From 980d43eec23e71430e44b36128d0668fc4a45025 Mon Sep 17 00:00:00 2001
From: David <djoshy@redhat.com>
Date: Wed, 26 Feb 2025 15:53:19 -0500
Subject: [PATCH 1/9] initial draft for default-on boot image updates

---
 .../machine-config/manage-boot-images.md      | 147 +++++++++++++++---
 .../manage_boot_images_flow.jpg               | Bin 59490 -> 0 bytes
 .../manage_boot_images_reconcile_loop.jpg     | Bin 99433 -> 0 bytes
 3 files changed, 126 insertions(+), 21 deletions(-)
 delete mode 100644 enhancements/machine-config/manage_boot_images_flow.jpg
 delete mode 100644 enhancements/machine-config/manage_boot_images_reconcile_loop.jpg

diff --git a/enhancements/machine-config/manage-boot-images.md b/enhancements/machine-config/manage-boot-images.md
index 5694455de5..8b9847a55b 100644
--- a/enhancements/machine-config/manage-boot-images.md
+++ b/enhancements/machine-config/manage-boot-images.md
@@ -13,7 +13,7 @@ approvers:
 api-approvers: 
   - "@joelspeed"
 creation-date: 2023-10-16
-last-updated: 2024-03-08
+last-updated: 2025-02-26
 tracking-link:
   - https://issues.redhat.com/browse/MCO-589
 see-also:
@@ -27,7 +27,7 @@ superseded-by:
 
 ## Summary
 
-This is a proposal to manage bootimages via the `Machine Config Operator`(MCO), leveraging some of the [pre-work](https://github.com/openshift/installer/pull/4760) done as a result of the discussion in [#201](https://github.com/openshift/enhancements/pull/201). This feature will only target standalone OCP installs. It will also be user opt-in and is planned to be released behind a feature gate.
+This is a proposal to manage bootimages via the `Machine Config Operator`(MCO), leveraging some of the [pre-work](https://github.com/openshift/installer/pull/4760) done as a result of the discussion in [#201](https://github.com/openshift/enhancements/pull/201). This feature will only target standalone OCP installs. This is now released as an opt-in feature and will be rolled out on a per-platform basis (see projected roadmap). This will eventually be on by default, and the MCO will enforce an accepted skew and require non-platform managed bootimage updates to be acknowledged by the cluster admin.
 
 For `MachineSet` managed clusters, the end goal is to create an automated mechanism that can:
 - update the boot images references in `MachineSets` to the latest in the payload image
@@ -47,7 +47,11 @@ Additionally, the stub Ignition config [referenced](https://github.com/openshift
 
 There has been [a previous effort](https://github.com/openshift/machine-config-operator/pull/1792) to manage the stub Ignition config. It was [reverted](https://github.com/openshift/machine-config-operator/pull/2126) and then [brought back](https://github.com/openshift/machine-config-operator/pull/2827#issuecomment-996156872) just for bare metal clusters. For other platforms, the `*-managed` stubs still get generated by the MCO, but are not injected into the `MachineSet`. The proposal plans to utilize these unused `*-managed` stubs, but it is important to note that this stub is generated(and synced) by the MCO and will ignore/override any user customizations to the original stub Ignition config. This limitation will be mentioned in the documentation, and a later release will provide support for user customization of the stub, either via API or a workaround thorugh additional documentation. This should not be an issue for the majority of users as they very rarely customize the original stub Ignition config.
 
-In certain long lived clusters, the MCS TLS cert contained within the above Ignition configuration may be out of date. Example issue [here](https://issues.redhat.com/browse/OCPBUGS-1817). While this has been partly solved [MCO-642](https://issues.redhat.com/browse/MCO-642) (which allows the user to manually rotate the cert) it would be very beneficial for the MCO to actively manage this TLS cert and take this concern away from the user.
+In certain long lived clusters, the MCS TLS cert contained within the above Ignition configuration may be out of date. Example issue [here](https://issues.redhat.com/browse/OCPBUGS-1817). While this has been partly solved [MCO-642](https://issues.redhat.com/browse/MCO-642) (which allows the user to manually rotate the cert) it would be very beneficial for the MCO to actively manage this TLS cert and take this concern away from the user. 
+
+**Note**: As of 4.19, the MCO supports [management of this TLS cert](https://issues.redhat.com/browse/MCO-1208). With this work in place, the MCO can now attempt to upgrade the stub Ignition config, instead of hardcoding to the `*-managed` stub as mentioned previously. This will help preserve any user customizations that were present in the stub Ignition config.
+
+This is also a soft pre-requisite for both dual-stream RHEL support in OpenShift, and on-cluster layered builds. RPM-OSTree presently does a deploy-from-self to get a new-enough rpm-ostree to deploy image-based RHEL CoreOS systems, and we would like to avoid doing this for bootc if possible. We would also like to prevent RHEL8->RHEL10 direct updates once that is available for OpenShift.
 
 ### User Stories
 
@@ -59,7 +63,7 @@ In certain long lived clusters, the MCS TLS cert contained within the above Igni
 
 The MCO will take over management of the boot image references and the stub Ignition configuration. The installer is still responsible for creating the `MachineSet` at cluster bring-up, but once cluster installation is complete the MCO will ensure that boot images are in sync with the latest payload. From the user standpoint, this should cause less compatibility issues as nodes will no longer need to pivot to a different version of RHCOS during node scaleup.
 
-This should not interfere with existing workflows such as Hive and ArgoCD. As this is an opt-in mechanism, the cluster admin will be protected against such scenarios of accidental "reconciliation" and for additional safety, the MSBIC will also ensure that machinesets that have a valid OwnerReference will be excluded from boot image updates.
+This should not interfere with existing workflows such as Hive and ArgoCD. As this is an opt-in mechanism, the cluster admin will be protected against such scenarios of accidental "reconciliation" and for additional safety, the MSBIC will also ensure that machinesets that have a valid OwnerReference will be excluded from boot image updates. We will work with affected teams to transition them to the new workflow before we turn this feature on by default.
 
 ### Non-Goals
 
@@ -77,7 +81,7 @@ __Overview__
   - `ManagedBootImages` feature gate is active
   - The cluster and/or the machineset is opted-in to boot image updates. This is done at the operator level, via the `MachineConfiguration` API object.
   - The `machineset` does not have a valid owner reference. Having a valid owner reference typically indicates that the `MachineSet` is managed by another workflow, and that updates to it are likely going to cause thrashing. 
-  - The golden configmap is verified to be in sync with the current version of the MCO. The MCO will update("stamp") the golden configmap with version of the new MCO image after atleast 1 master node has succesfully completed an update to the new OCP image. This helps prevent `machinesets` being updated too soon at the end of a cluster upgrade, before the MCO itself has updated and has had a chance to roll out the new OCP image to the cluster. 
+  - The golden configmap is verified to be in sync with the current version of the MCO. The MCO will update("stamp") the golden configmap with version of the new MCO image after at least 1 master node has succesfully completed an update to the new OCP image. This helps prevent `machinesets` being updated too soon at the end of a cluster upgrade, before the MCO itself has updated and has had a chance to roll out the new OCP image to the cluster.
 
   If any of the above checks fail, the MSBIC will exit out of the sync.
 - Based on platform and architecture type, the MSBIC will check if the boot images referenced in the `providerSpec` field of the `MachineSet` is the same as the one in the ConfigMap. Each platform(gcp, aws...and so on) does this differently, so this part of the implementation will have to be special cased. The ConfigMap is considered to be the golden set of bootimage values, i.e. they will never go out of date. If it is not a match, the `providerSpec` field is cloned and updated with the new boot image reference.
@@ -115,23 +119,37 @@ Any form factor using the MCO and `MachineSets` will be impacted by this proposa
 
 ##### Supported platforms
 
-The initial release(phase 0) will support GCP. In future releases, we will add in support for remaining platforms as we gain confidence in the functionality and understand the specific needs of those platforms. For platforms that cannot be supported, we aim to atleast provide documentation to perform the boot image updates manually. Here is an exhaustive list of all the platforms:
+The initial release(phase 0) will support GCP. In future releases, we will add in support for remaining platforms as we gain confidence in the functionality and understand the specific needs of those platforms. For platforms that cannot be supported, we aim to at least provide documentation to perform the boot image updates manually. Here is an exhaustive list of all the platforms:
 
-- gcp
 - aws
 - azure
-- alibabacloud
+- baremetal
+- gcp
+- ibmcloud
 - nutanix
-- powervs
 - openstack
+- powervs
 - vsphere
-- baremetal
-- libvirt
-- ovirt
-- ibmcloud
 
 This work will be tracked in [MCO-793](https://issues.redhat.com/browse/MCO-793).
 
+##### Projected timeline
+
+This is a tentative timeline, subject to change (GA = General Availability, TP = Tech Preview, EF = Default-on, Skew Enforced).
+
+| Platform | TP      | GA      | EF      |
+| -------- | ------- | ------- | ------- |
+| gcp      | 4.16    |4.17     |4.19     |
+| aws      | 4.17    |4.18     |4.20     |
+| vsphere  | 4.20    |4.21     |4.22     |
+| baremetal|         |4.22     |4.23     |
+| openstack|         |4.22     |4.23     |
+| nutanix  |         |4.22     |4.23     |
+| ibmcloud |         |4.24     |4.25     |
+| non-managed*  |         |4.21     |4.22    |
+
+*non-managed in this case indicates enforcement of user-initiated bootimage updates. See enforcement section below.
+
 ##### Cluster API backed machinesets
 
 As the Cluster API move is impending(initial release in 4.16 and default-on release in 4.17), it is necessary that this enhancement plans for the changes required in an CAPI backed cluster. Here are a couple of sample YAMLs used in CAPI backed `Machinesets`, from the [official Openshift documentation](https://docs.openshift.com/container-platform/4.14/machine_management/capi-machine-management.html#capi-sample-yaml-files-gcp).
@@ -208,7 +226,9 @@ Much of the existing design regarding architecture & platform detection, opt-in,
 This proposal introduces a new field in the MCO operator API, `ManagedBootImages` which encloses an array of `MachineManager` objects. A `MachineManager` object contains the resource type of the machine management object that is being opted-in, the API group of that object and a union discriminant object of the type `MachineManagerSelector`. This object `MachineManagerSelector` contains:
 
 - The union discriminator, `Mode`, can be set to two values : All and Partial.
-- Partial: This is a set of label selectors that will be used by users to opt-in a custom selection of machine resources. When the Mode is set to Partial mode, all machinesets matched by this object would be considered enrolled for updates. In the first iteration of this API, this object will only allow for label matching with MachineResources. In the future, additional ways of filtering may be added with another label selector, e.g. namespace. For all other values of Mode, this selector object i
+  - **All**: All machine resources described by this resource/apiGroup type will be opted-in for boot image updates. In most cases, this effectively enables boot image updates for the whole cluster, unless there are multiple kinds of machine resources present in the cluster.
+  - **Partial**: This is a set of label selectors that will be used by users to opt-in a custom selection of machine resources. When the Mode is set to Partial mode, all machinesets matched by this object would be considered enrolled for updates. In the first iteration of this API, this object will only allow for label matching with MachineResources. In the future, additional ways of filtering may be added with another label selector, e.g. namespace.
+
 
 ```
 type ManagedBootImages struct {
@@ -473,23 +493,108 @@ The goal of this is to provide information about the "lineage" of a machine mana
 
 ### Implementation Details/Notes/Constraints [optional]
 
-![Sub Controller Flow](manage_boot_images_flow.jpg)
-
-![MachineSet Reconciliation Flow](manage_boot_images_reconcile_loop.jpg)
+MachineSet Reconciliation Loop:
+
+```mermaid
+flowchart-elk TD;
+    Start((Start)) -->MachineSetOwnerCheck[Does the MachineSet have an OwnerReference?]
+    MachineSetOwnerCheck -->|Yes|Error
+    MachineSetOwnerCheck -->|No| ConfigMapCheck[Has the coreos-bootimages ConfigMap been stamped by the MCO?] ;
+    
+    ConfigMapCheck -->|Yes|ArchType[Determine arch type of MachineSet, for eg: x86_64, aarch64] ;
+    ConfigMapCheck -->|No| Wait[A cluster upgrade is ongoing. Wait until atleast 1 control plane node has completed an update.];
+    Wait --> |Upgrade Complete| ArchType
+    Wait --> |Timeout| Error
+    ArchType -->PlatformType[Determine platform type of MachineSet, for eg: gcp, aws, vsphere] ;
+    PlatformType -->ProviderSpec[Grab providerSpec from MachineSet, for eg: GCPProviderSpec, AWSProviderSpec etc] ;
+
+    subgraph PlatformSpecific[Platform Specific]
+    ProviderSpec -->IgnitionCheck[Is stub Ignition referenced in ProviderSpec in spec 3 format?] ;
+    IgnitionCheck -->|Yes|CompareBootImage[Compare bootimage in ProviderSpec against the coreos-bootimage ConfigMap] ;
+    end
+
+    IgnitionCheck -->|No| Error[Throw an error to the cluster admin];
+    Error -->Stop[Stop];
+    CompareBootImage -->|Mismatch| Patch[Patch MachineSet];
+    CompareBootImage -->|Match| Stop[Stop];
+    
+    Patch --> Stop((Stop));
+```
 
-The implementation has a GCP specific MVP here:
+The implementation has a GCP specific MVP that can be found here:
 - https://github.com/openshift/machine-config-operator/pull/4083
 
 ### Risks and Mitigations
 
-The biggest risk in this enhancement would be delivering a bad boot image. To mitigate this, we have outlined a revert option.
+The biggest risk in this enhancement would be delivering a bad boot image. However, the chances of this are quite minimal, as it would imply the [boot images](https://github.com/openshift/installer/blob/main/data/data/coreos/rhcos.json) used in the current version of OCP are invalid, which would have been through several iterations of CI.
 
-How will security be reviewed and by whom? TBD
+How will security be reviewed and by whom?
 This is a solution aimed at reducing usage of outdated artifacts and should not introduce any security concerns that do not currently exist. 
 
-How will UX be reviewed and by whom? TBD 
+How will UX be reviewed and by whom? 
 The UX element involved include the user opt-in and opt-out, which is currently up for debate. 
 
+#### Enabling Boot Image Updates by default
+
+This will be done on a platform by platform basis. Some key benchmarks have to be met for a platform to be considered ready
+for default on:
+- Sufficent runtime(say, atleast 1 release) has been accumulated while boot image updates has been GAed for this platform.
+- Periodic tests have been added for this platform in CI and have met certain passing metrics.
+- Any teams that are affected by default-on
+behavior have been notified and assisted with the transition.
+
+The default-on flow could look like this:
+```mermaid
+flowchart-elk LR;
+    Start((Start)) -->MachineConfigurationCheck[Does the cluster currently have a boot image update configuration?]
+    MachineConfigurationCheck -->|Yes|Stop
+    MachineConfigurationCheck -->|No| UpdateConfig[The MCO will opt-in the cluster to boot image updates] ;
+    UpdateConfig --> Stop((Stop));
+```
+Some points to note:
+- For bookkeeping purposes, the MCO will annotate the `MachineConfiguration` object when opting in the cluster.
+- If the cluster admin wishes to opt-out of the feature, they have to explicitly do so by removing the boot image configuration. Due to the presence of the "opted in" annotation, the MCO will not attempt to automatically opt-in the cluster for updates again.
+- This mechanism will be active on installs and upgrades. 
+
+
+### Enforcement of bootimage skew
+
+There should be some mechanism that will alert the user and fail if a cluster's bootimage are out of date. For example, at upgrade time, the MCO could signal to the CVO by setting Upgradeable=False.
+
+#### Acceptable skew
+
+The release payload will describe the current skew policy. The structure of this skew policy is TBD, but at the minimum it should describe the lowest acceptable boot image for the release. Generally speaking, we would like to keep the bootimage version aligned to the RHEL version we are shipping in the payload. For example, a 9.6 bootimage will be allowed until 9.8 is shipped via RHCOS. We would like to keep this customizable, such that any major breaking changes outside of RHEL major/minor can still be enforced as a one-off.
+
+#### Enforcement options
+
+Some combination of the following mechanisms should be implemented to alert users, particularly non-machineset backed scaled environments. The options generally fall under proactive enforcement (require users to either update or acknowledge risk before upgrading to a new version) vs. reactive enforcement (only fail when a non-compliant bootimage is being used to scale into the cluster).
+
+#### Proactive
+Introduce a new configmap in the MCO namespace that will store the last updated boot image and allows for easy comparison against the
+skew policy described in the release payload.
+  - For machineset backed clusters, this would be updated by the MSBIC after it succesfully updates boot images. 
+  - For non-machineset backed clusters, this would be updated by the cluster admin to indicate the last manually updated bootimage. The cluster admin would need to update this configmap every few releases, when the RHEL minor on which the RHCOS container is built on changes (e.g. 9.6->9.8). 
+
+The cluster admin may also choose to opt-out of skew management via this configmap, which indicates that they will not require scaling nodes, and thereby opting out of skew enforcement and scaling functionality.
+
+A potential problem here is that the way boot images are stored in the machineset is lossy. In certain platforms, there is no way to recover the boot image metadata from the MachineSet. This is most likely to happen the first time the MCO attempts to do skew enforcement on a cluster that has never had boot image updates. In such cases, the MCO will default to the install time boot image, which can be recovered from the aleph version of the control plane nodes. 
+
+This configmap can then be monitored to enforce skew limits. This could be done in a couple of ways:
+- **via the MCO**: If the skew is determined to be too large, the MCO can update its `ClusterOperator` object with an `Upgradeable=False` condition, along with remediation steps in the `Condition` message. This will signal to the CVO that the cluster is not suitable for an upgrade. The drawback of this approach is that the MCO is not able to signal *prior* to the start of a cluster upgrade, so if an incoming upgrade has a "stricter" skew policy, this could break scaling until the admin takes the remediation steps during the upgrade or after the upgrade is complete. This may present as strange UX to the user.
+
+- **via the CVO**: If the CVO is able to do the configmap monitoring, the enforcement can be a bit more proactive. The CVO could then potentially block an incoming upgrade based on the skew policy described in the new release payload, until the remediation steps have been done.
+
+As stated earlier, to remediate, the cluster admin would then have to do one of the following:
+- Turn on boot image updates if it is a machineset backed cluster.
+- Manually update the boot image and update the configmap if it is a non machineset backed cluster.
+- Opt-out of skew enforcement altogether, giving up scaling ability.
+
+#### Reactive
+1. Have the MCS reject new ignition requests if the aformentioned configmap indicates that the cluster's bootimages are out of date. The MCS could then signal to the cluster admin that scale-up is not available until the configmap has been reconciled.
+2. Add a service to be shipped via RHCOS/MCO templates, which will do a check on incoming OS container image vs currently booted RHCOS version. This runs on firstboot right after the MCD pulls the new image, and will prevent the node to rebase to the updated image if the drift is too far.
+
+RHEL major versions will no longer be cross-compatible. i.e. if you wish to have a RHEL10 machineconfigpool, you must use a RHEL10 bootimage.
+
 ### Drawbacks
 
 TBD, based on the open questions below.
diff --git a/enhancements/machine-config/manage_boot_images_flow.jpg b/enhancements/machine-config/manage_boot_images_flow.jpg
deleted file mode 100644
index 6619a791d6d7ce69a1a6d61ef8060fe311864591..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 59490
zcmeFZ2Ut_vwkRCCBB+QFY3im*Xws$0RtYFo2q8cyTRMS&CiJ@1EkY0!kY3avB?$=<
zN(iASNN-X?3jyg6dT#;`&$<7(`@Zix=YO}n`~UC0JJz?>9CM60$Cz`jvDTVp%yrOr
z@EveLSNnlB;K&gG;K<<tI2b+B_u$?=+lMAb+7I->e`PcP4&nGs008OXg)-5(d)?f^
z^7^Uof6eie_sAao_-FWc;85;H&rj(9K$q0tN%N1$XB-^S_J;|U4o_j!q4LARUOL1t
zIsX;E@e{ZEE3W<%_w{=0b(rSiPaI`xa_<m#IK*!_{|UGI6K?+)^)vme!!+thckiFN
ze!|ZZvpae~A&24V!;>F?2ABYJ0C#`Z|1f?Co>&0j);a)i?9D&Z?2-Wh$_oJC%D_L<
zgx>=I=l=izO4|RK_Rnqd_z~*SU&I|hydHIO0svNW000gP0D$Wo0Kf+S3-9pqcglAC
zki~ykF3-cm8Q>0Z1Y8F^0C)iG0n&$<9N;EE7NB&%0Neu{JNgrTUXLBZ@sr1Y!s(MI
zPn<k+nvLzu=`&~8*w3@GojrH<%oz?&j&tWPT;ROG#(t6O;svfl{K8KmM}Fo!cKq~V
z#tUc9oIRxeE8*ZXfb;axbEgo;jtBydavnLxdF0?L;Ob#>A3O3__^0}wJaziSnd8Tf
z9$`D=BQ5|AH6ND!#M$#F*-oB5b_Q_d=&|D`PM+dCeeoAA*-KXh<?aA48$)4_o_N3Q
z=sLsAqojPx>}gzl0=clWTj;K7OjfbHiMbuhC+tH(k+9dZSnL-OQ3aKI_8*tT6wz8>
z3kT=t+0`S5y7&*Dha)F`J`{h0<A=%)b)7!sYI7cPj~zL2?Bv;#Cr%s|`p{C29^*WI
z;^Hr|#wWS%0OcM%iTQBpvY@;P<Y{cdmk#bLrgo!Cr|zQ2Bd3KF6qW9wpDiB@0N4+6
z9_2j73D5+r>;FyB{{={NRl9HX$MC-d@9+N(U_St)Jz4#-pU#~8G`=(CsLOKBL+f}v
z%N~!Z;C6IN*Si!222bY_%4GaEmn$x#mCx*?UQQE%=aa}9Lb?XKjydx@Blp{EXj_^{
zW^W(s;Q;_rviv38=MTFQe%G7ktFMpQ%kjcLdbQGwY!3jnzAKFbdKYOe<IHfn)->&d
zTq{PjWhh@hqE2Wz1EIfMqvv|<Qjn%wvHn|LW4w>sx|eYt>4V!lBUpb<VCR{XMkub!
zSIEbpD`cfh-YMs?Se8Xe-lMYiKe`{}Slkw~jF0Ue^LqR_QNb;R=-$eRfn}zUCZK3x
zv~?M3erx&8*EWA_%EbEtXUu@RqFIG;RU@L@;PEr(?mJwF8)G^UYHR_~S4uzKrZ;<f
zC>?mYzYsitP33A6`(w+#Yt)&4z~L3b=Y4-srjeYKUIUJRkV<MT3rx2%)wiDtGFG%2
zkIF||lKNEzsa(VNrg|hRCvpaKQm1;%#j{K8%_o|c9|%CKrfn59Bx4K6LRP&Jz!oi2
z9l`m^ru0dh+@7?Ya8KORMAp9R9R#*~_=)5T&~L@H!d@+NVz{SiQ86nT$_@rl<}4kC
zjKjj6zV>3KT3d9Al3iPQ=s~_#MRhg!t#n{rY)8zmI~a2h*?Ivz-hKhzOa|Xjw{>4d
zn@uX$y|%08)}Lcuy$pLLe{SUYgJoSth&WgT*e=*Y5DiPfQ=MXAU7a;&Q-yYw8oqkr
z%gdXHM#|omr6!}RlJttZ%|&P7Yx}8ebbe_C90B_=-Qi<iHZz=D+d?v%ANWc`SMc{+
zPEsLW`jj<q2A-O8C1N5&mS_5-q2(JMu7`eQJ?hPHnVn<RSCjh4sg+lHvJKuiKt02H
zJ=0+xU-<Y^HmUp=dOu@TPD>jv+ostH8a)8O+yfTfM<|g7a^%tE+j{!Nw<e~p;e$$O
z7_8d1)JODSy^K%?(6&lW2#RZ=!*8GQ^$mO}Ii~)kmu-@FiO0z5R%QFNclGTnevVxT
z_TGo@Gxc6f;%Ci1!6m;*SdPzAq5SI;vC7hI9?XwOLtnM{0`|<vp&NeAmG<jFwysLt
zvwYV{j>Y{-oG_COxDyJLgXFlEwz(~ZE-|zo=#_vr4M8E9G*fNa<T1{qmc6h?C0`Ot
z8Kd>Tj0E)N@QA7z{FYbfuzkskI|Z}jk5`ij1!=5&>1%42;%UjnzXs2Y<2c(CcVBPV
z#Sc_GTUvbn@R8};SZkpoTN0Pvo918Z2)nTQOL@`amldYwf^sOW{cQ#bZ(XHf`mkz2
zf2YTeg>8n433k-<icNP-(PCQ{`wU%JH^a>yA5o}XPS(zkf^yE=V3?cWMfr-z2&7JL
z2B%Q3$5r>OR@#m6WH;irLR_<+cG2LBX;0ZXn8vQ6057Q_cXCzGTMJwHaUI4P=jxc5
zz|UqN7CYq~tiMuLfCA=O_vYAqu^3p{%>F^!(c3>Gizs8I8OXm13@w$fola6;?^@8f
zl|$djqZlc~X)jAAY7~qYuZ7P~ek_6Kt+9IK0*VuId|M@>11)>*x9%$E%f#C7|GNAn
zWMuVZ*Q`kM5hsJZfTtXaBA2C*?_!UaN(dqE=A~AcTy7PV#nIyT1{p#b15hl@z*vX9
zJuG-X^JbTpn5DNT|2N{zDny$#7)2<u|5mSPs?;|Yn>8Pl7oox@)JL~*<qV*zdM@$!
zD)zSH1u}1CY2#TTFI<tcT*W#gzJVbsUIfRsuz1yqg`n3#9^-~2GsWp}3}GCL_bx4^
zyBopxbI#f0leAVII5)U=$6xqJ)NVc-TY2)qrEpB{Ylo;n0W#i$-VaqWDROm^$PDDt
zZ_&0xIl4`jTe$X|sqv;@_$m^GQh{a0@YxTU+1XEfPu81HDhZ<n<n46?8-|b{O$`zq
zP3T`&bouLng^oQ9Ihg2e&m1a*?33x}4$<!CeXWhhs&F=z3F19xAnh4KRhzd*udyb@
zcXiQv%;H`4k(}q{nx?Bxtr{AlGEUi<*r&##BtmTL?Y5JkHL!Ks1a#H1SIv>(ST>oW
zEQGq%3c1?y=zhYBlM3(Y?Re`q_AxA}%$H0lY>{boe9=~Ga3_IY{~6cPL)g`>?gv)2
zqAha?<YMj*$R%d2!1D-e!BWIIO{a{;K=K3QJN^Z|Y8iULLHd*9D6FDQEfXkE2o1ny
zTG6#?Y*Na^hel+_BHA<%Qxc!AdQT5u<$tuy{X0Z7+$D@Vq{YQC!z!%g!>WnJ{E`H{
z=u<J7E;ODS!y`n$Xe*LSpXg`gU}YsExh|V(1r)2qsKo?}$jr=kwaxpr=S4JC^^mT6
zMZS#WIA@e+;Yr+eY%2UL?!3f?uj~xb(Tq#TP~p$e<EP;Ty%q;^LK+v3h0GrS4ggU$
znlC__gzG&t?X?+_mZ{Z%u&K?2(TTKyP)h;PO_{G%a*&Xb3@LMLtFp9K3q1qE**q67
zuk!VJieep%WAKh6WJDF5yPt1^%XOgY8L%{hWu)Y<)~WnhzaSe~m=&c29&TFb=k}z%
zToAo!C@j=0{AFI5b*U!*JQ)^1I4<iGM+s(fJ4&V&<^)n<Lt;JZ=TFv22t2M^Y6fQG
zmh%iV!kFwAC4k0I{G=kcqbZm{!(Pc`K`UZ9W{YA~czakUbg4}=K|!H1oIAYOx@;CJ
z7ABiKdplQNr6%AQS6}JpQAh-Tj^Oj>QQ|fD$1P6Oo_@KOPV$Ghn`Z`6@pmqrbL#*C
z`7=-}RLlYxr4Tng%sudi>H9kD>W#IY{+G_&AjSLwD|fm_O0RDO?<Pp64L=F`h(h71
zzGf=;D3qY;K#{L&M4LRnlYE^}H|bH{om4-E(R=E2sYg9gyxp?~VZ%OM@UH76WxdD0
zZ6Ql^nqpcunk7?d@i8jUa@-F>0B|U8xi|GUb;kh(IeJu|Sl5<xiDaM<t)0CsFN<m|
zlyIN75iX}yx1vZW%=Fz-@wJ)9@#+=Bl*ZDuL)sVg>y>&=`i;GeV9yDQ5}`Qsoyeg3
zG%arKsBvJ!CN9O+NXBLkO_+g&J#9r5wfY;vr<8+t6ZVR;TBY8)26)Sp1pWxQT-1tw
zWI=_bn@2-UJ(YF^@g#-^-Y(S}qGgo<d559~|9b4oe}#@BXYcmHmTAmigEJQZ=gzsk
z`)$Y5!7A<{`mB;7!ad@A7?Y5h^}@jvsx35b3PxpG<#w}Z(hbG~?>=8UJ<zY7EHb9=
z;<CVfX})LXx7^^fS+MLqY>CKy2bgD-eA0x?-cCX^bvm2#t7tN_sPLh<V{EUNn^pgN
zlv032UwKD6S3Hn+gQ{^O7e|8v@wrqt;7AQC!X-VM{n~xMgwHGbCIere^<TDiPmaIz
zNlaTiI$Au9h;R>&6fEZC<c%`?qxH66I!oGvzVX$*mrXaTH(i4+gNrwcLM&irJ@npu
z2P&5$x%rhvaJu2~*Z5<x+C=RFPB?o+OP%bzDPmy_s`aUKEe}J%M00qs>&Su9idST>
zrh<eBQiyQe+`8c(&#s;-Znlz#pR=eVQ5ods+lnUfZ_T4s?tI_q7cofmx5<mLqB9(s
zm~{lfcphvDS9`U8$wOU#Y>QaW-eQ57x&rL*=v!|yk6)Gpn@J??+lp6O-K@A8KA)hl
z0t<;9Gxm_~P^5Edf<$wp3&NMiq6tsFXpAOgvl;RfBLb4){Kzkh;Uv^tDv`Y*VhN8I
z3}iWQoId~z_Ie)xOjq(3*+#3YmWJyxN=IP&XTvL8zgRp<2y;MEE@tMw@K|@{-I6ow
zZsfD(=SUWcnTv>Qi<)5Afpe@tETvyQ1AW<gCF)e9Eg+5+aG|_s+1?c4_;~2Wx`~)?
zAIo$5Q=<2cf;)V`i?SU`a|0OB+~nbikuFR*^BRuS>~`x$myyZtZ5>E&9)4JVDA#l&
zb@vD3Z6{WS{t7Xm)^%!VrtxPP{i}9D4gjl$3vZS(>vT9Qon61K$-_RKd8aNwWHrV?
zpr#BQi47lX`p~qVSN~O@F{VHxygNXpaSC+#8e6%rqou*SiJeU%bzaFCZ&7$LgIp4Q
z0uzgg2S)Z)M{5&e0&m2Hm|>Mf6?s!ZWyLTLrmsh>v08ul>#OqH{C;;ccM?2@L8D4)
z*c`%4I)2c2cto`kN>R>fe^7OGa;U=U6XNUyi9Kw@E~gx-VqZ)yF}Hw7P_)cGzqWCf
zW(`HH;dwlbOVxY$^{hOD?k>H=U)DF-Oq4$WSV;14NK6zDiVS<FrYKdkqSGhvD6~-8
zx(-&uGNcSzeK~*FyRG-D@8yAaPR(*wcIn+)%!DtxTSOnajpu}Kp!pP4WiS`hx=pnr
z*_dH1au@P@l{c5U_{-6+?DqpWlfLKsf%<Rlj;71N14za5mNuc9pMQW17gzm*_znPP
zG<OJYNJDlx2h#X_!VE(9w#PoBy1z=Ms(+&@5{)CN|1#Cf;rTLRfv5QD^RwM5E}cxj
z?6S_XKu6YbH_HfRkVHy(K^?uHG+Y?f*f6;&X>@($Y(%v1iezxP9jk;-i7OhWG(HGB
z^D)<fn`ZzM!DxNhQ-NzDA?91hsnbJXUpa@!1bl@y77-p^XCIBe$~g<+dL_P~JcGcO
zB1d>5e~ECwrIdUDqD2ho?Utu6YN2Gvw1oi8<l_9A#XOW?anHa<Q(IjhL-|GCw40MZ
zz#TJLqDN5mL}K-dpQmCJwN*jNTaA+|_7X;1+1D_<9JiPvw|7Uev-U{|gc_AVigme?
z57o}hs6~M0%jU~=j|cX;lIW!oV_aszJn<d;<}xg2e17)<poJ4wM!U`!e-h`36WdH@
z+`diS@Ax?UEaZw@+tpIvQkS;u!8r;qExxG|YvEpevGM%#ZZLmP?u=d3AVYDum4Wv*
z0al+nTW-2k75ozL4zdJqdvgax%=cDvb=Lb@ktgl$!W^3$-8U8tj4KL7$8h5W_ZYr*
zYhdHL+@!TJkPiDV2LO|jumrW<3l!12-MR17ye>YVz+_+Nn&o_s6gmJ9jmB&?jPUgL
z(UtQolTmb*jArtPRicMAW#8AeFZ8>#%~?OE_FL#&`WbX!aTrzJ3aiJg>c&mR+dXaC
zOO<iE6qLUbm+2o@h3gw_f5B!WG+j_0DbUQiIsfYyg2ux-@)f~(wKFOy6VYZKm`RCD
z`xs+i1jP#sMqBIVGq#{m{U0frJTpmOqR;A?n+-69TABXiOULV_^`Ha(6|bK)wpUd&
zQzw1iiqziDG<#3<)U>1UzQ~+hm<xWGHS8H!G_QGe64SDFjP-ohM&@=rtFmk+D((Wc
zK-^=!ua<<{RC}Rp=r`DJ-q7C`Q5X}A0D-UzbTeW){s#zRw&dnD0@t>^<8C)FGr!SK
z>e48X=!f#JG^>q8wN1se#w?f>5{3sOn0ktgt}X*EQ~g$Bbrr2U>K6Ioi+k;*FL$Vz
zkj}K|J>$!Ry?^ZU?D9Q#LGE)pKVW@~62_dVFmQGh>RS{UB+e%~PUm96qUaf1-rQ>6
zRcou)vFp+I;w|Tuba@CMgfp_D)3{Phml*iS3q!xpY%X^plzD`ktG=k-P|iz}8}JM6
zPVOMX=XzL9RxaGhE(@1FDMsbKOy^2g))8&fnzSE`Y_8HzST~z*Rn%W0;dVuZFiG)<
zl(XyifXap%NZrT-z}jf<?#too-ZRvE4i9=usv=!gzlmm?!N`Kl5YPPDhi8l!r5I{g
zn5SdAxAWYLRX917`Y+1Zb>!pWFUBtIAfuif%St>ea$Fn?eq${aujh|R$2HZO`4~kk
zx*03Ms4SW{YBN#uoVv2u`2i@ZI;(ZTAGyD03_;O`JWMqAW8i8*Sq_LPANOGr15b!=
zgF>z2I2eTnT!wq<PpZYk+w=c;Wd7pFI=>6fb<2zftvw4@v~jeWv8BLJT_%dkwvRY9
zhbkM(T1GzGp5v)M8z2P9E_>=-U?q*V#gn2E+SNNh$2_<sg^<X?D5E{OD2CQ$InXti
z)srP<9ta71a*IBJKO=b0!X;e^GqWZY-;tO65vfC|z!$}>8wH;U?c1gg9{|FY%Ju{C
z`@$(tR;xEcYi}Qm7##@qt)E}_k;JG~=q)O8)$)zF%gI{SV#I;gv@R@Gl(DXOCUpdA
z+0|h{9jjLt46sj0YFU10rS`Zvbvi^3UFFDcfRN7m^7zBjt!X*8Kj;@AnniBAE*&cs
zoV$wf%Epf7?xrC2tVS=1NYldAt$-n!p|g!sK0~K8MTZUmO7&TyPT%vxtfpRqf_0y(
zm6=PQNuJ=c$&Kw*@5~e*!i4t+nrHU!1spz#!{XYRN(%<)I^W<<dyLS!XhL5(Uw_cC
z!uig1ucaZIeFkNwb#cQwakTIGa#vyL_=rY{=b;L{$#wON(5G8SrQHKSYE%5Rtq5@3
zALoR(JeyWjGdR|bII?Tx0(z~ozOL%(zU+dt_)|e&q|~g|wY0QzQpbzK7rgCm#ZOaC
z2RuDj>esfcfm8a?rJ0!t501rj-Jh27ae<N$8&(a`0V|DyqVpci%)#;nQ#9J3*>or$
z0@V6C#W|K7ZTl#qj+32qYYoo&FlGTC8h|Smjl?UJQ9s(4_f$sY?$HA&_h)dHhxXiR
zy7rbk53%R+y)ZmP)HO3cF)vj;RiU6;C@7b>k=!9@YI6V>9}RZn>SK&3E(%!5OsPMx
zyOO#_xL(+|DyhB3Vu5x)cGhyaI=*PhQ1CLoKaNg&lb>4BV!d~K7hH7lx#2B`Pmec)
zy`}U`x5nl+eNFIr@&*s<iSSIABG7zBB;MGn8wxh);C`P20bkA~iA_9?cny}9UmTf}
ztxYH#tV@hMCsArqpUX+^pZDwXHks!Sfd~b?vY+W&+kh*o@sKx#o2&e%IU`HizQ2Rq
za&3~cs)4QK`Rt)^g&ku(+yfx7#4pI@hHa6ky&~C_g~=~u<<u7I-qHbKq@$@Pm<CC4
zeO>>0lBnSTxIq7}Fi1E(`(rZ*bU*wr!SV3_3RU`Ft;7F3Q~tl2@BjRC|9#W{wmkB0
zznMpthNZhV_%s|@copF=47ZVxy%tQuGWGCND|!HUMGUfEYDdV}#zxMZ1yK$7L2um#
zXuSRy4|+uWC$@KWn(Q0c_3ay#Z~W><GP-T5M7TRIZ*J^-+J@+?zbQEa+4>v#{FNW_
z1ChPs*quAW43__Y^ZzTf&+>ru!y%*s4CAEnrWaBV;j;;k)~?7M2Q$2e9XE_VHMgpY
zf?j<Fu>JmTx6uFKoX5TQ11o{TT7L<SYW+K;A63ph0Jy*o0Fje>P`M-d>(}Pl4gkwR
z!}#o9ue+&FqpUw{vovgz0KZUwx+VO5I9d03zhik3gVS{ADtr7%vnVKV6mQh8u#lP(
z)E5ALosvVp_B%k@@$XCc&*uEcy?T#(8t;G0KLBvI?%*Ac*|IbTfCqrl?JB7L@4xo=
ze;cRWTkQ_0x(T?4{{9au$r1H*FLP`dXcE$x<2CYIsLR%7t?4_mD^pov`_o$FHAN%5
zCIDd7^bdvnr!xQNiOqkNauD+VDB;&N?9vakT(|12d}Az{apQeT2@Zcay>s239?c-N
z_4^zy4crwNTdjFX@#mhVhjtvnK1~k_@q4_nD7eR)zw^ugXRK(advRk)@y9%<;EiWp
z+S{X9NHFr=qbSGt>4yH62`y%usn*@_<?WFgMtS5KqG~$4C-Vuq`eg1Sill^E@XCa9
zsTMIsT()eI08}l}*048howv!|>vA;MJO=)=4Lx3iU{W20dr7>rE3{}gmjvd+Bp*Gg
zGAwUaj)PI?GqZXL-UTOFOaw@f;$T4MYF)UXnBk=&{q4v4)%+H~g~2U0KFF<S4Mm%_
z%dM)h{qAwV(hd_NR9+Cu4=T?BiR9RKOt0B#$0`YI+L799Dj;t54_A4mZhy&7CWeA)
zoIfNGVwx!~8<Ym;>M2yQ#=3BC7EOE7zJ0vaEThcV&wnuX0#yALE6f6)B;a!|9ZoFS
z%{noP?^jTeZRFR#Z=AXit1(--;Irp5GiZPeh{)M&#`euodo&)GQi7*vJRa+*B8PvZ
zT9IZbpWwbmD7rU1Y0OCd2^`hx!%7iVLEpc#G?d???(wu&AG3PT4QrQa4S}092qN-P
z5<|HWd(NkX+NC;NEAON~qPSU)B+#IaNQG~P0~lA4Fm4UrDeVOu4dQjU_CIsC2}!q+
z<=>LZ#^CFIkv!r1boR2mU-c8UO4oRMpU6qDTQ<p(yI04M6qE-ZxG^430WZUgLAOlj
zCK6{S2qLw}9$KBmg9m6r0%%&Aem<I<73DOKJZqWzI)<ANV;mGaQ(&#Q0KGD`V6B9}
zP@KCKbiaHdwSR(Jd3O%3>Tw83#VMswy9OUci94atN-EGcLmiN}HqFtL<waCZ1@AwT
zAYx{9o?z2~cDRq}g<5-wjuU}U<Isx<20#c;(s!~eUP%7@C(a$@-Op|^dQqLuSAJ~z
zP|b@t2S>bhRn)r3I%v;Dckudi(}g|(ZRN;OpVKlt+K((m1W0VS9$uGDrOd1Z7#6fr
z%uk;%BvctLP&(`;nnuH;<$GV|+|F7XAeCXmqvgm)bcR-?#Xj-+k@-{EYF21^qS2~N
zlF;JH+^_XizIHy5$p<CFR8H>i27`$l)w@oG13l}3)Gqi9%btqWUfs8IQQWj-TMB5m
zxd5ILKpeHRvkNeUl3GpeUl|5G3I0AdfR?;_0C3M(w`-c)ln4f?bkRFuU<Fx0Q5GrC
ziii*t#4l7dXn7S{J!V4ls~D2KdM42Rg<?~MwPmZZ48(xBKUa<U*Zx2;m0iIc`2exE
zw1nEoI0L9hoA}f;{4yaaxnA1s%28@JQK#||btrvwqsfxT6*Zd<2D(kzGlkt9?ys50
zleEChfK{QmA#ns9hG*uyyXNJndm}a8qib&rQ+FJ~RW-EWe-(PiyL`0RG@+~%iw)~C
z*#^znn|Vz3DmLXd0t1S<942n3dStrJPtLFe-l^BSk#69Jk7bwLk=)G*@Ij(zd$msV
zC-PU?fT`YEEBBvTw&$BmDdh*d;$;$CvXPYPcNQW&qF6KH-Ma(lz>CSo(82OS26B9T
zFmarxjVq#+<2EG8Lb9`4bXjiXaaek%=&t{bO~L$8320<di&mGqy)4TNX_dn%+a6hR
z{u$-^Cx-iC14+4z4Q~46V>>A$>s5}sTS=P*(BGKbtKXM_zji!%{}gai5@j_|-CV3A
z<M`|BTXADCIgcUpZEB*IDZ^ow>HsH^9+Ge1{qL2ZkDm80GQZ(aX6sSp!@A)!4+2fO
z%gTp3E|_ZV7fyY0yj5qR%bJ4=6%V;4E$A3{=0$&q^8G}z!wbG;68QSQd$h?%pL>7n
zrgNW^{#sE{e-_4-fEUipj#hgm?X_A*d%(phK+B-7rldnUeP5W;jnc1(Cg-F9j?($~
zj_vBySAst7#Tm||3yyJXDXfGIznD;#80UsVD`P=PBL&cIS>SK>ajru4DdT2TZtRYa
zbv*F=X8qL5^ByZQ9ryzP_D^5YlbDm<e|j^&eBFNTDs$X66M6v9vTEx1wXIT9{Z^oF
zOh^=L@4}xF{{G*r|A^LTzp%VqBa!9iM&2#16q9CFIBD4O8$cJBOw9aJ{@tlB>&MP?
z)41f^Pu-x{B4ah|moVb7+Ql<N^<shisX4LZU{<>7)9e4L-p0Q>u~7aha|tK-mmv4z
zzef4d%F$DbrLH~UQ#{33hp-XX0=f}ckdn+}+)uFc8A{I}+I}?`k*%{Gq8|3fFIKG&
zoSLmJi5W|QWtz8KQrZ#-C}Vt}4tW?x5Fi$?husO_SR<8bdO$G^KiBi&31{oA-3+_K
zjNkUZ{PEMd_n+VhJH3S>TfKy6ZaeafK0!S;43w&59!u%*>8!ZY?}Wmms%uTrbXBaF
zjVZG=`FHtAkq?lW4Xz}_)el4PIF^SIGQO9_NFD#R&6=TepMC&1Vb~hO$;oL&1e<DU
z7Z+{+qv67a1O3%y4c*c6;??P7gD0JT=)&;x{oUl5_G6oCNFnp8qvG4mX?pp7ZLzLD
zrl(AY@xdm|zo5Jwlqg7blyU`5O3ysv05FgUQDDSbjMInBeCK5o#wv5Rlzr&dRmg$W
z(Ef>u&FzX)*Nlp!n{##&6IqG^jq4X37Qi_lz0`@6;zbJtZ!cO#?txt9kDht5n9VAh
zx7pZ3&^bz$%V?({;z!N_V1gWFP>PjTcMY%4zw)jrq*ennekDQeJueQL3K;|;p%xXR
z7+rV}K>!TN%1|n~tO5k8#QWH;`qOq3REQh;uX(y86z5YoF~8v)%itg1=YJ@dbBmJb
z)Xuc5NLTZxL)!L@1F~n!KKRhW7}icH6RK$MM!bjz_>JlKO&Fw0SngrFFfmra4Z5JS
zBB2CjsvJ5}2DV4ajC6^0mz!a~;8JR={c%xw-lPCGeTByz-HNTYr@bUm8=WA*!lnR0
z#l;CNC{x(7$90BQrTBQLWqYuIAA8HY%_6tEKYMb2lVh&^wv~$3<Jq)I$&7wvyI*O^
zs6{Y4H=mNmi$?zs?+H=DPuF9i9}Sbu7e$(0O{Ze#h|F`7t{?k+&W5wXpb>YZh@O4L
zZW2;&n;NG5$Fk#GQ_otakq;M?@Y2m?YfRtUEvaBnD*M)?wGobsAwL(AqN{0jsi%Pk
zYOukRq7gbOmU&EHEgdf?bU3)=hZOIrhfP*ZQwh%AD(7Iy783=nehDw$=seJ!9_%6W
zI;lAo0~;m`J;g24jeVh!!yTO3(sqJ^qO$5wRN5u&{MXlnHjA_%m}O4RD`WLsbM>!n
z@0J$Mm>peU2T89d)s~TGlz@u;y=)ktM$>rqk6tk#U0hpuo0(#6Bv~;x;@dt#0zr}-
zaVjfuHZWFq4<c*$q6bU1Hc|OmunIkVoL)J%7EF83dUBXA?&`YU7oSyJ&s7F_YR$8?
zxqZ=d=2qS}(tU;OYu0Le?&dw7-!=Ci6{|fO{vozv<Egy5yRq3k)5E|cQdkE7MF{`4
zfjsA8^%mV&ULI<r=sls(5)$t8X7twHs_lBpYG85KpvVVm$G!UlNu6eQ1|W+<DZL)y
zQz%&=!?Vz5*wLhdW+Sn-Xml&?V+|Df4ZiqIDVo>zmm-|m^jNaJ)~b4<Gy_@ESi;~n
zI@zUZ;h*i9xI-DqC?~kis$cs;(>y+hHAAhU^Ia=<7YlthE=^b#$+dDAW)@yA%^G0l
z(!~`G#GY?R=(n|6G`*g(ahz?5?x%so?iiMJTczOBx*~%#yJ$(94|wr{)RY`q%&h<l
zdK-7PBz>Gh6nuHQZcAU6tu$8<?zkYajw_ahD&|f?eIf+!lVE}>LuM>Yu9by!@;!W#
zG#|42Y^|AQI$Yd!_Iuu;*%iO_Jy|`(v^T?NGTI_ro6Dpda&ctww&!=&c@k8Eu7+Iq
z)Wbkz-_B(}qaRlWW;qRhBBHHZ2gB1EzM`=14~iwgME~76-$0*xUiBz_=hW_0`lYnh
zuf2-AllNZ_m)OUsW+r;i_ByLvPW1MoTgw8!K1pr?LtfQKuWfC8b)Fy33cxt!)*ACW
zp*c;*G|;_uLPPnefCW*7+qJO7LAf8H#s$sy)B>gv(;9}QCF$HvULKKtbjx(8bs1i8
z4Ju@bi!+<rnaTMC_u6+Ks!MuJN|E3%_FC&`R#-%vxL))X_B8K%)lVqH(!AE<c1h0>
z+DPrv{hZnLrp?#7lSF74(=NM2m6)4b9&5l$9VAdp4JextN`crl6-7g};IH}gD+zZZ
z>R5pW)zK&Q8)gQ-+T+Gw?CZy@<Y?owhhDH~OzrI2GAuqjnE=$b6BT;(xJ65Awf)8f
z-BP9>o16TVUjIt#>yu~!v3|DROEtwOya$?-zPa3cY!yOg!jO$g%~_S^5?2ZcxS{Fa
zLSe$;QP2r!|4_9!eMGv$HHU&Y;eNU7K1;COQ=y}&fwz}@$-E?rKcY-gvvxu3mQBh;
zN!o}0XkR=`5?k?>l$n){i7#QD7D8dEL+AO@Vl|-ZQ&b<Lr%Kyiv-f2zJrl>3)og-=
zw|efN@#VK`rAltQAg0U+Y4PfVP2Cd)sZANL4Oyj&h+L{inR4b^d%nIj{kB_^==yrj
z@8pRcH!NPBKQqB^)S2X5Uw>91vv_!+3Tu0<C$#y4-<zOS{fa=RE7~yD@Y8_SQUmMn
z`y2y)Fjrpr#ME>ZB}VXu@8`RnR@rnWYbp%1*>y8Ahm`88jGu`3A!0b@m)@*azI^Sa
zrF4Wx9<BF_9>-mLruh^^MhDp&A4F%6nku+U$J%F&&epq^4wXNi9JC3eEAksV`kVqw
zDM0EbGeOtX)eE~a(;}*rSojLxLCW`U7;vgdkg_=GzW2Fo-gwK)M9Gcys5Ihu{MGW=
zGQmZ%m_a-cXec#y$NQ{&Q6XnH(krjhZXs5L@FA?m=z+0$!_aFt5u95Z&7)_5c<6R9
z<UUOwNGX8&<&5v$$hh=X|7$(_QXOby-Y5!8B}7@>@{U-wyJf%neag6BGM?Xgum=ui
z4^QG(jA%8i-M6jj+O}EL{IPHV2qJl5bA%d6+xw5KYq}KAm5jypbm%=HP~m-Vzujx<
zF(#`fq80NHIVksB;^Ksid#aAd`VP*MZl$IkqGrKCOn|=tF@y-w<fuZQ@`$$ax%4VS
z2k>-63Db8Av35_C?66rL`Cwf;NLw-?%Z-$<O}sEDK5T|7%!#-<nP=!5ScV7fC~0Yx
zL|GGCJhh!t?4vi?(GkqC`giOrqgkqvfu$`@c0z|lzsF<s9UHjW1c~&KG+D&NYtYy1
zdZ}}SSjshu-s5LPS67h)Wl0V%Bb1Q&xOI%rYW#z%#WM@PIF4M#XJcx$880|U!?pr7
z1)eXYESuRXy%XCl_({I<6sG^%f(1(fsb-!00c&W6HGv=}_CV2^HJ-sG=Du0HV0Jg!
z&AeUAAqwAZ6zmI~L!3(t*zM%40Ij1x2Z5etMArP^E}oc6tDT(NW>oII^Hnz3?bfc$
zSixi;&IXD)^GvMxZMFZgW4dLnwnmrV4{DQdetE6FGjrW?DzvefVU)-9-KfoFT2{u2
zom@uF$lxIe2WEP;&(noMg)HgXBo=1AL#=J$S_Df{b=|H_%93Z6t={+!)U#oiulRTj
zR5`}hNU-MECagqDdsPVPg9_l(<5KSMaagfep1ll%MNgQgNf>#SLm*^RFGD-I`x8H3
z9aOFmsA)gc$A(a~_+o|xcWn|#nhMB5HA(dAvQ#ZyaBz?J&kp^S(!VcL8-)%#FoB5<
zTU>6=7M@g$OVX;7tXlt=d@~nqEUo>@J5zDh6tz4^G~~**&AY;`TFa%>7h~}X$zhKk
z7nzt@XSR^ut`$Qslspjs#UXs$L3eyeV^}!a#+m~2Ubv_ICRn&jlZZ@NbXoVLYeGHa
z6EnKL(5|*qP%_RGHOd5|jj6nGA?<>9FLrN-kd3~2x{OfZGe_r20vy-!`FBq_hsx>j
z=XseF<lA=~Zlh2J8$Ej1LaLi96RC5OFnZ3w&6QZ&77V_pGF(15n08qq^XB_aVv0Gh
z?6<+Ncy|m5g-5GEy++c#DT|dOggx^9>?@9+JNEt)LC1EAHe#anm*AoBum1|oC;mL(
zu$uUD>_kM)HFS&ZsO7c3n=vteXLxbAS#T(G?}P2WOzOI6!^x`d&?1S$T}P`S_+-G-
zywwklJ};+o*F$~-giU?^hsF9A!~5z#EhBiiu0EQ%d>ir3Gz0*kzWw_`<Vhuan}dp>
zCAQ2bDL2~67@Nb7>HGbm-gPH2e?Qm%4$i-0keD<kvuM>F8ezLLFOB+B<mlI~*VIXw
zWvTOXSME1VrUkdlhDNxA{#LF1=L-D)XAOd<7ap>^z+1(TStxD2WTvtaJBa3R>#Tre
z)4Cv?Gn<4AF5L|k2mBIC`*R!EFrtab^j$RkF8Te>)%lOaQTZx{DzCFQ2}}V#s((zZ
zZuq8HdAmyJ#S6_DmA@59k7q9JKAWGqcS<PqnhVi(^MWEA2F8x$(hTIgWZyX}@uftX
zmG59L|0=FZ5)R5yio7`UqgT(Oce$A70Fd1BF1$Rs`2e6@02eaacXl}dY^iW)wDq}T
zRIHNMA+V_nk!IapI@=YURbTEvmU&_nLubs+dL0gJo6-FT03d{*^Yw*VMpUUCN;V_0
z#_YB2F8=EQAOaqo-_L!^U@%~YuqHkbU|H3=5dV#BrI*ylQIiEVu%<HRA|QtN$gQzS
zquIWcfyEN|xSLeQ`~%CL?dIdHp)xh(wI5DXdPPM6!#@Ix=o*6dx7%FJ)-RK`<FzWk
zA5l#Da~uByyJgF_xs}?{#xEH~LwG!F3c!b{teK^lee7jp#)N*ki%C`XVx+VB4t<wV
z9=}_@@W+?mnJx+Mlrqa@X{3BzcXnxd;508G;<1a?G2m5o&Ym6W0f~KFsSiJoe@)y;
zm$Hu2i&xkch)YqbjF}PX@!QE>#F_4cVOZ?lC^Rfbjn?A!glgppT<3-t2ZNDFtLPML
zb~a2;vQxzuJ+uiTq!H*)nD;Sy)ZLv=Wfm?$MP<%e+b16gqf|9dQ@d-CPv;Ffgq=YK
zLNNg#p_JPGfVm3xv6NslLou>&0>4u#SFIpAksON|D3&j-`~!`*72>bl(SCO%@>lLk
zoqAht6+I|L!@J=Tc!N?v$zSi1lM~$+yA>NV*gksRB;I#;o>VoX`|XGu!;d@~(4~eD
z_j}sSO^qxQF}w$T*k0FfGnqejx1s(v4t6E!$MWr9!)MFKt=D=b6!``YT@y1JQpNV=
zZvr&9KJVvwcxw}1LcBuiy%80h2+4TzH|ndkd}kT=*S-}kU$;06vaXrZUZfjls0D`@
zTl_I794d6Z@jX((sGmkC7l{sH_YCk9>ciuhgMP0LciLppg6oETu+OFtq#R-<&hEhp
zusShT#k``;Ed?J9-gvlketW8;P1rmCj>Hccy~5cje0rx(93yQ!CG10h2N}{>j+oHW
zn$pt2`l_6NaLZ!{zvG{wn#kQ78FU4@0(RG@K~`^fJzO`{nqorN@c62BSY0@V6jSlp
z^Vbjs@3+3Z_oXlI<RWkgd-recXFHag`Qm)2B*SR%AsAv_&i&a2|AJ@VYToTtyfzBk
zr|G5rDe`N9!q|d;<PW`jyC*Nosr>2t^!uM=9NBI^4t!Xdk$q(nqcstPQsnOy`;=P&
zJm*Q2ge^IBt=!nR&tucqBH}TK)l6xlzfm8}>H&Z76#c+xCe0q930&SZ+kX|v|IX4p
z|9flBxbcsgo&<?4dDrbrp|U;4d{hPKRhd`o#r{UTxt@jDXCDXwUu*IHof-Yo+jF|U
zpz)uH8m@L#&z0WA=&TC-rfmO#3Ez>OLk0hhc>ZsC>diU&rhWfg`TxFV54}*sp|1Zd
zLlk@osV(~op-4oCHiSnEhKK$J{Q38Ue*(6eh+zGOwLq|(l-5@qGM?KFo||kS(4=xr
zpP=Y)Q!QNx&7T_;-;}DNiuK);%6MqyyEXz-JOCKd_oj4@x4(>nl6nNBDHFZ}Y=J&^
zj5NTcy*o!$@-j=i8m1?sINMOg%33HvDwKC)0dJ;CsXb{QzRVXsbCS=A++zVEC8V0^
z!C{y3Gg7eM$(2_=nBDIwX8v(52HNVI(Uv~7=~4;56*>yLU1*Cid3mw>tYq>8fAkE$
z;+p#ewV<+jn9oA3VjOhs;ey8}mjs+cQCrvn0JqZ&PB4?*v*u9m(0}__aC3#6T;QJZ
z0{uI~;<oe45d{OPlfQLF&HYVO33kdFD2Z5nBp?){tmz&oTDLN5FJqp42U!6hM-|8W
zuu55vP&olYV^9P>NJI!n4O2;)JytY!<(r!H$BEJ?YCM!q!Qp0H<~pG6lRAtCm+~#H
zM!8Wfc-Pjp8Fz2_#jb|UW>>)9J@0?w46&S}_}Xt+PT)U8XSwD;gAg%VQC{IuFhT9~
z;EW}OXfR&YG2AM%&@m<Qm4)<0tg5PB)KEr>Gj<asr<0i&`a6ltG^yzKOQ?CgG2Y!>
z>fL^kIwa9A^xJ(~VHsy<xwi31H)E2`R3?<$d+_;EWaf^2x{F4pF?vv`Hqn7vgC|j%
ziKEYW8(B`lTH$$<F{BAM&fIP{A1yQdd>L-r?PP{sa@CbG=&NxbOaM*fvN#&&P1Y9d
zGJMm})}$h|YRhNaunz_!@{mlR>JjV{>${)Pq~RXzC$GnEv*pI^#G}LV$<T$#xwHk_
zx+lx(g(5VTlW!ywRPaDb={!Wk0K>E$7#yAd4r?A+T9vV<#axz-nsl1&Ezd4K&;E67
zGtz*K_PunX<creXK}@fY9#URB8Ez!NrpM*z#>qMO+Ry=Nup{;<)yE6ISUjq^CwXs|
z_}$XGtTl6k#d|iZ2KtF*sYbZ0%NCJel!qbaP9Vy}BsOAHVjw>Fb?{va1Be0K0O%;7
z1?g(5YrIsT!QXfVSEfQT#9-2mA2z8Ua}`ZDTl(@_)zGI|@W4n+Wd(h8@J1%iD~3#V
zvADb<IL|Amu)@{IY_q1I;^%lmz&UA0S?;&egTbJ&ZD>1RiEh7DH1<R63_mC;H1KeU
zDkyWfstqaSc<0$YuS9c@vr{78ts}@3NTiC8Gv<v%;J`|hq*Oo!P|147OQQ8rkJOz)
zmf~};0{Tj!6?u1}B(R&F$chl8z;o?Fod@p6h`9=-9RNglnI$uGYadn(&UMdjBtgFS
ziJjVVx`r;vQs~i-eJP(E?0rH@#x3<>tWr$u{V7zw9N`BEN%!shruzB=MMGB~uKK=Z
z_EY+Ux@j6HkXd$vB{XEFOv%YOwarzX4>m>M-7Aa(@Hf2Hs`JCwD(Ud`jP{&acU@>g
z!q_V)G&3Q@2dlLO;_?C`Dh3-SwEDS7dm<{LS*~q-)<*8lt3N#IEzH7;);1;bE_F6x
zXo3Y~6(BRf>n^d&+MKQ@ou~7DX9ii&?nf-v^DP)xQVbL)J=R)tf0b}*VcN-KdZHg1
z*^4am%-9OeZd>O*U&#__exa{pB2g&OS_h9}?Z!cBALjO_bGgFVi^!^{N8LDyc528N
z{#1|fr$p~|_!H~1U3wWGhCw%20!D`UCEsorzqvi7I^W1{Xo|v<rtw5KDx6kgdKVnV
zl0KH}wc7oiTA~>v7Z(Fc=t74Th!3to-E0a}2Jtj$#(ZV-+?8Pyg<<8-l{uAek*xTH
zXx>?%)5Z<6g5t&Zln1tk(^#Z717FO);o0GD89^3pNQGam&%4Z~fW*{$QiSL1n%=%`
zd0Av?h*>Z-*kA_ky}8{S-^OtIkTK(13VGPkCF^k5;WMkfWN-lBX+PZKtg#Mx`5NJo
zI`NI(J(}`7%I3rSC`Upp(<cXqRO71Xl=L*U6K$sZ7`_nt3M9WY_KWJ6|D_qLo2QNE
ztJp7LfDQn^pz&D|6@Q>8)cGi@sg-;%(-(aATa{~F#z>NfHL7OGDx?+)v%^2bx*<z=
zVa<Gx0*XoI18EHy0{Mo(dUwSw-AF|c>!ecL_!BZ*!Oi=5#(4d9bdDi%QYQeIx;U*_
zo@4B_dnz`AzgM-sVEa(zh7VKvv56$pXXT=fn6m9}A4+d@v>c7QyA-rD6~$QO0aric
ztu40_Pd0`fmG`-GNlpXUA$Mb-PBG8aNGxO>3ThSg@Xh5B&7NAfk{c~cx3EpJBFa#0
z$*O+Bhy7uc4)D0wDnzfp;8njb*w7=mmkJnMf_6ep>a7i+m%2OaV(S$=b!6vEnf%c|
zAL_$Dd!)lU8GFl5A}?pzQTVDsSjLQu!m26u&|kqIpenn$>fUYFmPA9ITY>E&y|2J;
zOPhufJ+-eoU`nh!O0NW;K#4L)@#;|L1HK7CFLb=mUD~KpZA_n63gc}}&AIbA?Brp|
zb+g&{vQ;+b4UwhNnB15<_v`R@8HtoQkXZVJ#6u4G+(BJeQZm9uDw`^*XP22<C1Mp%
zS4{MCO?JWDP`f{@s)_X>nH7XjIPK!GB!=W(a>6xfg~3jBQrnN<WuJMPQkh7mIfaof
zHaR{qoV`2uFr_PMjB-w9O+;c&iS^F(#!5V49%p_4I6XK0VQ$x;t9fG0vvTN}>{ptM
zvdwh`nr@z@Bcgdu;d1JWy`&0glbYiRq#k#n{l_8Yf|;}a8GZCr8P&ya9QPuf`kbEV
zh}5t(=TT2c%FK;t^x6Wg+z(wGqME`hmrwSzLK<$mRUQj_bjgR+5~tE&PXP;fdB)yC
zE-N|`aTE4^_=2wyl=zYbgH6L1#!p={NG8iXQ3&YOKgI&=f73&H7m8up-+VD`PV<Pc
z)t$O`iBs^lN=o-+Kh$zzO?y4=x6pmi6L<>Z>;WL2JQH>HChhKKL9e(^#)wex%Yw@{
zU_(b&-#0AJW_3>3m)Iidi4yWy$GT{?><1cLA3fDw6_8Lb#N@WYq!v>(=gv9s>+WID
z6HMTICA^lO9fzZkanZOiZhWS2(Eajxw|F3DQ>rwRP2z6Ij<itR0br`&-2z>6P-@PX
zpZ84<6=?CI-*VjO?gm+UxI6bm{$u*QXwkzirgYhd2xDV<v*e|9Aa|L|Xo~qzUd$_W
zM);KCG!Z4ZfWbr_j<r+=)S`qHH+D)9IQ*5^dkS(wV=<W2%#`uzT-?k((2`zuK&ba;
z@?65|D@)R*TJ)oUtPI4CIZJ?_Jr|{vUOru3ux%I$@`A=R(H3Bd>KUsa%eZSV3;a%R
z*F)6g&u4%7C}X=P!13kLgYPc_`}z_rfVmk6e7+xVj#`hp=)21;Hy-cZubXO`>(Prc
zRZ!>!xw5`z@cLE&zoAuv5*2~Qt&AK~P3!ZmB%Z6!ANg-Q33y7U@CQVXq4U#)a-tl9
zq|oEOAjMY(bQo6f7fXZ;M}UO=NZ7Vx;fR^8g}Wcoz>#B;_kO=+Q?9GE5Tg7St|AyA
zwPj**B?iikoqIfIG0F34DLykP+W2=-UyBq=<Yk(n!t|(@_qtR>EVijIRJ5Tl&n<0J
zaJ~z>-lw1~g9~_)X4(#ZfjFuB#?*w8;z#r~2Mu5JELm{(fFeA*Z~)RM;l7k=1-g^a
z^CXhN=UPNA!_UA&a-NAo%Y3z20vWmK1k3KgxYR>WIEi49Yl)U9eK%V#rA-U$6{mC~
zNGOh?6cn&D5P`>ye+;;NCaLK@Uqb{LyQ=93)mj`(>nmV4q(!q2B~ZAFy6=`sm1Wr{
zV8n`@ysgqY-HD9kVClt&3YYIB+g*vrQ3eU1!hT}DS*DvbumkdW!j#D=9MeEQG(E_4
zfrAn|wjVglQwd+#*xsDOPlGIs*;9R2Dlmtx5ZQNHCYo0bZx-^hA%SEBRQiNnapwS%
zk~(O5sbr1tx+Ed{R#upqo>2O@#0D6l-93y)s*m&<6yM{Z|L77ebA9p7=<!_2uz`fT
z8Ew$Jd#+4t+$|?6FIuU#oi|@jF&sk#Lv2z|#{NHj{eOFSO8%Ed$*tnzO*qru^*drE
zC#&7}1JN_!aQc7!(8DfyR-=b+!*b?^R9kRKH;qEJFNt;9481YFCbNa>A~m-Txoot%
zD5UbHS*P`?<Dx@7@9&S@2p}RWB!fuu9mq-EMvPrsuz-4`SH9Eqr!EzhD~pd-e8oPe
z;sYM$psXEQ$=tVZ5qkP{E53Dr3Ven;4*)8#{(fWbzU!Y?=5q$pKNMxV4h?2zscRIr
zg`U6nt{cg>x#i5+d2M!R`zrbV1Uij|$1mV38}|X|zic@=vIFVvHg0Q5(TzC#-3BvO
zd)+OivI*pUZ}o(oli1CCk%(7r(U0uR?xABS7_+&w;<H7$8EX-}p}`HKlQru)ms+T<
z)2yBZYUo~Uj#CBf2Yn$FwJE*pi{&vD#DhT6P3cWuyYj`fd(JHoYwHOC(A0*JricBv
zKG%)-S$<L9%&wi1&+<LTNZfi7nI(=M2_tu^K&GHoBep<RWnjqF%AL7zTOV3h<@z0t
zHabkeKyrRET3dP=cL0dZL1EXy(>b~B>C}&mOP=OwQ2v>WCp-1o0w+^po=_gF-`e3X
zB_986Ci(BWFP}=XH5Ft1PKQFRin#CQy8(rDSyr!q`514!s-djY(WRl5l-_wil9uR0
zal#U+8^)Ab2^L;u*pX~r4k>{}$q0cH-pj^?4+lOjm}#ZMjn#tH7Wo9oYU##vp7A_R
z)^DAYfgbSWVM4xg>Z^1j6zR|`Nv0v=ylw9a3JQv8{RQs5`4@)S@k8QCGyaDhti~k_
zs~>kdu(w*4)fmrnUY_FhmMlGcY!eFA0^3s)lkqeajkpd0@2-&ROPHWV1J9_uk1?F_
zrsTOM{Fx2rqukft;{idSUa_~mDtJuQYMFToFrPP~rp{L{V}{xPTW*wb{96>BC{@kz
zBiGpugjNhb+tF&BMh9y>)SM0i+MeUr`aY;P(<<#B*4k&PoN%@n|A4cLf!Ox-GMY|n
zT`QOlf9+`<<DZi7{$Er9aP&{}+W&@0?tdxl|26izTU~r`pcj5K+a^CCidBQ-t|{lP
z4wSCLiyr{KtQMw*G$*zhP${z|&6)s6x$a}8!|3hCN5xi)UHxJOgFmDs#7E|Z6JoU`
zy%o~04w*I8YQa2csO;%+CU-HOSJ5ap-ZEH9WG2DoCV#@~>zI?q8^l~kbx%7;PQp+l
z@M?xx8^cpk@A?s4Cw|QdG$Os(Y%LY$TrIuL0o35wIOG0_DNaZ=O#9UEDrU}n+zpnP
z41_o=uxNW_;F`ez=(~x4=hA3&!-7f_kRA5G<7TmF0{%o|N{ACkmWXz+=i@T(sq5?D
zgmriV<R_}ag71BH$S-mUz2LoNBW4Yga`yqf@=2H;I3t28)9%!hNGZ@JK~3#4V}Q^A
zJU(wSM<<8S!)|1TM>UG3^3>z=P$rGqY3rn9bAsAO9jvUcvsosPJ7i7r{fWSISLJ+z
zhh0$*)<Zw<Q&tBjmt;=Nt1DN}1ai;}z2>Oui;9d*uf;27aRKdg;(fXd?1#+kvl8#6
zYbWM@ocio)eQL|ld)|MWTHdoVPl+Eg|CMd?SFhAro{v5PlIx-LD&vb;>Y87I_)6yS
zj_-b4Q``2L_YayFP7Fz%OVgKlsqRygZ4nahn0UNlp6A8r44MGWwsf?Y5T2Ura;Exc
zTE`26!AwqLE;}Z`nE^YWviw^~*Qk%7RQ_Z8OZvJ97suLZCu+TZcYnc_TOvL)K&a=o
zog=QylhA)#=YO#G-ce0v?cOl<8I^GuM5M_G3IYlfLqPgC5D+0Ch7ej{1OW+6N{IBa
zLudm?3vCP~kU)@<#1I2B(n~-}Xd$5Vme51TH*=ovIgj(K=bU%F=e+A%>s#Ns|KQ%6
zd*|BwzV3F_-(~r$XHjkcJ(272ugK@-06SiVmpZ*hc>`%MuZ#_oe1ZH`+?4jq;oo}o
z4!?ET9@!}`(M}EMs?uclvmgj7u(0qoVY#}T?%tk8x-BUn!~zC$4nvJSHxLe?C?+|p
z?wldPGQ_Bt%aUgvR`%I?^7?#AQ}!<PaZ@{N#n`@OV4J1cA<39XAr&1`Y-{EN^1v;S
zrdEyHcTRIt7|O<_Z+k7ugL3jOv`qN9H^jGe+ANk-S&2vD4Nc!LOy2vXut6ta`(gQZ
zN7cWpX%(xz{b<4~DTI}X_MY+OjL<_E9P3;ml?b<PdtrM_b5MS(>iH%Z23Aw^M--Ku
zh{c#t(~N60@mDMKiles%@{>d~*+I@JXM3;N;;EBowNpuc?L&_!t$sxby1rPBuq1;J
zt9I2gupqcCM{G7nTh7<s4O)yXOLEa(DzJC<!BI_-T@2@q+ny7lec+Gk-npucE$d$B
zz*L!z0pFYvV&B&a33D_3S>^zS=7uZF*`e<=Zh7p)qD~}YkJObp!q^{aUryyNy_6<(
zXE|3z2=^m72I(q!^?t!~-fs{Ol#%=))>RA~;F8MW+0fgZ*42JIruXaeXCddjSx&DR
z$PCKczV?2`dU$$_ZF)?)FI9w*`260BOOvkWXS+i}3Hdn#q`5Q9N7j81n?{B&vP%TC
zxq-vx7WG#TuAe=-+y_>XuChFP*YECztFxpWqtx%gjC@Fvn0oYKQooN_Ss$CCm@z)Y
zw78h|2?he%`&M*cr>G|ssVCr+ehwvH@*3{PXJfL0w6;fofzQjto+Z5#U{sxZ{Yik=
z<=x@)3IJ^xx(_MzDuE%SUWbL)&!&dvL(AcEBj2AS9_@|ru5?aY%kvjjg&(zE1w(ve
z&lgg9FOeY0c43+|rZC3rXfQsc{{vU?rE$=~X{`b3DDOKM%aN4sskD1yL`7L4DA{~E
zP$xCK0I7I=9f?x>c+&6Ehq$6^cithJQjl41c8e^{%pg$(gv#c?f^vIz;`f>7D~)F-
zy~G@9w5*`rWAxiwp~T)CXe-ENp?KhQE;p5}RLrv|%TG|$ev~`KJzqfpC9MYgQ!aTV
zC-DSs@bvGGh&`kgh9(JQcIgx|6oq;+c`j{qD4-y>{aAmRojfs2O4mG<Y3nv=OomC9
z1pu<BK^(sk#TSd>XM2eJG=xW4%f0pjBB50kwq$vd#_B8T>73E*KpU@er&n=2VomAT
ziQfU&G^?2R-gEWwcP#C!9ww`f+R+G#p|$X}TQgdk0R(Ps>#WgFKOOf^dCq{m{ggZ>
zi06(WPDP%q_VRUOP?T+nW4Gg{622xTwauN6jyLgc(&B=VG!g5?(YH=M&1UKor^rZQ
zM4mzqzo)i28F~l6hMYAOO<nH_Aa^rL`aw~zbqgWges_)?J&*_}eF~~a$y;p{(J!|=
zWLMhsa6K>y&#Q@|>`Nk0<Nb{73$r70xpOkr5Tx8ib|2*HR=?pKOX9E_A@H7-RN2=q
zZ&kP=jwM7-Ddn~X+k!By`(CNRp=!Z`P`)L9AtjE{r=5uu_j6q6?_}jq&t_f)Pm*DX
zl43a`o^}_v7K~C)RtD_qppf}V4t03<)t2hI<9`N>P9RFO+hN&#HX1iR#$T=Gw;_$m
zj)YRo<p5$%M;5KiDgLM5|F@sc|J{JE_&(U-hhc^!xOi}iL2xe=#MVdee!VCc#2HPD
zfQdwQWXV%p(vY#7eka?XE#fV;P0F!N_(E9J8f+F*1Zxi<=DLPr*8-zn2_j{#B%!?l
z_&}*8#oYnadN$QF%+R8l%(0&cCOJhf7`%G4A0J%jAZd^GT*GtbqG(Qtunv+h%?TO8
z(!BNB@75>3tujlK`qA1H%%O?&a>qW$EULSE$;|bsc>-Y?NeKL2sHyrNr*!#-!fU68
z_PqZ1cD>UiaB)G{yO+Cj2P%~H&q7YK;KzB85_$n$yc9;a4#;r!ow6ZdX0y#TRJD?Z
z1Bm9Dv3ft59c74#=jWpf6D$o=rmZ<*XXi3aEP-u{->s&4&!oM0EfAn)Yr~?NEKRQa
z(j(Q^v1x379R0)1K&rJyC^GF*(yh@MP}IlT)eXa;T|H_Umnf_9ye)ioZ=zeDhXAr3
zppuCBi8;~&IL;m+?Mom3w)p=bPhKVABAL)w&--;!vM|C`aYHpP?M1wE8<|}0WcxiB
z!V>ASp0);0A+^}vtRpHBcWZ&l>bM5(sa~n(dl}B2v~o}%@8E9lO*z#L*OZQ2Yo4=K
z()O+B^7y&Qdu-;Kd5TrQLTzA%<K$Z>ztjMme(PJc;fV;o5l?`9;$@#B*=Gbv68Yx)
ze=zuOt#g~F_HMcDT}MV-2ux_b45>u<fL8lR0?l7s^HtZqN=;&Z)EZ)p4&$QVy*-YO
zoe!4q=vt;1pif<1O-&6#ot~q^86*ong9P@%G6VrS;%;Dr>E-nk^DuuMeR-@|eJvs&
zU~n}=2AWvov8|qd2{LvB7M7(0#raVmG~pChX+LiK6OO_c9>xEHd-0#o@c+2~-w0G$
zsfTR@!pepVGuYgnoV2?=J(J?+e|{pxGLy$>^f4rx$g)-T(b3T{-6Fyktl{cKf+vB1
zrsh5#{N{IOE_b*8s#7c!Dfg(MGZ1(|ROUkS(+0nC<BG6Scjr80U3f$&D3;@TeQy`G
zJDoleQBKJ7)-%`)8kTLg+Em_m8u<@LPyB7LEWPN%fp#JdKF^=LApZrmiG}V`rv-`h
znc?y=St)LW_3qF69F3PNeGzSSaO(FfQePf-ig($x?WogdMQ&}4dClY5CwOz!1_}8*
z*baksB6{qL<2&nK;x$cf+kE0?bJMOfOn=Y-4SBtXk_{+laa(kazdSyWZ_DThs&$c_
zYxOmUcS`tw?AG|4nJC^(jV$-QIj;HTafW0guOc%tg0R1`Qaix1q@3aOK8TVr86j?j
z1)LG7{o?q>Y`+>Ru6>OQUrLPU*AgP$MDnr>x90VyoQdpTAH{!p{0mlx`;j-G+^7G;
z+<#*3>Bk#4uD`=y`y*hdgLt`S)Z+#Bw7=QI(&X2R9<FsNuz5mE4Po&`owm<80;nd`
zufa9!k5Bu>gCM@E*VvGz3TC>m0b+GNro(7;_s2s@zx~tG`F&_>x~f`?sim3PWmIqI
z0}VuWzt3KN??*wRKM$@RTgGC4@LcHQOqqKe=ns8t4(4h+$Vv@(ev`O8Jhgqe`-3GD
zNmXt>p}c*)Zo6l9R}e&$wa&Tq?TN<=sC3j0hOCJP!3;)1^IzR)ry?1SBjwq@99H=!
z{7MIHvE0yff5)F@^!rk~rV9eo3j)j6^iLd6#wL`YvVC{kkCx_2$VeyAE;N&a1&M4y
z*3Lhr@ZCSqDmSc=K92$uDkfyd%JM8D%k)}kmQTG7>-^$oHGP9DGn2`vp;i)*Q5x>+
zXiMXL>6k^WuSJ$Z!`6{L(9phVEKWgxzzyslkU`45D|EX37Xf<?YkwBf8#|dS_qY9H
zxxceaH+iRYXGz0>V8c9J#iI9>Dl6EGU|H7Q1KQEuOt8gF@EyHkOisIQF{7C<6lsNg
z576oNj7W8%3|?btYB%GQi9bKlytQFuL7XIq%C6;PO>M^i*ioL@ZzwMt*y0Nk*KTxC
z22!vlw<eLwBqlfjr?4-2|HwbRt^Zt3L~s_ltsaG|wIdec-Z~KEi3KIk+lDR*pma0%
z1hkd_K-Ssq%&&(&3mNL(@Djejc#x|^2<o^Gb-I$I^2tS6<K$p=g*8AVbhV%~N_C%W
zQ(jP+2t3HA5cQayLAPsOzbji@4f75sG6#}#%h70`&q9^nxw`}9`MrPV#=q_V`{9y*
zA@^VC9QrcOwA&cfKUTZ@qMYBpOZq|m&VNep(6~Zn#6VTzM)HgxBjqA@=&$`|e%*9g
z=*;rVZb3ZK+-IRY(q|#CEbo=B(8EOHlj@pAG-DnHdm)`X<5%PZbTh&i2U>}pADzZ=
z2Ljra+Y6f}yjh`bM7Nwxt#=~vixP@*i>1B`we2G)y;NLHIZ~(8uaQucJt3ln7hQd8
zLUQsrP~=p3nf?}U&f>rbRIx^#ZLE7%W}L%zVD76GbPj&t71$Paawl<JWjZh=DnhF!
zZ(2O6R%8EReSj7l2K}kCU-=m%RdC(*a}$xfdb_;v^a#_|tLv>+&QHv4HPfrSlUck`
zHy(H>ceC=P;mIb_uZ{}=BQG8x9@0RP{Xg;CO=Q9B$f-4fL$cgx3BgRj<v^tLH^N*4
zT#6gtp#yF9%mc8xazIAr?1u*`L)2h?TGxHt2FS_=CE^?f5kYzqrTRvj+prZJCLmX|
z`P*MPtEaBL&}c`$Z8T3@vuda3EQ7QK`Ej6pK$BnZBM@QfbgwrdiJ+C>{8&1gxP{rl
z?iwxfH-p~UsfwFewN+P_72!>@PJ%jp=P@Of<*IYbZ$AqKnl*?IdJ+~ha(KyeraJdA
zuluBPZ-<K66Nm$D7P*Pxg|%($(R@om7Ca#%vs|4A1sS_&x@#8614OkFjU*FS^gj!s
z!<_MiJ~kC$-I!T4$su8tIhmMov=X7zyw_sN5g=;g@w@~EhZtJy)U-u^e4)-+y*24&
zpSx31U)U$DK`FWNv9^Ag76Q#FcZEgu1jt3bOYi{JZiY3Mid_p-B03FYGivaf=;XS?
zfr=BC;iW${hmy5f*G~Tcynk!#EW`_E&9hmbMS2eH2w#o`albAP<#|j_ob45ZXk`e_
z3;>MI_%uGx^Vz47QCPae$t(w~&tUGVGP7+ux;!`&QxfYhVr{%(<t)A2puNfz)3wYE
zv6J@4(YnHtB>OBjU{2$@HHps(4$jQ)>9V<X?g!4hBXq$kkynA;cBSXzP*tWf2*dA_
z;pJ(3%~TO_UxAri{Gd%Vc!F=t-oI^z(0mdQ5RAb3P{vj^ciUZW{?_B^Gmi>{MNG2j
zbby6Ykv~JHTPriysy<!feh!twC-u}-@evwj7P(o0jvNe;iB=jN!3PlJ<T9GPn0A?;
zEKdx`Ky>@&;HNv1#Wiy(0U_Aw-76)d{`=wMF+Ogbfs8COd5)Cyw4U^gVyHY!E8VB}
zgK_nHPtUo4Q%4E{$0;zq3SatSYzHQ<pZQrxGA|*~uGp;-f+~5OVnP1q1t>|2t|2G4
z$l0aB1?Kg21*buK$Y~_9j|H<r667@frMex>n{Q-W0JJ6&bT1e81P>s&1d0zM$Co39
zEM|a~mSE@Rt6=J#n(jHX9jx=8fU6#%04=OtfY&!aB|7M}X{RO<hoj2^6sy_<U^rug
z`=kLj7<06kKG101tje5mA~}bM3cvy{LVJ3LH(oq`C35|^%?H{VD5fpJ$xiR<gQxJ7
zQ{LZBhUNvQ&4_wnSSP`jXJb10%Z<j|=Egee5=WJs>U+SQ2g*bm568RV=bytFnUEM=
zX;wSdPxmA%S1c=+v2*Uv6MBuB)*ZIh(J6swpp9JOs-H*L3;vD5;P5)By0&V5RyDLO
zrp~>1S_?WPh^Z<c*H@keq<aMKV6a13VLmF!xktg1L1CsfgjH^x0P99e=huC|8!*y>
zGdL&)VF)vnyEWuF+)v~q_-Kog-u;EeY^gd<LhDN4XQ5A8?y;8n3`AQsT%|~dm;$)b
zVQ#dX*#Nd?Nw0|LpJsbFldIFb9oXlt!3|Cdpfat*d^=!{;cszBY%wWj3QLF^f7E>V
zC9m<}7OieME*<eN-xDH|vUIWf@#)V(?}0BN5xC&6uo|bU>8J9Gr|j)*dZ7i(=aMs;
zD6sVqJUwX3(YxF`V;FsnW#gU|8Wsq!00IFbBBHwTc@o*<@~>zNMWjbnXatxDHFvBd
z^+Cnp40WgoP=GlKT_rRa%VlJAbofWN{ZZ|HgSq2(oQ(K{^+~-8G6A$N%O{CNi3}-w
z_pBV_OCsqCieUvccP)nGicu#NlXIWj5C|JXP<;N_wcDl$y{kY5rrA`=smyxFo{+Wp
zfZx=be-p{t^;d5Ui76_H$;fDqb5T%GeEHRsD!WpTK&OJVbHuiBG%_6!zybAw{cRrk
z4uBvaD4<D`5NB>~wjMSlC37j!xT2UOa81d{p$R2Y=~l}bMYb|gF^;hmZamL#f6{ks
zNq>=~W8Q!AZFy>9;p;#sB`IMln2i^dIpNV2*eIS{|452Bh9yJkeKxu<Yv0*boiIEk
zrHoc4EV1A{baC&pOb-}7Yv9^Q`IPG<Q@!Eg3ZXb7^T0_apsISmfVId(N$TnCp2Iy5
zU{KP;Mo1nv8XTxFAjF^x2*?$&JjzQWVQX>(TB=Cb=@R;-_?Bs!-qcS=3Z1<M%6As)
zihFmuhq5W`LY2G5hQdg`f9niDOecNNDQ0WaAV+!Ei4is6wr`weR`b<RXhdYPA^>7j
zp&yf(v1yjs>(k0rrQh?pUChZ!Bilt!hyWmGJM|=DnjU@Hm|Yrv@>!^V^0UxW(?3ph
zkCBfFuxwjD3ms2+YBe0S--O=}STLyfJ23Hx+9}x+I`lfY3w%&?Vq^`tH7`4Ok$f7y
z@q_+MW?u81gFl3eLyP|SEHq%hVL74pxUMnppv(Dy5H)m5NMlLouL8wsW*JSENUQF9
z*vf=>`aJ=Npe?$!Tj-(UnIZ7~qw3GwYEKDrB4_T>4NXtYBt<d3VC@H!fHH*j1}o5p
zWsr-Ek-3^62;k{Nu%gN=PEfH!R6MnyD15GCCqKP5f~he?r-L;nnpY!#Jksts``6h8
zy~87)7UY-Bn7%;WEE8v0zr!kZTcvABqC++)=k-&|E$7`nc}pM&yh^?|p5W59ba0o{
zC3u)fhR(UP!3ghpburKRT#XryuIpGjq*8Th2&=eP#mnRUcxYJTHv#=aGEuop&rL=C
zZTDl+-{)_yv&QSD9RDP*^dgPy>2=+6?y5Quxe;ontnVH*jK>6*zau;f4`pn)2AnzG
z6L;d=jOD)kugr&2V}va|U}oKCA=trM+qeG@xj9!`?u=SX*`r(?qxtqS0qS#vuntVb
zEf=0I@1nd88JUC(ynelut@c3SSa{a)zJnip&V|=Ju{=(@!}dS9kSZf~J1EGK=#_yf
zb4nPBZ7VJ=#$bMN|Jjk&bxQK_bFW}coRWVPM|n;2gTaM&cP(Zd7UsNUTZM1yNs_$7
zmY9<S9H=e3wX)1EdC&{sn6MD%c<IG$qF&ItXssA5z6UH<(Z;d{+wfTIATayGFM&UP
zg&{;o6Nud+LWf-gdOFg23vC4DRnp=q=1-RFJn~~M2m)*DJTs*xlN{RHhsu%hU=!sv
z5E~~aS9;@bCoL?#p&vN#QQF~Wlx1o7+4LIPRggJyG3BzOFGfLUl-qwI{F))>>4CpG
zRemF{WblP!0=v&_qjsXMVzBSJ<!2!Qo^<}3zh93(_x~h`%QrFH^iG`IiPbaPwq1bU
z1Ai9MH_dm2uFzV3u?zLz)NMSt{CfZC*Anl4pL2ixN5!ymT0py{X931|_Z#nPV9N!=
znlGvUx7(dH96|a~Uv1)kfFK{N8!XXyTo!x#txe?|r}7ke&0MtyA&X3N|B=j}%U>kA
z-Y>WIx{%~M2@hI@-w#+N|Fm}eUUQ@X2jV0;D;$M3@0_}qvnVJI<?KdCHde;lELpUk
zr-yZF=iQfoCW{(dJcVEW{lRY@&XpqX&(tjOkM(Zd<NtKy<|g9c_nN5Fe*&HCUX=cR
zS0K{=j4*g1`#-<>FL1*^Yvu)3LK*3P-^z#;o~+l>Us0SzAe0*!S(@fXwwQdSzfd<Q
zZuu#(iJnM0&3gqq*Pd4V2iycM`mq?FCrvYz?xu;6T!*XM5|B88vKknC<fffkns-{S
zS!A<sA6myJ$P)x|yTrswWH35ihY1Om5ocG-?DQ9gns-_SQV90f?zbjl+B)^;N_MjH
zhhOR=@-uaLxrC-2$w9&j=B09==@EjQhu3#Yb;`;#D>0cVkgS3i%YNP=x7b}=St86H
zN#B3}$hobgquE-|o~|Y^S?hEfkOkVH*MPy(+0Q~dL7#;Nz3RG6b_>r5Nz2cFEcc9D
zWaVv~-8Vk>t%i<)^YT{=DcaH%tk#4?M)qp<>QsII2OsY9skZ7=bXHE|yy|Kve-S42
zP9VU|G@qZ`D!0LyaVv2wd**nthjMu#aW)`qmaZfS6JR2aL5#nSh-9TrIUf%Ypbg$z
z8qz;H1l?n8#tf?VaxW~H1cHNe=9L?orF~hl(+Q%TH_RV3-Do<`f9Wv;C0Fmdng!D7
zz6#hacUAjbos=d3z(yHI(y7W76;+;ED(T&8nnDp?7h{<rPORSdoxW`lR(Qb{Y%C@e
ztt=xxFU8vk>O1dNX}>Ki7c2lb&pd6l1A{ZfKMU0oAU8Fp2YZod-}&m@O_vP3PVd=H
zc@YpauA{*<)k-u0qL<L>Ba>HGI8?)1fFMwCI;Ua4V#9$21-BAK%vr$r1(dnF{}l_I
zy>Fx_vd!l#sU){sQ~gbaX5a)z92a>R%--{Rw5KZh8scCyZ|?G>Cak(8K0zG%S?Ec?
zCb9N#=qYcXFquZ8eY?!$aOdKZ>$6UOYZr9B))b&i;(k9Lidg1Y5Z%1OqWdP^#kY{q
zxE$s#$`4Aj?iCRQiZ!_?O56<84ZB$5dTy9CRs4>9VK}`~qo~Vi6I7ftkBQ$3f%o7S
zu|$_;r)tzeaRB$D(>J`xs1-Di9c8)8IQro%-piKZo+ZiFSutX%^H{X_xsKkpNQ)37
z7gxeUPHO)gDjh_Zg>zuR7$sVrNf<+8A{aZ4p3Nv1jmaFvyfyF5_-TEo{vp|pC$93&
zOw6s{#9ALTTk6|hsT?Yf3g9li-kO~m764f<Bu5fWKS-9*0`2^)Aj6M11Wc85$w*9e
zbfR@b;PQ%whs&aO?9M5yR~5aG8XRZt?v+&qhQUCBB;>x14wpd2r)S5xo35360>JAn
zi%5Y8{vL?Q#@?2gzovOBsjBu|;8nFb7W9)q<2#bx^Zdo>YM=cf9JXvan#_SotmTIy
zJ1q3gr(LDDA5BSa-lL9hw1>tNZP;h_u?b2sBg6o#rn^EU0%&e-DJhr?@ajAB(TNnt
zV(y^1XfOf~a&!FPBPGuljk1i|r5MEiLu=4K_R1$#GPFpYuj!eE>h1zr?74;#DkPep
zxm--%ypO7xS0X;}a-V9cLvChb<gS^UTY;t4=!^sq1ZLhb9T@%W_`mB6+oL-<1|7a|
zdxB(4=|CzMp?h_Dv48__vwV)&O2-Ghc0Ihs9wI2wyfmgc8uNJF@obmk?1$M+uFocV
z8sYbfunJT0#@www$3BO0G{AhMLx3a)3MaT{Vm;!4x)bMr$}9GxvwH8`OKbI-43A+$
z)Gh7<Oy*!t>&^!|B_JWz0!T89T|HOkYlO;~$Lo2BNb3T=oue4PeBh}t#mp~RB9dH1
z&VtWEMWjpcAj=DZAh^vV*RR}(!#r_wc-olg6iUxfF<C=lep=o!wp)h}mphQ(FX%IK
zLrGgdnxYVj7`92xw|`Z!J4G4N;*7*w-hO@kXuHncuHR>SkUoAqbC&s%i@ps|%vcdn
z|K2mt%!;tsS>Co8OzL8x5gTW%0u)BzHw5Lsz))+jC<dPc>dm$gE6VJ@oUjtq$lE9S
z0$D194D4!ar4HJUYBX1)yvcjn{qN#>PyJB_`hikEc#c;A8|8USJ!DEuh|r}Kiyoo!
zgq<1}#lqyuWPl}O`DSB{BD5H+pQ{MWVJ#Eq5@{nJs&K=o$^A@z-JhYk4k-u1ib9e(
zC1tB=mD2))Vx+r&_Jn?}?9-CP(WWg%rTVT)R8$R4X|xHLDDCb)-|@@gBf;y=^FK#)
z0Syvf?>~{cvsU%EEUd@pRIlR;JnVWyMdPE|OF<U)lGt2UcW;GLUW@SoB8j_38H>zK
zF^>4v;@kZJhi%Nvp4NQUiO)g^FP1@E?eWh-=c0D?1X{pnA-8MaoL=GIykWSB@S9f2
zTb@{a^6(|EW~>8l@QF$99F~^&@;}W(M?an6pz1P6QT2~s|B<WTqWD$hLfKwp;DPiP
zliiT~fB9!y$faQ9sd(Ys8m@_@bCBJ4FVgIWTajrRYo<dLaP%sbuozp3y8B}H`|OLm
zB<h-2*H%EqK&1R5x&FOSY;J@Xwl#U^^707!BCf)b4M!3osTT$=Yb#g4%BJ0CG0_-I
zf-&s~biOf+I~)?4lN<CaC2!>xzana6>UwbxNwowtV^(gf3WgrtPSf4GTU3MjTEYZf
z=-txaZ<Oe2b2(sj&6rO{2Pn(Q5p8wTsc40=eDDPkqp)em{z0PVxSnjW(2cZ$KLt!J
znu3XY!&R|ueX!lfwD$Yolo0Z&!gI2HAR{~*Ia=gVFtosC#5Cd$U{^Gu&dN0O)Y*A*
za4EcvP!iLuYu=znHHTS4^_8a5R(xB$*Tr}BOrG6woWqqCrYCi9FD6Cvby8arAj8FU
zWjTD|H<5-}<6C8&t?qS>d*`a;iS|<WBjOUdGsbHwXjhn2Z_kv`X4_A7cdqXq&zMcf
zncF~IJAN~peMQOTZQt)HlowdZD|xzQ@u7ON3BE17oP$-o_+74jVj^-nZn#SKy)+5q
z7{3N}wBg8z8C|DbGHH~TJAiPl0|dr-BwnQ(JzKO385;I=Ze%B&?Lc5%fpq|1<%wzL
zjnN|4xQ0$ek=EQCUGtUP+FFTyNd;!s`1Us@kqwKR24B@osN&uF^WG%oep6N9{9T|{
z@xU5LEIbv#&{5(5-2v&{A0>$mxn9nvik`HKrIEWq!FI4$-w^=fA4rIlsPL)gVl3SX
z?@4Ga-?|U?xN~jlE&B1@YnmRd!<XgS%9j&ZcD<2)dLdDr;yNG%TAoHy!nyP-l&%oy
zK?4A(>P|TYQlOyTj>o0BB9CXwpSnsLET2N3=-@+A6<+^LxjKqD_C$qs6qbXbXSxJt
zO#!1URj81Co$uta3?yA#nH&Is0Rey>*Jt_W5MYeZanPTa|A^~EDz9dupPtq00qd^U
zNg0F##G=MspW4rL<dD9;hpsRbjVhr>O``XIp#e%5e(ybF_?CNAhjURpLApSkP-yJy
zKk58y2;&o(V>Tg6M%{eB$#UX?Agq5rsxt%|nzwO(We)ie0&457Yh{x*_?tR|D04td
z%x9sV@{J3&e-aev!NczZ7CQ5$HFOs)Bx@i53-NkA@jaTEG3wVfi~}`$IKx@^LQVB)
ztE`8b4Hh>MnKSA`{G@5kxiPz-66$pwM%rzfc!-BB|MoMu9;~e&rwCheD)Q?!pD#CG
zTeuKr=t)H=RN7o8{!aQq1Bpz-o0!OpGo)G8V+>7>hBa8t?7-pob3UOZ9i+GVRW7Un
zi5xi0<qgY0k!qrnp2>V+$4?TZS<SU}>m-TZ|M5+bnpvRJ`7LHojd|1^CBMPW*CwaR
z1{Um9F4BiDTf>d{I;eQ7Zex=B0)@FSYhiOaWx=>~B_{2D0>yQR+<rP?<+K<ryUdMv
zf%*qj*#vf-+unY-MGz|?!(wwMc}b`0#QWzqn$3W5=tHQy6Fo+SuPbf8tD+R6r2R(W
zt-vHLe3Ezse@IMfjMY9|=`UX2bdgZ=683X5`6Shn?B0m*X&EoGzd@=7fk0={tMexV
z8m0kaBHx+#5(q?2<#Q$k9?9B2)1ReKzQD_!UsxHj2;0xO+81yckye>A(s~uDop99K
zVz$wkCaB32jp2Tz%DA-$IX})hRyW5rIyaI_m`Le?j-E?Xnkgt)-Uwd-50jZLE$dIw
za)CaQIMvSJ6@=2b)C)cN!j9_s`WGIojL4{je!KGYc{0vn+*D5f=jBI|lTWVXgHvHd
z`RvVGEZDF{g;)IDeqDLxPiyAYf#SH@>*dF2WAlo|<uA@PgY?|so|bLXx2E9vB3j+{
zeI_A<$@ya}g5(gPJHnEAIX_YJEk$YrwIE9ah|vW#$5<7H7Q9^7^U;0li#gLu>caX}
zvj?W{$yG+=!@U_dlRpid%4wG>tJ(q<6D|>aXWMF7EqwANb|h0Q1d8J^fXjcoJCDM^
zoHIeI5mpl}PcPH&jE?|pebelbbK_LFY3kjE9fD2EB*p{KBY43#c%>4eOKO{=2QBn8
z95M&}ZwC_#8IE&4i$+Uuh>EM_rog{a@ay%Nfxtw+RrBU3v)O};2=op9XQ4|S==Ivf
zxp-rt_B=$VUR^6tW?wCT=ibK11bZ(9FxInUPy{-EMD;JDUw%oa@8{FBFGtIMLB`eU
zm;Y;%V)B1zCnv%-!cO+8s#U;xy${z+o$l-3xngH$_^V@nK<QZ&tRt1_>R8ud5nJio
z2lI{_1B*1vq$RJt9}OZ44?CbPX$o>Lbl-Zscr-cy3L9pKX<8b-IyEGKc@%8gau*M>
z!?maMCPXSY^XVbPvTD|K)L2_MM4-1ZEPnsnRr$a3_sESEJJSnMxwE{-9AuGsm{zS#
z|Co|oKvn(RwO4bnk4pil#gPLD-`XkqPrKKH3GD^Hv50#3uG{{=d2x~sX5#$wS{)0O
z1h)6O6`-Or_etun#{FasqbV1;AVb1`vdAM-H3RxXUZpe>KLRP@vTh0`EwwCYjc89u
zYD%ynJ8>ySFe45WWwACdbf2l(b9ys6do?}UNue~r!G}L2y{LAy7`#|k!Na72%mWm4
zJBJ9x(>MZ7Ip4k?P#d<O$O*e4s9>iWwRZOcCs)qvi@tP}*8y^X6!levtRQtfZ+mBH
z-RfY@@b?p6?Yz~$t-~mqkRPXVl$7%%efjk|PGy!6BB8Q&x9-8tyg|&aiUky2L%a`j
zyS*cci3@~9Nl^vPYy8a$$~7IhWigF`nT_To76QdA^j<BmzqJ?$ZmMlxSl3V(fgv|w
z;I^tJjEhe%L&im65`vIZfQPJ_qO0p|*+EooV_2Q9tqkxkc#Q78L|bpa^ss5WFccJr
zq;)z?8ZF&Tqqgexf~uy(zM9;ynNn_uoqeHiQ?*lrA6I(Azoui8#Tp?7W0f)!A+}hY
z-YXVx9!`mPQ(h%Dch!^I*tP^WH#eUM9vJ|O!RnioX+|c`W<J#XQQvlbSlZ==l)5Mk
z2CGZX#h&G?s#(rk6z9cFSR;jd`r=Aj-qZ}A)TBvPQQX_x>w;&av!d+8Ar+uudJw0|
z*rjv=1QoT>;x%+YobQ`?REN1$1l!;k8ie&mYuBi=aG1JBoF5AUgh(V9sJgzqU|Ov2
z>8t(&yMN)DnbfU8Ix0O%F~w)|0C$OLSkrGbziTY=kVq}swZ0nN7@!zR&QcXbl$wV^
zQi=VIFgyG+3k7$Vj4pE)Kw>@6bT|h;6edZy!W!9zHLye=pb>&+0?L<NRDyZ5-Ftq$
z2n74V>Mqmn?!m2}<9k}TsUh}#9Qgft#<zPu=-a1QN8vj6_sQxbBZ*Ui=%F^&>?C*z
zd?RquW-;$X%}7}}TJf<pU@_Etb~K5^bzZPskk2r-f`MZkxD<zDkl~_pZF4=E1^$gp
z6_$t-efu^hmiorq$NSWPI$G7Y1A&{g0szl87;~XO;0=LSK_atR)?91f(l@9kqRgcM
z4zYKjDAOU<y)YEa8V&}WZIr;~2NQ~1l(26-o*9+qf6TA5Cy7fEA(!EvFfi3mRz5}G
zoQJyY-40ms?mV4PL}2UHctyNVEUoS#El_rSV=F_0*A+u$nV4M@=T}ZXckBeZXpF<K
zbp;d~G0<CO6*XF5Is{)tuOqK@Zq&GtL@nfj0zcL!F0ej0+$F@V8c&wg^ZT7QtJbTr
zG(t#FAHWu2y)uimd|{#%9`6LsB|zr0SKkhjC6Wh5xK?(GxfD!E--nw=vw1m^Byi}u
zkt;M+b7{$N_qVPhhmmtvpUM<hcfosdx>7H>4t&VMDTc1k)gfXDiwE5}1^2NlqfHxH
zO~8z}Y1az?(FDhF+cN%I)g}^$Ra+*MwdAyCRXDBp(qRttY8LQ(G{ME=S(A&4yVExs
zX0O;Q(Q*;c%elBhPL7`XwNX>Vl41qRpme+|4^bB9gAiDB%W$t@MnQ|2l|)S*93-N#
zhji)n_VFc+Ajl>sY3`meL|J167v!$oqvhMfdgX&`<^50}*bt^T8oL5Ufkkv(ya-ri
zQCzcZy87}&D^Op%os~O!&{@khF<)A7&nb1DhiPqJ9=34-QDd*R%BLl{Juybjmdq&r
z9$PmqfBv{qG^h02k@=Ewnhldqa0aq?UYpLBp^<qjPOHW#?si+3L%D7+usVx|aRp|3
zB)H4TvomiFGYVKuEOG?}d~TkGpwSrtG>oR4O9qEiR6=rpwA^6i-*uLkFyZ$W<a`rh
zdAD!L*3GNipv3aG=lydXXQ@b?&dYb$)*tFZGN-h)Bo=+@1m(5gCf%1fMwO&$PX#8m
zN(wS5k-l@%3??#6LD(46*q$~w#A3FV?^T^ADBft80BFsKiY`Q3eDH}Em{nrwkt_|l
zE}5<JP>%J4PB-u@>--eJI&cb@e(T#-Abmqmdjz?xyfrJC%}Z58w)BUoTwvoZ-7He;
zuOvIV4t%2to{x26q17HFmHHS7Dvutd5l}yo7a=|+Mao40YhJ?=6p)(&0E+0xWY~F7
z9AvG)!)0(ApYA$!CjHfby2*A4jvz;v=ruPFxOLOn6Wqq5*drybVqSe!Wl-N=NLQhy
z22Zjh_j@DuPjD{$Hh{R4Iaqrc9#r&vL9*{E^Lc``pj=3h;GUQmc$-wR$R~A@c-T?p
z*ubW;c^9n?V|QdD@Wz^Z;H($l&yV6%<u(_bkRQr{PXJ8N!GtQh7>sW2FiOIr^AD!f
zd6v(LeomYSd9HU*gd5U32CkjB6+P$au{0%cxQX}VKtJTn-V(MUnudV|1qktCk<cau
zg&XFUwjbw%-TQic;?<GsprvlDxRp3_3k3xQITx2l=H^DtaYBc$hjmAlJl@ppIM9B{
z|H{WuY~TD0ZQ5g{&)|(A@<Pd*sEvLGbgTWN--^d)p{jw;LWDg2T_It5=a-_v;ezoq
z%Ka*++OB7_FO;s?7^Xq4$vMxTkM(==Q$Ma1s=dM4BQUaHV$x;KT2|*5ybtBFU!SK$
zKZx&Sd8CEqjMorO?sEC$kOfs%LaJ6#Y8!#>yBR=58RN=f0klp6)2$?!Kk`Op3YZdU
zui2S*I;u@^clZTFH;<ZDloKJYs}Q|ue(+|R-*|%|hDz-G@lZYaPkG>w^U5J_no|%I
zM7HB@fLLT3WX5krMKL|?Dl9=nElA9fxF~l{=#nQ$w4e^W6~_dME@qR8%7$^IxbC!j
z+vNOjKg63>j>A>Tf^+ZmHlwO;epiTo+Gk~Wb}vcC&F*{!w{@&$M*~rpJ-v~IOe^sO
z?{pV#`;^O6IA`zBc$5J{?Ut>*jTo(*v*yN&m8NZ&IS~OmBh>t9h+j3-f{Pl8A!X3c
zc6vP5)GTt9#)~3s^DK!H6IKa8X;=NdgVKrP>0?#WUD55rK9ow1Svu6dqztv8-sPsd
zs(~?H1I%aL>Njmmm>Tott%BmaC(=$UycDZ_=zOh9n`%}0m}hR0U>4zKCK+eSaVjn~
z*0YkHQRZQYW1}@4;?Q9)Iz6=;8)+=3OvqKYf=JJ0bimFwxeoncTohvd@Dndi%eIiB
zW31^zHMvK%(~*48&0h!rDU~>t&?gd8%fLu2xSMg&{;tA|^^q(Rjb=TdJA={f^!Q$g
z{Ntbe@81a%cYA7UM~$dG5#=BfwRZg{IhvIqI~O)2qNmVFzSHbY?q<6{GEFU|g|{U8
zkWs&{U-;c2vo3VznUM*_W8Ig3%|Nw=ai&-(H0-xODgJAX_&9i{#P;q~wgN)6o6JiQ
zeRszR+pjQRT#izqZYGf}1j1~7-ES)blz@Du<sY*fK*(ym?pxELo5{n<T)*`Duvkh=
zhpA|k8LVY;v-`~U2gVR7V`{qY0;9Xt)St{U1H&y9b55@?Z24-n0vFGoQ2393uI8UM
zHH+iRRF7~w&%(Sm<GW6okCIw)M6TG*Gtx(4j|DY`z5Gm<LZ)8!h4gGMR5=dV5|t)z
zJ3x*GpA@IXv|d_cRCbg(9XuF1eXDkTrsU(7#80}$)iDCC4lYM6RMXnN=$sO@(4Wbu
zYp6DOb5C9#`wwsEKgFefN$mf;edG&KTml!jP*xYQDeTNm-*o)>!EgU5xg!mb`@7{H
zvJ02H4v>cIs=ss-xlv5}jjm5;@;?jB^?nvIKpbEUI9DDCeUgPAgTxK#IrkE|q7qD?
z>UHLcs$o!^wb2$dXwR+EXnnjn=#9OKl5Zd5S>=E!P^xplx6w;PJeaU!Wf6PdtM(AC
zE&zj5!IZ(wJ>qywsIG2=J~fYD?h+E{JzKr$!?Zz?OK`O4ObmLCDk3O2s*4Vskk-19
z?nv<>Wp`gs-P@F+XZhOTHsDKb8+#A(wmvxfyct?Gzc6qj^EN3lY9&=m)47RWK4IXX
zapK|Y&Pzn>B{R^~%6==n4ot^Rq`0KLc8<cC&+9NOdu7W@moAr~S@rN=^?k=+otZ%f
z$Pt5Qi8Y&Q!811{na9&%;P`9)92SI~q7`Q}0JegN&J_X9F94-S)E9GT)f6A5Z*P_L
z{FQPu!Dl%$6USUYInqVeePIln5ML|NY=bze{B0f9v1FDjp629k(Ib{Ans$6+mAZ6*
zEC*Xe`&YSjaWDhg>mw1>;iX)M6F$TEG!6~DiXL+<c{MSxwTih~FZD#S<YUawX;_nd
zE%ubcEU}l?J~vm1&P$zc&zKHwo%5|;?=QA*3|H^Sst&4B%<5d9jR&tQ;y?c2y@1uz
z{6o!3W7AUr&u!s_p}uW^W;eK=&%j>*Dn<NOL8ioU5i-LdnW?b#Ask1Cf~0DU3(CLv
z@>oEi&I&ASMAH+Wl9d7hsz*LPKQ(+yN$|9;hpO#aea(Gw<#h#n{IQ6<+tphfMuL&N
zjhFEF!b>yEeSW`{#udAx*DKvy%BSWNhs2B8;^*p|7|rc|J2SRED?{H`-GNhb7_Y><
z?!+6p1o;7BR`C0qj0-8pDIA6mW<8kKE!G=c^LD@-3IjE`xRj3jCjhc{M1%G7tt!a<
z!IXTnP$FENQWl;CV+O&I$Wa^tP-hNfWDs0~1$KW?y<Juj+p9?}7jI=~$?opcw_wr(
zb*j)XePNXsH<m+BR75AF_Ug^&rg9y#1U0MWBIUQq<7gdsMRY!aXwNR}{5o}^YjTZ-
ziFbtsL#R#%IWuFA?H3l`<_K5LoN$Gn@#^e!r~6C=rVwFJ+MSm~I&!pwfiKz&fk#-%
zO5&~%6#RkNM&rPFAHGdGG^!d4K{2HV^FLDM(Gr3pNDN<>OoE&eW;(m0S2~>cDD$CD
zOMJghp0W?q&-dW7(5>2gFC#vzmOsy1(cdu>9=>+FtVPz0e6-I~RDmnS+6CfO_r{pc
zCck|a@}~>;k7YXZSV4@OYe?#wlpJDL<?dH>{Dk4XV%FSz??^OFA_qhWY0eR|%GhYS
z(R|~9x|E8u@rT|47-l?USQ0ypMmAW%#5KKgFZe(K7@B#9%Oe^#<g{-GQ1Ur4IIeWk
zi*Y3(872^)-skm2g{DQPcic9zR8o}@KN#^aJpG2_qjemDcv!gj+gn&cb?1y1jol@{
z*;Xb51%~mL3_7OkgWox>%*Xnu`N#-+c->*-JG6AVtM0=zc~0E6z3UBpj2fh6WF)%N
zRTdEEk*<HCR=RK1n4)vYDd8%73^GRy3`SQhGiP%~JUSZfnzNcyo~G5VC=|0@tD8+P
zTU&?sEfS{}sl(ua^@UpYfx2PYLww(E&M|NeAyLYf;1Xmx<TmD^z{WeRaXb9&cMILV
zx%qQ(f>aqTJfXKEHD`}d7az5x_C6ei3e7_mp=wlQWJ-GQ@(a4xWZQC6ksv`SsM4B#
zQoKc;87!ts)HkDuwCWE7ikVN}Xy~vAl&Sz`SIh^)xH;v+HX9X$jJg0X+*KnMxJ{tN
zpph9x#kk@OtVg70{D`@QOx*P@glm&0R~&7${XJJC1ko`H4j?GZ=f2Ob*}v92Q*6(M
zKoA5p%H*zD6?#ig_OS9r7HypQ&gFpW3tEFHy7w*P6_)Ho%k{_3<PXl(6@0v-TI{;M
zNGT*eSvf6i48CrWRF|rg6q2erw-gEb-cxN}b%a6eLC)d0FpCYK&MTH^Gk~E})oh^P
z|HG&c<eR5v_#SUYN#z2gh>Fa>)wuYMP_2y>Vq*R4%o~itYZP3{jb+7p@Sxs;7qx`-
zbUL)~)}%Lc*k);oK-du{&1Y@CK0qSCFvOCW8{=Y>&-L~r9%EJEnAz<R$^sR=kp~Ob
z%X06z2}!9;9`Jr)l)C)mLC7WR&2E@ZYJ{F94@%1%H%nrd4Eg0$lPQ}8)yZmD7UW$j
zUlfPh{B_uVV0OKR3F1JkA!F%cEF)u{GX87_Z#*+2Gn=V@AstjQ=-}YF7++X8)aMkh
z>dkVG?bVxPiZ!BL5?0-7JTsy(ax>dBBV%W&0v4QXJAc*9esajl#wXQaNmc`tfT)PO
zzUEg`a|~V?l7B0gWQ=R9#9Q<4?8^kO#Cx|y{cFCO7kfvvB|~iF1l3LB#-gG=3&~Tx
zD&f5ozEvFGN}E2W=+M<A7$UW$q|%RNrMZsXw<uz$=Fth>jUc#rhr>1$VBrxaP;W$f
z{DHZUgU+FTN-q7=xf0d@f)1Bct`h~TGyO%>jbIR<bte!TXzts5!NNGrc<7<MZEhBs
zmr2N7Wi)F)Y0vrCk(N+@OlEwr@@iZ>Z!$A$bH~bHV)^3kC!2SjOw$FIPd+as&+%JQ
zSFAx!qxWH8FZ5WX+mf~6E-oE<)vB!43<2V6XoYDP5^s%`!N%IAoe%a?6$B;ALBqB4
zQ`lLW4WElL=2`)*8yfARG5JlJIFc?l{un{gW$`V`b0gT#lZ%d+BBGYMt)WIRb2f+I
zg?nez=#XlK4QZ%3UyA@oyzRRK8@@zAd~{!}SAk|S=SH|maE7*WDAcF*=9y-H_Ttdh
z?a151p`kD92Mx`R(30ZkSe@(TmQi)xBj(?D`B)WFOQL%$g$Fx~mW*Ht00^{G{{5q!
zsaZw>qk3s^j)-hn@*ALotOOP&iER+v=wVSwf`9aKw(&zDVM9Ww+Lu9>E_GjOR4k1%
z2Q>qPD2Z_4gR26VuuuVX4D_Jw$3xVR!M})3N4Bt6W@47j8v-vOE0|7GU`Xm|zc6z9
z{daJ?85q3V+Vn7?Xk>(BJ@yen-E(gT4t#rloV{uv{^C6U#hmz6Ox8M9-N-pa(@$Zv
zv-3tI=Yjh{LOe{D+a(KgG>`^KxpeLq(=NzjONB02O#l9ux&Q2Z7Xhr&-pwAqLPN)=
zer=_eQWIb@MNoV9jvfiLeMS9dYrIk_0j3*vHOmT0;N{--o)aGfI~k4b4TzgA>cxKO
zO!q*O18G{jS|&3FUd2N;VRWh91K;n37T7=hN&jCbx1KqFKu~yTTBLi^G|ztauFARB
z4b&SWP5HL%&%(=y?yUo8<>u>z%~Bpa;uZg4zMxj`{5O}@HI|-2H58m@N7BtBL&Q@{
z%VS7WuIWKTm4L1o7}|)dMS&p?ef(KJHom5|>mi|<^8lY;hRa;vQ15LjO_s2o@*3oq
z+t8#1U{x%!GueMG@5}Ab0htt*^rtZtAwWxjLH9H?`#yXs!rN{n$lPwZ0`tFm7^gf?
zW2|=BtyP!sK$0O6A{_(V?RBppK?=Y}dU&UUZVn%*Zvs3WxiVxKUL4~)&|r+ysh`&f
z9NYj~2Q-a#%5;YoTtR&Na#kUwgzE<zOp~qD&qAc0nJ;@Eu0p=70hQp{JhCRfmG+W<
z`qIyTA@Seroc=<zcgK90&H5Pk%YRDyjAr0c$qH%P2Awp?-x;ydc4!=}tUV5Sn0m=O
zpkszC9rGPd$3tOPx#%EOPwse~bCtJ`vS-o3qaf6NGMCb~2xC(zPCQ>Dqb1`<M$>>M
z?RRy%QjRxw-CiC9WX+lk4v(K<Uo}{JHTF~JFTx&;5hvEd5Y5~fGQ%gLYd$23ukrRN
zzx~YKl;(%T3UY%i#Wre2srK21&>76mnQ49=HMf6*ylGG(FqwQoO228~+sL7NpM|oE
zc0~Jx^i^gJvW6o^!yNhtMh@`lpM_k#q7A&?d=~12Mtt?faxCu%ZI%Ca;ODs;!u4}-
z4&2Fg-j64Jzh7A|$UcCq%P;!)pWvp+Znycp*8B0uc<s||2L6B6`u{<`76pB*`>`rV
zs4+lA5cEW{<E4K^_=u`~-BXn$KV=OIv@fRPE9TT~k1v@O<(s-^X>1#|Q+UIy;MfP8
z;m{Fux`KlL`2-P>_j-4Pz81dq*GI^B<J4Jq*I3xFNZIl$i{aGvy`ik>jdi&VWciz^
zOTW|?SNOq@L`_$9mZ&Jdj1)~X?}jV6WV)n%?R>hsMoT_`ycpm;P19CZRtv~$edt9J
zn%6F5`rJ``+NZ3+h_}2Bn@tY?W;XT!?ewlu|B-6n&_J*ap$s(k4YXfZad+k81nQh}
z??@I(=!nzre_fg^0>`oouem#XZDp+w);5@LLH8w&($Rv1jU5p&%U|n))Px)m;^n7G
zze<Ib4#y{0RJ^b2+Cm5-O*Qu~YwU`;!O0szgLvkQ^?Ks=)P+}N3Ro1}C3<RN-p+O-
zIZ>*zdvF%IEqNnZ9YKMsg=N?72;yyP@kU2DW$YrBh;MX*k&E7)MWrI8=prql!y7*e
z)_3?nN@o>1G%e2h=_3z^r4VCsG|2KL9>zO79NuLOtY}R6*pCN$)o36nLspf_YU&Ao
zS&I9rHr-Yu#WPe#&x?ctLd>$|(GHX5tG-|p0MqI3F}%9SiLS?H>1W^}8;TZJ=2fbP
zrwm?k`c1uodYtc5;i#aKgcxb!0P5E0yAjf_fPdoP3BQx?E6c!bWf{gIt|jy_HPJ#n
z85tdPc%l=5UT#bl5$g<0mFy=wP8oskXz$!CpcTDE3gaPfq|nb1zLl$M4A{k@=i05h
zokmW!gB%vzP2iY=E6eSE`fXSxW_iD`-{*%0IWV5m$b{LH8n+^BcvaS>tZ=*zP1DIH
zUjW<i-1U#B6Se~<2VEzLX{RWG;W4pcbO5oX!J@<zQX@w>Corz!v`rL&6eCxO{C`^h
z*=C8T(CPfW+k*TN&%jq-^d6j3_@YLI$rrHg|Mr;|T&KTnQ&XBD-sh*9HcwwoU03hQ
zDGeaVr<T;VSKNNoHd=T5N}a&fmeGtDzSgO1*tf9gsf_XMRERjWclJbF*}}3*?CR3?
z%YSdh>WlgbDyddGn{ibB^@x}6eKvH-xE-fC=a0YXy7@UjJ?oqv)$xy(fI`VsnRw5p
z;FOLXnotSdJCEC=AKd##YdI^z^4f#i^cwiql`|3!10Ng3r^eR4Xgy=khj@Y4|19<J
z;}<9KMKfGs4BBq5R>(^|IC-SWW@8Hg-bU}$|D*LuV<*?XJ3=j}eEH6W>(uf;Fly~}
z)BkA6eogIL?T?)cD~x*b%StLE^0ZZ?z>V<37tJk5E&l&soOqg(FftbU#=-A;!(g7X
ziLhA)iz8X?qGhEo+!>RrsOw;l#Nd<@zZDYu`^_h?{Y!R{6_50=MJo|MwQ>8UkOo!W
ztmIXGB0JJpvonkWcCx{dS{T~jmY%}!WKo)z@C`pOOo~e1^~<MW6OhUTQ^hGHElfRE
zA#nQ&u{ScBa7+L(bEvDuj~{-w-oJHKa(1>X7;ER{rF?%Z?TRas#zWMQS}=6QJK92p
zSF>$Dg0@(}sHE}C+KVw(J%)%2H=`=GC6(X0V{hPWZ8UFfs&G`qic7&Z<(dJ$2uPq)
zUl>e`1nGwM{1Wxsw~i_f>vSvN>6AnDt3~j!6^Sv(Bb>e6CzN`8Qn!{!51=ebWHAut
z3RgrsmAtih+`t6tx>^Ff(!4Sec0QHE_qYqnxy=lD_t{)85yvT*pr9v?K)}h#=6;>y
zQj;0OuF6(em`_cfZ#FfB4Vs>L(9h_AO{SKGhCl*PNc5qxKRJ0N;^(GSmAtci`u8>1
z!c8QW+s4p*YS7v8<lI;a)wqT3DI!*}MiVQW768x;Y2MxXH})S|wI}rxHz?ROS6Yvw
z&qh)~^@eqd#shbkO|3*E(J^)rw;1uWko=%;RP_95ar<n2?tGkvLm@b=()x+*U|WmW
zcQ&9due(M_f})OA2C=pi@#^cZ{v>^|4xt;hP`{D9tdmI0r7%#BOx*uhd*2<`=CP(r
zV#i5bg8|barrM$fu)u)9v5mkOge)W>IyN2A0-_2q363#U7%)wu7*T`-2vbB8#f4r?
z5g>%X21M_@7;?4Q-=5^0ySsPKwtIi~Uj3nOMw+JiMl<ux`##UpcX}OicHPt1^U0Hu
zY|3~>eN*pbjtbYMlqEmvXbBaGXLY7bdJ&=qhv;;p(VTFZg4N&&wjQ-Gl1wH?J|Bq2
z>Y@>Rd>nD8`{MJzxBox#cBzw`l2wJX(5x}P!Bb|Rs9vxVj8KEachyv{5M6t0F8G?0
zMh`srAhu`lO$otAvZebRtMh_!<1^hM{SH5><(mJ&3ev(9ZZf2vcz<%7w0v}}uz~Zy
z1(3+eVKOfckCoAG$q{?9J41O^XP+1M4;JN$6lfR<ei=}Bh(Nz{^a~YgEbrZO@7Ue^
zG+A5j!CIE2am){+;bKa~{k9)$@Iui6sQ5MIVUc_$f>GpC)BM*Y7GJn5V6j6pp>apj
z*ayKD%loeu8Gxh@ja_DqeHfxYlaN&Pq<6?etKS}M?9AdGc77*VJX#91Vb@HZ+<0mv
zo`g`9XoLYQu20rO8#EEx{4_5^?%<JHB(b6@N|!?<q^5g28WVW^5f+EL0y+=Y(-#(s
za}$ax=U_o4t{#ff%lx%7<A|#s8{|N`w)1xUH=kKHNruKLabrRI?Of{L{`mXt`4`}P
zTwLM`!*usXOTcn<ksmO$v5|ieVM5nsJkF9OP?v*6qJLl90q%vwA+Aky>>4R2<PDoV
zlqFi?ms;%6>q{S9Mpc+v@{qS+Yi!8b0H2+N2L3K%XVt!w>65hXoR&*ND+3p=%8)yk
z0cobLYHNw?JH{h0<b4Xu8etqg6r36mcCE#2&wmxU9CxbuwH0pbolf2Qg1OSjsY^IR
zEvvZbV~<%<RaYHBcC#?D3_xCvO)mCX>F3jY`NwfU=&&K*noQlGSy`91-!R+kq!)*c
z$lU5v-JMKMDC6t3iRu4t;+FdH1No&NEUa=Pg)`EUGnx09(!%M|135Is4$04j3rRiJ
z_0<PGrmYP>wp+-)s>^8>vlbICxH(?^ZGZQAXWMG0R){gec$i>aW$&*KkVR@GL*vkO
zVtwnGZz&n;WsibaTvCf0r_b5fIq-2yIs{_?Z%<)%f7p^x;$V<EBTJD!RAF~l4lUhD
z{8Z(>DQ>D#O;}s~<qMc<aXf?DA$f_$PJk9h?~!Z$Ij~2-|Ma(li8vlF;o>*sI4<q^
zy?>6qGW(MyOHkxb`dDxNTuR*H?J>UJxTX%85Jo?{9qS+6ZTf7hzDRoUjZmMaNUF;d
zOgwUy>l@FIKWF-%!e5lVzFip-JVk~uZmed=Us@3t+b1XOg0%`}v(>~B>}N?k`X9N@
zrT_SsoPtl!l{5XG#)cZSqaT=2;A1c_s$v?BP%yZfk0bMgp(e35nWd^~`YVl{*;7=Q
z5g4Qog??qV{h~t~Q2Qu(gU~4L<5O!<M5l2Sc3Jbz=a+<sSl^A{dua<37cB912Q3$*
z70n&1G@`r<Ncmn;e7+mCP#NRC4pWJ>x>}@1ze(uNZY#z)4ns9NYR^&0;oq7|&ehJC
zUSTd=KQJT5A$+6fG&&=P^r$eu$<Uv}M^!?7ri3NCRxSKU+qi(|b|ak`{uBG|53QCI
zsk}_7oy!V$H}&~7mzz;&fLC1s3p3_c#5ne-fN!robb4jAWOS9ar}>SRX7ICH+of69
z5{Up6<;6G~e?Jr;_(;m_Or7Jn;>4Db%1*vu0V39BQ?ol>jAmEW2S=3A0ovQi+`#tz
zY~g;W7^!o{dJl|^NPom&_XBe+D&$QmExtq1_ZLb`zePwD<>%z)CJJbomLV>?A{N<k
ze2Aj*07|<^1AhQ7hCvwJ&7->|%P9HOTJ~@IzO12(>iV7S8BL<s>5<puaHXd25~v&!
zatSi`v3}o{w*SY=O(yJy3en<}E}PU&z=Qj2EOmRUG3)-=g1TASoGxV(na<sg-yWyc
zz{@9;Cq#cZCw9lRxXQ|<xE}=5H$U|$i=RMQ2^Nc-Ev+wvj$*&ffQ1_4Pq<+blM?N-
zIgKh>_f`hgsH=(7TGP6}SdIZ|DQ-y)iyZ!a-ir}=bQCsj-5k@cQ-_{WKVzwUpkO2Z
zxLV48bP@&@Cb+v^l4>tb@?g6qYe1n;Oo}3TPAD#5__N!c$|C@=S^ME@x<jh)bfH9X
zp)b^E)Eoj9VYc*A5a{F{{~iWZQ*q-&w(M2`hwGN_iL6~KrCM%!<%$5_Juf#ARjs30
zr+$CvSz##xrQA8gBmfb?FF$TPwZ_sHDJd47H)la%9#l`HaI64KDoH9ou3t?vK=n1+
z37fo$-l`?zi#@=H?m2@4xE_Dv6k2-l)}*bRkENn2Dz_eFoVHSxE+<Jc5M;o0t|e?V
z#OpO^h-A#;DedHE8qe;psM48LP0bCN4Rw7<j~J?h1Wcy2ykbG}(!2x0QX}m6?*6Aa
zjSqNZDDr2!G#l6Fj<x4RIeaVwO!Et!o1>N$dF#<c?LmJJ#AeXvmq<C7r+xe{E-h_Z
z16kkSm{uq^9b=}VE*d~R66=!JbD0wF4lUXb5;Ue)1V*SUtfG#7_{GV~<ysFbGI;K|
zA}jL>Q>?nA?fi7BEO&jC?`NfOu=wh~ajlRJ)=^6_H<jK`I@k1DF5z8DEl_o%DGx9~
zAu_os1{PRUZJc#7ES*MBg0E@Zx^6F&8(hvFds||*6I!j(@Nm%HcgXLBb`t2`9Y}kr
zUITZ>C%%g~gfZI&0fNK7f4yK+XmvuQNIr!=-itR?7<`WmY@LnUPEH<D9+yf)+30W9
zip<Jc#o17F!PN-ehezcezFn2&TiA)KQ)}PS&(J65O9Emoa1qSYCB(vH$&kt=uw;S0
z9yz9h-m!pKC?CaTXDr<qhu9yg6NA7P2>qD%bG5@m2+Lfu-??cr+ae7|lbbQkwbQF*
z;ryd_+>&Vut|h?K9>g2>n<okDgDLhYT{8EaOKT0#tpiN?pH#?dc{eJ%CkzmL<7*h8
zq=UBxqN~nBa`=3zZ1YV<i;6s&yR^eDcW^Afmbuc|QW7dO;#0f5jG;;gJD6p5)B&iX
z)z%4jZS~VojW3pLt`arlGWGG(nCGGnSC|>YHP_rcM$Wnn*mUX=_1dINRDDsKxe2Ue
zp3Vl!h^Ce_rF_dfwIc5oF_9dw(j@PWs_oiO;O*HkO!vN2ns&va2iWN?A_uP5oK`Rf
z|5(X~l>2pk7YaIm5fLWI(~0Crx4?)=jnVDPFByv3zHM@1voOxlFCn>SP47XAeX{m(
z#w%x0t?X!p&}I@9Ggv&#(xTd$K8TUgzNiH8naS0!Ez=<fWyGT=qPj`q00{sfV3Wuw
zJbX&=@doPWVBDTm4-8uWaMN=OIr32dhCfNz`UVUs<q~<2HCuI!dAUJSUt5G!uJ}1q
zd}!sz4`3bYeCw-u#ax@!(IQcg+*-R`-_mNU1>DZEwEOtV{baKeeKl~h8Y`GiQYk2N
zKyQ?H_Zs=kT}T1TIDR?On0#`+vxVj#V^ksG<6qb(mlV3YRK@yndhvubr+MzzPc;hD
z2>Af{5fvKv$8p-#Tw>LShb9$4(xj9t8f9y|o^f$rDv}d39F|l*yV2pMiS;=1cV*|E
zUrzHZH`~IDSU6d_`+kQU1JG%2B~;>8-984_Kbr$H>w*l&D;fd5eKH+xKZru#Zvd>S
znjnf5boew~H2Wm6dZ;;Js9a~T-5e@30u)^UG5vHwCpS1;WADmCTIr~=pHkE9spn)}
zffE}MgUstI<0VK*nzL4bRysF{LD;e0JC#r2&xoMExYNX!R`Alo`T;#UrE2nyw4>2@
z?<}UnQVCGu3D<RSY4l&b^OLAa-_G;r4G;6J4XR7_&evG2D6{>A%xo_Vr+g!<3Xrrb
z%C*n4r<03W!V~mKQfI5M&wzq6T`P;=BIby<_Q4-fZl2t6DJ!4jS&44V<8@QbhypW~
zOW+tPe**@{=OCi7aFU~_L{W>K=CyK~OP#4ci?i@Um1s$lb7B%Cl7-@ui)Uxh3|dgy
zw(-Z?V*G+h3&aamU_>|2gdNzTP;-wW-^M}_qBXC8gbeG^ZNg3oJq})WlH-N-N2PGk
zecq6}i_&XcNoEpLOAp*rqpoEJ<_)$<*O}oj105XC57xoS>(5o4Xr9)22rmFewoVcf
z+<o&&>a*@?aD|b{hJF-cRL&Ezn{Q}W3V1W}7LJ`sM@Z=t)IW@1xcTf4{a&;b+(ZzK
z{g6+K32QIyE6c`M-fd+<!TA^Z%YcHS_fXZkpkRv;txC?BrS<W(Ur;ljbq8SU1t;Ho
zy!0fJYt1A`)zH#StYO?;sfTYeZ#57x>I6Ss#OTu*-`aq4^}q$Jaun<Hnf2wwF0Y0m
zd1YhjWz*hL3dme&W-~9iUvy5wqdbSzyRo!dFgK<g-bNe|J|pdda#r6L)$cGgfS%&M
zw$ht;W7%5LIiYhu0ht%V1o%mbSbk)9dguQ@`?^wLYy)dsQhWZ&Y=gjI>p*XOh!J9;
zyBG<O&4)QG7Jj|bvKyA_8gP-}84%8DFlw~C{QNC|_D#X^(Sv!3umm})7FImQ54E?N
z=?{C}Ec0q{;&!pc9ioLLruqZsz;8FJ!L1Mv<q?LQzO0t(8IRO$Gny?cb+cJXU=sZT
zTKr!*Yfir6|11u!R5A%stbQ|Fb66DLr8j>yy5Kq@L7CZDfCv`ID3csa&Fq}fU1CiU
zR+7vD<36n(L{67aQg|<QI$JuZlxvVl1K3Pi_Xj(A#ZhP5XQ>G8UX;v2jcE7t>%$7C
zd)J+v4imfAF7~Xwp4yQ^I2Ys;QAdV=U0^BC0ym5Oj9CqeJ{3W#en}=SB|2f6$aQmx
zt`}cAZP$SCUl4L|$Cw>}@H1<$hy4{Z*D0*m%vf`jI=Tw!H8}8Vm`a^f2zah8Adaz}
ztJ+d#bz3IC%d6UoFj~b<e4y*|)(|3`K}pT*vvHQy1*iJy9N{Z2d@&__b4YKY5t90N
zEZx8zXHZ7wqmZktu6;5?B*LiBC6QPgPv1#LhW3k_n$Bkk%>9)bbE?Y59ZZeoHpwoJ
zHeeDcOXhX+k6TW>&uuk2qhDtV00tow__)<a6H&7UDPt-zMGn*Urw8Yh5yM><5LL|X
z)=dHxV2hB;_g|VQ*7LRQ*Zx}7Sb8XSE><goWaHZ<(W2a$sh-&9lC@;eAyK5LZ1A}b
zXw~kB&X&WU%j{#6i4<n~N6w#4*Gc&3r|BB>DH~9aiYZ!3p&Tg?G!#-%>COoo9Dg0m
z=I;FwWzoh}UDPriF?uP<(obAvc#`z7u6${)5Jrbe*c2AJj?Pm6UEwC$k$bE2xkzP)
zO@2R+9+~Xb@E-4^k$N5{mxPk>BJp9KBG3DljXkQdoG)39Cg@8U*_EgYM7Q|Hq3JAW
z8Kv`?ee67iV0}X5(~F~tlk>Y0Q$7weIU4g)iT6u+;K0H}N&gjrW>dg&bUbRUd=(57
z!X33dzr;9m)%lG|@olN<s_?4B^W=fWYXy`D-PCfs286WTuBTm7k8yv|@+-bxM6;=D
zzQC~#5#fz4z`Qs#SjY@|R}x#TR~l|E)L{~C=4d{#f3OEi@-?Me72<s;BgDdJN)~_|
zu+^d}EGfE7h56bpsvKvVY;>kwTj76lW(yFK{P_hP))FzG$r534caF^gbj!Tza*uYm
zg`#2|+}*vYLc;_}4v(Hh@Hby?|K%Cz-y1l!pK@(B?n95TL)?mKEf(D0-Y{R-z%d2P
zK7DJp;F)Hb4pFTRo|p3PuMIo!Jn?$dpt(oov70_ab9FCKq*t?0u6+g@@f`mkZ+iGi
z)<i)j^F=Gt5Zv2gb`&}mfqD@6d7f=Y_1}dtAdg{$?5ky^Y3z9E{B^mN^0VzpPi*=d
zVd~q|4tmiVAqO@yeoJ}HPft4Fem^qoObH9B^Q{p6^EV~7p%CC$Xw<N)liL6!2x5!~
z)_^dUUHpV)RvOhB;lV?ZQUMJbJ>G1eaqmS+Pa(PD?!?#)-R+|EI@#$_Y=FqKW9=27
zWojYLIj^~GY8VMJo#Shj;u0|B^xJP-79-m2tw5_e#r8-%nIu={Y7-EKHqCkuyzzi0
zPmda<@-P?^Cd9*Qd2u=^CzO&dUNCGvDtX(IGBXv~DdSswleHyV{6Ltm3RN4H*^UQB
zE!TGSlh#ST_9EJ23w+5M)-Ch_na;|g#j@s@1yDf7%)W-9F#}a)P7=Q3`YJpzGqe9)
zGs<gud(Aeie!0r|@s34Q^iD-B<o+~rfkXNOb0aeN<);0;#diFDad}oG?i*l~&~HV#
zu$g{YW_!K#O(W)LX>fw2uE2H4;Dh^$S`T%6fy9arIdlrKTvAh5SYTBPaGf50_)p{H
zpSS-1<F`-HZ!Z|Bz~JvX?2^fCt-HCnS+aW}N7j{pRHgUzG1x|cY7;QNGRii-<crzT
z3~^j0hJ)A)?x9|{9KAJquv%FsiQY=)3KArVn}}PM&Go<vYAG72{cYl^S4neK!|f-H
zca_K2kHk#6Cx1E5PFweD5&PPtl5z2wBL~aHPGSAX5q8(zb<AIpgtShd{LCf31@@ti
zFVhn_`bCRmp~7TKDZU@-t_zUnO>4Oy9zYIlv$C@CGc%32J6lfN#;}k@SPbIlN67>J
z)EY!Y&OB|)(Bs)s)4P&WC!SF@3VC%!8Sg&{7^ky?PFt>wSuE3m9+RKqqMsl0KAf&O
zu5hRtUD?J5`12OWdoAi}as`I{5(>6a*h+mbt@o8-On-N;FS%*l?ib-TO@U#9v8MA*
zg#)F9TTvgX&K^4t9X%WKy+3i}fBT&4Be(tlv?vsyy;&Aq?Iz*R+ySj_Kl<X!fy}Q5
zE?lZoC^h`y9Qc<+Wl0?2n_A8fizY`Y+@lY4m6KO`*~}++o)7<Yzy5Un51WD{G4Z?4
z!uA`z=&<jFe&d3keBkIO@%J2(9lktM(feF_Ogt->e(>{`!r5OSmkM%cZX#qf;yyu5
z6b;i^Qx(kFB2=T0Zh$#JWN53F#{<7iIre8faRU+~MeZq8=%c$9RF^$J&b9a@TKWO2
z2&0Aga<e0Ki3cq<(R7fHgzsc%2YkWFqoso^snHC<>U0M?sebIaBI7cd9@*=iEfU;N
zUUld0w1!&o6828=_z%k`B1-&iN<3zTv~#+ARN&U#s4=i4ktNhKJ^@EbkQF;=1xs5N
zz_5pc;Y$}a5=Ni}&IP_e6_8(Eftw`Rp5%~%%Pk8~g-&*?&hB^x+>@GD^yzj|PMc2a
zm5e`+PV1F1*ZI~~zSUk3drNf}6Qc6r5#h#>`VdAG;90+DYST%x_qM%g_!Y2Dpf=y#
z9gVu;YwVbauuo0k7MNgg^K`K6uM{ttmWy20*7y1@(1WsOuD_V62B`G)%(v&O-xxHI
z%Vy@%X%ZBUBHKzexGUFrL{+&#fI~1ht*sI0$6heK;b+v>iRFnG3)Ki~%P0PlT`B^a
zR2oANtLx8B>Yo9Vfc;~n%cLt0FyC72sT3e|88)NibcVJTfpX+tye2WM@KtnI`pjX{
z8CNXaYGGvrXAvXMYci;>vci0`??0IwhC4nQEX`Ml%l3EnCq<H->?F|XX`gfi=HAD?
zOUNzNs^Bn~M#c-a(XuZpe0hF{qY-F}9zGgQD=1>#7?^Y=<YrB3BO0?@OCjkQeP)v;
z4LBfnQ^O*ov#{~qimPj$P`bYUPdP(wJz2XidSl#Z4?&|k<>{79H$D(wv=M&eiX=y8
zwK6GMbq`9Qd~~>XWQKRI>~iyQV)<;AM?W7zxmCiut!=rj+<LrPI_JHzTcfpabdbw(
zrRvC#N@j^K1uG*r9;*+KpgB>PWSNtf0x5>~((Q(0>qdAtpc93UYGCC#g$zrPVtuMu
z975N>7rcuA9|QELbE}fsVMR!#1Lv0$7d%Jy=D&KX+Uh4X>F7}^M8r)#+PMOVBtHtz
z)CfjBFV*D0D)H@lxk3G!%M=yHz@UHYXF9jm=yX<AWb*DZ%x8GlPWI;X;<h94ZPsf2
zT?d9(mTN|hwDbirC~0tC$^>5KNUYwq2F&Vt(GEmssYtSt^)4gKy-kYFI$L9}aRyoV
zdbWl>we}Tmjt_)8dwqV`<G?xUgM0LlDP_e+DMx*Y<|?eiam-DNCf>wqWc-wU9vy{M
zJ?*m8yWFk2(Hz*TJ;AVjlUJ&dlDjBYHtAadQHc&QWjya6=n1Gh%og=9+5uje!wN8z
zHa$?Pen<ddm40u%O{E7y7%H0hWmYf`s4i4=)@E5y8(1ztba#_=+U+u?y_=)9vyJfp
zAOc2~fPLhM=b~b#WJS<X8*D5r!};bq>?74)BX;`cbcP>$cgGS@>qr*yWG7i@8GgRf
zz9_OU|CtKwk-F8sFX@JKHteQ*$;{WY`0bZovl?v5m}{;cl<LDALq23U@;w7SxJ4CZ
zboPuStV}wq`!P6@w_{&hW=@AFvMpl3Swo%k3VWSoA=wWwx$AC{iOBuC+GZ4v7&F4O
z$^XE*Iaih*2g`510jLnIht;iQ<cp~5!v~tn;08c>Ph<mkVTqf~4ki!P0te~Bx1DP%
z3gpNfr;X?W)wXx4gCBZqqU~x4=~2zy&hfuG=iWc1#ZFhOb)6th-IUVUxnc;(ZbL#&
zSD(}UL4oYT9iQkVCDKp?jYsHdW6185?M&JgXyLw1J=3>Ip$7)2obfkby^+-85uS)K
z_!RK6Zw4x~D+di845e#sTd(&<6cRCjsBSQ{FINBdrSp(mJ|9~&Evf?ug;|0d)7*V;
z{h!{R4RS(5QYT2|Hj+Q}013qGib_j!Q9f(<y2nf(^b-J!q7gQ!+}bDj(%Yg_PCMck
zgFJ~g>F%`?-f|hcGH?^mm#KpN8)|}Mk&X5=e+_66U5E{?1{VoyuE1O1M#fH(ZEdN7
zu@HtzvCAsL2z)bR>Q+clpglunfU8&V*y}RJF)u&?R6JBCOb;<V87?2MdJuSdf&-7L
zBqkKrFY#nVljN-8-K=LRZOrr~Q-oLBb_Gv`ZHeh}l1^0%(lWG8IrG_R`2vR|Fk^LC
zZk%GHN9kelsV(9qokwhBq6v0R_R87cbZ=p^*Y&XEvRb&2lRf8d=!gn^BRHmD(z(6#
z&|6Mn4OxtP{-~>Hpm*;**brjrSroR<F9B1Mn?~0s&w>XTyJ0a|d9&%Jui0j&sL_mq
z7t@=t_wIRFOfV2cFW2v`kX%G2TQ;HXImq=%k7~I4Q4)u7sW))5SHu3+u~?S=o24az
zR&*Oh(|NrA=ct8xi+HeOR=mkl3BS-Gh9qe4Q?;`FgHD^wjB?!u$pp;mFu9uMDE+JE
z0ta2(8+xA#qut~H+U(-uemTyap5!xm(n0k7^eD__f3F3eUGB<Kzj5$-J4PG`A>ZcW
zvg-WP!u@-Y*B_FPp~Wp-*h6l6E=8H%mam3BoKVoX{cCfpW`an90p!+&U_8yHa8{0w
z53@#BtN)QV3z#>SpR`DQiu5Z#j*~VPH?)MrGrVh@Edr&A?DTJK!66lFju#^wrCeeh
zGugQJh*Q<sDw?6sS&EE;MUSXsgM8&pKRs=!bCRF0qa2Fd+h@FFWt}_eARAxnV_`pq
z?>QNw9W2sg><%Wb64hN%mO(wo4|k-CpIHmnU*yF-2?$el(oow)=E(i?UWjL_ANp2*
z-?`IeKviRzdtpbyr4JN;=#v~E*j~tUQ1(~Qle4bCkyoA79hjbu^A<mHD*R7;ebHSz
zeRE}De9w*VEBjrBI8aM$W}gq{tNEy$U8gum^O3M0Y<WP6&gHwygUHoH!{=@f|HkDo
zhp{6illGJF4kx*(w=eBWk&8sC??Xe+7ot{v;|e01|2RB8YN@i8X%|o9-j}534$^xg
zcjYjlU%vTdJ!ARuWIOqrZ1Rw1CFV8}4lxkK>PzAmaIR7uPR#N-kCQ2<v&_+8wGknA
z=$>5|pX-1bF`0WgM2#t$(oJ_H^y}+l*VY4tIs5yI9YaSytHGh*8WurWEFv(nK$(lH
z_Ak5jf9R=yZO8tv_vC*Nt;XH(hb8Yq7>6m-1^F9S%<M5j<%?71bN3QgF7-hdKfn3n
zLLccw;)ibX`uJ__cO`QEbstCCSFu&p`3|}32yPiH&?e(Z(jW5NW5mIBaimBnE`z<R
zWh|PXy2O{9sA&~Goy-)!U-m9)0N|7tS(<?Ko#jY=#grEuS-wd%F3_r}wpPB`D_amI
z_Bw%o+UFWMEyG#dYwvC5YoX%Q=S98tQ4_vvfF?7_-XeY{g&ogKX}F@%U;p93u+j}r
zJ1UPKIJMKdUv2Ue^<z*=*Vz&4`;AjORYz4hV~Y}0246#o{q>KzDc6K{Rm0d0bC9d*
zaJcR^&PvePRs%;!o5*m&OxZo@?$$$oRzw3qx10sDYMPHWT1@N@!)%j(s&yL-&QP_K
zTY7yMjAkHsazlaoPl4Q0c0?69o2WW~SN}tD*#miJ{&z0kM%7QFV+x#6d5)*p#AXuU
z+A5FUgkCR|CdVyauCW>bM+AVjm$*zO>d5K@4jo}oxA)O4-dyC3Sq_SLE~D+^E1)d6
zywrTmFZI({s9W{KYs0(%Osvg^ea6`qS&PC)a5uBk$x{E$dL~+txwT{RDao79qhf)g
zRgfN<7#>`r;ITUQ!tzQ40A-fhJ*(eM>yn_fN3sTqPrB+{)~}6#g{fd=AS?qSCOEyz
zq0?>x3>M+MIS|;JS?QkxN#F<VQ%RCF_7=JCSGwfeEJkN4tV&FOrEN*#Kj%6+jjwBq
z_VZ~CQjVJgK)!LQ!Jav0D)Ndu4ueL~<#D^WJeLsih##a}d$e{PGV?Bkl-MWKGnZMZ
z#3ylINm?SV&}iOR8`V$B8j<T+BFBO66394@Rj2@aT1QNIAQWIL^PyWDa^pGF<p%9?
zQAFKwJYujhONdNnpln8^@29oi-z!zy)ZiAvQ%<seH5BRFImPoK#x!eqzSkA{vRWj1
z67;dEB{2@MF8SEE!ZS0vjE^KKrS}hpLPv12Zz1mz85iKC_ZyeUtP{HHD@{^bOZ&uh
zma6=Fb3%IK7evhMpx0wp_Cf{$=>Si)I#=N__&w8ly8APPKYFY|D7$x&G!I%pft(DR
zb@v-DJRXcKZ*j?Mgjufz+zKD7Jde$~=(ud>Hi9!3p)fl@x(v-_GAZ|q5RbF7g|!G}
zpq{t3s_Lx<w5m96ErNqHq6?B$qjokvJKh-{a5z+_)Y`n#e>SOd%T_CwU_NP|zg~wE
z>U8pV8F>@aTZ~5Z&Uzjrz3yy(^mosF=r>zo>2))6P`KRE{X*OFcC}feP$yB-G0|Z1
z;$j(9BV$P44{lnT^RWIc*0175Uq{?R-1wp7bH$oi`AnmpTQ$>y+hHd^IjpF^>X!ek
zF^9YEH&{%;9eHuAG}l?~m;t1G^hwXl&4S}1)|jswG=OazxIAKKZn<m)yxZ-xydZD#
zP=QVYNtAr4hE=0g8{5uQ`2dvEm;iv#BSF*{5Dc?|^*TLaL`8k}>Cj~03Q8u>s=M8f
z!Kjjm1MiVze$L3C(@l@ysqE6Ci1f9HWU0KkvfWZ$c6>S%THlE$yFXQUJqZZRf2$%C
ztPoN~zV&4K0tkIQYcbHl|8sFjWJZb4Ave-b@!=yP5}|BlpR5Y0atc$sHe{r$r=i<c
zeY;4(6%6b%BKve*MCR0r8KjPT?Ie5KT&0$yEMJ;vT;bQO0?kBaE*7#k0}u==@_?$#
zK*PQI1;tXAOy+krCNs!$$9jf$EIRe|Q6<I$={?ckvMPcy85-P0RqZpA9;qHFXdgp9
zMaZKXdpZ^9yKdz=X?#GEHFJs+!K0NI=oI5^TSsjvvVW%K5wna(l_yKJRW?GBm^;xY
zbTBc|CYY98bzAA4`jT1^`yl1#8MVOeQb3tiD93Md5QxNyf0dhWuV!v?U4+(K3ZJo4
zzMX{)0LZi*rMpr?nIas5sQkBAd#-K7i11e9PruwSKExR;NP4-7m>j6+sC&+E)RPri
zoq2Ul&qL-UU%w4^!matyK5fVw;U<{6-y!JtgcHnpsV*GAV~6KbXY@)PDZpf4@Wa4+
zkij{-@GP|!UJo#?6{w~Q3F7{)!=`)!hqH%7O>=Neo%SMgJj?76xy7M=CkX}nj2*Ue
zya;4Ir%cmIg+sE-AiNJWE-3FGd_V<`&}LP^u6~y*irtLqb{$gn^O;NuUmLFnp_)%$
zJRDc5w(>&m`_LRJzcXqijIUgQ(^OChU1oYm<;%^r#(BJKQ#GRD4$r5ArUqK4W^ZUv
z-`+RBaeW)NvK&08LzjDh=6aG{l~Ho?u4Vpn;gWitT%mH7%nG3J8l5y#%hzkxkF1Sm
zbJ+eVM<qjFh(j@c{4#84tC^QIp5B9=;yN$y@$cO4{joF)j#xf9S`}(yDy`P^@H$(2
z9Ie%$e&cd)s+&Fq`XkwYN9bP^V*X!N{)Lfu>K+AkySen(KUKrXJ0-eaaZ!guh`)+F
zq5W9)C+}kwje^A(VqiI8HOBED_`n7JRQ4s@Cv?@=V@L47C$RoGHug*hRL<TlKcT&S
zG@7l8)aZ4CYS9tgnuQ|Zf9u}k=iiH$Oy7NFcj$`kNMa}V67$?+!)5e^I)J);^X&wC
zOv5U}Uw4-e=>RfOh;^G)4(phIz0|6jJcYC@5<7C&;46K5nU<jLqdSAfQFIqe5TM0O
z^?BW!8ObT1tMyA$o%8%P<y)1`r+~(;<)dL`!E}s-MDB>+>Y{mVgaJ`4<2gUoN$iyL
z?1DwvsANhM%IU$cy0amuVGTQm+60KLyG?ps&{I=k)T0Wg^ZBf|<xc8gqr6d()kfV$
zJ?89B@oTE{KY1M<#93?xM_i4cVsH*&Dt+>M(srl-bKN<a`3|Yz(TULNO(+5b2p|wb
zd4<-(t#8a8kWAS%J)pQMhq{NF_;N~qiWF<T@j739DdaKIE9B{V+Wx}hA)0hckH;Zi
zvljeQ97kybQSRgKqeM*LNHW;48UAuHNz<kA(X^hNo=_YLgK?ROFZL>mPSGu7!x!o_
zLQ1z^BnxS&`V^UEC(+t&Z7K8Y&uZJqZxm30J@rAfdd#fd?OX4ri>J`v6|_xtzk0u=
zIqur8FTY22v$QoZ#xn8grn=~a=z5B;M=;c424o#6%WvLkRrXm}xXOG}IPSS@lf@jl
zs7liEtKMjv{*bfkyKz1}5|U!WWJ!Ovjf07~H!)o796S6PZj@OtUpQopKg@_}df#OG
zYiR`#(SK10febr#Z2palo#8MrRskOKghBuX8r!kWhYWekYH&M;L;~J+TmRdg;#;O*
zNh(V5+ed^!{LXX9od(mT8-8w`DTh)C$9XDLSsyfcmDGRCcPnqzxB<z%k5;O71K|a`
zN{6bxWf}U>EEF!1a&nWKJ_*g`CiI#H&=M#N&5ZNaYwzFQrW?jD)f@yWlk@WWEpV8_
zNJ44V#45O69;;Uj%OlUp<M)C@8jv3%gsTeiw%?Qjf5HkL!jKCqDS(xJwWGy~Tapo&
z9$R9S2{Vj4jgJW_XBkz&Sg7Kf(09RphEvhfp)kVoUSjrvF;Z_PnN0VgBGl)fci1*h
zTyoE=o|M}dr--1Y<sVi^`cX+9_E|KE+RvXq)3)dI<oIA6J_Vf*Z-#=%rN6HD7L@@@
zs(O;GrE>KO+Ft-nid~}SjS+V{r-Z(F^fA%wYE&^+Sm9Y2l_wVpxX$5E(sTW=ut2*q
zD;pPFf1r1LZ^JQD0p|(g;b|?IcoMm{0dbyEx|CZx_I-^#11y?#Y%Y4C`f6cSt^!r1
z<K$BE;z_^I$!=}89y#cKeS>jpSaD5n_C(2k<!~2k@B7+!i#Rt>V$3^o<|zc!(FZ^+
zahfO5GBUfCuiI=mpNEerI7Xb26#VM2ceJ0!6K=rG<JBChp$N*H9pmr-=hqa#Adx0!
z?ocZfMcMKdxwK@(CW_HoA&F~ecH_wsr7BA0c>P?k6Z-}$vN@!97GuxT>D(5p8!X^j
z=2>SqqbG?C+-}Pq{IqIZxo1|Ed9QA~tkcb7vF%Bva^kRs65QqjQUtQ)phu{s*ljP4
zC}F%N@NEiKhIS00@sBM(6!#vPJC|fd*CkGRMjL!@mQgZ?PJzb>?dbc+s%vhNH*;)U
zV;pm*6_4DDdY4q{aJNK<woK{wPJ6mXS$<i3eN;I%K;{?&AZ$sLCYAf|Ym`uR7=^q0
z(lPXJ(D;{h<<*R1{J~{)C1NrnQ6hN7JCr4jzd=U}Hgoh`!g~7N$%^t@4UScV5!1J>
zXL~iB3p1vQ3(!UURIE%10Y7%k<Q0Y&@I@0+a`5Q)a{NU$_=1IH0D#lh&T|p`<<*MA
zS}oM}Ban@&rb&BmSqJ9~3kl@VK~n5iGmmnf;Et_v?l!pV?Dvy`ZKKZ%tFKVNH#Rwt
z=%2q-{oNg$!?XIQbC8>6;$u468wlBDTmZO7$6Z^Ztp~Ok|AvcS<sawj-zV(9c{}qb
zl{HlmXT`*9guS<r%~6%M4bnD>y}<i7>HmwP`nGelPbRv*Umi;R_;=KH+7iAV>8AuP
z550{ezQw;7LzQ%B791z#$Mv}FZg18?{r95opStF%&+D&!<?V7EqWM^wdA4JN>||kD
zMHsoYyY%vhH4)Xf&{H-elDTdH2=-<|GqbJe*EN5`fOhgpWJ5u?P+I0!y7DRN1sn+j
ztXtA3+-B?JPBr%Ej^}}V*blsI@yKr{mQ&Ue5XawbEPm2rC9*aFO$5a-%fPkDD{F~u
zTbKS4`obu1=cmlo4$lKV+x|;p6rKi#!lXpep~T!D1^yBGKeA|UYsggaFUQvJC<2P!
zq}{_MN3{BhaYRK`xap3=huW(M_c)Gl5@?r?j}Ph_Us4}1b}pd9{vcAX!g^tQ4zjdq
zgf?KMvTAelaw<POR9?jqoTa>XqoZb;u|8-mM+R3H4%ouNvJGGSw3duIFBqo_=V^;(
zm)(<h3n02bn0*WH5W-^fi$TVY;Ox#u6PmNZc8c+Z_v|NEW7wGYMO5GF9%#ElQXtsK
z9df1uR>Y42$m}V{ff&8UlqEV8VQu*xFw0j%@x$jGvC?j?@5cWTzHthlFl~Ciu?H6K
zup4ceSyfVB0fV>3+xK($%u;KiP(D6Q0s-JBk!Jj>t6C;&_&D;@2NSDc;Im|tAuvqd
z2+pt+E(jjJ!SrR&e66GARR%F^-X31MGEcAS+YoCC&M7jzdH?%#Y=o<6P@vUwndaQA
z+4+I%fQ3b3UW%!#t~>UZWpfTW>8+AOiK_!o4cCQ?#B#y&Wzi3;JSkrf_T4d}JS$gT
zsMtgEiFY@qqS3)~Z%Z)vovcAON)9G!v5ABwdi}BwdAgffyd2Xv^Mr|Bo249i4Aw70
zf;)v%m?gY50bY;Exgk5qQn;j7cz2eAb~sV%pf2b>?J7PPs<x21z>1xYkGq*A5~3=w
zr{c8T&(omQD1!0bJ&7N7R~5=W@1JexG5cDRxp;TLe?az_r+k^F^Tabum8h<+P7FQF
zSY!d-P_Eo^6E1$eo3gA^kXYVz>6ua1IiPCLqX3oL>7NT}?mIq8`MfD28AQ3Zb(&Tw
z1K4t{(EP@YB|z)mZ(P^q<FIPEX3=cc8p_ugze<w;q`B1kJ4r-k%)P($8<(l3TWtnR
zHM?gY@o}H(Z+|D7ZgH?S+-Y#l6?GKEQxOhgt<32AC?0VffJ<K&gm%c+gvtabSnYiM
ztR6e<lR_PU4p09CvAh@Xv?0DQE>TS?0qN)SpvAZW5j+BU3XDUTI%Az9G`j6H_5(43
z3Mc?|VSP?{|JpHk|JbvE*u)lc&Cyk>%>(O@8Vg}9{Kx*@V)irJ%LD>JkG_deoAkPy
z<1~W_c<xvOt6ciNV&CT0{v)EF_^*ay8}DW{Z>$K+gn{B>n$(u6t@ljy&M7WZSheb^
zSdCAgbmG?lR!!D^YjYy#_wR>3I*!U*&twqVHfhM`mLCfv$Tx$7B*x5A16e)7xYd~X
zNyqI~pNdeSL2JF*fr;|Zj>)NKuMG>JrbsxPQ!BZsz4X~K8ednMNG8!klVyG`j~P*z
z_94akX4M}TU8h+Ku+n2O4{eK|ysVnzh}Nx-J+SCDFYJQ9EI0i6(GaGilO&uV#c{3!
zXp2Nsd`c14i(uXlA#T^&e6lGKUz_vU&8i1omnwXKI~#Rf%8X7PDeDgY<U=6)nUdG4
z^9Ek^=~eCUf|cR3-fgOBb6q1T7Jf+A0@v=1jXtF{MPs?B=|B(`FVws|G)!}p0DvH;
z{864XGI_5Sf#HCZ$a|z=t{4OizJ}09`8J)5zV+q{)X%@K4d=2_W3ZyWhfI(6Xa!?J
zm5oQr*v-WSsXP*z;4@g(9$gY=L8G=e@CEm+{b??*_$lPcdo}(?I5+9ji3aZZ=!r!q
zK&`3FDw&)KU%@cjLSI#fq})y$ADn$ZARj{4Dg69*O~L#sr1(GP^sCeKcL6kM+6*F0
z*XpEdW70)oQaXNC>@T4&)Bdzvh-q8N2A5klf{@#wz9lcw-Eh{X*~#O-gdSc0|3&}5
z*C8*nu_wHb<7~xBU_%W^r+Z-ck`(>g;Di!)0Ga$#WgSss>XPjObu;AdR@^564_vUG
z3X?ATl+HqtGk@bUAiIZjmNgFpi@}4Pvmg*lWY}fV4VV=T&%)C6PZvf<?!R)gidrX#
zKl(eiT>lA4|7Aq`-(UC_!b4$|94uAK))R6%*T~@?J~#jDGS7k2W2Y_GJUW|>4Z}V!
zf4%agY0`C{@OEQV39&IoF2gY9avTi@vdk^m?BHAw=Q!>I8J{ye_4M109Uk4%{RmO_
zox3X*hrsacDy*WfBODTtEQuRpl=$qxS9c+;d*P0V5WU9-Z0*vl7PmIkJYexCaIhkC
zvA%c)iKZOw<s!7VJcyKWR|2j;l_P~a3BI|zFUuffrzA-6TfcEtWrV%U&g(3sXn5+o
zkCeFezCNF<NLRL)UnrWXVhZ1ljyj#7AyD=JA5f?7x3ES&9@m>zPp>pQTi8w&tN6Y+
z{0MZvTFzm~5NvyX(6hr<#M4wqj~dHPdJ@w;!%R2)vTmhR*#tRN8}Xc>dgzx0C)U7N
zr0cGz@6o9V(!@emw+|4?@9EVx@w#(W94N$k?|AWor{h=t`kw8Q?RHflSO-Md#4juy
zB#)PnkW3D+PI}_m&{^Tq08+nJ3k2OH-_#vcj)e%c3E3AzW|G03c6D;;k<D$fMn3Bs
zk=us5!^N}OHyR&}$*(+YuusvPCl{@mOIzD7QrwKOK5ge@F&gc2x6|vHo<n*Pz97)F
zeck&QI}G)?x$lytmtafG^&&sYf=9infw_W6sqTH*2v-3tN^XSX-vDmpWoOR{q>yHi
z^-5Om0v-z0ifzJ31KZePYY7aZ-;fq03~x4LO30>U#mkWowB(6G?Z7_iu4@kUAFqt7
z3*}=$6i3HSt!Iw*bTxasW&T7d)DBVu>ANiu+y!UEHbc%<HzIWWow3TQIs$1K!J~Wg
z1>;T<fyRMtIywUB+2@TQv!y>A%D;yK-<y`jq~y$03b3$M6R!t8SUE(%6V3RY^c5H9
z?TwKdmf}jP8FU0g&35hd(D~=ao|>%KNu|A8DU(Fr?LAAY>Ictor2ZZQsijkF+w1eu
ztyDhDj)`-Apc*W0akbcyzsU9}Q^kVmUR8S(IQi*(^w(7&4yLM`VHL%e@M;40f>RBY
zQWcDb7s`X(NM+-P5v)7+Oc?}pfxS!i`Oa8<xwI0F@lThdP@zEHAs5uirLm%2+7!bi
zZ*EU(9AOm5>{=YDNSIc+J-3P8-GZ5|=06V75xfFT+i*-U-@^Z@ShSAO?6_KOIqSb9
za_+(CuzFeJ1FcXxW=G3hro#E4_vwO|hh3wgYx^pLdZB>2J)n6LC50N&BgqLA#z!r-
zYWJ5Wjd;}YjLUdRZ1<hZ9dz+6U?v(mK7FGwGQaj=aKPXc=I+8{jDLw~buwQGXfl;h
zaFp#|^ieZAZL01u1PQql&^THljF>u7IERNoM3ki(ien9IqG!BRVGgX`H9exweezBk
zO)#=`@7sxjK)XOY31y!5zn&Bi`iul|J`MDa`V_Su8LO`tM(%q1Q`_S!q?K}Z(3yJ*
z;0JUAB&K9NDq*peYS9}R8{f_n7-I1CGV2q5M$<=t^ai9_7P)}L5jvv()3hZleCkNQ
ztr3uSoMgQ4?#)U6##%J#w!>hZr|Z_^g)2I!Z1@w7!TIGsrT^c5l`P$2t&=2vzZ72n
z{y)&5f4lwq=YO>pHMOsI<KsgR21hcPgU|lt{qd)58P^x+YyWB?|E*vC`;RaFwweES
zm(jn?`PXrG_doEw#B+ZdleNU2=Xqua<WT57*O#+@<@oT|CH!~C{{3zjf7?>M9r2a3
z9QnnNNpiuDz?0nL9NQBm{0_YR^abb4i-wiAwe^d(xK69<{B6d+j*pK1ajs^3<xfKr
z4Z&Z!U$zB5%w6aDs{7Sn=lb6m`xm(Z{{A-Ym#UH7RthLRW(&e!xhqD1;-DgNKJGLC
zVMnfyKjhLOVv>FS_}z!Ek}V6GG`ZJY-4|tKR+LqWK3lKfUO<MuRNebJrt#}zz}jZS
zlTR*RPRvf~iOVeLQ24_B^6|%wfH%K!<y)UT>>F3$(!z&c`u_?3Z|etfX)+7qOzj_Y
z<y-oSmwT|a)Ox(c9!jb^(z?3yv*Qe&o456QuCIRl`$y=1QI7x22b2GzCjQqI`&U~5
I@!uH#1AvB@GXMYp

diff --git a/enhancements/machine-config/manage_boot_images_reconcile_loop.jpg b/enhancements/machine-config/manage_boot_images_reconcile_loop.jpg
deleted file mode 100644
index 14de6a73f740387fc138edd8572df8ef966e85ca..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 99433
zcmeFZ1ymf}vM@SCNFW4)1TtulK?8)rJvcM?;2vOr4DJL?LU3moAb5hiyCwv824|4q
z!Ce9&JaWG8Kj*%C&$;K`wf=YC|K2*)Yr1Qys%zJ-+P!;gUr$|s13ZGtLSzA0SO5Ul
z%>lSx!kU6eNg1ocRAeEFGJi0-0XJ~xIRId5=i&sDlYFY9tM~NYw?FRq%`-7`cKCh$
z2XLeJbmF&m0AQ5;AISV?WE{A;v)PTn{>_iU=_c_TV@Yms63ahu=HIyKAGpYG+}*{&
z<wi#JH}0eXle)p-H#oE9zrjua4Q}S(^jkjsMn=Te#`Skvzu~vVc;<GR>NnT>H$O^%
zGXMsV14#bP|IPm!u+IPh1Wo{e+tGicnI-}NwE+OYlbOHK7(N031pWX(&CuUyfAfih
ziId4+)ZMu`-?Fd(01k5jfQPyO0P!#YfUEx(-p%PB*!J{>MR{YF{mo$sumP9@o&q2M
zJAfI0;|2o*o&&f5eAgI&6yWx)-|+i<`v&e{-}w#qv9a%B<J`x^#kr4zgNsLihx-8k
z0S?YX!iV?-j~)>|!o?#ZCVE7CgFpJM1nc*mx9{A)x$)5hoCi15|0Z021`yuIO2P@e
zjYS8zMTm8q5bL@fKz-xx8?&%}7sWpT``(?qw{G9Z!oj`azj_1!U}N1#+<WlwA@=RN
z*!KWfw{G9Lxe^l55|eP<e@rK#rimma18ZoT#G=Ya(DXcf{92CAE^cx0m7_RMxCJC(
zPVZtWs=tf@c}-nERWW?s2gwCybTCRutG`b;fWP+3Y+JlZiSoAz_x@(ajWvI!bpM76
zAq3pQx`l;({{i+L?BC|zJU6#)6W+N?M9U?ihW!|3;u!O3gqVbkPQ&RPvi!^bJur_t
zdXbcyw}Ma7v~uad*)M~hp>6bf27q__Cd-7k2?64OD>eHmroBfi0=3)3XTeSYfJb`0
zeM8i<2~p@+1pgSWmDRM)Dr%Cei!Ire$~Q;UKbV7kFs5U7%dSffnCoBTL%|Rva5V-r
ztaS?$9jZc&?V8w34w{;0B)h7UIg*NaaDr!g+H8`goK2Cz!&XbYM;vW+udPCrIrX$p
zA2o=w-ue_bXFYpHK<iEslNSM6d)7F3j4t_5Fp=ws6l&PUDalI^=tm;><$DYorQgG<
zC!xoY<~|ngu?3)r0!lY3ZvmnrMv)o5WrxfT+b&O@U1@8c{REWyJ}*bS^=QBB%K5#t
z6PkuDvMvw;9})teTKP#VUYkzTySf_#?|;3Y=Cvss$MkMKF2iQHDqnv$l1LRv<I<97
zu0#ECVdK>PVe&Jgc%?W$dzK>lRC_#kD#VZH6BwuXuCW2RkzChoRt6f<HcQD22*%i_
zg@MBWz-qROLO1z@+huYNJTa2-iIDAHmMO|j+nADb4q#l7C7PKt+TsRVw!My)wMa!~
zlddHg^Y~t3)sElS9V0C-@>$Q+?@tM$EvP>Y59x&ST&Qkw#N^){DQ3uAR&Mu}X)1}6
z$>lvEtbYk8;kj&}k>{2C@w$c<)zpaU*!o^tUXZ9udya{r*sf*IK^?&@q^)gG$l3ZM
zTFsY9U+36LAHoy0Vo2kM&5mm)NVs0EsI3o_`*cSpLk-?X9zjB_c@BsKD8Z1JquJU-
z)wGly(uI!!L&|`n0@rsxwdKvMI9)WQMFrB@B1KVhOmt?_*8r$(?fBRvQ7V%gG}$H=
z{Td#tydsn@oa16iU(jvKQlW4!Axw(pw0cl=ip!$kY#{*cw}peOqVAN=;)DCDar&ht
zvmGN0;dXj2*r?Z)Tyu6q&@;u5ysYv(jkW0f=jI*JekS7#ac!6(FdF_bMCL>*c-XR@
za95Ts`Jvh_vcEBdmrTB@;H#3Am4g5evcWqr-n)lLQ#3)#yuG~>DIIHW+_SCbai`b6
zG8_16VA41FQT@gX5{?9G(xTdu8p9!>NzIT}mlQ)mAM?RyF!Io2u`0Fr(UBDvYXsU+
z8V;`pK^DsTOqxUHEN9PzpITCe<rNiA^HFV>x_hn0>5smy6KZtBp489}%vfZ|9_1F3
z>6aMJOGUQKk<0YC+;z>T8g7utswFI+U4N!wjZo7Re7s+nJ=LQK)5d98R?~B|t!|e!
zr0ZdsjY_Adal-#@_@vWeM&#F!*xOZV<*baDb7nW|cq=s^(u|9W&2^QKa2NG-K$!aS
zKC8N$6{m9X9Xp-3Z1+V+$!X2r!IR?11XNy^?OguKwO*~}DC-VB^(CKSVdkcv4aUs&
z`P5EznUlE$hQkwW-3Zk`u)Dd7vS_kw_Jm7U@*%ApG87!Mx{z=rHyF{8)^52(a9dp^
z>Dc)}ybf+M%WmN?9w&2R&`MGWHG6>BKxet*^K4Q4=1IP9b{aJ^8n1iB7!F<A6Ycc3
z>Gf*oZoB)nO@s)n4zio`E0=Zupv28(%Q^0EScZ|tLA@fLHT4DdIAq6x5DbOEKeCj_
zA2Xn9S}{!ledl*of~~g0nq^AccbuL%`o-jyfq(G6de2U*t3Om+-7Uz<9j?|yEWzIj
zg+fu5ZEyk8tMM7EL^yBVplEvb4{enKcJ<u}#VFj4mAyts3!z@KZf!p=Vmsy`JN;lG
zUOrkU4A#24S6R8R{*_r<0eydVdiIHZpHfH1-ORYPWmRq3NjNRxa2C%<jE$djq~!gv
zAwqJ+wVKosa!Y^H4?ZP6iL%0!4b_R!^kbR>sFTR;PhC_II61R%BV>d${;@nrBviEB
z5I3}^V`I0j9`UwlbdKdy-)JtciO_q3u|iTM^`6vWF*zdZC|Xq6r2!S&113rd<`l`-
z5b122G_zKMT|czq9-Az2Bz&)6<2)>#lxHSC+VfZgNR$>@|B#j_nS*YB8a7(K*D~AQ
zf}5eV)=b%Mr}L3jZ1c*XhllOOp`m)aiB?}tj#E7zHyjfwrzW3HEp(2Y8P1$0VD2*~
z^OtE^t*5F3IaslJQB7(#e#TPKIWu$@)|l`8n4XVUQ%8I`&f%f0XlS6DBAxaQbEnFY
zLYKLRF-}NUuKSeh>6on-I+dmRy+jgxm)joRw%SotTAX0c+r1%*I@1mwEs2GD*9|bF
zcK7+pGX7Z~OMWkVp`|XIeawn|TcrS8O;`P-cqiFqcn1eRKdqrsjhJKmJs)1g0}w@)
zpB&BsxvT|Fsh)N|@L3Z-X*WFem^nbSw~stA4yjEt-Ug$v(^tx$s0$Cvl3)=|bY6S0
zp#iBSGw+vO^#k1c@V{Q?|GNIqc;I%J?-%jcL9`vMFVmZ(qHiBn<ak{u<wAA~ib_58
zsur}I1++(|IPo<f24ohArG_On@b}WU8*xO)trGk2f8OIc(i2XZ=>={$ZEbrA^;AfS
z-&Mv82@t`b_Fn@&<l<yp0|K&s+^Yo`^*vejp}15(H>}X7iPuZW6U5Frqgs2OHjcAx
zj{cCyItn=mSHAOV3_dpMx)cu$%~#B>`Z%ZF>w&#=x;O`=6PK<oZ18z|25T*@A5;UT
z5UBEOR*-VVv$Gk#QKDAwiy_FR1KV0}JlX*16V<FXgqdu=AdKe#>()2$>@3*X!JoZu
zWNZB5dQW`Uw#VU0(2M+2#aQz6NMa&v_O4Fd2cmc_>0XcRqhKavEe;3U7qu8WDdGkR
zh6wZB5C%e~tld|r>Ybn2#5K~gzUr9h({DKRp#zBQe0^il?x};8@Q%o9fGcB+$kBbh
zWp{z+%dBd4wngibki4d#wrsL_?#FgTra$;(l;-f)z;hWNx=wOwTC1%J=s?g-JQ@Fb
zd|oPq9yLsatd1mr;erF9=0ubEf}YYW{HVCGd^QlVoXTgEYE{zwQkP1_72mdy?1>kj
z7U9Drz0Sg|WMA<YTh7K|II*_ML}&;Cy2Q&Ti(s!M+)ifPrS97+c1qQL@0=l&m8ilE
zR~$%{bF%wn1vQq6!AnZ+M1r#0V;hlSRbBO;r8+hDENWi4owK<Smj4)vO{<1C5N9U^
zrNI*md7c;*K$0fpuej~zsw0rb77c3#ayoiSwg)kJV?BlMq}OrM{n<siOWJtZv~0PH
z)En+`j~DhDF#4$J#K}1G-ZzDz%?V*99p)V3Xj%?X@fd<mEp1-h^lf;#M{h6RWTSoM
zT0oSrJJ#ydn#^qZJM^eNH{(}ezG==9i=Fb94}M~NhL9L?EhDM3fH&${F64!C)uqf$
z-Icf*MS1NHOVy{J&AfNc3S;t3D5#4}u)DRmv=HQKTT8gN9ZmH5t9r^(aq4uocy#&F
zz{57+sA8+0S87ol?VL(&L7Zj88eeQ$tT=6^4?Z0yWe_UcvE9Rv2%Sc9DA~g_Aeq)i
zXClby94|O~mS>0-iou>;YU|oQZfku~u$KZUZt~;di~KZ!QzaCM%3@hCHIQ9QyZn^|
z$SaTBsm_&}E_TViw4pWY;i|q(y!(2$a=dWIwo!<+X)~R|>q%qE*C29rhfJaVynI&{
zp4j%o2Ib%ySja$kRCJV{`3F1p0?)^D_qbIUH-5$CBrp^qh*?H)3UFenBxmAi<K;(z
zU^FIBLA2GMBi4V+Y~~w-PJmZ+#gGbbt$R%QkI53glZ!-^InAOA-(1kkN}j`lfI@$8
zl}vqkWNrL%IE%C)SkJbd&yIApep}Y`U^gIy9Lt?U&cE%66<?P6^Im=Bc8t&F2ZOsS
z?7?C7uRX)>7_n)_m-xb4B)fun3bkFnN;w#+jO@7N#)xxxfx9gP!vt0Hkrk&*5cQbJ
z$8iiJ?3^`K{QajKR0(Y|bt79`e94hpNQ<mZ3_JNJ1__=|Oe76OSBcZuuQ+JTDir$?
z=%>84?`W~G2<B~g9v|g4e$Y91aK`_7t!B=6SqJ0su-e{f1*mFe@M=!_Y=jRM-4<;y
zp`b>j1R9X`BIACn?3`E5;j$om=zsP?rSFrOU=GLwsWEP*Im~?UWT(d_g<qpzqnRv&
z_ZWh(PwKA=M<bvS;yG^_Be`U9mQTi>y=LR>FAvrwaGT)gSPd+ym<2T^F_P6&p-4<a
zp)1e5Y?g?!^1{1+0B!i{wA7_Cg@$r23JXTnm4X(&+wzHOM=RJGLP762vd=Q=HVCuh
z1ZIY-k_H%B!n?x<gb5q~37xT#c6MR<#$f&WfT)21HS=(cO7)S(rghrM?X*pcN1-73
z@EW}eMayq;iR@L+g2zTnVq!RL6WV+l2^6gngzhHpJb7Ve-}*;ee~NCyPcJbsZ%hbe
z-ujno*F<O=I;#Efl8NH={k~OPK5LyWve|Rrc1Dv$Zc1AFQGdUp<KR~0+JHnuM8LO;
zh485b{iMv#VdN?lB|->p4kAoqeCL}nju#|x^5?ub>`KjEI|Ka$gZ<X9=LQOObX)b7
zjNzA_HFJ*#S&O*yg;rAvJ@8xNjS(4;<bmQYeeZPT?^9<>vjOk@7PQX5XA=4|?oxBS
z3S<nUMOrnPbm<*qkxE|5wPG|nQ|JVeP4pgCB6)CkpX1Kc$JwE<LEQ$B*T#aa9*@;J
zt=W+Rry6griWMrwYCtE@cuqnciGHE!m30+|pm=2vm`Uy_wS{XwPD?4GFdJomzqVD>
zc!_*xE;0M8LD*sL%I$6>T%nhpmaj7Wi;|+nQoG|Qor(gQZ|Q>lJUF<&yN1inS~mJ(
zud8k9L~1@A2F#W<Zq?Yhm{fC_9KT8u5IDm`wJrX#3J7IPV+DsI5a<Su;zngZJ^<jE
z{M-MT7xceU`O^bfe>PE;7RprSY5y|J_&@9$7bR|H7+zGmbZc}6>xuV67R~DI<V|VQ
z614DVZBZ-j8pGp$p;_cL;DF=8LZHca`uo6I*FDB7*9*l~5{0-aozHBM^-P!>CY6)Q
zZ(+^D&&{`d&wk4Nh5PN_aYf2FU!*r*0|+~aR^3PiaF<IUr+qDnK?boq2|nBe&mIgj
z?Y(Jtl&&`nh`d#|h4iV|%Q2Z`xHMl-{MvWx80T`~fKrV^+r;c`iO@>AP2<J~*B-HH
z_tEG7KS|YWPcQDbCrH*$`=IFyUmz|+zvx3jz1z=TJ|6mmg<s9~+uaO@qd~`lUR%eJ
z%n6)j<!}EQtg+JHZt*~Ty`XG9xwr{K!tWrZ{c#u79}yL)TD-zHy12Sg-S;0=Q|meW
z3gYzfjkyWZDd}_E^<wB>g7ioF1ndHDq!L<M<(ER7E+0I(>pYR|^*cO&3dN_0f9hK>
z&bo=APeAys`Yl-V?->3m)Tc}{yt-G47RWGYY3sx?ILSBq9lbw=R&xoyJDp8#+=STJ
z#0*g4`A1${{}B3DhW~sV{}thX73t&te?7zhxBBp3mDay%>HqUzOFROxk%Es;1ge=Y
zB-zKj&I8X~z2C)681__EgqtK4Fz$HG3>16vKj}SgdMKxSRtCWO!1BMlMd<kNX4?LD
z>;Gr^sEAuCV$MN71BJV!_lmN7ao*5|8MrT6T~wTdU-_(Pn?5M1AE-%uwQHWI!L=lA
z7C8zn4;`ywQDpDL@G`_hU>b<o`WWV@1>#R?X9m{*Qg+p!@nu)gpvc!;(8q^^q;WE@
zdmWYRl{WY`BRYw!ozH>3tru^kZa)c0S;)Ybido(<;xZ<`lQ2n(twikKMj<)26k-=c
z4B-_pua5zOWcApkcC$Yp>=5_yT0THtEq~aM4;YKn<*n7Nkg~|CWRHE77M^ZurJgS-
zA6~0wC;2d3*5ucQD2eNuYIPS{Fp}qHE-iq3k;&<h1{Y=gx?hs_c?gfs%uZH~iiAON
zSfz8erSq@yiL%58Ok?e%;bUpRN=2(lV}%9EEEaRG5c8MgHH98atjvx2R@Z>FGY%2X
zhFJV}fg{lI*_vlI$hBsS?9$}Y#DS27>LEE#CGeR2j3iFLe_KDP&ox`*js<MHu|ZgN
z-`X;-LZp0Ry*+exx=6YpkxNy_QAFM#tpwf6Mea?v@!G?A`*HZIn5;8x1o2QsKnX{}
zR8ucXKiQh!^y!$9)S_P49&@|VvRX0IW?J5If=~jzO0n5AV?*+jPo3XH5wTs&dEd=h
zder7M(xNAFM%y3?2o-<0L3;|suVVt{508DHH{qn!EO!SP!6M91)r9fPM??js&|6G2
zx*2<NioP80Sn`xkIZ~c0Y%Fi~Y`_OAGtY+!X{=)`1h14JyqTL#mTei_P!%)U+wbz`
z(7?5#O=aTTQ$1T<&3980elxo)mfbN73xSxmOm)~WavG}Uq+&7GoU3y7d{$yC)NZ|*
zCE|HjTI!dIp2OFnvkCY%nyd^0yIDW7;Vad35YbjYdSc24clwX;zt8!4kxhsMJ+Knp
zk)*aL!Miv5bg(=V#Ju`^F($@|gP3lO<8|gkq_^2aZGN#7a}Y~MBj-b0$0k^OT}O51
z&ohR7ba67sOZb&hq5al}X?W^bLt@ZIV0j^3r(;g_1NoE^g)5x}&m1rA2Hq|Y9A4V7
z-I>XThZYE!LYwF*TdD9QJLjl%JlAX`y=x<aFw*L!L~)!6h%3ZE6g(3;8Ybl}ZQhx|
zuq!td6H45mFXwp0xGOW>^$nvxKerM<>NCFjb;Hx<EEeQXA3luw#4LFq=}*gmN-%Lt
zT(i80<GAOdtRJ!BnWCqQ-%?PN57#z30O^@CY?9VOYT;epbBqQTNjeDZ;{JZvQWLgj
zF8P#>NB&rg?WjlD*Ie^tm~Q<M3OQgavr(ax-^318;j>qcoaAsVXU`7GyBgPX^joTv
zHP@;a<kfO@B(G^v(tv;|zQ=E>9yM0<CD%;@x4*;)EFrV9YN2&z)mNi6Ky8;yJ-M(h
zMG?2h`ov7#l^w;s@PyP2?>o<iF^&{aeaLZX)^Oz#RK-cOX(J4-%Hs0ip(Sl9<Fg3y
z$>5`kz;zy!d|qTBkd4WlwhBp3zf8{!A>!v=T;cE%IIO;{UtPoTP>`UzhbOSS!GoO>
zURRHkqR7sAK$tWPH$BXG(ep!$*F=DCso>e^&xJKfuDD9u45GpH=JArG7*ke_N)@*#
zvsNqiq>@e1dkqaia{B2!OWPJ_4I~{e;zNHp)kQG$aid0LT`e-ebW(v9-eJxZ`l24_
zg76(rb8bfGaVgj*X+vvXbebbuynaO{4<F+DDR{}<7yFEZm&s|NSJ&;6N#dDfr||4X
zfJ<(EskZ8HZ8#%EUb?Q?<L_6(r8Nk8lZO->0(PbFMAFM6GCP!Xc+2)f&y*ZhC-TB}
zJ*hw=BGo!{1cd$&_zC;X2<OvI({u6nZED3vSypmf$|JUhYh&5>2Y-YOB=~z#e`tin
znFOb-WEAJj_(Wigs_o{aQI~}-cpvOc)-6=W1vMiF_B7@TiD1U+R3r%()REwb_Czwp
zEJs3Qm`h&x*;Gpd!onPti`RANDr$3V$tZ*PPGnXqB!m~DBI7!Np3UiV+E0Y_nJxI#
zN71W<0cq+x3c?ibgT&o^w*n!j)@;>;%s+FaQ3=<88OhUe`EBXlv|U$IZU~|#u{Tjt
zRi8*zv)BfC)<m?r_b8I>DSXo@UpdWZv|Waux%wKgtfa(ONjBeH>}u;iCHW*Yf^p}U
z@vqd{*p}}Pb&Wz0nk^aJ%3*?!Qo_hZ+>O5j`LpD0{aGg6#3HKl+hB3ECNwCS-sOe~
zKN+R!RE`u2URZY7cz~}+qN+t_<Wex|k`wBq*rF73K(3g~OGu4*@?pzPK{pJsy+!$6
z#nQsXu5L^}bSiq39pbkX!YPu27d|gZ<PDXS@9z#jU9m8d>DzJPCohiRtcy~0B0ah5
zoDpZiBqiisu#uA+t(;*)cAga3!(&H|f=^;&P7j52Z)4%vJ(f^wN=b5da0)1<VCjJf
zL4}N*^wb;OLip%1{r6HUHMg&lc#f${yS+ZS#FF*wlr<_M_4d9Gf2}NhI;xxus+qT$
zl?t&FW`m8i>F2)!-ON^^5I5GFU94u6A0ILn3Z_g_v%So!CHjJ0eG;URDFMbH=pF42
zK#=btjLqnb#n~t;#su}_Glj-7-nJpt9i6NQjzTgizKUcuS)0+v%j&r9b|max*$_w~
z`31<f^?vS^^6EpAI=eE;?I6-N?ZSEv#gGx!;p5QI`YYC_gBsd1jx4X@+AXrHyji?a
z`oNg521?Sl@qYCoKgX=2WUb^>Cbc%wfW6eU(xz(wdajhATwS|5t<^lW<oJww{&RJZ
zay8f1{SUq`a@RDF_%6WctQQGDHhLa*$CVmPKD0&@g_t@Ojfx&wZXPA4id%_s)T2BJ
z;kIEABzlmGui&sQ7IB^&#cqpopZu2YhY97LI-OM;dos?LKfnHiF>NdIW)@enYWFKJ
z!fw_3$%(w60o2?thE$lv@wfqLgeiQ-CfZ*+Wyj;LckE=Bw84jzZ(nHXw^CEn`Ssjo
z*6BM_2jXTC#P`=owc)ntY8T9bGrb&PTH8eJy|S@on8q^9POw%%Dqv~erScQ$a;D7k
zL$cBQ*e+s5v@K^^YP`>yTi%(r^5_*`cLjOA%j8-3I#D_6V7`Qv!(uWFV=kXqp`_rE
zRp*s#1vOG5<i451+$bp#f8*+Eh_ZOH9Gux@&A~`ppn#i@LA>FiEcQc5G#Md1lBCbQ
zLBUX%B?cE6us@9(<GcpsleKo~5V6~KIC*0Pc0YFPPwmOqrRSb+n#ox@JIUen!Db+2
zR`LG%3`X2q^IY+1(mf|EBBGVl&Q0@n0qK%Lm6}LRis1>&)`*ODUYc8rJv_bpSeams
zEK@J+4F#~hlBcIUX%zXi>L-pGv1k_QmVsu=3?YcYpnry!boNp(?3rqvMe{4S?D=mW
zCTOFm72JABj$T=0p_)|u1d)><<rqpC+Y=&&b1Pnl7@(c$1!ZaA6Odmi6c@EICrXTH
zc54Zs!pCS`y=wITN!L939RT1tbogh@%l|t6b5nhogx*fkm{5)$4>F{JUYnbaL)Ltm
zi|k~sQ?%G@U;aW$SY7NZ<23+MI>7+DUF<;ouAbXpkneSoRlHMjWRNW`*Bd?rB}3m-
ze?nLUrD)MoTAUBR^@@R5V_jEukuMI7yr{cll(o)JBC+V)w{|UxVC;>{h4RvCz!P)P
zgG~+^!&$SL3Gq8oS=4{ML;W-LA7W*{p7(k!kNpE>A|K!nN6%VKewv`py7KCL{+f>G
z?lSd6`8k6RtqQ>7c{fGwp6}Q5uPl2}Y7Q6wi}m!cIh0HT9GXP)tIS^o9R#W`P-iUu
zl_jy&81ALl^)2Q&Km=>$>r=b*=1YQQyxbO1nXi9ky`OY{a#|hrg?<C~_3fU(7jxoX
zr!<{F6>rb5pue*2mF#luSkw5)p-J}d#p1nd@IBiW4+p26pO6v!l|}GZU$A^5U<BTF
zx!Rk0^Ivz9(T87N3P=^9?|6L*S=056c@QR3On2sC$kUwT<n4Up(E7tHgZEMU3v`Q4
z_!<X_R7c$E=-u62djsm;#})AeUngr^XGSs|09bjzn?<MpMYz8!momCcO!3~dKU-i~
zdQ&Njq0fw)lRPY)mhLfWnNM{4Pl)(}&dfPk%>J}Ho7}yy7PIiQAj?lrlpmRG!MBM^
zC8v9ey;qX|uCMTW{&YJz&HuN9^WQDQu_H!O-PSRdck#2c^C5Ju4A9vqvu$o_cQT^{
zpJ1+Y?Ke$4^OXDCp#3+Da*yA`2A$Q=d!KTC$$Gs{d;>%s*hP5h^ETsRv_04XSltmT
zaf{agJ@IqNA9vo$?Oy|mX@1gr`@Il#J@xtpZ1XI=%(6P)YggEM3Ban4fBRnxy=K=O
z@q2~=ChT>m)t|TDRMCigYdzSZNDr&Mlvuy_CcyYO-0{f*c^<;sD{O63l>Tz5%=p#p
zPs7%kdwZc@d@`L6+^zwyL}sy;HSas_awg{;NBtW*O$*!I(}<xC%+<#uhkFqkl>b!8
zJ?f<&4N>yH&Wp%q_{GWWPv8A5MFM`n>v4&$x)!@kwD{jN`~Fq-{lI5xUe&*tadH>G
zZVC9f9V-85N1e{hA7io1%n)<Aroep-_*m8zb6mO;By&FP9VqI+v3~-Bv3E~_mBA%o
zRIaw3+cp5emZ<u79Qfx9*Pmk#e@Ec|VUiG&k2(Fm!Vf(6$dCnH`JY6;q)6-b+Qv`J
z_u<2r-6dUL*}I0RX>ws2@Z5VA5nXCWK@0da-ac6Fov%xbO?T;2hEl}N9WIx@-vchy
z`-Ih5a<3D#P>P*jVErKg?Emp~FNmN;?5$%OTf$UhptG36<>J@9sE?GEp{u7Hi~oHE
zPX*%RJmbfUUyM`VEW;_)R#dMX^DMomzKPc`f5ikmPVwRR)gdAx{91okeg3zt#)R<)
z=lS{L`EDq)e5-H`(<=55&`>SpnU-nAMN90T2Hy($BL~TX=>k6ci)UTK_}m>%mt+ou
zmV-B103>XtR!i)QhT9U2Zvnrz8T=EtX)tpXbR^n3D=7<YB;0<u(}`F}sy`+4y2|Y~
zTN6xqrp1Zl&@4E%+edNwroEKT*Qo6v5$49nZJQ$~_T@z6GPeQshSuZ3JQdA5gS+_&
zNu6e~kyKVw>mv=q3+1-f8jJVtFUM+!Egp|=N2!SOS07zax3p0e@#TK@;e3AJ2txcI
z==Oyj;JuSJ`QbmSWwEj3Nt|OSOmPi3V(KnUDEld^?P`l+d#yC3-IAc=QVR`R0UrQ8
zuxSFC2;2893Ewo!stnw8OV;$W8q%t(*|tLxSj;{33)rpK>RV_iqXFdaQvZn$006p~
z#8V*ug_3VMT{M|*j!&S{uUO+E`K)`Ne0#++G_C=CoICIO>a4FM#WK!sW_mYrKK>(}
zSUhO^ifmuj_1+jKTzg1MZ`^rdI;%{#$m(h4mDe>u{^wxf=e>>AOYvv`)?h@@KhpCb
z=(jQ^2r8bWhcI1kk$%sse!m^av;_He(e>gId<}RcHJ<Q!Lcs6}Y{<4G0RVW)uXI*2
zCo(pY*OUdW%hB<W%_F=B_lw!{&|Wn3YcexWNvBJcC}g?t%EQDc^tByPy)nZzJ}e4x
zkBLNxRd5_ZlMiA@XN~YXWvbJ*l*G_eK2>#?5FU11_8tg$s=KdK@~&<sNp+Vx&TKMW
zDn#-UX0-w8L8#FcXU?Uf;zQPPD(QGYU0Tuz6%J{RJSa*#y*#&2Z|>w{F;rDyXlie?
z|0P!uUrue2`C?JI3=OLm>q=YY(wl5SAI;jHv|yxda;Qy|I}T*d00p5JbxtadpI2(L
zDM09!bU9I`_O7jxR5ks~8>r-rEy~YegjkudK|WcDBBi~B6Y;|3<g?i?fx4Ozm0VHJ
zQ=_?H2~!$!W3aJp?J@X!mzwG7WB8JKJCc{)=L{n~0)66KkR~hRTX4Z9S6pZ{b}6dG
zHW-^#m1_~wLBF|cqo5Zdyd4X15{}=Gwgu(ROymxgoUYXh8a9dOj~vV$w3dy1on%^t
zi{(Vd2j?n8yxeBqhDShsYRwqNl=^LR`ZEu*!p|gAF=q5@JmZGLv8Kx(Vg-o>D#^|S
z`fUOsQ*il`(415VF??qB)qrwQkL3vRwOV;hoq2gmL9$d{zK;rDr&^3K4JmZ0FmgF2
zB*%<B)7G&c+4~xum1tKDZ2T63>~popXlJUv`Zg|?IpCxN&fg-2_OHd^EjZo6i^$t0
z%1pLmJl)s+tW3H&Cs)7g{G}Mj+v6Hw|H|pBmBRASCGe1!gT6s$Fb}QXUmnHSoQzGI
z6`s229E3cF$RgzkllnvSi8SC)j9JLQ_;!hpn>atPxWoKxh`}_q>(dGo2P;Nh!J&r(
z<flg}`yLu%n}vq!JKERls+S-4cg054I$IOJt4Wq#1JUS1Y7jg{vuZR%;b;Q`=?twk
zC_Oz`Ai05Cojxa-iKWG9bxWY8w|1Tm?lOW=w<Wu!!zciGpr_(iD@H$iMhDJ>>bQEJ
z)XFv+>$@J2Z1je<IAI2T!V0b|(lRhjl%glSt7cR*dJCD~&E?H<7v85`8Hc?$#YEZB
zW1OQ9ErqM-jRU45R=$*wSe00fjsix8bU|jp2XYV~JLtYGBr+=-q8H^$%@Ds{6(b}p
zA94U^dfLS7U~ka9G!a{bvak?XjubGjG^C5pZra$-w~*=dvMsm$N->foV!H{ijWJev
z9|iHWb@lE_RL6t3q<};l$Q44hhJ>V{y4fO@6$+*^?$22Lk$M*%JBMo<jLmmRix1YX
z!fy5miB#R%LhqGhi{tK{1u%0ob6h?$+b_8WymmIOR{8FD4d|iqkEnf@K4x6-i}|Lt
zb5uXpV?=Y3c@6OAjF!LihTvl48qh}8&2W3t*s^sog{j~g&>&kH`BS>31^}Q)eDxpd
zmA^+I%&*_!wQziJr^Z5qMXNmGqR0Ldh}0`&iQlYhk!HVJ5@InE96p>0dmZv%@piY}
zH2}AD<H?es@K4rjK$cl>8)eTsY}snW%)BFRMI|E8qTXO-J#W4GF8I+wMHOW=Sdny)
zVWgEB6ORe$&U9qw8w7ikFB7#kg{eo*7|&4#<7T>&;>$P<oNU8LuK`$~v9t{}u5D6%
z;Gt^6CuLM@oVGPD#@F(YZ6rXDaZ}jp#}WAON%d*m>44CQP0b2z&|K(Jv=`D4VG;Dm
z_d+9<{;b<$S^S+36Guh&$8QxnRYkpQ40H-les093mY9EU-|8P+{*Fc`G2LIP2uO@6
zb=l2kuG28tw?d667z!mdxp7$fFz((KI2xo=;1s0Q9HL-;b%9})L`usu;Z(x-8TOq@
z%GCN{gQFt@J{NAF<~S`<!TRY1t&LOq;nbV%{E5V-aq%@^M=W>p0zbm|v*W(wf$i7r
zdfS#?r(a((_YMemRoJxP=xmI?f4!`O3Z#>4FtPiTfbSH61J=z$w%lHl#5>1G1_#H~
zbkOCt?}2yMp^By}tJ2++ogaZ5rWy&$x;%Z>h%Ou>LUw{rxS~IHV`pLcLAexq`Y>P2
z#^k^yYF(DFI=f*thObQo|9uhYXp1vPNQik?xMIAev*b?tEe~f{4diuyp!`QV%~jp^
zCqk)?Au}(^Yx-CpsnP^5iW(ad))M*9Db`9VoiWt6dl6>0(?k#H27PIc%F}UEO(E3;
zXX)v1`>GvmbkL@i^<9yJ23@TLi;vr<k3;07=X=B$n1VdhK$Mf~2!)!N>Lb0&EB{}t
zML&1gmK#?*<$srckf-+P*NmSwEmG8V)N<(78Y;47^TQ`6pSw-OmN)oz3Et2diZcKJ
zhKc)sr{Mmd-cbDvc<nIz;_n##-z0^vB^D{_aY|1<m>^(sOXOZb{_?!q^QyWARP{w#
zC(Cp!ySfP&mAi_oTetiDa%$eAeSHnsWYLWU=|G)qCdZEU*g~w;j<~7#-~PNCuZwaD
zRMq-e&0cv8h&-!>&0A5@EmAt*ES8m=@U^Jy?a%lm^BIQMS}Oafh#l6&SGy%%17f`9
z{G~nuJn<hzFy~3=vg5Er?BqC6DHv2L=JuNq^U-qMCfnU@ImHGyydP}8=nk1*0rZ#4
z1iZ6@;>jLAW`^kIo|HOIgw}b>7=SeO!m8qPJoySH9`=)Nv!yfXI@AN*V$Qq!+Rayh
zrhXkx_2*UdX@bcyvtXtv?tLvI*dg$BxDm<ObIzCiW(EfW=pVp0EVu{RGD~1;tHn3B
z4=Bk?(;xKurzf*7Y$S+_<yKl5TGOu1=o+QjRB7l<4mf+`4Fkwc%KmfD-_id!LrAyw
z#)iszTG7@gAtY~)Ij7~0q3J)&ugV17AHK<x8#4w19*H1(+xRM8o<!)#TaomJjki*9
z<g<%xKE9X9%jAQ~LZ&Qovv;G48x^I&ct>nq&fd*Q5Jf2Oycy3yVwrxVY}iD1^b*oP
zuTJGFG(4>8bit=fD>oocL3d008nDGP{z+23y4JX+W8!AVWB!jO#RyL~bJ^9SgoA<)
zmCW{x<T`G*D<5{qZA4g9Wd{+qsSpB_H0wz>$UQ}0^ly>*==0MT32RpZ%c66iDp&G!
zSx~wHW&GMAMpcMHpephZ`z+A`ON`JL4Qr#mOa3dw8l#SGHD-I>=rgnDfI+{V<>E9w
z(p0+0Gm0V6+9(+RK;EfF{aM~f=aR;Bp)(H%!7aN9a!gFXd#}W+z}d%+n5oHf?dEqa
zOv(MwW%IIHZ-a<5P@4{Nvk^P17_LnJKIs8Gk-0|Yt`?z_7v~!@>y`Gh%23<wtIM#L
zcf}Jd-KT1@;e>3df)C=1!zL%?P@97c9^5ue&vVE8zz0MR4TQ-rc$l14%%{aQxS`4Q
z0wh_m?iS5zTW<x%C81fcojzwHT99%Mb{?%}#Bs~LjoUuSUG&qED|y4*o1nJuL19W8
zhT`~#vsk(-z<B4VN^K=G+i-4YuylobxmE5|{`n4(5(hul`wf^cIgVEo!rtXvVTq32
zC}Hz%r^kmejFNu2UTQF_)Udu|TVx`0S`KRIW)U^_H_^JV;NVlSF9eU%%<?O@>Z8cw
zt<&1RVX3T<r>2jp^e^N_y{LN<7pK7^hy2=k+}<ngtV@yafE>wM;08H73$LMv*w(KM
zjy08}>OOv)9VnCxZG@hyF}mUyQhZ0D4Hl(kCzeY^kW75G4>&}F&m;)_zKkJw?F-#Y
z3j+d^A*IEJ->W~XYb1S%UqBhyQ9Lf1hxV+Rt%_+H<Q<?#A9*geILzu9K_jqH#1@Or
za|ZgPU2}9@ns6&yb_#wC)%8O1N;j?U7{+?2osA3Mh8z=xwmd?Ow6pU2`Gj=#&Z5k>
zbuvU%mGN|IWmZ%eL>Mwv``P1^y2f1nQz@vp@NGzC{{9KdeIdGT!>w)LeCTGs$|8i2
zbVCmY6~7lg0f8!bMQ>s2hC(Vkw?C97TMewbYUq{~WDAV&vkEQnlMz<e9feBpY&d-K
zB}@{`{gC*LH8;8TSK|nof4-OPHK63!;3G@DdqYI38G&R7sfMoW<N)9LZScX#f;KV3
z(kMj{nG%&Zbm}LE&#hBkqFQ#RYASLseODsNXU$=iaT<LZiS&bduHg6|Wr^%U=y^9O
zS%hvf!WGKP1A#mpds^lk@BedW&S<W&(dCg2LiB;rUdb-{1WRVtiZ4e;ChXRO{2~va
zj3S9%Zzq$ag|`RpKJo+FK<cK8gdMkCO@u^Dp{-UuaW!8-Lv=B}E#^X~RG!kRBn1C7
zto5<;s(k%j{;UOa=ugd|IJy;T>r1s?H!Ewid@a?!xgRfFrQdWi*JUUE^UCSpaIw^^
z?@i;Ww8vhZgt=(weL0mPK47>8_?Uh4NqiGbyV>{6nv&yJB1hc8)3*Ro1}9VE4=d9e
zl<OqzT$P20#?EI93Nd`bQ52AfVW0yDpWazbDC<Z}7GC1b7$?PLXx<NQ#NBw#JZI?I
z9R7jDTwoynWQSo+3YL;ooY|DdIMV6AZ;J*J^$&Ytz<I0|bJ{E5496+Ws!J~F4H83g
z>Teql{G<HOzK_hv)y&q+cIIHGn4Bblys#UjR5GM0hI>?^9VvX~Ibz0Sd5@X(>Lx6*
zK1R9boz3<esTWG951?Ey$wujz!jh%OEX;ZeN{ueR=49CYtdwmPATkQ9t9=xT;l=h0
z)53BH`{AlF)bn^^U{HKj%*|fxI6gFyv;lUuBdfkjp>9ViQn@XVokwU}SMXtxt}5KM
zLm*+LswN3KHvNf>5$6?b*h1PH?QMiNH^9-RZD^=74*yU*c031}as!*mzf996&R5tG
zNO-ML96s7nzMW<eW^+-*M3xnwI3CArzB0+L-fqV(?WnIe5#NupkXsa}<OMp?5bj#A
zX|^w}doXXf&$Tudn!sH1diVHMD&IJ&Pj0!n><TkI^?jSgx637TP#w>2jxXvR|A8sV
zWOBtOL|&IXEXxKnJJKWkEJFB!k5PX)HjNi;fRd<_qhE{v7+>nk#5cL-Y467KI}S2K
z6)e$2s$L)?0`Lri0OBCP1=228XI@fxd!pOvHmF`yNr;~A)RCO!>4L-%+KkYf($Qf|
zDS%U?v=$YH5%jRIW@Q*TmEJ^vq{FcFEA-8-Sc@6KL`SEcHB<Z+GGS>RuiJ%^*8q2k
z2YpA)5~CLr6s>!Y!~3jt;;Ij~tQnsrZK!U}sh369QW@XU)h4)|2F$Dde#$Mvte2ar
zD_`6REHHgsoV_((UTpI!r#<wi)*>q`i;jLvYF0mM`Wrvr5;U&eyc{Q1NX3u)mci|O
z<PRm+ptKmqUiHKCDbZ;dyl%1Sy-okQfR=#>6k|K&Yq#M>dZq8m`68)`o4-Y=M;PMc
z2(A+lg2ka-R!VO3*mrGvQx8gN>J!*<jSkmZS6}jiakD89dY)u&EHWWkT7sh096HHf
zT4|LL$Qdc~)#Iq=lea>c89ph1h~eHBU|kzo#L_R-(2Yo+{6tyNz>!)<`9d!dT_8yx
z%Xq0ktR%{xuZJgS*ve>AEq@S9H!V!xwrXQ~9w{0q;aN-Z){(vkxzdHS7ucw~Om?iZ
z(nDqP0_`kYxo0mGJ0nu5M$gCht!XDzLI+H#tjIHGl@Jp^Xa9*dDyghRus6;{0-3A<
z=%&+1Kp;~;XKgh@8bOerDM9c+sov0f{F9wUmvTjyb2wclt1pqMs0mHPnrfw<>XHUR
z7bGifk;ahLRSTYy?_@VLbOqVyc?K)CzsEswQ3a~E-MlDlP+3jV(o)R2106keh3o-U
zGfs9wZySyqw<V(58m|_i4@wnU+MoPnYn`X;+fl!ud~+zbNN@Aa@`P-&H5Bv_AhPQU
z)(*OQbq!d2utJ1I^YvHNoBe=89Kgxs^xnB8&SvXwOyP1XA!qSh0QTC=$4~w_z;v)h
z)~ci$hPWv!S(!^$NXN%{$ANb?1L>p!c)tg8GuzeVQtFoFl4R!_Oi14V4{*qt-lN7H
z0v#*r#HUrRJ0srCUXMRYPiLvsu$7MNLr=s*u>BnE^F@q^h$ecM^epE3jjdomb9>)(
z<%a2CEw2A%$Y1(kNA6>fvq-`n|FO=Za@Vp%*-M0iJ#le%n>r(uTa5vQ)LN01%~&mu
zNhx1g)V`u8(UQxV3Di#HPzmmmR!~q3I3EymqJX4I_jaqzMH`WUxaoup84BCP-bqV)
zo44>2D5olZA9EYY%-PziS|>5Vsma-C%vm`jouH&)`BdFY2u~_V3X`)+O?<ViHtqU~
z0VoiV)E`kD8^Qxj1jd{`n(rBKn9{IWIRejEu&e-y`S6DjTq)cOc4SHh_gcE9eCZ#9
zUCy{VKDf1#camt@n0N7st1I5Kl=BPi{9r!SY-@;1qWp9?(>PF`*T&%N$%jb7yt?KH
z^Q(ATp~<GRgbGbU;-|-GiZY(M+4v^D#AONOa8)AjPqsiLc&9#|{C!g<ukEDvcwy;s
zUdeZurx`mHb7k&k%RP0Ed42CtygRH7qRHy33g&tCJV%kVRiDP6)uDWdqD<Lqrn-mH
zFl5}}cF%eaY>G`@*flHC!Waf411ECz`H5ssq+lumjK1XR^@K^UgKHm=H(@XKhqkRL
zKh#%kF9Px6Nr!H+A%eyk6~ZF*iM(LTvY8A>y#7;ej3e16wD)3`Ivs`@8p^W`mG(1;
z*DjX``a&zWnD!Ij#-MhgS~!90t`z>>y57W0eYFpm8au2tbtWvY(tuYZtS2@eohn3X
zTktuzdK{S{TBkJ6K_vRaw)NHLma%Y)_=<{N`avVsgWXbf>P$a{%GpI&R0dd$K7a*^
z%FdVekD*?Ztm<(Y74%}P=wY2s>mxieZHgT5Dr;yD-psL}ZR&x7o-2cvjF}*ea0M_}
zj9BdAN~o{=D02`|@XT_0(qMWhLCso-++3`E41`Z%9qBJ?JI^@0jzxoWARxQ8IV)lE
zogq8jYrB;%cc&)(?aiYtvO8~U-1<4Ou~2jPsY=|NkQEm+TdF^%Y)uwE3p1Bjc*u^=
zw>ho%dVJBL&I&@fYv}J4J5;VSj%F{hE8JL;E%U9KPZa}Gs1LBqgF)F}A;2WXa}9XK
zHVg)btIqaB$d2LZbz*&6SM4&$ccO%-o0VASjGY?#So5W*GfV2rZqPYG)sT&XgdK*X
zN)n~bK`3d9)r<g-*v4TEQN4VN{tbD@kozqDIea(Er__MiZA^l1SeTv+XY#J|lKK3c
zJU<RbXM?h{E<7496au@1+N{VCmo}Y|#3~hu4>@GsvuAh4wLS>pWv+#6djXw9gEVfI
zixMO!2)>tT_1_s)O)3+}_rcBvuan_q1)p(Gi^$4M#W7rxNVbgba8`DK1-KbTdzh8X
zh-n=MV}WN$zS1Y%>i34T@6#=6n?6#?3P#Gpr7h5u{NQ%>gXNa41qGwpW0X_6bUf*Y
zSd#+D6x%i?fw)#>Bs3Y6>m=GAW+rGZ>2Jmc-LXPfA$#K(vJpnJ-;Wv7KATR0iwaRI
zC~mF}IY+guda9M|S1`rlEvQ07q1j3mGb(nfySqEwIIV0-Je`;98Zhe}cJ(Tg=Wlay
z^!}GoS<?cdKSNx8#u$2jefi6K%=jAMc*uG3Y3t$pA4h6$uDZHgC&EbXPN%cQ4%;wv
zpWB~2X2l@G)GCOlel}8$(*LReKk-yE@lZ-xn^Cim9%_n+sMWR926w=>tG*^BbboN2
z3!dW<B;1KFo<OKM0=L;|H5L~-wbff0xl|@F0QQ&vu4ev!eSe#a@<p%Qw}itddw*SZ
z%<i}lP<Ydt?fG;TWB3-ZzgYM7-&y_N{VT)my~YRr(jJWP>}Wq{-eC;B2B1n0IiG9}
zI(Kq)jvE_gHNvY--Ln0}SJ@U0$xhPQYjalQef76uLE}PO1-$H5q64zN+*B%Wf8LJQ
zaO@R?@@1BAVZ_{jrSE>9%y9_w55rC)yT7Myz4GfCfFHY^53`haGN?su4Hn)E!t7d@
z<pJEkOFj<`*F=s*TCxZVH@^hjk-y0Y_5!eH+tFi{gS-x7)P963es}C<+~o&B$6ox3
z=UdYACJ>%0(Byy%<{y{j<=e=cQH*=?eEhMVGFmV3d#G^l&%kC<-oXP}161rv&iFDk
zto_Y3fM|v9_E6nC#3WpYWD2?@S;Lg5cFvL8?JIRi6Lu-TM^3T%GqjoX@$PQyN)=6o
ztr1UNQ|3Su*Ed_=hZFl__RmDpf@;J!62#VPb0sFg_{O<$`D-dNn#K0(#=K=yZvi6%
zzrRHG@8K4)efn&D^iapXji~$KrVzt)%g>dzu*Z{+lxa)2p{VMc6;u7u?-`II^)YE3
ze2<j4)?M?g#o<NOUg_bd@9u~F@|QUa4miapIbzk!r`#SZO5Jg1sG82rZ&pIo4B$g*
zU7}AQMZT*j<80{7EE{z`Z`5o>*m1t`#+~ikUCb9ELYuzjNk3F7>-;>kCd8e3Inmi~
zvIsPix^{JCE;LGy{oJsYQ9jgEuHrfa-nrAW9#(0~YP2iUX|$V;fsQ=Sa{6ug<z6OP
zGtoc?;?wv>>P4U%%HrJCVPP&v^!ouaYFh<0skcM#Ao}EZ=3*+zY8VEFS;s^Du&E|1
z7%Ed7m>BBdNxywWf#<83ua`oi?Qbn}JoD%%6@$Jo7Pi|toPYA=D;3Gy&yFiJPrVpb
z<Qkr=#RYL>0Y$Tj_7rj(K{&g}la%BU2kPwa?vDzPsi*Fw^AL+f_jl4RKba+^?-KF5
z+Yy=#^|0$zQ2At+Z=W}|Imh!fgcVl1l72rp3^6`R3eI1b$xR*0Z3a#(^?ZX~+>2n8
zH^vP{d$UfRg2AHoF;QZL21gLp@fay&;F5BV5+1XaN$WjU4GUulM~7YW_QM&TUBq1M
zRPC%w(KEKOUmDdmjlA0;Rztg@GM_!w{0hovs>gfvj8ejQdks<9N`kK>XbDI%opV9i
zcjW0ohbn#s^>}VB)++QMDp&^GQjPsb2c2kDXBNdC?R^i~Lqn#=Xkw+CFF5qbBGqCF
zKNK#C$H<QfS$*v_msSu861(|;Qy5`d<H)c}iV7i*w-q-u%z3?H$nKTR$XqrlP*zwe
zr%ze&IJ6%*-&=f9E&K9=c~!OGvA|3Z6+fhdO8DRz8lG)~T&+f^72mgHZR9N8P3Q$d
zV1-W>#MAA?9bai97_n4Wz2aO-I`#|_olHLEAHpz9Ac#g_&z*Gw$!ZWQpWF8{_H*|&
zZmt30_Hw~jiE`NLtmf|{sA_E(TKcsVy9a8>T{~z|=PdjBPz8958{wl;S9r1E7`;hT
zXqyPh#;F9Y1I71-d+`Z$xvq{+$NN(_;2Gd=DmYmY@Vd=Pn?1z?*2$?RrxSvW{>BN~
z?%-bXAVxZqY${+4s%T~rnF%w{i~C0AZ_r-;Nw11nlVi1FFa7LkzGmTL#D*8oQG!y-
z-4J6)MWVfOB7we47{1=X<o$_ROG?*BDwF}PRAezkk53I4v-d6628`aOX?7~0%=cMa
z>$S5!q)rD-hepr0W111l6f0FkFo@c-2nK!9cKR86_q0}&xO#M4;Yp+>KW{zhu0{?-
z9PMzW^oUYxo1Lkie6)MmytDX+T!l@Su-{sSaeJSU6(4=HcKdsy4~`MJI!-)fRJP+R
zl@8s5Qh~B@AP6tb&HjECdT3?(`|vYcw+ZAABH2{AXC0y#W3VyZYdx8Fpt=yN0yB=U
z1_2ogd=(hvVhe)5K^wgxbnpygGp5WU?Txcg7HGtoGi3ziEHTsQ!fCHqffGVJULoQd
z>{+U4t$99C(I$nk(9tcJPSxXf6ibX<QbwX}U4+F7b>riJ(s~7n#TwErfpML+hAgQ<
z7`28-qD5|X1Os!F^A~$vaDnb{TDKiUv(CEW=^C5B0K-c0<f>fo?h5jI{~))rO(YRd
zkMioaj9g&*Am30cFXp0g1l==7eyBCr%KNKzCxK-90dWPJ|3JY8?u9f$i$>d}!BU5@
zC)-K;eVY=0k1*l>(Sq|r&a%=zW*VHUGv45o1Bv45!Bg@HLS8;hwiTGc=xNM^;KJM`
za-Gy-_UePNbL4x7X9pPFbOkFK4Q*JsQ(d#NYtnC;auA*@qyaPc;sFrpakTc_Nn}Bw
z1KcCPCYV{HsAPyg38s@_vbs3Ve<+ZeY|G9ToG2&L84FfVBLmt<LS5J(M#N(?6Q>p%
zhN<%LBn1#7@XW+q{8d937P)9{aXEV+BCC3mksrPsG2JVb{~_=KjKuh_Q`oam<IYNC
zTmRC{v&q}XlcPu=^<kHgi^XT#pK;H1wBlRv;1un&QadQN%Zkq~bWPkFO5D?h4jk!t
za5uQ6l&|Y)Y2qi3<1Te>;qja}BgaN!_!KGT=wI0~+U`_t%rO>+??aC`>W0cwe6_4i
zb6B_=agiUssztl8)5ST-r_ouz9SdOZ)clOfMMjzGg5>`%^4>bEt)=Z3PQ9fCiWewQ
zAi<?LMO!?<N^mb;B)AlBDeegg6fY9oB{;M|ad&6q#oeVR`#H~k_TJxX=ljlizkklU
zuCQhnYi915HFD1_zlk3x2Cb<LT5oz39#tJ`C4N`8?n?<X)E%|U)P_4pDbvc>KG*a8
z6q`_J^k~yArQ;JVl#X<@;p%|~+FiY|Ymq(JLVNv$)_xlqh7$?jv@j6|jdZx+IhS^u
z>%qV(l=8A6iV4c|#6|Q-^Aln?>qc2dW)vlUsw4Q5E-o-vvDf9H7zyutpnaS_0&MF^
zz3dskLy$|ZPkeu?_>hFT&WpH=(7`1_D3~as?Jcrw*fgN}vzi~BWSGhha;I#jM@Gv=
zBIa;sw_$#vcLF3+7B@e<eK9$qt+eh#ME5n<bPVi{?Ai4*bZvvI(rMy95{Z{tQ;K^e
z_J}F2hVlE>vS2Ct3lGT&U!R&NJLxQ$o{!BsVP?Z1Ye@34$YL@_gaIMHwmoZttC(??
zud35UqIEsLbZ-V8`U)1irdO(y>#}0R)kdw7#jr(A`1Z3+5__loUI>_Xw{KVF__p6B
z?GM^z$6XH$SXr(WWAX+&<H?0)C!LtiIDHsHVq_YkWh%}Xydqg~Lp(^7yzLT|t>}Ma
z-RNH%JFhrNA9Is`S+!x11;_cmni|`4+_+u;qk9vVoKlGxEo7HD+^lO;Hc>-H&&5gy
zgafN4!fY+711!BUh9=ZI3_7jpLYo|Zl;!&Vxnb`nVV-gde7Tu|s6w;uAZL44|L`8g
zfC!sow#lxOwHj;HS0a<bm$q^xmT@Jv&wZbxjmO+HRTzX1h4OGkz%#vl_qIzvR4Y3j
zxQ5K<DVm(JrC+mXUc4dw(}D+I*c-jbJk%Xuh9-B156#q^f;n2U_r%zjXYsH4m*0p&
zt!Zk^$kw4vLl6FvgYd2XddH}YmZI!U{(|u?@8njZQHIjXSQQ@>>-CGj@E=4a_|G$b
z?rr8?v{|o+^({Wyh|#+4W@>_<ZleE^_oImikt#<YTt==<_zqGn9Pa*~Wp)0;Y5?}T
z#G>$OQwz)+RkwENzPP%s%34@N%$f}4*yTO#K6uf%NCjDHXjK#&&e_w0L13+C;m802
zxZ|7#tHzV=S_w;nEl4xn?(Vkeb))LdFzH(}oVREwM?x9Wgw=A;C2M@xdZS7ADXj1X
z;9iK}-<d{Pp70?K5`BWD;utd%Yc7&em%#|&R;N4!DF<TeWCGLTvCFH#K@U|9x#?a#
z`?Tf{8KL4^q!Xib-(bIzo$HitnxE)tD)=#XAIUOSDea6*u3G)kHH$aqIt-JFfwA9u
z#a~(oEE@_{v(?=zX4wmy6HSk|I}LB2|0`2?JNtjJ<?o98^NW)gBQJ$ReW8q2pfMtA
ze5T>9(2EgXsD4tPO-_*{KT?T7LVqJuPSr|6L&mF0nVWmr9>*r?ZCR3W>^L-!0B2+|
zfx=x3C%X-lpN`CmVCGjV6Yae(<yAE)B89ww%*CePka-rfnka`2RqU73mO0$VjG@wW
zY1oG<(9*kboF*-?4r3o+>TZE^RC#y?Bnuiy%4?jO%v!Kb4XZFv-i1x3S$kC4k`7xl
zLNuouflmPsyk2SJjXY1JOD}EB<0>m+EE7hL32m)vY-ro0fqf&GB?ipXRUa)|l*X=f
zJE};PZY%av$H-h?Fp=Q-Xqtp{*a9^Z?Z+t#;Sh<DjgUvsbf@=28FU)gwA&@+1wXB9
z8PxkrLx#oWnN{BvXF@#~BjU*UY-FU0bL$sfHC7hvFv~JJCwtGqS&J2+e!m6T(H$cM
zX1EpBdY4@0tkzl`srQtf<7nvE!>p^-(a+4ggnV~THdx!xd{4%(O7HnC^@7bvg^+^y
z8bve0G0c=Hs3kXL#8sUn#wA0cDm*bE0K_1Zg_su&ucDuU8Cj(m>I4%yRyiPf9D?LK
zC$vF73z}Ub3+t4H&^2w7$C+oA5(?G$-!+z{>FlI<2eZ;&CV<UnJxE7*^QMeLSy^F<
zg|Ss`8#W2Vmi#egPeR1-{gN>l3Yh=2bOcUU2;s93=rIv{;o6g!dvjr#){{>2U#*)(
zNA#YDSBY*yFeDX7eauhIX;{NOZS|H}9U;+F-Oxdu1=MJj?|m;hexkH-jqZ=9?iOm5
zLp@&{z<7MXUTYXDFKgx-IJ1a!nL?0{Wd3;{xg~r+zb&g2r4xGpEBKQkFr>Y}w6QC8
z*|~Z%P>vzEGn2f~TraAHP9gnJrc|2*W2>gYAl*8(G9GhE%7acjq6h&?uG%?=0ds<f
zis)4>dMRD0o1PAyOvlA2_p;Jba5Ek6lRV0|bY+1UGmoaN^ms)d%r1F4=Nt19Dek4R
zccth0J2+ytDL9LS8sb)m2b8jdEW76M?B+MxY8tfqh>=h?bcL33Ly(HToiI(RKEa4c
zcQJcQ7%kWZV)Mm;0pVmuktjwt(@}K+HbW>?jy#+cMKH(}cj2(gbj2$0Piji25XtEv
zVZaeI+W>?c#IDzK$}>|eUy^N=k`2FY6PSveS!uk^tTICep8T9qKnvQXf$8YLXtPpV
zY0N7BvqthrqX;EyD!*mNa@2Shb0<e*)w1(@n;B>_6luj<5z+5sE|W3S)3d#y@pS=o
z&-^@&KXvjwQy-d<G`;d>UW0aG^{c3Qy6aSk39h5MLRgKJ5jT~CQWkGK5WM6fuWhRc
zcj5u=mJ$F%K;24}cQ`t@iH8l<g^nyX`rMVRDNFN>dDe9ZbGlxcmA9F$5o%y@ZKqDb
zj)V!<;;mLw3h!MQRJueuvZ*@ps=KC;rwSKpQzP#U2~R~wWK3l&>4EX^CC&9nDs4iW
zXK)+E+&z@enxY-oN)>TO$CR11^GLJ%0Yikajf}31E|m_hvSgj@yyoQ8^PlzG`0}9F
zf)!KbmQOIU&Hf10n)s9-yQw_S1K>9If`Vo?h*?On2(ebvTBhh!t(XrE#MX<V9nlJ}
zI%=HeQ^gE)_VhjUPhPYy=-=$E8Co9G%hR<%{SbTbfn6AMW_X*w?|%Nu1FRN+i>Z=y
zaHcezk+&taeJfkqQQxz$TcINcT+V@d=)w#}w-QEYKn7yCHC7tiD}K|cjr(oG2iuXu
zu{e0<`dKkqN#=&0&Y33%aQAyiK~k|~!L|q;hu;2(Da|q~Xk-}XXf+$%ATarL<Eb6Q
zlctlfUVKyb7vQ1ci|B_p|FV61kk{Dn+ajo}{tMt7VMlcq;%x%}2yhSleNp*$W4Cj6
zj4z>aD`KiQq9QuYe~W#?$N$5sEwxzEg;^dN3NH-rxv95U$4@CuK&{F&3ib~@i@GP;
zv(`u(dR61XefzfeCV8%bsr6F$^^4>1kz#JX{WhQI56nBJB9bKMjvJ<T?_Q4aK<hik
z+sQB9{Q2&l>P&mEaTABW!pD!P9&J{d@f2rE;&P%Ue5^eYUJj|5)Ht4B_Md33bmvAt
zCEC^Mg&fiwKDStZP+*RBhZjfk9DV+->_q)vQDM@`Wf;eiW&IZcq{!hXOHxniFQdAX
zYWy==WshtN(7YMIEw2-ht;s<1<zupE6@wL~LVQevh+NX-lb={Y&*K>Wd#XXc<oZfi
zUw(+|+OQk_UoTI5T7M{N`>9fWl$}GHtsdl>^@=9^D(`opVQ^HSd#Zp;z{p57YJv%)
z(;fd(_8`B*fMfW8>h)42mMeF$(it;HGt1WG^jGv;nG5yb`fz`L=an)GwySsR8UF(G
z_Wc43*Z3x87{oM-5wh{^eGypOj@>cq-&-GX88>vW6Io1h_(2g{NxhmOhJ}wFe*XG_
zJ6Kx#`DoqxyT9~%7}rc_3q?x&09nVm&|s?HqF2z3>>@=8F_)l~U>A4GA|3h>EAKI{
zT80k#QC>xIW+l%+^^K$<;<dsVo@XDwPiLh&{@Q-Tm&0D%>&RE4Je#u<-G~97AFaOt
zyxqS5x{q5ZJFO4i-{U4c(?||kRr4W&9MCi@i_@G$9|k=+Bhmd_X+V$fZnS(PTDlt7
zxxGF<dhp;O^NQ97mRgp=#Pji9uZR)=?vu&af1&yx!G{cAd>i>5A5`{VJ~MWGkzjOl
zHp1C8F1}?HcE!1{dBllDMr}N}m{9r#&?5Q>07zHzY;oHiC0rXzzu>r5xO|d$&CsL;
zm&2F1M*2$S{sP1rPTz^MAHVSTmfnx1KrRZV>%jb%NPxpUeWMk`3}-65BUZ0~dLqe-
zDyeb?q^lN9T$o$KBMBqD()^Va@gE|YMOmb-jI$u>eEbl`H2$(zmSA8e_4*BQaBzrE
zw=vy}8&A|*87m@!pPN&*rK94H9)|m8vF1UB&=@I$+YuasGL{oPvFZC?CIA*)W7U1J
z`3ciD*3TP#coTbkFh72pF333Q$;_z&7e8po@nJP%F&!t{95TWxvXE(bifsy^UJ$u`
z23yA0h%XzzEm}UP^85UAdKT1iM$`>|GVo+wXPmrWy;l(r6uQ`YZt|>G@eM?U`6lgA
z^)+*xQU1rU;BKewgUGegjYqhB=F(K2g_E^$t7#6=>BvQ>KiU=^7nm*&gHu#-1A+BY
z`~W;h+wFDo-ny9)(O_e!9cAaT@iE>^WtFUPwIU0IpFPY%QN*m&aht}>STJ+7Kr1m^
zt;2SqZMIahBvHql{VqZxg<g3S7wErbHE&BeT@pBP*J-8RqT4;nNZ$}f&~>TBwJPmq
z%Mav@qcmuf(M3y{dXf`dAJ7(t_#3$#motAgCN9n2dNRsQ&$mq*f8RT6@sSAY);>I9
z;30D-D+6(YhQcuYla{FrjhAE03ZZ7Hg!wVI(!(?6y?cwO@2vHgSC9lObQJ_a3Y5NV
zZq6xualpHy|HKVyZs|~Azn3OuZVsWNXYa9nE!(W@NuSETTE@>A-lBY0#I@A_*i3S=
zIwG_79@9ux4Os~vd3<(BPtVB%2QRY|i15U=NdyDI7=nbL94sYTWn#i!OTVD}Y0Han
zrNic%q?pc*q!9L3bW}wgCry`6)xLkB{Wxk=+nd-SMS>hFoGi;irjYPflKDq;d-rq<
z6(Y4JY>^`-1GbC$vRP${mxU~9a>q<z27!q%CRo-IMG_s@#!3vt)C*BLSe6#LrP{`_
zT0Jj$F<y|`qAb9_N+L?dA$*VT!?g%S$9o>ANlRp)4mf_t9Q=lWAa#!X>+Kj=U0EXb
zXZfcg67gJ&H;Q#%Q%o%^+P!^S_Tuygex9uPX@1!E#P<c@PBNv|-^S!UtNwj>{5d}5
z&GmvA&S)wY$l-um;QF$;i<~X{G}m`2=v%h3ojd@*g?|0FgaAJaUmGg^Uw}mAUw|hF
zM&n1x*Co!=H!$%lZn?(J`M$VZ)$1BUwb5-uLRY};)+B6d7WQ|Sv>|5*-^Nng(6B#u
zIr!zA`*%gPy>Lwe=7&K;jUa*e^)}(;+LrNTi%^kQFI5H#5c-sxM%LT(YxS-tH%*)@
zCC7GbIrR|~8{4AtcqMR3PMr*1nL}=K7E$X!Q^e0JJTmnb%#E1tt`Dw4y*x>YVgln5
zAGfNjVpdOz|5TR)7M+7=I&SoXTyR*JcQA%_eM&I+hxw?c?yIU3f$j1M$0>EB229%J
z*r#urctyr2=alcn!Y%PtWOrukqG=!^i1@<7?0K9br*lN=h_<|9dAS!34~QbJ1|C7J
zjxv8$l(eB=xl$24@J{8MLxM&IH!`i0uXNspRr~9V7#V31;UatZXcK`w!tOF$mZ&2+
z{N_!#+GO3s)9{+;1a}4MWuIGxj4eH3<sFi>GNMu4w%>D|U3TfFgNo4|9V+q*;1{(}
z?u)EW2vkq^fR3Y?BqJP6Zo$N!NE*SashBE#L}C(>O_r2V=NiGf`31dIDKG38;)<JR
zBdq(pG~E3{<5|$ydu?u=n6gwA-lcvJdpx@}e`A5)8|pb4ySzeGAAM>bmQ@#_Z1cxC
zn`H!ASI6IX<qs4&X(LgAbMiTR3JBfIM4mVB9F%=u8&@5lqJFHXHoJyG6}3?lK^307
z91kyTZ^zkC3^Y9Wl#Y*jHlyf1D0Ead2(OqtH}HqkMhtEiE&mj~NM<gMLm8NWRt8nb
zkUr6aOyA-mJR1cTe66i%)H|I!irzcgPJf)gxtSEW7T>3+g5?hV(yOyK;_tED)9zK^
zE9Vy;Q+T<Lk#n#DGgsy(41A_jA-6H>21l>H8re!^Z!fj^<eyhIm&Zyluq=b7RFYEd
zFDF;doK{_{A}7i;YesEX(X(2$VQLp2kH!wrD+bYu;L9S0^ekJ?iBSabxO!7Q*^lom
z^p0OG@QO-+zs`ltjd_saQtnZ}Tbhfg`eEI%SN_QSq0qyO?DWg3Be4em=zJws1?OLY
zai>j|yH*C))((n6s@+}lZW$Q0Q|+L)y=ijchfGY}>tk<6zr~%!X36zRf3pO}5k$1n
zpf<#$QExS8r}J<q+fXnu5)WF@aZ>><MPMy-{VB5Aj~@DVjh>rM$CXEzPUhZc`K+kO
z?&hB<dBGXFPxXq-RHjsRdvOy!K)w3o$->*3*+IOFQz)EtVz)2hZ>Jn`eo7=p%GU74
z(9J~4NO^&}=ZN}Az-@zm)1^+Qm+S>8>g$zeB%{ZdB->*qC<D`p6pn5(Eg=q+@p2GQ
z;NGMyv3UZN(#}lIG{l<)=?Tv_S1%=d|M6YCVy*o}D2qbY$Vz8PS0RWclK76p31yYL
zs0li$@l#falC9+=M3c~!7opJivkPd6ZjsOKrD?MeAUIqKd!Ms|&PFt+t_BG#XupKG
zl{>znXoy@DM)|+vS9!5-EO?bOsHfMVJ6?vFau{_Eb18mcnrkIS4|UJ!cjDoCw#eL^
z5S})faW#FssV`-sL*S<*nk;<0xy7`hFWXe2&z~{3im;B35I|Ye#-{TgNg|YK%bh3b
zmJ9>FH4+QP%mNWAz!6#Y7N?mpJR{GrndVN;xcdm)jJGT4=sG-9dlJkvvS@>xp%)l{
z&{tu@X!6-6Z>bJnJ-MLTOSrRfZGuImpDegm&ZcKP^P<+LCEwrPsuDe=suWZrmpCMR
zzfYmFW}F6lxh#jvofTb9uLHFNQ-HD7UDDH~w)Cnb5|(JZ9~p|{;>z1-p`*+Mm5Z9v
zf-lDbo<yb^oy9K8grlTjjBT0470TI4M}YH8&1^Sp_z$}-;;(<2dv*GZIxoxp0xU;0
z%d~v!-{3wr{6WF4aA{$Qzk(Ze#<p*UGp;H&IVE{6X>#*eL|f9|qzN8yOmm6COT};C
zNJW4?_>M*0JZ*gQg5c_3yEJ??@04GFK>L*Zn{|pg;eEo32>`&>?CalGga@jG>74?q
z6!J=mkNJ~<Y^ZN#bUYBumS}hl4bt_a(#6NWzyEveKi#?g+t>f`B+q_#i8XgV=2`Y8
zETDiTN%*X5!)>{Z`C|Iry?^75`OhPbp6i}Gx@>**ALRJo_!#dGhi9s#bhk06_+2d2
zZ;|j`rMI>hIj`6OYYBk*xxmx^?*#a*)qV_hE=q}S)>~pva;}M?K5Z<HcCnc9PZ)BH
zjaXD`v~)j8S?))HegVijPcK=pJ7ASUD?aQ#B|c@<T<G-Hhr9dQHOegQJ>$>B4{aTP
z0hCs%Y$H54AD+qoX7~BKxUgC##)-pw*Fq_MtcnzCxR-0igVl%6^kBC+?cZ+A5`wj#
zul=2?z*gs0s=S-g8&OieVtc_92>mK5yA4Ga-gKnb2EbAOsoFY>q8NmRqY^w+rH(d~
z!bc&ty;kp=_Pw&2m_I_(X=D!gv3?@6iuqR^SF%f|QI6~#hiK8(3+C;KaS>SUJUz!q
zp%~V(!PNI+mGg-v%O~XbO@i>m=t%;x?<pHLzW_Z^t-h-w>n#R%)qcB{4Qpm(6ZYo7
z-SV1FEnP47*8F@$8>kwZW+;taPsWAT<{I*43MT+~9<aZEiCcGv@lV^*d^Bo)0Zg7K
zwGt_a&r<}P>#SXebNL2biTVUw4+7)n40Rt(03P4A#~##%`P2FM-h6JVQH*cq_$DFq
zt)GTvQ9n`Q2i=$N9Cs*w0p3RCG;#v~LY6syFYzxiMc#iQXZR)lMWyk|JLea`01MwE
z&Xcz%d|`LfzYG94Wmx|u>762op`M!x$ujRjbUN%uMg)__O!#n(t&|UYw=Xl^_slNG
z+ASR#Wu^=8WBQ*anOC6HbH*-T<^wV<Hfnkr13@pg=h=*DoQ1l(Y3ydtr9HH)Yzr-Q
zSaq3X92@kVbmy~_D5l*VOEs*LVr|$qo+5i3ybl>aRPig~tk9e(#cg=P393bz28Cjy
z<6=?OU^*Q{3LzA;YO0HsVA&c+D19}}t=paKnU(!5@%aS@{_5Vj=*_&Bu2!46KC*d}
zfMl@VkIp@S#((k`Al@B+SxnMnA@#mvphAW$k&wz;6^Ig<YwVggi%4?P>HF`?UJU_V
zd>{yJuAzjd#&LfG<yXM-Ev$s&uh;FrGN{SHVs=!gPP0PpS<iKCrutMvAqt&$UCQJl
zWEWRW^{&i0%bY4Le594P;J{-~&EL7#QbufUIDc}jy6J!Vb5q^f>b`n|uVHvcYr*ZP
z)44e0F5uQWeatPu7+H1}H9H<|#o41&<m(WS{c>T@b0hOc{<COPQwSXvOX<q26i%-E
zO${ynfRELR!M_}s>3%~WdyFqE8lF$<?ou25gV+>|i9R$l*q8#9R1}&k`#vcL)wGuF
z$swf>bR&xw;fLpAj3#7sUuJ|aDWAD2Dt9Kw9$Km57YP#@9a%=)n}b(?Drlw3Cx*+S
zg1d*lagy@0i~Q7Y^s$Y&@Q_a>*Kmun8wal`h@Gra{c!GPiGiD**v%OenNQO?&BiXH
zD{oZ|WKB7bU`_O7z}#Sp@cyXao*r545fMZ~9lwJ}@;XcD_w3%_%;jPO!R;6pGnq`v
z2y_KRl0&HSW!w6m+?iZ()$#lGQvcaxuY@&&=q?a9Ms3***_{Idc8mlOnr1Rp%^+oD
zWJ{wH1b<o>yltvVZqS(YX*LUu*k!ubPl0tf=9btvnmd1fRo&><Mo%bjtzLIHZT3SM
z2zJNkM2o?>PF1!byf(UwsSmde<UK~ni=}!OJ)-rKSxFsP%4%Xai!AK~p_=m#bYP0K
zmJEdHke(?HkgcEgv%1o7JTYMy!;OKYgQq0}>syc6gh{?C@=9hf4A>3Jwgu(%%EUmU
zU?ZNSLk{F7mhHXacKOPh0{lV7+^yf=L$0p%X3@0hi5-$JrXGF>?;gKA(WM8s)j}f0
ztmKi~vi3v!`5_~Tb|RB(BZVEO^gMKLYnNorfv)K?HqpaO^03S%1cE)dsl*jfUaUQa
zI(a``qg9!&KI-=K3;-a;dH1In7kzIWJ#YNPhh%;i&-x_y8c+P3eh-e><GBd?FBkfy
z{}T)SgT6j<zy))!_L%c1^OgxgG^&?<ki|;b@!i#XS(K0Jma>KImC&{J7(!b#d;xJz
zz1@{Ed2;@C@G9@7pDE)9%1ieAo%JhKHl3rF{phPWclzeTx*mqL#?jr}5fR_B>K&#t
zAfxvcCtXcS*EYR4IXV0yj<7qoTnMSFD&88ir*Em3WafjN`DJ%cXo5e?*p`aaZa%4$
zu4Ie67w5MLS)J~<u?lN5Jm!3wAyb#Nb^L5A5ykj9*7WH6iBrbp3wl8YPsNl`myH!?
zsLmvJI=gNm$~Qr|wV0;f)D&ujfI>B8)|E0@rIqm3KLQATAM}5@@;tvZj-bz#k-q>@
z%A_U#kLX`s{A=*99Ey=OPBz{RcWv@HSEvtW;?`d$?SG`fW52w6z4$zc^xDs7AMf>F
z^ZEC}VzvfQfcLFK$AjqqKSCFOqv5=U%rbCg<;8;m8Uaq``~U4B`Yo=b|4G2DLE%ki
z8b8Ahllp%dnO3&@kQV22er5=olXeB%X$f2e2yiml8oUMEaXi41iB%^2Z$@ALt@eM7
z+^!wLmDorIk=*$O&|D26eCzxD{O#u(H{_K8hj)_GwZu;$2+M<;{9Z!f*Xtk@lQ`!;
z{)4jLs=tdh1ncdJ*AU`s#<yJu+s<G%J$OYQ_$PsS8u9NQZ6M>md(FSyUVR4;w(S3%
zg4>|n$#u(B-b8bjaZ58HQ;*ubBSFQan&RS5S-lpWkLF#N4S<>bsqa#rqQFeDy7bR#
zI%R|=*>CAoniP)=<*(`w8w(5oJ1yf&nQK1`rKMTX3B0YE;T1#L)dqK#bJI_E@W<5-
zW>wD?<XMM@Px&;+Nv%-^(Ei**meGUdyfGug_f1Vb1v3x0xl|TbXVcc4Em=O03%p<d
zIi&be$`M!dJ6EE`dl)Q}D(q=unVuGE$gFNu1D%-yESc&VkeNE=o)0p{YL9h~)vQUA
z3??)*)lAJmntJ)m4D>6c&<h^>X<KkcnyNp7hriPcyF9|l$sc~e!SwaI{xlWAl{e&@
z{u=-B6Q{m&<zp`tLU>RrrMA=2bDC*M3K^uB0Xx0mh=^HY56gtgVa>LC!ov?8_4S6Y
zWO^?=yQ@?<D4F5x1Yg0(FA+@PLscW)R`Sf;^rADo2ke)3ery^{MqWSpKoN(r-e3UG
zxl!bQQkndgmF!`iXh}l!uAG$qKphm2AHZstE)gQ#B&Huiud;>Uc{c2lsA#=2*S@lx
z8N#)abvG!Kej~UQMNYuIoc^X{Ix#0KK%Rc)WZGVhrCZHV6(>SAk25FXBOv|v(|w<G
zC0ZWEB$gI=O}m%hpvfW_47j-hZzo&v?i0_llq#`nXQO#fxZf+OWn$rxD!DIP4<^VJ
zI8ZSRXnyJ85{q8O6;2lK{RV1>g7QRVzB-)Kk>OtIWwQyhC3;SBnrQv%K%>VjA+;a0
z69&DtBQC`kl~Ll1QS*mQxYhWow2Dji;BLI@qUZhB!vElol|RqWMM6Vc7OC=zZ)#ti
z7F(@Ge*~;C{Nc{1Mm0DwQ-I-kB&*MvH}MLYdvX3?qIJy5Mn7`l9L&i-6<%*Dad;~r
zlILkopLXtSmGvZWu8=Z>k*#BvHTDdjXVwgzU!!y<;bk{`bH95khb27Y24@kX*a>63
z5!^;+ogUP$e+axO>wc@>lA*O!&QPjL^P*dLBb1bN(Ad&;QG#4o4mnv;0b+K_WDohl
zET=*d6^x3_|2~B@!hfV9qd1xSUIhk5dkfTtP8LoZfi)GehNAZlc&m3_wh6PGsB$NL
z*tHooUtkKZ<)dWhYu0s*?ScOSXovcYzv{95Z8e^hIj5XFuYGT7D==BED6GDnDvWkV
zpmR)7?=eFnkHiOJJ;=mxH>}hm?t^r`oq0`We5LBk8h2n7**!l&&UQy`HI<=ZOK7wi
z(}`r@V*TAS*_vItj_N!I=Ow;m(5ctfS~^eF?6`S_p+SVH7q3C0w-v{0YV%&F=ljo2
z(2GuGHVNEcje7N8UWc+wCsWBg90^L<2M@%?`jeG|1(T7cMW$w^@}6w*DOFip8|sDD
zBuBV2R0!j5YSWBVh)wgDrAV6?8+3((J#UOye8Y%gS1jgDt_%(|pQ>2KNkb*9F?juQ
z-KybeqfSLVW+Zj|np8oa;(Q}Im?xuCO*T@*&vK+-(m5CjD>m6vlgdnK?>8ejYkPe-
zT+V%EPMu@nT;mm7sA|@>$TCbQwA7>g=3x@!2xeqw0}>uQt?MOBa3(pB-cJ*A1(s1k
zAmS8<d&3jl<dKzn2}J!9R@}9+juZkL+TKrcu?|XDMY$de{l53Yt>eVf!x6jBZ!2G$
zaf?4LD|+*FZ-OH9rJe9jHaZhi*!ir-NAkNFOCE+n0HHB97G(ie_voEC-w^noBWk|o
zbxir&2>V-dL+0mnS1UWR)nzwCorba3Yjf%b<*s5L5qnnn+I2LdGG}~`)$Vl3K5TmB
z3E!b<c4s}9ufOcdAG2-mS82q3vngP*mNS1p&FZ7O+ydDer=w`gnKH;n_cYc0-zg6N
zkJ5Y}Ef;tD9PY9d|Fe(>1+!5p8D10tdAC;R{SA{EI!^HyL{R5;bKWcJ|19L|pH&vg
zv=2LstD#=FVnj5tU-sAMHT<(q)c>TOH0J>_lEBCDlzv9s|3Gu4$^8_i`OiW=|C4%&
zQNRJbnX}Je*)wP_1#(rjD|V3gM<IVSmd;mdsG#(D_e_-i|C=W25TnX2=L-8==J6wL
z2*zAQ{I%me-f8XB|2Kd&xgneJ!76=QX<1(~q5&~b1OM{vHzv~!g9mtpl=J#GF97#n
z*8jO?ezp(_?B&+WLp$L0iw;!@L)*_O8g`oZ&+jV(O}z~Cey}m%3B-)ouy1b}9u;+q
zxQYcTrEe}``?gni(!{EJkBHId$o4xYtjZt9uCPOw@OSu(>zzRbEv??l*yYVftlp>i
zF6@T1WJYB5lIXRR=#Ba4jTwg)K6Y!B1f<0hkJ#Wh4^6)-qVId=0lDX+W~W)ljb^nX
z)2>NzY%8_r2I!Ua$7()yo)@ppG$#9UzRX;#<Cv}XBf{DYBss}FTZr%XYam(Q4Clmz
z4Ga$@%nSzkuP8z6U9BxYEY#GqrTLl7k+M;8=J7Ov$PVEvoSqd;8;%aE)dw`e7r-`m
zn9$@t?R(J(#ua+f6WknyIS`54V@ZvBosYNVe*ru@iapyG56JE;WKUiln7h913=@j1
zqOyIy>E)?0UC4^w^Y!0v)5Q&U%`M%EbK3Iup8z~y6L|S&1K*~J-jKGXMTn}SN<ueU
zay-V^)8}TZY8%&>QH=i8q=CIvgt|FnF$S&r<h#Mi`suk@g^5XRF_LCNw<epkX57|<
zZ*yEFA#5s4yW}v7I-N|A5X(i)M_)QdpFBCd*boF8-w9HW9-GcDgeQ0~P=kcPlZ*?@
zjl6K`RxcT>>5DO64u!IVTVi*Q<)m$AzE1El&pT11)({BT5|zseYJqevs(^JAs|dP{
zd2_0fvMJ5bPSpB$&3e;aPrgE(F-Q0OSNyXlZC&G~5=!Z|t(~*7t%(gXf;~0m4D1RZ
z+52T`7;=H&h$7U9uBxH~a43CA$BT%5i<^sqL}Zq$liom8I8c4Wq);OZBeYF7C%--u
zMDsC@{AXalG*d)HVJ7?d2LuE}+NMiY!p1dXKZ2yDR-Co0Q=FenV=U#LyN>98!07cG
z;P$tiyPW*r&?_1Wea7Fj2#4<uqTloIh=HiD8qX2{ou&nap&iwzu<u>N;QUEZk0b73
zO1}&wvk=MX(rEtIe`gTmX8bYtyqy2PX!1#3<W)97=Hz)FiDa@{ExjQpfTvss3cTiW
zHw-w}<yaUaqf&u9%07h-71ubG9o~s9(dI7>Y-t;+tgOnI(x{C;=^LWyqNLf=UhE<%
z%JMF+2s#LCzasrm7RX6;70!v3ip}Jh(Vn7*52T9!g`;&_{7>iRji~bZy*{E*-&uOy
zb{{%JT>t>Lr{bSuMhJ~X)8Hv*5SxC&{aH6sFdgz1v1)Ga?SHGz(n8?5q?~F|Ar{$x
z1kH3pN4L$xwbrXU#y96Y(Z)(ESF{?!jqqeqMm;(ZSP@_G-Zd*8ReXnvt=^`(Jrku6
zvj9CuJD%+4x5*taR$MA~s0Wu62lpKs<%}F;Y3@~}1$po{TtA<G3b@@f{t*D+*E*4e
zg-w+^$uld+nciGzq*ACE@TSIGolvI__sZq;=by#%wwD@VaUhuWhOv{MZ&LD=4@b+s
z-Et{P)6z)(-4C={6+I-fh=2CYmZ|Tm?1ZUTIQD!=oDpjw<u4t}S7_Bctkz*;jn+vg
z9S^DFtx&FRPtqYj7iY?n=OSgx^y#*BJx}70b@KBZ79!+=or?OD4HN^dZ`87Oz5s4<
zsr_r7dAUQUl&Z>)YnERb1C({hIn=Sl<KPJeBlIE9=_Mi<Og)*xqhR6T0jyEh44US-
zm{&qn8K2OjPBi_!IhmQ=rIu)NuIFRP7t{faJR$cXybT1xXG*|Zf&*KS!$-r5Upq2r
zL(uM?0-rcQW&@p=INF$52D9GmMA15V@2L1^sW=otwdo|?8sVi;BU6(y?fRXx-`frt
zcAo397gh+iMuwE}(|{WX6QD})?C=3}!js6JVZ9*(x7T%@_aZ3GFA~hU9*^p@YZH)O
zDKQ5sJ_eD)zYf>HdahnSdjGFl{w?s|sDC)vsq-#l^tl%`n&}bj?xx>3Nz`<^ePf8d
z)VKTOi%8R%`X=XR*53fnhL!$C(qAL^+UsOfi&1+x*Tz9H4+@ULwjE^8?)j8T>^?f3
zf0Odt=^|+3YValCRy6<KAL%lMvwZ#9ebHFpawZkyqn-Gh$5c1SrmHmRa0ABkf<edr
zC5x@I7l7NJ!v9F}Z|+AAoD44`*Y+{L0M#5^N^X4E`;ITA-KF0WxeiUY%sImMfpW&`
zHvmqX6gKgHg$diLtLoEY{tKXp1^<Rf{U!2Y=`+pPUh28gbw~e7)cWx?*oz$NZFyYU
z`ug9{^v?&ktuvd<Sg%z2cYzZA<6xgI&9jWuIk~Yjlj{d$8$9gMO}Q$^aEFh8gOI6@
z|4t^X3Rr>t$vV?dnzi3|@V@|+OyXD(PzhGe5;S~-{BZdTp!)l+->16^NfXoMBTmLK
zHRD=zd++{ajWVlj%2RIy;!Jkx^!cT~7em9|2gY7zPQUZUuYfxh6u%dDzi=iYA}Lmk
zdTWl--9EY0TwJDnF>-1kpg78wa8l_7hG*t<S(hN<Ygm|0i=y@IhOrsV7oA*rb!<?2
zCk_YCYVEs%N`i`6#$QzSOWV8<RxoQio|PY%OV_Z6caQRfR8@5!<@OFE5EB}~qe+41
zKS{JAV^`QG<f4bnIZkRi2ws%7>a&a;)Ci?3Eh8)2YcXq>#Rs%?TdJg^qQa<8%lw#l
z{mP!&IHR%Zt5?1K$|JSlyZS^T&-ETNswIa|#;%mq!;u5^+wv-GI68KOm9ITmt+C!u
z{tgMXY6KX>!WJJ>h<-rL0i}x5bBT;JiEe|c(kp(S6&G#QfsBkA<W2Iz>4()kLfDJO
z&9}}ch%^m`u3EB8?jt{!NA}$&nx!h)-X~Cn?)Zl(tRc(MM|P4MaS__3+!?@6bj@5X
z4je5uiCF(H70h;Kgjr2aa6R38g~!V~?WVI+vl9vDQ4}$5)^5hutL{o95fNF@8yZO?
z3uLjRHPnjHEyb?v9<#w4$q9=>nx?=Aj0exWPxO%Ii}0!${}{%sZi_i{!R;%y4X+^D
z_JFWT=v59Xs%m5iC3qEx%f9ctx<)RRAx20iq2Ac;VKUK6%}Of8@=RYn-U+BBk^;A0
zjJ^z9%AYki*OOOC`O#4|5gZmhg;Um!W>}yivrDzmC>qbq*|!8&7Z*~^6ZKzkDm%OT
z+%Yi;*K3xRiK~)lo;>cCWw79*6Vez=4B>ou!58oQ3e>6_$3<jvr<2a))qT|R;W6|3
zGE9o>?Sw$0f$UNS=#1og(y|jn&rn4I*4ZvImqEIe;OX(ZhYtS8q;fY`{_)nJNRiFy
zb;J72$iY&oEZos*SQ-;w!6_8OUM23;{%&;nT$GejnibS(Lxh7Ngl4Bgi5sawgit9Y
zJXgjF3YEfITA4~oZpMRDwHC{&lyq3(PgiqBA02ol0QYG|1ceOPo8aGnG_hALvpE6B
zTq=K_#KxCdo$$XCe0k_dZYwEc9t4$FTIWq^(~VvB>fU{}3VeYb3gk~2d-7vvei9OQ
zZ_^Nxrd~U7elYnMixyP>oUNiSiYv-o*b{EX1cq?*lBJL*NOh$jSp!Sob-B4GpEEV3
zM6vj8=m#zGAfou26Ip6iRgJ{549)c9bd=+1Zt4xVTo&9b^wI?+P9O8*GP>!^Bf8Ij
zo;K`~osggJ20gzQD-+YceC&a*GmUq)<H;u)ag2wz7hy8gVw{}Eu8g`ogiV0I0i1a3
zu#`S==i6hbBRP*YX<R0Ylv1x9Qp=+H4JtTbZh%w$T*r+)D!_`Pg)90tbM?9ut`%2-
zLnaYy={V<&qIx`ti;|8xR3#V6KYgYO4e#~o=;=9KeQ9&FtGx5Yn7t1-s^6Tozr(0T
zJzOX@+1-4p4~UEb=34VW!)tP7%sszE1M;6Mz8Cq~n>}=ciSAW4DmD;(y=YF`C3MWt
zCS<HYAO4w{4a5S`af%D{gN#VU%mgE`XDj4nd6ITB=*u3zBA!X}-f|cfC$DrU%hGab
zi<v$qA)KavvnBJMy&L{W(9bgHa_MaoD;Be%G?0VILJ6f4QTKz@(sStS{fi^sh-0M(
zp9g+;kWiCL>r>0KL>_Xn#+%{s7MliunCW;^t~$=2{X}IYIPqtZ+?}~Y3D?#^vk)^{
zeZkIRvb7PIUJ)i99v;!)Djveu#9np;$*Bt<Z@0Sfyk#eoytalOHyT&A364R{BEGN&
z-ZpiT`ym`Qh$RPMn@Ssh(zTj1&@ycafY|Jnyi`0T06+-Gevki^>%OUUO(ecZkGUqD
zWDYEA2y3$I2?FY8SuBz;IOG)R#h}#kb>Av~cbGHH?(SRxUe0DO9pDCiP9ksHizE8Y
zzH7kHLs?C;cSqM9H5uAfV~CHi`~WFB@Q5A1v@`F2HG)`h%%FtVq^x`B;9r8Vc#PLg
z<z1{VZmoL-M8EW+ZZ6=*6Xo_;KCRl*iETlcv1JE$q3ZeE1~8x=0Kh!_1GW<0^t|!R
z45ns1;X&U3+GiY@ME<j4GB@4Jv1SF=ad1{~&MO0P8srvy)j{OD3qcpcHhurctB3WZ
zDPmTp^+7Aj*YdlL9DFT?<v&z~nU+7SkF!|Yp5pl)ZBN$h*3&E~!Ah!6GoW!@`q!S_
z_7CnSTb@K;;(^*`z|4=qI}q#!ihG;3$ALddKczg4A)yukc=7vsjlKL=%R%jZM<+al
zDX?7rnCQ#*+6aBHCRl|qxP~c2O18gE%Gl;b{QUF-#ims(TiOB)+e(Qk*zL%@MgUWa
zt<GXf0Hna*{*l+e|K~qt^5y@<<f{hF#VP-XZUkcgp&P+VPEMBnuJ*zmP`ZfuV;5%q
zEFU1;H9j>sm=Y5!0aei+a+QT8C*i!u*PfEM<<(kWau~-q2K&aJ1=lH@<MV6;=J)jh
zSupi8VUVFJN!d>2cvtrR17#!6waHJp6e!D7EgLU~yrrBzUL{T%3yPC%?YLtC>K{uy
zf#EJ*GQNpaGN~x;^42*N)zh<^Z-9HbpZ{nFyfam^ad|7RM;x-z%^|SbDGXE%D+OMs
zVjcZi6G{Mfg|*d6coA($mC>zQ9<a7q-juD>F!n4Zatc$8h_&Ry#zy2N1~Nb(DNi^&
z&Ile_kyoqqv*Fv)#yg8-D&|eyUjU~W0E;)%n2aN^JaPq}HeX`$iJT}R#6Uuvfb%A3
zajir54&$S|(0ze$eufl|gj~hn)sIAR|C7SIIvhzRHq_=bS#!yh!m*BpOJJxX+U{O3
z1a=oe52RFq*O15WGs`x%NkO9lniG*!SpI04?@gh$=nuzuM-0&qI?Nl*!Z;7UBinS2
z9l@z7Rjc*hVR}f2l+_GuFGB3If0Ki;riLbI+<`92#OR&M(B`Hj*z(?Ys;mSs=po&*
zAJ2Y#aH<p86tao=Aa#Fz@egtIA5Hkj{eR1;;hCm@^Tdi;eox>OiM|a(?>Y~ISfG|s
z**0_xtC<h$vM4FOOcVZUFSdFu5|_Hh9U&!Sqp4YuzDdd*9zN7<>g(ykbPfWV`_PHE
z&i$O**w))g=pZpl)@KoAbBpMjdT7P_#$T750O5Pt&d)PDx>NkHqgu604u4o*<9d{1
zb>_ZWXn|CbQ_Ysc*Q7inw(skNp7u#W5e(_#gwv8C+^aHP0rxB~%O>TgPvhR?rMnA_
z9wNkRyG;(m0W_IMsdb$1gLGtMzdGo@ACcOOF1yE{neAhaWDl_Q{174CgshXz;`Kb0
ztNX%dtE-N0I#e>PiTXBU6Q3y!YneXhCaf%xZlVJfvhZxlUA+c8IBE_^YX!Ao{S!?g
z5Cpbsosd6U7RMJxT-F~8*I>HvgzY$#6tmmb85G$9_UmvfY5bQ#IX7A9t3|>685$ci
z2()v^b;dWR8Cli6i~7@hb;eVXD}Hc7RmM)~#x@kep~O%+Z!QiUR4oRK)$;&=e|*Ki
z-v1Z3MYjq&ZAF!qVrw2~Y*KCcU-bn=ea`$j&9}F2<7tPP-tu(6|B8{()UuO*D<T@F
z4=>N`<-%J7^J)=_4TXS?a2_GdimFF`Sp@LAoFsgb7bLGk(E3@M5UIPR*BUC8y}-SV
zm%^9d*EEb>HM8!1HaeXIQ5KY)$`00VfFI9dM$jK{*z1X=DoTz`%C0GV?#aqzy1H1N
z5q^D2!EV#MQ`%J!B5h66bpKQ>U@qRa%Y~iXp^yzTSf~hR7OqAnJRFg-nvb3m$a^My
zxUsP?%VL_C6P)^pfKL2HQaIZFs4Z*2)Ss}18Nv<R(bKh+z{l6%=;O?{ceY}*AccH<
z^J3E{QM(FvYSaAy(nVwF7n^Irton=&oNEJ&pPi!y?js)dQl3dkB96mwj2sy{>jD#8
zH#aOQ`5Kddu#@6f_c-wq>4I3Ggi`4`Q3=&UlfVd-eXHqr7Y(1kjVw2&JKko}$?$h;
zgoR<so+)}|eeE!o_KG!Qkj#v+EQ`c+t}vTcB!HR3*w5{HVEZ!(aV&vb8(?`Cf_XKI
zfla)ZhxowY-YN<QW?idEuqYBCio}W~fGFl41}c`$gtbngbut5Y4VqN#^W~RKq6?Gt
z+Eaa4anu+GsU^1@oO}6b<rwsJ1j$;FY(3Q^-QPt^7B;C<wNz!BKEe1En4=g(_;^&g
ztiLRz$@7*>^0n=wnY8mWAk~6ukcp0ysE_%b-U?BExt-op1NUrp>KAP0l878mH%TC~
z-A;?raAxxu?^S)sge6*VlHVqkVzd<4A0QRO;V9Dnmf3!bTFL9cFjcR|S<X6_H#=gv
z*!GU{EgC;B=>=B;>Q%bEW8)D${ke3G2&o}!ZH8OVWY9*TS!Ipt8NJduh>=&VSLC>2
zEjyqLSS5D_Q9XolYNFarjGJR{&@k_eDml!>eurAMXhIwsM0OkU>{UVGdq;7Ftj@;h
zh{~-L_7N$W<c^L$>idPo2^Ya1m^XX9rK;~5=R-^C>Ri`ZVPjiCGwxqD)no^$<->P}
z(&9$^ELRu<bYrYk;&AGNFiNtCOJ53t2MSjpub|Tot0t14=}b0Yjno1{{7)+pgjQIa
zo)DlF-MkYm{ykM;0lxXKL7$TkZFcNFzP5I;t-XBv+k)1%$J%$4(rj1ZP+aF{%RY|a
zL~he*ZC3wNXwn;kGf-<fFY=59n#_P4EzVRT3=CntwJAz>si$&t%dp_>!Mo!WxOWlL
zF94u;j7hWE`*grUQ1mRsqls4m05HY<mu7$&Z$0(5()o3)47`h2tKqM52@|rA8*5&@
z^0UcHv4?=*waMf@cGl;4?LTRC`a9Xi^|~0eI4Ifee|Wqpl$YelpC~bvlG|2sq7Bf`
zQ*2JQQ_MlxnDDHBWf&br&Q;?6G|!NQ49`4N*((%bfh0nzpsw_bwD%-3Gm_$(FShdy
z%D$^4MmiemR9Z8>dm)f88aO-%u9tviCcP>#k_(!Phsj$)ljULT3he3j(VnR|)vhYp
z0Ss2$^i#sQXY!;!AjkO~(aNPHKc17{Z6TxvCMwjPK9CvCTaxK51Z!-9VYOjyVWX9Y
zhMKY-)c3RM$B%yjOmpsXZ5s`b3GLUoynyS!Q|H!anS{WI6nFf;fMUE@oH8e><$6w_
z>RW0uzD652w}e#fzhGkH;$HEE%8xouGJpy?qPyEL!SOob!_9HH3`M}b-B#UtgQEKJ
zk@io&cm9sMr1wjWIog6%(Zxl53gcQ~`go=*f+LnJMn5v6zq6gFkP+BB@`y%&=~Pw~
zN5k(E%kiK-)UZu_W7QzRAr3Kr8wJZ0R7jH<*1JwPQ|;*Xk-^7T7dCJF`g25SvLFsH
zqQ6qTDjZQ4H>1n_gNL2=xCcxb5o65_EU13iGvozc)x(Hh-o-k(mi~->4u|%HAeJUa
z#ybO8g!c?AiB_tps;a4Nkni`#(z%s!A}WDMy`D52KE_ky)29)y`k{>P=t4%>sN7i6
zqzeMNm^mdNF^0eiS9xY=l2KJ>V@Nwf&R{!DrePp`+L4=pW$q_S{(7}PM8S4Yu1iTi
z%){oD!*mE03W!`I(}e1sn0n_*$WOA1RHX>&42_Z<yB(Nz1!!A^UHk&1Pu#){$-nUA
z=8ccguMecx6om~n7=kk8{5uJ%ubgyEp-&OKDccSQP~RloJtuA6^Q@(6SJ%gz4hG3o
zxWkG%bK!%Tu@_Hc6(Kg&L#9~c2{;@c??iakU_H%sjD;}FDi|M8d@aLt%=xHeIZ4Me
z!$tP)R-%JLie>g90i1a?N#_yXSL_+1P+TcJ>Bi~k$fc=;sQ!FKj9lP)^r>fOAfY3$
z(K=zUj;b<^jkFsohk+=1_4}WQ1}~Nz>tBs$tddYf-dGQ4zhJe=&|PQws?ijwp;(PF
zaaEJ0vd?N4EROM}>s&^<)J}yok`UrHf)K&o-|1CglcQU=rM(j6P7abID2y}{2DO>>
zc{6kd2e_r?cB>&U)Au&mb0EVzf;)QlMiJ0n5BK0&62eAnhSz)_Ru#dqnpA~Peuy<2
zI12k?G`b^%rXpBjZ8H#!sUfpcG?<?A#S{*A7#1-e5u?P>^PkBLA^+WS!zb3lOvIyQ
zh1+HVq{O6T43az4otBwcZ*}tXhr#_9fpU=>42&DQcRF77RgJ2<=+hAzPCLTn-=JBz
z_u=I5_zxW(t2i8B@Z@s{^D7X$Ojfp9=;Q>x$Gka#)%J5q2ex^?!Lmm2cj$`gyyzi(
z$Gs#=pzfIrf^ys`oINP3-Ip^HHZ?Y~HNx>dUCk7vhokCmHG3B#M#KjzJ=i8`lzgDZ
z!*7+AkKfSFNn1zGIVIioC;<V(OH*cMD>=m)`V&Gc&>SVHSR_Qr@B&7jqV@yR(Io{@
zmT|$|n#>piENrv<`=QIb7qx`mqU01psvJa0m$p)z`Z(N`QwF0=`bXC`9LX%U<CdO2
z9zGbNL`7&bE31|5us0q||3{FgPDu!J99_i%?`EEA<URuHQi$3yH8=Hi+~%Gio*g#j
z+n#=_+g$E<a{c^^<I_WVtU+t+XKvB(@H*-HbGLGFC+oy)DaA(1`d_R_kF9DF6}3rQ
zyl$j>KQJgK8Ik=Rh)@`b!o{AdqN8IZ?V?qmx4Mc}XN1q!SW-9GVwT`j8$CP=i4dsZ
zSeC{DLM?so(rrfGAb`cb-pp+%wfuCIRs$s{vyYmG2%sk0$Q*<lP_Mj!lgZ?Dqe~OK
zOZE4riimUijSsd<){k3<5A*dGEVNEN6Ln!l7G4uS2`j(G`X?so0j(qu>Fnp&eG@%#
zTbzoiJ05d3oYvUtGoIgS^X#TiNxRgcmBQEs|B(Fphq3J8_E!JQ5SBgEZ@Ud`FWHLm
z+ni%9a;5v=LBqm0L+Nb6%ZHAJkwa>SRt~LYm7w<y4BoW1%1j;oC2P3>8A?hVI+{XQ
zGqJYr^b2sdL=vU;Y<_BuvtHGU`GF~+X_7d5Q1y{%FYF0eGE~on9L)g-_B)fq;jAS+
zQC~)7Mij&(HB_Ts6j)&j+1RH+6K#T7aq`Zo6nZ>hyKWbRo484<-VbF~g=2;cssN|p
z@k&a%ME(<=K^0J$BFsBuN96P3BCt?pmT89qYSA<brrgmz?Hfw+^E+1MDtNy#JUDG~
z@b$Y?EVKr0)a)pPh~z^9E12JFI|usl*kHt;vGL)G`N|YV&eri;&ye8gc<tt2osg<)
z<QVana%>HI;_;b1S$^%)rjVsVfOU1?M8oRZEO{wRUsUmMK1AxmN>iF;90H_@!(g18
zndVOx`J@pmpTU*~^mIHDy}C@nJz?-v9$NW^tf|i&ZLS(Wa09rqg`DWD8lQw7cRTW+
z*k#sLhMnQHrgd#rkbbPCKX1OzJyy@Kb@U8d9AQI@x;d<^suq*rT9zhwWdSUalZfC#
z1R|_em}O!^q+}||b55}*W31~do97o!)t($qKq82X(9^v+v7-4eFFfy!EyRnW&D6$O
zSGB)~cNbJ#TL0!8QiRMDl+#!?pN4FSR!zv!^p<pB0%RFE(B>WUOlaKBZP4L|Arz4}
zd45><Pz4R%^j1Y`cz}BBBDraeCW6ab7?aVp(s=N7nYe0Ow$R1glZQ_C{(;&80!&3m
zLe+bw5F*>rtt=MB*qLRuN~;o<)F}{mypOUE`U1-dlXmflXoptDB+~ov5?N{|gm-`6
zeicg*p~yTvRfTp#?|K&Jb%drVdBV1Jhvxfx2f{kadbD=E<zwa5=Mfwnr!H+5W77_H
zgLdthnM>hU{(8lv$u9Ji0f<pKOt4JuQ;IKB%VpA4d>GkQ#Hv1eiB?&C-PMqWR$sq3
zPy6X(E;j}%HA}w#!Q5L$wbAZ<+tf=bv}lVIE}TFE#T|;11S!D^L5c;3;!X`H79@l~
z&;kiAB}njIrMO#hDK0@<TzWm(`+n}dul?a(&-*^_mzTu~Gb^04X3d(JbLKq%zvIyU
zb5UA@z2@oIaK9uuk2c`e4-$3+0)AkfNJ?uWZ3=W_<{U2`_@P}<NnP_vPe6Kd1OuJV
zNOAd5DV;<q2*g&^c|WBqE?G;Suf1;I_xHgg*FX@jdWOD}@o_~39Iq5m;%_9M-udVD
z_9Q$gfvpNj#4n5W@$LLE=IlS~!M_F)og&vmYL1oDB^K5qkM3N5N14tz)qK+*&*~|w
z+i2Uv>@hwV?f^!>n2@BhK`+h~>pLa>f`&=Gz2<qvL_pQ(*<qq?f$I~l35Gls3z`_$
zuHII8q=hKsaoy3be0pWl_eJL}fs77n)kr;y*y&s#RS{fWw~Txv1B^_5jlp<>_O%*W
zZ-?bEWTiWfw4htQ{@9c%k(U?P3~lQfl=ud))PiL+pl|d*AP~=j>JfxsT2vJWH1gOa
z$2RF8&9L_3ad%PI0dbvMR4v5ZdWAj-nn(j>m0$?kPDW~->L&h_Z@l&7fqE6wtPp?a
zLb-LTcc$QnSfv0V$=1WQVMRn3Qy&7r87NJY(wZblyYN-MG&YE#x_B%~Qq2s_KM_4{
zSX&Kb_TE+mfZfC5-`t|gvzc+HuvSoKHwu5Owl=Wi?f8BEJkkIM2CVh${cgM<A4=O4
znj!%=>AWtwALfXUSmKj^^R1sC#daV6MW)n#9^2eyIaYYyRre=Zfa=ckzrU4}LOusz
zu;y4E2M4fku<iMSeA4J@R-1Cs;L+Xnbd<M{>!UQwgrv2TWPsw@nQrGvqrd(6`w~%4
zBx0E_c;sSJ!94()eHv=nJVW-R^KHiUgW%bsWSezj7;FCsa-rU3{BUdCjB8OSoKy&V
zIR{0~^wkrZo0<M3lO@mn=Z;(huOEgd`l(sh2wJ=x7dhs2aAzS0$6jm#gyZudg(9ZX
ziG2OHHSqTdlYOc-cG3Z#=hFi5b$t9|6O}d%21(ML7Ll0_sl+>r-VtAlyweZ1VeVgq
z{cX?f!{HLc75IB87Wi<+u0*>k@zXsGS7&hYa2XCelqbgfO{ZtZbHR?04eFhzs~5#U
z^>S2xo%ei7%&pGNCr&{jJAY|2kW~B2`-t_oa8f}G?y<Uv_7n^{w0l@4bC@#JHmVnm
z9<Uq4;%XiU^or%e1EQ^`%u5ShU+7P^CD{YLvI;}Z-+lA$o<KlEHhveYRvD2vf0G27
zr*T<uifo(I5V#d;u(Wqe&;$<;nZ;1m)@`$Qtl&2*uvTX3jtU5nZUl^)@gd&Hn{Yk9
zq_zMNpL2TB{i9lXuTgxeXi*Gl?sEiePvq*0M5wFP@6;}@3FG_)+2nnzQM*U&9b0xB
zwwttOZVD?Q6ix|C{k10?`?UCgM}n#x2dJ_f+0Du7vm&0ujjGXV|9)8q^BA45>O*;1
zFibOW?v|w2m5*IJp2I>ZlPB2ksijW=$`Fe!c;_s_GlEUT;W?Cby+G6$goRvy%`^;G
z|87gdcp>8>XS|;Lk!jPin{q(sjDE<yzL{k%9FI<#cB`Iy`=na1&9qv<DZZFqLzDPq
zF;q3WtvonIpIWzCTS^lW#}{?`{bVBHUO<{=Y+r|#xo9i99@Iv-NJ_w?yKK@(c-%ta
zy^0ewp@q|urdGW0SP$d1X8zuBxky@?>#(^uc>XW4Bf;|bj@Ca`y|dwGe&xB?+V1=x
z<y-lJu`zssEcC-QTAG#8qSHyQ)F)KOqSUKEfL73MmBMu>3Erb(WTKPfSZ<g++O!gJ
zPIA834*vjm+gcQfEK8xP*I6PG@=xo=)x**fg5_!_Ef~)2KP>Q{`5pp$<S^8*>g9mJ
z5>&|f4Pf$-_#cCwP$}Jz_>itx=c(bQ>vXliPx?>GIBMAQ*LpJfRpM|fI03C>;5>j&
zL|N{RL9QUpjB8{Ydu)!g4sd>AxNOR6PuFI`le%q$kkL|Fe^M}RSl(LSKB&H(>tv)Y
z-Iuk*8<LjdLhQ=!ytS@vo6OqflKdChTpoNdiW%Dv5N6Ep7I%Ky#yWQIp0;WVTHcX;
zBgSo<*&F0q6zyJ=Vc4VlZurv>4p5#H@5Q-I>!R|!;t$)G)xBxkp0!i}pnjU6E9xvJ
zVNqn+!8L!?Emg~Hvvk@O!YTHtN!9vWVjhz-{}eIh;F}~D1hCfuz|)d%a^)Ip)rGA;
zuQ{OR8^bbUekoX2A9w>~L)Ke*gNC-pYg`+F!_b$}FMP*OW->R%>uXaR{vxxt)6K<X
zmZ^mm(prxx5NSB&@-rQ6v%ugHTSt+fiIKN+<dHTErf=T=nVmM<***6eUvF-gre_1_
zc<iV;sw+pddy)t3hex0h$PZkJZq_^9!aXi65uw6~DnuW&3%^*tj2dA?qI_gY2^q7O
zm>8>-eW(2w)9LqmO8b{iv_+x(Ga((Uv5VAL^k{#PphQ`0uXka*jmSX^ivkZF$^bpS
zP-EgFFH2!6o~O+<J~3U|kd-tLuw!8<2@&bpu4OR4o%V$@$B#`m=)J*i)MjGBFCjru
z;wCga4fVkXtml!V8mtLQo+|ms%P@3VZ(w9Zy-?DzmSJKq{=LUlGp?Nea7(YwnUh07
zRIem7Xje3C#9YytH6<pQy!_@_>|n}BUr6UlmtDuKYo{f&e}XPqYyofb6ZFWQ{f{rX
z#XWrM%YK!C{XSTG4v0NMbCbz~C%GVs2Mp}$BXDy5e4LdpNc(y?2Yi({<yWBc1tfMr
zofNmSx4#~Q(XrWo`YS}g8C&0rSKrFD9urBVp>K-Bjhh3w+-aswjWmAz;t=7^nzb#b
z+YuRh`hJ;rgvD*`w^x#V-M7+a?*6)Yi7c3Hjq7wC7d7T|(1W+++rcypV{*&RPes8+
zYKSc;-^0vBV|hcb6~_emh_w^}l0aWU4|h6*qva&xBqR}Ew|s_9&lv&@>%X?u04-?x
z#)68#3iiu%#3gnkDuAc!wzdMn+O#H5Y7N&|=}3eRk=??$kh+a0!`$8Pxa$)Z^o7LA
zxq!TtiE#-u1Jp&2$V&=x3aVpmm&S6phyARin_RM_)sc?ycI>I^F>Uze3Mq@|A66KE
z7sEVUk>nTXaa==zl}Cb@w9F<IeAu{bKlO`=+fD}*e9q$d4GsB=4Dcq!o@}x68aL7m
zAE%AjAfkM~{Z^!G5X+SO(8Tp}>~kH#DV<H=<P<qX#!@%?_Md&)|64@PKO6m@KWrvn
zDi=qrT#%F7Ma2B0E;c}So;^Mw#5`Wf;DWafYL@VRjX-}nmJ<6H*`ak(kLS$Od}9dT
zIp0q9m<{#>EdT3g_LrZOgYV5K+h3zA!cs6w@*)fUPxi8*GnMjhfUD=y9E>Fcg-1f^
zYdazNZg!dd-Lq1a-5$h*AY9oc@BK!)<`$jSlMB_Cw;OJ&=-E3vf^J)aBrvX$(&Y%y
z28w9AMB&B3?e>9lU+b8Z84rZ;tTai0zdaSa$M`vJFD3{!KcE-gZro|;Lu}eqtgx2&
z;|5c0t9&WLQ)}+SD)yU8<fpsO7ODRtlP1t4W3N`JAGcK1^g6qWJilET@I)4R9vdZK
zwW`g()_u(4kd@$a*oH=76J^X<*V{gb?Itr^;8a!9$7tO3s;(g{tyl+0^qG{AX>>KU
z;**X?4Rnr**V=HZFzm5>t;l4rr-*3x?KEGj5{Fl0)&tcQrBdw*Fc%iWD1Dsh4Auv>
z|EVcIi0$~g_J)$cmdM-NU)a7B^*CCsh(XW4hkQ`I^lK33MBJGS=I79RV?rICS@GFq
zdga%>LGEQiI_Y5d2_P&z=v15WI8CvyMalDdHq`*9*C$PtJ{ee!<F;bz)$*E3|8hvQ
z-LX_@xx@op^y2QJ4;y#T>WcA~t31s9;9CRy2wIjG$8<hDRxsLNcAhmybnRl{&eC;$
z5bak`xf36_HdW;jLN+mCVQl-5+RF5ViM|`80RAU0o<yw5{Rd{gX2Y=cJ1MB`fih1E
zWU|*SfYN^|*7wuZe@=Fb;}hwmQxg4BOO^hnzkoys0MS<79QZvcLy~(*WdCO5vb5b>
zhl~~do{i#nI<AP4CA((*KNqc$k==4G%68ddzs#xpi|kg`(;U++`x#lyH+(K{zS_s|
z*;X!ewVuac^@K}>Y?2%c0{_y~#Q$3^ADFj&aw!^iWO<@Fey|XkGX5vo4KE-WS^Qc+
zjo<?VU!y^{nq9r+PrnP#d)tsdeceLBufkrts+l7VikS4g((&r*`pNoMM^t9!nj6y^
z@56Z0<AvJ79>oq`P*fjth_aduir*&6<B9s;huRzlOH`E!Dr&2W>jFI$3HA5Qdd2Gd
zcaj}lcDr>pt-`X$CN&bdSAS+Z{zV3#rbdwX;X^e{aQz-+hg?q}`@!Ze85ywe`9H2)
z=gP~7JU|irXN09`*m;JE+o6;C+Vt3TuN^g`3zn}@&aD3K)bz!z%yO6KWdCeIM#d>3
z-*qhVXdsa&4B_!`X|?=*CQ0KJ{hPMy<Nd$Ll2?r5I|ngCfAZ@WZZ_r;$zzM&7iH^C
z6S9`CDQzlL7n4`Uu8C;t1xPXl4yG%p)`g0l(JvkRTua}MMX6#jjErvT7NqA^s5mK!
z{ptW!S^aDC!f1Je>|XffKlYf6Uia@4vH!XD&wu#$$2DU=wG-7>=KV5(zk@R5mU~Rk
zYg}Et1WDzqU47~5mywZ?{SXBZNnARTblK6T=u^-D-R)nmbSl+luGpk=(NLv__yG61
zGJL*o*8~`#{)q2-{$TPGTlAM5t=;;Iyv{Gec(#8pl3f*FJ1zM=HbBg7kPG_7%>M7i
zKORiYG(IW@tebWgW8m9Ty9$vnx^G`5k+R>l-A-U_ry1)xRT##LecjB`?6a;#(*$2Z
zsNL5URBD-zybF)w!KfW>#tnnCgC{9tX3uS2k7&OZiXE~0e7XG>nUlTG;2f*`86uIc
zaQAq^^#1OGzT?so$&0uKvu^FC1A51^KMAkQzNd98$O)pZ2$zHHqyG%udV5Ji5d5og
z!rzzg?7Vo;Zh4&VXLdEbypTHe;NOd6q2I~=qhX@#2<aitd)x`uRkl?NP(tbfY%!3E
zxI%prw{gz3Bz9U4OHjC><iXnB5jS*)=zn)UV~dBg<gvC+&MWlJ6x95gZhHtze08^`
zX%Mu!5S7ezh69NxeEr`OvUmO~kg5_B`c=_CjG}>pCp*G{WKv3o>d2kP8jag(Kx!W3
z3PihFj^Q<L9HcikHt^Vc3pT;D!)0;pl^@OXJ7-8v9CWX<h^L-Q5MxvI!2vb(J}pT8
z^ls-r1n-YJ(j3sjNt?}~w&U#STa>XycuZB<x9vPp9t0Y}LM6+nhm|9VA(8>MxjZvd
zvL2X&*IT9D0<4MQM)1c2dC!&R*2W)~J~r+btXZ3WmB(a`tl?VzoU4T@Yn4O*z)5&i
zt||1E)b;t&U8iomfR-Brclwg#XOR?OUTZCaL;u-Kk~tl=+iJe@2?3@jR@=`naY{eJ
z+d7GIoLHMyREu&{kS`qak%&9G=<PMdwtZmrB-d_J)!&5aAEY02iRuY_{0cLZ(-@&4
zE7fTJ;`y<GDU`hk?|p9<nxclG#S>}DyJ}s<+sfkGQcPUBE`lYdIcB^TzH;c}Ol(pa
z3aq6YAy7l5fZM&E^7SI;40b26NL#Ysac`e5Of*wOUnF9QI(K{fN@qL>B2tb}I*m$f
z*X(R;Jo?+mz4t@9zLz%+(T{e>X!jpJSh)2mYv=UN=2M~RJO97^?qGG!_rg}^l7g*7
zGkd*xl*wKN9Fw7FAhxwL>G^PbdbEc<S2Z=AQ7W}Z5+pC}mdq`%Z`|rI$CGR7WUkyV
zj8Ofe?ievsX|L-{B|B`34@Q~YBq0R)`N5GSt2#C5<Q3uMWOt4EZCU+wmE_c}AQ4v>
znKBykwSV*as8PD+swI1;A^@Wz%0|mzu=YP-JoV@cYQ*RJ!LS%@roe#mjbhGM4TuCi
z8-KVJGfPQco@eu!y}9+}#5O&pcHL-@^b-{RgHQfg-W=T4jJx(yg@S5Wmc?_toNMi6
zrm;5sD%K=!1?_AZR$wsxea()MKs)j}tsBhAp|?+6k=%8Cy_277`3d>%X>t?X*U>>M
zx1<^(QvMO4u=Gh26Q`7^J=EUqB0$YAP$5BdPd`ZKWj0}kgKbBuSyzH#*s!YmBb%vZ
zmlQmS7Hyi7GszGu49yd<Zcn`~6Pzv+8tay~k80smq<&<FeCBR1YXY*ed%~w*$<c65
zZVOL>zHs7@uU)Ob+skNLkv9J&`wA~a3oS_hLR@?P3?baq5wES|U3_$oXy+Op*f6Tv
z<dRBN1v`5)Y><v+eSJyTCD+fjAT_`tvtUJjlsQL7rjD>>l&T4CU7M%4k=IUBWUi%M
z0?!p-ST7J(A6po>m!Oyv)1O&f{<K|?=bAB+WvdhD$P2T4@Q6+AI~sG_47TqE+vWBW
z_i2!G173CT2Jwp;B<{Kv{23irL|*XF2}<y3D;l5yk2yMIkP1-YX1zh^gV*lL6Yfra
zr_IbgJ4+l3x?dNTuJY5xhkKjSelPu&JKfMne>WOp)H)NUTkMEirjl6hqm~+^F*m+9
z<U~3_L=<d2=cK-6wR4z!k-0%_57P!f$x8yz@N$NP5lT<)Z06`iml#j*T_i}S^IQF8
zN>Os(0vP))-eQ_ycIi+nTC&VO&MtHQBA>+aPAb`FadncIG2s^A)Jt@)enUNO?~>^z
zsD>D{qQS%D0_8J&U%Y5A;?{JH7z2CHFX_7!_#i1;L`CL!e<U;d_k&F;jN(chhPPXO
zrtgmy*q3O0I~J>~uF|JZTuwPY{`{2dg{8dpuR)6eQ}}11C(}MhddN+~+L=}Si)0Tb
zUs9wdtyXN>9KHOqBipZRI>6XpUsvSN9xF2jatOe&4?K#(0q=1x>haCUAL}tPT%`Cg
z)PKv?yVhotk|LVjnbx(i7cB8uNzHUtDVqYXh0K+R|8tW8u5QLtLGjU9(&V6)(bvvS
zyT6SuS#P(X=lwVM>|^&oW?kKA<G7tfl?_^MkJKO`Ub<p?P|tSBwB;jQkWdC`D*b&x
zPou9hQ8(!9@%}TH4s{iK<O*~%nZNh3woK9kESULCDagy3n;P>e;g{p`f)A5HF!^kx
zXZ2`F(KKBLMqH4_H8m&7Oc&t1wRQolwdnmA^L8w5{>icY@d2d~thlyj%I2_dWwI7%
z`eIqL{Bsw3({_-L3|N#W8`4)h#cPZ0>UUBAp8C!N+-%mCDK9e-V9Ip$o>MV8_Sis;
zMOfj>IhJ`@VdfkLSQ$;O#4^<nBASWCL<u7pn^C!Yi98p=Xjt&$n6llAW)v~@rYh#<
zvM2+0t<`nrb@syJ7pKwpC`ZA;+<+yE9<YI9#8eto9k%>Rs@5cVO!#h3PBhb%5~1D<
z88T33&pHns`6@cR&qf=?DJi48uQmFoeV^`uxsJMd#>?dz10+iU0%GFMFq`3=n-G;L
zl3<&qkbrb_sSBn&fn=C*|LL3&Zl(<e>3dXxg4x_M8<3z`o$AFk@yZb2W4ifkxxP{v
z=Z}qm!V-;43B>(%X{1ThQvAC%G3=ivC^&<r_Xv&#4fAk8F74Y*v5F>(W^@b+GZg15
z&ZqEmso+s7wy)ERe5i6dreB|Ma+5r``;lFzF&{G~Z;>w*8)OAnZxhcap~(RQCL<$8
z4URapKYbfWcS<dVRY9C7$5{y=V214uIWf`{5rNo`ZfD;eM0ZZrPd&e$Y>F>?dPd|b
zf*RUo0$&9VYPL+!y?JX)q?1dPCx1(%LR#0kYE$VIzYLepfGd>U3z>D;t7*%F`lp+A
zgXZ`_=+(a1_zr<Zg^LZ*VAf03X3I3-|J>Q#em>KEdiU?$-;I;64!n(_*Uljn$8X91
zpMQ6oe%+fP-Y?CssNZ8$Z2HJgCUKx^DI+vH>{JG-f-R>45*F8MFUUAEM-{)?d>Kh0
z3CQ>=Mf#3PXvSkb(IGca<$o208bH!cN7K+RR$LY;ee%R)Mvg^Y$4&)6Y}QdAEivl@
z#eR4U`VF(9{nv*G%?^BeI*a-*T7)6Lj-=b_hs08NJvAZSOq%+bm)UNVo4N&j%*@Dj
zmJqWtt(NS>`RKSlB;3`f`uz0!_rwy*fDZQBK5WmN`+oJ(*m7Ad7z&M}`$Q@@vR=3*
zCM=qdcB>({HC{saj8QcG<FyxV`m|y}9N8exU#|tMN%Wjdk2oD|dj}oDZBM%-w=QIo
zz9TeB6{(`p>a2$;35i)w6YxCR$z4;6k|;l3Y{YP_={oe-@b%+lhE?ptG0ea!F{wQF
z8aa>xtLM`N<0}=rxKW+9GPt2iZs1SXFcmBF8=5|R&^o#;0|yWj0><@ys*=&oE<K5O
zTQb(9(V&3{<28{P1H52zZDUTF*VmijgpM}ElJ3~sTxq(Ywt~r8hG?e=oZ|-U42^Hd
z;^^tM+!-8lymEFA>MEYEF&`<Be~KMM1j`$@+~WN(={~a0FcZWoXa@6QDHUry*O#Vn
zg;aoM?8T*JdEB1XS+^So)P?)AWQauUku$6WYtE5|#H%eTM)11dl9YV=XCz$4coMZg
z7rAx$B!%FWaHF;(t~3)JZZw*t0cFxt#vkn>UD7TfceN-%y0lH_cQP#1*sK_K02o2>
z1DX(&<Dkc6fK4+>;#>oO^EuK6oU?zNR|93DScobE&O{9l^3i_amo_|qNf5wipyoDy
zi#F_A3>4u7qy<(1htw)1GL!pijX5|4t$`+=rVLrYA5#Ol!)iSWt3_X`L+lKCjK0MK
zsc;_pjhhOe@e<>x3mOqUx3cw`^KaVl?OSS{?o^bc6`lE?p`7{h={xN0hpujWOq7mx
z-;^5ABjv2%H5hR}Q=?bt(83KjXQ=j3u@F-EkvWH}W;mw`rW!0%=M3z%G1|fW+NbRr
zs0eFU{~0JaLUdpE%n$Jikgq-ay(Urdq9*=Cp|8XFVVf`U)$<Qe0NiEy-2@Y5%_t}F
zG>G*Ij&a+pZ!mSEd6Z>AumO`aTO4<@ldThD{nW%=VOYJQiWpbs20*cC;-N?sjjtfh
zoCP(;xq#TB^ho7_q*HO-FFL7}TN6c8KGx_F17gYI^76)cm2-kx`<H82!t4pHK&CMQ
z@mw3x0t`NUJY++Hvc}NkKT=Yio_MsCwd#uMiKS3-6Bt?n)&TWx$AQ3*g*0>7>xM-o
z-1&Q}b2}VDoA7){OHqAg%{%!mmt^0SUnf;{+#S$)uqj{If)b;4^(HkF=$l?%T2dQa
zw(^Rld%CP+Q)tz&h9SCq7t@*3?a|2!w-VEqK^0+<465M=yj~ppzEFaEeub04^)B0C
zrB0zzlXuc-Q^(Kp*e8d%8c+aWY2CS@OA1UJKv{H`+YQHS=gRuk2Q$;*WYTp|e_-h0
zZl%lAjee0z5%LjB!^9z}y`)#ea$<bvS}963cl+UfDn><`+wPa{%6$A}M2H{rjIr05
z+32LBL{Q=j6>Q@hwpeee8U$rfC07$ZokPo@6Ec9)=KZ9^&74N#mbJCB9}KYZrz{o;
zY|IU%*7y*m`N<RnUXq;kl!*cfK53B07_HZ{iL9=S={aXeA3bDImk#ifz6>Zu{66_+
z6-H-R*2cKs$koly>2OJv2)DIsb=t4<)fcaN1ec59qxWO*@fqTrnwo60s<Lho-SIAj
zg%N0$Nd8q1kSm24wyQ73^I>)@Aw9kLs(EK)n_cKZ@QnM;9;ZmPvyg>ojGk&$iQRM)
z^{he=_E-3#Lh)h4GLQDIt+sk%t9@&*`T_^1sLsFyXx9$@VD4*ZP2s)fJiJ|!X}6{|
zt$?fJWMZX&&m(g8+V;LK@6`rekV)#x<&AD(Eh8~_UUB7RG-r>~s*YqEeC&Nd{tSoS
zVbCMZvaZ38HXPEFSw+I&n&-)JCMJ`{-$h+LqeBtL&eJ9WHsW=){Uf4|qu>|GK#=<7
zt$OPAUK(Ve*yZ#a=3wze&vNAY+0>N}Q_5k>)oiia65JT&SLHv&4|NlY%_Tr1os?2;
z&+%#|i2#omCr=40!ZV}6TNT#|JDh;l+^2q{r7k2xiYlFU<Ykl&4v89t6TzGT$&5I;
z{u<tpcn^+taYhrks~@5@H^DGD;Z=XU^GLNT2tW=Ut)%I<RnJ5y-1%wTPIwPai>4PC
z&mXgQWjJ-%4&jzIETT|1TcBj4xr41UQu?6U^1**wGSS9u2W!um&H)Kac@f7mtH0U-
zPv+`EJL{F!V>l;K`(&`O!maKB(<x;yAMT8!thc+)B(>@6Z;6GITOD#|xeeiOf1r|j
zB?p8r{nvT~%NAe~*4~$Q1r?~0K}(BEIv4H)YWHd7wyS+p^4*2Ep~%*&PhCU5O(jc{
zPGv&aBy|6Lt{BYlK8Wyx4g2|v16vD)lKjm6gOQh()%3AZir2{g-Z1nOc=N>lPeqVb
z=+HIAe|bg!_>1gs&7O$Le)48~u>kfVToaWTQ&mH@&JMb_QkZ$VQ|JjoPDLC-R=gu?
z^RFWMf2UiPYPKHj4_o?N@*ckD-MJNbT(>Np;k-?L8S^A1fYLFUvL}dPRsHjO_eVDn
zX$E;JQ9$G}SiY+_vMwQ4cqNNsCBvQBs<;6P76%Z#$75FubaonRwnQ=3rE<#nmO99f
zu2ZrH(2N)V91^>0m;Y(ABdd{<Ir)#0d&RWALLDEC&ZlGOzt^e$Y+&fW>mEh$M+MRN
z&cWQ&11Pt$?$*^NJ@U<GDzL&p2UInt6yA+OO?~jDcjuJH!nyCclX6{^jM?lt{odoh
zxKavrzb0S1g|<T2d~Pr-Mbra`Ge!N#Aj!YTV%*dG<G&hz=pt<N9Ii`bI@`O)%&ELR
zEM`i}A1syXjg}gH5~wVrnxjr)ACI~Ua-pzkvE6bpL94nCxGH%4T$>+F4V=f|NQGnb
zSy^#zNbo?>tKIK|1jCYTaTE4JJSNGKJ4(B0?}6%qkw<ltlO>b?-2`}9??;b<?6OHL
z?4HyCHNTm&qo`GrV-y#zJ@E;)&Lu-3azQ@=EOa9b1rjmpQ0C}}T?fKU<_H``59F=%
zeaJD7MD1T|MmU4>8h&j^(oN5pU}RuSbaqFaT)SQjm0D{HPdo5^nFd<?S=uo%F}FI+
zcrbx7rmo~34!T-+JpkAQho4eaO`7q-jC@m?KQRglsBu~#=snU2Gv9mTE*UU?{CTlV
zoN25qFH@j;+*qdv%0=5RdaEP-&6YfQ_FFeTbTUAY8^ndAUwjSEGkh&B`s#uZ9Xn?R
zUu*Hq`N9@08!c8#H0PilWe0PD4Hl>wx7F$~?y%_%BXgOo@#b`<_ntly_GVK>>;9nL
zfQ`h*gIl5Pe4wOsH`@wph@eeC5tF=o#*{q2ILe`nCymZXq4bwCQLmI4jTCja<F4^m
z%@Qj_XP$7(Mz#er&}`bvHydxvYJ6SXMf-ifK&<}$ye$3_m#=+|hFh>$^(B(M*J}FY
zrKd`yD^3CWFj-{cJGuH&QY9D4u4RU*hXrYFVm7;4hhtT=@aUP=o^vhcR!M4ouZ$u_
zJEq8})=o>O(PiDlMwvxMWTohOHu(FYeLffE%uOGu8_ZsmFxTSLUX8<h2YaSK+_dG1
zuO)wYxY@R}#zTf;U~70TdN<i{jrsxusuP=^7J+h6A);;s;7(ecD%Lxg^|};7P{`-l
zCHC30O%U*WzCUUvBr7ZE);%V}Z2~EtcDQ#;E8Fbcx+P4cIPMu&8ZQPY-rd59@+Gkk
z+)f#)8y3pbLq?{2YlSCqh$<-iFsXPhivzHAD7mmYqz_I4&k5{}B4tT*d(>6!CT*3|
z((?kI;ONiFDZOQjDswa<me1rfE1#yKFt<}!QLyR{P|e7MX@qRyiO~fGk^?6wAdu0k
z)vfO+neI61ao1v=23iHyR@ERG&7p9!W5KV=O?({!Uz;W83BcJCfFVK(hdIg#U3Va(
zfW9SN-rC+N+qgH;(pM{yFOWZ^DQ^qCK5BskSn6M^>jAIoAS1W2W7X8uWpEIu=!#iK
zW9tSuU!`6B-p<zzbz^pi9)l2Di&yLlEldKtU&4MTs9t>vJawpO_)UARM0@<9H^T&R
ziMgn#+hL_)9+tR9{<pi<jfrn+Art%ABX_f_sh)QH*1DRQmE)4kb-7MUT+D4Dp6YJi
z)SbRl5fOb+v8afpR&-$b-y8GSbXT3c$@{nV4=gF^Pb^#CXmW%ONmVhQiJn-#-cOj1
z`g~XSZ|zzCwwE4o$)EPSEsKln&9tu`X8*0dMq%Tp{iufbyObokwq0%;>gxVh3EWoV
zoCYcRI2c(akqttk)I)DX9m@jvL52m12S;=n4!!-xV@E*W;r!_Z@p){Q%;z|gaK#h`
zDs$q(alzsCmDB-hplqk>WvEqgf&5g}V8I46#9w6oUlz|o_qPT`PXxyr(!z`AH|5dz
z6?YQacK+b>^8G_uUJ~s1^FLt6qzSH3vsWZ9%b?Jao8{`}_kmN5R?EjN4{l%1;TQVq
z>yHmfWJY2{+&}Nxq>pP9<7VR%I@LWF;@B7_t*!ir#HZb0)O6phvQ{h-n{6H6VRlTb
z1UpgJH?d^`phgXhA=!dv@S$0M1YjcLyb5lM!p8O;b1JAU(eL+&RNRs`Hr}W=daqMz
zP-7mfgYU1}_L9qK_Y!*niceO_SmB<~2*9-_F;+L^n~B%u2Jn0^8sJKoAKr#|&~zT<
z>DzCjftbnf%O4%HwBH$m$nzIe^s>A&B`p)GJk;|~nV=(K)Qr?L+F;Sy{O{*hp}(zQ
z=rxm8w}JO8smb>VFH`e}TTnTj*?Lmtm{DbrEH)kFmdAx&rbJLXA_UsKkD4;aw_mSY
zYn9fy0jP7$LIodDCi8WTIGT=Nnd)&GeT`~MS&Upb_@Si=;q1$D2(BmdCepVhW+Rw{
zN9g*kS0a=Bp%MAQ%-H6*_Ru?aRe0eY{V^ulEb0kMM?bCs$G-9h3R{TAW^K+kYPyK?
z>T@fU^vDI?(k>HwO7o4g#-IaDbm#6Edod|UUtn9O83N&4bI|3~xrpKs&#$tvt;J+{
zB~&KNni%D#HZc7zppOKYqFveZJlYw{{sE}2TCh!YQ5Ada`%W_2@fa2^i<Y(F<qd17
ze%VMHuE);9YZyCthw&gubM|COm%2!!*MnaFUglhRS&^*l^p&Y4WQcA9C}diDC0TRc
z!lNLcWp5(hrloi-9APXBLKvD%mV5inDm4P`N#s34&w^@^5HM)~<ajnF?0DT`bG)MK
zn^^Dl4yMYEgNyrd7D|AN`w_bL`6xw6A|M*ADA)9IfEzae1eA{!-Db!$ReS^TAyJ{p
z2ley-JyHg~VMky)4pVDnRKX0WE-Pw;yR<%Sv=Y53Ur#Iw$~N!t=rf|fZU5CTO4>HH
zR$l<D0=4N+D9EromQhVR7IklhL@98&!91AM)L<0pX*=-IvAy6a$3SUq_u<cl#a27^
zCF)m$7Kj~pF~IJ}uKeX)$>$lSTR&N?EMx0=?uR$R#EWdfj>qU^3}L$qrH<QYVz78P
zFt!a5O%I8)T$A$jp^Bh)i9ANtfO(izze^=^m~yo2QLJbu)@tfUIL?ll=Nij`cgu^5
ztydWFaP9JLQh+d^IDgW1^oeb5>?p`+LuqFlO`ubU2cJ>9iu4Kb<GVOlANzg+<)+T6
zgdKu}1CN4s4w#}eSY|aS!r-Ay3`rs@L5UCZONPTnads7<JDWVU(_ICNjvb&;{KS{#
zoV_uF;a`^;IwbRgM3;A5`2Z!(rT9Cj%{|pu)~7e*cxtZpfsLym&Pjm_s431B+ju|D
zT@mWJO(BSY6wa-tSlWYZ+!@rgj4@_Dtzd><6uc}ZGU_wwxYi%DBeo8}Gu0zYji2<J
zyLMhyK32(gCTxN10H33)YogRqJEe(F!kEU)NF&!^C_0$1qRK0Lm^CoNrvoai_cCF!
zHiQ(uqfcv%h`=PZLRnsSw;#rp0dr&v-f_XUkqgP7UP`|8?)j7XnO`=}vMzoT&Sfh<
zy-f#_n)gPFOb2F8W~QGDXKjM2Y^@n2rUbLKVp4Pww+wtl&mpFH$=ylb{oiTxlbL81
zNnXFSc!CwMqiW8u-_*!1Mt`|t`N?T$bJ~ga*h@uv41e4<GI(5@TNMkm9j*<+$$ISC
zSbf~|g+(WeD{XO#IPldmBc6!4N{S!DbSYdFxyG@jk#&AhCRdGC3u@M7)<z9Hzhrhn
z=MlfT8!yL{@49IljaDt9v%!y(@H9j4w!vbF=SII7Kh*zNm>aYR3qYH@!gLT2oicd>
zcgE+PrWxO@EmI#qbR^k*y;uLb!S<)j$NuEf@X;oPQAoH38xSeP97o2^S0o^>B#}An
z^$J6jzDH{U$JW?}{Zwe{;y6f2w1EC21x?o#fFrQjwKerdt3>LNx{+;1k!=x0>KJDl
z5)nwef<fPk=|;k1*d8Qd$<%gASsUU3mPf|XC8iN3YdIDAkAKWc|DgL!Wun2YewaP~
z{x32iQhmOz<XND&cRAJTWNT!r4O=!Ic9yN!Szxw*lXhZH`D*&L?ugWz>Iat16eo^f
z6*U)s4|!Secm7trn(|}L4vRR{`BO<g^iXK7;N}(Q$BXAj7eilsGiVRv*miD2lS&*C
z6@AUWwW<V?#5wtFdkE#rGOynqkALiW-wwl1XBt)g*y2K8aQ+cp!!{2#g1_;P^cqn%
zn>1m7Mp(G9LV~X{ZunHW>ZomC><IpbeMr0wLN<{R=O|wv6S*k-SPN)k{2|(r+xz>x
zr?2svHga7ZYEr(kO?I2B_`i?%|KYErNCv)<;o~Ss0jUxea^E{Utm<cWqJsWe&}}OF
zjBg!`Qp2Zgm8QYB2`lqg(U#47zS+&wfEWt$TI6h|6}NlK;x4XaMTkA9y~{i6_Un7)
zFprMqQ3Pd-ezy9?UXZW5DcW-Jsfee4utZvO;$HAvP?q-UQI?9>y2+Q0@-}w4gsA`;
z3y#0YDp1aE@8mo?4SZ>;m#54x9F2!4YpxzS4OGv8<93KH_k;x7u`lPG7^lZAI9goW
zIk)8*a`dM|fNJiMvxwTCsoVwOZGWIb4_x5JpT5=973RiF?Cw}ibSy(c#0o}6q)2aD
z{wP}*=J;XLx9`aS3jxTU?uxd0UjF4=^X6rwZ>*?@1W@p4tZTHd2|h$vpY_Jkc8|R+
zn@*%VrX0Y8up4Fr4mk;e>B<zIUAb}JuexO2GBp`JJ#f^Y@63=P(h2Hy&2}rEYQ!ef
zb$?Hj=A3#&9<MGS-Kxja!c=unIniy@eWKd;K5|Xs%d6U?_QojV$kBSX$mg!*)%Gub
zHX$1}mmsMzw=7+)jqUEqq*>leVVsX3&00D_yZL$bhLNYE^@S+qpW%*0U>(7M{uv7d
z%k+$(qX80?9#b_sc!aG0?BBBdF$F~RX`lU+ciBkP+{y)fBSwDUI*AQ>b3ggeY<Mv-
zO;!^4i`!b%&i1J-qdKk3*VOZmR9?NFnca}Bo=zq^9VGcZXgWZ33IO8dfCXjEGAI9t
z9lchO8|4&>e=jfEq@{|~pHj6ubbul#D`LV<UrhIP#V4|BOsb2(dJiPsVwj!z3eE8e
zI&?St9ahq`<y6Z_Z)|R?K|51@YRmj{O%pRY4!S>Bc}QW5^Pv_s`Zycj2TgHKMwE`u
zaRjC#N@YWV(P+7KV5WzlpvXfUb=e0&1ZiB^%!1kjeR+^6R$FaqIwohT7E|iD?SMEs
z)&c8rVIgAT9l;=jh#7smddAYa*se?9z+QN|RjrX`etEB>-Am~Xhsd^L^v}Bc-9djO
zw*~X4YxJT!>$cyeSfguc`JH|SVv<TC2W%aF!8|5sSUX49`9;+`dod5uFMFngXIy9U
zAX^g!0p!+Bj>GO3>>^w1vwn)>-)#|=sELh|M0sIO<|^dg4Rc;vfwi>`@Fw%*7#2CA
z3J-eX)MQd5{=FnKUrSM2H&qGku0*OZ(@Ncnt(I9dtb=&8(5I``u*(TdCKKKVS=Q9&
zKk>R}o~&S^EyHqMG=)R#IMYp<nh{fnE$n8A9L$=Hv|3J!ie8<lrSt!uBw@ZAPUE?z
z7C^|Yi=t8p!%?woG(;{-x4{@@3NXK>P5q;*QB4!hbK5n)zgWLCD!L^k>3S|`F!rK+
z67hD)&E`=NMlEBq|Fe%_1&^rk_XSSZ5&zNQGJaBYnWP3@nmkreG0B_EB_`(sO24`R
z+)MNUCUR3gy6T(k#RA<bIxW>mi@8;GC^I+T43`(zYYfGgi5s+5G#Rx`<;7Yi@vTeg
zR*W~7rWcn*roPR%aqT9*E+q(Zp;ueBS~^<hX(fC_m-|0*-&_{qY)E1D;GJ}YYIXH4
zu!|jd=^;I8eg`a+R8pfkz(6?h>Z0#0+2fJEsTZ~qFISe*&2~G2GhEGvmV%>&t{5q*
z9`%&qQ_Zb88YG8Qbv5)(wX@Gs5`L?!@KGnj>}7IoyogvpO1c7AH?}FlLgXYOxpn@w
zl|Ka1+B#HT19>AxC=YSYQ<)TDwJby0V}xYV#|d8Lp`Fu#Qa5cV2iWcI(>{1D{AxP1
zaNv?O`9mXz+w)Di($SGyKzaJ|a$DPlwSVpKnEC}9og5y2R#z-F4Xz=#5F(b6k>LgZ
zZ$xVU)2;hI-9E}SV}rH63BO-VlAKwC3@^I>TlI7A^~K2M8He$|!H8`CDyKWrnA$tF
zC*S(An^?B|g<7cWEt#^ofIjirWAl6DG-WHi{s(?5$iK*bvCLE|oH)fN`u7nSK}zPS
z=ihTaekjtL;*?YvV+y`kRoW*K>f9D$#9@ffR0RA*CeFRAxIKIJ0BBne>@acJ>7UID
zI0@j2K{9DX-4&vNtc#K)zCPyjrnW}9uvv&1MmKBAv`KA=Bsb$YpuT?%QD*WzxFZSW
zi8>g;58o;ZUKoE%;?W_<Zp4&Ve}e?9lgi++V>N}xBqds3-{9xBEN|7Dy}W1B0)CCL
zIOoQpfU74{aSS7PQKiDuGn!g?!p=-WUrqnBEp8RHc@u4mlIxri(1PmWF3uSn_b9c_
zY4h~sgrXk>LGYGbmu{!ZdR9kwD(}x3`d<zi)I_ceLL+^pP%(w~B<%sVI-Sn;82=HF
zn0!|qUAcYBw;@r_Cezv_33(f&p;~o%Wykx&j$!tzLF*qbgHdK(7Zh#cQsaeICaP7X
z9|LIQ3(PVp>G8JJQEn_IRG*iIhM$f(h>KKl&P@Ii;hc?LejrnAz52M(Ap{XTWg5E<
zl1Ld((nzQeEV~C1x`!&^Ey}IpNUYbbTb8q(e&RCgaBd$cme$wJ+ksa~WK4_rph{dH
zv1hd9$TjzQdTKZ-5LhnGk#&7msb%&9gsLcnHv3N`GEaG270i_eiCpj7f<H9$*m1=>
zMTdc0b#iD+m$0YgP8yGBSfKX_%Js<DdPd*GL>E_47WKpzqdurH<IH!|Z2<i=hZXnQ
zIX0S@`07T<9d<Ty=(FUf3r!2%$FQcj;4yApNz0vC*FROueW;5s&R+H_0D=+*D`NZV
zyUO^wwT$M(lY+qszf^Goc_v7`wxCBMz~12Y_0w3e(@bw~SGAVurxeCVf^?6x`Xc*p
zlb9$F;8{U6?38gz)|u~AdSgiQxdXd>YI207?9Gos)H4kmvD%>=7NF8Jzxa>V3tl2z
zG_kcSIuiEXb}g46z8)s7Qt;Ap8Hpd2aD8$l#Kw<BqOvb@wb8hn1jZRFY&kgXXFC#l
zB&b|)O^#=?v8^JaZLHP65YVhhJA1#W53R=`Tj)~&C2@ChN%#_AS66TKN8vSj{_jQp
zu+4%x7!vTr*dA|Y$mW!|svA3cWjE+)jI+{?vY{>-;*z-Z8-ciXd?&?_4iaNC`HPDi
z#@!#Ygvfb|=H-+*6RqY+a;#v|$b-R&a7Yp4XEx~?V$C8sdjDhf)qma!*b?6~UPDd~
zOf(tO`I-*k3+Ua<{MQNhxHM5`a`=-m^kdFT#s_yFxP}t553-9c<39XF=JV7a^`BcI
zt+5qb)-7VDrd|ccyaV|-hpX6M?*RbRgYTuzba`;E0GGIqg_vS5;fksnYwo+x-t2w+
zi;VPp9(hHQ8vWzvzv>0=8r3c7|Jq>~d>xJA_S!ork(mt3n?#)CNkyET)Qu&IyHE1&
zJzOFCZGWGHCnX)g#KgBp_PbFh;x8R62)aE^Rx<vfUhG8E_3m549jF>6tg3u17s;mx
zrEvc-j^rfi#eSw<|JGg=BKQts{D^;)!cpRIx6B3hVx^hr3u4Z21OPn6-a`}Mj^H#2
z(n%oS7p2^KbsRfwE{<G1cVrmp5cCoii$!mf*A*EQ9;Et&S1$_|wQ~zI!Q9fiM%K1W
z&9+$s$?oKRpYtDC9BNOAwmqR*hVCxBllb+_;0)q6KqzXO8Q>SD-Uk5d;t)VmFc^db
zo75SKT`8AWkK8jCNsregP9A*^FQt$uzyZCzn4>>pe5I@5Rh*GiI7c5@4?YC{iXAy=
z^ia&0;*DNS5XIM*v4jiKb2e?HvNlYNfYjkT{teb^%TpwIKO>bpH!5~@NC(K&_NOe)
z(_cr_<V6axvbt_MX&hI^GaCgEo$;0k2j<GhBHV;9%<9h{j8Ppx1JWL}5C6L3UnJLm
zXKCXs;x*Z`pmxxjgW@BNz9&oAUt(-Ad25V+l6~Ey=f!-wG-rF}7oF5M6e<{>YEO3K
zPLn|v{KJ8F@Yi{MT~Vde1_i4Oviq$6A2)lQzR=XE!(Dw|_Ii+ko-N2_J3ET<iQ{CL
zy0hI!KhC%swrk#4b!<V*$8h!J{CD5Ad}FA4=@B;K!p{7}Ty^WGn*B&-$D320971or
zM0ZF)xiy<{o8E?<<F3q821TR9|1AEqBqQrcdwng&(T*kyZ{Bp2#;Ii0EyNe&1#tis
zX%OZ)>8^~ucf~oF(WL2q+B<53XXxTRrq9S3j~Pg`H3S3>yo0#6qKYf<F0G5~B2+*g
z7~$R0nxj!0W5pG>JhvXB_hpIt5*4_Oh84fZ%Zp2k%b<b~0`PdD%Hu)D(G9Nbw92rR
zQ`<m{2;h-#O5QX}Z8z61*F%j)?QBNo2&dm57Z?*kfdpkqm&g-$Cp&sdC@W>P^MQdy
z;08cK61(#cg~+Kz696;cn3HYf@1h^=FN$%t)x_}{ca9=$aIZykL}uo#u(7(IS9(&m
z9U^He_9fI3MNzSZ-JfUTlQOT5FHrq%>#D1#^wpi+ip}EcnVMp`v#gyH59yRh7QrfS
zVDv+{#LMO%U&3>tG4H^$^-tq%bSOzEbWc$!y(e98;FPpWkNpq9n(9#=3Mc<`343p~
zPTp`zM#5;3IeXm)M>*baa|KMv$QAUM^sTG175=_lgIadA&~kR8I!9iEQA(L4qNabs
zaN+pwPMw3vA2Hq-%bJ*i_4P7}=8fULv-;l7<%hqjYC_!BxP8vu(FP_EjDA)nDVnp`
zSFd8oT(=!z;+R}4g5HV>YnY+LflSRs)*SU1ccnW<;wtoDh6}$1Pge1sSxLn^og=-W
z8cGB<U_&UY{9x#lQ%Fd(32F{49t&G>dNt2qNW+t^8pL$YGuFaJT%0tlqslY=3Nw<4
zPcqYhhg{zsnaea&=O_cF!-<KHSo+&?Zf-$x64W=5LqR`9WF2IVUah4K_v5C#fRQ<m
zjId@&-}`aLZjz}at5#y%>>Gm+_q_I(9e!IOtXItOLIub6Go!9wmlluB&KzcUUzaMW
z!f1r+k+cv?T_7>Ts)U}g-8mO>a5^g(4%V5$nRCd|d6Mcp`=9lQI$wT!ia_r$$a)a%
zjg6T3z{IKG?DO<!jyWABQ{|L;3^(a2Np$nP9OUq$@5Gu{Qi&yt<R^aP4|+YR1at(I
zO=PTuaV59GRdFsP!jpXDTCxkN3{HC9t9GX$P(jtssEHrG0IA){PaAyDH_8L?A8>>*
z<m*#@_Nnz&6E18Eqfy8iZt7;|QB`*|0m|-GQnR+Q?s>W1H`;0(S!F43-ZaTG#j}Kz
zs21g;mxhQS@mj4qbz)}vr>+q*1#-${Hv-S-<J$TdbLD!m3E*h=YrF)w6yYkdsi1H0
zeh#lv#L3|>(V?DoW5y%iyxhw@PhU9B`unkj?}S$&0yszAs#2K>>)5izB{L%ccR4wE
zy3LLk7ZTE_JM?uW)oQNhCPufXyK^g_S-8cO&4h&IJsDjW4z4GjmuMDNBtfp{Z2hc&
zz>^}}y&;a;MSQNZ3b_*9Rf3>Ju|yXhWpeF8Mk)>IO}bO3C!H{Sy5RyxB}fyJh+cM+
z^B8-tt1?oJrB2GPS_x)m<D*h6p9<GWeX&xHmT3D}`guySa-GA98M)FPkuuAhmxIkg
z)%SzMfM$)LJ6%O`@`1a%{Ut!Bi%^D5K!dnbV{@QHMOh~I&+A#ONB24sHwB#}wEfKt
zLe3x($$F1f3YCXaSRxDaoqjC&V3QtDH#f|z*KY@v33Q7F^~DGx(g62a?5z~3>Vco)
znp0Ajc?_!2yH8_2BGln#!K&GJthn~8-Y2=5_-+qRV9_rFlq5qa2%jqdBr`>k9qFLP
zzJo@mjaSB1ecGRubC;otG!_f%F$q6E|DDfd{?8h_+5f7s<1+v6?%`kE$o(ITH{AcP
z`j2ndFCNFsAcOf|);ufaQuipt+mcY6S`AnXx3jbNVHBr`s4g{$)s`^-_C{YIE<be*
z^I~XxB&VB}r&-XD<Pf5V;E}cyw1ZD035p~dElAlHOb+1SD8IEiCwj>sdj)uNrX2IQ
zN%xmY?rL_&;MD$eGSwQP7sTp$G&lBVwA;%;c&!jDH8rt&ogBR6b3~ow0Df4*RI7I?
zOL~=lSa27NMRAl*A!5zuU3^lf;DXa4VfH`afazlZcFbg)r)X*b61Oyh--yC_AfrH&
zz3&FNFzEK}aF}sEqqZROg|gsT@wu<Dw){k9{HW$f`l$N^=6tXp5EI)g&(65hro)&m
zD*UW?!uKalyndX4;k2b@gSm)ljJM7NV=k|${$^@K?AU@@Z<3ig&!!l<!&*OVo!A2q
zEZf=C$@DhT7r=>+%XrR9a+jh&I-3e`vqlL;*7i_b<hOPJP}^;tfWHWod=xdF_e8*u
z5OlX@AdHg-;9IZOZ=SiG9(mmDu?02v47}SD7eP<$Rye+(z8n$M*xr$=$K<aWZU1&L
zaX;GL*#wTM=|a})Bx|eqRMy2JkzDu>dOt~TR$wS9$aklbj$ffcH@f{vi*{IkZTcVi
z>2H|yCCshHb2Z|0F)|CPNJz1A(hnRM<h37fmF`%KLEPr$eA+as%AVwQ<8va@D%D{#
z9O7~)$ds;B`x7)`)CO@m7TKhzhCm+|;dBDC%7i!YyOYWuZ6H2~an+~o&cg_EnS-8s
z6BW;cZDpGz#~=A$@<Ie8=3KEYq)>?M5=^C+3kg%gAhp$lSTCZ@<@VH31zJG|Bl}~r
zh7%269#knOjd%xZOtrVnS_lp=#K0vark)J2CqOmIstc^SzVTJ*=s(a%aKqK$oLp;Y
zqO@d^xkh`fMMP(9*QFto;fye08j2o+h)HqXDz}?(kVb!}g$dg|NEfP19j*#efEyIZ
z{7MVU%6woCUYpiOZS{bKED&=7OUeZfPXWknJ6;Zt>cI{(>_%WEvumH3b!-V`-C4ya
z71#Y;i+j4Q>%DhGcl~s1jh||D5y$$Qy&k6fn)BO%EA+K!Z9U9kB%=tJ!!$v2Nfdf)
z!kAdlQq{oFV#X*zL-I^MTr#U$i8N9Je6*c71WTB_PB3SenQ3ycXbZhg8cL*^Vj^-E
zM-+&L%UtF=#ra_2t7*|K8Wvijj!qDDCuK7&9I#bqQ`L}>9ky)@>CEAF4Xh1uIj=YO
zpEcc@I{G|kyt!+r?;+x9<lQD^EJ3|fmRF<S7zb8yWgoF>Z^*SP0HF@pH9geY%IOm^
zj2`79aVMiT;v@v<ro4`=XT`Zr2|;&M(6r%6-Q|;p`B_-j<&*ICUZ1zC#D2%Q8ZiT=
zhiCYY#jZ&<^h;dW69_hpFBYMm1Wrie1RbM0f_Hy0Y=|^~DegL|3e>{AeeVU?61c;-
zN9;f%zx7qmyUolR=ow~D1dO3AUIjJYF1o9pA2Q9h`&;^B>SC=LB)8OMJ+AbQTH@(#
z7#E5TgAU!~TC%6I-L(mKVm?lJt>$QW*=dD_O}$}CTTV_s8nq;}Ph}kxKlT1!%)NJ1
z6YJiv%~rPxiV9MsO9?$7z2lY=NJ5d&6Us(vfY6In_f~o*gkY#r0t5(1@2K?92}L?m
zrS~f8{&LRqopbi{uIGE-zrMBJS*+xqWHK{MyJznE_q(nqdOd~-t|Y>3y-jmPv~=?B
z?1zBuoe3#@ZnG@kAb(#{O+<6-P+qjI{Bg8>A-mzt@LoeFR0q=8J+knbr$~CNt(@6z
zt_XLf{~f2|!`N<QQNNN(0hhK8OUo?ZC|)C>Dw{{{AxU^ihKt+#FRHU{-QCdgEZK|H
z4?hcLXTGV{W;AC$l}YCL6eBuQn;ygfpee7(6C%WDOg|=n!mmeBg2Tm_>6biNE)v5u
zxb{%FanEUReG0dj&>XCvlWlhqBKdI;{spJ;8XrB^YJeB)emLi?H^bE&6BcdKIA~je
z14{82`Etzr+cG?fBn-zTfD^C{CNuhf-mH~}E_yGS%;qQuHHmQcO0v#$2lbEdi7u2x
z=`6_Z#;`wY0DE3&yq3){udxF`VX^UTd_~?%VYYDv*$()o`Q}BvBrHGk;CMY^dmVZ>
zM>}ULUfEV&9cPS{8OarEd52~oFXOdQsD^MfeZsFSY<7!Cram4qIx&V>l@T`qhVCP1
zTxdEjz&l2`)7*})<2I^p(5;dCRI1v(k?t`%jiFrH4LnDZ8dMw>Ieo~kv_WmdKhXHV
zS|>mVJq+oiq;D;N>EvhXC`eq*CL=^L=c>u+hH1<}s;TT?x~z{`u1Ts<^?GBSPjK{a
zRCm<=4E9(2?TsvYZe7jhSfjw>gosDH<OKF2TK`r3F`E8eaFCk&y~Z6UaNzSz)%AaT
zXezVQ`9C}$DGC_C7=*a4IPV`&aEAvQM_etk`Tvt8TKMO&;bjTeM}c)l`^mSawlcVz
zwhmV&0kjze_i_fisyXct1tB`yI*=XtPIB3~jC|{O{?i*N?tcq$JG%9&r!QeGPDZ}3
z&seBvs2Ur)U3XfqdCD?Z&2SXr_%r&yEDD~Tl)ighXScn{L}7XRBzfMgko`8bJKhsm
z6y24c1!sf6Kv{!OF=sH-x}7>`^1Z>(zH1<atr>CWh7No?U$W0mT}LY#r=p;^OrN4&
z!siMxDE<*G*qAT~CU5Pkr9z#)37g8s>!11{CiuJA;#)8&(TJNhEZG}s=mH`?D2Jl_
z>_k;EpUn8lxg=&(@>Sk!Z$q3+dG@__3Yg4Z+Dc|hV=<*yEo{xy>nu+i7>L_19?O*n
zyi(GOr{o9L5ub{bc;pM>f4aLr-O*jz3RQWk!!;4LGoUNQScRg!SEn63ZHIL}@K=c=
z-Kun70iMylGHslYblR1&DAE&3@hQv{R!D4Qg0L7A#bsdY<HhA)o4aXp@a3;jdN|oE
z#o99y^HR-ZZGIWsHg@ZJAIq&t_ITRug6hy06JwS&Sx`B91e4AYtA6KryJbA0aK#m0
zsMFksnQrQE2IFh{<aDd&&>AjKYJ+2y-plB`_XnAI3$bk>>@!^b1u+K_n7mW#>Wu9f
zdl`%~lkKY{^-ozn+aeOA)@_SeGk2($Ye7vUJ0HFt&Yz*LjXC6E!J!kwqGE%!yt0g|
z2EHsMb94&=0<&~mepdf-C7tr)_Zex~0`0^vt{Qd@AX`UX{i?vS*UQ_#4B8r2Cn@9n
z9uyh-uE&67v4dx{Vl^m&wwipj1yV}yyYg_bu~UScWAdlAfp2y2=SWC#a)8wUp16=X
zZ<GLFrqQ{GR~C9k$IPSBcrEMK!mY{CyuGv8ko)?(zvIDf6V1B2<AXP74Tq~t4`U#v
zo_&{-SUKM@0hM1iD=igIS;12q&|R)O5n3~~9>>68)UfR>v#*9qwot6``EuVqjUfe&
zosid1L+d~;^JgB)`{NkRCI--QwD6LY0pGw_YoAXdLqE{dzii9ds<_)wNU%7R;t5jJ
ztHTJ`m44E?b#LuU&gtD|UHQV0G6#<94~my;{cqQ~@yTne>$&z1X4qj^!E7gU76`7&
zov)1?7Sd>w#T|dYG2%v5-Mg>P3W!(8Am6Q#-yxGUW?uF_C(QPimI^WbY#Mc+y261&
zaZP|9rUj-nStwzI6P(^5sPvOT+QioGb&RoJrHxt2x#ariYDOJyeNd>dwZhFKMKua#
zgTs!93Bnb`PCximO=j_)YaloZqB5O-&NpY!99OKM-O%ZX_<G&~zTA3-K3xrzkY;BU
zfN8B`o=uy#d*JA9aRoymaE0W?a6R#hX{*rPLPLTnbA%haUuqp`YH-N0r;n+9)+)zs
z*HZ4x{6QV(%+IIrA6O7}#j>gVSH-i0i1wN8W(LQ{soV`w8rrdel38}yu8W(ps+<7s
ze2<ar2|vMebS*l)mY_FKRGY$tdt2IC6*FcDtJRl|^z)8y_te11hnME7UBL2WT&3?j
zsk8*U^)TlRvxYOBvqmSvi8I-_o_osnS_0FmIKENBO^t%$%vH_Gg3E+{&aZs|X_Rz^
zOowN1jA6FlREI1*eVsWfMSicLia**3$%c3Gh(;90;$pC$RG2T0L(l4E`mh};A2{6?
zx|jD&>>1cQD@DbY$qsyOTE1P<3FWJKP$;F@7oP1wy8kc((AFtf4`2nuzXurugc&Ek
z@AN$ALv9M&nGFgvS;VUH%;<Az6c4rSeFp<}oDD%B4N%IWSF+~V<-~|rop2T50l?1h
zt6OKo;b<4N<-^<j7becoXbQ*v0+H;Nit{>C<IdSEG(>@u>=kIoMM|Sy61(hOodY#H
z4U4$r<FJr`wWfS&J~SpB>MgY-HH$=Ew6qLeZCT9j*9L)YzF23RR%g6YJj*!Uc95Y>
z<7z2vE(TAec1mJ9oQ*cRS5Rqc*i7@o!<P0y88mZq@!D*i`b;zQmyDZx8|5XtB13eH
zIuX+r1Qpbnvz+><V%=x5Vk+-+8g;=%gLXY#+KHM83eqRFll+jD;db#KW4?BzE?z&S
z^_5NdWLoAXPi3P=?oDk24`#Yu9Gg0ijHv`hCEj?d+=68U|9k~#TF<eO=tCr+PGS+A
z&Z`B4b}<eTUy77LrUw!k=sw))d}j3{b7xMbrd4&3c)la>c2c7yMmmzKXO~c*5xmmM
zM8a@WfG@=q+9wp%i4$z$pUhkIlH%p%nY&#eOnmmbK^T{+QRAgquloX7A-E%RJD<qc
zPn!`74=urBoMCfPGUAo|8aT76;=G)U((M2j>6DQh9Z+6SY6`H?U^d`aMhCFxjl4yl
z<Ec*N{{&mcTSw5Ay@_#28YooziPxIctXOb<C8K_E<NK$76*`{WN>%1NudbPX6tZ4)
zZ1nUG{Q-`D6{M&rUsc-KoTujuKL7d4(<lD_DhyB^q%3qLNB(Ozf1BU+cKskG5LW=<
z`^5b(507vCt8n+@eQK2*^ZzV{C$-7kXfi<Lx!Bx`b{9moPWuadq41P6y@?Z;<*=>I
zu0FASX_}g^ATGh}8d20TP#BV#K4cQYW_)ICSXb+FBKxdM#i_*mhl)H!v3y6VYrSZt
zps{)l2EA;99fs`nodo`Fe0i32q5@b~?HRu$Ui6CFuEFk**2I}((;OYXh~IA!bJOV~
zAJ?k6yKRv6=YdVxS>ib!iEk9rx_`&Ud&Nu-HP#a|q@9T$sr=N{{;L6>qDFH7qeovb
z>@Tijb)Wso7M2+>INT1476Q}JrDO0cbbJ&Ed~Z~ovyhDX&0bzOB;3!HKN+3;BKCI0
zGd~gjRKYCI#@lM-H+;n;ghvkb@v02#LK#6m7}ovJWwd009+mcdv{9jH57XqU1*R*W
z)U2=MrND=aa5U;7?Otr#I(tmw@$1o%nBQCX32A<fRTMny{idy1PcL0aY&T>{jYFC)
zdtJlA;z-^VC_H{#xU)Zqa<Q)3X~~TY*S69d{u#R*39tFgS6h}(=;biF%C`=h3T-m-
z1w-J7!evF1vF2dfGScwxL9QUj%6q=w1`8+a@4}w-Vphm&!VHc>3}Kzg-28SZ86n-2
zd*VLD4X|n{Nl9+=Is5F=(;%(YNt=2`NaSMH&_Zi3Xe@?k?sFR&27zmnl%Zf&m54r-
zOLaRF`{To4#f4dp@eKCt6hLV`X^i_JgwIDtLilA~r~bGdoqLnw4RJgAxN)uCZBbeQ
zmw8KfILB(e^GIt&X36`S`3hg(R(BUaA_smiup$n2ex_%dYEnzz{8*FC#hD@ETXVmC
zEj|rX&I9`{WvZQ(F%1?2fuwSsyRXXv2D+@o=q1h!`AJOA3!eE&3G+(J7cQzXIhoQl
z7-`t$1EU7Il<Z?xy&Y$o%(_aZlgnh7ikDyShg09xSWd1iy5LJU0)2P^O5s%n@dbv*
zH9Ha-U1KeH7JkOK-MYqB*75A!YC{IKFao9MfXV1pLoe~AcJ27>0#{!;vx?2{)K#3E
zw-zLX16f1a=XcUn${$f1Sxk4Ny*M7P-Kq|}Q!B+w@_en*q#?bcQCr_>2U><9^{#Nq
z-fU$e3V-5$Kaldv)s5(EKw`J=YlPgB4ZeW~2qBP&Fbk3}#LwInITsfWhEMvt#bvPK
zliym|qAQ^{;XxwB^4`3|a4=BIexhb95pU-r!-~%1RST9{v~k=x=>Z_I(gQKgiklCd
zm)ny$+aFe1sS_o`L>t(7q{MhsFcyh5alM9}&x;^gE9Kj6{XRU9@mxJ-`2Gh+m=t62
z1>DoQY^0pr6x7w}+@|)(*OA-H2qTH91Iru=L3pOdngR|{mAe(E>tk*|{39pmo4m3X
zI$ja9x9r7ZBj0UXay=t^zEoBYI`o<iRjcZF5|^3<i7fJCFf{KtfX1>XRN2M}=8?9A
zz#TTVI9L1=f}tGnJ7@F<q1%3j`WcIx-&ZYcXQJ(KJ<S^1k2V$JCnZ=i7#b|iF)Ugb
zOZtZ&F@UbUV6Dm|;$22+s7$|l-9)bJ?kk5ha<Yj$T+hV4);X|Q<|J=7x|D9|D@*88
zOe+&dhzwCh*M<0gD>LA7fE%oysjS)9R0ZZFftjnGK1yrFu2fbrS0b65ocmP#L*|iA
zFj!QkLjq<_@(a&07(0hJT0}L*u!;3lAw=KE_qiMfr7h<RcI>}(eWw_S?~0rAeL5;z
zfTr-2M11HxDS5@Su}S>{LPxr=fn!bEhSTxeelu=AfWfoE=egXM&Phur4tjWD(04n8
zD4N)i=*AJZ_7V=OZcR<S%*tQrRaQ|jUzlP1mcP)i&oc2tsekuTVeSV*a-np6Zpui3
zmd51hPAW&wbBwBn#lWnL*VidomI!UL?S?Bymz&HX<z~bgBhzdJb|+6u3bi#2v~=JG
zwc6kTCu7&uGTMt>t3=8;f%6eXO=pr@{0uI4Lm6%xm)CQkSQ)t`(&duus$HW~8{1YL
zd+SB6n{5$+fX%H^5qqehc^L~#H^OM?NxNAR#50&LSdbT{JsuqEbrj?K<b*K!TwgP1
z7#B?Aov+8pU^x00RdD|o`w9!6Pxn;A?esD{1<I=|UYBD$mm%uiq`IrlMG)yEypk;j
zEJ8s}@$xE69mm%J(4~$2#zOfkvW`f{S0VhO8fqSk=+t3Y2EvJF*<9!bMWw;HR++}V
zu>^ex%906mcY&WH^pSu-kJra?wG(a!RM$r8|KH2JQm$I6tx)mvw}!(l<qX__0SZ#r
z>gfZlcf5S#;4~1}3Z{#*n29r<rQ-qT02(}|4Tlx~F<m1rHtoSjmyLI2J2(f6M%@he
z!vf4}wOCu%s4MOMWJ)0ZUi-n@h88#69&;Io-cWNrAM-KYe$daSJ3J|gPd!#5z59+{
z-p%4K26~Nuo##X~EvytB_`h+vh819_FnqE4^DnCF&@B<#D>VM%jkSh~rp*U0qYn>U
zHsVL_p;lxX-H91~&U46+e}5iXTqd^%Nn553p=+W#OrNWt>~@}W0&Je$QdL~mZ7;UA
zZ<i+4i{M~J)-TCCGuKw)zo0jDdziZJX$9#%nDd0fUUXL_%?i$g9IMzM53G)~&9Bvt
zSXZ{B9jyrbMa6`cd{7E2*DERF-xY-Kr`yE?3=rOzOwXzAg8$>g{8#1qKfFJl?#`3a
zNfRbms8?U&-O{8he}XE4-nWE4Q;_5Z#x*`7ND&piiZko;QF?0P)RWM3oVZYc;a^m+
ztGRyfFR~B$Y$Y>oQt{1_;(L9Ff}eMcvLnt^UWNG{jz4iT18l1h+@Z^7e#IigO577|
zSEZgkcgOKWkh4J!5|`ujg-S&k9aA;#c{c0+JJpTf9<&;Fi%K@dm^}~~eUiWGD^*Ze
z`xtG2!_FoYU&KXgfWbNUrBvG~gvVz^q@$fz_aZq%H5ClZ(}WsySj{{q<gYRgWHEKA
zg5&wTJix~6t{FQuBD3JQ9?ed620Gny(#SkJZEZ3@)rHFyYYcMuE=ONNkkP3kvn7o2
zr+pT}YrBpVVwR0aB5o?Z(LuQLwI*cx^g!=UX*%ZfUsP@)RgVZUJ673tCN8{M26g&q
z8~{Hq1QwvsqViM`cs0MX_nTLDC6DXKq@MLgcog1PbnUc2j!Z~N(Df;3izC^kJYy;7
z?GNd-=PX<T_;0;x+dIu}T-Zw^Je>$!m^}@x{xovZCYG2O8;Wr6wJN!IJ3BC5uY%pv
zZZdZ1UU0)V9{cmOl#VI?*&i2pWNh3Y5l~XGlj6<asxKQh-pX=6od<BYU~nO<0kL9o
zB|7YFdJkxoW`B6ZI5G1LpG;NF?B#$5r5MfKdx-I3gAMAkk9nZ&$VpZ-QSp2=@6JT{
z-HMk6Y<(|95f1Z-Uj2KNthsN2-pEK!bHV6ZU>=0knvTF$go>lIzXvLRu=KRhr+?q3
zs&Kr$`OvGuGd-#BPJBKB*vN;ImLRjZCScI{b1j@fx4X-Q-TGKhoWF*cjB6TI2-tI?
ztSxWGr07Y$d^Gg%RtqUnvO>DDA=AmXoIhW=`5tpUz%^gG*D=|Rm|B^}J8RaRxsHXy
z;)R25#ah}U;-GjC=zAeUS~i?Me&v95o=+9I>@x>-u+n^6<GAI(Z0gpeaMtf;DE6c?
zoS%13D{gyE<)OPOhE0cHp*<}E)453LZwH=Ss@A?RGEVc_PSC`}u;~7VeQh(zTgmNS
z_lbKNs--av(8EJic_l&HJd(R%E-xJU#-;0hbGK2)$Ganx2sF}0LVd^wgf?yATL*K1
z?p)X8s=b|Wl8qGWo+X48JNu9=shFg5lcanTJ3eEw75gGU^P`5t3(wc%t8UJImg%!L
z`_J2(N{Zt-Bq^HObIXLr5bg#Y`5H6@036#cDSdD}hrxX98NUNb-xe8smRC_!SP^D;
zwU2P}lVDg_hk$d`W()FGgEL?{iPP@A4ss=C!Yk&`z%@_0=N&LSX3D(_ZtgJ%Y``dn
z5ju%rX}mUoVh&>Z+6#pd1G+jS%r{007yUtzsHm{7CI+5^qk}thyOj@|RTN1pTO7V8
z-!y#XahgAJAVuk>*ClOp@5*aH7JXR+>v-l`?9`BWvmfPBvEb7B2m?!{ew?l}6cUyH
z!Ipbnr$MJTYS!~sJ<`3BB2c=w>Ksa6(l|K;|G?4oH9Zj!{e(|KsNPbNKY1e4HCsmB
zndce(-ATtUd$J7+hFaKmzYqpWwH7(Sa-zi1yZ_`!JD!3zB0%Gdqrs|-e2MmSXDl?n
z6k#S%ep<vecz@lnRIxg~pyt(LKrPiT4v0UfsQe_jFDiI+98JcEIH5bwc92hn9@TrG
z)EssNOB>*<?|GKguIMS8_J1198I?uvKGe&4FT3XsH}upd>AVld>?doj@cl(K{`1@|
zzGIG4t0KkHqWIXJs}XQs(Fi2$!t3VY+b_OM1cxZYBWNw3wq%#O2Q_B5ru#B|q{-fH
zH2qDIE&BXi(VIy(JTuJ!`f?o%ZaR*YA%ZlP=-l$9D9X*Z9Y4Od4lb-6sw#<`<qucp
zquEV-11Z6pU0i=r?X=x8Z?)_vo-;qLI93paOsJ?35|$LiL}S?mX7pubSe|4$78o#B
z@_L?;LBVkYpueaB_PzZZgY^^oeiVP^#4fS^n*KuWn~hPE*)*`v^Qsuw>p5v(v*SP6
zpP`8N0M;X1&%xMDSnv5<_&R-r?l8K;II}228bjz7TA)Qb7tD+X1vFWvAdxWecztGS
zdEM~|&neX}<;?#>HS+I|OyD)!zSDK7);i`gH#v0yxch=<P|y#f$qX5mBOV!o(A;-t
zalvX$`%<5{ul^TpX|uga>32GZaNaCwimI)glJKPjd|CuXs3!x~pv!Of26(v>_<B!y
z4@Cibi$_<!`o2>!6L%GHvyeVA!3blQx0~^+OhyjSKT~u+E7uY}bUyODWgP!DWz%n}
z5x4RE={6;;?zZ(~vOR01W!ToQ{2Zy{kn&Oz0?KGkGno>$iz8THsdVhxPdr8!4qDwQ
zbcX0hD{&y=&Kb|248|R;AvNR}Qj_U2FYPN)`-;2)uRQouR&f*3G_LnbIop4)F+{C`
z-ecF|tG_#dUt@?4Q9E=15l^y|Cjw3PX-PCN@{btIOQmolzB$*O8G}~=+hCGdolC>)
zMS!)r|5ilVZ|%G#RW-AzKFh&O_45+F{pif|?{?W^yQ`LMj+K>J?h4x?LVDm-ZijkH
zk8>G{Fw`>4B7Ceg@Cn}M67;xzvfK?CMv<Skl)862u1He|#7PGEa?zMMA`tW^*7=3K
zwQOA!5z!P#=})k|N7+x0Op~*5P#bzl`T0;0VqI2mJuHdBNI%+@NWUgDJtyGkmD^FX
zuwLkQbLV?VL`K2b*Nt^9HpqrU*-{Afh1Bv~`YTGm-0s&Urh~61E5=zLmzR1HTRMg|
zPeWDR)s1cTg(T+Gck}{|5QSu;f&&IG$pdV#hGS!(vdht(Z<%ncgL;s7$>)!*3rXjc
z9InSL!9u(Se^D7cYK@RB_Y2GTF?*S2&}Gy{Dg8y|RY=Jy8^T|K+@wF2L-|t-<nURN
z+_l%=#j~W=^LD`EW)OFLtC3=K1p7gO#)Q6kc@p=i(Gw%xdWm>YRuW0N=`)>%mk%Cr
zY#@Tm5R?0oeCQg?ZxI*svG<hsPG<orGHISc>xC5UdDKc%mAY2}yB}i{%zjBRMZdLf
zYpOBf&4doe1HhCL5|E7t7K?-Ynhd>Z)C)jk_AI(7eX!nMGWgjc(>fygQAUR;x+!8e
z(HA>E==bm?oNQ_^U%6L#jr>D~R7@;cw_^a-ylp6JswL{xe7!TIk7(t3oxh4o*BNMh
z8F#+QGZ9FUK`~7142LJF8Xmyo{9F|Yj5l3XIEtPh-!E}yvZRkEtMb!Ykb>}t$6a`R
zqI~Te(-eMw4ebe2LT-Eqt9q3~n<q;WQpc`#4A8!5lHwjVZb=_^wyv2(wCS{{?Ec;4
zyxr5Dezo1ETcm(R%k#B?d|Jxrp>)ANWK$&mY-bY^7-xJih3B7>IaYFN{z3W<^qKYi
zJh;ota+8r8_dLIE4AGowI-&XI=2^^-2CV&PzP%h^LWKpwV;Tm^md>G%8_60-1hrf@
zc`=M9iG8(#>nbCS#!__FV2kQmHg0r^-m@E%sj_t=we^+hI9}=ExVl;)8Ie1^WwV6h
zI>d0VfS%+8-PsgYmve}cjrAJ!lZy+4ceS{>k!kR<q^4zBtNbr2xr0jZvasQ(;OXMm
zBjLd(?cz_AiM{1UdS3YNCg@sRxvtHz&4!jBw!i2L(6M^=fC%)!@trTNs*O=G)s{4o
zhp|=Rkc6`8?DtgHk{?sf3B8)nMmq-znoQ3W#Ih#bPEg<Z2d+#OzDNDo>o{+Q(8#^S
za{HzucuLZrQe1bRjY)L|-`BWeDd|N~`nLe$a^}{wiZxqB>ie!L0S2Ck5R0x_jT&$)
zx3X?SA{QpES-ba=g-cQuB=sxQWv)3tz?jya(>E6Tn{k5TmD>lvSzF2G<4n^#P_V1r
z%<ZW2sgyM-De}+5pKGtY<gGLLL#OOlf{>Fw!g_Ah<0e@035R=IrwMxsU{$hTP>$WR
ziyju1?B*<`s-a<V&hToVYtQtYH~g~QaW_(9VaaU`muwjqFXkXT2S!`J=!09JtN;T3
zI`zDi!!}LK&c0Wp7@~w@f%$mVIjp+Q%vjELnfoa)S(Y`5ingvvA3Oj2@TjKCfA0L1
zBYI<9&fZ&~Oc$B<PW2oV@y!?%()&GFkOxc=c~sIdtF|-!V|)H>xZmSG@BLHi^l9?Q
zt37-oed7NV<_q>Ai`|!d?m3m7s;VPuyv;=C$s@tiFm7n>6C=hzu*@n18zj5gfr99|
zBW53xik7C?@1_%@#7PzY1?p0Hc{=`3TL5==CNG3SS)?d)60tp%e~8b{i}V1eN@X^)
zr7WQWycOjprbU-Z^%7GF-^Sl)G?48Tm)Wgfqtd_COBXj7H_{=GX>X4~?p!sqe2eym
z#x|#$y)dFtya7Sizwprl^o&lTwQcgzebk+Vt_H2H(SmcZM$YG;N51-FUoLJ6L`W#Q
zf+uN;++0f28_G}00M0nT&zs~W`U|!%;B>=A&Q5h(sV30OP<Oj!UAm3bvd#x@p+p2X
zVJrUH#CWbGpHxkr2Wbph3oK$<0XgaQ^6)&q`D0;iD>D!Uy!VQrH*UG$z|>$UkxTaN
zHpl&X_Q-Ik$-U05J&l`_{y9FG4#%yQ*iw{{Fh6B`<^*vtf%vh96`b>U)}}LPgi6ly
zi~Bd@4ViCs0PT%O>;qauO<!Sj{MOl1j9ADPQQMM9DETor*2&oz*$J{-GjdtW;e<Bq
z5?j4GJ*AB}Dpamt^bIBTFy+HAp_e$^ABz9n$G0{U|9hY{7w$vDCkpq3>nG(NW{dZv
z_rDGWcElO=Rj0x|;MI*E%j|zVAli`cvROX41C$>ZZfi7tkwvay0bEot{b1WE>%Cxq
zmc1Ip!X-@sz6uFke3;jqlPH}ZG?5g|st5wKpD!mS|CW%CD%h{&r{qudSUXBdJ=?Po
zmYRz_HwuQqYSNj|FeAi2alyacI##@Xu5a|z`*Wkd(JHtyqlk88(hF*@+hc8Xop&*m
z$6l#Nh9yUa4dl2Y#c&UN75~j!$ofa(WE}c^3)Xl*@9AGu-L6zmh2PYKR@pvn*v%h_
zrs+R56t9Ep`!d|jf2P*Di%pA*{dRudgZD{n_}tj6;ZW=T8W|r5oL+(fMVT7Ov*t{5
zDB_B#ngb~4L?iwqS4LLvtH$PH)=###WG7iS8?x`skk5_LGq}n+FxPuj^|Ve+9`F2w
zD+O|RgLpCa?Z-29Xe{hm_hDbdM6GY~C=)v+$e7gzLr4D{lV(FlclY3LC)~e_zx<75
zdivmRx>5us-8*gfNx-Xv(n;%^rXQ&!3NwA7v7A1pxjOdZ65O@Y+s;68jbNR0PK%v`
z+Py51_=l`H@y)LSf=t$wPU%WS9i->%p444Xw<Q;XySS+7se5R<`06F+2F|npAkb75
z<%y=t0BAL}3LE^aCSPXu0AfQpBqWv#^+Ug^C0)fD_Ii-o3N;o%uidB1(946NbY9%T
zHRQfKLG?!ghGj8pUdw&4zelnOyaT+Jgx+;~1A!X=m*GZ`mCd=i;ZI9ADuS}kn(}GB
zLwx5^g#uK;Y2$ISPbgZnn4r5$-g-P!vIP{Lb1ab(oj07b%X7+>6fnV~X~)2vb9FpC
zOI%Q4iA`4v_0(66^jMt?#gc2GPfg;5#v35AFVW#FJKF`Arp;V-$BvFll<F_{SxRev
zgrFvsrO!T85Sx0d&1s3`=20ZRk>RDc_EgeN(Y8?^!oam$(hZJ9P7QlObbc(A5=JxO
z^wYX?{ddzv<!MUZ+&g}U?$nMkbT$NoWwTSf?JH=<JcDF&?$ift+!iJ$L^*A6FWI&2
zy>8QsU9QnzoZI~V=<USdIKPdY@LgFJ9W~d1b651jTBif3N=jAi#u*D;G^b<4$HCJ4
z-?C)wWIknf#hFXcwk6~4mQrXVo_Ew*f-$Mgltg05MJmNpzVQt5n^IZIYs`EghaO=c
zQS^ia>6$fhr-5b0EYD`o8OFE+M1CJ#stV?R1I|?zk_NEd?Ni~%%WF;yoY-A0%A4tJ
zQUfTHN4#=kiuVNvG5{<>!ZIF*u8`TtaMjz{RJdj5T8GQlFw4Mr_^K?^TT_#{^7eaL
z!JW56xoQ>tR_oq|p!Rq@hqO0!FnD4JO9Se#G?e3v!=UEP!xtHk-i3JEf9fh(C`uUH
zeujCw*Tc`Gzk^<uQhSxsF)*AKrTY=O!YKCxxo@W|eVznqW$)%~aPD2#r}TYaD@ho<
zlmHYTQg<qh0;rLEt&?NIGL7BUvdK-2cX#w52Npa(XL-9SHz>gtBV%rb(jaqnZ8hx%
z1mEL$A%kQgO5S5}RA<dKvzRJf1t*)y;xXNADk?$D$G^v)20Zy29a8KdC**`>?>;4y
zr(*CS6%{4)^k3&4je3*gg{c2G*k4pf;Y{Lse^-ZgEx$@1WETA?8#?^@Iy7}T_0s3j
zAwM{kZUdH)MPs3f7uQT$_%6mv$=As4gXvIs*CY^Sko!#tq$jq~UAVj#GyCKdajK*Q
zXDKDn>n0+m_)VZz^`X=h;C-EmYwlzU9r%kWbrn*LvW@q<HM`OZ-l7r|V$3^x^A*$f
zcE3(5aT;!fjOU);w`-|+d9#|*#g*KoJ#LrP8>Rn;$;;@zoHwtmD-9-7B5X94;l?47
zS6q?k(Rr=h9^{U&G3z9muTGJ9R$VBO(SV%B?w${+_fmtclb*etsN0qqoxSB@jxknX
z(h9zcG`%PF(6MG(GiqR+-5TTswR7QnJX~N-7+c~2upB9Q{HhgSvR+t&aIE`_io<T7
z(SQW?59x)%J^5S8c0{VK{P$6-roN@-4n5F`7cEf1O{gw+&AXAJF%lcDDPP7d2>V&0
zJ=a0I6mjNViYE_?Jd#{G0j=mi)RXyer`NNVE_Wg=?9FUQzb%gh_b=)ldY7Nat`H@&
zG*(QeA10UUyq{GfX&*kM=-%E{-8@nku#<KmXe?eQ$oK?h=retHlA6u=^P`3a#T{e-
zHRt8cGVu4m<^YvwEGH!bs4a}SyA-t@eOLpfJbO$EM6nP#3kvnxM&=i(&I#usjiFYp
z+$v^7k-kA2p*BD_qq+<@U0t6ckSoBSTNlWK)J7J_f|nq7K0)-c>kh$*O3zPzrok$^
zR!q^3AiH^JZ}P8X)EPztX?iVQm}glH`)2I}%|u;KCFbpoHr9YXe{yuN=rN`O|KNL(
z?hAXm1>&i0fVrvIFD8A&u!gUU7po94&Rgjov#N}&y1EoHRmZSTL7zb4M&GJlpLtsr
ziU#WknSUeWO0qX7dfzV*$f(d{v;~c)gf;?i<~{SIOFpir(!XnLrX};VqCl7RIHt<(
z>15lR)*rjuSPteAePgzhsO4=-m$HMP`(G|DQ9BK<Qa?!aMe5nwdS_Ug7zEE7(sN<D
z<a9{t$R1s11G*HuqvXzI428q-S_&9zR}f=y&D1JiSFS8FJj28_Orl`iqjJFOb@}qb
zovB<F<7vqi0iir;p*sN2x<V`j5*LS=rmz?2l35^vTWL`E+$~_ybVDl8B~_u5_|*u{
z8aEs+1ZGx=7J|Su{xL{>geq32*JSlV3X0C(QvITn^uJSj!vFtPdQwrHR(5Kel&|mn
zevu4Tnld`tb&xQoaqVGKH^>S=2(7VY-x{A4;Fz{Z%%8Pgw7JuB3LonGK-*|57>=Tj
zi~p|A9m=J)BDnx#h^j)@Fp*X~@<qaLYW_tPBPn^H9W$C0`>B$&RfU7`5x)8HRWm)M
z54=J6dCjm8;mH<;VZD7($JfwiaSr6v$3OZBGpB>*I5Jc@aPycN``+HjiK#Y}OqY6=
zZpFLNA9W5)cmK3DbQTYxdmT2JRZ*nb8VmU<h8#l2#HH0&FBKJ(y`2=Dc)9LyIq39t
zmQB**%?90<N=e(K7ff?X3hi|>Ar^?EBn<~7&nyaKhZ|&Uo$-q6=j~qVfYD@k^DB35
z6}{zu?r<`Zo7ylFzmOK!Fa_p|4Wkfh`Msor=t6t$R*E%zE_P6?^`>n=BPU6>A@qkH
zdu`W|cl5fmFo-jjq%{<NvpR58;<%-xscj8vv9&>dgt*5#*8cTcw!K>wM2w8=q=e36
zyG33GtNMkZH#R16cT6X0Q-gtQ8zyHyK6`D%0{ZReELM37V+-43@^QC)jlD|QY<!*E
zUgSW#x1+ap8djnY*rt-&G|Ct3Y*7(gLzXI!c6IkeKk1}CTigZ@t2RVCNOH;!+Vy~H
zJqgP99y-|XU_i*(%&+VpH#`vmXD6hP@>ZH(Uzy4zSM^KKFPrl*&1sT4c;~g+x~7Li
z&pn0fk816Qh1U8k&BujOS#?vNxcNjlWYsS(rn$|&Y<ZEn{oF-PP7|92M-8HyXNCHR
z{KSk(-`R}T)RQcaUhYv-JDBvLaD38)c5S|WhLr+6{dj2gsB%JBbQ;qqAefKPzN}A;
za|20M5v|nh>mRb&Og~6kS6rzxSgp%BPkn=uB>}pzAP|Y*A~|g#0_Gz-1BwFTH#NoN
zWDB2JTA20ptTfVN*}uXKWd?zKZ=k`nco#|6=o@YX2k>0fW%h;740n`)?VYa2{WV*$
zjp4pz`6Gr+G2SvUCB9%bA3+@l1mEt5Yktdf7h&E9(F=<l-}hha+D%XS?7JuYMTOp#
zmQ^HTXIkT@M#<H;xN7?QlBEJ?ERz9+nIT2Au0q6gweh|Nqcn!rXeG42%G(MbHx<m>
zct>2iVe~8Ri-|SP)B2qUg(J%&1PS`rvJYx%h;i6zUKq7TiYf3aP+VjDLcc!Qy0EQk
z)Bm6(dL6<S;DU%XFWR!?&V~4Pe1Q$b#$CJ&KvnhBEQmch7M-+b?lO3=Adl$_Ku2>G
zEYI^HU9;eZ-Q^4o%jj$b^Xsg9p(QD}!B{nXvBGkp9Q6X$v0j7CO254F^?uN`b+5pI
z^;N9H>7&&d$ZT!3n129vA`A0U3?zehLQO{B43T&j7k#fZUzG>Ul5WsfZL~ho9?Mj>
zIX7vE)ff~Joz~n}-dgdJN=UQNQp@ge8uqfe^^w?%MIPYeHhq2A5p3N;UeIsVUAA)c
zZNcWWC+jn;{Aa!*D4pge?RtQ$eWRO(ns}<yYQ6pFU`c(``)YswSbLP$Nz?{rR#XE$
z3xR-dJBHJE@@YdIw7SdrisRLshG~_$3a}Z$<)^1IO|#nFMu6M`Y);|n*|FIbvZ4}s
zzm?fIRVJ;sIWTpyXueP-2;wH?rMrTytN$XK?eb!yA>L(aX)0bb8A>ee&nWpb;`wh?
zP4A79<@<I?PjDInY^cu<h3Yal>G8_LAf$UcU@w@Bg=wD1RcM3Jw&iYd+huZ_<5-gK
zv9L%p=QnW%*N(927UZ_wiw%pWmgJG-Wij*_jE*Y7WPadzvHq?ApMg<sUnA1f@*lfE
z<AqYx;%RYw89e%+1Wt~y1T!cfHplI2weN1-DsgEyH#p!*#v8|S@8tq-kyrIjcDioB
zr!bh^XTmyW#f`I5*Av~OGUxzaUS6W4G>HUdZz$|PpRbLVi0yAKb8CYzS|>4v@j7Va
z*=V@sqNSU{S=`=$W`V*05!@X;6FTtIJ66<ogld<p=<zu(4Scy;zxxvHn5tOHt2?nF
z6dTU04I!tHc5Vc2dwCCqp2-`$`?x^cPm(=$q(M)%5IrX75{1=pz;lC$QHfr_uo}mR
zg!JUL>=09g;%OBemRB=~+8MpddLVOMu&xPrGw0R|S5_A$VU%6HE7-SD7=>?gm90bT
z)r=}<1B6h;7sl=3EOhJ#Y6$X_>#TxPHzN5-G&*0uDylOA?$C}9MDZQB(9)Bg`7>6a
z5LE2}g-ayGn?b{vrNVjt>#>m0!06i>pTVJhrWg4+3)<n-<>()nibJiZEy*PwJ>Tw$
zk2^rQU%~RXc~+=?S$kOfue;uVz5fDt{1)&59PnF@s!KA<ud|exuQl-<#-x*v<ucdx
z14Gege<qe3TSWDWJ5s*tUlZqw&2e}9B5>c^+sn!X8~>al`^ouq#d-YOlEBT1U<YdN
zK9S`%m*UbtsQjvP{;`x_q2+zC!Yletl3L&vy~W2CL1;w8tax#ra`8ZuoqZG2kwKF_
zIxZ^F(<J`s9p(Q09a91PeQHti49CMSYPD~8s`_|gc~GRQw#_(w(zY`%B^Ez8j*{u!
zzsTu7_&ahQQu3tCWUc#<+I+w)K$@wb?45>82Yi%HcoieLQa~cs6q6w)Jsn-`o>^vp
z8peYr22Ax~1Inm4lXAPaNpVeOBE~xA%-8OGLP6|-1TdKCif_Og_R+Bc&tHMc5X1fm
z^z}iKE!C+rC-5%E-uMqzIg8+pU~9+|QAHBdiS$sRttdN)gVGXK9Y@-6m{n1V<$oS5
zG%vU$rnySL^c7{=l{c~u5BU?ej5+qi5o)kMEVI&=)T=5X=3k5=sfz*~<&CyTBH+Uu
zIvlP*%b~rtu)Ck5wz4ohLT?<tVOUxsZYq;rtS8Ytk`+8MT0<^)DDbJ09(GyuzBAZh
znZX(2-}b|=8L=OVvRDnaoP@Yh#y{6xEpB}+`4~{dliQ7~R^GnR?q$~CCLw+|ZY^cx
za|cZwiR6q*WrgMOW3~}^yA&{iPiwX^ej)qa`?47aaYT{)z+J3~^2tVIqD4b`DTDMj
zazP!ma5%T@sU%+@PkF8daCU1!%mBD77VoXPSb-w__N!BRW#Pdg{i;RPA8XAaI1}6Y
zsdW{ZXlP1Ge;~W2G$#E)-IV7kB~O``X9=Z&pgWda)f{k-%<;7(ou@UKb(fBReqPTj
zn98xvJu9XzCS80F4Xf9!i;M2!x|Uqmoia5*0;zGN@-vAj8F(ryLP`!y$`3)PhrgW4
zcHS&#LcWJOgMVmarlq>Ul2h1_jJJfl*9ecMr)$Y=XKu|WPP+mLbh@BnefZVnWZ=N9
zOfR!1Cx1~XHxfrKl9zyk%JuKltWE2G!^Nj7#{OUpruT)&(QDOh0k8b#e(x&yB)C=M
z&OO!<(-O&D^T)uYs0tZe7qMes;@P+EaLCkM%X<EW(#5w!Uq*ujL#>GHgPUXdrm9EA
z;kp7L!SjkI8xup;1M9|EIs?hqqWuxgJ5Bx*v{jVgVCC5o<XT06^bg(ITn)THY_$(M
z;vztbHMd*HBmH4s5%CQG-aZ##X&fe7jVc9G+uvE@QAv6;%@-2h+jx(KUqojQ>s)T<
z+2FqIJ>5sFhQt+o#+gZ4U-+KYexQ%L@LOJ1IbRj-7x*+R1L-@P7)Gt`-(ueuLe-TA
zxvRKd9}4KJ+~pjSB*>rAtW1jN0nBvYSRJjfH`4Y&kpX(V?E)_?4cO);HHW<=S-*pD
zim!<2A%@r7xEcL@C#m1ZCV&F+e1GK-lk~FkJUtC(O>&52z!YCts0QH}0e`|G0<qnb
z@qVU3KJ=nIo<sWflkt7~$jy(O(#hr#y?ZZvj$No}ncTgTK8h%SE>9cLR~v5vmA;?D
z9)P9zL?~2j7CJAs=8{s;=EoD}=J%B1bSlegLq(N>GIRSbjh>Hj)N1-E*>i-@%bG&T
z0OSfqW%<c4)_5_CP)l${IyFxe<aC<kC>gq#tYd$`_06cpY_!~7`qC{9#mf%2RyOSv
zm#)~Kf8#qz;6^ZQ!s;beVw02R;_R?4PL<9>AE|B>P*L@jm1TI!G<`c`*dEI6)SS{>
zk)mjEFkq81!Dr*e<QP-b2H4$hB&-CiMzg!6_2>aV9O`!WCd2Vw4$bqNA70|YmM<Nc
zA2P<0MaidcNYh{IR?$CSC{sei31>M`vDFVcmR?lK>faf&6fb>R@BUrrNMP;oicI&l
zob6yMz)k=9A1Is2dcts#k3X<!p|dIRR)Ye2CRTvH!gz~9n%i%^VwR`6B_liX&rAD%
z4?3cl@HWJ!7ND1&DHMn^m_?XtY&&q|LZ|RAs<%yCy;Xlu*+TyK=kNZHFD93h87T#8
z-SXZ2XZjk?g2aWBtgJ7BL&bs<-b+g3@EVl<iQez(<mHE%o7-}ft^l<M6MuTclqj9|
zi$@}h6ox8(N}lm7?BKFdNu=*!f~D0Z-C`DB?G`Vhv2^R#3B>Yyk)c_R@7p;UZi9-O
zBOGYn4|J#9=)M`>S`XqKV7$PpB!_K7Hv|b0+sxc7Vs`iyRZjihi2Z4+CI@URZIXcL
zmEs@I+q@r6u`!`l>Xvy_>KAQiZL2^z{Cy&apvT&k4(idBRk0?ck{Db{6+8ck^IZQY
zUP(%P)a?5>(_8`8XuKC*NPbYd-1HP~ncA4sF|O28!h&u-C)#(!a`!y%SJ~PEa@P`S
z*kb3Rouwdm>{*z;13q+a`oVPt=;XFk^zwnH&kdV8T3_~8oc^pBISFPvS-1ryU)^8b
z<70+5tLwV(CvEQW>%{xB{*e*a581STdY>rQ?(7l!<_{7-9#z#GOfSRy%mt|UndYHc
z*A+GeRX}ERMkJ2a0wZWo@y?q~Jm4CQJOk0Os#tGv#)VLRlYnN%Ms&0ObV!JOx39k=
zDrR9&f656yTH3wmg)eV!H5PwXWBVw+vrRBz+I6+sr@;^WkaR$+jNo<w#=bw5Q<N(X
zkG5}!zY*s-SxqCKWSt^uxM8Fq`boo>{sGpQEL(-V36Xg`;*h^&U8zu~Qich*n;wzT
zQ;{p-&tvhZ%KpiytT!)U;wd}no=`AygA+*Ne<M2%HaJ?0tdP<0!#8`!*kOMB%H9$o
z<-H;q$=?wNmeZ|ySXdz11o~NcD4Vwe?5$HNG?p+(B^GJf?wbamH!>=#VTn(zW&C#=
zS?fndgaT;4H3^<cU&_SF(nCOC$GiDIz}Wd`9SL>=IbU9)@j|zj=r~u=^ziQ@;su3$
zEXAqXgnEU$u?`6A%zVO$Bkhes&Z#Ie9w4kwM<1<}yi@)u<+_P*q5PHjiuqkRIz9hU
zxEBwHpAW_BWC*OPE&JS*WXVcSy+E$b)<c_mpf^=|URBP{M4t?P^7O5O+j!YA^cW3T
zMdtdVisyWVU85#J5b--<jnM#Q9dfK`Z5y=F3E)*BE>pU78QNuC+~ne-8Rm$4HfsAa
z6D&UvrDrsvx^lRtTJ)d_b0~zR>wXPEBjg%WV&}Db!z#qdIz7)<XAyR=5*L19+F;0f
z>3T1msi8W?reV7vBGV;aTkUpoQ<4P)fZMH!{9G7aL@eF$?7xsry>HrO={-<Yw3sYC
zsUtaBx0PX@b9231Qce3@hN*99-`{i-XKygyvp42v5<kYslAF*#5cz!(On1^s{cakd
z&_h1hNu|r7W7X8BjRwONO%~kcs@2H*WrQV>jVf~8X^2HEHqjcGw$Bo6ee*}DV*l;U
zSKO6#8e!^&F;GfcnFSJ@vQPh#^?=qwt7po@LDJlyBV?zMQ5PDhh8<(<_w0V_Xor68
zMii1WZWJ7}xGjD=HWK^wTK;e?v$STr#J9c}yNN|ed9v_)cm?6ffS-xRieP|>NQ~!1
z8a+GI4&w$2N@FO}scIG-X3(4{cuDZV_r;|x9r_~UYmPEBurKRX<J-YPO1L9ch=FT<
ze$+v^90A4j)n#j5wLR7S_DaC)*VA{Ye^6BdfBS|ZIP-Dy;|0%nc;*Ir?98h8d)-7q
zCfh@$;kTc;IZL>I`4-%D&CuRiJFv6gC(YUHJhrcbf>SaG&_^tZ(>w`g?YMyK9l!Fs
zgV;kX8ZW#7qP<jtD@-M`qljKp&5IJmPd;<`9u{^wbj>84E(161zo?=^4bNMwRD)x>
zsW_4S0sbuQcMZF20sfUh0|fe;J96^KPcJt`utb^}I<s&_MP<`}AYzI9cC7bG?D5Y$
z?W%AW;!`W+@LDI=IG9B=`J(p(dS$LxF=vmVy3YE)3n#rsjSguzcy+1!^*on)>a|^t
zn=;o=!+;+fYJTFCIiwDXB$b5LvS<p`PW_J=RqNm{Dk9f+?%>zIshFPy{bXqmthg$0
zG28EiZvW1(SLW0X9RH~s^&X?AGM7pVsIudVcRCX9vy9o@U5r`&r9qFbn8?c#(>~TU
zcHqmr^D>}&k~}_E3}bpDO%Mjg{iE02lM_7=|JYUp)&JeMK+5a&vS%Auqe`6aB05yl
zkIUu~IwZ;af$^LdV&83r1Vyq@WYgT56y(!oa$1tDFxe*ym%rj6^F&6<vD9|K_YbN9
zb4q=7!yV>n&eHa4P_#N`4#||1nb2RJoc>@b?X~l4&b?K{?l7v`%0AWP%SCOrrN>+(
zw^5H#(HI9`5iRxZ60aoh(`{}pTuGUR?-RqY)hbcMAAZ%3CC6<;8T68!P@nySQ<}5r
z2Z6Z|50XIB?cUx}ayYak37+$@RPSL^rfhJ`R}+c2U3chUIh{J)^pU6V+vI$3AOsPR
z(b-68VI2zwO9eOIPJAIb+Z}Yp@nnctQQ)|r#Sk=ZVWJ-mkFHRl)9JK1i@&EW3#)?n
zA^Mj2btopUI+JeO0MByyRv)3siCSjU+FGB1g`o_1Kg3zt6mCdlNlD;_z%rhd+5s&1
z?3|Z)=N$ScTHH85`aU}%ytWKFzPb>Ed;Czkl73OXm`b8u3tDARx%UcctF%ZRWnl1}
z!c3JxEDaYl4wvPj6DQ-juJL8bPVhCNY!_LvpS>|zbA20f^zZN+MHT}-Ro-llc(tT$
zjeO~M(d}UOPn}4yOl$4qGQSYzB920A%s|2rDcHm--c2KW2K|Ayd$QWMR`d)Y_)QHs
z=p?nq>utvKu{Kp_O$FcbS(1g}InU=#WG$gPHxHalm}VCiV-)<RF5BOU1U96;k1jPb
z6n&d8ui4}Rm{EYTZlYwybJD|sG)N@{@-A7nhJLW>89|9Y(QDyeApkU8GUx|iymNf&
z^d`%v)~UY#=g(w@F-xZE4u=&_qIsg282?!Or|hzXA@u|<wZaEApFH}MZDp}}rqo2`
z0g4!{t|8n4KC)Z8$HmOv?RZ`)P@TqDN*yn&t7G%lD{Cde$!GkH+#`3}0P1Bm43hUu
zbKc<XmZ&oM4O@SDkCo;30D9|+GSot~UYM*iWZqX#NL<#L$0aUllyw|IhrNPT=(Qpp
zCq6rz9yfpI>UfJT6CMwkkeQ_*DJ1(TzGL`5Zp?0c&^uY4Rjpidj8XBX;Ykr4BdMz1
zplGTcti+j-7xn29UVfSoqarKkEE&H6QQlvhhIV7xD%)-%reXF#fzkJgLYGFNd}lc=
z8V*)Porl7%l6Xdj(TnF+56ep_g5qvG7sc7VVHqYVu@jijT<V;S<uOYbec4EGJ|t+Z
z7+k*Ub&Y_;GlH#=O{+V&yLY|uh3@Voio<u{9pw?<aIWzTjsNa9`yHZP8~)$M{;~Fd
z8$y--7iwH6E_Ay)Z1v&VO4bM_**eYg+BMJZDwGmNI;G!BijtXy#;dM48)SEuM>U%~
zmHO>(^ZIA;mv6RLaa>oF%M|7BXWmnt$b_ffw|?6{@mF78QwV>ty?0DPO<^3h$=grZ
zwC=v}6xcD!M+~86z`lGzoU2wn|24z^rlyU2{J$>ce;Mbr{On$*vH!91TTP<DeHj;f
zj`1IASv<7Lo3v~?bim?mxDKgm5l6|RWvIALotC#24i-Nae<SjM?J4Y1Zf-ZHi~aJ=
zc$@CIlH;M4s!hURP`vsleQ%jRWJB>s?v1lgV-${W5rQ-J{Dzkkf<L97-~Ux*V3KP3
zTN<hDtLsm}uLGR_p6;g0oHE0?l-YI1Eo=U(tZGU-(38M_PsdW>abP$%_&aURe`fce
z=^R=+{;yr^ee+G`ndQU-njbGB(|$l#7rpCVF?g?Y7LecWca3eC9liBTd)^nVO{oL;
zzG-?<B%EUJqX}(ql#;jwmjS*%t<wR2P)XjL`PZ&vi1ZmgFxx-D|3$S%BWm3`n(Akw
zJHqJeg9FXrJx}fuf|X7X?v-9U5|ICFW{J09^B^S43;LJSHTA)CWxrIPil>AOO@B8S
zeyj5Dbz+dRT4DK8)R_M9f84*n4+cfP&R%z+a{bT0asNNZfy^E!O%U$?W7c;+H@p<u
zb9jGq_}_=i@Bdi^DXXRbTNi8DI{0c&DW`k(=a+^q@Z7$&YE$}r>1|0KA`Ah89Ydbs
zJp7Vb?zq}Jy#lgLLUe!sk~4{=qB8ym`tg@hrEMXu*VetZEk1hR`n0~J9X+b;31zA%
z6@SAYxuEICGm~+~Cie{$TFC?BRZQq0d$PFp*t<30YpWilz!E!nceqzV?~=5DHUI&;
z67{R(_x3&u`sHan);A5_Nd=L7*P}l$TMuxoHXUm$##XFzmLJZ^t!ok4O}n=KpZ2~o
zEY2idw26@r0s#U957M}V#y!DlEVx7PG|;$vf;%*gTW|{+Toc?0?hrJ%yXE%GPBO{t
z?A^U*_nh<G=b8S|U&&WhZ`D`w)~owE3Qs+aPGB3oSniCCu{_^iCg$<I>^MqYIC5gj
zjeYhfm7o(fyBj!v+H<ap8SZ(4SO2YYw0$k7G>g`;1LV;8MiAdC$9io^gmF~V+3)F2
zjCBJX3ma!%?Ur+K#AUqNMZhDLyLT+Ur`N@3ze?D%yZpFVWziF+PRyhNJCF0e$?-jX
zR<ejy`n2Zy<=^^&j+@`<Ce?(L@I8G8I2KQNspaw1ahu?PeAF*!WT_!b7ts4X-Qin@
zc^w{{MQjNDivuBOn$c)Thgc3f6e1VjhKdqjLrWKnQUUh4!w?x80^}ToiMnJ*uW0X%
zacTvo^7;e@8zuC($VGM7nut*km^1A#_*4LHc2gOBTdY4kQFdOio)p@~l%aYoa1{z0
z;O-_Xy=_eTl@bkAndoTGx^<I(Xm|oEM$rsrc%aZjQ9)Ig$8_4D(>OI=b-#HBDIpT{
zu5RW<!bA<orIIf`IYgc0?kUSWQ}9Oy?q%%CB%2)#d&rmq;5;K2g_QxZog9Ne;~niE
zr`ZxWQ6<#_6UNb%v_^%CeV$Zlg)qSDhI|?>Xi&(>zbunR-=Hbmeq%ovBJ|jo3dcva
z%uG8qUMXWRZ)Kh}HjkXICnQZ4Df;pPSy2=Bo|o`3(|xq`FlmYt=jyy;Iqc>oms~{t
zF)qZ>-vS^#PgTEj9BJI`^x7fp)6yqwC7ArP3h#2vD12K3{((4qyi^0j#v`<x(+XzH
z;Jw(YWewK#=M{Ea%~0kLs>x*kAV2+mGj1D~&c}VY9x!2pWcRE>#gzp9)`Bc}sl?TR
z#KZij3@9J0XZW%@S*VL<mMTZysYy24EBLUcxRu%j_{pcS%X`UTVurwkVN0$jMc{iw
zeTnfZ6WOxrv`rkowi$zsGRbA?<(%fE&y}x;aOh;Uw5Woz{4noJ74Kk}6;c2xqRchJ
ztVx(RS<qV~7FwCXCJ1453x|fAay3GXeT*T%#v_0FcV1kDT?k4lYPk<%Q!TMbLCCgn
z*HUiVxq@!Sp&3mfhjIpICiSqeaB?eN$W8pIr12u6G%rc<k<E97-B^`t(j#rq@seqW
zcPym=ns+3it|%)8Mj?alc#5jdLo$Q)hxI(HYi`2pA!<~{MKTRz2uynX==O=w+$8q}
zanYbHpE-zl_4E_8$j?8_oPtJzuU0;td`UmA2&)xBOW3|<m6vy3S#>VXtXnZ`w};a;
zQx-vS!YI}qn`-C9-v0$+UZAIp!@4=K5Zop?^tst7Yef*=$>j4OVO@dIMqXO9605|8
z*tJxaQ9HOcvDq(RkuEM|;1e63(hE(`0E_NO(r68J#f>@!Qd0?p6zHi8@t10-+{<-t
zXJFPjZmscGz#ye6r0P|4Qc%7u!Y)}I^QPFN7Bzc*nqbAjvhx7*N}YQ-omL`?a_lg2
ze&e2YC1rFUId$>6j20TY%}k4-o*?ZZ+1l!DS92gmrn$SqLr1Qx9EEjXmh6cj)#046
zs0yqx?h2mG6apf&ULYEG12L9m&#;lJaK@(iJl}f5O7O=J#-SipwVPes!=KK}3dxmM
zvg#-^K`E}u5EQcgPSV>x`Lx#YQL`Z$3Q&8E7pl%MFId!U7<5X9e8B(XZq`bpK`?&=
zXj#(4Whcr-c(F8rg?(1O%0VH3je79?il$h}0nxVJcylqO5>Kd7A$HJu6bO`B0Tp)w
z18LeZD!SEj0z}ivSwQ5(HiJQQTMTXG+<lXFk{n%ig;8wX#+p*L(s3wsMbW*PGW4D8
z(GpN#O>h8(VZ$;*{upmc{uiZV)Ms(}!3!ImPb6t2j-b54G2Q9btnb&P0?cB3eRgx;
z2BM;o7`a~WG7f;Y1=;!a7|Hl~7Hl(gko6srUNTs;=Ewv%$NR97EDvRgiwMO^4(^g0
zDHpvm5r+})f_f>Wf+cf!-N5_G@~NgX%fsa?SEIOhx_6D_?D^kNY{uMgDc!B#Ln<6D
z5GhbbvWpdMACXIHXu%4(!_yI|1w8F`N}AEglkDUVkx=dsyBB9>GL_W8U?Q4%pYmwi
zr3~jFc<oiSZ0EMSQq;kF=ss=C#?mC4G2Pp?bkX<m()_Yz%?BEwH3CV0vwouhQE`Tm
zh823rV1j!c?^G*0p04w7?fC};D9}wftsuCR^Xh{pvI3+bpYO_IDceKWXVO0dwKKLH
z@+S~-sML=<0lnGTDK309>nqajnk&ZRa4N)gz(43KK(m#5BzJzTt3ZvqjdrX49<V%8
zA)B`J#hY5^i2bZAx9OFQ{8$cRn+r^BHoQ}RpSggA7gn#duqb4@EQ7LLyW_(;w1s2B
zty`^BAD0mqJ+6^J!ywp+bCe-D!*C3`Y}<4i^PT3%jak`sWMA}?P3_%ror)=6E7el)
znkMp<3M|r*R{09(2Ys2n3Q7drOiFn1?OeER`nFNuiD|h__L_l0P4H(8TSbBF(WBJe
zIO(qdW?O*>LxjoRsBZ=T>GK9lobJO?-v=up%$o#Ex%HJmkETW%mn#I?D3rOmL8Z`R
zeLL6=bYR>|wa7$65?sHxI-k|Kr#_v9s}h?WvSe=70NYIvIAEf2^(zSt`_M<M++og1
zZ)4rOIXOSjz%y2E?wqXic^VYx7|b774_o{4Wn(r6iKuUniUr?sS6_|tRu%ixEi!Qp
zA`s@G18iLax<@e_IX@2qQXKP(ic(hJ;WG^B<5XsVHmpnq9HUWniCt@Duz4ZK`C7ap
zoO+gn@<D^~gK<4nGFdqJ-Xobr!3E@y+kr(RuqngduIOWFTyop^!qtSCSY*^#34%P<
zjBZ0KJcQ0J@x>l$m9yLk=(rSd`LsGzd(?gHmABO>t1ZXP$SAP1)!tgk-y2k>3Sc6p
z&7UfrjDEW@>|(DmuDm+1OqLZ`fG63L2U}nGoWV@;x|Q%yMivD<`1H}7_H@j=In*8(
zm%7J&<s=ruhbAe3eWYLUcseFk-@7Z5g(ib4+fIwCpuH2CDOyfFn8t<yq)dNN>nTkL
zb(|d>>#07go&dFsgl6xaPpWXqMDV~coe6W#kJ2AI5K-a1JgwtUwaJ{07Hd92!+ugR
zLnm<8TXaV#Db>#jCK!Xk*cqfg|FLZk&OFfdn&n-)TePzWy1v|@zdXG1ZUs2<bB4C(
zqrIryjL3mcmD6Ha^7vSvUPQ%1^z&E_?rY|nYA9qX2xyTt6I;`v3EX4E56Y2H5jP`|
z{E%j)k<;4@4*Cd+5*<)_=7S=_dug4#U9rr8L6X;&5O6m*y_#^+nwx0RigK!N+vo%X
z-@l{7AI9(yOO`-coouu6)pYc>d8i(!Rna*qW=pTWV6bzbL^JQr5LtjRIo*5fE`_4e
zxTi2H)Ks%W8V5Uaqu?OBol^g>AbmDfYC!@)4Jg9JrauhE;O}22%<oy5q&9rfzp?hn
zSYF}cgW-shECT6vv$f+sNG98qaO~-C(LU{LFX^U_wh}C|fZ20ssT4!`6$HX-rL<y4
znKXi$)<4O$tRHiv$T^ymoZ*Hy_S@i7-LHc9exBhFP0IE+6}D$|GS`T%>?w=8^!s=|
zp{|YT4h0tMtZ1Fb==%B1KeaOAR>C)swXCo@VA9j+6$@`%_ZSzU01#Vt;R#_yF=Mvs
zA@1d-7N0ADB@B1hPc<0`iGZTs&_@7(S`1=!BB^i4j>X%YSs@=`ioky)cXk?twTY$a
zOm^A1FVeq7xaxTOe_6~Ar6RZ55r*lzEClNB%CulnTv&ZZ2>2%S?+9X*xCLL!kPLfl
zOToC8hxUbw(9aPz6q;~5C~gS+?#^Pp|NY!<AJ&M+47qx{JDH9K!kA4@*^T;<2UM>U
z+LfZLIB?c7P8qjK4KQ#ixb`t?CFdBs@7^j6jDJr(mMV*dER$Aa9AIXettjJM(MK1N
zDW;Y>nuy?EeFYR6xcO?fJv}ndg!mY_-A#U;#!zOvMXWpx*SXe6u+N^`k~m<(BZ)O%
z-D2+M$YUg9<jq1i1Zw$e0}-0EB>o-xv;(#&%o&ELNeVal_MB5ZxDakE0>a48Uk9Am
zG!<H2Hx9e(U|2b~iwquW>U4dc;ni`m#xOe&HGPkovwxh>uEI6BvOz4p!atKQJY~)R
ztr}EZcu;wFMh$N}Bd5wiVmG|>nR2#&uH-h4=~ksRtzg;O)!5Ntp#F=)<n2ndUfeg+
z?9Di*C1YLrMu~~`f{Vgd6<tiiWxz=F2MqD|%45hrQ^a<c57Z{UfgRtXFRzJ>bLHgQ
zHJp6!bgXT}19iN=CNCk8nSlw*z}r{ul1QPmysZ?H2YWwQF=1n4LzdPuETOU7JFT*N
zn389>x$O28u((>v6^HzM#C|Tjh}sPumt^05abYT@WV}|i(Cc|_$#eux@pzlcgM6_q
z4TY*9x-!X7&Pqq_^=S7Sn%Zk1vuFvhLVLHB2_Uj<Lw#b3;l0Wba4#^vs7Go1I%Ha|
zr{%G-$<Se}@B}6uDYnkdZb--AV@V6X!8qzqG2K2Af?O1x5-f5wEP<MK*eV=jV9tE!
zbp=`c$xvvObVU;Zm{6@ii?S^W4-Zp3z{PT>CaM~V0enQe7I|vX*e*f8A>-k6rTrD~
z5b>d;0Qbqkhtb+b=ZuUmmYhYSrZ!cmyUVHfsk(~R8C~Lyya{L0lvDk319EbQRLq)&
zr0Gigfsd*wm%#Q)?@QTt6G2--F2^bGi~Dn%0y2sUqo2l@73455(!>zn*3w&-S@?%o
z_>GKv`r|^!U!<uBo1os^Dk1WQ5kSi};Td(pLUo2Ta*8orwVy$5yr`^@$kFQx1T9a>
z^Vb!HEo=Q{5*)KPWwA#?Hu`hy=Ou?Uz>P}BDNkpXTEa+?1@GRQGfRYy4r|cd2Uh|q
zI(mY`A|k?Qj2o*xrc)C7t=sPKIRw;Q<T(w0njnDEfLU0`Acr-+L;bK9@CbVh40LtC
z&1Qruwa>QUMZvH~UwGpn@&&02f<kCVa*)Av=rs)hAeaz8CcVDy&|cB0nGw5OyMOiM
z1OVU#+Fe9mbv@n^p1PPmdGT^gx!qc^T6XHWq*<wVd~`Wp%aSlcr{C-CHq*9)%Zq~f
z<pDNO<SipU{Srpva$otk@Dcvl9o1qhj?nHegr|xIq60JyG2YYsVMj@AQ+DO7>zHNq
zA++EiYdI1Ko@0j+XC$<ChCJ^9w|Bw));)QICR0R=q(w&u(ie|o!4uHc=(@lcah<iB
zSK;+NjdnF*XM?!s&$j^pM~@#<o_z%vFxfE8n5SRc`do**cmjwK3RyoUsl`iPBx`lo
z2$`aj7Bnpx;IeH{>C1Ki6U*64`36f30_YK9;P^@d+mU1-5cArz?_cT<x?JDW|EB`T
z!aMIW-0yjihVFf%>*$RUovJsyYe0=Bal#%4praA^|JR^Fy4`Pkg?mq{mBk>SMWbrK
znhK$W?4(1T6YWz`&c5(~P9k103a3p}E5m?~krZ#`#>@h)sr;neOW4e-O{$It5hwKa
zad-I**W2?OAB~oJa+$sY_~a50-uqY^hpG{3SLw=OP5ciWTlXB<zHEhF+x7QWW^3`@
zj0~yj4ulLNEEW7(e<b4|Xz%d?PYonLJ)s<m3IN<J6t)KzFR3w*j%q)zSTsfGXT_Nr
z7%q~NDvhol+XashllyKws_D_am9-%1oSMt>ve@_%3lm;CK|>CDUQiw{sW*L0Y6i%c
zDO;mV&)t!@l$cjm9EtfT5TM>MaHfO<A3Jx7W=!tOip?Rk?xKA+759K{4P!8(X0o@X
zC_uPW&4mpkB4SgEb&{}^_npy)Qsa!?tj3gx32|py$9K!!x}%AFurx|}EgH)R%nI;5
zfxY|BZp#uBnCg_+Y>kyip0-M=e+B4B<?ml%9x1k^zh6(tJO3=|MdF^>K3r4lN`O$)
z*J8popGBKJZ5uA2Fk0vLaNi7~$&MISc{+?gzIBwP?YUUQx(K#v5(;E1pcLmP(XIH>
z+BJdnc#%#d+f8}1a!pHEKOmO?GIHTS=JWBb(V2Vk3nP^<&90#568!W5EG6v_yfqyK
z3g1cHWt!INQbL7LjCghmO#8iU^y;qiOPw2SD@*2_j+$>cW`zZxtBI`1uP-w28h`NN
z975qYS(=ER#ijGVHP|-XCxfsJ#D%~jSxXdZEC(#+>Z9zRr%6_&xLIM*a@uT`a!<$K
z^t+WP%=K`wtn0<X1H&Ow;fc6|=P|hC)0KQU(2O`!D;C~mC+qF4g5A!;(v68+)~x4|
zGI`u&Kt>vAv+|TTZZz+PT|4@trf)oK8}%t$Ur{f6HPX|--64i8&ptF>T^s0ie=s;&
zlMqE&KbDK}J!TlO8H$fmBqj!ZT7vin6MlaNJ8YrDKf&x|rI4I_b`J2!R5{An$qh;~
zoKIW04*<|S`T&@C@j`XUX6QzJLC;x%@ur6C0fKRJRF&@EBHtt*<-9NFtu*Bfqsj!^
ztsu^h$l-{lXjs#=GhM#gqLt=w`qKBy-F%Ps;|2zupl8%2_cNSa5ce{(Z0u`cZL&R=
zFV!i$7WhSNFCTGIFQ`{=B+EI<<afEBgxBdzvN!j+vd))lKOA<{WI$Znlqc%<SElQW
zqzgu>1U{}BRGpeknlxTJ#q=J%8U-Nr_a^?ZvQfsKySMG@bO)zgs{g{i{^1g5kmDg+
zupu-LO1Rcr^&sm4AcfHWQ1YJ!ALH8EP29pBn_zC6tj-ka6juq55Wx5fxI_=n1oa3u
zV@EaZ5eyLW#f8I`iX1NkPa2DLgwky9+FKEN@pBXF4o<w1vlfU&Y#$G&tEid@Rqo`i
z@br1P+d9~^+ibenvw3zq-3e9kwLUOmkX<@!Ao5G_lw{FFQ)Zp-4QRWv9w}iem&Q9r
zh&gq91sqy2uMx(<cdPXu5Ne}2eR2!4(ZHX!b~Qq)xbr?$n;mvuvjPAxb-(<zTQ{Bu
z=nn1Yib`+yu!k9E;8`=BDlDsXF78<*d4HBK6+^LI(7?_SFdWYgu9G;a%ezkd(lAEB
zDQCJ+iGp?4&^HJnp<pH~6lXc)H@wdsjZDQxd!8_wI>!i=G+(snAjC`NA5WAo=L<5c
zjp3h3=y7&dUw=&fT8%Is!rOD9SnfESzL#=cd&d%RaAb1C%m!31OU$IQpN*d58p<8=
zq0UiImXv=6xDB%W8@T18DMhSb_7~9CDT1h#Yle<i60bF%UkOLRI!S`Vgd5A@>sM`R
z&j8Gs&wefN=YLP)sHVb@5lSSp9?lPw{3#`l7ZHlc%N!}Q-c))Qc$bL+IbQ+OaTIpl
z*-HW1BuD9A0p3jE;<r4$W9v6ZQj8nt6RGmP0%}CdLobCJ5J(I`+$%(T7-ko;xd)Sd
z`D_$DZQ_0OW!ZMD?n2krvTZsOB?p+{58;YYaX|GK1;{9YYspVLtrCJ|CMHd*vbwhp
zz(MguVgauN@MXV{k9TyKw3o2((#CM+DM4#_7<h6Kj^^^7Hqy#=PE^~I9OF5evNUa5
zx)>@=vDGNmq<2WTNgq1NyX(-{#~kA=n!d128chdxsev4+Qiz_qIM~Jm05~hu--qPJ
z>R<@A;-Wrfk3PP>wKePQ7!KD!+s1??*|7HRh<+67oGr}7`#!nBxu4gH#>dv!Lu(@l
z)QDxeCi9mn$dlI;i%3&~BfbI@_N-Uj{SBk_Oa1pIg{0YGf)Bl6@^FOrYGEyJE(}a@
z7>tZ;Nm!fo(2!;@1ZZHvNsrBo&D&u*dEyDczW?EG0Np5Rw(BC63pe7d+jQ#6M>P`O
zPK%+4^sn&48v!kD<$G62GiLihH;vwCh*d{=1J<@RFC^rzd7#%o3iYNspMq0oD^2a|
zlS1KyNO`e35rey!1thwD_=3abSu9{Rb}vhqc`l92waiD(-12wz`2h~nd;!H&#R1F)
z#ibe+tYxt9vYcu>#E+x_(EWXoehOgA5M3JD@$BnAx`GxXn9Y73cv>=-v8@6cW`J_f
zpI-guK@3eO$o->$<3DBV{-N-HAo@=^SqOyJcj3R>5Yqkrr<6NWN}2MQGqC$jvby4A
zdn6IsLf7egcnXDO8)ytM2@2-y>EQ6R@j=5$QL%CT!6uT#&t?Wt+NOFMlg@ivo03a9
zohpq>0_*%*NgAHhyiOb(l*?S&(K(%80g-WE0oe{z>B><EB#2(?S0qTY(5`=PZA{X0
zGlJ+etdKPtK2$*ctM+-EW3XN52_8)*b#0c7XrdNEjql+fx<+7TK~UVeiSmeIH<gE=
zpSlhwa#?`p?0)-ImLjui9w#lRMUNu=ZhplPStdRkGd4CYc;7jqov7Umq_*aTM1Wyt
zUSs&V;uk-55ss~kVT&WD)3-i&&NVFhZ6>O~uPq)f3km6jj-@r!7r-<}-yh4+A!wO!
zGqHp!!)ESjiu}*i+MJH{_stqdm|zowcEMiZG)u9L;CPdI3kT3y{ae7DKr_#ufJXXB
zbQb4Dfi3Q)1@N*8F+8mq!BOaINA<5<DHS|=w9uFS>8AHn&3}uaF_sN&6~rV+h7?dn
z0Y$2*5q3lC3~0?ZWD@h%7*-P$!mlFV;j*#p#6$@kG1d1J6cZpLJ4%Fno~3G@Pg=M>
z)Xrs!oIWbFv)yx2p_tz<XF^s}E08t0s!Z?s%z(Nf-ML`BNcb|K-{4Rf7wDw;W*;GM
zzPM+zWcLP^ku#VE0`UbSnsnB9V(Eq4L{Hl?56r$Ca9%hOh#c;dfbVOQ1C@7`#)QVl
zIP9B01AZ2iyY%9mDSJ=oigV|FHlu1h!_I_)l@m?u`ciiNkrNie-pcIO#OE4wIcZ!x
zEQ;)En%KORALZU!3H5y&UpZAz@Q`=ME8#Yg<mWpz?s~i#tDqyUA-e``Z%kW3%UHe3
z1~I*#Aaq3~^?vc>N$83E2wG`xd#fN70J!nw+n8b(mR&hz3&cG1ko$!s{QDsl94&rn
z;0(Nam#wl5`e%p*(ydPZX-9#}tb>bB-kZ-svX#W>Uja0A*N3D$xa0jx^H*ZmOP%C}
zS^^Z{-v#2xPd!G%t{*l$e?t83g6}H;b)HY<YLM-n!vgTA7yy{=e)cPrH)Y`qWfML^
zWn*&ZqA~NNkflYsJqF|j&~@{QST$bwG{8$DAEegAMz#pF?I$yice8t~W(QeYOXD^k
z$xP)T9o#25P}D|PjWSy95os@HqF&$UZbuM^$b?n85d@+PcLaebBF4YN$wi)Za0sb*
z`gCbTTn-L#6}SwVDlyO*HteZ0P+dRdB}pO@O@Qw!7Kb$r4x#&P3IPBbk6$8yL}+1R
z;H<cLbCq_N5(%NQRuWkWdz0Q{k%t?XU|`tC#U6^nUoCR3t96vxzu3y%tk6&H64oJ2
z@gLhc#tlkgmQSKmn!t^v$CffX(9JiUHnj~C1(OKDjW9g+2onQtw|oWMUefTn+#z#C
zNIpi|0Z=o!P2x*Af*CQB(Nes!8Z7}gte1WrEyUlA`0@dQiP+30)2%0hU2&ZZrKs-C
z(k75J_(Fev$F77HRssE#9S!-EwY-D;LqluN8?o)I?eeT=s>^M(i6)b6j94lG>LSI-
zm&y;97}>~#&{F*#m9p{g(Vz%E5SC8ClnM^@$l}y1J3z{4CQMdH$`6$0BV{;**bT8L
z1cEvEAMMd-(o7#S1lf#>UL-;bELh#s`nLPDyxR>Yf!09YY%MvmCP7TmOuV=VAdQ60
zlCa3QV9z)3|M0y1<6(vH!Z|<JrlQbD$t*iM1z>pjhnJCB8(*f>3574r70b?&cKjjt
ze<1o@^kRnytD!XF6nN>&U^VBHzux`1Gxa1w%M-9WU*-940D|<WclXr<3o;`qFac-i
zb5U^;*)_Pa<5Dmt3P%bLO*pzM-YL_v00ki%>MSL4ph?Ln`*?}DsW(XCJfQ&?bD*^2
zgx>lU@O<bLy}8=Jk1z$UwaO<yg?@U;{^}ECn(XsrJ5^v)zT#xHPGd{@2L~xX+6IO2
ztl}&kLrprtpt#3t#IL;<<!LP)WWlBiV$5(&g5W3wen$D^d#8}<TCF6`q-Ni65m-%u
zIOaf0Z}xHFm);B|v0Zrl-X)xI)J?QojfI&7o3!)0N6bpt__T-vYb1CPhf8=r;2!UT
zbbY5I+&6<BJ(oU<CqXuJZK0u!Bt;^2Hk#D3Y}9ADt-oU5UjZMg(QFTo4qp%y78oQz
z2*2Uwalr#CeUB}>8t<7p(mI6PZDi;93K(H@>y}@ubu%S3z;_}`c0EMcBHcFZ-2(tv
zBXz&S{w+YKb^C&#(}NM@u?HdR!Y+Js6|&SAgC}rW76D7W;;$?~_wKSd3rf8Vq6XYy
z&G}aBUw;bPB=H*^(Y?<B;}<iU$m;1_T#Fz~^pe1{n)4K+=i8h$TIMU7O{@&2Osq68
z%w2#KCUW~r!lK3tc)Sr&C2_degvuz&uys=#4TY;wSU=J0R5*1Fr;qLV821<6b)^cF
zl-W|>9gW4+b7HK;g?%%I9&*{(_Q3=?L7`(xjf`6P_Bw4PC)x9$E;}+i4aI~JWNWcv
z)|1zq7xsavQd-+`nz<-uneqPB9lMTwq$Inpm23C)4>cH5k6&CElu8BwGorl&D?oGc
zQvMxR2qgqt8GOrj8olD--EeRs6^Q`5S}#ILXt;rAvbu0d`+@GRQj$p+zr<Oka_Jlt
zVPQBHfc66V;imz^H*02Y+a<JDR*O-~YRJNjm)utzoTeZM&CD=|W8}w=!sg61wp}pr
zLW8Ow+l55)X<3^|L{Wm@(fEJLjHv52O1Gnxu#AA=7$MBc?{r(`jB<BYoa#S(J66xu
zulV>P-!Lnrc{QQZzw!};OyD*(7@odKk<oL85qMZaIEFK9=75@67=0|DMm#CQ2N|Gg
zqf4-7PJNn!P=p-dY97G5poGJtS0;lGss(QP75VKpV6ms|CLn|t?&U)pYzE6_Im+Md
z2-?66O<xV{F@-<6ldzbHxdY&Jxm%r4UuZbkN7Y^6ETGAlQO1BSp)P@ysMu`SQh;Kk
zC)jUIKEAW354V*2Frv6fzmdOQF<P#*Q9hbPlO-$Tw2qKtr$_PpX|R5X{CDwfzBkcY
zTJYNH_IfvGK_|lA8yf4pIhZM>O>9!E#}M!k!e->;plF+Bk4~zr)UuSPqEbo(nvudg
zChgx>(LJ{2pFDMOR#Y9*=Rwnd(9qn$$~hGP1VRvOS+Pl>-t*k_!4hDtQ&?)}qb`16
zdVCC)2gd1e7+I}k@nv>ckzemYdd_fZmbfjG`kMp$g1O2M@5Edmv(RUj-?(K=A?_yZ
zI|=2<1q)z2{Gy_y@9?r$OOXQz4llejX;#T15bj?q)gOVg;_8=O)-7pTEN;lCB1XG>
zXm<F9>2@jqFh`@VlWf`5!gyd5Eo1%)^C@bI0uc`bhWgy-&`t1RASJ%H)(n=ld2|YL
zo4>bVPsFl{|Hzd{w~Z1U0J41Zrc8Pf-7niWD|blw8Q@my%kM+>O8_Oi+GYzVdAe13
z3Xd@TIrh_wzejH5Ha7+rX1h!2r4&@)6z5s)EYju9MLy2nfO_H}kfNV|za4W{zd3XM
zIrD!Y#!cmBNWLq1hUyR+FsCMdiFqxAQ?=7Ha%8w`@adwX@B_fna{Af72gnVUcwISA
zY(1SO{WvHo-mx1NbQW|{e?53T$SrS1V>dYC#pMIKpq*ELq=}#+_0(TC6Gve5w4?e&
zi7YVU7_%nDd01R4IVtSh#{`FE?vnT^bd;*1x|n+nA5}TDJ5LlqW##5^k;&m$E%Q-%
z1*TCK2N!rEfX<S_1O?^}98{W^Nj`YwnPivtX&bS3wmkORJOxPWnlwb(LX0U9C?f+>
zegyy|!hh)|1*ba+2W?!570bPJ#-yvpvtMXZlkQ|ZQtkrikx%zq^)k}$u0gLL7J8#y
zr)F%LT1ujUb#d*OEyjiljs!C~A$Ybsan`bzz~vXUd3kS#o|`vRzkx(|N8mzIf_pBF
z+~v9|DzJqqH#Wv4rC2q9!2P(>p38I!r)-~TrWVWi29vs1B4;IE0aubPo9fY{=d(f`
zwxuFG^=!nI`<inko`5@v#-4xtB5O(PY_>EwSemPgtq=?D`ry+SFc!H@&Hf0Im!DMD
z`EgC(5NCd<6RMgJwukhtYRdF-v`Dg;4a#8p52k&dUzo0#au?!Z(p}?>nts(&FqTvZ
z^PLiu2CIi;Vqjp{u(0f*uwXS=uZ9gl5@Ih`N;KH>OD9Tkx?s}|afW<+&Xvb>nxl&i
zuLKNYC@`X1Shxg`d|O{cf#3JS)tyIUGru6H>MKi|p9Vy2;07?AV;#q<BN+uDt;iQ$
z8%h-e_(>10L&Voq?QWIP`3Qq$*5ruWgbf$T9>bsRIpf*vbv-H}1}9ms7%0*Ymuj}p
zs3(J1_yXGH_s%%L6=dU1U0MuF^)yYpK}k=kGRD?6Zwa~E)6w?smuR|&bmXwo-1FQp
z8WJ0<$vCjAn0hTJtrRG0`c(Tl9i|hW^lb8QdtQxmoOvE!w{#y>@7k@2BL_~cU{P~?
zNB;nx6tvdx{0JI(A4z5V+R{%u5FpN^y(wG8q&74;<W+<+wBYs-d>Q*R#MP9J(tvX~
zpBnoWC1#`?52J!r0t-UL5?B{0cMKChCg<}%x!Gr~_qe<;?n8UY6<f`_TI(qs8R2Z|
zj5hdJfEWZ%9%t$ObGyjrSltR8Rt6$9r~cJJBsW^g=g%V%uIo<MAtmh_c@!c>^xAJQ
zGvl);1rxyH5$#R>m#(~5uTvlv#(|x&&X1isrN6Y+KLFY$u{QQ>og}DlM|Gyl%fkjz
zua^S>H*cx@aq|4r_>FSo(~h1?zmTs0_uWz-lm5MkxHEKu>#KP~)M$l^;l{n@&kEU<
znVx?yo*-0?OJCNSp~s*M^rEYSu}LLI-6@E*%7zyb1y?9<Wv2*`kTU;xht*l?vdj+*
zrYwB-6@VbAvZvc3$O}InosYLCRKzSN-Cd1FlZOk2BVvy50_J7xwB9DTwv;BmETYnX
za)-*D)^!bQe(1pOTOhE3#{aU~4kU{%39soXew=igdypaPC)-E#EkOM13(WIt)-h_)
zH?bPA`E3Js*Up;12U?j)Vi>b{`55IlKp*rR7P9*y_=yBKzXu$%$oH3r+x;@Tw2V|y
zWiA!Z2C15}zu-};6A5ZUA?lAbG9~yry1PVahSTL?bqizQ5>^vI54$XDgyE;epVZNQ
zrV<Bj8t+?PBPhYv1`%V7DKMbpw`(`XcgxY?=*n)%Uje?B$@$l7_@g{~nCIgFfVtt@
zA3iRjvNyL6`@%O)E{J~+MCge`(pD^`gBc0Z!q$6iZ_+ENd=am3*|M{#(8w2b83X|U
z-bm1qi7SLquY6RqLEMz7eyH)+;Emj$=%GKwJ^%ns5f0KA%VIGW_hRHKF$u%Hb1E4S
zIxcg?O~+3rL*KLBsU0Ea`?9_hLjDC^(eWfDzkxL@QE)Y;NywS~3EOPW-j0BZD};p8
zIlaB^N^38}b>5bjf+Jn;rq+5G@xhTpTf~819<NLP$Q-^{AFj~<L$Tl$9V1Bzcb*Qr
z^5`}7M__Q!ENJU~mIxR$-1ibdCWYwTUu4%mer-hj6=+%%O#%INZ+!Fs$+I(D1YxGh
zT`^E}G|!Ip3*DwFd$QSCjDL5FfjdZm`ta4jvST7@7W%U@ENcyNb`r7`uYHmzszuTP
zN37<+xI3oEA?B*~=bFSvz4b223E6qOeqJSAa(27xBM31_&HfadV}29VJBIbb=Um$=
zs-@7HxnmlBAjPGDKB_Zih>2sMRX!Lj2dgm!L$<`|a%B`V=GlzO-vTI3wXv9}BZlf*
zdR@R1?e;70uT2mVH6FiQo}qB-Py(QCW>9N4JI2($#?*M=xD?O~swC)bL3K22H$QIH
zlc)WqrRR>)k@4}?SHNq2C67<FvMplvV`I&EzQcD>fzf!3k5Un2T-h#n=3~^yQ6&Uk
zx4lc7Y32nnHT@fVuJ&em2b%hD796GhhgJr{X2SY3md>Ly%NwdAKtTEkNzwQ)jWb4z
z(Ak%O2f}@SGR}x3B#a^YhHjRe%9K|vMu|lo+qC%9Yx44DEr}Zsay7vMsGlaKMKv(u
z5T+SABz-utCK|A_4?sNxpzb^f!(<o3yHBm~G7*l29$2+B_n5eW43*EmM7+a<IO2fS
zK#j&i-Q!fxOSH*KR4=XV9ZXoQ4Y~5+l4J+(Jhuh}oNq(KYV4`b);WgIwR)*fWDry=
zKGAbMKiq|{09x&hZSoYNrQ%z%V>V#Ep%Q_9xrSKh-;1CzwO%XMk4>{I)<yrrx^!Dl
z8@pm^E__`bU>`69erQE^qdJp#Z9L^m&YToyBkq~}iH>D|=)UR=svk1=99Yw5c(5*y
z2-dy>g|{~=2@t;eA*XN!?vkzNk(}=Kbm3BGS#rj$nV+Zg<=vDYGLEJP!)!NY4~8wW
z2z7!kb6tw6jN6^)@!v&X)tMJ4hqfuKf(O08N+kz-A!5ImW7g~(r6pX6pTczSi`_?Q
zA6%={;KNLp4jMFzV;+rMNj8Xjdr3Lgafbis-5Bydwwe2jbXg3r_JclJ^-<rgo~wN2
zH|;bF$prW03pl<YY$wSBuj`^_4I_60(6zxkpw3g_z#PGH1$o>oyK)>zyMZQI+rU$8
z6P`N8($1#`+ja2W6fi^x1!PviW{<JcaZxVto*#V#=1pDOc+_3DQamrCoJ&96tCPmp
zo>uQfSJzE7k4gMn3&hS5xo|lPG{OK3IT_WxC1Z1I$yDkqQmXgR5X#7fg@uy}0(u*c
zc2F*+t|AzY(36-d5{<hf%rQ8XsEKB4k$RsMA+-v`u#C$<_=;)KnFxIz*k=p0P}f@0
zK>^jMSP!fhE*u;!6&}#1c#Avlt2jl=Hc`BABF>nv$`~`<-Xeyq4h%7>2;Doo>)#Y2
zEYqPOF0cB0m#N8ePy;B|(Bh)sHS+ET5qvTi*F18hG}e!;<zsjSS<OCyhVaIk*`%Oy
zOu_^h;nMVY&Kg8^@w7u;Mb*h=XosvyHkvrsW4|^`@LQ_}Dkd%W3GSA!=7jr5IHAHq
zS~f*9F)R?8>~g5*2$ya3g;6vs6NYhSRg0n2FgQiD=-&*L_w=ag^Y>K=NIsCypsvlS
zs9Q6Y%t%0QO3apjr%#j5-q=-nNF0EK^~3xju8o)5P71ho4moU3KK<L&wHo>VdKvtq
z{xt{fc|<YUouHoX06odvfA4tn4|{@@JJWvVcEfxM(TY#XB00-GF~`+KQx~=}frU!q
zhV&>jP*tof)hkpui;g-pbG%<_L$+p7x+;=2XG&JoWXi2ZI7m@*`Bjx-whXve@LoaR
zWE=wnO?f>6+bsP9-R?)WydlaL4RuNEss;(5q%f)tm5=Gmbq)E>*iHn?sTI=+rZ5PD
z7dA=YrI1Y<lnNo_>z-83xTr(yN|SV|x*y+qo}@R(^?>x4O%g-Hl#wEr!zwtqp1J>r
ze!bmyXLz-X*q5vb|F!P_2lvX4qU$OXnPFc6>E{{uD4|7<wYjv2XT9iJi`4a=69sdg
zSoP_)%&XupK8ZR~!E~ivJ;R4ZVY)J6avCXlNJeSZM(9_VsVetF{L&?KHN~y&400jZ
z=@5kZ|6dqmezF$~AM`BGl<n3(=G0iLn3}t?+E{2Dn;4}uOSGxprT7ZyYpf7`3qW?{
z3P+M3FugPl;p}*?QsUEG+OA)yU(P5=zLuVXQMym`dByJ@3d5-@c52I}D^FtAkiyeE
zQwIn=blP0lSWQnd!1p3zp=JkN)Gq^gXNXn>pB-30RXViHunqJnK#pI`F0$W-D@CD1
z*qd&w!94LVHr9iUayRlPa)Ta(VruwC%EiOez?kri5U@NvBa=n~FD?!PBhLRIzTT4=
z8)Tr-sS7SP&(G&mqp22QfYOXka;}>tfup_SvTbp3$z)ax#AI0Wq_vqX#wGA=V0B8J
z{tuLSA_omEXOhGiEI5dcTHVl!7tu=h*%zQ~iC|?PoFx|;3WVKv-H4DJn4Fb8>^%_D
zI`Mi{N@de1dyi6}N~m9NE@OCxBQLY4uxyyngs^H454u89p<78H_oNaG%Z!M)XyX!_
ztj90kRkZ^%%5tr%jGIs2h3L`F!5S!*{?UO-$n)E3BO>AF=|TNb(z{g`nYx_~StU1f
z-obJ^RbL6`RY?NUQX^5!64%4Hm($PVorNULbA}q0#8)&s)D|lEF*8wE*XbmLz|Qz}
zD<fmvkVDWzNX00^*yW$!E)=hRzg^7!>Fwgr5tzSIlgCXv_sOm?4QkAcYqJv(3P%`d
z4C(NL@a34-G)Jb`1w6<c!6?Yaw<?DPS?^Zx8|ZyF+8ijdt7AGi)R_cOdUeNd9CsF9
zKJpl$P*dBn6}=ZS#O4rW<Y+EvWsqu*y=fo^)+j!f<Fry}e;-D1swf>7g9nr#2jYte
z<f>_NB`$r5)>GcwqNQJGcc#z6uE9wT_V4ZjlaqsCF8GQF$HoQ*3?&}j$FaPPr%D@4
zUSw~7F+2}YJUl<a??>(_joFK8E^g72Dc;eCb)0W1bIU_lW<D?ZJ!<wBxYdgy=-+Wn
z&IK*Z(N(k=Q-hi;GPO%mF}(7<cqg=Gzk1%h`n;?iXSq^5V;{udjEmVc8q{kwG*;^X
zrtR_(uVu^LsEhI(o6}L$XOq>^?v+wCvxH5v#s?2)V!nW9QkclY5nepO;=g*2?Gc+E
zsk`k@TO4Uc#x2K}*IImKo0UnXkh=iM6jLx*mp0sV5c8>qHZ0M!!B>hNS8h^-aCK_a
zE`7L@P1u#QU$sv$h!9isBb75KJ2cj>Yi@z(d|H&rq<g-bOG_p%X)T9m4Pvgq>|$gb
zR5rl3vVZA(A?^O*mB2&Oi}Vii!7A;%H8(VJX*s9d$K|%GpVTA=45!5mM|(br3TMz5
z7$DXNXfG&{YSzfZYpyRvtmnO_;FSxj>5Rqw%PZXD*BcY*+8d5KUsfB-@NPmWJxSf`
z<Jq<=eXiYuE}s4L(ck<?Q^mwKH4g?-W}0l{2#Zw5&9#gN&EHayV4!7jQyk`#X{C>Q
z-)^QmIM7ra>T0!Id%uw3sC3?u@ktaj!yc9O0@Sd2(*?=G^AFSYH=hrFI9G4n_t2jG
zA@{#OdNa*oR9@g#V|cscYSIxr>?6|>vuWrhgO0M!9clEsz)b+M--DL_1ROUd;R_>Y
zQa3}WYdEH+$6bT$*ozLx_hQaA^+Kz&QiS-rHYlAr<a&auGa-94REy*Y0~7WU;fJat
zbNY5%<PS<9Bw=Z44EH5=3wX~WNWzcDyDvL}YmjepTBvxH?rAE0@pEBs-3eovtk0L;
zd1rWy)=XRUKy)ClCWYlpz*t1u`{f|WxJ$DXVXQa5Nk_NF@Df4&iaYfgz@dM|oDhHk
zFYA_|NWF(p?r{qv@((6sHG&OEQ^33_Dkvfx{q0f3P#l#4=h><FvlGAq_B^;eb5!LQ
z7;X`zY=jY#?A%62^_ShT0KiCa$3GmdmlFenT0rXRY%f0QV<06r5yjOu8K1A^-8Olz
zzM%I{Mtae62ywR={SIsdg!!I*ZnUx$NQgTpcfC;=qO#mjA;iuT@(<oXT2wl-C<q?k
zX61itsZ&)$(%W<O@aX27tJY7~=EkcbyU4%Rz@lIE>HPIa_k~pt4wgfqVYK@vxI$;u
zDQO%Zh}m?a&&PX17lqc5Z(krdl+*nK=r1^#rnS&l5YldQ0LKw`jSc<(FbE<#JmNH#
zfiA8U8ZQvO+)FWIfFf`F-w6ksTT!waMK+4g>A_v%6SddXQr<|^`WBI=>QlT^()1f0
zGErAHd5&}0aN4`;!7$u8AsD4Tf}fp)%TR+=UpW<LI^ZVatI$*@gPBQd+Gho^Epyrw
zwIMWe7cvfz_CB;F^F4gG6qzT7Ke=wLHbH=~T}buGg}AkZF8Kmu?)rV%tX;yD|C!gQ
zeL~-Rj}nrn+r<~spD&3<BwS$ITxE_lQF_~NYX%k}=SYrQ(Xv`PPIvgZ_><(QC*_s1
zO=lG|I@uLN0%${HUKqiE<`Qb@dK4KgrTj=9u%%Hve%lIDY_i<IXz~}DU~nh3n=Hc+
z3|>5s4~IyQ0!uLH?C65@4tL&daU>ai1?cg=JW9$scsI8x*24%qE(l*L8*$@;HS|F%
zM2tVyl>oEo3f#<i(;c$n%p~x5HTgx%V!5Eg&Xu!ONu<`KG+D~+V9{5W%jP~Ar^;m{
zn6h>$ILqkoKJ2@c4)=1VYpE%KYl;e@*fssIXnCYZR4_+<2Pa|c@Hb>+Y?V!gF8OXj
zQ?q|RAn_z7XLs(Oh18QQMR%*MuTX{|gX&bKwM-3b17nRpiRo!=*{VrZ956{5RuWiI
zWE4=Al1oJFgFs6LdR^Z;#ItdjmDS)1*_!B<U*z>eV2k!FVE>M=m^x<F{xY-ID(Lcw
zwBT(9CU*77Rhmzq3l*}JS>V`_8p;QD|6raTjQu**?WF#{TMYlT^%#o!w8bcrn1vdW
zfzv67DFK%35Z3aF1-zX(EPeTRdy#>t2A(wl03mLATFsby_SlEKkp4t|OnVTXz8@Fw
z6iWPk`@m>G($dQ>K(Q!*t+ZRE{=S*`{k}<Ac=DPwG8~m85ViUJzM1@32VgJn65-d^
z%mJU|_szul`xYd6db2Hme@+9hWLjmSEp%~0%huVX=G<AluY>Wl5vL$6x~h(L0qQ3n
z^j1B%lX4y-Cmdl<Te*w&D}X*Vvvr5KeQ&bkXrvflH+De3LL6F#CB7uAGiv0PWn|>q
z{#Jw_SH~z?;5uwQoI7U1hyz1|w$DeR5?e-Q`fPWo@7&Ie^%}p44(U$J+1PPMuqR-L
zikZ46@_DK01NwLEIa?+Rh7Vtg=eivg^yM->@`<bJ8WvyNmHM=Rj_~|ZsTb9-K{mKq
z@iDO(w;<w$Emt{=9w_B5lpA*!KJ=i@n^iiVh=r0vFa*J1JB!$jKJK{RPn2Kj;szB6
zWaKr;?nk)yc=U{gh>=b;O!{qkvT`OAWi5Jh%do@SLKGI$Sqd?gR~4*a-JX>6vj&mR
zlRe~J#O={FR8)hntR>Xcb#D;p-IPzVr-O>T=JBC*odkzSauCi4kG;|4jcV?@KtfTi
z9{O~6<=)}VjOpu_y>TooCTr!AciTYu3^SFo9ayE5J}}Q+sTwRo6uSzgQ-5g6e|JqT
z=TlOzShpT2BLL?hA(wtd9-cTej;qY$Jr7%@GX%Flw4GK%I2S{oK@f~O3Zrxu8HAgT
z6J~IjpkAXsn?L~bRTE+4mR`o%=i==LMSSb495S~k_OLBFb+B;%e3BqF|2mD{XBf3x
z4WT`vU0n;%!HDf4AFt>(@W!1bTN0`QynuGjL}J!`^H~{w_xih-I&xt{zeh8ttkPG2
zZHNxhX@Hv<0KftI^mmj0?-OonK|>c$THe&96_!w5y_O90t8zcVAa2&!u*y!cRNYyr
z;P;R4yiqaCfYA;*XJ4hxf3-Kd)cIVsH%RJZ&$_p$sjx9SneGV5J*-;lPmyvN0h+Y5
zLJG{94tKk-1N9X5^72ge+KuSNSLcNws~!DwEG#T?IVWt0`(j*N?9qq)m71$kGlAPA
zM-n*WjmsBO#5$L>M=>9xP64Qp>__ejsay<&@MJCtQ#Ev26TZ4z66(|IMNP>YSsQ3^
z<Y9h3E%agDr&<smbB&$y&az6T;;@9pC=g9wy1;6mSv6Bl9NUT&e&C5H!j*e{ty!k{
zf`%)t+)nj<v)gl_BUAMa6)CNnReO0US~Qn(IxEhq%6ntFLeQ7Wy=u=Zbo1#T79TnE
z#f4ht1T%9{Gd1rdQx4QPO#2^?f3DtUiV>>tic?KXN=TTl@u_%HLOPaKHmz9yLDES&
zRWviVbvw=CBO_6OChyMM-)15Mk-rbGRBDmz*rvbl?O<(%@udl3u%$*xr<q1{PO-K|
zk0>;!_o+8lkl>?oJhm2-&$4W02&st}&-+fj!_hY96>s1fE88EAaFE~3v#V-RY!GsX
zD#pAm%O-ZOk18;3((DyY>bXAMUp+dGzw-R#{$%V#qz!9_h416e7uoa`>!Yfn{wjKh
z0}T>kK6BQC?fXQRqwNEjPZ3uE^5jZ<r<2>E*QWZbeg$pGZXfj<<Hyg*L;-i#Z8v1Y
z)6}0zInhdNiz=C6M4Xem4>3HQRMX91pS*97dXJ1E1|c$n{Pgc;*#DcYv%f3;ZzudW
z3&sE2@coA>u&qWT&*vZt>>75<lfT>3Zh0@A>-j8W3!!2etNuv?a+&@mru)ksSM*oy
zrxcgXPi|ck7ttJ*>L5SpX#bY_arTsWAZ%CS%=a0xUw)UHnIosUsDR677g2$aR4ZsF
zAC7}P-pKZV0K9zK3LE+#o2{8I=59_hU*8jW>hN0=y5UIk>-#Ah#ApN&Vc+WWbC!ow
zgd<c$U<k*?dSoQeBxxg)1K2xqM7hHONTi5KbL-F5;x~%EtHrDQt``3<4jFS&L1FlO
z&E?%b2CX~|2^N735Z;qp__At#v(71OEvL6GKYj}|KfOioZzN{*XE`@I{=JN5U{<_t
zDI|Ju5^EeDfq{GUaODO&Sz0v0%J*H*Kkdr@x(=;WOYVy~u)LAcq`!YqTyk^OZQ9`|
z6YH$wteTE&V{4>Y7g>(R)yEFWL%loacc?ydAx9)8tg)<zS-}@g65-Ey`XMVPS2xiP
zCY|cP0-m*8-t6d;K8!mOtFkJW0Y4%7Qg+~S{o2oIi+A=b;H{oJ(vmUdxzu_3H0NYC
z@Zq;&&2`7g79O9N1pxajk#3Z3a@&MZ1(-kbZ^d+fgCfP#39qvul0WAJjXk$h_~zeA
zJ>B8UPMAAHmHogQyfi0~qUhpBptzLwcc2rCT3clF=kYa%<XOuBek=4F{8+o_<Xjws
z#v{b@Z6jRNp1<|?H}C^azxCSkuTKB<rT?1Vf34}iHnP8V@4t?$zs_mE+y4gSB%?L0
zBM5IvLKhlWB`TaYWj${G0a>QQi85ITVIsnfhD#Ksv))3|g<Hzaq_Av8tPB9?e)Q)E
r=AUAn|574n<tEmNzx8hz>c3Rvub2KeN8qmy_P;s$|An>%zE1of?#4Y_


From c2ef0ca8ae00585a329ce8adfc1428fdd1f0b53a Mon Sep 17 00:00:00 2001
From: David <djoshy@redhat.com>
Date: Tue, 4 Mar 2025 10:51:55 -0500
Subject: [PATCH 2/9] updated timeline and API

---
 .../machine-config/manage-boot-images.md      | 71 ++++++++++++++-----
 1 file changed, 54 insertions(+), 17 deletions(-)

diff --git a/enhancements/machine-config/manage-boot-images.md b/enhancements/machine-config/manage-boot-images.md
index 8b9847a55b..bd7499a5af 100644
--- a/enhancements/machine-config/manage-boot-images.md
+++ b/enhancements/machine-config/manage-boot-images.md
@@ -45,7 +45,7 @@ Currently, bootimage references are [stored](https://github.com/openshift/instal
 
 Additionally, the stub Ignition config [referenced](https://github.com/openshift/installer/blob/1ca0848f0f8b2ca9758493afa26bf43ebcd70410/pkg/asset/machines/gcp/machines.go#L197) in the `MachineSet` is also not managed. This stub is used by the ignition binary in firstboot to auth and consume content from the `machine-config-server`(MCS). The content served includes the actual Ignition configuration and the target OCI format RHCOS image. The ignition binary now does first boot provisioning based on this, then hands off to the `machine-config-daemon`(MCD) first boot service to do the reboot into the target OCI format RHCOS image. 
 
-There has been [a previous effort](https://github.com/openshift/machine-config-operator/pull/1792) to manage the stub Ignition config. It was [reverted](https://github.com/openshift/machine-config-operator/pull/2126) and then [brought back](https://github.com/openshift/machine-config-operator/pull/2827#issuecomment-996156872) just for bare metal clusters. For other platforms, the `*-managed` stubs still get generated by the MCO, but are not injected into the `MachineSet`. The proposal plans to utilize these unused `*-managed` stubs, but it is important to note that this stub is generated(and synced) by the MCO and will ignore/override any user customizations to the original stub Ignition config. This limitation will be mentioned in the documentation, and a later release will provide support for user customization of the stub, either via API or a workaround thorugh additional documentation. This should not be an issue for the majority of users as they very rarely customize the original stub Ignition config.
+There has been [a previous effort](https://github.com/openshift/machine-config-operator/pull/1792) to manage the stub Ignition config. It was [reverted](https://github.com/openshift/machine-config-operator/pull/2126) and then [brought back](https://github.com/openshift/machine-config-operator/pull/2827#issuecomment-996156872) just for bare metal clusters. For other platforms, the `*-managed` stubs still get generated by the MCO, but are not injected into the `MachineSet`. The proposal plans to utilize these unused `*-managed` stubs, but it is important to note that this stub is generated(and synced) by the MCO and will ignore/override any user customizations to the original stub Ignition config. This limitation will be mentioned in the documentation, and a later release will provide support for user customization of the stub, either via API or a workaround through additional documentation. This should not be an issue for the majority of users as they very rarely customize the original stub Ignition config.
 
 In certain long lived clusters, the MCS TLS cert contained within the above Ignition configuration may be out of date. Example issue [here](https://issues.redhat.com/browse/OCPBUGS-1817). While this has been partly solved [MCO-642](https://issues.redhat.com/browse/MCO-642) (which allows the user to manually rotate the cert) it would be very beneficial for the MCO to actively manage this TLS cert and take this concern away from the user. 
 
@@ -81,7 +81,7 @@ __Overview__
   - `ManagedBootImages` feature gate is active
   - The cluster and/or the machineset is opted-in to boot image updates. This is done at the operator level, via the `MachineConfiguration` API object.
   - The `machineset` does not have a valid owner reference. Having a valid owner reference typically indicates that the `MachineSet` is managed by another workflow, and that updates to it are likely going to cause thrashing. 
-  - The golden configmap is verified to be in sync with the current version of the MCO. The MCO will update("stamp") the golden configmap with version of the new MCO image after at least 1 master node has succesfully completed an update to the new OCP image. This helps prevent `machinesets` being updated too soon at the end of a cluster upgrade, before the MCO itself has updated and has had a chance to roll out the new OCP image to the cluster.
+  - The golden configmap is verified to be in sync with the current version of the MCO. The MCO will update("stamp") the golden configmap with version of the new MCO image after at least 1 master node has successfully completed an update to the new OCP image. This helps prevent `machinesets` being updated too soon at the end of a cluster upgrade, before the MCO itself has updated and has had a chance to roll out the new OCP image to the cluster.
 
   If any of the above checks fail, the MSBIC will exit out of the sync.
 - Based on platform and architecture type, the MSBIC will check if the boot images referenced in the `providerSpec` field of the `MachineSet` is the same as the one in the ConfigMap. Each platform(gcp, aws...and so on) does this differently, so this part of the implementation will have to be special cased. The ConfigMap is considered to be the golden set of bootimage values, i.e. they will never go out of date. If it is not a match, the `providerSpec` field is cloned and updated with the new boot image reference.
@@ -135,21 +135,22 @@ This work will be tracked in [MCO-793](https://issues.redhat.com/browse/MCO-793)
 
 ##### Projected timeline
 
-This is a tentative timeline, subject to change (GA = General Availability, TP = Tech Preview, EF = Default-on, Skew Enforced).
+This is a tentative timeline, subject to change (GA = General Availability, TP = Tech Preview, DEF = Default-on).
 
-| Platform | TP      | GA      | EF      |
+| Platform | TP      | GA      | DEF      |
 | -------- | ------- | ------- | ------- |
-| gcp      | 4.16    |4.17     |4.19     |
-| aws      | 4.17    |4.18     |4.20     |
+| gcp      | [4.16](https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/machine_configuration/index#mco-update-boot-images)    |[4.17](https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/machine_configuration/index#mco-update-boot-images)     |4.19     |
+| aws      | [4.17](https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/machine_configuration/index#mco-update-boot-images)    |[4.18](https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/machine_configuration/index#mco-update-boot-images)     |4.19     |
 | vsphere  | 4.20    |4.21     |4.22     |
 | baremetal|         |4.22     |4.23     |
 | openstack|         |4.22     |4.23     |
-| nutanix  |         |4.22     |4.23     |
-| ibmcloud |         |4.24     |4.25     |
-| non-managed*  |         |4.21     |4.22    |
+| nutanix  |         |4.23     |4.24     |
+| ibmcloud |         |4.23     |4.24     |
+| non-managed*  |   x      |x    |4.25    |
 
-*non-managed in this case indicates enforcement of user-initiated bootimage updates. See enforcement section below.
+Once default-on behavior has been deemed to be stable across the above mentioned platforms, skew enforcement will be implemented in a platform agnostic manner. Decoupling the default-on and skew enforcement mechanism would help iron out any edge cases unique to a platform and would also aid in refining the skew enforcement workflow. The tentative timeline for skew enforcement would be 4.25.
 
+**Note** : For non-managed cases, * indicates enforcement of user-initiated bootimage updates. See enforcement section below.
 ##### Cluster API backed machinesets
 
 As the Cluster API move is impending(initial release in 4.16 and default-on release in 4.17), it is necessary that this enhancement plans for the changes required in an CAPI backed cluster. Here are a couple of sample YAMLs used in CAPI backed `Machinesets`, from the [official Openshift documentation](https://docs.openshift.com/container-platform/4.14/machine_management/capi-machine-management.html#capi-sample-yaml-files-gcp).
@@ -225,9 +226,10 @@ Much of the existing design regarding architecture & platform detection, opt-in,
 #### Opt-in Mechanism
 This proposal introduces a new field in the MCO operator API, `ManagedBootImages` which encloses an array of `MachineManager` objects. A `MachineManager` object contains the resource type of the machine management object that is being opted-in, the API group of that object and a union discriminant object of the type `MachineManagerSelector`. This object `MachineManagerSelector` contains:
 
-- The union discriminator, `Mode`, can be set to two values : All and Partial.
+- The union discriminator, `Mode`, can be set to three values : All, Partial and None.
   - **All**: All machine resources described by this resource/apiGroup type will be opted-in for boot image updates. In most cases, this effectively enables boot image updates for the whole cluster, unless there are multiple kinds of machine resources present in the cluster.
   - **Partial**: This is a set of label selectors that will be used by users to opt-in a custom selection of machine resources. When the Mode is set to Partial mode, all machinesets matched by this object would be considered enrolled for updates. In the first iteration of this API, this object will only allow for label matching with MachineResources. In the future, additional ways of filtering may be added with another label selector, e.g. namespace.
+  - **None**: All machine resources described by this resource/apiGroup type will be excluded from boot image updates. In most cases, this effectively disables boot image updates for the whole cluster, unless there are multiple kinds of machine resources present in the cluster.
 
 
 ```
@@ -268,6 +270,7 @@ type MachineManagerSelector struct {
 	// Valid values are All and Partial.
 	// All means that every resource matched by the machine manager will be updated.
 	// Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated.
+  // None means that every resource matched by the machine manager will NOT be updated.
 	// +unionDiscriminator
 	// +kubebuilder:validation:Required
 	Mode MachineManagerSelectorMode `json:"mode"`
@@ -286,7 +289,7 @@ type PartialSelector struct {
 }
 
 // MachineManagerSelectorMode is a string enum used in the MachineManagerSelector union discriminator.
-// +kubebuilder:validation:Enum:="All";"Partial"
+// +kubebuilder:validation:Enum:="All";"Partial";"None"
 type MachineManagerSelectorMode string
 
 const (
@@ -296,6 +299,9 @@ const (
 	// Partial represents a configuration mode that will register resources specified by the parent MachineManager only
 	// if they match with the label selector.
 	Partial MachineManagerSelectorMode = "Partial"
+
+  // None represents a configuration mode that excludes all resources specified by the parent MachineManager from boot image updates.
+	None MachineManagerSelectorMode = "None"
 )
 
 // MachineManagerManagedResourceType is a string enum used in the MachineManager type to describe the resource
@@ -377,6 +383,37 @@ spec:
     name: "cluster"
     namespace: "default"
 ```
+#### Skew Enforcement
+As mentioned in the timeline section, this would only be implemented after default-on behavior has been deemed to be stable across
+all platforms.
+
+This would introduced as an new knob in the `ManagedBootImages` struct:
+```
+type ManagedBootImages struct {
+  ...
+  ...
+  // skewEnforcement allows an admin to set behavior of the boot image skew enforcement mechanism.
+  // Enabled means that the MCO will degrade and prevent upgrades when the boot image skew is too large.
+  // Disabled means that the MCO will no longer degrade and will permit upgrades when the boot image skew is 
+  // too large. This may also hinder the cluster's scaling ability.
+  // +optional
+  SkewEnforcement SkewEnforcementSelectorMode `json:"skewEnforcement"`
+}
+
+// SkewEnforcementSelectorMode is a string enum used to indicate the cluster's boot image skew enforcement mode.
+// +kubebuilder:validation:Enum:="Enabled";"Disabled"
+type SkewEnforcementSelectorMode string
+
+const (
+	// Enabled represents a configuration mode that enables boot image skew enforcement.
+	Enabled SkewEnforcementSelectorMode = "Enabled"
+
+	// Disabled represents a configuration mode that disables boot image skew enforcement.
+	Disabled SkewEnforcementSelectorMode = "Disabled"
+)
+
+```
+
 #### Tracking boot image history
 
 Note: This section is just an idea for the moment and is considered out of scope. This CR will require thorough API review in a follow-up enhancement.
@@ -502,7 +539,7 @@ flowchart-elk TD;
     MachineSetOwnerCheck -->|No| ConfigMapCheck[Has the coreos-bootimages ConfigMap been stamped by the MCO?] ;
     
     ConfigMapCheck -->|Yes|ArchType[Determine arch type of MachineSet, for eg: x86_64, aarch64] ;
-    ConfigMapCheck -->|No| Wait[A cluster upgrade is ongoing. Wait until atleast 1 control plane node has completed an update.];
+    ConfigMapCheck -->|No| Wait[A cluster upgrade is ongoing. Wait until at least 1 control plane node has completed an update.];
     Wait --> |Upgrade Complete| ArchType
     Wait --> |Timeout| Error
     ArchType -->PlatformType[Determine platform type of MachineSet, for eg: gcp, aws, vsphere] ;
@@ -538,7 +575,7 @@ The UX element involved include the user opt-in and opt-out, which is currently
 
 This will be done on a platform by platform basis. Some key benchmarks have to be met for a platform to be considered ready
 for default on:
-- Sufficent runtime(say, atleast 1 release) has been accumulated while boot image updates has been GAed for this platform.
+- Sufficent runtime(say, at least 1 release) has been accumulated while boot image updates has been GAed for this platform.
 - Periodic tests have been added for this platform in CI and have met certain passing metrics.
 - Any teams that are affected by default-on
 behavior have been notified and assisted with the transition.
@@ -552,8 +589,8 @@ flowchart-elk LR;
     UpdateConfig --> Stop((Stop));
 ```
 Some points to note:
-- For bookkeeping purposes, the MCO will annotate the `MachineConfiguration` object when opting in the cluster.
-- If the cluster admin wishes to opt-out of the feature, they have to explicitly do so by removing the boot image configuration. Due to the presence of the "opted in" annotation, the MCO will not attempt to automatically opt-in the cluster for updates again.
+- For bookkeeping purposes, the MCO will annotate the `MachineConfiguration` object when opting in the cluster by default.
+- If the cluster admin wishes to opt-out of the feature, they have to do so by removing the boot image configuration or explicitly opting out the cluster via the API knob. Due to the presence of the "default opted-in" annotation, the MCO will not attempt to opt-in the cluster by default again.
 - This mechanism will be active on installs and upgrades. 
 
 
@@ -577,7 +614,7 @@ skew policy described in the release payload.
 
 The cluster admin may also choose to opt-out of skew management via this configmap, which indicates that they will not require scaling nodes, and thereby opting out of skew enforcement and scaling functionality.
 
-A potential problem here is that the way boot images are stored in the machineset is lossy. In certain platforms, there is no way to recover the boot image metadata from the MachineSet. This is most likely to happen the first time the MCO attempts to do skew enforcement on a cluster that has never had boot image updates. In such cases, the MCO will default to the install time boot image, which can be recovered from the aleph version of the control plane nodes. 
+A potential problem here is that the way boot images are stored in the machineset is lossy. In certain platforms, there is no way to recover the boot image metadata from the MachineSet. This is most likely to happen the first time the MCO attempts to do skew enforcement on a cluster that has never had boot image updates. In such cases, the MCO will default to the install time boot image, which can be recovered from the [aleph version](https://github.com/coreos/coreos-assembler/pull/768) of the control plane nodes. 
 
 This configmap can then be monitored to enforce skew limits. This could be done in a couple of ways:
 - **via the MCO**: If the skew is determined to be too large, the MCO can update its `ClusterOperator` object with an `Upgradeable=False` condition, along with remediation steps in the `Condition` message. This will signal to the CVO that the cluster is not suitable for an upgrade. The drawback of this approach is that the MCO is not able to signal *prior* to the start of a cluster upgrade, so if an incoming upgrade has a "stricter" skew policy, this could break scaling until the admin takes the remediation steps during the upgrade or after the upgrade is complete. This may present as strange UX to the user.

From 54d1b564601fa647159b2e1ba15c59acf8508812 Mon Sep 17 00:00:00 2001
From: David <djoshy@redhat.com>
Date: Tue, 11 Mar 2025 14:44:55 -0400
Subject: [PATCH 3/9] updated motivation, ownerref changes, status API

---
 .../machine-config/manage-boot-images.md      | 105 +++++++++++++++---
 1 file changed, 90 insertions(+), 15 deletions(-)

diff --git a/enhancements/machine-config/manage-boot-images.md b/enhancements/machine-config/manage-boot-images.md
index bd7499a5af..c2e5fd0638 100644
--- a/enhancements/machine-config/manage-boot-images.md
+++ b/enhancements/machine-config/manage-boot-images.md
@@ -42,6 +42,7 @@ Currently, bootimage references are [stored](https://github.com/openshift/instal
 - Afterburn [[1](https://issues.redhat.com/browse/OCPBUGS-7559)],[[2](https://issues.redhat.com/browse/OCPBUGS-4769)]
 - podman [[1](https://issues.redhat.com/browse/OCPBUGS-9969)]
 - skopeo [[1](https://issues.redhat.com/browse/OCPBUGS-3621)]
+- composefs [[1](https://github.com/openshift/os/issues/1678#issuecomment-2546310833)]
 
 Additionally, the stub Ignition config [referenced](https://github.com/openshift/installer/blob/1ca0848f0f8b2ca9758493afa26bf43ebcd70410/pkg/asset/machines/gcp/machines.go#L197) in the `MachineSet` is also not managed. This stub is used by the ignition binary in firstboot to auth and consume content from the `machine-config-server`(MCS). The content served includes the actual Ignition configuration and the target OCI format RHCOS image. The ignition binary now does first boot provisioning based on this, then hands off to the `machine-config-daemon`(MCD) first boot service to do the reboot into the target OCI format RHCOS image. 
 
@@ -51,6 +52,9 @@ In certain long lived clusters, the MCS TLS cert contained within the above Igni
 
 **Note**: As of 4.19, the MCO supports [management of this TLS cert](https://issues.redhat.com/browse/MCO-1208). With this work in place, the MCO can now attempt to upgrade the stub Ignition config, instead of hardcoding to the `*-managed` stub as mentioned previously. This will help preserve any user customizations that were present in the stub Ignition config.
 
+This is also considered a blocking issue for [SigStore GA](https://issues.redhat.com/browse/OCPNODE-2619). It has caused issues such as [OCPBUGS-38809](https://issues.redhat.com/browse/OCPBUGS-38809) due to the older podman binary not being able to understand `sigstoreSigned` fields in `/etc/containers/policy.json`. There can be similar issues in the future that can be hard to anticipate. 
+
+
 This is also a soft pre-requisite for both dual-stream RHEL support in OpenShift, and on-cluster layered builds. RPM-OSTree presently does a deploy-from-self to get a new-enough rpm-ostree to deploy image-based RHEL CoreOS systems, and we would like to avoid doing this for bootc if possible. We would also like to prevent RHEL8->RHEL10 direct updates once that is available for OpenShift.
 
 ### User Stories
@@ -92,7 +96,6 @@ __Overview__
 #### Error & Alert Mechanism
 
 MSBIC sync failures may be caused by multiple reasons:
-- The MSBIC notices an OwnerReference and is able to determine that updating the `MachineSet` will likely cause thrashing. This is considered a misconfiguration and in such cases, the user is expected to exclude this `MachineSet` from boot image management.
 - The `coreos-bootimages` ConfigMap is unavailable or in an incorrect format. This will likely happen if a user manually edits the ConfigMap, overriding the CVO.
 - The `coreos-bootimages` ConfigMap takes too long to be stamped by the MCO. This indicates that there are larger problems in the cluster such as an upgrade failure/timeout or an unrelated cluster failure.
 - Patching the `MachineSet` fails. This indicates a temporary API server blip, or larger RBAC issues.
@@ -115,7 +118,7 @@ Any form factor using the MCO and `MachineSets` will be impacted by this proposa
 - Standalone OpenShift: Yes, this is the main target form factor.
 - microshift: No, as it does [not](https://github.com/openshift/microshift/blob/main/docs/contributor/enabled_apis.md) use `MachineSets`.
 - Hypershift: No, Hypershift does not have this issue.
-- Hive: Hive manages `MachineSets` via `MachinePools`. The MachinePool controller generates the `MachineSets` manifests (by invoking vendored installer code) which include the `providerSpec`. Once a `MachineSet` has been created on the spoke, the only things that will be reconciled on it are replicas, labels, and taints - [unless a backdoor is enabled](https://github.com/openshift/hive/blob/0d5507f91935701146f3615c990941f24bd42fe1/pkg/constants/constants.go#L518). If the `providerSpec` ever goes out of sync, a warning will be logged by the MachinePool controller but otherwise this discrepancy is ignored. In such cases, the MSBIC will not have any issue reconciling the `providerSpec` to the correct boot image. However, if the backdoor is enabled, both the MSBIC and the MachinePool Controller will attempt to reconcile the `providerSpec` field, causing churn. The Hive team will update the comment on the backdoor annotation to indicate that it is mutually exclusive with this feature.
+- Hive: Hive manages `MachineSets` via `MachinePools`. The MachinePool controller generates the `MachineSets` manifests (by invoking vendored installer code) which include the `providerSpec`. Once a `MachineSet` has been created on the spoke, the only things that will be reconciled on it are replicas, labels, and taints - [unless a backdoor is enabled](https://github.com/openshift/hive/blob/0d5507f91935701146f3615c990941f24bd42fe1/pkg/constants/constants.go#L518). If the `providerSpec` ever goes out of sync, a warning will be logged by the MachinePool controller but otherwise this discrepancy is ignored. In such cases, the MSBIC will not have any issue reconciling the `providerSpec` to the correct boot image. However, if the backdoor is enabled, both the MSBIC and the MachinePool Controller will attempt to reconcile the `providerSpec` field, causing churn. The Hive team has [updated the comment](https://github.com/openshift/hive/pull/2596/files) on the backdoor annotation to indicate that it is mutually exclusive with this feature.
 
 ##### Supported platforms
 
@@ -135,13 +138,14 @@ This work will be tracked in [MCO-793](https://issues.redhat.com/browse/MCO-793)
 
 ##### Projected timeline
 
-This is a tentative timeline, subject to change (GA = General Availability, TP = Tech Preview, DEF = Default-on).
+This is a tentative timeline, subject to change (GA = General Availability(opt-in), TP = Tech Preview(opt-in), DEF = Default-on(opt-out)).
 
 | Platform | TP      | GA      | DEF      |
 | -------- | ------- | ------- | ------- |
 | gcp      | [4.16](https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/machine_configuration/index#mco-update-boot-images)    |[4.17](https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/machine_configuration/index#mco-update-boot-images)     |4.19     |
 | aws      | [4.17](https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/machine_configuration/index#mco-update-boot-images)    |[4.18](https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/machine_configuration/index#mco-update-boot-images)     |4.19     |
 | vsphere  | 4.20    |4.21     |4.22     |
+| azure    | 4.20    |4.21     |4.22     |
 | baremetal|         |4.22     |4.23     |
 | openstack|         |4.22     |4.23     |
 | nutanix  |         |4.23     |4.24     |
@@ -383,6 +387,77 @@ spec:
     name: "cluster"
     namespace: "default"
 ```
+
+Alongside the implementation of default-on behavior, a Status field for ManagedBootImages is also planned. This would reflect the 
+current ManagedBootImages configuration and if unspecified, it will represent the current cluster defaults.
+```
+type MachineConfigurationStatus struct {
+  ...
+  ...
+
+	// managedBootImagesStatus reflects what the latest cluster-validated boot image configuration is
+	// and will be used by Machine Config Controller while performing boot image updates.
+	// +openshift:enable:FeatureGate=ManagedBootImages
+	// +optional
+	ManagedBootImagesStatus ManagedBootImages `json:"managedBootImagesStatus"`
+}
+
+```
+Here are some examples to illustrate how this works.
+
+Scenario: No admin configuration and the currrent release **does not** opt-in by default:
+```
+apiVersion: operator.openshift.io/v1
+kind: MachineConfiguration
+spec:
+status:
+  managedBootImagesStatus:
+    machineManagers:
+    - resource: machinesets
+      apiGroup: machine.openshift.io
+      selection:
+         mode: None
+```
+Scenario: No admin configuration and the currrent release **does** opt-in by default:
+```
+apiVersion: operator.openshift.io/v1
+kind: MachineConfiguration
+spec:
+status:
+  managedBootImagesStatus:
+    machineManagers:
+    - resource: machinesets
+      apiGroup: machine.openshift.io
+      selection:
+         mode: All
+```
+Regardless of the default-on behavior of the release, if the admin were to add a configuration, the status must reflect that in the next update.
+```
+apiVersion: operator.openshift.io/v1
+kind: MachineConfiguration
+spec:
+  managedBootImages:
+    machineManagers:
+    - resource: machinesets
+      apiGroup: machine.openshift.io
+      selection:
+         mode: Partial
+         partial:
+           machineResourceSelector:
+             matchLabels: {}
+status:
+  managedBootImagesStatus:
+    machineManagers:
+    - resource: machinesets
+      apiGroup: machine.openshift.io
+      selection:
+         mode: Partial
+         partial:
+           machineResourceSelector:
+             matchLabels: {}
+```
+  
+
 #### Skew Enforcement
 As mentioned in the timeline section, this would only be implemented after default-on behavior has been deemed to be stable across
 all platforms.
@@ -393,9 +468,10 @@ type ManagedBootImages struct {
   ...
   ...
   // skewEnforcement allows an admin to set behavior of the boot image skew enforcement mechanism.
-  // Enabled means that the MCO will degrade and prevent upgrades when the boot image skew is too large.
-  // Disabled means that the MCO will no longer degrade and will permit upgrades when the boot image skew is 
-  // too large. This may also hinder the cluster's scaling ability.
+  // Enabled means that the MCO will degrade and prevent upgrades when the boot image skew exceeds the 
+  // skew limit described by the release image.
+  // Disabled means that the MCO will no longer degrade and will permit upgrades when the boot image 
+  // exceeds the skew limit described by the release image. This will likely hinder the cluster's scaling ability.
   // +optional
   SkewEnforcement SkewEnforcementSelectorMode `json:"skewEnforcement"`
 }
@@ -535,7 +611,7 @@ MachineSet Reconciliation Loop:
 ```mermaid
 flowchart-elk TD;
     Start((Start)) -->MachineSetOwnerCheck[Does the MachineSet have an OwnerReference?]
-    MachineSetOwnerCheck -->|Yes|Error
+    MachineSetOwnerCheck -->|Yes|Stop
     MachineSetOwnerCheck -->|No| ConfigMapCheck[Has the coreos-bootimages ConfigMap been stamped by the MCO?] ;
     
     ConfigMapCheck -->|Yes|ArchType[Determine arch type of MachineSet, for eg: x86_64, aarch64] ;
@@ -548,9 +624,11 @@ flowchart-elk TD;
     subgraph PlatformSpecific[Platform Specific]
     ProviderSpec -->IgnitionCheck[Is stub Ignition referenced in ProviderSpec in spec 3 format?] ;
     IgnitionCheck -->|Yes|CompareBootImage[Compare bootimage in ProviderSpec against the coreos-bootimage ConfigMap] ;
+    IgnitionCheck -->|No| IgnitionUpgrade[Attempt Ignition Upgrade];
+    IgnitionUpgrade -->|Ignition Upgrade Successful| CompareBootImage;
     end
 
-    IgnitionCheck -->|No| Error[Throw an error to the cluster admin];
+    IgnitionUpgrade -->|Ignition Upgrade Failed| Error[Throw an error to the cluster admin];
     Error -->Stop[Stop];
     CompareBootImage -->|Mismatch| Patch[Patch MachineSet];
     CompareBootImage -->|Match| Stop[Stop];
@@ -590,8 +668,9 @@ flowchart-elk LR;
 ```
 Some points to note:
 - For bookkeeping purposes, the MCO will annotate the `MachineConfiguration` object when opting in the cluster by default.
-- If the cluster admin wishes to opt-out of the feature, they have to do so by removing the boot image configuration or explicitly opting out the cluster via the API knob. Due to the presence of the "default opted-in" annotation, the MCO will not attempt to opt-in the cluster by default again.
 - This mechanism will be active on installs and upgrades. 
+- If the cluster admin wishes to opt-out of the feature, they have to do so by explicitly opting out the cluster via the API knob prior to the upgrade. 
+- If any of the MachineSets have an OwnerReference, it will be skipped for boot image updates. This will cause an alert/warning to the cluster admin, but it will no longer cause a degrade. 
 
 
 ### Enforcement of bootimage skew
@@ -607,8 +686,7 @@ The release payload will describe the current skew policy. The structure of this
 Some combination of the following mechanisms should be implemented to alert users, particularly non-machineset backed scaled environments. The options generally fall under proactive enforcement (require users to either update or acknowledge risk before upgrading to a new version) vs. reactive enforcement (only fail when a non-compliant bootimage is being used to scale into the cluster).
 
 #### Proactive
-Introduce a new configmap in the MCO namespace that will store the last updated boot image and allows for easy comparison against the
-skew policy described in the release payload.
+Add a new field in the `coreos-bootimages` configmap in the MCO namespace that will store the cluster's current boot image and allows for easy comparison against the skew policy described in the release payload.
   - For machineset backed clusters, this would be updated by the MSBIC after it succesfully updates boot images. 
   - For non-machineset backed clusters, this would be updated by the cluster admin to indicate the last manually updated bootimage. The cluster admin would need to update this configmap every few releases, when the RHEL minor on which the RHCOS container is built on changes (e.g. 9.6->9.8). 
 
@@ -616,10 +694,7 @@ The cluster admin may also choose to opt-out of skew management via this configm
 
 A potential problem here is that the way boot images are stored in the machineset is lossy. In certain platforms, there is no way to recover the boot image metadata from the MachineSet. This is most likely to happen the first time the MCO attempts to do skew enforcement on a cluster that has never had boot image updates. In such cases, the MCO will default to the install time boot image, which can be recovered from the [aleph version](https://github.com/coreos/coreos-assembler/pull/768) of the control plane nodes. 
 
-This configmap can then be monitored to enforce skew limits. This could be done in a couple of ways:
-- **via the MCO**: If the skew is determined to be too large, the MCO can update its `ClusterOperator` object with an `Upgradeable=False` condition, along with remediation steps in the `Condition` message. This will signal to the CVO that the cluster is not suitable for an upgrade. The drawback of this approach is that the MCO is not able to signal *prior* to the start of a cluster upgrade, so if an incoming upgrade has a "stricter" skew policy, this could break scaling until the admin takes the remediation steps during the upgrade or after the upgrade is complete. This may present as strange UX to the user.
-
-- **via the CVO**: If the CVO is able to do the configmap monitoring, the enforcement can be a bit more proactive. The CVO could then potentially block an incoming upgrade based on the skew policy described in the new release payload, until the remediation steps have been done.
+This configmap can then be monitored to enforce skew limits. This could be done in a couple of ways. If the skew is determined to be too large, the MCO can update its `ClusterOperator` object with an `Upgradeable=False` condition, along with remediation steps in the `Condition` message. This will signal to the CVO that the cluster is not suitable for an upgrade.
 
 As stated earlier, to remediate, the cluster admin would then have to do one of the following:
 - Turn on boot image updates if it is a machineset backed cluster.

From ddb88853e9825ad11d82a1fa946bfc2a7363381d Mon Sep 17 00:00:00 2001
From: David <djoshy@redhat.com>
Date: Thu, 10 Apr 2025 15:51:38 -0400
Subject: [PATCH 4/9] drafted skew enforcement API, updated timeline

---
 .../machine-config/manage-boot-images.md      | 149 +++++++++++-------
 1 file changed, 89 insertions(+), 60 deletions(-)

diff --git a/enhancements/machine-config/manage-boot-images.md b/enhancements/machine-config/manage-boot-images.md
index c2e5fd0638..b9b2bf0427 100644
--- a/enhancements/machine-config/manage-boot-images.md
+++ b/enhancements/machine-config/manage-boot-images.md
@@ -5,6 +5,7 @@ authors:
 reviewers: 
   - "@yuqi-zhang"
   - "@mrunal"
+  - "@jlebon" 
   - "@cgwalters, for rhcos context" 
   - "@joelspeed, for machine-api context" 
   - "@sdodson, for installer context"
@@ -13,7 +14,7 @@ approvers:
 api-approvers: 
   - "@joelspeed"
 creation-date: 2023-10-16
-last-updated: 2025-02-26
+last-updated: 2025-04-10
 tracking-link:
   - https://issues.redhat.com/browse/MCO-589
 see-also:
@@ -29,11 +30,12 @@ superseded-by:
 
 This is a proposal to manage bootimages via the `Machine Config Operator`(MCO), leveraging some of the [pre-work](https://github.com/openshift/installer/pull/4760) done as a result of the discussion in [#201](https://github.com/openshift/enhancements/pull/201). This feature will only target standalone OCP installs. This is now released as an opt-in feature and will be rolled out on a per-platform basis (see projected roadmap). This will eventually be on by default, and the MCO will enforce an accepted skew and require non-platform managed bootimage updates to be acknowledged by the cluster admin.
 
-For `MachineSet` managed clusters, the end goal is to create an automated mechanism that can:
+For `MachineSet` managed clusters, the end goal is to create automated mechanisms that can:
 - update the boot images references in `MachineSets` to the latest in the payload image
 - ensure stub Ignition config referenced in each `Machinesets` is in spec 3 format
+- ensure cluster is within acceptable skew to prevent scaling failures
 
-For clusters that are not managed by `MachineSets`, the end goal is to create a document(KB or otherwise) that a cluster admin would follow to update their boot images.
+For clusters that are not managed by `MachineSets`, the end goal is to create a document(KB or otherwise) that a cluster admin would follow to update their boot images to be compliant with the acceptable skew. In such cases, the admin will be expected to record their cluster's boot image in the skew enforcement API object.
 
 
 ## Motivation
@@ -43,17 +45,15 @@ Currently, bootimage references are [stored](https://github.com/openshift/instal
 - podman [[1](https://issues.redhat.com/browse/OCPBUGS-9969)]
 - skopeo [[1](https://issues.redhat.com/browse/OCPBUGS-3621)]
 - composefs [[1](https://github.com/openshift/os/issues/1678#issuecomment-2546310833)]
+- sigstore GA [[1](https://issues.redhat.com/browse/OCPNODE-2619)],[[2](https://issues.redhat.com/browse/OCPBUGS-38809)]
 
-Additionally, the stub Ignition config [referenced](https://github.com/openshift/installer/blob/1ca0848f0f8b2ca9758493afa26bf43ebcd70410/pkg/asset/machines/gcp/machines.go#L197) in the `MachineSet` is also not managed. This stub is used by the ignition binary in firstboot to auth and consume content from the `machine-config-server`(MCS). The content served includes the actual Ignition configuration and the target OCI format RHCOS image. The ignition binary now does first boot provisioning based on this, then hands off to the `machine-config-daemon`(MCD) first boot service to do the reboot into the target OCI format RHCOS image. 
+Additionally, the stub Ignition config [referenced](https://github.com/openshift/installer/blob/1ca0848f0f8b2ca9758493afa26bf43ebcd70410/pkg/asset/machines/gcp/machines.go#L197) in the `MachineSet` is also not managed. This stub is also generated by the installer, and it typically consists of an endpoint and a Certificate Authority(CA), which are used by the ignition binary in firstboot to auth and consume content from the `machine-config-server`(MCS). This CA is called the [`RootCA`](https://github.com/openshift/installer/blob/99b48742d2f89b4978fe14cb6fe842e283c0ce4d/pkg/asset/tls/root.go#L19-L20) by the installer which is bit of a misnomer, as it does not give actual root access to the cluster - it is only used to generate the MCS TLS cert pair. Going forward, the proposal will be refer to these artifacts as the MCS CA & TLS cert. In 4.19, the MCO took ownership of [rotating the MCS CA & TLS cert](https://issues.redhat.com/browse/MCO-1208). 
 
-There has been [a previous effort](https://github.com/openshift/machine-config-operator/pull/1792) to manage the stub Ignition config. It was [reverted](https://github.com/openshift/machine-config-operator/pull/2126) and then [brought back](https://github.com/openshift/machine-config-operator/pull/2827#issuecomment-996156872) just for bare metal clusters. For other platforms, the `*-managed` stubs still get generated by the MCO, but are not injected into the `MachineSet`. The proposal plans to utilize these unused `*-managed` stubs, but it is important to note that this stub is generated(and synced) by the MCO and will ignore/override any user customizations to the original stub Ignition config. This limitation will be mentioned in the documentation, and a later release will provide support for user customization of the stub, either via API or a workaround through additional documentation. This should not be an issue for the majority of users as they very rarely customize the original stub Ignition config.
+The content served by the MCS includes the actual Ignition configuration and the target OCI format RHCOS image. The ignition binary now does first boot provisioning based on this, then hands off to the `machine-config-daemon`(MCD) first boot service to do the reboot into the target OCI format RHCOS image. 
 
-In certain long lived clusters, the MCS TLS cert contained within the above Ignition configuration may be out of date. Example issue [here](https://issues.redhat.com/browse/OCPBUGS-1817). While this has been partly solved [MCO-642](https://issues.redhat.com/browse/MCO-642) (which allows the user to manually rotate the cert) it would be very beneficial for the MCO to actively manage this TLS cert and take this concern away from the user. 
-
-**Note**: As of 4.19, the MCO supports [management of this TLS cert](https://issues.redhat.com/browse/MCO-1208). With this work in place, the MCO can now attempt to upgrade the stub Ignition config, instead of hardcoding to the `*-managed` stub as mentioned previously. This will help preserve any user customizations that were present in the stub Ignition config.
-
-This is also considered a blocking issue for [SigStore GA](https://issues.redhat.com/browse/OCPNODE-2619). It has caused issues such as [OCPBUGS-38809](https://issues.redhat.com/browse/OCPBUGS-38809) due to the older podman binary not being able to understand `sigstoreSigned` fields in `/etc/containers/policy.json`. There can be similar issues in the future that can be hard to anticipate. 
+Hence, it is critical that the Ignition binary in the boot image is able to process the stub Ignition config to make the initial MCS request and join the cluster. On clusters installed [prior to 4.6](https://docs.redhat.com/en/documentation/openshift_container_platform/4.6/html/release_notes/ocp-4-6-release-notes#ocp-4-6-ignition-spect-updated-v3), the stub Ignition would be of the spec 2 format - which cannot be used by the newer boot images. In very rare cases, some users also [customize](https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/postinstallation_configuration/post-install-node-tasks#machine-node-custom-partition_post-install-node-tasks) the original stub Ignition config. Therefore, to make boot image updates as seamless as possible, there is a need to upgrade these stub Ignition configs to the spec 3 format, while preserving any customizations done to it at install time.
 
+> **_NOTE:_** There has been [a previous effort](https://github.com/openshift/machine-config-operator/pull/1792) to manage the stub Ignition config. It was [reverted](https://github.com/openshift/machine-config-operator/pull/2126) and then [brought back](https://github.com/openshift/machine-config-operator/pull/2827#issuecomment-996156872) just for bare metal clusters. For other platforms, the `*-managed` stubs still get generated by the MCO, but are not injected into the `MachineSet`. Since they are generated and synced by the MCO, it ignores any user customizations. This proposal originally used the `*-managed` stubs in its initial implementation, but with the [MCS CA & TLS management](https://issues.redhat.com/browse/MCO-1208) work in place, the upgrade path mentioned above is preferred.
 
 This is also a soft pre-requisite for both dual-stream RHEL support in OpenShift, and on-cluster layered builds. RPM-OSTree presently does a deploy-from-self to get a new-enough rpm-ostree to deploy image-based RHEL CoreOS systems, and we would like to avoid doing this for bootc if possible. We would also like to prevent RHEL8->RHEL10 direct updates once that is available for OpenShift.
 
@@ -65,7 +65,7 @@ This is also a soft pre-requisite for both dual-stream RHEL support in OpenShift
 
 ### Goals
 
-The MCO will take over management of the boot image references and the stub Ignition configuration. The installer is still responsible for creating the `MachineSet` at cluster bring-up, but once cluster installation is complete the MCO will ensure that boot images are in sync with the latest payload. From the user standpoint, this should cause less compatibility issues as nodes will no longer need to pivot to a different version of RHCOS during node scaleup.
+The MCO will take over management of the boot image references and the stub Ignition configuration. The installer is still responsible for creating the `MachineSet` at cluster bring-up, but once cluster installation is complete the MCO will ensure that boot images are in sync with the latest payload. From the user standpoint, this should cause less compatibility issues as nodes will no longer need to pivot to a substantially different version of RHCOS during node scaleup.
 
 This should not interfere with existing workflows such as Hive and ArgoCD. As this is an opt-in mechanism, the cluster admin will be protected against such scenarios of accidental "reconciliation" and for additional safety, the MSBIC will also ensure that machinesets that have a valid OwnerReference will be excluded from boot image updates. We will work with affected teams to transition them to the new workflow before we turn this feature on by default.
 
@@ -82,15 +82,13 @@ __Overview__
 
 - The `machine-config-controller`(MCC) pod will gain a new sub-controller `machine_set_boot_image_controller`(MSBIC) that monitors `MachineSet` changes and the `coreos-bootimages` [ConfigMap](https://github.com/openshift/installer/pull/4760) changes.
 - Before processing a MachineSet, the MSBIC will check if the following conditions are satisfied:
-  - `ManagedBootImages` feature gate is active
   - The cluster and/or the machineset is opted-in to boot image updates. This is done at the operator level, via the `MachineConfiguration` API object.
   - The `machineset` does not have a valid owner reference. Having a valid owner reference typically indicates that the `MachineSet` is managed by another workflow, and that updates to it are likely going to cause thrashing. 
   - The golden configmap is verified to be in sync with the current version of the MCO. The MCO will update("stamp") the golden configmap with version of the new MCO image after at least 1 master node has successfully completed an update to the new OCP image. This helps prevent `machinesets` being updated too soon at the end of a cluster upgrade, before the MCO itself has updated and has had a chance to roll out the new OCP image to the cluster.
 
   If any of the above checks fail, the MSBIC will exit out of the sync.
 - Based on platform and architecture type, the MSBIC will check if the boot images referenced in the `providerSpec` field of the `MachineSet` is the same as the one in the ConfigMap. Each platform(gcp, aws...and so on) does this differently, so this part of the implementation will have to be special cased. The ConfigMap is considered to be the golden set of bootimage values, i.e. they will never go out of date. If it is not a match, the `providerSpec` field is cloned and updated with the new boot image reference.
-- Next, it will check if the stub secret referenced within the `providerSpec` field of the `MachineSet` is managed i.e. `worker-user-data-managed` and not `worker-user-data`. If it is unmanaged, the cloned `providerSpec` will be updated to reference the managed stub secret. This step is platform/arch agnostic.
-
+- Next, it will check if the stub Ignition secret referenced within the `providerSpec` field of the `MachineSet` is of the spec 3 format. If it is not of the spec 3 format, it will attempt to upgrade it to spec 3.
 - Finally, the MSBIC will attempt to patch the `MachineSet` if an update is required.
 
 #### Error & Alert Mechanism
@@ -98,12 +96,11 @@ __Overview__
 MSBIC sync failures may be caused by multiple reasons:
 - The `coreos-bootimages` ConfigMap is unavailable or in an incorrect format. This will likely happen if a user manually edits the ConfigMap, overriding the CVO.
 - The `coreos-bootimages` ConfigMap takes too long to be stamped by the MCO. This indicates that there are larger problems in the cluster such as an upgrade failure/timeout or an unrelated cluster failure.
+- The stub Ignition referenced in the `MachineSet` could not be upgraded to the spec 3 format. This will only happen when a user has heavily customized their Ignition stub, which is quite rare(and unsupported potentially). Resolving this will need manual intervention and this will be explained in the documentation.
 - Patching the `MachineSet` fails. This indicates a temporary API server blip, or larger RBAC issues.
 
 An error condition will be applied on the operator level `MachineConfiguration` object when the sync failures of a given `MachineSet` exceed a threshold amount for a period of time. The condition will include information regarding the sync failures and the logs of the MSBIC can be checked for additional details.
 
-In addition to this, a Prometheus alert will also be triggered by the MSBIC. This alert will list the misbehaving `MachineSet` and will be cleared automatically by the MSBIC if the sync is successfully completed later. 
-
 Note: In the future, patches to `MachineSets` will be prevented when they are not authoritative [#1465](https://github.com/openshift/enhancements/pull/1465). This will need to be accounted for within the logic of the MSBIC.
 
 ### Workflow Description
@@ -138,23 +135,29 @@ This work will be tracked in [MCO-793](https://issues.redhat.com/browse/MCO-793)
 
 ##### Projected timeline
 
-This is a tentative timeline, subject to change (GA = General Availability(opt-in), TP = Tech Preview(opt-in), DEF = Default-on(opt-out)).
+This is a tentative timeline for managed platforms, subject to change:
 
-| Platform | TP      | GA      | DEF      |
+| Platform | TechPreview (opt-in) | GA (opt-in) | Default-On (opt-out) |
 | -------- | ------- | ------- | ------- |
 | gcp      | [4.16](https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/machine_configuration/index#mco-update-boot-images)    |[4.17](https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/machine_configuration/index#mco-update-boot-images)     |4.19     |
 | aws      | [4.17](https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/machine_configuration/index#mco-update-boot-images)    |[4.18](https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/machine_configuration/index#mco-update-boot-images)     |4.19     |
 | vsphere  | 4.20    |4.21     |4.22     |
 | azure    | 4.20    |4.21     |4.22     |
-| baremetal|         |4.22     |4.23     |
-| openstack|         |4.22     |4.23     |
-| nutanix  |         |4.23     |4.24     |
-| ibmcloud |         |4.23     |4.24     |
-| non-managed*  |   x      |x    |4.25    |
+| baremetal| 4.21    |4.22     |4.23     |
+| openstack| 4.21        |4.22     |4.23     |
+| nutanix  |   4.22      |4.23     |4.24     |
+| ibmcloud |   4.22      |4.23     |4.24     |
+| non-managed | *    |*        |4.23*        |
+
+For **non-managed*** cases, boot image updates will be user initiated and supported via documentation. Hence, this will not be guarded by a feature gate, and the 4.23 timeline described above is for documentation. For managed cases, depending on initial feedback received from default-on behavior, it may be viable for the GA stage to be opt-out as well. This will be evaluated on a platform by platform basis. 
 
-Once default-on behavior has been deemed to be stable across the above mentioned platforms, skew enforcement will be implemented in a platform agnostic manner. Decoupling the default-on and skew enforcement mechanism would help iron out any edge cases unique to a platform and would also aid in refining the skew enforcement workflow. The tentative timeline for skew enforcement would be 4.25.
+The skew enforcement mechanism could be developed in parallel to the above timeline, in a platform agnostic manner:
+|  | DevPreview      | TechPreview      | GA      |
+| -------- | ------- | ------- | ------- |
+| skew management | 4.21   |4.22        |4.23*        |
+
+Decoupling the default-on and skew enforcement mechanisms would help iron out any edge cases unique to a platform and would also aid in refining the skew enforcement workflow. It is important to note that while skew management could be developed independantly, it should only be deemed ready for **GA*** after most widely used platforms have reached the opt-out stage. This is to minimize user disruption as much as possible. 
 
-**Note** : For non-managed cases, * indicates enforcement of user-initiated bootimage updates. See enforcement section below.
 ##### Cluster API backed machinesets
 
 As the Cluster API move is impending(initial release in 4.16 and default-on release in 4.17), it is necessary that this enhancement plans for the changes required in an CAPI backed cluster. Here are a couple of sample YAMLs used in CAPI backed `Machinesets`, from the [official Openshift documentation](https://docs.openshift.com/container-platform/4.14/machine_management/capi-machine-management.html#capi-sample-yaml-files-gcp).
@@ -455,34 +458,56 @@ status:
          partial:
            machineResourceSelector:
              matchLabels: {}
-```
-  
+```  
 
 #### Skew Enforcement
-As mentioned in the timeline section, this would only be implemented after default-on behavior has been deemed to be stable across
-all platforms.
 
-This would introduced as an new knob in the `ManagedBootImages` struct:
+This would introduced as an new knob in the `MachineConfiguration` Spec:
 ```
-type ManagedBootImages struct {
+type MachineConfigurationSpec struct {
   ...
   ...
-  // skewEnforcement allows an admin to set behavior of the boot image skew enforcement mechanism.
-  // Enabled means that the MCO will degrade and prevent upgrades when the boot image skew exceeds the 
-  // skew limit described by the release image.
-  // Disabled means that the MCO will no longer degrade and will permit upgrades when the boot image 
-  // exceeds the skew limit described by the release image. This will likely hinder the cluster's scaling ability.
+  // bootImageSkewEnforcement allows an admin to set the behavior of the boot image skew enforcement mechanism.
   // +optional
-  SkewEnforcement SkewEnforcementSelectorMode `json:"skewEnforcement"`
+  BootImageSkewEnforcement SkewEnforcementSelector `json:"bootImageSkewEnforcement"`
+}
+
+// +kubebuilder:validation:XValidation:rule="has(self.mode) && (self.mode == 'Automatic' || self.mode =='Manual') ?  has(self.bootImageOCPVersion) : !has(self.bootImageOCPVersion)",message="BootImageOCPVersion is required when type is Automatic or Manual, and forbidden otherwise"
+// +union
+type SkewEnforcementSelector struct {
+	// mode determines the underlying behavior of skew enforcement mechanism.
+	// Valid values are Automatic, Manual and Disabled.
+	// Automatic means that the MCO will store the OCP version associated with the last boot image update in the
+	// BootImageOCPVersion field.
+	// Manual means that the cluster admin is expected to perform manual boot image updates and store OCP version 
+	// associated with the last boot image update in the BootImageOCPVersion field.
+	// In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the 
+	// skew limit described by the release image.
+	// Disabled means that the MCO will permit upgrades when the boot image exceeds the skew limit 
+	// described by the release image. This may affect the cluster's ability to scale. 
+	// +unionDiscriminator
+	// +kubebuilder:validation:Required
+	Mode SkewEnforcementSelectorMode `json:"mode"`
+
+	// bootImageOCPVersion provides a string which will be used to enforce the skew limit.
+	// Only permitted when mode is set to "Automatic" or "Manual".
+	// +kubebuilder:validation:XValidation:rule="self.matches('^[0-9]*.[0-9]*.[0-9]*$')",message="bootImageOCPVersion must be in a semver compatible format of x.y.z"
+	// +kubebuilder:validation:MaxLength:=8	
+	// +optional
+  BootImageOCPVersion string `json:"bootImageOCPVersion,omitempty"`
 }
 
+
 // SkewEnforcementSelectorMode is a string enum used to indicate the cluster's boot image skew enforcement mode.
-// +kubebuilder:validation:Enum:="Enabled";"Disabled"
+// +kubebuilder:validation:Enum:="Automatic";"Manual";"Disabled"
 type SkewEnforcementSelectorMode string
 
 const (
-	// Enabled represents a configuration mode that enables boot image skew enforcement.
-	Enabled SkewEnforcementSelectorMode = "Enabled"
+	// Automatic represents a configuration mode that allows automatic skew enforcement.
+	Automatic SkewEnforcementSelectorMode = "Automatic"
+
+	// Manual represents a configuration mode that allows manual skew enforcement.
+	Manual SkewEnforcementSelectorMode = "Manual"
 
 	// Disabled represents a configuration mode that disables boot image skew enforcement.
 	Disabled SkewEnforcementSelectorMode = "Disabled"
@@ -605,8 +630,12 @@ status:
 The goal of this is to provide information about the "lineage" of a machine management resource to the user. The user can then manually restore their machine management resource to an earlier state if they wish to do so by following documentation. 
 
 ### Implementation Details/Notes/Constraints [optional]
+The reconciliation loop below is run on any `MachineSet` that is opted in for updates when any of the following in-cluster resources are added or updated:
+1. A `MachineSet`'s providerSpec field. This is where a MachineSet's boot image references reference are stored.
+2. The `coreos-bootimages` ConfigMap, which is the cluster's golden reference for boot images. This is typically updated by the CVO during an upgrade.
+3. The singleton `MachineConfiguration` object called `cluster`. This is used to configure the Managed Boot Images feature.
+
 
-MachineSet Reconciliation Loop:
 
 ```mermaid
 flowchart-elk TD;
@@ -615,8 +644,8 @@ flowchart-elk TD;
     MachineSetOwnerCheck -->|No| ConfigMapCheck[Has the coreos-bootimages ConfigMap been stamped by the MCO?] ;
     
     ConfigMapCheck -->|Yes|ArchType[Determine arch type of MachineSet, for eg: x86_64, aarch64] ;
-    ConfigMapCheck -->|No| Wait[A cluster upgrade is ongoing. Wait until at least 1 control plane node has completed an update.];
-    Wait --> |Upgrade Complete| ArchType
+    ConfigMapCheck -->|No| Wait((Poll coreos-bootimages ConfigMap until it has been stamped));
+    Wait --> |ConfigMap has been stamped| ArchType
     Wait --> |Timeout| Error
     ArchType -->PlatformType[Determine platform type of MachineSet, for eg: gcp, aws, vsphere] ;
     PlatformType -->ProviderSpec[Grab providerSpec from MachineSet, for eg: GCPProviderSpec, AWSProviderSpec etc] ;
@@ -654,16 +683,18 @@ The UX element involved include the user opt-in and opt-out, which is currently
 This will be done on a platform by platform basis. Some key benchmarks have to be met for a platform to be considered ready
 for default on:
 - Sufficent runtime(say, at least 1 release) has been accumulated while boot image updates has been GAed for this platform.
-- Periodic tests have been added for this platform in CI and have met certain passing metrics.
+- Periodic tests have been added for this platform in CI and have met certain passing metrics. This should include Y stream upgrade e2es.
 - Any teams that are affected by default-on
 behavior have been notified and assisted with the transition.
 
 The default-on flow could look like this:
 ```mermaid
 flowchart-elk LR;
-    Start((Start)) -->MachineConfigurationCheck[Does the cluster currently have a boot image update configuration?]
+    Start((Start)) -->PlatformCheck[Does the cluster platform have boot image updates suppport?]
+    PlatformCheck -->|Yes|MachineConfigurationCheck[Does the cluster currently have a boot image update configuration?]
+    PlatformCheck -->|No| Stop ;
     MachineConfigurationCheck -->|Yes|Stop
-    MachineConfigurationCheck -->|No| UpdateConfig[The MCO will opt-in the cluster to boot image updates] ;
+    MachineConfigurationCheck -->|No| UpdateConfig["The MCO will inject a default configuration based on the platform, which could be opt-in or opt-out"] ;    
     UpdateConfig --> Stop((Stop));
 ```
 Some points to note:
@@ -675,34 +706,32 @@ Some points to note:
 
 ### Enforcement of bootimage skew
 
-There should be some mechanism that will alert the user and fail if a cluster's bootimage are out of date. For example, at upgrade time, the MCO could signal to the CVO by setting Upgradeable=False.
-
-#### Acceptable skew
+There should be some mechanism that will alert the user when a cluster's bootimage are out of date. To allow for this, the release payload will gain a new field, which will store the OCP version of the minimum acceptable boot image for that release. 
 
-The release payload will describe the current skew policy. The structure of this skew policy is TBD, but at the minimum it should describe the lowest acceptable boot image for the release. Generally speaking, we would like to keep the bootimage version aligned to the RHEL version we are shipping in the payload. For example, a 9.6 bootimage will be allowed until 9.8 is shipped via RHCOS. We would like to keep this customizable, such that any major breaking changes outside of RHEL major/minor can still be enforced as a one-off.
+Generally speaking, we would like to keep the bootimage version aligned to the RHEL version we are shipping in the payload. For example, a 9.6 bootimage will be allowed until 9.8 is shipped via RHCOS. We would like to keep this customizable, such that any major breaking changes outside of RHEL major/minor can still be enforced as a one-off.
 
 #### Enforcement options
 
 Some combination of the following mechanisms should be implemented to alert users, particularly non-machineset backed scaled environments. The options generally fall under proactive enforcement (require users to either update or acknowledge risk before upgrading to a new version) vs. reactive enforcement (only fail when a non-compliant bootimage is being used to scale into the cluster).
 
 #### Proactive
-Add a new field in the `coreos-bootimages` configmap in the MCO namespace that will store the cluster's current boot image and allows for easy comparison against the skew policy described in the release payload.
-  - For machineset backed clusters, this would be updated by the MSBIC after it succesfully updates boot images. 
-  - For non-machineset backed clusters, this would be updated by the cluster admin to indicate the last manually updated bootimage. The cluster admin would need to update this configmap every few releases, when the RHEL minor on which the RHCOS container is built on changes (e.g. 9.6->9.8). 
+Add a new field in the `MachineConfiguration` object for configuration of the skew enforcement mechanism. More details about this can be found in the [API extensions section](#skew-enforcement). This field will store the OCP version of the cluster's current boot image and allows for easy comparison against the skew limit described in the release payload.
+  - For machineset backed clusters, this would be updated by the MSBIC after it succesfully updates boot images for all machine resources in the cluster. 
+  - For non-machineset backed clusters, this would be updated by the cluster admin to indicate the last manually updated bootimage. The cluster admin would need to update this API object every few releases, when the RHEL minor on which the RHCOS container is built on changes (e.g. 9.6->9.8). 
 
-The cluster admin may also choose to opt-out of skew management via this configmap, which indicates that they will not require scaling nodes, and thereby opting out of skew enforcement and scaling functionality.
+The cluster admin may also choose to opt-out of skew management via this field, acknowledge that their scaling ability may be limited.
 
-A potential problem here is that the way boot images are stored in the machineset is lossy. In certain platforms, there is no way to recover the boot image metadata from the MachineSet. This is most likely to happen the first time the MCO attempts to do skew enforcement on a cluster that has never had boot image updates. In such cases, the MCO will default to the install time boot image, which can be recovered from the [aleph version](https://github.com/coreos/coreos-assembler/pull/768) of the control plane nodes. 
+This object can then be monitored to enforce skew limits. If the skew is determined to be too large, the MCO can update its `ClusterOperator` object with an `Upgradeable=False` condition, along with remediation steps in the `Condition` message. This will signal to the CVO that the cluster is not suitable for an upgrade.
 
-This configmap can then be monitored to enforce skew limits. This could be done in a couple of ways. If the skew is determined to be too large, the MCO can update its `ClusterOperator` object with an `Upgradeable=False` condition, along with remediation steps in the `Condition` message. This will signal to the CVO that the cluster is not suitable for an upgrade.
-
-As stated earlier, to remediate, the cluster admin would then have to do one of the following:
+To remediate, the cluster admin would then have to do one of the following:
 - Turn on boot image updates if it is a machineset backed cluster.
-- Manually update the boot image and update the configmap if it is a non machineset backed cluster.
+- Manually update the boot image and update the skew enforcement object if it is a non machineset backed cluster.
 - Opt-out of skew enforcement altogether, giving up scaling ability.
 
+A potential problem here is that the way boot images are stored in the machineset is lossy. In certain platforms, there is no way to recover the boot image metadata from the MachineSet. This is most likely to happen the first time the MCO attempts to do skew enforcement on a cluster that has never had boot image updates. In such cases, the MCO will use the OCP version from install time to determine skew instead. 
+
 #### Reactive
-1. Have the MCS reject new ignition requests if the aformentioned configmap indicates that the cluster's bootimages are out of date. The MCS could then signal to the cluster admin that scale-up is not available until the configmap has been reconciled.
+1. Have the MCS reject new ignition requests if the aformentioned object indicates that the cluster's bootimages are out of date. The MCS would then signal to the cluster admin that scale-up is not available until the skew has been resolved. Raising the alarm from the MCS at the cluster level will help prevent avoid additional noise for the cluster infra team, and make apparent that the scaling failure was intentional. The MCS will also attempt to serve an Ignition config that writes a message to `/etc/issue` explaining that the bootimage is too old, which will be visible from the node's console.
 2. Add a service to be shipped via RHCOS/MCO templates, which will do a check on incoming OS container image vs currently booted RHCOS version. This runs on firstboot right after the MCD pulls the new image, and will prevent the node to rebase to the updated image if the drift is too far.
 
 RHEL major versions will no longer be cross-compatible. i.e. if you wish to have a RHEL10 machineconfigpool, you must use a RHEL10 bootimage.

From 95759fc963f8fcf6ec48d3a5f5d759362aed55b1 Mon Sep 17 00:00:00 2001
From: David <djoshy@redhat.com>
Date: Thu, 24 Apr 2025 15:13:02 -0400
Subject: [PATCH 5/9] timeline updatge

---
 enhancements/machine-config/manage-boot-images.md | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/enhancements/machine-config/manage-boot-images.md b/enhancements/machine-config/manage-boot-images.md
index b9b2bf0427..68248e7b69 100644
--- a/enhancements/machine-config/manage-boot-images.md
+++ b/enhancements/machine-config/manage-boot-images.md
@@ -143,13 +143,12 @@ This is a tentative timeline for managed platforms, subject to change:
 | aws      | [4.17](https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/machine_configuration/index#mco-update-boot-images)    |[4.18](https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/machine_configuration/index#mco-update-boot-images)     |4.19     |
 | vsphere  | 4.20    |4.21     |4.22     |
 | azure    | 4.20    |4.21     |4.22     |
-| baremetal| 4.21    |4.22     |4.23     |
 | openstack| 4.21        |4.22     |4.23     |
-| nutanix  |   4.22      |4.23     |4.24     |
+| nutanix  |   4.21      |4.22     |4.23     |
 | ibmcloud |   4.22      |4.23     |4.24     |
 | non-managed | *    |*        |4.23*        |
 
-For **non-managed*** cases, boot image updates will be user initiated and supported via documentation. Hence, this will not be guarded by a feature gate, and the 4.23 timeline described above is for documentation. For managed cases, depending on initial feedback received from default-on behavior, it may be viable for the GA stage to be opt-out as well. This will be evaluated on a platform by platform basis. 
+For **non-managed***(including baremetal) cases, boot image updates will be user initiated and supported via documentation. Hence, this will not be guarded by a feature gate, and the 4.23 timeline described above is for documentation. For managed cases, depending on initial feedback received from default-on behavior, it may be viable for the GA stage to be opt-out as well. This will be evaluated on a platform by platform basis. 
 
 The skew enforcement mechanism could be developed in parallel to the above timeline, in a platform agnostic manner:
 |  | DevPreview      | TechPreview      | GA      |
@@ -494,7 +493,7 @@ type SkewEnforcementSelector struct {
 	// +kubebuilder:validation:XValidation:rule="self.matches('^[0-9]*.[0-9]*.[0-9]*$')",message="bootImageOCPVersion must be in a semver compatible format of x.y.z"
 	// +kubebuilder:validation:MaxLength:=8	
 	// +optional
-  BootImageOCPVersion string `json:"bootImageOCPVersion,omitempty"`
+	BootImageOCPVersion string `json:"bootImageOCPVersion,omitempty"`
 }
 
 

From 7d37a633ef1b68c5c38c186591ed30238160ca90 Mon Sep 17 00:00:00 2001
From: David <djoshy@redhat.com>
Date: Wed, 28 May 2025 15:28:02 -0400
Subject: [PATCH 6/9] updated skew API, rootCA & reactive methods clarification

---
 .../machine-config/manage-boot-images.md      | 58 ++++++++++++-------
 1 file changed, 37 insertions(+), 21 deletions(-)

diff --git a/enhancements/machine-config/manage-boot-images.md b/enhancements/machine-config/manage-boot-images.md
index 68248e7b69..56bb5b1829 100644
--- a/enhancements/machine-config/manage-boot-images.md
+++ b/enhancements/machine-config/manage-boot-images.md
@@ -46,8 +46,9 @@ Currently, bootimage references are [stored](https://github.com/openshift/instal
 - skopeo [[1](https://issues.redhat.com/browse/OCPBUGS-3621)]
 - composefs [[1](https://github.com/openshift/os/issues/1678#issuecomment-2546310833)]
 - sigstore GA [[1](https://issues.redhat.com/browse/OCPNODE-2619)],[[2](https://issues.redhat.com/browse/OCPBUGS-38809)]
+- aarch64 bootloaders [[1](https://issues.redhat.com/browse/COS-3240)]
 
-Additionally, the stub Ignition config [referenced](https://github.com/openshift/installer/blob/1ca0848f0f8b2ca9758493afa26bf43ebcd70410/pkg/asset/machines/gcp/machines.go#L197) in the `MachineSet` is also not managed. This stub is also generated by the installer, and it typically consists of an endpoint and a Certificate Authority(CA), which are used by the ignition binary in firstboot to auth and consume content from the `machine-config-server`(MCS). This CA is called the [`RootCA`](https://github.com/openshift/installer/blob/99b48742d2f89b4978fe14cb6fe842e283c0ce4d/pkg/asset/tls/root.go#L19-L20) by the installer which is bit of a misnomer, as it does not give actual root access to the cluster - it is only used to generate the MCS TLS cert pair. Going forward, the proposal will be refer to these artifacts as the MCS CA & TLS cert. In 4.19, the MCO took ownership of [rotating the MCS CA & TLS cert](https://issues.redhat.com/browse/MCO-1208). 
+Additionally, the stub Ignition config [referenced](https://github.com/openshift/installer/blob/1ca0848f0f8b2ca9758493afa26bf43ebcd70410/pkg/asset/machines/gcp/machines.go#L197) in the `MachineSet` is also not managed. This stub is also generated by the installer, and it typically consists of an endpoint and a Certificate Authority(CA), which are used by the ignition binary in firstboot to auth and consume content from the `machine-config-server`(MCS). This CA is called the [`RootCA`](https://github.com/openshift/installer/blob/99b48742d2f89b4978fe14cb6fe842e283c0ce4d/pkg/asset/tls/root.go#L19-L20) and is only used to generate the MCS TLS cert pair. Going forward, the proposal will be refer to these artifacts as the MCS CA & TLS cert. In 4.19, the MCO took ownership of [rotating the MCS CA & TLS cert](https://issues.redhat.com/browse/MCO-1208). 
 
 The content served by the MCS includes the actual Ignition configuration and the target OCI format RHCOS image. The ignition binary now does first boot provisioning based on this, then hands off to the `machine-config-daemon`(MCD) first boot service to do the reboot into the target OCI format RHCOS image. 
 
@@ -95,9 +96,9 @@ __Overview__
 
 MSBIC sync failures may be caused by multiple reasons:
 - The `coreos-bootimages` ConfigMap is unavailable or in an incorrect format. This will likely happen if a user manually edits the ConfigMap, overriding the CVO.
-- The `coreos-bootimages` ConfigMap takes too long to be stamped by the MCO. This indicates that there are larger problems in the cluster such as an upgrade failure/timeout or an unrelated cluster failure.
 - The stub Ignition referenced in the `MachineSet` could not be upgraded to the spec 3 format. This will only happen when a user has heavily customized their Ignition stub, which is quite rare(and unsupported potentially). Resolving this will need manual intervention and this will be explained in the documentation.
 - Patching the `MachineSet` fails. This indicates a temporary API server blip, or larger RBAC issues.
+- The same `MachineSet` is patched multiple times to the same boot image. This indicates that there is atleast one external actor actively stomping on the value applied by the MSBIC.
 
 An error condition will be applied on the operator level `MachineConfiguration` object when the sync failures of a given `MachineSet` exceed a threshold amount for a period of time. The condition will include information regarding the sync failures and the logs of the MSBIC can be checked for additional details.
 
@@ -461,41 +462,56 @@ status:
 
 #### Skew Enforcement
 
+Note: This section is still a WIP and will require thorough API review. Once the form of the API has been settled, this will be updated again.
+
 This would introduced as an new knob in the `MachineConfiguration` Spec:
 ```
 type MachineConfigurationSpec struct {
   ...
   ...
-  // bootImageSkewEnforcement allows an admin to set the behavior of the boot image skew enforcement mechanism.
-  // +optional
-  BootImageSkewEnforcement SkewEnforcementSelector `json:"bootImageSkewEnforcement"`
+	// bootImageSkewEnforcement allows an admin to set the behavior of the boot image skew enforcement mechanism.
+	// +optional
+	BootImageSkewEnforcement SkewEnforcementSelector `json:"bootImageSkewEnforcement"`
 }
 
-// +kubebuilder:validation:XValidation:rule="has(self.mode) && (self.mode == 'Automatic' || self.mode =='Manual') ?  has(self.bootImageOCPVersion) : !has(self.bootImageOCPVersion)",message="BootImageOCPVersion is required when type is Automatic or Manual, and forbidden otherwise"
+// +kubebuilder:validation:XValidation:rule="has(self.mode) && (self.mode == 'Automatic' || self.mode =='Manual') ?  has(self.clusterBootImage) : !has(self.clusterBootImage)",message="clusterBootImage is required when type is Automatic or Manual, and forbidden otherwise"
 // +union
 type SkewEnforcementSelector struct {
 	// mode determines the underlying behavior of skew enforcement mechanism.
 	// Valid values are Automatic, Manual and Disabled.
 	// Automatic means that the MCO will store the OCP version associated with the last boot image update in the
-	// BootImageOCPVersion field.
-	// Manual means that the cluster admin is expected to perform manual boot image updates and store OCP version 
-	// associated with the last boot image update in the BootImageOCPVersion field.
-	// In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the 
+	// clusterBootImage field.
+	// Manual means that the cluster admin is expected to perform manual boot image updates and store OCP version
+	// associated with the last boot image update in the clusterBootImage field.
+	// In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the
 	// skew limit described by the release image.
-	// Disabled means that the MCO will permit upgrades when the boot image exceeds the skew limit 
-	// described by the release image. This may affect the cluster's ability to scale. 
+	// Disabled means that the MCO will permit upgrades when the boot image exceeds the skew limit
+	// described by the release image. This may affect the cluster's ability to scale.
 	// +unionDiscriminator
-	// +kubebuilder:validation:Required
+	// +required
 	Mode SkewEnforcementSelectorMode `json:"mode"`
 
-	// bootImageOCPVersion provides a string which will be used to enforce the skew limit.
+	// clusterBootImage describes the current boot image of the cluster. This will be used to enforce the skew limit.
 	// Only permitted when mode is set to "Automatic" or "Manual".
-	// +kubebuilder:validation:XValidation:rule="self.matches('^[0-9]*.[0-9]*.[0-9]*$')",message="bootImageOCPVersion must be in a semver compatible format of x.y.z"
-	// +kubebuilder:validation:MaxLength:=8	
 	// +optional
-	BootImageOCPVersion string `json:"bootImageOCPVersion,omitempty"`
+	ClusterBootImage ClusterBootImage `json:"clusterBootImage,omitempty"`
 }
 
+// MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information
+// such as the resource type and the API Group of the resource. It also provides granular control via the selection field.
+type ClusterBootImage struct {
+	// ocpVersion provides a string which represents the OCP version of the boot image
+	// +kubebuilder:validation:XValidation:rule="self.matches('^[0-9]*.[0-9]*.[0-9]*$')",message="bootImageOCPVersion must be in a semver compatible format of x.y.z"
+	// +kubebuilder:validation:MaxLength:=8
+	// +required
+	OCPVersion string `json:"ocpVersion"`
+
+	// rhcosVersion provides a string which represents the RHCOS version of the boot image
+	// +kubebuilder:validation:XValidation:rule="self.matches('^[0-9]*.[0-9]*$')",message="rhcosVersion must be in a semver compatible format of x.y"
+	// +kubebuilder:validation:MaxLength:=8
+	// +optional
+	RHCOSVersion string `json:"rhcosVersion,omitempty"`
+}
 
 // SkewEnforcementSelectorMode is a string enum used to indicate the cluster's boot image skew enforcement mode.
 // +kubebuilder:validation:Enum:="Automatic";"Manual";"Disabled"
@@ -705,7 +721,7 @@ Some points to note:
 
 ### Enforcement of bootimage skew
 
-There should be some mechanism that will alert the user when a cluster's bootimage are out of date. To allow for this, the release payload will gain a new field, which will store the OCP version of the minimum acceptable boot image for that release. 
+There should be some mechanism that will alert the user when a cluster's bootimage are out of date. To allow for this, the `coreos-bootimages` configmap will gain a new field, which will store the the boot image required for upgrading to the next y stream release.
 
 Generally speaking, we would like to keep the bootimage version aligned to the RHEL version we are shipping in the payload. For example, a 9.6 bootimage will be allowed until 9.8 is shipped via RHCOS. We would like to keep this customizable, such that any major breaking changes outside of RHEL major/minor can still be enforced as a one-off.
 
@@ -715,12 +731,12 @@ Some combination of the following mechanisms should be implemented to alert user
 
 #### Proactive
 Add a new field in the `MachineConfiguration` object for configuration of the skew enforcement mechanism. More details about this can be found in the [API extensions section](#skew-enforcement). This field will store the OCP version of the cluster's current boot image and allows for easy comparison against the skew limit described in the release payload.
-  - For machineset backed clusters, this would be updated by the MSBIC after it succesfully updates boot images for all machine resources in the cluster. 
+  - For machineset backed clusters, this would be updated by the MSBIC after it successfully updates boot images for all machine resources in the cluster. 
   - For non-machineset backed clusters, this would be updated by the cluster admin to indicate the last manually updated bootimage. The cluster admin would need to update this API object every few releases, when the RHEL minor on which the RHCOS container is built on changes (e.g. 9.6->9.8). 
 
 The cluster admin may also choose to opt-out of skew management via this field, acknowledge that their scaling ability may be limited.
 
-This object can then be monitored to enforce skew limits. If the skew is determined to be too large, the MCO can update its `ClusterOperator` object with an `Upgradeable=False` condition, along with remediation steps in the `Condition` message. This will signal to the CVO that the cluster is not suitable for an upgrade.
+This object can then be monitored to enforce skew limits. If the skew is determined to be too large, the MCO can update its `ClusterOperator` object with an `Upgradeable=False` condition, along with remediation steps in the `Condition` message. This will signal to the CVO that the cluster is not suitable for an upgrade to the next y stream release.
 
 To remediate, the cluster admin would then have to do one of the following:
 - Turn on boot image updates if it is a machineset backed cluster.
@@ -730,7 +746,7 @@ To remediate, the cluster admin would then have to do one of the following:
 A potential problem here is that the way boot images are stored in the machineset is lossy. In certain platforms, there is no way to recover the boot image metadata from the MachineSet. This is most likely to happen the first time the MCO attempts to do skew enforcement on a cluster that has never had boot image updates. In such cases, the MCO will use the OCP version from install time to determine skew instead. 
 
 #### Reactive
-1. Have the MCS reject new ignition requests if the aformentioned object indicates that the cluster's bootimages are out of date. The MCS would then signal to the cluster admin that scale-up is not available until the skew has been resolved. Raising the alarm from the MCS at the cluster level will help prevent avoid additional noise for the cluster infra team, and make apparent that the scaling failure was intentional. The MCS will also attempt to serve an Ignition config that writes a message to `/etc/issue` explaining that the bootimage is too old, which will be visible from the node's console.
+1. Have the MCS reject new ignition requests if the aformentioned object indicates that the cluster's bootimages are out of date. The MCS would then signal to the cluster admin that scale-up is not available until the skew has been resolved. Raising the alarm from the MCS at the cluster level will help prevent additional noise for the cluster infra team, and make apparent that the scaling failure was intentional. The MCS will also attempt to serve an Ignition config that writes a message to `/etc/issue` explaining that the bootimage is too old, which will be visible from the node's console.
 2. Add a service to be shipped via RHCOS/MCO templates, which will do a check on incoming OS container image vs currently booted RHCOS version. This runs on firstboot right after the MCD pulls the new image, and will prevent the node to rebase to the updated image if the drift is too far.
 
 RHEL major versions will no longer be cross-compatible. i.e. if you wish to have a RHEL10 machineconfigpool, you must use a RHEL10 bootimage.

From 783cfaf528085f30f8af9f0171b342e8d55b82aa Mon Sep 17 00:00:00 2001
From: David <djoshy@redhat.com>
Date: Tue, 3 Jun 2025 15:18:45 -0400
Subject: [PATCH 7/9] minor fixes

---
 enhancements/machine-config/manage-boot-images.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/enhancements/machine-config/manage-boot-images.md b/enhancements/machine-config/manage-boot-images.md
index 56bb5b1829..3a0d98b05e 100644
--- a/enhancements/machine-config/manage-boot-images.md
+++ b/enhancements/machine-config/manage-boot-images.md
@@ -98,7 +98,7 @@ MSBIC sync failures may be caused by multiple reasons:
 - The `coreos-bootimages` ConfigMap is unavailable or in an incorrect format. This will likely happen if a user manually edits the ConfigMap, overriding the CVO.
 - The stub Ignition referenced in the `MachineSet` could not be upgraded to the spec 3 format. This will only happen when a user has heavily customized their Ignition stub, which is quite rare(and unsupported potentially). Resolving this will need manual intervention and this will be explained in the documentation.
 - Patching the `MachineSet` fails. This indicates a temporary API server blip, or larger RBAC issues.
-- The same `MachineSet` is patched multiple times to the same boot image. This indicates that there is atleast one external actor actively stomping on the value applied by the MSBIC.
+- The same `MachineSet` is patched multiple times to the same boot image. This indicates that there is at least one external actor actively stomping on the value applied by the MSBIC.
 
 An error condition will be applied on the operator level `MachineConfiguration` object when the sync failures of a given `MachineSet` exceed a threshold amount for a period of time. The condition will include information regarding the sync failures and the logs of the MSBIC can be checked for additional details.
 
@@ -646,7 +646,7 @@ The goal of this is to provide information about the "lineage" of a machine mana
 
 ### Implementation Details/Notes/Constraints [optional]
 The reconciliation loop below is run on any `MachineSet` that is opted in for updates when any of the following in-cluster resources are added or updated:
-1. A `MachineSet`'s providerSpec field. This is where a MachineSet's boot image references reference are stored.
+1. A `MachineSet`'s providerSpec field. This is where a MachineSet's boot image references are stored.
 2. The `coreos-bootimages` ConfigMap, which is the cluster's golden reference for boot images. This is typically updated by the CVO during an upgrade.
 3. The singleton `MachineConfiguration` object called `cluster`. This is used to configure the Managed Boot Images feature.
 
@@ -721,7 +721,7 @@ Some points to note:
 
 ### Enforcement of bootimage skew
 
-There should be some mechanism that will alert the user when a cluster's bootimage are out of date. To allow for this, the `coreos-bootimages` configmap will gain a new field, which will store the the boot image required for upgrading to the next y stream release.
+There should be some mechanism that will alert the user when a cluster's bootimage are out of date. To allow for this, the `coreos-bootimages` configmap will gain a new field, which will store the boot image required for upgrading to the next y stream release.
 
 Generally speaking, we would like to keep the bootimage version aligned to the RHEL version we are shipping in the payload. For example, a 9.6 bootimage will be allowed until 9.8 is shipped via RHCOS. We would like to keep this customizable, such that any major breaking changes outside of RHEL major/minor can still be enforced as a one-off.
 

From d4507d04249245d327f279717ce9b90ed84ef4de Mon Sep 17 00:00:00 2001
From: David <djoshy@redhat.com>
Date: Tue, 3 Jun 2025 16:30:50 -0400
Subject: [PATCH 8/9] minor fixes and clarify non MCS scenario

---
 enhancements/machine-config/manage-boot-images.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/enhancements/machine-config/manage-boot-images.md b/enhancements/machine-config/manage-boot-images.md
index 3a0d98b05e..0a84bdce28 100644
--- a/enhancements/machine-config/manage-boot-images.md
+++ b/enhancements/machine-config/manage-boot-images.md
@@ -277,7 +277,7 @@ type MachineManagerSelector struct {
 	// Valid values are All and Partial.
 	// All means that every resource matched by the machine manager will be updated.
 	// Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated.
-  // None means that every resource matched by the machine manager will NOT be updated.
+	// None means that every resource matched by the machine manager will NOT be updated.
 	// +unionDiscriminator
 	// +kubebuilder:validation:Required
 	Mode MachineManagerSelectorMode `json:"mode"`
@@ -464,7 +464,7 @@ status:
 
 Note: This section is still a WIP and will require thorough API review. Once the form of the API has been settled, this will be updated again.
 
-This would introduced as an new knob in the `MachineConfiguration` Spec:
+This would be introduced as a new knob in the `MachineConfiguration` Spec:
 ```
 type MachineConfigurationSpec struct {
   ...
@@ -497,8 +497,8 @@ type SkewEnforcementSelector struct {
 	ClusterBootImage ClusterBootImage `json:"clusterBootImage,omitempty"`
 }
 
-// MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information
-// such as the resource type and the API Group of the resource. It also provides granular control via the selection field.
+// ClusterBootImage describes the boot image of a cluster. It stores the RHCOS version of the boot image and 
+// the OCP release version which shipped with that RHCOS boot image.
 type ClusterBootImage struct {
 	// ocpVersion provides a string which represents the OCP version of the boot image
 	// +kubebuilder:validation:XValidation:rule="self.matches('^[0-9]*.[0-9]*.[0-9]*$')",message="bootImageOCPVersion must be in a semver compatible format of x.y.z"
@@ -734,7 +734,7 @@ Add a new field in the `MachineConfiguration` object for configuration of the sk
   - For machineset backed clusters, this would be updated by the MSBIC after it successfully updates boot images for all machine resources in the cluster. 
   - For non-machineset backed clusters, this would be updated by the cluster admin to indicate the last manually updated bootimage. The cluster admin would need to update this API object every few releases, when the RHEL minor on which the RHCOS container is built on changes (e.g. 9.6->9.8). 
 
-The cluster admin may also choose to opt-out of skew management via this field, acknowledge that their scaling ability may be limited.
+The cluster admin may also choose to opt-out of skew management via this field, acknowledging that their scaling ability may be limited.
 
 This object can then be monitored to enforce skew limits. If the skew is determined to be too large, the MCO can update its `ClusterOperator` object with an `Upgradeable=False` condition, along with remediation steps in the `Condition` message. This will signal to the CVO that the cluster is not suitable for an upgrade to the next y stream release.
 
@@ -747,7 +747,7 @@ A potential problem here is that the way boot images are stored in the machinese
 
 #### Reactive
 1. Have the MCS reject new ignition requests if the aformentioned object indicates that the cluster's bootimages are out of date. The MCS would then signal to the cluster admin that scale-up is not available until the skew has been resolved. Raising the alarm from the MCS at the cluster level will help prevent additional noise for the cluster infra team, and make apparent that the scaling failure was intentional. The MCS will also attempt to serve an Ignition config that writes a message to `/etc/issue` explaining that the bootimage is too old, which will be visible from the node's console.
-2. Add a service to be shipped via RHCOS/MCO templates, which will do a check on incoming OS container image vs currently booted RHCOS version. This runs on firstboot right after the MCD pulls the new image, and will prevent the node to rebase to the updated image if the drift is too far.
+2. Add a service to be shipped via RHCOS/MCO templates, which will do a check on incoming OS container image vs currently booted RHCOS version. This runs on firstboot right after the MCD pulls the new image, and will prevent the node to rebase to the updated image if the drift is too far. This would cover environments that do not use the MCS such as [installing via ISO on bare metal](https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/installing_on_bare_metal/user-provisioned-infrastructure#installation-user-infra-machines-iso_installing-bare-metal).
 
 RHEL major versions will no longer be cross-compatible. i.e. if you wish to have a RHEL10 machineconfigpool, you must use a RHEL10 bootimage.
 

From d5046280a4d5c8b4ca85dcc780748b0c02f3570f Mon Sep 17 00:00:00 2001
From: David <djoshy@redhat.com>
Date: Wed, 4 Jun 2025 15:38:30 -0400
Subject: [PATCH 9/9] clarify skew limit & install boot image version

---
 enhancements/machine-config/manage-boot-images.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/enhancements/machine-config/manage-boot-images.md b/enhancements/machine-config/manage-boot-images.md
index 0a84bdce28..5cd619ce66 100644
--- a/enhancements/machine-config/manage-boot-images.md
+++ b/enhancements/machine-config/manage-boot-images.md
@@ -723,7 +723,7 @@ Some points to note:
 
 There should be some mechanism that will alert the user when a cluster's bootimage are out of date. To allow for this, the `coreos-bootimages` configmap will gain a new field, which will store the boot image required for upgrading to the next y stream release.
 
-Generally speaking, we would like to keep the bootimage version aligned to the RHEL version we are shipping in the payload. For example, a 9.6 bootimage will be allowed until 9.8 is shipped via RHCOS. We would like to keep this customizable, such that any major breaking changes outside of RHEL major/minor can still be enforced as a one-off.
+Generally speaking, we would like to keep the minimum required bootimage version aligned to the RHEL version we are shipping in the payload and constant for a given release's z stream. For example, a 9.6 bootimage will be allowed until 9.8 is shipped via RHCOS. We would like to keep this customizable, such that any major breaking changes outside of RHEL major/minor can still be enforced as a one-off.
 
 #### Enforcement options
 
@@ -743,7 +743,7 @@ To remediate, the cluster admin would then have to do one of the following:
 - Manually update the boot image and update the skew enforcement object if it is a non machineset backed cluster.
 - Opt-out of skew enforcement altogether, giving up scaling ability.
 
-A potential problem here is that the way boot images are stored in the machineset is lossy. In certain platforms, there is no way to recover the boot image metadata from the MachineSet. This is most likely to happen the first time the MCO attempts to do skew enforcement on a cluster that has never had boot image updates. In such cases, the MCO will use the OCP version from install time to determine skew instead. 
+A potential problem here is that the way boot images are stored in the machineset is lossy. In certain platforms, there is no way to recover the boot image metadata from the MachineSet. This is most likely to happen the first time the MCO attempts to do skew enforcement on a cluster that has never had boot image updates. In such cases, the MCO will use the OCP version from install time(derived from the [`clusterversion`](https://github.com/openshift/enhancements/blob/master/enhancements/update/clusterversion-history-pruning.md) object) to determine skew instead. 
 
 #### Reactive
 1. Have the MCS reject new ignition requests if the aformentioned object indicates that the cluster's bootimages are out of date. The MCS would then signal to the cluster admin that scale-up is not available until the skew has been resolved. Raising the alarm from the MCS at the cluster level will help prevent additional noise for the cluster infra team, and make apparent that the scaling failure was intentional. The MCS will also attempt to serve an Ignition config that writes a message to `/etc/issue` explaining that the bootimage is too old, which will be visible from the node's console.