B_01TW=7OfD`UP|@Ks|Zd#+Wz
z1TR+5$x;Sc?t#~6G7mn>uU^ub<eh5*QC@ER8;x93hZd#BN@La3Ac5bsIxD~SMOC3=
zrVBc>rrhWCY=Lm0<+rB^HT_9C6bRb#`kElb98w_RvU=+5fNPfXX~;S}ci%p$u!w{*
z?hwf!<an9g*w`48$xxtI#O2UCZ){{lDlPI}OO~v!Si-r<`FsuGWMD@L2Hhw#TB~B*
z91z1wrWZe$DPQ0~ZPeeDx1w@IR0w+X#lO9}pMTrpa$s4F#Sgp7uI-%88<s8ae{Iw^
zD1O~x&hmaV`zz`A&dfk@PpwB;ULrnG!bu*vww_flNotPks#7^pDyP>_{}Em2wYDRs
z6r1Pl><mlFZEYc3!Y}yjFxTVaM8c6|V{a~<9MaU(m99n_b@%AS2V)s68K%TMeOF<u
zyQgCV?l>&H=47cFAKa`2<-YacJn+AKl3}@J9l>z!ok9iMN4whu1%)L&Bopqq{}7PT
ze*?EDXY)%o*$%S2!kg<wuN0FdeQ~Q&_L~n^ScC<P>?y_EWj>Z`25^ilbbzM;+K}sY
z3r)76UChR@mF^Zjon1EG^|IO^<5Uw7BmVamS>#3)$?o$5oQGo46rvQoIg}>!i!HOY
zb9-$|ye4*ybVBT%)^(ZQ<n{dS%Ba{g?;)RP){)U?dRqrm?*>Qe&Q>PserRyi|5|hr
zTjH*X{VBonEbhEM4*lk=?w#w{lFEIk+O0iB4?6{U>6Y}FED=~iD)bRdoUH`4)k)>#
zZSm6WL}Q01&r;-4++P%!4Wz%0$BuSd%zgT>3Te;pN%2t%JB4A#ZgSy`O9kw^e-s$w
zAZA=gQ@<|Ct|T-?vU4LeDIoa0HBeR4FNzc+*%V01ic+`T-nSo*P)Mz0Ff+Nzcul}i
z=RqDoG~X^NiTONY5#NumQuS*>Ba4+v#y#J24s)VbZ<wc|F4bJ+7Z4^rh%G(A+Z<_*
z|B`9uuG`&ZeiH#SjIQKnAsq*HbHc98sof+rG&FhaIi=^?Gs5LIgqTxx4-89g%YCb+
zK0K#teYwOcu`ZUx2Xx(V`p%3qYGW%4Wl;kxg7I|*<dS(-KZZj-c>w<`&<;~@KSG)O
z1rmFPLhN*JrrVKHU+)h<Eu6E@Qu|&S_ajPpU86~XswmOD=>1f)6;0rWmR1tEW6qSv
zCd)Wg2}$R$!gBRJ6gOZJT#?Ad<>fq+s=Dg!L;X>d@kxKk!ZD9;&ak_X#?b4-6q3ye
z$th^*RF_IpJyuh<_QBt>o{`o%KY8u5!MAj^w_2k>+ga0i@{G?_s_M*q;2cRU>a9_;
z=Cc^beTjUbmL3===^MEIS~hAUu7T0%T0XmjK(CEkxX|-(brI(KDalwa$H6<Qv8uT#
z)%-~q>y8}z$){cle~9Y$nUltlUcS=(aLVi}`P7p2a?VmGuU-#L&~HjxR(pAM`O0S9
zDR#u>m&bn?!$%7*a~!M@T2-xX#cZhEo)KPwwzok3{>>hL@5O}62cnpAOwe)dk!&cP
zWOs(g2?G&?zrVhxXNm7Kx~1{iav5-}W?tnum-z_?wtpyWpS`)(lGM7Bh%3#PuE>)e
z?-*1uu20S1r%PaQJNh@5dvRo)Le7~@pfsdkcJze)OJaXhLKLm_bU!|R5Q9xOzQYX@
zyj2utd1g-LKN|W!>iK_=-~VsiHFSFaaOVHx0RO*?`JeGVTEMvqc+7vOKQ=RR-t^nz
z`&W~joD!FIRWEyZI_ERu<fK*+TjD~|I+T$4bIf1n{>naEE8WGDQNgBD38Ys}V@syu
zMeV!W2=_Ef;Q!&>lLwZD=B;(H%+}VKqVEVRlc?dYhyUa4rgy<Ea@JKR3i?&)<43o~
zaxVz6!rOnSdg*TO_3ICBPdxwP-uRk;ev%Z}`Rc##syq5IjU29bZyZ!b*-@xdisF#R
zSnU^<d}GO<dEw$WE9rYD_WU?d?L#|sc73aiGvd|UZK*XuQMHYd?LB*b$vlzWbB`Lv
znT*(TxcrWZX#V(vu|;D^ENT6zs|$-MwO9?`eLp8d<0W?*@7orXYhV7YE3n#EdN0}C
zYjn*}Ak1?0jZ_JfIZ+{Aj=b0ejYY1xBk;jLclLyEl97L38<8!L@tdc}LdT(|MHa~|
zaqJiEE>eMir(g<;9VkbXfx|s}ba}B+YI$Q=7p7jH?CapOqr??xIJ_8(S={8%n{($Z
zNtK|W%|FV8WN`V-WM`&hG+x%iPjRK}?FPuT?__TVN;duz0N-Y=<2XJJj#-V=SkzFo
zoIhh)h?zaN*e--+j9I!ELeYu-{<GV&${it&HTEu&bFJE%9SgkkdtAY?Ni~PlPCnB6
zUK?cEhr-#+aiG@Ps#0FS2Y!!*uR;%FAA-Xn<`yusMAX~cFCwA%@$vDkFHNHJ<3&E%
ztREX2D{OPAfnnY^m~!Yf$ECMy+g|?f46!`Mu|W7=j_bj#rASKRwzo~&bKEN)uD=Wp
zR%(jPPb1PWNfrY)J$U<<)N$Zw80SuChqf%0pY5RsHt@XkeJVKE?+fW&Cst@y-wF`2
z>->PliiwF~y*<wG8Cib(coU#~@D83x^ge$6{CQ9sT+T^)w;CM}OY18bxySF)j&Ufz
z6>zMJCfOz76>y*Y6*wHfam5YU^31jcIkP%<izO33AKqt9$KhPRr`S=<bFuX4)7s@J
z!BsNi{<m)_&|I!f_aK0}#7BB2)!e@l$bmY|sp9_N0rvh+0dLQz(80Np2?6fU%kYU?
z%!zN_ShvJ)J8`0-UYdBWycu?fLthJfb4JQ@+JAoM=@5!sXWhB4lg4zSSBA2{iOF~h
z>9@R}ManZ4fg(fcuWKi%{#BEL2z!xwCwOH>>JjDG#PXu4z&OH+t5k_^d+pi<f)8cP
z9P1}GrgpZ2if)v2MfHY@T%bgA^(`dl1i#+pTGPKOqu1)gl9%n<S$#K_;RYT#&B0?_
z(d^G5<(A>K!k_@<Go1A?)d;YG5BQgUqUi;#C-71AJv}|d+IQ}A;=r=?WwHTD`dZ92
z)-RG#)Y(AC4p_;6qjaGxQq?$|ceT&Dh|_Q?J8GkEgPPIm7X=@0!#y7)6>rGCIu{4T
zcJbk2Rv@)Cf-|=3Bf4{JJIw!7u1G5${o-!2#HM3uLN^6r{rvtlYCQ6#({ORmU1|3*
zs2i$r0_o8TXg=dAuN6$lWY3J~(}Ty=qnf@qq1J~h(`Bouyoj5Vk~!IeHmw3azYcF}
z5UO1Z?YgXi|BF@3P>g9D!ljGYfBJj}I8V3D8SS_CK0#alS_dZ|k-9OF12mI}{di-K
zfR2G4LyFlu*+7R7C&&F}I%+!U<3|$(QAs?T{>4eg6uBv0#L2+!^!iKa2`KcrflN)P
z_`})DxsuRE05FVk$~M4E18rBF7dUr7zuLzt;3chughYBIGqZv}xl5NF6-bRA91F8j
z5q9pp%@Ms~^8Rj$utQ$}iu<VNn%UN~7eG|KT<cScFSUks@#L?XBM~m>-n%RS;GGAG
zwaEnRX?8_6C0^Hp`SEloUIu-lRa0z?Hh+jF#$LFIXGnJMx~9d#w+jKs=pxixTU(32
zcZW69)tzP6ZF-5tIQw|0d4TSE!UA&XO#_>S*`*P;L`t3#R3q!;>9N-)OD>_;xRea4
ztmlfxI6+;jbQ^NlmL2}^;e(JpL2vli>|j@sX6A<nW35Sox>CtybAwHB{>jzb?qmYS
zZYdVP8oPWrYbD+|j9Fr=K8#;*0OLImz$8O8k*}v0q?LT-)W52ZmMN2O4f|d;EOUfe
z%}`4&+Wq(mv=aYa-?BGiuJ)seFO|gI$dwPeCiWjX?le%5f3r3aE=Mkmsl3-2_*%mf
zcVfi5ddon86rK-~cNSMxqQ<!lO8bkgxYNFhxD1F}&t4avc52xC{?%U|)E1rqW$rl<
z+l3Rf>I%X~&vHdWFL&S=9o}3uNkG`H(^4f~sOPg>wmaxyWllpEf@}P0>x#zea@C7(
zLqswH9hk?OUH9SVY30oeIiv!a`cMN`37_TL)boA*kD60}DfC_?qs4S{jKm-mIMot6
zI7-W?f0U>@^nfH0wQkc8ZU!;d$x%FennP6)NF?Z)_V0VTJd>q_E&xvOyd+X<f`6u=
zqvOHOlYotZKrCzLzHx4?a9+}{pHao9#!X`g6m`Yntl5UC4dk|k1$l#99Vh*j;w!7u
zJ%(jY`X@HaFAfB0Wou}c?T*&ULDrUz)tcs?yXx3~zl)^mgkRhraS&~dUcGYn{aeQy
z1|>dQGiEKt4V2EE_fk!OxZ89E7MqCh?`Yj;P^;*hCY&}{?mU7i5_xwOd)m;iy3O<>
zC6gVX!^fM5C{X~9Zz8F{q-tZTD^s^=2o|B#*4@u{S$}B1&&;$*5OG@BA9S4MB)>@|
zq`d4f$_&L(`u+9<ej_|_^pf28yJ}a>*Sbv%k+=?vI>me+-|f<UJ3IU&@1foPPeOd^
zifBGfoI4XDp$L{kOG0_Oq)whzw)EqDE;7T0vFF8*(Fq9&y|=w&f@qrJ1T%Nc@!N-J
z6u)XUAeZ|ectWz3X*$BKUErv9vKKg??nV0ni+VMnU*&eSo*hp~wmgX>HKaH#WDGq@
z3Yi{=BhXLmej6QwDpTsP`!2+djhDk=75Ii#{^xeb`aLm@usRJe_W3LVmJN5;X|sk5
z`%7q5;sjdoc>MdX6D<jS(EQJ%*0=7w)pF}3U75C!z88+eZGLB0S`p-dU?*0r%<|kb
zaAI`mVh*yAC=tY-7G16S9(E7P^0~)vTF+4M)f#&w4oIp>Zx)7Mi#>_BHPq}vM2VN2
zTs<wf&VanrSzeRxB$DOza{rYLm14^zVCJ-05=31h_)R5;t|+|5Czhj{fXsibGu%qz
zgI?P}K9gS1-3a7HZDnf)6J-c_<BEswB4h0-wJ&M83x+}a>k}yKwrqagF(`NuF7B$s
z>iOD_Bz%+_kYmF}6+Yu_iW{?KZ{Am<b@7quv)I}vcFsMp*nG><-&}v7Sna&~_^CSw
zN+gG_h@{#KExt*mN3puTp<MCHt~3R~d*4_$>DWHw6G!q90xY$da&)0l%;RZ&zE#IN
zphvWGR-Tk6--cC@AnZ_J%$~@l&DG?-v><P9v$xBBNH4+NYi$*ca*>o+@kKq5`Br?k
z+>s3x%((GW?kYqio{933M%r*=yJ|rBq$uwWYbHb4ikYp6HBD~@kb$(^+7uPpD;bIe
z3*zA`OC*|Gm(PKz5yZo!bt&}PVtSweD9}-(oT_h%&zd+AN(bO)kU`3ue5)&?CG7x6
za-C@kms~8(da@v6>(3OXalM;Ali|71Y$}_r^kRh{ZqUyDgE;~~`9<#Ae~8*|i!|V$
z|3%Zr62vJfy<wa7B$BGZ2e%oKy4u=$QzKwFf_-Y0$&On5pYg;Vhd!&%wQ`{bhH}$N
z+**0IyH9Rk#~M~y=WBg@?|zC?m1loX7<+U6kM&^bEAQ`(rUJi8S-CZLS4@mkowH&b
zqXc56kDRmK%Si1|A#!QrbKu9l_%;J?gRcPAe<99MkY6agAlsM36Y}+Os>49^j%JL^
zfi6O2rK}l~p^^}DS-le($ZOz1$7`TmrIsL)|7KlI02>u&+o26c7gJLyUc;i<TNsO=
zFwDX&$wuj}L%xbKkn-Qc0v#%w3wIeQ-<1ww5C-<0T)A$*V}37RU{C`Pml2osTVj}+
zNX?yKbXE{!snd`uG2rgZkG={wMqS-LSj&1dWE<Y{;@;2n0+x4=-+wQNEzzlhJ{^#M
z)RA&WqV=VF8$~kpATtltu%1*Ur+wDgtFIEvE$>bPVPrpNC|Po`5}(*@>P>cy;!v^r
z$(x&IeDl2ZUI%Ii3ya{_i8A@aTh6;_oLfu)ETxfh@H*t9i6?^g`Sj577dfQXMM;zy
z2P#n<)%r#(*e)5zrJa+rhIO4Rs}$%CkMu!{ErH|*p$9ShzOq*vi`q>|^d<A)u-THR
z>AeR=RmhbLLg5EHOcTZJyKQ-~hJc}!FAu#Mf5!FF0E@(6)B`7Z^~T0Z5T?~WP-_-<
z=Q-&mJU8;xM*N_>0jQ+WO-3}CgyiH7{<vl_r$)}xRy&XfddM+Q(|10z$1QwIsTJ9m
z0X(H0Q~Rv`iLSHZEti@}s`<SMe&zYJhh4cNRc;Nt5K6_4M&TgRm6Ii_LhOU|KN{2q
zVv7QF8)npM1(HNn$h|0B{m3U+J(R|n4fU}+iXh>C^73RSvU(0R)7qy<KFenSu7l-o
zqZTqpzfDbL-+AdYSlW_^D4!!0Ksx{_1QS63cKZY5;|y9&-Pg<rzt6JBwV#ECO>RGI
zD{WE06H{amva8J{EVoXc2MFlPGRt@(aE!|P8Q8URv><{l#koL|9*nZAJ#*q*^i{K4
zZpUssef;zw&fB9unc(SN9^J@THW!uI+MqEz<j=YfpP1rReDV927bVWyfk60`Shqzu
zDND%pJY>SF3BafTCzko&R5rW^oOAKDev^xCN{BgyV#qLQ=8H4!_KfU!;wyT=^p7iy
z)xGw#){n17A%++YKQ!mN)e2z~OzY7#PoX7~CsSUJT-dOhMaFPC^zO)MwrWM>n!pdY
z&NO_foWK3v*x=w`_X|nQH&owTFPUtH`2gZu0@R<4`u9-O5)mkT{dkjZyh&0Vu$_Rc
z2O(^AU`{rMHFnzeQ!E-~#@+})x~Cf}RWIpwKN%o1Q>*qJICijF$kWyua1{uaw()6O
z%bLe+Y;2nNp7rvntSm1_&tuLDI}K7fh(+5ur&q8Pv^%K^EJ3tdH^myy=$;!UwceE&
zFlQ8Yc0^#gjXpfD{y6ikT;uVEiOGf=EIk_Exb<Ua#l^)<K6ni59JuDRH->CnjqF*y
zMSJ<~H(YZZCKz3tKzPAtTv6feL8w|YRSQM)azdIK<81q0A6AHov@=y5Isn<z(a~|V
zxTszNI!vF(P5;}{I)+btIR{Cz#C$yGa-7+-C`1t$qHJs?149__382Ec|LDKwO!yF(
z&>M2@T4zT`kyVopqo~uc|F^f%j)SFfl2~ASIRQ`s2dZEEFz!r$h0|vE1sQ5>`>qTp
zC_IC^{bozC`G72vg&kH?zbcgm@6}9`zreCaMqCB$0=qO}IKc#90nMci@TMC`d^8^9
zp<ml;1I0FAqq@Orj;8?0H*em=3)yjDBz#CeKoXtqTLb=|j?ct>ZJ_~Za4m&u_1FrB
zKIg)xBaK<06Bi$(;Ba18$%YM#Jx*6yuU=M5x&cZ%Adx6f#RDA5Z-kJf%ffBYak|g%
zL^V(UC>mRInHzMYC_|q!KxLCpke^|??qLf~1?UcVS?<|iDnBK)HpT5a(^a1AGX=H=
zfG#}3T4D2)RH!a-VJTX;zsw2Yd1=L{#?0brAT>2UvDAJ2C@p9orQU7T0H7z^l1<B8
zc}W^G@@G}JuC!EJ1gQZM2Lhc+RD;U(W*$a5^t{+nI=+j-BLK|bo7MJMT%&@vncqQ9
zgn6LB3Zp1Y3NCGpfs6`33@j*-e8%GXDvNiDiH#SP9z!}dAKp69Sq25wpxP&W>!?nl
zKDSgk0yRIR|FLwitk3$HKCXw@kVp5s<gkLV3xHtkQZY1NO?Gd$h<>CW>cU$YBfRuk
z<y|&tDzudO_%^kvsS`~GJ8FKw;oN1?@*F9<EATO=Y7+Px<;jw|j%Z;AohHt7zZeoM
zv<EqgF*z?zbGo~_a_bjIrzk}iTg{X$jyG{aFAL!Wcj3S>+G&`?>W>4ibX>aG7X{Ui
ze*%d?8q6EEMe);%f<O_(-K`#PgQaG__SF02La~0y1h}t2ZVf-8ooW+@g4PS_knKdX
zJ|K$D43(jLLzG?f{gqe&>k|kR)JYAlG4N#Z#Mz8~zH^Z3d>a2Z?<Jk330{qKMfQ=`
z7i0pxR;HyqH`WBj_nTHv4;A{y^5|P>fhI<=E&@Dtif-ogUOivnUuEg$AaPVJNnEqQ
zNX$-pT{g~%A~F;0xPQP(v~un|46u_y*z1*-^^<LUqF$L}K<Rs*Y$5CI4U<5Xi=b1>
zu0#VQ!M_ZKe*BDl(haO5FT`P2o9S7dotEe;QQ$RejJ{%6?(Dkz=~AtDWTS4D-Zk~q
z+XBfzjU-5>_pLtBb9fAxv*BepH4n5y#jMi@pT|1?ZaQNeZ)qsRT%RAnNf{Y-2<}co
zdDL-jczw;HEvc&5s;OYS1XAl4=<%SH<`YJnhC8Yk7l9FH=zwxA)5PFb;dW=@8lA{r
z&MeFK^@9yR?PYOtWNWH)iQ_<NDw>SXQ^2oY3?ZA%89Xo!y#?AQlN5hwF_+)(NDWC4
zxe^q19`Y)^BD0v6BQXBAWO?;I$X7}EPUI<)V|h&rXeCiQH-6)0eRCX(->(ZtEfB2n
zhXv_NCsSL`aY5>U3h_eU&2M_M)#l5)18y!1%;H5ZpDkw4gdK6d5i7`Cd)FvN+UGI&
zM8)rX#?{4e>h&c$Bk&H5KY&iLSluL<pdYKHrJCuhg-<+s2x}lx3=JIEEZPI98MVj1
zHccprM4r4P8~Cg;m>r*Zb_fRfeE&fpV(5W<i5?gCAJu5iDZ?OoLmH45e%NJAv1RI3
zUQN6`dw%tKGE`ydJQebn&_v0_p9>N1xWWueJ${10G}@uhrC*-RqckW_>CdwjokxnI
zNPORmi~*DC6c}A``9TV}S{@6HL8<NNHn2eb;e_#)gtZ_R#Sb_fx@Z#|7$_QER&20N
z=y?ed=dEX8C4eO~4KN~#Lrnn!4f2Qu;mI3A#(TVh3F<o)<H9At1k%T?Ji#cC-yELc
zgwdTyh{8c<)gZUtw@7va@LseeiONX}A*q&F;x!_1haq_`LgU<!cCTh-rmrnt7$L%j
zLORcX`xXuqU}t($e>P;#^9Fl-XbO}3&wummH8>^8Gq%1zDw!b8u=Sn1Iph7royybp
z-9pxRIvE)XgZfA>k>E5^Jys~EaDLo=;71Zc*r9he*m&!?i_HB6Mi-ZPJtW2vZUfW#
z^B)Y(N<Vx*nz`Bg`NMrNEJ-W`_*%-Sm+1H!J;__^#|n(9z*s|!!a<aty5mc`dwAQ|
zyQW^IE4lneX1vaZfl%QVdcZLif12y?{GQvV_a2v|Qb6%V77<CObftXWUIR#AZig%f
zVn92$uQ|C!dU$@gq;L5}(R9+ooGr-KJ!9s+?sH{2owA?+m(6~X2~q$6VNSK1%ffl4
z!hS_OW1b&8ZBeAq1sds6q@BY(OLN@GIQ|<o+o9HfLHGsWi2%VV?uFEHj6)w2z^Osv
zOl+ZE3OkA+?u&r}09(#7myw$QT<P|2?QHHcCvShQn+pQ(k0Dad;}ENXSW$b8e<x7u
zwStK?-Y*YPl(H|KB(mWxWKi4qc9TDE!93jro)&z)N@U7)azp>gkhrAr!5kMyTX<l2
zSGo%>G@K9tuTO;h?F*Mmj7lfBUXu72KwDjCo$qA|W!Y0*5dKZgyIz7h=F)6!BgtI1
zwcyCN-#q6ZH2Hq|a}MjKw`@4!P8&%z00oTQ=(oMFDyhLaIKrJg8g{n(CsV@OVmsA;
znuLkdNYxnghy?BVjfg<t<yo<p;Pq5x$$`j*-8}fWH1h|RRbxp79F(pPuJ0cROF4Cs
za-m5T<l9uH6YS#d)3-1A3{87`(hv8qPOl^kSNVsM&|v=a0`rWJBz*CA=V;t4Pd>;d
zg~;y~j>PrHQPz*{ZV?c9sCkLQedi~d6H$<^=PbY@mRxhVn=U*I@ahp)N$_)WC`6K)
z2bN5&Kh5;y`h(eGJ3NwIiCE!OJmfS~mYC-?q_l1Ix|cLmAQN%%&ZV*|gV>&d5{3FR
z5&EP;dBd;n1rGYk1Na|7TZGJcXr~?3+@_ZYfV;G1kqcp{f>^U1;$XQYg+D&$s%&d}
z$N?b%qmD$t3uhZmP~mptZJ$TWL~T<d?P4qenBtE%eav7EJ?uq$e!>UX*MX`{HSlEZ
z7~m5ziaQH3FTii*#J_?zGl+7*(SRIG#r-uYzcp$73+qV}(z!&!ftn*n1XW^bxpIXw
z*ieh7qgVzfU$?i@Tzf!4#ikuqo5vfbsM1vA$qV#RI6r2a)mI)HQoCE_RBUj&1ldp$
zUdxXCS?ZvVL+XqTTVuIlKU{g|U0sMncb45@VbYEF=IM$WNHAw{VRKDKa;wp3Dngl4
z(9RpeuBSAlBLEB>d`6Xd$qFEyQ<%)IR>&Y=BfCrO!??Hu-puX-W4Vd4`yJ-=6rv|v
z8X*5TH|e2qMx>Wwep)j$Y28|Z@r;s?Hnk>f^%cZU$6BGq90x1E4r(-=?F3~$E>r03
zXz&;85*;-DWjgtT8uawvXJ&M<iZNh-7XfxQ)(cGhi*6>=3;>wPGCw%AoiMLAtcCLN
zK*?Ac#5n<(V=0{dc!`cD52yv@;apvp^<U5}*|A??l~GL+za%r!n!rDAmD8I)B#$r@
z=>~i{-JQ+NLLGKhq<fTv?<&44z`fqrZn`*)nbFV-Y<eQUZnM+IOGhXrLbm2$u}bP>
zo$5@Fx&Z!7Fs}{^%v^Ik9vG8KE0}Kyu+Q>NQ)y3b-&MyWtA&JEUPF9ykGI|Bb-RXJ
zD_~$2!jvX8%dsnVmK{3Ir1KT(R5h62J)vtlm|a==v^pT)sWX=G>9}k<Z*i#)Kn%;b
z-8b!brdJppT+6nM8Fj)j$zgeyvcm?mww#GYtLcGOLdGX!@rmQjJ!iQSO7jHht>nq2
z=UPisO22Rc`YmP!wq7SHnoHY2<Z9d`7;f`1fwF$W8aDLYyq8)oI^6Aj$H4BOQ>{D9
zV_Hq|U3FFptbe@uwCDK1!?#nisV>}C!olO7o&UkFRySAn^_<=7cI4ze+e33w2FjvH
zMv4Y!o@ukg|9tvS{9z+;M-CL+5M#-qro>(sSazy)ORRaf?~8raemn@)PUMq(mqQM|
zWKy@WbwR6EkJvhJahQgW(ycB)O<r(;qS{k#x?7{xAQu*Q!zxFIV_}>-t}XZxdRNSX
zMMAdeJ?YiP=dVqH@rHczz^qxZ&rP{<jv%*wDY#7-Re6P!O!C>jOJh2EhUeEp$7$ai
z50?9X0tv3)YY!|u@Va^qvP0X%)j6pJFsd$2^#44KEY9apPgBfPP41CwEMJ=)P^wCn
zupz_N5gx`IN-J%MtEPb)PRD2TW!Ljjr9Ti%XXo4&47bZ|n?3-qWp}^nK)GZ2qmOSv
z8_LG;(1zRVDUo@~57jEFf6dd@XnLWVEXLVFTNHyc8_S?jQfu0|I>-D@3%C=0Js9J(
zCCX>2COU(!XKvLBtB~MKmBAP@)yvLUQX$^?ur;>EVY{@~PqK4S;0B3!$kTs2u+Uy&
ziNA-};x+dz!~9r5DIZdnmbOzT5HlsQgt#61&$F(&z(qUcr^LAQ<X{{*2jzfpmTH48
zKGzpLCEXQr+qBc54|{c}Yw+1%>!)@agWx!4lE~m`s7|U#S)bh<nNIPL(mJ|dj4w!h
zA_hhyE=p}dP@;{c!hy0<RU(tOF>7}HSsiLpD<9mq1I5EsAWMK9hHJbDz1Fu~|0E>W
z3i3<#=L2r4e!HLE0WfXUubTEt*9B0mtx?Sl0Xkh-1!!d>$ar?JN;fAh8Kj3!NYk2_
z9AjK)Sevs<3pLA}0-1-K-Wtj27OQFN)D2}lh=wV{mw=m>1__G#LF9#xk#`(=^PrvK
z1@2T5HSFWiVry_(|D}l2V433pSojBFXi*oyiP(*56x32<KU|!ujl-{nG6)YAr__Zq
znvOKheEcLM5{al~m?B_<t1Hdu(`kwgR`#n5sTgQ0(XLD-SRrk&60bQ>y<FKfA|+sz
zJZXr{Da@KZYjUVY`vTgrbnoMv_IX>%mbEmx@X>#7B9ssPxR|LoD*k;NcKO>rtFy#p
zDStnwTZIRy!E^6NUu$%7Is_~wA&vtTErUJ9u%35xPg^5J{XT!8(96S3bHgQSI^&Ho
zx#QCJz){?DSu^7m=5Yq2f=3jhYgI_u7V8Q|y*#JCZ{NfM8L#Qjmk@I{-2ImTY7e+%
zL%PR{4ni#!!8S!)3fg)1M$mzn(Q5jkJ4bs4gbC=ZuAS*(ym~(zLn;7WXWCqJj%37e
zAJVOc?447M<J`Jk=}MddF`%*)nw01S+=kV#J4qO_DHoUNJ;SX7HYKZ=()a|w(nNy3
zj)rOp?~=f_MpK#D_4%IGX>AM+wTqWUa!xKBIC@sAr5d<WG1p0b2idOp2I-N6a#BdN
z9k?GWr-lk^8UvMcIl;qk<Ec<+C4+xa!Snph(u}CLFB4D6e%@pO6>=KK#^a2+GH9=z
zi4~0TGfoZOzRW2H4V;e$s&oKd!<DT@rb6kJ_>Y65?&o0&2YN7Ba=XpM8swVpAOWuX
z(ZZ=t3uQ2QDuYOitHdnj@&az%LX7RGlekUS2*%3gZc}pDmN;-3pX#0sq6byuskm=d
zT}#B~MNl(}1^}t;Cv3264L$@AV7JJQ^W$1ICD7|Pt@=YdXXl^q@ZJu|iQpSJl}9Z^
zlwW2a*E{`~q-t;eclPWt?-luzJRk7~l4#(@NMIfMcI0~SO0!b;@46l7*bP(sbSpqB
zh)HZ*FtIlJN*74Swl>I23bpTs?;vNCf(qyxu3MzR?kNb;$97M#fMNElou70-bD!<q
z;g|1${VH=nI^ltsBrfBeyt64=X2>WGQ>}NhD%$~WZClBcO=vYYW-8CMn{M-+_2(gb
zXeK&;RwgSuT+Ad)Cz%i8v3YW}J;k(KI^CwcIGg#MMOv<`(2%kr7305h<{jP@KIMt_
z!R2J~WaymcZCo#skz3iB#UA5wy7re$?A)rr4~$Sm>5B_dkp|hv_G2E$4m~wXx79U`
zryz2h-A3(o>liL=*rS(QVH?6MsDm5y>dxx0-)~awGydrDQ{b|cMeUkGK0SN~uD-a|
zfkl*)7gM=eZa8fOyONF!%{gl%-Negwa-f}<>-x1ugS&=~Um__DhOo;p@SZl_{1lmm
z0PbJd)WBb(?{>YN6P2rzul^Op&w^srE?7h_%)GBw84;6KyVWS`sPt*Cc?Kia&f8$s
z^x$tiy0iLoERzZ0?zge5q^wK^u*&6#7V}!xdkw`l)kyl@T{xmcPmXb>DiH{Vk!siZ
zv1GN)-(}B@)1yah2J|Wcokk(YZrjFayA81$ev5g?7_OD7N`o>-D+G3^(#ip7sOjE(
zU672$9(NarHlz8IQxbk2mx^Af@>CkEgdJi?hN+&nkHtGA?k|M<pqp<__^b`@7rQdo
zjV(D7Zjc?_a@V!#KnEuZ@QZGQes;W}jz(*96Plm@SQat95t+>*>D37pZT+IyUYOqW
zln4}=pq*lV#|`Zj^XS}SM2buh{u#j1So7&yx?KROUPKq_Wk*Iwh&!wqfe2LQr6msu
zUTVj!R=|^=Hat*cts?;}Xt2*N^6`%Uux)SuU1SnJORjeAaHfmYcJaCC`%shTnAbP%
z-{rLc`o4$w(~4S=iH8EFpdMx>Ib0Yrgbi_0J0l?#K!ChuHhSw^;DVJnr}OgckvK|>
z&=tgR!<^<zoYpV1S<hmYWL3!&aiqWO7Ml@kUVLUc&^!as4~LVJ#d|^)?0d<e;G~&M
z%+IBWo(ub}4D?HYh%D#CmXuu_EOU^84S(B=O>x2CuB3>v66&`{M%r6Rs`4?GRSoAY
zHLt0V9cRbWDqltRh6`s^G^r#BXp5X$KWnEE_mm4{JNgx>69W$bju(lvKfH9Uw5L0}
z%gWR05&^96c1W9iiIvmw<nzmOZ!xc@WSs|+7Q5tQxM<bV4p3UBW61}A;6)&$JQnUs
zE%cf0MgSv4!zAvbgeMM^*g(s?Z{I!(b0iuz=Auw2#!m#Om{wD1=kQF`W@}_At+lzA
z)OivCV?$lpu9Kik6{~+mPK2Gm#&{Uw^h*KB`Pafp8XB6G1kt|ZZ^YelsPc3RneoQU
zQ?6(>g;OZh8dO%p;JLItzJG65uLiByqFxpJrY{&p$yMHK7#b8<G+N_@9bTMb?+L#o
z7i!%QegTBT5#Kc;*i*Ydf`I@~5F4~xAdUzGB_e#g7s_2^z>PjNF%c_Z)wnu06cp&E
zRV#CA7~?n~&|%7d<*Ie_IpHmq-CvWB_U`Y>P~k4I?<*i~uCZ8to9X)mbxjHE06umT
z&2ctuN#Jd9fbEZe9XZu-!|If<)4gv^vLOtf9v+rpy5(AhO?15(G4ze40&N}d<Z?&3
zu$qOl110qzHVN4as$4aW1B+m0{C7{f@iOQ?m6bp=12P2rJtF(UF*-iQD2^8JG*s{I
zcngD~nmJVFMA-!i7YK$W)ubEQ``$e}a+*9`WivnQJ3KrL`*z!sYr;oswpTZ&dmPf5
zA*DvKD~Wh5+X_d4ouMI?cW7gUk>>n$y=)Ek{4!{_n&X9Mz;xr|<8Iaby2!Ac?0--q
zjJb&p#G17q9TuR8#H@kCVW7xj5+Ea3tJ9sQgOAd3X#rq|Y3I{>-~RQh6(E|y(h}<y
z@rOSafZc<=Jz&gEV@K78GT|Q7u91n}*M1(MjU6>+vw#K^qJScz(fLN<pgE&r5c<_$
zWbt#X-hX9!Wxi$?Vbl5sM7TlNfr`W7tk$0#I0n?Mx|J+GlD(^93TmV6PuSV`872xG
z1QnHH5T{UXe0*JUMvZaqniy&tKj2p%LX-*nfaHvi;_T}zXB73(&a8yn1r5Zl7`y)W
zDQGmh60R#VAz>)!c#6G8Q!Fp+xUhV!qg7xuFf@e7Fy(b%7``J3R#1v9j=~jmh+><f
zINM;-Nh;8lL!*sB%~yjfpvHgqrj--SJMLA5`y6C~9`NpfoDgx<>@yJd=OPgi2$Zwi
z-dPaahcFI+2gM=I;hv&-^c4?+Pl+8S*}#k!i}2g}0DI9ZcfG|Bh^Bf|zxAH*YO9ub
zw?z_u+IN0f3e9V%I{fOqn1+3p3K*&g=3ieLa-bHCp+0R`M<RSZ=+^r|sr@}*;7~?L
zAjCX$ootN}b?7Tl0@5yBF~$#iJf9mV@*D7~4V7Q0+1;5hwd?Zo^u&iNq4_4k!X<>|
z*2-E~7`;SNf!j(kseyV32k`dx&LyeJS~Y}!62NNO4Gvdr0=CItpDQ1so-zcFQGFOo
z;V?WFLb^pWkWDSgNGe6y3btr{&q`C{?GOzo*o_*K{*M@d>B~K)zPsM$pRN#9*U_Oq
zZYt{hOZ@tEFd_)CvfdqrB_JEaZ&>zbj>PA^Iy+Vu(#33)t5F6-7yeDM#F8i*s?hXM
zeF!6JXKTIgZG9-od2^LXV*;Azvdo@H#1%UONe&JaS7k6|liWWKk4SYvPX74u0T`1N
zKj_B|eyqaf!h;58`dok?tAYCm(eQ9%d5SV6ZOJ3<$jR~X7*Utu{fB5wK#+wb#bvd*
z(&rBgJ{v?$0Usc7ph|%2AX{@1s7vJpk-2Z5WB~C?z)gkSIJ;YIE&?~;3ZM?h+D*13
zWJca}0M+?ZZSA`|!DlssAn$%zCXr{HMMm9f`{sW}K})~i<gZGq!&LkBRKZ>XTj2UW
zvYgtJYV=BtED0`wZ{ObAw3#%i^P3*D3yY9&pVdpb6#zQX<n(m>6-|y6wxbSsB5b&U
z9p4d`)h~j8)}5{C5SCZvyQvD>Fu?c^de+D!q&5lct*sf;T?$6Ka%HLQjo1=o*Ez77
z0~$*ZvWtXWXs~!l0K{U-V+k*K4a=<YkzZR{RP4E%RFQIEnWg+lC*yt$O_Fo7Ol$n0
z2%9T9QRt=LZ-H5{{0#vboH_80z!HZY=o*9%4^XrH3KTW{&)1P_F}_>BvZ1?TW@ZN0
zC~SAqZ2Ll?^ZqPBuvz{~-Tfi?C`8{s%kvL|_~&eFsQ<q8=kI?%NCTGf|IIspf9sC{
z;-7^DM%dm&)1RH7`RYtF{BI-r$7(LUtVD)gNIMfPhN+kP`LF*{2|mmF-&9PhkTaCy
zD(t#AIxqKwxQBt81Q+*v>};rHQS7lJo_%QwUC>xn`ZC_)I51>V<pn)x=ULv$kt%Ps
zf5UiZ1-lf{SNJrDioWyh&Dxwwj{zTH$9~%{&m&A{7w!MfwkL+75UgH*Kl9^%Si}Ez
zWm8W3$Hx780RNw7p?vWH8up6CngcKsrRVnCgMIlntx4q~I<hM9Hv)9_f!N(2Looq-
zxZm*|5<;#kr{^UWD^`T?9_eRzd<<kXAlqRfo#wd05#aPDXD>WT0=e%Z=OyHIJ$U*C
zMnFIjp25(n0|X_j4jam^ob2IU{_xjK3;+VR4K|nV6ZBtCp4@Zdn)e!0xXg<!#_@o?
zdqylBf!dPfEsI);rkwP`VkG71EMNho8r3=gvswL<L<Wu(R6S%rqmak*l!T`~(U0L&
zw~G&bfnL#nw*6=O=%t9l1<*!0)Z*-I%&q{!;a_dqb3!E&A=Xh`c}r(T`zG?xQ&6~G
z(Id#PB!v!~P<l8ws1iKKp&FmJ4+pNUCjA%TqV~@#v~&Vc0(kT>gyatBK;K~tSV_ij
z=eqAy@ayhfBYp1E>rH5iThdhz+&LQ`z=i;|q*2;CL-<T=BbY==5(D7j35EbdG5eiB
z9i&K;POV7{d#ZJiHl7iVuaw9aJ*AKI-Mkt*1NK43Q@RBv!CQHj9FQn%HCV+pCpoxY
zXr45I>P$U(Wl?<`wP9{LD{^dpIH<8t*tUNmc&=>#1-l)d_uv!Hufo$BmL^&lt&h82
zVTG-VA(0mKA*id~*)?U<cw$zE1?gR4`32E4Wr+m(qcc$mv3A&@+R)NMp_JA?SkF~J
zGMOJzYopoo+*7xyF*_a?6m%x^G-v1=;c<W~kePtN-7vRt-q^3`5irAgE+DN8_A~Kl
zeRyB`Iyct=p18swV!ynO>;xR31qR4?Hp;U+mVORY+4nH0K6?B^IUR|tEAp$Ag$e^*
zZ+_aV$bA~hM-4N)WBoR=gQ8g^eQtNdZqaSe=-IV?%7uX;m3iUwjn=8%L(O%gn(Qc0
zej-b*NVo+AU%*CL41?GR_R;rCd$Re#;2?OWmlO55uWx>X+H}Qlx_inf>cF0BLRiSq
z716WZSXZdH<qo?RQ0#lEm{b!bH?3lo{H0%fe386;=u;Mw(%P^pazjm3Y!!nvxlwzZ
z9o$*aDQ?D9UjsQ5d5Vz<B58%zzW|d^etqvj^Ji54RiAmH06cq7P#VvQfb!WrBY~A+
zpGmFnrNSb&nK$`<JJ)xoWHZT5bi-+F2IYtt0>#&ylxuaV)*WecPoBIC>-AeMC}rn=
zt~$s4EJTl9kOvbH$x@l|qK&XXnqJZOQY`zr#k+ecw>l+#p-^!K0`mjH#4jKe#O94_
z%-)G_j{kM;`OUuOL67%&sm@57Hn(Ev9-<=i4a+0^>G<^-Kv$aVpD&u<M^Q=XLS+)Y
zJObRiOMOpJ>moD7Kl1BWD08#=M|%s~vdSSiIWsNsH<V(yz{aB7^%;0Bm82V<0Oeqh
z==}6FSLVf;UYGU>i_4BM{On{!a;YwCK7&o&6F+|F0YTu~0&QS2>&++fJM-s3NU|$3
zu6sov#iq~+4-}w0c<I>u#VEoHBP{YO_%PWu7w5syA!yYITdMyTXYU!-RMzzm>o|5n
z9Sb5&ks@6|K)RJ)LzAx3q)RBFqatFXhK>P|-a9dbGFAvxx<EqFgih$a{a4Vr=YFp1
zeclfbUvwCV$vJ1Qz1FYoh%x*$Fcz!l7tp-!?bGF0l!}C8-DN=-2|#Qf{TTEZ`35D?
z%ojj`BBa1B;ZwK!wmO>3%nwvHsM>Q8Y1v?}9fNO@VbqD1a5=pyDDhM`^Ntp2ySeva
zL%<-w{gghi$MGw?fp!Sg7m7@$Hn?uldlo-H1cRu#{xL#U)??)k-^00%I0!}Y_TY%J
z47W|_cT}oYsV;)76DG9^fP$c0s5p>_L^8gEE;Tg|Nd57#G4Pjz6|a|7#;ZO_&|OdU
z*=T4<uh{{_P`z$;T}1uUw(PdKHQPGz`hh*5G$?jYouxIaab)$0qIXrt!61=B{_43)
z_Qc}dL*CR8a2-F46=_VAQGkBPtjh1gehf7Kg`57XRsPfqH$mr+MHgNY0lK+5S-qvO
zDgVj007R|3*saSfnd}%D*l%pH$K2G9Ey6^$nyK@#<;hg?2op$I?behQlmuU<R*DtY
zkwnpOS5Q!x;-Vq@K9Tc5U)ADE9ZB-dx(nOhr~Aq3A=L<%WG)`V(%3ge4>CBBKe*W_
z8(}h1yKX5VGn#8lx5W|L+^HDUZBPmN`auidUv)HUPfmruCxus+%&h7rK0#Wy-VDDH
za)1Ra6m4mCK_M(<kC7+CK7}zGOUuY~dg_A`4%FVpkT>F)#I3>FzDF69PZsuz<D&bH
zva-+T8etQshMwK*gaifBmY1k~N9OIrPN<_t;aL?h!j5UELBsP+J>(9HRQAM^G%nsh
zeO5+aL~6i#2Z_Sk(uB}{&CP8q8}baVHs-2x{Sw<gggkw9+aGf@8a?bW<QYV#L))tY
zN*PL}{vjaa3S>@cTNlPvudB0I1Wq>@3C{p654tTL?es`Jhrax(%9ynQAf(jToh%G2
zIJ<HURPYBRLEyUeT7Uh)nFHs}o`tPyV`hrSriJqsE$idH%Scnqa<MpinL)^;NDikh
z;}0uJ$h!iRUpitSkSihnXNg`PclHBo$}@FOv2+BK_^;%d^x2-W+C*~x!y$I?A>!Sq
zJBOpsUH^lLU;@;8srp0MZ0lB|n7IN5p5B7$`Gzgz%w@zrN65gCLewkp5E5B-z2m@@
zNQcxV;sBx!*PxPfRiD8Ek~;kWdnD$j16(W^3_+5vimx=F*9pH*6LJ25e1twvOJk6J
zTlbjDu4`I=&&J{X5dP4~i-Rzn&5_4ygkH=oqJI`JkLiqDKNVKyNcyUILV_V`8F@Eq
zxgn;Ylw=IDx5zKuUMxVy*&9o*Q+*$R1PPI<m`qbQHumb8XaB6M*q{Hs(lV#wnZB<*
zFbF<x#Qh)ZnPRLI;IqgybeehXI~UD?q5<n7hutc#dQ+dMwt=!i3XM0yPS-0bLy0P-
ze*}spfMvof4WoS-b~>RPM&gseSFl0qs#^<`gA!k)a&3|Am=$uwdp_Fh2j0&S%IGIw
zYR9Z@+EcJ(g5sqsDd;sI_1}zGcO8SZxwQ0*>1D$Z*GGa0%zKnSRZZ4-*(l$gSL(DF
z``#;|p`$jgbfrM9Q+<o?n)2>NX=iZThl5YVmm3d>CMu7ifiPm#gt&||khR2?M0%!d
z$dtb=DDk;&9dvMGhZleW+DGj#X}NNamJx6yPR2Ta{9}4Z@?#;ho(F;wxpprS`YRTh
zN;v_RlmQRi0`GeeaUkSnw7T8DsJ7fK7?_Fr1EiUqT@AoYroE_-T*b#`WMtU0uGPF^
zcTbXP*EaLY-E|qJlm2_MiR_INk0XIRf}|C3hh9~G$uR!74EI`%J^~34yCdR<g^44A
zwrHu}Rpj+{nV^5I9owcODf~iGMGmIyJ5|I)01qO<2J6xwKAcgdMb^n!Q9E}sT51+{
zPNIx-$KDc7mFRkiWSH#QeJ(pfYOxhOILxT0l|{^U{z&cuxN01#v6mny3Ti?d^`?I2
z!+ZNnVkD1%2A|TBBnM8VUIn+(HtL6LxwoKFJ`YmS@%w!srL;Ba%cbk~?*?%Uc@s+5
zVw4s(jfM=`Tyviz+b{})*<o?EmY#)@!u%G(c)VaAv2h_hsl(+^2AGhM9e;sRk=nl*
zL<1jfbhUHDv!|6}PnAdq0BesQ^U_inkGWnz@r4wu1vIRrpB)U($L!6RPUc5I-~igU
z4%C6A=f~6On8X~5xp5N^-!!DRCrJorKCqY8aW~h^9XvH>DkDfTv|o-()J)!b<p)eR
z$d!ki%-(Kt`@>aotLD)4U2Bws8eYE5c68UVe6qSs@{Oe4TSF&!uK;P`>h2!>^A&T{
zLdX1xNmVLrFY%C(GnLYkFSEAJeTH5hdH|$YEX;;c?NwfzU%x&?lN}e%G;D_>c#<uz
zxexuY{IvHz(v&+R9NCC;a}%vXmILQ5{9?%980ecpP(XnoDnmrGNq4RZ7D*YW?JS_N
z;<fVJmy;jt&|evNuPU=T?0Ufy%iJLeEzoxzv5VF=JNLC{<m{czkOuk3e{m|uZv|Zk
zC_?vfoQO3+VN=a}0fI<&=M6mesV0Z~UVs-C_hX0NdJIo`N_@ZLJ!lV)pcw1?$ssaz
zA<kv48lX|QG9c8jm^yori9p)edpIrC{qV!h*{c9}09dE}_*|{ZuIJgX4+-&>qpOOT
zA3gON4LhO}l$fbZ9q-H$G8Zz#*-9?CaG-jR-@?de*Gk=?Eibp-S?+&jW}32&tG0pc
zo+%Mbb<o!cFc@rF>p}_*B>7|sAv9*bu|0(OxGh7&tWXn#rD>1!1NL?4*#S=vL0@Sm
zUruupSTd@wHNIO4n{y%`&gmPZ@!KrUS3m;((Ajx*+5fzym_3oh64cW6@x-P?k?ukj
zEbvm)e>&M$lL8!M#T0+nT)ON}7}fiEkEY1#EGIi}Vvg*Wu-Ppk`Vv%o?osW)R?oG9
z%bT1f0vip`{@VVdOoxCp5rVayzLV6GN`|SM-wt#^x7=pcq4BQn>fQawi67^^#jZ&T
z{&1|3px}nz$8$^<?u3j9P_k3b@@8DP_K!SM;fK>d(G74~M*+TA8<M2S24zDHwrk)l
z^JJ1g0+YqALTdyLj>Ut%6?yB`3GU|4O6bK}Q78=HPV7i)I<7(m%2V(#yV+(E`e|s5
zMe`d@c!q=M*)E$n1C$ygapcU^i?H0)eILhqWaVPSaoVYc?ggp=!1`@?3faF(2v(21
zs)TP3d2@*1SOSk^uS?M)0rRHd%PR(rkiFPxBGl;r+6Z~Z``rOODCr7TAGogZQt2KO
zr!JDl@UOO;X^_@>ySp{$Un0NLN)Y9``eL2S^2`cY1eWC7HT6&F<|DosB1eXYy8wht
z@*CH}I?6CGFaUf4(&PBkj_{QG<W5r-fw%wkBKk@-luXrrpeSL5pA^~(C};lzBHkG2
zk1`5J`bzG)r3;X|5q5l*1={JLZyMuk-)MPw>ZTzKNRKvFQ6>t(1b`z-<`vh`!s^Yn
zk-G2;fOygvfy=}h6YCa}u%Cut!J$0pOjXhb$Q^Q)rgYlfua&!#)<85w@Eis;ZdH{L
z1W$JNGEPEF3&_K>dT-H(IP{ejXlLZ-<m7<hj{X%Ch)CP+9DTED^^h0Yp{WpCvF23x
z$KFG(AT;Lhg?D8!m{0PiK)jy;C=_6*RuN6LEPeHAGikp?(^{36d?9nZl<Q=s>@z-G
zU$I+4Y2L>yp<_Sm*oI)M<~LtfIn=<BUJ^li^~MZLNVaGECYDTkit3uReIr>SeIn7A
z5R4?jPf2D@(fbC*OEJ)gChnm;VBdxvUUk`f62CJp-+no+#J!)FNoG3r^~p=blP!iw
z>(#ccbcnH#2h^m);U~XF7@2sJ9y!<TQ{g%W-pXMJQ5!j!u5e4jr4HgUm}Oa5SSWY-
zxy{$`U(X&Iz<JjIlZ9A;kUjL47q<ojB;Qmww6~W)<PKEC-is13Ve^OVLcj0Xb!*VJ
z=ORDMhT0@7>@u9(cVSHdgiySlB<}ygTA7CG&^Bqf39Ih_69+p?^U}kHX-U);t?_{o
z;SG#1K#8zk^%(u>KS26ucy0J+2_D)nm^32I4FFQ?E8CtWv|D$<EehP015D%em$GeV
z<KVrycS9*>jdZTan+s{RYaYk5-#+%|t-bh1CX=U(CQn^%<%mAFbo$hFt&@eV{NIlq
zJ9Z`h*0fxWlk{@4({%B<uD8|8o-)$FPDr>|DY{FurN3qtHB2x5`t@s@X?Z?L-^@ni
zx$w%<L!NdH4m8Pd&mn^bZrvQe%_ec)2i}gznD}T}$l(DUa>Iuzt0s*Y0kh=s(EWRj
z4BZ7mFa7#D{aW$Rthl2shWOso$f{EKRE%i-w0hUY5;M1B`)3{-3*;n9C1=*8PjqE6
zt6{lvax6Q8Md|z&Zl}n@I9TPuqrBPF|D{v6dX&tz4f-qq@Spiijrs`zntHQ3?$s$i
zE;=$^rMjg=@~y>U6)m3^z}>U`Sr>i`exQ2wys6aH*lZY&JLUAeVjlBh;?6)wPWKPW
zAPHL_V>Y^Lref<>BwCvrITysf>+hhOGP)Yxw-Wn}0P*^Je>gEqE+NOef76$c{o+Nu
ztkU()I)#?1H%q5hS5(K^YrRIl-MgR=TwY$z15+VX(asaQ2GZNDKgz#m<}}ZQu@mZv
z`Tc^KK>A$;w1BV*ZUqaWpq3MV?(#V&=~k@czZ>CC3dc^K0C;d^FhWY8#;E!}<t?a`
zh)Rd%mej1>0V!^$?GKe6vm2}P`k9&^dVA%;W@RKRVfOXz{rmSF`?mrevuH5jU=zl(
zI}4pQXip17UU`fDhc@{?W+el%wu9}#pYVD+f2Bz^|4&)T|GWVF`7dU<eHRq2oBLc`
z=KVI;WIX2<*a#0mS;n;|R@$>zZyv}bJ3G59Y5%Q{-p6hL+d-(W9}ktQyGM)qsJo45
zZ$qQCsa#wGN{W@fBUEoyF-<XTF+H)k0eIgYF%kFyfB%jWYmIs9f)s_&E$t7{G!T2q
z*;!ww2?(r?FqjPHSf6S_{}=Ayxv_F|?kepQBLhm;84se+{nMp_e8oe>s~h6*+53aZ
zf|nk~;Bc#O8z?lrS=k!5MxtZS92$cGejM`#gPHDEi>wa|JEq^g8)5F?AYhp#0ZZf6
zD_}uPK-l9B98}rlSi3cmxX%#23=CG+og(7<u+tviq2X2}JPKl=p7fvDchp^90s?(X
zI<lvxrgWQtlt|^`pUe#i2nY-eT(|@xbMIwD>fFb`S5zu%@u4hiSsAI?H)y=+?#~R3
zZ2>y)5LoDd0e)fT%wMNY2`oZt;|P#=YfDpnQEgXwcno;iq&-F{6bEzj3z#~Zjk>wL
zJqNJXVsRjCbGz6{fF^23N7RFoD`$SJ_-uqSwPON^iBu#F+ujHuA6V~CvREc+&scEJ
zn1OoMV}FE{IQB6}2~?GoSR`FzaX3$V`#0HUuq9NM6&J(U*anv@N!s)5*|WT&(b3UA
zYc;~+V`IM$4&KcwDk(_-aBHL)15AhKwqHeQ<dcQ5i3utAPoQpXtUC!$fZH^#_6h7i
zle&LZXW!j>_rhai7y6uP2z{{K*R=p-ryS4_lVTCvmH;*>9px5;C%Nu8PhVdjXt8kc
z*$^SGrIU1jn)&tcS{fPk!F&RAnTo{4i;Clxmk_Md-%Y-91!|?p=jf={w`GKeY5)hB
zX7Att49R<7ej5%@w0q=_hMq^r-TV0YdcZ!Fd!P2z*gs2+z=LJ4{%)zyiJfb6p@<ap
zre}=35>_Nm28Z{Ujeuw7^9yuprHl33NCqKOehTPUbHE$~SK-AACBvVsDKd-snJmH<
znH^69F=`qucd(9ClF5^Rhngf-rRI`)945az&yB$?Y-^)hv(he<r3nzF+78c-vbDk!
z9`!`vPT@7XrEW6~3u%PJ!@+X`Tt=l2!Xq~~#gz;&1J;E_34Paia^@!?6E-ITA9U0o
zTUa;>R9uxePw~MN`QT_T17%JW5Z`Sc6I~7nJ)4wzHn?zEH&lg$oD7uDqNaK~TU#$D
zoOdqcC$Jy|Cns@C;!Y)Oy9Vh@IMyF0Ib@)QSz?<0*!9R5LliK6|BXoW`Cd2#1V;R2
z^JkIX3!}3uvuuC>b-m-O68YKjCF5mYUf$|<wcmzwNe4WRic-32COS+fPE3rBUK9l{
zTUS$e$6|JNT7_accuD5mVMZDnI*y11_P_KXJw4=M*bG$r!c{1HJoeSXdztDTT_Dhs
zU1Ycp)@@g`l&4+dm>b~XBr<ihHKq53w@Ng>))*Ox<%MWkK^42n4m{9Jno5D=+_`Tp
zElD%<yZWCVUFvu5A<l<v^X@t)ewBf>=t1ib1`}S+#jWo}Kd%OzopwMj!zbZ2Yxic6
zK;Dua|CW3c?uWK^d+E|R(lF{X&!=Z}G4b%2c~OnuM}$4p_r7X>cQ79a`lZPpZM?JT
zg9n)}w@bOT9>k<)$J*08Jke=XqSEshFLX!BWPI10#%}F%Sr~0CEG*fF#zVnU@q|{-
zKva)0?bWLs06@((HN))Fb9WZ3Rxg*d$IJ|lK!UoGIyfw*X~Zin&7O1K1~&u^B;ltb
z)s>{A2%wfD0Q^q<6=>ar6((_wq=V}Z?@OHztea;zIKAsyC^Ms_-aM~NYI@p<PRp<D
zR=X>gE%c%yytYqCDJiRarUWocx_<xrae%37mRY$Y5PYmP_bagkOa<l*cKJ-6yiBXE
z%ymG;_3NRU#$CGiE~qwaqWkAjR_Ro#i@5vbRSk^-Sjt)Pz%45V^NV^E;_D}&PC?_5
zr|wWvULIW!q`L-8c&+blk4u!#&We{tDI3`CqdUt_Szm64uv=Z#^l{5h1hq3qAMU#4
z>>^~xB@rz<ugX9SCkGpNA@fkv{RsabpAR~SScXAYH8(eB`u<_EY3zebxb^v#nhv!E
z3l(nINbJAQknqbEBB>Bbr_|Hw_9!$obm{eBA58+OW^1tkSmce320c<eIzxTLb4k)`
z;r)j+u{Ea%4I}K9aDv454x4uP*NieX&!5n4hbM?C_i%<3Jmp8Myv>PvirN(xw_$Em
z7nWSmb`yy_Bw=DjaPkm5w5y=5)>?UUZP6{D1SVQ$sne13tdQba<=rA%RX-S}-4?1U
z{yI3A>B@skDC)+->mY;0!O0(xF7cj$1sAg%3oNaE?wwZu_M_YWmnvc;?|r<**v0^`
zj@T9%t+7Py^IucF16en(U%%$n$voFoJgxk_XAy)IK02=UAb5OvT7Z|%swolOgixtA
zGt4twggLd;uA2&);|ddkV3a}U(p1e{5;IZ@DenAZ0Og<^j*fWaQxKrKnIu#AWA>+<
zUV$m>Y!3JC4Gj*yP0T5D8t{XzHmj((_|SpxS%R<KoSnntVF&<=<y>n@EsDxfSHmwL
zAOPUVkD<$CBJQD$nBT@zDhaP50s~;#TP{gSd701~P9CUfF56iHSRCWpU#;xyq@4OI
z?e7Z*1cSU0+f`DLL;`%P^97A-FDxnw|5~gC>zSYgdC#e-WWWTLMq6*5j@(RP{T$vI
zW|35<4Dc_<6c&u%yb8#S@SpXiV<N?dwwqox_7V8Vj&+bpSSD`!`YyC8@agCIp<2q@
z53!#+cWH7`f}Uwtzj<%2lAo9(ksQP(UeijZI^GwC+gNP0qH+A1Ai$Z5_Z%GN+XyC|
zww=P<sG!gdz4s4?pdy;R_wfAmEEuE}<DGbvp3K#&3*N0{$CT~#wltNb1F~Z^WBbj`
ze`b!}aT~r4x5^8wB7IJ^u0qn1tS60OQh~dUb>yD>e*9c8B}3JrgQBnx?=>?yoR^-?
zsS%jCYB?dMAv6uk*76Td6{X-0X%@CN*4^R{yAz*3pNH9ftSb*Mw#%Skl5;GWOn($P
zRAMQ2jMjWOJ1@@8YK7)bLB9d*P>%qFo!KL~70#Z*W(9ObC;8>;7bJ#<hclN>PO+4d
z)xF1996QffY9`;99}#*Uj6aJMUYKyI4nHfgtDzrwtKvv0x8lg?xva?brLq|0w-?7m
zZ%6u0$XM9}HLa$qcKGB)%@p}2*qF!UZJ;EFebC9#^R4f&8J~7y5V}nmGN!jdm}TqO
zbeihv;E<M#&o+!9X&~pbdxg^?@9x2>R4X-@8|oR#d`1}f^d>>X>;$>48Hs8|UW>iY
z>kb!uCoHZcfUfAhm%x^qbjFkIle@_fHx4t4FQRN5QqmVA@Ni3v3>L$&a|LTM-rI@%
zb#iqR9a$Gn(8bBaJM)440c2Ju4jCCqk<2v#l`e&(rl$Z3nwfkMap|%@apHsouiIFg
zuCJ2h)dg*tx=Q)}XNg<ujaO~H<(o)Fr3e_7uC!~|jnVhD6_;ehV0p2Qn`sL?fuI3)
z8~t{9UM%G7)Yxc;*>c;vM;N?vG(V@=x`A8TR+~`CnW}sXy<*P>jUN6qexvGl&;$1x
zWo$JIPuP4bJWpUzq;6dX+kmsHYiVieB-AUQjNF_`_ebD~VZ<*cIK9HV*LfOtYlP&=
zcrUg^NWo(jFDiGcX4732<(w6+5k$w7zaGOb@mV>oVEPY<XqD?+5{PMd{&>2xb&XiG
z)A)lf^ME+zMm^vm;+I9EZa}nB2TP=&>C1?e_Z^vv>W4(En%CC9y?2Q@`w+IE;McFq
z9s9OEg(grO9{;fy@G$*qAJ0Xh0R0zJCrJ%fy9YPbsjk*)0C;G+9Es!V=~)yN72pAu
z)Nd;eEw#E96-w^wYi(5`MZ?FnTw*t?6TXMOX+6vsxssu7YX?5}<WDtKUUIFMot+*$
z-N-m_E`}Qg`YfrrzE%J&OhR6^f)+f_LDIeS`HL#{?X4L9;EdG%n48ytSxIk+UEOT6
zgzB#A|0rhlOY`3(;q`A-ta{UDQmyuz_M4|Z9Qr}Y9Q_XK1evS#I40nx+^V9NCbp5r
z+^XhS)^qI%D^d!8VBRrOntF&blbF2@Ww)baTfj+(DrRqhEZS0tuoCWR#q@5hO{nWe
z>*grc{@@(2ZjXA|Cm(V)58qZ;GGdWp;TY9~P%h}Nf`I7K2@B}<TzalVNbL-!23#m4
zhu(`=uR2VHk-HdB;E4oaFnzLFh9aG+H}!ZanLG*<n5I<>=*hx8=o=t{a3WTc3X)PH
zbw8&^;Mo95_zLSh9MoO1hyiRtRb;KK6r1dVYiy)k76|&Ovg?x~q8^N?Es<G>_GFMP
z+j+Gn_%OYmy4pwocTgO0FXlja$|IkG?1KnU2eu?029c1>Ikqt_6hbJf#-79_k^>^Z
z=7f>;!5*2{r}^)AtT&si_KRH&sOQ4Lcxt)XBIg82^Nry@oQT4rqPmO7UA_K;gGE2D
zCjrCWSe6<*U7`y~Tcwca1@ML=oF@Pf5wG?H*bhoqf4q|KE8pf7b=<RG^uaexTlF^w
zY}&}vUSk52_V3Hvl0Q9D*&LxeYd_PMxklsSN@LP=8W~*K->dbN7aua{-dL?hz%=X}
zAaImTf;Yga^_^u<2n%K4Xq;3x%Mk+0BNXJnKgj@}#(+->CrbFj#XE&>*LoR%BY+aS
zG1x;Yh3Z6!{fimNyPjhSHG(SRbrt`9yvrk$5t`3bRM{jj{;4jf{zyC|qn&%_a=<4@
zhJDAJt>d}!Jbb+4Pn$|d(z8@@B#YD^AZv6TLzc!n$HvBvs&l439+3BEOq4`@xT`O`
zi}4v%_mgnXWf75f2&H()b2|hj`~m0uGumsN5@SX^LKFZH|DUJgh0?MPlXiOq(pamz
z#VTpX7br`2;J}qwq7qJn&5mc?X)PJX4&gqnJz)WHCp*|Cph(vP`Vc+03sTm*v$VPA
zr{*n6D+r{3?fzt1ZV>_yIl8#ZRxa8`_oa4SiX{^CGaJjGJ4ihzl0ySQm`u4uxSwdq
zu1x0zLZ_9RKn!M+yN(xasr0O7kup?F)=K%>b}fXfCs!~BL}mpwS_fn5-Vg~E8i(e@
zcqPlhwpbgW4%|v>d%KD)1b6}BVHp*9kmt?S<A^Loni2Ly_3Cinl++)^k|WgGCOM^~
zwn<|T3)mi0<tMbQv_Vc9d81^wX>-&6+omEXD$WS@+*@A)={K22)&=W`I4bBCc2(jD
zCd%WRz=IbUml<-RpgxQbON>X!`ELO?wZS4Oy<)QUMG$>>%ClHPl?vEidNVFT&i?}d
zRrMLd;#v&f$GK3Tszb*;FE@?jIU~JRccxUk-*|tWwE5eUWDnHj%0XQobfnvanBqN{
zwZz2A<Ge>Z@mT0$b1QmFP)W=IrC){jG1f@lw-VXqb{zo@w$j?NhRK^D$=i&7(Ter1
z2z+h?et!#9exzdn_i*SV0!BPcN2#lvoIelNwzKzclCW=tMo{RPEGbUy?yCACy~A7N
zi?JX_l3=bcG7iBbBRd^O-zE?V;dknVck!s~;X#eHxs_(baLN3<H%wN?81+~C?mu-Q
zyQYrv4Wja2Oo8Ho(Cw$=n(GsDTFBH`hAhan^wKA#zXJ2NSM|+R&{7Ll5KL<PLWI>2
z^J$=p6|-s6;kDd1H-#D?oU|J+9TSQtvdEn7NH(t(1K%MDHTbouk5g6k2p8%d$|>g*
zpT12`TqX$0$*Zr1hldle8>zNnWI_r`x7|f{L-C0-Fj<vwZX?5Hkbrd(f^ODLW-Glb
z<8|`wSJ8-zdbzP3)@Y)Q01SfJ6}DZKtEmLpI4N%2o*6$5)VL4OLG_GGObw534j)Ed
zeg3-gZMPq!{Rsy=XipE0F6)GiYI=Gz4vmLST*Yaw%zqXU$!x6tXHw*g*oC(dQq~OJ
zS}8KR4S&;8k#kpw_fQl4CS1p}`D>56J@WuczZ8EB?3+e1@mbK6jyJn{!S+FuYv}4b
zLIFDJ-hH;OXK|`OC5TFH9Yk1vY>o!PWm#25X!^33wLo2N(DpdZ0}K$@CY*?($EAW`
zL{Z`^YKd9jM0j~}pgWqY(&;os%@(y3i(R;IK|-v7dPs(a%SBB01QSZP=^Obi-~PK<
zkr$ky+0*fy^glXez=?wA3$eA9;M7s6wHCg$m>=EQtf=o_k5<#p2(ENRD%kHI+*4!d
z{_*LHajw+yaqg)%Qr_PCt6ZoSA*~sqWgqB6H{45az4$9mBUiK7|3+YAe7vZWU?7sx
z5EO`MSEK4&b6+&{$?GjU%Ce>QOcJs|vJOfx8dh)AA`8z5yMFg?#vPXBX_tUk1n&UW
zZNi=8=CCl(LCq;hjnhk^I2V5%7BE!2PA^`wZ!+>DG#+$ZD8q&prYi@&Gsdco^l+o3
zlmGZzDw1fkt*76k9hxWuUFEqGj~lcuk9QpcjWMrD1w>ljvu+85Y^Q~dK$WA3B!$i|
zor`Uh2XQAyHy0JH*xFpb)a!zyE~Y<KR(S3S^E1eh5088U(T?ruEe|>}X9HiwP_A9r
z-YPK0%{|Z%^5hHdB-riV{djXtVw`?GCa<ql0bl<zzjh!@*<k#Ye6R(_ME5#jw@P)+
zrwi<sZ)~em<WIe~3q8{3lv2ZAh8pk-Fd=Yg(Tk6Jo`tv5-~72_p?A?^Od%6O`03wT
z7nl}nWygI>utzq-dVX|N1_yN5fWo$~gydqk8r6NOA8N`L^jNz3C1)8KmC_`CUh9vK
ztqadgUAn|G_4J{{<k;rpi!iuU9Q6<tcPfy{xDQJ#JJ|j2W?mfnLXwy9vm-R2sxa^^
zR%cbIm9?*<B&>nUq6`YKWzEZ)0wPhq=NgiGe*bEP9*SIqMQJXBhlav!^OkBv9-|0o
z3)yhZUygfh|Gn@sucTgeo8>$9r25I*^vnp_Q9%a0^GB44YN}#qOctl?1}bmAdPY|h
z3!##gKya>RB>DA%5dcKGiC2#o!_X;lNYt*s5>%o9#%cD%F?Z7vCu{sR*~GUkW@J$n
z_j>l#1h*wG)Sw1-JEQ^DxG1-6TmkcB<p*g;>p?-Aa}?erANIaPHQM1zL+MTN1P}22
zoMLsBb)h{YJL3}VDWP?%r4O{Chy?MPvNFi9v$W`XOZ_PZ<keQQU^WGS1+PVFUVcQD
zR!Tavl&g?3odjccq9eEV(N%`6+#VN;xwOs8S*~Mk!q(wQ;{{tV82GJHVt}OpMR&AK
zZ(LysttX1Ax3~v~kR3fDW2DD|Bj*@}IBq5QX^JWlc--B6Evt~F2!HE{yos(VJeB#n
z45x+(!y8?F<gQL?88;*!WJz(iu_h;Y?y@yauj=Tb(qz9739}G-Y!3NwGy^KLbB;Pj
z68SuW(GW1RvJrK~>oR<WaA?!G*s%(79d{5yLLM5XLRgw+{`0~8HZuVIZm+X<S!>)0
zeSTGl0*#ezk`?G)J>2(5Nt|hDHPM5#YB#rzM%Yz%n}*~<;4QS`pm$EmWgl6;WtD-v
ztM{B%=U)KI2sE4qy$|ZIzbw1Xo8?usd_mhpRO%k>r9C05vN5=5pMz|mGP9+H3k`f1
zW{CKyVry9Ofl&vEtXGjn=`PzERL%eFr;qz7U{Ji!v?zoRgqdkDscq(!Q0WDe=COT|
zztz2eub&eY*kn<LLpjcpz<vrz5$@CdH%T*8I?vYqDSLLA#=MGo2c3lJkNmw!K66UL
zQp+@6fEJN3UH%lW<TPcBL;Vp`57_W8_TZ86`6<7BHW<OFbajB!fB)?EC5g(vzVj6G
ztxWF(LF{k~<op?``i&m|qY{Qs^uhQ4c?GYY$^G6fQaulQe72bWeG#0#t)UluMAB#S
z^43Y|o@+g-J$Dj04*$16`BxhBZw}*M1_RXDG^O{>_jjlXZ~skg@pB{YgFD~a`G=pS
zky;erCqy!_j&pws`!K@<@91|@um^|KjKFUoTyev6=XYqIj1<J$M@ei{XBgUvjM#bQ
z^|wM1O}f^7V;Ij`%aZ@RJatc$3e_Q|NoIP5W#@%=Itf%Ge3+ltKLCIPpUp93>SUrA
ze4gK-!Tp!z9Q)hg^gR8s^AZxA%ixSt4EZI8r@dopl0K+Q0mM4P$mqLfBfyr#Gsbvy
zz!-@Vzbx@Tei+YijG4L8ru`_pwDgTm#p|8SS09G)!}*ayd9brd?LnF0S!<lOA4APs
zoQ<0sj=&qQ+aIbL(RnCMdowf5;V-gP^|xp5eg16f$*|m?*LUy<nQCcaAw9Fi`V*`Y
z_rEBcnGN)V`Wz#vJ5EERgEt~Wi6og+#usqxrKuoJ%AH>^Dnl&^V84c%8hX|Z>Q9k0
zn15(a>xH@K;7%3l4UHi1TV=yJQh+SHdKnTG52G~L6Aa#7dkprcx*vcWid_~BhVB8M
zPh{)kVV<L1$;uOdp{X_$aH3Vvp9%Z4w_Su)QgTuJ^5t-z<VZPiokI|CB0jQ_P8%_8
z-G0}4keUrxTz(z^=d-nJ{tz`r>+{8nmLpuLQ5+?t;H?CB$6q6@g#=>JPw@Dlnr$wU
zSao%Ef4@2M`w&<`fSOD<5`jJwI=|zJLwhu+_kZS>+jg$?O;@Ampkt%O(m}*C+*ncD
zjyE8^azt_ubU>HG1~ql^keyuua4|}jfYdVVj9sK}?f0_9`Eq2T-VJlWwUW++nF{96
zTwT0-Ouh-gFzkVD6XJCWuVQ?J7Tv~U)skdy_5<+>s!Fe5CUKi@Z--!}wsbr<G1Zxa
zUC`W~Z*g##N*xA)A^0&O#8@QVBX=iVJ$~Ox4{K9mHK%rC$0ksD1s)ntS5rv)v`iY6
znCsIz{7M}VC`;i*uC?X)`R%y|Au~bTeBY>9nPD01^93fMF<5{LUWUBzrXqx=8)OF$
zf5%O@aiT64=>w*@=Z`;r<{RTZCz|aByqg8{;pCeOIBz;`qQRXzqZkbaW@dX!%P5?|
zjgKa@nW*X(63*6o0Zt`CQ91O|a8OxTz57&eQ@o6VC<x)Ftdo4x6NpL)K$>Su{lFZO
zxzM0Yn^pq$(RFPGXjmC=TF!M2R4m3IR)%T?z$_p2vEO&Utkbt^b`NKN&<1R!d(d7b
zCYtgVf~?AVc;6?5*OB)|mwMhiqaFJEqn_N9t6i-=T<X=lW3e#3jI&$r)OXg;=OMbw
zx3tvQ!wUIWOyLt$_>xL$@i>taMu=~8ga?{wYK+n`uzI`u4qO@Vy(sC6+WD;w`(3A}
z--PEUU}ok33KiP8c>45dFHuv|{$7C@Q%M}&b3QsFBL=7|G#ZBXpw5ir$HR-CcYr$3
z(CE^|ix0lN{jix>b>IBw5y1lycoZkD4-{m~DquIP0{56MO?%N~<cFX@QyUi>|7+Z7
zNDy~Q-maEi8%_C~>OJ!DLiHw93T9003^o5Tvfx#+4vg~KQZMi)bzyGfX@rq~v3uao
z9amvt;WjlY1d@M)RoO^az20mrpWkN<YqY5k%g_`ro^+)rXonK^Fd>+LbIR53hWazV
z)=aHg>jJ<)9Ep_<mYo@}4GMREFIkpzZdpAXW5Hu{uH^OC-~_Pn@bOBD(J~U+Pki78
z95<~#&Z*U9@{T6-LTNWwYyDeHt4f0!)RHcjz@87JKdbD0GSHo%qevb{O&-WJ%!_X%
z!63q3a)y*V?k0%FgFo|6YHx~c)asWvxcN2_)(|G~Y8XcW9}L5er@$rE&An4}_rsH=
zC3+dJCFZHIv~h*k%#^`z8WU#2uc6#@JF2E;)RZ*9+UG}Sfgz9J7`b_YLPKQ|Ue_@<
zH8wVW{(MU>Ip0F~{S=&=)!FP>`EYg)1m&Qt=40YKT;HMOCTc#+-*d&F9#AgSk+wSm
z7jwFT$*$rv(DwGI6z5Jp)lRn75h;tz%fmQ20n-*%#qr5*<qHEZPNh0#O{p`x4YxsD
z_!NpjH&KN>YSNSZd$JuMy|~6ksvJV&(v&whC&a{^gf{CEBa7YZGd|=;`_$;jTiV;_
z;;k)qWzYL>PMATnsg!x-j$i#2H?AS;{d>N+o00)hhzpAau|&|<OK@=9f&@5eU>d`2
zC@YUc_x0nalj7=+FDiTXz298yKEVUIMpoNfdu(TcPsVs&hXv`P-vIo=wd&*!w))<3
zha8Lx)^_nM3=m`wE;EV&hEC9|%V6_3R}Qz%1DjrgcE&_^fzV!w8+G~)8^J~}QiAIw
z=B&21Hi=A&?`<+Ftt0;J_9!7{`3%owZ<)g4s%OBy-BNo*3SM#R&^DI>aoqZ9OkR>s
z-q}+uOvjyNMFmK`z3Ju(uVTORRaYN|+})%IFS#i{c_^0vLCbjy8iPAh;VhFX^+^9a
zg|z~BNJ?W~1jNO~0TgEYk-h!IDymwQy*W_fvk8vNg?TaaaciO}oDh>b2ng*fzv6M?
z*RNge4eK9DjBs(Wv2|ShCgsLrBMWhb0YUUI$LQ!~&tZC8hU=dQACZ&W7CI}6@D+3F
zzYl<aFK@ZicIWr+cjS!#n;P5x8f;V{r7USsc=w(?QI|nqzsEF=^i<&%utuof1;#lW
z7^va7HZ8HjyiSHOJvtgw(!11Y*9F^!;Zn9_h7-_7ZKg|~KwI_dBoBLuNE{zct2%nC
zuE_|MDqcla?-D$mZLgw2brt{C^QE(^OMRb^l%9zhXOsIrYIItM=pDl&wiXtpepO}`
z<h^5hQX}eJ-cw#1uj5KoRn;s7dL{(}mhB?c^0hNU%H5Pdk~mfiILQ{Huu=i;Y=eal
zkE+G~dRFZdMld&JdKnoI=#L&apyMqMsG4WT(j)s7fFO%I!6_QEd!ql3P%>3Qc%ZYn
zp`j0WK&<@PGt#2dx6$|_^ID7)L;iZ}GdjP=kMX5gSy@>vtyW%~6o@1Al72m11k7k#
z+5`v=O9PUalR9EB%CqFd6|jEin)qsQ^-+8cS~I{>&2{pd{g})0(Xan-t$G*=01ZD!
zdPE15_WM#n3R0tq<PP);Q3o;*twE`am%ud;&#})vi3DfiS`Ta*tCRuXdc7+SU8=Uf
zCY3E50kageBXog@1=??+*?}0<-8vobWTP0hKRnsnX;OF_EWsAYBB$-$C$zQWG?dhO
zH(%RFNCjX=Tc`ZLHX87@+4hy^DO+Em9cmhLq6}^!W-6`r?g#+ibTunC4go*Jg+A9g
z56N&H>;Pz^MaNCFJ-N@f*415<<Puyp%{~cJ>^Hsh!SFu0*2w_E4ES2-qfD~9l<EkY
z=H}+Q5{|?bS>N2Wb0vxD7=GQfUJ2n&s6#!*0(SRWmE2$PUlgeZ_{t)&YTU#yCxK|g
zbQO*#=m{!v)-S0s?DB5B6Q^S3R+hW*ZXOI`c=iO6<&2+NMM7>2G0SqK5yQQ%*NL@h
zA6`#uC>~cvnOnZg-U=X$+Zy!f&keXdtmBEmGhCfgm(f^)av|luF;1l>%P8sjJ$w4J
zPND5w5I4~>iD**IOqralgsv|RZ>L3iwA-=x`HykQL4X1P!)ZJW&7p}Zm0Xxyt<-t&
zD;O2|_4A1^*)MV*SoMl>x@l*}#FKPTiqBHwBS3_Pz7vp^UkX4b7Z=yuA}GxqXL^d^
z7(=J2)k08oV2g@;U+hJ@P?GeZUOY06C4$3t37(Rdjb~j`PRHqG@?GxagM%+2Cgo0v
zl?gDfW!DrqQQ2wnrZxo32cw12r5Y$=iw~axZe@pE)3SJW|6c1@*VLbI#RD|NE`7(9
z!Zdf+p4b_lA`fRzWF}gMr1UD@1049MFo~|It$4oCpakpKm!Ge(wv7?7v<0S37Y1#A
zEv>u5VWUW$*Y^1Mhv1Aiqd13zs0ZxF+XY*86I7c9%K;Ya>63cxds>Cy7_%1`_49!Y
zYE&u*#}djt+%u_h?k_5rWfX+0jbze6;u2YW9Y8xs0(}QTHN{v;O_;rV%!hSR8F3tX
z6SirUsVgT%MMS?xeUL#n`BG(p3cyz<kg2Or0s`QS5Pp7s@-{Ott~{VM(!!RaLv@0$
zgdyprm_@86A$`)-4wRq;qzltP+QK3QW<HcfipwcOEy1eLx{53~|KuF*rd5{Bn3H5-
z-ypU~30<QR=h&IO2$kOK-F`-n8XmX@gA{<W-kn}WEh@12rY>VQ0GER-&=hs|_6Vt{
zFHm-&X=ALs9qPDk_<)w^4*Q2AN&V7gQH-c}2+q?x;6lszmK+F(78Xr_JydhE$y>-(
z|0#T?f(NFNhOjj${3vPKd#ZO47MY%9P4E`@=0(20kW5oIp_6n<ERgJU+*mo-D}mze
zZHJ22=MHrm&PQQ7^3&CvC$2)!u<|n$>E#zsB$TL;u#q6LywJgi4jky{;}*Uvklqm?
zC55jBcn%N)!ZPCUDPGX`<o<i1-;&x3AzCtfe*m0^D*}CNioEyPjV9UU>&!r>wsd!6
zL4vTKp1Ffnh;Og|wi+~fh^$UUgZMF%8wpX6RNx1Des7=L)=GPGvmhw3uxilpGBD`#
z<eJsogL4VtZ7rPslfZH$V!8+G-b+#$L>SO6Y#9gYXrfH`wX;tX>G8~`PPnp@Ka|uS
z)&V^rY*_HjL#csne+}9e9FDHigJ+xukF66et8a&XSg-|5waxnPW|QLRFm&>GJFr^v
z^76eGR@N4ZX!*xtmjW=aV7`Gp6%<=^i|)XS!c;;_S67{kf|im|mHIR;&S2<cVCS<3
zj{OyId}?c2Lv-y|6Nj!`92IBMqDHk)tXRfrNA1IIelL0pojc}$EDw{QUE>=KPA(E0
z4=f%RNYIGdRShM&rtCdmH#CW)GCOfMJ<P@p6Jrx0lMp@Brnbf30O|l*91`*ZxTZ8X
zi8rb5`}g`{VM5zKccRJ|X<f({01lEd5ja7ae~&h{3Wf<rn65emUyFJi%%k=^Y*Rhk
zz}^ySl5bpARt8!)VtdB6x<*SZAb4=<dxruj6Ebhy`EEc{bcK0V1_w9AiQF^1WPJ(O
zP<c*~dN+(2jdVd~sB6>a>X~r@3ASCpj^SwrN~kEY$}6iL#yF_%?-aw?VIqSkCkyVO
zADHQBr#@pY#;l%}+1H)}d_Gv_H@a)KIA1M~lZ<@5*jG|>Z*1N(9X=PAB#?k}aZ7yr
z+MULW=Z&wTHDoUf3r8$wH{2HCriG1bb?1*CJa8b_1YcfMR0LgPMVT2r8fb<@0X{pL
z6>*tWri1i}&T&1!`sl#L9rNO;5SGLBZ!~V-dJ`iv->Sf-6ad&!&1h#aE9=cea^8gM
zHr8n)SX^1~iknHnB;3S&i(Cu~=Xwb?DyjpT6krKTp;K;q4|-lpR?M$XG)9Gb#NF}|
z4$Z=MA>1r%Bc9A~3*yNk86>ueG(o;lHE}0RUh24zH%NM1P|Kq|B^hw#3knLBu6zfF
z^fKrU;POBK$V(79MS+&=Q&4DFw4flwQ{@ZC5*dw;aiA_KE}2qaPc4L`!$sfKKgzaP
zMy85Zpu;@oyD-(hQ=JZD{h2^237UjB!azh5s~omO`M%X}_=5vAZRf$gzk`VGA>0MT
z3^s)2b2t}wXAq-3gmI$(W6caL$*9<Z2S(csu^y8hpvK$dO*7|mCHh`w2`!5BH^4H(
z29*vr8q^8&z#NZ9v7|v(Zag=Ec6`_Wuj!rk|9>M}@VA}J0DyCLzG!aPe-aC58s(jD
z{sOjWfBgkMwF3ZKJ{H85c24R%=c4RD;?7U~QZ&=Lm*^3HGxbeO621e5p^q2X(;%N|
z3JB}jodd&u9hkNpZ&G!d?G(%UM1d64FOI#=aP8g*nU)!f{?_yEAWY(vTQh_kfro6I
zV9U}gy8i{(q24~Jx;{q|9;BA<RpW$HWU6#vo@R1f7)Xtfa!XIl%QFEy5dd8HaX5Fl
z$bR+EYAHN3Dcb(kM*m(tQw?M{fK#+a*-HL)Z9SYy4cPjtfhy~y(u0!6-^CE8ju0{K
zau;NNCMPA;KwWWFHHJMF%JCdT)Xm5E)I?6xw)9^Y8{Z8Fb>3Ci0Gb|jv;{Fl8~p~y
zzVZ~<2WtbKtO`Q{(LdMkCxP|`U**^V!VGUv3({05e0qSlz5u{oxdHsLnIrnNAOD3Z
zQq?$7e0ur9A|iM%0n>6UIR3l{w9^9tt#HFDE2{$l|A4fnQjPfc!}Z@qE`!X#%F0Ts
zwFtHdpwM$-h-FR#A9l!%Q6Q?4Y95Xmd))d+0(qHrM}e7{EJo5{4SK&7$Nze-n*<XC
zQW=&nsIm+T?|y));Q$6o?1v)r>wpgN8^13M4$ezT@`vUV9FUqoCYs=vWe0nTci#Wb
zL$UKWTF%6Oi>mpgr9p_-O(K2z(W7!`PLKCs#6OQ7NJ`?!f`ZhSpxKM+%DYq4HsFsA
zdjcl~>(nc>J-Q0W-|v^C=5e7wD4m;|3t-)mL{sjlx$rCJD*uV9IEVB0rseHJ0Fj6=
zt3{{0Y{b58508<FiG*l(vqNBQO}uQrZ}#->$lSlz-w-`LJ)wiLIMHV_gt;=m#5#X8
zT|)R#WTcMh8PH3AHv0Wf?*f4(11sx25csaL_kaU-Wo>P^(AmnoHl(De$a!VjZs9=-
zHjIb?diTp0%GRbUsUB3jux(A1<@&D9oq{f}1dBzvx-QJkL1Yw{*}q{QPBUxZg*h6)
z{o_UBA{blaPRPJ60=lw+ISJHAi&<fD@mV>)kFZntogiSS@+OrYO76EcHIE%<`u#!R
zb8B}efgC`1gn+ps7P~-!uwYOYa;e6Sj*foEI+;Nn4D2@9Yc*S507*oGsE42cfeGk%
zn53tsYn0-9dV4_wxd2BxH{L^v+q7}m)OgOH4j`D^x<v*I@y(kzr7-U3)5@jq8c5*z
z`1k}C*Jo>+pe-xzxyZP^FxIXsarrW#wpPK*-G#|xW5rpQ77(eSAq0k_EIA-mvMb%E
z)<AFVU~j*Vp7|uBr>QRM)rSuuiOmqs2xz7|EX5bNvcd$#7~w5X$0abe1xHlm=H;c$
z1+n?*Oi?ZvIBjojLLtW_CPI|O&NDG1%YlM+W@{_KRpSHPzYDpERXPUC98xy?uPTj^
z%j?sj@ZNQ<xKEqHk$X8_{eg~EYdGhWZ6eNvO~z{jw8<MAV$E?P+#_%Xo&T07xTs$-
z2#s-~iU)ro5Sb#w`;I(BHwQd<a$3+h(_5g>_MDH852Vt?H_6ka<=)EAaybFKaEM9h
z`x}yslp(8&kUa-FX<kjdzg(67_7-m;`V{W{d*d3`Bp{_g=L-`ZoFr`xLh0jY-m6GP
z7LSWuSy%u@v(w=ar~~ugY5cB=kCrdtw5|IV{gx0E*y|?Y{Pyj21or9r=CT6lq74&3
z(wnUw(w?(DQNRt3kE3i``J8%i#2pA1hv8R8%IMAva*+UeV-i~#OT0Pq^XG|Er!evH
zTo}6qE+)M9GOI&cg+6JV6BQ$*08N^-+jwN;r;p9!vZL-Wp%mL>Z{l2rDrD-G9Eqa^
zRWcqk-=HQJYfww?YTc4gZ1G_y*M+C(Y-D`z>qGzEKq`+CNPU%tdP2#N0<{9sA0pkg
zwF75BfKPn_DNG1P1A4U7sU!iD3LSCW{Ol~_rN12@<mx3qB>pjGEzg`mj;KF5Sy@&4
zG)SQlH2-^D;Bfh7-jGsg4X{`_@1-~8g8TRH&l~v=K+-+Ki>Y%buxb~j^oD)=rb!Y2
z$@+t4H2&|uO<;U!Wzq%Is8lz{?s3^S^l!h&Ad5P+fA|FN!e14GgM%Q!A;Xn=tPj5g
z%RvT7&V2q{5uzr=9O6G@e1MP5cC2t7!mj{PCr`mc0Y>X_P^^Ku&A_1pM2q{6JZz^T
zxL+};$^qy9w+VC)AO%Ka;hd!o6>3K`D`b0MgFuFXk=o<7M>b6(Np>7zkf`}<x1BNN
zM2!zS&WX6Zi;+lf$ex{0qnd8o8c^02SK#x3)-E{$52|8tUWm<W{`~3mnn`>MwBzG{
zb%R1q;npoLFE0?RTulhB@R6wh@<q2y!i5W%*rA@u;HOXVZC4X=Ea85tLtYW+vEg3w
zns(p~^~51A_*Y7g2Rv(TUKl*S)}^H{VqaV1;0q6cxwMy4wKXz5=Ezw|1M*WJbwMgU
zI(lZYaX;7;Ks?5mKvrLD2YF8vkyMrNz}(zrST!~}-KGhi>GOSQwjVz>1J)@!pH>_v
z4o3^>f<jia=LcN9az_%)5kStXSkl9u^Y!vLqNVZ74T)?^)I4wG3&p_AHW54}y;tDR
z4`g-AnBBXjI$uVhr?d83*7X97otD_25E-fZPXS2eplu0W%hahU8LosGb*TAmsxow9
z+yqQ;aBx5~pO_dVfssJQEp9(kQc{9e2T=-`5ZSV2IXFH;J0&nxT~V(){by+-0mBdV
zGBZNzI17si;1uBVVPNQnvNtBHeV<&X)tkM(H02GedxQ%G8uH2Rf+WfPnttj@vL;^9
zbh8T!h!#JLjCZ*!r$g#IxJb7DMCj+!Gl?0O+x@*uoHU|;>(;IMOmJ^lnt=k%Q09l2
z3pmxFyXw6H^|VK@M<ja=z$RF|#e!oZ^S7)2v-{X0GXhaSb?+;98l}8?air)!eH(!H
z)*cY(MH4@h$)!k2wpxPUF+>;^!NYdE@1Ns<!-$)E2pD%Sj8|{&my(#1WCwLtrQQEa
z!}sg4*kK_5v%vu2yi;%gtI_;l$jkq1`a3N3uV11COZ~gs19ST8+y6G2JAFf)z{lo9
zyz{)+`p(MOd41ovjsv)L5O>y?Rq*Qvk3-54NG)KjeEO>=*kKm;oGNtDhgAt0!xH0D
zeFu4NCDtg?4tf0DI3u&5<)P&cLURTqv>^qElBjwh$bm!kXo<kz1SIUe=PPB}X#lh@
zxa<TIDrH#gQcFoUh|UZxp=#+;(i&Q)wUHSZhm2EOtoN?n{odok{Li(b{Q_vI^-r~d
zJ4psw$PQ*{*Q+i5W`>oVfe@Vqq^D8|k9I~@G^kH#k!v&;9>99q>5YIiDJW#XFN2=A
zvA_TP<*~$Q;wgAW(b>AtDnm-5HYpZj7EeL{bwx~!Hev`FVYBL?@A8|U!qV_6K!d<2
z-V&(rM)pJ(D1gVhK7URH-U<9-rkv&NzB&338xCKzyAWekYTrZ4Du>@dC-F*6w3cM(
zl>lIgaG6EufY_Mq0RM;9qX#mISleWQziAbYYXQ>6^wbiNIN3DOOI~ocK1Q)+yxw?Q
zO|Gtw<^jw?+&&%d2SZ+jmw{%dN&}d2If!c6Am8rr*_f?`))c@quf^}`tyT7?cis){
z-U*_z0C|Lam#&K8lB-#7mZsL1!LMGi?RXC%j))TSdRkk$lbJUUAV2E$$r+zgH-L}u
z(*L-o8plg{X6AFA0zi=>4q6&RCIc0(ub*HNv$*bw2mWbw6eid3xx}jV)X9nUWp*H0
z43XjwzTM@?dEHW1r)V3(DkDhgC|&6OtIxUoUsAlGllFnZM+YMU5G-@UO*uCzKy@Z@
zbpibmTo!3+;0T%9n4U-pl~u+=ZY*(%gf**&`x7}g`}Qsm_#ua`r>_$i0W-sb#urf3
zI`kMo7j^)Uk9BQMpD6<PP*2a-bRp68v-^K81{IT<?-v}5uekf+#;K$zegj^>V1sIp
zO}*@1Tbxh<zgYg99y)PWQ#^`>T=3}U>8aIc+-S)h>9kUZ-e9esW;-K-&Q5OxfY3#p
z2Voh^I^ZjS>>@$4>dFoV9t4LpyYL9pdpL6#)R(j`+C#A%qEsD|{i8(c;EQ*_Xd_s`
z_T@vS$jI04Are#V&CU5J1vRU~fI)hCgYLHHpjVc$dIbJ3gHS?zbR-t!EMZuvlhJdT
zt%=1Vlqpy$#pa;S0%nq+v8p4pptpSaJ*fJQ(}WYh2Po9vWfQZ&FyWKVJNf#ggX2Sx
z{YNFQN>y1|Q-F0#7?{W2dfDCr!6snC;=W%S831+(2W_hlxFZmb-wKnxu1o>f+0hFw
zJp22$yn%4ArG+{bftbz-Y7_%*5-##wYY5A3p_u>q58niuV?5n0PA*;wRqfLO=2R~x
zW+W6&F(5w#;fy4J@$~ZzF`vjZN10xpA;g{-b|GL$hlQGer9QCh8Lc5SHma`uT94Pi
zy$EZh9bY&Lj)IGZr4In0hu-6|-O?L|-ml<Hq8(v)!~WlbM7sw6J+spe;``sm?|&=I
z&I9`Ee*J2GX(RLhM=AZ^&9Ga?|AQb*b8z%myDaC0cM_B>JB4@o?Fc!3iCVUWfWLx4
z5gXTKdHdP<fFbc6jA5ss&nUVN8p#r<xQszU*h<xZJ_!D(OnHM$97gcte?3*#%{UTr
zn#<dz=0iY;Py1O~X(jFFjUo04CV2PHO6|PxPW7LT#lIlH=xml21S^ur+{YvBuu~^?
z_JJyMurZ}UQu>a0NtvoawFqOTomc()CFKfWQiaAFaH_S1c0*ZNZ6I6WgcPvIAphqN
zZ*$1i1cR&fD4h)E(^7IW@LAF9*pJ>&b9r?hfZoEc`{(kMoMy>z2E0l?%n)aj)QUtN
zc7uUq^I4+yhuNKf6$&W}GzVayi%&>^qp=%4nb(1R7b@A>+4Ur0%a^Xz=CuV9_Cf+_
zRs4%y;v(P&tAL|?d{tF*^>Dz6WG%q7$@<h7%$9Q#^K)}txP~SI3C8SfX@|AfFnw=r
zLRKjXU?HfRys&t|$6=pqie&JT%!M=JAoP-E;02X!$Dfl#UGTI()dT~f!f7~SyYxkt
z4bW>Ox2pc<0+L)*I*fbmf8I6*2EEvXgit1NKgj-uN)|B(=K-0SZ^P{1x3v-YCgX7%
zqPGE2fD$pkf4?cIs#J9b=0a$`!_Pu+#PT_Eg`bRRIYg%>bD(f?kadsmg~$k}nsxPh
zAfRD>|M55=C}jWM?o2Hg(7l1y7i7}FWi)Ij7V`mG3Bj^lQLw~J!B{gTg}SK`l+~Y`
zyY_kDecUIq<7nX!xFuFAuLsciF;Vi++S{NOgvC76ZRVfym!$tT8=$L1h<OFYAgi>i
z$8w@?o{_&zAq9eh)6&ksdANsGz{Cz)y>7cz6X^KE&te}3r20arX@}A8<w77eaG=J<
z7!k5w3z?A+1g%q8=C}E*8f=Y|J+yPel#~bvMh286sIFnCf@@Ta#m0!iVCeqK_tKS@
zP*5-pIml_gfGR+R$ZM+r@2*l31TBQmf$0&<)XKCW8PIlw3rG>1rZ2-jHwE6-mDv-i
z@`lRZ2Fi3A{q!)L(E*lGs^Yk34+=)adPCquj7|2x0d5j=lY38e5upWiJ7bPkii*#b
zsgO&2jLrY1Ey&(dY%Myon>6G$i5VJ6@EF$5xYi0u-CBw`VpP7_jQMlQ_=bVz*@g_j
z{dJ-k8IMK_n(%td@3R7-4TZ7^BYaj3O2`s2po^_xs!X-+akAyJXt$^#JW8WoO0u>=
z1IRKF+U+_)z>Ct%xJ@W`_kOHXP4<<m98pA@g3q5hKzbERq|raHX~62^F@8Tob14+V
zXQjc!bZ|1>IzWWr;%G~UJ2D>P0ozqwF@mO}g*<^1XsTsNelDC@CcfPPvKa7~y*V5T
zA$Bi2eCC_5eW*VbKlFaJ>X#k>2``(!@paiwS@0AE2mmZ!?KuIeN2?F#Gav*;(yKJ%
z%AF!4ZP;^T7<%)&29a_gEmssc|D;IZ5YAIzo~jK^I!7~9+tEQE&MoJy6bv&#hawZq
zlRU0eqCq{BhL|}Badt!Fp#y;Dp#(r4-oZXRD#=F@fRVD5kAa6RgS`kOIDb#47@Pqf
zDk=?Nw=}M1PFozKQirBw<PWt?!Evgc25#UxrKNp?las1jbRVMF=Ek7ICudyIj5*i`
zR-~yueOsN#rHO*w#qSJCtQM&xBVL+475^BN;AwA7LL`AH<Y_SljH6hKS2p45>~s_3
zl?RY=2&><=w*Hy7$C2<k$ljz};IaQcnBfrUlPVk4J=&URD-P>i$7B~@pCH~9;s=Fw
zvS4yH*1HL5YEe;9(<L!$fe}PXIoWZdd@3g8{{LCC14crKQ3czTxYK|s?R*Qb4K)E{
zbf|m?GpL&%!%;$+UqM}Nr~)#JPF>LU49wd7jT(q+D4r_^SDf2eZ`7~39NG}C2q^%J
z01b2dga;=aWO(2M18;-peVU}Aq|tIl)V5SISY`U@Re{?PR=iiilUnG${hl_VaiYML
zP7hZuLijQmdskgI*XV3)mdntSrMj7m+1gVbJV-zhx}-ui<OM0upVz@+RsyW<w$xsY
z?q~ryLI!lW&TcH{%&)pn#(L$vyW%FF?0#x$=#ziwJ;=+bV7j;n{_kj$RBuXwPWA_g
z4Z1;6F3>M9wVjxRJOm`e*|XVmqC6^c@a(&}x;DPCQ8s8`qoB^iA~3yR37d`~H^}k~
z=w9Sl4kYJT()Jk8H!b=+gG1wNM~HcbRr1qs@V`6*4+^mtYFGrc-hBo+;1R$0&J(=g
z^tA=87c7wnqK5CqdaUc8ho`_1Q4sQt1LJ1a>Ud58O%Jca`2W~@@1UsD?t4(jQD;=l
zVGspH0RaUC0m+Jj1j$K2U<`odOiL28BcdQtvPx{C5^b8GB1n@|a%zwyg3urtNqau%
z%)IZnc58QQ_n%+Y&zh>48tLW}p65RIo^$TGt-XnVq$XqVjJq#$GBs~7K>R1xu!mBi
z?$B81={|AG+t`Z<wS7MlmP)|_AnT8niBgnvWsm|n*+#oEHaufD+TSA|nps=#-n{vl
zjWpN&#DIyqiOjrYHLkY`eFJ&w+#68ZroR_;{G9mdOgZF6nw{O))V8o?q=xdWT)VC<
zPNfhX$>DKvCi*S&Fcj#8+^;dVDjqe%tDe+>Qx8tG9=Dc2aJsrU{}DT_K27t1$zhy`
z8qYH`-M^1_<e_NQOPd5@7SOKq^5x4UD=m@;?DCatUmv+xYAS>PL^?p(0v$PF@1Xb<
z?G^y2&O1ko2Xz6?2hWBvAKj2rVg!zBRzf4R`}_9sBgXitPC=9m4g#%rm>Fx;KB@^$
z@!{@6;|xbakeZxdNvFpw^hJwUwtKX_{1!TPjJq;YyrVM3W^DT*bWBpZ8xIDEb00K*
zp^<0NlA_mWL+=?XQBvQ&J(4(|AXH(y+BDbJqq2(j&&gYxY$D{#w)pYI#nUqf_U|Y9
zjuDdXLjQE{v@h%GRSf@XcuSBa{n?Km)iPw-xq~E2!Xyw)Qc6HvtONj-0x2~0^Y%V@
zvZvm_VYC3ut&s(=NT*zRgHx-XsMu*1YleK4lZ(>jqEhnK|HdRaU#lt&<x$pQl}N2)
zh(*`|WDjK~Iibl(Rzcf#2_+?^`f2DOH0&H%5{GCbBY#EgCn2(ECNNv9EnlEn$m`q4
zJ4~tUC++1riB8LB7rW{*O+aa$#gm0hX#mOxunk$}Xusaqi*hOM9C%3R7?b;Si4pQY
zR1(k_!WM-|%0O6Dw0B$dcen1(Lui|#wRC*YG`YRbzk4Y)ghcpufOzNEugNM8!;jhf
zhlETa(h5pTb=~%-;`vZtzO0UtG%&HQ$@CDzVMEqTP-F>;FM&kG5OBC(-g`PM`_a|i
znrrLT`KAPb8_WubVYER>;T>cjRl$p;>&WZYuh;2opdHg*6F&g?FNbZt^(bzK`(~vS
zr4@E1TLDd@MKEvEJ~@k<6!i4MV9z9^yn)=qx3Bv(5aQmhuF*k7qeg`QP8i^MOfe+E
zj-!nymBHXj_UpI-5Eu{8OehwoN7Cuua(+uJp8;+#@oXtbY(v)9RpJ8MpUD>AF-DKt
zx2h5snN>8~HAGg42ncsl3=jZk`?|DLPSR3avc6N>pDIq;j7~T!b8~J>*rz;W$R)6v
zfsEL@cGa(gmHFN{YsliYw2XmYT2uVRXR<(P3g}NfZlRL4IE$Q?6z{4GJzP)~A?;Pz
zP!DZo*QZZ=B+K@gNI)?YrhSG}{B(|rixL<&WM%_EJp@MckE&soDx7L!Z3Yr7{Qdpm
zbKV?tdc(v){RyXsfWNw6bPS+=ppBBbPN8A*?%e_Pez6#}L|K@ht>Ed&by=8O=}+Bo
z4poFm7`1?%FKCHm@@wl%)rV;iY`!4kXejdXa&&a$ey$1%h}(Qhkl?n{))G@-2<p+6
zh6zj%JVQ-=35h2bhUDQL5H$SO>`oEP3Aq04M=`lnJ+Qf5A#v?JGIhyC;E(^PYws?e
z6Ao8mxc*Ox{Iu6Uh0y<|QvWxV`o9#Fy421>1PdD#MpsuFFlEz|J2!Iu3-uP%_weoQ
zOoJ;^NC-(d_WIF%>ae{gHWkQ!Fr<c8uG~UaHEE5%azB0X2{IwV?(&$=f6ya!{mv~)
z?S-pphIV!%=yLz7_-_DMYTS_ljNcw@jPx+1tSF8KvVA6DYyg?AsDwL;7@Q3}92`Le
z1HANGKi!lkuJj8IwyFIDrTG|EEIekHB+gP@=&(ckr`cuMu&YDJqi?TT-F@Ie538{W
zP7=HTM#sk;?CtFx98mr||9+I6U1R&BFd~OvyK3c1rkzJ$c4X?p*9mNay`9|$!}8|l
z=F(DAD6Wu6K;Z|r!V*RS)$fg1M83mU)t2lrH|>kGr7ZFL)Nqkgzs3#0pM@c+`mg>}
zK&qG_g6rF;F*4OL?iN6W3(VbHx8ys4ArobzJnW>7*{ONVF-;t}w|qt0!uPND0+9-4
zdMz%`ep%j_p~yf1XjH_?e;X$*1rohiDh=$0^D}+Ms2fnYHl`ZzTZZ_?t40^XtAyN^
z=iG`|r*$(cYxY+&c)TsXAoba+2hT3Po46cr%9omB9v7+7s}VVHFsQ!&l6RQ+Z?Vt1
z3d30#mlHz+P4&A9uY0e(;hk~7`?s=(2f|azAKv)%%aw&`&n~gPg({NiANI>P8IN6&
zx^m93%Gr2Ipz_niWZp0f@p6tk=x!NSvmdDA)|PUs`^sRbooA=O`D)wt?P;@^`5jK!
z1thH9e(;!=6b6|~NfpMw4?c9@046ZqO;M3`cZ*ycuT@3I0Lpy(Z$d0AEQeP6+`k_!
zVjH#9Wzeo2aynP$e^y^IbgeNl-8k2^o7>xsqS`xpU^+bpbD~*HUJ(?`%u2Muz=w>#
z1fatG^hq#2fQm-I=BB1~tP(H5{6dv;kcUTyU(dk6nCfC^+23ieCI<V3uCA`xiLVK%
zmR)ZZ@Wj=}27CHpX;>ZgV6V`>OuNt#N<~>&;Hcl|-K{<SklF~EwaCiKer>?;AOnLr
zEMZVAIXT7ib8|}{&(gb^$0OLsK*d&*Iay;J0Kn6~^x<yZkEU>Nbb~X5Wuw@p2;gl?
z%iNzD7SskN7=Tc61z3nOP3M4SaYY8;f!=|<)9!A7AS^Avg2JT>Gc$+c7sWld?~aEm
zxWmvPfiHrDp%mJML(LhovL(<9Xf`$qCS_%T$~!MAO1Xq(vGiN6^`xyLdUb_Q`?~cP
z?pKW)RSBTJeY;jiN9XC&^Cl*_Yu2nmv1?;%n{Jfn#C>v`jEoFM%JAQ=tUQQ9RnSZ(
z>(uZ=e=3~XU*BBa*JrHbIne&}O@qtJypy-BD0xwl(-V!xz(mrF4*8D;@va;=W6*z!
zzWwAHsBQ!{4gDKuBp)LcbU2L^Jsd^F?D{_rzrxU)iZ?(SzT<787`sv)IE+`LjYfbr
zfC+JNsY7-{tm#3}?PX@(&k2l<?toDhQnsN%Q}exlDkzW-W?+tuwo%d5n~-UNzq5Lp
z$JznZWL1zfZ1Lf~rer7gllhZpSe!z-U@ZcZ{w+@FuKxn4REsr=n>TMRF5Y)WO_%x)
zbwxAG=KRqNhzI%qS_btu4*TCzSN;yh{~x~Y->>-RO8*6R|9>ahme$aJ$-(|lf9wAf
zJlZg5RNC1M)3&06rDHK9kIUG4>D!kQvJD#g-{XKzWdWpt0DTr#P)K{z%RRD}Hp|j|
zNtQLGAwS1o8)S^H=2oiWik^Gag&|C&!j`3PT0)#zA0xXKv23VZtTUgeD=!ag`f;i(
zQGd(Fq@DBdE0ls4)YPrGdOuf%TT-IbL-j=0?(ke}pB;vlrRN@3)ED@q-B>vpB9Jjn
z%o+bF&4S(2kZC<Y)5!hqBYp{is4`+$TI;#J<TJh9{_+un0D`6FbG@#ykVx)E7?%Yn
zpr1D=WZL0BzJdjfrew9=tZ}8hz0e-jG4W;zyN&Yi$e*8Vt*N})`Rv9Uc5Uw41WDB^
zKAi73qqw)j_uuC<71(wUMt-C(A6{46G@yWi5zs{wlhhWcuMPAsT}5d|`>IfqT$=X3
zU9!xze=1u=gB5;^fxd38mgx)KY>RVa(H(VBQR~+QuhJ|G=jlyt&4I$C|Mm_eqC2Y_
z$ZfUwaEh~j!j2s%oM&+}L95aWCtLDe$Fe^h=3gv_>ZD`wt8uhDgYu5mJq6+DeCMW+
z^sOki`X(A%<!8~M{rSGvywXGIjvudu7{2{Pj*A5C!^i4i?XkfYyxD3$?H7^lrz9ke
zz38$=OzXrhPWwl9D7ca>bp^SpjAmYwyCq6l9;xSx@8DM`D^n9KbW-MIcfO=hEW_&x
zp#P4MoBG-T+0o}wr-}ya#rZUfej6H7$TL&A#u(4jTQJoTGKw(boWN8#@@6f<5i1%L
zvntCfqekgk<iVP_<Vbo-=RP@)F=f@l3}T(t38;TO(skYT&bld|U}%Q?+UQKq*5U=?
zwD>q<e>ZI-tUGhHkGpw{TziS3*ME4DpFB^*B@!=tG|ndlyxY{5Zx7u1pZ9Irww}>4
zlw?s^b!g|&%YH$T$sDA<i{14~CtmNx9Ss4aaLX%hmNm+rHTFMndi3T7slaW9`GI5(
z%zkHTp!?^xyCqw<icE(Q1&-SN+qX~uwVKMrx_Sefo%H3is|X&BBr>NO30G!U5Y9Yn
zK5O0d=5yfcso!Dj@#2{-@rGc4a5>?f)I?paMLL3J!Q5!Yd(hqhmFtrE^GDwFMSG=*
zGpQ*t-cpAPd6~2*MHE-Guid<HGWNQFYdNWA;lug&-u_g67|Nlg?40tKrMTuVE?b%)
zP8w?17H!vQlye?kR{Hu01`UREg~es5a#4BiyYi+yLmoXDe$fqxVvELyY96TWMmBPh
z#3KyR00+}(-fgY4_Z?S_lRaN6obTUI5qkn^31yG3+78u`YEvmA;+_1xMT_%n!onvH
z9$e-0<->`nRnfmcf=7s+zPiKIM57_>Iugo<7bnu4eI)Dpv*ZG(n#-@FAvEy&2I;xW
z#dnljWS6iMAO+WEUtfGT7g$#}o}|LK<)Sm}sld>v<zu+e_Zd=fT^fD~x6nfUsyMQZ
zJX>l(jtDbIV1KS!!InfUsoD<GfEWqy?GFD;<Va(hBWc2G>d9kC_v#X*(21{&9q3}L
z&6~hm4O%f;P<+9aTY^2~Sx*`U0cnhN%#el)rkXDL(n#OZ=xKR%UQEo&j9V#Av>G-e
z&k60I4sxvnvG}g_s0_d96}TWd&<hdRb$Xh6o8)>!c}0r;)sj4z8@${-;-|=O%SL{r
z9z;A>jGT08()><|=}{3=Zxlzbqd=yEhllS_bLQ~#zDI#|N6FtNzXh$b`1R1u!oU7X
zOzzdy3Q;sqappDP6>9lQWBm<@Ad|Ig?w^|)oH%ynEKh*HW~_#xxo3xzh=>R&hHCC4
zxNb_4PfC6Jqv~EWIaA@K6&J0ir<cs4mZ+t271EqMWb~^yxPlm$qg%Vg(^I@vp4OXm
zwP&nYb=G1kSiAj7_xs_3MPeG**ZO2G-XPmjxCf+tcXoynv?bdzK}Zl!d^FVWgZF27
z7G*|Yh3*<{7`QLK?QkZ7-iGYNFA#Zhw@Veu<bKW(Nl{Y|d-uASOC@Ua@`RhQ0{a9F
zs*K0RFr(G^J&t{oWwVRCs?)1i-rc%&JH>rhOLlAhRMR)l*|u1}t4Ct|X^~d3PVP-(
zf35S*?on|*U>Q*5x85XfCS)z4L%x16$UltpHXgOSQa`LUNr7CJA+lL}bGBZx$NbjG
zZ<3rV&11Uq%Mvr2MO_Dc41Yc&!<}Wx4lf_>9t)_3sjokk=iX3OVlqxDPCjR|Fpv8M
zL}*7dLWiZ<Q^oVIe{m;!^hJ`Kib~-2#T~@vIW98fvc+q0R$6NMQ!#oUAmY!(rD8={
z2t4^n-5RRGIQ8cTX7dqxo%viS!R4xj`-@{G*zcf45*?0kqL=%NcpeA457HIw_xAg8
zTMZ2I3Plb%{b|P$Ag;&5&aPPHkM@=N&QL!!=8I7eMEQGPPQM+$&#dtq(^}m_aVMEq
zDW2f)QPgostJ^gx@r?TH=3R+60WJ|~0RjCrG;Xp~;k(#Rq&L!1oj0~#=-%wZi2qpi
zp_L@GT+L;O_5DFkO7e#XEVu4lfoZ98%vriPEoqPK-OLKZDQ0G8Al4$W0U$){-(0vx
zp&)}!?d|`Xp8F`o$)G$pRqXf1kKc+k+pnITjFCVjO=B2ut)&^BIRCMza86@F+V0a6
z`|i^4Q0H13A<Lr_oOrcJ7bCF!NSX=rz5HH}>d7-T#BzDnoZ)6xF|bPe>G@6#6-AYg
zO6kwuM+GGGRlidZ<q|P2fA?@kTZ$5p5t8fsHL3v5O{^~NPC(7QT;Fux;TQW(7c3+m
zRPEZlIbi&An}T4BBZJT65_!<}eUxX-&DP}`^r-oPAzme4Y<AMu6?p1~lJhd6tinHv
za_lFO-j|lf+jbOAwX3SAq-AGMfO4cgWnD9>LYw6n-btf#MSHXWOD||r5h<gJkID*r
zE!-e=c;?#AoYXmDR()>9`=}LWL0&yqbk%c4MoYDKZ7yn=XwS(|8<tvll$KvhVWj4^
zTVR4`-rdsl<i^MHjDv?#jokV<^wN(mj1>FA*RGmvY1`~4<tj7k6yopDB5hVBd?u4c
zNj5eNi>@f6W;^bFwcA8<?Te>jTSEN9;(K~N8y_m-q~=|;@_2Kb*eWL*;l-z-ru{T3
zZ%tHA)xZs>fkAyei$<Hq9tfT7hZ93cvP;n+fQp#1LQ8NW>+9D?ZS+vv!kKs|b62js
z?KYv&OeGCdzu4h$g6C3;N5QRIr}~p1ZbixQ%Ze4&)^`E?_dgUHAD0k-IWfF6r@*Cx
zVWyI(4TbqunC#ln(2#KxCmWhEMZ^~Ehx8L*9Y(W<b0+Kr4{~!C42SO>ew42{dX+{E
z4hoV)b0Mfyi420Ua)w;FzIUijnI{WAu*BN%{nH`A-L^UL%j5F>q?Na2GwKkHv8wBS
z6%nc&mvGP$57*AMdffIq_hnk7&m)YgietkbYhI_P6F&5maoK)GvGZO)LKe+44=ktl
zZ;5=@6Iv`2GLo`)i4MfQIVEJD{;a3^i|LmkccX=%;;7RqD}PO5xqSKFUK)Lc3Ijat
zrDmuaFAMRk@_%!E1!L4dpf<03Y7+L(BtEZoFs*=OFe6)feq7U9oa^Yf8-t&EXqpiF
z9lQ;)jD={N7I7tGh1FP%e0q%_mH6zzBa&h}KlgsFgtDE<HnKv}lz`zd;44QVdqnsd
zu&|$VCC=+>r$s5X&OCdb11;8$bbrn&(Zd{VcS1WpHr{oY#9$vuBi-sKrK0HEbKB@}
z7h65O+fHBd%+kmEdxv89V)>*ALT#v<x3}r#uX^XE##0vA+T&nzyf5|%V{dXnY?aU2
zW4p5~b1hv|jAUt%OL3vuzS+cC6B991?eBWe`n7RzaClA8>!KvxTbi1_aFSrH4IGKl
znwyTT(vq!WAq7S0-PEBGDbMeZLqnO^q}V}hLsq(hux{2_gOVTNYr;=ELXu_QZJ_N*
zD~m85*wqb2x%9GOxVkZLoT#ZiPohA{b#=i+8>=QHRX{`}H!JHLT0QEMWi!rWbS}ne
zRiH|>$cS=+c=JH-Sl`9^G+MBH!N7U=FJ|->l(VI!xj&0}4~|?#EKo8dBLld2w8i$#
zo5e1F*h3C1ft|UD@0r1?=H{XID^x^@cK-lp^in9q`TC|G4KCq2^Z0;!>eTkKcA881
z>qmwG^8j+9nL6Upl_(#M30BDo8JV2zJ2!3IxW|B__3)psmT`YAB_^Y21jjsm_&kz+
zuvyO>{@2I#&gJMC1=-ZIx9pRge>Nvo_L<zB-d=9(HJ|O$@s$1hpeQfzS5>K*@pe`J
zCA_?DBl6eW0*;leCPGIkRQvAFudc6%lQ1bqpj4^#r`FVDAd*(p0?bO9gF9K3M$v_m
zHH22qrqn0YLhP}3fR;lp#zLPy{Vvn&;<^CpqkX4oN{H7XVYWr{Iu?9}<$l@n8#0bS
zOVWt2o-;H$0Ca{)#Gu8OSy0C)$eKmU<JMLfbaPFh|II%Gty6?xB6iotjebEvhh}TQ
z3XoqAPRSoW95#QV!PC4DDmXMZKX1Y<M6t!(wt?rT<m41G5k{anG{H0i2rBfqp8d!W
z7flUFKqw*l5aKS06J(4~hLIlC>SmVK>u2#Vr^8aT9)?@_&cVE0sLfc9Ja7q9ta-$a
zerx!3<w^w#@+Ck$kE~&3pMHR%NrhF1P|@7e-CGW!8_fQoSDEc!yOxvHDG7s-f!X;P
zIjH@KKfq7q_LD3=H{#S8NA+^#1Ng64WgDBQuty29x;*=!`_2p8$Ij05K3M1s!|8pn
zA&k%K2HPmSSio!0yph)mzP@N6J2x|&!>0Y9`Vbb#SsfRpsHDmxc&*XV(F3P>W&?@Y
zM&z0-Fsy;YrhdVN=G;L8=St3I7;CiWIfn=KCgcqG``4tTSdn*OKCdj5pLYm-_}H5D
z&9BRm(D&5)`Kjs6-eF>?*E&U~2ZmHuRn^xCtG?e?Q(5n<dZBA2U064L`yu1Pb7CRF
z&{qPC3cX^fHR6We3u}8EF)b#t{FGX_PR-xJ5WPO&Tceh!Ew%Oa|HV*}Bq-uQRc-!)
zE9L49tOIjiY*_!b_tUOUcdq81ot^D4cL<5P`VDuCseYA6(R<^-KhmvR^Ih+2@#$yD
zPYt*yjTPUObk23Dj-ZSlJvLnlj~Dk4>AEu_K_B4hbjo&zX>}Hn7cMlW=<PG<FK=kj
ziOfwNy8n?LLjSn)GWvPO8wxMp&74fyHS+`SyLIc9Vg-I-VpKta=emv*j8TKxtm>r7
zO2=&lLKa3(bBx(JIJB!&^Fw;l0Ft3u15bdJb@lML+wFglG6o}niigPUgLGCo7Ok3q
z6bH68K7Ve<0c#=tJT%*f24Y!qn>atnA0NMu<258CHxP2aBoe<q8H{w_r`I<pKHJHj
zj@H(!tkX*dA#HWDJgB_f#=LJPK0aOn4Hz@B<u&1RT04Ra09)y&=d2yzT*nDb{eyhO
zd8I{&iiQv=AStQeD*!H*9>VmsChq>x2EI}*PL+uL>5TTFq*Td$`!wCPm07h&aeg=B
zRoH^}8Ea{!xF5K*FZ*VUPA-gCyxYStcO|LzR(1*GVsWK4H5x7nNGrqsylicqN@Yfr
zs|)9#k_$@yx&Jha0BX31Qr*h#o`iye0@%J3<Q0Y^C=(+sBaZcBcmi>uaiaZ~AX#j0
zmjZ~Zp^*``gOk4sQx~nT<*D8lGi$ILtIHk$H%M6aId8_$DMh7<x*&Q_LW_hrRnOuP
zP*E*Gy;I@MjWAP(>f{VII-|{1gWo`d1~*V(nE_0G-?1o=_-3uGfw@j)s2~ZnDAe~n
z>4Dt`4Gy?VnpU2r@2;fL@T~6c8o;ix>L|Qe=C`-ztgyE2_fE6|RaI4)%*MS>FIv!7
zKAiF;RoybsFjxqU4f7-CRmr=KT!__DWN|)U*a|n>TL2a7n_nW?(9!MS<trqpM(1j)
z)S}#jOHp7CCHcfua8-G^i=EvchyOf|@Ymai#ulw`;G*cOnCh=RJ+PW-XRQAd?`QC|
z7bu*yvB02!*m<0I&H>_kg%G(03X@Ap8e>0W1cHS|c)KS{mf%rC!zrIXj$|M>VLc+@
z8S8t`&&{n}`{9yhoJg~l^V*g4iq3vR6+X_-ZGqe!H2v6UgyfRaQlznK*R0to>E?6r
z0M*vSWCGAlSd(Y-ZmtC9426trhm^Wl>E_J_1_tDQs3?$1I1Rsfn&t>w!z-ek&<7#H
zj*X24oaB=H!gw^!Em<ZkzX7tX1{+_?@l^Fz=}ToB^<s9hiR7-}5f0L>(68$qsoO1c
zW<N<|Jrfg)m{a07_+{p8+fsJ|4yVrLfBy3yQiPPblihzcHk>m8dY*`^tg<QKW%iHU
znuW<xLjM2Y->df>KKvX!2$lgRi^qk@-QCG6y_f;A2`V|$%EzGr0ZRX(w~qg}n%65|
zdg9J)Xp5kDo*f+ZEgoFlEHU4#nQ1IqFirO}rk-Lw=eK#76sOhhxPI$D9K*?M1>XZL
z0@HJK+ZQ^71WoMU`8_!l+VdZVYT9Wj<I<;tW7~u?YqLiy{+i2T`G<l6@2nj+{yCLt
z#RZ<|X7kUvzn4oGpZRC7w>(3Q!^OvkdcTQLWL90s;vkfJtB3L0LnnRv5|DB&jQ9ff
z3&sq?cP`}*H`${@{%|JmfrFbfn3opb6EX5$SD`*!jjx|SOYZi<-5$O)dfn#*<|Ej*
z^%2eFEXHWio4JaW?EH(~R_m5Nl*lTuS@)y^b9nOBbhlA)$RXro4Q_8?#7jGtUo>(^
zdEYyD%koInOj^Je<y)k*fXxbwB+;CJ;gx!`y%j65MwJv55wgC`E`8nc3HngxV6e}-
z``+mlO>@4Rz6ZS-_<dNO!MfLARisGR+vb9ec1JSg)9roCt|I?Cc~=lu7TiYLIX0U9
z7mJAE^zJ2!{?m0NB=I|wk^^ziQ}4P+Cw(~W-+3t%)w=8TB(!6T-DygD@?73?M_^#^
zx3xchH<P-CMp!^N*9sTw&xXnh3^&rc?K3kW-|T2r6p3utm5r%N)q;6tp`Pa3V5wUe
z!kWF}>^v<}OhH(jYq%ww#e-`}GOQM}b%$}t5vofI27fSu7J~x~HLKGZn_hh4zplS(
zs#v;Ot4@krfcmV5?=p#pW+)WF#cLU8yS$KTsdh-b4rnDS<%xIKFL;<*rWQt7@8d2O
zaolFhKdT<TcGEUaQs><oJjL^G40T)>_0KL8uKD@FHR;=FWd(`}^ha$^W%jPF;Z<a8
zKA9=cND?CwZo6+9fS}_%w*9!u74&>P_I)JgqJXx}<#x<$7mwzIx4e<&m5lC5OA4Uo
z&+&4T`%yqm^DH6CPgeOKq58CC&uaO#J^dcb)zeh)$Dc<j2F;>#n<Vzs!;R6qC%|hj
z_wC^mOY6eoATy<6x?lizA^u0Mxt)`2LOHAbnf-Y3Jt{iD@QI%~&ZNpnI?A_)a&wbZ
zkx}A-oJ{v4dnEVX?MZ{$PLJF8#?n{Soz>pG!>{dxanHy5wb7#5>JELv(u|K12md)t
z)^E_z(3)&(RMFkqdT3hd)4nUV-lz9cc&QW7U6zdwW9gTAd(A%gnDq3RV&F<S_aZfv
z%j;w>KY32_(8YDw9YhyUl8lbq!UnGm<O4b3ljGzA=}NwXugR%2Lk08DK^;@!ZoXy9
z7y*OQ3$#66=b32)KY7~W?kp$&a7KXaCD|8|BXdW-sY^*^^Dq5kVC$v2%a&<vnh~#<
zgXoiR#kKPqjNW3#p3^F^|NACssqBLkUhaaR`FHnTtV>?DEKx?(b!Jo~WG@q;9N$lR
z$+cjhdFHK)wCAR<fKXKjT}yvzIERUzsH;yretMN2g(9*jKm1425>-m|r><DNJ_|(~
zI0v+3JJ_9_`|IsVL|;|OiNJ)uN8USQ6O6|vBwf68cXo#y>7H3*%W1i&qvqzp*J+xn
zz_>K%7o>zvfaA`0NUoI_$AfefwCX$GS<n!Dv%|ZgwZSn1b8<~?rFjCOefQ}j<k^ZY
z?x-fSAu(@dvs!l)B}TIk6mSFextBl648WJ~PbYFy(@S7+iZ^Fpa+trMtZiSHf`{BZ
zTIagB?gCXmpe>00eFI?^pf=w#%-@LLEpa2wxM&kw^v11Q2m4)5$)AW)>@BX5rWxLr
z3zp7GFvzumV7*}Lo8o=z|B#5y@TX4>)GKk2VAx7F<-}MXJ_5wF+e`bR0a==Et5=cm
zKCZEhZnLMH)d7-25sId|;r>(rfXw2{myH}RGd^Exi_-P<`A%&wuSJ~jznPis2udNw
zmnls>PS<u`1kCXbE{AB4G@PnzcK1!baG|<B-FPv3^zOLJcc&-S*4kq`_>F3Cn~+15
zC1;3{*D*1{!QHVN4sIx|sU+L_(GX*uZ1dV2@Cj(o4K)5uJJjD_?9W%%%%WW720E^E
zKY(ya(d786e!N3i`NRV9Bs@?oEc8wMsYUZcwi-pwUv*+60UNj_p1kBH8*iO)Pk2)+
zh2NX&d9pIi(7gGOobs||6364>&S5;yh&)EgYwp!Qd-i4Egpt4Ew%q;#EywR%6ly_#
zZ34zzaV<{uztcFIJ<td^;|sY*dt`9XG$_F^qs)mL$%2f#IY=~~wQ#+4ML~;+iLR4Y
zXKLe><37ItBQr|lqB?(_JYAh_o>_;+{UUUj0hyk!jb7;K?%p?16I7>^2^T`z`&X}|
z1zwZdT~G5E<XFu#7}yq!*C+)=IKm^AdGZMd$-1?0Z!q6{XAZAG=ZCH<TVBvhuYZhn
z#tx|{@VLEq3*cF`g&<y^UVtkyRz%LZVs+cvwdrA(_c6sb8{V?irekr$?dRag#dsFv
zC!rWR3vnkd)t7B**4QCoQ7z<^;30ngrE46h`+dFCzSs}wTvZBLczL6>Ir9j>^^maL
z;t{>(7BGY*+KlSTR>j7}h3GEW*IY(j8mH0j&dqO-a|T61gT?|J9kcJ(nwa&Kb!l7%
zQl{nR?yiI?d6v&#yqMJ|>X4<I?6%)slp|a6-!xUf(7dc7CuMGUNQv<WKi1r<BM~c>
z)qM}Rgkfmwci9yU(UNM8hbeT6i=}2K&2mwaQ!q0SUNOzQ>G`8rc(|=JEDB^zc_HiJ
z4Z;=aG&r5+_PyPGn5Kz5Y@o(L<LX$Ih;wVvEQ5_n*s3Y9{_Q)iKiYS7M=#DL1a}2-
zd9qRS80tfWjx&A`cWYerhFaTG{d{!{EwX<b^R^w2&8IYu%f6uB5Lr=sff8zEjftY^
z9e+Omb=j*Gy5|ZSD_1Rh5=ORsANrWd?3laCcCzSvK%2I3j%7<0d9JRYnrI`y?3!%x
z_pHZ0rI9Ol^L(EY5vimv%ny52D8cw4U=%Mt4qC?9Nev3v^i)n!QQ1R6ZsT9L7v1N^
zYu^vlWBDY@_I#TiE>coPmI|CM%BwK0PU73!Ew5jjF^*CM2lomKtE9>(f7LvbUiP76
zE#-d8O2qxDD+_g$Ep2CVwsVqZbQ#lH&4N$Qr@2oJ*)>zlIu@Rn9UzPD_AvcAxqGLv
zv~;R{<;+>~J!Sbi3z;`>Oq#95BS?99ZmbiE@`^eW%*~?9PrR-fb1~a7!+hnlj~1(x
zgVwgK=5}?hcR%i4c5Mq_KGN&f*1q|v4qM=e75qgKm@Pzx#^*4G7wnv#nUS0yuWhLX
zd+IdU^a5BS!GM7vyzlKD=K!pLzi|55#|7ACz&h@nzJ3D?XV|VzpO{!=P=}LN2El=8
z<;s<02YLC#JfA|J=EZNmUQtq>`su~DZoSRzxH?-U(vi}$KJ2pBm?<qn)DiJ;9<-0b
zO(@eZ^GhyFcjrBlKXKw|`?(xEY{mJK`yq^8mGprYM>h<$`F&f78PC1so~)PN-y8G%
zx6zdl-hwu>vZ`N|8(3aEW~LpHuqLm_8Y|DcU#hm2zx>@v{X!^-2G-aUuF(nbkh=fi
zL4dDcAhyNV&!6K}NXkk|z`xW!Mv2Af=<rDQ3i1b`ueq8wb5T+M(j_f9x%jQs(Z1U1
zVR=SI$hhm~j?Hj0!Dw?IS*tOY8iQqc7kERn3U{<bf4cjc)O*|dX;sz6GtQ6iRkTL7
z1k1?l@&-^N^5?{N>b~VLYU<1o<l*Gx7CQ9VBSk`+Mt@x##ofOnXx!&a>ij1D;YcdU
zolQKgUcUQe)alp<<Db05>=KfbEruQErqd+d*`K{Pl2^HR@4<ZumXpXut~iw$Uy`d^
zrWOZeq#67(8eq9Njeh&>x2B?wDks9M!IDMDq6aA6#W}3rqHm=v1T<Fn?rntTn5kAK
zn9eh|oh|@3-XJxtwg$EM(FMS*OabEkli>LO5V%x^fD73N6!*JXSQ4n&@MH5t{H&*3
z3u+dx9ZF3}f$lilu`ew#@v>e>*17yEFM``39iN8Fq@rH)A!}~kMoAQydF5vr9F+UM
zs)zHlB9Z`UU$~$jalT7uW<e-pO>r6{(aWD&uJTe-B<8SNtM~F1tJ-9vRaCzAgbags
z{}7opS<ag--wWMbTpNz0iM1`yWY^BTU6>p54&a)vFBt}byeGO3w5~e+td0;A!Y@2F
z$-jR0PIq7tl!0P6+DQ`2(O&`-l6Hf?XwCtK0&MPsN62jjt@Vc~$yka7i;^ulo+m{p
z$%(7=LIN=trU|yQ*aRIevTixPQpkWD!`V*D=o$o2Q`++JMsJ;#9i|V*>$-|f`}C>v
z7njn^`&%OopIx}%@^Y}QOQN8(TAWn!wv=N(hiz-;F0Z``=@_86?A1Q@WPKaFKi`bH
zx}(L@<Yzq$oVM>J#wwAREO@O6xN>4uBO0F$adTT^pTb!&R>Lje{A|bK!iIWNl=%eK
ztHdY-SB)MnPk4>N&t|y2z**P&m@EVBLDr3Fkzwql)&fB~dh*9ry}oOnIu)z4ueJ82
z{YB;)Oui0Zm6!nem%}bC6$gG=<oNL5;DyK8p@jz{4{Ch8L(lOlUfat2*(qo^x`%PS
zzoq`nuxUo`Sa+#>?`k%WCo0Dx51+q)28CYTMa(#Xz2yTf2>iUzM>=}Kx+eDC){IQY
zSO>_nYzroWj|O}PRLm;waxT)FH+lvN0O>^!C6@5LqXw)jEK|A25bkk>9fi6A4WoCa
zKB&Qzr8~RP2onx?2KF93I*5ZYSaD`MnpNtobz>_mO`hFrvMJF$zk@v^fZdkA*J?eD
zelnzu-v5%FTd2ylFRhzPg)<?pLztpj`!)7Csi-yd!{LHb#K%n^&FU#xC(L9f+3Z9H
z3FXx*Wu9frreyV+Q;89Q3p0I)*EZp8h-0)r=0<xL9l38J>UB|v;}tt&d>1C6|0lb;
zLK{{UF7m#z(mx?m%rnPr!lIxj4O!Om<;!cV9UQ!E92#R4w(JOr<P<)}!;^=>PS{R~
zJ<S=MEfuBtQ|<0~LL3}%P+HoNrVdB8ac~+PIB+2Fq?0c#GNEr1o#O0p0FI;VmsZp%
z?WDUpx+!TFdi9@5H_&^eALF)zk>%wtE+O9>GHRA1VZu(K?tATC3-uPsforqBzwZ^-
zVY}vj$GIylaqG5~T9aJto3jllei6^~!BTAB%({2wV(oPs*3}?*cMi7|7+kfX7oN=X
zFArFrfLS{hn5$!ob<3^62|o)+kCri1TwJOlq(MIToyHZN^!sICwg{%~U0%L0jwkmJ
zdcILD+i%xbtOj=>e?sh0#@0O2FrmbR8Xd<x3bJxd%AdtODr*2BEugU`s|RevSLcB`
zQP`u{cyHaf@z0l4askJh<(-40#x+AHYZKldj_AM$t7O1j<eoHi2UL}_p>s^I?M{*s
z1Ib4^MzB|5wj(^@4#d6fX-jWne9Yg~9^;ae!U%oNdUr!|vm-<a3S@IdIhTi8rN;6t
zImMzJ^Uru}alagHNiPnvZf1Q!DhjvQb>;IJSx1J-st6TD1#Ok-Xm;GXUCzN}pNzI{
z-TIJOa1#6k|H1r$PoGBcU++pwxy4<ME!tKaKL036Fb4rQ?pIVpj-q7bIY3VE_Vz}}
zF$rZ*$=e8|8RpR8VYnPnt&B2k^ej;l?x`J|3B&md5?5^j%Ke8@ESolQJEbd_J)1|=
z@u{YajT}q#r_RsPH*ewp3m96GJcCEfpaD%ZZUEUG8OIEQp$C50lQ!A$R7SUQrfD~y
zIIoz&<gGa|s6;95xf#y04>hl!aC@+Ub#mSM-|H_FzFkyq=(d8<ASn?gUSwC7CGr-G
zqI8lqt4OLSWj5+#d{IxAzN0Qm!RtlJs|S0a-u~VSU5pxFH=MxiJt5&UjJH5u@t4hs
z>idGWD_mT=_C8gKaprJ~)X}4rBVwc)4cP$B>fi!n+HO)J1ZSvH>4xP+4!sXcx4roN
z9=2eBhQ^iv&4=HolkPdVK?9NSfzh5R^5u-YgMOaFo5jGq?Aw?)?H4$hVVN5i(&st&
z@@qRZl^Ge^Yo~%Ah_ZeC+LvJ9XW9}sj*+xqa0afbS*BK>P`&`+?4w8O;E6iC7UvN)
zFzC)4QVZbtWcP|Yw{H)(<}SYXT5tp&ofQlV<<+2uVuj67v|Sx_LIW^?-4<FyfSu)D
zQ7-JWTb%FkVKrfe?c}^3m9qv0$?g?NvrXj<FkU}J&9&0zA~mLWGy%5XrBM8~s-vUh
z3%dsY{l||V>4q+3r>)zPCq5AUWAeZT)XarfyYU3f-ba$gj(y2@45>(?-}T*9uX2r^
z=XuvOA^Gdf^snYIbX6UCiws>-$M#0Mx@|NfSrUuRboBbRY_s=B>>3MZu}Xy>wcWmT
zJ9(EH@0A%=%}uPRGh(`uc8M-qb_&8!Xo7};nTS}_eJPk~cXSm0vupjf@`t;tQN39~
z!nT$_|1d;+&z@Zvio<aB92C42o~VP3p*Z>SB@+^15Ra(iPTi-;oGg}_>8S-}QqEa0
zRxO^9hrI`iCRChcge0oI%B(SEM%kUb6Em&3c@O66hn8B%oRfXpzM}u{JLjZOso{jx
zvyJNVWygEBZ8vguaXI37UYuT0gTf(fqi#L&@y_cs`D&{1RB$BFoGv@Dp8@@MOi;L{
zX|jCTOHGUTaPXh^LhWnh=*sL<)x&fx;)59Suz{1pd+3l!8Ika7>Fbx;p@RJD7Ew;4
z1M&AYYZ@x5d&pwl+B@5vQ*{3R%pS^Yw~;(bX`!E`^eP9G((m94q;(@+<|s%ZnG$Pc
zo>NygTWU|K63D6~poPH(uZ*!#qW)H^>KV3WjyZ<oJhY?a9TzAx@+IXpqvKMh7DQPG
z@tJNaE%E@MlA!Q+zpYtz&0?RIYws}sO_62GEI5|LmRIkRfQ(RlVgQT;H}P?)E{qB!
zEeC|LWc5b98A=k3z(9!O_0jt)td`K2Bq2)oq2+8P`hIQPpy++b_$2!%DcI`-9`3m%
z5h%T)hbqvVT4_Z9Ic;3cUULB_7T%1$=UTSxueF2_mOA?cx8a>`SW#8vKk<$`%awUu
z9=<1Qv?$zlR77hbPR(Oz)s)}LW!GK;h{P6N0<@M8-G4w~h+Ka*Fzf*m_K)P1w)@rT
zM?bq12oMdQU-~f45s$6JKyUo{A0Hr|)PLA7{KUwAT<VXuWBmPy`cHSIrAtbbq!|MA
zSo$_K!T+>p_%DyVC4g+{hyE|G9jC{CTstw~3wQNu>$}m_?+AGE@6XlknOt;-SD#-D
z@qY=qCM0u{u<6I#vvBA(CdNbH8}_1DFDP!*c=5aLpMO4SXnOPJO+|%)d)_6Qzez=~
z!uctiMsOYL*`#C$@-T;2(ydNuL~{Kfy$r@jpb((6fL&-v`G<z;$w`}_dkkKn%*aBa
z=;jBj9Omcu0jVHOlN>TRx`_cX7dq)Mq!m~dK^$9uAMbbk*2OWz(Qo~&s|50anuNf(
zn(}hRHQ-JHSnF1wE2}-<yP-LWAlMa~<!x=*w56`jy#$-SMLZh@3hwUihu#Dv<bT91
z{*+(aM7QCHP+rvo!Mq#MX%Mrn->mX6Sx6YI1utHx_fAj$s%Hn5l1KA{+;na>X;>;8
zy#UiZtJj&cCEmF4283Pm`zM_VXQZxibCWgH*xI422Y<D8gRfdT2pw92JD5iOvz*a3
zhbXn4=Ag4Pwrk@tJq%8=w3Gmm3WfW&^>U}9;gmN#Gxj2h7w666$Bsci7SqpHVdF23
zMhT!_Lc8UZ7!HnOu?yuvzs!UN2BzG&hH9cRTH2UtFyx?KS5KA=S{g`!ZR93CFoYZ1
zm&e08tsQ;hvxCil6sv{?1=S<mfe_68JriD(HM35Z-y%F3>de{>FP+IN$04JHpfwWx
z%3oa|wT8=Y%s_cZhZndtJf<J;?$Y+xrbTYO^o0TE7!Ih5R$pE8Ohuanv>Y0s*x6uW
z<}}_+ywNf*=vByMbAedheRJ&v?n(uID{Wa?$xvLrvJMbG0+vu(S{m2pvA?e}ls5>a
zNnirO@(bfqFv3`RZsg?U%a6}HgaiceMtjzul%*LGCT&{=N*3mAc=`j<dNlK$zvh63
z`{5{uYor+hk{5WK3-v~Bt}cxZ(K4LT(CPgW(h<diy0YiSRnNl(dc~P@;gx)jqJdfL
z>NBDw<YgZ&h#$%iP%Qkge2XIkdJz++>PUaMZh;Tm;CmB3Ekr%go<IeEcCplluxNl|
zopxMso99Hm?kF>xki|Hj0S<FyT$nu$|K|E+WQOq1b#ik0vCWslRFWd&ZD(;5T101X
zc>VtSJ%QN97Eqxad-fc^!?1YvU@KtDc)rvLzzSR2JDnNJv;-);2M(Nr6$Z3r53ZKi
z-R^q}4iYj9)-8@iem;=oXdw_O{DSZ3(G--jIPe7Aa#HvJCEa~@Vn#-7Z{&Cf+#R#G
zL-JtjgDEZTlk2y&95SJtB-A56M#NFYRTyufb*SrqF|bZg)}jz98|L@#BgIwgd(ixG
z8$zueTel9hPiS1e{>wG$C+zM7RkoP}Xl||iQeYyhp)rb$dv_f(yET$Oh-tsi%+QpG
zaqh2>7WS7q-reA?s3(<5delbF$jcps8z9sl+5PS<2U~#gwz*VC78J}wQ!-S+mS6Gj
zUS0NN6+{|#yYPShhy4vPYUQ7v8bq$Y+sOQ>`u=U`REvX~^@$U&w+TIlQX@OtSw)3U
zbnDOP4tJT|tuO600Z2p50MN(unI57WcBOerJuC_<Zh(y!X(>z@)IqWscS1(yf{xB4
zRufD#PVB+tOI*$p($5Xn>^rgy%A7sq6k85$*ku<Yj1oU9?Afy}pa)xAjdgTfWMrOg
z^$*az)cmcRYoq+Xtufl(RO)G50~&Goq|pfctUe?-nDTNkD<_B1klKp&R{_CHEr$eF
z^zqb~B9+saoS29dtyNir9}X-B-<-87<4K^S;~0KOvZj`Q5*r>8jOzDADJD0H7QXY^
zZ~OO-y&mimO#*c3>N<l}38jjohsTX1l7l{%Dme2#<W{bufi*P(LFo$a5CS1Ye&r-~
zc<dh4>;oe}x<t+}VnyDKo<4D+6Fy{drL|*!9SzWy7d?0|;^mqR5|r+;r89M;taPOi
zFGbv4m{0}cpIXksRP42K5!+z2E2JWD>*+NknXbn);I@3MM}2+$;2?S!;-i-0d#EcI
z%^7%e8v7ok8&Vgr56<f8g%*~xP9ONmAs;_C@*4*U4SV?VNG_F#EU1|XXAaQueW*wJ
z`**}iST!B4ZKOav#@*Un<?moO5{f09tZAamMFJKLdgiF0AW@Ap9{T&BX6;|9X241_
ztVTvACW1opFu(=ECFk8@B{=hp;2%I#Jk#I02UcZ|);2doH&anw9()5$NQ_l4^B9lH
z5#!7A@FGSl2u$S1BAL320?!#r2WYMIs}MNqm{T<15EBT-y99tC+ODD_BK!jb4+=q3
zWAOaX>lQKLZJ-1%n46P#_I&;f*9u(nKs{&yaPHz991}V-*4DFA!|AD;{>@{&9*a-;
z&dTh9A44(?0ttvm^3Ina^^1sTU_#SXWhK(&69ak90G)+IM082vhxiI%Y5zM87}o(9
z8agL({6q5R?K0BR%Cb0Y*<fW3-lx)*^`CWQ_~1{l`g{*WATOJ1`FAnb{|18g(7}U1
zkU=?BMns&uI`sFW#fPQ5f1DxL?jBcAFgG>Tv9PeHDW35=6fzW2u#{{4{0-Ts&CT_&
zB5H~k{R;d%_Y$eh-+y(=#YIKK+O@23sd?z<7wUI)N-8vbG0!9p0FZ~oQ-2aHpJcd!
zNN9eB1tNGXbt};+IA_sUmrq%GJwJ}xG*b=|>If%C@jbU;7@++4@FNoQaajmhtgP>f
z@O$mwzh5fWU0qA-98D1)TM9h;NkSZyF(^pUkJoOpY@5A(b2AztQES}0w?k1;G5b4C
zTzEYjy5r$qHZ_fxtg5Jh`1Qrjn<tf<ZbQz2(F&^R0+RC=K<8ZXLJpS1P8pk;>cGCo
z8G!f>@yPZqTlNKEvbl=b24iDm?JXNOJ~?z{u;~b07`^uP--~?bXQx;uPZIZrz!%=O
z{F=FoOC~yR&!1hK?)HW3;}|=8&1HvN_!y!?=R3-GXkOeuQ4c$PQG;_C2S+xjjQk?p
zl{P~2vg+2>*4kP}U~wph@7=$zd9M`!$ipD%H^s%^urHmc|BS#<*y{_@0z|vgniD5Z
z+?gjH$n_pZrwZVJuUsnz`=Z=c<UXN^75Wo7bW8Ds95R?3%zUp{VO|?wQQOug!ONQr
zV4aZ2kIt9b{$f{DRwRu6Abz$q6nPb^Kh)F!kc|#h?SNYr&-coQe;gSt*<nnqV5Bdw
zLgKODygK*oG}*i^Q5|dsX{g0|Jkw+T`-Akt?}`m*hAc+>vaCQ@aj>(y(i@~}bfxn)
zD7<85m(fG&33K1@aK3Vo2p{*|kdEe^cbEz(nlr&P9QffMj;K%0QPZ)uwB%Jq(@G7w
z)=Yn{5$7HEG0{{@Om`hDu}m+(Y%iH?4g@M7!)os=aA_IF7TltHFz7Adra6>?k&*j^
z;J3-<F>=0k^c`p|h;y~6AM%_DgFnfJ^o~73P-C^D52@L-`Ea%-f;!xf;;aT>WW06T
zHp9><lo@CbS^KFvTAJTv1_BAyh+|JTi%3fsjrID%gib3ES}lv1dRrK|BB4&QYT7{T
z0BAHAJ$z!{tpN2yoa&SHKH~QyVQt_GFn7{8SQx%l#HmAQJ97~2%+34pQ2o#6ubY@L
zS;km9GfvDR0oHx}`gJ^wKLky!&YhbBzRcbW<Kmt3l}HYZ<4$1u5>lYJ(7fZ}=QE)R
zMLZruhwms24<K1guYM%+oSNF%1eM)-?qKn}^8#_smrY%pi{XLx4@6iWmZO5F5~hTG
z|6H}1u4w{y9Kc1AxJLzkVk6js%d(11O(p!$oJ0JXfM^t2SsNK$wX!+~!AXkKt82?M
zilU-ULku5>ZtTSFhInO`nY(&O8xPh1Q78NOs$K@N9DK+ij!@N43^r?KdtgYE2^u?2
zqD}k*q<de6ZYVNhH3Ea^-uFbO-fmIdb?j5r<10@=EufEB>uG`qTYQ4?Q4tZ07ddUx
zPDFKoaZDB2yZ1ynlFJ71iV5rpv^&#tti$j1sN}K{F~zT~-apd>jg7T9$bC3T#vb2p
z?~LOWD73~pxpXPe4gPbg74lKWt3F-jAPwh_J>-EsoF&blW8fswHB?ek!t&!mlNfDr
z@g*RW4g!g~oJq{cN)kZ_Z||p1e~xFuz64xN0aHN9?%lhyx2hH%7&raAlamy}XCeWg
zQyh*Tlo{xW6(!`xyF?wd8q$;>Qnjzni|g4D#?AX$ym56cij8T`{`5w18;2*CcBGx-
zex94V_&MCxsrZ=QZJP>%AaMg1NdNT9USj4k&e5;JlarIK-48?<UkY&M@1bbY3_U#Z
zZ5&9jdHytd8qLJAG&&+_><Ji>{l`O*d`qJvA3XhF=X{&vd)nniAjoQ5x0yM?I_JPs
zD>_FDYeh^{MRK4qeYn%!56`ENi-b{rp+c59Jkk?&nrL5^lg`w4;4<=>cScN%sdADo
z<Dm$C*GoG<amO`fm0$&7+}nL9{CM2lLBtYDO@Hy`=fn_MoZ3VpB0qzKrqNJM__&L4
zLtLRYkiYN!36apbUA=l03{pzF{gw=VSeikHoF`HiT>kv|2vweekPg;J(m4>+%m^@k
zLmp2LkKQu0kDhv%DOTGs?*49An0O$9XBdd99K9gkc7Aq(NGY$6rW4rK&nNpMRNp;D
zL4J1;EG_2ML3c%L9yHtmy3-<6NBR_)Y^>P2`3b~782)CVOLoV_os^MzaMcusV^A<m
zPfzc(=49&u@ue;D^WJB>FbP$Z1VB5jGD2LNAjOT{hlDV=wq1e9?!5Bm)X`*Otr!`f
zGT0C%R0QVX%RoK5Iq{~$<QaGbEl*FbF6fTmOpAzUTe)`oWk&|mR=~C_q7HSHp)PK%
zd+w_2v`iozcHXtL=%-gDrx)fSjw5SC;a%KQJyOt3Vj&L5{#ABHMn)+2iJ80*EO&Qz
zPcRNXrCYwKs#2!kVP|KT8D77w=E<{vHw>{hP(lght12iUHQ_9F5X#3HrV5k8{l)6m
zR}RK}3BgWB<sdN5w03RCPQdWYcTYn${vhwx_G=dM44<o}VEJOIAWFWA<5TX`sVH&M
zLb})dal^i9gd=q{f|KA0q~IJ0=O=AW%KdwyjZaRj2x>#ZF$pcF@R>(d3s6i11_!6<
z8x`m~!SJAY*$i1D2f6m8W~^L=aOl>7^Rq2ZCyev6%z;>}m<kfJ0ng<#=#IdIdI3nK
zR|k)@wa%0niKhgdR?l;f>CV$g3x4_Km#lKgx$($oeDB_IA+L~=l~s}k?p`5$_wMOS
zXeVG1-HB?G54e19uQGul0U}=<`LDE~v-9ca5B-MGHVBMvLRheQjg)}95(PufjM$&i
z2M^OwUH!#6dt%Jy#co|AS6O;c4Ho~ZR{~89r9DU}v4sVW27P>)cRa`^u?QzIPHhGb
z-K^)&KZz_)j6zq7S;Jw9U<*dveTCS;=Hs&xu<LDLFQ6@9o<FDyyaAAM2GM(&TEjTx
z-rA!gBq%5tkm|2IIy%}gM4SpOT7^wb$7Z6)u=sW9`2B@_Hzzr8x9hi(9axhIZp4O-
zec+)<YpLJu(DPCf8yuKOh&D2BS)~;w9lckCEgR0P|0}Qaj*$ab5c;C@a4GFqXRV!U
z&kjio_dG|}%Q<B&5U9~k?a$Aj6m>$(^9uvTaH*RZ;}==6a|u+T84g`p${K~n*Kb>9
zky}}r5*yo-pFalxs?o?DUKP`O>6>EgpBk|exE&G0mw>)kCodvS;ueYA1A8lLZTnKy
z`4i6kX&XT#K>s3kTKDVf>h!m?(*8S7WfvDuXu#z7DAWJURD}<4bAz!@Uil(&P!`f!
z0%ZBA$xGDkG=%V?*u5piiegnXSaNdf4vAefLpeE9FrR+EL~oG*rhGd#P-8}_b9$-x
zQX9kCrIpP;Qeiw~o!BXG=`V~BRGvAxW>kx3ruTTNDr0msy{vB$8p&NAxKE(APrACk
z3OIy(n~izg1|U1~$i;X}6#5urq|w0BOV)zxn_BYQ$nwfc2m5B4eIku$(R<`Es;N;c
zD3Eb%dg)8*j`!~nywt<jO=2#QcAycpJo+VkN*y)0`7y-C&-f8_3kwT!DT#+CAv8qe
z`?>r;v<L>@TykeU&a`zC^C3b3Nqji$tl0&f$o$y&ZtaX>n2kX{%p!5+IWR1kfS|Z)
z@7|7lP=Jqb!N^TsQ88ErwhzeD7Z+w*@IEb67&SFDh&*m=!-+BuB(?xTT$Y*P_`Wov
zqU=)34~rY2ijw=x0;VC4s6HKRlpYoSpjNo6AZRev7VJHFM=L(}#tj+RaG+Sw;Nzuk
z!?pG*zLvCk8WJ*vo}#ImlUiEiDBiO7IKV;>h*0Y1CGrp1$n^92S3N3J1z8P;f&N!d
zo;|b7U+U6XR=08GO5J(Y$lxQ?;B68z#Cwd#+hN?IqOy~(g7*OID4Y}M3MM8DVU{h9
zHZ58Ga>fp%DcF_PA-%&frmv=!$YXfUrKP1su@`=h73DU}sm#(>Wn5eyT6n>89vB{C
z8R9b+FRy|2_vvZ$=$ZnIT(N4MpIh;a6Vwm_;H06&KV#Jd4r~{ibc*5d0j*;3+ZIg?
zjrv_D0Xp_8T8xhI^PhcwJb3q!3q3eYwH$QMc_;@L46Pb&qgZ}eWGz}O)X|2sj)J>h
zTZ79L4GjUBVZAau$oM9kzHLFLtcT!|x^?80VR_l8q{}(EuiBEGX?LKR?c9WlxHc8K
zuu^147|zv<s@N&vvqE>P%asX>M_I_*J|u5gvnC3MzV~nF5S#_?l{9l12GxbGnWs2R
z<Sd;6sAwf>*54Mo^4DJph&kKIK_BUddVN#9voF>kd{|Ipad0JQWu2E1E~e8@Mz$q&
z<$E`<{_)34j~R#T!0ke;QiI$T!GVG0lYelMwpot=k<-vguBfckuzfHtioP%BUt_mq
zYk*vk8d9Mr$P{jZa0Yg0Z(pChyN^AlH^gsC1c99|OH|?DFqsKS#{jB4DqG;DJfB*V
ztTcM~jUGmnzxX3RzhkJDK|o2l3(F-3?hFd#1_GgVJ*@p#$>N>#p6Y5F9q0me7D2>g
z)=cuAN{BqPgM)+dE^#u$t0mXA<A{09rJxLE`g06k6kYEYsg*VP>eVX%iF#9h)e+_i
zlJ$U8Fz8C;Wo)e08hxYCkdXBDo#fn{oCeMnQfrdX3@B-)Q}|m(h9jm+%M`PF`0kee
zbkz=Bu2dH)qb(Z;H~we|G2g6^KUdl<z!UO<;`6~If-h!*2eT75i5ciPPFnfgyjcuY
z4qzKTRk-OO^|@4qIkKRK<6wm76$R5K^fr}$^l5-H63EDa^0$#=UwX1s_<!3%G#XG}
z0$Okak_*qaRU25_(47Tm&ZKPJtn={INis9smTJgP5x0BgiH#M62_j4?3JUeg>LB(B
zY$Mp&nI2;;Of%HpPiisG6s62Chc+wF$S>@FM-$v5bu+w|rB`xXJK)GmpSLCwd@+#3
zSNvuut}v;7hGD}@J$d_sWeh{weMjWtWa}_udhiYO9?0gVE6dBD1LgymHT&F|^v`h2
z0g&BqIG{qRrXvqCs|rgkxa3qkUXu&Io^g#Lbd*}$jO%@SF910-yNHM_%18M1U>89X
zE|wplT`?uI(EH1y5HDHbB`y3itqsiglJ`=4s!VPfNxm?wLc6Z#MPBdvx?AGrPr@16
zQAI_I*lcwQWYpE1`eI^YP?%I+uG$^Bbh-lZUqm-fi+TPX7Ea61BNso@BM<R@^_LoE
zrv!9c+1RArz6nNS(iC``e^1)ZQSoh^<gGspu(h~^_BZa1)jiFrCKw=o-quzcjyN%$
zky?<kRF6b$*ruSM@Zh0TGT#8^Ho1cR08SK?0q-5)y0tYmaUNr)_Y}LZ6zdhi>m0Fc
z7`%3E8L@cz_V3r4V%>xr&lcBeQ+MDhU}BXxE1dp}Ni*^#WjBtuAP4kD-^)h5J>YW@
zaMQ#9iecFM#6HI{kHW3&hQqRg{CvzytBG6Zoa~L$)<PtLgOVII_k(DYI9?yJs;;Rg
z?fFPjK|w*-*@Rw_hFa~n9*!-7qvH|cq^r2zj$q;x7;frJF-!xD@eb`{n37Dm0VUh~
zdW3M2KpU|>sHe+Wa_BHU5q|V}R#sMKc$^_=SOu1ngM-gx|GdKzf8iZGnnT0GF}m+^
zZJSRT{V;{<mMw1)8#?$`7RkO@kJbZW*cBM{!%#6NBLe_~8qUNMPYF}V0}}*GA7hv7
zy*lbg!^^eP%6QFA{HA86roypvdsh}HeR?W}xb&qxX7bUGk>x~^=hI;=jCQlOkCB(`
zje+`+-(*`hLKb`)TC@Em5BsIfiM&MO3h?DS>vvmNT8d)`4P=dp6)XR4u35@(mVWYQ
ze)2cV`L}%#{{0`I+)s=W-}*15Ngz3YW9k2keBCvkkc|<xQyQ;GRdY<%EcQ{|EB?8o
zkw2|=Zbd`ImQL2tU2J}B+KJCcEFP?}xjNIkqlTAA@`%TkD8yH46gnCBt%-5hSLT=$
zx>7#iXoB<F-rE>@p6Shokz4iK+n|^DT8}JUR!(k{`A_zNRn9%WME7VXqvwv(!wqQh
zaIZE5HUf`Zw9UQ@=^?Djh%VoeZ{Ox&c=bRy2fk@r93N)g|3M?G3HF+9)poi~UFo$x
z&;R|04QQjWfm8*@Bs3m$B?ruH@tm;O^f$KosdHkng*rC9lQHkxy_aM23)|FeXWQh|
z_L_kkJofinvXhSf&LcDEen|F4L%Y6(Wpbj>eZxVmoAS5z$o!^vsY6#uzH8yz?8v+`
zgVML(-oISNsPCJ{mCBiF5`4ZR^q_DG70sX4vDwX7e`uY_JOl!XaS0t5&-h~9F)=YZ
zHRNf~hMh;hpwL+~f-)t5(=+A{nA3)|`6}ck?d?|q6&QO?1o5x|IReK3c*PEbn`G`p
zKW;NIlWxm*RYH}7`ChO*i}OsxbFsJk!xUiKMUxgEpV|E;KY?8t|6n)LB#V@2sY|Vq
zSinZ-aP43Hsrl#fdZ56zVgBphJ$i<TrA>8&=*2k+Bnb#udd$b1zKmeJMbzWA`O%7W
zsQEORJ9;Y?faai0ceK9G2JO!{h=ZBI(^|K^{6Cue?s%&E|8I3&U0td8UP-0ps%#+?
z$to?I>=7Eqg^cV?b<rkdWt5PWk$udfVH6>RgT_JDIU!`<&(EQ*-?;DJ{rmlKKOVP#
z^5`6&^EvO&d%VVTSfWsncG{f!VIQHW9*~=pgC3SfQ(XOurHSDd7t_8m%<yW-j!@fd
z9|->iQEcH?Myk<u5O*HTgIZe4v@Imf-ML-a*rqZvGMr2L;PJO<FDWz#oo-->Gg}vJ
z(L{xMfrymjql6n9!{U!Fb>xYO=Wj83a<jv&5iZ@STcvTeGb@m`mH0^8V|VH31pm@M
zpu2VtR2#sds2-JZU8O`t10FEXWW$^@&sMU&uZd~7J^r&m?*C>{-3!mnhkeUa;!?tT
z`Bq^W86yuWjDeH4Zd-VCV!${yjnfrnNyMxI!<2eBvHb=p;M%TwZ#pgj_vBYO?kKcK
z4k_7YeEl(&4BPDC>&XYwS2K(3*dBlf_)d}9RkuaT&0Z&b<Ge*vq8-XT6CsjO&pSE}
z2?$8TOB=*Z2pTl^R2b-(yTR7!$1*#7cI~7}y+DCsdrQy+)@Z_o?ot@dr49zT8aeuc
z1pGXb<nH0I^~4241v0MG(sf0}#VA33d3Hs)MO4*O&VO$e#50mBiJ}+6RFvUR-F|j9
za!@eh&YkbixwYmNW=~A~%^1}QNE%_pR?EEo;6W%vBqo}&F|8{FBtiC{n|c4qUb>J%
z{Zy{kigkM<zM*TX$2Tiesl^#_<b+cjzA;*J-8k;hZC}SG@@=X|+^Xx-X`?P;r|(7a
zg(&^ut3NTTYsKjTMM(*m{BpWtuzy+f06Et1g|CPs$e3&si0sTv$!&uuns;`08`ql2
zm34M6cTc`*J^wpVE!COp)qC5Iv*iPY`p5qyRfR$vLfz=)+NFv3R5Q=wggu_EYR1ho
zSd&Z=@+vBtZG()iQ}e2-s*hQg-_{(q-Phv8QQG$NCHh%$Dk_gM(21fvuc{(gvPk)l
zUOlu|KZip?!ryuM>~Sj&%=*0{qpB-@RXp*y0X`yTrr)P)vQ0Ga#jNq4>(5YINvUM>
z=8K*G;)mfWny4(NNggAecFAkmzDqja&{enp!YsR2!g*%htO;?6<1b%v9x7yV?c^rE
zO|#kRCGhHyZzj|E9hV9GO<hZ#U2^o7(oK6$o9dlpbROD!I<M$gs#AePNp()fyv>f~
zYnZ3DByHbAvP*M6aayS*ZN7ENsy?Dwkm3Ne5N?%p(Ee-ob->4O+Z;2^yR*Wb-+wwI
zA>AN<5DkFaH`VrUcmDSNVpIV%H<!Lw+%LLn9F*3NwpD)V#Rt~zAsJ@dp9=IAx}j$<
z6Z`e6{DGJ|k=u8$Obss_3Ds;OmX_a!yJUz<B63hKJl3r`>r!l-ELC+#<ZPhmUE0H$
zUhk>-(^XHv^9nx|E9r`c6~6k{?cXzcTCj$mieC4RB`cg)$(q*rCO8X?IB{Kp=O%3n
z=2lk4ef=hJFJyZky)lFx{Mao)DTrl}Q48(x+Uum0dAe-VA8Z+hyX_{ZHWmk4d>3Ew
zekfL?!XtzA{+&cgtNXJn4h#Ye$G!B4kJpZ?O+T`#f6`T3?=!<@a$SLXuVOrq+I0tV
zOt&j?H+Tu1*4k`Y^A%7`Gd-cXt)k|SH)iUQ6sI0$UizhCA)3F!D&GprQG(`qgy!iU
zH!Apko#SaYV!b?wguYLxWSLQPDWDH06J80i?b{yRIr8=Sby;cC3t&-Ddf0vR9!jQx
zcmm$B+u}U4vCp(w*H~z>l%&%zj2~XWdc}G8{lMb}cbj)84jAOQsXg-e=)ajyHxnic
zd(K~7zYPVPD)bcUy!z^+VU}96vZC{$KT1{TD2)8pdDZ{qmT7(JEVIi{YuUxmzIu9k
z)$a*SkeT~vW@Q*S;}C+{kPV{nm{?-|smGk`sm8?imlo!fBF#=gi)Y5tLfG`n+uici
z#8s|PwoeWtzj(o&_8!Uwt5ZYfS2LxC?2rUV0cU%I8u}4zMoEfcsCWf#mr&$%;#<^c
zt72s1w@XqtbJ0-YQ;IjPkh<MDxkJPE^UF65`|d<lPige-+?kx{g=VjJ`5Y<{8tJ~n
z-`U|BlcJd%Se1SD%J6S>_AOQ|EA4(weX=;yRsl77p4m^}p%vP6>I}W%Ud!b#5?0z(
z{6=4##BW&e_}$&}YSCisb)DipUYbKQ5mOeok?s!qHpO4@I$82;Qg)$eKhHrezIT~M
zo^T=wEsvUWr*(H&5LpmU@2B0iYTk|fulCs<xj8;iNDKQ)q3Y-r*?ydI>_1>T7jz@Y
zq_tH{_{nJ6`iaJqHdgOa^vk{6Em;(5;-qI$XB)v|Q^-}Ca1|9Hg|^jYmF~`MQK2TX
z&UH;W!dO8)*IZ?G*U_XAm#=RVo;2+aeZs<}3i%Z^1(hioPgTZ>;ZEJ?<i#+C18S-N
z+W7}3Cj@`gIn&$bVm`+t*;7lWv-aDb&O9w)$%;b7OW?Y=?3ySOn#m1+trZHDkKfNR
zMPgUK?>riEUwd|PEUfot-6w_XkBcEe)|RfTX5LafaZ+Qq%9&{w9OpSqX8!a&LG8_D
z|C?z#8EG!|drsWCb?sJoAu-T-XH<WqWNfVUt1X~#+BtfbJ|5;ws_gcjHEWpQsqD<t
z51X1EQ<7kSpCn<&SBoq;|3W5$lwI*>i=W*;#F6qO=X{H~pyWxm^vN{2K$bM$`?d~+
zrZpNF3&4gr(~9tHQte!&zdoYcFeRGK&-6&}5>MfQ#iHvol5>$HNvtw^K~n*9Z)&8l
z`2f4D&p<e(RRhfebj{mmZwmdrzb8@sx5RACWVIgj1=%7&o!exN=FekTa9aB;yqKzd
zffkH5?5>W!3WTx*o&KY=PlP_Zt1FHMFyZO=7(CGkFms184)-sbk5rWuRl~v)?pEtf
zTWPp;G!ONg_=H{3#xt0*N()U+N<4mZ>fNfdm&7ldx_8?&%5~RIQ)jpLKc3w|)K7oG
zHfpm-^Oa3&EhQCvUHtwE{vgAgCb_tc;8Vg)PGMq}{*0`N3WhLWpQbjYX`ASCEuz;8
zst2cl2bLuEE9RVSdqpEs(Z&xcNj@sgS)dXfq#bccV6Le|N{7{oIW(*=O)@&e#<$Ad
zN7gm&R!CQh7itAty}zGT;=S9IGW;El7s0B~WaXBXIZ8ee+EeE4>8DG4j=H$#T&Wi(
z8Ir8>ZMh{Ii$-OQJu|LT9R|DmRVO2R>muyhbHar0n?;g$NG@Ex3;4-=l+XSRcqV?y
zf}8`HnxAtexGv@{xa+*!WbBYU)6P4%iBin@Qp!q)CgY0eu}vd`UpK3(h;8pLI}W+*
zSN^2c^Si}n-IiUd6D=6^(8+tRb740vYX16NNXaIF?sWC|%lo&W27$HlHnC<%<2$-a
zN%K4z5^LA4O(i)E<m@_nb?`tdta<o30|Qmj22BT(2rx%cxXG3H%+oY@)<$*4<kO1I
z_Y1OZk#vdKh<=Y&xZ>9A;<d6Do5V#*&4vna&ZN87dYLM`V>K@}(Kjl#wz8T*!-rkQ
z;cmLw3XJlJNuA=^tr=PQ8@K9&%azHz=bLEubnyRfKDLo}YJ5E6<Mi51GK!<B?uzll
zCxlGOA0GFV>Gv|z8xdS@(y>DWLCt1e@r?1@-6fwvhUyI`Uym?xPeM=YrC0b_2kzmk
zQitTUQZ>vF*e~d=JP4#N+Fq)5*Ir}4_2^7rIQe<vw8Vyruiib|hq7kV%e!;`y7}Eo
zU!Wx<Jat{^;=<|x1+v9`UqL&eSrhM##}*2VjXs)sIk<}QBzjD2#cDQi(8b=;)vAvT
zIPvQ%_K4cAORh_M1j<3AE1PIF1hb|kwjWcYC8MR^YpQIWo`Hc2ju^7L3ENIn@q>jD
z);*(n$r0<;6|nF2PZK?3s&$K6nQpvCDSR)hhf1~k_+|ua=RQ7sfteCf2@zC1n)whB
z*%&>u?E11lC$wqAI63+nTX%A^y~D?S7b3No7=6A~oM;rjNch;rCJgT{aT-YDOIdt$
z&}EK!#6#QKdK=r@B<hYckz^cNC#Ry0J%kNc&QQZ1Qo2dSf|5{~>1&H#Sb2Q*jk%L`
z25jPZxmB4lM1lBgijByGxou5X&mTMP>I~P!4i=AsQo4=nBHtBF-6OZzWsd~-E_ye=
zQ1TJ^GgRs0*nOS9V!y8om1GNVjj65Ba%e;03agS-RID(hv0cJLdB|*chP)+ny-BvZ
zffo+;sDlIBy4<bSa;+cSZ0vSqBB;b=KA?a@qF#SCaFBF!(AEP7>7P}91UD9&xV-%n
z7yd2bwa#xcv@XLpC*`9X_mNnd7<Dw?L<++r_fIGt4PIg;Fa%U@D#d1JP~zM17TwmI
z^cyz<we4DrMs{{h+h&!Z?a-D#=F*laE#lSMU)r&zPpq&a3Q+%mFabjyBj(xX4YdL!
zP17-KSMUN0b=-)tV317SsOYfST{^!yL=sxpyZ1^}MpEkgV`#wn6NWhH5DisPfhHge
z%Qkj4);<21F&Z|rfw3BkNfE|PRMpG~a#B){W$WXpaPphzio-3mrX=g3R`&V4b4m9o
zP}B>7eG_-eEoEaI*G?6e2dxUvR-Irg*mgmvhlle3ya*$qO#Ys?P-0ss`2c!MU0bto
zMz6VEgGwVo8O`H2<H~v1?LO7jxj3uNw98uUUgrEPvwDzr%mHh<Xr}Hpt-=z-4jmnn
zn+K;^J8plClb3#b(&gUZ2pnc887};Xp19ZPOvs8BvddDF5z$odT>SFnvzjz1)a=W6
zZ-hpU*R<M8FP-k1*e@+ZqU|Pi>^GZ<;Q>xtUybTy(!?YJCc^x8v13>Y`FVMBUlPQ+
zVct^t;->H8Qwe>Q$8RQ`<<F?T!O9;udMNt512@wSnTMRNmIJQl4bz!8MG>9=RWW%4
z45siyg9R6x0-J4E`EY26UPyWQ{H0QSaie>nV?C5MOWNjdi+Ar67texm%d5axLE|ya
z+=(*##@gC6Ie$io8xRpNSG=)<YYlA-C`4o8SeL0gDRp#80U>G}M1Ce`JDSb&xodo^
zzdd`J=Iz;jb|Bo%efHPWYu_pL<Si<-_xk{+rtI<v`x_gY9)FfR%c;A0Q*E!kL)*g_
zo<JoPvWw&?gtqmfvuKmQMVQtAt)zkrU9E@%K65L_NHm{fk`;-cJV^H`<ZyivM;6d4
zs*XIV0o40b#}IPr)t6v%4a(T)NZ+cgeme;HT^NZe?qp?Rm*8`p^`S~-P~HuQB1%ay
zE;|87C!B#jaBLk3jGI=Zdeu+6P|3&p)E7pF^4spA8ZzJ<T=zK_ifLt@U50sX4T$&n
z;2rwZHrxA4#y%H1H$YLIE@6`d`LQ*zA47Talpw`4n`=$4%@I%$WG2T6#bbB!?jt7@
zR=Lmxvh68X4b`LzqGulJdQogz1&G6wUaLABY|uEM5eTJN%Oj7s|C6ts8#nApm*8@}
zx+x&X0YyH%LaZeE-z}H-@V`F`V@vN?&h@+;cd|yFcW|{b`jvk*u>mf1$^P%v!sVoj
zAQk-hBRa}nQQd+2KK&suDAE}df>&P)3d{%Ic|qJ0QbUCUH8&4dpna-n>yW(dea*?_
z#7Er8iPsY;TKZe)Z&BZ$$eDSM(j=zKYureI2*=?ysH2{jY!|9dPEJgOpL8&~XR-5l
zDt=$O<OzdMO*<<b#gBIM1sQxv9XQTHv}!pIkwVp!6;)ZMXcl82kKpIQ`>u+`!v|Wl
z6)^~RL4z8yNuFF4rQbfcWPr=FOGGqx!-mkrXPFbF#4YMVct7N}nmqV_GDGadCHyw@
zQoGh!=2}O*LG3k(lhm9U8m4x)jDdgoWgaoXBXx|7yabO#@f;LKi97>dnh{}39nUp)
zeP#pm$ZPXE0oYQP3oW7C&4bI-YUUihY2pJI?jB~|X{uOf)Iq~HPgSCZglJY(?#az%
z&l#gXSDs6WZv+KgM<iJBx}^e@a>cZcdCmIsZ<hMN=M;!P_1_G&mKB^}KL#y#svrE#
z?drdk{=ed+P-e5`w_APw_q>)1H#kK|bw1zkmrPMPxsqRUa=zl?c)`K(5<R`oQZlw&
zHNskfi4Ib4`krIVmPj$w)auu@;aRNP)JoPOzT#MD<h`=}tb{joUX~~~{BE)(dEX@S
zvXGc?IK(6^VwOE$ML%y>6n9A9@^w19_YIh<jHl!@a<)541pWL=(bg-khl~E^FwkUR
z*m$Yv`SaC5O_KGHURkEy-1=g(IYORLOgR<cs_>0aOj-I!&#|(RBKb`Weh;}{nNZzV
zGw}F}h){b<*(jeKsb4?tks~q!8UAr>P^bXyCn+hYB#->caQMlcgnisv41P_JU@S;Z
z?ngO^Fe6ZGH9Z_wol+5%#X31hSN(mcO3le(Z?am+@L-FX*~KbJhQq0MA|n&!@=#^0
z$?oRi)w&qnof0DIORT)iEg>b(?`qvs#@9%oywj=&)hTIL0kG)J<=)hRfx_{WJ*<fa
zD=PCV<CfS~C<%;kGBDiO(T}_7U)Zg0VG#kf*86Tx(zNbaX-Jqv<ZoKOl}`#(syR9N
z332-+hIvzjM#QyL&xYQ{ZS~nxG0GYaeRRqftC~YZ%srZtS%XPY(fKy2jbNsvD~;sV
zZlYM)5ZhDg9NqW4Ce)zUZ|IW7hAkT(hkZ9L<!H8T?;9>Y|LSAHtIKkBsbi7fe-*m#
zDAJ!%FE~bPAMa24`ZhSh>TodQ$)Lp}L!cn9%4P6ddC+Gr2nD+~;JjhIjIM8J2#T7{
zBOTi5_UKl_1MM$6uu5AY{(-!|0zxE&SPY7$8;eOcS>Ue+j!%t^<z#19*Va-&Pat|@
zb0ENFa%rJr^6B&EgaB`EA$gUk#B(oh;QT>>t2H)SD^yJ!iAPQj<9ct0ZTo05SV{FU
z1MktvLVN@gpeYzG9XwIbkM)OzPxhSThOipa92LH5j+{xx(mqiUYPx5`Kp3XUT|=)&
zAqV%AyyzA4wb2<n;%l)$pRZ3iUDqhoOk3%ae`jj%`!vY@uYYab`G>u<dUqOy`ZT`k
zZ15>XQ+T*8RzLZi*;&ZG*nE^fxE3Pr!G}avtI={ZC0$ZxeBIoNM#uxMy;jv3*?v#A
zMP&U(Y}$&<61yD@Rx$VwF3hh6)F$?TwT`|0wTK9UX*I4&Me9Nrn14>C@YChP6`oUZ
zD0&d}#jr6yKWi>7E(PC_!cK^6%N;^h!@9?l=FJ8WV4?$x?tn){*?>qeGCW*bRwiUL
zhOEu`%!l<|*0Mk-zJP6Vo=vA}-x&zYJ-0qSo@safd^12by1L@Ni~M8y@R+>^doYM0
zNV)Ow@fp<A`=qF}WEhG^84?wWhqWQej~=mJ=*7U9x>-wTyM6x}ELHr1jm!3BgUKHD
zvj@|?-he`h(6N9bC@9QpGIB#{LDyxZJze*UH+2qkYaM^jjceq=;ZN-U%6{`g`{wvJ
zKFN~eRlj!s&RCXj7Crvvj(V8{eUPpf?RKx;!Eo0ceG+_WK=q3KNt~`zG}#nr=GKPs
zFLr)g%fzdjNd^o6vjMu8z}Ttr-X%rdy9cbBVhbBo^w3Q-c9;U{X+H$=P}m1%nGnaH
zZS;W5IhT^8_slxBa4Qk7d5<$Ydjx4S<>i}^rw#SH>hlNpKFQ9OS5-Y#6Wh98T^Gt4
zQ6gqCGby*%)wKn?L&ZU8mEp9AFZ!KTj|FI*O*I@6f|0`G;-ybw&#GF?Eo~p?l&E8!
znZK_OvUhPFKj=K8bBw|gD%nz|`Wr^YbD{EhS*`Hs8Xw)vG;2%m`dMmwzwJRfwSXBr
zhZJjjJ2MnWY=EW)6+%{+G(I{iEG(>`Fn!;U4f<0)D9)RHK#YU7cIse+#rgA^pb-I&
z<&N;F1T;3ZWWjfs92*O1?=EHq8vuZV;-aFyf;<%9!&kj8Y%mG{J8Mr>TIiW)gLRdq
zpvx9dU^HtZglN=q*&s@NRn^fx(Tkrr^36@%V5Wrc3{-66h#`0SIY=eQZ906r>C0qv
zb9C+Z={n_a=KSo5GN<NQ$0X_dAvH>YdQAOG#-3M!c8(Y4A<D7)&<X#GhOtJc$p!qo
z3M;kV7<o?47>|Xnz@qV-Vt*SVnL1qTT{2hVJ|q?uwlQvUOvZ`wS71%7mZOWarfDR4
zYB<yxcp|@l{~Hfp8!l5sv0-%{_8mNUow*@1w8=wC(7UZMEUQ_)Zp%L4JlIgV%U<UM
z^=UZup;u&7GFdo0d^Jdu<On{>I_3K^3D~?099(I}0oSkBM2T8BX>te&35{fU{jGKI
z;-|mY2^ke@1ptwnA*Qpb>D#DM-+ASEUd=~aCu!CIXTzL0ol*}S-rCQ|aT4+wZEZWv
zWKg#k@q$7;TS0!lcX3S@j)3E#<Ww2NI>W2r@;7H9knYJjym0iY7EQwWe#u+VUbtkA
zFxmzDjoo<rCbpyial5WZ8>F@Mxu(j{6>Bioo*teaCrywfM|yW`-IN(KCPiqfe6Z4I
zc-j*j9xj89F_fYclY8P|y%ZLvjkRyqDb`;xLyoO`($FQ|qa3~hhSlQTZbx4N=?aTr
zNQ2r9ynk~3@Y8%ODm1Z?y`qy5p&)kQyU~y%3<jT|8`m}a)_ZouX=DV5f72D<Atg`5
zhnh9Ngur7<11;w*RUyI^(l?v?-}l=>x}J~JnQLK(P3;<xK7$a!R__yqYEMQ(?3JqQ
zWY7G^C9?|;Nd`I-q|a9R1-_suFRG=yWwn>KkG^Sbt6LX0CN=(LMNVfSe{`X(q+{#J
ztg%Z+uQp5@zdcv}q2kcc#r(YtemK7w7#k4E!>al7$VhBwOAZc#)->(9uQIMMaq)b2
zOHqFRfdfXc8U)jo*ABo9kR!}=q&>c=hheL99v!$TRQ?y{OVjRDGTK0>=OfXIj*Lv%
z;M@a~X?}OFgwi3CBKt;M5kLm5MpN8en&dA9w)4R*_a(bnLxiN_>Fo~w2b6d3yz=>1
zUb#G<d3yc&wan$LF5iM!(h_32bIn>f^EzFrW2n6I@79p$bw459Atw%{&$8Z61x6Ef
zk_*YN0*y*qa?N@ndtPwi>BLhOZnZ%s`2!<59@qyQDc4?GvNCL(Ov(WPu*|D{5%CIk
z1fVf*Ucdh4b9)ZNYILLx2~a=u+1*F-+YY%>AGcg+{8Wbeu4QZ=3Q&9O(Cmsk35;yv
z0b$|BI062;eLx6fBdFb7!$J6SD_Y^)OsYJ|o*%3r1Ji=iiY}I+&W?^WC@u8AuWb?p
zUhFoKc@{!Zjg)_(y|%Jajw|?pPIlP+;EO1ctK@L4XAxIZYuL^m>=4BfwA20NYm?}(
zvvLtx({$GRi*Rz+o1*(!E-zZF+u(HZVR*3bQ^7n!i;h*<c+|~B)b|(X&F{QxjN?w<
zX%io}GrjEy?aQdFlxnOF^W(4IWQGbH`*kcLc9gi>pB$^-LmDr0Q|R^Uc>09JH|=+3
z20x3&uF4C9rofpGw;_(Am0{3ACeOvXcAwfD-WN>1ZqpePjq|qLYZ_o<OKfPs-?yAl
zq3ifr8BnnY?POsI1v8*8mJC-gLjwaV;dcMEn>+KSi;xEA$P-1WvU2ShNJKIAHe;XN
zykW!4bD>Drd7^>3gYbPN%y?lV^H_g8SBx)+qPj`1{HB&09*UN4)k;kTeUBNN^L*({
z7fJpeFGQB&Mz@fXtE)WZQ78H^iVDCMA%vy5xk}yQ1<hpwv0C-ISBri`j2CK*e1szL
z&eMEg+54o%*;1*q<6qdgo!>QcY#3i0e)Qv=QZ+_8I-69u5MG|r(GepeOpOiQXklI;
z7uCG#k1=-PvTI?@(ujZh#Nceh(!m`-p*D6YYc^X#VnBT_h3EAeR)z=Ps;i5#Htc78
zxC8v(lp>WbPpX~qbA$KGVf8M0Ch<Mdv_lnfudu{|xue`F2A;6#t~b#~WMpLc^g~y;
z&u$d`8T2OB#8$ud*b)(WY%L@PcJDc9EV1AqhOcyS1%Y3&IOY}+wIf1al6dj@$c7L~
zbzLe(WjU9S@#yBXZ{LgNx^M8_vXP%j0^@Fhc_teozqr2LLgLEL<YHDbmX_0N{o-YF
z`AUWlyw`o5YX3Z`r+WYAAI4oCzPd>Aq#2)cup%cY{S|udFQ*j@XYyXXdcz?RP#aa*
z<vHaZfDc@{fu-E}KY4vEgL;?0!%uMlvExf={j!b$J;f)Eux#F+Y{#Wkot_mE&A5NC
zI>^2ejS@fqA~L$=-|_kx&3~&b;N}xj^6gtE{f!SyAp^6_r$fg6AK*aCx3a_u{&_1u
ziMIcH3hsAyrJWUe%pXoNeZ8{!y)qp;je9t}Mx;Nh4blIr4hC5VKX$37<|~((bC5l9
zOMp@n$WwzOC{7jFIO<ese5b(;1!~#`y~q`?g`D;*IrHo?4vo5}V1a>?eZVQ@3M6~_
zSY*G!nf~(pK}PfLQg<B8&E2q-J5zlpp5SxIsi~=H7lE9GzB})Bu?t1foi5s6C=^rZ
zU;CtN6Pt_c%&P^d4HRGg1RxMgA#}t`U{SGWzSG0u2bx&#lRG%}f}3?l_Ud$xU9IZj
zsIc0$EgH?n+8~_~ImgbaL7P3G4igqn2qEVp6B5oRK7Z9u#^FA~Ug0Eu2NmV?k3g7%
zEz@5nHCH|Q+~n~`AH84`)Hy3^o`M@gY2&YGKta96Pb<6<1o=84&H3!4%hbO;EV!^@
zXR#x1^S@HHPvR1q+nUbk5bes{fR+I`eOeZh7$2?ijXAq02L)u^q#VC7{W_)@!R`Xn
z&RZb@$Lk$I+@Q2AfHRj;b#-Q-R%>v3cjTU%ACLU~=2tq~^2Q+&xVX{VZ?SCHFcDIM
zWCGwq-@$j52EBlG)&?7{M-b1!g0v~c^Sk&<{NHM6pBjb|2Z}DR=P?Isc^}>HG1J~{
zQwo|hTal0SS8zebCdwX&Tm#Lm&Ts!qF6GFS`W^XlDuK;b$(4f!%o4q@!+a3bAYr*s
z)1G~S7c?{gC3fwKpOa9(o5%hY^<PQnL5_-%?Nem|o!5rbs~`t>c%<KqCQxCD!&YQF
z3(L@leHR+y%B&WoJtqmwe{ju?GZY~mSJ}r4Q}vCF3NEA^S8dJ}E86mM*LF!e2I_ts
zh>Q9w`mlk)3`FU*Nipvc@Ez7h$aW0G6w?(>YsVuuxotvg`<F{GHNFU8+Hcp{8OOf=
z%h@y`H#ZkIbXVux>)_+GKUZQ-BXfafu4)97BH#H2Th<tzI~Q^nIZsVRe0<@%sKOYF
z2H1|z2a!S02ObIlqfwL%wJvbm96#cAb)_Dp-{-n1do_J71=vXG>J}18pZ-owT$uG1
zsPa<tfZmKr28znKn8IDf&t5^~de3@Rz6iT=4FtTgzBdn+1_!2x8x{Fg%Z$psNP{QR
zaN5kE<f=2?lWUQ+Zg$pW7pbaw{)N@-S>dyl&xhK6=_Mp7o_TS)23T+v(}x3Tj?aXZ
zpRqjQjEGq;6(ZSXIi3DdLZ12@iwwv~UW>f}&Xl*=XkdUT8nowT_mN-e6+vAoA|{4o
zUzc}9IC%t$`(`X-lWit#wFKG!Dw8v4VuM%-y>|@^2(&k{^1;6ktGXwhPFdLM{>o)g
z;NuR)r;xJQwM!WC{PlZU7Uu^GMzI!pKkQScDesq%NV4g48Oz$JSf?_tu6;FOdvc4a
zWA8>6jHkxQj;N+{S|cZ>Pfw3JF5Ecx`iPge5GJo|p?B6tvE81uDA65BkM@^QGS&@I
z-N3db1Qq&xzkPWE#$;`vw3ry+jcUTA=E*8z|Ix5*Ujq{hu|kS10`;-<Rz4n#k;flb
zl%2s8D!XF~C>D<UyOp@T)Z1pTh$X4inXGR(=V0OXr@dpRpdm0o{a8Y8-x@*#WPDV@
zB9h#D(X>(W8hBttRY`yZsmXBjZqNm^9K=1oMFIdui5$UKtxY<1&oS+47ZAjcRAc*w
zhoLyZb=CLtELkN=MEmAQ-d9z|_V_A!V`F2&5$I6#FqA5&U7p{X#5Zr&t&(xo&H8Oi
zbH8e|PF6##-pu!;fC2lf7?9uAZ8>9M(UzpN+1XK}%G)lm^BN>2cQsRce9xe!jdpV5
zh@&{HM$mYXb(kK7R1q&&fIfOYM&P>*aucnXXz?qzXpR<c<`3KKRDI?Gys4(IY?bdz
z9uV+7Ahp_?3JMo?(4oEpBQbtwm138nV$i<R$}^G2umtV(Sp7$<1pVA%HH0_ay3X2K
zt4=Ws35U8yqjVzFw_L9{q}sLW#BapYDRxL<8TIPwXX43*M~R!8Tgu1re($9DN1ZQ2
z3!q~)pLn|P#g-jAM4{w?_^LmaJfLbFNzTxFBBw;fI#cP=leWW#-58hlQsv(0M#npO
zc}^!!CPRIOQbc=maa*G;j||$@02Zf7ilyDzEhc7*#%0>txNwjwAGLROZX5rb(TB2+
zi`3l3OaOlyE)#2YCg@-1LrS(cC_B-#3sE|Pv2Wrc&6^6ywBYPyWaRr&nq#s`9rMnH
zBM#iJ2%%!ONYqCTofm$b(AF<VBbLn14Of)J(&HtnZ}j)W%%i6gP2p%e7~a%jCS-N^
zo{K|vn>S;ahv~N2zoeWY3Nj|zEU2k%#Buq`(L~`#adIhB7xXRJ)7VV|8^X1Nl<F=T
zm?4Woq6&6K;w?x*oSN0%7DY~V)RFLw9smB~KC_ze>R{>YIa}c0QVMBh&it?Kx2^fT
zNX+Z|?~;;|Q52xIUcGpcEbH^(0~mFQ$7;2IQ3EPELdDXR^Yh8T%fe)4PfyPwV}>D`
z@9_yTv>)<_DBtfUMuXfnrDT@MHQ{_;fS;RN<DhA^db?+xyK3>XTr(K7gniDN`!Kqf
z%e8p*W$+*2@Txbt$agW6-TkjG8Qfg1?%VZE9jdPU9=&F1f>=7Ne(-g#``kHcKX!?y
z%sbDBuK4!>2%Wf3FM89F%0JM_|EE}JImn=gJM=w!x%5qkMDuvp?68Km7)tmW+y1Md
z32T>r1q4;myO;YR|DVQp|6kndg=K+<|2h=?AKvQIN9di=AH!1Q|6fGSaju9b;Iw7$
z;9!+J9#W{mlb|O{v`R5umhNri^reFbDL5v@riWTkaR%FK4clABq{~|8jWD|qSgQ~!
zUw*rDY`Z*=<nd{z!B3>MZR+ybRlIjkX&gyYFl*I2RSeq-Il0|KKefq_2n`OCNp;Vk
zCnBa*E8VHXCx0MyZ)kS+jn{AEnP7-?PWp#T8DeV1So0v0>9n3wcgH=V&%n&&l#w}-
zRSLKZv70Ym2R0YL9uI$1G@<Ut!OPqJ`~v|<C1P^~?o0UsV=yp}2??R26G=JB=S&@R
zA1Oz{M|Z#E>_<n~m%=Dj28jW&5-u%&DHZCi;iJhDBvBdCEJ}ig`Bw8)%(6?N{m*pc
z4vnHp5amVsWLz~=TEs<2)?G6Rph)6Gn4LBP)TYFHwjRMZKs~6Vb>rki&3TnP)szby
z?O?T3_4vwYyK?t=j|Y5HQx#3%6Z1aS&FV%tlxNvRE-18WDMqDU#0uI_8V+CHeuUbC
zp`M;rma#WL)CiRV*%v?0Psu{M*%Mj?n}OhU-WLPjAR-cHi-!W>rMu$P={2l?wQG)8
zz&bXM{(7UXdt=UtrGTj*D8A6#cb*ujAM@ofuL@O5yqJLSVbd<OsH^2keV{D{H^56E
zFI8&+wY@&Hgs>n+<z!5Zk8cKg*I7`%baOlA6Ix=~T#oq0RYSwUW%8*0JIHm(pLKFl
zMymlFUg!S$E~SV$=t$-uhtT!~&ram}-J3;4Zc*8|n^!@LyF$6SljY4mhe|RtGwTaL
zKH)}?+Sjo$kD-i0ocNQ^Dd@pZ5R6y5dvQLU4K#<k@C;M;ynC<<R=6+Y4P>>ZW;6EN
zikZQ5BE9<|Kj)`$k1TQM(5lr}36!wsoE((1IuW4z>F}U`R8DnF4v~ajK@egggeFLl
z+TdSYSVCxDqVg3ALv=zY8BX)x_z=jc$Y^<@E>up4eJW9XW(K%z-a)5&5D9{-#nG}?
zn%}5hhPSPn`#!V#&Yemp9xtTWoSa^xR&B#n+1#89^s@nTIiNVeVOX9g8EpC?+=s>C
z5h^Kg28t-gkRwh=&;*@!|CkPAzO`kN1CUDBu2o}lnUoJ_Mbo1mqsM8{S!ED)o>rkk
zE>;6{`{^RUy)!By(pz-4iq_GI(k?Kp-4%;Z_mM&?A-V!qe~lcfH*Ax{{0!WCWpAAA
z#}ZnBy^9Ng`rK>(ta~)W0a9cqpyJeZ1Rwb4PM(A=sBYlqnyn#L(`5~@lZ5ygyU%+O
z$=UdDG6DnWYaMmnz|MaE-T~{uH{4uY1%P{bFsFcl4!_j4ZrGQnAV7xf$RK1Uw6Cwj
zKqm*+r=zR}-y#%`Z?qs0;$fGDwE!}uJ)tGwlkoa}{Zq3r8)8iSI*;#Mg2FWp?=>i^
zLwSx30@W$qhX@$)&!qnDAeJSn#qLsxasUWq5aWjOH12b(u&33MuCp>cGUCkLUf2M6
z3zN3!AZ0>w#&uB=#Wv8JRk9v|UJm;MaTp6$vHOx;5IUe8an=Ey^u$0wi#8peI@eM<
zOC~@$cFzFLwL`eZ2HdVcwb1jN!{*JKvu1WNZQXy3AgvHJ2;vm>TLi+tgs#gL6B7e>
z0q;+vO6aIg%Il}<WT%^jA&MhFqNy63kRg~O#Gg<=*EtI+HE}O7Vc_&4^>J28GzXP^
zy*27$P0$ti4Te|yol=gLhe##?e%aA%iLTc%XeERTnPirgxr@q|#}+qqfi#MT65d1f
zAQJH55St^G2)z(O`~uGwwG=m}y-Z9H1ib(}q4GLooC=ATwfNt&@a<<}sxox|wg}6c
z2FNlpm(QPBHVGM@hGYrrnE?p|>JVtcL<8gE%H_)z^-gySJ6Ox1(sJwCwb%7NJm)2y
zzB~{qPf7WLnqIXOnio5zs@JV6{bQ>K|0{~Bj6t70&G^KLm)_!qBY=zPs3jlZB0+;M
zMD3!B3)ptjzTHzOJYIBg&`3aJu8u}1p>@u|QJWVbIL#JHUc=T>U?Uk7{TdQ{y{JSJ
zhvz?Y;sj<Y%pgd{AK86l-fn4a8&Skq2y$_?0)(POB{&)&2IEao_d*)Gal?jto#aVy
zX%}YM<?~T>G0@kKMU`?}QlB~o9`%*m@bZ%$JOYAE8xjCi`>{0>2Ibf>>V!$5RwAun
z%>yli-B0GC+#-K}Fj?Bms|z~$1w1C@UhuER5_lx3Sl)M)y<qR+_X!{peIbwclEZcE
z2xvl@ke|@h)YNy2szPgKI)3FpH7~_jKz>qhnvNIM#BMs1T4!#yp>-PyaHL<}(-k&(
z2<0$wVc}E&`$3d;@Tz{i5j**xEr}x5unfX8Uq0hoaK<0=l=m+s?53%hjd^mZ4{V(g
zIQ%^1)DvN!(w1RJ`|{--#`kt<SS7cy62K}y-+_o@S$FhD)EOfAvmW<z_7ic*e~3Z<
zr$G>=>3>6f^uHej5jVc1bM@oKmli5<t3Qqo;`g89h2MY9DEy9a`QMig|B2WBU)}0P
zUx&>bwuXmI-1&)&f$*n*D@X_Xxm>~Q&6)2(q36eoPE)o4dE}&dRUmgVDFmeG!t~jX
z!NS59A1~<{C_bo8*<wjjnl&;Q1u|wpks6}e^zh+%;7rYWm#{G_r;W;Y3%FXsZ)ru6
zAc6S^x~W#W)n0%r+!p%=e(vr)1#Gi<M0iPFj{?=NDU58%oceniE7iLd%1NF-aY9W^
zww`gL;bI{4V@L@Y(2$Gkh{1>ZJCi@LgnZ|xUrc@Y;rUOha|63FCMv1+NM`PmDXN~T
z{=<Jj(P%XJRq8LRnQ=#$l=s5I-k8ump8R%)0^1Z5;!#7(DVbei8LuR1WH8i`%L_UR
z?q<MPlwa~PtehWwc)ND<JTCsEVg4zabzKECd*@DU(fDDE&U==`DL8V`GEAxSw857q
z)reM)cw=sut4aM*6YJ7`LGGM`@&&Ii8DF1nI|39h=qVE=UMREUXQP<q6(yz99iN-{
zA__=(Z}V@OVjvK84EVc_HRhPet15sakeaiP{_Y2V$t#^cP?KaMDDds!^$~(IgB-or
zm9J8hm!51f@F=D!WOm96-B89H<M~(<d)8+un7?tVF$tCHr-b4yaV@{50HV(JGx_>&
zL(%Z}#I8?V;-3rPLjM%IvA*fA<6k^2`mg^~)BnvM{Se3{-tliPKu6O3#|z*>|M^pS
zK-Q$ck-_iWvE>gX*4)zn{rGZ3G{5xo^QGlW(F6UZm!!sg|4vREJHdZJf%p%F<EqCp
I<<4CGUsKJ5Z2$lO

literal 0
HcmV?d00001

diff --git a/docs/img/management/check-users-web-ui.png b/docs/img/management/check-users-web-ui.png
new file mode 100644
index 0000000000000000000000000000000000000000..1f291b650a84fb41d2f7bb6eb10d99baa62d32a7
GIT binary patch
literal 32824
zcmd43by$>b_b!Zu0S+oEf&)k+sf3KAiqa+Bh;%!IG^hwegQSRnbc1w*O1HGMbcb}a
z*WmNK?{9y{_s`yc?dNz7kb7qCxUO}rb)M%sukn(R625$i<Pr`J&Sg=Nr?NOWXY+Az
zPQ_d}4M!S{kx4i>uE(NJAIsYfEDqZ$U!NIxgDw-&dA8`~mGjJxGimNVEeYOU|FhaG
zWx}$Ti*H_XkvOs{$G=>8ccX@d@=KgZ@Cb9tM}bN@d#h=QFuhu-lI=YW&AgSiwzem~
zqIlSOB595~2;o{dk7&c)$xmVb^#*ko`|An@`x9sU3ijtCB=&}IJO!~oanKjAKkXhP
z`CX6b0xu44t_OJg`}v7`O51&0{e2Z)3;ccs^T>GO9vg$l$=T2%NJ_aft8KEAkB$eT
z&cYEm<r@?=;xY0X_EL8cUV?uwjeV(x0uFf!j$gThfSY=ReanA7dU6+6Ff|k>cZEI0
zsgt{`p+H|ax$FPqQyJYyaIqptMmqA${P4u8^!tz=BmM!-LPdXXi0wJ@b*8Hdqo5zg
zk$3p?$;BF&(6>lJK9=LxMqiG##yh#EJ9#x@B@-P&6R(bT%KkkjSEKE;$c~9E@~hK^
zGe2>=)+Hj)@X1u=S_VbR$;aNHoSu;_{|Rymde>G))!nF{kn8I*AR|4k<TbmDta$N5
zBf@pc*O8X2cB3=MF*Ve+-|_9qsCo)k^S#F<{gvI%Y35*eURsp@;yt}~4;c(aQNG%g
zKkhc4E$=6kQ>%;t5&hrMTji@6d(S^2G$@gKFEKC31D9r=@VT_={Y2K%I|!|zCz=HP
z=fwU_j1vLcP)2c2uC08v89!jfo5NwW)yGYCujwhD{e{B{+KsITA1Mgy#^CX5v`M@K
z?SC%z=NU8xCCbD;dHZ<#vbot#HG#@erJbE!Qnpfz7a?6L=V-ZJ`h!`=dg;p#jE6oF
z8A1R^kYI4#lWYbUYb1<clYR0m?e2Sl>o0hCq};T6SQi_<-O6-aA@PYr#WlFuD|kS1
ze~TRE8zSuL_*WCY>b$lF5#!EfSK-912bS{lq}dn?2E=ewd;$B1WgC1+m$2^cnphVK
z7*}7Gr)3H}){10p+OtdN2$zj#=I+n$?b;pA$@=kcPd102Yg*GATgxtGXzp-*BbUWs
zG*k06f&mf0Q)YNhx!mqg%B=EI(gU*rW3Ei)5^wATJQDI0GzuCc<@FO9fKg3Kz0~O{
zAyts*Wz|_Ok8HBsNUrP1_%xR-&Dn*f$Gh(^prGRUog#ZcvflQYSS`)*mj7f=cqd8I
zm+$qQo6X^ljdA$}K{3i==eH}T`4z@jZA=HsX?&J*O?NMu1;lX=$!jD@S;<WBb6Id5
z%_YkwicPgdth*8LrzmC)e15o|pUA9Q{?wdVtMW<g4|hF}T)k!lDK`@b)00T;J>Li|
zr$5i$o<3(e*`RH1K9XcMnBK>`v0%0F>(6v6v-kD;!NTG0-5Cn$N-O-fhX)02FZ3iC
z6w*F3DzS+6n-7<cmO9VajNhYVa~LZAll#MdZSp=lqiXtVv%`bs8P-DMo>G|jH3>aQ
z#Z1-sVe6wGiI3fI`?BPO6$PV><~kEeliFnj$W_wW^qMByqRMm|gGODC52qNF?Ac+d
zi&z;j_K>TmEhRgQUDU}xn(Nz$c@*T;y~r*hiA>sfTjwej*44qzi7vLR<0HgVxi^;8
zVJAMv!%Mxp@tnby>u~);@(b%-grNBx`O7C37UTCW*Nwe9SCy{GpqTOTfUzLHPS_Wj
zxJ8quh6%WpT6cKnbRKn?;oPsU+SQXq4@`R19gAHK_iqoW#y$1=y&pT@%W2X(=ObVC
z*@kbs4^Qkzbr|z;`)}IDuZ~BjvXPi;mbiG`mt@#DEk??5iw63oIh8A4e?Wz3y{z>P
z#jmp%S(|FbCbd@Q_A#xu+uLMcvo={40*HDHg=6N=7a+Pxm=g0MD@~CkL)1$QR5Sj<
z3$~WV>&e$KY*jAm&J>vMPx4*5>La(luo=GknX&Z+7cZP4EOL?}UrO;qYUt~=sRbno
zXNRue>oEgf_L}p_V#vxr)vU=9ISPby($Qg|cUALKj43#O#S2R>vACT-E`QZA?icx>
zS;KOsjk!qd>fFRV>1bX&7cG>@*5@D^@w76na%+{=ug>*tjlszxXT2RZ=hM~tG6(N)
ziBjHVQkEIkAhR7kawBDC-b5EW)r#2^*jxE*-bT9a>NN<AaXZzd*J`UDxH;{vHTIBj
z8aGrg4V5&z%yYy<7WJ?+wevHwa^0Ypc@*8yq>#=ipF*!Bu=CsP&6_)iYkHhFnKjwA
z`q1VxZ6-0Di}1NID&eWvsm3)a7{frJiJu#(hWSEba~ug44-lK9S+N76gN?gY6(Oxz
z5s)iR#RO>{?`aBaERghDDX-+Z94A*26rAs2RX-N&%8q4_h)2^CP-vu8a?9d1;BUG6
z&G8}5Una?Ls2iM7OqEU4jWg*pPgl&`rF(zcO@Y6_u%mN!I5VTPDKp5^xK#luHj%34
zx^GsgT0BuF*|@S`U#&Krc1cWDOoQ~kWyq(oKJ>&UI_0KjicG9$gCS>i(Wna@RZp6N
z;}jpJ)5TJOd$l;v=V)2jpG?kbU|=BiL&ZKK<%48o(QJ5jujE7LI)y<Mhw5g`HasoP
z_&o(Qy>lWt7mC#9$SHdMj&!`F-m0jGTUX<(BddKm@xc{*#H-L}#7slK*~4&!Q%L-(
zL!?v%kx5agkn8e%gk)DawSPSAdCzIwEfY%5o>Jkuxo|Ap%DV8-d}yaBlyRmtQfXQq
zO+$3U6c=6WxUFfEzEx5aU+=G`oKLTqq3n-**xe?&^s%SJ%2iH@3uVqhf*EiTaT6c=
z@hnInTQrz<K~1V;$x-R@gQGb*PBznDugo6yq$~B2?QOgJ<R-j|;Bzz=L(^A%FSV(X
zo#@ZiGwDp2i^wxC#{!LnrE0MSEf;r`QywPt(-Ds58UY`PSz0&iq&wR1D}6y(`%`<8
zp|tVdnl-QLd}7S;wrggBuH{ry;_D1ZcXH`>!U^g0zRD&xu^rYDX{GF{<r}7&x5fy#
z!iCl+8+9lV1W4Wt^Qik)ia$n2{bCV<t)DneAOT(G|CvI{nWisAhMAZ9ARC%^<P38!
zwl>4*Tqj|pWz;t5xTRWTzTWO5|D)R7=VrQ~P){ucFfp9_tztATL6PoUZpgUIdyi+n
zNX~(l#hB&L8OO=l`y=@9T%AJ~jW%W!@0ZFoTO*C@l}Y##X9j%)H<g7Vn>Kb$HQ5oD
zU!VEpqM7!>tJ<0fbBs(^DgIhIkhCPAr4`%rVu{;ka=xD2m8t90smJrZw346dY6Sv6
zPzZV?@gvUT-%4q33;g-Y8L3(JT7!qP4c1W9=hr65MbA$qAt*zU6-$oW?(HV~{!#Ol
zoAW(=E@^@ogq&NvP{93<t}|^K)6>(I!ILpZcRC>{M;>J)Jw`IDb$#S>%;Nak^1`U!
zi|Y*3Vva3^o1}bNcIFa<Xu}<ao13i3mdDx*6RSgi3=8sD9ui9GS=(w^sy0>1BS}8{
z)orZ5Y}e-Yt5z*A5&ss#q#~;^Ty*@!IQkr(ixL$!=+f)oe0#x6O0!BmlOHcDM~E4i
zxeaxo*m}1K;sH1LNvJ=Y19kGHdyULCoACksdp1Km=c-uq3-T-mv!XikLOq0^8euYf
zGxvKSPe(p5OUe?<D~aOC)?Y9*y6Y1fbbWx>P?wj1yYQ*kHDech&xcmi7gap>D!pNz
zT<&O;Dl@B;n)YS!ne=8ff1tv&ywL7=_xDk+V;ZXp9}5M!j+J?#x?_0jHkRwVV*=}H
z==Nm$<%4ut3;0uyTeR269w=Ay-F~u37i~ZGHzMafo1~jVyMz*q6|+<`ogZpX#JI?w
zw@OQIja0j}R0Mb<uleGkcKX0GpX%9<#rGfRG>0)W=80w-YvG~W4&M!t5Z<=fNM}Qk
z^1s|jH5=Z-bYOzN%Cp<;4~e;$6qyhAWJ*bu^*sK%C+>!OS)yjlJ2X9r_0_I-XgM)<
z0mY&?cJ|&+j#3(a;(ssUgukLUA>-OhtU~OT_;AJl*TSv6A4#1tHbR$rU$~|+Jtnu=
zvtzg0+anBa@+NjFn9y<)v^ZWcO>EVCRoE$Cr)})wQ8P9e-?p~4I}?-4;kHFlz3NF{
z;vhh6y0dyU##xacO5D8Te7aJ$xn7S#(~>)yers{~SSMcSna|D8{prTwnTY^_uyk3p
z5P7N949ooT06IZ70MTX8o$_3ej87>`J?KNO!wjpsn9-DU4BD(KDU<tH60*r;&e5+*
z!Lpv_{iGq)H2J$m4X4jtlFwA_>21?=xjKLk^`OXPw9@X+xaIZ}_e(thCO-Xqid-Ia
zUEN=)VwJ6th>nU-=~$^uFLJ4%TEWs5BSwVW-kX@S?RXQ^iS3(4&o-LS9}i@Dn8n}K
zrbQg7Iv9;geUL?x_%@RkxEt<^%k4!AdWohAYk$>}=LzfiUD9l7Jce68OL7=p9Wws&
zg+=ngrJEAPj3(m9%5ao~oT=Fo?q!mLL5uZpW-SWBAmw>STD$w_u=Hh=+HJ+YZ{?Br
zT$fwW{U8>hm7anTJvY`EJ9m^sE3ux3?W)sQ$4A;qhmo3X<fo%Thb|tC&3u4NNRq`s
ziNm)AHQFBAQ{gt3{To}tm?MvTE}c-H$_T4YL#<24?NSdk;zTI3KFzHxBb^VO%3-S0
z+Mkrfe|O&0;yUI=(^Gr<)&&hbOkMiLarm6?E{7XucYSo>73cCsH`*$n$Hd0MJtP{%
zOy6t5$v=5k^Jo$Tv&!&<g`!&W>wfuWs-!D^pwypNyAsK1;<EZvTT>J+?^#`B^D6bJ
zXF|w4jaNj-Co%Ge#`+g2QaK|8LeGa7myu6B=eWC+7~<ZXxu*Q&l4S4C7wrk(Eq!~l
zT`1UM`C3E9CCx)ugULMuBPBk!3st@1%<CX^p2xd){gA9S#D!@ft+HE5_=EuBpm!9v
z=;x*Jb-o%fxjhqS*k1fgbJ#SHX%(-tt(u6(ubl8g!2UmfA4FuYet+`sk>v@QTZfa{
zb^CXaf0-pt%@|&q5s;$8<jd^qjqHz47;FT`KU@)L<q3`ZfA9BOj_FUB84ZEsH{X7L
z`5g#Y6vFxut|0RC;zMkN|FZf^a)A&3rRe|f{7$GxZB$Hz(};)dt`ps=u$kvLU&2Yv
z@i`oe@Zo0v<@{%{#2yY|8T>!o|J3-Z7P?r!wUo6gL+$H}@9HI%&TDhYXU-!!+gYWx
zr!)E$(iK~yc#29&N)q*w7os)yh^0QGdMX?Pyl*g0VIj?3wZcXJC@D5F06_L@A!4Bn
zuB+eATXqp?IprAsxuz+I4QG%TBz({)sQ4uV1tvuWCVdvKh73(ik^`!Xch29u$qb}P
ze>gjaBOx>DP?+3VS6{Kax>_zWSvVm2T39fxq-NE~^RRn5(-|gxS<S^m_q8gWbWH2G
z&4;MBNgtT*yc;E2!^%02kd@3IK0GI+l`tHw6eMI(m(ZLP2m)mNRJi^MW)H=rw47JC
zG?18|5|O8G(E4dJV2LOH18@td)Xb{+-SuNLF|OvX>LZJsrk=a(oAI-L!VcJ2nWy00
zYN;shY_%dO+FuIpL`QwOua{IA)3b7N&^56)F)?9`bOOO4Hx){)=Uy)j-o}Sfx-0CD
z)E@glJN|QK+RQ#Au{mr#?&8Tk`k+2PwCZh(;%OvH7@2O3Bx2f$LUoV7g3J$OK8Dj#
zO2V}K`{(d%_0Wfq@U-t8)o+oqxlCt7dZDh{%sZ)MDCZ29ZLgL7J>4b>!23E6kJuGr
z!KY7k`?56HUn83YBRvK8Q@bX6e}27Sqwwj~udicJr<oMex@)|Gm-lu}tRSPyOhe97
z+tMW>7I?M#bq*CGRPfc1!m2kz#j3GW@9Kw+@;9ItUBOt0!z84TCbS-#j_4q9M+riy
zgD-G6q__Uk%F}NpAv*r{o9bP)urHH*@hf1v*b<Gqz1UCJ9Kp51wY^Rh%<in5I^8{&
z7Zw&p&EFilzqmoH^iOO+G8rqAgXqiBC?l>&m5eNeP?kt#;IWziOeO3um)zFSgGa<F
zifsGLIk=$%)T6e#8m{_jt$2V;{3OO}C?I2IspL(&;}MA-Np1t0+g+P78I2VbvkkEc
zLm>rRo&YS>(biYY2Pl?Jj(NFKc_!!+20=cicl}>Mtdh!cYdQQ{@P+OeeOf>_&wRpE
z^7Q#$4?Rreao8UU;^CHviOurQA!bzS%eHkoM5*UkhBA3miJycx_Az)kooYn9axUFq
z81OyZEE=5_pAKc*j_{TEj1m<X4Dcgq#0SEoQe<A8AQ~)iv@`L<9dERJD&5@A)7Sjx
zm&b*s{R8<%JQgDsY=as7R!1wxs!M~eKdq4t>QxlB`7zv*HyO7{*mMmmopvh^a+mk_
zjNth}E@Lx7(jFW}5&F6AHMV3Jwtars+S&>grP83C-_1>Af1}_iU%h0g#A*g`L$I{K
z(r|J%29xX(4NwW9q9=1-;rqLDR+A0Sfr$5J4t}nB)o6`{y%h@Sy=-~B)<*}s>GG*;
z+COR_HI{pv1O<#bR++>~f$V_^2?B(aF+%5f{nw6#opuPZY9qV|$w!}3np}XO?64tc
zyY>Dvb>SPl=^1n5&;HFpUezt*+AZwag3l2>ti~!SOgY6;|9wq@f?{n>`@HLID<wBJ
zY7i^`&bKzL<<AiT`<vH5kAx$T+3s1P7pLNTe$W2E3X*UPZlGldjhZ9eCN5yT`rr2j
z*NuIo%z|r?MqGVmWAHyDQTF(yY9}JD^<rl>#Uu-)FXewP$NjL%@Q0g5*=qs2)m1;H
zr6h5QCpB`Mhlugj&cx;)8@z38EUcd~|LB7gVJsS9>;`RvMb4XU0c3nI(E*v6ne4L2
z($Z4>#vmHh&e3hHH6G7u$a^;#<QtyuXKGdmMMt#=oz%;kv2@cZX;9zd;>5#Q_P)am
zHN05p&Gf3~xP}RGKZkcSgny`{>uw@j2r(3<lOf424js+bI&SCRXL8(H<gys)e0@8N
zNhKGQfl-(JD3XURL%RSNA?a)<$GC8VFwJQ<UgO1WQ^~=_)gHl~%%r`&%xBEYz_7R8
zF3=vyW$|acc7J1zkUZu~U3|Pwsm(&z@rqB&3k!?vI&uN2{2XGnQfng>`IV6h9i0i?
zd%V2kSa_(A7Q$;-Vmak<e7H@<=Wv}_l>?G>u0)AX>B`|g1u3^Ry?XH~U5pbYV_3+B
zdRaD;%rawheqNs31OuWc5vbuDBcgymBsBcGlbqg(Tn!0WV4%=!u<G~?ta?$Jv=4gC
zVdA08>cw9HpBmS+uZ*-sNhM3igy94u9@@-@7zYsu9K0H>JUov;E<(WpZhiWUo9;n>
zUc%+uNWEyu$On-T5u%Z)?oNlBTsIgMhsy1n$Et-vKuO443ZxLEc?vvlsXwpCv_BVA
zoC78Cp%O-de8Ub(1B39lXU;d~Cnioox(a92`ama5roy%P2x^-7Kz?fe0>lIG=FNKY
z!Ge7j<*&bIJ9L7+081V$wTZlmVPRqE%d+3u8IrI?8|D*e<>8-%^c&QH@ZsL^?q(l4
zNP^sH^|7+Doopve#IZW%tNkrf_e(d#_+2wq3-nt)#^yd9kRI&+DByYow@%W+3sOL%
zR0PU$(h%}CAMa6W66Cn_0zXgBkTl-ci^U{bC6=L3!Ef5hqK*4rLhgX~rB54;R#u$N
zln`Nr3dF_2qUmP~AqE5%cl(ClZLYA_k}H@{lBMcC*1xdf4&wMZ+`wE{a&t|%R&PN;
z0pF|NFCf{!)R~ZP<8ut7=F%v!R3OPV?1-!NzOlbrO;GQ5+u{l)&bTLSUZkU;A!Ve(
zG5oHa(15JiO4-VM<8P3z#X}hqTQh3MK&Ym+usq%lVmFW~*;^f>a{I=pRe6x1lGnWf
zf01zPXwoK0L{OTf40AzzYdLS)tf4~cje+cVcnLa_SGo}Y3ug&Zi-96F*3|h$iiI)V
zCFOisBT_OyJx#lG^~Q~;kd1QdxlXge!q5+RL@Z(wpyLb_EMTQ>T5j8A^+d57M&hDP
zFt=%_kVt-5xs&LWcaq*4b(dNFuBSf!Eo#q=LZ!^z*D>v8(|bBD=PF#H1b31g|5BDO
z9{&nP^?%+<05Gc*st1IGF(C{J3~Gg@3^~+U)QJZN%c7EvHBjq&4z8&tO@OW<)|DjL
zCFP#>M5;+HY;lGB#TCrh7#0m^<?4EAiziSbAR-%iJKra*q}Rr_7+D`}+`^<DO#eGK
za^j!hnFP8wk|ZMwveq{%sP5Wq&KD#k%)nSI{fw=SU^ie<FIJ8hy4;2S1&fKba%UU{
zHi)IdVN;f3d$wajntyk4(4s2%Po`RtLWc5lwZWsq^VgY_Uo8)n0F<$@9>OLJ`MR;L
z<aS+kRqMmO%a)_HK1As|5_b`Lq?d?TO!f3=7QVvpZjfPCwgn=?ZCb0>vtnEyy?7<_
zN@Vp=1~SzhH_>hM$H3J`+{VX8XBsUoUA)*MB{4rfE?f2*v`cJ(5+;$3vZGBzmD{#g
z*{@IUuFpVzf*uD=LGTv`d;4R^rsOU=+OQ_l<Wu9M<f)>0?YUhJ&PK>No49X)aw7BI
z-Ca#p^(MW{9mqW(k||*&-j}eBVw|^BM#}B=%%(~RG5;d_9sUBNt|Wu@=(&_H|6pX`
zmA-H<kiZrpNFkNCMDy)KP<Z`2-t0<9T58@DrEHh6AMWeZt!fnxHcR4o|9yQ$JCPXw
zU+7JZ_><h8W9W=zv9NN(cFwRc@ERsU>Q|<)8tzEvXHAEg{~q26{_nrBO|_H!jxDzT
z>9_s2xW4<pcx&Z0YOym>Tvzvcfm^qar)Pd{E+zJs-r(QB<QcU07n<Gv?$$k6jGidB
zueyru5<c?quAZH}CEhFr_}kCho7VA#s<JZ3n&}xCrFAtmCrc0BBzTpK?7qvv&g-QC
zuCX7rlZnpzh+sNtdxLrk!oS_dQ6uDOBf@_R^w|+tWYYw;$!T#FeIelws{6PW6u2w7
zByi|k<TH3L7h+SAo`96_HaRIFU0j@wo*umPhRYLmw$l(f-z<|WL&ir-yF6B1FCD`#
zDdx~-frT9wH{o;uXN7&e{cm`AN$)aaKLt2R32D5KuRzT299EMJhky(P5>LpGN|KOW
z-JE?+Dc}mnpoyB~Be?WN*8ZuNpvw*%xr2BM9W&!1ZDl*%A8wd~)sqQ49l?c&*BO7e
zg5kGc^CjnpH+l-*S+CQUx6W{VbY)Z(-UXf9hH`XD<@fQd7y$wMf6neNXpj027prS<
zTMIr9uV5+VKX3+`lS=518wc%}0J3L7^&ZcjVT7K#KYa?oE3o76(1nO*#d!@uzv3op
zx{AeLZ(EQU=@^>Eu1l8<2v6Yz&bc3NDzdKlnr{7l^#(??{n*#X^&7Odad0OOKU8>P
zBMaL)?J{VuKIVQGf*m1WPfzc#ZLvaEY;-=t4XCD*4*o$IXE$*k=iB?Q4Gnaz=P1=4
zpM27-F1EbY{h6!>Xk$qP@xNRzV1trPA4$u192^fKh6tbi=;S))<jrU5v?WY=E!J^x
z%CFmR>k3}LVl>?plvCKoXD&M&9L?`}22ML5Gr-X=C|_T%sbNx_H%eDXZ#NfS!Nz?9
z3f-W_gM*XpYes<`q`=3Jye6KG^qs=7(_52jn*RH)3+P*<`<?Y6n&nP<n69i=wW6h=
zf_?9L8{&tyV{sEntt8=c$@vi#PUcMwlA}BW4T+3OQ<b;5Ecy#|>c`^ioeq~%{{*gH
zC|W1dZHz254Rsx6)eQMADD0nh@tHo#VJPA<^x1{OpivG~a}4Ec*J$yz*k&dxVc3S1
zwd&2IivlHS<E!6dtB)Rk7n2c5d2swer@qK+)a9T?)a<D~zuk^!3zay^u}$OJ^VSuo
zwMlXwTg~-y^mcSrU#l7!S2-Z+M+0;#38sj**lG2>f??gS-B!wW<X#%lxkq1NyEB_J
z$v%pQKaj7N9+I$;py-RsZqdJmN%)dITHzO2G*r1@@bxSNS72Qu&)rDDlkumj8EdXQ
zw|DNWSX&gYv(S$fcXZ0@YfbMrCTp9O@bwWF1B$2Z1xc+Pj>Z#*9k*$;PQwcQ{h8w=
zB%w|34(Fz-_qP}+ZQY%0{I*Y#w*A1YzZB?m)3D=_v6Rsdaiwf1XjaRPTjW2-W%Nf1
zoy!gw_2_+qzO$RpB%JZ9i*2EOnAX4n=RFaBAi*AMC+-OfZIg2+Y@JGLN5b7PP>fw=
zv)j)at!q^~aC_I2Z~etvh%;|UqxAXw^VUU|KQF}`5s9}C56*;i8E9Y=BPR6kR2&m_
z&f4z|4VBxdiD5#;8V+s5I+q4-cnK<Puj8_d(`Xi3t1ve591l-5XeZ*}NQs=m3L_tr
zs+z`=R-#OzxegA_P*3`Em!%9l;~Fq3)PFJ`owJ6~aD4mNJ3o#)*pDCKe7J0Os8cpj
zW_M82NGes<-7hxvTp}h@zEs{>+v5R6o)NjpS)AWdW9dwPmycI9CV)_Do_W=ys6G1d
ze4**SV4PHwB#*58F&}2|_2O#D665-8Ro4&JJ2FuL-7mP}YepJDzuh%zi?%w}nUUJ$
z!x#*;MR-<=D`lm1chmZpeE#WLMTvv6;!z%)`|#|^ihF{r9C(POfd=uXu=R$R8KJe+
z0G^g__Y?nFd}EN+?QGBE{Jz2K7*_M26-EE@<%GQ(98PQ~qr3eCrbG=1H7*N!O?-}9
zPFlyoSgw+LS}sYVLkLPCRA&R?a+hKDGY7rU?KCwqiufopZ%~Soa5ys9F>y);K{mp#
z+=4cT;_UdUbL|*B|3Hz&=;TUsV=&#Q5>I11m)Ssf-?l#q+HxRKv9Y$622KS$pSpeO
zKHYGW6PiAn-;wMlacv|Y4h}2z%Ez_JM#U?h)!R2Q`&&!l<`F!$SqD6T=Z5POg9^=u
zdjWOdWLDi+8sy^OkiZ=t8rs`jV5N%Uu?;gKM!$ZYQ@Gp*#3fb`Gh95Dxa<fu>C_oq
zVA-AUUk5tg_w4yma-J=vh)e)apc-)~W4^n&D&9ru)ZuUb94@m}qT+eI81eyF7$BtT
zA3vUiy)ZB!A||GBi;m`UIoc(%zd&4+n;R4@FV4<wCEIBg@qJ)GwO8!rPPmo_p!|?O
zH8pflGXYsg;y1Mbq+<i@^Q}(bG@M04mtsvqDO;0W-&Yb;fyrd_L2;hLb(O`9xvnWq
zw&ItyVg*X~5*1|8DJ=E=q%-Yz<Z8#XoOd|xG6fYm;owMwX+I4q*U7zz9qhVTd3Asx
z@o{m9%hVd?qgx6Sj7nKS>75Uu{)QQbyx?&?D)$vp7aeYF0DPyRp`rJ5zTx}#v11S!
z5<&pO>q<og>a_vyn{J7~AV_<+E;qq7W2&s@*xYOaX&N$fPj|{|Ymd=MeGW{AnGJMR
z%2Z`$w{zTYpla$&Sk{#ZV{!v}!^TYfP_OCwU9O0&)#B*RmcgQxK%<L=Kw3o>nl=E)
z>8dLVB_&Gf4eP$_PU&Dc&{YjHGBIJ~Wb6v^oT&4&02Y-IJH*ibd`-3vF2-T_^F@Sm
zk$Hs|j0DPY%T$G!IrfA7xXhA(@9!Omb6NgRA<iBUy;exE6p?%^luz1T9;WN6IzB3s
z5U^j%2MFBxHpqCOC0;n-K5E0dAuyKBa;|f#xOfNr25G}DuSsPdRW{^r-Q~H<SYop@
zU~~Vzkdy?I_T2!R`R==%0lKl1iI*~gM@ts%Peo(|;3JSI5ytyod=am$hv>VESra=V
z65r~nE-{CQ$f0+Be;4%PYZRE{v%e(k!N#&Ji>AMPmwn||j$D$$&$Jpo+vU&my0;^9
zELkH;Y!-R}fwSd^Ar-}t4Cp@ucKc9l-;@jFPMsNFJ**!)*j=Yl^|*YSg>T~b?>k*f
z0|mhz7cX7voo{$?9L+5zmy?@oytdK|5L8z^S7vZ5$)CT%W}$F0*jMEIJfRfnuheOI
z;ow4}E}^U}<(#$o9uqcg3k%lu;?h!8H8og}`GBzpyywIhfhD-o4Rwa-D+Z9=x|I+h
zSTaD}U)#0r!H=NvC>Ra^z9fIj>G!wCZjPejk;*iXe!7>QNCYL{AZY_!ai<IKcp>xX
zF5sT=d(1Vl`QBnEH=pbNL){rF>=#P_KbpDN45fPWJxh}nDzq3yPc<pfP*cnE49`|N
z@6)tHs>pWs`~%OMcCUc2-LU>u+O@%4y>yA@isey)57F|DGeJSo%};do61rG4N=-Qs
z1mygbUE*O(qDK0m-+OxxbzOS$uVL0WrgBsZjA^9B9D!UAXx_pQv8ac5!NND*4hoSp
z3eD#Tot!3kgX(U3xwqO8-!S{@Yn4Bz-zDvRusvKn_!nIruRf<VpgGqmgG>w9@*~|(
ze-PJpHBIUk)kEs8C~liiD0C-l6@H0ryH=ct^Ykn5=jhb^LULOx`-!MGdJdVa{*F<&
zDdyJt`Jvp>mxZB{JbbALw%U;q%{0*{;+|1~M~*TPVIP31H(Q&Uex{CKxX;N#z}y82
zNuYOdS-QpWy{nkJtw<sw)^utvEJM+$_h)n2T2xswY7&!zD1RbP()mTnuWk&Mc+Yu~
zsR*fPUKPsSZ*Sdb6^-V*Q`v^IwOrNI)RsaXG_;&RZs=l$AcI~$SBQW5^eNbHB%)%b
z|4h_`GAfC3swgXO%ytMy2|at4Y`ZeT_R`3x#GqZ%=4`5Nkgtff->v(yO{+(TSMKr|
ziFgT#mO*-HG7a*_GU<MBtt2j|l-RF_aUc4ApLh50Fmiu=bYNc~p~A(;m=5~YNBaBm
z>~u7TD^zXsdG4B;BgWgQ9J<&fsBbSD<eKUw7=a)N_{i_<05ovYe{KEw%&@3Y=%fK9
z!9d(Iya?ABDY_&4zka{gs7#Jvl*>^6KxqufYTOr%p?#a6vzzlTe6DV(?e9;7)XEIa
ziC;MrJAVi_$Q}Np^!@)fLjI8}|0e|hho=F;_{&$o75NVt`=33Pc=Rpu7%0Cu<#_*i
zBTqUkSW@%<{X6>_#>_<hN=L{2M@diqHDdnnF3Ko-SFN3gI0s{dfO1b59~*1gvF75^
z(yr0JN2{%GVnE;nStT@kh1A9d7$~Ie=Ur?-j0H-|%1qd8=ey_Nxd(cP+4X_Bs?ox7
z>wrS&a=7Pnk&w1>^)aZDw01nFR>K;am7q}$LYc0anVE^n?VC4Q+@OWxbCY>~eOnKL
zdfrA_^GuoTN|vkW!CZ1ocX~vztH9)*O*^OqP<V@gH^cv&f4=zp-_~1@8B`8QKcIZG
zy#Q5g4KoD&Yj9OGyf3G1(6SyZG^3)VoKo!f4!(SwmDR%jYGBnLD7a*t#`)zJ8YCf(
zmpc=E97vVRUX!}+)M$Sqyh=jq#KrcFZhXY=)z#mmSDonCc&R_d;G=i;(7zxs>?P${
zL-tUgVLaf1_5Oznk^NAnHMM)--YPBYu?9$#eCS6KXzn{4I)Au0QiM}}d2cefmD64?
z*bB;0+sFG<pnfG0AW^?E)wt|0OOs*t(w}Ia*<KO2LkRsHHUR;(JHsCix(YRG@{PKB
zGu2oLbHB$IYJ##zgmluPMUe4QpGqBHh5UIi>sg&o&qm2T`?{w8@)08w-y*+&K;ipz
zzmjw_nr%I^>?rj)I<9BWR^=!WS|)^In)g9tOgpLyzlniSXJff7xRxC=szpFVLedKY
z#9g_hlqi>6zXHptH0^4SDtTlY8~(+MH#R8V*j~Y`aZ_bmtX=9&5GCAn{eHdwEU(i}
z1Kz}|y^Xnvdg%)nE=(q0()C4!2pEWqixUIQmz7MZjUDQSaf93~Q5Hw3!>h5(YO-)Y
z?YByNSYhR~4I4Fscgzj+jw(9kXk`cTasg^6&tPS3in04xNiFAPqQp?CO_^5J(ZBfT
zGRUOK<sMs0gG#m9Fu{824WwGi9`g*&7k-=7$Cit=f8tz#kB^M-lk&XoZfA#z3i>Nu
zfS{4crtt&UBPZgE1OdulU%V}^f#Z^wf@7EiM<!%Uhf5_XWePRB6>ebA=s#d3A-(@H
z!CTN?PlokeU$)~KJ2j$9!cHBLmu<<P$R=;f7_+^8VaDJYvQi(})EpNY8X6T9<z21i
zLQHv=KHKYXpCAxT{2`OEAm$acIb?%Cjq~&KTj)-eo8Lwb{POK-l35TWo;*kN?Ka$7
zIfSKof9@1u-kuzS#%&}SxAl&@BjSdAK~Ygr48Jos1jU(}SnC(@LVo$_*D%ieTcMZ9
zc5f?TE`FVX!3{ni;_-~t%tmtb?L>2NzaqCl;=BD{FSGXk6b$oG{n$C6zz#C~qzzbX
zJg#9XD{T|-3+#n_Z_Q0lzn*R(-rN<8043FZpbpk~PqWMP6`Ya&=<4S1Yz~v&mYyC3
z(mUKHy-b@Cg7zhOxw+on-Y(k6kt*^y+Skk0ovyfpv-WrMt!`L8A-Tg`A8R;NoWqak
z(N6r-U9U~MS51c)EsM;e*gO4s^-oDu)kt|cSA(<Kw|SO6Gw-8xf{OO{tAtbtEp|jL
z$k*NIgn1d+XF?z?zTTM40eWC^OsFB5Z`v<gn7;vRX=ZyO^TH#N-IiF>vBvyz*=J9m
zg7W=H^A7}~jt=`4G?e}{N=Y-^{;-#hmFW{g$_!^7avT=Vt8dLGY#rQuV@-+~=oizn
zBiU+M!$>15ZR?3fNHr#1cV{?`dXJ?vNp7<5NBZoccsceF0{4O4uDa-Xul&Fbym-9o
zRlU8uQR;|Cq7|*OJ)S>Lw3z<6%8Ew9bz$o{{~qc<CxqbSBRDt>>gd_oSwkIm#l_(=
zCBKIEBr4^0qPQjjcSc2|XZB}`&Xar&vR-f3+(QlRE=Y3wo%D0q#F2Zu!;r|1pfk<!
z;@cbOp%Br_e1kMoXJ%@u`}8O@62w%z2xgu0qJ}TJ7gt#3CRS@M3H<l-4=l_n^0$J$
zU@Aok=Vv|`hP;tz?fg+qm3!cfwgr{}*=f@F1Ld>M4HXHhmr_jYUEyQJvgR&i+SVi|
z#Yfj0Y=$A0?7tY{31GE+pUl&!aA4K}v8lz6kfQL$F!)20_H8KtbI;4eWkmpk8tZ9h
z@P+1k(vzK$e{9BIfzFKW=?BvVl$6**tGMS&c(@YKll7_nuVClGa-JNArBA|8h6N5c
z<Rbc8T1=sr%7%j0-(M54+EEl_&D*;aJDP~dzTdf(_{oZVt_$k)AO3c)B4`lcaSbg$
z<A-SS^sUlIIyml6Hie33DW=FgPRoWS+B^%mqTTU<x#hq3{*J99--vz5-|{Y4hBw9_
zRvwtX3c+HAka8x?@)}ryTE}!(eiP>8cG)-+OYLn8H7Ym_{H@n){RW6&*B@UsD;$9I
z^#(NH3)$WSe=o3AiCWD^kG`m1#={GD4QEoJbOYnFGqlHFy!eTA{3&H?ZOhxr2Qd1C
zMgW;*qLTc?0m^3Y@)7s){xcFM=UNzlsR;{`&$ZVhs1Y#&$5<bw-FZ+QL2ed{inabT
zPJ=*nRl&^9-M4v>d{Bm-5GoPX7il%GCaTkxky(Xsp;iLW%xgV+Z<8JpL~GDuu0cDQ
zGm;@$Dyj{7Zul-+{RURkEndF94pDSuE&_Y2pLyba4zlshS~R$nM=ua~(YF5uJzcf2
z@$vBkDs;q2P0%ddo1bvE3?}(NtjisW*AmH<J@jn<%{Z7cCXJ!_cC`QJ$x1YzW2!xa
zQWo;&P5xKEA4Oz6kDnG9o`U{V<Ae-~hlk6klN!>hr5s=Z&BKj^u?_>SodCwEq|mY1
z9|qxtB{!Yuf*w$vD8mv&n0cSeM9iug#|(J4Z{HSWCGHl|Rn>=Xm$-4*-H7e&?=h0V
zIyYB~p=oSZGLWk$UUHY3dSh8bU~{Y*Yfs+k&&z_r2=W5kvnDLNCC73oYK6_u$uX9r
zKYvzLYQ9{bX3n<4?M_Mgn7;33#(2E2k+5D_wdfeJl6A5n<xL9_<_s?WPyaid4jHK~
z7O{Irf+ga{ub+`1sXj5QJuomZC^2e}=6h&4Nv~D;1H2q86X2NtP%F0L3<GTmWG_Qs
zUmrrtv@;>K1BC?YO|2KopwJX@mx{}IcPc!4tHxPf(7<&+d!;N!b3d-W<3*b9-z=bm
zWKqrkRYP}iiq=g~RPX6vl;Hq)Cm=6G^Vlwz+poK<w{n46&|Ud39vXmbEPhHb5@rWm
zW~1O7xxu0i+;y?mC;S%b)t3&`=LfBib7j_Y!M%Si&{%px+_fNHcqjJ(*&bVdy3>eF
zynv_>a*Yxcl{XTH5!Dhj4P2J%FIb(42R@c9-<lw_W2Ai8CIR*&EX>rdo6PODupY}h
z-dpzWG#?b+NBNaS3{CMpKB)PpMc?v9QSESHe_3*n<EKx|t&^N`1w;HZtqsuaKbwMD
zHhN!gOE@FVNyl5I|30;6HU4akW!0v$c|uS+Rq{O=Y&3wTjh&80Y8pP*jajsl(-R4a
z#eIk5Kup*Ty93m7McVi*c5MG0fHsau*|lqA2?e&7RT6!R+OVDaD-B=Kvr|)~*RC}!
z+<9YNQGJhvh2N|a-QZ0;Od3wsN8E6$b1qEU$>|5UIk3BvoXXJ9xAFr`s;LIbkq3gb
z&Jp*G^~`rSjL~j|pdzbI27BOrLp6Sj1NYg?tSx8;gDyk?Ub9uw+A-+s0$Xo@Pi#y<
z19*GKs6yT)PFj(zBAY$1PLxMa^z}tV<+1trJ$icV6gAe9B9Tl?Oe3<$CVe$<Fc+lT
zE)Rt!A3(PZ``}$e#{y^G*a{ZDAL;fv_&_Cmo6G#*!3aP8gT9g9+*N!Qx`c#w;jHJ5
zj!wlvsnn@IN=x!P67Vm|nW74y(H26=;=xH&kgsQdQh>)3TBUG;^6%o4o>!@`_IO-C
z(`M%8ELQ%+I#fzjRPh-Z8JA!y0CXmah=@ks;v|q-Yy~@>I(5ooPR_}~B5HJmj$k(%
zZ|*sWNYst_6&s+}-F+VS{%JQ*>C1&qz9ZbPet&@$;}jU7fT=;P>3(5qstyaq=lWe)
zaAN~aN_#9^?`NqnogowZ&Rft%rNY5)4mDI{;aXta19lc&BO_umvRGUK*xAzD2z(Km
z)gRKWX4*oD*Jj#B3(eH*H^RNELF^hXwF%yD3L8vQNcS^u;B)!B(<Lp?SQnj9^=YPH
zJn(oi@S)xt)W$~n)oa)07Z-zI?f4L}68lwy5Q1$EPybmjn^{_-qFTGw1@4G%-@ah|
zuHbUkl-UV5^@v1!e5d7kypZ$ZW*^+zK)Jn-`chxE77%jdzAWa*rwpfy%=Y84J7=8M
zC1G%(D>SjVIP~T5nRu%#t*Y4NQ6f-YgouvT+p8K5ppP6{o=?Ij#vZz$o~O^Of&r_3
zkx8Fs7^_+!s6~og&fsGJ;U_a=sWq~w`!m?Q!-*$j{n}ovE^1muy@f6;5Mju&Lz@fH
z25p~rq3xZmS&=llcHbfW?8o<Url+wxgC2yjXjM|WIqz-kj$z2l%gYmgu1z&37k<&L
zPL)fR`u=@;idCu>OXS^;oTM5jRv~LZN-_WSn||9EN;VYeg71*NM#^Sf=Q{Ni9C9Th
zg!km0{7D>_SyRv?K7IPM+q-vq6Rooz>gwv{EsM*`EO|z6VN+QI3xe}_SNaT0uh4{y
z=8?<(5|>#Ups=Z?(B|ri(o$o6{jD~suyZ)Dzb2Q0CiKRQ8%s+|>y30V4I*Ir(p3|q
z)#Wkz{%%x{DnmY1)-wHd@J)=+Oo(4Cbo61Co9g1c+><x1R)VV;+yLDOiHN`{jE6@=
zWaPrO0fL0XaBqWn;Pch1AEug>0y9P3h=T;m`qT~X@YThdb~33K%Sgh2n}cO(kC{Ba
zNbHT-;1-4iY#ZsOq>Ubd@^QuwZg>lN;B%rT88$JY1O5GtB=ajYuAzm6g=yD<BT?v}
zf`U!)+A-jx-bAcfW|_ppfpX|uH*X&4BN(Ryc&=dP?jxWDkB>y9DCfKcA+jZ$HHLeU
z!X6pMs-?-}|K#l1vrWyy%g36qON)Y)`=B1@jvu+Av4wy_TB^Mj-t!Vmy?)$IRT1;t
z9O8v>%khQmDn)kaC=Yyo=6(ISPnt?zFXSQ#rUOm_MukQ?-ALAZ_e5x^g|ju*SJ&2z
zM=RZU)gf@e4v`&`XVj(dxV_B&kzzN`vDF5*QwP~ZD+y2EgX=4iLeLCpOvs|AKK8vj
zh_I8a&mX*>40v*RU~sU=sB1cOLPkv5)zYp%qttQ=&g*=+?G|f~YL@!Le$`;27(hL@
z{Hnn-_bD>cM5&^@99(h?w;ku#ALmx|ebp8ukBJoGn#8&>53E{06~JB@yo(nhCL_u<
z6Ru;hTL-FUWHj{vqqr>enjM|N3B*mbwhRZo7<RSLGcc&$?oc%x;5ZKeKx>o-YFVHp
zH?a{=iw;!xG?QFXONHZ6s>+T@bfA!UCG0B@c`&E@M6(Fi18w?!*d0?KhKr`pDY9MB
z{NIBB?2Mf+aLt<QXEXOuA^Q7M;S|R0k%co~L5BkB)l?UnA9jho3k{CZ^reR(N;e8-
zWRC1M9T6)dn{ojkLpGc`6B_T<#=ei~eqm_%v6LZQ1AOgEz2^zYn$jK^u2ytheuz!o
z$016O`Wphx&e=B~!!ndd_NFVjf>72TO=Fae29cjpqjUo@`V{8^w6?Jd*j-jLGO|9s
zr=$i1I7aWivfXbzFtvlBtK45M18z<&%^v|ioVVo+aHjT_mPJs0;XWi9@RFG3!AoJ*
zmsK(6UNx<x0^`fVLYD?4qLpj3p$ammBpIgB;GW&<?2@)e4!+gkc?@CII+|<@e*5+@
zEKfzZfv|uMHJWd@__yr#3$xEoV#r-m>JoFi4X{>_spfEL(wx))!HW&=&f#UL6=^Qd
zE;tI4W587y&ux<ySjFVUacF>0pm%T>X#fYWX>y}SSY%{m3l-Y#=-}K%US<T~KE=4F
z7n#q6!j_>Rfl0V2QhukW(LR2y%ETczR=2i39Ds*V5q9!GD!&R1Vc+VS^P(58O6v$l
zKRr+D{qgtHlD*02-WD^EtaEgP?GuBQko}9liY%(|fjq;GuDCUa<chk+=ESHd4e&rs
z*`&cm*sk5UF$_TkoA#!l!2tR1AROn8#v-poqNisAB;e+{{;~rpPunfCo7r27zsx*+
zuVRdYr=gGlZ;^(u?fKsMcXSXY@K=fqMgNr`2l-|%KfmB7jOxX&An$`96o(7@!;Xl`
zP470660vG#1PC5(v!qce>79`vlX@vz*pwgq9r8>Wu%z5Mh1e(V!U1H>-jKJT0&5&a
z@!ID)bQu2n8fzLb7h?)sLOv#=Dq|4%de7Z6Qx`u)L|}JDkxlKO4dQQGLQgt&e6?|6
zCg`1kl6%J7BIouXBQXC%)gNZYp+1(IoxQ6&U+LPT`DeDzy^$vS)LUNi43vKeKdM1(
zi`3Tf3Br*@?kYC}gO^cn@ugjrjgr9sFn1RbL(5-PDPX+Cr6hEN*QDE6Jo`=a#rEKx
z&{GXhPq0<?r4WTCy9F>GVU<eIc*||r^nVD?$TA4(Ib@3GZ12jQ3oOB+wFA_Be*W(@
zw$IAV)_&%mh5+bw?Nh;3GXSX)KIw&Wx)sS$Fn`YZywqOJ@X<P+9K&aFo#{04(fdPO
zUT#>UEA0LzW<z8z`u-&PVph9eKXYz`|AwQH$<B|MEI*cws>r(QXg`F+WD)KOP;7XE
zF184YF>_y^X#RX#XPUcoRi&sPc0jV@lvgl6x-U6Cgu03o-m3c^Rqn6}k{VgkpMAk3
z?`lt;fVND6VLdBbBk}gp+Zy5$JAFh-83k*-^<$|t-w%4>LxIZ^ufWc8Gqt$EbY+pw
zX1wO&X4G$hS9RM+5|@NmgY89|XgmFWXBQKAx5zdcxPNa4dIHauxyjVRf>bJo|8TNV
zZfPEt`{yW)&gPY#!9hBDPf}sxhltC(l1`Ps#`liLzy4HNiSIbM;v*!<%nJEWfCl^9
zg0k#Zkb^h1&P6t%tgWnWKeP-<Ow<EXt+&a`n^hG)x&R0aT5Y>4JnS{vop}P}wR~kZ
zl+%6V$2{6|A#2M7aWQLZXJAl;{Hp^4WqM4ruVA2`@xd_@IyKC-W6Q&i8JU>{cgk%R
zwjj5{B<*aC-&+;?u@rpYK*>WQ+g_BhI;VCBF)%!#1OxuY7l~Dpn3$QTMwP&`UI7NO
z<{I!Clk+)b_-)VkFy8+YGjrqmbzb9cLuSPOHu*h(hLG`6QApmM8Gh$I>*XQ)@fy+R
z&pqlF-7&%qrJ&`I^cMwhs7FhI$_`lcCafgB&)w5s9=m}m%+mb%o_1VeOGsTUh=s6a
zjz0Z95ZdBmJI-5#gbUEIVh10%Raa6g17ga)vB~Gnn@5`)Q_#P${$RhgJiOhW<0&1}
z4@KRxh1Z}BN!$-M$&E}V*V&)iPUPkT0o8K_EOP<|JAL8GA4{_47B}yC41?zcr=b{~
z(zFV6U_Py7RTjIWlFZiDHUecmy9$V3mJoyMh_GG!m71jY<Wtj&T>!n*jlTRF9+&+)
z6J-;w=`8eFeB?9<D{O&sNvowVHZjw#bxXkIooad%Pn3L{7o0?dgWqwhuY^(IKJBO#
zO5fLyBesRgHoTb6ZZ!~}-)ScW$`ixssZkK$8{@j^m}yYE>mvJTL$$H;$4Gxx=e8N;
zmOQ%m(8|VPdx~UHD^#x?>q+m!wvFeA-Pq*O^m&Oc5kL?a%#yZZMekNTK^lX3;ib)7
zXYGq!K*eD%#E**Cz9=dx5|HtBZ&5<O4hyW5;cnrsJIRv=DjaQh`>H1#)<hn73QD)%
z-b-c*7)h2UzX4saf<Fs=e4BX`fU`axZr&JW&;RF6xF0SB(aLv0yExd$jqN%c+=k^_
zets^Rk^FQ70^#Dat@#j93vDFm3U3hPfa^7WVPb{+9>^Gn4Zg(e-TW;fVG*5n08l&#
z$YbX~XyTZG+1GRFLKnLppK`M=eZ9o6&FLv<BdjtA=^ZU$RO(sH8C5aERsLXRkTICw
zrf++!+(BvlNzCd={Feq`;~x(XZ&zvXgQ1KEE_-=kNbICc_OT}HsEDfth*xm)?H;N-
zfR5mSsGM5>>GH3f_3cqtX+31Lfa^#Nn;gkXcWSUpXh?<QHs~XDFJ6J6eGer;7P!_G
z$R+{1PgjRQ?FUj7f2>P8qJ(V99y#l}vKl$_gk^=ml4M3lZBEPaYCubw&R!+V*c(j}
zKf!|PpP*YOsx2)p>Uzkt%maY}9r@?VrQk*I!3OLFMtA=nE^`4rB}l^cbp*&huU4JK
z#hWL|d&H--6H~pav1==>yUcQG{#Q;FtpH13ZS9mE0VC(mZVU?jj#gsA5wVGoCiq!D
z7Id?3Hxm-<o#B;-@-g_(w~Ftu3Tyf@6yij#D%KXw7wHreote1=q*(7ISUtfCo!Itc
ze1-f=Z7hD;dM|8o5&2zl4^ay;EwpncmzLtQaB*={7uBJ6&Q0MrIlH%cTfgnI5jRSX
zL;zgUOj<Y7y}5XK;d=_&qbueKLm3Pq%s9XV%NfZ{ZL=|ZA8=|ghXP%~LooWTp?rOO
zlmvR}0|@H_Vt!9g*J+86oZtbpw)8d1%k9D>*36H|F<ogIC%OL(SeNE^guK2%ciD)P
zp3qVOx2H%Yp%e7>;FVWAmXj&mCMlC$0A9GEBLH!1vfy&fQgz@mIe#3~-yqE(Z5X~8
zS694RFl6gp)_ZGdYh#+s5zABvehO^*kO<vyC_r7W58#0wC)T?Rp*K+ZxKYX8KP)T^
zYilKDqTq)9Ho)QrcG=5JV>6JB81J}&w5e#z;VDQEumIrq1F^&Qa)o}Y>Je|JDsqI6
z$ky34WMTfNpxj|V`(@vN9VPNTq)$hEtl;Gn%N{WeqQ?Nw%(PA{U8Ma&L|}UAaSBD?
zhw)dE2CR{BS!sttMEs1-x5f|eJ(v`gkcm64-6_y02X(fxjNosj`;3zJC*#xK-md+f
z&+!OKosQM%&0Vgngh3B7{{7^k!S#jVXOesyT!*SdO9RUyC&jD55Ni*l9ABQ;y_`*R
z{8I3YPK$cq_Nx8bJ+D!$T@tK^XX;{$Z7B7}q{*so+KQ**FEMB-k5=;>Y*D#jU6bHq
z#J`PcKjvp{ZTnzLeKlFJ1eKFfCi%P%wq?|Z^3TW|j^`>y)7`|acVD%|emf3mHM8K!
z;j?#{F<qQX+$NCP1SGH>KvC&Pw^NdZC~=*jsJaVp1k0rUKSp+}=yT$={2#v`S&E9b
zLk&Wb$6O&KyiH2FuGt{ie2LfPGd*K97&iZLK9-w6zkWpNO43tBuTi`cnW@VV+tgUw
zn9J*KAtoXsCnRiUC4E%-OPiim#V8a1hRXfd6sL{6!^3SwL=5-v3U}Uv#t3#)wB5?(
z$_)6r3mPUSUQYJD)b*)CGuKt|^MPBCzVDfZ#Zso%uUrt}0S9@GLHkJ2pC=oNN{%y9
z$>0XZdc$_=#<9B8CYql0Q4PhL{FM{!=wh|J%cbXvL8I4K3kUCt=Ze2tJ+vjnJbwHg
zDy=mC^6%d-w6*_)fd%lbTcUXQ(Ww4>RM}bxIlyY{x9gxU+zAe1j^$E7gQ40CnyZ7e
z)m*tHxZgI!-&VQ4F$5X|X(G)i{#a|;tR|K>%=9JrZ_yu*##bXPD#5020b-@PhDJ|u
zKzl2ALcrnt8=Ul5-@Om)2R8<lu^9I4LX+rs5y2fZhrE~v_!lnNiO29xa-A!`4fg#Y
z>Mnn#k8FBkUe{=-<EGnVz@RT=L5g}M13J(eU?K1^(<N&d-+S;N3zi}9+f@0~PS81f
zzQlvP&0vKU@oQsCGa$uU!=B)xD!42-v2*kD@d*NC+@L0eO@Z2<?s9nC0N-UW(}WNH
zZHvLeOx`{5TJ4wP!63~vI^*4BDmLyhF1gFb*3{G_men*J<KyGw3ju+ZivWT*@1@&A
zM8jqs5P>X4w?N-Xi-?Hu<+Wdv*BpR0*<H8SuV1gdOOeW^V|{eEw+T-1uyVF(phb+L
zI3jWqNI7np+U%;MQut;R7`PAV@TPPqMqr@P3l@3y8^WPGQ*9f@HB~uhe6Gvjb5zuA
z4#OALZJP^R-G}=x0V>Y^aD`$Wah#rAS!(wusDny;SMt;fKLR#aD`cscKz(h8Z-4<R
z3H=92au~?aCGv~U1gaci27q*JgW{q46%;6egH^Zi@S^LVOs_Y_l;AfN!hJ-&b6aVy
z3-T81Pr9~eB|{S+*gw=1$+ZFq#WEYd@Fw4USoJn&QcD2*z$c-YNY@-<uS+HQkLEMZ
ze&-HWu>_^TJV+7tsU%9U!k3Rg#LIdZNB$fh*3j=d9SV-zP3^?Bcf~sOZE#IdnkJJ7
zl7q#(_Q{_5-(NdnL&ou1^A#-9_aB$hY)aUOi;JtMaE6@#gv3Uj30|h+jqgqAn3Y${
zOy5K3iJAA9caHy@{hXU~i<nrUz*wPQnImU4g#UGe#U;CKH2t%pS7T2&hrvY%BKz#b
zPayP5G4PkzDZrKz49__uFV(`gE2N>29EPjSWQxWH26QGVRpI49zXk@<#3alCd-nGB
zvfjV|Hl^1rFMe$-r*aJ2Qtj>3m6Y_-rOnw6pMwnB;ETqZ9YB$9=s@cLK`pSyZr<_F
z_*sQ&!c&1L+#$eu#Lb=2J>p`#yLRIfSJ4$vEyKe3Ge;+BK>!3YUU{@<!f7RjPH9z1
z5V=~A0^e6b%4^q9^W$O0brBx4GVGIqZJN_Z`;>%W>^XUu#v)hjMxu4mqrjdoFi!B@
z2mqB5H$ak3(rEoaRS(wyqhdPwb=gd;z6Lr|`3|^hstu834=uZghSbaEr>3Gn$g8QT
z5;NOc><6Z50u&RLGXP_iqM_r81}ZT=Yy#WKMoEY{9DxqEI8reKx&Z5t)h_@y08CfO
z;aemAS8rb)4|Uu2U6kEeQ<yN4?6MpCo;^E7BukPkV~K3ZG6*3mS}fW3t+LCKT_J@e
zVJ4BC?8|dZ*LB_Z{XWn0&-=&w{^x^_8FQZJaUREa`|)Hm3<61B3}C3C;lP*3&u$-c
z&?6%wTRY!)t?R>F2D>ytO$WkT$?GYi4vXV!7yDY!DC&5hsWLd5e?cySh}drh69)<Z
z19FK73+v|o@0g2wOIXy7Jofg|PX2|Y;#UA}0|rJPWE7f_VLMk)<O3C?%935qm#6Sc
zdh=$58I;5(P@+YhCV}DDZ<??tt-Ww3^j>?z*!ok^(+R9(hrI-W8!>Sx$STsnO0^(C
zcVv)}!Nx(vWn>vvBye;5HsIM>F9JkGf)DNyxbXi2X@NSV!Ss9K%>;A>-_~2U`6xLS
z+9rWw>V7O7yo%EreSr?#sbVPt-~~DleCgoN;);E-t8bM?c@ppL0a*K~+T_trZ-xwA
zsLVBEb}W57!Cj}vUGoy8HGxQia}OqT6>Dm)!Syt>Nyg7vzcWAw7!@SmcXf3Yeb6=u
zrfaU{Drvbp>lRQ`s~An@KJRN=2LMTY8~nU}LXwhp4hCj#$Hp$a-XZjCafr&Qsw53y
z%7l8%*`E+%)RsR0@(>JGwAHDzr8lWr0)iJ(u^YiJSR`EtE-$yHef_}Y%j-*u>40CZ
z8o{~y1X_yKG1B-&AGRDLAT?pLIZV$B27W-*QHN}vz#83!>X;U^a|5_adw-47-y0ly
zK4+@m*Pdl=FnwO!0JIZ$=#u|;%!G$)!M;^%5pI%efylY0+lHrWYTYJ+{G><OenD62
zBl-k5T=PORz1MYoCV3pJE*00nKMkw>I2f4JBI}>_Hv!#o-8sifOUv`=+%Mr@lCYT2
zIDTRf7Zd9N-czo7W%>^cBzQaN)5F*XAjk;!9NCeSm510I2{%_mzzm@;?DQG2<ZIp9
zIu<0WB-64fcRh^oIX}tHK6@w;Dt+v(E<b9r*^;8(JST3Dlpwlx^Yor(0Qbo)P&n%4
zb@u~DuSX1?3j52121HRmY2g@yP0-fsE<*PKD|UG0I>9tvEV{QnV*_B!E0@vLxYM$6
zr+4`s$o{l@ooXIV*RRjus&u*y^3H4p1}^0(;LQL2nSe*N%P5AD@;=o6S;ev9on^fR
zG!-@V+H&>5>$Fao5ne4N5&y%l1>As<ODBjnU+pEpVa|&Ru3vpY1;rpHEnC+)_-&)|
z=h&OlMmG@MmNrH*5V{3I3$}b>*MP4OMok!D2i=g?jRE*?^1%oE|1!h!R#aA6HU_*~
zJA8p{2XS>H&8PGYx;8Mg!xn@-<I~FvG$6tw=pWzlc#OcE3=T$ekRFzmxkKkXdog7J
zq*Grqp|ZKSwEF<#1&arOdqd!uIm!M$v3)r(Z}Tv?5=K0GaD{@>5;q67s8>sGlcnb;
zg73<O^$M87otVw0Bi{!@R`)dr6wD6Bp`ZhJ4*0x)8k^4NZNNsI_dsn3p6W}MmYcI5
zFC5-_`WLSo!-R$ZE{iyugqqXfcZRqn7<<^Ui;IhZ7Mg}ix%z5(<kK7_OyPiANJ&Yh
zM8?D<DnM&vLVhlvo6>M?Z)41@q@;x8zUjHLAke7P?i?;Wzio12c&F*1gFyLa-b&EJ
zQ?Vk3cCqDZu{9zjc9}KNMp;o5W@<<M)rKNP?%W!oOn)+RP4Aj=Sa#$IljuycJPW$x
z$BzdE?<qXqbey;}L*;Iu)c@hqhiiSKl^=Rvpr38le;D=OD6*<?hJ318dF*90U_e*~
zAeb|V!VKhS&7#gEQ)e=l=_TOcI7FdCcQ=i<f_2ecVYDh_C>%aX)q9x2Hyw<bWG4=s
zcWLyH2F?Olg2)#CG4~>z`+Mcc7c$;=;Fg%11;-u;#iGM)g7>L4a=Qs|CeEPllAx2=
zM&cV}CUv~3X%Nuoq@<(?s`YBgFR70neOg|2!}xA#Df?j{FZR!ChSm3C@=lBLy{W-c
z7pUah?U;yz?-d#>6%~~jJguY?7<s2e^-qD&DlJX1J9uaI+^l}DIRZ8x=m<wZMvs<#
z;C_3v(-HxoPNBE{RR@RUM;o0=h|ti`z<_|PH?+m8tE;u{sKmpzBvtq?;bpD$(O(+_
zu^S~Prm#>Zj<Z~F&P1w^fp*tL01NEj;PW&`&<WYv+HQBF!anx(T_Fi*Z?iJNfY2q6
zAA4TQ4jsnK(uvv#moLc8$jC4t$W>PkpI|iq{P|8D9_))3FG#NC?9in7J%ztfe{&#H
zy<iV|S-XzfQ*NZ(+{ChLk6M8e2C16)qv>geBxH-*($|{Z-d1gD9IZVp*gc=8VgLGr
zoLB>8PfyR9dIM^4P<vt771qYNSCfI=yxAH-{rHmo_sf?qjq2;ahjZe;BhGME%9TrN
zpWl26(6P*yc4Yy(8_zwat-SGsDFCE0N%^i-n4b#^`yfcLMWMG9UKc%&cWgQK2Fj>i
zlPIe1Tf^>Zyz2aAmWbo5tWSZpShY#{=iT&hV~<E??-^XVRUNn+M|9=71qb@r!2v5k
z5?3<@rF@sHSHUC;={U#a;XMNfk?0J)C7Xn^IOD*mU)vKAJ3PHwXkW`pK)@rrn*i^`
z#l>~s$Ve9wns&K$%R_ourWmQR><FB*t?kj#vGVELyuEq|4?Y(R8||03Z<P+%o7ymu
zhkq|-bO`+yPbWu5?jW!ybl>~-DpNY-y}H`7m(qraQP00tWW>{g%Q3R4Vt#hE2HtX_
zT?8}pMI$4&PK=3(c$<X0eCVM@l4>`KusO&wkW8W=>7W%8Na5n*l7a2z?tV(fYXnwL
z=t?yHkQN{R_b0)F4KqOevytI@|Nnk)HnON_zT?41b_LyrV8yfO?I2zvYK_W|AI03s
z0@%q>u+w?4gzfI<V`ThM`!Veg5=7V%H;S;M@MWF&<@VUD+>2t{X7no76^K??-$tY(
z&v*Bca7|4*I%ekNB(KVK^0C$-hI9Hx2=WZ1wP0J>>X)0Pz@?8Rb-Q=2ug9ER9aB8~
zNQOGjDY!7uV;@0;h+YyvsW*d>zQS{+B$G@{{mVRPv4JIg^yg*!am&C-=JePC2Z%UL
zA@D;CNn2I}J9h8lnXo7Nj*gEOPef>GNvWzncx;VsQ=aVKI-tK+E8F0>4v~x+E1i>Y
zV0w~x?W_O<brBP*<V<XZ?z3TkW9(4JSlFf+r3g3ipO;$3F9Sy|9EAQ_*8JwCIjn5f
z5e|mI<U%l$gPB6Y?WpW}+J&nLGT+wbGYt~uRIHyH(1K<fD%<R&h~XpeU|U`abX#Nm
zHABLG|40E16G|L-+xLFHd;mxZA08CbAWSQTQ4{tyj9i5{gCOt9^6~*!wKo+HA9_M!
z7jz>1P{|g?Zfj0LHVQ!Cg{FlOfyYS>I>cb58h7Rjp`l3s0saT5cA$sD;x`r)!HQAe
znX&VVMns68pVja;`{5S&@P9)a!)dOwv%L-W2*y(9!7TE_bL6O+E4Q4Y2@wwOpZ~g&
zh1rs;dz-Pce>N*U0Gd=ywxP~@?7@3<T_jx2pvWe{<kgu;Wov2qUA=kJveHq{o&!p9
zw!zc*NMtumEU%#Q0=%Cp<p#Zjx2NYC_+&IE;SWSDB!Qwp=kbRXLg+@GLAG`>$hK{l
zjwiOp#GHfS$X5_^KFcyE%O19z^%b-gT>aTP<<{2L&=#tI(dr`Im-bjs^^Dxyb3~a|
zze&+wn+}hBb`JLLDHhE<k?Cyp^%H!yKz$#q&x-M=UEP7ZlYyaB@KVJwAMAN9YU!Xo
zUlkS3Oq7bLiOD+b0y-q*K%BvBZO>dOKgn^CRnp}Y5*aYn)<vVR1^T_?JZ;|qaP-~Z
ziGA|q{$3ha7|v&yqSH2(MM7bJ{o@10gOQJ(+}iZ?^gA01_Y<KzBh=yEVvlKV_fELa
z^cwmnCSXwboM&fe7pfVacv0a-xH&=G(bY8znWa3+Ue0N2aP7P`#@*{YqqsXSCLmzb
zSP!9RBl#f4Z5E1QJr8&y%*^RHs2jB~r616*%3%OunA3=5fi6gaiz^E>S=T>A+{7E)
zE_T%hE6p<G7^-P#H1|W?Y8XwCvI-}LhdjndlGhHcMq*liP2I*uv7X}SB!pU+hXdqT
zcSiz7h>zFqjBw9!EZyT_(nMsG#$Uu;)+~>YNJ&hDy*pVpc!<4Q4KokG^Ka?Z+uO+L
z0;^iJ>6m(Oa<KcJSvsik<K&H;92~;kx7Tktf>e)_^Su_z`gn8CEvsK}V6#~JuUgyy
zVlHSKe^O$Kalq<YdF2|}ffT(8+(0l?*iAw;fp`l7^)c<q#-n^~^Fi?5^tT54X;*oB
zJ8BkjrOXHi(0hk*2tcUYiD1a*0DVkT@S#6lh18JpVkEsL$GxoF+!>&SUX3X~G6R)b
z=nK_plJ)sfhS@7@k58}epT+s%Xf@uz0C4F5&<$WLt`{TcN<Qh`xEeL(!Wm8QQE6)G
zvYSP_hcG$Ygd3a(!(6$VU5@_qA0SWVKod0MmTnE%Ig)|~+8Sss+^1yKykQv2_V)HH
zUpZ&b1%TL2v_ho|m8t9NdrawdlBL5fF7=^b6HURe_clxqmO5D7>O%}1`j5D<3qzBI
zfnqq}H**@g0g(c_)6LDzph-wa(yP3%wU`Ai>T}7J;lg1lGG3$A#kwU8b#;DEN(z}l
zxtVg<1rW%qd77P_-O^I_EcPm-B_j~3M8q`1MVHo|y7el7aB6d5SCt=I)=}EHQviUC
zTjO?42$DsL!wroqGg5hBi~y0A)oYhaTIywheU~Jwj=yT>)w?z&VK2O;sXf`7A_jB+
zZZC%HBdeHW(VggHv%M*m&_oX~5n0>>@fu;1Ih{GVb*g95CU~LLI5+MN3p4ZYonNKb
z?e{u{Ac6ynD}bIED&5~F+Z)~6-L2ugy1OI`(jG5aVxZzTpo3s`LA~kzq8WWe3VPwT
z9MI%i)%)_&$f^^^`#U%~0)(N7JI`^|vm@@g$v&h!sQgBP?kPkbT0pzi=kX*_SD;;O
zX=(X>W6*=(69E|UTis*1TVKSPPZm_)k!XZ!Q!wKWwTBZcn(DRuz4_a>Z{_8WS1>~+
zrA8QEXl|f-o;y3<CTb+J_i3@E`lw$I>Rc8IhsKvd*@8L1!9ckyWAXBIlE$5HCLb~y
z8X7!4pcH<0x~uiBK57L|O5O|AFuGavGf{_v*E7rA$<m`|DhLjz8E!1C;>dSUTH$z8
z$3e68N>XrvE)`f|DPyAwBW^65;4{id;8`!dC#Lk}YrO~e1(ONl0lQ*cdT3<C5SN66
zo<B2TIX*drZ55%>=#F<+J_UWo6vjA71XMFn(A|RKibNt~RG?dO;o_V^UQ3I4FBPfg
z^cHRpHU(V>HA(M8RlI=(<6wD#_GBujSBaECp-`B<j7Uy=JZ<LLH<p(;K1%>R28bF!
zs@B!Z6Sc$07YcznFjM>1UTs$St)i&d1c=6)TVrNdJR{2pRt_jnRHv>AO}zoC!3FH*
zad3u(i;+b34?zZf_i^K4kX`7NQ&Jo>Xk4)XnO_iEEp-4Q7}C?zq3=w52CDNqUq8Re
zwQRz*65`M$frT3*&m=!FW@Lz)i?$P>5tLgqrJbGdO?(;P38LP7Z)aE%a~ggasDY`D
z5)>oYd`<@$pZQaBN{H4LeWm3j<l;ndI@~|n$HU<=R6j*dO}!7gICp`?MK&HaVgLgZ
zy!`zAd+wG77*`mb!AeWgJc!~919WqFZH?5Ttg=!SWp?9(0xGGs-fvI3K^6Ofww`tv
z=szY<3kLbkeQS^{DzfX)$4tKRWeK2K0aIKviJ~#HxdxZIkSSbz(rhZlj4g}6asz>L
zzZ;V0#N*VO4jUOl=3}M4DLsUl{P(8&{S45o2ktJs890(s%or5u6xpWZ$e#_TUw2+k
zKwzkBa4Kv(B22Cc*>Xf)UVg%VsR2Zb0edSQq9(F%769|Ly;FPB+c-5TiS&FGK!qF<
zU#fVOD5&Y_^G;*f>fK@Ly^J3EcH2;+Wbs=AX`SjSfJ8?mn0w<+H-VG{89f3f8!i_o
z3jm@)EgaeeBidsn>@lj8<c+Hg^z@TzPKsY7eTsDM+=)P5g<aA8Nbr6G67a;Nq$00Q
zR2xkyrQpy4mm10}gJ?hA0AVBjMdVZ%tr4a~P9PhzwQS2bVXX3Gu%1Ud6B*51Tj!6X
zV}~Fy>uUCc)gEEdv{M2$`v%H?^_jf-&}T+B1())~Pws@#=7=Y?9v=M#@&l8`re_&M
z1%AG|0U^0G)YZ3zFR_RLZ5x!wgDoW#OHC~fetubbd19N6n(>LuwtFNmM<1}~-du{;
zAcI9bL@-N;iHWi4&CSl{=Lq$_sSp7P;Onxovh7_F+k2KGos+PWPoF+*Y{ce72|S=X
zUfU{Te!Sy)4KS16n?ngx$q;NlyrMW96~X`*|5y#-;A%9!sFo7eal|*FTzszE*52Mk
zWD}`^fRM6W-IRiT!7^IBfxp2?A+;%!u&}V@;8bWV3G+c`4+mCMDt{Ie*<CAoBN_=o
z8(womH{AJdf>n+6Y2fZb{3^88u;$=iE1!e%_^6pLDCi*15!{Pjvqs+M9tPkEeyBWl
z+OkXLh}PCKR#xq!V`GIa&;u3h_JBYY@y6s@%?;zX(2cE1^Hc>xI8sHxug?omr>^$2
zVrBEU{h&R9F<n+hCe!MNFp-Ccc}J}0D}YZhn7BykbK!thTU0t0e^~{|CXPgSWre(?
zWE$VAX}36W5n`D);CeEEqs*QEz;vWEG_;jqX-FO0f?og641_PU!1wp|QnBPLXs$0m
zA?x*It0-FFQ*#L2)kzh?LNgG-9Thm<;QwL3BTv`urQqYH#>OC8t`U}ck5&>JH#fJB
zcv=b>XvZl}a>76>9QHu@P1b}PB>s)~YHD_Zj`~%oW44OV`#>>ao5sWr<<n@4nqG8h
z15(yUH;(efqxkqpJhYyM6wv3ljl!&^G}%U8e#UqDQ{jqV=j6(C2LY5SS$u2LDQIHg
z+QBtOMJX%dx5`*!52n6_Ys3FB&nc85wbLf=KEnzqK1C7+<^BEmo;8jTxC{-w!Ftbk
zC4dC)E(t7oRn-OUXbwXRtF|%D;LgnVAj}x&Su6-M`ZtcX?879T_;AT?damESi~uId
zN>rO%;l~2j9k0~M`Ur*jl5cG5BrTpF{G<2M0+W0Fvi0wE7`TC20(>I5j>sb0<912m
zFJBSe=I<JQ|M3nVRoiBh&_fS9KRs<{#m1g?-m%wWfsz1s44h}c8&K)F-p|L;N|M=m
zc`%>*jt3LE+IF7dOSi9@E%&e;ZI#zsXL?i4EJ^_o{558{rG*HQ<EkAOI65+tC-?w-
zvH`5D%^s66QKQ`<kVJIjffsP;IXx(x51`j1#d8x)O<!J7rJ7pnp|jvj5;l5wMn2<A
zm^cZ&FR%rWsq~ZwJ7ogHo0-|`!e3j<%VcM<(BRju-QU^Sfs`bExaJlICvmuEDJjS6
zD5<D=7t+}j^|99r_(@hUSDGKCo|n1MkpbXev+<MM5M*}(n+#*#xQZ*L8l<+xsuWOX
z19;uO>--HyCAHFf@ZYz=uyLCSS)l_CY_nTn<<Dru5Iz7*wd?o}z<;NtPDDsT#AkXs
z2Qy_Ys6u$MpFWkX7kUs1=Cg=Zt>-X$#Gd|@*fFZ9T^rTyN5vmb(Q;)ixfLJ~mWk{1
zh@unv-Kf9If&n6p?)GgOP4mWvi+OjQYsaI)`LUzuVbbm}@syNHtdd&=bT8ar!$2{L
zHm+CVNR#tR#Ui_XfU6h8kTq15mEG;+wKe|45ic#o8<O07BDN!mg?$JNFsNslrGH^F
zp`WMnsf<1eU404-*!%Y>H;2G{t*06KGVXpI-{}}hNlA>;U^8G$nH_*bC7vFy@syIi
zZjGFm7g@RN^FE*qvMVx>|2n11mm*^u<lt6-JJ4^7P{#|p_A+xiQM$bvYt>%7pS{pw
zyUo7<1S(4a&3bn3b<OQ^yABR>0|91)bAPO(0M<7HJc+f*$LA^8q@DUXV2KQ5O<`(Z
zfO_$%1iZ|us;cmT4GoDCfZ49L3BXEid!%Vk74>pcw6^6Kkg_)Ut_%i0pIJ>Vx4YtQ
z1$fl3zBvOMTZmb+uSZGygEWqZIV?T4nAJdGVPR--kSE{AFtWilG%!H7+aeizq1EW$
zAd1C#MM5vN7;ngUEqT_FfT{ddvyFJMQvkoR0hYP3vB7Uvw7xk(R(3a+r;RTamGSqU
zU0v<TnBz*?*6G8rS-dqic1#CQGrrY-Gx4vo#!I4Ii==OP@i%ld0`L$%{#@FhS1=$9
z`l~pGzcxP#Ae0w=f4)|M9f{HWXIuUQtPslN|AQaI6D1@k??dz%Kr-CtCWK|m0_TtK
z@}c$ky88GH{NYCY=MDH-U*&kmeU)g#VldSt@#$l?e}4Fm4@*uS1vs~0^uvcKDJR&|
zmZRJIvH4IlaHL`JCpA5M`k1}$Cs%Pp<^X<xO(i-OWb;{BPjw{$(5j!qM7rUJt^F6k
z_NMNE@mc)(d!>W@WOt6jZqYQb?mF*x4`5Ebb4P>i1VF&wa`eVBN4zh8ITN%<#v2kC
zvF#JtFhcm#<%jY0?gZMFOE7zpzwT!uHNY@%tOc>)?!F%v=XbF1_9rBJd;}5*S|f<f
zdkLtnva<4rvgg1`ot9y=*ju@?<(>;&_?qVh%|`RS2KS?4)#)V$sf;Xl_8?y3Y?dE6
zIXM6@LYW`cHEnA?-qd&i#hUTKpPW$L6w!7(<jhEliGelgYu)V$&_C}tiT_?bfy89&
z9sF58i+i}TvODy(UfcEH&IiaBJ~)8X8~_dh5zr-&F(^y@K7fgv7VYKk4h@S@OC7bh
ze=9|{7DN(8MMu97v1<n&Z)sfT0RPy=`sx~x``}u~hL<)ih6jj?iUJlNJ1@s|R*<o+
z<J?`az}@lHO~Uu~7EL9n&QtO-!4B`XoqgB}xB$S&z)Ww5h@3R6wheU~E*Z}vN+cx9
zDL(@1H-s3or*luehp^l%cSyzr@da>FwKX-{05MU)P?)X#``2)(K}O5l5Mn?ElPT$f
zq2Gjl)%FZv_(`d7qyZ_36dW5H6Sl5DMR5)fs8Yd|I!Wt$Bb(qL$iP9v0YW7ZFz*7+
zMMO+YeQycOAfRXt4+pY_>a+|MB>;38!7%jL`GGV9Y$$?Nw3JRtz{GPzLzWCQ#j*Ey
zKk(}5>4gSn^zqz)M1XbEoGiJrSFehpbbxV$m`IWzoy5)oM%86;n0CIzP;WrWgHYvA
z`_1WBwzlUkzjleDucEemtBm&%1!(R5X14SD>6UO!@rxU~?`4-x)h7dM)%qD8=<*W=
z-@1GNLc!%0wiYD=4x8Azx(filmC3n2<5%nqGiPP`o$VDq$d%9vk_%MDq-SjPI?>Zy
z+<6p=E~ggIV2}YUcdHtSZo`nCZeLOK6w8Aiy7CK$i*eKC65CpAZ>nXS%OQmp&Nn(0
zESU*=YHZ-z>$607SLTDZoncJbhs$pOIAg=3U8+q%`(>L%UA7wS4A2nPGcgYVyywMG
z0DvhB@)R}4z6g60j#(zgclmn;AoR2n!219CilbdQ-b{FAOeZk}Y7T&Ohtay0k+N?2
z_wP_su(EH$7L<xtm8LRES(_2&cmZBb((ul6-!o_4Kc^ul&$p_naAH*%1M!;cS4|bJ
zcX7Zr(_CbjRK_JzaAKXfjtPsbd;zp0{W+O^Erx)M!N>t2#9zC+om-AcF^eA;zL#5U
zRYQ>>DJsgx!=p)*_j0-)TI+72b#m{1l4Bi!uxMW&hY;<M9kS+Sjje)ClnL{TC^x#Q
z43FvdEg|LI0Xg&)KI>m4?^2qX+}{Ic5o#RElQ!0+ruR$;d4_^+bl?d%6s|R0OmlR;
z_#3o;SBJ5P<1HAE7H_GuOA;<(k{heJX+A%{)=;)>btat2V`gG%{~+p@(y6KfQ4ycv
z>Vhy?sx*Y$colCtSo0y6M5##CeRsHN2QJ1&7=Fu2;ccQ&t>?0#mTc{@$udQo`pQ5&
zQ@uMR`xr6cYZiVnr)HTp!Z{;3e!97(GvVdsDyJ2Qk>ETwNxV2ai@q^vKO|uJT40W&
zAU&?BDHx`}u~#>*0}yD+(@au63feun>uc=~*dMHg#!g#J&L*5`mR^QZ$Qd7voceWS
zn@7|!Ot0!X#3u82-M-zS0~j%ku!_^XqILn4=~@=&v*p7WpCjjfptKR5Jw_bSTM_C^
zVT{Ko#%r=kr`v158%V1~rtm&7?K?lK6RAFHPsZY#*NpIv7w10tW=SPRX(=2z4EqP}
zQ>y_e@J!U8ULMy)rNuC362;BOMCdllaOpVr8;{oB620i&y+DRv9*s!mEHN#$mX|`S
z$qW{n3-hYEGosZ{L?u33Z4LfiwSWq~;~GIF3R%}%P?S61s4s6Co3F#5%1SwMzv)oJ
z^r(gj_<A~@nuL<RkoGV#M>K=iHX~=Laks?x2Y7D?Aj||UU^D3P+qU#dbSnfoZtR&U
zPzZPTlv7}M!s(OnPp?AjNz$r~N^xuW{fNpq#MLz4NS(FRd)WB{6-&fMZkAlXd<uyw
zh}X@cD=F&CE_zF42bOwt&W(fWWLJ!;=xkO}cgFYmc@Sq`-0~848KF&6<^|37y~4u6
z0%GQ|%Im^RNMr;!we8zum@~tP81);L(F;0bTz2TM_1oqGUmN^s(xx`Q`CsJ67H}i7
zAn-=>Y&nF7@wO6TuXgtORC!vzmEW8{Imvj|K%worz}D8*sm_c!^jENyz<~p%jxt|E
zj)q!Z=$2%|zgKgu&j@<0t9M}?E%5Vlndz<C-c7IQJgI^_&2^v4^bHJ@D`6s?B3#t;
zZWTN=zz60Vb|trtjP$UvF{qP4bnoQM3{4s2d0|zGRE`Icz^XChmSNGOuEBVf7X0m#
z5&}!bEDFN`F<Q;VDEvDh64IVOib@E8T88DDL$d2|+ra&5sW20AoSFCr2NsGxmYNk|
z1Hq*9gOsKK8_@|09BvZVsg^xd+1AtN$3jInw1ueeRdIoNX!t`^NTPWNK-e5yH1@K5
z%5-R5-TE9sP#!rF{9QQO++V+kZOn`LjB}{GOy1obe?`)b^#RMV^`?C)4_3O+IbFwf
z>HbDT``AE@=gCWBr8bJi7WAw1H2kqKF?(=WgV$m&!JC}q3kku>di_lQ9JKE(91u73
z5u7$JxqpIc`th)Unx+Nhqb@+CSL`d`DOOM{((YGXqn)Oz^+LH(Q?Qd^_7b~(hu0z5
zHoG0;yX77)LyLFu>&b}fgVi%e)4;`vA|lhjzph(A_>IVq*<WIGStQnyRT2DW-*IDW
z{UQ@v11cH!#5R{E6yL0WAH^ALT3SB6O<wjHZex^0%XOO)XOTy(O$T3Wa`jLDhTEJ%
zOA|^vbF3*?4<OIr!iA2X+$PyZ2viU-$^9zh`YMdqPVn{9kQ0{9KwYG*1H{k36;nCC
zy?c}d^C!m5@^Q6;t30+qssg~t*xh_894)7LQ&3>N+D0ZHN3C*6d^9urJza&IWK|~=
zk+=#DQ21qW?jM=!NX~lz;30mHZ>rM!90pM!d?p$d?FmMK^FPr7<|WT|Zh$=8I*7&P
zbJ1v8@WI(|pg~;V*=DZ8k-thly<jHq?<DiS2tYD|eKD(KW9VLG!3nu>y&DrZpN)a!
zrO-xWMQE*3*Sg{oj~8{@`1t7zDoUX1A_}c)=&=Sb=UwM5PTu-p3pH^?L~4Y{`d&54
z=a|7nU*CeCV}OVgJrixdkX57!hHMtp<uB(A`LVv20eXV&(&B9gk~H%U0><{VQe^5#
zec#jIeZZ0EluXD4ym}rL!vZBSz83KAcl_i@mM!NaAZ~-kg^6d4;0&Z_3^7mK9uZw<
zm2mcQoeeQVtgN&RmqcFrhRNG4j_pieK&ve$$U8bXTzo1C^(}0xnFNf?XD<%S0}Y+`
z>c))+{U$g&KQ5DOEyO#j@o{<k%ar>*in{9ICl|4uRq-C(RJ3!!2?hwA`%uD>N1euN
ze@8_Pr*m>*p(Q-QX96-e8heri!zyZ9by;m|71lvslTJOvV?oQ$e-Kd)7ddHZ3v<L#
z>qx7P4<9Ddi4?}k^6BViXyqLO6rCWp1uhy|soM)*U{*v0EH!K{A645SN>HT*ejMDI
z+}4piE8xTXek5VCVeP#vz_#A*?(qv(d!&y&BNeCeOSbZiJkNLX1jjh2UlXail=RM>
zo2jlYgib6s_xj$%;XeE73xdivjKjO<eM&tkGh1fm;^k*4fK;=~Fh;JC;16aL4^zgv
z#N$=n+?D`beU}5eqKI4&v?LD*D<}XjtNGsjGWb3V>v+3Se%_r6?No3;@!e8;Cqh-y
zTQP7NS5WUdzzV2<A-`sCZ}09NX+;rfPq)paz>PVP78@(5a3OCENI6K|@&Ep|d8WoZ
z%;RDF69AeS#}2=T(g3C=3iCR&$f|ERuv=UF1F7e2iKd91RZj2k?Om;OdQki0yc^`O
zm@&CK&Nsk?4h`0s7gKddNQJ01T9c61a{D!_n%}>-&N^8Nkx6ERM(|?*KK@Mw3`20B
zHQ^ao;AM{I!#&ETVqXNjO`wrLUJBrA3EL*Y-=xs&7Q{sRW|-;r)2F2C-xd8CbQ2!z
zl>vbe5KpAHHF)84mJoEI9KPBJ(~1mv3mo~DNkl{hCwpu8+ZeT%@gW=xN}K})ru^e!
z1?yd?IO=U1Hpjd@+D~$F+>LL8mBp2IF7}^F5iM5>IYdcxR{wl^4icnulUfIPut&%l
z+Q@D5;KBj0)_kQ3f_B^sz?Pa9e0VS#{Gl{_{@5f<;+e<7yIWfUTa(zDE)=J5#jz)>
zCJZ+ncoNEy5Mq-KrD^Vsz3I_3ftxpfL0<$<u5<YQHl%`yjyVA#!q|R%MO6z71yZ*t
z;$uh)zw2B0czSkRuGyp6?d$Zt=dfVG{VW7j$SkNvFhXqkFMi#ge>U4mdvD+rmve=l
zp@W<{4@f4<)Rv*Xz0`8LyZ$``&!cSYJv`O>)&!oi7P9mN0Q#=%$=Y)tl@NvyQT0Y@
zB7ni|=nw!;EdU706#DkK)7x_uujD|h`y5+3f8~dc@7l;M&1hqU_gehjyM0@65wrM5
z*;Sw@4l>pd;u;&!qp8A>rTcVREVqD6-5J2w33Z8%>gG3+5F2)zi)+i#4M^|C^?@>=
zEt7bSNrKNxedK114hvJWNc;N1Z{FhZ`Z^W*Ep%JSf|gAF33R6I<fgn2TLByMc-H<>
z%Of@BW9nBvRxxPs?9C;E746MhGasqeRBPs>o5rv!PIf0(tBlGbC=S2+nMix_xPwSn
zeg6?Pv#8q5Rlrkyd1VcC>X503Oe0W@9FzmC0hx}LLIXlqva;pxL0I#^G#I_|r86FU
zq>eZRBsd;gTma<46G0$Kb0RwL?AZlGd|17aIUCcOo`AN>Lv75O?<*AV_Nl|LeF~!~
zoWT$7PYe1<-;9Xo=jU~|1?6lW@NuHyX$WaROZm{g(-Fpk(S(LlRv9hOfbpGF!NF8u
z13j6=LttdLQ3XRGj_{m>Qs|X|E_4JXuPr>?1~f;o>#6a8>OAy60Gz}2(00=2Uh-R^
zzLO(z8_e_ofh~`E>kMDVJXAILoUCOmN3a#a;S03}f7jT^$o$wQmPH2CGmwgT-*oU6
zQQg|w+64&!Okt@Cbo2or0%76H##%eLSt76(s;grv-@Gvo2bjjB(gq~-{{d)w(ab^i
z7IY;ZWKQ3fC-vtvQCOJQFc=Jp=rkw74?MZ57&d5koTs4zyWbHM5O9xyroP6D*KAYn
zy9M$zc8Yh<^~BHed^kOJC!L62uqg&vjq5PxIzTM^h=3&LZ2?-SFbh9_Mh0g1DJUqA
z+{U~_Hd+8&6K`~9AJzCIy7nT~SckQ4y?co-0X#8J-=GD-jLegil>B_&tTO|xcAV!w
z_;psiE~HJS<|Y!of}ktoaHOv!5HSl0<=4MpwkaRnLo|O*7Xe(byYHiJlIqqeuU{~v
z5~JHFQ6>Pm51JD<wY00Ms3cwLO23pJ|6Ht@j>}*({kt9JzV0ZafT0kP_#)b>;Z7g;
zJ4D4Q4Qv7C=gf4H3!q^&9KPGNhisowj%~E8!F+<}26*`+USVL|MVxC}G&ssuvd(%A
z*B;B2U<#nx!qDD-V99em8SBi5PQT98%B~E^92=jYIjbl-oLT13V>UY_#)GZAbop{l
zw!BeO6<S87J3txmLZ+#yl9v6fLcOj@*t1pgA?{5-e?GzCb}^MYXmKQ=@gCBr4)Xul
zov|u%_j$MYJ_#n0<on1c4Hy=<`gVU0PrxT$Tp$Re!{(k-h<ag{4s50>Wub->?(IWX
z3Gu4l)IxDAq$>Z$mnSJ%&73(Dfi{OFYRAJTMzWbh$n(oe>r+GbzOPY?>b1%G571jw
zY7sD^Z1cWWyQ$I2N$_+wgMMors0&Y79%3|s3)j?)EJwDG>~1cVZb<tSfmp~G?`~ha
z7XVVi`^F(Tpyo1gy8xIo#7Gu<5^dE;zcxcGO<Ww%-&FgLcNSbnasQSI3-NXcUDxwA
z-Go-4n~1vp8}vPOm1OIGK;QV888^9G8m@53L-Ji&Ir3Ul?F>_FQfrqb0`<(*brECJ
z0SNNkg1eX3P_pWita7CGX1*Ch=f@Q#sFi<^NQ{Mwo5PCE`_{H@K%hS;7MTDC9@G|@
z00KER#Bi}?)1BWe(>X2bfZotEGFHL5%3Y~)qD!JTbCeqkYQ#jIY3VUVBQoGpY4_AB
zwW`sUb<l@@+Gn8_sGkB2K6IN_wdc&D7!44X{{oW@*eyr{RL7XJC)Tm~c{yXxEvhk3
zo_hwS>uLgw_{ui4lx329J1VLMzL};+met(wof>EG`eWT~w*=MB#PINUP&DjKjRy5h
zsfnVd6BD6;v=Tt@R8B0MWI|r78SlYscoqZbvU78C9A>_LG>$pB0BNz&adBPmYkqH3
zdz1h+0gVGeu`A+??;jh3phzwKMw*1rl7Gt+RdXFwSZab2F;2Be>!|x5dU0HCe?B*y
z>7P*wV5;TiCr_~K(1xd{Ha8Tn#j8Gf68pnr)~IL}L$(<@+?@Ug4bPWt0?B$Ww96Wo
zfy3xh>X!qeityN%Hx+j+T8JU}2KQ6i3m};S!lPdBuW2g)(fQTi-+w(`_4`s2oxj?d
zY&Y7~*T9~qJSBB5zD#udG>9C#pFh6<mQ*t#WpQa5cRBVnyl)1GQ6VaerHtbEJ43LQ
zTnjZ&xMc?zIN8Z$u_n8YC1>L#Rb$+;HHHGWyfRJI&ie;>UX6z1rrH_tFEpIun3oVB
zW*=JbCxd41BL{Ycd^j=Db>%PAI^NtI@s0+X+g^x$SXeMGvY3T;dG+W;!$?!{))vk)
z(^}fy#FyftquZIyuDrw@@3vjtCmnYC8Y6u><Zl$beh`x<L+)^3RQZgQX?ZA#*(q}N
ze^WuCdC4)piulRmvD?CG8fVAtXZ{jT`r+~M@#e;ePtU|X%o$W3V6(I3e^@I0VNMCK
z*JX@Tzu&17Cp@Kjwl<#o2b}!#6F}kP&GiwVs>G!dUDYqxgt3DS`+{%VHt3U~GH%8F
zITy5m9}71jok<_J(725^vihSJ*Hf0?wkp^8ERDau)!}CO`e0{_=`YZpf)alF>}ABK
ztwGt_4<EXIi>phe^%U9oy4@M+d9vlq`@evGBMZ0>c{4Ch-?1YSj3V0y#O}iA<FS88
zP*fHz5DP{ae7_RiJ9>4-zc~ae_&<`o(Bfulf4>qtyi&Hx-^?lRmv52x;2VD(<#=<_
pe|=4O`+t4+|Ng7^!_~v1lA?Q~eRW?Rg9QJGmb$)LiOSV`{{^G<cv1iW

literal 0
HcmV?d00001

diff --git a/docs/pages/includes/diagnostics/kubernetes-operator-troubleshooting.mdx b/docs/pages/includes/diagnostics/kubernetes-operator-troubleshooting.mdx
index a02bc90c39999..308fac0ae45af 100644
--- a/docs/pages/includes/diagnostics/kubernetes-operator-troubleshooting.mdx
+++ b/docs/pages/includes/diagnostics/kubernetes-operator-troubleshooting.mdx
@@ -1,3 +1,5 @@
+### The CustomResources (CRs) are not reconciled
+
 The Teleport Operator watches for new resources or changes in Kubernetes.
 When a change happens, it triggers the reconciliation loop. This loop is in
 charge of validating the resource, checking if it already exists in Teleport
@@ -37,24 +39,58 @@ Here `SuccessfullyReconciled` is `False` and the error is `role my-non-existing-
 If the status is not present or does not give sufficient information to solve
 the issue, check the operator logs:
 
-```shell
-$ kubectl logs deploy/<OPERATOR_DEPLOYMENT_NAME>
-```
 
-<Admonition type="note">
-  In case of multi-replica deployments, only one operator instance is running
-  the reconciliation loop. This operator is called the leader and is the only
-  one producing reconciliation logs. The other operator instances are waiting
-  with the following log:
+### The CR doesn't have a status
 
-  ```
-  leaderelection.go:248] attempting to acquire leader lease teleport/431e83f4.teleport.dev...
-  ```
+1. Check if the CR is in the same namespace as the operator. The operator only
+   watches for resource in its own namespace.
+1. Check if the operator pods are running and healthy:
+   ```code
+   kubectl get pods -n "$OPERATOR_NAMESPACE"`
+   ```
+1. Check the operator logs:
+   ```code
+   $ kubectl logs deploy/<OPERATOR_DEPLOYMENT_NAME> -n "$OPERATOR_NAMESPACE"
+   ```
+
+   <Admonition type="note">
+     In case of multi-replica deployments, only one operator instance is running
+     the reconciliation loop. This operator is called the leader and is the only
+     one producing reconciliation logs. The other operator instances are waiting
+     with the following log:
+   
+     ```
+     leaderelection.go:248] attempting to acquire leader lease teleport/431e83f4.teleport.dev...
+     ```
+   
+     To diagnose reconciliation issues, you will have to inspect all pods to find
+     the one reconciling the resources.
+   </Admonition>
 
-  To diagnose reconciliation issues, you will have to inspect all pods to find
-  the one reconciling the resources.
-</Admonition>
+### I cannot delete the Kubernetes CR
 
-If the Kubernetes resource has no status update and the operator does not produce
-any logs regarding the resource, please check if the resource lives in the same
-namespace as the operator.  The operator only watches for resource in its own namespace.
+The operator protects Kubernetes CRs from deletion with a finalizer.
+It will not allow the CR to be deleted until the Teleport resource is deleted as
+well, this is a safety to avoid leaving dangling resources and potentially grant
+unintentional access.
+
+There might be some reasons causing Teleport to refuse a resource deletion, the
+most frequent one is if another resource depends on it. For example: you cannot
+delete a role if it is still assigned to a user.
+
+If this happens, the operator will report the error sent by Teleport in its log.
+
+To resolve this lock, you can either:
+- resolve the dependency issue so the resource gets successfully deleted in
+  Teleport. In the role example, this would imply removing any mention of the
+  role from the various users who had it.
+- patch the Kubernetes CR to remove the finalizers. This will tell Kubernetes to
+  stop waiting for the operator deletion and remove the CR. If you do this, the
+  CR will be removed but the Teleport resource will remain. The operator will
+  never attempt to remove it again.
+  
+  For example, if the role is named `my-role`:
+
+  ```code
+  kubectl patch TeleportRole my-role -p '{"metadata":{"finalizers":null}}' --type=merge
+  ```
diff --git a/docs/pages/management/dynamic-resources.mdx b/docs/pages/management/dynamic-resources.mdx
index 209856531eb08..bdaff0c841877 100644
--- a/docs/pages/management/dynamic-resources.mdx
+++ b/docs/pages/management/dynamic-resources.mdx
@@ -59,6 +59,10 @@ to manipulate cluster resources stored on the Auth Service backend. The design
 of Teleport's configuration interface makes it well suited for
 infrastructure-as-code and GitOps approaches.
 
+You can get started with `tctl`, the Terraform Provider, and the Kubernetes
+Operator by following
+the ["Managing Users and Roles with IaC" guide](./dynamic-resources/user-and-role.mdx)
+
 For more information on Teleport roles, including the `internal.logins`
 trait we use in these example roles, see the [Teleport Access
 Controls Reference](../access-controls/reference.mdx).
@@ -211,6 +215,8 @@ Here are possible values of the `teleport.dev/origin` label:
 - `defaults`
 - `config-file`
 - `dynamic`
+- `terraform`
+- `kubernetes`
 
 When the Auth Service starts up, it looks up the values of static configuration
 fields that correspond to fields in dynamic configuration resources. If any of
diff --git a/docs/pages/management/dynamic-resources/access-list.mdx b/docs/pages/management/dynamic-resources/access-list.mdx
new file mode 100644
index 0000000000000..d5f0e4f97cf4c
--- /dev/null
+++ b/docs/pages/management/dynamic-resources/access-list.mdx
@@ -0,0 +1,303 @@
+---
+title: Creating Access Lists with IaC
+description: Use Infrastructure-as-Code tooling to create Teleport AccessLists.
+---
+
+Access Lists allow Teleport users to be granted long-term access to resources
+managed within Teleport. With Access Lists, administrators can regularly audit and control membership to specific roles and
+traits, which then tie easily back into Teleport's existing RBAC system.
+
+In this guide, we'll follow up on [the IaC users and roles guide]()
+by allowing users with the `manager` role to grant the `support-engineer` role
+to users meeting specific criteria.
+
+Please note that Access Lists can be managed via IaC but Access List memberships
+cannot. The goal of Access Lists is to decentralize granting and reviewing
+access. By allowing managers to grant access within specific guidelines and
+automatically enforcing review, users can request common access rights without
+having to go through the centralized team managing the Teleport IaC.
+This reduces the load on the centralized IaC/security team, ensures the access
+reviewer is aware of the context, reduces the request resolution time, and
+ensures access grants are periodically reviewed.
+
+### Prerequisites
+
+To follow this guide, you must follow first [the basic users and roles IaC guide]().
+We will reuse its users and roles for our Access List.
+
+## Step 1/3. Write manifests
+
+#### Write the privileged role manifest
+
+We will create a new role `support-engineer` that grants access to production
+servers. The `engineer` role from the previous guide was only granting access to
+`dev` and `staging` servers.
+
+
+<Tabs>
+<TabItem label="tctl">
+
+Create the following `privileged-role.yaml` file:
+
+```yaml
+kind: role
+version: v7
+metadata:
+  name: support-engineer
+spec:
+  allow:
+    logins: ['root', 'ubuntu', '{{internal.logins}}']
+    node_labels:
+      'env': ['production']
+```
+
+</TabItem>
+<TabItem label="Operator">
+
+Create the following `privileged-role.yaml` file:
+
+```yaml
+apiVersion: resources.teleport.dev/v5
+kind: TeleportRole
+metadata:
+  name: support-engineer
+spec:
+  allow:
+    logins: [ 'root', 'ubuntu', '{{internal.logins}}' ]
+    node_labels:
+      'env': [ 'production' ]
+```
+
+<Admonition type="note">
+The role version is v5 because the Teleport Kubernetes Operator doesn't support
+yet roles v6 and v7.
+</Admonition>
+
+</TabItem>
+<TabItem label="Terraform">
+
+Create the following `privileged-role.tf` file:
+
+```hcl
+resource "teleport_role" "support-engineer" {
+  version = "v7"
+  metadata = {
+    name = "support-engineer"
+  }
+
+  spec = {
+    allow = {
+      logins = ["root", "ubuntu", "{{internal.logins}}"]
+      node_labels = {
+        env = ["production"]
+      }
+    }
+  }
+}
+```
+
+</TabItem>
+</Tabs>
+
+#### Write the Access List manifest
+
+In this step we'll create an Access List that allows users with the `manager`
+role such as  `alice` to grant access to production to users with the `engineer`
+role.
+
+<Tabs>
+<TabItem label="tctl">
+
+Create the following `accesslist.yaml` file:
+
+```yaml
+version: v1
+kind: access_list
+metadata:
+  name: support-engineers
+spec:
+  title: "Production access for support engineers"
+  audit:
+    recurrence:
+      frequency: 6months
+  description: "Use this Access List to grant access to production to your engineers enrolled in the support rotation."
+  owners:
+    - description: "manager of NA support team"
+      name: alice
+  ownership_requires:
+    roles:
+      - manager
+  grants:
+    roles:
+      - support-engineer
+  membership_requires:
+    roles:
+      - engineer
+```
+
+</TabItem>
+<TabItem label="Operator">
+
+Create the following `accesslist.yaml` file:
+
+```yaml
+apiVersion: resources.teleport.dev/v1
+kind: TeleportAccessList
+metadata:
+  name: support-engineers
+spec:
+  title: "Production access for support engineers"
+  description: "Use this Access List to grant access to production to your engineers enrolled in the support rotation."
+  audit:
+    recurrence:
+      frequency: 6months
+  owners:
+    - description: "manager of NA support team"
+      name: alice
+  ownership_requires:
+    roles:
+      - manager
+  grants:
+    roles:
+      - support-engineer
+  membership_requires:
+    roles:
+      - engineer
+```
+
+</TabItem>
+<TabItem label="Terraform">
+
+Create the following `accesslist.tf` file:
+
+```hcl
+resource "teleport_access_list" "support-engineers" {
+  header =  {
+    version = "v1"
+    metadata = {
+      name = "support-engineers"
+    }
+  }
+
+  spec = {
+    title = "Production access for support engineers"
+    description = "Use this Access List to grant access to production to your engineers enrolled in the support rotation."
+    audit = {
+      recurrence = {
+        frequency = 6
+      }
+    }
+    owners = [
+      {
+        description = "manager of NA support team"
+        name = "alice"
+      }
+    ]
+    ownership_requires = {
+      roles = ["manager"]
+    }
+    grants = {
+      roles = ["support-engineer"]
+    }
+    membership_requires = {
+      roles = ["engineer"]
+    }
+  }
+}
+```
+
+</TabItem>
+</Tabs>
+
+## Step 2/3. Apply the manifests
+
+<Tabs>
+<TabItem label="tctl">
+
+```code
+$ tctl create -f privileged-role.yaml
+role 'support-engineer' has been created
+
+$ tctl create -f accesslist.yaml
+Access list "support-engineers" has been created
+```
+
+<Admonition type="note">
+The user resource depends on roles. You must create roles before users as a user
+with a non-existing role is invalid and will be rejected by Teleport.
+</Admonition>
+
+</TabItem>
+<TabItem label="Operator">
+
+Create the Kubernetes CRs with the following commands:
+
+```code
+$ kubectl apply -n "$OPERATOR_NAMESPACE" -f privileged-role.yaml
+teleportrole.resources.teleport.dev/support-engineer created
+
+$ kubectl apply -n "$OPERATOR_NAMESPACE" -f accesslist.yaml
+teleportaccesslist.resources.teleport.dev/support-engineers
+```
+
+</TabItem>
+<TabItem label="Terraform">
+
+```code
+$ terraform plan
+[...]
+Plan: 2 to add, 0 to change, 0 to destroy.
+
+$ terraform apply
+teleport_access_list.support-engineers: Creating...
+teleport_role.support-engineer: Creating...
+teleport_role.support-engineer: Creation complete after 0s [id=support-engineer]
+teleport_access_list.support-engineers: Creation complete after 0s [id=support-engineers]
+```
+
+</TabItem>
+</Tabs>
+
+## Step 3/3. Log in as `alice` and grant access to `bob`
+
+Now, you created an Access List allowing `alice` to grant the `support-engineer`
+role to its engineers.
+
+You can log in as alice and add `bob` to the `support-engineers` Access List.
+
+<Tabs>
+<TabItem label="Web UI">
+
+Login as `alice` in the web UI, open the management panel and select the
+"Access Lists" tab. Your Access List should be displayed, open it, choose "Enroll
+members" and add `bob`.
+
+![Screenshot of the web UI showing the Access List and the "Enroll Member" button](../../../img/management/access-list-web-ui.png)
+
+</TabItem>
+<TabItem label="CLI">
+
+Login as `alice` with `tsh`, then add bob to the Access List:
+
+```code
+# login as alice
+$ tsh login --proxy <your-cluster-domain>:<port> --user alice
+
+# tctl acl users add <access-list-name> <user> [<expires>] [<reason>]
+$ tctl acl users add support-engineers bob "" "Bob is now part of the on-call support rotation"
+```
+
+Finally, list the Access List members:
+```code
+$ tctl acl users ls support-engineers
+Members of support-engineers:
+- bob
+```
+
+</TabItem>
+</Tabs>
+
+### Next steps
+
+You can see all supported Access List fields
+[in the Access List reference](../../access-controls/access-lists/reference.mdx).
diff --git a/docs/pages/management/dynamic-resources/teleport-operator-helm.mdx b/docs/pages/management/dynamic-resources/teleport-operator-helm.mdx
index 2a236d5fb989c..c161d8ce93ebc 100644
--- a/docs/pages/management/dynamic-resources/teleport-operator-helm.mdx
+++ b/docs/pages/management/dynamic-resources/teleport-operator-helm.mdx
@@ -35,7 +35,7 @@ $ kubectl cluster-info
   ```
 </Admonition>
 
-## Step 1/3. Install teleport-cluster Helm chart with the operator
+## Step 1/2. Install teleport-cluster Helm chart with the operator
 
 (!docs/pages/kubernetes-access/helm/includes/helm-repo-add.mdx!)
 
@@ -86,101 +86,26 @@ $ helm install teleport-cluster teleport/teleport-cluster \
 This command installs the required Kubernetes CRDs and deploys the Teleport Kubernetes Operator next to the Teleport
 cluster. All resources (except CRDs, which are cluster-scoped) are created in the `teleport-cluster` namespace.
 
-## Step 2/3. Manage Teleport users and roles using `kubectl`
+## Step 2/2 - Validate the cluster and operator are running and healthy
 
-Create a manifest called `teleport-resources.yaml` that describes two custom resources: a `TeleportUser` and a `TeleportRole`:
-
-```yaml
-apiVersion: resources.teleport.dev/v1
-kind: TeleportRoleV7
-metadata:
-  name: myrole
-spec:
-  allow:
-    rules:
-      - resources: ['user', 'role']
-        verbs: ['list','create','read','update','delete']
----
-apiVersion: resources.teleport.dev/v2
-kind: TeleportUser
-metadata:
-  name: myuser
-spec:
-  roles: ['myrole']
-```
-
-<Admonition type="note">
-   Kubernetes validates all custom resource names to follow RFC 1123, which includes specifications for hostnames.
-   This requires the `metadata.name` field of Teleport resources controlled by the operator to consist of lowercase alphanumeric
-   characters, `-` or `.`, and to start and end with an alphanumeric character.
-</Admonition>
-
-Apply the manifests to the Kubernetes cluster:
-
-```code
-$ kubectl apply -n <Var name="teleport-cluster"/> -f teleport-resources.yaml
-```
-
-List the created Kubernetes resources:
-
-```code
-$ kubectl get teleportrolesv7 -n <Var name="teleport-cluster"/>
-# NAME     AGE
-# myrole   10m
-
-$ kubectl get teleportusers -n <Var name="teleport-cluster"/>
-# NAME     AGE
-# myuser   10m
-```
-
-Check the user `myuser` has been created in Teleport and has been granted the role `myrole`:
 ```code
-$ AUTH_POD=$(kubectl get pods -n <Var name="teleport-cluster"/> -l app=teleport-cluster -o jsonpath='{.items[0].metadata.name}')
-$ kubectl exec -it "$AUTH_POD" -c teleport -- tctl users ls
-# User                          Roles
-# ----------------------------- -----------------------------
-# bot-teleport-operator-sidecar bot-teleport-operator-sidecar
-# myuser                        myrole
-```
-
-At this point the Teleport Kubernetes Operator is functional and Teleport users and roles can be managed from
-Kubernetes.
+$ kubectl get deployments -n <Var name="teleport-cluster"/>
+#
 
-## Step 3/3. Explore the Teleport CRDs
-
-Available fields can be browsed with `kubectl explain` in a cluster with Teleport CRDs installed.
-For example the command:
-```code
-$ kubectl explain teleportroles.spec
+$ kubectl get pods -n <Var name="teleport-cluster"/>
+#
 ```
-Returns the following fields:
-```shell
-KIND:     TeleportRoleV7
-VERSION:  resources.teleport.dev/v1
 
-RESOURCE: spec <Object>
-
-DESCRIPTION:
-    Role resource definition v7 from Teleport
+## Next steps
 
-FIELDS:
-   allow	<Object>
-     Allow is the set of conditions evaluated to grant access.
+Follow [the user and role IaC guide](./user-and-role.mdx) to use your newly
+deployed Teleport Kubernetes Operator to create Teleport users and grant them
+roles.
 
-   deny	<Object>
-     Deny is the set of conditions evaluated to deny access. Deny takes priority
-     over allow.
+Helm Chart parameters are documented in the [`teleport-cluster` Helm chart reference](../../reference/helm-reference/teleport-cluster.mdx).
 
-   options	<Object>
-     Options is for OpenSSH options like agent forwarding.
-```
+See the [Helm Deployment guides](../../deploy-a-cluster/helm-deployments.mdx) detailing specific setups like running Teleport on AWS or GCP.
 
 ## Troubleshooting
 
 (!docs/pages/includes/diagnostics/kubernetes-operator-troubleshooting.mdx!)
-
-## Next steps
-
-Helm Chart parameters are documented in the [`teleport-cluster` Helm chart reference](../../reference/helm-reference/teleport-cluster.mdx).
-
-See the [Helm Deployment guides](../../deploy-a-cluster/helm-deployments.mdx) detailing specific setups like running Teleport on AWS or GCP.
diff --git a/docs/pages/management/dynamic-resources/teleport-operator-standalone.mdx b/docs/pages/management/dynamic-resources/teleport-operator-standalone.mdx
index 4fc37b594e5cd..e8b391c05d27a 100644
--- a/docs/pages/management/dynamic-resources/teleport-operator-standalone.mdx
+++ b/docs/pages/management/dynamic-resources/teleport-operator-standalone.mdx
@@ -9,7 +9,7 @@ If your Teleport cluster is deployed using the `teleport-cluster` Helm chart, yo
 
 ## Prerequisites
 
-(!docs/pages/includes/self-hosted-prereqs-tabs.mdx!)
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
 
 - a Kubernetes cluster. You must be able to create/read Namespace, ServiceAccount,
   Deployment, Secret, Role, RoleBinding and CustomResourceDefinition resources.
@@ -127,11 +127,17 @@ At this point, you can configure and run the operator:
    ```code
    $ kubectl get pods -n teleport-iac
    ```
+   
+## Next steps
 
-## Troubleshooting
+Follow [the user and role IaC guide](./user-and-role.mdx) to use your newly
+deployed Teleport Kubernetes Operator to create Teleport users and grant them
+roles.
 
-(!docs/pages/includes/diagnostics/kubernetes-operator-troubleshooting.mdx!)
+Helm Chart parameters are documented in the [`teleport-operator` Helm chart reference](../../reference/helm-reference/teleport-operator.mdx).
 
-## Next steps
+## Troubleshooting
 
-Helm Chart parameters are documented in the [`teleport-operator` Helm chart reference](../../reference/helm-reference/teleport-operator.mdx).
+TODO: add troubleshooting steps for operator pod
+
+(!docs/pages/includes/diagnostics/kubernetes-operator-troubleshooting.mdx!)
diff --git a/docs/pages/management/dynamic-resources/teleport-operator.mdx b/docs/pages/management/dynamic-resources/teleport-operator.mdx
index 3864f031547f7..e4ab426ee9ccd 100644
--- a/docs/pages/management/dynamic-resources/teleport-operator.mdx
+++ b/docs/pages/management/dynamic-resources/teleport-operator.mdx
@@ -51,4 +51,5 @@ follow [the standalone operator guide](./teleport-operator-standalone.mdx).
 
 ## Next steps
 
-Check out [access controls documentation](../../access-controls/introduction.mdx)
+- Follow the ["Managing users and roles with IaC" guide](./user-and-role.mdx).
+- Check out [access controls documentation](../../access-controls/introduction.mdx).
diff --git a/docs/pages/management/dynamic-resources/terraform-provider.mdx b/docs/pages/management/dynamic-resources/terraform-provider.mdx
index 6e4611c142ada..f5a5c67287ec7 100644
--- a/docs/pages/management/dynamic-resources/terraform-provider.mdx
+++ b/docs/pages/management/dynamic-resources/terraform-provider.mdx
@@ -4,10 +4,11 @@ description: How to manage dynamic resources using the Teleport Terraform provid
 videoBanner: YgNHD4SS8dg
 ---
 
-This guide demonstrates how to:
+This guide demonstrates how to: Set up the Terraform provider for Teleport on
+Linux and macOS.
 
-- Set up the Terraform provider for Teleport on Linux and macOS.
-- Configure Teleport users and roles using the Terraform provider.
+For instructions on managing users and roles via Terraform, read
+the ["Managing users and roles with IaC" guide](./user-and-role.mdx).
 
 For instructions on managing the Teleport dynamic resources as code using
 GitOps, read the guide to using the Teleport Terraform provider with [Spacelift
@@ -79,6 +80,7 @@ To prepare credentials for a local Teleport user:
            - token
            - trusted_cluster
            - user
+           - access_list
            verbs: ['list','create','read','update','delete']
    version: v7
    ---
@@ -96,7 +98,9 @@ To prepare credentials for a local Teleport user:
 1. Create the `terraform` user and role by running the following command:
 
    ```code
-   $ tctl create terraform.yaml
+   $ tctl create -f terraform.yaml
+   role 'terraform' has been created
+   user "terraform" has been created
    ```
 
    The `terraform` user can't sign in to get credentials, so you must have another user
@@ -125,7 +129,8 @@ the following content into the `terraform-impersonator.yaml` file:
 1. Create the `terraform-impersonator` role by running the following command:
 
    ```code
-   $ tctl create terraform-impersonator.yaml
+   $ tctl create -f terraform-impersonator.yaml
+   role 'terraform-impersonator' has been created
    ```
 
 1. (!docs/pages/includes/add-role-to-user.mdx role="terraform-impersonator"!)
@@ -142,24 +147,25 @@ the following content into the `terraform-impersonator.yaml` file:
 
 To prepare a Terraform configuration file:
 
-1. Create a new file called `main.tf` and open it in an editor.
+1. Create a new file called `provider.tf` and open it in an editor.
 
-1. Define an example user and role using Terraform by pasting the following content into the `main.tf` file:
+1. Use the Teleport Terraform provider and connect it to your Teleport cluster 
+   by pasting the following content into the `provider.tf` file:
 
    <Tabs>
    <TabItem scope={["cloud","team"]} label="Cloud-Hosted">
    ```hcl
-   (!examples/resources/terraform/terraform-user-role-cloud.tf!)
+   (!examples/resources/terraform/provider-cloud.tf!)
    ```
    </TabItem>
    <TabItem scope={["oss", "enterprise"]} label="Self-Hosted">
    ```hcl
-   (!examples/resources/terraform/terraform-user-role-self-hosted.tf!)
+   (!examples/resources/terraform/provider-self-hosted.tf!)
    ```
    </TabItem>
    </Tabs>
 
-## Step 3/3. Apply the configuration
+## Step 3/3. Validate the configuration
 
 To apply the configuration:
 
@@ -167,18 +173,18 @@ To apply the configuration:
 
    ```code
    $ ls
-   # main.tf  terraform-identity  terraform-impersonator.yaml  terraform.yaml
+   # provider.tf  terraform-identity  terraform-impersonator.yaml  terraform.yaml
    ```
 
-1. Initialize the working directory that contains Terraform configuration files by running the
-following command:
+1. Initialize the working directory that contains Terraform configuration files
+   by running the following command:
 
    ```code
    $ terraform init
    ```
 
 1. Execute the Terraform plan defined in the configuration file by running the
-following command:
+   following command:
 
    ```code
    $ terraform apply
@@ -186,5 +192,7 @@ following command:
 
 ## Next steps
 
+- Follow [the user and role IaC guide](./user-and-role.mdx) to use the Terraform
+  Provider to create Teleport users and grant them roles.
 - Explore the full list of supported [Terraform provider resources](../../reference/terraform-provider.mdx).
 - Read more about [impersonation](../../access-controls/guides/impersonation.mdx).
diff --git a/docs/pages/management/dynamic-resources/user-and-role.mdx b/docs/pages/management/dynamic-resources/user-and-role.mdx
new file mode 100644
index 0000000000000..b6a4f19ff15a2
--- /dev/null
+++ b/docs/pages/management/dynamic-resources/user-and-role.mdx
@@ -0,0 +1,501 @@
+---
+title: Managing users and roles with IaC
+description: Use Infrastructure-as-Code tooling to create Teleport users and roles.
+---
+
+In this guide, you will see how to create users and grant them roles through
+Infrastructure-as-Code (IaC). Teleports supports three ways to dynamically
+create resources from code:
+
+- The Teleport Kubernetes Operator that allows you to manage Teleport resources
+  from Kubernetes
+- The Teleport Terraform Provider that allows you to manage Teleport Resources
+  via Terraform
+- The `tctl` CLI that allows you to manage Teleport resources from your local
+  computer or your CI environment
+
+### Prerequisites
+
+To follow this guide, you must have:
+
+<Tabs>
+<TabItem label="tctl">
+
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
+</TabItem>
+<TabItem label="operator">
+
+A running operator by following either:
+- [the guide to enable the operator in the `teleport-cluster` Helm chart](./teleport-operator-helm.mdx).
+- [the guide to setup a standalone operator](./teleport-operator-standalone.mdx).
+
+You must also set the namespace in which you deployed the operator as this is
+the namespace where you will deploy the CustomResources:
+
+```code
+# for operators deployed with the `teleport-cluster` Helm chart
+$ export OPERATOR_NAMESPACE="teleport-cluster"
+
+# for standalone operators
+$ export OPERATOR_NAMESPACE="teleport-iac"
+```
+
+</TabItem>
+<TabItem label="terraform">
+
+A functional Teleport Terraform provider by following [the Terraform provider guide](./terraform-provider.mdx).
+
+</TabItem>
+</Tabs>
+
+### Step 1/4 - Write manifests
+
+In this step, we'll write text files describing the resources we want in
+Teleport. Those files are called manifests and their syntax will vary based on
+the IaC tooling you'll use.
+
+Those manifests are typically versioned in a shared revision system like git.
+This allows you to keep track of all changes, follow standard code review
+procedures before changing resources in Teleport, and quickly redeploy your
+Teleport instance if needed.
+
+#### Write role manifests
+
+We will create 2 roles:
+
+- `manager` that allows listing users, roles and reviewing audit events and
+  session contents.
+- `engineer` that grants access to dev and staging servers.
+
+<Tabs>
+<TabItem label="tctl">
+
+Create the following `roles.yaml` file:
+
+```yaml
+kind: role
+version: v7
+metadata:
+  name: manager
+spec:
+  allow:
+    rules:
+      - resources: ['user', 'role']
+        verbs: ['list','read']
+      - resources: ['session', 'event']
+        verbs: ['list', 'read']
+---
+kind: role
+version: v7
+metadata:
+  name: engineer
+spec:
+  allow:
+    logins: ['root', 'ubuntu', '{{internal.logins}}']
+    node_labels:
+      'env': ['test', 'staging']
+```
+
+</TabItem>
+<TabItem label="operator">
+
+Create the following `roles.yaml` file:
+
+```yaml
+apiVersion: resources.teleport.dev/v5
+kind: TeleportRole
+metadata:
+  name: manager
+spec:
+  allow:
+    rules:
+      - resources: ['user', 'role']
+        verbs: ['list','read']
+      - resources: ['session', 'event']
+        verbs: ['list', 'read']
+---
+apiVersion: resources.teleport.dev/v5
+kind: TeleportRole
+metadata:
+  name: engineer
+spec:
+  allow:
+    logins: ['root', 'ubuntu', '{{internal.logins}}']
+    node_labels:
+      'env': ['test', 'staging']
+```
+
+<Admonition type="note">
+The role version is v5 because the Teleport Kubernetes Operator doesn't support
+yet roles v6 and v7.
+</Admonition>
+
+<Admonition type="note">
+  Kubernetes validates all custom resource names to follow RFC 1123, which
+  includes specifications for hostnames. This requires the `metadata.name` field
+  of Teleport resources controlled by the operator to consist of lowercase
+  alphanumeric characters, `-` or `.`, and to start and end with an alphanumeric
+  character.
+</Admonition>
+
+</TabItem>
+<TabItem label="terraform">
+
+Create the following `roles.tf` file:
+
+```hcl
+resource "teleport_role" "manager" {
+  version = "v7"
+  metadata = {
+    name = "manager"
+  }
+
+  spec = {
+    allow = {
+      rules = [
+        {
+          resources = ["user", "role"]
+          verbs     = ["list", "read"]
+        },
+        {
+          resources = ["session", "event"]
+          verbs     = ["list", "read"]
+        }
+      ]
+    }
+  }
+}
+
+resource "teleport_role" "engineer" {
+  version = "v7"
+  metadata = {
+    name = "engineer"
+  }
+
+  spec = {
+    allow = {
+      logins = ["root", "ubuntu", "{{internal.logins}}"]
+      node_labels = {
+        env = ["test", "staging"]
+      }
+    }
+  }
+}
+```
+
+</TabItem>
+</Tabs>
+
+#### Write user manifests
+
+We will create 2 users:
+- Bob, an engineer with the `engineer` role.
+- Alice, an engineering manager with both `manager` and `engineer` roles.
+
+<Admonition type="note">
+  Users created from manifests are local users, as opposed to users coming from
+  an external SAML/OIDC/GitHub Identity Provider (IdP).
+
+  See [the user type reference](../../reference/user-types.mdx) for more details.
+</Admonition>
+
+<Tabs>
+<TabItem label="tctl">
+
+Create the file `users.yaml` with the following content:
+
+```yaml
+kind: user
+version: v2
+metadata:
+  name: alice
+spec:
+  roles: ['manager', 'engineer']
+---
+kind: user
+version: v2
+metadata:
+  name: bob
+spec:
+  roles: ['engineer']
+```
+
+</TabItem>
+<TabItem label="operator">
+
+Create the file `users.yaml` with the following content:
+
+```yaml
+apiVersion: resources.teleport.dev/v2
+kind: TeleportUser
+metadata:
+  name: alice
+spec:
+  roles: ['manager', 'engineer']
+---
+apiVersion: resources.teleport.dev/v2
+kind: TeleportUser
+metadata:
+  name: bob
+spec:
+  roles: ['engineer']
+```
+
+<Admonition type="note">
+  Kubernetes validates all custom resource names to follow RFC 1123, which
+  includes specifications for hostnames. This requires the `metadata.name` field
+  of Teleport resources controlled by the operator to consist of lowercase
+  alphanumeric characters, `-` or `.`, and to start and end with an alphanumeric
+  character.
+</Admonition>
+
+</TabItem>
+<TabItem label="terraform">
+
+Create the file `users.tf` with the following content:
+
+```hcl
+resource "teleport_user" "alice" {
+  version = "v2"
+  metadata = {
+    name        = "alice"
+  }
+
+  spec = {
+    # referencing to the teleport_role resource name instead of using plain
+    # strings tells Terraform that the user depends on the role. Thanks to this,
+    # Terraform will create the role first and won't let you remove the role
+    # if it is still assigned to a user (which is illegal in Teleport).
+    roles = [
+      teleport_role.manager.metadata.name,
+      teleport_role.engineer.metadata.name,
+    ]
+  }
+}
+
+resource "teleport_user" "bob" {
+  version = "v2"
+  metadata = {
+    name        = "bob"
+  }
+
+  spec = {
+    roles = [teleport_role.engineer.metadata.name]
+  }
+}
+```
+
+
+</TabItem>
+</Tabs>
+
+### Step 2/4 - Apply all manifests
+
+<Tabs>
+<TabItem label="tctl">
+
+```code
+$ tctl create -f roles.yaml
+role 'manager' has been created
+role 'engineer' has been created
+
+$ tctl create -f users.yaml
+user "alice" has been created
+user "bob" has been created
+```
+
+<Admonition type="note">
+The user resource depends on roles, you must create roles before users as a user
+with a non-existing role is invalid and might be rejected by Teleport.
+</Admonition>
+
+</TabItem>
+<TabItem label="operator">
+
+```code
+$ kubectl apply -n "$OPERATOR_NAMESPACE" -f roles.yaml
+teleportrole.resources.teleport.dev/manager created
+teleportrole.resources.teleport.dev/engineer created
+
+$ kubectl apply -n "$OPERATOR_NAMESPACE" -f users.yaml 
+teleportuser.resources.teleport.dev/alice created
+teleportuser.resources.teleport.dev/bob created
+```
+
+List the created Kubernetes resources:
+
+```code
+$ kubectl get teleportroles -n "$OPERATOR_NAMESPACE"
+# NAME       AGE
+# engineer   10m
+# manager    10m
+
+$ kubectl get teleportusers -n "$OPERATOR_NAMESPACE"
+# NAME     AGE
+# alice    10m
+# bob      10m
+```
+
+</TabItem>
+<TabItem label="terraform">
+
+```code
+$ terraform plan
+[...]
+Plan: 4 to add, 0 to change, 0 to destroy.
+
+$ terraform apply
+teleport_role.engineer: Creating...
+teleport_role.manager: Creating...
+teleport_role.engineer: Creation complete after 0s [id=engineer]
+teleport_role.manager: Creation complete after 0s [id=manager]
+teleport_user.bob: Creating...
+teleport_user.alice: Creating...
+teleport_user.bob: Creation complete after 0s [id=bob]
+teleport_user.alice: Creation complete after 0s [id=alice]
+
+Apply complete! Resources: 4 added, 0 changed, 0 destroyed.
+```
+
+</TabItem>
+</Tabs>
+
+### Step 3/4 - Validate users were created
+
+Now that the IaC tooling has run, we'll validate that the users were properly
+created and granted the correct roles.
+
+<Tabs>
+<TabItem label="via the UI">
+
+If you have UI access, connect to your Teleport cluster Web UI, open the
+management panel, and select the "Users" tab.
+
+![Screenshot of the web UI listing alice and bob users](../../../img/management/check-users-web-ui.png)
+
+Two new users `alice` and `bob` should be present.
+
+</TabItem>
+<TabItem label="via CLI">
+
+```code
+$ tctl users ls
+User                          Roles
+----------------------------- -------------------------
+@teleport-access-approval-bot @teleport-access-approver
+alice                         manager,engineer
+bob                           engineer
+bot-operator                  bot-operator
+
+# alternatively you can inspect the users details by doing
+$ tctl get user/alice
+kind: user
+metadata:
+  id: 1704849160091933780
+  labels:
+    teleport.dev/origin: kubernetes
+  name: alice
+spec:
+  created_by:
+    time: "2024-01-10T01:12:40.088581806Z"
+    user:
+      name: bot-operator
+  expires: "0001-01-01T00:00:00Z"
+  roles:
+  - manager
+  - engineer
+  status:
+    is_locked: false
+    lock_expires: "0001-01-01T00:00:00Z"
+    locked_time: "0001-01-01T00:00:00Z"
+    recovery_attempt_lock_expires: "0001-01-01T00:00:00Z"
+version: v2
+```
+
+</TabItem>
+</Tabs>
+
+### Step 4/4 - Create a password reset link
+
+At this point, the local users have been created in Teleport. However, we never
+specified any password or additional authentications factors. You must issue a
+password reset link for the users to finish their Teleport registration and be
+able to log in Teleport.
+
+User reset links contain single-use expiring tokens. Because of this, you cannot
+follow the same descriptive approach as for other Teleport resources and
+generate them via a manifest. You need to create those tokens once after the
+user creation, and securely send them to the end-user for them to register their
+password/MFA.
+
+<Tabs>
+<TabItem label="user reset via CLI">
+You can manually reset a user password via `tctl` by doing:
+
+```code
+$ tctl users reset alice
+User "alice" has been reset. Share this URL with the user to complete password reset, link is valid for 8h:
+https://teleport.example.com:443/web/reset/05b420fdc784597cbbb1d2ba65697cd8
+
+NOTE: Make sure teleport.example.com:443 points at a Teleport proxy which users can access.
+```
+
+</TabItem>
+<TabItem label="automating user reset">
+
+If you have a way to securely send reset links to the users, you can build
+automation to fit your organization's specific needs. For example:
+
+```
+$ tctl users reset alice --format=json | \
+    jq '"Sending an email to " + .spec.user +" that contains the link: " + .spec.url'
+```
+
+You must replace the `jq` command by something that actually sends the link over
+a secure channel. This channel will depend on your organization, it is usually a
+direct message, or an email.
+
+<Admonition type="tip" title="For Terraform users">
+
+You can trigger your custom script on Terraform resource creation with
+[the `local-exec` provisioner](https://developer.hashicorp.com/terraform/language/resources/provisioners/local-exec).
+
+```hcl
+resource "teleport_user" "bob" {
+  version = v2
+  metadata = {
+    name = "bob"
+  }
+
+  spec = {
+    roles = [teleport_role.engineer.metadata.name]
+  }
+  
+  # on user creation, trigger a reset flow and send the link via 
+  provisioner "local-exec" {
+    command = "tctl users reset alice --format=json | jq '\"Sending an email to \" + .spec.user +\" that contains the link: \" + .spec.url'"
+  }
+}
+
+```
+
+</Admonition>
+</TabItem>
+</Tabs>
+
+### Next Steps
+
+- Allow users with the `manager` role to grant access to production servers to
+  some `engineers` via Access Lists. Manager will need to justify and review
+  granted access periodically.
+  See [the AccessList documentation](../../access-controls/access-lists.mdx) for
+  a high-level explanation of the feature,
+  and [the AccessList IaC guide](access-list.mdx) for a step by step IaC
+  AccessList setup.
+- Allow users with the `engineer` role to request temporary access to
+  production, and have users with the `manager` role validate the requests.
+  See [the access-requests documentation](../../access-controls/access-requests.mdx)
+- You can see all supported fields in the references
+  of [the user resource](../../reference/resources.mdx#user)
+  and [the role resource](../../reference/resources.mdx#role).
diff --git a/docs/pages/reference/user-types.mdx b/docs/pages/reference/user-types.mdx
new file mode 100644
index 0000000000000..b15b60af7e1cb
--- /dev/null
+++ b/docs/pages/reference/user-types.mdx
@@ -0,0 +1,91 @@
+---
+title: User Types
+description: Describes the different types of Teleport users and their properties.
+keywords: [user,idp,sso]
+tocDepth: 3
+---
+
+This guide explains the different kinds of users in Teleport, how they are
+created, and their properties.
+
+## Local Users
+
+Local users are created directly in Teleport. They are not coming from an
+external system like an identity provider.
+
+Local users can be created via the CLI (`tctl users add`), by applying a user
+resource manifest (`tctl create -f user.yaml`) or via the web UI. Their roles
+and traits can be modified directly in Teleport.
+
+Those users can connect to Teleport directly via username/password and/or
+additional authentication factors such as webauthn physical tokens, passkeys or
+One Time Passwords.
+
+Local user login can be disabled via `cluster_auth_preference` or `teleport.yaml`.
+Disabling local authentication is required for [FIPS/FedRAMP compliance
+](../access-controls/compliance-frameworks/fedramp.mdx).
+
+### Special case: Bots
+
+Machine ID provides machines with an identity that can authenticate to the
+Teleport cluster. This identity is known as a bot. Bots are represented in
+Teleport by a user and a role resource and can be created via the
+`tctl bots add` command.
+
+Bots are not logging in like human users with a password, MFA or SSO. They join
+the cluster as Teleport services using [a join method](./join-methods.mdx). They
+can still join even if local auth is disabled. 
+
+<Admonition type="note" title="See also">
+The [Machine ID introduction](../machine-id/introduction.mdx).
+</Admonition>
+
+## SSO users
+
+Those users are imported in Teleport from an external identity provider.
+Teleport contains a user resource representing those users, but it's only a
+representation of a user of a remote system.
+
+Remote users don't log in directly in Teleport, they are redirected to their
+identity provider to perform the login challenge.
+
+Those users cannot be edited via `tctl`, or via any other IaC tooling like
+Terraform or the Teleport Kubernetes Operator. They are managed by 
+
+### Temporary users
+
+Users logging in via GitHub, SAML, or OIDC connectors are created in Teleport
+after a successful login. At that time, their roles and traits are computed
+according to the connector mappings.
+
+Those users are short-lived, they are created when a Teleport session is opened
+and automatically expires after a few days. Those users cannot be edited via
+`tctl`, only deleted.
+
+<Admonition type="note" title="See also">
+The [SSO setup guides](../access-controls/sso.mdx).
+</Admonition>
+
+### Synced users
+
+Since version 15, Teleport supports fetching users from external identity
+providers like Okta.
+
+Synchronizing users from the external IdP allows all users to be represented in
+Teleport, whether they logged in Teleport or not. The benefits of such
+integration are:
+- Automatic user locking and deletion if the user is suspended or removed in the
+  IdP.
+- Ability to see all users within Teleport regardless of the last login date.
+- All IdP users are displayed in Teleport Access Graph.
+
+The Okta synchronization service is in charge of creating new users when they
+are created in Okta, and locking/deleting users if they get deactivated/removed
+in Okta.
+
+Those users can be identified by the label `teleport.dev/origin: okta` and
+cannot be edited via `tctl`, only deleted.
+
+<Admonition type="note" title="See also">
+Okta synchronization documentation
+</Admonition>
diff --git a/examples/resources/terraform/provider-cloud.tf b/examples/resources/terraform/provider-cloud.tf
new file mode 100644
index 0000000000000..dd5637478e90c
--- /dev/null
+++ b/examples/resources/terraform/provider-cloud.tf
@@ -0,0 +1,30 @@
+terraform {
+  required_providers {
+    teleport = {
+      source  = "terraform.releases.teleport.dev/gravitational/teleport"
+      version = "~> (=teleport.major_version=).0"
+    }
+  }
+}
+
+provider "teleport" {
+  # Update addr to point to your Teleport Cloud tenant URL's host:port
+  addr               = "mytenant.teleport.sh:443"
+  identity_file_path = "terraform-identity"
+}
+
+# creates a test role, if we don't declare resources, Terraform won't try to
+# connect to Teleport and we won't be able to validate the setup.
+resource "teleport_role" "test" {
+  version = "v7"
+  metadata = {
+    name        = "test"
+    description = "Dummy role to validate Terraform Provider setup"
+    labels = {
+      test = "yes"
+    }
+  }
+
+  spec = {
+  }
+}
diff --git a/examples/resources/terraform/provider-self-hosted.tf b/examples/resources/terraform/provider-self-hosted.tf
new file mode 100644
index 0000000000000..15bcf1a25862f
--- /dev/null
+++ b/examples/resources/terraform/provider-self-hosted.tf
@@ -0,0 +1,31 @@
+terraform {
+  required_providers {
+    teleport = {
+      source  = "terraform.releases.teleport.dev/gravitational/teleport"
+      version = "~> (=teleport.major_version=).0"
+    }
+  }
+}
+
+provider "teleport" {
+  # Update addr to point to Teleport Auth/Proxy
+  # addr              = "auth.example.com:3025"
+  addr               = "proxy.example.com:443"
+  identity_file_path = "terraform-identity"
+}
+
+# creates a test role, if we don't declare resources, Terraform won't try to
+# connect to Teleport and we won't be able to validate the setup.
+resource "teleport_role" "test" {
+  version = "v7"
+  metadata = {
+    name        = "test"
+    description = "Dummy role to validate Terraform Provider setup"
+    labels = {
+      test = "yes"
+    }
+  }
+
+  spec = {
+  }
+}
diff --git a/examples/resources/terraform/terraform-user-role-cloud.tf b/examples/resources/terraform/terraform-user-role-cloud.tf
deleted file mode 100644
index da2c045fc0c67..0000000000000
--- a/examples/resources/terraform/terraform-user-role-cloud.tf
+++ /dev/null
@@ -1,85 +0,0 @@
-terraform {
-  required_providers {
-    teleport = {
-      source  = "terraform.releases.teleport.dev/gravitational/teleport"
-      version = "~> (=teleport.major_version=).0"
-    }
-  }
-}
-
-provider "teleport" {
-  # Update addr to point to your Teleport Cloud tenant URL's host:port
-  addr               = "mytenant.teleport.sh:443"
-  identity_file_path = "terraform-identity"
-}
-
-resource "teleport_role" "terraform-test" {
-  version = "v7"
-  metadata = {
-    name        = "terraform-test"
-    description = "Terraform test role"
-    labels = {
-      example = "yes"
-    }
-  }
-
-  spec = {
-    options = {
-      forward_agent           = false
-      max_session_ttl         = "30m"
-      port_forwarding         = false
-      client_idle_timeout     = "1h"
-      disconnect_expired_cert = true
-      permit_x11_forwarding   = false
-      request_access          = "denied"
-    }
-
-    allow = {
-      logins = ["this-user-does-not-exist"]
-
-      rules = [
-        {
-          resources = ["user", "role"]
-          verbs     = ["list"]
-        }
-      ]
-
-      request = {
-        roles = ["example"]
-        claims_to_roles = [
-          {
-            claim = "example"
-            value = "example"
-            roles = ["example"]
-          }
-        ]
-      }
-
-      node_labels = {
-        key    = ["example"]
-        alabel = ["with", "multiple", "values"]
-      }
-    }
-
-    deny = {
-      logins = ["anonymous"]
-    }
-  }
-}
-
-resource "teleport_user" "terraform-test" {
-  version = "v2"
-  metadata = {
-    name        = "terraform-test"
-    description = "Test terraform user"
-    expires     = "2022-10-12T07:20:50Z"
-
-    labels = {
-      test = "true"
-    }
-  }
-
-  spec = {
-    roles = ["terraform-test"]
-  }
-}
diff --git a/examples/resources/terraform/terraform-user-role-self-hosted.tf b/examples/resources/terraform/terraform-user-role-self-hosted.tf
deleted file mode 100644
index 9ea26a644e7ee..0000000000000
--- a/examples/resources/terraform/terraform-user-role-self-hosted.tf
+++ /dev/null
@@ -1,86 +0,0 @@
-terraform {
-  required_providers {
-    teleport = {
-      source  = "terraform.releases.teleport.dev/gravitational/teleport"
-      version = "~> (=teleport.major_version=).0"
-    }
-  }
-}
-
-provider "teleport" {
-  # Update addr to point to Teleport Auth/Proxy
-  # addr              = "auth.example.com:3025"
-  addr               = "proxy.example.com:443"
-  identity_file_path = "terraform-identity"
-}
-
-resource "teleport_role" "terraform-test" {
-  version = "v7"
-  metadata = {
-    name        = "terraform-test"
-    description = "Terraform test role"
-    labels = {
-      example = "yes"
-    }
-  }
-
-  spec = {
-    options = {
-      forward_agent           = false
-      max_session_ttl         = "30m"
-      port_forwarding         = false
-      client_idle_timeout     = "1h"
-      disconnect_expired_cert = true
-      permit_x11_forwarding   = false
-      request_access          = "denied"
-    }
-
-    allow = {
-      logins = ["this-user-does-not-exist"]
-
-      rules = [
-        {
-          resources = ["user", "role"]
-          verbs     = ["list"]
-        }
-      ]
-
-      request = {
-        roles = ["example"]
-        claims_to_roles = [
-          {
-            claim = "example"
-            value = "example"
-            roles = ["example"]
-          }
-        ]
-      }
-
-      node_labels = {
-        key    = ["example"]
-        alabel = ["with", "multiple", "values"]
-      }
-    }
-
-    deny = {
-      logins = ["anonymous"]
-    }
-  }
-}
-
-resource "teleport_user" "terraform-test" {
-  version = "v2"
-  metadata = {
-    name        = "terraform-test"
-    description = "Test terraform user"
-    expires     = "2022-10-12T07:20:50Z"
-
-    labels = {
-      test = "true"
-    }
-  }
-
-  spec = {
-    roles = ["terraform-test"]
-  }
-}

From 9ae3baa8bf7a23819481c20571cd68267fd0adfc Mon Sep 17 00:00:00 2001
From: Hugo Shaka <hugo.hervieux@goteleport.com>
Date: Fri, 2 Feb 2024 11:18:27 -0500
Subject: [PATCH 2/8] reformat docs/config.json

---
 docs/config.json | 218 +++++++++++++++++++++++------------------------
 1 file changed, 109 insertions(+), 109 deletions(-)

diff --git a/docs/config.json b/docs/config.json
index d0dd0cc06a486..401f91f1489e6 100644
--- a/docs/config.json
+++ b/docs/config.json
@@ -8,10 +8,10 @@
           "title": "Get Started with Teleport",
           "slug": "/"
         },
-	{
-	  "title": "Documentation Overview",
-	  "slug": "/documentation-overview/"
-	},
+        {
+          "title": "Documentation Overview",
+          "slug": "/documentation-overview/"
+        },
         {
           "title": "Core Concepts",
           "slug": "/core-concepts/"
@@ -20,50 +20,50 @@
           "title": "Installation",
           "slug": "/installation/"
         },
-	{
-	  "title": "Upgrading",
-	  "slug": "/upgrading/",
-	  "entries": [
-	    {
-	      "title": "Compatibility Overview",
-	      "slug": "/upgrading/overview/"
-	    },
-	    {
-	      "title": "Teleport Cloud Agents (Linux)",
-	      "slug": "/upgrading/cloud-linux/",
-	      "forScopes": ["cloud", "team"]
-	    },
-	    {
-	      "title": "Teleport Cloud Agents (Kubernetes)",
-	      "slug": "/upgrading/cloud-kubernetes/",
-	      "forScopes": ["cloud", "team"]
-	    },
+        {
+          "title": "Upgrading",
+          "slug": "/upgrading/",
+          "entries": [
+            {
+              "title": "Compatibility Overview",
+              "slug": "/upgrading/overview/"
+            },
+            {
+              "title": "Teleport Cloud Agents (Linux)",
+              "slug": "/upgrading/cloud-linux/",
+              "forScopes": ["cloud", "team"]
+            },
+            {
+              "title": "Teleport Cloud Agents (Kubernetes)",
+              "slug": "/upgrading/cloud-kubernetes/",
+              "forScopes": ["cloud", "team"]
+            },
             {
               "title": "Self-Hosted Linux",
               "slug": "/upgrading/self-hosted-linux/",
               "forScopes": ["enterprise", "oss"]
             },
-	    {
-	      "title": "Self-Hosted Kubernetes",
-	      "slug": "/upgrading/self-hosted-kubernetes/",
-	      "forScopes": ["enterprise", "oss"]
-	    },
+            {
+              "title": "Self-Hosted Kubernetes",
+              "slug": "/upgrading/self-hosted-kubernetes/",
+              "forScopes": ["enterprise", "oss"]
+            },
             {
               "title": "Self-Hosted Automatic Upgrades",
               "slug": "/upgrading/self-hosted-automatic-agent-updates/",
               "forScopes": ["enterprise"]
             }
-	  ]
-	},
+          ]
+        },
         {
           "title": "FAQ",
           "slug": "/faq/"
         },
-	{
-	  "title": "Usage Reporting and Billing",
-	  "slug": "/usage-billing/",
-	  "forScopes": ["cloud", "team", "enterprise"]
-	},
+        {
+          "title": "Usage Reporting and Billing",
+          "slug": "/usage-billing/",
+          "forScopes": ["cloud", "team", "enterprise"]
+        },
         {
           "title": "Upcoming Releases",
           "slug": "/upcoming-releases/"
@@ -90,7 +90,7 @@
         {
           "title": "Teleport Team",
           "slug": "/choose-an-edition/teleport-team/",
-	  "forScopes": ["team"]
+          "forScopes": ["team"]
         },
         {
           "title": "Teleport Enterprise Cloud",
@@ -509,11 +509,11 @@
               "slug": "/access-controls/access-requests/resource-requests/",
               "forScopes": ["enterprise", "cloud"]
             },
-	    {
-	      "title": "Configure Access Requests",
+            {
+              "title": "Configure Access Requests",
               "slug": "/access-controls/access-requests/access-request-configuration/",
               "forScopes": ["enterprise", "cloud"]
-	    },
+            },
             {
               "title": "Access Requests in Teleport Community Edition",
               "slug": "/access-controls/access-requests/oss-role-requests/",
@@ -604,37 +604,37 @@
           "title": "Introduction",
           "slug": "/management/introduction/"
         },
-	{
-	  "title": "Using Dynamic Resources",
-	  "slug": "/management/dynamic-resources/",
-	  "entries": [
-        {
-          "title": "Managing Users and Roles",
-          "slug": "/management/dynamic-resources/user-and-role/"
-        },
-        {
-          "title": "Managing Access Lists",
-          "slug": "/management/dynamic-resources/access-list/"
-        },
-	    {
-          "title": "Kubernetes Operator",
-          "slug": "/management/dynamic-resources/teleport-operator/"
-        },
-        {
-          "title": "Kubernetes Operator in teleport-cluster Helm chart",
-          "slug": "/management/dynamic-resources/teleport-operator-helm/",
-          "forScopes": ["oss","enterprise"]
-        },
         {
-          "title": "Standalone Kubernetes Operator",
-          "slug": "/management/dynamic-resources/teleport-operator-standalone/"
+          "title": "Using Dynamic Resources",
+          "slug": "/management/dynamic-resources/",
+          "entries": [
+            {
+              "title": "Managing Users and Roles",
+              "slug": "/management/dynamic-resources/user-and-role/"
+            },
+            {
+              "title": "Managing Access Lists",
+              "slug": "/management/dynamic-resources/access-list/"
+            },
+            {
+              "title": "Kubernetes Operator",
+              "slug": "/management/dynamic-resources/teleport-operator/"
+            },
+            {
+              "title": "Kubernetes Operator in teleport-cluster Helm chart",
+              "slug": "/management/dynamic-resources/teleport-operator-helm/",
+              "forScopes": ["oss","enterprise"]
+            },
+            {
+              "title": "Standalone Kubernetes Operator",
+              "slug": "/management/dynamic-resources/teleport-operator-standalone/"
+            },
+            {
+              "title": "Terraform Provider",
+              "slug": "/management/dynamic-resources/terraform-provider/"
+            }
+          ]
         },
-        {
-          "title": "Terraform Provider",
-          "slug": "/management/dynamic-resources/terraform-provider/"
-        }
-	  ]
-	},
         {
           "title": "Admin Guides",
           "slug": "/management/admin/",
@@ -872,24 +872,24 @@
           "title": "Getting Started",
           "slug": "/application-access/getting-started/"
         },
-	{
-	    "title": "Enroll Kubernetes Applications",
-	    "slug": "/application-access/enroll-kubernetes-applications/",
-	    "entries":[
-		{
-		    "title": "Get Started",
-		    "slug": "/application-access/enroll-kubernetes-applications/get-started/"
-		},
-		{
-		    "title": "Architecture",
-		    "slug": "/application-access/enroll-kubernetes-applications/architecture/"
-		},
-		{
-		    "title": "Reference",
-		    "slug": "/application-access/enroll-kubernetes-applications/reference/"
-		}
-	    ]
-	},
+        {
+          "title": "Enroll Kubernetes Applications",
+          "slug": "/application-access/enroll-kubernetes-applications/",
+          "entries":[
+            {
+              "title": "Get Started",
+              "slug": "/application-access/enroll-kubernetes-applications/get-started/"
+            },
+            {
+              "title": "Architecture",
+              "slug": "/application-access/enroll-kubernetes-applications/architecture/"
+            },
+            {
+              "title": "Reference",
+              "slug": "/application-access/enroll-kubernetes-applications/reference/"
+            }
+          ]
+        },
         {
           "title": "Securing Cloud Provider APIs",
           "slug": "/application-access/cloud-apis/",
@@ -1556,10 +1556,10 @@
               "title": "Telemetry",
               "slug": "/machine-id/reference/telemetry/"
             },
-	    {
-	    	"title": "Upgrading to v14",
-	    	"slug": "/machine-id/reference/v14-upgrade-guide/"
-	    }
+            {
+              "title": "Upgrading to v14",
+              "slug": "/machine-id/reference/v14-upgrade-guide/"
+            }
           ]
         },
         {
@@ -1623,23 +1623,23 @@
           "title": "Command Line",
           "slug": "/reference/cli/",
           "entries": [
-	      {
-	      	  "title": "teleport",
-	      	  "slug": "/reference/cli/teleport/"
-	      },
-	      {
-	      	  "title": "tsh",
-	      	  "slug": "/reference/cli/tsh/"
-	      },
-	      {
-	      	  "title": "tctl",
-	      	  "slug": "/reference/cli/tctl/"
-	      },
-	      {
-	      	  "title": "tbot",
-	      	  "slug": "/reference/cli/tbot/"
-	      }
-	  ]
+            {
+              "title": "teleport",
+              "slug": "/reference/cli/teleport/"
+            },
+            {
+              "title": "tsh",
+              "slug": "/reference/cli/tsh/"
+            },
+            {
+              "title": "tctl",
+              "slug": "/reference/cli/tctl/"
+            },
+            {
+              "title": "tbot",
+              "slug": "/reference/cli/tbot/"
+            }
+          ]
         },
         {
           "title": "Metrics",
@@ -1690,9 +1690,9 @@
               "title": "teleport-cluster",
               "slug": "/reference/helm-reference/teleport-cluster/",
               "forScopes": [
-              	  "oss",
-              	  "enterprise"
-	      ]
+                "oss",
+                "enterprise"
+              ]
             },
             {
               "title": "teleport-kube-agent",

From becce18e49cc892ae5c7d874f7af123ce5e75afa Mon Sep 17 00:00:00 2001
From: Hugo Shaka <hugo.hervieux@goteleport.com>
Date: Fri, 2 Feb 2024 11:36:52 -0500
Subject: [PATCH 3/8] address feedback

---
 docs/pages/management/dynamic-resources.mdx   |  5 +--
 .../dynamic-resources/access-list.mdx         | 35 +++++++++----------
 .../teleport-operator-helm.mdx                |  2 +-
 .../teleport-operator-standalone.mdx          |  2 --
 .../dynamic-resources/user-and-role.mdx       | 31 +++++++---------
 docs/pages/reference/user-types.mdx           |  4 ---
 6 files changed, 33 insertions(+), 46 deletions(-)

diff --git a/docs/pages/management/dynamic-resources.mdx b/docs/pages/management/dynamic-resources.mdx
index bdaff0c841877..d74b2eef65f39 100644
--- a/docs/pages/management/dynamic-resources.mdx
+++ b/docs/pages/management/dynamic-resources.mdx
@@ -60,8 +60,9 @@ of Teleport's configuration interface makes it well suited for
 infrastructure-as-code and GitOps approaches.
 
 You can get started with `tctl`, the Terraform Provider, and the Kubernetes
-Operator by following
-the ["Managing Users and Roles with IaC" guide](./dynamic-resources/user-and-role.mdx)
+Operator by following: 
+- the ["Managing Users and Roles with IaC" guide](./dynamic-resources/user-and-role.mdx)
+- the ["Creating Access Lists with IaC" guide](./dynamic-resources/access-list.mdx)
 
 For more information on Teleport roles, including the `internal.logins`
 trait we use in these example roles, see the [Teleport Access
diff --git a/docs/pages/management/dynamic-resources/access-list.mdx b/docs/pages/management/dynamic-resources/access-list.mdx
index d5f0e4f97cf4c..0e82aed307ff6 100644
--- a/docs/pages/management/dynamic-resources/access-list.mdx
+++ b/docs/pages/management/dynamic-resources/access-list.mdx
@@ -7,9 +7,10 @@ Access Lists allow Teleport users to be granted long-term access to resources
 managed within Teleport. With Access Lists, administrators can regularly audit and control membership to specific roles and
 traits, which then tie easily back into Teleport's existing RBAC system.
 
-In this guide, we'll follow up on [the IaC users and roles guide]()
-by allowing users with the `manager` role to grant the `support-engineer` role
-to users meeting specific criteria.
+In this guide, we'll follow up
+on [the IaC users and roles guide](./user-and-role.mdx) by allowing users with
+the `manager` role to grant the `support-engineer` role to users meeting
+specific criteria.
 
 Please note that Access Lists can be managed via IaC but Access List memberships
 cannot. The goal of Access Lists is to decentralize granting and reviewing
@@ -20,14 +21,15 @@ This reduces the load on the centralized IaC/security team, ensures the access
 reviewer is aware of the context, reduces the request resolution time, and
 ensures access grants are periodically reviewed.
 
-### Prerequisites
+## Prerequisites
 
-To follow this guide, you must follow first [the basic users and roles IaC guide]().
-We will reuse its users and roles for our Access List.
+To follow this guide, you must follow
+first [the basic users and roles IaC guide](./user-and-role.mdx). We will reuse
+its users and roles for our Access List.
 
-## Step 1/3. Write manifests
+## Step 1/3 - Write manifests
 
-#### Write the privileged role manifest
+### Write the privileged role manifest
 
 We will create a new role `support-engineer` that grants access to production
 servers. The `engineer` role from the previous guide was only granting access to
@@ -57,8 +59,8 @@ spec:
 Create the following `privileged-role.yaml` file:
 
 ```yaml
-apiVersion: resources.teleport.dev/v5
-kind: TeleportRole
+apiVersion: resources.teleport.dev/v1
+kind: TeleportRoleV7
 metadata:
   name: support-engineer
 spec:
@@ -68,11 +70,6 @@ spec:
       'env': [ 'production' ]
 ```
 
-<Admonition type="note">
-The role version is v5 because the Teleport Kubernetes Operator doesn't support
-yet roles v6 and v7.
-</Admonition>
-
 </TabItem>
 <TabItem label="Terraform">
 
@@ -99,7 +96,7 @@ resource "teleport_role" "support-engineer" {
 </TabItem>
 </Tabs>
 
-#### Write the Access List manifest
+### Write the Access List manifest
 
 In this step we'll create an Access List that allows users with the `manager`
 role such as  `alice` to grant access to production to users with the `engineer`
@@ -209,7 +206,7 @@ resource "teleport_access_list" "support-engineers" {
 </TabItem>
 </Tabs>
 
-## Step 2/3. Apply the manifests
+## Step 2/3 - Apply the manifests
 
 <Tabs>
 <TabItem label="tctl">
@@ -258,7 +255,7 @@ teleport_access_list.support-engineers: Creation complete after 0s [id=support-e
 </TabItem>
 </Tabs>
 
-## Step 3/3. Log in as `alice` and grant access to `bob`
+## Step 3/3 - Log in as `alice` and grant access to `bob`
 
 Now, you created an Access List allowing `alice` to grant the `support-engineer`
 role to its engineers.
@@ -297,7 +294,7 @@ Members of support-engineers:
 </TabItem>
 </Tabs>
 
-### Next steps
+## Next steps
 
 You can see all supported Access List fields
 [in the Access List reference](../../access-controls/access-lists/reference.mdx).
diff --git a/docs/pages/management/dynamic-resources/teleport-operator-helm.mdx b/docs/pages/management/dynamic-resources/teleport-operator-helm.mdx
index c161d8ce93ebc..85e21a678063b 100644
--- a/docs/pages/management/dynamic-resources/teleport-operator-helm.mdx
+++ b/docs/pages/management/dynamic-resources/teleport-operator-helm.mdx
@@ -35,7 +35,7 @@ $ kubectl cluster-info
   ```
 </Admonition>
 
-## Step 1/2. Install teleport-cluster Helm chart with the operator
+## Step 1/2 - Install teleport-cluster Helm chart with the operator
 
 (!docs/pages/kubernetes-access/helm/includes/helm-repo-add.mdx!)
 
diff --git a/docs/pages/management/dynamic-resources/teleport-operator-standalone.mdx b/docs/pages/management/dynamic-resources/teleport-operator-standalone.mdx
index e8b391c05d27a..d2ba5ef50c4ef 100644
--- a/docs/pages/management/dynamic-resources/teleport-operator-standalone.mdx
+++ b/docs/pages/management/dynamic-resources/teleport-operator-standalone.mdx
@@ -138,6 +138,4 @@ Helm Chart parameters are documented in the [`teleport-operator` Helm chart refe
 
 ## Troubleshooting
 
-TODO: add troubleshooting steps for operator pod
-
 (!docs/pages/includes/diagnostics/kubernetes-operator-troubleshooting.mdx!)
diff --git a/docs/pages/management/dynamic-resources/user-and-role.mdx b/docs/pages/management/dynamic-resources/user-and-role.mdx
index b6a4f19ff15a2..9a1be5196a205 100644
--- a/docs/pages/management/dynamic-resources/user-and-role.mdx
+++ b/docs/pages/management/dynamic-resources/user-and-role.mdx
@@ -1,5 +1,5 @@
 ---
-title: Managing users and roles with IaC
+title: Managing Users And Roles With IaC
 description: Use Infrastructure-as-Code tooling to create Teleport users and roles.
 ---
 
@@ -14,7 +14,7 @@ create resources from code:
 - The `tctl` CLI that allows you to manage Teleport resources from your local
   computer or your CI environment
 
-### Prerequisites
+## Prerequisites
 
 To follow this guide, you must have:
 
@@ -49,7 +49,7 @@ A functional Teleport Terraform provider by following [the Terraform provider gu
 </TabItem>
 </Tabs>
 
-### Step 1/4 - Write manifests
+## Step 1/4 - Write manifests
 
 In this step, we'll write text files describing the resources we want in
 Teleport. Those files are called manifests and their syntax will vary based on
@@ -60,7 +60,7 @@ This allows you to keep track of all changes, follow standard code review
 procedures before changing resources in Teleport, and quickly redeploy your
 Teleport instance if needed.
 
-#### Write role manifests
+### Write role manifests
 
 We will create 2 roles:
 
@@ -103,8 +103,8 @@ spec:
 Create the following `roles.yaml` file:
 
 ```yaml
-apiVersion: resources.teleport.dev/v5
-kind: TeleportRole
+apiVersion: resources.teleport.dev/v1
+kind: TeleportRoleV7
 metadata:
   name: manager
 spec:
@@ -115,8 +115,8 @@ spec:
       - resources: ['session', 'event']
         verbs: ['list', 'read']
 ---
-apiVersion: resources.teleport.dev/v5
-kind: TeleportRole
+apiVersion: resources.teleport.dev/v1
+kind: TeleportRoleV7
 metadata:
   name: engineer
 spec:
@@ -126,11 +126,6 @@ spec:
       'env': ['test', 'staging']
 ```
 
-<Admonition type="note">
-The role version is v5 because the Teleport Kubernetes Operator doesn't support
-yet roles v6 and v7.
-</Admonition>
-
 <Admonition type="note">
   Kubernetes validates all custom resource names to follow RFC 1123, which
   includes specifications for hostnames. This requires the `metadata.name` field
@@ -187,7 +182,7 @@ resource "teleport_role" "engineer" {
 </TabItem>
 </Tabs>
 
-#### Write user manifests
+### Write user manifests
 
 We will create 2 users:
 - Bob, an engineer with the `engineer` role.
@@ -290,7 +285,7 @@ resource "teleport_user" "bob" {
 </TabItem>
 </Tabs>
 
-### Step 2/4 - Apply all manifests
+## Step 2/4 - Apply all manifests
 
 <Tabs>
 <TabItem label="tctl">
@@ -361,7 +356,7 @@ Apply complete! Resources: 4 added, 0 changed, 0 destroyed.
 </TabItem>
 </Tabs>
 
-### Step 3/4 - Validate users were created
+## Step 3/4 - Validate users were created
 
 Now that the IaC tooling has run, we'll validate that the users were properly
 created and granted the correct roles.
@@ -416,7 +411,7 @@ version: v2
 </TabItem>
 </Tabs>
 
-### Step 4/4 - Create a password reset link
+## Step 4/4 - Create a password reset link
 
 At this point, the local users have been created in Teleport. However, we never
 specified any password or additional authentications factors. You must issue a
@@ -484,7 +479,7 @@ resource "teleport_user" "bob" {
 </TabItem>
 </Tabs>
 
-### Next Steps
+## Next Steps
 
 - Allow users with the `manager` role to grant access to production servers to
   some `engineers` via Access Lists. Manager will need to justify and review
diff --git a/docs/pages/reference/user-types.mdx b/docs/pages/reference/user-types.mdx
index b15b60af7e1cb..e0acbf250acb5 100644
--- a/docs/pages/reference/user-types.mdx
+++ b/docs/pages/reference/user-types.mdx
@@ -85,7 +85,3 @@ in Okta.
 
 Those users can be identified by the label `teleport.dev/origin: okta` and
 cannot be edited via `tctl`, only deleted.
-
-<Admonition type="note" title="See also">
-Okta synchronization documentation
-</Admonition>

From a5b8bcddff515c02e77eb0f5623eb719e1ed5433 Mon Sep 17 00:00:00 2001
From: Hugo Shaka <hugo.hervieux@goteleport.com>
Date: Fri, 2 Feb 2024 11:38:29 -0500
Subject: [PATCH 4/8] Apply suggestions from code review

Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
---
 docs/pages/reference/user-types.mdx | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/docs/pages/reference/user-types.mdx b/docs/pages/reference/user-types.mdx
index e0acbf250acb5..6ecd41f785f79 100644
--- a/docs/pages/reference/user-types.mdx
+++ b/docs/pages/reference/user-types.mdx
@@ -8,7 +8,7 @@ tocDepth: 3
 This guide explains the different kinds of users in Teleport, how they are
 created, and their properties.
 
-## Local Users
+## Local users
 
 Local users are created directly in Teleport. They are not coming from an
 external system like an identity provider.
@@ -18,8 +18,8 @@ resource manifest (`tctl create -f user.yaml`) or via the web UI. Their roles
 and traits can be modified directly in Teleport.
 
 Those users can connect to Teleport directly via username/password and/or
-additional authentication factors such as webauthn physical tokens, passkeys or
-One Time Passwords.
+additional authentication factors such as WebAuthn physical tokens, passkeys, or
+one-time passwords.
 
 Local user login can be disabled via `cluster_auth_preference` or `teleport.yaml`.
 Disabling local authentication is required for [FIPS/FedRAMP compliance
@@ -32,17 +32,15 @@ Teleport cluster. This identity is known as a bot. Bots are represented in
 Teleport by a user and a role resource and can be created via the
 `tctl bots add` command.
 
-Bots are not logging in like human users with a password, MFA or SSO. They join
+Unlike human users, who use a password, MFA, or SSO, bot users join
 the cluster as Teleport services using [a join method](./join-methods.mdx). They
 can still join even if local auth is disabled. 
 
-<Admonition type="note" title="See also">
-The [Machine ID introduction](../machine-id/introduction.mdx).
-</Admonition>
+See the [Machine ID introduction](../machine-id/introduction.mdx) for more information.
 
 ## SSO users
 
-Those users are imported in Teleport from an external identity provider.
+Single Sign-On (SSO) users are imported in Teleport from an external identity provider.
 Teleport contains a user resource representing those users, but it's only a
 representation of a user of a remote system.
 
@@ -58,8 +56,8 @@ Users logging in via GitHub, SAML, or OIDC connectors are created in Teleport
 after a successful login. At that time, their roles and traits are computed
 according to the connector mappings.
 
-Those users are short-lived, they are created when a Teleport session is opened
-and automatically expires after a few days. Those users cannot be edited via
+Those users are short-lived: they are created when a Teleport session is opened
+and automatically expire after a few days. Those users cannot be edited via
 `tctl`, only deleted.
 
 <Admonition type="note" title="See also">

From 70f834ad233d8a70988986f1eb17ccd9779c586d Mon Sep 17 00:00:00 2001
From: Hugo Shaka <hugo.hervieux@goteleport.com>
Date: Fri, 2 Feb 2024 11:39:51 -0500
Subject: [PATCH 5/8] Apply suggestions from code review

Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
---
 .../dynamic-resources/user-and-role.mdx       | 26 +++++++++----------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/docs/pages/management/dynamic-resources/user-and-role.mdx b/docs/pages/management/dynamic-resources/user-and-role.mdx
index 9a1be5196a205..5212775d7033b 100644
--- a/docs/pages/management/dynamic-resources/user-and-role.mdx
+++ b/docs/pages/management/dynamic-resources/user-and-role.mdx
@@ -1,17 +1,17 @@
 ---
 title: Managing Users And Roles With IaC
-description: Use Infrastructure-as-Code tooling to create Teleport users and roles.
+description: Use infrastructure-as-code tooling to create Teleport users and roles.
 ---
 
 In this guide, you will see how to create users and grant them roles through
-Infrastructure-as-Code (IaC). Teleports supports three ways to dynamically
+infrastructure as code (IaC). Teleports supports three ways to dynamically
 create resources from code:
 
-- The Teleport Kubernetes Operator that allows you to manage Teleport resources
+- The Teleport Kubernetes Operator, which allows you to manage Teleport resources
   from Kubernetes
-- The Teleport Terraform Provider that allows you to manage Teleport Resources
+- The Teleport Terraform Provider, which allows you to manage Teleport resources
   via Terraform
-- The `tctl` CLI that allows you to manage Teleport resources from your local
+- The `tctl` CLI, which allows you to manage Teleport resources from your local
   computer or your CI environment
 
 ## Prerequisites
@@ -24,7 +24,7 @@ To follow this guide, you must have:
 (!docs/pages/includes/edition-prereqs-tabs.mdx!)
 
 </TabItem>
-<TabItem label="operator">
+<TabItem label="Kubernetes Operator">
 
 A running operator by following either:
 - [the guide to enable the operator in the `teleport-cluster` Helm chart](./teleport-operator-helm.mdx).
@@ -64,9 +64,9 @@ Teleport instance if needed.
 
 We will create 2 roles:
 
-- `manager` that allows listing users, roles and reviewing audit events and
+- `manager` allows listing users and roles, as well as reviewing audit events and
   session contents.
-- `engineer` that grants access to dev and staging servers.
+- `engineer` grants access to dev and staging servers.
 
 <Tabs>
 <TabItem label="tctl">
@@ -362,7 +362,7 @@ Now that the IaC tooling has run, we'll validate that the users were properly
 created and granted the correct roles.
 
 <Tabs>
-<TabItem label="via the UI">
+<TabItem label="Via the UI">
 
 If you have UI access, connect to your Teleport cluster Web UI, open the
 management panel, and select the "Users" tab.
@@ -372,7 +372,7 @@ management panel, and select the "Users" tab.
 Two new users `alice` and `bob` should be present.
 
 </TabItem>
-<TabItem label="via CLI">
+<TabItem label="Via CLI">
 
 ```code
 $ tctl users ls
@@ -448,8 +448,8 @@ $ tctl users reset alice --format=json | \
 ```
 
 You must replace the `jq` command by something that actually sends the link over
-a secure channel. This channel will depend on your organization, it is usually a
-direct message, or an email.
+a secure channel. This channel will depend on your organization. It is usually a
+direct message or an email.
 
 <Admonition type="tip" title="For Terraform users">
 
@@ -490,7 +490,7 @@ resource "teleport_user" "bob" {
   AccessList setup.
 - Allow users with the `engineer` role to request temporary access to
   production, and have users with the `manager` role validate the requests.
-  See [the access-requests documentation](../../access-controls/access-requests.mdx)
+  See [the Access Requests documentation](../../access-controls/access-requests.mdx)
 - You can see all supported fields in the references
   of [the user resource](../../reference/resources.mdx#user)
   and [the role resource](../../reference/resources.mdx#role).

From 6b6c939b921305d1c670f1303432b29d4cafa7c6 Mon Sep 17 00:00:00 2001
From: Hugo Shaka <hugo.hervieux@goteleport.com>
Date: Fri, 2 Feb 2024 11:43:21 -0500
Subject: [PATCH 6/8] align label names

---
 .../dynamic-resources/access-list.mdx          |  6 +++---
 .../dynamic-resources/user-and-role.mdx        | 18 +++++++++---------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/docs/pages/management/dynamic-resources/access-list.mdx b/docs/pages/management/dynamic-resources/access-list.mdx
index 0e82aed307ff6..f96cb6355874a 100644
--- a/docs/pages/management/dynamic-resources/access-list.mdx
+++ b/docs/pages/management/dynamic-resources/access-list.mdx
@@ -54,7 +54,7 @@ spec:
 ```
 
 </TabItem>
-<TabItem label="Operator">
+<TabItem label="Kubernetes Operator">
 
 Create the following `privileged-role.yaml` file:
 
@@ -133,7 +133,7 @@ spec:
 ```
 
 </TabItem>
-<TabItem label="Operator">
+<TabItem label="Kubernetes Operator">
 
 Create the following `accesslist.yaml` file:
 
@@ -225,7 +225,7 @@ with a non-existing role is invalid and will be rejected by Teleport.
 </Admonition>
 
 </TabItem>
-<TabItem label="Operator">
+<TabItem label="Kubernetes Operator">
 
 Create the Kubernetes CRs with the following commands:
 
diff --git a/docs/pages/management/dynamic-resources/user-and-role.mdx b/docs/pages/management/dynamic-resources/user-and-role.mdx
index 5212775d7033b..c4fa00ef3253d 100644
--- a/docs/pages/management/dynamic-resources/user-and-role.mdx
+++ b/docs/pages/management/dynamic-resources/user-and-role.mdx
@@ -42,7 +42,7 @@ $ export OPERATOR_NAMESPACE="teleport-iac"
 ```
 
 </TabItem>
-<TabItem label="terraform">
+<TabItem label="Terraform">
 
 A functional Teleport Terraform provider by following [the Terraform provider guide](./terraform-provider.mdx).
 
@@ -98,7 +98,7 @@ spec:
 ```
 
 </TabItem>
-<TabItem label="operator">
+<TabItem label="Kubernetes Operator">
 
 Create the following `roles.yaml` file:
 
@@ -135,7 +135,7 @@ spec:
 </Admonition>
 
 </TabItem>
-<TabItem label="terraform">
+<TabItem label="Terraform">
 
 Create the following `roles.tf` file:
 
@@ -217,7 +217,7 @@ spec:
 ```
 
 </TabItem>
-<TabItem label="operator">
+<TabItem label="Kubernetes Operator">
 
 Create the file `users.yaml` with the following content:
 
@@ -246,7 +246,7 @@ spec:
 </Admonition>
 
 </TabItem>
-<TabItem label="terraform">
+<TabItem label="Terraform">
 
 Create the file `users.tf` with the following content:
 
@@ -306,7 +306,7 @@ with a non-existing role is invalid and might be rejected by Teleport.
 </Admonition>
 
 </TabItem>
-<TabItem label="operator">
+<TabItem label="Kubernetes Operator">
 
 ```code
 $ kubectl apply -n "$OPERATOR_NAMESPACE" -f roles.yaml
@@ -333,7 +333,7 @@ $ kubectl get teleportusers -n "$OPERATOR_NAMESPACE"
 ```
 
 </TabItem>
-<TabItem label="terraform">
+<TabItem label="Terraform">
 
 ```code
 $ terraform plan
@@ -425,7 +425,7 @@ user creation, and securely send them to the end-user for them to register their
 password/MFA.
 
 <Tabs>
-<TabItem label="user reset via CLI">
+<TabItem label="User reset via CLI">
 You can manually reset a user password via `tctl` by doing:
 
 ```code
@@ -437,7 +437,7 @@ NOTE: Make sure teleport.example.com:443 points at a Teleport proxy which users
 ```
 
 </TabItem>
-<TabItem label="automating user reset">
+<TabItem label="Automating user reset">
 
 If you have a way to securely send reset links to the users, you can build
 automation to fit your organization's specific needs. For example:

From 0ebbe4f7fdcd0d06402aeff5b12adad92e47e77c Mon Sep 17 00:00:00 2001
From: Hugo Shaka <hugo.hervieux@goteleport.com>
Date: Fri, 2 Feb 2024 16:39:33 -0500
Subject: [PATCH 7/8] address feedback

---
 docs/cspell.json                              |  6 ++++-
 .../teleport-operator-helm.mdx                |  4 +--
 .../teleport-operator-standalone.mdx          |  8 +++---
 .../dynamic-resources/user-and-role.mdx       | 24 +++++++----------
 docs/pages/reference/introduction.mdx         |  1 +
 docs/pages/reference/user-types.mdx           | 27 ++++++++++++-------
 6 files changed, 39 insertions(+), 31 deletions(-)

diff --git a/docs/cspell.json b/docs/cspell.json
index cdb536a1561fa..02a2c1eb6ab5f 100644
--- a/docs/cspell.json
+++ b/docs/cspell.json
@@ -232,6 +232,7 @@
     "Zqar",
     "Zrpsaln",
     "abcdefghijklm",
+    "accesslist",
     "aclfile",
     "acmecorp",
     "acpi",
@@ -787,6 +788,8 @@
     "tctl",
     "teleadmins",
     "telenode",
+    "teleportaccesslist",
+    "teleportaccesslists",
     "teleportauditlogssofailed",
     "teleportblob",
     "teleportdemo",
@@ -796,8 +799,9 @@
     "teleportdevprotocol",
     "teleporters",
     "teleportproxy",
-    "teleportroles",
+    "teleportrolev",
     "teleportrolesv",
+    "teleportuser",
     "teleportusers",
     "teleportversionoverride",
     "teleportyaml",
diff --git a/docs/pages/management/dynamic-resources/teleport-operator-helm.mdx b/docs/pages/management/dynamic-resources/teleport-operator-helm.mdx
index 85e21a678063b..5c5850a252168 100644
--- a/docs/pages/management/dynamic-resources/teleport-operator-helm.mdx
+++ b/docs/pages/management/dynamic-resources/teleport-operator-helm.mdx
@@ -35,7 +35,7 @@ $ kubectl cluster-info
   ```
 </Admonition>
 
-## Step 1/2 - Install teleport-cluster Helm chart with the operator
+## Step 1/2. Install teleport-cluster Helm chart with the operator
 
 (!docs/pages/kubernetes-access/helm/includes/helm-repo-add.mdx!)
 
@@ -86,7 +86,7 @@ $ helm install teleport-cluster teleport/teleport-cluster \
 This command installs the required Kubernetes CRDs and deploys the Teleport Kubernetes Operator next to the Teleport
 cluster. All resources (except CRDs, which are cluster-scoped) are created in the `teleport-cluster` namespace.
 
-## Step 2/2 - Validate the cluster and operator are running and healthy
+## Step 2/2. Validate the cluster and operator are running and healthy
 
 ```code
 $ kubectl get deployments -n <Var name="teleport-cluster"/>
diff --git a/docs/pages/management/dynamic-resources/teleport-operator-standalone.mdx b/docs/pages/management/dynamic-resources/teleport-operator-standalone.mdx
index d2ba5ef50c4ef..f146258278e2d 100644
--- a/docs/pages/management/dynamic-resources/teleport-operator-standalone.mdx
+++ b/docs/pages/management/dynamic-resources/teleport-operator-standalone.mdx
@@ -34,7 +34,7 @@ $ kubectl cluster-info
   ```
 </Admonition>
 
-### Step 1/4 - Create the operator role
+### Step 1/4. Create the operator role
 
 In this step we create the role the operator uses to interact with Teleport resources.
 
@@ -51,7 +51,7 @@ resources, you will need to re-apply the operator role manifest. This will grant
 the operator access to the new resources.
 </Admonition>
 
-### Step 2/4 - Create the operator join token
+### Step 2/4. Create the operator join token
 
 The join token is used by the operator on each startup to join the Teleport cluster and retrieve its client certificates.
 
@@ -91,7 +91,7 @@ To establish trust between the connecting operator and Teleport, we are delegati
    $ export CLUSTER_NAME="$(tctl status | awk '/Cluster/ {print $2}')"
    ```
 
-### Step 3/4 - Create the operator bot
+### Step 3/4. Create the operator bot
 
 In Teleport, a bot is a resource allowing a machine to access Teleport.
 Create a bot for the operator with the following command:
@@ -100,7 +100,7 @@ Create a bot for the operator with the following command:
 $ tctl bots add operator --token operator-bot --roles operator
 ```
 
-### Step 4/4 - Deploy the operator in the Kubernetes cluster
+### Step 4/4. Deploy the operator in the Kubernetes cluster
 
 At this point, you can configure and run the operator:
 
diff --git a/docs/pages/management/dynamic-resources/user-and-role.mdx b/docs/pages/management/dynamic-resources/user-and-role.mdx
index c4fa00ef3253d..4aa4cb1989b21 100644
--- a/docs/pages/management/dynamic-resources/user-and-role.mdx
+++ b/docs/pages/management/dynamic-resources/user-and-role.mdx
@@ -49,7 +49,7 @@ A functional Teleport Terraform provider by following [the Terraform provider gu
 </TabItem>
 </Tabs>
 
-## Step 1/4 - Write manifests
+## Step 1/4. Write manifests
 
 In this step, we'll write text files describing the resources we want in
 Teleport. Those files are called manifests and their syntax will vary based on
@@ -285,7 +285,7 @@ resource "teleport_user" "bob" {
 </TabItem>
 </Tabs>
 
-## Step 2/4 - Apply all manifests
+## Step 2/4. Apply all manifests
 
 <Tabs>
 <TabItem label="tctl">
@@ -321,7 +321,7 @@ teleportuser.resources.teleport.dev/bob created
 List the created Kubernetes resources:
 
 ```code
-$ kubectl get teleportroles -n "$OPERATOR_NAMESPACE"
+$ kubectl get teleportrolev7 -n "$OPERATOR_NAMESPACE"
 # NAME       AGE
 # engineer   10m
 # manager    10m
@@ -356,7 +356,7 @@ Apply complete! Resources: 4 added, 0 changed, 0 destroyed.
 </TabItem>
 </Tabs>
 
-## Step 3/4 - Validate users were created
+## Step 3/4. Validate users were created
 
 Now that the IaC tooling has run, we'll validate that the users were properly
 created and granted the correct roles.
@@ -411,21 +411,20 @@ version: v2
 </TabItem>
 </Tabs>
 
-## Step 4/4 - Create a password reset link
+## Step 4/4. Create a password reset link
 
 At this point, the local users have been created in Teleport. However, we never
-specified any password or additional authentications factors. You must issue a
+specified any password or additional authentication factors. You must issue a
 password reset link for the users to finish their Teleport registration and be
 able to log in Teleport.
 
 User reset links contain single-use expiring tokens. Because of this, you cannot
-follow the same descriptive approach as for other Teleport resources and
+follow the same declarative approach as for other Teleport resources and
 generate them via a manifest. You need to create those tokens once after the
 user creation, and securely send them to the end-user for them to register their
 password/MFA.
 
-<Tabs>
-<TabItem label="User reset via CLI">
+### Option 1: Reset via CLI
 You can manually reset a user password via `tctl` by doing:
 
 ```code
@@ -436,8 +435,7 @@ https://teleport.example.com:443/web/reset/05b420fdc784597cbbb1d2ba65697cd8
 NOTE: Make sure teleport.example.com:443 points at a Teleport proxy which users can access.
 ```
 
-</TabItem>
-<TabItem label="Automating user reset">
+### Option 2: Automating user reset
 
 If you have a way to securely send reset links to the users, you can build
 automation to fit your organization's specific needs. For example:
@@ -476,10 +474,8 @@ resource "teleport_user" "bob" {
 ```
 
 </Admonition>
-</TabItem>
-</Tabs>
 
-## Next Steps
+## Next steps
 
 - Allow users with the `manager` role to grant access to production servers to
   some `engineers` via Access Lists. Manager will need to justify and review
diff --git a/docs/pages/reference/introduction.mdx b/docs/pages/reference/introduction.mdx
index f49f562abd5d1..dff6b80cb31e4 100644
--- a/docs/pages/reference/introduction.mdx
+++ b/docs/pages/reference/introduction.mdx
@@ -16,6 +16,7 @@ running Teleport.
 - [Helm Reference](./helm-reference.mdx): References for Teleport's Helm charts.
 - [Networking](./networking.mdx): Ports that Teleport services listen on, plus
   other information about how Teleport services communicate.
+- [User types](./user-types.mdx): The different user representations in Teleport.
 - [Authentication](./authentication.mdx): Teleport's authentication connectors.
 - [Signals](./signals.mdx): The signals you can use to control a Teleport
   binary.
diff --git a/docs/pages/reference/user-types.mdx b/docs/pages/reference/user-types.mdx
index 6ecd41f785f79..a84520d9f2e3b 100644
--- a/docs/pages/reference/user-types.mdx
+++ b/docs/pages/reference/user-types.mdx
@@ -10,7 +10,7 @@ created, and their properties.
 
 ## Local users
 
-Local users are created directly in Teleport. They are not coming from an
+Local users are created in Teleport. They are not coming from an
 external system like an identity provider.
 
 Local users can be created via the CLI (`tctl users add`), by applying a user
@@ -44,11 +44,18 @@ Single Sign-On (SSO) users are imported in Teleport from an external identity pr
 Teleport contains a user resource representing those users, but it's only a
 representation of a user of a remote system.
 
-Remote users don't log in directly in Teleport, they are redirected to their
-identity provider to perform the login challenge.
+Remote users don't perform their login challenge in Teleport. They are redirected
+to their identity provider (IdP) to enter their password, MFA, or any
+authentication method required by the upstream SSO provider. Teleport is not
+aware of the authentication method not the user credentials, it trusts the IdP
+response.
 
-Those users cannot be edited via `tctl`, or via any other IaC tooling like
-Terraform or the Teleport Kubernetes Operator. They are managed by 
+If `teleport.auth_service.authentication.second_factor` is `webauthn`, Teleport
+might ask for an additional MFA for administrative actions. This protects
+against IdP compromise.
+
+SSO users cannot be edited via `tctl`, or via any other IaC tooling like
+Terraform or the Teleport Kubernetes Operator. They are managed by Teleport.
 
 ### Temporary users
 
@@ -57,12 +64,12 @@ after a successful login. At that time, their roles and traits are computed
 according to the connector mappings.
 
 Those users are short-lived: they are created when a Teleport session is opened
-and automatically expire after a few days. Those users cannot be edited via
-`tctl`, only deleted.
+and automatically expire. The expiry is dynamically computed based on the IdP
+answer validity, the max session duration allowed by the user roles, and cannot
+exceed 30 hours. Those users cannot be edited via `tctl`, only deleted.
 
-<Admonition type="note" title="See also">
-The [SSO setup guides](../access-controls/sso.mdx).
-</Admonition>
+See the [SSO setup guides](../access-controls/sso.mdx) to learn how to setup an
+authentication connector and allow user to log in via an IdP.
 
 ### Synced users
 

From ee67fc793e3983d98cc80e5b2c585b93303f4a07 Mon Sep 17 00:00:00 2001
From: Hugo Shaka <hugo.hervieux@goteleport.com>
Date: Tue, 13 Feb 2024 14:45:06 -0500
Subject: [PATCH 8/8] update teleportrole version

---
 docs/pages/management/dynamic-resources/access-list.mdx   | 2 +-
 docs/pages/management/dynamic-resources/user-and-role.mdx | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/pages/management/dynamic-resources/access-list.mdx b/docs/pages/management/dynamic-resources/access-list.mdx
index f96cb6355874a..da651b1c4cd95 100644
--- a/docs/pages/management/dynamic-resources/access-list.mdx
+++ b/docs/pages/management/dynamic-resources/access-list.mdx
@@ -231,7 +231,7 @@ Create the Kubernetes CRs with the following commands:
 
 ```code
 $ kubectl apply -n "$OPERATOR_NAMESPACE" -f privileged-role.yaml
-teleportrole.resources.teleport.dev/support-engineer created
+teleportrolev7.resources.teleport.dev/support-engineer created
 
 $ kubectl apply -n "$OPERATOR_NAMESPACE" -f accesslist.yaml
 teleportaccesslist.resources.teleport.dev/support-engineers
diff --git a/docs/pages/management/dynamic-resources/user-and-role.mdx b/docs/pages/management/dynamic-resources/user-and-role.mdx
index 4aa4cb1989b21..a45308852bf8b 100644
--- a/docs/pages/management/dynamic-resources/user-and-role.mdx
+++ b/docs/pages/management/dynamic-resources/user-and-role.mdx
@@ -310,8 +310,8 @@ with a non-existing role is invalid and might be rejected by Teleport.
 
 ```code
 $ kubectl apply -n "$OPERATOR_NAMESPACE" -f roles.yaml
-teleportrole.resources.teleport.dev/manager created
-teleportrole.resources.teleport.dev/engineer created
+teleportrolev7.resources.teleport.dev/manager created
+teleportrolev7.resources.teleport.dev/engineer created
 
 $ kubectl apply -n "$OPERATOR_NAMESPACE" -f users.yaml 
 teleportuser.resources.teleport.dev/alice created