From 5b177e639340397933f219e73c00ade31ce17fc6 Mon Sep 17 00:00:00 2001 From: Jeremy Klein Date: Sun, 22 Sep 2024 15:44:03 -0700 Subject: [PATCH] Add UMADE-01: UMA Auth --- README.md | 9 + extensions/umade-01-auth.md | 275 ++++++++++++++++++++++++++++++ images/uma-auth-high-level.png | Bin 0 -> 68173 bytes umad-10-configuration-document.md | 41 +++++ 4 files changed, 325 insertions(+) create mode 100644 extensions/umade-01-auth.md create mode 100644 images/uma-auth-high-level.png diff --git a/README.md b/README.md index f5a351f..f8107e2 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,15 @@ This repo is organized as a set of individual documents describing a single mess | [UMAD-09](/umad-09-invoice.md) | Invoice | | [UMAD-11](/umad-11-request.md) | Request | +## Extensions + +UMA has a number of extensions that can be implemented by VASPs to provide additional functionality. These extensions are +not part of the core UMA payment protocol, but are defined here for reference. + +| Link | Title | +| ---------------------------------------------- | ------------------------------------ | +| [UMADE-01](/umade-01-auth.md) | UMA Auth | + ## Additional Resources - [Full Documentation and Guides](https://docs.uma.me) diff --git a/extensions/umade-01-auth.md b/extensions/umade-01-auth.md new file mode 100644 index 0000000..0b8046c --- /dev/null +++ b/extensions/umade-01-auth.md @@ -0,0 +1,275 @@ +# UMADE-01: UMA Auth: NWC + OAuth + +UMA Auth is an extension of UMA which allows users to connect their UMA-enabled wallets to third-party applications. +This allows users to send and receive payments in the currency of their choice from within their favorite apps. It also +allows application developers to easily add payment functionality to their apps without needing to worry about the +underlying payment infrastructure. + +This is made possible by the [Nostr Wallet Connect (NWC)](https://nwc.dev) protocol, which was designed to connect +Lightning-enabled wallets to third-party applications via [Nostr](https://nostr.com/). UMA auth extends NWC to simplify +the UX of connecting a wallet (using OAuth 2.0), and add cross-currency payments to allow users and applications to +transact in any currency they choose. + +## Protocol Overview + +From a protocol perspective, UMA Auth is a combination of the UMA protocol, OAuth 2.0, and the NWC protocol. + +![UMA Auth Protocol Overview](/images/uma-auth-high-level.png) + +When a user wants to connect their UMA wallet to a third-party application: + +1. The client app starts a standard OAuth 2.0 flow by redirecting the user to the UMA provider's authorization endpoint. +2. The UMA provider authenticates the user and asks for their permission to connect to the client app. +3. The UMA provider redirects the user back to the client app with an authorization code as usual in OAuth 2.0. +4. The client app exchanges the authorization code for an NWC connection string and refresh token. +5. The client app uses the NWC connection string to connect to the user's UMA wallet and start sending and receiving payments. +6. The client app uses the refresh token to get a new NWC connection string when the old one expires. + +This process utilizes the battle-tested security and familiar UX of OAuth to establish a connection, with the simplicity +and flexibility of Nostr Wallet Connect for sending and receiving payments. Users can configure granular permissions and +budgets for each connected app, and revoke access at any time. + +## Client App Registration + +Traditionally, OAuth 2.0 requires client apps to register with the authorization server before they can request access +to user resources. Because NWC and UMA Auth connect client apps to arbitrary wallet services, it is not feasible for +every client app to register with every wallet service or UMA provider. Instead, the Nostr protocol is used for +decentralized client app registration. + +When an application wants to use UMA Auth, it generates a single Nostr keypair that indentifies the appplication. This +is called the "identity keypair". An application should have a single identity keypair that represents the application +as opposed to one for each app instance or user. The identity keypair is used to sign and publish a nostr registration +message (kind 13195) that contains the application's name, logo, allowed redirect URLs, etc. For example: + +```jsonc +{ + "kind": 13195, + // ... other fields + "content": { + "name": "Zappy Bird", + "nip05": "_@zappybird.com", + "image": "https://zappybird.com/logo.png", + "allowed_redirect_uris": ["https://zappybird.com/auth/callback", "zappybird://auth/callback"], + } +} +``` + +This event contains the content that would show up on a permissions page: app name, image, and a +[NIP-05-verified](https://github.com/nostr-protocol/nips/blob/master/05.md) address. Critically, it also contains a list +of allowed redirect URIs. This list is used to ensure that apps that claim to be Zappy Bird can only redirect to the +URIs that Zappy Bird has claimed. This prevents phishing attacks where an attacker could register an app with the same +name and logo as Zappy Bird and redirect users to a malicious site. + +The client ID used for the OAuth flow is ` `, where `` is the public key of the +identity keypair (in bech32 "npub" format) and `` is the Nostr relay where the client app published the 13195 +event. The client ID is used by the VASP to look up the client app's registration event, show the user the app's metadata, +and limit the redirect URIs to those listed in the event. + +### Client App Verification + +Once the client app has published this event, it can be optionally verified by an authority via a +[NIP-32 label event](https://github.com/nostr-protocol/nips/blob/master/32.md). +For example, if "Ol' Reliable Fintech" is a known trusted verifier of client applications, VASPs could look for a label +event from them for the given 13195 event and show the user a “verified” badge. The VASP can also check the listed domain +for NIP-05 verification. In order to be verified by a trusted authority, the client application can manually register +with an authority. As a future optimization, they can issue a +[NIP-89 Data Vending Machine](https://github.com/nostr-protocol/nips/blob/master/90.md) request to optionally pay +anyone claiming to be an authority to issue labels verifying their app identity event. This can be automatic, +asynchronous, and fully decentralized. + +For more details on the Nostr protocol for client app registration, see +[NIP-68](https://github.com/nostr-protocol/nips/pull/1383), which was designed specifically for this purpose. + +## OAuth Connection Flow + +The OAuth connection flow is a standard OAuth 2.0 flow with a few UMA-specific parameters and details. Client applications +first need to discover the UMA VASP's OAuth endpoints and supported features. This is done by fetching the VASP's UMA +configuration document from `/.well-known/uma-configuration` on the VASP's domain. See [UMAD-10](/umad-10-configuration-document.md) +for more details. The configuration document should contain the following fields relevant to UMA Auth: + +- `authorization_endpoint`: The URL of the VASP's authorization endpoint. This is where the client application should send + the user to authenticate and authorize the client application to access their wallet. +- `token_endpoint`: The URL of the VASP's token endpoint. This is where the client application exchanges an authorization + code for an access token (a new NWC Connection), and where the client application can refresh an access token. +- `nwc_commands_supported`: An array of strings representing the NWC commands that the VASP supports. This should be an + array of strings, where each string is a valid NWC command name. +- `grant_types_supported`: An array of strings representing the OAuth grant types that the VASP supports. For now, in + most cases, this should just be `["authorization_code"]`. +- `code_challenge_methods_supported`: An array of strings representing the PKCE code challenge methods that the VASP + supports. For now, in most cases, this should just be `["S256"]`. +- `connection_management_endpoint`: The URL of the VASP's connection management endpoint. This is where the user can + create, update, and delete NWC Connections. +- `revocation_endpoint`: The URL of the VASP's revocation endpoint. This is where the client application can revoke an + access token (NWC Connection). + +As with any OAuth 2.0 flow, the client application should start the auth flow by redirect the user to the VASP's +authorization endpoint with the following query parameters: + +### Auth Request URL Params + +An example URL for the auth request might look like this: + +```url +?client_id=npub37fd9…%3Awss%3A%2F%2Fmyrelay.info&redirect_uri=https%3A%2F%2Fexample.com&response_type=code&code_challenge=a43f6ed&code_challenge_method=S256&state=foobar&required_commands=pay_invoice%20make_invoice%20lookup_invoice&optional_commands=list_transactions&budget=10.USD%2Fmonthly&expires_at=1717964120 +``` + +OAuth params above are listed first, followed by UMA-specific params. + +Standard OAuth Params: + +- `client_id` in the format `identity_npub identity_relay`: This will be used to lookup the client app as described above +in the client app registration section. +- `redirect_uri`: The redirect URI which will receive callback data from the wallet service on successful authentication. +It will get back the auth code that can be exchanged for a token. If there was a kind-13195 nostr event as described above, +the wallet will validate this redirect URI against declared allowed patterns. +- `response_type=code`: Indicates that the “Authorization Code” flow will be used. +- `code_challenge` and `code_challenge_method`: The PKCE exchange details. +- `state`: Optional oauth state param for CSRF and state restoration. + +Extra NWC params: + +- required_commands: A space-separated list of commands that the app requires from the wallet. The wallet MUST NOT connect +if it does not support all of these permissions, or if the user does not grant one of them. +- optional_commands: (optional) A space-separated list of commands that the wallet can enable to add additional functionality. +The wallet MAY ignore these. +- budget: (optional) Requested budget in the format `./`. If the `.` is omitted, +satoshis are assumed. If `/` is omitted, it’s a budget forever. For example, a budget string of “1000” would mean +that this connection can only ever be used for a maximum of 1000 satoshis sent. +- expires_at: (optional) connection cannot be used after this date. Unix timestamp in seconds. + +### Authorization Response + +The auth request's redirect follows the standard OAuth 2.0 flow. Using the `redirect_uri` param, the wallet will redirect +to the client application with either: + +`?error=ACCESS_DENIED&error_description=Some%20short%20message` +(see +[here](https://www.oauth.com/oauth2-servers/authorization/the-authorization-response/#:~:text=longer%20be%20used.-,Error%20Response,-There%20are%20two) +for full description of errors) + +or + +`?code=g0ZGZmNjVmOWI&state=dkZmYxMzE2` + +If the user denies the request, the wallet will redirect with an error. If the user accepts, and there are no other errors, +the wallet will redirect with the auth code and state. + +### Token Exchange + +The client application can then exchange the auth code for an access token and refresh token by sending a POST request to +the VASP's `token_endpoint` as specified in the `uma-configuration` document. An example token request might look like this: + +```http +POST /oauth/token HTTP/1.1 +Host: https://umanwc.examplevasp.com + +grant_type=authorization_code +&code=xxxxxxxxxxx +&redirect_uri=https://example-app.com/redirect +&code_verifier=Th7UHJdLswIYQxwSg29DbK1a_d9o41uNMTRmuH0PM8zyoMAQ +&client_id=npub16f80k0f4vg0nnlepxrqxeh81slyzst2d wss://myrelay.info +``` + +The `redirect_uri` and `client_id` must match the values used in the auth request. The `code_verifier` is the PKCE code +verifier matching the `code_challenge` used in the auth request. If successful, the VASP will respond as follows: + +```http +HTTP/1.1 200 OK +Content-Type: application/json +Cache-Control: no-store + +{ + "access_token":"b9d11fe05e266fe7389fdf1359211e7859656a7898d64f3066092156de109b31", + "token_type":"Bearer", + "expires_in":86400, + "refresh_token":"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTDk", + "nwc_connection_uri": +"nostr+walletconnect://a421a5e2a615eff3b797be5318e4e187d24b100748cfaa8d0b390ce659906d8f?relay=wss://relay.getalby.com/v1&secret=b9d11fe05e266fe7389fdf1359211e7859656a7898d64f3066092156de109b31&lud16=$bob@examplevasp.com" + "commands": ["pay_invoice", "fetch_quote", "execute_quote", "make_invoice", "pay_to_address"], + "budget": "100.USD/month", + "nwc_expires_at": 1721796505 +} +``` + +The standard OAuth token response fields are included here along with some details about the established NWC connection. +The client can use the `nwc_connection_uri` to make requests to the wallet. Note that the `access_token` is the +`secret` in the `nwc_connection_uri`. This implies that the `nwc_connection_uri` expires when the `access_token` expires +(denoted by `expires_in`). This is usually fairly short (~2 hours), but can be configured by the VASP. Client apps should +store the `refresh_token` securely and use it to get a new `access_token` when the old one expires. + +### Refreshing Tokens + +Token refresh works exactly as in OAuth 2.0. The client app sends a POST request to the VASP's `token_endpoint` as follows: + +```http +POST /oauth/token HTTP/1.1 +Host: https://nwc.uma.jeremykle.in + +grant_type=refresh_token +&refresh_token=IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk +&client_id=npub16f80k0f4vg0nnlepxrqxeh81slyzst2d:wss://myrelay.info +``` + +The VASP will respond with the same format as the initial access token request. The client app should store the new +`access_token` and `refresh_token` and use the new `nwc_connection_uri` to make requests to the wallet. + +## NWC Requests + +Requests should be made to the `nwc_connection_uri` provided in the token response. For details on the NWC protocol, see +[NIP-47](https://github.com/nostr-protocol/nips/blob/master/47.md). + +### Pending NIP PRs Adopted in UMA Auth + +UMA Auth propoeses some new NWC commands to support cross-currency payments and client app registration. These changes +are proposed in the following NIPs PRs: + +- [NIP-68: Client App Registration](https://github.com/nostr-protocol/nips/pull/1383) +- [Cross-Currency Payments](https://github.com/nostr-protocol/nips/pull/1353) +- [Add get_budget command](https://github.com/nostr-protocol/nips/pull/1504) + +#### Budgets + +Budgets can be set per-connection to limit the amount of money that can be sent by a client application in a given period. +The budget granted is specified in the `budget` field of the token response. The format is `./`. + +Client applications can also fetch the currently available budget for a connection by sending a `get_budget` command to the +wallet. The wallet will respond with the current budget details as follows: + +```json +{ + "result_type": "get_budget", + "result": { + "remaining_budget_msats": 10000, + "total_budget_msats": 100000, + "renews_at": 1693876973, // timestamp in seconds since epoch, optional. If not provided, the budget does not renew. + "renewal_period": "monthly", // daily|weekly|monthly|yearly|never + "currency": { + "name": "US Dollar", + "code": "USD", + "symbol": "$", + "decimals": 2, + "total_budget": 1000, + "remaining_budget": 100, + } + } +} +``` + +#### NIP-44 Encryption + +At the time of writing, NWC uses [NIP-04](https://github.com/nostr-protocol/nips/blob/master/04.md) for encryption and +decryption of messages. This encryption protocol has been deprecated in favor of +[NIP-44](https://github.com/nostr-protocol/nips/blob/master/44.md), which is known to be more secure, and has been +thoroughly audited by security experts. As a result, any NWC connection established via the UMA Auth OAuth flow will +use NIP-44 for encryption and decryption of messages. + +## Additional Resources + +- [Full Documentation and Guides](https://docs.uma.me/uma-auth/introduction) +- Client SDKs: + - [Web/React](https://github.com/uma-universal-money-address/uma-js-sdk) + - [Android](https://github.com/uma-universal-money-address/uma-auth-client-android) + - (iOS SDK coming soon) +- [VASP Open API Schema](https://github.com/uma-universal-money-address/uma-auth-api) +- [UMA NWC Docker Image](https://github.com/uma-universal-money-address/uma-nwc-server). See the documentation for + more info. diff --git a/images/uma-auth-high-level.png b/images/uma-auth-high-level.png new file mode 100644 index 0000000000000000000000000000000000000000..c9d25e1f8a3f8e66e51fd2753ec9f66d8fd46a2a GIT binary patch literal 68173 zcmeEucRbbm|2QWKC6rJ$6=kQ8aYz}Fh^#n9Co7J9>|>QwR?7%EN%jusn8%8vj3b+4 zpOA6vJ%4Za=IDMu_xJh!`TOTrk4L?|->>o9ujhJsp>*b%>OAF*(UJH{}&k< zT$GG#%8ZOmI);pl*)hKKo-FV|%fjHcrG^ICW#E~L3`Bm4>zRxU zSPA%Zosug5q(9yxd>ui78@Re*eyj0_}hbKk(#K;w=y)Bz@J{>b5>g|G+A zaen}rtcNu42(xfC=kkEr*}F)4$npF&LK=A9e=Wkp_16$rTR9#B4K1#l4$c-_62hXw zqC8+4E-o%v=SP;(+P9Q{PX~UIFVptF{5|b2y#C%!c7HKxEgKIDJHuNxFbjJZ05q_~ zRZ-c$w)u}Qhk*Vu)8KIC6;UyXKd1ij>3>eW>0syJtm9}7wE&C#p7O`5KSu8ZF0JWo zV*$`~pK|-d|Kr{7@vo^ zMwW%{hqVPE$Yl$fqn}y%&j$qL9y!MNL54eDbn-RG{OG49ev^3e3v!AImInSwy>{gXe4hX3P#`$v$=u?w_Sn)$zt;}<al!FOM#q{@xS~N z5JY)`gZW}1=)aBv)&Le``!DPKwafos?4Q*Be?hZVA>*5gfqNUsz4YDf33+|LjYiXq z_Eb&%^6|z)>B=)2&MIihSl|4~CvS+D(m`f`cP2G)CUb*r7Y+rGdw3=F)%?8!39@E3 z=v+zF^kF-(TU2p<0JT21w>vi_zqcfxDG$s(8aB|-uXZq)pJryLvQpY{SYgH8Z_T}K zMfm;!aU^uBrZwZF7gvpb4}QjEP`{FTBT!|xW~L)ur_*nz+mCj@YFdXhElN$CI@Ei(^tOSuI1LC+Rn zwuG*8XZ{vtGaitMUu=Uy@15V`ACpz3)s1Xy<`yBlW%$s}D3iAShR!7>Av&rIU9}A;>z;CLNd*L4JjGkExFIseTt6B=4g8Z&C(m zoL>Kx6p?Y7@9uqB<=#p^KX|W2bl74=P&e}7J0BA3^aS!601=1>BQ|ppv5nQc#G&2n zc46f1a;m^!RRUtQw-bYKv55Z=PEbBTpz0mv?qYQ1{U-46=!0&Y({`}mdhkoS9TdsX zK`6sHIGUk6wYl=yOf0NE1R7;gLwW%{Vydb|zkbmi*-ENPBcNrE) zW*$4qrpml!Ok(p#CI8+~idQhS&Q6mRSUe--iO_&^(Qg*c)Z}T`es9hHOt^Aj9X}fSuW6M>kIL!lY_ubH zJI>veAkInu{@No*zMGex?$}LfU)zU*=&;|+UfOKedecRs{yWMj&z;w{-+av!+%^>Js&U>scfBkQH#GShc_{+<-fLU05cy(VSi z_n1|q`?omxgPK8&rMn#h9zS<;HG=TYQtkP-8{h{_P>>`a)LHQC)kr2*7`9__eydhM z^Qq$Dz~dR|Pa|M+PUX9Wh7&mzx_`@Az!iZt8u&j10?-`VElPE zKN3gH@ZJUNksFG?VV8K|pEvuZQ8?4XPQY7kDW518-i_>2Ze1b4;U18fE5Aa+QIf2$ zvjJG2-oic-kp3V!iWczJOno+fFz(vyjM@QVrN}{L+1c4Yf`3Ell$yh?_Z!L!G$#-{ z--exDJhA9J*rkdG1QS2iC;VN=*>3FsofXCy#r2+54(za#98SYK`8OioyrRo1sV3Eg zLD$|SlEfXX1PnTHK{ROIDGl==;=mMqta=Qbn)=hk9|sCYVx2;O9J8oT{}Oi|`N0xZ z4`^6qbH?)eE*(hGfgUqzeKf3^&+o++9gOt{?Eoup#gzn;_By0D6X;oltyrkr0kIib z!u+cV*3W95ku>RWolF1>{WFI0699{cHrQ};mTD{DNbS+g&v|08vXJAdH^tkR&(|uJ0psC8yxuo{dEjAa7$B6Sk zQ{wDn!!+zRaeLdiPP{{uW9V@$mN2;t|mrlTYy;Vo=7Up#Ts?8u*zYi0;)a`svL#^WGlRnrpe}#_2-2{zZ5w8bNdk=?D=nO;bk?D3enjWfJva zW9gVWSUcbvv#5vh5;@BI57Ds8AWJmmkUn+(N}L!Sh@h8cW1zCmg52q`j5!)TiFz8| z(R;1x&f37!2`5{;#;;7oeY5X?;OlV6;d2foD@$)UtCOQ8>7P=R$)M_R?K?x|TE(0$ zddPPxr}Z_wsT?Y2YV&PcwL2MC^1=3qicWQ0L;yxh_Pr8tmjt=XG@QPbnEquuXLN{uG=Zo z!09h9o_zrig0-EE=x_prk!S&NKz|o|&waaOd$Ez#Axv#=(07a2i)#8V>$5&TbDf)y zh-*|AsVHpZ9lGepUU02_lS$+ypnSl-&*nj7kjF02Ukv{&?R zi22I0=z(Q-|6B%>pD4K1{&6eQbmy_|<{h>G=vBS?1uxI7p6HQ*@blby;8Xc%*E7PTKiIeHo+d6~Yyo ziLp-w?0fUU^7kDu8@LK&9S|B&3ZD^Wq%QgvZ$jl2pY{QOvTl*eIgE z@2*Y@{ZRg4#+v^F6rWqUH85vs8lnK0IaV1rq?Mi_hu%26o_w+O#e4gEZG=;|vUz-d zG9f7feUirjON2K`$W=!Zt|#&YwT5wp6W@=-1V4J}1r=^;xpPwmWNvwFcO5IAfRLN7 zIwG_Ab(Kzjdp=w^xj>qlnXrnQR8Dph5`rT2O%ZVK?!sAOkX*vowU>!dx~q}{;sI2g za;9r`RI+&oW-0Fqxs_~AXx|YMYMIRILu!1)xCB#tI4*I%5Y+ue>xIt{fd_I9@}^NZdl4~+Cw2MY+%y)5mBJ9^*FlsP{o6R%GxCXeV%cD<=X}9+HD)#r_vn!0+d8Qte3gO z6!^LDmgqa-=`GpZw>wC`-3{X7shaF!T`RkoqYv}#>>?2M8f9rhIXy*)$nCiPLB!es zvD1d7xI)zXl=vCLJIFS}0-O1UQrB@FG%idr#$#hF8rw+3qw52&KEE>^y7J!%waz!c zB9TL~fEPvPBXfO{y?{k_;<4W%ep)!~JK&>p|k}X`|GMZixFp6Z982nb2)9(~eJXV+w36RuX~YmZ*5C z>3P%c)ZS85L5+FDyYvTMYpHORnKE^)=SBK`UweUEdY)o&8PwFV0|Z2}k>h=L5A2#k zz;)p8pLpsbdGN-J2DG&{mzz^O`f>_gxs#1tlL{io&r3LCOq{=6C{VCqcqw~}XZZzv zx^0E$^O#_LiWg7S?iGhwdI>ZeB*=fEBO1Ea8=2(hPE)ESI_-3gU3-e%_Y~|d5PSe1 z3s)}>QVML4x=Yc_06ujkW#VY=(o(ul$9S^oW?OVd0S;W|wbU$`xo>Sfq1~7Bu%M^m zMn*jn7a`UJOg`YH;S@u-}~BlLYJgS7ULMKlBj5fbNwJ`+H9 zjrHF~YshOld#7GUicY^42?1p?tpn$DCJ?N;mL@4a4G(F0WD4JtO*pVmAFH+jr)~*f zl1h35cn+cW{S6}+R_9gM8O7WBVw+G5Z27R=vjJHVrG}af@Zl=*gf6DQ>=^EE7+I@I zPxZ~S&z8FKTeencIogd1M&ICK!wg@B8Z|w-Q#%RREay0JIa8`j*G=0t+i?N?gWvdQ z?xh4>fG}P^LUvI#^$B=; zzE%d+Xr-Q#$jb@_EOnXXt=Y6;0`tsiqB(o@Mf7x*z=l{Gk?PCn($V%Y@Sc3Ya#vcD z2kf|4JG~eA)L^nCF6tS*Nib2op!)zs@Y@rKn+h@Vnc8o7RB7*G)+JNcPJ9&x_*H$xKQ71@@hkjV{rHw0Y~ z!*vx|6m!(5@Wt6T4EFiFSj@if-hb4stfuBI>SIA(W1k?;x_YgAJ%$ndFt+8EMbpyR zoPams*S3^yM`OSE2tqvpPz}bDKsxlIuJJYey~-ptWdjX9hW{t1n!f{+o^SOXWzO45*ecCl7 ziRYH`R2>q}HG15+S#QuH)&mZ2UhI)aE!+!8r(%)5Yw_8Rq!FSgfipZD%4Qezr;Z5T z@Si8D$Zy^gyTj8EA}S(xHIZQ}&%vb4=<})Fh4%=^@s(4XO57fIj#qaO(L)Ksv2uLn zFWsD*a*(?3aqFKGBnLf`uI2T2`o9pS65vRpmpC=M7$Rn2a~N-?nPhX_t4}^& z1}Q{A{B~CIGnNS5mAflMSh@gRWz33do&n8O8_sDp7(VB!XN{X3@|YRLt4Sf_w~(&c zOCw@Oi%-o&(d5YQE=0(LS%J&)C&gKpU`tN?MRgW5p|=4ozLR8bbO1%bB$dx7kOT1} z_Voi^BHF1vL8Wa@<@zU_eOtZpMrJEccwl3{A?~9?+GXvg;PGu*T6gd(w1X2EgI}rqFZZKY=!j1mq>NW7U8} z3`;5&S^Ih^y!yWkHUd_TtKmBs>km2tWMNJ|x6wU(bMREvLwSN73syvFl6PD#kn+_?up@iNIWj&vZ{P_xM1wJo>H zCQT<%P&B$KGZ*vV!*!Pw_z+@iRTnsIJ4+@K@TJ+ThfDIm0`N#V2mUu|Y7OtK4dsG2 zeH&8>KW6#Ugph^2gv_q841{Z{;=`` zzEHpu`{)B^A4n4^#sBv#*vrQ7e^9|kHQStf{;PQza;ko^=vQBjfZg7qK5M4E5lK<-df`VU_=l8RnB zLCWc&%CCli_Ztn)mWmJljaOYp07EOV-Gd|))tR5S<_jC2_j$w$90!NA`2AGn1+Xk< zZM{$CK+Me2L9j$9+x8PW@blEey2l?=v(f?f#h%O>&^~}TN~rak>u2_f1n=1|anPMV z#*#Ml76e2Rdt`XzKqLb$(JWK5ugwjaegNcLXC?*qZ_@CK+ibq)NTbHVEON?>-id1f zB|c?r-NANP4`C3UfQud_yjb#Y*v0PWyC077@Kyq2Ax%vS=0)Ei2NQb*w+r|7RM55;a ziT-gSh?d0m`b&Td+~Sn~uZID}2@b3T4@%`g#8_VYCla0?txX}3^$(zd1Si`DS+6V! z)m-3sSW_D${0oNd0EY47#l4S7gVO;F)yImQ4_+Lw7O-(bfcAGg8xY?e;3HZIfU)g1 z`;SoKZ%FLE0J3p00)rq~>nr3pu_wNgQuKck@WZ~D)+tFmST}DF0AgAWvwD}DvR+_* zb2?YwZ=1l0#VZ(*9J9YLcV+D9c9M}K6=fL>pujHIIQlQRhQ0a;)NKo5={RH!7CMW7 zypPNo(|ae`r5QCd-|}hN%g;S?3T)swIKzYap z;HfGe(0-Sik~k7x!uxn#d6PMf1&lyB`>9jqJHJ%qGg_`s#NVa$*xi`O49MhrNVP@)FB;R`JK^$o&>VOz#^cS3mYLPG}#BvoB3Aoyy2u)Wsw` zCnLliUGQ-LoPbC3b}0w2?#neJWqIf0*L6V$SXBYujWpohh!jLWy$IBK_qc-Br}QgJ zAvjit@*gbg`Q{woe=u1dm5B5~YB$v8Q}a;=^x6B}M%ZnAJ*|0_9knDKt`f7kGw0{0 zzqhDXv)gBzJHTKvhTrg70p*r2ez!YuRs}Pq28KqR&HnSe1BCB8K+At5+y%MJeif4? zl+Dsh`EIY+Q5k~0T#zRX4D13kzjYnpuSollWp)C{y;CnPon+3LKcpv-_!4Kr# zXRulMvMhI|1t{P4`xd2t-ug+-Lq6yZq*mDr*mzkk7d_E>@jiS;W#k&N%mc`XNM1{H zV@KzOmG)4n2d1^{6I2@N&EYxV=H1u#r0gM%q8K9l56=Lg6gx%yLh;EYYfh3O;sC@> zF0a3^fUIDJ>B9oH2?G>JthZt|nktEBIOWaRu}$jjp(-^cS7VxvR9wCF*~Ib_!_P5% zo!I+;hE3O1Xf(c{es>ZI77uUDpX@1of$KW|D>U%-TSL1EprG|nBh+}xv7YedQMNwG zSS12hg6f#Xs0NQ~2-&OF>GxI%@4f3e8JoO5pQI@`oi0PWYAFET4eot)k81MaI4AzJ za7uu&UG%eXL3Ib>_uZ#{_tFX)1+SvYfHY-h*=(sTN&uUhfGOZ;$36dC36y6B?)S_B zY8W$+aIN0os|THv$DSjCS$_!Mue(|L;(1LImeg}M{zKJ30t}rfh(0#jOJn#N&oZs$J0sUpLjMERJoKxku=2^H6ZR)wrZ!>~KYcN!?2KqD(pTcHT9HY8e zv7yq`%cW6NGu9$O1Qq`7`}&*o)Wa03^x;Mc z#&C6+^tVP|$H#iDkRM<=%pb2XF)Y_x>0g0LL?y4>W3Hzt*Qn-y*6})l^&Z_yTgxxg zIES~o%VB2HHDywF*S}7C+=*84Q=hihpX|55d*T_f+^(T+jH*z1n>=@86z$S$B3B*<>u3H`gkCc*!0_*+k>}Bt@XQPstcEV-kh(`5JMYdUvP;lmbXpFei5dPrn*POiz_HC3$rC%! z$*OtKQ+K|*@dkZ$I>Jr6Kv$ofYFb^LiLlq*L`U=0v1rpA6bf}2)T5*p+Ww_R zZ>nxp({EE}C0PVv^Ezd=FIp?`Y~a&7j397L98fGqbfaL$(?aIO0;@dktf?RQ8pB-= zyU8nfnRxU0sp|7^C-v^a&(p$XGhbYFQzsBlz8AI?R&=yWu!;;sPuL9=YBs$K+3AVO zyJCM$eTX_y^b>uH*hvjSu;fs$Abnn6aPf*diR?W4_2{hjdeTCeyzK*LmKOOFx4(AL@AdkqJxnC8@>LjeF(m zV%l45P7onEQ4scWSM21*`j3>nESaN2H$Cdz(yybVlXDq2@e;mptZKB#(u8z1mtR^9 zjv$az{E6qe@#n9&QL$s;Kjizqb7syra8?UGNDIleIHTCilA5?{W@QK~GC7d({qi}J zw+eXAX+Y<|_-UCbfq*oiLo}0g3S{`Q6&8;>aJ=|DA=4So z=^hbUCQtT6Rvfi{+ZWa6Fd-@HF(5+p-OR(^wiyWxGaL___LW)IXQ^w^itl*ELggHgaxs-FZB*&SNC6i42gxs9;B*rz+swF~e=f&G4VA2|!v?%An%@Q{BEwS?iZi7_`J}uhC}sF1|&6of?HgM892k z9DsMj=4x3mfOmz@Ro5&ovh|wjdA6W|mEzP#saqX!KAAFcqobDhhOrl`5vaECmNiG? zqQ6K~yZj~xCBd_0si$&M%z;4XJOAXiwuZ@SLr4ikRa(|8Pr z;`U{tyQjj5OhiEn2ewVP${|XIU2`9G3kRTw=WZboyrEc2NO@CHn*b#T8Og~O{Q9S= zFP2O6Y{?@kV57{Qm>NaJcUPaP$sc(w-9CTmLrKihD4W&>?zVa71fz7O*phcjHkH9r zWN4N!MgL$J#2oUtcBUrf&C$ROx5?r>VOsqq*rbaNWU@Gg`|`@q>c{6|#;_xBX`?H0 zd}2$6(Mk#|8iExJ==z@;)&*ojNy{+I`$8%O6w%oFc-bwg(z!)=a^)GgFJiHJ>=9zQ{7cn?z|U< z)}97H8A5+n>OA^{hWbpjuutwIk)_atpD9I($vIl|~!}-&R)M(>o`O4g80Xi)zb1JpA_o0(BvQxZ*BNFLP zZ`*0kEBZ4MpF_tJwK=Nt<}RzBE5AnRx>R_HsQ&nYzCMRkkoUlZi%7%rrWz;A_Lzvs5`9;8RX?czp=@Qdl=%7_kYOyD zexx!O-S0J>T{b1%z`4b*&&F zdChZgTD3ZBGEICI>ZTHdIbt(826-2}qgEFqEB)d#+h_-0lsW$#awxA~8IN-?d3ncX zJ9wSLR1KPaKi~zRM0b72V3-4sw)J9FT@TRXmkd!23;BMt*^KLJQuEV@#*-s`GqGJR z3-8DxLOKfFe<&hC+voiDwx%l923fa1Ny5s1zEQU%ulfWdevwBTU!dSw=j!;&D?oDh zSeT+V_G6}sOYmFIV_JL#Ar#QcbvqehVfrg6<`x{%&h*0PonAj7Xf1wpMmfIN6Fn^! zem3GJoA73VDg=l}W(AudpTjL?%d9z<939@n20}^~&ejIq^S%35uWOtG=K4Ag?(4Qs zf`Zo2i4Z2=98;&dGo22;OL32X;53X2g4eQC`G)svF`mE)zATefD7PiMyG~H2=AibO3NQIJr#2Ye+1cz} zqg`bpr8{@(wsXUEaH5c0zv7GoSh)c)<2D=2^ zco3k$Y_JX4NIBl;N78T*$XJzl8mvr(ntAU8cQwAnKBf40K&-wvKBU3;9s9$hV`k$0Pi*Th=6| zP%?Z4@R`1h=5B4hGu<9##xsAhw%RldgsseXFU@Es`V}TIzUu0%U7egTbIvsKS*)^2 zI3AoCe^$S{GG)w$(@9evT4+;gpzpqAC@j2s_DPz<`v?u@G(z!)L=zc@I(NsYElm)z zZo8%btKzF~(Ll|l{!$gr(|3aIY}bNJt}w+pMee{-ZAg|S>j`^?>vs;E2?JZ8@ujSZ>blE#lijnQt>PSA z=XzR*r?|+}YvcAa2QpIqMNZ~7N<~H<%u@HOkJ$sQ>KRx*E2!aHqVnZ8sUJqi@=`=Q>nMg#1-R5tSpid~q$v6XAW;_0@Zh zN*ff^uG=E6$L(xHIUNC&u3=ivr!mAgPV|_sK6Z@#ZTT+Trf6RYzuio}`mSmE?vu)^ zSvE8erCRpu#*j1Br;zu0B^pCT-}OGb_shX++hA}tW)Hpwbbxe9PYd_ObbaW4JGgkJ zwwM-Hsws=TOq-(}(PL>B@ib|&sp_h=a8cy0-xhu-XTDje&8e1K&V8{|>Tc5&pikZk zjcfNQ^N@28eUHAxj!cu`pw4PvDiV&5AR_+i*^S9j*u)xyEI<53FYcf|sTZ3J8{d(8 z-+c{dJ9xyotRqDPl+SG9kyr}2vmwEOr5W14`U-Cf7Srr2$feXyBhzfi*u*x3TC3Ww(->~xNZl>NDL&g9cTPAtB;{Eh?iHli?SIAq19tVf=9 zq$kR&9n26FDXiDly)JuqH7Oy*F&b8{tu0xfEbQ}$eJ3^d>B|y<0uvqideo!3FRtVE z(f%TI*US3GU_7E4SlOvWhmG~*M3>(gk18)JQFX`Xc{$78_WX(3X}4SN(?m!0h9_>` zl-ssPEdNjm8R6X_o+>=q%Q3y56RN+Q=a5BP06B=v_Ioa#&o6v^arz8$vgiJ&I42qi z!d46TTlI%$%jOa&<&s-JrwiBQF6(`=Gos;bm!^s+&Wjv+CP+KnMr@zxKPT~FQq`N+ z_@~Gy9h;Qa3E#9Qi1y*j+33cln6t4*ttgCr>hd?(YTJU8g`d{#ZsgAv6T%IVJrN?C zH$RNru&&d8u(YbQfzZ8++?&;cFQ$p#2v_X(Mg+sT|NOSnClz3 zxk#nmhNo+{_uHbQyE?UF8n&bZRqQolqnJ&7@<+w@QnWlGZm)YZU+bQEEW8u*oztH9 zxcvBjMvWXu3LpDgc$suEJl=1)WzC;NNz!SRu0Hj@_~BcfufB<=#q=zN{G_0`qC{V- z9@QJ)4w(vxts+?si=ar>mm7)#@F{{^nkqO6}H9EK#sx{@(Uet%y~0X#UxTBShjGM&vcrV+$(ZetT`hf5xz zy|15o>F^i6^%p~q#8if3e)^rjE|%xcG!C#lG#XUz_gQMbr$pf0O5XY+wgnxyMwRWI z`yO48&%Ian#TN3TyRZd=B^dnhOVIh{{j}d^;3jy&AoT3q^>)I;7G~HloiyI57dy_! zyOvDWin>iQ*P*ut=N9&O!maL^{YNP(%b;rBscx9nM+(FU`f`=tjxa3Wv7IU-d}kiH zE=(0{yUB3%1q{&n7KF#_nmNolNk1ZASR%}jc* zS={>&4ZZkjyAV(5XABDCL|ZR**ry!rk9|cB8d%2<`}U!#n6ho{X5qWmC%HM*+Jj|S zPCr@GLV{d(PNW>u{Fb<1?v1UaY}vNeLeZOFY+Ivd(fYVt%;ppX!C$fW5wS6&DhQOL zN(|eb%mkh3^dvlo8-?6~)P18jMa`u_v}1p%BEnOqHwtGO>XeC>G~I2zNk@#;P?uU= zZr7aaDReCd5bKsfrF&QJ(R!HPs``Mm&8OQLE8yKi$*+pYNrdT_%3*)9O>SbzFBIgZ z`o;5x!cBf9RYP+|r^SGFfN*n0yC)<|hXthATbAs!%r+0&>5&AxDdIbjZD|L`;ZPRJ zy}7X$7QZUUsu80izvN^WjuSKNX7uPRx|ID^;qB(S zt&OmrvByYI_73;-z2Z;oWY<4q$SncTTPzxq)i?6H|~?|w4svHa@?1PtFIG%z#y z%-ra9;mM5v@4Np`d`!pTTMq&(fC`?lPIu`+S~Y;0ngx8== z2sSU{(6-(hT5p2&XKH71`I9kUeGxZv(p)+t5Y0=gKZZONRa(d~ExR>j9WcxR4n1nJ|Q5T(^9sNX;Bq_SpCz_ z=beTytCgBEF5`FLqhDW40kt4wlP6h+WoF>Gu)J~47q1LT(0<XJhRg|mq?sZU&8QD%ov z+!@Gs5^3hh!4HlB-A5mHUbe+NuqCx0kyAzq(~s~b@{Byxc`@%~Yn%B{{vTCkK^1>T z(Y<)d!1I;@ZbHdbnYdjT_M1F5f~dX{4d#8_I@KaGXD9QOzpERO0OjzAJf}`yr_UHD zAp1~{3tgkxUBE6u5#c%FvA!6|DYN=*nx~29d?Pk!$3~sws&jaLx%#&?3#2Q`Hdu#~AygNb`_~I*eQf zmx2V6^HOvCl40#Q(=2>$qjOE9HkW<|(!$fa-Q5imEg@tZ*EZASW7ik1vB&8>li$mn zcxptusi)EEV+!~Ejz*Lw;2jFOHVXAVlb*I;xQ$3Y>yeD}7i@kQD)BiY-YEWvO(F#7 zN<>dCmNUi_a1!hC9^t+KwRQX1;kUjMA=g@fS zP=aitpDdbRR2lHF|524v<}zEC3cQg=eTWUsd5|YpU4{?Sqc0obsT7wyMZY#>C)R{$ z%kc2`{&*E(O0O!^7F~|f#pE1+rM6@9SRY~*HK%h<62;yBm{q3hGXWe=hYbM+M&y?HW84&pS~jZ>!nJ4|(j3y9 zx7QaSx&w~2v}I9sfo=I^s~4sWR(Qpwr@_4WxF#?txfDmyv~~ZSL-xsAD%NEMp@3&h9X+=ep{EgO?4g0KpToZ|30iy*9iM)y0b=OZZs z5SE>AT6(S@*$2N1;HMfvd8l-j^W?_$TIZ}Km%y>)_i-?&HV{^~It%a6UjAcS@@&{;=mM4-H}f?>AFO12zc?HNd&; zw^eT$9#$5Bx}p@hV)VB7UQ9(7W9U0DZ?4T2CR>P72UdNXLVTl1MiHs4)rHo8p!leG z?$}+PD_^=RW*3T}s@iP1BjYh|HZ!<9ydl;yNcQ5a*4MiXq2m^V zgveEaPTWGVk~N2{Gsl4E#0O6oOL7nJE?cH%D>}1n5Av#;6%YR)b`HPPV})#Ungg;? zg{37(B+%43ix~K;-&XdY{kEq9Fe8Nh20zGteh7oWtgwBf?>p>s1X5z}KxL)x12yG$ zmU9Njk#cC;CmhGs(7osH2o4Mu-G^QB5N!S^KrCZ!%;PI&Z_CT!On#N2=^xc)6noQlLpT1$c0fG29SCt80twNZr>3VkCVEqIgrfyMDirwZ`^6%RGXbW}U*t~N zm~de1$|-PD-Pb5H8xW!fyWj8c1)!6G^Ia`aw~aXSN2M{(29%699~Y-oM+b*$*-(jC zJ`*E|i5UA$ZF+ibV9GDfkJ_H;&glye=mvT{EX7&rfKH8$v*8y)Djw9s9NULqyNPy{ z=woQ{@b|>;Zu`mC{octHHhu4FSI7tLoE+wr zhQHK@<`OYGIJ|tvTJz;x$_d1L5h(K%aGx=<5Zeo=r}8e%bJK~1@Ax~N&k{Z}Xtxv{iWs^dIpw^6MM|_#!DzkMZ*Owiz0WjmcB%f zm`twn{Qv_v9TgkwsdL`%BnZf-y0yMOm6@yOlLBQ_!~$7qkH2_z(0-Q0n08#fSXq2- zuZ~x$QAXAQ;VD<1BCH4wKNI91WJ{Gi%>i5sebLP1D+_eXR!yqPVFfSDzxm)`xXKlZOFRvT82WOmj-SwB& z3UHCbo=M6Cuu*45{`mbFK-0}}`lxq`l=c^5kI_T6sySIE0;so6dJ3pb2|(~8NydxN z_Db$OvWn$n9mamKXh-I}a(ZXtSW#@bT&6F?-DI>a^&M)$nE%6)O$D1gCv*LiIqI6q z@(v(#;f64Y?rT_BS}IF#!A#tnlpXh(^A=t_Mpjrf=c|Em`mlfP!ejs1Mg5QCw>)&a zwR~?crM$tP?gx593o2~)hV zXT_0tNho>xHhf2YZF)1_mN6MBcuF?1h9l>RW0r>Sg=lbq6yZM2i?|&1l)+@eY3Xr4 z1 zuKV5?*bm@>G|H*N2yHnz4x(x>m)<;3a;0ozMAb&CMVXJh=^wWIZ&_9-BkQ(Pa}VL+ zA8xsyJby7aa<9xqC9Bj{Y5SfRhxJeRGNO4U0c9)8Rv=t8=`D*AF?0-73gnwn-$^To zPaV+d4|WpxAPxaJwG5QnhCm$38e@J|OAwI9tdsLuYvQ2MiY~j)D~bKj=S3WBqumxN zVwpDw+?sm$I5|PC7&YkGt@X63QXp{8X;kftkYgB*W^%Zw9^|-?o|^C&QCla%>ie2O zA>eAgI_5G>>-!@JTV?E zMXZ(*`IuShyT(Uib1j;^o!B$d-{pv1g$&QH)p|Z$s$Mal|*h4WAXF! zA_K~dB2lNMqZH8?au585628>#?ONirtzui-+68Vdaq6X|*SiIFuOq(j%nN;pV0()s zhl@L17lw^aD4IMwvA0x;$gYZ^C|~Q0QLaVZxjPJ8rsBsej6}On=01#-ZivIFa3TuV zpZQB>Z7&M%1i~`f;qCOpVXC_qUo8a~ruV<(7Fw{xyKw6+{70{CEtTl>Y`Dy94CV3U za~pdyru|c2G+#`E5v!90Lgdt@o@A%tt{(=N@RD-Qq1)0&@pKFsjysuGlS1iX@2mB6 z{IGf9`C|{D_BX4P4epNgk9jdP0-gOIMz5)(pn8vorlV%wa>kW@a`biCwm37D+MG8|>9L;*c9X$LsK`xnNe2yi*e^u2rTvWxYCBFU(qc)>;KNu5r!CBl zna53Tg?vRcrW{-EaWSTrzwhR<>N}DEVvI+q2 zRXQREVU$5uz^-nQU^-|cw|z=vhlg{NmI+PX;K#6d{ViLry1A)uNooMpMt+K*;niK~ z%B$KqbakFtHQ$d-(!txyF8l?eopn-suU*5~c%hsU%(iF+K@mhiq)8L8Azh?5r3gwDlp>u-69R-7Ae10VQ%Y32G?6B~hhC&b z>C#E)5h5kDP(ptn_s-0n@y^`$_x*VPLX?p2oPGA$d+oi}7N5}FqD`dY!f8Fu)&iLr z?B;&kC~Wyj<6^)5B4XHV;^*^umwEF|tv%6#rRMx=b8yhN!!XBr#hWnn)eEx{m9<|= z|LA}C?J6vKKz6vIapD_`$Ay`ra){(-{VeS+1+So^1|sZdZ)(+HVd54Z=puvdmJCCc z&H<3!cXXz2)t30cW??mMsxsuRSzWHZ_xwo5PmRP#4kT2xyF*H05y$&(mE+S{d7;os zm7}V_XB&zIV#N`QZ+FVo3(^GLG|!%4+?g@jffy?mddIHFF96626A-3mheZ)MqE9p! ztv3nBq`tg_c!#{|=|s(mi*+#iG0obsquLp!dU!sRP{TaY5_|YQT;{Xbgl5zNug{OJ zr-yBCeEWM`f3U*&%0&yWPufikb2L1SIcjAtBoe4*f~3@n+Brp}0JXAKzvOk;cf%M) zg*h#m!8dpCkvV6D`47N9Upu9Z_ z|FIl#YAarJ*kP;NLjK-a+P3JUF~PnSsfa(AhJU6E{L3DisT0MWU_+TeUwS&3?uO_1 zOEgvVC%-jyU6mI`)QHRKUc2*I9s!0+8jX)Xd|}<3Lt2@7)NU97dEqiNukSF|DCTq- zhgb^XYYB<}W^$HIGF_SWHWEM36K9na6p@FHA5DXa8Jr=PHr!=ixcVbMA^w57DT{r~ z*e=&3;a4~QNA@3d%)po!xF~t&Qk|LI^Vmx^Nz`K9>q$auW#y^+Fn-|`VP zcHt($t5)xZT2jV~%4MTm^KQ*AwNsB-+8EBxl`@>+L~<)88}=`Xqn{30#WtZb*nqs~ z_8@v~VK;uo@I&A?3FWS>P9*-1=B)oPMgINjSWJlPUt&V;R6kOCBcd6-A8uDgm^FX; z>C7cpQoB(VRP4K}-aEAEITDNFgs#RRP}UnY7ZzG&c8zwYcI5!kkQxOE&eBI}eCbzC z5EyU7F5KYckBNRct9o+yGgj^Q%HV(f;b{Ps3ob3oq-9}+ejW6%e~@Z4E_f$lL1?_5 z2$aPfF*e?2eClK7#-47gQ(v0;AVN6_J8-~%w4I72mtA=B!#x*_?qpYqGo>DlWw?PZ z*6`=Qi@$sjQT^{a_#Zp{CnwFSZ8_=s*f^3LfP?NhwDERmC&>)vhGrPMnw`YxRSqsr z@lI53#D`FLfvp?^5b&vcz8S{;Usma-lYdotL`Yb^NE zanWrggNwXVyYu92cYNtZjf%>yTp`La$l?%+EfQ`uyY{XjuMJ z7XH_x+^f|%Rh$rM!UyQL-R{WIurEtHZ{d`F#{tDlpQsp`s7&!ea?*#0`OwX7R3I3_ z`5(T|Uw7gjKzEdCx?6l7$8v)b*{Q-S^#L!o^gv!HPRCs#gnxH`{GMh1Cm{neR3G35 zm}U145WjHA^h!X7a#ZR|wWjQ2K;^ynbRdhnph?@yKCs|1ujPxa11x?;Py+?GZTUv`H5XRg;l-p6Gm~_A(J*U=+%@FO7_mQ{2sX zu@J=W99Pp_FB?P7*~Hys(BVTa$}2j#2NYbhrDAtufLd+s48P!*^CnR4(PSxCxc=js zz{(RTy7k6L-iP&m`QuKTB?eXTVy*E~N?os4uI~m*7|`oE+=i zKbqBT<089aM~^Dcy@2XsmvIwlyUxuUvrStky;2>7+(^C6UNLYEqi1N(izetv**akL zq<~nr;y?Y)f3^7wM#;d}T6fBapQMPJSG{3$Gk_m}bhH-F-X@nv9Sl{}KR!DvbuY!l zDh6|_r$nz|w{xzuIU_FIW2(^~{-HF=x2TK8m!n#Q2EsON%(u$#y9F}wQ>x(&!E9C#dym-UoBP5fyWW@3_*v6-Rk60#a*><1T7^OiQB zEZPOgxk=${Jk}S#>TzH5S(5{bD!3VS`ASBG62(dOY+?L4-y6OeGV5FaTTXaZCr!OzR)D3XTc%a)KQDr9k}ZG^yqeN z7(y)B=ix$IBy4GNR?3Mzkl-L}F`zYdKUIi2^(o&}V*Wmfd&}YnbNNH$|A>WX00P>y zRz5_Tl4|}z#r34%SM)(ep}H=@G}DY?LcAB+u}XJTUa0gk-PNn7EgWsgPVQ64HM&O{ zzIx({eNu&`KJ`k_Zdj8Z724=_pofEnlpT>6=Ia2>9xrwYbD)SSuI&KLmp;UKY7uPP z1jN99lHB>l3~e6gCuVZ)SnbchOlRibY=~4O^ME z&Y1$j^FNr%|8@Tl9#WUb?QN!Bw+V`rrXZ`KNM2HN{&e zofMI&T%FJ5?FfhfW*6x9=yBdL9`1(Q$=&i6uCsC60DtZk#aQGN>KHv}I1?+q4bXe0 zhdwKZ@s$eHP+%Zj(*4B_PygKj`4{{D_lkrmPcdfcq#Qa9XVwCaGd$tACpUc2EW0t2 zx&?n_oh<~yf4?dDXkLAObs9_#h<61Q84Yy(bF8 zMSAm$p#UYHd=s89oTEO?U5j}rZ|pq7T&}|Mt-Yt?zij^RKQ>-FW<+Xn!1jPP{@>sH zyH|~kKtb>1t0(_z_W8U2@Y{O{$65xj)0|WO@x=Z+8e=sA?kr2)+G8G-0j z5;8z2{h!|s5a~G9GC2DT_P?G1_=--S05^OMh!Fo%tp3GO|NBQkG06Aiu-(5uj`xBT zAR?M`%*IsfIL9SdiQDWIet>=&|A*enub*KlPpJUe-I#B1Ctv_L7+X0HFp9?hw4s1p zE5!r=yS8x()vh+RZ5I5Ywwiej(9X^dk0bo9KATN*7Jl%}Bwzc$sp#PU@_1o)fK{b< zWy$!bkoVW`c6<)ws)1z~Q0v|LFI@MpTPs2iL{AK7Uuyl`hy3Y1%LTwX^ttb13;+82 zzn->6Dj?=p6QPp0`#Y-krw{p)gYeHj?(+Ag05|+!ww)J%_c^{?8lm{7nC!Q|lL@Go zN^LTf{r?60#e)9-0{%Z|ftHh0n14FKm;SAHTz9y;h}8gG(Z6)Pj;U>PqrqOs;%$V5 zW0`^l8bJPdYf&}%SXW>WC<}_^etP8MH70amk}jA#CQ0y^#F-;@W_>-3ziq)&+A!VG zmY#3#Qmm&KYDKS$y-wlL=ZABn`{)oAy%Oz@{I)U`Bim+V%8Af;g1Dz?W&!MP9fwHp z36?+?AkZerH|%t|7yz_j{MKS$Bo2)<1iB7awsL?rhU#jd@`SR8O{PE0KwBN9zC>S7 z_WZQF)8nTgD{yxZgp^06o!Nn4Uk-B0B1x^p9z_dzfXxCeUp?lXn(hgDXO-!M^+S8) zE0&a>9DSgnM`S3T#8h|mWUxC|rXC9>U?e!ZcK7XWO-h2Obdg;0PZ-7?I@j;ajSk!Q z%1B%}IA~g7K4SgEJN8CG%+r*iEckE3_K&$Irq5YGAW}&OMuzBP zjBt@V=dABO&w_@ZHn)OLW%YVHfAHranXO~DP1h@*{TA#Ob5R~J!P3&G_KK%|B~YVhFf41NHR z<*Yami%1C_LwtDART57=zfw~@2}$4+i!e_SkFXt~{(HZzPPrbMy#s#O5AHu9YBo`( zBZGbC8)x+|EvL3?cP_+EoXsm~cvq1+dB`?Q<%6&zo{O z*s32)yBN^{2e|sgf!4z^MTJ+9Ac#3bK2QMaS>*xeAAul z>7=e*r3pr#OP<2mHQp zdyG&^sfCw!vyY#7ze0pz^+!_-BH6~&2v2_7myao;%jt71aznVzm2+>7CB3TA;#N3e zd*L0;ES&;rYHPa6HD&uhRfI)}CF zr{&D8B3j=p;p1$0s2M-n3fHMwllI#9xm6-{4p|mC^@#voS-`XuuSx@iMODw}tpriN zq@%>b0kmO%6?QIa3-k_OR#hM<;KJ@loy{hR)rh{q^W#<7Cuzgm(Xsk+zvb!-rjl&4L*Z z0}jVX?jFpKZmh@O9+x(Ox8{#Bk|1Bi!D1bitL%X^x$}q&-w_3~WQ*H)B@q@()m!YN zI7(I0TYwU^SHD=vs(oVcks>%f-*m$~t0^x1E-&-d)3!$~QVb&W1G9l^OEaE8Cl|Bw z3q9YAqD!bWc`dwZ?3OOe7j1och#c3V5_%+v$V=-6g3F=G`MOJ=&$%omDBjXej2tk& zSUQp{)3BNELWqlJS`6~~K|1aw&q6)t^ur8oshv?SS6uk=rtrowxeqtL1@c542w2Lt z1r?(7SY+A|1B33%t*8uiEoX*nLD}Tnjs+#O)Tzl}C;gjdJ+Q5=y(c+^U^Yb@)uOav zKfPF+!azmwi%qxZSj)qTp8qmXAP|kDzvTJAZpZbZINcdyeCYEq@C><= zTqdXXwiW!MYpd$cNHPxUFR5_yy@|D(m7=X;>lV25+o$>hq-lBtsE7{ybm(I0O>hWX zI7f=o=N1WuYB!n|G?%v%N{IIU$hA7laU0w3dGF;(!SRU{`le%9DV14ZJL6|9)wPOC zk*5U0u16&D4rmlL?YjPu4$2c|+L}haeMpC0Ph6V6u|4J+>YPp;h=las}@%M3?S*YFZJB`fJtXxi;? zo#7SEg}J>eioy@@EWVAeUq0R?N=n*s0D2Cx-QS;w^`|(>=~zG$H|Q?>R8-U-Ngc_-tO@m(pk91X@$w3Nno7-x-Ph1ch?NxPVf7`QgflvoQ=MBEb~#vP9AquvR>r13 zyN3mFu(JI8mU7?Q*=bzA!4aDR_L;1&{#SSuP;sLy?iVLjc=bY7{v6s;?<9(g>rg6_sH~byK<;SFK zmGr%x6@S*k0lEC(O`qAo73@!wdLh4X??mprG}`$dr3Ex|EUE4*_tlmX0CE;S9{Nz3 zD*mg#|5sjDbel}5{@&X!lmqOqEVfi@ zd#Ouiv3t+xOCT&J<1UTAwfS+i68F-F@A=b|_n>}Hw}_~=4>o0zr2(VYi;uf(wIisz#YuWY~op*EdUL9Da}QJOBnUZ zG?7T4zS-??<8GWvxW ziH*`s^`*-q@=TeJC?Wp$!Wp zd}u3hZcvS34C>3gttmK&?rD_RE=$qEGi^$4idn>-8p%KvhbgFxbUI=Z5Pqdj(HVqV zb-%2r`dA0YxGcrsgxy}-i82=lPAlstAG#S3%jvk3Wjt{jkjs)v%n<+E@|Q^E9n&Ak z7XfNQ$$IOSR;X3Kqv@A!rZ2*MjiZCvVWrA_)s?y&U#M78&YVhk`TF@}eGg8mn7gol z3%$Ov*64o{D_mo`KRMw^sZ(tp=JJdh^eqnUDb_*FLcPf-7xO@72(GS&sn;;UqP{7= zu(zA{EDi&cKGhKuEx_P6xF{}tUh*hZb>F3Hg~Iuvu#IfO*zBHc*hm8~NzGHMkccV^ zgbcJwGh4y*Yl5GFFbLb>S^T-h`O_9Y7DUyl?jA1ZP3+Y>*4*8E3ytwBshRZ|;2F4y zg|tQWVW-t8H!hjB{8S>YU;&n3h27PYh1eQ^;&7abH4m`D)nTGjc#|;xhHcWx3om`U z9ok%z5dxS3t%=DgNTk|i{oiG3no2KdvLFw|xg4Ze+|$xavy5U+X+g;1LJQ|9Ef?}> zp3GQ_vbffm8zE5w>v5Aog#_lXo#OQa;$|*le8U*-i)kXzvoQ)SsOh#I!csx?X5&)Z z4$W_|eJtcxxD4TlSzmSJ_|-&v>Q8-;X(=@%R~OwdNoKMEf{TfUo0$Qc?tVLmg25)9 z;$Q4{#rO-~Hj3Kr+_LrAvOKH`SW>Q$E+k2_C~mJ;Z!N$8EvO)2#9F8$Lr9?XWXGD= zv%$8pt(cVx5@PP%iCc%HpcRvDVOs$t!EQPy-vCluY5<`}{;8?|&jBluM#Pc#fvG0m zT9^f%_Jf6R=3<`>gr@Iyp60Nc{6I&TOns$2JBu4g9yySN;xoe&XQ^89lFQuNc<2(3 z6us@}_(vhh^AcYuV@~AX@sGh=wWKUlW0$%Fwm(VsiPq`qw*ZNf*poJMZc+Js58_+c z_)5POrwxW>YknwZ`o?M!PZm$k5!d_P|0H4LoYM#<$i#8{pBay`%8mjV0rRoPg7(<`ISp#XVmYIpMU#;;?FOOB*_J0cyHMh zmr+MZz1tt+>C=zFrd`&XmACPpneIxE?1@e_bLTCVJ-zml(wzBSakCN;rOf}fDAI;0 z_2V)IgK}YU5U#1rq3b;D?*HX8Z5Wp46!XC%M;7+2o0GkEL1NjiT2S;xRONcI`F zsw1NIahp{v)Z_8P=fg@5ZDh7tr;Dj!W7W42mz7Fz`4K$BiUp7`vSE6XTPH`JVq+Zk zP@?^NaCIohy9jXmFRG?sl_T@ zH%?5)^NX}Ux3ep4SK_zwpS^SH`*lle%CU7PcZL6UuP^!QU(#iHSZeT*`f8_->#SYi6gl+2dYxmUptPb6L=$5kuI>~ zp$B~nO^Eg@6B(cNSc(`r`-aQRK-Heq6W2k+ckagmFtdV6 z9-H&F(RxL(XwORtX zt-NzgX*}7A4ct!+bX9q8My)K+ZpV{A`O|T@0M>eGy;94H85P`;fDvXU@hM&?x{okd zp52Ppo@8V_3c1fQ%=v1gj=<7%FG(!qS)HhANGgK-lRoJ>m>pt93WoB#XVCg&*JQu1 z4~;_@M8vz0nEkmGig4nsS8=Zj!%n~Slok30a&mYjecxLi8y_sst}nL$R~bzuhDd*p z@RPU8#EjY~;K=->h8)iktIe?sa=|u87KcqAOvWVCiHP%GkR&>qJuFK$*?^kKLie@f zWz>QSa!F0%UfQ2uiYhwIhgqG@u1sjN6G$hcIoTg*x znTmRcwJ2hmM&YWi-DiuatGZk!8mEOCzE?|f7?ysHHl2?0`!jD2W#`5J)W8okivPX)6y<89^PiT z5>kF^yrA}~4j9EX5!)p!yc@}HU4vQolm$*@N5ushbe#Vjun1L_S$=6>{$rvQj!kc78f~3CBpDvp3%psQRgEa6&=+@HvRUDBR;i6 z2pF4fBOz}aYnUY2S?C_|T>&J0Jfl9Rm9Op}+}!6N0X)4|N|l;7B83v&0U3(n{PrL z?IZe`1)faHD6qN&H!5RA)0oceC!Sy-Ge7mWw(CzgZ%?T_K_}QY6od7uGkeR|^GQI~ z86)%UdeS~j?@6I-5JPVd{SeSrz5K`+EW_3 z+QLdlP*Q%84SG!3R(6-IEpOPbz41Ek2{_|W0<R zSUU2qWH+B{6;1vT-ZgGOVV5{`X3g&_%aUG@^ewzsNd#TOz?bW7{t&BW*D;z6|66qm z>Bt}4Pwu$p`YJhvzNmgvNL3N73F>r(LnNUM2oK zJWWpF)?s37nav2NzlA3tDRTra*a1fMd6)gfAr%!qxXksOaV^1zp3F{UWf33UxfM+( z>chI*dsMaEtTv`}si9@&Q?sK5PXpqke0|)8ko(?xtNRt#5Q+t9w|B#d%1_gD&PzQd zcd6SP`s{s7{j{%-|HEXbN*G)Z=8Nuy!FY#?M|e~$J!Vz&tBPV`#Krfg;g(c^_qJJUycEj9OptO;TS*WYjm7lG)adx!s zLQrSg4`wM;H=&e?W!O;fdZ!YuF-IJIpA@<|VaNBGqg9o`Rsp2uVoJMD; z8J$gW%n>MyBDo4AW*dBz${6wR?dUbM>k~WKv1sf}Ik;iVX615$8TM)Yyxe%E@ZQBz&@;8^HS&AMou1wwA0z5Y zy2kx)?2c%Tv=v%eJKmVHZVaWfZ%Xyy<6Pgq(7%(R!4zB-D-N>#B^>?DkC6DthIFU| zOl#^l^{=51W6K{&Jfw&6-;>Zk8(58M+aJkjjI0U~*6(rSTpxaZe2(_6eO#?{nNf5o zL`Y@85q!<3v8X6d)H^#CUhtBJXF8`sIzuVxt-(M$75BZc8>V>5o>Q)2=Ri&yO8*rT zU-A#V-neVpR6K4iesBx%_Ku30n`hJoM|-)RV(Om9iD7}ob{UzS*B}9Es;gQzo*0s! zACV*rM9VYcn?H?5aI;i;?4ttEBV!(&EVmk>2np4M`~Mwz1CQ$T>P`Tc6XD4tOi%-6 z)en^5xQRsL}XKUFvA}8&!84J<)2MdL!p=a#I z313ee9=PUI+>?(v#L)e%M6#=H{Q zE!xl)U&_y5F%q}~Xea4`*8u%sp~c53v23$+GY;<0QH0)xo3(C*&+9ugIGyP<*br6& zh+-P{_BQS%Vn->;31Y_|EJD?T$s%$3DFAa#h0)M3okeR<&)ls4hpXz}f7b$71|O}$?ajN3%?i8pq1iFC zx#sL7EIX3lut2l>;F*hA{ea2#6ASFN(O*rgQI*~j91uIbK~-e%e0zDkwEV$gMS-J3 z9)nGi{j+>0_6>VpM{jIV7VW<*`Z8eA!hMPkr~P?8adfR;4Qd4`47`t+x{Ik!71A_h z7f-VIw!ysS2w%1_XNibZyLh-x^D)`AnRt>ny^K)AYIgAPXe8I6togK8d3YVWq;sO^ z8{w9LS>yLL`${2GZ}FEib(DQp&!B{Xo|P(vx8^5tS}9FAbF-|cgd6tV3^#D0I+YJ2 z4jV`_q4=di;d`##9HG85KqHv!(xp#tyFD3J-&weZQ~JC<$gUbJjjVcjkUguOl|rS< zVC;xkxE_vpYvA(kom|_k&Y*z$2|3%^TXfc;arI)tp61uw4Qbib7QPg0w?>P8o@LEV z6;0(J@@{$6#>6Y`C|BVD>0zh5NNvUV)2nQ`I`Fn22{8+6Ubx7Y?q2B!2c4Yl-<=m3 z55RaPuwKQm5V(K27nZXt<(>#vm94w8J75X~P7W~B;z9PKs6rd7!M(i3tkks-&V}`h zGzqJ;6(e>_IK#dWtRo;b^UE#)5x46@3X)&Vw&J$x4yfi|2af%CCJ35A`H`ljzcjZc z>~8Y-17(`|>>5C)`%xNLg`6Tu>mWeQOnqfD^i~Kx!!^t;lIy|lrdVo5*JSISz*o9a z+q2#;4cmFQOzXTh6V>BtFZSc@QheP@IAE&|nk{+mc#dJ|*9{<$Rt?POiNAf0{6Z5* zeeAw(yH;0Mlxi<4`$?xSPR|Zoxn{jSf!4pVI||QYSl?wY$FN^)mhiRL{K*180|Jqy z835p+bsNV-CqDHAOM6%sozDzMQuDIe#{rqqNB+DG)ow(t!P#^u&d~nqu?|yZW1F{?%Xmk2AQUamypgrJdx? zW{rh(S@(W?`y@U)Vr3YZ0u8!0@stI?7@hR4&T~Ndn^Irc-!*HYcb8FRy?dhNNI<3Z zM$gOrfr9u{clDl^3giL=SN1zg_d=%QR5vb;7@v}D4`BL4XWgnm?lc3MePv1RvQE{q z^fq@aa)O#)MCH;<%%`!occPzX$lRC5YbwgHdnbe2ORh`IqRtj`%2FxC(@kr0Nmw)P zZPeJsmgIk|Ul;>4G7WnwGr+*b6vAvplaOt))D*VfDLAL;H0{Vl&n7lEp*y*1*Ds20 z(|sXL=s)ET&8uh@*(q+06N%YbQ|h~)YqfNEB+_)w7f+ey&IJl}`%ys_vw2Zjk)Faq zj98h>m|J4Y1<`6$bGmMswZ(W!ng#2g-Ld12?@o&LNYn1p@Tr6o=SIg`g?;AKuCg%1 zt&rZH5OaUUDAuzY>odpdPfUP-@$`7ZBo~lRar6Gi@L~jBCPJ_sHSD#-`pcdE2c+YV zy9D@)EQpHcQwBLQ(JMSP+@&L-A|*MVj3&k^_wIb=nHSIZ2t$&Zm3)~#m5@w5)LSQ$ zlcXKW#N9g-nGgBJn7^Am3<`u&L{?8JWD#H;MU`|c6spXe1{dI6(a579CjtOmS-VcNc55PqRv;yiZF~tCK-8AcJ<9O-Q{p;Opc!nhaPs+G@x;$}l~9XRtlmw=bQoveZT`J@9r2whXO*JVo!(?I zeYqPwMjPZHL;U$eoi3aGoXgrv_olKz=9C|!*h3eW?N}>(L1;UrBs^HUeE>1Arg3l) zs!bbiD0>cULY2t2T~u)Pne5}YiPqtQ-Jv`t(SnB+h)lDkr?J8g1B+dgQ7$0NWNWPx zc64rU7sQAN`<_r(b~^Sr1>PHeQ~dZjM~y;ZyGQ4c1e?9aKdn=xCpk6JoAs4@aorm( zhkC7CnkBwcWE|yeDy1U^&kPq=@%iikMJ^WfptPBEzp|fK*K_GKXt#uRJ3jdMS?QtE z^?OC1>rpSY+KcHGub$0VN~}alXYD86f@yD2h&m0x+iSC%MiM3TGMUOF&2cyHX@xT& z!n$x6NzCUO?6U-p3J|8F5F~Azo8RHRpQq$*(vVE^_{7yZw<*&+JZ``!tP8ZCz5h&> zWa@W8q}40OZ$!f$tK~I=SsqA48_ad~?uU=3va;(F(rKL@9V$zBL`M{!G4;T}qiVy{ zHf7=E+TIcAn$~Ud5}BkSBJXDSKYB>qm8pD#ZIJ>P`h3?W^S*JT4UgpIlQfO`Gz~Sb z@;y!1K*G?Rkx9O#1o!>%v2MHuC4Gj zM`Vn>5hs2$M8!({a4B3GD|6Srd<%usJy_~mtOA$MPQAl#etAnwMX6$p;?@J}c?O;) z4~|>skKg=R28YwdhFC+DIm zMvriXvJIz-v{j?-`$`q|EswC$?eu5rbakNi6(%c|fH5f07dv;y<|^vHRLB>iT0L?I zLoAaTe;expjw&|xMH7yzEdqc+;EgXH#2^ABJ%jI%Z|IzBtGnaC=VBJ#1 z-jdcstVixkUiD$Gf7Y#oFDB;3g(z;M-s&#@DA?gmj*EO-0&gHxu0M0RE;ne9B&KiU zhyX`E4=8`!Btz(%lfcj3JS=z;BWkDS#EJBYungS^IPrCPb)wWv_~lBDZ&~f%;>X9~ z0trAxJml^PxT}qQK_l}IK7dLobR?YN zRE|_H^P4;LUkbY>@!rm2uM0!Y*T!`)l$SKq`Kc%H_HO#9jU4Ny-)l8o;_WTq<=VuI z!JgN_lekX`wSNux4ZMT4uWeNjoZK| zl)>Xo*4(;Lcxq^^&URv|OI1VLyvqDrDy^l5E zQe>WLMN-7^wg4l|{H9Kegd7C$tU+RZDh3S+e_WBjg5tqyccvj|kX|br^H>)1I0N0~ zOZ26#wK@z|Xerx-!o;TZ%<`bAGNi6Y;kokRm~7dBoSz|$o;Br52^nM$&ApsgS$NV1w|r*_*& z{>$5&47<1Ri{e3YOL_eYF#M@G=e87_uW8zoY5HrMV;>gx65VP(#6mF>2Jta;xWU6! zf9?tu&#~*1;LV4!f1nw^9Ja=32G5_XrZQYe`coxRI)(I3Kwu=flk@5B_}X*1rDwKl~hDZ4<`kqel%d z;u`bW8R>m)u4n}mv_D-MjSGX!UbG0Bap%Ce5d`1n{v3{(JphVa-rqWIx80Owy#E=b zV3Zw6hJPYi(UflAQTZkzOwC4YFjl*t|N7vLNb5yhkHX%P+pvIdPM!g{5+&=d)hGlF za<8(viFZnJ%q^?wf{!{@yx9T`@5yjKk=+RQ*=-jKK&y;;nSlwW6q7@z|A&7}0Q}=Q zbm1E^Dr%TNJa2TjR*pGJ()hEEY<}Vm7nrBuo01;bfBfZaBMS zch%Y$v?r;~#pA-`wdK5CopV7;!?zZ>Dn2!j!5;<+F9b;X=2*ApAk3=VX7i}!thWW$ zuAfdft8vf2)+J*r;I&0>zi>{qyCNGJxvmVFpjLuSbi0*Z$Y}yGwLkNEW2gB{dRKHX zc3|>~bD^Db-dea^fmP=sU$JZZ^%2{1pc)UY#(Q&T374CAer8NOV*g)Y; zym`iX1G)r#QU5TazRx3IePZl-elqcKV_Tu`8kmh_{!amf6c@Py4x$E%r<{r_w6^XG zvS$8dtRC_4#S~<3i;y}qzL8ApbJ;bwE`+%w;N(H`Wq>xu+-vNq_QDz%74@zTp#F3O zx=Vde*>H&+PX%LaG*<=dRgAL1%~jN_KfY&C8HE^+J$YC4ZY`6JiYhx+T9@GL#*xb7 z&cH)&Fftg(O&X?Q_;8Dvub;8yz2xu3w5xLBv=vq7I4cZ1VMLpXP(RnM$#}Yf(FgVxsm#lJZHAN8(>2^zf zLPY+Z`zBXy&0Wn^mu$}3vp9zVa%3JToT-bjOjey)SBE(;i0ScJ%@ntDKN8b8hJ$Kd zz{NGh3cN0}hnwHl~O2O*BMrh7ww&BaQ@Oh_xy$L1w3YW{i_Y9R_#b zZ!w(lvR2d43=er<-4ca;?qO7Jh_rg_VVg;}%6^_J8_C-L#yTB*o?g{5x++2#%szq^ zrkIRMcqVr6Q71&a7Sm{S`KQ{H1Cf~Qvt(lj_PnYniW_Gq{^)saVihN&jDNQBp=92( zb4}D{bu%N@T&AMNIRv&_%*VYX!fZ;nC}))j-y{bYvGmnHX(Z8MCDmHXCaVV3%Vx$_U@^+qb9lfip zSkyH_xY_uA{F$Jb`B(K_o8_sNWMV&S8C>_kCG1d z?))4)nP`WlA1oSnTx zV6gu<{a3h-6R-|L*H>v)8jcPdy7CXVur5eu-~BbT8nLTZiX1k4rGjrf=0s5s*K8B= zPFudvDBo>6QG`DCC}*6RvT+$w%l*G9@bH-Ko^sOT#U8L-o~e(eLT5Zn!%jj& z)snCTgUS#C1$y7#jzV|e|65|!o49U4Nk;m_%k}BVc*%5~(Wh#T?y)=r20ZXcQKTRG zqM^i|jM^fpDOy_0PN?wKsm1P&#~Ag|4ZCIOcrP%AtaQrIY>A+3zF)mX_%W$Y{K+&x z2xae*)c?bQm`acrD4L-dWEK33?JB)C7u;wA%CofmHj-h|>T8ON3PYuHVGlM#kCb;N zA+f0_4|NXrQ9JPV8P^D#u9xSH(TlMYIyV*8SZ`Q&KSZcBbU-gV3e9tZwepQKmlCUu zv6@L*-Bn)8)-HpKs*4>reZ!C1YOWV`ZDs{~tP}`xko%jNU)dg16tWLq<$1JM^I9>u zH|4Ral99HxYjVLDiwvZ)#Is!?pS&$$;+ksF=oV>;B+|~FN89vGItGk@b%~S&=cbj2Ec6`r-}D9|NQe`W68oU zw{WxrZBUr|;lJS8Qr6_h3YasS!xk3w*MR|=yrIVvGWe9Pbs3RoX}{oJ9R`$gfIDd5 z-PtW}GQOFs9*P*1kDN{|VH$T&h@M>&0yzBUadoeRVM4c@hh=siZi`ZOKSpd6J!|;P za@U=cYry3sQDwR~!_9OB=<0BkBZO0+?!6GE@qzqk4l(H(qGLr2TL1N=1BTzB`jLrq zO~LvHT477H72P48=vAXkzI1j*;%#22&w_r+lX~}&u?z{?G`UYy)Ay#=^yu*Sx}keL zos?&RX~R(dP*Zm4A}gD2?;*wbey3`wsHAV~?u&UcxK~u_iiT%knugi2C7Ws-_g{$~ z=G}am2`GCp>UzrUi}op>F{L6y!29+rr<-33kN;QEuTqWzL2Bks#?BkbhdzGz*IHTRm2Vi@r_lX%4+#L~?`X2`(B+fpFQMlZv_>TSizP-cfNYreADYgL_L zc>ZmpD&th_b@0@y`4I%6f9w19FPB2ZyAwSy4jKmTtoHCx5uM*m&A<6-qnC?Im&aEe z(0T&9;b`DBJ^=8g&Ck>&z5OOuzfUo?=DCCJk`L; zld$>cNg3SSXXS8H^d}D=-@T11FDM*)Ai*6FjKRb9Y~}w_m6*DHW>o;4O~3X%38|kR zA(mpsx4GjqMhJnu9ZME=q}WJ4icj%c$hJA8r)7@T4?fC=CmWWxYG3U0s&Too4Gb?8 zT%K%b@Z28vh}Bx%zk|up7Vb4L`h`7O=nr{nUf%0>7Yl9ao~9p-fh+4>S8 z21If3gE0ABM#M%EUQ=7t1#5o*Ab6wCeRI2++HUx7DDFfme#6chX@!#onkY_7+U<8= z+>H+hi{wg3JL4al`913>xaG1?MK7xlm79Gw*3Gm&mzXkuQ?+!)%Uuz~QxczccTYy) zw_3zq<-fu8dkUXq$_Me_5lMR>yst^hwmhnnZ)x=+HOyQ;Q$Co#6vMr%!&MLRbBZ`y zUf1)y%_dCQ$6swuz0ctF^uxu{iFOX1Cvjje`6sQ{JC>0^V0dVR?Ynxlk%iMdi&;p& z!DJfJU)-*EF#%It|JTISUzul>`>@&1XdegY15E)Fd9r3e>WSu^m!VAIB_h5AOt~0D z=ut^%Amvu7s(Z_;D9{%+vYhfk6IWY+nX;Ni`{QA-1omj0fjQ@BfV&2KIdo>Y&_dCX zoEyYQmVvn}Pu^}En8I->0ub5Yx1*UCNA7}ro{e(g`hifidQ0z=zkQxX6np8(=EnyQ zu&=RIx1zd@!p|T_;A^ccH3xy*pe8z;_fr3yk%j&#+YNZ9b~{QGWQr$u4{Az;GrET< z3qOtECCzdyMYAt@$gc#Ecy`k*!Wf~ooS_ElOFMTj5>z#FY@Tt?Yjgw4%!SkO$(gru z1M;$m-+kT)O3W|5O&ZX_k~DV$+QZ}!R3}P9()m0>MDcoalm{OR_3Z! zZfu52PDlllo0okH-8vJ30^tXwPu5pGqTs52G_jEP*Mx@3C$p2?hoxp?br4srG%Mt1e0=9;!L6n5zUZFR3 z=wYLz55e3$ibp<%uJ@&V@@6#pyhUkt4GYaV%hlwUjzPkVAO|(?n^@{5zswf;#}8v=~At8@+KkJMWKm&_BG;2svBT>qJk=J}i zd3;I?mXvJYv~=>C$N`x6B57FsFGu+Il+zzhp|I*tCr}x_uvpkof5-ILxd4m7nt|(9 zrm!qd;dC4=R!3H4+z4%DIAPRidl#-*nRag0__^({zB@y)hN%Bm32$)O$PWgov8E`> zLz0RDdL)oc>D zEQjNAI&UCDj1QU*6;9@@^7`+zvx?oD_fEo*yjLdbE?Be;6hd8|6$I$FEhZMH)TI&< z=}0ei0y@#N3GWm;mD_LqAHv={uBl~v9~MLbQ6L~iDWRxXXc46a2vYT+z!9mTNd%+> z#7O8MQkANLfHXk_r1##WMFHtZNa$4{p$LS~!n8d^E}4GqYyRnrA)h zSrW@EAb{J@9a3DaVTR3+=;DbiHcaT_B5%$sHeZ@!|4t8GeArm;+siL>-Vw9^BH#Qr zy!zXNlU{Somm+rFEQ3rj=(GKm9UFkO9M1tr8L!ix^KAha-(;&i&ok$_;MQ^0!W@85 z6a4%H{3f_wv8 z)8M=sx;Oa(=>uQcM_p69Nf#jcu#z~<C#gWvj*CQXkxwcd(y%q## ziX>vSe9+oc>}i_TUPyYHCu^fhhOYhDPB05ycbMzE8Q~20f`16} zfLQ&jf4l}@kNJm2jiX(;ocg||I#Z2BMu(hz5L*QDelwp znPDc;ePI>T2bOuk`vJzpg@e8Ap6Z%AHVY?L$#)brOW2E$uUu50*vgE%0i-fiy3m3# zA7Z{G`up%zUU{y5r3HQKlue(u%?~oGw{lS&$MY@C6M9$EHbC&}g(;ZjO;q@yJPB^omtrte54pgpi- zL^&7yd9iU&)a3^mwbm>!mo4@T_ksoVCMsuMlh_J{FJ!DpPhVQm*PSs) zxPFhunOSQ7u?mOUtBS&^ZmGZ~`KTNg)delS34^+iTPV{#v*ino?XH?8cP56{v2}$g ze!r@%M=H=&3_&+*UazwI12&1hX9|YtZs;7`NRgunkS-g}c;g3e@QE6euk_k-Fo6c= zD^6Hw(~jG3J&sH?|0j^iKY~Hcdov-5=e`22L!Z3p`YOn+^?j&2f{CpEjxdtrnwyQi zqIEXx8|W@umgtt91k=*2VPXcxcIlqW1?l$b%bvPUFZ7mm9BOxa#H)52#5(sj!)BJW z6fYEt6E+%7Nvbg9(%yjE#I0t{w;K6cw@OJa@1^v_j;L>OHL}*1be@E{8whV4?Q_2A zn0N4T;Y$uGh%_nL>Uy!hqA_>o@@EpxGCV}ZTII~H>~-*Whk3fKtnMjuJlB`pg`UxC z^E`!;R>QV?GtayJbTmjqJMp->i6wbTJ3Tl|IcseyLVf8n|V72 z6;>CS2tNGI88c*#jCqOpQ4s7^eu5;|@$wm3vW6*Pk6?P1ei{j5jbNzJqD{c?%Tu-t_8r;{g!0nV2QXmqbdf_)y^o66BW8}ig%}E4COd=^! z?y9XhAq*ppvs*ZzR$reg)kFqVUq7et%Dj+KvG36dZAZPx9aG{^4f$m?(8De%wY)J4 zz2E!M6-)W!m*4vh&D~E@Zq-cPA)_wvoALT18HDxA?)TM-2Ugbd$snDz59Fq2E1pLY z+3;vME>ZJo^<#i@@qyJm=*M6r!*h31msHQm6VjKQ>x{}Or((ZcqiJn5tz_L>+A3Z# zNU9k_7oIOD)PFduh^pRx@jaApKO4F2n24@ssG3=S91%DEPw(WP&mKztjx?-{B=w)o ztIZ9T|I>{JsrCKsfYY)LXW#2?r#ooegB!{5+hlkU#udGh5z#7IvaOae%O17$aW^u` z)y<~7cxfHNbT#%2;()5beO^Itru{YreY=pVJFdsX$9{Kuvqg{|=&T{Z>d`R0nR zi_GIpQ*X#+MOrgcvoceW5h?$5m;37yw0OX&| z(>F&s*c-EbHsl#|>zz{}(G&V<)Tvzj#elfVL{1vVWmcy4K+#=&xpLyrSaggTM#Rwo zT9>*(r~$Nfe#BiW6WXrnsu)|)4-(!lXprI$RR&=aWVX(DyM}|_IE*2;=Sr{+J(}DR z$x$JLg=qesYEs+bezwr6*KpJ9mQ_I%h`+dPw6pI0zWlJ}yu(=R@G<S-cgIb%zrNtndo70 ztkpzjr`5HRxuHL`rl_HyQGY)z+5Yu5639$?)HMP;TjQ(E`kYfeY_|LYrw5PiT|TmT z`@ze`IJfV1TLv{UVtwAa1vpk++H=PxuJsT4zxoyG07PhUVp=g;XvE>MJB}6#(>i({G;w zsXDyH#JvVqZ;n@{{&%3O>BG4u*ucKt+u@w#n~KxBxsM|q#(8Uz$#RF^3r#|POi)Ob zT+~#>G_{}kGyo%n!S+gF@LhQfM$XzOI>!erU%+IDBA95L~qershJsR3gih*)l_ae5GyEU4MhP+QH6ue0o!KA z3H8j5M&Pax2GDwZZ^5j0|-B^y^Fe$csF#=o~-gJe+ZS)Qtk0lGHI$@@)yKR;ks$_jYNc;>WgY?S%X)sNiyGg+w?zq6u|vO3I)j zzcy@pi=K_#e0W07e?4!w$ul`I2fhJ!8k*PBQPdCXmM_=CBKS?P=JqfCM{=^BfV=~6y9 zso$V{NoM1B;G<*fxyI82hLW!s5IV7s{?A_eC4p6Ic37H|4s=k^z6W;+4IY8vw-ktCV* zh>bVfv+F{G9tOxppj!4ySm4JfBHHQou({z~Ur{G#m)aMnI&26J19tG{hV3}%RY@R+ z%s*fCJ@$9ctNrZAp_*`wKpm1zh;|-~rfV)vjyYUoIb2glg}Ur-D4jMcnvCrgr+cYw zu@rf;pPZFaB3e_#`aDAP)yp0)^kXMg?~Hs4%A7?zp<21N{En>8+!c#O@rTK|-xKRu zvr)m-{fTfdmsX8)y@Kz^SpUaDw??*J@yY75GSVu!Vfz9ni|j1Z&d|JupPJvO$eo5aY=@AK#BIofwwv~+n+Sz^0~XEIQsEOgu1a~r7z}qofq`X z7h47LXd$gp=SvbRG?Y*My3NWn9$4v?tVW}Y1RZ=(N_0#E0dP**`xTrCCU)>}r4`@}@{RIU*enixfMeN9i+-IvDX|7cebak{EwL*FoE1a5tspZ*DQtz7< zXU-a#Q)FuNc0M&l5tk-WUuTYwp%&gu1KF?u*N3my<4ZcLPK~4`j}uW|N?-4&5?Tu@ z3Tr8;2_)`-w1(+JQyYX&+wm?|0l5PI?M1&kt9-WMUU_#LcA@8RcWq*QSw?Op;=|=8 zJU1MMQT|Fz9O6W`OM*=^E;PqUm;9MGp0nVOm16-&oY4!{GVk2b zYF<4UU(NTvB8t}1IBlK9ONt`>=$H(spGFx4wz8 zQadohR?n}}+P0fqaQDK3q7))}q&qbSt(H=k6A`Acp{Jc98y=yNwlZW@7BD!8Jgy<YKlCukx!cq11r`R$M9uN8!e7;rXyVdoMVV_igf5dRa0IX&OrBWRa&OUsGzdJ z>d#eX+%rtQkYk*;jW3#Rh5fmd-AG5t=V8BPMy)`!Kg_H*CVg%bOy$$Dl>hrHG zZk_RAcvrt5dbjWtIXr6QH3yBl^ z^Fp->J1cyVl6lR-R_9T|{)b$+Rl_e1op+tSZ=8j&*WL&5v}WkV;b)nLvUq!#=De0z zMF_oIvihkGe#NhqJt-_{-p~+?yOpqS&xlK+bj10h6EtlY{fEW|KQHP@{6MO0fM+9s z2%)7b3=HGsH-7r%XqqwkPxr3RrnkGSblZ=z#Di;1qw#17V_wyhs;3cYQ43A}ulNxQrUGCUBWua}`;?S&bh6<0deq9h3GVF0yyGmeXITl!AK9=?a|3_hE zH($x~iP1N1-#P10a*&01kwn7xHVj$ny7&|zl{582=WtUe%#X6*XTIiP72T9WH@Z`G z8PfR^!13?Aqdc|#I4X4<_@}tgrs9c;SGEEq{xYR&YNAU95RdFpUHP!2k-q*nH|X-2 znvs;tt0-vIps_1NZY%se!0I;)vpY)c>h^w<`4yX{ zRI$xbb=_${>&||9RJd5`K^ITQ18vGW_;CG4t@?gss-iZ-mzekB$XV&SI$NiCgPO9q zRgOo0kdr5Nl1po^lsyw&&}bK*xr?7s=vXnv&5*S$cJJOUD`7Bf|xYoeskv=nwJmB!lA2gSt=Xv9x$_&OMis z`K)#O5VN<}2Y(D{i=l2}K+V&7+_OF$qpZEG{-BWionC74t$7R&2UT@*!*8lS32>to z;(-c-I*LHh339v48+H4U!4dV_P=;j2&7+O128-Z>R*Yxv-G&8$-Jzx`!&DD*k))y< z0`rQ6ftS%&4VwjbTCdlSmvDhE&zO6KCg>m0P>a$v#>ac@0}|*L<-3Edt8dYUMveM^ z`h6-!si{qYnNIDrebvvfw;sMm%lwUH1&tN_c(Z${x7w{#YTvQqu?RQav7rE#{TW5{ z6|JQQFF)*#;%2~3yQ&G&Mes{Nte8c0vI{96+lAD7xZ?kW`C6u0{4p>r7@W_trAXpt zQklE$IVU#=Ui$Nm#o2)n$+1=u#|!t&Ga@1mFI!i(fo#In`J&`dmkyTO5^TvvM`uzX zRxZUaw98Euo%X&|nF9H8Lfm{gq1VOPJ7ET~VB{F_RWQEKP=(0ilTjEhvIvyx{3z*4 zqolE*+G!83M7i$1Ue9vs-brcS|{d+N-I5# z{3(B%-~ZUBbG7AUr8Zm3f>IRE>;@Yg^e_~JV0+c=)sXdQOlUCqRp|BWkH)^1$88p` zCYUC&T<@i)YrgE;=hs?D*D<(%Ipf1^s~==h20bN<9I7`{r~kTDoCU{Guepj? zgCN8GoMua8fCAk&f<{KF_qY^>VMp{%GHyEqBy~vER)OhN&i5!5KwUo$>>Y+a!F5(S z_48NkpY(rrKaq}n62dD^Q*dVVqexn1(G=R1GEmBTyVSdw$E3?r zFv;&b`%=1Ff2c8CK^RW4m=-GIJkDFEKXs+Bu7pgSpb+OI61)xvOSoh3=k7-OWm*8T z(o&G@-2jOg4}i7MeNg(fSz}Ae6&K{_Xb2{Uqb6KdIhrwS?Y97vfPIMk8*9oJdT<` z?IXn_lEM_bv1W4yO?nFo4G@W{<57^C;BYss$*B-98Z+YrN=@1_8?WH{6xc&yFjlRs zOnMd>%FXj!FUy>Mxm#ULxWUjxaiPssYGT`jN0n9&SM{0O0tUpFut{2>GY9snUOe46 z!`58y?((f44JE!CUu9m`h3Dq4DH^`3yHD6YuVBy^tcI!LY;1|#IddWZ^Zr+7-;GhH z7ObT?645Qme|@qu+N|B0$G?X)fUe?}Wn8KteskjXbKqWZ zx*XYdAx%m#k~kd1_5-Uw%!I7APyHc!RhZ4jzri-(T5B>Om2hfTZ&}c)g80qb@lP8b znj1DZMZ2i<>F9XX zP%{Xbl zv_uteK(-`QyS9Rcbw7K^4qD8UVxl7sDL(I8zd-^X)gG3amJdUqh8y ziUT}1Oqly)V@AZEYN4c5!w#PnRI1j?(kk)DdpDlaiqZ}qbEJH-topmFmSi6;Tv@RkppV&w2g`lT@tmToHRaN}g7@J+6ZF6?^>lnUIgg){x+<2_n1$ zuy(-)M5-KiBck}L={uj@I6ice1d(hNqMqi;)w6cY$?i&6dIs3uauig-K z`%;zBh}xwOF@X(>FEw9Y5SsHG?w3POdd<@gk7F~O`sMhSggx*l5?IP&Jur~2$HWg} zRiuKU4AjctP7CimF2Uh?g=NQR@(KOh;X2`h8_5+#9OkM@cgpWm(2V;_g_NafXUe?u z=vI|ko`?fc7`*ejJBXp+4nd_;%n)>s)d&lck+BSLxL4qVo%A}IIs%IPTqwj`QLQvD zo$DQ(@zpb|bGMq^@3G>X4?$#=6_H}`8Hv2#dz|}xlUU`MJ2)fW@fbU2Ron_QVZ?(_ z45Zx>w|-QdPr#((*hxTy*xEE*H(K z?sV}&gUM`bW77ivphdc+EvFs~QHarabXCj-a~yK`ur$8qnYUS!GMzxZxJ{|9wguy& zTV&jG*iL}OrPpPx07&q4>hY99!>drms`Va4=;M+jM-06aP7I}nA9J<$bT~>eejvg! zL4_S6kDfHjP>KJ7)up#6_5leZwD3iCa?PpLkoMveZU8))RmgZov;F9&mq!fERc8`w zo+DVguSY8lAK!Sl6;ZR6*|H#hHoj{;X!t7<>IF4kHkt)?t^`+S8T-xH*(6C_r}=V zXJ2Y^{uKaD98$J@42GTl1ed$c_emV|ONbo{^?6cOKX+M(dE$cs$cc5BRg{t8AvQ0a zeYjq_SA(u6W)5cvV*)so*CR`+(Uqj_b^fX6aI?xOsuFd-ME|1RR<#%awxa?uW@WVw ziEEVI;l_s1Iiu8w1ayLC9qaLgfY7DHq6JwxPBD#u8JmW5UM$vzgNR57{H`kx`%X?~W6-p1swR&q>jL~RYa+Q14&GxsR>S0%)0 z23qzoP|Qr~cujP&e5+`kT9VazVB36JNsO(gk-c0 zh>DlHBR$)!w5d9bRPgSxJLf_zq9AL~p;1b|_T%U6`Ou_{b+ZPFr0`s@6)t-sHygTn z;P_dizj}q#y$#$ZCgkuzA*>o+ir`%3P(I(;k_g?#7U!1n8fp8(qEF1t`bOIwuY&oE z1ebms9Bof;{#lMY{l6J0aTC-oTLOgqubM6x68Qt_B zNU1IM!V)8eL2bvOV{h+p@hw@=FkOh%!wF|P*9YyI*zjOtx9=sA^%90_@N3o_Jg$8i zV<3Iv$*t!eh9ldY1vz}2vusAuBevNpR(Pl6#M$zV(i98TXLlT%b5dj;naSKUU&dkG z>Mvhw&Myg*=-QEY_GEg02_NrU*tBJ;!dYtKRpI5EV?2Wt3{J21WTn|-c zJzUefCH}V-K*`79Q$KRDN8ZfUQQQ`t?|-?Q>yzeWO`i zsPYD&^_(*FurT#Y_7=J8(wjNY%;)h1yWeogwzju0X&EnH<}HauSBU-V z9V4!ToW>CElb!N~p6U1Qs9rNIPbD@R>qNKMYy~*9ShFBDo`@DE2Ot(`!#+ZB%eS=~vpZ&Xk^Mf)N$3(`%x`xCZtQ~?srPAbmy zt|Q1-K^~kgr2*OENw%K?j#>5Z&?lGF^|+Yk3K{mZ>4oefYRB%9qOIa5-45vA!X@TO zVaD7cn8B6gJ9|UoODtlRL+B;ilZ)8wFmO3RJZfa;THDJYk$K%Hgc)}_%NF`W?WR|1 z#WL^vvE|{y)zTfU5zdXvC_$Bb^9mb*Wr5>$e~jyzrmnvY>LV#+h%flzgc`Cp9J9fD ze-u80A%jPZ_QDMn8}TKh$CJRBflx>)e20*Jij2x{2z7uj7Xl>&{+&8cZKv0LI6#g= zPeZvtIpfbKzlfyrUW*+IGiB0~3CfL5C~IZNP{2qG_Y%7En(aC+Wa^|I5Nvz4PE9>D zq_KFscL(;FYeF@*MD7Ro+a1t2^e9RqQpiAA&5TOTbk9|K)& ziCZTWpKlz$+_0(GFk-T#F(T z$NQ@A&Q|fmaN(0{R%x9uqzwQ8ducgNAD)O+#fvyh;`cfyW>jEQ!6ny8P}?>p8LM( zu&?0yz0`)_B~BESEWd9rBD7`V&-~{KHC2C<)~2<%$9rCiB{Xt*UovaU^}C|dH(Tjx z`ev(BF&}GXK*LM6?qXW}5`i*w3e#tE7;edndQL=5UMm-Vwd-p7aG833%Xwv#tB7ym zblX(9PYwyP^u07IWbiG@nehJ-6|FT&f)SgugU4C?CsQO_pY<61nC|J_PLu;eQv_qz z`FG!C<6`E1D;)(e6ibvq7-^rqlSvSi22>Ay!5}Fw7f9$phRA)@B+0Vg#{ez0^heBG zswt;zfoXM#cgo2_2H_Ky>{E-nN1KHu_Gga?TUDJGkOvZwt}XzvrQl}5WBiL{mDcF5 z=;9CJS5FR&SbNTK2cu-aSvW~q0KE7Qv7-dBs=No5EJ66<8-Zr(vgRKM6}1Dq4KI$s zZ26;hI<+eq{1|k*Aha8o1?@awA_YS8Nk7VOZ@te<#X*KKXs5gufdz%I;cBOI1tcY4{YkT3zOHNI5wF-m}*HM{Wc*b8PJ#rSNd8QJmk4P>h1|Ou_Mc9fl1hn~;s9 z9@C|E=8DCEq-q{m`1xMpci*w^t=|4T0iv5&0lZo8DpyQ5EPMa`+hd-T^={aH)jhxD zugww?lusGFOx*jZMBUB{5s$0SU$SGM8BIga!J3YT2yG}qZ?1K>aeMvcEs^vJtui5*seH7Xz`L#=8mCvDFC<9ZBn!1c!%mgLUH& zR46L4!lO@mxHvSG+%AO8Nh1j!@RYtJU1Eok#@XnPaeMUZ!v}oqKtvpfyXm3kvxSnZv9hPDmp^GFC_yP|=VVwKsXN?Lz@HH~McAKq{l?pIfBLl2 z#OKJDHj%+&rmdwl*l}_92kR+*f9zzHinnfZ>X)!4nMV@kJ7D#fyo{{^@o@mTd6XH` zVU0g{S05-xl+UD<#n`Xs@ao{OfXt_lS?d*=CjqKp~?59 ze@7g5TNZ?t`73WWGf6yYlU=$mHOCraaNx*m@1-s8^YLJj(O;6h0i==7Z=}47R}%Q_ zbFgdyCWy>Yc{a?rPb8U!^@!5sU_FX31;S#IIvFDID3zy39gLZ$ODY<95os4tv+38R zL8nYO86kD>Nt=%gH|bZh%f|r6rqx5>MNb_%FZlw@4Q3j3j9iQ;U@U)=eR|m*VGvrg zN5+LO%yZ_19y2boUVqO4kkxyL^m-xUMNN0PwED$-hu|%}u-urDcG@RMhu9gxK6d`i zIJ1DwAb2+OmcL)gGHfxotnm-yc7b#r2-98$K!~#3vip99>9Q(!MdbdZheZ79CaQYxV_(y}A(|xWLi3alY z)l^ih67xEID9W`%s_`ldw}|)5n>d70pW(bFEy^R$yQ3W96ZM$`d^b3#NMH3zMrGJz zMKAJKQ>{JhB!+W&Gt0K|4#M0Lx}HIOq*aS-hJW43LZ z(|jj<^6VcL6&wa2eE#>- z3@qFqEx!<4AaBK>Q1-|D&XtfOhpihzYdW@pIVssKu#z3km=Z?SX0ADh(1*qYvNr40 zE4ua@ZtF@u?b1y6MK@%a-}pMy{lNV+^~Xz^j_-W&tM;hxvZi0M^6d-1*#%_-LRn8b z?>4?@*^H~nrCYk!Xh{>$@d8}{6ibWeBN1@kFPj3P^Q@C5ST>s-Ui8c;?^SA!r?TKAdr&W}{FMKDek-X?%Enoil!PXs<>x0^Fmp(RH_K(r{>G zBy=^DnSApp2r4B^(Lank=KCW=zTQmp3;0DYEarx&K!k+^iszGLF#GBkk;$W&*{qWa zc*t4YrLt>Re}pvL^N&K9Z@#YZ0I~AeSKB{^^RA!YIJQ?7GO65H`njLPXTD5uf6tF@ zd5QMhknux}bjMyXk*(kyBp3)v+UY@1IVEi?qfM@_A-8?zFV-r#aag`_pg~GXxR)=8 zENFX0OvLI`b6Sfo@y;vEy$z0%Y}WCOmps?ozPk26{LeV)$u8}iOPON3t?>({Bl_U- zE5AHV5g*|2@l)9xKYh=m4nQ}A<;kY8ku%o^V=OTU?UEWaQ><MP~rkHI*%VgZ-TMxNPyza|IX|*ZXlbg8ZTy0aJ z2E6Op1>S-ML9_|{<57U|{Ixx}__v6}m*JxPN=Rw`-yT}PA0e{VTkN)0LW*j`)kuyv z6du@fO$IR-bit8p{T3Np%O6UT$bO|;6|AATEg(XcZ9K8H<|fRKDAS5 zrShcdqt+D=epQs)Z9+IpV*8rS_^Aj9lAPOB>BNf4ue;$)4N@A2g`+buzD}3rr(vWe zQ*h0E_*QIjemduVaqS=PbQnV;iAd$wmHF``&jnTTRZRn8OJ+kK{{pmOt9!t7+sgxq zmt(;I)i96vYC;<-D7(K&B3Ql!E;QGKwSLY84P%$^-=*7EYK*A;;NGi){r1=UyrozG zyl6M{;RvK%N@ZSDVfDQTIq2roBl7cl9mT>CP3h$Ls*-|LJKGL0VaBbah0`y)lBrmb z*tPDEw_03!Npt?RbWXC_regU08m2u&UcWSCMr$v8UA*0`E6Q~P2WjpWOx{~2Ewe7q z)!{bxN6`~lnzuW(i&#VWXl5+xKH+UWu_5VMedV~PLs{Z)s;hupC6zWCCNu7iSQPIu z-tUiVcw%fitixz(PaASkzJ~JTV^&PJ)}$rl1I2U91sg{f2hVpO?(>3ihX>>bR3duO z34de(?2ya(gSye8Ee6ani*OX4K8eb;B}o zSx0GRT}Y!>`oC*tCV6Sla%X|Z9e`x-^||=b0pQ%PH{zo6Zl4j)w*OU?{@c>=UIe`C zQ9kamU)4yO$^fH*;dr0;Zy)>lr@tH(vC%CF|7~~F04`(ryzPJ1)c(6V;?Z+p>zJp1 z>ev6}Vs0^#!!cU&k7~qzd7@tctAXGefJlk^?$3aA3_QqFAza`+EQS+IZlb@?X+r(k zrc643Zb`9TrxxB)C;%6_YcK@1Kh;*a-%%*)J0s&eBZ^#lx(g5}4p*h1Q9x_y>0w{u zutCY6_@-|bhg%jB<3QUu>#IsW)H3UR%ps6JD*iM>t+$oyd=K7S&;&r?X)5(2PU-PJ zjDk5d+I2Trv!$Os0G>N%Y;iMF=|C`r2dC894b&ei=7Pzeu%nHBhv7#}3xT_&`_jiO zo00hCT;NXXKO+cKIw>IRbbh;^{`^xpu8GBu+|uT?T0i_X_xX#+*kC|6qe+}mKz6*! z1#yX!xjf+WHV~qQzX%CMgnBc0A_YzruK-d$PNl~uqIT4wp+R+-DjfWa^v&O?S>e-Q zy=@>FeuFt~-N@o@G=(aT^gbQ@Y!OhD;oAJbwKf9)-G>e2(FLX9PV>x9kxG*Ty78S> z*$s=pb6wbgj7PUiIZ(O%e~Z&5!;e%NC!cr`sTbG#nsRg_P`8yN zgojhI5m9Dd}PJ_nYyoR!Hzc~<2SLPnUT_*7rs3ph6Po#q*} z3WL!13O!PeLE0UaG&BXfL$whXN$wSbLQ|J%4nb_yNXIKFRv{I_v+E6*b9N&y6DY%D z!IC-6i}~=%?y*-K1q?3(L!-*zL7J_f>Eg#5eD;!hBn5~gwyBEjsNz2{7pUTK{sYu1 zy|*(?|5T+XD@Y6CvhX|DLQM->%~A`GmE*5b$A_h-q03qIS@qINJM}WpjY)t19j}mC zV41;aPP*_MXv8z!9DShPn&BuhXy!Zk@tL_;)YJInfa^X4S*4S)&lzqik>G;TTScno z-a$9E*c;g_Z|s=6uT(F*L9@ESZ3wb=+yT8Z@Mj(V%7-5udo((@0hgL}Ycg$sQ1Krn zCqGR%OZ~{pm&q`~H;?J(BAku8xs5esK*yrsySvFi)A%2gmJ9--%+DiHNqIs%6~SuK zj(6rty^2=Qylj-|;T&HSk?%wq+zqN-Zngok&Yg&*@yM6u0bh)RXI&73SRrV8p5`UJ z)>g3jSDl0`wY`Z#J*4uV6mXIx{aJjzt1|t|CPLJX(40yO<4QkMx!>i4NlDeuQ#DFD z5%W>VOiU;7`t1?n#+CLwS1$~)pxGo7nW!|}FjP{H2>iql$&fTuXlU+X{RNbEI?W}= z0-NPXr{z8MCMRRP`M5*?_3(iJP&(pC7jSv{>2Ln)PoOqTc~E6i<$J9c{-m_faJUOnD~{2A zfObF|m48pV9e)836qlrNQ%G5x#Jm1HaDJUF|DK1vb5C{k-Da)n`D)j&>YttD``ra2 zx75C%VQY07=;6Lzt`cBBpqd1f->F3 z)mjh4w0B;3+j4Z!JTs=lTn>&ES^&_LvS~hROrR!C{Rv* z`$Dq8e3;pmQm(ZS!`557d_0$;BJ__93|^-`Jqo~Y6dNGrn*Zd||8+<+zd8b4U}G)K zq-%&l&eXJs_kbNcXBCCuNSVdw@O9@rQCD-I&)2;%Sts=#B+eQP2|1kwbtwb-?isv25xgg6BSxB| z?4v3$=xZe{&hRv3;(}DS`!4zqC)dAY5dnXo9s|m|j5KtZ8C`nv$Ebrd%L~hI?BH98CF*#> zw3hNyKmH_iQ-1EdThDQy zCJovdkRTfz8-6OD6_%lvr~%R16U=zZPp;^H+ddoi3JqNggFk~cp?l_A zDyWyW-W_yP_2TleAFKpc44Z7GxC*tmd+q73B@U}VR3p<($n=f?_1K?jz3wd>G3JA9 zk){ZIQ{4UjUW=v(XS5w(v8Ywm%S?N2am4s0tUs=70|*^vADuzW>@1{O@Xss^CO zT8^4iB?&D>>{1T7RbwwH2{b7IMR8$(R=8-`rsE*IvON;G{XC+^bvkYYV)g&_AN6d? z883=7S{S_b6~d($EES8zc3QD2mSL8fCWXuu3}sMGDlq;5#^A(=Wmd!Q~4KHmylp?k>-?o#f)m(Pz7_3^*{7RK92Yf0}I=$IG z%KyJ-vx=3L!L8DH!u&F0F8gD}=EnUO-2ln!Iq}wtuAGXCJyM*-#?Fj9wG3Wv zE2E3^9{|DpT@`5kQ@`1%nO<>K$7tAtqqVb;<1xfz`fF_B$ zL(1NvbY-q{;{oYm9|r8_eQo0QFGu4)#PC<;0|yoM2ChFp1NA0r;mO?rYaYl!Y|}0s z_9bSe8N5G9uO-Z2hOipGr$y*);jdJ0W3IfUo(GpH@?rxcoY^M~w$d;*LzGsHU1gu$ zq7&@#SCw4D4Ym+N4RGK>hK2p>{;}e>@A&7>c)#mH(N_uIQl9d6KUb|v8Q7Fu3=^4u zzmDuJYWcwrgIp20AVS&C&;8GxQ=tWL6KfU90r&dfyZOHll-JaV;Z=)M*5A+ipFeu8 z$P9Qb{M^TX7V`LyM8PopXruz4!Sk?kttg=(j;eR{l zzXu1b*@-9-IRe_`=TiUAwZNYTWVg*yO#b(Y^Y@Y1bc-7Cf4N^d@c(`TfI}CAA^sTr zm8y~TpoLM^qqwO0TF9BoZhcF_BUfEWBm3pZLos@Sn~78!$sIZ zRvWvHLNS#fgdQs+{j>3i#{>AEg!>W4UuXm`lYir0Z6jPj;ahSfaIv9Gv;nd&zT!lq zT?g3TQ}_35|7*dzsjRM^7PsF9>;N!*)E*FyIo0ldgFA1PPB zG!-xk$Tv`Sm&4q~J!}p10A?P*#{&G2ZESh;KaDuLX$~+YcMptq&(9@k8fVPAEU&cQ z%Kq;l_WwS4hS~`$$}jw{I=+964SNE>8S*U$L;vY9vL@7tg_faj|D0IIC;(+58QK2^ zWc)oaAggu-utWr(@!t8L6IY?8+~=YtaQ(M5$}fA2OaeCVOO~RsU+bF4s{3R#Fva!f zuzp`LJ3ydPA%DH1^5@VjrGeKU$rio%^MOAn75L&BJMjM6M}M<$dI0rMdfH0&>z{u6 zB9LZd(V0#B&6hp0q8kSwfVM>EhH5HR$!2RGXpnBScJ-gPc#@`(Ny(fH^=f{+$!;7z~{9fx8?uw^UNtvd)yVsg8esszE2Sp zfTU{?UVpstTMGb-x`U`q*Z)Fxx>hLEa+o%tEDe?vdq_oM+JK;0LVThTh|6skQAEnY z#Nom8nA?P6?)IRbPBI@0U!DnlWA=u`;SY(<3MFbk7x%tZ{avM5mc{Z_#N6e=;>Yv< z_n;u%0EPjML8|^VM_vJ77)NMWsAezyP=5#$*aEGwP6x| zJDs-b)W+n=fU;P`k&rR!T~q$bFjTp9zspt$B_1XZy4qtMBLgrVxVi)N0y_$UOz-*a zg%CfItzQKhH{4M1E;;S#ksYtbZLcsL0H0D-xB1{lDost+k5mbbqB^@;m&8(@vUmSy zBUw^YwR}eqB|ra1)&`hMj6w|;UPi6D2dDsoyQHrew2DJdVpPWD5+2u=&4Nl%klO1W z7Wi33fA7F1*zSASSq?ru(iNbR=I(7i_KR`Bm75_-{qtD>TOQ>z^2+1u|FuaQz@;Wd zbUgdHT_$A#`{&2V@;{bfZDw7RKGjHaXhe6@)e2*p9SZA7$|NcZ2a7gfH@RPeluAdS z%`?TJJTR&VfrSq2VDl(cVT9&|QT3_ymldpPc&^3kt;5JNW1{CT%lg}3r?mllV z_tS(P(E%7`lqIXgEv_oDOV3Q5>8D1;b>r|E8aEMc(?$>5Zge#4%qJrBIrZZ+^1oTM zw$uo}!oO_*ipW`F-h)~-oLCZnguWepyS43ixUK0E-=Q|?4d4$oZ4blXZNaBj@5Amj zIJBz$eBj^vrRfbI#PXkBh&j0_Cw+#BCsGeMm+xc!jYlsumGTImEm)oxQCfdqnuCDy zgGPlKlJ&`7XzYM?I($+2-$SFhL7>FYNQJ{LH--Mc!md0V%J=I>^kphb_G}d*6p}5> zh|oF|2HA!Q6_aJMuTz#XmNrZF5{j|!84QK&WZ!8pvW|V{ef)lA>ifQ3*Xs}0csz6N zbD#U%pR?S{Ie7|Q#d-Tu*6obhL6 zed)`5iG7U5{~5`(3AJ~&BCj_~+GF)yq>T_U{#{wOsYgajv=MZ|qw6GX$_e{wg08LU zM{@OB@ko{K)>mzVI5*UG`=uYi)ly-he9D*mitNmEI=hJbmxO!)0<1#(r>xa2+rS(< z+vPnm8NzU1-=kUe>hhY-Un$4K>1VA>7XFj+)IZ@UMt!xMxX}7ujd4&RFx1Z>CMM?1 z8lzEmIdHx>xqA#Q6&R~)wPL~Ar{u9Z<4SAABj)jO2nZQvhpc3p^U`ufvB8(~lydJb z0iY0PYlmUs>j`ITW-0z55i6nv-WYq1v@%TYD})Ck+v1(4YGO>@aWsnLhZi*@AMXoV zLT*;~&;^&So}1(EHs@fcsqGEgwa=_C>e0$f9efb8l;1X{+XbEb2gSZKrretHcH@@x z8gkB(mzGsqh3ep!ffjlfB4ntgshL3$6Bd8zy}+{#z*D&w^1|KEFAKP|@cF67U5-Gg z(gy5Oy?n;gD4;5>wHy|3QJ+J?)D{WBXwlRJGV;eKzYEL^(GCdrers4{Y{_Q6TYe3u zd?J_ard0M%B`Q{-f53#pds_*(zE^5ASMCI*^Fr1~o^?@iqPZYBKVE_Jl&6($O3@%1 zs}TeIsrz^Rov5Dx=iGh0fxuc`L3Rk)-!3B{(t+Ua&vp30=hUN7B)S~ad9DV(v(S9n zEf$m07I``8Y(kVr4GY?)Jg|lBw{Wyo(1p~G3;JO7?x2GL@c7pt<8n{8tBEo#s@Hm! zP27=lT98Pf9{a6z(-OzzCeownt11Jsqzojsx()~@L)4mYMqViRG?)PzRc9!(>U9j) z7S6KAf|ybASK+K^cIB+T58<7NJChRThHsB@T=>@Rkgdz{?Y3x&FpV*d-8RW{@-BNo z&X1R;LYUIhm>x6Vn$UYua)G!p)G!m*Qj4031ABeBD2{Pg`e7Y@Y)0FjQ!M}6+pWT%F~}iiNtebJUUIZc0Sc24Bux}&vTvcBJ`b2Dg^6Yu~~>O zhfx$`UkYh7#tQ~Q1P8Lhz}0CU4-`v%zed+gmuF?Ta?LE#G8v%(RA-u+?8!lFXcLKQ zG~X=a&RkM3lf}fTyy+E_Y2pG3Ddj3CC=eT@3Y@2@pOP&!5^5E) z4R-!?lhep}Ct|vl9Z6F2Xp~uEadN#4zqWo)uY7y4VL>?w!fepaKcTd#wx^(9*cVQc zXyK@oUis9rlJol2uC}Yh2`l{!&yNg*MDJyc=8b$A?}g#LRteQ#7Dm-4Pp!0y`N(z^LjI%RvcjWH8i{YSQsFe4vvYn_&jk*~z zN5)NuUpb3B2Sp@tzLf;h#Lyk`MCH_le?Mi{<$^>kn6^Zod)8y_yIYWBN z7`4T~M{huP-9nuceVpo=p?yb(-qQ#=KKdI$r!8nC^3{4+Pcxfq#}aai9bdzR>$&Z4 z%v!Z!ZkCo(x_vMQDpUAteUTH|Y(So!<>QGX6ZWqWGXT_HX3L$;%=2MURs|McvR_i($g>C$sK+J7<|5J%OTbs~2cIsJ*tfo?&2 zKDu1hGV9}P#ZuPG5Kp=f8+#gaH;so^UxjzHV`&m5DxMjCz2TtRybt(D4zcMrKC$(F z8oTh2W3Eq0VHwS(e!fnFG0t;SeZi=0^B)Zo6-w>=BI-t9(L}O{#WQ`4GA_&w^hlG{ zJCOrjemMCHv}v=Fn41|enKbN`e@9Nvi8#Twej;;BB|uv+(96lIo=E5GNcZ}y#MJnC zou&F}&v_mihufx9HPgnC-6dllL;{8s>o9H~3eHiz#PPJmUKo2BfPdK*<27J4E-sc3 zJ)oBcE?$2HL%L957Sw->WnjFjtO4}i+_`>UdXpVhQ&8Osr1YZ*eHW7k64J`;W7+DE zMDgK@^;jnR=+>MbXm>Y_Kb9wQ?;R7+uHmr;vjbq^MLlZU%9H{Fiu-@@guMu}7GfK5O z1U%EzH5E7F-R4SM7#Nq*svbZfC%#V$n4^N|KuPOdB=!gb11 z(xCZYqv+I|4^!|9MJ)6@N%+*gEZ?!#5wVgKhPVGTTi37&nU$*2EDVTCZmrQq zFDR88xklu8WKfe$fJ()_O~^{kI7gPuQDK!&Pqx<=+Nv=e#4b72S`IT$hly3gmD&gg z?9hl>tEC7{fR|rsz5|e@t<--i>9TZ;k3M`cBHiyyyKTu06*lw@(}inHY*$WG9UHyQ z8jlKwKTp5`pg8?NG17vGeU^Ax4IH*BH~7XoG9$Pl9sh|XRBskoS+H@OS{wFBP$JTg znqV(~dpWD%P$P*eGHE59Y0=l~^lTYeQwlUTDu}bmZ}31LQtT56JwLTzaEx)OBxPv< z9K1DBjjFjKX=+?)WE<1107pt&Gx8}#U3!x>J_1C03LD;9Lk-xMAqqAi1K|*7*W8)( zB4PnG?(nFtp7re7%e{%Y`|`?cnH&^ZfS#O?be;KTX-S?{a0OZhelSoSr=RqSG1Lr5 zx5CmH>4!GA6W{5*@#FNfH!?C}A(ew!XVZBvYvA#sP31K$Yj1LX`sKLHT6b^CFO^RU zT#CDOx0(g^ff@Hr^g^Mr(E0;VkRu8w{B!FJ>N)2qgHwa5IBZ^ByH3EX&fK!oiP^w0 ze(Suuc{o9F9+!tyH(P#(mjSJA=bx|6LGd>V1dqRhpRc;6Dl@T?Q8XkP7xvRDh8jG@ z@oeOQz$R1HQd*BZ%(D^6cKD0MprL8r4>>#ZO*6xiddB3sbAcavU82DY@x(HI!ue*d zv&>i7)z%-*6}?F>vNmyQaebIH?W2|IFtrtJxW^m4vU!2PwPqGb*9#xu?v@PNvZ!V>=Q3xf;^{tir!Uy&Q~CW=I?KE(&KBPEPl%mz z#?5hxatyH>&_)Y*%(L&4YvNw!v@(0gxgYg6+m8>Yfp=g2oNP-}@Z7bl-*6%17zna6B&LQ)JdFdVR`X3HIE9m&zyxjK@bBM2eSd4R=PoV`^7izl5J)+FySlgF6Wda? zEA8?Ir<*Ib@*el!b4e(t{`tkj6-vQaxHauDK9{cHQVPgEJIV=WfX*G?6IL;(3HnOM z=q9N9(8%%Hb=N8_8k1PDql5C!ldbO;))enX+R*uY&_$lFTbLAfavKs-64VWOi79s~ zk=^WCz82$m^-eJn03v1y;V>z01`>|b0xIh4shWM&s6^S*u<0a%_zE84CLyK}dtR|6 z$5^<}I_1v8!*6MCd(l z^BMBUQMXruimqB znki+i)8rXKMH^w{OIlc8AY>f5vi?0HVrjrTLr)W%zf4V|ZriSKd$f zGu728R@#O5jRwFc6*^9(06z*s;7@{>z=bBg_P|{VB|dBIC!v-17~bLS`t)2BTpL~W zYCo$b-aYnJ-qhuGY|9Q12;fc+oICQ8S^mWCSZe@Vyb~46+Ph@Q0G`BfT1-bBLg=}u zk^i*{`r8VcirB?Q#QOy7gka+bsML3igT0bj?Nr&9sx=+Q3XAt~JW4;KYOn0i;=$dL1G!> zTo2l5M7t>dOx~3Em9gyz4t3E^tU- z`+*VNoin%>Hhq4A9WO}!(+>owV;`hWz48Wf2>PGe=5x#2WyN@x9@V84ZplMm)|6RT z@}fCfmUie1>E@b&L;(Fa()Y6^5tKg}~6 z&Q^2X;2km0J|w~71z4{@4-09snb@1@&FjaeZ>nuA`)^jC@Ip>E@kAE9Iecrbaw~~* zsJ1L=erfrI$Hu2WM>_r72rNBaAuIF-xv!JrD(jq7_uH#;7Te}MZC@{X#vK|xLS@qJ z`19KfWMn=)6K3>&jLqWhN#S%l!*d$)IxzX>8()AWTW6z5eOS>vVp(Dh1OLn!q_J)w zcVxfE z7i)tUOwk&>UEDVoqGQM#x-e8-JflQ-QBE34o@Xcf9RGnI0C`LR|BJEDbQ_rd-7sax zv1_w#TEC;DCoILzv-f6cfy4C1vl|bgxl=h!^_qP{z;43tNd441tI?Jm@Ga<5Wmp*V z#J84r*l(Td;Ah*Y(hq3lgk?cikexPPYeOMdSZ*|!J`m`vZ^3#`>LXF5$ ziBe5$C``wCKI!i~_p3g4vZ8A$fSYqW8?8PQ^)I= ze}`8yet2Lrt2|KdCshO32E+-tT6Xz9d%JCINt&8i*ZjXyDFP)|4E?Qie||y_0bt-E zTyW(tL;5H8U0Q%P>`V+W|5l*Cve;S*BuC~y%2FooU*AduM9Ha?IUK8K@&B~z&H)6? zaUDngrlEgG)Bu8pRuTllI`k`m(;A!fmnn4NP-@^w2D0RrOI{yF`7>Gf#6PLD&&zx7 z<|ndP7adT7pQGK}-Tn-|F3u#g^K%VIv$JNBk|~;i&!@i4pC+^OSa#N{j1sH#Tt}x2 zJ8W-16t=GQIFJrLjedD&Lnn2_0hp2n@qnA?@-O3&&r$3&4MUEn3^zTJSp7(DAv=-! zb_HR5qx~r~cJKg*(aEfnTT7`x?+{_iFwB1C_qK@%DDPlA>O_SuDU>mnVk} zMdTRa)@8-e1jzZJ*j|AHK^s8PZl1dx=UfN!tXqI{m`7i?Wn^TGvle!fbqG&QmtExD zZWhya+gmP=LM;942vI9tHYrr|Krh(uz)ce%P9Q#d-hJSiMgb>@+kkZ0XnpNHq2Jt% zQ*S5tCiv_s{B%kCl500yUIU>^FC9Wrn)?6(di*no52fn}R2VLBP9&%ub%TB#Keo zHN&?gcnVX5q9`mmOVo-hycaU6yfOA>*WU}iPEq}1B6v|v=eOCEx6?1|ixB)ZREsP^ zJ$OV*LJEkl*Jck`6bJ~zY=&l=9Y`koHTCw7+Icv|F@f^}hW{b2Rj<^+ds;f07S+b)0&aq2tilL-L$U)I@{5*P<`G z-sj=w=Faq-aZp84%!&w50S*kiyjU7ZNqri~Q9*p}6>+)X$Skr@dwK2V+t}DlS7Hwr z18DmIg+e_6K;JNC(Vg6k3R)1);kLA+VJl-r3GTWK0ZDebt@4&0Xn&(lVoOVcJ3SvF z8`!KjFYmkWcoAMw!XaO3URpXXK+_c6f!*K(UFAt}od>7@U!esAvqJ1)CJSbpc4B2i zC#w=6N#b|_Y#HPlEc0+#9uBH!&f3VKj0Z?b953O%Ju_71vD||Q3t64%C4g!J-zibN z7+V(7QYw(;ODwJ^lGLm{OSJy%EqaX literal 0 HcmV?d00001 diff --git a/umad-10-configuration-document.md b/umad-10-configuration-document.md index 69d143b..26bb126 100644 --- a/umad-10-configuration-document.md +++ b/umad-10-configuration-document.md @@ -23,6 +23,26 @@ The configuration document MAY contain the following fields: - `uma_request_endpoint`: The URL to which UMA requests can be sent. This should be a URL that the receiving VASP can use to send UMA requests to the sending VASP. See [UMAD-11](/umad-11-request.md) for more details. +These fields are required if implementing [UMA Auth (UMADE-01)](/extensions/umade-01-auth.md), but should not be provided +otherwise: + +- `authorization_endpoint`: Like in OAuth/OIDC, the URL of the VASP's authorization endpoint. This is where the client + application should send the user to authenticate and authorize the client application to access their wallet. +- `token_endpoint`: Like in OAuth/OIDC, the URL of the VASP's token endpoint. This is where the client application + exchanges an authorization code for an access token (a new NWC Connection), and where the client application can + refresh an access token. +- `nwc_commands_supported`: An array of strings representing the NWC commands that the VASP supports. This should be an + array of strings, where each string is a valid NWC command name. See [UMADE-01](/extensions/umade-01-auth.md) for more + details. +- `grant_types_supported`: An array of strings representing the OAuth grant types that the VASP supports. For now, in + most cases, this should just be `["authorization_code"]`. +- `code_challenge_methods_supported`: An array of strings representing the PKCE code challenge methods that the VASP + supports. For now, in most cases, this should just be `["S256"]`. +- `connection_management_endpoint`: The URL of the VASP's connection management endpoint. This is where the user can + can create, update, and delete NWC Connections. +- `revocation_endpoint`: The URL of the VASP's revocation endpoint. This is where the client application can revoke an + access token (NWC Connection). + ## Example Configuration Document ```http @@ -36,5 +56,26 @@ Access-Control-Allow-Origin: * "name": "Cool VASP", "uma_major_versions": [0, 1], "uma_request_endpoint": "https://coolvasp.net/path/to/request/url" + + "authorization_endpoint": "https://coolvasp.net/oauth/auth", + "token_endpoint": "https://coolvasp.net/oauth/token", + "nwc_commands_supported": [ + "pay_invoice", + "make_invoice", + "lookup_invoice", + "get_balance", + "get_budget", + "get_info", + "list_transactions", + "pay_keysend", + "lookup_user", + "fetch_quote", + "execute_quote", + "pay_to_address", + ], + "grant_types_supported": ["authorization_code"], + "code_challenge_methods_supported": ["S256"], + "connection_management_endpoint": "https://coolvasp.net/nwc/connections", + "revocation_endpoint": "https://coolvasp.net/oauth/revoke" } ```