From 8c90f44a78f09fd4753b84514b9de651ac6a3f93 Mon Sep 17 00:00:00 2001
From: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
Date: Thu, 20 Oct 2022 09:02:41 +1100
Subject: [PATCH 01/13] Updates to latest Azure specific image

Signed-off-by: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
---
 .github/workflows/verify-workflow.yaml | 2 +-
 launch.sh                              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/verify-workflow.yaml b/.github/workflows/verify-workflow.yaml
index e957861..763beed 100644
--- a/.github/workflows/verify-workflow.yaml
+++ b/.github/workflows/verify-workflow.yaml
@@ -32,7 +32,7 @@ jobs:
   verify:
     runs-on: ubuntu-latest
     container:
-      image: quay.io/cloudnativetoolkit/cli-tools:v1.2-v2.1.3
+      image: quay.io/cloudnativetoolkit/cli-tools-azure:v1.2-v0.4.20
       options: --privileged --user root
 
     strategy:
diff --git a/launch.sh b/launch.sh
index aa3679e..448a398 100755
--- a/launch.sh
+++ b/launch.sh
@@ -5,7 +5,7 @@
 SCRIPT_DIR="$(cd $(dirname $0); pwd -P)"
 SRC_DIR="${SCRIPT_DIR}"
 
-DOCKER_IMAGE="quay.io/cloudnativetoolkit/cli-tools:v1.2-v2.1.3"
+DOCKER_IMAGE="quay.io/cloudnativetoolkit/cli-tools-azure:v1.2-v0.4.20"
 
 SUFFIX=$(echo $(basename ${SCRIPT_DIR}) | base64 | sed -E "s/[^a-zA-Z0-9_.-]//g" | sed -E "s/.*(.{5})/\1/g")
 CONTAINER_NAME="cli-tools-${SUFFIX}"

From a2bf36fd983981978c361ee4ac15cc06b83f0aa8 Mon Sep 17 00:00:00 2001
From: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
Date: Thu, 20 Oct 2022 15:24:50 +1100
Subject: [PATCH 02/13] Adds standard architecture

Signed-off-by: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
---
 2-standard/1-aro/.mocks/mock/main.tf          |   0
 2-standard/1-aro/.mocks/mock/terragrunt.hcl   |   3 +
 .../101-azure-vnet-std.auto.tfvars            |  18 ++
 2-standard/1-aro/101-azure-vnet-std/apply.sh  | 118 +++++++
 2-standard/1-aro/101-azure-vnet-std/bom.yaml  | 129 ++++++++
 .../1-aro/101-azure-vnet-std/dependencies.dot |  26 ++
 .../1-aro/101-azure-vnet-std/destroy.sh       |   7 +
 .../101-azure-vnet-std/docs/azure-nsg.md      |  68 ++++
 .../docs/azure-resource-group.md              |  55 ++++
 .../101-azure-vnet-std/docs/azure-ssh-key.md  |  75 +++++
 .../docs/azure-vnet-subnets.md                | 118 +++++++
 .../101-azure-vnet-std/docs/azure-vnet.md     |  59 ++++
 .../docs/azure-vpn-server.md                  | 193 +++++++++++
 2-standard/1-aro/101-azure-vnet-std/main.tf   | 114 +++++++
 2-standard/1-aro/101-azure-vnet-std/output.tf | 233 ++++++++++++++
 .../1-aro/101-azure-vnet-std/providers.tf     |   9 +
 .../1-aro/101-azure-vnet-std/terragrunt.hcl   |   3 +
 .../1-aro/101-azure-vnet-std/variables.tf     | 304 ++++++++++++++++++
 .../1-aro/101-azure-vnet-std/version.tf       |   8 +
 .../105-azure-aro-std.auto.tfvars             |  21 ++
 2-standard/1-aro/105-azure-aro-std/apply.sh   | 118 +++++++
 2-standard/1-aro/105-azure-aro-std/bom.yaml   |  75 +++++
 .../1-aro/105-azure-aro-std/dependencies.dot  |  17 +
 2-standard/1-aro/105-azure-aro-std/destroy.sh |   7 +
 .../1-aro/105-azure-aro-std/docs/azure-aro.md | 180 +++++++++++
 .../docs/azure-resource-group.md              |  55 ++++
 .../docs/azure-vnet-subnets.md                | 118 +++++++
 .../105-azure-aro-std/docs/azure-vnet.md      |  59 ++++
 2-standard/1-aro/105-azure-aro-std/main.tf    |  48 +++
 2-standard/1-aro/105-azure-aro-std/output.tf  |  51 +++
 .../1-aro/105-azure-aro-std/providers.tf      |   9 +
 .../1-aro/105-azure-aro-std/terragrunt.hcl    |  32 ++
 .../1-aro/105-azure-aro-std/variables.tf      | 223 +++++++++++++
 2-standard/1-aro/105-azure-aro-std/version.tf |   8 +
 .../200-openshift-gitops.auto.tfvars          |  27 ++
 .../1-aro/200-openshift-gitops/apply.sh       |  74 +++++
 .../1-aro/200-openshift-gitops/bom.yaml       | 102 ++++++
 .../200-openshift-gitops/dependencies.dot     |  30 ++
 .../1-aro/200-openshift-gitops/destroy.sh     |   7 +
 .../docs/argocd-bootstrap.md                  |  55 ++++
 .../1-aro/200-openshift-gitops/docs/gitea.md  |  32 ++
 .../docs/gitops-cluster-config.md             |  39 +++
 .../docs/gitops-console-link-job.md           |  41 +++
 .../docs/gitops-namespace.md                  |  41 +++
 .../200-openshift-gitops/docs/gitops-repo.md  |  56 ++++
 .../200-openshift-gitops/docs/namespace.md    |  39 +++
 .../200-openshift-gitops/docs/ocp-login.md    |  36 +++
 .../1-aro/200-openshift-gitops/docs/olm.md    |  29 ++
 .../docs/sealed-secret-cert.md                |  38 +++
 .../200-openshift-gitops/docs/util-clis.md    |  45 +++
 2-standard/1-aro/200-openshift-gitops/main.tf | 129 ++++++++
 .../1-aro/200-openshift-gitops/outputs.tf     |  19 ++
 .../1-aro/200-openshift-gitops/providers.tf   |   6 +
 .../1-aro/200-openshift-gitops/terragrunt.hcl |  41 +++
 .../1-aro/200-openshift-gitops/variables.tf   | 231 +++++++++++++
 .../1-aro/200-openshift-gitops/version.tf     |   8 +
 .../1-aro/210-azure-default-storage/bom.yaml  |   0
 .../1-aro/210-azure-default-storage/main.tf   |   3 +
 .../210-azure-default-storage/terragrunt.hcl  |  15 +
 .../210-azure-portworx-storage.auto.tfvars    |  27 ++
 .../1-aro/210-azure-portworx-storage/apply.sh |  74 +++++
 .../1-aro/210-azure-portworx-storage/bom.yaml |  83 +++++
 .../dependencies.dot                          |   6 +
 .../210-azure-portworx-storage/destroy.sh     |   7 +
 .../docs/azure-portworx.md                    | 120 +++++++
 .../docs/ocp-login.md                         |  36 +++
 .../1-aro/210-azure-portworx-storage/main.tf  |  32 ++
 .../210-azure-portworx-storage/providers.tf   |   5 +
 .../210-azure-portworx-storage/terragrunt.hcl |  32 ++
 .../210-azure-portworx-storage/variables.tf   | 109 +++++++
 .../210-azure-portworx-storage/version.tf     |   8 +
 .../220-dev-tools/220-dev-tools.auto.tfvars   |  18 ++
 2-standard/1-aro/220-dev-tools/apply.sh       |  74 +++++
 2-standard/1-aro/220-dev-tools/bom.yaml       |  80 +++++
 .../1-aro/220-dev-tools/dependencies.dot      |  29 ++
 2-standard/1-aro/220-dev-tools/destroy.sh     |   7 +
 .../220-dev-tools/docs/gitops-artifactory.md  |  39 +++
 .../docs/gitops-buildah-unprivileged.md       |  36 +++
 .../220-dev-tools/docs/gitops-dashboard.md    |  42 +++
 .../220-dev-tools/docs/gitops-namespace.md    |  41 +++
 .../220-dev-tools/docs/gitops-pact-broker.md  |  37 +++
 .../1-aro/220-dev-tools/docs/gitops-repo.md   |  56 ++++
 .../220-dev-tools/docs/gitops-sonarqube.md    |  42 +++
 .../docs/gitops-swagger-editor.md             | 196 +++++++++++
 .../docs/gitops-tekton-resources.md           |  35 ++
 .../1-aro/220-dev-tools/docs/util-clis.md     |  45 +++
 2-standard/1-aro/220-dev-tools/main.tf        | 124 +++++++
 2-standard/1-aro/220-dev-tools/providers.tf   |   6 +
 2-standard/1-aro/220-dev-tools/terragrunt.hcl |  43 +++
 2-standard/1-aro/220-dev-tools/variables.tf   | 249 ++++++++++++++
 2-standard/1-aro/220-dev-tools/version.tf     |   8 +
 2-standard/1-aro/README.md                    | 187 +++++++++++
 2-standard/1-aro/launch.sh                    | 102 ++++++
 2-standard/1-aro/layers.yaml                  |  10 +
 2-standard/1-aro/terragrunt.hcl               |  36 +++
 check-vpn.sh                                  |  58 ++++
 launch.sh                                     |  11 +-
 setup-workspace.sh                            |   6 +-
 terraform.tfvars.template-standard-aro        |  32 ++
 99 files changed, 5884 insertions(+), 8 deletions(-)
 create mode 100644 2-standard/1-aro/.mocks/mock/main.tf
 create mode 100644 2-standard/1-aro/.mocks/mock/terragrunt.hcl
 create mode 100644 2-standard/1-aro/101-azure-vnet-std/101-azure-vnet-std.auto.tfvars
 create mode 100755 2-standard/1-aro/101-azure-vnet-std/apply.sh
 create mode 100644 2-standard/1-aro/101-azure-vnet-std/bom.yaml
 create mode 100644 2-standard/1-aro/101-azure-vnet-std/dependencies.dot
 create mode 100755 2-standard/1-aro/101-azure-vnet-std/destroy.sh
 create mode 100644 2-standard/1-aro/101-azure-vnet-std/docs/azure-nsg.md
 create mode 100644 2-standard/1-aro/101-azure-vnet-std/docs/azure-resource-group.md
 create mode 100644 2-standard/1-aro/101-azure-vnet-std/docs/azure-ssh-key.md
 create mode 100644 2-standard/1-aro/101-azure-vnet-std/docs/azure-vnet-subnets.md
 create mode 100644 2-standard/1-aro/101-azure-vnet-std/docs/azure-vnet.md
 create mode 100644 2-standard/1-aro/101-azure-vnet-std/docs/azure-vpn-server.md
 create mode 100644 2-standard/1-aro/101-azure-vnet-std/main.tf
 create mode 100644 2-standard/1-aro/101-azure-vnet-std/output.tf
 create mode 100644 2-standard/1-aro/101-azure-vnet-std/providers.tf
 create mode 100644 2-standard/1-aro/101-azure-vnet-std/terragrunt.hcl
 create mode 100644 2-standard/1-aro/101-azure-vnet-std/variables.tf
 create mode 100644 2-standard/1-aro/101-azure-vnet-std/version.tf
 create mode 100644 2-standard/1-aro/105-azure-aro-std/105-azure-aro-std.auto.tfvars
 create mode 100755 2-standard/1-aro/105-azure-aro-std/apply.sh
 create mode 100644 2-standard/1-aro/105-azure-aro-std/bom.yaml
 create mode 100644 2-standard/1-aro/105-azure-aro-std/dependencies.dot
 create mode 100755 2-standard/1-aro/105-azure-aro-std/destroy.sh
 create mode 100644 2-standard/1-aro/105-azure-aro-std/docs/azure-aro.md
 create mode 100644 2-standard/1-aro/105-azure-aro-std/docs/azure-resource-group.md
 create mode 100644 2-standard/1-aro/105-azure-aro-std/docs/azure-vnet-subnets.md
 create mode 100644 2-standard/1-aro/105-azure-aro-std/docs/azure-vnet.md
 create mode 100644 2-standard/1-aro/105-azure-aro-std/main.tf
 create mode 100644 2-standard/1-aro/105-azure-aro-std/output.tf
 create mode 100644 2-standard/1-aro/105-azure-aro-std/providers.tf
 create mode 100644 2-standard/1-aro/105-azure-aro-std/terragrunt.hcl
 create mode 100644 2-standard/1-aro/105-azure-aro-std/variables.tf
 create mode 100644 2-standard/1-aro/105-azure-aro-std/version.tf
 create mode 100644 2-standard/1-aro/200-openshift-gitops/200-openshift-gitops.auto.tfvars
 create mode 100755 2-standard/1-aro/200-openshift-gitops/apply.sh
 create mode 100644 2-standard/1-aro/200-openshift-gitops/bom.yaml
 create mode 100644 2-standard/1-aro/200-openshift-gitops/dependencies.dot
 create mode 100755 2-standard/1-aro/200-openshift-gitops/destroy.sh
 create mode 100644 2-standard/1-aro/200-openshift-gitops/docs/argocd-bootstrap.md
 create mode 100644 2-standard/1-aro/200-openshift-gitops/docs/gitea.md
 create mode 100644 2-standard/1-aro/200-openshift-gitops/docs/gitops-cluster-config.md
 create mode 100644 2-standard/1-aro/200-openshift-gitops/docs/gitops-console-link-job.md
 create mode 100644 2-standard/1-aro/200-openshift-gitops/docs/gitops-namespace.md
 create mode 100644 2-standard/1-aro/200-openshift-gitops/docs/gitops-repo.md
 create mode 100644 2-standard/1-aro/200-openshift-gitops/docs/namespace.md
 create mode 100644 2-standard/1-aro/200-openshift-gitops/docs/ocp-login.md
 create mode 100644 2-standard/1-aro/200-openshift-gitops/docs/olm.md
 create mode 100644 2-standard/1-aro/200-openshift-gitops/docs/sealed-secret-cert.md
 create mode 100644 2-standard/1-aro/200-openshift-gitops/docs/util-clis.md
 create mode 100644 2-standard/1-aro/200-openshift-gitops/main.tf
 create mode 100644 2-standard/1-aro/200-openshift-gitops/outputs.tf
 create mode 100644 2-standard/1-aro/200-openshift-gitops/providers.tf
 create mode 100644 2-standard/1-aro/200-openshift-gitops/terragrunt.hcl
 create mode 100644 2-standard/1-aro/200-openshift-gitops/variables.tf
 create mode 100644 2-standard/1-aro/200-openshift-gitops/version.tf
 create mode 100644 2-standard/1-aro/210-azure-default-storage/bom.yaml
 create mode 100644 2-standard/1-aro/210-azure-default-storage/main.tf
 create mode 100644 2-standard/1-aro/210-azure-default-storage/terragrunt.hcl
 create mode 100644 2-standard/1-aro/210-azure-portworx-storage/210-azure-portworx-storage.auto.tfvars
 create mode 100755 2-standard/1-aro/210-azure-portworx-storage/apply.sh
 create mode 100644 2-standard/1-aro/210-azure-portworx-storage/bom.yaml
 create mode 100644 2-standard/1-aro/210-azure-portworx-storage/dependencies.dot
 create mode 100755 2-standard/1-aro/210-azure-portworx-storage/destroy.sh
 create mode 100644 2-standard/1-aro/210-azure-portworx-storage/docs/azure-portworx.md
 create mode 100644 2-standard/1-aro/210-azure-portworx-storage/docs/ocp-login.md
 create mode 100644 2-standard/1-aro/210-azure-portworx-storage/main.tf
 create mode 100644 2-standard/1-aro/210-azure-portworx-storage/providers.tf
 create mode 100644 2-standard/1-aro/210-azure-portworx-storage/terragrunt.hcl
 create mode 100644 2-standard/1-aro/210-azure-portworx-storage/variables.tf
 create mode 100644 2-standard/1-aro/210-azure-portworx-storage/version.tf
 create mode 100644 2-standard/1-aro/220-dev-tools/220-dev-tools.auto.tfvars
 create mode 100755 2-standard/1-aro/220-dev-tools/apply.sh
 create mode 100644 2-standard/1-aro/220-dev-tools/bom.yaml
 create mode 100644 2-standard/1-aro/220-dev-tools/dependencies.dot
 create mode 100755 2-standard/1-aro/220-dev-tools/destroy.sh
 create mode 100644 2-standard/1-aro/220-dev-tools/docs/gitops-artifactory.md
 create mode 100644 2-standard/1-aro/220-dev-tools/docs/gitops-buildah-unprivileged.md
 create mode 100644 2-standard/1-aro/220-dev-tools/docs/gitops-dashboard.md
 create mode 100644 2-standard/1-aro/220-dev-tools/docs/gitops-namespace.md
 create mode 100644 2-standard/1-aro/220-dev-tools/docs/gitops-pact-broker.md
 create mode 100644 2-standard/1-aro/220-dev-tools/docs/gitops-repo.md
 create mode 100644 2-standard/1-aro/220-dev-tools/docs/gitops-sonarqube.md
 create mode 100644 2-standard/1-aro/220-dev-tools/docs/gitops-swagger-editor.md
 create mode 100644 2-standard/1-aro/220-dev-tools/docs/gitops-tekton-resources.md
 create mode 100644 2-standard/1-aro/220-dev-tools/docs/util-clis.md
 create mode 100644 2-standard/1-aro/220-dev-tools/main.tf
 create mode 100644 2-standard/1-aro/220-dev-tools/providers.tf
 create mode 100644 2-standard/1-aro/220-dev-tools/terragrunt.hcl
 create mode 100644 2-standard/1-aro/220-dev-tools/variables.tf
 create mode 100644 2-standard/1-aro/220-dev-tools/version.tf
 create mode 100644 2-standard/1-aro/README.md
 create mode 100755 2-standard/1-aro/launch.sh
 create mode 100644 2-standard/1-aro/layers.yaml
 create mode 100644 2-standard/1-aro/terragrunt.hcl
 create mode 100755 check-vpn.sh
 create mode 100644 terraform.tfvars.template-standard-aro

diff --git a/2-standard/1-aro/.mocks/mock/main.tf b/2-standard/1-aro/.mocks/mock/main.tf
new file mode 100644
index 0000000..e69de29
diff --git a/2-standard/1-aro/.mocks/mock/terragrunt.hcl b/2-standard/1-aro/.mocks/mock/terragrunt.hcl
new file mode 100644
index 0000000..e147285
--- /dev/null
+++ b/2-standard/1-aro/.mocks/mock/terragrunt.hcl
@@ -0,0 +1,3 @@
+include "root" {
+  path = find_in_parent_folders()
+}
diff --git a/2-standard/1-aro/101-azure-vnet-std/101-azure-vnet-std.auto.tfvars b/2-standard/1-aro/101-azure-vnet-std/101-azure-vnet-std.auto.tfvars
new file mode 100644
index 0000000..e3834cb
--- /dev/null
+++ b/2-standard/1-aro/101-azure-vnet-std/101-azure-vnet-std.auto.tfvars
@@ -0,0 +1,18 @@
+## resource_group_name: The name of the resource group
+#resource_group_name=""
+
+## region: The Azure location where the resource group will be provisioned
+#region=""
+
+## subscription_id: the value of subscription_id
+#subscription_id=""
+
+## client_id: the value of client_id
+#client_id=""
+
+## client_secret: the value of client_secret
+#client_secret=""
+
+## tenant_id: the value of tenant_id
+#tenant_id=""
+
diff --git a/2-standard/1-aro/101-azure-vnet-std/apply.sh b/2-standard/1-aro/101-azure-vnet-std/apply.sh
new file mode 100755
index 0000000..cc88204
--- /dev/null
+++ b/2-standard/1-aro/101-azure-vnet-std/apply.sh
@@ -0,0 +1,118 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR=$(cd $(dirname $0); pwd -P)
+
+VARIABLES_FILE="${1}"
+if [[ -z "${VARIABLES_FILE}" ]]; then
+  VARIABLES_FILE="variables.yaml"
+fi
+
+YQ=$(command -v yq4 || command -v yq)
+if [[ -z "${YQ}" ]] || [[ $(${YQ} --version | sed -E "s/.*version ([34]).*/\1/g") == "3" ]]; then
+  echo "yq v4 is required"
+  exit 1
+fi
+
+if ! command -v jq 1> /dev/null 2> /dev/null; then
+  echo "jq is required"
+  exit 1
+fi
+
+CREDENTIALS_PROPERTIES="credentials.properties"
+TERRAFORM_TFVARS="terraform/terraform.tfvars"
+
+if [[ -f "${TERRAFORM_TFVARS}" ]]; then
+  cp "${TERRAFORM_TFVARS}" "${TERRAFORM_TFVARS}.backup"
+  rm "${TERRAFORM_TFVARS}"
+fi
+
+if [[ -f "${CREDENTIALS_PROPERTIES}" ]]; then
+  cp "${CREDENTIALS_PROPERTIES}" "${CREDENTIALS_PROPERTIES}.backup"
+  rm "${CREDENTIALS_PROPERTIES}"
+fi
+touch "${CREDENTIALS_PROPERTIES}"
+
+if [[ ! -f "${VARIABLES_FILE}" ]]; then
+  echo "Variables can be provided in a yaml file passed as the first argument"
+  echo ""
+fi
+
+TMP_VARIABLES_FILE="${VARIABLES_FILE}.tmp"
+
+echo "variables: []" > ${TMP_VARIABLES_FILE}
+
+function process_variable () {
+  local name="$1"
+  local default_value="$2"
+  local sensitive="$3"
+  local description="$4"
+
+  local variable_name="TF_VAR_${name}"
+
+  environment_variable=$(env | grep "${variable_name}" | sed -E 's/.*=(.*).*/\1/g')
+  value="${environment_variable}"
+  if [[ -f "${VARIABLES_FILE}" ]]; then
+    value=$(cat "${VARIABLES_FILE}" | NAME="${name}" ${YQ} e -o json '.variables[] | select(.name == env(NAME)) | .value // ""' - | jq -c -r '.')
+    if [[ -z "${value}" ]]; then
+      value="${environment_variable}"
+    fi
+  fi
+
+  while [[ -z "${value}" ]]; do
+    echo "Provide a value for '${name}':"
+    if [[ -n "${description}" ]]; then
+      echo "  ${description}"
+    fi
+    sensitive_flag=""
+    if [[ "${sensitive}" == "true" ]]; then
+      sensitive_flag="-s"
+    fi
+    default_prompt=""
+    if [[ -n "${default_value}" ]]; then
+      default_prompt="(${default_value}) "
+    fi
+    read -u 1 ${sensitive_flag} -p "> ${default_prompt}" value
+    value=${value:-$default_value}
+  done
+
+  output_value=$(echo "${value}" | sed 's/"/\\"/g')
+
+  if [[ "${sensitive}" != "true" ]]; then
+    echo "${name} = \"${output_value}\"" >> "${TERRAFORM_TFVARS}"
+    NAME="${name}" VALUE="${value}" ${YQ} e -i -P '.variables += [{"name": env(NAME), "value": env(VALUE)}]' "${TMP_VARIABLES_FILE}"
+  else
+    echo "export ${name}=\"${output_value}\"" >> "${CREDENTIALS_PROPERTIES}"
+  fi
+}
+
+cat "bom.yaml" | ${YQ} e '.spec.variables[] | .name' - | while read name; do
+  variable=$(cat "bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME))' -)
+
+  default_value=$(echo "${variable}" | ${YQ} e -o json '.defaultValue // ""' - | jq -c -r '.')
+  sensitive=$(echo "${variable}" | ${YQ} e '.sensitive // false' -)
+  description=$(echo "${variable}" | ${YQ} e '.description // ""' -)
+
+  process_variable "${name}" "${default_value}" "${sensitive}" "${description}"
+done
+
+cat "${VARIABLES_FILE}" | ${YQ} e '.variables[]' -o json - | jq -c '.' | while read var; do
+  name=$(echo "${var}" | jq -r '.name')
+
+  value=$(echo "${var}" | jq -r '.value // empty')
+  sensitive=$(echo "${var}" | jq -r '.sensitive')
+
+  bom_var=$(cat bom.yaml | ${YQ} e '.spec.variables[]' -o json - | jq --arg NAME "${name}" -c 'select(.name == $NAME)')
+
+  if [[ -z "${bom_var}" ]]; then
+    process_variable "${name}" "${value}" "${sensitive}" ""
+  fi
+done
+
+cp "${TMP_VARIABLES_FILE}" "${VARIABLES_FILE}"
+rm "${TMP_VARIABLES_FILE}"
+
+source credentials.properties
+
+cd terraform
+terraform init
+terraform apply
diff --git a/2-standard/1-aro/101-azure-vnet-std/bom.yaml b/2-standard/1-aro/101-azure-vnet-std/bom.yaml
new file mode 100644
index 0000000..15d2274
--- /dev/null
+++ b/2-standard/1-aro/101-azure-vnet-std/bom.yaml
@@ -0,0 +1,129 @@
+apiVersion: cloud.ibm.com/v1alpha1
+kind: BillOfMaterial
+metadata:
+  name: 101-azure-vnet-std
+  labels:
+    type: infrastructure
+    platform: azure
+    code: '101'
+  annotations:
+    displayName: Azure VNet
+    description: Azure base infrastructure for OpenShift standard architecture
+    vpn/required: false
+spec:
+  modules:
+    - name: azure-resource-group
+      alias: resource_group
+      version: v1.1.1
+    - name: azure-vnet
+      alias: vnet
+      version: v1.1.3
+      variables:
+        - name: address_prefixes
+          value:
+            - 10.0.0.0/20
+    - name: azure-vnet-subnets
+      alias: master_subnet
+      version: v1.3.9
+      default: true
+      variables:
+        - name: label
+          value: master
+        - name: ipv4_cidr_blocks
+          value:
+            - 10.0.1.0/24
+        - name: service_endpoints
+          value:
+            - Microsoft.ContainerRegistry
+            - Microsoft.Storage
+        - name: disable_private_link_endpoint_network_policies
+          value: true
+        - name: disable_private_link_service_network_policies
+          value: true
+    - name: azure-vnet-subnets
+      alias: worker_subnet
+      version: v1.3.9
+      variables:
+        - name: label
+          value: worker
+        - name: ipv4_cidr_blocks
+          value:
+            - 10.0.2.0/24
+        - name: service_endpoints
+          value:
+            - Microsoft.ContainerRegistry
+            - Microsoft.Storage
+    - name: azure-vnet-subnets
+      alias: ingress_subnet
+      version: v1.3.9
+      variables:
+        - name: label
+          value: ingress
+        - name: ipv4_cidr_blocks
+          value:
+            - 10.0.3.0/24
+    - name: azure-nsg
+      alias: nsg
+      version: v1.0.5
+      variables:
+        - name: acl_rules
+          value:
+            - name: ssh-inbound
+              priority: '101'
+              access: Allow
+              protocol: Tcp
+              direction: Inbound
+              source_addr: '*'
+              destination_addr: '*'
+              source_ports: '*'
+              destination_ports: '22'
+            - name: vpn-inbound-tcp
+              priority: '102'
+              access: Allow
+              protocol: Tcp
+              direction: Inbound
+              source_addr: '*'
+              destination_addr: '*'
+              source_ports: '*'
+              destination_ports: '443'
+            - name: vpn-inbound-udp
+              priority: '103'
+              access: Allow
+              protocol: Udp
+              direction: Inbound
+              source_addr: '*'
+              destination_addr: '*'
+              source_ports: '*'
+              destination_ports: '1194'
+      dependencies:
+        - name: subnets
+          ref: ingress_subnet
+    - name: azure-ssh-key
+      alias: ssh-keys
+      version: v1.0.6
+    - name: azure-vpn-server
+      alias: vpn-server
+      version: v1.0.1
+      variables:
+        - name: private_network_cidrs
+          value:
+            - 10.0.0.0/20
+      dependencies:
+        - name: subnet
+          ref: ingress_subnet
+  variables:
+    - name: resource_group_name
+      type: string
+      description: The name of the resource group
+    - name: region
+      type: string
+      description: The Azure location where the resource group will be provisioned
+    - name: subscription_id
+      type: string
+    - name: client_id
+      type: string
+    - name: client_secret
+      type: string
+      sensitive: true
+    - name: tenant_id
+      type: string
diff --git a/2-standard/1-aro/101-azure-vnet-std/dependencies.dot b/2-standard/1-aro/101-azure-vnet-std/dependencies.dot
new file mode 100644
index 0000000..ee52254
--- /dev/null
+++ b/2-standard/1-aro/101-azure-vnet-std/dependencies.dot
@@ -0,0 +1,26 @@
+digraph {
+    rankdir="BT"
+    "resource_group (azure-resource-group)"
+"vnet (azure-vnet)" -> "resource_group (azure-resource-group)"
+"vnet (azure-vnet)"
+"master_subnet (azure-vnet-subnets)" -> "resource_group (azure-resource-group)"
+"master_subnet (azure-vnet-subnets)" -> "vnet (azure-vnet)"
+"master_subnet (azure-vnet-subnets)"
+"worker_subnet (azure-vnet-subnets)" -> "resource_group (azure-resource-group)"
+"worker_subnet (azure-vnet-subnets)" -> "vnet (azure-vnet)"
+"worker_subnet (azure-vnet-subnets)"
+"ingress_subnet (azure-vnet-subnets)" -> "resource_group (azure-resource-group)"
+"ingress_subnet (azure-vnet-subnets)" -> "vnet (azure-vnet)"
+"ingress_subnet (azure-vnet-subnets)"
+"nsg (azure-nsg)" -> "resource_group (azure-resource-group)"
+"nsg (azure-nsg)" -> "vnet (azure-vnet)"
+"nsg (azure-nsg)" -> "ingress_subnet (azure-vnet-subnets)"
+"nsg (azure-nsg)"
+"ssh-keys (azure-ssh-key)" -> "resource_group (azure-resource-group)"
+"ssh-keys (azure-ssh-key)"
+"vpn-server (azure-vpn-server)" -> "resource_group (azure-resource-group)"
+"vpn-server (azure-vpn-server)" -> "vnet (azure-vnet)"
+"vpn-server (azure-vpn-server)" -> "master_subnet (azure-vnet-subnets)"
+"vpn-server (azure-vpn-server)" -> "ssh-keys (azure-ssh-key)"
+"vpn-server (azure-vpn-server)"
+  }
\ No newline at end of file
diff --git a/2-standard/1-aro/101-azure-vnet-std/destroy.sh b/2-standard/1-aro/101-azure-vnet-std/destroy.sh
new file mode 100755
index 0000000..7c27549
--- /dev/null
+++ b/2-standard/1-aro/101-azure-vnet-std/destroy.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR=$(cd $(dirname $0); pwd -P)
+
+cd "${SCRIPT_DIR}/terraform"
+terraform init
+terraform destroy -auto-approve
diff --git a/2-standard/1-aro/101-azure-vnet-std/docs/azure-nsg.md b/2-standard/1-aro/101-azure-vnet-std/docs/azure-nsg.md
new file mode 100644
index 0000000..111346b
--- /dev/null
+++ b/2-standard/1-aro/101-azure-vnet-std/docs/azure-nsg.md
@@ -0,0 +1,68 @@
+# Azure Network Security Group
+
+## Module Overview
+
+Module creates a network security group (NSG) on Azure with provided rules and associates with provided subnets. It includes the following resources:
+- azurerm_network_security_group
+- azurerm_subnet_network_security_group_association
+
+### Software dependencies
+
+This module has no dependencies on software components.
+
+### Command line tools
+
+- terraform >= 1.2.6
+
+### Module dependencies
+
+- cloud-native-toolkit/terraform-azure-resource-group
+- cloud-native-toolkit/terraform-azure-vnet
+- cloud-native-toolkit/terraform-azure-subnets (optional if associating NSG with one or more subnets)
+
+## Example Usage
+
+```hcl-terraform
+module "nsg" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-nsg"
+
+  name_prefix = "example"
+  resource_group_name = module.resource_group.name
+  region = module.resource_group.region
+  virtual_network_name = module.vnet.name
+  subnets = [module.subnets.name[0], module.subnets.name[1]]
+  acl_rules = [{
+      name                = "ssh-inbound"
+      priority            = "101"
+      access              = "Allow"
+      protocol            = "Tcp"
+      direction           = "Inbound"
+      source_addr         = "*"
+      destination_addr    = "*"
+      source_ports        = "*"
+      destination_ports   = "22"
+      }
+  ]  
+}
+```
+
+## Input Variables
+
+This module has the following input variables:
+| Variable | Mandatory / Optional | Default Value | Description |
+| -------------------------------- | --------------| ------------------ | ----------------------------------------------------------------------------- |
+| resource_group_name | Mandatory | "" | The resource group into which to deploy the NSG |
+| region | Mandatory | "" | Region into which to deploy the NSG |
+| virtual_network_name | Mandatory | "" | The VNet into which to deploy the NSG |
+| name_prefix | Optional | "" | The prefix for the NSG name (module will append "-nsg" to this variable)  |
+| name | Optional | "" | The full name for the NSG. One of name or name_prefix must be specified.  |
+| subnet_ids | Optional | [] | List of subnet ids in the VNet to which to associate the NSG when created |
+| acl_rules | Optional | [] | List of ACL rules to apply (refer to variables.tf for details) |
+
+## Output Variables
+
+This module has the following output variables:
+| Variable | Description |
+| -------------------------------- | ----------------------------------------------------------------------------- |
+| id  | The Azure identification string of the created NSG  |
+| name | The name of the created NSG |
\ No newline at end of file
diff --git a/2-standard/1-aro/101-azure-vnet-std/docs/azure-resource-group.md b/2-standard/1-aro/101-azure-vnet-std/docs/azure-resource-group.md
new file mode 100644
index 0000000..de8ba3c
--- /dev/null
+++ b/2-standard/1-aro/101-azure-vnet-std/docs/azure-resource-group.md
@@ -0,0 +1,55 @@
+# Azure Resource Group
+
+## Module overview
+
+### Description
+
+This module provisions a resource group in Azure.
+
+**Note:** This module follows the Terraform conventions regarding how provider configuration is defined within the Terraform template and passed into the module - https://www.terraform.io/docs/language/modules/develop/providers.html. The default provider configuration flows through to the module. If different configuration is required for a module, it can be explicitly passed in the `providers` block of the module - https://www.terraform.io/docs/language/modules/develop/providers.html#passing-providers-explicitly.
+
+### Software dependencies
+
+The module depends on the following software components:
+
+#### Command-line tools
+
+- terraform >= v0.15
+
+#### Terraform providers
+
+- Azure provider >= 2.91.0
+
+### Module dependencies
+
+None
+
+### Example usage
+
+```hcl-terraform
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 2.91.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+
+  subscription_id = var.subscription_id
+  client_id       = var.client_id
+  client_secret   = var.client_secret
+  tenant_id       = var.tenant_id
+}
+
+module "resource_group" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-resource-group"
+
+  resource_group_name = var.resource_group_name
+  region              = var.region
+}
+```
+
diff --git a/2-standard/1-aro/101-azure-vnet-std/docs/azure-ssh-key.md b/2-standard/1-aro/101-azure-vnet-std/docs/azure-ssh-key.md
new file mode 100644
index 0000000..6b76f18
--- /dev/null
+++ b/2-standard/1-aro/101-azure-vnet-std/docs/azure-ssh-key.md
@@ -0,0 +1,75 @@
+# Azure SSH Key
+
+## Module overview
+
+### Description
+
+This module stores a public key into the Azure vault. If a key is not passed to the module, a new key pair is created and stored in the current working directory.
+
+**Note:** This module follows the Terraform conventions regarding how provider configuration is defined within the Terraform template and passed into the module - https://www.terraform.io/docs/language/modules/develop/providers.html. The default provider configuration flows through to the module. If different configuration is required for a module, it can be explicitly passed in the `providers` block of the module - https://www.terraform.io/docs/language/modules/develop/providers.html#passing-providers-explicitly.
+
+### Software dependencies
+
+The module depends on the following software components:
+
+#### Command-line tools
+
+- terraform >= v0.15
+
+#### Terraform providers
+
+- Azure provider >= 2.91.0
+
+### Module dependencies
+
+This module makes use of the output from other modules:
+
+- Azure resource group - github.com/cloud-native-toolkit/terraform-azure-resource-group >= 1.0.2
+
+### Example usage
+
+```hcl-terraform
+module "ssh_key" {
+    source = "github.com/cloud-native-toolkit/terraform-azure-ssh-key"
+
+    key_name = "test-key"
+    resource_group_name = module.resource_group.name
+    region= module.resource_group.region
+    store_path = "${path.cwd}/${var.path_offset}"
+  
+}
+```
+
+## Variables
+
+### Inputs
+
+This module has the following input variables:
+| Variable | Mandatory / Optional | Default Value | Description |
+| -------------------------------- | --------------| ------------------ | ----------------------------------------------------------------------------- |
+| key_name | Optional | "" | Name to give to the SSH key |
+| name_prefix | Optional | "" | Prefix for the SSH key. If neither key_name nor name_prefix are provided, a random name is assigned. |
+| resource_group_name | Optional | "" | Name of the resource group if storing the SSH key in the Azure vault |
+| region | Optional | "" | Azure location if storing the SSH key in the Azure vault. |
+| store_path | Optional | CWD | Path offset from current working directory (CWD) to store keys. |
+| public_file_permissions | Optional | 0600 | Permissions for created public key file |
+| private_file_permissions | Optional | 0400 | Permissions for created private key file |
+| store_key_in_vault | Optional | true | Flag to specify whether to store generated keys in Azure vault |
+| ssh_key | Optional | "" | Path to existing public key to used |
+| algorithm | Optional | RSA | Encryption algorithm to be used (RSA, ECDSA or ED25519) |
+| rsa_bits | Optional | 4096 | Number of bits if using RSA encryption |
+| ecdsa_curve | Optional | P224 | Curve to use if using ECDSA |
+| tags | Optional | "" | Extra tags to be added to the Azure vault entry. |
+
+### Outputs
+
+The module outputs the following values:
+| Output | Description |
+| -------------------------------- | -------------------------------------------------------------------------- |
+| id | The Id of the Azure vault entry if created |
+| pub_key | The public key |
+| pub_key_file | Filename of the public key |
+| private_key | The private key (sensitive) |
+| private_key_file | Filename of the private key |
+| path | Path to the keys |
+| name | Name of the created key set |
\ No newline at end of file
diff --git a/2-standard/1-aro/101-azure-vnet-std/docs/azure-vnet-subnets.md b/2-standard/1-aro/101-azure-vnet-std/docs/azure-vnet-subnets.md
new file mode 100644
index 0000000..e648a22
--- /dev/null
+++ b/2-standard/1-aro/101-azure-vnet-std/docs/azure-vnet-subnets.md
@@ -0,0 +1,118 @@
+# Azure VNet Subnets
+
+## Module overview
+
+### Description
+
+Module that provisions virtual network subnets on Azure, including the following resources:
+- subnet
+- network security group
+- security group subnet association
+
+The number of subnets created is controlled by the number of subnet CIDR's supplied and the provision flag. If the provison flag is set to false (it is true by default), the module will not provision anything and will only read the provided subnet name details (use the subnet_name variable to supply the subnet name).
+
+**Note:** This module follows the Terraform conventions regarding how provider configuration is defined within the Terraform template and passed into the module - https://www.terraform.io/docs/language/modules/develop/providers.html. The default provider configuration flows through to the module. If different configuration is required for a module, it can be explicitly passed in the `providers` block of the module - https://www.terraform.io/docs/language/modules/develop/providers.html#passing-providers-explicitly.
+
+### Software dependencies
+
+The module depends on the following software components:
+
+#### Command-line tools
+
+- terraform >= v0.15
+
+#### Terraform providers
+
+- Azure provider
+
+### Module dependencies
+
+This module makes use of the output from other modules:
+
+- Resource Group - github.com/cloud-native-toolkit/terraform-azure-resource-group
+- VNet - github.com/cloud-native-toolkit/terraform-azure-vnet
+
+### Example usage
+
+```hcl-terraform
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+
+  subscription_id = var.subscription_id
+  client_id       = var.client_id
+  client_secret   = var.client_secret
+  tenant_id       = var.tenant_id
+}
+
+module "subnets" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-subnets"
+
+  resource_group_name = module.resource_group.name
+  region = var.region
+  vpc_name = module.vpc.name
+  ipv4_cidr_blocks = ["10.1.1.0/24", "10.1.2.0/24", "10.1.3.0/24"]
+  acl_rules = [{
+    name = "ssh-inbound"
+    action = "Allow"
+    direction = "Inbound"
+    source = "*"
+    destination = "*"
+    tcp = {
+      destination_port_range = "22"
+      source_port_range = "*"
+    }
+  }, {
+    name = "internal-only"
+    action = "Allow"
+    direction = "Inbound"
+    source = "10.0.0.0/16"
+    destination = "10.0.0.0/24"
+    udp = {
+      destination_port_range = "1024 - 2048"
+      source_port_range = "*"
+    }
+  }]
+}
+```
+
+## Input Variables
+
+This module has the following input variables:
+| Variable | Mandatory / Optional | Default Value | Description |
+| -------------------------------- | --------------| ------------------ | ----------------------------------------------------------------------------- |
+| resource_group_name | Mandatory |  | The resource group into which to deploy or query |
+| region | Mandatory |  | Region into which to deploy or query |
+| vnet_name | Mandatory |  | Name of the VNet into which to deploy or query |
+| subnet_name | Optional | "" | Name of an existing subnet to query |
+| label | Optional | "" | Label to use in subnet names |
+| provision | Optional | true | Flag to provision new resources or query existing if false |
+| ipv4_cidr_blocks | Optional | [] | List of CIDRs for subnets to be created |
+| acl_rules | Optional | [] | List of rules to create and associate with the subent(s) |
+| service_endpoints | Optional | Microsoft.ContainerRegistry | List of service endpoints for the subnet(s)|
+| disable_private_link_endpoint_network_policies | Optional | false | Flag to disable private link endpoint network policies in the subnet(s) |
+| disable_private_link_service_network_policies | Optional | false | Flag to disable private link service network policies in the subnet(s) |
+
+## Output Variables
+
+This module has the following output variables:
+| Variable | Description |
+| -------------------------------- | ----------------------------------------------------------------------------- |
+| id  | The Azure identification string of the created RTB  |
+| name | The name of the subnet if creating only one |
+| count | The number of subnets created or queried |
+| ids | List of the ids of the created subnets |
+| id | Id of the first created subnet |
+| names | List of the names of the created subnets |
+| subnets | Object list for the created subnets |
+| acl_id | Id of the created network security group |
+| vnet_name | Name of the VNet where the subnets were provisioned (passthrough) |
+| vnet_id | Id of the VNet where the subnets were provisoned |
+| cidr_block | The list of CIDRs assigned to the subnets (passthrough) |
diff --git a/2-standard/1-aro/101-azure-vnet-std/docs/azure-vnet.md b/2-standard/1-aro/101-azure-vnet-std/docs/azure-vnet.md
new file mode 100644
index 0000000..5eeda7e
--- /dev/null
+++ b/2-standard/1-aro/101-azure-vnet-std/docs/azure-vnet.md
@@ -0,0 +1,59 @@
+# Azure Virtual Network
+
+## Module overview
+
+### Description
+
+Module to provision a virtual network on Azure
+
+**Note:** This module follows the Terraform conventions regarding how provider configuration is defined within the Terraform template and passed into the module - https://www.terraform.io/docs/language/modules/develop/providers.html. The default provider configuration flows through to the module. If different configuration is required for a module, it can be explicitly passed in the `providers` block of the module - https://www.terraform.io/docs/language/modules/develop/providers.html#passing-providers-explicitly.
+
+### Software dependencies
+
+The module depends on the following software components:
+
+#### Command-line tools
+
+- terraform >= v1.2.7
+
+#### Terraform providers
+
+- Azure provider >= 3.0.0
+
+### Module dependencies
+
+This module makes use of the output from other modules:
+
+- Resource group - github.com/cloud-native-toolkit/terraform-azure-resource-group
+
+### Example usage
+
+```hcl-terraform
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "=3.0.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+
+  subscription_id = var.subscription_id
+  client_id       = var.client_id
+  client_secret   = var.client_secret
+  tenant_id       = var.tenant_id
+}
+
+module "vpc" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-vnet"
+
+  resource_group_name = module.resource_group.name
+  region              = var.region
+  name_prefix         = var.name_prefix
+  address_prefix_count = 1
+  address_prefixes    = ["10.0.0.0/16"]
+}
+```
diff --git a/2-standard/1-aro/101-azure-vnet-std/docs/azure-vpn-server.md b/2-standard/1-aro/101-azure-vnet-std/docs/azure-vpn-server.md
new file mode 100644
index 0000000..3a86e3b
--- /dev/null
+++ b/2-standard/1-aro/101-azure-vnet-std/docs/azure-vpn-server.md
@@ -0,0 +1,193 @@
+# Azure VPN Server
+
+## Module overview
+
+Module creates an Azure VPN Server. It includes the following resources:
+- read local public key file
+- Azure VM creation via module with custom bootstrap script for VPN server
+- creation and application of VPN server configuration
+- creation and download of VPN client connection file
+
+### Software dependencies
+
+- terraform >= 1.2.6
+
+### Terraform providers
+
+- Azure provider >= 3.0.0
+
+### Module dependencies
+
+This modules makes use of the output from other modules:
+- Azure Resource Group - github.com/cloud-native-toolkit/terraform-azure-resource-group
+- Azure VNet - github.com/cloud-native-toolkit/terraform-azure-vnet
+- Azure Subnets - github.com/cloud-native-toolkit/terraform-azure-subnets
+- Azure SSH Key - github.com/cloud-native-toolkit/teraform-azure-ssh-key
+
+## Example Usage
+
+```hcl-terraform
+locals {
+  name_prefix     = "myexample"
+  region          = "eastus"
+  vnet_cidr       = "10.0.0.0/18"
+  subnet_cidrs    = cidrsubnets(local.vnet_cidr, 2, 2)
+  ingress_cidr    = local.subnet_cidrs[0]
+  internal_cidr   = local.subnet_cidrs[1]
+}
+
+module "resource_group" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-resource-group?ref=v1.1.1"
+
+  resource_group_name = "${local.name_prefix}-rg"
+  region              = local.region
+}
+
+module "vnet" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-vnet?ref=v1.1.3"
+
+  name_prefix         = local.name_prefix
+  resource_group_name = module.resource_group.name
+  region              = module.resource_group.region
+  address_prefixes    = [local.vnet_cidr]
+}
+
+module "ingress-subnet" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-subnets?ref=v1.3.7"
+
+  label               = "ingress"
+  resource_group_name = module.resource_group.name
+  region              = module.resource_group.region
+  vnet_name           = module.vnet.name
+  ipv4_cidr_blocks    = [local.ingress_cidr]
+  acl_rules           = []
+}
+
+module "internal-subnet" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-subnets?ref=v1.3.7"
+
+  label               = "internal"
+  resource_group_name = module.resource_group.name
+  region              = module.resource_group.region
+  vnet_name           = module.vnet.name
+  ipv4_cidr_blocks    = [local.internal_cidr]
+  acl_rules           = []
+}
+
+module "nsg" {
+    source = "github.com/cloud-native-toolkit/terraform-azure-nsg?ref=v1.0.5"
+
+
+    name_prefix           = local.name_prefix
+    resource_group_name   = module.resource_group.name
+    region                = module.resource_group.region
+    virtual_network_name  = module.vnet.name
+    subnet_ids            = [module.ingress-subnet.id]
+    acl_rules = [{
+          name                = "ssh-inbound"   // Required for VPN configuration
+          priority            = "102"
+          access              = "Allow"
+          protocol            = "Tcp"
+          direction           = "Inbound"
+          source_addr         = "*"
+          destination_addr    = "*"
+          source_ports        = "*"
+          destination_ports   = "22"
+        },{
+          name                = "vpn-inbound-tcp"
+          priority            = "103"
+          access              = "Allow"
+          protocol            = "Tcp"
+          direction           = "Inbound"
+          source_addr         = "*"
+          destination_addr    = "*"
+          source_ports        = "*"
+          destination_ports   = "443"
+        },{
+          name                = "vpn-inbound-udp"
+          priority            = "104"
+          access              = "Allow"
+          protocol            = "Udp"
+          direction           = "Inbound"
+          source_addr         = "*"
+          destination_addr    = "*"
+          source_ports        = "*"
+          destination_ports   = "1194"
+        }
+    ]
+}
+
+module "route-table" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-rtb?ref=v1.0.0"
+
+  name_prefix           = local.name_prefix
+  resource_group_name   = module.resource_group.name
+  region                = module.resource_group.region
+  subnet_ids            = [module.ingress-subnet.id, module.internal-subnet.id]
+
+  routes = [{
+    name                    = "internal-route"
+    address_prefix          = local.vnet_cidr
+    next_hop_type           = "VnetLocal"
+    next_hop_in_ip_address  = ""
+  }]
+}
+
+module "ssh-keys" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-ssh-key?ref=v1.0.6"
+
+  key_name            = "${local.name_prefix}-key"
+  resource_group_name = module.resource_group.name
+  region              = module.resource_group.region
+  store_path          = "${path.cwd}/.ssh"
+}
+
+module "vpn-server" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-vpn-server"
+  
+  name_prefix             = "${local.name_prefix}-vpn"
+  resource_group_name     = module.resource_group.name
+  virtual_network_name    = module.vnet.name
+  subnet_id               = module.ingress-subnet.id
+  pub_ssh_key_file        = module.ssh-keys.pub_key_file
+  private_key_file        = module.ssh-keys.private_key_file
+  private_network_cidrs   = [local.vnet_cidr]
+}
+```
+## Variables
+
+### Inputs
+
+This module has the following input variables:
+| Variable | Mandatory / Optional | Default Value | Description |
+| -------------------------------- | --------------| ------------------ | ----------------------------------------------------------------------------- |
+| resource_group_name | Mandatory |  | The resource group to which to associate the VPN Server  |
+| virtual_network_name | Mandatory |  | The virtual network to which to associate the VPN Server  |
+| subnet_id | Mandatory | | The id of the subnet to which to associate the VPN Server| 
+| pub_ssh_key_file | Mandatory | | Path to the public SSH key for VPN Server access. |
+| private_key_file | Mandatory | | Path to the private SSH key for VPN Server access. |
+| private_network_cidrs | Mandatory | | List of CIDRs in the private network reachable via the VPN server. |
+| private_dns | Optional | ["168.63.129.16"] | List of private DNS servers. |
+| name_prefix | Optional | open-vpn | Name to prefix resources created |
+| client_network | Optional | 172.27.224.0 | Network address for VPN clients (default = \"172.27.224.0\") |
+| client_network_bits | Optional | 24 | Number of netmask bits for the VPN client network (default = \"24\") |
+| private_ip_address_allocation_type | Optional | Dynamic | The Azure subnet private ip address alocation type - Dynamic or Static (default = \"Dynamic\") |
+| admin_username | Optional | azureuser | Username for the admin user (default = \"azureuser\") |
+| bootstrap_script | Mandatory | | Path to file with the bootstrap script (default = \"./template/user-data.sh\") |
+| vm_size | Optional | Standard_F2 | This is the size of Virtual Machine (defualt = \"Standard_F2\") |
+| storage_type | Optional | Standard_LRS | Storage account type |
+| vm_public_ip_sku | Optional | Standard | Public IP SKU Size (default = \"Standard\" |
+| vm_public_ip_allocation_method | Optional | Static | The Azure subnet Public ip address alocation type - Dynamic or Static (default = \"Static\" |
+
+### Outputs
+
+The module outputs the following values:
+| Output | Description |
+| -------------------------------- | -------------------------------------------------------------------------- |
+| id | The Id of the deployed vpn server |
+| vm_public_ip | The address of the public IP if created |
+| vm_public_fqdn | The FQDN of the public IP if created |
+| vm_private_ip | The address of the VM on the supplied subnet |
+| admin_username | The name of the administrator username |
+| client_config_file | VPN server client configuration file to connect vpn server |
+
diff --git a/2-standard/1-aro/101-azure-vnet-std/main.tf b/2-standard/1-aro/101-azure-vnet-std/main.tf
new file mode 100644
index 0000000..47a9ea4
--- /dev/null
+++ b/2-standard/1-aro/101-azure-vnet-std/main.tf
@@ -0,0 +1,114 @@
+module "ingress_subnet" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-subnets?ref=v1.3.9"
+
+  acl_rules = var.ingress_subnet_acl_rules == null ? null : jsondecode(var.ingress_subnet_acl_rules)
+  disable_private_link_endpoint_network_policies = var.ingress_subnet_disable_private_link_endpoint_network_policies
+  disable_private_link_service_network_policies = var.ingress_subnet_disable_private_link_service_network_policies
+  ipv4_cidr_blocks = var.ingress_subnet_ipv4_cidr_blocks == null ? null : jsondecode(var.ingress_subnet_ipv4_cidr_blocks)
+  label = var.ingress_subnet_label
+  provision = var.ingress_subnet_provision
+  region = var.region
+  resource_group_name = module.resource_group.name
+  service_endpoints = var.ingress_subnet_service_endpoints == null ? null : jsondecode(var.ingress_subnet_service_endpoints)
+  subnet_name = var.ingress_subnet_subnet_name
+  vnet_name = module.vnet.name
+}
+module "master_subnet" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-subnets?ref=v1.3.9"
+
+  acl_rules = var.master_subnet_acl_rules == null ? null : jsondecode(var.master_subnet_acl_rules)
+  disable_private_link_endpoint_network_policies = var.master_subnet_disable_private_link_endpoint_network_policies
+  disable_private_link_service_network_policies = var.master_subnet_disable_private_link_service_network_policies
+  ipv4_cidr_blocks = var.master_subnet_ipv4_cidr_blocks == null ? null : jsondecode(var.master_subnet_ipv4_cidr_blocks)
+  label = var.master_subnet_label
+  provision = var.master_subnet_provision
+  region = var.region
+  resource_group_name = module.resource_group.name
+  service_endpoints = var.master_subnet_service_endpoints == null ? null : jsondecode(var.master_subnet_service_endpoints)
+  subnet_name = var.master_subnet_subnet_name
+  vnet_name = module.vnet.name
+}
+module "nsg" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-nsg?ref=v1.0.5"
+
+  acl_rules = var.nsg_acl_rules == null ? null : jsondecode(var.nsg_acl_rules)
+  name = var.nsg_name
+  name_prefix = var.name_prefix
+  region = var.region
+  resource_group_name = module.resource_group.name
+  subnet_ids = module.ingress_subnet.ids
+  virtual_network_name = module.vnet.name
+}
+module "resource_group" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-resource-group?ref=v1.1.1"
+
+  provision = var.resource_group_provision
+  region = var.region
+  resource_group_name = var.resource_group_name
+  sync = var.resource_group_sync
+}
+module "ssh-keys" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-ssh-key?ref=v1.0.6"
+
+  algorithm = var.ssh-keys_algorithm
+  ecdsa_curve = var.ssh-keys_ecdsa_curve
+  key_name = var.ssh-keys_key_name
+  name_prefix = var.name_prefix
+  private_file_permissions = var.ssh-keys_private_file_permissions
+  public_file_permissions = var.ssh-keys_public_file_permissions
+  region = var.region
+  resource_group_name = module.resource_group.name
+  rsa_bits = var.ssh-keys_rsa_bits
+  ssh_key = var.ssh-keys_ssh_key
+  store_key_in_vault = var.ssh-keys_store_key_in_vault
+  store_path = var.ssh-keys_store_path
+}
+module "vnet" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-vnet?ref=v1.1.3"
+
+  address_prefix_count = var.vnet_address_prefix_count
+  address_prefixes = var.vnet_address_prefixes == null ? null : jsondecode(var.vnet_address_prefixes)
+  base_security_group_name = var.vnet_base_security_group_name
+  internal_cidr = var.vnet_internal_cidr
+  name = var.vnet_name
+  name_prefix = var.name_prefix
+  provision = var.vnet_provision
+  region = var.region
+  resource_group_name = module.resource_group.name
+}
+module "vpn-server" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-vpn-server?ref=v1.0.1"
+
+  admin_username = var.vpn-server_admin_username
+  bootstrap_script = var.vpn-server_bootstrap_script
+  client_network = var.vpn-server_client_network
+  client_network_bits = var.vpn-server_client_network_bits
+  name_prefix = var.vpn-server_name_prefix
+  private_dns = var.vpn-server_private_dns == null ? null : jsondecode(var.vpn-server_private_dns)
+  private_ip_address_allocation_type = var.vpn-server_private_ip_address_allocation_type
+  private_key_file = module.ssh-keys.private_key_file
+  private_network_cidrs = var.vpn-server_private_network_cidrs == null ? null : jsondecode(var.vpn-server_private_network_cidrs)
+  pub_ssh_key_file = module.ssh-keys.pub_key_file
+  resource_group_name = module.resource_group.name
+  storage_type = var.vpn-server_storage_type
+  subnet_id = module.ingress_subnet.id
+  virtual_network_name = module.vnet.name
+  vm_public_ip_allocation_method = var.vpn-server_vm_public_ip_allocation_method
+  vm_public_ip_sku = var.vpn-server_vm_public_ip_sku
+  vm_size = var.vpn-server_vm_size
+}
+module "worker_subnet" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-subnets?ref=v1.3.9"
+
+  acl_rules = var.worker_subnet_acl_rules == null ? null : jsondecode(var.worker_subnet_acl_rules)
+  disable_private_link_endpoint_network_policies = var.worker_subnet_disable_private_link_endpoint_network_policies
+  disable_private_link_service_network_policies = var.worker_subnet_disable_private_link_service_network_policies
+  ipv4_cidr_blocks = var.worker_subnet_ipv4_cidr_blocks == null ? null : jsondecode(var.worker_subnet_ipv4_cidr_blocks)
+  label = var.worker_subnet_label
+  provision = var.worker_subnet_provision
+  region = var.region
+  resource_group_name = module.resource_group.name
+  service_endpoints = var.worker_subnet_service_endpoints == null ? null : jsondecode(var.worker_subnet_service_endpoints)
+  subnet_name = var.worker_subnet_subnet_name
+  vnet_name = module.vnet.name
+}
diff --git a/2-standard/1-aro/101-azure-vnet-std/output.tf b/2-standard/1-aro/101-azure-vnet-std/output.tf
new file mode 100644
index 0000000..c2b1540
--- /dev/null
+++ b/2-standard/1-aro/101-azure-vnet-std/output.tf
@@ -0,0 +1,233 @@
+output "resource_group_name" {
+  description = "The name of the resource group"
+  value = module.resource_group.name
+}
+output "resource_group_id" {
+  description = "The id of the resource group"
+  value = module.resource_group.id
+}
+output "resource_group_group" {
+  description = "The resource group object"
+  value = module.resource_group.group
+}
+output "resource_group_provision" {
+  description = "Flag indicating whether the resource group was provisioned"
+  value = module.resource_group.provision
+}
+output "resource_group_sync" {
+  description = "Value used to order the provisioning of the resource group"
+  value = module.resource_group.sync
+}
+output "resource_group_region" {
+  description = "the value of resource_group_region"
+  value = module.resource_group.region
+}
+output "vnet_name" {
+  description = "The name of the VNet instance"
+  value = module.vnet.name
+}
+output "vnet_id" {
+  description = "The id of the VNet instance"
+  value = module.vnet.id
+}
+output "vnet_crn" {
+  description = "The CRN for the VNet instance"
+  value = module.vnet.crn
+}
+output "vnet_count" {
+  description = "The number of VPCs created by this module. Always set to 1"
+  value = module.vnet.count
+}
+output "vnet_names" {
+  description = "The name of the vpc instance"
+  value = module.vnet.names
+}
+output "vnet_ids" {
+  description = "The id of the vnet instance"
+  value = module.vnet.ids
+}
+output "vnet_addresses" {
+  description = "The ip address ranges for the VNet"
+  value = module.vnet.addresses
+}
+output "master_subnet_count" {
+  description = "The number of subnets created"
+  value = module.master_subnet.count
+}
+output "master_subnet_name" {
+  description = "The name prefix for the subnets"
+  value = module.master_subnet.name
+}
+output "master_subnet_ids" {
+  description = "List of the ids created"
+  value = module.master_subnet.ids
+}
+output "master_subnet_id" {
+  description = "The id of the first subnet"
+  value = module.master_subnet.id
+}
+output "master_subnet_names" {
+  description = "List of the subnet names"
+  value = module.master_subnet.names
+}
+output "master_subnet_subnets" {
+  description = "Object list of the subnets - id, zone and label."
+  value = module.master_subnet.subnets
+}
+output "master_subnet_acl_id" {
+  description = "Id of the created network security group"
+  value = module.master_subnet.acl_id
+}
+output "master_subnet_vnet_name" {
+  description = "Pass-through of the VNet name associated with the subnets"
+  value = module.master_subnet.vnet_name
+}
+output "master_subnet_vnet_id" {
+  description = "Pass-through of the VNet id associated with the subnets"
+  value = module.master_subnet.vnet_id
+}
+output "master_subnet_cidr_blocks" {
+  description = "List of the CIDR blocks assigned to the subnets"
+  value = module.master_subnet.cidr_blocks
+}
+output "worker_subnet_count" {
+  description = "The number of subnets created"
+  value = module.worker_subnet.count
+}
+output "worker_subnet_name" {
+  description = "The name prefix for the subnets"
+  value = module.worker_subnet.name
+}
+output "worker_subnet_ids" {
+  description = "List of the ids created"
+  value = module.worker_subnet.ids
+}
+output "worker_subnet_id" {
+  description = "The id of the first subnet"
+  value = module.worker_subnet.id
+}
+output "worker_subnet_names" {
+  description = "List of the subnet names"
+  value = module.worker_subnet.names
+}
+output "worker_subnet_subnets" {
+  description = "Object list of the subnets - id, zone and label."
+  value = module.worker_subnet.subnets
+}
+output "worker_subnet_acl_id" {
+  description = "Id of the created network security group"
+  value = module.worker_subnet.acl_id
+}
+output "worker_subnet_vnet_name" {
+  description = "Pass-through of the VNet name associated with the subnets"
+  value = module.worker_subnet.vnet_name
+}
+output "worker_subnet_vnet_id" {
+  description = "Pass-through of the VNet id associated with the subnets"
+  value = module.worker_subnet.vnet_id
+}
+output "worker_subnet_cidr_blocks" {
+  description = "List of the CIDR blocks assigned to the subnets"
+  value = module.worker_subnet.cidr_blocks
+}
+output "ingress_subnet_count" {
+  description = "The number of subnets created"
+  value = module.ingress_subnet.count
+}
+output "ingress_subnet_name" {
+  description = "The name prefix for the subnets"
+  value = module.ingress_subnet.name
+}
+output "ingress_subnet_ids" {
+  description = "List of the ids created"
+  value = module.ingress_subnet.ids
+}
+output "ingress_subnet_id" {
+  description = "The id of the first subnet"
+  value = module.ingress_subnet.id
+}
+output "ingress_subnet_names" {
+  description = "List of the subnet names"
+  value = module.ingress_subnet.names
+}
+output "ingress_subnet_subnets" {
+  description = "Object list of the subnets - id, zone and label."
+  value = module.ingress_subnet.subnets
+}
+output "ingress_subnet_acl_id" {
+  description = "Id of the created network security group"
+  value = module.ingress_subnet.acl_id
+}
+output "ingress_subnet_vnet_name" {
+  description = "Pass-through of the VNet name associated with the subnets"
+  value = module.ingress_subnet.vnet_name
+}
+output "ingress_subnet_vnet_id" {
+  description = "Pass-through of the VNet id associated with the subnets"
+  value = module.ingress_subnet.vnet_id
+}
+output "ingress_subnet_cidr_blocks" {
+  description = "List of the CIDR blocks assigned to the subnets"
+  value = module.ingress_subnet.cidr_blocks
+}
+output "nsg_id" {
+  description = "ID of the created network security group"
+  value = module.nsg.id
+}
+output "nsg_name" {
+  description = "Name of the created network security group"
+  value = module.nsg.name
+}
+output "ssh-keys_id" {
+  description = "Azure vault identification of the stored key"
+  value = module.ssh-keys.id
+}
+output "ssh-keys_pub_key" {
+  description = "Public key"
+  value = module.ssh-keys.pub_key
+}
+output "ssh-keys_pub_key_file" {
+  description = "File path of public key"
+  value = module.ssh-keys.pub_key_file
+}
+output "ssh-keys_private_key" {
+  description = "Private key"
+  value = module.ssh-keys.private_key
+  sensitive = true
+}
+output "ssh-keys_private_key_file" {
+  description = "File path of the private key"
+  value = module.ssh-keys.private_key_file
+}
+output "ssh-keys_path" {
+  description = "Path to where keys are stored in filesystem"
+  value = module.ssh-keys.path
+}
+output "ssh-keys_name" {
+  description = "Name of the key"
+  value = module.ssh-keys.name
+}
+output "vpn-server_id" {
+  description = "The Azure id of the created VPN server"
+  value = module.vpn-server.id
+}
+output "vpn-server_vm_public_ip" {
+  description = "The public IP address of the created VPN server"
+  value = module.vpn-server.vm_public_ip
+}
+output "vpn-server_vm_public_fqdn" {
+  description = "The FQDN of the public IP address"
+  value = module.vpn-server.vm_public_fqdn
+}
+output "vpn-server_admin_username" {
+  description = "The administrator username of the created VPN server"
+  value = module.vpn-server.admin_username
+}
+output "vpn-server_vm_private_ip" {
+  description = "The private IP address of the created VPN server"
+  value = module.vpn-server.vm_private_ip
+}
+output "vpn-server_client_config_file" {
+  description = "The full path and filename of the created VPN client connection file"
+  value = module.vpn-server.client_config_file
+}
diff --git a/2-standard/1-aro/101-azure-vnet-std/providers.tf b/2-standard/1-aro/101-azure-vnet-std/providers.tf
new file mode 100644
index 0000000..978f99b
--- /dev/null
+++ b/2-standard/1-aro/101-azure-vnet-std/providers.tf
@@ -0,0 +1,9 @@
+
+provider "azurerm" {
+  features {}
+
+  subscription_id = var.subscription_id
+  client_id = var.client_id
+  client_secret = var.client_secret
+  tenant_id = var.tenant_id
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/101-azure-vnet-std/terragrunt.hcl b/2-standard/1-aro/101-azure-vnet-std/terragrunt.hcl
new file mode 100644
index 0000000..b4cba33
--- /dev/null
+++ b/2-standard/1-aro/101-azure-vnet-std/terragrunt.hcl
@@ -0,0 +1,3 @@
+include "root" {
+  path = find_in_parent_folders()
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/101-azure-vnet-std/variables.tf b/2-standard/1-aro/101-azure-vnet-std/variables.tf
new file mode 100644
index 0000000..260d6b2
--- /dev/null
+++ b/2-standard/1-aro/101-azure-vnet-std/variables.tf
@@ -0,0 +1,304 @@
+variable "resource_group_name" {
+  type = string
+  description = "The name of the resource group"
+}
+variable "resource_group_provision" {
+  type = bool
+  description = "Flag indicating that the resource group should be created"
+  default = true
+}
+variable "resource_group_sync" {
+  type = string
+  description = "Value used to order the provisioning of the resource group"
+  default = ""
+}
+variable "region" {
+  type = string
+  description = "The Azure location where the resource group will be provisioned"
+}
+variable "subscription_id" {
+  type = string
+  description = "the value of subscription_id"
+}
+variable "client_id" {
+  type = string
+  description = "the value of client_id"
+}
+variable "client_secret" {
+  type = string
+  description = "the value of client_secret"
+}
+variable "tenant_id" {
+  type = string
+  description = "the value of tenant_id"
+}
+variable "vnet_name" {
+  type = string
+  description = "The name of the vpc instance"
+  default = ""
+}
+variable "name_prefix" {
+  type = string
+  description = "The name of the vpc resource"
+  default = ""
+}
+variable "vnet_provision" {
+  type = bool
+  description = "Flag indicating that the instance should be provisioned. If false then an existing instance will be looked up"
+  default = true
+}
+variable "vnet_address_prefix_count" {
+  type = number
+  description = "The number of ipv4_cidr_blocks"
+  default = 0
+}
+variable "vnet_address_prefixes" {
+  type = string
+  description = "List of ipv4 cidr blocks for the address prefixes (e.g. ['10.10.10.0/24']). If you are providing cidr blocks then a value must be provided for each of the subnets. If you don't provide cidr blocks for each of the subnets then values will be generated using the {ipv4_address_count} value."
+  default = "[\"10.0.0.0/20\"]"
+}
+variable "vnet_base_security_group_name" {
+  type = string
+  description = "The name of the base security group. If not provided the name will be based on the vpc name"
+  default = ""
+}
+variable "vnet_internal_cidr" {
+  type = string
+  description = "The cidr range of the internal network"
+  default = "10.0.0.0/8"
+}
+variable "master_subnet_subnet_name" {
+  type = string
+  description = "The name of the subnet instance"
+  default = ""
+}
+variable "master_subnet_label" {
+  type = string
+  description = "Label for the subnets created"
+  default = "master"
+}
+variable "master_subnet_provision" {
+  type = bool
+  description = "Flag indicating that the subnet should be provisioned. If 'false' then the subnet will be looked up."
+  default = true
+}
+variable "master_subnet_ipv4_cidr_blocks" {
+  type = string
+  description = "List of ipv4 cidr blocks for the subnets that will be created (e.g. ['10.10.10.0/24']). If you are providing cidr blocks then a value must be provided for each of the subnets. If you don't provide cidr blocks for each of the subnets then values will be generated using the {ipv4_address_count} value."
+  default = "[\"10.0.1.0/24\"]"
+}
+variable "master_subnet_acl_rules" {
+  type = string
+  description = "List of rules to set on the subnet access control list"
+  default = "[]"
+}
+variable "master_subnet_service_endpoints" {
+  type = string
+  description = "The list of service endpoints for the subnet"
+  default = "[\"Microsoft.ContainerRegistry\",\"Microsoft.Storage\"]"
+}
+variable "master_subnet_disable_private_link_endpoint_network_policies" {
+  type = bool
+  description = "Flag to disable private link endpoint network policies in the subnet."
+  default = true
+}
+variable "master_subnet_disable_private_link_service_network_policies" {
+  type = bool
+  description = "Flag to disable private link service network policies in the subnet."
+  default = true
+}
+variable "worker_subnet_subnet_name" {
+  type = string
+  description = "The name of the subnet instance"
+  default = ""
+}
+variable "worker_subnet_label" {
+  type = string
+  description = "Label for the subnets created"
+  default = "worker"
+}
+variable "worker_subnet_provision" {
+  type = bool
+  description = "Flag indicating that the subnet should be provisioned. If 'false' then the subnet will be looked up."
+  default = true
+}
+variable "worker_subnet_ipv4_cidr_blocks" {
+  type = string
+  description = "List of ipv4 cidr blocks for the subnets that will be created (e.g. ['10.10.10.0/24']). If you are providing cidr blocks then a value must be provided for each of the subnets. If you don't provide cidr blocks for each of the subnets then values will be generated using the {ipv4_address_count} value."
+  default = "[\"10.0.2.0/24\"]"
+}
+variable "worker_subnet_acl_rules" {
+  type = string
+  description = "List of rules to set on the subnet access control list"
+  default = "[]"
+}
+variable "worker_subnet_service_endpoints" {
+  type = string
+  description = "The list of service endpoints for the subnet"
+  default = "[\"Microsoft.ContainerRegistry\",\"Microsoft.Storage\"]"
+}
+variable "worker_subnet_disable_private_link_endpoint_network_policies" {
+  type = bool
+  description = "Flag to disable private link endpoint network policies in the subnet."
+  default = false
+}
+variable "worker_subnet_disable_private_link_service_network_policies" {
+  type = bool
+  description = "Flag to disable private link service network policies in the subnet."
+  default = false
+}
+variable "ingress_subnet_subnet_name" {
+  type = string
+  description = "The name of the subnet instance"
+  default = ""
+}
+variable "ingress_subnet_label" {
+  type = string
+  description = "Label for the subnets created"
+  default = "ingress"
+}
+variable "ingress_subnet_provision" {
+  type = bool
+  description = "Flag indicating that the subnet should be provisioned. If 'false' then the subnet will be looked up."
+  default = true
+}
+variable "ingress_subnet_ipv4_cidr_blocks" {
+  type = string
+  description = "List of ipv4 cidr blocks for the subnets that will be created (e.g. ['10.10.10.0/24']). If you are providing cidr blocks then a value must be provided for each of the subnets. If you don't provide cidr blocks for each of the subnets then values will be generated using the {ipv4_address_count} value."
+  default = "[\"10.0.3.0/24\"]"
+}
+variable "ingress_subnet_acl_rules" {
+  type = string
+  description = "List of rules to set on the subnet access control list"
+  default = "[]"
+}
+variable "ingress_subnet_service_endpoints" {
+  type = string
+  description = "The list of service endpoints for the subnet"
+  default = "[\"Microsoft.ContainerRegistry\"]"
+}
+variable "ingress_subnet_disable_private_link_endpoint_network_policies" {
+  type = bool
+  description = "Flag to disable private link endpoint network policies in the subnet."
+  default = false
+}
+variable "ingress_subnet_disable_private_link_service_network_policies" {
+  type = bool
+  description = "Flag to disable private link service network policies in the subnet."
+  default = false
+}
+variable "nsg_name" {
+  type = string
+  description = "Name for network security group - replaces name_prefix (default = \"\")"
+  default = ""
+}
+variable "nsg_acl_rules" {
+  type = string
+  description = "List of rules to set on the subnet access control list"
+  default = "[{\"name\":\"ssh-inbound\",\"priority\":\"101\",\"access\":\"Allow\",\"protocol\":\"Tcp\",\"direction\":\"Inbound\",\"source_addr\":\"*\",\"destination_addr\":\"*\",\"source_ports\":\"*\",\"destination_ports\":\"22\"},{\"name\":\"vpn-inbound-tcp\",\"priority\":\"102\",\"access\":\"Allow\",\"protocol\":\"Tcp\",\"direction\":\"Inbound\",\"source_addr\":\"*\",\"destination_addr\":\"*\",\"source_ports\":\"*\",\"destination_ports\":\"443\"},{\"name\":\"vpn-inbound-udp\",\"priority\":\"103\",\"access\":\"Allow\",\"protocol\":\"Udp\",\"direction\":\"Inbound\",\"source_addr\":\"*\",\"destination_addr\":\"*\",\"source_ports\":\"*\",\"destination_ports\":\"1194\"}]"
+}
+variable "ssh-keys_key_name" {
+  type = string
+  description = "Name to give to SSH key"
+  default = ""
+}
+variable "ssh-keys_store_path" {
+  type = string
+  description = "Path to directory in which to store keys (will default to current working directory)"
+  default = ""
+}
+variable "ssh-keys_public_file_permissions" {
+  type = string
+  description = "Permissions to be set on public key files (default = 0600)"
+  default = "0600"
+}
+variable "ssh-keys_private_file_permissions" {
+  type = string
+  description = "Permissions to be set on public key files (default = 0400)"
+  default = "0400"
+}
+variable "ssh-keys_store_key_in_vault" {
+  type = bool
+  description = "Flag to storage the generated or supplied key in the Azure vault"
+  default = true
+}
+variable "ssh-keys_ssh_key" {
+  type = string
+  description = "Path to existing public key to be used. Will be created if empty. (Default empty string)"
+  default = ""
+}
+variable "ssh-keys_algorithm" {
+  type = string
+  description = "Algorithim to be utilized if creating a new key (RSA, ECDSA or ED25519, default = RSA)"
+  default = "RSA"
+}
+variable "ssh-keys_rsa_bits" {
+  type = number
+  description = "Number of bits to use for RSA key (default = 4096)"
+  default = 4096
+}
+variable "ssh-keys_ecdsa_curve" {
+  type = string
+  description = "ECDSA Curve value to be utilized for ECDSA key (P224, P256, P521, default = P224)"
+  default = "P224"
+}
+variable "vpn-server_private_network_cidrs" {
+  type = string
+  description = "List of CIDRs in the private network reachable via the VPN server."
+  default = "[\"10.0.0.0/20\"]"
+}
+variable "vpn-server_private_dns" {
+  type = string
+  description = "List of private DNS servers"
+  default = "[\"168.63.129.16\"]"
+}
+variable "vpn-server_name_prefix" {
+  type = string
+  description = "Name to prefix resources created"
+  default = "open-vpn"
+}
+variable "vpn-server_client_network" {
+  type = string
+  description = "Network address for VPN clients (default = \"172.27.224.0\")"
+  default = "172.27.224.0"
+}
+variable "vpn-server_client_network_bits" {
+  type = string
+  description = "Number of netmask bits for the VPN client network (default = \"24\")"
+  default = "24"
+}
+variable "vpn-server_private_ip_address_allocation_type" {
+  type = string
+  description = "The Azure subnet private ip address alocation type - Dynamic or Static (default = \"Dynamic\")"
+  default = "Dynamic"
+}
+variable "vpn-server_admin_username" {
+  type = string
+  description = "Username for the admin user (default = \"adminuser\")"
+  default = "azureuser"
+}
+variable "vpn-server_bootstrap_script" {
+  type = string
+  description = "Path to file with the bootstrap script (default = \"./template/user-data.sh\")"
+  default = ""
+}
+variable "vpn-server_vm_size" {
+  type = string
+  description = "This is the size of Virtual Machine (defualt = \"Standard_F2\")"
+  default = "Standard_B1s"
+}
+variable "vpn-server_storage_type" {
+  type = string
+  description = "Storage account type (default = \"StandardSSD_LRS\")"
+  default = "StandardSSD_LRS"
+}
+variable "vpn-server_vm_public_ip_sku" {
+  type = string
+  description = "Public IP SKU Size (default = \"Standard\")"
+  default = "Standard"
+}
+variable "vpn-server_vm_public_ip_allocation_method" {
+  type = string
+  description = "The Azure subnet Public ip address alocation type - Dynamic or Static (default = \"Dynamic\")"
+  default = "Static"
+}
diff --git a/2-standard/1-aro/101-azure-vnet-std/version.tf b/2-standard/1-aro/101-azure-vnet-std/version.tf
new file mode 100644
index 0000000..eb2f15f
--- /dev/null
+++ b/2-standard/1-aro/101-azure-vnet-std/version.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source = "hashicorp/azurerm"
+    }
+
+  }
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/105-azure-aro-std/105-azure-aro-std.auto.tfvars b/2-standard/1-aro/105-azure-aro-std/105-azure-aro-std.auto.tfvars
new file mode 100644
index 0000000..e367246
--- /dev/null
+++ b/2-standard/1-aro/105-azure-aro-std/105-azure-aro-std.auto.tfvars
@@ -0,0 +1,21 @@
+## resource_group_name: The name of the resource group
+#resource_group_name=""
+
+## region: The Azure location where the resource group will be provisioned
+#region=""
+
+## subscription_id: the value of subscription_id
+#subscription_id=""
+
+## client_id: the value of client_id
+#client_id=""
+
+## client_secret: the value of client_secret
+#client_secret=""
+
+## tenant_id: the value of tenant_id
+#tenant_id=""
+
+## name_prefix: The name of the vpc resource
+#name_prefix=""
+
diff --git a/2-standard/1-aro/105-azure-aro-std/apply.sh b/2-standard/1-aro/105-azure-aro-std/apply.sh
new file mode 100755
index 0000000..cc88204
--- /dev/null
+++ b/2-standard/1-aro/105-azure-aro-std/apply.sh
@@ -0,0 +1,118 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR=$(cd $(dirname $0); pwd -P)
+
+VARIABLES_FILE="${1}"
+if [[ -z "${VARIABLES_FILE}" ]]; then
+  VARIABLES_FILE="variables.yaml"
+fi
+
+YQ=$(command -v yq4 || command -v yq)
+if [[ -z "${YQ}" ]] || [[ $(${YQ} --version | sed -E "s/.*version ([34]).*/\1/g") == "3" ]]; then
+  echo "yq v4 is required"
+  exit 1
+fi
+
+if ! command -v jq 1> /dev/null 2> /dev/null; then
+  echo "jq is required"
+  exit 1
+fi
+
+CREDENTIALS_PROPERTIES="credentials.properties"
+TERRAFORM_TFVARS="terraform/terraform.tfvars"
+
+if [[ -f "${TERRAFORM_TFVARS}" ]]; then
+  cp "${TERRAFORM_TFVARS}" "${TERRAFORM_TFVARS}.backup"
+  rm "${TERRAFORM_TFVARS}"
+fi
+
+if [[ -f "${CREDENTIALS_PROPERTIES}" ]]; then
+  cp "${CREDENTIALS_PROPERTIES}" "${CREDENTIALS_PROPERTIES}.backup"
+  rm "${CREDENTIALS_PROPERTIES}"
+fi
+touch "${CREDENTIALS_PROPERTIES}"
+
+if [[ ! -f "${VARIABLES_FILE}" ]]; then
+  echo "Variables can be provided in a yaml file passed as the first argument"
+  echo ""
+fi
+
+TMP_VARIABLES_FILE="${VARIABLES_FILE}.tmp"
+
+echo "variables: []" > ${TMP_VARIABLES_FILE}
+
+function process_variable () {
+  local name="$1"
+  local default_value="$2"
+  local sensitive="$3"
+  local description="$4"
+
+  local variable_name="TF_VAR_${name}"
+
+  environment_variable=$(env | grep "${variable_name}" | sed -E 's/.*=(.*).*/\1/g')
+  value="${environment_variable}"
+  if [[ -f "${VARIABLES_FILE}" ]]; then
+    value=$(cat "${VARIABLES_FILE}" | NAME="${name}" ${YQ} e -o json '.variables[] | select(.name == env(NAME)) | .value // ""' - | jq -c -r '.')
+    if [[ -z "${value}" ]]; then
+      value="${environment_variable}"
+    fi
+  fi
+
+  while [[ -z "${value}" ]]; do
+    echo "Provide a value for '${name}':"
+    if [[ -n "${description}" ]]; then
+      echo "  ${description}"
+    fi
+    sensitive_flag=""
+    if [[ "${sensitive}" == "true" ]]; then
+      sensitive_flag="-s"
+    fi
+    default_prompt=""
+    if [[ -n "${default_value}" ]]; then
+      default_prompt="(${default_value}) "
+    fi
+    read -u 1 ${sensitive_flag} -p "> ${default_prompt}" value
+    value=${value:-$default_value}
+  done
+
+  output_value=$(echo "${value}" | sed 's/"/\\"/g')
+
+  if [[ "${sensitive}" != "true" ]]; then
+    echo "${name} = \"${output_value}\"" >> "${TERRAFORM_TFVARS}"
+    NAME="${name}" VALUE="${value}" ${YQ} e -i -P '.variables += [{"name": env(NAME), "value": env(VALUE)}]' "${TMP_VARIABLES_FILE}"
+  else
+    echo "export ${name}=\"${output_value}\"" >> "${CREDENTIALS_PROPERTIES}"
+  fi
+}
+
+cat "bom.yaml" | ${YQ} e '.spec.variables[] | .name' - | while read name; do
+  variable=$(cat "bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME))' -)
+
+  default_value=$(echo "${variable}" | ${YQ} e -o json '.defaultValue // ""' - | jq -c -r '.')
+  sensitive=$(echo "${variable}" | ${YQ} e '.sensitive // false' -)
+  description=$(echo "${variable}" | ${YQ} e '.description // ""' -)
+
+  process_variable "${name}" "${default_value}" "${sensitive}" "${description}"
+done
+
+cat "${VARIABLES_FILE}" | ${YQ} e '.variables[]' -o json - | jq -c '.' | while read var; do
+  name=$(echo "${var}" | jq -r '.name')
+
+  value=$(echo "${var}" | jq -r '.value // empty')
+  sensitive=$(echo "${var}" | jq -r '.sensitive')
+
+  bom_var=$(cat bom.yaml | ${YQ} e '.spec.variables[]' -o json - | jq --arg NAME "${name}" -c 'select(.name == $NAME)')
+
+  if [[ -z "${bom_var}" ]]; then
+    process_variable "${name}" "${value}" "${sensitive}" ""
+  fi
+done
+
+cp "${TMP_VARIABLES_FILE}" "${VARIABLES_FILE}"
+rm "${TMP_VARIABLES_FILE}"
+
+source credentials.properties
+
+cd terraform
+terraform init
+terraform apply
diff --git a/2-standard/1-aro/105-azure-aro-std/bom.yaml b/2-standard/1-aro/105-azure-aro-std/bom.yaml
new file mode 100644
index 0000000..6e064ba
--- /dev/null
+++ b/2-standard/1-aro/105-azure-aro-std/bom.yaml
@@ -0,0 +1,75 @@
+apiVersion: cloud.ibm.com/v1alpha1
+kind: BillOfMaterial
+metadata:
+  name: 105-azure-aro-std
+  labels:
+    type: infrastructure
+    platform: azure
+    code: '105'
+  annotations:
+    displayName: Azure Red Hat OpenShift (ARO) Quickstart
+    description: Azure ARO for Standard Architecture
+    vpn/required: 'true'
+spec:
+  modules:
+    - name: azure-resource-group
+      alias: resource_group
+      version: v1.1.1
+      variables:
+        - name: provision
+          value: false
+    - name: azure-vnet
+      alias: vnet
+      version: v1.1.3
+      variables:
+        - name: provision
+          value: false
+    - name: azure-vnet-subnets
+      alias: master-subnet
+      version: v1.3.9
+      variables:
+        - name: label
+          value: master
+        - name: provision
+          value: false
+    - name: azure-vnet-subnets
+      alias: worker-subnet
+      version: v1.3.9
+      variables:
+        - name: label
+          value: worker
+        - name: provision
+          value: false
+    - name: azure-aro
+      alias: cluster
+      version: v1.0.0
+      dependencies:
+        - name: master-subnet
+          ref: master-subnet
+        - name: worker-subnet
+          ref: worker-subnet
+      variables:
+        - name: master_subnet_id
+          ref: master-subnet
+        - name: worker_subnet_id
+          ref: worker-subnet
+  variables:
+    - name: resource_group_name
+      type: string
+      description: The name of the resource group
+    - name: region
+      type: string
+      description: The Azure location where the resource group will be provisioned
+    - name: subscription_id
+      type: string
+    - name: client_id
+      type: string
+    - name: client_secret
+      type: string
+      sensitive: true
+    - name: tenant_id
+      type: string
+    - name: name_prefix
+      type: string
+      description: The name of the vpc resource
+      defaultValue: ''
diff --git a/2-standard/1-aro/105-azure-aro-std/dependencies.dot b/2-standard/1-aro/105-azure-aro-std/dependencies.dot
new file mode 100644
index 0000000..1713015
--- /dev/null
+++ b/2-standard/1-aro/105-azure-aro-std/dependencies.dot
@@ -0,0 +1,17 @@
+digraph {
+    rankdir="BT"
+    "resource_group (azure-resource-group)"
+"vnet (azure-vnet)" -> "resource_group (azure-resource-group)"
+"vnet (azure-vnet)"
+"master-subnet (azure-vnet-subnets)" -> "resource_group (azure-resource-group)"
+"master-subnet (azure-vnet-subnets)" -> "vnet (azure-vnet)"
+"master-subnet (azure-vnet-subnets)"
+"worker-subnet (azure-vnet-subnets)" -> "resource_group (azure-resource-group)"
+"worker-subnet (azure-vnet-subnets)" -> "vnet (azure-vnet)"
+"worker-subnet (azure-vnet-subnets)"
+"cluster (azure-aro)" -> "resource_group (azure-resource-group)"
+"cluster (azure-aro)" -> "vnet (azure-vnet)"
+"cluster (azure-aro)" -> "master-subnet (azure-vnet-subnets)"
+"cluster (azure-aro)" -> "worker-subnet (azure-vnet-subnets)"
+"cluster (azure-aro)"
+  }
\ No newline at end of file
diff --git a/2-standard/1-aro/105-azure-aro-std/destroy.sh b/2-standard/1-aro/105-azure-aro-std/destroy.sh
new file mode 100755
index 0000000..7c27549
--- /dev/null
+++ b/2-standard/1-aro/105-azure-aro-std/destroy.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR=$(cd $(dirname $0); pwd -P)
+
+cd "${SCRIPT_DIR}/terraform"
+terraform init
+terraform destroy -auto-approve
diff --git a/2-standard/1-aro/105-azure-aro-std/docs/azure-aro.md b/2-standard/1-aro/105-azure-aro-std/docs/azure-aro.md
new file mode 100644
index 0000000..101f5c8
--- /dev/null
+++ b/2-standard/1-aro/105-azure-aro-std/docs/azure-aro.md
@@ -0,0 +1,180 @@
+# Azure Red Hat OpenShift module
+
+## Module Overview
+
+Module creates an Azure RedHat OpenShift (ARO) cluster. It includes the following resources:
+- terraform-util-clis (to setup CLI utils for build)
+- random_domain
+- terraform-azure-resource-group (to create a resource group for the ARO cluster)
+- null_resource_aro (creates and destroys the cluster)
+
+### Software dependencies
+
+- terraform CLI >= 1.2.6
+- Azure CLI (az) >= 2.39.0
+
+### Terraform providers
+
+- Terraform >= 0.15.0
+- Azure provider >= 3.0.0
+
+### Module dependencies
+
+This module makes use of the output from other modules:
+- Azure Resource Group = github.com/cloud-native-toolkit/terraform-azure-resource-group
+- Azure VNet - github.com/cloud-native-toolkit/terraform-azure-vnet
+- Azure Subnets - github.com/cloud-native-toolkit/terraform-azure-subnets
+
+## Prerequisites
+
+### Option 1 - Use a service principal 
+
+The service principal needs the following roles assigned
+- In the active directory, application and user administrator permissions
+
+  - User Administrator
+    1. From the Azure Active Directory page, go to Roles and administrators. 
+    1. Find user administrators
+    1. Add assignment
+
+  - Application administrator
+    1. Select the created service principal and assign role
+    1. Find Application administrator
+    1. Add assignment
+    1. Select the created service principal and assign role
+
+- In the subscription, application and user administrator
+  - User Administrator
+    1. Go to the subscription page.
+    1. Select Access Control (IAM)
+    1. Review Role assignments
+    1. Add role (+ Add)
+    1. Select "Add role assignment"
+    1. Search for User Access Administrator
+    1. Go to Members
+    1. Select Members (+ Select Members)
+    1. Choose the service principal
+    1. Review and assign
+
+  - Application Administrator
+    1. Go to the subscription page.
+    1. Select Access Control (IAM)
+    1. Review Role assignments
+    1. Add role (+ Add)
+    1. Select "Add role assignment"
+    1. Search for Application Administrator
+    1. Go to Members
+    1. Select Members (+ Select Members)
+    1. Choose the service principal
+    1. Review and assign
+
+### Option 2 - Login with your own user
+
+Functionality to support using your own user will be provided in a future release.
+
+## Example Usage
+
+```hcl-terraform
+module "resource_group" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-resource-group"
+
+  resource_group_name = "mytest-rg"
+  region              = var.region
+}
+
+module "vnet" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-vnet"
+
+  name_prefix         = "mytest"
+  resource_group_name = module.resource_group.name
+  region              = module.resource_group.region
+  address_prefixes    = ["10.0.0.0/18"]
+}
+
+module "worker-subnet" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-subnets"
+
+  resource_group_name = module.resource_group.name
+  region              = module.resource_group.region
+  vnet_name           = module.vnet.name
+  label               = "worker"
+  ipv4_cidr_blocks    = ["10.0.0.0/24"]
+  acl_rules           = []
+  service_endpoints   = ["Microsoft.ContainerRegistry","Microsoft.Storage"]
+}
+
+module "master-subnet" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-subnets"
+
+  resource_group_name = module.resource_group.name
+  region              = module.resource_group.region
+  vnet_name           = module.vnet.name
+  label               = "master"
+  ipv4_cidr_blocks    = ["10.0.1.0/24"]
+  acl_rules           = []
+  service_endpoints   = ["Microsoft.ContainerRegistry","Microsoft.Storage"]
+}
+
+module "aro" {
+  source               = "github.com/cloud-native-toolkit/terraform-azure-aro"
+
+  name_prefix           = "mytest"
+  
+  subscription_id       = var.azure_subscription_id
+  tenant_id             = var.azure_tenant_id
+  client_id             = var.service_principal_id
+  client_secret         = var.service_principal_secret
+
+  resource_group_name   = module.resource_group.name
+  region                = module.resource_group.region
+  vnet_name             = module.vnet.name
+  master_subnet_id      = module.master-subnet.id
+  worker_subent_id      = module.worker-subnet.id
+}
+```
+
+## Variables
+
+### Inputs
+
+### Inputs
+
+This module has the following input variables:
+| Variable | Mandatory / Optional | Default Value | Description |
+| -------------------------------- | --------------| ------------------ | ----------------------------------------------------------------------------- |
+| resource_group_name | Mandatory |  | The resource group of the network (VNet and subnet) components. A new resource group will be created for the cluster.  |
+| region | | Manadatory | The Azure region/location where the cluster is to be deployed |
+| vnet_name | | Mandatory | The Azure VNet on which to create the cluster |
+| worker_subnet_id | | Mandatory | The id of the Azure subnet to attach the worker/compute nodes to |
+| master_subnet_id | | Mandatory | The id of the Azure subnet to attach the master/controller nodes to |
+| name_prefix | Mandatory | | Name to prefix the created resources |
+| subscription_id | Mandatory | | Azure subscription id where the cluster will be installed |
+| tenant_id | Mandatory | | Azure tenant id where the cluster will be installed |
+| client_id | Mandatory | | The id of the service principal to be used for the cluster creation and ongoing management |
+| client_secret | Mandatory | | The secret of the service principal to be used for the cluster creation and ongoing management |
+| name | "" | Optional | The name to give to the cluster. If left blank, the name will be generated from the name_prefix |
+| name_prefix | "" | Optional | The prefix for the cluster name. If left blank, the network resource group name will be used to derive the cluster name | 
+| master_flavor | Standard_D8s_v3 | Optional | The VM size for the master/controller nodes |
+| flavor | Standard_D4s_v3 | Optional | The VM size for the worker/compute nodes |
+| _count | 3 | Optional | The number of worker/compute nodes to be created (min 2) |
+| provision | true | Optional | Flag to determine whether to provison the cluster. If false, an existing cluster will be queried |
+| disable_public_endpoint | false | Optional | If set true, no public facing endpoints will be provisioned (used for private VNet deployments) |
+| pull_secret | "" | Optional | A Red Hat pull secret used to access a Red Hat account. If left blank and no pull secret file is provided, cluster will still deploy, but additional content will not be available |
+| pull_secret_file | "" | Optional | Path to a file containing a Red Hat pull secret used to access a Red Hat account. If left blank and no pull secret is provided, cluster will still deploy, but additional content will not be available |
+| label | cluster | Optional | Suffix to be added to the name_prefix to derive the cluster name if no name is provided |
+
+### Outputs
+
+The module outputs the following values:
+| Output | Description |
+| -------------------------------- | -------------------------------------------------------------------------- |
+| id | The Id of the cluster |
+| name | The name of the cluster |
+| resource_group_name | The resource group containing the cluster (as opposed to the network resource group) |
+| region | The Azure region/location containing the cluster |
+| config_file_path | The path to the OpenShift kube config file for the cluster |
+| token | The login token for the cluster |
+| username | The login username for the cluster |
+| password | The login password for the cluster |
+| serverURL | The API URL for the cluster |
+| platform | Object containing details of the cluster (refer to output.tf for details) |
\ No newline at end of file
diff --git a/2-standard/1-aro/105-azure-aro-std/docs/azure-resource-group.md b/2-standard/1-aro/105-azure-aro-std/docs/azure-resource-group.md
new file mode 100644
index 0000000..de8ba3c
--- /dev/null
+++ b/2-standard/1-aro/105-azure-aro-std/docs/azure-resource-group.md
@@ -0,0 +1,55 @@
+# Azure Resource Group
+
+## Module overview
+
+### Description
+
+This module provisions a resource group in Azure.
+
+**Note:** This module follows the Terraform conventions regarding how provider configuration is defined within the Terraform template and passed into the module - https://www.terraform.io/docs/language/modules/develop/providers.html. The default provider configuration flows through to the module. If different configuration is required for a module, it can be explicitly passed in the `providers` block of the module - https://www.terraform.io/docs/language/modules/develop/providers.html#passing-providers-explicitly.
+
+### Software dependencies
+
+The module depends on the following software components:
+
+#### Command-line tools
+
+- terraform >= v0.15
+
+#### Terraform providers
+
+- Azure provider >= 2.91.0
+
+### Module dependencies
+
+None
+
+### Example usage
+
+```hcl-terraform
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 2.91.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+
+  subscription_id = var.subscription_id
+  client_id       = var.client_id
+  client_secret   = var.client_secret
+  tenant_id       = var.tenant_id
+}
+
+module "resource_group" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-resource-group"
+
+  resource_group_name = var.resource_group_name
+  region              = var.region
+}
+```
+
diff --git a/2-standard/1-aro/105-azure-aro-std/docs/azure-vnet-subnets.md b/2-standard/1-aro/105-azure-aro-std/docs/azure-vnet-subnets.md
new file mode 100644
index 0000000..e648a22
--- /dev/null
+++ b/2-standard/1-aro/105-azure-aro-std/docs/azure-vnet-subnets.md
@@ -0,0 +1,118 @@
+# Azure VNet Subnets
+
+## Module overview
+
+### Description
+
+Module that provisions virtual network subnets on Azure, including the following resources:
+- subnet
+- network security group
+- security group subnet association
+
+The number of subnets created is controlled by the number of subnet CIDR's supplied and the provision flag. If the provison flag is set to false (it is true by default), the module will not provision anything and will only read the provided subnet name details (use the subnet_name variable to supply the subnet name).
+
+**Note:** This module follows the Terraform conventions regarding how provider configuration is defined within the Terraform template and passed into the module - https://www.terraform.io/docs/language/modules/develop/providers.html. The default provider configuration flows through to the module. If different configuration is required for a module, it can be explicitly passed in the `providers` block of the module - https://www.terraform.io/docs/language/modules/develop/providers.html#passing-providers-explicitly.
+
+### Software dependencies
+
+The module depends on the following software components:
+
+#### Command-line tools
+
+- terraform >= v0.15
+
+#### Terraform providers
+
+- Azure provider
+
+### Module dependencies
+
+This module makes use of the output from other modules:
+
+- Resource Group - github.com/cloud-native-toolkit/terraform-azure-resource-group
+- VNet - github.com/cloud-native-toolkit/terraform-azure-vnet
+
+### Example usage
+
+```hcl-terraform
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+
+  subscription_id = var.subscription_id
+  client_id       = var.client_id
+  client_secret   = var.client_secret
+  tenant_id       = var.tenant_id
+}
+
+module "subnets" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-subnets"
+
+  resource_group_name = module.resource_group.name
+  region = var.region
+  vpc_name = module.vpc.name
+  ipv4_cidr_blocks = ["10.1.1.0/24", "10.1.2.0/24", "10.1.3.0/24"]
+  acl_rules = [{
+    name = "ssh-inbound"
+    action = "Allow"
+    direction = "Inbound"
+    source = "*"
+    destination = "*"
+    tcp = {
+      destination_port_range = "22"
+      source_port_range = "*"
+    }
+  }, {
+    name = "internal-only"
+    action = "Allow"
+    direction = "Inbound"
+    source = "10.0.0.0/16"
+    destination = "10.0.0.0/24"
+    udp = {
+      destination_port_range = "1024 - 2048"
+      source_port_range = "*"
+    }
+  }]
+}
+```
+
+## Input Variables
+
+This module has the following input variables:
+| Variable | Mandatory / Optional | Default Value | Description |
+| -------------------------------- | --------------| ------------------ | ----------------------------------------------------------------------------- |
+| resource_group_name | Mandatory |  | The resource group into which to deploy or query |
+| region | Mandatory |  | Region into which to deploy or query |
+| vnet_name | Mandatory |  | Name of the VNet into which to deploy or query |
+| subnet_name | Optional | "" | Name of an existing subnet to query |
+| label | Optional | "" | Label to use in subnet names |
+| provision | Optional | true | Flag to provision new resources or query existing if false |
+| ipv4_cidr_blocks | Optional | [] | List of CIDRs for subnets to be created |
+| acl_rules | Optional | [] | List of rules to create and associate with the subent(s) |
+| service_endpoints | Optional | Microsoft.ContainerRegistry | List of service endpoints for the subnet(s)|
+| disable_private_link_endpoint_network_policies | Optional | false | Flag to disable private link endpoint network policies in the subnet(s) |
+| disable_private_link_service_network_policies | Optional | false | Flag to disable private link service network policies in the subnet(s) |
+
+## Output Variables
+
+This module has the following output variables:
+| Variable | Description |
+| -------------------------------- | ----------------------------------------------------------------------------- |
+| id  | The Azure identification string of the created RTB  |
+| name | The name of the subnet if creating only one |
+| count | The number of subnets created or queried |
+| ids | List of the ids of the created subnets |
+| id | Id of the first created subnet |
+| names | List of the names of the created subnets |
+| subnets | Object list for the created subnets |
+| acl_id | Id of the created network security group |
+| vnet_name | Name of the VNet where the subnets were provisioned (passthrough) |
+| vnet_id | Id of the VNet where the subnets were provisoned |
+| cidr_block | The list of CIDRs assigned to the subnets (passthrough) |
diff --git a/2-standard/1-aro/105-azure-aro-std/docs/azure-vnet.md b/2-standard/1-aro/105-azure-aro-std/docs/azure-vnet.md
new file mode 100644
index 0000000..5eeda7e
--- /dev/null
+++ b/2-standard/1-aro/105-azure-aro-std/docs/azure-vnet.md
@@ -0,0 +1,59 @@
+# Azure Virtual Network
+
+## Module overview
+
+### Description
+
+Module to provision a virtual network on Azure
+
+**Note:** This module follows the Terraform conventions regarding how provider configuration is defined within the Terraform template and passed into the module - https://www.terraform.io/docs/language/modules/develop/providers.html. The default provider configuration flows through to the module. If different configuration is required for a module, it can be explicitly passed in the `providers` block of the module - https://www.terraform.io/docs/language/modules/develop/providers.html#passing-providers-explicitly.
+
+### Software dependencies
+
+The module depends on the following software components:
+
+#### Command-line tools
+
+- terraform >= v1.2.7
+
+#### Terraform providers
+
+- Azure provider >= 3.0.0
+
+### Module dependencies
+
+This module makes use of the output from other modules:
+
+- Resource group - github.com/cloud-native-toolkit/terraform-azure-resource-group
+
+### Example usage
+
+```hcl-terraform
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "=3.0.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+
+  subscription_id = var.subscription_id
+  client_id       = var.client_id
+  client_secret   = var.client_secret
+  tenant_id       = var.tenant_id
+}
+
+module "vpc" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-vnet"
+
+  resource_group_name = module.resource_group.name
+  region              = var.region
+  name_prefix         = var.name_prefix
+  address_prefix_count = 1
+  address_prefixes    = ["10.0.0.0/16"]
+}
+```
diff --git a/2-standard/1-aro/105-azure-aro-std/main.tf b/2-standard/1-aro/105-azure-aro-std/main.tf
new file mode 100644
index 0000000..49d4ea7
--- /dev/null
+++ b/2-standard/1-aro/105-azure-aro-std/main.tf
@@ -0,0 +1,48 @@
+module "resource_group" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-resource-group?ref=v1.1.1"
+
+  provision = var.resource_group_provision
+  region = var.region
+  resource_group_name = var.resource_group_name
+  sync = var.resource_group_sync
+}
+module "vnet" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-vnet?ref=v1.1.3"
+
+  address_prefix_count = var.vnet_address_prefix_count
+  address_prefixes = var.vnet_address_prefixes == null ? null : jsondecode(var.vnet_address_prefixes)
+  base_security_group_name = var.vnet_base_security_group_name
+  internal_cidr = var.vnet_internal_cidr
+  name = var.vnet_name
+  name_prefix = var.name_prefix
+  provision = var.vnet_provision
+  region = var.region
+  resource_group_name = module.resource_group.name
+}
+
+// Below custom pending bug fix in subnet module
+
+module "cluster" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-aro?ref=v1.0.0"
+
+  name_prefix     = var.name_prefix
+
+  client_id       = var.client_id
+  client_secret   = var.client_secret
+  subscription_id = var.subscription_id
+  tenant_id       = var.tenant_id
+
+  disable_public_endpoint = true
+
+  pull_secret     = var.pull_secret
+
+  disk_size       = var.cluster_disk_size
+  flavor          = var.cluster_flavor
+  master_flavor   = var.cluster_master_flavor
+
+  region              = module.resource_group.region
+  resource_group_name = module.resource_group.name
+  vnet_name           = module.vnet.name
+  master_subnet_id    = var.master_subnet_id
+  worker_subnet_id    = var.worker_subnet_id
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/105-azure-aro-std/output.tf b/2-standard/1-aro/105-azure-aro-std/output.tf
new file mode 100644
index 0000000..7423b09
--- /dev/null
+++ b/2-standard/1-aro/105-azure-aro-std/output.tf
@@ -0,0 +1,51 @@
+
+output "cluster_id" {
+  description = "ID of the created cluster"
+  value = module.cluster.id
+}
+output "cluster_name" {
+  description = "Name of the cluster"
+  value = module.cluster.name
+}
+output "cluster_resource_group_name" {
+  description = "Name of the resource group containing the cluster."
+  value = module.cluster.resource_group_name
+}
+output "cluster_region" {
+  description = "Region containing the cluster."
+  value = module.cluster.region
+}
+output "cluster_config_file_path" {
+  description = "Path to the config file for the cluster"
+  value = module.cluster.config_file_path
+}
+output "cluster_token" {
+  description = "Login token for the cluster"
+  value = module.cluster.token
+}
+output "cluster_username" {
+  description = "Username for the cluster"
+  value = module.cluster.username
+}
+output "cluster_password" {
+  description = "Password for the cluster"
+  value = module.cluster.password
+  sensitive = true
+}
+output "cluster_serverURL" {
+  description = "The URL used to connect to the API of the cluster"
+  value = module.cluster.serverURL
+}
+output "cluster_platform" {
+  description = "Configuration values for the created cluster platform"
+  value = module.cluster.platform
+  sensitive = true
+}
+output "cluster_sync" {
+  description = "Value used to sync downstream modules"
+  value = module.cluster.sync
+}
+output "cluster_total_worker_count" {
+  description = "The total number of workers for the cluster. (subnets * number of workers)"
+  value = module.cluster.total_worker_count
+}
diff --git a/2-standard/1-aro/105-azure-aro-std/providers.tf b/2-standard/1-aro/105-azure-aro-std/providers.tf
new file mode 100644
index 0000000..978f99b
--- /dev/null
+++ b/2-standard/1-aro/105-azure-aro-std/providers.tf
@@ -0,0 +1,9 @@
+
+provider "azurerm" {
+  features {}
+
+  subscription_id = var.subscription_id
+  client_id = var.client_id
+  client_secret = var.client_secret
+  tenant_id = var.tenant_id
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/105-azure-aro-std/terragrunt.hcl b/2-standard/1-aro/105-azure-aro-std/terragrunt.hcl
new file mode 100644
index 0000000..17c2f14
--- /dev/null
+++ b/2-standard/1-aro/105-azure-aro-std/terragrunt.hcl
@@ -0,0 +1,32 @@
+include "root" {
+  path = find_in_parent_folders()
+}
+
+locals {
+  dependencies = yamldecode(file("${get_parent_terragrunt_dir()}/layers.yaml"))
+
+  dep_101 = local.dependencies.names_101
+  mock_101 = local.dependencies.mock_101
+  cluster_config_path = fileexists("${get_parent_terragrunt_dir()}/${local.dep_101}/terragrunt.hcl") ? "${get_parent_terragrunt_dir()}/${local.dep_101}" : "${get_parent_terragrunt_dir()}/.mocks/${local.mock_101}"
+
+}
+
+dependency "vnet" {
+  config_path = local.cluster_config_path
+  skip_outputs = false
+
+  mock_outputs_allowed_terraform_commands = ["init","validate","plan"]
+  mock_outputs = {
+    resource_group_name  = "fake-rg"
+    vnet_name            = "fake-vnet"
+    master_subnet_name   = "fake-master"
+    worker_subnet_name   = "fake-worker"
+  }    
+}
+
+inputs = {
+    resource_group_name  = dependency.vnet.outputs.resource_group_name
+    vnet_name            = dependency.vnet.outputs.vnet_name
+    master_subnet_id     = dependency.vnet.outputs.master_subnet_id
+    worker_subnet_id     = dependency.vnet.outputs.worker_subnet_id
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/105-azure-aro-std/variables.tf b/2-standard/1-aro/105-azure-aro-std/variables.tf
new file mode 100644
index 0000000..ed3fd1d
--- /dev/null
+++ b/2-standard/1-aro/105-azure-aro-std/variables.tf
@@ -0,0 +1,223 @@
+variable "master_subnet_id" {
+  type = string
+  description = "The id of the subnet instance"
+}
+variable "worker_subnet_id" {
+  type = string
+  description = "The id of the subnet instance"
+}
+variable "pull_secret" {
+  type = string
+  description = "The contents of the pull secret needed to access Red Hat content. The contents can either be provided directly or passed through the `pull_secret_file` variable"
+  default = ""
+}
+
+
+variable "resource_group_name" {
+  type = string
+  description = "The name of the resource group"
+}
+variable "resource_group_provision" {
+  type = bool
+  description = "Flag indicating that the resource group should be created"
+  default = false
+}
+variable "resource_group_sync" {
+  type = string
+  description = "Value used to order the provisioning of the resource group"
+  default = ""
+}
+variable "region" {
+  type = string
+  description = "The Azure location where the resource group will be provisioned"
+}
+variable "subscription_id" {
+  type = string
+  description = "the value of subscription_id"
+}
+variable "client_id" {
+  type = string
+  description = "the value of client_id"
+}
+variable "client_secret" {
+  type = string
+  description = "the value of client_secret"
+}
+variable "tenant_id" {
+  type = string
+  description = "the value of tenant_id"
+}
+variable "vnet_name" {
+  type = string
+  description = "The name of the vpc instance"
+  default = ""
+}
+variable "name_prefix" {
+  type = string
+  description = "The name of the vpc resource"
+}
+variable "vnet_provision" {
+  type = bool
+  description = "Flag indicating that the instance should be provisioned. If false then an existing instance will be looked up"
+  default = false
+}
+variable "vnet_address_prefix_count" {
+  type = number
+  description = "The number of ipv4_cidr_blocks"
+  default = 0
+}
+variable "vnet_address_prefixes" {
+  type = string
+  description = "List of ipv4 cidr blocks for the address prefixes (e.g. ['10.10.10.0/24']). If you are providing cidr blocks then a value must be provided for each of the subnets. If you don't provide cidr blocks for each of the subnets then values will be generated using the {ipv4_address_count} value."
+  default = "[]"
+}
+variable "vnet_base_security_group_name" {
+  type = string
+  description = "The name of the base security group. If not provided the name will be based on the vpc name"
+  default = ""
+}
+variable "vnet_internal_cidr" {
+  type = string
+  description = "The cidr range of the internal network"
+  default = "10.0.0.0/8"
+}
+variable "master-subnet_subnet_name" {
+  type = string
+  description = "The name of the subnet instance"
+  default = ""
+}
+variable "master-subnet_label" {
+  type = string
+  description = "Label for the subnets created"
+  default = "master"
+}
+variable "master-subnet_provision" {
+  type = bool
+  description = "Flag indicating that the subnet should be provisioned. If 'false' then the subnet will be looked up."
+  default = false
+}
+variable "master-subnet_ipv4_cidr_blocks" {
+  type = string
+  description = "List of ipv4 cidr blocks for the subnets that will be created (e.g. ['10.10.10.0/24']). If you are providing cidr blocks then a value must be provided for each of the subnets. If you don't provide cidr blocks for each of the subnets then values will be generated using the {ipv4_address_count} value."
+  default = "[]"
+}
+variable "master-subnet_acl_rules" {
+  type = string
+  description = "List of rules to set on the subnet access control list"
+  default = "[]"
+}
+variable "master-subnet_service_endpoints" {
+  type = string
+  description = "The list of service endpoints for the subnet"
+  default = "[\"Microsoft.ContainerRegistry\"]"
+}
+variable "master-subnet_disable_private_link_endpoint_network_policies" {
+  type = bool
+  description = "Flag to disable private link endpoint network policies in the subnet."
+  default = false
+}
+variable "master-subnet_disable_private_link_service_network_policies" {
+  type = bool
+  description = "Flag to disable private link service network policies in the subnet."
+  default = false
+}
+variable "worker-subnet_subnet_name" {
+  type = string
+  description = "The name of the subnet instance"
+  default = ""
+}
+variable "worker-subnet_label" {
+  type = string
+  description = "Label for the subnets created"
+  default = "worker"
+}
+variable "worker-subnet_provision" {
+  type = bool
+  description = "Flag indicating that the subnet should be provisioned. If 'false' then the subnet will be looked up."
+  default = false
+}
+variable "worker-subnet_ipv4_cidr_blocks" {
+  type = string
+  description = "List of ipv4 cidr blocks for the subnets that will be created (e.g. ['10.10.10.0/24']). If you are providing cidr blocks then a value must be provided for each of the subnets. If you don't provide cidr blocks for each of the subnets then values will be generated using the {ipv4_address_count} value."
+  default = "[]"
+}
+variable "worker-subnet_acl_rules" {
+  type = string
+  description = "List of rules to set on the subnet access control list"
+  default = "[]"
+}
+variable "worker-subnet_service_endpoints" {
+  type = string
+  description = "The list of service endpoints for the subnet"
+  default = "[\"Microsoft.ContainerRegistry\"]"
+}
+variable "worker-subnet_disable_private_link_endpoint_network_policies" {
+  type = bool
+  description = "Flag to disable private link endpoint network policies in the subnet."
+  default = false
+}
+variable "worker-subnet_disable_private_link_service_network_policies" {
+  type = bool
+  description = "Flag to disable private link service network policies in the subnet."
+  default = false
+}
+variable "cluster_openshift_version" {
+  type = string
+  description = "The version of the openshift cluster"
+  default = "4.8.11"
+}
+variable "cluster_master_flavor" {
+  type = string
+  description = "The size of the VMs for the master nodes"
+  default = "Standard_D8s_v3"
+}
+variable "cluster_flavor" {
+  type = string
+  description = "The size of the VMs for the worker nodes"
+  default = "Standard_D4s_v3"
+}
+variable "cluster__count" {
+  type = number
+  description = "The number of compute worker nodes"
+  default = 3
+}
+variable "cluster_os_type" {
+  type = string
+  description = "The type of os for the master and worker nodes"
+  default = "Linux"
+}
+variable "cluster_provision" {
+  type = bool
+  description = "Flag indicating the cluster should be provisioned. If the value is false then an existing cluster will be looked up"
+  default = true
+}
+variable "cluster_name" {
+  type = string
+  description = "The name of the ARO cluster. If empty the name will be derived from the name prefix"
+  default = ""
+}
+variable "cluster_auth_group_id" {
+  type = string
+  description = "The id of the auth group for cluster admins"
+  default = ""
+}
+variable "cluster_disable_public_endpoint" {
+  type = bool
+  description = "Flag to make the cluster private only"
+  default = false
+}
+variable "cluster_disk_size" {
+  type = number
+  description = "The size in GB of the disk for each worker node"
+  default = 128
+}
+variable "cluster_pull_secret_file" {
+  type = string
+  description = "Name of the file containing the pull secret needed to access Red Hat content. The contents can either be provided in this file or directly via the `pull_secret` variable"
+  default = ""
+}
+variable "cluster_label" {
+  type = string
+  description = "The label used to generate the cluster name"
+  default = "cluster"
+}
diff --git a/2-standard/1-aro/105-azure-aro-std/version.tf b/2-standard/1-aro/105-azure-aro-std/version.tf
new file mode 100644
index 0000000..eb2f15f
--- /dev/null
+++ b/2-standard/1-aro/105-azure-aro-std/version.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source = "hashicorp/azurerm"
+    }
+
+  }
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/200-openshift-gitops/200-openshift-gitops.auto.tfvars b/2-standard/1-aro/200-openshift-gitops/200-openshift-gitops.auto.tfvars
new file mode 100644
index 0000000..c46b96f
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/200-openshift-gitops.auto.tfvars
@@ -0,0 +1,27 @@
+## config_banner_text: The text that will appear in the top banner in the cluster
+#config_banner_text=""
+
+## server_url: The url for the OpenShift api
+#server_url=""
+
+## cluster_login_token: Token used for authentication
+#cluster_login_token=""
+
+## gitops_repo_host: The host for the git repository. The git host used can be a GitHub, GitHub Enterprise, Gitlab, Bitbucket, Gitea or Azure DevOps server. If the host is null assumes in-cluster Gitea instance will be used.
+#gitops_repo_host=""
+
+## gitops_repo_org: The org/group where the git repository exists/will be provisioned. If the value is left blank then the username org will be used.
+#gitops_repo_org=""
+
+## gitops_repo_project: The project that will be used for the git repo. (Primarily used for Azure DevOps repos)
+#gitops_repo_project=""
+
+## gitops_repo_username: The username of the user with access to the repository
+#gitops_repo_username=""
+
+## gitops_repo_token: The personal access token used to access the repository
+#gitops_repo_token=""
+
+## gitops_repo_repo: The short name of the repository (i.e. the part after the org/group name)
+#gitops_repo_repo=""
+
diff --git a/2-standard/1-aro/200-openshift-gitops/apply.sh b/2-standard/1-aro/200-openshift-gitops/apply.sh
new file mode 100755
index 0000000..e64c76a
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/apply.sh
@@ -0,0 +1,74 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR=$(cd $(dirname $0); pwd -P)
+
+VARIABLES_FILE="${1}"
+if [[ -z "${VARIABLES_FILE}" ]]; then
+  VARIABLES_FILE="${SCRIPT_DIR}/variables.yaml"
+fi
+
+YQ=$(command -v yq4 || command -v yq)
+if [[ -z "${YQ}" ]] || [[ $(${YQ} --version | sed -E "s/.*version ([34]).*/\1/g") == "3" ]]; then
+  echo "yq v4 is required"
+  exit 1
+fi
+
+if [[ -f "${SCRIPT_DIR}/terraform/terraform.tfvars" ]]; then
+  cp "${SCRIPT_DIR}/terraform/terraform.tfvars" "${SCRIPT_DIR}/terraform/terraform.tfvars.backup"
+  rm "${SCRIPT_DIR}/terraform/terraform.tfvars"
+fi
+
+if [[ ! -f "${VARIABLES_FILE}" ]]; then
+  echo "Variables can be provided in a yaml file passed as the first argument"
+  echo ""
+fi
+
+TMP_VARIABLES_FILE="${VARIABLES_FILE}.tmp"
+
+echo "variables: []" > ${TMP_VARIABLES_FILE}
+
+cat "${SCRIPT_DIR}/bom.yaml" | ${YQ} e '.spec.variables[] | .name' - | while read name; do
+  default_value=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .defaultValue // ""' -)
+  sensitive=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .sensitive // false' -)
+  description=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .description // ""' -)
+
+  variable_name="TF_VAR_${name}"
+
+  environment_variable=$(env | grep "${variable_name}" | sed -E 's/.*=(.*).*/\1/g')
+  value="${environment_variable}"
+  if [[ -f "${VARIABLES_FILE}" ]]; then
+    value=$(cat "${VARIABLES_FILE}" | NAME="${name}" ${YQ} e '.variables[] | select(.name == env(NAME)) | .value // ""' -)
+    if [[ -z "${value}" ]]; then
+      value="${environment_variable}"
+    fi
+  fi
+
+  while [[ -z "${value}" ]]; do
+    echo "Provide a value for '${name}':"
+    if [[ -n "${description}" ]]; then
+      echo "  ${description}"
+    fi
+    sensitive_flag=""
+    if [[ "${sensitive}" == "true" ]]; then
+      sensitive_flag="-s"
+    fi
+    default_prompt=""
+    if [[ -n "${default_value}" ]]; then
+      default_prompt="(${default_value}) "
+    fi
+    read -u 1 ${sensitive_flag} -p "> ${default_prompt}" value
+    value=${value:-$default_value}
+  done
+
+  echo "${name} = \"${value}\"" >> "${SCRIPT_DIR}/terraform/terraform.tfvars"
+  if [[ "${sensitive}" != "true" ]]; then
+    NAME="${name}" VALUE="${value}" ${YQ} e -i -P '.variables += [{"name": env(NAME), "value": env(VALUE)}]' "${TMP_VARIABLES_FILE}"
+  fi
+done
+
+cp "${TMP_VARIABLES_FILE}" "${VARIABLES_FILE}"
+rm "${TMP_VARIABLES_FILE}"
+
+cd ${SCRIPT_DIR}/terraform
+terraform init
+terraform apply
diff --git a/2-standard/1-aro/200-openshift-gitops/bom.yaml b/2-standard/1-aro/200-openshift-gitops/bom.yaml
new file mode 100644
index 0000000..d77ae60
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/bom.yaml
@@ -0,0 +1,102 @@
+apiVersion: cloud.ibm.com/v1alpha1
+kind: BillOfMaterial
+metadata:
+  name: 200-openshift-gitops
+  labels:
+    type: software
+    code: '200'
+  annotations:
+    displayName: OpenShift GitOps Bootstrap
+    description: >-
+      Provisions OpenShift GitOps (ArgoCD) into an existing cluster and
+      bootstraps it to a gitops repository
+    vpn/required: 'true'
+spec:
+  modules:
+    - name: gitops-cluster-config
+      alias: config
+      version: v1.1.1
+    - name: ocp-login
+      alias: cluster
+      version: v1.6.0
+    - name: namespace
+      alias: gitea_namespace
+      version: v3.2.3
+      variables:
+        - name: name
+          value: gitea
+    - name: gitea
+      alias: gitea
+      version: v0.5.0
+      dependencies:
+        - id: namespace
+          ref: gitea_namespace
+    - name: gitops-repo
+      alias: gitops_repo
+      version: v1.22.1
+    - name: argocd-bootstrap
+      alias: argocd-bootstrap
+      version: v1.12.0
+      variables:
+        - name: create_webhook
+          value: true
+    - name: gitops-console-link-job
+      alias: gitops-console-link-job
+      version: v1.5.1
+    - name: gitops-namespace
+      alias: toolkit_namespace
+      version: v1.12.2
+      default: true
+      variables:
+        - name: name
+          value: toolkit
+    - name: util-clis
+      version: v1.17.2
+    - name: olm
+      version: v1.3.2
+    - name: sealed-secret-cert
+      version: v1.0.1
+  variables:
+    - name: config_banner_text
+      type: string
+      description: The text that will appear in the top banner in the cluster
+    - name: server_url
+      type: string
+      description: The url for the OpenShift api
+    - name: cluster_login_token
+      type: string
+      description: Token used for authentication
+      sensitive: true
+    - name: gitops_repo_host
+      type: string
+      description: >-
+        The host for the git repository. The git host used can be a GitHub,
+        GitHub Enterprise, Gitlab, Bitbucket, Gitea or Azure DevOps server. If
+        the host is null assumes in-cluster Gitea instance will be used.
+      defaultValue: ''
+    - name: gitops_repo_org
+      type: string
+      description: >-
+        The org/group where the git repository exists/will be provisioned. If
+        the value is left blank then the username org will be used.
+      defaultValue: ''
+    - name: gitops_repo_project
+      type: string
+      description: >-
+        The project that will be used for the git repo. (Primarily used for
+        Azure DevOps repos)
+      defaultValue: ''
+    - name: gitops_repo_username
+      type: string
+      description: The username of the user with access to the repository
+      defaultValue: ''
+    - name: gitops_repo_token
+      type: string
+      description: The personal access token used to access the repository
+      defaultValue: ''
+      sensitive: true
+    - name: gitops_repo_repo
+      type: string
+      description: >-
+        The short name of the repository (i.e. the part after the org/group
+        name)
diff --git a/2-standard/1-aro/200-openshift-gitops/dependencies.dot b/2-standard/1-aro/200-openshift-gitops/dependencies.dot
new file mode 100644
index 0000000..89b4ec2
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/dependencies.dot
@@ -0,0 +1,30 @@
+digraph {
+    rankdir="BT"
+    "config (gitops-cluster-config)" -> "gitops_repo (gitops-repo)"
+"config (gitops-cluster-config)" -> "toolkit_namespace (gitops-namespace)"
+"config (gitops-cluster-config)"
+"gitops_repo (gitops-repo)" -> "sealed-secret-cert (sealed-secret-cert)"
+"gitops_repo (gitops-repo)" -> "gitea (gitea)"
+"gitops_repo (gitops-repo)"
+"sealed-secret-cert (sealed-secret-cert)"
+"gitea (gitea)" -> "cluster (ocp-login)"
+"gitea (gitea)" -> "olm (olm)"
+"gitea (gitea)" -> "gitea_namespace (namespace)"
+"gitea (gitea)"
+"cluster (ocp-login)"
+"olm (olm)" -> "cluster (ocp-login)"
+"olm (olm)"
+"gitea_namespace (namespace)" -> "cluster (ocp-login)"
+"gitea_namespace (namespace)"
+"toolkit_namespace (gitops-namespace)" -> "gitops_repo (gitops-repo)"
+"toolkit_namespace (gitops-namespace)"
+"argocd-bootstrap (argocd-bootstrap)" -> "cluster (ocp-login)"
+"argocd-bootstrap (argocd-bootstrap)" -> "olm (olm)"
+"argocd-bootstrap (argocd-bootstrap)" -> "gitops_repo (gitops-repo)"
+"argocd-bootstrap (argocd-bootstrap)" -> "sealed-secret-cert (sealed-secret-cert)"
+"argocd-bootstrap (argocd-bootstrap)"
+"gitops-console-link-job (gitops-console-link-job)" -> "gitops_repo (gitops-repo)"
+"gitops-console-link-job (gitops-console-link-job)" -> "toolkit_namespace (gitops-namespace)"
+"gitops-console-link-job (gitops-console-link-job)"
+"util-clis (util-clis)"
+  }
\ No newline at end of file
diff --git a/2-standard/1-aro/200-openshift-gitops/destroy.sh b/2-standard/1-aro/200-openshift-gitops/destroy.sh
new file mode 100755
index 0000000..7c27549
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/destroy.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR=$(cd $(dirname $0); pwd -P)
+
+cd "${SCRIPT_DIR}/terraform"
+terraform init
+terraform destroy -auto-approve
diff --git a/2-standard/1-aro/200-openshift-gitops/docs/argocd-bootstrap.md b/2-standard/1-aro/200-openshift-gitops/docs/argocd-bootstrap.md
new file mode 100644
index 0000000..539a41a
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/docs/argocd-bootstrap.md
@@ -0,0 +1,55 @@
+# ArgoCD Bootstrap module
+
+Module that provisions the OpenShift CI/CD tools (ArgoCD, Tekton, and Kube Seal) in the target cluster and bootstraps the ArgoCD environment with a GitOps repository. This module assumes that a direct connection to the cluster is availble in order to deploy the services and configure the ArgoCD instance.
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform - v15
+
+### Terraform providers
+
+None
+
+## Module dependencies
+
+This module makes use of the output from other modules:
+
+- Cluster
+    - github.com/cloud-native-toolkit/terraform-ibm-container-platform
+    - github.com/cloud-native-toolkit/terraform-ibm-ocp-vpc
+    - github.com/cloud-native-toolkit/terraform-k8s-ocp-cluster
+    - github.com/cloud-native-toolkit/terraform-ocp-login
+- OLM 
+    - github.com/cloud-native-toolkit/terraform-k8s-olm
+- GitOps 
+    - github.com/cloud-native-toolkit/terraform-tools-gitops
+- Sealed Secret Cert 
+    - github.com/cloud-native-toolkit/terraform-util-sealed-secret-cert
+
+## Example usage
+
+[Refer the test cases for this module](test/stages/stage2-argocd-bootstrap.tf) 
+
+```hcl-terraform
+module "argocd-bootsrap" {
+  source = "github.com/cloud-native-toolkit/terraform-tools-argocd-bootstrap.git"
+
+  cluster_type        = module.dev_cluster.platform.type_code
+  ingress_subdomain   = module.dev_cluster.platform.ingress
+  cluster_config_file = module.dev_cluster.config_file_path
+  olm_namespace       = module.dev_software_olm.olm_namespace
+  operator_namespace  = module.dev_software_olm.target_namespace
+  gitops_repo_url     = module.gitops.config_repo_url
+  git_username        = module.gitops.config_username
+  git_token           = module.gitops.config_token
+  bootstrap_path      = module.gitops.bootstrap_path
+  sealed_secret_cert  = module.cert.cert
+  sealed_secret_private_key = module.cert.private_key
+  create_webhook      = true
+}
+```
+
diff --git a/2-standard/1-aro/200-openshift-gitops/docs/gitea.md b/2-standard/1-aro/200-openshift-gitops/docs/gitea.md
new file mode 100644
index 0000000..a99e963
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/docs/gitea.md
@@ -0,0 +1,32 @@
+# Gitea terraform module
+
+![Latest release](https://img.shields.io/github/v/release/ibm-garage-cloud/terraform-tools-gitea?sort=semver) ![Verify and release module](https://github.com/ibm-garage-cloud/terraform-tools-gitea/workflows/Verify%20and%20release%20module/badge.svg)
+
+Installs Gitea in an Openshift 4.x cluster via the [Red Hat GPTE operator](https://github.com/redhat-gpte-devopsautomation/gitea-operator). This will **NOT** install Gitea in a vanilla Kubernetes cluster.
+
+## Software dependencies
+
+The module depends on the following software components:
+
+- terraform v12
+- kubectl
+
+## Module dependencies
+
+- Cluster
+- OLM
+
+## Example usage
+
+```hcl-terraform
+module "dev_tools_gitea" {
+  source = "github.com/ibm-garage-cloud/terraform-tools-gitea.git?ref=v1.0.0"
+
+  cluster_config_file = module.dev_cluster.config_file_path
+  cluster_type        = module.dev_cluster.type
+  olm_namespace       = module.dev_software_olm.olm_namespace
+  operator_namespace  = module.dev_software_olm.target_namespace
+  instance_namespace  = module.dev_cluster_namespaces.tools_namespace_name
+  name                = "gitea"
+}
+```
diff --git a/2-standard/1-aro/200-openshift-gitops/docs/gitops-cluster-config.md b/2-standard/1-aro/200-openshift-gitops/docs/gitops-cluster-config.md
new file mode 100644
index 0000000..8079c97
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/docs/gitops-cluster-config.md
@@ -0,0 +1,39 @@
+# Cluster config gitops module
+
+Module to populate a gitops repository with base configuration of the Red Hat OpenShift cluster (notification banner, help menus, etc).
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform - v14
+- kubectl
+
+### Terraform providers
+
+None
+
+## Module dependencies
+
+This module makes use of the output from other modules:
+
+- Gitops - github.com/cloud-native-toolkit/terraform-tools-gitops.git
+- Namespace - github.com/cloud-native-toolkit/terraform-gitops-namespace.git
+
+## Example usage
+
+```hcl-terraform
+module "cluster-config" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-cluster-config.git"
+
+  gitops_config = module.gitops.gitops_config
+  git_credentials = module.gitops.git_credentials
+  server_name = module.gitops.server_name
+  namespace = module.gitops_namespace.name
+  kubeseal_cert = module.argocd-bootstrap.sealed_secrets_cert
+  banner_text = var.banner_text
+}
+```
+
diff --git a/2-standard/1-aro/200-openshift-gitops/docs/gitops-console-link-job.md b/2-standard/1-aro/200-openshift-gitops/docs/gitops-console-link-job.md
new file mode 100644
index 0000000..4d25cc8
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/docs/gitops-console-link-job.md
@@ -0,0 +1,41 @@
+# Console Link Cronjob module
+
+Module that populates  gitops repository with the Console Link Cronjob chart from https://charts.cloudnativetoolkit.dev. The chart deploys a cron job into a cluster that runs periodically (every 5 minutes by default) looking for matching resources and creating cron jobs and config maps with the information. The matching resources include routes with the `console-link.cloud-native-toolkit.dev/enabled=true` label and `logdna-agent` and `sysdig-agent` daemonsets.
+
+This module uses the following Helm Charts from toolkit-charts( https://charts.cloudnativetoolkit.dev ) : https://github.com/cloud-native-toolkit/toolkit-charts/blob/main/stable/console-link-cronjob/README.md
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform >= v0.15
+
+### Terraform providers
+
+- None
+
+## Module dependencies
+
+This module makes use of the output from other modules:
+
+- GitOps - github.com/cloud-native-toolkit/terraform-tools-gitops.git
+- Namespace - github.com/cloud-native-toolkit/terraform-gitops-namespace.git.git
+
+## Example usage
+
+```hcl-terraform
+module "console_link_job" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-console-link-job.git"
+
+  config_repo = module.gitops.config_repo
+  config_token = module.gitops.config_token
+  config_paths = module.gitops.config_paths
+  config_projects = module.gitops.config_projects
+  application_repo = module.gitops.application_repo
+  application_token = module.gitops.application_token
+  application_paths = module.gitops.application_paths
+}
+```
+
diff --git a/2-standard/1-aro/200-openshift-gitops/docs/gitops-namespace.md b/2-standard/1-aro/200-openshift-gitops/docs/gitops-namespace.md
new file mode 100644
index 0000000..374abd1
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/docs/gitops-namespace.md
@@ -0,0 +1,41 @@
+# Namespace gitops config
+
+Module to configure a GitOps repo to provision a namespace
+
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform >= v0.15
+- git
+
+### Terraform providers
+
+- None
+
+## Module dependencies
+
+This module makes use of the output from other modules:
+
+- GitOps repo - github.com/cloud-native-toolkit/terraform-tools-gitops.git
+
+## Example usage
+
+```hcl-terraform
+module "gitops_namespace" {
+  source = "github.com/ibm-garage-cloud/terraform-gitops-namespace.git"
+
+  config_repo = module.gitops.config_repo
+  config_token = module.gitops.config_token
+  config_paths = module.gitops.config_paths
+  application_repo = module.gitops.application_repo
+  application_token = module.gitops.application_token
+  application_paths = module.gitops.application_paths
+  name = var.namespace
+  create_operator_group = false
+}
+```
+
diff --git a/2-standard/1-aro/200-openshift-gitops/docs/gitops-repo.md b/2-standard/1-aro/200-openshift-gitops/docs/gitops-repo.md
new file mode 100644
index 0000000..37846fd
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/docs/gitops-repo.md
@@ -0,0 +1,56 @@
+# GitOps repo module
+
+Module that prepares a GitOps repo for use with ArgoCD. If the `provision` flag is `true` then a new git repo will be provisioned. If not, the provided repo name is expected to already exist.
+
+After cloning the git repo, an initial directory structure is set up along with bootstrap configuration to perform the initial setup of ArgoCD.
+
+## Supported git servers
+
+The module supports creating a repository in one of six different git servers:
+
+- GitHub
+- GitHub Enterprise
+- Gitlab
+- Bitbucket
+- Gitea
+- Azure DevOps
+
+The selection of the git server type is determined by the value provided for the `host`.
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform >= v0.15
+- git
+
+### Terraform providers
+
+- None
+
+## Module dependencies
+
+This module makes use of the output from other modules:
+
+- None
+
+## Example usage
+
+```hcl-terraform
+module "git" {
+  source = "github.com/cloud-native-toolkit/terraform-tools-gitops"
+
+  host = var.git_host
+  org  = var.git_org
+  repo = var.git_repo
+  username = var.git_username
+  token = var.git_token
+  project = var.git_project
+  gitops_namespace = var.gitops_namespace
+  sealed_secrets_cert = module.cert.cert
+  strict = var.gitops_strict
+}
+```
+
diff --git a/2-standard/1-aro/200-openshift-gitops/docs/namespace.md b/2-standard/1-aro/200-openshift-gitops/docs/namespace.md
new file mode 100644
index 0000000..7e8c0d6
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/docs/namespace.md
@@ -0,0 +1,39 @@
+# Create Namespaces terraform module
+
+Creates the namespace with the provided name in the cluster. The namespace and 
+its contents will be destroyed first before creating the new namespace. Also, the `cloud-config` and
+`cloud-access` configmap and secret will be copied from the default namespace into the new 
+namespace.
+
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform - v12
+- kubectl
+
+### Terraform providers
+
+- null (provided by Terraform)
+
+## Module dependencies
+
+This module makes use of the output from other modules:
+
+- Cluster - github.com/ibm-garage-cloud/terraform-ibm-container-platform.git
+
+## Example usage
+
+```hcl-terraform
+module "namespace" {
+  source = "github.com/ibm-garage-cloud/terraform-k8s-namespace.git"
+
+  cluster_config_file_path = module.dev_cluster.config_file_path
+  name                     = var.namespace
+}
+```
+
+
diff --git a/2-standard/1-aro/200-openshift-gitops/docs/ocp-login.md b/2-standard/1-aro/200-openshift-gitops/docs/ocp-login.md
new file mode 100644
index 0000000..6e4ad22
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/docs/ocp-login.md
@@ -0,0 +1,36 @@
+# OCP Login
+
+Terraform module to log into a cluster and write the credentials into the kube config file. The file path is output by the module.
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform - v0.15
+
+### Terraform providers
+
+None
+
+## Module dependencies
+
+None
+
+## Example usage
+
+```hcl-terraform
+module "dev_tools_argocd" {
+  source = "github.com/ibm-garage-cloud/terraform-tools-argocd.git?ref=v1.0.0"
+
+  cluster_config_file = module.dev_cluster.config_file_path
+  cluster_type        = module.dev_cluster.type
+  app_namespace       = module.dev_cluster_namespaces.tools_namespace_name
+  ingress_subdomain   = module.dev_cluster.ingress_hostname
+  olm_namespace       = module.dev_software_olm.olm_namespace
+  operator_namespace  = module.dev_software_olm.target_namespace
+  name                = "argocd"
+}
+```
+
diff --git a/2-standard/1-aro/200-openshift-gitops/docs/olm.md b/2-standard/1-aro/200-openshift-gitops/docs/olm.md
new file mode 100644
index 0000000..4616b71
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/docs/olm.md
@@ -0,0 +1,29 @@
+# Operator Lifecycle Manager module
+
+Installs Operator Lifecycle Manager (OLM) into a cluster. However, if the cluster is OpenShift 4.x
+and already has OLM installed then the module does not install anything. It can still be used to export
+the olm namespaces for use by downstream modules.
+
+## Example usage
+
+```hcl-terraform
+module "dev_software_olm_release" {
+  source = "github.com/ibm-garage-cloud/garage-terraform-modules.git//self-managed/software/operator-lifecycle-manager?ref=olm"
+
+  cluster_config_file      = "~/.kube/config"
+  cluster_version          = "3.11"
+  cluster_type             = "ocp3"
+}
+```
+
+Another example
+
+```hcl-terraform
+module "dev_software_olm_release" {
+  source = "github.com/ibm-garage-cloud/garage-terraform-modules.git//self-managed/software/operator-lifecycle-manager?ref=olm"
+
+  cluster_config_file      = module.dev_cluster.config_file_path
+  cluster_version          = module.dev_cluster.version
+  cluster_type             = var.cluster_type
+}
+```
diff --git a/2-standard/1-aro/200-openshift-gitops/docs/sealed-secret-cert.md b/2-standard/1-aro/200-openshift-gitops/docs/sealed-secret-cert.md
new file mode 100644
index 0000000..7f81a1e
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/docs/sealed-secret-cert.md
@@ -0,0 +1,38 @@
+# Sealed Secret Cert module
+
+Module to collect or create a certificate and private key used with the sealed secrets service. The sealed secrets service
+is used to store confidential information in a GitOps repository as encrypted SealedSecret resources. When the SealedSecret
+resources are deployed to the cluster, the Kube Seal operator decrypts the contents of the SealedSecret and generates a 
+Secret.
+
+In order for the encryption process to work, the SealedSecret content must be encrypted using at public certificate and
+the Kube Seal process will decrypt the content using the matching private key that has been provided to the cluster as a 
+secret.
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform - v14
+
+### Terraform providers
+
+- tls provider
+
+## Module dependencies
+
+None
+
+## Example usage
+
+```hcl-terraform
+module "cert" {
+  source = "github.com/cloud-native-toolkit/terraform-util-sealed-secret-cert.git"
+
+  private_key_file = var.private_key_file
+  cert_file        = var.cert_file
+}
+```
+
diff --git a/2-standard/1-aro/200-openshift-gitops/docs/util-clis.md b/2-standard/1-aro/200-openshift-gitops/docs/util-clis.md
new file mode 100644
index 0000000..a30397d
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/docs/util-clis.md
@@ -0,0 +1,45 @@
+# CLI module
+
+Module to download CLIs into local bin directory. This module is primarily intended to be used as a submodule within other modules. The CLIs currently supported are:
+
+- jq (jq)
+- yq v3 and v4 (yq)
+- igc (igc)
+- kubeseal (kubeseal)
+- gh cli (gh)
+- glab cli (glab)
+- rosa cli (rosa)
+- kustomize cli (kustomize)
+- ibmcloud cli (ibmcloud)
+- ibmcloud infrastructure plugin (ibmcloud-is)
+- ibmcloud observe plugin (ibmcloud-ob)
+- ibmcloud kubernetes service plugin (ibmcloud-ks)
+- ibmcloud container registry plugin (ibmcloud-cr)
+- universal git client (gitu)
+- OpenShift Installer (openshift-install-4.x[.y])
+
+
+The module outputs the bin directory for use by other modules.
+
+**Note:** This module uses an external data source to setup the clis. External data sources have a limitation in terms of real-time feedback of progress. To increase the visibility of what the module is doing, the data source writes logs to `clis-debug.log` in the current working directory.
+
+### Command-line tools
+
+- curl
+
+### Terraform providers
+
+None
+
+## Module dependencies
+
+None
+
+## Example usage
+
+```hcl-terraform
+module "clis" {
+  source = "github.com/cloud-native-toolkit/terraform-util-clis.git"
+}
+```
+
diff --git a/2-standard/1-aro/200-openshift-gitops/main.tf b/2-standard/1-aro/200-openshift-gitops/main.tf
new file mode 100644
index 0000000..94704e7
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/main.tf
@@ -0,0 +1,129 @@
+module "argocd-bootstrap" {
+  source = "github.com/cloud-native-toolkit/terraform-tools-argocd-bootstrap?ref=v1.12.0"
+
+  bootstrap_path = module.gitops_repo.bootstrap_path
+  bootstrap_prefix = var.argocd-bootstrap_bootstrap_prefix
+  cluster_config_file = module.cluster.config_file_path
+  cluster_type = module.cluster.platform.type_code
+  create_webhook = var.argocd-bootstrap_create_webhook
+  git_token = module.gitops_repo.config_token
+  git_username = module.gitops_repo.config_username
+  gitops_repo_url = module.gitops_repo.config_repo_url
+  ingress_subdomain = module.cluster.platform.ingress
+  olm_namespace = module.olm.olm_namespace
+  operator_namespace = module.olm.target_namespace
+  sealed_secret_cert = module.sealed-secret-cert.cert
+  sealed_secret_private_key = module.sealed-secret-cert.private_key
+}
+module "cluster" {
+  source = "github.com/cloud-native-toolkit/terraform-ocp-login?ref=v1.6.0"
+
+  ca_cert = var.cluster_ca_cert
+  ca_cert_file = var.cluster_ca_cert_file
+  cluster_version = var.cluster_cluster_version
+  ingress_subdomain = var.cluster_ingress_subdomain
+  login_password = var.cluster_login_password
+  login_token = var.cluster_login_token
+  login_user = var.cluster_login_user
+  server_url = var.server_url
+  skip = var.cluster_skip
+  tls_secret_name = var.cluster_tls_secret_name
+}
+module "config" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-cluster-config?ref=v1.1.1"
+
+  banner_background_color = var.config_banner_background_color
+  banner_text = var.config_banner_text
+  banner_text_color = var.config_banner_text_color
+  git_credentials = module.gitops_repo.git_credentials
+  gitops_config = module.gitops_repo.gitops_config
+  namespace = module.toolkit_namespace.name
+  server_name = module.gitops_repo.server_name
+}
+module "gitea" {
+  source = "github.com/cloud-native-toolkit/terraform-tools-gitea?ref=v0.5.0"
+
+  ca_cert = module.cluster.ca_cert
+  ca_cert_file = var.gitea_ca_cert_file
+  cluster_config_file = module.cluster.config_file_path
+  cluster_type = module.cluster.platform.type_code
+  instance_name = var.gitea_instance_name
+  instance_namespace = module.gitea_namespace.name
+  olm_namespace = module.olm.olm_namespace
+  operator_namespace = module.olm.target_namespace
+  password = var.gitea_password
+  username = var.gitea_username
+}
+module "gitea_namespace" {
+  source = "github.com/cloud-native-toolkit/terraform-k8s-namespace?ref=v3.2.3"
+
+  cluster_config_file_path = module.cluster.config_file_path
+  create_operator_group = var.gitea_namespace_create_operator_group
+  name = var.gitea_namespace_name
+}
+module "gitops_repo" {
+  source = "github.com/cloud-native-toolkit/terraform-tools-gitops?ref=v1.22.1"
+
+  branch = var.gitops_repo_branch
+  debug = var.debug
+  gitea_host = module.gitea.host
+  gitea_org = module.gitea.org
+  gitea_token = module.gitea.token
+  gitea_username = module.gitea.username
+  gitops_namespace = var.gitops_repo_gitops_namespace
+  host = var.gitops_repo_host
+  org = var.gitops_repo_org
+  project = var.gitops_repo_project
+  public = var.gitops_repo_public
+  repo = var.gitops_repo_repo
+  sealed_secrets_cert = module.sealed-secret-cert.cert
+  server_name = var.gitops_repo_server_name
+  strict = var.gitops_repo_strict
+  token = var.gitops_repo_token
+  type = var.gitops_repo_type
+  username = var.gitops_repo_username
+}
+module "gitops-console-link-job" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-console-link-job?ref=v1.5.1"
+
+  cluster_ingress_hostname = var.gitops-console-link-job_cluster_ingress_hostname
+  cluster_type = var.gitops-console-link-job_cluster_type
+  git_credentials = module.gitops_repo.git_credentials
+  gitops_config = module.gitops_repo.gitops_config
+  namespace = module.toolkit_namespace.name
+  server_name = module.gitops_repo.server_name
+  tls_secret_name = var.gitops-console-link-job_tls_secret_name
+}
+module "olm" {
+  source = "github.com/cloud-native-toolkit/terraform-k8s-olm?ref=v1.3.2"
+
+  cluster_config_file = module.cluster.config_file_path
+  cluster_type = module.cluster.platform.type_code
+  cluster_version = module.cluster.platform.version
+}
+module "sealed-secret-cert" {
+  source = "github.com/cloud-native-toolkit/terraform-util-sealed-secret-cert?ref=v1.0.1"
+
+  cert = var.sealed-secret-cert_cert
+  cert_file = var.sealed-secret-cert_cert_file
+  private_key = var.sealed-secret-cert_private_key
+  private_key_file = var.sealed-secret-cert_private_key_file
+}
+module "toolkit_namespace" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-namespace?ref=v1.12.2"
+
+  argocd_namespace = var.toolkit_namespace_argocd_namespace
+  ci = var.toolkit_namespace_ci
+  create_operator_group = var.toolkit_namespace_create_operator_group
+  git_credentials = module.gitops_repo.git_credentials
+  gitops_config = module.gitops_repo.gitops_config
+  name = var.toolkit_namespace_name
+  server_name = module.gitops_repo.server_name
+}
+module "util-clis" {
+  source = "cloud-native-toolkit/clis/util"
+  version = "1.17.2"
+
+  bin_dir = var.util-clis_bin_dir
+  clis = var.util-clis_clis == null ? null : jsondecode(var.util-clis_clis)
+}
diff --git a/2-standard/1-aro/200-openshift-gitops/outputs.tf b/2-standard/1-aro/200-openshift-gitops/outputs.tf
new file mode 100644
index 0000000..eba03b0
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/outputs.tf
@@ -0,0 +1,19 @@
+output "gitops_host" {
+  value = module.gitops_repo.config_host
+}
+output "gitops_org" {
+  value = module.gitops_repo.config_org
+}
+output "gitops_name" {
+  value = module.gitops_repo.config_name
+}
+output "gitops_project" {
+  value = module.gitops_repo.config_project
+}
+output "gitops_username" {
+  value = module.gitops_repo.config_username
+}
+output "gitops_token" {
+  value = module.gitops_repo.config_token
+  sensitive = true
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/200-openshift-gitops/providers.tf b/2-standard/1-aro/200-openshift-gitops/providers.tf
new file mode 100644
index 0000000..459ee95
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/providers.tf
@@ -0,0 +1,6 @@
+
+provider "gitops" {
+
+
+  bin_dir = module.util-clis.bin_dir
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/200-openshift-gitops/terragrunt.hcl b/2-standard/1-aro/200-openshift-gitops/terragrunt.hcl
new file mode 100644
index 0000000..37b9876
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/terragrunt.hcl
@@ -0,0 +1,41 @@
+include "root" {
+  path = find_in_parent_folders()
+}
+
+locals {
+  dependencies = yamldecode(file("${get_parent_terragrunt_dir()}/layers.yaml"))
+
+  dep_105 = local.dependencies.names_105
+  mock_105 = local.dependencies.mock_105
+  cluster_config_path = fileexists("${get_parent_terragrunt_dir()}/${local.dep_105}/terragrunt.hcl") ? "${get_parent_terragrunt_dir()}/${local.dep_105}" : "${get_parent_terragrunt_dir()}/.mocks/${local.mock_105}"
+
+}
+
+// Reduce parallelism further for this layer
+terraform {
+  extra_arguments "reduced_parallelism" {
+    commands  = get_terraform_commands_that_need_parallelism()
+    arguments = ["-parallelism=2"]
+  }
+}
+
+dependency "aro" {
+  config_path = local.cluster_config_path
+  skip_outputs = false
+
+  mock_outputs_allowed_terraform_commands = ["init","validate","plan"]
+  mock_outputs = {
+      server_url = "https://fake.url.org:6443"
+      username = "fakeuser"
+      password = "fakepassword"
+      token = "faketoken"
+  }    
+}
+
+inputs = {
+  server_url = dependency.aro.outputs.cluster_serverURL
+  cluster_login_user = dependency.aro.outputs.cluster_username
+  cluster_login_password = dependency.aro.outputs.cluster_password
+  cluster_login_token= dependency.aro.outputs.cluster_token
+}
+
diff --git a/2-standard/1-aro/200-openshift-gitops/variables.tf b/2-standard/1-aro/200-openshift-gitops/variables.tf
new file mode 100644
index 0000000..835717f
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/variables.tf
@@ -0,0 +1,231 @@
+variable "config_banner_background_color" {
+  type = string
+  description = "The background color of the top banner. This value can be a named color (e.g. purple, red) or an RGB value (#FF0000)."
+  default = "purple"
+}
+variable "config_banner_text_color" {
+  type = string
+  description = "The text color for the top banner. This value can be a named color (e.g. purple, red) or an RGB value (#FF0000)."
+  default = "white"
+}
+variable "config_banner_text" {
+  type = string
+  description = "The text that will appear in the top banner in the cluster"
+}
+variable "server_url" {
+  type = string
+  description = "The url for the OpenShift api"
+}
+variable "cluster_login_user" {
+  type = string
+  description = "Username for login"
+  default = ""
+}
+variable "cluster_login_password" {
+  type = string
+  description = "Password for login"
+  default = ""
+}
+variable "cluster_login_token" {
+  type = string
+  description = "Token used for authentication"
+}
+variable "cluster_skip" {
+  type = bool
+  description = "Flag indicating that the cluster login has already been performed"
+  default = false
+}
+variable "cluster_cluster_version" {
+  type = string
+  description = "[Deprecated] The version of the cluster (passed through to the output)"
+  default = ""
+}
+variable "cluster_ingress_subdomain" {
+  type = string
+  description = "[Deprecated] The ingress subdomain of the cluster (passed through to the output)"
+  default = ""
+}
+variable "cluster_tls_secret_name" {
+  type = string
+  description = "[Deprecated] The name of the secret containing the tls certificates for the ingress subdomain (passed through to the output)"
+  default = ""
+}
+variable "cluster_ca_cert" {
+  type = string
+  description = "The base64 encoded ca certificate"
+  default = ""
+}
+variable "cluster_ca_cert_file" {
+  type = string
+  description = "The path to the file that contains the ca certificate"
+  default = ""
+}
+variable "gitea_namespace_name" {
+  type = string
+  description = "The namespace that should be created"
+  default = "gitea"
+}
+variable "gitea_namespace_create_operator_group" {
+  type = bool
+  description = "Flag indicating that an operator group should be created in the namespace"
+  default = true
+}
+variable "gitea_instance_name" {
+  type = string
+  description = "The name for the instance"
+  default = "gitea"
+}
+variable "gitea_username" {
+  type = string
+  description = "The username for the instance"
+  default = "gitea-admin"
+}
+variable "gitea_password" {
+  type = string
+  description = "The password for the instance"
+  default = ""
+}
+variable "gitea_ca_cert_file" {
+  type = string
+  description = "The path to the file that contains the ca certificate"
+  default = ""
+}
+variable "gitops_repo_host" {
+  type = string
+  description = "The host for the git repository. The git host used can be a GitHub, GitHub Enterprise, Gitlab, Bitbucket, Gitea or Azure DevOps server. If the host is null assumes in-cluster Gitea instance will be used."
+  default = ""
+}
+variable "gitops_repo_type" {
+  type = string
+  description = "[Deprecated] The type of the hosted git repository."
+  default = ""
+}
+variable "gitops_repo_org" {
+  type = string
+  description = "The org/group where the git repository exists/will be provisioned. If the value is left blank then the username org will be used."
+  default = ""
+}
+variable "gitops_repo_project" {
+  type = string
+  description = "The project that will be used for the git repo. (Primarily used for Azure DevOps repos)"
+  default = ""
+}
+variable "gitops_repo_username" {
+  type = string
+  description = "The username of the user with access to the repository"
+  default = ""
+}
+variable "gitops_repo_token" {
+  type = string
+  description = "The personal access token used to access the repository"
+  default = ""
+}
+variable "gitops_repo_repo" {
+  type = string
+  description = "The short name of the repository (i.e. the part after the org/group name)"
+}
+variable "gitops_repo_branch" {
+  type = string
+  description = "The name of the branch that will be used. If the repo already exists (provision=false) then it is assumed this branch already exists as well"
+  default = "main"
+}
+variable "gitops_repo_public" {
+  type = bool
+  description = "Flag indicating that the repo should be public or private"
+  default = false
+}
+variable "gitops_repo_gitops_namespace" {
+  type = string
+  description = "The namespace where ArgoCD is running in the cluster"
+  default = "openshift-gitops"
+}
+variable "gitops_repo_server_name" {
+  type = string
+  description = "The name of the cluster that will be configured via gitops. This is used to separate the config by cluster"
+  default = "default"
+}
+variable "gitops_repo_strict" {
+  type = bool
+  description = "Flag indicating that an error should be thrown if the repo already exists"
+  default = false
+}
+variable "debug" {
+  type = bool
+  description = "Flag indicating that debug loggging should be enabled"
+  default = false
+}
+variable "argocd-bootstrap_bootstrap_prefix" {
+  type = string
+  description = "The prefix used in ArgoCD to bootstrap the application"
+  default = ""
+}
+variable "argocd-bootstrap_create_webhook" {
+  type = bool
+  description = "Flag indicating that a webhook should be created in the gitops repo to notify argocd of changes"
+  default = true
+}
+variable "gitops-console-link-job_cluster_ingress_hostname" {
+  type = string
+  description = "Ingress hostname of the IKS cluster."
+  default = ""
+}
+variable "gitops-console-link-job_cluster_type" {
+  type = string
+  description = "The cluster type (openshift or ocp3 or ocp4 or kubernetes)"
+  default = "ocp4"
+}
+variable "gitops-console-link-job_tls_secret_name" {
+  type = string
+  description = "The name of the secret containing the tls certificate values"
+  default = ""
+}
+variable "toolkit_namespace_name" {
+  type = string
+  description = "The value that should be used for the namespace"
+  default = "toolkit"
+}
+variable "toolkit_namespace_ci" {
+  type = bool
+  description = "Flag indicating that this namespace will be used for development (e.g. configmaps and secrets)"
+  default = false
+}
+variable "toolkit_namespace_create_operator_group" {
+  type = bool
+  description = "Flag indicating that an operator group should be created in the namespace"
+  default = true
+}
+variable "toolkit_namespace_argocd_namespace" {
+  type = string
+  description = "The namespace where argocd has been deployed"
+  default = "openshift-gitops"
+}
+variable "util-clis_bin_dir" {
+  type = string
+  description = "The directory where the clis should be downloaded. If not provided will default to ./bin"
+  default = ""
+}
+variable "util-clis_clis" {
+  type = string
+  description = "The list of clis that should be made available in the bin directory. Supported values are yq, jq, igc, helm, argocd, rosa, gh, glab, and kubeseal. (If not provided the list will default to yq, jq, and igc)"
+  default = "[\"yq\",\"jq\",\"igc\"]"
+}
+variable "sealed-secret-cert_cert" {
+  type = string
+  description = "The public key that will be used to encrypt sealed secrets. If not provided, a new one will be generated"
+  default = ""
+}
+variable "sealed-secret-cert_private_key" {
+  type = string
+  description = "The private key that will be used to decrypt sealed secrets. If not provided, a new one will be generated"
+  default = ""
+}
+variable "sealed-secret-cert_cert_file" {
+  type = string
+  description = "The file containing the public key that will be used to encrypt the sealed secrets. If not provided a new public key will be generated"
+  default = ""
+}
+variable "sealed-secret-cert_private_key_file" {
+  type = string
+  description = "The file containin the private key that will be used to encrypt the sealed secrets. If not provided a new private key will be generated"
+  default = ""
+}
diff --git a/2-standard/1-aro/200-openshift-gitops/version.tf b/2-standard/1-aro/200-openshift-gitops/version.tf
new file mode 100644
index 0000000..5034007
--- /dev/null
+++ b/2-standard/1-aro/200-openshift-gitops/version.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    gitops = {
+      source = "cloud-native-toolkit/gitops"
+    }
+
+  }
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/210-azure-default-storage/bom.yaml b/2-standard/1-aro/210-azure-default-storage/bom.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/2-standard/1-aro/210-azure-default-storage/main.tf b/2-standard/1-aro/210-azure-default-storage/main.tf
new file mode 100644
index 0000000..4197dd3
--- /dev/null
+++ b/2-standard/1-aro/210-azure-default-storage/main.tf
@@ -0,0 +1,3 @@
+output "default-storage" {
+    value = "Using default Azure storage"
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/210-azure-default-storage/terragrunt.hcl b/2-standard/1-aro/210-azure-default-storage/terragrunt.hcl
new file mode 100644
index 0000000..90156cf
--- /dev/null
+++ b/2-standard/1-aro/210-azure-default-storage/terragrunt.hcl
@@ -0,0 +1,15 @@
+include "root" {
+  path = find_in_parent_folders()
+}
+
+locals {
+  dependencies = yamldecode(file("${get_parent_terragrunt_dir()}/layers.yaml"))
+
+    dep_105 = local.dependencies.names_105
+    mock_105 = local.dependencies.mock_105
+    cluster_config_path = fileexists("${get_parent_terragrunt_dir()}/${local.dep_105}/terragrunt.hcl") ? "${get_parent_terragrunt_dir()}/${local.dep_105}" : "${get_parent_terragrunt_dir()}/.mocks/${local.mock_105}"
+}
+
+dependencies {
+    paths = ["${local.cluster_config_path}"]
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/210-azure-portworx-storage/210-azure-portworx-storage.auto.tfvars b/2-standard/1-aro/210-azure-portworx-storage/210-azure-portworx-storage.auto.tfvars
new file mode 100644
index 0000000..e121c45
--- /dev/null
+++ b/2-standard/1-aro/210-azure-portworx-storage/210-azure-portworx-storage.auto.tfvars
@@ -0,0 +1,27 @@
+## azure_subscription_id: The subscription id of the Azure account where the OpenShift cluster has been provisioned
+#azure_subscription_id=""
+
+## azure_tenant_id: The tenant id of the Azure account where the OpenShift cluster has been provisioned
+#azure_tenant_id=""
+
+## azure_client_id: The client id used to access the Azure account
+#azure_client_id=""
+
+## azure_client_secret: The client secret used to access the Azure account
+#azure_client_secret=""
+
+## portworx_spec_file: The path to the file that contains the yaml spec for the Portworx config. Either the `portworx_spec_file` or `portworx_spec` must be provided. The instructions for creating this configuration can be found at https://github.com/cloud-native-toolkit/terraform-azure-portworx/blob/main/PORTWORX_CONFIG.md
+#portworx_spec_file=""
+
+## portworx_spec: The yaml spec for the Portworx config. Either the `portworx_spec_file` or `portworx_spec` must be provided. The instructions for creating this configuration can be found at https://github.com/cloud-native-toolkit/terraform-azure-portworx/blob/main/PORTWORX_CONFIG.md
+#portworx_spec=""
+
+## azure-portworx_enable_encryption: Flag indicating portworx volumes should be encrypted
+#azure-portworx_enable_encryption=""
+
+## server_url: The url for the OpenShift api
+#server_url=""
+
+## cluster_login_token: Token used for authentication
+#cluster_login_token=""
+
diff --git a/2-standard/1-aro/210-azure-portworx-storage/apply.sh b/2-standard/1-aro/210-azure-portworx-storage/apply.sh
new file mode 100755
index 0000000..e64c76a
--- /dev/null
+++ b/2-standard/1-aro/210-azure-portworx-storage/apply.sh
@@ -0,0 +1,74 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR=$(cd $(dirname $0); pwd -P)
+
+VARIABLES_FILE="${1}"
+if [[ -z "${VARIABLES_FILE}" ]]; then
+  VARIABLES_FILE="${SCRIPT_DIR}/variables.yaml"
+fi
+
+YQ=$(command -v yq4 || command -v yq)
+if [[ -z "${YQ}" ]] || [[ $(${YQ} --version | sed -E "s/.*version ([34]).*/\1/g") == "3" ]]; then
+  echo "yq v4 is required"
+  exit 1
+fi
+
+if [[ -f "${SCRIPT_DIR}/terraform/terraform.tfvars" ]]; then
+  cp "${SCRIPT_DIR}/terraform/terraform.tfvars" "${SCRIPT_DIR}/terraform/terraform.tfvars.backup"
+  rm "${SCRIPT_DIR}/terraform/terraform.tfvars"
+fi
+
+if [[ ! -f "${VARIABLES_FILE}" ]]; then
+  echo "Variables can be provided in a yaml file passed as the first argument"
+  echo ""
+fi
+
+TMP_VARIABLES_FILE="${VARIABLES_FILE}.tmp"
+
+echo "variables: []" > ${TMP_VARIABLES_FILE}
+
+cat "${SCRIPT_DIR}/bom.yaml" | ${YQ} e '.spec.variables[] | .name' - | while read name; do
+  default_value=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .defaultValue // ""' -)
+  sensitive=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .sensitive // false' -)
+  description=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .description // ""' -)
+
+  variable_name="TF_VAR_${name}"
+
+  environment_variable=$(env | grep "${variable_name}" | sed -E 's/.*=(.*).*/\1/g')
+  value="${environment_variable}"
+  if [[ -f "${VARIABLES_FILE}" ]]; then
+    value=$(cat "${VARIABLES_FILE}" | NAME="${name}" ${YQ} e '.variables[] | select(.name == env(NAME)) | .value // ""' -)
+    if [[ -z "${value}" ]]; then
+      value="${environment_variable}"
+    fi
+  fi
+
+  while [[ -z "${value}" ]]; do
+    echo "Provide a value for '${name}':"
+    if [[ -n "${description}" ]]; then
+      echo "  ${description}"
+    fi
+    sensitive_flag=""
+    if [[ "${sensitive}" == "true" ]]; then
+      sensitive_flag="-s"
+    fi
+    default_prompt=""
+    if [[ -n "${default_value}" ]]; then
+      default_prompt="(${default_value}) "
+    fi
+    read -u 1 ${sensitive_flag} -p "> ${default_prompt}" value
+    value=${value:-$default_value}
+  done
+
+  echo "${name} = \"${value}\"" >> "${SCRIPT_DIR}/terraform/terraform.tfvars"
+  if [[ "${sensitive}" != "true" ]]; then
+    NAME="${name}" VALUE="${value}" ${YQ} e -i -P '.variables += [{"name": env(NAME), "value": env(VALUE)}]' "${TMP_VARIABLES_FILE}"
+  fi
+done
+
+cp "${TMP_VARIABLES_FILE}" "${VARIABLES_FILE}"
+rm "${TMP_VARIABLES_FILE}"
+
+cd ${SCRIPT_DIR}/terraform
+terraform init
+terraform apply
diff --git a/2-standard/1-aro/210-azure-portworx-storage/bom.yaml b/2-standard/1-aro/210-azure-portworx-storage/bom.yaml
new file mode 100644
index 0000000..dcfa787
--- /dev/null
+++ b/2-standard/1-aro/210-azure-portworx-storage/bom.yaml
@@ -0,0 +1,83 @@
+apiVersion: cloud.ibm.com/v1alpha1
+kind: BillOfMaterial
+metadata:
+  name: 210-azure-portworx-storage
+  labels:
+    type: software
+    code: '210'
+    platform: azure
+    storage: portworx
+  annotations:
+    displayName: Azure - Portworx Cluster Storage
+    description: Installs Portworx into an OCP cluster on Azure
+spec:
+  modules:
+    - name: azure-portworx
+      alias: azure-portworx
+      version: v1.0.2
+      variables:
+        - name: region
+          scope: global
+        - name: name_prefix
+          scope: global
+        - name: client_id
+          scope: global
+        - name: client_secret
+          scope: global
+        - name: subscription_id
+          scope: global
+        - name: tenant_id
+          scope: global
+        - name: portworx_spec_file
+          scope: global
+          important: true
+        - name: portworx_spec
+          scope: global
+    - name: ocp-login
+      alias: cluster
+      version: v1.6.0
+  variables:
+    - name: azure_subscription_id
+      type: string
+      description: >-
+        The subscription id of the Azure account where the OpenShift cluster has
+        been provisioned
+    - name: azure_tenant_id
+      type: string
+      description: >-
+        The tenant id of the Azure account where the OpenShift cluster has been
+        provisioned
+    - name: azure_client_id
+      type: string
+      description: The client id used to access the Azure account
+    - name: azure_client_secret
+      type: string
+      description: The client secret used to access the Azure account
+    - name: portworx_spec_file
+      type: string
+      description: >-
+        The path to the file that contains the yaml spec for the Portworx
+        config. Either the `portworx_spec_file` or `portworx_spec` must be
+        provided. The instructions for creating this configuration can be found
+        at
+        https://github.com/cloud-native-toolkit/terraform-azure-portworx/blob/main/PORTWORX_CONFIG.md
+      defaultValue: ''
+    - name: portworx_spec
+      type: string
+      description: >-
+        The yaml spec for the Portworx config. Either the `portworx_spec_file`
+        or `portworx_spec` must be provided. The instructions for creating this
+        configuration can be found at
+        https://github.com/cloud-native-toolkit/terraform-azure-portworx/blob/main/PORTWORX_CONFIG.md
+      defaultValue: ''
+    - name: azure-portworx_enable_encryption
+      type: bool
+      description: Flag indicating portworx volumes should be encrypted
+      defaultValue: false
+    - name: server_url
+      type: string
+      description: The url for the OpenShift api
+    - name: cluster_login_token
+      type: string
+      description: Token used for authentication
+      sensitive: true
diff --git a/2-standard/1-aro/210-azure-portworx-storage/dependencies.dot b/2-standard/1-aro/210-azure-portworx-storage/dependencies.dot
new file mode 100644
index 0000000..2d35ebf
--- /dev/null
+++ b/2-standard/1-aro/210-azure-portworx-storage/dependencies.dot
@@ -0,0 +1,6 @@
+digraph {
+    rankdir="BT"
+    "azure-portworx (azure-portworx)" -> "cluster (ocp-login)"
+"azure-portworx (azure-portworx)"
+"cluster (ocp-login)"
+  }
\ No newline at end of file
diff --git a/2-standard/1-aro/210-azure-portworx-storage/destroy.sh b/2-standard/1-aro/210-azure-portworx-storage/destroy.sh
new file mode 100755
index 0000000..7c27549
--- /dev/null
+++ b/2-standard/1-aro/210-azure-portworx-storage/destroy.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR=$(cd $(dirname $0); pwd -P)
+
+cd "${SCRIPT_DIR}/terraform"
+terraform init
+terraform destroy -auto-approve
diff --git a/2-standard/1-aro/210-azure-portworx-storage/docs/azure-portworx.md b/2-standard/1-aro/210-azure-portworx-storage/docs/azure-portworx.md
new file mode 100644
index 0000000..baf060d
--- /dev/null
+++ b/2-standard/1-aro/210-azure-portworx-storage/docs/azure-portworx.md
@@ -0,0 +1,120 @@
+# azure-portworx
+
+
+### Description
+
+Terraform module to install Portworx into an OCP/ARO/IPI cluster on Azure, compatible with modules from https://modules.cloudnativetoolkit.dev
+
+### Prerequisites
+
+This module has 2 manual steps that must be completed before successful deployment:
+
+1. Azure service principal/credentials
+2. Portworx configuration
+
+#### Azure service principal/credentials
+
+The provided `scripts/portworx-prereq.sh` script will collect/create the necessary service principle. The script required the resource group name, cluster name, and cluster type as input. Optionally the subscription id can be provided. If not provided, the subscription id will be looked up.
+
+1. Log into your Azure account using the `az` cli.
+2. Run the `scripts/portworx-prereq.sh` script.
+
+    ```shell
+    ./scripts/portworx-prereq.sh -t aro -g rg-name -n cluster-name
+    ```
+
+3. If successful, the output of the script will look like the following. The output values can be provided as input to the automation.
+
+    ```json
+    {
+      "azure_client_id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
+      "azure_client_secret": "XXXXXXX",
+      "azure_tenant_id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
+      "azure_subscription_id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
+    }
+    ```
+
+Alternatively, you can use known credentials for an existing service principal to allow Portworx to provision volumes for the cluster.
+
+##### Service principle details
+
+A service principal (service account) is used by the Portworx deployment to provision storage volumes that will be leveraged by Portworx once deployed into the OpenShift cluster.   There are some specifics for service principals when deploying portworx, as detailed below:
+
+- **ARO Clusters:** - For ARO clusters, you must use the service principal that was created in the background when the ARO cluster was created.  
+- **IPI Clusters:** - For IPI clusters, you must create a service principal that has the following permissions:
+
+  - `Microsoft.ContainerService/managedClusters/agentPools/read`
+  - `Microsoft.Compute/disks/delete`
+  - `Microsoft.Compute/disks/write`
+  - `Microsoft.Compute/disks/read`
+  - `Microsoft.Compute/virtualMachines/write`
+  - `Microsoft.Compute/virtualMachines/read`
+  - `Microsoft.Compute/virtualMachineScaleSets/virtualMachines/write`
+  - `Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read`
+
+Before attempting to deploy this module, you can log into the `az` cli, and manually run the `scripts/portworx-prereq.sh` script, which will handle both of these cases.  This script will output the credentials that are required to successfully deploy Portworx into the cluster. The output will be a JSON structure like: 
+
+
+#### Portworx configuration
+
+This module requires a Portworx configuration.   Portworx is available in 2 flavors: `Enterprise` and `Essentials`.   
+
+*Portworx Essentials* is free forever, but only supports a maximum of 5 nodes on a cluster, 200 volumes, and 5TB of storage.   
+*Portworx Enterprise* requires a subscription (has 30 day free trial), supports over 1000 nodes per cluster, and has unlimited storage.
+
+More detailed comparisons are available at: https://portworx.com/products/features/
+
+Instructions for obtaining your portworx configuration are available at [portworx config](./PORTWORX_CONFIG.md)
+
+You can see an example in the [Example usage](#example-usage) section below.
+
+### Software dependencies
+
+The module depends on the following software components:
+
+#### Command-line tools
+
+- terraform >= v0.15
+
+#### Terraform providers
+
+- nil
+
+### Module dependencies
+
+This module makes use of the output from other modules:
+
+- github.com/cloud-native-toolkit/terraform-ocp-login.git
+  - provides the `cluster_config_file` variable for the `azure-portworx` module.
+
+### Example usage
+
+Note: `osb_endpoint` and `user_id` are only required in `portworx_config` if `type` is `essentials`.  These values are not required for type `enterprise`. 
+
+```hcl-terraform
+module "cluster-login" {
+  source = "github.com/cloud-native-toolkit/terraform-ocp-login.git"
+
+  server_url = var.server_url
+  login_user = var.cluster_username
+  login_password = var.cluster_password
+  login_token = ""
+  ca_cert = var.ca_cert  
+}
+
+module "azure-portworx" {
+  source = "./module"
+
+  azure_client_id       = var.azure_client_id
+  azure_client_secret   = var.azure_client_secret
+  azure_subscription_id = var.azure_subscription_id
+  azure_tenant_id       = var.azure_tenant_id
+  cluster_config_file   = module.terraform-ocp-login.platform.kubeconfig
+  cluster_type          = "IPI"
+  portworx_spec_file    = "${path.module}/px_spec.yaml"
+}
+```
+
+## Acknowledgements
+This module is a derivative of https://github.com/ibm-hcbt/terraform-ibm-cloud-pak/tree/main/modules/portworx_aws
+
diff --git a/2-standard/1-aro/210-azure-portworx-storage/docs/ocp-login.md b/2-standard/1-aro/210-azure-portworx-storage/docs/ocp-login.md
new file mode 100644
index 0000000..6e4ad22
--- /dev/null
+++ b/2-standard/1-aro/210-azure-portworx-storage/docs/ocp-login.md
@@ -0,0 +1,36 @@
+# OCP Login
+
+Terraform module to log into a cluster and write the credentials into the kube config file. The file path is output by the module.
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform - v0.15
+
+### Terraform providers
+
+None
+
+## Module dependencies
+
+None
+
+## Example usage
+
+```hcl-terraform
+module "dev_tools_argocd" {
+  source = "github.com/ibm-garage-cloud/terraform-tools-argocd.git?ref=v1.0.0"
+
+  cluster_config_file = module.dev_cluster.config_file_path
+  cluster_type        = module.dev_cluster.type
+  app_namespace       = module.dev_cluster_namespaces.tools_namespace_name
+  ingress_subdomain   = module.dev_cluster.ingress_hostname
+  olm_namespace       = module.dev_software_olm.olm_namespace
+  operator_namespace  = module.dev_software_olm.target_namespace
+  name                = "argocd"
+}
+```
+
diff --git a/2-standard/1-aro/210-azure-portworx-storage/main.tf b/2-standard/1-aro/210-azure-portworx-storage/main.tf
new file mode 100644
index 0000000..fb7753f
--- /dev/null
+++ b/2-standard/1-aro/210-azure-portworx-storage/main.tf
@@ -0,0 +1,32 @@
+module "azure-portworx" {
+  source = "github.com/cloud-native-toolkit/terraform-azure-portworx?ref=v1.0.2"
+
+  azure_client_id = var.client_id
+  azure_client_secret = var.client_secret
+  azure_subscription_id = var.subscription_id
+  azure_tenant_id = var.tenant_id
+  cluster_config_file = module.cluster.config_file_path
+  cluster_type = var.azure-portworx_cluster_type
+  disk_size = var.azure-portworx_disk_size
+  enable_encryption = var.azure-portworx_enable_encryption
+  kvdb_disk_size = var.azure-portworx_kvdb_disk_size
+  portworx_spec = var.portworx_spec
+  portworx_spec_file = var.portworx_spec_file
+  provision = var.azure-portworx_provision
+  px_enable_csi = var.azure-portworx_px_enable_csi
+  px_enable_monitoring = var.azure-portworx_px_enable_monitoring
+}
+module "cluster" {
+  source = "github.com/cloud-native-toolkit/terraform-ocp-login?ref=v1.6.0"
+
+  ca_cert = var.cluster_ca_cert
+  ca_cert_file = var.cluster_ca_cert_file
+  cluster_version = var.cluster_cluster_version
+  ingress_subdomain = var.cluster_ingress_subdomain
+  login_password = var.cluster_login_password
+  login_token = var.cluster_login_token
+  login_user = var.cluster_login_user
+  server_url = var.server_url
+  skip = var.cluster_skip
+  tls_secret_name = var.cluster_tls_secret_name
+}
diff --git a/2-standard/1-aro/210-azure-portworx-storage/providers.tf b/2-standard/1-aro/210-azure-portworx-storage/providers.tf
new file mode 100644
index 0000000..e38fc4d
--- /dev/null
+++ b/2-standard/1-aro/210-azure-portworx-storage/providers.tf
@@ -0,0 +1,5 @@
+
+provider "azure" {
+
+
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/210-azure-portworx-storage/terragrunt.hcl b/2-standard/1-aro/210-azure-portworx-storage/terragrunt.hcl
new file mode 100644
index 0000000..bdf75f4
--- /dev/null
+++ b/2-standard/1-aro/210-azure-portworx-storage/terragrunt.hcl
@@ -0,0 +1,32 @@
+include "root" {
+  path = find_in_parent_folders()
+}
+
+locals {
+    px_spec = get_env("TF_VAR_portworx_spec")
+    dependencies = yamldecode(file("${get_parent_terragrunt_dir()}/layers.yaml"))
+
+    dep_105 = local.dependencies.names_105
+    mock_105 = local.dependencies.mock_105
+    cluster_config_path = fileexists("${get_parent_terragrunt_dir()}/${local.dep_105}/terragrunt.hcl") ? "${get_parent_terragrunt_dir()}/${local.dep_105}" : "${get_parent_terragrunt_dir()}/.mocks/${local.mock_105}"
+}
+
+dependency "aro" {
+    config_path = local.cluster_config_path
+
+    mock_outputs_allowed_terraform_commands = ["init","validate","plan"]
+    mock_outputs = {
+        server_url = "https://fake.url.org:6443"
+        username = "fakeuser"
+        password = "fakepassword"
+    }    
+}
+
+inputs = {
+    server_url = dependency.aro.outputs.server_url
+    cluster_login_user = dependency.aro.outputs.username
+    cluster_login_password = dependency.aro.outputs.password
+    azure-portworx_portworx_spec = local.px_spec
+    azure-portworx_cluster_type = "ARO"
+    cluster_login_token= dependency.aro.outputs.token
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/210-azure-portworx-storage/variables.tf b/2-standard/1-aro/210-azure-portworx-storage/variables.tf
new file mode 100644
index 0000000..8130d07
--- /dev/null
+++ b/2-standard/1-aro/210-azure-portworx-storage/variables.tf
@@ -0,0 +1,109 @@
+variable "azure-portworx_provision" {
+  type = string
+  description = "If set to true installs Portworx on the given cluster"
+  default = "true"
+}
+variable "subscription_id" {
+  type = string
+  description = "The subscription id of the Azure account where the OpenShift cluster has been provisioned"
+}
+variable "tenant_id" {
+  type = string
+  description = "The tenant id of the Azure account where the OpenShift cluster has been provisioned"
+}
+variable "client_id" {
+  type = string
+  description = "The client id used to access the Azure account"
+}
+variable "client_secret" {
+  type = string
+  description = "The client secret used to access the Azure account"
+}
+variable "azure-portworx_cluster_type" {
+  type = string
+  description = "Type of OCP cluster on Azure (ARO | IPI)"
+  default = "ARO"
+}
+variable "azure-portworx_disk_size" {
+  type = string
+  description = "Disk size for each Portworx volume"
+  default = "1000"
+}
+variable "azure-portworx_kvdb_disk_size" {
+  type = string
+  description = "the value of azure-portworx_kvdb_disk_size"
+  default = "150"
+}
+variable "azure-portworx_px_enable_monitoring" {
+  type = bool
+  description = "Enable monitoring on PX"
+  default = true
+}
+variable "azure-portworx_px_enable_csi" {
+  type = bool
+  description = "Enable CSI on PX"
+  default = true
+}
+variable "portworx_spec_file" {
+  type = string
+  description = "The path to the file that contains the yaml spec for the Portworx config. Either the `portworx_spec_file` or `portworx_spec` must be provided. The instructions for creating this configuration can be found at https://github.com/cloud-native-toolkit/terraform-azure-portworx/blob/main/PORTWORX_CONFIG.md"
+  default = ""
+}
+variable "portworx_spec" {
+  type = string
+  description = "The yaml spec for the Portworx config. Either the `portworx_spec_file` or `portworx_spec` must be provided. The instructions for creating this configuration can be found at https://github.com/cloud-native-toolkit/terraform-azure-portworx/blob/main/PORTWORX_CONFIG.md"
+  default = ""
+}
+variable "azure-portworx_enable_encryption" {
+  type = bool
+  description = "Flag indicating portworx volumes should be encrypted"
+  default = false
+}
+variable "server_url" {
+  type = string
+  description = "The url for the OpenShift api"
+}
+variable "cluster_login_user" {
+  type = string
+  description = "Username for login"
+  default = ""
+}
+variable "cluster_login_password" {
+  type = string
+  description = "Password for login"
+  default = ""
+}
+variable "cluster_login_token" {
+  type = string
+  description = "Token used for authentication"
+}
+variable "cluster_skip" {
+  type = bool
+  description = "Flag indicating that the cluster login has already been performed"
+  default = false
+}
+variable "cluster_cluster_version" {
+  type = string
+  description = "[Deprecated] The version of the cluster (passed through to the output)"
+  default = ""
+}
+variable "cluster_ingress_subdomain" {
+  type = string
+  description = "[Deprecated] The ingress subdomain of the cluster (passed through to the output)"
+  default = ""
+}
+variable "cluster_tls_secret_name" {
+  type = string
+  description = "[Deprecated] The name of the secret containing the tls certificates for the ingress subdomain (passed through to the output)"
+  default = ""
+}
+variable "cluster_ca_cert" {
+  type = string
+  description = "The base64 encoded ca certificate"
+  default = ""
+}
+variable "cluster_ca_cert_file" {
+  type = string
+  description = "The path to the file that contains the ca certificate"
+  default = ""
+}
diff --git a/2-standard/1-aro/210-azure-portworx-storage/version.tf b/2-standard/1-aro/210-azure-portworx-storage/version.tf
new file mode 100644
index 0000000..a6ee4b9
--- /dev/null
+++ b/2-standard/1-aro/210-azure-portworx-storage/version.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    azure = {
+      source = "hashicorp/azurerm"
+    }
+
+  }
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/220-dev-tools/220-dev-tools.auto.tfvars b/2-standard/1-aro/220-dev-tools/220-dev-tools.auto.tfvars
new file mode 100644
index 0000000..5a73fe4
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/220-dev-tools.auto.tfvars
@@ -0,0 +1,18 @@
+## gitops_repo_host: The host for the git repository. The git host used can be a GitHub, GitHub Enterprise, Gitlab, Bitbucket, Gitea or Azure DevOps server. If the host is null assumes in-cluster Gitea instance will be used.
+#gitops_repo_host=""
+
+## gitops_repo_org: The org/group where the git repository exists/will be provisioned. If the value is left blank then the username org will be used.
+#gitops_repo_org=""
+
+## gitops_repo_project: The project that will be used for the git repo. (Primarily used for Azure DevOps repos)
+#gitops_repo_project=""
+
+## gitops_repo_username: The username of the user with access to the repository
+#gitops_repo_username=""
+
+## gitops_repo_token: The personal access token used to access the repository
+#gitops_repo_token=""
+
+## gitops_repo_repo: The short name of the repository (i.e. the part after the org/group name)
+#gitops_repo_repo=""
+
diff --git a/2-standard/1-aro/220-dev-tools/apply.sh b/2-standard/1-aro/220-dev-tools/apply.sh
new file mode 100755
index 0000000..e64c76a
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/apply.sh
@@ -0,0 +1,74 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR=$(cd $(dirname $0); pwd -P)
+
+VARIABLES_FILE="${1}"
+if [[ -z "${VARIABLES_FILE}" ]]; then
+  VARIABLES_FILE="${SCRIPT_DIR}/variables.yaml"
+fi
+
+YQ=$(command -v yq4 || command -v yq)
+if [[ -z "${YQ}" ]] || [[ $(${YQ} --version | sed -E "s/.*version ([34]).*/\1/g") == "3" ]]; then
+  echo "yq v4 is required"
+  exit 1
+fi
+
+if [[ -f "${SCRIPT_DIR}/terraform/terraform.tfvars" ]]; then
+  cp "${SCRIPT_DIR}/terraform/terraform.tfvars" "${SCRIPT_DIR}/terraform/terraform.tfvars.backup"
+  rm "${SCRIPT_DIR}/terraform/terraform.tfvars"
+fi
+
+if [[ ! -f "${VARIABLES_FILE}" ]]; then
+  echo "Variables can be provided in a yaml file passed as the first argument"
+  echo ""
+fi
+
+TMP_VARIABLES_FILE="${VARIABLES_FILE}.tmp"
+
+echo "variables: []" > ${TMP_VARIABLES_FILE}
+
+cat "${SCRIPT_DIR}/bom.yaml" | ${YQ} e '.spec.variables[] | .name' - | while read name; do
+  default_value=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .defaultValue // ""' -)
+  sensitive=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .sensitive // false' -)
+  description=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .description // ""' -)
+
+  variable_name="TF_VAR_${name}"
+
+  environment_variable=$(env | grep "${variable_name}" | sed -E 's/.*=(.*).*/\1/g')
+  value="${environment_variable}"
+  if [[ -f "${VARIABLES_FILE}" ]]; then
+    value=$(cat "${VARIABLES_FILE}" | NAME="${name}" ${YQ} e '.variables[] | select(.name == env(NAME)) | .value // ""' -)
+    if [[ -z "${value}" ]]; then
+      value="${environment_variable}"
+    fi
+  fi
+
+  while [[ -z "${value}" ]]; do
+    echo "Provide a value for '${name}':"
+    if [[ -n "${description}" ]]; then
+      echo "  ${description}"
+    fi
+    sensitive_flag=""
+    if [[ "${sensitive}" == "true" ]]; then
+      sensitive_flag="-s"
+    fi
+    default_prompt=""
+    if [[ -n "${default_value}" ]]; then
+      default_prompt="(${default_value}) "
+    fi
+    read -u 1 ${sensitive_flag} -p "> ${default_prompt}" value
+    value=${value:-$default_value}
+  done
+
+  echo "${name} = \"${value}\"" >> "${SCRIPT_DIR}/terraform/terraform.tfvars"
+  if [[ "${sensitive}" != "true" ]]; then
+    NAME="${name}" VALUE="${value}" ${YQ} e -i -P '.variables += [{"name": env(NAME), "value": env(VALUE)}]' "${TMP_VARIABLES_FILE}"
+  fi
+done
+
+cp "${TMP_VARIABLES_FILE}" "${VARIABLES_FILE}"
+rm "${TMP_VARIABLES_FILE}"
+
+cd ${SCRIPT_DIR}/terraform
+terraform init
+terraform apply
diff --git a/2-standard/1-aro/220-dev-tools/bom.yaml b/2-standard/1-aro/220-dev-tools/bom.yaml
new file mode 100644
index 0000000..3709901
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/bom.yaml
@@ -0,0 +1,80 @@
+apiVersion: cloud.ibm.com/v1alpha1
+kind: BillOfMaterial
+metadata:
+  name: 220-dev-tools
+  labels:
+    type: software
+    code: '220'
+  annotations:
+    displayName: OpenShift development tools
+    description: Provisions development tools in an OpenShift cluster
+    deployment-type/gitops: 'true'
+    vpn/required: 'true'
+spec:
+  modules:
+    - name: gitops-artifactory
+      alias: gitops-artifactory
+      version: v1.3.0
+    - name: gitops-dashboard
+      alias: gitops-dashboard
+      version: v1.7.0
+    - name: gitops-namespace
+      alias: tools_namespace
+      version: v1.12.2
+      default: true
+      variables:
+        - name: name
+          value: tools
+    - name: gitops-pact-broker
+      alias: gitops-pact-broker
+      version: v1.2.0
+    - name: gitops-repo
+      alias: gitops_repo
+      version: v1.22.1
+    - name: gitops-sonarqube
+      alias: gitops-sonarqube
+      version: v1.3.0
+    - name: gitops-swagger-editor
+      alias: gitops-swagger-editor
+      version: v0.1.0
+    - name: gitops-tekton-resources
+      alias: gitops-tekton-resources
+      version: v2.1.0
+    - name: util-clis
+      version: v1.17.2
+    - name: gitops-buildah-unprivileged
+      version: v1.1.1
+  variables:
+    - name: gitops_repo_host
+      type: string
+      description: >-
+        The host for the git repository. The git host used can be a GitHub,
+        GitHub Enterprise, Gitlab, Bitbucket, Gitea or Azure DevOps server. If
+        the host is null assumes in-cluster Gitea instance will be used.
+      defaultValue: ''
+    - name: gitops_repo_org
+      type: string
+      description: >-
+        The org/group where the git repository exists/will be provisioned. If
+        the value is left blank then the username org will be used.
+      defaultValue: ''
+    - name: gitops_repo_project
+      type: string
+      description: >-
+        The project that will be used for the git repo. (Primarily used for
+        Azure DevOps repos)
+      defaultValue: ''
+    - name: gitops_repo_username
+      type: string
+      description: The username of the user with access to the repository
+      defaultValue: ''
+    - name: gitops_repo_token
+      type: string
+      description: The personal access token used to access the repository
+      defaultValue: ''
+      sensitive: true
+    - name: gitops_repo_repo
+      type: string
+      description: >-
+        The short name of the repository (i.e. the part after the org/group
+        name)
diff --git a/2-standard/1-aro/220-dev-tools/dependencies.dot b/2-standard/1-aro/220-dev-tools/dependencies.dot
new file mode 100644
index 0000000..cec6bc4
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/dependencies.dot
@@ -0,0 +1,29 @@
+digraph {
+    rankdir="BT"
+    "gitops-artifactory (gitops-artifactory)" -> "gitops_repo (gitops-repo)"
+"gitops-artifactory (gitops-artifactory)" -> "tools_namespace (gitops-namespace)"
+"gitops-artifactory (gitops-artifactory)"
+"gitops_repo (gitops-repo)"
+"tools_namespace (gitops-namespace)" -> "gitops_repo (gitops-repo)"
+"tools_namespace (gitops-namespace)"
+"gitops-dashboard (gitops-dashboard)" -> "gitops_repo (gitops-repo)"
+"gitops-dashboard (gitops-dashboard)" -> "tools_namespace (gitops-namespace)"
+"gitops-dashboard (gitops-dashboard)"
+"gitops-pact-broker (gitops-pact-broker)" -> "gitops_repo (gitops-repo)"
+"gitops-pact-broker (gitops-pact-broker)" -> "tools_namespace (gitops-namespace)"
+"gitops-pact-broker (gitops-pact-broker)"
+"gitops-sonarqube (gitops-sonarqube)" -> "gitops_repo (gitops-repo)"
+"gitops-sonarqube (gitops-sonarqube)" -> "tools_namespace (gitops-namespace)"
+"gitops-sonarqube (gitops-sonarqube)"
+"gitops-swagger-editor (gitops-swagger-editor)" -> "gitops_repo (gitops-repo)"
+"gitops-swagger-editor (gitops-swagger-editor)" -> "tools_namespace (gitops-namespace)"
+"gitops-swagger-editor (gitops-swagger-editor)"
+"gitops-tekton-resources (gitops-tekton-resources)" -> "gitops_repo (gitops-repo)"
+"gitops-tekton-resources (gitops-tekton-resources)" -> "tools_namespace (gitops-namespace)"
+"gitops-tekton-resources (gitops-tekton-resources)" -> "gitops-buildah-unprivileged (gitops-buildah-unprivileged)"
+"gitops-tekton-resources (gitops-tekton-resources)"
+"gitops-buildah-unprivileged (gitops-buildah-unprivileged)" -> "gitops_repo (gitops-repo)"
+"gitops-buildah-unprivileged (gitops-buildah-unprivileged)" -> "tools_namespace (gitops-namespace)"
+"gitops-buildah-unprivileged (gitops-buildah-unprivileged)"
+"util-clis (util-clis)"
+  }
\ No newline at end of file
diff --git a/2-standard/1-aro/220-dev-tools/destroy.sh b/2-standard/1-aro/220-dev-tools/destroy.sh
new file mode 100755
index 0000000..7c27549
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/destroy.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR=$(cd $(dirname $0); pwd -P)
+
+cd "${SCRIPT_DIR}/terraform"
+terraform init
+terraform destroy -auto-approve
diff --git a/2-standard/1-aro/220-dev-tools/docs/gitops-artifactory.md b/2-standard/1-aro/220-dev-tools/docs/gitops-artifactory.md
new file mode 100644
index 0000000..8b8776f
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/docs/gitops-artifactory.md
@@ -0,0 +1,39 @@
+# Artifactory Gitops module
+
+Module to populate a gitops repository with the resources to deploy Artifactory.
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform - v0.15
+- git
+
+### Terraform providers
+
+- None
+
+## Module dependencies
+
+This module makes use of the output from other modules:
+
+- GitOps - github.com/cloud-native-toolkit/terraform-tools-gitops.git
+- Cluster - github.com/ibm-garage-cloud/terraform-ibm-ocp-vpc.git
+- Namespace - github.com/cloud-native-toolkit/terraform-gitops-namespace.git
+
+
+## Example usage
+
+```hcl-terraform
+module "gitops_artifactory" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-artifactory.git"
+
+  gitops_config = module.gitops.gitops_config
+  git_credentials = module.gitops.git_credentials
+  namespace = module.gitops_namespace.name
+  server_name = module.gitops.server_name
+}
+```
+
diff --git a/2-standard/1-aro/220-dev-tools/docs/gitops-buildah-unprivileged.md b/2-standard/1-aro/220-dev-tools/docs/gitops-buildah-unprivileged.md
new file mode 100644
index 0000000..ab550bf
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/docs/gitops-buildah-unprivileged.md
@@ -0,0 +1,36 @@
+# Buildah unprivileged gitops module 
+
+Module to populate a gitops repo to set up a Red Hat OpenShift cluster to allow buildah to run unprivileged. (This is primarily necessary for IBM ROKS clusters.)
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform >= v0.15
+
+### Terraform providers
+
+None
+
+## Module dependencies
+
+This module makes use of the output from other modules:
+
+- GitOps - github.com/cloud-native-toolkit/terraform-tools-gitops.git
+- Namespace - github.com/cloud-native-toolkit/terraform-gitops-namespace.git
+
+## Example usage
+
+```hcl-terraform
+module "buildah_unprivileged" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-buildah-unprivileged.git"
+
+  gitops_config = module.gitops.gitops_config
+  git_credentials = module.gitops.git_credentials
+  server_name = module.gitops.server_name
+  namespace = module.gitops_namespace.name
+}
+```
+
diff --git a/2-standard/1-aro/220-dev-tools/docs/gitops-dashboard.md b/2-standard/1-aro/220-dev-tools/docs/gitops-dashboard.md
new file mode 100644
index 0000000..663b858
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/docs/gitops-dashboard.md
@@ -0,0 +1,42 @@
+# Developer Dashboard module
+
+Module that populates  gitops repository with the Developer Dashboard  chart from https://charts.cloudnativetoolkit.dev. Developer dashboard displays the links to all the tools installed on the cluster as part of CloudNative toolkit.
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform >= v0.15
+- kubectl
+
+### Terraform providers
+
+- IBM Cloud provider >= 1.5.3
+- Helm provider >= 1.1.1 (provided by Terraform)
+
+## Module dependencies
+
+This module makes use of the output from other modules:
+
+- Cluster - github.com/ibm-garage-cloud/terraform-ibm-container-platform.git
+- Namespace - github.com/ibm-garage-clout/terraform-cluster-namespace.git
+- etc
+
+## Example usage
+
+```hcl-terraform
+module "dev_tools_argocd" {
+  source = "github.com/ibm-garage-cloud/terraform-tools-argocd.git?ref=v1.0.0"
+
+  cluster_config_file = module.dev_cluster.config_file_path
+  cluster_type        = module.dev_cluster.type
+  app_namespace       = module.dev_cluster_namespaces.tools_namespace_name
+  ingress_subdomain   = module.dev_cluster.ingress_hostname
+  olm_namespace       = module.dev_software_olm.olm_namespace
+  operator_namespace  = module.dev_software_olm.target_namespace
+  name                = "argocd"
+}
+```
+
diff --git a/2-standard/1-aro/220-dev-tools/docs/gitops-namespace.md b/2-standard/1-aro/220-dev-tools/docs/gitops-namespace.md
new file mode 100644
index 0000000..374abd1
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/docs/gitops-namespace.md
@@ -0,0 +1,41 @@
+# Namespace gitops config
+
+Module to configure a GitOps repo to provision a namespace
+
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform >= v0.15
+- git
+
+### Terraform providers
+
+- None
+
+## Module dependencies
+
+This module makes use of the output from other modules:
+
+- GitOps repo - github.com/cloud-native-toolkit/terraform-tools-gitops.git
+
+## Example usage
+
+```hcl-terraform
+module "gitops_namespace" {
+  source = "github.com/ibm-garage-cloud/terraform-gitops-namespace.git"
+
+  config_repo = module.gitops.config_repo
+  config_token = module.gitops.config_token
+  config_paths = module.gitops.config_paths
+  application_repo = module.gitops.application_repo
+  application_token = module.gitops.application_token
+  application_paths = module.gitops.application_paths
+  name = var.namespace
+  create_operator_group = false
+}
+```
+
diff --git a/2-standard/1-aro/220-dev-tools/docs/gitops-pact-broker.md b/2-standard/1-aro/220-dev-tools/docs/gitops-pact-broker.md
new file mode 100644
index 0000000..e4724f0
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/docs/gitops-pact-broker.md
@@ -0,0 +1,37 @@
+# Pact Broker gitops module
+
+Module to populate a gitops repo with the Pact Broker deployment.
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform >= v0.15
+- kubectl
+
+### Terraform providers
+
+- None
+
+## Module dependencies 
+
+This module makes use of the output from other modules:
+
+- Cluster - github.com/ibm-garage-cloud/terraform-ibm-container-platform.git
+- Namespace - github.com/ibm-garage-clout/terraform-cluster-namespace.git
+- etc
+## Example usage
+
+```hcl-terraform
+module "gitops_pactbroker" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-pactbroker.git"
+
+  gitops_config = module.gitops.gitops_config
+  git_credentials = module.gitops.git_credentials
+  namespace = module.gitops_namespace.name
+  server_name = module.gitops.server_name
+}
+```
+
diff --git a/2-standard/1-aro/220-dev-tools/docs/gitops-repo.md b/2-standard/1-aro/220-dev-tools/docs/gitops-repo.md
new file mode 100644
index 0000000..37846fd
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/docs/gitops-repo.md
@@ -0,0 +1,56 @@
+# GitOps repo module
+
+Module that prepares a GitOps repo for use with ArgoCD. If the `provision` flag is `true` then a new git repo will be provisioned. If not, the provided repo name is expected to already exist.
+
+After cloning the git repo, an initial directory structure is set up along with bootstrap configuration to perform the initial setup of ArgoCD.
+
+## Supported git servers
+
+The module supports creating a repository in one of six different git servers:
+
+- GitHub
+- GitHub Enterprise
+- Gitlab
+- Bitbucket
+- Gitea
+- Azure DevOps
+
+The selection of the git server type is determined by the value provided for the `host`.
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform >= v0.15
+- git
+
+### Terraform providers
+
+- None
+
+## Module dependencies
+
+This module makes use of the output from other modules:
+
+- None
+
+## Example usage
+
+```hcl-terraform
+module "git" {
+  source = "github.com/cloud-native-toolkit/terraform-tools-gitops"
+
+  host = var.git_host
+  org  = var.git_org
+  repo = var.git_repo
+  username = var.git_username
+  token = var.git_token
+  project = var.git_project
+  gitops_namespace = var.gitops_namespace
+  sealed_secrets_cert = module.cert.cert
+  strict = var.gitops_strict
+}
+```
+
diff --git a/2-standard/1-aro/220-dev-tools/docs/gitops-sonarqube.md b/2-standard/1-aro/220-dev-tools/docs/gitops-sonarqube.md
new file mode 100644
index 0000000..58cd24c
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/docs/gitops-sonarqube.md
@@ -0,0 +1,42 @@
+# SonarQube gitops module
+
+Module to populate a gitops repo with the resources to deploy SonarQube
+
+
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform >= v0.15
+- kubectl
+
+### Terraform providers
+
+- IBM Cloud provider >= 1.5.3
+- Helm provider >= 1.1.1 (provided by Terraform)
+
+## Module dependencies
+
+This module makes use of the output from other modules:
+
+- Cluster - github.com/ibm-garage-cloud/terraform-ibm-container-platform.git
+- Namespace - github.com/ibm-garage-cloud/terraform-cluster-namespace.git
+- etc.
+
+## Example usage
+
+```hcl-terraform
+module "gitops_sonarqube" {
+  source = "https://github.com/cloud-native-toolkit/terraform-gitops-sonarqube"
+
+  gitops_config            = module.gitops.gitops_config
+  git_credentials          = module.gitops.git_credentials
+  namespace                = module.gitops_namespace.name
+  kubeseal_cert            = module.gitops.sealed_secrets_cert
+  server_name              = module.gitops.server_name
+}
+```
+
diff --git a/2-standard/1-aro/220-dev-tools/docs/gitops-swagger-editor.md b/2-standard/1-aro/220-dev-tools/docs/gitops-swagger-editor.md
new file mode 100644
index 0000000..25d1f35
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/docs/gitops-swagger-editor.md
@@ -0,0 +1,196 @@
+# Swagger Editor GitOps module
+Module to populate a gitops repository with the resources required to provision Swagger Editor.
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform - v12
+- kubectl
+
+### Terraform providers
+
+- IBM Cloud provider >= 1.5.3
+- Helm provider >= 1.1.1 (provided by Terraform)
+
+## Module dependencies
+
+This module makes use of the output from other modules:
+
+- GitOps - github.com/cloud-native-toolkit/terraform-tools-gitops.git
+- Namespace - github.com/cloud-native-toolkit/terraform-gitops-namespace.git
+- etc
+
+## Example usage
+
+```hcl-terraform
+module "swagger_editor" {
+  source = "https://github.com/cloud-native-toolkit/terraform-gitops-swagger-editor.git"
+  gitops_config = module.gitops.gitops_config
+  git_credentials = module.gitops.git_credentials
+  server_name = module.gitops.server_name
+  namespace = module.gitops_namespace.name
+  kubeseal_cert = module.gitops.sealed_secrets_cert
+}
+```
+
+## Anatomy of the GitOps module repository
+
+An automation modules is created from a template repository that includes a skeleton of the module logic and the automation framework to validate and release the module.
+
+### Module logic
+
+The module follows the naming convention of terraform modules:
+
+- **main.tf** - The logic for the module. The structure of the GitOps logic in the **main.tf** file is largely the same from GitOps module to the next with the difference being the yaml provided to populate the GitOps repo
+- **variables.tf** - The input variables for the module. A number of modules are defined by default in the module and should remain. Additional variables can be added as needed by the module.
+- **outputs.tf** - The output variables for the module. These are rarely used for GitOps modules but can provide values for downstream modules.
+- **version.tf** - The minimum required terraform version. Currently, this is defaulted to `v0.15`. If any terraform providers are required by the module they would be added here as well, although this is highly unlikely for GitOps modules.
+- **module.yaml** - The metadata descriptor for the module. Each of the automation modules provides a metadata file that describes the name, description, and external dependencies of the module. Metadata for the input variables can also be provided. When a release of the module is created, an automated workflow will supplement the contents of this file with the input and output variables defined in `variables.tf` and `outputs.tf` and publish the result to `index.yaml` on the `gh-pages` branch.
+- **scripts/create-yaml.sh** - Script to set up the payload yaml for the GitOps repository in a temporary directory from which the repository will be populated. This script should be customized for the requirements of the module.
+- **README.md** - The documentation for the module. An initial readme is provided with instructions at the top and a template for the module documentation at the bottom.
+
+### Module automation
+
+The automation modules rely heavily on [GitHub Actions](https://docs.github.com/en/actions/learn-github-actions/understanding-github-actions) automatically validate changes to the module and release new versions. The GitHub Action workflows are found in **.github/workflows**. There are three workflows provided by default:
+
+#### Verify and release module (verify.yaml)
+
+This workflow runs for pull requests against the `main` branch and when changes are pushed to the `main` branch.
+
+```yaml
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+```
+
+The `verify` job checks out the module and deploys the terraform template in the `test/stages` folder. (More on the details of this folder in a later section.) It applies the testcase(s) listed in the `strategy.matrix.testcase` variable against the terraform template to validate the module logic. It then runs the `.github/scripts/validate-deploy.sh` to verify that everything was deployed successfully. **Note:** This script should be customized to validate the resources provisioned by the module. After the deploy is completed, the destroy logic is also applied to validate the destroy logic and to clean up after the test. The parameters for the test case are defined in https://github.com/cloud-native-toolkit/action-module-verify/tree/main/env. New test cases can be added via pull request.
+
+The `verifyMetadata` job checks out the module and validates the module metadata against the module metadata schema to ensure the structure is valid.
+
+The `release` job creates a new release of the module. The job only runs if the `verify` and `verifyMetadata` jobs completed successfully AND if the workflow was started from a push to the `main` branch (i.e. not a change to a pull request). The job uses the **release-drafter/release-drafter** GitHub Action to create the release based on the configuration in `.github/release-drafter.yaml`. The configuration looks for labels on the pull request to determine the type of change for the release changelog (`enhancement`, `bug`, `chore`) and which portion of the version number to increment (`major`, `minor`, `patch`).
+
+#### Publish assets (publish-assets.yaml)
+
+This workflow runs when a new release is published (either manually or via an automated process).
+
+```yaml
+on:
+  release:
+    types:
+      - published
+```
+
+When a release is created, the module is checked out and the metadata is built and validated. If the metadata is checks out then it is published to the `gh-pages` branch as `index.yaml`
+
+#### Notify (notify.yaml)
+
+This workflow runs when a new release is published (either manually or via an automated process).
+
+```yaml
+on:
+  release:
+    types:
+      - published
+```
+
+When a release is created, a repository dispatch is sent out to the repositories listed in the `strategy.matrix.repo` variable. By default, the `automation-modules` and `ibm-garage-iteration-zero` repositories are notified. When those modules receive the notification, an automation workflow is triggered on their end to deal with the newly available module version.
+
+### Module metadata
+
+The module metadata adds extra descriptive information about the module that is used to build out the module catalog.
+
+```yaml
+name: ""
+type: gitops
+description: ""
+tags:
+  - tools
+  - gitops
+versions:
+  - platforms:
+      - kubernetes
+      - ocp3
+      - ocp4
+    dependencies:
+      - id: gitops
+        refs:
+          - source: github.com/cloud-native-toolkit/terraform-tools-gitops.git
+            version: ">= 1.1.0"
+      - id: namespace
+        refs:
+          - source: github.com/cloud-native-toolkit/terraform-gitops-namespace.git
+            version: ">= 1.0.0"
+    variables:
+      - name: gitops_config
+        moduleRef:
+          id: gitops
+          output: gitops_config
+      - name: git_credentials
+        moduleRef:
+          id: gitops
+          output: git_credentials
+      - name: server_name
+        moduleRef:
+          id: gitops
+          output: server_name
+      - name: namespace
+        moduleRef:
+          id: namespace
+          output: name
+      - name: kubeseal_cert
+        moduleRef:
+          id: gitops
+          output: sealed_secrets_cert
+```
+
+- **name** - The `name` field is required and must be unique among the other modules. This value is used to reference the module in the Bill of Materials.
+- **description** - The `description` should provide a summary of what the module does.
+- **tags** - The `tags` are used to provide searchable keywords related to the module.
+- **versions** - When the final module metadata is generated, the `versions` array will contain a different entry for each version with a snapshot of the inputs and outputs for that version. In the `module.yaml` file this array should contain a single entry that describes the current version's dependencies and inputs.
+- **versions[*].platforms** - The target cluster types and versions supported by the module
+- **versions[*].dependencies** - The external modules upon which this module depends. These dependencies are used to offload logic for which this module should not be responsible and retrieve the necessary values from the outputs of these dependencies. Additiaonlly, this allows resources to be shared between modules by referencing to the same external dependency instance.
+- **versions[*].variables** - Additional metadata provided for the input variables. When the metadata is generated for the release, the information for all the input variables is read from `variables.tf` and is supplemented with the information provided here. If there is no additional information to add to a variable it can be excluded from `module.yaml`. Examples of variable metadata that can be added: mapping the variable to the output of a dependency or setting the scope of the variable to `global`, `ignore`, or `module` (the default).
+
+**Note:** For most all GitOps modules, the initial dependencies and variable mappings should be preserved. Additional dependencies and variable definitions can be added as needed.
+
+**Note:** As a design point, the gitops module should ideally not have a direct dependency on the cluster and should instead depend (exclusively) on the gitops repository. That way, the cluster itself might be inaccessible by the automation process but the software can still be installed in the cluster so long as the gitops repository is accessible.
+
+### Module test logic
+
+The `test/stages` folder contains the terraform template needed to execute the module. By convention, each module is defined in its own file. Also by convention, all prereqs or dependencies for the module are named `stage1-xxx` and the module to be tested is named `stage2-xxx`. The default test templates in the GitOps repo are set up to provision a GitOps repository, log into a cluster, provision ArgoCD in the cluster and bootstrap it with the GitOps repository, provision a namespace via GitOps where the module will be deployed then apply the module logic. The end result of this test terraform template should be a cluster that has been provisioned with the components of the module via the GitOps repository.
+
+This test logic will run every time a change is made to the repository to ensure there are no regressions to the module.
+
+## GitOps repository structure
+
+The GitOps modules assume the repository has been divided into three different layers to separate the different types of resources that will be provisioned in the cluster:
+
+1. `infrastucture` - the infrastructure layer contains cluster-wide and/or privileged resources like namespaces, rbac configuration, service accounts, and security context constraints. Most modules won't directly use this layer but may use submodules to configure service accounts and rbac that will be put in this layer.
+2. `services` - the services layer contains shared middleware and software services that may be used by multiple applications deployed within the cluster. This includes things like databases, service mesh, api management software, or multi-tenanted development tools. Most components will be placed in this layer.
+3. `application` - the application layer is where the gitops configuration to deploy applications that make use of the shared services is placed. Often this configuration will be applied to the GitOps repo as part of a CI/CD process to manage the application lifecycle.
+
+Within the layers, there are three different types that can be applied:
+
+1. `operator` - operator deployments are organized in a particular way in the gitops repository
+2. `instances` - instances created from custom resources applied via an operator are organized in a different manner in the gitops repository
+3. `base` - basically everything that is not an operator or operator instance deployment falls in this category
+
+In order to simplify the process of managing the gitops repository structure and the different configuration options, a command has been provided in the `igc` cli to populate the gitops repo - `igc gitops-module`. The layer and type are provided as arguments to the command as well as the directory where the yaml for the module is located and the details about the gitops repo.
+
+The yaml used to define the resources required to deploy the component can be defined as kustomize scripts, a helm chart, or as raw yaml in the directory. In most cases we use helm charts to simplify the required input configuration.
+
+## Development
+
+### Adding logic and updating the test
+
+1. Start by implementing the logic in `main.tf`, adding required variables to `variables.tf` as necessary.
+2. Update the `test/stages/stage2-xxx.tf` file with any of the required variables.
+3. If the module has dependencies on other modules, add them as `test/stages/stage1-xxx.tf` and reference the output variables as variable inputs.
+4. Review the validation logic in `.github/scripts/validate-deploy.sh` and update as appropriate.
+5. Push the changes to the remote branch and review the check(s) on the pull request. If the checks fail, review the log and make the necessary adjustments.
+
+For more details on development and contribution,refer to https://github.com/cloud-native-toolkit/automation-modules/tree/main/md
diff --git a/2-standard/1-aro/220-dev-tools/docs/gitops-tekton-resources.md b/2-standard/1-aro/220-dev-tools/docs/gitops-tekton-resources.md
new file mode 100644
index 0000000..519ca56
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/docs/gitops-tekton-resources.md
@@ -0,0 +1,35 @@
+# Tekton Resources GitOps module
+
+Module to populate a gitops repo with Tekton resources (tasks and pipelines).
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform >= v0.15
+
+### Terraform providers
+
+- None
+
+## Module dependencies
+
+This module makes use of the output from other modules:
+
+- GitOps repo - github.com/cloud-native-toolkit/terraform-tools-gitops.git
+- Namespace - github.com/cloud-native-toolkit/terraform-gitops-namespace.git
+
+## Example usage
+
+```hcl-terraform
+module "tekton_resources" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-tekton-resources"
+
+  gitops_config = module.gitops.gitops_config
+  git_credentials = module.gitops.git_credentials
+  namespace = module.gitops_namespace.name
+}
+```
+
diff --git a/2-standard/1-aro/220-dev-tools/docs/util-clis.md b/2-standard/1-aro/220-dev-tools/docs/util-clis.md
new file mode 100644
index 0000000..a30397d
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/docs/util-clis.md
@@ -0,0 +1,45 @@
+# CLI module
+
+Module to download CLIs into local bin directory. This module is primarily intended to be used as a submodule within other modules. The CLIs currently supported are:
+
+- jq (jq)
+- yq v3 and v4 (yq)
+- igc (igc)
+- kubeseal (kubeseal)
+- gh cli (gh)
+- glab cli (glab)
+- rosa cli (rosa)
+- kustomize cli (kustomize)
+- ibmcloud cli (ibmcloud)
+- ibmcloud infrastructure plugin (ibmcloud-is)
+- ibmcloud observe plugin (ibmcloud-ob)
+- ibmcloud kubernetes service plugin (ibmcloud-ks)
+- ibmcloud container registry plugin (ibmcloud-cr)
+- universal git client (gitu)
+- OpenShift Installer (openshift-install-4.x[.y])
+
+
+The module outputs the bin directory for use by other modules.
+
+**Note:** This module uses an external data source to setup the clis. External data sources have a limitation in terms of real-time feedback of progress. To increase the visibility of what the module is doing, the data source writes logs to `clis-debug.log` in the current working directory.
+
+### Command-line tools
+
+- curl
+
+### Terraform providers
+
+None
+
+## Module dependencies
+
+None
+
+## Example usage
+
+```hcl-terraform
+module "clis" {
+  source = "github.com/cloud-native-toolkit/terraform-util-clis.git"
+}
+```
+
diff --git a/2-standard/1-aro/220-dev-tools/main.tf b/2-standard/1-aro/220-dev-tools/main.tf
new file mode 100644
index 0000000..31eeed2
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/main.tf
@@ -0,0 +1,124 @@
+module "gitops_repo" {
+  source = "github.com/cloud-native-toolkit/terraform-tools-gitops?ref=v1.22.1"
+
+  branch = var.gitops_repo_branch
+  debug = var.debug
+  gitea_host = var.gitops_repo_gitea_host
+  gitea_org = var.gitops_repo_gitea_org
+  gitea_token = var.gitops_repo_gitea_token
+  gitea_username = var.gitops_repo_gitea_username
+  gitops_namespace = var.gitops_repo_gitops_namespace
+  host = var.gitops_repo_host
+  org = var.gitops_repo_org
+  project = var.gitops_repo_project
+  public = var.gitops_repo_public
+  repo = var.gitops_repo_repo
+  sealed_secrets_cert = var.gitops_repo_sealed_secrets_cert
+  server_name = var.gitops_repo_server_name
+  strict = var.gitops_repo_strict
+  token = var.gitops_repo_token
+  type = var.gitops_repo_type
+  username = var.gitops_repo_username
+}
+module "gitops-artifactory" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-artifactory?ref=v1.3.0"
+
+  cluster_ingress_hostname = var.gitops-artifactory_cluster_ingress_hostname
+  cluster_type = var.gitops-artifactory_cluster_type
+  git_credentials = module.gitops_repo.git_credentials
+  gitops_config = module.gitops_repo.gitops_config
+  namespace = module.tools_namespace.name
+  persistence = var.gitops-artifactory_persistence
+  server_name = module.gitops_repo.server_name
+  storage_class = var.gitops-artifactory_storage_class
+  tls_secret_name = var.gitops-artifactory_tls_secret_name
+}
+module "gitops-buildah-unprivileged" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-buildah-unprivileged?ref=v1.1.1"
+
+  git_credentials = module.gitops_repo.git_credentials
+  gitops_config = module.gitops_repo.gitops_config
+  namespace = module.tools_namespace.name
+  server_name = module.gitops_repo.server_name
+}
+module "gitops-dashboard" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-dashboard?ref=v1.7.0"
+
+  cluster_ingress_hostname = var.gitops-dashboard_cluster_ingress_hostname
+  cluster_type = var.gitops-dashboard_cluster_type
+  git_credentials = module.gitops_repo.git_credentials
+  gitops_config = module.gitops_repo.gitops_config
+  image_tag = var.gitops-dashboard_image_tag
+  namespace = module.tools_namespace.name
+  server_name = module.gitops_repo.server_name
+  tls_secret_name = var.gitops-dashboard_tls_secret_name
+}
+module "gitops-pact-broker" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-pact-broker?ref=v1.2.0"
+
+  cluster_ingress_hostname = var.gitops-pact-broker_cluster_ingress_hostname
+  cluster_type = var.gitops-pact-broker_cluster_type
+  git_credentials = module.gitops_repo.git_credentials
+  gitops_config = module.gitops_repo.gitops_config
+  namespace = module.tools_namespace.name
+  server_name = module.gitops_repo.server_name
+  tls_secret_name = var.gitops-pact-broker_tls_secret_name
+}
+module "gitops-sonarqube" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-sonarqube?ref=v1.3.0"
+
+  cluster_ingress_hostname = var.gitops-sonarqube_cluster_ingress_hostname
+  cluster_type = var.gitops-sonarqube_cluster_type
+  cluster_version = var.gitops-sonarqube_cluster_version
+  git_credentials = module.gitops_repo.git_credentials
+  gitops_config = module.gitops_repo.gitops_config
+  hostname = var.gitops-sonarqube_hostname
+  kubeseal_cert = module.gitops_repo.sealed_secrets_cert
+  namespace = module.tools_namespace.name
+  persistence = var.gitops-sonarqube_persistence
+  plugins = var.gitops-sonarqube_plugins == null ? null : jsondecode(var.gitops-sonarqube_plugins)
+  server_name = module.gitops_repo.server_name
+  service_account_name = var.gitops-sonarqube_service_account_name
+  storage_class = var.gitops-sonarqube_storage_class
+  tls_secret_name = var.gitops-sonarqube_tls_secret_name
+}
+module "gitops-swagger-editor" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-swagger-editor?ref=v0.1.0"
+
+  cluster_ingress_hostname = var.gitops-swagger-editor_cluster_ingress_hostname
+  cluster_type = var.gitops-swagger-editor_cluster_type
+  enable_sso = var.gitops-swagger-editor_enable_sso
+  git_credentials = module.gitops_repo.git_credentials
+  gitops_config = module.gitops_repo.gitops_config
+  kubeseal_cert = module.gitops_repo.sealed_secrets_cert
+  namespace = module.tools_namespace.name
+  server_name = module.gitops_repo.server_name
+  tls_secret_name = var.gitops-swagger-editor_tls_secret_name
+}
+module "gitops-tekton-resources" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-tekton-resources?ref=v2.1.0"
+
+  git_credentials = module.gitops_repo.git_credentials
+  gitops_config = module.gitops_repo.gitops_config
+  namespace = module.tools_namespace.name
+  server_name = module.gitops_repo.server_name
+  task_release = var.gitops-tekton-resources_task_release
+}
+module "tools_namespace" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-namespace?ref=v1.12.2"
+
+  argocd_namespace = var.tools_namespace_argocd_namespace
+  ci = var.tools_namespace_ci
+  create_operator_group = var.tools_namespace_create_operator_group
+  git_credentials = module.gitops_repo.git_credentials
+  gitops_config = module.gitops_repo.gitops_config
+  name = var.tools_namespace_name
+  server_name = module.gitops_repo.server_name
+}
+module "util-clis" {
+  source = "cloud-native-toolkit/clis/util"
+  version = "1.17.2"
+
+  bin_dir = var.util-clis_bin_dir
+  clis = var.util-clis_clis == null ? null : jsondecode(var.util-clis_clis)
+}
diff --git a/2-standard/1-aro/220-dev-tools/providers.tf b/2-standard/1-aro/220-dev-tools/providers.tf
new file mode 100644
index 0000000..459ee95
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/providers.tf
@@ -0,0 +1,6 @@
+
+provider "gitops" {
+
+
+  bin_dir = module.util-clis.bin_dir
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/220-dev-tools/terragrunt.hcl b/2-standard/1-aro/220-dev-tools/terragrunt.hcl
new file mode 100644
index 0000000..94ccef4
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/terragrunt.hcl
@@ -0,0 +1,43 @@
+include "root" {
+  path = find_in_parent_folders()
+}
+
+locals {
+    dependencies = yamldecode(file("${get_parent_terragrunt_dir()}/layers.yaml"))
+
+    dep_200 = local.dependencies.names_200
+    mock_200 = local.dependencies.mock_200
+}
+
+// Reduce parallelism further for this layer
+terraform {
+  extra_arguments "reduced_parallelism" {
+    commands  = get_terraform_commands_that_need_parallelism()
+    arguments = ["-parallelism=2"]
+  }
+}
+
+dependency "gitops" {
+  config_path = fileexists("${get_parent_terragrunt_dir()}/${local.dep_200}/terragrunt.hcl") ? "${get_parent_terragrunt_dir()}/${local.dep_200}" : "${get_parent_terragrunt_dir()}/.mocks/${local.mock_200}"
+  skip_outputs = fileexists("${get_parent_terragrunt_dir()}/${local.dep_200}/terragrunt.hcl") ? false : true
+  # skip_outputs = true
+
+  mock_outputs_allowed_terraform_commands = ["validate", "init", "plan", "destroy", "output"]
+  mock_outputs = {
+    gitops_host = ""
+    gitops_org = ""
+    gitops_name = ""
+    gitops_project = ""
+    gitops_username = ""
+    gitops_token = ""
+  }
+}
+
+inputs = {
+  gitops_repo_host = dependency.gitops.outputs.gitops_host
+  gitops_repo_org = dependency.gitops.outputs.gitops_org
+  gitops_repo_repo = dependency.gitops.outputs.gitops_name
+  gitops_repo_project = dependency.gitops.outputs.gitops_project
+  gitops_repo_username = dependency.gitops.outputs.gitops_username
+  gitops_repo_token = dependency.gitops.outputs.gitops_token
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/220-dev-tools/variables.tf b/2-standard/1-aro/220-dev-tools/variables.tf
new file mode 100644
index 0000000..5a863ab
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/variables.tf
@@ -0,0 +1,249 @@
+variable "gitops-artifactory_cluster_ingress_hostname" {
+  type = string
+  description = "Ingress hostname of the IKS cluster."
+  default = ""
+}
+variable "gitops-artifactory_cluster_type" {
+  type = string
+  description = "The cluster type (openshift or ocp3 or ocp4 or kubernetes)"
+  default = "ocp4"
+}
+variable "gitops-artifactory_tls_secret_name" {
+  type = string
+  description = "The name of the secret containing the tls certificate values"
+  default = ""
+}
+variable "gitops-artifactory_storage_class" {
+  type = string
+  description = "The storage class to use for the persistent volume claim"
+  default = ""
+}
+variable "gitops-artifactory_persistence" {
+  type = bool
+  description = "Flag to indicate if persistence should be enabled"
+  default = true
+}
+variable "gitops-dashboard_cluster_type" {
+  type = string
+  description = "The cluster type (openshift or ocp3 or ocp4 or kubernetes)"
+  default = "openshift"
+}
+variable "gitops-dashboard_cluster_ingress_hostname" {
+  type = string
+  description = "Ingress hostname of the IKS cluster."
+  default = ""
+}
+variable "gitops-dashboard_tls_secret_name" {
+  type = string
+  description = "The name of the secret containing the tls certificate values"
+  default = ""
+}
+variable "gitops-dashboard_image_tag" {
+  type = string
+  description = "The image version tag to use"
+  default = "v1.4.4"
+}
+variable "tools_namespace_name" {
+  type = string
+  description = "The value that should be used for the namespace"
+  default = "tools"
+}
+variable "tools_namespace_ci" {
+  type = bool
+  description = "Flag indicating that this namespace will be used for development (e.g. configmaps and secrets)"
+  default = false
+}
+variable "tools_namespace_create_operator_group" {
+  type = bool
+  description = "Flag indicating that an operator group should be created in the namespace"
+  default = true
+}
+variable "tools_namespace_argocd_namespace" {
+  type = string
+  description = "The namespace where argocd has been deployed"
+  default = "openshift-gitops"
+}
+variable "gitops-pact-broker_cluster_type" {
+  type = string
+  description = "The cluster type (openshift or ocp3 or ocp4 or kubernetes)"
+  default = "ocp4"
+}
+variable "gitops-pact-broker_cluster_ingress_hostname" {
+  type = string
+  description = "Ingress hostname of the IKS cluster."
+  default = ""
+}
+variable "gitops-pact-broker_tls_secret_name" {
+  type = string
+  description = "The name of the secret containing the tls certificate values"
+  default = ""
+}
+variable "gitops_repo_host" {
+  type = string
+  description = "The host for the git repository. The git host used can be a GitHub, GitHub Enterprise, Gitlab, Bitbucket, Gitea or Azure DevOps server. If the host is null assumes in-cluster Gitea instance will be used."
+  default = ""
+}
+variable "gitops_repo_type" {
+  type = string
+  description = "[Deprecated] The type of the hosted git repository."
+  default = ""
+}
+variable "gitops_repo_org" {
+  type = string
+  description = "The org/group where the git repository exists/will be provisioned. If the value is left blank then the username org will be used."
+  default = ""
+}
+variable "gitops_repo_project" {
+  type = string
+  description = "The project that will be used for the git repo. (Primarily used for Azure DevOps repos)"
+  default = ""
+}
+variable "gitops_repo_username" {
+  type = string
+  description = "The username of the user with access to the repository"
+  default = ""
+}
+variable "gitops_repo_token" {
+  type = string
+  description = "The personal access token used to access the repository"
+  default = ""
+}
+variable "gitops_repo_gitea_host" {
+  type = string
+  description = "The host for the default gitea repository."
+  default = ""
+}
+variable "gitops_repo_gitea_org" {
+  type = string
+  description = "The org/group for the default gitea repository. If not provided, the value will default to the username org"
+  default = ""
+}
+variable "gitops_repo_gitea_username" {
+  type = string
+  description = "The username of the default gitea repository"
+  default = ""
+}
+variable "gitops_repo_gitea_token" {
+  type = string
+  description = "The personal access token used to access the repository"
+  default = ""
+}
+variable "gitops_repo_repo" {
+  type = string
+  description = "The short name of the repository (i.e. the part after the org/group name)"
+}
+variable "gitops_repo_branch" {
+  type = string
+  description = "The name of the branch that will be used. If the repo already exists (provision=false) then it is assumed this branch already exists as well"
+  default = "main"
+}
+variable "gitops_repo_public" {
+  type = bool
+  description = "Flag indicating that the repo should be public or private"
+  default = false
+}
+variable "gitops_repo_gitops_namespace" {
+  type = string
+  description = "The namespace where ArgoCD is running in the cluster"
+  default = "openshift-gitops"
+}
+variable "gitops_repo_server_name" {
+  type = string
+  description = "The name of the cluster that will be configured via gitops. This is used to separate the config by cluster"
+  default = "default"
+}
+variable "gitops_repo_sealed_secrets_cert" {
+  type = string
+  description = "The certificate/public key used to encrypt the sealed secrets"
+  default = ""
+}
+variable "gitops_repo_strict" {
+  type = bool
+  description = "Flag indicating that an error should be thrown if the repo already exists"
+  default = false
+}
+variable "debug" {
+  type = bool
+  description = "Flag indicating that debug loggging should be enabled"
+  default = false
+}
+variable "gitops-sonarqube_cluster_ingress_hostname" {
+  type = string
+  description = "Ingress hostname of the IKS cluster."
+  default = ""
+}
+variable "gitops-sonarqube_cluster_type" {
+  type = string
+  description = "The cluster type (openshift or ocp3 or ocp4 or kubernetes)"
+  default = "ocp4"
+}
+variable "gitops-sonarqube_tls_secret_name" {
+  type = string
+  description = "The name of the secret containing the tls certificate values"
+  default = ""
+}
+variable "gitops-sonarqube_storage_class" {
+  type = string
+  description = "The storage class to use for the persistent volume claim"
+  default = ""
+}
+variable "gitops-sonarqube_service_account_name" {
+  type = string
+  description = "The name of the service account that should be used for the deployment"
+  default = "sonarqube-sonarqube"
+}
+variable "gitops-sonarqube_plugins" {
+  type = string
+  description = "The list of plugins that will be installed on SonarQube"
+  default = "[\"https://github.com/checkstyle/sonar-checkstyle/releases/download/4.33/checkstyle-sonar-plugin-4.33.jar\",\"https://github.com/AmadeusITGroup/sonar-stash/releases/download/1.6.0/sonar-stash-plugin-1.6.0.jar\"]"
+}
+variable "gitops-sonarqube_hostname" {
+  type = string
+  description = "The hostname that will be used for the ingress/route"
+  default = "sonarqube"
+}
+variable "gitops-sonarqube_persistence" {
+  type = bool
+  description = "Flag indicating that persistence should be enabled for the pods"
+  default = false
+}
+variable "gitops-sonarqube_cluster_version" {
+  type = string
+  description = "The cluster version"
+  default = ""
+}
+variable "gitops-swagger-editor_enable_sso" {
+  type = bool
+  description = "Flag indicating if oauth should be applied (only available for OpenShift)"
+  default = true
+}
+variable "gitops-swagger-editor_tls_secret_name" {
+  type = string
+  description = "The name of the secret containing the tls certificate values"
+  default = ""
+}
+variable "gitops-swagger-editor_cluster_ingress_hostname" {
+  type = string
+  description = "Ingress hostname of the cluster."
+  default = ""
+}
+variable "gitops-swagger-editor_cluster_type" {
+  type = string
+  description = "The cluster type (openshift or kubernetes)"
+  default = "openshift"
+}
+variable "gitops-tekton-resources_task_release" {
+  type = string
+  description = "The release version of the tekton tasks"
+  default = "v3.0.3"
+}
+variable "util-clis_bin_dir" {
+  type = string
+  description = "The directory where the clis should be downloaded. If not provided will default to ./bin"
+  default = ""
+}
+variable "util-clis_clis" {
+  type = string
+  description = "The list of clis that should be made available in the bin directory. Supported values are yq, jq, igc, helm, argocd, rosa, gh, glab, and kubeseal. (If not provided the list will default to yq, jq, and igc)"
+  default = "[\"yq\",\"jq\",\"igc\"]"
+}
diff --git a/2-standard/1-aro/220-dev-tools/version.tf b/2-standard/1-aro/220-dev-tools/version.tf
new file mode 100644
index 0000000..5034007
--- /dev/null
+++ b/2-standard/1-aro/220-dev-tools/version.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    gitops = {
+      source = "cloud-native-toolkit/gitops"
+    }
+
+  }
+}
\ No newline at end of file
diff --git a/2-standard/1-aro/README.md b/2-standard/1-aro/README.md
new file mode 100644
index 0000000..b89391c
--- /dev/null
+++ b/2-standard/1-aro/README.md
@@ -0,0 +1,187 @@
+# Azure Quick Start Reference Architecture - Azure RedHat OpenShift (ARO)
+
+Automation to provision the Quick Start reference architecture on Azure. This architecture implements the minimum infrastructure required to stand up a managed Red Hat OpenShift cluster with public endpoints.
+
+## Reference Architecture
+
+![QuickStart](architecture.png)
+
+The automation is delivered in a number of layers that are applied in order. Layer (such as `200`) provisions the infrastructure including the Red Hat OpenShift cluster and the remaining layers provide configuration inside the cluster. Each layer depends on resources provided in the layer before it (e.g. `200` depends on `105`). Where two layers have the same numbers (e.g. `210`), you have a choice of which layer to apply.
+
+
+<table>
+<thead>
+<tr>
+<th>Layer name</th>
+<th>Layer description</th>
+<th>Provided resources</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>105 - IBM VPC OpenShift</td>
+<td>This layer provisions the Azure infrastructure and OpenShift. It will create a new VNet and other networking components required to support the OpenShift cluster. An existing registered DNS zone for the required domain name is required (refer to prerequisites).</td>
+<td>
+<h4>Network</h4>
+<ul>
+<li>Virtual network</li>
+<li>VNet Master and Worker Subnets</li>
+<li>Network Security Group</li>
+<li>Inbound and outbound Load Balancer</li>
+<li>Red Hat OpenShift cluster</li>
+</ul>
+</td>
+</tr>
+
+<tr>
+<td>200 - IBM OpenShift Gitops</td>
+<td>This layer provisions OpenShift CI/CD tools into the cluster, a GitOps repository, and bootstraps the repository to the OpenShift Gitops instance.</td>
+<td>
+<h4>Software</h4>
+<ul>
+<li>OpenShift GitOps (ArgoCD)</li>
+<li>OpenShift Pipelines (Tekton)</li>
+<li>Sealed Secrets (Kubeseal)</li>
+<li>GitOps repo</li>
+</ul>
+</td>
+</tr>
+<tr>
+
+<tr>
+<td>210 - Azure Storage</td>
+<td>The storage layer has two options - default or Portworx. The default option uses Azure's storage for OpenShift persistent volumes. For quickstart, this is Premium_LRS. Other options can be configured post implementation through the OpenShift console. The Portworx option implements either a Portworx Essentials or Portworx Enterprise deployment onto the OpenShift cluster. The type of Portworx deployment is determined by the supplied Portworx specification file. </td>
+<td>
+<h4>Default</h4>
+<ul>
+<li>Azure storage class
+</ul>
+<h4>Portworx</h4>
+<ul>
+<li>Portworx operator</li>
+<li>Portworx storage classes</li>
+</ul>
+</td>
+</tr>
+
+<tr>
+<td>220 - Dev Tools</td>
+<td>The dev tools layer installs standard continuous integration (CI) pipelines that integrate with tools that support the software development lifecycle.</td>
+<td>
+<h4>Software</h4>
+<ul>
+<li>Artifactory</li>
+<li>Developer Dashboard</li>
+<li>Pact Broker</li>
+<li>Sonarqube</li>
+<li>Tekton Resources</li>
+</ul>
+</td>
+</tr>
+
+</tbody>
+</table>
+
+## Automation
+
+### Prerequisites
+
+1. Access to an Azure account with "Owner" and "User Access Administrator" roles in an Azure Subscription. The user must be able to create a service principal per the below prerequisite.
+
+2. Install [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli).
+    This is required to setup the service principal per the below instructions and to setup the ARO cluster. If using the container approach, the CLI is included in the cli-tools image.
+
+4. [Create a Service Principal](https://github.com/openshift/installer/blob/d0f7654bc4a0cf73392371962aef68cd9552b5dd/docs/user/azure/credentials.md) with proper IAM roles.
+    1. Create the service principal account if it does not already exist:
+        ```shell
+         az ad sp create-for-rbac --role Contributor --name <service_principal_name> --scopes /subscriptions/$SUBSCRIPTION_ID
+        ```
+        where SUBSCRIPTION_ID is the Azure subscription where the cluster is to be deployed and `service_principal_name` is the name to be assigned to the service principal. 
+        Make a copy of the details provided
+        ```json
+        "addId":"<this is the CLIENT_ID value>",
+        "displayName":"<service principal name>",
+        "password":"<this is the CLIENT_SECRET value>",
+        "tenant":"<this is the TENANT_ID value>"
+        ```
+
+    1. Give permissions to the service principal to create other service principals and the ARO cluster (refer [here](./sp-setup.md) for details)
+
+5. Get your [OpenShift installer pull secret](https://console.redhat.com/openshift/install/pull-secret) and save it in `./pull-secret`. If a pull secret is not included, the ARO cluster will still be deployed, however, it will not have access to additional Red Hat features.
+
+6. (Optional) Install and start Colima to run the terraform tools in a local bootstrapped container image.
+
+    ```shell
+    brew install docker colima
+    colima start
+    ```
+
+### Setup
+
+1. Clone this repository to your local SRE laptop or into a secure terminal. Open a shell into the cloned directory.
+2. Copy **credentials.template** to **credentials.properties**.
+    ```shell
+    cp credentials.template credentials.properties
+    ```
+3. Provide values for the variables in **credentials.properties** (**Note:** `*.properties` has been added to **.gitignore** to ensure that the file containing the apikey cannot be checked into Git.)
+    - **TF_VAR_subscription_id** - The Azure subscription id where the cluster will be deployed
+    - **TF_VAR_tenant_id** - The Azure tenant id that owns the subscription
+    - **TV_VAR_client_id** - The id of the service principal with Owner and User Administrator access to the subscription for cluster creation
+    - **TV_VAR_client_secret** - The password of the service principal with Owner and User Administrator access to the subscription for cluster creation
+    - **TV_VAR_pull_secret** - The contents of the Red Hat OpenShift pull secret downloaded in the prerequsite steps
+    - **TF_VAR_acme_registration_email** - (Optional) If using an auto-generated ingress certificate, this is the email address with which to register the certificate with LetsEncrypt.
+    - **TF_VAR_testing** - This value is used to determine whether testing or staging variables should be utilised. Lease as `none` for production deployments. A value other than `none` will request in a non-production deployment.
+    - **TF_VAR_portworx_spec** - A base64 encoded string of the Portworx specificatin yaml file. If left blank and using Portworx, ensure you specify the path to the Portworx specification yaml file in the `terraform.tfvars` file. For a Portworx implementation, either the `portworx_spec` or the `portworx_spec_file` values must be specified. If neither if specified, Portworx will not implement correctly.
+    - **TF_VAR_gitops_repo_username** - The username for the gitops repository (leave blank if using GiTea)
+    - **TF_VAR_gitops_repo_token** - The access token for the gitops repository (leave blank if using GiTea)
+    - **TF_VAR_gitops_repo_org** - The organisation for the gitops repository (leave blank if using a personal repository or using GiTea)
+
+4. Run **./launch.sh**. This will start a container image with the prompt opened in the `/terraform` directory, pointed to the repo directory.
+5. Create a working copy of the terraform by running **./setup-workspace.sh**. The script makes a copy of the terraform in `/workspaces/current` and set up a "terraform.tfvars" file populated with default values. The script can be run interactively by just running **./setup-workspace.sh** or by providing command line parameters as specified below.
+    ```
+    Usage: setup-workspace.sh [-f FLAVOR] [-s STORAGE] [-c CERT_TYPE] [-r REGION] [-n PREFIX_NAME]
+    
+    where:
+      - **FLAVOR** - the type of deployment `quickstart`, `standard` or `advanced`. If not provided, will default to quickstart.
+      - **STORAGE** - The storage provider. Possible options are `portworx` or `odf`. If not provided as an argument, a prompt will be shown.
+      - **CERT_TYPE** - The type of ingress certificate to apply. Possible options are `acme` or `byo`. Acme will obtain certificates from LetsEncrypt for the new cluster. BYO requires providing the paths to valid certificates in the **terraform.tfvars** file.
+      - **REGION** - the Azure location where the infrastructure will be provided ([available regions](https://docs.microsoft.com/en-us/azure/availability-zones/az-overview)). Codes for each location can be obtained from the CLI using,
+            ```shell
+            az account list-locations -o table
+            ```
+        If not provided the value defaults to `eastus`
+      - **PREFIX_NAME** - the name prefix that should be added to all the resources. If not provided a prefix will not be added.
+    ```
+6. Change the directory to the current workspace where the automation was configured (e.g. `/workspaces/current`).
+7. Inspect **terraform.tfvars** to see if there are any variables that should be changed. (The **setup-workspace.sh** script has generated **terraform.tfvars** with default values. At a minimum, modify the ***base_domain_name*** and ***resource_group_name*** values to suit the Azure DNS zone configured in the prerequisite steps. )
+    - **base_domain_name** - the full subdomain delegated to Azure in the DNS zone (for example ocp.azure.example.com)
+    - **resource_group_name** - the Azure resource group where the DNS zone has been defined
+
+    **Note:** A soft link has been created to the **terraform.tfvars** in each of the terraform subdirectories so the configuration is shared between all of them. 
+
+#### Run all the terraform layers automatically
+
+From the **/workspace/current** directory, run the following:
+
+```
+./apply-all.sh -a
+```
+
+The script will run through each of the terraform layers in sequence to provision the entire infrastructure.
+
+#### Run all the terraform layers manually
+
+From the **/workspace/current** directory, change directory into each of the layer subdirectories and run the following:
+
+```shell
+terragrunt init
+terragrunt apply -auto-approve
+```
+
+### Obtain login information
+
+Once the installation is complete, the login details can be obtained using the following steps:
+```
+$ az aro list -o table
+$ az aro list-credentials -c <cluster_name> -g <resource_group>
+```
diff --git a/2-standard/1-aro/launch.sh b/2-standard/1-aro/launch.sh
new file mode 100755
index 0000000..1d9d282
--- /dev/null
+++ b/2-standard/1-aro/launch.sh
@@ -0,0 +1,102 @@
+#!/bin/bash
+
+# IBM GSI Ecosystem Lab
+
+SCRIPT_DIR="$(cd $(dirname "$0"); pwd -P)"
+SRC_DIR="${SCRIPT_DIR}/automation"
+
+AUTOMATION_BASE=$(basename "${SCRIPT_DIR}")
+
+if [[ "$1" == "-h" ]] || [[ "$1" == "--help" ]]; then
+  echo "Usage: launch.sh [{docker cmd}] [--pull]"
+  echo "  where:"
+  echo "    {docker cmd} is the docker command that should be used (e.g. docker, podman). Defaults to docker"
+  echo "    --pull is a flag indicating the latest version of the container image should be pulled"
+  exit 0
+fi
+
+DOCKER_CMD="docker"
+if [[ -n "$1" ]] && [[ "$1" != "--pull" ]]; then
+  DOCKER_CMD="${1:-docker}"
+fi
+
+if [[ ! -d "${SRC_DIR}" ]]; then
+  SRC_DIR="${SCRIPT_DIR}"
+fi
+
+# check if colima is installed, and apply dns override if no override file already exists
+if command -v colima &> /dev/null
+then
+  if [ ! -f ~/.lima/_config/override.yaml ]; then
+    echo "applying colima dns override..."
+
+    COLIMA_STATUS="$(colima status 2>&1)"
+    SUB='colima is running'
+    if [[ "$COLIMA_STATUS" == *"$SUB"* ]]; then
+      echo "stopping colima"
+      colima stop
+    fi
+
+    echo "writing ~/.lima/_config/override.yaml"
+    mkdir -p ~/.lima/_config
+    printf "useHostResolver: false\ndns:\n- 8.8.8.8" > ~/.lima/_config/override.yaml
+
+    if [[ "$COLIMA_STATUS" == *"$SUB"* ]]; then
+      echo "restarting colima"
+      colima start
+    fi
+  fi
+fi
+
+
+DOCKER_IMAGE="quay.io/cloudnativetoolkit/cli-tools:v1.2-v2.2.19"
+#IBM DOCKER_IMAGE="quay.io/cloudnativetoolkit/cli-tools-ibmcloud:v1.2-v0.4.23"
+#AWS DOCKER_IMAGE="quay.io/cloudnativetoolkit/cli-tools-aws:v1.2-v0.3.19"
+#AZURE DOCKER_IMAGE="quay.io/cloudnativetoolkit/cli-tools-azure:v1.2-v0.4.19"
+
+SUFFIX=$(echo $(basename ${SCRIPT_DIR}) | base64 | sed -E "s/[^a-zA-Z0-9_.-]//g" | sed -E "s/.*(.{5})/\1/g")
+CONTAINER_NAME="cli-tools-${SUFFIX}"
+
+echo "Cleaning up old container: ${CONTAINER_NAME}"
+
+${DOCKER_CMD} kill ${CONTAINER_NAME} 1> /dev/null 2> /dev/null
+${DOCKER_CMD} rm ${CONTAINER_NAME} 1> /dev/null 2> /dev/null
+
+ARG_ARRAY=( "$@" )
+
+if [[ " ${ARG_ARRAY[*]} " =~ " --pull " ]]; then
+  echo "Pulling container image: ${DOCKER_IMAGE}"
+  ${DOCKER_CMD} pull "${DOCKER_IMAGE}"
+fi
+
+
+ENV_VARS=""
+if [[ -f "credentials.properties" ]]; then
+  echo "parsing credentials.properties..."
+  props=$(grep -v '^#' credentials.properties)
+  while read line ; do
+    #remove export statement prefixes
+    CLEAN="$(echo $line | sed 's/export //' )"
+
+    #parse key-value pairs
+    IFS=' =' read -r KEY VALUE <<< ${CLEAN//\"/ }
+
+    # don't add an empty key
+    if [[ -n "${KEY}" ]]; then
+      ENV_VARS="-e $KEY=$VALUE $ENV_VARS"
+    fi
+  done <<< "$props"
+fi
+
+
+echo "Initializing container ${CONTAINER_NAME} from ${DOCKER_IMAGE}"
+${DOCKER_CMD} run -itd --name ${CONTAINER_NAME} \
+   --device /dev/net/tun --cap-add=NET_ADMIN \
+   -v "${SRC_DIR}:/terraform" \
+   -v "workspace-${AUTOMATION_BASE}-${UID}:/workspaces" \
+   ${ENV_VARS} \
+   -w /terraform \
+   ${DOCKER_IMAGE}
+
+echo "Attaching to running container..."
+${DOCKER_CMD} attach ${CONTAINER_NAME}
diff --git a/2-standard/1-aro/layers.yaml b/2-standard/1-aro/layers.yaml
new file mode 100644
index 0000000..f80483e
--- /dev/null
+++ b/2-standard/1-aro/layers.yaml
@@ -0,0 +1,10 @@
+names_101: "101-azure-vnet-std"
+mock_101: "mock"
+names_105: "105-azure-aro-std"
+mock_105: "mock"
+names_200: "200-openshift-gitops"
+mock_200: "mock"
+names_210:
+  - "210-azure-default-storage"
+  - "210-azure-portworx-storage"
+names_220: "220-dev-tools"
\ No newline at end of file
diff --git a/2-standard/1-aro/terragrunt.hcl b/2-standard/1-aro/terragrunt.hcl
new file mode 100644
index 0000000..dfb5d46
--- /dev/null
+++ b/2-standard/1-aro/terragrunt.hcl
@@ -0,0 +1,36 @@
+terraform {
+  # Connect to VPN if required for terraform (checks the bom.yaml)
+  before_hook "check_vpn" {
+      commands        = ["apply","plan","destroy","validate","output"]
+      execute         = ["bash", "${get_parent_terragrunt_dir()}/check-vpn.sh"]
+      run_on_error    = true
+  }
+  # Reduce number of parallel executions to improve reliability with github actions
+  extra_arguments "reduced_parallelism" {
+    commands  = get_terraform_commands_that_need_parallelism()
+    arguments = ["-parallelism=6"]
+  }
+  # Include common TFVAR variables
+  extra_arguments "common_vars" {
+    commands = get_terraform_commands_that_need_vars()
+
+    required_var_files = [
+      "${get_parent_terragrunt_dir()}/cluster.tfvars",
+      "${get_parent_terragrunt_dir()}/gitops.tfvars"
+    ]
+  }
+}
+
+retryable_errors = [
+  "(?s).*igc gitops-module.*",
+  "(?s).*Error.*failed.*timed out waiting for the condition.*",
+  "(?s).*Error.*timed out waiting for the condition.*",
+  "(?s).*Error.*Error logging in to.*",
+  "(?s).*Error creating repo.*",
+  "(?s).*Error: Kubernetes cluster unreachable.*",
+  "(?s).x509: certificate signed by unknown authority.*"
+]
+
+retry_sleep_interval_sec = 60
+retry_max_attempts = 5
+skip = true
\ No newline at end of file
diff --git a/check-vpn.sh b/check-vpn.sh
new file mode 100755
index 0000000..a65a94d
--- /dev/null
+++ b/check-vpn.sh
@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+
+ROOT_DIRECTORY=$(cd $(dirname "$0"); pwd -P)
+BOM_DIRECTORY="${PWD}"
+
+VPN_REQUIRED=$(grep "vpn/required" "${BOM_DIRECTORY}/bom.yaml" | sed -E "s~[^:]+: [\"'](.*)[\"']~\1~g")
+USER=$(whoami)
+
+RUNNING_PROCESSES=$(ps -ef)
+VPN_RUNNING=$(echo "${RUNNING_PROCESSES}" | grep "openvpn --config")
+
+if [[ "${VPN_REQUIRED}" == "true" ]]; then
+
+  if [[ -n "${VPN_RUNNING}" ]]; then
+    echo "VPN required but it is already running"
+  elif command -v openvpn 1> /dev/null 2> /dev/null; then
+    OVPN_FILE=$(find "${ROOT_DIRECTORY}" -name "*.ovpn" | head -1)
+
+    if [[ -z "${OVPN_FILE}" ]]; then
+      echo "VPN profile not found."
+      exit 1
+    fi
+
+    echo "Connecting to vpn with profile: ${OVPN_FILE}"
+    if [[ "${UID}" -eq 0 ]]; then
+      exec 1<&-
+      exec 2<&-
+      openvpn --config "${OVPN_FILE}" || true &
+    elif [[ "${USER}" == "runner" ]]; then    # Caters for self hosted runner image
+      exec 1<&-
+      exec 2<&-
+      openvpn --config "${OVPN_FILE}" || true &
+    else
+      exec 1<&-
+      exec 2<&-
+      sudo openvpn --config "${OVPN_FILE}" || true &    
+    fi
+  else
+    echo "VPN connection required but unable to create the connection automatically. Please connect to your vpn instance using the .ovpn profile within the 101-azure-vnet-std directory and re-run apply-all.sh."
+    exit 1
+  fi
+else
+  if [[ -n "${VPN_RUNNING}" ]]; then
+    echo "VPN not required but it is already running, shutting down"
+        if [[ "${UID}" -eq 0 ]]; then
+      VPN_PID=$(ps xua | grep "openvpn --config" | grep -v grep | awk '{print$1}')
+      kill "${VPN_PID}"
+    elif [[ "${USER}" == "runner" ]]; then    # Caters for self hosted runner image
+      VPN_PID=$(ps xua | grep "openvpn --config" | grep -v grep | awk '{print$2}')
+      kill "${VPN_PID}"
+    else
+      VPN_PID=$(ps xua | grep "openvpn --config" | grep -v grep | awk '{print$1}')
+      sudo kill "${VPN_PID}"
+    fi  
+  else
+    echo "VPN not required"
+  fi
+fi
\ No newline at end of file
diff --git a/launch.sh b/launch.sh
index 448a398..c5aa355 100755
--- a/launch.sh
+++ b/launch.sh
@@ -28,11 +28,12 @@ fi
 
 echo "Initializing container ${CONTAINER_NAME} from ${DOCKER_IMAGE}"
 ${DOCKER_CMD} run -itd --name ${CONTAINER_NAME} \
-   -v ${SRC_DIR}:/terraform \
-   -v workspace:/workspaces \
-   ${ENV_FILE} \
-   -w /terraform \
-   ${DOCKER_IMAGE}
+  --device /dev/net/tun --cap-add=NET_ADMIN \
+  -v ${SRC_DIR}:/terraform \
+  -v workspace:/workspaces \
+  ${ENV_FILE} \
+  -w /terraform \
+  ${DOCKER_IMAGE}
 
 echo "Attaching to running container..."
 ${DOCKER_CMD} attach ${CONTAINER_NAME}
diff --git a/setup-workspace.sh b/setup-workspace.sh
index af33398..5684568 100755
--- a/setup-workspace.sh
+++ b/setup-workspace.sh
@@ -166,13 +166,13 @@ echo "Setting up workspace for ${FLAVOR} in ${WORKSPACE_DIR}"
 echo "*****"
 
 if [[ -n "${PREFIX_NAME}" ]]; then
-  PREFIX_NAME="${PREFIX_NAME}-"
+  PREFIX_NAME="${PREFIX_NAME}"
 else
   chars=abcdefghijklmnopqrstuvwxyz0123456789
   for i in {1..5}; do
       NAME+=${chars:RANDOM%${#chars}:1}
   done
-  PREFIX_NAME="${NAME}-"
+  PREFIX_NAME="${NAME}"
 fi
 
 if [[ -z "${GIT_HOST}" ]]; then
@@ -201,7 +201,7 @@ fi
 cp "${SCRIPT_DIR}/apply-all.sh" "${WORKSPACE_DIR}"
 cp "${SCRIPT_DIR}/plan-all.sh" "${WORKSPACE_DIR}"
 cp "${SCRIPT_DIR}/destroy-all.sh" "${WORKSPACE_DIR}"
-# cp "${SCRIPT_DIR}/check-vpn.sh" "${WORKSPACE_DIR}/check-vpn.sh"
+cp "${SCRIPT_DIR}/check-vpn.sh" "${WORKSPACE_DIR}/check-vpn.sh"
 cp -R "${SCRIPT_DIR}/${FLAVOR_DIR}/.mocks" "${WORKSPACE_DIR}"
 cp "${SCRIPT_DIR}/${FLAVOR_DIR}/layers.yaml" "${WORKSPACE_DIR}"
 cp "${SCRIPT_DIR}/${FLAVOR_DIR}/terragrunt.hcl" "${WORKSPACE_DIR}"
diff --git a/terraform.tfvars.template-standard-aro b/terraform.tfvars.template-standard-aro
new file mode 100644
index 0000000..dbe1dcd
--- /dev/null
+++ b/terraform.tfvars.template-standard-aro
@@ -0,0 +1,32 @@
+## OpenShift Cluster Prefix
+cluster_name="PREFIX-std"
+
+## Name prefix for VNet and other components
+name_prefix="PREFIX"
+
+## Resource group name for the networking components
+resource_group_name="PREFIX-rg"
+
+## Azure region into which to deploy
+region="REGION"
+
+## The number of worker nodes to create
+cluster__count=3
+
+## The type of worker nodes to create
+cluster_flavor="Standard_D4s_v3"
+
+######################
+####  Portworx storage
+
+# Uncomment and include the path to the Portworx spec file (refer to https://github.com/cloud-native-toolkit/terraform-azure-portworx) if using the portworx storage
+# Make sure this path is visible from where you are running terraform/terragrunt.
+# If you are using the container approach, put the spec file into the root path for the cloned repository. This will be visible as /terraform in the container.
+# The spec file would then be at /terraform/<px-filename> within the container.
+#azure-portworx_portworx_spec_file=""
+
+# Alternately, the base64 encoded portworx yaml file can be put into the credentials.properties file.
+
+## Cluster Banner
+## config_banner_text: The text that will appear in the top banner in the cluster
+config_banner_text="BANNER"

From c1e5049688c7aad330dc4c038763b0443ab0a327 Mon Sep 17 00:00:00 2001
From: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
Date: Thu, 20 Oct 2022 15:26:07 +1100
Subject: [PATCH 03/13] Restricts testing to just standard

Signed-off-by: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
---
 .github/workflows/verify-workflow.yaml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/verify-workflow.yaml b/.github/workflows/verify-workflow.yaml
index 763beed..ac03177 100644
--- a/.github/workflows/verify-workflow.yaml
+++ b/.github/workflows/verify-workflow.yaml
@@ -39,13 +39,14 @@ jobs:
       max-parallel: 2
       matrix:
         flavor:
-          - quickstart
+          #- quickstart
+          - standard
         dist:
           - aro
-          - ipi
+          #- ipi
         storage:
-          #- default
-          - portworx
+          - default
+          #- portworx
         certificate:
           - acme
         region:

From af5ff18786f9bf02f7fe95b45fd0bb0c0c52d6ab Mon Sep 17 00:00:00 2001
From: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
Date: Fri, 21 Oct 2022 13:22:57 +1100
Subject: [PATCH 04/13] Adds azure region validation

Signed-off-by: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
---
 azure-metadata.yaml | 116 ++++++++++++++++++++++++++++++++++++++++++++
 setup-workspace.sh  |  44 ++++++++++++++++-
 2 files changed, 158 insertions(+), 2 deletions(-)
 create mode 100644 azure-metadata.yaml

diff --git a/azure-metadata.yaml b/azure-metadata.yaml
new file mode 100644
index 0000000..357132d
--- /dev/null
+++ b/azure-metadata.yaml
@@ -0,0 +1,116 @@
+# The following regions support ARO
+flavors:
+  - name: Quickstart
+    code: quickstart
+  - name: Standard
+    code: standard
+storage:
+  - name: Default
+    code: default
+  - name: Portworx
+    code: portworx  
+distributions:
+  - name: OpenShift IPI
+    code: ipi
+  - name: Azure Red Hat OpenShift
+    code: aro
+regions:
+  - name: South Africa North
+    code: southafricanorth
+    area: Africa
+  - name: East Asia
+    code: eastasia
+    area: Asia Pacific
+  - name: South East Asia
+    code: southeastasia
+    area: Asia Pacific
+  - name: Australia Central
+    code: australiacentral
+    area: Australia
+  - name: Australia East
+    code: australiaeast
+    area: Australia
+  - name: Australia Southeast
+    code: australiasoutheast
+    area: Australia
+  - name: Brazil South
+    code: brazilsouth
+    area: South America
+  - name: Canada Central
+    code: canadacentral
+    area: Canada
+  - name: Canada East
+    code: canadaeast
+    area: Canada
+  - name: North Europe
+    code: northeurope
+    area: Europe
+  - name: West Europe
+    code: westeurope
+    area: Europe
+  - name: France Central
+    code: francecentral
+    area: Europe
+  - name: Germany West Central
+    code: germanywestcentral
+    area: Europe
+  - name: Central India
+    code: centralindia
+    area: Asia Pacific
+  - name: South India
+    code: southindia
+    area: Asia Pacific
+  - name: Japan East
+    code: japaneast
+    area: Asia Pacific
+  - name: Japan West
+    code: japanwest
+    area: Asia Pacific
+  - name: Korea Central
+    code: koreacentral
+    area: Asia Pacific
+  - name: Qatar Central
+    code: qatarcentral
+    area: Middle East
+  - name: Sweden Central
+    code: swedencentral
+    area: Europe
+  - name: Switzerland North
+    code: switzerlandnorth
+    area: Europe
+  - name: UAE North
+    code: uaenorth
+    area: Middle East
+  - name: UK South
+    code: uksouth
+    area: Europe
+  - name: UK West
+    code: ukwest
+    area: Europe
+  - name: Central US
+    code: southcentralus
+    area: US
+  - name: East US
+    code: eastus
+    area: US
+  - name: East US 2
+    code: eastus2
+    area: US
+  - name: North Central US
+    code: northcentralus
+    area: US
+  - name: South Central US
+    code: southcentralus
+    area: US
+  - name: West Central US
+    code: westcentralus
+    area: US
+  - name: West US
+    code: westus
+    area: US
+  - name: West US 2
+    code: westus2
+    area: US
+  - name: West US 3
+    code: westus3
+    area: US
diff --git a/setup-workspace.sh b/setup-workspace.sh
index 5684568..ed18ad6 100755
--- a/setup-workspace.sh
+++ b/setup-workspace.sh
@@ -1,6 +1,7 @@
 #!/usr/bin/env bash
 
 SCRIPT_DIR=$(cd $(dirname $0); pwd -P)
+METADATA_FILE="${SCRIPT_DIR}/azure-metadata.yaml"
 
 ## For now default to quickstart
 #FLAVOR="quickstart"
@@ -15,8 +16,8 @@ Usage()
    echo
    echo "Usage: setup-workspace.sh -f FLAVOR -s STORAGE -c CERTIFICATE [-n PREFIX_NAME] [-r REGION]"
    echo "  options:"
-   echo "  -f     the flavor to use (quickstart, standard, advanced)"
-   echo "  -d     OpenShift distribution (aro, ipi)"
+   echo "  -f     the flavor to use (quickstart, standard)"
+   echo "  -d     OpenShift distribution (aro, ipi). IPI is currently only available with quickstart."
    echo "  -s     the storage option to use (portworx or default)"
    echo "  -c     certificate to use (acme or byo) - only applicable for IPI distributions."
    echo "  -n     (optional) prefix that should be used for all variables"
@@ -103,6 +104,44 @@ else
   done
 fi
 
+# Validate flavor and distribution
+if [[ "${FLAVOR}" == "standard" ]] && [[ "${DIST}" == "ipi" ]]; then
+ echo "Openshift IPI is currently only supported with quickstart architecture. Please choose a different combination."
+ exit
+fi
+
+# Validate region
+if [[ -z "$(cat ${METADATA_FILE} | yq ".regions[] | select(.code == \"${REGION}\") | .code" )" ]]; then
+  echo "Supplied region ${REGION} is not a valid Azure region for an OpenShift deployment."
+  echo "Please select a valid deployment region."
+  SELECT_AREA=true
+elif [[ -z "${REGION}" ]]; then
+  echo "Please select the deployment region."
+  SELECT_AREA=true
+else
+  SELECT_AREA=false
+fi
+
+if $SELECT_AREA ; then
+  AREAS=$(cat ${METADATA_FILE} | yq '.regions[].area' | tr ' ' '_' | sort -u )
+  PS3="Select the deployment area: "
+  select area in ${AREAS[@]}; do
+    if [[ -n "${area}" ]]; then
+      AREA=$(echo ${area} | tr '_' ' ')
+      break
+    fi
+  done
+
+  REGIONS=$(cat ${METADATA_FILE} | yq ".regions[] | select(.area == \"${AREA}\") | .name" | tr ' ' '_')
+  PS3="Select the region within ${AREA}: "
+  select region in ${REGIONS[@]}; do
+    if [[ -n "${region}" ]]; then
+      REGION=$(cat ${METADATA_FILE} | yq ".regions[] | select(.name == \"$(echo $region | tr '_' ' ')\") | .code")
+      break
+    fi
+  done
+fi
+
 # Get storage option
 STORAGE_OPTIONS=($(find "${SCRIPT_DIR}/${FLAVOR_DIR}" -type d -maxdepth 1 -name "210-*" | grep "${SCRIPT_DIR}/${FLAVOR_DIR}/" | sed -E "s~${SCRIPT_DIR}/${FLAVOR_DIR}/~~g" | sort))
 
@@ -247,3 +286,4 @@ do
 done
 
 echo "move to ${WORKSPACE_DIR} this is where your automation is configured"
+

From 62ac1999e336f717d705475f9ac2f273b111203d Mon Sep 17 00:00:00 2001
From: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
Date: Fri, 21 Oct 2022 14:45:16 +1100
Subject: [PATCH 05/13] Updates quickstart readme

Signed-off-by: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
---
 1-quickstart/1-aro/README.md        |   4 ++--
 1-quickstart/1-aro/architecture.png | Bin 0 -> 210323 bytes
 2 files changed, 2 insertions(+), 2 deletions(-)
 create mode 100644 1-quickstart/1-aro/architecture.png

diff --git a/1-quickstart/1-aro/README.md b/1-quickstart/1-aro/README.md
index b89391c..25c1ff9 100644
--- a/1-quickstart/1-aro/README.md
+++ b/1-quickstart/1-aro/README.md
@@ -19,8 +19,8 @@ The automation is delivered in a number of layers that are applied in order. Lay
 </thead>
 <tbody>
 <tr>
-<td>105 - IBM VPC OpenShift</td>
-<td>This layer provisions the Azure infrastructure and OpenShift. It will create a new VNet and other networking components required to support the OpenShift cluster. An existing registered DNS zone for the required domain name is required (refer to prerequisites).</td>
+<td>105 - Azure ARO</td>
+<td>This layer provisions the Azure infrastructure and OpenShift. It will create a new VNet and other networking components required to support the OpenShift cluster. </td>
 <td>
 <h4>Network</h4>
 <ul>
diff --git a/1-quickstart/1-aro/architecture.png b/1-quickstart/1-aro/architecture.png
new file mode 100644
index 0000000000000000000000000000000000000000..fc76c72465876b1342aa329ec43f48078deba8e8
GIT binary patch
literal 210323
zcmeEP30zFy7tivy`%&4qY!#)<(#$kSv=MEDgk-8|8qGABnfBFAcG;!KF3DPivS&}o
z7K+e9vb1Ua-#7E_c+H#e^Fx!y=l7#|y?Jxzo^#Lnp6@yL+@&^FW7@ar(MCy0slEAF
zlZi@7&8n1?niRKc0j})&961pD(?l?FjFHlz+r9FXnkrcfO{WUEzOHNzQ%Rj{EdEKI
zMDS#=m;!aOi8_fy2LG#*O~G$n*bEk*!3DqeU~rk@-%jviJG<Ko8GIpf8;QVn5nrD~
zpTqN<M79|>TQHvB?>E+xXG@Sgi0eCs&+v4!<hd|8;5{zB;`b0Kbh`K{E`H)GG(FL$
zlL#z6d@xab2Xeud?T?OvD0()y&5P{<$Bo`7<ncH{wkP^!(2LGI4-clZ5dB#36B&Fy
z&!_fnt~?I<b<p=A(^BhA$OT(x1_yuDj_o3JL+>RL(D5O+k7cr1Zs<qrQ_x><8SrNG
zg20X8!t)WoUvx<%0X~lh-f1e5lrfWoOdgyU)>xi}ufWdHaiYgm8ci^pOJHzx#1Aw3
zH*b-AQ$EuJ9p$fjG|&%3MZ6gtFLb^}`+M=3;;RCoADl%#&&$JwiOf7foowXe#uhSd
zJsHl(dwhW2fNO3-E(g3Kf*-w^d?6c1U^Iu#@&MO_Jmdxj`ijGJ1z*BQ{1Kjv?|dip
zyCaWeLY+k3iq7~LCXdS$^8LVffWOs4#f9oC8GY&VRrqwMn{F7nQ=mdHP=#Yj9t~y)
zl^6Jd>noD-zmPb(UNCb!#fpip&EGo3E)0R2NM?voe%pN0YR@+nKi^b3dJQ|@dQeWk
ze7^O>UllXo;tQC$W(YjRw#Jq1i_8#Kdp&t<51~j0C`RfO6O86MgXPEMg9~h~$mkfk
z@;rp7#Ulchgx5{jTo%w24%-R*%|O-@qCp-^p%0Jm&h|ilH-*g?dNDYTKoO9O0$qVO
z3q0U=35f(X9$gfAbX_|34?1O-H9{uqQpBUd3XOyc@|VjD{Va^krtv(086u$TA0xYe
zWs0EDk%&&VZTfBV4p##@??fmE%uEyE0>Vx-8Q%EIXPPShuK1ZoT|on#X+0_lD(tuB
znkqx7f8Siw>Y8iRB{a~vrv8Xl|Jj));SGp*?*Ho)qi998+4v(4mZXmwU8vU-nl24B
zix@LPfj|dqMo4;kx)f9kf4L<g;Z2Dh@MXY5k_ZAXC*be?fC$7N@#|qE31SvF>ok2`
z0;*)#S%;_*JL^zjzkJ5Y5DkBY>$oWvxHE;$NR)#B^*@MnxB_PeaM)(no=gv0H@2(r
zH$xh-lo28k2)cUu;_0X*An_%veDqMo{q^$s0qEIS<U@gRG+aP*uz;|CP#;)tvcfy(
zM!S}1M4A+M60atVxKMOhU((V;KOX~IjX69o7sS;t`QB`2KrxA!jNj_-#UJtOosGVf
zvw@}!GuuQMdet&ykc<1}mJB`^GvAgV*yZs>;VTdZ0W;Bm(91}oX)eP9#Nb>Ikvp<@
z0G)X-JOCR-G6SPzgJJ$==R+r=o(45;Bm#bYP*G=q6&Sqs>*a;_JQh4aG!RC6FgSjI
zjl(aG`j8qB8XS!o7@wnLbdCse6d;V^@1{cNM3m4*MMowObpiMH^$!XTFl!G=?axRO
zAITVTcz{VF*aE#qcqeH)S0938F+G@k1|Yl5kij{EzntCw@S4+u6bV*RGQxWbx-@_J
znxmlz24f>}vSE6-j7E|e0FU#)eE^aRki?ACH4JxNo81!KY{mvz1u?S@9*21~+l%XI
zi*ob~zB70@Fo%4<so-WEf-ZqbgIDa4a6p%;hw#9nTTBqL90?G_uaKo6d1b@ovjL}$
z5S^ln|IX<NcwT%_S^&Il>>N8Q7SmFPKFP><w%Htemg{T_9W;aiv%mrYq9~muGnoNB
zKGUUEeh1I{W5f?3Cw8I2YkVe$A!K{k&I-xW3G@?e5E>Y)Iy9}I548=N4Lx!#3KjJS
z@PXoKK%W5=P?GPFek^3c(Z}kMq#h)mC)|U;6G6rfW++5M7G3&AZsJ?gz^Je#Lx9Ns
zFAU+y1k_2^(ij=3iC+=F%bac05@BW=XE5r+nAgfoSnwDwjv!fw;3@v^cE&`AbW!yO
ze3f`cFe0L%vxZ&N@ETlhKa;DIDWQL7(mjwIMXlsfEdvZdA!=dm5nHOON792A{*3{y
z?Gg}s2#r3EFLdLvcmPzHe!coHlStn+*y!|s*I+|BP)-cClwl=9q7JIek6LJ{(2NBA
z34Bf+1{!#H29lMAw|R=QieEF=QjS3KT(}ZYBUG2;z}*iLkO(mRny40!;Hzu+1>OQr
z_~Psr2Jqllhm<Bmup)sT;$=el-Xi&`>n8QJ0%RHw6xzti0)Y7dRH5`BfdDn~M;8F}
zhUjz1FkK0sBPR=hjJl5Bx&VHFGsHP?PYj+0^+BNSiHU*O*vbQ3vRYDcgsc!rvI%*C
zgvx-5nS@l<n2^B*SdxJLTe}3o83DeIE^Iz1df*|&GG+kV0?vdfbaX~owBH=LNogX9
ziVv}&RmD1aG6>AY_64fiFLU!K$i@IMb96#*1`U)QA>~Q}A)n{YH0E)5NL+-PHc+F-
zk-7wBSV!KF%XV==YO0_BEkwmoCI~J-MLH2JMMEwj#Fi^Z6g|3uH!?vnl@aPlK;VRw
zrx*eFYD@t01PWD1#^5!uLGZPxcEuA|NMoJ{7(N4uXUHZ@fbV^n0^~dKc|wMe;Uuc@
zLX=AU-G4p3DJ_4xgl)#aJZNTWX}~WiH<4+nQ3?nnf1KPKOP)qLk47fRl8&tP`76?B
zGNl7UZH0J9B<VDoJcvh;g_h7l_{^C+2nY??zO{b-1y28WZsEJ}B#NQ1@uW;EfPM)%
zLDM>tf^it2{Vbl=fwmNVkfi<(qMSMa^)I9R@Eixi`KXhq90U|N@xf0l<R?f1;eRuT
z?cszJgoF4Ni8x6Fo|jN`VKB~(qVNgBaQ|B*RcGm@1WU;(N3R`f{yP;$ioJfY*c=8!
zFgPNi$N~dwAjS1ZfDI9!2ZS|Q(&DuOTRj??xFjSHT*Cx?Sv5m{R$};kpF(01|EecV
zzsZBd@HCi0ViJi_L3t{w((<&*@XQTNbSdm2N!l)w$#h+U9%h3GD$siKYIwdzAw9{8
zleUp$GDR0FJUTw7_GdjDo^4S`Pa-|(%@pz`J<<<E`#8=U1NUq5mA`2_or#sLBeG%a
zcjv36>;5D`A=WaY%MFY7VFeis@qQVRjimg*f7lJYU@pJ~@%B07SC~T0zdIPC!^wbw
zH5GLmSmDSh_ki^De-RG)*l#f|^}a~Zy{3+~OlL1XTj=LF1_a5TwU-Po^hNp({Kyt<
zd|eh=IECB3M5gM(>SBywVD$iY)gTEV6u12s+2EH5Iul@Vz_|cFie^Ku1LEHx9N66f
zE*T0**4{EnnNBU~{QKk#Ad9}XOAzx}Uz<+AN(I=`Li8HG_}Wy#XzW-^65W^KWiPOp
z!{ORcZ6=wErS`Q0h7F(R;suhPJP+hI;6a4ZK)|y9Lpp58Y<)qZ!pVWHFF-R4lsi-O
zzWDZ}Vkety3}yZeDPZ4#{TY#tR96kL+KJNqzvh7`z`@$NU;Y_xI$T#5)_7ArQ!0z*
z#?be4^K{k08>aeez5!954C?bIW?5Q<lG-B)?A3u@7qvW+*BGBbhwLiW><}fr4C?j?
zKQUsmvB)05`q`g)0!~$BN*zzXBgK2bILSv>kUy>nFxv}V5b9PidO(w<2YOI}8mJn;
zdH%*$-g-xjKis7RewjaIJ*ZMjBT)v7*8FS-lb>4pzrlFmy+b{>METP~h801mVSs5<
zjEE(vQ>=r)6)56^ZFvzf-W8xCMrDr)-D~GFWo0}uoC_>Mt21>f?#LyE%~;&?r$tPn
z)lL=2lCjK2BG4nqzwyT>WE+``^`HR1v5w&_4RjsDEr#Ese|~BK*HJ|(FUwadISXH6
zEVRt7G?KmS^1piV$$4`R7N02);E1BXQN9v-TY}B;;G76?ICkwy-YEYP#-|pi*jV99
zo{%mR$hJt}nX!zzyg_uwF$^Kohv5fVT@J&E$+6)H*dj8FY=T1s7E(7j@q|Ji7gT>C
zWFx+bXZ=G4iSd9sNtEhkh%&|)BP2^hL55o&MLY7ZqZB+)#A)K+Xn&wXK}AhMXeDF;
zVq`1R!NB*)zhsFJaet)&K+`TUb6uZJ)ZnoGR6zfAO9+%TT(lTj%XBpjClWw+Xkv4<
zjZ)Smx^$~fP=JJ6*bQCSc$3{Ig{>#W;{1)G#@7}~MEy(PB44~EP_oDK=i5$$^ebqX
zWy0f0Iy*=MM5%~V8Xih&?xo?O<QH;)5UF6+k%@<{M31Hm2?mTefz2YZaf=>FmyCvd
z4FEgfLl=eKVTx7$G=?EJ7QMsQb1L+%9`%j_=|`-+!xjMJ%itQk?W5pnb+OI=uPGBL
z|2MkU5hnHT+hAmiikkfQMa1wMVYqZtlyPlT0kOWWRBnv?_XSBZYRem=tVwioV-Plq
z${YE@*3&2I!qY0C75@uYHhzyJD9ZKq!#Qcu_7EoD)EjipLk?X+T9nq^_6Sqs@ZD|X
z>Lkz-icS$d@s~%ru)+d{=3oOnhwTCS1HnV=L`|C97@kPKQLZmIqtDY#*PF>?aCJ#8
zx}Kt`kkxSKPsc2h3L2=2GAb}&Cp~PSOs46g2u%LtWD=gAQRt!^>LMBT1^b(I5zpBu
zbWsj<kpg$f{>8dT!56ofFuj=^o+omwLZdB6my*05OfX`oV+stzYq>-ixyrvsq~OsR
z4w%VXWecomsecYey7-(1Q(PDgY3Rl0aNi{+SZnOn=Q2{%&@^Dp00~}f0A>IWMjBad
zGQR#?hLmCMu%SvBpRQ?SQpQ)H|9w)1s0CxNaW1_Pln7Etpc+*C#WCJkW|1H`i&+<?
zTjbwVQz0?*wN4QB9BWKj5lLM+8kSKYH-!<l%)&7U(d1v!G(~0;v@!=h;_)_G<}!w%
zSObtOKHi>UV~Xr2sK3LKp;`H3b-uW?CKcl4?=4|?Ujq;{KD=&pf|ilf{2L{WPc1Y$
zNy|uR{)Li;n}xoGujT*9h(B%a0mc@CafsKT5yu#Nm~q60*WW){LSDA;>*K2$aB-JH
zFL>ZUQRLhqc$%hk+L=Nn>e5ko^!KO+ehWxrjM?zpeJFZ*vZUR>12_F22;3BwK-v<J
z3DTRvC^VVc(ZJmVKK4_%34jgYf1)mo@Hk_Mn*cj1q<YCys8n70*R$FQD4_X!d<H&r
zY>Ylbde`7z>M`)qqrxaaivUc6Y@;CE?*8xe7x>hyLN&gt8q$a5{q^1gpW4M~Nxj$c
z*znojpec=`sfUZG*t^cdX8$-j0m%rIoS^FKL$rax6Yxa(TJ!`#m)u~=pJ9UJTg;V0
zN$T=8cnJEpstH_vUo*@KTk<tP`A(!lfi0T;a$ACDJ3;xnq}P5UZD9>l)u`<CVIeTa
zi^#4RhWozcKcxu|K9FlCBFF8jsSsJ9IzlAMs9b62MZ@r*F^rNl?xJCRNLpenfh6^T
z1(Xe_Xc(qx@Ipp?!+-6-fNN1HZ#@{Ki-u)Nxq%lA)A2lHBQF~ME2aDc1Y{#98rG-%
zokhcRJc-yClL^vA!}^dB!Fpu~#j#$w;S>$Slgcno85g`af`v>Zz<MK$Xd8Iduta+?
zvTbxVhICxnFp(f5%9dF{0$E=953+&!idSu87PXAR;lESXcq*;YEo&L2!+)o&@s)r$
z_pB%llP(RDE*_@Ku=tQ*!NRtNQ#?#0C~5{VNqtF<Me>8}3J?i}hLWjt;$K)jOeEk-
z1{-7ahA$u1r^_r5l?nbDP6$UN;3+qSlfYO9*|q>*KTIddRF8)4DSm*eQ$Pr52!XHO
zpcDV@0%9UTLHZ&4$E7QX|5m5*0~LS@vmk92q)UkZPL~0>Pz;--02JQ^6w)=sf4#$y
zaRePsO%(N^b=8MT$D%|6`LC=ZCdxRyPN610Tpx-DqJOWV`~cahuqSod6X`<YzgJE0
z)Tc3r=j8&H6mr%w+nFiA*_XdDg-wH%2Pm0Y*H%YJeq)(#3Ynq{X~G7O-X!7~O-pbd
zA&<}YVBut4A0~p!@L;f*NcU?;77v_o=)v%CW~!6Sz$n>Zm~yjoiAF(#d{k$s1ORJ6
zJ`sB`G8J84Sbc%l8iKCi*-#4}&=SIE4+h5%oJ@|l4)viiKw;o$%)s~@C8KjhxO#yn
z1DG+nRT~<N5HZy<P(>Q5+ThtQBM#3A=#4E{z+iF9g`HtBJ(zq32Ur$laE{<FXLq^P
z5`DPU5vwJrCC6$BJcY0!7#BQiHlB&JCz`_W;t1tJMFdP|FFsoc24x0@<|rDNJXsRd
zJi`nuJdY8pBj{4Z>IfCR)&O)w#@Tc@#bA24jOO!sKH!We9$?v!qpO4rzEJ8K=FqCz
z0G8>?7EVRayh47q2R{?QMj^5h^2)>)c?n-26OFtOeSjI813pZ2vK1IYtyiGU7V=2Z
z`#iu4@iXZZI`Sao!q>-&Ucu*zerLnvvq7gWCLeu*_zQdD&o%|$lEoB)yTBb_E0g#>
zrVB8y;!DT{vZ?w{G-;Eh{=pAY89$6}$x7zIYkVe$A!K`Fhe9IAQn>#<K<UBS@Yte*
zQxM64DWF2kj!ZH#Qv`~>E)h-S!4U~~UVLXJ`c8o1%znYdeP>)W2p7LKF0qJz?YPLs
z;QMiX$G}EEKPLh7DaK4>5&V>rA&Mn>JBh${L1lyBX9Plji!HAYgvk@Sf%Ql-vtfe8
z>A`Ze6$i(10~hpReJ!d?NKGFR^{<!}EAzx*P}Pf8yu#JMf~tYY;%Aq_Z&HvS;I%Lg
z!I{Gl2-wchWJ90u^>W>A0Wr)Hzwp(FiyXr@Ot@HoWms#miILKCtO<A1;kvr8#+&My
zQdu-NhQ6npr>hS7brn`!+Nw(vHgG!$)Zu!t=u}wegf2o!Uwk;G-(k&bdl{hM3<N^M
zPxM55p(sfIIU9|AdR;#wc3et2AkQye2k1<Y(6d&5)|S-$(ZD{5zw>|pesb*>@uZ!2
zf-(Die~sCbiH7M!GK9b~@i2mve;Br64Iv%%_gFhfgdjj+^rV&*Rm$k;!}bMmxyymk
zqe&a$Mr-syvQ~_%6jl#Y?@_lYmk|x%>1V6alYo0016rB+AdU`+6)+~SK0*TzrqBnl
z%%bdx85kZK6G$I+jccf2!Ej=7Y<L2;kj?V|uu#bJ1U44rI{>ZD;J|hZPCTKI#|6Kr
z6IUYdV4|_ENZ)>iC&Yw@l0LAIr<VA1e7Zw+d?6k>v{CXLT>L<JuS_pncNBrTQxOvc
zezpgK{vNqhr=+ot6H<M(9Vfb86pmBMaZ1+*>A_}EP$}!dagq>Ah}bW5J?X*q1;_L|
z9H(4kTzuBZ#><HVqIW<Lc>q2XSX%LnVJv=aF4xD6Eo9mv`984DeE1B+qGHx2gTrPa
zrk2BW1+*#7)`~4~oy+f!8Co48#86N*@RpVcwFgV=OH>M~kUZO3l%2vbeG{2no)F{)
z2~4ghhv&!qfi$5fhARh5B->NK#Ka-8WH0f<0yl<>C~1J$W*3IQjfs$u$O~6c4q?pW
z@DKuCokSKlItSN9F5QUX?9LKt9p)BS(I51!wrqby{XnT6NE85F1jt|#;@eG-7>dnB
z(w~xlP1szJPB-JQL2}fL?ZgFtdx63m5V4E?l^cFhhX^eus**$kT~{9sN-+c@ybG(9
z@LB^<N*G^ZloDrg{v80QOP6Y;sJ_yX(ut)yjS&_L5J~7-!h!+Rm@1%vG!&@qb;*#k
zgW6dSNB}MnbZL>H7Q!JlHXuO8H{ehJ0a5Of481<a<jO_@(rPWoNPvuTfEc4Y8Tde)
z;l%~_3g`c40)L$Iml#cq8bTx1P(43BuQ<iVN}WUnl}KbGC!mc~7V;BIUYRGUw!4lf
zMFy*t{xuyXA)cfeDS3&Ki14T{h)9W`e<1b`O6Fj66gpO{j*<b6Z8+&~GCmJv?!n?S
z1)>~ZEiUwLjErTprJ@6=<KqySZ73v7+#s-$XQzm#zGd1YWS7Q|_(}{5;wjDv13*DB
zQm2>zqXu~qNo)+GR3v)AhO_APT2U**-;2)#F5IjZ5#H#`5t&HVrJ;(5wMcpxlk`_w
zBs^y>Q&AO;Q(hb=nMP}znu_O_8<X#p?!_VTh8Td<@ZBb!RhDUu6mC<LZLX7E{A0Ne
zigXopV?gn+YzM=5$kbAW&y*LRNr5}^u+R>J?C5_Zw9`}Yu%Zkg*fIih^QicBAd`Ug
zosgTwvI``DwcsHn4It{&!&9*^DJxBcDRQ*(mZJrIY-{JX^!~;atsb7J#bpX)rfBQP
zxMGNr+KgFUnOo5wJ!E5u4nday`uw3g`s~3Kf-aRnhZlay7Qb3)UMOB{nwJQTv?9?f
zmFT6x6c}o=B}ofthwCBJs}KDK920yE$JE$Tz3^OL3=*~*4bm>a56M+sFQhZU;9y3j
zF8fgbF_q-#OH|7sc)@@bh)J+m1wve?i*n44>*3QNIGy>uPC({183GNd`Ko){_)l+>
z`PSCJ+TK913mm|3Sv%68rG=IkdIzZO_2CWR7~q)T7~z;2oj1TIz5ejBhMRtoGEfoF
zvlqcSuzm5{jT`DT`n3TZx;kqwSv1O405~ZCC%va#9sr!=^b^IB6*tq+!>9i&cnlYO
z;S5MJBYoUJA&tCYJ7m0$aCqNCcmKMMM$BMJ7tu(nYw9!{e~f`gvtm%8sVD`60gJGw
z6c#MPYtU86F<68xX)rMcP6=g##h<4Jq}<0Z@*e0?!+H<MJ1d-rl=G0B?2hWS9%N^s
z!qx-clit=thD}@Gn0^P|L%uisk8CU_{UIRGMTJ90%i0thrJ<xGBE$b6t8EempQ-s>
zCQfGHE5^s*S6@j_<OL#L#1z))<Z7W~SoV*#Z$yYM6b4Sp!0ABaA#vPj=>s$-@?hX#
zfD6a;I}DsWZ)t@n2?ITB_-t=bLyiZ?3fSDBx*<?$$Uc7T25vH$ri=DD!nS~>P~d&F
z@U!G9TpRL?pno>!_VWmu2niQ^5drgS5HwtlSPz3p5Q#_?4o1qs(4-uU9t3SrVe7%c
zNM|;1lu)B{FesylaWD-I_<^ptq7{f;l|;By70XhwEWZY@_-IIcMQ#FHD!n$HMnR3H
zBC`G2$o6M5z5g0|%=Y4X+6w(RNbe30o(IyT1IgDSl|CXc0)7@_kzWz)($P$p!sg-h
zLPqjd8j8?hC6pXN5i0E21IP3`pa|Cf$*s-PN27j)&BN(7R({ZP$!L2B-iL%FKM3mN
z<In@F`DE~sj@#ld@tscCG)2J*Py`t^57+AzZj^!cr5?gB=~L2Z(#M|t4x1;>{2u9N
z!>@l^j4VMSpyU{~ViuzjB7uq`71`XoteUf*T&olmi`4=xh^12SCqJ-&DbfI;9u{!D
zbf~Y-1uXh(K92`lw|w)A5;#WCGSbbG=faeAritht7dC^%XMl#hrod>!7bJoQgNwus
zU@6!N86GYSKB#~}Rs}rR#Myd0)!u_{JcsY?;^E{)b9MIjLhkt9s6ZdyuR|gcTwtGH
z3T&M2f~J3nRM<v|#fKk?CIyiTXcGtUk+2w;<;8XZhkJ^vc*KJh@^~B}XrWl^qBGCK
zgXs+B5BYNF6B)>HOSNxv<#FH{F5-uIiuxR4-h^DR1)Yu2c|sqBT(x7n2;I;RknBoE
zeleEGX1Spstq;pMxD0qR3X>#_9Ki>RE`57au^5bO`~$jyeFOGq8Hrd&!Z<3AAha>F
zah>R7HHJa9AoFy@!~9t^{G*>DnNL2bTNF=bJ&p!-3K#@C8fg<ER*j!+-zr^1B`&Rk
z%}daxuHuitRZo!!SRg8MW<)di<GO=Y1?<m=z{W@p&>^5JR<dIdU9XbYm^v#uWZbcd
zA{uP01#zGJ=80s^Dn4~&ikwgePWiL?ukCz)NFOAfT@eyTUX=qHWoXP%%ZAYni5g&a
z1IIZuFx~h8^o(ozhvD@+>!FbmtPhn_O_DxTj!Gv<&Zfp_6PYY4CyiJ!1hh0zOM_>M
zry(>hiGaGspLILX!AQDe$+kOksu8dR2Q@7aMPZad(j32*X=&iffZs`iDg%m48mBUl
zq&k$z(gvAZ0~@$D;5R8Kw1Gs@gQEV1ZGgA@O|}8w2TW|c|Eo>-fnz1)E-rzj6siL7
zCB{9#6gB~?0+OcF4HPTj+l2k;R&a8s2@>W-5`^HRkcQqLPG*D(gD(tOA+sBoqGueY
zXPo@0FN7#ieH%d|IoaxrhC3K_R=77*DI^CZeb2u^KiELs8#sGN6v<<Bz=$Cb9W)5~
zs(3m5$&<9?&Qj26ko<sJ0V|s^S|QWZL4LNOY6YH)RcHky=t+PnLm8yTrWSY_R-qP9
zEu_09gX7@DruA>P6?isPq7(>6jER+hj-uy_Q@fG_@qYfO0W&^0rNGgI$KykCUb;zx
zRA6o)b@DEk?c#!@rEv#BN`8TQQ|Xg->pQ7Pgv}bD#nSuQZ4{%QGEe0t>B6%_8mc$L
zQ@jcdl{XC~H);*V)6NPFl{XEgz@27T8;U)&1!ar>etW8*#R0BC%XMJ<k1B<%a~Eau
z;_!V9)u-ZlaZ~hkF$Ha)FMVo`<e*lJZTK5`1IVmm*d&EkpoT)miFA!dE$~FMLM>3W
z(9<VMdVxS6(ny#Cgm^|60*tk=;q!d`#8)xAfv9|s$v5=|1<Ob=IZ~i0spUr6MoCIH
zkr$Y{KY@_Xb7va!I6OXh8@gB5mCfP6OX?)Do*tbddg3qV0$@29BrtehLJr#l3<uW9
zBclc1!xJfV=lX)(0-kQV-b^Ngt4ngx^%PBo+*YDWYQdn=%BT>6n{To80HE~^$|5#U
z<U_)9;|i^9C|XOVqFhj;(^@=ruh80tqO}ybv!k(TEd)Xsgn$DFwa?=5abpXaww?@U
z#HacIk6IfLK$k4V^N;4RSsvgG*hA#xFB^^KlTanlBa?LXNSKr5&^!z##FR-q5Qzj`
z6puGh4-DIXVzk1J$9G3MhBtcdLAo|iPY)!kQN)7L44LEu+yKx})dC+*D2xSaEGSf&
zY9P}<G;n5;jK}9wY)loVfkemAk`$Uut&nLP8hAw$8IOMzT7m4jmqAN5Cbhs9uPD?4
zQ41NgWMfhbe8mV3N(kJULT98I1;XO}TxFAFpD3Fv>VaYOBc)ATfinZ_RW-BrWO~@T
zv0a6_0&f-=f_Q*(7qx(JLp(AVw#fE5kUhjwg?gwI8Y&*e7j-C<2q?oh|C8MlLz-;X
zqw49xS~W~m^EWCHzScq!>q;`J(uLT1psZ1bUdRNr4L#b$7hou?%QsC6Fg&uY3z>k^
zBbrP-`U~v~OwnPuG=&=dq#7X{OKq$}rR##j5WfCF0nOj-vfw%M7?o1EEJ?Ko&@H6q
z0ixl?<FNF8fSy&vR8r_zw!_kc6fM-E#^bK=<gUV9{hYg^Kr{oDsBt<gJTHt>s6R;V
zFp%Dtz)+fjeb+u9r^)tUffwjWaE_)PE}~L6IcI!essL3i3Z1A6T2YJK9tQd7p)+5L
z@ge9!qP~HWK6-dUS)otg;d~@MPqw!MJHw=Kb>q^gAK;=D7OD;(C|jc_up*){S|}=>
zI5Ot&yj+kBIg{_rb_Tt^MYbAKfZb?ntZ0xGL^Xp*K}md!<C1hV!+I`?9_ry5sNaG<
z8xyo!g3a<gz6gOJ5i3R=>ciY{86F@<#sxb799cY&<?>*7fEquN85kuS3{$=#kv;*X
z@lmxR5oI>prOJRr@LEIFEBw|U3m(9<gwY-hj-Qb2j5jv*p<O_^;AqUi_#7ppb3~{s
z0a8y2TSkbDquk|LrB#efLR9Q4^+>=QGN@WuI|i>cRCU9XOhz1@6VNwXU?h+vyR>Vo
z4{c*HJ(zq32Uss;aE{<FXZMC>!1VN}vbu%K>H!OP%{NqyLj5|%F^*?~Eoy`*3@?sQ
zF4RfDboS!2g<w!-U}%n_fyuqKLZcdpz^StJ33Z#bEEIaJq3RPpp>H*M640kH3?b8p
z0fZ<AV5=7U1crwiC+QuMlKLgY8?wQPJ<|P>#QQ1WZ{aQrC!SEq0|z6?ZOKyY9F442
zkg&)AtC;XwLsd+CT!_;}riaUD<U}V>_2$fB2n1~8^hV5n+uCs=Jc<q}kVAg9M~dYD
zl_P#7`w%+uM@pUL{iEHpK#;=o;)}Nafal2Wd5SJS?8$U8Z={KC{N;!IVB$!~zhiX>
zUgI-43?bXQ_6b<B6zjhaP{O{U^$}91h~rDI(A5D)QxAvJNmeB4J@jCWAska9J6%$y
z0z)PP16*vpoH$^~g2U!Kgdl?cucs<C<jr(CMClwVs@9kVDwF7u=pNLy26mE?K0Y9y
z$mH^bATlB_xt<)JAM*!-Bu^%v&1C{50w$fw;eew6nKoZ9VO;`L5(!qQyKw_j{fueM
zAdX#uw-CV&BZjj(OXOcLx44S_fLo*sr;&&qFjte1KIA53a09HcM*lTobCJXvhYdnQ
zGqw{K{OtwUPe4Y9{*~`wOou47ADBp>>+0jTf5N-44hCLpsM?E<@Bbr6sY~hVICocc
z*$i|L0ebcIoVeeISKxB}E?yD4!2b>hq%tNLa|p2sR-NEAIl?Qo!8;kcL8$Qc09W9e
zL(z()>k}N30<G|L^zk%{0<B1z4C2s=tTuzP;fl2WH#E3{rbI9(b~13(IHQlFaTN&V
z+o$`AVBjxz7igI)4xvcQFvg!ivxxO4@ESCY4NY6|)ju*12x7@A*EfaD7kV)`j#lFG
zGe?w^glzJ^CIBT=pEL(3*PT{~`l!`GJvOnio)DyuuRUt?r=Q8#Fi)rJ((&P!%w1=a
z{wxjE!r?cy%CvBbBhcje2sAR0EZw45WaF^i%<=UCup1ZFVUq##(6GBn>Ejb}GBsM^
zv*p@nlffPssWXckuS(-nd5zv}OCQf9am1L2<gfJDFwcRBpk>-Og~yg>j}0pM#GFTC
z4@v0w{FO{~R=8`qcGnbGXxixY8K2Qo5Z@Bwn@E7A9jKn@z#s(cwviGRq-qWun2-P-
zgypCWG}fl$b0RQRPX(o?WFsfQgHu_^Pm0WagUH+y39#P^s?K_iC2>#3=W%d39GTUH
zb>!jeEIO<!pAWJje7~t6Yp+AlC4lWXV9g*`?7<a+E|oxs7rvGyBEL34<Rq$JL|$P^
zTtpYe-{AKp{~^}-Zt|Zlaw5Mxn}e~jFwu`SvGAJwB>$zi?@7{5&;!&%_Fo@*EOf~$
z(*NVAJc7{1%*J)1lhqgo*@Dc|f%G{hNVOYng|iU2EHB0kh&m%6rvs@|jMOP6U_IkX
z&tMUlbhVhQqA=N=7+`)33=ZbR>M}Uu!OP!1F$k7Wb%gi|v(_PO!mf1)*Wp5HV2N2e
zK9Pk}uHWl^K>a)7eUO^5ueI<5vdHg%-+gsE$P0<r0Wbcv(?LP!_kE5i<E8L9IQuSL
zaZ?{Y2aZAEbAUgnV=D+9pUV8hHUUCX3Ba@$p;3}(i;M_<BK0(q-%8Aac$mKtccRJc
z@7n+c?iA^lK5U-=*Be}a&|TJp4WLUodIj#3g*)-dUke@s^g@v)SOAzr8cqPh1*m*|
z_rj>PJrfzPBOKoMK<U3O;1ZL_($!m%vM%v-$REfRj|;9ws>n={2pEhDcco)7F1!X8
zZ9~Jj_^dBZTV-NgOb}Ij17}^Kjf6{)xF)gVs&~KjqnkU$A-Mv(5~b-#=riCFs0Y6#
zy)lmreJdQ(@7OMZd~f(4*%<6`MmFLT;3uNg0x<pmU1cO6BlQEa??!6ttrT&jhZaYh
z{o+xOjRAKq{>uOT>xmx5^&P|Hf$f2OV1P~438TNxt<;yU>m~XWW3aXGr=P&}6}=s7
zc6C8Wp*n&9Nf`)+dHP*eQziu<2K#j~0OGOyKBy1(-FzSFEB3>Sv`7b<BMG=b-7Yj1
z@?bKh!;jx#G8^7X$5)P^jdk&GUl9awY<L2;kj?vgEN(*!0;n{k*@!4!gKHHWJ`e1z
z=n^&-puqcTMFWznaAh~Jcz{Si!=69j+8~o9qPLM3@(~b#@)5DLzw6#eq8on>tzc11
zL*G74lX7q1_!999!bMOI?oA(=V1#yo%UI#w@EKGhY_a|aR=Z3fTfcpspqhSnp`#{2
zvC^q<%FtCsq0*omY;0@2wgH!u=$}eQ*(_8(dT6<gBK(I$4OVPYKO=7V$HIRU4*sCk
z<bnG@2ESHO8hWix78SO^tDXA)wz-sUGXr>AOw*a!UR+OGp&tin569pmJ^1QkWc5jO
z_}i})2BOR&qE!<5_K(*Xpvd&Q)>_=GUSX`IjkP}94pNV%nkMByXasaE!7=@9tb>U0
z;PZH(;QE`aCS*qV3{N*po(oeJhbg+ph0S2`8K4uYDL9!Dkg!}|S2nV!O}odB%T-e9
zt7L96dXn$VciUR}PBJaMlF2!mx9!d{J!PB0(bbn*c$>cK98h@Hr*hK4sP@Ijw7uUs
zrTi1-Flx>7fY$xaYM!pi+4k%-=Ryl_nvahwjTIQU!KHB9=8EA0-uvM>H#avQyL58X
z_frc_7EN!}s!6}T%@>4r?AX+3l=wxoao>K!ZjIGe?wjR(+O%{`Xw0O+weJA8FKOGf
zb?eq0)6`Dy=>-0Y507k%dr*I?Q6?dml*b%zqFkkXS$jSH4yUc5OR68mM~VI_nu!}s
z#|cgQmk$V|y<ER6ca^>q8yz8LxE)V7Hz`UvRPackTy=zNn0FTQMZ~xDjRtp&>BPIF
z-8D^Z&ZWE9uZrH`-FivxDu;}vdky2cnrFL8W&(bWNdy??k^w8-noajDZ`q;G^4;S%
zMjt-haq!^5%G?=R_&2m_atu6@mN7CT-$6C4Ce^SeG&<^axb?{MxoJBSypjTk;wH3X
z(>WGkx;Q-(mgXks?b&)b@C*O-i@4a>%hP#hcOQCR{LnF_>|^%U8F}g(XUq$(Dt}R3
zQJ9jV7IH9YE0x=$Pf*c>Go{Z1e80TjIQi1K{PdVL>((t`MFn+H)v&P1w3{?3>-asZ
ziv<aphmykk%lLFxm5yn=Jr45<)>{|R^z^p7KRo37Vqw=TPyKZplaC+o^!V}PsV6=A
zxu!<O=0}Y1BSreX>0bQ!(W518bx$g3+Z~#e8C3F^b@FAH_F><TPRo1J{z-V|-SZ#%
ztBy~7vsdifzyJKc2|Mq<Iv?7knJ2h0yYh2tN^hU1${fen`qCN*=6wkXD9wZx9s<G0
zw3=JA%&bSwt0udDanS90_ujqri)-%NS{GAJ%}&>9*Gs>nor72B_la+H13zBwI=ypM
zr!p}3$>FWW^zj=wOqjb}qx006{(0&nKAdZ|$uK18*2aP9t#Qh_Ak+cqNrve}YlD$#
zAy>MyvQ9jlX<YdH>}2Z=L+s~W{AYN(sF3PY<);oE`e%UI@=;T!Y$)%2@zd62)#l+E
zFSfWJ`sh~<mezdQb6?|a$>8=`=jZ*;^3YnZ_3PK?o#L}6<CME^^LX=7CN)&$?m?j{
zRj*&a)>>Y(R5Q{hGO$aVk{d&ld%b-SYn-yO_ng=3?VMg-TDpnizTwlOV>U%mUJvZ2
zCI_D_-<)Gu^2oV~Y0ZZh7t?pm?R?vD#*BmceW;vGX`#CWa6LmUZZ$Vvq+!z?mj*BT
zNG3W?n4lbCwKuW9e@WXmZ6>t}o;kD6mF3;%`(y@n4S0WQZ+Ya48to|uZ5~(ewb&f3
z(RNV&Deuf__X-R1Sa*|rp8Jh4ZGGor>I@||o1Nq`_sEI~{&=lkVht9sbH<@@MQZ-J
zJ01mB6s+I-JUIe9e)cVcV_!l_pZQoOoi2O1Z1TjB8aWl^Z{yal&J3xknmka+wB~H-
z^JS+5IS1664N+HD*MEO9JFxg&e1?bCjgVD+44k%Zmt`?h5PJ|mXDjD%*Y~>#7KVm~
zYS*q^n;tt)wcS&d)fr9rrw#w<GZ;5FP5RB!1seC}iN>bL$NkIav&XJf#@T^Za~}=p
z8*Ny^d6Vg^T*Y`4cl^P^otch{+b(i(zIpEEcK5@#Gxi6OBK7z6&Hemp6ke@$!EAV~
zN!aV4T-A?%d_hI>La+Rrc4j{3_KnONolg3+g0kssn&A1hW@OW{mZp~fs7Mb%6O3_K
zUP2NVJb=K_Ejt$8dy_Cw^Nv8x;#6hKicR_n7ku`$s+qO#8d3Ty<__!|?WkGxAVDYE
zaO|Sk&XrTh{VV4;*Ig{V7G^aEA7Zwt-#e=%xgDBrbC{Q`{v!3MQnuNvmT9VV6PzA*
zbO7IK=Z%c_4@`=9^Y=YN?l-L7K5zBfrcVqy?iz`khEaVHr3jd@BsVjxs=s=fX<15%
z<p62B%Uvq+4e?8=ySz)#IiH;5I#OkI=s)|b;`i-19^8JS>ajI1AMuALM<?#S>g~OV
z+;8%>hk+}SeJh<S7Oj0=+t<wXMdTK*qZMr!TJ_+;$-_0n-yS~l=-AoFkPX#q%hNX{
z<vH9OTGMCc0+V)EN47E+tTNtkZ2qv4?DPbN_v4NEnTx#>|7ZMp<>VUgiwkKR9T#+-
zd~eOV)nPjmR~jcDRBp1c=JJ5Ho)5EhG}}1^>@zQ1DCK09m?GaeZT8lRA;<_?Sk72{
z;;s9A+U9Hj1innr$;{8U_w{=GIO*7o_8t+LrCj0Ix65{~PiDLf8y}Rp`_$(->F46^
zr`}tZdGVE3X+_f8E!0-5qQGmV0>P>pJC^X`oin>0^>MfxAU)Mik;oiUcXUasiK?k=
z2^Q_%{wb+PoKp^jZ2eSG>T}X&Y4yOp&6;`NI9GJ6!=-f1Ua{qQL(6;ie7Y}2_+st0
zOw+x~lTN<fd?TyZ$C$(oi-ytGzWwZ(eJFF^+w#Eow)*~@4w-Iw8>rpJ&&+#~?RmQc
z`J=nJ9cSv49V_<-2e;E=)yy8KcJG~f74h>(mD5WcEP`*}C|mb&aQ3~3(nC|vsKt&P
zW81<;Xug!!)FUC|QQJ;wyo2m{`J1R|aoLRSos^Z@6&mJVY@bUSsMh_|wX2>=J~_?K
zMufI092(qJuq@fwctx{jNB_B0<3(4d?|=TGnv(D$YK7zW_`3@)20Wc-kQkZe?)@_C
z#^K}ncDv|D=a_6fou(-mTKud`C97g~Dx+<1=8|mxJ>z^s4qsWDEwPhL`gJsI+R1R(
zrOk)DcP@#yq%jkNOp8)VKHTqLZmD)(kG;F+$=Fs?rxX$oCx6IEb=S^0U(htsr8v{6
zd8dbmrYx<zyY^^&*-G>3O;=Z$D{XBXTpj4AdpKkor-N24eDZRA=%Lc74h2_YdRv~>
zy;q<eoq1eYby^5mMhhRtF9>nlmoVZ<=Eb4&l27Qp4#ddTBvNT3H-E`gibE%}$iTpa
zS>o}P-2>LeV8}({<XsDrTUC1=?3aT<ciXut1cy%XmNAcf()VQ8nIs3rKbR2S1<bV3
z^m}`rU2tq3;tt-?=BsDiUZ9M;!(iE?fXkwHoGn@D%>~ABpvT4!UC*lx^rTy0tU(Kv
zJDrcrP8_6nXA&`89r-$jdlud6vMpUSs_E_r9<&Kju8chq8iDl_XPXO`k{t^2cR%x<
zMthco7=|IUm8<r2$dBE8{L}}vZA~J!o-G)Cc!%=I#E$zuc_a_EFHg8-vGOZkT@cD{
zE<BskVs^rT18r_>96F|=q+o)LO-JG+-HmN44FO1V;vO#!^I8!z>(sK`4ja~OPGNVh
z>gpIs46dp2sRY2vGPhSyQ5u3#Y^@CzCIwZzyh%>Iw4k+WV9J>f7ux#1Kb3R;)O2mN
z;Ie)#+V@y6GN}B~xJ;Gmvui`O`Saua*=Jcj&j|!B)049HUt5E*yM)D|hn7qZnJ{(6
zjOEL86I&IY`Mk2j&3=n}&D%KBzqLc6@I30`UIMIf?0-+msUzmcC6%{P3;Zxwr<fa~
zV&&@M;xg;Sg@xnV9$(l$I$39`eI^CW&V!4eDhiWR00LZPx~$8W1%7PyV7@@`@w#^0
zthlo!pPuE~?y)$ZRPjD$tU*oX=lmM(((3c`TV@02d9k%-#P(H(j}K{%(f7X1r<tEq
zS?H0_6F?iA$WlAUpw4FlO0QIY`8)@F`RF4@l#?qzwY{>U=VH3xP1Xw9b2ny8<h`9b
z<$helsv=eIXI^%@_U_H#x8GyeKRQ#`_Of@)@g>1+?Tw9_C3+Wx_2ivVemFz0qP#eR
zm%IYt;O-IUhiGX{jE?GXL@lIJ`Izf1BR>CAm*}VoN~=be57N@o@_fSH`=TU+*HW_!
z7(pN5+XwB3CRdXF0VwWK{JPqnfBP+!!zTTDGX{)VdFhPb=fePfmHFO`H0YT+vSP^l
z(}g2P0GKo~&3aW0z|PVA-7889<DPHMn_BTDCu&YjRcUtiD#IyW7F(&7K>$J*?r**D
zbYW6YUeXs0Fk!=sldMu^2&@e=9|HMVSw!eh&>1=_XiTp;3l0puQ$deolzn(H>v&;E
zO@(7|aO9><O91XP*>=%gzvA7okJmJ#2JP*gk#l-Ph45``LiDa(%{8|PRr&;e7`<!H
z9<7#HUJo7iY8Z6OJ6E0H{?ICK$%b-fzLH8B?*Q}VPRD7chRPE^+{@<q6<Ck>XySRt
zwsPpqGgFsVtB>C>XlTuPyP5kvI3d<GK$+)G*lEV7Ec@7vFe}vGCL*NzOa9z*nF6+w
znsCjGoK9-SqYoKj7OT;$>CJ_UOYglM>HTi%LC55z%ZH{#1~01k?BJiX&F6|v!qa)z
z!Zou$rl{FXh>vJ~GHYJj!~ECdCZ~dsVv+WtlSXGlY%hHtKGWU7p|?k3o<=XhP2%(=
z!EH*xteKg12?Sw?)`bn@g~=7~Plp!fyqkY7&jdhb|GhaXGlsp>($-!-CQ7xvV@TDB
z1Iu1iwe2!w6qg&DZ<tw}kQp4XyJc?H@Z9b5@9ekLoDuxxwSIM3cDl(Zd;9KtthOD{
z=+v}WTV0(w{Y`qw*(Jf;+zgY8(@c_UF7nHZ^14wu-8Set99X;B#ntuY&Q&8XOc>Mq
zwQ5yQD#zy7ni+3XUDN|-*}telV*{l_pII+17R+tg$A%oN@;p=H%HbKiFd<~L*{F^B
z$DZugjG8G-dK*7!NLomF-rj7WVYW`2jJB!|A3oi*xhI`FKDuT(`L<2r>kfvMhlk}L
z!AjIEgDSAh2M1Rb+npHV1A?7NX-!YRJGw0FN&BK;E9;S_hC4k|hrJy#)xFfPrc#h@
z{os6VCeisynTcU$f&I|SBidfB4C}0YpK>ImlJ<CY%K_aV9CC=!=+LzI#;e^;6R%7@
zOj|kdQ(KWeQ?9zzl42a5yMk5LQH|8;OS{KMMpRX9?hu)_b4*MoIWR?~YQ)B4q16jJ
zP)4>gDcVZU-DQU{R7)l|O}w-@UH9yVPM2r2*cug8c=4)_qekM$oCv{(qI=dcAA-%U
z-!-;6!d(w6)^xusU;Zf=TCQoiWmj`rW-^^P>d39^sk!vM%?_Q)bv!Y9y-Hc9*Ee-M
zi_`70kKWL=^=j#Fn0cHXu2S``=K!I7x7{~N1LB{>IU0I7R6hPxMD`C=ZH4G}ct7I~
zHNZNYx=eV<pJnCNJb&XgXRC)N+iY06q<WV5X1@sK=&0^yr@R;U8-C{em+ek$-SX~X
zmz)Qcf4P&jR_Rb%CsO$E_a}|FU8IZv!IN!Tv;O6`dI|4pV|?c&ttQW2RDlqKwy0hA
z=;r#y?_)3Q3Vzp<{G8k)^g{WCwnHabk(1N}1tY?h-n@FX?}Oi=w7m(>rfH0taBGHA
zV9lFLN)PXo*F`Q2Z`PCM@zkiO23X?U^q7q*`4M_qpOoTnEL}XRFei|<H<uOJ#Q(MZ
zqprFsXG@;AulI?3$TU^*e3=!S@Vx1O`Q2OJ`~<@H(D3$^y?2I$l)Y$KTv1-`f7tMJ
zLHyP&o~`Z=b&o!O>4;`@rb)~t>!{;Ps^4@NKmMkw_QO&#-MnvFYUVRwJ7)J*<++6g
zAIf{-t=_I}^x~)vyN@5&D-PWbfJtDMxl{~uWZXH&PNbGy9=`e<v@yfhwiR$`FSHJB
zGkVshFo&e15g(AdWAP*>&Y_L0=i0+k2i+cgVRJXntaEe6?GhLOg;jldwz~YSR!WzL
z_XP<$8a3|k^K$M^k54WA_~{cry~}0&Rc(ucZ|gMQx-2-%D>CKt=EH?2vsb$JFQ?Pb
zmuya1rux5@YJrERrKHBT&THjTv%jtHil^@biu2R8jQZImFZ!qV?1NuSi+Z|mIhnhu
zOPbn}r@(k0dhj;R{+QV<llXz<^v@})cii4KTstjwNMxWsfzhfh&wnJrzbJQy$_CFp
z;T?KEjvuOfC1%C~%o=_&ut~^-v4ta4?Z^`!XcZkL2aMe2xIB6{ZCn4XMw|MT3Rg~;
znhZkF>#C^^$2S#iQEgJW^1_xKA3Ige=$d-7JfhpI7YmvizyGqb!0})~LTq4@h~={)
zV>dic9ejUq`PRY_vlix0Z(TLS+Hhx=lblf1E)nNuy?Cz_n7|6@)_WGSI!8sxYTk!o
z(||5F8)K4u?ZMKjr0xUCr_W!zV_XCw%VOZerXTklX~QCQzv5y!@c5qIbUUn_-p*CM
z)BAa$brhp`#)IoNC9&%JceY}U9q~Wm=WO4Rf@Yr6IW-r|n^-B??3*4va`o%Y<7YiS
z%G6Rd+?Y3w>0X%gVtL=0+L<}0W@aXL>eA(adYh-aLsgqhVefZ*alH2m0ied_^E0@{
z%W@wUALg8P-Jo5I%{n|kRCmsv7>D7T%zI~O0Gz45CNrMv_DLBS+`RcuT;`i+)`Ag5
z%6E$U#KbrR?aG*P1Hp_ToK<6FFmt0iwayI_;n%e0a~`kDE9so3mT}QaG>YY1Td4@@
ziB^+)ri|$)mN`7+B2YJj$u=l<Q?ByYojk2`?GX8h`8nZ)Zd)ha$~%EPly`e->%E%&
z%P;QGz+&N1t&W>FP3%9#vg<-FpYX^xO$2XOTzO!#9suIEjQw-t^lEXQ9mj}a>XkKl
z%ab~ZpnC3$W4CUzMM#x9F}zu=X#gtcP<SNq2{+vAfv5Q4i$*h?!~2(W7Yv?UE8xCF
zYvQ0BvuD|bvUvYjakqsPVY#a+yDf2P3ugGxV&=fn<DOv*H9)<6CpNd}x^PY6`}m1*
z;&~e|0kET77wPa1#O2_zxp$W&Kd?xM194y<0m8)u*S>G=AQZMQk8b_)=wK0Sk6*k^
zG!5M|_DDt2xf<KYN94`6qZP*AP5S!jv>=<5c=O$*wMM$8|Ms^AQ|wN!c{!+<s*c7e
zOAtYqgx8MGP1Ybd8Hl)(Wyg({n>`$X#u&T<0MenujYrh=QeZDu6vs?H{mAQ?NNf%p
z9@wq|<IS14dosq*gV3krR%EJ<n5Rd~+=@K(&GPl0{{5p3d(Gyr#2APLqqYv*uI-dA
zobX7a<@^<0#X9E3X+If=H?hx#9%bXgYkjjhCIA)OOZVut`F8GjA`-N$=rc0oT|}2O
zUitRt8Wegho_f2bifB<hqq1Gviy!XZtrL|xI6Bj8)5P_)1`?<$j-i(GV#ZYGi^O(y
z)!ec1+f9q!`cE}e*>zv1Hg4~4is*a3SDbE4%5n;&EP&g7Pu!vN*YEnTn?#G=wMTj3
z`V|KfOS+q1HTUW}TwS?0S(O;=)55Ii`nf&^ca6BW%d#zjas+2DzB6U`J`m+nNws2B
zpw>%tk<~}g8}!aGYC_mU)&{5B<y&GS)+(KQ_Of)pRZFv?aVbe>Nrc&pE!yQp^sxAB
zrsj;S(w+u^@sH`sRT(A&TVmo+WNtd3I=|t{7{A!Ig}1dXyOYNenC9tIb_JFV;KUW&
zom2e0!1LzH$DW=^eOoLOY1;hx*W+%8R|RM5xY}gn_N^j2^~}@nA@$_PN5}gwuSn|H
zse10Xl%h_;an@#g$gMZuHt}i|lH>TmF8zR-_S>ElCS)#o`NaR=!F_Wx3YIqiu&QP5
z=8em>ORuNUPrvCm{Iasg!xIrK<cqj>?-EZrU|O_w<Ua0B?asBAZ)fpJZ=d3;c2oDF
zS5)l9yD!T%_G)SlyF=9JZgBMO9Ruyo*H+%T5D}ep^!%|6A;w<4v%Kf0<m}N;FC4Z@
zy(0gB;MCy*(Jgu&$iLrw6nE!%%cfIRmAYU1r!wbU$w}|1d7g=JuX`cu((%UO!?6>T
ztKxU83#(;rUTzbwpMC`+1A=sPt9*6#4B5{iwadM%He>aQk@UR$(oSVVy5BZgcmIL&
zr?3^XCXI|+V;W?0KESy6OBzknA$>ynoh6B8G`{WHK<*Hom@5aPNu66~@dK=04?K51
zgY`09^>noJn>Wsuy`w~HZvOzylfmNEalYT0owY`@Ak-dNcC^4FeL7e^d(^y#L2<KB
zq;*qS_7kV<9#PaYCV!4eVTtFkUS<BT&DK4j`kE%^6g4jn&)8WV+aaN6h49*#(bGu5
zGme?JuGH;5ICt%uu#)G4LifDPyfv%I@$uG|v^BkLTi00Vibis6Co3Ze5FZK8bm+AL
z97NBSh3=1D9a&6%Zoh)&x<QZlAZy-`c2`p;^{ebuQPXAp&cyS(g_Sj4H!pkJvo}qj
zvDEK!=RW5F!CmTbJgUT}S)TdQM+xpD$Gy!ba=Aygblh&2>@bbg;+5;Z)^q(g_G}xb
zO-Mf3hN2snlUZ=(bwK>Z`HQ_w#;x7Fx!U4HTum7{JYvLvdHn$M*liqtId+|gc3l0g
z%JRynpq)K6&zw>Tf3vP4*t)R#yg{4QQ7<o*9~f4dm^5{1(4pr(0|#z5_9vAT7`=EN
zsy3zbesd-N5`*YW+ZAm-m-?5*hE0B+)O<T@N{<$AST74#FrP07?(?FMe|pWfhy{$^
z{MF$RyEe41j8E#cb$0%wtA@#$an>y~qK@@m+s@+S&}hd#L)Q!hre(Zu$UsXiuUed`
zNtk#=ZP1_c@bsKZG1?yrqT6Kl`?B9ky)5rp)Xb@2|5Kkl@`!bB>$GI+oDr|rL|y1u
zm1t&|R`}e>GMUnP)QPyG#Q{63eF`?sKYq!i@=Sa;i+tA7;8e}S#vU!obC`qT3<oql
z*-XjQFnPH5-XUj##`$PFjM}xx{A%$Q*UUFv`@X2^xAp!$Rp18hwLCGQ%WPBDL6<?X
z`;4qQH=WRL7WcI3`YT%~7tF5?FFa#A=HA^s9o^O_rM!A{#QB8s+GMpScgA0w-f#P7
z-olUszz*flrmZ%=KHEY6)n#Ux7xP4+yGC9{tn*5hdzlA^fFq*Ls(gv8F_;(CugW-s
z<;=G4{Kn&eP4ck|<y(Er&#rxHxFgDE@yO1FsXEowakjc|y4pF}`>mgLy3qW2&d1!(
znfA9$-aQ{|r_*}VsUsG>Zxr@;<}u^Un30hqjvkv(y4Ad-eRDID<OvtmU)=_rdUyMG
z5wprK4)7j3&U%3Ps8apixvaFohx=c%%U@~GRAagMvr^_edrSXb?4}wk%mF&kAnF&r
ze!c0;tYeF#=7q%F_8W94HpNGK*_|wJnsVjRnRAi@QhEt3tk2)4T;9iaD^jhR`>?2G
zm#RK<lie3{2GV<7505i3H2CuTU{&R=bJpX=p8IgyPwQ!jy*(v3)27YFWhtjVM$I3V
zwPDR0P9AG5FnMFjmv*TtKOyqKx!LI%(Rm#@oE7f!vTc>yXRk)9A-0@;RfPGWt(_;9
z2C)~Z@9L_dyqcJ2pW|V4{NjS-ah@dsF<X7h2A7>`pSkfy+x1y?{SBMs-~055HBg<A
z?D1t#oclT6+wp;Yf)5oZoVhxE`n|ZdC4Ltx2A6L>6&2n-#ADE8FRh`;cJHRYsP0t#
zu330ZT6XFPr9P_+*QL~)2v2mnnbm8+qQt=^+}4YH%U5*MVE7mTYVULc-)U@fixA%h
zLL%SusmdJ#E6a{k=eW-}b@*_rO#}_E%#Dn>;o&d0gf2HHo79A@^=}s_RMvVsD6UBj
zrLxk`*lSyxjLb`Sf;HX?2A-SST>VUd>)!odC4w;RN%IUtj-)P~tMRy^%KP2tcAUbY
zXMhzcJ{Z2HnY)(zk(0--cYVNHSV~KLnj5iZUJ^ZT?D%m-&(v%mawZno7P0o~6H2!v
z4Z8ZM^6a6W*NTX`(T)$V9!3&DC7yamyWCUjV`da?Wx6f&{hZnJ&V>yVvhTPx?KbgL
z4y*+bsm1QJ7He;_`^~z$={}%Zo6bKQX&)A~(QZHS+>olB0p2$J%D4*?+g-h3QgPg+
z_}P{GVZfG~&56|%B#p~@sIJB~|EKb}Yk2v#^^aEN@MdQ4%mb}^)ZAKHIbwRL--xP6
zN=4DT(i=BMZ6LQ!jvM-MX|R9M=F7<eu01A(>z`2K9N3?-_O6!K2u-CymCFu1rqQhW
zM9jCddUt?1qk=YjUQj}d(I&|y{q7$42Vir6n_~NSp0ByJ`oogZyY9Yj)ln=B<#Sq-
zuMnE3UfK1&g0$$Cro*a^O~SA2I+T<<`ynYW`(Bu5`rfyJUHUwWng3)%Va8<Baj))u
zey*+A8~Bh(gU(LQt%~CccLcZ|xE>uxDi2Vtu<sKb7To2ntzXsp{L-E_&vh!OngxOZ
znwR&F_!6Tvd-d8}8>gtKDKFxKmW_{@Fe&@vJ93k(kq)2kd(X9<!ZWhm*>-uWvizrg
zx;-8~z-TA!<ZQ1DpXp~ir6ubaxrW4vy#6h!{fD!vx6dD2JD^xu{58sR$KTLUAuufR
zlZILzUshy36n=}18-~Vt?RXpXIbCzv`jfmV6X>p8C-+S|-!a&|eF#Vs?27K2zJG0r
z{d4cgF>4$qXD&Ig$m~S=OyCOA+poATC{(W6@Tk<Km^YIYvGn@IRBJ2J9rvg_PLD0A
zPn*t|X*1Pf*{4J^^^#ahB@outaTiy9*}Tba#@vu)TK7vcUeiCOt`Azhw$r}!+~q;r
zO4`3^V_MYG_}WuvK>E0Eol<(UXz`esp*C8eej_nuf9s~&y6pycW%Lxw<1Tg6#0gJ3
z64(~`VN=tuWvz({^DJQX8ESa3d{x0cWpzsXG7qmcDw$I*j9gV#T0!qO+Aq_mVD-*3
zRYR&H%Qmzaq}ej!d15?uiF=P3p8BCKi;Z8a&Kfw{tC`^Q>GN;OhWdYce6+mC<8i|H
z3eKy&8ri2On`*W0yRb&5qI1^DW>4HtvxHA*o0fsdzn!{ZRhlSoaEoH>;_nKqCCN_b
z#FZXRo@L)}KDV<wHN4tvgV_Fbx4$qkV2H|U;{Ks))Xu&#cptSYo!NeNZadwpSAf5_
zn09og-~07f_l{!m4K&_=4hz2VIn^a(ew(95_U*d6HEU>-?$?%jY7FeFO*fCtC_R)l
zhVRrgV$w&gwuUwtj~=<4d~o{dKAv#@pt*@=sZWC6w9Z|>ZDr@z?Xu(SE<DdXmihFa
z^~b1)P5Zo6vgje6Jq;6jvTrv(nCRECc>m5#Bd-A9-mP=ViTxmIeHgT#?T(lylN<ia
zx(+qVObTj7ExkRwFl&LT)e>L3lb3G;LV6WaPyzVofJ+(6cDE3&vQ=%q!6RTBsIJ&V
zU|i_(Ece-Ins1HCQ9V7qtTki$oCl0!Xrw`a)6Gr9N1!Gsy~L7xLTu|2xpAK(2MryX
z5>)zZao)YX&L6VQ>%ZCLd^n{~K(1Nz*{b-F8f+zpb{f?VVMJA6MP~VZIkl*|w0QT}
ziPJx+_cdP{WbK>GQ#n_`b1lg65BAvjFpD3PZBP^N;6seHZ+zLY1+O=_mnYnO&SU1~
z44+bS#=^6zIxK99j%jjoO6J=<p3rz<na>T2%XZq-=rc*9O`BTiAJMkzu`ZT*=Iv45
z;jSP>G<BkDAHZ>0oPKmy8(6{k87>{y+f3p-I=tiB8o)&N2`<mmyt$d&@>!x++vp7+
zI(&I|EcHX)-l&(GS&`>+qC!>zvVTbB^_L$kM4GWX<KX4Xm-ihyRN|El3JESF$(HFJ
zr~a3HWyLbLQiQ2KQ~Bw}f!JNU2F~z)%-jSjS^gPWmbE0_o&Q>FVm&Hy&uCf!Hu7ea
zp&CepoY*2fof8>wn0-&<)$7-JSE5e@A@*v?WQTSw43oOm9E_Pzl5nO{ZKy+sMGq<#
zf97?mu)JIoT4~`jP<`IpnxGp>l?x3=TyR`EE;+U$@IvPBPY1nfI(@06o&6GNouE><
zyyH}xi7(o|^*Qx)`^i$@@-Mu?)aQf{R&=ugr{6g5{#3GYM_R#!(HShKyWO9iSnlOe
z(!RtAEb8&sZ)S@^<nd(7j;CgB26p!8dfwSLAQzzAsR}Ub6p$+!rAMV|#a%y^I&xWJ
z;;;z+{Qcu{S7(C6(6Y8e&)E3&cb`4m^YblQjKChrh0XAJ=9T|?dDFbKF>0o#y$j;q
zBA!>>y*rU`0Mw~$h))x_)5P}+M-|+?aq{h<(+92*!gy^yf*OsNYsc%J2cNmHx~d}P
zNYcZZ0s8}70k1bTQ8+lMJYTzAPinikGoRW#N#Mo3-win0W`#)=x*%mWr>gj2_N#E~
z=h4@YY9J&-J@n<9vg}o3!1<o%t~LwTH$6I342cGQSv1W@udub%#NpelD#1$04}O`s
z4X~YopRQ?kGw>Jgb66FVZP_C{u{?U`v;E^^2rp0VPC6pwC*RhxtyX(GKH)>Ipy|2n
zFN+_3F8o;Tb8GB`8%mpIr5aX7jjsI1td;Mvl8Ob%J~1O#<!1IOe!ZqVGPZok5nd3#
zX((OkWMrmFS)?_9x3t#VHI!y}ye=r*vN<euW7h)<<_*#2J@4bkwhV7(mhF0%k!f>i
zyh+HQ<2Q#-S(Xc^k*%yfAN&VKB)p<JUupLa5aK66mT7$`%dh%N&YXf154Bz-f4&Vk
z&5#H7to?;#66p@0#z%a-q&n`n;6iAh31MYc+lIaPbYo~s)9dp)j9hZ`D9K{muoI@v
zOcpB}RCIN*4j~(ft@)YZPpgmR8tfpj_EmwT!u*xJheyZ9PtjTR;_PVN2+gK_LMrDB
znRdLDwLx(wq+)9Ii*s|E&B@!n@j%VslDzYKvqG}wwzQc%c_Bzes)F@nV79W?<6YUw
z)#Wk6HkP*3Yy(m(JKq~vk&dT3UD$L#$Z?BPK=0D#3k@|h^pD(3?j9l3)zUHw4o(_8
z^?1?6UBvw{Lx(*%TbX^r_tQqp>u+XkHB4l+JYlL<da|@bcEW{<aFt$>L#l&YR~^hg
z_#wpoR?V9z14i|_(tKOL3IoH6xS}?%@)8~t##{<|exh>Zk;089Q?p-}4lK>6<Q*#T
znPu`Y@aCW)7w;a`qL_ckyf{2-twD51a^7LyAlk7d)i!RMeGV=O{>*Wjz6w~~N8UR|
zPr2lIYxMjUjNCgr%5rzE%KD%Y_M%6Ce?HJgkIDDIn%HjA&Y-MQRc26WZ;*U6ypv(f
zFpA6B=oq|ov0899q#R1Q$%qYo?woLcc;H&-C{vS=S;lz?BtF=8vFD`@0YDYgO&%O)
z-#ZL!#(@(32d4%u44-CiZ=dhe>qgP1)U7n@)_(3smxVV4nd%hxxU-8cT{0>51If<)
zg4_Dp?OuOWGYk$q_cm+b1z_Y>f;`{8fP*@1dx`PV%lQUZTL_=4MhLU->Y1fmY|$G$
zYoPt=jmljYZ`RZBGCi0->u^fVhL;KJC(mwI@PODdNO1RK^~>VxJ2Ph#1*nwLSLe1m
z6Q8-I-J^*`0T0WjPcQM)R2mVTIqgQ&cG9O~QyEne>#~z|Uhw?NhP%@5^wTz9T0z;}
zeyaV%!s4>i_ccGa`S7SkTtY~cuAf$utf-#j(&-ly_c&c&Xs|OlGZ##I*TK<-ou<9%
z9V6nawk$S0YCx)bq5L?8H|_L|*B6eY^jT(q%ys`^^O_TDIuSZ)j_K{SZde{j3QuO#
zfI_)(MMGztytA>@Y75rwi2WKZ%1DpS9IoEx{lwfPq}7#lk^SkH74~RH(a8>KBWJ8|
z_kSB}G{<_!$bb?~X5l8cRm!>%W3w-Hefa9wotPT%*!{ym`Z>|m@zj*fkvHBfG;h9H
ze}!suPE2f^1673G22k%9@0*%q!0-wWXDqim{bEs1&kSzD!aEgZ!zW#FDN_BCPD@-v
z^wurA#^*#?J+g6#F{;RWT&iC1S>w}I&xtITz545Xf@h_4DlYsqt?L`!zLd%f!zxdn
zY(chr=%-S>pHtI1@<Vm=S#A$IjS#NW<XtuhAOA7q)38;0GkJrKbsg?A$LVSAj5A;C
z)Mr-gROwW`VR5q0>48suNBvVC??XM+<iR>h*4)CdkHt;>KgFJ?@=&k-B1n#CCuA(C
zIodv-6>lp{`Dd(on1_-5y_A!H<PAOq>I06f7~<{E1E6Wkz`<tSJZ^HX78O-=_5V0{
z){q^aK|W7A?m9@sYzHyns<ZyZ6ZcMyMvCoh8MoWbcikTs*D^e+0A#+$T3P+$%YK>H
zfip*px^4yZvzfkd;lkNR!@?bSXFi&R8|Plmnda0c(7*7@y!GMXJNqm7cJQ<`)I48l
zYN(lZQnv<V)~_^a*=u{!^i%xZ!;-&P^?2~9hkg0c?x#hu<KroXt-~rWb}*drIyKAS
z692Bb=6<iLx!#ZN+#0;4AfcGZK0E(I_g=A|QVz_1SAAb4ea0U0gr(J)4>ry+^;<DC
zF!NKHKxI}jH|YM6>=3Pw%r|>EeeMvu4?k{gmh;ZU!g2EAiX<H~#wk{e;i`vf-R@Gl
zm#XC{SM|K^aPrN3r%CCj6Q<rvwq<F)A2y<;>R!7SD-5+>eA4*zHeFY_L!Zs7Zmw%i
zIYJ1U9IH~e?WoF}vU9?Sq9?;{&a`_wJ==N?Z)vsnV5@fQs8|j16uSreT7^0e&0Dx_
z_->Q7CklI$x0JLmerZy)c-+l{*&vKyc9<S8Af&H>{@`h5%e(EkupxF}V3*wY&rWBj
z+c{1)Vu1=zEx+yyJM3(_DKt(!EjhT#|HQyq*Vhdmmupyb$9Q%S`F|ZBI<?U1U*4<(
zPb3fK+ZAd~%;odCQ)YJxuKvPW@3uDkzE;G!mpuYB_Py$6So%~jxv521M_1LHwVOso
zN2$6l?*ZzM7f)+(*!5NqujHqo95X-Z)6g?5H;<Vg864x;ee_0M2ct7<%ji!R5cgLk
z-Dg{FD{byr=9lS7zX^&y_8l$#T)5F9%rx`H*%QQl+D?=wrLS$1ITx5}agzsanj4bv
z54~(wn!nzK|J9tR7+0p9R`|G&Uq!`6>Wb!`1N#o8D0gj_dd1w>Al$yI#nUC~rtOoi
z%|Gw3?PTGS5tGtSt%-~XO?7=Z>%!3W(+}pUJ-W8ErdQ;O1R$1MhT1_dsuFr{ng7DT
z_Cs>i^$)jijw>t=TBT|DY;)+^9$kApJ*44Yu9KFUIzOP(tkLG`Z#YgRA+(vpcC@ux
z{^>zbT0C!Gs=ad64i)lSUmXy8U%We{XiedYybi0bs(v_r?q=45@xss4!9`z;Oh;e1
z#2nJ;<5Q<qGdGNit|?5enR2Shrpi^VH%tZ9#Gwh#{o8_+Z^*KZ>d}UT9^#b|3s%N(
z3yaN>k$n!g1(h>XqUWnldpd5FQ^YBqO?N&;2yUMT#8g7Zs*uW$ExWb8Sh2Lvjma@1
z0)`9X=CtYRs*!L#(d+FU0Hk!DjC`>`b<)e5@zX52g(nt{-xmMS&-z1R>}%ahS|MHI
z{HvASbu0(Hb?JO7UIcYi3cOPTeJC@x&5XWzGqxP?fLZe|zg=%rTKeIhv$b{2_2~wY
z)xG;njsMcEkfh}9ly%17=$w-Go2Q;R(q!YA>93~uC+u@4U0HE^f>TIxf$h2v$rZ~;
zHyv`W?MuCIuA<4dwVo-A$G$#h6piZF%2l08)Ew{3>@E0E^FZ7B?6hNr?KAf-v5O2U
z>=9gi?emO?R#|&{o)%s;n;bM?PuC6mKOf4VsX2Ejy5Bukg<G-6-=TlGvAXMnkK*j%
z5Y>g5Jzw-1G29~~g`1N5cvntZxV~$~LPlCqIoX9yp?GCzUR9os5(h^JL&l98w=Oit
zWYqZZ=C|VJ+h6T|=w@p@v$V0TSE7+%ufb=>n0|`Pdevj&CC}1L@wz2C+FOBRELML~
z@V>N?RC##U#LcrxSJJOqn_uY=vus+YD(y4T$;oy_)5DuoM^%=VW&fYAw+xHA>)*X4
zR6qm?QR$E_K@n+18tIl4l$4f+8Bpm`5s(}Nq)U*Fp%fJmkj{~Ah8SvKW}Y?Zeeb=G
zz5maP>zy3etlz3{oabjvJaJ2YDlJvY2s<?`l?MW-=^W4Z9}vc~?O#uxW>vI@I?eF!
zPp^=VA`v2_wM<E&hqn6su5w?49I3aznVes%o41$<{_V)Mu}6cM@jAt325HI5@qdP0
z0-r_a<Q(=(jj_fB#t}IhR~Yp)+!VhswY2{&Oe&1+c*n@h2kdsmzV)Zd51d&6>8Y$0
z)+4^ZcOtI*EjDlv8uG>dr!Y8Rd+T)d(~(yww<nHGW};a8gtu6n7ul5fy$|PkEZ98!
znTXk}<?CVQ$~mrWPpf2?AHGKgfjy7);!WiQb@m4aaWI{6U#RV6*>scGuDHGj5Auju
zFugFRK$}`<{>`aC6)xEiCa-+*0&2!`THz<#&o{=#BcUTh^S^|nbc))K>lI<69Y~yO
z_a5@_hdHTehU$@@`R85KVUN!ol3!+&=Kq@avhYtPD;x+0kn6qWW)<ut{Fl*R@_r|)
z6#s7?WhQ>>mRxxwas$(J;bE8Xx1MU|wjh;w!uLaW|G=_E%U65~hy&9U;Y4YQIMJID
zsZivPgT7lh^M?FCaOK6E%3ra1T+j94EK_1PY?Pnzi{J)&9LZNU^ye}c543)Mw${tp
z?L0(oP+`(Zz|v0iiEX(gvzy@7x58L0U=`%Y!F6g8BD~~Vxi3zI8@YMEsxQ;TVI?CW
zPAl0(8+2|YDo*n@bNmC&(tBmEdt);|t>AiMpb|<z3MTJL6)C~L+M_7->tMOR#T8wp
z*H`Q{?}L~EXF&nVj!P~D26^}DE$sw&3fr4Bu4;^|n>y_u*Y~WivK;k$^npQ5KoJKJ
zL!ooZge?tqIYoybmO*%{ZIu7G7&nWc#bic?@gMfJ3QcFIZR;IX8D~P2&fV%nJWlKD
z+w!9@lMubsJmE*pSI+O$sSZz`9~^(QF?uH*e%v?tEI-G`n_kw`u%I0)^^E(;Om!yX
z`2oJXcy}ty06pnj2W185(>i*cVo>(wU{&S*Li4xkH4)3obSvs#+4uc}+}le3ibb(^
zU(HYowf>&-e}<b!zi0;$c@KZtbCD(lHAYJI%hd9)Q9D9w!&5X%U6a~Ernl+>&NvF9
zOnAY|eeR&6GVS%=?Iv6%N9CKO^k8vZ!M6p8Y7GV4iN%0xX>Tp{-eyY%jWVTLSC&ww
z;QM@`vbKHLa}?)+Q$r1+>HylfaR>EFv&*jg?os=R9Z>To1XwD-sp8u!q&}X-p<x=l
zN?I`oEaBI`-kctJ1S;-g53C&ShTL(z{;%+LD?!DFoE2YJ9Zt5dom`wbHa4BfDuJ$e
zZ|dlp#zUiiCSHSfi(x1Pn(LD#ld_?nzVMFPB$yNW_~fH`!p<KZzat-KnQxFK6QTP9
zeZ)Z{^pHF~+qo8-u-v(own9gKxD!J7Vf?AW)frc&+UkBxhNP7HJb}c@hs20$5dN;)
za>;j9xAQyU;yv(-9VdcX@X1&LrguBtoH99*yE)DXZDCCXXhCO>q{ZKy@>%wF07rU<
z9k(6WHGhl7%+3zHbpPtypRKr8ZC;Rm_|M^Yw8GxA6L!clkt6fw+@s5HzW0$W9v-4j
z!Vgbsj`sXd<5}K?L?8TYckN!=ZWVv#NZrPPPV+}6u4$dyk`)EJgL-E$8z0xYRIR{t
zaz+p!Rkpkf;SYp;#0tkb#Dm!PAi&WpVIPBKhWevD6EcpzrhRv{AJq?pwt4F?E#MEj
zYuwp#`qs8g!r2IcfUybu8Bk+UqEA;vd{*W%?4j3^WTyJp0a0jG`y`^#3UWw%oIxH3
zwc(t>)jo<%`?y&(AR==fRMs8a24TUU!~-g)1EeuCok1=AkoYb+Zb7PY*a&k9FDaiV
zuE{HwkB#-=4n_upeKib}M~GNl3$@Wk^6VbU)O7Fs?vZIW<ma;t1FsW|>t(ef1|l+C
z+j$emxY^`t&b5<S8Qq<)5;EETeF~E;A1%^BQW=@z)pVwgaG*nfKU5m+u+h<BI)X!2
zCxvdDT1Mgb_~^ZA^plsZ?{wIRPf7pQ;zZejOc~1ms6yonvRkTUCb$vKkBY>)q!b=`
zKhx26LYwZQ5COij2OEhmRjZ1&=Y$hmUPD7hP$#$LybkX$O0%Aq6D;eP33`{fg3B6D
zg*Z9O$uZO=!n#9W3S69#7)-e1HpanUOOCY54epL*+pN+7rR5Zc?x8-Lu&48@Hqr@T
zgX1S*6of7KNx+x3Ls=mKG@IdF%AP;n_w$`Tm((#&?thnee9ZnXib2~P+5T>h57py2
zH!zUlj%qDA3KcS<6AiJCA6#O(^S~;UTthR$>ECpjF&GO82@r~M<-nS8rEqokpPdFj
zEhd+3t$g#%9zAX#5ULHR;zm41AXQo`>7+4cRefT+wT$nhTh40=@H)0?z-V*wC|byI
zQa(FRk+mah;w(3(qL6RrD-Cqz=$P#|chyx1y;o;DYcDyb-dvymJc@+H2KndDRY@4s
z+3a#5=pohk{n*@1bg-Hp{%mphgQZ!aG$x*9fXa@do7AZ!Ea2U$jhO<pE=g=&8eFww
zZ0yYuBON(FBw+_{q(=ypw`~RZ$h-7Cs?%j$OReO(7LfE*A~<$`|HxfYgkmEtELm$M
zYHFx6!mL)G-jq07Ow%;m8Z>JJqg7owG+NI>=9oJ+g>nZZ_<g5XqLkLwBPMno-Dxdm
zT$w=Q{sO6a<mW6hVlaH+(NOJF<1>WbpxTgkQy@)`COGaWG&g<=Dh}`cWVw2@0^=JR
zdKkKIN<~19WRc=yVCgAo%Z1CB9+)_xO9v!N8flC+U>_l;Zd|n+#k!_D?xt`Cil6e&
zG8okF-Yr;o1%w_0`K+WVyc7ac#_`cJybA6b^R@%X{cXKdJ5KJx#Y=-DbUAf-79g7v
zUJqrOP!^XLn*b>bFX&hQTOUAjk{T+z+Z?&j@k$>0^BrH{oqTc{EZ+kh)9x*|r`)iy
z+A<*<5BG#ipN?QU`eEY?d~PEZW{fho7&!d%yNT~FgunVMsNj))!E*pqNUYGjU0;~~
zt(VEqHD(SK#E<ahIuOG;F-)m62gQlL<zOSo38+z4H7Ck*<+=2xS&jf_F-c=$kstqT
zH0tp+I@%GNr8UVwiE?@delthEa|tJY3h<7qJh+qS7Agu$X=hk`KzP-5YndLZNzo+L
zOcr}?;@M5B&I8^t=n3tM?-Lu^k1b~kq)%OY3+_8;*hHHic=bJcc-W&K*zA$Bdz#P1
zX|-QEc~R<)vy>3{9@X>zcg)%-0o&hle3Yt3K?X@W*c|L{)VeE)d_%NwkI4JZX14|b
z6sbmRXsB=F?k+ZBG*o1>axCZHCD0TYIJzzT_*aYsp?CbCHo*th3i-_{MivC|S*YKA
zR8wJQe(&!m0Ts*)X4BW>>rN>OmZbs976+DPJSe}Fw32B`u<N-$!ju<WXV&^GQBu^>
zPq1tElt^y+a@`oqgZIB^oc?)?^w@)H*~{X3wf5nbbuIg@{Lyl9_1_SW*OAA~%S{i?
zn-sX%clNY<?C*t4=Fey7HHO}PWa<@1aT50X2?$5~MUlopFg4y;!#s}JR;ly5OTj!$
zbfZ~xcInIWE1Zehh{naABeFLLw6`2v^DkYRZE@{lbxe9V7aBZ0e@9;kOt<!lKv$Re
zzfNC^pn%aeinAVBgaH%z7Oav=99nM?iF~QgO)*&}(_(B9A(<Rdl|M7PKPGj(5_$g}
zn*8Q2Mgfk_v_{OY9!3PML!krZ-kW+~HxHV0b+;RjR_D0CVr^&pkkZzfaL+;{{ZXL;
z+~+bJ!A(SVu$3NuBlMZEsR^jpxK6^E%BE}0?{$1JSjLyBm_Un(OmHvmuQjE&gJm2)
z%B&SRbPq((f1k))V|Q7x%^tFUKmQQde7p`+lHSJGjT*twhA!bxz6m=C*_MAt`;POI
z`UW?W?;m0y>~a%@6_o@T-+GOhz5M^guMU!i4tuHHJZaw(96(;(nM&>3om$Sj`7ywd
z{;uKZ$L!3>J?BhvZDt6}2Qfdp+($cy&4j=XzxNGl!Qj+53oW^M!rvK@1tqQu&w?JF
z>x27HxAt}P{Rm+O0cm1Jn5&VCg4Zi`4fdY8%33v9rcG<~bzpPeq<Z2S0FtccWY+3x
zh1RWb<$Kw3k=ck|IsMEV6QvNYh8^tbK0A7H>`hHTdRSB+XsJ2E7LSg&tj?;s-)ch_
z*V@@wZFJ*T@=GaT6^yXHa&7r^Hmua5oi$Jp6*x~d$y$aUd&agb)*ptg>!A*Nf3)VM
z`iq%Zh3?;GZ<Q;t^gB+GYMnj)LTsDx2?IvbahjNq;71>)WG>tfyG_baw5~neU(iz3
zekj9??HxEbf?Rb&!{h2fjV&53o>V+fxs@CenZIIU>v%S(UkTmmK(Cr+b7?Zb`mlq8
zaUfnx9R101S}7g+j)6sRj5Ql^@Yc#Z6u-I3NB-YK`rA4$if%i>CCwg*8x|Gxe92W{
z9B$;GOEfIn+<bRBGI#ND6>QGU%I)O&Vu+=MMQPljFG}VKhW2D6pSy|0O;VbMPyn@X
zGQ-@Q3Bf*6eh2*kb#bKDrJ*rkNE_V?_}U_#j(B|7cLjoNRJNt}x6Oa@b4`PfETo%&
zD`TAL<UozmE}{m_2pTyx;Ba}x`E1D@%oRwCQn(__$~PdsuQ|}>Fxm^y5Y^VMOQ6+5
zDIgmchi2CNj~3tym@~Dn|MLKcubFR-h&K#8nF<6dK)!()ac-uElgm7=a?M*<)uX_K
zb2A&K=_FR!O;5v#_M-UTX1<U3ax+{q9JjO+LrqfSOMN6l3RCx6TAy+m5^vCclT^Y*
zU}!XSS9QaV^R$Zku#n_j`AU8=RO8uYI$EP5V(8Rkw~4PZuQsDLyH@dyJs`5gH}>-X
zw$JYvtTb1qdEU#0yZjEzlG;)slr<NKJbihAj{D+-jON3y;1(sT?(+x?r1_iV&QG>`
zc+H;W7HiRE-VWtmc~@uGv__9drUxf2K|n4ylI-#}1I8RccKp7R_=~!_(rAo+?oCm9
zxWkigf&6<d+(vM_8}{Zolgq1GOMZ~`hxLKMU2fDL{XS+17Zob|naeoRmu_GU4RLuU
z*ns8S96f)syb@k{jaS?Q2wdD&gvdjW_8XZs={bWfZDznlX~mNg5EB9MbRJyG1ZM?_
zGHNvN3&EqBN<WHZoV8Vw0d*ikDxLHQ1Q^Ae%uZLwz_^+rG{lAlK}qxTY5x*i1YJ_`
zrSM=?8(pK$B9{w|a@EApvNA(<*bH`BYH6-^pL0z6S?TcM&DEUm$TyiW-h~<ovxy^O
zSp|8Tk^Xc}PO^x6A3=C^9wL=^yN{$){^S^@Ca_{c|0Xd#H~Ye=x<-!rB9#?kn`E-O
zAdS`2bKDmy-_eNFu`&ShLq)}F3y3%{vskz72escwt;xulY?*Ah0wkL3PY(|NuEFuV
z3b>CqXjoEVuCkO}a_pA<MRrq?=9b?NC6hr{oc65-rN%CYf@@Cy?<qU$!o!}GLq|ug
zz8`&6bMw@|Zfn-BfL<ApuYDX@)J@s0?faoUdm=!4^i^!1r_foO4ZFAxdJH;57pe7q
z;c8RM=3TDO){S7KX|=04(`k0dLlWqPbH1H&C#@=kWJg1}3Qr|yh850nvtCziEj>Dt
zqoJ&n4BIynziT~_YK<6yuw)J}aRjWJbi3||1;qei(DILGza+r;B$8PWGM`Uosp3|I
zPpr)Q-|(X07Qhs2Z{_Zhg}=81{)c<(Mgm$<Zqs`{d3~pUC{_)X&n4-0-=`09U}l35
z5;O4|1b_t_1I1F;X1UNn<i?#ZTIz--yW+0B%R582zrf%*u`(8rKBO_BE%Hz)=668f
zGvY_zx)cH*&2_1sBMWkAPEOuXSdO6;V{3&73Ki=PT&(}0`N+IVRfBMQ%+tH~>%(v#
z5<BAw|2TXI3ol)Y^M3|R*KyMRmnY5^qpQEGbCnx*X%sFog;;&@XL3<-ZZ&@9ibyu+
z*>pYoe^1w6sfSp|1FvQVDcOcA-Rf(J+%i%Uq!$nEDf2l9){7iPeDpXS85q)T9_C~%
zyOS4M>g$q*9iIdoVQN>Zq_IG(B1pOKg6a8eBS`(M0AdkE!!)Q@(U1*XU~cTKKiB#M
zuu~J|tizF8CJv78Ue4j-FMr}=A%G)?e?`KCwjzge|0Ixx-G;o9=psIGDTRR(@pE>4
z*Ix<IQYxFMOx4Nkz+TAt>;C$}tof_-rKS6j`9`PHWa~mdQ>XQ->(c9Xb{>RD?~`oC
zV=?SR3XWp$@IlB>^#5>EpC!eLMvc9jVqOkcm1Jv&s`6&uW=Wr3^m5JbJS|_3O59$0
z9c<Uz>=P}kOc+M@w0M92l6sLeGlc&OqHnP8u(LN4vh;d4YKJQu!ErMF>!AKdk&x!y
zp~e*i=->x2LtXQ*kop^Z?uZSIMPn0-`OE7*HfxHLPnI=#XUSD3`$WFB2%3M0fJ|yI
z50e3z-QYzpeZebj-!_({ck7?2{QRZxZgAG*`QqfgM6H!pIlHa*OsK0PNkbn`k(ZBV
z34<m-5l@>)^xr)TB&BTs=gGw%pG4#97-+ZK?==2IxBLoZLPDIm)B?{eZZu5ys-$b^
zj_DlGc=3G@gZe*7p<WqDg+v9G?bUWd2E{NVC(m9!7HYNjLwoAI>zBE$!MR~-Xi+`h
z?do@8P$^dsNSN~LW{+@LCn)%69l;suFs+1U%|4KO9U|<@AD$xaU*pM^W4Dce{0Xeq
zFiG@faCFwK4SF5<`4LTdwOOjyCN!Q8ayx!0x?yhlN{Vs_UdFeg*&R~KWp#M(a`nUi
zVLSd6U?g1c4+Ggqn;%Qb4(HOm|8Y>Gufm;BsC%g$X)q@`Ba(D1$42Px@JMmbG3uI0
z<VoNYOz$Yl^c81tK3q#POl?A0#L^Iv)sB`BwhBFzqM@#^X%x6RA_vda<)m8hp~d8r
z|M*6u?6o^-&X=y^fRxA^uRR`)T&W$M87R~EYgV~yHoXZ3^``?Phj5X1vDT#-ZLw2t
zX)VKM=A%gHJDPqtxy}Dtz2{`?(!cyY<g-@mmODKk)&FoY09_*Wu~_Z&ZMbv$r-Ttc
z_dZ-zy6RY!I<v>Sgo>;>UCur|<{;M^>?RPFi;ENCo(nuQG0$<Gl<jWpJN&_wiM0*M
zeGbdS#;yMN+1)3245FGs#BnrMD5Y>EB{8pNK266sOt)+nh==<o#4g6iY+e6#D`rLF
ztn^1E2JPe@1;ibQ!S7)9E0N*KThOI!ElsX9`jS6IrLT{PRstN|vJpDV?X@&ZIZrpv
zeYRlWxDx43PbLor#Dht+nTP$m>2QWg{N#zjF+aXHjfOgg-|vbCihLV5FNzdu+s&f;
z=2Oi!f3Z{R)Ers0GmH}(UfpMCx~?HC5Zb+H-qBZzZW7|ef%Uf(#60@W&fEcLvb<fA
zKQ)L3JxuvYW92-Xyy0dQ-bB6tWb||)(2_#|u?p%_^EzdrEvccN2wi+L6e6`n7vvSO
zGTJ3OC#XC(+ja%#dTliO<4CI0{x?&xN#)_Ht|$hK7NtuNWERD~u~yb)lOv^=9(~7(
zE<`0}P`j)j#8_(3#jzvqe{nH9agppH=ieaGk^0rrL4dOoY1xr4Q_<Q~X7y<t@uCCE
z8(1VNSAlkT$i`5op8C%XAR^Dv6Cx{K*B`?yEd*soURFQlznJ8z3b)gMzT+T}TC!v7
zNQtOV<E!|brx}V`&b=9;Lri<p(=S(EM_7FQ7c%x-)(YGY?p^ofwO#ZBn&=+~1~uCg
z-xR!m=L2`xnM|%WmZK%E;$(IQ=wfVwG^mAO12<$mJ++PcR>w=ZQIk78&e7P{kFT`^
zJd<Uf_T!YyyL%LK%W;Tj-?e7la^aAfey2TT9tDI#gSLm_h(Nt+41lq8`$p%uU+wO@
zjEyw|@E=WyMOx>>ue0GSWn108e!n_*eIsh&uSPzQ?Z<X+`J`%39?Dr5S-z-d5Geli
zb^rR_2w#t}-u&ddcs3j@4znlvCh2{_yRFi)5}jFG4DlbylTgmYHQ)FORMTU0<v{?$
zGLm=e;*#CVdZG`v+-CB~@PS=E>S<y@yfsu&F;;EF2=V=C&{Sn#YzghfEx8gRO=iYG
zk5#Mk@n7?JvkXM4lnK*trWp4^^<GJ#+gzF|H5DgkmcFij>EMA5eEw}_mbc-4cTN%W
zs0M`D!yD;rF%=VU_^0T>4Ia#r>M5|)uN_VMAed~r0PSPxQpKq(L;~-oHm<Ubz1uiC
zG-UPt4V&-LZ1}ULA3^!fjA*$-!*YvQ;3p>DTk0JgfxUZ2%^0}dw#%3VSFXWgFrZiX
z*>SkYx#b$MWGnbc6_T?wS!uU_)aGSs_lZS5P!G!AZo#Zy_Fd@GXi*44o#x-<vOY<F
zf%>jyFbAJm3`?*)2Lzsx*{PEH;&=EyBjI@nIFn1?sNih_Oi|vzCu-E^ir&S=VPiwX
zP|0NFjbbsZka!%+`%+?PBdSx|T^Zwh=IUB|*gkRr$Pl9jOMZeRqo2dkFS9NP5mrR3
zuYcENKRZ05%4@(<w48P;^lPOC%;cf6KgU0_QL8s$dh2p7<la{>05`N%Mh>t`-Mlb4
zcZiu&OUJd*m+(1n`(b!j3itMO)A0gm%~js-nzkM*y`d=>89f41x=g#PQP|4{)y4)U
z(UlYauIzGs4NxUw)OXLh&m5B0Pmw5Rui+2KGc%G+n3^%uU-@STJ8cKI;_j@D?qCF4
zys(nL2bmh*TH4dS!v%wV-%}j2sYQ^w#8NL73O9*NF*<nQQgnQ~LPVN2cl|$>E$h_#
zHxUlj=O2}b*uNmayL5occzc;I>@)yGFg0sL`o@q4MKr6LeF0XDLr?cpk`{soXSE~G
znfzR**G78hv@Nzb@M-Cv8$Bu}hMXdLanmY~9<?q8EY0R&$lkmg`;7`op*v$&^fHRK
z9jJkTv&PfIY@I{_JuBj=aal<gPRmsFTU&SF5BI+K#bcxw#A-mR4L6wIz1?x#d@DDa
zTVFlufAfbBQbnMoGz7HcpIwj>E^nV7ygNJScUA3^Dd9UBf=mSnC<~iv=H`v;s05Yw
zA1)DGpW(QyjQkL4<MT5rQX6Z`2+~TMS>6E;7GUVA!PHCyG~({z#eaarC7$}lffRR;
zQpm%X-vxKL;r;|J2;qJS=Y5yRZ<PHo9EeF&BMS#sJnAc~zmfqHeRftBYaUuC<FC;&
zWQFDkjysV%1?s3LV$TnyG>kL0Gjq?D!|X19kz;4Pdhz!3oZ5c9l}(0lfZY0XApxS}
zHQwXf2~1<3ocJh^ut*#4pYmNjdELbAo3LMdXB#&oCuiT;>91_O>#C{P7-rkPP*(k@
zwp&H<BQ-YjhH(;+(8Nd5FKf>dkM@hN*7zPtd2bXDFK>)jy-i(<q_dhUCLp?ybw(-^
zv~w_T39MJse9=zIJ?5xila`hit&w(@O<35q*h_AINbd-N!{SjE1@m!|YdllH4!(kb
z!%Kr4Eyls&N2K`&AQ6~n-K>tL)P<X07nirt13p&~dZsyGekK6<Rh2t~cA!Ol@$V7?
z47$gA7Qa(HH@WhPg&QWS(_qk`b$<HReVm+7@i#dqr-~PPGIg)tV{znmgbmA*!?<aW
zcm22fBAKM}3UH0f&n*xvKd_2bE@%5RHKz?*^Vju)`LI7^FTPwltUL=H2>|MKqW1=3
z1*N*i6!o1PRy6d}#<!bE#Jbf)W{=8hUZeC-u45GhfZrwV(ztnd_}5gurwDLwJ4a!)
zWRHpQlr%bFi|57e0t1%%`maw<PwCdNKxI||Fd2V<Sn4ZY7YgKAc<hGJsLiInl~dO#
zAHR?go&y4;TLG+$6jKvhKtI%_%o0TGvi{Wx0uXU-gBs$q@p9PKvc@g?!ZP*de_y5J
zKVL=ZKVN0&+K1qOrct~zc+$1Fx%Oms7S=4M-I1Omvpzlip`qkLWE}B(L$N>G-4|Ft
z7EwV18>l;WnLfD58%@4D&_Mx&AC)iQynVJGU`MSE+FcsZA_xLbc;2@G-`T?d;FYU@
z6M>h$3Yb(91L^`JJv}|1ILEJb0!VtHJM&%h;7B$aAi8GZ%SIuC(q{Bqcv}YqfZIS>
zoLyF?>G!h>a84E$o|3c3GU72Y*b@W}PiX0=c+znnPZ0sgn0T-Cktgl1N!=vH`_%UA
zYF1gOT6sc&eD$KwlzVu4x6K$LDvB)Kd&0p{mz9@SRpUxUGq^>RBV9E8Uu;d?IN7X)
zQO^McjLz}~9EWv;IlIJnwuqLzdzsO+lDJIgg=M6sp&72Ov@|?PfB#49_?ibCKm^=7
zE{h*QG>~$&#tYR6^MDeEXA!<MjsM&iV^0G19`WNf@$&eC@87?-c1F?+KmCPg$}oA`
z)5}nI)mE6L;!hdYG7^;o>`2Ps)?vfQzS6Inw6j@pt^Jx~3Zokkp2ZA^RF;Kz*#I-f
ze*SvDnD}|j;YzS8+$>UA*{9tgpt@?momZB(otK=SpMM9epu1F<;o;$xp+XuV_^AgY
z5V`nnw_Qy9g9D<~9U$hN2dk$8d`g0_alIx0j2Tqx@$|5n_~M|}s(YmO6#viER&?vO
zn)ZIJ)m8nHR3|l$IxZ;@5Uao6HkG4H`FyHQhjbGUrURnZ+YLU*nT3gKLS_*FgII_&
zxz>zHm#!Guud>Whiq)mLVpi7bUk{TBJ@B4%4#xv94gh?PEs-*qFf)NX{X2j)T&wH4
zn|w|C#qHFP{VG9CdDO<ZUbU*uR^Kd;qUk3v#mHODN?c@g3wDLMVB^#YzoW|G*mj}D
zjqJGjn-K<#6yemzP2NhDZrO|97+m!eL_?0=ny6zkCB66nK`*E51P=o_u)(B{z4^yl
zbdC-#^Px}RxkQvu@&symcIKTpGxyS0M_}zOtV~_hmpeMh4!NO??Z;`8zo{|g-1!CA
zKd&f<{C)YGVC%nl!&08d39M``AL8MLPgV?l<(j|KB2P2Dya5^~Kiz{2EDzzu>b(3+
z3lB15|6!BszkdDTC$o!!_}B2Zmu_PLfk=f@CSAlPEb2aq{)gz`pj;o=jISo6^zlN1
z+8@!%VC&4yitW0K%)a+E^xZ^*6Bt)lSBo$}$f_AS;;N4F%>L+#XxX+LM6%5Ewdj7|
z^ZyYofW@A;lGES$J{q)sy;w+-r$V#%RzvUr0WBuIg4K!4Ypa_v0s&TdqsD-xo?Z^u
z!w=hUX!u5|YZn7d%gljCldXS*WF;_PB((b0t*_K?SHsUvh#QT{#fCtPz+U>1sgZ>_
zr1H?IPQWrD36$tpauVzExj(Qc5oXMtjF`F_us8U9T+Xx}r^e9MlgHbQvB|7F$`g0^
zeRBhd8u>(6L&XyaMSC(5&I!=gkjIvnmm6inejJq$zobPNIyl5ibs$%%YN@Yy5dHxt
zm@dsZRGw!u?&bMQsV_1T2vHkyyWcq+U$(=I6D}v^!`@!loUA?cL)ViB>re;?MnWK6
zq+~)IS=#w-t}}68qXw>W!vZTG)3-eh7TCDvXOazjR5H!{c&;mg825t=2N@jf`%b1Q
zUE#)iE}8Y#+RI~-+`s1N`_HL>DYUdIc^c_ex*nVEEKY#G4iGNU%C)jUvetf*WAhYz
z3h&X;$7I-S7~2wgqn-W9!jFW+mHhila6Ca|nD)G+OgA1Nf^LSg!vXTCnCBeX4&EUd
zdZ34b`7NdJamb8jct*B<O13Cko6|j~N$#df0LUIByMgL~IFLQaQuX{GjxxZtEBKn}
zw(jp6n$$c`S(EE)2FmqY)}15>G=vM0^C!<OUp!;9y`{{g>H?6+wM0>5`PN8pCn?X6
zAt?<}dov65v=|iHl$5$u)?*W*sToJsxcr+8*Z%38K!^fV{d5MX4}n!;pl^``wOwT_
zbsH?3#`7wFi6tRp?ER^S5hLkN;+*C|1H)z0r@1Yy#Q1FkI0p5gl(+gyvPPq!{?OaA
zrm<zj<KP;mBzk>-H^PLc1qz5eS9N8d{iNkYNszYgpU}3`VgSh|PIzDnfQ_=7e$wud
z_ttt}$m(B$*B@k9I0>D%I+ANX1y@`N^>T=U9L=$TfkEN3i-sB4QT5Nz8NX%T5NVGE
z70$UEEq%`}&>qA*&Kkw-^~o7M!Cf<RBl!LM_cmZ}Wo2dEXX+*;ElaT5A`}wNy1wjn
zE4&R)Y2u=-;Y6pb^udU7SWDa>{Qe*7GrqqW?Zt|Sz8p9o6ZYpf5pEj-)dJsTtS<@e
zT)N6lq#5i+O2kcCvJhO#B<IocH$GHIzV9@{@z}F$+6ZXt&ti=s?rh6%_fdF;t?XVw
zwf!MWxbrh){6wf9gQF1o*omKtMN#hIPu{2--oM(#cFEQAZ+!|61Pb_{-91;l`OOfI
zJ2d+w9&V*n#D&hmXh?c^`r1{A{g3Mf!QVCa_wc#;p-W3n&G=d$9iudFPtEYf#>V17
zulj}o#r;*9T2i5RI%evtTEY3e?1aP%iJc|@E7ebo)N22g2{xrGxSQynLu<PVp^$Rc
z{X8B!=HUCYm|lr(GmDF%zUrnIJzl=tbbHsyM_y}3+X;fLC;&lIGryg~QqqGH+{w`Z
zcbXzxY`m?MTw=UkmD0(YdtzQ=g653;5i)YNZRYI`1I*X`IqW7iS^+~N|Nq=JKxi`X
z@f@Ci;<fweo?YojyGgTnO<@U{)izo(uO&h&V_BJ_g~^HbilDIl+c~mTn<v-8etR|t
z0w~qbCM1G6hvZ&cs~Isi6mIj;p0ei7a_gtds0CBg!)krXll#n1+enj~6H9k44Y?{A
zxV48l9hH8fH1lRv#Gh}h#1qT}e)%E(lz$pS-XGokN5ZHBrga+zlMU1iu;gvLdCnk{
zAsf^{HfR@jF3N9<BCE<c8~!PRC?hDL<}Xf?wSjmcLrDSpLfH&udK+KYj>mqes8XcD
zc>lgrA_R_xyk|&pa-SZbaP?~~r@QLa=4=mFy{;`0XZ=|=jL`jS(q}y&#b5s8{r`WL
z|1>3K<9am3d53=k0DpQb<Ub2<wCq0%?|%#D&O}Lo0U~}l<MPXU^qO$`qU3+603psa
z_PqfLPQRwT`{bqM&ng7;OcIi2gm?@8{~^c#C5$JJ53mvU6V(0-(F}>e+vQ6;9M7iM
z1~LAqsK-1W2>Tr^KZzJ8{2y?L*N4h>{VV>y#0fuSB#Cpc{uc<6B}QDbX<@1t&a}Md
zpZ_@r={@{}jL0RY+c^Pqsa6!2l!`@cd#>+0xr}#j##;jF7+1aD2Np+gnCh9Hl$q62
zi%-9xS<$zi)l>v$35843&Nsm~?#gT~I#W%kt!Y!|XhzDfv?n#4x_Ib~s372tzWu6+
z^pcStE8`U=1?BP8!vExWRU~fIi1&hXFPaBGJf+gR?#8fyxA@>=a80Sr*TD7h2b>yh
zAa<LlIR=}7@0ax6qiR7>A7aPRvJ83E0R#w&roeu~bJ>OtI_A6LjZFEVz<hEK1XmzB
zw*1rokka{OrYR%n#q!~>C&FhWW{+;c>*6lys<vc}!g*uh(~oi8K`Q{-Yg)cn1}L*r
zJwJdnPC7H4m-t^`aFX!gX=op30Q8>WSYX`r0ZFZR(h5w%lj{N{^G5L!K3ACW_21@2
z^M0GGb&b#PnYp0_LOj6o8z98<&j7ZU!jcIGV(42>zhBv?U(OWtE^lgLY}{%no^Y_=
zUHGA*rq&KfSTSj?Ehg2?;K$DY;D+fV<N!a<xY@rt)%R$vxct`hv0Gvf+90K-wG>7c
zew+YYb<vB7QhNIwz(&yvB^ko(qJVL|cH+H~;a{Y|i*GNdDdVlyFCEmaXumQ1U#roL
zWDIlIB(`6@H04$n<g~nkFOsKK*{h=PJmPzQf{ETAVgWi%mmLjIUAiyP!2Z+59I){@
zG#`IK8kwFSbb<p5*Q;5yDSwQ#1PGrJwU-S$((nDDg9C3HM_I!f-~KeHBE^DY&?$(2
z>wv$@ebn41WWol(v>e}s;5=WxOwg{cudf4!6aArf%prnOiFVsZGKv>ai^@CDZ(a4y
zwv;k+z>CKfX`U7P=L5`M@Tl<rr>gP#{ypLiY`{z^`mv|Wy-}fT_%lMmNbHT<wpPjJ
z-UM)bOr5v_lL@$6R=-5gS%gEc3t!y@4s}q%`U4h7Coq7V)4X26_@e)TV|MFfivFf+
zs6Y61|KYB4sxW;p8y5J#np2IfQp8=EFOXjkUhGaTMjuZP73vN9NGHMVVAlm(N$}Rw
zqGtkTm8~kT=HsM(ZL!hl2XV#j+-FJ>!#qeC7<;9F=Xs6z^Z*e;#rVmlOYQ#6+zbER
zmaO`O-Z+`$4a~>KS*ttVlN?hsUv8d}<wjQb0>TbWvtgM~u2q}sc!+w50#4>|DrZ*?
zB;$oH`UVCe%a#CAeh(lnceXnyT?d+h1@US}IHl3Y6V!<5Vs3(_ZVHaYZ-Hu`zYL?L
zrPT$lrNVZsQHk+KkINMmT5!xkn%X_zxkzr8feXoOW-kU5XR{rK{qn|YKSf^|K=AE3
z%9%v3ByVF^#>_`M9vU?ceB>+r56s4%f%p+Rz(v>cg$aW80tf}8R)ER!>I704{UdrN
zfDDayn!$n&bZ%hq#7R-)NjM4yQp7)7=V;flpDHS}IWOa(<U1gTxN{r_ZeHPSP+cfQ
z^recaS9hooZc(?2VT7Bu<!J`Ap7e2^HyiDH`bxlzOU$60^*>sG){OIYGnUGrp#<u{
z#&WyP!2a_VF5nPC{6a?hMK!<S|KfRVa9I6DcqX8&S!VkkMMFb4(KnL%ymqf%y{e{v
zJ3#K?(TzD^6T2M<>5QOq%#f*FotF&Yn#hUB_sNh_)P8}_yd8_-fF6wgQ)ea=LocSL
zNE!${jBCclH@Ufsc|zWDC>J3=Tni?})RhF&TrA;!vjPS1&i8dtfR%Imde!L9dO7?X
zu%NV=6MSH~|G)ic0KJm7aTWwsA8^vAX^i*x2LoT6*k|_tTtN4wsVh!o<SP$rUEYs5
z$GZhQ)RLxIIZnn~heD@VyvLrbjrJ<aL6sl$KEl#srYhrS(SfxKNzkO)jP+Fszc=sR
z%@xm(jZzL-Dv<&QqzWfd`aSpTB5pxJ4QE^}pj2L@#hWw2qsV+gZf-CqSA2^vnC3#m
z-wo+RtWaZq7KC#+=@)y0yS8n_j;Tw=FoiaBvbN&Z>tc`@IWmoc^P&iH2zd1cxq@b{
z!@voW)w&%r1u*$wyWJ|7=Wy4C$p*E?R87%+i))t)Y{~;@!0x!UT#Enfh*GXA8wiXQ
zgQG@Jsf73#_IyA(o{b=GEHulg%>A?SS+};SY4JOx1Y?|Ak<M}n2*0O(#Ut&fz6pQO
zH8ClCcPzpkoM_4VVUOKCX7wOZ4D+_aAGP)uT|5AkPDvX}jL(Bc+^5hBh54Df0eO|T
zUh$1O>WpDQVQ0-}$}p78a73i-$}G7EPUZ9vj=Q|H9l>Z*y8;J>QT@3ayYK$<d_XHP
zVH<XuvZlPWuv~2U!X(@(eh@D`xzMc`=frfDy}-Q=hJ$J%Ak%aaRwqDJAm2OFS8YUl
zWTrm+N&Q+PXX1K(9aB^_C0`DK|Nh#i5l{EctIbF0=dvzljGNTYMBgxyxYX@`&$Bzl
z804SvhFoD!P~Y1wvXo?#;a@zcZrK2@8t9!=>@tR>i##Du=yq$oUUsdD?4&)&>;|2o
zwszKm!(yr^nH$6hxcUkoj<ftCL4Yc#BVEeJ=Ly_eh5>CB9zQtO>Hv9h1DNiMw0hXP
zZ;Cc?X?j->udzJrALFJ|x?chLFEIWE&A(;%E8BZA$E*2m)g~T`2g>TsJ1ZkV?*dpl
zFJem8XP;DeYnKiU>2rSJeY3Z>H!NFX23Hi884Z%i(B!PC{}vsohrcGOTcW7W(GEU3
zY8Nx49qOr6d+_KZ$cY5aLG41^3}iBDQ&4c9^9^)^#~%zL#>VYnrE#-#BKYEjW18uY
z{^AzQ!Q@FyYl~Y-Tb=v-P)p_WXzPq0mUmsIR=SUVk`RT(x{HF>CsLk{)7^&aj@`b!
z38(>)F)`%TV!bq4(jnkLQdYdzAKe#ZO|%~$wBVI+?WCRa%D-^&J_$g+t;?|Yd!-Fs
zGxw&t(C}S3-~6mjDLK!oTMF9rZyT-`*76dVQ&Qr*c|Gc#e~NT5=8SB)PJB@%_3`gq
z#V||zR_y*6jMmgS1qG{u=nvwqnbceV{I7YP`xDhp!;gidTy1?9Ws9fM5)q%Z-F#O1
z+qi#Qf@d45S=K@MF>z(NrD8<36q|efe5=?#@RCQR`r>b@pVHkum8LY9^rk-|0x{NB
zzf%CA)-V#Hd20ipWF6lHo7gV@%7|ugsr&d9tLh7%`d6N`q6gqEDqyCICr;RSGGQDW
zj{Wc#Jogj-fWTSNoP~MzDKdX~Vi(o-LFA!d3y4T=SIdw!&rk7%W~a|(sOn#*?z4X8
zhyj^k;$a3mVj?*)8)lsu`s8TDqD*R|f{0GQxc@b2Rb5hIBJV&S38DXRTCzd0VIh*|
zAm#i42y4DQOE%Brx^}9F6B{+lY1#o526gJX+~80Xd+_Q4p^N3i0l3?&Jgh6z`w#YW
z`gQw4C_8%oNa?-$S^Cq-L(quexETOlzwmPUz~0<-;dvwJ**LsSr5pAEp^JKkg^6Pl
zXhdpcar1SMc<92a1fF)8=!1XN14JNzRV$<KD=V|#v!eB+M^N9`wm0<?JMnefzQ|Wg
z*|4|g%m`ZnVU-sfPRUYs5d7?(+@;a^+bGCb#S=AD{Ege+YHMZ?gj4cie&?g2qHck*
zix^wm!OHQn#TUaDt)L!T%EcuBvix%+hQelQt&%)5yy$uiIn?&E0#5Oo`H(dZs4JH<
z{}Z6G`u;sszKslxrh2~Gw5;e_#m8r_7TLS1<IW0|2+5N*S<|!dX#H-K`Q~J=#2ETC
z-sU>g!=tj{CKQQ>IAd@d=HTs|uLn5i%GIkX@^87CBlK7KSm}r_MHLieWm`eLF{Yno
zVAg)JJI58TE<Yev<R#4J(eUSfA+JT4JK8&g^Re|z=(QD>N(=BoPP;9g?4Eyj`?ej#
z&f^ff^qwknf4s_WzG1zrBkVH6E&F~}JTC$z6-7AK64c0wQYbT5g+Klt--HBkYw7{Q
z1?PMfLi$(Ir|;ofKGnKqK^nQR@6t@n+UDoTx?KCSLi)pXFN2zh^IN3WMUof3_s^f`
z|3=ig+vq3<Q}7h9vMJsK4D4Qx)qJAMT4)`8f~)+wQa1G>gfZthT1jpZ+TOo^;Av@S
zBslM|%3lmCN!Mw(E><oeB#?iZplUK%6@K@GemYGRK0voUf9fwM9auV3E)?sr$@>Ly
z{8;v9XuiDPf@;2WprXz#kOt`t#gj<A^(t~iH2S#ee2@2-<E@3!Q$1~*j>9*H-|Wx{
zJ`VmaceSGt@L&~XWyGS`S+h0jPZiJ(r=Y@a^f29#wBMQFj<6V62M*vJ-XtY)xv*qy
zLmL!>r4RMpv^g;g`}y*(hU}k5k@N8Kx~rqbU1tPP+qo>Cq+_m&$md?wCb;kNZ)`Ea
z10*XL=C<LJY7>3e0Q<qPfc4nm@y+gBOV{X&-qH_M<iZaxe*3N@BmJc(U}H>V);WLe
z=*4hmc`OBG!4b>ijNbX6-->xUGdNHZ``SdCS$<d2EQ|2vi^Z(Q&jq*G6mQ>oKBjF;
z?_M{nD)&1iis1J(aiw4?E8^<}O0D+9Ujj4NOB+*O3<Nk=&Wl{AR5_oYj{m>Q-8)Py
zs%FcTt7E&wycz57dtJ<R+c-?@8UF9^f8G-xoFd!Tn;Wf@WJ4Y!FMDe*b-Lvdny8BM
zRP0g$1j^?0(tRJ|JCx@SC$+M=3jQjKg6&PCv(&E=v(Vf8h9B=pF(^7HYx^F#eI=X!
zwNCCNFTF;&693({_l@X=#|{+#h5kqp`oopo_8|!8KT{9?e?AYG^`~74iI>R9q%VOr
zLo7w8fEvt$yhNS9^rZXOj-SN-1=PcYG#3T%-*&yQj}`GRTVfPedQ>zssl|V?pT|5V
z)yVbKSNf3T1AZ8<0+#9J(Y-B&uO@R7C)Q)DHhe2Ryw2O@jOu(?+V+^JtPEY&b7p%>
z6=6Sig^HIq3+ib@{PJ=L7??F;!RNJ+WxNtIj*bSYv`6am`OuQ`z8`rl$ynv8$;Q2O
zKI!*{id@-G$Vx~_vyg55|NR{{&hLekdW*#&(##2v8KMy7U{&ZJ5z4U`f9SoT8h>aj
zU0~89g`09Vv+NIEYnB`HE*{4?j*$N_vIs#Fq1pV#7VSuNn|iDigPV>gS^SAt_pYIz
zk)jU!w}w?!>UYWDF@3KxgGinV7{4Cm=h=M9$s?+mH-OFIdB4Cfq^!SZD{4+ClyewB
zY=j)Om2ckssKKyRDo$uyD;$8{ukp3&y8RmE=?k@rc|O$9QQ$}Ps>r>nzx(NgGR%=n
zUcomN;dw1}>RxJd#<!FNyMy3!R6*>g)ui)>SBJR7W0g*fEa%`vmLWENA?G#+zQoJ6
zeRj1oEacZ=@U<7#MXNRwV4Mc0U4wd1elA?*rx)syL)Pgpba^}<^T;M?ydC`+_kx$g
zE|FCRPM*Kpt*xJTF6yO<6A69iYj)0WQMQp!><#3|H{Y?lL2^{?L>^+2xO1L!-!4Df
zOW&fF5=CC4(yqldd`i)wq|8|=H61B7yX+TRBX<<><xqw0BAJ&9X2FJiD20K;>H@JY
zEbaA|LY9mASNTpyowg1iof1X)Z)?>+ccsP-mnIv8UrXaMaC>DA(l}eRw0MG01A~P}
zYeR6`&xhxa_N)k2PJVtNe7cmZTGmoz>=APnldAj?8f|YjCi*y#^1#;nM0AyMi|HHK
zUz<ib2VnWu`9rP5FZsRYfsG?>MyO~lA0o~NEq^1q9(s=HIa8X*;G0zkq))~{p+iIx
z8|!wiE{S&M@WDlv;f?XbyEmA=*Z9xrxLQMS%`-?Uvu4Y*AE=t}yUq&%EWMwf%=|JF
zQ0e{puKAdUr#fJR(V9SBknXjyK*hPa=u~;jD8e;|D*ic~V>HF3w*I>!*GFXOjJ#sH
zBp%QcSmA$ZGGfp6{hhyaU-NQ?l5%|K=_27PdADD4!pIixJKxt4*u>=ig{6Tu((6u4
zLnPN#j|~2-xc+J1cN&{#8It+||9R34h=NYLXrHu$l#c<r$UaZ}abA4*>z3LzFdKpp
z<x2IP&86o(Q>m}Kl*!D)*d)tY+3ye=MxX!4mPA&m)rnwgyZKw|DLm#oobdhl)g7d+
zRFDJ(wZB+w`-;#`UA+@wD%a~_L$8PE6#N#xJWki3;YhM7ev&tG+5FYT-wby6pG_Xt
z^<|J|*3xIQAb8<U<I8?*b@II_#22X?7e1xq{`Vb7_2}m#`m~=)M&WYVsp4173)veU
zi)BQa{oaQthQ}X?mPB~3Hf|V!=T?mPYI-wcWofwC`3gg{<}2K$AGQ{};?2p?{_mDX
zs^q*7akQ}9;pf%c{)!d|tY^CfW#TIsk&*6vx$RL2)s(*{c{BW@#w(ILT3^^XN22_7
zK1Psx9vwwHll`Kdc>C6lNRfO)&LFBeh4bE9r&k*8Zy@Zr1q}DDrFCsIlE_qPzGf@3
zuGx;g{o$}Lfu#|(u^;|YgjyZGnyC_59c9p=iOoOkcvXCOf~ZrXhIo1DYe%(X!1an%
z3O+blYfDzu(kq9`-GTWgzZec`ShdD2)Ve?aCQvBxUg`1^mNAyX^-+$h)7GrM>QSrC
zaJ^h~mG-nkD^GiQwyF+~zE67utw1w^qs|{*1E)GWG!C12ji74?yIVmI4aGuuoJiUq
z%J<Kw^N>4UeI?t=F;MD$lm1&MI#<o#;zkX#@V5pIMPsi564SVA(M0D=Q(kS;><IH#
z<rMV9eU_mX`Rvo2_5E19F(?If@<l^~`#H(#@;0`0gD8iYS*e%dx;{qy64m?RheE}P
z;V@~Kej?0*qJw%4e^9$+nwT`6^cKFM4M(5!jYwA#g~0t$i9cg&zIA=v13n3^ld_}V
z2s$cpA1LLBCp`z;<Tm3y58_pB&4@A-IwhCK-rnd<!8xMQ@})pr)r-MA*^}&oe#<na
zaQ&f(lH$>$tIV<+p2Sg-VN~b2d(RFo$0`=oij6n9tf|ihJ;RJ|-)s~Ok{GVizs$Ag
z5A%uWSlqN0$#uRn$03gjCa(YLEr76$couM};)NDLWmGruEST8mRXJlW%K2flzFC$*
zQ{%;%LY`=+D`%k&T!7_+`(-vvhzWh4_1P)>YI<&A=Y2E6q>0#j>-7>1lI~DCpkY2G
ziXhYCGxd#2bZP-o28;o{8KE5)DXhCr&#RapNV#B-p!VX{z7-uk=rm%2qCicF-!t@^
zdlquPMmWn&INe@E-1o`NpYkQb`b=)}@bVS0qAzbyv?HfflE^UbQjJ%#);YxE8HAhd
zy)1RU=xZ1u2Rt*$2$@sSky;nep-Nnj%SRO^euTN&u}eyj9txPUms&a#|NBC(J~0RN
zL_K&?_)<LCZZ1|%RA)s$S6HC)<%bIGx0cYLWM8x2-{4mda8s5MmflPAU7LP9?(7%^
z?A7R(T|$n*`9f;)`hIJ{%y$Po$*U%e%sCPuGNnvMpFf~3GVcZV7W`fAeJ@&k6C#Lp
zwwlWiCAz~TlV7aHkSn&$KD?--yK=A8HH*i7pg=^)<?*`Q72k!b3j~re=qfvwavi}h
zqbJxFV<WQ&H;Hgn7K?f^XiU=s-+l8mwYhiU<~r*<MCOUhZG>UL<!_Dj9pGO(8-rxi
zvs39#xZvg-$N66pnz&-$B)yH)>x#cb&Ys2kgMvKZMB_`HR}8{!;6&zS@uAc0#F>Ns
zyx5$>&x{P%edP-?mVOOC-3CUkkULzBp7g(I{bKZ9x!$LxMAkmrE_8`J>QRh*U#Cjf
zk>cIcKz5^3ff4$b2cKsxy3h^*vbL^2I*Ps!zE9$1?|~PTkSpGm+S*Ep$QRaBqM<Q7
z63+?BXtVu|^jc4O+<N7A-z)~bNm}%DZDI%(8Wxsa(&LVE(D3+$ae5aW5pmz${qyKf
zc6RpEFQZ9=<oEA`m#{!S;s*345l`~8U~%sA-_A5KAj7!{IhczUo&$ZYcJQ=NZvGko
z_*wYQp2vr|4e>KCTNcD>p<eH{x11ano=n_1&>Zvd;15%6dU~q{CLP&vk&>*OyZXA~
z1CH}A$xXUB_di%hZ`tV~8k&&LDC$wD?SM(~Upf~bp_)G~9tD}tz`n@tZYSg;Oml)J
zywG;3zvWi02<+EiD^jr0`DxfzFZkI8Cz~$ou3Iph>Mbvq^F@eHR<+O^Yww?M<?OZ*
zzpJ!rJ=B!Bt=?BP8_Id(Lqp!X?S#0`BihpaaM`V`j0n&5#_}wfQ`LNYPoO|IPb)Iz
z*dXsie<d?l<~qq&OPIlHQigbgV@y`=b#l$PZ(mhKBB~m+XjG(ZI>Z?~MS_AT)VlXh
zA^}_p{z+Ndf;p8v>OyK^N^eWq*sWFZL6;r#YY$c6<KorGTNi4&{<OW?!7FwisrgEZ
z@8i51nb_Fk!ao+rZ1km{45(Z9`ufJ&$bi1bhdU1M%5q^Z@SW=ZCO^->-AInwT>vto
zA%;cB_A1A^IgFMufhT16oZo=5brcpTq7q-QG@mcjl`~){FLda2@McPDGA`_Ej(G1u
z$<=%d60lc#@5_eI0~Ev9)qB6jifg#Ur&&FU>(5^ZX=p$;FYXRP^50<Z(+N%b&I{W6
zZi<<8w}+RS8y#{p#gsK3Tqsw$N!iG_+>CRbCh?gVidT%f#<cN!CZFehxeHTt-Anm8
zbt$&<t8Raq4iWnjyWQ(^KhL8emV@|+yK+4-@izY6_X_V$X%}s(xM#kwT`V|c{h%vX
zMfzTr?ABTaNrQi1_1k4^4w2n0q{659HiK^rt3FBaA{|DqbW=(V_F@`evOj2V8=<_?
z-nNe=y0ppTI`;fDmh=9ce-_pCIyDGv9c(Mhr5=3%grfW*O-e3Ibw_W%MJ45V6N&M!
z*G-yn0Q}Pm^j<fcj%b^;%PnMPS1qe-FBi~Pta+h9_s1PC|H_9!+Hn{JZWg>md0q4=
zN#3KBmw6g#b3jh398SS>%V*1M0FRg|X2pO*(=!lI|Lg(cG2$F})RGPeodE1kE5hAj
z3;(VuUSJ25TAbe;CTmIsUJoxk^;9A<Fm~O~Qh(bRq<mH8M}ndvhNp8}Z!`EYQ7e;^
zLYB~0K#Gjk$KR!}z#e2HhfN#%Z11Oa%=bw(=E3{ScaDNWAerDFX}x@u*P@oit}}&c
zCKjbv1jeGWnexqeU63>lEFFJc_1&+HiDGM)msjA#<_l@I@0%Be?{&Wk^15ZI0-wm|
z+J#%$5nyX285(a#>6qn_{I;~>?|4YGKAWhn_oX$<$@2C%$h6Dy#J*aEy@61G1R-EN
z{AEe{UFV|1gRZ7xqjI{ZQZh13%5jVjz!R4Ethfo6l9F=IcbgT|KRF@E85yzQeUo`0
zv8GeNfF9rjLqj_3>7EujlO!$ZRxofq`Vb6yWoD<D(wI-5KGlKr`!jfNmF*$bC55Ba
zPc=Y+z<5Q#w1%AMB87sn@%6d6IRzZ_be=^;MWsOOwWtO5J{9ZZ*Qt)J3h)uG;c6T6
zsl!Q@z`AeQ?-cBXrnYNcX7r3+^)qXwp;gZh_+Vv}E01b|*5|PAcXm$#;u{`^{Qj&W
z%*S(M1x<}Tl0I}!Hc(4bO`a%w;3QXNwG9``-x(9;*3q{35-)ukl&Un3yTJWKp=->s
zJ9itSDs}rl8%DJBZZ7QGCvBW6Q^JE;T$%G~rhH(X=p`vlx@bn6Jm1zuDK7J**8%9E
zWSwrLsO{(S{LspL1k$v%oaVYb8q<(nW#xAES!doH+gJ=I$U(7z&k-$5;1$|VJPozX
zypb&a6g*$G1D0pBO0Zp~pVAeSK`|rS9)McP<DXPr>1WfS38o;E1rIOnNRc7IJFil*
z7?d9V(J;`bW8x8fxyFWn#Hwz8#58mYu$w}=aG<qGl?y{7fN&)>E9c4y-2b4|oxEYU
za5Ns_l&V~Fdo|&+8&w=cjObd=Nt<h~x*<zaaZg&A`pJx`Jrv})k@AT^>_y2)JtyLe
z)Pz1V=k6+r?tA7M@S0pzJniVQN_7oGaJG)-={?GU(qETVP|?Mi;3Jm{(%Jt0RO8e?
z(MNt=U=kJ|u*|IN7?$%*FXHP<ip%WVYm1jfcAJV`!&I=!7yJICb&SgjHrM1@W;}gV
zMJzp%_n=w=sv+1a)m`<*ka^8g`*9c-=|^8D1+ojZMG);j3BM&t(%M?Y1YfDbDU|NI
zk#J!yytJGwe8xgn=~3x_-MkqG#4VlYul;|Fy=7R`TiZ7b2uesvNtXiBsDMf%sZt`K
z)QE_blr+eUbhm=irKAj<!bnMpG$<X?odZn03*38O`+DBzxbNqipFIAoS#h4fI*mCx
z&>gYd${{kIzdOs*<Kz8L4%X%Yci9f^h!E!=w^gZJY(PF-NL17}kY}|GfFIH=?4-L?
z*evzRbcvb&5fWhR0$JxkEG5rLeHGB=h4;a@FhI#mb%De%>H9kiV4HdrDytXc)+j8h
zy+UZXEoF2v^3g|&bH96R2<?8u5o3e+7~A3Dbh~xB8c|eNCD$;?PaWd_c(j71jF@hn
zxyG#0;ak6g;h(eJ!{;^LVqjMmzFuSbL+ty{hw5{>SuNWqbmUG;M8nx^`CM{zv)Kjc
z#+#pW(hJbAp@z`$d$@9mh1pcO9~|{Rb%sO`6&G9Xw9YgXGIMec_~^((Tt>NUD|{MO
ze&kFuD=uOiICIilP?dJ1XIrvJqHMmitMf-;S1fP(Dk+uvbggr4N6)EbR1Avth#kZM
z<*`A)G6LugepXo1G~%XaIj8Gf1%AlkUenUi`I>5j32HAUz-TABob)h)Z{NO!`QzQA
z<cOBVq^}Yf1F}Lf%H~`Q5@FGu;J076hpIbodF(nG(fr|E8rjkD-a_22(n^$zW!6>^
z^MW|d@$3s}0$1y4Z|=!QZ`Yg2ZPBDB=`trn9x_bR+Oy1P%R%gw=V(`|wY(Wz)_4WY
zFqcWL57Txb_rYJdPveHo*1%aoz|Xby`Bq>sOjZY9J3^c`8uB(kJ(0(g@UuiKglq*K
zx?Ok=Yw0N=3rY0n;$Jm*p$b+1K)i=Qq|blD%TDS)JgBng!AwzIM{a@A{KfRpqQr;n
zONjcy1LK2)ckw3hQ}n28uizEXHxikYCdS2aH6P~#rZ*JrWy7nPLPd16to^hvLm?x^
zs;ep25Bl~}Mx2MifYxmcKw!^#asWB0KalZi4pC;@#H%BDBaH*R{p~a$M4IqiO0A2<
zwsj6?lcb34<W`&TbiHX#!MKvYg;&WXFRTqTBCEERS3AmlF{QTsaK5hY7MbpZWqU7&
z+3}RoE#}`~nf8}5X=AZ+-uuO`-W3#HMSnP%>s<AMrP(rS-G@xORk~ZBHL;4%$2*@z
zq<RuEN8c_!Ag3g0(qo<5J`4%6(t+<9Htt{Nn5IZsbJ0zQw<4-?rdelmYxBzxd&5xG
zayyUtYC&|V2)nXH7~kq>fiE3<#LIv^CKZoqJZPNgK;!lM&jv*N<2)_EV?8RtCLZs@
z*U{Cf`1JV!bfEu5IZ3ldn$N+i?8z~xIs<fbHA$XnMN%l8&U6N{fRJ;(d3k)_K>#Vs
z<(Q>3sH(Yk_BJ$3no;Z-p?=Y0P70FKIoE$=&&D3ue4RV^tmmmd<(wNPv6^md5Of*-
zJ>=&pPVQ*^t=}+u>vQ&l_m$M9R~@|4BN1?L#R;uMhu>9L(+97E{MeKa9nWT8?G5`U
zbC@(22$Jw)*-O|mb@XHk_siw33fIBL){cDKfooE^N~7?G7XN$I%!9NfM0f${9k~W%
zUm4$DD`uqj{rCrFJGAN>XKS?Dn~QV#@};885ElQ_@wJPI`9=3@6G%0l7@hN99wH7~
z5fVAmG_&b7JMa0{Rf(`E<7Ewj?<=-%YBIbdiH0?PzKBF>wU*zNRuww(Gq8IeSpkm#
z5Qv5Lb$G;IXPEe(*IL5H)Ig)-ZaOdyjC?j~vH1*z6;`_rcCP~qfO4Lk2{P9*{wiBN
z3`^85Vb`3ols4?_C6-XVPXI&AtTuA6X>&YX^x1lFG9P3TG&J8HTjjuhkCZhn`+S(+
z6(Xyr1~KcoTnSSTFDi~#sdT=<{=5#uf2Ae0nGRhzGMh5F!})X(v+}v)O5mYtl|!_+
zZf@4WOq10JB3(1@R?tqBr24n?;HFJ_^Mqa(vDW#&wE)foJrC-ZZ9Le|-yro*U1_^~
zaA3Bs=1#j6UKKQhZ6x1b+%6cM^hr90PT6{_{XlIa6amjc@HE4xF3abn7aus=$HTgt
ztCL>|G^2afiJN#OZ>j`8H~)fB`DNfn1|Tlwu9R1xuyIzTmNx8^rG37zZ(6Ifx7t7f
zi!#uCUyhkbxHZT}WQ{r`8*tJLK7^7uAJW@w80uz-?$Kt&6&SP}fMjjANyRrd>e_Ef
zOk}Ens$*wi63L;U)0daBEXCe)T=*%lo{!n+<wer*N(Do&JDRDEITW`gc`&ZF>|TbE
z?QaWrt=<lrW&T7s#V<q0+i`d6sasqxd@~wLv<1N{a*2Q1XBWvYzu%~sZ7;Ha@UY38
z|D`s3VsuqyrZD-3Li%DXU6O+Uewv(~D`z7W&aHHI`NQQv(*v$H_a#TPxw1r2FMn&@
z4dskATngE_E-L6i*f-Ro-zTmih+T4Y!c0Cyb5_YdpSv174O+&=l(@@Q-|3)Wjb5Qb
z{UyVTM7uvw;PYTU-3WCLe17_dPFcFBfmalw-}^Mi`Raty{*C#0$NgoU-!CjeuPVta
za7*<yB8h4or&uNv7kUbnGILBUeZqTgG}7E2L5+O2jLzNEzvX@50nYsPNJJguJ9xyq
z$ESUThCS0pb(V!v(Q>ito!5M}uEH-Gj`hXww!URoaakU`-~&tYIb>QDH1wov-r(E_
z$kJgN^A%Y9zTaKxGsRWHw^49QOd%(A{n(bM?qWSb%am7(gZ{vOTJM;C9{A6wSqMw>
zu0N5Y^cYjvg_DtXW?@q-$x2iSbaXNDh~^jUi`^wJo;uXcJXtnYyazIl=jGBn0tIIc
zR2lpEC`4)ljuDlDWH%%hv+}+Rze3gDq-Y;CPvVe}-hPLUEP;P#(+1ZW$}i#gId~RW
zrr>tm9j80%d1WlCmcFLjR2`pc4(?~f2P?51;onM1Gxa#<fGr@1DLY3_M^qYSzJT5J
z7*RS2uXp)Y+N{VT>rq0AUf(GSukU{^UOVzGWNm_^hj&USqy|Bz_OKPd=dRsgBE<YK
zUMn0{sFXfHHZ-aQ!(bTw@AMkd5GbAG$C&Sy2yD0fu6A@WD4=rJl+y7Dz!uDHh3*SP
zGR?X8pWJfUy|UXy8Kho~t&Sk!AAm1l<nKco+#3PoCblI~|4Qtcp&?Pg0e6cis_N6_
zA^y5KO9UOkmK2)KKACq8fqlUF?Pei#I6b0a#FCC=U|Lq<i(*RHp$-LtX<*BqW%p1D
zd5qE)W5bHk5Pfu`O;|dFdEMnUo)T73AvdvzD1nQRJssF0GhB=p2WY*IZgTGfJ@L4<
z)75JDQ+*gQEQD<5wJv_mQht2X?KNH2)|VH%UT(?Q51XPjamCx4la3h`N>rFQF4d^Y
zv1QRL^;e{u6J-kSG9F*c8GH{UCnA1l-X-h|vzhu%#gQO;M11%?CD1t~q_LdKxM!NG
z{POkuJ?G>4`@xwm-TFF^W)tPhbpvm+GWYF&w4wQ!t|D|VtjoM=wHqU0Rk`SCed$N~
za*f{zyT;#$_8G>|`bA6lR%mDU4Wa;@OwO7DbLqzVkE<JZ)4rg8)YNlhy~dP-wg+F+
z>TK&EdGtO(UF>-h*!h$)dlb;^2Vw2u;>LILa;JWnGnzplBh5L}3>DvbyK|;rOY9WH
zuHRMA|FIUZK%io<l{j2p_3BX#T!IK^Bb7b|7u^uWuKud-5_J)O)KwyI3dut~OCRwX
z$t*t<yAWI4VpJ8vVp|zVpmr&<i1ZR2PMO83EgEHem!l7rc8J>9df^-PWT1&5mX~`R
zAj7`9Xc=)~E9)Frmg=g@JH~GAmE5df2b_PU_w!ln%F&}@(>ibV;?7fk4!Ol~Kd+x}
z-}qAtF-(~yPk;2!SwndbjI&)IyLdE>UnKpTcq5v!dTzM;;r7g%F4Q{ZTY~62KM21_
zz^Gwb0f?SZ?#nTCM4qwz?<Xy_1EG5-;_$d}+;E-r>k=-b03^-MR$pIOy8USNn{oq3
zzl_IM<DrZKNe17}AgwWpfc3i&ea&QvVebnzQ(&U<C17-ITLN<wfcUgQk-9*pFH4yW
zy_b%AYdThCH{J(iI!=@6)IGP`-z%nIW)*g;il-qy<OtZd+$k!;8Zce!^uAn@@Z28i
z=>!s7ZS=yIl&0T3rJSlC+?qwF3C?eR?a>>V&fyoW=W#42oX5HZM;W?bjj`t4-1qpX
zXB0q3t4~|+(&KfA#9ka)s{KwO9xr_T<m4_--{qHgOarEL53`4gIRNaTSVM=H_{HLr
zN_un~B=|kqlTz1%@5ZmpYXqs`-d9EmB$$Vj5`pC8p6gUA2IJZ0IA0B+@i3e$=z!i;
z_-Ux#cf=tXv);3No`i3>p*>Kymk0Pt^w8(*APzNk*feznJmkauDXIYnVPZcm=07ba
zF`>=W>FkV&8mEx(@D|^57XVkET_zoiUF=Do2W5StX_8J(db9c<gP`JJ-NEwF2qNd;
zAb6(0=o{zO=vB7h7ty(L+DM=8Psfo{(krKYScrsJR_)&6oi&BoVSnVtb;Zhz)Ehq!
zbEPs?o~|zM!(&}muFiGmsd%AfkFHm@3G1bzeF7mFvb`3f6925t>q;@^>K+#=Oa7VB
za&=m0@=unLm@cNx=;s6%?l0&|-6Hki)6pC;$iEgo%6*&&5fybU=fD=*jkOv0HRkDP
z$}Jog_Pn^Tc_hJ_zjD>@D83yRIjeqo_~R-ata0^s;p>bIBW4UBEZ}(`RKePKzU2HI
zdU~uh-JX@}ZRI9*gDDT>ot>S{_i+HO2>W;|9-AuVJ_k&MEubyz&%Ar#3y{^F&ZCY&
z0UW5UN#4qe4-DP)lbrI%ZXUz|5i0SoFJGi5K#02skP*6)i^)is(_g0-B&4GS!>oV&
z-nm&OWIL#1oV%FMsQx3Owe6+zh4IE|0FeTA_BZvnyca#9jxDQiS_J18mR>`rdoI01
z>6&nE1Owhw`5QWrPx|#wg^Q-CSHkWy4f74j9n`9`<>uZjA(JfHDfIe7n%gacvo}@Y
z>DI4~-g8%7hZ;ZTv)@Py!9~4%)GyR<@%{TvJKFZGY@x5J<i3|vpO|+xU*$8YAgt0b
zlIB;;#IPI77IbaF5G5AxZ1EwcZv&5|_E@H{1J@_|dD(E1w@OB7FN`(5N+^8$OzZFc
z1+e8Y3E#7|)Mq~B+nz5STu~KCR2l*hkCDs97+s<MXGJg`MnDahqaNS)NrTymV;jt*
zf7+j=>;W7WCGK0Mz|D{adO!~#t?Vne1mlxiY1Fi|7;<1uend69T>?AlIP?WpDYsTI
zSHl;y-ONBp>c{gg^oXic3o=tvI8k{l^`M+*;o7<v>TdK<O{4Fc0ki%~4VrD&BIl9~
zZ->^v@8+$(19i5lv){w?#5XDG*fc)xLfWfhrxR!%pvpg0&=7Pizx@QrqR+S9I9is-
zv)o(3cotho3;7&OZL6$YTJ}_hIbSZXx-(_4svIzT%-QMjJFDw8*6!-pz1-h@?+$hu
zXz9b&!okRkwuWtT-G_ZS>gGx+`aIP?wNjKi*V%Q-9L3&#d0kDK@*ppI3q|oQtJo)&
zfl*H*DD3z)gyyJi+VjZ6wW?!<R|_{Ip>wod7xXH8P@TW;@IcRw2h+&)LfG>Ul3e@X
zkqPq?G+63U0jad2l=UxDYPiFV@f|P);@Qf;$L4G;kWnyos<kr*%BGIaPU>rTLv!=<
zVy>%?Kwmx!+IC3^AW?yy`ii8FX8is3AwCDgz%AVb3}0MOBv9sswge76YCq7Zw1XWk
z`)9ShJGLmEC!8bt5x+TQDtrxIxwRE;Tko=&%T2(aPnzJf<#j(mimzi_iwJ}E(M!Km
z?HuT$^@${aL9gA;EGg5^8kTfiqN`H<?}f#l6T6ov-#fmAK$V_2a`GjmtKo1e65sOn
z1ny2PEu2gDq@XGyK>3G$jai+j5Br{ZH@M_v3lW=CcVTvRma92#WTN!0x69TD9l3-9
za&;IoR2j{2VuNku9oJfYA5qApS8UN=toWsD`DR#G3u;{aV#|b+p2M|1Z}!?K1}oG_
z9ot_E%Y#`g3w|qch7{+k<G=sxh1l!1aC4IYdOqGSI{=NN%}EE|!q2>~a;m_+`D`dp
zXU>sBOpN-}FLpGXByOwp7B3bHeg$*n=A_=!%)96ANcRmq4+)~4a;bc(r(t{J&UZbs
zP1ny3U_Ulb8*NH=#;B&MJuq9m_A+gUb>so=;d}dLbUO9B97xE=iyyK)BSU2K$h^hh
zALf4deM=o&nlqX%gBp5oPnYLK^VfNYEdWR;S)vD5$sAmMpPHJ9iyzs`I!=o*(!Y*m
zto`clIi=!+#uloG2OlmiEzK9g5lxMl3jqdlTwIDdkf4Bo5NywNE%T0`&mn@JP31W%
z4r+<n#V@t_pq}=9yLc^-r=lo0bV*-D=%w^SKiKz9C7s$_InFUZI;3PG(|wUl`SDSM
z20+t>y|4ZKSIJ9rR`OO@>o&M&EV@E#uL$vdhk=0rr^<FGV6i3@!G%zBJ1%}_+-Xt>
zkmcmWCu0z9oofp(b(&ZCo+@P^c&e<XuSH!M1fyf9uVw`8>EdVrKYJ5TXybd>yT|Su
z<l+?6%M1_rX_d`>h%fBMH><FyST)rNBgw0Lw5qnNkal?Y>QbWz&Ggr&Yx2X6<C4UO
zBad{UH$O6a*s}bZBj@ZzP*!1TH<NU3m6t8vjFy+f0a*xfRL^_su--6vpS14vTQ^p?
zvf*;i2||5M@Gn8eLMNU{WrggkJ}z}pBy+L9Y+8D=Yb96YgPW;^Wc3`_AkF(C2&G3Z
z6&z>^E!bnC6%he}7K?GWOx-%}^skp_{7ZZ>RI;mv0aey|Vv8q5T#T-Lw+0Ls#u^(K
zKh`*_oDb`k!EkbtO2~~pv=M9wAh4buTmGJdkjVRx8_k(BE!|D2sd3hUd1X`Od740k
zLrZ9$oci{5fYy0_ArV4PhvC&qivW@}vMd+~N0<YaasbQ4^GzYa<chEqoS6Bykm<q8
zk18A%zkhfy2WwO#17o-d0Q1+H={K?{)SCXyo&49t?yzKu0BPN%TlmOI;XZGc*1O^1
zEWNbzl=}(+#o<N%{zUVQyf<nDmJKF8-iV^3pWANo9~Pv;CsKFI$jssplV#h0_%K#5
z*bef!C)?<Ibk7>JOO!RL*o|0zl5MJzv*40jCe^zqr(?8O{ODz}46_f9=8!mP;J3tl
zUxin`cS49yD<`(UtAm)!R4bG|->9!Knv>Jzzz)s{^-K4!Mt?LrTxZ|jLm$ui+`oz`
z$W6DWsv6(8?6^#PURi|<E=vu)|1!e9j-~fnOV8jyo2w7eM+-i_a`Rr@2PdicF9zV_
zZa1ED@L+<z7TZ1i72H^qQY7)BXiBU0@W(7_b=VtpPuFok=>F!^LL7sfm@s~QvXXmh
zerXGC2eN-LFs7vxZChNc!h%P&(%aS5eCnhJc)A99(~nG;>K*o)g}iONXJ+=7MHM(A
ztjBrrS?}sF-!+#MLrU19^}f$G^fP}5R>@Byni;b3!^PeI!s^1q#K2S{|C%^{!?It<
zhPowC+cR{w2&;n9Ug;KWY_aDE{Y{KcpNuFbhwoN<F^7J>{R1utpo$(ua1L6fZ>6K7
z4B+{Dk9&A00uSL0S8hmm*C=pYMlO|&us-eX{M?^L-aZw!{z9X4HrXNOiD|NOFCT4^
z^hUOpy!F#5Lk`Mk2hix5Rm@b8(cacUm8wQLQPQcC=)w2n9aW`w!H2<t!Q3~8!eVyU
z@K+i(2GSZt(Fw_wzRQ`CvDoBKsY;>SKsI{3;dx?=_`YD>CqGs#L1sPxVIKNE*#1}5
z{^q}mg<*cxD_8);TMZY`Wo2g<UUc7{QHYfq$<tY&yLm<acRFboEdxWiA$|pqOj5`2
zdjI$a*$ed++UMf;nqsrtV-nx#+0_9gD${)`ltN3UIDdvQ(9nTNa>`as?poh!s47wC
z9Q|wJ_tw*e%l%k)p^@sj1DM&ow{G9pO%C++$Zr|`{x!m>3K#IRbRgl%>uZAo`k`+L
z?m>1wGMapzWH9kJ8F_#j)HR_I-?-9{M`i7e)bmft(izLW+1!W2UI02nc%`~k?<ZMg
z*3c~N!Y-s{)<Gj3zmcy1xm265Q?Y+w(Q~~FR1h7WsVyk;7DZ}ywxBk5$-BI{+gNF-
z7+%JyX}+Qt&tZV*!X5Xb=29aRQ7z5QR5n)!*tw=UY3o7J<0N%*upwa1m2PqPV$5+g
zBI4Bm<ox{*zsTr{ZBG^<*0bB9^FO!6dh(d`q7yt+5DIYUwReA^4?IgOn)m3ML%-yt
z-HNK*V|Zl5PmMW)@G{O1>3rOCgKO>{^Na0zZ9<`OH4@sNbWEM$?3NeS7apqcCgdj*
zchH{fA-g;gC}uO~=&ckl<=87b3>2-SxYw*#mG$=gQwKFuvUQRsZZd%@pmS+yp_H*a
z=468GVQ@*n(+si)tN)Z#K4&G>up*RVz@ZIUEv}59e`l~{$A>3D-;wEU$JLh+^c{~s
zLE3ZI=x2rJjgD^i7nNaN59s-St6qzmteczi-c)$`vS=be_MQ$WLUr+Z*3aUQZ7Bcm
zYINfZ*{CcH>C?K&=>Ph>Ydi+<mBWoLo%eE{L61Z%)YVC3SscZ#N3$qIWM$-&^}AP}
zU%k&cu<vI$yWv88h4K<zepZ%t+4J-u4u?zBP_6kSYTc1*HPoVUM>l3EHyg5p4{7P*
z>RszSJ{9!y*~+B{rKfpPObuub9S;-JdR66Kte=?2$Lo1l`jmPZ@28Ol-BKmd^&&{B
z!5?PFu6osu(qU{LwT-8rODBJ@uT}erQ^hU+%A|Lg?}E7Hw?_~9Z<8*sT_u76!tebJ
zci{vPoUX@7XSWuF!Ni3#h>|_(aAV9<w{`>pNihr=rMJ}cI2r#KV76!%X)9xDcjx?A
zW8-Q^&a^@6_p1)4aw@1@vixBthd{1I@@hk5lEIcMq1TrbA5`gFnSj|roYAT}-0R$l
z-Z33D6w;DBj8CwkL3(pUI{h|vOs(ughn^4HYmruyOb#3KTHLlt^CxN$W@QUy2?xWE
z%rfx}lL>S7Y}tqTe+0vDZv~NKd2`W|<d*l9;unDA<w`*C>`D{)cHh@7+s&v%g1zzu
zeFkRIiO0W&&3Si^bW@Wiy$?f%y4>u>vz(WHghWRtCg&wQ92{Mo9UQ(*H;lSa8QKgh
z*2rJ5s$8Q7g<JtZ1|ZZo62E|#(wK@c{ZA#=KrL!x+AwO?>M=*!U|WndeAJa*CpL@Z
zt&^^jB<w(4YfiQGJX)}Oy)>=cFI(_r*3j~6qS)iAP41`9X-P9}X#t_}2ZD_lJMjHB
z^9wS#(`&&P@@W+_t3NR$j=yD^YHV?w{-P_}$=ruSLdjG%CJtwu5~*Cj3n=vvF6g{h
z`)q0W70qidkFK9?NZ0@ChCHh`i>8`*EU)ZXHnYF1|7gE@|A05IgfUPam8~Nbxi<wf
z(A^P-Ew`B`G2my1AYuci*>lo?s%U)P3o+_BxL6qZq{ePhM=2mKcRFk{GJAXP$oZ)d
zJWmU=^c+7ofAyo1Ez5c14;-AApHe5Yz8B@D@xF0i`$_>aadudMd1mYfHlKaQ+S9iR
z4i~+#f}|63?qpUxx%~w)&J%OS%-C@MX*DdfSps2k?Q-s@s5gS?ua4SemL;PpI$leY
zaC7+M>CH?d7p1a<1KA=wpy8qJnVlMvW$r)?-CHJ>5?*rt*@{cDQuRtYW1Yd@q@34y
zH=hZC%+{xQ<z-A0)amxUXC9a5nm-?Hj_}lEJW(Rb87K7>Ki(yFk3R49s6kD=u{`}s
zHJd;ix3gwwACwDo)lI6gp;G5vGAa6|>pL@mfIvoD|Jmw54JwfsT42i^4txabUKT(!
z9-oSQnLwr#b)(_28x&`vBu@GA-B|gr;xBH~R2;i-`s^Z&pK^5dIY!ryw7VrIp48nT
zpbf3W_y%LVIPM3RymcFRJvSMYEdLJx7y~%P)-M=2={I`TM0pHmbUC<RP3rIa-~%RF
zqlZ53W0C=#<65S$@(RYay`6r3RauzX2i6VUqNBr+uk<_If~PpB#9uh5#ejosvd6I6
z>FHc@ZGPnoIMnmz-y(MSi;-VUd5h)=_TxUBtcTZmO6k=+g6A@t3a-_VczWL9lD~kL
zYfyAanV+?dzgq7%ZZPfBob^y%i3J89b1ML%y6%~Gk8oK&!QL#thx3uftpR*G6O3iT
z-Ny}by|t%ePOgRx&g`CeGR<eZyANUqwQ_J_Ri#JIU0V1}^53)59mLx)wBg$c_!B*^
zKi1g9Ev7aV+*Jk_c)9t5-pA6n`AUw_4^A*IOxbE!@IkAJXh9{iCq<>ZYXuR^Bpqs*
zKixB0ecNQgep2?z%inzHix<4*<vjJT+cytrdOUx;<-Vts-jMd9Ty(7km_V8W@L2D#
zCY_XqC|<ksI%lLH-ZH(I^yNXT`6o`)>a#zhaT~jrk*twlXA(_nFN+Cj(C&qkxzp~W
zUb~oIyd_!oOuX^YjwJIe1Xe?+)ho3@yipySi@1oZm0<KACzQR=M2tEqyZUSJZ~PfW
z6C_9B;|p;^=vsu$+OfB_2{|B_D)3p2&aTSpU7*!R-uZrqjqbKo`7^o!20=nr!VZrl
zz5pOY-G9dDZfaRB9C`5U)H1=rN1b8mbb?l%`yi+r9+>q|>B>DEcCPm22=kRc-ySiR
zqw+My;AQ)^wKY(~YJ-mtFPS?`Bk`CWIMI9hIPM$^e?B8)IW=^^t!vj9T_VnYl`9=_
zF_kHBzGW?*nuhJj_WbG2@&2HW5V888Riz0yT?(jgx;tWnet~*}t?))G<n+sV>xIDY
zEBMg&UHQWAH;wCUSNSx1sp3_0u5e%BGDb_4Sr2<>ohxMR{RY-O;_I(q`F`r)CB!Wm
zn!~wg0ZK|7Tvyf6-<jA&8vQbX1@6qdV&dT4VY7EeNzJNXSfQ-Wdh+_#r-%m%(VyOl
zolLz#^{5?Hvx>Ck1X{+#THXycQ82S++(d}tyCcOG!|=1$1?nl^?{{-qXx;`}MXnho
zLjxt_Ai((6DWd;~HH>uKq=9bB^GVbn^UA3Sg&_LPRQi(Px4{7ehu;wcZF!#VpBT)C
zB!iu{-)aOP+k*n18TS%OFU@UCYva8X%!{gGB$2beZQ)6=_)>_<6iT|~kaF3t8h%eD
z`HFeLMJ5Z#F9eW@m8pHu{XsPVM}ESlN~7~BC}CII-0?O~aMT;@Eg2k?2Z?8lgl$(8
zuK=%<NcTTZr3m>M>ORz-akq!z$!g@8Pf27J**xd+rAjb+ZnY6efU&L?mx8JalTeM)
z3_o>^Lu;Op;2@~*oy7sc-?X=jm$M0=?)#xYc|~(DB|I?CXboY!`eDC2<GJaF3|`Fd
z+4RH{H=<etby*(+=Hug3n5=Y1DB=%x>HX>e`XuM^KkGvbCEPzN-^UIErVh82lkIrJ
z#oQLD*LzAhC8TLf&Gau?vkHB|XwVeV-F?URRpi%KYv!l=%`oZQ2fugWvX8D1!%BOi
z63B}@Tp#;X+;_`SVd{^lfPeS;^FfT@molBjAlS8K(8U!~D4c2qjK%*4`Hwm18FJE4
zoqNWhvPJ*>i``1579Cuw{QxBKT9+f6yahC8cOaVj#?uTI<V^vxp&q~I3Z|U6u#fr?
zfllaJ6&jzi>kNQj%O0{<RsX=ne<*i{kJ{Xu$;h_F3gtCE`rxF2^Z6#ws+=6W$%)&p
zXBWyh%{x+F{BS*bFjO1IaRqz!Au{W;(n0^@rzp6^vLe6B1f{$GCeZ@$F|Uf@PHTqO
z<w>CtzQ?bVkV|%f@9VBJcwV)j5P^O0YqI0oX|_0^W}rR_!!+$<zvoQnetvOhHscCL
z>1b&qiv@~g!+cZET>jamqvNuKy~NTh=t{B;Uw79Fp4mI<mfg2lc<z1`@Hfg~3x64^
zF8j`?%KudWYAxGEk6D$!gvoBEd$aJqS`Q&1QwG8mq18Z8KdjA`9r_~1rxL}{jk(0>
zMO`hWDG%R{(W&k<22i1=`%ad}r3Vr-(OkCYQ6m+iJQ%2$_t*1)P_rf3G9W=XM>XC!
za7cNs+^(-T9~yF$-cjLsiwjT1g;+THuboug`Twx9;Q~;ck@NXpp?j*tiUI9%15AEE
z&@nRwCAmByanGT~l`)zW=~F2|>3uzPdz@$`Sh-0~_}*8I$vKw~ch@*h#c!^nE2B1M
z<|yz3+Scd8rnT6x)zWcDl}>#Ze&lw2bDc9xEXv~N1U*{KhkEmGEkO2N|H97sY5rTU
z&=x!3{hsvuLk)Jn`rA~8$4%w&AA1+K<*BV|jRLX6kP9Yfr_lrK4jY@vX_d|rMdCx_
z=y}1}6P>tmt$B29*Ky|2wR?0#A6=BwO`0|sT4yuKA`3^h!U{jEul-njaB={RBXs+c
z!HMCYg&PJV2HK}@-7ZQBo@U*VOH;Uw-5ew+=8A?<QNhkAmi2`BRdAb>vYh!C!Pilt
z|91OrkN~TMa`KHp3lAr!JB<@D;a0YJ99Zg1`U<s+?RGNrN>PZmV}2o__~9~m7M`4)
z(AV`IqFYJk{+}mWw9GK0u8~dt=PpsRTfbyO><xT>4gvDk2^XHt7sM+_@h`An*j_OQ
z-i7UYhse&B>9N?Bt<M`j4I<_lC8D1hxZgyypFIUj<ToHNhoLWxtDU?5S-crW{2M-L
z$?6Q*hY`O-)qqy|<449LH*<<-%|#hD;2SwZh)J5>v+dMm8eL4fs&Bf)pf(X@kx0^v
zYe^tbIJ8?}!(OWQE9?#bcJ3TaKgXEP{<vVz%R|?;Kp8Lx@LJ_y3)R3@c){;kob{5?
zJCo&~F;SacM)Pk)U0!w0A|;@7b6eNhSnr$Kz525we=wUiVyE&veTL%~82|VWPfv|H
ztYjVkMk9o^yL5I#PRnepjz!_5bB$fIRqiHXL$dN*!H@pSBVr}9*!#NSC5{H160AZh
zA55q@F;%<GK9VlsZAVi(YN6r`v$-->DyTa+JJA)&1l~Yz84ZmSAO~w7*UtD#aKAF+
z_3W$z_tLDp2{x+X$8GFzJECsT{PM&qg|4B&pBGgPQh;o4`;g5Swm$Zs8~7<<0ar|N
zGFe+^e-;=yFa;-9Xqa9DVCb*<l1J37xE4K2B`3MAE#3ikwr2_f;)Fns7t)3GF&f!S
zHPP>_48B+L(t$H!Q<(NjdSe$Y(NzmlMMc_)5dn&M)D?~a8^<Z%V4@GhjRkc;?Bkww
zd*LF`pw42#-Ea*1dODu)XYIEi?p9JkUHQ1M?KkYAXkm#vD+mKuFBX4|_wyns?HF)+
zlFH`$?-TrE3VlO;`ff<KCi+A>1}6b`q*2qEJCYt@y;i>6R`+tfvxEc=dwhF`l9EJ0
z@e#4Gv?M8}H&SVuJ~kw>FW6%#k?*m0-euc?dnK##)VpCDe#?UlvCx8n={udIyW5cI
ztNL!&f;#@oq=l@?hmGyfCv4!FslUO4rt4pCjd7CdC*I_=%_DLW+a!DSdvV-M!1)F8
zP0y#N&Nfbwd&U~Ah{{@N?9{fiZ0z7(fT^45q#G|~>uJsM$2aVH9$#pS8ob2h8E1}R
zk)zM|1X}kGp1iLYf*3ET9%IZn>7DT8r$5t^-N^~aHYg`fnZClp$`q9C8|?0`wU^da
zZSL-Mt%_Bo=@a+WpQ$>eQXGoM8%l=)#0Zld`iVYqipky`hqt~Wmp$XePYp_IW)}0`
zL|IpG*6rhutG1lAlusJ4udQ&GtF45eyxYpRLX4(ECU?YissFkl4&y&hiAb^itAzOa
z%OCI5e`$NRQ|4<W0|#N{V$9{$3ub$zm#9}oLJ(~PullHWs)Mw-@M118gwY=qS*2YL
z3fjrEqGAR5#Nfo>nZz;L-?YD+>g4h1D5O*Lf?6zJc6=A{H}T~-o|B>lr=&$|%IA)D
zO_}*cl{5zb5^bL>QgmP<BE{8f?bLg$bWSP_G|##oi0$ny)PzoMG*&j11yhDYxV%C2
zrM3y|*@&kxJ$2Nu-17hh8Ytm?Ctpc3|9#J$+O``xzi!=J6xm<2>CgTpfi4lcfLQ<D
zUcCSC!Va$k;)oRAX-7Mph;ucO@5NFE-gAf1PYH<`hLC*+g(Hyp8njofMbiFpBU|)~
z`9-ESMrY?Y4pQ|G$JV`5)M0i)woy=^)^fkk+l(8Z>J{KOC}5r*-AYr##l1Vux*Q3g
zzug@^2jw9?NIY#<KbQ-Y(f{Xu`$}A+`exeNFM7W)A%_%)*!<DXjv^~L(Jt+%tTyaY
zhlMCp!A`i+*a_|sI#R*<`3JlOM79bzP_#cNIRt5!C#5f)`w`hXGtzH$*|M<<eH}LX
zVtO7N!6GYDM%@@Jd$p7_+UsU?8kWw}>teJmUppeQ^!A@x<jK?Lg~;xx_J6%qj)xpy
zf&cp#5cb}&8yhM{P6w0ixEoSSun2rx%x>!tsv^r`XHrDED0pC4r@L<>Y8tw!2?V9l
zw8TYxY9XX;$B`}l8!5#5FPTEw6k@>STCp>)m?T*e3JF#TxaHET5P{Q#vm((;qeqiB
zR(joklUcE(pTxJrLVW*j3X~7nwA@S+%>Q<HpA{tC-T~kW`167SWAds8?<>2XA58tu
z<=%I?G9E;8TO#FJ1$SXz)WGiCIJG|6rEEnVxjTfB^F>xkR?6L8W*MT`pwgz5eq=!I
zuZ=ay0XW}1XS|lwM&j(3c-9LLReY8U+wa<*{aS;QKWT3VMM`0E68Oso;Fk3-Gf*j5
z2yUQ#5WafvHdf`YGb4!givB;U?rrXj1sO%4REj-wl?*e>vGvLT-!gnN2cq+K1dr$3
zWp!ny4$1p^jKe%xGDBRHQIDbt@F0otxP>pVuNA+F4#>HWKUbwd*kj$>O?Q+|7;x`$
z<I@q>O=orwk!FvBQ9cC5lxBZ)(3-$sOMmTO3x#h$c<O$X$wYdmO4!v@Po0{`E4eUX
zSy#?k5zS<@J-eOn_ld7d4G;1*fwS=~{|&X9UB@Lsc$u7Yf-@Jw+g>#&NzyxUJSAR%
zt<JA$zfD<XU^aHkY#C%{AEPkiEbS=WP{@x9hv0@r2jTo$Q&`&{-V-9WJ2&%AD}UjP
zuD$2~-rYwbc!)tl2TnP54WE&)WS{8!@la(Q`*Why^2~VTse)cqUztu2JyFczc6cA1
zIy~M8P>^+z$p!=y%x3<yE`59_wNeVq$-0oTkE_wZ#Xt>rZ<DY(DhH$bZk1k(%N{dO
z;LH}KTcZ$a8ktATS{({cQ^mzl+}t@kYwCir%72%%r%$!$MSN(k*?_~(MY6tDa7;|q
z5m|h9@ugoHh#FIQNom{UqUc!lF0T};aII16tA6|zcbx-~vx|Jx68oE_lBI#+SvYAq
z2mb@K*(1b^n7j&EmNmh>6J<3V8}c^Vsg!ehK$uiOQoBj!SYPgh<>Hzn`$<Ix2lbX+
z_s+*7FU$=-!JY%*^(#7ZVzfHcoVUEnhU^gc$EFxX|0;Irfl)>zoc3Qg@EZXz=mRpI
z)`w~UYN81v2g2|6km%E$bPI25j4nb%kZ8Gk*nf*uUyYc`;_3jL{9AyUQ^<B~+q29L
z0{b*-;>#<%l(+#VV%XMR_R~tk606$Rmt{SX>~-5@N`d|Q@ea9UQFHUdl*hjh90s{q
zJ{tv?8`(IKx5|lT{&h?I-v8eZqjZ}0>6cZ5FQW~EV=Fp>@Sg<!o^;>si$9mfzrV8I
zK)^Bk(_M+M4--i~FZgy1C-Vk@U-WT{K0GiC>r|-3!I1;o97&QvH`J?;HEY@Rvk%K`
zuWmX?q;Q}aH1<Ah7n;Z9f?C-qO6YS4`%Z<J6}C!<n{Xw!N~n@pRqK%#I`x2g;84?e
zybbZ!_4Z4SxS>5hHSwRW20$N2)P1{bnIGX(9gH8tK^qpy9&J#qhD&+IT&&T1PDw^q
zOXqksDfMx@F%<%p0<$FUZop*i%6+5=FmycsH63rN;<2EBM+*rdTJvPd-iHjaas1tB
z!LM5-BL+KV!pa7%6gu&j#uVQ~te!7mpCr^W+4VPShCI_P*$E+UFYj*s^)UO0DrNfS
zMX}l8a+!{K+_!->oySS@`f|DD)D^&4N-+mnS3(!AO6F{^La&0Kzy}}=2%`U&jWKPL
z2F_No$h8(^yECme5me#eQG4SBn}r|og>-5KG<|~oes?WdV$a8#$>$9Fwesmm&1lro
z_dP3pZj;K}fkM68j}L~e*n`cyqjXfS=XIpV!hqeB8HFk$t}PEdR})``O&La{SJ7tv
zTy$wS_l#|)HsNyeL3Y^qK&MexUpPP~3mHTAtF2eI_Y3XTiVN6aOVcI;Q6V@Q)ArAi
zXY^XJ#2rWWzf(WXfRjLQLpX9G<Tu2#7sXI)?y4u#9pBsIb01KtO$+wx+~*j~mtgV4
ztf}Jf#AZm%r&T`|ERVQeOtN^ue73hIf6v0Fnv3Wajyeao#=gWtyQX1#Hcr3pzB^p$
zA`qO`bruUDGYpvZRS+9KX)N8p!_rw$TY!)n&^pJc@CVW1`59b9@b7|wje5qNX)gu~
z0@p9o@I3em^g-LeUaJ4IsHB9dzrP=d)b46hDEE&P_k6f<0SNnK4Xf>iWaJeT@Si<<
zR$|%9R$+aYp^XS~<LnO_Wxe%zf5<RGOZ*)ZEdX!Ao;p=3y#fDxbX`93k^wh)N_IC*
zmY`J<hYG6?Jq-*IgRM1UVS~CqVV%_{6JBN`-`yYmbd`4cjju+*;&+h=od}0f`g`Q=
z2gk!Q*!xH<L%ZN6CEt*OI%Mf4;ZkSSx?poD%}4uDskhSDrM0!cu0#9_Z@`1k)%LFk
ze<tj-!mHxlhr$a#OR)RwQ}bx1gy?@ZGy}pYx)wBgueWBkps*E}-)LxOG+J!3GvV9|
z(iH7u*qZID=Rsh%BHXm0wdt;?METEA8n;a~+=?Bqb}vudabb1XiBIvBNpfrV&q!V;
zbI9<JldBiy@wrYh`FIb`q3&m;MU>yjvve#c)p11{aI@nn_+-IVY4qfz_mRbDzm(0L
zxa@q*=N8`E^)G+ZcFGtp8+Kfiy!xnfN6zB~Yt{HxqF&SIiIG%OMU3lT@XD{iHJP;a
zFM{p=DZQJb-y|T3fmllA$7%C0N+-vK0pcz;xAmXCJ;{<}aOp~rCV38c)|yv`3;(Di
zfXpK*AJ_qMa+GdGn|g1ED=90_g4k+BprF|SPONYzm1wp|7>L{C@|qbofG7`s(m0(7
zLv{%V5<$&2Cu-F+HNOpN$wdN5m{G(ekc&)sZ#8(VeXbUDUVO0QP#|{zLb_%ETYt-O
z1`i6NltDN;4ftPZFuf_a{ZFlgk4v8s3D^F<G*oCn>3^QQ8N}l6Pw~h`ThgPv9)2NR
zF`%`0QA#ek-t$OX+jK%Y<I41K<$B=$Alyi@B*S#*iFZSKaSm+3_t(*j$vt}k$)G29
z`|4F`=gjZ=V7VPPMZYKv_hIeYU%vnH7@H)=w3bGe-4EBZfI{_Wb&B|EG~-Q&JiC7=
zvdGvw*JH<pJy?AVO$$9Kn9j&K-om$2^PNBb3+6x*TX{zJ{R4ka#-7bXV7=o)mAMa8
zaReZ@3giQFHDlOeXeWh}YveN^ub!qAaX(SmZ~xTp=dtk4K-6(YUf~M@<m!T<7;_*)
ztqElD^?`sUW6y<mAXSxRvwllfp>OoFQ82I`a?8oF0|KHcOF8^B_B0?cF!T{YQuF|M
z-qz-1{SNqLW`X?V+v#+P)8tp6k7R)4@OBDA8d*Tlr8LOky1K|KvqIIp`~s}%RZu0p
zPB4g&+P(MYI?=6^k8c^wkhCy3#mc_-4!0zZK^V&G$%<oVFjH6xdba+9KHMU>|2*Y3
zx-JfDxo8rQ!iB7)X67;K&%Xb5aiKO2d$m4nXMw4<59+#WTd(r$d3Av@1}Y;%`!Nj3
z<tHx0!P^@}2a}?UalBN_K1e76sa4uLiM)aVFFwQG4#(eR)Ym7WXI+?Ed5q%jempWQ
zWKUO1CJ?0F2|g~t1KF%^j*dajIKLVU_$!@&o02RJ7?MasLfB<rKaRn63)erOa<aK{
zzcsa^nrTYQhvw2H!cN{NHZG1-%*^4GvPbeU(6I9v{)FPWkgFJ%H}b#J#!lxMfGH)j
zr+Oz>f*0T4`;rOQ-~lTvF(swtfJm)SU@my+@72Ap-N_>;NMg4q(zKe_V#^&}yC=6q
zGR9-nCrU5!L@+@;ZcRclB5tNrLldGeiE~5Va419k0Pd)Oj=sd67lpf%qv@<+Y0){F
zRbAsuLq^P9+@eVmq%Fs(71S_;0mRM9%Yz0em6K4A!{Kgks1DOKWgICIdGq;!Q#~Nq
zU=0@SK;~BLxpjqyCv5wQLysUk#nk@q=^KAH-e3{6X$a7o-0UkWTd6s5P_AL6uhsUG
z{EB<YH?94`MH(-IzmqOUPFB{`V*n09Tr&p-KHe9As^+8<%Tl}97#KSR=3S6y^8}A$
zA{LBJpozsJXSzxCidMY@$imPd5!G*B*G3-D--WT*ii(>~9P%5dX6{qr9TO1V4d!Zv
zmq2Z3=U{t1lI6LOXM=e;u;Wq|<M&CkERd~bJ6|GF+FYZt1sptThL}-1`M$NBI4oms
zR9uOk_@DqMEA~*KnkPXI>^9#YIb+N#hYQGx=CWOpFwR_9;j|29d~z!l=C%T)Yg9~3
zq=mzV3*L56w=3Qk)+e#W91WYK*U|>BTwHQ5g1V-)n$mEATcO>FdFp7mdK-%pj#5ZZ
zFr(9@|Fv6k6LskcT|sATFm8*Sh)?LFZd8{5f9fdAXlt~udZELxcXmSO&>t8e7(RMX
z{rd?=2Y@I1ee^yYjB^39WA0OF;wyA#ecHQsdJ5|oDA^)(vQ<d9v^GGFXe)S9LjuVd
zNVQH=X8nN$T@U?(bp`Czn!JuJW63wKaMx7R2hNA=Z%x$d<}lWHom|UJ=OW9?&%uG4
zm!Xm%rQLSAQ6|k}j)Vtu30BR&GF>WQvhqGbuQDpFes$wVnpfzKzy+5Dw4pIpI1sa{
zjNg!C81+~%!3j^;g=^4Iy;5?(gvQf-L%<+klXQrb)1(DuJ#;&n*Sxd1*JgrPgSj4g
z#6bV6)IwFq(=cRw$YWv<>3uU4ZrHKazvb-6KYe#WjX|2Li2gyX7@JG@o3X<eMQ!^U
z?jyGxx)*0NXo*I7q|s}n+V^e?u}Pr&4&9$UH^A^8bwjs-XVsqZe<<aOtH$!uz`lOV
zprw@3ano}Y22xT<2edBW(>~Oi-QV{P!>a-Lpxa>6jjEl54(aB}O;R~-RE~08yGG)G
zz(~Auc2<s(Wfj)G`34R$8ti_RedHTcy@2n6r_grcb}q!8H!labAC#TvetmRy#bxdN
zsDI9AmUeo?9i<c0&1!AmihDeK)!3(r1F8E4RJfsDo1&FIP(ui3Vsm@nnjHlBy)vjp
zt+Ae@d9!xdZcZd@2sbellIFa0x*N?Gv3yBK*$sP0x!rwuO?-8{%9U^|&8QNhY0o(F
zl26Gxe{v-z+vZAVAH~Tf=tJYfOc4QIq7=%#uKyE)$XIAl0v$B9#91ywTeRABADzgc
zloXa&_tTg=QZ5ZnG`DILt(=_GTtLUlbeTo?Wxw6!6+=1xBZK(d^jF*YN9=mPbKl}~
zttcJkN3zSA4v}Z<<8xtLjPN|y^t5mwm_q5EZ(%NMW2|!S6COXQnk1oiAdXGOi$g?&
z5=`n5{07c5Qewwb8k9BhbNnm4Pf|a%enin*Y`8rTvOFi7Z8Vkngp2PBF0bvGwc)s!
zUqw1dFW|r?^O%cK!)%HTcnWS~HJbZ|LyywA1`x8-+0x{6bo9{%a6`Ymk{bRPSa}sy
zxEt-LRZ#d?kojv|fxA0>!s1-5=Uvbb=>8gwY}^RhuP!*HaSY%h^7%cTE$}GqsdQ=d
zsOw;F3!LIF%(VW0g&_Rchc9Fo?&Uo-1tEz6^Y=hPpA0LHcAePd#S({U*_$>)d0f?y
z7Z=^HJ1>53dV_zi^{0zfUzMGaQxCgx=H*Gy*uC2q8F#tpf0$m(=4($FiX66LeJHs6
z-VY%}AHGA6)bq64g>qx~cOY>mA9C~DclKUrvH{Dv?a0z7pB8GRN*10CPhQ*Vn3r?7
zuT!awJ5nPHau02#OD*tPRaf2J#eK00)9oQa>YQvC>cv54XCaU`my(@7hZSIiKgK}i
zfIINXA9Onqz#D=O|6Sk}6N6MfJ8#7^$coT%3lv%gv}`$VhY{G5`@mu=`qafmFE@j_
z@J79l-T=<cCTMs0lev=LYmuQ``V(io^=llE!0ACT#SIut*_&*RTLaQC&5r5?2Z$Ey
zD~*+s`^-_W8svu6yp1*K4R6lBAyH&%z@g|i(U~vDD}v)re4skmN?|XSIR|Zb?ov`{
zQrXG81y?^Xe!c2(#g<_TW5+@oR&JXTy=XVh^Uwo4W^lt~N+U)K&YDqYt6(WdlWJa!
znMgY%q>XFwaOC;Im&g``<v-XL2uD;SJW5r;VtUo2KKN{|ufIeCVQq#ZY<E|eQ}Ldp
z=v~ld7^ve+RLggE*ij8M)RPJaI}sUK9x%^U*FCSVUlS6{@w~uu41zQ*H}Nr=Cwg-t
zVW|8bjic9t&dq%l>bLaag+NksF%wURddK5=$Ia;0Y36nQSrNg`e6dvd)U65n*^E1c
zE_|8#EAG{7U9(74HN>9RAKzuk+<(2dPp^RYwk2n}1H%wf+tb*tH!w}}wJtE9RP&*!
zoF}IM%dR*ilYw<JguFw<6;ktgV7|~a5F{Cr?iQPpET7<Z1qeFj)y3$aFV-V=;mR^(
z!uD5R-TwwYf5lfcuXB-@c!i-AHve33>L6eDit0f~q^N-QJ$HH!@@@CWjn)km9{X`C
z!@H;kGeKh9fD<2IXR!|Z6PZV~_W}Df31fr0nw(Lw4j%c4rT^x{02<46ihlw|?35d6
zX*f{%x_(HP1L?b|{K0GcA`iOCAipNJA?v4XD*mIG{eq}rYF43Jy2M4dmecusXIX`Q
zdOmEz4(e$P7UmNzNz%)q<igu_MH<K%uFMlf>=(8I2xBw)DN9J_dHcL06)^ot4G7!1
zD{ImV$u*bQTY8OhpAP%prbFzy%4+Q<#swqlvC6244emc2p6Rf+^nc3^{Mi2@7XDED
z@TsF6k4<XPdY@Ev#P%UvQ+K9g1OBqOf8xjeNYe6|DmMC;GMP_@IekK5E|(q6tEpbs
zPEjPYhJ@o8ikD>A#SxKb?eM-C6{7F<EBDwVdb=+bf=fPfU9vPKTRJwxyUrucwj|j=
zIDgW(Ig)~Snd;|h)WER5=V}_qKDB@!vAiq)wd%|ksHyMt|AM|S{LV=qGN4_!jyIUN
zuEX@{MM%0@pjLI!g&0+AeGlpNy#-V)GomaegJ?;dAnB@M$wG}^!hw)gqLM-5tUKPI
zAbmH(mz9p^Cu|iRPraJ*p6}NQt9!vZHo4<aj^Bl=`L%E1Hsft`4zoq}bZ+53vTnV7
zQe}Vr3|4v4_CMbxjt)SkSMMVrjahA`Q?AAPs>&RFZBl|&FUI82jVlF~l`t|gFUjhe
zc*I7BK!N}Xhsxnhl3nu4rgyA@Ki%&stesErf5U;2GZajy^<usja++C**dMsRELX?)
z!ofq=eHrT>?md9}5m)-tXV<}GslHKlh6M3*7c>9{QoB$8ZUFGOpV|{XpZ59QKx#K8
zc7AO8hPOlccs0`suRNWyI^p&+g==h6$s{ayvY)!2Kh`QVb<+QUhG%$!lVkM)-xIU+
zQlPhqfe3$C@y(^_Zf>%UY?vNz?9=T_u|DB#iUH|Hu7rTBD_{zDhX(y(=2=_aK>~L9
zV4qp}=)?YAy4Zh!krX@P_o-Aw&1?}09NH506y@WiLMsNd4`~<f;Yq%QwP`QQ>J7LD
zY)ctptTIf>h(@S><2@#NbLpHtX6+5vF1kUP^j0#@5COH2wrMQxYIxiA&Rc^-ZQq09
zpo&&IQN7y@nryfi2Y2RbXWuEGqzH*RPp&<#vrQ6K;cSLI$^9C%FC`#+MimkT{trmT
z;3snA2r~%etyUS>x)_wj*Me7p-&ci}BEqH%;<&WXUg2$V_kC!U8S!QyZ4wuAUZYug
zS4!~sDr$S>atVAUdoxpf$e7w@3E#lLkB2;vP+?{1r5ezh#fUT>JtIm{LSGw#6cYrX
z`buSM|JDLTpf-Dgp1nlC{0fe}ZT6}jG>I5}vP!a~4cuo|JF>PryL5i}d`5bd?UnsQ
z!-IraIRe8e?uz|k=G$l477aV|I}_X>?ebnccI@(Fowus^5k!5AZ^R3!I<B2>zRL=s
z)^A6aXp7xpWhpu*I{d73{d3Q2OEY$$fvMNP2vFk=9EJ+|Osiic&P*w=t9@`-DPDPB
zdsu1M<LuMR>-Z#h=i%Ow?wO2_x3KVk>*Ei;MYo#|Y&lW#g<U$&K_q|u%`H4nJU;$6
zjZ04i=}&(2xD!6Od!p`oVF%ezGcBhotnB~OImZC^J>|Y5|5jdwG>Pf-;LjMSrNtRH
zS0)c$>wimwo)Q{U16}{AFlftltYUV`>-29w86Jd7zLz!?Ki!(evzQ--m^zH^>#cJ;
z4%2y(Z1wB+(;rAV?9qN77fi>9g%QIn=Vj2VTxa?$S>N{N|C}ALz?T8+AFH)>vBcWr
zPAZisip_EW9-m3h1l+n?cApXU?jC3XXEfd8r%uV?FxSxwqFHO_rh<xgQIou*a~sOl
z>XBO<=x=lz&efu4_psJXspx+Wg(v~w7N)I1;Gah~(d#?qTTVO}{OL<|npXD)v;=6`
zaIOvnE_+$d7?ngEWOzftctK!AZbx#;&?Wg?2h%t9;cjC#=<x2J?ZMhMjIxM*cKbi=
zm7_8M?QF+^v1-)%{~yT=(*SGJ?H+KV^=XY|8H}Js8pdNG?IX7~^Gvlq{Ah8w2~tN}
z_)1`R{>_LU`TfDfeEM}%M$Rbp^E3(lQGddo>mwssn!w6*f8v>wv;Dj@2gQsV2TPrA
z+@uK-K>lc2g2`-@_V)OswZ}wNpWJ-G5qKtj88+G4dA?-vuP+DWeZ?15tCd2@S7*^S
zUh_+99u}k}#Tgg7ox4h;t1q_SW99s6!&FkglN4;^sAJ40995lV<U*|YI&}!|EISl|
zpRCw^O+)L%`ZHn!O*&od*@h_-`idxq1f4I{$T9OgL2<qtMwv9D+V?%#{52jNS;wBO
z<dd2I`Eox(Agz=A@)<wAPuB|~sCO=gJ2<xoJa%+#(2md|y(=ToaFkqrCJgAQb$DKR
zJz&2(2q`7f{NbpuAG^ARs&1rkH|AT~00p2WOjf9jXy{Xvr5ok{$Jkp(Mfts5;{$?}
zk^%;u(h4ZesB}noHv-aKGk^htbV&=+4T5xuhztr+(k;^612gkG<LC4JKF{y{<6ZAs
z_=hgnV&>fEKIgjj-q+q8rB(kZ;68ps47JYu5BmhD2aPrMKD-~rzPG7(+n&7oi2q_n
z5I@H@X{klK;I1CG6fzmVokzu^q+KFySChGuPigUH>W$aWsG89~T!5m+F5vcAWfUO7
zeIL+EIUbz#zdRqm@r#l7Wscil9rV~QhHT`m2UT;M3;X~1wV@yXM?UjqGNh~dQcyBk
z?=5fS`Z(f1>PWrTXixr-&?}1c0V2s|^{;Fo!?ES8Tva0;mV5^PxMAB%k@L(k6#Cu}
z71Mb5S>$IqES&pMCPE^zN21WO??j;VTN$eN=z%Y3N15(F;>Z^HPXQfshlq{;%`3lW
z#04fko}f<uG&IdHRX5boK;H>hzp;FHl)#<pvo4{s@{E~=gd_jua^>sA!oJggJXW1V
zuG*Q%D8ijTUt}#Z#bQLtq<){Jl6-O<y)#6yFB;^?DR>wYAS*OM*dh9-+JK451*jlf
z#<2d|{|E822gFYQ4$c090|Sd~liq$_-Mxw2C(nNfl$p-7zm5oTsmXme!$N#rHEz=t
zYd3s)Y90pf6?u8ISyKX^-luLiL)E&Sji0y%tIpHj%TM$#I|>wR`#Z~Gtor{V3O)Wh
z=--+th%Zw3XHoWzdp&Eq+{=XwpZgKlAAI6Sp4{e<L6TkZqv*7M@I0Lm(g1mf^S(1D
zqbz7E9`Xq?K^xNaT~h960t`1fqC+IMgLCgyIFyhGTA}bybM)A@>~vGAsvP#e`y(Xt
z`_ol1td8T(UrXHWHm-d5Wp>bWM1zCJ(%7%_)tM^SOlrounES$`^IIp$?5IRYkWu$Z
zG1<b65Kjo*NPBc^O!ckKGKigja``ka;PETKsl#EY{3XZZGWeM_QYuzOeD;qFndckC
zKYle?{}+kl=!0u!YCN5ps(|B8`DWUNoKK((?ah$CWozb8l&wjOe1hz_T20rf1Bu0r
zz<YFB9*k>oE9CLY+-WYPICCj*1<D$Rz7Y})X};n|(|H?mBQ;ngq!;pB0OKnja)DFM
zPw?9Z5(|mI-=l^o;}sRZScTBxxDkY~%ZJ*B`GZ-|fU0TQCAdn*!nJkZuc}xWqNqU%
zn6B@7@A>`b-sqfs`yW&Jz&w7-YVqFJfv3N<&Kzy?Tzax*R)pt5F!0&?3|ZGoH^5H8
zerEhQG7FIq0-U#n#iS6gd=H8cIY{M|dyIfKtcA1^El@(#uM`u!S2^#(iN1fU^D!g}
z=X-8mEaYxpNS@rYR?8J@DLf0#kU^ZFYYQz0IqE#Si4LQTRYZR(sPc2%*p@KI2m~FR
z+W1)W38td}?iP5)^UFqq8Cp3<mXw@KB=qui`er&Um86OR{y(=zsQBxUIkuPB+k+`!
zS|;P+R6y)hc68gT7+-Fo`W<)6v)15DW^QoE)ia}H5K<Q}pOJ>dK)%UTy*?GWT20#7
zw346gH%$aNP43sMdt?j=#L>`!#KUg$kabc+>~JFp_OzQWO;=J{K1y1>mx7S)`i58$
zu8#|~&YxFl`CaO_Z#`69I|;2?$|Lm}xN-UP?<S3k*zzl#8OXxS&-p)6(zS8DOaPvC
z1h*0h30a6E70Ic>b}Aj7mfwxUk(0Chk@r3V=LWfkUIH;k7!FkzR53<*z@PAQ+$y|1
zeLc6uKH!gchsJS0yLkAO?$NTnma(zjvSx3mXyIpI!mrMO6+7y$_#jK%I{`#4_W>>;
zA9%*<WyGbp_NVZLeGHWfIEp|TN|0g0skPdJ{BMbplggYVR>CG+#Z;JZD8WyJFRot4
zX@y6%c6OG1#iv0>X;bGR-6~yvy~7`pe#%JK%RAg`wnfl9czgDIhi*%C9Z&YSqc2^*
zeRHri1q!FDQnn~Un3@9bf+Pa{u;jB8-4d$A<#IkhGT@RSkFobEqQI_QR`yRJ!*xSW
z7VmCiv2-M_9Gv(jU*7zW$Ed@pKEWOROo-Snzn8)^?e7Dmh{Q?msA-%oOz+TeJ9g{<
z_gt^ajE{(jsPqh^rm7Su6HYSM!Z9!|?ZUT6-|{>RFvU#(rnrdL*XO=2c^MsTZiMS*
z2r&}HL5SiWov>RR2hMXdORP-#|8l%2|1&a1V|r|~V#Pk+WD{T6Pl_1OUe%KA2rwrL
za3;HvXSRHN*&YyTav--%nN4skG}~Siflg<s<r*uz^#=XAq!PU%hsQ!+5*qQGA|A;?
z$&Xz8WX}G;ym~E1fCU<*$b`5PL-77Pv~eWoq~@)}P;54;#vvt0^0dS8cGL0jV-L;a
z7`;Et^S^7vxeR{T*Dnvr?~+BJ0VUbz+%U`07T9g5V6!z*BM6d04XZ64r>}vmr{-(7
z1Z9DR7$>k|NYXbC*5#uFi~!>O;}<qyz+0=?%i$Pv{m#QAQhM=kU!(671fK2)0?UE=
zO$^A5D_aHOe~$hDo-fcT(K-NODt*9J)dnE?2@<|8x~^^k0AaQH{_eiV<(d2XSXrv%
z;ddcHV27zYm}>snP|*hPeWjA4SBBsVoj8+ifepN-%{suDkz=>@Fy_WxjYlBTSWx%t
z&s>=mkQRL~s;%B9b($}F+jg`apqTla;kw56{&^S>qQ<A4>!*bByAAgDi?%JR9@I!l
zInNW_YGh{Gwc_dC(EbtiCqBX7<F$>s=hoZj67k11VX02E$(04}O_{!ZUKir*Nai&v
zIlM4<Y{V8-JdEYwQ-ldSi+K^6R1;kh3B%id0rgEC?Rh~a%cdlYj_1DI_bkTU8>lQC
z&6hiBS($Ss)@hiw^wz3QA6!3qy?fLFa?@}%G5rFfX{;VU9*iqqoNOm6_Nu{A$m0U#
zWbOmN2NMlkV4Z;xGLR>C24MiEKNwaK==+`~WZM~n;{m2-f&1OdR^ag|X#MqCy(lF0
zLOK}v?WxEt+Y16R8bZg>@YTI*G`QJ82THoGOejFpd4Lr!{p38?YKZ0gbZKR!&~46l
z=;CDC&;Q)<2WA{e`Z%)C4Hz&qDUgr8eE{Nh`T*%tOv6h|&CLc<!;=@g!}~#MukF#=
zP(o4?8;I2zs19Bm1T5+>a;V%;sOV|efno?A_J_$1w|S0L(6L&{`OU539|X&xk9Qx0
z|8Dq__)y6pFi7VKk%J-c=u=Ejw1Uln%eSuY+7}7uHU_9ALtD?I)57U-qM>=V2aZru
z)aQCe=}u=k8!Pg@B5hWbdHU^_WcDZV3v-MPMT{v(RatTwh(m6~3>%BF+;3Y7e{OG0
zCJFOt5NIWVByumQ1`~xuXbazoI-7qU0QyxFy54D=+cI|6XDcF=*H8=VQp+C4j09u-
zydeKEk#Z0`5ACpkz65q|(#|VnlJ6yP!3Hm)!L8mTb-x6JOMcU-%%zN%>uj^Gsc+aU
zY_!2?oS(fF5U$S0yP0A#`hg$<iA5^#M90=Ll_8r*)F*`g^1Cb)M&=612N^%=NRX=M
zgJwp8+%|>!YOJFgmr-3YQzg!q;QSLllSYmH`}jr91OKk(Qfx@&X~bK_^idkqloN>;
ziK_`K3G=52hqJT5IQa*>X=X>RA#2cV+iiT0mAG@-)Wpn^BC^_`&d_UMB|$>n)hi}@
zHOsL&cOSf)k9m)YD&+nBs-*M{;iV8c;Qf=joEEAhY_^vvoGZ|MyT(J9{a(g0`o&I{
z@{w;f84_Uj{Tyf(viPTb{Pj5T%g)Om-kn-Q;hdrY&BygP_I)7Wo>D-jr~aE|5I)U4
zWDdNR{ed6JSf$7pK^mM=-LgVis1?o(2=P?j8ZS50W&pv4{vc<a{ft-A=WNl6F&p?e
z=KAap#Sl@EBUy!+DKQ{}vV!JD<P9zs4EnSKu-IntAOcZL_UOY~VCgLET*TOW&CCxc
zMwY7*1Hw8>4tPVpVF0z7@3TF%;kyuv9|rg_x#x^A3~LcjEyn(QSHNX^gv%BeOe6|s
zn$}P!UlT@7s>i`em+iUmQnC(daYXj@>`SqH!SAJ|Tz;fLIg~ficTupZd?Y+tS*fgg
z^&^b?gbu8y!w{ncm-H<X9B`KqouYvQgGvVsWi!Z-dDUH7^Qg$)(OZysem#5*0}y4~
z;d~`!6La?->W!_yM@QYx3{kjIG<*r*Ff8>vjbMZfb$F~OugH_721d9xPRe`%e4q4F
zUMNTq-Qa-ukuYUR2OCL^17|CL;5^M536mWdOclsMUTJ{wa#-x+M3I6NH2bNEuomf7
zBHSHRG1k;p-<w$)#|qa%gi!(&Arx}Lf{$H(Sw}{6PTu_apnwY7-%Ge!y>sKVeJp(|
z$$r(aZ2M!ny1ud3m{YQf-uYE@+T9%E3ERO^y0Q+&u|}_eA<Q^)e;($O@~f3MMm^<v
z_7XYkCk1N_&Q=xpAWBW`+6LI)CZ!a@JAjPTaG4Xm6XUcT$AbU%1rOB6mHA;!|69)`
z(WoC;=)>ia(pf=D6u1jiqUOl<O>&>S5*{M!x-Js5g<NihfzUH{*SS{2E8q}arLT{C
zJkd=8={lzoFyoc*-AQWMX;z`X6*3MP*s>0nW;$AY8ZytUVV<7_^P^$nfY7i-QuA;C
z3QBv95V)u|2|Ek}Cj%aWeIeXKunetNf4&A|=7g<`<R2hW6!Ef9nnIR(vOMTdGOE~w
zXIWVWVt=pj5WT+z%EMtbf1m97De1CvuX;KCHoYdB<f>K1K%3(s?UG5{hUW#B25i3k
zCGVhTH|<Ep{C6^+OT#$2FIQdHiAQf6F~FeBO1GLCWhc}yId23VI9>eJbD*QllHqmS
z@#^vqltAWOludIm7qaap{>~VMZypAmuZXs0uy+wC#ysLBQi<-KDB9SY_eh5p-DB>U
z5f-UsX|2||HZER`M8B`0bv}aewm%ZK-p8xlb$g*;A;J4~VYgEaI<qqU$+>Lckadv`
znzw4*+X1v12q6dquA=A*GGG4)G>Jf~#^eoq&_R=F9>yb5_{v@a!68sOj5P(&5fG`9
zF9RWuz5=0!Gz~3z4Wsk+a6wcM2$^*Nrx`anIqDg7V2O3{*4Bab5EJVVV`IWSt&7hW
zi*pKD?1`WR!d5|Ec$qZJZ$XM1W^YDqy4%bt58k|dnN_PTH$Z06<BQ%^vnA=fLsamD
z*!1v}YrTe?p>6$;!2AdO`ss&^Cr7JfT!;7(X!=H}h0C$I_-t1Vwpdk{n5g+yrNZgd
zy!j0G1wB5Hr=GEcBDa{}`g&_KMB`<|i;yoaPWd73AVRN&c<FVBlcJl5!jc;NNJbz<
ziAPM#@XZF0B$X|^F}U050>#C2r9@Pkm+A4bmtR>2x2xkmlZ8F+?ML6NhdANrpGwkN
z0@aFmsh5=O%Eg2iT|`~y<X+_4gz6LLy}OIlVQ3?z_$k^sG9KIeWPiUjw%TAy+4XFg
zve7c0*|64IL1sNZ6f<U5!r$+Ibd<`&D|0)A^l|l{HLj+0j86|QvR9ZVRqY7caq?bu
z%Kb~iT2&^r;k)CDvx7Odk!_Ws-5;WEWi;TZc{3pEu^Zl~P<H}i_zHAi(A$};yx#l;
z-mvb^kO4bZM#{>_3=nuL2fy}JFnBmJS0(7>->WzTua+Jsv3>BVV^n46g8kKqiTNXi
znV;G28#<M7*BowaC|Aj1b|tL8N);OVH#OR<ar``VBKwxVJ+VG0PW>ZG`%gnzy0?6|
z2T13OgoR(LD0$aNg=);8w=bunqGH#tGzp`(X*BD;0%_@t$Ng$)30ZAogq>O15;r1u
z=R0!ppwBGi@3fhZytAvv9>ITqNXgxdUfv7nkoq9%Ocq%2W@r6_{Xkz2)FtLjWA)&b
zt>SVmb4U2vt~5N*iyD6gUF?q!K3ZtpDyGG*Lv`wP7P?#;ohfGH9-g%D-Rz&0>bdJy
zMG97m>l7wytnl)5L8snPw~JBMx!3!-XlgL1Mav-Wdyt45_ei_Y(&xXas4W@z=S9h4
z7T{jHQ1$T*8=D6?f!*o<*}xE@3HF7f)26J0ElH<TnX|*@sk|~X&NF(kU^OFDHP_1B
zU?%+5OF7v$XpWU9rAD5=ZHm{_f8+@0J2F2W%n{Gv?RyOU@IE$OKPgJ()f@EK#XuCg
z`qH6@RLfYC8SZkv=rMD-^HgxQ{RV38?Ue?{Ar@rT%~7}A4v<GY?B3P3u9Cv5IbO9`
zF2d3-v&Q;FJgiWT_$JV4iLC$3eGz#SGg|MY@6As)UXhkke(*7U&=FIfV*em#EFdlR
z-$$?58HlR}&za^L9Qde~__qxa?;^{?EbTtb6yWCdgRMr&**qKhIiXCB5<!1@u#z@<
z35tlM9{q9U@q8c8hke=kkMc1|myGr0Y!%AX*ZMBzlLKv+es$}GovL(Oo!cPTy>`hU
z`D?yQiSMhf%}1ik;}%`~WNoVqKNdz(0;nASt<0kbc!^~|d}rj=SiUi|A6S;yJ{F{R
zK@Lu@vK7Jq)ah{{{&<<NSc@ZA;6tA&h7%*I*%9TVK{LjEW_EBNlOF`KBjMMhue_Iq
z7fr3pVaV>-4!&U;ip@gnB@5A@j7be0FIT{k5<zqAx5ALCL*vaHrKmOE&u#O5wfql%
zZsfZ@$QgM$rdu_Fx>w(tUomYn|J^V_)VG~3Q$l@!ZUFh*D3n__Uo}-t>r?-j)>6W+
zLZ9eume2@1(H${SRgP-cue@U5zq1WwaVqF%ld)wQX7u~4v)PLKCQzo<CE)6o-JF#A
z=S}0cK2Ph4AF(f3`Q9N&fs$MK5ykyF65Y-D`?dL#Wyqr=fpskrQ?XQdgLKv!<8*Ur
z9XEaR2=rNxOIqV(`r58p{kzstHZSJSPp30n%y*7j9D+~#f3YBEclCnCE&f)r4o1xz
z-p!1K$>FJe6^w6F+U5u9#)NqxI;cS@t^GgQ2`vVi#<u&Glx`W2-nQwNhOlzH>V@Xx
z7n-$)BYg>V&c@|E#jD(N!`k4FjB;Jm7d<gG==0&zCM9S0^p9f)m){?OSZ=sH4Jw%l
zDdRgf{^$tP%JuseJF?|hzrhh_7U?;rCiT%#PRGWr4!SzJJm?VR!RqbgRQRvEmRwa-
zX{rqZavfB9zx1!lbx5DwAAkP$b34l1Y@6rivOlyOe>NKu>S#aThu3Ak`KC92BluL*
zkhh-&M}g37Mj|Z!RimuM@}`V!|2Hx|e<Qh(mz2&%DxaraZ+|@8JqpD8aH=45dwA7*
zib2n4WI3u^uU786P_Z+!(%md$CS(S@?V+16bavj9hdNQjSdWy;{y3M)qdW7u!~QY3
zZ<R%5X6?}w$#4`p4UVYHA7NgJX{l?j<EG+3rtTzQoW*a}(1&VVIlE{WIL=o^&wN5M
z{^%Cpy5oEiwtP?ikoRzd6Qs3|w9RKPR;UpJ*uXh@?4bP5M<Z9CfpFUX>o39^Bi}1_
z<0;)l7cRJRP~Hm#Pk~6!;*KCoNKdhDFhkAOXGR`5-fzFQPM?*>N}Obl%&+<&J|31^
zKhh!@9;2Z@7UxEGC=;b*B|Kq0_bxFpnRC1q@ZI(}m#qoi`-m<i>2hM-+{Y9Npd`EU
z#95`HCkV!Qn!FCTh;st|N#-0E@pqNzy%S+xGY#numf+4uMZH>X{@^P-g*T2cUgtYJ
z0Eyda*EfLDvozu&RHw<qwh1&R*akB}$bKLK&)wS`h;wZRv!(uM`ZUV@Tl)_>`h#y<
zAtLdo`+UXLcV-(IWgEihgW7D{GcP%d&7PzXxp+>96B8(Nt;^0v5mI@%nSE>R7X21d
zgkD5`^FD7;$KW=$<SdFVEaMa3@K!!zl=jw3S2y=JGY*&A-PI~+yyiq5AjKey@t!YW
zAR?6A9n8{Bng4k=OKBSR(a47pO0R`J>vvSzthLO8@B5t3zrGUx;k4-2NQ0%n|3cVL
z9=t3Dg~gTiYFFXlytUZZDgOS^H?RujY!lBP4?GTjD`6X&0^i*^T+Mk<ibvpqykdRt
zA9L}nh6E3U2Cog(f7{5n04M3xE$m(mJg-iyTSI2h`QE7?=59>ZIx}YOkyN8vX!K3L
z+wYkG@j3NX%iOYwPeFtc=p8y}*Au~u=2^i$Pncx2^T2M<<>IxRPb^l+%0~^A4A_&*
zzKY}=x^*P5J15$<hH*^ZB9$0{wwrDr<zWCcgG%#}G9REj@NB^2N*<ILhY2f&2Uole
zeZ&xne)cRaRX=KN@OvAm@0WXHQ$gEfHZ%o55}jg=$5;U_7O??kV?WSC^OB$Q8P&xB
zr$;T|idzOFr9ojMh=UILIK!OI_Ao$g-kb?~3@o04#bH2Pi;h~RD6_iMang*ZIwI{4
z5N#uXc9pepXZKHrYYNCARY6~#<C|-NLcg)xxIwM*|AO?~67$ICr1^w}omRa*c#my*
zLA{cSw9oL6#`WWETDv`u#hVAkKXT#3Ts(L5%keT!T_9U{yf?<Ntl%UTX8ZRr8hYU6
zeeav<(em41JNwrC3ru15Isi*P4yGuR_A&P*&>e|np2$^}7-_w(FQMQ@QpNVy3ytSz
zudDl4TI`tA<|&MLaWr}%i6^};brjDT%{3K_Qh6v7PMcmC+kQp{uWyjKjJMGyC30p2
z`0AQh7k?dFD&&ZSY4cfEm>S8#?Vi3^>i|eg@_Q)kvT<r1sQ6oW&D%{5R{A-QH^ve{
z$H|q7c|*mCcza98W(ARqpkiV|>VsqgAk>b-ih-4r?lJ>ZG>(E*{%)69u?BOAaYN-b
zMrjic^=#e`3b85q`D}(Aur?qYQ^Y3ef+dfU1TxqIkj#b9)i-5d=}%4l7vIUJ!CiQ|
z2cGOVAi>U$p?`0}D_!S0KX=<Zqp4gCsdqT}T&=nH?@G7wlf}P>x2-L`^Eo@zFX8pO
zFB?`SjS%-dtEMxh4uTB?#5OLwW>I@iv39z<#xmykq(ZDpnZC;Ma=A%4TByn2QqZqV
z5>gmow5&6#tfYtkbGPZXh-Il0T;cRZW;``bc+K{`#k^UMhs(90Bu(weH-iGnpv~l~
zW;prLP`u8$kS}$%cQ9vN0j#^BK-L=EXOZT7-kco86?J{FL^0dsVEQ<^z%AQEEkmIH
zz-vOJUmoA~{eRwBmOZ53f3yIo2acn0039naMFRI&rMXuB6)*{q2poHPa_52B^9rs|
zFw(1O`_pvNGxJ6_%k(vn_7n{uOX9pQR$Y)hMiN|ruW9FDKnjr#E`80F>Te;J%U`1t
zn><&!@5dg2#<?HBoynbyf;JIIk&Q1d(5V`L>(pC>$l+c}eDu4bmNEO!sc>>XphH)y
zX2tktyS0w}SrnTv`4(b%#y%fR)fT(;m@l>Z*Lp4`72p2lIPiS3&MU1P?eqGw-Xe77
z^2Au{G`&(Yx$8Sy95vYW<%IjE&4d;^vd^i@xO|6Lv_7eDdZWzj^mn^H;@d7acD`|*
zuAr$xR342|)gF8tw3$4rVl&Tua*!i7Zw!-8d8^i;a4!JPt0#(i3jmGb^qm~zmJw+!
z!@&kVULso$5+9^M=8?h|Zk5$R)??)xgy*Q5kyV>@bcYODz&?g<xH)KTM@o=)CQwH$
z>w5D3brqTftMey47q7cHpU@C|zH@Z;D!IV7J5ukbXtqLl@P~CgIk<4$_x>`uBZcKT
zvPC$66}fY-rv_!7_8tNZI2nkv5dbb5d4qPI{=_AM0>^|w<PD{?n+$<lHNpT#Fo!FF
z{(KB$4G{pKF8!^$#-GX$AcSfYi}2Mf-(f@2IXnX|gSLQr)pz&0wEK;+Zh&ib%CBt2
z5J1;+TXAGvx#VmJ<*<pW(_#3B_Q6|^haa{}v#IREE8S%#y+IE?-D;?oC7PSA!z*U!
zm|Vpq!fX1h;LUd#+!Rn)7=QkvdYjOq-Na2!p+8$cqRzZxyiGHwZT@`SW^xZ1r`iLr
zBwqQg@#>(~cGpa-QG(szzK!a+XWy{@H;WRVO{gjB?|-|3O<^X$TWIb^=S<!}rBbK7
zRzAv!C*kBLmLMk=Wg<uWc3RD$+YLbm+WyAX1c{>TsCBTz(+98qcM0tu7IzOGUAbkl
zO3P=IKXc6dtA=MDm?ED8tIq<ZM2>Y?3~Q_;3keOch8fOSsjjv^7&RCMs0H!DQ*vG;
z^8$r{1>j^hFpFXk0h~+5B_gbjaRWm^3+W|tyM(yo-bId(IgW7hjYz+qIPP*ON`6VJ
zVzOex$quSm71s`)FFkc<$=kN5#qL_?ej2g#cg2wcNtwJWiE_$WDk+yG)Wh5Jr2f)(
zR6~}tm%D6mCl-5Mg7k=@s)=@6Z8uw`Bx`?N_v5#DOr!8AX1thxnv5OsXUu8%C2ak-
z4VSkX9-MX2V7wrT)@JPcJNWLu3wK8-gph2*F)AjYDktGxK%sOGz4RGFAP=--v{EsB
z%~gC6llkzK^@=Wkrg?jNWzCKLP3OJ#1=2NeqeHlmA98KY%vj~1KC|vA3@w-Du=4_@
zyYm3jV5%@~(Br=#%nW}NF!2flG~Fv80qX#~@c^=AJ%Gwe`D`;!QCxZNI^RCr0f(>5
z<;1Urzw20v<k5Kx@uOyX#)POcsL2!mi1k`6B0^zN&HBaqakGBCyquwn*>ec17JO;u
z+>mC@X6D(-+`8;%{$I^FR|;%0erXkYa(YWHjKF8O@4%2s+&LuF$gbnXw~mMF+F8$V
z`>Pcpo-@Ixvz%b`C?WL9pgHYp>!<i6G&*ytHFHJ>z*Srk97hFue6G7J^5bGVe58;Z
zo2Vl9$X7#h<EP&eB>!|5E@!o9xo&<V8>0~T-uG^^;YWsmHO9LoNl}@Y0@-!FJ3j2?
zqN~`+Ecu*6ksRTNQ+u&;!5<5CQss4jrnn{u6_Za5o+BvOF8D4lwJ!38?|K(?^l^45
zv^^u=W|84NcZXrhHq(`l^FsMZd2BKVKXkVb9fjpVZyWtt8Dl|y^w{k+ym(Y<(p0;^
zi`}9E{s+I~U1pp6K(_h^*mY(y=E(QKr}OX*@y*!Oc@Q&S_C8S27LlZhA)^i6LN_>$
zac8Y5%!Gj8c?3Xs`GAGL?qDth9#ZBAMt8k)2$zix=L~G%F<cxPPI59xFJY_d-?B5)
zrKK_;YbTs`#ZXFUV~q47%tya~1Rb8mYqCshK(`l0vMH(#VNh#y$Lmdd_<SPnBnnhE
zMnAL_YveCp72ODnXW4m^`eu0!%m$BAt1pi#XA*sn`cVX@sh5D){ra}{kurjw+<-3P
z)Awfw8Arh`TE=;nYqDl|pT4qGkzO5F6(`RniGQ+)Ut4sErj9_@`v3k`A~gJL=KMNo
zIXxah>G-kd{$-Qx*4Xux&$a8zc%qgq&k#Q?=bud%tuDw2SJ=!c;?+gKTK;sVp%U0t
zN=*YzTEd~ANF(Dq0hnK{=c-zXSzB{D+v)anQFdQ4&*8I70#Z5+|Ihv1hk++sn!O~|
z<nM(Hv4^2&v%ufh&n$^R<RVze&ekZIiXWwSLFv}?+R35b>{MgT7=P7DI-<m~`!!b;
z3$KQiJ;OTi0dFWbZPDYiyDAHp*H5;R?v9ZTi}}n-Jf3SsaicfUENEY@>oa#HW6u&7
zjg&k4`aB#{;iB1fo#RZhyPue(%(Zp@wK(ppJ8D~OF@X|C--8~SeJx40<|LnWrp4rJ
zhCwaXJ68*q_@stgA+5LZ&n~SG@yz70(^UFnb_VJ`K@FX+sazsI+ud~e@I<oAfY#so
zf!X*Q0<DvCZMlFcwdS52^R~QVVg3vS(i}<F=-waK9p%sRLQkRQ8ntmjqfNOwcasG4
zBx9uQkvCV>IzIe4X}t$9sX?w=dbwjtU5?Uavm^9v(Cit7E;{~`4%1O??Mt)fkq=TA
zb^{5sIqIo)i5z|>Pn^6jZO4PiwLi#5YxTxdublzDt>l%OAN``-C7?d^1w!L1xxwXC
z5#SKMN@;d`vB?X>qZTh~?1g>q09Rba(z^wFUQ!dcE__E#9Q_X<e{TfQPuxqWL0c)r
z2dIqie-;{JZ)FXUeeD-D9V-Gwvs#9F2BkOCm_c;7+~Vv=N5bdhO_k_&vad#}-v<|^
zaEWsKdAY6j2i2^OV4FuwXYO^!KXZRR3TPDD05g)cW^q3<v!rJkr!CPs*P)Fv;2xcS
z_Py$%@$$@amQzanBK>W}ITNugo>4m`wT^~qYzfGP%;MN^_Qw{mJE%FI`JDQ{o9Cl)
z*S`&1oB&v;A<oQs6A=rI!kaU&rfY=3vT<KY^_l#=GnuCD$I%~J&&1M+X>B*N7IRfz
zm)nX59?2Rg=u*z3BZcPD8%y*!Pbrpv4@m4L0oJi}p$L@2+MsFPK{c}DlMoqLJi0Ap
z_cqeF7QFZD$i?d+tJ@qgfh~AHf~3v9u4his+T5<0k9uW57~FWgn{{8Pg3pCuD@wQ&
zH;=KSN+UN+oWX&U8j!s|plJn)5|eJO;TbJNTw2DNGq1vFX)1F_)gugT$4Q6owIbmc
zpva76PMY7;r%C;~qUD3U6N6;$v1TGCzxO~kBo!*cWh~3!Y^YsXtjB%(TJ~@6P1Iz`
zSM4JSIW2WD03)xzFpA|WAD;rGe%&-)IdsKYjkDtnmoJv~bm$SB#?&{FZ6J!SbMQy1
zN~^|Bx-h$y*9OaVs{FCc$vM*7zfzb(L*605WMsbE;%7$%Ohv<-)?;}PQ{u6b5<6&|
zU#7fx9Xn51uM+!`9@e<mEeAC?vZjED<l%8{?O4Zy`m~p10mnkbeP){d*`LGxdukPU
zd!A0rG!&O2t<pLt!4ldDpPc)Dep9>ZSuY+LCI`)~32db>Q`SQeR?&J}*Fd7Ka^%0A
zO3=*MuA}bN0bP4WCE@p8Kp50&d+7|C9rsBqrP%Z_i&-H9zv;5)E0wOPpINAVU-@DL
zUucrIjY3${jwg_gsVI!W1%xsxWA7r{=&lcp%MI;HYFjIN1swbY@0Qt&!j&t(TLhB@
z>3LjsKDpkMlzrHqO_?dE<=6qcZhCqBOqk%yje+I)pu-<p4KAkMU*Q9pVu)=aCM2t=
zE^#bmi$=FZOAbVk6vf~z%!5I2LJE{<L#!Mg9pj_VLM^_#dj5L}MC!P7_p38RceW{o
z56}H>78(ACitrxx+25_a3CY8Z+wsX%YF)1?28fYjTPk`}85K`_ou>Ak$S0Rs$1)h;
z`eUk0nmjhH!Tmn_LL}Q;mGxn@<0*ldpD{Q?a3f0jf&J1+NB3O!raTYbXu%EjC$~_c
z$l8t8k=<>>G1~22P-C#$>B0E&psc5`EgfbJv-5)$J__P;m>u=IK`l#7yU)5|O(0IV
zcf`@t`zeFV*d2kL57jxz7Ml9o)0ShSnycL;95V(&D&juLc{_>^{g@0?pQZ`Q1)OY^
zgzYY_T!5NHl?nw88o32&6XRyDbuI5J5K!0wZUvJU#jiDvv*ZJzW9)3gfFU%!todGy
zwf^;nL{WC6*v_(V=htr0AKab!(~ot>rGzv-!QwnxIX>ifU*Taw-sfbR3#U>DvO?Wx
zJa(aQ3Y>wF_BMdwzBgX_wV=1x<bwnzf9033>u>AOuE5o5cjFiHL6*-*J8N#Jb>y4P
z((W-;p9&cyaV4p9Q}+o_NBvH9>>*YjIq1pP32imA^vGuz=@pghV72?D7eO<Wqv_fk
z%UFf0w0Mmx?*JPZ$^A?>|D}bX0TW?+!xT@XTog^RIUJ?C9rB7(c3A$UajVXzS~CY(
z!$vg0=}_mp&Ra-bGAT;;2t1PuclE;<D2+;)^nk+C0mP4~ZCaDr9I}qlSV+p*3wl8l
zrN|H?KZ-9V=YWR)c3os9Ze6#4{2~JV7XM1-WbY3)(HwXmdulOLFyR1xP3#0@w#8SU
zgh&yKfq<^M)EbW*)yM@=fc$%f!5%VvU3dLqB<EE@5ZrjOTBWa^@-&mJUc!W{U~~FH
z@}==8Vjow8_Jz=G%QI;*UK-GzZyOQh8t>8=NhHgyL{x+s>wR*a=NIjdWi@c2%Mng{
z?BkfRZk?GoKmTEfaEMGq3okwF;x2B_CCGFg2I0=$oF((JP@jGP9~6aIudAu4Gc<oV
z?R|0a%tF=Xk9<I-ytfjsx!xz2iMtA93`xqzn|<&<LAz&e2t@J&$-+m&=qp<9>-<Aq
z=?IpWafMn+y@2d$gYMaxccAFU*jIRdPZw<|&oxL*6tkp1Al!GCyH+elp3)al#AX9F
zz1L|h>4m>X-&b}O>NnHUbj;pW>l;kTNqM#6Xi5g{&Taq6f5b8(HkqHo+kWji6cPO;
zev0^Z{$3`Hff&$sm-&=q6KIcX-_UbrGGe1bi614$#l81wu2y-~T47YLHU5=O)a_B0
zSdW?>m<=AC9cfG;jv{CbBW~FieG&Oy*LkW=bJY+ek?5Wu^b1h0fG)gr-cp3bMF)hc
z#y!n=*ta$LF?o8k(S3PTS089IbjEco3yxEaUE+Z^gxOfykQ&tI^Fn|(NSO$5>bvIX
z8E{Z-lsy(Sgc}KVm0})LKg-CY+J<P7FgGVaN*x@2!>h6z4_x`TJJM+QDtQm>>&x);
zhdH#Rbz6*_?0=+Ok3z@M`q<K0aQ7qLh2qJwnH+h}cpAKuWioJE<u{U58?EA;j-^Yf
z*c8cs@KML3Hc5?UUGyBTb#l;8=L*wfFc9_euJyZbD7<5RzS+<;T<poYe)-iYrh!%C
z{eQsSkq|&6E3^gM(bcWYVSe_=6{z(|BJjZ93BPQ|uI~=ilPIQ&+u?b71*qmq(w{^Z
zGTuN9{S*|aq8Vb8F5YcgWhl`pNwByN8L#PVW8_zzaQ}=8nbBunBDj8=P0aJp4cVI4
zYm7h~M7iMR|9N%<n^_d;7;TLcefxn{Wf>S()OuX?tIE8J2FFc}TC+0#Kk^?N5JtN3
z4uW`c=eF>(_a;aC1dl5m$4U!)dUx6{Ty$w@NC0Usn&7rxkXrhRu*mnD)h%(bclG)|
zrVC6-_kjIdy*4lAUYoQ%qog)o!k(BNAdli^I_hWVRI!|~WMy%Y+aFXt%6Xo|bU{G@
z>$ek2_G0;=1HN61(H}An$k3qs;C)MOoCvgFR+Zl2K`LVqlf<t=JQWf`l-6njJNb{^
zio57|S-8i!$ANFpL9I6iCRXjKfBUlv`dB>@cKr&X;xx0oIq$>VuMfU<W96!Fj7#e9
zaQPF&WI&7UY_KIoQ&HME&bbwSA!uvrlK*LI9y~c}cs{B1CIBy@Pw|LRDnQ3n_W>}J
zp#DO<YQ&6WZe1NzZ#vil5#Whv)J56H5)c)o=TGi;mB@atCNcJ7dD<J8Z1>kNTuPd2
z)oUTIt~NI9OgE@2r}Faw`Ys;8v9@=SH47mNMl#`c4Aiq_mJ3I}b0q@c!ZWJgjMtBF
zLXSLXc}ih3!cHkcp1reL0I|HG4m!u+9+hV!`__5u?FFriU6%*rWjvdnZ2c$O62C{^
z96n)uwL%$RYK!=0+D~iDosp)<#EMIIN=M5<MaYmtCGM2~q76#@#XeNGH4fjH(@-l~
zuz+#RUG=uzKH2tg+imyKrB+c(iNVmbMF-9<dkGCAJdsjiLl@g=2!}ueho@zlC3#SV
zjo0u6<|t^#czu#^S)965vK|er`t0(&>#hfxTnBYxQ%ZQ={DZpe8|89G;Vq}u<dzEU
zps8Dzg$~5CmO?3K4i^h!J&VXu<cru8CnUYkd`&;;KA8vx%VOhv!OVM&Jmn_T1xiMs
zIFv-LeQ=OKk#7;Yy?V)H*nvT}G>-)AEp$1Ie^~ehk=+@5R)neT=hu$H!+HpCe(f)%
zq&FvZWEhNp5o%W}sP=PLDDqiMS#I^T&OW1*sejEiosRdjx}`CKSrUDpR{B?#12Kue
z1PM{YeSKORCWv_#e>&OFNW<j_NN+IREg{mD1Wh(f2<@Xu{w$N00WWN)z0LnFQFAcj
zgnn3(G^9xby!Preq2rIyqYGi|QzlF4_^L>0krKX2oWVQ``fEn8n?Z@>J{<3VUE$iy
zneQlkYm&r`G=?=wZLGf7?B>S=(-u5`_r-b`w1%QuM+!3it*xL$7rnamWw{&;)R-x1
zN5BIGqvqL5MvJ<;ik0*9MAJ*?;cBY6dsBy9xr(dJtVrF8N6IK&4kSNOgx%p}`n@<n
z`y)C6b<{z4i{T8#N>l=nUs)^|Sx0#>fdXza0pdfkEjsSy78o=tL8R&y2y#xB1Y)1L
z-u{571-(d9`qtn0W+&y)ZPkGsvmhmypYO|sXOADP5u~aP?OwAVQ6BQg=jv^9_|P?T
z;wPncWuG&WO<2+RCZ9%q<Z6gnv7v$o8@tkq=jtn%8|#d?9eHtg{;p@@)YADQ#R?6A
z7k?NZ6|>@h`lF2=U>0LD44b7ALZcKT(2-mcC@x#M(@XzfV!zv??jpUTr5@mVbZ)4^
z*ezbJ^^(Fje^m%cj^w1R<=nFj<27qFFy+JtQuN@=Z2{fVq*kC3+PH=WI8D)xklah4
z?a(h<2!vuTKZ-ZNft;lu;PQghC_)55Y#7i38G=!Ne(xQC1usgV8vAeKK=vEB`ql*q
zW`{1GE^gRJET}d60-CpVjjU-QT0e_de53XcW|LG*_~PQ4siEf0s=cV&B|KynF<oPZ
zd&<P^LU(f1XTrjo5ROmcw7x+1k;Hdn0?TL)T&1D0+FNzIH=&P}&AkhdA9!-<=go)i
z^R=tUZ@XO(L;vB2=AQj!hen>iY=g8jni%V)7e&IrVKv@bd|BjwpXbMkEd#g&uHN`B
zVhG-{Wzuy(2=oI3rC}c=#SPcPKR*)E))Xw-few$mH2RK+Udwso0h!sAiQL{a*q19e
zr2^_Gw<dt!R6&#xVdw6`>kg})$cQ{fTh>~rBrf?L8Bs6EPdyW!2=OaKHCF?U)^gGB
z5;C(T|EdYNGQH}o=ieIEo=&IL0&zc4CaZG?EIOtze@v|C1izFoUJG!trSt+EZFpZ}
z83jOoNqBm<+cY7KSUeLF<iT-c38$5-0eqlx<;(bbdJFYXE%B2}Vz7{X-+($N&uKt@
zfB<PiY1_`29Z4gy>dw8pRw&V{zp&N*r@{4I&%ZKi2Sp&i_%KJJ@Lc=i+z~E)tEFvX
zwE=xtya`klg}bg%$nyncfT@lSdL%4wetrLWy<{Y;EdTp=pacz9H*!nsb<y4<Dc3cb
zC{d^j+H%XCc_i+&7T0W51&(N~YKyM8rMM28z68yt#cpTD-YXhrZc=*FC9F9k=A_s=
zPMsj}`-azau&~MA%Z8qcP7OWLWjWt5nOK|j<6$UG1nH?B&-S32KT~0~M&zdKeb=io
zqWDp0#qpFdDjLC>dm+o}24^o<wJd;gG2bm33$E}r%mtK5Vx@itiCJIVUBk2CIme)`
zS6m~Y^5uyDx=Hk}@?^Gxxra$ZLe#G7%tYPuwMHhY=b32f2CQ=4dLxK~Y#j@u-sxx<
zqiG)+Pfn&uCJ%k`#l`Tn;V#D+Rh1He>@Ags{?fg-nUSIRLkASOjBp__na=gT?z%M;
z%##sSKiT79WxVj*B;ZcqJ}#|;jqS0=8_$Xg7;+#jv`_0fMaa7_4Xm7T%$<G4Vi<g|
zx-1wTRkWA0gO*l8q!R96K@@+pBA{Y8BNT9lpg@wmLUau3-F|#pllQIVJ8h?C-p(ce
z>pMR1uNhIEPJer+VyUw+?O)Z$uYcZ!HPZ-mCk=dx0ltv}{{@Y0YBvFp@X=1nVGYhG
z4eZxoQ4i&}c$pnnGu42G{Iv!v5s?Fpqn5{GErRtCXtz_C7p?v=R_-I;)Ej7j)z@)&
ze<dW_Pq%7*M&U)3RiuqOeapIGQ(Rs}^Q_72`OCA9qap7;UuSO&{vFN;Bd7BY>xa%<
zP?WI^*B9))eX=(U=%$i^<-$b3z}+3f@*T>PwYDQ+X)O1+X=r~{s5F&H{`%t1$Rh@a
zu7<nchB-UPfAQx1nrBKf<@?<$l`+(O+SOna$+W+5F{7-Y>KK)L(j2cq@ZzQK!yMmD
zvSBpNkL<B|Ygb+YK5bv*oon-%OLL4eVt$prQA-D%Jw3CJoMh9mygk5l{zBhC<Rp1*
zf0D&CF<k!`R0_g=Hdr`6s&Y{B&x>(^ccLxLfUOpk>W`IPGk6;@s9u0F!;j*k6DtM0
z<5YC-HU~LsqOaE_SbjXk%Kg3H{t~wu5oIO&t5nc|Rtlp4vMX~tq7g?SMmFZqqCkZ1
zRPSz&IYY<W5xMbMwl{}=>>VLhs~teZ5T8ZGX+OnL)y~t3lx{d6x>v%dH?=9xK!1(@
zX8WX`{#X1r;5d`|S=%V7ION*T;KNY3)*z#f`RLA!1PDc$;?mpFaV|Gfx`rzYeqmhW
z$DuF4`&KBodkX5wGr#YMv0LZerVmr$2T-xpOx~xi7pWh*rx7lc+(#QL!$Si-?v`Cv
z#Ir9m;NX(eu^0luucfBgmyRW39l)$MfE$S<cX`w`85{wdd5<d)8X^I$l#;uoqPy}B
zyl^ys2)k9JH?tNctV;gHgeV{7G~S08lunEaJWjwZ(8hHTPcHW}%jK`4VflBPviAHf
zklHLW%59?FtuF6S=i9C%388%Y!xnZ&N?%r-yt}L>y^!yI@n7Iv$YVE_<_E2LP_CJW
z(^x4x79vj)FgLqON_W%w{-;Ag{^(#G%Z^#1Gaw*o)T%|bh}iAlhQ{Y&9W*q1(nkKd
z{ifx`qkiy4-ZW&><?*zMSis(U?!wIxRDo^|!IqWwAZy52t;CL6lvb8uu34Lj_;Ag0
z4aLTHVHV*Ay^^DV@$jyAmhYtEK6W?k^l6T?DL&5SDil-VBJ}tc;gpE~fz3I1YsY>-
zfYLJuJ7&ShJ@J(8)Q1SU>ko|{5v$+mPh(XOdS$ZSh4~h*RbaDSK3Quy#K`Ts&Yir{
z?%Ls_dgh9<NLmn8)$8kjW$>@mW3v36{6!#^Ds!E+%&_w54Znlo6w!@~(w2i~H9VXI
z!p1dtL>_c%al-%>3G3Bx<WdC6Evw-tkTRSrSBq~#I3mz5U*fGWM5Wqs`h3m2d0owo
z)Fu3{;AUE(qcQgCDOJm6$3v&IMUp=y9=0owhFEHO?rWl@z3$RyYxVUFH|=(7Rl%Xg
zYYQ%IM=>oQz19`jA6!Ur*Jt~E*9#7sFvMN7A}%1PoO`jRV1wO2*%H2LZf$G!Il+au
zy=T40OYk9J3;7MV1^S)?ka%p@sP0)V3u^gW$SgRzQ{Q8<Pe(*&@A*YM4+?%J{>@(Y
z_ZR$QoB8#TT4&Dy+SQ;0UZQ$Om2iq(;#M3hU=mV(=iWV)R9I5%$4e}FZs9%=^*^*C
z&)>DG5D_WFJ5Xt=6WHj$jDN^8F=+}Bd<_0o78T^yMt(`w@JFp<WO>rj{{~7=DJ^Y~
za0mksNCdDlV+ZnI?G_C}eqEsIIbI^B)s6^cyTsI3_l|mNfr0xx#37i;DWRRXLO^;~
zUuVk(%y&Fp;nU1}DcjskylRf^%OB4wg5e2WeceTN-{0TjYpr`py<aV0yYdJ|5tqzn
z77~GRGU#P>GwB}a$~9XYi>ac>8|9q<2#m1(_44;o>I;XV3)GVIZE2dYSta*DkI8{7
zo7o-H+P&#p>#wf^iqIw=+u6Cf{}tZtM7_w1nR+`L+&W?Bttb4Gu&&}bb5}C3NqA9+
zO5OQaG$Z+cv;g0>riOt&87o9d4%cxDJL{z`1#yTvHMsY}MUzE$vRH1Jue=jfdlCD7
zp|m~ESs<B6po67IEt3$3G}j!Nsn`U_$!n;@bgcYsqwQ?Ic(p%^s_5I-E*Zh=Q?xUX
zsu!i=|I7(UcL43OveQ(|6pKWR1rhHjyrKD0<;b-vu^V~NlOv5y%Ham@z6p|hmrB?|
zjp)CH8bQmc44ZXoE1(*cWjpphlQ{MgRhAkMPJp-2NZ4V^iXPi*io7Z-Ag^c!QX~YQ
z_m>C?<&g1WO&LIy-){m_Lb^#Ciu(G@@2O|>Ykr2j%($Yl1E{mn`#4Fjd>(>vJO;l7
zoMQreQ}@jGK;Z2G-r9aJjRO*=A05HL9FGU!(@S3w)9>Sd4o|J@>n;mG{g%G%a;MQv
z?^0o~ZZ=oDNUiU}nLiZ;X54bYlH_n7X{&YFW>$ZEDTwfDHX_!kNU-GCVq#Vtn{%}{
zqPe(B*rEhjGdrhKMC*DC-|*9rWwQo+12`M*JJ$Q=OT?|6{K(I-U;9$k$;f3%xU({O
z3kC`<>A4ogc$f07@zTjE6TXl1_uq`rOzDwE91K@LfBICl4_3TYO`NhSXmj~J)V0vz
zdD8z5O4_rP0$u;3?2y+nb!XF>pTOxSSpz>;tjUw1-LDh1S{$JLRQ~e^Xl7ryO9BE$
z(0+i<dt7)J7^RKT4^21+0J)do4b&cl(04a{k2EQCwfYf6{{p+5VcvFmjLulFUMJ(H
zd>z55x%DaVKMTgrw0XyLfT>1@JjQX02hLMEd~BU0kA1NPgmj>8RnCk;#oJe`cOD{U
zVoce5Y3x;mxJd*u7IzB#LVNmcdASz1MaIH#selMPWO>f{Gw(cU=&RV%RGDSzm=eP8
zeTyz<?-K8eC}e=%NrR-utm#<$NWqEO^&s#VMm?9I8>o)hI_|aFu!(({r`2Q-S+$gL
zsAYAdCw<}mPw_D)reA`pFtya+3c=j924%$epeZ@b50QD^WNzJrTp8_w5q5TVB@m))
z3&NHK0qaT*8o`o9pL9TR6NaZkD1GJy+K#m9pFu=0Z!0T5pI=xE#d=oUg;tMrcyH=?
zdqIeNb(bB>DotAu3tcZpb}GJB-~d=ojS97=+(`lP6R=o(;_DG`aE}kjU)l>BV~rfD
znxE`8?-*W9uGP{j_rH5)&EC6e#omc6hNM^VLv@3Z#4~%|?51IiDDQvZg=m()LwG?`
z4!D11{0>op#@PVd+M0{~cs^0kYZ$;L+o_;~1|hI_MJ~V$RsNe@tiX+r+=dOgzjd+O
zQH8iE;ZqK@R`OXFv0mQPI}NXSq!9|A+r~sm0eX&YgGY<WhcF8-$Pi#|h^t6FN6(6}
z1=C0+u`t)+GAmwU-q9`|7P5Ka#aYBjhSil6WyF>oZ{B!x<FYU&^30XCH~4aTVo++7
z{nDElCL-IBb$Uf&P+aQd?+}REp|$@ls(V=3HkzRcH1B)w&076x>YT>aOsQVY`e!cp
z4oKo|Sr#$qF9d_hy^Tys+>OO+P+2HCIxApCJ$emAm>phw@Vk$7BL4M6?<5**N=p$2
z1w1f&XYcL8sBdPO%PcemoY-VneqjJQ+HdMRTQGp?CIPxKiX$?6)D?GJFS6_Z^WpoB
zyHQjUXa)U>ll(N%Zu8xq)%D?BB4<6yH;`Vb-q(G2VJ|cTh6aF4Ii+y9*KcQ-aYp37
zI?U~YGCn{kr!)3{SX;fhmmT6W6#Hzbk>_^UZC{yXvo$cvsciJ=IhR|F>qudAWKyiq
z0pW0XO93;|eSkq<dvQj(^4*hvy3eq^8}GzC3xN=kd1*}7ejrn`3*xTuV56r3XHPJK
z4XOFCm12P+Bm}PbY#IRID_~4R+xzo~#jkQhLFXyqUB0x((Q0t9cQkGDgx~ld;^GqO
zD=qHWiBOsGQoZiDb^qr34DXN6DG50{v0$Mfj){MB?I5d%)wIue`Wra|lVl?xE36!|
zthe~5zvlLbM?MK`TOLt^&t-BTvS3AT0{-1@jB7gsSrW;{l6lMB-qLYyRYzds=Yz(0
zy)stZZ}0sL9z9+@Eoq+(cW3i@$FU~|c0Pr7&H<*!<$w66UX{WA)LrsD=pC7lJGB=<
zML<g@bB}rbFRFs;DKZ6Vu$PrmsI%uxR1!#0JBhOGApml(vuf+slP7%NVlIE~pYas(
zeNO+YHSmgd68tGQml5z3E14Eq?yN8ZVu1$n4<AkN$go<?G2Itu8t>w~o-#CVJP2*d
zaPA}>dEF)B9EG{m<yNVH#SSIUKeeuT-iuXEzfQmxQ-zpu8Oy`gBF=ifgFvBUm)V=F
zG{4GG-?Nx&(<CZb{T7jW>+f$92-h|Gz=fo*Wi+|$PZbaV!;wD4vKKv~QvPQT0y=^d
z?2_Z^yfd~k?rWdGB>E3<AwIFnbq*Cfv7{YSgXMEI57^@F1G#U^wM3#Vluu!LD%n7m
zYu_<rR2BPlT?%EYN!}mZs;Z@rh~a;j1!d{wpuh7#XLTcZe>LJGG^d{=|KZwPTe777
z3*}FC6YrcJjLx-roP1FdtM|>xl<<F|`>w^{exGSwG151*RCmS|&xr{qmdI@;@LJ}W
zA&1+}ZzZuN`>F-kw<C`b=Iplo124{-3=o&k13ZuyGuUx1@AQwApVmsp9bmiy*8dzr
z^Q=HnD-x`6F`d6^yen*vJrigJGAGHf!|K?1b%p<#qL`M)j>&BbLsJxn2JbIO;Y7lA
z(*pHAfWGDJ+-};s0mZ+QK+iZA{;Jfcg-S+1zGXUA2sfLsazZ^y2#YRja+lEqz>RZP
z6NtPYbGB#{m(W52KkQLwW5U}p3)81Fp0P9jt685mybmm^w(dA(G>w2$RVaIe1-U-A
z8@&%$$L5XW*W6Cbe?KBq=+@)TzmQvAKho^}O(?AOXmecsWNUKSNMAiinh#7CYpq~F
zwI2^8ywjy5c^F2_SvciEyjCK|QyU=q9{!*}W>{<UCbH+%X4_LGvq_O(Xsx4O<$<@W
zU^5CeGhixyKJZ^F6+!bM7!v*&@(KY?MStPXIYXv8j;fnB97y-;Co*JGY`}Oq5nMuw
z0B~HH3*6PcZd&h{jHIvZZpTV#tG}wjl1Ke$y4uq2Tfd&Ng#%XMcba{6JdiFI^R&35
zPHa<6Iobk_!NnF{nv)Z-Q6hXFgW#$9hRv)8=Sn>GmIC)eW#tZO1k9wQ4H(DzgZf9;
z8|-2I!B5~YUa0^&rJ$oBg)mbLziD%^AW&v7V>>TIRF1jdB0lxIJN{U;?Kud{9`&C2
zJ6ZlTI`#M0n|p}%non7IP(2SjNia$Bn%>0W)kq@2htn1-4jScuN0{U(-Tnp4CmjN1
z9iM`lVmA!Tc52}wf#wWR00U>*aE-M>ms$WIU4BnFRq0Bc0wG`A1E*h#K#4k{`^uxb
zpY*Xgs5;IU!x?`^@>IqFIkyU!hs+0>D#4&Lw=_xr+P4f+MhOWCzk!}90Xu6CBp6KW
z%1Ig$C#>>s<L<aLGCw`iuQ1ZZ%CN;een;Hk(vr=Fqy5vQ0zYwIVZp>m?8MEr1@chD
zet_(e7VA}{V@2?e6u2mEAiQivZj?D{UOE0y*~<{9Ds{2;A$Cg0ibFlncHThZ(a`^I
z$7TJC2#VY=Ao+KX$35c3`!5=`9%whX<`|`aEKi9dAMS~yR-rn#z}q(iVqE`|N&AAw
zFRo%e6#6nms+eF`X#4@6v_}&XN1C}3ezTWU@=FjHFah2H!|lO=VgX0RQ>F@HeSLii
z@7@(7W`X9K5;c*=DC%aBz7~G3w<Z*rPL%Y7fUeMgA(SBLCz;PK06QaKjb|TVycRcj
z4KyA)PvuXAX2E%{S}fv3;Q-HE9TGCooOu3!?R|MT)bIDVk&;v-OQj6ilBFae%gB<l
zhNSF~WT))QjOrtzsFWpJ$&&1A6h_u8g(y)WOUAx04a4ueXVjPP^Zb_U`Rn=PmoC>_
zHShPmo%@_~pL1TX+e<R($>0-Ti!mx?TzY?_hbDRNM_=Bzl;MN`U!dHyTQU3(RE?*H
z74_Ft{{AyQr*6lu+0U8gZ_X?-es}5%puzzW`C~yDrtcFoP|x+85a3M$tIZ3GectnD
zNT{)A6{BBvE#xfcewv5=gGEYTRl|i+L#R2MIj6ZV)5=|(t$c!}MpGXcT+rSUvh#fU
zMN!2T+;E$K>pim{Z(N7&(1q}Ee&u9hW$W^p(LhSXTPyEE@+Cn?G7<)|Ka@5Fzkg3D
zCWMy$?ddfcz5EAIrPxT8QJxm`SAWw&yQrXBp>0rRT1-d?PV|}^9=5}{^*YyJfs9`D
znpJ*lsMwNIcWsMbIW@{?+W8JgEe$6zhw&T~Ofj}#+(s|DUNHj>2pcvIR||fO(QKs}
z)%emPf+aA3%jRFy*Ii3NkJaQ*)37S3--LWwJ#vcfyi>->@vg*k=KQ6_g@5RFkM0!>
zODWBDOh3@0`DYnYyzvq>?TC_TXMdIM{|CQFyM|vB8S$=$@{f14=*NJy7fwto8s0g+
zEO|TB*r}+iG6|iq&tdiJW;9?9zC-!Ra5}Ia;NvxCD}6bnm*3ITz61`9T58Tw?z>pP
zt#VO`ECjP1x$y2caegfA;~1^VL_h?pgt}R-Xqc9Ihq-fa+0wY~DQc)@y17y^-)TGC
zC?`YP!|Uhw&mlC&mTN}<O}r;Nu;;=wqAdXCh-eE4Hb=M2Ejs#V)+y?jPC07NKUf<?
z3AY&;%`o+m`nk9#3<FIqDf1y#TEDp4ef;|+Ivbvt;DF}ZaXGi1UB+nb$sGDnPLGlH
zEH)ul8m6kbNKuPV#jTZ=s}P^jf4J)WQO+j?9Za+M11KL7gA^Xf##E~)`EI>I^R;qZ
zrt>yUOGx$2o)=rSFr<7Nbf>u8*P|?-(SviC<w?bYJ$`KfC@+}wtKL3)x&E=h;cU~X
z-fF$JRW*^~D)E{1TmJ<?qH<?ue#KB7_frBX(<RV<P4QFFd8kqyY)Y*HDE*m}Boj7U
zTc`V7a5#M|$q+LZAm~$`u>zrjVIR4JL$u$2S!4(<7l-j{9cJ?>8n|5xMOJN@a;yh#
z?apLUk`pqc;iu`pt*_vL-EUm(iYwCQlmwb(WvB7(4|&TsiRw9yJcin{(&9mLk6(~6
zSL_zjvYwL0aqBgaA05qTiON^cFGFP`0Cn}sn7pkf`>`EK?m`ssh1(3fxJ_ba{mikS
zSE-EH0uT7^M-{=TyfnS*f-&DWwgWE+uPsf+7;JZuk{N8qE;zqLY2I*qBNOnZ&U}s3
z!jHyBzWk&2Ke1M^r(Ym0b3r|ldzl7Ke1QmT;21)@y}1?|FgT^uG4UlM`nc_v#)en+
z?Uo3{+dlfDEsB|BF!k23xHT-`Gl4WdAC$BPmZqXxd`R_T;alF*)(O{ngUXaxJ~QN@
z*utXM1J=7pE)xqi?~}DSy3Uyi{{_)v`ODp(GB4QhTL>-ss#h5<k^MQmN(^hugyWSJ
z>(U{(d*n=R(%%P8(oM$RNiZE;oJnvXSMadCC@(#Ei1@=It@H|VnrK-naF5wR@p<6)
z(Ga9hVt4<GK0yV5X2jr*&0iGOR1S|BHA;G77r0q(Cdh!<l;1fe_b4?axKJYqUC*8x
za}0}fENzX66**!enTP({ze~HbXE-hocBC7!8t+6HfgD|2A|dsO927AZ8lFz=SH|yk
zb4p@?R>9W_in@4c%?@3mr@q(a*wm<rZ||_(5%2cY4`C;8@9gaghb;*xJ$CMBIZqG8
zn*|6oo&0w(ma5x&&-<nc3(2(kXt^2zVqWgE4t)DT;)l~rm<%!B=|J?SQMx~d&M%r~
zQB$#H;@9G_=XT`DqkF+Kf8yM1?Z=Oc{9qaZ?d1`ccXMqpW<n^0ab{mi_sD3$9W7~%
za+f8YS!sJ`$A&cr?jbxABhtja?XR9YQ%*ze*2O(4Gvd<iiqH-G`$-du6g#{5WV^jm
zq@;~aN}R4@{z_&ppV^>n#mBr$uZ7<1N9MhYKsf52PWG>H>EYsiQbAa;(H>PnNb5mQ
zS;TVAt@*a^S!v)O;-X@)S$XaI<i?Jp$hh<T>QZ5?U;?6%PoMCep1ec-$I(PFO-iH6
zT8}=6@2+*aFec%9Pj}YJ@>Cu!3zXk|9;|^Cv40mPv19jI1Dq%cvfOoln6gypNDg%l
z!tOqOcGMnFKC!V=S|?>aU4}j>KMD)e!}F_0a`LK$pI-&~pBww=S8&_5UC;jb9D<WN
zB_7W9-w|XQ<hvt4&s>+8xshSNe@helx7Usl-yGg*Ob<3?Wyl8XJn#rE(Y`YyGk8M<
z-whCTO9+XGmSUtxn!9zmb<m#%a%`A3NiQ$j)lg0!c$G}nmMq)c+1IHFAeCXYzyr{_
zuLX#$@*_^I;Ocv6rK)OBeJ(Zk_69u<arWQ*6i`TYKmesGJx%UHD9%SE(-d#wr12`V
zX*25$hW(P|o+hm&i4Ef>ZQsCB6HKpFr5ih>bZ4bg1I^XvdC_=T%E2Sf*A<fi(<b-Q
zmAyKZSl1!&NT^nW8mf0`SU;8D-1K9VuYnKMK%>4V><uO&{IaM;A(z>w$Toye>T2|<
z<l+~|-Y}h^%DE(~jMwnv!#EK8FCUXG{2&c4Nu{H1knT*cV_170o4xxRK^PTQlPD6Z
z7q-X4mNcpzjck;K1<AI9L|2XQl@ofi84@7+Why=gIp_!+DSTVgJ@N&Yn59v>YZAws
zEJtS-uaq$LL>?arR4fS*izOXH)_-LGfq5V!AdX2y^IqgKgFYlNH11xdaS7GkO><${
zFiQ5`9X~n?orS?;`%D_6Ww$!1!_i{t3|V-VylHf1m%d@63cF_OxI<d<Y_%DiWi>Sz
zFKYLgf3cG<|3@@+=|<F!#zv9TXUh{sQyVNk^K8+68rmVuNDjlW-n-@m90{iFSFE$a
zSAPn6PcZiC^D^#d-Z4)(vwf_NpZKar&3EtYk9akGRGyP5(@|@6fS+V~`AV7je7!~%
z_{vi(ZCC!Ko@AwJgL(VjqRF!;SSH-qrL0Ej$X;QwU!gc^zWZm5?Wf*!`F{)RpK@Gy
ze<V7jdX<WP<nq!}|Nabzfh6bO%W-o*Y?n@d69v%b-KZzPz9Qr;*}1QkpFu^sp~6Q^
zenC?Fl-chu9(F~7YfF^rXZgI04_V@YoMG|XZ<EI#gsw>Tk2qVTOqCiwdF-B*W|k88
zGH$N3Oj}%2$6U2PaGvXz#2r7f2p_-mMrDU6?AEQD(nMqY#+_|$l^^@AWEWSv_IeI(
zD_1$ra?v4QPW)-djEE=RnnW{~qSh*U!Cw*8zBa|W9$S*0BFa#feOu;vgum+3Zq}zE
zenVlj8mFl_DHAHmbcQpMvYd~&Z_!lHIjMWC`g*==p38MJoo6BKXc!1%@wN4yzkD1K
z4(}7pMyY`b-7M)>nQcHcw(u4zNT7c7wb9&6`nDy#TWD=*@`NhBM9Qx%u<aIR5;N&t
zyf0{rs}*0r0oZ!vsgOl&e-nS{%JoTp-a>=_`W<P)Chcl1TJYmoF*>Nu4rkabeqpO~
zzq6RH&&PkrwFq`43#VJY^wR#QwbAt5hS5YG=W{Kn9`O<&B0qgrBFThMv|;kd-FDNR
z&i5V}-*`xw+3UNG1kZC(_C*rIhZ?@OaH|zrIw_rJCW&a-aj=3~gr3Xx+bHRo;H37n
zSf8kHr)-SyiF-9$-l|f>YUr>T>$n>A{;=)+gLCDUocMFSGOZJHTU`p}Kq@;#vh#tm
zesf*UPujJe&ERIvUdnA&5!ps6o((x+J57%YIU9t{sy(cXQO37heEdKJ)1H`CZ0B?8
z*h4?`RvvzSTU$PwFF@gz|G6pXEL4o`34;Vs+m?WCbZ2v3uliQPa^_ZtaL^7}Y;uGy
zt%a2y=cZUJPOAwj<TL9&btjvToTV^)k$=1Fo;2{GC62h3B8$aLdSk^tI1CoFG%i1;
zvii|q>jWQi#Zbl*Ie(S}jS)Mbj9dQtNOmoHL5^WKMfo93E3eM&e%(;0m|~o4?J)IO
zwf{+zV`l%QO{Im7`3GKj<MOK->nW4^L80l(UxSW(@Dryt39cB&@z(v)C7O?4e9>!?
zx$pP&_ide<zo&7gU&$I{x34|)r?|UYh{kTm9|KQz3L-ViZMDDplIS{oreiwJ8QB@%
z_mQ%+8Cw?l!f24+K7YT^0tyzH!~|i6FU_0Tt{>rczGtAAY_;FVV#jA`aoYumJK`P-
z9oGmZw2NOd=y@mf*Uv#dFh2Ba@0D(5%o-Wc#JH2?>>%i1n7Q6sqkp*_$e1*NOU<G*
zQz9>R1-}scAn|sJk*H!<MRC%_q+8aOrn)k(nd^sC^`=`}@^S}VYMkjkk};2^+=)N-
z-Zpun+A_gn{YCMQcLpu@cvHWTxgg6%;<6&%2z>A9Tw>FCLhARzUU$1F#l(&baj?Zn
zmv6=#%S`qj9L7ugTp&7P1P(qYh3%J0JZ)06@K)blQU+!+W9sirBC40wtMJYr+7YsJ
zr0<$EV7^+|ik}X)zdjtPmSCzRvaG)&sWO_mQ2_nfNy}r^sXtvNXGa3Y7btoT?GD1)
z#_Q_d0Dm{R!tCw(xjj>^L>(8rqMoqe%|*P?&uE>lH#?(_n;i5@=&ri-&MW#5F(c1h
z^RLIj#Cg+BQ$C{h)nLME7Eg!I;l7#i4#in9FAPYXx*J)Vk6{~Y;?_$KfwQMzap!Ey
zh?iJ!SG=qed0AW=kB+ycD$jb$S{L6AN&0*Ifd{WhP!>jiAqq<xCw(7EA%w<v+)uz@
z?dmqXxJaGSm3S-S-ck%9uSyIwgOCUtMTm{B*7dI6RA<UrV651<p@`H1`Xcj&d)q+S
zx47L)z!;cc9YFk3h4O!s`VN{BR{!T#M8%05car*QhB$8kk2k~u@^O#21KQrxFJKok
z>9?cpO}<HVwrIAXg+=qGb!Ve388)m~xfvoDrL6vMnr78@KIAjV8tsc(=?Udh#=i@D
z<ev=d@`g{1UMBL-!JM)}2bmBhu&>v(^j=pJ0kpuB*e+m}FwruYvJjd7LqddnSDv4u
z1Jb-x08Hr`GCk{hBL!@t(zktxg%riC+l%srys(}0@C2x~Y$^@paggP!U5IzF+}<zv
zNJX_>;NYVeAxT4=dz6fhWQw3(ox94%`r*VIss8a3=oQ7-p{z=IENYsWG=A??mMUNu
z!MQOxWhuL15BBh&nv_@LYb|H${5aim`Bx65oi2+xR^V`|Y2QeJ?~AcL%72tiw7*}*
zdR4`V%A@lT-u6~^R(F=xm*)`iLmWES26Wnme-^#hi6M&V3^I<-H(K!H7pr1dcHl?D
z`e?O^kMRXvcz@)xh)7bs=1Cue6Dzq|A7dfzI+OazzdGqkfx=$abT{IN<+Ajk;jOUk
zQapQA_HEZ-Cf(UrW1a`5%s4DbnXmCroQE>1y-dx#A4@V{FTKIvR>Bcv=YugnesvPw
z8y<}~UXuAJkVmaIyf4?f3)Mb+*bpChzAW3rCjFM#yI4h={su1H5f-<M@yS~hElUUu
zkG%A|AQ0P1TX2cbe1oD>=Xy3G`(?!IZI<leXss(g$+)S+vCJsNyDJVXG)&9QU!akd
zQ%ECOf#)3zges?P`<n!GN7$S*900A?oO@8{`H&O$l-H+(q>X}4M;1UVZoKT*wP8&h
z=PS~0!n{c!wxAU+Ubm^m^!T+D%zzs;&$opEekv;FJ7<+noex@R)}nVO#zxA{K6y?y
zwR4xRe%P?ijMB(D4|C`K?(b;ZLi>G5cf~};(`xiUU2k2<=ImBex$07M0`63Tt?QEv
z{fmbs=-7atfL(Rg)UVq!tOU$XDbR?lO-LSNw)lp(o1H*qDPLY-Y(dx8__mm8>JefI
zT8>L#cIw)|i9taY`f3xyrGk(IjG)4@>^d2zqDy3I20yQuVCqU(j#_D!#O8Voi?r9=
z?i|7=3!NbHIvYN+Ba$8<{W3grSVAP|zOSCCK|NPO!U8|%`*?{u#Jv=xxR<76L-W)>
zZiApsvZIW98)2~oThQZO@#Y!Ty6$hUo&XY`a1G~)Znug}Eum(<Lwfk@6Db4?ekUl5
zgsOfmYEY5wVc{5!$_sx(6rl1VPs_J^r?=0!nMUp5Au48MFXqW+Mk(K25lPbftvb8f
zeHmHylxOE1Vx0e3*$1fkwmZB=Y0@QTWXlV@Gyje1Av=9&#USi$eqMSFI4Z-wW%W4v
zH{MLP(tA|OVL$agv(r2oR?j8mwaT_+)ED+zUeo$(@$qq%2*qz&^~wG!MrmnwW7Imu
z+CQ@emmVo!=k&sfM0LJQv~>+&8~vYc?;{w-j?!-XmhRNY$4)0$C16U&Y?=KCTGjz<
z<f-Rh=h<%*i!Hm6l`S|lT4sk+YQeif*)vwMXLC<_PEhy<!Ga@aiw{psY)TnuGW{Xl
zYMSKCC7_!pf9Jrt1iZ7V9qPy<#MjWG_!@YMZ%;34xWSBr^{I+#pNnIILS~V#rI>1S
zE3J67305>yx9oCpc@rwwYI(`XlUlS_7j{&m)LBhUQ(XN4@8`8Ub+8{xmV3Gf>%+w6
zGRtNM1Q%BLKvGSZN!aLAg>S&^0Os!ZHzm9E(&{Hb<5F7dW$d_+wDd84sHulzY0`VF
zZ)^~jxuGrDQik0Pu`eOovnpzh>B}JX9k(}#;?YQod-wB0!+agFZ@g%d-L5M?`Ljr*
zA)okj0w8+Pr)|I3Q%<6n`pkB2(4$8~{n`_7lQosctQSOQ<UQIFa2JGlLiLXP(zY);
z${Fw`r@XBy_77_dz93nYZNpZ3K(!SV_CoAQ!3js%!>tPni&jTgSJ)d^9+~I`of#@A
zmSOk#pY*>~`T0A(8Rb@T=JLoL?W)sY?7%MKqJuK{DXBQ}?`9482+3BxEQhX+BrN%a
zIq~o%`KV8_*C~u!=P8v7BYp%>wy>&%v#XK=MN8gQ<RkIM1qh&V@l1azvQ75*DWePI
zpdv|jlwu6<8r5IcZ`3RL)XBjWqc&_QM0;`|F*iT%I(${u*fL{-_Uh4sFDl@4#8W<#
z>oH<-nAFq`5iOqASgm)!a(Pk49BJ@MJE=YUNAt<iwdSw;f<BRV=)T2V)pd(?Q}W<5
zwV0t-5+UkVF8bt&YN_OJs6iY%hGC&p(M{`CM!t{-%*h4)Qn!0P#93>&f;4pCAd>Kc
z8Wf#W9o~kfDz(#V^LH8on@c%!>j%I=)}Tp;kXs`MAYxDd9C(fl5q4yRuiOOt+Y;(|
z?)w0+dsiKlVi~_WpL&pS`uEIWQ=0-5$swSg2B4V5JjsHb+x2#1_qs4Gxm4^5q+$_X
za~<G@WDp*+*E8vq2#?dAtyTCCV?~*AsjnSO>jsTt%GNAb(_Vz^#QO(aiv5sjjOg#b
z(t*d}jeuUth87FC*lC2t89)k_75~tM1Y(7b?uQFSktAe+{3L{t$#mReR~sKdH5agd
z{7uV_l>3CYsx8&rx|4umwfQ9jQSj(i-@^62l^;zbe^1h(e+cLkc9H1@1&4Pu0z^`1
zbpf}^4})dcMM5HD0UTaufbfbB;bf4W2ez*)8aHCR_qfym*Exu=!G*B;{Wa{4>a=eG
zK06KM$6Keje1hBG_yLfoSFs8l6_4wm2sQu(FAvn;HD#COSv9EwLSq0@EfD}UQ!E&S
z3wY}Ve*(+P6INk^Lro|TA<iQ!t1zh#;l5LOk_Zq+z8XVlOvfURSq9nM0P@^^s2_Cp
z_4BaqzIalx1x+u0BknmtqL$U}Z}b&82K_{&-%DT{7ct&<{*ve1XZ_EbtKq_i{cuaL
z{=wg-t3>@kLTwX5uM4dkha8aRTZQUYOUT0x@1gp>#Pu@X^VeS93Lu^pj6Pxi2$mt>
z;$CTzq>i5z!d6}k_edo{LC4`HAR14ED|D{|>i-N}0J}MuVee=6Y8L&MizwwF=7#{?
zH5#ymdmxdLA7KS`1X9bHZd9yOwnDW19NO|ir2(qYp1fE2F=^yC8PJ22jQ1~2^}Xr>
zeBR6J-_;RW!b0TuKbIv8*_BIYOTg=AnS3g~VP%;BrBLsCtAhtpQ{r@_`+<EK1k4o3
zZj+U;Fd{vZz@Z9%`ZVQDfh!YbOPYXf-~=XJUFksxh9)DlBV5VI)s9R(K%-o|3~AP3
zcYR~mCqBfX6dl+T#}}|dTa{i-04s-H0=kO|XoXV_Z&E<hZ!wbqS|!&jRH9oD+Ga8}
z6~MF(cZ;_hy{K2dM?JdOH-Th6Ae{lJsj-@tO%h=d^Y@bgx0rKIY;Z3*q-G!D`E|o)
z3EN8W3Z2XCy7zqvx|!zI0~L_M2qA+NF&;~_wua>D$r%RckmGQ9F;bLJE{jfBg?nkk
z75ulQb_2;MJ(ZTsl+x3)KW%XR?{^76<th;~nyL8Aq6H;A8z{^u*~&0+^UU03g!yUg
zR)ZW<r{9N~QtySsO*a7{10>ZM2I6~xoxo+RQ*VG?$h_Q;>qYb?fM*N9zPs+a#|sfg
zh5uF<#h6HU@7~qPy>b@7My74(K-;2z#pWZ1h3d-fD!1gzAi>%e0;OLEXZmF1m_Cjx
z%Fw>8uk;0>C*}e>$MFbkf9YVH_v4F5omZ<8M#(FYh*W>_5}niJpOt_dH2?zkd^AE*
zuD4SOr=W0)6B9zuIXBd*V$2eVtyDv~n!vUlcE5&kTh$Jat^+mki6Lm^;>)O+dlbik
zR@(4yc7~kQ{zB&g+X(BNO#0@C*V|DQwE|TZ^^lr{q?}vTrk15$pYafrw^8A^Ig`yE
zDmKZu2!MglDl$|?wE?z^6<L$g04+0M_M@c=p=XBL^(Q}olyty=p$R2)u;)8;g!?n?
zDYOuAmkV;mdpHzz96Ca?)muo1bDV0W)Vz9I0Tn6-DlWbC&>v^H_m}~*ktI@M48?{l
z7E~%M6<J5~9i(ifO7pV{Sp9#2^X>msstI_ef4Rg9Z#;(0kjD~Isq6rIy3Nyv=2vAg
zcJyW6sPy+0=XvxkG~M7FSETz`XA*#}=WxU!{<*gx+$zdL3|a`SQXI+&ufi#p2$x%@
zy<7#9zi#bT#@{%o&eO>;uiieQSbi!HOY<vDKPzsV{8lcc;PT}(k}+oG$S(3DtXvF~
z{|x{Uy}_j^+9|5=Bc_?q?h@4}z@|TAr9D@;VL`Sl<E0AC)Yco;?fl5`@QQYzypL1U
z5z{iC&W;r`u?l4ltNEWN(E_njH%^~$>=Ht%o2{ndGSR({Sfr=77Sif3r4Q3*vDY#=
z2~jouWXL?I<Rn)#YN3s~xymR=rM>#FIec!UJ#BtV2w#z`kVfGVqGrp){8p#eKIB08
zkceuy=DMH|;{=V%T`}XinisOL_@;QQ&B7|&u5b(z$59wu*~yVC!6=0P*O<F9%8PO=
z6uWk5+j=`*va5NH11>-F$U_rvk8IkNMOC}A=O%KMt}1Noe7Da?2F&&VN1<Q};r0Co
zo7ab4uCO5|KMgkjj_MVMxmM(xZ!J9?>nR8KE>6pTWjzt&-y?(qH!QF812&1=D_rPV
zP&3`{zj|#j$dloILkZ1>`=<2QvK)~w2n(-C8^6UsN0`1SZp`d;?N(8GJ<{@$_g6}&
z<9}Vczy9q1n@iX6>HWTwWdBoq`!?D%U<qdA3qJVwrBGPsxVG+7_O1)waJ!2D@dtX7
z!xu`l{|8N7?#2LtFygGfCdL}qi&N@v@4`71|8S#A$kQW?h{x;Wy;&zHj-#l`f8sdW
zyg4-6Oyhj%2_*}bO*wF`oM183TDLi#Mf-_3C#RYGD9KYJk-g+@ZtY+KxRa#_-P*Bh
z&76BBot_;G^ru?BSGCGd8$yc}kz{b<=#eS+^qZj?MC~3#l~jI=605zj*$kT8e<nun
z8ZuatY!5h-IBts#Vf8cRhR8S_t*cD!Da~1gfOyYu{8lasMtS+f(VJ<;$C1g%eA+!%
zAwV=%Y23D6!JH}QKn02<FY-NziLtYz6(HUhzn^qRdluorTkl9CpC8E5or6r=I8-(l
zqBl$d*=}SqJtMfYWR3Xi&b|$aWLdv~k<WfO<mq;|Yf{R1{8;UV^9cF>(`XJ6jUln}
z6FSR%b@RWs-eXD)4Hq16Cz9-?H=K~j;bbFz`Id>3=K6v?n)o!2OOoq!4>>BZ7)^z=
z`+r$#vdTCNg_`<PZ%lx=WF+ts>i>8;0-na%2ZZY)smKlIF7n%pR3X%?SCYvFYV@S}
z1@e5XAHWJP^v?8~b4qu2;l_1B7Ngu1hL*|gRzMA0&Os6W>yK*Wslk&c9{ax&zdqvd
r|Ix(rzcm4FopqXv@_ADH<|^%X`nL*unc9Y^;LllQO{Gi)vs?cGWt5$P

literal 0
HcmV?d00001


From c0d79db8cbe13f6cd9d68dd35b307b906548a356 Mon Sep 17 00:00:00 2001
From: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
Date: Fri, 21 Oct 2022 14:53:11 +1100
Subject: [PATCH 06/13] Adds portworx to aro standard

Signed-off-by: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
---
 2-standard/1-aro/210-azure-portworx-storage/bom.yaml      | 1 +
 .../1-aro/210-azure-portworx-storage/terragrunt.hcl       | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/2-standard/1-aro/210-azure-portworx-storage/bom.yaml b/2-standard/1-aro/210-azure-portworx-storage/bom.yaml
index dcfa787..6cdf361 100644
--- a/2-standard/1-aro/210-azure-portworx-storage/bom.yaml
+++ b/2-standard/1-aro/210-azure-portworx-storage/bom.yaml
@@ -10,6 +10,7 @@ metadata:
   annotations:
     displayName: Azure - Portworx Cluster Storage
     description: Installs Portworx into an OCP cluster on Azure
+    vpn/required: 'true'
 spec:
   modules:
     - name: azure-portworx
diff --git a/2-standard/1-aro/210-azure-portworx-storage/terragrunt.hcl b/2-standard/1-aro/210-azure-portworx-storage/terragrunt.hcl
index bdf75f4..b4badf6 100644
--- a/2-standard/1-aro/210-azure-portworx-storage/terragrunt.hcl
+++ b/2-standard/1-aro/210-azure-portworx-storage/terragrunt.hcl
@@ -23,10 +23,10 @@ dependency "aro" {
 }
 
 inputs = {
-    server_url = dependency.aro.outputs.server_url
-    cluster_login_user = dependency.aro.outputs.username
-    cluster_login_password = dependency.aro.outputs.password
+    server_url = dependency.aro.outputs.cluster_serverURL
+    cluster_login_user = dependency.aro.outputs.cluster_username
+    cluster_login_password = dependency.aro.outputs.cluster_password
     azure-portworx_portworx_spec = local.px_spec
     azure-portworx_cluster_type = "ARO"
-    cluster_login_token= dependency.aro.outputs.token
+    cluster_login_token= dependency.aro.outputs.cluster_token
 }
\ No newline at end of file

From 5f8ad73a1f308347e457dfd3410a2b8813f4ddad Mon Sep 17 00:00:00 2001
From: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
Date: Fri, 21 Oct 2022 15:10:22 +1100
Subject: [PATCH 07/13] Adds readme for ARO standard

Signed-off-by: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
---
 2-standard/1-aro/README.md        |  44 +++++++++++++++++++++++++-----
 2-standard/1-aro/architecture.png | Bin 0 -> 203827 bytes
 2 files changed, 37 insertions(+), 7 deletions(-)
 create mode 100644 2-standard/1-aro/architecture.png

diff --git a/2-standard/1-aro/README.md b/2-standard/1-aro/README.md
index b89391c..a1c95e0 100644
--- a/2-standard/1-aro/README.md
+++ b/2-standard/1-aro/README.md
@@ -1,10 +1,10 @@
-# Azure Quick Start Reference Architecture - Azure RedHat OpenShift (ARO)
+# Azure Standard Reference Architecture - Azure RedHat OpenShift (ARO)
 
-Automation to provision the Quick Start reference architecture on Azure. This architecture implements the minimum infrastructure required to stand up a managed Red Hat OpenShift cluster with public endpoints.
+Automation to provision the Standard reference architecture on Azure. This architecture implements the minimum infrastructure required to stand up a managed Red Hat OpenShift cluster with private endpoints.
 
 ## Reference Architecture
 
-![QuickStart](architecture.png)
+![Standard](architecture.png)
 
 The automation is delivered in a number of layers that are applied in order. Layer (such as `200`) provisions the infrastructure including the Red Hat OpenShift cluster and the remaining layers provide configuration inside the cluster. Each layer depends on resources provided in the layer before it (e.g. `200` depends on `105`). Where two layers have the same numbers (e.g. `210`), you have a choice of which layer to apply.
 
@@ -17,17 +17,32 @@ The automation is delivered in a number of layers that are applied in order. Lay
 <th>Provided resources</th>
 </tr>
 </thead>
+
 <tbody>
+
 <tr>
-<td>105 - IBM VPC OpenShift</td>
-<td>This layer provisions the Azure infrastructure and OpenShift. It will create a new VNet and other networking components required to support the OpenShift cluster. An existing registered DNS zone for the required domain name is required (refer to prerequisites).</td>
+<td>101 - Azure VNet Standard</td>
+<td>This layer provisions the Azure private VNet, VPN server and associated services. </td>
 <td>
 <h4>Network</h4>
 <ul>
 <li>Virtual network</li>
-<li>VNet Master and Worker Subnets</li>
+<li>Ingress, Master and Worker Subnets</li>
 <li>Network Security Group</li>
-<li>Inbound and outbound Load Balancer</li>
+<li>SSH keys and Key Vault</li>
+<li>VPN Server</li>
+</ul>
+</td>
+</tr>
+
+<tr>
+<td>105 - Azure ARO</td>
+<td>This layer provisions the Azure OpenShift cluster within the created private VNet. </td>
+<td>
+<h4>Network</h4>
+<ul>
+<li>Network Security Group</li>
+<li>Internal Load Balancer</li>
 <li>Red Hat OpenShift cluster</li>
 </ul>
 </td>
@@ -185,3 +200,18 @@ Once the installation is complete, the login details can be obtained using the f
 $ az aro list -o table
 $ az aro list-credentials -c <cluster_name> -g <resource_group>
 ```
+
+### Connect to the cluster
+
+Once the installation is complete, cluster access can be obtained using the downloaded VPN configuration file in the `101-azure-vnet-std` subdirectory or by using the check-vpn script as follows:
+```
+$ cd /workspace/current/105-azure-aro-std/
+$ ../check-vpn.sh
+```
+The cluster access can then be obtained using the kubeconfig file as follows:
+```
+$ cd /workspace/current/105-azure-aro-std/
+$ export KUBECONFIG="./.kube/config"
+$ oc get nodes
+```
+this should list the configured nodes on the cluster if the VPN is functioning.
diff --git a/2-standard/1-aro/architecture.png b/2-standard/1-aro/architecture.png
new file mode 100644
index 0000000000000000000000000000000000000000..dc9a7df8abeec7f145ce5a84402dcf85df3f396e
GIT binary patch
literal 203827
zcmeEP2|QHa7e`wBDx$q;k);LA!Z5ViNtRMd8^a7n!!U*@i8i#7(jx8qDwU*7X(8>q
zR+TpGX%Q{|^Jd;1&%9~<D~dk-`k80u&3*Trd(QWK&$;KuyExf4{jc4Ba&mG_?d_}v
z$;l}e$jK=zYt#U)xPIuc8U809GRW3KZtH3F$8z#3w+O9=2?N4?xIB)WHr-PElQxYK
z#Pa2YXw$8<X*4?gr%ktp-?F(ZUjZusejUgP;D~?gDr5z+SpqipCK`py7GL#tc3`*%
zGA)AzVeCM!P-7qOaiNmi1cciPSV4Y{d^U#%pJ9iKKSQI_OvHC#M~JU5=~VFrUje!?
z;eso796kmr1%F#8myJe^zfs8N^Mu?W{88|W-u%Eoj<-<!CHOU#K)@ec`E5RY9{xD^
zd$38V^danmt2c{BzB-i47W(1urBd+mVQ;tNaDDyouQoBle-Xe!Z^kc#__5ghvEt8*
zE{Wz}z~{p!twnOO<nXY`L-XQ6>CfO(gf2ENK7+iRY+3XHbiTg$W;Q?b5&TI*gc0bW
z#8Vr@5^w_XVOQ06fx=)q6UO3&;uB~-E>yq~UnPt{zz+>%b1+d*wCNUO{kTGoYY@vD
z`^;ESB)H}$4B){lD*PD65eT^;5_2BcHxRA~`Pds+_$waA2Oh%W2cHR_4D6O1TuDWj
za1q#Y_yHWDAOfBN|E<0WE<ap>8TiYw1Z|+u@QZ!~O<)+~7g@Lp`bzE%Q-n(peh3H`
z$^9pEK(u-*O|mr`w3tS5bK(g9z*MtYA$}s+VZ!-s^Nto0KJSthN0@jMv<fTDJGxlq
z^KK}9R)TVqCYu!!B(_36+;D7)h-w_f=LQNzx?p6XZDd7IVQ*N6906S528hg&g%3Ya
zh}%Lc7;1FgiW}ey8pGpy!M`kQVPTpS$Ptd^3&wB*vER9I1;S7k&jU08yBJ~+66Omx
z_+3&mMw5+J2a{$%F%o|pK~QwM0e+DvDYR;;Tu}IT5d<}yABZgwvMKy2LxfC@L|(Ej
z)9;#WDN95(lwpdH(IL*W5&d^rB8K=;$rFwHfnT-w)jZKOV_buf?U6Op3>g~z`)1ns
z-<)YfG>bK7rV&6TD77Oi1hdaHN=T>|SX;3u{$Jh3am$}IArdc&&$po=&A<r969jv0
zgy1*Pj4*$f6`_;O2x*E##&Cq*82ZNW;ve*~0U_Qj@EkVIL7YHWKdz7PH#<}+nt3E3
zW7z`2WkHmWAwG>&?oR1s<5PR(gB&c955v&F5RY+*3+Ru^he>h{wN^fK3al6L(<2EP
z8&|u85Pl%|l-esH21!B;rhy@yQt<~jWYx8v3~}^YCoLMy5PAKYw3^5SNUdE>Mp871
zVfC%0L2edqZmzZioGh%yQu}kp4dIV-*2i5V0W5QXt8&G;$UrPCr(0AG!U@bDC!8xB
zhJ!xrXLsypu<vvW?3EQp(P4N{^a4{*?1fkruy272@B)wdzsq(aZh#*u5b==kQJJhL
zL*#AAe4&8DV+pxomA_RM7Q;X4g3&=0JfpFcAdP4^>O!{=vIM>yA^s_h_Yrfz@B@(V
zh*}igTXgAXNk#EvRbmw_dHhgF0#HIYf-tT(u<#;ommtc@a{CU8i(>j}iF=HtxDz@!
zAsIXs6;V<|TuuLN^a;X}1V`ft%pYGM;_^Vo6vAZx!JtP%Ee5axfshOUdeXy}50Pph
zD-hNO%?3uvg<<~YSjdEe0|DfFXgIPX00Rb2$`S>JuA!AvWyHHN+3`4Vuv~!~E0jm3
z1*$`0Asp{e0aplvvVoy_hz9n%NnmL?88H~L78e8e1(igFU#oIaq4iE!S}vhpJgzrL
z3+yha@?Xv4=mT69n`3-!P>pbRL0B6ytr-=~Ow~_0?m-DtK8O>*7h=RaCm@K&kKn+M
z-?M5#903<na9BFT3i6?l=jFImTq5REkVBEM@sbQH1_LBXD(nT8PqF0l_}ERgX?Ums
z*Lf^24$p$+J;qn$$_Q`q5&gkGN=(IsK$;TF^I$9oX+?)Opqvf<|4KO;t`}t1Z9>6;
zg7Xyp|2LaVeH!v9xL(j`3<DDxW>W?~fij!_k77i)8b=J&x8wU+x_LoOg3mY;rx1Oz
zUJQlQ)W1on8e!3`3_b|adPL)gLaQpDaNH*n79wfg)mA>$h)FeI;BK5?DiQc5il-|0
zRGI4mUygO+f#6KaTp5`_rdY=EkzuZWn|SK75t8B;GMj3|WK_F=>e3Mv0wR&AMkXeZ
z(W~H6apzlIwhmv*b+(R7rPhR{RF^rDEG20swfYtk884IIn+y__NSg*i38REJ#a_5W
zu!0k(*vks$RP+jq6)LFHUtvlIT5yILTlxBUS#wP2`c%QNp@w7hahxM2E=7@-Y(^DT
zTu5=Y{|Cidi5&d~6Z)-TS29@)pm*pNUIJ|z!x#I>UPK|Vpj=n_Hv{-A;7p~jLbWPJ
zox$h77ylB(_(uu`vGIDK;UT8zoAI&>KZGmf^07)>N$8ELSO#DLHQ^27QeE_0bG&5N
zi!T)N17I4()A6GUhu!8oMZ0*^YsjD&&}3v0Ve+y0C!%~K{M!E$gvnGR>W?hrK(;wn
zq>fD`j};OE^i-vi(aHq-*Q6rJk{B2oGT{a&Q$jVM0E7CiTnYA00=ptkrqo#DAv2i5
zXZgFf<2wKd1%Ur&76;fCLt`e5L1P%xOrVwr1t~}`X><c7;g1yi86wI(ky1PX;ZnIG
z=_)P;)d&dJ3d|>^(qG9Of#$I=@)~JAZf;<O$j(q1;$buXEDW5TugF7*Z&;Cn`njx>
z>_tRo+({;sQ?ZEfd?LYy{@4l%fhiJ_SEA^$4HtH0h&LkqoVgN9^BaE81lL`ngOoiB
zxIk-&lIu&zW?U7hbf$rcAwjRj6NMD(N7b5!NU}<|HKLl(D0CAOx}g!yYoYsoMX!Nr
z{n?DD%vm=i8*oVq!QO?WhTxhoWI)ip5TSrShJ#3DTsL7`7EkIDiO81rmjPTh8{4}h
zbE8aU4gWb6{Q-}Pw!u&lJ&c3{M8FRc%T<v-m04UsCerK!eFdBlAlv_RsV-?IvHf=6
z*<U5nFEYx-XPjwbAXSD=L)mGfFQZDTsfehiDyU_d)emTi640@mixbSZD-;RTM0_i?
zA;!a&CFG1{MIfXr$^a1n>vs{Y1iMNvQZdy1UF%QUHqz)O1`MLfC6lIT*%9>uGt{_Q
zLss-xvg0!CCG1oZp=*L_kc?z?q{J)jj}lvO4|^96b2b|@6&$1qze{rZ(k0zAL*Td>
z6=;n@PDjv<Q4wn;;o&U!|06k>i`wJ|Bu7A5|3|1&325OSvFcFPH`S7evSiKzGHo>k
zWuf8V{+2GCxBpR8CFQqC)l9z`MIoO>unMqCJd}sZ$-e6)aitIAhH$;m24?ZKukC`C
zsRpPHkT4EWnUg*k0a4hckJSJKkt|kac=eqcHzK%$Is-O~W8#B_^fHkk?7L@kp|na0
z4f<k403L8iMf^54nAL#$k!_XiXGU}Pec}WM9Z1P=rPD`BNI)Dkq)<fDgbLjMAJZiJ
z5y+-VEVeK(>-tr(AM3A|8BMAb2+6SeWJaz(sFPXct^(3<j$Zu>jT}tX3GLfLGeo|v
z`c@jbR-sO4-xiuA%~yRwBiAp8g~s!$<>-TfpasIbh?OVEN)k=|8Tdg?kmCys3OfOs
z5DWBc7gCh&kwC9@Ss}iIgz&v!`#zShtla{Wt{A5w%wBDa3+4Su0t*WY)b|zhbhTV)
z(m0Wdl$;>6KO2zIzZQ`3y@T|*LEJiliDv+JVZif=Uss>N$SG8@3#$_twmnoIfp~;D
zP(?C9U@|w-pfJ12DG&PB!sn0>Km9SB2*_^LYUE*zB!o-M2)(X8iG3}04uMUQuz^zF
zi^s3+*j`#{(C~p|82|7(BiANZ1kbg6jTs`hg|D&dCxQ*XW)=0vvV3Z}w4fjdUre~T
z41c3Zgz}n-rnTZ)n~K)IsQ3%D6&AflFNi&c2ZnOJ$GAf7Nhp>bYI-}E8O#qFOn2$;
zAL2k67h&hfcNIMvDwC-As){bdR9an^VT58NdthN&D<-Z&V0gFLiY~*xcKiY1AwxYp
z1_cf?HV*L*ps;w~=`t+yBY0H-F`Xy#ePTuZTIx>bN5~O}d9^hamN`IFDE7l?Hc9JF
z1Um8MOGGdf6rU4`E-3O8ub2M^b;^7Oa+FXrx(Ul1?9Wd)GKlzuBchQo;l}71alQ?a
z5UPB>$?lBg#HzhmMyht|>y<K9BP40E!;o32Sel7X89`>hudlGoCnCfAYVIp6bCf^5
zI3xrTzBnWlJ7K0J8+D1RLz1<u^3_4kYvD7E`vO8=oS&lIzgueiwJN@<nQ24Pc1@Xc
zjhf>AnYkvXqwu-LUBX{F*V4(P8ZgtSe-VN3CK>%-Qs-~>)RJ^Uk=?GpYBZaM=rCkM
zjEoJ8aZ5xnBa#N$MAfDl8XBPXHC1j&&^9o_oY#czBULo(sLmVBy0M9@&Px*1NSt*f
zuqvN%8EGAome>6DBUK|HIs%orfS^|EPd1~K`4BSr<ytErNi_&sK(OnAP?=4UQJamZ
z7UEh$+x)72Es>pbt(BEARZ<mSX*Ch#g`-2F!@=X_KO!v|je~1M4^5e7;HSd`CIg>d
zeD;xPBh0o;0^bmA9If)zfo@Fj?f*vq%qkL?6gr?$$m;|3$|SB2bgk;;MJ7E4@Zr=V
zig_T57XfE{kyD%1!GS>2Q#2YI7@vn^bRHOT#2Ns8W7AMoi4I?$_*$b=s0M@$-q^l=
zQ4*N2_K?*6j3miah=nM}NpTgYJV{=vIt1y<3FHW{CLK1|;5^_T?=fF(z*tp+!yOJT
zI71nQ-Lk^_s%S$Y^9f}1tR=~Yu(yj3wp6rXg|HzWzed>ETscUU-oOR7BW#-Y4-E)%
z#ru7;1lVpE*z+Q8PoqyUpiqs`6?fS5LV-<<SePn$%U8P8h<+#CwL<(%-_1VYtBSZa
z-!6EllP||npE=mV(%&Z7-Pgx|0BTuD+%qO~c9F-gA$!J5khUSS0b30T+wz&e*l)rF
zvEWFlQN9g%h^pH|_AO};-Fyu=kx8aP{4}bfNjYgcg-mn*w)kD<Y~vt-Fxw=9Q60v-
z(l%b1U5kFs29S2_qZBjhr7!6WCf)h~_$u*N5xlQ4K5Inpi>{$n@+&*7WlD&gt0PH>
zVA9D=Q7Rc=0EM`{6&qkfnjyOIGX}V_OTg?QGWvXh(2wuS2T)~QaaG0^#&4~s?;31;
z`oC+i5gk}V47QYEmDFe>mHE+4zEVbnhDZu@pRX9`pKSpoxi9Vr5bG;R=SwvzBE28)
z5l~e<gJiA_a_;EoR)>@(Bd~()yA>@Q@iGw|LL%y(hi#pe{L%`W8PTf>UAL;P6(DnZ
za1T{O767UO#1%@ir4A|Xk1hbjX5;svqkKQQPYqcBbli3P)&=kboFU19|CYA<Kh-Or
z<&B-5<H6<%-~?qpb_BN#I;g?J8#{^SH%D$#nn+`iLu_PKiB6slfw|beAXTd}H&3ol
z6}O#~adHLTd`f1Y0pbRC91EZ{_*e3Vl73UT00)SUShvD(0e)o=e&RiL2|F0ZhbL-c
z=m(9eIM5i<0`DaUr!8P-U0Xm*Y>BlWg;TF-mhc*E5PB^-2s;QYq$NKPhR*_-g9YUP
zz8}j8fgj;;C?QM861RSk-TUBMz~RSHp0xa#61JHD^N^XTqybe>k|onpllLBy99eD6
zqtR)yq$6v6Rz+$?rgTuK{jE5uwunbMjaC!HgCcPjFBCtMt=6s{a^|ci2<QiRhHpl(
zm2tXQxK%~~;uwk;Ps+3c_(RkXG!5G{D$~!BmVpSI{3xE*N469P)ROu?bfd2TYVn2u
zM4_PV0C?3o&aj9Ya#vKK%bZs#ndA6gXKm@8+g-VVUi{EN=*A6mVgvv3LxrLX-AIO@
zruOcv8e}7p9SV+UII<uB8<fobBfy4A&I6*FENLM+@!8}<!~Sh?Nk|}ETr`S_teT-e
zD=~7uuTEkTf>`>H<QgF{G7VNIF^R+&P@ambbWK`iWah>ZPjuDUMeNu{vExQ=44T<e
zh%In&fmWMWBl9(N(vz$>X&XtW8yOIVCu4WdpY?ELwxv#b66r~Arl@JslhNIk1oBCo
zH=&@VGGA#0v?HQOB@MyRIj>kxR^oxMvd(=K^$~#3(56z-+RDk*1KV2jyZ6yCrLuvN
zppa-8aR^St`>28pg?Lp)WMidj@RvfM%3v<wf_S45_AA0BqkkLSGm)Xgy%-f8i%k>`
z?&yfZLG<+hBOLs;1ToaSMdHK}j)f{q4_Evka}QhKd4hiTl0k`V3X%#P4)Vb%2!dcx
z^*|-TKmrKIZU2vK$V&vD30NFxF5pMeY>=e(Z!Z}d6Zg$XI7T#Cd&?wcI+dh@>-_&E
z8Vh|}hv1;GjNt=V_Rd3H++6(K^l{}N*e#3$L^UtpsJW4pH@b`J9lu*g07rBU6TcH^
z6DUD|*WynyjhXoCiaH(mWkm&o%)`AT2ae%GtSHvRl517PsnTRk8Lr~r<y3#PLgDAm
z>iXGQ7ZVd4&*NH$8s}G4>R#p);a>UMT2)y{1Qa8w>-t$8Bb}gCSt|$!%$cAA<uDz@
z>URNoiIwull~8QHeub)+IcGA|N+xfLjQ4lB`roWqQp`GyD%P{#s#j$1Lh>Qi4v+t6
zO{a;p6lhFD2od}}s^BDg6m+f1Jqnp(t+G=_|80C=VuW*@xTU5d5fLO=MO*@ebQQgn
z#JR4Dj#Mbyh5B8IUZWQk`7R4PJ4YHboE7RGG9Z{2;KFbjY%gAofvf;LRqY~xGg6=+
zO5C*=ZbUH$@F)8(-4c$ws~AN^Uo4sl9d}`Dd}e6ab_-D`<|{xQw{UNZUBJUycn2zO
z@D1g%;iML*<AH19PYU^bo{$?<`Jy*JFc8YND!q|~oorh9Z9aS+yV84tpgSVzf~z+R
z9rS{KC-%0XT(-~;f3GB>#eQMO!Hbb#e3E4yz(Q}v0idkLSl^gb;$+h;k<5Sa1C>8a
zYPlsIk;vXx%?%~9RB_;3m4Anyet-|#*TLG*n&E5g$1(}>3-Zw?yOrwe%!N;atb(s!
zm}O}Z+M<-Ugc8$75jnoLB(Diphl$Eii4KG+SzTXuA-^zUx~0e-q0_E^=?)}Sl__;R
z^dZm)))4xDajF>|!~VD;AY+N#4{mV?dLU_jO4I{M2h_h*4bVJ)qrj@#G35_;FhdU`
zqlMoutfcQ-4~CS|NR)w~HNV>3>=y?7TZ{+UJK&9_@X01bxs^lO@0_wmqUJH1&jrw6
zj-N08wI*JFTF9tc7&i<k<RFMxQkp|F45ZBqWFo$%h?wjOa1rCO|K~+4eGG~$8Oz%5
z{TIoYT&z{gWNe58_>Fap-tw2OW7K|tfa%21-v7IRzp}%mrdVjHOeuOvu+TC))=B!@
z)O_eBi&etUNCz8D%)9=Q53b?zl@J9IY)%H}k~4LPYgh8YnlE8;*^%f(cIk?-kh%lf
zgCJEQHfzM>!=FZl661k%k}B2b7^mn6MhH<2L=F9+qugr>PBbC|#oFj!B-=3vvX$vz
zkRz)3)`yCgPX!HNfzI2bRK@wsDB7#xo~B~ED88(rURA8(1X;^;HHahp3uH}>=xe2{
zX-pbQ7XHJ+CY$V9DQrV27Uy4F*W`T%5>ZP93BShZ3d9*Yi~qld7SgYQLJuoGUw}#i
zc`Ppu&xIet6=h55R#JXqfYh%gy$z&EL&+~{078`Nv`RBHHb4Xe!J8Q3$e)M`4QU2+
zJmmWe{0TX9sna`FMG_Z5t3Q>Lpw||?Bk%R7)4OWaJ0nCtA~c2BJL2Xb+)n&Uw$F%6
ztJlVen2x1NF^oZw?Oz@dqbDM8>DD;oTB`zL69Z!$iQvl`RZtUU{g+3?s3@+M%bLcd
z*9Kve>5tmDunkS92IwTKe|Tk+`zJtAZg>RANsG3Qas<|4u=@h5cE$EXNQzCdJvEZ^
zx3Cw4-5TF*)~8K_c9BdY(H*Ni%0;v)3eBN84v!nifi8S_Aul#sc#a^fJ~trT7b`F}
z2;*>A0R}X-L6B%FYD6{#(WgiiWmI6GF1y4)nQm-=Be0quC)3FMOr0*)KwYGxo}vG;
zE|NK$I$f-Rx@d%Uy!^wuXhbe<vEqbrc>JIMaK^Q^AYDrGhR8z_Lu`~_uH+I?<XZDR
zBHHmqh`UI@?AKBiRoL(2uPHt^Mky|WhWzct=cp$GK|^YL^*NbolUaUFL-yh?Fau;T
zQp;+S$@S+lq>OThL}ULqNtv9ksbx|oSD^oUQbwqSV6aIp{a-9mMo0|D=|<3q0M~bd
zH<p<affMZw@Dy>)H`NT3%&w>tMEyu>Q&vP$SB}JuxG93LW#&W>M63CdHm=KTV(k(n
zEfWcnmAQ<O0r(3fOOChQT&%HOB%xl=>9BT~Yf@U1f$%ax&@z`Wdf#6lXmawS)(Kih
zPV--sG&!|U>m)5Bq4^I=+Jp?iNCvy+pI3w);!l-C0>&2462fc9h!c!G$~Y3k>+c^s
zRa3TRnUJd*>huDHj{b_;YmvJDNSHIE7YwQa6Ng9tj%tv%fYipAjlA8*$k0%hv}K~c
zzb9}r`GLT#&O`76I6~}nQVMqNFIY-CMS3%sk+Dqe_{-e{Irgh_6Uaw^vykm3U`K`2
zPC+9E!+=St_=5wQf5&H#L&w_aGo*J7{-Yj)96i<<h3^^#>7#J|O@Bd7&DN>LcU43B
zAl-l7TaZ(`BrU1-Ivy7RH;g6ZcvuIrMaAA<J&68~lM{%Hz=KeRi3vg*1UzAg!}?0}
z1jT@kU#|IVG)j<sD>GcDBtH&8|5Y_X%daBCTxUxvc&zUbT1Kcv(?4!Y$ZRK+uS<IE
z*U}c&sP+bzy$LD=CU_AeWQB=tM6#pvFK{AcF0<xYhZ<Zl%s|Kj*AXgJM&-)iUNnr(
z<|81D+Fdj(IZuON2_&fxq9yo?%1Ke0hAd><H~hanZzWp@q+1Ntl&-hZMZ+?s{FfIE
zGs!$;EiW4WC#C!Y1Y|8J8a6ThH;aauWD>D9CKIHKhD{I_CwgVnZj|Vi|DN14I^vb!
zlu7Ws7A#~c1=Sl7MEjRl4NJ6_Alq73W5^_x4O1yHqHLKJB#7m$`9U_QuXxqgW>L#1
z9R4?DO{UUn-LjTZI{a_S`Ulvvy3#P|(lF`bVWtd=|94k~Q7LsbgM_5MB*!B8L3UY~
zghIo~R3`NwtRALP$R&fdF?u7H51TM$7Kq9Oe}7L1N2QP{H&P5&=Om<^1i5~gNt3A_
zf4isn0jjP}J4o6=Dj;T3|Lp=|Dy5F}!}b+OR}lZJPU8nE0PD<xv{{fYA^taA2I4{q
zY*HPdAcPyTgA3^z;(y*@$T)(Iq$YLsp<k;Hm5xQJ6#73|MNFlV`N}#q`QiFd@=msY
zS5ba|?5wjVU$ZCDg~b1^nvkhaOCCRz4ND3;YnkiK2_e~+e=&t^j4BUsGV^O&9TE9W
zEKo3_8yO&)@GnSjQpt>_Bb-Ob7jOf8NwTgE6A{1)WchNi?$;i^d?-H*WCeP2v}ral
zN-hku#_U`&Ho}8^TxS>*fVJSCiAMu5Wb9i)*Zu}wA+w<a_@E^e^FS6aLdf+dTZih<
z7*H5A8XFj&hh%gf7*`(>!~!!`W7WnOMTmrI8KfdaGlQ=E4QfMXzbtrsFVGuTSirEj
zYlNNg<pgpBEFM@EY;Yd%kN21wt0g9At0PfMa7#|q5_AgT-=HOA*35x}H6?Llh4O?o
zLPbJ2-k}1n5C&xfL-P;~tR`6!+&rTUEIN;os3Z7NB<ctQzxEgCh>Wx8NQ%J;WSa{F
z{ISr=h7T+ocI1<gB@jwoBOF>)8NhPFxx!)inOE4)?(j1OHVV-#uvb=Cha3nK#4oUk
z#$JfNz=q3%FB6??1w*Lx3YzO+w-kLY5MGGy$uweOH^MGd+*b4o-B<KG7mk1n{dqV7
z{0`y=4kDjz3Qy?^9ZN+Wd|)e+_<bBUm{;*7>;m0d`xlzDNmBptgA_qW&@EZXJakRK
z;jx6=Fyc^X6j=)Q{|``lur7SA=-?E*w-Ezjc5ISiN+6|gVnD?cd1yo-{7`{62md5s
zIGZY%xbKY17{SGFjY}-zsvQ^I5}q$0+!pnN`!xyRcd_JPi{O`(3{x!8$7vKU8<!1+
zpD_siEw;Qm5GG&f2kVh$<HCW(8R+ZbDh`fo3|ufl^|iP%VKseJ+`kf5tjyEap{f_J
zctxwh7pVp&i(g#|zez!UfY%~81aBTIB!ugYOg8cf6_>y67BIss@e373T;v$OVZz1w
zE5llgO^lSD6HU0Eet-|#*TLG*n&E5g$1(}>3-Zy&AGgk`OIvkm!Uk<8K{{Lw7M+3W
zobW|xgmxFBG5ro}UfIilg0nCPjlMAm^M#@y{nu<X@$O&y8MEV3(t$j`cpcy~LBr2l
z{Z(7?^{)o|B!1@q|M_aPUnG-u;t3|~^Q{`QCld`bsdNN^W#VBBDgQ8RB^p8|?(d0q
zkcvP+ozat8RtzblXCiH2YJkx*mNvw-*62a9R*b9atRA7><LjneMl?XCpPkGHgL|`u
zR%T-{M~B4<1QS>tp#dBkG8R~7QTD_JhKI)l(uZA>8Y&E6d2x6y{1C2?%MS!tC~mAE
z-EP5)FBI|v!1#U@S7M*w;IXbq->SkB62e1ClVHSCOME&x-61=^5Dy(elA0V`{6KlH
zOfUQOC<1q<h(U4(L4S{2`l_UfjuTORl^rL(Ug{jDl;f1H4>Cl}qL5NngX5%OmJqXF
z_<Ax#>kEzPcR0=(jd96YBbQJw9z^dz5CsAsT3e21(x)N}g;axVX{ktih{V1`rH~5M
zWLt}~Qv{}O5GQ~ygxny76A;AXM{s^1O&CPr%7KaG28D14afk)MF0*)CU(C%){BVdL
zi!DkTV78gf3i0D$Bqa922g)HV`8+;Gz-vQqe9<4cE^_G>EblSCq6`AzEk2?@_(xs2
z<1pGAO7$R70J&#C27~!Qa0QE@xB*!DQ}TZ+ZUCgyZFpQrj@od&0^r|JD7=A)UG)DN
z!!PPnk;TMSl1gD3nBYMvfnY@MB5EbN_7^B6imwPtDYnrBjQMi_;A^^6DMeL5M@lD_
zeh3RtY4}<qf&tu^)<FSjC{Wq!(h+Bew6hwJ09qjU(jqmatZhJmPHw<a2Lwd9OFHuU
z1d}Tp2}rAT4MqZVoC72n-67xuNrsmc+}An(KNI+qoWI0q64VeGvA@;xlk<vhE>7As
z22>)^ExbS*8NS$0zBQG3l4`r_fm39tTIr|hC<*Z-%}CXh2B1`Q)E7deROlZ_{DYG@
z1RX{2j;Nz_z_EW%`kPM91K9`q3OFI69A70av~rcxSU;|i<BC<nLLf3$z=C*0R&>PU
z_+VOIQ)MorEfo`_PL4xlwxN(TaYI<ICObtk^)1sLVY@Vb#8(m`;UIBN7yyNlg|?9u
zh?^7}qbL=NUWnl=e!WuE${H6c;D8IasYHa=I&(y)(hZDpMI>4zLxM^ACoK}0Gnc8T
zb&j*9I8M5;aqZMpGQV7#e5Z6T4v9A;0HnX)ZIW4KnbxSzZDNdc4M-{*NmoJF1{9CV
zb_k4zOf9YRnKi{{8ll~HL}*7qcFcbf+8NgIu%ZkgY#Bkhd0hPZh)E#&PQ=X;*##P4
zEp!OUUl4T~lBrmfl$9pJ>T<L-Ek_G|Y%Axs4FAOxts$AHC1na^rf9#CaU~EVl^L_I
zWo|`#^stQ~`V<2S^!dYg^tr<oiUEVdL>H=LiyyJ%OLABlG0jUwM!GK1E0yRqMkz4d
zW=oP5$PQOSrq=}d4Kyb78jY#8rFzl1z62yZ)Ev?-;D>5dT`!_DVQ?s;@-_SL)sl@r
zR;VjE`V!YN1YQVW1z{2*RzVOK>0%9L#|_D85R%UPUMC=Pn+(MmtNHr+w((!yCiAVW
zft9^M-7au|;j(t5Axn!aFY*pZ+pEJHpfR8^p)sN{)jDrLPI~>}WsNrdf)0rrHMoml
z9c*9xcH@Sx8vV)u4qu&>mn<G-*8w;w04Kety(R!S$>}F`OIF-W!;qZ*8^C8l|3GQJ
z0FumDA2%qZscF~_8?Of%-uKYmPuJ0i8BFPd3Q2X%R}IIXLyO`eAcbb&6c7O{qMlMj
zu!yc9S5<?-B5FxPh%rb?C=)FHIyE5WKB~xj;7g6@JrM6)=RBmGhlDJ__1X}zvq)j9
z0q;p~>!G8jEoe-?1MgwajsDUtYe;_x1axuXF!8dsx{cCEQWBAoe~{HS$%ve(`CTSX
zX5cHv$MCBP(i3}ui5D}4Uv+Yo&@n3eC)zhE!WVT0PRhXPBjX`)+<55&GA1>_z@Y#a
zjp=t7xSG7B6`>>o^l%Yy!=Q$o43O(!^Iz2sfnkj8<0o$5rqhiL@IFVx7SKjU=zW#&
zv*apT8#Nh0|7y<d*AX-o5iaf`0;XyZG+K^C4}(b%i%9DnjFf{hmU1wL2(%%Etp*1p
zo!KB!LbcAp;EW={!Tfc=54z%tRv>XzQqfYaTb6apvLb*bM?>N(H72lSF!3UD9F-g4
zMzb!m{ng0!S2Mjo4L$rr1A<(I5j<>zTp&LXYtn(`Yq3fn5g37=#aN^&f?Xz_>8i7N
zB)yQ4yp@I`#;DM(20;-9>e++F^gEyk(f-v~n`eSY{dG2vq}xRKA<reF?IC;)3rT(u
z)YXhb4~XWICBQmviyz`Uov@AT3RXZ7WY|1XuUE8D2HBTt2*0FHNi&u{_Uw1qyqe7K
z(S9}j`q^S+2@-*lW7LXSj7F#w298u@bMLZh&VF&N8sS*15@^9JRULow0}I$l8X#1|
z0<M-0_0_q6Mc*yp^P#E5H_s?RV}!;SevW)LN7k7pqW7@5EMEZ&8uD6$(S{u$0pUJe
zEM%~rV?Uv_oLnb4dn@z7;iI3XHjHdJ<lXU!ojWVeJ!@viUwOA<v-0j<Loc?Ra_Q*k
zE4Q9#W_Arbv~}|Y)y7_jMjujW)lAi8+>8BF<zlp6d|@uwxA3*at$oHJFH#rXetKLb
zVeG@DAqO66nU&=4dA~NgwNgT~lY(mMF~1p#cG0B2{ZwLF^!D+as%W=7uAi3LiqpsZ
zJISj_|BdOSYG-dRZ=KPJGjDrojGQ&2FFU@^Tsfr#slU<n6j~IhXWw;E3yOz#E$Am`
zN4lB3TG~|j-3Xd_-@{hXnj;pbpBiRQ8kvPT{Hp8ulb!Ut^h-RIKIN>2j2qb{%UNfz
zm0m}w1vy1)riA$Hn@oDbXvNJsaEIbIXZJ*_EzfOr_6SXnbgP(`*spHgpbJ72yQVMl
zcFx!8ry%{eP)U9|Z>i_~)mmvo74BPQ)KlrzY(^{n!&#wET(%51y4!_3aq?;}+ro$X
zIJCLhR550d=Jhv^FLc&S8QF2d8`W{|pKHW*YO6?^L^-7?FnJjiPRjOc7R%@5h8@=!
z>zOxKd*fvNo;_9g2R^KQUGnyd$MGcRKJF(TZrYmlpN6S0d$LNOIF-I1T_!Ms?^-qK
z*hk&_*vvycw(VPKde?39u$Y}Y4QIBYDr`GYwy`YodPacB`x_y_?{ALXbS6AeN{FJD
znYJ*Y<Mo)$m5w+pAI8o<bH;Xu&#9MpXY^dze}4CkGXnCH_1C-a(0OnwCAROEkFKXa
z9Bu7U_~GHQp%YuRXi@k&zvuCEPX0yTWs$Fyw(fmysy8f6&N5c{Xm(7!;Jfj<ci&y-
zA3vRH7JQ=Hx~|&;Z%=rC)VlSkDftF_n@n!dbo!N{vt`a^++>&-lTN{nlrjgvsLIQp
zY&*Bkx#O<ZBUr4?{ukG;FumHKNgEfQ;KS?tk8bRt2WH-B(4;L*aoL1-1*5GQsu$h1
z3}0il_kwd@ji&7xgEg0q?0N7bt;4uSolh>JAHSbqq9IEfDe$F150{-w>FlDHo;vaK
zhc--s*0r77RlVFZgE~9)`M{1Wd%Ujr_TI2(htJt|ob~i6@2!#h19vxed$TaTz^un>
z?>c2HqWgMXTtBe*^K1<>uje=RtXVm4Pe$NPe;vVaZL;FTNOX0RQrAR%U0qxK#uJJ+
ztQ)*;@kq^tQRAQO8n%C&Q9C35DNnW??7-juww2Gxg)2<Y7pWyaJKVVEk;O)1E*`x9
z`FO{Pz1HT2U1h~~OEk#pCA_fK(f|4Ln|ntzjXNzv?9sOyxv)z{9DBrX)~IWuWAfA!
z<_+32c>OMI95Q6&`8{q2qbBTHy~8Qh)a2okke8>;UKGB}Q5m`{UvPen!-9<$><*Sc
zH`6{HAEz^ZoArBkkAgg%SoN75dJhjhWZy95>3z5T<KEuQX*o$Qi7IV4K<A>H!qO{9
zs9)BMq0pag_IP#D*#i^CUy65oomDi~;o?%R;M$|i;CuZigx#M%bfaaHBFbdY=Ke~)
zaMwYpftu+zCw}>~&}dBZ@JZdTfLfm0&A)v&V%(cYE1Wt9oLgyqbs>E;Y2m{Hod?Fq
z`ISJR7H7Xa+&P0?nwx$Gmb7N?-V?T6h+Dp!ou^iG|NaV4-UR-*(b7giWG0@2^>|?5
zeA-6gRkI*#_Kf4rj>~vJIi*LP`z1Q6_zv$JGZ&t9dj}Z?xsxaSroP^aCdXUD4<9rg
zg>z+?w7a_f67{3p)a?}lRpF~!*`Kx~nX7&Z$<3DM`q*nevRMyeZ9F8atsY6c`?bM-
zWtrS|RRA{o$*N_tZe$P7m#o$AmXm@K+%j3t@Ro&)uVXZauL}u#G{Qv*?&<H-7JQGC
zY3b*O{VJfiZKgRmiYABGab-zl5=f-ydV!PLRWmT2o14jaPop;Q8+nJWIj`!&4+rd;
zr)tSqM5XX;GnTcqof|y@o^Frz+!E;lVS1+xzjL44C`+|FjLBktU;_uz!!>IFzdD@2
zIp)_MzAl3^<+F?%^}~d!t(34ksh<M&liaM`GTs$^3Vv6xM5C<LV7TX`#qP(f$zL}d
z8%fHz27w7M6_a0b7t7FreVxFqHQu-+N%0*xzxF+*$as%}4S3OPwG%;+;7(I|p10B^
zds@3rQSfbdeUBz;6}Ez>3rsBPB}2<SG4GeGH7Rh)bTEf5Yf=u8{r?nz1{oCgBI-4p
z?6}-_%f5VU2ySMMSLcb!9eNG>l<J||@N&I_JxfEP`!<yN=f-E|*&V*lGduRZl`)nI
zTDTNjQ{6^8IVn(;+B7d%dAMB(N$EzbH9I%^MaR)<4{k8v?LOXak6h0xwNWi7O6jc@
zub8TTPnH+y0s?4z$Z1t)Y!MaJ&wfdslS$zHM!Xc9h<mE*X~p*5oAGI?xk{zCb?T~E
z`dM|}0GhHc+>W{8=yt6_W%(|eDP~(kT1hMH`XzF^H*Hv=YO6R0CaCcKJk<hckjE$H
z%2=tHw#U|&Vy|1pBS0pRDW;~+y%lV%7#U;AGrb;}R$5P`Gv#jgjZCIwJ^2qLv(>Xm
zORF$0S~XFB(QU2!4<B~X*FQBdL45#8x%w%vG~vMq6!>h;Xh!Lt{_N`ZdPe>i<MO=T
zJUaL2$~KP;XFiwSQ&A7fmXEX2v@aR|WXtZL)69pSpUU2@AG&Syt4QZwuM{!Q%Da6)
zW6SVe7H)2>K7TB6X0zGrsXKhn96M0{e1`srjO9M37Pl<h4)$}vV#5t1o7kJ3R+3@y
zmaD;|4%5_Hz6=}uwXOOVZazLbw<dm>pdMZrvt}j#YTAmj%|-Xu=4OOGal5#2NaJn$
z-?cjppu>x9+aW^h+HU@wp`#<}&uV9M_}Z>9!7ui|_bSYe@jtoQeaG27ArJdoXUyqS
zW)~mYxRu`7WkZHb8H%nt+4ooKO{0MRv^ut#?sGwLW*qO_@>QBC!pOIe&UMk5LG?aX
z7}KyrKY#!3<K7lejqNbbE;PL*fSk|eFOGxz-D;X&6xB8aLuqe|FJ*o%d-Cep?%Um8
zIX!<2<Jt3}VUsq?kEGA(`+3-e46mdA8S-zbdrWxSa<<uX6YccWuxs4#$7>c)CVr0G
z8E`#gNv_U;+k$-kg>+wKr(Ul_NKUgb?^EN}23EHZOz2E~sae_3Q7k(xdggyJe848H
zgkGQsdGw+tT7~nXTWY3!^s&!6zH-4wib?s?9i1HvIC&33uZ)TX|9|iD2>y^%j%K?3
zx`lCU&FDO})8>;K+<^tVPVJ^Lv#8m{t)trSz8Tj3z=sFzdzBVWzPgi}R5m>C31Ck1
z7q|9r558w}af55aGrixd2Oj(s_Lg7p-q9*UwTn&RDdXE#fq`4q?)48#&l6lZHmm);
zYh$(@b@xr38rv~ym=bT<#LrB2!Q*>#`p!Pnr@YC{tk96ft!L|2ekw`$;DPzKO~P{p
z(ak8D>GMY!TwCjyGDu;eaJ7BxLcM|(EBpb7{r4Ua-4;cC)q<`2Uia5Nc~f}7v6!x!
z&;GFPWBKyQ%7<54&zRRw*W0?$_;&@qLx#HN^#CN@w4I^Lvefa<_n16b=so!O^)yz_
z#kBRgIwj9`oaqw|YIJsk>$<!5SBfCw_@`98QCTfs*Bg*kP*gHxlN;-GQQk;{b_sm7
zY377AR>)TvX;A#)<GJ!9;8`7Jwtt}+!)^p7Y2`utjl4aNA|9r$JF<J-(sBKdmge_7
zSa{Y_Wys-0jXX64spE<_6z>3>;q~C;qSEr)UuJ*)RKCDlbCmy=vMUEqO!!p1X`5TV
z)f#WdBPQE}Umj|>K&^o7q<UestE1_o)viv-i$24L+zxvbj5#*5ZU3TsOL=+obY76b
zr5zxi46D3XebnrhL|+0mImRu%xB-N$GI+`=n^}W2d^OYaKKmKpj-+qRD(?PvkuWol
zcBZjGX1`~%bjs5?zP_8zSVfL0NMBPtyvKOQg%tUT<=1b&%<VE~{r#2c?-zfh%<XY4
zPe=3m)=_&e=B?c_V)wDu9+4}o7<+6#8;n1gw`=_Sz}!1c()%unOw}B5cWRzlCCe%b
z1=TRy92~YUNl{H3EO3v#BZWn|iH`thZfLWZ5itGejMkfSl#k8U*raGs5aOt;-7N9h
zTnB>~;mrM?-d*oMGHK0HfnChgsXAVZ8+oQLNSV1{&1%gkSe8-uO<J~UwbDLG$A6pg
zD~ESsGe&D$Gd^4^eRXesUqO8CyOJ|~dzio2`{ID>;l)=YA1v}6?7Jk62M@5lZ12+-
z$E2d@>?ZOCt&MV0-A-ZtC%NyI*d)w~O&_kTynf&+n*p!Wo4CFkm9%Eriv#6b+l3r!
z>)Z8^qZOmzJuf$*bNJ^E56`8sEO+%y`KVi-8UIqJp{`X==F~TUtT$6~(x18>%a#96
z!z^sG3p+`rC~d0ot#HeDp3#`ggKrAY^}caLg{fseC3Aj{p&LKlWbfJZ^pcF>b%^ww
zX0~OqHh=}aiNjTN<yUEr*q6Izm425lmd_To+OOlZWWD0%uxHm+4BzFS`SNh%?O#5Z
z-%B15IMA}l(50aD7WW-K#YHYXw}n2r%sRE$=tS#R^l{){ET<fKls=^Agu)wAE^Ir1
zE^p41L<|b}q*7CKKz<>sMwM^bed{p%xA9%?>-!>h4A&`xHG6cVntwamv!u!}abcIj
zW96~T7u-dPY7qVFQv>(SP@LNtyU#si`}76Z)-8+LsH~CTv<q%A>e+Sarxt0@VE{!V
zuJ(w2mC~tjMB*t$y=zj2Uqo{B1%LY>R`1;L<*Hy_wvRIN;~WXE<fO7kD@1-tGd6y6
z(hU66KJWZR_RBRfpS+gDH3(IMy!W;nb>O_RQl>Td_Yqo56{REK=|_CrY$65Yvtt1^
ze4ucJOfKAZu1&6zT{ac)L;LHyG#<tqO94kMyXY4kl_uQ_IDl~(S01k_>4Pncd;GbP
z!}WzJB;=Qkf(IH3Ct^wOiG~4eZ(!H2ulQTv>Mm|oX&rXjj3J!MCu7Y5r}OTd?z_s^
z5<s1g&S2?ywNV%Oz@g1C-w9w{UhOOfZK59Rv?EwWh?16rLNI2faZj{^=iO{yUqeY%
z{Kb}oSxx3w8eNm-h2^n#6wmHcg}2W1Tz4*^ISA*Kv3=)lrqi4&-xls%*bUs?(!2MI
zw3;QsceH9y2_}hWQgJ4zW3=|XJEfCgea?Dz?ZEn`ruLO?71JsE{hWTQ6U|MuV2(Re
zly&7>V}^U=%M@2BaU}E`shBy+apXdiu4sP07Or&~2+yFVeZ2hR0GO6#J8W-%>JQU+
zEG*z)a^p`rmAu{;Re0_%0-HHWnDvX8wj@SziJJJyoh}@CCAH45m(BXZqrcj5*G?^H
z20Z$1J3$9&><Ma~HU)m?pk{7tVJ-UVXD*k9O+9o%Wx{B!!iEZoc1K)|KkP3Ati808
z{N)Lg3d2*jDTR-Ee_-0ZkcS^W-ziZ%|7i;5%o?@lYsRd`=49^cg~ko1$t`HwP-lLO
zvXyOWahmEQEvm^CrAO=SH5els<|x&3j5ccf=*^@LO~azvj^e>A3~LJ*4@UCoBzJq9
zT*t6s|3!6LzRD@|>dSg#%KTL1HH<doOzUm+IKE?}G@VZgYmQ7{M>Y37ZuZFmW^Q7L
z?U_#w;+gx>YG%sP64r6Y#Y^&gD3}%xj%~WFH0YM6+S!3graVQu*~}9?6gJy$%e_YJ
zdAsk^+<N=ZVz(H5Yp0EZ1$K+rHm#O5^VCRF{@AY{HugIWFTXk0LBZ62P;Arjap#-&
zZRY7%*4g1rqM}_k7WO##1?wqgTEacd)R_(nilvkkh=Et8M$b0A#IiIqY4^rRJo;@(
z{T}XW?&;`n>oghU(*Yvl2UJfdX9X%YYgf0P8s0)7av?{fG)DB%9F@(FSM^pDUR<r*
z{#~;*x>2377r(JgR(qfLqGSAyd#Rr>t9@|Ks)wJk)n3xmVBB*Z`93GJ?2|$wti>a5
z+3|Gy0iu!5^7M%v7-1c4^th$F*#l10v&zp6A>xzlHu8O*wy|{1QEv2Ty{iU8eagud
zTFcj5SQvW7V#h4GG3PU8W<F6Vc>+|%0~L_i$3)$6ZS}+fNW)EWYO|)Pn2pcX2P*H`
zwOupfgYkf2W!$|3J=Nk1)AJ2-?l16|4OFDb^YX(K7i?}>AzKZy9%=3?E8cW}B=5r7
zS!JJJzCLm0%yEEQFTo+N1T2NoNkK)4w%rrEom?<`@kLh71NHRh&+?tFjyZn-hNODC
z?~VI;1s|~>w(o1Jo|8p-9J|o7<-nEa(v;sNBrW*3Ys{78!x)nGIy^;bAu~j0u`z#X
z*Snd|%ZrknU%oot@g9(q$H8+<2Mo*HT7H;jCm!AbM!>Zx;AC6uEd{!)@JMs#BcsON
zoC-i}TydGk*c&krTv!+McW}rtx-xQd&jY0jx=Vs4tqTiSHqzD+o{#Q(dH;k0rSXo}
z7O0N1QqW4!!%(<d(I>6KC7|sOPlm@jfX1|MU*ynpzoKfvfwJNr>SJ#NckS9W8z|&x
z0L`9PwvK8;@r+jMFy;0@TaBqbwq{y{-hFywPxG<2BGzRM-3oB!4!Gn)OPC?^JgJeT
zK^Hd--L_=l<I&gCIgMA3nXNhE!xE81N0w#0ja<BBiMqP*ta<;Dt+qQ%*#-{$&c;n!
z56|o73W!#BNWQIl@RYKp!?t_XZ>2wc3cy>nn|sF|AG2-$v<6Mvt$#5e3k6cg-ZBRv
z2Sf08_vwx^1`oePl|PFGu)HqQ`_1MZry=NbJ9*ml%;ep<(ISayt{xvcHI#3=c34ta
zQOsztm_!O$Y<I#hG=CZ#xln)EZ9vv5N9+#F1gtUNQ|C(Kp8KLx_y^pT0vf6ZMXMDU
z?0aePHUh#xQ{kg%3@pd9HP71HCdB#7YHxgO*Ok$YRhxE*DrNC*X0^Nxk>XVAAv=5=
z_W|^K%I;w)66~GWWjg6R_bC+jEarqVp`ri9MiCJa{>)t$4+vA@U%mr5dw%}-Asi4M
zg`L|h_scrr^BZl4dQ8|==6uBHu}kxqXDebm9Deugdhnt8tvx@MzIs%!!?#-th&y*=
z4K4PVvL_?p`o<Ufs&5ZRKE{mR#{|pE`+K{4IbKU@+_Tr6^4Qjcnd_c`lPy@<xvaGn
ztfGuglh^}JE4^f87}DKMFRpQDEqr#ZWyi>u@*4+lSlJ-A1NVG<7{nbLCmt-lJEQ;L
z1Z5-D0tldDy=OBUoLA~>5hMH*379eb>GtDk!pDOyz0&bsQ_m0B+5V9;LI<*EjLH!i
z!-uz5l)VTCN_sw}7bFAJqe}0bkl(;@Kdh%292S;Qw)o;k;r3HYdyi1^9r$XPRi?H>
zvL~QxJ4eSM6PJRBi<bfj_6XhC`$JI@wO;dc&-ay_&N)1_@ul}J5UstfmzKK{7kSI9
z!&$p^9X8vK7u=budvcr9BLly+aLBSFM`BYCstp-7EUwRlGEaz2N+EkOaGg`?T@`DW
zX4?yA(oeg1ls`z}U!<MCabu)*`l%G-ZKZ{Ztg`YK2YYmO8hzu$Xc{QWi;g=ix~30g
z(?6`TG(Dkg_LMSY_xV|^_FD~T&U$*L?-#w#i`55o(paoHU`B%8_>FnmqsAQk_<F|T
zRj>f=AAWrM;KAa{dgJp}G)`CA-$>xKsp$POdmWvCC#4@Y=S;Jo_Ufw7&EuB#x7%D^
z-RH879`&Hk`U`6@a5lg<`dyBlSc56a!#^zikXF*VxoSgp#C86`PisvJ`j0-pMrV@6
z;PCM0dmd84o(|jh{?_>Z?4;8vm$!`AG-9RZ^@UXLi|MBBVY*i!`0kvN_x{njdXFDJ
zrZ!H{9P#vpgGT7aoN1@}hQiy|9q~||V>_$ekP|~54|;NQ?{2k=tIZsfFN2UBLNo1W
z<uB!Fc3;q<z-nIdgiC!szO+;y|8#rt4o-gZhVuNSMeRq;KDFljnjTh|X*!hUd(&(~
zOxl&z&E2BZ^WUrV^_kU27hK_pbj66iN+uY$b<c8UiB<hq%9jr<-8?-m=*>CXO&q~F
z%f>4|-11#E;pM?EpPZFcAit1&t;y&qjUJCns@J%?TEXSb?yHg)MnV3l|FH33xG#Pl
zqG^|F^Lo3%bRJCD$0dmdr(K<x_4|G<U1b_>Sxgxh-$`%$>bw|@K{*RX3gS(h6?Obl
z+K>@=V|}vAakT=g=;W=LV2svt*7O*<b?|MKv9~AeE<4aIBJcgery*TadFLFG*MObA
zsHi-KS1b~kQNMf>P(C`HwbkB?Zm|tO`&{j2EekaBoQ{-l(M|B$AA2VlrZ-#=Flu$=
z!kbBI%mSCFz3rZ;u^bgmR2#9ogzvF3EHAw`XUIAyy~F^Z5&ZeaOg(cajrp5cIn%;R
zP8pvAEBoIQm@l58Xkk5xl54@#Y8VQ6oGxp}!$%HHs^55CzsOTYSJw9~V81YD7T$vl
z*|EYylk?+wNxII{gn|?A^Ea$pI{kkBf=zqQ^eP#!Yw%A0OB;`7xNRFfOUH5Xyd5{U
zdGrlUuv^$ugnza$**C8*T12_BI<@VJp@1Rs)Vj7RV0V+-=BbvTl|Oy0r_ICs^*~Ya
zuDs)H$$W0u(dVA+a2J<o>lv*!tXX<K!u8FLo#&O<ZI=pn<*DtNIdf+J<01Vb#3<?D
z!?2PEr}|Tx-`S!$a4T=-hYuf$TMSZNy{7TJp&!LC<drS&q21;ExAvv!ynTH+VAhL{
zS@9Q^;;ETA6GV9C;f4091xxnknN6~bR@q^G(*LE``GM;IdG(~v%ykgMsGe<upBJin
zIyUIJPP>a&)Z|nTo7Pw!t=ZrP){G}}2PB@#nm6Tm=RQxT=w6AMJy?Xo9;%-m`$;^E
zvb=LEmni`ZT(bYf1mCD0zDHCKVWD6+Q@^z;b_1S>mJJQ{JOcM<18lA`Ku-+POgnX_
zv+nX$I-yq^MYL;sz!HF9Y<47L$%~Fy7B&=1JrAW^>#YPgdF?IIf6+}Y$EZFvEKU%^
zGS*e~4gxW#N?4b8$4o1Gv9Qt190-p#12R8V)<XM5C+m!&wpqREL6SR0kW~ssodNk6
z?riZ5)Xj&#>mr7P9Sbh_hA0k8dT{ju4U!GU;1D8mE^T!0mhL`ZIrvz^TunJt3m^&$
zo)l-tSw=22nv`mz0e}{!)uc&Ej-^vSY(=ZSHl#(y!rhc(KJZK=^zRj`j7gIe?z{N=
zZ|pHUSnWN4^^iGh9O!K!dU>6Cp>&B{N1q8xvlBA6VQ{;VeO8;b4&r$>xKn7@xpVg7
zCSfZV-S&LA;M`Fim;UVQ+r1k?Hg%vsdrpVmK?R%z8@{{?8x?VXzTb^ZY6F!HBmIX(
zMfKU}wq-iFMDK!h4uBUqunEnF_BjCbXXdekV6K6zX?!gsp#7D7c}<3=vz0*Er$l`!
z)27e5Jic2x_o&7kD#R`>ciT8OddWK8eDjiv9I=)z*dCM>-CT_2dpR~a!vPU4h#Ah%
zC>i5!@o07{g*8?g&#v$8LZ>(H7**OCqbr}@+TY&$`0S&XhI-5bYrn#Eol{HGA&YW#
z-W!A84|#C%5cu+TLxWO)IvVp4$lSP?dJX+m5A-Q})a6D{PSas&p5`N|S1ECtDNWtG
z-k&TA5iehgQH?E4^HwyQWvV3#RD#+tVq=$x@J^Q^F1u72G*m;Oq#)?P#8N$$@JdSs
zs&$4^bDhGtF0)-4{MWegz`bDsy<TS5dvtAAj}DP9&9x8b8C9g`W8!#_UCl1OwCNRi
zx_dh>IOPDLfu)ZxVe}c`i=Z!`-rw8*{?=q+=1nk(n16ABBy8vxfTFJ5*LzI-v@85$
zoNAXe;Fa};?`-4|^+7vp?2Fk~Mvrgm+~>pU#p@zU9)v@_H0Va~@jEa(L!#pMhn(r%
z8g6E+bv8%YY(PN-*!)+Jju%<3mP1FzfbnBJJe`_Za@s5y@O1Z%t4BP;_#n;O@w!Xb
zKe(P1x@qymJBOz}y1skc^y@0EVI`%re_<sxb7hwUrx{dwC)U#RI=kBgEOx-s<ge}?
zEq(#)*H(B0#Ve!6rWO~gy(-4wdqQW+vss~IZbX)xdURo(%2J?Ay%GZ;*?%;@ueIUc
zx0gq}0vussdKnnBUfQGc_Mh8SBpB#Et$WCfcDMF~_+A>N`{mQUj$g97ty?k)7)`mM
zqe5HiI4|A&S^w^JENwBvAj?iabpMmBd*^l3EQ=4<2{z=OSA_Zsmp-#Q^lsO4{~I-S
z-qU3L5f{&20l?hKH#M{s21K>fCSbq}DjQycN4W<CvgPi;o12}}OzgnY84hIcFwnje
z9H+A5PTsC%T`pnEx|G@Q&8WU&BM~Lo`N$X4ysz(^13-oy(S*6_!Gs8DTIQ=`?Smn;
z(3QpILrNm;)0+#<#qYp1yWQLoeDByo&FhC6cAR-@|9J1S%gz1wH4<tr)d;;fu;p~#
zz2kF^zrQ_kTc6hF2E4OvZ{**izd`HX@cGVtFnH;I1L)_Okj!WV1r6(7TV~zFK(}_M
z6X&nOeeW#vo^9^rr0jor^9IxBRs#TJh#;r7i@kA*-uzL!{O7B^${acG_5gc~p#b76
zZ*%>kus$anXeG+4SYqZ}^`#-T*8-dnICl84f)fw|PZdi(b-DV1BiycZq(#B%y#thc
zC2RuM)qly{O`CId%6DPZ{n1oj`qPqI<6jK%=5%|UXxm{!GRud}?)qvYTQ{ZA@bk=!
z-Sretgr&zn($-uwQgg{Cs5bF`%(YM40ybcw+1S7herv|-cYkMZyHuEIZJhyYV8y7t
zVgCEFo2_tBG<7c?{%$eVd)n}={S#;1b`m{+_G3C<r4hu|-yJ{w;Gxq!SA}#+pMN81
zOHlx%P+AXrBXn{1>E@ujD&Ly3`RR6@1y5(_jAEbf*6L=`mesjB8e`J86#(Ylc5KEl
zok_RM8)^*ZrNh&XPq#L^2xy9Zd)KNteX=qwosw6c=o74Y#QIah)}8Bf-30OegV{;@
zFCQqq+c>iP+3pjqnR0g_k>qlC6;S8x52nrqs!HEJdSCBgg~+S+OEg|wv=z|;E9SJ(
zuMZppgwkCa?eT0<28_zv?F?4@2P5-ThGX-%f;_jxTn5BN+HMm7#rbpB#krr~(5htt
z`|$$|)E?O^U$4RX`^(e6xa%c4DyxNmdVA&7^Sv)Ljg4D_tvXoTZ_Moj`@P{;<_Vn5
zg18uUL8tOf6CmdB|6=q3(qxyYf}-3^D7jI+pH?s4b;>SC)hPo0nQ0nsZUq}4%s($p
zPWCaK7+kPG%VE{%k&~Hr4aIz5=<3T+?IW*l?`!)e$k{hSOYK#Qsmkq_HptGa2M>oi
z!OSC+PR?L@dmkMWDL62(jkCN4r5_YZ>7;zVvVLH_mhn7+=6dz+of>wDi@vmJXwO`=
z6YFysoD(f}`7RncDoZ$Ue2S6Z*?#dOAX(|wP$#ZbNAoh4IeeX`+hd^9gSoRa9u2zC
zHTHyQ!I5NPYTjp_pln0j7$67s6(=Mqo9?mFN}@WZF!bM9CeL%bm<PDj@cv%)8=cn8
zKA}B+U!L0V__6m-%rBldgc&^KoqtJ=HJAWB@WrLgyhmxY362Z({GLm>7X&ok6Qy}-
z1$W=NC3`?z&>F&p`+<q486Wlm)<5T}|K4<qUgwsoJuZ)YRo3Mm`^+w&?>ieA4f*tL
zgtB#Re!lCv*jDiaoYuN}UxBDX(Y#=X<GcAYMr$&rcj|U`c}D>1mpSp8DWTnz<^bGi
z>b&)n`UZ^7$~nVa{-R90Y~LiUvhE9XRvB~rn^Z-+POW05STR<<X$=I&<@@=+3|Fvh
z_0I8X*iDWDqpVTilsyFy$}G=y17iV}Y*22mob%vif*1l!={2j#?auO-S6h1aX@B}-
znb^;^C>VLj@4Xf<$@wbae+H>_08ia~>Bw^CAW<;2ETrG<x8fT-(zTrtr31uT$h+?E
zQ$K8}NW<?OX$3cMNdIMTPZ-4<xQPl?1Q~`kv`M?L-ck%^Vp$>Kx#HQhSZXuvMFOyF
zB5qkNZ7D#}C$97MO$Pqo_tEPnaJL309^ci?jx8v44_?g_-ylShTQElq)}q+X%T58N
zUM#LpyoKd1nhxFMvnJPPi0P5GqU6DrP4&7czhYf(6xJ@(PD~L}c*-hFk)N^2y^#A-
zL(S9CRPn)%JCR>rx*vYDwFe;5J(JEow}&d21s$P+A+*J#1XZ9Ze*}V-JlQej+^C@#
z;H<yuW|9l|xxUz(+J~#(&2b7BJbP#tiU~C8wEToC&Z6bJVwt*r*&>*RGX<M&jD4_M
zV56?u3&QM43oZy$F-MsvDtH(%w4n{$WA^u8`AOd#;Hb%?fSdF=G7P(km&SMF1Cu4d
z^p1l;Y<3>_T6qxLVd;u|Iy_U`uIpwj1J%3-)iDpmoasr`)ttU!rnxk+_XLJ*v=Mi9
zZ+-CE;TS<|JaWt8`I;$19yjw91!);um1mk9iFNOCm3y(Xyht~5(wM!9#1if7+$CqM
z9Z<H-7M___@+rqxY1Q7Xm{|X_*{i!E*Jo4|+~o4W<(4*pk$*&{C%2tZvl%-I>da2H
zoEhe90hZ?@CKM6)F#8_(*e1BW==O=W!B#Ippp8d6<y%|94YVNIySg<%WV%$$zN_2I
znm#O#C65C5@1M4RF!Daud1iK4GQ{8vJQHX65`!pE%~?>?wYZB2lT&OHl0Si_gJZa3
z`|eGFI+zOPyPZ(?QrHyi)UBXh{%+HGZfh);P%)fxJ<F7Gx7m*woA)Zqv}ZogvH-F6
zX!C686j&M`;3n?2G0JT_XaA5)=?BSCrzOm3UF-|7Z=D0FAr9nie6Cyl=#LBdEqn3t
zWs<@!3vlamvP|Fm&YPhkIDh&nwb)AR$<$^odp|WvZVc^e#KUsiw37TsUXbZ(HR;4z
zy>v&pAS<QK`SSbzD>RqeGyc#7M)Vjt^|sz8N6EdbA7p(_{h9p9IrPvk^%LX^Bjt`O
zlxCfr&{4jPvS;Lyl0DRuak&qs-CL6L1u`a2zNk;@tbmzJn>K=@ZEnJP2UaI&P9xv{
z>d9Ybr|mfTv4PpanUMVO8<QQK`>uENarxD9j~W%4$t_R_?`EF(?6#a~J(F#AQ_5Rr
zzcXoGrWx&T{k}uP!X9#taxD~c6)Da7@#Rh#hMfcIoF1Y6pbuonGSAGTXMv-_vVwiu
zo^Hby(?Fdb#%<r@42HUoYl;s$D&Rze3FoY%Q+Zi-?RR?jW0xyt*VDG>;QHo$<LRcy
zJ}Y}_N9)PmlUp+UA}7o^x|>{4$z!?C^$S(x1|~kctC{$8ncQm2=X!FM@)sMtWJF(=
zd#X3tG&whUxK?`JSp&JX@+N7yYiADt$ar<@mM**AT`$a;jTH-u$fe19wB&Wg?!(FJ
z!7%XV4fZyGO#Rc3w5+S(%cm}<HHqV$*MHYYPIX6?e1i5O<9cnHdeWmAa;;j%d#6m#
z%AKw7QYYHDe<Po!a!(r;zFX;(kv~0oMp)Nkrxf`@Q@IkkUh;*b<+dH~oX%+-&!ZhY
zd9!stSGoF&PaF~@PaO+(-DvV8`?cb^-r_9eA>rKU=3?GYml~o6(A>QqP?zQyW9Qd)
zmg*e&#4SZjd3Vo+Sl{$Zx7tBV+|nv~i?-=W)0Ux|^91MSLS(xuUPJX^(cCr5_2u@d
z$3pBACp>B2@Mdf~hZxNio2!OH7K0ylSN&$nSi2004hpesx9-kJ)61X}jiY^M1Z}CG
z;QD5)>e>F&d2i)6_c)gq);l_9`mwe0S4X|!Gt-uD&JF7*x2XJD|MO~N_N-T5(yZIH
z$pP^(JKKr;UZ)GK78m7go@&3s;l3CGEF7*DWFhuAT0XP2F<l%3^%+=PIKvUx;zr$b
zqI2ECoHM%KU!U8mx5myM(YO1@@zM_tzrOO&v+2n(C+;X3A8S@{y4&#S-OG39U8>hF
zMDE1`doE{u`l9u60Kww>aWC`%Kewx=?wj?!M6jVjh=YO?d_QEGmK-^`9Vp2rVNEHb
zV02Y(t84Aj?AS>cY<A0KcFcCQE?+-tkdJc)T|TlNtU}FWsV;X5C(q5dwoXg3Z0^*6
z(ms2Eb;yDKiTXR&oX)=2DLXb5HdVw0ixKC&PLHFviN7hbe(LFVy4i~jmnt}Gct-U;
znxChyo$bVMXnt?)h*t4DwacC4zI2<;*NQGVAxzJUU)6L*^1|uS4ApFWwI6Dzc|c$B
zrCN0384u>>v@APrGV0Aixs9z05;^NUT5IHXD$iMzHB*Q==D}Id((_|A_P#dfdjWC>
zhJ<nugelH0+MiT+P}rR3c?D`-Cjpl{^i{}aVe7ULk9`NdX$Ds3X!Ci(6_D`>;B4zI
zH@x1k;X8Fla7r%qFl{;b-MEr`PEk3a^Qdkr{7-C+@cack_F9UUxN_6eYOTaeJgsO(
zaF!)3ab?@nP-*O`A|IAskkt50ukElWLeFj40N|{3<NsTk0@0F}+vL_sShUn7d=blP
zv=|PC=f#CIoC8)doXN4$Y8D1?(!xbvI>Mlg`Cjlx<P$49h*PHj33D-)qTLS=-XGqQ
z(LID*YqWYP?|GY60;%`AK=LT5nAr43bucaiP@eO=)s1lm_SaOMVAIosD;PN|fXC5u
zPH6vpAUkC8%1t4ndWL8I$`i~MjZiTI8pJWrlF<`YpTxXumf(@zv_r3jkbxPrG-!3?
z7rQnZ{5Mp9WPO}Q@7wCip0QwFMlhiC-A7sm%=61_t`K-h9(H1!&#}kLkZ?e*ssV*t
z6gvQ6=A~H!T-g__O#{uKVBO|uOdwWY!5Dbj7Jq;{SYh+X4?a7=_?*UKl4JP`Rsqqz
zfKd?}LH-b^b^I$jQNUo<*O|Yx;o<ixXH+jlPlea+3tQ|SwGwW8ZuLXDX1ew>Bi%-d
zFzy(;E|byDIB$4gTgw+_If1>$mKg+@s{1S4Q7zC^ZPBV|MVjY={^9d43J2S7X|Q^=
z;sH4<u=1*y`kdYchh6D2=ixO^{h@O3*toa_(Id{JzPfhLL@h0*A7mG9G%ZOB_@u|X
zohfI==y~Y$mi+Bw%EvvuwS9Ywl8u+1XzsU}z`n?vUA$|=N}HP*xf>7mq&?ZSyR-4u
z4}g=6<^?(eB@2b?BOaH$?-khlDd_N6jkDu%`QRm>Q(yEsFmX!HhckzjWe)1JWu(pM
zvYP|4AKX9anSUbhYPx^-jICu&6Aw?CvetRS-06!QvsSnzZC!t9XG4GEzFI3Hcv(Oo
zI2O1ZX!9W|#9`$2**Y2mtL!bNjgoRRpvH6Xmf@FFeU<SVr<mnfh4sagGy@oeaih}V
zu&3<$^tX)<9-C%;Z#y?n(MmI3X-vzQ0rvLRsmZo0M?dj)Ie04AZj;-ErVp+?T%NmD
zBZAYQTlx^2xMkyQvU?;3z^1O4j~TBa;r8z2*yhc9dK^$!yAHdn5)u>dOm7T%disC=
z{TFmZ)i#sXQMWT*X_X3sd%W6l1ZYT9mqLfcEtHA6mrs9EeDYx8v{U)IT-NBl9}fAQ
zea<#~8q|H`>OCbZ*BlLg${jkdudrZMYJY5V!PTv!xT7to*$#=%AX|P&d%;MxuCqtS
z@pj)3%usu_G~&Uce%rk$@CESq4s6oUSC0tm(*MB3O!LH$(pk|jtTG()qmC3WdcpcM
zspqV;t+(GP8s2(8;3D_VGG)c-Je&R;zRfHY_J!-GH*G_av(*S~u{HDVe@)smnwX7!
zegw)h;-Q>m@X>OhNm-B1u2?^MziHW<$CDugP#*|9#^{LqEwPM154X+zh7WINGqX($
z)HbxtiB&m{<rN^2a2M!2w`KbwQxguv7ZvESkDp#lJdR}`VE33?>D#%>jRUSJs@A(b
z?uq`zZ5|y}`jmEZGJ9sI9iHb~uc7kb9L{M-*W2|vpU3b!+o{)=k0t9z?PYWbFO<Ju
zzS=(N<yG%Ftb?E4<zU4f)0(#57@^$zjf;`3-j}|Rbr~6SsD5$D#4qKyGofl@)<yYQ
z_;!+hD?viq{S6}D?|FNpZ6CqRt7jA=yQJTLc;EBVvQ^v5&Wuf?`>q-IplyNUx$uKg
ze(4?)R}aZ&6g%`f)-C<0rTvpO(|N;#FARgNQN5qeyP4!TrK{>T*uJ37_VHN>o4CSZ
z7ae8X8^3*T&O2-jaX69=H7|vCVmrDiT!CVr6$cK$CIjt#@!6rk<#)ehe`F8jv905|
z<<Ix_#Ojzvh81u!i#Kk%s7~XjnuZ2Jmbk~c;*TX~=6raY5}37NuzatwN2^L<W8(b%
zP?IpSpv8#E4ONbny?ycu6m{dPyCa;OW~(*Q&gjs4T-Sk5p;XG{?xIGMN*<m$4mC=1
z=x2Jle$ak3bi<(fP}kDC4;1b%{Or)g_(o8@*RNl9I<RxhmD%-?y*>cu?$pr7wBpTR
zI&3B{4^|7Z%WkcC{hedu?RVc_NgH>$TsfyCEK|7CsQh4KmsL*f`AxN%X4V;6@>vu2
zide7by65N6v)-n;F3N>uyh*NQW}_kJIgBxv^*%zug^2ZqVf7H6udfr@wq=2p%Lt75
z-{{o$lkig8RxS6Bj{3mq_2#T)DI{{vrgI#$3rB_DnR+!dc$Hf5YP!MYD`rp*(cKYL
z&xq~36Vg(Sq01eYn5aS>Ne(1)-gQrpzj<%Anex=BQ#YnKnm#?UG>)g{?dF!O_N?sv
zi*0u|<bGj>Jc!P>{#2T3xlC-eF$LM)>aI4FYlhngk4$JZtY><FJF|ZNx&t$3IYgz+
z9e*=<qGid})+^jDOy2y)dC5v3Qv88P35@S?`P^#D*^M%XG@KvLgH(8r=jYW@G}B<m
zq6SYhIqz+bO5ehZuFm?c3Vcp4iH8F24QH&>Q?QJ})$|=ZE)7$CXtjQ>!}HdMHccph
z*D`8<kyiTgYX!c`wj9|7EO6nm_WUD|nOkLg1vWp}H(Vl2u{JAM-PqamO_AxHDb42<
z>fBwTr#otg&#baCpz+r$(_x3r__xb6Q&!Er?<uy;`QW#9=yeuC!ESbU1-BWzl%WF-
zpU*pEK82C8ZMfs!Rn~KQ4BT6A$Sunrc!Zrexns8=HzVkd#m>N+!((Pm=cS)n+{ius
zqU%=JyR!a*-Ktccwsi(%`<mExoUrp+V@HF6o&mtoL+Q}`vb}nDS`2hZjyQ4KI(x?3
zx9j~{pL*GG;>Q&qucfi-L52McNQNnU4K=-PrI)n-PSM=`w=nadmkv98nn0z_&}FcB
z$nIH}1<RIgOWuCMmt&nV{UdA<F*7STT=MLg9VW9*2_Uliv@K1h!$WB+T%OL;+^oOo
z&Ca(9BMenEckb#{+Aeol#;6try!<%BEUTSnN5cZ1<!&+b8^liOGr^R-XRY3*c?Pt{
z7D=;r57SJ6T!YsQsO0<avFF~8uk$a>Jv)NGzh&?7?*^v^(_-Uz0=Y?g?`OV!`#<*H
zGAzrrTNefd0gIAQLP9`FK)M8^1O!y1LrNr-Zlt73q+1aIX;6?B>5}e}?gjw`<Qw<H
zeBW>Fz4o!z{<HtB<8U6689dK@U)Shyj&m&a_M6<16khH97%V6$9^*WiqlO0tiTu@{
zWyS$q#-oxzbw-1@wa+B$MwRQOV^N_9z8=@7SkfLKgwR1F{(TDF#O!>5kv@gjg8v%*
zoZ^E>=s1Sc_V3O~J%y_#uS~66gu=d_*50h);BA7uTRO#dUw%#VX?>L;m*TbksYk5N
z`>&#ro}3Z1psx!$ZiGM=<!N$lxx>1qeam;4rBT6-5A+nW`WF_!O=sVdT)-xMrr3Gc
zcyE1-wD@bHw#}BOT}_Ee&%JfmedusziHsR}a4+8#I^L>hId+llhL)d9fo^q_6=Q4%
z{ZS2@PQ??pUs3bvy+sTYF92C5R@B0Pk-{1gEw4yLT=WpLJV<b4f8mrd)y*3^h&j))
zi@#F*D}>u3f{^D`Ta3oj36~9Sa;&^aPcDqXK#Sj%HiafLAM$V5ywUhZ)Z6>{VU7l#
zlu3I~Ys=4)%jK)jh3HgUO$08z|3&bXnr$LQS%#^&Ji&mE;X}*9d8y6_eDtqW4s9E)
zB;j1e%ikz05Zq@reL8KHRONud1UqG_d<^R&*AK0xAEiXw`yc-PgG`a=TF@5+)#%!U
z*mbh$R*}J+6x-x;g}bp5mm9vpJWxzAakUyuD+gxSw1^82O&*ip$X3b8_&fWr(aKkd
zrBoWZvzh~z()hzWdqOMeTEPg*k(ca-+g;&8!D-$-rUS)2U)sw}`j;;m8S#Y*m_6^5
z%Z(QyVafa!c3efFwpJ>*cYdvJ-9T-@#t@npFCN<2UqQu{IzQgOWVBt?XC#1`>HBSj
zT>vh~K8K&~x(?IejWF@EsFfn_Ae>3<eVRWO`tmD@-h4jJ8w@ekirB-?&mEW*bCUg1
zc$9rYyo=6;vZEks2%X1gN3Zc{kPn*mmaJutu<R?o!Ff97TEz8Ssy9SR-Q2dp692vB
zk0iW^$``z)mT?~hhv%SmmFq$oG4hV+y1lRtu7y0KXfSc#L6SvmM|8x*rFECdP{AXL
zln(Cv3Hg6Vi4eM3U&L7Clz`CfzNArP0Hab$2r`;A_VuM&JMVnDqV7HczP{yFkZ?e^
zYR|_nrL;ZkacfV;`>L)NE6?Xtoy|*l1HfJD&FA)E6cS4>v_&=U8<B0(<%U1MpE8gW
z3GP*>*%!>`r}_xYZsgm^X0g(*53lMP4Q^&tj4p&#3Yp$m`6`4?={n)hY<f+$D|!tR
z`Xcm8e@-9=l4--8rPtFm3La7l<C2;Bak+APDO-nLb1<z&Qft`Yw9-(Tnac9fWraSb
zFY)bENHzYA=K&ZU=dL&sc%EbV+UpUPzd9T_H^)wID%@c%WJ^A#h<Wg;v&W6iRXdPG
zB;QWK#Qdi%$92bz)fQ~_^U6lM-e!+&Q6+%nC!H9!TvDaA>AjI+(zz491m=!8&)zdJ
zNhO<Yn_8G%Gj$-InhoO_?pcs^;AcX{4~7w_GNtpD4=Hq6Bx066jA7>DkIWVNXr%sp
z{iEGOmig|oE>Q#<fft(@Kl2y1q%98B2Oc6!9uQe$9;I-19Ma%i9Wlt<E**Oz#6TE$
z{PeM`;?%<SY%?A}M%2rN`g(h<V62~>gYG4b*V&x2%CNLzD_iY+umc07!$HTB<F6&Z
zZ*QcZo5nngMLChd9Q_9Q+PuY1r*&%z++nfW3lWw-at}BikEha|S|-g!I!`E^1z5Jn
zmR`yJ7|1&n%8Hq|8u?U|X}KO>kYe`+_vk@K`myXjOnQKQEdKp;jfnHDZ_3mOf`f3`
z8@9!`%}%)G?FkuS;703$)Pp20XN=+l%}s%^;C($7k2>*#4rcyaT*MQf9~YUaVcI%e
zovQ!wdpKj?f<;t!|G7}LqUKJR_4zYbxQe*K+w_BibAz^-CFs4JgaP8n6E8d;GOSPA
zmZiTn>a{<%^f!9ryJ|em$cH?w(;iv-1}V#abN5SvsmGGf7(`BzXtjK4$K=oy<X&l3
zyVxt)K62Orw0G2>$EkPSty*aOoo3FBm56*_sg#{?8GhfgP}#pZFil|YF#XNkF;+zQ
z$;nX+!}8(tlkEA8SR$F1n#DxB4kR&^1+p$dn!Igi^I+6Yh=XI#)Rk&Dz$<96(M`l9
zBOT!_hzk+DTY(W#cbv}ui+|JBLgP2f!YeM0PtIw4j{N&~`^{YN8N!8`KK*{2oj&c^
zC!N*zKmpv~4CzRI^}Z&|y2{IE-~ByD^dMPKC9!28rYsHXN~n`GC@Lhr8bKis#$ERv
za>sSD_6?LnO;_Z;8?xn0$0fLK-WPJ6bm*9Pq@MqNUG&IkireAywN^${jO`hV=!I;o
zEhx!hvZpol@EPBT^uH}nOMd=h?E}fL`X8PA0uRI&xByc8p(R5%R{1f0U<)~S0SA#)
z&J}pi%%Fue)&_xHhbXPRk<Z4=ekHkXFL{<tB0pw4BMohG^{~2shY-0!9Bl9*(=A*d
zAcMaj0$*j><R44#KILT>XfH5J|KNrzZfR~@5?SCK$8v#83Qw!rW%jZeHCpH+erRF9
z9L`T}aa7vcc;7-&mBc{all7}|d$_I2rq6AhiAbR@cx-gv%y_Ff`OrjpIc#sO|Ek;9
zr^dw_+pqqYNQ$Jg{s1pHQesG$PVb4)SdA%7M%YGpowtrG7TLPs(eg*Sw|BFsR{|)~
zt%m7|bVg$H<je#s_HTq<w;#Pp{5*{hN)=CyasWV*7DrU^5~9YB8@o12rLQUG6ugiM
zrxlZeAoWPN!e0rw3)B<&Ok%3hSKT(nsE<?>8Fb1FyKMTFqA`vg#8i9#T4S6&S|uXc
zEH`*vXF;-maQ5;M-jc7)YAJP?%#7O|pp<>y2<ADDK8rHk1OM_^>RY?qzz6V6ufSl`
zyqJUr5{$mEkRYD4Oq-h@BAqtjs-jnppFAs`XUzDPZr{NC5EIhb$@V#u{0U>C-IwjN
zp<$dWa39}WKMqBd{Tg2`Nli+{9KQ*NqIKM^tj<gS`&rbB+v_29_O6}o6;J(C{k2z(
zH)c|T0ss0WGc5V=nZBmWpQkT<dnmtEpV-cZFhMkF*A=Ho8I|DwN~EG8S&Q-9NdEe3
zRjX!5DI_A;_<3wbyeZ?}Y85h4546T$WYQ*%k6MoM#=pB7cUqd~<x~9F=Ui~a*>n{Q
zs033Z!*&6&SDUc{Js(9_?#F&Lm^fyCyI^|s9h*?k$AK}e4>$ZKr8zAT5IZR3t%i&b
zFfo}tS>dQAldymFO0Cas@7EId-LDPNl4frXh7pejW0^{dk-z48e~)oK(^@|1uXz4(
zrqQ8uUwQS<(V$I!RkxyKX?3b%Lhfl*Dyk$S#tx_C;@o!~e8@K(GUAa}H+Gfga!=}s
z4X{%W1b7RMiEY1KTWWKo46DW~Nu+u$OQ&S>tY*#cX!f+z#jwB@$*K8wJGgX;)NCM7
zD2i}6rE|2$G?^3Jy2+4^n(x1kU?{BhFAThsUtBb3D}@q#S_=`$NRZ%k8l^Q94prnX
z#X#VE6Li)0X3wQa_?ZSnTB=m`REWTNOqG7lX(Tc2sQ84pLeyrcOVO;;<oP&c3Hq&b
zi*FNHTx?5n8Tb#6hjm;LZWu^$Un3xY0PUF!=Ek$|egF*%4*k4(qdZ6X-c6+XI`ER^
zr=oPkkFTG0JGSK)16xWnBiRT8#mpoFE!LAMHM{LsVnhx|*{(;6K3#g#sL0!Or#TRb
z?O_5o$ilensE7Hd=y4p+pCne8Fdb_kz@~REHo5AVbbfTUiv7)3djUxk`Gu815AN&%
zi?CKYCA;-6j|KGi0$5(L%@5`j)C3`u&p<IS43N?Mnm=a3Ktj-3MzyPp9H3ub<d0u<
zGp}oq(Y#nw+qpe}#8~$~l9>h+UoFJ#>dV!!onwAX0?%TCjWY#EM_#eGYZjBedhbqh
zrES5cM=r7!9r1!wbP&9|MX}cBSNs|`<-e4`h%SQ}5@-=oHxajWEI!XG>oDgY|2<SN
z+3QO6hSVKOlb*1$^4X21gb~9?>&%X7ro%CnzWyPko<bwxM-9Y0CyZ)PU{TH24uoSa
zGqLS@0*;$56x<(j-Fr6WCWJ4x2hj+uR`vZ|i$`>>0_N^khGKG1N5_M40AINhkKK+>
zRMs_Wm#dej{7i}U+e4X`_(l?b^>*Wx5unq0G>1wJ3z6BmBU__jf2cW*65^dudpRM}
z$q>d*7IA;sU2n$P<)xt!dx<oql3Kg4l!dKL$&xj_q>&caqQnpkI*%&J$~H!*DK-i$
zCY>8`1v06ED02-B4HFp3A{=|HtlWM=y1Kgk%JOh)+F(^24MXTp>KC@C<FCgeJy6Xk
zDE4SBR@tFqG?jO<7#4&wShCe8%oS-cLNMc^Ln3;-bxu*_*OOnt6a=HaeSPhLmOm|6
z8almkCUs-|p9x*;|CH8K-M{}y73<XGA#hWK-yYL_QPokTB+Y#1v9gtgDzVJ2H3w>V
z(-SGvjl`3ZSI->zhibf6(k0?xD3;X|t+Bdw!6DY;mJ;t$RyTv|=O5SjvU){Ejqpmt
zs{O?N?%mUibb6dKSUVki5`uM+B#S-`Cfe&Dg$R<c94V$p1}3gvy_$8pv%4F7N_C={
zThM%6ZQq=4!Y*>STzUM~c53cVrr$4ry9z&L5n@PjP3p{(x+HAXn-KZf+(^aAZPGfP
zfI?NoyXjNy+lg8{p~qW&S4N&K6|C-z`tqj<7II;@Rj^?hevSTnyqAlk*c$XsS`L%Q
zF<q}=q57MV9OGE8TB_W>7WKl(W9)jr%ezJ|6jyFQ<=g9+^$6-iRs$+(zZnnTIRAm6
zH3SFS_$YXo;agHf9&T^`As=u0M>;y4uE(7^1k}$R(REFkPaSK|B9PiHII-VnIIUW9
z#8Nz!`PCH0CNC2BC?>2_V8<c-<8%G`H0$BgS69I4hKygfjjHZ&p?n1Co6*2#fJ>e$
zjmHo#Ytq)6c6rIu3wbViB>X0|&5ciyVLAYPhd{-G3~G;(K=}b<;_UC9etVU_yESdo
z<0Mt?)ZBO#qf%jPN4Ph8P&t{raVUkYGCYgwd-r+Yk2aia>{yO@@=`CRQ??!ZSsG;H
z={K=b#-Ctq&aV-S{!JnNe%W5WYx~)Y3mZQl-ZKey2)n957-2b6{k2^8+@1G!+)bZF
zBN>|nKJj3VXZryDZF(`)V}I^>3{RokM$1yqha!W<pqX1p&R3Cjbg&uT|NV4g_tcjs
z`@O2F^mqiX!nuTx=#h?1?iYE9(a0|zP-Jh3_w{}Y2=E{YI~xoCHzyrr3l@k^O#J&@
zYPi@Y=(+YB$7^GqPG6iC1I39=Um{~aKgKm@$@sQ0N`qZ=X~1lhQs?hqx$<zBkK-E$
zZ1o|aQ6E7T{+M0zh1WI&l&VXv$&3|@i7iIYo*w0YQV#fBEPv7D&PexVl`WMQ7tAs-
zZg8`F>v!&XF_os`D#)X2p&j6`JioZ~nU<Jbeq6J+Ce{^9w3fVv#>?03Qh7=dELRj0
zc`p~UCms_rGUv-;k3l*3lVaiB#jZ4o3$z4J6qF>^b64&cq~|DLma>?m4=8(n{i<^N
zi|oPZC<b-GQnQ}EKBi$JbaLpwC!u(QE+O;<_%&S*{tZF`W|$w8d^qOD9#eAE(F$)P
zCaw;c@k*#xhnX#vUbY2`j^(hBo4cl}cK2of^5#;v`F&qo1fA@(nCvL5(J2$b#=Bp=
z-s)gGaW5%GMVH#u$dK5rm<>yz*OM<XhIC|*80|!LjbLQbOw+T8Q`O+IdVCP^N4y;t
zhi(XdqVFx-tU-n?4wyn%&>*^c<xDq*9d&gmjW3nUF!Im3w_WT<YAgcDhg_BC%~ZPw
zR3GaFcNX!zx0I(Ttmz295AOA2m=E0Mzkpp4JXa8#uOMdk8gqskiF)?O<kgRNiLA?(
zPigY5R8t+<RW{tG2J3CODQGyh5_OgP-k0dyhSbdGGFHkHy|iNs7*iD`Duqu<d*#uk
zxo=B0@AcZkKvq3pdRA9K4v~23oe8U52lUvy?BY!O+kO+32`Uml1zq;<-+3IuZI*<j
zMZ$-*PRuNJdN3`)4-{usz<;L)Y&F@od29Cjd!Z}x&xD*mCgv&TJ%IL!%O*F$NV?B@
z$OEyzcX>(G<MCLBbzByX(>6*d=RIV=@$L^^5<zhsov{!RZxn%Z@Jpoqa6pc@;ikr)
z(_KmhzsNtoKAzZ&%6#~Bpa*v%aZLeUl4$KNyySg3xew}QYM;McO-fJ+_+Td4Eqpn9
zcWol+YE>-V(WiB1w&;)Vz7B=HbMJZkP=IVY<(JCCcl%CbedIPuCpcmGMT?foy3#jB
zA7a@KIFlBslvXCVFoLuSjclgtjc*RtUy<UiTovCp2&T`Ms{Y&j<udW{)zQ8Y)g0B!
zM$c8)Nz++LEwzZ9UdTIpDO3y@F}W=#-#Sh3rcIpSk=R784`M>di0B)w-A?r`zm7oS
zLbVOe2kwg&Yoj%HyVv^6`(=h+y`&NO{62yoS^!Ox_R^gzR~tx1(rDEa_pYXAN)}qF
zU2q@{gxX}estR38aJpXf7pn#*OUt(;;w4d6StluvcHiz!3~--wUv=qgg*?k3J;1b|
z=d2|;^w_{C?XU9C`fpQu(V;Z#!l>V$T|zJQ=Oz30fBAOBJdnOPFbgQ}=2g@4iKPJV
ze?Qw4)!frY<kvnu=?%Pu7-mS2MV<8^=~q4I`kZ_H#qHLwu@p~tCAWU{5V(yGYRML2
zfr_O|WyKe>_D;0ykwM4(YQppN2=Ul_o8j8&*ysi9Us*brxojP1zEXQLGl?ZvjI?x&
z_YDAU+s|_Hv-XqMJOsmOe>4kLYRf2#GBa9Kopt%Wk)ZZi4C)a#iY0GA$o7DM<92ag
z()M|h<1M|%+wDwgmSJU=HGT=vetwl%w%Dd4>RP}U^g>G%Ti(O{_Oi0f*x&Ul+#*w{
z)<^UEVi1l6IwYqkPp4QAug5R^8X8Eku+OQ`!7#g9YVPVi;28PXXji9A*t+br!2GXS
z727i!?^g<+Y3_}AELea=Y<bSq($V(NKr5QrwPJKG$EHwRF>s?~)$H75WiKysNKM~z
zE226a|IpXDO`V59r#Ck%mITpfX|*=|oDXMbS!m>Ch{`3OtlBim<G=qA%p%H;%_aH`
zT}$<WqKS(JZH33?;v0<u_j?DG)<jaJ!&fW2T9{U#b6qTCyS8k!D{W-kEYUgRh?H_u
z#2t?}MV;+?BniG`KO)B4RQopG5d3v<R`fI9Ra{FkGfn1|{+z(5m226q3VCnXD<t)V
zGLA`JI61RyJ=#bShu#I**jmBI%nivp4Mbu+G3}r+osn4Pu?{_~<);{X!XcO;!4??q
zlV2qYT^8bAA3Cmzjy^ijq?ML5Nj&}|i);UdXTyzT^nfBNKw}6=c*&m)Eo-S|qJ_5I
zKF=nkxwz=a6DcwRNL|(Aq$~<l=Es=$EjZ_AdUPZDni?17fn5-N@p_X87a#T4!iScW
z8lE_V>#Sn>4h+|MKdHHS7!yy`REXt}iB?Qbp0A3A9P;PDy-g&7f5#1mBsahb7m~tj
z1tP$_NsgmVQ*5cdbI#b^n(M-@qoBcKh!O@GGiEjUr}cB={#MW_tMuL}+zbqV|Dyey
zKt<R3cf_Ks-*wM%Pqv^6g6TwuBcb-xT|gSZH>Lg#cbV8+Bql!J{mofnFDuc@)i}So
zbi#K<`!yvNLGE}txzNtVf#na&*Hn74Ox^o$33_oef0>uwFV&7pw)mTW-33Ma;R<Q9
zA$@~9fNi$l&XiFT6y7r;dS_enn{Tl5cMHK7xM`_Gx|g<gN@+fPtk=WiQ*}0%_WdZ8
zB$^HV1uL3^k*8E%|8rzK(7J%NE4f&e<7~f|7n`!Q?poc&X5C1%$p4A=OzSO~b{ii4
zyb;?pX>bRFLc2il@AzB)bu8aE^)eq_EiH9xb`0m<{}>qRJbe~Fnv?fxR?wu|NQpEF
z$1?NT-+^+~!R<Qldm)yc^JytJqau;!rl&MW8+Tm>6Vw2H5)?`sMZPE%_&M%-oUAqD
zH(cBtZPGK_R@ThOW!2vHl=H+Vcs7NW?E{G*mFu_d+q~9*q*(i6pIXscqgd*02Kn1j
zWym=qK>D%~n0>Fz+{BY-=0BV&P<JGiF0?y(vG&CO#+nAdXr-eJ&%3_n&ja72taDOy
zC_@wZ?nxUr>54xBgfAs0Eg`j+71EjStl~0*pAT`=>52m@gI~E_YWMJ9yW536%v#KI
z`t4%(pRL5%u*P;TIKsYl-e>jPXgW`{{Br%7kDl-GhNg-R-X<3@ckXKiY7_Qv?Z;ev
zQoN^gZSqP-ZeOhm`d+rM)Q%?qzV+s0Snk*@$yNHf{ZoIuzpRcPA4ozUe#^>X8=M1r
zosL_JD7=6>M6=6=>yGkJK6O36>_Ll}OE^;cQZwN9&k5}1>%oh~Dn>a2d(>ZqT&T_Z
zO^KAqQo`T2z)VYNzN=h%8&kx6{p>~ATl#tf7sD@62|HN{MB4XdPlfy$cmsS-nL=NP
z@4#i;i`lwRx6bwIdx}yTW98M8@|<`0ETx;$FW}!O^6*R*n7>Fp*Doqq#YYF6TqV#S
zP#{Ww{)FW~K#F&e3dvM35kgwMxkoZr!SAkYMf2XTWy4SfU{rsFbE@Irg994Tm*yWi
zM{gB>RLKc+khv`Bv(Koq@+}{5L3R;gV~RIvC#<XP*P{KS(Oz@qCOaJki!puOr5m>!
zcE)vXg-BALMxMK}e~i0lszQqQ%j8j;&ln?nV`VUJOd{h)xeE!UrePKIiqz5M&}oSi
zQ$#gA&O@=63+Lza4CvnMX$;%(&0*#ejoiG^o>Ar5_)R$aiP@c1$9tM3Yv~KOoNZs}
zUa=W!r{Z?~rb%hTw!i#J<5~TeSBen|EE`TCC>SE8l9{(?Q=UI%5U6AHHxGeKeoycF
zm@GDq`l~ONby@mGGh*5|f7|@z{k7Hooo&GV>uE9O=Izl!HJp;`gW`RqKO$muRYIW&
zw3+b!07=F1f!rjt<Uck!0FU;#ko=;@b-(C7ncqS7eYekbFBB%ed0VmQTNe{do5&V_
zYrh^4qTrt?6$Ix3Jhkk>!xA{Go=@E#c|f0HIi}<JOu)G%d~I2sg{~-CgY`nvfN_^>
znjuMUaCy=fi+83fIcXZrBv}(#R2ME@;3zF09QZwGohgBOAWRSm?>ACSNS%NfokfZl
z*8w68*7##q)h@TLoMD~huhxrqSJL~;;zPBQheBJy9E<l12*BThA|nM5&^>P6R9N+4
zqCi{`4Jo<91~a8mW2l7`t#<3Pbk~^3?3_7w&cXrnNu0bfo_e9Yw#@+&?Y58*#ASHP
zLi>bcw=D~P9;eaEYuS(O-WOKwqL@|uLiMA!Y*)i%WcKO(E{mlI-?@yBEin|LcpK1I
zgxZbIgFjY)ZM^#+0sHpi8guPTp3ob$hfCkr<}*7Km84b^1|m{4rGiDSpMhYu!l00_
zIegyIxW)sM?L!D771CywGa0L)VtM6px!vRRX}NOe3~u)rCzHuvkHrror#hZ{*Ii?}
zhn<l53>E-wt={UU`4^8Sa(2jllELv|M9OuYvtBLlvz0OR#MHj2SKUGqYTx)JLY;Hn
zqh+kLsd0-aHCt1aj$3F;82&nLVC=DDl;Tx*H_HbFLl~i6zVnYNv<FVx{qxaNMDWpW
zZ*N^3w}X%Nez=5z+n`X(N1G`5#k%!C{bZ5MLjBls9NmSpP&X&Vr0S<e*4WN1_6$dN
zMVK|BQ*gM4>eEFkXmM;fLKy}Qdd2I}S=sT8r!sta65+*7C%{7S9q5ORtI;OjG#lEt
zSLbqN9qjmv5BRIWgi1hKy?>P1*OS$E?S4UzSkAgp$Ri_pzZAv;XcCPRstME7$(9hH
zD&(f}*Dn7<uk5J;mJBAn1%X#r?;85gK#NDO1k6us|6n~eIH`MCXxn~AsmQp06#Lg0
zMerX>B{7Hk6OoenM#LDtOXyF69#~y-VkBbbuenskq6(Bqh(Swkj*2vx8Gzl4?fT;l
zKY`)0LstuJL3AxO1$&+$o<uvT2@;v?XYb>G2~`Mw?F4CEPN$4zLmkCzo5B<}cmTJc
zYt*QU3yiPGL5P^?bdE>hrzl3W;&~!Q^q;{NJ^U9P77g0lJ`Gp=;hW1%3A0>%P6swE
ziERIpe2yv+gpD+n)};Lw<HRKi4iaVq4`ghI`Qu<zLgU|~5}+3_j`R-^p;s-;w~)j=
zaiI!;UTlhx+_{@mv|hCV7SH0>IyAf}6G;r4V?MUDYxwF2@lty%8eb(@dn}QYo<Ya<
zfwwnjNTOtoAxk$0D|^V)H)PHD_DqQ(bC89@-22z0{|p}4pbBlinZ|9>6&53RxGje9
zfj#3QJEpWEBB(S#p~lwG>PS`r-+$$Y4L>d!J-&Lxk6SA3A<78!;*1~+HOe)PbcBp=
zx;IM0G<NXkPQi<KfMMDm0=hh3fb<wb=C%Y-2cYsSd#soORG!GVE)Ba3olIB*%qydK
zNlA5`^ta1kobnwME)c?-cC5n=uC6J7jWh!5_`vh$N!I6);c&Z^{#MpYnrBRyy}PV(
z|H1-vBR8WuUc=jTfcG>ryps{GU(0*y*beXotHsZN7VkfR@1QY+Q@QHnf9aYxd^5Uy
z>}{!@E+;pb-{gmiDksp40xazQi8~xg*5i*CY;0|<fqi`%=s25#h*`D(!ZHOlRWaa+
zxvo{9D>DBfz=BQl3&K?Nux$~UZGY);grWtdfH7m>H95agbMzutr;;R+LBU4kuHqT(
zn;ud_-(T=c0X2w2(jd1h!Uymcivh{k;R&P2nk#{tIMMu8s3JFjjevSb16NzbW$$5)
zw*7!goS;23fHX1<zURGrCkEr33aNJ~v8kM>q1W#RxF|}%aY+GBJW$kPPn9pGjODcK
z0|03zE%<gF@Z|uv3?+}l{@MtchzmCqWz+w%8T#Sf2m{!_G*oC*XtkkWi`1A0*7sq0
z`qt66zkgWZ_cHGS&Apnzl*qxj4>B76;}?J|-oag$!C<*HFo#MQyy-$1MiGdYSqe}C
zk<Tm5qHLcr*pRv;_a>0AhX~_;G{J@1MMNIc{{P`Zgmri$@R0_gOC2s_Rz4R&&dOk3
zFp#2>Aq1a6Ql&uKL|>ez^;MCL4H?QUvYD3)xy~bZas-^JPwHZEY@u>&;+u>Bm*4;>
z`#pNs873@f-J}kl0Zyz7sU=LcGNv}bAbSpGIdJJe2sCb{a?K?ixc%+eW<bOdu#jSc
zvvXZQMtKF`G7V5fk6vQLNIWcYKXTx40FER6off)BC1xrE_KxjrU#9@ZCIjU@Vg0s$
zK)K9tmw7O;SL6>sY;|0HWd0aaBNG5tZ~qNhguuglg6IRV1ixNcdrSWTDGZ0*{bK@r
zywa3%_&S1`y;iZeb*zBtXa?#<&8L44MCpxBKwrw1GZOpnbTcVu+|p+mw0RUS(^LZh
zpKMoT#9waD1w>+C^2MFZVfXDu(rDRhjJsX&Trx1Bkhyls5R2mjs50fF@<2-hw5P7?
zJn0!3+0`@Y7Zq>Es|k(*0x?6fwD_pm86z4Mj-%l|0lm`t7{LDy0*S6<OgW5yU?Ote
zYC#sb-n$#TFh5o_-w};}R=ba9=NZw;gK2U(3Rlo4PR9-HlEnn=M-d8w-8UDDxs|VQ
z2S9XL3dpFeD?H1BM*y8Ogf=<mlZBR+mWRp#Qw&FSfl~~1DQiOv`|`T9b+Y~mFc+|<
zEI2mz_Sr|;{lJ$B3EYoPV_sAk|7c6ynE2-5F<{RKh^I1Y9h-k}79B{bF6LWmZYAWF
znQ_Z35b0eMzl^lX|HI@YVgzXuBle=Xm@x)v{3*O+bzN|KM;HuLVN4!oG3a03W-4wS
zdN#5Iln?034n*H`*S=#z>5d9Y_tD8qB~IH02%2oY$N^!uQLI?{YXQ)uIv}eUV9K1C
zg&u+r0zjQ$PHpW~jbHU6e^Cn-u?TR#M$ev21CZ{??7U{FMf}POb3mEFkoyh66eBa4
ziJpr{#(|6rZ5#^)rfl8-ay^TOkl0<6V>lqh28)JpyZk4M_T1+KHemqz^7Y7#B1y^8
z`!~}h?`Sx<05d`q(TF5IQN)9o=r$@d+MrgO?(aU>ES1HiNp>a3KzbYYh({hwq{~&Y
zuoMS+xc}Mv4%n-3U~f=epM_EVZH9I^nGmw~`=LVH4MYRexWM(wDaG5x96*GEk=P>P
z0oN=g==n6_hB3=C5OGIf<!`t6B_r6>%flReTkjedr)umGa;}xlhAA`JN-L4FU2`5$
z<o&&d4D2(8Ho+03AW%9$)>v$F7Z)TP`vFzQ<ZzWU*Ps3MoGbiq<Q0V}xr{>ye@Ge~
zEsCB7%HJ+eKhzbN5{vOx1k5B@in2cyNw0wPA~XABa!wFhj0kZ@&U}7vD??_y!`d*X
zI<65nVvwdJkccUcy8`AQ--SZFXPNcm8sH$q+_7RnQ7wj0bEz=hiL+lzM*K)ACa{gL
zQ_y}TDoDO!I)+ulyQ)gKq*<%y^ngD|M^QFe)T2gIkooAxKaJ!<;4$Yt0uC)1;6~-)
z+H04Gud7NoZykpr0ojJ9F90T;`$5b<1bn?Q%sc!G+pCA%^8;oPyoS6*#V*Q^=!8}X
zEhwq}s30-i{GES|Mk0-EMlB~ZzleYRrYwAcI^H&+)oMAHt}BHM1~2~o`$mZz`rd->
zxpVaGf(SBM7_3)IN5>vFuSVD%)83nVt3zGNLW&IGC5s`EN7WQiSC+59{b7k9;~nmm
zUl><FA>%J<n{rT}HRcHefJd{mjKdoL-TsSciMLJ>VsSV(p};pB9T9;(;{Ocj%TRvQ
zZt3ATkZGsfIbQk@4h%AUdcXyhGHQLtIk&IxZ))`}T36cepF>&pH{HRvs(rlWh{PL%
zbXbQb#dC*$xvUR)S0DIcT}&IoBhR|^&f5T;m?@36Iu;W{_Wnr<*YsuC`y&&M`yFdF
zr|wi#+?yRqT;FV+91l{txL*7@8X*BDQ9F@Pc#l5%e5V9XK@ABpH7YTq&kX5Sn3!T{
z$R9~uF(abJ%ZAiw80d8P(Je8FiSnkVrt`{ofsf`BaPRFwzv;2KIQj%ME*cmEcr1qB
zAf)bsP{U^u6-_Oh0LpGDSR(U2B;?Y-2ErYa`IgeAg=S?@cmrs!mVoUMVOINOeFM0$
zfzm2kkaHcly&o~gZ!bSHAIyCZn`wd$KNf(D??L#`jbNGOZ<(1LK<}s<{zuu>p@K}{
z0n8@qI)8=YK7yXVJ_~?36~+`1xW}l-ND0I*y8{J|9dvqofVNRKK0bbB?+aHazYjEE
zALadoh~XXdjS0ts4tdS`Zvl;U<jx7u11j$VOAX65lQqI&PS3zF*wUkrB5q_WA)n4B
z$xG0|@t6`lz@p_MJ{mgekCzFKm{G7F)gNy(oY%=>PiTQxu|0}RRbBl);=PiA*o7P5
z(Sqw=`j#>hUp&Sjzo^UF1YH+rx!M&VmeW*hOY4Jwlm+F^C2U53;`BzaVdg>TcaP6#
z@IbDg+R6Y9o|NJ=gR8=M09xAz5tkywOpm<>JkifZy>Xlk<?98Uv=nf*h;HMW9Di<U
z9B|+%F|-DwvGLg82D>XItexR`IjKF8DC}Ik6P~khyL#`j3-Hb?FK4D^K$Ei<cJMp^
zy2_7)t+cdbV4{`te!6Ln;xZ<^d(E4|7i`MPQT)w~a12g453>@e==!iowcj}vit<=f
z+%XE69e>@jKo<Q(0#bywl8<%fUnv7D9GbBwz0hzx;g9D!CUx-$6^-k0{gJ;&ktd@K
zW*Xs0c13I5$lAzfCMKppLPA25wc(;{=HLS8gsBDUvU(P^>;tb4vwqOn)^n{=i$`gF
z;1vsAm({o*Wy=+{bU9zjC!3Wk1m6+MPCC!b_o5O!kJ(UuvS!670w|xf{-`yVoi~9{
zUk*3A{@5N!le(xP-n`mOcT#pI9E+!P7b59T4y@;kMOmpJH6>X#+i{(33f+THucyj+
z*95@4W|QE%(jpZFWdmJ+@3Q!MEX!~8q&c~o1pZ>`#XWC`NTbw+VDN5uO|Qia1Aip<
z3SQE=GuZ$h4$!Q-l7swNkbEZKekZ`U5~F602t6>Gl`Bn4qb=!=#3}(%kYU4~K;kye
zu67P*ja$JM9w)zIvkzy?`102brUThu^udA)`lzBeSAPq5@H%bj3C>3;X8~o+JT3Xb
z;$0PXlFzrx=ictz7#e&5;Oqw5Y5GJr>*(vjUfS`^(YCPWCJn4|#X^GlEfEnNHu8CM
zC`y@WFm;_GbW`n8!NI}idx`EZCn`!3gf?}W4W^ZqL_V%<+YAJeUJUa%-j)fafKXot
zdz#H0BjN`q^Cv(2k@WlZowqUVMAr0_cyE%Tt{DxdfdRCm=$a$@=Rt@u8hQVCdNN@=
z3bar;Fk0=)49}LV1eUL8PauxE@#zA4O$__f{On>UB_5IyC#4byi-&F%Z^s@KHB;rp
zxZ8;4KQ!-t=ao%68&ufx9s8-<wy&ml>rq}2N8`}(@7+%jmG?tvXp>)3GCQ9N^na`c
zHw}A&Sz4W1%~T>nW1FOzI}cw@ezgQT()nl$;BWcVvw3px^C_;c@NIUb6X=vjQMcZk
z09u{&82_C{+lAj-ckOtrjl6o7u_AsjF%>z0R79BvHx8LeR8Tok7i&-&^J8OxVT3<5
z1fDGm<fGk}Lk_~beXkPPh>7L2G|dpG#an+Qy(j}5e~;Rk)L?7WYmUi|)SL<6g0I5U
z0=-=VMzOT%djFj29;X66UES8B&&cS599es3r>epAue0+><6({Euz(^vsH~*~sGP2k
zg~E0d&<9w)z%(5i+hBvG17Z9Uz*laOjyP?WCmb*MTq>&zi%r|vdALxAL2Ijj1EFVs
zeQ%N|j0LltxsV}jyy-u@l+H{L89mvKuV=n6yoJ0I$E|-ZP+bX)Ht`pYw-3DGd0a{Q
z;%&mV{{DWOgWpC!U^+;Z&DMw}2=5M1!2144iq+jAl*z};kvAFxrBzWGf*}+MHEnBO
z!j!`&T?qSapgF7Jwik9)^BBScTIObBI(HpXs}l%PMzG8k)}1y>vZF0vKIolb7WL!S
zrpz>(Uli=Yp{(oUKs1J|dQcs3)-G}cu2p97LWXZ6H2cZ1y*pm#L0eLHB7E;niiR~W
z<N%;xrT+;Dlk>N-75?Iuf9qv{g+Z2n7Bgb8asSU2+mjJ4`s!p(h|<6ueYhL7XKXOm
zEs~WogOCG>U~OUEV7CbRG)Uo<{Rs;_2Y{LXx`KeE+60<g#jT63tZ4a9zv%|*@#ygU
z{vodemLmIg1?(n^bzGb;tYW7~<!+N#bi^@S*)<WkXSDm)xn>_q8}GHphT_f}TLoBn
z;Sy6|{bMUw5L<DFRaMaU0FR{}Bh!sxDyL=P^X5#w3<RxM30l~952wzRq-xpN6btG+
zS@CXRkQyzb1j}Q%+0D@p_SILgDvsixYdlnhYupTwFccfIeQx5ZN6QJryotdaN(tPu
zY~l0d!Lh3lXy2S94?D04elq2Jt=aMhGUoDok_!1f{dWu)An;B~yahjf1Frn@p`K!e
zxPT{(_PcbA@YhW{kyy!foby}0Xfvx9RWF$dz$wRI-}iULAF+GbFX%@Qae01J(~xZV
z`&J>*aCc+WETJ>AK3#^lU#ql&7%d~ch2&+7a}8I~=ZwngLl45Onn^$Bq@YQblC{7T
z`XJUwK#QM0+3F6E8n&FH8`kfqM-LQ^E}XU*HKCftylL~ePCCS&pwCejO<<XjEWrm2
z=O5V(niPjUEL{D<7?Qj{#5j{|F`VM;J1?;PAb8WFj7z?NQ)h#Zdw(wdbtrYQf7b#I
zHRF#W|7Rc`9^lG%{c}`4+%x*jOtBV%dV|4v;PTr-W^Y3(Zc;~N67p&*lK(JF@|0AR
z8xGj!F!*yDmzq%r<D$B4l?NuPo|W1~I0#K3io}6p=L`@<eh$N+xN{E;@3VAaeU>~1
zatihHUwVX_&K`mck1k{LEt*X)eW53hjN3U9j<OtIG)Z1IvUMs<sD^EOLDF#FpqWN^
ztwAx@M_3s-1%f%UT1RILLIEayi4+Rf^YLglcUpRK#vB{IzK}K{xC@S`j<iq57!xLa
zsDXv$A+WGeky+y)EG+-+Lo^@B)MA`>EW!6|$pCI19}vvjcfk@0H>k$~E6zPCvhP<u
z+=i$B^!jpapY$#nBXvY1A+LdONL-CPMvH80Z8rs`7!2WpH^h6icjcZ@aLW4y0_tMZ
z^Fh-|M78y~wyGvTcqy48H_Rb}ALDZ$B@UPoB5u4gXaYcr!wR=~C;<{Hs-1To_R*+J
z>mj5#w}wh@<Aw0QMhH~?Yk5$wO_)8Q(?j>E)Pzgz1Ck<fu->F+Bt=s|Qse|AMU>Jy
zgeZ}?of*2osfc=r1}8F3_gKs~k+;3Das_6{3q8N<uz_-!0%;UAyiYJ5-0D3-p)1q+
zj1C5rbMbO;3Zc}^Xf^FbZ(3w=$#>@TI9uTN#lv(bYUpb0x$XsTfu|s;iQBkC_b<7&
zu|&zW(=g}%#Y0SrV*DqW05dX8(^Mf0j5Is7I1Xg?vSPGK^cH1Fya~<x=z&R5g#@$u
z4SPC-Vu}@*ehXmC2Z=mejNJp$9Pw$j_Ac>+qeUoiJ-oD-ghpkY{P~`|E#}RgCv|=T
z-h~vBD6ygoSeyPV0Jmworhg4?^9J1J@wC}M797F_Y$1?qiSkl=XJAnkhN1HRMjkK*
zDK>AQUnCnJxCfU?65@adVMN6tD%V4UTn|KoV2xwtElMP;1T4A30q+d5P1jT(uv~f5
zGszB@RqqGEPfx5%8)h`{=oh6cu@Sv+LvHo$Fe2DRM61+YPmoi<6ga=7lY&yvH;mZ9
z;tZZimu&V{_9?gX5(zY4hl7pTYP5^JCJu7lg7WZMh+Nkplu`ffLu~&g_)jtc6keBs
z!V9q!Z-Bz<zg92~ZftaXpzs1YlDJy!gFlk?Jj)p~z#_rRfPWEli(@s3STlhRWobGH
zUe8m5h=N#&8{q+imzZLLAznM&=3mgw1w6GJX<uOQ;vYsByxL0g+JV7q8ex0-ujPTH
zaKY&mN4<6`p9C)T3oxqTgJ3qEF{<$cqZ$=3s`)>PJrjv`(+|!eXR^&nCH>$hJ^Ea_
zydJuF*x~vAWbMwut-fgplW-aiOjgHs&OllG7EaI29hAZL6BbavbO#Lnn-6MVHv?Wy
zgmlxoA)bppqp|}BY@Il?rNBL+<eJJM<p1I!4#NMlOn{|u3MfKZ3So}_PQl&_Kzi~E
zvki&}BECL7kj6Wp?F~tTnDR!EwXmTJcT~{(?K9w@tR2ys9#`3!@3Epo>r%jn3wd`X
z5iaBvVL*VztI^tF_&FMx^?sNi%54N@Mv4m43nkV#80Lqts{+wYeY{6bgqRpDt<;jO
zmElgOTb)-#eB{w+wX6)WyL^yc6(ri)TiT59<tyodMaQ%#X*izov91R_2haJMOE50_
zDOj0T5haG&4MSo4wHGzuE{&Y)uj6na;m$cj%&kJhOCpylsn49&gKG-nV(GnP&f$`<
zu)(IcG+^l$_Vz$K(FZIaPzb#STwT9lXkdWTo|dC6`24*-OwDGA@yxE=zvGiPbtVJf
z!!eDi!RIo`YE6<%iq6H?r#ZtncQm6>HBccuj8p~&>^<3uoI7aF_?RefM~9O;4a+JJ
zmknDwre*QL<@(^$AL3w8Px*l!@O|kf!Q4Z<jX$0AwitLys(0^$!Hj{Uqq%bB{JFDm
z0aFmiN;e73<}ro9CCIi9AHW@Td2$NlJVDmW_}N&_(SmPb-J!-o39dB0dcBM*+*|r<
zSj|xvNe!2Eo<?rcz2V5;(P8PDHaxXAxsVf;HbSsJHRHV~h&!dP%BT=BPkI(<klqL(
zS3I*rNj=|lk7+%V_JVUMXK8C38qjrH2t8XE+Q|pSJRx$EpdzF5^rtjj(jUe;`(=YR
zlM5KM(M>I`Hxn%3rb?wG3q%77bW_OK$Ux+==oGi^Xd@frZVg>gBXmx_OyyAZRzg%3
zbz%~4uUTNFqAVEBtD79>WWf&0j_#Ch{iW%mAo+oq^1J7^sP~cGAY1rEu7Ro(AraUu
zKGgUqe<rSX`Nld8$|<kWTu|~BLle06`qp<Dh;jJfyUXAEmQug-hm#kf;0(eBA^nAR
zS*PL5p<7#VkeQslbho(Y?hHKoOp87~c!1|{U~cC_rp4b~M;3cTnbVQRgQ<wX7C#d)
z@7n8kM<r15IV^EC1=9;+5}Zdn8+4PRRi7ogrr^9t#)rS}P9eOnSfr%FL$Ywyf~E$n
z-_Eq_+o9gL)tR}Q4!L3s*D#m<)M%ZIbi0J^%GSLYcwmjm!t)q#@#H(Okwh3alHk?f
zKKo@-Woc!6{7>A{lXN{6be>6H*l1l&#NB@FG?;v+MvGu0v-XairUl-5iE@Xsw=Js{
zTZOaH6n|vTB7nCYdMt-$ioHeWb?rX*O}XBfuMmqnFBF;}#(J026T3(T5j6j}VfimB
z#v#ID|Fvr4-UTTw18?=?GTRp{bP+iD<>`P&!icxSHd&&DfCHRWfRE32u`|{3x`L5J
z%IKMNRpttke%*y@Uf|NZgoiPJY_NN;O<vvt{vlWx2LmNy1ek+cuzLpall4?-TQ_l#
zs3YL5<BjdV)5(-B=VL*wr<$&$V8?=5vz3)il`Fzk56BW3{+2?0^<g9StY74rls&iO
zVEG1mc|vR6TozD3Y3)f`3=iD8<Hv)q2N(Yay9sAXznRR1%t8Dt)QG#2;O%+;Bj*lP
zpfNezlqEsWD&9;^ETi<r^I(C#2M|?VB1H^BTS<Mir0#Pcf69WnZlyCH|HkON*7vip
z(fbB&hZw}akKdM7u~m7raQRE^!Z*i<qYDR!Ac7{`(4d>9!e=;#{@<wf76C}<W%%wF
zChysBmXJ6BPbOr>3xrfeOo9|b3JAR=C@3zSPdIyNJN&6Cet2|#8!}9E{H=Jn=2Ub;
zC;TkGGeg)S#o+0$F(;0X60uO~Lcj2R&@gbv`}n?$;?xjV+>5F@GFdqRO7XtRzNKq8
z7*MGy8dL&*>UTcOHx4=Z24PMfQpB-ikR)6`bL=7LucyV%B;D&ZUS=pb_UjVt2E$L>
zM)H5qhTt6Ilj{?deEHHpdJS?BUT!Pa1~?L5{<2b~AN}=V>)KPPI%nQl=gD;F`k856
zPnw2*`zF$%QQ|9K#*BGe{)<;+1uht+&7`#CcStek5V!Oo+Pr<%w{a9__?7a#J+NIU
zza~k9IezwHFBU>dk@s@E66bO%rt2$IU=hwP2}`VR7(Zu(+e}=4D(&FM?50bD2MGp8
z=Y2$mUvu)tMS7e)g~w|S8#2g<>d91gZSU#EhkK<`4O2Y@=O}%{&`0bSyax?e2tnaV
zhS8-<m$c3#Q5}o8Q(XyVI@Iy5U(u9;EI@_--t46vX72a74z$QCXqD~aeg2Fr$@}r7
zyfm36K&Qas8&l&8BaYo5)LEQQyMXcH%--|aN^60+_Y=Z?Q0+loP?xOszkPz@)h)RM
z&via}Q>sFEFT~U6GwL`!V>$EBEKd)gF@j(uTldUIe>zMk&Iu-O`jqUszU|xMcj-Jj
z;_<-q&0N7K{TYRS3p4}~t#dt?U|&&gE>YkE8)#E~^0|x|t>g({JJGDLV}kvAA+UpR
zh5YdCTf!O9z`($ok$_)b3iHv*8~7thZ|@1=cOxdoI9prm25(5Z5AuYRwhd&6szBy>
zrYdKFElPplqF!AxPxSh95FX?l9UUzND>87QR#Y=S0LAUzxCPnxpJ-^*XtI*xPdE*;
zU||wB5SVBd>Y;~H3aQF-q<H*w{sYzgC14ZjzN4$-Q|P1)t$S$Re#-(Te0v_e#>G;P
zmtsa2r4sZB(doc^em-fxrN?<Gx3a~j*6(%(MJ$q2a}sku;59q*8fN%p)EV&ZhRovz
zk)d-crlw4kuu>?ycn!)`@2*e^c0(!16efk9Xlp+}s7fYWH><e;UEl&6gT5RxvK4QS
zXDFpA0#C-ry*)cN+d_Bzv2T1(KTZ+fVh=&|fHNCCK60J!qo>~M#JgZS;R)^<)@{*%
zazP$?kA&nw^K<Z+sp!p1TM<=%;B`!4Y2qI6Fh7KSN$sW`iG1O@PSaQw(9T|hqB1+_
zNLd<ih@sjNkAQxC2`Z2uV3|=56rp60vbsA|EX_i$aT#ZIA^T<Nr;vK>9u(u1p*Ca+
z#i&dmwAh3K7O_3la~WaRkRqGf{5G<wm1hzfh8ayrTOk>i$=i)te*Kikg)}apvC1R@
z3=DQKj{WG~Jq!^52V~=QA(LtEp!FB`_g8@j(-9D;`|m6RjsAO}_eb>+0C|w!-~Z$f
zJoz%bn;I>h+D=h5Y)N=%`D!HLF6zQQ^Vm+Q#r>o4{sM2rlM>;;sPFi8{W(+l6C)0T
zIQS9DARNs&wtY%y0-sVpDbOXjoCeGht3^)$cl;MXFkCN^WFB$)eT)6;IK0Oa&{|~t
zs~v%C*@<4_wVAuGS>slIeGv$NKC%>4y@how>5^Q3Ll$AXh!_k=5g}cW$^Z-2DEHs<
zvDr2oKyv>9h&Q5Pmddm(ipdTRw-0I3z%nVdx)CW-Si1t#1!>Seq7SoQ8-9dqg;d~(
z%~{tJQiL@^8{4ITGDvB(#=UYUwRvT{oJ$9wA995Vo5d%9%D~2^TS$dGYOC~FJINn-
z<S0+I<fqVP;QjcR{;9?3B*agaE44-V$aX;AIL3?xZ$#5bmBst;&%}x53PHxgIg~M&
zK6m}nH3JCN@v+sGs6VXWNbdx(43x=*<a{-&IBS+j0LfAmVXFG@3=0>RvPu<n#0sS&
z))B;rKNHeg%<ht9OiursU%@yAEe%Dk=bh<8Pd$=d_SZgTPw!7SK1F(Gp8y}Q2O~f^
zuUPj*pw*WBI8>?>`a03DvDhtWt(q71Kg=_RTd$W4^<I0P^yqf6^;4?YMy?ulVQ@O}
z2}DQDr#~#>u+>)bbgMN3?FW88+wE0GsgCcF>t(Q=;NOI135j$^UMU9!QtQ37KMQ{B
z6|Y_vdj~-Uq$XbPygkW5clf?|4-GzXqjM;43z5nKd43Fyk#_XrC8YV+>r1M8A2#?V
zY2J2$1;^PJI7q(I4#Dmkm3dNjo;>x|eV|2R_6lYhQ4cV*4j$WXjMlHJ`jXv(Y%!+K
zD#B@Ut=F;r!DH7*td><&ej#tBk@hDbbfQ|CYOH<9pK8xH$%~FS0Mw(u>hP2<+CrPM
z*?R(d5-O&``FgI<ns=0a2c|;@HvnGJwluztCG!Dwu>ifV1NFP`e>}up3o==3^s$$6
zf(rqh-r!u2%77?goYzg%i_)}SD)k1TzjjPE$a_wC^9C3SV74;>Y>BEjDf@JYwi^z{
zQ4^z$O$qr$4WzSA37TjYerNJ11W&;P`VyL9t**J&JQ_wLOu_0^vE;!PtPR_MA>@u^
zCz<615eRPK1)zr+(A^U@si)7*XIRAg-o2YN4Q4~_WaKZ9;bcLJQ_g7CeWq+BgnfU$
zYPa(P^z0N>Qn#yUiC?hxSHmU^Zr6Q_1n5?qoq~Q51iKz{>HZZ2;`m>?b#?a)JfQuR
ziCMF99E9V_Yn-+IlN^7<qT~AERR<(=8v7PfM`fqA;4fTAPq_7g_smT_I{&}9sfcs0
z@U!C7U|m}FsB$P4FoL--O)mq--=p@M8f3w&r1Q@{y5ZMK;EALw-k3k>Je)$yzh%f7
zBE^39{(G5lD!Hq(C;jS1v*$1;-F6jRz#I;wnD|rJ1PHReH={?^BS*PU(y_tF>xjX2
zFw)FOak_R(t+42RY)p(a^sy$Sj0~+qj;uZIPEA2qCLaci$y)Xq6%x{4m(zvu-&?OA
z%vNEsA4Wgws=MB`9sfM#J+iy@Le<LgC~UMi#tDt#v_#Z8gT8|d6H^;$&0HY8zIs#d
zNI`Z{n^V;aW%NR)q|s6mAzJ}2@u1M>#}tJ5=lL9XU3EDN%Kn7l5l$)d(~+u0Y%iy<
z8i!JeXsQGkWi{3ju}>Qn1^ebA4Gon9Vq)S?^|<Ozvt8;fGaqAEi??fx-F6r+TDui_
zHp}yCVCFa}0O`W7;I)IMnH!t+O_`p>>P^_xTaC122ha3FSVpo_LauB4xh8-{0}eyQ
zx$06h);*F-zi0a7HEIn#%Kos~++kv8de#$h@~O4pUBi&HC{6JQ8Sy`Nsysick7wMy
z;O{^3PKuTHBpPvlMb|_+M$dwmY5TuRq=^s*PKQ-OT(Ghe6l=P3=Yj5Zjj@cstS;Mx
z@+7(0rL%vlzCtU(=3{LUPO~@pMMDCDyo#0`T`Pn{htYTEu31EIY{qTi0aB^k)-_-A
z;3n;gj;-2xWlmi1Yjr4xzQ8Sr`Qpon9ENXc+uyrtP)=u;>kk<@W;U`NOo9VqOC-jO
z5))%q+J1>%4oL#4_Cc<8Xvhb#)x>t-ppf!5&oe$v-KEVCRBW}t8fJopAqWX|AEYVe
zv~Yc`14iBaU(PamlXI^Ff8RreiH8{2K7KKfVSah9Lc~S<RN0}PQo+^uxvLwTRV2&S
zO$Q`5hG@50QQe1A8O*@<cR1`P3}=;;h1c8l5P2e%6c*;V(4TNxuZVbsYCav{%|(xt
z9a&E7A40=M=p4sgoHb<Ys_{`Q0il#1+K!kXSFWTC%9u#XpjR7)qN1^Yk~0089*E+l
zoAIi17(J^lI2xmZUf6!y(Wwa0;#!FO1E*(43QP>%p0a~yRh52$N8D&$7f=!7d2b|m
zrDmMyz6U!O-l!?cVtr0V!cCHnD(|813~;1eD*2Ra4}H5_;bo@j!mc?(h7UnuRR^WJ
zLG0OMOyC$S=)$K|KfI`T18iDL&eU80sgfmx@VxAgq;B8`gdrJ;U~G>ND<(wGzP?-w
z1e9mlBqi2f7|&S<H#p<>TN*0y*C<8DToZ!|m?}$~=~(}cAYr_ID|ZLoeTc%am^5j2
z2lf*mw^$hpQk?}A;e9e+$>`6z0o-nJr83}2!ly8Le>`zh7`c339b+>C^-hOZ>oGBq
z#dr|u3VCkhmb610eed#(NZSXfqvcQGxbBTcAdA#)Fp=B@%GmFTt4cE_Mc=4>ZztxX
z8bhAtMOq+I$UqGKK0BR=38x(7KiKvJb&I@bg%IAt*LdI03L)MS6e*)n2r-qoTDN#^
zhuMuYkDqRA_F@Fv_;3G_5m_iEC0hsLqH+pJe2!MZGm9a}7<8WcAyn|7+avZ+9Ma3V
zbaG9T)hM)`Hl|N{rJqG=po|o+wk0@>6mv4#N_;4@x13+XO}jO4(y^aqX|d%Wl-ADj
zy&`h)j`54|DWqoKmkn1=&N&k&QEbnALe6D@K6~jLMh~)3T59o*i@z^KB_9i|nuOEN
z(#Et8o|8q=D7kIW9OwAC1XulG_POgzM2&{_onAMJqTYx#-p?5`5Ym5YDHfxe(O1eB
zuDy8BOm|k8vi`F~@&P4t(jk6$ef#&Je@37!RuPZfGdiyP)WjF$oiI`j;>6JY2_UgK
z?!I>zfxFI{Hna&lyX$5mX$kz=<+K(rGJ4O=87u6`{v+%i=5gm|hz|M+opJ~XA-`^M
zdZ(D{$@K08XZ)HtKWk}JO*o|Jd(!b)xPDCcI-(vP;#yNyLMqWto7<)1y;_v|{bNng
zA}+`4gMHwmH`LP`W=8q2dgd&vCYQ6?hfB9rH!}!YP94GZ=Wo>B<31}PDneeNF4-e4
zIr*P!S-&K{=7K1o1D#L2+F2(LUj^UltYB3Z&o$}|)?{2j4|OFQRmK17Cpe^es`Vl&
zBfIM<B6M~FLd$h5TJR$Xsn+j0b|J`m*F%DD7d&Vjiqg>;=TKb7M3QG-BMzJvsO2y~
z>CO=!65rQiUT9}wW&i^eh*0V>-f_)R91dZFg5!UT+5Z@`|1oC&W6b_v8nf=z0Z725
z0A9$Jr&C!v==HoaNw%@EksJ7UtFJua8U<<$Q^2Ki0}1O-O94(K5NoCAW;i|z#183v
zudRR$g*e*o&Uf``C|X}~3{e2PH(@2ymokEi6!zyX2nSLkO@p9cu%cNuR>$EQP^o-W
zy$HFl$o%|#55R?HBN>JKVNao}DXdg(z<75#7VJDZ*>~*SGtcS#c8mJ{nYVfqSFg4U
zk=lacR3<j6zM0C(xvzLu-z+BncYRZSCht~pH4u$_fiVcpDkn|^^WUGTbi)Op_ohH~
zY&Yq=$n^C^`8>&=gKwt_1=ai4MfQgczW{%)AV5u*fjRF(LxW@m3=kl2S8n|}%z;IC
zgZEIr@kf<^l9B;Ry$AdHl%Z?``;ZgM%+_J0??>2D`N<lOe+muIIq~R)#3UGmcuIu4
zb%b~w5`HMF_U1hni#`n;m;B9~RDUGiR4LnSL)_g($G`dx4oGig<nOa|x+la^r7#@i
zvr(~ndnVBp)@erRHF+TT&<a?HZhEx8zPDA6*9VInrGQL}8`-$rU+wBx0W&yH65&~r
z5zgd<JI^kJQV6^)`x7dfh%B!AQ?6fs9svTH0OFM!wpXu=mgM|NJPIS{3xfiZr0rs-
zN*y`#h@B*<VFMw0;3f;?7FW4Cc+Pw+oeLouO$<`pV;Z%wmC|j6&2X*A!*fLt7hYS1
zsPK0bx{4GpNiC#P1#o2XF}HQHV=Ps*Z@V0CH!H*Z$ubl`RM!CvErBPzg~p~`_At-_
zuyXIA(4pdv!ZywX&_$s&tDXKmiALiyXuzS*EmCiOnvHDiOt$S5Fq2)O3l|3bK&F%7
z@D|}4C#ScC1d}-W#;?vQ*slt|$4%423BR;Z=)C0o>}}0yDJlRywM8Qld&i6vu|L^Z
zwr;5rkH9)c)!T21to8v6)s20_?V+sE?1eALqVBhe*REYNd&);Lf-n}VB$E(~s6P~f
zveUrn4d=NCJJ^c(=|VZOO;P0s4Bmvnx^Xf1uYe9|ovK&O!nrT}|FQKJY*lt$yYMYH
z3RskYl1eus2+|GG(%m7oK)PGHySuv=T}lbk-AFeqy7}f(pJ%`CxA$@I11{#8F~(Vg
zQ*;Vh;nUk!i+?JFMZR|4e6Vr?SOXg5f9k&fN0BkKqX3kP=lVhN`QxOO&+tElKWE=e
zKiaM?E~Zrl>Ay4I0VV`g%mNC9LV{2r^B3HkRg}@!t0)0*t;rzkLSBeaBS>Tw&>zLq
z48|5fBqdBGHS74)^H$;6A7uK`i<iW{;5)t(nEh_P=7y_3+riQCB(8b{X<axgn5MfY
zuiprF)OaETgtU}>6&~)-4B)5b$1Iw637}^`XgUtn19QvR;lt<IjWWQPc{u9k1g3r(
z0jzGD_u=l3b-6Z1Gb5BgD*^F%%c%7SoYz{?9vT9jw=YYzi7xyco7ZI-5AOahm7J{}
zrgl94&rehi+D!nG7N~CjKq8Va(Z2?2<*^^>X>M0ka4-fA9}R)&rjj6rwvv6xg8}<z
z-Lr$vt{Ah=sgC5&h`7~VyPPW(lzxEZ?YIJiEKYhYm-27mY)JYM*u6a6osPn$RZf2{
zUjC~Ruo3@~TxbK)2wamSjX{VQ@cXzTV_099qyoD9cU3xeEuws6(mz3*SjC=(UCNLy
zl=Rrh*zQfqtg0X$6l?e_Qx>aXti!=XmccV|QaT&@EGl1bMSpvSHo<8xR*Y_k;_8*A
zp5E`?rAzi-Up+WK1aDooT(sZNlaUGCQqj>V_z@olWWk3Gw%Q(B(P_0L<FcAd09kL=
z&5g@x9*~1-`W}^_9<{Mnzf}HH(`TTg_y#`s)4M(5_n|TYikUHFOo13oWGl^n<wWt(
zxYd#KJ}cw(N>0_rnjSfQwK3`J+nMa)HkK{sIt}(`CQ19o_;?(@?`;;tXD*L90F9;-
zR^EAB1(t@9y^b7cv;csHOzd5N_UD|vL4KI~8r1Dn$Q-^B59!JjH(m^jJh9pw<*_n4
z(we1g&Cl*KBJ1dsaluEwFX=^)xBN$`rc*}Lm?|b31FNXDk9z(>Ofop@JI7?6UW4Hf
zjO(3IZLqdd-S3ZJJTdStP=yowphcX;-Top7r;NV7_4JTWU0y`6>IYaBocLrZJ?u6I
z#ed@pW{Ev$54|Flnr^IblKW5Y4%9Zgu^h*jr9#89Ixaql`3L2F{g8Qa@gZ;#CNX%V
zDyX|MKwAWROn^P33{FtU{R`|k*<a6xOYRAcZF)5mY)r}?nK&AwG5qeS{8b*Nc}s!s
z!L~6v)Ix;=i%y0CGG2dJTtu$thgz|JZup!>rhM=R(FxJ?d=cLG+T!*vV`MT`Rc_X(
zOrOk;%xN^_kaoz)a^45XDSXyQ%J~#$_+u=W52L2%V|LdTtdKpVY)?oq$tuYB7OJZn
zq46<@1#3hL@3GPRgf2Bb73OrHm{@^-Co~d+TD!d@Tab>3%VN>jMrTntx~)*dgZ}pi
z^Zr0o5&#-HH6#9dYhocGq3C!c_pKVxQKIEO%3b{<N;!OMYZIXJXXp3|_!l?>?(gIu
zI$n+6Jq$(0FRn?=E5;zrw3KG?<La*tVp9HjEza4)5B5fld3TtBv-xpNug!UAg_AgX
zznUCxmE!s+YTwb;q{5|`5skdNSbllk*T-UFRIPP_C=i@eix(hz+ANd-35fcl+)<4F
zMR5AtV(tiSxK;z^U<h39{NP@Np7WV(0oR7;qT4my>Hhp|9L)Ba34rq^IT@wOe>Y$u
z+9D4Y#Q$*TBXimeQ=m9#57p9GNOA(+qOz`=WJzh)R+#`ztg>owD5DbvyKT#)MQlr?
z{cNT3oPId<_E|j<GoHy*PpqU2BfqZ?v4UE^2RN>Qy9EP%hIxOK@z|Z@=C>9*f+<Bg
zw`tr(|5mi=?JL8!jo0aEe~<2MJWW^+@ho^iBsP+*Lm6_x8|a1Q-9`E5@npp1mY4;n
z6hQ00{&e2qQH;0_X?YMeO$Z%jhF|M6Z<tGC#6>F!4g*rZgjBYiv%!d{vmv!*|KQG!
zkR$U}7~}+YQxdHtPhMUz)P)6s!2~CtnoCR)O+{~;VqDxL20>sY?0|B16Czyk;_U~o
z@T;ECL_z5CvhHt&3!wGsV9Gc9PI1*H82XS?UClgGXGt;-W+B6C8#sZI0!H~VgSU3=
zcCOxftFWjv6N^T12wb;P_Vczlw}55J*Jnagi+@V=Ai$3T1@BkTQ^Qrjo5KGs3X)&~
zZorQmc8>YJnvPa7g<=nH7VK;l9Iz<xN2SK|3b2o59bYqNyPx*vW6pjnd01VO|JBf7
zLnh7Fcq~t+aJ!1S)t_4>D$7lghcUHbLb}wtIBWxwb-uoupOdXV+?AJ5xfH7<FG2E%
zIWq~>99*Q0YMH8eG9k~*0xfJuy?SyPr(Qlr#D^D83DlEzJsszU?*q)>GnX~M_k(}}
zKwSZHL3alJS^yZA3|_PCx8A#f@!|o6UTXDLWHlz^f$Vm>`Cn^+G=CIRnv;*o@F#$g
zonPp@R{Zmv`^Pxwq&oe1#JHH>iWUE+m`A{^WA>wHoK5Itv20@a36FjZQeqfQep)iG
z(o-}3@7M3MLnRA&elg|ce{ESP56LYZ%rVA;Du_i#?BNb~?%@@r_4f|sMYI+do?M3K
zo^CD~ZrOYqb&8HqzO5W3OL}ZPSEgpXTTCaW9prDO{>#oTO`>6CXnlL=As&O;vKl6y
zzuDg_n}k?xDr4e(EBNj2Zm&m&G6Z7syC%W3W{Df#a+gahcsW>OJnE}jYc2`qM&tnw
zGp^-oo96T$JU1Bt)|DI0mE4Nca+68Rh%70kT(U;{BFww|OZ1y>)pRBnax_p-1M!1D
z1wbu;CR2dM0rI=%4@94d)Z%A#uZT^(bo=~JO;;V?);v;73DsPJ1WCU2{*_X0bKQp^
zZp|n;y|x{UX=*#pQiDe!W{du+If@MN&0HLQT{qP}ie~ikSdb<g=GyZ3fxRTrtS}?K
zgaW5C-_e9-mX2EJC4hxrL4qG53;<29b(g4VQKBHrf;a^DhHQW_n$npzlfZ6DM_yG`
z4E!H*;`|#w69nM&sVZ)78iQt2Jlrd<TK6Sm`@6W*rM?W1X$$za>&AO@e2@AX^78qc
z-2Fd5-``uY=f@YM-xqkv%l_FGWs!3U4Xry8?5Q(Ij1(*W*jK4()5*0Asg9Z+ZF8W}
zPn+q020Vcdi!;>@d7aLV6GCV!Ern)dkeD+YQ7z0hB4^M5W;v1b5I@ioPR;-zAKKAC
z9<jINjhYK)h4{d|)@$3qNg)ESb>R-wu~H2VTo$wV8H*C|?vJJO{aeF>rv;Az#lps>
zwuEer<P-v1np);F9`F#se<<Ohm4EIH{*;_5Cgs>R;9#bUl-u1)N+?}5{znVY>>fWr
zqe<vAPElm+EK`8cfuOcHKe{y`kTk+LzkPrZ66d{8ugwL+kfDgfi3sUl%gM60vk-1d
zuHJsXR>tXMD9l2qti?MUBt}`AA0H?#zPX>#zq$OtKwJ(|FVS5~|2$v6C<u)k>A@`=
zeuKKd+Uiz!6vUnelV}2u0^i?N1B&ScIL_ho7lZ(_C^v4R-f1@?N-+$E;_w45JrA5x
zA1UrjeW#TW)=fAg{v(QF)Dwv?KQ;i&Q&0Roa{L>dCIzzO=fquMuMjX6m4FDHTsuA=
zv|Vsv{FA3oF_^%cz=&xw9FX|4h$;v=j73zcsG#H0*@=E?7At(u)$}T*`t#aj7VL3N
z^++KLhQ-~$Fr^4O-PNBH&o&#RB<(6Lr-|xMR%@rLNsBz7IB_G;Ok$Jyw-JON8rTR%
zER}QyVn%WCl7h>kjKQYl2dQ5m1=t^?0JGzQQr&iELczot%&Dh=1q0U?S%wQZWzr}X
zwB;}zWS0gbVc|!6t@n2?h=`;|^Q7~D|9c2-y?QRZ1e{NNg*@(H@&tp(UA&1tXux0K
zOw|Pau29Q^sGBNMewQ2NDNHw2L7+k{1&9froMTN*`d8r_3#?|2&v`}@%ya>S9||98
zOqI3MJ6v{r;;#0Per9VeL{kZ)%4XOfEu4w^xOfl2<NEME2#Sqe#5Gfw2{D?qaWYgE
zFHAG*zB9{R-eDI0zr`u{!pmIa4rw*3tNOP258N4rOTk?00)q_N5g0dwb`0iz42(;U
zW`IT67R(ruCA#MfanlDi)9@e~$=5%%2eJU|TO_tWKUL^US|7Mx@Tp9(<8yGKO011z
zGO>(|rxjBnMW()#X2qWh-sfyG4he5Uh79|g)u5Q6Q>5J(GKE|kSFs~{`any3!2L^-
zII{LHo?1jX_-dP@|M}IqgRa3Z^x<+Hub<d0JAd%>6ZH0v6}*4&bpGPEBCcSwTq)0d
zhy;?Kat`--J9g{2$5#;Bmd8S3{G0@%@4X3mN^?}LUe!-vVM1u$n50!R>6-hnlo6}h
zBH+!gM~OJLLVIeQ#2G{G-UYR&B#X}mi5scuFxFT^ejH32i*#a^W=u69U*0hsL7Scf
zR1ew^+~q(R`m*!i2lK2sKv1#hjkAe>P=k3f=zf<KYkKV{I(0be4u4_cdz!>0qCL0}
z10Hu!%{P3jp4rd%G~34m{=LrKtF|_i(J6TW&;g0u&r(w%p*u2{>E5O+XeA8f4UHA{
zAnmS4F{;fD#!xiIhwSp2zcUDxzs~uHd?sA2IxDdxzVzi-xH(()dLbvB=!!NPCd_t8
z(Gl~%db&RxR0+~6;b9@(bIE}2(aZ7@)6|y~Q;30qfnz_K-83;+Zcd2w{KEb;Pg?qK
zvjPz>;!K-deM`m9tpn&=--Z$*fZsR!*yPvM9<$l5)s+B&9hyj!#L1DT<Ys#o%@d_E
zvo}}zYOiLUU<*DhwZv)=1hrK`Iqd0BQ<Y0?U%y=a(K;<_%CfqzM}cBSwLcx4_NwRe
z#YgqIP?jxUY+W?iViG5*=^CLT48!Fe08Dwor5Fsx0q%1SaivDFr9b<Royp@BLc_sz
zLpPJaLq!P5>l7tamu64%E3=YsZ5&{7PqJ89%1q!Rs3eUDQ?17)G$cl}9(|@^OgfkQ
z*=W8+mi(!G=UPh9QIL_M9pP<qjPxjrS&>b+7p7-O^D=B<zt&Hc9k<?1MTWOlYVIQq
z^hM$AG!zSa_*4LQblkgtzn`2ytM>9)L_Zy4HInBhAU%Up-v}Rm1WPM=?m(F5V-7^1
zfBp~<Z5GdM!zeudAxGfleOG4nMBHdIK8M*=w3Jwmfy$G9)?$(x8nM$G8=%;{jWMIF
z-q>O-w>|oH9NiInPE$EqD6RO%n>++H{Utp$!y)$~T0B=H6PD&{(@@oSz2jzFcH)_^
z&wEnFq8zA!)~oSd!jZ7kWfnjhjtwCpX2Nw}aQ2a)aK^b6Ouu5bTI~@Fc@A(cxQDm^
zC;)2gxWO!^Es#!=4a%qMtxQ|JoffJs!a;WJFUWs=<-F<19{blV`!F=>Mr5Ea4F6da
zhO;^Zv!JCxT4bhE3HXF$FTrp>9nG1US7{n5Dak)uT+GQ{W&5u*UrJ0$nIN?E)SiBC
zRp7Y;Dzpb<c>B@12{h2vkbYi@)uk@g>Tw?!+>Q7v$Gs*!t3h$WbRa5<kVCX<GAIab
zy6Ka^{~<s3c5mS#7I>opJlftfMEW358HD}3odE^WRuDr=zMMYCN-&dAhd;WV)Br`9
z&0@4o*v4ozBkg~;&Z9qDXY{Sm(~Jmk{={aQEk{(HHj|zOs;cTD5KPiVEpQbnkOjV1
zs8BGIPZ`Q(e6cF1t>>)Hc)rXXbK7e8O*paTL)cMZAXRPt*MXfRK6`xg{eKXDTsQ?h
z`0v64;WE41TC<A2GZ-pnw9w?Z#?uI9h;0HXTlPWgz2<GOG$knGSp!&|x!2?Mep^ew
zf|Ob@sDBR&5RSmjmaf-(wO|Sx&u_3(9sRe9zBh)(7=%QNRRdQpYBTWU0wXO`Z*OlV
z$bJdt24bWmZV`M-M64GthJYwW3W#C||EJBrpsp_de=6Aiwh>k27z2L8u5u$>smBTF
zWdB_(<_GiVuJbE^I%}Rmi4QExo^Kyy$bBW=7aM3uPBz3Ppf;4x7t-5KOHbMWmGCY)
zJ`y)764l<RHhlO@^@ATYH+S^@(Nn7PgB4E*^<Mwk`k>m@*4A`kBwblud_(QWOw_@}
ztbxmmao%?=n(IJt{p9`01JBLB3IGwm!m|b1%6Yq4$P2bD6HqhROlsIu$?O$Z4P*ip
zQOa|U-M7njA-L}|-EViaOsKX3C{mS0^>=1!Xr8@#_Z5!00tf~l1gr$C52T0#fnOeO
z*fi{D6javgw>s#++b<=zjHfhWc@6Y}ad$wQ*02_<7TtCR(hEMBo72PX{>--9^0=H1
zZ^_8WWWcMh0W97fy4v247J6H=bPBI?vz?oa)_q(4d*tshhFljXxl&uJx;M>H;K!x6
zXmN6NbV2$~fGj5`8VyI}nH+}kvJWKReJABQPk~cr45d{h38O~ZYGlL_4|{sx#@J{3
z6AzCxiYdkY+Zbj2Aoa;qXRO<q(&B%XKxsowCzn!H=t1x7?p>(A5+!W?Bxq~&SEJk@
zHq}7N(3C87i>8Ke&pHsvdwSUaRTDKW>BDxx;mOSkWf!y6YP6%XRG4wUJ0?;{fNHlR
zC|I&+xBa6E%)uDbb%}dG{+JJ>Jmq#k;D^a{1@P*vWb1(p;6+z>*o`pFy6BSC)q1&}
z6yVdek?JgkqA!;#kpZNr$_hW`ff`iI!*n$F8BnUm4uIs7@eR114hs^-eU*<ft?7EI
zzzzV{W(g&6qIt)3XHL4Pj@SQPy%w}TtH%)4mF`LMIz~y){YS2KcbUA)2*z^3BH`A_
zr9Vq_V%_m45AZ(HQQ7z&E-`1);IW(TK*vX;KFd@AEo1u=cR7Bw@tsreQ1ZL)I0rwv
zoU4RN_k?nokLFLSwKY63W}sMDqyKg@=YZDMX2&=7Ocr*!O)JO(gzl(_O>q5wibhWA
zI2}$30N)F7)c}I4+VCUBfY!<K;VUh$3+L&HXMq~BsBj!4Dv1!V+oXd=JWpL8F6hJP
zx>(+3Ubx=_;}&y4vXmSh8D!jKBlTgCVu|c^yFxQOGaoLRjqYIq^4aZ$=0<Xa{lDk$
z`qky6cihEMXJ3%z-w=j>ki)NhNDsV=cEI@rFEJcNSsSO*D$W{~o1{^G^&`MW@xb?F
zPL!_qR|ySygF^~a?3Se<1N3!a-sRAM*I-Nbx53uzOs$QvO=JcvSHn%J816JXUXI?6
z!Qk3<=NZf#yz5aA7q$)x-1546b&}?t^dTvET@k)0;4S&PD1UnNv(SS5)bRi__4<iA
zOFacwc%0S{Jk$(h2uzv82+{y4Q^ll}mSn1VQYmAarZ;R1m%Bh8THn*fKLgHPadLpa
znMD)K7h}(`KT!xiWHBZ>8tsX#`m@OjJrSU!4U^Bo*XoO7P$HIWwA%yS|F|tkc`9<Y
z;;tETl?x2+K3*oP0a0L?TcdeOM|V9WVcBqDD?E%HL>0yDBv_ulKB(%B@sGqgNSg$K
z5-|+y^m4~Tzc{-7W`8^&Uz)T=+yoX1z~jt2s><0&IXkn3+`9%{)#+Ff&)XR>HJr6|
zt@UqUqs>EyRm@TpD+~+_igdjsRaD?5za%beE;gOoC-0vr3I=4R6SD31+}U1(<Z@dR
zka6~MD4(8_d#m@>@xt}+#8|b)%;7I27i9ibr@d}`C)hPzbgO_qN1e4Q8Q<_U?P+yn
zV40G|n@UGAKeyLQDR6kIvGMFoKO)4ZEC7>&nnI;x$shs5IHa%}pJYc#WrDbcQFyZv
z8*$WP3h0-bna^}qhYy0do06kDs{tD{1nlmcIdPhqAZVeWq6l+ZxrqZL!HqvaHaob#
zJGdWP_|hbTM-<;CE_^wJSZapHZj*nt3qo3+*7S5?Inin#b&6Y)V7cNWt#`yJMeM=d
z{FZ9fMiEBuwy~!r`UPI#2LIWcUlTp{<J9I?d~n_Vq4-SQB5Q}ld5wBo$7#{+W+r;F
zEK0YP-Q24<cz6n9$z(LZ1sR(8zJh+cg|-UY-ODr4##*C`?hKir84;6^kpE^MH;`hy
z)b=3ya+JYVvBY)3*#l#O__}O-bt+{(Y1op^eqb$#=V-H(p^`G~T%U$Icc33*>-(|2
zM!VdG;Ctq9u#!suT}i-*9PCn`>NA?H_C&<Eb;Zbsah=7p!=j`Sxz?g9M?Paa)s5`J
zgH!++7Xu%^1kYEBxv+(EL~{I>x{Mp(4OK)U|Kg*j5U~fw4`u>MxfUHBT>DK$LE#6u
zM^rdHwgse*xnO8zzU!j0(Q*)~%8~&3MPDq<G+1=hWp8W=jRp&`2pG^DgH4)uR=pCX
zbm;`tz|l)RSUw;v?!0;BUlMG3^^Y#ZG(_s{nfOX?j&v~99jB^|<xZ_NWBV$W$eMn}
zO<ODA5fQfEs&uS6RPpxqIjL-}#=``VW=k9@jMxo-zO;P}#w&D-2VA~Tg?=CRbAegu
z5r*xR_dqRIgimMr2VM<e4x|APksWm3<1c9|*EcqbT>pV5VRhvXw1OUX_Z_Mn+dqwe
zZ{wvH53NCT&09X6MwHC~oV==-%Go<l9%E6vH)P%2GTzaoS4(qTMqe6J#HQ=;Gwo~H
zkFWY;YZ$QBwA9^CU=%0a-+ZDI6UC^g3QTIADpkQS_Mh*t47nX+%NlCl(Lcguhvu!y
zNoDU{KTChp8ck<WvV%Kaimox|wn0@;6^k=8eqZYeJwThr9S_Q~U@(=NeB0tekEK;M
zAfSIN_WYK&jpHxjbP#`XG6z)Ug_J96i8nsAZnsV~0P^5gYbuU%*9680vcy9o?(%eK
z5Gv<V1)zpYx<b`&jzI&Tv^`l?hWH_g9yD=<ztQ00=VAW%*p|B$-G$%ZD8B$?SzPZs
z25z8RMZSECQtF|n6Ljqc<nT72wi*F=ckc5j@H<7ZqsIzKaCgRZe$f2(1Iv##9i%>Z
zcOYQTuDH$l`P9P4-u9ZW>dHhHp-$I=$vl*nv5*S?uKRx2Mo{MjP~Xcc^jGwBLF<nq
zXowwocuGU{J;RT)L6~Eqm=$30PI_s|^2xfASS?B?cv1%e&MCu<s%aSf<ZqGgCEQlF
z;h%2l(K-OH(T7s<-uFWn_MTAImVX_=SfOHK3&_=&^KE!9O>Z&aTnQthm`vqpRG7W#
z2HTpktVI|UX3@#XvYJ1-4w!*9_UygLK!UW!q=oG53ZSsE+yAAyjMj-BDiFAgud1}i
z`c=qOr)EN2BPL0EznK;yWYa#o(<cOttiwoj*5II!8(k0vbqImq|Gy4d5tL>{wAtVT
zY$?sD^2ZgEccmA)zar1;_4on-|4fi4nUvc>jm@djb_EFMF>Z4gb{eH7*qsAylcmC|
zAQ>%CKU`YLV9zSAF8@n4#iCSI(L7$HM3b=tP$~KQ{?_p#2e>T3WRQz6sA#C}D6|N#
zp1*`8B7|qdgtf(Cu^G(l6;*&%^kB1T#1_3`VqzM1bEeH5UnNrFOH@AFCg%aB)<1z-
zCM588BH!CX3Zdb+ntkzcpg7eY^ip0{EV@NN|N8C-I#y~KIZzNCc6xVzCz9sI9x*a9
zN(K19l5o+FALn2{)yOONT5ZS(k`qe{CzQ2=inOGY7-%YkHj68EfOA=s<!YmK))a5C
zpBDpWyCOXf1+MZ8zn0faA>i_|m>UxRjV=@ttATJ%jG>Eggwj=K5UCRVva{9p_s(1Z
zsAFLvP32fDYK}J8s#B>TMN>?DMNYG<ejT@AIgloQS<_Ixy-S>>NE7V$#zI*=Sg^EJ
zi4#mT1B`}NLLekkwQPTgGXz>F5pWOMk^$IoDW@Ysj71aLoA=`gi>*GEW<y#28hDGw
zB6VBh|9xWR@=;jw4koMUZ-yKBQUD$l^$+q(_+ovnKxzL%32uwg?biw~rnkw+K6$T_
zCR(cCEeb;I7YU>>xo^T{M@PV`4hUX#deFl9oo)$qCp-EwFlt0-NPKQpQPEd(AfcWv
z^adSv+>4I%*Pm$q9`jW%4MZCr8+nRKxW3+mh#kA?Iom2)jlBwpcY_5A)q#w$gtG-_
ziy8~u1J7>aS-^>mS4w~bsf)uft3MnZw;<d>#VzP1O}%FFq2=+DCki|Z-UlGor%*<J
zMS$_b^XvWLI~nW)<=vIuhT}n=w24xUqArk8q)vx}K7H{SZk@OaK95`Bny*t0p_z6_
z`*2p93I3OQuzl|FiIX($377uB6doK1Zd@XD#|S0f{B2{`e*2sy0rt(a8*=74RO8YT
z=|7_duT1pU)-u(^{h{pY^fQ&A2z3@Mx3Pq-CyZjEk_rfTN|j{fq@U(O$MMvEupDKg
zkCj<yX^nWt1!?y535f#)w>(~KMa+1>7UEi=Fqtk3E9nbM<o;hL?qEOjb3F293zY&z
zCG1CW#Hf%;@eHJP9_&5rItLXBr5c!<Dcl6(^l6DK0d&(O+<P%T%%xT<-=AK{D=(af
zqUJA=<*Q?LJC|BMR25WSF=4w4MrFw_hzz0GaFAxj{s)iQC|xRX&7{%$IlI5p`F=^)
z&Ty9BmHR>%197FL0{(Ry>O1(XNEo3t?H$lYR46M&xzkn(t+yjFEg}33V@pRr++ia&
z!e1(50!OVgVZ0LSk^1!7`S@LXtC6VUgK=rGPtKJgJdIe-3cnn-@2Y2NS*18K7Qc~+
zQYA!nY>bT4bV~p`f8(8}Bpr@qx<e`r`su-B+`xyGrzQ)<2~6JfYW<orypvK>A0MtE
z5p|4?iT~W?qQlaP^Y2aiKhKH3*~0YY0#ohVBsaBVw#AeJ`=E^I)Uh`Eq{v4AOdwu?
zx#`o&!n*F8qOA^>+P7bO!1M50fzzew=E&pU=bx@CV4c_Hz=xndJW+4`S>dt^>x&DF
z(4^@mQV0rUNFoG+?at+}2Z%0(6j}f-SNitq9FNPXdIks1hBUr5fE8IRwwQ=ghYjiy
zrcw5`92HbWQApF5HLc|2fl}diqj~INnOnWHi&(>!SZ(!WEb*p@9rZ`uckI7i`{rx-
zIefnO*4Gu>vq7V;#HI-jfAXBH1acPEW<~Bz>(CibrJnZ9-<Wa?v$72|?I#FVYZ0jB
z!zM_|T4BCdYc{&N2|Zob^X~VzTfw8!SuBtnjy>z6Z=4P1L9{cP>SFamonr-##J2}?
ziUZ_%^)d1;%?;qN(y*QU`{3ZOY`0l2@}Qp0osR2z)G<1yHBhV|8aHoWD(=)d1veWS
zZr?=_1d1Zfu9ZdFO8-uZ7Aql~C)VoyT}WhyZl7JQK6i%_#DrtjUvwy9?+_#42iedj
z1CNeNaD7yebmAIWD(L!UDLfRLE^579KK^?xbGqEia+iD_x^l^0Z*o+&&6ynR!}7O~
z(SGuP;rw>S1$5<f$x9-y9sq^CtfTD=2aORB9IO$~y8ANc$av$$`nlV_8SdyGsLXIf
z7&Z>sHt!qEb{U$A%n={AHg1GM##6f$(jYs8KQw|^-Dbq}4A-L>a0o`&LQ+4prxn&W
za7G1MXt<4?u>H@b2>_X^1bL~cwB=mKD_|{ZBmHe(ls1Nvm_*M6(jVLl8+~Q@-3W6H
zcToPf5qA6A2oqU%#ka#7;aZoLSYhc|USkwkbV8(H-f3?(g_Myd$`lP=@-asVqs*<t
z#vYm4!ZC<e*Nhi;DWp`YOj%@zD&^?$q~7$7f;V&Q|NSm_hnvE{)%Os3qafJiE>Pct
zop;wNGqZ2wc>hJddh0g^8269fr~jmHJ)rvoW#$<~z9c<F%s$%g*J2rETT%K%9c1<+
zV9fs9=4z=)F*>r&dhPqY0Vagn%GairG&75Ct{^u(Kbqd%orF#uPCWr&U50VqT0crm
zTrZ{nlQd1ih0`g>w*;vbNC*pmRRzx7q@z&}p?U5f;wq06_ukfJeJz=DnZ9QgGZj*L
zitHwow4W5Y57W;iRHtzSrS?WpC9B-8^%US_my@H+5d!jnh2)FY|FqB^M1Q`1qdS=~
z*Zwz<eYAc4{<8W!Du^<4IbTOC6Jut9<FoyCRrkQ>ih4&u9y9BKFKITJuA?cnaYk(R
zwhuH;+l9%>Ey>i}WKf#j7tF^>E=y;NKVFc4iqzWkf7Uq%`@Xdsr3h-%>T+_uZr9PR
z%|``-A@!LM-g26m-<TxMg4r<(6ZZIo`x%=-|3xZG|3zpZi$#HTdi6v}!St|*><Zt%
z1=BJDJ7!^z{!@-e|3P7s2mamDNB)DxG0*}u&Z<C0ED~edoI4vOWX|F<+sp(;raf!@
zO8>Z-`nX}=d-F3ECm6><Scx)<*}N+0u-a#Zg+=8NC4g8a;QVjIQq_sZ6S7`k9dNE)
zRF0x{d-7qX)_Gd^stU&}ucW>+hTGyN7UcS2ZKmXJtXtI!&x^0p&_$$A)5T{(@`ko>
zx_oJ3JraFvyIPK_g3nN1FN5hn_fpHj4k0RfWzhcuU857CKf(bF!MH2t^|4;RTo}An
z_8Q%3dzv|bO(#*ewL+U%PpYL*xrT)^ns7alhlgsuYr{S>3kQgg|0h5U+~syQ`8Qhx
z=u-{>MxClPS6i@Zi}M#^5|l-tRivMPQyn93McTvvXY1SqID8TAPv8h!4{7kdut>pq
zVn$%m6gm@(pJA;GxN7*Sqv`$GHaL2}%H0|O{Xu%Xy~1O)c`+GRfGMn^ZwjO-45=f@
zk7}i9!orf|gdvzyZkmd`wJr?-faEZCwq#txiWyq@o;dO*<!6a;OmJD8yZ-<B=re|_
z&2aXElzuF;MG@*LyR$xR&k_-n`ZnxKAiOy~rlP3D&44T^o5ZVLvMLO4F^<aG6K)a?
zKE*m#bbPg$=|`Ajz|gc>#PrJfEIU=2OZbMB{_mOnBF=m6s&(#QzTtiLi}ZDZQoRou
z^GQt3$@e498ujS=<jK4T^Ok~9VqaS4_^Yea?G~UYX1jY)S{4~7trl5ckr-s<r$z~a
z40lBjbIA5M=lIxzNLO|Y%>Vlj0H@04h2uV0ad1du35Zqg94HOORvts;#fraRd=er-
z&w!Yki{`k6jN0eXJZeFw%=oi$QoZq(LfsU~#=m|onrT?L)iSZ|DtM6lXi_hNS4WWr
z%kcB)*?3XG2ZmM*uWaFGR0T35Vit?^*u&ZbZ%D%%9Z+Ic*W~WD#~XjrHw!q6ne?zN
zesWp=O$uQmA$Tidgbx%UwJh+mx<X@dchRP2SR``0LoK9S)eh8;RVEkASRR|TmQiOr
zxAf%JunARb1ekT&TrNGb8UCkABweg~5)vr@5~-i=@x6BXOZgA4j4*j&Oto;tv8<QM
zFDI%};EHsJ3toSDsP+s&t;0zMoq?bq5W(WqryFu2B6~#1fh_Z^Wb-Rq0d`-6bv*Yr
zbn-s15AmKCH!NIh(Grb6!&)&WYr{(2A&0dSEf##|If{)-DOH>7j7g*=X63M=%&9Tf
zP_lM;j-ZIPblrX>npPx0u8#cdKUx6u4~r@4H{wz2A_SuSVcfF2>3F}<dbVG_ELMmh
zKjGuX__xzp<Eg2&YTBakcac$)BvhUQd!rua98E_p236JpZa?N@T0;=<oG-^%)jMOw
zA9i*|YpILTF@cZP>CYFytjc@$v3qi_^(8!GFaspxNyCM7&9m(Up5Sr@Yf<M#M_dY9
ze06GCrd`CYM^-Hq8@i9S<$$j+40V4?{r9$;qqRP$7xkoDh7^rTEA)w2dU{AAUdYdn
zAGC;wYdKJvJZKnB_Z)-ynidSF-$D|JT^@K^A<!0EmU3WCnDBRdsm+4q;#N-B@!$XP
zP0cQ`Hgya6?gDI$y}`cskx6*u$5)~OW0`Ik;Az2RZxUZ??rZt+=F0SX;KMX^x#az4
z4z70wOa^PfEN+Rih7&jR@RrGFO#AZjOrZ*dxW)X=0G<~71j5IQ3YP(VV8<0gF=HCY
zkgUg&MyK0JjKz>HDBw89G>T66NT8~8*Z-5J?+K;pleD+JO89FVIC2YTJ(egDk#+Af
zAY-qu|6cSPl=*LrI*7mh6bL;eeVq+m@V*%P<Q5=i5-#f4r$|YxvdC8Ck{?*M5f!Gh
zWrS=+{Z#JI+JYZ@wqfB|Yggo@uOP|~{5pQ?g?v*2B_s9}J3+IZFW+mV8tY8*u3O5S
zIhCUL^cLaV3`*niBqWciyChu*?{R^fEHS8=)4e%zM^glnJ{A4!u$p+7Bba7RJ|i!v
zU(^O=$%`jUgZj8BCrbN}<$zyZ0)j^|atk1FDan4tiUQWkx)0QAT<)~ZAgK-aWgV8u
z-*Z4tQZJ{iw$>9O{0t*sdT>k(^0~h+uecvQqU1~mH?Ou*(`XdVBx!1R>RM9oG$vHL
zjeIr{ebyR1X$u=+EY&r(y=pCXY)^GOL@$*>>))LAo>6x}ulV$7^oZ54T_V1}(DGp1
zCud~Cm7+<c4~HS+5|d*1TfyjNa9nC0eK+BX$y4S>Ainv6?1TJiz&(L&^TvRYx{wx{
zf1pR2u9Z;tMI2-EqJz-2tMu>dPv#*~N)6`Q(>opNvefvB2=n+lMFO`rel;gugb@58
zk5cY@t5cjO5SL}6S^d49nx_{>=W1K?T2NU&%L4Yp*RA>SrLRW92lk>03~r2&7_qeS
z+`#1^_IQt%mk8dOf@GDe!`P7Ml-k%-+A?ix7WN=B*Yi2YIhOM)NApzBr_WjgIg$Es
ztl>sMR>Lvxxx;&*K&>{F5329Yo2s-Yh61(N+2<Sx-t(B`m-QK&SX=#~vmdI&(XwMk
z#h!FHV6GLPR}Q|}$Pn3nG5h#zTXaWU-1u^YOuk%?<dQrmXAHV#ZnIp*!*+xo!uwhk
z;fY1_=y{Ya%~j7g=YvVDb~niIqvy98m`e}@HxB!{v+bH0{Nd*N+~1_GI?_V|e$h7h
z->OFRdo`i7pNnGPNtOrn^gB6>&0KH1(E{g5RK%UIjrHMUCMa53VsD>dEjU5p0|h6G
z8It*$R!vye!2XsO1)9(37c-t7@EpsNiekI$6wt<&D@<{QNVDg!-Q&IgnBC&6SgKEh
zIW49hqE|JP`<p;3e6WTS=~KIaeyaIip<98%Y{5FN&^)Ti0W>=6tIH;Mr40e=x|T<i
z)(qL1bZl$inK@6i6Kn10=(H-oK0fM`GAdS56{8amP>qh3)#vkmem#5<+ET%%4USDF
z_F!}P@_|PS=E9`r+Da$RNx(A%^7CI~^?w&Ymn7+JUjuUdADvMQQCWt<bf?J=BPUse
z8jENNC8DWtU%Qef9yN{Q@H>|otxM*0zmjTQYjmvG=m4`4T+*QsKjutN2u&-A=(XZ-
z>W>Td1Xe*7is+$7h$nxQjT1qo`@_oG&bm%uZt>$8Wl0SZTzsVrOR`x_1?uVb)#2PD
zuIa*8+5Go`X-6Z&MUPsIHU5^k)bHRwyz#Ji*cibHrRw34_(GJ#HX=W_Xmx3S2__R$
z{)Svw(de>`y83t*zriXZJ2uV&+lrYgyKN%IL?T!a+b~I5-b$i6-Zln=TtsM(%j@b(
zER|rj7!UZB97GS^WO$j-!~L7xf19Gja8n*&o>(1<v9es?W<{Js)*%<RUSM;X{>bLb
zM(+VGRM4!8XLjq9sCFbX<e^Cd2)-th7n^)${4sAYMJFh!7j+a?^5l^qv;p~-HQEsT
z&B%4fJqyW4gjx({NODM_hXj$xI_pk+YEwKt?s{g54*vJNQdrX1Y)UD<+2n}K?}yV;
z5$5)uRv0E8(9y{-LtDLtQDbuCINve2S$pg|$wpS-jcoXwE!k?lzibtiK^g)|h_T&#
zlFqN)?4Id-A&8)$&izJkjj>Lrp;(|H7PKBcmHq&>$f9W;E2(snCbSvMbuQo6>^S}T
z?r3fM5Y<rTeOk)Tq`2?{*3&0?ecdS+{wxNF7dVf$2_yO)TkG+~T}&S5R2%V8^(SH8
z*Fuz-k>(HW-`#Vpt8XNS-9(aq-k%f0>Xq6k&f-`3y`)kq=_yYi!0j5f#N)H%Wmyz0
z{jz{`kv8Gyv^7oTCwZhl5;4D9Xq0sInY)?E8INv8`J)h-0YDJm4If{B9*V(ECRcs0
z2JyFm+<SpkFPGM~$H?-efGPKLp~RdT$PJlQjJ>xbIeNIedN9^;Wuv_jm9JJrD9=+7
zbM(b@nEJ|XSU<7xNTio;YS~y_Vc5=t3kw1oZy=tj(2^u2xW%qbmal*re*v}cfS>!D
z#^<k88XoINBG$5y>`=H$B^kO%H@%oDK<h_%rvzc)u*%0;-YT^38f~H}v;6th=e;I-
z|FL#OMs85&Q|=2r@Z)HtK>N&8!EJVXbESM`diAu|Y$2FF;VMV(erSjYfjTwKwe%}l
z9@2cd(ai29Nde==wT!^6<<HK1O*i8)qkGS>^=0%ihoQTgz}A}}Ji{uJxyDk&S}rYj
zpV+%&)LYmkPW9%7icM&rxA|{z%?2^25jAfcT(Do_ZzJx8GJn*mipyadgfV@AhKN0*
z$|{k0d}TOdd_7emGW(US{$!zS)<{ySqEJ&Wg08jhtJJ<iSSfq@n{nw1JtAnJ8N?rW
ze?1w{;{SPo^B2v~_yU`gM=@L6E!GYKV_@|jm#C|KWK(mLu6c|FiFm|8J@=^kl`zFw
zL%>L6A%o8V&CiV5&-47&6D|tS9JQD`tov5IBz@I}%J9HIu|Aqj+)1$0+1o(R2X=bO
z%5-^h7ehvf7IxnGblC*{22N26QOm*QqGwWQMBHSIMQD~Ak-G;qA?xAO>NOl&Zd&io
zf~GZtaZXJJ&39emp7Vsczs5Dk-OLM}h?f&_ekD9a)+A49brA|FrLfumxU(~!l|!TW
zNy-jt633r2R{eGJki$GDG)^PabmnFE!w1;mam^QxEuUu9D}OPy{()>_J5$irvN9)c
zcEsg@N|i79u{0FPorkvR^h_1C;g`F(BLT-qZxf_?_dsavyWsN%w*8$le5Mh{MWrx9
zOH28}Sc0X;BygAox;nm{ObjYCC#UN;e6s4CJ+v8FjFruwuJ2;P$8%-$S=FbXDg)p*
zZJ;mb{+dgP4%NW2#GhtLOl<Qj*UoUxzj&Xju23qa*s2Z1T}-WTV$7cZ8({c4J>sv7
zzs#lTcw%UUwj83SV(j1CkSkjhD|#|&QD05fSl9JyaGxphs+M5A=cc-KF&%Y%PRn%G
zt$CD+iZRsfhOSn^Xx0)4I+chz_|?Qkpf@Jj9H=%S-3%y;XRp#@0~?x&`?{&m^xkAb
z<924uF5Xnb7Oa}O)gelYC<m9+E`nd*W1CPb@?J7()iMfRC!$=`ux6aNeT{g<Ua+|e
zRo9um4q=p0TIk2KwIzeSsW~OAE)lW6(gV*(ol}h!4RLV|C0))HM+?-^c;P{n+ZS5S
z*M3<PZHwYf(rKfQCG)V^Vrj>quh_mB<IwFX)8077SADm&p<R)0&1e6$Dy9H=B|^Xl
zly|uXLD&lHd<|Qnw;xE#&ddw*ZRgKP!fnIy$Q<BsjahHed!Tb)n#9{YO{>ipKvOmn
z2kx5auMXR_BGk`jiwFs(HS8`om7W|MFMFvcR#kd{ecDmOuSu?|&Y!odktV!9>5({5
zC8xczT20k5eyiu%gMCqkCh^(>*cOZ*<0_SN-JMQXQ`H_(WjfnRW+~G35fbzXLbs)n
z2!_rC*^367W122M3ozbRWqiCX)`&vf9xFbwh*Q>2Iy;}jmB!nf<Op%FU@c9(hShRX
zQ|rzekXf@J|GulbRxnxTo0MTeR<l7Olrn|6i&s_J-7#o8<gUU^9RvNH&dhXor>u!Q
zmKeA1t;tjF*YU=j?mf+Y^T*CMFr^A?FB8)g%zk?KBqm<G<4I+pZ$v(Pa@8a=DXdYi
zI9aUhvV>z6&{we87Gvjf#SlcoUg}@|^ZJ=p3&Z`sv(xdeH5CbKm>t73Rk1>K=OUvs
z_i23Dx7yHpADyRnrJ5&0S=GBfaV{y(yIa6hTwnU)csm-CFTq{3`W#QMdQBy}uw?k|
zx@c`23$<Z7E3jPAQq%l-!?5jQ*c3n{Cmk}h>X4^mmDHYyZ3b*5ZTb*Z7F3g#svC&|
z&(2AQ1MUo6%JaQQsq5Nfd#xWtaprjz*pNIb_x0hkWm)R=?V6EFf#(>Q{sVKY-t?Pk
zqFbUj`??1PYA!{QUOk2u`)yT+f2)u)n&3jOy&dZ@LNlzg=7yY+eY&V#_mh>faiz+N
zrPIYM^0?YrO?fc}$-$hoSZqbyvU5UFX5CNh2D!2GW)54M1X0iB+?DK47db$~>_U~X
zH>pltEIVx1k7oV*RblV4u1fCO39?xI+TYLt?Rao&ENO{Or*eU`w!T*MVS<J(CpCp*
z)N)bkG<hH@X;0Hsi>K&EvivZ?%{c<Z%lGrgO=YRJvhA8gG;4*~g|aXh7gFv)qgG00
zMw*v(=cN+G1?>Du+BZD(mGH<r%)=t567oS6n{B6acZJ~FrsRE&P5Xz|`k~{unSSTR
zMGgRkB4ppc#)1Gr;}++TlrLQHp?17|sxr;Ip4WeJ?)y!QUrp8p-yoZGh>u{z=!>8H
zOsgw(jxk2V(PQy|&YA-pi@XDDIBPRKGPFEW$>Y+)=SLo3bH)A2W<=9&7gI^eZU*>^
z7J<Jg@b!Om^H+H~=7I|CEPG}%@oJ52*ys(^f$HdGYC{D!g57w16tJGSS)+m8ULcVD
zPEUui6-#2jV3W(>7G(%=s#E=E@9bl4M@LHQZGn`L={IqaXDASJ3o!u4v)TgpZ<lr>
zLD@DKuy>xKAC<I5`#z*wL8Hl~*r-n`g1JUbNi{Z7f<~z%Gr5>{JjSOcmcwl)twHZ?
z8Gn2f8(~X}6+OqVU)9f)SS0qwnkUwqwcI<;M-@`8@OJhb>gNhAS2`KL#Gr2QsU}Ud
zOxei-qG7VFAj%cznizBS0O3w*DUfKPXkd)nw&fqxwscTPuQm_fsDl})fs)-AGI=_o
zyH9Z0Hgm_f@*MB%vG-hC3kMszt$PvwV3t&kQu%JR%wY@3%?ac`XT=IoP@<F3L_}dQ
z6BJ`zmuYu<iwME%{Rn>Ny;up2L<$+}IOnXAMO6v+5{692q9?`!g$P%A8V`UKF@{nn
zBtIVY!zV1W92@y_8+OOCt6t4d^hqmyPv2BNB#T-C)ECg^5+|y+pG}Qf8|l$o7!rtd
zB&~II%9QQL&`fQ=v()ZF?ESbP`F>@)CNB?CRMU6Jw`HT9r$25eIx)yxwtCbc5$)dM
zLo?$xE$q|u*w(LAazt(TJ<@SOR;6=weLYo)dVM4qI4F2~eVzyM5aZbG_nZ2X=Yy39
z-cm3S&kYu}DWpicRjh26R*r6j%4dG#_?#>m1Y9n7sY-Kk1-kBcB|Ho}md@h}!)OI_
zm&Z}k#^YtJBjIWmmZq5lXSQ@o<8QPlwh(d0MBAd<uq}g&T&|=X7UR}z6wZZ<p8Lux
zgsF;gZ&|Be4^u?f+cQ*Py6#ALyfo34)eh1&)QO1;+io%A*z{E?!#yX2Tp2dRdYfl9
zA1JMrICIX!IvhY~4Lr9bWrUjk4K4>q(n1m#!c<28T9ZW;%sLGY%K8d-V3NR{u`}<b
zGNB<D1qQ;z?+b9GpN%Y2`S6g+`eB<5&;Xc(Z2Rlbno4Iib5VGum3VZ1ms*Hbr>dZS
z5dN3)4f7v1>Vr-;vSm*VC_cvh&JxNt^D5JM^H-bBVI=L!l#E?^-Le}!NRa0ZHBFJ2
z=V-j%>tmF3qqN^UO>ks3_;seLK`_OgK+jfgCO2}EiGO8stW%oX<;QSyC~i*H+E|M(
z5l3{GS!9_B**(j(fz#R?2TcO-d<2(^`zm{aAsK9qYf&(lRO}<~Yk6aYK!5p5EG)!b
z0$Odp3J(u2kP-GIaFc?i?Gdpo?O_4)We2}ppod5G5Wj^d;z#5k`|kT@3+2<h`)YOz
zl}Q{MtAf)B9QLWs_7n$IwR2$`Y3_tICMlAxV>E+m?sO4!%v$8_*vLFio4H=YY&)#c
z@tH0=W#N{>hp4foTZLMvD(^?iY4q@{LJ5URawQLkzC9F%qBIE88H}+CF`OTwlPZcw
zlp;NO8tjo;ZLCG5&x89SBzJ6qY39aTA8nYth!A%xC#NDHHSv@1t^Y_TmDo_DDOpO?
zNRFejpGWHRsuoq5Y7*OLWR0B)V#53M(&tmfWa7^V+Jdiz_Kss;H0!Uu8_g6J<<@Dk
zm<g682rv*F^szd)W{Na(^u_nYN$~a17$o|&tkf8q(q4Q@@%Hm5irJLAa5&^ezc4A@
zZ79_h!L!%w)Pc*7J1lS?GhpX%qG2fn=ZcVSPl>k%C}-Vg&X~Sv7alf!L1r(Mb+kEL
z&1phDJ37rQ?`PfMnxOw={998h`cRk$9cj`iPjL0O4`znWtEp_7FVNPFuL+58fIp;<
zL`8(MhV=)_ewdtcB^^)x<C2k;x2s2wJFVT=N2H2?_Ia~XAurrI^An0bW-Co>k=J#S
zt7i&_JuwT5;!Q_qr}3S|LA`3s@D37?XYvJM(}ky{g;}lj1}p*@A&|W_c~C19ejS_t
zY@2p1kB6cBN+&1Vwzsrz^}0={W9HW?>8EV%feO8EHe>VUzE6xs&U9_=emR${k8w(e
z4817uVruD1EEp}fTyW7ZRt``)GcbuA#1s(l_?Y(I^<a|rYhaG4s3mC{`RoDyc|fUo
zqkLA$0$!Q!eC?v{_~fVzca7@D)w0C<;r4<{;dFBHL{At~M9-r_OOa=v5NsLNZMHt4
zO|&XnWZ_*^W=Y*6@w&aDOi3_vwt->bCo<IvvZ~O{$RHZ5pAlpZ_viYwW}bfy8@@;^
zs-ZpQ5TUc0GLo;x_Mx<Ln!J#ffY@Z6A0WSPHt3U^4bx)4L;jkiC4)3lpCqNL(?vx)
zpMX^Rq>~g69rD5$n}EQ_Nbn7NuR!_mD`N+w3=}WPa8q+waYnXZmtf;?i#Y;2>&K3@
zjaZSw(9h%)PQjyleWXd4&AzsQHi+^1Pujn^>q~T2$1pe}Oh=o^@Q(4B+M}aGPBg-<
z4#}t8ZZ?<=i+i6nY$nE{)Ya7Fu}@aaH7mPp3!h3-dS$hR@F=BxgW)ToxQgB{K!lez
z0(L5Fwq#$tc;TN0ayTz;Ee<Ac`iI4aO0-%DK@i2T;3gI60+<<w_$K=)@vJ&M4%{{9
za@daKwK>L7ojp3_t#GY1$dWhI=$Cq#J(y8{Tz=oEV#KvaQy{}BSSfSz)K;LMUg`O0
zDlFR@qhdWN)kJalT${9eE4IIal@%v}!!Ft*Sd@i}P~W9=A)k;qb?3~Tw>E6#yM33M
z1rpip-21{6!G7E++s(J3yR%B)q@9~?$+s75{W81@h0fwHHF0EYN@ip8zi&Dt7xoLi
zZ*YhY^GNlVJbF?Yw4mxps2js={~3|%lUv{VhgCZg>y78DIPV)oEgNNOyV&Y1Pp!Ud
z=f7`Yj2csLE*s9^huDx@|5Ai<e)nDRLHFVPa6O*ZXjQ?<gj#f-id~ScQcsWi16v4D
zO*FEfwJ++9ROutMa4kznvi8_CR$xaJrH(S#q_lu7>-Vpg`0&zJn3o#?8g6FiW7_A3
z8h?L)_*0!D_rr$<O4Apx$HTF!Tl=DVcV%o|n@7F$SUdaX=j=0+jeI}ZoJM>y77e_&
zNf2?%w9>vN3TX(`;;V<+W1msg@cd}b)_6#YvnPE`ui^NZjm;<LtQF>^Q&+j=I<kZ!
zIB<FA+!sq%;c|K8p`Xgb2F57A7`E%p|CHhNk*Ikkl;aSLdV57YZ5NW{A^BYdk*jt3
zG$Fb{!Z}Y$U}CwdK)7<$&xnZZ)cm^1F@AExZOe9X4F5;%CEtxtN%^fr%j=1wV@?hE
z7`|1l{xRmcTDzD;Wj753gct4WDJ?HQlA=Gyk+`DGe!+C)E%{xGl8^h->UzP|X}ONt
zqtJbx*U&uaAro`f!p6CL^^Od=KtiFUSE3{eLA#6`x(Xpv8OZGHc&OIsLnDa7!@R<(
zB(C+m=%WiE=G0ol4|h=UDPhxj%nfhcl`!&x_shsknC9^2d)(?`=mymp47Z%n%XcnG
zWN)^Y0{G27IN;8PCAXLAJ)DZu@F<q^@p9l0xJ*0AftWEDk_rdSKsHFbGo{v)Wxkgf
zt8&WHB)gK2m~v1I+QaWr>&o+T^N2ujjjCmPiVDsa*XW56&<yw)B{jdEJs8Hzsp(vz
z#|+X^OO6PG1xa0|%+|UR(_2_U*JtD0xq=L4Z}U!STJsSK6$4<|{-vBgyUE{V-x*+<
zIhhrm%O-Nz)5BADk~tkQ*81W^TwFMT%*>b*=wCldNH8bU7oH746a{f~guXr+FGLYE
zi?6S3MdqH~D)79~nKsansXB*bP7AEh)La~S`UU1)MN%8;rgv+RxR%BuS$*>u=~E4M
zokVM2Llq#d4>(MJ!ATtdE{?WywejlpmOQ<zI-ys;eRvx5<#p(OK5?YLJmlXTlaU?4
ze4N~D|C2FajfU6F`CZAh*QV`kW1EC34Z@Z9bRp)HSPhp`_Bpm3xr1}y#}!l!+vg{b
z=os5H-1w#?ZX15qwO|y&Tf-0@JvdPlmAAARx(8)$KzVN^cd&?V!cC`^I^%ZJP=h>W
zpw)O*gFRo_m;^s7YSX8Z-1V-=Z-0=ZTssO@m%yZ}Yb@k61*30Is@x+(<Q<^b=lL4-
z#uY5D{2s%OyGEz1%6Z2ajpA{=X%eFaMsYs}c@c8e<9v6oBVIz8sV(pj6CGA=_{P(2
zCr49{ZswFR=1i61yk8Fnn+mS=#=wAo0>!G|c{3)jSV255f<SV;qzY?`xqX-avyzDk
z6{(*lhcEm6WJKBWBq}$yejtymk0|sL`UF%{96}waZOXKxW{jxzy8mX}NA4!tUxk=5
zIF$DQjA9-m5&5D&sQKn@A8kkH;fTy0Q#Y&C*<qJt{zP@aFv&4H5n}ZO0rPRyq8i!N
zNc*-hYjmp92XfrTckcw93gvL;H&1P|&fU^keaswh)~&G-?4~D6T~mDAR!vrHuHXH@
zu5an4u%`cet0X~u9q|xEs?mqfx+|j|D0~c-?h5ath<!cdwUy*dj&yJ{g49^W@+f&C
zSHaP2;KLrPSHHPeNc4m?l}wa3a2M#dc|6#hEK6Ht+KI?R9*TUYZzvxS>-5EN?5E6#
zTv(ZMfMM3++v^f^`MVL0>*bD{HVuh>sl}?(!{^iL;x<?j>M2UM2JG#*y!-{W**NGX
z85pJuZ=EsKD{2PXf1KFhf3U^iU~y=0qK=3bys*1>YsfHSdtX&3G&tgXXR{`zd~@eF
zRcZEWX3hrFDVQ*aJXUMc-y@cig@(sI+WDg}lCcG{OKV2}WD@)O$&>JUYYMB%$_{xl
zu9}R0ap!N?w#4xV=1Pi&Ln54c;*)w}^M=VB6NQkcPH)=X3?e)sGhJI}29f>b-Aj-@
zX858>-M@X@N#bvmRDT7Lb|%QVNF*MreVH`4v$hfmQx8kXSIsc|ghlDKm&HTaxt|55
zNUy9kTX@`Bn4FR}utfcTY`t|{)nCvxDhP-oap>+Y5#i9?AV_zMbeDv*NF$AOcO#*6
zDIfyUC5=c*Nax+>;O}|gd++l<pUwB|J$v@dnl)>*f(984Yp**(1(`eAZfd9y-e*gy
zs63j>Of381yObyWp2RU@_I~5{5FzF^MY6qwBXxN#YV47roTN4j4X&^Z!s*u2i+~^v
zw2x^9$v;SfBwW@_Zp$f@+r)gh-W)zG*=Mz#uKV!m@=wLc^hc-o7^C?Yv;{gA7)P1I
zRhjQzg4ou3*f5=O>qMc+t>rHU{S2*VK++Rvd1R&r@%&DTARfW(eug@Bnrwr_$KT=O
zZx*F_>J3E02hd-j(RGwRdqBO9c5khbpW?w^=NcOu>4)1}R<1AC7A)cvN7KT-SW1gF
zWLYnKV9*WphreNT_8n;)h;&%Saf3)9Sdt_K(J0gt>Nl+t*CbA!W5NZwv&H?Lw@}5N
z)bF>6v<I#`E@Q#nq+->Oo!TdKG>3r&Heb1{L(A*b&1`4F)AMA=;+5jP&rq?;3M^0b
zsaZqS1$Zqg7j@OmArEzN)oJ+TzS6NI2df(!MUcPpjNb6@RB6t3`}W=I-YMPWo9hH(
zQvF)%6sz@=$@&LF<<~MX=oUB!LUSr><ON?<Gk9mZo6iv@k_FV+koDYmd%{)=6doyu
z^bZ&j2mHOfe7}@fp_e}}7MJUAVv#FeKJuGFs)nii`xD%8;(5Y~%fj_1^634U|8W7@
zqU^B+UU$9oxs-Q{q34qZfAje?#Z2uZaXUK+!i+Doo=6e_F``oAlX%;lnPjbJh|*Zq
z!Db&>^yg4TrKi5@iI6W=k-z-#*hW8(jlA7dHEg$+bt7o-!7b<Wg=6byq{-ZE0~@jV
zRq;MdM6tg?T<n&jG*K2o=6$l%*XFbG{V2qbo8U*jB8ls{RiP{C_||=<d6W{~<99PI
z)mF<@9!^Gu=0Z1?^BA5f&G(0RwwL820wZ)AW$ewDJ}O_RUmE#MQiuO0loVAcE!N2o
zD(c>dKzL}(A4jw~`bhnT`mDG{V$iTLSp8IS5ckn%aftNM&CREQ#4ixHx}?y0Yx@`Z
zkXS$S<*Gsp+O|r3K3n>n=UK;d3&d)H+JC=Je;=w1AfAt@8hc@y;X3wRv1C#HV~CyK
zl}heNlykc(t(8>cO(;Ljsc&`Aw<HVVV%BLaM0X*-Y9k^}t!Y+gc&0+4WhzC3il8Uk
zfZFwBLuI|9Xnf?UW48fmJzg;5@a^SIba>#L&&gt%x<d$+R^~3RJPD+~;a7*V;<nGP
z)21^|{mC;W8L=mqs+`pCWgA-6iXtBPx6J-tN=r7vBV=+*vHmRRcQ(ecz05+`?^Nrq
zXr@u_Kkt1Kx-$OlN4(N188=QJ!cHju7`Do&*&6DITU>}IYVk|}bp?Ob#TYKKB(A}B
z17qLNLq?JDKS7<iT0=@bsjquw)G$aSH(1b#ss5<5TYE!n7RFM{;w>Qcg*fKY@g=QO
z8wuu<_X<AhO^ETwd}$$>_gJj@_NMi;9Ok2V`jZ%jU3B6eBkj~y8C-trh<sH{vjp?(
zh4vDeov3}%{&LWn(2Kq_1&E#BdnT1!MFn?@_$|8wkEys=TZ(JwJsVDfjUn;Y>y_n=
z(H=gC?ITI}W!s?2+KL;=c1_K?SlDaqrfXHgT&bY<p`U;GX3PpZmFsKeTMyfT>33Hx
zAA5-Ho`dMkdSZV`#Ls3D40Mj07_m*Dmip4WxzqWMY%R;&n8u7+Dn(h|DVypeeRjLh
zxUBKVT<;B^n#%zu+4kS|>h_C6P@7Tj<tg_0aGRIsYWdqaLJgY)awImuqtH*bWgXvC
zbJIA-pUewHsjBg0pL-WHXX{zLoQblJ{CU|q#G;p(IDKfibr%b0$h@`a6YYRGYsGho
zIw&;Rn7}Te&0Y1!Vl)m=h~2Z>!ceH)OkRB%SNEy`L++cFkSmq1C0DlJwa@vJ%-&R`
z)NTJ#4vZS2y;Oaqk=g!$qjW%W9-S$pP`)VoFuh9#yTFy%N+88%DoM8J;E%iZ;4Tzb
zr6`G0e(Oy5r;1nUz^-&z^Dk-9(ff<F?DK(zVR6EmIDUmhQ_F!9s_snT%sFy6SA6!Q
z#O|AcN6}>YnX+gPStHJ}Pd{1SJoUD(xlK`|E)6KapYLHBvqrV{GpInx$Cj!;@6D=y
zeQd1{z2e*L;vQ00&`SLEUjBjAo-|K>Zux24*VUxdLVUU6WV6S|3#S^&4T5>R2mCHr
zAdU^X{zmG}FI5Wn#A<@U$BYW7)8e&!*WG=OAAD$zrk-8UESUM$tJPJ;!_FvG?YVt)
za@AaO-r-zzQgE{=AXd%oW{8yLj6dT`DM2oDkFiJB`u(56$ybloEE1IdwqpvjR}QGp
zYa~?Z)`>dsqqEI%+ap5JDInwZOu1EGw`pqDFH^wdtmEXhH8CvAR#C=0fvh`rdgIR>
z)`GXj2z@3TCO`1_>_=L{TQzi&B}@Is4cD!@tS#PMy_RnVCr0tqy!THOlgG!dg5KDJ
zR9OMbX5j$`i>eZftTin|{Ge{EdKN+C57&vRkaA+H>BJhga+3Ko_m~qYsV89t(WNIu
z;LqenFF!w7T{smEu=SiBSx$+K^q=?T23k#mpc{zrsVS1-n}aW=#V#%`Ds68(Y3b;w
z1Oz<H#W*hCfSKpKpe=T!+C*Z|T+nR`ms!2oAGBmGf#7eVWhe}1x1oxd{&{T)RS)3E
zA3}`d6om^B=)6K3mP&}H3_0#irHfD&Ybrc5Ux}c5@gQTYtm2uP<lxmy=(s|(>U!<X
z6<U;xphJ#U!h-de?)#1#X?qH80_x_(VXml}m(1;6#L*M7-G79<omQr6R3E88PFVJu
zF%`3jb<=fikSN2ob>~lgCva8b?A9WsU01k89|o3%Y72aL{iwOY9JgCSSa}}V6+}!-
zkPPb)A<4(-mHH1^=zYW3BJlHGz5lcE)GLAhZwWX4(?jDbtC#5Ubuk$3an!`oSej~Y
z<e=1(7z_+1!<j;TOcy(O;#b_oBZ_koBj+J|1z9iHoPpK}n)#b3ZnYwl)t2)<?HX(^
zYe)9xau(-F2h`%mjQk4X99vrJXXD<B1dKC>`2tvIj}?%1PRb5ed-MEmZ@|<C1WwMO
zg<X-GGa6W<UjWlYFqEJD(-Pui3SrX51+Ox52zxRbfQH1uFkqw+f}w8v%TkkG+B9PE
zD}EYEihuX}S9g&SHN<YQ;*Egu!p4t3M!8PM4W)q;>EpD<$s-GPS+8Az4fD<<$3Z+L
z%SR;6I{93X&m~6m)jej1YW9Dci-j@f1%Ga(*hpNNN;}!>KAdrpC!1<)rc#uB{z7Io
zmc~`)RE2hA{kIHidi`UsAJ)&d=VDNW*e>@;F%czeM}l~y?0rusH&)n_Z{Bp2BVGl_
zLbp!5xeA!w$$6Cn@BQ)kO_nMLWpk_Ep(IB-@Btyoo?Ce7Zd^^Qfd)3Bd|q19^(9ra
zKHqciukjdLbIWlzgR(u<_}oFUwnci--i4p~W`Cwt#1qKl6f3?`J)9(AEBvKz?J_=^
zYt<Sn%_IHi+PLXkQqeoKc6&D18#%qJC0Pp_3*Gq+out})kQm}7y$Zz2zI=@$sj;2m
z6srY_M=QruM!lb$R$;gs0Az8h+Af%}ad1X}xPd;HpnV1=y}V7Ivu{R+saA$YlYpuB
zU><xFXzSIFF$YbXgyuu(VPJBOAP_k40E0{3?tpPbOJG*XS0H!$)aSzWU=ehncfJt0
zrfu7qZu1dXAI^Fo!QO<5!=Qw_{js)|1IXjD8nzIE8P~|A>Lr0dE#a|{*HQJPXW))`
zqtAptxK8L)z8R1hI23vH@@;Yt-z~0G-AJRfiptTk%E4aFJVTz-afAlu(NcaP-6WH<
zS0fr`U=#-9rRpg2dvZY6l%|?|(`n!CD9o7J5uHO<OPBC~R-U9_*7@7{#{1&;{08CO
z&9CzU=g6v?b9nIUlD5WGXhKDKAptS<W+fXxOB40;ghJIR0|(i!cB?<ndwcQRez=Pr
zA26{uF3QS(Tp(HKxp&^t|2Nfi`_DXY?X4)2N9a}aRRM&z-A`ojM+x_9N-^^cwwSmC
zXvN7wb<ow=V{1aCBRkh;Rm0cCe}w16W-nzmxtqe;tMMAL`U!ec0jfxSYh75l+y)-2
zyo!R)_kDcT-sWpaL@4D)#5OB#w^kjO*Z#7aPyVeF<Zp0NZ)1e4K|LdUzJ|kPH>;j+
z-UbAF`vwLibahi@DL^B9G35+n#Su_qz>?Gh$PRM9JLsBPO4Ks!1PW2qp_NbCudqWf
zDZa)~NmM&7ivwK&zKxlW3>PQ65i;bSl31oJn&llpT`Cx~y{rHsf{qr?zmA~al7^jK
zDZg;kH=#}5hR0zc639xef(}8H*zDgKugO8zl*)mG*XU263qc0#M$r8G2dWbWp|B&D
zZ`E^c*1R13h3~LHZ)Beg2wBcQSjWjqrnQGQcnh=#M58-AW`6nirhR|1rCC9$Rt0J9
z*I>F{(BP>uh*c^M$5Zc3pBvjq^GBshm|NI(uh<Jg(lYX(6MNel{E4h@UtrcADZer!
zj2eAbOHjoW)d6xQWQ1J>Xg=NqgF64gx3AHCMu$WN7%RO7m8{Xld99)MDwk1;g-uxR
zwL;u<Ri%AwK9Vhbdg%8eEn0!x2PteqHJ@BZp)OWsRID@?!Wv0!OJFeG*7GnCbuqQo
z;aTEFQG(KJ(3OyK9?9YHH~W_mH*2OmSIb4NwM3)m;?JK)9!c}O{aZWGT$1#V!)wpF
z^|ZdJ*49(^^q1!(rE#*)?yQzrqAWCAi6(ceq$slsjPT*G7$SX4$RT>=4JK_N_fIz1
z>FI;vOo8foVm+h~BOvG)Xtq6Bkw)2O`9q)jTj-AJsFammfqWuTiL{FqmWo!5sT3S+
zHOsT)q5hMQYWt{P`Yl<k6<4OuiO$Z?&p4oSGqLzD)NM;$A3TD*F6)n1R##KZ#?IYM
z;uIN-1;OR>ht&ZLmS?f|<Ct?lSpJPmRjt8a`1C6|`!X`qn+LjkTh@~<z!=CDi3(LU
zJfR@d{dG=*{RV;OFv_cVD5rogAl8+b%?r|5vvQH9VjN>RRvR))N<Tf0#d+&SR}i7<
zzJ25;D#@BERgNq$co!5`Qcg0KvUgh48pcH>mBnszF&r<n@oJV(Pkz5Z2zmB8!l0~R
z>MJOd2CuzC&nNUJj``tjVCQHc&iz*0Z@zg1{k)kBQa8S_4zL##w`e6Nv8xku=~2yk
zNy)Lxrb9J}8j%0c5zo8&+1}$9`m4UNgc!(cH1^wfLTMDYb=Gsj=$)`l-NL0VCaqrP
zq>pDNHw+LkX*6P@C5hFR^tc9nh}07wfmp&Ppy1>5D^crF92*~>j$}AYilmDYG#1~6
z8_~o?p>k9AS-S2m7>v8*g+2>5%VUJea)!z_Cg2VytKl-8g68$r=Dju?T9SfPsLf<K
zZhwQ#6uVf*2qCvME=>F+R#TpKZX{1eDwPpko@jTznMbB}(_;W!o%^hr-%w@6JMiNM
z{|rcDyQ}tm*AXCJtRywa-L@=paX^x)J10SdKJOYAkxBaCCv&+UZmc#$H-}mGO^roR
z@nXWWnj*F3A`X|t20|@cNn)>Z-LUxla9Alf>LHZP(DV;!?QN!<QI75uOV4|Qprf;T
zg+|q$)J9<g%-xX+LrUys$`Wd&$&x4onP}?m{bf~WrtnIW;P6k*qZU-$KG~?l$M4Zq
z6d`oT;#6d=_tj7cV%RW-QbJZ)G;?PxZ(mnvRI|2ze4_N-2+L7`#*8Jy!7913kA*tC
zH8|^eRaE(-u<2Is7bQpIgw%=i_O5N`=3IWecoO-^wFFY{<J#ldt-Je(c5ej4cb|iB
zU@6Lfvi-%NxFXezW~F`@5GE!AgSPOwXBoXf6W_}(lDc35mg4|hBkD@zS0M8J7BmT(
z{Q3ErI&K&Ansyny_T)6binWDFH*64Y8JtF0H>yN&%S+J3?E?3OXI0h~YpWg~Mg7~7
zk#-I&C{@AZ;0aW0I>A7u4`yS_tj}vV??n`GBE|u%LlHYBCzL8TN>yg_a+`5$UxN0<
zg!!jGT>+M=d2HCL@uEz*A`TxyCj<x*J`hwQku1|)zQ+(ctdp!ilO8Z**9mVC@*dfk
zOp|!}x}^RHOB^XpH@slPm00N8BZJCzKFinqLWkq)*eO5E)&{8E!b6Txm6@k153*K%
z?0o(*LT@gmU@erPE6GrB<YstWr0GPr&a~%!C=fnc_VZZ&4b(DpQCGX(pdfF<QgKyF
znzBZzsq&f$`SsX70T%>=_Jf>-!M=6ob9Y`Y3;U-dI-11u%4W<yUn>_|h!hH+vjr1O
z6#R|KrLpa?aCx#jk0@6?5oLe$^HP^oszH#=`!Kyvro+Ddkbb7Pk_ciXX{d5E4IUWP
z=e3XnX{OYKOt~txw{wa-^KUzY9z39%36;znSJ^W5>PF|u)~&bp018X7@$od)<&YGa
z5qmE==x99<ILz%wfH+8=seDAK>@VCC>ZVN-Zt;N9P~QI+1-`mxp7fY{woT`$Zj9}X
z4DL_IWRL6UlP61uf4hoM()K=^-HznQWX=W&Zpvd49g7f0w6~vQ=;5<T4~^vIl8<u_
zWA;kDKT2MCr27y$`~5p3bg|oV6N!NNUINO*n;n6shY`xBY}?zLRA)badS)kZ`t?-C
z9&x37D4n2t9Bf<ocm3*P8&XNL?>g&q9}oXUjQD_|UshKmWL83zj|g`qqC_x;GD85u
zU`0P=*{(dqFoqFJJ<u3bxA!?RpM0Q8T0z%>G3(NGI5x{GzH86O3mL<9;j!O*&~-*c
zlYG(14*M0SGC!M7p&6SF{Tm^h1J%KO;9By2FHGfr0ME$D8s8+9@zmdtd0(k~-0Le4
z-SrI(;k%7xzB!Z=(^rw-023n_Z+w6fd@lXmY`smeN-@SPn2g9sOp6p@mPc$o&Kkh~
zPW2IUtf^%6$fw(zOR0Gtc^SI6sHPNEu2k%P*!;iP+%1y+2B3aA(w~sZsQf@}OLVr$
z%_g1K2@ymTq+lMv%Z%0H9kc%}e3N|FGlM(Quwthe0)g0?Jg*+1dSxW<wFdcoEVJF<
zYZLR?M!k0=p>+DQABEDHoLf#vJbBQAoc^(Ht{LVZwDNieAlp&IT+%G6iW`!YRSs~c
zMl-_*mn@xY&niCu((Q%x-M1R^m!z)iU$$xTZ@%AV{S1A`E*E_ks~H#9DZD~a_7s^`
zim$6gNG5{_lB7l1tY?%|)uNQ4-4xE46rH*58TW#YdBR*3iq)D4H(CsuHEb%84;6^^
zUJ0GHC7p)+&o09r>nYUQ;NV~o*EU;n#AIf&-)K&87TXiYz8)71=1(>^Gs~8aBK}f8
zQ`fi8^BYJJ$^hw|x3<)q#N5_znbZoi4VvAhrR0r%!+;z5`8C!Uh_V!jf;2+QGdR2l
zdEbzPTC#j&XwB>X`)Q@6xkBUn+j%pvTfaO-evI*KaeL24lQGoRSYGfHC@BD(iU7}~
z$P!9?R6X)$hj894HFRmf!zQwD<#!!stSTA)4XLV6y7G4!v!x-YEPrZoaU%JrK1%55
z$X|X;#oe+AHtHygxnp4lp0yPlD37Kr6d7<r-(i3esk+3uA8MUqmA(AxQjRO^_FSF~
zn-|%#W#~(U;Xm_&vW;|^7ue6~_^EX&Xv)_ucpD8G*8VEl?XA*_xC=~eMz}2+LnwT;
zxvaC<3qUf59cwo(n*(Z#>$aAnchCev-XXR$r6iIq)y&SLDGUh9KoS9t-GbC?czFH%
z$N{oGWF3H1F?S#pLS(Ko<8=gz&wxl<FE?+CH&3WG+W7pBIU>g3ccFRXf3%Plebh&j
zPLwh#2a;!>q&p}~2^i5y$^Td>;N`Vo5A_%u4NFkP#Cx;5@v{hRgOkhi%W-3|G^4Jf
zU^xXZlJy??$9@sEw~<8lT}Wv}#a?FC0FP=gI?o(pin7-{{XFd8g7mk1IhHlTm_`Sd
zd;N}Q8@6TDX%j};@wzc?AGKiEo9TT|(F^oNjFc}JrD{}GQRI!>Mjhc*!MMh1_E*R-
zuT|tn$k%x$S?BY2YR*D{N)q9<Dw5vc{rAQ$*!}CnlOa6zU58~=GUWlT#B_=Dm8x_-
z^b7<=BZP_+@#h@Wb5&@yAH_r}$If|u_G7S&*xB$#eyx1*V;C1sQ>FEGfMLtJqnu&5
zbb(q#M{U}tyN#Ap?IHj<e_QB3Y|X}vZ54*sLt#Rbic9EmOM*aG->YHy^u!?A_!(m6
zS8foz(thP}bJ|^Fa{N4R>2{hy{CWf$MGZ}M+bm2qwL(6SX##AQW?E57T1M=8P}GZP
zA0K_Ey{`kJh6J`3Ux{?2&uBV)@ou1x-4ToClI0ruPDF$=o&l6(FvT6BJE-#v;aO5U
z-E7o}_3h)P`j)BA*)1)_lLA_`Oq@|G;>X^k=vi;XMXFl@AwT>(y51>jgynDf{OLM4
zn$_lh^$5e_556ia3=I0{mmpoYOMDwvd|d=BrzFEA+qiD`?J!nr-boeXEjH2CG@24$
zQO!#uu6o~-x@TcJQ2VNHco4_Y;Cg4wQe<C+>4yr}ernrknR{H}U^!(%qJ)*40Xp8j
zk9}q-r@|R34K2z}tH-ec_bxTerl0;`O1C$npP`<+J#!tBgoR&~j&>HQl+~It(WGL*
zYe-M2s4B%jl~k2h?I_4K2nvKj8Dy$Uh?5xJA|nQnm;b-&CnX;ff=Coct(U%GE{++z
z|Di`HHDXJAlWQH$SV1LT`nR;5_5BI8^E<~lvI*(8Ch@UP^n5d`9iQVQJf7U3|NkIF
z&1!jR{}3YLxYi@CrkYhWeCm5luk_s2NhWaZI1lMcMr;<O<9zl8k}LuRKK5bV!Gz36
zdBL5k@I&Hoq}F`80xLvB@Zu`+0^!^sNv$j}06CR%o`@Pa?Al)tdFsRLVV^?jIuE^|
zJ|wTR_4Rv0`y;YbT>??j)QWKeMuAm^-el*VnT+JGuxd01k=0)}tHfGM;YX#m+T&pU
zz(vlt*va7Uj*r_c@&+wZ?r}r;tDQ40u?LfLR1;OXr%<<Xy6@QA`P%^zzvY3XkW^}D
zRvr0#jn%C%YnD(^f-Ci8>A98bn8zCGycuMkDlLnG>W%C`b+a&q&u7Us&Q=)-BK7wl
zl>qj2Fxp(S<89O+*!p|<e4QGeXie#J=``IHs7NlEX^e#spV#WV|6EAM@FFvk!tV+K
z=6_6ZiI6h%w<VYjsBz%Ui!Qz)NtiTW&kl)Of4R8)!10-w`3xOa_Jgf-zsZOPCc%t)
zH|LU9r!&i;IpfNWB=!1qVcbTjR%8%B0e1sc?lMGd`#J*dTgqA*o@Z(w>B^tuXsCq`
ziC&C3ut7v5KVY$sU*%aBMK|@!a{HXQ`JiHXN}edER<Hg3y_%<#jL*|_uuHl7g1@5R
z6fJf%AocT)46z%rD8afon>qqW&A7?rLq$_u=M+#;Y5$E^5b;1f-Ic+%%stnf$KvUv
z1=aP(SBsamzcxi6RU9}7%{w+zZRV!^wZqi#%E8x#Z>ZXElm#SulifCNdO_^Gl4?`g
z36%7r(45ZX0eWWZ*|x9JggFuYO{ZOqx%S9Wync%DTkr##B_yOIOdsN2dS5G9yn^$P
zQ&TV5DdPI|)}cSe<lOfT-;)Lih!{N|m}{muVA6;n@#`tbr{rH4LwXzH0_hu?e)nbG
zi`d##qKF!C!aF7_zMX`~UD~#EbNkzHZwie}PhDU-PWCN>Ul9b4;{6%!=RxK1BNfAB
zm=PBplL`(K-}&9zuWjzTE3o&}JlSHu?G@2~KK2Whs;Vjo(^1r`4Ck4c<t8K=DEg8J
zHmW5XUbXN^tI;ZObTGauS*~V~mxRb6e+YhxNJUxgyR;Oe_EmhET!~>?oR6f+4OG%6
z7u91NIXl-`Z4$?&Pg<YoWyaUMoG+K~zy8KwzB}CyFBM}{EeQ?q1C!#LzF*n2#r&9*
zS6Q-7Y9+>psULuJd=s;LTo&vg8Z1h2{HsKfmq0@v=^qcNj<9?gIM{CpNoksqt9#mM
z{<Fvoc4R~%L{*WrNYho+{iy}R@ZX0&bJJVoLjSLXFEEA_P){uUhS&7v%crJ2p^j<>
z@onI(oH^to>#`Z$y#GMiaferFPej?&%Cxm<<#s^hg@kKhksd3iG^IY)K0Bd9@Q`|1
z^+f*gC*Kr2<G<v<u+@k0rWRRSfp`D#c|>soAZiQAY)_7GYLQazYU6Zc;Y0DiV7t98
zm}L@04MSra`a(2@9$E~h1_O+DwJ6Isj^>AnDhOL@fAKwL*9?JFqa%bL>WCOum#p2N
zqOTilX{o_P1l*4~y_e6w1OpyUfEIjL)75Hmb?)jqiNPcT52NA5WD;+V|GBH{WT!hb
zLBKj!I|AZjRZ@|8-{iu*ZAf?T)>FhJ8p@`f=rsSp9nunSwW6=|G)5~!O{yxdOmZki
zdpNn9Mn<JHhlSN6KHA^<{@jqpv=m$a)^_@8Al~&kKF!0s3leAi@+mVa?|j?y+8VTH
zh?6wNX#M6|pBj$$-?hDL^*XKwBAw}g5|V@F@&O5cK`??MCQOh>1MU@!?~?K$078_E
z;ktb{zsef%1f4C%&O`dC$9a8dgVO$>)=ql*5MwZfU{q7xB8FdfYR5-U*4e{J4heqh
zHLdBvFrMd**3jYonOXQp^f&MhyhIv@0N?C#5faO9J306XNTWIe$=W<H`*_mMdPJ%A
zTC_nh!g$G!FrZq>9~E`v?BxNrVo5&k7qxn|2kM*CvCUiWDkcUBSH?H!K@vfl{!Htv
zImuE<{$a&vNzndrKK|eUy(4{=F8m<+do2!30>QiYf$&>)D!f#Uf<7=n7=Q(`TsEZr
za&3Mvsfbk21IwZPx&d!arzr$}3JRS|gM<O7qLdDe47IyQo!yQZ!ciN}zm(Z4QqLNv
z*US#OgCL<uNRR%n5QbOvbDg?mas<I`hH|qzE$P^SMGWkY|Ms}2(`kyNlqneY5Qp9v
zNc@bdn6$@Xl;k1t!_J29n}K!;XW&1WYT0t^_Il5cvc(rvZyeP{iihA=ff~b67>lL@
zl>;&I9u1ZlY9H*dBPfe$Rv2$GMU>Kc1D?M8x&)FY0*mj1gNeSHCoG#W{PNlG(plcm
z;6x@GSm`VgVp~A^OhABy+j_jCM6D>l&m|5Ee)LLR;cg~Kgb3395Mw05fH>5?1@g+A
z|KS3F|Mt?G4-LWLa(!(L)pQrA*ai&z0<hp?L+@SgXfv0j{w{HnB0qbMetdlU9(id(
z;6Q={!~i)q49tUCh6zF5x2rD$$aWmti%U5V`u~1R2dZ|IKm3I&J6O67q!B$Scv2Pi
zoW^-@*PTX0#E7+2x1Kqgl+X0h+a0aKjxE9*_%TL1;c4bSrUEAYbu;%ua0iqJq(U&r
z_QCvwExnEX8ThV|Vo;Rz-tAcjYJ%0BX(n2&^6u{+UDden>H^V4On@3be~8|HGBPrf
zy~u@l4Lu~58ieHZ(r`i?FMgxM+s1Cbe#2}5yFKeim^4KxJ7B&`50C|Y>U-r;RDvHT
z3^Ur67>wQsqJP_mAl;#U_s>$iJn-#N5vW^W8nrDznUs!t26%HvAV^82M%DAi?}7JV
zn&e-D<b;GC+B7Pg;9lyxO(gg2(Ur!BZ=%rc#rBh<y+sPpt?`=BvdlmVeqysPx}N=C
z|IqsGAL>Ls*efDKkSEdTgX&6g&wwm0IN<&RYl2)S`pZP=>@L?-IN|IAKYkh6B+Mq9
znu>+9avXX9a_V$-=9KWn$Z*m0!Eh4H-TyY;(B{4~2?Xiv?=+M!H(K?bq|fBunfFb0
zdqtRS9<iO1lT#rV@ymAS4>Yoxz3>utZKn<?O*R7T2}Acfz@<O}<5WU<7Ci3Xp8DMq
zJe}@?MJ5r1+2@qNp5bOKibM@x{Rtu!<~9xT$Gw`Dy)dHY@<A^}vaj_2V$Z<T=->GQ
zQAOoOdjr9P9vqY0nx<56@NqJ`)1L5~a<}pt%{~w#m#uK4yWETGYZUd!_`!ZTTkinG
z%HGtw!I>CFi>8C!1hCIlBAD3YF!DX8Gat^3s%pQ{y)_M~1aIF6#hf4^!VGF8xe&2L
z2u31X!&^a?6OQA1tb!oi>|&^xrdfI1{eU^x|NE0Evs;6%b!YJ6!U!LH1DIwuaPAuY
z+zRV^h_VbU=-#A|-m2CSSq13a7q=;c5Kx!ZZvQMNP)qRvi8UfI+#k=^`U|<Ln28DG
zy+59?)faMz1EX-ZI?^;lL05lQIF@mHxUCjECyTJXT^-}YL7<;Ww<2iQ)u_<LBjK@^
z)Ya7`v?9~iC^C|VAaGJpn<16&tFfG*5~1QN7v6nx-gBZTOcGASop>sVKEx|Zknhac
zFT-BN|KA%uTfa3~K?2%R-j-Fh>0VMl7<RoVScBOI8l<}GMa6Wtc%MfZs%XcftUA;8
zs2s=?o#NnI*^uVmRlxJg+RkZw`%QR!lk;p}Gg1@+3jiY9o+4#>|KaQD?FD`GMqKnA
zCS~cqOtAO1m;Ua9s~-w4K%awu0^8%~%NF%^;{HCP^h<2Bldxl~lB!NRw}a<2-&!I#
z??EX$Xw%SvsE70V_mndrqq+~YW{L5Zi`|sk6G)NqL2m@2=2;1z_cRKn18EYf_Hw-D
z4kT&m<7fj_hp-jNQIf4K93jD0_Qbh+J>xn5@7MF&ywmBQc}pNieX_UsM5|hH6nyXu
z5}Ly{$K3}z5|)=oci(+*_cF&vFANFr!6qoN<<ambF%Er`!wK%iFkA>Vi=I>db1e*d
zZT9m`XP^T01C;C;%1Y#TPVOsm9MGoy+hKD;&r1%8yB+2T%9yApLO792L&wUQ`)DLp
zY!VR-4`}{7I`FiNu_M$s0a0xypbVX>Rb^;W=xODa;mZ^()bZvX6Zq*xnmbg;kAZmV
zKYRF27>UV@3|3|0sKugyMQw9*|7*G^nxzR8mr*b%gd+jEzpb~?F$3FPRH8Do`~SB0
z9+?Bt*MHmlmEL&5P893{$`7`mqm{ogPgu~RY`Zn#y8z`ycF<Xe#RV*Xi$m^p1R|sD
z18LHw#zkK=vG8X}{MV|^DDvgO^LHO?!V}%%=Rsv0{6e=z#v^BFb~ftXW&S)q$7?@$
zVz8duKZ=J0|LSQiB7|*N#_si9V)o$dV6|B1BRzPDiQ-5ZSlxmBB1LLHxcs-fzO*_)
zj^cN_>)4g<R!;%;;nL2y5Cu*_9qfsFl_dpd=tQ+9LaNDO-U9G*Dnh2x$$*k^0H_}3
zX_RTM+ZxBJgFA=c*)hjUiokL;9xg<R@vQ7O%sS*)PX1YkahB_+0CDwU*j|)jq5t0h
zb!QQ;DK(!^{}&^TvH1X8G8^P`uo888rM2?)G-lWAn^)4F@O8gMcAjOc-kqJqBSO~v
z@01<FI_A&qHpOPDScB&d2jSbm`ugEQ4CG$Ct;q%w#hZNuAVC@7wE8tT=fpw->;mrO
zQtja=SOwf-31UjtVqlT*%}wFJr%)vZ-eEM`Ow16q+6asxh2IFNhTDV9^ss+1%Me$9
zZw0K_BM9D8?Rx9Pn=cr;%SQ_RV#+nlP-^4gEZv%rD6GRtlh8X)W`ZhIW=jLsg$6ow
zPQsm}j<G&TBix&P9O3iW=8S;x&QqlHMmr7I3Bc0?AoU<HhgD9sf?yS_>?P?T!|-oq
zoSIh|=@EA;4@rICcA*9<E7gSyX52B%B%<k%CGO7cIvI9u^fTqX`ro2KVYvg0B@G+O
z5KxG<2*Cnp=5E~O&5wC^X6YfUHfu1S2|F{+ujOffvA~&SDw<iF!K<D0?yM{vcl5`d
z)=2+j*jqY-S7|5IvcAjfxFib3EKmS^`jcnc2iBR*<hZ+7^v<oDAo7%LV*OhiHN9N=
z12{J#`gfegg>Vmnf{sr=06)5}o>=X{P<WLLyco;I%OIM9)qOs2zLMuH-qw;i399Bc
zNKyUyNTlBMJ?ASfVcWicca9T_HTyYmX*z}9?Pg4XJp|1rMZp)fbwXRHi=^qG)%(ET
z0XP<pU>NR8P*^wdLhRT~R-Hy12v?BmfUSsGl3iULDsy)!LV0j0l$pWisxF(ENWsm4
z<$pH^rwSM&0%%dvaC1+5!XnWESGX2Jyf7<vcZHWJWpxrc{=F3({;3+SSYTNU&UX(>
z@0iPhPswOU;pwQ@P*-UJ5e!@X_PB|jqRwWjl91C3)$3%(>QHGt^z}u7*-(j&^(WvD
zfSJjBS{}NX{bvj(xqZzcBw*oXb3o{rg;DM&LNJD*;dk6#m4QQk=?-2HV-fWZog@wm
zU$SCjV*~2Jlj+I`2r_W$M0_|^VS;x~JydXDKkU0Cd?zrUJvE()4Y_w|wl*_<DG7HE
zG;^s#d>Qa~+vQC#H<Q3WdmytizXqcH`{%#2RsoKTI*`YAt@=noS;uPgZZD|F2=NI=
z{+-!~^h&p!jK7a6e||K!<<#E?mx*~lMVmO`zF|~x2$2Xu1GX3GHzxVvsS@;N=H@U(
z_UT54ED5gBB9zMjP*!RXx?9-<)2qei6SyTXNBL=G*lR8bI7*>UG8dIQTCsK}|36f7
zq+BC|-)$eL^5%*Kp`=dnzRDeYLRYlZ<24Po6c&&C+fvQ5d_3>BB!9}QT2ZTC%trX-
z{~7YdD@i&|AAlViTkZAx7r&qX1H|16ABvA{6{gvD0qJvg-!3~|umL=RI!1ux2M-)b
zUA3+A|9xiuY{>8{3~*-aOIx@lck$Dg``<^p;l@DP{83$+k`NX+*kXI4wt!(Jyk19)
z3tro7p5knAYrr#56MB$@(A@c)ZWHrk(sy^B0V61J!ig7VWjxBETQe|YK!>m!RzeV9
z+W?Jvw`LXTF9~|g;!z99a(!>kEn2{AW$IU4Ki};rY+j!(V)CGBFLH<)FLeYE3b>b-
zqync_^1yf*67nxRvmg{!W<o-FOh}22H{+Kqs}_kYC)NQEQE-1~hce&!ic<QuhmroS
z|Mn&+I`cjfxq$oQdYh@QK$)L3J4zT2AP%%I)+y#Ll)69C;065rsZR?!_`Lqta5LbZ
z&*ydb=7JpR%ROwX@ES^{fB43iH_>=-v}Ij;%H#_*A?&pRh<$KcE71Fn1|=LY9GV@K
zW#ZK(;1!x6)3XfxPonhnU!wHXW#8#OJSMFCf5n9Gz@n*cYp(GLXibg;gRVDqEl$ng
zS&92<_vJHKl6n_<8{aKevrC8|?tje;8VCM&`<MzJr2}Y42ymFZt|s{MaIndO3bzIC
z|Ky1qlA`dWerR>y72r*v&k6f_Ys!wHX4g{Ko#Kh;`oXizte2UKT%#;sa+H4Yj#uI`
z+z7NflM<^(br&47e6W4B{Y3zla_j8jw9vp3y06s(QpPj2uROp|k{U1}{BxjU5<M(M
z9bQ}g=<#3T;}1baK$tmgv-PARjY>}SzpD(TV37~IEEh%befUiEzy<niNwRGq<}Ba&
z>BdMtwLR~Xhgv*};?AEfC7jdi`ry_px6sv;fCo%0;+_HlK0dXuFgZYMCB?<Xr_*IY
z;Xu!D`d)uH=YPBR3hVBlzWPBMEnEwuNi8ZziS^8CmAyBad}sT8(V4UO6MN$1O09g^
zNU15x63S#IKS8@iV^{7D+J@h<bF<0@$|E1*L{|rW2oLv*uXew+#0%c;)Bc1%0^&Xl
z`(DzbBL85x?GT1Hnsp9~<asjhzXDnnHdKB9mZYJPQ0l1sw-ecq?~=5t$EiIdG7aDe
zeqL?429Vt9I3wlx3Pk1=JyMwA;%9#JD>n}dhb;Kw;e&mXZXQRu!^Obo5s0FKsb}cM
za!NLW4cA0F->Rti5t_q8q15w_^zGA~Am{7S6NgVdPHNQ!XLFdbfvVftW4MpnKcJiB
za)yEW060?NO??fTb}Xl>sop&%!iH`QoZO!|>_U;%On^ZbuoRpz=nf!Z38G)7xfG*J
zzq0N+WQ{yKr#xB5P2hbvV)*dsNN7}H7UO}7%ob^j`fnlH-Zc+UmceS)yjoQ0V=oVl
z^+qxI8e6vfjwCoxJLt@SvJaX}`Sb9RL2(LcNOI-#FV_TG4@r#vUqpUTRq6Qv_<=oF
z=YJ0-w2XoW!|u>SNFSKF+SAh$s-yvu$h+MPsEvf<9xb)DB*K?ENL`&Euks<K!6)sR
zq&cU1PC!5w<@{77d(mk`rC5^+<F&zux6Rhy#V#@#0@HM2>{K#;KqXCH?>0U?c6{+&
zJ3gpfKRMKxCO0Z~Ce$)-@hDzPI}}A@^=YjhvAtc&j)xZfQ(aonY62ml{~|YtW%~*Z
ztl1T$<}^@;1yX2lf)5kZVbklqXi({00`sr1w9U-SV2t4}eX%sKwy`ijy=r5GCimTN
zPy?nC5;DLs9~S)kxcFus1XCqeZA9^mx=vkhAAY(z94H7aDkO3(RLbC&i|rNv@0TN#
zVR3Blp_U!}_9>U@00A&)Cc&wXKWG0b$cOW{A)S#5O3y4WS(z9ShQFCM>{{}UM3*+l
zy+GS|PyG{*;Cjm5o`BJwEEJdn&I}45onR`L5uA`d>3DIQ+2ieJM%Df!o-_4{ER^67
zP3WzjeE`}NS6L`it99O+beHXVzL~Zz(6i(_NIUjk8z1<W1XvX;D#{oGF_A^<D{w<9
z6}sFm&=^*YlY;y{Z!mNcbo^3KK6|ESc?Cv$<Qld62FmJ!*(GO<U@|50YVZ3enR&k~
z0acWXF)q@2afaJ0-WFg4Qug+h9T5-y^I%v?s2`4BOY)j@G+E1tHndyL&s6$M9L;&|
zJg&U3Wq^|L8<<+3PZNq&P81V{j7;U{c*j2q)$FVDQ48>+U{S0b*~Uw~Um_&*Wg24`
z#d$J0)C}iVNo4T${`d~vNj|aN?VR(YCxaq^-9?Y2%t&JGB<nKRkFe~I)l3g07MqH-
z=#+M48(RLTUosnW^qWWM?H9fx1;H?NA3|lzp*##h0n}F+?R0tA&(;Iea4E-607{+8
zZL`uaXD?xG%`AMiFJboTRY0F?xO<sVyRh)Z2F=xJ`z^9m34}=oVhYBP3IAi+lFl_c
z5I6%&Uj-2QOylf!XX`f>+eJ3?MnH}mR{R-^!Fs@;l->d69t8u91H*Dp;DblNbdvAs
zd^kRrCsJ9$KH+u}O_7985kdZg*TWbaG-c>rLD{lV55~$xe9p&oi}nFjL&^D8fJhMk
zT_5a*K}KM9PpGHGP<rR>_2TWrjIWVIL14y|6FoJ7)!En{h`_M;N3u~x;)a9%^A@NC
zNZ&66sP%`2y|yIa=Q3aE6SR4%@Kp}d>CU=m`!eWkgOL^&V!LOkN7kxKmqj-vO9-(|
zBgb)@kbD_b{1F`^H}wTl=`ri)UpFNkUwen3;@Ps$*D5dH{#{_9pT(`Un{2}IF!=*{
zaZx<SCJQ}KTM`!+<hUN1{Z!|RTv4qD9S%D=78Z=RP5O-J(1VKm52|<1pUaR<Jp46)
z7RW#f!VtOG*B3`tw6wISrV*$mr5a@`U_Ngrz+#zle}uk`jEKNl(*$AsNQ<Y-V{$=4
zfbnBP>?IAa0fgoOX2T!_0QRNUL!eN>7H;MZ5=zH|F9a{At4$EM!K9gNi{VTUFo5I-
znEv(?$c~r}!Bh-bDnE(uTmw`!F!w9)2<o=Pqrsz^u!$MpGX%7Dq}HZ^j|c@*A6DaE
z2t!<$0@)cDWMUj7Ye9A;yHoFX>noP;1Ja96f10+HbHtIk?0*uz?2Z0%v^ge)L?Kne
zrvK?jm2W;xM%q5L0b@bZ|G6#f@Z0h!J?nTp1XfC@y;ff=Q5YuwxPh9P?jkA~#T1k~
z#VB;NjG=L0n_S9Bu@|2y_jZP!F0i85hmnoGp<;+5dno>9V)mTAI*;+b<jjypUG<Eg
zzl$Km?pvSG>Q}!T-gi}+zi<npy{zjXGtzEzhTEC+{4xAiyn}6R(;WTlv<@Z)-yXqU
zNLbsX)~X*McV(lX;-=tXfFhj70L|$3)!$(Px2@unS#WibRiq(Cxbtp6BqS7-I~<z^
z8#ZAMu@+P#ALZKq9?Cd79C(79Qtz-REGZ*{R%-*MBb)&)rW05;V#*S$GchSi^LaSX
z^tXWVC!uz;w6YESZd;+nyo+Kg_UbrMw$hS|D_<f;0BH$K2N)0oZ4PKw80g`nELxSM
zfF92v3#C44a^0ks{R{>mT>;{b$6-Ii{jJ{3+~s{G6S9AR@fDTv`XVHfmxdAzbn+30
z8|L|mM4Gr@Bw(pfK~chLM$YzxHaC=cYU<9ejqayW{FST>8@2wEyC|iTx6A22Eq^n?
z%!_e4>M|@{t%8&;OTtz<GP%>LDoOHCH^r0qR8e4wYF0n9xS=IbT&2ivO{0YHjhs9q
zhpfRi?Ip@Z`kK3ys^U-=AxLIEn5hLbzM)r!+@9>tz1&-9HOZ;lQRvqrmojIHwFQuO
zW9SZ;ew?*G{qlX-MiuC*P>3;>OqwXwP{`LF&F*^=j-n4{%!RVks48ww%L9U|1s7w5
z8r8EjE-Tg2Wl2?4?AnhXk^7|~&bZv`0`7YYY=$(>6(GNXrID~`y-#pYwgC)L)R#;H
z|1n`jo~e|}5KJw(I+=4g1F0Jlj5?OI63W%}@_1_^F!ZloXwF72t)6y^hPK?l$VdeB
z!})8Z`+y5B4mwDQCu|nhaW>Asuzx}t_(ddlP{UhfO6u!Z%wEdyB>~^Zn7R7Z(hRX}
zV8ubW8IAMqO5_sr^$Zqc-^ut(mYahZ+m)gczuaBW!~av*N(3W=m2r!Ii)uF1@v`BC
zo&LxVqLMtN8V5=mN7}TJ*N>}SB1QgJ+jIKRWkKim?F!^8Qms#mFhNY-*wTJ;fd<?!
zPOJ&0$W?Wyp@8qzr{Z2|N!kK$Ra#;<Qab7_@N`2Q;k01H=uv1`@n5<b#?dHMc`J-q
zTge76wihAU(5plivq0>4oH6llZUj3vtsXe62%9|5IWsUztxE~8M>@-OJ|ZE=UaFYQ
zfto{j-lF}dWfU<aX21?k#^#d=QdN^fiG3wm3o_P<>61tOCqE=Gk;mW5L5tcIv_<}f
zMaG!#?Vof}s^<d`9lKPx#gH8aqw{uFK`DlMrCvUBq&8Z!4v)np2!hrRtoC{Xv6G<}
z<zoR=0Tts?b)o8cOkZfziodNtw6pQ%{gjiWDWFhH^~hdJg^lN8H~Mhg7EQG7SBBGS
zX32x<<qoTK_9Mx<U--Dx?D&C%w#wXwmGOiz>qwU<YH4!N`_jMYB1J=CseEwpvnQB=
z_X=dNOC&}Vlqf)*!ND^DpO|9rvqx)QGyCT?YzUupNj=ZJD~@J`ZZNDJ<fFwfN~^Sr
z{q|H90TOYnP8)67s6j&R0IZQ9cbPFYlKPh{id3k|bv=N#R9M&u`=!^2V%^lIqDBSO
zR8`*!Cp29EBaHB}lbnX=$e?53#_fXU28i2IC{{iS2CmZ-cmw=_v`T2eQC=~h^&bwq
zS+1gHwC(>>^b+m(-cCcf)dzprr1~m-@UClLG$VC39LxIFe8cT@cdC&5zMCBVX=O6U
zkb$2UZ(0|K>&!pG#i;yXNz)b8^&{8+C|2}1<f^;o_NDQZ<1NIt=M=9XDm=7-{)T4u
zk-q36(}U_i9ad`uz>BKPTJC;(dRFgepng<AQ8d93w?1QMRR8k-(<(8`92<VDwtNGo
zK8|S$)!DLNsvaiF)Q>W1Bs9Ha4zf;Bd5I8?o5yc`gnmZ$`X^N?C6<`<8ll^~EwCKR
zH=^8w#ZVG->U@3n<c_4iswTJXz&@xoIjoc%;bqCiC?6flR{90V3H5{dM3)L;;`K|#
zX-vBcL7^(v?xI%h<7A1WawP*yQl%<ED1g>p47L6)8f2!nrswP1W)x>Pn942wUi3oc
z(JuFtKFz3li3uX+znc!@9B^Fjg*tWy9FM>AxAhxoU_tg)shga^Rjk-H`_AHuU?4Id
z5Im=ZACX6FTOYSt<K^f>dl6wQAPcd*KRjt1aX4;_Bbnv^#EvAMbN)DM7d=m+(-1z!
ztlsp>Uh;Strzly;WFT#jDGL>=RWZ{WtMRp|Q<0pT$lCd`9G~er(jrcvgonElck%FS
zz49o|K>5|ZB8hhyClk5!@wU3kD}0gu`v2hzXc^B62D3zrBsC!ct4CCzH&lvzq9zYa
z-CH0cAt@u_zgP`RrBmMJ+S-?EvLsS(v;$L8OpWAE)lp(S#~pJ(kAUwh6`BX(lVygj
zO-Xh=6t4r0Xvm5^5wG|EWn0EbUC05-e|-Eb64;*TJF>EP&4OlwBBR#EHAa-{>Z<9U
zaj68~8_yPDYufX3@5WH$``iR<^pkJKq#}BN#|@;4KpZ7U#16A`xnDGi@Id6`x%!z@
z!E!*Tv6^o#(&u%mneeST?kv>&6UJXj>Uq1V4=<7W-Djn&^2l>{qsU7>-L8CV_*?@v
zz}b?1rY^h3g%II0?9PHtQCaq$N%=ffmT-OQuD(q;bLO|})ql<g6g64@6*XDs-VOWW
zBQ#%anYE$0Elfw|eGV2+0fC=-WW<+p?@=c?ArS+~Fyn!JIS5^?VoB?I8no1W4SP*@
z#BA^A2eqo=xMkj~?F!FQbmiM(&1V7m_yz9THQQX|7weRV2AP&n>RINV`z#M8WRTNF
zrFUzqh_AkFKd-ft3jh5S@eszkCr^rwbzSiM9d;yBdirY(92Ni~`loB`{|8Rdk%2=X
zhB}RyS&N``%J=x^Rgj0>a*pXU_3-y!)RGHUQrI;V($<gIjTH$xd|J$q(kN#VilJ4r
zw%^*3pVc}b>1BsP3!rJIdzM?e7icjthSniY3bjv{hiz5TqEe~S`PKZzGRl_v71V5<
z_?mahj;p~pmYs`n{>KIQ_q`w)2d(~k<hDae<3%qhMifVlfIOWQxXIw7<+S<4k^@&~
z0AZE97XOLZ<Vr!`aj6@DY&&xXKV^l*Yry0{kYh^~SSBpLf0rMLzNNgY|B4$&e|QON
zR|zp96IAhU%7fBWb#&XRgj>p+vNnkLu$$tpe4ne`u6p2%?}^&5qORg+AeGo;Yq*wH
z72=Vcr8X)q=jaq}+5heVD7F_%r-?Vvy%tyB-cvZIm`G{9>K5t~-YpqUQn<ZGpow1j
zo;mDk(q$Rh$%Kn6{mfDJ7Z)M~KA7?Jt7H@)iTgjAR@3?p=FIkuP{QeSE?ge?%*o9x
zI6w&?2=L)U>R4iJ-7ZA@0XGm`4&#aWe<TXjJM_ku&VmZY+M8}%eC>U(dB|$wKMk^p
z-Y=%+i>|Jf6qJgta~*MOsg$!V)Ke`qvyvCZnsHHm^|`5b2(nO>h{5i7&!(vGTlS0j
zalhV?cK6J$9ebFbsg$@A=G$&2*b6%;=AXxAOpJs=%;FR=bp?|lF+rfz<Lu~~kWiqI
zYzpv7Z4e;k9UW>&!$79Yyv~oJeAH8uB2Y=mihk0t%}q-|=eMDbtDXNLfP_+aNZW`D
zyc2t%O>?jL+)+3+Y6ekDMN;R>Cqk|l3LUiw$5;28SNWDYcri=X6)Txk>>ib9{xleG
z9w?@WHC?2}ujGxZ0PPWe4A@cc&UPhARTQD6gPOP__!?y*KP>Z&S{*J;MH*gZKxos7
zg!QPB1a%4A%6d{(MG^9K?TlJOUdAatF%`^$ppyNowMm4q2+{(%E=mBMd3t)TG^*Y4
zb&6KZgAJR%`UOVvETR;IrgAeT)=l&bW9c!?l(T8G|FbZpyQ}^rFb8uWZw6Rcy%G9_
ziO7PUv*a`*J3q19!P5`kMr8WwnM;fIB$fA-*bk^@-dF?Sa-@6i>j+YtMdV_*BhqH6
zuYHTP)>2RH7mlYl7GK~YZvF~b(*_SCS3Ad};&DheJ*w~5)Yfwk%da`6aZ&tHCwB2~
zlbZ{4x3V<nwDy)kzfA<;umzI%e?)+sZtM29?z^)l-#<Lv7%z#x{)Y5J6h`v<t-bVI
zJyN!Q!e=j@ycJ*e74@{P;uWq2zZ=(qI&11(21|(zffJ1g!an>>IifMHH=3ZRClZLx
zfP|~!>Sf3uXx~Z(b%fu#FvT<uiS!rdhpB4+6k!nJOi)*;Q1)<ftdl<X3+F9MSvvQl
z6H?#gES0QHbU>)nA#^M%W7z5K!~xE$bTCQxDY3$X@rlxu1W)iYszyP_kW}RFXNWnl
zLed5yziL<Bd*N_EI57bnr|9t)KSxwl93%MAo!{AdI@dj-U`ilwD%`v7(`j6AE=X%X
z#jrkU8$9&!l#mw1MAT78T3NDv@fVYA4~IIo%zZ0#oP0iZa+NuHcKkkcxE>Fo39~kd
zwL6E;#R-ViDXI*rzm9L?$Z1Lgt*5bYLU0+x)1{ZvxWK4lJ}U(6CZ1}DoD2_ni}B(h
z>i1FuS{&kPjom%RqwNmv8KAqOvvJ<9<}BpawVeT#zg3(kz|IZ$c3?q5?J;GlCfitN
zC>mdbz?0UxjB9w#r;s194qjaK05ml6@+j$v@`1IQ(Kdb+Fh0oaSs-zh36i+P9g}+Z
zNA{zt38Oa$$oQ<<{-7i*py>n$#-ovkkiLX+XghVYrIP1ApEe9N%N=Aj)3IknRd)To
zU^P~=z50U7Z5+Kp3#gLh0Pb%R1S=;!Z7N9-DO7Ypz)iX@%D(u-JcuESBSSw4_KUTk
zt$m-101DeJ-%fl!KqYwlSIp#X51~9>)R%WT=rO9ovQvXXc|f}-)6P{{Kdqv8j4?Qs
ziA*Lcwei!Ym<oD>>h0d~UIKk-e#9gZ%D4~bQf05R!6)-8;kD0#=va)Yc73-RU;U#s
zBCSikGZIfGDoEpPr72grBSrh*F>yIJnzEEJ2>(9;l0l8t82!X&cf~vGo`79*Pl2`z
zNJ%`#LDk@QXUyT0x+ElfUPmMqJ(Uu0&uwC!&py!gFeTNO%l8!$U`wavKnKi_Txmp&
z>R=S|BUJ?4!5PpYR_K-p|G7nTSS^581&X?fmkrm(BuRTic)awzy}3Hp)Jf>YIHXfu
zs~t_6{wyS+>|3PFsiYp<;@Pevik>+$y#k(eQ^@0TNX(uSW`C7P3S=9K&9VoXDH~LO
z_&8i&QF4A{dR3<!V>?*dYhu2ro3mN^vL5{29L)pu=>Iukf4PPq`z}XY@`=nQa}9Q~
za&k`jnQ)@nxG0TtIBG#&M6$I!g_>$_@sgkQX&LEXe?=g@#UDzaKZPQ-roKB)Wz5Dc
z&wZFr#P%hJ@9%gvt8WH}^|QYuqys}=!^4bB2Xen`2ra+Nzr^xPMLv|2?zo32$qTwV
zB-P}L5e`fro_lpOWQk@xxFo{s+$Ka|Ld8mX9%cWX)OBwpnXxwP6}(7cZu+hEm<GH#
z6|=96ln|`j*3X@V0H7LUo9C6k9N?Zf(a8@bnf6V7@mi${wLzSxdOe|uw4P`|Qg4Dc
zTT@(RH7M6U&%Vk&FNy(yNoa!BbgLAH@Uquw#2{f*x&)!?Tjz10%wCE7gm5SGrS(+t
z+H?AuNa|kjL8~yUfEB?>3-|RsL0_rq#*ds0FpQiAlM)sfJi)S*qy()FOrX03U-d1T
zkn8yF?LAd*{a0x|P@z-m;`rhuu{GUplNTG68Pc0FL=MrAw`SGLK-M%QKEB#wn0$>?
zfWA=Ev3aCLg+~8UW+}H(*Y!6Dcr}que1*uiDM)hNy!!q!mPYkG_)|;5nZPQ_fOsSY
z@#)VkXv<a_@hysfA72$eJV0E#=QDF?mJ$D}PYeb@mtAeO->xrR$TcHrht)il4Ug!I
zliAKOkxz%-`+wN_%c!cl?|mF51w`qR=1_u!1xSN*cX!tT=}wVu5RmTf?(Xg`rMnx1
zXCLtXj^F1$o-xiFUa<GtbImp9HDg`Vf%B!lj5%|OF>?gf?h8q23Fg?7cyQng{`4`@
zI;0Og8?}*30@23RKQ(zeu9$Y3){LPKlU+yUVvGFs@7AYxx5rBxvoF#l%ln%JFZ3ga
z-dZ<?qQ4J?<lq5<(%_Dr!e~hD7{bm0WI~r!0<lfV7f|&F&fr6OnQps1jwW|xPcrA3
zhI&HF8at?xjK%~Gn38;6s>t<Az2%3Bz)kRN0a}F<S2;1`nRyjM<iQ#>&?*9*s;sp#
z&zBd<wh5#p$*1(GlCeNA3BF;i#a5VKf2Mn|Vh7|P4ofd<-8yVw10Cm}>FM*j70WnJ
z>C&hhCx)k{X{<y?^L0|~Xf3zO{kOz%RZ>tw8Uj(Px@8A(zQX=fV<?}`(0|X)B%`D+
z>nG6Jz!h`}hM@WbGq{kAkG(dD&R#BVUygAl;tZjxgVGPO4r#WRXjLkLrKwa6v@+O$
zZg(tJ%^pNN$Q}B%SyuNApz9|H(&R8*s1iB}WZ(hB!eWedAh7fKe5ggGW7i+2$RzzE
zi9i2R%9bXU&q^K?M;3~k`@zL*g{}dO?ht`d{@t|UG>akci1i!j2x8g<o*CG8nC8x-
zt95ClXd)pNPaVoWy40Ektcc1RN+Uzu{xdkl7_Bl&W1<_nWoL7~w_b~X5iQlp=8fx=
zLa8IZEz_hpKc>vGqZcVs2#KI7xGNpJo}9pG+jJ`(;GR`ly!I5XejuXN5jHZ5Cs8)g
z`s;gM2y`9&KN}5POz75mITFq8aL5ltSOT|6n9tCq{n@=wC{)m46-LMFpSPNCreY0a
zvn=M<`-p$1A2qD=3)3E=Zwjw)=L?|unH)cz(I70vM1ZP5>iCtPoCl6gAP@hI$j}HM
zI4e>hZb~)-_Mn450Uh}mpA&I3>9R-Q;FX&WRzl*BOdNVqaBM<cK;z(&v;5oScWds?
zo)ZyIQy(9aWdWpdH8|@XP!JkGTG_v`Y6*-yp>q|^+TkUwyh0me?uweGad`_zz{K*F
zYBAlDmcP^_O#4i+U}T-I_e-Q!B7?I=&`Z3jPYTtW?i(t={`%?sj})xzoU%0GAQb|E
zAe=PdTC8(yJeStf9#37EHbTdq9HS3<7Thi7%!jA8mG%he*uV4rdOOCa4*0}RWrpzE
z7?-L3c&6Yd48Z?6OHhvfYv6q5Ha~Ty5OE?WuG#H!3G!>v6v=}zA_aE4SB@{*ePuII
zhvN!@evpDqInOAj-R|fi*YKnBm3lb22Pd;gq+-ILmJkrO1~DZpa%Emch?#aQ%p{!(
zK-)!5%Xx=1@8<$HG~XJbZNGv^n6vRI*)y@_yROpuLIQxGHV7G+!Q98iPfn4=f-Fx)
zWzzMBRt*qI?wd_DE4kOhJ}x+8SdC4dlcLmAiFf<4D6pWME(>|?({#@usM5#^2H_LF
zZ3)mW&<obiFi%cN^6^o#5$J!*#8q1>$?9t5^7^L!F2Xq4Eri%tggK-4<o}vh80Zw2
zEjwP<0)vZz2ESbyF+~zc8CfnFdkKE(m^sKe10mgKiy66|Q(&v|@xq7+JFBsnqwz3-
znF!a7n=eotN0$M{C1<#`nq_60|1;e94@Blbd5Vup_C35sIXU$|1{jXAS@Zqayf97*
zV+qfd!bX*PW>vR->pQbu5_5hZG+*c%_yCn(w^VC&-vf+?U{Ve1I->xQ7U1Mi3p_xh
z@tVzyE^KFa%{ti5yrgVoe(fO>4GwyyGAz}b5KQbJ!VJeVu_ZrSrY6!Ks2G@TEb)Li
zc!fJ=f(mQ`)Fi>WZDWeqpf1cLxnud*{It4`W<SonjE{b@E)oI81>$fEeq;y7C#zuB
zs#E?CeKDGpFKlk7P(-q)yA<b?3b>lje(8S-B>exRNF6qSic#SHJ~$Ykso%;E0$3t(
zP2mXK&ZN-UKYta;O1r=nzn3?qW{wo`S;}j5DIGK1e6@tC<V+||HVxc*cn2c=se@CN
zE5wpafCpV+iaEV+M-U(ED#GG~onQ3!`_RH8Odt7p-Ob&R@6T#+t`>{mzcJQf1uQn1
z%!8Y#rF46;hjd+hl*O!^5P@5-PS$<-25H2xGkZLqy`bHXVlrkQ5$4KIdeO(ZXQpg3
z8AIO&N(_XfcZnYrT)-m4n%Y(rsB>KIF9iXF{An-I&6pMeio=i}ppElI*z!X+c-*<u
z%HKmag?!JhEx#T4adq+yE{0x41Qv-OOMT9t<seF|#}zjOOWkS?K5U^fXyJPNTy|Fd
zxlf8IowMAb$dU9ltv<8LEI^1%P_9l7Q&?Vtqj5j<zvubceKke{#Wzg21>lza>X!}u
zJ1;sXRgy+*o@lI|%48*YitKG@zwzL=>0LFK%I`bgGR;eFZtCt(r|A5HI~qHmn@^S0
zJ&?ao1%IsQ^K8}L4fcfJlygz{QH<iUNi2!6^BDvYHd;|?eLL+J11Zb~rd2VJp@Yp0
z-QI;jW!`>sii-m+{gmbV1TehfI$ZL~S}^2eN4zfMf*Lh?)x`MLAk6Ou@s|LVi<x9z
zW)YP;)lkW#bXfsFwBa%(N%W&du5)*$>F8^BNy`g>&3cPC-0tX8U-l;Nz4Ked-pdJ|
zdWxoNM#=Sta6HVA^=swEWpCl?NG875NgZ~CvrbHw&Piz-SvWv0>xAC(1vkuxw7u)0
z-6+SStF<o&r?$8uf%bYsYtujb%K!w>X7qn15eU<}%aDVjg~EujFJ|Ay51H@*=a(-z
z8D{(Z_W}TY>qVfQYeyVy#HG`Nz}OSHWRjC?2n!#p*Lu06#4fEZ*X|XIESC~VUMHMw
zO{((F>;`~F3x43ZHh}-mlp{zr-Nts^fTn=)Moc;KzJU=6GUlqn2y*~$D;QBPF#eSI
z{N^h~;@57Uz;`7|Lam{KEP!lG*_`sDrJ2tvw0O1n1GPMC@)#4gn*`w+zINxS4SeG3
zZUROU0C&kp+Ri`(&;|GTCktw&8<t%CJ>7_r2LX>_ZKGn8cC)~pR_rO=cQY`#)PCCJ
zM>n=6C{#tgZ989Ua{Cm?S@F+E)@@}rY$D@zp7Mx$|8YmMDJNCQ0n{Y#0Scx{@Z7je
zVBbRqxx5orQN?!pW&Hc}dN%&jouZ+2`o$w}yCR!#1<u#(sKlLPe-S!uMM(<&SZCBP
zgaithPlRy2G7)+6F=~DMd)XVB^7!EXC{Z#VbWZu6zFi&rSPA+gSWq26boegws+M^1
zry&Ja7hlz`zc%v5nZU?02X5*JRiN(l1QrjDg&_Ax)!|X4AWQ$9lpw;6^pTs^D}#Xv
zQ}Se^*Z=(HBZ~$5!>rZIji7M>7p?GMhhniPgyL7}ArGNhh}F*AA_3ZRC|A4pdcSIR
zuug;UNh%B9gq0kA5n7(}7KR{0)Q$+SV8ohTu%{Iyc^h0X@GgYZ@@mN;LoAk|7GSXo
zreiS=Sr#(^n$J@$^1OUCotmvHvjdpluztlVjrqXu?E~#CKmqF(B(>g-V9vfOZJ3?g
zv#t@_=fa&qll0)v`K?a0!@GlkMd#`i8*(H1W2nkkU)B2jU}v83Xa;YX8B{`y_eC==
zzYJ2$=PF`l(IXHjMm9}GSV0I{%S_}ZNjO?xIy#{;!fo690uj*k_ZREnjAd^Gy?#fq
z6wc+hIo$DZWSDkQS@M-ClCSB??Ev6A)_CZ=yA=Z3;8d%Q4z!NC&#QU_D1iAWbPV~?
z{wasZ$xW#XO8&+Rc1+<)KiNddWCgUKkX70qQZ}Q_kS3#X+p@PGTPMk9UAJwmC>F3o
zFi(c<^6JBk^t}`=nbH&9i^%_cj|@r9m!d!#dpqW<lYqNGoZ!V;bP{(w)h*&Vgi#xs
zjrDbZ;YOf9st2T4jK|UiXzb2=&ouTkZQ~a^gi6!Zq}B}%8Pc*Nxdh=z(9r}1OKl|_
zLUwz(Ti`!dgWLWLF6B;DA`z?Bw)Qgf&g5nV<5Qw#y;JptH#G@GM<hP#CizVLbCbjn
z-F#Am1usq42Nk1iEl=u8kut7@rS{*1(0fmOnD7+*H|y_~$(5VLm~ITw%vF~MfaC?4
z)|CYX*;-@T;@!hOnObuE(2boLdMS`}J7B-=al0N_%@BT@-xm{!=l8lpJXcJRe_=Yt
zQ>+IU^Sibg^kg(aTehQgSQzSWeRr}`{x$Ef=gn`CMl^|ajTAx-O`_cZ2KlQSe*igb
zLy*H$?<7FSPT>9aUWs0%91b$B0O&9vvcqeN#Ypn<Z{OZF28#0tjLp}&0lmykr;Tl+
zk&<#-ZSKaWyJ9igx#8~RdmnEw{v$XB&n2mVIHS|I<13pHHH=0g-8FaFgk-$EUZB4_
zz#Z<H?~^Olxg-RuRKFVewgA#V#n~o-F8Wb%Wh$CdJYGhg`->f$<%*^E@Z8hQa(Gb|
z&icKYbV&6JMwFg^0}wu3B$F88GpEFy#R;&XrA3`g;}OPlvXJKKO)vXG2OayUnw~lF
z@lbrcp};;vo%H|8Z#EPc1jOPo+f)TFvc|VJmF<}o#qU4v6D*CoxUW>cfo8w%C#~SC
zyZSrFSIxncaJDxMf^d&0xHIk6bT~R6LIZ^tpgaR6R7AD<KqXDrPz)_eKW@kanqA$6
zx_Ata2jzp^vqxV8`Q?h-@oR1At^Vy9hI8MSswe<ZtJ=ocwi$v$eV>m40FQpSfBgf2
zp9fM{ZC(J`l8*5#v54?+Pheg|++{{@SXh|SQc&;5ng#Z5jxVPGFIFzlTk{eb+2`Tr
z=Em{<qz8U3=I2lSTBwhl*RuLzr8)}GwgL!&mUArTYz((tj-m;gS^&`rh=9K-=knma
z({|KXxGA?Y390B4sCB6pZ3@2vcTPgdVt>xNOY*JlvDJ-|{ZBXs>9{H7Tq(U?2C)tk
ziOfRls@^(Ma1_(`e?*RIlGdmYx#<Av*H=!m7?Mn2Pj9E3QV3x(chf(t=R25%BO*c}
zx~1TOA6ZoGKl}jDpzw~EQ^u8Kf6Hu<ym*m!m>R?DK4v+Knaxyx;(AH>#Ky>KFP<yk
zb|82r7-D%qf?Som?I4-SQXld6DifFx^126^{3YO3Ojq;uYK^*yI|T*OWLZ)BE_*uc
zq#Me=jhG@G%l2>Qb?tuN9&ttQvgaB-cDT5CVYtt!>EF=I;qMw-@HTSDXT~}E_w6S3
zYvGBOPTITOnZb(h69OUsk`zGq6JbNCniJ4W19#UqFo4;K{Z}!epwU7<q&x<Z8Pro5
z?*7v03Ls(fGOeKT?rof%RpvPDCCB4*u4EXOjQI1z7HEUn{W!+*h_#cES>6XQs@ltg
zWPS=~3~@jFnEQL1Q9r;}dV^9S%&aB*DSMiAR->8Y(!k&k|5!&>I&y@^6ei}$arKbS
zl{>PKPt_!ChK<Y*g94EhpGj;PTkCxrtpJ7wikjp5m{}VT0{e845HGqv4KOsI&I>D+
z;5-*iR5eR=GJlRD7Qb7R!syGb)R&#YEX6o$VwDgJ0A{DbwZ)HCB9)tF>h9IQ?xh6?
zFj2;*)PD=I;3tV(b`*h~@Wa|BK!gxMceG6yKMX7K3kjrsi~w7e0pS~VO^s+|*zvHL
z=VH1rkRS?QgQ1<!GVk|44L9pY{cDrO?m15)JhRcVC;4Yd3uvy0QB(F`gu%r*FY$@*
zqY4jludD$)nwQ@HA)SByhTS@=(T1cvB)4;Ob6JQ@+7v55*HA!{%N0(696<KQ`*PWS
z!5p~S5J(14MWVH+=wlLnPp^M#I+OrVF2}RI#)#ADKAzE$v3E8lZF)3blC+i1G(^3#
z-*1gY<&f9SXUU74FN2*QyzPF4sGN-p5Qw}rso&3)45UhTRu1HbP*a@%6#^~Yp&4bt
z30mAL3zEtQoIVNTasJGlWS0$W2uZy>_t<xv89tZH!@hP=@>C`X`AuA+^Ej~wNq*C$
zhrgY;#3@=XoR@{lDuK#p)3e(|nbX^X5n@MmobQy<{<aEbH3ZK8#W&3$m_w~8-w;9g
z3Ge#@(!iv6tMHeFMNeq@jeNT8Sgo?Ur6i1dqn7m<Y<W9MiS3x%P3yxao(#Cublfqj
zW?+W4x`1KEV~I6FI76&)!?%7NFuQd(UpY2by5a_&%`jo>U14QO1PcHn1*IV=S>vaa
zZ1%^JP%OA}O;KQ=37nlMr`0N4e=H+vpe_M37!PQ7@dWyUI(E_}rE)%;d8x6oM>xIg
z)2Z^HcmMl((Cx_EGc#}uLA+oD{qW9&j7T37?Dc+u)#)WO>KnyfgDxq7dYdeLzHkKR
z7R<K9g;Fw<PC>nel>(pr25Q&f?iqD+;}q?nNiG{#Bz{xhNM(9~dSU~GRGjpv(g=}K
z`1W{k!)A<TuS!c=Czhy`0$0?Ku`MP5Ys<%FBgza4gohkNGYFcRiy`x5Qex?)%(>l{
zRG%}xT%V4hmai|~({{_$8wX!E=}Hq(Q1cJKyRb)q1$NT!&Y(f__>?drAB-A8fQAzT
zvDzlkLOv(lq`O2Q7i-Q^?M@VIuS1=H1aqK%LybAc3x{HmKr;@R;=EE2SF;TeCjQIg
zKV^B>rpQQBuVh7~q=Xa|aUi379={!lw-)3Vb3Tj+e{DzGd;^D#p7T<n6<vs@VA^S#
z%Sl>IreJzLzl%+wKw+=2s%rR4>Z;ru!qOvX5Xcl6^if!(9ZOgk?<0@(O3m<4NNo5b
zaP9Ffv1z34@yzW8rp~3LY35szi_|c;*^wL2$e<?1zg8lDAhHsZUl-r-*||%$2lc$~
zcvhv{_SnXw;!;}9O=UpNXt4eF0=3I#N)oFF+X?RM`R3>Ks_|L#Ebk=NOcw(7BUtpb
zP}R!T8ub7LU}i2Y!B7MG^y=Dz`tN*p%eTx12D(H2(YXc1W%1ql+mg-)2Da>*#v3~y
z9%nJH&=gh?BCcFFTboK9cjf7vH<(_%vH94&>``*+lv&WGFXrnLl#;@Jg0OVX_Q+At
zK9g69Lo%^>huV)c&i>-OXLno{tXVT`im#T;=6G!x>^^b>P>XNK<|8c8CHzIA$|*(2
ziMn%7Z&Wg8)L7BWzAbv!>>k>XT8r<;-Td;#%8%rJ<J{tlfw0$nX(1c-EY}RJythC2
zw93J~GLpU;w$EZ^jla5hm%lo!rJzltf|f3#D7%@MsR93ZH;c2(<4V2ifvR-V$TjJU
zK*SId(<K?S16-v)xW2z?DNXm=6r5}m4Uu&(S@=deuBM|-ketX=GM-3vq9Cn<pzA3#
zvs=R}$`r;<vRL&@eAq@!Nlb1XbUA&e-Fcc4)w^a9rf`3MHbz!kP&I;v*x7MLJb%t3
zRj|1ctYb;%a?E`!2ff<^<@&{uA9Ty28%>#-CaAoNb~T&x1a6u^ODFE9#O7V+!5tO1
zO+5wE9HE-a$Pq1F>*a%+jI2t)&>qX@xHooVK3H>+yj3^#OWqdiHY;Ibn-x~K;v*>a
zD(o9f1)$<=DXB)QJB=8zGH(lK7Jlj3YqWiZF3a@%wgWfkwDeLa%B(C2n3_SxXm5+e
z#VgD%g(^;NYk$32>Qta=bkw-(GUA}zVuw4=lKj5jAxGWyOIetkw7qKaecvHy!B<sV
zdSM-;mUHIyup1MkdEZX;Q?dVzW%tN`y#TUfh^F>a8M&kr^I=0H14q}{y95H&@&RR>
zNVU|d0{Wi-s%}n2)lxnlJK`^8vD=w#`^%g%E<i<ELp6B(TdY%cB2`@LpUXegRE5z^
z+!<X>xq^eqS(&Eol7k5~B2?C*E=gxLt8!>}6qsyFo2f)p^c#5zuqdhopQsoH_861i
zzhHlCnq`wt%MukWv1WYWWW@f?baxP>K)|f)wv+5q7I4jSh+6X}HDK*PTR(vUPW;O@
z74R;J6dfXa%m(>KUNWwkmK0XZBMp0awi@fv5T!d0W?ZJT7e_%%PIbyv*4VqI>CqWw
zVx29T8ui-kEiIKvJ(7oa0l@{;Mhoc7ub7})&P>PI_l~!7HjGoE43gffhDZ6#Fzonv
zyHv^aICV*Rn%k^zi)y>kmzJU6y^RLXdD{I_)Z2&;#w#%1dyj&5o?gyMr_q8Lm2DxY
z;l{V-4u1XRNXX}U=_KiAh)z%V%1PCyoNH#RIa$i?ON!sgPy)<XuT0v=pr=?UsV^_l
z=H{z9LV01!OpNFi8H19I-`o{E{^s-h(|MJ{dR~2D(HAq(`AxFvxDL0}by$6|cHL~@
zES&F!X`siKh$<%`R@QIZ<fwDiIpu%u$Ea1r?A03dwbC<i+_J5O=S>A$hacoM6>R%p
zujiGtI^wBQOfKHTl>A_58yzp_&C`tDa4rXr>@<JtixlT_pg7VS&`u$A`%byu!+<{R
z{8@1-;Cc)DQUC1K+Fl>6UlZ0(J%lA;I~B25rLVEU(c7s6eI4oKf=)OVbqIZUrwaEa
z9tZZL68jJMn2)j>N9)Zgy)sjm9NwZGUZCF&n)L4qIv!Aqc{JA|$J!I=2uGV<FF&X-
z+AYQe^->K8e1gi;T~J1T1xCi|j0p<tofZcZoWqP-C6=>_Czih%*l6{>ePPDUd=r1E
z#aX75LujBk`(fR|^<a>u`St&+w-XA*2gJDaxfH3l+3TIj9Q&dM-uqYb+?J%8j}vYZ
z4BeLoyUS>QG1c>1?iUQAh1YZUmR~0<)O6hTi<;T&&PMlJ$5TcXSH<{K)i*9W6jxat
z$p3uRe8zm9aJ^zLQ=SA16Ohl^l^FXq#~=LYu&pzzP*pV*ca`v-*!$?#8+IhpA>f7>
zbGkm1NH6Jn`^v7T)h%2`!#wFdjo5X((v*z89BzcZpJZ+^RZxmk`Bi-7#c74I>(w6I
z&NS$<FUjFgMo%(${_4HGM@W^_1=k)R$hQgd3v#h_m6_i?fqEB_lU>)OEXP$BPUXmu
zmp@o`=yKnQ^L@I98T;>S;p>JJC^Z5BX7t&0vl2s4f<ik^4X)aQS8KQlkD?zI!a~JO
z`YPM~W|Fm8oN>~Am*R@2oFC5b&<_tJ7@6eFc~F_XF)!(>DWRDl_SQ68@*OYrvnUBU
z&|GpK4wtTuAFczo$H7`uIe-X5q|P=zt2DXjid|VKS6HoC+<olYw;LGg$y6AlWoK6^
z7iBH`vqiP?G1)T3V^IX@N;k@0$o+#>(6)}Bnesfv0^G7#gcu$brk4S%W1gX$n+S@9
zqZ$6oD-xg|ow#Ja(cI-@*qaWa&j%q>vO<hfc-5R^XrC)>TK!@{v4`Fkv|MVQZr=dH
zL<(F@C+z-ZN94JpLC};-1mK=PQ27TYK0|F+q^a+k*}CcT76ZJl=!G=16W_=Cd|w3H
z_KmbB7Tkiwx_C1NB+anqpnftj;1Z!RmNTt}CDGD8nnR6V@@Q`_6#uBceerwWXh2#;
zE-dNw>)fR&Pv2lfL&<HQVe>4m=@l^{SGkjLkQ!~}Yz*8aT54~$FL}`yQi$NDHO)}9
z%Ou7Xk}PI1^5?uSEAn^rStV2ix-14vGTr=YH}o`wLOPF4zGd=r%tgw4m~K?fc3jSx
z#&Z)25jQE+4-t@8ckG@+iVX;Soiv~vb%T~Yvqi|3K9v=}YP8?#?a_4o(fKurFT>qy
z#ogwljr@FmDs<L<!@)`vjsSYOX$|_g!t{v&(XUxvuRP22U3h#CQV9TcyE4*VJAaeL
zx!nznWp$d*ug3MP5m1$oQF65larx`Ace34RjkT$t@t%diyyBD9MT9`D_0K!ek96i(
za}?gpQ!oa0Jdf2pjlBl+aD6-!7`%e~&9HAyD<t*2$QZv2H+i^Lzh-1uG(-ZI!J;zY
zPouC9s;$pvCxq6onmG((&Fx3(vSUaK@dWi|7pSWdF{{e*@?1!W_%zMRg1CQFP2&xF
ztbb^9xZ<2P@jC&uYCfkvQSg@1B|Mh7yzib%iaRvxlaY4YK#A&rT-N;WMfRiC@OKPK
z=+=9@BcZKS-erLjNT->C81yLx0A8YPu<h>mK`xqjWVqRjn!TEoi<}p);w`6iwTKbx
zzH|%1onGDA+Tc>Q|3ZPuO2fR6W?UkXz7Zcmyd>i=3awn{%F2u#>j+r5a>@)zu9dZ>
zu!B1s%<1^36YH=JeHmdYYqpz3C99RNlp0f)zF)_79!T5H52Mja8|=GdN6SayZ~6e*
zukZVG>jnemV~2RlGaF=xD~Txbeb!^$qSZrHJlyDW>%YCbYncPV4F^M1+zVUisdqP_
z-yaPE=rD^);i{8fqnnXb7ZxIN-8+55+RT4DCg!FJk!JS)D@{WPLsMhrPk+x{4ofpB
zTD8CwCma_IhmdK?z!b@Qc;+V7qOJ)PAESIg|D@8JO6;+5v|S#X-{uv9t(@}x-L}M=
zvAv5Ew`tRSjv_@`L{;0Uyrq>beb};whv16=4xJ8<>Ti4}yHgT5k6mypRwYfr7CnSX
zk#6iETO=-^YKEKasccz^SXN6$x@0zNEvY+_eV6kwJeS8NdvP@dGqK_ah4$)tI1P52
zAO(zh>zEJ>3}Xh%KBV!5yUVWANZp?$E7})RZle-lr%L%y_p=9Ex)g4bnqpN8_VT{`
z7(4fBD$JjH(Lbt_qVeN`jiZC}#i}?J&eD^#F-PN+99-3X*|})>8WOi@GR$qtN2xwx
zl4#5kXsn0B<jkxJMo8QSwNh!hEx_DZ1+}T=>l5s&YcDi5LF00284}r&!l)(DVHbUC
zWenZ+L?XwM-(uBI`_ycoEgmt1LRn1)T?O~HJa0q9j0R2GP0m_Z>IVrcR_gxWH`9@<
ztP;|f>tjws%Pzw0P5p@$gG5?GI1BgA0t(nT!?)U~4r=-7QGVPis<FE?wxHu8r`tEZ
zu*FGYoA#6G@X1O0#zrVRlY;!rPPNgnRE8XnFwKv<?*{(HShq?DsDQGIlCNir-#gEL
z<KtBHIP18xo)o~H$C=yT_s-&T48QV8EPj{5UZioViPv<xU@Iyl<rc!dP36-0$MM9M
zpy(t%#gc~GMonfqo;)B%h-IG%Dq$Ws-FC@Y3blTWjCLU}+rHd(q0fz5CNi&j%jD~X
zqc-C9V8OfwI^o6Sm2!O=3Vg`dghV#BQaOff&1Kj+71=<b@8W8QXQR=$=M+D+5ocQ?
zyf(6E<#ns)_LfDyl7<@`rY4QwJ`*)ef_!<O4gz2O*6%vxdUE!OG?F~YOrJ}(H8Z1I
zKzpTi2{5F^{@DV0HdPxjz!vlsH_bMSn<cwucOj@x#7@-4t&}HFXKedNOh0_HRse?7
z_Vgrvr_ahV_7*P4A?WT=z3rz7Ug}OxltwK0b(N<eFgahIHGSF>;$dO)k?5|6<l!W2
zO{%-NON^BIq008*ml7ypJqxj{tl+XWO<7IDTw#K#h5w#?XJ%$?bPrQ0r|Zg0q0<aZ
zv3lztW^|+4MyrrymeUyXe#6$^L&qJp(soqh>P4y;a<sH&0GOW0R&KnSep*3Zdm)Ct
z;ScUfiHkc|vG|`<0(KWdXSZJ>XM~a5hJDP?t1jsS0oO)X&EHr`6c#Gj85VB%cz`VC
zVI%EAGja#9ickKoaAmwiOo*X@?xd$Hhm}3cm+_otE}{tfvv4v$znB?PJu!L^Cvtd1
z3XulUykj3Rc<j-LRIkO)D>;u5)7&45rAf|9fU;_KsundtzQT@Su(KfcoWIAFbAUg=
zRbE}D;C6{8LV`(Vp4@94;_CZyx^Q-QcrF-;><{7^69tL+X*UH?35|D7bun#OfB!BJ
zV-V7us{T143CCWi&&|S`r9hl*uc%0MPBum=N&7}N`7?W^XlhoJU{-(84E&aAyXiiK
z<`iO9yRdamf`83g_wTq*!~8on1M$8ANUclc=zCbh@?Bi)10N}4{aXG4FcHM#ads<D
z==$fTzkv2&P$<y>#FiT>p?pvU$hok6=9c{H8VRWJSnH5Ca__WRwZ{2^7-7jals{gw
z?(!@(A%47Sb}O;sXFb?~L^9`l`O;mpMvnY{@`d;{0;!9Hkg6}M0Y?!&;$r#(-_)6D
zzb<reA4EC}EW{e!OZO?tz=HFjopE5ChGK)#t-`8bkrr@TZmaP$z=9E6jojdB8XMq)
zM9qp`R%?{G&3+_z+*u{Yn`G^&rZ2&dM_b`<meD_>J*^ajDZ)(c?cN_1d{*RVOj&I&
zqA(z%<(hrp#`eaT75;E<pjdczu+JUb*Bw1mB<eje(q5cjWFPM`-o3*YLmed|mr=%9
zz(0tMp1RU`l8j^)fc9whyE(UHSw}&!`$yIFWnLh7TuJg+B4(wj<d!v`&7r&IlabCw
zJ7Xc)-Q|&=*s>eKjRxDhzLyO!1S_bbmeile?^6lTo9>%8A5Mq|9j`xhBAZ!-<%Y%-
z&8x)IT-7xtJHlx-pHRh&#4Xs44&~J>f7fZTta&sHPSfy`m}kfSd9ZwS&<(_+4Qu5|
z+;FyCN;9=XdCe8J?-*ROu*`v3TNNTqY6)N!ws`NBlo=ucbGckZHQN^;?2u@%T4rR?
ziwI($-d?k&NC_1F-rhr~`)dicuWAN%u*Gf#FkRT}^j7rtvtF(q`-R1dl*vf3G$-aE
z@B+-3<v(nMSzuK8nKd@%cW~4v{wlc1m77WB{F+h~FZ4$8B|7Z0#&2*+l{40ZPgr{E
zG$R=^9?fw_I8Wq?=A391?*L0#MtA1ua@~s)d)!r@tgIM+dXJH``^(rVUw-U0Q6-C{
z<LQUq<{y%bPGO7<2G--0>AG69`GSKFJVC8HlP#$i?-IB$37#`IcMk~Bj*9Liw&Xdv
zF%E}69t*Yn%<1V?u*$yeSIuZ2OSITy%c@l0P8ldsH0AV>TEvvhHyth53I3npI6Z#-
zRJwYw!92V*uAnTh8XD$LD5R_G>*ujhq<XN|WFegW1PpV+dBB<-uccNqculIc6babT
za+w=id?dmL#dfQh!j*u%7229kroDF<oZCE?h7Fh7D7E)J2M0qFeu`9GHIxoC<u~DQ
zgx}%f(MLh$aSuA3bSHiQHW2R81fa~<)SG4P1pL?%ySZ<rvOM;W^G8#}yeGrT)SjAl
z=Iv3$(QK%#JG?0QTM?m`6j#iWDFIb-n&zsj1!~9Qiau+GeYW>^n#)p2l0<$pB(7)+
zw3my>VwXF+OK2L&_zmlp{=6;C3<ffSaDKoM5OeJ1b$!?g<yBrm1`;0>E0k9quA>sJ
zU77yXO~c%%1vLsf!)Dxc0ij(gm#q7k&}=OHXa(s}^iaNBr=A(!7K+PPQ0s2st;nmh
z-Z_%Y`{ckm$&Kc3MqK#^b8n)|+of778=Z}Z4e$SSNKDgYOq*n=#PtphR>lNtS}7w0
zlgts%i3HArklkO(e+~pIF!ko<^JbcnjZ(E)%giOxH*kIwY=p1;=G3=c{NlIINX?&U
z#%h&SRX2Xx*>nXks8Yj5UMK^OxleOqb>W^!AcFor<-_?X2MpHSV35fCpzwtR4Yo@_
zzN#*CxL>eavOA%e(Qxa`!~;S?pjdc9ir?8$lh9l<lRZ3hT-3zI=R7L;%GJ#)q}a)9
z(~7Li@|l@YArfl^qD)=l9YgY`YzK7SF4*0U$mJu7)5Fnx=^(2u|JM)wL-(C4@vEy#
zm$3<ty?TyEhc2odI^~pzpux_|(5SjfdrEfgtSWbl`w5)S-Ut@%-)+zGb~%i@hR1bS
z&dhdF6LNZz10^Ua>63{USGUfg`7&HShO)Bi7-T8Dxqf)179D@GR(moM<hLO29`^pr
z0V`7n;;&yyBt^5K1Da|<x3{m>4UAO9gls-$mD6Ji+^E#rfT;<mTO{@<VwVGZcUuHe
zxpKouGwN|7+BtgPq@-u5tO$5UdZX&D2xt@B7#6@Rv@_XVuOX;Ot4wGIn4MC7O^`3$
zFf{t@HBqn4{}>Z$Fiv2Jxke!M1C+3Q|9g8!<QW{WbMk?UXY#*^=FL{b7!f-w54e1;
zde;eLQDkIgye_g_7{vC_0)FR2ed|hnw{)OJj{2t@A%O#qs=;=Dgkp*%i2CnKrY_39
z?AY-=Sp^*hxFtt7(Z93Guc6sdFWr&qhd9eCel7&{_c+b`#b3~JoC7)}|BxJ@e1THK
zWvm8I7SfbyRN-*vB93(ANZ6@Qt@V0^JBTV)6|Pk<`MN%AM`5@>G~~^L=?i5e{@&2!
zkT0}7B%J!?G`hQmPo%+?19$8DPx$>VC`1{tk2d5F@9bqYsyNy8%0oQhYypE1uk?<2
z=1(H7SZQ@R@y%Qawz<linAw<wIIpxNo0A31z*2`992DGK)!^P7BbWw^M0~;mxY#35
zX^1oCcBv8kLSVUu<8c(NYfV|Pi27aHclz(kMCCy4d1<sn?>;p8VMC%kLOkRfcp1n~
z3WS$Lc{)QZ>V?IqE*es9GfkFhi4#+TeE3fQc{~Kix%>tLb8kO~`|Y(kJdkaO(xG2Z
zbNqd!@5&zQFDpc^ntITt#{Wj;w!*HD#Xft%l)y=Q-|nGqoBO1t>SndyE8G^x%3-(^
z9jVExLMT#B{InTuEUmt_Rsr(~rK;udQS8U=^I%E62>I0CFZm5|Az*JCTg>fIT(p`_
z)!4BLti1J*Q1-Tft&@7{&b^#Y&YW@1(RE1+rhc`+Or6~}%XI&AM)ZS&-Rslx3_r4U
zeL<h<?W^2bW-ECY!r6DY=H*#}MJM^{uUwsRK<owS*ybnL;FD-DsFa8dW&!mse)=#_
zyRSa!`tIIbSy9o?7ttMUws0eDj53}4#rmIz6kA>$i<f>MXRXwA2%^^BS;*?k;eq2p
z&<Q{oFbCIVxC@aQYZ*1Fwm^np+CuGzX+Fh^>><bNUu&gBjfC__X7n=Q%^E$SyftOi
z)UMJ|2m~s!XDK-kre>eEXO$%-W#vhVwvjSHwdRQoVu$+*H36m5JN^+eTx;EqAL!?8
zd9)wOsHw0d>=H}gi7oKEO4>SU*y#&}TY0jZ;3}3<3ar<9CG83;d=Fa^2^{5otc{9X
zMrbU2J4I8Om#ZCAW^cVBg+)DexxWbqfte5(WEPu`72kAjKzaD!_-UPgWR}=`E(D}@
z?n3qPlV`{6#-Bm&mvn7Ke413!b$Ai1vST<7Y;KF1*^2NBGIB*PnbFT<3YP**f@<_+
z$`H-aKa<iH_q7yJroS%jWMbX19hV`p>W2229+!(^oLCc!7+T-|v)C^B?*JF_zRK4E
z4siZH_Q)O98DldcQH_Pz8*}iEat^tmikpL?qKa7Wx|blWoov&+`?Z*XJG-J=SbWvq
zsI**@T1{d)h`)tRb;T)8sC76}rf=iVx5rYEdc@HIqrpyIT&>(iGWN3w-X<&}UCFt;
z_p(SlDB9ti$NaPF8?U|e#RLr|H$4W!?>yCk{E9pqO~aj~GyU5jx#<}A*oW9XT7w49
zObol@q#8As#=Ls@r7OKN8FQ)Vl*$ZWAo~`Ux;}MT|Ki@jf|dB8<z;2xaCuB{U@a9W
z!PUTkza?lkCN2UxkA9)R1|@XA5hHe5-8a$qOPYi`!mzO)?paFD;wkU7)D45#H|84*
zUWxqW!Xr>QQ!+9Bg132l@8vY~s~gtr0kg5j&z#LzbCa&_qc4#%zXFm2qIwxxsJUrY
z=qabv@#Nu_(;olZlkg1==lwUfFck;~GpETvtU~*&tLWk3uQ&hhD1W@e+>34kiaA-I
zmX)Yp&SB5qyK*~Lk?6P%`~N1r!{~qb(b!0-E%XHl5)FYgimsVco!$5*K=0v2rlel1
z{~d5rZw66$Rk|Zs`=;Uh@`aaR&^|Z;8D}aEj<!BL+M_#OM`inVf46f?>7*P@7kSkx
z<Qg|=Ux$`C3x%q_$T7zViB9I5zyNcQ&p|>1A*w^1XM6BANp6kMORJ&HoHE_5=9p9*
z?Adfmi}KHt`MN<`Ap8LBL3eYjzaIp)$A$-+W>nWKoLy<ko&JWVxnayk0SR<NA7&Vc
z_8jzmBv;|89%y?pW|4MF^R_nW-5o*{PdcW3&DD+%JrR4l<Av$u)a3rAHjd|C1e8uG
zO{cL7*t7gQ;?gFTG_7>LK^1foeUq9&nTw6+->J^YIzX8tH9^A%es;NqQIz&wnbTii
zPIU%<e#_ABKoJL(MU3ii|F*Y<eqZ%M6H5Z@xvIFL+X_$tqdOwI{S(R~eP+sQ#gu#t
zMt*QGVA|asqo@|aR+BdlQmhQ<rCLGQa`&TdP&WxMZK3nPSeZI7Bl?6NLGn4!tW30e
z`&62gksVeDWv~O=uc`-{6C=@ZmjN#Mk{O~09Iv@UqIiP-Rlwq44bg$rgRHrfai8~?
z5}>sQoW1gBm!=hF*ftp<$7pDO{!ENfGjCMyBTwH{${o*7cnC;TWDS7|?E?5m>&R|7
z?Ny?cF}rirr>LTJ2Q2D_Vt$kA?Wi*oVJ>9i_ZR(USgn&Uu44b~H<Z#5C1dD<p*2L+
z9=4BOm!AI;*~o1)y>yx!#@520wB$q~AkG!2x>&$#&n%=8*^(a(MSD0yVTTMD9Nf+|
zChhmIZqLlH960PwN|w9lAKm32P$qC|UBy0~r7Z;@L-5#Oijd8?5E`bm&(js^%NY~W
z-O0=f#mf+}oE~i!vXbR2kv|7Qx25fE-)=gyYUhH-o8m@gO`nFp{s<8cOrm<Cvo?}3
z`W%c{5T=qSB#Btn^sC}DywY*JYB~*GQ<FnuRII*o2?IKBx{!vU8YR2;XlBOr)B}|(
zSjD4$<kn$J7)}Gk<DfDz)=xRGUmr>Uiyn><AXNS+*VTA47G;XdSVn}#dZBbl_vsIY
zron_!s_S7+^$!Ph8~&dGL=WhC;O~q(Ul8&pBb#36`IYu^d549u!mEjjC7{&r5K$La
zb@m?evVdf}Py$5^xQEdzjNXv7_una4yRF@QGDo(sMvZa}GupRH&TBp@sNSl2tW3d&
z);O7BvM{yXuX!k}#kXlL>COgjO2{sG=EuJPN0jV3@BN0WW2+ka+H)_CwPB=!K!FAP
zu~i+1$3#lfao73as^cLZr4~=D6$qv>Lfyhq1W;-_{v6bG)@^p?yr#{MQ_rUTn7(S_
zV!5u83R&u@x^lN`Bv;oixXI?T<SJ?f+E_#jr@y!S9&KE@@)K<&OlG3e8tRFGGzCTS
z9l?ozdHbWSX;9Zw`S>JWo3eoU4{l$Fd-N3VhZ2QPl#zctn@^RvIz*wX2ugul_w+7d
zs3UYz7)Gs+XvBq9=v+&Rj?Vo>!1<YMYG9pqa~_x%Y9^KyeRQJq;Q27^v0!`TJIL`!
zlBlq9rLZ8zgfP3T_U!Y&nT$IJd+wZM^>(XMLO((_-Zt9oE-aRu3IrtFfiE+&iQWAX
z4YY_=%~B~al-m|Qc0Mx8@@rpavp~;<SswhHsp1X4>Nz%%3(4Ibd*KCp_tg_&>H7Oz
z6t6twZD*Y(_;%tzLI&Zi->Mg8Z0sE9-9qNaw~8bqe=d!_)&IaeO$1otdCiZOr`kAb
zDDraZk%e^^_41p&<7MeG85}DG-P1p2{oydsMky=%$}7B69vk+&vGLR~O2v3`Mh&gu
z6ExiG=btt_CkVNRDG2JUztAx^IRx@)*=(zoLNI+u()wb<{`4IGK8)64MoB3nI}>Xm
zw!|1HOQ$UN9xV~DCb4Jf#+ZxnuzT_6ggbv=MW4<5PT#=i!Z<iVg;Xip$_9O&Zx)?W
z8i#l@>PNy~f;?;>PlzE6v0Wo+YWp}JVFnAr;Va|VvwLDeYPDx!%W?nE_QD`q=24;i
z%1`+Pv6bFY8;sc`&)7Tk?y$}#q&TN~q+T-k0gIcaEwL=8(U5rI0*LnJbc?CV2s}wo
zQ~_?NQV(Ll<KkEn6>1@S)gJP5d5-dFqmnhaXG7t}y*&L<Wv8k)cZ_~EsC_o2c(HPU
zaM+TaNcWnJQu>1fF^<%2^d4Yv!$=l_Y(_(7*pu+@x&R9ZEI+Ibpqnke-o>AxyZw{&
zBsrYr#SEiOjMQF33-DL&Pe7%0>hdcI6q_&%3Zi@oO?Up?!>c@t1%;|9FCUV6TOhEy
zl_CrSDw%cV9m5pAv7zT2Y=-1K?3#YaU#>y0EXTH>RqB&o$n7%>)lmSor21~VfS@IF
zjQ0@x1AY-XB+NqwO%F;awl?=!G!})1)OV*Yv1)}eDbQ45Wap^9E_CmFl4f?xHs{VV
zEn29J8nfHSBL)M3H^DB|?@geVdSS8Fy=_nSbL~lnxT4$8_M#94q-_<^)7yn?OhO20
zITF%as%H%p{-76c<^zQB(&k}a<j@$UQrboW@TSwnd<XS*F1DuZmZ=vN)v#CP-@@rd
zTD4&S2=#5lg-_zbqGFJS_UpN3oU0}j6ke$aKd*d2#zj(W4cxQtPrIn1zJ%UXkOpml
zlb_yOQCp6SR7=JaG4z`A(oW#XzH%xJmwiGChkE*X=KTBLNhf^NSI`ru`7T$75MoBF
zVb(3>SFwy*q2ys47yxBb2V|5hK#ugqklmmkOWm>!ezwvC6QH78)Zb$CxIu<YV+MvM
z!UD~cG;=Kg>3*5*j%*`9?D~t_gKKwh&#Dt$C{w><pgX&(rmh5Qt}&R)Jc?)FKgS67
z&oPeBsV2VuZ*@Ez&{J1#Q<r%36^KAZ<~@DMszCLxR;u)=0mhbKfMHCDw;(_ND`W%#
zz>)W7T#V7YoD#Imb+_+rl;Xy0aObdOhueI!Nze#P+^hvy1*J7KLVAc@=nU93?cUP^
z8qgT{`5@BM4H8G)P3R50$9(e6jD!0-1pgKRm*ly7*KF#-yG2lavlm!WY^4^YC9coD
zo$74~$Z72drerJk!wKs8`ns~lbct4&S#jNq6xUNE6s~J+2&LEcSeW|{;I<H|UUzWY
zi2LQIf~51C?ToO(mlfB00H@Da0|Uxsw=0dko~*2_?TH*zuIt~h1H(t|SL}^{FBf9A
z?SY}WdiU2SzgWHzAJ%OVHv$h+OsTWkS_KI5Itjitdj0CP2iU9D$_E%KG+Tg6!6ykT
z_uc+jOpq@O7Dko?4MD8Y8Qkbj^KL?<sSDejB^ZMg`swG@`K$qY_k*CP^C3Y|{`Y>1
zy9d%F7)r#hs-UZ)qM~>vOz|BU!LWFH1B?VT4lo9}E6B_L9`Shi1flE)n9P*T1yb1`
zuGc;|ovttWIs=?$mH<y&dSfG@fPjGGY5+AIulR$<lHH6B&<GwgG*zIq7AeM1#$OB2
z{o`X&iSt-ll^KYE)!i<pl<TYwqI&ItSsZF&l4fRRWRE~|c~gk+`-xQ`BJr>MO);M6
zi4!5ARA(RGGymmE0b=Anq2N*T!%*-%{YLqDF5I-LIDPx+VCs{(#RuNy=`Yk;k-Oio
zk*opSUp<v36PEKPIVx?pt3izKU9T-6bKCLWYkN}GUu=)TLKsnBpb+}=p>j^<+hV44
zhWhKtqT_l5AWm1ADHV(Wr1=mAb~S7;D#tMt*Tc2m`Q8jFK%iIE$yrAIHThhGs@$qB
zx8e%(O5dhCq)E8-HN?o6un@37&CNUo0`ti>BePL(!k$mRRx_9<gynR=eSqNYY2ri)
zOmFWYHaoDQiq;3Y2K=T(z<wg$y;`)nf_gV)Ec=%k7=^v)yjRpaI9N$L7(=f%t&8S<
zGoYo4Z7Rii@sn~K!f5tozqF%}GPfM-LhJE1w(3V^W@e^9gv1Z-Jm;Vi{fypCx)qvo
z*0pX;ir>BfLT5Rjoxz5lYO&3&-s)$yr+QWqXpG~Z&xatHO=``HOj}j6i^Nr0QPB{|
zC@0bSrKZyc_Fy~{GIfe;xk3@ZbIu-AhG_Zs?y4q#A`|}@IIETX%z0lMfVnfO!QON<
zoV&RhmMd;oDgy#ah00#OzAp;c4ud}pw*pkf7W5*~d>Hy3%z64zf9IINv)Xem>k&f7
z0BIG_e-XZcHHXEMiG(2>@lOE)!Ly5cF!>%k(&i(2S0>5-Cs6oj)1hA5T}+HN3h+(<
ziw**RXH{&X@_R*SGx#Cq7uD*o{QxRI?A`~{AY8`o(KNo3Bag=h6Q^ANZ+yP5Og_kh
zaxeDhCRAf+7lFBaD;e3@PmSa&50@;7cGD`34>wyyd|3LgZt4ijkAbs*2~fYaFrk{P
zG)5i()XU{D<;?({F|oe?rznWk!^N6Q?27(R84{2xzBwWS8Hl`UT;lQbAOBX~F7%|j
zO~>e{)k2U=$>MbSl)8SDy-~6g6@&`1P_?RGwb==HH;Wy_&Ymo+JXG&IdLy7#(~biC
z2jTC@*5Rag0Cu~TueZGyJ=_mtY#Q?U>i|cDfkLOqR03h(dyB;{VwO=ez*O!pVxyQ5
z5@0%w`boB~&-S_P3Q8IV3Jr0VaX1k0sSm#ueh8#XvRqympKAf|d_T^*W6D38FY4KU
z@Tj8w`fL(e^`RkO?Ba+re^Y?n6mc73C6}ZZfH{{6AEp}|zU}=Oy*2|V578pT@<$WZ
zLAeKubrWn~c$Zsb52zkv#A5R7cPEkR>gtN(ivfF{z-(T~h{-UqHX!={zj6?%RqYhv
zX$k|OK<y4ADVg85xV*>fkV7!$u!Xzt72)ni)X?4@C5DrKu#y0l^(s~clA-%SSpp1F
zhPzozX0ywuY^^e1m@b4ei+@IKG#|czRWYB_>_4a9{K+^QgeB3jdD{a#P>#FX@|7pi
zM5HGP>rM}z$r}!~gI`cK;~&`U#d%2SoG7Wk5C8fA3-mLl*?oLl@)jDBIthsrg?Ru9
zNt@g@p|irR=Ls0F0x<4>Pdl$*Y=%C=xUXlD=>6)BKKqaWJZb+L&dz?YAXRX9xltmF
zQGnUSO8*^(^gk@8M)_slS_*hXqzkGE*{kOjA@b2}dwV>8?r|8N&`Vh8O?|xd*?LsK
z;{8(kGyD#+3i`zxp`$?x2=c&$H`-u<p7<u}e)ikZ5aXC!>Mvf0czt4Y-t$A=M>B32
zP(g2I##zZQy@P}>#k3ZcQNNx6`ztB{uuJQorLYQtDYS1T0=z)bWWR-yZ$G@q5P``<
zJ0_?8i${)~G8Y5)E9%eia|l$MVG`=_ghW{D+T$`&pOMzVIg;6X4yM1^Sg!&Tvu2(@
z=Qtkoz%S@oz<&Z?Hl4%+VliuXKG*~1V`}b%G|XfqK;j`yBdCL@)?^57$o9bdAahUF
z%5m)XNytj5HH_mz@0A1AEc+7TbwreVaD;_bM#~}Md+MbVy(3_NdP#fIoBszVdx8?;
ztVDuT;@ss#gGfjFGM^VBy!)0QoQDva+j>0g1D-sFun&~YM{HHFSuB9^8S=ENKS7}5
z_c*0QyV8FV3<A6SpM<6zmaJp+93e^I<vH%be>xp5MYNu`IrAIbP8}x9pa}Kk_X(jV
zZ1{zBRX_VlGEuqZs7SSt=){J_;1UHHvO_w5#JLyIpLd7|{!)_V-*eO!w@cW8=Q!Mp
z9|3*4_1#RI#5!>)kgx+MMm&Rr7sL}mFFf{gPF<pf#^)8wl9lkYRQwJr)Z&3HhwPC=
zhfoa>hPEUd9B#P9lZEm8L3up!l(vFN(X}P@{0GWl@lvFv=FSsjbN@`RE<8)8^x!=~
zBox%MaK!%;PMcZ5-i@~tcB8t8LHCo0X~*={Fr@jO(_azzm6egfP-moX$eJx+pt(;c
z!#;>>_p!qHJ@0oL*>GGuk0-0iSFCmxgiVEOUHqenr;j?k&u}n=L<ENF<GPC3D?i6U
zh_)YTo*xm(*8hS64cPa@bG=tDqTyu8S`)>6a2Dn%TN}&8Xn!4u11G6kdlTD;2>h@1
z*oLBTZTRh0g2uITCjt|YY95K+my;y7@!02;>=5ueAN~L|52@<+`PjvMTjNW~&@XX$
zki~3L<nQyr93ldd(4s_KQ^!}}K*}nAnLu@T7LBElSJOnuzvtkv-0p<}&mrQTaCt(F
z5@ABhn?{g;%7=1dTPPe+S|3@q@+-5_&FGc@3@<5K06#|()e3U*YL=BB+^;K?wlcL;
zB*&yHFJH{#zC8>++Yo|dOL)WEC-G{_24KEM|970wx<ZQo;rVB)423jH0qHfiMenBK
zVg_Oj$nv`<|ApM*kMB>pUlB(9=PI8O2q_rudJ(hQ|L`#E|10?~@BRae{~)6$=6j7F
zNMAG$CRiY6p)v=NI^6f4(oDQ>wvGFrM~^2%dLJhQepO1niiLvg33Dv8p#z2`51<{J
z+R6K0|ATGM;Ee|+6mc8!y?cll>{;TikPu#sHFKW_rWi0lHX-3J{(+|Fg?qw@Q>BW%
z8e=N%D?^-EeA@H(1_W+MFaL=r70&03;y)zwjCz6IHK1o>2NcZKzGKq&^n#Jb%o%6M
zc?QHYPJj_A`M--odjaEmh{T7bcGdQjQgC<}WB&v!=hG*KMC||Km480573mj4I~-xj
z<<67EnwR^5Da`jz0Zs6<>c#)((I!&QYZ0HP_7#JAG6@4v73@er4<cX^-b>k&{qNdI
zp@raV1IU0t7A_!3mP#9<Qdxwu_N34=fTOMx6o&l=g8!2y73L_V?>7F-y7CVbizn^*
zRUXm|=kpIiNq=v5iu_M+p4BLq{8@VhiT<2d>OZ}}NORn*>7UWvd5t7Q{lAMsgoWn1
z`au?0boaC#ANI%Xq&Q$Xac^*k1OG=Ggh_wHiR0?Pgeu*gKY6+Xns%hje=+#M=U_&S
z|3jUSz4EGj>YBGjr#iswpoDs=Nf>y}CBYG*0lu2`7j?t`NAtry$zkd{(KOcBzIRH}
zU_Qn9vM4m{;httd5>1^v^M4mk3LS;?q-<u^bnTy6o?NE*oS@csNah~sZe)MU`-em1
zKTUg9yh(Hjo~%dA2(@%peM)4Ge`4IJ(u8a=a5?|n_eaJ*c=VrGe|SNqxU{2nO}jm<
zr#;Ezd{`V<&R{UIk--0G0|lBTOm@(F=$-<%r<0y=iS-9=JpA8Y;djR}{LiC3jo|W4
z2`t+xUtiDh9#~zv!&moM&5v9{4dL%PKcGcq0Ce$^IYaKgn6veE??4g$WfhsdhG63_
zWoQtr<MWGJ1IR%93k9FVO)9Oj;Q1-LxM#JTZD3_f^1#>1dw%}(?`-U}ZeO->i=Wi~
zcjQaP%Bc|(at&-DQ2X&q7U(De`9ScWVNPcwD(FD4VYg2O=>L5xv>wuD+}ZgpL*4l~
zPD`E{bv2vh&t{m}bW78d(`IQBvAu@KF9;$$g#e9lf{QT}A%%WEyXJ;4|9iGP*<mc;
zt7o^}Uz)o<SmN4TqCj5Q7X1Hf<J!ZaOrtnsJY$Gr*V+)nU{cH4Tv7}}E;C`uRw$Au
zT~w4ZPh^rImx;$@QyL8`DvFB6xYssDm@XQZMB_H?t~86JrI5^?$$B0m^Vj*~JagXn
zoZs)9^PcbhKArzl{H(EQ7peZ$LLXhn$?rh0)bh;mShte)EIHQ-3d13$(-q3U`3K$0
zGT=nG5X!l3d1i#V!R-npnxQ|YzLA8I9yZekgz^Gya_$0k%pIjD<I*W(&e#<8PTQsD
zHc+P;w`1n!nlq6Z*hQ?eHAwdi>JF&XUdbmE_RLb5{oZ@x?%)2%cX_E-64qO;KEkfG
z{?hXlFRa>~mccLE(gOKKB^tRwg3)L(VL#rJakO^CCN=AHuKg+Y#If0IUFP!Bd)`OT
zausHDMT2sVsL2gnfxM*y>Sc$Oh_BUo^)PkZ8@K+~<SZ@KQnLDkFS9I*%5lZv*wgAY
zC*P$6f2>w=r>yKB|2&fwIo?!SR)fJ|mj_4pC9Kz<&KG}@*g0yaKKos#)uvc!N7<)_
z(b(Cl{Sv-o4E<OH${O!GaF>}>em-z$`qXQf71RyCDmy!Qzi~qbEf|okdo9>qBixg~
z;=hS%945+QT%;0rw%~SCjjHuazr^aS$=oukAA%Kdr1-L^y5q8S^R+xZro~%pO0zy)
z5-QRCxulvcE=N%6J2v%I&PqBmD=lJrcYBpggi)2u-$^{%B`jY~a}8(tne7)xQXlFj
zAbBnjJ7zu!Xbi$u!v@(5M-w3T8v36ko2c2{Md@i@Onq=7KVx;@m}cONAZn<8qSo+c
zcPnjeGTBMMtMe-l(+f2FW8<{&xe|Lw_*cQ}*3E2J&0|4trm0u##g}3+<~r{~+a>ya
z2>S_vS65XuYr--m)B%-Kp9p8_ik5^63?v-{ImOg%#xk^UMDtIye%CLg2PRXTotgr^
z--n2##2a(qK3N^_gQ;K50QN=azP-fS42%5Esnt(L4|yFw{8-g*mqWKkKlz^+JY$%8
zZ{pu1B0ezCvQ<OOUUwoqdbIYJs@{+xYxS-JzV7&$qje_P)|lm$`T=hXpX#Q<H}k+F
zA<iUsgw#j0_=a0DFs1b)E8J=RHVVa&Zte^%;op)Y6=xEO3M~)o4XB=BUl^n5xv%tA
zeTW_&+qH8<nZg&J>v<NBN7_u)U1xBQPo1GY9V24wfyjxt%yA=I5EOAf*`_iy4gn^F
zMA+S$RJKtLJ$i`kh;{*}2b-kRB%nVf$d;uJK?FqOcn7HjtO@7I!!*+j6ZfapCSb7t
zO&;l>OgF%_Llh;#zxFkxWCDS8B524N9Lzss-z;i)5FUg}EpBmUrKa3-s00WP4Vluu
zOcSz6o-!^+w&sqat2BkHOHb)z83e#KQ^82&2#T|ogLIi%yCMqFoLI3<g|=3Ri#!sH
ze_y;V$lXYoSx7fI*!Y8y2+Y{vUUVfRd(`1v$k3-Q%v0$Ep#~itM%}OA8_7BU`g0D~
zj1{+bqg>NK_h?fl*!c)PDifrbkqFXN77^RjWSlxz2Y&>>vkc-yR&6P;Cyw&^99hUo
zb3G9Sn`kq5GTv$hf@iAI;3ipqe(fC0!CVA7y_dw52Xksy@2M<dj_C>J9=A&G2tYLa
zupSR(qVctEwq;6JqKaSDNd#rLN!=?8lIVP8y^nz)sT6TYh;vdXBrUG$P)XtQhma3<
z62xSTRB&P1k``31d194r0V6R!p(I2RXl--7aPr#~5xFa1<IB*<!ry!Va5r{TiGTWL
zbA*lXGDxPHcft7rh}MB!F1Gqhm<tDxu{>zQWOzma{*p`Ey_C6qQa>})<{#wkoL*G)
z!Qtr@(v^h06<4`|vK4QzMFv`P&74RPLJ_$2hL;8r9Is<JKQvls)7cFo!AES4L^y$f
z;XNYB5PYsBfsr>{-7eefp|Mq32-jTTECqoi@W25g#x{*3Jy+i0c^zET34z_VIEXHV
qzAnZpjqr$rKJKu@vI&TH=ov?bmQ$LKvJO@bek512%U$Q7`2PTK?kzk3

literal 0
HcmV?d00001


From cc37cb518faeb9bd2bce4bec3c35bc3c077325db Mon Sep 17 00:00:00 2001
From: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
Date: Fri, 21 Oct 2022 15:11:46 +1100
Subject: [PATCH 08/13] Updates readme for aro standard

Signed-off-by: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
---
 README.md | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 6ce76d8..8a668db 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@ Created with the ***TechZone Accelerator Toolkit***
 Two different flavors of the reference architecture are provided with different levels of complexity, together with two distributions (OpenShift Installer Provisioned Infrastructure/IPI and Azure Redhat OpenShift/ARO).
 
 - QuickStart - minimum to get OpenShift with public endpoints running on basic VNet, subnets and load balancer. Best for non-production workloads.
-- Standard - a simple robust architecture that can support a production workload in a single VNet with a VPN+Private Endpoints and an OpenShift cluster
+- Standard - a simple robust architecture that can support a production workload in a single VNet with a VPN and an OpenShift cluster
 
 ## Reference architectures
 
@@ -17,7 +17,11 @@ This set of automation packages was generated using the open-source [`isacable`]
 
 ### Quick Start
 
-![QuickStart](1-quickstart/architecture.png)
+![QuickStart](1-quickstart/1-aro/architecture.png)
+
+### Standard
+
+![Standard](2-standard/1-aro/architecture.png)
 
 
 ## Automation
@@ -44,10 +48,11 @@ This set of automation packages was generated using the open-source [`isacable`]
 
 ### Planning
 
-1. Determine which flavor of reference architecture you will provision: Quick Start, Standard, or Advanced.
+1. Determine which flavor of reference architecture you will provision: Quick Start or Standard.
 2. View the README in the automation directory for detailed instructions for installation steps and required information:
     - [Quick Start - IPI](1-quickstart/2-ipi/)
     - [Quick Start - ARO](1-quickstart/1-aro/)
+    - [Standard - ARO](2-standard/1-aro/)
 
 ### Setup
 
@@ -91,7 +96,7 @@ This set of automation packages was generated using the open-source [`isacable`]
 From the **/workspace/current** directory, run the following:
 
 ```
-./apply-all.sh
+./apply-all.sh -a
 ```
 
 The script will run through each of the terraform layers in sequence to provision the entire infrastructure.

From fe2ac259900f897477e3227af5445f9c10d71ea1 Mon Sep 17 00:00:00 2001
From: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
Date: Fri, 21 Oct 2022 15:15:03 +1100
Subject: [PATCH 09/13] github action test

Signed-off-by: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
---
 .github/workflows/verify-workflow.yaml | 48 +++++++++++++++-----------
 1 file changed, 28 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/verify-workflow.yaml b/.github/workflows/verify-workflow.yaml
index ac03177..f3e65a4 100644
--- a/.github/workflows/verify-workflow.yaml
+++ b/.github/workflows/verify-workflow.yaml
@@ -42,11 +42,11 @@ jobs:
           #- quickstart
           - standard
         dist:
-          - aro
-          #- ipi
+          #- aro
+          - ipi
         storage:
-          - default
-          #- portworx
+          #- default
+          - portworx
         certificate:
           - acme
         region:
@@ -78,7 +78,7 @@ jobs:
           RANDOM_PREFIX=$(cat /dev/urandom | tr -dc '[:alpha:]' | tr '[:upper:]' '[:lower:]' | fold -w ${1:-5} | head -n 1)
           FLAVOR_CHAR=$(echo "${{ matrix.flavor }}" | fold -w ${1:-1} | head -n 1)
           STORAGE_CHAR=$(echo "${{ matrix.storage }}" | fold -w ${1:-1} | head -n 1)
-          echo "Building an ARO cluster"
+          echo "Building an ARO cluster in ${{ matrix.flavor }} architecture."
           ./setup-workspace.sh -f ${{ matrix.flavor }} -d ${{ matrix.dist }} -s ${{ matrix.storage }} -n "${FLAVOR_CHAR}${STORAGE_CHAR}-${RANDOM_PREFIX}" -r ${{ matrix.region }}
           cd ../workspaces/current
           
@@ -89,7 +89,7 @@ jobs:
           echo "*** End terraform.tfvars ***"
           echo ""
           
-          ./apply-all.sh -a
+          #./apply-all.sh -a
 
       - name: Terraform Apply (IPI) - ${{ matrix.flavor }},${{ matrix.storage }}
         if: matrix.dist == 'ipi'
@@ -100,23 +100,31 @@ jobs:
           RANDOM_PREFIX=$(cat /dev/urandom | tr -dc '[:alpha:]' | tr '[:upper:]' '[:lower:]' | fold -w ${1:-5} | head -n 1)
           FLAVOR_CHAR=$(echo "${{ matrix.flavor }}" | fold -w ${1:-1} | head -n 1)
           STORAGE_CHAR=$(echo "${{ matrix.storage }}" | fold -w ${1:-1} | head -n 1)
-          echo "Building an IPI cluster"
-          ./setup-workspace.sh -f ${{ matrix.flavor }} -d ${{ matrix.dist }} -c ${{ matrix.certificate }} -s ${{ matrix.storage }} -n "${FLAVOR_CHAR}${STORAGE_CHAR}-${RANDOM_PREFIX}" -r ${{ matrix.region }} -g "github.com"
-          cd ../workspaces/current
-          
-          echo ""
-          echo "*** Start terraform.tfvars ***"
-          cat cluster.tfvars
-          cat gitops.tfvars
-          echo "*** End terraform.tfvars ***"
-          echo ""
-          
-          ./apply-all.sh -a
+          if [[ "${matrix.flavor}" == "quickstart" ]]; then
+            echo "Building an IPI cluster in ${{ matrix.flavor }} architecture."
+            ./setup-workspace.sh -f ${{ matrix.flavor }} -d ${{ matrix.dist }} -c ${{ matrix.certificate }} -s ${{ matrix.storage }} -n "${FLAVOR_CHAR}${STORAGE_CHAR}-${RANDOM_PREFIX}" -r ${{ matrix.region }} -g "github.com"
+            cd ../workspaces/current
+            
+            echo ""
+            echo "*** Start terraform.tfvars ***"
+            cat cluster.tfvars
+            cat gitops.tfvars
+            echo "*** End terraform.tfvars ***"
+            echo ""
+
+            #./apply-all.sh -a
+          else
+            echo "Standard with IPI not currently supported"
+          fi
 
       - name: Terraform Destroy - ${{ matrix.flavor }},${{ matrix.storage }}
         if: ${{ always() }}
         run: |
-          cd ../workspaces/current
-          ./destroy-all.sh -a
+          if [[ -x ""../workspaces/current/destroy-all.sh" ]]; then
+            cd ../workspaces/current
+            #./destroy-all.sh -a
+          else
+           echo "Nothing to destroy"
+          fi
 
 

From 6d369018d717b0b8f1c74f051e3fc04947c57870 Mon Sep 17 00:00:00 2001
From: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
Date: Fri, 21 Oct 2022 15:17:40 +1100
Subject: [PATCH 10/13] Updated github action test

Signed-off-by: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
---
 .github/workflows/verify-workflow.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/verify-workflow.yaml b/.github/workflows/verify-workflow.yaml
index f3e65a4..fe02241 100644
--- a/.github/workflows/verify-workflow.yaml
+++ b/.github/workflows/verify-workflow.yaml
@@ -100,7 +100,7 @@ jobs:
           RANDOM_PREFIX=$(cat /dev/urandom | tr -dc '[:alpha:]' | tr '[:upper:]' '[:lower:]' | fold -w ${1:-5} | head -n 1)
           FLAVOR_CHAR=$(echo "${{ matrix.flavor }}" | fold -w ${1:-1} | head -n 1)
           STORAGE_CHAR=$(echo "${{ matrix.storage }}" | fold -w ${1:-1} | head -n 1)
-          if [[ "${matrix.flavor}" == "quickstart" ]]; then
+          if [[ ${{ matrix.flavor }} == "quickstart" ]]; then
             echo "Building an IPI cluster in ${{ matrix.flavor }} architecture."
             ./setup-workspace.sh -f ${{ matrix.flavor }} -d ${{ matrix.dist }} -c ${{ matrix.certificate }} -s ${{ matrix.storage }} -n "${FLAVOR_CHAR}${STORAGE_CHAR}-${RANDOM_PREFIX}" -r ${{ matrix.region }} -g "github.com"
             cd ../workspaces/current

From d969c22d7ba00cc811d07205c021425b250afa62 Mon Sep 17 00:00:00 2001
From: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
Date: Fri, 21 Oct 2022 15:18:53 +1100
Subject: [PATCH 11/13] Updated github action test

Signed-off-by: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
---
 .github/workflows/verify-workflow.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/verify-workflow.yaml b/.github/workflows/verify-workflow.yaml
index fe02241..64b04a2 100644
--- a/.github/workflows/verify-workflow.yaml
+++ b/.github/workflows/verify-workflow.yaml
@@ -120,9 +120,9 @@ jobs:
       - name: Terraform Destroy - ${{ matrix.flavor }},${{ matrix.storage }}
         if: ${{ always() }}
         run: |
-          if [[ -x ""../workspaces/current/destroy-all.sh" ]]; then
+          if [[ -x "../workspaces/current/destroy-all.sh" ]]; then
             cd ../workspaces/current
-            #./destroy-all.sh -a
+            ./destroy-all.sh -a
           else
            echo "Nothing to destroy"
           fi

From e6ae978927475b61b4db3615d1a137e539474c25 Mon Sep 17 00:00:00 2001
From: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
Date: Fri, 21 Oct 2022 15:22:45 +1100
Subject: [PATCH 12/13] Restores test cases

Signed-off-by: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
---
 .github/workflows/verify-workflow.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/verify-workflow.yaml b/.github/workflows/verify-workflow.yaml
index 64b04a2..6b69f88 100644
--- a/.github/workflows/verify-workflow.yaml
+++ b/.github/workflows/verify-workflow.yaml
@@ -39,10 +39,10 @@ jobs:
       max-parallel: 2
       matrix:
         flavor:
-          #- quickstart
+          - quickstart
           - standard
         dist:
-          #- aro
+          - aro
           - ipi
         storage:
           #- default
@@ -89,7 +89,7 @@ jobs:
           echo "*** End terraform.tfvars ***"
           echo ""
           
-          #./apply-all.sh -a
+          ./apply-all.sh -a
 
       - name: Terraform Apply (IPI) - ${{ matrix.flavor }},${{ matrix.storage }}
         if: matrix.dist == 'ipi'
@@ -112,7 +112,7 @@ jobs:
             echo "*** End terraform.tfvars ***"
             echo ""
 
-            #./apply-all.sh -a
+            ./apply-all.sh -a
           else
             echo "Standard with IPI not currently supported"
           fi

From 6755a7b8be8bf8edbfef707454d7c081ba0ba409 Mon Sep 17 00:00:00 2001
From: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
Date: Fri, 21 Oct 2022 18:07:14 +1100
Subject: [PATCH 13/13] Adds retry conditions

Signed-off-by: rich-ehrhardt <rich_ehrhardt@au1.ibm.com>
---
 1-quickstart/1-aro/terragrunt.hcl | 4 +++-
 1-quickstart/2-ipi/terragrunt.hcl | 4 +++-
 2-standard/1-aro/terragrunt.hcl   | 3 ++-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/1-quickstart/1-aro/terragrunt.hcl b/1-quickstart/1-aro/terragrunt.hcl
index aef2f8b..9d17c79 100644
--- a/1-quickstart/1-aro/terragrunt.hcl
+++ b/1-quickstart/1-aro/terragrunt.hcl
@@ -21,7 +21,9 @@ retryable_errors = [
   "(?s).*Error.*timed out waiting for the condition.*",
   "(?s).*Error.*Error logging in to.*",
   "(?s).*Error creating repo.*",
-  "(?s).*Error: Kubernetes cluster unreachable.*"
+  "(?s).*Error: Kubernetes cluster unreachable.*",
+  "(?s).x509: certificate signed by unknown authority.*",
+  "(?s).argocd-bootstrap.sh.*"
 ]
 
 retry_sleep_interval_sec = 60
diff --git a/1-quickstart/2-ipi/terragrunt.hcl b/1-quickstart/2-ipi/terragrunt.hcl
index 92fcaee..176dc4a 100644
--- a/1-quickstart/2-ipi/terragrunt.hcl
+++ b/1-quickstart/2-ipi/terragrunt.hcl
@@ -21,7 +21,9 @@ retryable_errors = [
   "(?s).*Error.*timed out waiting for the condition.*",
   "(?s).*Error.*Error logging in to.*",
   "(?s).*Error creating repo.*",
-  "(?s).*read: connection reset by peer.*"
+  "(?s).*read: connection reset by peer.*",
+  "(?s).x509: certificate signed by unknown authority.*",
+  "(?s).argocd-bootstrap.sh.*"
 ]
 
 retry_sleep_interval_sec = 60
diff --git a/2-standard/1-aro/terragrunt.hcl b/2-standard/1-aro/terragrunt.hcl
index dfb5d46..f53cfd5 100644
--- a/2-standard/1-aro/terragrunt.hcl
+++ b/2-standard/1-aro/terragrunt.hcl
@@ -28,7 +28,8 @@ retryable_errors = [
   "(?s).*Error.*Error logging in to.*",
   "(?s).*Error creating repo.*",
   "(?s).*Error: Kubernetes cluster unreachable.*",
-  "(?s).x509: certificate signed by unknown authority.*"
+  "(?s).x509: certificate signed by unknown authority.*",
+  "(?s).argocd-bootstrap.sh.*"
 ]
 
 retry_sleep_interval_sec = 60