From d91a5f4f25feddd99eeb57d491810a5c718cff5a Mon Sep 17 00:00:00 2001
From: shaun-nx <s.odonovan@f5.com>
Date: Thu, 6 Nov 2025 18:16:33 +0000
Subject: [PATCH 01/12] Add Implementable Proposal for AuthenticationFilter

---
 .../authentication-filter/reference-1.png     |  Bin 0 -> 165947 bytes
 docs/proposals/authentication-filter.md       | 1073 ++++++++++++++++-
 2 files changed, 1072 insertions(+), 1 deletion(-)
 create mode 100644 docs/images/authentication-filter/reference-1.png

diff --git a/docs/images/authentication-filter/reference-1.png b/docs/images/authentication-filter/reference-1.png
new file mode 100644
index 0000000000000000000000000000000000000000..09f9ed88eef2484ef12c54a0693d346832082766
GIT binary patch
literal 165947
zcmeFad03L!|2J;+sb<=18uz6}YideO$x;(&nbgKMTQtRG%90d~l-xk1nI^4qp{(4M
zDYbGzazS%JnkmInAxt4fp>ab&Bt<|#;JLN>j(xtL-}PMA_j>;LJ<k<aSC{vFpL5>l
z{W|aMobx{See?KHmzB#5m+9!}tUToU;|U#|udV}s?)_>Ba7QfM*{Gv)Rp-!;`%Xps
zjrHxjQ6P`uPe4W<3WG)YoetCIzFzptWApDAPnx5fT?VeLY#a=HZ5ZxX8ZEB-%3t@u
z(d?1H1OKWB+@7>Se>;DT`QoO*f&<Sg4)0B|%O?kPSH?9rJct%xwPKZ~q*ygt%vjnO
z;&k$~ukY!AYL!}nWzcnW-nnAMcg&n3`7;_x6hll^sG*AYzgQefwNU@fzZPYt$$5X1
z0L{Y11N{X`8$LzFiMJ`zsi{Dbs_qiL9LXnantQfIkPRn6!{sv?gd&|X`+TQIj-7?p
zXTj{_y*5iW&fY`Yu9&;tGCux|+^>z=n=44r4rsyCe5x`TcwS&`r8RynxF^9J8z$I%
zX!xB9H(3Iow2nY&C)w1P_m$$fsdv|KYV|dYR<;*twd3ZLnRdE<DO8=U?NJ(>t*qzE
zdC8TlhY5CbEj&Fp%UUL`sNP|T&A)B~WY$CVW~LLVTxI6j5&Ab~kaQetuH?IA6y>xE
z&-Wi*)uc7tq5ba6Z1bZm!}wk>RqL&ZSu|Vh>b5KLn;7e1|6%8eMDEP;p8>cIp|ylK
zs#Nlv_WahdnHlB`Xz5&wp63M}Hc-{L3yeB*Z<fJ}f{=}*JRUU{H~fL*?}PsRtA_lQ
zKh2VQP1W|fz@P`5#%7+UPcn?>iun9uPnNK(!?drV+Ad^u+~~Ghf(NvU;i*mMCmALm
z3wfI1v=cMSee&1LK6XQ^8P&M79m_u8eJ*(YBweczv8-b^0gr<!_3r>9m$ZMb?(aL6
z&7#to?f%v5_1?429|jBbv2xp%AAuH6Ae}eP6~At9-4(bNv~T&>?DZczK2W3>0J07I
z)(5Wt4j@sqJAcjW<<-BE_5+PuNCVd|oV`At;eKNl2<}JX%Rpa<e}Vmrz<touFRJ#%
z$b2!c|6|8e;2~BIa<8%dlz(5NV*eJK$qKDwV@mWICx{6+d2=fgJUztG)E`JKIQeQG
zk=m%Zsl)_xe6}7Td68pDqN?e*#ga{m@=b?2!Y=&dwhHdo;NH`(9m5HVh_`80SW$^T
zZu+SL0eG{4mU+#EIpd$MXzOly9N^zHum=UWJ6ifbuC*gbFa4&2kwKX81FeP!QM}v3
zi@P9n$k|VgRn@F!WZ0&aCs~X-!vCRrrA|%KDyTK_M(OUceKS5O6n)$v`|Or@2Zb!v
z!Z&@MCp}8CM>Me;l~Q8ZUs?U7W(o%DO7QbFfQRlVpXY$DcsFer9BzWw#D7gZw|BC~
z4I2BNj*lysM!V0%_~-_TGF^@a>7N4}xg%?S>vKpF-Tyihw)vJm`o#?ksB?)tE*#lq
zKX_`%S|DsF2$&ZYj9x(x4AoRG`8uHK@_CWIg`W8hYwX{xFg)0!cNb6l))w&mCWv_o
z|HwVbsejB2Zl3>Jd%vxXqOrbeuyo@@L!`<5Qw$&oxl%eW#>jO>!9_RDHt&Hdn^<ZY
zGxcms`D*joV1t%55A6xIp~VW5;5D{WWKtYfh`1Cv245aTSvuQUVb1)5yQ3bawCZnq
z@or!inMT<KD8A&?zf(1dnw2otS7$5rg9lZ{#j~QuV)Mq{5YWLwNWE^r-RU};h8u1p
zKTbqUBG%wcYhq?GFbz0jqq#wQNsf1T&c1YydK5VkGfl7YkBJ^mo36_~kQ?pW&*&HT
z?^4-g+B$`6o7gQi;-F|8?ROFZNv)1<pB%W9hUA@WU`?Eva4>*83LxCUQg%-`FnF}r
zjokDiZ?Wf$ZzH8ZIS(O|DC^h(7;I_!ZjSWbWY6RV^BO!Kv|`_|mDigeR?%tt8=x|u
zu%GupS&&!$@FNrG7m_TDi1vG{@&y)SE&4_bk85j3n?-FICzzos^-m0{N-dq&DZ&yW
z4Nk9Ilv@iLIsB~{F2;a%zZNLQtSuoY6~dKG@;gZDqPTgZO7j)!j6qgqkV40Qo+^WH
zy+K1_8HmKNmaJ>zUCtX-XmEU(YuwBxa-*gU9(Ys5r?nAdw9STl5VYe-Ws@TQ@BBB8
zsJ5PdsV^ozIeHaQUdUH@cl1)V2U6TEOsxKiGYbYn$FC~NmJVVNx#i!{$8RI41z59-
zyzTVCCsRL1+;ewrFeTa?Ku&m<ns`-l)2HiWRd(&UUw_{tMdg_xE6MQco17Ymw!TV6
z4xv~lJiU9e(-Ffsoz!U|`hGqcV#KqV<4dvW>lY=?nuLpp)fFxYPOl;B;iu2o#y{S%
z%wbBnmeiCbFS0udwEc8Y)jL$Gr-~gXw!R)Kv3q`NTAn7Rc4x_>524bPUYP1{4n^4h
z6Ky+k`%72B&6oP;bKQP9wQZG8jn%bsMq19xcf~Fn)1~Ma>@#TD-CCQy;^_^IadD;P
z{k(mR;tucU#deF54q&aCy+LIclY=7--XwL^U1{rJ-YdwOFBiz!wiEidFHp$XMEe`P
zj*lr`y;iH*Xx)bW82r9JFE^)7SF--pw)a;nVnTHBdj8+D>rS~O9hnrN6v8C(u=K|L
zADtfkE!Fo+019Sofi`z6QV?6?+b9oDlAV{-7A{Kj5lVf~URkVe=kVw7jpN^l4>dGS
zXq#~<Q2+2lf7o5iWp%sthfRv2iln{l6(JT~t^ZiiQTy!roi94BDefUwTE_SPq3Hm9
z|KgV^R`l8EhFIz*G8bQ%kFQN@Fr83a#)t>VXKYt_p?6U2-reBe1%|v<9$Z;S_@#ZA
z{$nZ<>e0Y*qxY^O4RqZ1Sn;EGz`cv3UXbBNTH*8b+Tq5d;_h=6UGuE>s6E2uH{MXV
z;pyM6wJ21tEKRl#o-4R*hNvuDD&D<kYRmcYko7i)M;y#)y@<7z4%?b~w`}0W9dc{d
zJpd+LXHoAL9!RTYTQ?@;{rOX;p{Ufrn%ry$CUMRX*=O5P_fCQ43sPysn#fVFfBnFA
zyhXu_%Ojpq_<I%iT{aRyE-&O2t(p46OTKsW$FmT1vZVDV^ZzJf9Ap$8e`vbR+jj8A
z#>0rG>u@!#DqE@H3QOz}*g*QlmzfuagRu}y^G~V4^IX@JoTe@PA%i+0Rrs}koz`1g
zJn*yZ?Juf1b6n#O6JEtIGFPs0Se9uNI+fFHu{$a#YZH8VH~)B$pu8VsV+Zlt^X%eE
z$Fx|gdu;nOx7m5ETl^*znVW7$C}GL#gpv?7?01=s<LxWt`GN+wNwPO`&@m!9oQXB*
zF~0HQPf_90G5#wOCs0w1G6`SbfhMt2EFb>PerjiYW)fW0ya17~>*RBMwD{2ycelKO
z<3hE7GIJtU8|IPpR11lBa~H-~fv>sklx7{Qhp<_fFN|J@w&<eImmS2)#gS@%4dEvu
zdj~JFjP<9=F5tQk;^JEK6l~u0vw|^WX2<;(Zw)~4X(=)Nm{;=Tc()gaa~&?UKfQ04
z`uIxi9hQnZtO^Amt(u}3l-O<dM&C3#M4mSrcBFe>i^uvL9b9i%zw?L~5&hWRb;bJ0
zft4obX6{g%1KpNvAyztXH-Q~ahQwDMJ)G?PU=zb8%ki5-RWjS1306?*eY^ZykELLF
zobv!E!whjzf5Np+^BHpKcFSJkDR`M;CbB5vR;&o+)VZa=&Zm25Y}H9J#M6zg++jCz
zBhBxp^TB5-9DdD2i_@HF(S4KZc$VMr@N04&;x3X`Y_~(8ZiEpSSl=Gkj;{GJMGkot
zmt?ZD>eUA#=<NEO<{m!4NlRy;!>S0~c-Do}X>n#J84j;%Ob~)~JG0F*iukqXZ@hM_
zZ%S492NK<sKPqHIZ}^#;th|jEE<Fjq!AvbEdHLB;B=1i%ZSX%4H-@c>yj)J||06n9
zR0MJ#n>1c+vn*((XIfrFK&Z<8jf-$>Es7-Ul;<$c+en=xqUK;Qbrams;fl?}8+@j6
zH{`B(kEalW$LY<{G`$I`9pt#xHGYN}aZxkH{I~MS0C9fp*=JTwk2jb?{jP0U^(zh0
z<%nrIgCGoSblym$B`unskgLifbd#e^Bq-w&sXhwcpJ8Y?_~(9MsU8acI77MJSTMFN
zpb25}96ufM0<n%H>f99OJw(ez1Rwr}sMf$3QIZqT)H2+BN9QH1Sof&|_8ao3^qzC;
zcNm|-|Lr2wi8zKJ1oT3n&Bw(mrlF_LK{r6l|7`9xuy{y6Z?nrb!_YaoFY=<`um!UN
zbiZ`#k{>2w`$20MQGyP8$`GlhfQ34Pet4H9)E`KlUNNY0{deBoTOg}1@o8Ka#8SNj
zVShN#Eo|(TyoG<{Sw3C-iV;@Ka(!f{pW&EDdy9SOM~L;fy-9x4J0R7rX^jP4!!-0C
zE14muuV+|7>Bog+jy%A%4)Phos)iLmmc+)~E+jiI0O;6!b>o`i<h5T8RLLBgMUsFO
zx&2$t3v72VJEzYH>~b9ITRKGnNw<-EIt|w+uRO+D4`*aJzIl27731t78}FC+%I;M5
zeY<Ec71HH|dS0NJQpp-JdSL%PTa3ya;#Yb($zxST{W=kdpF3bqfrt%HWY1)sdp9~Z
zxw{G_4iTGg7KwM$e*)<2v|DeenyIluR8Do+pKOxvk@`e#^(&cyXAkkqt60>cA|}9D
zCD(B9-|(Ati5C)vSB;t0&BX3%t;r20T)SmIVz%_{K!kzw)|2MHwQM=xFk=iml6&M_
zu>B6Zjv$KON%*inK#gAZ4Sd(j8vmZgB^xL7Ck$VxOc@dS)q|YSG(u}fzw{;EZfBID
zh;_VBUTIYnIbUKpo%^PMCBYTx?!xVB-5b?sz}If+8@*T{vfp8{loD|Gb=`Vr#1*FD
zcS#Z5`M1tGUG5&@zx{#!{x(7W`faAuWN7@PXjiu3?j)>+4Iykgf>nD=aGOv!*`Q`K
z6oDM8ZJ!KH*VS5iA4p?Svsr4izsu*AjN3o91YkWd!Fy@sYA<0-(}JN`Rk`=I^!EOD
zIO8)6x&H~{yA1s9ol$>4qHX|ix9L*wF_~n)JF%PbMI3rA`8(&Y6cFayZr6v-&H**P
z9i41?6CA=N*`*)p*$(9bh8_`|J7G?R9w0IXdoi0vmGdVe4ehzN2a4ktolKv)k!Eb~
z7ybmi>Y^C!@v9*J7Av4RbMvHV+pY+Yo3qs9=U!g$eb{W8O~C8B4pGenSj$IwlH;-B
zlLNoo4bl3x^CFKB8SGB#o4k!T3xtGu!F`w>+yU@JdyS-d3(lr{FXiQLTB?AhD{f5w
z@kb47pL!WU&3-ezAQkCfUbJ?fCgf<YLEy{xaDk-4;l#z<zt4#<;7(<Y-nCm?(6zzI
z0Aw1nzM3W95&7_b(QQTtNas*p-h4%g3VWvt8QdUxow~Le0t7J+0CJC(EM#^XtUw22
zbIAvOIgqsf0ePvYq)QolDNc8icQD4@wyP6Cbui5`Oc}EcY{8Sg#G8`CQRXGFDl%C^
z83y61;_WDK*zGIe`LUwrp@ywuLKtUucp5*u1WqpmC|NCCH?*j$z7t(`+Iizic+U-)
zos<1}qWkmren%;hi1;M|;-O)Fr~uT3VPzKaod8$CxlcVR4A~iT)y}T;rj?KyVBvdY
zzNGpKaU!#(1rxD^1D%FDesrU)Rm5dmI=pE~^<Mfs|A+ir_HW$c8tx0jzs@WIRjjy{
zRKyTxG2K?^Ppb3v3#;O{A{v_miE<1<+}eo%0R-Q4s_vNK1f_QAQl52c*=J!q^3uCC
z(!8~2gNUua{TQ}6p)h^VOF1yU)itcQ-xb>~%fuk%*qA?}8>UNNsA@?I=$!~~($^1{
zm?*-$k6<<DrkH4CTHIz7k=Dznl372SzXE1c0&-$J^Kj1B7TUhojnHeUg8A{0VSBFo
zh93T(f_CqvEeWg@<`1o;YefUL-%jWUq#JdI5b|&N`pa1cXZlrd+0g+ZSJ#OT`s^x@
zCmEi^@7Wpg@_y`SYVE^D=h*Rwn$S|UVK$j7#^yQ%2x5?F;y0YPm^JOW?VAK9tj{fK
z?okx{+Z+8?rI6MAM{^gStF(iEebbvqgV29^ZJ4`)XmY)ZUhqUX^rJW4L}YvEZK)mP
zW~2e(FlG28yl5nbKx=evkewtv$|Koy)>#~>8kRs<y%@k*vN@d?v-G5!R5MIyzVFgw
zsbwznM)T20<0^vEe+H>r<AoYdDep%d@s*kDE!9ZWu%^tdlK~+Rx$ml{$4qAEKo@>g
z*vO<g`9)`+ACL8~k4<JFAWm_OjI4*IQ0Juz#)G^Cuimn6u;T>09~tboA%a?$`Uby=
zhKJ7jwXr;|xA|R`mwTkcwWI>!op~x5^zG6hhVv?J%C}3&10i1{R;ADu^cOz=eaos&
zJ}sjp;;N&-fpf@7%-T2O!vI2`-nX=`;K98+*5i1nTX8Q{wZkA=fY&-N@sOwYz;z!n
zKsw~N3NHp63i%!-mINv^^*g2FfZ#uDa}NI4F)=^*K_Br=%|C7YF8SKqu;Y&L--TTT
z|E@J|^4iBTE=`H7Eq&Sf%gFt|L%v51+|mbaHvkW!oj0QVzt=#T*JjIalJ00jiVMYv
zhH(@F>X%-)=r`Y`mIvG#Jvu=TpSF=~)|1Z0_4=&1o|d!q`(`H;K~X+AFxHXkwlB0A
z&pzHEoj=>y33J?Fe+mqjyxktZ&TZ9uT4?_>%nGac1#auLF@m<G&(+@P)J&t(z@+Q&
zx7kf7z?XFOzPEs0YS=Y_T}3)H!?zo_=F6kCr$OX->^KqojN^+;#OST>Ac+$_tDlz?
z29(sww?PTMzsnt<aV5SCQ}a>f`T1*0mL?u!_1N5f?`}O$v(GSFIwT>imah6{*lMe7
zSJv&nI{toMCPJ-QXIWdt%=)G6j2i@`Y8*R+@Tqc}@P6_BL4?<X8K20|QTaN?R-R|a
z#C+r4)3k4>a49;<a@9HO+EdM0t8A{`pe4~DFSb}XuP1`;9{$$+-pm;yn)baLN50|w
z7F=$xRl4!-X*r^E(OUUwF$ThZj~umi+2|I(C!2AkBWPa73${3~BDNkM^ESQ+eKBOw
ze^muZ*l6=F15?$S{99Y-%JN8y*P!?ti>47&dTPHE@?wKUmeCebK*$cc1D<WkgR}d=
z1XZ0|Vp!L3W`GrH{kryC-z^%=al-0DcJpHWj=-?jl!#j~p$Uf92KzTCtQdQmzlm9K
z83_5;FKr)~;IDeJS`^-W*UtaZ>4wJoI3B9qmwUmCP{>jl4spbl)0#*F!3)eS>rI`?
zUOtJ6AExiG6oZJa#q<1AYV+^R{l?EyK)Xu~*1zap)BlI+K5fy-CU&Ta1*0icqJRFP
zeoNB5)opTJ^Mq(hzs)1M#ai=UeOFhl7Q>zBS#nTgWRi|ds-}NSa)~1*L}FLQ$1h->
znV<}F%pTYs$bIUI@cEYEfHOOws8((9qs|!bt}kW$Uf?*-X$1v^J=yK7=Wg7o0am6I
z)6iokPa2EQ{cCLiK041G2xI%TDNsD$N4ie$xiGeceP!Bk!gLjh8F<g15by(cKwr3m
zgh_g`i+8QW(3AW-4hlC9xV6O@m?Wg8K>wNa0^6J&=X@e|*?x8N-1)mm>(S|XXs23O
z5+k~^59IYZpXi$x5CR*Tzq|G2Bq!~A@O0`3u+H^no)Q6j(FJphvNkQRjjXBU2+W~J
zxBsy;z;<UD%WHpssx8oyqx05rfIZC;|3)=u*lWK=cAd(r!xy}nH+=!Nuurepf5|U4
z67iModcZDo233a~b3f}<SWL$30uW8>5O0cXnDGD<#lh`{#e8lZMO@WO3bCA)nzQN0
z6Z0h4;?N`CoK1rv=cjDg!<h#yaxcxZ(5Y8?X4jW_hOuqm9!Q<BPdz$s-N53Iqp06@
z2i*KQzG%gMi_m#G2Q<o=#lTLPA#n4bu5fF1?U}#SoqDuJ|9Wr3^cYL${1*Cm>(bM0
zmfYTXZ$4UE(R>$bw7up=zm|@(J`^xdM853ne%aCfvX}oQi{VTD1|S3fS7fe0HT|TT
zxcPZN>$Hi~ndSa~8XxM}t~EaUF&1o*Lll1oDD<8(g*e&YpYnu8W)rPgjJ3=@iHbBt
z*aNVwqx1B;*@UWW+-)OD6h8_^ou12V+7jp2^6!~TxA*Yn1fKHXxS4X4H^XLG$IWIR
zZT;Qt=rCd9gFVM$r+qY;ACsykUnwZxORU55pZ?Z{YgDL+{+ijGD8PMcA5FN?X3G7+
zcRnReEeq9tC&#OS9Im)%;`<r5xfHBNUMu#W+na}ryfL1~!-2G=b14<izO7fipy)}g
zuk23PIFZPkY5h?6WKxq>Erw(n|Mp`PU5wo{uQ-tMh6WPZ>J{mA*-duO2hyKuC-79z
zy4fVDqkl|m<=U}&Gw^geRnyL5EUlf6>7UJgOZ}Kc_QzFEhL}gEzMVs5(}#?*Pswb9
zbcLEPv5uOBp{S3P_Yw-5gY@{VvvXNdo75BQ?k@R|XT|<$=A0Z)eb=XHBF$z{VYNU~
z*mzt&A3yvt>F(*0#u%B>d^Vp93v@UeM%76JN?r+XVl0Wun|@#GNf(1NadC4b-esYs
z6LK^BFD<zejDPJcC<C}}w;XaLYQ&G?l&cjCAa-z{F@8@u7We*)#$gUUV6cbt&;k_R
zueU)Os6oxO1pHT4{s_rM4_ja2#;qB+H52vezR$^HxM5kM%`$}q4#n-!en?IOp0b(A
zMtC3wuX`G%BG0h@tNelIg#qzC`)3m(XMgX$T9KY&5dO8nhfAHS!b<}kHdY(wWCXZ(
z*<!LVV198QpkJ}3zx`;V`?6;7$4c+Ao&r?*oW6>&U#4gi=}AIA@}l!}iB%p&ectq1
zNMz(dv$+EDv4+n2-4UZ1c!qBOI@?dT*o@A?0Ep@Jr@yWEc<Y(eHfl6uWBRTCYR-As
z$^<kxuTD$vf2;HU5iUkp?xe~10U)UP)cX1>VFN5w%nVb|-_1ETO#5{IkBr3Z8gAQj
zya(>7TB7)n0|`9ba=!iFTHYIqur`rQ?0B*1{HMwSZw$bN%f^53I)0Mz@70drG-G@u
zznqqJ?o_JTHy`U>-4+=(AVb8Als`-~s>y4`fBo^nvv1LYA_h3i#S~HhG)CAy^Yjxn
zpZmVnpK*VE4E-5ATh5t%KA7Lh0F>w9x8>a^qc_fG^`6MB&YKm8PYqwrywn?Qfp?4)
z^*4*ylj)z}ezy*cm9RiDo#psBnH(m48u4eFy5*nCQL*v64x0o20CD-?s?TXZU6=rD
zjoxx=`9#&{7l3hI`+*d!ZvLGayH7;z|44)*p_wkm2_s|8$u5)Z{}R=`R+qSF$ZGpl
z%s0D{;5*b^pITZPKH^4OQTvbFY^p8&w;NCYcQ<}fkNR`b+wr?r`6eBolzeLXXS~&=
zUbGc{msS2;w+PEWJ;6*)wZj-bP8iiTw^z?o$|tc8(aL7N8H4c&q^sL*E!_|>r216j
zxR2@8q<i8|s<k&PM#t8parLLiO+yP>&dk%0^e>ga0QNr<5-owUhjn`sSiGm<7h9U&
zL;6<#1$Qn8GJc9(+zLChux>%>FQ`NJ*B#pZB=D&1PS+hiJ7B*q_`2tEY+Dp~Q<a9V
zE^ZWzXR3o`F;~q(!c?Ns@#1lZ4D`qRXdRuO!)kRp?twl@?shA^y>;QA^z>@e&_Y*F
zAld!H@5xgiozYjH{ELom`tl9F4xe=3S%3I~f^G0mWzYCnUA;2&$^7diwl2O^mh;Il
zd?7jq(-(L@NXr*Nn#19X%FMy=#W;L14qv>C&KH0B!8v@19OiKN5}3`w@FfJDgW-#D
z_+lKs%-VFmOrSof!Iuft91dS5P;)T+ADKYC_m%o<dT{BpyC;Y0_RlR60e=Di5@r5S
zg%)Fklf1msY0{OeQTwZuq^{LJ%{@)Ea-UuJNt(OpSgiENiIx(ao@_V)+Z^-gLj&ns
zXV;jV=PpL~cUezAR;L7M6(lv|7^KmBmPBfS+r8Pfr4JWZ{?sV$+~gUaSiVt{sXzC8
z%IekZdeZE!641Mg(&c;O6E|u{zga$a7}{dgWPbI(1-s*`R%u^m9D}O43D%9%FB5PI
zHcs_Eo2NNC*NdRhxwWeg40s6AsY+=AZkmQuzJEhd&pd|{)bI0sQyyw%ho=8*#a&d*
zNX&4OgBm$-vT&~cq4_KY4F$Uw$n3*w1|BLs&k6h!6;aQ5>n4ZNsna9NXHWkF=ML}B
zEu?*5b=xUzhue5`@03{_%vIy^iG|6zrMHje3(eFcVn~lPdKA|%b}iOiJCGp8X_3%6
z(8o6B^LwvRDUh3qFuhZ|t@ms+Q!k}%ntcfYK(=u{+0)c1^C*a)^3Tg#2Zhj?iTphu
zc&R%vZ?HWDkDw}r%N{dpwfgc_3-O1BMuX>fu821yi!u|%HcT-@CtTIRw;R6s(5sU9
zy(-j9@u`EhEt(T8__(Pkv%Z^iaCdagA4%_8`Pr=>Xi!x1#-z++9D8Q&Wd|0A#Phi*
zxrZ@Jn|n#Zp^kd%d2$sz#7!uid!0k-)cD-u<40lnLgN2npgKyVkD%J2eC-iHmX*8y
zgJ?}n#Ys3k>~w!3Ayz^ed~=K{|9e)%6G+<kH2kIS0m-GDp05Dg<dD3I^^;wmRPAsz
z2CEpdhGgBbpil)h*E+v*jXS0ot2B$d0z1SnUc3$0oN6)J_?g`L<zq(63vVfn{&vV#
zKZk1GxS&!C<epeAUw)OSjJsWvzSCdby`AT&Ndk^c`+P>3WZrNd(1xj;x<po^o-3mW
zgNp%@4|aOav#?#SgkM>EEmK(SlrUyGNreoDLyjlaCv_FzpM`T;&2h_OoB%e+<#Vg`
zA1x|*((y01wEd0C+l?P}2Us1#V3nit*hW{<ty!HJ|6GwGeoNneJytKv;b<kzCsn3=
zL(opPBUj8ZK0Rv+r-w*!YG$ZK?*E=pDi`7g*yuk0|HuL=ClFr?ybwmU9e7R372JOZ
zW3c{pTUZu&7=T$+2^_KRP|r6+#D<jjsfD-1`$4oIS%zC`LCyb1hj`o*Ed<R>I&v7N
z01l#~vWqohB~MaKVzP151H1jjt=6~+u|Kt#CJA*);n1F(#uGI#x-q$r&!Wx<sn{z%
z6%2^#Z(K%qvFeqIG#S~=6?$sHc-4r|sZx|vQcdzDwachOBJo!LgpjGaP6-uzq#89b
zChW*P7Ga8&c8Q^NqDmvmqiRX?R4)(J=MbgJ$^kd}D&k186nUh|QI6zY!+_w$s+TlL
z5?@j3%+TJZMPqU*8$_9tjiwZas5XjVhi_b>u)Ac`hs@n3mEx3@1e}DQf`O2#*&11#
zKueLU_@RBMZcGR#;3W!y96n5{U0(r~aTsDp>pbaOUd4EAtPw9kAWY^W7-(ZSojI=d
z;0s1%`2s`;1CF7F;?iDme(Lz?-*N8XSYPj4{e(K*|Gin?c=eoXWk9tP@Ar35y3}2(
zNr(mCQ3E~u%1pHgr<6J#I!|He(q)sW{sq$)Md!gxsl*1~G(6ersxg=^dP<<|E%)s6
z%td1Scbgpm(=pa>2h|r8b)DKi-;sJEy*r<FQjVHxEEY(?btF(Ie{u{{oQLprLJtQ3
zS<sgv7F75NV>Q0gtWJ?6E>Or7_ra%`Dv}a#(vgB#PRSmE3&9+D8cc8$2h!h&&INI4
zei2$}&k**sG(sW+MbIKJu`wJ<wIpn~)-!?&QN^~gQNt6R{BEwCn<?JfCCki{fFc-$
z7&Y9KCgb*Cj=E5qF$h^@af+wO9T$j^UnNL9;ppMQXH!B+e5T?!Sm{?1NM|Yy`)cpt
zFNmcXSn6qf-ksDb@6XVj$rQOE>(`%vX3({bp6d4s?(*Q8_U#Xhr6bon;NX<HCs(el
zy<hKo8JTZ3&KFg1h7!;XAiZ^$jIe#(fmXj7M=%cNH{iGXr_YG<1yZA29Gp>9M^bWL
z#X#XbR%?c^3|Y(do>*h4fjeoRRd1|O`;14PyEMy~Qd3_ya9L&GM{2!z_H3s)fzqcM
zH=rrGf|wljOp(BD59(-gqZx}0Q8}Dw4T*uudp)BrwaMBf6S8T7qM?}f+VX1_pWPkc
z-MX+3E9wHLbL1X<ywg0G)G!Y_hKFd_f;?zINS_4ThzR@>)!EI+;-t`-@CKd$w@0PC
zM8#T(-BKIdKeL&d23cVZY}shsWiSk!$6P#-Pxpz27RPOg6R)l%DC~=s`*3l|L>E6{
z$dy00BGW@jZ_F9>RzLKjdKo_d${cOG&dh1ARuyl`pFz3|3Ej0?mptLfThj=};s@@E
zoIs9l>10@E6B#-1>jiK^CN&iLCR0KbaK#+>bUrOuj0!vzb#{u265SSLw9T-t=F?{)
zbD1i%3?pETgfa3s(&+ku%f}e@W<tACZ6t$#I+t2Q(wg&5=9Qn4l*(CPT-j*KC|FFy
zq#W?T7s56~x8_CU;nOw-Vg_>>M0pGj1vQm7kR!hBLg1K_N-V(j^CGj7d(cPN(a^O0
zrV5S(7Ex|V)wuVqZY40g6VFR`hf5%N%#nqEfe7-EUr%zaN>Bp^3`~87JqN6}FEESp
z<TlESl80}wsu5p<`>e>u`oZus$z$$vpIdvppV?z@_)~hX^VC^6iX&EiDhfRr4lb)q
z+|w81pfrvl=8@M_+)MmAU$85m*SG_7xPHK^J<dOl6~=Q^X~s-(V3~`R6_U3!P}3IH
zIVOB6_sNqQ;*7*ZI1cZGy5v;Jj>a<@U62@=&_Rjnd(3oDwx~ie_y(!!NUGm|=Te%!
zU+|p_WR-Ucu89|eblqiHl<4;(yv>keSlX!7x?av4ll6Q;slJ_x<CUVj*fdD?*G2jT
zDH<|a7oztF&c%S*8`&jrY<n5{NT78Ji@%o+hg+9|Pek39Ro7jvwWNi%o{-|izK3(b
zyy9`SA3kX6sQ^b}B-dR$qZN-t)<h6M`E@EIY)XTNi(aCT$`<;Q{u~qTz%0N`K{CCz
z7X{>@IAddSYChjxt0ppNXwjtVXDp>I6ddok#D$P7ov9zF0~64u5&kZW!Ys9>51g(<
z=Zoz)m=Zru7T8g@3)WcUOnn(x;-^K61QSU9L2SEIWKFKaZi1KG`#h(%Jl8*>SC;2y
zhq-hLgrk?DWHL$ho`gye|HX)LyZi)LUMa2_w`=69cd3k0EJn$n1+@xLPr4s&>)^=J
z_wX#NPyTWQBSf~pg}b`1emsUU8FoeQ>+#SzWl6Tm>O1NC<4Y2uJtq<GLEB8dlm_bV
zmfSC~8fo)6lNCC=o7dSihM~6uuu|c4apv;(jEmx$#!eeY?~BEZ;_<&=b}CqSpdVf^
z@>eet`HKVE3f3nv0MK*BkZ4TkVo=>0v@9mcs?p4HTXLhU4O7)q@9HbZURfce;vujU
zQx%IVq=Hi@i|;UF<04srn~Ig?wYI?(+<=!UT$t3MT+Yq%{c(hj??#1-G3O~qF|-0M
zC?8dqr5=m(z|bxX*LKc~M0dvA1NmYAuvBHJbK=V3k({@CYLFa^WpO?`V9GlOOYLGu
zPpLN_BKdw6ZxEP`Q%bjuj7#E#4w&Nk7)6lK#o_%?%I{NOj_qU$PwD+D{9%bH5~~)~
zcKP`3c$|0{#Mq?u2=d)qN~^Y0?o)?K8<6m7XFYS2hHL~*A&#H(V#{hGh0?yb0p~t>
zo6yI^x1p88h#YR<AcoJtL3$W?dTcc+Mg@Dp;ko8v<3M6@H_aC1kFToPa*}pd{OiwL
z#>h-|Ej~Z-SE)Xp&LL8GAv-bURTyi!-_y7%Ch~T-RmZT%CE4#y9U(K|L^3xqUlLyR
z+NR#PN`5S>Z96M8nJ(;JUZ2k%Z$lYSbYT%zbmIgH`@DF+g2hD@2^#T@yF;<rVj|Oq
zC{X>~hVT+u+9uJ3@ZD&<Cma$bPocHhm{6!f2%Js~7TY)ts3WJ~okTc=C!<%^I6^Ig
zNT1s&0$`^A4Ne&0G);3<8I%^-(83=*plyuIGUcDrk%Z1lxqI?>evis>A<RY3KyDS>
z&ZW&oa4-j|r|<E{?0(tqtj+*O<-LI#k)>6e6IC#>zkTGdnNSx!JBbX_#pY;sg++*w
zIz^cr$&)-d<yc_ev4|^Ua;v}ks-wcnHS$ckf*DX0$R$+jd6^aEos>J8QOxR{3EzVB
zzL#4q1N<@8qlUq+va9q77he~`cPbBO#`JcNGzJn{M|OXGWw~K~ViBBPh$ckx2gVln
zah%2F6mb+RUoz2#Dyox=v<<v91gB>X*aLD7=fNV9CZ|K%8`$;i^TRPoe%JD$$0Cx)
z5yO=#gJf>H3w7~h#FQymsj*RlXqne<5z%e=V%3}$6KSc`gO^AYF#`^Py6{>9=_e1N
zMW4IA*g4ndP&a*fYWKG_bwDJLZ1uEvm*kp?LS2jDa1ms=kW~|?k)h>1ox&&T_&YvT
zF9TEFa3v$J6z&lV;NtRRs}1KddO-q37s8iu_DWlzAD`KDkCWo}s6qXhlDIuT@sh8L
z+YfyQUzFw4hhAAbUfsPMg3-&X4z!w1Ns)BZB&F2{bI|^#*y^NL{2eMM8J$D9P)u>=
zzhf%=Blx{-lISYtWJg=Tcn_?zg_B}vk{t`4MU8Qj0z_f4gQzQkk;8E*nia3_$=!!+
zMhwC6f}h01amGRU_T`}w_<YC8-!31MMoSPLaJ`gELM}#%4HnlX<!Rg2xv)nV7csc;
zZo}Ms5Wgw3j{qtG1aKTnb?pFsZu2DF>D<7r=Vcma=tV~O_}D-u<@K(*=sU?)rfp7y
z?!>R8i&S-@w#AZ=;fPGIGt7Z!huW7fuzGc6sP}Q5{V7JRUuE46bk(gYySm3YL%pFf
zoU;6bDa@vkGG=X!ohrv!4yyYqij$e>45BImhoem_eUkGSuOe`;*x|ppBM;u0lb&-O
zqOVMlRlV6Urg)Zbr<1B?sB#=q0!q~F3!?y*nCEeM%3-1>f`%KmPodL5BriK<qn$**
z;?mZ0!x-*J?J0bYXWu}P-vGtVks7Eq?zF38R3<{<MietMFZ;J~7&q*(%$Ot2ypwQk
z1E_dUbr+MMaORINeRiR#?XggL9it&ro^3&i{A|92gQz+<+po9zIb~9)IUGav<(cYA
z=u@#((uMq{l>Fsvxl<k{E5;X&S9s8)+WqckcsV@|AMftEUY0qKi>et4tq=4|&pepf
z9l-Ma<E1k`Xn1#Rn~!U~Xas9hfBuBOT(%qEi7A3C3WOp(in)vWuJ>mKI4OHEgZoFh
z>J<7t;&}fs6HvHLwQiP+-Zp2ws|=qRQ{TP3lw)!<crtr+9`oYXi^B^iMjBpnOlDD0
z#?^bu4WX0Vtjs>d6{-uNuuo!-Mn?Dx+mQ7JU06S`GHy>X2JeYfWJ0}lA&#qD`Y_bK
z3F2fVXb5`>4iQ$@Nv4?cBnxo<e=}4-s6n>^55{`ZLn5Fz=yc6h)yTp~ySiydC5-6h
z`$rK;;;pv}P^B>&-YZ2}PIpQDv%4m~NpS_tgRjeSD3(YL;B7#(v5|93*2w;z(0q2}
z@C+0)fxa>!<f=;L?IRQZ_t9nfO}Ux!AwW2oi-+@_TfJTQzH*1yosy(FxwxC5DjTmH
z9cvOZZ4A|7ylK4)I$07H$rM&I;qSm=>3B|q9FPc80uv*=IQkG{>LMmy8Xi+{y0HE+
z%@r^G`Y<yFjG@E%*V{q7O6LfIoeMuGDkV>il6!EENz=r;|C2>w`!CC+kciBt$DHuM
zZAf-R<ixpQhm<%SC@8y2cv>%B@Ry?7zXlpS9F_w<>Ojb)eD&7%$CmM0d**39q@c05
z?vE3C_v#XD@+UQyS~-FFsKRaV%KXG%V0{PkL#BF6P14a24#I)ccA{luq9MKdV4Ao0
zh*jC8_6BPgn%sbNmdkGo5YRKbQBtlmHF>~*v@a?)#qV0#c*H1LnAqDTQaqJ|qlaUn
z_ycV|9{BIYkLvgtkt8)xE3cJ;-zd~IPBA?xcLJh=J~jYE=fzPwq`cHwJdw}Wj@1QR
zmNE7KAsocJYLw2*ms~u>Jr=>J<%01TvpW{x%Ksz`DVkvfOTELPH4~VLdeYnO%9-~-
zFc5?PxDJmt5&N#ooL%sU-Nvu1l<$@}=2Gm-EpeR(?<hGGkbl6#8Am`xDnTSSdSIpA
z^SVUm?h$fd{oa|ZWK+gH0i6nJb?ItT*g7`G)MEr(kPE&jI}_|F4xKXa#1Ap+0wNg)
z-+4ETSiR=Sva}&>)zcH9Id~ANdnAJ^=|1ic6~l*ZfY~Ox*`|(f69EF`paFZDkIdu4
zjj+fTlD5>D{~WB%d2Jpc{u|JyNcm1j-ejZ;2w1LaAP6jZ$keHx&!?G+F*g!*efX6>
zzZ1q~<P06QQ^E>rOw`G(?lDkbhsp@xXhdewI1mQrDw4mSTS7q&#YW0Bfhnr7rkm){
z;G4slBvq(FIx7Njzx15;K;B0I7#4AhYZ_n6ORG`hu_l>2h~GLgJuDh8!uXqlA6^QS
z`A}*y8BgKq__Gh0NYA(EDZ-|g9u8*k;R>dW3D!f@m3s$-FTz-z=8osp(XLEo7u01^
z<g5`wQB3=|0|W$?#6}m)D7%1nc(~_FLXlqsXgbu?PsSBv{CML|6uHfz|KuGQCtBJ9
zGO>Q$Bghxr>Y4&~yr_HmvItxyb)m-2FFS`p=knUZpmp}{dPnPUg1@_m*npmA=f?Pk
z@5;s^BlMChn278eOi3Vt^FvqDOeW)IWqXcw-$ZU^c9B)&FxE4so>M2EM3^zg?V?4K
zHf_7SUq=r^jU=XY8dFYW!n^$X92_JWb^P$Er#7%C9>8Grc+423#+mdtB9bwY88pR6
z=~EeXj$2aW$WbfkJ01Nnq@XC%_8g9H4AjLRb1Ev2tIDt#&73!yYN%}d?dj}I)Nksw
z3zvR#=Ki9su<PrLdKQMBe>)QXeC3k6D^@Mp3_5q#gpS_)q;&6wx4)P)Z1^*2=gU%S
z-Sno(va^xq%eSxCCA0}Fk6P1`7#7_wRtB}B8Xwiw)zvF=Bu?V*r+1)uH6`_R#dQqM
zY2F+4#qc<p^Oo~3TKc`M*Pkd`wmm7f`Q7i;FDHY<8fPV?#@=1Dr{frCuv|P;9dxYz
zeD_XtC|NhT!<#c4iM%k?3;C7Y^va#w;=|_{Qq2bnyQt>!>udLK6jrP<M<bUNg}ug@
zKYLs`P~J=*o3KA&MO62C*LzB<ng?BTz4_m*?}#eEIhXqGfoWw~mUw?O_6f}!C+(@S
zOL1<FbQ^~Y-y*yRrY`2{1isR7bxWJgHIClt0L4h0?%%>I6&a^OJqWl=#qcfSF4NIR
zOo;z^MO75eT+M~$*c&}9TKwAkO0eZ`51nL`-d&=g^zGTzN-WcR=TC^xY!2lf6NN!y
zbl;VT-Ev{c<Y0+v&0e9QzJWDDoy{=`D>zED^_0UY2IlzMPU#O`36|#2e0rnhV15ei
zc6gA8&+4HR!-s3{_Kx51$gN)ZJ<*neC|USTEw+e&a>#?%3ffITwC4sfGepSS0oV71
zcFrYc;q_~43E>4;;dCt_KVo6V)<qjEy=GIh-!TVg#@Z#n?f>Z#JN1I|AjG?(?S^+t
z>D3n3HD}$B{c!~ZXI1R&p*LK0@|3E_p<4GKI*s=mX>n&S-xWMLEf42ZJ@TyxF{D&G
z_k7PeTP`a~JV?H9FPB*JmCXGVxDs3u8l04Dm0I1*ZHe|0@(hr<7yGiS1)Yv~W;wdk
z+drvV4ZBFb;HLIzsW4~t{Oqot^cx5(@bTV5P)d3uTiZ}uLF30<1f4%rMuZN@3Y+&`
zk~4|P2{n*(r?_rGjXPq%vWD{mstQs|m`r0EJ?pa7=}5gWyM1YTgwEi`qVM0LBs!S$
zqo-C{6zK{DyAN*LQbE=y2tccAsZA{oNixNEt&b=wqft4z>E`X4vQrojqfn{V6<pEw
zY5bf?MAid$Zv=-Z%dnG~x%)oqHg(G`CBu)E5M7#Ey|t!A2VP-QI*TGq^8=)h$(UZ4
zwLZy9n9tHLo~Vo<1P75-6;$(p`(!Gy(VB=d*_zH$PEi;`7fnu#qktioysfJaS9Pf5
zf4Pul4|9nU0<mi;OuZ{ulnk%!qp<YB-h|#`4z?^(i1}5}=NvkDZaH5Na^0%J=NRHI
za4vR8o8|r5cxA$rGNgcj9)eZG_S92vHzF*LCgs2ke9xN{xun&ma~^_4sTbaiknL>a
zVWF_#i5)dZ@<UZ26(&DfKEpTO+(`a7V)@9NGo@JcIYcj+9#GP@BBrgzaXgKCE|St-
z7=bq%mEToufj0*T+c%p_gOlfEl-n3d5(Fi`yzNM)7v@l^i+L!*g>9uwM?BFcuF4Gh
zz(c3%*VDCq_q_L&rOwJc$vfamNn2L$v6xoj%6GvAIzcbzPJrPz^Wn(6ZR<O-jE|9Z
z(udIAiEDz8uM2uY84o&Kv!}RkcXS-f$2PXiSq^$R+1~xn%w8*z*UncJmR^C!6rXqu
z_pR!w?zC?Yed7{i^c?2B{BVe+Kvp$wXFhO&h;w-*D-}fvxm|T>E;NAwaUd`BT4nGA
zmHZlprNnaKBGYO<|5XoIbGV-0_{tSi-Q4b4TNQZ}AurC$56F+O%D;eN$uLc1vhG-`
z$aJ4@rWLm28+IAH61tS#tn$!SH+L{6GF4lVF_Z;9mY*vh>iT|X!O3b}KV8HfZIEbp
zc?pD!55DF|nn`|74i6e^K%Y&&J^5cuDk)@pruUjd`OBRVR3@RKcb<&i-W5y^^-?9v
zF!JTS=7Oxpk&mAowTxw#%kLhG0JGzqRWb2oMDP?hl{GuKqf#+*SCQu8^;54r{K;iQ
zfI>EV?@8jqNl&Ub5PrdXWQ$^2X+6<C^<_1sBJoJHF(9^r%Y!-IqCF=bv1+$Fs~%nu
z_4L&F!T9A7p~S_i@D+e**1QeAmNx|VA%~J*dQi(2FT`k<7?sOLGl&!1;5)a=`%+Z~
z4smXX98=;q&kp~$u|8oN&9tp}>w%+IUq&H`#Ne=vHAkdIgI;A9EOI(jzqR-LDxq+*
zoxLk!y%FhlfYtTR(GTJ?dGA8i&N#QU`hP^b3$VGwYTu-(_7NjnH2bt~y<Lh6y+n67
zxW0i~GQ<42*%Yz-8YObfYx(M=q;x;+c#IpJLKX%WK!_8z9gpC|KEAWK($dZTq0Ajy
z^$5p~gH#JDcjb9=s!MZKc}gw}_J`@HmNkb=kGREw{K3Uk*rP*<YA3UzV?rnAG9n8c
zh0L(-dRwYO`szh6z?CF-1p8$sDo7fZ>nY~lAjWNR!O2Q<*{-h(PHS(Mcc%VlQITBV
z&(ifdVXbdlhp*Um7BU%sy`l?3;k~8SNMY1kY%2>Q8$(`MVF@_VE|z(~<@09?b*C$O
zv$kWbYmQ)gHnlz^mRDZ1G%WPsSULAR?c5)ZJX@x*I$&&Ro=AkL$x<UZsH&`$38`fx
zc(*4ix~K?wtsPnI4NcyTt}Yv*h$<S+1|gx<DZa8^&N#W*ORDnNGu5p0#+6D3E^;o^
zh7UHdx!c`SJ~*qok-idERdds<+YLt&t=XN?enxuce>bsWl9KRb$;kCX7?vh^=ZW-#
z$(22ENTceqm$s8AbK>>&HJbJ(k(zJsj;dFL6p7dii_Asc0?wTD{6{qcu=xp*iaT;d
z!#=mat5VlhcDGMyIZkd$JjKtU2Eh_t$nT$2U%gwc>%r1BIgyL&f{!MUn;6^EooTPn
z74X=)--p+y2@+Ygoe&pJ^ljDKlj$F=$E+A3LhJQM2`2^~rFaI^$h-tpm)3ORhG(wt
zf~VRy!K>&&Vq~d&q5g&Q4Ixso>y5MJ)vn&vx<Ba=BMnSSh!{T+5^;DtD{ga_gJ`8|
zspU+{)I?9Ve|7VPJk>d&#?M>S7<IdjtsVNHWXf=%Usp$P_N)ON@*{V-X5>%xRBN1S
zkU_b$7IN3}bXG==owKv@VMH?99*jv&S2{q^R+M)vS3=o6BGjzb&&_&`Z8%{o(Z<oX
z8Ws+{P;l(zf7UqAdfOAE%HY4^5dB(9fqV5|TQ7)EIxv>fy2dR(;G#{37?Jo5BJl@=
z;0&g<w{?Km8u}(L@?}L35qSc^+(IOa9@MO{f761*kgz?2+>!5u1_+U3#WSx&EMiEU
zoRofBeV2HhZn%g7F<qHfHEU+-B4>y@nkatyB*CtZ-H7`s6%kelWY6QKe&RtcnP6ak
zfh}-yG-bcy?Qt}9c~wZRep}~B{usV>R78Y^_Cb05J%Ya7h}h&R1k%i0<i+}Hy}4X-
z5Lue?ulwGA-fg-#9U2;&CJ+*3z03Y}DY@t%A}K|7@D<P($;F`LH~%3DLd63T^dR;j
z^J^7%;m`{6#OoJA?}xYcoM{ntc-I1krm@=Irjmq7+?nX4nQwJvUI-2bfjpW~sM}Gk
zOKNR7v(=n`#kq@I^SZtv_o2Xj`Bf>E{MZ}EHG~tf03se*k6MpCT{b^#@VJnsOlsH|
z#DH)1rkNO&P$qz>l%!C;<mv_g)3o9@YNOD!#+RbX5Rxfnw{21ijl5V){JG8J{ku3P
z)?1>MxGTD3B7*}MeR<QxJzT`B&n4!%Z9A{HO(GsF;mU)xcJ$)$)(CgDtGXM|x+ym?
zZzGKD(X%X)l~Gns@fnCX+T}qkk3;VK<D~b%0GDY~{{4nG#m`&bUV5p%dpqt3F$`UG
zR0niHr(jd-Y*gixl|!J!aF4rs!F={0cCM*->wVFwSXZ~2>k*Db?0a08a$B{v*4NPF
zK;rE<F%Wdz<(=U7z^c6eJ)A#53KdIr#~F_oH!{neP9%`S_HbIF4crGFbRC;@%e@{K
zFLbsbxjck#qIp1sFb?bpdBsBhZDtcr^{uB}TI@J3-ERq7&N62=-*CixK=TanwS8%1
zoPQFxWV{`c?owZ^8&L{K+S+{W=3p|P0>;AF{bMKtU@l*&#d=~J;D@VvuAC348H{_C
z2l1+E9%VW%XuG@MR@(O2vxx6!=PARr2R2?{edp!1e^E@*+Dg4u&bnJpifi6typhP3
z(2fy(@1!XVGOT~3*0OkPGMlN0+KR`1vbIb_3Hjn(bZEA~(Ebf8Nc`7`tH0RmHz;CT
z+mj0pS`R2741Tr58kdl6&hEkpOMFrnm%LkfC;<b~d*%Z9vqE=`AvXIBg<So(vA2ia
zO|Ww#)F>y$qI&~~D`mYUx}G_$=Dx7eF@3Kwb(Cvpw(3lS+%C>yO+`jm9)`Q7VkDVK
z35O0@l6GG$`L_|&9Cs~hY9RC8nV!BQg(dz93uc}joT={oZi?Gfa4`2d*Re`>ad`Gl
z$9P@yh~TaP?rqdIIkHIK;7v>~rZ%+ajg{A~WIq`3V189sby1IUZ2uX{g&ut=NkhZ{
z0>wjKEU~ZH>oainBb&tVZ#~XnBtJ5kjX}QG@&h7>dD8Cdy^$~0RXcR-PBcWoM6Z|s
zAfi<3BA}Jkklo?KIS5{BZM8D2Iog;UX$|Sf^UQ5!?(Q&F8*qWi17cej)g`49>mJel
z%~xKf*X>jCXqgj!0;iOuqAODnSaC1&_$!uvpSk>GO4X77X!;<@$6Fo<V8B|`H*&IX
zC=~Nct)QIzI5&7>p{_H$t5EQy+WrnL)Y4-xGHA}JVy}cfs5a{Mmm<ld>i*uA4EjLd
zCu=y>6AbuOX7v#}Q=y@Ofm>qmHC9GXzOqzlMH;FrOUY~XI{k=Q6MxER5SHMr-f8RS
z{3_Whhs7hTd`2##Fw4CY+vM_Q(4Y4)ZoH(FH^B*Dn(y+<IWYl8tS_bpJi2h~atV0{
zS3ooNv@{<Gd(lI&7drI60unMpO};*{-J5R%%#pXtnM~n>913*%KzI<zi#<JAxdpem
zv{nFb%9HtMe4~bYU7AN812c&Z=l`hJ4tmRC&XaeXywhiQKTp75Y)6l|(~1{QmL4c-
z`qliKNle$TFHYc3XsJ0~kEgc?oPrlf8-0aT#`ZR*2m3HNDw#trk8R5EPKjx1#6P9x
z33|8fIKKRrXELQnoQIjl_64tv7|pMF%1-j`*`bY%H+&?Q_ZA}4Y#i%xTv!Ut(8!I-
zj*cxMMBqnS$mE#@ujVd5jai-cwOX%CDFM66({CVRB~NQyN7ed8w4Gvid1F}Qk-A0E
zn0b*T+wKyi@Ay~GKyT|WuS^OHUGPlO^3P1Zwk*ti{lfPx+kKwf`M`AEJI$L<l_7e8
zuY)<+E@xj}$=20z!mqemb$<4o@>Q2RLc`trH|pTq{<8CVPF}3TFrOF5*EJ^t^vo-P
zT9^NSPp$&UTt!kF;XGA>wn^?6x^!%yXW>=;?SBlPt$gF$8)=*<^Z2h_eSh|2Qtw9R
zS&}yF?8nq}bdFj71IGFB19PvRjz-TL5|kN$osQ14H?98+M5b!Z-0Sx9{FdzXu9!XH
z{Ve}wZ^H4}FEPEJnl~!Lkl$uMl6Cb_`j;+#L2*_WzsTYjb@^g+zSzZ&%Y^^Oyo;UJ
zD!|dayFJf`Y0lgk0`BRU9{LCFzw!UWg6~Y!*;HkXzk0%dX4I1aoW;OO#aKBH_)z85
zM-nqFTl<pDplII{v|LaB8HRr&de;)2pYuMr*@kkeQb^UHzboC`6#ih=0Oa-Yl+UT^
zE;CIDZbm8zgMb$4Tt51tpWN5fX|{H<MEg!2C++%8A1EFhEKp42W}uqMu1erVEwl@B
zp88$#4BTJCCvAQP6nS@&e+K|n@&SN%E5G^;xcSWS&ow$%9X><_m&>7=L@3s-n>=i!
z?ZQoWA+;}g!0U~!CdiGngHW`zxBekylLV;|@EXw%f!-57^xo(3=Bn@q+qx{eqqL8J
zepze8)>Nff!_)pR_TD@!>8y<(rY4)Rnwb`DoLn+1Ej25rOj9T~ENjeiNpYz(EpbVW
zR1l~p+srM?vP>#6x0GDT1+8gH%Z0HNQV}W_6huk|5(M6Z1v$^tJn!$Xce$?lYo4b|
zzUQ3#-1q1H+{-yfQDDh_c}-5m%R7FQiSVPSJu3+p_*fyaUc{;T1#%MmW#l`|;DELB
zN7L)Yxun&KX!NaDNAxkuDsw{GQu%v-d6Op<ydiq2X^KNUc93yMaxs_A8kj|2G$)^R
z<>d>-O<u7lC<hv0lWg$q3GnU6&n)Coqn`X3q3#C5duqiW))Z3n2Fju)5cp4Ie;fbr
zAnVtCR<fmDlH<)5@=m-sWTRpWpsNH;izaGoKl#f^a$biyxPU6)%XHJIxN(u+?$E0+
zF-+dq5%_rvppu9#Y771oN%pZYI1~bT{zcR)1TVX@-mJBpt0>G6?y}_mvJV~R(fR(R
zjeq+y%luVS+^l|lN)FkX34j~5e&$V&9isLYP6`Q=J)Y?Yz-K<>zhnmi)^;*lIi;-j
zMGDS!^4e&X7hq{`v%YN3O2djNj`cPtK3o(0#TLUa%YCuKbc*)Ht|8p~kCB|GXrAA{
zLnx^2(*GeS?h&ItLzsNXvtByE^19mX&+BH%TMMmBaB`~bZHLgb!Z$;DzLc3*1f4J{
z$o3Lt_z`s7C6f~Qpk91fxh~w-R}K?5=~1j!Lm=znP>XqhbZ31gK_?UY?$O%zIGH-J
z>tB!b3q1?f#vVMqtNB;7B%^Cx6VBd?|IC9Bzl3=3tRJCuG|7MBxhDb39eeloFWm@N
z`QC<!k(7E-$2Iu~)xQI1#+KE}eU58crcj;EsJ+fceb>&|GM~fM6Bv>Xe|bgzyHs*9
zUd<<D{=9Pl9^xh#CO{{T{ni@HRKx?#8R_1(`t>W9jBbX87zMh%yQoFTh@*<-Z-Zg+
z?t0*^C?Dk-#;z-ZDo9!Xy^KALW^)s2lTvimy|S>#Mhsp4SxO&E0tu!e!+n(yNNtf)
zJK2xJ75W;~1k^Ltf026JvXn*YYl2Vf>)nyDCVN<M?q<;BVNwDJCLT+gz8FE&55tZ?
zXAe{=tY9L?Dz{5`$<GESpyPQRLU<r$ssH5rCeLo&G(nxG{_hMNsUVm}$)RTmVyal#
z)H=Zg{V-bMWB$vb9h3lGSVPVT1zT*nIP{%&r{_F{s6^MOEsE8!`?TMHco6b9RAH<e
zJ#~yz>SM1YFdv90#2FV1iiclYrKn%*!y)QE8nZren(!hvNm!EODKF#g?>F9mS>ijE
zPLPjxKx6TpE{X6ePmp#i`{v54&e#sbB|?kF@+}_q$zG>XAC7Zig*r$Wr8g@dMsLD-
zTfd~tguKn{k1kV8$kOur6Cn77tVjG7GB=?aOpb~W9HprBO^G_-UK^EZf))^Zl3CJ^
zB0n7iUJ>{R^#9-^qNDs+cyebqOM~}FV5t=`Zz8rdMKdLe1OPWkr5>kxzN$ww7=Mh0
z^^SPe*vlxSHV0;A`$<Vh8qmEjEO7nHNXe*jnU9&|$VVfQI^<+<#y3TKZBL^$zb%&{
zGsZxlyegEt^FB%N!ta$o4*s7%_B3<*U^I{7#m9IiXn8Y<F5IwXaSt#W)r}jGXhD6c
z&e(o97go^qpp{(%lQHSiQ63-9=0=m`{+#Qc*%A2<opp#goNL{B6<J8<4t+9fZMwAV
zQxZ$u;@N%QxD`3{RNVd-R*y!I_pxDE_aFY}K41h#u|ca+V)`CY#QvSh6qm-~d^~k&
z{ijjx?QMMReI12=%!YmH{4sa-FFX0wH#=z*3Ddh<_%bU}SepTT0NFW$*)4b%%o0zI
zm&}0ZZdY1Z^zLaE=0kaQ^iC?4S?GdkC{p{#!0nEJc~%DS9|d<8{h>|S04+FeVb1b?
zRrtEOa->H@>#Fn|xI|=cD*O?d<^I@E^dsbhiPCdq`ByIlp5nTx!gUOAOe@tBhR6J{
zR)s%e6vE?<na0&V%iiN$0NKVjT?uzv*7C_@2Z<U~iQ?ChH?PJVZru{)*Kv+w@lM+{
z0-q@zSPD6rvRs8eIbYEyu$cLNJbT*{%u6(DYw1tec8p-?0d%-S{_;eYySxpX?Y=#|
z>`AJhblSJyVEhC@8H@%K!Q2~V*g237ZGB1;$UQ#I1Ue8|(CX!KS}9W`TxU=C_;mr8
z2Afymg4O34)KHE2mSdKgeuS1#E)yG36b9!0Cfbi8%*+x0wagA^=VhgK#=n|w_z@pb
zF1O#>9H#JjUgx1)inttFa=8I9JoFT(dT0Y0X{Q@eLheBm?(PtHUAAIdIp(k5Ar)o2
zv}%W4W1?b?6HKRenYQfL0v+!ty~L0*#^$8DOd@@==_XtOzktD%6_%dXhdeH8RASt^
zp|2R1SxAN;P|ZBpT>w3q^M(;%<AZg`WP)+`h7{EJBLw}^-I=oxGZN7AoJcmB8YY&D
z)(-l{U|QpxNxOxYk{m_?HgNr1rI#h)`PHJXd~x6RFv+_;+wMKL%lIA=Yp*hFgXxAX
z(98`s9rrWkVoBs<*4;p{b-9C)Kq(4z$e_B|>oMnmG2~cZx|sptZoWlDV3jF_8$O-|
zAMc8xzS-Xg)hrv)ppc(mQGXYzh92p7G)UPIyrHaR288LXQfjBaEA^1qJc?%%nuTe4
z#uN>{E{deECouw68NsH~7E&d>QS`x4%~p73?g&=Yz`|72my@w*dJhvT7=PZ7wjoop
zzxk18&b%{rfEht{*l%|m@4Dxvrx$1J+{t;WB>+o}P%TwowN%dpTMnPKH)6wN;~}0a
zCE*R+%cup-Dy(efkzUPn_vy$L44kp1Q5bc(o^s=^5)0wW!C;%UMyZGSx8|NP;Vdwy
zVqq|(tIR5DD7VXV1Roi=YXGW=q1NY!?q4&A2-v}r$zuF?B4+amFohpgQ_!0}1?Xji
z#0t1V<|gBH31FYeK7+i3wZ%XRWW8ZuCw>S1#MWe=6yo+|=FiMBf~k4R>ux$Q?~1Xh
zm1j{r$89Y%G%dwvQ!xm_&s`V_h!lSP#$dMk(O?+ry79WJU(^YG=VB*T{LHLwc-=8Q
zOOc;cG=kjSf#L2mJ4}7Ut#~@v?dT|AHkY#ZgB|ujTw`MSjn|v8Cc<$~XMW2L4ctp!
z3P&wJM7v)IfuyWd+WrLbKWx7<fl0nBsI!PZg>^P_+fe3$JXo{zj8R2nc7NqK2Vbef
zHT{KBl7ahBrdQVmZ=#`WdKWAfRWgsHb(4lFo^@8%(UAlLz{^XvM3eGv?-_}Bj-!vC
zw!tukGp8d%%zq$5-J$J5b>JV&m%bs7+iIAL%QYWh8Xj5vQt*i09YawgwjOi~^OtaW
z(Jc=w!hJqkrWU!RUOKCe7GzrnVMG+=kb`PrL3OJF+c5iDG#b8x#2TxltE1Y=FVY2@
zn4^^LjPn$%_q)>tnEX--HrM9PMGPi6@+t+z@2L7?c9nF#xvd(I>%ethk4TvO;<99a
zR+Z;?S9B1<1g(F?oIL~bfvE!Pt$zpW-(W9i9;Hc`8i_BF=oty*sJ^lddO0%8clxVD
zktC?|<!<U<^E58i-MSak)1qAlP$*5ZYa}3Yz^_e`<s81%POW%!OJad@IPeHY-x#D=
zJ;5a6aIA4fECID&+v|Z%0eK5H=#Iz~V4*vLE%c1z?{P@V7uW8fA=@z>_0WdBy~iSY
zFo}{1a2s(3GZIe9WTGshn`w1X@<ansCZpldcr7Bz-&|OgBbs}gp$U2GszUS#)xP;^
zsK4NmXo!=r()}2>h)D5Eht5oZ?Lq4vMhpptIyk1wFm@V4HXOOammi~G=;Iv$7AY}i
z<gg*%81sfuQc^M_7$7Z?=Zhss&=Fp6kZ(*=!h3Do-{3t`JZQ^D0NlA*^|&sFp6i)U
z^=)VGDqRP!JuKz!Uf`cKS?kQdp)0)vT4QTL*~}SuZlD=q$NQk^lKtAi^f)5F<g-^G
z5GF#2ZDWrAfo;Tjln4N(5d$+NATVg%Y(Bqq5J+tIK72i#zgVX~l+`}LhA#E=x1&_P
z3_}25>pW3Kui@()B{CY`4^r-W){8clNdbQD{l6Q7Z@M%VgSE2b$rX&p6E-p7;;(}_
z>nBYq4~PggWv3q&4)Ww2WFFnaK>E5+l2+;WS~<`We<4^*P$dlV7@>>_qnLw#^F~{+
z$M1-WfDTalXGV}*>L+UI$56gPbd!r0u;Y6=g(C<+9iLEfp9&ax>WzIe&8b!WGE@e<
z;k_by`;<0>T~W#I|9m(;eCRb1Er4|aYE^qhJpZ>0t&W=e^-?LnwhMQ^AVxPjt-Er(
zxP}<k^9o7)Y`JLCU<aw|kx)W&WR3%*Sg4}W{;0omh+?Y&&=?2|s##5Fs+Z%E!s(Fj
z+A5s6B<Hk&SCBpbMjd*1;NwVtCGd44yAZj4%XGBTt5Tk|35y|)Biv!=3<%U+g$kbk
zfeLzuT{nMGfRtCcZ~+H@Ux&=p+)KEwHPN?|<NG?8xvjK6(La8I6N^ddt{G`9M{z2o
zpYgrQv#%~_cri%rTv4iVe8+#Nv8(3cvd=~`VT47ykz~Q$C1k!iFI`d<v+~Hs_X@XP
z7+~tCFv^(mmNll7UhSh}N}EhnpVtqfvj?g;tB&)xT|W~4#qw`0FdzQtDjv`ClTs^t
zX@Z#XF#Y<Ei28{T|3vkOKB0NMM8b+gJ$QBmCMvFJ!(JK`45jq~Mi2}bffbE?I0^%S
zbgAH`@INq(;5CSK25=qxbUr5j3e={+Q?A8((~X}P;LBPIHzLq8k_;rvTnXo2fTeWj
z$Mj%@MO6PVyc?+)4$?4F=!Q(>%RXU9mES{dn=1WLRl(o<(dpq#;E%2Ve^l)Rd-_?e
z2yMv-`hkh}Oa1HC(qBuiG-(j@I<3x45p01logvF(Omhbn4hi1>V=0T&Gug!PAy<l+
z8q$Eqz(*uZCONR(5a5z1h>Rg634P2EBBBA|)eb>M5`#}M2m@#`Y$?i6|Ii1ewwL9e
zhS$r3@ejA2oCVyQN@-oDE3G2-`!e^A<cgmNlHV{X9rJFuy*c3c_-<&A-P$9mhiN`K
zLHQ>})J&6g4S?^&kOr}{^I8LfP7+VUo9ei`SE7c|y}QD{2fY%iP05|UDbrRG+TeGd
zIII(c*q*LFBWuCgNe~n9&YC3058Q(;R_NL4Igxtt`=b>c2-pcGRPc_up(KdQK6wnV
z_eRzC|K`a4_I>pu<1;l6^WVplMsjBU4F6ppaVoWxZK|Kh?B4LQjT^x&+W<OAO6jfe
z?wAq{O{={ujC;M`Pr(C-!vKHnRM-fgj=#40V_#IMllNv>%whgbi?xr^Bu*N0@_418
zE(tc3GxaN2CKiXd+2!O`L1ohLQ@@^+OE3J6^)|{z+@%<SDW<EJ>GY5tszBhcDF3%n
zD9_?RSO(om(CsLc51-JELo_nU5ui1Qm~2_fQa2hePLfD<=B_b8hv7(^(i2&nn^qzZ
zjIi}x<Mm-4DcN7pxDn&V0x1PYZryl5VOZ%1bJ0wQb+syMkUA}2QiV>ewbhq=S=SUZ
z-AOS8r#rEH?Gg7mx0z^HRGv#m`-J=QJ2FXG1XdOz*%WN|6GD`efkrsq3g+)KYC3_s
zG&%MxZG+{gV+My@;9tSV+8EzXlOTsENqv5Tg97(k@QU8|PB7i0^FUyyN-J63`<pTS
zQM;!R`UNlxPCS5Y*X8c2aX%kuY_h>QVd>~6_!J~m@U=3aO)&rAu<kN}PMn={K6E(g
zS!Z(PcaX>MbS11=PY=EnsR7k@8DgKtG%C8*A@9JiZ`X&MNbRq~O~fP;14_GMjGJHY
zJ$RYnNgZ5f*LuAt1p?u#a-CJvC%f)WYTTDCy2^W`vHs1n)%&%vL<g4yw_^20<HgTh
zi^Tn#6U_rkpWEpei#p5VTZ2-x!b(?n&jp?KDk~(Y$O_1SbRdpvsCRy`b`bU>=s}-B
z#Nw{7XDi8OZD6UWXca~ZjK#)>rA~L7U<8Mgw`^Tq=mM3{K-#D~`ks`t#T;B}#lsx8
zo&kvuRCy8O>0U&UZTXD6r0@o2iF3lt(q>(O$9eVj!`K=JHB*pRr|F+oVBb^1mHaV|
zz$Lu?`li*~H$+ref`?;AWQcYs#p`~KnDSEC^|$pjsMe#iAOUhkZ*usY|Mx4_?s7eN
zMg3Q|Be!Mv{14lt(oD!x6G2dt`bIaWdz|t-m@%AL8=0d{b)$@My-@_6=XrJcSkD8&
zLuB>DK$u@-C{UWUN(BCr(O0A*XMw!-zd7frc8dR%bN*LQ|5h=MrTts(`Tu*->SPse
zbc}!#w6LVNNHQ5r{JlT+W1^YA)CL04^H*|~seTwmDJTQ9p=smCuffC|3mn&C?1`{&
zs&KJAjiCzw)mRCrmStbP@T>#L{!)Q|)48stPf{7#<gxyG$ry>nyez%U;jQ!1gnar{
z<-C53{u=i{vP8cVr0eyL_<vlJDRPZCI;3`DWG<-xB&t})!LO|2r;}rx-ODG2Z`3J5
zuC)ynb&_5_xGzH&R89`40&MH%uaU{jV}5GT(aud$8A1A_Fv^DrU249leFvzpJYJz(
zN8I&k>v&r${&g3$hADYYitlyTD*gz^PY~ZxpRN4oA=Woo;6*W`cRb#_O>*BF+|9p3
zfShztigj%LS1JhPDtK{OY~LJ#m&M>FCdEb6da)u>4M7YPRMtm`ve8IqS*I;<Q2SMh
ziNA@f*^`jIW`Yg=lQ^ViGvYo-6m4Gk&r^F$<fvJXNI?<1Ybp@8Xi^kUzAambu6yg!
z@^-^`&e%q0EyXwOzqtlT%3AikS26fWisxZaKRdZlMHZea8Xvz@?jY6$S!Vkg_;srl
zyJ?`J-sh^mCj23>ZkGNZ1X<hT|M{<y&)Uic&G7BxAVU~m!J~*J=v#QxTI^U1o?Xb2
zP4Xv`#AV`|BCJn->%n{$xn6#2slZqeEQkRG(OY+LWj5W%)4G`wDNOQv{ZVSf<V%Y>
zS<G0(BrQU=yC(dq|Gs&J9lFkl_6Qcej*GvBrI*lg269t3ox&fApoP!g<s|bhi*<Jk
z*ikxHYJUiM&_Pg?Acw(yGVa)`z4#JTZP$Gi-mAFhmw5=u7S1jT>>|@<ki(s9Ea9`&
zIZV3PXP2U0?)Z%j1!SkMzD*N3FQnop#Jn<)WLDQ{KOH^7R<C%we_o^W^+PG@I)JXR
zT`8Mih9T3cx-jKTce>f^-xpT+R_qud=5nCb^0JJFJ4qDp5Fhs~Z;Ln+P9bfSuAsTH
zVOQxMdhEzp9`mlWOW@IaaNOGnWz+m1+Hx;H<$lZ${RPLId1N|%)8?{WUa~sdW5_3I
z?OPiv2nQjLa}EF7IJg{8A%4|y$T!>~gli57Za@7YP3=R5_Yy+MVD~&rMuaD?3$cyY
z={<+FY<87}_@+2`*mu%@A3M%{%RMo>0891gJwZdQHwJ{YoXUNW9CKghzF8F4o{h%4
zZ3-_N5mk=p!8>qc`$e?kTyafxhG;TtP_R!n|2qiO_Zv#)dDgad*3yv<XpqUTW+5Lx
z?D}wrJ$!n|$tcjVrV>Z2>+0WilI_O}rmo<fFPlNk$P7TnVP0Uj9TYD6HHd4POmL-p
z>LOG8C?iib5Zh1N1kL)(kt=NzjM#Pj1~Q`+ENj}`VhIBm*(c@+(n0C-p{hWlJD^NX
zRIgpKcOGgYCb%W`I|sFSt+nn4{>)VS$UHQ>S6+51b+6>nk7t|bgG{~8=w$K@6cZU_
zGE4Nl!+qWm+#N4^-Zej1Tu(kyf5tdywykFH(_IDv+$=;G=6;fQ2tMu-rtEij3hqXv
z8R%~L8eFOng{E;Q)%$Ht$c%cy*+kb0qnnbNmuW0NGfINEsGh}z=KUoxm6`{cJoKpd
z-IP6YE1yeSf%cM2K10-49f;;1xhd4-A+3GlObK((hIVWv%Nx-FfsWhwetdC0TAP=$
ziGs7T3Yu|}{WUyNVJphP=ySyv=HK4EWbMg4-B-nOiiOF&uFc$ycQyMkiCLnM8g+jY
zkcwe=moxUUi1WaeC~%~Hd_J-wuA}4+BMirj_o|D3SF`b&?B$8ZFhp|Y)4Mb0S5dQb
zOhekLIbL#`E`I;uvbkt!<)=A`Eg06EvU2t-dDEu?^1DkTY^T&h@)3W*U=mMUlhfL?
z#fT^{g|miB-T4fe0T+9yP-J<{0F8|vXmLiOrQ-{W_d(tUd}9x9=%^nxO{U)kn2<p~
zBslWd+s5}H5p9vKi7(u#X+PPSYKJE*2svog6n3<Ng_VxTYbtpZ?A=x(`BPQ<1`&e8
zsAQhl+n_sCW}f)KK<bhB9P#A$kVL=zM_t)H$k!QNP|@qXlGf6Qu<`{3RL8D6w!apA
zjOI562cmmV@M1S<lAmwCwJ(Ats(g-jj$pw@5d5RYshc)J9YcL#p5+J<p_M^`oMfvi
zgkL?}rmagZSDv1iuX%|4hbCreCWZjw$%(LW^<N&C?g90mO+yK`ng;qeF&Nm=y@_0d
zC)XW1Kz5$*wDn36<f+rKRY{jf;83x}51McmbVC#EJtqGnIhWt$bQ?*vxjnAQLkNXl
zJ&P-!KS?7q#yMDrNAE%?k=T{vv{%S7qA1yv5}^KVk5Xi8r;k}0vJ_E&$4_WN6KZa5
z%0B79!J>197noi;W1DQ^ojfbxWt+pB&O0Z;T$m5rC}}Qv!#yz(X>lK!;NPHDXi7#1
z$*=Jcf79ky*@;BLq}E(#-U8@2N6M7q?ae-*#{JUJA~vNr$c;ouX7~e5RplqY$_V9d
zbWc+(oMrKfhFBpqc}TnavFr3FrUNU(&sQ{pH(s*$;8_#%kfH@6yrXn*$rD9QNSP<n
z*wctLNv?gOAC~Z&aQ4bdp#^e=^pd(!M_h&YD8D<#8$IJRMZ!1jVs&pV-m7MZzH^2`
zm>lYm3|0uTIaW<$*W-Re%y>+B_rR5cQ#b(4Z$Vgst*}ntAS_{ivI(OD%KvVK`5$UI
zqDpYy{2c<=wtdS+VkJ|v)M8E=8pV3;kC@jM+(5faUhgAJPAc#;KCp)ub>d@u<^1zm
zTAqo1^}GeoLIt}mxB4yZ(5&KPFsBVEXngsG^#w~;Z|(k`@_~MpfZzyTXJa%V9~j^8
z$;ERLn!TI3lv4o_Z&q~76h2_t@+qqhMc81TTr`iEy9QBz6))VkpiI*nBkAnUwn020
z+8jKIsrcld*s}>2oK#}mGUtp5nwQxv9Dn}!P*8Vk^$1#kYv1E!_G_7F_u705zhpnW
z0a{wl_EUpclmDCK6&c&=2R~IyWZpClI{RHvqu5lq?uHPQ3}qg;7g*-jnj<|3YvybJ
ziaCV-rRKjwazroEwRqC}p(GZgGM9V=@4y;=9<GH&?jnIx$RyEmhgc$g0K>nD5r}vE
z1F!O3sGeEz$#SgB#FJ}!W1!N8;vmpUyjn#i3PLkG{Jl<;u#*-L(Gf14k{64`r?PEC
z3Cz3LOu^hc7z#4Be1w8d8R<3PP%4H7Z{9%@a`Jooh2{eB(dSrANbC>a+V(THj`%{H
zGtW>&c_g-YAsUoE$GqTSz(oUEi7!8oyHI_I*ISVA-ny028L>JpsKcWZClX#_fstSE
zg7e5JeUX~P?Wg=GqAa|xnP->e#qFZH9t@S=)7``r^E$Y>ZFRFD*(!Sfm50)X_cRVa
zbR3cUg-d852g@{n!bJT120`_H*fN@E1B!W31UR?z)x6{Fas5J5%CjyaA^%Mj>Ly;D
zV{VP0Kgq5fPWrvAq?~?<>Mr1bDtXy(D27uyNKp&o8$Lx7!m8gVZOf;-`~%5Go-hhL
z{_(h*Vth=3c)^7Cwj#A&Z<7aP_jb#0)028d?2Z`;40ap3vUyIzcx%1*cJc-Uf5Ade
zHCNr;YPSoDI7M4T^zGO~hTWmNuTrJOL#ADxcp!2&>FEB%wvXL~qU<qhX&EoS>F&}S
zoy+<L)pjx8-{AhE4+o80@(#9oh8iElIdL&<Q6y^*7qcaif%+Ex&=gwP;pcbJ{7Kf+
z+{$f}&rD~zvwhzsW=czfC+p~UvAW0&;@S76wjtwIn2WEb#(Yk~yO80)OhxY;vs<#}
z2GIB8{hww+bXC0v(>5blTRs0LC)0S5rd4obuW(%RU5ZKH{i)^8NwB`pA*06{vdK7Y
z<#1fT@a|V%S4d$ZP$Bab`?R^5W4b=y^PF+RQpkt>-!N`y#U3ZACfZc&OM&3bxPQH#
z=b-J|NVz7l_NHcN-AN@6Ut376-R46Wifs}y&2gASAx2o{sjC=qV<FS)M5PT1)C8X+
zO%%gz@Z3&e$kZt~^Z-&9^5$EFai4mE+w#DH;DeeKjh%?WX7qSG=T54Lh?$K#^+@#m
z9Fdc>l|mjF)~csCNNgmX++mb;ArnRM$%kIM+MwNmBo;|&tl-RNNAd#C`oV0tn|_20
ztNP=<0=yvqjBU{Owj672^xUS1N;;msIq`wBO9Tv~d6nKbwS$gE_m-}W{gGO^&4>P^
zd7G2(K9o*70v^IDdma(dCVNTV(N{86Swr(J<tYzhk`aW|{CeufL~<<+&Hj)f0A0G3
z-#{xD{UxIyGO=DVCx0UfTH*AmM-R{EI`n{6jQVlSr_tTnOk9x3TDEc$F|vuu-^qIp
zo_o+swEE>zb^Q-J1!G;y^h0V)>fe~-SjaYL3QAE(?!Ztd@PViwo1+nKdB)^=I;N?y
ziy{E>u8xYI0ZCc)4T8Q8n2Y8L(D^cROKEI3Vm>ttg9dlylCDhcaG{-km8oRBOX%lo
z<~(Pus3a%ml8pqD;vi9P=_}Dh96aYhVq#k5M9DCMP;XWLtm~!^nvkqTfi=J4<`zB&
zS`|A@t0v@cY67%}ilW2l(R<#{cyq@N1DP$%K6Pit&&S?7o!ooyyR90_gMZKtQ@g0W
z|K#HDW?nLLJqB@kToQ2jmy<s*sn4Pta|=Dve2}OZl>d_iIr+~+C5<6Zx&0KcyPyxU
zEh<kyBc@)o9!2Hjej|$HJ1Ho0YjW68Uhtp0`x)%c-rArOOE$hAtM@F*-THv!%D2=-
zNxdz2#!ihq_|G4uVLGBTs=TX0hN+NAekGd~5t8FZ3`fh0)2F;ZwHIh%{L7HNe(AK)
zXuCNZIYEJ3Y*cp!4d=*kYsF^Uv?9U(i0Ii;Czv&J1bK@d#dVaq66@-VZVCk}(;2uk
zXsexd^g|KnUs;V95abKnU+)_=&p^1iR|)>S-&L3W3iLs=SN{fvIgrK;a-9R&M#y^V
za~^b_IyT**AyRBdHz84rw~%4RBJB8<rNr<8)@6w`CX0UQyzSb_M*2F(gn4{dE~dgF
z_6<=0g-?xq*wOwk@s2B$JKMOAQsQOsztodP%PMhJ1FK}k2>MZe#cT+(&c`AVj3VyS
z9<WvPYkL1s!Hin6*CKgr6H<`=%ft<HZwqUYHoGhDCWj1ae!A>U26t0wn{EouoEN>N
z?bCVLX!x+Nj-DKkM_BNh@(d?Uyje8{4NR*MiX?VPk(^n0AdnJfygXmpR~L-*H3VyW
z*oZ0v^1bcSdT^aRXk#Vz@8O!l^^2Si1|HaBkryq8Cr9%raQ%MI`Uycg-OMrTcaagb
zw<|9<ynMweBE1;(x=won%G<z+c!XlWp>pCQ0r`epist49MAfig{i7T)Nw$u<!P3d?
zBl5<`;tRH2E*g0^8;L8<I!G_=ahO3ANpAGT`4FfK;RDRUXKDNh?tST@zQwD<9p?2n
z#*jacl~;djGAprP94~r$&QKn{VbriT`N;oVm*LV&)mlt-eW5P<hS5Fj;;KuvM{nxe
z*-YFP!ruGTua5hH?)c|=REsyvbzgGUYuauJ7~9Pm_x-ChLc!4~6*cmP)s#)%s{A8u
zA&X+}O+VU)uLqq>rt}ttW<o8`Rs94Q_N5HFBC>V@1B2x+c!9=p=Y9tysjohff^qTJ
z5?nb?6BKS+NoEmS?R4-qAMYKyFex&7N2A7HS;#7+iG<CP^6)N_&fLw#`FvO7pnUu_
z($UYuJB3S&*5P5~x@Gm!r@1adfsZ$R2T&K2s2&r*S_jjkug?P;`}l}uJDTh2#J!L2
zDW~#M9-+*C?dN)j_iQsY2nYB!r9H${THVf`V<QXfMttjuPoB`_lLH~~t^|r`Kc-{B
zC+lLt$9^HaJbPBji9Shp^-%)HYJe-s<94gtzHHledukI5^7&XC&4IgPg`k>2k3Q;~
zOQdT<Vr#xVodms!>I$NT%(;g_IWZ>Bh{q-x^~qz*x{QLu-_nve7&?FOV`Vt*nk&rn
zIE_MZvRv%ZzHg5=i++4+2Kbh?-uf8mPBjBKVRieI0k<(O^247w!3mEydULIAP4JgM
z-iE#WZ?!Ih>kH1DjrT2B_7Z~|Acp_MO59caLRwxPUYhbKKkKszC)*1DT$WSW866&i
zM?DqM77SO|ND#=LKxhp$jZ?<LtabDyQX2LXL`>N$Ce}<srJIFIlZGdB+gTIL`gi6o
zrAKr`lmJX1hB|atv}QNuf9}rF9*9q&yinLxiTi;V{x+j}gO7ZemNdB6q5<*IR@cRu
zi~WjfaQ(wB?PYn~J*TKq3$7t!_~IP%hHArKEycekwt2(GN<0WK`42m#W#VN=pDib6
z&v#WI0lut)KodMby0$$T)ym*+<3{}2!EOuy_322qFv8*4=7~5&h=kD)9rBNcV`HzM
zgIZkW*%KPUgQeu;R1g+gT#Y6Kr;Odua&^id>sDXrSn%`PL6@_`6n)t%Sf*<-wC&yb
zRdtQ{x-Fwp3Yl;*AqZ=@R@YLj^9IAHk|JJ-`Nh`t6J2cDKLf-CTj6B<bFHS=dfpcH
zWBa|mC0ddDEJbm`Eu>71ge#c~AKzu~&@JLt#+q8(OtIb&K<anIbAu#le15ic7(4o6
zq0RP2W-qQ#Hl6~5O*GTnPkbJb)DKi7Hm)jM6WHna3(MvNfPe?ewL>V^jPAAX?o2!Q
zL_BcNSiQ0L$aL=&v}Etv`A2UNbZxdfbw=Aw=HNF5xHgoq+2O*1X!4mQMK^f>>oKA-
zb}b(@ux7(ieq_A^=4lNx+S-<Dbpd2v9g1%{0F1>({Q!_)2IObcbKd+l>T6JTrQu>;
zRa~4iWwV^rgDA1pwR1+oRAyR6Om(o)KjhZFr(x6k+6>wT_hYHu_2p*u(gF#8dBkmU
zc%_~t6)xN-uM)&WyZDkBY%h4S#I#_W5lrMA5x;3C*Q!6}7f5XVH*7M(wefCt#xefv
zpn{tXTEClkTjWIl&6#E!t9!Lq<RN2!4b9_mQ3kDSZ#B4v_k-S4F@s!ZPI{8*Q~>p-
z40J69`_!G1#W$Dak1^Dv_a;~oNiCVZIA_jL=tPx&ujM}@bLf&$kM<-Udi2j={N!Zs
zg2{^NqdpdMxQ_Uq;b!_My1iwf+9T(5N^M3HD!%yUE5R-FJ%00O%pUd{YL9bPJ%DLU
z!^8NcqnJJNDp_2@a{6ga2xNbg5(Fkxz74pt$K2P8!NxzHqf!8tQUNa5o}@bhEPd?!
z-#>L;GP8CwKzN9sw{ja>W0c!?_oufN3&BS}yi$p{PKm;c5+I}`pkXJkWhm*ynC}-l
zkzq6|Hca7nYs;0+KZ~z){`UHhkp@6d-sbcx*-yNZ{j5@-;kOLHJj6`pci1&w{En&X
zoDW@!0b-B-|6z$^JwNI}pX<@%KYf%Kc7x`QBg$Ei*ePhxjvp!%5`sLu`bB)hP{sdG
z@7n{m1pGVV-#`CXGXE;Uzvl5T68wvi|GI<!=N%=|e#z)Hyi}0O!hVzxaFTN_c(Itk
zvYrqHD||XZ!N29>{sfuGg&_SnMyQj#dzv2BnkQ{9q2Z8n0kmoXaN~T$7g|*+QSg{u
zm+gwOjqc4%1@FZzoq)ZE%E|!Y<-8DL+{-_{phDw7i>#$g$ghWW;!@N-If5!GnsD(q
zMTa$nNm7!jP??fUq3@<5-#zcj%stlrdTSI6sd1?fDSV`P=7IaKmq|0gwE|dG$k=D5
z%!Gt4i85mv1!rq2{sRw47r(g9fLkrQ3C8#!?E6B>f=89447FLkb8$pFwXu)u4Z_HN
zyo`@0)K=!;bXSWacT@0nfRvsT87dP6DfP-kL78hKg^=u}_?b2Ko;J3iAwvFPC>`rF
zM#jsfFOXn<v3Mo39Q&kXmR8FWhU3J~+hU2s7k0}=N%hb;-=^$0eS`aUgBgAe!ObV8
z|6(Hl8u6oJKH=;O>4RHI793O+sbWgBNX3r`%3=QYqboFO=_EZ@E)A5}j67Q%+?(VP
zy4S^U;zO^<#SdJZ_gHd8$!(kbzi?X*mnD1aWNeF@Tkai76<1||+pE=oT`Sw4J>uHt
zC|$B!&7g|65HAt2U?ag37jAUnbqbe*M$eNKUp6mL6se@w6cD7GPGTPEy`gUD2wzrF
z-xVQ?2D3H#FY4#02(Ta@Jd~SL^P?gcveL30uy8O<kN?y$z?H$jhbjs7zkjZ>zJDe2
zug=*0s|5dVDM6z)OZwqmE_g7M<ca+f8ACpxzkzGbA7OG){RAvr4%0Z>2M*OjYIT*k
zXgTpUwK1UZHW2G#rEkodRQg7H{b&VdLv%frnT_9YO6a|tYB?2srx+{UmZ8#ZnYuP=
zD-t3n8<g>9R=N`WGmHX%P(bVBUX@#Yp>(UxOE#VZ`4Gt4NG0sD`;;zpm3pQk=!blG
zr1V44qe|zsD4|&~D@d%*|0ByQx^~ePI{8W3u;q}e+>#s@NLr&lF>>xl7g;BAA6>pM
zc`=xZ-hWRMcx8pF#C8y5AK8Z88P)IPoq90&qunxojYC~fSR8LtRagp5GRb4%@ugBz
zvxN!mA59zNWB#)DFC-aacD>}iNRRZ|+5Triwt$J6Pfm`sY-P#by(ZL63JaH7{-$6n
zssz<ZrC7P4OD@Zog}H9{6J1k%$A8AQ@R;3o4PBkr`|@ZK?F*J5k(X~6+K#E1nV2E2
zHArD+pi@A(PAV$kr)~k;5xY())=a)qYg#VZa$aZ<CWq4vyBU}HCA5p1qPlg9M3#$O
ztl>-cx-hmx;SkBtxra&WmgqyNZjp_7gkK5*3b}5QtdE^DrmKd)?+Y)WJuvFq^)Pk%
z$D*4r*{;2KM2GE#qJ&E)sakO2Z3<3s(?2FbALT>0z1qcBlqOyP<$f$lS27K7xD05m
zq9}LC=wA36!i5>5HZ<>r_Tk-%vfH6#FIT5q-4~Ze5e%@x1}dSJ?;2eH9Y%0QUxW)`
z597e>$OcNKK1We<F_6)gYQtq?Hj0mxI4VD;<=PlMOFuE&@NAZ4s};W}8o!$YuM^pz
zMxtRuO%e6zQ7gr^yileb4=T3>d3;F}FW8dCam0n~Yy0zV_Ab}$+v*y;jel+o1Kpu)
zr{)a?>PL0Dy~8~D{;-5mMK-Lil38}>ocamj>}A0z(Jo8e8e)yD^YiW{W2tOPMG8Ww
zjj-9V(jVL)R%@o*G|OS-rX?lY7UvTd=HHyGN-^+0we9l~R$ORvbwc73t%MX9wlo-z
z>Jg4ae4OH!IM6@>#fNo^wQdk+z>)q)=Usr))w(D@t)=>OOR_Cz&2sqD)5x!)IqPve
zG7#49cf_@IvTp~EeD@-Q?u|{3_jT5Rj|8}GcccW@4P?`xO=-Ca?V=6-gb^E1?S#Zi
zRHpMrY2i1t611zl@GizQm25VuAC<18cK&t9^~rC>^DV{Ysk9QIwdwr|mVwK>e8ZD{
z+}DkKQvev(zwtSZg!bK&@w-zz9;9^(k5H&-*8|)Dr9brZ!u4(s(j>lHN6S+^4qWcm
zbv^h}oa?X9ID9+@t|Li1l5<IY7l1ah3icAGYe>(27@8={{@Zt7iL27nV9~F{42=VQ
zLVEek42tAP{+P$YT@)8tjRB{|OOhYpolL4LL$x^KBNWD=BF$P#+ytuJr_iQSEXkuh
z_3NZdaaN9;Bm<iFc6jGvXGS-iN@X<fZD=1W+YD@?TlJx((?8@i{?Jn?%0~7t0B1l2
z#KC6!N;1DgJdAmIA-<=JU-wCx&I73GM^rk7+D}Ty5M-}k#hX)fK%dNOLlY<);93h4
z%7v~l{N-*@2!+MGO+?9FHs&hgq2|j<v(!*cVbG{=s%#tvKk{t$6y^;lS?)A`_@;(H
zD``G&?Cr8TKL8xv&yQW{Un2zgcSytrIvu-4sd!!=r|Got`FHS&nHLz9a4t6a&-tMA
z?Sd1&NT&nD1e4UmP0C(iiu#50DO??`Mslp_uYcp%M1#Ahre(<u>b@8{@LnEVtnj(^
zVf!VQNr?8>n?vO040YF?x-3&gm}*E0%g=3U$Ka*Z2>TU4$c3rO70y$x5O}#l0TdIE
zyf@9RPS%Lyun&%+%uG{0W~gsn>+^!ncTaOlSe3mJIJDX;O7Uu|#A~mQC=zupjy6FP
zQ@d9Ci(Uz}MR#$I_unTo8nh}1ASm0p9Q@S!rt+r@k#c9IermbMp;lxR7&)FBI5N?*
zw0<eLm<#e+=~RO$U!7`a2vB|_+a;w^lcF(nyCF={H(mn%cv#ipFs204&ufC)&T?(s
zCrIBY=$nebU4&Rio-qr+!hti&*~I_XYygaNe&(`Z<TO~f0?2UU*D%@SNA>~qiZm-~
zRRl07Kjq$bjwtu`f^DTYf8Rm-aL`P<WbY^{(Tn|QmHWz30jz%F(|C%%bb#&x9Wxc|
z+bHN_fZg1dqMSkK-)GRdEc!~OtCPdxDjs6rorY^HTm^T{in2NoDn6E|I0{#}QX1mC
zt)uM0juA{)M6;`-y?)X1Lw&)x7EUznwcY5Lq02mA7LF?Za$Je%TvK~}j6ou1tw|%6
zfF&$+ZJaV9`Z`XoN0fy80JSbTYadvujS`W}dz1i&p63eQj#tnEg6kcJ5e&~McKr(V
zeCkz_uiMJB?)t;1)=}*T9TTl|usK<(DG&W^%4#!2xch;hr!30$8D-)&es0f*ei$2(
z1}-REui|m{F-jhnvM8Z^MWP~^;!+7Kn3*_bJ6IAA7$i3~WjI&k=_M##5O~?@n#TV2
zeft!|Cp~N=pWco%e(1F#+0`ZL=&jf2dT^o$^7esJ{<~E2*IlJvC3?M%;xcc7rw7HB
zQjf13IHEQmE_^MXo4IlAqrB_H)2R%+FI8+J%HFw`&ZebXJ7NvJPwk@M!F?i-W6H=p
z>TgqaD^KNDc(_bFTDp!AWwyl&&=?Tm_j^Am$)jQiF6ic?YB9+ZOqU)8MrtD}mbW4O
zyXnEj(Fpd#?BuB9Kv^Dle?y8yd;NY|x{;=UpTc}2AMGZM$U>XnJH7eqqDk^_E(7E3
zl&}CUs`6kj7gbe?Zd7Jh?qz?9kjo_L^kLWSPTVd%>BMbXMLsnZ)T<zT7bR`h{3`Ax
z35-O8ozK44u<S$bduBk#CEpXcB^$hRFt*-ON_bWguv<``XyCFSKa9Jnicl_!<=aH|
z@A`Q!JzwJtxT#{I8o@DVC7uL_@TcdR*bkL9EpT#mI_j_tsj(;?kQ><S6&jnaT->>q
zmKRW~IlCR{_)ME9EPJ!q{K~3}M-vukc(+$|memvK(NsbH`Cg`F9=_i2%$g$V4dEFF
z_zJ*er?*U~6us?kD#nF4=&Jum-t~ZX94#3qya?r>O-5`Y4Q|DiHe?ST3bU*fcV>w3
zBKuWHRQA}<-ooK}s3^^_7$|UrN-#fs6^v%W74%Dox(HHNFc0I_ydeaZ?^nZ~t4CS8
z-13(*Cdp^@gKx#%ZOC4)D8xdP@y@h`pLccA(mHFh-APL$`cfBllLoSRzTMia!K4*I
z=k$Y5r&1bFCs>M&S7F;zmH7}I^>f}|w1Iv9YH!+OG=X?1*;P{2U!w<&zqB-pMd64A
zv-K0L$i&{OUH*P$2Ar~<t@q1ZoB$3mla)%ZEmVTAt|chmr^}o7*{#icq#1naqNO8`
zovr>eCyR~Ic9;Ad=aX0s^~XuvV`}&5!+qHcpX}737OnqtpDjQKmA`zZnq8;Sy}Rd-
z=<N4@5wo*gEhKo5N+r#nqhWK!>bb}MJqPV^_Z=wkaC}pqbhtt`Inf!BKjuoxjI^f5
z11AO5Wfd(q=s-Pi3V0q9qEmRqi>?No=`JPUPN-P@tt8vnp0&sF*5|lQ?rF1g&=L^*
zpHhiFTk9^uGVnC@7_fIi$^hepo}#U3M^qjtIfH2zeGx;TNP#TZSDy1$gn*DYN|^lj
z&;ON-%fCwSuM+%!R|&Ga{bd6B%_syw$GJ*$oYrgdIJ#*Q(>r_~2pja3`GN0iRbj)N
z4~(cJaz?kJO-R)}J45L+K~IV`*{8QiaXHe5MM?%3{aDEW7bQF%n`o++iC@bnS#m#j
z`8qPb@PB`gn)^P*hh@TH^$R21al#644;sYJR>?Vjh*eU&yFbN3@21KdsdfKja#Z+|
zQN4*y`rlV?`SvRre>-vBR%QT`{0|9O>$x`K`-1(O!a#S@DwU5usU#<>)K9SuK(FiM
zFtQ57=C!JjLHmQ!ciQWJh_~05rxCEGWHrzmr3$XTQ@TUY8<m}6)CU_aBmJ{5YyDMe
zQW$oE=cy-W)k`IOmr6_S(-an-!B(*C6pozGU0dG&v-7RQNs)Q&fYH5T{H;VQvkAUq
zlR{dR*6a<U*fYI8a+}(L-dWR9VbcYp>)CTeMskr$3J|B@(lJG~b5f7FtX|wga&ges
zz)uQ)BtSd;M`|i36y?u2=`I0IP{n1$kCwS)Yt!Ge>nEQzgsr_&h5A917oA4G*AB8w
zW0Z)A;S>Taj$qC?D~~GjZrI1pXOa(HZEM?ANB0h|$qUE}$Pai)H{p!6ql&55NcbPP
z(Fm5ny3XNNch~*8U?P>LE9miSJ<R1F#AewpguJDwvQXK|#y96BqmR}y8s$Z`jd=lc
zoxr<yT{!9jZuMN|#d+bKHQ-G0Pxnx-CD~Tbt*>Fqv*$#4=s4F=7YZy#9JZRG)?sWj
zD;Og0a0EYY;1Tut?%;OOr{)doT5;55D+$?~!_WKUUM9W_0wL{C>Lv5IN-t9zDlF9V
zZ*qd4o=5i-{d7B9`!Dn_f9O`o(dyerYT!Da)CFQB=e{(}a8>Pnkji_{!dNvgG?;mo
z!R|uWsAF1jF-tWzYFC|rw}X1|M0RkCdJYGDD``7uj((jN?cLxZS*E2k19C~FL>s;~
z*!4y7F4&?^r#d9)#eElR|5K@l#hJ0OTdstdz7~E(7oT~PMp~t=wa}gMYHYD7sD&QB
zna2LmSkaCAlSSK9L1hjG6&3HRYnVg9myxr*_p-*=vbZ&nlSq|q-~MXb*2NfCC!5Fv
z?Yp_C)IHl9^Q6TB``L#B?T<NQM{Hc8u1A`{iK$*29(Q#jGbCPxcz@SzvN1o6<$;Xj
zv<J%rdBat{NNLQUbAq3yR{sDdQ|+O+u%4~z9Go$IVHM$@*1=w+%Hw&1yLtUXY9e9H
zmTGya;iE_Qai>>{DjG5a7>k2zk1rY3-ro4WnJVvt(t;e|IXDlal>R*S99vBrm*y?#
zEI}VZoP5=Qv~}^>;Ry_HVi;TipfYOMSEG*eDKhHwUb06{7op5I<8Ryz*JX*<oU5pw
zKy(kl{HFpDW@F1kB9pY@f{n!uD&s)-t#fV?5^pTmeyx2T-j98d8p)ie&(Us|?KRHx
zO6Fx)4<NkhM~a~A(QH&LmrjQjB2VzQmgI$vZSfuzAT`4KU<g?pg&I}cw5bs3%A(lN
zi`tQ+vBIup58C4jqi^CPxV=5m;arN)Ph{O{1LM0jJgO7s%d(9Zy`bk1*~h8DdJ8{*
zMqd?H<EI-1$1zkE(eJ=~RDAO<5zdMzlTr+Qd}`W!<e}6gZuLYw_pH2&(z^>2zMfSx
zL8)Y0XG!A{X}FZL8ua!OzKz~Q7eYA84ukgyP9sHFj!L^0uh))yzq4yhY7?cy<!|&S
zaK_l&kt)pua5l|{gmDpWiTaI;9TU*oW7hi5gM7$RD$*EXx*~ZjDXnCm6?ajVJx0Rc
zpMFMJCW7NOzh}1at4n;k`?$g*YTEsSaTGGuV8atr%!=R5*#Xpa!({7DeSb_-W^^fA
zf?0X~O$|#uI2pQu*pA%zekU9}P<-K6lupW7&wgeMw~_TU`_X--8Av4m(=2RU8#8Zm
z`u!fca#nxJyxD}Zt3xfGY;1Y!k#|g(Yavve-dGppsE^5heC*eC`@4Y#C7F(*=;K)_
z7#7Q%eMeA!rR>hL_e|<5ZS2O~-2EayBGQ{KcUtc8&a)0G&^Dabh&w_3>V<Ua6r;Yu
zq`nH9Q%}+i(f2&GBl~iVb|&a)9O+B?kezp+tvU`Izj5Y9i*)%EL(8nViw@OG&4w2o
z1_zMXHHZ-`K4sSYe&*t%=w9M0arhOAzB9LsFtO%Fg*b~V?O<)w5oJ;dcoGtxZ3Uis
za8}~h?CH3LGE*PAuz4qU0MBpfr<I6i&2V16arAzau0J)hGJH~GuP-{3L|ka!R76;v
zA6;kR(@4L+aE7z-WlJ>A+eLS%Dm-6f=P>1LQR>k@Sq?n>pMrdTDAu3mqL)8bE802>
zT*|H-*8?>TFFVwYcT%ZdS7=Eem^Yh>a<#57WUDF;B{GEBpsK;$p^2I_z+VigI-#-N
zEjDsB^ksn0*0EU`$Pp>FPe|^2y@A#$JM+r4D4>{oz1#nF7hEf@me_8oJE5Zn`B_D3
za;sIOrm;7qXR-(LUDaWa#}9wjLNvEu42bH+1l@X#aN!$a2<s#5Blf2@Y~ffxNK#Kx
z)S(PXzRj@(4&0;q7~K7SCR-N;Dk{usWt5!7`ReIY3N;cg#dg^mAJ{T>{QR#QE3fBk
zkiesUNi<7dl^08WuA@(3+vv}9$FtxNbOl40fnNJt-H8&zS6d1MIE_4zOz-2;9A^c9
zRLgdyxPDWKE5cI!XwON#gZ8m)M2&>;S+f&q6I*|=^BJ21B&D5Y`D2mv79~iOJs;%P
zX2)GZ!l_4{xmznm*l>sKW$!Q2(su}Dq5HVe*A$7y8W_0B6r)NRxlV&yYuCotbnUk4
z$XngeYv@rsY^8X(C^sU@=EtIFwD3kp`nD+l#A~u-=H-T}43N3UHVA!cJdT-j8I`hP
zQC%>1Ynr6cu&kZkj0Kb^MoBz7+rKJ(Yd7Zi6B)FY-m+6qyt$LSsyjFr?pbX3*1bBI
zo;f6{r;A@+@0-OZeWJ&$%Ug#!k+d$hqGSGrkhEQw?X4*E=yXT(yzv1Qd@GT8AI6k}
zxzP~o%nd$LoS%EHU6gbB@{cf_JP;2=xmzhpU6m;BrjFU`yZA@jD+a}Q^t>&mwk^h$
zYkyf{%NurRTozK1$&U%8Rv@KGlq=TH5u71CGEN+na?u_qdd7#%c3S~Bh>bEK&`S6U
zw^7+feM89PBRvnPVJUe5Tg6w-lqF}MqgmQuTD&C>j8>EJ3r4rl6(vUgn{1@0AH2g7
z*W=t25SmZ0`$fafedS)Z9Y~4SE>%h|?)5b3El#k;wk#}KCamJ=qQ0vQ_hHusS)p~k
z+2g~TkhdC$4I-b<U#GC|qbPnmb$e|zBHO8d^x@F$vOmEULx^k26u*i<&=8>H#a_&L
z&NtD}@54ZIt<FxeUM5a$(Aii@OgP?cN?0zwiP?mgkM0XS*|#-rC?!_W+S}HPS@&6J
z%;?wEerBsuB1!0wUEG>@H=9#^Ir6RGoZ)??)x-}etp=R@8>L;al?B-UwAbPhH<mMZ
z4qn_qu&}5>G{h-)AFcl9w9g~yQ=k8sCl05_1hrFNW=WYqRwtCQs(STRR=U@~v8#!n
zk7>`f<?NWNs5np2=Nf|Wl~pT|eFya$)vruTl4Y6_Z3>D%7#?Tnmx*czY)Xh8)ikA~
zAqE!z>63*UA&0$Y1u8oV<l9o#DPyI5(_y7x*`E{jSC<+bI_VL*{{6u5DPc8bFTa<4
zevd^ROp#`$^V_~XW{^CIvRPoU_Y~Y_N1xNmz4&v%@;VUv6e`8FOC>IQ{S>5d0oNn+
zA@G?tQ!21Y0}Wt<<0u&JwXT+b)-m>-WE+)^QRu}23!yia=OkE}hAwE$CfvwRUFi>Q
zw{BFq<a^UyGHn4@vG2wQ-bC9;vuO(?4B-t$UEYv{aQms0oqJFSO4w~<e_7=Qlf1C4
z4Eo(xyKwn0eUZiel{St(HSs-nZ7(o{MFqJh-Nw_{%lo;Y=fX>Ah8fcxkAMlz=DnWB
z83K2Hdx3hpLW|4UH!5(B!EV~-dv$xi7(0gNEy*)H+9!<Yq!6yeMX<q5<K4>Hm;G(_
zBHe^OB+W75Csg`Y5#@wJhmKM=A#FAteojTVPZZ_C`(P~Nlt{&Xi<5bj6Gh0)8=>e~
zMTE6hQNJmkm-yyPSE<K|t2d4s?o;&oxd`i(A1>UYFCyoSwJkn&uZun!co`jKuOn)k
zV>o>P{^P;ut>B<)>;sZ?lMU-2<RpEyQj46YYtbTL*}nM%%!@E;h|MYDlzDYUw~W}d
z-3w+7d7Ru^@|c->xexgTI?|AIb$taG5kkQU%Y)c+$a;-?Sr>j=`zoL7#$xrqfhXt}
zMSHs}dI2h*y6*qHu4m_$y(PatR{<;nL;^^Uh1*A>T@OBP%Z+2~ePTO;FR@5%q=Q)B
z#+y}Q0Mv<m?6|)v`F(c(1ryQCG%>D6eZSD}CMKL$pCzp+q@ws`Gr%nxO7%6FuD)Dw
zGzmqt_9y2Vn)C_b?JYc73;!9=rs^OHI3+D^#1<#bvGabnqZ0!iMSTHben|!fc5@?V
z=+~m&B2oQP-|{;D9E;jVqJ36XQX2u*r*2<Ude8{gQE?m17i^PXqtrB9Wo+r5UHkni
zzmqyv<x3AdW}dpE_W2z6)06vV?7hD&O~WYaz>J-<=KQqU^}~#=lL60OmP4?7^VO&~
zqM>y%w~v$KK2OxT%>&a~RxiV4SLa@r-n*c9ZstfQcxWe%;=TAW-`41!#-72s+uCtO
zk6*lEa`&W<T0S4m!Wi-p^yARy%;@Zj;+T982r({8)+vNY58$Kn9@{3DxIIaw1hjH6
z{xx+7!VqoeI)RQ3rGZm*L@j{hzNreFi|p8i@VA=<Id=cS)NOy_z#osSP@ER>-V9zQ
z@gv39EP3T!al3uir)>A{LrQA}nIy|79q)7@CH)=J*t;1j6_&vz%)NvXfp3fO%&{m|
zj-s$!E5gN~!pLV5I9nNuYx6M2!x%QF?$C@czGSlRwo6M-_;*A`*CS{i6>AVMGst7F
z(y5oT2Gga4>5FFyz+2fjcbQepv_mecl@+h1APy!Wl6}t6*y{u$joADW<Y=v|Y&C;C
z+miOj#<J=Yn+7Ugh^kj_YVE3O6`u8ql21)%G9^9+@yGm}ksNWW_x8-{x}uJa8A5An
zQOA)CAPnE%e+lMByLS83q=b7RG;)ULW`e4rK6mQ*FKDMcQ*pi9rHtL+xg<Jx&k6r7
zp+aMR2Ismn^3G+kq>X+@K&fc|6O)W;>MH!LIG<X5!lpQXuFP6?Lpxv%K!NIp<oKAJ
z(~B%=H>!)rY_8$S1C7T1!t7pfH5TJLOmRQ$ub0^p9mw1HUQ^FgjlYml?WfLChJu%d
zYW<3iJ*fdNG$A~nZ@KG%-qLHOJvZ!%`jfu>WNn-0y6~C$s~Wssf+m=e5+cjDb6NG4
z0*^(V%jU#!q8ZhvTV7=>_e|Iq1p}|-T|p^cGTKHMmhV!$0Oi<pAG{pJUA1KN?Ip;c
z)}7ersJsg@Q&PVZ#_%n5{%q|9XRc@?zpMZkQ`Uude)KLco4a-En8XajZ|KZm3kKhS
z!|s7SiZ`tOGL*m;gZuMNwv~dXn?})d6MPEBbT;hp4`^4{Z;Fh*=|x551(X***#tj5
z6O|12`@h(G6L2Wo|8IC&mAlj(T4YJe8d6P`7^Ol9p$MT;wy}gJ#@Jf4TC<gHDoL_T
z#n>5@>`cUrePkO9CdL?J%*=BQ4eoy3zx(+g@9`Y(bG+|8M@PrZ<+{%0dw##4?|Pl*
zdJnxIb04Wu&${_lnw|Fb%C;y-DUB2^(&-A2NFuboAzn!vPaQb;!OSX8*fXtxHpDBl
ztUtujzxJnY%3rM!IfZsBeK{~nI=kX=X5_SBRTVSuZJ)4t;#K%)_x`GVmDUTi`jgO=
zQQ;&4eO$<s1@zYJInfv^=H<su`Lru}{FY^UP%~^hYy&7zl)EU9ugez&48M3Q2&#R?
z8^2w3+_}6Qraw2BpWS&A1z&StKC%a`FG9i9thTqgZ(Ny#szkD<S;>LNnB-Y?3CUV$
z(EYe@f{)9HuXd-Q9$ZAnpQe|IaBlX>J7<eiBE=1$i|tBF(b!CeTMm6LcWuN-cRC}*
z{#v+Y%;o5aTl~Q0gIs~}OI;F}@7*mY{DOoaY}Vtv%Ykusv)F#x(mmj})vQ8M3OJ6<
zFbNVE??OWv##wHOpC=P!qm<aRgIc>d;U?Vt>08{>0-tag4@gIqrEp<k;kd&+98lt<
zuk^S?S=e3p6lcYOG$SaMJFbOYH6yQ@ENrH$aP23HEF6s|RSj?+r(*nKO(Ewjz2}At
z2QL~t0fdZ`2g~QO>cSa&347v!Q_+Cy*JXZ6<-*Z}DyKLw1zhhj{&xcZt^kJ>{$-(m
zh4_DjLe~vTXTOt>Y$kzykvf=47IgvYXz*N>wj8gn8?t6t$Pe%4POdr5c|j^)l4~NQ
z$1j=)n|qQt-}h_%1f&mU%AB2Fx65-7tW1OR{nA}7s-j$%jIF@b>97DM<*gxxIog<u
z;Nb7yG-6UK<Ysy+wDYDS2P?I!enRN<h$IIildo|w*W1awubv|h-ZETBE-7466)Tb~
zaNY+wk6S<b{a|9i-Dl?Cw%`5RNv2&3QRWBc(v$N4M)%uE>0+h+J0a3k0)=ez#LeHA
zQd<BSpxcEgBTl^tAArFr-@L+Dz_!hd7_QCJqQ7YKtW$q;^dnfzck+9(i@o5hnOXvS
zmVydk#P4%ZAU(yDuqmko|7qtHcX*YX;kjD;*#zcynp+-oj-kkhbhC;r4$W5Y9xbsc
zp*eKqY`y3h!r4p_IgzZW>CY(eM5YKa#MraMj{W+fD?nv_)!g-IU$#D?SI3mn_aAiy
zHels7=+Cum_BZ@<-y6`$H5Ry)a`J-BZ+4Y;U)No;-y`Es*EL7%5L)6on9qfhg1f72
zfpdyAxofJCyR@dac+3%X2Lz1e{Lk&*mDgd*XW6eBY-~$ZLNwEHHRA9DOKTtCO~8XC
zgv%n(8~Lf@nHJ|?f0Bi!zXbGZ5|<0yT$Wg}=NL{j`<nDC$uSBU(JZGoo%N~F*cN^J
z&yw7%@QEkK#U(JGd1IQr;i8E14~Q1JDdS;i>;_PoH`h8S#V?smWp^?(>^!AknbuTc
zc3wWW|5XFo;@zbj`H$hTLcD1$%9B`~3rA2f7A|`#E#KmS91CEB%W-*+61OB^-r?xV
zjN5Ak+f@!;H~JW^j?@S(<x5$~0~?*A#Hcm2r|Vk-C#RC_yWVD1H(oL<k(I2}gCci=
z0^f6~#?1PKYO=aNh`_QBVfBJ!Av67-(*e6N;mvt)?%F>`1b3@eY!%dgL#dj`O8a^u
zQ`$qm*+|Z`ndq=a&JHRbqn0W}iW7#a+PTK#Zg0!<#8ABiYu-RH!t8i<(N<XE2o^iX
z%DopdBJ61coHiWE<wvjO{8-g)tFPaT3KFmbUi@rJW}*tV;x1%gOL@qP9^Fy2atriW
zq(-0ofJ!zUtfAq$MicNd%#a5w^IzZAEC^8h02JC8dL%%Lwbp`q9J!_z!)nPoUb*SR
zv_o3>(Q(Y{mFuACS{a#T5xIAHL$eMT+2%FSs=(5!4Wly0#bM)!Rl=5~7+!Y2KQuSN
zGgBp!v0@o_V4#2Hjy&OKGsu<^A?U~3ndxRxXhB_{&#S4Yql7(g-k?4bwx2!+?B)sH
zOY3+G)2N96HMDzqUtO~W*qn=tuL$eE4l@6>)`|jxHB|08uwCl8OV4kwK@&U@{uF=Q
z<P&nnF9tXiC{$_E7q2A_>k3Pt7?XU2H`e5g-<LQB)ZYDVqq;g$b0~95_g;tVmv?Md
zRnvA_BR`$tbf8wr&Jfsd(n>YOm&M!`R$--9_*TcyjXL`rp1^xYxBv)}P1SOx_v>G!
zH^RqyXQZskR|}CVC%i95nFbE%I*3<3O%&lxBPDi-McXQh6iDh(AH7Ka2+X%)5hZ_Z
zM%%C%e|j@K*k&Xt5f!d#A}8R{4^vaE7zK8#d@y03X;w9Lj|1cWT$vJWUy`YJI{G(}
zjyHy`pfWUKWXmEtXm7CzmCr&hw!AcxE1rzg5}yaTu`nl*)KWZW8+-g-u1FnUrn9E2
z*lv(^Ps7(l`o2V}TC93Qld@(hJcntLPJTs=i^mJ_?x2g9mhGuTYS8>PfR19gaIt9_
zT(nBCF?0v4#<L_MMSzIoRZ4)>#i0CWW{Fq~yVnIc4#hQ_(-K_664kr|E(~n$ti#ok
z_YW^=$<YWl!8eDPbOuWS{8}ByOcf=MYmZY38#uC|_%W=>V&f}d7v}d7m4N<%FLIK@
z5+{8UrL*gG5aZQT>d2JNn^C6uJ-R)+Tfm8*#W1WfH&Kyfe1vD6k{w5177P5IvaA3~
zV-n(k2G(9CPb5W9L1jz6G+}OL5GX%jqVAiqTl=b12e<#CL;r>x2Y3Eynm<4xW4vz^
zw{@3&iAR<~@9l1QM-$cyRodyEXo(EyXL9WK>jW-FY2++n)a9_aQHV*9(BxA?8E9A=
zne~IA(-As3oQKp<>vlHmd6{LEXdl{`ZYsP37Md+=D+#nzrWe6Qniszy&BA<Ih4Q!m
zxsFbC3!of6JMmFUtaRfoU+QN(CfG(CID9LYDje$({EXwJDW3e@D*f064O^h?CB2@P
zpLQaE!<<|)SsX7Kvr*BP(ig8|EBPY4(t^-Y)dv*usQ+$e9GwMloKrlnL;rg_!Op5N
z6DZp}bEUEPy=3Gu>3$_nJYh+P|2mW5jE5|otQfR1BV1=ZQufdj#uyNJc*=>N`Td>X
zzQ3_&?%hdId&jXB1@sf$@$5spHyh8#v23xS7i0g4dVMeX=pBr(Tr!nTvr$)T$grkA
z=}0x*|H5=v^;p<!Pvj=C5KVqwxO2ZdAhnCZgXL1o(S%LyH6n<X)1vc&zfnA@U6K|r
zvL4#m#A_j}Y7naQi*5BQYJ{%d<vMTURM@;V``iy1PFuNIb-F16`oy;GuU6l3KH^aO
z70sX8-LYS1-0K81I{d@6^G{OO9X+SAx6&F2H~zz*v*?`Z0h{NWY5Fo9Iv>Z`e@?eO
zEqCF=wUh|3;F+{tXF^L39T1o-(wt)fCT!Pnpg@T6=Et8PQ04EWl%tgLQ>3mN-3muP
z|AISvOz!FR>9;$xC4ghe+0)8l70-aP%+L*R60GYbY%ENa2nf*3z#K_5?W<vzVu1*7
zTKL~Ba-%W-bOAdKu%(^Bn?Km2gVBOIBi;qrt?1JyGfkiLS$Xae@UXkySNA?v`@Yr)
z0_$!kVVVk<=14BEVSmwdP+67tRIr%f*D5Bet?0lBXiLZkuk(@eAEQ%%@tQt=3Blr^
zKK0NIK|r)iwZhm>Oal*WR>fT8deo9U&vSi?(?+^|iq;0I7ygqlIKoE!F-~@~p3cgx
zg0ofb#)-DjmT<bd+ZtI5@dycG@z(IPzLtE!tfwvPZjTI0<crab(4626K{*X@+$;+O
z+OEjOb@DH!lJOcToaw+*mo8UFEY!9MXI4@tdv||_M^<J}b<Fb$uw^KaH0*gP`0hf7
zSD4X@aE>wUz=rya18&gtB7KYgs{P)d3$RJQ)sGB2%g@q4@wD+@XoFh6mtgzSX>f>T
zPKC2MLZkuuM^LjD-s0gk(~rnb;Dl-lmkEBgOfJObnIovx)+M*X+jiWF<^Zf)rRy3M
z;1G<OOtZ<Hj35bXOJGkqSc6hiw-RS_MlQ7dYD75}Sgkppn=$_GwbWU6{WUxmFCJ)&
z98{>R#~`V`_jo_&d;-c%U|9DU3uM66cQ0Yxh_LLfLuuzPd58hFSv0p<_<tZ~=F!hF
zf}&YzJ)by=@z9{O;E>9!+B1uX62~{%2Wi>C<VW&Vr{x7-Rw>z`lmv{OTB4xGl4nK3
zf_Z>|E0?JVzc7_v!C1yhUO_(dKQ1>zuRvxe`%FIXO8X?98D2iwIdZU5EpL{>d+g%D
z1Mkk_KV%t&SQ4#>=ZR+cT$Wd&Ez^$#J3@U%5w_2R5dNeVc+PeAH521jY2ZJp0&hDd
zayvEj_^ZtZbP5Ki+3?f#fbHi^ERsytY#PxFySEL9qIECYj+sl!lq04WYJd{OK*l10
z@(h+aQ-JX*0~8;E#?82Tf}pmf%@_0pP-~fQ!&S8Yq$LxE1BNl2D#{-Je>-RVPsl#g
z#|S9=E8!2&#5qR9zv0`+f8)<TvFzUfIu{53kEAeuWO)OjCe47^F?&sRpACDCjtxMt
ziJX8DW-6W&FYKP>gqLo{w;!fqUgt6fE0x1o!hv}CpZfY4<LOdp1Jq-6_E;Fl_-XSk
zOv|lTieUj^$>NRSbsc8UUxh|=toWhEMM={5l0mVe$I2xAMDXOi?afm+c|jcmxLjAv
zwqKnF410(W)Rcg5)l3)E1;Uori`s~(zJ$`CV(16#ev6VPuU4)R)NY;S-O@18vI&?^
zH?TSSl!%KFW6(Pr9sUqs4JuxAMcd&^ng!&Izl!{RMo{-yz^6_iLj*c?;@G)2f+z1D
zPqMb6@DBBReK_gorrMqH2~yzq7GKlv4=PsRDun-RNT%+4xcasR6O?;3`Et7Ho8;2U
zP6%^?sj1PvX~~H-KVrC~hdNW^a*7AP0o&i_$a7}%BTDworIv7ti+O$WZ8fUjz5ofi
z4aTT@X-v;L^AaJ+%G3VP71oQM?AS7DTt|Kgjicj9*BNwgS?X#2kKvx@^CeIWV>gvl
zuz%3$za``RgX@FJ#)y3~=lAcyK6aOV8iDuiN3%!nqX?{|!B%K`FtGm!*AjvbEiK|L
zMii_Wh`G9IiVYChOl<O4-Ww*zCdiXJ+y6Ar_eb^pu!_sU#W+13OdoXQ`~j*45Z05Z
zT+>5e<O#}eo4ZzC?!RVDR_1Q^`Uiaz7p#dXz`GAw+_)r;xJ=j6WJqrSr?1l=Qd1RP
z!3l#>5EvhFqmp_gv6iHsjxXxZ1zp$YDtc|?67%L8n(Ne`Ir@2wm<$-EQ5N8<^4ky0
zKJ8?MGS{wrcmD4mdGHB%B;n7mGnE(?eMm(wfX=WH8#|6Ht~iLf1#;#Z9T|;MOY!Y-
z6P(dO{+GZ4N!#Dm>YkhG>cGbUE~K^N0c-2NXN04mTyAO+H}vcL);BUosA7Tw7v7#?
zb&jXZ0Bd8@LWkV<RfuU=7Zf!gfqx$}0;%=WPG>xa*d*5K*!cUlGu_9Y!5?AsqVQgW
z%9{f-xu!jMc9}UtIv>dfe}wDfjIueNR<espNPMMi0E^=@Cbp22JQzk!pVY$gra10n
zI}lqywv>Cj9!WnnI$I1YnG{lBj&H&Q94TNm^LOh}=_INIlxUG|)O?d#pmQH&9bbG{
z53n~!;)w5KaN~V#JV@V}A!`LHvA`t_kzGnt@2<jL#O#30;hdzieX@Lz&v0&pePKsB
zCU;(NW%9YI-p9GsW@H^3&+`h-w7_%?Sg|!g`P`t8dGa!ODz*kk#8aEr<w-t(HYw*N
zww!>vYSy&#{sHBWD`1XVgr`Wpg+4iy*Y#4;8X;LodxI@L+(<Acn2oW|5gASW)C+|$
zb{G%<D7>j@?MY%~Xxg~u5v?J!&qxXQPrCBdI$_mmbBv!Jl-QznU!HJH<8vm|EFf>X
zBll#YUT6vJ;)?F`T!e_bu>>_eR44t@)A`^X7VHC%JgfG?rjOQWAstbuX=F`-UyYxg
z>W+5a66f>$1*+o?=ubzX2jHkiq9uPDER<5SCvQBJ7=^zyTt{&UI+W|bDX-$fJ*^S*
zF3+%0W*wRtbN*QFTcWois5gU9nu3Nlsol>cTw~e|mg-sh6D)B4*#~u3FXhFpmRq_$
zXvw{Z9LeLBD?)fd{nI6-^ojc9zI`t1U-m<?2g=9Vo%SGFVC@I1OHPL13t1Z4C0e~W
zsI%<RuZ5^2izGtRGopFq9K5&<x9g*Y^i{WAuSV&08gk7!%^Dx3Yhv2wiG_a!<Fmxn
zHWf<M#1Qf=Eil_)Va;Ud_$t7X{#nE0^1DIdKk-Z4UZaQZJt1nFON|B>5S)|ptr%x?
zLN?q>*s<;zwKVI>n12QZ>zAaL)L~3wkz07rId9yO5u_EG(es{qFs~sXN}l-PCMx9J
zP0>ux)>*5VY-@?^>Gr3yF7<v(Df<llWpZkb!o9j0hP&#ZZ!kEmC-|<)&nM^hW@=$<
zCo8Vg%{1~gRdK+Q|3h~BVAWN|gI(o~N2?ks8V6Qb<*r_vo3+|KR~?mtV-iTF&y#_%
zbP6T2iUnUfwM{<D^TiBTX<WdzxBGbjEZ)=(c1-+?BYWgd3q8xkz_QT<Fe+q4D>p@F
zj$G!kbf#t`+et{SvW)yJQ31%`^-#<?eq;d_ph*U#GIRZOTwT`sX=vq}uP1_Ra@T^V
z4K}Bu@p@5lpe(EjF(I-ICPMOsUMT<@sUMjXdX9c~7TaoHMX{(MDI1e!-AW8CXrq}E
zB(f7mO?%Dek%KXXii6kB0U;-7>#Ok=AykF+y~j>-YOc(#nCH5NDvmL>4cbiY5CAlB
zWT!Syo9;rLNB9bmbL>wWF2iUUMLEcq{U`rRDEqBn^IhAZ?H;3TNrEaK1Tf<EAC@*6
z*}0P+<$)U3X0Jln%8~|Ky{Fg6j})ORlFWnFdJu@=M0Ae*q+b}i=Zqg7m~!TN_PG_o
znSI?Ka!1O26EbPuR`=zPrD|ZmgH^ko%iS*R;6${Wc<Y)80}y=18t>x6YcCaXIW1%v
zr_JlWkhsk*`qrUwH=OlPkk`xim&zk55?ii%lP=aqkgOxip?#tyxXd#BHnkNcH?&*(
z_ra|>c!paEvHX0_^0+uv#BJjr=nN6mr=2>XCbUoO%o1wc#Yo%wQ1!?7V7{P?kb-NS
zXhN_NQl!U<8{y0_`ISCKk+;FB&wzm5YTl;y)w4;bhB|3+ak^vXMwj*WUv+DJ4hyNp
zMelGm-x=T*XzS7vRR}4-dRBW{wlg$bT6pV6;dVGJp=<K$?^-N$zdJ}fl4dm0gZeLI
z8)0r`dXfuRnPs^4bQ=rQbMuaEft6fMfF4<<3H)l*oDMr_<w$Px98Kvi(}H?<l25pg
z2h?|i%E3_lRWdwJOHw1UA=?O*enE|qpaXQTCL!=)`gE8EtpbpLY<e^<$C`3rB<~e0
z*yB)DcwaDtoUJ7e#SUar+!76kH~s(>KmOakZ$h;u9^m?KFrl<g|MWP4`iYongLWdz
zv478O`^Zj9seH?H*XFwuNzuj@IMb_bKBaoFaY~7ictqj0&|uHka|wC~G71buO|>HG
zaGuH@;0Ne%6Sp5w(@IAxWb&;{Vf(`)%I^d}4Xp>3#VRY)soCP;>)Xl&8XyvPP}JWM
zB<J=Y8Yo`J5X4m=MI>Pre@Vkh9`ufCL&}r%rmbF=>i`@JXHXRzH!3D*y+dA;XpYaj
z&7VpBFzP31Nx)ZCvrWs=l&8WiD%-Ok)fk5!>_C*bIj&LGzKFy@uTFZsqsE(KbQGzo
ztG$Q0;{Y#@IB*vxW6iG6d-4{MLpqX{p1~<eKWgM9to<Sx_1alZ2cRYGS4s5J!*tbH
z?YmkdZ4UY)ienqQbAUu_QkbPh<qnYpZ+@H+wY@pDqu$*v*?$$5FDNP#6O@Us7iNmA
zJvv{%mtp=NjLH8p+Z5DW^>z&um7y}}6fA5z9Q^e-DS97WaSr9Ef0$MrLyS2n*>6(_
z&|l+4cwvm-2S@!TMG?5R#pRGBPeaw|(cnwQj%(^di{DCCJ`I`O=&X^N%;5^VAWw@I
zSrW8upiSI)!+taG8@Rab@(42lhZ61Hq1E=G**RX(_cA9{^q?POaA5CHN*6<<bS-^H
ztnAcTY_+K6@m+doYy`A}H%NE~IS%LPryc$_2ZE1iQSb<EdqXJ0frSKlWiknOX7!5&
zUr)4e4_tB(V9T^N<eCV0Cs@3&Ic_sy=aucMxP6u8Y9Cg9+?t7pWMmG0jT5%{BTBeM
zZLpnQs!iX4w9s!AE1_8s&buPc$vwC}rF!w3+F(TZNg!iF-8lm!7Mo@@3I=q;*Dh6~
zwg0w1AHR=DX8Jjj<_K%sC${nfxyd=!>DgO9IOxw3c?FYmKB+*7450yg-_z7HQ+E*~
zj2b2Tf-$4az>0|IbGZ&{#6s`x^9VK<k;~I~Nkzc=eJw3e5e0)oZ%;4Pui;R?7@2Kv
z);Ffa^)vwLKM~}%M#jh5JYu15$rik1Fkm7Ouj6VqV`Vh^Owt(nv}jT41|m>EIQ<5f
zJtG`?S9pQAsT`%?R`Uc<2f^H^XU65<a8;V53*|z##i>1cnAegAJqc}%W-dVW=1m-0
zI&*y|dVOCfs~|Ix42?ogI17Gg6$-VW2)qc#DJ6Z5um@KT?I6Xa0t_rqc>K>jnMPLG
z*5?*$y_P)SiP2!>^?PS$XPx|$7v45`FzLlOs_<s=r(M~mKoNq*TUaphdcS$Sl21k9
zpsJR5CLuZkxiOHv=zF~Xm2A%<?`g>S1z&LNj}dmeIf!=9@6OWSPMpTNjQQFm&jsrV
zYQ06+rf-7Ke~f`;1w-GyJ1Xk-O3f~bvhSDf(g1C;Gp@40ZY*zW;22jTz@z^O(Nl3g
zC$&Z0O!<j`U0ZKR&}jEhV?k(b5|#1H**pw9XG~g4T+!0MA|?B{NQuR*5Y8%bC`ZT?
zPPWg0CaD2uX{M+*fT=||M*R9R_M&^&`inp2+<bQkoEcEv&3h@wTEpZRaE=yA*mFK1
z$7^m$e}(Qnt$#uj?Y0)f>fc*Mio>hq1)N&w5FL$}6jkkrXi=Ojwg>QrR17Hop|iRq
zT7R7Bx=l+nr2a<cr($pzI}G@JM_eEasA3Uy!I*^>M0JEV&7J{2OXyJ4`0|Qfq<|tN
zk%<KwUzm-&;>A;>gSC_-0A76Gp4F9e#!p(5N(IL5`x&+{FZ$J<N|rp~mUe#i<kM^@
z+oyy&@)S3+8_}PyXRn`tD<Hnl70m_@2gqIc3~a7U^VP&=!UFnpb<hBA$#oSAz`Hq`
z6-dUX5h`(Rr-BAuGxwbf7zZB!`EeHx{o84kh=<|QZL@-OL#y0l8=m&KTHX0@*vJxj
zg!Zh3S~J$Bh$1~XTg67~JY4nOUc!2KN??I{$lU@>v+_?d_e}#+P50F(t!P!?&TM&X
zd)`t6W(G*SL3Ol(MTh@<UQ;ZhPa#psv7NWDnFRA-+}OlFsc2=5-}@r`=DT5weA3>U
zdCI9D5oi*^><bXHOn<oU$qL~`d+v8?K|b^B@vORtfPf14V5_6cKxm1@u~_*Rp}4!g
zC0lmq*<*^c^t8m;CM#YGv(XompAgk|QahS>U4Zfc98ijoE{*p0Bq`gTE92|2T11N9
zbp&<QcTg~^anQdSI)@)qy(t9Gi1V$V2op{RixZA~_pKkgRHqk<zcHM`Bbp>D(BuQF
z-hq)wCVx~XHWK~qfR_>Wr30^`Lt6?Jwf*b@y%vK3)``Ca1CpFP-hp4Jv(u>-U<r0s
zXWW#!Y^9+@nAg<<v^Wc+y)>H|{Ew-pQh9P!CIrhMSZ)##8jbfn1=QH%RvHwH7={%R
zM(EPiqO;%Ax?AKYeK~xO<qgXD<dFi%rwk0(X=q?NJA$yStcY8tW}f~lV;WLtBXD;o
zi!CZLTTbK_U%3`0%#KSs)oBiW;!P&TNmY9SYV6^dhuqb(0j02Okx<$EN#oCZ>E^L_
zwM275(Ng_6uahvsnC3^S^tVx&9vN+K>{F@5VoZ%;zi~IK%C@TgJIac7aoH#JFa6_4
zIvyR_ooe?j^pho}C|LVsDFx3t%TR;<7+%91NzdADEc)=rBfT~(Je-)Xhd`aucfvod
zC6|8MkI-baO?oP<4^jtI&}og@0<1O6Ehi}vy{lYa)qw1s26LH)C}-nNAHP;RB9rIu
zRXa(w0%dShcDS_V(3%D=Xw9DeESk5H2fV_UM3qMS=!Sli3v2vf4-RX~#1`DRy4z<A
zwmGGgn4AvINc8gChN!T%9OxN3LEkai8FN=l0j;$*g~f6hvX|d%92%O~SI0HUHNq?_
zo!5*{2d@g`WZoUjlmAKrS$=REX22$a_BQ;eD5CyBi=we8Q0^q;w()pQ79~TnB+Q!3
zsSs)OPOCtTc@Qi|vRmX-JrZ)1)pHJ~G0&kC+IM4J0Iq0?xo+IH^Y9ycKbKAk@l5kj
zFyi5ha5S{oD<}+2WTX)Kmendi{=$vW%eUhKGai19t3s{+G>eU^8hv)R<aI@@ZJzK(
z!<>F4JFu!R6gVZ(FcD!Dzu`eMvIYJ2y8gJAzT4MpBya}Sq_XhlMiO=;sZ|XZAqc#=
z5+#keBWYhvvG5t@A2bx<m4V(uns+HvoiAE;B_|~p=2Gj>D>v)m#|JnZqX%SaOTT%H
z`Q$dEU73(Et2OI-tQG@XhRgLiKIYUcRNLTDo}__E3GZH-n0VO1c(c`QYRCM_AFLlz
zt4t;g{0Y;THqb(qe7JJB*C!Zo=?+b@G>^+24etoe0iQi|+AUDJGCrh`#}eZLR1W4@
zr@*deq~Pe$jVq1@BDkgXfAQ1D@wkVxH*Rd11Qf*un|2Csl*Xh=HryjW>)Vcx;SrHp
zf*aDl0_JXx#I11poJR&!+d5Jd@ZEscUEo$t>wwhl6Wa!BW1zlI%aJ)f>gRH%5WS^o
zG=p$45V7c|=`EjVN5rX4qsZ6U^2D?J$pr*ycm@>dNg^rbs>#h=A9UIXUeQH4{ZO8G
zbI)~;d+I0vTyq<-HO5T7;6j$_v~x4L<H6agcHW~U*xGjJ)e#?>It4^qMDf_=Jc#kp
zI7YHbwu!WzdK0h_*_S%IZEU_ra|1s7Ra!SG%86ar4d;_+xq1WolJ<c2#*_hHo@BKi
z`7MvcK!JP+@7{!gg5%;TNy9j}uu&iN-mVyrxdC^N4hahy19*wX;(}}KcFSg`T|g0r
zIcjWWKF@ChS6x85+|tzJX-Lv`oA{%msyh-UFJwa_Kf@An)&<vVA6)t(DtKjh<NfBl
zKdPWM{B8K#V8L}e{0ym86ic5|M7TZ)D2T$E;@`p`mdzzfy)Y%2u!BX@onnpryygfr
zehAdko}Svk_hCh`DR%%q%Ohu9#*q<J#Y$+?2dxd@V-_E8&ti>lJ&1cQBI4@6OrL4w
ze=ZZI4AtkupI!%($61rlMrPVyL}`p%gc^I*_WSxJ&30oUL?KK=YAE=?jRU8<!t$D_
zbz?S93UlENfbp8vTyl<h9{U-6_Ny_oyZI&zn*`6KwAX2`IXlwnIof9N?hOFk=0eQ6
zW?E$B1tFL|XnawB=<Hw0N0ga3F!iX}QhO-g*{0HaT2^1z?~ges^+6}?R1e+PrdHK6
zAcod6^n4X4ftyKbi(gjJ*5eEuWM1exTqh`ZTGTC9ic=9)#0_))awmF=E)JIMQ=;pt
zX(8%4UpytxrCxXElDP=7X8_ewkzcwMN6=dem=5r|`SPeduC<5oT!y#_Y3S3sK_@*J
z2m9UaIdSXGC*10S`eoGx*I(mg#o04>O)-~%d+Ou!CD)c*lc%I$$$VVVz{&2|N6;Q~
z!pc}T|Jm_Ih<%kUmXiQk4B-BCW*dO&zsp;_w<S46hd-%I;*^wM*W<?Fm6zA08`&^_
zP_djSwc9FDWB~gMmJJ-b(aoaqT3!{&n~F-m8>P<rFM|tx3)00wE!78P#rK8*<xfCi
zUJN%z<hH!XJ=vdjpJ4xI-iTrVo0RO{5JTMmU+$I|p(>iEXTn2|>Q+;p{+IFp36ut!
zZ@sQBSoUVusZff*<i!|b6tK0_QLdvgJ-DoZMWq)=(rNyYpDyb?L1wdvjVwbMtRvi&
zv&mA_Z-*@*JG4+DXF3Oj=P~On&Ry!~)Ocs#KV}Crz&F#0z&=%Hx$9OCwrt)0eOn6j
z@9SQWf8ST*BI^I6HwKG+=Yfg?PNH;9Dm`}%XqKD(T>h>OsMxn{=QBSbEgzOUFns<f
z5qLR+Md$eTvqwPIsazp9v|S2NfqJf`mmQndwln30Lj*x-yQ(;^gghqqbD*k&yf2TZ
z2et?&hnB%fPp;3kN-+Za+j&!mo-|ILwrxK={nNSvdBaryRg*_1x<H*_+#Z*wnL&AI
zQ-}GirvpOe^L$w^%_i-gu50bLYC)|hJ=@Dj+}Bq!;+L6DJ%?XxPO>a{xrbcRMkEAG
zI3SX=tr&9<;~+Tjp0D*{UtP;m+MvAkK|eYzP||5-x~|x7n|W8{2XL39aCsizm7n)}
z0ds&H;CF*8c<T<4NL2#SxH{Hcd0B$6%tcFFJ<syvDjI<T&FnQMSh{X1BXQMSM&hp{
z{>CYtyFsWQ>8=}tTTo|{fDLeFjIO7edQC8wRTXqsEK|9ik^-MR-<BQg_8ORf-^Mb@
zjA`0TJAW)<ZuvR}EMG^?3{;tPH?n3SxqJE~i;VTO1YOGDuE2lZ+wy1^oDgjhu^Xsj
ztKg=Mr<Ip4F^A%Mq;3X~Di#A?5DVto?xSu?uTrlobIE)Nf3dmY9L=oTa{!NF)+f8H
z2%O-m1&z>UY9U`=`Yv&@lE$7IN|Kw;c)R=o3g$)#M%|Y+`=hBP{eW!31duT<-gxEJ
zY*Ds#s<^<1E`Xc`bPW!VyRj8$-wTyB{b)n}@h#}OF`cK#>?Z`9G%_`Vm|>QP2lCf*
zLkUD|WXGzqt=wf7tz05>8OaP4Syeb3J39=}t=&H=?m>N@JoSt<z7@Uu(|id)eqJ-|
zji0u`%CHSV{j6+@KX>PiMf52S<d(>;Gmf0VFg}yTL`cAy7-+*aVjk+O)Ro)eU3L;E
zOAULD9YRsw({j)pYmTKPhN|1cL~>c$b;OH!aOJRjfAI=$4K9_?l)sFMf7D!AJ|y9U
z_1o%xbzFwzWlshemIRI{w7)$Y!z&uR?tXB>R6R467}qgfH4*F4ku1Bx7}(k(AgoYl
zL?{Us5Oc5+@-5Ro{gX0qPF8YKwvg=!m8)b=(}3K)8$9$ADGvzuKG1*xSp9wgc%PON
zJCqy|`cUHn)_H$dg0bAzQFE6o>2Vjawqr^jP0BQ6N$y!)?A<vq829GXtnsbr*>0kz
zaEVWyNj}vXu+?BLBmTASh!*hp`W|P$hLP>b{!+5d&7QzkgYZ>L1wByW5_{ZYe6>Jd
zzA^MXqeSgBU@;e@Xvs+&Uz-MDH&zoOB1;R{lXJlKKB_EZ*CI207V&BFXh{;j)8cY+
zaA|{mT90-TBZEklLX)3i&4a)Vz75)Iwd^#A#Z+LTCBL1h-<$P>jKmnHm#VbkMqZv~
zS)Kx>e5Sj$TH&WpRi_A@0f*Hx!a1vLnW!WV93M`0gjAxxeuiF9dZlFygzq|UrWcxd
zW*j`HA|F=rC5AW}ENF1raR1d>V2VCmg#POk8{;;!hib#bTnM)1@23sU;rm_mH{ktK
zB%jmH2#Bp;J-@K_D1g<KHyd}D^`w?2TcWfI28KwX7MCBjb>oFJ?pq#9OQu!FkUkvJ
zv={uUI+@_&$BM-Pt9+2{n>PMl4RG62Sd1h_7Q{2@+g2zsv18SbLaxF7%W!;P6^*B`
zP@L)Bwn@~uWn`Kj_<hmdJ!c~;GN0F|n~vwbh9x1S{5;uhjnynmk2&D&hsW~Y6AP!Q
zBAvY5%^F4lc%S;lrX>8P`rLb<+)gBR80Y7^$Jq!!f%DdbjXBMsq1glH4XHF}-z%J_
zDYi1x7UyP7vQEQ5nF<PHK;oTL3=|BP)&3Sk$8}0}OOjGkaQ(xgd8P-vEm1DMe&y|}
z{q<M6t-rIc<;0Z5P>-p@_n3M97~KohwI@|88Cy{_!~=N+yW;whz#B=Hrr9c6E_k2L
zB>DBzyFB!#@9B@sqWxFZblc}q6Rb=KeMzMEVBu{0x+XPp31$<hSe*+O%Zs#nN`b_r
z5&H@xkB}~T*RwMv?g!SdshzZM+F(YZg^rdCpp`<d_P=r)*F3T%(4m?mnBYuC+UQ1s
zI@z+E!_(a$Y`fq2X@9oi7!GPYlGNaW&l&H6*U4i^@|k2esETv$%`81wrvzpb8f&rL
zg`C~`U&q7F_R>*`Or-i%5^o<-kQG0sz<7I6P1@LUeaD-3S#Lfm7{4-=-gfca`Li8o
zb)k9ZJ0-u!W(uS`zsp&>=bPGQ;n6pe`k=<%_Otx!@1(n)SP{GB#0GJ#oG2lqG`t%P
zbEHy)MNF`7ct)u!I*9cxZPF1ZJ%ig1CYn1A&fR=1pR%g2$k*?*Y2jQNPgdW7(>zgL
zsy#(%Q`EyIDBIM*V+3DTL+7f-j{aIgl%b_@q1fjq$Bwlg?r9tFm$9;bpmZ9772m<Q
z8df0j_}v)EXE4<DLzAaO9sNX%OKi(SjPl?`*R4c(W*7h99Mhz*+mr1N>iN-+uh#|~
z%i4Z?1C;XxJ)n#Z)_N`vhEylNx^WaXE)`L}Vs_^0-TK-L*e>+cLl8Y@FL=}JAjRwE
z4$Y{Au^c#j_6<C-60#%tAQ9yE;A3O!{;T7Cl$%xff`c^Dg~MM6>)l!Pw{$ZN&&X(K
z4+a~Y#%Ak-wKd##&^?sv3*1iQ5#xkSAmOCB!ZuFM^VwWGyq>eAL+;$`7^8JLQhZK>
zc%wvB9`$S&9+Oz%cOeu7)gOsg<sU~1c>E~zBj~kT6MgCNla7^9{&=Or3zJ0+r&lEv
z(A=d&_1rNP*D8Nptxnau7}aE(iDPzcJmJ(OmV$vgX<*fgAY1R1UmK_;9HO#htjKZr
zZGjyU7}vvq_jy4QbJO}D@a2s>CheNQ$}t&{HycbgdE2F|N}F&Lqfh0T_{yFr4NbJ*
zNhgX<)f36Wz0$9yib5k!LYP}pP-&_;l`W7E4Lhjs*tgPVpM<C+`$Q{tw~#T3Kl-1h
zoHjN5N0I;TN{E7|O$FaOY)RGv(fQm3jAvg($MF!4(CtSVM3I;8QFdzmsFH_7<I>VZ
zRcu%jWnZ}&p`Wr3O^2zqH8YBDln^`pL3}3uUCuxR<J}qmv0^*m%UMf*lUnK3?dN8<
z%@qZ2hA>O8(+a8lHc}oAJmZyo@9wMeK%w)~8l7ZFSI1&xkT=gjZ0v227Dlsv`po8g
zwx+ZFkB*lzQ!al=AnFXmw+?P7c>Q)_JvfD=L7ZN7{plphE*W_D>e?if2<CigpNzNA
z7XSJ>HDJow{}$Dx7ek~(%{6H<I!bDX$^&XsF;=}dqqCq-J>TUn@cWApt<!mM8w{yQ
zs;I668D=!hugvFiU9eXz+TY$Yz%8Zn;sYZK2-Y}7+@LB|%ot#6S544;nZH><S*9F|
z#{9@Yq$)l%TvZ+0_;6J+eTuQQFKnh@0>$j>fp+4W%#xhrmJgu!eFPT&jFJEB?V(3c
zXU~gPIy+Y#qVmg4@4d%AA-rzFJB$Qx#Ab&Z+SE2-@W8@0jPdmBANajsS*5HR^DJHa
zY6|>^r-J=9_pe}A9pOtMcN!-sldz}IhL7!W^BjHuFz>^TXsp+fmeK&e#@0Tcaa(6I
zI^1+t4VgB0k=8_UMq=1aWnZLM2mX!FWKJo5Pxaq>e3)OyNo*!~#c5xmkFCchg$6GY
z7rH=i@*#4d<Vd-6|CKMP-TfV%&kmevJ$cd9ccos)MCH?YW}5GZ;9@e)Xrd;0GFGUZ
zp~JE{2YDW#qbYH~m!mFpefi|g4jrv{<GV68wSU@(MPTz}_#B9oIzdedzUMJ(_krtG
zFIZBZyFmg{r;m~6CG~z3Ulf54O-3F!nJrB6ZQol+Y=iKa#Sf}$0_fn!V(G1Vv;ED$
zH~W8JrreoB;d60s4-TZ;oVGc}-*?M*wxD-*%yxruVcjAJH$#RJ6$4BlW8qC^PM!0;
z9z6UhZDMXjn6f}g>8mwVMJuulk*DX~-z=S93hF`YH0paL--Y|zgZsZ>jf4_LcWWz5
zR7<-*zd8J|+o1kVDSa-nou`B{;8v3=az()7eZ@V&iS@hbIYn<Y);%Pe&y{S(5-b2A
z9T=t1Y-SNxYM3_vz_W6G8YhFLCx?%uph6$ssiRMM?%Q#<{8;a19;?3GFSpu&-Ew1X
z)LM@aFS-2E{}vm$sGl5kYIs7>Hk3n}NiUJR<xibEC>b}HM1a<@*;qn=<J4BX3=$$|
zMOMud3;Y~qqr4M{^X-eYIfB{&d})p$G#}u-H9e*_F1=CtwCxj@-fyQS2SOg+$#uUD
z<|~CTlkE|);0o!h7dRyLQyw^~`YogjZ&KRs7~f>8{CI`##aM6G26$4me+36BJe)K&
z4@W};?Q3jH{yRJw93QqR5AzE;GYqwl@qKhm_(wx*p3FVj2}eOsJ_CDOo{rB6chC#i
z=p;7PFb`9@!=>?)(L!gG51+npps@XB8=bfhu7LOPk5Z88|Asf7Evoukxk<R!l<K)b
zBrx=tHpEJ*VmE!tB%1H#z3q4Rsp@vgY}`30oFQ*TP>toEq#pt6h^G)NIk+=>_h~`i
zGxrq39}fw~AWY#7Q66-XJvvD&rFK0y3u;=(KF)fZApYNZ`MO#K>-^kTv#O|jEA$}p
zFAw3~z@Do``8O=i@ZLDvDmu%J)1#0;v+%ow!ltuw{yYFrM2WJ&Nc$9w6d*sj8m^U)
zdWVNiOid~Y@!tWd=SI2Nhkm?S;@tW5DX92olZr!?Q3_r|{CYRf&yEChC5VvI59vB5
zwCb+!tdi}jmvMM%bBKmmtnU`X)G3t*#7hunR)y>Fr<6Hq4Xjo@W~Z9_Gdi)33IC@F
zpGJcI<nb!{7F}w3dE{f0Qp)>^CRAOk0P<eABIY2MrQ;{1?afkFb%`VW&o~yFP-r)5
zD()%AW4~BM`v>SjhNa{*kQ`pdW*dwt84r^mq|uCqeXs>gknro@qhmtM`#bsZHnC@C
zPd`Yp>Dxa|`3&?s6jh;kc>#j^_;*cSyWzA!zV|tN_^4MEaR)!o7Yh8y#6c&q=V6Qj
zoLQXkohI8G!=C#9wT@n^n=)}>Vft#|B#Fc(g8StW+xP##+j_&79K3ej82u)B_`XC@
z;e$IZDTb%kdGg_K>O+==*5L7uCNubrNqB|x&ZqmB<xlnFHRV`t7jLQ?Ktt~G84bgq
z8Wug~*fjZ9I{I81D9Kamq-G%r7lbpGKAZI4@mdA2H(z#{Nd_}%wlfxwn?6qeWV0BE
zpKWYy$GO6!_(}Td-r0VN+got2OvoRD!q2h2?>E!nA>zkeY(J-O*B|&c{&K1)eL_8H
z(mS5wo#X+3QL)`|w3J-8qdqE&me8@O>~ak%J_N`v#8jga@xj0sr&>3s9YJNoJB~;T
z@x1E$rZtK5a`N>!K75J#WW~`3B;~^nZHE>XK810(90pX3hBh7_PIo*!K#3`bRTBvU
zNY@Xw)UI=d0iQenJbDp1Q&J8iDI_zdBGPQud;D1;n(8TLVtcypO}<;qhHJgW@ig*N
z)x2vReV4v<R+hhhk71}yAgYNnfVubI(C(XwTDa<T+D0_w<E4)MSMaM!-8cJ=9z`4m
z1~*(9=c$_L!t<@~@Z59&-J9%d+nZzJ2CxaiZgk@7Lu3g_syOQ2ABhFYkxh91mf6{e
zl+)N-7N4VC?j%_uu@k<n)7!`E;Qj#b9PgdQ(ya_c4C?*%#r}7qImY>1$~#Du6U=R!
z&hC@5dmXx>_eP3%SvW^b#ikMu++F7`7PWSzd&xalug<)bI|RDNYiTQMDFc(j()eDl
z+%f*0pE_@S%@sfKhOW}x(u!YK&y0HHlFRHKRL5R9XEZyKD((q@7O|~$NXC^AMG_0E
zb)lVXy(Z0Z82*c8mFhTJHWl8Ee0NqYyii7a#l)%Y?z7`PZWqI5*nK_z!mkuW_BRCJ
zo&k2%4J+cshS%>&>XNQ{o!i_Ic^jR2SwcdOZ%o3T?H*^O;Z^-_b}G7Kf>d^iv6ZvT
z=HSDH*G%|k+~N)#GM^PZ2@VdC>%~$WW2OCeSHGS~ET=e*!ne{$tz^uUcfvdZ_0C2^
z-b?zY#)lOc%$X09Z|N8L!%Y4G5nii+;%uNH&lnFknv}2jHs|T|aMedNAd7_wX|V+-
zlx3wiDgr}vYQR(W32NGpq=q`nZWK5?=J5mb+SgBwF(VME+J`DAM5)yTbU)*aL#hz<
z=-Diz>q{2R?;kqPdT+R|>Za;Z&6AGB?@rK$1?bo#92_W2$e5OvytltAwIFI7@2fHR
zfB_?X4!7bFzg!~~RQ_%klDs=w)Q};Rex|_YW~1LDLl&iBUc(lmU~Tw5H~g`x-2ZBg
zUoSk(uEAtu?+htjc>@pk@;rN%bjc;NcE=W4K!~B{5aiU0qE5dMEv-%rIExaV-wE{H
z1*?sHCcgvJynh-j&G1jsX9`8j6dJC3Ser$ileRKY=3NiIFYd0YC${My6hM2f$fXbz
zvWl1{!*`+b<2M()ZM@1*3H{U`3zS!KXH?!>X;KcSTpRZkXi8(k4oo<1jsF~D6<x8(
z-48k!ytg8Y04aSb1E5eXvfr3QH!4i1H`0B8)V!%_Ac%Z&t}oL3A5>tD%g#N`D%aIc
z&Lvot4({gLzKIECTL2<u)o^&i^R?(u=qkztVke{PV!8C5^0M99$4yXPTalqgg(5{m
zqB`)o%>i3!?hxk5M+`XvPvUr_@^t3T%L7P^{#=$Tz%5}~YDF6&uWT@;xS#z8F_P!o
zQhBRhT(7jo*3A8^=DoG<KMn`zpArUzt}34(^aetQdt8Tae!&73fC<Ut^&{lARk!l}
z#I^awSzdsk9QNv^#h{>4$lREG#ok?hbFRH!QTJs${k_2D%<Xu<8)nRCjJ=$K>2G7M
zmvl!41KOH)q;tCHEp_g}HzMgB+-h=IIlzA|$##lAwL|z}`Gqt@-51AccQJh7U$kjl
zz%mCNG)icd`d;oWj+|~DRpVU|=(mLW^kt|IDr0T*+pY5hECGZXmZ|1n8Z+~a*7bKw
zHktK_F}W<TvP}H%TJtX<Z|X)8et4Th#$*oguISmkWV+8S3uk~XVY;Vj{z{nd?j&Z&
z&VVFC#3Mi#shn7JWx(uZt_-LZWyY*apWG>`{6*?P|F@*wfb+^{wCF$AW4QjaT=8_C
ze->@+cF?=dR1B?c&aSey7c=k;IsZg`s*TTE8aJe|G)Yrp8=G;F9I_vXbO5gKXno`7
zaNl+lAjDAi0zMhw|A7{#IyY%gCY4mI1zn1p<36cpSd6Asn9h7fs<$H~Hh?Y>IFmR;
zW{@}0tPkGTVGnuvpxy%~!AW8UZRP_PV<WMUuLxVY;xSEDefQ4GAP@r>I?xM6D&Pgs
zi*Ij`A=Mh#4Q#)@|Ib-<Jl351*1gkG#72A-=;9&H%&X_;VNpP#k^{17LclIqj+0Q<
zyhrbs-`9wzb$9YY<X4089XQMSXy*Qw0J;~U8IdX63%lX(vJq5vgT6rEGRRzeHv1)Q
ztr;<v^`omqxdPZ9g5$#;|1rge-@LJTi!ZQUD&SgjZ;vX~k}ThOS!^~^2jTW)1*n-b
z{IRKyfaxM-wtIOxWQK@9g&aZA%b-}B*=j={R3<Qgg`e|pjh&~7+l`H!34edh!y*Ca
zo}Qx_md;_Z>{++D-sc!<Bj(!?4N&uDl&9YDaDBr7Qd>9F2?QFfF51M2S^RN*_+j33
z_vlJshfvptD4Tjz3ebZh8NxAU6ps4NWnKohw*gJ<xC{76kzQh)AlkM)_rx)CZ44hb
z;2Z`}nT$_8k2Qkza2uor!33r^J~{pwh;H@V{^GTVFfl|zxZUI2mi8dv(8QfsmKhm*
zkQ0&Xy3cX5T_yplQwHNNt=$cDlcN9;+*2w!SW77BMsPM!(ty(d5dmG_)oY{s<?L$E
z8<Gv1WlId0sIlo9(e$G}E}^Uh)t1bB)*LHY3viR>Lf;^eLwhQO(oFB7U2Ge%B(My~
z#X$3*$~_Ac0|ma;7YXX80OJA)#}_m917R=_D2~JTz?N!{7B5VfW0=ft&{bUsu=fS1
z?EM1KK%nQ2VH&KfZlD8ukiZropq|!+*?>S_IUEICIQM_{LJkkgnzZrgz5k6F&=q|r
z=3d+vD^TU5x7Y-b=|{TZWPMr}J1MpVNY){MZQMa1mBR~k2EGEHuYp_waDF))?e^Oa
zc*zT&L%V)baQ>%I_yR{P{B2{^JWnnB2wcl00q6J8RosQ){Cd9P-|jec_`jc+Uo%KH
z^!5dwAs5nE6vlV}_IUui4NGkRPOSr7cjm6E1I`m`qlsZ8$ysW6Q!ReVn<Q7>>^OlI
z5GZv~0PO$)RG<1G!4crU2q73IF!{a`IhqLUwz6EZ_AN+O6ql{OW~3#DV*|d=L%?5J
zpgv25;CBXYcsQX8Q3M)UCb#Aj=>2fefpP$!0M0(f<?MPuy8;&sPAy*W`7we91pfhm
zQGh_)<_bg{pv8a-2~QR;P+x2cc%=;5ab^AwIb87ww9}ZLi7Z)BwRwKn&)0A{{tyt9
z23k<r`}Y^1Bhvk|W~I0zzYg9+N1QM_?d3yU!)akrX8*HE(s41C?h-t0AD9PQ;344i
zuP83i;a^+>9gVb}sSrbA06l;u7qK;znaqGWD3R<<EK%0@p~!Bb-!VfaY64P9#A7DW
z-EfYOgc@;$MBiteP9k~{Jg=o!iUxe}vIhPdXdCrYB^-_9m=K^qlb==t(A$4pcpa(*
znfe|!wSXnTi&)asY*Ynw{S#xBu0NR<$Lmgixe-GjszfY^g!ZCPIRY|d8>ZQ|AVW$u
zKQ+_yQ-BO1fo=bP!cOv{93O%SY)P&CwVCP#VFfR?`+vy=4h#RQra4pqf&Mi@Kwn?k
zFsZa8O>b&D{rDzL4_0fRAzvXY8jv6!fI`<ZmIQ`l5zF2ar~7h9S1HTY&yoX+s%l9y
z$!t1$Z^87FU$lHrEve5%ZK+?gDqNi78Gw%JE%szA8n{7eUaeX@S%ieiMU}dwL8Ewf
z9bZ6(m_^<GN_|nIE?Nw~9U_rq+yk2Kr$%2KQvE{L28&=-PoE87*!}KKIDleHih61G
z_5g$chV$@(A##DML%${fb_d7){`I=>f`KBic;i1`NDyO^#R$UpoGB%m4F8`t6L(EG
z3-m8@&r{+5r$);mVvyV11RXG}6(4>3>FZ@LYAjCzldQ@yxKFyr`2t&k1G+bcD`=jq
zanxLL_qsitI0*=3v8aPRyC)hD2#N5z1q)c8tIPjWUj9RX{^J52>gH$Zw))9}X`i_W
z5vl-0?1AY2^o^e`%0t4EP%ruggZ(S2!fojH**RXnP65D*1tVY{!s-@*#b60omZrtI
zIa!Peq$)TJQ@M|eYxC{TTPMG1{-<>xw@A{+MJU28Lebxi`ln&PWEw~<qUADDU^N1m
z*O2T_+pwB|KcEb_M(z5WH0G-4RFrS#FH`1>9HcXzBF5emcC02jJY13EDR4f4pC_r?
zN*g<TokfC*XL`L5+qi!z`#v*CVHf1lFCb_`()}ZDr5LYc3l9N4QD`f0^l)W+hmMZ8
zSLZ}_$sZi&h4bmzUp&=^Ou!6+HNSQEW|X+z5ZKZyp*^{Vd&6~xUoVYi<wkn{JvvWP
zJiUc~6?<YZuK&w6Oh?h#g+_pg5i%9Yy68rH|NWMwXSk)+4wa9!pEo17FSWw#37Gpa
z#~D^0S+~J7&EAyBUoskc#D99OkuY0D$J@+Q=+p0WA2@3>dZ;)3ih@;PY94X>X2RBQ
zq?UBndJYeBJ}P{g`QHW8Bf8&>Ai389KX1JgK65nu%02Ogn}Fr-OHW^aCp=5#a)P)G
z$AO#w-0$m3|72DX^~i7|{7MVv=+Da_*D!lmZ-!Gv>Yb=Ze>}XUd$DI#y5(_TN8W{x
zLIrwfR_BkJ=sl;N{QGYi1%!qhl&$=UiLqJglv#`iy~L|@LO!5RaV|xfUEnLUoLVC0
zURFM}JmgYh4gGbIf)%SF(G92r-2SK&hPCwXK6_#rWrwSTgo3VmSryKW`9l8E$aOF4
z!Z`$d^^-2x@MP>Hec4!^+$j6fBN2A=!x2R*xFphWS$n5=I$s%8#VZ8J{&M-EFR!lX
zt*hGN%Wu{(-2j>7z-Gj<*3~`)Yc2cvM5s=B`H0g#{==VN2WyQN-k|?M_g&tVT90I?
zR%sMgYS|=Ttr~C8i)9}N#>Jt)IS6ujzkK;K0^#Z_tH%qcVm1v@mOZy;IPkASc6wK&
zXhnAi+Cc^MMF)ic(u=}8R_QJqj)?iZVYhr<!&Mx+4p`Mm=3hs??6Kuz`2X(r8!HmK
zew1wlz~|x4?jI)X^M!sTS74+G_`tn9l&c1WP{Ja7hmpQ5Bj~H<gUSh;9^9%*S2mEc
zx~eqw;DxdO#n6JAB<Cga8I-7e6=Ao}?WXsy5xFvvU&n)2{&EaHX6^g(B&+DswyxAG
z<*C;aGTRkhp}|ik``+(qkXWL!@}{?gs~#~115^0kZx`;bbegV-HOwr~F9`4wL<YO(
zI-zEY4iIoM4W>&y<{aRSc)1<XUpX8;bAxvb2hkBvM0NitJiqfxs>(oz@-md`8g*{b
ze4g)Cd5E{##wy~A*_AgTuY<Sx8dr@2T|gbb!|8Qz1BzZhV3;qp?|L(LMC@E=o~=+&
zKPgES)M4Ouff|5`7oA~CweVT>0~toM8eyn?I&19N$Wxa8Qhzzb22<vpM~s_ic;qQC
zY_L|l)9AMy{_hH@Fwyps$D%=ZZJDyqW{w;n#E4ILhrBmVfN1Y`7ZW47#4O54&V8Vb
zRUtqY=;d*R3NiQR8uxYq|3QwOs4Wsn4xbSzy#n+7(x*s>sguGlEmnJb+uMM5N{?5i
zyC2Pqu~n-|B0t{e8un`Ji|1a=fDbeMkLPG7iRr6Sk-gh7+IBU5uwdJ5OY5+$bN=xo
z1K*FADt<62b$g|%ze6nnCZ#Y{v$MNo1ew>rufhAo015f!sP+=6ayg{BUS|NG2`4`u
zjUw-KG(c;MTPg89G~8MptJL3G>a^E}T}L>w^oS&E;SoCMD$tW(m$E(74A5QeBwWDF
zBFy34{;akU93BM2lUm}XT1}Kzs#r3o{I>M6!!*O#{u^L4o7Q5HE@am@!A$^z&2BLy
zVDwOCV@A3H7|M)Ky05Bvh#_uhJhHyhMxCb@>!dk7NySc6X`zc0epR7nN!_Gkx6K`N
zfbZQPGXBd)f+~+qs_&z+L8)~K8|P?N^(ENeK!ot6(%canTzI~V`*k1uDryJc*GjU4
zS8lt1=?vMu#7PiCo)OVk{UO$SW1?lZr>K-whpS~PIv?VWG=QJEH}2m_r6GV8?6#)1
z?ejOiSlQ$!()Y+ac$~!2AQ`A9=OZTvHna_t27mn4Txrv(>?wvYVRgqthYI8tS7!Lc
z5lg1#^!ToG@%u_PA>>!DzpAuT&s*Z$gFriRWnB>^0v>n6=HZJXw@BP>3)L0%2iEOy
zJb3)3Qx5<3-gRqU1#Mp0w$i+9gZAy`C$C6cIr|5{W0jVqUD?h*FY_GF*{?K1QSY)s
z>0uEDEhgv52(llU$?U<_`4UvANpDTgdyO2yX3~6(l<c9mK8wD;wDa*>dba0Vn^i{U
z(xE}!bghY2hiqlbP;-Gh=cY@d)7D)f-KMp#WcprK%`L$}q}ts?zICcNv+EM1t+(GV
ztRcF91=0Ou=lCf*J>OF=gnp*ydc3UP)9~^1_s>xdMd+DS58ukPiM4&#OA}3BTD7P&
z|KV-%P!%O`UwYmP0PLA8C*g)|f}XhoD#A*9L}b_L9Lp_#3`MUQzpxIu6Ej26d*xAg
zB|&Fv67k{7C-OGmKja?O3}IJox8>{A|HD#5=B2}4tS7cz>7ny`^w%pg?-S)INBD>x
zRSyq~S3F~9#mRrsjP5&P5Tabu;dm`U2$kPV-{zTnb6n<^0m!c5i#4XtMxiIl;}3cu
z6L5zsz880O=j3W``(qCASl%aXpOztR>rm<!R<doK+y7$k&BNJD+rRN?pQrQ8)Xa2K
zqiU(r+8I>sOqEi!YN;)jDXq|ml++RtI*X~LC@reCDMc-ju_S3qq|+ky6cr^zYe^7E
zN)UwPy;0N7%<~?<-|_zS9>@E={^-%;zHircUgzgLKj(REx%@qxa~e#`rL(dA2g@rO
z%L5>|F0MfypOSdmvHqS2_@TibRaJ6io)qjpzQ4mjkMo9iF3&bA>6G}+!j+reH_YTD
zLkQ4rJzqoao-(ct3JOADUmE1$X}Kl-uA^kr@+L<==)AE|=p;rRz^ofCv?ke7>7KO_
z_QwwoDu0m!mZqk>M3C|V>-do5FwM{&t5!hUp&Cqfy-sXzQ<+W^ab^^w8J^NzyfwN4
z^lfnDHqWXhuVnXa$P@JnvR{PVwJUghpwTx>C_iB4!DafdVTz%_RC-TMMBez<^4aQM
zM{Zvmh~H3{$=AIHbk@UJ!`3L{LAI+SU<rBr&hj~!o*h&0cmXl-I_l?8gRzThcGZq~
z+71|ZmQ*3Ff%G9O)_P@-r=`lU{PFwx2FnUnUr<JzAa;G6l3nW}xjz|KbHmhuQ+Ozu
zNN{+}&y*U#Uulk*`1+{hG2Pf+EeT{LEW#ZmSv^NPaVY*fy9!_bgA=L#IvT%Qhgz<4
zuRrQu@xb6Zv^|{j3svTGwB0f(JsVkfULp!1%!4q$BW0~eU2sQdfS%)s%?JtJVU%AS
zzRMfZGybfHpW3k;&Cj=K()y6`YrO#kHSp2BoT;zb{9<}NMKaSOBlNo0eF3vxB0Ae8
z>2tqaJJ?T88oiIn<yO_cH=)$;H%nYi^t+=0JLGZD>J$OhGh9>McqO3Rpd`#bD_CXa
zh&eZ`w056!E2ZHSfR~`88F9qwn|{Q%%pQZ+$<X6Oiznx&R#KfOiaN0SJ&Yn%1(Ia&
zdJ)QQ$y1UPNIJ>y^cdb;?gh%Nd!YutHyQ(QPsI1y!<wI{w_!9q@srTWV2?cXotkIF
z4!<aM7ru+cv_g#}eQh}Ty!Zi^q|oCNOz(%PG<PZTW9)M|S^@q2?~A9C0gXAStjwTN
z+PtPr64mq7CT`H1vZEBbopw2fn}p_NyQFdr^nA3x!Ll#R5KW60uvXd_J2F`38zu^#
zm6X8<BjuG4HV4B%*)*&@WJo}=dxAG8FpabiBGwFn^-Q<Z+J|Zl8eCWQ`+G&7wZY+t
zB{gUnjLO8f>}&ucl519yOBl^nm3)$6kYrx;#SiPOIBZ3jeKg>IP&GR%75ISuuZyYe
zfLlPXq3`<lsp5jJ0qQ#UqivV3n&a!kG<RbzeEivLxp+Z}^Tbb*ahyWubit&$H*H(6
z&y)cAc^lOod^mX;anvv~{>`jkOcws0vv*#KU;KzZn3Zd<3cE3V_ywS~N|@dknd}R&
z@E{L0p$9AO%S_aCc_ZPP>JJqOh{_n5^W3i`0WIM&1Kk`E#pkX9g7_%dF}po~JdX_w
za5B6Ic)=OYJ!c~KL*rV2mu#97(q+u)RcHF1*Ny1BS)5vn21v|JRqPcJ>MAjvO`l7@
zoOC=(f>{ZdPF{5UqE{`#un16rDhe-6xug=2bXsGpQH`)M*DROR-jX_(*N!T$J&nLf
zY7#<~)`beI-~(5yY?in2N4J4UQ;u~91+uTP+-k2PkcI;-L$<w^;y3Obt&8xA7JHSs
zXAQ9GODfSbDJNV~DJC^zHT!zC%mi)H4yxqGN_faMh<v9(9!#OkZSgyR9pDvA&ScyC
zmzlzBduf25%m5<@E4r&R3~dL7^QvT1etUWF=F&Y-eyjg3x_u6d4g8_QN#4SW?sG9b
z^mLQdNj@rJahX*6J*ob;0>BYOd31M+C6-gx!HtO&h53`|rdG!@{rm3Gu(g+`E=UmB
zsV@-?d9ws#!>|~O5>d&)_#+VJ_u?^=vHQ|HLMf;))g6eRc8t$st2RE5y~x$r3z~#7
zT++JFY9>$)wJ2+3&IbdLWdkr+3yUeJ0_Y%5PE0f~o<$^ImF}TUt<SuUDsIeo^#ttA
z`{L3_{+y}VJzG(6;)~yA2N&lwP8mP^FKsm+J+|;BODC4fdeGRNH(P^9*fZ}MJyCfF
zoE&PvEv$1DKUh6~E>pQp@^&~fZPR!=XS!cLltj{9FIG-p+iW;krk_5cTfS)i5R3o0
z%hVOfd8(`0QDL~A4@kbZNO`&XlYfu1$E}gI(z`3F>BS4D;T2?tyhJl-CIzEYpaIAn
zcd<lS@y=Paq#uN87RS{F+%UqBh;Vl{{DxAltXMrCIA|L}>ll`%Y&LQALP%j<IA<HC
zTi<R5Uuk&3i``daPFTviotV#5w4P*7xujhPcNFw}Y@;V@k3jimg5j9w7xh`8(=??0
zrnXWsY2{0DWvyRl3g;zKXK5CH1~&?Q)9M)}%e$|tFSPo>fU0XG$D;39Tn21m=}j}p
zE^I7se(x&%5xVwyQ_E)H9C8xZ`IaZQ=eRb5$o%7e3GZE-c01d1NVPQw-)jq4BEGY{
zpy8eZS;=KB&3WS2Py^UlhgNKF>;<6zJq`1FJ?@dy|IsyB<gQw$OEvdN#&g;DOlQ;6
znR}*vc9Hb}SI0}<<_Qgv$riQBSqb{jo0nAu>AK%QGoee95$MGvM}UB0jv5m6?*c4E
z`)GwgEPoQL;Di9RZHB*9n)Aeevi@7c@Lf6*B3@LOs+9s#OmiV3tb%+}A{#!IciZb$
zwR$yd%O*81i)UEXSOqt%Nu<*aQl;;842}fnk0}Rq02vINv}q>{7s_aR`otmC4RU#?
zwK#Ip4DGUvu0<>Cxn?~XI_a{!x!(sUZ&j1Y*$0z1=1=}&Qec7$#Jld_pS+BmWKRNU
zUfcC-4f}2OC6C|6{G@vX%*7<_Xg?qFqh;#tONOoKKJqQ;{!S`yr-=i_V0K>W;@%6J
z?7Qg=(uQV_`r`7Wv=Uf~e8{!+qKyo!pp!0Wbwo%Tf|%cIHy-r}P}U#X%o>SfYGUk(
zZ=q_wlv=E^{8nI^_66Na4Mr577eCWH(tLc?`X!TGw08Iez(89D+|xHNcbg(6U5fc7
zN3L>(JFroa_aEYTt^)b-!nxeG6)S;Wrhcbo^d4P+1W$um;i$=#Uu;F8*BgKHTz4KK
z+5UJQ^S<;%PrtHJQZvEen+-$H4Dwy)A^mOHZdIzw`dWx@Dyxfp83D3c-=OXpZcK5l
zh?ma%DSoylb%Tw%c3#}kKDm#$fmVOD4NbI_d?rRz9-Bf=w-OeUA3H4`V!j<-Js3xd
z(6r9#$pq}Lu<kW!YI?qW5%2*u)jj^{bT0=$Zw?o`tgy=Ek;0bKexfpqbUi{`50&tN
z8hxH@2Jo)L7LI#Yqf6@*Z_L{(1)<m1<D)?5LhjXtYh!Eg%80$rw3@Je*Kw-VM;mC_
zre;y%UPml+%VhjGpbA(EkQa>U0u1aqBSQm(3lmyp?L9m0?$VRqwt~nm-4qU<0=aU&
zL<9tIM`Bi1^^fOE9w-gp@vY}3@{IYAl1O3ql-b`AoFAS!{2zPO<VvDdZ^v%#FzsKA
zXwvGK?Hv`J!@cz`V>k9E;<TxuD~$=qlD;XDd|WFj>oH8}*u5bEKx1AOX>W0@u;_yH
zJ+Dg#lILpJ9V6t^(W$ccu0MKlUlNw*tG&EJ=~yYV?0ua9u;jh|hF^iVg_}@%T_QMG
zjz9Bo(y&eHB2}pLyqs>h#)<azzCRWFPa!>2ze(65?06B)#j{1!O{3@>Jmd0h0X#Yx
zXXh&jYp){8KLWzc7O{9d<ZHC(Sl2G<oys;inaSe@X3<aS05lnENQBojKj61#;CNog
zk`IE{bE2;Sc8%cscgPwevXcI#Dn_;w6FjO-nT5@fkB4wT?R`g8{LYYSAD|Q+^L~FE
zb_ch`Dt0{K{uZ5@_oPWD@>Q6;qn;h?R?cR&lZTGqW1Z%(35#Y$>@`Xs;oI@`$|kly
zjLHGQ39x^*8ZB0ziC1@tWsyAFv;n&7rdtV1@VlFve2TwQ#CfPlJ^9mOd1i!wD>lKA
z>_)<*_Rs?MEU0$*vNDh{a&zmjzrX#^)1xj)hU3rNpUIvThg`;Cl_1R6ECDk(-+0?y
z-o{I9<qu`p?>#qE6K0E|rdT$9yQ0vSeyA;Tzru#fWc&P59fNLryrbZtZe&Eti@UaG
zY@RM^mp8Q(Wn8bJ0I?OH{%Nbtq3yJwl7)!hAbD{h1~dbB`?olR$#)I?z9d0G0#aFF
zbrM}u-wgU3*R=7dmMsacue=kkqK(7q%XeMgq3+Cy1DfIXMR7~IFH6$SOWq!i$gT|!
z0me@-B{1a5nQP`*TahBAqUG|ygk-$*0Cf4FuiL3_1e4IIe{@$#>ou9C5ti%Psx|C(
zdF<FFZ{=?$E`dhqo_F`h@1GAy)PSiZSg}^_bb!9A?J(O;DR9zh=eyoz`5#PN?uD^J
z35(h}M{iS-jVt0cwegP1mr*>s)4*V~Ysl06#^TDhGyqY8(3X!{B|<N_wwj(`=rf?5
zrX?p}Kpr~sVXXAKqxyR4OQsmv@%?_^Zx4wC(?8u1*S+(SNeez<#+(L^JOl<}@cnUd
zVnweMl3W+e?BNag{lBoJZi{ZBnawc|KQP}mp#QJ_dyC0ka)?>^!>uV=WH(=EzOp>n
zbYCR<K^?b_E@noWuf<2kju-1Y`;3joF$a+RF(>7ng`XQQ!yIkY9F-TAS$tBSVCV6B
z%gad?$9)Nc_vFp1fwxP6velnUJ(NpW<w-Us_I)v7bGO`9ac}{i4UFFQ=WK3K+$_%z
zmF$ejKYM$mLLwfxTIWMCxsqhD^Zx?*Pb$7!w7HXav)lsPZ0$SR{Qq;^$Dh>Xw6*DP
z^ZEO)h|zpuT-%;w=uhj$aLv{W;k#_q2p>k2pMB==;FF4<IEgQ;af)HgPvpTC-4%!w
z_#YzJXK%l(6pwFwCYas_H{Wb&vlRR;hhQqjy;X~p6RtSXV>g7^A75^N@<0Fn|JA@-
zF&J@4$OrIy>ChC$f0wo|GIH$RC#Eaja*Vs)Yz-^jLIJqa{GDiJjUzk?i(C3xuABXV
zMm~GGi=g~CQ&}7#SQ7a5pmrWd6{%Xur&F4IKK~%lE!uDY8x#6-mh7{rU;j+*KQlS|
ziG@A_Jm_U11u!!}m>XT6wDR!}M(*NCYk#D*x;0fzEsg$1<gEEw&=l#J;JqdvI%Q2?
zZI^5F-;wUEg%2@Og!Xzfzkij(6b8%gxXfqY9&9;6_+dhR;b&MJ+YX_=qfRdyaq#3%
zDG=rol26Je?^N_Wp4ikN8iT)U)tjjF-}zYfxf`7*I;T1E)D>`g5$hd?gIti@dHeKt
zJUv<@2%B%kF3fU-a+8z~vm2kiwe=Z8Ewa6yho&^f@`d09@Qyp&IDw&WyuSy$nTc5*
z(B7%aByY<jj(r>IWz=M}qw2Q@8Udl0gu4?Nt2G!pDcc;l1AD97QbUGEiXgxnCj=@|
zl)sMnv!+{kUy^9bt1Gm8^N-P=ytx}yY^^!{)UxQUVjOT=<96AnNS{s@GfHiBBkw#i
zsg)DVZXgLyCIWqkf_F-*@SQhNKVY~V5!dTYsG|8okAv`g;a5AaWZzUa2z)!^Wstlr
zMquys`281~mBigkHeP0^ap`diupKVBWet#r(3iP8%@n~x^GRB;qaSJm-T(@XYu_Ua
z;>{8TuqpPRjGEv>LW*<=ZT^r=<m(U(I|7)LHZ*Vz*ADA!bGQDEB|KL^hV$RSCN0vg
z`;a0<NCfiFzt}auq(yjBEafZnr?4)gqZ>@%S;oq6&dOR&BXG~=b}2|$k$T{@Sd--z
z$rl}i?I3+iX>w_FLqDvS?71Zv;zMEtT+b=LEl9Fi*22(7<-T7eMstNA!b<VCADg|Q
zu+<shVfMD_|D;NXS0ETsgaY1V4o33F+CO^Ci%pB<dHp+sH+q_s3EbhnUEcq)#ROpo
zY<g&zF;N(2N7CnqmKC_`llvx*-(Aew|4G})S->$Kx?%=xM+rCn_0K2KzVh3+0>6T}
zT}JM131lVji{J~7Zr;_qUG#z2wSk!`y1VThf9fNojpn=Y)|$CT9z$;sxrXet_WbLI
zaq(T1d`{eH;G(LXN&<yDKz_nxi~hdEIIX=FTR5)nOqzZ6^a>EC*5XjW;iT>ITzAuI
z#^gAhCMD4a1mAm$Sb~>v^At1ba|aHjgF5jXVVy`vl#`IqrlDBya-r_X<{v+|TJIOU
zLz-`tzvBwq$uA3q?G9hVEVs(!JKiX>)_i>;?Y8e7i}dx8EkC`qOd9=q>`?r%!dR1a
zE8%UM16u_#62tdkM~dIx5-GRETs>MXVXL(DJBag`V57|!w@Mx2uCLHm<&IcwH!*Xv
z$?2pyZ41qHy}cIOEr;mRw>PES+}M^bY9)DnUov{V)4_+d8W+oA!GzuBYlhoR6a2<k
zSrpRzOEBdcy4meV26#)ax8C)q-5zTf{boQRts&(aS4G12_w+^YeAkzA^+gMjA3C|~
z5XDclEEmV?7A=hdM<sZ}_cvvHxn8wpNsTw=v+k~^B{~Z!B90wQI9f&uTi%y(e5)+H
zPaMD7qJKN))H-^-Yy0~j;@0QiCxb<ISFFyoi9}_j*yXglA3l#td~uh4^z8Vmruo)k
zrq8t8h1Sg~^Vi4M)6zbCvyzD6cTsMnJDAG~kMDfu!macl*N~s5fmh{ZKd3H9v4FNv
z=QUY~GPtukv^CKY_2aml7|;CJIpM&V;O(58^p2LdJ{<wCMy<ejbz6M&em82(cb{DT
z#=piRc`#uwC4b}R;%&f8@)w&d7!GE#u_w&8{Y>l9`sYJK=Eq|7w>0%h#gk*GH8n6L
zY*XA=r9VH%C@Ts>wM8FmT)!O$2u}&yj*YhtS;=pA7oWSXUbY=y4IIU{pM^EF|6ltd
zLeolKB&5U%y5%-FO0XuLLkMK#`0+I0if7=i%(<o`e9C&{!u!=a^OY$ILqS9siRh|K
zFtJ>y%iGQ)-%c8e$FI*S`Nr||MXlNNn8--8PLTQHhQtq+mPU!=gr^P{`CU)rgne4;
ziyp>^2hEg96FJd)u4u%=n1FuZb^y^f2{zo$e4n?UNU{+2kTDL)vd*&C-zmiQo5n>b
zO8AD+va_g-&4p7D6#2L%_LvE6P{kL?yiFOlGY%bPOz^!ZIoWxu7E31c=YAe>t<H_I
z>uh`yTJRJzwOm_3Ma@ZhtceV*8Cbno{*?nBcClH`+qrYzNVKEPdIVB9r=qn1l}95G
z)naz@xCf0GUX{j+c4m#_>iQwrm+kQ2YB{ZWxGLqPI1DzF{g)aCOB1S2n0J0ipDu<F
zl_!}b;U7a_2S@QRGc8K^m2y7gXO(^7X7p(Fb7rDu+V>064)d=0w<%mvt3HKsrNeXn
zR(=1oG;akvbGOtk2xOh}@_235M^hp!72T!7h-3(DVu?-Iu(O5u6imEu;z~bIN;(%t
zV&12EaS5MmoHJwBGZ2*Z#iS=b(ek6zdWJtM9KWci5DM#LUo%Au-sshy8r)QaP-76m
zY8>hFwG7c+^|-h_z_<~{0&>Om!#Xwl50Of8X~g<^#+0GvS5vFpYfyPkR{ukm>EPSm
z78^o{C$AA4I}Vjc{9#0YcAwTB=E<w!KkMWj@J-C5o!8iE>GU9y`M+yvK^hoXZ6di|
zwZ9qmOjP!vB`drQ3ldND8H(!+>Ru{<yr1@a?4^%JnCX~1N+0BRKaFFM?kxfRqJ)2&
zsBhOy!8}OI7G_lz2aS@Cr#VVK1^a*|#=`RPJ)IgGR+Fdi6;6G~OqD1l%9cI-53`xL
z@5Ga#2szSn&pv&U)5#?3FcC9jOMz*c=Q_gsAA)(jsGx3g0qde>E)}J|AZaC!?2{5@
zu^PjDLT0p%<8wYD<0!rmvt8-yXoa@LXd(5eWdSSqswbStlrniHsWNy0QqWDADAAKc
zRvQz7J^3{WMR$3);|nnvA7x9jD1dqL7V;#19lyMe5FL+O1#a3L8pH2BH%?iIC^-9n
zT3f70zX^eh<6#nj#b*0SOw&d#nDz|NUo=H8>ZZ0+buQH;w~%ZHF<bVE3>&KF_#d#6
zXF{zeR~0`Rbb+U1Tj9nZT5(i-=17FCx{!&>Y$?>(D1ydloS$Rek78LaCTjcEy*h@I
z*|UEh!J~*ud{<^#wDExTXnciY=gXPVNCqeS$M|%`gJc~T#9@JO$S_Q{zK2X59Bqza
zM!+^+@eA4DuJ922>7JDaYD8GWssV#JxtJ4r!5$V&aP<?+d)N(H!OZcBat-wPWS&M3
zdS%_DV1*~?P~W~0UETv<_XxqC>Y?Kl2%`n|{P!_F_WVwRGUUWF%TmF$CSMALBKb0l
zkWgPup~l!3_S(`JeK^pduwap)aF85GsR=9zzqqvgZkV6?=3+s%4HrCx1r8N~CekME
z(X2el#Bd)D!J%rZeDvpuHy8P1Gpq?ek{a1-((qGNIRR|)5=HO1UlR9vOt6|6J5MTW
ziN{*f?9{6-B<{&{eRo!^=KX=>Af6Dt!O~D4_4GTV%mqCT`)d3FgUvoq51DK$@`qHR
zSCfG2l4uX<1|V9Ge}eyr=gr^~5@K423zmL=kk(eyCF3BwY92Nc+tycFge?|VL;7t;
z>=q1%?I4=CfKC(Zu!ig7l9oT7S@JoO2rt%eLg(xSmJK^qv|$6<fC|v<G_T=^CJs)q
zhd*m*I5izp-&5YWZ(le!Fy%zpRnhWQZX>RBj5T<@K@XJHS%7?>Zc*4sG+|&xg;}Dw
z{5JT7j~r@}S#+1UM?RfcNP4X$QS2E<%5qm8diFfyP@#;NAA*+IHFm#ODh_s~Jo8Oj
z&=qYVudS%3<dE1a#Mp7fftsbmy6JXvcJzSBwh=cb>tXUOG?YUAJ^YbjZOMK=6>Wxw
zSURwDgIkC=-VY!j7^GdB-SJc8pB=Rwm!iSHDwX#BF0~1id?t*+@AmN=WKt)gn$U)D
zwp(8=?fSTTRemnI-i%+vkwMp3Mi0K+2A8`8!Hzzh4NZ)&uEs(}epX{%o)Ya#GP(Up
zOmbG<Yv{E9;E-UI7+Vt<di9-xllRqjLNnMwEN=_MsYQv0s^lg4K47LgetD#te=c2F
zwH=B-3Dd2Oq$>=p&USZaEw&B~FQ59A7;o#GnrCdsPtXV=I)XJ2N7D^rkzy95&F)ze
zHXwM79*AL>K|`0+9s`}1CY#2~6N@mW9t}!=g2o#5?Vww<x{iZiQSmGQwjjCG0woY>
zp;9l)h8z9V)syF#Ge})QZg@iRrD0wL<EBsDq#wd3!D($8pTsHI2IZ?kj~?yxY#{#E
zlDXBS3_I~(>=Ui(slp|Rtgz_h(VE}x(adi8X)C9x^%?tmk{1sO((y;i)vK4B@-Yz2
z-8h_#|I_AiWS+B~)qbM-sKWA9$Sw<xT;jx_s{Qc85`oK~K$S>)Pg91Bw6YD9;L-fM
zHmtRghmGAOP<-`<kLGHfe+P9nFyFamU-r{jJl)vSKXI}8HssnzLxhm04#Ev6RJa;H
zEtnw8=F}ahsC<lG3lFU1?Zm#eONJXF%}E28C2-Bkk%=6Mi+<V)LjG{kbQUT>otP*u
z;W*CqCov`x;?pIqeSS+_UZor-#+M+n7$<6%@G)BX^iZyb)UrfcD#x1ca}^p2RYAis
zdcN~V*XIp+^%B2K7)(VtN0TeC&n0O+Ru-X}t)cn2!~RJVNA_GMKxLhUT_w$i1^9Hl
zeu}~{*?pWuj;&8^zps(pMSv+%E(dFw>875!gOIYu7(fc>M~_tSq~o$^>>Q>|$e<lY
zbpH)=#^<pAgH-DgkSD)HWdM=rUw5;h1>D6QaxO*k`y|5(5o0kiAYRSQ(JAP~pnL^1
zgp`dfl;N!=Eca7Vr|~zX@#6Zpo<#Dq$okfU9uI$peDLSUZh_@hwya4ZCD5GoAN+Eh
z?UHBOWRtUK9XyW+mAx>L$h#g(Pd4FyV*mb!<JAw#279b0&aJNdkPv<cuCehR{xy&A
z&!1lFRglmM6KPB&P=Yl64LCv;!{cFYo4?lY^%6gO`pW2*@DJ;ND0O*_#A0%3xS1=X
zau6T(^<=$-0yEK{<Z6G2Ion5YH$7*^ym_a%Hos(}yeE#6eTYdP4sSY@S_0QE)1wT)
zuNKgw!Wvw&Boh67sGQ5`Ps#Pw6E;(gP?_5*nHZ_W)!D<@mnq3M5b4Z$W<Ab1e-O|H
zgc-2D;pEspJUDAVlke=T8OnW<2eR`oAJNs!A@YW$;!4Ku6ANj!Ff&!&ksx;G{aI|5
zV9I`v7NM}s?votR<eX!hQ}3DZ^dAb)0L8&Nvi96B8S}(6X*_mwck+0hTU-Ciu;iI9
zao%ej;+Fb2l2awaq<gugLDdkTbOkYIw6-g=a$vLH>KbpMDq%^BJ&%f$yJ|3?)&uYi
zymkpcD-{8Nij$t86ONX193Tai%r+CEe=ZH%2U4sS$8`4_%R-nQ7~iXGv%CGq*4bup
z1=N^eL#3?E&eACb8s^5w?aYl;2hVf!lB&9cF2a0L>Bgxeh5Rk#eP{HqahZ%odM$Qo
z#8XwVG7m(cm<+%zCQp14zGR;%D@yz)I@uk$*Wx(HEDk+(zr&)%1Z|aPbM22JelES{
zJKVK**E;%QFMs=Mw7_{)V;xe;Kgx!X%kg&`!w(<|8qsa(R%B}9<q!Q`WSBawqTeH;
zTO@0KdqBhWc}misJvAx8`(`39a_Yj(8A097kE4S@8(SToNT*FLGH!B-75M4K2+l=c
zeI0XaRd`N+1K$-hL5-<OA!bq|RC&V<7^^W;Ua#6$<<c~|;o<UvG3RKe$I?SqN{JCB
zyMvB^rjYtz9dt@JB9;F`Iy3KM#)fDsx(gBi#j>KXuz%K#oqH%*5sj);Z(iIhvn-*$
zC}C7Nk#mrDn0HX@?0g|e?3!l2K`SEecqY7TFtT&Lt(}%6?Qt_WKW$(hyT&n0LyAQX
zgibEfRX0VKXyE%C(iWlj^mOFH!U|Q8jAxNhS7wDC1<5GYrx3h*O1PKPR~wsG54OmH
z=mrO&e2K~>j@ZEQU#T%J%rK~NCIXt@pKi(wc+7{Z*Sdc3%D7Bb(Az;rT0hp$dJ}Mm
z8CbzY)_40Sn0K<nJSQ-VxwU*ab7r(M)eC~=>Gj}8PAl<qYNyQP7Y=@sVD7st9)|wu
zuFVt=6tt8)=N%Xb#Vq7j5e_s}_yW@ypPjcn<KpnR_EPPA>bTui){9rpwp{e?fjuMi
zpO)!<*^T*a^p-a^to8C9w@TQQR9le7xpNiCzZnwQQxS$}LWOLyPjviA$RILAu3Y@y
zVg~+jdCz4?0be?s$jhKvr_w9O*HQ>WNEz7+^uo6E)hEl|w4UL{*7*+9@ytR)yBVSe
zKubVpscTDpG@p<`TMW0vDSyJ0Cl&Mo$^5c#S!q+eCSsqNkwiN4!6%3U88t-W7fY%c
zDchA~6XJGZ{Z}NNI=mc>X~*1&Qz5owqs7iT05_mYkJTO<6?8L+WFwf;f>*M|GRKW;
z;zjde#nyo17>R;Q^nj~u{V}+}Cfvs}=y0&r0ee6epd)um0Qg2t2A{c^21GN#;e|ky
zWjEmRu?Thw3U;9NzE4g2FlCl*h>bw=`)DNW?w@R6>e;s8sr)X;V?CiQNd;*h2@FLm
zo{bR~d(fu*w^*Lz<cX6X^XzJG@i6vJciZ}yS|tPAHdrA}BJ4QOCK2!JBGHu92Z|Yb
z_T8dOAFUA0yu|Vv5m0Y$;<D$J4J)SV11>}GZ?sC>Y<|C)7Y!%AE_+B_$H<h8H1&a1
z&;%nL%0LruE{Ew;h{YU6RLtb(rq8b97{$YpP-6&hIQrgMMLg{uHHyl)N8~BsD@*mw
zGX>vo_X0!?h59I<=iSyW3<(I%vTL%9%WxBXTGio<gvRDiqJ>_vg>2C=#XiCMh-TRU
ztn<bBix7FG44Mqv`2wBMyMgRlq`z?5n0=r^jDKxvWdI~V3dsT1J!IFh4!yhmMskA^
zKWEp1uSAwpdh6+@>mu&J1#MJbNCDLgo$~G=iW$@mSH$O*Ee%0X1r~lk8Z*oo>dVHQ
zT|`ul6EVV*R=#aoxHV~&>v?67q;57NDBpP>iu<5Xs`G?%{sdJT-Te^~TkadO-hFO4
z2wsl75v+zkgqZm_U2_j|IKH`X31GwQb@l?4=_Ud7+@MM*W%YTsB~C{0>RW%O0!p4Y
zuZ>H~p;pe}W5T=cyW4co66aK$I%o;f9#5|4iw&$^UqXBR%McBJYV@mXG#NQ#fNj0e
zUB&hdk@Jued3wUJr+>9u%rA?)18+ch7NV~9ilh<|<r1;#CDH79vmJn*DOE3(mqx~_
zZ;XU28R`_6@>5lSWOkf=kYIDgq3D%zT!0#qq1X2zuo;)|Kd*yag9Z~&iVXRGcC2d3
ziPS3{go?d(rFsAc4fRt&$LHCE=u=9_-%<4N8+Q}&QIi`9>+6H&2B50S$CuUX%APC2
z6vD1Pnr(~0uDMqKm`64Ak~ymuYO=6=+>TtX_bVg-Dhd;{^{ou{J*>oPdlhkkD3(X-
zhL=;CZu<RbMi1^)&3KbLi|sc$InV^5c^KmW=~B;z;FadjB{Z_z`VeDAWz^*>DoBou
zv!{RgGV$v2Ck|xG;$d>IBJ&3{YuRW`s}T85(m!`#^1>7b4lG$(&5S3wk~GAW42kjg
zM?wnh(ykOhLIm>tf{tuEW?C%&ULD29mLq3adnx>ClP5}T@cWA_>FU%+nWkb5Xl*ZD
zh#;G0oz+Up+A+ErnF*jCSM7lk&O78m7&=fU4IRXGTN(z`hvg1OP#JpoF~JbpYxbEp
z?RLrBk(c+W?iDDloKFd?Z*3i-1c)+ndf^pZB~0uSJ0q*_O$_!<fNjd&QuAMB_pAr5
zgYH&Xt;^03Sf{GH$mC!?xXkTJ|G;aM7a@?Z2D^rZQ_JZk^OzDnH;DgJ%P~YW*#Mub
z6q{>~AL9*W+lc>C-|BpR#9`bs&3`}aNRUkbEEfKFvj?fr5E8!*M0g$EfZJy`r28vi
zTP^}0oxfPr((2$v*_S2+=;R}&)1<^F5oS<xZ{nV(D{E==-SkC1A{PYowqxAAax5$U
zULM`THbmb6@)feF<8dZ+P(^x(M7H5VzN*f25AN}wKEY4<Z=SNOK8I`lj!n_4b$yUU
zt~o8l)-x)i@1!l}D=izt08ZI7E3=2!&)C!_>gO~!wW1#DgV7sFW(03F>$PeqnEi&a
zoQ{r%64!;W7+x?fy`*pe4ZjYR%c^D4wM+D}u8-LTP#Vwe#L=>PGxH2?ezrZ(MTB(v
z?E<@Wkj=+&u2&t99!-^60UMj>N9Bs5u5|jvTx9VEC5}XI;MDUbo52jWRagTe+BYSG
z28`u5+3rsBaWMTh<fOz|o@8`8O2Jy9A~i1!-INJARu=w^8~Ig7LHww4UmIIt-u3p#
zvV6v0`Uxbz>44o)!M+u@pmwoK_b`Pi{<iDti9B#8<sLQmGA3UEHHfP_jX|!t)G^ls
zKhnY$bj&9^k;fJz$s>&XY*hgHWa`$_N}l)AU6pxID`E7$hM0sQnu1a9!mi02vEJhB
z%WLWz=ORwjMBT$9Zi-}$LWPs_)_(Fv%M*bM5elJnM(ARO;2dC!*rZawJV5K{jq**N
z<JAB>2cXB9fp<@aO3T<msw>DVHe(1+o^(5#K?vAI%c`%wXLCmjkA56(Upd&5zR3l-
zgRX^khi4X(<^d&oGG7mysZX_`e%penRL>gNE&M05Ma~twE8<ZJlcAP>=YcRZFjxA*
zor_(xLs4s|c!O(D4}<m~jY-Q*Xh`V|%b60887RL^XnHdmcIVB)>9mr?rk{#D@7@zw
zsWQFQh`S%m#$bD<O#OrMUjnlweIPF{&sQv&WK#h=aWb?jB~D{A<C#$SGZsaf${I?5
z`i%=yW1zNl*T>P-*gvCc?n}GI?kg0xG;C`f6|6!eROi9|=~z>QvA<#SDB0pTam*lX
zZuP?Jtx?CHk+i!X6q9HL%*5My3L-XPAr__BsYjoSP9B+G5+^{_2)<Xjw7t<{zX5@#
zJ90By+wKPqgWW@<j>vhem}i)zcC2Ir96hUT)(4~|n-fNe>ZRpJ$}cKpDfHEPCiC25
z{&EFC)DP3Hk73zWGK2J*H^_Yt`x>;W*>0>nPk`nYmoZ`0^{q~9Wcysspbca_GuC-I
zmSciOzR%JR^49q;J_L-VY{V_<C8UqfuL)*zrAmW0)=OeR-(F;FBa}ylU9(=+j0W=X
zG|t%BQv7GAcB}H@J%)s_^!cTp{4HcQ69p;j@UPHw-fvP~<c*Z|!89CAe#bshPJ1_P
z;0eEM+G@Q9%=H2T>g@goHz*NI(M4T8KO&eQSvy+5QlnuHJA5y@cGGt!sGzrU(Tmr7
zkiI2#{3y$4^V~tk)9{Ozmmg&l`KdM#^?|1Bu8#wXe5T>wq0$ECvTL5d2E9tMD%VK%
zM4FKXVXPPJCR^b&yB{<?Vw_c?Uo$t#I9nE}uC+9v?OeKNCa)v+Kb}m7t1Q2P6G>5<
zp$^D!NBF_u4to5kkK-lm4`rE%UEh!R`}Nl8P!L~b&TCDzc>!Y%70c_JDNrYn^e;E%
z7wJ=o_!o1gg`SCp+Qh;$nT2xc)R;L#2{hZKCy`EUG7{#|=h1ooXm~~KKH_4lQx0o8
zH0=z5sZ3YKjRHFM2>-2yNEBSKIyh{~Fm<0Ke3F~WRw^s%_#SJU(b$Wt<?}!Q-!%e*
zcpyLZzQ|2EJh1VgjGxPO#?ASPt2Gz-tM6`!3)x`P6=sO(Z~OeG^MB5aAEn2@G`s@y
zZ#!4;20+q1Y--<d*{r0eVeRiUwKqf27c9r6SozKn*!OMh$_Z|X-q?Wuh=9F;POb;;
zmz<0+%vOH<09MI&O)8nlrJY+APhRT5XbAcqcA^L4V8)s7BK!@x#KJv<4X3QVdTO-m
z`Od(3j;S_c@ixzI&LjEG;9r~9E-}GertQ+&1MrM&<7q7dswAz=&i*6Mn*=!8JjO>I
zDA!zMZ>(<yV=Y4>3fP}Mqp^HWb<f^(I+Nl&N}}T`;9-hHeQ@x`1?F{6u}AY@h#1>W
ztTr@nP~xqhIf(fK{UT@37S^OniYMaoKlGJ#G;z-cb~UHgCFar)ex%Gu=;I0ZIb!{o
zUz%#y1po^v8Ps<oy2<3+1Df_VmMA3NB&E2-##%;`i;S{VtN~PCpdLq)Qh8<Ja(7&~
z4QPMI(c7-kgK<;Ckd%^Pe#Ve7W-C*lIegnS3CWn*P){9M_&cHv%8v)*Y^UUepbfRc
zu~|2d-=<5jcMk#G^jOmvwo!lH{K6Y@;AE;J3r`2pDmlKeA8$}#f50xl(&4P1T=lHY
zFoXIB$=~6$&2Re)$K&ulnN(?Do&$eNig#G-C2w~o)$mk_UNz9|nUu;fZ)?wq937dl
z5wPtXcn--jdQj{7^iVtM_`p0qY_h4}xFGw%)&v;rNB!EHm?ZOL3TM>!IE0Lg>_+GB
zOP3t%Tm7zNfu{hBgVI*-kaFdIE`hV#3>{a84v_2h<mQ=>Jvsxsv#ExcH<iI$8(uvS
z^jB@jG@$v3fI~Y|s|jx+);IcAJ#y}ilnpyfmV7cVT43SW)>q`JZltaOg!<Un%?u_x
zk3N1Ln4E*jD=A4_^}kZDCse7~|3=E;nkZT<-?^G7*$?{82h=#6OAp0JS4uj=8V&8(
zepe#6F_+2Oq}FILqIK&lV5kvdcspzF{?caP7=-_NKei^qWc&e>a{UB9IrvE2Mb<O4
z>_iE2>OOHZPDUpp7l!BaTMzOM@QbOjOc(m8+K6iM*ahZ`^_VtxDGtr61oYu#_zjQE
z=UhS0U#2A5aE&_4*XJITt(B(Ru=0j$_W_n$;f36eIOqv4!;_nq(OoxXRukdnDM+tl
z%6bv#3P8w!b{*H!{v@3i2UyJx11z(mHh|k~muS!4>o{y>1sd1T$BHuyeEMO)I%nnF
z*svrn_Hs*BGmgi!@^duA6R$>#1w!_mPp7*@yTETYl`f_NL3NB{X7p>Gf>?v|_?!Cb
z0flnSbLYaw+OmN8y5(z~+8mjF*XZQ6El;;gL@o~(akE@FL(VwqpG%tcfFPvdKNPmX
z=j5ZcfmyHPcD}pnl!!=6Eg+p^nRWH&PIO=grR=cW6Lp(wHo&w<S>(E>hw<2i>`3&z
zfpn9<6Iy{Sa6YD7@=DOID_kai4eA}0Q?_OO)Y_ZU)Pu=C_0x8FPLu;yAF7?C6h^Zv
z#lNo)|1k^_?fd8z$c2&^LG;JnFF&S;3%$D8L*I+s=x5E6j2R7kj>jt&3fe|>VcrDB
z7(=>3mF%ZnmozKP17IEqNar*{F*Ao<pzQ@Lq@DITwSF)#1Yh9!7f?@o&JgoU2jW<U
z2MCsrE-sGg$^qS@nAsbK0n0L<IQG<HZ1t22-g}hpiSzL##Qh@~cK{9p)z-fm0zDZP
ztfFHFTGCxT#SGI&sxzX_T0vs$68F4a&DGfIUnT4+3%IDyGSpJos6xbeKXr+QRSY@(
zyDq%P??-5pFWTQHAA=Y-@&HM4*n=gl-%Yi>2vO^Wb!rzVaWs%-`Y@$hu(7k}#2EaJ
z8ZePvD6rbf@+yWv;)mf*h@%c#$e!B<d?suza0#=%-j-+vA^)aNL2EA#SC{aqk8D%B
ztXaBz&e_SoQT3qhh>~hNh~TS*tR|?;iyW7`&d@Jjr9@a3AU{cB4_e9BOz%&Y<Vmmo
zN6?5ygwfhI?Ui-7z~x|J4u0?`T+gv;f6Kp!R{1MDx`iFY1hlNRMm~N;{bp<2Mc6T5
zaZy_*Et2&hO;G~J16$)H9@~>m87Juf*6F^y&Ud#@rUXHG(=pwLXlay0M6TA`7D+#^
z8uo}%Si81mH2hiQJA~~W-Rk7kdFY8{(_xv_Mw8{@3DP7A98@q7N5;VmZ6F0mXk}te
zb8Hn6eX=$D@yc(RGmsy$l61x&)ThEBW}f_h+tQ!z7<>-Q;ES4Wj$&J1NwKn;=TqSR
zP_yx;mJP*xKGiV%s$A*_ur9JSDDDAv31r3+Ck4$n^Sii*(1qvia)hLI4f@~mNI*Rc
zHxgTlR93l`KG*$ze1)B_KbYK=rl-WCV58O%3o!<oVeL=<lWY?EQK^=WAND%2Kgj{a
z<F_A<g#6Ek|D&GmBlQ>mpEZg$4aVkn3fShLoV2=%iF?nW2;XK?gg(GVyvdSJR#gBM
zRWZjzt1!}PkNIk5-DJeVcdNJKL`-@Ne|c$efw~VR0`u<ElDrgFefB3>l#E;iYLNeA
zZY9aWl6pw2>8z?n!em6)hUGi**!odlquk`S&0SkywpDd{49BX-T?K#WzyU<U$JyA#
zqW$Sh%6kz;i7(Pj_BjI^b_m2ay$lL5p=dwwWz~QAa;DpAGCTHN8D%)xeg^gR>jI2S
z2h(SZ5KLVE;`nXR(eYmp@=feFcWhA@#}~5W)>&YvRq0~&#0qaD0$AGyc9R@GzTp0G
zqHA-b9BW47Booj<;&@t=THC38n;W^twq|Im@_|J!mis38j70yvt>ku~t>AHpd83SF
z#f&!@P>SUw^^*-gn_B7z+4rz5Cud3{Wz_a=?h|$RnAR)rJ>cO0(>BB(N-xW$hgT^B
zK!uoo%y^2FEw7pqTP6YZ7lcF))@-VXu=J;jMCnB1Nvy0fS7^@tP4Sqb!Q;KK(8s?O
z6%`?NWjcwQsESp}X8zk!zV}}XyAS%PD1Ue6%+w!OcJUVV<A&n+&jzn)A(4e}t^l~3
z(ycwOE?5hLoii<9MK<oLY6L4!V&c{Y@Nohj#(Z@Zgech`g*Ox}DhQ|ckya-8;6{jf
z+DZXAw$xjjfIGTsc&8od3o(pXyA&tf8~Y89@5=BRgXf#jI7Uqi9+&tBz!vgcltzXk
z$(~i0cj?2Aklo5OwvZRCb`OpTJIyy<io#rMF1%xx`HCiK+&C^*=q9fr%7fMxj)@q#
z4mjj%@wc^O(gJJq^*@y28y^%h`DwCorzFA)XB?7ld;8XQ+o$Waw8V+<al)&D7CF(x
zSR7vfK0F~>X()`ti+T~0Z;nv%m|cVzPDIP(uqIqU^A*lD7)qxAYpZ%X&&)VsIoVxj
zOoe`H*|BE+P<8*itCY~$8r{!3mtvPz2&J>(SsMcp;BFJJ`RJP|gHF`=fS91uw8nUF
zs%d?ikjhY{M$|Ee%LPfrkP6&PkDfUOIzfL}AxJ2`WK&J%uZ$?1k5&J>0#t%gmy`Ty
z$G%SrFW!v+FGphC8}-N+w5vIyHgT5IlLn_RWKvpimmZA!YJ3w>$_*E3Z%E0M>5}cz
zn>fr0!@?oBdn4rH1o9XA01J6ABjU(CM|nY#$03h8a4P9Rcm(-@=9RKK)YGta=`xPe
zga@tr;fswNq)Qi~RL+fah<k1A;qzBRhPHyrU3I-)EyE#Hj;A#G(J-S533MZchTK4+
zIO&S!rAr<ccaCa2@2EQ~uYxPk_`cQp=dXsAJ3{dc44EPkW9?rfzW0#S6Oyq`{2R8=
zIdD!mywOJ7%>)jo=M9u3`0$PWlS*jM&#cX7?OCnfPh5}Xrf67mh$%m`T2q^;UX|fv
zbp>BH-!b9gesO&Dwqwog=<iZFJhOg2Uk9?%YuK?2{@K2mkc1tr8pW;{##>a6uqG<2
zPGn3n!Kkc5JHM>*`$E?x8@EQ|i6^h{;G{-3`Zs-u(~>$;$x~`BvlOuR-jpxTnRvb?
zN_E)Cuk`wBoqQF#tTo>7%IfQGlg<#~Lc=dcvlL47k_qPve{~;~74k3VXPc^xK>OwP
ze7(GPMWOC<?ic;)J<A)Wjs7W`0r`0ZrEUBp2FIuCig1Q30C=c>&r&Mu%1uqh^Bj-D
zsb6-ER#lm(iP!SOzgk7$a#RA!pr-T!-4=?pKG`8kQAAsUhhn~Smr1eO8(&;lb}YY8
zE~Q21bMH6Tj!>dpCVN7AKGzBOmwe}{bPBUC0{44fM7W@(ZqIBb=Wr2=g6m1OHW9Sm
zE%w*ag!p@Km-ryc=Vw!?t+l7&UpFtl3ry(|Z?-=3v+iIJwabUZicM>U&cna@brO9Z
zTd07COa`X*c#%Hn_n90zcgG9}zc#Qox|lw#c-b_?cGJIDF*x30mf|#Nd+D*nK_120
zcS%Q}r{i67LmTElz5Bq7HUD&yF6s$W29o|e5@fyROVdnU%i4Wah7xsC6B*xgeR*Ih
zXlC$<WG-804B0Xz{u?VoAuVYb=9s{xx_aYRnTz<()oM99veu7Edfg*9DNsff%ojO0
zlJnC|{OQ^>BI5kmxxtP;{&17gUa78N{2LkM46+q`DmI5qgs4UEAMoERulISAI&sCJ
z^bipK$Pl|2my2zXXy84C(5{bKSNV^kIM-6<ynhZ|*1fIR?*4bQuwrL|M+K_4hwx|S
zpuWkA`J<I0u-FvRKYjO_z4`L;0l1m2RTsx=yeq0zv-z&sRS^~i+*H1N0NkVC?~13b
zNm#8^KWGeJW`Fsm-D~K#;ITXXhleM8B>h=FZ@~ff{iPw_g30pGXOQJU?>jwlr^Rc(
z)v>)4RLV8vhs*`MJP5nOk9ZVysx^6(_QOKmaKvO_wI5U;5~<OXM^T`;vdnOr?|y%F
zVQCtU!6}`utuyQVa_856+z}DVS4+RcJ>|Qxt*sjVEnXc0V(%^2jb9+vJYZX=_UGH>
zeL18a0n>Z%<u^C2MB*>Ot$q+U$pVeZ$oT#twj5UNq*l+bU*ZHTMpQt^vw4G~Hq$+j
zfRyleS-Oy7v2|%wW>27LcXfQo2qo3~+pGj|>st@b9=8DM8)|P9g;Peu0on%D>GB7y
zacC+k*px@WN0LZ=S{ak%`oBmTpnP?iEd^@WJ#L?FbW%EFoa1ygSH;t{!D7k&$LgcW
z#m6JD$cEOrTt$fnc+L?@^*&wL7e|H;KLOJVGW@A*9z_=(cH3Lqu&1fLbU0o$;N{ny
zZkN<|r4O+yif^@dHJ$shxN<NC*BN~jHPG7Di}EX_q@^OTpl`wdI!QS-=++uRh^<~m
z7x?E9((Y_AdW63jTr27-U?$}8Ozi8F-maAl#Up=pfL|>Fk~S1rvE!K*w1Ek7^tyrb
zZ>-kw;NBWFAIjn*PyT^43)N8&XyM!)U}>xR7?OdR&3;80_@U!+LlapIUhDp|W-@p%
zWcP91D@p0aH^^N}r#)G2|Iz`=9PS0Ljim60Snztvi8l*vO$F?saBR4^tkJWy<{iGy
zJHp@6th&#U2`}An^U#0`_x>s4^#%{?7BXHlH6@9x+ahXcEmHFVPMx<uaj>2kk`eV{
zS|n3g3TN)&YmcU_*nCl>_Mq^~4wKpGl<#z5kB>n4t|++_TJJ+n(>F7L4GMB!PBvz^
zaTG#Nxz%hr6Zj{Yv|tcgknp9|Ktx?CCq;L{F5_wyCCoy8>(t6;pSczs-ivtrAe=Ak
zF^Yy;G)nEwQTg4CtL~G!cJow0u>~iS_awD-Io)CwG}KKVz>K@k(c2cLW5MhuA7v_T
z;1~1R)7q@bA^F7KH51SNQCej6ztOVV5S0zmOEvz_Y7zdCrx@BBRkZCWmUkq1ODoMe
z^V5xCg(uI4)%?ZST$Lx&i<X}xthlz+RKJqx#{m2xm8^y$)kPsn9EzbF;Dnog6Lypt
zpf9Hj8E@-#A3N~eP=|SH@8hnX^L$3igN=Y-SyY`pGZSga54bnX8A@G?9WbVjrH|?z
zO=~rYV1j7f!`{id{MHYGVESjI(UhF|6X$iPV8cf{hicU*d*e-<s-zDe;Hsuhef_!0
zXQi)lCKMYpP~5|0N?w1UdiCN)&-hfPSxTz{EqKi7MoVw5MRma-D4H4LatK#0NWqRC
z?kAZGIn1#XR8mjQ%iclVlq!Lgq3TsPc%!sAiop8%_>iw@Pwzun@BeV;vmQE*VIHCe
zHhi_=_wYZe4+gegUkpDvP^_Icx(ehmW?>p;wNNZa!AwW4IP~EW-wZ|nzr@#)+ZGE;
zl6KlL;x`Q@x(riV$8E;|Bz<O_p`u_+-nL}cEK_QP^~oFQFJdiD>h1wtL}<-;08Y!i
zYg66+%jH>NfK19z@581r8IzZQJVtPb3I<!_%a-oX&6o3zkT@}r1`j!cgxnAga3M?=
zc|0&Lpf&q%{2Y_`=&pE$^I{%K;YF1$^ORJwF3PuY3q$Ni9Wl%Y7Njp1*|=IHh)x|s
zDS7o0p_2z#p+^0bO0t8p{I2w0@UyY}#;`QW(S4j1+sAdAAm$*Qymp^0M*g87n}V3@
z!EakQM}FJF>v-B>r!M}}zMJYV*(7zQ373#KIkrC|@0`CjjgO9$(84U1<Kl2`JuD42
zqZrrVXCV_#s`Cea#g9^jK=vrBA7Is_+CQC2$ImNDJMo7QQ?iaUat>rIL>FVok?E;Q
z|F^|6!vZWw$=YAGpYqJRiXFhNZpo?H;w9@Y0)SX*YfwPU`HVY%Nz<~$_ntpC8SH4p
zuH%XiI=}XzyWd#KJ4fpV&JBX+7i<f!3&6;!MtWa}*}`RMEZbuXF_7~#>EIXVub9Kg
z?z{I4Q8FjEId|>WB9=Yx%#3wCNL`DmFU9;S<ug?I<J~)*5&2hr-C7%Int%{M`qO1P
znGUTCmkVX+7Qz3klI~x!+1qYyH9e;wxY)b)<cp|HiDZ^glld*3YN!gf|K1Hlp>Ezr
z#eKdGs%j!M+^hm|_S`6}ij9*!yv8fdJu!XrR8ujFJ-t%Lcrz5Y`*Z6-=6LV$onkXN
zXylYp)HU#K`BfCvx5<+csNs8r7t-KP>t1WauC(C>o~0S^j`SKzmHpEReQlMma?xL^
zME5kJeqas2rJ#|o`RQBe1-U$@NDfBGwS<^C*<+v-qlbm=G>r&U;*gt#LwK&K^&pKt
zFQ*L~Z=XNMf<RuVhttr2H0YVSiS^lluUG`llaK2f4+l}z{OQ12@6$+D9E1M<EzV<{
zZ=+{DDf(hDJ9W)$VVePP?Vvr^8`Au?NvY01|EE}}9Ol=EbAzBNHs|K*@WaO5$Flki
zW_a$l3~I2eh-(cs#Ag@JO#lQ55O&%fBp|kLD1-jSo2<K;K8!2yf9^HtzN2+M<1Zw+
zdeB1N`;nGa7ZA6eVTRyRDJ?!@#traiPK}LyWxdkP!<^zb-Q->a*&O{huTiZ;tnoui
zBVseXLUvw+^1tHYlA=d)Ceo<PUay;1eyaSVhB6vm5ULe?b8@;eFtybL$eRmL$o^ho
z04HTM+@x-kbb4aW-An~ijDOm*^j<@Oo>a2;qv%cVsu|?>aPq3fH~q_4IG~LRZ<v2-
zq?GJ^%wOxtC0c8v>0?}OxXWA`cC-%Q-KYB1VD15Jm{K{dxfq`zodY>8UqBQ#VZGl3
zGGwV9d_7%8jo5^j42E;TP*=dJp2*p><oWb@Vr}X946nb$vZl#PHZNqb>^r25DT>+9
z;2gk#ei&~4sG+xtj}P0KZsv%$+hy9a1ZeIK6xdpbXe=9zX|D7o_r{Bl(?R0rcsg~b
zts~z3=uS)R(#taJmYj@Zal!VVmC71((CKyjgci-u>LRNY@V@;Sg!6&#h%cQ-8+}YE
zns2mq8KYSEwQfe^Iab{A$g`%d&A|IK`eL%%;Hm$H;I2j6D-oD!1Ng<_nl~&Y6Y#W3
zR0nO}Y(!{)^tqG&u92aY+-l;x-br_RX_f{6I_{HD46pB*=mnXd<00xVFav#)v25xh
z(MQRR^r935M!qZVebZevqj^iGj@_oI9;&B&vn(9QfFSz3-@k6klfi4Q-xuZ+Lzbzm
zE@F+K>gmBiU?}X?8aY4v@Z{gZpRa|oVro*B+uo_s+<ym9f=)?TqvVF-_Xq4P9H>Oi
z?tS7W=tZ$#c0DZx#yg!R%sA(^QL%4E0A5d?q2&B-%Rl`v>J+Y+rLbqY4ls(_?lc(t
z#bIzV%lqxI!7ISAi&LNLLX1*V@xgHcU+In&zqK+s8WHttF-sWeWgX!gT7Sm_YF^ub
zDIi!!LPF-JpLtZ#^4Vm1Yyjt4ep*#fhT>oHJ*^YseS5wMNPexN91-8S6>^H3(&j9_
zsEend(-zB-$!EK`0ZG$A{oRz{2anY3%l2W}x^s-;f=>JI9vf#H=xUA9RBB_vt^bR?
zHxEm4`x=Hjm7UV&%(PT8ZL~DAa@NXIG?z`3ik7C7V~P`^avHRb1E^(cIaH)sDr6=q
zh&Bn92x$r`0_B8?K#GEb$a`DoJSRKn`L6Hz<NL1nz22YyczNHqd+)XOn%CNEZ}XSR
zpPwx+47+-(&7$Tph_fSnJ02ohlE4|OZ8M`q_R&@Fh(r5zlNvK8*S2mWhWlmfNyxjv
z(vlUA+DItBY_dfd{}fyATsg)(cS$yO{GJ}5sefK<@Tm~p<?~Pa(HOF8i(Fvz|HAJ+
zeo!|Sz^^O_;R%+XPUzn_;!PuVBC>Qoi3ICA{R+CBz>*X=DCtPN=p2T<C!D~jM7IYr
zyzrLQ6|&{v{*!3CmA7Y~872h)_Hi{aoO3Zc)SY){5|&7eq22Jsbr=#vu^!vvuvWAT
zfMHpm2x4>im=>Bj=s|y|A>Qm;c0ZSxON{0>wlgA~MQhDesFz2HmG=R#*nG=zD3jZC
zGa%7}V^8m3Sc9OSjNW7Xr<)-+_H@$RZ$H_Z8Qrp{tKf)o9I!<Q_xq7$#(i`x`*QpC
zCuIElf_$iKRJWzAe4B1`!+W<cQWF3yvkpakwxvzL5DhUH`#{TlQGb`4nLQd;ein0%
zqw&NKDmNpUcvCJk^UZxD#aq_4w8b!Poa45WKhryD6PvI8A(xnY+7sjG_hLc}O4^W~
zy#)d6N?E8)nSa)JVqa7UV1qjl{-KUbuHc_rb)9G>Pf2xextmbEV2W(QM>cwHbNMaT
zOszL_*Zx6@$IuooZR^0>ZE@zmBpJf4EpBm2nJk*OAd$X>*_C9wO#5C?@5%&-c!>*R
zwj+8%ca}jyc$OzOIhdNkxN*wboKnw*4Tw84kzIYR)+EI#z~^L%>zs1wXww73UCuu`
zxKRflCTF}EY&l;?c#iyL9Y~{nAq5U6$6Tulk8MQLtCD)^G~)ySiT93tK)42N2eCcf
z7sOp`fX=(|jz+x{0E03meH|WlZhXDh$$k#-=q>ianAUq{QAP!eOLsc3cI}V4nC-{n
zLp^gWR9R5d9U&)CAfRduMt!VU`MBLA=iJ*C5@6Vkn-%})E&%3KT^I<ajzI|CNRyU9
z7?)pi+N!Cz<0!&c9r3^?5Bb)1eoj5>m}_()SiLmV{$!$9oe*ww4`Uq%qxR6)C#19>
zM%98f{^eaet$}@oUwktQCSQ`iwXQ9wqD#M|3~BQ*$BI>WHAl8JTKML)p}9VLH6`0K
zNAZdl5iUz=H*u@9=(V<7dE4aO8Fp<Z;}+e93M_MInkEp<jeUG2<5~yP`JIg?p;$p0
zP9NL2osVxidFpVG|Ef*<cUw3dG6-m974o;Yi+p&1pV-!k08rbK2v%=EAnUke-V1Rf
z$cyOo@hE}E#3g&8*<oHV*GlF8+DesG@<A+Ki7Dm;NmP>3L>D=<d{s8PfK$}AQ>k5?
zFrk{*94iG=zTl9*mAQO6RAU}zRSu@`$ql0!Lt^HE7z-lH&Xbm2RxbRsje-<lrG{bt
zm=5WM%9y+MM%$aRJ?&z2lh{QJZFj&MpQigO4K?>nwcCyY{U}hDKV1CnA@n~Fzqz%)
z{|6zdQU4)^?;(!=tBE14d~WQ745iEs{FZZ3pj2J%5R~eEV6|f0T{Tj8tUcFEQNY}p
zV09)&HI;lpjjoMGz66y{3K=z%xJB$Pstu*H2piL}!*r_0K93^by#BAIV&{9#Jxrdh
zG1-$l`Gu{rdiT&l{$)|MhGBCw?W}CM@BNXr)B@o%he>KpO$WxXl$RT$ynPI9wXKV=
zA^`Dj_IYnb3GL9e&7lrcBReemQFx`191UP^R=3<(ywtfs(NQWgG^sh1@#P?pQ*xjD
zns5vqS_`Haen}#6TT>*J?U<?TR5dc8uI0*p`WK!`m|G*kNeqBt$5qq9{2e;#?_Jhb
zue_m7kL>l=3uR~Iu78zm0UX879y;u>k87rXXf;-(NDLn_^tJ`U^!s+-nJ6Mm-D!bn
zm<BoS_<ruKp_bMAuhh;q@a8o;l_!lOxCfn3F|~!SlS$XK6RdJ06LrKQYUcU<T=|J|
zcU#3i?I|hkISo!A-!|`xQQc6>gE7#uOZzWfoEO<`{M#@CF>9YcDMQ)Pl?a5+OcIlK
zy+y@HM#Fdik)cA3>`WQy8ieG8P<c{A&*5)5v!FUvzA3ic$IounajO9^&CGn!<y8_D
zX6BB5lpV8<EO`&<YL-qRn&I-Jq0zBK{lJ4Sg}c8ve7TC<wKs;RX70Ubap?V&dFuzs
zoHaFUjXhc8#M^^~8g<?Lc~_hL3F|T%{XrNCJRfAX`wp>zsk{Dl5|PtM>loBieai$2
zfk_VJl>Zpl1Ju?w_0X*GdnuwLhUTxY0#R`q3pc3d2+UQYaY9$^Bq5)3=`bVf7z>jq
z8LWI4aM-)oTYO~eIMjdYuAJejX*L@cAUo~qm6}S%>_r}2*AkAsLHxwvhW$<$(vHBb
zPlcEw<=L$94|l4d*Z>QXf2jBf2pp)<FHcbdR|dc-CfdQ<sZa-R`c(iQ-B~{m9i{gH
za{ZC2k@Yz7@anF?u+fTydAoGg4q8jJ5{WgL@PX=m{DX@P!+uG_mivVmps_-0@ax>!
zQ1l)HGf#r>*rcjuX!R87J)Jgk=^lepcldC@XhpbgjfST#8F6vM8-w*n>#Cg^)=Fy+
z5EOuheD<$fcRbbX$l~q~F)td@gj08bh^B3r?Mn4O+!xH8JG7;G&0~ED+B4jp^I`?1
zj&16r80&K}BbH;D!xEql`t#l=1K>?WO*7vByC{+Cy=2*=i0zs|7wvk3JK9A>u(#SA
z_Ff-S>EuwjgX&^#iDJ`z90+sc;?(Rh)zhM);WzdSx2$nraBXgagHpaey(X-?F0!a6
zqKtEn1Rr>#ZRPEc1Y54XfF|-vmAA_D06e@meLIbH(8u>r3^`0H*YCcOaycEp?ZEzS
zbUCD1Nu6yCtRW}b5j=A>;F~q9+U)}(#&jPs`PWeZ2CQC}uUMIBS9+xSS<e8A)~u{G
z*&0LvBGNHk{H5ys*GvJiHAGno0Fj#eWZGUp0qYunv%k9fBBg4tQD9$zf&++{u-8fE
zy{-c>o+~UXm)=6WGtt~O0Orz8u&3@?n%Fkoz?>hudEK3q)o&ozx4un8!1wRb39T^{
z5QYHgs@wBL7GV#Qr-YLIWyRsxJyVFBE;)4`CfClkiJ6kbNMv2x$KSXsPsl7@1gs#v
zdZ!~ElV{A{J}iM{1Qkd3$y0J$!hjVR)y$tJI$&{oo*@+b-poh9Yx|P4S~9PIIo@F;
zLm(K*i&&>QtbZZV$zdDwU$M8v(V%6v={|$F;(4jfLIP7dgx<RE+S<^XAyd>??RtMt
zZrllWuW$npq|qBSWd7UqG5`a;!c`nreTe(*7iZbjHhfN-d7$~Xz;|aLYP|GVI|X~Z
zo)crD{KgJDrx8-FBhWF4Z{dzwdhr(6UF{^>G|XMH&2y$^C@M(2zzA`DzrX5|1Fm({
z&>+2Cn)to$L1&7bWYa~9jb`wU*+FY>E%8;<g7+*ApK}T=M_qiQ4V$IIae?Rqow<j5
z??l-h;qC)6HB%eGot~B6zrpB2?2TPZ@9rP_QuyoJU$I-?I#pl^yvRI|)e|QN5AGW$
zAaqe3yv`v0Ti8gNGSm=*mM_M~Ia`y=4(xhNSUbh+glW)WZtNkJBX!lR_N{Y0AzL=3
zaqTaY%79VVzWk_W<INpwOajkb4&zBn%4<N%ufOKL%x*JLX3R@FMKZIxcfWRI{qD4g
zwFQpAdS6U~7h$Biv^;QboAoN~Tk{T2jDb{>x1---7w`6WZ-{}-)VcgA7SuU7ZglHJ
zIaD6BE;&UaqFn4v0)=PQb7RogHYQ+4gVq*JjT`JY&27K5!RVLk_&E=+T1v_`q9!;D
z_E$%)pA#D**lAd*B42s$Hp7r!wf16(;#pd4<}NVhF`GK*0!GVID%;q{xE<TnLpIZA
z9}3nFCDjhr02xm}XL6@8e&g}|9U7qS@bUKK8*`V=zBSLtNH?YYNVC)h#w~Ix|D!Ej
zd5$(Td^cX#p?8ZmIC{TIHgm0^?9JkO`(+ia=tJ@>l>GqXaKS|a$m~K!9;m)*Q0?Mf
z|ACTyVSz{f;A%~IM%-yBkznu!qc2J1^L5K%+~1Z6!psa3X6pe}1oz+vpFh%vQ^*zt
zt~>arFz{}Ua({-Gc!8mdjQMVm#h4PE9n<g*sIaBt`EgnE9Gd;RhFgpf%l0cdMONvV
z7HNZ-yC_i4ZL3ms5Rk1#UFT$EzS~wlZPl?UYLiZ*i}2Vz9(yzqx8FgoFMgHS7B(-0
z2BcBS6|EZULh?bdnr->!iZ;c{G{aBng@MLTl@-<&h(c=G@q_4dva$#kkmfv)3gS$|
zD*bq!hx#Op+Z42R{tLkF5>$J?-83(-W63M+Ona}xOP?1|^)d-S*~FE8Ds9zaT-@$~
zA;QB9SoYKnQR7b2)I-h^^|pJv_U)N5Z$-DUqZUe0pUYXgaLi}1cPqdH^-Y)><v1(%
zW%S+pj6_P;7T$xDuC=pEh2Tj<-~{fTB(fepWhyzuPZPF4T?#{5c>BALI*~d}jNbSr
z8izxtt>XWbhi-P7!=|c{MY&_?4ilZXzX{3lwbSA_RgoKROo?vbNXZYSI`PNn0?!Uq
z<NovTn~(PDKM47MOAIgMEC=NPd#V6WJXt;oTznSeHci6pF)(^xdt+COeDqkgG8c2R
zWuo*7KyA7BpJ?s9Oj>wk#)Y98RlQxG9pED>_{VzJeACEHccbD|!^c!#-^=S6J~pY{
zs=yyL#Tv~$!(^q;;ysJi5lEGk?~YO^#Y)b4_!5a^qB_8lTMUr*bo+may1_U%X2)EE
zxv^E`dC|>?)=ipk%8vuQG2I)P8=H*htCSd&^6{mWz9dLV4p>ti0V3fs?-{->!GaC6
z6y$0D@a{_v0GO3Ouc|s{k3rO3l=2f$cH6iJ^|hvVjVddbMd)TaWjF$JO*yaSW6S@n
ze3+W+$?>_l{uBqn;5VzM#t@8tqYI2YKHXH=W6&+w2mlR-YxXWyH+Ww@EhGoP=6(zi
zZn^idTW<o8S10|1>G4SQ*yM>0-B>F?unqhFB>(DICpX;a=J#%(833WZz-j7hjplIJ
zxB5=0tY*BIw5IJ?&E)&=y|~(m&Gw~>C(9jFa#EKHFrrj=Pg5#GoP(Gsp3>YkHr_&N
zjf(Anl1V1)mBm1&6`&d)y-&quQ1lSsF9OX;@H^G&Xb^wYMM~iI8Xbx5`WgqM8y4Os
z4fXXeA3Gz7Y>CtlYUU^I4PW4uC?S=0A(=%9x(>c&INr#{ntFLLo8v_}e-1Y4T-_zt
zDK5_d5DjZ+^~aZ62aI#l1R{7yB{hlpe%mojj=;Rvr?Q%W#??BJz8O2NR4ZP4K#2%$
z#!i%;WY;#r-b<~cLK1l&0!(~K=FI5YMpybh<Us->w4H-|VWNKy1vZiKA{U)Q=T35h
zCaeR3Uh=ZU!AU3;5+&m}E2sR4{?KwVo`u{;v35XpSJN>UrW5UOlmsLP@5RwInI|q4
zC@Ov8mu-B|+!d1lJmt|b4g;It7X-MpwJA;py>*EQ4#YJk_su~mSu<!KU5oJoujwz9
zo^B|CCD?E(vxXWwJ4=g|N$erU*&bbQ>ev9WpH{t%ihUFgYY&TkXYB1@g^$dlC!R(-
zkmy>Z(Va-UM4Gaj*4h(;;M;vIrfKVOAkTEt6B%s?XEa2%0+d<U2y5w^H1i2(5*g%Z
zK8(Gy|I^^T4`oQNC|=XwXwgSVCs&E9e|4|CX&XF2tf?U5&=gPU%BVtxwL{!=(yNmk
z*7iKrac_rOaw*E67&_0mSxJxV!9&3&YI#JJdCokicjTEa(%bODnnJo}=!puh@qA&X
z&|9511!TeE3YrtM1F6~Vi|X1odG0!d60tF-#WQ;}#mX(}qHX$&lN^3gslczqCD5GZ
zxPzUwvHMJ^(40pMeuCk4Z94`Nmxt3^I{VChL-dl`v&%&AK;9wX66n$7vXQz9TlU{j
zi4dAGmfKVdPsk9I#CjS(l;1LAFXxymlR=Z)IQv3aL!E8^0w27}xen*HQIpd4`E4Rb
zGgLGPmYTbCv>88dkn#%(B>Q*6eB-l`@Q&<y9hv&o@k2fB_W8G*+4l93gBcQfltZMR
zSI)qYcht*E<)Z_kx-ga?rBv-*09g;Zs6`hq>Uvfhjamd(ChnOJp;=o=!mg8geFS~3
z`(zj=QYkZ9Bt*`OwT-lk!udYEU*9fD1QPh$)3d`lDjfH^n0V85UV2OPJ6faP$1w5A
zDhV&ao;6C7{Ukmrc@w{?GHcMsoX($`c;@Y1df`^jSom^XExcxEP9vu6{C>!Jo0AvY
zjR!hTZ+7Xh!HZn!6_B|d#=*j**V)W26Kb`u()C=8IjdI(Kikop*)|-Op81t__`*w<
zKp68)rofNMC>gUt;vKrU<Oh*d*VAA@Oo&Rm%*L0)=T=Kf!92=RModn18po9x1}g%p
zr7Lx<;0yRUw-K3@bLer0U}zMjRK_Dl(;%(QxuGKHb#ah8pZfgA7|#;*N*;MnSo|;8
zn%T!veDI$`^9$@Y6>Q1>nB4XF*7Fg=*i_B)(l@`Dsii~~*`WaaWZy>hP}duemcP(E
z)|5M;!m?USQD)UJ$oWDAG~U_Do3fhSV=G}`5%I{_hl8f@w4H3phX`0MvbI!I^<w7>
zd@<DNDZyoszLsg$cF*dWF!zF;D0om_>gsatNxi(GwOhr9AqDn18?%HBL9~(=HU23<
znNP?9OHU}KrIK~CXDsx7MrcQIX=Zs%2#fwA2Qx@;ckSJ(bY*%G-jC}xeDMQuKVXsG
zxKEMFErQ3SIL~m?f-p~Ion=z*c}=6bcDyXJ5ysm#$53D|lW%qYH0pNWev9mSdzhdv
ziu)IVH{>8$=^2Q=na*ti+rtx(xsER87@!<w+^?0ckOGbDt|wHg=yR?O5bC9)Fe_eB
zd7gvLeKHEws)(wqCJH(m|AqF+VeYkN3dl2LZE~gu#m&G<?Ijkt3JLn<%i-N#c#t`2
z9!fK{KmJ4la&K|1=3U~OBd~Uix}zCCbUW1w@6>t$sKC=Al{^)C57O6H!!|s&mZbM0
zQBZqQ%%}WSw_R76`>yjRc6JZy*07|UvQNv6%e@DQ3M#E6y(?UivEWcuEXT4oQAx9Y
zZ%-`SNs8u}&}pXuu5(ys6cNJ4D*YPdmey1<<AtSpHBj%BUdGW8RCm&%LLT00yW+DV
z;vT1(6yD=(bx+nBZJ*Qc$idySr;p^dXR~Q!v#GjNe)>-uJ{S*ml5g1jyiDVi?s7QM
zBP@nVK7GF1?aGDx2Th}f^x1m|VO@xk^b+V*{~@1WdQyVgB1ZurA3^*rJj?MBd3~X^
zksSk>;~$*GOkU#-P13bqzvsRs8W9b1{0G8HmF|Nx4}*P+NMYX0J&?op$VDGoljQbn
zO!;$TIyV$^f8K7pZIEp2F3KPgc@Y3{v$v9t7IR^ZX)$)6{*-17IkHRsx$`axW8b3R
zSaSGIXa^f{$tp&s{W~C9n&}I_D0i1FhxG!Ew5t^nFY%mK**rJ4Lr}0Gvd4jGy0^sd
z{+dwrn_#t+!V9S>(A`%0%TED0e66>I(3BX{4bLHqiOwJUxifFiboRILgp2{Ap%!=L
z47(vhhJcpnBL!{vE%BTQ*bx??#TAx$edP?|iA!Q;fImbiN3FZFG~L&XPmbz&(`Zlh
z1ZAt-ewpmcFeG*IGdoAj8$xdnb+}Ps*Buie311<6A4X&JWvMw(M~0EYM>~ig8)#$I
zd4I_Zu%uCKg|~e=App-y3`N_Rhhw)Mz!hRqDxJ3Iqx2h=f}IJND3f*CfTqJtW<QJU
z`KNvk#$!F0X>0bVuZC%;VLd*id76f)rC~ciPK8AqAH`|io%xA77NSNlM|rvFsm179
z;c<O-%X0dA^9lENc&5HNL0R90+)fR5VR#0ud)H`1)auHFyUYZ-s|1&nY3y$aYYB*v
zF{Aixqis+duo_3?3R8cc%|70+G?`?*f)R3VJ&YO|6cU(O8Sb842-J@?I3<5Z1Mn`x
z<MJ9|O@^|&u+|1I|8NQsAF&+-b)a`xtYEk;g8t6`P~s`0q-H({;CK&xu!|V76ALD^
ze=^Hu&ODRnWBXGAC?@B>_631a<28^BfqbaX-ODs~ylod4(n^%yO}5-*V)vrPGV=Dj
z!zC|_O<Kb69(I^o?9ARAj=Pt*m`4&azc?-VYNz0ij`z7WEguGLbn|9ozCyl2ALJ7X
z-KJJ9u|(?GzYsP~;Yb9pBp{EGDvN}4AUJ^O#l~%20aDJ-4cdMTqhGFZPnUBNC^(e%
zTsm5J?#J-r@`uStVf?6hAS&XWlT*+-*DKux`%7gI0ygGd`J`YH_bP1E6iwRG*0QF@
z17c*o>1?Q=h=5!!KmherI?qEjyW3o9!fn)*@35htVhcsuw+%_Y`~pT<bkxgR@+Gt=
zbhZ6Dpn$j#UdG>$Z07PZW{RQS75b`{i_-t1D|3lc`MIcz&<0EOhxCzfhR7{)r0gOv
z#P-?k4MQ#+tZ}oS%xO`XLPM3Yht;@hCeB(tu)`_Y&gJl`(Ju6r59dgo^(~Litl&nx
zO#ZaI2>r$w#_xfb=YXSn<<TKr@4=Y{LEd_3^~Yup@517WaIQ9-os2<#9S#Jk@>Djo
zs;&0$cM;OV1952GQ5a#Xs*V6wAiCj?6|OkpGmf$=9t>~#lRhlXLD(To=5_4W+S9qq
zs}ixuey3Mh0tTF04_LP*z11<)%3;rGfqj7U10l!H(cEKs%Cxyyi#3loWUqN^7#29$
zC%2a;$jUe20*>%}9Xw*(*mTQH3r+TBfr}MM;8>Cq%EMo_i7B}iUIl&PQllelmp-f1
zdQqb}-`uoc)@N;roCrX#D4h&W${lyk(;@AsWbtu$B-{2aP7JA1RF}Dm&)wF+528YN
zTxXe+kS<FJ0!7E@aWJA*=_LmY4Qz3=3|i*Gg4o`>T^J2y<BaJvFe|<G#^zx0dpj}i
zfp0jihlqIBs2saw*CIXS4#e^Gi=TEZTY9!q@h_ZS!(oH0PiF0Z_&Md8BZprqlsmI)
zZQ>QMBP!rZZ+Ub#*9DaG#pw&qc=LDq&os*zqK78WgsO*@zQ)+WFsNSb%Sf=<(1#4*
zmV4Z_p&}>`A8~5Ch-PK_%frmi)SOUWizrIgJ5cAe+EeNrHAP#l*_hU(lYsDJjskqp
z?E{hlmQJZ81$lr&fX^$iTe`FoUIepsK2{cOd++TzUe`ZYKCCMNeFft;I|Pqwbd<W2
zj>{x|q|W_7Ay2~b@b=}c#2Ap(rW5v`imtZbEQbD4{GA_cs`DSX{0gg{vzpb(dHA3$
zG-IY9b7m)VHY7L)rtt?SLpVAPKZp4a0?xY#?4CP%YgGGB02+aMJ^jfkTC=hNxsZaM
z0klS}?rh9*6?WwS_GXxUFt37`lV1KXd)}=ME2g=A@soCY{e~|^^A^^OMrVVjWncDg
z=tlH9v}593N^{21<3u5V{L}2(wl&S!VQK^%4{W~;1F;2|S?y)J=yVZ(37&qsOk_bX
zdao(cN7TQ~fia5ji_bA;`vLrc?F^#e2uMO^sjE$RMhzXW03mkFs3>Ds>la3P;n1{7
zma@Us6cd1anG2**@0YE5(vG{=iG;3z00DJjqrK>yY&nBY#R_a#jfa2#(unL>?h7I?
z2}3CYpKe2bmX#I!pJpbadgGj)BeNhH#^!sohz+H}c*8PiR=<k#9f14-h-~yQylQF(
z%$|PV0rNmf-(dBJ{(_9VLYy1E9<s4pdt(8UM>Q5~MTO=@yD2p!MNczpI%<N2iPb)9
zx*+W6%ic*$Nlxgv^Q}SbDoJFOPdSI{s%J%HHE`d8+5o-)%ih^dZ3p)gY@|eF?3RhS
zVXco?c2x8S_+f^~T$stU_bc}AGGv|R>&ZqlKQ8!(d&a)ECP@7%_7N)w9Glf{->cmw
z(g~~WX}@WySRtFDC!AL3K1tdhh+aC$R{gifM})_Ugl@Hw`eyvI?CjAG))@<KTs(5o
z|4D8eub>anGiGiQ`%d#ROir|vNYTd8lTFO7MDwf3w1!|1J<4l7SVj+^`I7#I#4Q2i
z2W0ynCQAU9+gMT(S}8Lc3+p{{uu^NEFRFxevzbA$DUNP+RxANk;=F0F{qj(0b<VB>
zoE6g#AI2ZAQ`}qQ7(c_jHqEIKQ9?)(FQI5J-=@E@7g}cg9J*!TB6^_OTYZob+?;!s
zO^zS6^@vALB@N#wxz?>Dt&>G;HX%}GJxC*8*x1bUJdKHe2$6RbQ^`oC@%<Vao=@B%
zxzgJ~GQ$J(ABKd7cK0QzfqlJ$G<!2RQ&K7l9ny7*O@6}Y^W;FPwt<lA`cf2wH1<bn
z?{gAFtac#hvJf2AO(b>(yXPVt>p7AStZ65mmZ*<M9e#b`)O?r27ajzZTDAw^XGk`K
zl@XX4523mrB*7Zms35zsxuZ}1<ZEW2#Zl<%Y8Q*4KH(Nak`fBNX`X*8QgdOO@k_UU
zIOHRT-J5pgAtA^2uv3+b3o^{pjeVLV)Yp*_@s=)E^f@Y6xm`O0sPhiU@*&Ay3c6Yt
z8LnNS?n57<X!okURmd;N0sdk9-15Q}Lf{1<)s4q{gH=RQCI+0pr2iZ$8gE;!>j@MM
zlwWHmAceVJEDU+gi20!UVPNIqVzCqHx#M4I;t#J=u1AN80N07KgLTp0rVEL??+S+o
zg^9-?@(F#lK3T|1TxS|k^vHw)0<(9($G}dBpOTiAE7RKmlSty^Xn<sKayXMX8ui?=
zquS&kZ}Av#`iCfG5Tu4~*$Fm6QCaRG)!6j(@g9TRCs4C;4M+&;DX$E5cjG>${X4LR
z&Bil18!N)pO2F~!0O;+iAFX%WvId1?O3qddhoNh6ugDNr(d1GRAVcmy0W-hokR)v+
zeY~3u7SBP9;8~^qqK%lrE*<n94NTRNr;5m1?Ex1#>qHIW91OPx+_jAaSVK}A+mN&a
z3eX4?grCzyL^9IGD?DUkBV?fMDzyXBc85>xn23-?QN|>Nyrt}oDfP!h3m`eI)+MGq
zs%u%Z2lBCB%2JN@8OFZM=*phw8G;fjE(Jwwv;@ka7h7%83|AurOnB=qFVeTe7w#1Y
zL^ppo<G|`dh&n8M1(xKY8nkw0Qd_PZ4tH-gp6^Z$!zId6*yZcI^oJQR5ttFI`8&dB
z_0D$pBH=!!e`m{{NQ;|DftR39p81X3U2k&k;Q-kqawZdT`#iN7G%!VYSW#RVp7f>|
zDQP8N9_-`7FNz+*X1yp|6h7iP)ToFo&%x7|*XaIa=P78Y&&QnnT|Tpoe;;gHu9Ur*
z1^q=n0Gao$$Mr<V`$;$&T$_e_9#Ll5p{yNp`{l9mJ=+t_{qmr)8LP_oJ}*kk`gFLF
zq=<irtsHkP=9i3q$O=_sV$D`U!yz@4e3$EB{+)3KvB2OlIVL<T@K76Y$}>hhiV&ZL
zP)*TqmLlC%k~3&^pwaFqr%czEoq{!sH<zUpbE*LD7cv_wx+M<?Ho-4*3%gd4;Dtgi
z+v(OC2OFd?Joj`^pov7hVmw+;Rj68MW}QnO{m3Z?Ro?WYu8}o&xL`zHB~k;rA8TAo
zHd<(~EXL|*s~o|1uVlX2Z5!#k2Qo&K?@Yj*t%NlH0e!tjY3cH^u6kc=9u_`8>HOg8
zCscn9iT6f!y$la1v8gHTB4u=WRl{R8&UNE3P74rz4Mc~Nmi3j1xZDWM&;8Z*U9=%j
z8DuyCDR}O(0>ahas$Thy{AyP@K`O60oA5rN5~f?+@3X>$ZR}H%h7BSwJ=5PCSwaA{
zC4I_Vytg->R1OrJgBnz6*CsDH!01ofi~HL}WWDTgTVkNU9Z@#e;8iY6D-nzGz`0wX
z6`^=uHc}8N*4Oq`Si%<#4l+NdNd_jNl0m*^jqT5SJ~;Vd$KJcxneUjmx^PX(EvVDR
z*c9{EvE-WVIU8+5l()cpAJ*zVG49h{eu6lYX1F)IRn5y={<2JiL=&yA#Sx)d=L}mC
zB?YEngU2?-R2<#S(JI|!@ls504Joda(RSQX4n$ZoV?x*rH=7bt9OjJ%1~91!Lp1F$
z*{e*T8(wQRKT}|;=o1Ad00l=-cMtVJaMzAfH<;)^iSZeRE6D|%3xZsmm%!0(2^0H=
zH&7CVKwP-!DYkMDM>h9GiY3B69*9^OZ!SOtnd(}W-W}K()T>_sv#<#7VBv4z$9kq!
ze|>YVGnS{9UmRS%eQA3i0b~9UjeAv-@#uq_)4IJFk!fg`--QB2LRT#rQUPOY;-m!L
zDr)QUyF|~Npg{DA8|^mxC^6y=x+WQ{sAFs+l+7iTGa6kMY02n4M+HIY@TaOQ-%BrJ
zB&8F$fYMOukyRXfbni}4QV$cW42iADkZ32p_K0CE59?~&G0|7{No|$~<@x=$8NATg
zPZ6g+#u$^1pRpxUz1igPHs^9-2WkBlR)aJLIKFHzaLp55nt)NsF6I61$_X}UeG(m(
zpUi8UA`AF)jcxDNc2s897nNnXLr-SbH&&y2gT=xf=h&mAUV=v8w%CtX#P-A@KC!`r
z+0qz&QLL*a*cl|%Z$)Ts;*bJ$IV_k1Z_Mjwr^FW$<$QRzVQsPI43A02m`Mcw_azJ<
zVks&Uw&+?YjyMdfz-o_+`xS1DkF41k-Ef_oSo?S6Yacx<7GbnPJDomznekKCI8!WC
zHk(4u!07%#_+6T%`FCSP%Vz>;+pz0O`e=oj;EBK`CdVuZ%sP7bKA^am*wFikhKkLs
zEAo%UY?Je$FBig?XPKY;9JF9uW)QUu-i*nxI*<!rXqAqYWcMpvh>!|5IjO@v9qCto
zhJ<vq^M=Xd?w6V<b(K~6@NTCKW&x~y7P(maDB!dki<N@(<is9^^#;G>Fe4Ya;=Z&8
z_{y!9QO;(OZ*ErE??8ewmEli`P+RyST`QzJk82_Nw`fhEjMW4=;`BhjtB$0&LU<r4
zilN1=Bfe?J?#-^v#JgGw1}nGFH8Zqi>d%mhiWgGcS<EVP2>6#I9efc-J}1_=w}P{3
ztvB-v7qZpWOmS~sC?`nRT_vuvr$_m}bBR1PH`lDIISB!@Bmf%#g#j2*miM*U3CKXl
zg0R4vm7^EL`eEIAU5dN<YLjSJ5gQwnm03^1^CEgDOGYj<tH8F)f{WOcQvTLq9oZ;j
zh+Fq_02+Y~k2N@<St$oioP1S*9sAnn{*c=O@Wvmwxe;I|*bwf~X-Y4x(%){`y#lt0
zNNqLok&wgeqIlu-EAQ%`BVjc6mhZkJCs~pfiZ`w9H64ImHw%Z_ghPRY0+oTn%=65;
zqLLng!+_Ysj++9xZovN7aET5;;R04@w~@;(yi|hKV=tOWMfJ!4e0rlLo!$d|oeZ|;
zbz*<XtZkFH6|t$MvR8Cj#XsX^whYb1L_EfFTWyw&`r?g)kF|sIW&nQW<bcA*i7f3p
zm}0Cvs)BK^JTEhz$u-Mw(X1lkV_VJncdxP9;Dz}cwr`p|O@fQ7Bi8`OcBV1|?YtW&
z>FA-hHJ|Hf!ZzRa@RICLaz$%HZQY<Ti{2LVF0rlc+8~ETPpeD_=gi6#wjlj*${ubz
zuu05B7}w*DJ?lKB&n>ve`JT>glRmQnM^+fchAP`~qy~o1?kNo>DKF{z-nT2YmxyPS
zMr)7q(I`}%Wg^{+;tB)KZ-+VzeTcE<$^XRx1(H~*lNpwqntL2Z*8dg^`*Oi7djFCy
z8y>$H`EpL}=7{0md~(VD6eG0<VD*ECjz5wE*QXyDvXN9lc9FU|tj%E?w|S`!J=_@m
z-ht0Y3Vb&DJ&Eq^JtyIv<3GJ$I1+@n%&3M%+pT=rMoetr26;lFiuf(r?38|Rua`}Y
zVfv1+(1p37!p$te7BxpPh`-viX+UVOTH{)%ryC}Sk{HhPr@+}yCRAS0iK5;0b{7RL
zWp^a5@?>Q*LNrqyYv26!gHEnlb)Z-8C7X0MBR%Uamp^(*mqY-Ys3xDw#t9?+I=O*n
zvRJ^X05##<V6dVtEfD!vwCgpCHWil)*fIZ1bSW}ADNLB=aVc$xKt(-{7`{~xS-+Xd
zt9h|;^%nkUqDK=roD{|ljuPC97Wjq>!jj0NmbL@@D=I{OXm&I2Hr@})6PHi~O8n&H
z>0<uqL0M?^&nff&)ND*oFaD>9<v#^H--{{!M+H1}<Zp)yq%|smD$2v3YRaye__89m
z=xWVmKP301;kcYAzHP)~|KxnRot!(7dqMfG9qmr|UY)XXtVT72|9|+8<-h90?y19I
z74`>)$v>5tiB1P455d)AyM28JSk7ZU8pHM+*@0B?w6lzBG=uT+*AsJ3ZZM)2N0+R7
zuL$9-KTushoe%2Bn-*>ZYCJ$-S#)YQ@@E68uyZx`_}uZJ|DFDodro(v9uzYKtvKHe
z0;)ugwSzMKCzZU(arRW3E)~8y`dej%y-IQ)U!xS7qNJQ40Rg!#<hWu5&_2do`AmVH
zs<Z*>n=3OWTXt*(^mpPu_%IeU`I!`b@&5M?VFKOa%)vtGT4q=RXK0@ST?VDu2fK|&
z+Xc{fz$005?aXLXfp^Gc{g^k|!BbB;b?7932L)}LGmeNs$%aa6itc+&z@ss}cK&o-
z8~!PNOxrOa*Tp$D(a&-if6Pg2!-<SNUD$e7aEvYoDXs!22T}Vo<%l;e%rAf@R3>b6
zW=fIym)OEWbL##j6(Zk@GiQV<BJwu49037!-|>TG!a6@x{@3XAjjLJqfeHLWuO1Ql
z53@5ReN3JXX$`7e+@3#Ywe;|i9lO~Rx+B^FK2du^UDO9=veN`xB#OQvyuJ-fPHT_H
zmSmH)%ENp&(xqNzLf|xirsCK&eJor+i}H6o!WnPwN;Vpw)_QCz<3h$-MnF~@DXdQR
z73DADxEK=hwe1GPX&ymk8d=?2<^$)wX^s@1%P2@Ais|&(bDqm%AkkpGjZMo6=ZK0R
zjs_f7Gc6+jcZXm^!d{N}9E^$Nx1E1oS4d?LD_-Oi=&qp5CxB6_V5SE+3=L{`cK}Q4
zOVV!v(p|xcSl{bL?_oa^umD^8+GdskCx(9SQGcV0BjK0CV)NKuJJL0w8;WT0>$}oG
zgNlIy-n=6h-GJg+B4khmU<(hFK!2s{Fp9**Iv5f&vg(DmxQa`UTO-m|WK4o$ZHS{t
z%`?xKcvxFxn4Zzs)3Ox!Q{l79n}egC6fc?-w*WY9^ycTS1Z`X>T7LKBSdq|%WPeI>
z=DJhFg^TSiT{K;Z-_>y66(Y-(31o{iw(@=P=fGX}VuZ^dg4u~3$XSOh7Qt*+0jC0H
zCRp*?EG}h1P0tx}c9e#m69fe=>^yAg;Va9}5>5tpWVukn@)sdr=N5xKYqG+b%HTnA
z<$ia}wUb!59dTWGnESjkp(DqeK~(yo(7oq}E-8D%Gx2iCSqyNTr1T#NDdQ|wSPOaA
z{`gd6Af+|()PtiJtfPw*hYZI0k~F|q<DI^Y081CN;A6FcJk?}YkmlC{Pm<<s-zD~{
zsFBds&?}x7SEN1_q6e8_TX0W!R^Cup{YtiCAUR@tjSIM|Dr1O)6zq#(B@MZK&2JyQ
zU=>4VYMI+3*-WV+X%co6O(&C%qOVzTT(0_%=$RJxX>q~C9hKpt64JWP7cr#^VXQ#%
z94$c*aIW<3&!R1C?+4&$3iN8SrF>IthLWMlh8G2ZO6F)2+!h3dpyQc<3r(H`k%ziX
zfS{I#dOcWjuS6uh9n^Y10Z4&V5o}(#uwBeyK&u(@u6;2v+jrL64-gW-uj6XT_{EvZ
zm6=3N@WN8bCq31M){hO;K|4>=T?Cd)RIFXfLaf--W~~U_j{SXKhmDF{UU<<~A6nxg
z07`A`>whK<(jI^R@(ReEoGl`guv)t20Ap}{*z0(*hoS|K)M?AEZ)6|zu=q8Ia79@F
z%`nVC)KlHQOm5izeC*7_WMe^@O?l?=UE!Q8Xdnk6EFQ)B!)C25QK)BOC4If4G~JM2
zFytY|<Wy|MpR!WA5^7xfrMPjWWjjG5ucI<%g<$8uE^1AX{|fQ^8}D$fi2PmTiWU1>
z1&|f%+SuL~!%dKZTU)IMs7@tgN5Qe8h_w$sk*|6Y=JH~H^&uIO%E*>B7Uqg9rTmU&
zFFd9`G^B_42hdL7oGBn%5ciLSjuRggDQ-l2Q-*Onay-4OBsHVPC#}KMoXk?ER%1`g
zl`5itnZ`q*nlsVAlZJrExM!C6B2$fWy{1>j0c8~_Bm&81@o=BJ7&G{0E;5ka7ylR;
z+n$2mb&!%rV4JIb&O&8ve8KB4sEghnhGZ(=was|7p<=P`)H?NG+-HsFc)BGKJ85^U
z?2(+!Xv(E^-5+Dqani0t?2etE_%?$$30B}2a_qe=hN9|ou57y5IMij%3@q{oj@F<C
zImd2!@e!ZDczpE!_~!nt_ml_O7H6)X88Ci$X8G(&K`N6{7^2mV`K_v?d}*7`i>+@K
z)6W0)sv<MO?EdRHpEPbeTz~B!R~PsDe1pYv*UWkQ`;o0(pY_Q*?9*<SSBta66NSWb
zIpXup;sLnGPR4~N;N)EU@WNq6aNM^JfWIG#+rum-T;cM(g;$dc2)nHL1bJGVIYsOE
zA;n>xz5=_uOw1vx8wWL{PF!4BlTfee_<q-4)&%mLg`+vcW;TZk7ie?~gUk3*Ycx5e
z41LKj!z0ND(xJU-a#J>SXtb$v$Ig#uA}2f@&GHnOxH$(X&$4TrxMxxy7k_Z5*ZJNf
z(L_i6TzONcce8R_YnFl2<_C8JOam>-n$`@ozVQ_f%q!Nw=hbqxw`VFkI(~!als`Pk
zxGbRFX`ZuUILxz!F5E#cZEDeSzUg*XYu1*$-T8O<1=1{6>bNr!+J#`ttFcY8k_d6H
zP~Ia{;DaVhOC--m?j<cqy(87J>Aicfd{vLo=s^3kiPEg^U9di<K1>cR+_IFK>%U|1
z(zJkZzpF3v+TXyrIQPvj_(B)V6RDY{CuF_V%Y%*vhvIa5s}}kWvhiU7_@L8?O_Cja
z?I&8-59VFH!&G3DzO#NA8jT2WzWFf!4ASmV#Ni;dgtferlug+X$Lj}!)NWTrt2#Dj
z&nn~Nq^&n`XHP1sLuh=w(E;c<%*ydwyRuhn9SsC$T#7n^R~vmO*Qwp(wK>A%X-I7R
z1|AAGa@GZR$4Q}$iExt;Zn|DhvCLsqL48XCtH~PzAwKV`l|FoFDz&AIX?8dM^)*YW
zC<|@uc*iaG#5mz#3!3a+1@a)3F}j*ghX$7%slvz2S=W1N)r$f<N>fXsoO&u!-xs8F
zx;^aD>b1bu`9^gd6^7Qa52U_4{qy=FbcripuLQX#2f_sutqlIcaGKt_DIEQJC~p11
zgwFs4HK#@^fDJ2Q0r)gSXT$P5l2^xN9>l+H9`<K#$}V@Tm6{oqj8rCEc+sAA&?oe*
z2Rw)E+OKdH#_t-p`rxRWXK=fH`L$vH1^(>Q#1jWzj_kPQ!w=*h{U<%OzZpM!XwIC@
zgLB8FgaAK-P&)NhvpzMI-<!W_fzf7!?jf!0^l!U{$=2Aig)G$Ga0~7`@cX;7<1s$9
z<8CD9cW2GcF1fA=zq#F`rYZTiLqR;VSEm&jcS{aJmd1O&XQy%5c^4`s<Y{x>`0!jP
zxG^UrXfyfX$y2MY)&DDkIsz{HIh8U~6<IFz9?_RmY~A%9xc7IheN?Hzv}h~cuK9u@
zI7t%Tl@x_>4?i7=+&f-Pi7&j<{W@-At!Jjq<KxI|mv~R~>$s@<o-MfQ6p*8>DdK*U
zGOZfcEh!we2P#U|2U<L7AHQFI+vxH?xZJW8Ka!&1w3*hc_VMmPl{!k`tR?VGC@=ex
z-Xu9ey!XoN)XHrY#f}DB_;1bvEqw+Fhak_ijp?Nk(H=7lMHXC#GU{D1zN~^%2{HM@
z*q=uB**|~ZyBYf~S3Js#aHGT-2j@{UcwKp{rz2$CcH5=yt4PIn#mmZMyZbHk&ya*w
z*+vIk(olEJzaOM_-KO~>pscnBclLAQ-nyneKAIYDPOk96M%g%RK1CVwa}t={)ra*P
zUi4UE8@QrJ?Tcssxs~egXU%{=)9d<pE&8(M1NSVX+2)VrMR9Ys_+YjGuvZ8z<1E)7
z6yH3NhdH0=Tm|kb`vU-P{A{7ut4HpaXRH;K)*R6v+Z4U|@Trwo>UpNa{(JKZ(cM1y
zpeVaQo3j57cVD#=UMp*<?P*IMRn2WbQJr+@{o*&yY4+{dktN%T*?Nca_KvN^Q&acy
z*D9oi+3Z955J>+h$ePmhbr)p*g2Q_2p4kzqI4f(f9JGab&RXMZi?58x@_f6!@y_l)
znp*7Sj$86rn-(RFBt$FN(qH!<EMLB0!J^O>x2~uBgHM|jb|3zgq9Qg!^Bxe+g32c9
zWifduJCH^if+WBZZr#V5I9X3xy*0ae;&MvF`!y(`D?qT$F9K`YEA3vs;yL$^uUx7A
zY(WZ*+;r4`zj0u>cTm=ly=k_>g@>v#y*cM(ew6qYHARLYvL0^Vp2|}x590kTMx2Pn
z%))2Q)ho6j+{4o7ybXct4>X<W$?ci{y~Stx{MaHF|1Y+ItkW)s6Z0p0l}$C1Am>vx
z^x>KbjC>ZT41?adph@>o9xL>HrzG_?`a8bLFf%W2iTm~7+j)*4&l8a`SgTnEjn0h5
zET6aPjZE>?_N}yLv0k1m!eY!x&b=cOL#!FZLd2Z_-w%psAvt9W)0&?xsQnG$av+tk
zNwpdFy*qHl#SIrZ2Q}^ilE+v}(-)$COO3|dD{88FfFZb@3V0ggr`*eLx;D`i+kPLn
z{pD7#A!|q^`cW11>GxGNeoO;Vp6T&EN=`?{q-UAuu@i>FTu!eHyLHzVU))lydKqPO
z2;w?qB<4YPuj5UAe0~g~&+Ut=1E}g`HMKUHuf%Sg6;atfzN*K6?Z2p)EWS`)`^ejE
zw$KOKhlBc`|3KY!C;lq>?APoUU+)zv56J@z2q9@#pMrAXm(t?q$HnPVo^7$^3lDB-
zD|Z)mpzmhE@?s}1^<^0g&1GG2K9Eg+3={G?$t&KjGMjBC+ku0Ycn(G{mg$KbBL?BW
z?)TwSKT2|qp~Cg_KbnxJL9@Mx2(04lgD97i_!B2ry7i-X1hShxRxaxi{x|Cl&MUke
zQf3my!tMO{Vy?@kMfcv#9PFs&H<i?`iLA!pn8uG2mzS3^{g3o($L-0tH!XvceCaJ(
zJ_#e9Z;vA`t-eQk?rv>C8YU<^?OawK&6HQ|E8{=hnXyEiZJW3?bl0Q8k+CN+QHM`O
znjCy<vIVkwW3<C&&KZG>f@?Z|03xi^e-@IZ9G0dU`JbLVNB`c!`^x*{b;K4ex+E;`
zU_vRhWGthc(IT?Zir{aKxU0p*TD@J6=a~?zYI-!#9Lqg16ro_iCRA3A8gQG(50jhV
zpt7u!TgpG}7_~JfON*&zRz1qFPIg+ky)V5yuq}K*pi6ZnI@3R%-zSXHMskDA9;Dnn
z^vG(~PP2j&#Oz5_`9j>CxLRP>eHRq$h0}RWaF(gq@ZUKDQuxxcqvgf<bE~><Ij<=6
zO=x!7eC;SSLc9rj;6aE3Tq{zs0J`8o&n7kBQ_imfq9+fv#LXB6;L;duZ2oe;y^>=}
z$K3sL{~_R-9HY=n+Dk$}=BeeTr;$e$J<-8=aO->9vYf0Tk0MO@{v;oK{~d*XWG=%B
z;)_2}qpka1(eg~srKalGAx8#hC12ds1?Y;SKkIVs26oFcWxcY%tHgG)if~*n6vE%I
zAmd#$)#HkA5?cw{yR2;Un{u}U=L;SxGD}<So;2-Ir7CcC`Bl*3DtAcMqM>^fUl2dw
z)T*qf+3Y;Y7A;kmt$=qX3m)X|c>R!5{iCQ;HpjXmI;#(f(=2netvBhxpH`u8VYR6n
z=vUi+KdH-ZMHUkRSsx|Zvm5}%*JSLTKnSb51ZD8^MeY7!Np|@$dB&KLRV(l56iQ<T
z;`vWPCMm3g45a_>Yk7eE^bbuFE2-ifFJs?wwr3h>nNqc2BoDJv!h=lTO7X+E$=Ddy
z9pib;E1kcB<onS(Y+gQ0E>V--?JCMnFZt*YQe7)B8{sSSt0v1Zf&DA^VO3grEJI%4
zr1KrIxkX4>QcN+m@icOQysVl*QutfZFMasD4<~Kh+}JF06GjPq$ZHN3Gx?r_6G`l+
zdcM`i{wb)K&bqq9nY-)XAOzQfd`~*~JZ82&8tX9D95GfNn#AQ@-%^~W53ApUD$a8>
z@Ps7yLy%}6epnRQYnNw{75}V%hUdYc>SleH>Y5Y9*A0q~AoQ6rxu$wAwdH5itRPbD
zNWVPe*M~1Bv9_R1-L9|YV~h^?-kGkBeN7fFTww8X!gum)(dGr~5Bq;uGkVrBfl_wi
z#?u80Hf)BD1Qd@{@qm7V+r55YEnWo}bD}P{I5&35U0VxB$P?{Cn{r>w79OOyY|i{%
z;9><gmNQ&zvx4DREyP)g$?dXN5jY6}9^X~Wp`PXJ+TTHMl7Lem=S^23?0X5<9W@%1
zYVS)t_CFfkv_#3qs7ZF<IvP#&Px}9Yq(2HOZaPkJc3i(DO@w;?NU_q<z{ys%1;Xl^
zV<!g|HAy)6Yl;VZ2ff5HZli3K_~zvJ8KmEM3?-gjM26jrm$j!FyT7XrLemhr)R;pe
z8wgUbw~Ai28(Wcjf*W>VNPY|<8kSMY=%53sy?3W0spPnJLQ&<EkzJP)SXlV-io>an
zGn?}%kNn*#&}xlik@M%j+v#hvlz%XRQesJ#MpJy3B$PV|W;8h0dPtjCh3<p*0|Vb9
zmNSmb*QoV>m$tNX#~=KSlQz|Ekz0H;czM(oPFP0(s)TIA=+wP$ZnX7`tvF~QUy;=5
zJ9PHYTd;3UAc<uxDh;WomeiK`4cU(5UZ1eX0B@bCVR<aX<ve((XfaqAdQM>_h!-#8
zz*!)-1pek~Eg96B=S$7}r+pZb-GbA6(F<<AbU%N7EO3CkUp~!2YYaW3u)HOxPQ95A
z+wdFkdTafU{@c{+4M|nm3r!sjfD^tq&;2NwZ{Z5tkG~GD8Ba524}5(_j)~g?oDB{j
z{OE8khC=cRZ%j;zqkH=U?I)RO{-F^%>OcbuYuYq#^<}8p$j}pad1u;%Ykh3sf{YJR
zYudL3>v>NTV$P-7GyX8X_U<`&WK_nBiR8m`$=miXt~^*5<n?a=+*1nOt5IH;9x%Tx
zR3W%xuDRwwYDmU3%DmLz16p=FK{#A(J^1glj_uF5{pRy7hgk;H%!i8)q&|MT`A2)?
zH{a8%R`$uUzuL^24R#fdj@~<%YQ*vTd+B-Y$Lne)8zA_J7fve$5C`Q~kNuyg0DUBm
zkr=N~>A5r50~PWHDvubk1wJ%dRSe(~hyNRwC;T^buizp0A52$GHE1|+^HYsdc@q+I
zHzB7gbl6fg`0G^e!uI;qU(S<i9wS5P4yc|L=&2+2kKb;zmzt|Khnr~*f9`ggY+E$-
zZN!{tRl{w*#B?z!Mqv)pnCdTd;AVTxL@gT<gC_O8e*bo&6g2ha*Tnck8t&t3JD(_r
zhZK;Q{tZ)~630Dmsl=0G=D^npo$<-zeEX@7KkJNk7vBz-m@dJNsbLGJi0(ksmr(|4
zveww)ZD{Rs0|_H~>cdy&19-+Ux4N3&2IXV*xfa^Mz8D?&wfW<&I*fi+RXVD7*3@S?
zL1mca{yB~@%I@pNHMj0eoj-@VtK=5$<gxM1DjJh<`g_pBI1Z=P1X?&=8_uoV5ck{E
zcL&(gdaBsnRmaGlYpzNR%lmabs5^IbYS<Yjwg^Et$GGOyw-NQCf<~#JtQ^~P6#d(@
z6^m<jB{Fj9HLl;^2h90Ci}xJIsge6FBLP&VT>aKx`+O?M!4ffc8Pwx$3G6$-1l8*o
z9km}Hn(WS-DAk>sZCB~~!0ak-OMu6wUTe>;tayRF@cqA!@KBQOaS+!5F%<5&CTMxe
zqRwr#sYZGpD#0SvCzLACeasX?m2<~YlOTlqfz*Y0W0it%2b5i6E_Il3d1`oIk7$+1
zNL4L_Aw5Qo?BPxxLIC&NfB#u{R)5AuufJ~AnDM!;`<LVs-y=m+AE0TXBuOqex@!Wp
zX!OG>naY>@jXr=^zt6ghS3lts9;n(X{zhNGvsb^=&sv@Lr(*#8t($2(<HU!*u3VY%
zD&_tE__a@X*reN!lm5EvppY)b495WDfBVsW{y&@KkE@tQkr33Y{A+-J`@QDQg8%@=
z83%sbed^!d|L58N4;c7ebqOG^ucB3oMPV=nxJ;CjU2|9VjRk?(KmSgSB%rL%%tv?s
z*H&7dN6dJ9=f67J|8962AeUNd{ZC&si~Lj@{y(EyPTM#bG1ur%k92CKb?;t*^=H2S
zGx!NSvE24Ij|CWfkNHg@v^@FmwYwBt-q0PQI`9MWGq-6j?fC)N|7MVnBJSh`fUnbj
zz}4S#SH#}Cx##Gy+<L{#sVRY<D-WD+?h)m1QD$O|?@wmDy1MPJ-gh&uXmIRoP{OHg
z@UVQ`bZEsa1AF^9e}4F%U;jH{VBgeE`G*rwBPttJUrVX-(+PybUkhB=`Y&`*wlKD8
zLO!nXgGx9hI9|v3q%iG`{^ieqwLJdcP}=eN$e$F(tse<Ebi+k}flqK({5j6=vvyqA
z(0$>Dzkg6YTGJ@5Qqn8=7he9Gj4ikQ%WF=wr)u{P40HE?t}V33>Ks@98HS%)Hkk6a
z{@QZ!Z%wJ?qoe-E4_avJ4_y3_Qz~JF$)u(nJF?0{)Wc%9*RlVSTYuu>Kfk79;L2^c
z80ADP>50s}>W|@)zg|911;i;5pCin53n!H-u~D1<dQ<d`w)9&o&~BCCs9cQNpD%u2
zE~L{PJ~*y&Spjmnjrj}hz~iF~UIXx0%W=cF_Fto%ZOgU^w9oz3g0MO6_^{bukDp)V
z^iKxqb6cNr$jU?GlYenS>#M1)9sWu=^S{`8^ROh-_HX=|nWvg()M{oLHP@V)rbev{
z_XQiBw7qQ6+$&Q|Q&K=vL~0ssF~KaiQW>MtGGWYx1c5fg6+%T+1SU6B1V&K^5%}F&
zI`h28`~LSkj`xrE+aDesaC2Yhd7azmJg@V*t`YT;3p{0AUd|eMpKVK4ztvtz<1W49
zeDnf#u^2o_dH(%g+A`#Ftfi39Th}B!<u8sbTQ-ht$sr|f_-9Pr+)TZtNWDb(pC*$F
zgugb6{f<;3TZUh;e@%-;+lNnM>c|V=E)BgjY{=~og$3^Ks%t--yqmUc{2}-NDPJfm
z!#o6LN7%L;8D1b<Jy6@$AZ#SkK2@v=06ic7J&#Hj_M&rEx#h3BvRSo=-WR@j9z{W_
z3#Lyo29nCv43%POUY=V~x->tgyofkN9H7uyB!f?{d1263QbI3S<vu#ING@+_(*DeR
zv%}Zoufl%m<UBr&^6Bw^4g6s|(R{_?*p15UVcx$#efno6HBqJouSq>{Zo!?<4lX?%
z-}_N`9*^LOsdFKJf3f-n-$`LPd>Wg7hMpF@^tjnI3PeO4xs1&p#6zazmT14Q3*hDO
z^gG7MDK<!zwDh#|21<=w34DA67q9c9Epha()$NPU@g=q_sazx*<t;t`=f9dbp3{H%
zRvCZavMjs{mjE}gM*f%YV?dv7H*Q~gc+~{6#0kd&;INcdt=sT--2DtV`rmTIDraC(
z&;9{&7yVMh^ZR@Lc5mKEsdEET03ulYdwgz&Wg!Y(dcE`Ki?r`(9y!uX)x2)>So*^E
z)WQr}tQ=2O&B~3Y6-%F+U0*~k8#aOcH$#`<{MUUYrF3NEmf^{HYNPqmv%bR%w9|L4
zOI+~nt3Q2wX=9BW-&49Kqqw*fTtHfy+&`NK7Qlnh(=|%BMdz~g4#wEbOhf#Z;XI^L
zslqNj?0j^A>@!;y2VkL>bmhgZem;+0>*l80f?lHH(nb<sMuqfG&s=Cy3f)t*SCxmu
z7IL!Mcr+?~+Dof;S{(5FPw6h2h0GH@|K~8?l8%@@4&+*$NggQ|rd!HA=4NDn5=ZFw
z7A@|@8Bb@Alx-`29yIDy6?8A;WQ6i8Iu^*{jM1JfG-PphF0~AHatL27q^0JE4hvjU
zCWj&yhdQ}wn_mg~Guwqca5Sqj(^!9zxl_P0_rj2;jjmWNrgZbkDT~in+(0K>oJtwV
z2zM80-)s0?XjK*oryX>YEhNW5W$3w@?IH6X>cwPQt1VH_$RyZlp=j}~zyFk8U5xG<
z*q**u10=JaKvx-Uc4pkueSzv)KYIG~%O)XRE^N`gKGkelIw=>9FaGY&8_)Oc(f$An
znBU*@;UQeRyAF8%L0neZ<h)YeW>K7WM;G?d(FDu`xjr%=y=9(qIY*~vI}zp+gBBQ>
zok43w0fc!Es#pyzb;s%AKmI`XvvwpgVE%Jg-O-QFDHe+jvWZ*RoR2ecM1qeP{K<;0
z=_3*5y*@tVPYG(iO*&*Dq6<F?;o(BcYo|+enJf2Hzsd{u*$)g#)@mg(&&FxxEMYMn
z*I_=6X*8JIr7~(`Z>PzbOOF=CSXzDSEl|lmEKc)<_lz}%EJnj^d=suu%x6U}6abvM
zJasA~;(Q7JQ-r?~<88GtXL;ejEDl#RxG!BLoBV`*jL$9<k@mXIf68xnEEan<jsNv&
zar4F5#Uj^(*Q`&kyS-S=%3baG2^k!S`v3a{eR1o*QUP_L)HxDbrR_q`R}Q(x1FSs;
z+6NZdK9FRZ=|$6Od56(DC0IVwbrr@gVWAXfc5Q-|^8)ohN2z0FA&MWN==ak)wDMkf
z%ADL1HPi|Q7-i&tf^wUKBeo1<Ehe|E+DSh1GZ;$RUHvCc=61vCR->fGe;je0I3mGR
z8_#X^pams>=f?|ZWBYaj>L0y4F%0m!Z}c=O8l`l$GUHBIL4@U3*R9br#IHc*&vS3S
z2Wn>U^PiC2sb>pcV!vup@&UgyAx?Y>$VBxaxQS8o;6ra&nkPWn)w@fSxhcwWo)3D{
zWLpTEzrOPC6gA{=r#SJZx7C!Z_GKlGK7F#M`P8)-e!ddBX<YFMy<KX-ptfvk1@z+!
zt0}vUDHKT6!jH20RkIyUVsorD!Q@*}Xh2$3WZ`fi{r=6?|MlnbuaE4Rsl=sUwEObR
zWu4HPx{Xm^VNN`kt{-Zr|Ba}x_q)@BF*_r!{NSkr3}&(%LgD?Ty|sx?SkjyYxv@F>
zh;4SZF<h|8mK#>s>eD$P`sr^r?4?zWF-2fxB+`Rtu2%cz!quN}@q&KELmzTS3JvRG
z1C-aW*IRh?j`qgi1l()kiTfnILeJa>yn>~v0j*0!E>Kom5o#j1W}SL~>a~ZUxMdGc
z-J`*1G#mGlQA<<4)7y$f0;a$wt3P2kHf_=`#A6e%GH(1+3yIPbCsx4QWtMw8CGAUk
zZ4MMH57U&KEY$vyILhExYf^ZC>P-#do`s)R1Ep8m#iyZDcAKjYo5}MnJ-#8C2av9*
z#X_{coxVA29O06`TXOM$suy2J82y?RNs~O^xmOS$!;k%rcu-Q;KOHju#N5|Di9j+`
zlN!;3v3%r@gqcnc?o?f)<fPrZW2xJdu-4kAaQ%opi~Y$@HG{D!6oU9-=ns2YNuO-B
za55*;>&(wi!b9A5J6;T^p?%x6lo`9t56|!(TE=y5H+-V|lfw#cz#XkVY5sbvMzbHg
zot7^Xt*tc37-n4D(xmE}3))>RDSn?(J*X;5G)oY?sb;xAhtgOiE?W176ShxuihBoU
z7hh@Le9T%<W4G=$wA_EZ`aoP3_gL-&px(V`e}$7k<}|wcw_ji~bTs|srtKQl$?9er
zJi%FtZ2kNqUF-Y%9SpkFE6pAAoGML<I1Pr@oCr<_wnS$efNy>m&{zn{xfPshX7`Jo
z0^F9jaw}PRxY#Y?^>JI#8F!~Cvk_EqmO9!6x*r=EvtOvp-IV<)p}N$v`t+8wExY#E
zD}g?~Ca;-0m9}^8Qg$`IMI~SP_927&Y^^27uqC*ZTi2>IZ+dr7AboV>^p)zDSMvuQ
z^Fuz1tQxxZDDA=iakJ}0&dSup2+^R4EQ3(ZIFV{|?4G)`VAErVWgpW8^hB-ly5FD-
z=RsTY{zE=v=Oz@MjNSGt!xwVLLfGq-77*9`r|Z?7`xutyuQ*<rOkP9B`k$_y&P{XM
zAB#%ge`VcNUB5Wr)YXWawjFNZLFkMq>M!OV&V8_TNk^aEGy7_N&`GHIm)A!H=yUW=
z?io85OnLB3wzbt8bh2gD(b(3AYnkAkn=|bPSwji4*o~Q<gU)A8ZiM3Kh6c88k`1Wa
z*twNK2hK&8fi2`FmXw|4;hLG(6YmbJV<jkEo9uk1bVGF}$n0S7#DiJq!C4uT-|MKj
z4%`QAbEGO?d3bzwt3l$M1h^=^*eyXfrMoJye5gFFQ;>NRo`mPr>dS<F)LY4$gjs8k
z{0~6_g7^{BcW-A6a2)KSE^MYeF3Tx<d8G`^4v%4KxC*h6-iwH=nQG$@6WX;iFKLLf
zi(@y|*fQ9ukr@t|UgWYn;^;BECb=mQCWbZo*U2BvMw|jFFpll)={YzDvoR)RP1A;7
zB&s-<<o(`OD#swf)rO1d({YHVcZ}YICS+u`^6a>(WO{B-ZtdTeu{qN#Gjny2VGZoq
zf>IK;X3@O^&R2vMZ3qZ{gW0X_**)1CKl#<#Dr{wvJ6APj=V$X5x0FZtAeY`Su3~Wp
zVnp$chxjL~gG^FGY`vZ8hOPy%8ls~MqbEJ=?bm%HYPloATVu*+8f#Y%%s|VNPUKfJ
zI49<`@8$p}crI(%2_n{H=-Xzp)_-~Z(SWWuJ@lASZLHpKLgbakI6_ih&dHNF(D06#
z=RrnwvDhC8gE=HV**LMH1oUvw?(GydG&J&1-Dfu*i}oL<eD9+V8jge24He4g^bOAF
zm!Ruln_||V-+F@5;exGneCnWhPTnWO_W)sFZ}4&$Ai%bq%>tSrXSJ}0njmEd$FL{Z
z@K$VqePLqL)$}^6+dV_$H@Mbe1;&T2>q<Z${_sz*sr&g_8M*S>fri#!s*K^yB+Cw$
zaB>WGE0jx2GTToW?6iCvO`YBscPXMp?nm}I=<b_B>4{<VCW7zKJP)Mk{!0|(Os{&A
zFRuql>BrB}qov<%-bdm-`@KYYeXyaGckprTa|?6z{iL{C^oJJ@4Yk^OUs>(lL{m8y
z=%4we?z7S|>$p3Zjd$ICS=R*HIXm%F9rw&w@6{&;lmjl0LgG$Vjvx<>Ytkkce0Rd9
zV&tV3Ld2G{ZI^R^tFdGA6hLoF6~|C4PtwHby|-m}9@qbJn0GV&_5CE983yBe_sa0M
zH(++9!pE<z9#*E-rn$d6lAy10WW<x;X8W&R1G)ykYT?!Slc^3C0plpa&h}&dGRH<V
zfF15FDLpTB%ULln-kA34PZDloBsS>bZpjuXcYCJkv;wfljlWF!ZC5$sc|Zj9cHsLC
z3^QE)iwlksVt`Jh{E!lSrTwrUvSd{M*7+0TY2nk_tyIe)eBN}@F>7<k9a38!rd&bZ
zlM6Rrb`-W(y$BH-Ha+2^1=|App)L1i#Z4j?b!|QrHa_GwGnkfTb<cQHGnV3CjI;g1
zxz3vW1~{g_FZWUL)oPT$F~&v6CBUUU7|O#=<&6*ETR7rl&Pw82!aC3h;?|~d*X3{=
zY>@GWyDzITG(zv$v7h+pw(nEU(SOLIJ={GFFh~UAle*SFRa@Xri};C2#HGn9jl5Sp
z6qSXyo!X;sG_0wAs+iggSPxMYM<T#!+g<3>adG@!n13pCTS{8)CfkmsfE(wqZf8#}
zwx~Hzsw=$em2c)vw}q;EZ&dEqH@Nx+XJGJC(|12lgM$mORyTewXbiP?{PU0959O#9
zRUR}}{I(RdpaW&gp&>qI%cdal#<TmB&@E?qJn-8yV-aKc$OW7jpcsEbtq;z}o*r|a
zPU8BFpBya>r_YUF4Tz5wFD!pzfb;Y}LCf2~3Vg_AE1{r!=|!W1Ppnia*9T*)Qh0>^
zSW2YII1{rm^QY<h-~iYBA4CDPs;Y%GR@eGvC(z?<RsBx806GVU&P?NGb?(B^JNuOA
zc5f^1*Z(<2mN&4%8YDkpWsWD*TZ;OB-vu=7nKs4JPAt3{pEM9`$SA}{EHGM0q0Tox
z<@9biI8JRCo&pje`z2EAM~>{#|MiV;(i_JqdR@i`<FK*%d&kDL5o{-DfwhEmmhB`3
z3B&G?#7357w@H?~^18Hp`z?iWKY@SR?CInuX?3`|^QNC0rau812xwtq`Uvkvkbn_f
zr%<lio0}i?u`GD0rQYPL@io7}7o?FCy5BH(zf$<DFa%J-ggb^U_{PvS@P1<HHvvC4
zlNx5G_>W>(hb4`VODI!*_9;BuN^@VybJA0|beju(wWQTC7LCr?bne^|lsI2mmec<|
z!sfmxj-gl|+p57X5KgMyV=*F`(+nfSsn1ZgGp%dtc%joD2$dHn6N(!y9!TLea5Akk
zGu`(Ekgr=)hb8p{xS7)wIiIQgf#FAvVFp<~v@frtdjgJWdA^ePfN0N6kz$#zblqyp
z1tWq2&8w}v*{sUP!xH@S7%xH6zK4wZnW@l#I_w_RZ4&)L<ibd|Gr_AjOFf~M0dHD(
zaiQbR_a6onTvvvL{QLu&>c2R3O*@XzsL`!<Re|Fkwf`-rq;I{g?7sXuYdi(Fg`mF!
zk${}gtofVE#E009Yndz8Wj+aA5iveQVNNIb#)diEcRYEEBn~j$6gc!`+p(3FF^uZr
zCqHO@F1`p&*Jwz-EPAJkHa!0X^?=oR`uB@w$LQt1{4aAm2?WLaCm-0N^nKQ4b=o=S
zDjz$D0N`XBIAd#@3%Kx*xLasxwSMUJNNHSH@<Z-slevopJuv|fj42bo#kU{A9BGat
zX%epG+iUNCH-3A~>Q)&Kkf(j*^9SK^d!oh^`$Xzad8LBPYWVd?fD`;XR-ilcqUP#C
z)9A^3Fc?sx<*>A1o;NZCjp5uom0z?|b)D(^4N?2EhW!A4rv9?1hruQ~{`JmbWUA@U
zL;8hp?x)T}+q~w2I4dLX{}3>0>?%650RTOf1_K9N!qs`qm-!51#$Dz0N2`zTu7gEQ
zhHNd7MW}C{P>=oYys8{bsDR(}YddiwhB#XcY}7iJy=<BXS7-cEx0_cn`(!OlMz0m-
z?w0f~G(kVHo%XfW>-Cdp)pcN6e_S1H^Zu;Q?(}nZkcSGNIa~7HMm*t10ZmF{kz>yX
z8{!(Ww_t!yt=$m;HrF#T5v{&EI4iyGi?tsL3H|bKu2@Adx}nj3RE!{g@}NbxoY)VP
zJ#v@A2W1>kdTpp}){BRlVCg3!zE2boj_dyiZVB`IiSUb``sA&Pn0=NyKQgt45n$?k
zjn~eL=e#@Nao_o^ap7ZwU2kAO-_7}BNcT`%Q6Tr-A3qPUdSC3*KXWJS-ebm2`*&=>
z@EWeGx0L9B2lkGqLHnRj%PtpeVa}G7Vfxi&m5An;u_r%F4JZJ&IGexeT-EX%S?Oo!
z8~jom^76D)Q=kZbRuLMs2|Jxs7nAj_;d$;aHs=d4bZf(={fw^Z51E+;_j}4R9864J
zZ21lg9ZT8DNhAP=v)OiTXO27PKi5cSO@KzzN9p<p+Y;WO-l7<s=panl?8a!o2is;F
z{Cifm-6BBQ8zb~32hniwCfE)|$gGU$cnRn`3|fwV-o{^DKl8JL(1+X0IQL0?>K4@}
zzM}f_&3y81P3KgtJFPn6xfIKaUY}MN+$Q&nl?=sDf88D5F%-Q3u}j0NvP-TW%lZuS
z_=;)O>#b}AsuoD;`<6qJc`MKmR{N!U?J2NQyB{!=?rn>PQk_|PwR*61CI40O_{AX0
zaLHHyS-_B*eb~rzwxZ^f2^lxiC@>ROdT`K?^CSJ=etF1!FgqV(OW1eJ&8Xadwt6<!
zoLrQe2VB|kXxXi<KDT9)NzkS2)7KkOKtl76;qnJJZrjIjI&QO1>1l$8yH{a}wNUu&
z0PkxIM|gUzA&EWr_4l?NDOKb%^g1x+$IQ#4X1@A!-GX56Jm#$)dF;NrN<nS6M}5N=
zR-p-|5wEv8IqdjhZ)(zVl#kWVc=PKyn|?sJ?@FMR;R46INZmuts0}8$2{j5BIV`sN
zon^q~Yb!*zTfN}=SMFFq$1gr|r}cWS+;YawU7I}N3q60r<}U`&2rjM8nA=i+JuU+G
z@bzcj8c&7vWI+DYeLMvJv(+nCJFb4U%Ji{~jm=Z?rTnk-D8B`SRc2hdeBp>`$iGHN
zzhwlTJSmA7Iz8DHUh-}6*{3ewkKSw!apOJ_-3rrqB7M*L`1~>&e-6{yu4-{%l8$yq
zJh#2_t<vH^gJi69uglxw+j;7;q*-l{t;iaS8zK-PGyPHx$d`vIh)s4&yDe(d(dNPm
zHjQuj6gO=sj3d{=h&FGa9J;zb|MX>^JduZAxjpI$<AhFI*P7D|D#juUtg;~uJ-M5x
zKA$4h$&YoeRP84#`J?^FHK4vYGry#wp9*KHrTP$1e*mgFo$@7+8u_u1CR!?_wJr8t
z?PcLUd4>Fsg|*V9!kW!u-_|A%^#2g>|MU!u+bXbht@bsP_F?k12#1<`FDBB`rhu{t
zmGlo?gb#S?6j#^i)SkN8`{a_aa-Ei?`|uaqGF;b#P5(;+B^=}Xr~Wcqvmx@x<M<!<
zDwhgh3wp?ie5t&>^S7Ldq|~(a^B)AsbopS=15e#lmJx41wnBj1`g$M2Z7&(PvT6|~
zFBpR>aB+?N&P!~ndHr;p6#_Z_H3zvJ(BYY}e^OOkmLqyhF&yX8=T%vfhgDL@@67qh
zBUB|24EJI`b-n*<kp{$-FA;9kL-Y@Q*zl0786|yQ(Ny2*uLLu3+&JtL>@9%MRQNwB
zAOs&E@Wv6XfBDkBJ4;#ZscBi`IX|9EPpvM22P?sj>%JeaS^^+|`8^mSHw^<*Lz<tw
z3SGrM&sX;zx%Pmx6qXkZ5F<9cEl$cUB}q}|xBSu>-0~?|`AA?^3or?+|MQz4h^mm5
zroa^VFFD$0SeJFvi{e|5juBcLR1)}QV{(ed1@n<XArVewG;}i3q`p12o4FDnkJm1$
zURj-cGNw$c3LaZe5XR<l=j>#+eYsRDYd-jh<;D*EjI>GRAgLOwvC#Ii=y^z}n*J?w
zKwd|hZ_qAnOM3APsh=@Fn#BUo4?;Y(B%iDefxms2uQ}|QCZh;dq>S2m+2n18N^VKN
zSS{o{yKsxq0n?4G5~8bf3Z_LWbtTKw)o9iZ<{s!i32bj^x9L4=H@YZC4Jm!@wq?3p
zi4Ce%%~fuvr_8g(%`j2gD1zCT4<RmyWu#vVNMdf(1jF2~wNW;YX%dL_;@sFHIJ7mR
zU?}YkwYua=h|c{mN?LqHqDfb%<fTt!HSS^j__`30`=Mm%v^!7qCOEuT2>zDBC8M^5
zqpI++dB8E>Bh+J-*4ct%h<nnyQI@#=oU9bk4j*r;6wmaVXr%>vEJ#{{$NLjT4)7p{
z!MbT@z6(p}IU#&#hE%S9hEj}x8&W$cumDn<{3hlHPMoq8g21S6;ly{_mgFt9TemZ4
z!}HJ!ErU(bmm96I$=KZ)?oh)W6GN7H8F-uX#erX%mt^rWUfI0s&UivFL!##I44HTw
z4k+EO7de~2%;$pCCiPOp!7jX^TyYoJ8ro3Lb8(@32yFAXg-jYzkrHwIq2l=0hbkEt
zMpbh6*#sZG`!$j8(?>u*jUYyynQ4d8o+dsGTpLdH>C;YL>KhAsNammCBNO0jIC1_w
zO8G?nxS~cIp`j?7eYlA-GxNGcTWl*mp;C#!Xxd@fuJZM{5*8SpEUl;G8gvs8n0{^C
zW3@#dD+{SnKSD1@A`6doxf!{fjJt3|&inSy{cLpz$;7X+v5@n68S70d(8<RQ{o^e?
zvuyb2S!8!!6GhU1H7ru}8?wbi%vw!AE6<@Lp>g!rdG_Z60;hU2#0b6iaDenWZ#t|B
z>%p7Y)n1XOOVoyCbya@hkDn$7U^EeV$PW_^t=dXG>PMj>WKHbBRDM()75OCo9wDu#
z96~QxW{X15QtnL9YpnT0piM0L95fKnkK`I%asaBmKNd}h-L@3nkw8yBDZ09|b?`{*
ztJWgus_`Im{q-eTHV;BwjCfuVD>o9hy(>0vZGOe$hy<;l3ntKC3k^a;0^5ThQ_@uw
zknTH#WK#T`ai8B)v_f}hMf2QA$i2{Ajf_FK^d(Zi>wJfWnlWaf9P^jn&SSk{*X=`4
z`pC+`G2snzM+{PVobNbNCm7P~NVR3XTh_!1q?Q671v$&EAW@mah^P9a2vPiq?ob6b
zh1d7;ksoWm?}OnIba>`#kTHqMn^W-QAU&hLday7Il!Z$XxT7<Dr*%n;hPr2C4z5Ol
zdrUPchPS6hzM?a3tN4GkC4sxxpPwj&AT~rKy^lkB_=;e>q@>d>JdTFsZ&bnRv3-F+
z(;SfC&IzYXGY@4?67;+hPz9d<DsPN5TOw#jZWuAfNZCaz-dARIH9!;?3Rucc;ibN9
zVx`3%^<esul+A31pcEa3aN-HCqld4=s~^SJ^b0&rkPfD-NtP+|(8|PgvE0KOAKQ?O
z!2~tr*WoYUln7NJx6P6>!59I<+WR(;z1D>)i{b*nXbOyLa0K%N+b~-V<~l4b^yGWQ
zY<Zv!G}Pa@<*3m&aymABB2oc4OWvJZWs?v8;%gTSwdqb@L<P}}v-?&2`>l*{65qr;
z*pM=zI^au;jQn~#mSf(P6oPLmoh%SjNk{HvJRl1z@Vh14lh<U@s#M`9T69tTDojc#
z#^TE!vKuD*-AD~@k=QzAX>eeURGRJnR)A=!&K6kns=1Qb0Hbn>NPzJWLEzd%bEP2o
zvHGUU*xY~)mkHy9>=YWGBn3S|-dwcMYNWZcpX6`3kptsvC<Vx~GLOP2T}Mg>pwA<y
z07{|<*{Y?uD^1Z2qtz)b!q)GcEcF~IzDYo~#`1VhxW{-+48Ngr<YYaoMgrVXE-e|7
z(gvg=vPNQuz*PlEzttd@;-I3UEQd$7y2ewax1LTai-PLNdxRX+tZvdvC1_|q!)i~M
z^zdmF_XWS}n+V%~*9G_3^h~qer0wdskrXmx4~V!?^i-P6i?w;hvUxFLQRG5IhPTmC
z*6n`yroJlb>6<*o%JeAax%$WIhkf##IN;n$Hp(tlQ<H^3diw-EEpbsaDx?D)tM@nh
zAhTG$qKlR4o=fwA{G{$>k2N|Q(g)1PP<@>9Q|U3cxnyFzuG%!Ttxw6Xu;$_^KSH$G
z2l>c|QC(P{nuLhb)jF-SmmBjNc>S3X6Y0JPoq&)=NXBJ@xF;A(fV&TW)ho*IZT+*t
zcec4^wwur18l9xo#aBm1m8Ho-+AVxb%aOL{qFzQ<s<+>V7-o@o>uf%>7iaN&vaX*?
z`nfvTxrDEa@zuLf^ZMT;EH`whD7LEv%enlU6wxsd!N1VfN@d&bve4XNj-}tF8j<C+
zR4MuN_1eVM797E!t?eF3ys<PE_z(%okFN*1cvWfCXV5C}+c;~TRDu%VTnN67<op^L
z#ScRCRW{gxDxPyRLQ@d292stIo?M00xDfE@!(<dhDVxX~^|v6p)#F)+j-`rbB-ZS!
zB27{@K<}Y*QMX(p{kCLLcz{6fM^*)2xEuJ_IJ0Tu%pRr0q(-=@nnTSmlJ}XvZhggz
z<9qeDqx(ukPt_tcE95q^+cxoGjot<Rk*4<hXZzECJ!87Ih);Ah*-@18l>LI;r%Y3{
zX?irnUU4%ncChvUR!S9RyZ@>K7J-6r7ZOh`nylt<3!}ikKHQ%;k|;4#)ed=?hl-uG
zt7i`E=eyi>p%eSYoLP;6sv7Q)#TC7+tlP@nf^Svl3)hcM(0({OEBsK!7Dc<7*i0}(
zUDZ&yi8(74_1|8*x&4f;V$ONI{Z&_==<uwntNruP<ZT$kh8X_fY`b0eM8pI9il<Wg
zeWufy?l_3puo`1XkLP8k6KqmT9=j>vqj%49elDouAf2*`AVz$jtV<vniA_yU+7(q-
zlhwsng`v<G3s~^KsM9C0@v}5?oV`1I#wGU?Q-UmzNYhHIn==lEFcSoz*@Vt^56#_d
z!bo0(JJQ34af?~3=J*IV<+Co;;E)hqm4pf0lXZ*CnkAQj!<Ox_xhw~80{A9IrJi|Z
zwjmZ`sFNYKkyqeA!nB>PkMQz74_!NYFO@siXknY~;mud=ff#*pjP$%==N4EU+v!z%
z+QyD(I@eXfPH`ibQ*hp{{jv({FI=FHLAZ_Q;8jN#)Qx)4e$NGjFbH)M9yygZ)8`CJ
z53ga@H74E!l+DRLMG<_#{|T#zIZsLBMemS}g-tN|?Yfd@+_96=DH8;J38PQ?d0Pb-
z-jHf8RwA;#2W8pfBXEJIhzLEfZ&oDUhXIEJ|3O2-eB<EpSVMYgnKU&d^tVZ^^;9L+
zEm$e{dK@1tPJi{j746{38`HW21ZNC$!+>MJ?+np>A>cL4?h*<fR+?ChpdTmQt3qyP
z7H3(jdjM$`$=QfenCnP?w|emWY;|nkXuDlf3Dtt1K7LDR*y$nToNke7>Xbp`2p896
zUsU^l*@nqi4bLi2vW)UP@`_vbHPMc)Mi7jqR1XZnoU3Jd(Aao4I)VbJq*#EIZ~XAU
z8C0JY<EQWXe6h8L`#?RKeTUJ}&_F)fj~E5rS4Z6@^YNzU>ON_L&YVMqbg^9y^Toiu
zYdusW2-uW38C;3I6_tLdJQj{-77N)TM&CpP7x3nz#uP#bmdYX&w^1+OsL2k~d1RVU
z-ZxU^?@B0@S4{cU=ZOxuRoJ-@ZpgBR03O>qD-WMhV6AtU6!~&f*4Dt@X8GBRKVYe(
z7qtM5qQUm+WIZr4>z7b~8#wscVdl#`AK|)01%eu-Y_zD;=XEm<A}FAd4>avW8<dGM
z+y^u8^<>#U0rym}y^?HM1tL~;Na!B}twS7<3%T4Ez#TSY1V>jz%}Djc5N<0sO8xe_
z1e7oX+gt~Ths+Ho-IKH;rxp!hymi*Nq`XM(MkccSEh$NgMK03_98FBaRr&h7IN4Mm
zXznQ!){Pc1k6Sv8u*7!f5h6l-@*@sl4Rnj8g|d9AvMgslfXF-ZA^P3vhecfb1u0R3
z|8lAM7i_d}LV=aGi&HzKDIPI+wFgInX$2g$qUM52&F|>rsCmB>CP&nIX0ZN9uqCvf
z?E;tst8op0?|WH}@}lEy=n-7m^S+l@Y7{eEnJP}I2~F7^wh(AGmNZxd<K_0SbYJD{
zf~c4l5nPVg&ZM)~T8YdoWoplMd$48?AeG0Gr4vaI@^k|jDS?BRK_u4OD)3$NebJ=T
z_w9~yKq6;GdPxg5thWt<c^t1BV>S}FPbn744@4FPCn`iu>IXdChG8DZm0L4X6e^M~
z7d=~U!A$eH30@<ey1l0|8>2Z7!tFh0YHWfs3>hCQE|<>s0KOD(J2<NVMHPp!r-mER
zJ?7p~EJTKN&GpvRFnSSKv7Nli5WjQN-Oq02y{|=<ii;G|a_Im^!pvvgtRX5VMdZ=t
zWK-$5E_e4ej_y@mzQz}8w@A057b-SP^EYg(XPO=3YuP0!p~S#s4}j^3^p&Sai{YLO
zP_Uto@9S?KgSmd|;~S>q+yj4kitSr4jCfp>pi8-p>%c-{qolWNq)FV1^-{2lt7t1D
zP`Upj@NEZnb^&qEr!^KZ7)RH`AW^cq4~IN%Ny!HeeT(2y3BL7~ntL9>nXjWV|MJo0
zgP&1jJ4+~JK8KJ_kWp8bEN5MUt|NO^difh|e}=Mf%Mu69_iEdEYKZ4*h3(Z`VEQ>t
z&)|Qn4Ox5(H(0?VIFg0O_|kftQ>E*_Y<ZP#xJzD~axkSB#G(geh9sV^lr`NMy5~}k
zj{pPuv)Z9?gt_{+;l=^Mk10<<qDJ2Kg^>0SF@SVF@N8yRy9(7IMco9<4LBn2Ip~Y;
zRgJE5QCV#IL+p83IuOVB(y&lX2yQ)@{kLfYVc=O#TJ6bOjOGYP!ca7Od@|NVk_?~3
z1JvV(ED#ISZ`Jck(fZCz>iM|5O$9T<ut7@sDg=dxF`TQ}LN;(UFA=iUk}(ye4JMib
zow_ii9dIQ(b&VBb6>f6y#kLOp--cx{-3V_pMmn;@0cAR@aZwC+RZjO~;iXYbS!|Ll
zqER$k5&2>x4y~FjGXJIp(k+0DjDa@E%I0K!)PB>PHX%1+FM{HGN5rJ&$P-xq^s%zY
zEoWuH-#!~_AU)qX@efAkQ}~Js5W_xbti^@ELj_L|d=0zA^_AI#!%ui|2uAMo$@QsE
z)RPXWbcu&9@7a-iB2#`iDbkK4Me+bPq~jd<d{3LpQzF7zZ^T!4<A@uKNzo9Bl~OHE
zb^iarhx1Q5r(IwocI7V$ZAlxDcHkJ5JgN@>l!3oBII;4Ba%q#F^Lwg(Mz@5-+~!q`
zI*8X`FsS3CKVebTlkIldiWc<Op(J&EcPO?9IatAgc?1<6KxP#ovjxz{@yV=uT-CT?
zG}bW4myrfPj8pmKlR}c?S%M$&@?<!(Yb+?#MFy~k&5Ht?Qj}Be3y@*FRrGSvbh+o@
zH+^Lsst>k+8G_BjWO|dKdgB-pPkRfYOyo-)cwjE&eGV1PwO=m$Qm>Zf#3yXZDn#%A
zU)4c-#BS(yQxK#MC4n|>umkv5pe`rOCyNu{7T8uaHOvwu;ZyM9qTSCIvJKK?x5UCv
zt0$jp1hG8Ho>;<ervn#~E==}S5<#JXcg!{GI)HEnWZC|7>iF2yKd3%8D!fKui$B6Q
z<6{fBqDIs{d(!p`eg0ow%6TPlkU@|6e!euK+niTpCJbJ#7zpG?nkQJ%=Mj1w5b+#*
zn*u|vL>`0~;s7V3oQJT+gNbgI5MqlzX$#q@;t1)WO7RgDX^)eT$MI^Aq=d_1UAwdU
zPx4{%^ubkIW!LqmCe3BBTm#dNv`hqtao0uk*z~Onl17HM7Ns;wQSLPhPKKPA&Kl?<
z^2dz3CJuicSCS$V*04#!2UHyK3GWfrissAVw;?Fl6G~ZYA9A;Dxq7ZBz3Ro>20r_9
z1-J)L<&rFFglr<LtElN&4a0tpSW$B+eWY?477w#vHDa)UhwSXb4UJ{4>lBc-+$6NM
zQ(c~zTI@ma{8F$ZcSp@8Z68SUJ}aCXI483R)ZFZyF#JhbDz4z+%9`t1-o0X2lui)D
zecV2Sr1oODlnNUy?GT&rbv48)xBQ|7<jkZ!s;W`W#P(1Fl$pI`a_p@rg0B=PF@cfH
z^p&{v|B__pGPOd}twg6QKcwI~wCes6I+<To&zf!Q0koa3Gk1W+)%~{;eKynnYEp22
zsC|h+!!)K%MX|>t05+GptiexkXQ6sym3lV<428^|P;3>|3PWI{N-?zA2)GAUF>d0~
z<Ih*r1Jx{CvF1Pbq+njKnRyAN2uTj^F6~P`?qrjYbZf4ZBfiaSOoo}quL}2P1v>$i
zuV9pLl1~KTvibDyAciz?!~-A<h$jI6jqqOAkdKsc{rH#s`ziS;Yp_xV2e}m?6H-Mo
zMMGlM1gb=bf^SFYHghEYt&jxGfV2AGKE5cGe@MKX>miN5+Kb<PAEY;e)H|`LavyEF
zhIEpHP!y6^bk{K08lxVN$UzU&7f)fT&^0*}^4gSoY3liri~gA>$hsSVXXUZgL+$q`
z1$Ga}nmGQ2risB+rwcjC(*V<Km%@hft}#`;CV+XGkQ};;?^?49CG(M~@p9KE>g#w(
zF-PKyz*Sn~*nAHXVusfDL|tXU5Dc}a<s(8H%EN1<rQxdo<i(#l6)Ou$(rqhg$mG)j
z?;50BpEx>~jC<|NrKz1B$CHjKEht>k96Pr2zd{GOsid#zrp+I4y#nh6t6FBU2QgBp
zFqBOvgR;i@9#OzGul4z_W?H?5^T=Yq@V53-dz3+)?TB&h{@DRKNVJnTY5v-uPwcT>
z%}ST=$Ka7H^H44b_jNE|wI4W0Ug@oz!@Upo>KrqxG7C2p`r^z<9i{U4>J;Qns?}X8
z3(Jf0G^KElliZ$2aZ%drF_TbYpIm)68w0cEo|9=nu)`1Wv3(wIC#fZ5){CN-kEyI2
zyjoRHg{8n(lhL;)lB`Gi5x7|5R0E-5IoAN3vYD+b#_;5`i?=+5rfJXPMjf)5P3&sy
zgkhQwaj2q_(QW(J1Bt0yVhF-+hhBsWg#Z1qyDsG^17u;(<dGJR4|gLG1&@E$Td1B&
zI=w?Js>9UNQMRD0>qyUpI}xogEOYNl|LJ5tt&WV2lc8>_E7ht;W@x5gvKi>L0|dM=
zUTg@Q4*!14WV9F<TyU7g0K*Kz@oW!D9`~K?bi6Vq88tD~t)XC~nt{VS$lg{R8jgc=
z;}td4JWtkbdK;Bw?wyP|%J=L@D@BA-%fl-h*Z2rOPe59T>)K<1ss=mukS|b=6{-gy
zd_-HdC7%b7LuJt=X2XbX))h1F(g>LuGejxXgpz`*kmv{c8aRN*Lx}409l%Yrf0r_W
zLnzLT(l@hy^|OeD`bF~|X;pw_OPpYnb@4CDgLC@C6Lu2K0UukQ#5RfVsIJoIbH&h(
zZG)lb;2w#qDY%`zcRirzMi7&>H{wTJhmDnnLtSH<{0Uf(BJ)^04-=uF6#{M{BCMet
z=%`inPbPQ{-4_X7&Gxj<_O0AJfg={n*~sWRGhe4oj_SU`*yBn`zq;odIc@=Eh$jH^
zmY|NkJ>MXlJ~_+kYOgC!(T%1Tsq_beRGYK%SUL6-$)sqHGW`j!N>Ra@jo)+RA0}<`
zmCM}rLP)>iS-=^x(?N_d0I5b9w#6u&9~Iy3+g(-k?1ejMZ7vyBeL}Z?(%0TKQ)0%{
zk2Z4ved%Xv+exg~a3^P3$51ps>o2@P9gU36KGrp!zY#)tH?&z}%pY=y`dMiqN{ia_
z&{}jc_#^>c;14$SB|fZF7eC=W>{BOqj}`i}WU-EO$&vLu<$evt9%d_3X%DXdsfv|w
z9CJF#7*XF?+J|Nl(&8-<GS+M#ZmR2Vn=Q@sI%)`FuFf3TcD!T(XhdN(_3<wuQPoeA
zh!JG&=e@1yY$_+T3q%|`fEOnK8nMbdkyWz(%e@U2_*geyk|#DS_z8=Pz^-^R=_%Lt
zlc(1w1T){~{hV<JDGyxb)tRRrR%jc!F09X|CNxK{#!m>#IjpyRuujzLpZVLW242@8
zON0RGX!qp+^sDWWwlW9fTrS%{*A5?b?@p`=z`UOjDg2akAx>)(b${EULB;_1ZR@W-
zG{k!a{hf#Ut`FeMkbogZ8MVbzxOQ<P#y;4F0K#q$hIQoW`Y@Kwwj{lJWjx$t!X?CG
zyR|U?SwLxW<Y{}Jpp?Xp-9MXxY5nU(Yr=y#<Fm8w14E#}dMWR+qBYjT?Va4NwL0nb
z349_r-bf}(Vai>0z-Sa!HaXN)-dCu6$#xmf?43wj#3RU3fE@+(c5D$WP$))FYEx|k
zJdq?HC2%jYGlWLndL_S-=)@Pp)D;|7He3M<g)K)34*-5|xwGO1k6=@KRycPNqTN4l
zvuBuow8QJ5;m!D~Up@Q%o@d*urm>T(1&xDXso+DdHO+~{h$kayXJ2l~3POsUxPP`M
zU|Z!QsWioz`LR^EXa^&oTf#+C3iEX(usk}Qt9o9A6wK@75ErP6lq?*p%dWp?s~&as
zQSR32R5doM!(G-W=WbRYlru>KE>~0H0+=kuHW{N>Ck3|%v%zAE1SSb7Qxw+28k5o8
zLwor3zI=<<3T+?8%6lU}_9+YJBZ{l{Ee2-74eJ8s(Hnpk+IaejaCsguEf>}Eh{Dru
zk3z)O+!&%6QhJYVH$Y>Mb-ajrBs$)*E|fRdck#cVywZ5#44T}T-X;0}Pxr$A%)tMR
z84y0wY72zvAA~v;aZNaScEo8!hx4oiPKDeA6bSzAE|4|or+r+!23DkXf1ye0_`c0N
zlWzbmW)=S3F~deqve5HqV%9zoBZV5K6V}f%0O;t7SgxUGdd-x!vR*DMfv4LIC)DG#
z!&imwQ78*wYan;I{XpsfEP#Hvi+lerHXo|^aCS#;0yZrc=<k{9UG^>1OfT?yn+NL5
z6;yw^YOuygDWs}rx1+U#DZu$eVb)8vBhb40q_9kf32H!_6L+B-!6Y4dP-}yBlGlJ1
zj?(F5ES((#G!=~5DrW=2Y0qWxZND=-wR37CH6oISf4|oAhmCu4!T)SNg4XF@SXjAF
zNf5?`t`{`ZW~b_>i><G02D*%t%}eXnz$>eIP<Y==$7zG_5o%7NF3J1H6e*bs47_n^
zeGzC)O3fM(JW=vCN-5mbg}J~lIflvhBh5nHG!JU{2C6>$N3^zFsF`R=3ZAu-!^{x(
zW>|F1`=)wG5Ne(sJ6Yd>6UpSM3r#0O;Uhop36n#7d>A><_U72fJlZT7`X5z?5suoc
zh)HRmb3doxdDW}&{v;l74H{2er~uYed-yD#2Q_(8X(KALc+Hk$1tO4A*QWszqI9Cz
zi467?`Q*+hmMDJ)0#3;Pb$;KhUCoO?(%!(yr@Yd~Zlm$h5w)n$3mr7PBxa!tgr0&@
z2Cb#pGG@f#+D1*$ZFWL8<6`VcBbS?>K66FpIcz4fllRW5jwb5{@&Qx>l(ItZ6^TEn
zAUN7{BVs<cu<Td&Bmh{rF!kHo8?||fW+?;GG-1A)7A8vz>y|`iCNrg6PN>|P8#h8N
zl_wKfhk$0U<!%$!&ULv>eDcB8!6<%GUHr8T-roQh#<OD^L*Geg9%qP+`Drj;6ah5i
z(6Q}L?lhU0rsvhF4g5X*&8ZiD{08*!i~UZu_VSKR{7WwsN|yqV_u4x4kvBz&hne~&
z@DXYvcBs(&MuRO6QW%N6S@YT)q7+XMR7GVu#k>&l+)2;~HGR|t*gOWbr7gDX<a@Lo
z*)x%8Mp(TAt~W=@YN=z#4j2Zow!MoF)olL&1N$4Xd?SB9jj;3NLCPAy{>;66g<p25
zrzm2!?&%$dMTwmH@_tqPt_|qq*`O$4jSMRZcA1DM9iNz`&z1HI+8|fmK28bev+PPG
zqldZ@Fd$2(CA&aAD$7ZW05D5On(6B>NamM5L_0k)|58f~#E4Byuk^MRMakT|6=Ax*
z_rK+lp?6%6;DCvhMi^$e(}s5jy-$;pb_`pvP`tj_cR=wVv6QtsxtLF^q>KWlr!@Jp
zF9=24pIZuG=0$#O+(7Gcbw7D#Rgh3SPyW_^23V!51dsNNLF@_hza3C^+4<`A;>&Ux
zrR?wHFx#;Om#^!`4bNsPh*jD<?d<OpFdK#Sxgyq}JgFqn2B}_X_VD3~+J}m(Ow9lc
zT!732Zo|HZAw&Swq4xU{0tmqtPRip<u^{DerJk0LOtNMb#7*CY&6AW}0&1=63k2LO
zg&;{g?`_$@@D*)DJGz#GUYp~G3i}qgr~x)R4fMOQW~u4wh8j}1;xP+o*>qd>KY(cc
zaQcQDAV#~OrnVE0@EJ;ibP9usi>lbDH{~mQ_lL5>#8>Ell&6lm>VBB7tv3@1v^Cz}
zA?N@cy3cY9YCIhH3y~+F#J`A!Hg83I@j0+Ee*+ISbm>Q1E4}#1)>!mRSX%;|Yo&zq
zX|XcrX=h*MS%9H`z3FL3xukl4)CdH3ehdbQmB~e8>1`--GR~|d0MPrTrq)Q7<GN1U
zMw|v%QZijJkyJ<B-B&x^q0e_Z@Su<D5L7F`3`Or4sh5_!Mlo9i+HnWNd%oPr$hGfd
z@K(R!q2XgI|II9>;9uqxy)R_D9H{j4?&9m!5JxN+w<JEYDPB~jn~#iGwBR4W@}gc;
z*f4@wT40}gkT=u~98C+|xFmjLeOZou&`g-dKf7Dg-ONUx!;x2r;ZfDkgEy6;Lh%{0
zNjK2HkC>JS?Q05!D9Y<tgD9ZRQzTBP2eE{q>MA^R)Hn~g70vnFD9<ag#8*w!H+wKZ
zf@GfU6rkV$*pp$a@Z#G(U#wf4mb6h&HPRL$5aZPj9gSST^8W5+7&@{?8Qx0Vb~Z_P
zc1O+ge%nW3DF6i@;4@v@`6}mrVrB3jrGf22g)nTt;S{VC!W{Q72`#YBQdX9vXr*ba
zNgfA<XHMq$wI=Z{HBTU8#qFv+d?YODRBX3^W#3`Os?pDYt4ln#^HI4k{~%Xw8ei^1
zeFic6s^ts<^|bcc9^^={erI$wa@IJ8|Er80fyvy9QMkm^ZlTY`Sq5GxHQ)6-Ab<c2
z&NuS)WUxb(@Fe4n+0rcd=sjPiqsgPf_0GnjjJ(VFLCW;QAXy$;{84v(ao6#&sc^J;
z9u)f+Tf{7l1;X5NRlhW0%cks1!_G;kqi`X?j`F2v(0q6wy%IS<=Eos;a7D0JJsH>2
zkk}E1Pi-8ZByA}^XYURaJxPF$1{kR+3{;0aVKiNu?z&k9TzS2ZUstqVYAkW92@gn)
z!wAChI7~yT2PGn<<Gt11PSo;x2*muWal@UEt5!Z)9BbikcKx0}g-HyQf?yom-$g*@
zm^H%FIsx(796Ot4Fz7(vI^6E$0#{CZFcGvoJXo4{Ix~;_vg$aATBUwmAobW0oD9f@
z0RrY))<Q)^P0&)tEtI%T<A~+>1Pr+suZz(}e+EWmRjSr!kmI<~Th5L)040tr%ISjm
z&#1sE8C!)?WDK$q4bLvp`-?>3)KTkf%#R$2)Nkdj>7YdH&CG}>9NPX;LM`k3tX&s-
zb}v5S?xL4K;;!>woa9Rn;NO?!vAp+o!u}39?m)|0#X(<TF5BR!nIxGPU9D;Te#+nJ
zk4}RKxadzm54G16p3rt4QmSje^x}L&*lfZ=&36Dtx?+jvx*bCe@W_m(ypqS@C|5H0
z+zj|$A5q-yU}^q(BV~FH@Z~=)8`mgMvA#4Iec|+sfw5})h&TzEZAg&A)&pyj9L7N)
z_)SmhHQ~jHSm=eKI5^b2q$YmXsmMK#D=D56NyrgYK4U$#zJ?=u9tStTGT)zvSR&yT
z5XC|W6F>&Xj4k@|xIgZlb6)m-pfwo}*x$<pYj+v;ixuZ)%Uyj~JcIbBjzMX%m7zY2
zspe8t+4Ep$)+ukkLV)nz=d0Z9wBZQJt&1CuQVk|_wIjF7@_hN>vkmd49wMrgQiJs%
z6Qe#3iCF)?;Stz{zt{nbz4y#GjC7FCIyWzeqAylU!thNa_$FQ7#L#AMD;UCiZNuRS
zATgc|8<<%6Z+}^fAK%U#rMFkBU4W!nny5A>+3-EsQ4QrdPFBzMKoQl_$q4Mqou3B(
z-|}0t!0#YJd2AaV`hKjQA6xr;egT~HN)G^1bGoq8B(X)+Jmqme-gzW&f>t%;fI-4-
zJJ}Z)MW0>nBmev>U|QB+ST+2ZC={jayp$V3Ls226p4dQAxF)5X;C=`-=^oA}IHsBd
z-m9cx6d%!x8Ty*~7U`1<7cOH#Tm6iiwCoL8{RoP*JOV>&Iepylpm=DQHIY<_VDuVf
z+%&x5OVseXqyPF*G#u?bv@d0ny`f2Pczs;S`n82|GlD$`N|h8bKr7Wpo1wazd&aZ_
zNUeP;)La4zMz!0^Y35W6;LVvKayC$sE!i~A`+My;15mP@`>T;RfpMeQ>D|%q=PX_u
z^UqA-(v_7)yhrh6&cZ@JlBT}fz{`F5$FpSIxgwR}UFqHAE4!?#1mz8^2?fy05uS_&
z7FrbzuHCma;)q8@?=ft<j!7;@)6Nz^&Lm?cl8t-kl9n?D=xM-P(ai5}YsS{QsK5OW
zzDWT`ye9|Wk<p6EOt(~gVJCb<wkoUnVizb|T16En1t%M@1oueUm{@3G8HLEw|Lp;L
z$L=RQevg4?2(_FdZ%hW)GaE5fGJ~f+Few$+Z~;iGUG`F>o$Gd*JbJG2`7QqE*-57u
zc$SFol-lkX^yV<IC<rupS_pSe<%<a{58!qHJoNXypw}xOoBBVWyX^!Nuz?E|yKwV=
zH7Qgzz-kZ<tr*W@0BDv+R>oLV##4?e4R(UKk4*=iktnh}ai++5?i|i{pey$QX&D((
z^U8Acle-y*c}@;D4W$snD-?3s6>Fgn+jh{>Tr_r)uzKBtN;SHjj00+UjWY6OjJ>+U
z5Q$BQY>tM9KcI5MNe2TmSNnMDKaLL&E8N`Pa8Td}cxAvurk8>_62||F%O1+k+?z-M
zVs%xe8h~kk$LV3<FdwwyRP8CUZ8Vnl+51*`vYs@+f`n|xGsKyD2{xlp@9$ioDaH7v
z3CMYP$1y`TB)w;(!rjNI@sDYV3DVmNa`h&e(Wp@r1AQJz3h;!q?Kr6lA)N3-e-l&B
zKGNIMeq>KFn3aay>vSp?BY^P#=qeiO?GNKA!f@tMK;{{~lzAo*%W~L*s=N%K`)x&+
z4ID%J;m--DbMP<Bw(6-Wv3%R#fdh%g<{#mAj}oN!^rPs08@~89@CEDh50hYJJT!VE
zIz4jAO@xqD2V@>1U%pbsf$FtrcA7}{AU(}*`@A-`{$g8j!zf?17oqMS^SI~FitDGW
z=>+Iwp5sGfM?8|?VNn*9NN6b)M?sE6P@zBU6)guBBw%ovTQIb`KM&wnaM|c0w8C^%
zy$?}TZ!^H$7KX(@#nE5u#_asBT0Z;WG50plo^lcF>I9+34aTgms9+=phlyJUlj|i+
zR?oy*2K&gKyVP)48vlE=Yibo=<vLe?mxsYvaZo<lQaop<&s5NNw}E&p**&ESB%3`C
z184&Ty0Y0{AU<dR?>kYf>zl?Kmh~8*4(=(;Ih|PqeFd1lJAU{3qTK^j@`}N^Mr2lF
z3ZH-fe30htE$Rx9{!TLwe+)uqrwD8FC!H$6to#P(sdEvus#>bCOg|u7PPW(2jk@X-
ze{cO)eHKV~8VL&`b4gJvZz?d6QENAP|A1utaYAXDr;O&y>hbUI#lLvy==QJb<oKh>
z>9CH8cmB#aOOUL(R;jv8cS|LX3`l{+iiAD6rOSCbg?pq~@W-y!Uy+8?nj<MAkVuSS
z?lHr&;&h;E>o_Q9XV6*}Zp0z-w6n;H2!nn&6N@;l7%Sg;6ywGyS|N8&*9y(J?5XzE
zZtyI=HFoM6a8Pc1o46Ngi)Yek@x8yB#x&Qp!bZYc>)NOYI6ol$^C&nJI#N9BBF|pu
zBE6$48CqXLl+vEC`c7Qk>NDb!co-_eyJ^om%~ARQ@CvgWaUZ@roInwGhRT5+y_E;a
z3_+`0bdjW-W2+kYL@<Cn;+Dg|(&VeXzFD_O64b_5etfT)9=4NyyM3xH?@WqD4(dp=
zeqEv8WM*qfOqwzHj>JI$TdlJ?@X%Wg0gzQ*N1Zn0(A~%dkRa7oyglf`j$@@Hq-VEi
zAU104P(@>@lxOEJZ7X_NiLXaK)TZ18P!9GYQIvk~zjH2%=ty(xuQ9+L3T=%!%DRPp
z*t*?5C`6DB+)<~(y1K1>hF~=fa!y~Ru9&YRiY+49sF`d-2ydn3g#0Pc^O?J1&iaZK
z#7ISnxEp8sYRsY>Ec8PvIR|)uG>xGsKu(=VWzp#I!o#z&PGGNIs|zg=Jy5@}zv~}1
z%qq*dvzt}4yFIPao1a{7^DCFZBTskPld=s9NWgc{je()g%u6pP?q3LCzHC1Xg^!$M
z>L<Xx|K(x?$^6!WQzSkX&XUa1jwUnf>8un}KGb)_13pqLdd_r*3WU5rIqcZrt;(SZ
zhe~fZJh#Rbpesxsc+@hMI9KGa1DB-ept4yGtfo%0=?E%hZzpdV3rjuLJ<D4mV1FJ5
zR0cwKg;uGfE>{XC{%~+rkpH;b)Gu|8Z~K1EBfT@~xS<HP4YD%fXc(6RyQ6`!fF`h3
zRzYKwOOKhb{nym`mihqJ;kcv=-?NZ2wm<Uh1oAWyHFc(OtMa7zrn{)Pnz%34`Z8(^
zB;93&?EkO5Z;whk?f#vn8K)VwnqU2#%+xM+RVVY3x75ngY^Jm_Ew7ad=8e3dg9tP=
zTD_*2X=SNY*hNjr8zc%=PH9RI8j&K9nW7+2Dv%&>9&~h?_pJ4vway=Bt+USguk`Ep
zxqSDt_kKQm@6T4r0j~2VRhuFu#J@W+A>IZ2Zpem6OU5OEF!#<Cb|?Xq$i>gqs$oHT
zowYvcr~##RWsr$FaO&uWYEDUf{iBd`JHZ4|MtOBF1Hz=yHJ=X*HjWh=Z!d34WUM+<
zwJkif05e1!uPedVtEJvy_gGIZh}B6*)4E3(hJtaQIqp8DaTd~$F%wjZ?b3rBw5=eb
z7|W6KL|CdXa53ku@5mg`PLZw7ps`@)jbPy7-E4A6%4?zDdAegdpO*|+r^>K@o3Lj9
zT!?+T{_Ji!1-AGIcpjARK!F>Yp2H*Q3h$(|<WW}0Y|m95$|s6&t0~RIdXJ16ZlPCp
zXV%UX;LH)&!>CyB=83R5twsVDTGTIlG|dUfJIwdBw-%Rx79ApobpCRHs8c|nm}#`(
z;i$D?=9GGKizymB`yc_?@SmPNdJbd>X>>?hxK;(Kxu!l+q-epjGcdA(1e}NeFpBZH
zowf#JFSMka9K$nlZtp=1H#)Hg>`CN?53=PHm?0oD;DKgnGgVr0z!^0;g!R?S9&RwW
z_+fpNP@{<cPh0c+RvyDcHSz4J<i5Az|8gd|Xxnw!%}1jNDsJ6>nsiUrPR%DaAM;s<
zmcp`|jQ{I}mX7mCUlu8H49}3iOy*s|HI#FFya!F<g_KCY{w?660e1$pS%PhuyK)e9
zEc6yWn`f=z|F5t7zi|f;lo?UzmZD`ZwZYo`;FI>wX-9+1ZB&d#yvW>LJKDWSn?}~M
zHlyVOi!j<wSa_Tz`2IPw2NNtFD{aw^duZZUMvA7((&8Q1py&}pal%!q!O5P2IIU;*
zgYdxn8~r6p9eW_-i&8&C#<UVJu!x)7Sd`2K1Ty}5yKVnGg!9$K59SnM)=o3Nf~qR{
zsr5S$o}kM>?rxRA*awcMa2ycdqaMti|EfiqDXsG+$I0Th3f1JbsT3b>Kr)=I<_+HP
z<h8!rj|v?r;;jMicAAxFyQO2FZT<85&u|7h9S>~l-U4zKM4Izs`!-K6cSUP(1@-O+
z&1ImM=PoB%JHrSDMjwJbOFzBk1##hw$tq56hi1gLMa6RDzddMv@5+-rLW^?j*+6rl
zP~;==^vUN1%<2PBwF#?{kQoazUuz~w9vOA8EDvEs!l0BV^nLM~{oZZ$m!?V=op=+f
z0JvnZ@xsaJNJk=R%x*gzNAg3N>efO52^}-)4}_9<C%Etym!-80j?2bwY<5T1sOtj5
z&nf^044YHxy4c8(G_DkcTR_6Vr$cD3b^HwnNthvF>_;;|LnEGBD5!mS@f2ZHTKA|F
z7WnxY13g6;+h;I2uDg*h(tZ|6!$&!Vs00y}c^o+vR7!A%DBhk-i9=l6h7R-A`(`X-
z^5`W=&G<4|VpCf+3q@8ZRcj}j!quWj#3bIhpm8B~MdW8yI9m0xhU=~nj|-$C_l<%F
zRBF-jOg6|hYOIzyOJv(P&Xv-f32^a7kEe0n8rZ|dZw5S6W<8dQsA}1;tV~>EjxgVw
zKT$fXm1?~WG6C_5{$tMLKYu-X)6CHIwGdqyl}L6U;zjTmZdgINo8WiT<k&T1^nKN9
zFsr5~*Mf4@(<Qwt0y`Ez*466%#BkUope{V8yJvF|%~h`V>{QhS$Xa*rj>ZQZdcEO-
zm!);$M%(Bu<C;DAWO5e|Sw=Km18=p%kEJIu-XM46TZrdGSYh^q^YUV+P1$_e7FZ>R
zKqS2jCGF#U^_=!@w`1NbLz@uOA70#67A2R!Zaq@Q8zLlyJ5F;F7~RpQZ@FSga6t-$
z&mzaRxE#AIW`qzp5bCptl>LFdNGu4QJhbhz6?Vuv8ry4zmW?^pdD;Q7V9kofXekKS
zyq}Cgo?Qj!u;fO~BH~7UzH_Nk0P<la38(uz{Mvhd&#M|m0&HKHd@ugdar?)wN`SkT
z>{2I<;U<f@_ZoVT(RTqL%ybStDRrwY91l^ra+o4x7Ug-70??wuW+~gOfJeUvz4QI$
zC#%Kr#ugxTSffm9NVxSVfz-=8lg8cpvbnk{VdX88P1lY-u2#jVO4L_!IphJZ$ZY<q
zV1z0DnYw5|NFSk5q0398pnxgCpIUTBg1l3#rQpJhOS%i?yfq`G;90H;<sXLRVl2;|
zgd@QLn=`nnSdi{+^?d!=Z+i>o<t02(3=7tK@gpw*K?MOh0i07$x)x@>CP!~&ZFDIN
z{kC)sVYB`qH_zMg@vC@D%CB&yN82?41Kuv`L~!W)xJ2UEWfMdnMO4@V8cmg^xiXw{
zR|M;=5jN7~_~Y3{PjV&2^ikwpN$@Ez#c(_~F=0>{$F7oGWglep1ZbL@QV|c*`D}G}
zk)oZq-K#@JQ{CcmIO?~Q(t1TR3C=zt8os_Ke<EN`d_m1{N_KsnmW5XA`@v3sihCw4
zw4k)y-OE~^2Q^c4Y<Yu<aZdBje#d?HtBW$=Jclf@N3N*j+a?W?8DJ&`F0Tc9k?d2j
z^Xml1Vf-os^hG`B!RlBpwNipi84cyu(5R)wmnH7k)y}1oafoQxy})9mYA${N5*3WC
zGobyX1UAdM6nbki`gfAa!fQuwR<qh3#iu?=e_a^yK-EXI{fcSmP=-$~wk`HkaITwb
zd=S+M50AwT!KdZb4$jZ3Ni$4lfFxi@%YUyK?89cAgkY%aSSV~R>NW4w0Y&_FeA1$e
zVZQG3g+#mrz8Rci(23w{oj!Y9TM6X$>v;5k;Xx*hcr}JfS)Hx2(-&}0Jr<rxtH9PY
z)P8ms>NbN2`RNr*gx(7o3WD?LryxI4O@4TL-FS3(T8=6i4&xclBxi3DAua0kiAocj
zat@rO?xLv!O(>=KWSa_;gVzy^dy=qHZa9Es<|5mnI^<da)iaEN8l^M|JnG(snn#Fe
ziQLq|Wg>S_KSLgH3VO{qdEf5m$3@@W21PyS8SsIIcNPkhtK7qROQ3o?4=U233=DU3
zN#i+iFFiW>{S6M8U6=GLLX)xPfL>XWDTMmT3k>>Kx7e?)=mtdxtkJH;aOFR8BN7pn
zAm3JLy=p|a(5@ob_dUpF{F5vzDtqRCy(ad~E~T$ax{FYZ0Gx=)NCTzuHyY0!<ieu(
z-iNX4ON`e6>&2O~x?lhw5W-69X2ITGD>qr_q+8aSP~(iZ<fMymTuRitb@SI&V%ez5
zwo#IQ3f$v@tz9(pAMYP`vs3tiw98S|`7y&aGSDnG1AMr@D`$cHe&E=HK>f#|8!PFW
z=0D@WH!J#93R1Mq+AzA!8|iq8(AzE?Fa=<W98^234dy!L(VD5#CyA&G!J?^E38z=T
z?DH&_kZPrrPT%3z5k2WS;~Ratf@hgxIzfGSm$d{I<z&H6$rF#&t%7SU;jQzaK*dEA
zql$ZVQd(wJ!4^YI41Zf;m{~lTdZ~y!Zfm#fR1_Zo-(<!3;EljBauRC%kq)%`n9kjr
zyyy;@-$8|P!hCrOgxjQnQ@WdC8}3V@hfy=nRU7r+f=xttN42li|MTb+Rk_4sc8yT;
zd(#3^r-J7g4Py1S3FRYZ9+j8p-BLa}39-4UGbA8h{-$oe3+Lu8o+H;$OtVLBeyt9W
zmu$o~7@|WEZdfuJjCgKNg@=Js82fNzgGTG@_Q?wu?f9#^48JQr`mq|DC{K(D%&n2w
zHHEW5c7&wiw{Y_`c}<f}cNdWb!Hq^eTRoRd4izh%pf^w&-P%HRu8oH-u|uLvH-oD!
ze9{-qVf^47MBBc^s7p@SG}#sfx$T5H0Clkrd#Fh#9X)DtY5a!B6asBqYTACN-0hGV
z$vyD;<lP$vuA!6ii}o(QC*@)HfoKGGij2A5is1t~u1&>k^N}lD<OYi<rjtiyV(O}G
zs=?p|!hu|2)_l6vZ|pWF6`;&(JE8z(k+JpHv|G;Y6b{hcXU6FsZjSQ9Cj@q)`V3Q6
z6ylC{kfd?^+lRF7FM0a#mO>P)$@X0>r8ER@(EYl__uu#LN5DfH^~o{2_oxB=_Q&;S
zGv6IJx(7GuT$JGSj&>&P9}DzqH3SqJx$>fsj$_+(iwvzYX>WH6B~jv2S6T>c`FWQk
z7$TwGZ6W%vwKf%s96*X>{Ft3H!VTopM5(sHTPDtnKs!_99C-z(??2f2G>N*~BKtWI
zolKZ(P>L`2)OONhO5i`nrvtoSZyp%G+;y|v*?EETP;1Y9GQ>gM?Uyqg0vnXt+8j{y
z0KEVTVuff+Rf3oTO~!seg--u4{ZAP<@02-6ir}_1DOhh;?Sf`S{105xx;St`D)o8g
z?$3ML%0r!>1B-zU#qY?(&%-j^L0WWB)&d~_=%1X{okfr}ZRpsD5fOtMVIp~OW$Th)
zP?9-H@lyo%IKuf?@@=gSl5pkj`~Q7Zb3lM;sZZxVRWV6hfKP6z&jZ;jboc#YogRZI
zM9Zg7WaKTX<T8DsV_Z(|+Ls1;DLOZ&kjzF;SZ{^4gqBsB*cQ#K@vbDpyyRSULi-2a
zv_Q>v;<@4m7?XuYOw9N*=w>3ND)>Rz(T}`}e;kYG#RJhB%3L)DW4e-6GdtZtD#oa5
zu;cklxz#%yf2~!BS0my4ilmek!8%zwq|k&QE^@*KlptG=H)oHK3o|2cDMoK6P@RuW
z*x5qAGoo7s{6lO-07Dj1Ukr|tGB4&v#15HFdop%WD<e}p?iP(Z06@of*X92E%HRHy
zoEu&Q5OIWv%%ow{%lg~)82|8sWES}&>F19GtF17&$NK&oJLzKfVZvb-*AIENPM7BW
zi>waglEUI<_YE)C+X)GWfdmA2Q&DwB#ESs#=BlZJm%7;72`z{o`_}rVp{0qs^G=vM
z?;z}ukQV`Izxl@6MHh`FMg86=xeQ{`Ub<qqYzY!R-@pzFcmlWt(I^O^@B4Wp#$A=O
zszo!%2p<i<VQesMWkV4;-ffO5m!<(%GR|9f^UL_;6kG=~8aAUeJ@+;fMM54F8paql
z>kDc`BP7jP8S{UUcgiX`!1F1c+hPC=mj~}+0Ir!PIk*KtZl%@3jJiar-gA@r`mf2v
z*01yc$tAhe{x$4v`Z5`3%~;F00RHHB3b%_kb8f2!YixJDHf6l&SiHMJb+7nr5z=L_
zIj5Q(U#ECFoHz!G6_GjUoze0ehYp6N(T}4pav%ggxKQ*&fNPNToI4bFZYTNKWWl%Z
zD7$;D(xukV84FWW^#A1KJrxs?`eSgdebX>CFfA8i)-<h#heKX2%q+w2R#zD;2FP*j
z4KnUXk#3((mfESz3y~2iKa&HpiiyI-v;fT%NP_PhEorL4gL2j^Qj!~#zlPhuXmD5R
z6;7#XqM}AQmvp7fjt%m|{$|P18FB7=MS#XVyMc2i!{{p3=tJG<KI{GLv1@Rx@(Ab5
z1drtQTHQ5zTNTFrs+AVOo<4LX3h=!{E`yWMb|gNynSd#U=*=f5E6+o6q5eRlMR2bi
z|Cf?F%=?9lWAOC347>P2bq#9C9><G?$1hTz<c{LlHg>;Vj`t><912OB|MSVgWKS@$
zSwi<K;0|w*{Sf~xudZs!;@O+gaj81e3wZrMlcg*}8(=lK(A1V{=4v&#bOdA>$o0OF
zlTlP<+KgdTSe@0E1=|ORsD@Du36CQO!-lCN5&n)x67555gF$e0Gd)B_xs~_Yv<cif
z+-5KFfJ|%;nSE@Jo?$NfUnl%Y(e4!{PUW0Cg}W8i38#+_)rj1ujq!ViL1tOVc;Sw-
zAsj0u|L0zI{EVzfnKZ_&2PyV{J`AMyq*6ruJB7$q0#s@q6t-+g==dy7kUBH8f{eog
z#8L32VcwWcKl+-B&N^|2`S@|nBqF<LRb~d#lk3P5cXixG20A{r8Gk!%I=%EiLC@_Z
z*6zXW_?_wJr?JA~lHJKfxXRvc*{hQ7x<RM$<?^gm)df4wvlP3DEvCmRFt`9|W)DvL
zVk?}_8EeLifU$7HBNK;u(^Pj^;~>)_crKGs;tVvs(UZDU$cdNV^b84Y_E_t;B52#>
z#KpLQb}ilU`xO1QNmY=dYPIFymTB8M{WYxQ>^9fsU;P#-L+=3whwJRNiQs_6C1Hoc
z+HDS?ro0RLudVP#y(C3FJeh)h!_KGk^m}07=D9HK14iIxtJ=5GPC7oNj(!UPyW|c-
zNt&;)n?Vmq)Wx}d0u}BJR&OD<kfPBOL|!1yAZq~#WAQwV{~)7$`;u*h5&q%WRfazK
zlD|XGZ~V^tcfNbP{_L&1LRfYlNCYL$Sv3F^-$iEV@5=IUHwN|+?Xnx7I-JtkJUc*w
zzjyLNUbuElkT&UsoyJqQ?;*E6z5r4%kzYVv(L^0k)2c(4nx<ZNP6xGHSB~8CnC#C6
zsZ9B^11>ShjK0gy_|yY<3kz0VYS9joHWT@lt!rh8M4b)13KF~j8hpRa(%VJ0pAWRG
z{Xh(#8f`PzC@^wq(G-eUsY;l<qHE(hSK|z@n4YmiTflZWCv?8sqvtV$xv6p5PcOAM
zv=m3bTCrj}+cOy;T_f5#*B4CZjzM~c?K0t`UZL+R(9r|Mnbo2Il?$@=n4diH(!5SR
zow=(^Z~bi{K<@sgECDbSw8NJIP%PWmpI#h$J8*yWDh^+c1^8ZB;ulyINT5YcDX)5H
zKW5|9zbQ<1O|wqbmB92s7I4s9Eh50FepC+-TC_t@$U(I$7^-Rx`}p7G+|&9Z71D~%
zRCZ#<Pa{@c8{U318uzo@=larBn#VWR6$X{n`_*5l`l%@;=|_vqzIDq!F7jKjai{;{
zB<qVi`hUpZ`$xUrk88rDg7;?{V=-)6kR5{u*qWQeK6)k7w~f<icCK-BB?LJ0)9~3}
zRDayLV#OJ*LGoO+#!RMmigwm?{>3$@nZ36Eg#@erZQZIb_DI)wMKM<`IKwq4`8Te?
z|Cc9#+^7o+@tUy8k?;5!^(AHO7LZm!@%E5<Xf%#y@xY<}Wlr6N0TbeVZ|uI+QU%8+
zU9AErbP0H}<&zw0{?8|MoON7Vzz&_h<cp6*+8iFyUuj)-uM?0+j_mt_im#7qwO`S8
z;z<xWR42Qz6MvtF4|4F;O1A=9$uh^eun1^~p#o$00@dZybz{zlGyb6w1qko%z5Jiv
z56*vAw@$t$*3EetpalnzjFFQ%#>s!qli_!MqFyH~lnb-6*K=blptQrtWQ#D;%9g4A
z&Fc41_Zsm}9*Q?@n9^rMLO5O{-^`o*ZA&_bp&h+vZu*Pn0l!){AjJ$Y(cUV}<us}?
zx(SE=_;QhUjG=iqFu*`eNK4p*QVh_BW)ykAAX&qdVxoT2h?PUdNzDKqy^`Dsb#%!}
zRVSGys5On@V?5`UW^Y-eKpMbzRf#>c1+iQh(qB@8_So2_`&Tu*1y{fz@>2;R+0A#A
z2pT4#El{1ID}(uRDIlVpIf3p+5Dda;R__7<L0L|gUj<5`&o{Oo{%)nb<LjxaEYBpA
z?H@IOq@5#xlbmu#*QkX2f&0PD+9CzLQIK5HNUGIpWa76fz)~o=Q-HgG=HPAHnbP%D
z29+Ov3y|C>1_W@21>M>>n!jN&pmqP-1-@akH2=v3jTF*xW-|I1{;>6a!q#+b44;!J
zozklLjDlyMS@&EfqPC!-+V5^^ON=^zhCjS1?NAXGo}Cz^K=nK;*0+3UP^WqyR-LR`
z*cSQlKHnQ~JXtFC(VI*GB=bB>{K7@-GzL06!GZH#IQJEQG5^8Yb#Yhk&$|K-gJqWh
ziE$~&1Ep;KZE#{w|9L92dsBd`-Lj<YSe)(s#1si$l{R>7+)OPZRq?)Kt=zA-TPap1
z(O9v8G3*EA?|^qPw)Cc^VT88i2p9<5BxfQ6qiYvsM%Ezf7nFGLk?Bu~lxOc_64M)4
zAkXIJ<J22WgraKUHy<o_DpCG}y+cl2%*(4FS!;-c=`z*ZD~e7P<dcV~X)E&`gNTpi
z(_L|)NGXM}nxl}`Sf5?0jy;%*=cm4ALbuwzVlEF=;RjyGxJ?T=xz$H=(<bVeEie|3
z8mNncl)BC;TjUGRRqFRJqnx_?+|5&ve$>Ro={M1*@D<9St3BU};#p7AvP_iY9mjSU
z4XPq&h^XO+3Ap*msFkbPRTyc!SScsO5~}F;8XSM?mO@hu5L$!n6NHn4K^L<;Av}!z
z%}Yr+SUM`D&-<)1YYU;z*V}jNi$od0*g<K4mE00SZx^Z@Rbm34rw%quc^PsUzn-?j
zkOVFxn`Tu+?bU5dfdi)iS?fl3D!&DZ!n@AJv%daJI|JuO&!h5T9v==iI8N9i<B+Z2
zdY?6{Vg{c7z<|&rCd&TR!+=UJ{5SX^o)H1LX_1rbrU+>f6PZxQWJ=d?DQ~L^ZqKrL
z&TQZ#$sMDIPI$48acHPw#v=@uh_>0CUxu7hbG$!*`;*CIK1I1KUmooS5@tqicE(CK
ze(&u$581lZZoVVOOW<I4<RB$A^=6ra(xnhTe&3yq{~bursaBrM+*HatbRdYeco*EP
zv05FgO3G2OUpA-O7bJD69A9cK9v0wovyy?hu)dVb7lFPL9J9ly(B0RM{^85IJwAFy
zMvVFDHavA6vYyfNtuo}S!PfdrO%GcplY$rMAB4v<(9fOE75_p%3Atak{9i@RL-7cl
zL4H}YV)XGr8PASQP2cP7@Yy~YlbdBL*9-C@95uarQtVa*8Cr4BU5fTw%TALEg7eD)
z3upZ}%EYa_qGuXv40GGdg<tuf)vwck!||HG;^a{I^24mlYl757Z?WP06^BFdMXS!C
zw|JD8+8n9E@OvVtyID4W(vJB#yese^RBM@xj-rVBJP)^L>L#V#l~sAg-P5<c#xK8i
zEqPByeG3v?y$=~G;{z*<6y2kTEE5hmSlJ}!RK%)6+QQtb)|eU|>buQc;+U(KtQ2z`
zswGwU^-=x;jQ!GX7%o@OCwDow#ZK1_gpfRIH{|)}cIFyAP*jxe*`jh-%X;^;=vz@t
zzx!aUHyCHRTm13V;lUXEymLjd_T+VT1WJ&s@opuq?N{S%BYej}(Q##bFlz~{7aF4G
z@(_`q%lPhM!~Bb3b!jxa9Jy+R;xrfy_#ZQljP7g&X0520ce-b{z>>h-y8QH`XNR^Z
zQKfFrSry0sC{!>O@6?h5^boeE#{7LH%TQ+Gw+cOrgahz!vEinuc03=Alulqsif^#O
zK5Xfc%l%l5gL+GG6(4%N5%l0lFZpuUlA=B}2A#%*rclRv<5@eWSmQBV;j+pxi*p8h
zK72kTS3P4;WW#DDgx}&KryBecxuJhpbU2{np^xmFqIlzi_9Zd4#rf-NCsdERqT6rt
zt6AaW=<|4TE<U1~$TivHgI6hxJY89VJv1KZ(M74A6;n`*L5}$`Bb7PX5ew3aSSm5y
z-!#I*-sX_eXS)Y^^L|G!INs0`Tks?^X2UVUs4F|!e!_;syS%?5sW^W7pb&|r%I~G`
z^pU~s)Qi0xBJ+;}R)`!TH^8mjLIyIh$rvc;Zjm3xo>ij&-QgBaZ>hWhY_Xzb#~%j9
z6NHwo4u_5<+vy8$eSimM*(XUVJvUYr4-^s}m6!VG_h+M<n!Q^>>4>I%)yG@*l_qsb
zV<!p$FQlJ(#fM&nZXiW~L^n{|7XyVh+;nRi&KPXqR6NNs_;vz3)|)0Ii8@zqhodc{
zZr)x#?3A42<%_?zv5mQCFYSuR&u|^>3gZ(^eY6DT5PhjX7u_VROi}h<5o)fZ7*wIV
z^SE&!pya5MTl;iTzVJJQ)mG8r2r)6H-&MElpka^RG`&?7$8!NyS22dZ9_J%JRKh8W
zeVuFR``pR3>=N75O?JY+bZh>Td^`5q!@iSmE7Qr|LTn4>_8y1POBMZ>G~aJhQ@dz3
z`((*BF1f4<6po^ko6s+=DDXg|5<+uou!GYj<-F5&hua>Jj(GqSl?`oQIe&hmTz%>Z
zQP@Wh!Bba2sS=A;BbIY+kSYCs$0WpQE&JVYQ2Y(!hi~6_aMuhLliHYCl&ry~TzS1{
zs)t8CD0_X0Dzw|LPK8zg_KZFtHr%<x2-#33>9{>!$WAb^t_XJ~1US?`OuNYX_*f3F
zZ1XSS@KoU&+XCEv#KUAOa%1LiVyPcmdzx9Eb!RokoeQd9#JJkmT1z>wCexMW@&?Ck
z^;OD?-Mojd;?(Zlhq$_-=0cHRsOq5hzm5iew~YC<cCXs~5Y_7rzxuG@r84G{4Y?Im
z>JZH#Xk+UF1YhW5;;YsmYP}q2%nm5G1>)}xoSMmuUVfmo&M~D6L*(4T#)Q}T9xm70
z+f|6`3}|6Y6yR{+RxyXL8~;$=WcxM|2o50Qg?_gssPShoF&_Kc1m~`J<<l4v*$cYd
z&@%E!8DIY9aI4Kp*vfkZ@cClSni~t>Y9^WRDoLH(9*Yh?DHm)yYom_s2BZ)7V>YZa
zEx8BO%pB?E^gh0N3ih$mNED3pMLSivQ0vnu%J}ZWXKHl#2+hGI*kLrUI)q(h8^>&c
zURUqE5|Fh=iHbaOyI0G5=v$HHXzO%H91A~nH+@s5kUcn&BjF2lU4GL4`yYqAA2D;t
z#fF&=GPv!;m|GrVz{nkT`N{8SPLY@IrXq@$@rib%;KD{|%U<ZjpShz={M2BLyQh(H
zN3?JEkt(u>yc%;j_ZHt<azVIpxwoJ|*`E`FiwUpvEicas?5&Y===S8au2Imwu1hrA
z1rV@Nmsf&h?4L?1*`<>eg#dc0^9^2R-DU13!<#SP19;MsX^loe)S0rETjXttL*%<c
zmr+BAKW;>LdRJxo-WMJ0wz3$%^=)q#HPPIEw-6-N6Y5<S_#0lSA8<*&;j;w9I=_4F
zvulUHR^HZQp4_570R0Y`&|?i~4?YU+2akH@>wN!tI?aA;TH!4?mdZrf(`v|{U3+~k
z=l^J_FGA`Iz1so|4-^}>-`6t?@@A(^^s*Sv*?jdWpI#H%eaX4e2>2?Ly+tDA@!jRs
zBiQ8BQ)^qzyj6QG6~UFu&-hd-q{HKUGnn>zMKhF63T;^tUfNunWJTJb*r{slpcIU|
zDxLdMv&Y+sh<&PywFK4^(DrA1E>R?Fr?BGNPr%y5{O(ruGtta2v&`x}-O560_{XTB
z=L*x#(N{Z+aFtK;<GtCWbQiB6V|sg{|NK=Ovj^1jDkh+Q<Kd4Nqzr|bqSkRBEn(}~
zcQAm^RbUsBA_fsYK5M|l@G6bhNs6{#VXun3YOkCM1b&uXqoQu5Pdfa|{Q(Fvg0E?)
zvU&=+v`xRiCjrJp*AH_%5UbAW^=wu3y02ZSV&DRO3*J&whhBVb96cP)>3|!Tc!yp6
zc8F=Ss|BZ#q42v$3!Z&sp7yF%@Q&@sl}0-qPgy8dV#9EZ<I+crZHa5esC89E3}QnX
zuFUf6*DS`NO1HImGG@G#m3SDlHCbE66kH3aW*5pO=X$g}p%!_JGaS~pb$RVx%hrwg
zWr8mtsMm+H-_~W*%Y*9899-y3kP!XKCkP>B+IX{uzt`s^<#h43L>{0ne|4>qiuC0S
zD?kY&#|!s_NLe3NpA;viD2&7;4#Vml7G#4It$!Q`Qe~?w+ltuqjD(S4yH3;*QxQ#_
zJYgJWoKX}HTejw9MgqwR8`lkpJ86tREJhHs)*N^cZ~%5gO5eZg_&QCi^taBqH^rr$
zetw`b9C|s|XcXFUA_bmM$4*PNi6j<^PSr01wl9!zu_7xr2q1?XxumDg*KS0CktKH~
zemH3cmEr*Ju%))7ri%w(rdB*5;>WKU%U#G<2?q1PbpT|0&bTagOAn^OH&~cjlg-4W
zpwIioQia~v@{ThTwA+b?jXn?zvg+qu6!v+sZwZa&>mfRx7l~|CjS{$=qN>HB`Biq=
zN__0~Rb^<7-C(jSQd|Ff-l(8MeMlX5PcYR{K)F@j!w?$@wxoB_Xx)23651Ca3^?H-
z;Dm#~2dOtOTuTP4R&XF2j@3U5E_^mje2Bhd;Ps#xR{caiexDvMQxeyEJy_x0@vfED
zy-eOAxPGgcx%k=r6{3#IJ`f=vPw{Qx{)*p$uk^Ja={)o+gb=D~CMv{*s`VarYNWt}
zuS^D+OTKV^b>G!VL<K!!@cS(+LEZp)j9-$k10xnpZ%HSBH})7EQbDvoDGnc9DN&?>
zuxYk19(S~PzwxVfjG6W00DXQr|L3SgM^z`91akYyJ2in?gf!UTY+R>ijB0E#%y-mc
zKpuZ!Nw{Y83fqwoF9>(Luo`nEqEQAPChTZ<#djA4Z!<2dAO|w2fwIOjbW?EQKpeZe
z1=0u`=dl=x@Zw5^FA-CL%jronLkgU`S>w@)Qyg!tBEL*E7u(c9F~3;pKU>5-y+cU4
z3^3NtFHo;O*faw8`U~T)&_N~n77c$pJniZkylu7#7=YuFTBZ@QgL7MAkokZ1RdM!9
z$8eZ&nYVUvl|T$aTGCc?l$7f&(=jEC3@Tt4WubRVoylM78PphBXn*-rV}2U|#}<_9
z8d(X$T{+hSxQVA7YZa(4NA{a%h^xRmr#m^bCVX4eMc^&>r0D+sL+Zb}3V*DDVMh9)
zO3aZ2wX`K;oar&$r#PLb5#ad9iKg^Qt=eo_P~7{~n>{k_Y1;-T%=rib(_@dW!*Dup
zjFqdF3P;o=b1F;wR|{p_N6l4pG)ep2(8Qt^*-2l09Un>9ajp6+EMp3Z&^9UCJXe{k
z&G>)+0lP){F<I?lLvsJz8?2*F0M|1=>Q;#T;{370d1~oQpYM<D!<Lb~$J#LztptxL
zy8<2q-DM5(2^V`z7EEe5i!g7s`)67z-=W;gj63H!hV9<yxf;wgKOqp!piBGI(*DDx
z|232Plb^93p~b$`{Z>+mMZ>fi+NN#Os~uHJell|}Z1YoShplv9!QFQ8%-^h?nVd=p
zR;=M}pE*U2pA@=G2XFOFZQFEbW=0=pkrb`^Wsyg>mOj&9{OSixPPCJ*0dqRfUFkOE
zD%C1m3C4QUHuv3&L36woltQ8VwdZz?ExnY+$Ef;)bu+70d<t|zPaugqKym*giT10{
X0R=xn<sI*I6ZP4>e^>R+V`u&cPI6i-

literal 0
HcmV?d00001

diff --git a/docs/proposals/authentication-filter.md b/docs/proposals/authentication-filter.md
index be1c679a19..6f1a1843b4 100644
--- a/docs/proposals/authentication-filter.md
+++ b/docs/proposals/authentication-filter.md
@@ -1,7 +1,7 @@
 # Enhancement Proposal-4052: Authentiation Filter
 
 - Issue: https://github.com/nginx/nginx-gateway-fabric/issues/4052
-- Status: Provisional
+- Status: Implementable
 
 ## Summary
 
@@ -22,3 +22,1074 @@ This new filter should eventually expose all forms of authentication available t
 - Design for OIDC Auth
 - An Auth filter for TCP and UDP routes
 - Design for integration with [ExternalAuth in the Gateway API](https://gateway-api.sigs.k8s.io/geps/gep-1494/)
+
+## Introduction
+
+This document focus expliclty on Authentiaction (AuthN) and not Authorization (AuthZ). Authentiaction (AuthN) defines the verification of identiy. It asks the question, "Who are you?". This is different from Authorization (AuthZ), which preceeds Authentication. It asks the question, "What are you allowed to do".
+
+This document also focus on HTTP Basic Authentication and JWT Authentication. Other authentication methods such as OpenID Connect (OIDC) are mentioned, but are not part of the CRD design. These will be covered in future design and implementation tasks.
+
+
+## Use Cases
+
+- As an Application Developer, I want to secure access to my APIs and Backend Applications.
+- As an Application Developer, I want to enforce authenticaiton on specific routes and matches.
+
+### Understanding NGINX authentication methods
+
+| **Authentication Method**     | **OSS**      | **Plus** | **NGINX Module**                | **Details**                                                        |
+|-------------------------------|--------------|----------------|----------------------------------|--------------------------------------------------------------------|
+| **HTTP Basic Authentication** | ✅           | ✅             | [ngx_http_auth_basic](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html) | Requires a username and password sent in an HTTP header.           |
+| **JWT (JSON Web Token)**     | ❌           | ✅             | [ngx_http_auth_jwt_module](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html) | Tokens are used for stateless authentication between client and server. |
+| **OpenID Connect**            | ❌           | ✅             | [ngx_http_oidc_module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html)| Allows authentication through third-party providers like Google.   |
+
+## API, Customer Driven Interfaces, and User Experience
+
+This portion of the proposal will cover API design and interaction experience for use of Basic Auth and JWT.
+This portioan also contains:
+1. The Golang API
+2. Example spec for Basic Auth
+    - Example HTTPRoutes and NINGX configuration
+3. Example spec for JWT Auth
+    - Example HTTPRoutes 
+    - Examples for Local & Remote JWKS configration
+    - Example NINGX configuration for both Local & Remote JWKS
+    - Example of additioanl optional fields
+
+### Golang API
+
+Below is the Golang API for the `AuthenticationFilter` API:
+
+```go
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +genclient
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:categories=nginx-gateway-fabric,shortName=authfilter;authenticationfilter
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
+
+// AuthenticationFilter configures request authentication (Basic or JWT) and is
+// referenced by HTTPRoute filters via ExtensionRef.
+type AuthenticationFilter struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec defines the desired state of the AuthenticationFilter.
+	Spec AuthenticationFilterSpec `json:"spec"`
+
+	// Status defines the state of the AuthenticationFilter, following the same
+	// pattern as SnippetsFilter: per-controller conditions with an Accepted condition.
+	//
+	// +optional
+	Status AuthenticationFilterStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// AuthenticationFilterList contains a list of AuthenticationFilter.
+type AuthenticationFilterList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []AuthenticationFilter `json:"items"`
+}
+
+// AuthenticationFilterSpec defines the desired configuration.
+// Exactly one of Basic or JWT must be set according to Type.
+type AuthenticationFilterSpec struct {
+	// Type selects the authentication mechanism.
+	//
+	// +kubebuilder:validation:Enum=Basic;JWT
+	Type AuthType `json:"type"`
+
+	// Basic configures HTTP Basic Authentication.
+	//
+	// +optional
+	Basic *BasicAuth `json:"basic,omitempty"`
+
+	// JWT configures JSON Web Token authentication (NGINX Plus).
+	//
+	// +optional
+	JWT *JWTAuth `json:"jwt,omitempty"`
+}
+
+// AuthType defines the authentication mechanism.
+type AuthType string
+
+const (
+	AuthTypeBasic AuthType = "Basic"
+	AuthTypeJWT   AuthType = "JWT"
+)
+
+// BasicAuth configures HTTP Basic Authentication.
+type BasicAuth struct {
+	// Secret is the name of the Secret containing htpasswd data.
+	// The Secret must be in the same namespace as this filter.
+	Secret string `json:"secret"`
+
+	// Key is the key within the Secret that contains the htpasswd data.
+	// Default: "htpasswd".
+	//
+	// +optional
+	Key *string `json:"key,omitempty"`
+
+	// Realm used by NGINX auth_basic; helps with logging and WWW-Authenticate.
+	//
+	// +optional
+	Realm *string `json:"realm,omitempty"`
+
+	// OnFailure customizes the 401 response for failed authentication.
+	//
+	// +optional
+	OnFailure *AuthFailureResponse `json:"onFailure,omitempty"`
+}
+
+ // JWTAuth configures JWT-based authentication (NGINX Plus).
+type JWTAuth struct {
+	// Realm used by NGINX auth_jwt; sets realm in the auth challenge.
+	//
+	// +optional
+	Realm *string `json:"realm,omitempty"`
+
+	// Mode selects how JWT keys are provided: local file or remote JWKS.
+	// Default: File.
+	//
+	// +optional
+	// +kubebuilder:validation:Enum=File;Remote
+	Mode JWTKeyMode `json:"mode,omitempty"`
+
+	// File specifies local JWKS configuration (Secret or ConfigMap, mount path, file name).
+	// Required when Mode == File. Exactly one of ConfigMapRef or SecretRef must be set.
+	//
+	// +optional
+	File *JWTFileKeySource `json:"file,omitempty"`
+
+	// Remote specifies remote JWKS configuration.
+	// Required when Mode == Remote.
+	//
+	// +optional
+	Remote *JWTRemoteKeySource `json:"remote,omitempty"`
+
+	// Leeway is the acceptable clock skew for exp/nbf checks (auth_jwt_leeway).
+	// Example: "60s".
+	//
+	// +optional
+	Leeway *string `json:"leeway,omitempty"`
+
+	// Type sets token type: signed | encrypted | nested (auth_jwt_type).
+	// Default: "signed".
+	//
+	// +optional
+	// +kubebuilder:validation:Enum=signed;encrypted;nested
+	Type *JWTTokenType `json:"type,omitempty"`
+
+	// KeyCache is the cache duration for keys (auth_jwt_key_cache).
+	// Example: "10m".
+	//
+	// +optional
+	KeyCache *string `json:"keyCache,omitempty"`
+
+	// OnFailure customizes the 401 response for failed authentication.
+	//
+	// +optional
+	OnFailure *AuthFailureResponse `json:"onFailure,omitempty"`
+
+	// Require defines claims that must match exactly (e.g., iss, aud).
+	// NGF will translate these into NGINX maps and auth_jwt_require directives.
+	//
+	// +optional
+	Require *JWTRequiredClaims `json:"require,omitempty"`
+
+	// TokenSource defines where the client presents the token.
+	// Defaults to Authorization header only.
+	//
+	// +optional
+	TokenSource *JWTTokenSource `json:"tokenSource,omitempty"`
+
+	// Propagation controls identity header propagation to upstream and header stripping.
+	//
+	// +optional
+	Propagation *JWTPropagation `json:"propagation,omitempty"`
+}
+
+// JWTKeyMode selects where JWT keys come from.
+type JWTKeyMode string
+
+const (
+	JWTKeyModeFile   JWTKeyMode = "File"
+	JWTKeyModeRemote JWTKeyMode = "Remote"
+)
+
+// JWTFileKeySource specifies local JWKS key configuration.
+type JWTFileKeySource struct {
+	// ConfigMapRef references a ConfigMap containing the JWKS.
+	// Exactly one of ConfigMapRef or SecretRef must be set.
+	//
+	// +optional
+	ConfigMapRef *LocalObjectReference `json:"configMapRef,omitempty"`
+
+	// SecretRef references a Secret containing the JWKS (with optional key).
+	// Exactly one of ConfigMapRef or SecretRef must be set.
+	//
+	// +optional
+	SecretRef *SecretKeyReference `json:"secretRef,omitempty"`
+
+	// MountPath is the path where NGF will mount the data into the NGINX container.
+	// Example: "/etc/nginx/keys".
+	MountPath string `json:"mountPath"`
+
+	// FileName is the file name of the JWKS within the mount path.
+	// Example: "jwks.json".
+	FileName string `json:"fileName"`
+
+	// KeyCache is the cache duration for keys (auth_jwt_key_cache).
+	// Example: "10m".
+	//
+	// +optional
+	KeyCache *string `json:"keyCache,omitempty"`
+}
+
+ // JWTRemoteKeySource specifies remote JWKS configuration.
+type JWTRemoteKeySource struct {
+	// URL is the JWKS endpoint, e.g. "https://issuer.example.com/.well-known/jwks.json".
+	URL string `json:"url"`
+
+	// Cache configures NGINX proxy_cache for JWKS fetches made via auth_jwt_key_request.
+	// When set, NGF will render proxy_cache_path in http{} and attach proxy_cache to the internal JWKS location.
+	//
+	// +optional
+	Cache *JWKSCache `json:"cache,omitempty"`
+}
+
+ // JWKSCache controls NGINX proxy_cache_path and proxy_cache settings used for JWKS responses.
+type JWKSCache struct {
+	// Path is the filesystem path for cached JWKS objects.
+	// Example: "/var/cache/nginx/jwks".
+	Path string `json:"path"`
+
+	// Levels specifies the directory hierarchy for cached files.
+	// Example: "1:2".
+	//
+	// +optional
+	Levels *string `json:"levels,omitempty"`
+
+	// KeysZoneName is the name of the cache keys zone.
+	// If omitted, the controller SHOULD derive a unique, stable name per filter instance.
+	//
+	// +optional
+	KeysZoneName *string `json:"keysZoneName,omitempty"`
+
+	// KeysZoneSize is the size of the cache keys zone (e.g., "10m").
+	// This is required to avoid unbounded allocations.
+	KeysZoneSize string `json:"keysZoneSize"`
+
+	// MaxSize limits the total size of the cache (e.g., "50m").
+	//
+	// +optional
+	MaxSize *string `json:"maxSize,omitempty"`
+
+	// Inactive defines the inactivity timeout before cached items are evicted (e.g., "10m").
+	//
+	// +optional
+	Inactive *string `json:"inactive,omitempty"`
+
+	// UseTempPath controls whether a temporary file is used for cache writes.
+	// Maps to use_temp_path=(on|off). Default: false (off).
+	//
+	// +optional
+	UseTempPath *bool `json:"useTempPath,omitempty"`
+}
+
+// JWTTokenType represents NGINX auth_jwt_type.
+type JWTTokenType string
+
+const (
+	JWTTokenTypeSigned    JWTTokenType = "signed"
+	JWTTokenTypeEncrypted JWTTokenType = "encrypted"
+	JWTTokenTypeNested    JWTTokenType = "nested"
+)
+
+// JWTRequiredClaims specifies exact-match requirements for claims.
+type JWTRequiredClaims struct {
+	// Issuer (iss) required exact value.
+	//
+	// +optional
+	Iss *string `json:"iss,omitempty"`
+
+	// Audience (aud) required exact value.
+	//
+	// +optional
+	Aud *string `json:"aud,omitempty"`
+}
+
+// JWTTokenSource specifies where tokens may be read from.
+type JWTTokenSource struct {
+	// Read token from Authorization header. Default: true.
+	//
+	// +optional
+	Header *bool `json:"header,omitempty"`
+
+	// Read token from a cookie. Default: false.
+	//
+	// +optional
+	Cookie *bool `json:"cookie,omitempty"`
+
+	// CookieName when Cookie is true. Example: "access_token".
+	//
+	// +optional
+	CookieName *string `json:"cookieName,omitempty"`
+
+	// Read token from query string. Default: false.
+	//
+	// +optional
+	Query *bool `json:"query,omitempty"`
+
+	// QueryParam when Query is true. Example: "access_token".
+	//
+	// +optional
+	QueryParam *string `json:"queryParam,omitempty"`
+}
+
+// JWTPropagation controls identity header propagation and header stripping.
+type JWTPropagation struct {
+	// AddIdentityHeaders defines headers to add on success with values
+	// typically derived from jwt_claim_* variables.
+	//
+	// +optional
+	AddIdentityHeaders []HeaderValue `json:"addIdentityHeaders,omitempty"`
+
+	// StripAuthorization removes the incoming Authorization header before proxying.
+	//
+	// +optional
+	StripAuthorization *bool `json:"stripAuthorization,omitempty"`
+}
+
+// HeaderValue defines a header name and a value (may reference NGINX variables).
+type HeaderValue struct {
+	Name      string `json:"name"`
+	ValueFrom string `json:"valueFrom"`
+}
+
+// AuthScheme enumerates supported WWW-Authenticate schemes.
+type AuthScheme string
+
+const (
+    AuthSchemeBasic  AuthScheme = "Basic"
+    AuthSchemeBearer AuthScheme = "Bearer"
+)
+
+// AuthFailureBodyPolicy controls the failure response body behavior.
+type AuthFailureBodyPolicy string
+
+const (
+    AuthFailureBodyPolicyUnauthorized AuthFailureBodyPolicy = "Unauthorized"
+    AuthFailureBodyPolicyForbidden AuthFailureBodyPolicy = "Forbidden"
+    AuthFailureBodyPolicyEmpty   AuthFailureBodyPolicy = "Empty"
+)
+
+// AuthFailureResponse customizes 401/403 failures.
+type AuthFailureResponse struct {
+    // Allowed: 401, 403. Default: 401.
+    //
+    // +optional
+    StatusCode *int32 `json:"statusCode,omitempty"`
+
+    // Challenge scheme. If omitted, inferred from filter Type (Basic|Bearer).
+    //
+    // +optional
+    // +kubebuilder:validation:Enum=Basic;Bearer
+    Scheme *AuthScheme `json:"scheme,omitempty"`
+
+    // Controls whether a default canned body is sent or an empty body.
+    // Default: Default.
+    //
+    // +optional
+    // +kubebuilder:validation:Enum=Unauthorized;Forbidden;Empty
+    BodyPolicy *AuthFailureBodyPolicy `json:"bodyPolicy,omitempty"`
+}
+
+// LocalObjectReference references a namespaced object in the same namespace.
+type LocalObjectReference struct {
+	Name string `json:"name"`
+}
+
+// SecretKeyReference references a Secret and an optional key.
+type SecretKeyReference struct {
+	Name string `json:"name"`
+	// Key within the Secret data. If omitted, controller defaults apply (e.g., "jwks.json").
+	//
+	// +optional
+	Key *string `json:"key,omitempty"`
+}
+
+// AuthenticationFilterStatus defines the state of AuthenticationFilter (similar to SnippetsFilter).
+type AuthenticationFilterStatus struct {
+	// Controllers is a list of Gateway API controllers that processed the AuthenticationFilter
+	// and the status of the AuthenticationFilter with respect to each controller.
+	//
+	// +kubebuilder:validation:MaxItems=16
+	Controllers []ControllerStatus `json:"controllers,omitempty"`
+}
+
+// AuthenticationFilterConditionType is a type of condition associated with AuthenticationFilter.
+type AuthenticationFilterConditionType string
+
+// AuthenticationFilterConditionReason is a reason for an AuthenticationFilter condition type.
+type AuthenticationFilterConditionReason string
+
+const (
+	// AuthenticationFilterConditionTypeAccepted indicates that the AuthenticationFilter is accepted.
+	//
+	// Possible reasons for this condition to be True:
+	// * Accepted
+	//
+	// Possible reasons for this condition to be False:
+	// * Invalid
+	AuthenticationFilterConditionTypeAccepted AuthenticationFilterConditionType = "Accepted"
+
+	// AuthenticationFilterConditionReasonAccepted is used with the Accepted condition type when
+	// the condition is true.
+	AuthenticationFilterConditionReasonAccepted AuthenticationFilterConditionReason = "Accepted"
+
+	// AuthenticationFilterConditionReasonInvalid is used with the Accepted condition type when
+	// the filter is invalid.
+	AuthenticationFilterConditionReasonInvalid AuthenticationFilterConditionReason = "Invalid"
+)
+```
+
+### Example spec for Basic Auth
+
+```yaml
+apiVersion: gateway.nginx.org/v1alpha1
+kind: AuthenticationFilter
+metadata:
+  name: basic-auth
+spec:
+  type: Basic
+  basic:
+    secret: basic-auth-users # Secret containing htpasswd data
+    key: htpasswd            # key within the Secret
+    realm: "Restricted"      # Optional. Helps with logging
+    onFailure:               # Optional. These setting may be defaults.
+      statusCode: 401
+      scheme: Basic
+```
+
+In the case of Basic Auth, the deployed Secret and HTTPRoute may look like this:
+
+#### Secret referenced by filter
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: basic-auth-users
+type: Opaque
+stringData:
+  htpasswd: |
+    admin:$apr1$ZxY12345$abcdefghijklmnopqrstuvwx/
+    user:$apr1$AbC98765$mnopqrstuvwxyzabcdefghiJKL/
+```
+
+#### HTTPRoute that will reference this filter
+
+```yaml
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: api-basic
+spec:
+  parentRefs:
+  - name: gateway
+  hostnames:
+  - api.example.com
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /v2
+    filters:
+    - type: ExtensionRef
+      extensionRef:
+        group: gateway.nginx.org
+        kind: AuthenticationFilter
+        name: basic-auth
+    backendRefs:
+    - name: backend
+      port: 80
+```
+
+#### Generated NGINX config
+
+```nginx
+http {
+    upstream backend_default {
+        server 10.0.0.10:80;
+        server 10.0.0.11:80;
+    }
+
+    server {
+        listen 80;
+        server_name api.example.com;
+
+        location /v2 {
+            # Injected by BasicAuthFilter "basic-auth"
+            auth_basic "Restricted";
+            auth_basic_user_file /etc/nginx/secrets/basic-auth-users/htpasswd;
+
+            # Optional: customize failure per filter onFailure
+            # Ensures a consistent body and explicit WWW-Authenticate header
+            error_page 401 = @basic_auth_failure;
+
+            # Optional: do not forward client Authorization header to upstream
+            proxy_set_header Authorization "";
+
+            # NGF standard proxy headers
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # Pass traffic to upstream
+            proxy_pass http://backend_default;
+        }
+
+        # Internal location for custom 401 response
+        location @basic_auth_failure {
+            add_header WWW-Authenticate 'Basic realm="Restricted"' always;
+            add_header Content-Type "text/plain; charset=utf-8" always;
+            add_header X-Content-Type-Options "nosniff" always;
+            add_header Cache-Control "no-store" always;
+            add_header Pragma "no-cache" always;
+            return 401 'Unauthorized';
+        }
+    }
+}
+```
+
+### Example spec for JWT Auth
+
+For JWT Auth, there is two options.
+1. Local JWKS file stored as as a Secret or as a ConfigMap
+2. Remote JWKS from an IdP provider like Keycloak
+
+#### Example JWT AuthenticationFilter with Local JWKS
+
+```yaml
+apiVersion: gateway.nginx.org/v1alpha1
+kind: AuthenticationFilter
+metadata:
+  name: jwt-auth
+spec:
+  type: JWT
+  jwt:
+    realm: "Restricted"
+    # Key verification mode: Local file or Remote JWKs
+    mode: File # Defaults to File.
+    file:
+      # In File mode, exactly one of configMapRef or secretRef must be defined.
+      configMapRef: 
+        name: jwt-keys 
+      secretRef:
+        name: jwt-keys-secure
+        key: jwks.json
+      mountPath: /etc/nginx/keys
+      fileName: jwks.json
+      keyCache: 10m  # Optional cache time for keys (auth_jwt_key_cache)
+    # Acceptable clock skew for exp/nbf
+    leeway: 60s # Configures auth_jwt_leeway
+    # Sets auth_jwt_type
+    type: signed # signed | encrypted | nested
+    onFailure:
+      statusCode: 403 # Set to 403 for example purposes. Defaults to 401.
+      scheme: Bearer
+```
+
+#### Example JWT AuthenticationFilter with Remote JWKs
+
+```yaml
+apiVersion: gateway.nginx.org/v1alpha1
+kind: AuthenticationFilter
+metadata:
+  name: jwt-auth
+spec:
+  type: JWT
+  jwt:
+    realm: "Restricted"
+    # Key verification mode: Local file or Remote JWKs
+    mode: Remote # Defaults to File.
+    remote:
+      url: https://issuer.example.com/.well-known/jwks.json
+    # Acceptable clock skew for exp/nbf
+    leeway: 60s # Configures auth_jwt_leeway
+    # Sets auth_jwt_type
+    type: signed # signed | encrypted | nested
+    # Optional cache duration for keys (auth_jwt_key_cache)
+    keyCache: 10m
+    onFailure:
+      statusCode: 403 # Set to 403 for example purposes. Defaults to 401.
+      scheme: Bearer
+```
+
+#### ConfigMap referenced by filter (if using configMapRef)
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: jwt-keys
+data:
+  jwks.json: ewogICJrZXlzIjogWwogICAgewogICAgICAia3R5IjogIlJTQSIsCiAgICAgICJ1c2UiOiAic2lnIiwKICAgICAgImtpZCI6ICJleGFtcGxlLWtleS1pZCIsCiAgICAgICJhbGciOiAiUlMyNTYiLAogICAgICAibiI6ICJiYXNlNjR1cmwtbW9kdWx1cyIsCiAgICAgICJlIjogIkFRQUIiCiAgICB9CiAgXQp9Cg==
+```
+
+#### Secret referenced by filter (if using secretRef)
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: jwt-keys-secure
+type: Opaque
+data:
+  jwks.json: ewogICJrZXlzIjogWwogICAgewogICAgICAia3R5IjogIlJTQSIsCiAgICAgICJ1c2UiOiAic2lnIiwKICAgICAgImtpZCI6ICJleGFtcGxlLWtleS1pZCIsCiAgICAgICJhbGciOiAiUlMyNTYiLAogICAgICAibiI6ICJiYXNlNjR1cmwtbW9kdWx1cyIsCiAgICAgICJlIjogIkFRQUIiCiAgICB9CiAgXQp9Cg==
+```
+
+Note: Secret data values must be base64-encoded and are decoded by the kubelet on mount, producing a valid jwks.json file. ConfigMap data values are plain text and should contain the raw JSON (not base64).
+
+#### HTTPRoute that will reference this filter
+
+```yaml
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: api-jwt
+spec:
+  parentRefs:
+  - name: gateway
+  hostnames:
+  - api.example.com
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /v2
+    filters:
+    - type: ExtensionRef
+      extensionRef:
+        group: gateway.nginx.org
+        kind: AuthenticationFilter
+        name: jwt-auth
+    backendRefs:
+    - name: backend
+      port: 80
+```
+
+#### Generated NGINX Config
+
+Below are `two` potential NGINX configurations based on the mode used.
+
+1. NGINX Config when using `Mode: Key` (i.e. locally referenced JWKS key)
+
+```nginx
+http {
+    upstream backend_default {
+        server 10.0.0.10:80;
+        server 10.0.0.11:80;
+    }
+
+    # Exact claim matching via maps for iss/aud
+    map $jwt_claim_iss $valid_jwt_iss {
+        "https://issuer.example.com" 1;
+        default 0;
+    }
+    map $jwt_claim_aud $valid_jwt_aud {
+        "api" 1;
+        default 0;
+    }
+
+    server {
+        listen 80;
+        server_name api.example.com;
+
+        location /v2 {
+            auth_jwt "Restricted";
+
+            # File-based JWKS
+            auth_jwt_key_file /etc/nginx/keys/jwks.json;
+
+            # Optional: key cache duration
+            auth_jwt_key_cache 10m;
+
+            # Leeway for exp/nbf
+            auth_jwt_leeway 60s;
+
+            # Token type
+            auth_jwt_type signed;
+
+            # Required claims (enforced via maps above)
+            auth_jwt_require $valid_jwt_iss;
+            auth_jwt_require $valid_jwt_aud;
+
+            # Identity headers to pass back on success
+            add_header X-User-Id        $jwt_claim_sub always;
+            add_header X-User-Email     $jwt_claim_email always;
+            add_header X-Auth-Mechanism "jwt" always;
+
+            # Optional: customize failure per filter onFailure
+            error_page 401 = @jwt_auth_failure;
+
+            # Optional: do not forward client Authorization header to upstream
+            proxy_set_header Authorization "";
+
+            # NGF standard proxy headers
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # Pass traffic to upstream
+            proxy_pass http://backend_default;
+        }
+
+        # Internal location for custom 401 response
+        location @jwt_auth_failure {
+            add_header WWW-Authenticate 'Bearer realm="Restricted", error="insufficient_scope"' always;
+            add_header Content-Type "text/plain; charset=utf-8" always;
+            add_header X-Content-Type-Options "nosniff" always;
+            add_header Cache-Control "no-store" always;
+            add_header Pragma "no-cache" always;
+            return 403 'Forbidden';
+        }
+    }
+}
+```
+
+2. NGINX Config when using `Mode: Remote`
+
+These are some directives the `Remote` mode uses over the `File` mode:
+ - `auth_jwt_key_request`: When using the `Remote` mode, this is used in place of `auth_jwt_key_file`. This will call the `internal` NGINX location `/jwks_uri` to redirect the request to the external auth provider (e.g. KeyCloak)
+ - `proxy_cache_path`: This is used to configuring caching of the JWKS after an initial request allowing subseuqnt requests to not request re-authenticaiton for a time
+
+```nginx
+http {
+    # Serve JWKS from cache after the first fetch
+    proxy_cache_path /var/cache/nginx/jwks levels=1:2 keys_zone=jwks_jwt_auth:10m max_size=50m inactive=10m use_temp_path=off;
+
+    upstream backend_default {
+        server 10.0.0.10:80;
+        server 10.0.0.11:80;
+    }
+
+    # Exact claim matching via maps for iss/aud
+    map $jwt_claim_iss $valid_jwt_iss {
+        "https://issuer.example.com" 1;
+        "https://issuer.example1.com" 1;
+        default 0;
+    }
+    map $jwt_claim_aud $valid_jwt_aud {
+        "api" 1;
+        "cli" 1;
+        default 0;
+    }
+
+    server {
+        listen 80;
+        server_name api.example.com;
+
+        location /v2 {
+            auth_jwt "Restricted";
+            # Remote JWKS
+            auth_jwt_key_request /jwks_uri;
+
+            # Optional: key cache duration
+            auth_jwt_key_cache 10m;
+
+            # Leeway for exp/nbf
+            auth_jwt_leeway 60s;
+
+            # Token type
+            auth_jwt_type signed;
+
+            # Required claims (enforced via maps above)
+            auth_jwt_require $valid_jwt_iss;
+            auth_jwt_require $valid_jwt_aud;
+
+            # Identity headers to pass back on success
+            add_header X-User-Id        $jwt_claim_sub always;
+            add_header X-User-Email     $jwt_claim_email always;
+            add_header X-Auth-Mechanism "jwt" always;
+
+            # Optional: customize failure per filter onFailure
+            error_page 401 = @jwt_auth_failure;
+
+            # Optional: do not forward client Authorization header to upstream
+            proxy_set_header Authorization "";
+
+            # NGF standard proxy headers
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # Pass traffic to upstream
+            proxy_pass http://backend_default;
+        }
+
+        # Internal endpoint to fetch JWKS from IdP
+        location = /jwks_uri {
+            internal;
+            # Enable caching of JWKS
+            proxy_cache jwks_jwt_auth;
+            proxy_pass  https://issuer.example.com/.well-known/jwks.json;
+        }
+
+        # Internal location for custom 401 response
+        location @jwt_auth_failure {
+            add_header WWW-Authenticate 'Bearer realm="Restricted", error="invalid_token"' always;
+            add_header Content-Type "text/plain; charset=utf-8" always;
+            add_header X-Content-Type-Options "nosniff" always;
+            add_header Cache-Control "no-store" always;
+            add_header Pragma "no-cache" always;
+            return 401 'Unauthorized';
+        }
+    }
+}
+```
+
+#### Additional Optional Fields
+
+`require`, `tokenSource` and `propagation` are some additioanl fields we may choose to include.
+
+```yaml
+apiVersion: gateway.nginx.org/v1alpha1
+kind: AuthenticationFilter
+metadata:
+  name: jwt-auth
+spec:
+  type: JWT
+  jwt:
+    realm: "Restricted"
+    keys:
+      mode: Remote
+      remote:
+        url: https://issuer.example.com/.well-known/jwks.json
+    
+    # Required claims (exact matching done via maps in NGINX; see config)
+    require:
+      iss:
+        - "https://issuer.example.com"
+        - "https://issuer2.example.com"
+      aud:
+        - "api"
+        - "cli"
+    
+    # Where client presents the token (defaults to Authorization header)
+    tokenSource:
+      header: true
+      cookie: false
+      cookieName: access_token
+      query: false
+      queryParam: access_token
+    
+    # Identity propagation to backend and header stripping
+    propagation:
+      addIdentityHeaders:
+        - name: X-User-Id
+          valueFrom: "$jwt_claim_sub"
+        - name: X-User-Email
+          valueFrom: "$jwt_claim_email"
+      stripAuthorization: true # Optionally remove client Authorization header
+```
+
+### Caching configuration
+
+Users may also choose to change the caching configuration set by `proxy_cache_path`.
+This can be made available in the `cache` configuration under `jwt.remote.cache`
+
+```yaml
+kind: AuthenticationFilter
+metadata:
+  name: jwt-auth
+spec:
+  type: JWT
+  jwt:
+    realm: "Restricted"
+    mode: Remote
+    remote:
+      url: https://issuer.example.com/.well-known/jwks.json
+      cache:
+        path: /var/cache/nginx/jwks # required when cache is set
+        levels: "1:2"               # optional; defaults to "1:2"
+        keysZoneName: jwks_jwtauth  # optional; controller can default to a derived name
+        keysZoneSize: 10m           # required; size for keys_zone
+        maxSize: 50m                # optional; limit total cache size
+        inactive: 10m               # optional; inactivity TTL before eviction
+        useTempPath: false          # optional; sets use_temp_path
+```
+
+### Attachment
+
+Filters must be attached to a HTTPRoute at the `rules.matces` level.
+This means that a single `AuthenticationFilter` may be attached mutliple times to a single HTTPRoute.
+
+#### Basic example
+
+This example shows a single HTTPRoute, with a single `filter` defined in a `rule`
+
+![reference-1](/docs/images/authentication-filter/reference-1.png)
+
+### Status
+
+#### Referencing multiple AuthenticationFilter resources in a single rule
+
+Only a single `AuthenticationFilter` may be referened in a single rule.
+
+The `Status` the HTTPRoute/GRPCRoute in this scenario should be set to `Invalid`, and the resource should be `Rejected`
+
+This behavour falls in line with the expected behaviour of filters in the Gateway API, which generally allows only one type of a specific filter (authentication, rewriting, etc.) within a rule.
+
+Below is an eample of an **invalid** HTTPRoute that references multiple `AuthenticationFilter` resources in a single rule
+
+```yaml
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: invalid-httproute
+spec:
+  parentRefs:
+  - name: gateway
+  hostnames:
+  - api.example.com
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /api
+    filters:
+    - type: ExtensionRef
+      extensionRef:
+        group: gateway.nginx.org
+        kind: AuthenticationFilter
+        name: basic-auth
+    - type: ExtensionRef
+      extensionRef:
+        group: gateway.nginx.org
+        kind: AuthenticationFilter
+        name: jwt-auth
+    backendRefs:
+    - name: backend
+      port: 80
+```
+
+## Testing
+
+- Unit tests
+- Functional tests to validate behavioural scenarios when referncing filters in different combinations. The details of these tests are out of scope for this document.
+
+## Security Considerations
+
+### Basic Auth and Local JWKS
+
+Basic Auth sends credentials in an Authorization header that is base64-encoded.
+JWT Auth requires users to provided a bearer token through the Authroization header.
+
+Both of these methods can be easily intercepted over HTTP.
+
+Users that attach an `AuthenticaitonFilter` to a HTTPRoute/GRPCRoute should be advised to enable HTTPS traffic at the Gateway level for the routes.
+
+Any exmaple configurations and deployments for the `AuthenticationFilter` should enable HTTPS at the Gateway level by default.
+
+The `mountPath` for local JWKS should be mounted to a fixed location (e.g., /etc/nginx/keys).
+The `fileName` for a local JWKS should be sanatized to a pattern of [A-Za-z0-9._-].
+
+### Remote JWKS
+
+Proxy cache TTL should be configurable and set to a resonable default, reducing periods of stale cached JWKs.
+
+### Key rotation
+
+Users sholud be advised to regularly rotate their JWKS keys in cases where they chose to reference a local JWKS via a `secrefRef` or `configMapRef`
+
+### Auth failure behaviour
+
+3xx response codes should not be allowed and AuthenticationFilter.onFailure must not support redirect targets. This is to prevent to prevent open-redirect abuse.
+
+401 and 403 should be the only allowable auth failure codes.
+
+### Auth failure default headers
+
+Below are a list of default defensive headers for authentication failure reponses.
+We may choose to include these headers by default for improved robustness in auth falure responses.
+
+```
+add_header Content-Type "text/plain; charset=utf-8" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header Cache-Control "no-store" always;
+add_header Pragma "no-cache" always;
+```
+
+Detailed header breakdown:
+
+- Content-Type: "text/plain; charset=utf-8"
+  - This header explicitly set the body as plan text. This prevents browsers from treating the response as HTML or JavaScript, and is effective at mitigating Cross-side scrpting (XSS) through error pages
+
+- X-Content-Type-Options: "nosniff"
+  - This header prevents content type confusion. This occurrs when browsers guesses HTML & JavaScript, and executes it despite a benign type.
+
+- Cache-Control: "no-store"
+  - This header informs browsers and proxies not to cache the response. Avoids sensitive, auth-related content, from being being stored and served later to unintended recipients.
+
+- Pragma: "no-cache"
+  - This header is commonly paired with `Cache-Control: "no-store"` for broad coverage. It acts as an additional signal for older intermediaries that do not honor Cache-Control.
+
+
+### Validation
+
+When referencing an `AuthenticationFilter` in either a HTTPRoute or GRPCRoute, it is important that we ensure all configurable fields are validated, and that the resulting NGINX configuration is correct and secure
+
+All fields in the `AuthenticationFilter` will be validated with Open API Schema.
+We should also include [CEL](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-rules) validation where required.
+
+We should validated that only one `AuthenticationFilter` is referenced per-rule. Multiple references to an `AuthenticationFilter` in a single rule should result in an `Invalid` HTTPRoute/GRPCRoute, and the resource should be `Rejected`.
+
+an `AuthenticationFilter` that sets a `onFailure.statusCode` to anything other than `401` or `403` should be rejected. This relates to the "Auth failure behaviour" section in the Security Condierations section.
+
+## Alternatives
+
+The Gateway API defines a means to standardise authentication through use of the [HTTPExternalAuthFilter](https://gateway-api.sigs.k8s.io/reference/spec/#httpexternalauthfilter) available in the HTTPRoute specification.
+
+This allows users to reference an external authentication services, such as Keycloak, to handle the authentication requests.
+While this API is available in the experimental channel, it is subject to change.
+
+Our decision to go forward with our own `AuthenticationFilter` was to ensure we could quckly provide authenticaiton to our users while allowing us to closley monitor progress of the ExternalAuthFilter.
+
+It is certainly possible for us to provide an External Authentication Services that leverages NGINX and is something we can further investigate as the API progresses.
+
+## Additional considerations
+
+### Documenting filter behavour
+
+In regards to documentation of filter behavour with the `AuthenticationFilter`, the Gateway API documentation on filters states the following:
+
+```
+Wherever possible, implementations SHOULD implement filters in the order they are specified.
+
+Implementations MAY choose to implement this ordering strictly, rejecting
+any combination or order of filters that cannot be supported. 
+If implementations choose a strict interpretation of filter ordering, they MUST clearly
+document that behavior.
+```
+
+## References
+
+ - [Gateway API ExternalAuthFilter GEP]((https://gateway-api.sigs.k8s.io/geps/gep-1494/))
+ - [HTTPExternalAuthFilter Specification](https://gateway-api.sigs.k8s.io/reference/spec/#httpexternalauthfilter)
+ - [Kubernetes documentation on CEL validaton](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-rules)
+ - [NGINX HTTP Basic Auth Module](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html)
+ - [NGINX JWT Auth Module](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html)
+ - [NGINX OIDC Module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html)

From 9047c3ebb39d0c78f4af619f55781aea7e787d25 Mon Sep 17 00:00:00 2001
From: shaun-nx <s.odonovan@f5.com>
Date: Thu, 6 Nov 2025 18:19:28 +0000
Subject: [PATCH 02/12] Update auth header code block

---
 docs/proposals/authentication-filter.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/proposals/authentication-filter.md b/docs/proposals/authentication-filter.md
index 6f1a1843b4..fa2e2ea112 100644
--- a/docs/proposals/authentication-filter.md
+++ b/docs/proposals/authentication-filter.md
@@ -1026,7 +1026,7 @@ Users sholud be advised to regularly rotate their JWKS keys in cases where they
 Below are a list of default defensive headers for authentication failure reponses.
 We may choose to include these headers by default for improved robustness in auth falure responses.
 
-```
+```nginx
 add_header Content-Type "text/plain; charset=utf-8" always;
 add_header X-Content-Type-Options "nosniff" always;
 add_header Cache-Control "no-store" always;

From c937366f1475a35a3013f06de8a576bda690479d Mon Sep 17 00:00:00 2001
From: shaun-nx <s.odonovan@f5.com>
Date: Thu, 6 Nov 2025 18:34:01 +0000
Subject: [PATCH 03/12] Fix pre-commit and lint errors

---
 docs/proposals/authentication-filter.md | 37 +++++++++++++------------
 1 file changed, 20 insertions(+), 17 deletions(-)

diff --git a/docs/proposals/authentication-filter.md b/docs/proposals/authentication-filter.md
index fa2e2ea112..4deaaa2081 100644
--- a/docs/proposals/authentication-filter.md
+++ b/docs/proposals/authentication-filter.md
@@ -47,11 +47,12 @@ This document also focus on HTTP Basic Authentication and JWT Authentication. Ot
 
 This portion of the proposal will cover API design and interaction experience for use of Basic Auth and JWT.
 This portioan also contains:
+
 1. The Golang API
 2. Example spec for Basic Auth
     - Example HTTPRoutes and NINGX configuration
 3. Example spec for JWT Auth
-    - Example HTTPRoutes 
+    - Example HTTPRoutes
     - Examples for Local & Remote JWKS configration
     - Example NINGX configuration for both Local & Remote JWKS
     - Example of additioanl optional fields
@@ -575,6 +576,7 @@ http {
 ### Example spec for JWT Auth
 
 For JWT Auth, there is two options.
+
 1. Local JWKS file stored as as a Secret or as a ConfigMap
 2. Remote JWKS from an IdP provider like Keycloak
 
@@ -593,8 +595,8 @@ spec:
     mode: File # Defaults to File.
     file:
       # In File mode, exactly one of configMapRef or secretRef must be defined.
-      configMapRef: 
-        name: jwt-keys 
+      configMapRef:
+        name: jwt-keys
       secretRef:
         name: jwt-keys-secure
         key: jwks.json
@@ -769,11 +771,12 @@ http {
 }
 ```
 
-2. NGINX Config when using `Mode: Remote`
+1. NGINX Config when using `Mode: Remote`
 
 These are some directives the `Remote` mode uses over the `File` mode:
- - `auth_jwt_key_request`: When using the `Remote` mode, this is used in place of `auth_jwt_key_file`. This will call the `internal` NGINX location `/jwks_uri` to redirect the request to the external auth provider (e.g. KeyCloak)
- - `proxy_cache_path`: This is used to configuring caching of the JWKS after an initial request allowing subseuqnt requests to not request re-authenticaiton for a time
+
+- `auth_jwt_key_request`: When using the `Remote` mode, this is used in place of `auth_jwt_key_file`. This will call the `internal` NGINX location `/jwks_uri` to redirect the request to the external auth provider (e.g. KeyCloak)
+- `proxy_cache_path`: This is used to configuring caching of the JWKS after an initial request allowing subseuqnt requests to not request re-authenticaiton for a time
 
 ```nginx
 http {
@@ -878,7 +881,7 @@ spec:
       mode: Remote
       remote:
         url: https://issuer.example.com/.well-known/jwks.json
-    
+
     # Required claims (exact matching done via maps in NGINX; see config)
     require:
       iss:
@@ -887,7 +890,7 @@ spec:
       aud:
         - "api"
         - "cli"
-    
+
     # Where client presents the token (defaults to Authorization header)
     tokenSource:
       header: true
@@ -895,7 +898,7 @@ spec:
       cookieName: access_token
       query: false
       queryParam: access_token
-    
+
     # Identity propagation to backend and header stripping
     propagation:
       addIdentityHeaders:
@@ -1076,20 +1079,20 @@ It is certainly possible for us to provide an External Authentication Services t
 
 In regards to documentation of filter behavour with the `AuthenticationFilter`, the Gateway API documentation on filters states the following:
 
-```
+```text
 Wherever possible, implementations SHOULD implement filters in the order they are specified.
 
 Implementations MAY choose to implement this ordering strictly, rejecting
-any combination or order of filters that cannot be supported. 
+any combination or order of filters that cannot be supported.
 If implementations choose a strict interpretation of filter ordering, they MUST clearly
 document that behavior.
 ```
 
 ## References
 
- - [Gateway API ExternalAuthFilter GEP]((https://gateway-api.sigs.k8s.io/geps/gep-1494/))
- - [HTTPExternalAuthFilter Specification](https://gateway-api.sigs.k8s.io/reference/spec/#httpexternalauthfilter)
- - [Kubernetes documentation on CEL validaton](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-rules)
- - [NGINX HTTP Basic Auth Module](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html)
- - [NGINX JWT Auth Module](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html)
- - [NGINX OIDC Module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html)
+- [Gateway API ExternalAuthFilter GEP]((https://gateway-api.sigs.k8s.io/geps/gep-1494/))
+- [HTTPExternalAuthFilter Specification](https://gateway-api.sigs.k8s.io/reference/spec/#httpexternalauthfilter)
+- [Kubernetes documentation on CEL validaton](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-rules)
+- [NGINX HTTP Basic Auth Module](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html)
+- [NGINX JWT Auth Module](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html)
+- [NGINX OIDC Module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html)

From 1b8bac29656981de388f5a487aefdf7de760c243 Mon Sep 17 00:00:00 2001
From: shaun-nx <s.odonovan@f5.com>
Date: Fri, 7 Nov 2025 09:08:57 +0000
Subject: [PATCH 04/12] Update Golang API with defaults and CEL validation with
 kubebuilder

---
 docs/proposals/authentication-filter.md | 39 +++++++++++++++++++------
 1 file changed, 30 insertions(+), 9 deletions(-)

diff --git a/docs/proposals/authentication-filter.md b/docs/proposals/authentication-filter.md
index 4deaaa2081..a9c1d4629f 100644
--- a/docs/proposals/authentication-filter.md
+++ b/docs/proposals/authentication-filter.md
@@ -66,6 +66,7 @@ package v1alpha1
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+  "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1"
 )
 
 // +genclient
@@ -102,6 +103,12 @@ type AuthenticationFilterList struct {
 
 // AuthenticationFilterSpec defines the desired configuration.
 // Exactly one of Basic or JWT must be set according to Type.
+// +kubebuilder:validation:XValidation:message="for type=Basic, spec.basic must be set and spec.jwt must be empty; for type=JWT, spec.jwt must be set and spec.basic must be empty",rule="self.type == 'Basic' ? self.basic != null && self.jwt == null : self.type == 'JWT' ? self.jwt != null && self.basic == null : false"
+
+// +kubebuilder:validation:XValidation:message="type 'Basic' requires spec.basic to be set. All other spec types must be unset",rule="self.type == 'Basic' ? self.type != null && self.jwt == null : true"
+// +kubebuilder:validation:XValidation:message="type 'JWT' requires spec.jwt to be set. All other spec types must be unset",rule="self.type == 'JWT' ? self.type != null && self.basic == null : true"
+// +kubebuilder:validation:XValidation:message="when spec.basic is set, type must be 'Basic'",rule="self.basic != null ? self.type == 'Basic' : true"
+// +kubebuilder:validation:XValidation:message="when spec.jwt is set, type must be 'JWT'",rule="self.jwt != null ? self.type == 'JWT' : true" 
 type AuthenticationFilterSpec struct {
 	// Type selects the authentication mechanism.
 	//
@@ -134,7 +141,6 @@ type BasicAuth struct {
 	Secret string `json:"secret"`
 
 	// Key is the key within the Secret that contains the htpasswd data.
-	// Default: "htpasswd".
 	//
 	// +optional
 	Key *string `json:"key,omitempty"`
@@ -150,7 +156,11 @@ type BasicAuth struct {
 	OnFailure *AuthFailureResponse `json:"onFailure,omitempty"`
 }
 
- // JWTAuth configures JWT-based authentication (NGINX Plus).
+// JWTAuth configures JWT-based authentication (NGINX Plus).
+// +kubebuilder:validation:XValidation:message="mode 'File' requires file set and remote unset",rule="self.mode == 'File' ? self.file != null && self.remote == null : true"
+// +kubebuilder:validation:XValidation:message="mode 'Remote' requires remote set and file unset",rule="self.mode == 'Remote' ? self.remote != null && self.file == null : true"
+// +kubebuilder:validation:XValidation:message="when file is set, mode must be 'File'",rule="self.file != null ? self.mode == 'File' : true"
+// +kubebuilder:validation:XValidation:message="when remote is set, mode must be 'Remote'",rule="self.remote != null ? self.mode == 'Remote' : true" 
 type JWTAuth struct {
 	// Realm used by NGINX auth_jwt; sets realm in the auth challenge.
 	//
@@ -162,6 +172,8 @@ type JWTAuth struct {
 	//
 	// +optional
 	// +kubebuilder:validation:Enum=File;Remote
+  // +kubebuilder:default=File
+  // +kubebuilder:validation:XValidation:message="mode must be one of [File, Remote]",rule="self in ['File','Remote']"
 	Mode JWTKeyMode `json:"mode,omitempty"`
 
 	// File specifies local JWKS configuration (Secret or ConfigMap, mount path, file name).
@@ -180,7 +192,8 @@ type JWTAuth struct {
 	// Example: "60s".
 	//
 	// +optional
-	Leeway *string `json:"leeway,omitempty"`
+  // +kubebuilder:default=60s
+	Leeway *v1alpha1.Duration `json:"leeway,omitempty"`
 
 	// Type sets token type: signed | encrypted | nested (auth_jwt_type).
 	// Default: "signed".
@@ -333,26 +346,31 @@ type JWTTokenSource struct {
 	// Read token from Authorization header. Default: true.
 	//
 	// +optional
+  // +kubebuilder:default=true
 	Header *bool `json:"header,omitempty"`
 
 	// Read token from a cookie. Default: false.
 	//
 	// +optional
+  // +kubebuilder:default=false
 	Cookie *bool `json:"cookie,omitempty"`
 
 	// CookieName when Cookie is true. Example: "access_token".
 	//
 	// +optional
+  // +kubebuilder:default=access_token
 	CookieName *string `json:"cookieName,omitempty"`
 
 	// Read token from query string. Default: false.
 	//
 	// +optional
+  // +kubebuilder:default=false
 	Query *bool `json:"query,omitempty"`
 
 	// QueryParam when Query is true. Example: "access_token".
 	//
 	// +optional
+  // +kubebuilder:default=access_token
 	QueryParam *string `json:"queryParam,omitempty"`
 }
 
@@ -395,9 +413,12 @@ const (
 
 // AuthFailureResponse customizes 401/403 failures.
 type AuthFailureResponse struct {
-    // Allowed: 401, 403. Default: 401.
+    // Allowed: 401, 403.
+    // Default: 401.
     //
     // +optional
+    // +kubebuilder:default=401
+    // +kubebuilder:validation:XValidation:message="statusCode must be 401 or 403",rule="self == null || self in [401, 403]"
     StatusCode *int32 `json:"statusCode,omitempty"`
 
     // Challenge scheme. If omitted, inferred from filter Type (Basic|Bearer).
@@ -407,10 +428,11 @@ type AuthFailureResponse struct {
     Scheme *AuthScheme `json:"scheme,omitempty"`
 
     // Controls whether a default canned body is sent or an empty body.
-    // Default: Default.
+    // Default: Unauthorized.
     //
     // +optional
     // +kubebuilder:validation:Enum=Unauthorized;Forbidden;Empty
+    // +kubebuilder:default=Unauthorized
     BodyPolicy *AuthFailureBodyPolicy `json:"bodyPolicy,omitempty"`
 }
 
@@ -422,13 +444,12 @@ type LocalObjectReference struct {
 // SecretKeyReference references a Secret and an optional key.
 type SecretKeyReference struct {
 	Name string `json:"name"`
+
 	// Key within the Secret data. If omitted, controller defaults apply (e.g., "jwks.json").
-	//
-	// +optional
-	Key *string `json:"key,omitempty"`
+	Key string `json:"key,omitempty"`
 }
 
-// AuthenticationFilterStatus defines the state of AuthenticationFilter (similar to SnippetsFilter).
+// AuthenticationFilterStatus defines the state of AuthenticationFilter.
 type AuthenticationFilterStatus struct {
 	// Controllers is a list of Gateway API controllers that processed the AuthenticationFilter
 	// and the status of the AuthenticationFilter with respect to each controller.

From 2f143e9a6cfd2426a123f68ca2dc7371f248635d Mon Sep 17 00:00:00 2001
From: shaun-nx <s.odonovan@f5.com>
Date: Fri, 7 Nov 2025 09:13:30 +0000
Subject: [PATCH 05/12] Add additional defaults and CEL validations

---
 docs/proposals/authentication-filter.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/proposals/authentication-filter.md b/docs/proposals/authentication-filter.md
index a9c1d4629f..afa36f6418 100644
--- a/docs/proposals/authentication-filter.md
+++ b/docs/proposals/authentication-filter.md
@@ -200,6 +200,7 @@ type JWTAuth struct {
 	//
 	// +optional
 	// +kubebuilder:validation:Enum=signed;encrypted;nested
+  // +kubebuilder:default=signed
 	Type *JWTTokenType `json:"type,omitempty"`
 
 	// KeyCache is the cache duration for keys (auth_jwt_key_cache).
@@ -240,6 +241,7 @@ const (
 )
 
 // JWTFileKeySource specifies local JWKS key configuration.
+// +kubebuilder:validation:XValidation:message="exactly one of configMapRef or secretRef must be set",rule="(self.configMapRef == null) != (self.secretRef == null)"
 type JWTFileKeySource struct {
 	// ConfigMapRef references a ConfigMap containing the JWKS.
 	// Exactly one of ConfigMapRef or SecretRef must be set.

From 47ff38be01895d3c049c553b1977afdd3aab2995 Mon Sep 17 00:00:00 2001
From: shaun-nx <s.odonovan@f5.com>
Date: Fri, 7 Nov 2025 13:25:02 +0000
Subject: [PATCH 06/12] Fix typos

---
 docs/proposals/authentication-filter.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/proposals/authentication-filter.md b/docs/proposals/authentication-filter.md
index afa36f6418..8b82826fde 100644
--- a/docs/proposals/authentication-filter.md
+++ b/docs/proposals/authentication-filter.md
@@ -25,7 +25,7 @@ This new filter should eventually expose all forms of authentication available t
 
 ## Introduction
 
-This document focus expliclty on Authentiaction (AuthN) and not Authorization (AuthZ). Authentiaction (AuthN) defines the verification of identiy. It asks the question, "Who are you?". This is different from Authorization (AuthZ), which preceeds Authentication. It asks the question, "What are you allowed to do".
+This document focuses expliclty on Authentication (AuthN) and not Authorization (AuthZ). Authentication (AuthN) defines the verification of identiy. It asks the question, "Who are you?". This is different from Authorization (AuthZ), which preceeds Authentication. It asks the question, "What are you allowed to do".
 
 This document also focus on HTTP Basic Authentication and JWT Authentication. Other authentication methods such as OpenID Connect (OIDC) are mentioned, but are not part of the CRD design. These will be covered in future design and implementation tasks.
 

From 40b8224f9358e3f3c9f2ca6e433a89ee8b75344e Mon Sep 17 00:00:00 2001
From: shaun-nx <s.odonovan@f5.com>
Date: Fri, 7 Nov 2025 13:51:23 +0000
Subject: [PATCH 07/12] Update comments in GolangAPI to decribe relative NGINX
 directives

---
 docs/proposals/authentication-filter.md | 66 +++++++++++++++++--------
 1 file changed, 46 insertions(+), 20 deletions(-)

diff --git a/docs/proposals/authentication-filter.md b/docs/proposals/authentication-filter.md
index 8b82826fde..2a541a37cc 100644
--- a/docs/proposals/authentication-filter.md
+++ b/docs/proposals/authentication-filter.md
@@ -141,11 +141,10 @@ type BasicAuth struct {
 	Secret string `json:"secret"`
 
 	// Key is the key within the Secret that contains the htpasswd data.
-	//
-	// +optional
-	Key *string `json:"key,omitempty"`
+	Key string `json:"key,omitempty"`
 
-	// Realm used by NGINX auth_basic; helps with logging and WWW-Authenticate.
+	// Realm used by NGINX `auth_basic`.
+  // Configures "realm="<realm_value>" in WWW-Authenticate header in error page location.
 	//
 	// +optional
 	Realm *string `json:"realm,omitempty"`
@@ -162,17 +161,19 @@ type BasicAuth struct {
 // +kubebuilder:validation:XValidation:message="when file is set, mode must be 'File'",rule="self.file != null ? self.mode == 'File' : true"
 // +kubebuilder:validation:XValidation:message="when remote is set, mode must be 'Remote'",rule="self.remote != null ? self.mode == 'Remote' : true" 
 type JWTAuth struct {
-	// Realm used by NGINX auth_jwt; sets realm in the auth challenge.
+	// Realm used by NGINX `auth_jwt` directive.
+  // Configures "realm="<realm_value>" in WWW-Authenticate header in error page location.
 	//
 	// +optional
+  // +kubebuilder:default="Restricted"
 	Realm *string `json:"realm,omitempty"`
 
 	// Mode selects how JWT keys are provided: local file or remote JWKS.
 	// Default: File.
 	//
 	// +optional
-	// +kubebuilder:validation:Enum=File;Remote
   // +kubebuilder:default=File
+	// +kubebuilder:validation:Enum=File;Remote
   // +kubebuilder:validation:XValidation:message="mode must be one of [File, Remote]",rule="self in ['File','Remote']"
 	Mode JWTKeyMode `json:"mode,omitempty"`
 
@@ -188,23 +189,27 @@ type JWTAuth struct {
 	// +optional
 	Remote *JWTRemoteKeySource `json:"remote,omitempty"`
 
-	// Leeway is the acceptable clock skew for exp/nbf checks (auth_jwt_leeway).
-	// Example: "60s".
+	// Leeway is the acceptable clock skew for exp/nbf checks.
+  // Configures `auth_jwt_leeway` directive.
+	// Example: "auth_jwt_leeway 60s".
 	//
 	// +optional
   // +kubebuilder:default=60s
 	Leeway *v1alpha1.Duration `json:"leeway,omitempty"`
 
-	// Type sets token type: signed | encrypted | nested (auth_jwt_type).
-	// Default: "signed".
+	// Type sets token type: signed | encrypted | nested.
+	// Default: signed.
+  // Configures `auth_jwt_type` directive.
+  // Example: "auth_jwt_type signed;".
 	//
 	// +optional
-	// +kubebuilder:validation:Enum=signed;encrypted;nested
   // +kubebuilder:default=signed
+	// +kubebuilder:validation:Enum=signed;encrypted;nested
 	Type *JWTTokenType `json:"type,omitempty"`
 
-	// KeyCache is the cache duration for keys (auth_jwt_key_cache).
-	// Example: "10m".
+	// KeyCache is the cache duration for keys.
+  // Configures auth_jwt_key_cache directive.
+	// Example: "auth_jwt_key_cache 10m".
 	//
 	// +optional
 	KeyCache *string `json:"keyCache,omitempty"`
@@ -214,8 +219,23 @@ type JWTAuth struct {
 	// +optional
 	OnFailure *AuthFailureResponse `json:"onFailure,omitempty"`
 
-	// Require defines claims that must match exactly (e.g., iss, aud).
-	// NGF will translate these into NGINX maps and auth_jwt_require directives.
+	// Require defines claims that must match exactly (e.g. iss, aud).
+	// These translate into NGINX maps and auth_jwt_require directives.
+  // Example directives and maps:
+  //
+  //  auth_jwt_require $valid_jwt_iss;
+  //  auth_jwt_require $valid_jwt_aud;
+  //
+  //  map $jwt_claim_iss $valid_jwt_iss {
+  //      "https://issuer.example.com" 1;
+  //      "https://issuer.example1.com" 1;
+  //      default 0;
+  //  }
+  //  map $jwt_claim_aud $valid_jwt_aud {
+  //      "api" 1;
+  //      "cli" 1;
+  //      default 0;
+  //  }
 	//
 	// +optional
 	Require *JWTRequiredClaims `json:"require,omitempty"`
@@ -256,15 +276,18 @@ type JWTFileKeySource struct {
 	SecretRef *SecretKeyReference `json:"secretRef,omitempty"`
 
 	// MountPath is the path where NGF will mount the data into the NGINX container.
+  // Used in `auth_jwt_key_file` directive.
 	// Example: "/etc/nginx/keys".
 	MountPath string `json:"mountPath"`
 
 	// FileName is the file name of the JWKS within the mount path.
+  // Used in `auth_jwt_key_file` directive.
 	// Example: "jwks.json".
 	FileName string `json:"fileName"`
 
-	// KeyCache is the cache duration for keys (auth_jwt_key_cache).
-	// Example: "10m".
+	// KeyCache is the cache duration for keys.
+  // Configures `auth_jwt_key_cache` directive
+	// Example: "auth_jwt_key_cache 10m;".
 	//
 	// +optional
 	KeyCache *string `json:"keyCache,omitempty"`
@@ -282,14 +305,15 @@ type JWTRemoteKeySource struct {
 	Cache *JWKSCache `json:"cache,omitempty"`
 }
 
- // JWKSCache controls NGINX proxy_cache_path and proxy_cache settings used for JWKS responses.
+ // JWKSCache controls NGINX `proxy_cache_path` and `proxy_cache` settings used for JWKS responses.
 type JWKSCache struct {
 	// Path is the filesystem path for cached JWKS objects.
 	// Example: "/var/cache/nginx/jwks".
 	Path string `json:"path"`
 
 	// Levels specifies the directory hierarchy for cached files.
-	// Example: "1:2".
+  // Used in `proxy_cache_path` directive.
+	// Example: "levels=1:2".
 	//
 	// +optional
 	Levels *string `json:"levels,omitempty"`
@@ -424,8 +448,10 @@ type AuthFailureResponse struct {
     StatusCode *int32 `json:"statusCode,omitempty"`
 
     // Challenge scheme. If omitted, inferred from filter Type (Basic|Bearer).
+    // Configures WWW-Authenticate header in error page location.
     //
     // +optional
+    // +kubebuilder:default=Basic
     // +kubebuilder:validation:Enum=Basic;Bearer
     Scheme *AuthScheme `json:"scheme,omitempty"`
 
@@ -433,8 +459,8 @@ type AuthFailureResponse struct {
     // Default: Unauthorized.
     //
     // +optional
-    // +kubebuilder:validation:Enum=Unauthorized;Forbidden;Empty
     // +kubebuilder:default=Unauthorized
+    // +kubebuilder:validation:Enum=Unauthorized;Forbidden;Empty
     BodyPolicy *AuthFailureBodyPolicy `json:"bodyPolicy,omitempty"`
 }
 

From 24966b894c2feadefc622170587c6ced309b2e69 Mon Sep 17 00:00:00 2001
From: shaun-nx <s.odonovan@f5.com>
Date: Fri, 7 Nov 2025 14:06:58 +0000
Subject: [PATCH 08/12] Update API and Security Considerations for
 ReferenceGrant integration

---
 docs/proposals/authentication-filter.md | 125 ++++++++++++++++++++++--
 1 file changed, 116 insertions(+), 9 deletions(-)

diff --git a/docs/proposals/authentication-filter.md b/docs/proposals/authentication-filter.md
index 2a541a37cc..93dcf2e013 100644
--- a/docs/proposals/authentication-filter.md
+++ b/docs/proposals/authentication-filter.md
@@ -143,6 +143,12 @@ type BasicAuth struct {
 	// Key is the key within the Secret that contains the htpasswd data.
 	Key string `json:"key,omitempty"`
 
+	// SecretRef allows referencing a Secret in the same or another namespace.
+	// When namespace is set and differs from the filter's namespace, a ReferenceGrant in the target namespace is required.
+	//
+	// +optional
+	SecretRef *NamespacedSecretKeyReference `json:"secretRef,omitempty"`
+
 	// Realm used by NGINX `auth_basic`.
   // Configures "realm="<realm_value>" in WWW-Authenticate header in error page location.
 	//
@@ -267,13 +273,13 @@ type JWTFileKeySource struct {
 	// Exactly one of ConfigMapRef or SecretRef must be set.
 	//
 	// +optional
-	ConfigMapRef *LocalObjectReference `json:"configMapRef,omitempty"`
+	ConfigMapRef *NamespacedObjectReference `json:"configMapRef,omitempty"`
 
 	// SecretRef references a Secret containing the JWKS (with optional key).
 	// Exactly one of ConfigMapRef or SecretRef must be set.
 	//
 	// +optional
-	SecretRef *SecretKeyReference `json:"secretRef,omitempty"`
+	SecretRef *NamespacedSecretKeyReference `json:"secretRef,omitempty"`
 
 	// MountPath is the path where NGF will mount the data into the NGINX container.
   // Used in `auth_jwt_key_file` directive.
@@ -324,16 +330,16 @@ type JWKSCache struct {
 	// +optional
 	KeysZoneName *string `json:"keysZoneName,omitempty"`
 
-	// KeysZoneSize is the size of the cache keys zone (e.g., "10m").
+	// KeysZoneSize is the size of the cache keys zone (e.g. "10m").
 	// This is required to avoid unbounded allocations.
 	KeysZoneSize string `json:"keysZoneSize"`
 
-	// MaxSize limits the total size of the cache (e.g., "50m").
+	// MaxSize limits the total size of the cache (e.g. "50m").
 	//
 	// +optional
 	MaxSize *string `json:"maxSize,omitempty"`
 
-	// Inactive defines the inactivity timeout before cached items are evicted (e.g., "10m").
+	// Inactive defines the inactivity timeout before cached items are evicted (e.g. "10m").
 	//
 	// +optional
 	Inactive *string `json:"inactive,omitempty"`
@@ -469,14 +475,32 @@ type LocalObjectReference struct {
 	Name string `json:"name"`
 }
 
-// SecretKeyReference references a Secret and an optional key.
+	// SecretKeyReference references a Secret and an optional key.
 type SecretKeyReference struct {
 	Name string `json:"name"`
 
-	// Key within the Secret data. If omitted, controller defaults apply (e.g., "jwks.json").
+	// Key within the Secret data. If omitted, controller defaults apply (e.g. "jwks.json").
 	Key string `json:"key,omitempty"`
 }
 
+// NamespacedObjectReference references an object by name with an optional namespace.
+// If namespace is omitted, it defaults to the AuthenticationFilter's namespace.
+type NamespacedObjectReference struct {
+	// +optional
+	Namespace *string `json:"namespace,omitempty"`
+	Name      string  `json:"name"`
+}
+
+// NamespacedSecretKeyReference references a Secret and optional key, with an optional namespace.
+// If namespace differs from the filter's, a ReferenceGrant in the target namespace is required.
+type NamespacedSecretKeyReference struct {
+	// +optional
+	Namespace *string `json:"namespace,omitempty"`
+	Name      string  `json:"name"`
+	// +optional
+	Key       *string `json:"key,omitempty"`
+}
+
 // AuthenticationFilterStatus defines the state of AuthenticationFilter.
 type AuthenticationFilterStatus struct {
 	// Controllers is a list of Gateway API controllers that processed the AuthenticationFilter
@@ -1056,9 +1080,93 @@ Users that attach an `AuthenticaitonFilter` to a HTTPRoute/GRPCRoute should be a
 
 Any exmaple configurations and deployments for the `AuthenticationFilter` should enable HTTPS at the Gateway level by default.
 
-The `mountPath` for local JWKS should be mounted to a fixed location (e.g., /etc/nginx/keys).
+The `mountPath` for local JWKS should be mounted to a fixed location (e.g. /etc/nginx/keys).
 The `fileName` for a local JWKS should be sanatized to a pattern of [A-Za-z0-9._-].
 
+### Namespace isolataion and cross-namespace references
+Both Auth and Local JWKS should only have access to Secrets and ConfigMaps in the same namespace by default.
+
+Cross-namespace references are allowed only when authorized via a Gateway API ReferenceGrant in the target namespace.
+
+Controller behavior:
+- Same-namespace references are permitted without a grant.
+- For cross-namespace references, the controller MUST verify a ReferenceGrant exists in the target namespace:
+  - from: group=gateway.nginx.org, kind=AuthenticationFilter, namespace=<filter-namespace>
+  - to:   group="", kind=(Secret|ConfigMap), name=<target-name>
+- If no valid grant is found, the filter status should update the status to `Accepted=False` with `reason=RefNotPermitted` and a clear message. We should avoid rendering any NGINX configuration in this scenario.
+
+Example: Grant BasicAuth in app-ns to read a Secret in security-ns
+```yaml
+apiVersion: gateway.networking.k8s.io/v1
+kind: ReferenceGrant
+metadata:
+  name: allow-basic-auth-secret
+  namespace: security-ns # target namespace where the Secret lives
+spec:
+  from:
+  - group: gateway.nginx.org
+    kind: AuthenticationFilter
+    namespace: app-ns
+  to:
+  - group: ""   # core API group
+    kind: Secret
+    name: basic-auth-users
+```
+
+AuthenticationFilter referencing the cross-namespace Secret
+```yaml
+apiVersion: gateway.nginx.org/v1alpha1
+kind: AuthenticationFilter
+metadata:
+  name: basic-auth
+  namespace: app-ns
+spec:
+  type: Basic
+  basic:
+    secretRef:
+      namespace: security-ns
+      name: basic-auth-users
+      key: htpasswd
+    realm: "Restricted"
+```
+
+Example: Grant JWT file-based JWKS in keys-ns to filter in app-ns
+```yaml
+apiVersion: gateway.networking.k8s.io/v1
+kind: ReferenceGrant
+metadata:
+  name: allow-jwks-configmap
+  namespace: keys-ns
+spec:
+  from:
+  - group: gateway.nginx.org
+    kind: AuthenticationFilter
+    namespace: app-ns
+  to:
+  - group: ""    # core API group
+    kind: ConfigMap
+    name: jwt-keys
+```
+
+AuthenticationFilter referencing cross-namespace JWKS ConfigMap
+```yaml
+apiVersion: gateway.nginx.org/v1alpha1
+kind: AuthenticationFilter
+metadata:
+  name: jwt-auth
+  namespace: app-ns
+spec:
+  type: JWT
+  jwt:
+    mode: File
+    file:
+      configMapRef:
+        namespace: keys-ns
+        name: jwt-keys
+      mountPath: /etc/nginx/keys
+      fileName: jwks.json
+```
+
 ### Remote JWKS
 
 Proxy cache TTL should be configurable and set to a resonable default, reducing periods of stale cached JWKs.
@@ -1099,7 +1207,6 @@ Detailed header breakdown:
 - Pragma: "no-cache"
   - This header is commonly paired with `Cache-Control: "no-store"` for broad coverage. It acts as an additional signal for older intermediaries that do not honor Cache-Control.
 
-
 ### Validation
 
 When referencing an `AuthenticationFilter` in either a HTTPRoute or GRPCRoute, it is important that we ensure all configurable fields are validated, and that the resulting NGINX configuration is correct and secure

From da1b17e44c6e96c2e4a2c3897d3740796e5c7c9f Mon Sep 17 00:00:00 2001
From: shaun-nx <s.odonovan@f5.com>
Date: Fri, 7 Nov 2025 14:21:12 +0000
Subject: [PATCH 09/12] Fix pre-commit errors

---
 docs/proposals/authentication-filter.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/proposals/authentication-filter.md b/docs/proposals/authentication-filter.md
index 93dcf2e013..477ab412b1 100644
--- a/docs/proposals/authentication-filter.md
+++ b/docs/proposals/authentication-filter.md
@@ -108,7 +108,7 @@ type AuthenticationFilterList struct {
 // +kubebuilder:validation:XValidation:message="type 'Basic' requires spec.basic to be set. All other spec types must be unset",rule="self.type == 'Basic' ? self.type != null && self.jwt == null : true"
 // +kubebuilder:validation:XValidation:message="type 'JWT' requires spec.jwt to be set. All other spec types must be unset",rule="self.type == 'JWT' ? self.type != null && self.basic == null : true"
 // +kubebuilder:validation:XValidation:message="when spec.basic is set, type must be 'Basic'",rule="self.basic != null ? self.type == 'Basic' : true"
-// +kubebuilder:validation:XValidation:message="when spec.jwt is set, type must be 'JWT'",rule="self.jwt != null ? self.type == 'JWT' : true" 
+// +kubebuilder:validation:XValidation:message="when spec.jwt is set, type must be 'JWT'",rule="self.jwt != null ? self.type == 'JWT' : true"
 type AuthenticationFilterSpec struct {
 	// Type selects the authentication mechanism.
 	//
@@ -165,7 +165,7 @@ type BasicAuth struct {
 // +kubebuilder:validation:XValidation:message="mode 'File' requires file set and remote unset",rule="self.mode == 'File' ? self.file != null && self.remote == null : true"
 // +kubebuilder:validation:XValidation:message="mode 'Remote' requires remote set and file unset",rule="self.mode == 'Remote' ? self.remote != null && self.file == null : true"
 // +kubebuilder:validation:XValidation:message="when file is set, mode must be 'File'",rule="self.file != null ? self.mode == 'File' : true"
-// +kubebuilder:validation:XValidation:message="when remote is set, mode must be 'Remote'",rule="self.remote != null ? self.mode == 'Remote' : true" 
+// +kubebuilder:validation:XValidation:message="when remote is set, mode must be 'Remote'",rule="self.remote != null ? self.mode == 'Remote' : true"
 type JWTAuth struct {
 	// Realm used by NGINX `auth_jwt` directive.
   // Configures "realm="<realm_value>" in WWW-Authenticate header in error page location.

From 38dd8f728fb27076527421f20bb14efcf5c6c543 Mon Sep 17 00:00:00 2001
From: shaun-nx <s.odonovan@f5.com>
Date: Fri, 7 Nov 2025 15:38:17 +0000
Subject: [PATCH 10/12] Fix typos and grammer

---
 docs/proposals/authentication-filter.md | 32 ++++++++++---------------
 1 file changed, 13 insertions(+), 19 deletions(-)

diff --git a/docs/proposals/authentication-filter.md b/docs/proposals/authentication-filter.md
index 477ab412b1..cd7d23afa1 100644
--- a/docs/proposals/authentication-filter.md
+++ b/docs/proposals/authentication-filter.md
@@ -25,7 +25,7 @@ This new filter should eventually expose all forms of authentication available t
 
 ## Introduction
 
-This document focuses expliclty on Authentication (AuthN) and not Authorization (AuthZ). Authentication (AuthN) defines the verification of identiy. It asks the question, "Who are you?". This is different from Authorization (AuthZ), which preceeds Authentication. It asks the question, "What are you allowed to do".
+This document focuses explicitly on Authentication (AuthN) and not Authorization (AuthZ). Authentication (AuthN) defines the verification of identity. It asks the question, "Who are you?". This is different from Authorization (AuthZ), which preceeds Authentication. It asks the question, "What are you allowed to do".
 
 This document also focus on HTTP Basic Authentication and JWT Authentication. Other authentication methods such as OpenID Connect (OIDC) are mentioned, but are not part of the CRD design. These will be covered in future design and implementation tasks.
 
@@ -33,7 +33,7 @@ This document also focus on HTTP Basic Authentication and JWT Authentication. Ot
 ## Use Cases
 
 - As an Application Developer, I want to secure access to my APIs and Backend Applications.
-- As an Application Developer, I want to enforce authenticaiton on specific routes and matches.
+- As an Application Developer, I want to enforce authentication on specific routes and matches.
 
 ### Understanding NGINX authentication methods
 
@@ -46,15 +46,15 @@ This document also focus on HTTP Basic Authentication and JWT Authentication. Ot
 ## API, Customer Driven Interfaces, and User Experience
 
 This portion of the proposal will cover API design and interaction experience for use of Basic Auth and JWT.
-This portioan also contains:
+This portion also contains:
 
 1. The Golang API
 2. Example spec for Basic Auth
-    - Example HTTPRoutes and NINGX configuration
+    - Example HTTPRoutes and NGINX configuration
 3. Example spec for JWT Auth
     - Example HTTPRoutes
     - Examples for Local & Remote JWKS configration
-    - Example NINGX configuration for both Local & Remote JWKS
+    - Example NGINX configuration for both Local & Remote JWKS
     - Example of additioanl optional fields
 
 ### Golang API
@@ -639,7 +639,6 @@ http {
             add_header Content-Type "text/plain; charset=utf-8" always;
             add_header X-Content-Type-Options "nosniff" always;
             add_header Cache-Control "no-store" always;
-            add_header Pragma "no-cache" always;
             return 401 'Unauthorized';
         }
     }
@@ -837,7 +836,6 @@ http {
             add_header Content-Type "text/plain; charset=utf-8" always;
             add_header X-Content-Type-Options "nosniff" always;
             add_header Cache-Control "no-store" always;
-            add_header Pragma "no-cache" always;
             return 403 'Forbidden';
         }
     }
@@ -930,7 +928,6 @@ http {
             add_header Content-Type "text/plain; charset=utf-8" always;
             add_header X-Content-Type-Options "nosniff" always;
             add_header Cache-Control "no-store" always;
-            add_header Pragma "no-cache" always;
             return 401 'Unauthorized';
         }
     }
@@ -1010,7 +1007,7 @@ spec:
 
 ### Attachment
 
-Filters must be attached to a HTTPRoute at the `rules.matces` level.
+Filters must be attached to a HTTPRoute at the `rules.matches` level.
 This means that a single `AuthenticationFilter` may be attached mutliple times to a single HTTPRoute.
 
 #### Basic example
@@ -1173,7 +1170,7 @@ Proxy cache TTL should be configurable and set to a resonable default, reducing
 
 ### Key rotation
 
-Users sholud be advised to regularly rotate their JWKS keys in cases where they chose to reference a local JWKS via a `secrefRef` or `configMapRef`
+Users should be advised to regularly rotate their JWKS keys in cases where they chose to reference a local JWKS via a `secrefRef` or `configMapRef`
 
 ### Auth failure behaviour
 
@@ -1184,19 +1181,18 @@ Users sholud be advised to regularly rotate their JWKS keys in cases where they
 ### Auth failure default headers
 
 Below are a list of default defensive headers for authentication failure reponses.
-We may choose to include these headers by default for improved robustness in auth falure responses.
+We may choose to include these headers by default for improved robustness in auth failure responses.
 
 ```nginx
 add_header Content-Type "text/plain; charset=utf-8" always;
 add_header X-Content-Type-Options "nosniff" always;
 add_header Cache-Control "no-store" always;
-add_header Pragma "no-cache" always;
 ```
 
 Detailed header breakdown:
 
 - Content-Type: "text/plain; charset=utf-8"
-  - This header explicitly set the body as plan text. This prevents browsers from treating the response as HTML or JavaScript, and is effective at mitigating Cross-side scrpting (XSS) through error pages
+  - This header explicitly set the body as plain text. This prevents browsers from treating the response as HTML or JavaScript, and is effective at mitigating Cross-side scrpting (XSS) through error pages
 
 - X-Content-Type-Options: "nosniff"
   - This header prevents content type confusion. This occurrs when browsers guesses HTML & JavaScript, and executes it despite a benign type.
@@ -1204,19 +1200,17 @@ Detailed header breakdown:
 - Cache-Control: "no-store"
   - This header informs browsers and proxies not to cache the response. Avoids sensitive, auth-related content, from being being stored and served later to unintended recipients.
 
-- Pragma: "no-cache"
-  - This header is commonly paired with `Cache-Control: "no-store"` for broad coverage. It acts as an additional signal for older intermediaries that do not honor Cache-Control.
 
 ### Validation
 
-When referencing an `AuthenticationFilter` in either a HTTPRoute or GRPCRoute, it is important that we ensure all configurable fields are validated, and that the resulting NGINX configuration is correct and secure
+When referencing an `AuthenticationFilter` in either a HTTPRoute or GRPCRoute, it is important that we ensure all configurable fields are validated, and that the resulting NGINX configuration is correct and secure.
 
 All fields in the `AuthenticationFilter` will be validated with Open API Schema.
 We should also include [CEL](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-rules) validation where required.
 
 We should validated that only one `AuthenticationFilter` is referenced per-rule. Multiple references to an `AuthenticationFilter` in a single rule should result in an `Invalid` HTTPRoute/GRPCRoute, and the resource should be `Rejected`.
 
-an `AuthenticationFilter` that sets a `onFailure.statusCode` to anything other than `401` or `403` should be rejected. This relates to the "Auth failure behaviour" section in the Security Condierations section.
+An `AuthenticationFilter` that sets a `onFailure.statusCode` to anything other than `401` or `403` should be rejected. This relates to the "Auth failure behaviour" section in the Security Considerations section.
 
 ## Alternatives
 
@@ -1225,7 +1219,7 @@ The Gateway API defines a means to standardise authentication through use of the
 This allows users to reference an external authentication services, such as Keycloak, to handle the authentication requests.
 While this API is available in the experimental channel, it is subject to change.
 
-Our decision to go forward with our own `AuthenticationFilter` was to ensure we could quckly provide authenticaiton to our users while allowing us to closley monitor progress of the ExternalAuthFilter.
+Our decision to go forward with our own `AuthenticationFilter` was to ensure we could quickly provide authentication to our users while allowing us to closely monitor progress of the ExternalAuthFilter.
 
 It is certainly possible for us to provide an External Authentication Services that leverages NGINX and is something we can further investigate as the API progresses.
 
@@ -1233,7 +1227,7 @@ It is certainly possible for us to provide an External Authentication Services t
 
 ### Documenting filter behavour
 
-In regards to documentation of filter behavour with the `AuthenticationFilter`, the Gateway API documentation on filters states the following:
+In regards to documentation of filter behaviour with the `AuthenticationFilter`, the Gateway API documentation on filters states the following:
 
 ```text
 Wherever possible, implementations SHOULD implement filters in the order they are specified.

From e36274577876e9330f3f55c30960554928e01cd7 Mon Sep 17 00:00:00 2001
From: shaun-nx <s.odonovan@f5.com>
Date: Fri, 7 Nov 2025 15:53:48 +0000
Subject: [PATCH 11/12] Update BasicAuth AIP and examples to use `secretRef`

---
 docs/proposals/authentication-filter.md | 31 +++++--------------------
 1 file changed, 6 insertions(+), 25 deletions(-)

diff --git a/docs/proposals/authentication-filter.md b/docs/proposals/authentication-filter.md
index cd7d23afa1..0583119ac1 100644
--- a/docs/proposals/authentication-filter.md
+++ b/docs/proposals/authentication-filter.md
@@ -136,14 +136,7 @@ const (
 
 // BasicAuth configures HTTP Basic Authentication.
 type BasicAuth struct {
-	// Secret is the name of the Secret containing htpasswd data.
-	// The Secret must be in the same namespace as this filter.
-	Secret string `json:"secret"`
-
-	// Key is the key within the Secret that contains the htpasswd data.
-	Key string `json:"key,omitempty"`
-
-	// SecretRef allows referencing a Secret in the same or another namespace.
+	// SecretRef allows referencing a Secret in the same or different namespace.
 	// When namespace is set and differs from the filter's namespace, a ReferenceGrant in the target namespace is required.
 	//
 	// +optional
@@ -470,19 +463,6 @@ type AuthFailureResponse struct {
     BodyPolicy *AuthFailureBodyPolicy `json:"bodyPolicy,omitempty"`
 }
 
-// LocalObjectReference references a namespaced object in the same namespace.
-type LocalObjectReference struct {
-	Name string `json:"name"`
-}
-
-	// SecretKeyReference references a Secret and an optional key.
-type SecretKeyReference struct {
-	Name string `json:"name"`
-
-	// Key within the Secret data. If omitted, controller defaults apply (e.g. "jwks.json").
-	Key string `json:"key,omitempty"`
-}
-
 // NamespacedObjectReference references an object by name with an optional namespace.
 // If namespace is omitted, it defaults to the AuthenticationFilter's namespace.
 type NamespacedObjectReference struct {
@@ -546,10 +526,11 @@ metadata:
 spec:
   type: Basic
   basic:
-    secret: basic-auth-users # Secret containing htpasswd data
-    key: htpasswd            # key within the Secret
-    realm: "Restricted"      # Optional. Helps with logging
-    onFailure:               # Optional. These setting may be defaults.
+    secretRef:
+      name: basic-auth-users   # Secret containing htpasswd data
+      key: htpasswd            # key within the Secret
+    realm: "Restricted"        # Optional. Helps with logging
+    onFailure:                 # Optional. These setting may be defaults.
       statusCode: 401
       scheme: Basic
 ```

From dd5aaa89ca8e88c0f004bd853d54ff8027aa9c39 Mon Sep 17 00:00:00 2001
From: shaun-nx <s.odonovan@f5.com>
Date: Fri, 7 Nov 2025 15:59:21 +0000
Subject: [PATCH 12/12] Update KeyCache to use v1alpha1.Duration

---
 docs/proposals/authentication-filter.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/proposals/authentication-filter.md b/docs/proposals/authentication-filter.md
index 0583119ac1..9c6e8889cd 100644
--- a/docs/proposals/authentication-filter.md
+++ b/docs/proposals/authentication-filter.md
@@ -211,7 +211,7 @@ type JWTAuth struct {
 	// Example: "auth_jwt_key_cache 10m".
 	//
 	// +optional
-	KeyCache *string `json:"keyCache,omitempty"`
+	KeyCache *v1alpha1.Duration `json:"keyCache,omitempty"`
 
 	// OnFailure customizes the 401 response for failed authentication.
 	//
@@ -289,7 +289,7 @@ type JWTFileKeySource struct {
 	// Example: "auth_jwt_key_cache 10m;".
 	//
 	// +optional
-	KeyCache *string `json:"keyCache,omitempty"`
+	KeyCache *v1alpha1.Duration `json:"keyCache,omitempty"`
 }
 
  // JWTRemoteKeySource specifies remote JWKS configuration.