From f6768f9844b7090e90d5a93ae6e287660a8950c3 Mon Sep 17 00:00:00 2001 From: Jon Huhn Date: Fri, 27 Jan 2023 15:26:24 -0600 Subject: [PATCH] add Azure Service Operator proposal --- .../20230123-azure-service-operator.md | 251 ++++++++++++++++++ docs/proposals/images/aso-delete.plantuml | 15 ++ docs/proposals/images/aso-delete.png | Bin 0 -> 20490 bytes docs/proposals/images/aso-reconcile.plantuml | 34 +++ docs/proposals/images/aso-reconcile.png | Bin 0 -> 66092 bytes 5 files changed, 300 insertions(+) create mode 100644 docs/proposals/20230123-azure-service-operator.md create mode 100644 docs/proposals/images/aso-delete.plantuml create mode 100644 docs/proposals/images/aso-delete.png create mode 100644 docs/proposals/images/aso-reconcile.plantuml create mode 100644 docs/proposals/images/aso-reconcile.png diff --git a/docs/proposals/20230123-azure-service-operator.md b/docs/proposals/20230123-azure-service-operator.md new file mode 100644 index 00000000000..b91cf31a188 --- /dev/null +++ b/docs/proposals/20230123-azure-service-operator.md @@ -0,0 +1,251 @@ +--- +title: Managing Azure Resources with Azure Service Operator +authors: + - "@nojnhuh" +reviewers: + - "@CecileRobertMichon" + - "@jackfrancis" + - "@matthchr" + - "@devigned" + - "@mboersma" +creation-date: 2023-01-23 +last-updated: 2023-02-21 +status: provisional +see-also: + - https://github.com/kubernetes-sigs/cluster-api-provider-azure/issues/416 + - "/docs/proposals/20210716-async-azure-resource-creation-deletion.md" +--- + +# Managing Azure Resources with Azure Service Operator + +## Table of Contents + +- [Managing Azure Resources with Azure Service Operator](#managing-azure-resources-with-azure-service-operator) + - [Table of Contents](#table-of-contents) + - [Glossary](#glossary) + - [Summary](#summary) + - [Motivation](#motivation) + - [Goals](#goals) + - [Non-Goals/Future Work](#non-goalsfuture-work) + - [Proposal](#proposal) + - [User Stories](#user-stories) + - [Story 1 - Users of new Azure features](#story-1---users-of-new-azure-features) + - [Story 2 - Developer experience](#story-2---developer-experience) + - [Implementation Details/Notes/Constraints](#implementation-detailsnotesconstraints) + - [Reconciliation](#reconciliation) + - [API Changes](#api-changes) + - [Installation](#installation) + - [Caveats](#caveats) + - [Security Model](#security-model) + - [Risks and Mitigations](#risks-and-mitigations) + - [Alternatives](#alternatives) + - [Adopt new SDK directly](#adopt-new-sdk-directly) + - [Crossplane](#crossplane) + - [Upgrade Strategy](#upgrade-strategy) + - [Additional Details](#additional-details) + - [Test Plan](#test-plan) + - [Graduation Criteria](#graduation-criteria) + - [Implementation History](#implementation-history) + +## Glossary + +- **Azure Service Operator (ASO)** - ([link](https://azure.github.io/azure-service-operator/)) a collection of Kubernetes CRDs and controllers which extend the Kubernetes API to manage Azure resources like virtual machines and resource groups. +- **Bring-your-own (BYO) resource** - an Azure resource participating in a Cluster API cluster but managed by the user. CAPI and CAPZ should not modify or delete this resource. + +## Summary + +This proposal describes how CAPZ could utilize Azure Service Operator (ASO) to create, read, update, and delete Azure resources via the Kubernetes API using custom resources defined and reconciled by ASO. + +## Motivation + +As a Cluster API infrastructure provider, CAPZ's functionality can be broadly divided into: +1. Translating Cluster API resource definitions into Azure infrastructure definitions +2. Interfacing with the Azure platform to manage creating, updating, and deleting that infrastructure + +Currently, CAPZ handles `2.` with Azure API calls, which requires ensuring dependencies between Azure resources are met and maintaining state to asynchronously handle long-running operations. Because ASO's primary objective is to handle `2.`, CAPZ's controller implementations could then interact with the Kubernetes API declaratively to manage Azure resources through ASO objects and let ASO handle the finer details of ensuring that desired state is achieved in Azure. By then primarily focusing on `1.`, CAPZ reduces its overall code maintenance burden and affirms ASO as the canonical way to manage Azure infrastructure from Kubernetes. + +In addition, the [Azure Go SDK](https://github.com/Azure/azure-sdk-for-go) has recently deprecated its set of APIs that CAPZ currently uses in favor of a new set of backwards-incompatible APIs. Because the deprecated Azure Go SDK APIs are no longer receiving updates to adopt new Azure API versions, CAPZ must adopt the new APIs to be able to expose the newest features in Azure to its users. Because ASO already uses the new APIs, adopting ASO in CAPZ accomplishes the goal of migrating off of the deprecated APIs. + +### Goals + +- Logically separate transformation of Cluster API resources to infrastructure definitions from reconciliation of that infrastructure in Azure +- Determine a method to migrate CAPZ's Azure service interfaces iteratively to use ASO without requiring any single major change affecting every interface +- Determine how ASO will be installed on Cluster API management clusters + +### Non-Goals/Future Work + +- Entirely eliminate direct usage of any Azure Go SDK +- Reconcile long-running Azure operations asynchronously by waiting for + Kubernetes watch events from changes to the `status` of ASO resources instead + of periodically checking if the operation is complete +- Reconcile different Azure resource types for the same workload cluster in parallel +- Allow users to interact with CAPZ-created ASO resources directly, out-of-band with CAPZ +- Adopt Azure Workload Identity to authenticate with Azure APIs +- Deprecate the `status.longRunningOperationStates` field on CAPZ resources + +## Proposal + +### User Stories + +#### Story 1 - Users of new Azure features + +As a CAPZ user I want to take advantage of the latest and greatest features in Azure only available in the newest Azure API versions in my clusters managed by CAPZ. This would allow me to adopt CAPZ for a wider range of use cases and continue evolving my CAPZ clusters alongside the Azure API. + +#### Story 2 - Developer experience + +As a CAPZ developer I would like to only need to interact with the Kubernetes API server using Custom Resource Definitions representing Azure resources rather than having to deal with the impedance of interacting with the Azure APIs. This would enable me to focus more on the core value of CAPZ, transforming Cluster API resource definitions to Azure resource definitions. + +### Implementation Details/Notes/Constraints + +#### Reconciliation + +To minimize impact initially, much of the existing pattern in `/azure/services` for interfacing with Azure services will be reused. The biggest change will involve a new wrapper adjacent to `/azure/services/async` such as `/azure/services/aso` which will handle functionality common to all ASO resources. The following diagram is based on the [async reconciliation diagram](./images/async-reconcile.png) and shows how resources will be reconciled with ASO: + +![Figure 1](./images/aso-reconcile.png) + +Similarly for the [async delete diagram](./images/async-delete.png), the following diagram shows how resources will be deleted with ASO: + +![Figure 2](./images/aso-delete.png) + +A proof-of-concept of the reconciliation flow has been implemented for Azure resource groups and is available here: https://github.com/nojnhuh/cluster-api-provider-azure/tree/aso/azure/services/asogroups + +##### BYO Resources + +BYO resources likely will not exist as ASO resources, so determining whether or not a given expected Azure resource exists becomes less straightforward using ASO. Initially, both BYO and CAPZ-managed resources will be created in ASO with ASO's `serviceoperator.azure.com/reconcile-policy: skip` label which tells ASO not to make any changes to the corresponding Azure resource, essentially assuming the resource is BYO. ASO will then perform a GET request against the Azure API to fill in the resource's `status`, which may indicate the resource does not exist with a status condition with a `reason: AzureResourceNotFound`. Then, if a future CAPZ reconciliation reveals the Azure resource does not exist, CAPZ will change its assumption and make ASO "adopt" the resource by setting `serviceoperator.azure.com/reconcile-policy: manage` to allow changes made to the ASO resource to be reflected in Azure. + +#### API Changes + +Integration with ASO will not require any updates to CAPZ resources and CAPZ's CRDs will not require any updates. The only potentially user-affecting change is that the `status.longRunningOperationStates` on CAPZ resources will no longer be populated. This field is currently set for CAPZ's internal use to inform the `status.conditions` of the resource. With ASO, a CAPZ resource's `status.conditions` will now be derived from ASO resources' `status.conditions`. + +#### Installation + +ASO is a self-contained component published independently of CAPZ. When CAPZ is relying on ASO for critical functionality, CAPZ's installation process should also automatically install ASO. + +When installing CAPZ with `clusterctl init`, the Kubernetes resources defined by CAPZ's `infrastructure-components.yaml` published on the corresponding release are installed. ASO can also be [installed with a YAML manifest](https://azure.github.io/azure-service-operator/introduction/installing-from-yaml/) published for each of its releases describing its components that can be incorporated with CAPZ's `infrastructure-components.yaml`. This method installs ASO in the `azureserviceoperator-system` namespace and expects a Secret named `aso-controller-settings` to exist with Service Principal credentials. The easiest and most flexible way to customize that manifest further would likely be to generate a manifest from ASO's Helm chart with any necessary values overridden. + +Other than integrating with CAPZ's `infrastructure-components.yaml`, the `capz-controller-manager` container itself could assume responsibility for installing ASO by using the Helm Go library to install the ASO chart when it starts. Installing ASO this way allows CAPZ to hook in additional logic, such as to check if ASO is already installed in the cluster or to verify ASO is healthy after it's installed, which would not be possible if a static manifest was embedded in `infrastructure-components.yaml`. However, installing ASO components from CAPZ itself would also require CAPZ to have additional RBAC permissions to create, update, and delete ASO's Deployment, Service, and other components which would not be required if the components were managed from `infrastructure-components.yaml`. + +For either method of installing the rest of ASO, ASO's CRDs will be installed from `infrastructure-components.yaml` to more easily facilitate `clusterctl move` and to keep the `capz-controller-manager` Pod from requiring RBAC permissions to create, update, and delete CRDs. + +In terms of specific options, ASO offers both [single- and multi-operator configurations](https://azure.github.io/azure-service-operator/introduction/multitenant-deployment/). The single-operator option is the default, and assumes a single ASO installation managing resources for the whole cluster. The multi-operator method allows several ASO installations to coexist, each monitoring resources in a unique set of namespaces to enable multitenancy. ASO's single-operator configuration also allows multitenancy with more tightly-scoped credentials. Overall, a single ASO installation will likely be the easier path forward since it's consistent with CAPZ's multitenancy model and doesn't involve managing ASO's CRDs and webhooks across multiple installations. + +The recommendation in this proposal is to install a single-operator, ["reduced permissions"](https://azure.github.io/azure-service-operator/design/adr-2023-02-helm-chart-size-limitations/#decision) configuration of ASO entirely from `infrastructure-components.yaml` to keep CAPZ from needing any new RBAC permissions to install ASO and to align with how CAPZ handles its existing dependency on AAD Pod Identity. + +#### `clusterctl move` + +`clusterctl move` is expected to work automatically following ASO's [documented best practices](https://azure.github.io/azure-service-operator/introduction/frequently-asked-questions/#what-is-the-best-practice-for-transferring-aso-resources-from-one-cluster-to-another) to move its resources pending a solution to this issue in Cluster API: https://github.com/kubernetes-sigs/cluster-api/issues/8473 + +### Security Model + +ASO requires credentials to interact with Azure which are documented here: https://azure.github.io/azure-service-operator/introduction/authentication/. Specifically, ASO needs the values of `$AZURE_CLIENT_ID`, `$AZURE_CLIENT_SECRET` or `$AZURE_CLIENT_CERTIFICATE`, `$AZURE_SUBSCRIPTION_ID`, and `$AZURE_TENANT_ID` for Service Principal authentication. These credentials must be defined in a Kubernetes Secret that either applies to all ASO resources in all namespaces, all ASO resources in a particular namespace, or individual ASO resources referring to the Secret in its `serviceoperator.azure.com/credential-from` annotation. ASO allows different credentials to be used for different resources to enable multitenancy, similar to CAPZ and its AzureClusterIdentity. To mediate between the two mechanisms, CAPZ will ensure a cluster's AzureClusterIdentity or default parameters from environment variables are reflected in a Secret to be used by ASO and ensure each ASO resource it manages is created with the annotation pointing to the Secret. + +Consumers of ASO's APIs (such as CAPZ) also need Kubernetes RBAC permissions to interact with ASO resources. For example, this ClusterRole snippet is required by CAPZ to manage resource groups with ASO: +```yaml +- apiGroups: + - resources.azure.com + resources: + - resourcegroups + - resourcegroups/status + verbs: + - get + - list + - watch + - create + - update + - delete +``` +The above permissions may overlap with ASO resources already installed by a user not intended to be managed by CAPZ. + +### Risks and Mitigations + +The most immediate risks with adopting ASO are regressions of various forms. Firstly, Azure API calls are core to CAPZ's functionality, so even small behavioral differences may cause issues preventing Azure resources from being reconciled as expected. Next, the modified reconciliation flow may cause operations against workload clusters to take longer to complete, in particular if it takes more reconciliations to perform a task. Finally, integration with ASO may introduce new or worsen existing bottlenecks limiting how many CAPZ resources can be managed. Scaling bottlenecks might be Azure API rate limits or management cluster Kubernetes API server load because of the increased number of CRDs and custom Kubernetes resources required to represent each individual Azure resource making up Cluster API clusters. These risks will be monitored closely as described in the [Test Plan](#test-plan). Any significant regressions found can be rolled back backwards-compatibly by reverting the relevant changes. + +Along those same lines, there is a risk that if a service is implemented both with the SDK and with ASO in different supported versions of CAPZ, then the fix for an issue affecting both versions will need to be implemented separately for each version. Such issues are not expected to be common given the implementation for each ASO service is expected to be mostly disjoint from its SDK-based implementation. When they do arise, however, the cost of the extra work required for a second implementation of a fix will be accepted since the risk will only be present for a few months at most as newer CAPZ releases push SDK-backed service implementations out of support. + +Another shorter-term risk is that although ASO v2 is [officially supported by Microsoft](https://azure.github.io/azure-service-operator/introduction/frequently-asked-questions/#what-is-the-support-model), it has not yet published a GA release. The remaining work to be completed before ASO v2's first GA release is being tracked here: https://github.com/Azure/azure-service-operator/milestone/20. + +Similarly, ASO does not currently support some Azure services used by CAPZ currently which are being tracked here: https://github.com/Azure/azure-service-operator/issues/2237. If a service is not yet implemented in ASO by the time CAPZ is ready for it, a track 2 SDK-backed implementation can be added instead. Additionally, some Azure services like Resource Health do not represent infrastructure and therefore don't closely align with ASO's model for creating, updating, and deleting resources. If those kinds of services are determined not to ever be a good fit for ASO, then SDK-backed implementations for those interfaces could be added as well. + +Further down the road, there is an apparent increased risk that CAPZ's lifespan may extend beyond that of its Azure interface when ASO is used instead of the API or SDK directly, as ASO has not yet been proven as a mission-critical interface to Azure to the same extent as Azure's REST API and Go SDK. + +Since ASO can be freely installed by users, there is also a risk that a CAPZ-installed ASO may conflict with a user-installed instance. Before CAPZ installs ASO, it should verify that ASO is already either not installed or installed and configured as expected by CAPZ. + +The difference between CAPZ's and ASO's metrics stories may also be considered a risk. CAPZ's metrics currently include traces that measure how long each step in a reconciliation takes, including all Azure API calls. Once those equivalent API calls are being done from ASO instead of CAPZ, CAPZ's metrics will lose that data. However, that lost data may no longer be meaningful to CAPZ since Azure API calls will be happening out-of-band with CAPZ reconciliations. ASO does measure how many Azure API calls are made and how long each takes and exposes those in the Prometheus format, along with other metrics as documented at https://azure.github.io/azure-service-operator/introduction/metrics/. However, users relying on the current structure of metrics will likely experience breaking changes. + +Dependency on ASO may also negatively impact the time between new features being available in Azure and CAPZ being able to take advantage of them. Although ASO can publish updated CRDs with new Azure API versions independently from the SDK, a few factors contribute to the likelihood of ASO lagging a bit behind the SDK: +- The Azure SDK's code generation pipeline is currently more mature than ASO's. +- The SDK ships one package at a time whereas ASO ships all resources together, which could result in scenarios where some resources may have updated API versions but are waiting on other unrelated resources to be updated so ASO can batch several updates into a single release. +- ASO provides some features not included in the SDK, like populating ConfigMaps and Secrets with credentials and other outputs from provisioning, and implementing those features is not automatic. +- Resource types generated for the SDK occasionally cannot be represented as Kubernetes types for ASO, like resources that are potentially infinitely recursive. + +This risk that newer features may not be available as quickly is mitigated by the historical precedent that CAPZ has not often been blocked on adding new features because no SDK includes the newest API versions yet. CAPZ's current cadence of adding new features to releases every two months also provides a buffer which means even if the SDK makes a new feature available before ASO, CAPZ's next feature release may not be scheduled until after the feature is available from both and implemented in CAPZ. + +## Alternatives + +### Adopt new SDK directly + +To shed its dependency on the deprecated Azure Go SDK, CAPZ could adopt the new Azure Go SDK and use it directly instead of transitively through ASO. The newer SDK's concepts like how Azure resources are defined and operated against map much more directly to those of the older SDK, so a transition to using the newer SDK directly is likely much more mechanical than a similar move to ASO. A simpler transition would not be as prone to many of the risks listed above, particularly the risk of introducing regressions. It would also likely take less time to complete, mitigating any risks and reducing maintenance costs associated with using both the old and new patterns at the same time in different service implementations. + +The new Go SDK also separates each Azure service (containerservice, network, etc.) into distinct Go modules, where each module version maps to a single Azure API version. Modules for stable APIs use semantic versions like "v1.0.0" while for preview APIs they have pre-release versions like "v1.0.0-beta.1" with the same major version as the stable API. This would make it difficult to use different API versions side-by-side, like a preview and stable version for https://github.com/kubernetes-sigs/cluster-api-provider-azure/issues/2625, since the Go toolchain likely will never natively support importing two different minor/patch versions of the same module: https://github.com/golang/go/issues/31578. ASO instead exposes multiple Azure API versions in each of its releases with different Kubernetes API versions of its types, so CAPZ can use a single version of ASO to gain access to several Azure API versions more easily than with the SDK directly. + +CAPZ is currently also experimenting with this approach and that effort is being tracked in this issue: https://github.com/kubernetes-sigs/cluster-api-provider-azure/issues/2670 + +### Crossplane + +Another alternative is [Crossplane](https://www.crossplane.io/), a CNCF project which is a set of Kubernetes controllers and Custom Resource Definitions like ASO that define and operate on resources for Azure and other cloud providers. A number of factors indicate that ASO may be a better fit for CAPZ: +- CRD definitions generated from the Azure Terraform provider maintained by + HashiCorp, which may not keep up with changes as fast as the Azure API swagger + specification from which ASO generates its definitions +- Still using the [deprecated Azure Go SDK](https://github.com/crossplane/crossplane/blob/08f11debb66cdf10ff0ddd14f1ee23aa9b4489b1/go.mod#L46-L55), no apparent plans to update +- [Open issue](https://github.com/upbound/provider-azure/issues/94) to support workload identity, which ASO already handles + +## Upgrade Strategy + +There are two main upgrade paths CAPZ needs to consider: the first between a version of CAPZ that does not use ASO to one that does, and the second between two versions of CAPZ that use different versions of ASO. + +During the initial adoption of ASO, CAPZ's ASO-based [reconciliation flow](#reconciliation) will automatically adopt resources previously managed by CAPZ. This would be based on the `sigs.k8s.io_cluster-api-provider-azure_cluster_*` tag for Azure resources types that are known to possibly have the tag. CAPZ currently reconciles some Azure resources that either do not have the tag or cannot have tags at all, so some custom logic will be necessary to fill the gap. Affected resource types include the following: +- Agent pools +- Disks +- Inbound NAT rules +- Managed clusters +- Role assignments +- Subnets +- VM extensions +- Virtual network peerings + +All of the resource types above are always assumed to be owned by CAPZ except for subnets, whose status is derived from its owning virtual network. + +After that, a CAPZ upgrade may include a bump in the API version used for some ASO resource types. ASO will handle those changes transparently from CAPZ's perspective with its own conversion webhooks. The limit on the size of Kubernetes resources will likely force ASO to remove certain API versions of resources in CRDs in the future. When a version is deprecated in ASO, CAPZ will have to upgrade its use of the resource to a newer API version. + +Separate from API version upgrades of resources, upgrades to ASO itself may be included in new versions of CAPZ. [ASO's documentation](https://azure.github.io/azure-service-operator/introduction/upgrading/) recommends upgrading using the same mechanism used to initially install. At the same time when CAPZ installs ASO, it will also upgrade an existing ASO it installed if necessary. + +## Additional Details + +### Test Plan + +Adoption of ASO to manage Azure infrastructure is at the core of CAPZ's functionality. As such, changes made to integrate ASO must be thoroughly tested. + +e2e tests will give the best indication if any regressions are introduced. Because no user-facing changes to CAPZ are expected as a result of integrating with ASO, all of the existing e2e tests will not need any changes to continue providing the same value they do already and do not need to compensate for the transition period where ASO is only partially integrated. New tests or additions to the test framework may include the following: +- a checkpoint when installing CAPZ in the framework that ASO is also installed and healthy +- upgrade tests from a version of CAPZ that does not use ASO to one that does, + verifying that CAPZ-managed and unmanaged Azure resources become correctly + reflected in ASO after the upgrade +- a test to verify when a CAPZ upgrade includes an upgrade of the ASO control plane +- a test to verify when a CAPZ upgrade includes a newer API version of an ASO resource + +To catch performance and scalability regressions, one-off tests against CAPZ instances managing many and/or large workload clusters will also be performed. Telemetry will be inspected to ensure the time it takes to reconcile a high volume of clusters and the overhead required in the management cluster to run ASO are still acceptable. + +Finally, unit tests will be added to cover tightly-scoped functional changes related to ASO adoption, like error handling. + +### Graduation Criteria + +ASO integration will not be kept behind a feature flag or matriculate through the usual alpha, beta, and stable phases. Instead, the transition will be made gradually so as to distribute potential impact over time. + +Each Azure service package, such as `virtualmachines` or `loadbalancers` can be transitioned separately from using the SDK to ASO. The transition for a package will be made in one atomic change, so the SDK- and ASO-based implementations will never exist side-by-side for a given service. However, there will be a period of time where the SDK and ASO are driving mutually exclusive sets of services at the same time, and that time span may include several releases of CAPZ. If significant regressions are found in a particular service implementation, that service (and others that rely on it) can be rolled back in isolation to the SDK-based implementation independently of unaffected services. + +Since the transition for each service is expected to take some time, it's worth considering which services to transition first. Because of how some ASO resource types reference each other, some ordering will be necessary. For example, a VirtualNetworksSubnet's `spec.owner` refers to the Kubernetes name of the owning ASO VirtualNetwork, so the `virtualnetworks` service would be implemented to use ASO before the same is done for `subnets`. When no ordering is otherwise necessary, the priority to implement each service will be based on new features which are blocked on newer Azure API versions available in ASO but not the SDK and also community involvement. + +## Implementation History + +- [ ] 01/23/2023: Document first created +- [ ] 02/21/2023: First complete draft of this document finished diff --git a/docs/proposals/images/aso-delete.plantuml b/docs/proposals/images/aso-delete.plantuml new file mode 100644 index 00000000000..a32fe0a5f63 --- /dev/null +++ b/docs/proposals/images/aso-delete.plantuml @@ -0,0 +1,15 @@ +@startuml +title Figure 2. Deleting Azure resources through ASO + +state deleteerr <> +state resourcenotfound <> + +[*] --> Delete +Delete : DELETE the resource from ASO +Delete --> deleteerr +deleteerr --> [*] : delete started\nsuccessfully, requeue +deleteerr --> resourcenotfound : an error occurred +resourcenotfound --> [*] : resource doesn't\nexist, delete done +resourcenotfound --> [*] : a different error\noccurred, requeue + +@enduml diff --git a/docs/proposals/images/aso-delete.png b/docs/proposals/images/aso-delete.png new file mode 100644 index 0000000000000000000000000000000000000000..51d4197acf297e15548e2dc70aef035623518b02 GIT binary patch literal 20490 zcmd43byyT$w>GROf*>IhlF}Ul(jlD^(!u}=(hMLeEiH{S(%pmf3$)O z?(z3L&v)MUob&&8U8BInj>VcoiQ3rA5wM&s74+e6^rG$tB& z=I9S39{gZ&meq4MwRdp0H8Xd|h>@Bs4JGG^=vx6`fmxJvaJ7*WDEvKnH z^x;z>3eZBkm6o3Kzn{N#8#MDi%{z8hby@;HXixV*q|Y$BEfI=2L==`qUrb1W{_uy2 zrgpfPt4@{0^i`-rX7kqLK@4X-%X(5Taj3Tx3vJ2_q! z*f)M0)%fCp-YEudoE5)!+WC)GbfxmooR_ub+RdvNwh~s@4_hlZ>c^ zjo-vm=iDOaj+v6tTQs#^u4CjB)rg7v?;YNn1yCeDk6DXryuMXX6Q}=j`QfBj(_^xM z!M4HSHmq8CzvG<4S8jSUPKI*7PoJrLN79=c<#jC9mY;N*e5Z+9F`97XW0rf#6Snj; zR839#XR~6H!7J~yBVyQ5lhRYCK$_D3+;j%LJVjjFF z;z#@YkA)oHMq5NY<~I3NprWmHkQYFgn3Hg zCI?NJ6;gbYn2_Lo^iw`QQ?stcdX%-KUhDQ`Q#Z%{O7|lY5)vN$ahTzxFQtfUM9x^L zF4rdG*WaDwHsi2-)!T!)aMvBOow11txFK$)D&Db-^VR{w|s) zSfN+Bw3=jG@TJ0_9+saUbVK^7wcH3U&xHZ*EkH(yX5qGbx z@_Hk$-?CVro0`16yhINxf`jkb+uJwbZWuE%GS(a%j~ff{^Vc=q7U1JMJ3DJSo%3|& zv>eo`hr{9gV>(v$5f*fdB~H`1t(urvn+0+g+jC7K(63HN-0@!)?gSjg zbmzP7&6Q)c5ruc$!N83doj+Xb*HnWaA_pyWgk3ge$T#j@9#{A#K-G?PbPNsqk<9Cc zQ9WQQd~L#g&chQcwAv>v&KEzEFnqvz->uajJ(i*6>crsMLWc9^68XHiFIzgq-{0Rd z2qvB1#-L((Ls(j0ny;MHgTr-Zw$vV4b@N%&oyUgsI4UYb++|Y>!Byf4)h6Q9{nzk~ z{~11g+;As!y6z?Vig>yZr=JA%Ma2`}%TLz~DY#qhk6|-^V6Uo!$2i#8ea<(SJSwtU zq(gAE)!+g5aD;s>1sP)dI=_eD{gQKXI{fnGDHd%Lk%fgt%gyyg&8IoMGYWK~+_sF2 zj2#9@=K|PbYsS*uhQ<0u@8ELLR4Vod@sGU0xjJ&_OXj{D{K&3Fs;Q}|WWDZRNJYv( z8SnnirHX)nVEsHVZ5^5EJ9f>YW3TJ%T+e~NeK#kzmXkqrkYi{a6sxcB)`%kEqgTjOC*kJ35GjwW89aubz)()ONup`zHL zoUE*3Vzx{yzqz@&lHFI2V^-dUoFjanKZ_W#XbE|mqegA{RJ2eF5o0fFW(1pdFB>ii zTVq%l)|wp_SV3Z6UtiY!`j)Fm_w}_kIlPUMI1Uzq&~=WG>x)rcW3eR7vN>4t@5Wcv z=Fr&&K03PPjbDW?NX?T!;u;@>%12RTN9M{!TKE2ZX_3b7b2{r*6_WMe7uV?Gg|f0~ zFpr+u%k;^>Bu;}VsiZI41Kqu`jj2j*rTagQ z-SvXL=#|me_wRrkjW_$HsZ*|>|Ll8{6EaHmEqwES(%5Qe5+z}w1REdEw9zPBGSV?@ zAYCNR!PLZL>U5uume#VdwwCXPObJ%1Z}fY0Hj$UMBk5V_1ha zCDdWP7j`Z@;_d3<;(a`-YqcDB{}G%}8qbQ(s&Yr3Nf&NCUdQ3avR{lk^2V5#LEl@v zl{6rb7wGr!sLBLP;a=Bl(*ap7#f7I^=lwzU&1b=9 zcNZ@9TI}b)SCp4ia+}g>YBR9GE*lXpmwOK z4Hum*ByZdOW${=c3d@6Tt&OErH1p^d5s^p zXQ#BZG(0Q}9Ls*>3~%9NUth%MG6nh^0WS|O4i=W|yNRyM^(NpbM?mo?g-47+=7)wP zCMozNCode%M${d3y?QiTf_vzhn3Qp+i${#k(jFGyJ3Z*-(#%{~>raiH-k^cz`Eujb zeEAZyfhi&^+_NiVQ>eFNsFEpu)gJoDnVpZ1@8WdNVvpplIOFDQqd>aJZ{EwRtCYdA ziRjP~kp{y?*Poq9Mjlpsb4__nC3uL?v!NF|Q$0ay|KHRV!PJoxm8LA}Nt}i`3K~OI z)zvBSiEn#$yM~8j&%SUnFa%MF`&|B6>5hAGb-X4%)9ALR(fG-0Fq@Hq4^5@J;O*@b zSNwdgt{Kd>mX>a9y{hnbr3H9tZAr2q$iU!AsOeAARHAc@Lb981@CU-ksl@EQD34$9vctYsW?fN~WyZkSuFRy1 zxbb-I{>;U&Qa%XB+Z@%gn}216S{~QX;NgGGvnNoe!bqhyUszL=rG)TN@r6Y4?bZHN zf#}EFOC1&uo`^%3)-)`!=Y1|X4io>deIvbX=|fp_CMK{rkiv@uRu~-}t+$^qxXeVT z=x?0L-5S7@I1F$YrSOdjjP>dk$Nc*Ve7g&W%Rj%t!r)K{#-s-XAR!pHEbeBVNy0(G zM-91k>w^P84sGb*uSEbz0J|`!qp@D1)9W?s2sH7zJy!%$Z7f9UR zy?aMWN?PXhP!5bSi^9##jc#;(9_dDE)J@!{OvaHO+rCIK|+$0p3XrK`t%EG`h=Bcy~K1bXPc!JXlQ76(Il0W zu;Nx|GeDak9x*X7)dn@1_mhDz#n?@R6+}ct^pOdSe(0mac)5Xm8x9s$SVTnMk01D< zGXK2rBc|&~6;ZEdRQ!rJ=!Vee5RQ8h6!8L5WW+s%U5N&^8?`9@M}kL?NK zw6wJJ-zT!rY{tr7O2etBsPH*KKk7Jq%~Li|s7f6X=G{L-4G$0`0oxx+&yHh|;l9HUvTw5L#gr1Oh#7|EjSQE}Aj#|uwhoLfW-n;?HfsTVg zoBR{+_LaH_=;RTx@eaz~tP*D|X2rnDBCgxXAnJp&W8|^H;P-O^{Gs>imG?n66Ur@h zLKUkbpxo{_sQxg9&17ZKmm$NfMU|fT#`ahxQZ3*XGsJU)B{XDchX7~hI4CBS_!Ih(tK^e`v2%$k` z${*mu$p)$7fZCUN1mfSuB>CXFJkqZH^Qw@0z${R?4o9G_+pw1MpL4Bf*7NGXcKch( z3Pj(k78(Es{fvU9h-4w&aDkWK7t~89$W6DO+3DrW z_k>~`q#Gl!ec#cpA~3PR94&qIKYv!NdTU@VbiIbweixX;GR(i$^YOIYQSy6f2ejKL zhw?e6a`UBSJ)R=`Wz!DxqO1g1uqnTW9#8Ev2De{_UlceB8NC?SpYfko-%t~3VDlw= zyd#29Vv_7Hy*ryV+57g$G%?tfvMWlD#ClHAwyw;)gL%R z@Agif2L2qnn|NYKl~9m3$&qh++P9f*QVDNpXlQPxBB2bl$r^#MFikV+dta`csC~IZ ztirBF?%VBRBt0O8aI~?qvI57f278f=w%-M(JC`E&V)D)7+u;QyorrGomhQnpl2DoW zoi+qM?9Iz1rYxHUSB6--c^Zst0SAD7XI1G!q^a7^t4XMu;U# z`_jdQ4-JEntCiLENb$0$*bU7wMBFSs@!7Zhm1%o@ zd7=|v`2n+g#LV3Q*uq(9W^j9Fk3^-f+h4#Ox`P=RXH#4}FYp4}p3g8_vT z!I{aUq)fITRSt8}sO%Sy&BdbqgsICA2v#G;p}OjF-W{o8K0EOzC@kzzSY~fw#Bl6A zwi)$k!`ruS`}z3+*I%fb&dR~jp?!Z*3LZ>5Q&3=Bph8~neepacWVtIE5I0RrNLJ=w zwKgPEG#BcUikKu|JTwsLhj!8dU%rY8iFz>!y*#M<632vhvhk~T-nUdQ%}CQJm}(%+ zitZSKZf4}`t*$ZLytZZ>pBM-}2^!#w=Mq=9@cn^bJz33kwg25WulY|*hR^$hl~d27 zr`+5ds%*u@A#bZqVLT5XidQu87bzzV*uH_q;&XzTNx}8LNWfA4wi4w$gB&Vf`+;_E zEt>q7AE1{Ge{}HT?Z9w!;0|F%FCS(qMqXD{;MMxD>(wCCOKpf?jRGi3VKK~$rb^t! zPDIuOavETO4(`P*GQNG8%XMasoOQlU%svGv8m0LjP3J_e>V}JLgJ&va3FAyc_w}) zZJH$^Xh=vv=dc*K`-S}GfMm<}YRf($foW^gM^){4-?faaPxC^8u18nrxtLe7B5}d7 zzrQ-LB)TUM9$t+#O?ZdhD+iOzQV4iWP)Y=kMrli-*o?cSCE>TJ7f6M;77RuOIRk4 z!|Rs){q&WJt?@_CubernKRH|3-?a9pD%QNnxV&EL&txHjt=IsF{M;7WrLM413o(5D zvUmV;tgD{S)vTvLy1w{5wL6uQGd%hDbnYT<`+DQ4VppH)`N>X)zUNZ=Ph%fM^0~0a z>c-AuXC(azO?k`76gA59P@>)CE+GK#tdh7P=qFmH4^B^Z;`%(G(7I4XH}iCl_9RYO z?yZrB1uI&+Fqxd?ZE0AcIuG3Qw1uIzEh3+oNcQPgyiUvSV1&k^QgdSd>T7;dUH#i2 zF_%<2JuSwsN zDWyzuxS(qh?3Vxern6`_e+T6?{6Rz`^Iq-7?;zb}t2i3_%?&xBNvQ{Cwg!J>xuC_- zjX{X2=Q!Tj=YBT*=i#O|--9WhUvpG{sySHcw$I5X8sotVWINN3Rr@=x)hQ<31o+sb z+1iU#(=O4J<1FgISJjLPOnGh^EXNtoHkwX)94aU#W?5&X<-x*^s}~W?7RdSb`(~mg zxw|90E`P5eIU(j>H8!Z`JbIU=YVRh@l>cGLtNZh3791s_!niykrJ6~#6NIC$W4&!~ zsdak(NjKAm4m(82wD=L-Vi&IO~x7|a%DEzjJH?@Y0MrSeUBHsIc>4p z-R)&krRXQjVwAL?=d?Th9+E=%L_g`Pcg&!p<7MoSfI09Rus5H$uQEe*oZiZ76^AG% zX4l9bxIRHQg|p7;mv%npRBRnNV&ME#iI$MG>S zJMo?xo9DZYI)$o~CKuaaAHVta3`}&*yi~k7eo}j2`aP8}E&k zvt30-9&2{jx!j0RPL1k+S-+7)&EaK(0Oa+vlU9VD*Cb*1SYl4aSA7fzwgK6kS|zZnICl%9y!k$w`7v2zCuwfEWTkT(kQ0cyIT9?jjnyzFrlH@6YphlhsE$ z)cAicE-=v1W##0|-@g4QLko$Uo@2mqT zJ9hbgettfHQE&npNI+I|bMsSX&h3u-Z@8uiJ+2BjLh(O;8$Jml)99|BmpM+CvPbrL zzb=E`$&lP)VPT1%)6vpWr)y8Z1d%V^7&1WEsp6RPBCsZv|K_mj`}~|LR&yNVH-Fju zRUNN|ggcGA$a1W`H@`klME%JeqMTQnOr(5)j}-(GjSY@K8wW+09(zH?tXha~MDlOM zLcU^o5*9K0CTF(y&RyPgX|XH4(bzXB?+gey%ey){%q%Q4<8p&Tj)>d%Ajn}eiQopR)4Rl><0+hQ;J z&!@2wgdQ9o^78N$&65xlcfMtgPrd6uPqRpi>6K+J9U1Z&pO4;Jb)=}s>gAmPC=Fyk z)d}!^U^$buPDhG0M{Y+%MHS4@Ke$xgDh&UCF=AWvTm4Z^a65h7NKKJnYaKpkOogG6 zB4E{61ccCiLIT67_x(QO@KISysdEHkzqd;A@O3U$7x+T>uQBqGTZ@haX6XYU$A=om zKk)Sb$B^>x(EbBY|BX!n5c?0*{eN*TfPVjhy8i`ypDUEF*P$&cUHygD$B1?Jn)6r% zm_tVjx*0|;J}p4EL*fAbM02OM3MUb9PA1j~=!i*u1YJoqeiEKzX_(jQL_|1r*DZGP zBTDP&1W{;K3=#KPIU|xgRdpagL1+3TnSTB9HbV>MU+TcZ#3-HAj>j)exh?Wp?IY)N zYG@D1zwjr_hlFx!QaDV@<{5uYFMOYbNh2ftAJ|%$Uz|d(TxXWJY|kn20`&i(fLX6G zq!KC<9V&2_2_GK}HH(F;lq$&eA|{Z0bUKQ_=6>uWnaC z;}?nT@g$g0?c5VWZYtMBdb^Naar}NnO$}xs5l|Wf3Afp_X_DR zpeTeaoM}Lge7?b(@|hFKIww6oKK@9A0?-!Vd9kbC$fNl(ocS;r+Dg3#D4OfTNj=Bb z%+X|NQJ-Rcg|f2p;@?&tf_JN2tn;#_EN$ZarNdMvb=nYY|GfHYy6rD_=2;iy1Tx$Y zC$`vs-$R6tP9MYe%a(Gq8Zg9JB2vY=)Jplzy0m>VRY}Fkr;ue z`E`Rs+UA=hB%x?5^zQJ0xR^Ka6W760X-S-OcrWl-qBZ;^I@T@blRK5K71 zyw8A~J^d+tlGLLRRc|-*;&X#iu~W*Yz@huf=sHiZjc%Anenr2tQ&7OXFTl*q%)`S& zM|THBvpj_icBY8XM>~E6dw5L=VM`ioDl02{&E@`EQ-|4sQ^fAV!2DvB*l*))YrGnI z$kitlar5{H?x!)Rgr&<)oRpYoZeiY`V#GO)7_KwJd_dgy?%~&G8_97Zov2AZ2={oW zy)n0+x2R0Oj$}Dz_eJ*9@9gE)OHO-9v728BdP(~GepF}9JE{XTDH2Trp7q^PK#a@t zcQBw}&Xu<|e|-Lq2!mcsi@ouae91NzlB(M6czR*KN|{#=_8esl;7~f|{Ne{Sbd(WL z)6rahh95iwD%CD;o0a7}R%>?l+!l!QEea!Uo|$d)T&M7X%{+8R!P+7T8on#QH$Hjc zWB0BRN9l*409aoFwpR%*FvxV(yc_kNW;x&uI)u=`2Rus-lzEUaa5zE8bs*Q&&mV|% zJ$}0@@jAV9qOOmsgex>wUPyyst3zAR7!1p!J6-F|=W?g79ccv5C7lcd){NHikmeR~ z8n2L4p7%2M4(guqk(5oUXqUejXbrssx*%6DsyE?bw#btujQQsCMlx4HNC5D>PoECm zkk&}yo%N+T0J{L1hUZK30lIP~r{_3JMYp&{?M$bhqAQ z-FvCyGu5i{DEA4vt%e^Y>xiuhvNk6u^X>S&F6h+Zjp17_fUrw za8=2|Q;31NV7e@e=R3=)#hl$FIDjCPP@ZEs!HwWf&Au{dcJ_0EH7kBk8quDURz|Hj zJ2;vJ(~WtP!oR{=@A=Ky6OkihcQ_A1gK5&Jgp6#P!ts~!^bPy6em<1hS$JN9J_ih8(0cLi#7oXJt1T)lnLYlPT`)alCo_yXy(4;ONj|;8K9H zO;KfKWo@m?o9wiC1>f_d4P9ezvo~*kf=c3QZ_@bKSk)kiT6_Wmdn3hh+uzU6&qqsj zQ&UoK9zXq{vz|R;q1bjDUrlFE-m%F{kFGSby0-zvw#RE0;Ro3M3@oQ$mb&k{Bk z*(h?WqD6;#29UfAi1#4@4t_MTc6+qP<-b1B$rt43i@6`HEPfB+Xcnj^O|Fv~HaNeuWmf#rCPx4yQYjoW!^5;^knWJq&Q4Gh>k|g<2hl;l z=n=N!iU>Nx)Rojm;HsC1hXpC8xjKBuBl)M*w_Kh|W1waQ=$`qRnHQ86ijP=`b`9*C z7zjdFYIuVNwPO|?N7J@gz6ayPshF?Y(aUON43ufE4IDm2;Ks13Lm+)+Bt%3kL_oTT zi~fWIzYRTDO0z%iV@BNDu19@+eE>3TZEaN;H3|D(dnE*JA(0mL_G+6}mX>gb#WtWg z`6KEE8sGlF&M;0cV5h|jffc@Ycb}Y^(&%Rhv01gFc3W$6X8Djz1+nTy){-o9YZ61vOSp_>j3t$ zl3Ha|)#hB&#m9$qCZ?umqDkiq#y)4OAAonC7SPS&fE7OD=Z6`$%+1Vvb=#W*xC@J4 zV*pi%bKf1xmd2wH{PuU+bD3%B=~g#a7pL<@ zz^L;rDC(vv0?*F8z37iSP@eqYg+V^H79(;&z?%j#)XMVv(F$T)hQiqogf@^K{cTMT zYizq2^enjkBh~n13FqS-&>lOW>rL0yQf=$PPXRL`m5DfD*&s#w0+sM!GRdn!-5@c+_1aF&!@WuqB}20r@Wpo*iylgxlXm zB}YRje+p(o_~ITOH6$xZ%b0*cp92go5@KOLBaF7_AJsW~^!1s6MZ4rUJkubJ+na9* zIA}}~%K%WW5$9|P7Xf7FL>mhApn z%T4%~{-^<9ekyQ{)Q$$9WOR?u6|BAmoVVZHBYW;b5INornQ?khi6J*pQJ7L_`x=<3vsqj2z8sbWhkS7ad}7eD%tPi%vs-c+ zgw?*mb`3J3tDa|p3IZS}*lX(yK&|P~gLmeVV9nSr+EPM5bOI$U{!vlI_ohZ5!TlIL zkimEPnG3uv)?`lt6mjz&mbc&_sgQLN?5fM{*5?l;L9RdChIPs76uF`D*#uA_1eNxjlLwnCTE{7vz zuyHQ{a6MTSBjKgA9;#S7!cn%Vug@N)mG-KW$cX$}t}}%1FmN58ebtgA}zG8J186Fzi z?;tS-8VieWA8rFr%~zUHsFvvibWuPS0vJ@IW-oUrv^+j_h4^W##BU#ZMHLlqAU}(Y zj0AdCk3aiw5Ep=e0ijcTv|6{q2q+0F_1Mj~mbbQS?Cj=>HJPp}23$bRU?>a9Qg3G4 zD=c8+v-N)0eec7j1<>=+=?F_zx@9q%;~wtsf2pr;aoN&wcRvGaoma=(Q?&qU?M~I& z;8BS>I6FH#ImHpchS9>p6?q&MzJ2_NX>BWDH}mJ{m)h#C#mbLQpnRwXqT8SS?C|jL zxVT3KwgYKGK*_+`Bs>nZ1`+`BrhA?*4;t{!|Amx2bPEv5MNkxDY+kYk6beTEU)Yo~JHJ?HW};v=l(Gz(Q@@epC%?($Yv ziV6x(d3oa+pOjdmq(;e_bbSbmCMfMb0<=wU1CB_xb{`+KQlq_q$Y zMFnH@%;JTDT;wy^BFKu6gPDU2kc@w}#Cu!-$6X#(K{I*>PG*_XHGzEt3lMn)zOQ0V%BszJ)<&#WAb-O_0+A8BeJsEhH?f*2Ty@ZFFNHDrQ#U=$DJ*)m6ID7Pvh4>H~V zfd{zoQv8y3`sK?5l+WWF{_liq}H(JAZ2RP|1Zkm^vv_)U#c6yEu?^t47GVqkfO~IVz8a&@K>(Q$ z*$0s0Rf3~IhbeZ-;f$6er_J=xkh-75H^HQ=nHz^8cI`% zexjb+6WshLkUpE0{U-xh+{_HPGqc@uuzP;2w7J7`Z&Ucnm%2=hDK`Qnq z9E1h3_oxM_8ZnjYs?RBTs8Fpclr(+$O}(ts5LWZ9d~7_9_RzOGJhMv5&k120PJ>SA zm(mtI7$3YX{qH2Z3S{L#3c)(@gD*3CCP`BtBcn}4RrUH;=C#bV3I8zcYf}>u(~nq9 zo)TdUI^FX3s)EHeqJgDifJZ1=Hr}R8ZhC*`RRRo$#}<$X;Lw1i1c0I`F?(%AI8a%D zLm(Db$chSNmhjiyazTmcK!*S8{N29u%of673F)Zr1wCQ z|j}jH+%<84UzMkI_7C3JN+bl%!9xS8M~>9R(cwEtpSN60+`3WiF50AsfYdGtE#?g$;M+C+{_>?vl(zhJzg-n8f)9vGz|P^B+yZM~ z`+Q&+9obfQj@Hx|jz*B|Qp|#*$Zcx}#9G}Yeu2!XeLb^9@A+kmlj0g*YN$buKN)7H zM^Fek0w4sU*rmOrI>Z8oTG5W$C)&NzaBFasAqmEg#|rE$e52+J8+;A(Bj6y=Lxy43 zKHoLQ5LR_jeQw=9zI-V+!qnZ34+iC{`34t|7Vp&BjGGT;^p~{u_V$jAootSl#(uB; z_heV>;%jJhy;m4hN9NWS0cazHYwyYdPGqHoXxv8&*s_El(^E`vBdwH+G!enJ)rWQp zP9exU8u-PBI0wYyoO#MF-mf*jUC|+6TZT;NbOo`wDM|O}m6w;NOoKft_^l+nvhv;4 z`7tmih|ed-$J$>$*@#OcxR~5>^KcNGbh_}x#l?7MaGRmhpsK1$!Br`!^dD1CMVGA7 zKxCikh?Tq;V3~3hG(F!0d>Ug&)4F>+|7HiiBzd|)dvovx70<`JP zjuwBX?{Nw|IhX=J|n zXCXI^)h~cx0oZSS@oHvit>K<@vxj|Wrnu1R;n?pPi-CMXIzU!FeHwE;ER1T-{zVtE z;-z#DSZM?T@!5w6Q@47imxcWVw-4}IIY|0g_Fp8LqR0=~lDE6BQ@iXlv&}4+7#UGQ zyr7_;#`+;pl+c2el=C&uB(R2p4hzUKi^F?-f*A?1KxGB!Qe=ItDCj!m-@#kwSHueXBXDSN;%ci9XekVmY~U z#P=3A@sF2SmD&Li0J=4hX1fF7o3_t=Rio)Q&B@V%>kq++)MZ3cl`?i-jN&(Ehzd@@?`c!5S@Q)zi z2v&bfKf{km3-{9br9OUJa*S(zbA7^CIK+W(0IUfh(SBYPXt))(tL+0WOEtn3|8b-& zzC+IkNzD4R@wuP<5yn>IV}rtYK7rXjW%yptRWi0Onl+4m^~cpoV7P$5 zhEFQDeCsRmxO-SD0WrD90a3D56M-|}7$1PFBzr^zY=|bJI6uL4bkHY?b;J#3gIM1N z%d;lzxooJb*1Emy5jfOc>TEB#^!g);3NtsCqDIpCgUE^ovI+S2Vf-KiE|^lin-C!K z=FNuO0JETDOhAL%fVcaNPkmA6KO}8Et@Ew@>D%WZVW(az;}%4zE@@SEfJO270J@C> zkQd?>3@-lEJ+9eNKw0pP+H4`9`3yahrCL7#(PiYi5ZE*y-n-E6n{ohU;s+M42MTaL z-JT5`;(3-phgK(=pVl-!J#*@T%9JT!O#yD9)u4>%ERi3v0Wh3m6EckcQSfn?!yvmu zA^Iu3v*><+xkoGDE;%pm(&65tnW+kRX;nAy1=J=put!=Vp4FC;=+Y2U8pB6c0So-I z(mp}}6gnmzRnRQ<1V0lI@tpYbrq8w8C5y1ocVxWnkrj^diCy8eJm5aZ+H zy|85!E$%+PkGI7F@a;gj271jX-+g@8nlvjy7W?7))3*M!Mq;;S@<4~wEwY>o6>o@- zu2nB^>HlzvkHozG2eOf;Lqk&&G`E>g%%wD6Xc>TuehZ zJgx_d+(B7MX>Bl5Z4m^z@vbMn?8M<`AzCLz`Ly4N3^I0<>}rTG zQjly)Vp>Bw4B@q&D9z=a`8&@r7w7QP1a}rXnG%x!5|HSJ4nQyF>go#q_uOCb%gxPA zowoOUEa>oBM&>TxFF=HOoo^KO$qna&dwOTQjA|KQ-4D(4+Y-Du{+&SacyQ?I>UI#t zw158|U~~#7vc9dV3uH;O5{9g2s)!pXMC7o!0}c#?>+#hG^|Um~8?UIqB};w%sW>Jz zDsiv%rKP2nmG1=hP(+R_ty={j?`BbcyrLi4TNfh#UdG$av$csJGjqnQe zygGL|$xcWZ1x#O|-YmBzZRGdt`uh44AtOr+BF;bq zXI_U~U46+o46q~6ATcm9@{kvk>-_^X#Q?R~Js#`TFpQ-@d)%;njo8c`mVBpe_^#u{JT_mV}AR4Mt}{rcC1)T3Zp$o2f6c4T$Rn1Ozk%Ah2GzREZWGQn@+_gXfe}|0vm2%AeB{DX0hjYuF4^ zfHcryZPD|wbf*IP@NIls+& zH9=QTU?a$3qlq36=*`U;QeuF`MT9M46>BUyb|hLfE``tnP6Ji%cF>_AyrS%cf2xJmoRi3vUP3lvICLC=TnHDB22>yu6MT>$TZ0m^X`oaAQs zV`F1|g*Tweus~o3&hz>4R)2qgaXp}qOW|m-F(QC;-FWpc(zVgx?=e*hYP1>W1b~K; zRBwT925j|TZ(O&=px~}BAqIjE`9F>G5%M9>wO|V~miSoStC5Jx#TYgKgscRpWD*Ix z16LmaLOy=;++V>grkRF9fpbV=!5VOU2MEeX&djJF@Vd=ZdLak-6Pp~57FSpb1bMC0 zgpUEO_me!H0l|W>h*|Kk8tXpPJ7c}~F^r~fz4Jv-4|2_I=x3lZs+62*P?nm61>~i! zqNsub?Km41Yc=yG{#U>z+W`3UAR5Y#a z?yCA)8J2K3s+j*M^!aBh(H4M#`ZFTgTEpmQfxB|3KSjbh{_;oq9nD?2j5zCqG`CM| zQ&@r1iL;K{85V#00DOd|`5g>Nc=^yMvj}>XKMOt!Zw`m8fMylPK}uf?HW+^Vz*Lu$ z{&STVn?GDsz|hOzff}scUe3aQvlD9k+G4METpWAphCv~&HLo7zH-P=__IcmK*J>y! z>4!kLYiW&?Ry2F8_7EXdG_850Gn|MV`>zX~OT=Jk8Wp9Xij)YLqIg9<-$VtWBW2Kx z(9>1B6`^9rL3a{FPPqgeI?18Cia5!&c1MVEwkV7JD7hrS#B93?fLQDSjyTp}Mb$yq zz(52XuS}ow(6Qy^W%+2TD{#HMn@w`}ZE)4E_2Oq2nZv~=a4dx;7$c+03IR^$_;9lW zB1&qPBH2;kAWbU{`86E!bIqCtI`g02P$i<%5*morW{0-M-gieP_{GKi&GoF?e5IL} zw|5ekF{eAjkMuruYqBPAh5zJx{*5L^6fmG_ZI`yhrVAf;ajrjJRYG&(Nl>o~p(FBJ zeB&o%-e*yy;Yt|4F1FP&*kyw#{MoDF`V`BJQ38JOPknVnYB?F)+ukzCLI^ugw!2aN=@_^IK%nWZ7)Xq{=;-RZGDmywh^*lN2=*S^HTtTyHnU!^jpk*X5DU8bj4O92?!N+Gk zPKz^9fqyxFN|ZRjcS*GbA5?J8(2#(_#sPH^O{mWBYJmE!QMsyxnJAfv$p<}O@iA2B zPL)${wQ08^P^@`+vvfM-0gE-6#tvX-KHdT1?RJ3N8*~mKu1h3x$De^KF)3k<)JRDS z*szi?2)fv+&J?FxjCI{BK+=5lQ2JcXtD3n6Zd;A!{s+`NRNFVhVZw|B}TQQiCQf302M;x zy8AOwGXsJLcNwzXgr5)BzYZx%QcMlUnUe80zrXLS0Jq(upVoK+WB`5yb3lCg@!ARF zaJ)zblx|A;dm=VUe?KH0l3lC>Y6A*%H3RzL}iVx1!|#1Q4Gh*ccpy5;Aw3B^ImHgAKs0n6v{>`B!QqjiBFP(5UJ! z<`1!BS#CUQ(@jS{#ItU!osZsXr-JGaP}!iWcIgkDy%v=KUW&LYNpdT{39y}MPRIEX z52^!;+Cg?dp=&X#+GkER+^7qxh%I#kkrzV8^!QH_fqG$NcwNkhFy_`MnlvFyYxCVC z6N)kcgRRCE73uWhIf-by1d~K9I9Ec4 zfL=>jUYAT#$t#`(6*K@t_wumb)d$c6K@hFS3qqjw^Z8*bne;Axt{}?z{-_k{W0^oZ zkdptpe-{L25S2lFljV$KmfYug{o~0QwO_g+E>LX_j_h>trxU;L7J=J@WTfuYgR#(V z#9O03rvR3IBw@N{oUvQR;XngrKhzZ|H9`Y0|f>NIHnwv5u|Y%uL*wt1MPI_-@1Gtt%E@j zOB)+!_3uu)gd=My&ZqVlzf)3B06My-S7b!sd^ZoPc$olb-@w@brUtqz%jsKfqb|%e z4N01Mu1_}s@0PCsih0b~jOd!fTHBNg)?>Nz)!AE3A}snn|&Oj>bPVDLfnVgSOXb3g^rHI&HSzK?F>n(6A0+bqP3?`7_H z;eP5pVwHbm&6H^kvsvJZUs-vp!Ma)pBnpn$TH4y5K7tg_$;s(>Hv+Kd>ifm=QrL`_ zck%5o2K@maF^`{?r7Y(8`(BSPoytxTujjBw2e1M2L(XW0(jKm#?dxxVP%9`BBf)1( z{)|248B?K)c<1@Khmt8vJqIf*0ag&W+geD!e{!-rT@Svzg_$VJL`zS=)JWGox`8CV zZ`gqHSZH|1FszQE^99&4eCpt0mjy9U!6=71tj*Md^Px`LrzhC;Gk{$Y@s!B&!ddj~ zA)q6W*O^boyLNS9knEYn1Mt;KU`F7!UNOIjhzJ7%1F#VQ)-TXJ-~hIqbQC=m zla;SAU~5p3>~%R&t@Q237AS8td^6Hy%r7_AE*9DA7JTfWhCK$zspbRcV$~?R7XRb+u@iFQ=g`%+d=J zC=W(2t#pRC?(E9`jiftH6|iB!RvJPqg&gOsKJro>NHkhB`D>77q=tJSBR0tw*EH+K zDf17q{YaYa=GWUmLk#Wlek)n`DFJ@|EgGE;FQvPyi{P*-IG1we1CSQhuU`+{HtNmr zLpPc}Bjz9BFRHrep4StJOwq)#hzR1eO}GKh)naU=W+-;wA?mWg+|ehzGe-BE(Yq=? zlW0y04mBDCZu{PUq(~U`BL%4H2F6l`^9YPsOb)vw92Nx|!P=N`ih48!CR z>*JF^I8;m*YwUi!@F&9>Y-qY%gZ?*ca-k0g zf!=?IO-*2xYeh$dakq}v`0QN#5Sglb2!xcm%UxH(RDc^Ouo&y?6kFA*)ziItg82Qf zi*YeFe#f|PWj4Jxqo4XOCUO1EEKMLr8{F=Hqo|%23Eidz0uc}EFVJDt*{s!wv^#lL zr;M3>pTi^7+1c3@OP)*hDb$E*%#iy2iHvk%#MsdzkQA?V1V5!V_k~1E|6EpDT3m7j z^|Ed5?~;?!=D4Aa#71x4gQ^tkL>9|I*`uPBE{@;D!`H>s8!nb6NrsBe*$UKyg6bQc zDQRg8)`a~ok+J9#?AEPIIDEJXX0~|A@ps|z@ssLyL$zQad$MuM8ZgcWvDs{b83eG+ z%C-w^$1)p1tzi!{`vnU6AV+#HI9a&}J*K5+jw91f`ZL6QRFqg-D1oj#+ZiV+ZdiBY;B4a#oKwrCbAPq9bQXGhjU6UnGD5 zeCCD1nOubEU-((gp#o2(;dug_bsrCb*DW!wFnY7a z?|bC-!^HWbd_$g-@&2mtTeExDxw;1Zp|sWzfDRH6^BpGuzX3M`(jDKC8lL8QygRiy Up!b&85iXmM0%?0{16bn!0KF@Vp#T5? literal 0 HcmV?d00001 diff --git a/docs/proposals/images/aso-reconcile.plantuml b/docs/proposals/images/aso-reconcile.plantuml new file mode 100644 index 00000000000..a8c6b56c654 --- /dev/null +++ b/docs/proposals/images/aso-reconcile.plantuml @@ -0,0 +1,34 @@ +@startuml +title Figure 1. Reconciling Azure resources through ASO + +[*] --> GetExisting +GetExisting : GET the ASO resource if it exists +SetReconcilePolicySkip : set the ASO reconcile policy annotation +GetExisting --> SetReconcilePolicySkip : resource does not exist +SetReconcilePolicySkip --> CreateOrUpdate + +state asoresourceready <> +state asoresourcenotfound <> +state asoresourceskip <> + +state capzownedtag <> + +GetExisting --> asoresourceready : ASO resource exists +asoresourceready --> capzownedtag : ASO resource is ready +capzownedtag --> SetReconcilePolicyManage : Azure resource has\nCAPZ "owned" tag +capzownedtag --> CreateOrUpdate : Azure resource has no\nCAPZ "owned" tag +asoresourceready --> asoresourcenotfound : ASO resource is not Ready +asoresourcenotfound --> UpdateStatus : non-"not found" Azure error +asoresourcenotfound --> asoresourceskip : Azure resource doesn't exist +asoresourceskip --> UpdateStatus : reconcile-policy is "manage" +SetReconcilePolicyManage : set the ASO reconcile policy annotation +asoresourceskip --> SetReconcilePolicyManage : reconcile-policy is "skip" +SetReconcilePolicyManage --> CreateOrUpdate + +CreateOrUpdate : PUT the resource to ASO +CreateOrUpdate --> UpdateStatus +UpdateStatus : update the resource spec and status +UpdateStatus : update the object conditions +UpdateStatus --> [*] + +@enduml diff --git a/docs/proposals/images/aso-reconcile.png b/docs/proposals/images/aso-reconcile.png new file mode 100644 index 0000000000000000000000000000000000000000..ebc3e55cc31d6c2cc25bbbca179efb18dedab7c0 GIT binary patch literal 66092 zcmbq*bySw!*QO#Uf{I8fNC=`dFCZWt(%l_OcXvv+2+~SPw{(M`(w)*OB`w`B`vKqI zd^2li&HC2xhq9iV`@}vwuCw>GpCB12;oE5VXjiUWxh*OpAa~^oveK0+*M?A$;1g7L zDl_6S?*v6Z#M3mUu7 z@;ia9cX9htB|giQE6(U08$n}{ z6qe1*8&5|@+i2hH=tT@>g-F(yqE2QeTz4Hq@GIujJu=iV-Y5` zL<^qua`@NDEo1b)JB>f7jafX0_ile6V_hx_Z01F|rE+cF^5CsFx8T!$l}B;b+nRgQ zE!wH_ly@w^T;1}Mg%3_RDI^WGx>IH+)_0xGj>8Tm>e5!2=K?pzHhC(; z6z@wfzb{#jRooRcc{JgUrjlo>A7*M4k79t$d1G7pP0g`iJc?K(`e-`K_u(w8CB}zo zU3sRREhw=Lj1NCwGkNity}F*_Y%*-GvZws@BW-?5ykF9y56SDf;wE>RP8+)`=vuC+ z(4wyS;W}pI)pXMxUJF=}Q)6gF7DA7T%~H-I{vpAQS}^x8LqE3i3*P55ivzzNtKfwE z&ugDXste4?=T=e(PFHtberi5sAT`#SinBAO>A|{>s>)p=d(`}WrNwoMA~Y>A@ojCG zL6%c*XLDqL#JqqMMX$5d=j$3$;t5Vj6spNY{=?!f68f^A8V?Kva>B!gX|G&)eMMA& zPr+$?bqZYrd;YA|dc!*wxhO6>+i6ZAAt7erHho5BMznE^zGK1aZw4;wI#ZVtP!eW$_^xPjg{}kv#VpJ z^78W4!BuegO=pQUx>#X8k*kDUhw0A3>6e+s0bK>jn;lXTp=Sh>#4PrK%$JEp-y*%eTo106cMaebI zYZH|dm6k;(rJrmUdv>$s6nx=G4~s{H#68du|WO3EEjhNZF6 zEQznJt$1dywv)?f>d`Zu-bd~l_9jiGzPQ2WK49c?{WcmJ8r48NZA*Xr^Vx5O1x+LW zI0#8-JZ@P&`BCs{frtLdvQp@ZJohT&c1JXI%QW3nex-vI?Q^Q1!j27fb~ZMVf}OGS zi;ZMgFi~HB6H1ASidyJ?zp@vve3fE;RTG`rZy~%b z4thO@%)c!?kKgB)I;^QlOH0SUO|nkK6k%W2_iVzpl%H)4_x#MHK9t5}-4dcX@ll9G z7cZ!ooyW;E?z}f7s0L^DD9VhC36DmF1m~Xvhxw{!_>xV6prtW_HI<Z+gqWF`v6y`)*@zC@oek&V-fAOb+y-&=7rYoP)SR821)VwU7bb4+w3w=) z6qhusbHZ%<{-%qq5k=Irt$#R2UbyCms;X)v5y3N~m#h6LKYqMiVi?VqogLNoq&>bk z__TM%tgMv;tQI1(#GFntH4B35rGi}SScY}q%bCx8bdN|GlooGT-rhcUW{|Da(MXOo zw|jRO$DmtRS7&Fb#ccLn23ND*rTj z4{9!g@P6Jn)~^2Ixx$Lv(}@Cp@u2C;^fWPy^Y zsVTL1pf9fQW7cX()*nv ze4@S9Zsl!aVnJP<>we)nX8ix$RG59omoHzUV}pW%6!Vm#<6ZLFrIKBiDOF1yH>M8{ z4>9JwDW@~}U%YtFVxHS$XJ^N0Gba+!V~|6cDUkOHl_qkev5!0UE_%m+D#K!|Nfftsalj&7 z#EqZnxzp3rHlYL2p^|gj8B!_zy;~P;7=!=J z$m;Cm&>M&1J$mN%_Z?kbQ7<|5JEDY%-4zV>mIkv#3@e<34gZAV)m8|G@h)iV3fA|8 zmHQu_*TtQWv7R3d*>BB>s;269#&n1`pd%yXy^N~xM-(T1#MO1SC2W2^Lp(Mrw!goB zVJ8{F$`dAC9UZaRyTLotmJNqO4>-jf<8t`(vTlXfdYm44heX}*-SG(1`{I9lfrms- zXO^763rxg?`|LnhS5rbYy)e`5wkGz;*jP#3OCmSMW4{O!gP62d$MMro zGC!?LR_h3-fFan@HG={p@g& zaVk^ty|%}p;Mq34r@q?8TF0kStS1s8;^G`0Cr)6(-Ag=_n&ccD97}t~<>L?|Ae8$0 z`hpR(U+-i@nqOF;A`>W3Ep0hjuCA_bM+4V#es;W(5%5$z!!?WJp?5(+!Ok7|bz4VA z<%Uv=h0(9z1N6w=vMnkXp&zu7g)8JKtu_0h*KE(jfeDJmGH`QiIlGxoR#~I4%EjPG zY_c%xwY}wX-D@jO&&n!ND;HC$C@Epw?!w);G?0-Lh*#}swGL|oryVkzq{%o<@ z5u|V9M;8aBd1!C%9&a>?i;JZR3JOwIx<8)Ip0KvFQ}BQFz23F5uFm~C_XKY~*VP4OMCy)KV)iAk#tj+3=!$4B7rS&|AO&eDgL@`3TnNWt>a zQ|TlKxcW`QdYLr8ct{b8CKpceoH=LQ{PgO}@=(qo{1?uBB;st;01ycDQKQna--6w$gjpT(#mUAp z)_D~bSvCm*LGm^XHFMHBq`hW8;f}JLtGHZCzc@;24kp`ZrmDPw32qT_Ryl7k{7)P-I51#@ z+e80({stgZ1VDw?;RohH{D+B(_!mqJet3})w?YJFgdZ3We&7{!EMnqDtDnuFb{x;2 z16Fu(b_f4i+wibr-tfS4_!|ef_xEDmmoHxm2>2#=8wtS(q<3W)Xw)n6#rjWAH$3Ze!=1>N1pupDedc8*b(UVT>v48+GJ2K(AeEZc+erFyzQXSJtVQ23jhcOLuCK3mgr&sA z#esQ^V_hs(#SHlf5EwaH-)B*#7+WNhp%0iiIXPJ@CV#K2)LPCo zeEll$pXcC;zrEo#9W5kBoDyQGnNB`B9Bgcd2L~4i1KUEGU0zlTMSW(!tZ;E+n5fxK zB_$;f2?;~2(M8hw|9OZwO~j|aW@lH1a&!&Oii?X?YaI&ai0SF+uYbFKp#(Ss(mbbn zrl#sfXU6>>zYS!FySus7)z>2~2-0aV1Y&m4yy5G}$N;KaRSt5r>W^%Dxhh|Mx!%qx zb|!0i6+Bh@1VYXJJ&E-6^oKkioTQ{WO9L68%SQbl1y7H5nH7^Nii?dWD%Jq*#L#OO zx}6K_ghzU^n2*nGY|vZET3po!jR=KhgGT7Qz49(9Dm|U#CQGF4I@g@iym1ga5&PuE zyPK+f-8@@DTNs!7dkJPTgpGawem16J(%#O_WcCX!v4aTm67K|0C*(Vqy2Cj(HfDkr z92`6jZd8DThlfX-a7(T^oF)=y=;RA62@C}~%z00r77M1=P7Ej|!X21B#kCMQ)-?SGDMNsWt<-=(65-xR z@6re#ErnclcrlEfE=1DK!^p$Bi~H{*F_rW1Qv#l%bP{qT(X%m~sizA*e$PNhz)^g9 zru;>h{1Ey3?Fj70SdpF;Beo+7?oUp41o3ac9|(}BqKF$6yWjNdEq10EhAYZ?;#-k-a zzjW(H246kCGJ? zuz_+o{WqSJbW84&p;HT`)E_ zMp3R`kMxFv#Y83F_?(@?cjpCdIZtBp`9zI0<&qEQNP{J??wI>qqxlP z6d30CNF|%rusnt$O32??y6EOsRyvA^h)76;D&Y8a+T#I3LQNE5@D{E_O z&?>i=pe~rG7|SM3`6%IjFU>VMn6{O%sBhu#NJw;f&d&Iua}W}$5j=@4^mgB;A?CnL9Q zR4vX-ss&O2#T*_V3kwR8lap_Hf%icK1PL7KJhe(oVFC%pj?R`a^IYYkCxQwEYKjY; zb_@;ZWhTS7oNL2-M^Q!{t(}$k7+*E#5fPzBM()L7d2MZbGF7#W>_rf;k`5h?7M+{r zV2aR*RMRlqYS<_Hf#Lk!p8$z`hJ4mue}B@G_0J+g17YOfi0-_at_uRNe!kTyeY?LK+RRig>d8~;{^vj|=$W%~V?36Z!>USujs5m_l?`EH^LzKU>VtNB zlWv>zr6et_y$|Gd!Dw!OhKMo{6-fI$#U1we3>PiF`0w6CS9jbt(6d-irB>#zG*kWf zB%t1P^qJZB&r|LmVq#7%M^~K>o6+l|1$!ZlvxqvXhU zShEXzhw{>=$e0R-eDLw_n6}L?CX{>8!G*f5@@$J^~YmaBVC{ z{9>{#e+np8hj-0YMOe2Kz6}6d*yn6t)2JN0|$t zB0xfV*N^{l7**f&6p)QEEV>gFw0j$lti}96>12ZhlucKJ5K@4sWsDpgJ~L2e{AHujvD(hq(O{uy zpwi=T{tV;$O}a7E$BH&KHg9cyybfUBu3mI;J3CZwZ+9&%@wknlO^+!RPmGskJn+@w zcu$|zQb>$0a*0gXjb@cj2CjAMlR@rPl~b33Pl4Q#P`HOhdt_tm5BJyJjsbc)!?_O% z)LAP_a);A|TXkFAqT$NbNUQQE$mdI1MMZes@w)iZ(v4ddf6~IW4o4fg)ys?qd~X)z zGOdi1H`tqcHbu`{J?_b&SI)P3z_j4(6K!XEJUQKHEPQDu9Qo97 zT_Y#|E^dXz_fOn4yY$~tQ5;`=N=5AEHLCB{eXoRP#axbbReHpJRQIn7y;-GqjkvR4 z=ZxjLyPV(UXrIV#^<&Vm_qt}|**561L?V0PkIcs}!KQyS`z6Xj)*xjetiiq3V{dFF zC}?7LB(~?2*mG4uyTcCb^wx;gSJXxEScmt8qT35$;1WnVxIDS%PWOeWn8-haw+@xd zI6JNFjo+4qbho26B%5+dZ7T<}uIX#bXV$&)kjFmy@SY8$`N3rW&oA$ZA!0~Lg??oc zWz3Q~T(S82lI-_d^AGmFO6MHPJDjK7*>$40as5ru1`-ZEl4e7la(qu)U`a(`fdpLW zPR@>5^x4^*EkT;-7Gi0KN1zTAgZDVy+!~Zdlb>5Fgy2dNJj>p1A$T$TTDI1KmiYm z-XLKTU5?1-WqR#1QKaska-Xe7-5GZLkC_H>lDc=#)lX+` zAjKaR9O-!CiMUg$iXg>d%a)rc9;#c()7SO64rcmwlw~dQ&p#+QuMV&xhs29DxGBY< zTHYG%EC!`_GalPSY$cv)Lbt~&Ez5OV(eyL*sFX1};`L$~)wP9>$uPxTyhNI|)kGPPYL&ue+pgn5*W z<|Ri3kR)XKY(RHmkD?XrZGmz(@|i|L@7+V2MxiRB4951_8K3z;DC)0KX|Y$LKRDyQ zPwwN|Z;I?w+o#^zb?5&CTtv_TGz0jxPO{I~rlkWY3XeZJm%QNl>WCA^y>C z=g0oK=JpTFY=A;oPfyUocp^u!u>CT}MqN6GF#B%{i{#F) zpI*5`pfEHzJ6cSBMMt->w>F`u`iNyjeUAu$!9usl(woj5P(t*Ay5fYov!j=y9E|cT z!*$NO`U_q08+kJ*`2VCF=c^J^Y=iM|T26o6*|`R$10_Tr-R>%@pY~xQiWHrqa}9j@WPdMgYs;gvn`>w8ou_O|pM0gkC(Ip(S5|~f;#QUY2^IABydc70 zqGpilw6#8xqF*|KH9B)y#UM*ythc=U?dl8H8$AT%2Q>-&xqu)q8G!xaIkr zjcuqjso^T8bkL3tV zcrw-C9?y2zts+@h-xz8368yI~UY7guNG?XBJ6L*m!W03f)RUpC@i&CqYyD|yj8x;f zicFz|9#T?Wp$|4DCRj_$-35Yd7oG`1s#WV4&n4Yvz}>x3R@j$-vnp$S zliVdrVDNm32#*TvE;N#*3TOb^0-VI z+BHyO)az-Tja7Q^BoocLt&{y7$0j}Alq>Rj!BPh;iKV4w z5HA!gw)XeKgM-Dy#D4v~5HO5lB<|$&la=j%pH%PP`9`U)E#cb;eW9qf=VPRHJ4hueC`4(5 z*+|-;1B|@uC9_N^;*$L6(W3-K9UuhS*sj|Onu=T z{yS>PLe}c#xpA^{FhJ6~9qcGj=BTQwf;!yi&%96|o%bAeb#bwvsgab&6FE3E{_L8R zH)<|`=}f2fq+oG(VKK(pE-A@IvwfI+G)}|VroLVA>3>}pEiEl2rD!!_86+g%zP;<| z=?RB**09cvHiK|KV5*T$acAa+x`wd-tOGEW$*L3daBJI(r`7B4pp{IT;I^?b`qSg?^p9&L@&OkM)sJtzduwB+qOIi0Q5woN_Lv?Q zj%A)2H6uM;1Oqb6PZE9(MI7`MpHGhb^7}41fhEhIuIR{lJiY$toz%DFPjNnx)MACy z)itP>^9C;)oWv(ehlUZcveI+C8=+8z>oG>C&CRvbN9O1k3R`Vu(9Lq*(wn?LE-D|D z^hG{KtgTC|K}a6vzU%d;Z!W`-=>B|3-gXsa9*n~V9BejQ?q>BHH<}uQ%7WO5yl<_| zBjz}K*$=51wKTI2s-?7j9?vN+?jXJ;4$Pb^pDm1j?W-FFGdftC#wB-uj%p)&hH|kx z{kg6L^GMG^-P_1u3e3Q!nU44QbEc1^(nR^-5unxkL0l1JS?@eMoYB}>Om9nq86mLx9Pv$_ zxn#5mZ%7e|{S^;y)Fwt74-P5Hnwt*I-wprbST2#a2&8v|NjS)v+g^P|Y*i5D+kNYc zb;Ye%Xn7o@i0&lOlA&z6UM?2(Wqc?9~Ib%S9lk4S0+mv3hX7aE;IW z6o-Xx#Ph)rA2t%m`_B)M+BDGyxksa4=BGLpSMq0nW%ARLBK&jzotUTOTOzNg`c?v@ z2Cy$?J`q;hVkYt`eTi4;k1~$2cml@*xjR66x^irQwJfx;1`cY?A1uV5n+A zq#i8S=IJG0ZSt|Y^*#1Kh8!CSQa_Ux)whp@6;v9Q*TE$94~8Ip)_*ZgN=GNDfLa5w6Z*$ zN3U8U;0P=bR!t2Jz*d&#=H{lR96DbE`}$<;josW%pt!Lz^%M(e6tg};yhsT3vT2fQ zL=iw{q-Cb#lY4tYYu63s`!e$h2PlDTDQ6BJ`rN=c`|||@3k%EE#^&r~Tbh_S8EU?i zAyUcQQ|Y2uKy8>ij-k_}qSt>y%!;_ZK@!nTIFpv%30=g+V8Fb*vJ$GExdS)PwmRtv zA3iiQHwV}>6&iX=zr3%nk502jMOC%jVhWNkyB&z~Z2P;X6L8Nm9g%o4m(etxbR=h~ z?d=TJSPd0(>F=Afq&HSt$PdDmS3A$usQ&W>> ztwVGW#H0<#^dy1+-M1GceJq`~yIB`|67x6=p=1Z;ai;HaIO}56^`%O`%P%vYGLSVz zTJ^_WMHWvs`x=NTDk|C`4x;h8b|VP{+7d=E5Ru4kpUcAkea^>#~g!e#x- zmywW|cm{}8{2ZAz$2L&3-pIpNyQ*12Hg%di!K#!@N*JZp{SN3lOF;ipS69bd`rOS% z7jH3`3EA0@lW61mwfp(6iivZMz(~G}iigrdA>HiV6G8YJ{l-Zp|3j$oY$Dic3 zB}z?A&9(=%xg1tMNSqYb36eA9Ky5w7IwN{om3n9VGQs^8^5|z_$&wE`sR%(br#Cb5_UQ$w{s=G@$zz2E1&@~Z8pM>t6`}sc4WWkSl zo*f#--$6rL9xu<^(kHMNzHVxyL%$$0jiYI0gzV_J|MN@0N&%bQZy5{>jQHO`HVhB% z1%{4|t?m2=skndma4A@l>{&FgYC<&<$dplzKwz|Mk0f6<2pi7&_W)U0 zSqTUTbjg}=^1n=2Hr7M=-=5Ie*Kx*O+3|A622{_V@mE?*p>e;#xqlysA&&9iK}9<0 z8)~ z24e;hl`sJk^s=mp0{|>#*X;DO(yz0HR$<@ey9{$Q9cv-VP(iai8ht6lrpaSB@cp?L zyhMVer~s8E24b3zgfIKznI|0ViDLf~9BBj~igT_aW8G;e{rvs)(&Y>Pj8W!5#M~~m zF+#ilE;gxpJE-_SSVrNeXye{z3cT^FnNy)WST9)>&MsqfN-(X>+zvns;~R1BVjQ^{ zVhH>ZtA^SbJ(sO%y@%T%p+T^V`vTx3V?^POR7TLAl7ti@^7z#S!-bcv%4dD6sg&>} zkQZm*C#AS_wM+kO=gs*B=pHDvgf%-#H=^BdIV09e6kCk^qxIDe)35%J@apQ707Nl`&K1*L{p4iu>{J z%wH&#ivW8L+@Yud$qT>vAjJVof~>9oZ)@9fqNcKI!E1n93VUXI^2h#yQ>rUVb(t;X zeRrJh0vx@z>ffP#iTo4_p}aT)1wJ0?fXvU=#7;aq0q`&gvA~d+*&5BO`4`kvjNM3mxpF?|=Rld@$bUAYMt&~!o>@2vqQpNB$s3oby| ze1x4MQ(3I>ji~&*pT%B#Uu@+q|DvERKg?oTF`cKhYzI9^w9{j9%}ePGu;&h1k>Y)b>8DJ2vcjqcyN@V^`SPq4;JtUK>HBLWFgx75-q?xia;pe%q#$P`H#l_+ zuZS6S!Ck;UbL+XrYC8EnFCCs!e%0w;0lEQS$i!PnH+8FRPsL3ZRnSBuj&I#zIL9bH}rptkNS_n z2t0D{WvorFrHqiBEOSs}QlyN%4N?CRbzi%}8R(lqE$1p4k!5bRsrU<-}HPJiz? zgk5$%>`M9jw@!H3F%W=^87@|PbGDY3Lbv#x#zt7+%VBZW^K43rt>|$5rL%bIGBtBC zu?s|xpd;|3WO|%GCGVhLZ1M1+q|li|RyEuhvV}cRAH#awan2;zReZYYf<9kYguyGrYR? zdLSm+nq&1_V|={#+4hP0nihAFz*+e>sc8k5*)C_&wbzV+y!X_8d4$|v zJx>b4PCq`G@XVh|dB7kl-#8=P+c01K8F<(ivd4J5=4c)`Xf%FR|E?EgnBc(DNcV5- zxVFATV|?p*b{@h@pj<>i*eu)vH}<~efom|n!MTI2M|z(9rOAAz z#(X1R|ExfJa%|0fEk-5*Zcd<^4+l2VG5=V}zhyfVc6@Hu&I8;83E+fdktPXh*7P*4v6+{{?OX44QEBZ9rw<2XmO^{zx9mK%>-_J@`YM}=Z(}6r|hlj z{ZL5Hh<@;nQy`@X9ATux<7EoUwht$1VqxNeM69EYo7=*gN(SWGY0j`_OjJKq+axDu z&KQT!U&Q$Cc|Bef8JCrNTUl9ocqkn0ar6t~%cnN>0G8Oa9Lr z6qF)2`8#|M4;LFJBt*HmE$cmJ7a?aM8YZ3+aWTpDuWp}yL)M_|8j%uOB{3_I9wSL|G`%oVNTTJ^m%dSz0BFoKXPP4-$ z2w7%U=YZw~_96i5+!yu2IlX|&gOCtCqiBsDaJaP>e8Zb}{`kR5{P8=_k}@F}>mwv+G-)wS34_BF*9K z-VWm%YCV8ANRU(m`=*JtZic18Xp9uByCXq<1W}k}5BP`>i>2X%Py?u|3^>wHAcj5m zXcT@4HuDLV8cxKj?09Du$p=;Mt=ltzKC(i6BQD6>qM%s#e?SC+{3Pq-4@9Pvoz`W$yRS%=8^R$DG6H4@ghiL z)?F{Lk?6iS5F|LY2bY5E@Y7{dJ|0=M=Rx5*-Tu+oPXgQbAF4vOM_yZvQt07^%>ge9 z+?g_|OtYM&+BJccfiwHcY&Pi0LV=^}Ya4soI~G?N78CoUZIFZ_pprYTq1`5v%y1wk$@* z`PHU>hV0chM`2Ce^(7XiLWk-Fz(i5eZegf;V?&r_o29qbnxcPic>Q zddaC)Ppv$lfFUOrNsjV}^eqFxM97(5SZ_215c7vhv~$kFbJs=_ti~&=-FP0RSfq*H2%KQx^>&Kz36R*r zu|b|R60_{;l}~f1QOVJ8sd;WQCv4|Ni9Pkd5z8*#*q#R$HoyE0;UrWHklBx4ytWI4 zqR8)E?n$`}F`W7!v@&#E0-AbVN*|j)Oo+18^h^=@ty^WG*aFZ;2+9ohZ-{JukISZXRj`1h2n~5=OsC<%x3z5`%1wp-4;&IU%tsZ%|%*MS^aKPm#nl70f)UN;40j} zSce9zqNv3QzJ+|U+xG}o)>bFi-bo9^w#9@v;!@cSG00Z%oR#cr3pxGE$!`7j4Tw;R zlLUOwgYfl2Sp3KxeOfVE{cQWu^L0;6%r%c&!ccX^uOT(8O;*2H8!sQPFfV@D^t8G< zz;5Fm1)9Skz2^8-zG@nOWg4B!a!zB%N2P+*k)q_Z9&Mo4)H>`zg7R&n>1fZuZ2~Q= zkQzJd$jWEt<5rVZcye;hl9t^+Xz_Iw2RLHT@f?)Z1T0;7cQGlJOFd0Y_Us^^ z0nL%y+aZC0K>EwCVgdpw@{zDHB3t-3r=`b@x z5b(e>R9b6_KsTtF=4ngPSf}r^JFMOvRHu%U?&5hig{oJh9 z(=&akG{wSdqQcd6rqa^9iL1h5ij&i=ewBj8Eb(grFlb`VQSG{hcc)9O@d;I-ACtR9|B#JIj@nF(-BxF9yP>zO+)0iEO{eWMGdxsOR6smMMfQV$y;D^k znsOT)ZMLttm{?UntGDR87Q40Op-jn;-$v5<4R#%nvb`ka)r>QmyF5o0EHwyw9G?wc zhOOf@d*!A-QS$UmkK1-vc=G7=)fTdkJ9^K%Up6yTlzSh3-ASc{uH3Q0#QKoV+6ND0 z7lt~zI_y^VRCqsEGFtDM$;>opqI02_G*#O^6*&?U4|(PwQ-jejS^(*CnX@AHL!-7E z0!*!n`>M|il*Ey}=^)x@`%CL1tTd1}L(b!9NjscpS}MMxBsV&$EKB6eBRzvNmp?x; z-w+Zm_MWR~n&@y0sIoF4Z^f1R*9emg>F z+dkEhkL5mYMWOMae^b*86galxR~CN$EViB%($=1V9wzc9Pwsiiyk+;^L!>D#qr^SB z8b=nF-Q_xh!YN?iVx&n7|QMIm|Gw+nW{NFJ6+$>ntJspG!aGLhk-#0DkU)odObc?HLS6L zyaFU4sc%vUe?3b;_+t_zoW`A%{U}(v&DQjX4{^S}uc6m4l=%E(i4icKpxe>PF*!N% zUQ&_=uU5k!eoK8>pnf?3mx=qW(myPr_{>JT%kh2|Pif3Ffw1G_(@6dNA%C8dLy5v^ zuxFFk4K)9&x(FMRP-utxOO}$Kl2GvbiAC_VE7KHA*0@8riFg{y^*aqr@|M^8n|{hp z{k+T1-|!R((~BmK(c1xFtgn7T-Hrr;2u>=~F9t-_SnYL7)8oK$`!#UTr`yRJIoj^B z4GlAmp8GZS1^PJ>Z5T3YU67=$sj7lP_VoDp z_{fL@)M-*vQvnNG@9;}O@?}~-Y zC38)+D1XH)+nB5#gf4j;YNa;qc%?-|uKEiGPgJ<5lvGc$=h@Qi>|l{LkA6RJSl&M~ z{#lbqp#RkC6}?p7%egPFY@tgNh{ zgHit@@WDA8R%I5UKr&P3JorO>+HJcV($LF2@sL=rvYx%=&_qr$HZh?L2Yw>LPt}(Z{4%+10sw_*$E5}XO-QiVwW(ChDw&` z?E6A1e*WgXqK0wk+q-@nzYf}h0f=?DwdWll+v=rK7tCH>UosU1&w z)c~p#cpED-jg9H~7fd)@I*s2@a=>}#E*a1G%?{<3Mc>PUosoxZHtEpuqsIvS%v$v> zI5`W~9TC+@)lvhl)1ARg>d74WtWTf*VPlTedm@>z({uv}RpbdBh4h*=>8omEt5ER* z-dbaB<-wc^beVT8V!tLANI|e*aT0+AtI37t_fdH+&6*ymn&t^oYFB!4!+j28Q8r?} zWB8s1$%JRnsu*c}NIf_(p@fTQE>b>&*6p&A5)$Mwn8dWLBT4PH=SWlytK-nGE#&Phy?Dpq> z|IVI{p)C9Nh@U)tNC>7mrGJMV^Uev?J+*AVqKrM3v+b+&bNb%ozN90T7DytV*eUkWC2mmEIvCv*B2 z#LF5>`oAl^K04%TY|xF~puFsPw6g?lh?Wx--FAK$gzV2=e!c=`qTk>v=Tob+fB)`X zsCfsRoSYQvwu%+b`rQ1?Pbwq#$72bH+^u%bq{^Q^^*7F;krf^)hV0=(KK1Igv}vn@ z{qt$;fp-ZBYKZ4cCZVO*I z5y|ZWz6m4&rKhwmgli;cYLmE00C7;+04m$^r$XJYuU-R>kkPd%$f+RdR4 ze}GTOZEy!42PA?9yW~1q$5Q-5U4drM4RCp^u1P;mzRV3{~zmE1B=`?bAfDJ$53c@+n;ijl9DPn9bJbn zJpnz6KKxsnTg`?7->X-zI=b@n^Lx3E^T*s7Q>Whthlg+Urv)&|OaL4X6C@F}U^3|X zR9PAO;_X|58l>whW}lQ61W0t59c^t(i;F4k1fCbW?px@`aqHqt10WbG0C5$ll|$2D zr8q^xbL)=}Z3Z(XV`)@B){cSwLA2qfrw@ltr@x#1`LmCZj{_ReZhOn^LRYhkt1Hyl zfJ={t8Hnl|AVJ7?{5_v}-V@neK>+auD9{%U?ZK(XgO!ksq*ANqS-w-h9MJc?j1&G| zF9$Bw^On_wd;~b>|wr81<$~gD%8;lfu zrKf^+wAX-ThgO(6eg)Y!v&Fg%PbxG%x$X2*pC64H0@6zO=cl5*!BovirNtV3)z{qcV#rh5Wso|=i=PBQ7lKT$Kypc@|%8QtTqv&#KB3uP;K zL`|>7Sq%slaKXXOVE@?I4fKM@XdexG8l5dPKzt`CK6jGkInnXcQ6 zp%qWZaz1lwJKhLaFsP}KB7FX5snpP?Q2X2&u9%rpgvz0{ykx?AJdSiKHM>AlSsl(R zU7}sV%?aJ{r`PySnE@Et4blx~EX2L{dEf85&iUoO_F_G2K68#a<{0;Vk1=J! z4|dmtpLR&4U+wuNiQzcYZhA#i)6s2xl9hqu_Vd+OcXLvC9~5xBrwh_7|E*%Q@KKk^ z_sUXASr61*t&NoJ?5xc9_UaqXToryXw6#tWt8a1>^Jn}Q^W4mgm*^J)ZtXv{4&J3W zKvN5~17x0PtfMKR;gjEk{myPU>SdYPS zS@&j&K|u-BFTpI=K7ke{seaICsb&1q5o^dn_h5uWD<<34Sh48`j+KRqf?q;!AZg7| zARmByRH6pceoi6xp!=abt+0{tN%pSZ&uEShlFUzhO`p-A)%zn%lyubLgBpi!G^{?v zDs`!1{Pxev-2}9(P2~ayJduA|T2ekpxc8nUMp(~o_=|Yeb%*B?LgdB~c&(9R0ix!- zz@&UgYq}{O9NUUm7wR8E2yHzR|6FaM!JJ~{SEznlStem%OVf5;)p_=%FU-1&h}k(H z&_OcDQj-NrR?Il=vv>vAQgNV$ZCBvSTrjO(dHzNO>a~J zbG$0ge*fwC!Lh4z;ATZI`i0i?w@Ge0zAK0=I zqzk+jzsVMw@8)Vv_3E(96QuSayMwM)iHZ8qszN>ICdwD;EE$Ig|JK?nyUS4C(9lp^%ms}5 zWx$Sr?ne+q241-I&~0ao^GBINB8!7d;@)CTbsNz^Lzs;6w3*_=^%eDzlSTSLvy=65 z#eWHG+C(VhV+;p;8ZZqI%S^naLtsFklc_@xy?m|{;|;E%E->!*FOcsaWIXN9FR$)d zl8JhK_fxekgUQrFUn`BIJFUiHO{@sH{^q{34{(^2UO-NEnU!4MB>=48sx+~f%N*Vl z1nFY%;B1h95#PSOKDQlPhJE}HDC-*c8$OS_8Z){?+cELn2v}9>gAFNW4n?kc8S=BU zvqS$8VZx1t%U;oC|#bS5~#)VtjefZj9foz zpuX8ySFHW9w9@=OlY8!WNiWK1g0$#T)#8oH16FG@_teA3j2}#6D!nB!yuI0}Z+xX@ zWMWQEruTdM+V8>}baeFY)2^bmhH1m_$!_3|w@p;hsPJ(Hv~M@f5nfaYz&=ONY(jeS z5=Bf!DJsUs;-LG7)f2@w-FsJIUVgl}F8xHztc0JNn;S$6000A=(IV0eF-h$el3-7U zgz;LzfICqrh1RVUtcMlLD}|k{32cXThGHYXDe=)`-d@{QOS`m^8r`~ppvtszP#6eQ zp)TY7`;<6r{ujRu3=IuUOy)tu`CM!Ymupo~Y|ZU1nH=&^nbFnAW1Stxnd#u=(|2f= z^&U!8CT1<0nBf$~csg@kFM)(AmO;yAxto=hB^68&6dWvq9`r5YgH>qj0Ny1P(H+a7 zdLt2QmkoHcq7Pe1l&Ajm?i6nSz;@~)l?^+Z z;dq3Q&dz4(EfIPgE>4-N!w+7L8a8A5r(FVA)x-_sg1l6L4{A*d3dRM?aHdD=pWd!A zR$bO4g*Ff%Orys+dKeQ=XuKj$hJ@x_D)0XFGQ2)#YiT!Pz)7OBdISx3+NiNTQM~w` zak9uRh#i(^Topo)>==gWIv9hA^QC@wkT5RH-ZOPf=zdu`k8}Q^W1ME`cItrhB>YAc z>2nNgQ|BMG32_RdNJvO%9E9(F))euq-atIqDS0a?uP_#8X+D88T>9*Dv%`kq*!UEF zIT#g+U3z8VqVi{Vcq8Huh_@2;8s-Syd2gL=gnLQU3+WYE-y;|_*0?Cbppfu0Ew63t z`L#@rG$1QcAzeZ9H-%ZrAhb?D|1SQ_zE2g46dvNcW-9jT@(9cEL@D9MP~l9zSaJ5u zts5IO7_`*1{0&C+XCFF$eAP&4n{W>?AojNSui8%|EUy$f$~=pYOnl}ION4~ctMy%n zFmCeGJH&h#V5u2h-zdu3N^-l&obc!KgFCmM%UAC5Ag07~T~$L}7dueh`G@*p&OE}{ zl#=?zlSh(ekq`Y*lSGlO{L+$B&P{Q7m52FfN_)*hUOv~;!LUKXM^E~KpKeTB-hsKo zv$HkX4sUb;Fj*z4_jF(T)An3>5P$OvIdr_+@cG)$h?HQLgRso}Yao>u^^yxSz`Vpd zhIq&)`c{@Z3njwEBZJ~)5c=f)hLjs=jo^dXmR zI9be3i&W0WC@-d_+33UKqUMN)jTQS~oT7Na2v~nKZ@L@2jJMrKEfB9N`kwj(PslK) zJY-nkXu9MZUv_=N6~rGk&3%oi`IgRh6RZH43)RVn!8dO1m8O8v-o-J7YNHp%(YJUR zyY{&8^k7xd11I4{IdBlG78CTfHxNer;b&9AmX>~mc9L~z_p)HL)JcEE*Qo^Ick0P< z4FrgvsJtIjaRk4DFa=NJ^gY+o%vP(`uJ5a32MKZorxjVZv5Tk;HbypVY2m$8JuGArKz_eAZcEF0(BrL3N1e-@z7(CCA84nN zM3s2E?xpK0D%?W6OEDEJelja=DJ$%@;oVc1dzsqhRY93Kc`=gHtdGL1s00_ltFp@O+!fH`Cxt06XTIT=x&&S~lHcMWd};?j)PC=y<@zTcEVXygemI=vN~4+(!} zR9DA+MuDFdy^XQ#fJ7(%cJWzmN>z*1-PhIzi)8xuqjkw&d+f%Rar2@rY{6G=%I%4c z2??IcmT1K%CI+7k`8OrJ-o2`zv+0kb+Luyr=iOV;4X!2H`@KeM?#)7`EUafV=)pyR zzjkmddhT;vCnqQ8Co05ZoZRcubVxlmM69pi7LG`3`dzSu-74%RtiueWujvkV$9mzWESqSe9$~aQ(Tg<^UPva zAM5bypBd8YJz?Y`h&6HV*WV+p_})IaKE39W<18)R+AfYSD6y$=r$htL9=lFa^u z@Zi?1jBjf+GyqFcXVWXiW^^o#7n}`xadtEti7y=2@b>w7HT=79q6lv&(_MRrkAC{a8?oIoU%uB{ z>ZvKiMLbeDOBK=FG!ToN-yR+vvjF86l}?-K9gXA8OL>4?nkw#Z^(X>zY#*^rEzQHj zb5-Q1AXyudn7araR=()DCa&j919v&y0HJF$I!fpo^&_gzw-e?kVTKFrMon;1^ znCwrl8BO&12i1*?W}p=y!1b1l~7cJCKg>@w*n;QJ_s_YlK0Sg5v zR2D5)j2Z3e2e;D9 zJg(b#5~xzatU}R6i(g{mI8%OgvXI-x^mjl9p=QA`s4>m3v!$gwftsyR&0fYE)&b zcF~5`!gludVXwcJ3JM8b;T4_3a45}2PPBq{fzUhbn&fR_=-&Y}1Y?f`%?zqug{{QC zXNx0f9}}EriQ5^?R7DJtrmU7kKE!xmbjQU31$#y;qGxNdD3ZQ&C?G=6iVlxDogdD&t z@9^K80K79M67=*?PoUD2uUplhp-5?Tl$DX71x5<^e|}A_#a3H1XUhvMEr4~87gecN zEI}ypU7340B_EkzBeO{D%AWnOv?{cm3$xi5AEs0)f_A;W?uRR79MnD=?-hkLwX|9& zMhd|H0uGC*HF;7LPU6uC@7_%=LOp}|z{&BU zl%ymho|LVEl3MD3vP-^fg2FMtbh<8xPe0p-#PdeSW(!vJpW-=Ly9(uo7 ze)c|D5ecp>FY06xxG0ZJBs4X`E4bUHNl|v=*VYG*#|Wzr8N#)gP*PJDBTJINZ|>~u z92%-<(guY0#z`^@ue(iOd+L*459JiT&;8(T>2#d(XO4#W%l3;Vo&EfdWY6b`Ho8LxnzWeZ9=|kG|?J8i~C*eO0~l=m){6=vvA6$w0UDSOV$q zH!i;dtbGMJZJu{V&iwo>oZrY_Nf}$a)$1KZSh`$8@LttbSi4l>Gcp7wrA}N|%uZ2k zJR_8oZrpp_TU*Nnu{F>F9JbJ$6I_cn)Sf(iCSXLo>`8XO#KmcqHuIf@i-**}zh(X|q`<#%Ta_<5jb zTCrl%#NPm)m*xcg;lm2sw4GsKP~f=G*VO!8Yi1S}9@bQQ@RWvSUgTuc!*A3b2*a4x z37GqjIwvOw(U=g8n0fRqG{#E268ELH&|S?64YCWY&xNq#4as*w9qvD2;j{tWH$JfH zG*N@XYG?!juSJDT=jWFrEjvwlqMCu$w?i3^fyf`$?%v^(G|35_50MVdRlz0$7xd1U zRdILBk&per+1A;~{f0h-MHs#O^m6TfB-4_JQ1c3+6Y0THKBBH?8%X1J$aQV=M#7w1AMGN+D4TjlaCI2NLRs`mGF90`-3IP7$v zS*cRb1t6lgSsL>x3O>5Ch6SzeG8uDVZXr36hgpZr5w+f!ewR?3myZ z-bO^*XBD_v0?qr9Lcr9SXZ;_s$SL;Y>?NS>Xv$R}Qfzg_Oh50p| zIf-FKY_rq5ukr$H?H=?u32m^(cOkT@=fi_G(5^>X#~*D;mF zrHM^BPf~&lM^SE5t|#ILhuiAl(OhG@CU8xPzl@Pe%7KUh1%6nG3c}^#B((cl{&RjS z%h0kE5^>0{VY0_ckENcAZeY&LM^vyrq>+G>h?0oso?W_MEh2R0&8}zJYIzN2G%5m8_LCov^)nCA; z3>_EDI_v||vI`Pjr21n42@$kYQ=;(3vPM^q0km6HE&-UP3V88))%!9J1tUXIVY4wZ zw6dTVIi4A4h`Iq*i)k{R-2jA5nQIcM*9?h&!zzge(s#QT+A`rvB4*AslrR!9eueXgOG;IQ)7SH|cUgu$7LUo9ebbTc ze-$Q{r9Ql1@4|pn19D~`k~EWv8P}ZObTg^dRP~6h{U}i|1f(+$bzO+q3b=# ze$o?p?NX9DDpg)mG(#sF{ytxcK}vVg-KdiHnW5;)Fm>657?Y@;fT)C)*eDiO@!BAn zaU*qOXhlqJ4n?9OvPb$FYbIV?U5r7+fe|oEE)K}2BVdD+kRX|&rQcK2lmO(Q{iYpc zWG&K_yQS6TVTc6$61XsYbQq{-u~}=F@tl!w1I6wZAG?KQfzQjM@O9V#h}89;KZEya zRSj30ZcIycu@0c*bt#*fmp=S{pEEM&SWSoR5~NI@$YN_%-Ff{{m2!|n)PImLz=qZ# zbhU3edPX|OZk_=v!QqN(L>-C@mXC&V_9DY~ZZ75^JW-X4)Ue{1B_ID62MYcR;FB;e zoGnTeno$KBylK}B*faJxB36#zgU)B6P0aUhRge(BkvnW|@ND82VRNWJ{<1l#?DuCB z2I~Cy0M}Sexmp}3JKgWJg(+Kr$P-m>=F_rGB+W$7k3LkpL8l! zg7JTUo4Kx(;Bexs!B4fYJ|Pj$(t z5*1A=~km8ew^not56J9Y%pvODaVC^Tvjz*~Yy zrs?=;S?xJl0-|7}lQAO?9>W$;$y1<67B=O2)A=+2#UI@t+a`$Y?Ae3IXP@IY>%`~+ zRM>6qR(^Jb15$LL01FKRtfEBXa@Wdx_$e9c@R>9|(sIzvUyI4(+MLyjJ9>rpO~~zQ zZv14^3!TBjvcf%{Dl$m9uVBESexRE=fG31p02-=Af_J-&jbW%P_VHtGCBb|9Kd2<$ zPlB1ow1O#wl_h;%y@Yf%Or0@&aepo`G8E!`=su`eh2Jmv)Gb%&=eKX)nwn-I@l-Ef zEb0_4I#VAwgSG&qoc0mJP0Ucg^gnXKhkAO#P@4|@`x1m)TKuYWH8vTUm)hpxCo2m6@qC3D3Z;jmmw=$_9Zkq$Na%q%SOhbp}% zti@dwH$d|XnV#9~{^9uP2`G(BeA65`v8>aKvY2b#9<`1U`Dy~P0S;gmg-_JWlLQ}T zImycuy7i^vw?I3Y{OS#vm1tgQsJy(alko&v!%R<4)3a&h>p>_s4^7a=%5Cb~+bu!= z!GFCuN&@7T*RNfpRx&h|4{Mlx6(1mbJ385| zyNZGF&IVF_4ha{bgP2E?F4pV&7Bj{l_H2sSE=g*HtA%udKj5YZllA;$>M-%u2hO?3 z@bK^DN06MPl*|b}`}G+PGV7m}Y8g*-D(&xc{u~=S0U1oo9%N3S3QAG&3e=qbZvtom zFhFM2G0^@;O8QMk36Tt9pU-oZ+BGW5RQqkaY0voV~(HupP*ctO? zJL0vcyvv~5gQ@ZR!dj2h6SER6eYe~dqQ1Vqm<8op^ZdnKk(H8vnZTI1&+v&vVicap2 z;M`3;o_;8`3x4MT%{8*WgZUA!4k?~xeU~spSY#xx!Dr8U->U=9JiEJTZRo7b-SbA)@nL3&8M$jC^)B3u*rzdqZ{VfLflMiq!v;{H7#C|0Y?c^&@pk4$-1PGH?b}J0 z;awEsp4opBGEQ^#oP43}10{IKV3y=(vn0EF*L>#^TvjPh_k07T#Ki^S4iTUy`t^!B zjEM$ia+1W|wi`ydVTA!1t$~ET5a7W-?&I`+4kTYDtRCGs6cobt^FJuJx6mUaBIwLg zw{D!}MsIDvCxJB%kBmHD9(<7f8?yiYEYSmkAxKw2Xk{1xx~R87L27gn;o(4qeiH(q zEGFPbpv73cz;ogKX*{U%rBHV^*JVvqewwbJ~ zteeo+zOf(BF0Kgp!FIuo`_N=XcZGY&;DN0YaiWj zz~d)T-DdgXkkDe~O@!Kz>aB^ZbTki%LQjzJueO}1Q355wJDkb0e)g9 z;>0svv3FjdMMQk)Nur;>Ts!mgo~4SKR$uPtZ-aNbHTyBt1_gy4=UKr8*dE;&Nh@|4 zzxyGbLcfQmOK|Fwjms+^DbMiDJ`&bR} z5Xd9Oz;3XM9J|BJV}2@Pa7Vjm{3f`80`DRh(!E^$jP&V!ra#Y9vc~4G^mQc72{Uh5 zy(Ja)OM#6%cAfYOvdJ^8m4yx87*nGOSQsv9V3ojX1lb_NLOdTL)@D6IV}lot&tD~wv|QpxSSkh3Y_gyw|6p-XT4JwThSZr3oS-5VT6>m3&1T= zAZCs;KjvaMxxQL=6xo$@%4raN&fT?^nv4IY-ORs_eA+1inRT! z_vi{dDdeZMhA&~?xcD_3&r7!~yXbD_c?)3IZCTtxSzR9_pE~9&xr2u8`UnmXAoLa<0Az%ij3>g znmWuD)!|`yrqcnX1bNiS&$9?s>FQf~ea0&NgVO^%48#WKz6Qba%x4n>B>{vAKE!T@ z<0FR+HQ25T8kZo*Gzl{FZDWsc+F-$&3oZg9fW0T(Lg{9DNHx_ z+5C8Z^3ihGwjrh;0ITxsm+fwwp(QyRrVs|Ve1+qS$r{_0)H07Qx0cpc|LX|*Jpe-x zzZ#9eZti*^Ek4LJZ7F$mnXS7RzLICn-uu8#q{pfK;V__ODIT(wXXy3TKNijAf);=++*IMf&q6v2{_A%A)7SRS{>3OsF>pFa zYq9_AW&xygHQYQ$qd!Lp(`lt1P+I6ln5Khgcm%A9th{{t_wOInU-EPU^pqRqqAaK` zc{Q5AVxr)5D9hg}08+;MMq0IL!V`hKz|tg-#M6b}kAKPbpq?%jd9t{tUPtP~PZFhN z5mm7{oXzulN=IxeHhhvob#s_^+%;uC*Z~?0l#mqnof6{HrUS$g@{8ZPY{n$~=PSs* zjXz>W_yY=I-ln6jOmeuG7*tFpuZ8Aba?_;$=<}T3)uW-c=h&`phgGM?D+lub{@9au zq~Yb(pO?B)M3k;1>OHMcA3?|pMqtnA0D@5S!VdUhV9kKFCg0tvAS2R^&^CA>cHfIB zvM%_jK9M9!{bc-tYccyTv@+3vi7I!#+fA)=%EOx77@lSrN>uL%etE$jmwy(YQ5gH% zt>H#!M6XBMtKhgtNjg1qB0A`oEQ7&6!hB)#b>go0+eA4)5(ObB@ZU}OV#-N2-HRjS z*`2k4t}~rq>WGMWccy^8HczxcLCR(j^^(@|TPX; zG0*N;yjryrdyUDxI`X>{T&zU>^3YP01 zP9D#3D)X?KE6V!H`8y<8r8d9EU~?Z`27-a6l{-xd^I+dEDGwAKCQtmPL8QR;m1Y=^ zyICGz+BWq;zlEF@_pfmb03HD64sx)+TIBeyKf-u!{U!>+_QbnU<{6qdFy9-qUM;if z!1m{^)j3rBFnfn)-a+x`((pxays(Xe0T3S zyV3M0B1%zZTuVhtOX#<0A7C>jb&Sr<#Xz9guUR_m^dP}r^F#?P{;|W*-XQ=1uUUw; z*kdi!7Q{|sGm7pt+->3hM(l-m5_l@gB!A)dtK&`uHAwGkUKH*4B+1K@oAya(s7b7V z1_Lk#goFlg9@nX}T^U+z@D{eP(ML@6N+I@>4$~D|mR`GPd_(03hMD2F`8;c`%W0P8 zwJ_omU`cEk3_M1OuHJtIiW$-+;lxXyl449to=DN0Xiq3iu;9YkItO4CfMLs^xP@I0 z&zHoHR|BMx23|Cft6E3ESrvmLP3Q1=Bah>34e}}Sd#O+_0CMhi*ntTIV3t_8V5Nq0 zbo-g!q~xjRRT8f9`>{Q3?|AXt#7w4Oys+hP06?9s{ME!b;0QP;kO9yU&TVt1DL%Lc zzmyvZo}0#8_6zVl;Qs+oitWAm=%8EXq~%4*skRvI4cMxX$yAr)J7R%XLD;TIEd4Ey z)Jdn`+T_KpCC$yvAo^JwE|EQXUAsM=ts&gx@tJG)6!!O<(*Trc<8MgtxTe_oaSSjJ zGmmiUyG^4w=zrJB%p~l+$U#d9+$;k1Fc5{ejC-8WJbJ$SX|ept-qk4Vf%iRN-#(fG z@tUP2UphH0jWN3wn24>rJ(%dJY1eTjQU~t*9T+A=Nj&}EDdT5i{$Qg=scU7o>pT(* zUNVG`hSR&${!s!1jQ`%GGVR04P-6|q z4ZLxe(Y(I^fzt+;q=_a(;f;6N-jGZ?!W!o=&6{Va6~(Kw2q%&QJO=&-M>>3!x#lN z4QOj|m~TVSdh>9(FB?isG;Ea#o(@={$T`AmL6^kb`MYb%{O>2|RY!X~1viWYJJkEW zikf=psiiZ~0pM4{ z-LPz~rObF1aAj~KTcwxI4^S4#*Vak?`YHM$Q3O^~h_I3klOzDxgM(@-&C@`VX&^Sx zPcI;Rv1h7}@r=Sm9&9UMikTkhbFZg&v!QTN0}JD)I(I9M3ZF$9s2M;PI1I$##SzE( z4>^z-6)!*WSVTLf7JU-_6LQk)D;Y11RYcug#l0Sr8QZ)i%uENI^&LSB8ThHTVFm%( z((5IVxrMmn{t`n7i~#LT9-+ptdS94i_}rQq{qNsb|MDwN99?uad>0{g#WqF%f(a39 zf_lriPUaCAdbtod=pSd;%V3|sYmg!+%zB9dM=k00C?}vzhrJR$N4TMOx27DwKm;^Q zpaZ-6s4y<7imuz8gW$s7?|m)L9Nc8!xa(Td5{5@2Bs4)@MJGZH(3flShOcFQ~Gaa)7@JCYkOx zuKcV_foBgng+43Mtg)6lAnVKQuad7LAV-MQ0jmEqMI_RIn!u3_>(A3aqWtDt3wV!> zV{c?&ue5Z_e1A_JpAI+Y6Oe11g&U&Xckj{j=ct40E-`pAa%l3{9&(P+pV$|7LV!QX zJMQ4M>mMk!nP3HjLqsQBOn~M>{HljBIIb>Ypr`W&|GuE?1v3?0O^0SD1wi&cnAFh! zEc?NIb}~VfMHFBwYZF_CcGqkaI3(AfN~l9jli%72aH;Y0VtN92zXh%Ta`|gN{3b5( zltjP4uYZj2B8k(!jtHLOC@e_pjFUyF@4iAgf6Xmwqj3<7aYQK|XXs!{5mqKWgWPcE zlHG3)POn(+vtyge^ut@N2}qR@u6V?OCWF8t6;l@n(o$bdf$QnUIB!bDfu4MoC#$B3 z_TkLcg9Rr7AWd#6G9;K!ggXO?Y4`+bvz5WD-{l@Oomhlgh4#+5XFGbe^nC&R2%z6l zmKS7tH9+VTey4yliUrPYnw492ORll0;4F?BY^eWQSI{DUJqjmU%<4$VOe?e z`X_Gt#vJFVCg|m0TVM9MYqY)shqGm6#+Q$OG3X6i>K^4JIFS*F z2&T>ms2^cl-LEyji~Q#o&1+%mfpU$O$`}A7;$HSddggnmY=nlU;~-;FK54o0frlK8 ze_GI252wuwwh>_GH?hyR^sF|3`d26@p3onDVPe^a8;R{9-(28(D;A?&}V@8;A-EA*;$^a9c1zRkJ_kfoVP)lj{CjBb$`QU zttLYb-;0>jSZ>D+E^OWh$g@Ak>5m|(4GLr};UdNUoc50&KLWIR!4#Ti0)nWKewFMF zI}Z=k9*sa>i>=?kqxkI7Vf^pv ztbD$vr>;&n1w29{a`DqU|KCvat^a>e^XDwmqjbpqLmclN1S34W&;tGti))Oi!4~4}r`Eib{}7gc{4D22A|UkZlv5Q6ajXPD z{Va)DE}r~PblGE4i~4F>T3X8sE31#SF0Ty5R{9oC{Bt|0so5FBTi~i@r>r&RkkEF# z8(D4ynaGy?)nOMcptSj5dr3`A4epuDysaJ7MEV{-Xyce?U+km5fUn63YqNHNTH27) zM%w1o#q+(#dP0M`>pBn#X%3BrF2(P=4F5-DxngA)+Q@s5-4_>A{lB8jQP5iDKQME| zy90t~4x=}NZ{_d<=KqD6z5b6dGj~#ZOk^@Iv=f+_nJMgmN^7(9B@5Sh9qhojq*IR$ zW_v6!wmeDAMjaP*v{NkZ0yGEYAtmph^J|#rZF491=sm@H#MzRYa`;l*x;f-VNqz^$ z)vJ`?3xb`UU%~Fg<5sS`Gg9#AWi9nK5F(&_g6`VTt9lA?{U(T0_;V!P0+xXVfkwN9 zjbC0~0vd}E55#nE6Z2HUZYXZMnx!PqT1UJ9qB0*^X~Uui2P?iD$#trLLRHi0lwjdu z;HxzKjVn8v2JUZ#mbRaU>mKJYn-h;a-j596-x>@%zQ&^Hcih5*9V`=;?AVq_F4`u{Y{@e-!kS>N}3pH`kefq3VL0sNpi;Ot?6pL%okE>t{lwp0g>){9@#F zYF#UU$AWF%%fR9woSyYMb3RUga}}W#yp{0c>%c&nq>6*P4z^ObcnASN!6*IBxIy+4oO`^{Np6Wuc165cQ&Rvi{lnIL&NpS zMo>XENw4gPOGpT9wsB4xv|z2(>?S}5K7~*FU4GxV`f#qtZ!)b(ii_K?jR`R`=Q^H` zq_WTqpa^#&FGR{uWjaCyA{~&=JDr%)yi0s`ms$Gc+ME6kNa=3`2ZKU}Jy*0zQ1Sj; zQ7{(bpUt=SA5%-Ci8iHg8o9UkLrqrRkaN7EQ+MFJMJJTH*B$R@6Mt`ObA_TUZe5gq zt7mSMJ*jr?nsBe+Qo@T#f2bLXzumP@97GGJpg-21eH3ttM9{k>(ofg3zX4J8<&T?- z7J0WjRl4_=Qx1gTXJyP{{cCx8=Vk9n+FR9hs1sW$K72R`6h?M-b~;=O-}Ly`Vcy!4 z82b)3bG)aAiKqLNZtyFbfz#y~inEml%Gdq`Bc&@;Gx1>yTL;7T1jV3`5PM7lF%X8m z;k(FTeYO1lMVGkHj;EA;PPJ)Gvhhq=mUK;m%J-v1goJd7BaOL!F^6>Q_~Bra-FY@v z?F9O$m_t7-@!YXs(}RVh!qVks3ju*Dgp&5DoV~jwO+|qb8+qJ$@K#C=5>x+E$aeAG zq|*q{@{Bg^i+Q_3ar$LEIuPZi!KKdkUSnOxKKU+^s*(G!3z|4Uqv-xjw(HJ2%ljPy zYxwv_hxp^rb7?R@{7xzVr@QIz#!;-65VNRtMLyzw~-gc9F-?1NF z0z9tY-tmgHN6t^x_{1)0L{)^Z+*AhE`Gm4iNmTSY>ZBV@5`;xZGmsQPD}~lbw#dlH z)6K-wI8Y?cA`)d7-!3$R4y%i)>MRKm$=cV0@_zu!ROVWsoBq?bC`i#A@uex>Q8k6t zNg|fKD0oXq@qQx8f{uR&#l)g(YIm?!P1^Ti;k{p|?ZmPC+D7F<-sR4xC&$20U6IPI z4L0rOt20KBr=5bEZJ@{X=@Agsi~#LKyGxxRzD}jDBO{WhkMX^z z|BQa8&|-+gZ7o|hdkz|>d^>!e2*tySPbJ);Ef=i9qRtVxB`s)<C@em6XE!6hkl(057vRTcUSP{@k{ z0S&M?00)FCaoxJI-eutXcevKvWjy6vid{4daTnZkuDxOe1?hEW&X+!_ zc-cFKGB<7XY3P6VlRMh)^l*n>5XAa*aGPph@WG*d|A6LZvP3{wLO{4Y82OLSUZ~Iv z1FEDD*AM*FR}(Tnr1EO1=mgc+k{S+W^z_YxHz<9WpGNcH!pfniiG9MHL)juzT@0K1 zzPRVUnF$fDg1YAUZYcq#89Z-gwG>}G2m+js)l42nI@QUN?YAUO!w!2N!kndfoNOir zS-I|8yD2LL=QrL;aKcTIQv`$PFZ& z`r@#{Vj{L($=3W?GYL3R;Vl(JP?NQf4~~Bw)W^r5jvvN!UvDH_tKNL;c&o!9xhP;7 zu8~2AN}J)(%TUhJb6uApj%46CmO3sgBZOC_en`e_(3=y@2>pxX?vl9d}m{ZVj_>E zDuw&r1c~_|^a=viK~8qI)oA$#&3i99QD!o+L2lVjfe8%ZM(cgD^HfZmQn}M-`UD$cLKmhB+2zFqYG{rhefuUf`aXb(>= zsfAr96%b~v-boMYpj+eKSsarBW(TSnl z#HM?2jWmqjw4W*nWYDy+?0Q~+05{JlLL$86`;vtW^i^jeza>)&sHjZJJ^?^**~cHU zK#+_Y$oa6SoxuKr3xfpg=h>m<{!E1^cvJ{Gb8kO=@uIxV07}KmtWQH&7cE}avc6MM zQ89{d@o|K^JviJa8!p#lq=IqD*IAxxgm33*)i{^DlHi z);zb<Xt<+l%)TK2+0`6~2oD+24-?~CXnOz7Bp%@WDHkh@EJyFr%e^Ta^#-*J zfZ65TIYW2Ara{hPIo)<%yvBtCT--$c-wp2%V1P`#JegdN0)Wfca4S__1ekD!`FE;)gsmVeBOzZ^~=U8<-%K!E!L(da51tHgy{ zTU!g&Ch+wrZgX{0)2!P8h_Fdh0GI#AQ3zd?3*M#ks8Id$_VgCiQ)cDKCql@S`U`}_ zwD@#)K_dw7(SVE(d^f0}aL)f;OC>|Fj{R%D&(eVQgLZNtx4X@S$}UEuK+#BKu=i`I z$=c`pC-Y2K04zjV5zn{ZC~qSVu*KxH4T8BpYTX|=789TAZk^Afd<-bWn)oa2K3fHW z5D<#oB6^;)$UXFgxAB60*2ZO-LAd zmrS%CqFhA9**ON&j}Kxrz@6d{@s}1iXfZ)*pjzAF-N2RHbwozQ^RoFR58(8m7yUac zS}N0^5rCu!*SFLw(*ghj*9@JW!8Y;1N<>lJr5_;^r1a6!e>amncACZ~zzFYl8HZS_ z#PR&`>s=;1kO$HQi^hWH@#y*GKZj}mbS85xRC<2xTeQ3e@EL$u0J?w}3FnG?Zqhzz z8~rFag6<%RC?WVVb1iUUf;?^vHYPc+fH%uK0^miU{LqAp0oV-cxCZ1wrhldoG=_kG zzzgEODQyogc(I=h8P;5t6+eI>PS|w4bkpm&aj((-_($&RsU#7FQNph6ui)4LZ4pc= zpznA=>7dgqQ94JxM@7`yPrp z|IUea0u<~)F3%dkaSw2_LY~#jP`C({qynI5m6tE9+Jz#*zxlmoE8Y})KuRH>N`gLp zc(h5u@_q>w)m7t)~0q;Cq z@jAx=tc-H{1c?EvyA> z$cPyN92|Ufk^qn=!?yiri~$dlYbzn11g+x-&tXKNB)~mG_omr|ZYGKTpa(o$MgjNl zwj!8MbAnes~0cuZg&{z9yTa zKov>o2ke8+7f z3Z+-6?^ITCq1+kr=SgW}6ET|<;dkSiAR7rNDhywpeePh7ZpJIO?B{k7zrnZS^55mE zV33wm8Iu2{nfd#dv{53L-98+j%6)zF!iQjmF1eDiv1s>2y(#wLnm_%0t7d^mLVDQy zjm=3rY-G;cY|D&EH-5U1K1DlEc4A{;y+PaKkIF?rEu!4b(22_^*RDioym#@n;Lc&e zDjPhnF*ue*MCI^gJQYM6guSaiKkJCTr}&DIg5ovf(|Hid!=(HH2!gIGLN0#TRB0~O z?`xQ>0;Qnx($sNmwIjt*^G;MO8Wdk(uinvd&kDO?`*~@ZH0erbAj)|RV)a%bI&p$j znk>m5SkX!Vt-&_{lLA)xOgqxxQ&PfITZ{KKz1W<+;BuT}*1K0|3Bx{eAe~z>A3bm{ z!5B;CB zK@ODDTi|XRklm|2P!%7Uz4nvAyArK`agFr1vr-jd*yfEJ!2+)xkLw#P4`ZwX=(x#_ zjuWRugSfZ4u7Su3ztAgJgrL}qyrXSUtHic$UroA}Yj_b@0IMLU= zyldUS60;Zb$+%?S^QPX6@FL}^PX=}BL3K2Rrp?qdmE1(H56CZKy0U;s0{HD()uXlaYju%W7@2W3hkL5 zv@zUiflhG%G;C~aM6|a+@duo`dk%jMMhm1gjF)sL4Xj3&VwTs(rG~3UYY(orCAsE z>p<9t4fW-Yo0u569v0cQo}uA%SBjK&i#LQ6Ag14s{`pn3#`Qq1S$tfoHc3B_j!nw8dbaS9ifsIwT zTjsj-VbRvwxXTys=(IF{`8?6W-hxM+eF-O3<3i>g3Thk2Vtj91H)rF>1sugCCFyS7 z%<5Z&Rh*UU1i1v%+yDDEjDPzEw7mh8||EQBJf}3=9Hfb8lJ6x^m?d=6%+*la5;nUyL{W1cC!fN=E3!;y3 zxr+I++BBIqfQ84(ar4)pkdqC1Y5sr~bG2@XI+a`X0?*%-biSwWCGcd@s9hQ=GLK*C zs@{$r7o@S?UbU=o+RTVqfOgSq1D&&7QX{S7`E`0pmYB%Mt(UHrMoK_JH95QU?da%E zy?Kw*8%h25X08!yb>sQRnpnj$b9BX|?-Oe0{BKnTXdcfwMr!+3ITSI|`@K)AJ>Ica zP^d5A6|x!)5O6%oH};w9@KK1nQz;t>IHHKK`%yEcyI&qB)d4~1qp2pe(o)6dOP`8d zWQ4LvT=03uf2J4vfH>;GndV*rnb$tuX9V`0)us0`o)t) zjbp=PW1sF{FE7=xvdA+t3r7iEn)f9N~Bs&irCo18sYAbWGJ#dq3)rs&r-`- z)y3THqx(cPV_Ock0DfjxPT8vKoXoSl3*jhhCmSucahfR9IvRO9aw z3A=_EYlEF~S?g92^pu!CtvAnExz*&#wa+|x18(1Tc%En|mtzLNVc_2Dni?qmWN2vx ztG7GaQ)pKfc!*U|63aXe7H;9;l`-{51PzzCh+mulKqq3brF>!)2Op3)MxXLo zUDTz8-mE8LVmd2ynwrOx2iqPddM)L0T^2dni~9Umq{fHM4*e&B(|>%ZPdPpqdf`-~ zt!&#HrA|B)b>p5pF~N>cpiVi?`r)`peodGw^wc{z{ccZeD1Q59J4WB48+F9bDs6`L z9;<>{&v|X}m^`=b6jvO?O1?~eO)LE?Bd0juM*30{`*x0dOSzAPZ(Q8GvxD!m!yS=e^26DRx#bAvebLR2 zUfX~}4oRcEhpD`)Tk=`cym=G z?&!;PzpDv{XZ*XMh7G_P)!tf*Vm!!-w6s>uIC*r7j?pA zo_V>sV{o4*lu4gac(-rg20cw_LBV`aMkk;-;r@VDz}=mI)~*f}WdxcyKjSEL0^R}8 zv*n*vWoc&U281Fb&0cjDDgqO#y$ta z2Id-6E1aajn5-wJ8Pyop{a=r@5jn0lW8ZUoO0<>ey`IF9h1!9oj&Ih zHohLs^(7r`OKtWaw5S+h`->KVgVKq@HQ1Cp?~TlNzdYNuYO(e>%*BccnBlTMUVa)6 z7wzQ+o=#C}2R@*33+OG!QD_SC4;*6r0n&A&UsQh&*gb?`CP=1tKjQuS9)SLg8ag}I z!Zq}=gzD4fW8>oEm+Y|!2?^V|xBidJXJ6gzfUU(oCTPV#_G@FN6~QEMJh%W=H@Am& ziTP}&q2I1n{w#D8ZR_f~&BP>II&=_gz`%kmm2dK~JJ}okUZ|vv#K%Vw z({tah6H{!hvLy*L1tqlf`fVl%nW=n zaYrkhor3=lWp5po<<_;2(kK`RNJvVENGjbAiZs$7A*eJ+NJ@)}h@?nKBi%?h2ugQ% zNq2Xg`QYB~`+dLP8E1_1-yTEu{oMCjbImp9bzO5#b6>PYEwQM1@bA6>=jAT;P!Ciu zR{!cIve5GPd!N96vxc{jRRZU1DqsD-n?vxv-MfN)jhsaA%?6Z6E!p}4XKj)^GBOe? z;P8aB8d^Zc3cK2>o!2vO^(xE5)PcR@_38ngA^=ul9;IS^Pj@#kj_Nsc0I8X@7xxyo z0krd<%AXEp6%~DeVdFOIGZiMVU)kXh5^V1tY|>_Bx^=5M&<6?Tvy{qikj@%HVEL<@_7wHwjVFI(_#7DAoZ>aun~Ub^UeEZc>R)T~tkts>@b z*>kYpUjzV(rQ{r&L@V27%cZa^m<3JEZ}bi!7x0myVlB+6y)&%AhAAyIbo+Klp|?|( z#`Z-0U8sTy9k9-18&h}egm8FpG&nK3UD6JCouevdZh7? zdlkSL5A$G?S^Z^<(<}-G4jX9$7BbKLG@zmO@4h}LTgmPYYHXA=_zq1WzMFq8ZEA7i zl6T%bD$X zDTX1Qq@*jzFm(GAdlQ25OWjrFqPlm-tHNlN%+~+B$bXzO3M8z{K5COjj1~5^9y0O zH4uUWI?i&jdIv{G{-hjtgoG-;f1mD6Q?{(w6pyZE{!1k{zWrZRvX;UB4=Ncxs&^k% zks1sA{fdalu|~?LPh2eH_#)NxFJA@-8NRTzEO*+~HMPy~Lo-qSUS&GzjS1lP5wwsW z%ug|KRu%(^c~FsE!aAOSeq-RUx)B8H&@X#OLP)37Pt{}lwNXCkuRSykg?Df;Lc9$O3}A}!>yG2bPjeCXX(JtgmX#NV zK9cqI&CSgX4Jki?+8>44V4PcB5>yaj6laQYJTv;^rx9Ou{S(@K_JaGE=}`0lP)h@& zaYkRTwYFKV49U|C;_8FP@5^Pf*87)F2n}~#9)l9zlncb%6aWeGhTp!6hyLE13D1iI z;c+V&(Ps6zUJ~;`@jTOa#9f7qf16#sg&$xKk3(Br&c=%4%SbyCPI)qM^6_S>j#ip0 z)lW*slJPcIHO@K5pu% z>P3Gn_;vL6m+u9FtP_NX)#{zoI4U{wy^E36PcYNh)pm%cH7&U&O+5G`e?ZS{4dlGp z;9Zh51PgqK>vr!`RlhK-mq|ioAmfimbbfB~mJF2To6nb)7Q({%cfZG5DwrRD(|@-Mn3Zm;5h-;|vH zk%M}Dy2o)52G>8HNWax7sTc7=7Pa%=$CAF`eChYpq~jynH&%WsTXg=ZE@#6G1OU0# zZ(0ss8t7+EwdDbSJO3hpNzI4;mL66zd+qjB?%5fXv+X z>wS61MGctBsc&Q>gs$$82qVk1ybP788F9t*)Uq_~pw1AW0wik&qkDTRGIAs&<;0tE znqc_x8T5-^(ss17+w~>ofE&jjw))DIxnu-j0-+v{ZiXkLEjmAW_6MpNvodumhr7G; z+G*F(g;^A~m72+bo`hiyppnYdF3tPDU!}yo_YD97tM2wo=-FZ`2GHK!$xp>SATVMR zmcedySap6H+4%)HpDQQYrsslvYpsgMXOG+5wP)1p+uPS9PF;1EmgVxQTwnH|d9*Y( z;)w)v*{+Q`o*Zn#7(gyJErT{DwM=8I*AG2NNMvBv)U$F9iTj~BRY%g|`qLfm zXEsR_AwY#erkPs3F5_A$#T_T#dW!&gm6MS3y;2vb339+98K#okGqnA{xp-M!h>lo{D@ z3)$1Cp6AiLxeGMBQDybmg+8iTmg6q#K|wGs+sn)A{J$?E`+u>TUG;reC#!h;2r`!f;uC1{ zKJGYAK`Zb=rE}<;-s{(|*T*XjW=iK{l+#q$st&&Uwh(?hOE~j+xx0I3=&kU5vsP%N zD`?t#7npT}Ht@wgnHt+9hO`5t(>VHZ71^8p?}?}F?d4%$yq0rwUk3KL+wo1aU!z?ZA$&CmXOI!ob444_gvk-WD?grQDE{F`iOzQuZ)P#;gFD!Xn>L) z_=|D*(vz!KuTsFoj3**p6}nPJXE6MCV~Kru^q(zPkEEL~BeV&QLk7&g*n# z)!cyB`j;-p=5=?Hy|C(v=t$?d%#~Qkn$Hg;unn9{O`q?tsX6Z-jaPi5)}i|YnfGg= z)T?4~-$Z=8?yJ@4Q zC~xno9!@|LFDQ4~eWqcA;u_5dE%!wZXTHKw3E6}xUJx>8KK)Uf3m3)3i8yWkE9I>Q*0a+}Jukp6|RRL8SYC4<5o9kB~}oYu4#U!_?*hgtuHA%f}T*pkC8ot$aK`XS=3y z^_X8X3@zkB+tuL}f*$DW&ncrW%8*ViXX_ zuigjzt(UE$5!sI2T=>!XP&rv{>Qcq|pNI|#{5E_XRSvWNvSLPim_9eAC^`_RG>$PVI0{ zT;1Ir7l}i2+nsu1U6<@}+1NKPH-5g?ov8Sxtz`W)M$rAN<>P?*#DO?*Uf0m#XhTF9 z->@3ScQPCryiW*rHFExv(7arLmSt+->~NR6WwCuL=mU+T~DnPN2K30cbbCRh!AvABqZ;galF z<E+qm#_wM z7&J9@IV!4->Uqin{o0=xp+=VR`Mwfa+0F7nWK@;R-?*E*93GK}BTOQSfp+7PpU*A+ zd8awPrRTmr>F7~BgSVJe;XDsC;x-*?9HFcY15~ zsk*w6^RWom?%hs#kt7q!B`th!`I|Q<`kk}(BuP8Pm|Zi{Y-q05c_X)XIm#}_YfG7-`Bvw2F&eNr7=y`|@I7IM+glzF_qtOoCw zm0jA|Epn#xsLe_V$-q7MfPox;&AGN9%diACG|? z6SME);E(rvhk;uP;{DE=CMGXII}|(x;D^y7E`<^`SM)XM#FBkt0d3;`J<>!uB*H~)|cUR%a319 zNL$&`vWrK+RX`Q_kt~Om2I<%AQBhI%1<@W~cVLz3m?FRzqsH^-EMeYfi5fLXO#dD< zspH@KbM(YTWT%T%Ce*~?*s#M*$LXu8Y6Be_+@9*BFkxBdj_ez8r|}18zr4pH%5epE z0zH!jbaMKRL#omDv#Z>jNN6DFprPWnDQLgnsjW8X1ewHuZAKceB|o`+)WR+4nL|Z z&x_r{`Y4_eF9>fT!8m{hgP){r#$+xwJ<*SpV|4sX{>Kkpo~X1BQ$o)DYHDswIT82k zHvMS>t2{G{ix(oJtD@7>BI_E7?pueNcE)Nw!kBKUy0Gf{GQxC=;aKf-gU;f^RTeQ<+;mjnB%m1I@qJ)%?p>Pqn|wJMB6l zj5_khb9U^+cjYvWo8L6?4eQNJL8}a{*%tR0XNwON3QqOiid9y(mA1*hwXeI2q$;QQ zZ`rJm@7719r&vm*XDElVy7n}u$9n#LFTJDGUIaaKhE9+A#@@+daT>i?)RK!P=yH_c zt?TQoqK%SWS}oS?(%$V|pdr;EF}ZzvSwE5ay+1qNrsv8{r4CedW`oP?yZ{Qo5lRS>4=GRXU5u#CR`Iq&nxPbpV4zFVcUEy zk6(*XAMjr{Kh>ppWVX0oKU83{=tWia#M7NGevP1`4A-Ng+T!YsPi)6n7e_`kbv8IJ z-?8^6$&gM}1948mwYfR9CcjCYKS9wGNiAk`H&PR4HZ0u**xA@3a0V#U?(r5JqaLFO z%)gBt+rC6c)y}u9>Z0R;oJ{W<^uXOYcpSH2H{Yg)5^iq< zwBosP`LdL>G;}hrKDO+B#WvwfKmPASm6X+PjJABS4CYYs9TT+R*N@3gHpI3q@S)(C z@AuPps^PS;NKwm5ZxOk+9ek3Ylty+^27Kt2${LaXkI{7*sywbH^jvp< zEwM|s40GqTO64T}WT_5;8{PKZfpb{%Dd_nMvTjG+#_~V#WPAgo?SlvbJP!oM!yf%o zODVg}@7L;iXG{Gov1u@+Eai_}zI^$TE~n+-cEUE{o;fqyKG_x#iEYO- z{$(s7{rDN>F&Az`*3#?R3XKSCx4}H)2UZCBV+8gS5th6 zWk-z(L@!ireE9GImH=eVOy|@SK$u#N6mRzwp1Ftr$e8#Q?KA4?5!+P7;#{&akCYv- zIajTmZ?TrlA9}^y9o$4<)KUZqSMIF920US%VD{q=d?zg<17;CYCkhw5udgqhlFQew zjgKX}=2xyU=^pW7Rg~K9v-Vj`iu~>OZ!MbBh6(;#s9NS>#y+7-!VEg%zakUBZugMLZU!%cIln|{LT1K<#x+4=knyxcQqK~ zk<0OW-f`D1UPa)`Y}MnlKm{-H=#h$f2v3&Y7R`cx1s`$Sm7z(XvM4X&T}?1epqSGV zOi+X4Qb(zjI!l<1W2_>l@z{#30q!@IrDa>kPorJhfG73FP!N5WD@@Q1zU^l zn1jo>X^#?=o>k;kx}>3NR#(K8T#8)uN+}DCQB%H(=W+4q)OCBgtesHShGYetIyjM~ zjA)vr-+%d%lsk6SMVD$2$&Qq^Im1Iz(LW)m(Wcs;;m8FF6AVc4d@eVM@4F`u>0p~2 znP{7R!;3HQGzwSa;v%kATM5V9iMkb1emgLdCay5;-aRR;68^;X#8;35I-+pARrGH=@Gvg&OS2Z@!Yh3tpRJ zXMH#a*IU~A7aD6?2f`W!Sm1T7mQCOy{L%z(aPg|w#_ppgtm7oHPqyBwCa@q&Ltm>}{x*M2 z-Yz6YS4V-o?=2sgrj^f=3-ie5n=NH|u|>1=903VL;%X+m{9Vkoi00a9*pNp@PntDy zrsw=>+A5f~?El&Nx!aW)u(YLQXpEky-B&|0B`K^NXdFV1i56F*twtm_uoisZRbCUL zF8I{lW4dSwaqL}B4;_;oD{*C74!FwEBh{#=n1@IeOJY@zH#5u&M%% zt95@yq9S%dVC{mw*p?IWs=c0-eG*w9=xxzV>RFMgHZ*&1ifL-sj-304h4B%7X*)R6@nE>{lPbn{_UOntv%Z3 zMIyvPTWa8eq}Q)rT){MWlA`7zC#3#1R`J)^SK#RW@fq+0<7u`bYf$mfUHmX2zSea4 z;^>kwO7b7UPbhr;7{bTCW!En4C5->3J#+Kx#@8Y%uCPATwuf8t%f1MJyv%xfU^Jc> zb+0tKi2;F%rZn=C3b9`E4{)uvbHlZdIWG1TYqGUB@;cqMWs?Py-wG&SR#0w_pHu5(|Kx^`(E`{6ZP}bn|x2EaDOXTGC{rj&0h6Ns9E#3BL z$7I$7^lZ=tGB9LmD1RRCDQ%!eOVW>G*qGL)r)ju?`6c6Tv9MiOO(ta4hudFQD&9H& zG6Ado1BbNt=M|~RChG~BDF!`n9(7MtmQ`t&h`lV{q!s}foqlrSGCKuZPC-FYeSUTf zU&se_TxDnYp)hlRf}9*=Mht+4=w$i^pRm8E{ZJ7L6AadX7wwnr0YVPOm+v1zdwx== zd+_k)l)ZBl8vmjuuvGWx+m({?a-K4kU94NI^0u}+>u&o3moGOH!2D!6Ha52CpW>4I zIM9hQ@wSvyjEO9U6BL>l*eitsVI#azgAQ{~yP>0Dh!=2S%{|EKIq07G`7@5U4rmvm zMBJ;U(wCgifUr-I{T6hdFZJ~fm!{6eRs9;@t(z!2l$!4KC)2y>pQUNcjk?gei+SF` z$?LV2&fCTT&p(=R$#$w1v+a?V)(FgTzFQZ@rc23d75Ctko?ZgqN*s(}jDx0!jCETh z4OH&h9Bt4R(%=A6bbt#v*uQ*i5}SCy=@M_a2G$i(O7;|XoIh+HI$j>_SD&+>1D72j zxb=y-x(d^6r%R&xVA==9uKpZk1%(7ACT2w5LPk&#G=T(=xlXlj-zDw+Tw@SnV%jV{ zGDZjuD!;98cCBl1pk$KxcUE1S#0y(%@MK#=lgqC?$`_sHO2GjQpKbwyW=1L9P!=5u zDmQu32_TMv`*Zr*P05J9m8&C}x~~9v?i~WxmN?P`$5fj&Kh}_`*~@?#1Fd6jz8b}6 zLpQY``=A-2sTuM0t1?jb$iDNWq_7_k=3bbZE+K15n3;n^Rzb}ZEu`E3#0Ebu(=g%h zdzK^5na7tLbs{2VoZoQZln9od4@-C3Kp^8=5N*fE>0yfEpix>zJ?a!u7UGvKVIQsgI-VhkX|1N(Y^sa;|V$PBy zrS4m9q@%ij+wP^pC~J#t%4|<`%@-KR2^1eL6VPd@sH?{cIwC8>RO@rJOS^ymoPw#l z!(p4uT1B!peQogVU=8EjGXBDW3;RIO2YKu%A;Ymy51M8ieXEhltX(46*I1INI=X34Qzo19~`f& z9!;79%?ogKFrhauH}`4rT3BQR%%rFSgE)1&gC6m<848ZP1+T_&Bng2!@CL0vxuU6`KZ6(?tHu$S+1PAb`$Z zXVze7Q^N(*Gp)SXVGC33VS37`Se@w*W~pSeQUf%WTv%vlYMO5HY5{yS z3~)gDb6g^3<2MeL7cS-57OnpW4LKIyC*1Qiy=rO_gR=9sB}J(#uXMUs3?K}GTWxe3 z#n=qA4EHBlmZLrI<^NKN*g_5bP=*#5l!t(gV>tyAtqHJ z&Izpg3W3KTh}^VnUu9o}8UP)JN>*>zG!C?FSSi%bJU(fwDyG|r+8QM?<)ep-OII8B zpH!j5Sz10ruYsAj>P@spG?|*J3ciUz1_Xc-E5<4|y&U;wQ~Sw8q2beOMCrdYqaGCP&nM7{TM)cK4RP6-n>{r>rm#GoDW z#YoD?Qm!pKvl0 z^{9p}&6Nh+*WV}-Lm47WViN%-gEQ&Nmy;`#AA6I6>A_yUNZ?6;Ux#S;a(=`;S6b75 zm&%yTlqsVla}&2XCNy8iV0fOb2?vQiPlOF?18gJd<{z6I=)8tHx8XMbT^bqSzDp}r zwWc+nT7qMe>{>MVqmAh*`Wd3o?jfs9`VPW@a0$5=tbhn;WwcjjwJ zpSD5tu0*uB2Ep^o4(vFWTx?tN#}pSS#hfI61HhZOg;6i5FU@AE7sh{0PRxn@@k{HN zV}QKfvz#y@&W23&W=JB7Hj60FNJ|(vfH)bPJs24LRu>>284R4_m^&h5I!~0dSud^f zlx8KyMdW?{o8fWAmQGZid7D^P!4Y>plFj5%LJRmsd07PiHT|U@U(x@4&=GPIG;);I zZZZ6jI9B%}pBU1c8dOsXOho4E&E|Qt96Sf8*aX7FYlhMtm6BxEB1ycSb)rA z>`$;>xTn^Lna=>8bbo^!=nJZ2Ny`4Ov1kb|;T@M{K_a?m=is8=IrB-ci}d|wGOE1i zJiF)0%`wB_;E-Y@x24THbocUCV$bVu7*oAYF{|$mu|nD=J}6tA%3pKs%Eb?SLexY{ z;7W;h{|Ftomz?nSc-BxbOh_l)-A?YZmi6{H=1aiv+iMAQCyj5@VsIIxEGGihm-@5k zOA_)!Kkh`+{S3%?hk3EfV$^Y@+Q(}isSEd-GH$DB{afXGW^a*4G3z zn?&w7vW|Y^a=Q^Ae|>>hTI1&_ZB$OO{*MGSb{$B*+ru%Dfj)xg^7Z3ahLX6hZ?@RH zAG+hDGcyAT18ZvEF)};Y8+;fedfgY-_*}NewS(NrP0{RWx}gbRO`bd7?rMpC-CXi_ zvLnA~$~QY$A&qv<^EYh#hXJ=b*j~7Pf^6-QaViYLC zy$aCE1t4)t5t3!oLznM8S|3nts#x#FZRe+NT8dxP;(U1r;M#@pC9j#e?7DT01qFvFU%NNgrq2<8=-xYi@h;NtCi#0|RoAL~B>oZgU83bW}a*!coq%RJs?)E!KkLO7N%#JAL|y)NzwU>_I!v0_dviGZTI7r*r9wM$ ziV@P?ii2sJT_Qw%qm3=A@6;tabY0iN*7~_FpuU^Ev2KEAb$4IkcrHU#M$9j0`w>OKyU3oYqUqxq5T_j=-f zX|DVA%UoXY{!_QmFoxN=wP;S0;FNiR<{bT#|ELb$Ox3E-cercJZxWy@lkoS>ZA_W( z5>eltsy4W6$10m}!+5ghY;#k~Vw4x3c)#r}YG_wi^@pa^RKNcI>aMepIn`=67R}UX z?fm35?Gm{ONgSmoUNZ9XZ1?U>o1^_}G891ItkqWHmD#Vl>@M9#zj2qA7O`yw#-gNj z#uIe9@hI4@E#a!J-Ko>}5LJ=rsh>53`cj{L{w&K$*V`_GO1hTwmdD=OvmDZDqYh1= z=^5+v8iY00)%h9hjLffMVvn4j4*be4T4IQj$1Z{2=p0I%}NA_2|HhGEbqMsK+;lnDUD3&+to$mF#}v zFvkv`^N#@qNYv7+;VO>`g=`0g38f|bXSDy);>$_lfW=FHIw;sbVgv5EiwR!wC9 z!Y}5MIvd;UJXPnREVkDd3k%Dc*~b%QA)1PtS@wkYt#Rt3E~T7;oN$eekuOt7{GA-= zbZ_|~KtHhLgFvn=CmLqv)8#*Z{wyz-!|wy|GdDN4#f|!p3&Hb<=ob{4xbGr>vFeo| zaUJAfY3)Y#P~}qZN87v+|456A4I0@zl52CQhwmA=ZG3Jz(>MX?ryH%Mhse&$3p7)z`#C>x?&40SJmDt0E3vR@R7kwKC9rP{4W45L*z!DEWP3?@VF4HZG1UKxj|W>)O6a{X*nB>pLUU zzjHJ+c9#c#)InDZ=yi9Va@v=Am00`^>tS2%w5UmfxX=$U!&L^$;R2P1Uu30;o-g;` z9A+EMo7IyNy=wV+jM)sbwN8c7vVVdEgqb(u&d}On*f)F+2z4)fE;ZT>kBd#bh=}mu zzs0C)ddKdSisld^w*c(b?-E8Q6XxI${QV~cOmj!%5I#3TM_%!_kg?^z|90b(IQ$wn z#%^v7GjsCasCyxVD&{WL3#0z5FKcXVt&uBOb~hT^d@f-WJcCHNxev1!l_e`V^WhdZ z@|HALYM-||KS=4~WO=?Oa`9H|z5==LFMZ%<7McFE<76YO>q@Wlm}C1+IjRKm)h<5a zj=!0Qu{JJ7cu;D*4RFxP*aZc^%0S-omxt+sC$0T}19A8~dfN+=KhX;s2nm0k%(Ag*YVJV`oo$;Aze~8={U`SXM~|<& zzo~$6u3O3u+S)RaL)J2gaSujzELE z26x=~UNLFJmpnf3_1zmy(C%e4_ov+UMhn}Rj;kI1jZ4&Ms4TbZEp%R6-$B~U9TJb= z1Vn;FaibzNL(1z3cdFYSKgY%%bNFzXX;V&$!i;=#mzCej2xESpqL5oQoN3;l$^#Jt~Z<>;tXZ1F7kg_hQGPs;w?I#190 z=-7J$e2j%ov2*cNVS-1-B9`md3zatpkO-R^S%W% zlBce&KJjBJ=^b~T6exeBXTt<)YZ9iN__-{&uHSMojRR~vP%U^;MF?q zlUj8h4gIL>5I#X0v^PEh4)CEU9kgvum7e#{>gm40?XRLr(IXf<1@QuROCch{E69`I zwnRR{c%rKEq?a!()=j!cuy;Rby=vRR`qls(4`?&EGP0laKuJmT@ozRhQ7q2eKM@$+ zF=2ZxWY190moqHy7mR?x4wd#OlaBwW+x|@)o8jI$XPudmkzaWl8?k)1lX2b7?#9Bh zIV|QXNMdOG_~RbmWH15%56O?kXWdgLmdx2dUM2IBdH@nZQ{5M_G1*6}me{vQJ%Y_l z;4*vk@u~Z{tJqfymgfib_|I$WDp^>LNrX>mZYNd-BqjZ zN z+mV^hZ$JIZBAR$-z&WcbtTpDe;@1@rd8WFbS2Z^pw2b#^f8YRVUrShrdVK(;5OQW} z=E}n1_7q#CehwR2(-A+fub=~~_OT|lUTEp~(z4bSIj#J9sDKD7XsCe0Yc^2Dh7PK7 zZI=_GAq8M*Bb2o#zt|4IER0-oV37-ttLdQkQL=yVr zmjGn;NUPvxez7(3rHGC6t3If>=rF+sfuS)vT%6k6*D6->^F?&0toJRWx^_L>&Mn## z0P}@XP!QV-z6zH!UYJK>v}~LEx?K973YnKa-6+Do?v};3yaEc?{bh9rCT`NsC_nqH z84H2(7tO1GxXm@wE%}nrWWuUU4Ej3Y0;CTlDTQs)op@)`Ddr=*mg_3if+&pvr6hPWvihM#DVGR6X5RQ!plXc)vd;l z6-RCyStw}0gr9>3j4Oj}DZbB)L1Z(t9Ix@%49-U~ARllRv9zmCA+b8St%;I z0uL$Ki$ix8o6D3Z&$c|QFEvg~=+bloC-&&!Lzo=4wY}~59>OUEEdUh%c+KQVQ&W3{ zMET%-8;dc?J2%7S1qw}7pPju9Pnn?#k*1%Lpb5l?haUPMo`L*toB}cO88Mng!s3N{ zfxk74mC7r1dKl@joKH~?)y({>%Q}?U9UVnEe{C{Y!^6aqPKUU&z424CUPP;GPoHG%x-vpik7OXqN1XO#acW|`MczbET@{P>>OE+c%se*#oc!@Z|9xl z4mS7qCrWKnI*$B;-0l6W)$FLq1P^8(xo@{#^~+$cZi+;ME9`UB?!9bI2%_%9yn{WW zp`}%gELuA`(5*UuT3WXn>n2lq5_T@LyBYEJrkRO(&cE8K&FU!_T3vc3QQt@;FD)2U z#Y8jvX#G^a+fP+I+Rl)VP2;bx7${a`=Fop_|f)(T%O*7u5r#FD5{Q2`I zbX%yZsv0@3!#0mKG;0nGS!L3KNd~W853S|xhRD1HPLlQDF~Eg40NU=h?+3L3PQq6+ zrVPgblq|Iiw(OQ2BA-bhlEEFfgc$e?_EW+{wG0rstEGQPkvY1({m>)kYnHm(57ER+RE{>dj= zZ3;k}pVuOf?4kfrlYG*sGf|4R*u|*-;J5r! zlF^p?04amZ6A6S9n9R`PD)YSu`{K3qF2q$;c_6NO{LlZ~BY-Qi3&N5a338-_r`FIZ zybo|LCbslzqxVXGI%Ag{-;f-C-;3Io3QB@hFIPB@N$^}0TUf_1KpQ|IbNH21!0;z5 zjJk3@Bd(PLFgY2+LUI(HzJNX}=3BhkCC#bAI8%D?Piq~5w48ar7cI{~Z7a5;IDENtTO%{pqz7=o) z$&9qiFod2Ukb#gzHlk8?l|WJBsjLCSjhc}`J5g`_69AM~z=6{d=Q!G0Ztb?LBPAN- z353k)%vKvf&o1kf;6<6fEbJiJ735N(7`x#+|D*owtvdq|m$x{6VCoes>>0UVUsO+= z;6>5+{iidoA>V?C;Tcb%yjb4$XP{t!)Zv>dQarn2V|IB)_C8f7vDlvSl54+T{JM9RM) zI^@T%W9wJa<_26LkjENd1`QXWet%#1Cgc%FOkTiH6eMJzmjSLWG`cN;8Fs6U9zfc9 z3rb}8iJ}<|svXw!Yj?dq(!5GeVbOj@65Seq8$pA2PFzC);;Bn(vyH5PRH78v1O9H{ zd=|j0E`hKN zD85F?dmsya4!R%BAxHmq+XO;zCkQP&p=~523p^awzIAZy19%7cW>>HgFAcd_Rx9|U zw~VQb8I1wFK}*v&ErjIwID?4^8!rCr>Y>V&1>Vm>*sxdZqG0{a@$n!N?pAKy+nO!! z0F$Hg-TLwdNJ8YfK?%F8-J!iI0;I=%Zfi&$je% zY^+|hgJ)3%;P!=@G83*3BhsGVo-?WwM}Zu0LuCL2{6F-Ftc;QO3CXOMf=su~h0VV` zPbkVeg6*xxUkAY!Xa(s7azLq|s;ctP0PJ%_)k%}WkZV`T813Q&KL2EGd>8m3_-x=# z@=BO7HSWL;~GU^=TJ01(@`~v1ihofW%T-(xcw8kYgRckn7=WBpE*MX zJM5gM+am<}7OAklIAg`zTKnUz<;agkJ49~mTW{rSS78yr12O_f29iBKPOwYO;lnIv z^m6~wRDJ}~?odW$;5>E9`~8SaA-~06>?jZTLEhv*%ifj{#2oIV_KugSaDuApHWSQWZfY3|3vgSL?Fb&km5(@qK2hAtIGsh!M6-6@*C?0_MfBS3T zfe;qh%8QQ`uqjXG22Kw)%jF{g7AVGK;I2zj`Kc*}fO-M(VG@(_#n}Q+e#Kh|YzE1> zy96m9<(Vkv9euqkAW#SL9BH{JO>molG%^pK6b%jwoS9&$3rDf$#ahjQUI7*l0y$D3 z-M~$!`>4D9xrlu6XH$Le&rBer zA#jZ4bS7PQMZWr6(oVq`e`!ji)Q1s*UR($)tMYq5ZP0>-+D z495B(x99B-2sD7rMRN3TlL7MuRW)Ea!Jc5aYoN9*3bT})kOH>(Fk2t_nIOy!*$I~~ zG55X2FL9&_&w{A<9y348F|;nn3k)GN$Ta1j#w_aeLwyj`8Rfh2>OSC5RTD6uJZpjpFdg z;Ke4`_2LV!ooGTX+jh7WyJP2QKJ+Jp%&^roJ?LElZQx8SEYzzUZfU-47O*2QqKj=p z*+;y#HUyd&J_EF**X8YmiXA&BT*#zAhFMipMGqS19}TsNN`ZIKq|PocS-5wenSbt? zGj4Zj0U>NF^1ebT+5hJNxUT&@06j$6tf1~VQ+QtyXleb*9(JT$K!|M66tIbi9)!D>?p*9_t?%uV4r?N9v*Ue_DqRo>s~(Gq4a&kTTiC^O z1L-a%$1~to!Tl@);zrFT*> z%+y2c#-sq&>hIcZclUkXLO9~~L{uKzuDF^o0wJgA-Gc4!xfiLu9*c(W2IAg_EGc5w z9qyc5SS({8r4ESHhHLvk$DSDL@G83j$n{z6xJ>z?^kET-ZlmcRJi@c@*5_zKt}F_G zn%ZNm9zK4#Nu*prBywpwiQ^^B+>V-W2)N4v*qIcvZsO%K}0e z){hT`E%Du8vnF*uAzjyV@hQ;Q7niN+9hXt+BaV&GfEZoiyysFA{H9@`XF}JWQU7?B z_hy!c=AMxbVZ5iNPNRPmTeaX+(F3Q0SM<12>6UMXRL9hN_N+R^k{c)5nkO2*{QXQa z2&v(^Dl8uf9}9A%be4(7`YrVHek56>CS1$mzw zrz-x63xm3({PPjmEDL3%7eq;3v6ou~jztwpZ(*E&Xg|}T@E}zVn^8SqBMUq=T~8JLei7Y50h>kMpQB| z@Gy*8MOF3p2o-WoTHC>C2Dv}U(tJ$(&2VdVc(by+T##&QM;At3gH}*c@dhIjl|*Tk zk#c$hVRyqEYqE_j$5;D3ruDKGx6w*vXaHklBPEKA7oY1)GgJ_C4}9@)H#Y2}`B;^i z7jp};&fs7%93&x&!l4uum1eqc+a4C%!%+1Hi9CPqoEzRB;c1S67HCZWvY;r2Gms#O z3dLlkN!~6VeI0JHqgpRtl(#h!!bA*x>E5qZS7$&~T~9LKuV1e$y2Tpx#JPv&9UL6{ zEw|9z-OnMr4-O_Q)O@C?*=&S{Jj&rE>>0!X?Y2{$a!lR`_rn&SoGO0kqxQV%p?WsC zN}6zf@j1bbRL|k~`3Z&7IY*c|1W*NZ3Idb>Xs&A*$XNd^V+J#`TA}mNiu$-%oD;3V zWJXRX5*&h#NPt}q6}3G(HaS0?SbL!4MlT8+Z+r zhJ%ehesmLdIS6EZ#@}KqD0t?!td{8C&iDJ7ozL1bPo!R5s6Je2-h=ae#O?G+36t{v)Y9%7c#e zR9wPR#qH+J!Y%;4hpW3QmVhs!5@-h#jg8ic_F%TT0xj|qlvj8OEX1n_hm*B+W5XetF-^J_afIe`hq zUb#4bc@S4g5pP&WeZJJojs^{JbU55PVhSS&y6gR2q14j$$|2XHb$ceajDZ@GiK!BecIQ|aw{g-#PYi+`w`8Xxjq&wAu_Y}+pL z(EmjG0`cABNV<9R_wm6SX6=I|SbE{TLE5G!0oy0P8XZYLA%JRZ41#tB9QyW$huE!F zRDsCKt-c1cf(~SVJeLPZ$Bc5L5ko70az8AXyq}WxXEHD%fDYpNVDCPr2D&ncX>04d z<(PC<>VcYof=NfJ*+9FvxWD`Pajg46-5-92mopVhLYY~oPn>1N#cPaWSt9ss-evYe zF>a(02F}wT{S6Hb0|O3Fb`0fOt!-_yUy+6i>F=FEasQLkv(w0e2C>KH|6W&$; z^p7 zIwT1v%}@fI_Z)EQzCK1izIdBCSvP11xg7QB%XScB#olo6$qD*{1ZYEvL_keqU{FIo zKAJ&AW@EkIIsLc5OJYdi8oBd~#Xv#Y+t)EOQwDRJ_7XVnW%dcXzv@X&!vD-~zp?>c zbY6{>Jv{c*Dso|FOr4VZ(bIhr>(X5WyA|Y9Q7O{v8%EkBhNJ>G#PNGeUd!770tAQk z0Up_L;R78k9XH1)<^bQY4|}@jT=Eb7+r3Hn*rYU&Zl*ap$Ll)P^n9_>cI&54Y;>=o zLk)}@(t)D_yjs+MU-BDw)$`y>NN5fPNn9FVpweJJpDrPJyT6;tdFz5Cf~EhCWd1Jf z8qW{7N#u9pc^D%ZOmKE_Lo;3s(!?9BWnA6FiCwK(O)B-QJ%9x{w+xiBcJ=!r&T#4O1Xx%`EV}YX3q11gZx$a&#wP}{&YGMQxkza&-0r#<-C;cXH7#ac zb=Scv%I5{vThr6|lYPTHs?S|ReOCr@I^Z013!b-r3nb+rH*o2Q5rPdE4G^hkBO7<;HWUuT?W8ck43vEL7 zEy~zKS(9aygzQ_gHD5_%m%YL8oX_aHJ&_e(iZS18e6E z+u!_tUjbqv;nD2JG`H%#_!$qACt?P?oFu0IQXENs<~>5ITInrb3W?S4?&dWot>-t7 z<{1o)jr^R4KnT>1bMe5v?E+5B6a_7-v@^#jnqL!eAl)PV2e5@nB}+jF69~ZrTtQ(s z`qHM&Y#mRd0jLspUQp8z`)7Z~?H7upo9(y?1{RK$hRsP@m2^r&NRK+#y$|U?KFeNKnyA!SwX-{d!b=FeViXI6PrJUp!W(Ft_* z2wH=ah2<%*(~4lI6)^rLe<1YcxUsbxm|AE?|!-32Z)NwI$vMP&eO8{Y?QOa zf=zTW=f6B%v}`KoyEykm*aGkN0|{!qp7Otvi9ZFE6QfmKmnnd7oK%9GJ zA-n8w0;7%AW^o{P{1J zxC@IxGU||3^;d`9dPY{Jjitb*W839ZhknTxexY;QMscquKIwV>5Nkd6rXdzTIM6qB zuIBd-hi+F&KIwcVZE&LQ^oCo#`HES^>`SX3vnHU3h~CzEm%BtQ%NbWG(*+h51RPdw z#UboF*}C~oW6Yr7kniHe%xuFDz%jI9?*)GMb$~-D<_3iejw(d2q162RlpWFOU(_wG z!mbJNd#FBLkT~!%T)>k{T4=b>VGq?wPL*LT6z1GzmOtgT4VSwMFQkO*VcdJQC%b!d zwmu=#9r#QfxZ z|A2{72sdUG&x@;T|M>ifI-JEFIZS0I9mhJQXa0hPz=1pDJVTc@|5F(FBWo)=9Ecv>-mus3Y?7k4X*?A^Zh?v~(3jrvsvq_#^NU?m+TP+$QfmNflMB3C=< zDWK#&mrSc)dZ0im_7hqm*mdY__~V#|kn)9R5ZwPZaA0P3me=w%5F?f8W5>`h#S$Xf z@K{zAaXE2uojE^_>A%w4NDT4G+q7Wnc8yOHLQeEk-3-OuoZs@d6Ze{t4n5hy$=#J% zQWY#mtkNAdzJ!(R*0(T!jN-`n0e<{$kgt*9qG&2zMCrSfDM20NtU|rGssLuZz8SbQ zIf38w?}&nd3fvm`;>RwraQ@(SV$OLd2D_JZm2JOZW>A9c+4lB;MVY&^%z@Uijgr4_qjAx~~kJ~3>voOh_c$t)*f~4p=-t41P5JVbl07N~udwCuD)p>Pz z0X>MVU3VLooy;ACSv5HkC?vJ1uh7=ETJ{}mZ$B6N@@z2t{F_BY#4YiwV`l4yFT8Pz z@7Vzn;yKpoTt%afU~8s@TVVLpsH8*SFKz-A!c+Q~s) z$$JtkC|kV&bhsf#R$e4mO_`&2v%_H)dDtz70QtotU&D&IY`vc*QaR7MI{ms|nQyB+ zS33`{EQ>%qv-S$ImXWis6{)I@0O;pTxcZ|c9pDxy<0!0bKR#Ji;EGz-rvE{_u;D%n zQu;Yp?)23vCI{vyhpb3pR*$1@t8%00f3DO%@kbx&0uZt1#AoJx`w~J!ll8L68r1W0 zM|81M(M)=Eo6U_kk=O&feaFm%)BDn5Ri zp1^F~=zdnhFy5X|pn6G8?lNG>s|3a)R)w-d9vU(>WK#H|j^iF14bRuQ;lL%_S7`KJU` zLD!3hhFN;qyDOJHTOAX5>9#C!N6)VVj&!);mLQ?Q`3PrDQ<3^$r8HOf0WX}X0?B$D z6L4m&>1K{xFIm}@-dIiT!Nlr56jk{-UEq{Kqay%T4-YD{nM=9Ob7-c|-R}F~QL7&X zY#^)T=}q=0j|?h{g}6{c6nQvyGBAYiH}&xCA#VT;Xsi-%0R|wI@Y`OEyUp~QeDMa6W3t5)U-HAl{gK&6L%{PuT@fH1 zflN>i4k7r(?0u;2tj5&N-lTYF*M-*%7U_{D`W{z%f-SA1Obk67dMYdh1l9ppLPLX7 zJqrxM0M3AnVzphpVD2kduBfQoo9FRNiB+L}PUjggQJ6peap%#pS1dS-+Nc2|50_ac z>d6$hOZPDy&_<>LK@A_DD$^{_uWr_9376$gRONFCE926jc{wmLRu2um$yX0d{|+DWt2&zYrP3Oo$9}jsh8~7|2k? zK!z#?GE^~;`6WhG7Lh?L_J3#v5kp!*I`dDh{AXwWS1U+o5E;bsNKgJ-DG-_MaOoxt$afT#iwGESLC_{J&ViR$!`1=Y^{4G`y z>IFpKbwY(K-Hoxwn@@4;=ht*Kwx<=^U6Ar|O1&QDZkapD$`L;DY~rdy*3Rt_`M0{% z+ith+vh`tR(A}jLkAH?Ay{;B@pTlEzFaGE?K?x0;ogoLMA9)HIFa=)j$1TcpU;8}O z%U*dvaScGxWvkkhS^w!RG&i$mzs;90jS$h!*Tzk!(X+ptV$-S#H-}Hr& zYCh!QZ(00E^S2}1tL!K;^?Li2h6kpC0^9Ohb!80Y4my-qr+muIO}|?^eXGG98eSN| z3@x9Lpu0=H?E40uD9lMF9h;aE#o<2WZ~W5Tr($NTj7dv%J;OiqQ=Y-@jo(;#6VVd` zEvf!{JeF3uDPdbSDZtdbX}8$joAhew%W1l$_2??&@``m*afIpIRf9F+k|L&a~MhrsvN4FULrvC^qk#r?B@+OG&FQ6 z-Pf??CbB~IM5(3XZ$w2$TN;Z*@2GBdKa*)%z8jI+QM29~Wid3t)e(|e7cs;&j)Iy9Sq}H76+Ydz4ieMkZ#Z^m7gg6Q zfy=!CjE!r6@(xp>MQzIK_61lpmlQ@rTRZ6F-ReOV-me~I@LnO@(MW%tV-qrfRVe6` zk&%(q$&(+4^Lyk|Qc@Nc7K-ULH8mkih+*q(@pyg#fkZ7*XJ>@LSqIt;eYY?&F|AN= z9D4(wEt9_1JS;BB%*-ssQG6sggB1@w)5(Bp%mjjbm`Voy*9so$z`eW)R1QEqy;ecK zFrmS}n~v7O=#s3w?paq?SEwX?21sMS>4?Qfa1DEK2W_T~X(9&tIzB!wR!5o}b$e4# z&{3QN&?>SfWJ^G)%ePl`9;jf@TxVYhP}QH9kmq+;Uy}}NvI1KTV2E-7aOlcnv2k(9 zudKvbSt;G1t)Hy99=1SB{rvu>L8lDjIe4XiP;8SLo(%ZSa zNB+^m_(Il!ExOw~fz=<2DjmQ?Dv15?It`N_nVVPYhiXG)Wn>y@XUTq&l9EOXA;xhr zF`;Ys6%V<)yNmG$P}f-1^*3c@e70zmYCAAr;Ih{^_U_d&Qs54OEHdS-zkf?ZB-*vq zc+lyJnv#!FmKBhF0VS_|9u1j->yj69l1YTutZ<93u5>gi;NGsDffAtbGFa)qj^kyy zNGy%o1!~NAoz~Aa=HTLj4fhh|@DR*P;Dc6Mj|nFWp4{m2qZU#hVA@+-Lw$;y9Js?1 zO8vh_*?L*yqw(Bj8|NI zJkZt3iHaT+xV#=?q!6p2ggG9mcJ%N@8@I3RCHt9n6t=asg$rl{QEUsQq|f1GP_^@q z-_Dlw<$T$q+d{}(i%m?_eI08R_k@a z^GqAx*2qMQ2@A$*WbH_DI<+s0C&)!tq@K3G--~u9b=|*6Hx`L!i>S9~A1!p#I?Ww& zIrO}=P_)IZ9(jjN81ciAi>+Fbr&?Brj}3h!67Te& z<~hFEZi{q8xXb;f1Jo%*Lmf_ViinA5sLj#P7%gv$ly4DDi`a1u`J?IuEydh(S8x3b DWCfJV literal 0 HcmV?d00001