From fb8063bd452423842161ab95267c15cc9f6d59c3 Mon Sep 17 00:00:00 2001
From: Sankalp Yengaldas <sankalp.yb@fmr.com>
Date: Tue, 28 May 2024 03:31:19 -0400
Subject: [PATCH 01/30] add documentation to support venafi issuer
 caBundleSecretRef

Signed-off-by: Sankalp Yengaldas <sankalp.yb@fmr.com>
---
 content/docs/configuration/venafi.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/content/docs/configuration/venafi.md b/content/docs/configuration/venafi.md
index 17e77a29fcd..a1a9e564d40 100644
--- a/content/docs/configuration/venafi.md
+++ b/content/docs/configuration/venafi.md
@@ -239,6 +239,11 @@ spec:
     tpp:
       url: https://tpp.venafi.example/vedsdk # Change this to the URL of your TPP instance
       caBundle: <base64 encoded string of caBundle PEM file, or empty to use system root CAs>
+      ## Use only caBundle above or the caBundleSecretRef below. Secret can be created from a ca.crt file by running below command
+      ## kubectl create secret generic custom-tpp-ca --from-file=/my/certs/ca.crt -n <cert-manager-namespace>
+      # caBundleSecretRef:
+      #  name: custom-tpp-ca
+      #  key: ca.crt
       credentialsRef:
         name: tpp-secret
 ```

From bdcab6018937087dd6782ea02deebc9888fe907c Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Thu, 18 Jul 2024 16:54:38 +0100
Subject: [PATCH 02/30] Add boilerplate for the cert-manager 1.16 release

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 content/docs/manifest.json                    |  8 +++++++
 .../release-notes/release-notes-1.16.md       | 22 +++++++++++++++++++
 .../releases/upgrading/upgrading-1.15-1.16.md | 12 ++++++++++
 content/docs/variables.json                   |  2 +-
 4 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 content/docs/releases/release-notes/release-notes-1.16.md
 create mode 100644 content/docs/releases/upgrading/upgrading-1.15-1.16.md

diff --git a/content/docs/manifest.json b/content/docs/manifest.json
index d8f5c0c3aa6..b51456123bb 100644
--- a/content/docs/manifest.json
+++ b/content/docs/manifest.json
@@ -19,6 +19,14 @@
               "title": "Supported Releases",
               "path": "/docs/releases/README.md"
           },
+            {
+              "title": "1.16",
+              "path": "/docs/releases/release-notes/release-notes-1.16.md"
+            },
+            {
+              "title": "Upgrade 1.15 to 1.16",
+              "path": "/docs/releases/upgrading/upgrading-1.15-1.16.md"
+            },
             {
               "title": "1.15",
               "path": "/docs/releases/release-notes/release-notes-1.15.md"
diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
new file mode 100644
index 00000000000..ffc87320608
--- /dev/null
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -0,0 +1,22 @@
+---
+title: Release 1.16
+description: 'cert-manager release notes: cert-manager 1.16'
+---
+
+cert-manager 1.16 ...TODO
+
+## Community
+
+Thanks again to all open-source contributors with commits in this release, including: TODO
+
+Thanks also to the following cert-manager maintainers for their contributions during this release: TODO
+
+Equally thanks to everyone who provided feedback, helped users and raised issues on GitHub and Slack and joined our meetings!
+
+Thanks also to the CNCF, which provides resources and support, and to the AWS open source team for being good community members and for their maintenance of the PrivateCA Issuer.
+
+In addition, massive thanks to Venafi for contributing developer time and resources towards the continued maintenance of cert-manager projects.
+
+## `v1.16.0`
+
+TODO
diff --git a/content/docs/releases/upgrading/upgrading-1.15-1.16.md b/content/docs/releases/upgrading/upgrading-1.15-1.16.md
new file mode 100644
index 00000000000..4b5110d93ec
--- /dev/null
+++ b/content/docs/releases/upgrading/upgrading-1.15-1.16.md
@@ -0,0 +1,12 @@
+---
+title: Upgrading from v1.15 to v1.16
+description: 'cert-manager installation: Upgrading v1.15 to v1.16'
+---
+
+Before upgrading cert-manager from 1.15 to 1.16 please read the following important notes about breaking changes in 1.16:
+
+TODO
+
+## Next Steps
+
+From here on you can follow the [regular upgrade process](../../installation/upgrade.md).
diff --git a/content/docs/variables.json b/content/docs/variables.json
index 4f9b3b45062..33da6f1f8ac 100644
--- a/content/docs/variables.json
+++ b/content/docs/variables.json
@@ -1,3 +1,3 @@
 {
-    "cert_manager_latest_version": "v1.15.1"
+    "cert_manager_latest_version": "v1.16.0-alpha.0"
 }

From 75407282b9febda0ad16dec348a13d167f2e9fca Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Thu, 18 Jul 2024 17:43:45 +0100
Subject: [PATCH 03/30] Update the Prometheus Operator documentation to scrape
 the webhook too

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 .../docs/devops-tips/prometheus-metrics.md    | 48 ++++++++-----------
 1 file changed, 20 insertions(+), 28 deletions(-)

diff --git a/content/docs/devops-tips/prometheus-metrics.md b/content/docs/devops-tips/prometheus-metrics.md
index d3d897798e1..126ef1dab72 100644
--- a/content/docs/devops-tips/prometheus-metrics.md
+++ b/content/docs/devops-tips/prometheus-metrics.md
@@ -3,7 +3,7 @@ title: Prometheus Metrics
 description: 'cert-manager usage: Prometheus metrics'
 ---
 
-To help with operations and insights into cert-manager activities, cert-manager exposes metrics in the [Prometheus](https://prometheus.io/) format from the controller component. These are available at the standard `/metrics` path of the controller component's configured HTTP port.
+To help with operations and insights into cert-manager activities, cert-manager exposes metrics in the [Prometheus](https://prometheus.io/) format from the controller and webhook components. These are available at the standard `/metrics` endpoint on port `9402` of each component Pod.
 
 ## Scraping Metrics
 
@@ -11,34 +11,18 @@ How metrics are scraped will depend how you're operating your Prometheus server(
 
 ### Helm
 
-If you're deploying cert-manager with helm, a `ServiceMonitor` resource can be configured. This configuration should enable metric scraping, and the configuration can be further tweaked as described in the [Helm configuration documentation](https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/README.template.md#configuration).
+If you're deploying cert-manager with helm, a `PodMonitor` resource can be configured. This configuration should enable metric scraping, and the configuration can be further tweaked as described in the [Helm configuration documentation](https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/README.template.md#configuration).
 
 ```yaml
 prometheus:
   enabled: true
-  servicemonitor:
+  podmonitor:
     enabled: true
 ```
 
 ### Regular Manifests
 
-If you're not using helm to deploy cert-manager and instead using the provided regular YAML manifests, this example `PodMonitor` and deployment patch should be all you need to start ingesting cert-manager metrics.
-
-1. [Apply the following patch](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/#use-a-strategic-merge-patch-to-update-a-deployment) to your cert-manager deployment
-
-```yaml
-spec:
-  template:
-    spec:
-      containers:
-        - name: cert-manager-controller
-          ports:
-            - containerPort: 9402
-              name: http
-              protocol: TCP
-```
-
-2. Create the following `PodMonitor`
+If you're not using helm to deploy cert-manager and instead using the provided regular YAML manifests, this example `PodMonitor` should be all you need to start ingesting cert-manager metrics.
 
 ```yaml
 apiVersion: monitoring.coreos.com/v1
@@ -50,18 +34,26 @@ metadata:
     app: cert-manager
     app.kubernetes.io/name: cert-manager
     app.kubernetes.io/instance: cert-manager
-    app.kubernetes.io/component: "controller"
 spec:
   jobLabel: app.kubernetes.io/name
   selector:
-    matchLabels:
-      app: cert-manager
-      app.kubernetes.io/name: cert-manager
-      app.kubernetes.io/instance: cert-manager
-      app.kubernetes.io/component: "controller"
+    matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: In
+        values:
+        - cert-manager
+        - webhook
+      - key: app.kubernetes.io/instance
+        operator: In
+        values:
+        - release-name
+      - key: app.kubernetes.io/component
+        operator: In
+        values:
+        - controller
+        - webhook
   podMetricsEndpoints:
     - port: http-metrics
-      honorLabels: true
 ```
 
 ### TLS
@@ -91,7 +83,7 @@ metricsTLSConfig:
 
 In this mode cert-manager will create a CA in a named secret, then use this CA to sign the metrics endpoint certificate. This mode will also take care of rotation, auto rotating the certificate as required.
 
-Dynamic certificates can be specified via the flags `--metrics-dynamic-serving-ca-secret-namespace`, `--metrics-dynamic-serving-ca-secret-name` and `--metrics-dynamic-serving-dns-names` or the corresponding config file parameters `metricsTLSConfig.dynamic.secretNamespace`, `metricsTLSConfig.dynamic.secretName` and `metricsTLSConfig.dynamic.dnsNames`. 
+Dynamic certificates can be specified via the flags `--metrics-dynamic-serving-ca-secret-namespace`, `--metrics-dynamic-serving-ca-secret-name` and `--metrics-dynamic-serving-dns-names` or the corresponding config file parameters `metricsTLSConfig.dynamic.secretNamespace`, `metricsTLSConfig.dynamic.secretName` and `metricsTLSConfig.dynamic.dnsNames`.
 
 An example config file would be:
 

From cdb90b019e717c9b10930a4b04afb1177c69ade9 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Fri, 19 Jul 2024 15:01:15 +0100
Subject: [PATCH 04/30] Explain how to set up TLS metrics for the webhook too

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 .../docs/devops-tips/prometheus-metrics.md    | 90 +++++++++----------
 1 file changed, 43 insertions(+), 47 deletions(-)

diff --git a/content/docs/devops-tips/prometheus-metrics.md b/content/docs/devops-tips/prometheus-metrics.md
index 126ef1dab72..7890d9fa240 100644
--- a/content/docs/devops-tips/prometheus-metrics.md
+++ b/content/docs/devops-tips/prometheus-metrics.md
@@ -62,76 +62,72 @@ TLS can be enabled on the metrics endpoint for end-to-end encryption. This is ac
 
 #### Static certificates
 
-Static certificates can be provided to the cert-manager controller to use when listening on the metric endpoint. If the certificate files are changed then cert-manager will reload the certificates for zero-downtime rotation.
+Static certificates can be provided to the cert-manager to use when listening on the metric endpoint. If the certificate files are changed then cert-manager will reload the certificates for zero-downtime rotation.
 
 Static certificates can be specified via the flags `--metrics-tls-cert-file` and `--metrics-tls-private-key-file` or the corresponding config file parameters `metricsTLSConfig.filesystem.certFile` and `metricsTLSConfig.filesystem.keyFile`.
 
 The certificate and private key must be mounted into the controller pod for this to work, if cert-manager is deployed using helm the `.volumes[]` and `.mounts[]` properties can facilitate this.
 
-An example config file would be:
+An example Helm values file would be:
 
 ```yaml
-apiVersion: controller.config.cert-manager.io/v1alpha1
-kind: ControllerConfiguration
-metricsTLSConfig:
-  filesystem:
-    certFile: "/path/to/cert.pem"
-    keyFile: "/path/to/key.pem"
+# values.yaml
+prometheus:
+  enabled: true
+config:
+  metricsTLSConfig:
+    filesystem:
+      certFile: "/path/to/cert.pem"
+      keyFile: "/path/to/key.pem"
+webhook:
+  config:
+    metricsTLSConfig:
+      filesystem:
+        certFile: "/path/to/cert.pem"
+        keyFile: "/path/to/key.pem"
 ```
 
 #### Dynamic certificates
 
-In this mode cert-manager will create a CA in a named secret, then use this CA to sign the metrics endpoint certificate. This mode will also take care of rotation, auto rotating the certificate as required.
+In this mode cert-manager will create a CA in a named Secret, then use this CA to sign the metrics endpoint certificates. This mode will also take care of rotation, auto rotating the certificate as required.
 
 Dynamic certificates can be specified via the flags `--metrics-dynamic-serving-ca-secret-namespace`, `--metrics-dynamic-serving-ca-secret-name` and `--metrics-dynamic-serving-dns-names` or the corresponding config file parameters `metricsTLSConfig.dynamic.secretNamespace`, `metricsTLSConfig.dynamic.secretName` and `metricsTLSConfig.dynamic.dnsNames`.
 
-An example config file would be:
-
-```yaml
-apiVersion: controller.config.cert-manager.io/v1alpha1
-kind: ControllerConfiguration
-metricsTLSConfig:
-  dynamic:
-    secretNamespace: "cert-manager"
-    secretName: "cert-manager-metrics-ca"
-    dnsNames:
-    - cert-manager-metrics
-    - cert-manager-metrics.cert-manager
-    - cert-manager-metrics.cert-manager.svc
-```
-
-When using Prometheus the CA generated by the generated certificate authority can be trusted as part of the `PodMonitor` or `ServiceMonitor` spec:
+An example Helm values file would be:
 
 ```yaml
-apiVersion: monitoring.coreos.com/v1
-kind: PodMonitor
-metadata:
-  name: cert-manager
-  namespace: cert-manager
-  labels:
-    app: cert-manager
-    app.kubernetes.io/name: cert-manager
-    app.kubernetes.io/instance: cert-manager
-    app.kubernetes.io/component: "controller"
-spec:
-  jobLabel: app.kubernetes.io/name
-  selector:
-    matchLabels:
-      app: cert-manager
-      app.kubernetes.io/name: cert-manager
-      app.kubernetes.io/instance: cert-manager
-      app.kubernetes.io/component: "controller"
-  podMetricsEndpoints:
-    - port: http-metrics
+# values.yaml
+prometheus:
+  enabled: true
+  podmonitor:
+    enabled: true
+    endpointAdditionalProperties:
       scheme: https
-      honorLabels: true
-      # TLS config trusting the CA and specifying the server name
       tlsConfig:
         serverName: cert-manager-metrics
         ca:
           secret:
             name: cert-manager-metrics-ca
             key: "tls.crt"
+config:
+  metricsTLSConfig:
+    dynamic:
+      secretNamespace: "cert-manager"
+      secretName: "cert-manager-metrics-ca"
+      dnsNames:
+      - cert-manager-metrics
+      - cert-manager-metrics.cert-manager
+      - cert-manager-metrics.cert-manager.svc
+webhook:
+  config:
+    metricsTLSConfig:
+      dynamic:
+        secretNamespace: "cert-manager"
+        secretName: "cert-manager-metrics-ca"
+        dnsNames:
+        - cert-manager-metrics
+        - cert-manager-metrics.cert-manager
+        - cert-manager-metrics.cert-manager.svc
 ```
 
 ## Monitoring Mixin

From 57109f5ec816aee5d997710eacf2e6cb7d392397 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Fri, 19 Jul 2024 15:52:31 +0100
Subject: [PATCH 05/30] Show how to check the TLS configuration

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 .../docs/devops-tips/prometheus-metrics.md    |  41 ++++++++++++++++--
 .../prometheus-status-targets.png             | Bin 0 -> 60086 bytes
 2 files changed, 37 insertions(+), 4 deletions(-)
 create mode 100644 public/docs/devops-tips/prometheus-metrics/prometheus-status-targets.png

diff --git a/content/docs/devops-tips/prometheus-metrics.md b/content/docs/devops-tips/prometheus-metrics.md
index 7890d9fa240..139666a01e0 100644
--- a/content/docs/devops-tips/prometheus-metrics.md
+++ b/content/docs/devops-tips/prometheus-metrics.md
@@ -116,8 +116,6 @@ config:
       secretName: "cert-manager-metrics-ca"
       dnsNames:
       - cert-manager-metrics
-      - cert-manager-metrics.cert-manager
-      - cert-manager-metrics.cert-manager.svc
 webhook:
   config:
     metricsTLSConfig:
@@ -126,10 +124,45 @@ webhook:
         secretName: "cert-manager-metrics-ca"
         dnsNames:
         - cert-manager-metrics
-        - cert-manager-metrics.cert-manager
-        - cert-manager-metrics.cert-manager.svc
 ```
 
+> ℹ️ This configuration will result in a single new Secret `cert-manager/cert-manager-metrics-ca` containing a CA.
+> The first `controller` or `webook` Pod will create the CA Secret and the others will then use it.
+>
+> All the controller and webhook Pods will generate their own unique metrics serving certificates
+> and sign them with the CA private key.
+>
+> The `PodMonitor` is configured to read the public certificate from the CA Secret
+> and Prometheus will use that CA when it connects to the metrics servers of each of the matching Pods.
+>
+> All the serving certificates share the same DNS name.
+> That same name must be added to the `PodMonitor`
+> and Prometheus will use that hostname when it connects to the metrics servers of each of the matching Pods.
+
+##### Troubleshooting
+
+Check the controller and webhook logs to see the CA certificate and serving certificates being created and updated:
+
+```sh
+kubectl  -n cert-manager logs -l app.kubernetes.io/instance=cert-manager --prefix
+```
+
+```console
+I0719 15:21:28.113411       1 dynamic_source.go:172] "Detected root CA rotation - regenerating serving certificates" logger="cert-manager"
+I0719 15:21:28.115018       1 dynamic_source.go:290] "Updated cert-manager TLS certificate" logger="cert-manager" DNSNames=["cert-manager-metrics"]
+```
+
+Check the connection to the metrics endpoint using `kubectl port-forward` and  `curl`:
+
+```sh
+kubectl port-forward -n cert-manager deployment/cert-manager-webhook 9402
+curl --insecure -v https://localhost:9402/metrics
+```
+
+Check the health of the cert-manager scrape targets on the Prometheus status page:
+
+![](/docs/devops-tips/prometheus-metrics/prometheus-status-targets.png)
+
 ## Monitoring Mixin
 
 Monitoring mixins are a way to bundle common alerts, rules, and dashboards for an application in a configurable and extensible way, using the Jsonnet data templating language. A cert-manager monitoring mixin can be found here https://gitlab.com/uneeq-oss/cert-manager-mixin. Documentation on usage can be found with the `cert-manager-mixin` project.
diff --git a/public/docs/devops-tips/prometheus-metrics/prometheus-status-targets.png b/public/docs/devops-tips/prometheus-metrics/prometheus-status-targets.png
new file mode 100644
index 0000000000000000000000000000000000000000..5f4b38897271a2855f98d89a790a837befcaa6c5
GIT binary patch
literal 60086
zcmbSx^;?xq)b6u`Zlt@VQ@TMKq(gGk-6^^07U?c2X%GpK*mQ?<sUY1cAs~nMobv~K
z*Z0F**F0-x-Lq!qUTfl+SdBLdSm<Qv003YqDZbVM02DX?K#@=(&l1~xMlb+?A2n2U
z<VYxJUWrHn0Z+7y%+Ezm-a(?GqLXtg!otF{v$L;Wy%H1@w5;7`u8;#P#-Dmn*7)Ug
zj4XQQR^0nm%4?q{C$@pyZKZ%GAmHNU<YaPgL+R@e_kgFKuNUQWD?q?u%EU@a?h{bE
z@$~dG*>{NI|CEzoh#Bxiq<TR@88JIEN<#GsRXGxH9)=hphGu797(LB?j==PIA`xAE
zqhpBU_=G7!1Nh$=<_^7}c+UJ7$}=nNUBfb1ot&Hl8Gf3c9U|a-)9`HTOv7wnJ_)7x
zE2{`N7468}3N9N>eHb0e+r~UoIx<)x*yE(2ceZ6}iG<RGgl&+7lEeO8?rUZB&kdhb
z^NU?FJB+F67^tY>jdMwDvkY&7a<bnO%kJQq|M~TMr)zXRDmIZ=aB8?Uzt|_p&ee+~
zv|)Ozd$Pa&1s%<&>bksyARH-A5=u{x#3B<*hnt5-u<O!WVN%D6VGyGZEd(It?EKRE
zJ@H)-35BX66U50ww>~2nz!CWNDWtP^WU{}NSJE^*tHj7NC@tIxOU!I$rd^ehre=Je
zgsD-ChGu+p9I);rV3DY48$eahlZ*b++0{itlgTUT8fGaTQa6^8ni=2^$B^^43#)fj
zd+B5<jU^;L*j6<=`bpI}!qLM{T}C`okv_lSP~JNeCL!fSPdk3`R6n=cU6(#y?p@U-
zClS5oE+X||=xVNIMasyFxwSrW@CT7(^p|kCR|KGG7vZR~j#nZX1Y9Oujq6#T`~LlE
zWsZD;xNOyzWD>DEF7nF_CMo{>BJ=dL)sh#0qrXe4n<<yKNux=@T#-pa7ewV<*_>=^
zk;R@YDB<;Kq{5r=unXnsVlpNrkAyP5f6)K;&A)_Vl-}R}=)5>T=8s2v$Tx^d#rm3m
z3^Ob6P<0PDK8T`T<Btumkb9XcLoWPsq6ejV`OeL9oQ#sn<;xTJ{o!KiG+9`qVc65E
zYdybZ;n{fBT4E=2h5y~jIy0j4DW9w^8vnKV&^VurvA9pTpwnX?-8}&8dMUk@*6~|8
zTIqCN)gXXtc7=rnuQhCebKpqC@Ai?1o!0CkFxTbnOL-HK&mv-RwY&&ucwq<GX_Fw-
z-*3(~Ogo$e{Lh_lpl2ipmi(JMsx*kpU%yt}^%vEFo9a5>p+fh;zAPy?X#F25H(>k{
z0l49Cg2hk(m*0}0f+>9fq4to!e#F}i0!Y@Z!<xFf4=?~hFXgjtP{9}%u(t3GZ2K1j
zsJud&ydnm)_A&CBPwSs^_<N=n)<iHs(YD#28iv6QlzvBA0%HO!S8NRcM9MG-Zc+rI
zVFV$=xf%$bs~vhkOpyVa*fIcu(0#6V^PfrWJWwH`iOYWti6Eey!6lc8T3Itlk%Ae)
zW5zYQu(PcJ1+rq6wjfn;IF(hjV2VZSL!+Bt$Us(vb1!gHb$bU;n~v!<F^f7@*a1w%
zBQKEK^n*kYTtQxa<zhx#AYjn73iQvkU_i1j$tMsS;P$_J1?gZ3pgmH5H1WEW01!)R
ze2Cqpu8eJ_h~H@&7vqFvaI>TQZ-=wbb0I8C*uyAd($Dh2WRHd!oAnVRNAC<ot4I{d
zl!_XMf4pO1uZAbh!YrYIheznHg@Q8BBZC*1Sci`N(Qj%($#r#!!6ESV6iT_;$;62J
z-{4(|neGB*^fpF(So|JHN}URcJj<LUsuEk5;7o!CDXJF?=wp_}@psVwC%zl2EP{*k
zY(tl-*7zep$<s%WsQ<*(&*A_JWoQFBu6a1^KNwoz&Br@jlIOCWAta~8^Sxys7BH2e
z_>l2(+`|P_jDU<90e(FkqF0Q6>i}bwpdxLAlSY|mNy<Cp0ju?QNDh|2KCK47hZ}{G
zZoV!<Yhx^j{W%;W-tKNMF`^KaMf5*{9$uYt1qJ>gM_OC<#LCdvw+#|Z^dWw3vr5ew
zgu@{Jk4+@-Ro<~R#u86*P_6ET-xqd}=&vfzXup^Un>J%aQYmlWB*yFmcUWQQ$47sV
zVC`c`O6iiTe1^5$NwF4m?evTFmq+4t;_r>fS4EZqoDI(=-VJ@?fJud!jY*+>Dd2-9
z{*(ieM;)#!uz;^42P2^Y?r!br72{|5cYAt_&^1Y-V`1(0@TunSU6w2pywHU2YwoN5
zXng-6nFqf{6qpqr)D)bHVig>u^Px~=qh|XS+P9aX3gMGUZriA3@b1UoHQ<9?4ElTo
zjp76c@8i>F0<dcV_}Og_{(tb*H+f<LgFn2K*<sJ47Y1$tH3pHHXUy?otUG}g!(JnF
zu;UF$!9QQV5*Rm+Cp{7aQD+tL)#u*yO@zLqZvL|QQB}C@3Hd|7&Lvj`lSktM6Fij*
zEN)HlTUYzKH`h{v86;>$(b-acjy=W6=4w22dnFfr>sPjCbrd=I4<lR4>B|jqRY>!o
zGVa-t?3B?D9X5<-o-oCy={cv>9|tJI22;>rQV&ibqn$i>bh&*x?YgNnXb}U$z=5E1
zDdeSOxD-|02lyfiQ-RA0$*04qLXd{wyKBX`J0?@?Fex;@dpYkPYrycJ62;NK<}dJH
z-3Z*hW4a@Wh4f(ZhYon3B}thMsQwlW6tF;$gfz}Q9-`<>^uf<t3KNo;p$mj(a;z5+
zHT3cXSfl!-Py1C0df6q2fh4iVQ9ku2rQ+Dm<u!QiB30ts51}X{Y#Pj=FS$msr+!Jb
z@o6|<)#oPFB@~^5gTw@(lw$tqOC~0g!aZ?sf20vLV7g;qoOEhH)41-UN=XFVS#SQJ
zZx@pf)$C<OdRfax6plp-8*)3%rhr@%I8@%N4H+K#&V6Qea2bo@%a)xcSe7wmLQ5!8
zXDOC#=1xjtx$Ow;{7C55EsJK}@zv{@A5{ufpVg2*b|yql`{02@F~Ab$BG#w|<G4K(
zby+=Ac-$;kBAii7)UM#tCz<rx8!L#3f=ShwpQv|0QfikcIQUA+vGWPrQgLB4x)l0=
zO;602MnCP>CO_HFwonl6vZ{qH!mPI2Zt0kG*cHVToN&X%e|H#(?`x+7QqgahwI7tG
zcq4D8QfA&nuFwUjKnziIE$QFDq|glR^{-gUgh7S+l?Q$W*RHgnv2OlrRlef`uVn;g
zpH9la%t9R_mcX2&3Y<=MdM5#HPpU@>_KEn|%-X!VI9RURDMNUcDEdM>C#^~|A}tm>
zU0ef^<ighcX1GA`d)bn6sfh?1%sXGtGAM_cayIh|oJIbevR>_w5zQdhE7D_zbeTj`
zy3Nd9IoodJDbK=A<Z~R=$T#DT{lFv78q@D*^^K&mmf5+@m}IWgveRm#M}{dg3GjUp
zlD|(U)_;jz3-F%^c{Ol;NcQ?&?(;sI{C*sLY3dW)li0jgRTsfFhI@vF2l1YAmgAPK
z-d@1m+nxmF_7j%9uGGcfMTT2>+=9@v$bM^Oa!!*Ld~BGlE;`5fQ#Shru0KmwXRMg}
z>X$MYTeE5O9oM$CSBgWq2#+AX0|tiKoRKdQ4FL#;1dd!S>V9LB@uSy9%ufxx5P66X
z!kM{5P+6e~d02AukVOxD2OhdUaQ1Pl&MP`|UOayEM66q*x25MmT%Mh1VJ%m{DNC#H
zSDckChJh2g9iu}ylNld0k4BvjTJtUopSy1JBht)Qjb##x&T41^Kg)SahiZ$q<!rse
zSFoPMw{jG}zRkAm#T9k);jOs@hl%le`pfA~mpQl0^HwCx39Dhl&36O((uJ+4_-9V-
zV#pKRs(%y-TUu<F+6Y-3$y0F9MYR#%JK!d>38T0Tj20C1p2=SSBwz*vXW?OB>=-8y
z3R*l^{!M+4?z}68Gx*JOH#58o$xDcBljC}s;;wpUH12n6eo9wVXX~<gM3aQ}Cc_)m
z3*e0qiDZ9%>rcbS?0DRtt|lM$1Q_yQ?~5G_s0{vNSElO`M4%(bRw@JDSkXI$+i*IL
zw!}l(jR^_}+q2$(OYs;Cl4O^Fs%>FPzpw|DT>BsiMX7Bi^}g5iRF3<$YS`EWE_d)*
zu42jIUjQ@pMN#sXb=(g@ReL_^)3=0Nl7q{ccdh(wgH;ht@x%W$`2ZpCf1yW4<Mhpi
zIOxT~G_x$CMKR`qKsI?jI1_Gfon{)*{2K8kOjsYWA6+zV$H?Evqfy;)aa=BV{*hp$
zL<L$CAu{}~;tNqji+*@i(Vvv6Q(|r`kLY%Axyr4yrkleZ3esB9RWrO||DyaklCvs0
zczs>^RwSOKrH+v$Btm%RmTqsz_(&qFPEh<$9BjH4bp^^m_oJ-MS@=#>3QZXLYUbaj
zAn1&_XYU{Cg}uU|mhyY9L=bxt&A{;0t6@VG-PmngL&V}435J1gpP<I|9oU6JOjdT9
zK8=1mhFB3n{7F~tX!J@CR!B|QAU1roH=oG>%m0sk+qdO!55M%Y#`~|#GQcLf3=q{3
zV(s!u;P=q)@mhNVx2B+*Kk-7-87k0(3hKg-S|>IBQME5#IV&R?M7Sj}H3T!yjvimD
z-MZv4gMR(+ClPF(`Fp4;W5RXfvf02rqIJAh#<Tgl)}=LsU29R{En7L=Vj{Z=2FVux
zqBFHqwVP(Z6mBa?Ju}_90J5V>rKJz=@R&Tg;K2#0Q8+`{ZJ+ZuUQK1!sYq%9?mWj$
z<h{l+q?%dl=Pe9Hv)o(~roTXo)h4O;>RD3=&Jv-`cvX&O2K<;~jPVeo_ud6Gi$QnJ
zn5u666}~YN(O%hfMp+P~h$hrQr6DLLOT9UA>8p$&-WSeAcLK{}I1nESns0<zaKQcu
zR4<w<n3x^>+A`5`csiYHIH(IROd60Fk_u?38z*)%=!4<y6f^nOX8NT`3<|@Pm4b$+
zJdZic61~rH&`4x`*vDO75ptJ}{j(-1j|;S<^?cB*e+0ZOLv!XmRVx;+6K9~9eSx5x
z^?M}D4Hg9lO(*JS#uqof``E(MxzPQ!!CV?KJQ)9JJxPI6H6(~uNK`}p@HD3=sr50)
zHR;n5c?Mg?^ZbpAHEUIplcq7k_O{WNAUnSV4F_ia8=WpVmV%Wf=#rYG*5dz$Kr_U8
ze1sjc0`5KhjygfF@xL|b9|+WUMqXEo)(hI{=Kg=0cf?T4x)@<|SsAvk&n9wXUM^~D
zg2F>&nEhizISQVh!OdAC^q)m)gWhzq1%4x=cBW6`+|RBXHi}MyIE^LQg$BLd20yFz
z>42Y-P}^Ld^5C%>5(;+yby&}cX3N!<^w3ZM6^?HJSJMF1!Y~*Z7G(Mc<!?YG9!;zL
zz5F$+IAGHZd-nAsiK%;cv76;Cz<BiU%B1LRBj($RVmJt{jYb0ei-Ch^UT_1iaJd01
zFfttZIjJImX(<Ho;klR$l?31gL8Kthi3tYS(ZGOVC?<gQoU-Adq8<f=Ah6E%|Gz^2
z2T*;vCZaaZbO{il2buDFW}9S}NSOvX5k=+5*_cqy{5ffg0}b@BGFftbc2b=^jfjuo
zZzA7w(s{8WNrrk~%ldUX`lH3>L0PYkFDcM`xt>%8sZZSj9$Xmki3tJVLY@yU4$sGw
z|E=Kq2@>c?o4sZFeDOg7)V+9y3&9P7&-T@Nd!x|!q=Vj2o9?~L&hF6_G)`QOI_3ui
zrR3lk-A(jjBal3^ouT=xKY`@%+#)(e884#b8RI{gNPCDe2ED_kN{MCqCO-&y9XUG~
zC67wN(A7%i&tucc@VK#}WX;QwYiXXA+vZFTmx7asveo60A4BHr6X8GPeV%rzo0YhX
zry|!z_5N{nJ{JA}fW|D6^_3-CcEn{sYpO~v3O(q}rL$8fDeqJ!imZBW3FyszX19jq
z$v?*D#kvmzz>RMN7OQ*^+q(O2JcSUCgVyjQ5n0*OXh_F7Jt^;OKFNC7{A)NU<~u=B
z(OC7*V8>Q>ylIa=o-awEx2qmnpLWd>c@gBNanA15&4zQ$l)Xw7i)<@D#_|fd2n1UV
z>&d~GQmW-RZjXK(Rx_RQnyb8H%S#p9PrqqG%2+RtoJC8c<>FC5C%eA+%}uid_sjb}
zp1mptj~(B;C!=SQs-M-x%CXPJ4Vg>1QpayRm?{ffWKZm9yKQZ`^^tE&we`OF2_KF{
z08i$p!G^i0y+A?|CKa+|?AHi*G`wNXfe>oXh+@5J${I#kMs-vi6Q<jf5k({|m)I|(
z*<(uBuPukm)#-Ou^#~2K?Qyngah=Jwa!e4%oWjZYH)2zdliDFF>cV@P_GhCU4A2l2
z1BdVF#Ujc~EXxY<*GIMP(XR&_t$$>F09sAo`Yw`?wpQGMb_y5(sZ!(yyrI^Od}7X#
zTTdISkDfjU6<7^H0|hUOySjH!{967*EusVPr3Y;|4#hhUmok?GXq)ATXp<dEsiz0|
z%!avdfpPoQJkFVoh2;0HIsk|nI{^+mk=t6@Q%E%JMPKSJtn%c(l|-104tlQOxCyX2
zPq>ynL&gx)!@ao?squpskd70i#ru0zb9gPzi@|KB9sr&d0jb$Wt%X~MC;EGC_V#Q{
z0@ReoaNXnWwKu<s37$E02Bs)wMDVsc<s@mP3$NM2ck4~<7SF(Wr;Pb+;3m>n01eqA
zmU$4VBgXGmDfo8HeT9w--+5Gn7(T4=!D&=Y9|GW_Nh17lKwVoCtkGbxCcBDU&n70E
zvt>=mPr>kkAx(jBWZ-pK5-s~k>5<zulEDc?qLD`Sy8z-{{NgMp=-<|2ApikB&IF*2
zT|gd+YNNYHi-9rw9Xr-)19I36quahoRbFZ<143&jKxOn!2@V1@&mrvX>e8-E?<6w|
z)74smU3I?prQyi{VQXW!wUP2=`NmF-YFXzOS)<CFhq}4jF98crrT5(A09^4(FoNH5
z%+NtxqCuDlyCG;NdH(NL^NONv38sKp|CDaCmOW<1)lAY>9Cl-+3$N$?#foE@+oLt4
z@%#S1aa(+LB6*!)CAhD+qZy~z#gYLh;`cz#e}oA-K{637+<J7ry#d9qys1<v%$!UU
zy`CZC|9wHfEoOp=($*U_{XA)2Xbr07_FRaCz8fXI`JE)4NHF`!T4(;FtA9yx8gwZq
zFl5#0;8Nd=#r<f-_;A$mZI^z%D&sZg1qKikN4)+d=M#qv0HJ{6_As3vx6QG57XTFb
zA&E60hfr*r(gA?KIF7+8z2eRCrs2GJEj0jmLH*Vpe;w>bw!E|J0wV)OG>AwQGZR0n
zs`9IycR7!rJK8N;D0gk117BQJ!<UCW^?9f2#TS-X=dYy!pdBh?U~>G}xC_J=b09s#
zL;biR-*HCECkCRPuZ26yi{dl8+RujB>kD#KRLg%_@v%KCAqnXiRq_JBQel2WU_S`}
z54y)TNPTVrc~|3{;L8csrYTAzGO&KChcHC4mxx3L9?VZ&ER0b%h2BffR;V-mRPG!S
zMR~bjsl*j#YL%+?L4!glZ5o#$5sTIohYk<>H=G8a4zCVB8TaH(zk9y33`5;mk48ey
zo5G6xOo{Se>i_bW=6@`^_}nZ$JrqvT#9|8xfik`~>1h$jX%ftv?$kpvOr{bCEI0t*
zcNRz`Rn_`=DU*8Ol0~1gz$bckAklT$U{qq5Fg6w-H6=0yx9*5#eH-(vET`!_Ukk}F
zC5__Zg8=}(@QaMAR^AWoDUfLZxRQzTMx<Op0UDZ4Y=bDXRE^K*7yvwYBt#TumGi20
z!MR#WvZaM1VLfl3greKpf~CfJz6_G#tme^JeD=$cpd!vxr@oGw<4@fOa-Vur%1&ng
z^;fxS^K8M4=2dT<M8H1iqQqaOG>1_YvW)l)S+7dcWUXgEaqGDd<^QY{gH<iCV;CrX
zL-((evB|nY%zu{&1x{9(HmR2E(<s3tBRR@APL%duOzfIE!wDa`y_;VH3L3(!!Ko&K
zy@w%aFoxO%f`;T4h|N+OZK58-o}kepG3q+AsWZQkF=H+^C}E5LZKSm(TIE|LjsaJ6
zQaaT{d_-~weiSOKG!%R3jX5PZC{L+ZCl+`wPof3o)+&NJ5gfr8L3t)nH$!kmt^Mj3
z7bv$3E+YHoK0I3e{?}6j7DyE(!HE{`Olu_g_~*a6!d?h_JSrui4?pg(*HCL59!&zG
zh{7g$TQ0O+>1}oU2adMxL<gUpInG&za$gBS^X*fx{ZP@&h95G4_X@D}7vq*-5_8n`
z@xQjnssK)EcQAAhzUq!jMk)`i+Ou-Wk}=6d>rVSX-7HUiZXOPD<-jC7$PKS*C#_}(
z+ZV@=j3gn~N?;+!2;3A>H(R3GFiz9zCy#JokVa(P!QQ-XqE}1z>ZE(gG3P#`CXCAF
z;~{Pq@IEORN$(cZ&-F3-^6-Ev6OjK43M@^*_(XxnVVQbrGr0F-D{I7*tNTuX&E?lm
zV*&sE7n{^JuP@94KWd{!`yzOif%+c}W<ByUDmh4J6gQT|+`odTIpD-~S*=o@nYt%y
zh#%U5w%=2x>m|2BAl*tmV%Qk#Iho(|$@qs@>aYJbmrMZ?0p{%Wt><sLT)(MPPdUmx
zeHogo?5KZyRAhozryHZBSDgj6i}U%kHU|*m*fMSwPoLiZNg(MU3Q29p7V-d2Ju31v
zyN@Z(f1zHS+#BpW|8z5WyKy{hX&vdDiJhl&uuQes=^?)_XBxpD(sKVC8VV!>?CY!>
zMSW>N9f8^RsZZaN!EL-lCRJ$bihS#`fBu?QlpQg;^>M>}s|!!WC(Lvzkf{+riKT(n
z%|)d%%t*0BPPD0|acIK+wf{RkElx-3^Zo<_)fnt@MiRt{$&<Lt70|_hU-UVgpYq>i
za*$-#yTi#sJMo_HF%Kf^1BX<dPm&P7V;mgQL3~6ZwR83j<5$3C?r`zJzTqiK08YN0
zv-{5-O!7k%R{1qHl2)N6!q&qE%;X&q#K*?s8sYM5lh1;uV3O5N60Y!XYi@Fx33P6u
zzIbo!J7tgm_w@|gvE++s$&^<|IUa-eKmASI9IIcxl7*=OT%u1_KNh8-XTLev=#d(p
z+<Bm9mvXZTJ2}t>f{k9TLAR3mtG}1)Ip)Bx05UPC35P`U4(^rj^(5!3_pEW7OYWTu
zIIm(WXB?cr7@Q4c%4lTDX|4w0;y1=pbI54_PMKCNsZ9B}z#rwnLxM_Ij8;a3_X2|q
zqNj=`C#^wUdRwIX>p^Nj8Cs@G{ZM#cxZKp#w3+`y&0<b`Z#+9-N__Vx%iqJV)J^y0
z_lJO~zb5cfJxsqpX3qT4cVk;yU#I4YGv#5Q;@lSlvVNK&1ThuH-D>{$5^y6Ec)zcw
zAklUU?AS>ta;GqU2tV$$ly+Ugbir0?!B~k$I;%R;Z?Zbkg0zjWQv+s=E|2qv3$BV;
zpn&9rzI0Gh#0Sxqpa8Q!fc(Y<=&Ynt1pdVG9ka~_F#F8>JI;UqcdTbWG1mtnzI8<h
z9V6s5`zGEn3!_9}$LsJjaF%gh&^ZP{WWA7b6`FFJxvjUYU>TlNjK{TQD+qHLeK;Ss
z`uBvruA7)yYY-krR$kQE4QW^|z)@E`{RC;lUJoHaNKP;!odx}@%mLMCrh;$PX73BC
zS$~f5{I&xA`OO6GRJ-!$l(+*6PuHESe6Wl8lY3$5BX8@<cna5uf2BC<6)RbJu?G;6
z<9?bm@L>g#O~AM|H-2)4(aJiHryW;iKtsM=C<<09TMWN0H`xGvspy>gl2v&>tqV~B
zeIoKf*1#V2+zPiL=Cb$)em0y=$XZi3_xZ%CYSOQlhv>DMyRF<M-yUL?jgZ5V4b0<z
zFbDb*Ka5PYMA?KN#={Wo9KBrHQ8YM#`ZqosL5+;NeX=3<OO+3aiZMVsc&V4zbGjKs
zl2l>)+2#)$Ich`vO5#^^l0NMh$ZPX-2hsMJzK>#{1RuKUdL2(c(BG8Lx`{SThr3I7
z?t%W4YhAoAi#POidVLc6*IDa7O>ofmqX+6+a~XZ%Uw^n(B|%j71A4FU5ck@2M0Vk_
zm23T$HEX_EM|5ykO69Urn-?pY@Q1-39ai5h9xXhdkMRv?qfP^q(dYdF_vLu?(q6~V
zzz(PRG*rke8Y|q&F)~Vn5OGD|bvtOEC4tguMbq{(w95GDtG7F(?Ll2f!CMh6u`bAu
z6TDvEdEY&BoOScPA|3>jPXunsElr1xi7kJci2-~*Pz2vji@KX5?^Li6Kb)n29^wPO
zt#%5AzRt$ywBaksr_pHDpmXLep*Lyux&vA?V56vk=yKzungRq|5DUyRT*T=XxtfGz
zJMmbyP1}pt&|`SIEDF1h@Q+bSh5Wm^mmBeVpGv+LCx;%nNrceJnMZ7Bdet_WxL}UT
zYkX(vkN!!{YI7CpM3t7_gQY@@N4n!21?<>3(NKHenc62OOBc^|k$S4wa^oYN*?qg+
z7cOXS?c~Mw$L>Zo7{vg0^l@o_+!p;h>wq(82}Pg=#;kL^&FXq{M-FNTz!RcEWCib(
z=>hf5!AS5(Y<Ml-ezp(2fmr8)m(siVrL3!kFK@-wfvNIUHGL6rGpnC*c}w_&^MpW~
zchm{qDcL3ZU!GZ1+nJ`Ft8q|MaQM1cE}lsaP267ftX#~%)g=Yzgl98oDISS?lFAvg
z79^;HwN5O8ZD~vN2`$gL1LlTG^eGS<p#$J_1#acpALYv<+57n!yXbf-aAv(pZu*kD
z9_;wNFw17Z<m-Ek3T@%@TNiXJso~(`{_1FQP6`T{<F5DnI%Wz(tD&y9;!hMJ3i^U&
z1PFHj?BeB(sLOT2M|7MmcjM{wp8Z(QL#-d2cJ&>mG9`}nkLH!ne(H$AZCERofr}vf
zh7OdR_@Kab9fsi?PHm^VKb?~HzO6DY2aQ~vG=I1PVYVo4D<Loed2t#`azg`B`>#k?
zXs|bHEBI16fa5tYyI!74a~*E#)G~`Brv57}B74aZx2Nk@fW-3-^5dpm>|_i!O0k6(
zc;Q%Lc_<=+O;YOJPSgu!ks3uK<5f<YwyWI_2}O<$>>@~soT_g>{uNBPy+y-tf2aAE
z4z_HMm(&<#X7ks7wR-R;Pe-*m(^z1|_|W4|M{L!9@}MIkE^LHquxn0WlOB*;Ex=8T
zgkax&qYgH&Rjcli?{z2i(9DUhD4M6(iqwA<mUByz^19HetHWEK&LrG6HzNL!pMxA)
z>lURkamh~9agXMyndbO;g;o$QZi?^P`@8DYd*H62@`z+60-UA8H0LJ!y-i2pLj%<9
zgY|nztKI0JbeY*A4$2qV3{}hF;1p8*L$W{DAN6L?q`8cyldp*giIz7l=3ipT0$oyb
z(ZdFg%Jm|+$V<@8cJ?iTFZvNBUkd}tf*Q?70E$FIQFw?qu!JYd0}nAe1kQSo!rmBN
zyZyqk&5lgygyX~HS@99fNa@f%Fvgr&w~9JtnI_IMx;PZpLYogK7TEA&Q}a?G`l?#O
z3@4RVyq8|*w8Ka*-KL3)yP*+z^eLGXkbWyTE^H_Nn$+?w)|BccUUDrxAWtc8Q$U3w
zuWBDo`K@vQlf*xp##Qi98AmPYDh{s%u)(J2`*mg(-Z@%c<m&KcFCXOZ2;nZWZkl;#
z@m>g`S4+C*XASb!PX`PpmZ=gyd|{G^n(LJq2N%0xw(*Yo8-C~F{ABGAgmf>%s~ux>
zJ<*BLeo;ujHA1fzDtgX8I{KdWj{-<F-$}Nt_swoTh}Thte6$3h7Ov@tur+MJqSENy
zbDagfGurEiYTNhg056IovDc+}s!n2^{4c5FP_$6oyn*YKdeBr*@Uc4EPYtpGuwT>7
z$RZU1nB?H4oZQ9Hj}Ub4HiPgcJJt!ofH+6}Ic7N0r?wZha~hXT?6SR_mY7b8KLq7M
zhy)Fbu^9#l3ts2ZzXuz@G4$7uNFmZ+0g|oA;p4poP@LvVqK0}p$h8GXwF6hqs`mK}
zO?YCk15phK<!aBmCF(DaNxhX8N`Y52s3Y<97Jc^UzMe5@=s6}52Za9ThE!=To+5YW
zu|&ZTE1Ql)Q?4O<(v{qv%wEEda`1}15bCHf*vBNWVaX>!cAlI*F24)a{b^EB9~mU9
z6IsVKZC+6bF;^(DE%C|Nc6Hu`FXFZ~wap{LFgn-(ep7VE&s~a|htYhW(J4R;Ih!-R
zDoEPX5q_e>Z10yjxQ*+G%W!CDI+W-p9qeCb#2Mt2Bs`cU@WTpZ(aZBsLzQc*SnP<D
zL%A}H;-rz5WE)b6IyA0PYMJ(;aS3u*S>E<!jc1J*5uw`hC&=4yKxFZ%QQ@alYgsDA
zNV)DV#wap?3bk4AzqNJ-l!k!6Z{4pVKg7K90Qs$j2g-E)d>KddWB;u%qbd<eNbFeV
z3<dJ<a4mr<3`8F?I4i7ywwBxnmy87tsV<D1?;akAbL>Zl#R2IxNTIoyXcWi|=_SnH
zC@0)lFktn6`C*??m)N&VKBC&o0ycH=uW*!O$~Ei=khts7VQ%`ZFdnc8<}QoF)_sUg
z#V{lR7n!>}#2V|Z&Q8)%IT4@8*C-zAi?kO`R62HCa(rEyFM$LdV@Kc9FT8^S=74Kz
zObNuIf=dS3j@N)9D(HMHf?pv%(t1hFKC%n{rwRVwriyZ66!;>k8E-l`i-pNuiRwi;
zlq5DT<l9WzyCo7a=R_-n!<$y-ta>P7+;4!GvdN><@74146{bUsHrPNW4eYl7o%xIk
zl#{@GhYUEIOFTtO>umstw&Hua_aBVDn@r!EzXZxYvNWd$Yb67E#>%8z2`p=gK$|2w
z>`@gZ9l_dxoF{W7tuu`Wq98?W^`NY@?MVj-iSWyc=YV7t=~3Xtu2D=tm-dOF*FyPM
zEkDdP@$2tFAGy^Ak;ux7b%^2bKnj(ijV%wv%nJe#{6m5-hHqa=szeg*#yoqyfY|2g
zHxUSaba|0x?3k^<Tls<SXPkR0i}3Jls|mPs?;t~h=hv16k2_L!V+Z6TXoC%67!%@k
z*QSG$Lz5DFpvQ;~+d5kFH3q{tc772FVbn~|W4qC;sEDA-CA^VV043nBK02EN^yq`C
z_tRryN_(Ge6BHn8OFSOSEU_W%BIxV7%b0gd*hhNc_3D?5Nen~3K@?V{HQ}@zn;`bH
zvidDxM}Yk#qTDi!;wi2thZ`P_b^>F~sZ!GZ{7D5F#&xZ$0IG?tS2jxoICBFIc<Tjz
z76#<LE*DGF9<u<b--EMg%J>A~&BXXk6!7neLJ@s!xa2|D{pW+r>DZ9>(~Jd4^xNMZ
zOOq|p$;d!rE@RCxJ|5!n6%%GZ-#xKBYzi(iTK*SG(rf1!>L2H08c^}U4TiDEA}H0v
zlXwahMbd_Bt;AXzGyJfT;94JfLrvvh9!|(d!hq98AL9=%bFAABNJQT?0B*PdTvRjM
z-vsg==}f7vB!xYUF5g8LXO0z#n_dbF($?n3*4}5aCM<;1;4(;LGnQz$4an=PM1m6V
zrWt`6E^WPXJY7&tA>_M(vy^WcaLt+>=7Me~>L||&G}Nty*&=k=;rhw(5-+ly1|eD1
zUxe^<Na4$)Zdh4f=`S<BWY{2#@3-r?j#u(dUs%Tqn9B`#{-bhx->s0f?EZ$@<!cV0
z>N5b!I{Hn=G2QN}=&1A!72ceP<W^^em#xPMG%3`?g0tqGdNA;)`94G+ybNO-h5ukS
zEf%9o{0I!n)FCe4lr}R0M4ueKH-h1fs1M(K(f3bnNHV}nc<F$RUOagtInvow)P+Ra
zqB%JPwlyrERxYGKfy8|_TDkip)lcLF3T!0#T)p{QQKtdmNviY7E#+HLcDpm*8ov_(
zB1^mMT-j*KWE!R-474sEN}q%=mBn&0l8b8`5<2_Z;=z*%MS%p=nJ-X;A?DA!`@}LM
zF6#h4Wxsm<MGk`%mG6p(%~37VSPX>5h9oA;g*{r~Q*kD#6DVM}5)2Q=M*A|<CN07O
z?{tvpKObHhPnvVd8GlG7L0Fkyilr*RII$7ajcjjgjM~&y-ZQemw+)>p=M92CunNP`
zG|Vf61Oz5rhWf}}%WOHJ!OH?CspKuPsmXdd84JVS{AFZMf8Rw}iL4ocu$%`OG%cxh
zi2r@wgIBuK)f65DXr?ORW>C2fJkRjpKTf-%+;7>M)!&N7z<wQ8#IMFi!G66ya3D(b
zLc)gT`TSY8N6`>K=qDGdke8SUCOIRx8ijh2AS$GcIamwA2CX0dY1?+5-)j(p8tAJ|
z9FV2HCRPO^KS)e`U=Dea3o3c!J_uytv+zY$rEC}o^wMUBPi3iYj+VSPnbuX6_N`3|
zuTBZSfN`oXhf!RMIZsIeFrI}eJ2;aV3Z^(ZEY!&6)e~%kf;&dWYag55e~)4>#fxk~
zOsV>EuH4q@;1metb(}_i#DEyYZ!aqnD-66$`i+emWnUNbCt!J=jU-ZF`V%{rJU$N0
z{zo`p7o<#k8l_*CsHcyMFUBSis8*-4n8dN##_8j5-_P2Gp4GhL)38PSc#a14D>loU
z5nDV|h)>)?nE{9siKq-0)kA`-nx65~bh(|^G^eq?((%#r9AaRkq2ss0zT<sL<?kH*
z|FmcUg{EvK4z4y#6jwQPqyZei!feEWqm;ZFRDBHC^kD}!$gpbTp~pT=fp^_rSTQ%}
zjGUGJZdkUJ7Jx(w^@<9;>S3{SM_hKu^ctg(0V$fmrNKE(_$(R@Q6{8e`my(YF@0Xx
z&#YCy4S9bK%3&r7;-5k~k|@S~JPh^i>Y8D7bbuoo{CKpUXrGB)DwAoN5J4CmcR?%*
zvK<3RtO(yxGU}ni>?0!dK?!VP{RI#oNLFrPG0-A{G-3UFiU8puSArygGJYx!;>l2a
zXq(@IyoTj+s1t*38HS5gDz5L<OPE<u);Z4N=mj1=&z;3K0(>GrlyM$((w-Pu#bY5z
z-XSP3FCu4o-}E|=BhOIydY5`XEX00tVu|3|BhI``30G4A9|P7x8vNM{%fOT-u(xZ=
z`apE!+srQ;tCzx*>qIvft^^2W6Ki)lVCSY3{uxWd5`?)nVO2}WdR*~2ZUJt@1<v2?
z+mV7@25JG?hFJ$KlV>UhO{otTM8=f3wO&{xl=h>e(X9r9A3Q^~8^qj^kK}%~*dX4J
zLPE9YK_r#?xHDS8v#j%Hf!X}9`?9Lt-ij3F2MS#mu-pI;rI;F=u@Q#rhri)l`MyX9
z9VVmyIQFu(E%GY`{O+*^hP4#zsG_Wb(mQ28FB!3&krp5cJ~h<>=<g$GFgTIU-ljR=
zDRF$UMuI0qSAoVM@^HJiK*<Mys5%!zd-@Xw<dz)LNd$NvXEJm-tAh}2Q2?gp9uIJh
zpARv`?jBV5%TeaGs;v`|rSj7MlYen=uIAI8uKOcRhzBh^Q_+v8)sS|XSkpM(ITkct
zZ=U!SF#hJo;+Orv8e&3(f+#CZjJq7V<9titF4yU`@%qL?GmpNj&4IQS@*Qo6VHci>
z2hYai%y%nUzPQZ=y4SaFod^3<V5V1Q5Lj^HXXUr}fVKmK+x=UK>p5r~+KRpYR9;GP
zIW-deA>=&x{WP9;Xvq5y@3^<shhiLWg=KbnLIX41u>9_<5qT~q_{+R>#chwQbZZHn
zuRq(OuWw(oExPhCWqy9zfA{nT@RapP|6B_Axb}LC{f1=m4R`}j13#CWTCgJAAJU@f
zY4+k<-l$1RofDjCp{{_V*ei=wGC6;O6&@%%{6-4OjG{On0i@GxOv=t7SxM<(4N@e|
zIIrM087J)dPm)dvWgFk)%L)qvPQ1+Ny#HF8|Mv3J>EZSkq?LTpJdbu4Lfx$j&m5;Z
zm7on-AbR8lnd&aU?`dFWTfJii@6I=~Nar>~YZ^X?zuOF)C2kjwz?y@A3IqRo)Tz|}
zIcI>aEKIBacz#Rtz<0O{1x3ehMg1fC6R5jUvXQ>T9kdH)A@=@R2M^hI_4G+v6vZ&O
z7qoQF2hDDv8w8K}i*8enUym<JP6d5idEF6ph4P05B5{|M<h+s|%r6~)cXl&T6N>9r
zr08=do9uN~#roI$LtNhK^<%)8LTA8flxVzoSI8{*W?<7b9~2J972YXE%)J2l7W_ja
ziAb<Q@4l{nirwG*rFYn!q;1|4csJJ`RG8su-sk^kdb|s#x>=$lgC7<K50|ylpviA&
zPrMUGfr22Xim67GOXye~(!+2ZY)z0f0vl$NzYoKD27UGPA|min`k|=^4UC;xyGSmL
zIL63gO@&z@5L`1$r>qrYyiE5T2PRHd2$V>*jc6L!99$Zv*rfPr_8JRyhT0e_i)NjM
z<=aAo6%-_BK}&)PMy5)ZKPH-AH|tC5#^OS*D6X8~j<R+_7E7ifVcH&xe@&Qai|a;D
zlsS04ONahkUBiYnjk1Pzmy5`wh3C2r<Avue9uq!Pmd@!bsT2Z>#8khkHSmTWmE>0H
zd&YRpWjYMsd(Q<c>tGRXi55oN^6y<KJ!%_>m~YkagE9?lJ+JW~{`_x~oahNKe~83E
zhX$st;(XB3CB41013;(4XBJjLmoalBVC46)x>jCr({}3FWbYep+hR(EmzP?e$ThJq
z=0YK`l>U#{`xDD{8ilP2(UTVL;+FO1oxi<Oq!0)eOYhMG*pod|x@iJEWfUhhj>qqH
z3*@y(cYOrJil69K3;uU+Q{Kn7O_7E1Fzl%xK~$#G?@-*4*Zv(vWmC}WZPY{wE+4iK
zBFYz$r!k{~R`CNA)fa~XfVtc#Yeg;~r8(92h9*ppb#<T@M*+C&TmNiNk9^3H&AI*E
ze?H|4rmGQI)}_8e&J0$tc|-60Iu!g5EgP-<(t=;$MBDBKJNDvTxvnMa3R<;%d<?+@
za{65^=-9PcS|KK+IPZ^K<$gASV?`_c#|9|fIZj&Jj;QM?noTl-8R-O1SL7vA?f5qe
z<oznfGAt7Ib#Nlh4qhu)%B2NtB`(<NqlnH5+98N^(KBa}ZDZeb8eQ)gCunRG)fCI{
zKvBz@;^E#?zwq{5y~fc<)z^3V<7KV1q>8S^SOmxg;O#J@-<w7EI%Ahd;puYv^1rv@
zsUas_VLR)cS2)V=PL~;dU&pX1WsTKp5zSMQ_H6xdro$k?nhfaKOk)4_7KW}i_K}1_
z38EC`9VHy>C%7GqI{^QN{(;_K)EU<aJM?#o{_BO$%*aClWU1ObM(4=%QK_Wv=a(4i
zhx7eBFxpp?41KPeGhZ3Z@(OmgRyi@+f9FjKhM-}du8#i_LOu$?A?+czqe4LkY-RMX
z6dOKa`RJ5MX1Jk!SGMt6ZiU}vXsOYq6dAPsBD%{NuyERbtgA+B>g!iK<f)(E!^xTP
zJ0h_~Ux(U)TcH!97A#p8Q-e{k_G;9di;MheCh;{d$-$=yGmN&q1KCpHyuh@0Z#B$g
zB#w;m+!cavy`RoG5jCo@w>-r(8vnG2i0Y8U1R@I1e#%@ri7Z$+X0(#ldNEjQT^t?<
z4mVNo;Im%R^nfUBrL~uExKczZ9e&<R>(ze(d=#_S9R-_%``JS62jW3Vecb*`ei+9$
z0S=7P!HvFuSY05}26m%T4!)JDfww3nvM=#bhX`52Hr7v&-b8*wm~0HLqbRz&4X%&M
z{iK`cSEzcWzw7<EdTLbhEgSuE%0ueohY~w|QL>4Ho!O(B(ihNeg4F;j3`pX1?t>7N
z^w?oBF=sotSZIhsXZd_M29ES+SY)>ZWh7upSZ2P{C<gmh8YBJ*YICC1_41ePtqN9j
zb-yEi7nGeu3sYO^FIB_xQWweLs|5yMW|$dX<8d#{b5-drQ2-KJx=iWn5e56)mU>e8
z!CZ2QYxWH~HN9EHgE%Y~Dk1!Vauzmsa-_;-(T#A*v>__8%Tl`kbEPwH>OE2%M>c#K
zHtD<MBXX5o7g^mOoYTNNt*MICcw0}C?0QL|TDGm-$ExA|^Mi+ziZCAc^8R!M_UMz|
z(0O9~Gr3Q$?Xc?d{z`o%^dZWSYod98#<&!@G=F-RQ=FHrr*pSUrZfr4WDKq&XZ2lJ
z-Ip^o`Q=<&`uJuG$s}=~!zOgU?X>v>;wuQf@%Bp#gv@@=Ui!@}{hN~JDW@BsMS(sX
ziTs_d3r7h!?eHLy!maY$HXJTmH@FoJQT;U(I%uout>||%z!K@c>a9QdUD{}SW*M?2
zDfm~xpO>PF>Tiuerlj~{C)LE$zv?~zb2;vSxj!dk7P9*Ji6t!#@x!U;|EOpeYueD)
zOz?DwAhSK))<1uDLq{@M_=WHsRk|vwuG|&fA_>Re5Eks>dm^m=#$bZ=Zp+6S(7+i0
z8Z|#Cdd$64ZiHnbmo|qWLB#fl`p-yDpr`(`^4ZrcI;W)Lq?b*OjqgKrZm{T^C0xJl
zE!5liiVet;I;wU({LuA1j=1rE<GyE8`_<B7{p7tg(!Vkt<d~zeh9j+Ay5xFHkuP{;
zRZ28yIF|Dtv2rkk*R@>M7}izN3hq=9_~GpIn9|*UanmtYcvFrJ>>ezphzV#lbYAP?
zI^k5^J1}jqtc$L_{lUZ#=O(0^RIuZpXWd>MMe&YRDe}C?Y1&uy%i53c9zN0IUzqmX
z)^Z0bLzS@<FROYm8^(p^P{~tiI#O&)M%)_Zp~h5c3Wx%99|?xd_o|4`2dXRL=c+;}
z>`DmuhwO<?22vaG*yHSBT(OMSXcn#~q5f`)`O0xe^N@ErNX1jVZx80J2fL`yT~<?1
zi!Z0$%}-RPB{AivCY=sK^TxKw1aih}!Od+iR*W4-7C*9l@JgO3Fbx|TVl0^(N6`*<
zEoF#(SJ}YIAfzXZqKXt}M-NhnNo)9XK?OC=akHZN&yM?>Kpcsbt+FF`fJ$`ox5fMr
z(@B#MAg?H9!Vp+{Gvza1ap%8S%8`y5niL9mMqm1kkdm9xK)Hsw<(us?(tfVOWKhhc
zhiNQ)E-^k{wM9Wda}Og^ofO)yS=A7QIwRJ<!%=8pB`kj18^(lcX-;2`hN7YV!fL^C
z&bKEz3}5?Q=oM%a_+?(8=2w<(BjF^3g*PehX}j6%b~&`kObBU3_H3cVqgCK-k<B;A
zocT<8_DlsI{O!@zi<NvGm2YEN>u`2K;h7-Po`R<$wg@GBFYcS(i1K0HHZr_b{=@C<
zh-)8yY!*)CLGHdf&LC(m`>@u?&0ZPp<k4m8nh(u4=zaU+%-G5Wu~0_OAa__W1$Sqx
zBXm1<U@*9b6(@vR0HjU(n^9$wh`$H3ofS);&7dVWTrPdQXEe-b%kLa^@wJ0R9uY1u
zmD7Wuy9nWFjqv^Ce8&Pd?YEpR%7Iac>X)#zxo&w%Ow+7Ss1Zp-RDAqMnkIFpHnZbj
zfT}wwnhAd!yWkn|cfLKWX&JYPsDrx-iw$mN-kgAcK1stX<~Oh=^2dNKi;w9b5M1E3
zupPIY>?$WK5fG!K@B4YSB;%jI?U|__n%6*YcyjW<ajo_Yv7?O7=`4uX^<#j>lu7yz
zUpm|~1`Aytkdr1cXps*qK5i{>Ro{HMY;=HzU6@CvH^d>VhEzBa-mf)VU?gF~E{EuU
zdVVZ=_CZk7A)o*k3jqz}nLEc8`0G|@qrJo35UzyC&Fw%aR1`>~OS93y<Xi!<j=J{i
zf6u>fT!sh(Jpou2zlpOU2+4R#nL)=R)_hqfl_lOFRQT83NjGX%Xa*|o)N<*Ph1Ha0
zvIfKI2^ZruAy>P;n`)jvF+CZ@#^*Q8wkdKTUqav{3hM$bE0oeKyLVrTe*KH6@Q!UY
z#~X4h;|hz(&n%;TT)xo<mr_;+a+6?vFe?eDPk(CA`S$3KNZ^$vF%EH^yvDcWTqaoO
zDr$I|xR8F+em2f>Jzl{R5~#wXKv+$Rh(f8?@zDHed2<z~Dp3!$@e*C8r#%m1BW2Mr
zgOkI0wToKFb%lDd7Y$*d57PT2|0$@jR-gv{0;j9bNu89D;DnnJjh%p9hW}`_Z;%eN
zqM!=|+c|QcjP;dj#5o5UN%k5UC}$rzyYASr{3XG?^dNkndho5s@zZ?R_QHVRuJh8X
zYUnSFKknZEZEle7XLgbC@`!X?9Z!7_Nhv%b5F8~p<>t=tyPM()_X{^EMDo7CJD$lc
zh8p;}v!Q@5)JTQ(>BOG;V(~*3yfB5pSd#Fos-+<2lyG#w8@#ib_|EON+UrnH{+uxV
zf`;0hENI?re-L`#qAG*%>%RW^!=e|>>k_yZuGf=U{BbmKn?s$yrTS$`sK^qdP+#u6
z7VCh~S|rPWd+(6wEQqIjnVuJPJVl`fW%FHyhR?}50t>;Ew!4KJr;|sXKCZrAFK*ON
zynKCpY;95>k8^KqY!pz=KnJ!Lp!_TT9Co2Us1$(1?wu8^&&q~P)h&%Babi$rTGwCe
zRGcm*zhC=<=WUB%u04SK{z!Po4ic_VzB%{8h%F6L5lv+vVaa9ru|wwU&tcXZ11tpd
zj*#oq$D6EH^j<b%$5K!hN4o;V2<2>aVs#DGJBWh^ZVj5M^V&KtWhMl@zN1v_;<i`g
za`Q}SZ~TQnM!%uAPRZ;F3bB~O+;pjV>4syB{jsP5kZN%~qN)ql^FU&ug~xx!ZT`YA
zqUxk!DKV0Wx{gxkn7Sy_hVM(Va3V4Cy9PCar+AYQr4~V@V<b<|ORdpoyi{}zz!2GT
z{v$jlEn+n(tDz(EPI>7gy@uz8O+lGr-dGAJ?;_U^i96fS;omQ6CXc=a?FwDF5UN>r
z4eUu9_!Y~jX=K{70xDX#%0@Ns-`JX<a~^7c`RB!xoXV<{L&hrAAlmiOu|r%&DUo?^
z!&Bm8quSgV=@Dq@x^sof?#2!4a~K<-N()bC_mterh&HF+UFcV017~fRp~E|^j=V+=
zufcO^U(FZjA7Z|OD^5h>nzRWK2_G*&V$!^SKNeRy3gr#XhcCNdbUu(U44{nv1PGQ_
z+E7IQ)%M21)}HUvTfPJAXzc6ljrqMvoclzkC&5||>)Lqb^OObq3Ydx={V7F@Uzd9f
zJ{~39!^=PbxgAZM@AkVUKpvfA<TVhr;cXsdBM=XaZz%&d?CvapWF7YUkDA8aq1;p%
zpif#t@+46VI6VXk{+h0R`^vnh-i4$(_1Axco$SRbf6!7jHtYwu>lKM{SG&jM<v>sK
zc0zyn(JvK2Om8l;<NBN=ByO$GodT4<lmZcdk1T$KCFTEXw+c<iOR1g-sJd0!57;aF
zXBgM<dcqyy_h21G-g?Y;t?jxc!eR?;DA^xm%asRqKM#Uxtj{@=u2WM7-^c;wUO-=X
z0y{0dbE|>yOx*x=5Z{vvrx>Rd7m<d&j#rY80f_Zkpfghg2?gfkl^cX%FDr;My`k>Q
zb623vKUOjBn|DT$g3vFzs4$`k4hOa;z3e}jKub)g3lMmBaJG<B%s%`r#~It@rv4Wk
zDX)y(+UFuYe(Z7HI`Ac=!KzRXsnhFkH^X`I{$Dops)h<8RlZtW@#fMwAs7qzY)#y|
zm4wKeI-5<ju9_f<5|rRvLjNBZ9Dtn{renX2Qcm|sZPIjxB}C#kffnLGWg0)=I#taE
z?o3_#!S|F`&@z_tkHAu2eAE?y8Jv!C27zO~1p|FB-%0Q5J=gbc6c`(jEK_4WY(5KV
z1ZQ2O=)VM(6TR~r#YBFR#<4=YleRNdb2mAltL3P@NT0*+cyM%LJ3Y5GBdXO!6tHE9
z8q(*q2{;m*o5nmOe4)O3F_v%0mDHdXs&i}a5{z5$wT6_{zW19P7h6zga<@@Xg-$a(
z5=VYD^LBD@?x+~z-iL*`B0@WPOWJ}4gX8KvUzXRf!m;G0l`5@Aj8cTgC+GP2`aa-J
zKFnbb-0^%}2a(WDm4U<_9ELXS0GrQ_NUAlV(w)qjr+zp8hpMj*h^lM;zq>5m-6`GO
zf~3*{(zSrn-ObX{0us_8B_S=%($XjrlB<YxDBZu+_j#Z9`}_0UJ7;FjXX4&_cFrud
zR05^ixFbF;5UM`cJ8<sW$X;nMBMtjX=MF@;9zBf#(A;Zc$as=Eq?U&GnR^Jt+YSen
zoHt);$?Qa}!^9*$iuqQ-t?ml?qK0EA_M^{Qc;d+Dc8`6}<Pc%?UbL{9M&GOyU;ERc
zoyGKocHrn#u1utVwO5CJO<!c2?c#Ngxk3BFre@q{EjdjNam=Yq?i&tBCSDVR(z^`B
zbndOg7Y!bH6mLqMNQ5C??hZH!0%7|<6oClgk6<9i$Qy9&Xyh=GR{Kn&T+WviHUuG7
ziFQ;1#^cDr3u<^KVNzT5FSrGy%-^88623x*wmh!nwR?zxZTCYDrZd;i2hpVSb2pOE
zj}o#BE8~W^l2-L$H^|5ZD!iosAi^@sf)8D2l)zqC=t67D9G^Un9-ai7Tf^s4uSMUT
zIvE8~t-5IU9h6rVpt3mAk+We=l3`~2Sp6BjJAV%9afAGz&`c6&3v76J76jjl2vGw9
zjr0J|@Bwd@cw3e4<3T=afo}l{I0riPG3+`@1}ZDz6!o=&0G`0&WAgm$j20E{luQ8w
zNtK)r%0OdoP<BylK%)7DTzOGPfI1&<%Y_aJZ(^7egx@6{Z2S|I;#2ulTR+9Ph#YwW
zTitAS4<39H-Ko&2o43o{1Mq>HnT_H+4`Mq31*T5kFKxT3dPNv;c4%dF)JB=lAIraP
zNjuT`ncV$d93ke@7h-$AXGI#$_i(EpQb`9RJZe-xsxJbdRFp_PnQ53#^@{2%MzaVp
z`Gy#rW9<F$)JA6%<R?^ha&66mF{afrCSFKN13lO1ov6JY=7w0u=7mW6KgXB+5l%!+
z-d!h7u=D^8`o*oa6k=)l6^(?r=7^BXp5bDF3!<gT$D5PWLu78yh!0)mq=mD89J=ja
z7Ke5m_BEO^WU|epI0vNB!knvxsu2kTbFw%9HFM4bSKBqQtBV%Zjp+23MW1ShrYltj
zyI$)|HKmyg#%cz+a^c#um=}I@h`sxz&F5<e3e?+p&>9@h@>TLSsNw^;b?j2P^O}VD
zOMSBhw|p^=DgY|0c~y}&Mu;WbYr*`Xor7JfG$lzt)|Sxu!@=j*&wYw3I8?*G*mRlq
z`^9vAY4chJy9mLwxJO#-J*m|sD&)D{cb|8*NHTA`&9hX<h@1V=SHXev!|F9u9060F
zEeS!Er|3U4u~o@5GItJRCX_5^4Ng^5>%JORa!!V`Xw%m<(ZQV?nJ0)aa=Ipxc`po!
ztzwrRG`<}$K=~kszdePk7}LQt;=4uvrBzQ7#^%ev;YWlmu7Z>C8sB%jY+xs3=VpMB
z$vvO7phDq-V=yEZ_iZX_98>z^J%gUyn{NZQgJ5K%gW!)=>nAS>*C}3^DhQ`1I}Ga*
zz@_=HvYaI3d&@7Ut3nUWcD>G6I6t+r$&hG{_K90wo(j&3=~mG)1*C1c+waJHi@BGY
z2erBbuBVzQ7zkI3`{0{GH0Tb=1#CSzg-jjo%l5e1jxxjBHx$O3<itAt<_b2Q1fLhA
zkspGFv@r6|kE{7ltagnKh3(INl3M3G-Yd-pD!#IYxY1nphXmsWCaRwE+UL2L344|I
z@Sj({X04$=GO@VIj+xzM>GeHz6w{aBu)i7_27U10KI1!^WMK25z$m`zRJ+j~_nGr#
zJm`UN5E+SUmYV%ye-+U1=#lhDq5J5{3*WwUsHZIbY4@ht=z9O=H|K_P$8NqDW_CQ8
z_I3z*Lpz25byG#62yujW8=n6+J27ASxwP#z>^uzdmS<UsIpg-p!4G9k^WWPn&^V2T
zOR4HxmA=u~EWqUutdtVM>3W495C=>DW$jAu)+!NFBPD8~>^+PrCR<Q@7m{z?!V#0G
z?%Ypp$u_>hZTY+4;rPpa_0#3w6EkO(sJ*2e5EDW-tic#FyY6}0$gLFldaH@uUu(ZY
z>E9oV5T?)W7+f-Hy4CF!^~%+Z+1ZcThhUjumXui#P?gwa`h+#3=XMc(P{KFekNt98
z{E#tZ@zAV#;A}Z3q3MWjD+q(Kwkbh?BzGy9Z`UvQXpQ&rIf$5Rhj$-`ZNAQR+5EU4
zBX3#torEdsy8wk?D(7X(TyLm%Y&K>5v`S!6pwk}8q}c=Etm4lqoSv0D!%My5#k0yT
zYj;eJb)TzQohDRiUTSJN-WVId<av^Nq)vi$U4qq}wF!D3%IFaE*k>@hzd(DgOn$+q
zlLP<MLypx)oBKNuGoqOqH2QF^g!aasFKX*k3VU|<!<u>HJtxQ{=N7+R<>!>AAU%^e
zm%sSeqg+zN(%BvSsGk(^Kx}t_GSY;cCPK{no*fhTB8uh(by8cG;RC-gooC(DvO;q=
zwl(fWY+*5VNiVZQpf3x8-?p1Z*0mi_ejmhc6IYDs3WnDgA1spP8mFEz9EW2m?RQGb
zm3dC=&Z~#?=QJAFu@HsJboQmyJH9Q`j@q!uV4u0EHm@TGrAa+vf0EWo{8U(-Fz}Nt
zn->Qus~l?~m;cq-g?i|WB5`v@Q&)fCZ2yx3oL?u7?($sEZ0{#Z`XN5Qw<@BZ|AHy_
zyUGnq5xr~hdDd6i#qp3vy^fStHkwUn75bEvw^O(tHR@Xz%<}oA!N-L3)c|^afl3$j
zbQJA3d6(frjI2IQW{+vGO*wYy?$}?hQ3-wKU{Y6!l<<W%`qNUZ5??Vb2E*G(BMIa&
zh!GvJ7_BKQp^V7Uh1DUBc`-&m{~eEKz&4*fpW25<hTIyK+H+Y%OUv;DS>#eb<RaPk
zr+KMgzM|t4Bp~d>#A2jPcqIKA{jm3n{Dkc!SSUz}(>Y=e=i#AD&)D8U!o|_UwekLr
zHL1qX!Sp#8b~F_9lOoHscx-|<-0~j(($x|;M}sDXjj*&YKL^rCJn#^24I+uriTH=%
zKZwj+1Ys(gBq8(0-if4jqHr3NG&Qfb5rCEBxiBg?1ht0v|B~^#)4RcAQLwYDp&qfk
zVwCW=TuyyVJ6hiSZHk#WIM7t$sJAT}RCQMW<FjH(F8nFvUBrLI3ub{qT+l9<1R87R
zmPZ;$UFV|%7Q_@qAM;<P%!xN0g(#XdrvKw&hUB6h`Y#t*IImst%`^0WbTweS#u7&i
z^g_l3{;P=m>Qp$MxO*YU6Gxr*(}oR`c&C^J83%8RhI%qSj(Z(;HoNR>@1OPiKtd~3
z$8m{g)=?A$v%yGB@cz-H3nAs$2e6Vu|F?pZaNl7?^P0K7QnsnToKzUEEflcC-3k5?
zR7NgsOtdXzyZtMS@vAzBzP1|H4E~QjH25y;)ZgAW{gkD<+M{Z~GZD><FDEVy`*xdI
ztF-&evOjD0gA(Vdf65y@YfQ2IvF~S6FHjVuktf|jY<QyoSnwpAoOMv}_(2@Pt(ZHh
z7o8V2tb`U_ev9SKg@uSnHN1MfM?V=m@ZK92#~oSo!rp@x{s;Lzj8*42mRbjc(Nsv?
zAnMWCbw;IFsrYyBg3tm#7t=0v(QW)Gj~<Ew(*ml7mj%jSWLU$`=LfWxg|PKHBwV5t
z&_!V-tJS3$Rq=<13$($=(bVd*eH-f*&Ou`9gT;xL@4^^4o(KK)5UhV7oWe4{dge2G
z5N(2gmwjThPdQc-%Ta#;_!I>5EloEM2XMYai&i``npQj)A^2mcpZ>k4@33`p+Pia4
z`N&QEZvxy$(cK0QsgYmPBeNl|dQ4Dh+`coQ{0nJ?nP*M`?~~-9uQ`yql|_-&BTF_|
zFzOzj_$P6G=5R;&e>vND&>zLj>bDAUh-%s9Fx~Fk;Vz&bHJKdZimA!KoY!WjvsRqG
zTCarH-CkWO&ck1kH0+1}j1Y(Z*M*4SMC+U@IYdH!tgwg3gAcCbxuIsCMED2#u(Is_
z!C9Ifez&^X91pswq3kL+0ZE%Dop;c?LxHr=6;xWc@9=+pLHwq5Ptg0<SKWIruIn<h
z-4pBCOeH#J7DqUj&#>hK$+LZI-#vE)q#jOX#&9-E4)lMVJCmFSz3wXPa&VRQtuO&Z
z8_?LA%^gvAIe)~S-_PYID@XD4qcBlZ+Wqk=Qx3PzQI#%9+V~N2&uAI5O5f1Ra^rJ)
z8E8Dx5&oL~w9aE&bq28cp3xIdN5!V|?_EY}{?oOve@K}&U8`!OEKjl2xT{UuKTETV
zpLw>L$eKVGU}{k;Wcs{j_EgByKRW)E#}EGy2*cjAeiK0yxeNY#m%IK0ybhF!{T~iU
z0>d6q@_X{cG%oJ?e{={_n?j)zMW|ZFMy0D6WTWvD-=V8tYU6Wd)(Yc7S*7u_ewWbw
zM;1*zXeRVa|7a<f21=IF85u>-S6IxD3TcL+VVhT}Js|WU1ch#1cyjEx<zXJH%xcU0
zIdP`+Z*5r%@AZ{i+ygbk<6EWPg1x*cM`AgW;l}|17X^DSF#Xse;q`Ygg4l+;ikveY
z0;*s0MG{XQEe=HR@T8<0e~QD+Fy?0~3S*FH!uTA4wcnewaEBW1E8xodK23eTI`*q~
z$K?66jjgZk+Rv^|t+nyz9qD1Fk^!y>83jdi!<<`|b{wnpu$aqA<8HMp|N49Y79}>u
zJ>Y;}m*PnUe~j!p^zd}b`t)hYnDd!kA2Toz(3PYaeP3XD&v^d}4&104z<Xax+ely{
z1V3{Rd<K$I15l4-lV^P*RO-Lxb0P#jmWsfduS`()AHcfwYL{~{MQD?XKU!~Uh(B?d
zTS7m7b_g}WNQI%fy*?QRT2y^)trA8IaS36JqEjUPD`9AL`pL<~C$+Gc_Ml=k6vRkf
zrtM?xANA6Jx>mhMY0A&0IC>^S_P-3?`ZWf26I|$6i#)AFGqI(fewJw5bx^prYj+!Z
z)sN-(<n9X~6UUVN0z}tBQwFL&4U7WdBvsvGOHgdJFEfo)aAO_I3%WWC8Y+Il&yMH7
zYPI#i_bO^xLO2sw()t;3bO&cL5zw~HAz8WpOqzn!+F0hoAAN0+W7HMclHDbe9Pn#g
zo{PpKaR!Y@!O3=oFk#>GC-9WM98&@%lusduU(uLQQwv*T%cs7ss=l~0FB_?<DwriH
z4HBN`)M%^?*Qi>9;C`2iUO`u<6_`Wlcq6{vX;*ZwdZTdQ{d!l&BpOhcXqx3P48^AB
zVBh_vn#NTg7KRuTv*WG13JH&-_D#o6Tgv`DN&Y$p?1U*`MA6+(SZuMDhTUx``<&Jf
zRt$Jf5dM&cC3>WXJtoxu9UA`#xooI>4+VYMB1ql!^5Z)vt{<R})?pu|Ug%a2I<pk7
zCZ^mn$;OT-nCV6;uXJ&&lmb~+=^2h5rToekqGI34g-D7!Kco-!s_&nn7S5vx`DN8{
zg7&OlVj+%+8J^{l+rGFwFiVyWK;=_g5gK;dzu{)OSCz*nR8}5l4k%4J$Aq@Y(SsO(
z5=ag$LrwL%%4j7OoY~^W2{YNUlmQg9vE-g%3a%IxMTfqa^&r}M3;mJTP;Rj>hu>)Q
z(o6YuI(loj>7;evhX0{@%hyh)uC8|=8a(gwGOtWX9aR+$BO3?@w(PhZFc`VSfsfhh
z{35$L+hQE}f@XWfY;FQNvQ!`eLUU1caFf{vosy;FGD{C$@QV24q=Z7c`wK}=IPI`<
zXR^=*e*cCQg#DNV!RTe`$uHR_^KjPSW}W)lTC<*T=Fl6b8Vw9Lv)!!2hdx&2T{YV*
z*5othuWFC-X&QOon*mR>6%&tNE{YGv7xI-O82Ntc2GO}>*heX?bgCTa*gTyz9CWz2
z!j_U~ACnM$Xc7|j__bC7Yu%XTs*Poh;fo}S$m^s+>a5<ilu#^~8BUQD0pJs9WXpFH
z`0+OrvX7it`%mqJ{m;_gd>)m}Hs5cdJ#6RupGjuoA_KBe=)TLgPnba`SK(97EY%b4
zO~(mfj#f`bp19^%c|hb$S%4WN=pnJv$}`75GQ~x_9vLM;Aw6Xy58-xJ_%I;1_+{Vn
zvXS2&VmH&mxr`Lc-%qz)4Qv>zCmlUx)o}8A@4+{JNS&Qjgn!KWW6(qXh-2}AYOtY*
zBC1=<i*OWimo!opfhp>a4eg4NYm$eHb|4q)9=$SB$~FUdFkhd8Qa<1+1=ID46t5;V
zC|1dT2de%^FKaSIoCRUeLj>K*yDNh!%t$2x*B3xS)G)D~_G3kja4f_UWlD&`ZQc9(
zCv>Z?4^jbrYY{GAgc?(NN+2^QR66?XMKHj>7=NJ)R8tj$vs|C55}Wktzn4}eFQQQ$
z-g<FINF0p6u&!dL(1jvyBb1B62z2Pd-Ek3xigbZ>>I%USD3!}yEkLmZer*7Y4O40|
zt%0#^=m;!Y>QP}%m&zOd_@=SViwPCcuUvc$?W<fr4?@j^xP=uI40fYCx-ll7#lBUF
zYKdoD;Y4@_qhukK(n1lp+SxRkUIl*6&<6T=U}C_zs)AUbzvyztTUhW$<+qv5rjt1t
zo-$fL=F$&wu}W$eib-?5XrUI#)f((%SUe&Rh)v(=g)T_J2iUDCcZ;6cDmt&@EMYGN
zm}m*TDM+;rV6^zFSZyDLyMCe`x?3qNSK>iSM5ROKkR3+$TyCc=-b1+c@gfw5*FX>!
z@$n}6L91vA5+r$Fgdn=~5*y5DiN<Yq4oJ$ny9<O1FU-hkXJ<YD#&Cbaq=!l2OJ(M$
z8dTD-u#@iQ2CpBR9NPpAQknREkVPr@&ZF-Dt6n{rP|z6YURaQt91>~=<Hfi8>AD-}
zU;J{bb{YTlZGTyT5N2<k?wng(g#(5&mkedGXv7JKDb#73p=#I$0$J+%z;ZX;`g3Dh
zdsc@XXFR_xEs&`p_{%8{=t5PVX3&m2gMS<qPBD$l7WY8Hm|V2d+`>2dgR13+Us}>J
zsbO5??8Q2&irOBmfUYvlr~97|Xm-A944P?%1Jy%2{<<K3&(<k1dyIC!<VP`GI5hCK
z;N?5!I27~R4$AQP3?M^aVfla@zQ7`9D!aqu@w*ai6ZHv`zf8@8FvIgGi^>s~9GC2H
zJ(?Q!bw3)7e-vLflWu%ETh}W!woYSCgT0K+-@H)tmlp?nNdAl7k5cf-RY#>~s>)x4
z#rVGBi1Nn;wk&8@@Ii-e3VYrW65U!ICh3)674s+I3!TbD=sg;YguX0JeEWovYw2yq
z+xl1VGTaMDuYBDRVGu-0&MCt6mCQAfyoak`;K=hsS|4K8<Gh>DC?erD+sjEmio=z!
zVZv#xXWe2dAx{EDWJFi!CdkldR$r8d+|90_+}%s%C;XHVJ%3#gdgU&Q`k~AFyRmFe
zgVrJu87Yy4TmX^2?noR;Yp{d?UtXjB{x+K16CZe0FoP`m$(+hwNzdTuph6jCOtwyM
zlSIZcNC=i5%i~?|(F@dGN>=Fqc8|O)FGN8xOj*z&=OV{JWWSGas7DE*8OUfiY=Z*x
zLA1{tEB{iY{~wA$vX6O@O6zvSYU<Ud3#w_Lgifl-@Mw(sfq~Je8evNK7Mm|V1-=%y
zK)r`0mj)U?RxA&}0w{+yBg?R@E}a#H;>BAY0*?apJ#b>llYgnM-0>;qGLeG+lH9hU
z<Ls)L{Ubm|$p_wvJ3{rZ2zCaEIKeuU7PbFPpLIj_O8{DleRV1RtP}*al1roBioaxG
z)#r689SN0tP<5j_-HC6QX=r7&(Wjq{1AYCe`4NJ{Zft;vn2WsS^K;-q`3;`<w0Qf!
z7fN0>p@Pq0iA4XdmB<PkqS@D=`LEz;H!@)-J|wDt*NS#TBAoE=2<wS41I|7SCGmmA
zzw}r}JIvLO)+_$U(tH^u`m&VwubO}|VLd8XOOBfDU$lZ3K>c@r4D?6Cl9vnMPW**-
zf2+pEW9@?D#y3?8^H8bv*kP-*UrD+Q=ToRC6qHd~eON1eV%?5oJst!E#8R}lQr>!5
zVhdlaKYqb{l_T_@r5oC#cU}Q9=7Ha+I&xg`bJp%3n)%k0+=|=>>=m!9M~uA}!!v6-
zT${Len)x8hd>?GlVjdv-X7b+Ucw^{;iR|%i*m>w3Z~NY-vn%Qkk+w@(s~vHsY@*Z~
zU+U4jp@(}`B^AZuGMe<FX?FB>pAwsuo)~2C_}HuPJpI5kt?D3qVOXQ{DBGC0enI97
zt8+F*4f8aaJ!53H1Mq;N1ghS|tYQ6`h$x<r{|JWP4a9b*zM`;Dm%bPB{CR-aAvG%h
zmBq7I%JUF;w%jx7V#)L1jnO4`i}^Wo^K%6pnyEMO-x70<9$yE<SnjoXJhe_q`XDny
zWBrK_9a)cD)&eW0Nea1Ql=wa4mT-&~=>z!NFZ0X4pvZfJM_q&;{SXLjV6cU6qlj;b
zf%F<W(K@s7x28;fd=7lDFZoSV-!ArPhrv_7CR31~mjuefEM7$87h}qD>MUos@is|B
z@;Ex@Ih&ymb+CmW1i0zof`!ft%KhLoEICkdu>T@xK^O0=c&#3^&mV1UB9$P>cyu}O
zMZkqde1k$thc-J0FJ{snn{D*l2U<;siEl;vscrA;(nOSbR(hKA@<KP;KqW36=uj=P
z0~|wuJ23-oi0RQL>--qL%8@?}eZcd}WBr`!-3U>m4;l{3GUGh@HQFHls<uUEGd&d^
zmT9mqwe=<>rgtgTBl5@Oi-=n3hl}PVFKP`#twP(u7g{{Tig)4un>{X{i(hn0laT|i
z0-(-A3SBX;iJe2CcZ<UNniO^MlpVqiDX*lPH<(|2cvMW&9h4Si+>=I=lC+a4lJZ~{
zBgAO#)iLlJ6(622-Gt#s8g6`Yiw^jroejVB@y)E|1HnKxP0d86idl&i8)2qcZ&)}J
z-As2J<~baEHjRItr}B!hc~Z!X4Axhxy#={80C26=_zX;@&|WXCWyP@|e|23QS$7X1
z6hoMPY5hq8zf}n_M%Zi?yD6@SJvQt2x{uB!s!;=?ut3oz&>><HCFi0;=?xOK&;EGg
zY~GMu&rl#C%ZoNbr=Ae7NpK%GN^biu*giEDE8sEL=c0mB-jHT(!^Zh-%Uz_rVx%r>
z$-NyNDmDTE_&9!V?0#j@;$_MlyzKiCfZAPN@F_3V8|XF-bU{Zk)M?lAXf^)HKr=LL
z6D5L=4?p^r8%#}&v(#lWaY(`?iu?idN0=g9V&nlr`<;Gvo}4*(gNq43{{8nm@6)A<
zFO|O03Mx8%VGf~%nY~h+B<Wvj0mCQcBn@L*jPdhnqA*_rI&z@AL4hXlNti`JlQyQK
z2%BApzJKxf*M#LEo9m^@X>1m=){jFK`ticvA63<jb>!j=*Z7rd5-qaJ@5#iy%mH`w
zBR-4kkdm?U_#oR~Ac<=`!0(L~#ZOlM?$VRwyQ7UzFoi>W50CK;$(k)SY|6Ek8V#oB
z<}YVw!ulnVI%g4<dxH3xmQ$TtF-=OD93o@xoZ)Qwa<oM=cd=-vL!Q1fv!&m|AsDuO
zc){eBZsnaK^Ih;&P?%VqBaKT@KtdOB4>HKU|F*_CcSAF!`nc~j&vCGq@On4piM7gG
zT2w7u#lqS2lu4gjdrpq`<NLX6rFQ@Wx}RvpA2fg+oSIKK>Z+;~btKW)Fx^GDczES`
z{^ktAg}YflDRDMe-UKE-X{y>%|20Er@rB0p6gdvmx?;9nQ_1XE%WUG)PB4QFFn>75
z_24$;D;no@@jU>#XgT_h2mR=3goR)u4^x}O5Dx}6OJPOmh`_5E$e2TpaM@etx0Mqf
z_7VQ0fddtBwEew1=>5BFF9%y`vzMfvmNETUoYNY@UBK0(2>fYIy&w*&WPAL?bqyBQ
zzkULuxwVt@DxE;9lN0o6#MO3Pk(JdqVfn2406l4Ad7HuDW0kA2W+B7wjB&Tqhubq?
zZzNb8Wil3>|6+7db&}+Sv&$F9lJyn!kBg>qE^W*V6u5MZI+I}BZ}#eSdLc{9*ONY&
zFta_$?dn#8(VVZZU-Q3=&rXx2fJ4i()N&_1(>Os(?bW+XdisXAV&b(!FGMq=LC|WP
zFOA!8Z_o|hkUnAL<#Zz=1>!c<No9qhM$^F#@9&@U##Aj@0W_tOWf9>fynTxzOh86G
zd)8y?k4JO3y4QLgxx2x_*9n<n`wf;Hb+v0CXk2hMUXO-jkEePfO;N)p{@1+xl%lYQ
zKCvgYJWnCNa@wo{-O78(zqrP((ZL?7lw(P<SwhCYY;PhyVIppSVsfE&$Srfp%^8&X
zqyZFE1W7`f3HD$~H=<>TCMvvgZ`$DN1Y;w&zE16w&VVGo<C_^ws6gf+wnO7ZOYe1H
z*qOU2*b@~BZp4Hx(!nRn>iq4#<005Wj%Y6)M1a)ozAyh4q*v+2tdTBwZ+I>npFgOj
zje;fp$jR(RXz*0+jq$Yn`F8O@YZO)yt{NON<lk*&{sjK<I0er;JgnYvW8_5oxujqA
z)hD(YGMRW$v`_UoRV1&*M#a=4@V3Z~XaffipfSsXfU<&5N)(V!RRntq62A%%Sri;f
zX3WDd7)-=Hqde^Fa0S%O!WfKVIcJ$B-)tl3atF<S$UD5P`Sd2KA8zls>$f0Ito7UM
zK@sb3wCPPE`_~pxKUZ(+uYPa<6s@x^CivQv<O{BcI16d$x~LC1PQ1WbCNw{~A3b~b
z%ylBogH2_h6?BB%a&`b%*>kv~v7!2c5zl<Kq~3o1ayH^T_RTrWMTAX;iUqZ1TyI45
zCuo>(a?D9?CDjlRa{xm%9k73^**4wtnM1hcn6l7Me&I^Ca#;ZC<Tw~Gdy=jUIf3?G
zp*hjViiKbuc@)lNA8^*@I=)T!4CbSBwr@EXyl!T!M4NRf@*C7;-=uWO*T37zB#tfv
zZXoG#V*sD2vKo+XoDmnQZfZ}N?($#@VszQVK<|k#P?#rR#$S1<^lgDFa9Fm??Ms}%
zM5W%y7pnCQVcO^;Ul=Fb$<%cA0?xtM*7KatD{%g{Pc$;t(UW=}0)GNWg-UOFB)%>c
zpn&Lbmh9^!rME)V%79why1jZP&5?6K?l(DLD7jQ^laKQ7oLp13?n6(AQ(Rlz%&bks
zPJ?Q4mJTrrq8|+1Zb(VqpigZr02NFu3qkt`tws(pl%wE`ZYl(&$=?@9yy#9b*DtI&
znqmA~LSCdWT0IlgDY#*4*5MQMO@R)|b1N+GjmYWr;i4odWp9~@2X{qgPwsg+%kaxx
z{c#-c7{*?>h1)9hBqdsxB(G;T14*@V`uaeEIFW57UYo|-bb(qv(URdx9+Ibc-E`;e
zl{OBz`+2pssYDL>#;rM`u=Eo+Cd*!;bQI*mwZ~bYhwn=y6E`|+&=vXMT^`0*poN>&
zKQU#rt@HTJRcVF_4J$QlbaH;5`?}ew67yZ)R(S*Qsx{dC(f6a~de1Y4Q*I1W&w4Ek
zXj>FJ@V*HojrBVIq#6%CAH#S6ltH}E4CJtJQo07&wgzEDz&bG#P)4nv1|zwO;?UAZ
zofuS?HzH=N950u7&f_jGZ!oQ|GvmWQCf&@+H1?g1oRsWga23X-)62c6l^32vwN5+R
zCRzF9y$!TpBj$kaXZ=WV36WHG1)97<Mv);uA-VDStxa}EBJKlw!Lc&XfatNmX+yX3
zV>r}b5-(n{*P9KtTTd2f=tEGEX<I=A7~cHJnqB&GW6;S^bT<~=jJi3NFuTM6WR><l
zvNr7^Ha^kj)HvY|V@z6)TFd)4k2#x4)Nti~T|Q+mnsz|V+k!{bQfwY$MC$Qvilech
z1j(IeKzEWn4@=3yckoLo*gfa(*-sm;1(s!nLN^l7URyaqpag%*3*7ohux~k!9jxD(
zPDoJ>sWVo~g*WY`ZdZ5@>m>L?;Np<gZIdhRJfev5?<Qbi^DDp`hr;h|%LfZAGcl5s
zKj9p{qQ$(3=RSBNiff&O@WlFRmR4WHdWuMWQ!->CEm}W^7H-wJMCo=#$Ug^JW1$Tm
zNP@j*0oPsZgOKr01u6km8!M^8oo-#+Du*HF8lQ={-+)nPuS*A1dyQk?rRy|#Hlwf=
zjk}Ra7z-?sim?H08I4P$rr%En09Ld6fV;{VG+sqdfC5|0_~3|h;|&;@F&R$4{nVio
zXaL(2IVr#tj=2UQblcl@d`EIp)B3|B2x}1pZO#yvYgZE>{BF+vi#Et}JVF^A&%@$5
z1=m{K1P>>`rXsi2cVmPNB^*d&a0XAfJQDKZcIYljEl{Ak0n?sEsFAlV+Q*HRT|Z?*
z<;f0kD}N?OJT~L$w@ZC!B=a%H|L1glJlJcx`+!S&A*e96o9>A6D33qv$_0r3`}ioq
zTEvCJHPq~RiQcD|9(&2Ozg@9#xXqWF*3#<FxE{WcfXZCz{c(N{gSc0u%KGS3l^rZr
zs=k82`-&ra1E1g3?;8|kj0%)qOAT2I|KbiezfVBfSpcqvn+!dJES`X&trd@{>}_!o
zP5IPDl;}|Iy{Y}=CgJK@=4PxQDMJi*^g784BuFUwlT6$o{$!pOv|IqqEj<KG$m*$_
z_1=m5_A(ZP;|@^tN!WPXa$>?>u*x8mnCW+OyvqUP8Cq-$ayndK-4@UAr{=6y<fJxw
z^Kg};tAo2WL_C7-4D&%)hZV}hRVmHcK_Xo$1=l^?DUcs~QGU)r#d;IJ*qQsJm>J+I
zs)<l}aI-2e^eNpGBPA2<X0W5s(f*ZPvWd<O!L2Wf;pHD!@nS;IAYbZNXb}~e=CF-n
zWNYX%PmGT}`<Wf)*1*`97;|$KFz&(eaYI!UHf!Xn3UEn1nzNjbFfd3@dSm@VDQZ%K
z4R$$ewv{aMc*I8sa4hL;Jf?Et^2(MbgTGAludF4~>CbsYro0SF*qV=F7ncH@tk^9c
z=9U2CPuGWEVI6A9Sx=+FtHHtM@*remD`4&g&jw_r=n?0d*H7CKjx}5aIKHtn^7p<M
zp^FtT9>FP*6f6jnXb({YoKz}CAZ|jdWTz9h*<@li_ri>*9T79%TG!B|lN+|FS&wX3
z-)V0u>Xv|%vfl2xov3v>I&LZF*ns>9ChIbHVu%DPx)kGzJ|x*=0^A{iN{0E%J)Cyr
zgkXt5qwsW8!FK7iwO==Ufxb>l{5Xo1h6Gh4Moejn&0$~USf7-pHz;NBzrr*vtsmk~
zB3Rjm^fOHO-t{n@Vm{t{^E2!_@7CRqk{x9dlvcW&H~O4eKuEwOUaK;YnYQLZ!VT}{
z+gkUI)acxx7I(s4ibm{WI5u2zm4;&?%6(@@npDow+}eU3+&3-tNGFvhlm8ZbidVJd
z3`4c}XfaqoJFrL{8LEWE3eyfor(tX@Hk4}FLpu^YDdeuR|I$ErleDj{aKE!Tem-^`
zVEgt-FN8mr!wxK-{keX<>QLP4TRZ$GVZJ}XQ(4<GE$VMqm-jjxS-{Y~6k?!H+k1b(
zL(;Y2KL2Xr-nebh>!}pF%jSAv-971zuN+|g_+EE<E7ov$U{tBvg$V9umkTOkv!X?A
zoz%A@TO`f|U@bC}B?;Ci#iqv_t}w&C`Tf8XuXkgP^+xU!4eYRjaAJl?gaer7ko!V}
zRXGrTQFpY2BYNb{$=^|n0BYjaza!~=UpU9T<+qPSyU1Omm$MpRiX>y*>0Hn-%UnH_
z+<hUDvOeE#)4r6P9)vSxJq07iew<=B{M}3mSw7A*Ro!`k0lmly@2>MzZgcN@M3Iq-
zzKWt!MNmk6$rN1sMd62we_}wA=>u|(JH&8oho82Xj+0M_QU`R(&k1@eF!WVq|GLC{
zCs}~`#MAeIYEla#ehP3>9nqJ|IlI&5JKe+}zH06uWO;0IG-wNmvYhBu6~5o^<1mcM
ztJevAC0n%CL9Ol4glZ9l2Gy0%0Ok1HYa95!_j!Ap$X*)GCxcSQQS;seHQ1S4^9|=-
zf-}Ue>-YM(f`y0)ySwj$j^kOn{V^<9&wWLEm08t)WPcQd&K$_@*n%(W!(BOs`!CM@
z0kq0<d@f5XKq17}=ZVP1P>;W-G>um&6X&~O+S6(qY&F_KJ;zajzI-d%Wt#wNocOWn
zweFJ-YdG-BL4g-liT_dB1gZ4YIPB}gT(FyogprE@t+*CiF2qd|MW5}C9Nr}16XyF~
zSwkQ25F}M{toNRv`Z0>JfW{x_826Hm9L25MUH$8*AY$yPrR|<NfF4V44@8i%jZIKp
zVU$n<xs%0Hz|k~{B0~U0K=T*PIww1Gf?yI8gBk_-<n@I*w54#z!|=oJR=}iK5{HSi
z8LG2|l2Hqmlr=r5n&auq`Dp1We<1MX+-ndz2A1LQ=sb0gNz4h)=e^z6hZ7l%w#09|
zWo*#>FojscCJe8a13$~lQXNI_6;r_FeN9$+P9uBsvph*u_1?dvouGdq%)0Ug)!YQv
z@RPXYbNHStCVaT2jhHZqTD9(n;YGw4VVN}K(HV|-zj&F`i?v8^N~C#|fH{(_X#?W7
z(&Pj{**MROM8I?f$_O0ulEhb6!~zLy81h)Z6pK3XPE@-AKbu=>S_xdJG0A&!AlbW#
zddEBT(J?{RG=&Pbx=IP^^s9~EkqZ%I9kv=_?~OjpI%{mzkK#V0JZjxVo+F(_gdP7E
zi?6<N7STu`K=5KnB?SS1&fQ2A0N`8>VNK-epuzklUh*M}+TG9Hv8c4-$c4o82{S}7
zpWGxF6KNq^ysWW5wg--jadd^h=vNf{jEIr-)jhx@n+Mcqs4$9Y<>}}sgG?kIMwmC(
zdWWv#ckr3GSV_{=MR){o{MV@Ypuh5W4#K&<M72Ey;AGFhjIYDcER<O`cC~y&Qg&p(
z6j}mL88gUP7BzwBFGU6+)E{(#A>(r_tXQ#$n1JeS+BmevRM4(Wgumyiq^dt5Y`(h9
z-H6D<hZcpIG$a$`>mdNx(hR?@5e+3jX*LsQsj3qyJK)V#<ONz~zz9iP#4At%3e@do
z6K`zXc^4Lbi5S@MERwn4xnpGkfflZVrl#C_)f1;}ir>Q2?lEp(vY$%&VW<&psw8nL
z3$#(dJd><P^)vpnlKbayO=>kX9K50jHwk5hQz-nJjPK)xpf5fMz(i1Q843~seH_W6
z5$EzNe$)v-8w~$ZbDZTxg8ZFB-(@fxMGl=kB+v6ZfT+WwLV`4h^n6ZpROhwGW-U^m
zAuvo^iWu2#2^(bcMJc`x3~P>-6hXz!>p*r5@P<IQ9`k^5e1S4p^B9E_>JdYrq<|7R
zOhNIt)#}WBx{~8e9q7dortX9~UH>VmW7O}#R~fXYU7tAI<7}!5|L-c0zr4Q!s+*PT
zumIWXeP4@F5)g%PE|`CRBBMD2phxAujyooVAJ431hSaX%LHD*HS;2U^(~MRM$83Q5
zdXutd4!~bkKUcHMQA}o8PYg&)TH6A=jL7i2eQ}7VLlYgw0Pv2C1&QwI-rTR}H-RG3
zX%Y&h^!O+Q9%Lir>QQfL`y|h>5N#<*VpMWIT%kh*N`R;RARkmqy9IMM3(zE&4gzPr
zn0$a>sYW*Ay}r1Id4d=2L7N0{bwAAb-&HcBD}i7?dbTU9z@sBfXoiHV+%?)VN40gy
z^1ilpmDHzkvOgRsO{SYHPVYUEAIFv)C<;CPjimkQBsUX0Yq8-H*lRGe7JR)e`6*{c
z8NUFqnIsclG5AwU(#`=h`XLQA@7p1n`%@^gQwIFZJ6(enps^Vk4)=|gR^|NV?Pc+&
zl;zLeR35vX_W{T{5N};T$QnEQpz2T2$O;ME^q7cj|G!M%nDn6D3X6~QN&YEc`E&O-
zZq`+m`5D1*jjQPoOlld>&G72iA1$~jme113m%Uz8)>;n6(rz&sp?_oyfGxkf<_(C;
zfA_t7y2k2_=Bvmd^;L!4otQawB_jOSc9<TfE@UU+(blBaB0mqcUmp%xzreFj#0M#$
zDZ>%nRZ>Be{T-IBI8N2S7@;5gx$TZtW_z9$>}&+T|K8mYT|X29`$i*;O(pGn$~Rjc
z5PVzZS5a;GhnW453z@L2!tdyMDz)u7H}w~|f7#+4fFjOo@6_RD7iV2Eb;i*xcLUGn
z_~$MN_@B2fb8n&I4s#DVIB_CQd7Wx^26AD|&GdI)2A|Shx8s=Eb(G%=gJt@h`hIHS
zJR^Mobz7UYRffBgx{<HWPfA+3(1S%6k(_>5k_lfN?C65x#jyOk0$o9CrZHz;!VssH
zKdb2DwsTvZEx>I3gwcwPa;**5m@Xr>!m*ShJJh?{^uB1rS)@`yU#Rt6Y>K-UHNZNy
ztt8Okq>VqZzF?*GIo8|#aK%lc!GQ1|XLULlcob<gjp(eJ!ti^QW>?b3+$y8W?<`#x
zkZM8v%*Iq!r&vGq<Cf&h+y#iUL3MpASy@iI`@;i=F+~NqEq_j38!-yXG78$ES+Fwv
zgLdQYN?nt&GK+||)f8$jtJBJjF;D5vM7pYD;C(^K^|z|+LPAp4zKi+-NaA%<(|q9v
z>WO#O<nhrk&n%6F<ycT}V_~naK>?v#`EJWE-K%#S6<@KZ1@(1~L)g1&(ukxI*}P%>
zk8f1p>QT@dZ1m|)lbAczN)9Gce~2n(L<s$5686ptf^*Pul>p131WhHtUcke6_qDfk
ziRPtZk3(7TLa&j3R2A}^PffM!TK*Hk5#?VTV9>vqZ}Q5WyK@9$8V^1oW=T>{XHS23
zAs3qmwqwrb#iEZc)>2JS!a}Z{5B}GPidm?*lO0!WDuz}jQ|?j+YBO1>L^Dm_jacGh
zi5~PDFZvoflqyoT@DSjFdLWIMIZ^^gDH<@sI*Wwag#;Lj$o3Q2Q;7|W{W-s;H=MtI
z2AIcQEd=G6k|eFI42jTI&!*Dkysp61p{GX9r}#Ucf!7P)uXpOzxK;JgPe>3W^GtV$
za@vV8!y*YJDDrFML>>hJy*PF@VVxFI#))_2c9MhtT+eWduZh+)Uy`a)PTwv@vcP{#
zHy-}Sbid{ASU;+4q+C6qyv<A+!oK|Hb~w^CI;zUO4w(`0mj<fikNN2LYyT59jQD>o
zCHwZ;u>bY&D9sQRJ+e1TW)5ms;Wvsw!^B&)^Mkvh=z;#Ou3zulkYUD%eh%vmG!V<+
zy?Cbq!7)MtSKHBE@6~JI%mn@D_J;6?=~k^@;AK6P&_5)Uf3f{9i8${6H($c<uepXk
zqgph_!Wh*q*FeYeAxjih0@mB%?-v!}Zd5jM$VheJHapVG!JyFWd-x~XWQQZfon-Xa
z`2uZUEwST7eT(B>80S=x(&KQBZGAGI9`I7)k?ZU}&GT9Ta?0!S=rX(mE9SnyOBp>J
z(0XTzb8tW}#d#hwy`(fwg#Yx8v=NxIB5x!q?Tunt@s)w#pnin)-aaibA424*eGE(V
zMqYX`DTE!MFkByBPnKi;c#AfWkKAkRl7OFt0R`<`;bGM7`Q7`K`Q47gAPfpDZUOA<
zdBT8x!}wA+u6xtVVZ%)Y_){1T#WKD(WDnCCDY{>bADhY)|1=79`OEc@0ncFVL0^Fn
z;SrS_{OR*coUHUZC+q4#eO5%-0pZc0*B=cGv8jUaPrWfO&M-k1PycWX4}>FvE6Uv-
zTbtc~o%1F?2RrMnIPC^6xVjdc)CUArc$?p!^;Y<X(tG`Uie4M4zo@3Sm6}kkUi~ws
zJD`(!c6o(8|5@<OYRf0{go=y_>y&dhX{GY}VHYn6usII~#VB_V*-3PgHKjFA24?Fj
z@+8j6j_9a{@ePahQ1W8RHZ$VexXi)!XmTF!ECCm(@3|fmSILwGq&izy+WPcce2h+N
zO}CN2_R}~`i&)q^J~-OwFSJvroyj@88~w5oGgmtVv*e<Iv{*T!tV5rF#9&>&p7&`l
zl=O1%k*x4zMN}ueleoid|1>|i-r=<^_Y=RMkM&Cq@3j9czhZeF1s&L23WGv5*Zr@a
zMAke$+)zsOd}<-hH$KadZ?Wc5T_Nn<^cu7&&se6lJ0y(WD5IklyxY+i(aO=P{E)h%
zvUdyJ_X|qU)KrG=qJ#RmpTiL$6;qfO42dtmc-h3C3&!6-Zlr9=eyO%S)5G;*6a1qR
z2j+$LEInpxW$Ci{<p+qg68Y2v#AyVq2tWqZ<<kOUw+F=eqcFBc+>L0V+X?-5xgp^h
z&y{!))#J7x{2;<3!&_!VUdW9;nslyX`4&MPE&=~*Lm8A+JB49^KR!n8#!P&~PiZ7i
zqlv%qV`V+^1NG*UJcJ{qgea}67IrJyV=!5}0?(p=B*X~<!HIu070!xs7K@xoTvsN$
z?*STiCUWDh+Kl<^DL<chMwOmLM?5+*$_$c~8OQLe4k2>uJTv3))ZI;Cc_<tO;|YUV
zk|7_8*F|?d*zQk~93Oc$VKX2^!eK=aN4bc@qPuNmn4kt7*M4cEz<B?_lm&yrhVehH
ze{E$1U)po=MC1EmfxJw{cnGeJ+#p7}OkZ#dFT%Coulsj${bURh97_IH`W@?5*L2s_
zT3+B!94Mq5PlT^dyC+yx50<$VSeSFY@9Z{}zjLfT{`2%k!#Rj)uXpP;aAblSMy?x8
zBRP{>^Vo2k9?fQBP{eWf5RuUiiw+r&8@3{<L<sr0``pP963`wBM*-_^;qT`Z;ZG6j
z=P)rZnvVZnI-;#c#SQtFaaI&ELxxmPW0MCpvx1|+$aK1?u<{SX@%krd<MK4C{Bu_K
z3sRwG<(BLTCC^?(MX^5eRv2?8{RK(j&f{9ycTwl&CM8PlkNc7yTaFMhH1b2)o1&rD
zA>ITR$L1Zfxx3%x<qjl;%-6a~CX>4}4@_9f<_tXsrHKcT3y)lD7fe*K6MtVZrJ_ew
zw>lDnre2rSS`0m6?GIs1Oa`+OBA*4%?<;oa2~$VhvQ*YfU@DPnC$LMVq~#~oL(FC&
zcT$WlHlHupp@I-wxwKq*Z<P-W#8!XjDkS{o-9n|-Y+%;6COIN`^Jn%5Dn<?v2)|4<
zOkB}}Yh}DJQzx3>&bQW+36Z2x%xp4si2xc-T!lAg8<`@(nrG6_8{EiFq>-}j^x;!t
z$+FG~;X|8zsGVFq&SD>T7OPFHRm8j?2`DvU^*;_2F@*yn;J&18ezF{h=Ti!-*tT+0
z5d#i;Js1>AMKv;I9MI!qQ#kHP6=-~l5oADgsR<s+D~5G22hs@|-PNIYLi<(Hko2LL
zeg>MRaE-6|=tgGLj1COm$iMuVZ^rBE?Q4!U#y9Uq8?NmKcL)1x`TOTQ{(}n1WH{>^
z*`3r{)t_Sx+>YB{n?D;#pN`;`wD5FVdxc}@eN~m!j>s;}+p{#3n$Yv$7TvC7&Y!Rf
zcFwHV4w^N*wtQ>QmqkiNU}Tw|0aYi~NOfTNJh>4oBJ%d3;hig&fn9`D6w4=xVg~2k
z`S;X~k;y4jjURq-HL4zxY!M&*x{!-oTcuCNZ?Fp@;g1y@;<gjbZBnTo0)sO3qmNJ@
zmE#x2ZyA7Pfh8-pmk@bvkmJ+y5+wr4t-&2*eC49X(ZTo4ImTZVxNaJoFxJ%yl`&%+
zF~POZyb}|McO|H+6ls_lmEgQDY>#G!YzlpMY;8<P>vlmO&PZI{R>V(yzpk0VKR6&B
z53gTK|MewP<SS9nD_Jq3s`{t!>G{Qq;kFMxD2*D)Fs`b?*%7BOV@Jg!h3WR>hfT^)
zKVT_)$QrvEI6a2YA7;u_87Z5qtt&0nD3%#a5tP+Aq{AG!N#(W$c>BKH-i~ePd3aNO
zP9}Pforc*0Gd_GxpFGDcw;R#UJ=vJ4JC+xReX*n_P{$E8{`QwPoEZ!0nB(-PLZE);
zxeyA4!6)yydVN6)dQyGgsR)nW6GxvuF3GMUe3Vps`b;LDqv_>Orv(|KS}_|a`TAFY
zb%?I^IsT)kk#niL4Yk4CD3FRxuO4+_Dx!ER%X>AH&(5csBW!RYN(0XZ?b8L;k92d+
zXb>7Iio4((wg1G+c=*pMcFza(RJ(+A+EEx3EVdPO=zBLWC*ZLhoCw-89Z-L&W<UTZ
zJ${HHL+j3tcUu>)mYNrz94!U~x?G125vZqLq5`(T(AGKRjE8FK4>Flm6(_ADZc@(h
z+gatmZiNNn207m3X#9}}IfJR3B?mA-{d8jrKT$?WmMBaU<dr^v4!?m><8;4+S&r;~
ztqhW8gU;UORM~1=zN@a6)!(tJC3jmRI3e$-vOc}6lzK8%Ih6itM+--6jG6n#kHgnE
zC>T|TN@0bY-~*dvx&17d0v#m^ee(IS{U3+xH=1TXeEg8a%~ys*8r;Wdw|}J?^GuN|
zEi04{I!(%7@dsKgij?Qw^DRP|YN||#RTV>i4){02&z^UzZ!2_d-`b0FkY<-CXW-S|
zVKipqptD(SpV*cl68?A-Q^E|2dEGZ=4J#2cj0Ft{S+hKMqS5j6C=cYU*QKKt7GI_X
z&&qgK3HzodA*WYdVEn+G9WgW&EpJ#~nv+!xp6e<4Of;F;>vHJvS}M~(Zh-2u3W=QQ
z<U;iQhNiu%1!}@+5lkfTg8^4n45S(@<QHT4pCkzy3LrlT$7Rz-dhsLpdXG6#LGonI
z8(|r&tO0~Aoca85*Kshs1lup>U=tF8NkJS!f7JCi@vNaf#3!l}P&wzv1!bc7!0?6s
z;smGTAGy=c^g5p*JX*f)QK~Qan-zhQ@o@8_L)Z*UJ=O7cH`hl+Ke5dJlcndq&SP@I
z6DI$gys-&HL3gxn-N?)uTdMZ^od#Bx;vapEA3v=3QZa8<0j06$qG~jRd?8lL{GpeF
zv=F~B^2I+ojWc%E&}uui(;*Gas(rz0mwH-~Z`jWKe(^0bvkTbB9q(eyup+-&xy@1y
zoOR%D$&q>OtL)ByrJNuQExXWWO%iFvfKe!a5Ng{y#JOa+SMaN=F91rEG0TAbc<1Id
zbEbmhWSGm*qa!x}tS#NQ9cF-^Lul&vdie2b203W_zUFc>A+!D8KhGi$xj@}fWbic0
z>W2FM8LyL`xVsfciI9<H){5dnYj4ohZ~r?p0{w<u7&yYFJ_^Nf<o+XS5k|?~6)sbN
zkB&SV^Iu_;u5jc|MqR5{vpwMX;Rx$WT>M)f750Cm8;C;x>^_*bFABrj0{ghO$c_HJ
z7txG+Aue9|?-=DCRpats;fc5x*DTEu$2M!rR@PX3;xe@OImgp7t)d45pAX)(bQCpx
zZ5d7F<PqJ`DNa#+qC~IyIZ<($s7c<eSf`lzWouU}GgB&2Y&*%fFmx@tBlch1za~Nh
ze0=s@eCyjct1p#&&T`*KTx%qs&AUz-NLe*X*)+O|yzv%mhKVRBlId>Yh<nz5rEN57
z%^q*hF@|SfY;oFYl!aC;ahqz`tZ48+HG;fIn^<RhW}V4uSsM?^$m&?>w#Q&G+xOyU
zgEqe7Hs2fscU>Gnj^9hF3PnOg3VK3rQfZU<=z9bmVQ#%Q*~Yc8TFw(eHr`I>>+;x!
zX|SRR7^Cg%J0o+M7<(s}|FHRU{7GyZOvP5H)I775RHJyyaROPL4FUHv)Z0zup=kl)
znx2X#qo!MbRGcO!uivRuHs4(x->w@`posp)YRVdOPkFvsS#OTNDKT7pB}pZ57);|B
zFy<7QDSX+;rYD4*G6<jFQ#5>lJ}G!?QLB<L>xtkd8;WkX`ZO-0o{@DPFu~ft5R?=K
zH<EN)u|~+v_cc3V$id@mqp-<@V1}c(^E3T8+&ga>;y2_Fqh%~em|j1JD=;8BO*z=l
z6R^Hj$*}QJ@RPfqihKwB{A-evOf*RIf3v6fjKg4|j`>u(do_2ZQ@i7*rxI#-Ls{LQ
zC4`6}Hv&?G^lwND-Q;lRnaiS$a;o`nSH*BJE>ydo&lHv7NY@IT&H7Ts@J8Y7NR3g{
z--i^XXoApvs8r#;ONsech1x-iUgIL1_NX~ZPGRwK{nOw%95Yg{CRkVVtYD&gpWfla
z#}hw}JN>?OQ=<Mh6rU|17j)DW>;L6WV`&$q3KQ7#{RyH%EuV`#?d|XT;G$*kd2-Sj
zDf4jFu(w)`48@{>_*aw>2#b7cvuEV#SasrW^@wlp__%H2UPOt_3DnK7m-wz>M=jl$
z)y|9a=x*e1Y?B-{Zm7b;J}_~u%|<QXD7HNbkqb?)Z`MWHeGaFU{eyA7nmk-%GQ!fN
zgW7h&Hx0&UBkUp^rz@`f7*EIMP5RZVOjcQ~yvQClkt!KK3W1{7Y#G0dFgqs(#NGfu
z*Q0OXS`{=K=Y}km`BTraKGZ$e!UXcBCW}^1oOva-Cu7Xky6_yWO@mTx_+2fwHzR1R
zM*iTs`c-y@B&pur$b8Hu(o^s3Nl*AY-zvhn;#4<P2y?JV!O_TWyjSi#N;1-kY(pMX
z#_cA~IBc?7mH&^Yw+@TC`5wP_m+tQF?nY8Xq>*kHknV0+T50K&?pjJ(mIg^F>Fx$W
zK<ZiV&-eNLx7XQ;GiU03&AjHE>Cwq5situ&?;VewLqixEG#tXB>Jhs`){i<=&ev3m
z7J%!(2!4&O&jhpC6l^kjXEEIy-GqLpv)dJ!2<axfz1UV}z1L~;se|{<V+Z@e9hnP?
z4#$lY?n8U%bgEjDyZ-x%;F74{^C<6_Y!iL*m-ZYYd|rX&nwv3zQQ6$;nI?azsV+Q4
zK7KA>f}?E7c?w(mt8_Z%-;Tl@br|j1Gv1oT415!ceqCo`nqULvHK>wjXakqFmir5z
zm+p>6U~_hMPxgs@JD8D4fqXD^56Iv9<1(arN#B}D2KssgsZP>dCj2|Z6_4-ocyY=B
zW`rFzIgGMWy!}eXv;kY}irn-YN2N49;Z#^mGiaJ~N2^TPHLjI>rHOa3-5wE@3fXT@
zD|9S3{;{Tc@*Xq@684COg7iWQ-@Doa?KM9jNseaD%nq}iJ6!p;PU>x!PM4VG)n#Gs
za9s)s6_$>ivW?gt70EhIg!*cJowKvov&8|$>8$R0dSx5+CYE@#R!lMO%fgtJGmRvj
zbOV2U!>!M9N^`KNZ*H_nCGu^vc@w3dQ9kFV{*MZ5HYwg}jQB(cetB!UW&is|S8I_Z
z5Sa6c3yTq#_YSNDOrVzX3iybeLk>)U+(cqlZwC`x2uJ{tpL7;Ntyp6D#Z8!Zn$Ks%
znZO3uP3J$qf$Q5fEuS*g<i?igEFA)y#9L`uwHH^_wy_c8kkX%}HehO+HTW(F#Ta;X
z<wkegW^MIEL_hIB-`CazByBh)j6PdAvO2-n(4#zH@`v};gw04M{YD9N<D9gT^wN&D
z@dlwpY+z$K(>Fguu2}!(tXL#6B~7ncF>UPZo3ZD8R{L2l)hPqpQ4=!RJv3F5Q(Qn$
zwH3e`0Mwx(_%_@4xtANEw~iRdJY_6#bpvc^>mkn31Q=@zTCi=(_ghL45VI~igyXvx
zL=`Ws1jF~?%>}uLkCmNeiR^`=CbuaNOSuM&YV<?@7SR>OH3mnL(c5CBU<CG7kT!$o
zP8~uJ)7Q5g!0p@=N9Bj_8@iQSZ{<D0A@9qY*AnB7P5#%gs(g-*kv@Wv5S$+@)hQ=?
zo07cV;dAp&lt7E{;&Fk`ImkbIl3my{KcI;o`oc~(yHe`^{ItCuAcSVcuanH04>(ik
zuTvTh`3m&tf|&V~fiqXMPAUUAf?xDui{6w`Qbzi)9oiEvbx&Ld`St@+vEI#$L3frJ
zv?M~RPrw7*c|SGZCqkRJx0~0ypX)ti=ys$6`UzQ`!!5|AhE+;kCCLSd5ZWF&i4fNc
zl#zXWTQPrjo`jEhP`XncP_b;$=nrv;k&hNOZi3=t6O>Q5Hl8nP_Bu}Q1d6GbLf2kj
z8M6FH;NgrX<W1UnH#~2-BbJ%@?UQw5c_O{n+~!UmN^Jf?vIT}{H~MrQ4<Q8`xWMR-
zYV>{hC8F!GHB5T(Rm-o;Le_ZoZCP}lAiLgH`Lo+W37Zvu#ad}b?<5rRr%raBBov_$
zrV>Uro*zs&tcr9vtZdX0+cX+V)Pc9&4~C7W+aI&|##OB6&U3mZO^<Utqoo?>P5tv!
zmT-YMF~9(wYfL~jb=XQtzUHFWm{wb|X2%F1GPMau#hP;*-`X{)l>m|rEpplOni;5>
ziE<dDnm0mU8msx}k9JFGE;>1*`S_Id7JeCu$eX<M`uUNiZI3AiLKjX}{O-Cw1fx@s
z7Vx_t2qJ|CBQ|7&cJ~n4J>a2fqpI6zL_Fcb+G()OgANdVl~x+?j6ouc>OnZMf0aSd
zUy)y1gaIheH)s$ZJcA@UW{++zA2dLi87^`Qh&OC!CXYO9>GyJiiKvKqKmT9`h_RZ6
z4A01oG}Do!5QXiaSxI)%FplpTpic<O@U*;uU$?BCW5P0<G?64Z9mzB?!T7`4M<_b+
zM5$mhNW?KT<LC|^h&%I~h;u|0*oyXwKpM}{;@jS^h1Op5%&DdIlC9bIElYU>2oE~!
zOcU~0)n-)^<_`1j@WyWC&8*)ElqpB0#7_qhV9%tq>$K|v_ROM>fhKBsQ*nUm%9=}p
z9KQWPTguY>p~TgGN!1%p_fVI)J5oD8ZJZ6MYo2>a-X93nchn~j1)VeefS1h=(ty_X
zbUY{457xn84Gupv*v{qzQh5!%oiEF^8jU}uWts*C4AJZuuvaWFJq(1bPp;*+foonT
zxg&$W=&{`A0!5RF={NR(#`bTvIGy+`1-jFggaGyiN!5zoVY^j+X^55@^O4We%SfoT
zp<m)GhBEz_Ut2nLlOzEhT15bTc)->(4X5P~YEgBniu-_AL=O@;`xmJNd`&5@d!Ygt
z{0YDMMxG-~6n`>5nys3Wh`X2(FuALISd^XQXDLTfB@fAQcpq&8Qw%P;lYC6&Lk8Q-
zkWnFROm#m4F8a7)yioj%Q7{+GAXEbl<~i#w(T;oB2~HQVncT$a$QwOFK9#4btiEA>
zWr<LtMjWT_u2s?2zDzq=GeFL60f6=NJo|wMAYIV_TvPg{mTRMV)(HTP%#*+y-~2|(
z!k(g6E*#{Oq1uwmh@OxQ#qcUZwh80gNh4AjHU8qp4>3^41#KkMYK#_7=$&--1D>T^
z@5pn4FljcmrcAzL>)%nn=mFH3vgiSQ5PsOGA|CWomqAbs0V=7iwlUeULv>U00oH_O
zjMcX*2+(>3ayj@A4A3V#a9L)XmCr+5&j_{Zv<3W$9gtsrXF0PlU{SNqf}pXo@J(!E
zJHcB6dwlKkG0kyh;K=ckYEyja5RkS`1`)6o15u}e!0Td|(0Y-&!AxzJL#~iAN*Ci$
zOF(U*sWOu;vOR$^6UAv(W3n-~WEGMHB4gvSRjsHb8ElHH+U=z+ty+uD5C8^{|2j~M
z_dX*AB=`Z~3}43GDH4FCBwr4YVBISc4@s@v-EAVgPN!|7EXk(;I!q=JOy!1B@b#DA
z8_jU~sVmD40o0UajjlR^0i7(!JGl9W1?@(=D##njB4qScZhwWMXbK&c#);Q~9(pFS
z#ptsY=vh#QMYEE8tfCxp<kMd(ZpY!1g}Lb9|AyipJy{A!NVe*4g^qrE-)D}o1T}H}
zjLCDdR(!VVNE2hxNl#eLee-NBP=8m6NWTVrdF5xkrhUnOEdrQiC#ucPo&U?c<ccX0
zv=_S8n~XaV05p!u4rvSG=?8dm?{OSoS{+lC{Vw8gmjmFKM_eBeq^cgLr4;B+*M+Gm
zV}i5)wI9LhJzg4MtiC>o7Q`z^eoYX;{=Ikc$5)R)S~6G)+#?=PL(rij{NDN84DjdN
zb<&=N&}^jp8F-QZ&8^zaewX3w7-Li~h<RV*TR67nm>H2^+O6qS15L~H{`Ip3##aO%
z&Vr!lyD9S0h()o!9OnlBW;b5iwkQRS1?(K*45<tMC!b9oHu(1|1Q%wmlkf;RaR|z#
ztjvW_6c!ZSiG}kQ50p7${SQSKy8^)dH&%%k17N!&{JXIt;9J|8Hegf@AlyL;V^Q*T
z_~0oO9baX1liG{yp6b8?64l$!?iy~hVoS(I0lak>Q<&Rxk>f1)G&Totph>RC_jCcl
zxSzEd=5Za#A)ghxF)K*R^2IW+!Id&J>~tGb>c}pp@M$|mE`l$4K1T7abPy1~-Uo;+
z0#wI}eo$+H*yaH<2wIRg;+$H_mw%nigdgc6#!k{N4w9fsnJiwj0MtLANi<`Wdr+}|
z4>Ml|<}BY{-(u4(!#`@pA-mqX;i-xkI#c6MeRv_SKPyB1WR3*deG~Q_cn;18)Goa=
z{4iiI%G#83%GlO`=aDt4ZCX^gmx|noANKl7K1dacO+sH`(Hy=QIAG;1v~q_X(uQo6
z>W>H`wZAvJqur8LFUY(=RU*^CGE}hS{ag_k@azkuK@g2`yaPr3DbM7Eq~>+MX3qe2
z`l)@t@__xljJvS=B_$o-40xn*LG~NYZUMgiOXI>m>4N(pdU{5SBml8hLorsv05|k1
zPRS#*5@2|Q%^{`LOz2zd#5k&Hb~s`8q5cZWh(Kn`0ID>W=99rPau5RrA^!C;BKkTS
z#!TPD6l=sE@M@QjLp6C3GMH6m-M7IrMD`5#%h70RJXxXU<b2p?UOj-)4EW<jCJ}7z
zGLpdC=fLOX#e?9$w#v$%6CuCF=jR_jz?P8^G6rQ-WRsb|9LT!dT=qg_Fv80gwu2-J
z6ugD#kW}SSLsjI9s4jtFM_lAWn~;cGEN&g!{5QtM$4Zh)3G)KPk>vD3nB1>JrSH{0
z)278)llG-sSPXNX011Ali)Xa;>k6{L-k`vbNyYF-NWrKJFis$eDmw4`g(8%k`c0W+
zKm`v)2H!@ZB9K}9RSi;Z{U*eX${GR}GW{p~?Sh%1-#yzi#`Nu98g^8B*<=PFF(0q{
z=NcPL$Oz>LFqw$)ofdSAtN&+Rn%QU(l5>wU2_d+!ev<Pbb`rRqB!dN{Fpj<&%~7aq
zSrC_l7h;T&mGONR>wE0x>OUb2ehHvLzYyfbIRrUPqJ09!J&3=Kz;UOpSbM$B%?f)H
zW&!KJcuh%mhH+0MHSSyNhY{G34<I0d9~-^I3rr-#lG`fiPJD}j|A`}3{a|Di*z91u
z7{ZO@-vc$*?QXv0Ju^i+%i&k0TmqoS$GwRPTL=XWQU+&FbN+~=L}ZHH7{<jw+wa#s
zr4J4)F!~CfI)S-IqK(=u;Z=Z`_Htm5cOYNJma)L%#@kV~1{SeCwCG{3dnU1*m4JoT
zKke^K?$3Xa5N>SG$zdy>aN2y2$IadW+Ti*uQ$rse(hyrc9EZs!ZKr(?fmNXDTSypQ
z6_S3+EJ?%ZNFV&^$WEe;S3gwaMbl}MpGi4Hg7My*^EFV)Npc4YznKV}lE<_q^oam)
z80Rp<WTTc61+v;T#h0Q199;)DAY(oHPxOVVCJ_v&VfuS+cd~Do==8tm7<mQa<#5T@
zKG17=!3%pf+mCglKndaP)NxAG4_x5<+;BDG*V0-0hqCJ}cf&<b9iQQ7>k-EAZ)H!^
zG2Z^qe=U)hg0@@RQ}aTlBBx&oYv3Cr=rd`2@@|%JRs*Qvc1@vB(z1f%!t(a71>?7#
zx}(o?$ln*}Z=pr9Hzt}R!<69@N6q!xSGhPMNF@=|mz^vLbM@z+{o}W!C!Y-pr>b1#
zF;%*M*r>cV1^ucrg%-Mc58L`a(*Z=PXQr9`pgX3;*`rjY>&A)aKyT8axti}T=zn);
za$JS}P(zjSFG&I;Q`pM@qPOEm1l08WllrJIiD~`@;skQo;!KiR#9h9YDGq`QA%MF&
zxIR%Bl39PT1fU$s_%*2954--4-3w*2^~n8^T+twxBNMZ##dMM8NuG5s!oShGtx$Qs
z9nxq_340oJ_2ig@Boy?l@gYE2W!aGtVZfnko31>%50v@1@S9V>-WBc#T{yH?t~}*4
z?Wj<?g=?0X4C%*-P4eMa$@*JJBLo<Wz?`uuPm9|}Fum<Q7rTu;#R3QzL}>4s`9FB)
zMCDqY%8JyqoieWd#V1$*qfAt5a$|4&Kl7j9&Z92F3~M*hk*Xp<07DJ5@F^5>O`5Rl
z{n0G#ce(a}Z8l`~H*F9(K@3>pl5Xl!Ycn9W`8x+I<C==|wtl0yc6Y`NCaDko(VhgN
zUmGe+)qdRg=t)m=Qy!UeXA5v93g31D`QWi#P^?wDo=EKo^hawr1{#5P4WJEW1Xvm{
z7y-6{duWW0Fsid?b*%;%{hGLwTw%FQb{U&rVGuf~_r>Orx*<F6E^?}=R_)V3UUeqL
zK-Dn36<^_lXl_kwisfYkv!;a))`1Pi&1@Qj^w4>P=jovR?ErAAnVDIU&`*6pSWuek
z-f1L&MfcDvxh?}7m~2dGmjKXQ`%*uZb#h4CXZM+`v&n#4YGm*$q_`M_)??9Hr(J*8
zkcQt7vQj7(?7*-jCw=8Lj5uO|u9_SsF4v_K8aYv*PhRm0fcZqqw9y3MrOGiG1oJ@7
z8?5of+5rxDBQd@!&sCgOqdXKESqVg`Y;ac3(SA$LFh&`z-D5m@uPom`e)~xGxjR3h
zz_P>wqPl?&gTesSjsMYlTK@OynRWoV7-C3fo&MWN4C*StUfb3zfV-nR*vU6Q8d6{O
z%HoeLlTC~$UmyZZWx`>ni2|@Es5@gA1x0lR#7``UL0;;;QN&Q;SaZa{*J^wGgy{#K
zI1D5b%rw#stn&_tAl1D9+}T5rLYXB>02V^w<!L9Hz0#0lFYN<I6kk3mESmC~$m5b-
ziE|<TNg_Ux02a@%!wYF1#@44mxst<%>?7R&MuZ~Vi(!Hzyk5}T^+g@(sJ4w!o_trb
z;O}kx<<m8O*1@Bbjh;Z}9ASdp>qzrwicKCI(Sm=DdjYzzy8P6~Iw?sfDuSFWsX@Qd
z=EBsuLO4LJyD^O2sxPYXy9il^!6C#lbXgTa-@X&W@aaKC4DlO`-?zaVg$)lumN2qI
zE5;Z$05*=@a70YldP-L#Zy*grVv}R3y9$n_N5?N^_q{Hj;nMpDhReN$z1?OdsLEK_
zq}LNd1HTzCg0-ULr0Wm#W0SO1!r^q+1xYaRR${aEn4lAA2AnyplMILqGnhi1Th#uF
zRNABYr3%ic54~pq7rB1?tfO+`@}(*Zk+)rcGSrHxI%h8$?eyKdFiZM>)dgEHaXRQm
zP=h8~aEEH`jSs$b7~{e&;26v0I4Sw7Th)yK<@aZM9mD_0T`0vs!sH4`aL+Mqv-3#V
z2XP?-SqXs11cRyJz{+2472^-W_ndb9|H)FJxK)kgANKRYbl|D~+++t33Av?XfJmk0
zLkFeRJhgnWePD*~8NAzQA)D}hIw|j{8|34+MAz-u6Kp0Qrw^w-Q4jbrmTV|hZ%$~$
z{eb};33bkW=0vbjXKCuXf^09!b2*xsyDOh&8ng|fMT9he3tkJvSesl`Gcs&zL`s|u
z+t`xE2b!*KJXpiOn!lbk=GO!kxq3+IjHz{#Ho4=7lEPXZ)_{+F|8b6C?|HwF7&cWY
z#n4w8iC)Mza3{)L1G;o>O|A(gbw*ekQSBqtjKk-PtP@fH7RbLYmb_z(e!Oa<$(w|4
z^)JS>aJT^xv#!p%s-E=)?;;=7=Ln(0047&wGHQ-F^3DCKOY`M!<>hY5-kC8MOd+`F
z+`Jg&zw%@67R8dUc$RM@Xd>ucS(ks^sXrITE;H^0|2L#>9lW>&B!W326w^PNjR;*5
zlS%)ffPpC+V;KWOZoj5D#ybOx-#7*(|MbKcb3JJO;5$CjoOGVGcj{wPolF6e3ULfM
z<;J80OMz|ftG>e{Jk|2CvR5M&Au(aenk#_RsJ?xF#Qa=Xc`n7~8Kfn8vJ{n2n*25;
z;9!4%dsL8mW=T!<TrgW_zc!5m#BF8-?!Z7mA;lnn-k01+?Z)V2+)%uA+}8Yiv{ODn
z@gES#UA*R{_&IrN#30=kPa2;rHEyEH<B4u2<%!NMH^q6SttRFFsr5-&9!5bP&tc2R
znOp|L08tYocH#m@At7v3?~ju3`|v*h{*2%E@~l{Ds2rWjRI+ALvVwbo=78bgZI-V@
z;4`F=Qe&oTQRXCj-e-7E+?1ri&or^4l%jOrnBk#`9Q`JhwYEg#I=?@$_^lJ_9nu2v
z!db6OxapM3ZZ5R{o6%N~R9ZV96H}?vK#US$CO(512j%Fmw`}htsW^5bAs<5jGv3$~
z2Dz!xq%KYf2_k2OqJrPtzSzqVbn7Rbp1I3XA%1hKf8Hu#eBSCHSFXcs);};1Thlq4
z0u;pezaFFoMK&HS9_VZ^0Y9LQc&zW1W2BWQ8ezkU({C^@5@dYmWjI}yXxLXhcy)++
z^X7&=;893n%_6-(B;IZ}t<NKT=s(RN<upL&1EkY&$I9;U=<T%uwEGf9u?lg`;QaiT
zqc%Rem;Y6Gk){f{g)B4G)iZ82OM#w^R#4FH%%4;7N85f)o^B3eb>v~dkvJb@%(&pW
z7vfug6tQ*Z6JC2b=oSrcEBQ-hRqNK~u?5QKp}L^UI+N{xs2eKj^DWuMQHSgd%&@ms
z7>}2*RfFdsj#!XVIX(|q=VuBg*H>Pc`$yZrAwONohfWL?1bZ}i05zCKu^-O?7S<3&
zBe?(vchf)Y?<@SS-gL5N&K@QRErnLW!9z<pqPrhFm-oXbH34D^RyEUuCqp;p2CYrG
zsPI+sHEz8&f)j-W=)OEQZ+q=X#Laq?3*c&Kn~Q<0UO&(CQeluA!v0gtjMGN6=xg8}
z;`jJ3P>G@DcF-g(xV+yDam*vU#?{_s{hoX%RG4z{9$f;?cOk;bNb#>gX^$FrEI#P!
zBoZi+{)Pd(hwz7aHe(!N!$E3e{xW;@_P@mcS9|($u!U&?+{S^=**=}NH2)cti4+ZE
z>AA9O%j?vAM#>5fJNKc%8)c0t-}Z;48?{ySB#8STUI>a5IQF%eN2{vpn@!lPs~VU(
z@6FTwA1JuR-<2-{k2n|A)u`x15V>uGi6Lxq&u}{1gGT*<@pxhfS5n3~)e&df{+d2D
z=#40PrE#)awRDiPY&hQQdO}mgztB;7zQ<oM(GB)K1vLF39MrpLcq{2pxWJ;x5noE3
zzi@5vz=f4?;U?l35|+TTRxlTs%>K9iqF^qL*ivP?iLgD1Q@4aoOZ&Qzcx@hv^=w_Y
zw|IjyW%gw1YdW;tB>MR6<ojY}oU-tg4x?Qb#`C&mC!#AcyN~WPyNiL;Ze{BhLamfQ
z5)4oz4*e>~igbEKzmsdA{lMzt9c)~)(B12Ild046mN(hVIXmr)BJAl)GtS{yx(tct
z#pmccZyhk9!b3geAw@1Ia%VN-K|iUcwp!w_DDjmEJ}@1Q9CE_R^3S`*3e#NIL@uvk
z_T7iC{qGvxmkO5rZ%#eOkXA}>uq<q^<RhY{YEM00H=hTzE^+*Q2P+a)Vh%#=n%jNc
zuW~su-ShT$+MdQ@IcU{HZ95K5KnJE{!wVk^N7}E4@}pTcAaRB%#uN;&&0tfoNVsZj
z<f9CDhgC=>RU(qxidYd2A+>L4F|D%iZtr={bku~}rlzhfJ^!ZjcH;+e)BIy;G01Dp
zxer=EYswZ3z*pmFhw6KnpyxxQ(r1-6ZN(dp&%_t3@kt|Sccvo>pfzF5v&|q9#DK9}
z>3GN}3Q&$%S1wfX#U_<=H5l(gmszD5l3;bbeWQTgqFixxhiaHaWC2Xr>Lk9vfLm*a
z0a$l^VFW+6*Y_Wz0(}Gi&rXNIM>ofgnLHsc+#5R#Hr``&bbq2Ae6E~UHclg@G||=u
zzgYC`I~u~`J|S{mM;bQCo#8_9;H-N-iQw3Sx+K?zY0;@2C%796^v6{wh&7gA$$@Bz
zeUMj$wTD#=7dm5a2n)RW0(okiwBvWCz%rQ5XG3&AL&Oy0p227@-CD53Lx*xdo}Ryh
zB_~oU%LFzF&~D(%!V)7gp&RVtW|BIo2EcWxs>7Ud)KNTQG*F}jymx<(E{^GMY==Ik
zA$7*C3A32VKGVbVY=&}eWJOyLr0OemSPF;AA^A6PZzM1JbY@ELIgy}}Ucr~IS~I@L
zY?`^wdsla)j1Ci8IK=#!*hO`KZ@f3uOKUOk@sIX+YMJw|sb?Xd4jH%}ZTV*AJT?U`
zBlaMzp1tt4={K;%Fw-gCt{g7T&u@^j3HFo-;8U6VCq}y!yHaDgnm*HQ=hlRv)>tZh
zwZm+Jn3;<ikzuL)UrIS@KiR&Qqi~&c5#kJVVUGV&al&UBd{FT{r=tri{3oG=x6=0f
zuc}0FY3MkndkGwt#t<;;@h>gp{LUaq<e-+p0bdna%(!jtyonD*zL%(>22v5Yz8Uk$
z!f|hbuis?cGoacE(MW?>ZKLb3gR0DEeydUfldS)m{F=umLt~;jj_=)1bIinneodVJ
z?9;%DO}h4!kk-qzBw`qkd!?^`GPQCF0?NfJ--KE*b2f6)KQI>?rC*c#40E3ctDA${
zg8!>bj1&daI=!(X9Y)td1Sfs*dA<MHZd<b}-<~~Qr-@v%tv8n$%;nczi*CLwm_2E>
zAM~r~J!^Qf?>y+)gs6yMhUBlG_g{Y*n5Ff?3JF4}H|!#K4QOA+Jvow$$Z6&nbXE*Y
zkW+GG?019@<Q4c&7~R!hAEle!o`|KjZq*iNiKr1!d^ZTu*eh~8kPm)7^n1jWJhInk
z3BBD60WG+=96yd;4Thx8P@jzfH6x%KcU_=&MNsPzT9}}N1|N?0#U?iiSlX$tvEWe-
z1^FhcJ!DUM5qzx5SM?6gEix6Y-v{MU!2FC=_ZERC`q3|3{+|YcD;vR4+%6=5Uw7;N
zz}A&BOqdu`&T0goSSEsSZncgk@~t^`Ylz!Ep&~$TteSLv5a@;pdw^mv$=Y#UNK(OS
z>w%(m;f)=<%-8FBvdeLz)Y-ZY0(T%yLfGz~-8vF|g-(XVUe0F#437`G{F*t6ojzsx
z8{xVbqNjgc6KP~<mF8c!cj`=+;8i0vtf!6K3<KkD44i;k+u9O2WRLgM$vl0(JW-9s
z|N1G~?^B!sE}WT@g~VQ@g=`36dgmB(4^`%GV)kNz3xaGNBu$5u&NqTA5DUN>s710V
zL_38xJ}O;1vZ$9UjxYeULCc!08+syfSYF#C5Ro5!hYmhMghjm-ohAu1H6#Z}jFES9
z1}XwognK6Oif`Jwv70cGUJ=7gZfkH&yjN%FYvtVs0S;MTRxy@5{^mljKjf=6tRv_G
z^sr^`y1#bmNP8J209vmT{eJgR0c(ixkozhe1Aay42c~kg&OmLEYM)%`F)t}eH$};1
z#?4kZN2WftnQ+~Z*`&L@>(Zs69s|lfc&WaPb3P3Aqp??z>B8nWmBiY}=0H`s^!;T*
z;>wjRfDE2Vall@<Ze2g3g8&(P!uS#+r-y$z+mMqFYYrxv(Vj4rJJ}ibu0;c;JEpa;
zF2RL}SD}z=Q0j*EgKfp6Oh?LsfiV6NM7w_Cl^&h#VdT7O;))<d=R5)y-@P8wO8hhm
ze<&-Nu~n6S`j#?5wTiw<af1)g?MDZ9D&a$q-MY^Z^<Ft#5g;;c2Y}*q-1_@f(tVwz
z1@IC9NQM7C*&)NU=SBYlU?<dQU`=s6m<TQ@ZZO+mlfwilM0J}V#i9NDxbwa$gFeX_
zNa}QiE2x5yn=Cg4S>OO%$kIWM9jl57TDo5LwefjAnsnh%@&*x~D0O$G4a;<}`ag_k
z=ha!731*={!=<QU`s>b(k0$)qn6Oe?lO5A3iVhNwZ-(PCUdi+BA@JgRD02nmi@Z~N
z@1|`4HJs-02&55!x2a$4K9PVje&}{b7IQRXD>NaxHpkRHfhtbi3bz52%nJKQsDO1J
zkoRh`x$)?Kql?ZRRw^J7&%0|)um*DJ*43Xvf3(y4%_)U~*=9432q@J;ggF>LfKiun
zmDDuaNxNBv@Bktx;YakGT?F&XP)0x+cQH`N6OR}x9tCQO68w=GcF=A?>i7EpMz0Z)
zWBaWURZAwO+x|X;hx2V(qZZz;@tY2^XYQ<jy&gUW%szV(FY99E@S)rsfKOd+f;)zd
zH;db-1nQz47#5n67x1sEKQYOTx&q~@_UQUF!+FS%7BvHMus?0^G@7-ynTqKiM77LL
z2zgC4Q~*{SBUOyBf%$aq_f+ssb}`Tx-aiEG{p>dIMWb<!-Ohu6GT?32*{|lqv%iLn
z1t(J6a5JN5t^k)2?rE}hGdY95r=CS6<jt3M9Lx*}J~~IzkiZqC`EzC?WX6k(z{+&~
zGO?UWTq9fYsJbOa(gBA^$8hnNV>xWpx^YA+xgl~PSTo$JSQ+y1EZ~H~oV{oMNMboC
zD7)Asi<}pO(nK~JV!dRF(?Qe%Lw88>vbBSKG?x8cP_vP7oP4Ozq^yO&?7m6l!J3oy
zl^~{<1B@iB)FCJY#{Z=PD{vuyP_G^b>Hl99DI7NV2Iln-2A&AjFe}^iQe>50><s4}
zO3x^GHpPG0G;8zkCH7m9O#aGFeMgZ{{U_r;X4$x4tX})3i_@zKF8Wuc)t5lD49Nb{
z*LDX&Qy>TQ{ZdH<uyObj@x&5yMuL%epzQxI5WhBGtmC+@3t9JnIhi-nvo>Fj#-EL?
z;8~Je575QEx{&}mmurZWb6(+q$9iw?QAZFTsSMBc^SN=98aWTr5k}*xx|B7cdJ=^o
zo^+ZX(2tb6UJj-6Bp(|PUUivWkKnb41YsM*)<4GpWcx3#AF~}SnZ7Z6e8Chi<1n0S
z_+{1q<MRB!zgsHu&b_FhIQhVh)1&)oLj@`*oedzv;sk=$vNc2ew^+H#klH$@os1st
zXuz+3GROjxgOfVx2XR`hjn1ednRBf9=O;oBDsPxmR4PxkgW2J9WtuNpa@8LyXhJ^R
zmlXLt1k215|Jxd28h4GIEmp?oqk|#1hBrtHt+?)0;{N2CNNU=jS}P+;;HtUpq3Uj}
zD|8AC_E_1&93#4hu$9wwn<XYhJp~xce?8;0o`^mU_<rVY&Pj0{cn)cG59Xk9kt6bj
zMwP%dHMPv?;v@EMLN-o-4gp&Kx><*LNFtpQbGu$@$j(rIU}rJ;S()a}AB38#NpK#!
z?QQloa#s5tkSp=#i{5Bstn_dF9jE3lKXOg)O5{;C6qZ-Jw(q(`JAuTy%fAN5U9gS^
zoHp_8Z?bf*PlOl$>0lcyR`cYGazf1Qd&y);ZWXLl**rs3V<*O9;oXaGgxPgI*OlL8
zHd^WfrHrBvo55Z<BjBks^d*}qODiKoasIqJyQ%Iej&wTmXzcD*sLaK~AHPPdT%q@B
z1HNw7DQe0lNLQWLeR4R|8AT(*$sQqB-Ih|=MtQ(qAl0>btgwUCcz;dp;uOEK6JxSq
z(d6qtwujx!B0gL&s)I8F7N!+UxtvE9%&CjSpT`$~En+3Xh3EVw5~>!9{dW+<uU3@a
zWy)K#1}F|JM;4o&t$9|obVl$nyWct-`*;blT!PM?*1ZKZEK(VM8d_C!PD|z=4LWJk
zr#J>0YuOLDl@67+XpK!N^QTioIbzuDu$YV|(`0$l2qgBdG=qj=5}aS+_8|3cGQ-c2
z%IaY^5qjSVg}U_PZ$&#78NRTM{fR|tS<^@2N?(|J3?cI1eM`}$Pk-_GElKov4f>ME
zru;h!K2wx;!bGutoE8bqgKcr7Im?mgOD)DG+C|L!Py^O91W9gbn(^}?2~h4N5F<}9
zyZ8O|*TFZct&YUeyXt-_XLW<Ik?)XJwa>q3O;~hvj3mAPq;rXP{3NK#lO`Y`75&?6
zaY@g%QgWkYP`D+`Em`s-rDa^m*y+!hUBQG)P(dlClqylvFm94<551QAAZNV#kJZgC
zl#|K=WCgre9b(b5#RUc|X^rqEPis~?ZvHiDMCnv1EWwg(Dyg|fjWOU#Ly+K>LLN_^
zmcUsT>93+oy%DI-v3BpUg-4=1yTqzi`zhR|uXfe?NWvN*@QshS#|TFseuCB{ForJS
zUS6-AY#@*(y;onN-|<@i{0BAE6TvN?lz;8Eb&e(4l(R$f+tv@vD&*Nch)D?J`);&-
zk10;d(H`m<Qpg}eEb~~n&OBb74I2Vz+j#cR=Oz-kEni9MQtt@2l^@iy#<%#vw51|<
zMq?dqTB>4`lrLQ!XEqsS8%jw=*{E-g;~RMvZ2Z6dFrm|sr4X|@p=<n#T{dij4DZE1
zq`75<<A}X?FAb>5d9w}sMlO;@|Ni(*`axM0NR<f{O%RW(@a@B~%wRGXTe6s_nK?Sg
zzO47b)<44wGs$mT1KFy3PHdSG`(B%i4Oqlaze1>nnn(Lq^J|=(7-CffSZg{CM9z~3
zmy)*-+9i<OR;9jL&HB`}V=mUSeetqki6+u$4|&*w%m^8&V(si7HRB^^<L{V{1SE(>
zpOM);<4E~qi`GiFKJWB!;E*Tdr)9E>sLNVTm8c`dDRFpPh(`C;WK>BZZ8|7r7m<vT
zQO^XiHQN=Dm5S4z06)C+=5C}A(pMAjB>K&A6bf9U^(k|uSxD}&N)Bm|w~9>4m4}{X
zak<i`>#@rcr2a(bx0PJFnVKe4or&4)j%Jm5@F{%7KhjOVoIKC*hSeW7VPnTEbBXcw
z2XVx9ls0E(;&)`8xQ{>H-B#sexDaWEJd#LH)Ub%8LF(ev-~)cBRmEl4mdFcIiOP|M
zQ2O^d_P01i-)d^Ogi^xbE@>I6X2kLF_2E}!f0cVL_MsdD7amk^@2dP<d=9cVTB??b
zBSo#nzA!n@(R>nR!&i6xyN~wy8JLLd2lG1L5l2y`RZjNx`W~&$SG-mt&1lIt9$%zy
z*<?~vnPY228GNy4=hHo9Ic*mSZ5xnmO(!MI4F|XD_EtREn22*8&XdDDm*49f6r>~N
z?oE%HS5Zy>2v9KXUhOeWxBPs6)uliWTb65~=1o=7FAmS=i8DQ98@RDh@f$K%=IC{+
z3tdmo=%G9`N@X;Ld`oj<s@5*K4z=>H=1U*ska!u_BNwsYGMV<{WTEN(_#N|a+7#c0
zXipk6NFm5iO5D`eLbeB*msrJ(fj<eE42o7MUX~r%Ikc9wZ)7si$B8+3zWaKk-p4L`
zR6~}4tUG0ipmm;R=iN|G*+1b;9>$88@ETL}++10f?h9H1Q;#Wa*bNDnGv;ZnKLavd
zyiJiw)ceB0qfs3*aZGzz4uy1&UkxE%$+vW@VF?gLih(!-^$?YF)&7nj-Bp5I7@^LC
zkf?L_&jvm+yVfWBZ{JdFX?i*$`K;!<_bR2o-r~+NJzCu5VhX50prprWM;PgCC^%MZ
zSV5tW<2}r3Cnmi9l*;`x^m4p5e;e}t2>tABkvtXRTOSxwBcqtUw7S(6T@SsPn)P`z
zF2`?brsT#fK6LyT>q2s_6z563ws&ujnYSV5eDT0!=Y^I0y4SIkaeSzHt1Jeb+MDXT
z7Ps2f1^tu+sXcT_tnOM$c4>TIpyH-G<fqhWttz_ih_%v4D3w9g^dev1HbFLvC6N<I
zGOV!ZVjkhFts8B!t#<?JkDKv@w|{sZ(x78js7!a+WE3&YJ%4M($~%xJ;{!WQxV!c1
z241(^Fkoeu$o$1mTzkZzvq+yr5DnZgNz_Lh3Ss0F-<MCSKJ^R4HP*o}R4+nCayk?E
z`$Z_cP`?_Vn5P3f$$HpL^Do}uxn~6vw<N!%*Dp-|>@&eiCIxxS*4(|^hnQ8&>-Pb_
za($nf>>`VmhIC1dig06nbCLar8UcY6tUkmZ5@5;3hgAJ;nkGZiQ!b5fu}iM}a*IXU
zpG&yA@sLW5-I6@D=6Wg0kyfUjAdArJl?kXuD9UOWTlz81q_kYFnJ%P=_OfDE5<7$4
z)zm4z9LeNQM?lv28f5c`bPHXj0jiN*^UkMRY=zv^>**IvO;Kf2f<`e^A~i|hNQRHO
zzyh{3>~iGc9rfPi?O;7c0dMhNbn$xb<14*jneJK&C5cZf=vBICKMBp{N5obfC=G>)
zsa@O+e(YxVyeuQz2Pz=4@Ws#NZ|wNCxgQAV&{$+u;3u!=?j4q^;aI>pe`@V>Yp{h!
z*ftZkqcneFL>a|X3ltw6XrILwXyPuFc6|^YPpa55>&4W+h0N3qeoA0LE6ee;Lpr`3
zU&P*iLr?4z@M*Tp-3%NF_ux6BowtaLZU`R_fs5|R0n`CZ*YRAsI%!_c=T_$rGWUvG
zS5z0VxV)N6N*{W9`hu&D77MH;Z+ekYaawnV68X7FVta?gZMs`_-8S$0Q-@eWIE!Ak
z#)}Zm>*rpZhi|jXOP;??hFb=UPda!OOL5LkvBwlg)C<jP>9s=tr_>r?0!u4W2oHXQ
zoE6RS8lhp_w4|&gvPvP0_(Ik#S=}W*ArA3n_uBupf}(zlJ28F>?R-*ITJ(?8>BWWn
z){oBNYVw$(6;sr_S?ionOWcGtpEw&@Wp_92h^9#J)$wC{72lqH(`qT_4U8{!lE&mP
zE9kN#e~9J@AZuvgX21fwHZtt7IWV8Q+=(Qhf<8Ee-DJ8fHRq&FUr-$JE}xg202#Q+
zo-jw!?>*&dqIqnnb5U(Yg!-Yi)XhyyA02dZ9!vTKmkV<~wKDC?Ljv8H1+ZfUEWg7y
z@KOyP?ek!{c!@Zyl@FC>8}k7KxW6~L!uE(k+=|tf^WQ4#%ti4mnv`ftd%wif!VS7M
z5}z?4{b#~MQ4<%nSNi*H@c!xogZV1t1o1t_D}jundMf)Y{ED#ZV_6H)1n<ApBEqL1
zL=qo6dVH1m9h2tM7Bc^o@>8IfsvzHf6sF|_|5{<1v7~z>|I%B}phbB_8H7<@6${Eq
zpq*)~OHIvH{rV8rCt|H5-v`p&|6;-*0;-F}ZPYQXMUFHM^fkwumHCxXOeO}FNPm&~
zJU}k{P`VmxH8GexZ2T9WmkL3up6GKiHmALE61^v1pT8*7B@C7;^5yzFyVAk?Q@)K6
zpLgaf6lm`Q{NpUz%&~q7wv2zF*f>QPTt?RNV|nK2sXOlwtG!!LUl`z!)5h+l@$CP(
z%sB66XnoHdZBWPQemI}cmt;tBU@6PNwGs#1qJmvD{mk&TlU#Y8D|LIs>N&Cg;37F}
zX-3nX#+y46-^EyTQzC=i`VB&+iTJv&p89WJzYsfXfQ5jlmX^YG9Z*<E#Loq9hhtK)
z+IIR2iOi~1?D{;Pi|~+-nbL{fJIdhxw{7I2v!aB|h!Us{7asNUz|S($_Ep?HM9S^K
z+>PFj7$3j1N%Ibk?S|@R6}1^_D%zWLR6{N<W#(Q&wyPM6C4Q}ReUfVRNy<pga7`}q
z4kwFDEC!$cQjwfS2x@|qC?_NCpGAF_O?6c4`nyIM<m`iH|5Fd;C8Wm|GSp>x5X0w!
z98KAc6<ZFriTf5Yk=Fa})czO38J!NAGlDrFu6iW<_Jdyt#*e$fu+&>2Zr^1|SZnbo
zRrO%p@|I0pZI;Idh6~#&8%noh;P1t^bjb&E`RjdI(}(F&fj1?1ehQ$EI6zk!sLv?h
z-X-N@y(3JeRx643ce4!5JRi8*r@1xrQ(6tM?&^p6_~1>>evf(+{?U(z(KqP%O;MMM
zDEsftoWal}!j*YHJOpCv$bsE7VI#kkuo@c&`RcUrISH<2ZW{QAIK3Z^GFCLtbocwA
z4!KgD5zAx^n4346cRhJ?N4reStMz@#2Q{6i28w`_^&<^M3+zD|E4nWX#Hx99t;GyY
zNNi12>~VP#d9p&xtc-69H-0I>ZES0RczWuFD={<Ji+Pv|3|8R0F9o|1PpJzrxW)}Z
zqOlI{L&;Ov4b7FCUDgv48Tz~G!g(W^Env^rW7}1$EeMh#8g~R`KXrOvqazZ>`;1)a
zevKuso;6Pz`O6+aDVu^M@w~7riS{}I7W%tlW6Lt7?`z`K9PlhT`HQxBQ>m%u1x==G
zL<+f_q+=e@(ASU3&S>QAAtdc$UNcP)+s<|O5k{0_k8I`%vq;IT(WTB7L?Iga66(tO
z$aws_+GXtdVF^lQ`Nz^8{YoN&e*KT=Tnko<hV|yKAZl7VomS*)Et8B3X@<0w<4q%=
zf*2}Gpw5&}MQo^>@0*+pl!xXG)-DPTedO5CO8i#74I3>WxU)nJ80jj%!2Rt>XCr#|
zqdm>gu72uxlsoUDfb&qH?czF0?3PNAQuM$rfQ)nFT(3qRzfgI2U^^5gSf*wALw&EY
zAmbl);-9w<d~%7Z-gV4=?$ntIF=6W;#0{4-y04|c)#2R@C9UfKsfdiM{Ocr&Ia#5H
zr;d<!()`F@Lbd{o6TJ_l+cT^`^x+o2IG0gg%!57dF1Wx?x7P%jiDtRZWsBKgs8$5T
z6)N5<GB35WpnJL#)bf;_b#>VpD}CODY@$f7E!v~@^)k20+g}l59w)^Ew>4I9&1YhI
zH26q@Mc=HOY-RsYZmJ|FHGPm&Bur=_zEGv;ng`FO=1r{{g@_8{A?UvG@I_z8CYOx+
zQjyAGZIZ0vr42Y<;B1|liT2`AK2M4TO`;ZdN*fj<hKK-bI#D0X`Sy>2QPbXhf?qiM
zDBiFt?!DVaQmo@a>@Vgg`o63AgF1~Jz09r4_Rl@7`uY<1BdM4L(EX0hK!Zc|oCmSH
z+p7Ro-WJL4ts4D$BX|S%D6=PuKP85({vysi{&hCCS?R2HOv>)A8jRE>0q?^QglM2C
z*!Q)G;M}9jvf=~+HyH&N`hFnC&vGMFC?OZMo_H#mWBmJSy*kVqRy|gM)1ahqoo^$o
zF%=}=ksR)0%FUdRR(lEyIMWkwwa_FMgX$?VZeBHJxkd;OA>A{IT1;vN)(^G3L*YnK
zkq(FpEH<ZcL0J6b&w?9EPAxBz`WEe{^%WX{$ZFgLmSiyA#8CGS&H8<7tvzmsSp;FS
z8v>*?;^Fk~NYx@8Q$NdI>kO@Zu8Dp#J&z7|qyN619p>FQt}yhdwJ%Udw$;(2R&7=J
z%#4&a(1Y`5f>q3kG_oMm_qN+T_-`W>N(gk;P%Xr@tYXeH<x|=ld=SE?@%M=wDTY(h
zVbQNA5y~u8i&5LOXd+UjXTzy0g{i?_UO$V<$K(36+3JS}9QO6A*16)|NaL2*unCBP
zpFUDiILO!V{!D12-E^7a+j8irkRUH*B`ztYd~ZGOwXBV9X)LaOi!aR)<C54lx9Fz&
zSgkq!ls}sL{gLy+6T3B{*$LUqT(*1L+M&+XD@Mnl14F9Cv?KYTd7<T;VRG`BG;v5j
z+4D)`2r&;eZC)CLbGIwI)O%o@NvFQ=uI9p1N4mwLB90eGSpMpcfy!!lPYC)Li?XG`
zT|m8HM^M(;6ybQVBOE^r?1p6^a1;>J-iG7t)@b1Lj7Xf`76`UHER6TR0Q$L_dBoLa
z&i&VfluhIQY#JO-TB6vWPC|?%VvI4w4U7&$HWn2vSgA*!2K3jT5QU0ydJM}0B(-aI
z?pjSU#uozdGiV4n*iFJ|P|SW}TPXO##8Cr1>uyljJCGB$^DApz%y6{QX-Z?2>NJI_
zvGg9T1R8rjMurX)Ql3?xFkS5q1X7kze)Ws^YP$hs*vgP{y<t6ku?B2oDNM%Y>_4MR
z)^^KGeXS6=zyr73{j?3`(m`E|@v}d~>^I8tPIoiRi})4zbx-xq0Gx|Z`ZMtrq_u7s
zu;1@Gpk~U(B!ujZ@yJK}A>v|b0UXjlG{L8j_30}G+Q$hd4dS94m;_3!RNBb8QF8_w
zFEsT<_9oO~&1qKh2zLe1e30lZs#nn=lO}hF9V5r+_rc6_%lZ@_+BruJYF;!k2)@l8
zGU;S;r;}7QRMPhnn>_0ko-MLZ0${r<+&uPe<G$dz8#U>|K9ksnULu;NCVq%FSx+#}
zS?nR*Ie9iuC(&#jzoygr*{D=;nEv~E7Ni=P`o10f8a+yaCK>I&8A@iku4I>QLOG#d
z5OfnH`dj{f*c|4tuhR;!5k))UpiA-f<hWDXdTFym+FI=JMGaVvW$BwF@6J|olz<;@
z3yuQ`l%s#UWg{2-#$#q^ctl61ns&As*_Z^C(R~2k0-~U&_&5Q4huQ)7@?B?UN!t)-
zn_pb*<Vo5_l>`#lk}{lS5V21fRA|`G@qztCA$r4M5zrrJt6CGO3(FiTJQbKx$st)*
zp2PPIR17F5p<$k%f{9us^kZbb7NrgkEV@O7Rpa(_^J7>^y*@+5;O@09XiPRiZ<SC?
zLz+GYb2vW>A8c;zI={zK^w+g{C>>~;KJL0fu@2)Q_iCu?JS{SRrGY(f&FP%_TlV{?
zoVu~=I$v}4Dkd*|lKYeMU~^qXTQF6BPZEV5&9FPnHz^|R<AR1H>ow-JQWwpRb!MAQ
zAzS^jtj6L|A8kdYdScJ#?<3v$O_^nok_-A?uW;g~yLg^_gAJT9is~OaIegUi$Z`Ut
zd0~Rgne{`%z7;Q!0k)BcufV<%-Y@$ewk!8w@XFPb1|o(bSNpV@Ex8XzVpz4QS**(v
zufB#u0ka$Wun?<z{YNX!JpJGFi&+v+$eXuO+#^FUGOlhNKiE=#b8{1~3uv8;HUO0#
zv*Gs!&*!slX1Di^<ZpXrhieqyE%MKKn?C#0e_WXoNdJ&neK>0`Mt)!w-j_9pU}ZJB
zi0;Pmt0e-0niGTA>8l#))ik5_S$|va+m+#V#`4kL_up2m$m&kX8qYZm*psc{;6!WC
zU!RJeP~u~N<>YzjB;x!TS8wBrn69xGDAR6svT&`($wo6#{Yj=FNz^F|Y^gkK7Z^w^
zhdoOpMckPw)ISwUoVFn3Eii?(q?j`{acbRneRmfE`vExaXJ_c5Jr%EH6=E*Pl;3@K
za;x`6#0LFNjJ8~TXAhEzhf{3-TjJe(w<AMh3<%}5Vu_<8g4@a7G4N6~BMxhpuM}0-
z_uX5yaFiS(&c{oQn<E!V!cAbzxQRLAtTHyUj4bVCuYN5yIgLy3Pm`fnUu20Iu@SDY
z=?{4g2}IJVX@h7!lK9s9`W>A0(CYRMs2qOqfuW*DaHuNS4@X=xfmV~>ZCON9?%!rO
z`%l=xBRkI$-}47%s7_+~u?j3fSG{R`ka*u8QhQDY2TOW7Dw#`~n-h=qehiMdf-v*~
zOJ>i<bGO*m%}E5FjE!>`rxYUG1jZ=n3+&u#?PQkxiT7E0^BZ5xy4;R6Idi4dfybN_
zvGuc@2LW3(HXA+#>xkKny?!{*KLXSDduoY<xaN@j{)dV{w**?v9eON<g1n#Yj8U>!
zmBPZ90$NJ?JqC<uM-7jtoX+9;SMloA9;A(!qsy)2KUrkwOVe!}w)RA!5`mfqm^q@a
z;&vs7%nejGePHh_D!5L`Kk8Bv=z991MLN)g@z#;K@0d-qfJ%r9JZJH>=%+{<mRymh
zAKz-zXz*FRSWc;7&3%%>=?rkxz>DChOod)UEWYZNaaQNm(h`R9QCAU60Ftd6z~b14
z9lAo}FLIouoUJ~?iprcS!U|Imwo+NzcZUIxkueP<q!+k5WJR|yUfd@i_&&?M;cL4D
zensTj#y+ydJXQ!~6snn=jbd8s^}V!y-y6Nk8weS(@L-Dy&Cwn?%XtL!TW(r;zc`0(
zsHLloUoN9DyVETw_4lmb5arTAgRspRo5~I@DKFT^GfVn-EL7y*$ZA+_+otVMM=a7l
zS=z9(z<Li-ieh6g-$OT`--goA1U7x6Eh`a%ar#9*pG>7f18ObYU|fGw(HHSQt3xso
z%cKD2JgIT&^2J;(2r`8PO_e`5aab_K%>PvPlcy{2_c?v<IytHCp@CF<EfBWU)wGdC
z8GXf2svFWvvqt{W>X+bGY1Ux8_@g%m)XS&7?IUtsYDS-ZLb`GoW4y(*lv9*4Q!B6^
zsc4aB)#81yTNnBwkb9t(7uwQo1S(PlJNX@FzH=*wqJ2H$3R$ms)`zBNBPmwTBcgSl
zg{C*%PT#cT-*M;Q5k9VwyopD}%|tl@{_e|SYg^i`qWr_Y%}K>_`xDX6|Ehe3f|Mlx
zHBn~1#=*hL=owK$)(%&`U{+305yzo8FbnN>0P4q<cNI{?eMkw}tUFmYn})N4x%jX8
zJI5(rj1|gKtIaSNG6EeDC--1V-#wD2QSC1HwF^(Rz@KMs-dvX!)O*|h&@+@AwtCO>
zU?shP1d0IWukYCAJp%U<moZ!hP;uJsO?mTCx2OwrWM3;Hx5o4m9}jU}8%p$BkAI2e
zzVu6VzYc%U!4}OuQ&o-PONl!sQS)+V8r}EEx7W*F2&884Z@J^~lnT$nm6;LPqF?mb
zawJsQ)!<1JBYtEKNJL$KWBNt{Y@62L9&7W(xPgUOqd}JOTqhy+7RRKl%Lhezwd_4=
zCC|$Zv!JE$o-0OLz6X?6z%$jqOS?dLm1@?)MnA#C7g8(zHDnL+6M33?f^9QS0c0R`
zr24i{Zi%B_Y=5*Ek`Q7zvCKmIA!$WSl-fg{JT?ioA{3DJS&AS$i1N}^k&0QQQwn7)
z#e&r(E&NxQT!`vl`4j`2gizWY^=U-k`I+C1uio*uh3AuOS`Kk?4R@Nq{j{x`@+Ch&
zapwoZUZLk{xV@^tp4KM?$3pQ-RFe3qr6l2Z($bB)_B}QH{)8$pbj~G$o~;F?#arp)
z$&UXo10?+0GY-y6z$i5aWckck&@$pA2EYUgYv37CCpsYw$pnVHyV--5)4c978M9_)
zrVjW|5hIZX+y)bOk>!ehq``5zqq$KbN1XSa?^v1BN8bTzfRU?X#);>EbEhSbhcaB5
zi!0z!QaHmkeU<#m+O0lY?6ou0l$9$Vn%>DJYLhjJ0FST~aPpte%MMl}5u=3ldJRGy
zmyU|;9&jgAJ*Pt+0!!a&&c>hJ#QGvwj0DF?AO?{HY@IpH{sSJiJbUXNJ)&p$5e9j>
zvvb3)c@+dqlvtp~+sw}aw?@MVa1{KFLOLgLZg{4~3O7nG61v9BTD%#~-i&y48<!iW
z9n<B5xkZnzZ@KgA`ufby^BthcU4qxU9I&M8EFi=9y?cio&yNvjZix#upI3IEWAtE6
zj)U-k&UgoOe~Ik8Is$ZYz?Xbe=SS0PIcx$iWwx9zf%G9~9U}v;TF`xunNnKC5SOa(
z&OUM1rXL@9xc@lbN9KUiRv3-Q!F{XfSq)St0Q!lH^#TjXkAh_K1fE|)Ji++a#-~^H
zfUUXyd&n>dekc6-WZpCDd_FtUXbAe-Ol88oW!CUeED|2e7YZ`H<9=!PTfQT75WmuI
zG98SiAHRw@$KUWDx(7^T|9oP}_&>qLpBGa3CN;Rb3;BY}BF%eFm7f7ivhNv?_ZGMB
zNhRJ!2)e4p;0@8A{o=y)p0YM?gTR{%M0Huo0VBswg-dAWJ|%%OkO+ITQ6dLnkM<q!
zrz)!L9TTlPkp#BzYYw6yZO>r9Kaf)obJYy;XVHJ=`RifVd=_kK1Mz^{xbsx65j4sI
zM4NNFO_6_2EhuQxdWX)ABZ9jV{yW#{-lGw9n3$vvNtG7sHwW&1^ik-%J4_()RbWXN
zpWjIM1m*$z1~qqBn9W-_&<8~2N$#Epakd0`U38O}(8?Bb>0{DqpxD8YuMFPL9$x;K
zy#I7MOykQu3&a3wTg7s~dxicO8JCNzjN{Tuha-2Z@$o5vWC7rId5Mt-iZ4MgwoESV
z&627QqGwU`TR?oynJU19x8`(OeBV0ee&Fi2h`3O2o&(M{0bC>{70jM(tr!g|iQmcp
zi8g5EkZc7D$wG!<usO;`M~LdxH7K2TQ6^yNAbP`b><e`FUo0jb{TwixbIWRq^O^_j
zr_v^0aVo-*hcZYg9JxX4-cAslIw=Z!jj3g*bWd29exf*V{=}}F_?B4}>fDmA@MY?I
z_%n}#wPWHAF5DgQfGrE{{q#aAj1z3Xtz3nXW`3cj(e)CT#EPUWRNfqdeSs>p>{g<$
z&;-7+v_35ho5kP}H<Vuu#GXDMkp%cJff%Mus@%>2=i@z8)$RK%+Ex(rcq+0?`173X
zjMH6aUfP=a=(EK6&WO6Ai?7BWK_sT6(G;m}JXac1WvVkg2_JVKYicd%QX`OI%G^oz
zqg9ymtrdB3Qr9rbJ^+33!wh-8gE23?+6@y)@m+#ug*BopanOB)Ww@1;?d{?Z_+8?{
zN=yyThn3<emgQ)H<iZ2?B1`UPO%kI33)v}}#@XP`v}Y^aa+`I559xLOW57*{LaOT7
zAs}m>zV1mXr0;gmB2kbZnVPTZ)BayzDetnn?L<6a`QKE={o)3*2=9moq7BeYO6;i~
z$=||;gvvuS5m82=^3c+ZKD0uRqwpu#wNG@~6xwp`=l4KwjsWE!_Rc6riWml>Nbml4
zMgs9g&)Z5R83u5vg;?mxW;*U9wkzfLA~Rn92=W#+TF_H~<^p=hHg`4e@1NNV9cwds
z7L@S>T2L|}+511z-^x<N1EX!Rb_js#{F^$pp5P{b&!@KB`%na-+l&X#9<VpXu&@gB
zWzhWTx@I`?&i*0SkzLB!ke^Giq84QWF0=#dzd9rc_sI(`R4ih>#x_eU?l?d>?kmMn
z42;<JlNNNvs3LL482OebN(^ymqhjgd^O8)s`1NvKCo)c~zgun?V_m;rjz+SSLJ-D%
z%Dg8Wt)EMLpL^((0!icnPlnNY>Dn?3Tc&ZtbPt%He>j8IWsD|8Cn$x_xK(7D(_bOi
zJisX{Q<m^-MvG$TSU-qOAND|6F5!DcFQkt<{QJls8RH8VDCS2?Nsy5S)CN5V%y#OJ
zVeMrguQ%gC=t361gSq5I@feaSgJV`_K+8m^DGP02n3aP^<lOvTDmU#hT}0BCggF6R
z;I2F2_x9(2^S5@`^7jUte80mIwFCLNaZ~!pCYw)=afowJJyBoD2nUuTq+KoP`AJ){
z%$-{ofqJx880IV2g_&31hQ3xc<&Mj>pp*IhxxY*a;Oa~ekpOKzHpDsEdSe|+i%_r?
ztc8)Pzrn#z^I7JZMG=za^K<BXaZ(tPeT5`xwm(eD*!D&Eup(g=EtdLpud|?eS#uK2
z5T&axLmb#%E~vN2In&aw_DpG#cI%(dFtHvkITS-|BfSx_F{~7QDVDo!&)aXH$wy`H
z1Y_^F1hCv0+5x>5bl!uZ&NxWQ$Pgv{`$K8GPf5fXEgp{KH7SQlirvwh@7KD<5|Pn2
z`w$3~%8V58W`fui(Z&;(h4UxI*!ykxfajm5%mJs9y}QLsVDKt@C`eC3PzQ0TXXkw<
zVTv)N*iHsfl}97a&+eBeK$XoMUWVO&CCfB!mPTr*H6I1CD%qs^g6;t~b~6dOy@4fg
zdXcf*U)8wDtwSd1q`)dO0bNyvR_pT_#c2c_$)VD%(OAs{zWwnUZ(r^iCi{B}Zef<)
z^;Iu7CZry)f8MNSgj^KJ348-7Jte2Gx`Ubb2FXjkB^$xFDb)5FMC)k_dOwbq*WB+i
zNOdh)ODfxkiF^@D)B8HiEYSr@WzhIG)FD<6*eh9^b)pAp810q{+*9SiyiNZSc}_Z7
z`iV;5;T{-cW~s@s$UpYsP8kBk8m!hnIa^6U^`7{z%*>pHth_I{j3n0f<u3=v;!7ks
z;D&|41O{(}1!XT2&8plZ^-)ae)+r`bau4|+Aw$5PC1LTBe)M@6L!{Qj-jp@*hdReI
z|90@}4^+ob3`KLm^4^uR@>rZqXhMbVTI;nJ%HiSgoxbfKR>6C8Pe~1qU|GJNEamI9
zpE}@3R!fRZhA=PV$dn<x4(9=$s=>xL%O{W=Lm~<lO~Ld+1YuoBn<rPd$O3OGRPklR
zn6*l6oHzo-&{lp2SBez65hK?3WWf{;yP(-=(D4*lGf{%Ty7Z5!OW49+fZEaV;7*+b
z#=EGNJ3@gUczysir;bBaPd$GBQ!k`JrWWSfj6fzkhI5D-a6(p%ep2=0_I_Bs<#uyx
z!^F37Z7zT?*unmZGGRfRNwJ(BW-4g?yadjF55bOhIGLuDG}eJrwSSpPZ4tr5!KvfA
zgkjw+1{L1Hlf?;h^%vG>#^Rw*b;1Kz3B+BIy&qu?cv}~NNdjw5s+bUq;;Y$@y%Fxj
z-(s)I4TuklF?=$Jtt&Saq-JTe=o7mou_=Us7}5X&i>6Lu!qOETfpLPbza!Wf?YkW)
z3)&5mAwX{fNty8?+A0FSL>dI0FYLGbUeM5c`^>Vt46cbyIPJivG}1&!(R->Yj8w}U
zs}2j@I7}9}Kv=Z~8UAEk2w8wJ3px{O3Bk;e?*?jjHY?uh3EMLZPwW5aaEQ21$|p|A
zBy2Cy9d6cK!0hy5t%m$DGt2F56s|)~n<B^o%k5-*`e((b@l$>PeIqv+<y{<*U9t!A
z*X2?aEJRmk*<Ax$Sp>ZNT3FpWx&^T&(dtO8#QIO6X^F3qg;nCCG(x}chFe-sJJ`<w
z^K}4oh*;my6nUPJ5)?tO94>^_N0&LVA!X<&kJrf@G100-m|*RBSM*KLL}e&8nAL8%
zXM8i2IQuJBq9M0vJoMu^VBZsNZ0zP(xidX95XNsmYOd98MQI~DNd<Jy!rS;5ZTx=<
zbPt&urtU`LD`1=4P%d~MBQM%C9Z9EbJ-0U6=M_33ZI?<SU42P&z$~(C`KZ&b9}f<P
zkhnQN)9#`2Oq=w8G?&Ln(?7$tv{|EAV!QCzmWX_YD`63$#&N%;JJrC>yE&y7-UcFC
zTVJNP&jEXXTp*MG+w<*LPTF?aDUeR@5662!2Sp7`MoPK^wd5?3bGB$wc=O~0V!~7z
zePjS3Z#Voa&(%*n@ic0Bb0uQW*&J}|$?^ZjOi0I)r3xLGjYvD&B(1$0SO}*u{Lk$d
zlYPx4dVYJaYEh8A@(-%T5($CzyGpjUkj#0c+wj7Gh1o|r;Aaz5q1PP$Gi5;bygup#
zK@tLi=GZa8Sy(^+DAXgbtS*c$kQiJ?eXr3co9iPtl+#Y%1e+4OtVhC!i*@084ir<H
zmoJxL4w%EXJ|qG6N%&kQ1<}Ad2&I$AxAgW83{A_Ez&c}x9v*QWUPPzGdQz4RezG%4
zZJ9F_H)#o6{<SC3av6MStHf+&higIm%I<w;vKDUxUC2$mV6m+(px6@=^R)A1fL{Zz
z%F&bUi0>vb*|3@3ucpYK5qPs{0LmL*;vG)8o8y~QYH!3rp99XD_Sb24Zn{8t>09i)
zQtthDCYrK{o1;%T`~GgY_k!5Bq~BH1GwxUwQlX-h<X)%shv;^eL{jmupC{<2#{U~Y
z@>5Kj_Z+alLH$YKIlxvZ-Pm^6+o2E#YIX{46n?{gScEwUca%uq3)h|Y$67%t;=^h?
zyc+f-%c-`nBM$wYy)(*@B8Gt|(!2ki`QQf$=53{t03x;q0o${gOvmlScDZ~*Fm1;*
zo1TM^%mdzsdpYCNQ%ITLK75=avf_+&CS=0mgcC;EZik|4$&bHzM!kM{$uq3!qdXI8
z%jXBfe#1xRdy{p#>XJ=5GlF(^AHj7D1hITI#5Dw3;Z_UD0o!mXi!0wI04<W&62?NG
znRP{DqXLa9W^R1lW558f&fhQpuH99-ZU-4$hAxRrf>-b|WRB`S)92=d^hCfkh<TQB
zz(ms(r5zjj+2G~YP0^1u6h7>kP(%mZ^gG_UqIqHVVv+7pXH8XHY5aFs1sSuFbz|Ky
z;=n0<VD@gbf61WR1f%{c_t{(fEzWbm`;6$WkG!4(j`o*odm(`J$v%8|g$S&xK=y`T
zycA#L1RC`Z#2;8c98!BNoZK!&>;2(mYjO-(`ns^B7ZmYD8CE^u!-p*9khWh>@!1LH
za&Oi?5aK_NZB;%a28vR+#$7!Hx<5Kx4_PESoY8$-(+}58m|)b2HFn~;QoHC1ru-gw
z9q>|CSsx_=Q_ovqfe#ihq{S*FM|%=v5wZ1kh1)k&Zl8t@>m$hzN!}1&28x_4`zlOd
zqD0b-hLA!5yGLRUW56RJJv*Kn9Mz9sBH?<mx$);rSp4<F<9{JVh))bioPVOt_<26c
z_ubfYA%u~6l%C-uSfsP{ce0|k6fU)_adSAMm@7d7nsg`?@@vR^bhgv6vk*Mp#$J&l
zVio!Er^^Ay{yJZ&`pd1ga3BfU1I6d&e)uSy17*@dfSBXjb>Zy2rMsl{xBY>Y0@P3o
zUsz>QC1(-o&7}733-Z6a<=2jarmsF=6r-jrxXbobw`pDNcuA4fYnXwjebOc@E8jtL
zMq>Knb8?@Oy@cwW1Q10Jh<)LCf}@+Q2wB0Y<m&r7511?jl@<dqBv?wB$1dj(VVRMK
zB6ILH#W_qQOF#1UdExDVO5k_~a9q|q5n+K~W8la=bumkAOJfpFOll504;1EGvooGB
z&P^wIlP&gqT^t&ab3voLIx9!#H$gHd_yN<fMDK;VJDEF6gl=h{4IdO1{;FNNeTIlq
zdTy&W$V)qOJ`81_nX?`GCI6_=`$coiF#^wm&U8HoOvcDI@o15hV;g^d`{NGTj}BU0
z3S+h=OhPPtbpH()B|cuSdr0Uomwp6)D{VIu5r${5lI))5X*QOrRZ$O^T<a1y@A0m2
z=>9-poILPa<k{rF-69D4g$`Lv$ufIPcy8SZ#?85y23a~JjGWdhQRG5Owhq=vaNG%&
zadW&@E)$l{h4pAO#SseA7w3X*oGzaqqbtd=ilbHi-Uh8$kt7F9I31E1V6&atH<f_d
z5lJuz4`b84h@<`R5nbxaPfC0~XJ9T!G|WdILe^TSuCd8jZ%kMvX}TYkryGNO?b@ov
zn`%$Bg-oLPnru$iF^9YwUFoFXwR(u1+mKU7EpnIhBF`yZUVxwwet7l|2xq%E(jcX<
z9IzYt9?Za#Fqtm{2n5IKqD60sN6#16JzpXpK|Z81@6TyhpmKz#wR?q?uBlZ-IK5O1
zqZwu8AIYCjdGmIu#oM}%zm|3@3gk^TvU|WJM=eU+z@w!|d#7spvSOmT--4WKKQ63u
zrWkrSv4V99)dN8ba;?>#D<B6z%mE!1#Za!ucv6M#b}=nVI`LcY{t#^nh$aWz15v%O
zj_0B$tY(x5JzV<s3;dx-CT9}cdZ(C8SOqU4MWKOR-%R#3$JdlHP@daY66lsIbML`w
z(^1~`WA=sKb6C=J(r!pLh5=I<rj26vD_qU!{k_H!B%TnH=#e<$sG?74D%`qLy&IFh
z%ByfykqxDYFjKVqZ7~uTViT;Delm!|8)2ayHHTeA!@rUP?hgk(J08`Oq^o$91oq9d
zOG$Aw98QMtFZBC|Fi7Yk=28v7>8Utmg|*$2>o7E%X)s6R@&)R%r*%IRGDucluH+#k
z=Yn>84B5erMc~>0jueQD7)RKBxE+M%%kik~x?3sAmQK70M)_1PK|!=*sz|1qGz;n@
zZetI8kMEf?5JT>rLi2+wS$EnO%xiCs`$OnSaW3e5ewY$W4U(^AmF{ODU&kJDiNdYw
z()^U<VN(woh_@u7R2~nzxM8S2DjNkeKLq+6Zo(`*H`L$A`kOIIzbwQF8CGktk@lPj
z3c3nqxra1uD|JZ;x1IdmUBI_V*b)>b8|wqzZ5wk_m1iApufs`t5cGr7dK=eQ7Mnlx
z&Jb}ovHW>w8hGAG0@L(pNWBYD$-EyhU+O2L5;YXdh%ZV=jR(Jat4bA@AyQBbFyq?B
zlpr-(;NBVYHy+%V*{5;g-iAd@__d#l9um02!h!yg9!yGdz*+k*wphV=iG@<4q|I2l
z6I!H-`vPz3&9CMV&-=dfEFz!Oi^@?u$Vt&}zPTD~2chdXs)8T~fpiMwbw#;TWhDtr
zYhd*SjGNbkG^e+ELqQX%FX>y+Xa7IO$mE`|A4!UldYmvjFa(MKb^V1|9Ekr_&qVWz
z4nn~>nZPT&(vu$NxWdUodVULvBj9zEwi{Q54laEtdMmWZua7ff$phI3wwR_!29ofV
zV~Kr(hA53L3GBwy-<*f!8Rn~N{3sj_)^adElcYY`B!*#M<ygR4(Uqd|^Pj{?9*{(3
zk=@{tL3hYV=`j?vujh)|GUjsej$pL~x$J?QM3BPnXbj{!8br&rjpx;@03Jjm(BzUx
zhxg&oR7dZ2a*W!7Hsi}WXpYJG9uxN2Q>oIAM0LPH)+lqpo@|-!&la~nfoO;1=JQJq
z%RcAR%^oaez3CC1MP4e>Pjz1-*T*|=BS{M*#m!Y;Y&H|w_|?e)R}A(vYKC5n>wr0Q
z8t@Cev<vqjBZ6T{raHeuQSC4P=JZ)Tw=X<tjW}DVel!Jq<-6taL{u+z;x$U5&!vz~
z@JVw0W8GJ4YL#}Ub|x$~of{;C_)<4Q4@cxRHpE?dDI37#%+)e^TBY$O#9bzY=d^7V
zYT_Cy*C_gDl{=4YqmeeR6Jm3&E(zCd8AS|!UX{g5I&ZJAV}}QA<es_@WonM(fIV7?
z>xZ9JpFzjdwjA#p0_(cm$Gss2Ie_1i-3})CWrCIr$xn-na-oHF>a<>T3KS^OuM-!@
zHKvfyuFc@DzO#2ONm9fx5GCSm2)O?(IRp#X5DkxXTFs|y$1Ip;+T|*%WPMVpfx%Yr
z*i{#1pt=VvLQ%mGj#r%V3qkZ4d;Er932`wB?I`|BBNKgFWDf2C;?LW+jOwT)2&@Q4
zdMs#;aTr4oc$8ok^Fqz$!J!bFg~4_bm1%H{a6xBu;f-0rHPQZ3Z!<P47^fTVGGfT!
zt`UbKMd`sLae~5A6F!|Ag2`XxT&lhbsze|vYi_^z%4xfraH(3WLCcTDx~$|La8Imu
zI|HX_G+zEGc+?6$;+nyAm+JyTcch0xyPOlua@$}g4?S<$^Zx8bzS(64I3}GYOyuQj
z>=CW3lg8d=goRZpN?EN>Pb^EnbYa3`HL8X5@%+tG;ISY9F@#Gc=YSPasSFTLViK4$
zC?N7-oFI$gAr1uny)+|CIzuz1#u&;0yR?;q;e=7&6<wcFGBt9<o(Oeqp@|H!YEvPs
zaSzy|LY+LG8x{<Xx<1L;Ehx_c_ugmU^$B17vbb@Qw9Tj!L_C76!%fK2XUt22DE;bO
zZs_`WvKKG(3-OE1xI(YbmB|J)h^U19fX(1?m&n~;t`rP1{IPz_GrB}Z?|rf!kJC?H
zQur^Oqw7=PQ+fWB>J>m2vVAV*<XbF2tlQwgZGk;7Jj^y#&hGq2hzDHls4w``R=~<n
z^IGYvMX;>-*d*wT96*w5Hve|ai8~c@KB)nh53jf`#u)nqA=D~Asa>GtSC;RKdFvC;
zC2`MO89ikQ0U3f#n>nS32b>KeJ$JNDl&-$Z12NSYV*z$i%}d&oS{6jzsBm9)@o*5N
zfVT_H=NNT+FP(QX&Qtt`_rGz#WmA3RCig{TiIS=&h&_n5A27elD*U3EBDs#|j9yud
z<+45KP{*i$odHAhYtDCd^-J-5VG{^eqfHzp?V^y|epECZh({v(J(~gU%Z1qO_PKLx
zaDeQ;{Ftoe=mt_y3o#s>)C2Z_<!v?ChDgbL)7_SQlrs~2iEVOKI;SQoOy}5gNQ$bo
zA&rl^e5;e~_v<D9a{LwIJYxTFV@5eH{nh-dLBWnztpU#g^ZT?1MFNJC<V21E^*RtZ
zC+i4Din!va$oI_s)K@thcCglm2c1HZBpxX1gXBHX$X_#05sl%NecE#EKJCeTgZaP%
z1l=I9<_J*GMeBI2061DF;=i*yCxILkR(6`Q&C8JELSI}96D7WHvs8U4`xmme>C(wv
zc8Qn4jt@kU+^Fm!3^u`DjpA{xPVr6@YL;9}q9`n{17-^5ey(I7AHUm7Wr7ox1V4yc
zeY3UXw=-LI^J=MdRxvF*d>I$<W%;yB#B|t6(u$6w2||0DYrLr8a7IEBQazls{DXmJ
z*mws#2aL%7t5ZTqp~N99Ed$sIizd*vRMBms%N+N^Z;CabIf>)PBc<)zPub?SY6RpF
z3f4FP>kvBo{j~k-B^?beg5$$kr5~?s3q4#7N}G+eAF%xGz<N26AetomMp_L{OOQeQ
zhEi?6TV5`Qr3b*@Z-Mb&4a{w#dR%V#4Yea?oM)ja{b3e0L3AzB1n@=0R!^fR%ws+L
zM#_ZM3mV~{ox+iie!#@M<Pud}+d=fcd1wex9R&<pf-m#v2Gqab4bsX;BIFcXCTOu&
zY{s35)77jM_OoLY@N=SmmvCM_y~LAULyWNfRtfGmJ^11Q%PB6)ygg_V@4rV&Q*@73
zk2{yQoQaF!UTFCL-rig3QNoa&M<#q#z@~AQ*H~e;`}Fn(D~+N~KQ`6CeJy^4|0GAL
zQ?X0?7tI4MYUue8a~^RH3TwwCVIrH_gI#>!H!@E#;HAE<fH*1+9Y5dN5%#(BEU+&q
ziHvNb8L3{wY&AIgoRM9QEej41d>a&b-0lx>VWH>;T-b-CemW0^1w<7fWR*&;nwW~V
zFcZHZQVk@25%Xy;p4$L(mGm$_sj}&MSB|Qtr*Yv6Bt%OAoG(ov%-yr$wk2F_{X<UA
z5_0UiP8AOrTjIoPaZZs4txA)P93Z7CHnImmWul6Z^${M=7kt%@B3fN>OH()#&1z~1
z^@+TgWh^Gz*Cbuw)uJ@^O|<$ByLk@SC(44*R}C(-hoeS|qL)Fw9vo~nlM$mSHgXir
z+5M-DNzLJV9*Abu*(Kim-1tQ9A;B%M0AOK~_21_s2cd;=GHw>QfDFn5t?~a3fAk!1
zf$fO*orlW>726PFMl7ipjQHSX+bUWd2rXOX>!nU1TYH13veC4Fpw&W|S?-ZBJvxCv
z?pFSQx&68>Pc;Z)5=C47w3H6d0hegY6byI>9zar0>G4SG5W2?bJGQBb-AfHUD7;Eu
zKD7rXh6^C?dPQAES%RK~f{}VgQ$0n8Bm6RX65ENa*qWPL246rA_1PD}lbF4mv<?`V
zZ?@Qy$AAMW`9MAi)yFuN+Lz#h;BaY|SEietb49MxLhc;$hCZtOl=OFvPBYOxiaCTv
z%+kRzkXQMM<0@?KM)B>}9B|P`zF5-%kwLtY-VZIOY*z!_HHz;oZ5IZn)M;Vo>k~h+
zISdjDHcXv+UBqpC**_cmQY1nPg8^7qbx*!9;#!6rn)uY9&qjo()-lOu5QkY_J>bu)
z%+@Sm^-sk@`%BmlhBHZy;-WM7ybP$mUj&c9(dTZjT()$ZRs;7@GGZ!d3O+z03yw97
zj+sCF=IqTxnYF~`K`+7fAScmvz*TA{`T<On1s35yPcMqi?g!S0FPZB+X6oAW7O@21
zMnJJ87>p+i9UT;hX*;ikGj%&e7FTDILN@oV{+Yb(sWnMv1*Y(He|COl*Y|z^_XyaM
zB8ex6243};oB5>pynLJDK-Xw#AzKlm`Lb)CSD3K|t&gGvStOGJRow@O=hJnRu<Tj8
zIYT*;v|m5&gzZOOpV@;0{NvXHn1Hfs5CG5PSXw4{!AUrSyaZo9M|5bs!3=_nSpao~
z2SqkJ4-q-TNa3R7X#(U74(rpKp|XYKu^T%;DfcNH8c~-6kw9dI=<R=m$VWfs&eXnu
zZ((E2@p1rLO5aI~9LIlV_E(U;f9&RI7MLv*aV<P;tFz`>NOIJil<U|G4=^@2itcx9
z7#j?$@gVAEn`{7Fu`pJ@Ko-`*bD}&WgXylB1Tz=};>!;QuoME5-xN;|_{B;5s2*$-
zm*;v=H>Sq3QkeS@7KJ&sbROTU?Zq4^YPvE8_xS=R<eEM=@>w02W~c(YKMd$BU~U<3
zj>0L3emkk~4gB=+`vLr|4vERCoBXiiNyjtshu((YOOOz+FdtL}E_1uZLN^HN*^loL
z96Z>@LZPZKlBtTLr50d4K4}?6M3Nhm(H{Z^#Jy+mSN6^z#bFo-f`@`&od5rFAF&4=
zvO<d}x8@SdA_1F(V0p%LM(XJnvqv<0B$bADazBsP9{_%zBYcY(CTRU+NA9saIWug{
z<XVvBmrd7t!Y>;N^2v~5LW#F4V){8Q1^fi#@`V~Tm-<e3QuZpU^JLG}$8I3ReFXbe
z#*nzC;oSl7adJ`M9YL6!FqF8PLXp@mz^E}685E#+mMZxYjvvCe1KUnD!QAmckP-NP
z=AU7fg{#pEscGScWQiPuk;HS#m%~M>Yi*tYpWQ|B^(n7jwc2ZlQyaMc@Q3sG0B|dT
z^LD}UI~(*~4uguno&@|-RyT(5yG$hMD)uH3nG~cI8|;b^Agcih>R^|v;lOg5vl5zg
zs~DjzgMjwcXH9ThxpB%T_*ri;=$qTeL(cc{`T+2Vz_=K4;X&iSt-qV?0*eU6<`vkM
zje_jNRkf7*Xy)?P7|(&5xg_Cc#d0I-l&0X7We{$0<5|_MV!~ElUYjE0g)qI<mO}aX
zVz20sFljxL3V(szQN!O3fExlQ*|&?+QMo%|Oq}47_z~UP19{GKWz};KYb|KiY`Eu=
z3?&?TRL2~?JgA=>t}dotbQ7t^Y7z`lSi4`v-?{xXI%sbnP=+H*K_$C18vb?w+z|ML
zUBdK?XFTJVy)sx~7=~f!p-@EL|Nrj}BM2cndKiNaKUk>bEOld(48!nKj^kJhoqYkH
zg0%o7p*=JxpCOg?9nfC`DZ_scy=Og95@A?@5b;m2Lg1fcsPUxhN&%u?Wx}BXWwZ~7
zh=<WBD?m8pPs)X#-*^aQ(NB&S#H?<BR7il!P3Lg~T4ueh+@{eWopmSP5x)V-B@Vhi
z_yDhLQn#N+VtbvqcafNaa#a_@seUZ3X9G{~`8#yI3{_CPF$lYRunV#HR#B--aB6EU
z&>0u-Mgm|B!!QiP@Kpei&b)w)hT+v-9TETlfG_|<y?<l^ppV*041kj41Z-gdD9SMb
a0NyS3xha(hQg^HX0000<MNUMnLSTZ<5(;?$

literal 0
HcmV?d00001


From ae3f4250462ab5b66e6250a8a9b434a107cc3aff Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Fri, 19 Jul 2024 18:07:10 +0100
Subject: [PATCH 06/30] Add a release note snippet

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 .../docs/releases/release-notes/release-notes-1.16.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
index ffc87320608..f9c2bd47385 100644
--- a/content/docs/releases/release-notes/release-notes-1.16.md
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -3,7 +3,16 @@ title: Release 1.16
 description: 'cert-manager release notes: cert-manager 1.16'
 ---
 
-cert-manager 1.16 ...TODO
+cert-manager 1.16 includes various improvements to the metrics in the cert-manager components.
+
+## Themes
+
+### Extended Metrics
+
+The webhook component now has a metrics server, so that platform teams can
+monitor its performance and gain more information about the underlying Go
+runtime in the event of a problem.
+Read the [Prometheus Metrics](../../devops-tips/prometheus-metrics.md) page to learn more.
 
 ## Community
 

From 9b72ef62816d0647db13ee29b26b594680e3ab8b Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Tue, 23 Jul 2024 16:50:45 +0100
Subject: [PATCH 07/30] Update the Prometheus Operator documentation to scrape
 cainjector too

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 .../docs/devops-tips/prometheus-metrics.md    |  24 +++++++++++++++---
 .../prometheus-status-targets.png             | Bin 60086 -> 57393 bytes
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/content/docs/devops-tips/prometheus-metrics.md b/content/docs/devops-tips/prometheus-metrics.md
index 139666a01e0..1ca58e06ced 100644
--- a/content/docs/devops-tips/prometheus-metrics.md
+++ b/content/docs/devops-tips/prometheus-metrics.md
@@ -3,7 +3,7 @@ title: Prometheus Metrics
 description: 'cert-manager usage: Prometheus metrics'
 ---
 
-To help with operations and insights into cert-manager activities, cert-manager exposes metrics in the [Prometheus](https://prometheus.io/) format from the controller and webhook components. These are available at the standard `/metrics` endpoint on port `9402` of each component Pod.
+To help with operations and insights into cert-manager activities, cert-manager exposes metrics in the [Prometheus](https://prometheus.io/) format from the controller, webhook and cainjector components. These are available at the standard `/metrics` endpoint on port `9402` of each component Pod.
 
 ## Scraping Metrics
 
@@ -41,6 +41,7 @@ spec:
       - key: app.kubernetes.io/name
         operator: In
         values:
+        - cainjector
         - cert-manager
         - webhook
       - key: app.kubernetes.io/instance
@@ -50,6 +51,7 @@ spec:
       - key: app.kubernetes.io/component
         operator: In
         values:
+        - cainjector
         - controller
         - webhook
   podMetricsEndpoints:
@@ -85,6 +87,12 @@ webhook:
       filesystem:
         certFile: "/path/to/cert.pem"
         keyFile: "/path/to/key.pem"
+cainjector:
+  config:
+    metricsTLSConfig:
+      filesystem:
+        certFile: "/path/to/cert.pem"
+        keyFile: "/path/to/key.pem"
 ```
 
 #### Dynamic certificates
@@ -124,12 +132,20 @@ webhook:
         secretName: "cert-manager-metrics-ca"
         dnsNames:
         - cert-manager-metrics
+cainjector:
+  config:
+    metricsTLSConfig:
+      dynamic:
+        secretNamespace: "cert-manager"
+        secretName: "cert-manager-metrics-ca"
+        dnsNames:
+        - cert-manager-metrics
 ```
 
 > ℹ️ This configuration will result in a single new Secret `cert-manager/cert-manager-metrics-ca` containing a CA.
-> The first `controller` or `webook` Pod will create the CA Secret and the others will then use it.
+> The first `controller`, `webook`, or `cainjector` Pod will create the CA Secret and the others will then use it.
 >
-> All the controller and webhook Pods will generate their own unique metrics serving certificates
+> All the controller, webhook, and cainjector Pods will generate their own unique metrics serving certificates
 > and sign them with the CA private key.
 >
 > The `PodMonitor` is configured to read the public certificate from the CA Secret
@@ -141,7 +157,7 @@ webhook:
 
 ##### Troubleshooting
 
-Check the controller and webhook logs to see the CA certificate and serving certificates being created and updated:
+Check the controller, webhook and cainjector logs to see the CA certificate and serving certificates being created and updated:
 
 ```sh
 kubectl  -n cert-manager logs -l app.kubernetes.io/instance=cert-manager --prefix
diff --git a/public/docs/devops-tips/prometheus-metrics/prometheus-status-targets.png b/public/docs/devops-tips/prometheus-metrics/prometheus-status-targets.png
index 5f4b38897271a2855f98d89a790a837befcaa6c5..ba6963795c2e4972ca6c96336c3f1bbcdae341d3 100644
GIT binary patch
literal 57393
zcma&NWl&sQ(>A(i2KV5uf#6Qigy6vfL4w2J1a}EGNFc!z9D=*M+u-i*6Fk8K!R2t@
z&+~roSEuS!ogceucCYTMukN*0@4dU$d{uoXhmApw0RRBD{99=?06>KS0OS@8@+66z
zGu;LN@QtdHh72hsEx*Vc!26Mok=fSGS5#D#KtM-GNN8+kiJzZeL_}nIdYY7uy=MNA
zxj+Um8TmfC)H$;>*1bPAvobdG^Ly$e;Qa?k-FE6;S`m<O@_q!$em-`hb~gRd&@;)O
zS;{Yaly6!Ay!XdOw@E33<-H$Yz7)jpempulA{AN2wS7cW_)JVi3wT`-P|^b4E4q}l
z)6<otY<>Qf)1-lw1bUBnY_!CRf3QSoE1szIWRg-D`cu)7QWX($DOUv23`|cCq#CC6
zOapfPfL_t`^x)&;qq2r>N?NAwkAdmRAV9xke5|8$ba`xM3b5%-H>5`~Y_=^PtQ=n&
znHd1QPtm<kbGnvaC^(WCWezl?N4xoEyZS)QK8|%&*(G*N_hgKZuJCL7M*m3nqoj#$
zn6}k=C1K@j<C<QT=*vh$OKOzSTI!pU5^nUCi%b}r+4z)%<NWedTi0sc)B#ee*A|YB
zaX~g1u8$23&1eSA$&sHnt{<HuGfA17*Ee=rW|qp!%3r$2*tkLYsp$Acvco+jf`*r1
ziJ8!V6h09fLUyGehBTv-6?|r2h~)R6B5#<prJou89T}c@d^jJkPZ(*OwY5?PIV}a6
zzxkee(gN?}7E^K-c_XLvzW-?wMZDj<pdUVe{NUzWDkSdMxb2j>O-kc}YkB|p_>;LH
z@rAtIRXl}!>UR3XGP>!~D`^GO0vYLwpZCY(?}g~j?;emGk4UMMm<v9Q<#=OCdwnl^
zTydyi@D-sDd~sKcd$-<5@;oCfGI}CO!kF;|ogI$6_i0S?2^mdP%;?!lR2!N~iVrM^
zg`FEsEf3XqIjbO_faSGu2nH$Nh;q&&l3vx=a3Y?dV^D!iq{u7$=X4#DQ)$Jh-<y68
z^$q?RiN_Xv{XFV%K6gSrtd6;%f*IZxSXL|OSPi9fDEVeE;UJxnF#vNdZVr$}b+{sU
z-M<P)qkB(0wR63+w2Y-WJZi@x<})&wW+eBDBD14mMc~u@>CTdL%x60)eeX4Y09g4W
zFD;?rxpc4~Vcn%l81kMb7wM3Cje8}n=e-AF;1ya_n9ZK5BM+JA07f&qpz7BELIn;5
zZ2YkRK~J`;#>a!a8s-utKulYc(@=!(9vQ}ig-i|B$KVDcvRH>5KyyX_soX5;0vH=G
zC40G-j7$#n@!C%CVe$hJMfgylv2y@a9{$(9ffENExLOCsr@3Ap>iuX-U*D~M2XJe8
zsjs}4pT84>?)sx%O~_i(q+K$B;QZSghHmZouUDuMn=B%BQEO{>*l>P3YC?qmIwgYX
zQ~&w1$;S`q0Mniqxb^E8FMR=%`=kp5!Y$KVgCx{1GucNsTV>ea`w|2{7gL5cI89Qj
z?5_L8=QJn*+`>i&X&oigs)Vqnn6fJ_q?MziogIX)rbdr4KP!ri#C-4saUJx1sG1d_
zf*nhC5Ski0*^0vY^VZH;2`b8&&TVv&M$aSRD#1FzvdEj?(Pt88_T!`S)xJMsmv0{k
zL8!dFe`}p8{`RsZZ+tZxuL-?G?&ikoE`^J;BHrQ~@XRC=(A94RGM#fG_iUnICK;24
zT#GvKdP>bZtz<Pc!-5Jq%tbLUFc;!k2m*v8lkh#Qo;mukinNwd`{A+iE(kpIg4^8~
z2vfxWeiE0QK1K^MCbf`r;%$^XzoqRK+r;Ue;Dn05S1@?bdK!+gkjPU0M(j!~ktIq7
z&OCuSXj4T$e|*minjemo?6SQv&wT#|E-=utLLe?*M$a$E#tscJP7>fX)yA+B`Vb<C
z1u20w#Pzw+=hb7NFKD#TAWxDcQ`b5WaWA>f=!L`N<NSI#mBP04YI6>$%AZ413ir;_
z8@-y$vmqUwV2h{NFnR7R+q`BSAww$<A^SS_Y+xJArP$}tH}VxpFvagy%X8+hjA#)g
z&>2(BI+mW)L+Rd}OA&ov?5r!OBF$xXwsCH|81gCWC==S%mZ{LayW+AXNkkvj2mw6S
zGd9rrTykr=_24Qk9@+MwsT!90@pSlKza&Y|O7}gf=Q^c!MY)$6Iv`Oq8t`#V4JEi1
z`>lPPxkB6vgvuc4^E>3STiUO<GNG}a8N@|#1<kWp@0^*JK2$h46G|XzgjUO<vJ2_b
zdzbO#Y3WlgH|}H5sz=d09aW4tI+U0KW+n0S=V<vu^>pngm_nR{3EhOq`*nQKi4G&3
zA-6+#B}RU`QsjoXlElh_bVSobLdsrlwwAbeILQJo^O+Gyn8-frmN~EjT=>%>IY7$?
z&n+ExOO$xFgXc_K55b&dAkpF{&NKcm!z=mius{Yau<@g!KAJahN4yO?x0z0H=BZGc
z+O*9e(!EaOmFfJ?KO2Z^r@lc3Nkb5}s<lfaXr$l&o|IN)j^-jtsWD<}b*0!|a!bCW
z7(q``19(58j$zgbh@J!_=hOUlgm9AT#u?!#BmdZ$EGqzytqIUR?qDXBBN>K{pMw_Q
zSl!&BQuTeSCrF4c_*B3cNu>r_q&W}BUmD~cTlk8QCHAQ9Yv`#BF^Fxn+jk~JHo%V<
z*wYAiUFkw+h8|mMio<BzuF^0_8BS#Ub*+x(bwIJ>horGMK2sb+SR5$$eQ0CL)4H`-
zCE09H2A4P%@@HKa?*w)}^IQJ0K(;+nK*1^H%KADK(J%`6XW{n^-5{+z`hx9M5=Adr
z-uS;D<y`g;AvCc4CauRjj|)B&E;E}P(O?r-mu?j%s`Lug*X$8uL$q)a2n6o$s$)(X
z<Sx&Aq{4zC;V>)OAV(y-k}oz!%<?NsEpSSTkZo}P<5tXjo>uz`hm;GH3Hy)Re9~UM
ziNeKJV%H=3Qulh~RZb>^jhgxm=V0tW&sw1DM4=)wR<kVmOHj1ck=h41G`j@7zQ``-
zAqEFsh%oqBWqr0xXJ)ewXudM?E(hGFZalU%inic4?*l5RHwW=OtpqVX#-otU=IiiE
zz+sTSv~Z7}U5@^nU^iP>vm){jI|=_J0`B@u^i)`X(Qn%E+Jb<ZmXj3sw=ocL>FBNo
zVbHX^`#l*bR$LxVXvmH@x1Sc{%S@=3H{gUS4PzuRkv;8lpSd%>=b6W!T);Tri(s1g
zganmW%q}cnx4~naT`43d1;N%j1Onjp7Pd9ZohS^aJ8HD6NiVvoc<m-?C393M-4_1B
zn2tSdhXqZc6FMuU@KAD2%Med0lqRsfB<0u}&6L*KsJXOX&d5j2VKBNf)SxKhN-yA_
zdIhps{1S8$0aN$EuRPOdS?6Ge8qwECgefOrF5F?Ei%gz@+i#V8g^Ao6=&;&fxq9+3
zKpox1qO!a3!H&8!Wrm%a6Su}lBsG%MO8(@*C_PcGp<5yAT_Q-OOi1s+MN%whNFU%N
zCuv7u&}|&5B|N@k`)l(UIlKYS-oC}A9rjV;12P-*6L7)R%{{_9S3|`315dj?d*wSV
zB3faPqoEKcSiXgRHQ-nT`!=n4bBRR^3fJ3(es}-n*;2Mq3j2tP`*#~F$qtt4au9Oe
z@T;6!v?t@_kK5rt`}oYiYD(M`ja~0Oy`jeUYC<o2V^D#pxHlivO7V`Qbk*O+|0xSe
z6$h(TAG@EP%9ATH8a4!Ze^AO>gW&O@j${*9DG~%`fg|7Fett_Xj<)b=#bXSq;Wh=+
zU(Y(3VFeXk-2HwB-%hC2Ka>WTNcaS%^xq}j(d%fIWxzRJ|A`9J=4Au@zb>y3Qy=_6
zR!YjCsQrh(Vg@&}-oP6LO=O`yj?RYLA|qdS5Fk8Dg!p3LbeURVjs^@^m$JjfcYgX%
z?*Oo#=2Kx1b$&kx1y+CG0$)8DAOvFpM0ikunE(n5yn%r-m0%!R$kRCQ(}jgZ3Jg76
zy#KetK@-Ri0vJmE|Iz&~So>m&{~S}75NvaNW_xhh(dDCj;s+j{6D*FrIL;;7qPG#A
z$TiGrxl*dRe^nB5f^yM%vm7!f1Y;y7B>M3k(Q94z^jCcRI&8{GASAe16DyZ|27koH
z%Z$=nR*>OVPYhvBPuv00NB{zG<DhW^K+ZEL0Q7-CC;*iIDMYvsEgS$MWdBh@{YQWD
zAEixN4!DbZj2<rlz@97}l@07*m?}}?YcBy{%TO2QAs#NrH#he3+;RM_AiGZeAHx|y
z&i*azMI`+b-cwqDa<(V<H?mqZh#d>>NnI^(GEyG9G7h3o2BMmm8B8CR{YsY_HJkJ+
z??vOT9Uy6|1vvy1lTGi|Nde#wlOhZ^yxyUJ0M&C*c6q6;T=PhR5^*^^cpU_K&0^#S
z0JIL(NZR%FoLEx(tB0tKno;08j^D@GO5c$0p)GEUdrQ}^_^3jhw^S<mK7KH3E~%4x
zqBD?V3yLad%y9K}-Y18Szj}4mq$%!mfLnrXn$mw-U%!j05@f}2pfKnS|Fm^(HhS!h
z0>D}aUD0pcpm9iUzv$sdBVXdHGiG@Vjo(2iImG6PZi#GmgM{Eq&gHKlz#n!+nCbLa
zKs+L3XRBljOl2Sx7XC_81*K6n&K30u%V&rbvC5TN=5EzCB?B8*7B5U$@boB|jg<G?
z1i}fLp5A5Mo^m&kqXb%Ox76f?=b5>pMumR_af&q*FFno7mP!J!A1ie<|7riq2y&oX
zMUy5C>viwN@UVC?OTz*sWT?%)M#f*80gn3<GxO?M9J;LS2WsA8(qI9AS1cWz&3r$5
z<st-Jy1W|xz1+<_V9Yr$4)Ff0>6`mBi>-rr(ECG|+Epr?r^kN%vkoprVyiEr{-~Zm
znXjd%=gI!fBD*L;#>V5Wvn7lQ=VX*@UoL~p#YonzGd%mysHVL}GoEh`H)kAT*Ek~Z
zIbHmPU;qfXj@_oN<e&ST<+dLL`tXYF2d;HpHYWejWSDBl1Ty`Pv^Zr~X0D>G<8LRS
zZMT+o^bruDhb>%#lo*eg$voHJ&(n~y-b&*os(x{G;%*EN3YVgDC6wsQbI3*<ec*Lv
z#=%dNoJ>Sm9Caxtc;mn2N^BVqUH$`Zzx#7{L=Dr`b;1<+yVt>3dLSg|^hXrak+gkb
z^oN;I?7LjhyM<10X8s3n+^b_BGhZ)}b~gB8g@0dYIIaqlNUZC?y_=5+PEq&r)~7DP
zU1QId#>k&#ToMpfxk;eH{&-gm4g#3@;esv1B|zpLaQw=(5)+U?zS_AO_PTK^F;m}9
z^^O8EV*qjab)ir73(gPJ04xyv<2ttkP*sI_taaQbVRfn)wLtNJ518D5Bgs>RVSU;{
zU!F=&A^7P==zj%YeghPE+M^IqzO#rZ9OcKyO7x@@0_Z|a2@E|+<mpFT$pi*nt=Qy?
zmmrl}yCVaCa(Z{p3e@3W0u9SD$8uk+&gBjZ2hDi*!Jkv8e3D2OIwtm$VFh*=Jdx*@
zr)O*5QARl$9);BqeS3w^{<;ZKx<gb;2TQyH#=-kSke83dxiroO7oY0T9bGy|oc~6X
zgRvL|gp;D-0d7igI}ChhgLxMCXn2gx3?7uZOy`2el`V$r6@(apkJf}zhvCS#WsS)l
zrzMD4DO1|okEG88W{0aH8|Y~(@_`bA0ZeX<0D!B=9L$LgB8C<Qmh(XgPU@dQK_RT%
zAg+ohIqJW18JL}MFExSVSF}n%iYN)zhI$v>R^y#a7q%(n&h_rkL-X4DceclX7)<?>
z=QDFAGG2%1&+=yQ^WIJpgwcP)+{$AfQuLCS|Mpxatg#b0?D^2;t>~?bg{8&l*cf7Q
zq+w?y*~RbdKC<olDouFYewYQ~I1L!`pE+)yjL49|_{@J}Szl0{%(DoF2o_POx6fU^
zayNNPpC<HS{r0BLw{62}y>5R|6fsta1s?@p`St$xLqRAdiv*At!CqXZFDMICU7G!@
zKs0<r^4HYsIIg1m>Q<V5>DK8WhGg`}Ky<Q^b9mjTD_rqoJPrx|8Peu`DU62;54wpc
z<m0o2s~Wxi&3b+ojddidic{bTtZ5Xj{Frp>8&xn@|Hscm8#!=dW}Mtj_VJ~;C%y9f
zCl_D0fY<NGZ*?oKnu*_o3Q!T|`DUUN^<%ntN%yZ{f?|5{D$0*S!yDI_XD*REhi(ie
zkVcjML@R(z-s?sRpcWl^bDsh_;pP)T2BJ$firW;-&7=UsmS5V5dBgk7m)ceNiru;`
zzH)`1m*nJWq;EUr2IGomX8_oJ$Ko7?so;0eRmjqfZ)k4jr!{7nsm;2PH)?BXw=>DP
zM1i5|)eLX7FyT_35BNToy;sf8ewkGmY>fjCN<8<ylmoD`qoPm|lggU#5uO$!3?Th$
zo~1!p`n4Y5AeJ7QU<r)Hu}Btyg-GzTXLGIT`$Ar5z!TbwKtd}mT6|%JuxTXjVUvvm
zM={_m;i7i(s-n7bq~5QW_9zw1-Ki%uu>nx8Tt2T%C54Bw@fEj`#dkjg+V{+<ekNnU
za$Ii^zp>!S4-CS<E@kklgquqW?I9O1u5<5mbuw-%Eoi^~6@;({86ls%s_`F)DY0cX
zG(uNRnErIZaxxGH_Ox7XHf&o<dVy0VQoO4xU;yHJZJis(LEdd*e{|=u(|hopou`2-
zy*bQs%nDdg*m6X_pt6U|He#{4vQ2%VimDRTdWV+Qe7$$~`K0gjIL;kw3W?maLPxX8
z<PN;c4dRf=r+!x))mEbRzB*@uxwKT$XzJ$|5y&;%Nqmi(Imya3R=SBY8Co@!BYg#%
z4;7~qU#MT=B3yFTUhTEe5yQL)Bgh2T++b3sH@LNye7b<xNM#9~kldRD7w6yo7D#~T
z$i93#br);h0%Bzx<f+tQ|M}S<NWaLl`Jc^jv#SP#vT0!=`t=O+aiD)AaiNr2*?`hM
z3aHg(PCb3P2=;aHZm1hmdti}KQ=Pc*Eu;sSU_96Q2!yN;i_V##=XM{G%A!fEM6tOm
zSkuDNI`Ga~<209H22~2jtzn(qrc(RgUlX$@blP-Vgm4r2o*N5yy|^^*6vvrQy0kRr
zX3zchmLgw=zie3T_Id&neb9E9HGqbx5Z3SN1M=7elZriOs52d&G`{cb_<K=GREbFj
zdFLX80hcaZAi_%F86zNQq@Y?d4w?SM5UE}U6U_!nC!X&oY)HvDTspBU#=3cHZ3(OV
zPTRpUrGyCBU*;d}IYyu?d&sXW`S?xqpoi?rG<`({<CG`x&@YS<)G7X=d!?%wO#YGg
zw6ky}mPLKIFu((jV=-NDsYC<+O+f>%$Oe_pO#-h4aDjIfU=&j~#b@X;0|T^No=je?
zpe?Fr4L=tp!P;+!6B=u&kSiymIZg|SL88vlRL2nX-;_&Mbdb6CU5t>`Mq+lVkgFPY
zHoa~r@h42{kGTw-;rX-d?c@Cki#TuvL@0Vf=Agc$5EHEPHU3{MOULyr@}IDQns6#n
z3^VqKFH6A!DcmGKh~L;&yjWoMOW4Lb<M4RlkLpvi)S|OUj0zVcDD1x)B1RQakT-F-
z#Yx-E>;pxT8Vq;lLG$%F7}-=ztu~#qir|SaNqDOJG~psD9wSY~m*+TD?y@NnuUozC
zo{ADjt}MvML$aYiF@L@YHoi5t<xC@v2X}FfF4pQE-*Rpe&E@?R9Ws9Hxp~pQ+%!u=
z3G;220BEfAOh$<GJxJAe@G1<mR>wcO4`~StmW1>M$l;)#yj!_EC;Z^1b6@{Ty1#UJ
z@#S)oySY=g2V6!yAxu?+UL`l|x$^+0Z%#4D3_l<KQu0dx@h4a;E<6ICZHXBN;x5fN
zm><4~_Ti!$)G9pGPWuh}IHxT08%QIW?txuK3Y458GoSy=cCiGzi#z+D1-5bPBlHu(
zjdsU9C<<j4ukj-BKySu?9%AujKMSTE!+~=qoG=FGutMFTnJ}4>bThX5y)6(omsdO~
zJY1|LlSH5recyxwmIw|#X!2D*KrizyZA7CUstjLN4kL(=wAhz{v$B0|XvL!-Qv+JO
z);54rm$A38S>rIJWL*VAVD~qqarayWqlO!R)MmJhcj{)(8OVD~_2asDenJBL5v^b$
z1O-xM)8EyR4FNQ7Ot!H%fAo+t-H05MiFn^(y$4WBsbG<N=vqIFF3ss8<}~3JtJ^g-
z=|}vHD=u{M$n1z3Znr!-E_7a0D9IZr(X!T<9uWy#tr+EilDy0Z;2aXEgm9}aMmeHF
zl^K4vvtwb5t6@SPB;q5ih?Prpz!|u)%^vU~+b&kp$$(q{1uBEALx+QW!W|s&{TYxz
zSO<I<cLWH=2?O!LN$cHCH2$a&1aB#8z!qr=I&(TzFF1ZGqDgT^t;7%3<>q}tmmgHN
zY7prD38_r=(2$9aG|2nFa4eN&BHQ<rk++=~Lc2I@EpeF7EPevS2j459?A~HyTiob3
zeunqPQ_-_D_H5s%V377sjH|;2Mmq<PcGpFGmVH+ETnmz~iev{@vVioK|JDQsX&zVY
zE_lpp6`vnismD?BGhJH6cfC6f{7?um)scF?4e?6M6nL{B67G4yA(8l-Q{v3fyu8K+
z3BK_YnVX?aao!xK`NgHhdm&j!5{UpXSIZfGeD+g31B7wi1MCp9r}rgce*@|jyO8wJ
zV8X?CWf15&3bCvlIH_}%anH{^X7kCY_v4tJ13Kk5Eci@**wBw?Txi65V_*$?P1m!z
z@f?KJ!`TpEz2#k4ca7DVtScYMDIxwLNf^NNmj8)M4OCn}NMprcr|V!Np@JyS-9%F*
zRsopKPd`CB2cv7yNKP=@d&IYH5Id25z$<Z>4zfzO=64M3dWtF-qjf%d5Rw6x=iy>-
z9tepzW=2AxSy}tgiwoBKUeK5h?WJx!$^lZO)swY_%qGD8ZCL5+>*iMq&V$9(;+QJc
zc8WE@5K@+(hoH)QHyvwn8kQQKtcF|w(P<InEChy2AESl00kB0nWK1dZOehi@f5&7p
zf>eN?9KK@lnY}h^9{B4D$oAWHZNQv`$Y4d^t~mFi>=;^76#Bm<0TwUNpvZ?);RS9Q
zo0PCgkYMj{N(<wTBhYfK3%I-?7x?p9qn=DeeYohzL!yPJA#DK{nw_An3Amsyd23>8
z2O(QUpn^)<UjzP99Ew*rfX{eb=l1WZTG%{@R39aY3YO+Z1sJ`ynfv>x&Hlx(0gyD|
z2B0L4#+tQcURO_lA12M&BMfB0A_Lu6!BlO^ACG-~09o!~Q!l}imnM{z420&DgecIj
zYdb|SCwMH2koxzQa3zMH0qkO@zw{HhfisESjx#`ex|v-dBbxK=*=s{4)Jg{XtW8BE
zm|G&@M-n9NkQFw>-)1(iB%U0DFWVL~Or@X~WW5uT9bnGT;sQt|71{f}f>zn#s>wl6
zsmS_!VX+)zAU2Pkiz~aJHMh|l1G}iv{Td_q4d**hM7Ld6b!xq9EYa}=IO&>M&<Fw@
zGbIeL);Low@Gt|$W^~m6HYcgAhs-%##P8Q^T+ZUVM;aBb__x*RXJ~-Xh{xM_c%V8B
z45W((Iv1b<Lqp<;;G`(&G7oY%>%qui3dl{$OH3$MiW>$Liy`9oc}GZ3-qN}9@FRVA
z+~VZ#R`I?!FZ=L-RE^Uowt+@6)|7A{9nLu(O9J=SI*BjEpH|o;gj<oCw<Qe4t?uNV
z;lR;yQ&TIDxp7E&CdisXH_TpdI^=&)V^Ey%%RAAG1L+|<PHzx%l&Bsj8OaQaW8`1B
zT^LE37^l{2mp=Su*L^Klat78OLfrh;0FFd9Pj>kIBLW7ZH0o7^)$?Uv8q4?)ng5|N
z%`96NoQ&q7Owv63f%Z4*uPIg`Y}syCx1a*%U+vM~h~BMA+P~V)Oh6<!un_r`O~Yhw
z29o*iP-20ebE3}01Lu8QKme~(;?QReP0Anq+Fwl{{T1*qC6s867YAJqt_wKy7XuEK
z8$8M3k<lsVtgzL0Qd4!jAgsm`STAoxXQz;)3$%-96HVN0_-3o^Vd=2{+3%xsE#at%
zON@oGvqSi-+4-T~9Tv2$V2E`Kn4^M%N%tt>Q=cfaQUmUG2Hto;u19S=s0L{Cki{_k
zP#jS^kxu0P6r(}mhfM56R0GG-_Y*!U6&yDa*<fm9@InKCf+$4hC?NTPPE=`$_5_F4
z$pUkdx3z)iya5Q{Z_rqAH}F`04sTbef^Gu<CRhMoQa9<BRb5Hs18noUXjYiukhMGj
zc@UXfLoG#)?aLnLl#^d716iVf`o>aXrvws9Wi7Fl03hu{yB|~P_dB948Uybvu^Zn`
zgiGq=;i^m`og5rymf9y^f=N%*AF36m-3(^ls>+<q(y`ZLG-{|qE@{~`f?QktZ7n~E
z+Nb`K5NI4skk1htkM;mQx&5ekaL?Qpv>#X_H_>?F%ftdRKA6$5vgu%)v@B3bK0=2g
zg#suj)#{Tm7jkxwi-oXZSKPgI40>q*5~Qs%LjS&aKf|_j>Ub1GXd((^!Uy68%wr}t
zq*v~#=U^a!Q#z)7{UB}Bn&3TQf2g-abBWQc3A&$V*G#Tt)=RwKvL5tPpRY)>@z6N`
zfH}cB$d}(sN5<ZGtP)`azGZQpeK8S<i@46%Kh57%DlqL!Nlq7^9voQ_bs1L@IZJgp
zlFMAVgQo6*60;i;-tD@p6=^)mq;s1)gb8T2aHJwY`%+4IPeNhd#$X0@-I3~B$VFUP
zW*uWf@xYY7e*Eu_0a@bB0llpRZ7;Vs)w-yqtThj}X~nVccI`w2>)^s|Sytju&0o15
z%?k0F*WGzN9)*9;M(W@%{z5*8OBR@@^ma6876%R|L^gP_mf>jASQO*GeRR_-e$4gM
zQu$!#L_wyLe7)WA7t=Fm4pgGS8qX@zblJsX7$HETLxriU>Ao1ax+L;TBc({gH}ZRN
z!x;vq^ebrOR#8~V#^+j%;_4E8kKD-8EhAKR6`n_@X07y|o}@UIKVzzoRfxybH|o+=
z%Vp0S<GT!gsVi@{pK2Cw>;=PWRM@UyDlfYg{hc`+dmx;<NsPrVjQ63MMHcVsk;I1`
zHnGKhZ`s)VujfD>OBP&7A4ajK{YeWgw4-<SnSy?wMe|bX)0L_b8C_iIeheA;>gAo3
zY$UbBz0+xJJ7h6STGJaIM91;E+?a=F|9(17GXq^|JdSF!(oX4-_Qd*P<V=_EPIlhs
z-23(j!xxlBy?tM+g{fBiA<~a3`ZrU~Z%YMect`f?{8QxlA0<Edr_gy*ahtjPfg!_j
zafH?5K|gjtxb2teNP|lsQ+HVo7Vcjo3IEY_7wr>WRe2<xG(nvtE_S#*G*B1ENYKJk
z<dm}-dHIY&p(Y*obYr**`;4h(2NJK~c4S5{XZMv{(LyM33+n1j<wy;N4X%IMPTvJ1
z_#JMZ10GJbv2{2bTcro?h#4cX^F)z#;?|2KDmu@bx-da1me$CUMzLl*EFVu3Zt18K
zKRYF_(f10^P7*VyZ<~KJ)%*^)@KY@si?{9C+3?VfksBravNOxKkBWuiTl~kxhr4Gg
z4nQHisUrg_7rtR2{8_3@xur>)n{bFR6RQ}lQH?Kamgf{YWH)3~2JSuwMod{l<BQ>}
zyWDa9CiD68rn{=Btt)o1BxlL0HPbfgIVoKF0#{H=D{?wYHow++nvk(Ns^E2f+nTzU
zxz@5v*n=usBWY4=$Dt6%lIapP-i^F3->6l|xGq+lgPgy`*xmUu|4meT9$1KlBitk9
zKyv(0Y?B_0@&_-}j@$B~QtE8d_>Ek?uWGyE)~FHQEp`3JucRS4Y9Yr;oc_F=ml*Yo
zOFttG1WWsRY&s3!dR_D-L4unWC$s3a?n}a3%KsEI6lIpHCL6CNA=Msmd^nn4NzcGU
zewu9j)eBZlV}VX~y%Q$wru|xK?#vy>J@^*|2>>Pf*x-cMaZ=@}g@Q+*ZSR(s@=WEj
z|J-W55Ax7S4$)ToNs<G+NnIcVaTg2F(Y^^Yb6f$1H%kgSkhs$%YXhRb#m-r_1U9Jz
z`?H$`Xa%_8cmrE1C{4F)3+{nbCbn3xUK|!NK~YD8PV?8I0p<FzRcg}1x8Z4779`>5
zK!VBD{&58{I$Wl;$!)4gNnMw4iMZ|2Aw(Ckg{V<JL}fqu-JqN5U?aVJ;~q|ZehdDL
zlD@FjP!6HZqOI|#(|)K@$QpZSVan?;0SK_uH_>i!2;*)xXcu%kqcSZXhhaF?+W<Q)
zB740~#18z8OAU@cMRzoxV%)v_d6len5|4kuom+M|=l;V$=^`c7jP6(h-kr@inJsen
z9b9YEp{m})x(4gvS19W}gTdhL*aJM%9J)QXA1vDpHYl$EPI1wzKf|F8cH4-d*Yz4C
zMpx$OEsf}apA(QX^30i@5e2SDL{PAdxd<wif);6PC#LDMEOAr5Om1Avc=s|0mGbHA
z1&3{utXPSSrfSw8tuI#jYa!R@hj&D4q+6^EAAK`GVx(%|?bptgI+l(tzHdeubS?nd
z_dZw+Ofm}V8BFRlDV5>wsMY;EfJFnoljCk(Y+ukj3JU#=YFm38Skr8j&De}F?{%#4
z$zk3iUEc#bRJ*RzkTvmpA{9Ddj|RK0dwWBR4tsX40&wHM++x55GVZOQdBuKeMPZB-
z9oFG18bK^6v(BRCRNPBb-(`(X-Xv)6kryI1rtR$>=W{YFJMgu&QDHU)8#5?1gD%8x
zU1w~e!Whu}K!kc&T)Q~69f7+ORizx&&Vm*YG3EEHoUFe0^Op43GUCRbM6&+_i^U%^
zPwx~elhWKUs!D~isItLv99#s)$H5)b^&n37OGBQSyQL6;Q{Xj*nG6ntb6i?#OPxlO
zutze<@tU4KcLP`IJ`pM+uc--R{AeY&R^1!U$EV+{kauH4blZ>e_zt}rfA>9V1V#@l
z0X;ZL^Bt1buVZFx_(`N3n?|xIHmqp?FX9yl9;pr@74@a4V?b;w?5ea`lV43e&9^$}
zM<SK8kds~;s!wUJi_7Yz8oot8xRD1P@o5Iq{t!{w?E1H_E*w))dZBmdaHuZa<9M~b
z7eEOmSzm9JaIqaggWBDds>K^B?MMpD3dvtoq<mqzghWxhw$3q)y%W-+hWE@C?B^R1
zD9K7ru%kG}(gio`tI*GzF+YQEjPq*b4s_z>(VcqkB@%%u_f&xC1DqvW8F+(EZ>Qk5
zXufV%nw!6&3N;L1=wt>kHXgM~^ee=5%f(g>U{_922l*J8>{q$L=Q#~!(a39&O)Ip@
zwT@c#^=ZXPQ|-sU*>m70CziAS_()Yb`%+uv*ZF!ukFNRv@q^}~#h#6Ej;PrstizAm
zWqHRgOlH1_*Rx^y1okt%&CV!8vBaXC?BGEgyJ^X(m9OJB5aF5`C_K!O$cdDyv_J}Y
ze4F)cwJCFAU}xct>wMN?#i~K!O0ibH39J<}LOer##^g5b1;DR08vUGdKB(f<ME|xk
zJAJX~T(I!70ynDK7YuW$HHBD?xczzHfJS$8SWM*V|COEi4Vpr5)SX)Y{2kuV8nLZg
zzyUDjNVY06)&&|$qAfwLmU?j;64rcLcL9B#iNA_O^a7!o<J`pNb(#qZ0y*EQ<z;MN
zC$Bj#KiGZYtRv!|5$~x<XM}w-6PrbLPF3^x%FN1z4*Q66ISgv7GtMng#e$jlC<vqA
zb;~GZP`t&bSmVTnHXO>+!_Z|aMagfdu&S;pc4Kqs!^O!GMSF4lef5PSrGZ_GP^5eF
zt+(q4)^mfVm#dD<t+Yn0TbsLJXw$(|-_pJZ0sB*1BJgGSIB~hSw<#%{Fx4HY9In;(
zr{hvK{6VcuEnaS<*u{x&sR%db2;>n$YSD!~G||1WEQL!dHk^zE7M}OnqcEpA`$Cy<
z#DK}?vFbw1pn%ZMIi$sb*G^qPoMz-uUl;EO6*2=~aoY?C0Q=8}W&mV%kE@OV`~FWR
zNe<4gjj!DqZ}nBIQ`7Xp$-E_5>UYqO0xF+vx#MhcqN+ukVSxh$pHHyTe!qyUL53__
zG}!t@?(X*k2IsNEm01cLxP=pra@CjadCoOwK(?i{q{3m$Kqs?y=%ds`jk{%`M)BQI
zFa6~kg;?dg&wqtFj9&XX&p^`6c{IjUu{r~n=p3UOdp>@@ap_QbCfijVW)g3mPpC)p
z+(n-Gt$HMj<j(1daycY@8{WF_;^H0%X*ALned+UNsbOdcfRbT+(giY}VQ@T{tn*kt
zKFrA%OeyiR8Mm^!Gw+F!za<%hyynX~B@3}Zf>m2399UgEz+Gekk7Df~#Bd#Z9&E`H
z4aSL#c(^%D?yAL5(g7&(62n~0O4|)!4pM-I0t;*%c&<GC3R*=Pi<;>)n+@obTaDU!
z)}EZ^?0eY;srp2AJ{Ow?eX9ykIWgEFA@I88@x{F|H2(JsZ%f!REtb^#1ySI|B2nXG
z6_c_Q2g?VOS{T)XI$lh|%Py#C|MSbhDowwywG4e~UnP%Mz++Lty^{w-72BB_#3dLx
zf9iq{WBsUinYNBO#iEQZ=X)8X2}c0eJEh22g`WD(1z$LN##?DEPdzRp`vexWhV?#H
z*6zeE?Qbs+R_KO<6J8_sEPp>_iPNAh_uU-2!{+7DPHhLoDW;relAS*`%wK3v>|%@e
z-K?;sS~)khz#D(eZ7-YqCH~#u*}c+>Om}6GmcCkGdZb(<oqd3OJb=`Xw7P9n9^{?+
zz(0hUHnc65IYePH;GScdC}}%!Jy)Tlmw4wAai+|`I)`6^+sNNG>rXa!@cAufV>^-T
z3Vn@saxk8j#OP(t9lLA3EV@POT;D4Se4M|%lQ>b#pRprHzjYm<IH(Qy+B<Z_YHEaV
zd0%O4{<<Nma*r}~P#Rr02HkcR{uQTCy-xpA!5P3}?ioY~;-HiLY!^h!N{4gDna*xy
zSxpij#}#T>y0#8={DU-kz2Y2`bMgap5{!n^l2&`hK&AcMr?}{@=K#`I!BNFl<VItf
ze6;`9s`Qj%Vd(Q=CQEX9f(crkJ8&qYqAn>Ntbp8fq^4W!D6X(T?fC1axmF++f?qfx
z)W*`L-lzn^<FABelS}q=8e4f)Y`WX+tM=5}99&>b*uIrSqmxFxqdrO3L8A-Cdki*x
zjqt+%D$m>=tV|3UbjG=}F+tmzf+T>b<AXO87tDBK*v(-wmRlh4kpH>&U*I$S5fVTf
zM$EZOF8oGy3NJ>9{(VwdLXI=pC;Lvb#Q5w*k+7X{Z<&oc1E0gotNmdlZfPsHs>K6=
z0?JeK6Z&NWmNjzsA`VN^5Fd`01(Hg>R$(R!Zha1;lZ1ruo@J==qIt;!QV7H71xd(<
z7g@gOj6pGpPbk!rFcNB75dKo)e^k1W)?ryg{{zL{DF`j(ef%Hg{|}cqqec!prN|zD
z#gl^Be>gn~I9MQYWBsq7WoNY}?Si@+iJSjPX!;*52Z$$SO4|M9t;zl*Wyi+wnZ?EV
zZ$ZlP`OohEf^A_Z{X=V!|5D?gbUn};5Z$+U72tb49c{=tXFstBN_vX*n;=wjkalZ(
z!l#nBGrhvl#iJv=@nKzP>DJQ7-p|$Gx@g+a0+rUeqDtEezVW=4E6eQ4^w`!tEhK>X
zN0_-0N}Mh8+mA8Y&)MqVzO`LEfwf{$yd>$wtTa71{YF*LUi-%3&gC`w(m4vxuZZy`
z(-vi!rgNUl^0TxR>GME8ZER0oxxKHwQ6*le11RqBTq0z4ZZoy_oX={S4}VRQq1aN}
zZHks+Y1`_)YD)2d>BH8Mm6ufEU@0b|?J2vio4-pp`++Q0LglHRbIQ7HVtjILZICVS
z0Zg6(LmN7fo2_p`!v7joY@r_=<zUI+&Zjfk^wlxY1b9fqz9g)K$H>bx^>A9T9~A$J
zvWE9XsjSbyI$9@vrz+MaVCbSywf-xve+gBDFJ3v79RrJ9I7$53Fys&=)*(jhBwJ%t
zCGz+G;qx6uslF1z6v+$?po<N2mWMFuEr4QW|LbMz9ya(-gz=|F|MHrG4W^wwb+&LC
zoiUV*{>Osni8<e9$G^OCL9y8S5T>$-$A8292mYibQ=Z{}he@CClK&SEr5qIdq0j&S
zU@f}CT{d3N1bL+$s03_^KdWx~Ypw5FT0O#2d1oJ?<Iu;g`4=Y!sl^pu$kXjy2D;p#
zPB!z$F>rLLD`E?PDD0j8K+zX6=2YMMkcE1V7t{K@op;)j$}!CN08QQ%{y6>AoV~@*
zQ#<OWBaD?dJ34GxIg^Bxht`5_Z=^o&e1w0T??GO`NkUONS^;r2C`qWZ@cqnOtT}$<
zb_*I&+Da!OcYM{;q{N6vloAgbR{e(dY{LkH0xM}p@u3W2$Q}1OO|$oQ^Yr{Z#)J=t
z@NW(3I{Q(&vDpiq5Lz$iRuHNn84W+pK=|m=)VAdFB~I-U<2K*?d7dU#iUr**#U#a<
zb)>W_*b|qV!Friv4{?R5vT7u9mv!q%?8a0lE<d&a{BhJ|Y3KQ$C=)@~Rg{h40S5-W
zP!AooM)B<xRZf33+GP;R-NBpy;;EywuY*}8PX4q$KFJ71uto}92B5SOyj{n#n}`@R
zP9pIVc!3%vy^MT&cds*SE5Y-weh6jk(0qh7(RhO%BKz5d!*ep!X~9a#WBkd#c9{zX
zHfaE+x)uBn0rsro))LH#s!M3U<IGt;z&31I6zTxK;3^uuv}F6NtD)vz)B17%cUypk
zQ2_d5xT&k{O)*c`J>fa5bzyzXMHf2?i?mZAN!E|igyIHK9FZ5#_nz~Vvj1&*h3ag$
zR)(eq)G%j0NxJTJGRS7DF`w+Pi9^Y|I<ajS#g;zfQ0xtDqF1S3ta$Y;xg#!FKmONu
z68qefr${=kyHl`B$gl36v{95Tz-y9|A;WH;ZBn+fxRo`0iJ*nm+us86gX`;J1f717
zt|oJ^thD(gYWJQ1)B7?NOE^KfsX3gy;d*&^%^ib0QDE~oUE+1b>py5-r63!(Q4*}i
z0?=-VN?opes+^dVp|o;!N*}fig>eN|V<?K~_3+1sAGt0pgF)i*yj39+Wvu5v8L_nI
zH3d!sK<h2KrjVm;V{<seKTiJaDnQajv@3=f3!IiVLyiOAdBAUqh;86WB7a<1`4LKv
zsg=@Lwkb+4UBM0)RF1FLyd`R%vCoNh`GL%5UGCY{=bC;91Zm?M#=t8jpE7G^_zj|-
z@vUzqdI5G=FTPo>_Jtd&FK2>rV-2}*miM&{?=XZUoCf@Mt|$cQCD_-XW5x?PMt8oW
z3_NHmqv!HVKYaG*&k0j%G_+hs4=qq2YqNVqB7W2hS%rFVJDNd5ngGq<3#*1U6#h<C
zGP22~s|_TDIPph8u~l_jw(U|Nt2D;IUKnPii0fN$hc{4E`hIj$pD-G6iQpe8365Ww
zhFx|Z2lf@Py6&F*(u+xa&4!C9Es8bg2bS)V7U+W2gr$k4D0=<)M0&E2_0WZ(IsI8(
zermJ=YMRTVVg<L-k6yngbPe5)vE+t!5IWa^q&TkwF6OQ(Jfyx4<p36n0Y)-<(1ERW
z=j8al6AP>@p6V6~d~6|849dr+@@EAvwRoz9apDh{SjiJGozY+_ZWjN$M~maA_oN{v
zq%fSO$Fvq#=X^=2_N~izP}K-W0xQG-GgO67T%2(J5_}PQR|ek1q)g6cC*q!-B;iKI
zjNo!K3#-<Eul%^fNeV*lBN5`2(P4!$k#O5wi2r9ui4!_^;Exy}G%tcBuQkHBa8(1~
zS75n(W<}(Y^BrU?;BK%LM#K$>jf)}#{)>N)G#Xivxmf)ez@Q$N2i_UenqXgignwfh
zQUmdc{rzIViEs}%MUGN>pMa4xh&+;VkNY25u^#Z!|D)Ih)2aC{f`v1v#^O=@AZ<9D
zKmxCC(~}GhNw7UIJjspd>uK9pif54utw=OqD#9}Z1z!~&JR)Rp*Lqs0k%(TQXUj$Z
zmT$cUBu+MH5L%koQ?X-Fg*MfLw*E=UzmAHJtb-ovo4sAJq;Q5NJjejbEjBZ_gyPQl
zBWVa_T-Gr!AXKRGb3G787p`@GGrKC8an$}PjY5W_X1P;+Ip^TxZBbBnDmChzB8Sr*
z5`a3I69YoM-`BcNx%&G|>^qX71#F1kFa8T^sNgG{D-Yd`D|7%yVRGXT<glbWYOdg2
z&+n`#ar3v0HFr<b9_e#Tmiqe-Zq}aDn=t>PyvPgykx7Wn05KGT?OTg1Z`63oO%B?n
zeYlI9$le~Kq9U)p#L%UXHX}@1O+A6CIA#mJy7Mam!3Qgj?dfDZTo{;xvCIWPva%wr
zzntK`_>cKbpO`bmKT+WFUHi1#xw&}OPUZWS_ApQrYejfHeiNH<9S?2$n#lwRSuK#A
zl*XLH9Zu?Y(;QFXO>GLp#Uc$`re&I^<?gf##viFHiZQ;h(M+n>j&{-hG;W(=1b><i
z`VaxvdU<vwepifHG!&VM$4h9gC6!@lU)9s`vE2~l=wUQyaL*K>?706sd0DMfLDef5
zSQ&X=mtWcNi|Ko+FeNV{6B*(u%!hbHf#$apC5@)@H-yDF<9@-a!aY1I0yR3Tj0!2F
zeP!>@3cWCkKhF=XsYV0CZh^av!LR$DyUGaWY0{!LuNL~T0MF5|_>vq~yA?+l86NVO
zJ7DgelEXvU;Z|`df%%F*CSuUDjV<@-2rL~;`_)OMwE<!L1}Q;$Se>)=O_Qu37^vT>
zhtxJHwm8oywWyZ|Si@G*&KMxjzSM|#>`WKHal(-g(ag@kP}Ez7FM&NXD*LU=ExeWv
zR5zn_NJ0I6P%ThR2tB<xG?^@SaS0b{)=p$sto7?q%*y;(=0iVm@Q2AOc6fqe4r`Z0
zUs;q$sw~b2tI_-&<dZbZj2A~@6k0$<8s1in$RmJYQFAdi0V0MdihJ@ugB$mD)X!gN
z={9}h<t$+cNevsG>I@pCb@HMFB9OGTEmTrm1D)&JmtDi>E9aY6*Cjrl=aj%9v5=EP
z4WQ+`vHrFNN$3TMECoP${&)!ku`;srLCZ>hzblP<d4B+qMr^TGf)_Yji<`Z8{62oQ
zQ`?Cr8j}KSaX3DS;_B)kLCYR0X%iCy4cbOBsRe2=YGR_uZyJ04nS`q7O$-DJu9`nG
zG`|c&h-w7DrpbK)hZXKNo!87D_@7N!+`*;Q3{Wb}X$EJUMzheb8;EP1+u9I#I)5X%
zIxE#ufdF5UUx}ez-_B8ntZYlGR&qe4r(`9#La|4WA+R8n7*GRy_W`KVyk3D@LCuJ%
z=p#_>B2SK(xf4Q$y9<R=$I!XFw4Pk{ni!&=a9>uIrO4)Cpg^V73fgLRw-DGNJ29iI
z&~LN&tp5$uFdeWk3vjzRm0qD6GxMR`9<}OiX5;PJbXwd^_>|Zq(VVn~7tWYVRW257
zt_O@nAfoE)mRi;vJ<5k(mT{&^(F3CziUu92R)TCA@Zf_dTA1X5fBOt_B-vMWNajoN
zg8t;n#KwWNo!5Wi_;9?K$I=$y1&AHVU9o$Vc&T7Stw5#Ucga`yW>Oh1KQTeV7vGF?
z7)$qmJ&};CHZYbYOUMjD@xWL@<?hr)#lL6JemdaA<*j<2)j<dZ)ne~TShCa4mz=v(
z*G{3KK{Y5m7@mQ!HcA3+S?Gq2<{X!(pH|amC9173&72OSP5i3r=)p;q+2oZL;R@71
z_dvmlVB>pLIj)42(;?Ey%qXm^J3IdUR8+8Kxrfu+#;Ne|?pGi}VKl7ZNG18+9(^Bx
z&x%5`+Ng&MB2V%Zps-iOmhwAYCetde#P2|Q7c2)EA)GmqWJAfILja%*$Cc9RnSAwP
z;wott_!}r=d8jo!12wS-&b4dtpeK&<8^It!TE+oz$VaFhMPTv99FJ7F53isWbtqcX
zDtNPddrzO)Tr7;Swx6`pLUnn-G;r)sHvrQdUpOKT%Twu{1Vl1nM@BtFi2E&I+mv%U
z9wSB+KD05xcJWMaL!aN8uB{g5Co8e_#OL(CoTH>aLtHeur12$wpY$OE`(w1YP$(dq
z7RAMM21=4xE^I`<6fR8_5H1JYO$gB-sonBGVvl1kFjAZN%hZG?#T!l%wWSGOPca;9
zYwAViRyTh492uUZ)J_FZ@|R*I74j{3$yI*0SBkuTI26-s4d!psCgEBSGHiXSjpPBi
zP$_$HnEcJVFUfI`%E|^>?+zWH(ju%4;GFJc{Ax&(u-%L$1cE;A;--U@d3>K}Dz<&@
zb^?st&x@mQ2R*m|x3SX!b9$@A6xIbgzWlmC`Y+D)my2CNTHnvV7qZ6;;n)cv|5>R_
z%oN56IZi_hIs<Gqp0ay0{zzQQQ1m|XqXQ%{cKIR`W-T1Ny(Xd1m?e>6#VroAd>^CI
zd!*m{0T<tES`VDOcCN~natoC2Rh1N1&vOn+X~*|X0Vj!9x<Ai)Lc2&o3#w|>qaVNv
zWv^ZUr6sMn!I}4#^@PpP)ulw)Ni}iU=`hFbTEiN47Cgm;Xz^3Eh$nD_WrBiFp(2w9
zS_oviXc5=m+xsB^QcAzwuvHL4HXxp!1Up{7In_^vGE_$lHRC96EOwT3EAdYHeM~%p
z|G^^;5TfPSZ0Sh3`u&Tw{qOMCJ<L&Jd3?B52Qq+)Ed)VvNAA8MpIR<^hH>*L+9GFm
z>lu5q)9&0G{b-FyFHl7IdG7cgq2%ScDq#9XSZBNSmjqiR9JMld_%g5f>5RnN;yj*`
zJ2&71xc@Y?O9({z)+w|S4N6#$(SN#~j-}1l{Sg;#NR#r8)zf$#6RKh0ep?>9)RMj?
z!bzIPh8~eEbOl6>s9_xpNj+^+cL^7ryGGaC_-B@f0G8P1l(=B~UnCN0x^CZKfE_i=
zjm?9p!kQcg(tDXR1kx_WsljRp=U($i!p#5#>-u~h>0x%l`T%>7O_As`>Tef7Y1U`P
zz080|e|S&+i%Xm-lcMiBaStZPw$49L0-4#Nn~Vex>^gHjv<W|8d}f_t0&=j;%228o
z2;fIxQ01m(JPnf_>Zb`$$CmXMJcm8o?!xc()fYR<<le8nQYF_&l2{N!eI3S|le27$
z8J*pVZPh}yJf;ICCL=m2LrXf&?9r!swXYD%QyNV&;N_b9?MKAVF{IX<LDGcdJ9|+}
zbZz}RHL-yr7-P%#N!Q@Vcf)K=!tu_rCCcyQJmtV^{jR|k{tNMI+oBzMqff9+M3qRb
zTKsg6^%KE&kCH1S?TGc!9d=Ooh&MbX#=nBl^9Dmn=U`7?0d5j-s0q&oFvNV3^V!{9
zIT@kfvN5zZ_#QC-t3WS9R9R?oN0L;%FxeCblL=#mz8`&RCYV>{xUhi237@P}o<7}&
zOyqXeo&qX;WViASaDNj}P*M6A68yNMuF?MSh-KFQ{yCIK?g`5L&S6J_auK(gnQi^~
zW$^C~Km1DVH<vIO#!Y|4=<JaVW#jAg-E`Iac@;3RjY~8pt_JA%2Uul2fys1WL-YR{
zbkP8X>-PEQ`gG7L3}3SUzp(HtRUU6~#e5eUcvxOPWXC4SCh{EwW(mI=6$=c|C&GMX
z^s0k86&Dvb7G`?uRI~U4Bf>D2IJ7%$6aFZDd36?#tO&=i9C-6D<qY&j6-vmdIVNd#
zk5SUewScbB3B{Tu>Xl8g312icvjQW$d+-$`!`H2w1A|m=8zaf-z6{-S^5JgfITT&n
z7NQBCRYm;Df$ge>dx8CKPLPy!lNAN3r0pp9xKh24Qnf$(*H4^dQ4+`_DcLh4K=<Wn
z9-JUWxCvV!xIE-3dM{)wf^=F1_Lrlf`zYa%2TIyT53NQ#EcHINr$4047g>xrGAjo+
zbS&>%!Nusw8+njcHn*2c(gO~Xe`vv-?nVAcrA}NA)l2*)KHVU|>1zqQY7inlU=MUe
z7`p3K3aq(XMO|cht~*^-1?0^Oyx1Q<T#s5lb)g`r!7D|^uS8<!eUHq}O7_SH5)U|P
zhkMrkKcu~NSd?AYH#|Wzbax|2cS%c^fOHKh3IYNGl7pm52}qYT0y3mDBi$g4G)PHG
z_q?Ot&viY|dwlQl)t{`{d*yE}_Id8T_L;{uPAcB{tSyG-KxEm?1mX55RyN|ZL>2HU
z8ja_Y2&R?ud$|!g%VtY*{@2V;ILNOLsPl?~q?@J;>9}n^!Pb26>z+=Gcxg<>Br|~P
zzGA3Sy*pqKv>@2TV23W@SJWqLqlE8hUi_Br0z;v0;Gzh2?-;>wP*LuS%k&Wqzei4N
zs#D76V1$gnWwx<<24;drbLLOWIH88vqQD&hDd)~?5?-3@SI^ZfO2NihUeemo#`5@~
zfuMc5DV81dGZu3&6^3$K?z0yc;}~?lls9`X?q$dER-~xdkTavazp7jeBL5JDR02l0
zDzL_8K}uj9$?wPxJ=e%{rSyX8xiy{^5jpol(Tl#t1}A;JH3wFMWJuuCIhxW_x9m{T
zcC3#uvvba-V|+)ivlW_rP)sJ|w>hHWS?Csc=vl3}Akl^I@9HHrfDw?}s-HzD=I{Y5
zv+mPbg!+=>Za}QtZ8Xv1XteQw6_-#PPLn@&+Vr~yMUX*EV9=R}<o*W8g@+Ai=B<V7
z@Ya~5&(&TsZ0#^0<RM~B`z8U~I`)kk3d8lBpI}NnYeBk*><VgqwTLvbg2OkU7%T2s
zVnaS$N`?0OBzvO(EG{y)hbi^UuY-M9e2ZW#gjbmS->m{eYg5LcTs)nz2r>DI23X~`
z6wXY>Tcg0xSnZjTb&MwW^Q@fbaX2%QXABj;_<};&e!C6n9;@_uA9#=n(y{s)o10HL
z4I3frLp;w4p;toH3~p57s&@x{O%S*Un40WG@^x4^<g?qx!Ia3a$ZCr1Zjz<wRz}MV
z0oN}NWWMMP`@b$KWI>f4dXyb(YgQyjOL%E<R;V)fH##7Faw*AVVtC3&9ODVW|EGm3
z8+C5V<+~gqOn<XV#TJW^+m7+4Ky19Cw)7@ZT2Eg~%PF?6t5vCxlrgkol0z?YCi5Tx
z)a?_LpZTrmeTX-NjK97Q2`Pf0m$QMw1s)@o*^xpSf}}M`Sd@A`<ig^8$f&^Z{I<2=
zs&)dPVtawYZW2zto1l4X8GYw3STHWGEE<Hwjes)aN04P~u76{2E^1r{>pU2P;xc>M
z0YV`5=<x*;RP`eWgYVK+|FioF##<cJ98Q!dHl(a2B4WS5<x{MkiR<*a6_H!;N(784
z42QD$2XYhJN48B7!7?Ag0179)4?T=WX0tEbN5e?|8|4YerNb8M+={>gYqkH>Tt+05
z{^wc!yP>KiSLB4RuUWZ+@BP-j{Ew|Mj<pm{4QbLN`%QuGEN)3Rmhz83G2GwQUo4+4
zi1H>C1M%|T5b|rvp+mHff*6;TLmS@3M5#o$1XAdHQcS;?tcuZVewXZOB*dd>CS5yI
z%s*5a@MN-b{TaJVt>J6Y?-AWH+2N+nWjcH6G{zN6PIP3zWa>ba7mHzEHSP$|n#<3Q
zytiryEk_RUEl!F8lZ0ez91NuUm70u;M12W&){J}cjd$MI4p=eIazJ@<y~pzK^NcdW
z$6U)tCI^)(Ev?qEfXOr{j_f%gjC+^aI6e#y8x(<ac*ei-9_O<!*Cw^Kz_eOBaAwe)
zc_vGWa4s|vqL2BYJJl5M)5eDgrQd!G#SNR`8F|f{2}$N7gQvKPNKqVCO}#z$_S`C^
z9e8@`Mw2F53_UlcLY9Yb_5GaDyL!Y{1d_okurSLO-LkQ5VP3B4Kmh@VjNhjZ`52+M
zB}0H#Mvtd=@>AmhX+oVm@3UQof_z;<vzVEkms4YC+_x?&pt_G&I2RL}H!mtHEs5M_
z|HRnucl?(wIn+s3*(!DOtF%{i6T8AtDq^D?rgk@%nEhD;Valk3aDe<F|3$#9SLig$
z@=L7oJA0}2qu-GHqe+nH555S<zl!}Apwa%ohDw_X$5aCiVvFLeb@xQvp2Lxch(8Ji
zNwLf9mBf!ZwGR>es5@2We*}f=hrga8MgcwSAE5siFO=&j|Kqv5Y^D~><hJ1cKafF4
zL*3$$R)cL@=TYX_pm=K(-cw*G`&g0JD!T1dsWO;C9fyhtejpjYcwbPuAo^k41Mk<p
zzbEHE0)`~teBm@YWS?%MunGSc{z!D^^evjb)lFw33*rURdIoOcNi*6;MsCqcd;hrz
z3xB*9u`B&CVb3SOhk?rsu0Hlq(={eb4x<Bcjbt{1b~9Vt$K^=FqQ{)ykTFsVr}h4N
zbi~11T&#D9^)Y8tWGf*iJSpZi4n5OByR=`;TCJhtAX<o_Uu)`&PmA}t>DX}3hoHnY
zazboWwc^}C{sOr$e(rfM34ghuS~srXAgkQoD}8LeajnZYB~l^qK$^iu59oSBNbEK^
z=rQ~PHxdoCqDnkPasc(C38%5uxK<y3Y<A7SzOY$PN*({k5&cVyZfF{Y`R15ynMi0v
zqKAi(7*$X8rh-_Pr}o^2$-?aFJtmAbLr9wWvR27~BEF~BhhK(YvdeGg)Oa`rUuJBR
zc-Qv;IMkNPP2T6a#?nZ_<uy0U`_w*7Rn>d@w5|iD(1ir+yQ71q_7BQiUMfduZ)uY0
zBPhu$BKepehIz~$FfC(z&1g`L$O*vqfo@1_)}ufCy)5j#ibdbeG*t}Yz}7N1N}e!a
zUF|;Qp!-&>h-d}XJ@Tttv!x_;-L`yGElO_QAWtzfy({{#5_LUHb#yGzA%~`(hue&(
zCb7}hgDyzGbose+w1cO@XV01-lMZ8Nhlyg43sGlhgM{Y%KfWR%!G9}cfY7+tvEa?P
zJp8!kw)xCpqew%D1<e~lW@_Tm_#MQ-=SRCcsc5$a7i*{p@bjRu>($Y|RP!e#`$7Px
zT9Ku3PC?^*gxGp}Npn|`V=KA{mm%gn`8cC=&+Z4q+SJy!-W(<zrj1#~Wu{&!8YH6T
zAL;*zR1RznN4&}iYsLui9!8_ejdju8zoo?rg%B!Z1==B05xass(AB0#1)|a5TgDYe
zXm<!6h7Ou}Fg7qxB?9vwcBHrDH5_)gvD)%xd#bK3ZL;f}Tfa7w7&Vs`+v6S8(EM$+
zu03YGcc}Ls7mFx#T5Z=`>m}u`;rOI<+7z4KydY**@{1tO*lcOZy?wgx#-7@^j+MfI
z9h*D)5a`M;`DEjj*EM4e8m-WAhQ~bU_qrY>jR9+>_%f9>OIc<q8vTL4AdW>d8`V_o
zeW;T!#eHb~=w6w|8jS!9{Sm@?Dhn6^`Yf(i`|FF=4HGvjnNd%YBdYQb+$sCuQYtdV
z+x}wP%@gnR<Fn5HUfI;Pcgj=-cF6LGF_X*R(jU!@I~_^1!VJkG&YG0Q*f^5S=`0%6
z(S4n|nSsid-)j`6oovpw%X?$To1w9<?<MPuF!-07P}l<g2g>VdS5R-ZN&0)vZe`K=
z+hWYMJ`NE1{uRTDS`ZYJ1zE%)DLv)yg8y><n}@O;iCwSH3edR!lPuw!@6h)&u#KZo
ztJ=3FNUB0^@)|zW!;f38;;tsyVSAt3xqV8N@n~xztcwzrktwIy*8Mi}*QjS4Y+nN7
z#Hu?XO%rZMD|H03QX4uC&c7@Klu?d#xaHgRLrC~rh~-{%pdMsMwxoaON00)NSF!EY
z4b<S_uZV0kZuUp$+^DH5UviQ=c7v)U{to`_3r>_T_=*6-%ehKKT@0vaBvq86>Ly6d
z22<ivy}rZ4gujns{Z~P%h_;4E==HA4f>F^Ao0b4Fc8`~*W}<U^GCJ7eT&#Z{=t!&X
zP$^cOj4Bcsx5#){$jbyLHcN{sVz;~BdT48ja|}NQ@?}E2mqI}7J-8{!HL?=r2`~z`
z3pJF5D2wcGRY2Wr$4)`ISD&8^d+$qYe$NO}K%c)V-4-L6E>&4On|xPP|9oM1QuOW4
zc5mis(7P3%0zawLmJSb^h&OH#elb54xnQl*;735Q$Zdc0K{bEg^B8$bfQ2}VN!QJd
zPYd%jgAwk%j^F;`{OjXXcb^K1tB`<fvCkn)*QEn{-X#1xLk^E}h00tHU1N=BzBmoV
zUgJ>8i{dkM<fH_<?%3c!YAbnZCnG>!P{5NN0Z@Af>nVS|G#z^hvmxdUCB*;v`F~`P
zpwJRlhHQZ`O${evT{*<P*zs+~bS5xilJXUVDLctcKAR|1sX-JEOI1IkJdm2WpvXE+
zI4Shz@T5F__wr2FQPdy6wY*6v<~gVqhl?KdIVGEimFSQP0zn2E^JGE@WU-AkbCzEJ
zmcj@fO~Z2CmKDc)S<Wd$%)j1L0b>D9(?SW|(3yc^qfZDAht@BTf0qr!BRQZDlohJ&
z-VE!T{SrH^bRpLB2Sk4rHb%H@@~F?7N#cEY_MBST#I&R5(Z=-s*U?xtcRbv0k{%+&
z9=wyrx`?@#R5I#INtQ_!hBjJFXN2fr?G5YiVOZ@3(f>N8@Y_rvQ6dccmDU|rNHWDM
zA|SBF{}usY&cWig>ry63va}_pphtA=HlyF8)P}C|Jcuy3Z6qlJjXx~(``NO@w;knm
zyFLBt^yrt?%fc2=kl*r2!pe~%Yz1QmjKOjm6hKgaRJ-!Eu>W!YIYQ^*qwMgy(T?m$
zGVv1vD^{cXoXS^fKVY{de9>V1zzb`iXFp%Otco+SFNWYE@t(g2P`DGl>56rsZ&ybb
zH(1Ud22k<JqEWg4Fd@o6+eWf;6IEKjGd^34snqbvzq>3oPi6o?IK`oGJ!C*@lstX2
zONcYxm*8Z9ALxJR{CddSmY7Gak6h-y6aY6~hNcDs6hZiuWfQV|Kc*GK2MB=SkzG8M
zWVCR1K~1Z0rjT57W<(qejKPJ<{N5anWGsGGI3~pKr))=@JnCQvH1aDjB=u^9-|kVO
z1{$S}8v<H*Cj_A)T_*;HlLq2aM@<C%hYMi{7(?j)0~bnK{*)3VL=i)&;UUcWD<lIx
z)(u46q=>kMfkhR=w+H^nrv2aaQiT$rtopx}-MI|=s(Jf_Qjnvc4FtiyAs06OM*tHB
zCdA<%>;7-JtOV%=h-8<u4{jK_P?Z?XuXvhs*glZnJzD(n8r6+-!-ycPgtOJX1{)6N
zj9I;33Z2!ve<&xco_T}O9bvJUZhkmSnaqGjX*yaC4m`8@@woDr|FlVt`jY=C`GyPj
zdonSe$AWuTi-r69GfAj%<Qk2b{uQ7HC5`(Ty>0fMy0jIO<x094!qQePWs~sKfGsm`
znm62Ub>;+(hbM*l7^y5`BRA=o5YyvEG|P#pW(sy)CBlfs_g(?6w$t~(moxVV++C$7
z4$`Y0c!;FiU;4JWNFQZW91I+t%%2V+M9lpOR@5d6I?r@vekc<{x8{KdXl&9K5&q9_
za2kCMUp46s=!#sh(vC^u<f+tRO_@q!FMt#)>Q}JLuj=TQRuEtCl!EP(-Z(ZyxhM-C
zixPEio&4g_Z}H{&ZJiNE!Lgr5fM8r~#r6JPM9WJ)GnGlEs~w$C+ntknrvs_YzyrVF
z<M??#;_4fVLnHq5C&XE@X*BY%k1Uw;mawiX{Mc!KBPvmddcz8tNt{G`Mlv&^gW+^{
zEMSasc0*DtWRUfqy{9nqAQurMB4|d+dx<KSBc?hnUA5D-g<X_Jh@PmT{W>*LMUfEu
zP4UADxow6=Z!C3~m_EjDZ9inACL<<(qnvkqyLdqF*Pt<Fo7!_3-XL_o=&@nmlpgEh
z;B^mtn0H;o%V+9&JF(vML;>rbWgP%9K*48nmasBe`k8nC+<_Cl(vxkD`5oJK`P74n
z;SoTFA7yCYFM_1SRIV2rgyE)JX)h(;&an-QLU2z`eNO@Wwcz=7D>=w$v;=F4-`(!^
zZA72I%TMQR>H=KE;Z8Qi$AqN{HDTf~3*>$9VxOR3ys0pa?<oDro`ZZ!A4g9L?EdNc
zjWnljbOAQ3Pwgm?JdIs-&JhFZ(AwE}f3QlMXW~BSB*;8=RJ8MgbXnKseLM@T-Mnzk
zPf-W!n#?q;Wg3FT!3Ceu$AF3y8us05Jb;l#k_ZN(!+#P3I?NCnzX*oD%e$Xgnr$<y
zVI+!!a5UJfUEC`^ukv`D)a^f6DvO{MaxgD893*#718f4ihcPjHqG;Yt0e7#isrcp4
z+u5o3uSL7KDj%3$zX2HjEWHm8)~9)1Q1MFOt}{>gYwhzfB8_h#I3y<R<uj(Xw}7%}
zq{;F|F=CibYvxS>9Je$lPx{3dTR@;EvU8viR4;fxwGabNR4o7)Hp~R2yy8Q?9+LOt
z+PKO)og_eT%n(C+YQdF>1H_)8)H|cy4}!G-4kl^J8CcEFrC~!%gT&eTL!=0G7#aIo
zT^K*{KKBICw`ODmc;+-Y2-kF!#9tr4RUM6%ka%@p?N$KhZK{^GY!`UL0&pc6YuhMN
z*l?l!t0`=)S+q<*xq~hflQEX0hIGiWoH`3gpunhAkN$*rIIMuHl(0R`&jZ+Gx5StM
zktfAb<lnX9s1}Z&LdV;(8TypdUrx&_L7~7<w!xa_;jDBr9RA#<Q9H#h=FNOUmLm4z
zw_ay?b<q=5GlvrA0#ZcD%f9U>Sm}zVi4a)Zh$lA<4VsnLW_)N*aJ}bW3p~8*&@`>>
zxGv965zYNN`n`qvo@J_2A#+@?EKoP(dtsUcES64(7c!?H9Hv^w(So*@HYu`9i@=!5
zl(X@|ow5UrPdy+EI1!^lu<~p;=A2JbD*ebzAC#=ku~K4eE;XCq)5U-iT9NeH+n?{X
z2;by6A;jo~SEvsePr@EJyyODNZ3N$x9+d&+F_|<TJ4#d_DErv43S}Zk@7_wlx1BJ!
zBLe8wI3$T%2c__c^$T*>0mWs^Ap)EIHlhz+miQ2UjN1NW?5=??1W2zXC$Gc@gj8Y8
zl&x@Eh^)R#shco!W8iN10H9n*F%bf&*aYh_CdQjYrdALy*_QF<p$)Z!yl>z7VC>6Y
z=sg-<WBZkQ?8T>9P)c8UaJE>~tU`RQq$t)|Ju1*UREG?p6o^z>5GH3EMp>Dm+XtE8
z;#^xVJY#I0{8r&U(H$*Y+)D#ADwqo62+-NsmFIO(98l~BuOn0~mA(?QGp<m9sCqmQ
z)O`Puy=9jOgZvwhCH0zM{PidyaVDF%yrW@jW_M@FDr&=9gR(=Mh%ba_9W=A#-yTqp
zR~Gz`fDNS;cd2=jQIyJayw#8B`*cj)1Oo5%0F<B1mNLOu+Upp`Vgw#Pq@i0uz`iJA
z3t30}vK0Zqy<Qej|C&)~1@n`vt>HtbWd~tla$k8{(08PS*b8URUG440e;A_Gs=vU8
znwU6|A2|{EV?vq4z;Fo>WcdUo!tQ|C^7=U#h8w?a21s^@b3l|3*f;cvETbV*Lj}43
z+y@xTor$15pXaX(YSw;@0BN;1usO}Dv&a#zFt{;n*C*2M9TFnd6lP1gV76mU0GT9E
z3QH38oPfQfV&PyO(%|(J_T*QeMY=2qRO<zxsnG8o&&4Uk_;GcOH-V^%sA~tX@db(D
z5nX;~6nMTGI|0~CgL%^=UoMBUFkeuU`q1)vkkDny!8)+vSQ>UJV)Ib#>{-HMXsxx5
z7~n?K-1Nj@zbh95SYJgfEMd<<J)K1YsP>v`YT+G$t+Tj4?XuOa=>?h>6LLo`#(TTH
zXWQZ`;WRMM0K->8vXW&BoV4kH#=jClT+)jQo2-C=?|^0>^ViC%4w-<IKo6>}umc=?
ze$)|ZOTVXCV`lD&Qg(Y=^z8haljeuJp6+XtOp1(E(8ZDui=k|?sSaRhC+Czx^Z9*c
zDDEXWVsl9fW>Gx^dt+fE9*DPXaudeI_@2$~NTdaQU~spehsKgO9QuF=F*B+^AEA%q
zE#uS*Xx43u5vdc!J${Gf4iGZGZk;F;fDsWkNz54Du>;tH6@4m;)d2ejeOkuh%(S0h
zQMPxv3NELdeeMHhTs<PzIt*X&1}IM}0gVX@yc^Bk-M9NE5}8>qle28;%uTj?MVqj3
zTfe1)ji=0CtHyf#8r&6j(i5{dZN$dip@KcttBP$o1@Rvkn-((*dZ}^%DKIf7z0H@z
za~~~r8Qyd~^fX7<HO`!;6=sBsj&lRcoLcLMY3CGL(cucm#5GQ5I*NkMh3ah~Cv7z!
zYdKD{b8pUxzuy%G-svaydmwY49qA_qDdk#x_U+jPcnxj6LV(;BJ4ih?j+PpaA_Q*0
z20=8DzLXuZV7DgvZvM-D*A`nZK+_#J*lR|_<W9VO$%v?ZY2%}G%pn7?UL=-f9(f6C
z<$oamGI|!cn<fhO0(>#Jle?qtW9UWBt-f4gIQ&v4fC_`Y0|G^^`xMM)1y=N`-KzBj
zG_e;4Qo&1s&z1+K5pfngzC3h@&z!>7ORvww9^p<Pk}HClnoLhjC1Dmz142-vCo)Jp
z$n0e9^cZlr|Hm}U!s7BqjNi`aouvjQoNGL4(FXSc*rkE`;z;Dbs5^eIFm`_qZnl|N
zDYlCRP?H^a2S53FGdF_Lm9Y)=Q}1S*sBEXesjG!B*P`&Dd1lbH1k9r00od#1`mt3}
zc5a6HG&Q*^vCrq>wp&`nXY3=$%;fu#piGo=KGX?wFS7n`b1LHe@bt!4wLl{imtV5M
zGar6yZX|=mhFvnwFO42`b=V9^*3IKzI9j}%%X2S%#I7Z(sI#UOQ7=@(0x4~1tj`9e
zoWYZJFTb)6WfhRh5kD`qskss%Sc?JAptRP`0yZ@sUFrZbUgQI;3eoxH-|(o``;wXR
zA96M>1I*&5)BG{0bFCC}#YZ31yy2p^bscJ?MXWBJ0H&Hhg6j?40Zs0|ozlCx1ju;j
znL&?QGi9T(r*2Tc;#T4T^*L$Dfbrx@neNu{;~YrHRPmwXCxAj*Ot+RF0I&6<rPp3B
ze;gy9V?Y?Q&^Rh-+9wTwO=O}0fc;fkoUd{*F$ysmDMj&;HpN7=3l%<P82t`ggLW*9
zvpMJU^P}u(PwtPv47v^d9oxnk@yW}qJ-XB8j5R$AE;r$n8JY?8ZiNdOgW)`Mq47wL
zlOg_<GV_*Cu3$mx(1eqBN%-ZCF&CK5oS1O%j7ZDxApJPb2KrFBdB=8=(1mF-!^hmp
z);{rJi6;Qd6a+<Y<vGfOtEj|Rndb9|>HKie;sC~7JAHs|)-Fir>diyO_Z%fv7H-8O
zRBI69o$c|*m(_@8NSd4{)Qon!mL_G#r5yC(TpRtr02a#+q7q$JiBl?sYRo*h0Kaph
zXu~XiXBsy58Kc#I321y+U#0G?^2TI^%WS3?GeC9(7M-rtnIiH?v_o^q!vt7t3$P`W
zN&rU5S#z8z(Qhh2v(P|eWRgk6r*7Fo{K4Bhkv{~^_tKkQ7izeC6Y#Re5!*D@)5dT+
zdjTSNB1tmORHPj78v|ELzvI`x8N>|hqOtI`s4BanN35zR0q;%2J}lh#EBO3LUPTnF
zK5HUSksqG-CMrja2i8O723p4Q#<j4;hP}tKeG9CIzLvt^r_KLnpfP+}TCmA)2A0L-
z#~D}r?cCFWqoy1Sy2~3R0AZ+M@Nx>EN$HNI+SKBrhf#L_`O?oSVtp%--RUUZE{QX~
zcZFO0+MoKLlh`74G)6yB3|M@^k#4_v+vEPA7gz>r0?>MVuh(wK4_Vjg0nl?xV9Rt2
zV?6#s4pVcv79$;VwQj(NV#0SQ)~OCD&W7o}JZHqp!B}wSe1AnqjP_Pg?~3D-{xz1`
zc3!<sV+Lb@d-<T7YUC7QBwl2=_qjBqsO&X~7bXG8H}hV$yL;$29uf~8dzLAR6M*XO
zC7r0c=-}2no+iDm!&9jB0@V@UFKZ30o3f9`bP6DJvx4J$A!P}yweU+O(@i^Nf(<M6
zSb!RnMe+zqN{JmA>zDf&Y%Gmf7ZWE`mu?+0HhfSdVba}!1V|ZiDANmLO1_A_Fi2$Y
zPKBSpoyWISdIMW2j{_>Q|6=&%06E*+H+NL`Q=Ewc0z1r@z~P#!vWt6IbNp5y^9VOH
zWEC9~C|pbt1CrV)OLG(iaPEzTt<e3Qz7oguvEd<NnGqarzAD?!q^RKW2KKe1DTgWH
zBG#=pZq%F^>NZ%@x!(sPx!1n^?!QQfbo@Vvkwo}Z#A&FV6Z+OaLjN;;g<25W%YMgl
zCB%BGPp|59$pk$_N#p&+F!@fLUck);^%f!|0z&Ej23c>Zbm@<&#`AlZ@UKFsJ;7M-
zxQQc0#4^ef^VOwr^UiiU)>_nNh|eEKpmwozhR&5t=HrJ}AIbX5Bd}3#Od#|qk!*Le
z+KA`1$_OL7wtt3aYateMv1Z=i{^pqS^v%LC@7BZ{w<~4PVuS}4ft9uvYG<%9zPjq0
z;sU*Q?Hu=y{p>JH8Pd4|%b$UC1-W<4HWlT@LwiS0FGnF}yFX2eTh-UPMn5>|2bz`A
zY*$c-fwbNJu@I?_D8M?Nk*JcA6q#&nD#qt&GPAM%u-eEKID>lkw6Ie!sU7w-hK`!+
zDs8UdV&WOLX$f9IR%}x|vqk#%L_@e?8&8c9TE@@c+OA0bwy6h1?pJqoFyY8-Zsb&%
zd!;|J-cK-OVi2phHM3q)K<^mHU98nJ;rp@TQiF94+c;q>ucmmx@r{O&@AUVHx$p04
zub5S^#23~hVAdd%mssywP`!NpbhySN+%NIs->1Qxw1O~!>HaEIhi;V>4RmPc94tUH
zqYzm6kUV1QCkF6d%Rk;c2az8?PqqcRlBfN;+o!!^?r}GfZYEflDTbO2MIp&;cWu5+
zCyGAqvqU6+u6gP-E@`n>W`LG)_HR6KjfoeEj6jC57;3(!D&EHB1!bi7_vATCNIR2^
zYD|ZprNIgoIzGV4OPRo}H71!xQch&RqJLEg+AQVJiuAB)QFYi`F-YwD7dx(sfp_Mh
zDYRE0QCn4)e_|r*ta9-R%{+pC&#I0^)Ab+vNchb*A?j7$e}MK6_yxv^o9=<NGq8&I
z{wp6)q&17t5|Wh@C2>1dM_!^s*|T9vR0WC5g)KNg9jnxmV|=LYmYP@ZwZ}4J9}^F*
z*GLd;@pwDWcI;il+``fq#uQS0&5)zI>h9IUO2Mb7#wu_q1l1e3@lFxsbhOe#bRtGz
zYCOkF*8TZ80cyYmT0=yB+T{Viz20bRK1>at3#vDC<9#BOPf&6jp@UB#i<4q(3`{WH
zK<+EhPPhV-@7#PYbP=8HI4Ki?$ngS>H^_HZk`Hb;pzZ(^tN6<b&T0Vp{L<aml@%2r
z2`-A?z|C|bU$3?K0^r+!qsj6>=O4;eUY&i1P;4q6(D^SH5;#1iK(!Qr@380mp5lF6
z@+JY1uf9ronSp4$m~+T?IaxpRb}oc1RUc+Zy8vy(N0_|&aOyp2_ghDB>q9WxED@y~
zb3>94p9YgJs$Ogd#BM_5vD0FPi1aq%G`z|kWqQ&>0rITs9v(SJ*>5i($5HqQXo2-`
zEc1o}P5Re1ef`?r_asu{EL%29QUaZx5GUPM-hY8}!GSw6yGG7PZi$=rSP=OHWEmC#
z8*fa1=_^?D)Zo?J^&HpDI~chWp8ka`R!c9wbmR*CsAxE0CizK&;+)0t1mXifJt=Qe
z2DRM;X}UI91tAUk1B^H0i;OctYKRr3(08AO6+=&m30oe}&}iXIY2j@Jj=In*-s}L;
zosE5l>AwIf;UM-8gUAM0p1zqezWdu}QQB$m>T$tuRmx^rpr2rDk4^mo2yQ=iHqSYc
zlWj#BFwUNR{>EV<T$X>X+dU_yI-1^@8@jh_gEuu{`RyY{dj-#+w9UjJ^G<nZW-q_N
z0Doy&a<?+c=vj$;^@K~fF;E{7Ve(h>q1h-ZvPf-&^zhu>vq$%zt<S8J@#m+su1+vB
z;utUHMebRPM-p%q_nq5sFcyX#JbVGd_^OVz*W<O|J@=(V9+WL|W-?%eHXt{81dgJe
zXpECUqeaF7tn)&|Li6>9<F>_7c4MiyV$F-G`uq$B$$V}1IIBmG3?}0*vA;tdglGn7
zgIx3xkAWj-^I?{T4O+x4t$l1MzL8xgSL^De8PqbwaPrC$OEOP+iafFJI_j7o;|~3I
zg}K|~VR?Sn7Gk7_*#ABBvQp?gruwe?+MrD`_**VstA)rlcqbO+S;nw^n<!6Gj}0mA
zO0z6HYfM^1EDtMi2{v>2%B?wZ@|)~cQkWV-@@J0DPo2Fd=Yj@^gKk5wqy>>Ju07>Y
zO(28)iiF=h=y!&opt6K*?D%n-@I+Wp`@)hE{I007Uj(hpTG0?VkXz&s?}$}w)>KbO
zrwTLWeaa9Upojo)P6cA)G8{XAlp*~V7GzA{<(-xFsm;=bO$U6R*E_+@o8Eu8WGl<#
ze()sL3`Y4UIok?vq^VAtmyP7#tv%LjCbjSW>%K6Q`|R$V`eldNpw|O)1uq0S7o(VL
z|0;<1o5FioBfQXzTFZ<eS=F~+SO)*bTp(kcu*nYHTpZt<!L>JtbTMwJ>TlXX(KVl?
zBJuUvQ9FL9;&4IrTZEKmDrpTLC)8%8Hb;%^|5RSy1ZV#)C2bvvYVz0dAa)5<7K;3z
z2LGoP@ojq}h6C%k9tZtfcD#++@5{CA^P02$q5c4%_^=(zTHrPkKCoysDZV?*gS}bN
zjF@5LS{{2*e=WSOfCIG><GUJJoZYFzQ`9wvOTo>0CEpV&#M!afGIV*|BX|{Rx3xdL
zmE~;F=(Q8a`KoA9Q7{ScsWt))7%+k<UUlKYiC}Ft*WgD#9gjt+J_vi0beeqzmZ7=d
zMJj&F0gdnQLp&U~l4V~;?oMwS#nxFhi#^@BgMSUgQ1AHoyj}U4)a~gb1ZxBpzb<P3
z5LaAn-xDZS>V$J4JfVXsvxA7G*X-(3LBxl;+7yS4c`zNN+mk$0Nfv_U+TZG+MJ;S+
zVvVGDee<79^Ajj(z6ADN!e0c~Y8J|qy10DiJ)BN2e?i=Z#<w<D*2-l5{F{F3;9{-|
zKP46>t?k69Na(eD!@k>M&)e^drc~Fp6%f`ZSTU`HhtPP`Tg0|qZv(q86~oz}A_jC#
zhh=GKE^6-_6m#zDG}j&+{nWZQaN&6tZ;m3Sm_h`;WhffK-QG8fv*#`KZiBFIYODDk
zCEZxHVY~up3V7WG#UD#y@+}V;45uq|>%@Bv<Ob7ewkbQrJ1Ky&%ux2_P7lFD?U+rS
z;NPAU;s>M5Msh$SYsrwot!jd2g(^vJ^zC{<o?<|~hZ>J1-gB!%HCbzW^KFr%h!whL
z9gHn0hHow2UU6;oZGFf8?36yFUv}|SG1rgcdeOR`$;;Av^oTt9j1S0X4ZS$`D}epA
z3W}kbScYU>hEXg@N6w;AQoJg6bY)&<ToM3h;moZ3U|dE|!KxQ17jE$VP|RAN2P0w>
z#h|QdY9mB1dV7@u)5^y7vAcZIHom$<{Krjy8J56ShB5Q&3B<Grclj5eynMuxc<Cp=
zM4p>hbDnIYn`j3Lm%e2J2iD-PTiU44lafWV43)RgK0GYRts8H>Fao$L4MfJy=%rx$
z{7`~4BOjOKAhuOd|C$|s<B0)1gWmP%Vo?mczOFD<f$mWRxn3NV@%IWT;Yjk+%5TEp
zq+By8^$E%!<ysu(oyB>ume39^g9%adQKu!;!2;JpjL!~`8}seIOry@zY&0AYPqc#>
zmU`|;+2}8Q^;-?8vPB*Q8T|YgZb8cqknOKKVxj2*q?rE!gzat6yjSSO)YbFbfjz7N
z)Xp~5pCky1p*i9s;IsHo7C=%QO_1o8N820;Zf~;LeouClC!yPELujxE%{GKggny*O
z%E3e4dG9l)+kEg%uu(pyA7+*c=Ek^`GMUf-4no0&_IF^7))(FTev+SiEpediPY{WN
zLD0T)?Um!rQ4|4#hM(t{!T88Z`<Thih7X-T1TQ7&GD!L?>g@J%c`~i3?@Knop$a%I
zhzw?{E=~retOU7K+JYB(;Q_&HOAlZ&vTd13$?#Tf2h`*Qyp;G$0`A$^Ac|8xfRF^Z
z(C*GE7H#U4RhRXpVbC=;G|>7t4XojyiyGb$Lc<R@q!L}G4&KA%PE~5D0SaC6IjV2S
z!tKaW3_MVu%t%A=L;XUE&|G}|?@S|6=(B%D*@Fum?%HOh5|*f5bHt4EW~z3&D0D`N
zoW0~Ga;lGHvuRR|tA8PPL%>Tr-<cVLw!%sjGw(+1t)a@w%j>dOWEFjX;d!>pg2(|)
zo8_mUExrXoYikClo?rOw^dC--0h~V>-X+^)*dyMTh9y^oF{Lv%CSgGJEt7!h${WW^
z?QvQ}78+o938NWUG`fGY?SG88Ti25f^n9rxZ^R%?KmJgy*Kz0Tx|+Xfpqo=mM_z~Q
zMC4iz!1?}rdqiPd%S0?$n-ZE>Ji?ajk-#bi&ywlE;nv}Z@alyCAie*@N@)2~BPr&M
zx)b?xS|J?jfsJpW3|rq)Fw}$A@YySWLjQ7f{LS%`VHd=w7_k3DOKf+{wpKeHJYfDj
zp7rs^yMD5maPYyq0<Sf|do_2v0I&M>;{8by<wa8-_rPRoSjT`0$ox~OEj7n&^g9t?
zQdG_U3hK&d9Atq+b->NVuTq_zuk=<eUYK()^*Avd@7SLqE4mw1yYm*3C1#rw2ywwE
zWuN(y*I*uEs5Y+OyD&ZW53^;jF;Am9SXFUKw$b7w^yJ<fhwzZE9);|yFJL?cys>!i
zyG;^o>i2GxkLU;46MAHNvTr+qNMZ2UQa!8Xq)fAbNGaAbR}o$07wlQa)I92l9W?jH
zIq%leLC{H4yeA8y(bBSns30^#F8F|DB?qhEf&7v*o?(7<a+(XorbS84UE1;Ip=)tD
z6Is$v<-TJIPco|!70OTmFW};9=ItiCW_=BEzFhHX+I|2T5LTp<A-H#M(qq#+MO>o9
zf_io$HS-{3XQ-(HT^0=g9-8(ciNJblB0ZsTOebxa-cwwBr=Th!VK(y>ZvH1Az*1$b
z_`&f#3Z2%a1~C3XuePCmj?5GXAX~y;BJ{-zMihQ5oDczp@7YQ|EUZ4P(d`#yeX~(K
z@gDZ<r^a=(MDFV$LWCP}md(c@+WZnc-~*0($LKqf9c5D=!}di$oX8qg1+$E<BH+Fa
z7iUB0xDHfuMF2mwt58(?1L&f^MJ(a-yb~AfiDnudbe|6}AL8CYYN7QRf~Y>u^Z|?q
z8h#&2)5`2K(HVB(R+W7EMHhfkA-O*I<8vPMu6^~;dM~Ymof+40^W4o3k?zFuJC05g
zk4(zXnw`6;G+CsW%!GHUFp617t_UDKJR68x%vd%8<1|Yv?{pVMR)hJYCQP8{a2L;=
z6COT{j~NY;Z(E-S$YVi8W<=m;<coYnSWeYQZuo4$8LeYTD<q7W3Oz>DA%X>C8Pof$
z^%)n;kFjq@2Uzy%_z^ntKFF;y0d>dq=AaoO7GeMx{1&B_u&|_?0Pxo}(zZ@XA3*sh
zC898m+^%ECJl(sf;46KJWP>`yC_8Bg|0!N}>DWva8s)qT7yd)$Sr(C52bC$iV_YzN
zTP&!n`&J$U@)72W1x=n+;QvtAnwEb@h~PKF#uD#~9RTjS4(Iad*|{*LzMT4q9w-8;
zg+4dli3|s0LY3vf;j3kN1_MINCQl{pzn{EuW;>P^QRDAG+i9Ll(33#(s2&S&Z<TwN
z>b<8qo9u-<-`*Gk<lPujd->gvPFo_WFaaGZ+@8@$mFn%a+fs5AwaRNb-Ul+}Zp_e>
z=Ide2Pm}^AtB~RAL}e1#Fk(qElhcV%!4E<m6*yr9a4{W8wAMtxk$lh)fZvpBnb@uB
zga$w<dC<ze6_2+Z=6r*eOH2AQgYQEF`-d)nUB4HV>Yic2gz+`DdAi?8Yf2hLmI)C|
z#@BtHS9y%r0o`89z>}2<T11@T_fSB$Cj0wqjmlv#Wg9Q3HfQFAm^=<NvVwO-F#e}c
za(GY;hX1-H%@j;za|Z!sN&v*|CNpHF8vt}L#02@Yn($x7sZ-Hh^j-+tj!mS>fDI!O
z78)L}VP(BKphPPKmzIfSVZP{N>fF6Lf*`CPTL$`!8X?MM@>k|1Xw`#!-+F_7Wx@=J
zfGp4Du3he-x#`?#j0po2&0KsI10H0&9v1J}J^C=dBV5Z`O-fyw;_F~&R1{c%PBO(j
zjEXk@rUB7-)>v?v$L^3Q@h&~8F1!|5&IVJ4@AU^^miXhPlo_sky5fFlAW1$2Q*#6Z
zBGk?hz9nA}6|sz%P|PED0Et-*)}1`Yd_3w-5ath@Rdw4l7%&mM%nYFM`*{sr3UI}!
z%BMHSb_GcY;)tJ7<iZyi(x=)Y{wIa02C+ZleXw@lJOos|dFS}r9k82sA06I)(s(64
z!XI3>GZjq@xYmAKz1w;AkUT;W;O#i03TQIRJys$-y&e9Q3OkUT_1(9)(E(t5zAv~q
z7W@OCY1sU`rgMSM+|ax(&EN_`#N+Mft^!9x6XnE-bcXZ@bgr{Sh1+LnuK*$Qf&h|a
zk_g>?Fy)yxbWaQeprOrKv;?f*fgDl6&p*B@9f5%X8qAs`n9x)D_|eo{R7H#J-??6~
zKEDQ>QNf=aI@7s1<l3fX2ooT9vswFw@&*}nw@0ME+r3Gt_ASZ@xaVml8TSBI4MKUg
z3PPE4S>v7OjL)5Lu&g(zWqc>48can-dx>EW*pO<w;hvIaG(Z=#9tt97%m`m>zg*7&
zEO!msld$bhYPpe2tw!eom%nV!V!N`pWQ;Nc&N1{y`FnvgBhnFotgieWJgl@Ip#-Q_
z_eY%HIYGvE7f+XV>ce_ZBu@RIZ@1K*gGJr@Up&Hx4dfklfai23BTm+ea;OSvUVcu<
zbsHXDK<ClUf7$`KiRrW7&-sp_BoS;Fa$Ui@(-1;kUK=hMRhMnvh2!i-LM~UPX{$I|
zHTP9(qyXFpyconpnfDz+x%+x$*GYB6r=6_2O_Ql(`j8y88sz%2Ys@=bQ%Q>$)RZcF
zt53AA2;loxWQ#sEY_pt<g#%zWHznHEBY<K@+T6EYcLhMPG79<b)nFsk_?odbfDp~i
z1)XvIC3}R)cc}`j<<SWCZwR5xOfZ}@6KC4uSIhwCb>T2X>jPp%%NR~{rUt@+1xNsR
zWA9VaM@w53NGbF=zfOm@Yda)G@lXL$u(x?TNQPX9VJ5wJt%V6-_~U)-YHd^f6>gm@
z@dov@{;y8U;RI(No|d&?eg~!uzjS{f7Do#c5l(+CI(a0@3QtWy;*TN6RvmSp#pae-
zDagyOJUSgv(N(yz{)9TNOB<hKp*s{ai-O_Cb5%fnO(<!#`)u{+U3-W~B-*Q)v1EY>
zjO9qn?nkXhbGs>ch{7O0@|v%ohpMKD?ph?DngWAvcd(p*ZnPCF^EY9si$@=p3cH;F
zqPO}O&VU%XGle^cKFeODx6Q9p%$w)VgBZ|pR|f=&Y&_XMF#XRe%O-kAONdVx(DRAh
zvXwmC`R$e|HB9T335GLu>PQf-qNtK54@x+(h%4UA1gQ4#sP?~>as2~=(D7dXJ2T2E
z&RnOb0MT`OD)>`786*#6mh@Y#Fd+S?3Nj-sn2q!bz}p^aGa{Wlk6OJxMICfdw?mD5
zD1(fCMcDHwt4#N^V^$5(Qbjg!<}vdCOpE2{(seA4BjV7xkAXAhiB|Xd&J%#>hhCJt
zNdLR^6Txt%W{VY-w`<RFf8AbD!L$mV%~$7WS<Omi|0uNPh*F&KNo}n0IrOm+8)q|G
z#;}0f3=wU;nCXbYGdpv`*>AtT<W!Ar&mJQ$+q!n3o*f$>PoNvB7|~t@Jzm~Ejx$2v
zZtJ;rEV+NUcMqV^kO<VMEkmLq9^9StdA8Cw?y<2|1d!0@(PY7$($WOTF?l5K+mO(7
zxE$D!yxn=34obN@QJxhdo4=A-uO@{h(|Np6k@J1jCDui<0G9D0^SL4hD7HLy`xW~Q
zjbm?8)u*y@jPhdg(;yHpPK>kxow3fyHH}ky2rlG*Hd|Mhj0x2IVg{gWk_T8OqCq(m
z1feBKrwo7$+_wuL#O4lH$B&E+FV;c<r9JB2CN6wqPag0qk|1YcMH^K{DwxF=5PuB%
zvb`E0$$eXYRF7>3>44!Z*9=Mw7#E&S?-sp>da3E=s+}fbaw-jI;5&L8i7mnMwfu_a
z+A>8DHz+LHP|NzdLMPmDD@zx3IDBBHQ>CFO&}FwiJi6<wMGM2|>zznK!%RI9$-TYq
zl-I<VL%s6Yttg2-=Bq?;?wsJH`>1o%un~wi15=jAxA)kfd#>S@A=4s=%T2(BLRCvm
z%U(o#qRB(Rxt7$lC%GJ&TfI*JCBor{K*-FV{Su>pclviaEgo_K@Y!XJC*GyUbX4d{
z1aQO?9{2osFYOmPwB|5H;{iyI-5#OGvm=WRPv{Xp@lw>=l1ozs;pr|%y`~nv;{|)U
zcnNhk=SY5u%=aEyvy+Pkh_=<ephS>!B)3S**y!x}b6^NOm-XG!{I=O4O70+MN~@~9
zFEuj$OM80UyN(UeL{9%Zl>G$|<4>qV^=OA4ymR=0JEtek{eTBHS@wu+Y3Lzkm64}3
z#bY~iPS{iSm4}M_tgk1tLE;VwB1DQ$5{(e*)JYPSEiqtTB&2q4K1>{anZeX&kc}Sr
zpTHtX03l{x?US<rC{#6pY43LZBV<OlasG9c44mp(fOMh>{leqj58{)U1X4vevY$aO
zuq7?|3Z3rTIw5YVNA~MSfb&FS_z2df;|B|D_`_{D2wmLRhE5hndp!*9$*Ma7&_#zD
z*v@ajgomsZ2Y{b#Z1Zj-1YoHp3^biv9@nCREr4#&-(f+|TfuJpyYQ;BC4a0Ps47Wx
z$^~R=)esw2zC(ivN6tb0jv+b~SZ`^q05Si=1gk?GT}es?^}FaFnpd3tZ2uhy=(15?
z5B6meRpSU$32cqs|5%<Jh--@SX!5mqd&#SMw0ftsj+@CfEQ-IG1C_o5n%E;$K7(|!
z>3f54w}Wr~8niwp4K0a3MO{%gMwF=mG?rvs04M!4MqT*BP4}&V6jl&`0^cXpQ~&?p
zzftw8EeLZv*%Wb}iQ|8bjnL!$1GTndhE<<mRXNZDnOU60KoC4pg9`q5;EHdjh{Ngw
z>2Bsdv#)bHfFyiX6uA#YwubPj<D3mAlrR6TECi(&g+94Uum9A92R{rr@86$k`t%z0
zihz6lZ>$a&5ESV<FPj>5GAkln{4SkP-*U@z`yRNe)^W}iw0l^uK6wncF;(cWL-$ie
zu37igc%pXf4g~V0Tf!nZ53~#cfsZ>tiSFC<ztuu|1G2P7?xbLRq7ToefBtHS_>qK(
zx#o>iPbVG!#*v>gl82rMka3dVb#4ecY;RUmVX{X|79+;bV*wCja=>zHgB2j*@Cehv
zZ;myaZV&4rz?+l`W;-&&4B#6|_axQBFpowxnPbDQH$FY>-Pmv{S}578r4jwwKfbx?
z<aAqA=nIdE{?tHO&Qjs`a{<?3M0+vAd8jlYqGjWxR>G=4u|S4%VW%OQqJ#oS+ipww
zmLb!nzvEp@>t58@td>toUT!(dpalPSH-6~uvBx->@{iATYm{_@*G)rbW4mo4YxA!>
zRVY*E_`jX-M`SH3V9cA@$NI4X_z?eUCkB|OHtlwkuL)r-dg8$bdHxi{0pA@IlGrz|
z5{M5t!=oNE7dr9xva!Q$al;QVJsbZBV3B#Dgn54DHB=k{n1`HH??Y;L&<>a*#}C~|
zg_iBSV%CIW-){Y~ClfZa(V(&YIQqUV?%Vau)I8>V-7Tu};GU1|zm|`BdV(jdh%2h^
z@q9WTeYwjgAx5DeR;n9Z#D@-Ff#Pg0ow+-V4(gnhZ%EHFc!C&|qvMcYSxJP|Cv}N@
z14HGOv1Hmc!@n})E0td7r|Qn{NX_*Fcki%$(q8po(SOG)SXt>^nGWt3ml{-fTr>9I
zNp*@b?(<_~w4WEvIg<z9$Ee-`46cJ%fc({+Nfy~{T7>U{lSYML-=7TWlENs~v?Osj
z!Jm~;J<GI+1QvF5_@@2x+H-)L%2g8>Zp$(RQ?%d0wy?p-0Epu&?d%GHC_U<2fXgiq
zalF_mR<QOH6<U1g;YcqL!j@nAV3{4DJijNR=<7;5Lxf<-u5Mohs}gu@Q7Igom{|dR
zBo^}zb~6Ry$N5Rag~HoCJFRCSSrB{(n~IveQZ2d)>~&y;d>bt+DF#GcPjc`jvDP*f
z0G^%kT{3d6dV5-Cp>{l!K*xpK3tQmt*w;X(owD@<i3%8ZUz-%dAL<1@l{Qb_v)6dl
z{o_~p775NfW1;$InK<=Q9~2@|Buj)TbMH(M>+B9OU*CMxdm-m&Nuj!_jaHWH!qbF5
z?XkA{f@WEHk1MprpzEwcaIa^~Sm<Y9Hc<AC+z5A~JNowAb4Ctv|7~_Bn`3Dt>>deT
z6$~<iC$!s&`o`N<s{|qZ0rkQCXWzeAE1gAm=2iK)j={=fa7D;i{3W~?m-ipXKc(=f
zO=u)Njf9cC3PN46U!bUP+$i^{Fu4^*_H?=_#reeq{Hy@)u$cs|P0btHlRo+BOy$9N
z;TE=WPjTAM-il8z7?+KO0&~~V{1)6vrb2V&$>V@c*5M21$+5W*dMOdpdLF&2*xW=?
zop-Hro=<v_5r-W8)hZ#}^>n1?y)dCC;R_UEwkb)l4~((IqPF!UKqrIC{o;hSlp)Gt
zdc3M-uSbX6Tl1;b=X+mRGGbsI6pkuebu14WU>&(vbRUt=+(l7;1qt_pKL3&16Mi!u
zig!7}fbxYC!X?G}d<fnbr)$LwRb>QY@Er$*YlTN$5d%921)*+2$R{&)y~TV){17HE
zhS>kBAMag=um*rJ{UN_wrR@;Q_IEv)FEmx!R@pGT1W~*7tQn4x3oPK_Oe(LXJKe<b
z)k%=~zhfiVb+~|2GHA;-s8&?U;3x7S36~6M=9<yy^_0I`l6zra2X0UuL$wC30?M~r
zYgL?g_eQc>{fwEQDySyf4y<`}Jnao+HtKuK32j7h(J>`NQ1~^fH`N*qWtSilX^kz3
zBVNk^y3?O0_(#JCc9q+wB=Z9Wb!!$CUh7gqB`udZkb2&M$*{VgT0cIuZ}QR0PK-3p
zfB2xpX~s9_>UHCU`$XPgoV>a`|4q~0Po)Z`XJ!Vq^%%QP|L6^&%os$D{@6D?Sl2si
zF;1qTs(N*HaycC_W=l4e#FzXbl#_1h>Wi+$thau8XcNTv1Go0gg3J^ZZ?c!_M}3Zo
zx-y%Ix}SV#H)~hVi0T_H<+T5_2vhO<q#`q6Y*W#ky23jgYmLsHc*bq_6-DtMlqhgL
z3U_+UZt|hGSpC@twTP=d;D^QS@iW%w?S;3cl&1-w3PJe(u^6pYM!mnaR7Hgr6?Z<U
zZaS80`%z_7Y4cR#EQwp3>mZB(-8>ASiwN7oo*}lDVnuxiYkab+j>Ij}l!4?>n#%Yt
zpbb_Qj%s-(LItGn<^b1tzghRK-*K+UXTix&aiX=4on7+>N0ee86~FcJ53nXTP-9;H
zVofH6bFo&X*FffoEvYQc45hjlI3>Fqa{H}~_#|PI3Py$mDogJ~ma7t#YZ+<L%EH#z
zv0j#rc!rWe@XFR|<C<|mhM^8|K(lY@0T^Ze_4Bh#J9Tg@-B>K+8-B3Wl9impzmD1r
zAT4mYq+VOM=|n71#LfNgWX70=eeJoCMV;m8VW>KN_WlrdT_H$|f>!sk$>_4}UAC)K
zJL<Nyd^p|5>_08d5X$C3RFn2d1Qk9CFD!0&ze7tUN+tLcb-D=q55PzMWYV48L5v|y
zxHSii{G<knT&avg9B#ZM(Awb24ylR|d@c7f?Aez|7*#54*5MYjP&3c;86rv(;aq(O
z)-TlM5rHbRL+ebC!JOm8N!0u-B>Zz_NJQe(#~OGkUk!9B1%cia#;yM$yvI&?J{1J*
z7yeX$G1yE0--iB=U&LB*(=7fShc+m>Bg=13J*fwF*hk$%1y~lz(ng%3KEABiBQgh`
ziUclCK9fN;IDPRMhXI#)MN(lAVmTVDJ;*0;jj>!cp6S-iEutbpAQ&<9vk3dbf98cF
zfD+Yg277p{KU%n?%q*)xo+_;M?3G>f?%r0OgCAnEV;CCN!vc?dulA0;_Cfh8sc$SX
z1Di0D_fJ2@Hk(e3eaTBtLtO{Hse}0w6E05T_T<I$nK~1OSG6^mgFHWzM}X<Cn;yx)
zl%kptBln<78}T&nBjlJ9$hDqrQzq5(cMnU>fkkCs5*u~bhoXFSuhOTRo`2}o!cUfp
zq%?l95^K;|;!~C*fU0>r%30k5wa;!!@-ETLd$K1e+yTZ)w|h-FZFkwWXdizSBlJCc
z)+6}+I*V|8_b%dpz5YV-?bi#uetQ1qYH#HRJdglkw6IkRGR#cx<Lj@u9~gg$AM}wj
z*G_R1;yOfAxFD(%^^aTgrM7~HE5cbf1j{NjqzIqT0z4m<T4VvMIZz*Dmiuw1ZOn}A
z<&fnGR}Zz%CDCSVdIHyd!Q&0pl7v4M#?;i{HoE@$zW`7`ufMO1?g^DEJ#2ORXEAo{
zDX!xVv$h$XnFHn}woVww&{#SEK+bV5XfYTz!zP9{LZM+SX~h9IqIj&B0sEKHg5M0V
zkxpoP?cw4Jcc976_k!O3HZ8GykmCp-2CqhF+N{QoTyX_=(1Ro=N-|*6TAmL#!?-<U
zB^Mi8MCF4zRQz^#n7bupy`bsC(Fwm0k|=oN_XK98xSTt1N6E(|1C9eXXOk0}Hpj4W
z-EECuXqgX&%j2(|Q$isFZj(v@F@yJ@X|p;HGsQLBK{GVWfJuT|QZRUmvP44M3%`!G
z3&jQ9fg#G`uVEE53lkdJFD|7`TeYSODPn&ym0Km?Q1RQ{VeWP~)%L}5gniKN4V3EN
zgjd!EpAk_ee&JPU+zBfp7K(GFe89>JgnuKuu_IAj#2uKEMP7Low3v)*MZqvCe57YV
zH~hj#77W*-{evU}=5%sKi@huYCf-hJg{IAF>=-C6;0~IhcpNie*N#e9`fsk9p<4^I
zk&R`xeePO*?08(O_+j@2VE0<uYxg(<cI@c?(a7xCg~}_0?mbqNDz4xT`k?2J<2hhn
zU-L({p<@OZ06L+3cphiK;$F@fIkW=MtV)L26AXf870Q9)0`8zWs|?uW@g<A{W%L5D
z&ogt#(Y(1`aTJbK${qAU@i5PTwfjfZ5)`-e%2l<uR6rE|+1e1*jpe0^9lrqVZkzYX
z9a_kMS!AmNvdSo9*5p5z4S&ewEX)*Fa|gcYd?zf~4dbwmk3st##j7j}fcT;iSDUdz
zx#9xupgpS$n6st{+&#go(X=_=MlBWBa|f0v|D3Ld6cEp$9Z))7pyGugQISm}FE|(u
zRJ^`U*D99X7XU9q+rdp~20ZR^NG(A<TVv48Y&U<ZUpa;aJ5hsGb?mrQvEvtj-EB!#
zbD9Cu5y2cS4r||bGg;OZO`A_ppK|vUmv9HxDD02sfO%lz$}>z2Dw^a{LI#_-$?SC7
z2vj9^(3n9Lv}lj;&EB~vsSU$WbZ5^0|8obXX;~3DG9hr4+%wLSgraIKll4QEx<Wjq
z%~l9UhCV0#x>0{M78Pgu!t#UJeZbrf2kboqidG}j4Lf9M!*a9@_04-Vrd<V?Bgu_j
z+y~50pTJ5NFY6W;4rTV#z?=)STX}-D9=on7ACxU=To>1*0$h$RudD&nX!K;#ojd66
zI~svEQ+9;avo<b)+ZqdqGd&@m<!iu>rFIVJwID^*3hz7bfsJHL4Z`d8K46^X<0J^%
zi>7*;vH=l&au7~ajpxPnr~q>`jNTfLfNAJbaa~w78Op<7vN&xxDpn8Dq|@Av9^EQR
zSv#2(*QWx^N1(h0Otzq7cLLS&0Pznkss>xdK7U=xqzRF0f^XHhV+FVzUGmvuGB0R%
z*g8V*UA5c}uXD6!b>xS%3klgh_Qrv3QUT^@7+XEt2b|L|+Rb$!-k{|??p;Uc1a88F
zVGuMW;Uv*`UR;+7FrR~|HDJ~r+8&~u0SU9Q98L5!75k7lu}fQ&r02J{qtT`U%=ZW*
z;H+`r?ZMKJn1Ws#5SL%WJw9nzj;?(tM(=%HoH+sEQO4XFFsWF_C{iq?rz2ASOoe^|
zc3#meb?4uB0}VqyC__1+@9X09D!}E~QeOd1*MRfS($3505}c$P-bhtbZ+57yfin0d
zh#Kz{Cs_gJ!;oC&UeNqM@jCE1P_h=w(M@r4hp`h9-R#MGTOe-Gra&?RCZ1u3dR+*w
zD<(tVaID|K{XH>QPUs%X3~6zuIi#V`vNhoDUnuivWnq^l;tiCvGy8_W5tO2_k+!xx
zl@U9{$yI<k95#$hnh&@F4p1ajs=Evkah>~Nm@R|`sT8kVsvBVAg<8{N?m738IJpXN
zIld%N$_Jcv<-Do9HAu$eAlIeQ%=y*e_f_+0TDCP~TAZ`Gn*T7n1{^;_$1SB7g4=Pz
zX<Yp15{AJ&{+-g%YF-&OdmuaEb`0|YyTP0Teq9Kz0jJxS7jVv5UHJV<yvRQwVaM2G
zjf&+O&x@0+0P_Jz?abCb;PjJ@nlBH@H5wiup}8ck+a5)nkFN)iC;6W#X<Qd4TLI>C
zklq=`g08nGG#q+dD49$pg4wiNEZ^7JWzC2c3!;==a(_?*ekR4KefwNAQeAH515N^1
zx=$wx=^SnZp{WbD-nZYME~GbO(?T>O7ll1=LF3)xoZ;(w3?I311nfVk=YmGrSa{S6
zyF%;2z#O#jL*oCLpg40D$opiYe83C^;^;)`AnO1#ZZFPX-VqX0q2(7m8N;4%wMU#c
zkX#Ci7N)!gjLf&lBo=Dd8z*1hz^$zT%!Qxe`I7ILm8r<&r2k@GoYUA`3BpNn4LA>I
zsN_-MLeYPCoRRQL+VaxuIc{kJWzBw!+93)Np=M@{d3p`-4sqBK>xAWpTK_Fy1I9bb
z8$l%@G)fcD58xKo5e9FdJlx9_R}g0|1Gi%|0%ki-K3)Nqfp{$(num=y>@V5~?mt?r
z<ue|tM=0H#7w4o5SD^mjiX&i0TQkSQgfoli9u`BqJ}MXV5sFjSiS;>VO5*fp0n7);
zTS#mTaRi*TADm%Y7Lu<!YwbYc33!Lv-&h2LXkHkmx040qHrW!F=AvPrIK{aE^M}2&
z(UB8|fpDeo{olF0N>o?xI*hp`I54BIW#LHE+Lz#;j6VegH%R<5=YrM~ZZWY-mymxZ
z8CuZs>}9i<537627FhPAcYO+{z^*HUk8DD50_)9MB?Fo)3wn%R#KOi4`g<w}XL)Mu
zV*9Ed2ZB@xB5kjR+i`5$B~o`zHZ%$`;GWrw#s^pA4%tnlUvbjG`e0AEOpPY!e<y{j
zN_W=cXM-%7p~rxE)!&xI?H&wrF6baXI#MfVmD}Q}HLU@t8MrLO4#UVou4^BCvd)ZI
zU~JqF?j#m4dH)M+H+T?OhI;pFMA1iybL`hdhylk-oDnyjy9G|xXRW*BVXw@$0^wX>
zN)uziB+udsTTLSVsU9dZ-Gq@MSW$`*Y(49#b43tV?g=uDARNWy1--k*l|kKl{ATR!
z12%L1;$R6P0Dg5R^EZY{l$_JV0WF1q>tn5VhxPa&i1OECz{IC9MP)k>1RX;D?WDx}
zbCO&1N*gow{`=QXq+^&oL+X#A)LmPWPNR;o4}?LQ3k3_9c!33eo1TIiJxV(xnB=+(
z$aDtZj=lFNWaE+va;0g>Un}$@L9!2+y+`6w?`-Hk;QM(82EeE)WTSg~3&%U!0O6_t
z=4W3a?i|>FngWj2T^9ddBt6_XK?kYCfN?@W!&U%Sabd~oM0yLWS&yczO!|VxEP;+=
z!1+x+8*j$*=ABy<qsSUZRt+g?Ds~dKMVM)#0Gd0Y8Qq9qX)<tQOz<)k5*_Ca(j_z>
zu^t4rFZ%X~x`Ln<f(4w0dYsdDF%TkW2s6ZKP!(~ZT8c)#Bq2RERjRRfF6=G3o=q<E
zT=4BYTEOwXkh)4MVx=bosf^J4P%7Jzj23S?x+f4BwdR9xjFFcbizG8R0n1?Eh~9u6
z18!hN85x=<5@(bJ`p<jjY5~UHWDW#2m=p@3MBa=r9^KN#2FfE)Ea8z`z>2DNs4eDJ
zWFyU0V|uAXnWl~G-(^K>plgVWG<w3;i9_e;`vq~xADgZ{ZQi6wRS4s?JO)hmTvXJK
z%>K^-{~wGNvxZjVJO4BG+4Tg~Fb2s}^JPfMzfvwWArf@pLN+%B`By>WDHE2&(uPTj
zT7v8fvsbe`(njHVFT)+d4}O4aGw~6Is2LupE9pX&p^OjBxa=tg!2)*vz!PwRS**`e
zbckIWWhM^#GD5viIi{v%@o9a3pea?2e_+gnCC!%C*A+AJ|NIt`$nu^8h@Yfm$C`E_
zs8dhm?(3F|5y76V=obprjOWc8gY5%3XStpQJx(Doqs!!$^WQOiYi9!g&e^=Y*0rgv
zzI&(co8=r?hT)&#veEg!$lh6;iM4PGl9t{s$+DnR>m|SB6s#8D&(YFZ!PZ9OMo-sr
zAfyq{a+@NUEj?<HU1@tke44aJ90PtNcu^g;k2DL~xCaP-PA4!!h@xd<cF3$HDBnl?
z;h9p_f+PC4X%+4^u7oby%mNlw6^Ak!g0G{=9GAGlOD~PrTkpoN0;`51v-zTo)YLj}
z28aJgcy+^@SLV(@a0L^;<yp{33PKOEr3ZqYa2$f{PX+O8JTT<xAJdOdfLMwYLD|TK
zHmL$IA5SJc$nM5ov>d-#E{9xRNON(tfJYspD=1Em=}?C7FA!$N=_91>-*g4HwkpS=
zmG9gsBiAvGjgioSMwO6H%+~4k+d;n&5))Sb%8K167Xs}%jU>WX6SOH_p#yEdG4x=>
zFYWTLj=GSK_k$zA4+bLxgL(|u<rzAHBGWuG<-_*DSwTnatD6b*pF!${xs))B`X(O2
z40o{NHth((jE{1(>OkKI%=p&`ufmss!?I_RymBRFm?h(~)BO-@V3dfbIP^Y$eIc-F
z)$QD4gHxpM2zIxckZYpO1wB?kr>V{b+lOF{(2z=ss%^CaPgWO!^hQT_7~Ao)@`nu7
z5KXN~BfvI-ZwlfWsZQk<aIRr_)`cmtF5z7fY{r=tB!z9rGH@1FhbC7S`e}&b<m4D?
z#zVaW$^69?U2oC`K)9JPVJ(;BV{D)U_m#MIlJY^1yS0a<ArP%ggqkrEFy_}hg_Yy-
z)QsQko!gG&APhtw&j0`ON-ITLp*1N3CL~>@OshM$nQ0urE>kuNfjlA8wV=arv<>SZ
z(BmP{c#A5iaT0<vy~g}3^d~<EDNfr!OyZJH+a{PXD%lPH0<*uLLStM=o(Me-SXf0I
z+NalyR6|b!rg_I!hnS&I4Bc~_@b?_ZsVSp0d_6co#N#jc|0nFLd=p3p6m!5jb9mwc
zzfWVTQ`j%<h;o0C*}#s&X<+aKgyNa|7U>a4eKjC(Ojf!d7Q}inNb$8u9Izg=bb`z?
z*;j;Z6vw0~Z7q4cL^bNT_qLtwFgsn^hk4lwCbuckbf#y+^gbdGcDVO^%{DYAl{jF*
zirTn}9g}AuthZ1tVUt{v8c!#@23y&F$V?Yuj?<nBA!JtVv24{mJ$vU!H85iuMAoJ9
zW;7nK@~p)-b8_?+%;#&Ohz#VR$6e@*telX;ZAhI6!@8-pAj@2ka&LtL2&9Y`xW5`?
z7+`|)1P(adW%qYG(3k1tm?^4TjDfSyNaiud8VkjiE9Y0_pPw|@lOLrys4%ioV{ilq
zP^ux(TpP2CSX8YPdMVZG{UMJw<7XiUp|NXRgqR&b9BU5i6o^bKuga!=%GUtq`f>01
zGBDa&bUa|jnLaG)vUZ!-yG1?B{MH!dt)s)8-{FkEGt7=)_M@mranr`EX~t0+3@t%H
zk2~@I15RW8)RwFRqGUk}q+Vosp1cVtXSU*@^>IR#IrakACwvZM&*XZ^+^-}EO}=EY
zbR-5zCY_U_1;&Vd5gS|_&Wkx<q?A9Gt$7A?r|qPNyQ=o0zYG0xth#mzSa?3W`wIkR
zKNJ}v7L+1u_dDP4bGUbU=y<?fZ*ZQ~PUtgvjR<A8dJ4lAAjVSgQlxscMx{HKJg!I1
z@+(L&fkF*NoaX;A(9fyYvY_*J>e<{QAfE}n*VpLhme6yEEdhN3I@5O~ejqqp?g}#;
z+hJk6T-M;ie$7k4aDyRcK@<Nvnh!zQOXm{o;QE;?Oiqyw5zBlPqF&wUDjQVSnDY$t
zJpYsd20argxkoyZ8VH5Gl3G|UO8By^Y3r!WGs4VL$bwdZ^RNmKrc~0IK%=hTS>0a9
zet;e(Z;!e#=7S)YigiwX%=kC9c{F6kOlGKWtnc<Kpn22dfVnAlgiU21^t3p}!qw}6
za9_?Tl4uMv!1?Z=zJ<viLpYlywSg_0@I?f{If(++IbbF@6Kq*4K>n-ec_yA%PFK$>
z^StkAAg$XW<ex+mSwrDy$n0&=zdM{V^KB@CYC;yY=16lyfa&MJ^^#I%LDKL(XaY}M
z(i%sh*MHX(Fu*ZbT#JwUTM;<%F^C@)QrWQ1iGDi>LO{*l4$Bd9z=F@AvKy9kDaeRH
zV%T&Bm6g&vasLw=D5|Mp;h-H`T8n}-$)S(#1u2WDv@W?}kbV?WT59Y}taohsGZNXP
zPz_0pvhcijWCTua@To{EI?9TdcF^PKj_|>M69l`2QZPrQUy*nU7*%)`N8dBP5o0Y#
ziYgF!!1+~ySOaSVh}>T?LU=qecrl*TKu`J&XF=Bikpb@K-=o~3J$jyG*IX_c{p9N-
zWMYkprz4rRgT?_fzv39%(iRZ58p3R?mb_hf3ifz+0Nt6Jp8%~Ned6$OFd<M}7u2$3
z%>5^pI)4pF>?XMmnAn2CKHZbIA}}t+lW!AN{+)#9a7!j~Rub5cfrZgFgvx0JKC$MQ
zr*gVwpffZVI3-wbB$ab#=drB^EP>cHaZSRNo9+s#hQZDIC23;J)n!0mWoN;)DvQe#
z@<qin@^)AsUF3S9SdAJR_EB5ZO1i)<%>^0<+}_M0rZNgyxsyFaMmt=6+{VR_iV$}f
z`dOq*mNj|-6$?0$D>Lc!&bPEU_Ikg7AeyInz_C9SyorD<sUR3g;v=`-G8IFZ&WK2S
z9j3=Nf@x|*2R#dB2?-nz$@-wrXa(!jmeU)H!0a{pI$#-?vnT=zE0@0m@|{+8$&9bl
zaJi&?;Ce~wbjVk*O|O!`(H6%~#AGpqKc5>tb92CN0@u$>kVNNzk>Y}QR#ynR$Krrt
zVe`Z$$cWMwigts0s9G>f`?6@-$HFBSOcj_To4$bj_1YDF3Aldr6jX$J$sBNOXVxgH
z+7wfuz|!PR5TVvnRCAL@Y-I)8B%4HLL=mb)t8F?dIHjli4foqf>g?@bfi3%(O*aH0
z6VG$NElDUFCnkYwifyo9aS+?r1NZzR;t-#yv&VqGN{F!A(Raj0spCQzHYbEJlk5X=
z0bBQbK-TiO;ehj!ytq(JF_6zdiqqCr8KV7IBwLDu&(DEriUQq8=7BgR%_lA}T5|%Y
zWxW;187&AFCUd}O0cdPPg&=78a15?TEGI-{iF#3ErRI^BA}t0I$vK_TCpvvB^Lx?C
z!_n*{^?0G2BQi1ArvI>aM$2)7Fcj^~`Tu|J^dS#rB7B6vOES9Sq+NTBw?zv`S6tnN
zaexz^2ck~b-~s20?DX#7b3l5#1GujX5SQ(F+Ff`9C<fSzM&qe7if)N+sBV;`1aFXK
zf@xE}5iF0^z8X?o^-^R}1ja=t5oC`*YL~p~5YcOb)amSJoUakF!+MQNp%bxom|QLA
z*iTd5px5%RL<ok>1Q3<=U{@u){cvkVzsgKiL!w!V9|G(pPCb{SPBP=kF2i*Oh&8=^
zGdfd%{a*mAN*k8f^LhJXNidwE2iHqMa8B9^It$u!er+GG0<{(P{U|N+EokNWx#Vt-
zQ)j_h!yz_k8_d@4MR8_=!$k(4sEONkVb|+X6#rHnu&=brJTS$drZWmK5{<|eIQ}7Q
z)Neo!zxc=W;B*>f=0f815^}l5r~8#74KbNjb<QEJe|0~23RWPU<GBY+@5=l*h&wnw
z>xG}A*LBTZQc6F&vTEs(OTe<aqPD<JF=&o|cQBK@c90Pp6PWw9ER->%N7Wla%Ayhb
zfW`BIFk$?DIyokF2p5(!X~*b}ngSby_C7RoOQbWgYDXPW2j!OYr1OuAYf5D0!D>=E
z>;-vCbi1_J+ZBf(gVXg9c;bNRA|H3*$v5Uh9pU};_{^N~Z9d~gut_z`+XOCerS3@+
zzAo>dV$<_!Nvzw!x9p1_84(^ZYi7xxj+a#7<Fp6{BAxoA;I;QSSK_Nzdq)vZh=hU!
zqi6a0>Zv|=A#EN#AM@NC<E2i>x(nMEgald8!`*1Yjvfoo^|haD2%BQNQa5ux8kyOH
ztOXZ`=z7(+yVwg`<?cv~QoNweOa7~cJ{fOCYE%6MV0HnYp5i%RA4jA!R!@SwUh*j!
zDP~s?ysib0TbWynyb7u}lDvp)L-`W~Er}ZazN}^pGF%MO(mM(3dYAxoUJF_olNW$#
zC9H+R=K`~{%so2GBTtg8_+Z3s(8VuL%3pC#Ue<<U8O>_`>B-m}!yiklR-VqV$z`V{
zv2HjPRE;q7aqIyTwM7?_J^~@?Db&Ep^#R(ot`~Me?5cBU-}g8I(wC?M$Ndlp_2W0a
z_)P>JIyygs?+4(f?|uldHRZgG&pF_+F{CrzM8^hDI!TyZMZoseKVxh-Mr_{lx_m1%
zO$)PaXMj(eGkaO!*y8<SP}s9>%+$Q@0>Hlvq$G}*aKQcnZ8-nq0$y&tEeh=()~cts
zyj_E2Nz}T7O0hnY7zN#A9bcqC`N%S_v|Zl>0)tZV53L353Euca(fUM3dfn%#pNJ|;
zp?Q3PH=bNsdfF|ZQYrzts3PAHqoar)HITs%%r;vO{Jmc5IaU&BjmnRMW7{fu@PHBN
z5;M@bG1(*BEi?}>qb6(rvQoLuT=n3A^PtnP7LWO;jv#QwY?p1t_vkilI4WfzyaEEl
z@2UISS%w!KVS*^G7!Ki=Bj$jI##{L6$AGcNV?K*Ik%01cndiI4S}sx(rd43-Smx2O
zV@}PL!%zFDT&fsxW9a`azgnT?&3_9BY;ic9<A60uLT}Lgha04PDx;VON%49L&yGBa
zHm<!OH_jmMqGXbkH`gJqQ;IH<F;{K7w0m<cYD`9+1J)%1y0X@hP8NB=JGB)&P|qf@
z39_x|71**Gb!}4bX{Mh_HVRGApw8@(HdJ<h2|f*!Pw8iC0uNXTxzX<L5g?L9WW_=f
z(;DSz+Bd>>#+Y^xDj+CumZwH>Ps#^8vSm0$3#sHTa%tblw6+oSKF-?^(+{y&8G(ID
z4p`WW_{^O-kUnPcR}o@EL0*?r+wnS)1Wfdl&=`JFL1^04^r0X-fWRJ^y@R|UV|X89
zt3I%ct<*JlYj{XhMZ|pMbKAaOIy@)ghh>}=G#v(f6@Cby;(mD4y<mJRo}Q-N-_5|y
z2M6^yYN~2`#m$kso=<cFoz!|gF!AB>m9K^*NW6%-p{cvGliNErA=zD~3)8Nggu5{C
zR<OiJ68?@&kNkcfakI`#=Ib{?cf7QG^j`uZ%We<oauB}4T8rHWoKLHwQ?bfGIDRB6
z-m`u4i7+tV3R0-LMWIgtkyEveu1EWTEa&f2`;h(&4|SKQEw5W}@bf@ezg-;qENIew
zP0zO*L8xNJ`s#-7X<!n~G5>pfiSb9+x{Ss2uvBJqPt*nArJXclP8aqZa=G~pRVdGv
zU~x%Dp)UYmKdFcf(lsFBfWs$NMt?dH%d`F!u$3H*bz$^V*~S8U(yr~y9rIM^QWBQm
zuEwNfG;x=PX2VXYz`EuuCm0~wz;8%V44mBHZ%GfBJ^MrGMcfJ~h0|CMUr<%SqSD*F
z-{^G|_<O(4h-30x<W$*+jFr6eDYg_lSumbtW$2`bYf#k>AOA!tVG-DLEHc>f!7{ve
zNh(<dPbMo+OPFHv?<5$XB2K)GZ4-D7wh{M}kp$pz-sYXPENcW>Nnn#wt&BGCw@|Ej
zN?8dj-!Sc)7?k516as2nv~tPbq*!3oqg#jkByYM`h>SwmOaqmZP~2kA+U|t$1kLpR
z5X^guxw;x6P#AE)3~dONLE#6{CRR^dQ72iK(#aEf$kx~~6Ljv?0T9a^;#(<si%4Q*
zKA{nYe5r~j*pJP^x`p_A+oD*X2F^T`m7zRfd%HIXMsw`^fh6ybKTY0Wi505i1hIGx
zNNKHQ#?sL)yI$Mk;YA_P^#$VcnI7}DskcW=py9oD6-&yCXLk<PU-r%@xosE*q95=6
zcW%Eq1^vLK9JR%c+DWCzP9vBEu)yLiN5aaPi|n<aDetXMF{LsAf=*am9?kDz`7@(V
zeAjzy79lg;Z)YG+AyZKbwbr!gdG#PrepaW+f1k$`Gs6IX6Fx=Z4S|RQ#+w(D7YyJc
zSlU@yTvM3`u{vNCC((}&7?&?$JCconOhHnTZ1x(b8!7wnpKhh=dKb$d@na5e_oL86
z8|$B9l`gH;D`Bzy`51MgOCV6)6QA<{`pJ_KS0jrXAl{FC)64TtfGa#i*(P^-Bw0$f
z3I2D*q*2E3UjlAd7h@t|e0!jOPbN)x2rfsY-j8FqvC|x7>M08J02-zg`Vx@42sQ`C
zRzwj=sS<f;^*>RDOVF<;K;tr#gnk21)~EaV>ONq6qdKQ0KujIMdRPjMR*ZnK9>FSD
z5DlBDf#`6bnS}m`wI?x3(cbOGoksk;!uq__YM<-DNAsKw#AfXK=|i`#(N%)RaKN5(
zoSxvTpniNw)e6zfT^~gIyV?7PtN!5h{yqTYr~toXd2m1i<2P0h@?j!vitwnEfid~-
z0wo!)R?-zU2dqIM6T+~-w?I@mS%51F7g)Q)7f8`<Cz(C@E-*Gn5&kCC`H^+7d?`p1
z<!oY{*E&NS_N*`sB`*TkX0G#@14bmF56pm>lJw(UBe=@sr_vdS^R(NKn7ua##%z4T
zl(UPM`gjPIQu~&H(fLo>#4$e&a__0G52T2IgEg1xtLfP^;9!TrR*BLvEyNwcY*{z(
zeZ7$l0Xa5xMs{2-1w`g=(DWK|+oa`CuwI~91ZclU1~9DOGMvi~gLrg0Vk9PO1l+8L
zSWnioMn<q`e+Y@3TZ3C^ctO-pm|ZsdB`e5}Kh)PApM4|x-eRsDL^_a?dsVJ-)AwNp
zS(wF$VZGqvQ6>#*`L~b*CednVoVL^O7vGZYBLdvkoxC-LS?+HVg#;y-2qAzjxZUSQ
zxWjUqS7JHk$XZIfqF>~?+^anae5KC>zCQr<FbH+f0xf9Y;=Y0r(6`7n@JQ6Dc<T9(
zmy7Y|yyVE%JNP1WM;IVPPj&ec&0#dBz{HvUe-&}c&MlpB!0!Me-6DiA#5AOYh+rC&
zVqh*}f0gv9eAi~gNr4LX$MqT?Q{ESVZ@mCn@WJhl0fY}>ft#Q1bx#V+Zu~ToI1wY2
zx;|>b0jtDd9VRn<Y+)@bjZO&+TOe5rnjRKGcJVBdWlEthfD=g+R1Fq72`&5I*^k&2
z(lt@u7(>l2Cs28vskV9x&{5{Pj@CJ2&jE`!Ps%5lQkmii#BtPhvRCsL5l@{?xe8t9
zjS&m_eE69QWSa!N8=_^zg#@_@9L?l7u7sKmL$Llm*8R{?TTgK{N@cGcaA^UiQAQ?<
zCJB88`VJe_iJTfh?!G9MpcVdxi5_wm*b8D2wO~_I!1zvYt`RvbhHRr??}kp9!e5D4
zt;mzcUI~k%79?gVl<<5Jfv#X*avoRyL^IV{qfb>24g5ST{ojulFmHr#1ZCQnW0?$^
z0+u*;#)+UzSIKvQ*yx-hYW)PMrXjT-v%8O3EejaAfI3Nq`yA5_fCvf|(n2t~Qck~H
zZgZGoXO28_aaLG#SaRoWl&Eq+=!PIF`==G@m7p}jzCNLjfH|<aX$Ov1K@a@d=Regn
zh6bXt%k?GRA@%XM0_o9^zBcz31ll^P)Wm9g?lGEG7I{H&1EaS3b>v|o^@P9`Y&c+Q
zUrhw(%h!xrQM(?7E~&~@6+0hH`@xlXVQ|zoT`zA_rLsM|?6#<B_H%@3m)B7=%;qGl
z13GigDf2_ut7R6?r|V#A1xc<1L1+%RzKMPn4>M0%z}6M(p{J}BC;P<TYK!Z|CqUdT
z$^-@;Uf9h4#xd@8Ud7~J%mefOG*)8lIBt9{kqLi)2$W^WbTZA=U27k3F}0z)V@xVK
zBNr4%+B}G>p-`(6WyGuB{9W?W{~oaUPahz1RsEngBy<NJ9Tu9SZhdi&s12V9z<(1&
z1VC}0h=A?;dxvfUmI6h~5J?j@50S~<+HjtOkm}|4A;R&|J3WG0{<$4-lMeg$CgrQ0
z0(*Bsa==7RXUSc7%~9G-N|@(K%>nz-9th`kOyv{sL>MRfbO=qLn?qDNRwiibj5EQ)
zty&Z8zNV{Bs2&hX5g9>(#`R)eus~R;9OR1+ahWW1j-c<%)2?mTvWS4Ch2<_aQ%fMC
zTxBh7!=WaDS<Z<PQn|O&sQBbO7ta*=b*HV-l__RJD|i>t8!i1xZqokd0#{oV@)e!2
z@bnPBan}dO5yi3Z1E!Gxm!dX|B+O0VN=1$dCcZw%I#QvT7~z)qc(B<R5I$u(y1g_c
zKCn5NEh~ZzVfb8bJ+%&B15flW(VPcdo1B+snEI>uF;Z`-{i5@g{>nY~JpRVW5Z8%H
zMycSN;JBy~V@XI|zc%$!n~dBYx!rw^yTYWMzYjSfi(9KE1qbY+nDR%OhNBh`XM*jf
zdn1jt7cJL@Gmicu&u9i|^fnf}g(7loWnf66a~1Gp(VTVMot$(YFtV#D@*uXH4I@3b
zkD3J(5%6jZ;=Q%((d^Qu&dGiBh^B<noN&NC^XG@C6E9QLS7uu3g)TTg24(oC9)*uc
zmYSr)&Tp%1KCJ97abYe4qv#tTTaA6XS0yC{2fTo@1rxP~^B)(>grj`Ws(Chff?rY*
zub3{&{u>#kHF<nqB=FCJgE%w~aq+!(xJ4-^%t)H>vGSUXmES-7qsCSx<Q#ASMyppK
zpc$M9Pdu55d};K)BfAsq)C-s@tN^9~Mge8mTsD2YmL`&R_8o#@v_F$tUj)SBY;$zt
zT&aZBNkY4Ko}D+W2&Kq7X9_$tU3;2@GJal{&j*bn)>Co=KB&X!4xk<aM%&!CBvXE^
zfIoq{3rCCh{c9%o{ENM_+tC_^fhf|s;{9J3t}7glGb#JAu~j6XblVcw@$XD5rFlYs
zArxmdw`&yvQz(|=>7;m&F_vC%W{W)Rt05Cmyfb7YNQjcO(j`W(0>K9XA{Q66-XS!H
z-fi>7MGyK$kPcK&H_cdIAjs3SQ*p8jnwAbYb}+72qCaQm$hD;Y|3z580O(e{N;?AZ
z7N1E%3!!Jwi8l*^G@ZFCOSQLoX>4by7#8fNA6SlE@nd=mUzQwy3|*E$)PThe<6Pmu
z7MZQA-5z51bHwQc?F^9<k)sytryRn|=HYwn`gHc<tkDJn#EzK6pMcBIyj3oYlAk@K
zgM*$M!LNDEhE%(P1PlN(v?;a`#Z;iME&B5&)Wu&BRV3u8SyVM)f)~N-Z6T(FB8g|v
z$dEj*KyC5F{v|#Wj`V9O%r=vG{s0jjdtwBr{6tvJ0kcqOiV;0CLOLLnN=WwVXuiXX
zCn=UTj30({0_|*!lJ%tC-h6%DhX5Q@MW0Q|u~><aGkr#$AI@MhTsN`Qk>z<XRstj}
zrC~nFI1PP25aUC1fqZCZ2g@$IoZ+04-v$#1{1YMhN32wmsF0vm9T7~%y~(6#7}yg`
zQ^OaEvx5Oqo#6w<uKjRIza(t-*Re`vvjz2mWaamkFUR_ryh@Z>3;*AI?!u7cKd0_;
z$nWk}NiQpmMVOO@d&ca(R(zy_=FWTyaThcvbc5R)33Q&ytH$9@YSyeT*t_APAn)s8
zTWYyZt5!!p#9Oa4siu(|NBoZ?$w>Rn($j9PVRBg0H*vA)JbZ|uZ8D-v&j<XtI|03j
zDrs}CODCorX(uFT^w!gC*vy5kH?#~%6CnhXYFT9ge}PY0cpb+#jOGxN#)=VA!7)?7
z|5SM8V(R)b0trh*XpeKU4#N;Jq{CX3J5*=$`qAWO@)vP$XY8CX$+=9ZX=w@C&@->d
z*bGkKg|mUxN@B!l4lXgAuCYXG<AYyXA5DRTC9aFiAye2`CbrPMDLHITW~}0$hf&;T
zI%cY6xuB{@{lYq40a=`KTb##gMmz%5?*lc`-Y?<?jFP`19=4pF!8URvEaYkr+T<JX
zD+Ebm7qU8>{CH+b6p+OY)W{K&o6}0>*T6GW;`6MzD*Nw)q%h>09@X=qqU@m`d{;b@
zeZ7vQ?j!Cb=79SS9-<0dXUOkqC)mig`o2oG`Nk3UOR)WJQJk{PyEI5x>JSOGKm#Mr
z1$P;Fp`xFnVda3-C!`Qg#4uW(AIb7y&r_&~?Se*3Dyzy5SNC2mg?2j6CieXD=+&V%
z3_%UJoKhO9w&Q{Xe<J0I_liY_rC$>Urd{0PviMpazs!A@&*8UxLMN8XxnSmiNgts8
ztHBRcfKti#RfoTOaX0SI1jQ8z<v=5=&Xhlz2~HG+0ZCC(lWozqChL`_+3O@)9YoGa
zIHC01?V-IsCqB^hMFdY@;*qcrWH*IO;1ao9p6cp#GCE`nCf43NKi``oW<sNqJo`j2
z;4Mx_%ur5614IR$WV$eEoE)9bByC#}Es6?M&?8|XzK9YpRuXF73T(=1fo&%T`H0$j
zx`Slchd4LqUvFaG7d)_hmm-BJ!}T5_aEHQi^>%Y2al04O;2%g}d~!e-KTcoPfYGse
zt$~mGP@^f_h3ira?Ey;a<?)y&biH^4SyEH0MSHEmCuEwimdCbDLaL!OOB@?zqBTvx
z76?6m?Qmrq2b1EZ{B+WF-K(dMOuQ!JBH)pig&rPYobFG75qz}ceLnibBFy~nAz7#Y
z@k)a0qW6d$KK+*Kt!}suaA0fDw(yM@+&3q=>(BFyp<6?yEsF@4N-b-vIacv7V^zE{
z6Fw4W7mwPqiR<vKT}%=9#odZ5QHq3hbG0eMDAAwBlY;G0%kRdtJLeJ^+%zv;2QA15
z81Dn~@E=s)?~S~Kh)kFV)W#Q^3IuYA@Q2bj+J*>!71Ja7&a?#XGGwbh_Qo`52kC=+
z`1Yur*&n|U#S0B9{}%`?M-91_wNOXEj#U<6><sc7H-^e|%?7<Mx@}vVT)WgkDuJ^u
zl$^0W=a?A87E3f_alFu=o)9}qu=`z6-pF&<Au8LC2V}P5FBh~T7rzlT;6m}N+uHxa
zxC+4N)o)5&!BM_&C3xhJzxMtxJeOOCw+qC&#R8p03;mLIGUi9n97Z{7mv4@!x1C<B
z;8@3*lnpF0h^)U0iW;y?V)tc;J+@;276@3L?jF6FN<@3l*0cdfsl)dPkXwRWr+m&D
zQ36vlZ|oOn*(yt5jVr-S7v1%`FkKi+KgW^h=X?SPR|8)EaKxPqZ6+61f{Rx+Ca+!y
ze<fwjjV4r?t1`GfcKA|1PbmN3_bOrjFxtaua7NayE4D=(cNe^WadoZkMM+zW^OiYQ
zHDGp8toT!xD?_KXPpXgqDgLX?3I@5s^Ftx5U=O%nl@0>NB0gGEHaPyQ2}c)e+sMDp
z;Ne_sI$c1Qz!&9`FE0I_tEdL-)7ieZ$;B2EX{zdQG&fwz{E(m%Vop-&kf$V`#^<)`
zy<bVHXC|w;p)i?2e^?jqLw0^R%LxZIG?g{*DwFX!Ana_uDq$(j<4;M((66V^?)v8Y
zHqNM8eGUrE<Bau<QN~Jg<#<|`JQc)(euD3*N}=kp?&zhr?|D&N{JD$H7Bwcaj_Z9!
z4u<=#8J6#AJ6|~jP@2}k+BafRdS!_P-EI@eF=TIY;wqbn?3|)qpp`MVoS+Ddr01yn
z0Ftp05qj}PnG!dNaXu@61^OZ!GvFe7_n{)g-}4p+!G<KNB`D9D;UPS|C*(mbr)x(9
zC_}i++w+f12CgT_IUEvzi0IQt_spB;qRh!y;T*Ib3CK0YCF5lt5_}SR!*`;`hJ<Ob
zXA`ODVjR<=7FOGs_0R_86}$?M<j<<tTVKla&!6Pu{8zF_MCS^PagD+_gGTNQ<99U4
zCNOq+jg3v0LE9jtOgNnh!M`o^PA`RsfDP@ne=Wp-65q{)5{xW7g{WH!VUe)=vS-le
zY_qJhNZ(PDg8v_B7jV8AVRT_!D+Gg(_4aEaNY)V7<q{~faW;RkcP`0s!!QtCy!+od
zi<EZ;{lF&uA&GLTlCd?)SP+CyqkFx1+C5}dLP2PbQ$r#I?E0X~xolXb;ta4#wm`6a
zxju&oxdrR)V8jB(V+e}0*06lCrR6g;qQo;`(HQ5Dxu}0Fi<tMpPm7!122iB9c>9ql
zR48bK(+SCa>xS1VtGg)HpQceCPO{_}M|BmSR3n<#dyb7xvtM~2okWpk!Zd^!M7rNm
z5PwF^VT|n4Bf<J6qvhxb{}p?0P7fHH1^NwmZsb#7Fen<|**NC0;;7ljJIxy(vqyr9
ziZp-x4TELEJ?>fITmZv$hn!0I%UAknv1o2-4DeorAdlHQT;cPp$K&J(EWb<?(VM9m
zFhO^`zfN`L+;?)!M3nyfK%B1w(N<C-m&2(~!$U*M?3wiaa^@DyXqDk!FYYPn%?r6E
z%2Ui^B6vw=W?t^97LFm9-_vHo5*7hoxaVPv>&<$jA-PJ9{lXHCGmj=CfX)}H=r;;Y
z|F^|~g8exT>-CbPf@*yLX*@?czKsMt@c)1NmGp2li=d(cj=}A7<l^UwYblgV<rZkT
zQ+M))Rjl#X&Ucc<zmploRSK8&mzTEdC<I`;Dg?xDv?Q;Y0}P{zTLzSy_^A(5LtQKq
zotynUriY`gZ8|&vp;K8_z!YbWmXI0W>PPRCj~ezUn*2#NJbasrZpBFxo#kl;y&e=V
z^Pg-$lb4!)DT48$1WGxJne4B!0A?MO#F6|UkN5oNjj}}S*C~bx%WL<P5By(A5%n94
zsks>*VM;Wd_C^xjYs|JaO2p~STx+{}Xow=%8QuZ$$*p)prp3WfNAd9|?FQiQ*n>xR
zk@W*vv9PNzkJrdx$b_ZNkvG%1Ma5O@`DHl^K2TMslw5v9;0Et89xKaB?*>Lt3(}D0
zWxF6NB@ozo4I*PG7Ty9sLTo}H!DVL$$)7QL#R>}`kMx<aShZ<bS93Q!hrh_AQH^PG
zj#|nWv4p(SLllYwU9R9aS6&fZPmcx;hwTMp&V^V{+MX+UR74!U`Hoh^Q{&u4pV!n$
zC-oM`g!N&RiKro6@_fGsVrRr}f}nmDfYmzbA<7X6$nt|Swm2IPhNYRX5ITfYhK2hV
zE?RVSO-AX!g#_?eriN{V>sg*;n6vP!KR^%1^eQ^q-$VsWgkAP3#aC%G(6}RMpsVsk
zm|)>S)ke-I5HZHN(rZFjM$QX~f>L`m=gdvLH|!P^q8I`P)LqpL@_>keX>@1ZOA})m
z6i)WD3YaORgh0#N43Gn(rnq%dLUz)OjxWWy=)qVRE|2)9EansP`p=8HZ8Y3Z*fx?V
zO!-Tjahi&vo!KI(SX!#b!p=A=MD8^eH|ajR^3h{G112l2(A<>ABeC!l$$9#LyZ8jG
z9DyImXRY^($C^7IbtuvzJ2(mys){*@>7?L8PPy#JDppSt>`vcLuL+sEEJeE_(ohdC
z_A}t(<aDL>xZZEj<Obt@6rvAeXYq^~^(9_8<IBUm=;PZfe-|Q@f;p!%1S??h5L1Vw
z($nM+X-s0u5X<(c-(vs37MyBLlu@RJ<bw7_;Z%&B?qm$s=yN0Y((1R!<&>D?5y2t4
z>)|doBVhs>b~3SA!}V}QVhYuwOEklDXN_i#g}_;mKPnw?%s(IdImg2s_U;K4gM7OV
zb(G<P_6aKONN%G6N2yKY3bnkgi;rQo2|ZLz5JIcRorNTx5KIuvbB?KeWRSimVwW!f
zKui9@eh?JfSr-FW_ZwT6)kGaq>j9I_A{q5a9&<vqADeS6x3e<#@s?5j&FdSX8{!Xx
z<sZmd?#l#`4w6iZ*~K&hXa&=Q5nRY6$luKX`e;7i+<bAH<Te7}AS>XIE9MP>U1yoD
zRuD}GL*Q`QBWZEaW}UmYf+Q^9qodD8M)%}&as^zC>pv_m=;FdOYaV_~Eiv*IlNS80
z@w#%9+d{})GS7r%om@n87wI`Cbc$P2r6oSY*FNPPugPl2__`uM&%%u`z0I4ObZSV%
zlm|1l-GJ08$}<XdDuzF+Grl1FqGIqzdpFfNkBOSQtfuH@b{<I9bfBz&sn_a!(Mox!
zC!yp|!wC$tMxPS{b$B54=62Kd%8CDoOb9io|1H-cu|%Ax{gYMHhj`-9JT+kaWBJ-L
z!)1YaWfZ1v*Qda_kpL@~3>If}d%%4|3dM7?OcDXHy-=YXBad@bjgOuz&~D_>;I=Hd
z`Dm&C(0{DbB9vi@PTg-}c-?D)<=dG05Y;c_F?0k$Ogf$Shq|0(JOjopMyY<uy#h$S
zk4rSyCt+hqk=Y>(i?%efx-}k3)LW3@<b?tvR*beO$qNu-oj0Ex%;dm03GnCT+Azsa
zGukq%bxAk_#ydT7On02VWh+V$FVioh1+XQ$Cr8R>Rrmq$<&aS73aR!H2^}Uxfsizz
zy&6NmswF90g>YbTX$qdOC%ze2s8T?8)Zb6j#wchUs;jno8|Io7q=Hx0h8VAeN_EBR
z5a{tE80t(sd2=IvuIxW^N2|prPj%2BOCo)DER#?0sFXhP0vDz8&NK^<`y5oQ>^6M-
z@#9qMs7?*ZoA*j|HgXPy(a&?ZV$n%V@Awmy=b}+>(B9sixCNV1Snm<bG`j~)H>WMT
ziMY~|%o5@E9!N$2r;;pkrbgz^#?4({!sWzuaHCX5BaD~<m+p@HB-n}Ic`Ha?fF<aU
z9q=ln0k`jl?iM0#m!*IojT|+`*kI^AG$oaR@K34lk6<`UMaJ;=6XMV<0E!1}SZh9T
z_{24hGejt8b_8t>AuvL`?%9H9HlUc1H5{J~&BlV+R*GupPczNO1|-V9l(NjfMb1aW
zcBLzt`$Bm)nh_TnLXq{!j?5Y^E_?D+W_p?^CaikQjNdh7&_cOm18GBRnce~j{qTh#
z+Ybbag)v2Rsg&dIWsIg-%+YWv%siF#sCu8c(icMY!?B2&Jq#a@jWYBgQx63V5$5%P
zy`f#kqy0E;MTu3yKG9f|_)>;(v<}7$10mBpN-r#ZeKQffOKqq@hy<?F%kby{oe(&R
zEaMj6&~Hw~Y0EvUo%xN>MF;4mIlV$!RKWDvix{@Bu+GInSS+!$AXiw?0mnCxMOmVd
zr^e_o)w5{iaW_Md$xHg#Q346|{E%JcK0g&D<Gl4vKq4_&B(}CT{&3vf9g$;BtVp6r
zprB2*%0l}6V|U8wHmy>QFap$N;#QPh4P+m(@Gp_T6wuG>L0I%FTLMOZiXoasVo9R~
z%V#?-r(cYZ=kr`gQS^_!b6aj3hJk2j&j0^&AM)6MI^a^SDT?EE+9o!u2m*0g?0(ro
zwdF({s9UvTH6#LXi`Sv%xu<Z<Q`a8>DRj$J;I8@w1fYj_F;nw9nxc;pF9$Qn9uw50
z^pW^1VO$d+;xTog4+9Zjj8Ge|?&hk6*V{ynd3vklnhTnBq=O8tjHlzUt`k1QAdTd3
z$!TG{SrzZjcsV_e@WrOAMPucoU-^81!;A6TG1>3V(6J0Yj2Y$PJfMC)c=P5y4ACPq
zxelig-jo^z?Gv2h3YeE>qBbEmGb&eKPo};kW48t^dncTyD0r=QiUi&r&X1ifkBSc-
ziNTfp5YuG4p+ISd0JCqScv9%WEeWHdw(Q)teluTzA0=x9wCxMg1GXaa^=4kN<1qqT
zWA0sBtHTK@2p^J{#Sy?ATD&7@)AjU{6?s298qv%v$Ymp8gVHiBUz6BJ`-U)p?E5Dq
z|7-DU7H<ALzj@!w&y=?)!x@26<nle>JjA9vgr7B1u7?4<Yolc%VhCHjtJ!w79kMt{
zEpxOJdKqnP%29HQsi$~RXFq%97SdGc2r_UzrG}ow8a`oIvkYnkoM_?sVgZ7O{tPLO
z3!3SnH8d~LA;ehZF*dE!I&bG8jfVt4?d+^3R5*&yMXXS+J8z@2mKqZUdbbPZLp)~h
z{_Z%s$~6A=*ZPeW(I@ovXYR0@N|6EgDb~HS^jLnjcBE50_1rBpk1$PfOLAR9F&SOh
z6TK262ak2I4786etWY5^{o(J+V>oE@&q`Wqxwa>hp1Xf)v#rZi>;Cyr#8(4J4zGrk
zV{a+=in$aS;9+E^{QT04KeqT$z^`0xnY*4El8N4p05V%K1f87(Ge<DtA2{<xzadG$
z=gZ<uWcdgTmOm2dGj;oC^eq7?|8#!^gVGpP54g6-5;ftEj#JPCe+cj`GO+j3Ekcf1
zoRv0LMYtldMRv@TDcD|iv=jp<@UamJs5rypvO|B@G@=u4_<bmd*px9GHTYQyUP`Pe
zfJ6$k>pi&4fc>-Lcl7GOPb(L46GIEDT69DVUZj^*Ul-YMBWEWBz6$JvxqL>Wwp|+<
zQiqB(6JON9d;epP9*+^Z{n3IWzR-j10_SCB>SK*j28`as^H0-ap5=*}TNnZQd_tJS
zMDh_r^maa0^ZxbW6sPwtti8-xEG;!5_hGe&xlP9j0!3B6Vy5BDT%Cxsncr?BEyM#)
zyp18$kPy{8X(Q&%JS1H~i2AvlBJXVoS}pzlaS%ye!@>HtwyE&@PlQ8HUU7rlk_X!N
zpx%Wu`F03SszXE|=6Ro5vn+gZWU;4M^Ia6Wp$@izhwcG;guV$`x%Lh`M{=5<UrOg5
z;TzqPhQ?BAs9(OY{w-J4!KT0GxhA^#Cu#3iA*@(NpH6nSrzxHppQnBR+EGmQe?TuK
z7Nf>4l0v;-3lSe&qoApei)3#mNEO%(gB8=2<+?F+nBnP9M9}XN#-+4=|57;luQ#T-
zR|UK!<%L1;ki{qw?*^GWU~vg#p5f-6(W`}1UJjc%&>QhrIjzvrsE2U|Os@lp>*3&t
zuQ;!SLIiZ8zGqPvKN6{9#V9b>WfWd2j(e^X-^TC{w2zcXj&H>0F!z9ocUd<^z?j16
zhQ1t^qAdc!RA^QI#ywzW#?f*CzDEp{^Uv=iWj0TN;YIq9CvCDQJcWbS5hfZV(M8UM
zUm-5GG)Y_yTii?90a!dXf|}6$EL6{k%Ahx=_&cu<nD9<n7sZQx81zh;0grt&LZn1$
zisB<)_VS^Ke{`;r^hu&Cn9JIWv=`|2;(Kz$Jr;u-?%#vnNTCmX7nn92mAF|dt1cA3
zR0kM+PrPK)3y5w>__YfcK0wWxuyO)+D;NEcG9twjM-$PAyVq6zXZRQC(vc&QZo=Dj
z4Jl*+9GH_ZDHOt!>SW8hW0-HU7KLg^V3Xh$xPVDN#Y!RI;=vc&vyK1!{PND3xf4(n
zdx{=#ZO{_xhrehP5&!oyx}<D9q}iqq$V8?RL`>8qSQNz9wmx3JhigyGzSL^=<?sM`
zKZW(KowW>$G!pY-ee~*3y23`v><LtYYhF^+2QhUnTdh9ts^@@dGT3ACGcOIsGsqK~
zgx`n|7OiaW39WM4GuC?hJc41v;>qocq336=*CU~O>RUYE_qMy+7i;WC&-}bhLNgtT
zzh&n&4i0-5$$SN`2Q2$9tn>+NUV!$O<&lmakr@<dQxYqWe({&no>P)8n=^)iDg8w3
zz|c3@H7`)xdTvI_fVch@J+Q}^zm9R!oA5E_G8lahmqNO{VdqYqZu*Ps0h3-BgC{|6
z!#<fXr6hW>XnRrusiFi#gFm#m;1b1nn^4qf+(my1&3Jem^EujY50>%}BXZ~g-W%Vq
z1KIx)V+FD|36{bB`0T{BTE#Qwd%!f3H2%bc>_R4a7fDwuFK@_iW8}OC%F`cEpG3j?
z#K*Tdwny)+S|~&kdE}1~x#uoYP1<b=)|X|;dL{(>Ic~zEx!=s`l$&e*fp`?Ohrjx}
zPOB>L<yZn=9+*-yq3LdtNFXib&^@T>{<p6Ota+5YWn_S+J(Wz^8hjS54shN!!6Tj!
zIWeWnGL=U+heW|hd3}!XI62q!Wtd__e5Udhj~f1i>jC=#RRWbBCV-B7aS&G&pwVya
zk5DV!;V4qim5k6ccIqoR9q|Dg80F`VW993DZ*rA9=8QMT@=Gi;O>E4VTaAk++*U1X
zk*5BwL_SfR-TYO)%pN$a+A_!<u&<)~Yr@o+wm59<B4`4qyj8RrF1esd!qV~N_)Q1e
zLHNIOs?rqx7uV*=B?g&bG(h!3@<J;4eeWm1^ed8jjo}r?9=fwSf=vG#bsG_NP}WRX
zDE=D4`5~E3?a%{8h!Tk^1<P3oJ#Z!Gh^KHy<3At@nEB1wl2tA7#oSH@ou4J1krg|R
zgxUlbDEm|(Ws3IUdf!#>&5rZt<@o>tfP&fC=>g{|Val9q!0wI(Xt^i?=2$F&DSSM+
z_62b?)$g8HW%=KmWxV*TVgjL41{D##5>q8ouJzzWLXkpLjfngVK+JCmV}1;UezJVN
z%FvV4Ub?o7`{#iDXZm*1_;c6`PT;38m7y@lMi7y55rM8KKIQ-Cp8R_(f3qb`y`n`?
z#gyi-nu6GC2WS69aU$A<g5R*BJXq}g0<i=NOIuN%fMz{l{HG&`k)ptijRuj{q5i#O
zg%7>_n<zTKb6$Z)B!C4-T)S${QfH`$$f<&OW?J>EsC<;xh3M&{ccpo*qqJZcW&IRJ
zA9(moaQ>YMHtk#kp6CZ${OR_9=SS8N$xe`Gv4yTyebtCmfm}O_soYlXi)cZ~5AkzR
zIY+{2Tpac%)*o=oc$ss+ubl*;+#zWka~}~0_E4>_|82PFA1r}nV?-W^n**lgb3#V~
z-v18s9yT%{Ce<dG%War(G<gxak8LJVvn#siUiOY>fCuIl>Gz|OU`9<drW9JqDucN}
z;yw@k9xT_h5k>SKn6LMnf7v^?9IJsKh9aH)@0l-<5V$$j&K)`lEs%KJnGjN`r_27-
z@lPxp36?q-_4xe^*aroF+ZlGqlXEsgA-q2L^n>jdHtvgk#l)0IoNbXXw$cag&_>xi
z6r=Dk+3z7f_($ri2zOX{8D!RX5sDj8xBKIJ$uH-`N+wf)9g=_c)-&4!X2<3!njsbd
z%~`61->BYR>I8q?rpI0qtISk*E&260pFVf(HxakI3T{FXV3ou7{sNPa`3T=92-w~v
zjvmXu26p|K{lN;W9>fcPSmAW)BmMr5p8+>P0sFhWM#~LL;^5?j#-qnOp<SYHRLz_J
zC@}@0s$b`7K7?>5Q!3II%JDWPG$C|_winT`A)C3xFT!34*De*qde~|D_x@i&(!dp8
zq%b6w%VR?P9`Jm0L$R`8;9~bPsGg-jY&8na0$Q!D;WJ@~eZT<aafwbsuG|bqaQVTG
z*{deB_g-9(bg`K`=1=vYM?d@U>NfMurTeMZ6sPF7x8#-NhQs`1H6%2WT7JZt6gMk-
zHwk#TLTh+jUiLJ+RCdq4elVv0%)0^5>GYJ?{?mxBmfy8?aY#7zv~47BfMrLM;$7qK
zTb{RTA9lyzEouf#u%J3$Yq_9(n%9RQ(zoIy7mAT7&+MT2YdtNmOQ(^l<B|V}7)`58
z6Okrpw0ZVO&#n!ytN-)J>N#fFvs5-82Xh1t_AAiB#n+FlXtQz_Q-agn=RZB@KCL-e
z3-&W$ELy-9U4>8{M^d^}^GcCdc<ul;b~4$C>)uNXuFSe&h+b#nvD`pE4~8k&7o3Ps
zyX?pN1y8%C>ANaGpEF0gdYv)I)#ole8-Xa^i7={AriLzP6)Oi$512;iXj}yI475Dq
z7b0Sm*gU?pO^!hz&l&R=1c{<5<ei;4Bv5Mp?eL3YHm)<>D`A+}QRtdD=(C>zlRmFO
z?7W8TtugujKZ8P$+RuQ!H4|`o0#Z30KOK*yG5Sr{c0T!A`HNY()h6Y^uJa@k%T+_V
z9F}_fZB00?Xu6}~U%wxOtWUgQlKmz{=e*x)@z?g}f36u1GY95{IM@Qd<{5DLpnAO)
zApvw4zYDFZpH_zI_jQa$FqQ(89^hSkc&baxqiX|#3y>B_2o`%Y)Q07r53_yQ-2tV`
zY7qYZ(iG0puo3fLl`uTnY>kz}$`|!B;0V*nHsMW*r*O86oD?!LdOZfVBaIKOY!>5s
zQ4=TJ>kWj*0<KgHM6Baiz%(WlctRBbGuI@=L(Q?ai65h6Uh?H{jsOI+cKntv>jN>Q
zA*5%AW))~D^??1K&)y4m@0cU7Ga>Gfs*>K{A)m?^rc8;>&W}7Ea^Hs{-Ld%vkAb2T
zHIq0wD56HI*JFn9fse`jjyB<@FDN{YM79EXpE{xPu7tlgu!jP(F7<#})Gdioc3(`8
zSE$C(=brPSa!+|cLE9!mt9IO|&l%IYg|gQ6L9VHI2C<^DQ%|Y(5c!^Z%_zjb-}rZA
z0~#^hdY8<mJiWpfE&W0My`KSlYZo`sO0Mv$>pgG+Jnuf4PlySyEh@Va@NRWLH!8`$
z$|PEE);y)5;AW-4)2{-sjADf}hqgg1WOXh5i^~leWk=1833O~+bL0h4TIXaQ6%dMG
zQEbLdwLAk>JsWS@9`Sc``#|v7hO;*WMn`m?IIx^bAzt}7v|F!mpp9>+&Hj9C!oZGP
z)v3$J!v=Do-?t+?PhmFmUTs(YPXCtCm<7Xu&3}GM8Ewnxjrf(QfW6`QAqRy}+`%%J
z8E>edMjo2vtfW81LoSNop6GUKC-2FSPz1L9;%*+F=Od<N|3z->bID}7P#_b1AH-vN
zvr0dUv>T&yKj$XfD<FQafU#XY{#IFGvNlHX?j$mov5E`HY3-q~2$38M!opU;TWZ7I
zh+C~jdG+F_<4{H%D)T)eEX}hkz3qpn6HjrwXh^HqnVqK|8M(>DTpK*{1^DGh-Mwr<
zScuD{3b@DZ%nv3@J$lMl34-;=DQ3MyI?W5p2kd)nyRJkaRXNXyK6}JaP}Fm^oiJ^E
zG1-4621wdwiVwPoG_f#0Gjq&&?8AjQCyxrz9g%0Q{7*tb`|Zs68^^XB562n{b&Sk_
z8XAInXHh6h3!fe4i2L`-A1f@Mugps|*$^VR*Bk_@phBCYdoIi?8Ul(zMJGN)Va47j
z@%`ubtpU$q(8e$21YWeELaYxJu=3!j*h)^zGDzqqvkQx|WSs${*J~+OGN^15pH)%4
z64(Y|*H7XFfjPdceaE7w?w}i!dh}-xcJMA>t&Pnb0Yq@6dhq?KidP7N`*+`$ovLz~
zb3vnxSQ3u-TSI--5e^ickjxJ{n$xjOXX8N-^!A#&)St+nj&t+3&z!#M!4Na$&j(x7
z<!qleP_)Fw9soVHFw2cBbu*YC`<Bi3a6X4dDYL&q54aZjVU(eHnvWyL{48&Q(xCcI
zB^PZhA{x{#HXGy(;-Xlg>L*}OF4zI4fE~nx#_dtl)aJj#G<o;}rG)lbd9K_1(B2_R
zxO#f)RZp~KJ3~e+WQG}V#4O@0rN=CC^dyfWZXxOcd($fT6ll;|a6yfLk@**0d!7fE
zzx?>wNS9EvDpG6=BGh(MdW*d#YO>bn*T!JENOO&$AL1-uTArS@zegMRFzqW~8PNSc
zR-lj3JP{n&KxA0@qa?P|Z4>)|WiZ9|Ht_Dait9d3%<BY>%;<{KIG%n2EK&8|^ZD32
zj+Ax>9WCDAH>`Yhi(#h00%dvI0OrpHEuR?o6QVWNSi&B#b4p&qCzyz?na^ZWK+@OJ
z_@Fs~N#E~^mNg`wrsJb&Zs2U@Qh9n)>{G5Bepq&W>DFU?hW}-Oh1IPgL+fzhO;tJb
zw#XaKl(C)`*>m*_m?5=Lb-1Is2scn7O6uxTjDPh(Y##38vk;rRG4+rZd}>E!dg$V`
z2VL^15h$z4<vQ;3Npf(mjAcxV5T@fU6pWmMhk9RmNF!n9?oT~5g5@G+z(sgPMkmA_
z#JSdKFf0TU#uS~39EQ#*w=?LO4v|mjv=gjS<X$?sd#B0G*?@k}Nm6X1*x(S}$2YLq
z2xt^hGrvlqV~K}<raSX4ow9DF)cv`&^)FpBWrvNv$Re0zu7GQPXJ$Jh>UW&GQ-W89
zVyvx8L6tvU_oC*Y=UTclKXO?&R^KuWW9zfj6MJpMeK*}+0dKury!qes^=F(WET_TZ
z0zC085M;mVP$7eHm&i<5NC;P6V;~wzLSkh@KUFe`9Z(^@J)&DxTu(-TAJf$$imE>9
z@fi8WAE%Lo=wHlrq&yhi+W{)_=0OB9pfGe9_*n(^{*=fjo#21|mvM^QtWQ7v^&`}5
z@ia>InF;IP%RJvSbE~+OdZtUiBzTREQ4LCEa8WLtN^**pR&fe>#)gp)!Sgsleo<2H
za_vez^H1ReAs&pDJ31vnFRvuU%C<{1{~p4RNv{G5x`%rBirzyBIRW?VjzTDrd2swL
zg^zIa0ubv&ys#_DMv0dUh9K3Z{(V0AHHR%ODL(G78AEe%Oc}o4f#;<6+n)|Y$X6I1
zTgsC>@hvD>Z0Bhhf3+G!RLd1`_G%0%=pq8AT!iLdvAGnk$Ra+a#*$BbY%J>qi0IQd
z26c#)G-v67Zizw}jXV`43p+?VI@eCoOd6%EReYuEsQ7R1s$QC!=)oAQ@8q3Ja^gS`
z1s8c2-~WiSaj?O~WOt%K5*@ZNHi1N|RNq&xN_u1%?Rv~)0#O4-1@g1Jcs1|L?Wuwo
zrlwhzJMghXPXvCtGA;Y}CXNK|+RyqiUr0@F10z&;BrL6%)Pk(H`D7o#&}$@XA=y>?
zFt=oBo6FM7(eJ4RBUAxa-26W<^>}n2FntH+*oJ2jy#bj%pE%voT!xr(aiL4(I`=s3
zrXw%7`*=b$VP_|@A~dM62zFyBwM*gCoJ9$l=TX9qfrfei;AMdJ&AgKYcQhad_ESMW
z1%wrnjs@U!zQO#seoE%oBUPdAfMUR$<L+(oi8e?Vkg4!g)tmz)F6qy0FP1U2s*Ber
zcF+eP1h0lpy;0P$R(}r_;52U$xslv^ND{lPMi}A?Uh6|VzHzPr^ZF4tP{0d1g--Qx
zLS2ly8^qCL<2VXKfdKB~;t~hsuQdPL)F9l#?xHq$j+Rpen3lvu_;&pMAOOX3RS2;G
zMU)IvKtBRs<a7QmWLAja`G={g3=!}keDiZQ4s3?QCBwtPUo$C$izAVj*2K;B-@ePC
z2aQ;vZ1z;x1dZk8dO#F`3)=EtC`z0-81T@>f24Hx!(+hzbGM2+KF_~C7A{?MaUQr)
zJNK#+Nd;nFENj37@g#7qiG!aiq7j!qmhTJAGI`$_9wUD~gWeuUUQBI`6+yj8Uoh{a
zZ1iJtJtr<LK=$UI4hCQm9)Sad^PYUirYhp(ObUH@|DWNZ8)p3d#t;FEdmv=km1)67
z-XD`BR&Hu`oO1Fxu%m-{E9GuMUWzw8)2y72E&P^w0F?=-7)+JQQYc^qLI>&;8QvE)
z_DgJB3l-R?kNa``d>1Vi3+j)J)DOZ;VQRo$_=5V@V$Kyb>QsX7#8w2}A{2#{3@1oc
zSll>q-ay-n0_dC%!dDjp{ek0gqSO$)A(~HJ7-L<ptK~mLC8?olMFS%mOf`!*U%*DQ
zML@|$Cm)fGPB38!i|d+&b@>s|f6hs0jn<}~HcCVU)^d^!agFc_DuV8YBet4{V_M)!
zoTf1y&~qo<xcXR+HJ6bC61ar%gBqNO8JF*o<9;LfytWLh3TCg8aaf&zp$5FIpqQmk
zJ9R}99Z!iByZ{zCXW4T833JP48#<3}^G1zC12X(k?5jJ+%VMws-c^`!=XPTI0!YSv
z!XKeOgWnv6Ck?LBjR`s{zGNM^4G3$In1#JqSa2fC>;|R}SXoaW$jN&XkqqE0@GCK}
zQ8Qij<$)T<oCPE6OkvDo2OfQwsrwaw#ZvwT-KvZ1wDt3e2}VuGogR_p{o7R-Gt04<
z-y^;~{QXaQpV_zZg&KnX=kcge(4Io~h^xwpvxJPc1|Q-x{XQ$m5QmEfl`s;VEe*n8
z69^zJm)PS};?x&^V@VLG3N?xCI91LlA{1u$4Xj#kfTS?8p}Gsb1SlRL?!*e$jkR^F
z7{qOTBbm9N3+bUy$<y6_nYrosSC%(HW<glX<9Z*?({_28>08}9=P#~;5G)mGKRdYt
zKAQAb%a`epIc3Dlv^?uOC3~}&v%D?ruu&X!>~vrJ6#@U`HuPEe5JE2jo}wt&cFJEn
zb^2nWd2&5GOQ#3DvbqBV=!*w=@r(duFJ9xcu3cLMnHIYysk{jx!OQ1?OPOUdM<fIa
z3vcvi>j{hIr(ZLUQ*_(~U54*AokL<23i@ZboG3s%YKN*2_+Ff&U@u5Vf{2FdJy;#y
z7ridOI4(2H3k`Z%HlUS+I-*1+re$)V2ipnOSR)H>pnUx4`Eqe5AF%f5J_IxhvGn*h
zm=$Ui?3?a+Ho#W$@U*l&eTaRdYMnYO9{$2%2v69wZ-m|-0@1@F-sR0`99}m8a%1oR
zPa}lR^UiQ{&+?76L>Q`P2Ae9S7}FKC6D?tlte0q3x=u0J8>S#__Qx*dd;TNujB;BA
zVkr7?gb*ww``-wAdS9<1A4X?<r%EA+wn`%gobkjS``WiU1EV8=<%ZK8nHs5gz$ioN
zzSOWrwzy}lNq>#sl@tx_Ep@$T^IZgd){L|lSzSKvI|(927j2Oq$kuk6bN)!!5#j%*
zVH2!#i5MuyDC5Hq-lz4l@K9V~>VziH5U)V_LgCE-A4zOIXYOGbeSye0O`KY?Mh-Z8
zF+J)bIxTyfMi5<$>C!2F1`qC@1g51bAyf_3V9(&IXu7k+U>Z_jtiKNpbSi0H+)Kwj
zHDAaU*6-0weO!mYt6Lo>1H7+WytsYB+9y@idwe|ptir3c=*A|{PN`$nagL+nu-9`1
zkh^uh1(Z_k?-3-^jKSqHV~ExY?<9EBiWf~~nZwAoPsL#7{QUY$RQ}p!_eBuIFdEF;
z+q(Z4;AP#ADM~H`Bw!+Ou^>P6th2!$6mY!th>cL{<1|Bm{Nz!PyeXy#olCNSI{>lX
zm)ZZ{l!1Pi;-csAlnmx`xd-Xd;nM??;n#Pkv|e`QwtU@;0y%h|5$60Cix$v&LrB0=
z&n(-zoDA^m_>Eb^UTpzApU@gqxuXUfBI+Q55U(Z6*DsMo9}I2E1TmBJUA%fd84Swg
z;Sxe<)Ts2zWzD~FQ(iv+rd0{8{Fzll?-6+7q<3k!VF|$7DR6f4L;4OZC1@>=^=yFm
zbwfWcEytC~y;S)ijs~$Na`TF*%*1ULGJG&;3jwkZxQdQ2I5JOaQAyNQnUSmT$jiK`
zQ|<W$yKCZlJ->7E?9=(8;agHFV+XqW-z&4XkH$V9+q$0&@Up))6EdV(UCs#Y7q+a&
z?=JI$QFJ(F#2g}$KmGg)VU+kDORg!}uD3SNK%pQ+v2H4Yd5E+qJ!k0;v3s>h1lW%Z
zDMyC$vbC*se&(iq;5yj$+Bq!zcwu7GdKtFYzMKv4vc5J(i9t}!ZwMN}dJ{NNshk9P
z4@Q4Q19(c9L7->m88j8-6=f-yi(7mVA?8$s_x(X0g!Yp}!syF&K6;jCfsmXm^N0^J
z)Wbj2y#8bF3{xY7fhhbV$Y2hV`(I@5)UBO<<go|?jiBXy6>Fl7Z<0x;?GmFXZQWJv
zBqD3w-ip7xz4j3s378E0%HX}v3X`pB{<<mVm3NWUo1#8(x1FwORp(qi6c%ZwRGp0i
z;;b4usjsr?o%@e@Ey4OJORc<yd1(>CdLLAyq52AeKTZ-?4YdKsC|LHdAV5WFstZ&<
zkNj7;S$eMKSG#;U@<Qa0e@Vb(;P&`VF~%5U?nrBye@Va)G4_3o5eGf`oA3Q`oK?|(
zh{)~O<qcHjeR*Y2m@QII<?j~<JQGEET5O>xCZUVzq4p225QdoO_=TV7MI;SIrT9xh
z-Iy9Woemy?0^}j)Lp^;2Aqr601L#SRI}&`Sqp-sxxLMr=lyM|VDJqz!RkFx#HZ6t`
z(BszNkq&`i3mHFnGj#^dM~CRZ*1G8&NK{I96CcP(^mG=8TbQDOLPuA^#i~7Unp;p$
zG=9by-vvZr7?ZRm=ud>)2ve~{eL}Br1^(!uQ6o6T<#>W;!KN1R1|KLslK>o?3%EvT
zNVIcKLSBM{0mUX`Lc)YY87ov}+mEsD`-s@)1Pnc5yxEO0#u&4d@g|~gl7J^}{%3$O
z#u)Ql`UWImp&Mh2F=i>-fhJ&Mj4{Ssj1#ai#(ZrQjDkS{0IS|Bg^ATp0000007*qo
IM6N<$g5nZAEdT%j

literal 60086
zcmbSx^;?xq)b6u`Zlt@VQ@TMKq(gGk-6^^07U?c2X%GpK*mQ?<sUY1cAs~nMobv~K
z*Z0F**F0-x-Lq!qUTfl+SdBLdSm<Qv003YqDZbVM02DX?K#@=(&l1~xMlb+?A2n2U
z<VYxJUWrHn0Z+7y%+Ezm-a(?GqLXtg!otF{v$L;Wy%H1@w5;7`u8;#P#-Dmn*7)Ug
zj4XQQR^0nm%4?q{C$@pyZKZ%GAmHNU<YaPgL+R@e_kgFKuNUQWD?q?u%EU@a?h{bE
z@$~dG*>{NI|CEzoh#Bxiq<TR@88JIEN<#GsRXGxH9)=hphGu797(LB?j==PIA`xAE
zqhpBU_=G7!1Nh$=<_^7}c+UJ7$}=nNUBfb1ot&Hl8Gf3c9U|a-)9`HTOv7wnJ_)7x
zE2{`N7468}3N9N>eHb0e+r~UoIx<)x*yE(2ceZ6}iG<RGgl&+7lEeO8?rUZB&kdhb
z^NU?FJB+F67^tY>jdMwDvkY&7a<bnO%kJQq|M~TMr)zXRDmIZ=aB8?Uzt|_p&ee+~
zv|)Ozd$Pa&1s%<&>bksyARH-A5=u{x#3B<*hnt5-u<O!WVN%D6VGyGZEd(It?EKRE
zJ@H)-35BX66U50ww>~2nz!CWNDWtP^WU{}NSJE^*tHj7NC@tIxOU!I$rd^ehre=Je
zgsD-ChGu+p9I);rV3DY48$eahlZ*b++0{itlgTUT8fGaTQa6^8ni=2^$B^^43#)fj
zd+B5<jU^;L*j6<=`bpI}!qLM{T}C`okv_lSP~JNeCL!fSPdk3`R6n=cU6(#y?p@U-
zClS5oE+X||=xVNIMasyFxwSrW@CT7(^p|kCR|KGG7vZR~j#nZX1Y9Oujq6#T`~LlE
zWsZD;xNOyzWD>DEF7nF_CMo{>BJ=dL)sh#0qrXe4n<<yKNux=@T#-pa7ewV<*_>=^
zk;R@YDB<;Kq{5r=unXnsVlpNrkAyP5f6)K;&A)_Vl-}R}=)5>T=8s2v$Tx^d#rm3m
z3^Ob6P<0PDK8T`T<Btumkb9XcLoWPsq6ejV`OeL9oQ#sn<;xTJ{o!KiG+9`qVc65E
zYdybZ;n{fBT4E=2h5y~jIy0j4DW9w^8vnKV&^VurvA9pTpwnX?-8}&8dMUk@*6~|8
zTIqCN)gXXtc7=rnuQhCebKpqC@Ai?1o!0CkFxTbnOL-HK&mv-RwY&&ucwq<GX_Fw-
z-*3(~Ogo$e{Lh_lpl2ipmi(JMsx*kpU%yt}^%vEFo9a5>p+fh;zAPy?X#F25H(>k{
z0l49Cg2hk(m*0}0f+>9fq4to!e#F}i0!Y@Z!<xFf4=?~hFXgjtP{9}%u(t3GZ2K1j
zsJud&ydnm)_A&CBPwSs^_<N=n)<iHs(YD#28iv6QlzvBA0%HO!S8NRcM9MG-Zc+rI
zVFV$=xf%$bs~vhkOpyVa*fIcu(0#6V^PfrWJWwH`iOYWti6Eey!6lc8T3Itlk%Ae)
zW5zYQu(PcJ1+rq6wjfn;IF(hjV2VZSL!+Bt$Us(vb1!gHb$bU;n~v!<F^f7@*a1w%
zBQKEK^n*kYTtQxa<zhx#AYjn73iQvkU_i1j$tMsS;P$_J1?gZ3pgmH5H1WEW01!)R
ze2Cqpu8eJ_h~H@&7vqFvaI>TQZ-=wbb0I8C*uyAd($Dh2WRHd!oAnVRNAC<ot4I{d
zl!_XMf4pO1uZAbh!YrYIheznHg@Q8BBZC*1Sci`N(Qj%($#r#!!6ESV6iT_;$;62J
z-{4(|neGB*^fpF(So|JHN}URcJj<LUsuEk5;7o!CDXJF?=wp_}@psVwC%zl2EP{*k
zY(tl-*7zep$<s%WsQ<*(&*A_JWoQFBu6a1^KNwoz&Br@jlIOCWAta~8^Sxys7BH2e
z_>l2(+`|P_jDU<90e(FkqF0Q6>i}bwpdxLAlSY|mNy<Cp0ju?QNDh|2KCK47hZ}{G
zZoV!<Yhx^j{W%;W-tKNMF`^KaMf5*{9$uYt1qJ>gM_OC<#LCdvw+#|Z^dWw3vr5ew
zgu@{Jk4+@-Ro<~R#u86*P_6ET-xqd}=&vfzXup^Un>J%aQYmlWB*yFmcUWQQ$47sV
zVC`c`O6iiTe1^5$NwF4m?evTFmq+4t;_r>fS4EZqoDI(=-VJ@?fJud!jY*+>Dd2-9
z{*(ieM;)#!uz;^42P2^Y?r!br72{|5cYAt_&^1Y-V`1(0@TunSU6w2pywHU2YwoN5
zXng-6nFqf{6qpqr)D)bHVig>u^Px~=qh|XS+P9aX3gMGUZriA3@b1UoHQ<9?4ElTo
zjp76c@8i>F0<dcV_}Og_{(tb*H+f<LgFn2K*<sJ47Y1$tH3pHHXUy?otUG}g!(JnF
zu;UF$!9QQV5*Rm+Cp{7aQD+tL)#u*yO@zLqZvL|QQB}C@3Hd|7&Lvj`lSktM6Fij*
zEN)HlTUYzKH`h{v86;>$(b-acjy=W6=4w22dnFfr>sPjCbrd=I4<lR4>B|jqRY>!o
zGVa-t?3B?D9X5<-o-oCy={cv>9|tJI22;>rQV&ibqn$i>bh&*x?YgNnXb}U$z=5E1
zDdeSOxD-|02lyfiQ-RA0$*04qLXd{wyKBX`J0?@?Fex;@dpYkPYrycJ62;NK<}dJH
z-3Z*hW4a@Wh4f(ZhYon3B}thMsQwlW6tF;$gfz}Q9-`<>^uf<t3KNo;p$mj(a;z5+
zHT3cXSfl!-Py1C0df6q2fh4iVQ9ku2rQ+Dm<u!QiB30ts51}X{Y#Pj=FS$msr+!Jb
z@o6|<)#oPFB@~^5gTw@(lw$tqOC~0g!aZ?sf20vLV7g;qoOEhH)41-UN=XFVS#SQJ
zZx@pf)$C<OdRfax6plp-8*)3%rhr@%I8@%N4H+K#&V6Qea2bo@%a)xcSe7wmLQ5!8
zXDOC#=1xjtx$Ow;{7C55EsJK}@zv{@A5{ufpVg2*b|yql`{02@F~Ab$BG#w|<G4K(
zby+=Ac-$;kBAii7)UM#tCz<rx8!L#3f=ShwpQv|0QfikcIQUA+vGWPrQgLB4x)l0=
zO;602MnCP>CO_HFwonl6vZ{qH!mPI2Zt0kG*cHVToN&X%e|H#(?`x+7QqgahwI7tG
zcq4D8QfA&nuFwUjKnziIE$QFDq|glR^{-gUgh7S+l?Q$W*RHgnv2OlrRlef`uVn;g
zpH9la%t9R_mcX2&3Y<=MdM5#HPpU@>_KEn|%-X!VI9RURDMNUcDEdM>C#^~|A}tm>
zU0ef^<ighcX1GA`d)bn6sfh?1%sXGtGAM_cayIh|oJIbevR>_w5zQdhE7D_zbeTj`
zy3Nd9IoodJDbK=A<Z~R=$T#DT{lFv78q@D*^^K&mmf5+@m}IWgveRm#M}{dg3GjUp
zlD|(U)_;jz3-F%^c{Ol;NcQ?&?(;sI{C*sLY3dW)li0jgRTsfFhI@vF2l1YAmgAPK
z-d@1m+nxmF_7j%9uGGcfMTT2>+=9@v$bM^Oa!!*Ld~BGlE;`5fQ#Shru0KmwXRMg}
z>X$MYTeE5O9oM$CSBgWq2#+AX0|tiKoRKdQ4FL#;1dd!S>V9LB@uSy9%ufxx5P66X
z!kM{5P+6e~d02AukVOxD2OhdUaQ1Pl&MP`|UOayEM66q*x25MmT%Mh1VJ%m{DNC#H
zSDckChJh2g9iu}ylNld0k4BvjTJtUopSy1JBht)Qjb##x&T41^Kg)SahiZ$q<!rse
zSFoPMw{jG}zRkAm#T9k);jOs@hl%le`pfA~mpQl0^HwCx39Dhl&36O((uJ+4_-9V-
zV#pKRs(%y-TUu<F+6Y-3$y0F9MYR#%JK!d>38T0Tj20C1p2=SSBwz*vXW?OB>=-8y
z3R*l^{!M+4?z}68Gx*JOH#58o$xDcBljC}s;;wpUH12n6eo9wVXX~<gM3aQ}Cc_)m
z3*e0qiDZ9%>rcbS?0DRtt|lM$1Q_yQ?~5G_s0{vNSElO`M4%(bRw@JDSkXI$+i*IL
zw!}l(jR^_}+q2$(OYs;Cl4O^Fs%>FPzpw|DT>BsiMX7Bi^}g5iRF3<$YS`EWE_d)*
zu42jIUjQ@pMN#sXb=(g@ReL_^)3=0Nl7q{ccdh(wgH;ht@x%W$`2ZpCf1yW4<Mhpi
zIOxT~G_x$CMKR`qKsI?jI1_Gfon{)*{2K8kOjsYWA6+zV$H?Evqfy;)aa=BV{*hp$
zL<L$CAu{}~;tNqji+*@i(Vvv6Q(|r`kLY%Axyr4yrkleZ3esB9RWrO||DyaklCvs0
zczs>^RwSOKrH+v$Btm%RmTqsz_(&qFPEh<$9BjH4bp^^m_oJ-MS@=#>3QZXLYUbaj
zAn1&_XYU{Cg}uU|mhyY9L=bxt&A{;0t6@VG-PmngL&V}435J1gpP<I|9oU6JOjdT9
zK8=1mhFB3n{7F~tX!J@CR!B|QAU1roH=oG>%m0sk+qdO!55M%Y#`~|#GQcLf3=q{3
zV(s!u;P=q)@mhNVx2B+*Kk-7-87k0(3hKg-S|>IBQME5#IV&R?M7Sj}H3T!yjvimD
z-MZv4gMR(+ClPF(`Fp4;W5RXfvf02rqIJAh#<Tgl)}=LsU29R{En7L=Vj{Z=2FVux
zqBFHqwVP(Z6mBa?Ju}_90J5V>rKJz=@R&Tg;K2#0Q8+`{ZJ+ZuUQK1!sYq%9?mWj$
z<h{l+q?%dl=Pe9Hv)o(~roTXo)h4O;>RD3=&Jv-`cvX&O2K<;~jPVeo_ud6Gi$QnJ
zn5u666}~YN(O%hfMp+P~h$hrQr6DLLOT9UA>8p$&-WSeAcLK{}I1nESns0<zaKQcu
zR4<w<n3x^>+A`5`csiYHIH(IROd60Fk_u?38z*)%=!4<y6f^nOX8NT`3<|@Pm4b$+
zJdZic61~rH&`4x`*vDO75ptJ}{j(-1j|;S<^?cB*e+0ZOLv!XmRVx;+6K9~9eSx5x
z^?M}D4Hg9lO(*JS#uqof``E(MxzPQ!!CV?KJQ)9JJxPI6H6(~uNK`}p@HD3=sr50)
zHR;n5c?Mg?^ZbpAHEUIplcq7k_O{WNAUnSV4F_ia8=WpVmV%Wf=#rYG*5dz$Kr_U8
ze1sjc0`5KhjygfF@xL|b9|+WUMqXEo)(hI{=Kg=0cf?T4x)@<|SsAvk&n9wXUM^~D
zg2F>&nEhizISQVh!OdAC^q)m)gWhzq1%4x=cBW6`+|RBXHi}MyIE^LQg$BLd20yFz
z>42Y-P}^Ld^5C%>5(;+yby&}cX3N!<^w3ZM6^?HJSJMF1!Y~*Z7G(Mc<!?YG9!;zL
zz5F$+IAGHZd-nAsiK%;cv76;Cz<BiU%B1LRBj($RVmJt{jYb0ei-Ch^UT_1iaJd01
zFfttZIjJImX(<Ho;klR$l?31gL8Kthi3tYS(ZGOVC?<gQoU-Adq8<f=Ah6E%|Gz^2
z2T*;vCZaaZbO{il2buDFW}9S}NSOvX5k=+5*_cqy{5ffg0}b@BGFftbc2b=^jfjuo
zZzA7w(s{8WNrrk~%ldUX`lH3>L0PYkFDcM`xt>%8sZZSj9$Xmki3tJVLY@yU4$sGw
z|E=Kq2@>c?o4sZFeDOg7)V+9y3&9P7&-T@Nd!x|!q=Vj2o9?~L&hF6_G)`QOI_3ui
zrR3lk-A(jjBal3^ouT=xKY`@%+#)(e884#b8RI{gNPCDe2ED_kN{MCqCO-&y9XUG~
zC67wN(A7%i&tucc@VK#}WX;QwYiXXA+vZFTmx7asveo60A4BHr6X8GPeV%rzo0YhX
zry|!z_5N{nJ{JA}fW|D6^_3-CcEn{sYpO~v3O(q}rL$8fDeqJ!imZBW3FyszX19jq
z$v?*D#kvmzz>RMN7OQ*^+q(O2JcSUCgVyjQ5n0*OXh_F7Jt^;OKFNC7{A)NU<~u=B
z(OC7*V8>Q>ylIa=o-awEx2qmnpLWd>c@gBNanA15&4zQ$l)Xw7i)<@D#_|fd2n1UV
z>&d~GQmW-RZjXK(Rx_RQnyb8H%S#p9PrqqG%2+RtoJC8c<>FC5C%eA+%}uid_sjb}
zp1mptj~(B;C!=SQs-M-x%CXPJ4Vg>1QpayRm?{ffWKZm9yKQZ`^^tE&we`OF2_KF{
z08i$p!G^i0y+A?|CKa+|?AHi*G`wNXfe>oXh+@5J${I#kMs-vi6Q<jf5k({|m)I|(
z*<(uBuPukm)#-Ou^#~2K?Qyngah=Jwa!e4%oWjZYH)2zdliDFF>cV@P_GhCU4A2l2
z1BdVF#Ujc~EXxY<*GIMP(XR&_t$$>F09sAo`Yw`?wpQGMb_y5(sZ!(yyrI^Od}7X#
zTTdISkDfjU6<7^H0|hUOySjH!{967*EusVPr3Y;|4#hhUmok?GXq)ATXp<dEsiz0|
z%!avdfpPoQJkFVoh2;0HIsk|nI{^+mk=t6@Q%E%JMPKSJtn%c(l|-104tlQOxCyX2
zPq>ynL&gx)!@ao?squpskd70i#ru0zb9gPzi@|KB9sr&d0jb$Wt%X~MC;EGC_V#Q{
z0@ReoaNXnWwKu<s37$E02Bs)wMDVsc<s@mP3$NM2ck4~<7SF(Wr;Pb+;3m>n01eqA
zmU$4VBgXGmDfo8HeT9w--+5Gn7(T4=!D&=Y9|GW_Nh17lKwVoCtkGbxCcBDU&n70E
zvt>=mPr>kkAx(jBWZ-pK5-s~k>5<zulEDc?qLD`Sy8z-{{NgMp=-<|2ApikB&IF*2
zT|gd+YNNYHi-9rw9Xr-)19I36quahoRbFZ<143&jKxOn!2@V1@&mrvX>e8-E?<6w|
z)74smU3I?prQyi{VQXW!wUP2=`NmF-YFXzOS)<CFhq}4jF98crrT5(A09^4(FoNH5
z%+NtxqCuDlyCG;NdH(NL^NONv38sKp|CDaCmOW<1)lAY>9Cl-+3$N$?#foE@+oLt4
z@%#S1aa(+LB6*!)CAhD+qZy~z#gYLh;`cz#e}oA-K{637+<J7ry#d9qys1<v%$!UU
zy`CZC|9wHfEoOp=($*U_{XA)2Xbr07_FRaCz8fXI`JE)4NHF`!T4(;FtA9yx8gwZq
zFl5#0;8Nd=#r<f-_;A$mZI^z%D&sZg1qKikN4)+d=M#qv0HJ{6_As3vx6QG57XTFb
zA&E60hfr*r(gA?KIF7+8z2eRCrs2GJEj0jmLH*Vpe;w>bw!E|J0wV)OG>AwQGZR0n
zs`9IycR7!rJK8N;D0gk117BQJ!<UCW^?9f2#TS-X=dYy!pdBh?U~>G}xC_J=b09s#
zL;biR-*HCECkCRPuZ26yi{dl8+RujB>kD#KRLg%_@v%KCAqnXiRq_JBQel2WU_S`}
z54y)TNPTVrc~|3{;L8csrYTAzGO&KChcHC4mxx3L9?VZ&ER0b%h2BffR;V-mRPG!S
zMR~bjsl*j#YL%+?L4!glZ5o#$5sTIohYk<>H=G8a4zCVB8TaH(zk9y33`5;mk48ey
zo5G6xOo{Se>i_bW=6@`^_}nZ$JrqvT#9|8xfik`~>1h$jX%ftv?$kpvOr{bCEI0t*
zcNRz`Rn_`=DU*8Ol0~1gz$bckAklT$U{qq5Fg6w-H6=0yx9*5#eH-(vET`!_Ukk}F
zC5__Zg8=}(@QaMAR^AWoDUfLZxRQzTMx<Op0UDZ4Y=bDXRE^K*7yvwYBt#TumGi20
z!MR#WvZaM1VLfl3greKpf~CfJz6_G#tme^JeD=$cpd!vxr@oGw<4@fOa-Vur%1&ng
z^;fxS^K8M4=2dT<M8H1iqQqaOG>1_YvW)l)S+7dcWUXgEaqGDd<^QY{gH<iCV;CrX
zL-((evB|nY%zu{&1x{9(HmR2E(<s3tBRR@APL%duOzfIE!wDa`y_;VH3L3(!!Ko&K
zy@w%aFoxO%f`;T4h|N+OZK58-o}kepG3q+AsWZQkF=H+^C}E5LZKSm(TIE|LjsaJ6
zQaaT{d_-~weiSOKG!%R3jX5PZC{L+ZCl+`wPof3o)+&NJ5gfr8L3t)nH$!kmt^Mj3
z7bv$3E+YHoK0I3e{?}6j7DyE(!HE{`Olu_g_~*a6!d?h_JSrui4?pg(*HCL59!&zG
zh{7g$TQ0O+>1}oU2adMxL<gUpInG&za$gBS^X*fx{ZP@&h95G4_X@D}7vq*-5_8n`
z@xQjnssK)EcQAAhzUq!jMk)`i+Ou-Wk}=6d>rVSX-7HUiZXOPD<-jC7$PKS*C#_}(
z+ZV@=j3gn~N?;+!2;3A>H(R3GFiz9zCy#JokVa(P!QQ-XqE}1z>ZE(gG3P#`CXCAF
z;~{Pq@IEORN$(cZ&-F3-^6-Ev6OjK43M@^*_(XxnVVQbrGr0F-D{I7*tNTuX&E?lm
zV*&sE7n{^JuP@94KWd{!`yzOif%+c}W<ByUDmh4J6gQT|+`odTIpD-~S*=o@nYt%y
zh#%U5w%=2x>m|2BAl*tmV%Qk#Iho(|$@qs@>aYJbmrMZ?0p{%Wt><sLT)(MPPdUmx
zeHogo?5KZyRAhozryHZBSDgj6i}U%kHU|*m*fMSwPoLiZNg(MU3Q29p7V-d2Ju31v
zyN@Z(f1zHS+#BpW|8z5WyKy{hX&vdDiJhl&uuQes=^?)_XBxpD(sKVC8VV!>?CY!>
zMSW>N9f8^RsZZaN!EL-lCRJ$bihS#`fBu?QlpQg;^>M>}s|!!WC(Lvzkf{+riKT(n
z%|)d%%t*0BPPD0|acIK+wf{RkElx-3^Zo<_)fnt@MiRt{$&<Lt70|_hU-UVgpYq>i
za*$-#yTi#sJMo_HF%Kf^1BX<dPm&P7V;mgQL3~6ZwR83j<5$3C?r`zJzTqiK08YN0
zv-{5-O!7k%R{1qHl2)N6!q&qE%;X&q#K*?s8sYM5lh1;uV3O5N60Y!XYi@Fx33P6u
zzIbo!J7tgm_w@|gvE++s$&^<|IUa-eKmASI9IIcxl7*=OT%u1_KNh8-XTLev=#d(p
z+<Bm9mvXZTJ2}t>f{k9TLAR3mtG}1)Ip)Bx05UPC35P`U4(^rj^(5!3_pEW7OYWTu
zIIm(WXB?cr7@Q4c%4lTDX|4w0;y1=pbI54_PMKCNsZ9B}z#rwnLxM_Ij8;a3_X2|q
zqNj=`C#^wUdRwIX>p^Nj8Cs@G{ZM#cxZKp#w3+`y&0<b`Z#+9-N__Vx%iqJV)J^y0
z_lJO~zb5cfJxsqpX3qT4cVk;yU#I4YGv#5Q;@lSlvVNK&1ThuH-D>{$5^y6Ec)zcw
zAklUU?AS>ta;GqU2tV$$ly+Ugbir0?!B~k$I;%R;Z?Zbkg0zjWQv+s=E|2qv3$BV;
zpn&9rzI0Gh#0Sxqpa8Q!fc(Y<=&Ynt1pdVG9ka~_F#F8>JI;UqcdTbWG1mtnzI8<h
z9V6s5`zGEn3!_9}$LsJjaF%gh&^ZP{WWA7b6`FFJxvjUYU>TlNjK{TQD+qHLeK;Ss
z`uBvruA7)yYY-krR$kQE4QW^|z)@E`{RC;lUJoHaNKP;!odx}@%mLMCrh;$PX73BC
zS$~f5{I&xA`OO6GRJ-!$l(+*6PuHESe6Wl8lY3$5BX8@<cna5uf2BC<6)RbJu?G;6
z<9?bm@L>g#O~AM|H-2)4(aJiHryW;iKtsM=C<<09TMWN0H`xGvspy>gl2v&>tqV~B
zeIoKf*1#V2+zPiL=Cb$)em0y=$XZi3_xZ%CYSOQlhv>DMyRF<M-yUL?jgZ5V4b0<z
zFbDb*Ka5PYMA?KN#={Wo9KBrHQ8YM#`ZqosL5+;NeX=3<OO+3aiZMVsc&V4zbGjKs
zl2l>)+2#)$Ich`vO5#^^l0NMh$ZPX-2hsMJzK>#{1RuKUdL2(c(BG8Lx`{SThr3I7
z?t%W4YhAoAi#POidVLc6*IDa7O>ofmqX+6+a~XZ%Uw^n(B|%j71A4FU5ck@2M0Vk_
zm23T$HEX_EM|5ykO69Urn-?pY@Q1-39ai5h9xXhdkMRv?qfP^q(dYdF_vLu?(q6~V
zzz(PRG*rke8Y|q&F)~Vn5OGD|bvtOEC4tguMbq{(w95GDtG7F(?Ll2f!CMh6u`bAu
z6TDvEdEY&BoOScPA|3>jPXunsElr1xi7kJci2-~*Pz2vji@KX5?^Li6Kb)n29^wPO
zt#%5AzRt$ywBaksr_pHDpmXLep*Lyux&vA?V56vk=yKzungRq|5DUyRT*T=XxtfGz
zJMmbyP1}pt&|`SIEDF1h@Q+bSh5Wm^mmBeVpGv+LCx;%nNrceJnMZ7Bdet_WxL}UT
zYkX(vkN!!{YI7CpM3t7_gQY@@N4n!21?<>3(NKHenc62OOBc^|k$S4wa^oYN*?qg+
z7cOXS?c~Mw$L>Zo7{vg0^l@o_+!p;h>wq(82}Pg=#;kL^&FXq{M-FNTz!RcEWCib(
z=>hf5!AS5(Y<Ml-ezp(2fmr8)m(siVrL3!kFK@-wfvNIUHGL6rGpnC*c}w_&^MpW~
zchm{qDcL3ZU!GZ1+nJ`Ft8q|MaQM1cE}lsaP267ftX#~%)g=Yzgl98oDISS?lFAvg
z79^;HwN5O8ZD~vN2`$gL1LlTG^eGS<p#$J_1#acpALYv<+57n!yXbf-aAv(pZu*kD
z9_;wNFw17Z<m-Ek3T@%@TNiXJso~(`{_1FQP6`T{<F5DnI%Wz(tD&y9;!hMJ3i^U&
z1PFHj?BeB(sLOT2M|7MmcjM{wp8Z(QL#-d2cJ&>mG9`}nkLH!ne(H$AZCERofr}vf
zh7OdR_@Kab9fsi?PHm^VKb?~HzO6DY2aQ~vG=I1PVYVo4D<Loed2t#`azg`B`>#k?
zXs|bHEBI16fa5tYyI!74a~*E#)G~`Brv57}B74aZx2Nk@fW-3-^5dpm>|_i!O0k6(
zc;Q%Lc_<=+O;YOJPSgu!ks3uK<5f<YwyWI_2}O<$>>@~soT_g>{uNBPy+y-tf2aAE
z4z_HMm(&<#X7ks7wR-R;Pe-*m(^z1|_|W4|M{L!9@}MIkE^LHquxn0WlOB*;Ex=8T
zgkax&qYgH&Rjcli?{z2i(9DUhD4M6(iqwA<mUByz^19HetHWEK&LrG6HzNL!pMxA)
z>lURkamh~9agXMyndbO;g;o$QZi?^P`@8DYd*H62@`z+60-UA8H0LJ!y-i2pLj%<9
zgY|nztKI0JbeY*A4$2qV3{}hF;1p8*L$W{DAN6L?q`8cyldp*giIz7l=3ipT0$oyb
z(ZdFg%Jm|+$V<@8cJ?iTFZvNBUkd}tf*Q?70E$FIQFw?qu!JYd0}nAe1kQSo!rmBN
zyZyqk&5lgygyX~HS@99fNa@f%Fvgr&w~9JtnI_IMx;PZpLYogK7TEA&Q}a?G`l?#O
z3@4RVyq8|*w8Ka*-KL3)yP*+z^eLGXkbWyTE^H_Nn$+?w)|BccUUDrxAWtc8Q$U3w
zuWBDo`K@vQlf*xp##Qi98AmPYDh{s%u)(J2`*mg(-Z@%c<m&KcFCXOZ2;nZWZkl;#
z@m>g`S4+C*XASb!PX`PpmZ=gyd|{G^n(LJq2N%0xw(*Yo8-C~F{ABGAgmf>%s~ux>
zJ<*BLeo;ujHA1fzDtgX8I{KdWj{-<F-$}Nt_swoTh}Thte6$3h7Ov@tur+MJqSENy
zbDagfGurEiYTNhg056IovDc+}s!n2^{4c5FP_$6oyn*YKdeBr*@Uc4EPYtpGuwT>7
z$RZU1nB?H4oZQ9Hj}Ub4HiPgcJJt!ofH+6}Ic7N0r?wZha~hXT?6SR_mY7b8KLq7M
zhy)Fbu^9#l3ts2ZzXuz@G4$7uNFmZ+0g|oA;p4poP@LvVqK0}p$h8GXwF6hqs`mK}
zO?YCk15phK<!aBmCF(DaNxhX8N`Y52s3Y<97Jc^UzMe5@=s6}52Za9ThE!=To+5YW
zu|&ZTE1Ql)Q?4O<(v{qv%wEEda`1}15bCHf*vBNWVaX>!cAlI*F24)a{b^EB9~mU9
z6IsVKZC+6bF;^(DE%C|Nc6Hu`FXFZ~wap{LFgn-(ep7VE&s~a|htYhW(J4R;Ih!-R
zDoEPX5q_e>Z10yjxQ*+G%W!CDI+W-p9qeCb#2Mt2Bs`cU@WTpZ(aZBsLzQc*SnP<D
zL%A}H;-rz5WE)b6IyA0PYMJ(;aS3u*S>E<!jc1J*5uw`hC&=4yKxFZ%QQ@alYgsDA
zNV)DV#wap?3bk4AzqNJ-l!k!6Z{4pVKg7K90Qs$j2g-E)d>KddWB;u%qbd<eNbFeV
z3<dJ<a4mr<3`8F?I4i7ywwBxnmy87tsV<D1?;akAbL>Zl#R2IxNTIoyXcWi|=_SnH
zC@0)lFktn6`C*??m)N&VKBC&o0ycH=uW*!O$~Ei=khts7VQ%`ZFdnc8<}QoF)_sUg
z#V{lR7n!>}#2V|Z&Q8)%IT4@8*C-zAi?kO`R62HCa(rEyFM$LdV@Kc9FT8^S=74Kz
zObNuIf=dS3j@N)9D(HMHf?pv%(t1hFKC%n{rwRVwriyZ66!;>k8E-l`i-pNuiRwi;
zlq5DT<l9WzyCo7a=R_-n!<$y-ta>P7+;4!GvdN><@74146{bUsHrPNW4eYl7o%xIk
zl#{@GhYUEIOFTtO>umstw&Hua_aBVDn@r!EzXZxYvNWd$Yb67E#>%8z2`p=gK$|2w
z>`@gZ9l_dxoF{W7tuu`Wq98?W^`NY@?MVj-iSWyc=YV7t=~3Xtu2D=tm-dOF*FyPM
zEkDdP@$2tFAGy^Ak;ux7b%^2bKnj(ijV%wv%nJe#{6m5-hHqa=szeg*#yoqyfY|2g
zHxUSaba|0x?3k^<Tls<SXPkR0i}3Jls|mPs?;t~h=hv16k2_L!V+Z6TXoC%67!%@k
z*QSG$Lz5DFpvQ;~+d5kFH3q{tc772FVbn~|W4qC;sEDA-CA^VV043nBK02EN^yq`C
z_tRryN_(Ge6BHn8OFSOSEU_W%BIxV7%b0gd*hhNc_3D?5Nen~3K@?V{HQ}@zn;`bH
zvidDxM}Yk#qTDi!;wi2thZ`P_b^>F~sZ!GZ{7D5F#&xZ$0IG?tS2jxoICBFIc<Tjz
z76#<LE*DGF9<u<b--EMg%J>A~&BXXk6!7neLJ@s!xa2|D{pW+r>DZ9>(~Jd4^xNMZ
zOOq|p$;d!rE@RCxJ|5!n6%%GZ-#xKBYzi(iTK*SG(rf1!>L2H08c^}U4TiDEA}H0v
zlXwahMbd_Bt;AXzGyJfT;94JfLrvvh9!|(d!hq98AL9=%bFAABNJQT?0B*PdTvRjM
z-vsg==}f7vB!xYUF5g8LXO0z#n_dbF($?n3*4}5aCM<;1;4(;LGnQz$4an=PM1m6V
zrWt`6E^WPXJY7&tA>_M(vy^WcaLt+>=7Me~>L||&G}Nty*&=k=;rhw(5-+ly1|eD1
zUxe^<Na4$)Zdh4f=`S<BWY{2#@3-r?j#u(dUs%Tqn9B`#{-bhx->s0f?EZ$@<!cV0
z>N5b!I{Hn=G2QN}=&1A!72ceP<W^^em#xPMG%3`?g0tqGdNA;)`94G+ybNO-h5ukS
zEf%9o{0I!n)FCe4lr}R0M4ueKH-h1fs1M(K(f3bnNHV}nc<F$RUOagtInvow)P+Ra
zqB%JPwlyrERxYGKfy8|_TDkip)lcLF3T!0#T)p{QQKtdmNviY7E#+HLcDpm*8ov_(
zB1^mMT-j*KWE!R-474sEN}q%=mBn&0l8b8`5<2_Z;=z*%MS%p=nJ-X;A?DA!`@}LM
zF6#h4Wxsm<MGk`%mG6p(%~37VSPX>5h9oA;g*{r~Q*kD#6DVM}5)2Q=M*A|<CN07O
z?{tvpKObHhPnvVd8GlG7L0Fkyilr*RII$7ajcjjgjM~&y-ZQemw+)>p=M92CunNP`
zG|Vf61Oz5rhWf}}%WOHJ!OH?CspKuPsmXdd84JVS{AFZMf8Rw}iL4ocu$%`OG%cxh
zi2r@wgIBuK)f65DXr?ORW>C2fJkRjpKTf-%+;7>M)!&N7z<wQ8#IMFi!G66ya3D(b
zLc)gT`TSY8N6`>K=qDGdke8SUCOIRx8ijh2AS$GcIamwA2CX0dY1?+5-)j(p8tAJ|
z9FV2HCRPO^KS)e`U=Dea3o3c!J_uytv+zY$rEC}o^wMUBPi3iYj+VSPnbuX6_N`3|
zuTBZSfN`oXhf!RMIZsIeFrI}eJ2;aV3Z^(ZEY!&6)e~%kf;&dWYag55e~)4>#fxk~
zOsV>EuH4q@;1metb(}_i#DEyYZ!aqnD-66$`i+emWnUNbCt!J=jU-ZF`V%{rJU$N0
z{zo`p7o<#k8l_*CsHcyMFUBSis8*-4n8dN##_8j5-_P2Gp4GhL)38PSc#a14D>loU
z5nDV|h)>)?nE{9siKq-0)kA`-nx65~bh(|^G^eq?((%#r9AaRkq2ss0zT<sL<?kH*
z|FmcUg{EvK4z4y#6jwQPqyZei!feEWqm;ZFRDBHC^kD}!$gpbTp~pT=fp^_rSTQ%}
zjGUGJZdkUJ7Jx(w^@<9;>S3{SM_hKu^ctg(0V$fmrNKE(_$(R@Q6{8e`my(YF@0Xx
z&#YCy4S9bK%3&r7;-5k~k|@S~JPh^i>Y8D7bbuoo{CKpUXrGB)DwAoN5J4CmcR?%*
zvK<3RtO(yxGU}ni>?0!dK?!VP{RI#oNLFrPG0-A{G-3UFiU8puSArygGJYx!;>l2a
zXq(@IyoTj+s1t*38HS5gDz5L<OPE<u);Z4N=mj1=&z;3K0(>GrlyM$((w-Pu#bY5z
z-XSP3FCu4o-}E|=BhOIydY5`XEX00tVu|3|BhI``30G4A9|P7x8vNM{%fOT-u(xZ=
z`apE!+srQ;tCzx*>qIvft^^2W6Ki)lVCSY3{uxWd5`?)nVO2}WdR*~2ZUJt@1<v2?
z+mV7@25JG?hFJ$KlV>UhO{otTM8=f3wO&{xl=h>e(X9r9A3Q^~8^qj^kK}%~*dX4J
zLPE9YK_r#?xHDS8v#j%Hf!X}9`?9Lt-ij3F2MS#mu-pI;rI;F=u@Q#rhri)l`MyX9
z9VVmyIQFu(E%GY`{O+*^hP4#zsG_Wb(mQ28FB!3&krp5cJ~h<>=<g$GFgTIU-ljR=
zDRF$UMuI0qSAoVM@^HJiK*<Mys5%!zd-@Xw<dz)LNd$NvXEJm-tAh}2Q2?gp9uIJh
zpARv`?jBV5%TeaGs;v`|rSj7MlYen=uIAI8uKOcRhzBh^Q_+v8)sS|XSkpM(ITkct
zZ=U!SF#hJo;+Orv8e&3(f+#CZjJq7V<9titF4yU`@%qL?GmpNj&4IQS@*Qo6VHci>
z2hYai%y%nUzPQZ=y4SaFod^3<V5V1Q5Lj^HXXUr}fVKmK+x=UK>p5r~+KRpYR9;GP
zIW-deA>=&x{WP9;Xvq5y@3^<shhiLWg=KbnLIX41u>9_<5qT~q_{+R>#chwQbZZHn
zuRq(OuWw(oExPhCWqy9zfA{nT@RapP|6B_Axb}LC{f1=m4R`}j13#CWTCgJAAJU@f
zY4+k<-l$1RofDjCp{{_V*ei=wGC6;O6&@%%{6-4OjG{On0i@GxOv=t7SxM<(4N@e|
zIIrM087J)dPm)dvWgFk)%L)qvPQ1+Ny#HF8|Mv3J>EZSkq?LTpJdbu4Lfx$j&m5;Z
zm7on-AbR8lnd&aU?`dFWTfJii@6I=~Nar>~YZ^X?zuOF)C2kjwz?y@A3IqRo)Tz|}
zIcI>aEKIBacz#Rtz<0O{1x3ehMg1fC6R5jUvXQ>T9kdH)A@=@R2M^hI_4G+v6vZ&O
z7qoQF2hDDv8w8K}i*8enUym<JP6d5idEF6ph4P05B5{|M<h+s|%r6~)cXl&T6N>9r
zr08=do9uN~#roI$LtNhK^<%)8LTA8flxVzoSI8{*W?<7b9~2J972YXE%)J2l7W_ja
ziAb<Q@4l{nirwG*rFYn!q;1|4csJJ`RG8su-sk^kdb|s#x>=$lgC7<K50|ylpviA&
zPrMUGfr22Xim67GOXye~(!+2ZY)z0f0vl$NzYoKD27UGPA|min`k|=^4UC;xyGSmL
zIL63gO@&z@5L`1$r>qrYyiE5T2PRHd2$V>*jc6L!99$Zv*rfPr_8JRyhT0e_i)NjM
z<=aAo6%-_BK}&)PMy5)ZKPH-AH|tC5#^OS*D6X8~j<R+_7E7ifVcH&xe@&Qai|a;D
zlsS04ONahkUBiYnjk1Pzmy5`wh3C2r<Avue9uq!Pmd@!bsT2Z>#8khkHSmTWmE>0H
zd&YRpWjYMsd(Q<c>tGRXi55oN^6y<KJ!%_>m~YkagE9?lJ+JW~{`_x~oahNKe~83E
zhX$st;(XB3CB41013;(4XBJjLmoalBVC46)x>jCr({}3FWbYep+hR(EmzP?e$ThJq
z=0YK`l>U#{`xDD{8ilP2(UTVL;+FO1oxi<Oq!0)eOYhMG*pod|x@iJEWfUhhj>qqH
z3*@y(cYOrJil69K3;uU+Q{Kn7O_7E1Fzl%xK~$#G?@-*4*Zv(vWmC}WZPY{wE+4iK
zBFYz$r!k{~R`CNA)fa~XfVtc#Yeg;~r8(92h9*ppb#<T@M*+C&TmNiNk9^3H&AI*E
ze?H|4rmGQI)}_8e&J0$tc|-60Iu!g5EgP-<(t=;$MBDBKJNDvTxvnMa3R<;%d<?+@
za{65^=-9PcS|KK+IPZ^K<$gASV?`_c#|9|fIZj&Jj;QM?noTl-8R-O1SL7vA?f5qe
z<oznfGAt7Ib#Nlh4qhu)%B2NtB`(<NqlnH5+98N^(KBa}ZDZeb8eQ)gCunRG)fCI{
zKvBz@;^E#?zwq{5y~fc<)z^3V<7KV1q>8S^SOmxg;O#J@-<w7EI%Ahd;puYv^1rv@
zsUas_VLR)cS2)V=PL~;dU&pX1WsTKp5zSMQ_H6xdro$k?nhfaKOk)4_7KW}i_K}1_
z38EC`9VHy>C%7GqI{^QN{(;_K)EU<aJM?#o{_BO$%*aClWU1ObM(4=%QK_Wv=a(4i
zhx7eBFxpp?41KPeGhZ3Z@(OmgRyi@+f9FjKhM-}du8#i_LOu$?A?+czqe4LkY-RMX
z6dOKa`RJ5MX1Jk!SGMt6ZiU}vXsOYq6dAPsBD%{NuyERbtgA+B>g!iK<f)(E!^xTP
zJ0h_~Ux(U)TcH!97A#p8Q-e{k_G;9di;MheCh;{d$-$=yGmN&q1KCpHyuh@0Z#B$g
zB#w;m+!cavy`RoG5jCo@w>-r(8vnG2i0Y8U1R@I1e#%@ri7Z$+X0(#ldNEjQT^t?<
z4mVNo;Im%R^nfUBrL~uExKczZ9e&<R>(ze(d=#_S9R-_%``JS62jW3Vecb*`ei+9$
z0S=7P!HvFuSY05}26m%T4!)JDfww3nvM=#bhX`52Hr7v&-b8*wm~0HLqbRz&4X%&M
z{iK`cSEzcWzw7<EdTLbhEgSuE%0ueohY~w|QL>4Ho!O(B(ihNeg4F;j3`pX1?t>7N
z^w?oBF=sotSZIhsXZd_M29ES+SY)>ZWh7upSZ2P{C<gmh8YBJ*YICC1_41ePtqN9j
zb-yEi7nGeu3sYO^FIB_xQWweLs|5yMW|$dX<8d#{b5-drQ2-KJx=iWn5e56)mU>e8
z!CZ2QYxWH~HN9EHgE%Y~Dk1!Vauzmsa-_;-(T#A*v>__8%Tl`kbEPwH>OE2%M>c#K
zHtD<MBXX5o7g^mOoYTNNt*MICcw0}C?0QL|TDGm-$ExA|^Mi+ziZCAc^8R!M_UMz|
z(0O9~Gr3Q$?Xc?d{z`o%^dZWSYod98#<&!@G=F-RQ=FHrr*pSUrZfr4WDKq&XZ2lJ
z-Ip^o`Q=<&`uJuG$s}=~!zOgU?X>v>;wuQf@%Bp#gv@@=Ui!@}{hN~JDW@BsMS(sX
ziTs_d3r7h!?eHLy!maY$HXJTmH@FoJQT;U(I%uout>||%z!K@c>a9QdUD{}SW*M?2
zDfm~xpO>PF>Tiuerlj~{C)LE$zv?~zb2;vSxj!dk7P9*Ji6t!#@x!U;|EOpeYueD)
zOz?DwAhSK))<1uDLq{@M_=WHsRk|vwuG|&fA_>Re5Eks>dm^m=#$bZ=Zp+6S(7+i0
z8Z|#Cdd$64ZiHnbmo|qWLB#fl`p-yDpr`(`^4ZrcI;W)Lq?b*OjqgKrZm{T^C0xJl
zE!5liiVet;I;wU({LuA1j=1rE<GyE8`_<B7{p7tg(!Vkt<d~zeh9j+Ay5xFHkuP{;
zRZ28yIF|Dtv2rkk*R@>M7}izN3hq=9_~GpIn9|*UanmtYcvFrJ>>ezphzV#lbYAP?
zI^k5^J1}jqtc$L_{lUZ#=O(0^RIuZpXWd>MMe&YRDe}C?Y1&uy%i53c9zN0IUzqmX
z)^Z0bLzS@<FROYm8^(p^P{~tiI#O&)M%)_Zp~h5c3Wx%99|?xd_o|4`2dXRL=c+;}
z>`DmuhwO<?22vaG*yHSBT(OMSXcn#~q5f`)`O0xe^N@ErNX1jVZx80J2fL`yT~<?1
zi!Z0$%}-RPB{AivCY=sK^TxKw1aih}!Od+iR*W4-7C*9l@JgO3Fbx|TVl0^(N6`*<
zEoF#(SJ}YIAfzXZqKXt}M-NhnNo)9XK?OC=akHZN&yM?>Kpcsbt+FF`fJ$`ox5fMr
z(@B#MAg?H9!Vp+{Gvza1ap%8S%8`y5niL9mMqm1kkdm9xK)Hsw<(us?(tfVOWKhhc
zhiNQ)E-^k{wM9Wda}Og^ofO)yS=A7QIwRJ<!%=8pB`kj18^(lcX-;2`hN7YV!fL^C
z&bKEz3}5?Q=oM%a_+?(8=2w<(BjF^3g*PehX}j6%b~&`kObBU3_H3cVqgCK-k<B;A
zocT<8_DlsI{O!@zi<NvGm2YEN>u`2K;h7-Po`R<$wg@GBFYcS(i1K0HHZr_b{=@C<
zh-)8yY!*)CLGHdf&LC(m`>@u?&0ZPp<k4m8nh(u4=zaU+%-G5Wu~0_OAa__W1$Sqx
zBXm1<U@*9b6(@vR0HjU(n^9$wh`$H3ofS);&7dVWTrPdQXEe-b%kLa^@wJ0R9uY1u
zmD7Wuy9nWFjqv^Ce8&Pd?YEpR%7Iac>X)#zxo&w%Ow+7Ss1Zp-RDAqMnkIFpHnZbj
zfT}wwnhAd!yWkn|cfLKWX&JYPsDrx-iw$mN-kgAcK1stX<~Oh=^2dNKi;w9b5M1E3
zupPIY>?$WK5fG!K@B4YSB;%jI?U|__n%6*YcyjW<ajo_Yv7?O7=`4uX^<#j>lu7yz
zUpm|~1`Aytkdr1cXps*qK5i{>Ro{HMY;=HzU6@CvH^d>VhEzBa-mf)VU?gF~E{EuU
zdVVZ=_CZk7A)o*k3jqz}nLEc8`0G|@qrJo35UzyC&Fw%aR1`>~OS93y<Xi!<j=J{i
zf6u>fT!sh(Jpou2zlpOU2+4R#nL)=R)_hqfl_lOFRQT83NjGX%Xa*|o)N<*Ph1Ha0
zvIfKI2^ZruAy>P;n`)jvF+CZ@#^*Q8wkdKTUqav{3hM$bE0oeKyLVrTe*KH6@Q!UY
z#~X4h;|hz(&n%;TT)xo<mr_;+a+6?vFe?eDPk(CA`S$3KNZ^$vF%EH^yvDcWTqaoO
zDr$I|xR8F+em2f>Jzl{R5~#wXKv+$Rh(f8?@zDHed2<z~Dp3!$@e*C8r#%m1BW2Mr
zgOkI0wToKFb%lDd7Y$*d57PT2|0$@jR-gv{0;j9bNu89D;DnnJjh%p9hW}`_Z;%eN
zqM!=|+c|QcjP;dj#5o5UN%k5UC}$rzyYASr{3XG?^dNkndho5s@zZ?R_QHVRuJh8X
zYUnSFKknZEZEle7XLgbC@`!X?9Z!7_Nhv%b5F8~p<>t=tyPM()_X{^EMDo7CJD$lc
zh8p;}v!Q@5)JTQ(>BOG;V(~*3yfB5pSd#Fos-+<2lyG#w8@#ib_|EON+UrnH{+uxV
zf`;0hENI?re-L`#qAG*%>%RW^!=e|>>k_yZuGf=U{BbmKn?s$yrTS$`sK^qdP+#u6
z7VCh~S|rPWd+(6wEQqIjnVuJPJVl`fW%FHyhR?}50t>;Ew!4KJr;|sXKCZrAFK*ON
zynKCpY;95>k8^KqY!pz=KnJ!Lp!_TT9Co2Us1$(1?wu8^&&q~P)h&%Babi$rTGwCe
zRGcm*zhC=<=WUB%u04SK{z!Po4ic_VzB%{8h%F6L5lv+vVaa9ru|wwU&tcXZ11tpd
zj*#oq$D6EH^j<b%$5K!hN4o;V2<2>aVs#DGJBWh^ZVj5M^V&KtWhMl@zN1v_;<i`g
za`Q}SZ~TQnM!%uAPRZ;F3bB~O+;pjV>4syB{jsP5kZN%~qN)ql^FU&ug~xx!ZT`YA
zqUxk!DKV0Wx{gxkn7Sy_hVM(Va3V4Cy9PCar+AYQr4~V@V<b<|ORdpoyi{}zz!2GT
z{v$jlEn+n(tDz(EPI>7gy@uz8O+lGr-dGAJ?;_U^i96fS;omQ6CXc=a?FwDF5UN>r
z4eUu9_!Y~jX=K{70xDX#%0@Ns-`JX<a~^7c`RB!xoXV<{L&hrAAlmiOu|r%&DUo?^
z!&Bm8quSgV=@Dq@x^sof?#2!4a~K<-N()bC_mterh&HF+UFcV017~fRp~E|^j=V+=
zufcO^U(FZjA7Z|OD^5h>nzRWK2_G*&V$!^SKNeRy3gr#XhcCNdbUu(U44{nv1PGQ_
z+E7IQ)%M21)}HUvTfPJAXzc6ljrqMvoclzkC&5||>)Lqb^OObq3Ydx={V7F@Uzd9f
zJ{~39!^=PbxgAZM@AkVUKpvfA<TVhr;cXsdBM=XaZz%&d?CvapWF7YUkDA8aq1;p%
zpif#t@+46VI6VXk{+h0R`^vnh-i4$(_1Axco$SRbf6!7jHtYwu>lKM{SG&jM<v>sK
zc0zyn(JvK2Om8l;<NBN=ByO$GodT4<lmZcdk1T$KCFTEXw+c<iOR1g-sJd0!57;aF
zXBgM<dcqyy_h21G-g?Y;t?jxc!eR?;DA^xm%asRqKM#Uxtj{@=u2WM7-^c;wUO-=X
z0y{0dbE|>yOx*x=5Z{vvrx>Rd7m<d&j#rY80f_Zkpfghg2?gfkl^cX%FDr;My`k>Q
zb623vKUOjBn|DT$g3vFzs4$`k4hOa;z3e}jKub)g3lMmBaJG<B%s%`r#~It@rv4Wk
zDX)y(+UFuYe(Z7HI`Ac=!KzRXsnhFkH^X`I{$Dops)h<8RlZtW@#fMwAs7qzY)#y|
zm4wKeI-5<ju9_f<5|rRvLjNBZ9Dtn{renX2Qcm|sZPIjxB}C#kffnLGWg0)=I#taE
z?o3_#!S|F`&@z_tkHAu2eAE?y8Jv!C27zO~1p|FB-%0Q5J=gbc6c`(jEK_4WY(5KV
z1ZQ2O=)VM(6TR~r#YBFR#<4=YleRNdb2mAltL3P@NT0*+cyM%LJ3Y5GBdXO!6tHE9
z8q(*q2{;m*o5nmOe4)O3F_v%0mDHdXs&i}a5{z5$wT6_{zW19P7h6zga<@@Xg-$a(
z5=VYD^LBD@?x+~z-iL*`B0@WPOWJ}4gX8KvUzXRf!m;G0l`5@Aj8cTgC+GP2`aa-J
zKFnbb-0^%}2a(WDm4U<_9ELXS0GrQ_NUAlV(w)qjr+zp8hpMj*h^lM;zq>5m-6`GO
zf~3*{(zSrn-ObX{0us_8B_S=%($XjrlB<YxDBZu+_j#Z9`}_0UJ7;FjXX4&_cFrud
zR05^ixFbF;5UM`cJ8<sW$X;nMBMtjX=MF@;9zBf#(A;Zc$as=Eq?U&GnR^Jt+YSen
zoHt);$?Qa}!^9*$iuqQ-t?ml?qK0EA_M^{Qc;d+Dc8`6}<Pc%?UbL{9M&GOyU;ERc
zoyGKocHrn#u1utVwO5CJO<!c2?c#Ngxk3BFre@q{EjdjNam=Yq?i&tBCSDVR(z^`B
zbndOg7Y!bH6mLqMNQ5C??hZH!0%7|<6oClgk6<9i$Qy9&Xyh=GR{Kn&T+WviHUuG7
ziFQ;1#^cDr3u<^KVNzT5FSrGy%-^88623x*wmh!nwR?zxZTCYDrZd;i2hpVSb2pOE
zj}o#BE8~W^l2-L$H^|5ZD!iosAi^@sf)8D2l)zqC=t67D9G^Un9-ai7Tf^s4uSMUT
zIvE8~t-5IU9h6rVpt3mAk+We=l3`~2Sp6BjJAV%9afAGz&`c6&3v76J76jjl2vGw9
zjr0J|@Bwd@cw3e4<3T=afo}l{I0riPG3+`@1}ZDz6!o=&0G`0&WAgm$j20E{luQ8w
zNtK)r%0OdoP<BylK%)7DTzOGPfI1&<%Y_aJZ(^7egx@6{Z2S|I;#2ulTR+9Ph#YwW
zTitAS4<39H-Ko&2o43o{1Mq>HnT_H+4`Mq31*T5kFKxT3dPNv;c4%dF)JB=lAIraP
zNjuT`ncV$d93ke@7h-$AXGI#$_i(EpQb`9RJZe-xsxJbdRFp_PnQ53#^@{2%MzaVp
z`Gy#rW9<F$)JA6%<R?^ha&66mF{afrCSFKN13lO1ov6JY=7w0u=7mW6KgXB+5l%!+
z-d!h7u=D^8`o*oa6k=)l6^(?r=7^BXp5bDF3!<gT$D5PWLu78yh!0)mq=mD89J=ja
z7Ke5m_BEO^WU|epI0vNB!knvxsu2kTbFw%9HFM4bSKBqQtBV%Zjp+23MW1ShrYltj
zyI$)|HKmyg#%cz+a^c#um=}I@h`sxz&F5<e3e?+p&>9@h@>TLSsNw^;b?j2P^O}VD
zOMSBhw|p^=DgY|0c~y}&Mu;WbYr*`Xor7JfG$lzt)|Sxu!@=j*&wYw3I8?*G*mRlq
z`^9vAY4chJy9mLwxJO#-J*m|sD&)D{cb|8*NHTA`&9hX<h@1V=SHXev!|F9u9060F
zEeS!Er|3U4u~o@5GItJRCX_5^4Ng^5>%JORa!!V`Xw%m<(ZQV?nJ0)aa=Ipxc`po!
ztzwrRG`<}$K=~kszdePk7}LQt;=4uvrBzQ7#^%ev;YWlmu7Z>C8sB%jY+xs3=VpMB
z$vvO7phDq-V=yEZ_iZX_98>z^J%gUyn{NZQgJ5K%gW!)=>nAS>*C}3^DhQ`1I}Ga*
zz@_=HvYaI3d&@7Ut3nUWcD>G6I6t+r$&hG{_K90wo(j&3=~mG)1*C1c+waJHi@BGY
z2erBbuBVzQ7zkI3`{0{GH0Tb=1#CSzg-jjo%l5e1jxxjBHx$O3<itAt<_b2Q1fLhA
zkspGFv@r6|kE{7ltagnKh3(INl3M3G-Yd-pD!#IYxY1nphXmsWCaRwE+UL2L344|I
z@Sj({X04$=GO@VIj+xzM>GeHz6w{aBu)i7_27U10KI1!^WMK25z$m`zRJ+j~_nGr#
zJm`UN5E+SUmYV%ye-+U1=#lhDq5J5{3*WwUsHZIbY4@ht=z9O=H|K_P$8NqDW_CQ8
z_I3z*Lpz25byG#62yujW8=n6+J27ASxwP#z>^uzdmS<UsIpg-p!4G9k^WWPn&^V2T
zOR4HxmA=u~EWqUutdtVM>3W495C=>DW$jAu)+!NFBPD8~>^+PrCR<Q@7m{z?!V#0G
z?%Ypp$u_>hZTY+4;rPpa_0#3w6EkO(sJ*2e5EDW-tic#FyY6}0$gLFldaH@uUu(ZY
z>E9oV5T?)W7+f-Hy4CF!^~%+Z+1ZcThhUjumXui#P?gwa`h+#3=XMc(P{KFekNt98
z{E#tZ@zAV#;A}Z3q3MWjD+q(Kwkbh?BzGy9Z`UvQXpQ&rIf$5Rhj$-`ZNAQR+5EU4
zBX3#torEdsy8wk?D(7X(TyLm%Y&K>5v`S!6pwk}8q}c=Etm4lqoSv0D!%My5#k0yT
zYj;eJb)TzQohDRiUTSJN-WVId<av^Nq)vi$U4qq}wF!D3%IFaE*k>@hzd(DgOn$+q
zlLP<MLypx)oBKNuGoqOqH2QF^g!aasFKX*k3VU|<!<u>HJtxQ{=N7+R<>!>AAU%^e
zm%sSeqg+zN(%BvSsGk(^Kx}t_GSY;cCPK{no*fhTB8uh(by8cG;RC-gooC(DvO;q=
zwl(fWY+*5VNiVZQpf3x8-?p1Z*0mi_ejmhc6IYDs3WnDgA1spP8mFEz9EW2m?RQGb
zm3dC=&Z~#?=QJAFu@HsJboQmyJH9Q`j@q!uV4u0EHm@TGrAa+vf0EWo{8U(-Fz}Nt
zn->Qus~l?~m;cq-g?i|WB5`v@Q&)fCZ2yx3oL?u7?($sEZ0{#Z`XN5Qw<@BZ|AHy_
zyUGnq5xr~hdDd6i#qp3vy^fStHkwUn75bEvw^O(tHR@Xz%<}oA!N-L3)c|^afl3$j
zbQJA3d6(frjI2IQW{+vGO*wYy?$}?hQ3-wKU{Y6!l<<W%`qNUZ5??Vb2E*G(BMIa&
zh!GvJ7_BKQp^V7Uh1DUBc`-&m{~eEKz&4*fpW25<hTIyK+H+Y%OUv;DS>#eb<RaPk
zr+KMgzM|t4Bp~d>#A2jPcqIKA{jm3n{Dkc!SSUz}(>Y=e=i#AD&)D8U!o|_UwekLr
zHL1qX!Sp#8b~F_9lOoHscx-|<-0~j(($x|;M}sDXjj*&YKL^rCJn#^24I+uriTH=%
zKZwj+1Ys(gBq8(0-if4jqHr3NG&Qfb5rCEBxiBg?1ht0v|B~^#)4RcAQLwYDp&qfk
zVwCW=TuyyVJ6hiSZHk#WIM7t$sJAT}RCQMW<FjH(F8nFvUBrLI3ub{qT+l9<1R87R
zmPZ;$UFV|%7Q_@qAM;<P%!xN0g(#XdrvKw&hUB6h`Y#t*IImst%`^0WbTweS#u7&i
z^g_l3{;P=m>Qp$MxO*YU6Gxr*(}oR`c&C^J83%8RhI%qSj(Z(;HoNR>@1OPiKtd~3
z$8m{g)=?A$v%yGB@cz-H3nAs$2e6Vu|F?pZaNl7?^P0K7QnsnToKzUEEflcC-3k5?
zR7NgsOtdXzyZtMS@vAzBzP1|H4E~QjH25y;)ZgAW{gkD<+M{Z~GZD><FDEVy`*xdI
ztF-&evOjD0gA(Vdf65y@YfQ2IvF~S6FHjVuktf|jY<QyoSnwpAoOMv}_(2@Pt(ZHh
z7o8V2tb`U_ev9SKg@uSnHN1MfM?V=m@ZK92#~oSo!rp@x{s;Lzj8*42mRbjc(Nsv?
zAnMWCbw;IFsrYyBg3tm#7t=0v(QW)Gj~<Ew(*ml7mj%jSWLU$`=LfWxg|PKHBwV5t
z&_!V-tJS3$Rq=<13$($=(bVd*eH-f*&Ou`9gT;xL@4^^4o(KK)5UhV7oWe4{dge2G
z5N(2gmwjThPdQc-%Ta#;_!I>5EloEM2XMYai&i``npQj)A^2mcpZ>k4@33`p+Pia4
z`N&QEZvxy$(cK0QsgYmPBeNl|dQ4Dh+`coQ{0nJ?nP*M`?~~-9uQ`yql|_-&BTF_|
zFzOzj_$P6G=5R;&e>vND&>zLj>bDAUh-%s9Fx~Fk;Vz&bHJKdZimA!KoY!WjvsRqG
zTCarH-CkWO&ck1kH0+1}j1Y(Z*M*4SMC+U@IYdH!tgwg3gAcCbxuIsCMED2#u(Is_
z!C9Ifez&^X91pswq3kL+0ZE%Dop;c?LxHr=6;xWc@9=+pLHwq5Ptg0<SKWIruIn<h
z-4pBCOeH#J7DqUj&#>hK$+LZI-#vE)q#jOX#&9-E4)lMVJCmFSz3wXPa&VRQtuO&Z
z8_?LA%^gvAIe)~S-_PYID@XD4qcBlZ+Wqk=Qx3PzQI#%9+V~N2&uAI5O5f1Ra^rJ)
z8E8Dx5&oL~w9aE&bq28cp3xIdN5!V|?_EY}{?oOve@K}&U8`!OEKjl2xT{UuKTETV
zpLw>L$eKVGU}{k;Wcs{j_EgByKRW)E#}EGy2*cjAeiK0yxeNY#m%IK0ybhF!{T~iU
z0>d6q@_X{cG%oJ?e{={_n?j)zMW|ZFMy0D6WTWvD-=V8tYU6Wd)(Yc7S*7u_ewWbw
zM;1*zXeRVa|7a<f21=IF85u>-S6IxD3TcL+VVhT}Js|WU1ch#1cyjEx<zXJH%xcU0
zIdP`+Z*5r%@AZ{i+ygbk<6EWPg1x*cM`AgW;l}|17X^DSF#Xse;q`Ygg4l+;ikveY
z0;*s0MG{XQEe=HR@T8<0e~QD+Fy?0~3S*FH!uTA4wcnewaEBW1E8xodK23eTI`*q~
z$K?66jjgZk+Rv^|t+nyz9qD1Fk^!y>83jdi!<<`|b{wnpu$aqA<8HMp|N49Y79}>u
zJ>Y;}m*PnUe~j!p^zd}b`t)hYnDd!kA2Toz(3PYaeP3XD&v^d}4&104z<Xax+ely{
z1V3{Rd<K$I15l4-lV^P*RO-Lxb0P#jmWsfduS`()AHcfwYL{~{MQD?XKU!~Uh(B?d
zTS7m7b_g}WNQI%fy*?QRT2y^)trA8IaS36JqEjUPD`9AL`pL<~C$+Gc_Ml=k6vRkf
zrtM?xANA6Jx>mhMY0A&0IC>^S_P-3?`ZWf26I|$6i#)AFGqI(fewJw5bx^prYj+!Z
z)sN-(<n9X~6UUVN0z}tBQwFL&4U7WdBvsvGOHgdJFEfo)aAO_I3%WWC8Y+Il&yMH7
zYPI#i_bO^xLO2sw()t;3bO&cL5zw~HAz8WpOqzn!+F0hoAAN0+W7HMclHDbe9Pn#g
zo{PpKaR!Y@!O3=oFk#>GC-9WM98&@%lusduU(uLQQwv*T%cs7ss=l~0FB_?<DwriH
z4HBN`)M%^?*Qi>9;C`2iUO`u<6_`Wlcq6{vX;*ZwdZTdQ{d!l&BpOhcXqx3P48^AB
zVBh_vn#NTg7KRuTv*WG13JH&-_D#o6Tgv`DN&Y$p?1U*`MA6+(SZuMDhTUx``<&Jf
zRt$Jf5dM&cC3>WXJtoxu9UA`#xooI>4+VYMB1ql!^5Z)vt{<R})?pu|Ug%a2I<pk7
zCZ^mn$;OT-nCV6;uXJ&&lmb~+=^2h5rToekqGI34g-D7!Kco-!s_&nn7S5vx`DN8{
zg7&OlVj+%+8J^{l+rGFwFiVyWK;=_g5gK;dzu{)OSCz*nR8}5l4k%4J$Aq@Y(SsO(
z5=ag$LrwL%%4j7OoY~^W2{YNUlmQg9vE-g%3a%IxMTfqa^&r}M3;mJTP;Rj>hu>)Q
z(o6YuI(loj>7;evhX0{@%hyh)uC8|=8a(gwGOtWX9aR+$BO3?@w(PhZFc`VSfsfhh
z{35$L+hQE}f@XWfY;FQNvQ!`eLUU1caFf{vosy;FGD{C$@QV24q=Z7c`wK}=IPI`<
zXR^=*e*cCQg#DNV!RTe`$uHR_^KjPSW}W)lTC<*T=Fl6b8Vw9Lv)!!2hdx&2T{YV*
z*5othuWFC-X&QOon*mR>6%&tNE{YGv7xI-O82Ntc2GO}>*heX?bgCTa*gTyz9CWz2
z!j_U~ACnM$Xc7|j__bC7Yu%XTs*Poh;fo}S$m^s+>a5<ilu#^~8BUQD0pJs9WXpFH
z`0+OrvX7it`%mqJ{m;_gd>)m}Hs5cdJ#6RupGjuoA_KBe=)TLgPnba`SK(97EY%b4
zO~(mfj#f`bp19^%c|hb$S%4WN=pnJv$}`75GQ~x_9vLM;Aw6Xy58-xJ_%I;1_+{Vn
zvXS2&VmH&mxr`Lc-%qz)4Qv>zCmlUx)o}8A@4+{JNS&Qjgn!KWW6(qXh-2}AYOtY*
zBC1=<i*OWimo!opfhp>a4eg4NYm$eHb|4q)9=$SB$~FUdFkhd8Qa<1+1=ID46t5;V
zC|1dT2de%^FKaSIoCRUeLj>K*yDNh!%t$2x*B3xS)G)D~_G3kja4f_UWlD&`ZQc9(
zCv>Z?4^jbrYY{GAgc?(NN+2^QR66?XMKHj>7=NJ)R8tj$vs|C55}Wktzn4}eFQQQ$
z-g<FINF0p6u&!dL(1jvyBb1B62z2Pd-Ek3xigbZ>>I%USD3!}yEkLmZer*7Y4O40|
zt%0#^=m;!Y>QP}%m&zOd_@=SViwPCcuUvc$?W<fr4?@j^xP=uI40fYCx-ll7#lBUF
zYKdoD;Y4@_qhukK(n1lp+SxRkUIl*6&<6T=U}C_zs)AUbzvyztTUhW$<+qv5rjt1t
zo-$fL=F$&wu}W$eib-?5XrUI#)f((%SUe&Rh)v(=g)T_J2iUDCcZ;6cDmt&@EMYGN
zm}m*TDM+;rV6^zFSZyDLyMCe`x?3qNSK>iSM5ROKkR3+$TyCc=-b1+c@gfw5*FX>!
z@$n}6L91vA5+r$Fgdn=~5*y5DiN<Yq4oJ$ny9<O1FU-hkXJ<YD#&Cbaq=!l2OJ(M$
z8dTD-u#@iQ2CpBR9NPpAQknREkVPr@&ZF-Dt6n{rP|z6YURaQt91>~=<Hfi8>AD-}
zU;J{bb{YTlZGTyT5N2<k?wng(g#(5&mkedGXv7JKDb#73p=#I$0$J+%z;ZX;`g3Dh
zdsc@XXFR_xEs&`p_{%8{=t5PVX3&m2gMS<qPBD$l7WY8Hm|V2d+`>2dgR13+Us}>J
zsbO5??8Q2&irOBmfUYvlr~97|Xm-A944P?%1Jy%2{<<K3&(<k1dyIC!<VP`GI5hCK
z;N?5!I27~R4$AQP3?M^aVfla@zQ7`9D!aqu@w*ai6ZHv`zf8@8FvIgGi^>s~9GC2H
zJ(?Q!bw3)7e-vLflWu%ETh}W!woYSCgT0K+-@H)tmlp?nNdAl7k5cf-RY#>~s>)x4
z#rVGBi1Nn;wk&8@@Ii-e3VYrW65U!ICh3)674s+I3!TbD=sg;YguX0JeEWovYw2yq
z+xl1VGTaMDuYBDRVGu-0&MCt6mCQAfyoak`;K=hsS|4K8<Gh>DC?erD+sjEmio=z!
zVZv#xXWe2dAx{EDWJFi!CdkldR$r8d+|90_+}%s%C;XHVJ%3#gdgU&Q`k~AFyRmFe
zgVrJu87Yy4TmX^2?noR;Yp{d?UtXjB{x+K16CZe0FoP`m$(+hwNzdTuph6jCOtwyM
zlSIZcNC=i5%i~?|(F@dGN>=Fqc8|O)FGN8xOj*z&=OV{JWWSGas7DE*8OUfiY=Z*x
zLA1{tEB{iY{~wA$vX6O@O6zvSYU<Ud3#w_Lgifl-@Mw(sfq~Je8evNK7Mm|V1-=%y
zK)r`0mj)U?RxA&}0w{+yBg?R@E}a#H;>BAY0*?apJ#b>llYgnM-0>;qGLeG+lH9hU
z<Ls)L{Ubm|$p_wvJ3{rZ2zCaEIKeuU7PbFPpLIj_O8{DleRV1RtP}*al1roBioaxG
z)#r689SN0tP<5j_-HC6QX=r7&(Wjq{1AYCe`4NJ{Zft;vn2WsS^K;-q`3;`<w0Qf!
z7fN0>p@Pq0iA4XdmB<PkqS@D=`LEz;H!@)-J|wDt*NS#TBAoE=2<wS41I|7SCGmmA
zzw}r}JIvLO)+_$U(tH^u`m&VwubO}|VLd8XOOBfDU$lZ3K>c@r4D?6Cl9vnMPW**-
zf2+pEW9@?D#y3?8^H8bv*kP-*UrD+Q=ToRC6qHd~eON1eV%?5oJst!E#8R}lQr>!5
zVhdlaKYqb{l_T_@r5oC#cU}Q9=7Ha+I&xg`bJp%3n)%k0+=|=>>=m!9M~uA}!!v6-
zT${Len)x8hd>?GlVjdv-X7b+Ucw^{;iR|%i*m>w3Z~NY-vn%Qkk+w@(s~vHsY@*Z~
zU+U4jp@(}`B^AZuGMe<FX?FB>pAwsuo)~2C_}HuPJpI5kt?D3qVOXQ{DBGC0enI97
zt8+F*4f8aaJ!53H1Mq;N1ghS|tYQ6`h$x<r{|JWP4a9b*zM`;Dm%bPB{CR-aAvG%h
zmBq7I%JUF;w%jx7V#)L1jnO4`i}^Wo^K%6pnyEMO-x70<9$yE<SnjoXJhe_q`XDny
zWBrK_9a)cD)&eW0Nea1Ql=wa4mT-&~=>z!NFZ0X4pvZfJM_q&;{SXLjV6cU6qlj;b
zf%F<W(K@s7x28;fd=7lDFZoSV-!ArPhrv_7CR31~mjuefEM7$87h}qD>MUos@is|B
z@;Ex@Ih&ymb+CmW1i0zof`!ft%KhLoEICkdu>T@xK^O0=c&#3^&mV1UB9$P>cyu}O
zMZkqde1k$thc-J0FJ{snn{D*l2U<;siEl;vscrA;(nOSbR(hKA@<KP;KqW36=uj=P
z0~|wuJ23-oi0RQL>--qL%8@?}eZcd}WBr`!-3U>m4;l{3GUGh@HQFHls<uUEGd&d^
zmT9mqwe=<>rgtgTBl5@Oi-=n3hl}PVFKP`#twP(u7g{{Tig)4un>{X{i(hn0laT|i
z0-(-A3SBX;iJe2CcZ<UNniO^MlpVqiDX*lPH<(|2cvMW&9h4Si+>=I=lC+a4lJZ~{
zBgAO#)iLlJ6(622-Gt#s8g6`Yiw^jroejVB@y)E|1HnKxP0d86idl&i8)2qcZ&)}J
z-As2J<~baEHjRItr}B!hc~Z!X4Axhxy#={80C26=_zX;@&|WXCWyP@|e|23QS$7X1
z6hoMPY5hq8zf}n_M%Zi?yD6@SJvQt2x{uB!s!;=?ut3oz&>><HCFi0;=?xOK&;EGg
zY~GMu&rl#C%ZoNbr=Ae7NpK%GN^biu*giEDE8sEL=c0mB-jHT(!^Zh-%Uz_rVx%r>
z$-NyNDmDTE_&9!V?0#j@;$_MlyzKiCfZAPN@F_3V8|XF-bU{Zk)M?lAXf^)HKr=LL
z6D5L=4?p^r8%#}&v(#lWaY(`?iu?idN0=g9V&nlr`<;Gvo}4*(gNq43{{8nm@6)A<
zFO|O03Mx8%VGf~%nY~h+B<Wvj0mCQcBn@L*jPdhnqA*_rI&z@AL4hXlNti`JlQyQK
z2%BApzJKxf*M#LEo9m^@X>1m=){jFK`ticvA63<jb>!j=*Z7rd5-qaJ@5#iy%mH`w
zBR-4kkdm?U_#oR~Ac<=`!0(L~#ZOlM?$VRwyQ7UzFoi>W50CK;$(k)SY|6Ek8V#oB
z<}YVw!ulnVI%g4<dxH3xmQ$TtF-=OD93o@xoZ)Qwa<oM=cd=-vL!Q1fv!&m|AsDuO
zc){eBZsnaK^Ih;&P?%VqBaKT@KtdOB4>HKU|F*_CcSAF!`nc~j&vCGq@On4piM7gG
zT2w7u#lqS2lu4gjdrpq`<NLX6rFQ@Wx}RvpA2fg+oSIKK>Z+;~btKW)Fx^GDczES`
z{^ktAg}YflDRDMe-UKE-X{y>%|20Er@rB0p6gdvmx?;9nQ_1XE%WUG)PB4QFFn>75
z_24$;D;no@@jU>#XgT_h2mR=3goR)u4^x}O5Dx}6OJPOmh`_5E$e2TpaM@etx0Mqf
z_7VQ0fddtBwEew1=>5BFF9%y`vzMfvmNETUoYNY@UBK0(2>fYIy&w*&WPAL?bqyBQ
zzkULuxwVt@DxE;9lN0o6#MO3Pk(JdqVfn2406l4Ad7HuDW0kA2W+B7wjB&Tqhubq?
zZzNb8Wil3>|6+7db&}+Sv&$F9lJyn!kBg>qE^W*V6u5MZI+I}BZ}#eSdLc{9*ONY&
zFta_$?dn#8(VVZZU-Q3=&rXx2fJ4i()N&_1(>Os(?bW+XdisXAV&b(!FGMq=LC|WP
zFOA!8Z_o|hkUnAL<#Zz=1>!c<No9qhM$^F#@9&@U##Aj@0W_tOWf9>fynTxzOh86G
zd)8y?k4JO3y4QLgxx2x_*9n<n`wf;Hb+v0CXk2hMUXO-jkEePfO;N)p{@1+xl%lYQ
zKCvgYJWnCNa@wo{-O78(zqrP((ZL?7lw(P<SwhCYY;PhyVIppSVsfE&$Srfp%^8&X
zqyZFE1W7`f3HD$~H=<>TCMvvgZ`$DN1Y;w&zE16w&VVGo<C_^ws6gf+wnO7ZOYe1H
z*qOU2*b@~BZp4Hx(!nRn>iq4#<005Wj%Y6)M1a)ozAyh4q*v+2tdTBwZ+I>npFgOj
zje;fp$jR(RXz*0+jq$Yn`F8O@YZO)yt{NON<lk*&{sjK<I0er;JgnYvW8_5oxujqA
z)hD(YGMRW$v`_UoRV1&*M#a=4@V3Z~XaffipfSsXfU<&5N)(V!RRntq62A%%Sri;f
zX3WDd7)-=Hqde^Fa0S%O!WfKVIcJ$B-)tl3atF<S$UD5P`Sd2KA8zls>$f0Ito7UM
zK@sb3wCPPE`_~pxKUZ(+uYPa<6s@x^CivQv<O{BcI16d$x~LC1PQ1WbCNw{~A3b~b
z%ylBogH2_h6?BB%a&`b%*>kv~v7!2c5zl<Kq~3o1ayH^T_RTrWMTAX;iUqZ1TyI45
zCuo>(a?D9?CDjlRa{xm%9k73^**4wtnM1hcn6l7Me&I^Ca#;ZC<Tw~Gdy=jUIf3?G
zp*hjViiKbuc@)lNA8^*@I=)T!4CbSBwr@EXyl!T!M4NRf@*C7;-=uWO*T37zB#tfv
zZXoG#V*sD2vKo+XoDmnQZfZ}N?($#@VszQVK<|k#P?#rR#$S1<^lgDFa9Fm??Ms}%
zM5W%y7pnCQVcO^;Ul=Fb$<%cA0?xtM*7KatD{%g{Pc$;t(UW=}0)GNWg-UOFB)%>c
zpn&Lbmh9^!rME)V%79why1jZP&5?6K?l(DLD7jQ^laKQ7oLp13?n6(AQ(Rlz%&bks
zPJ?Q4mJTrrq8|+1Zb(VqpigZr02NFu3qkt`tws(pl%wE`ZYl(&$=?@9yy#9b*DtI&
znqmA~LSCdWT0IlgDY#*4*5MQMO@R)|b1N+GjmYWr;i4odWp9~@2X{qgPwsg+%kaxx
z{c#-c7{*?>h1)9hBqdsxB(G;T14*@V`uaeEIFW57UYo|-bb(qv(URdx9+Ibc-E`;e
zl{OBz`+2pssYDL>#;rM`u=Eo+Cd*!;bQI*mwZ~bYhwn=y6E`|+&=vXMT^`0*poN>&
zKQU#rt@HTJRcVF_4J$QlbaH;5`?}ew67yZ)R(S*Qsx{dC(f6a~de1Y4Q*I1W&w4Ek
zXj>FJ@V*HojrBVIq#6%CAH#S6ltH}E4CJtJQo07&wgzEDz&bG#P)4nv1|zwO;?UAZ
zofuS?HzH=N950u7&f_jGZ!oQ|GvmWQCf&@+H1?g1oRsWga23X-)62c6l^32vwN5+R
zCRzF9y$!TpBj$kaXZ=WV36WHG1)97<Mv);uA-VDStxa}EBJKlw!Lc&XfatNmX+yX3
zV>r}b5-(n{*P9KtTTd2f=tEGEX<I=A7~cHJnqB&GW6;S^bT<~=jJi3NFuTM6WR><l
zvNr7^Ha^kj)HvY|V@z6)TFd)4k2#x4)Nti~T|Q+mnsz|V+k!{bQfwY$MC$Qvilech
z1j(IeKzEWn4@=3yckoLo*gfa(*-sm;1(s!nLN^l7URyaqpag%*3*7ohux~k!9jxD(
zPDoJ>sWVo~g*WY`ZdZ5@>m>L?;Np<gZIdhRJfev5?<Qbi^DDp`hr;h|%LfZAGcl5s
zKj9p{qQ$(3=RSBNiff&O@WlFRmR4WHdWuMWQ!->CEm}W^7H-wJMCo=#$Ug^JW1$Tm
zNP@j*0oPsZgOKr01u6km8!M^8oo-#+Du*HF8lQ={-+)nPuS*A1dyQk?rRy|#Hlwf=
zjk}Ra7z-?sim?H08I4P$rr%En09Ld6fV;{VG+sqdfC5|0_~3|h;|&;@F&R$4{nVio
zXaL(2IVr#tj=2UQblcl@d`EIp)B3|B2x}1pZO#yvYgZE>{BF+vi#Et}JVF^A&%@$5
z1=m{K1P>>`rXsi2cVmPNB^*d&a0XAfJQDKZcIYljEl{Ak0n?sEsFAlV+Q*HRT|Z?*
z<;f0kD}N?OJT~L$w@ZC!B=a%H|L1glJlJcx`+!S&A*e96o9>A6D33qv$_0r3`}ioq
zTEvCJHPq~RiQcD|9(&2Ozg@9#xXqWF*3#<FxE{WcfXZCz{c(N{gSc0u%KGS3l^rZr
zs=k82`-&ra1E1g3?;8|kj0%)qOAT2I|KbiezfVBfSpcqvn+!dJES`X&trd@{>}_!o
zP5IPDl;}|Iy{Y}=CgJK@=4PxQDMJi*^g784BuFUwlT6$o{$!pOv|IqqEj<KG$m*$_
z_1=m5_A(ZP;|@^tN!WPXa$>?>u*x8mnCW+OyvqUP8Cq-$ayndK-4@UAr{=6y<fJxw
z^Kg};tAo2WL_C7-4D&%)hZV}hRVmHcK_Xo$1=l^?DUcs~QGU)r#d;IJ*qQsJm>J+I
zs)<l}aI-2e^eNpGBPA2<X0W5s(f*ZPvWd<O!L2Wf;pHD!@nS;IAYbZNXb}~e=CF-n
zWNYX%PmGT}`<Wf)*1*`97;|$KFz&(eaYI!UHf!Xn3UEn1nzNjbFfd3@dSm@VDQZ%K
z4R$$ewv{aMc*I8sa4hL;Jf?Et^2(MbgTGAludF4~>CbsYro0SF*qV=F7ncH@tk^9c
z=9U2CPuGWEVI6A9Sx=+FtHHtM@*remD`4&g&jw_r=n?0d*H7CKjx}5aIKHtn^7p<M
zp^FtT9>FP*6f6jnXb({YoKz}CAZ|jdWTz9h*<@li_ri>*9T79%TG!B|lN+|FS&wX3
z-)V0u>Xv|%vfl2xov3v>I&LZF*ns>9ChIbHVu%DPx)kGzJ|x*=0^A{iN{0E%J)Cyr
zgkXt5qwsW8!FK7iwO==Ufxb>l{5Xo1h6Gh4Moejn&0$~USf7-pHz;NBzrr*vtsmk~
zB3Rjm^fOHO-t{n@Vm{t{^E2!_@7CRqk{x9dlvcW&H~O4eKuEwOUaK;YnYQLZ!VT}{
z+gkUI)acxx7I(s4ibm{WI5u2zm4;&?%6(@@npDow+}eU3+&3-tNGFvhlm8ZbidVJd
z3`4c}XfaqoJFrL{8LEWE3eyfor(tX@Hk4}FLpu^YDdeuR|I$ErleDj{aKE!Tem-^`
zVEgt-FN8mr!wxK-{keX<>QLP4TRZ$GVZJ}XQ(4<GE$VMqm-jjxS-{Y~6k?!H+k1b(
zL(;Y2KL2Xr-nebh>!}pF%jSAv-971zuN+|g_+EE<E7ov$U{tBvg$V9umkTOkv!X?A
zoz%A@TO`f|U@bC}B?;Ci#iqv_t}w&C`Tf8XuXkgP^+xU!4eYRjaAJl?gaer7ko!V}
zRXGrTQFpY2BYNb{$=^|n0BYjaza!~=UpU9T<+qPSyU1Omm$MpRiX>y*>0Hn-%UnH_
z+<hUDvOeE#)4r6P9)vSxJq07iew<=B{M}3mSw7A*Ro!`k0lmly@2>MzZgcN@M3Iq-
zzKWt!MNmk6$rN1sMd62we_}wA=>u|(JH&8oho82Xj+0M_QU`R(&k1@eF!WVq|GLC{
zCs}~`#MAeIYEla#ehP3>9nqJ|IlI&5JKe+}zH06uWO;0IG-wNmvYhBu6~5o^<1mcM
ztJevAC0n%CL9Ol4glZ9l2Gy0%0Ok1HYa95!_j!Ap$X*)GCxcSQQS;seHQ1S4^9|=-
zf-}Ue>-YM(f`y0)ySwj$j^kOn{V^<9&wWLEm08t)WPcQd&K$_@*n%(W!(BOs`!CM@
z0kq0<d@f5XKq17}=ZVP1P>;W-G>um&6X&~O+S6(qY&F_KJ;zajzI-d%Wt#wNocOWn
zweFJ-YdG-BL4g-liT_dB1gZ4YIPB}gT(FyogprE@t+*CiF2qd|MW5}C9Nr}16XyF~
zSwkQ25F}M{toNRv`Z0>JfW{x_826Hm9L25MUH$8*AY$yPrR|<NfF4V44@8i%jZIKp
zVU$n<xs%0Hz|k~{B0~U0K=T*PIww1Gf?yI8gBk_-<n@I*w54#z!|=oJR=}iK5{HSi
z8LG2|l2Hqmlr=r5n&auq`Dp1We<1MX+-ndz2A1LQ=sb0gNz4h)=e^z6hZ7l%w#09|
zWo*#>FojscCJe8a13$~lQXNI_6;r_FeN9$+P9uBsvph*u_1?dvouGdq%)0Ug)!YQv
z@RPXYbNHStCVaT2jhHZqTD9(n;YGw4VVN}K(HV|-zj&F`i?v8^N~C#|fH{(_X#?W7
z(&Pj{**MROM8I?f$_O0ulEhb6!~zLy81h)Z6pK3XPE@-AKbu=>S_xdJG0A&!AlbW#
zddEBT(J?{RG=&Pbx=IP^^s9~EkqZ%I9kv=_?~OjpI%{mzkK#V0JZjxVo+F(_gdP7E
zi?6<N7STu`K=5KnB?SS1&fQ2A0N`8>VNK-epuzklUh*M}+TG9Hv8c4-$c4o82{S}7
zpWGxF6KNq^ysWW5wg--jadd^h=vNf{jEIr-)jhx@n+Mcqs4$9Y<>}}sgG?kIMwmC(
zdWWv#ckr3GSV_{=MR){o{MV@Ypuh5W4#K&<M72Ey;AGFhjIYDcER<O`cC~y&Qg&p(
z6j}mL88gUP7BzwBFGU6+)E{(#A>(r_tXQ#$n1JeS+BmevRM4(Wgumyiq^dt5Y`(h9
z-H6D<hZcpIG$a$`>mdNx(hR?@5e+3jX*LsQsj3qyJK)V#<ONz~zz9iP#4At%3e@do
z6K`zXc^4Lbi5S@MERwn4xnpGkfflZVrl#C_)f1;}ir>Q2?lEp(vY$%&VW<&psw8nL
z3$#(dJd><P^)vpnlKbayO=>kX9K50jHwk5hQz-nJjPK)xpf5fMz(i1Q843~seH_W6
z5$EzNe$)v-8w~$ZbDZTxg8ZFB-(@fxMGl=kB+v6ZfT+WwLV`4h^n6ZpROhwGW-U^m
zAuvo^iWu2#2^(bcMJc`x3~P>-6hXz!>p*r5@P<IQ9`k^5e1S4p^B9E_>JdYrq<|7R
zOhNIt)#}WBx{~8e9q7dortX9~UH>VmW7O}#R~fXYU7tAI<7}!5|L-c0zr4Q!s+*PT
zumIWXeP4@F5)g%PE|`CRBBMD2phxAujyooVAJ431hSaX%LHD*HS;2U^(~MRM$83Q5
zdXutd4!~bkKUcHMQA}o8PYg&)TH6A=jL7i2eQ}7VLlYgw0Pv2C1&QwI-rTR}H-RG3
zX%Y&h^!O+Q9%Lir>QQfL`y|h>5N#<*VpMWIT%kh*N`R;RARkmqy9IMM3(zE&4gzPr
zn0$a>sYW*Ay}r1Id4d=2L7N0{bwAAb-&HcBD}i7?dbTU9z@sBfXoiHV+%?)VN40gy
z^1ilpmDHzkvOgRsO{SYHPVYUEAIFv)C<;CPjimkQBsUX0Yq8-H*lRGe7JR)e`6*{c
z8NUFqnIsclG5AwU(#`=h`XLQA@7p1n`%@^gQwIFZJ6(enps^Vk4)=|gR^|NV?Pc+&
zl;zLeR35vX_W{T{5N};T$QnEQpz2T2$O;ME^q7cj|G!M%nDn6D3X6~QN&YEc`E&O-
zZq`+m`5D1*jjQPoOlld>&G72iA1$~jme113m%Uz8)>;n6(rz&sp?_oyfGxkf<_(C;
zfA_t7y2k2_=Bvmd^;L!4otQawB_jOSc9<TfE@UU+(blBaB0mqcUmp%xzreFj#0M#$
zDZ>%nRZ>Be{T-IBI8N2S7@;5gx$TZtW_z9$>}&+T|K8mYT|X29`$i*;O(pGn$~Rjc
z5PVzZS5a;GhnW453z@L2!tdyMDz)u7H}w~|f7#+4fFjOo@6_RD7iV2Eb;i*xcLUGn
z_~$MN_@B2fb8n&I4s#DVIB_CQd7Wx^26AD|&GdI)2A|Shx8s=Eb(G%=gJt@h`hIHS
zJR^Mobz7UYRffBgx{<HWPfA+3(1S%6k(_>5k_lfN?C65x#jyOk0$o9CrZHz;!VssH
zKdb2DwsTvZEx>I3gwcwPa;**5m@Xr>!m*ShJJh?{^uB1rS)@`yU#Rt6Y>K-UHNZNy
ztt8Okq>VqZzF?*GIo8|#aK%lc!GQ1|XLULlcob<gjp(eJ!ti^QW>?b3+$y8W?<`#x
zkZM8v%*Iq!r&vGq<Cf&h+y#iUL3MpASy@iI`@;i=F+~NqEq_j38!-yXG78$ES+Fwv
zgLdQYN?nt&GK+||)f8$jtJBJjF;D5vM7pYD;C(^K^|z|+LPAp4zKi+-NaA%<(|q9v
z>WO#O<nhrk&n%6F<ycT}V_~naK>?v#`EJWE-K%#S6<@KZ1@(1~L)g1&(ukxI*}P%>
zk8f1p>QT@dZ1m|)lbAczN)9Gce~2n(L<s$5686ptf^*Pul>p131WhHtUcke6_qDfk
ziRPtZk3(7TLa&j3R2A}^PffM!TK*Hk5#?VTV9>vqZ}Q5WyK@9$8V^1oW=T>{XHS23
zAs3qmwqwrb#iEZc)>2JS!a}Z{5B}GPidm?*lO0!WDuz}jQ|?j+YBO1>L^Dm_jacGh
zi5~PDFZvoflqyoT@DSjFdLWIMIZ^^gDH<@sI*Wwag#;Lj$o3Q2Q;7|W{W-s;H=MtI
z2AIcQEd=G6k|eFI42jTI&!*Dkysp61p{GX9r}#Ucf!7P)uXpOzxK;JgPe>3W^GtV$
za@vV8!y*YJDDrFML>>hJy*PF@VVxFI#))_2c9MhtT+eWduZh+)Uy`a)PTwv@vcP{#
zHy-}Sbid{ASU;+4q+C6qyv<A+!oK|Hb~w^CI;zUO4w(`0mj<fikNN2LYyT59jQD>o
zCHwZ;u>bY&D9sQRJ+e1TW)5ms;Wvsw!^B&)^Mkvh=z;#Ou3zulkYUD%eh%vmG!V<+
zy?Cbq!7)MtSKHBE@6~JI%mn@D_J;6?=~k^@;AK6P&_5)Uf3f{9i8${6H($c<uepXk
zqgph_!Wh*q*FeYeAxjih0@mB%?-v!}Zd5jM$VheJHapVG!JyFWd-x~XWQQZfon-Xa
z`2uZUEwST7eT(B>80S=x(&KQBZGAGI9`I7)k?ZU}&GT9Ta?0!S=rX(mE9SnyOBp>J
z(0XTzb8tW}#d#hwy`(fwg#Yx8v=NxIB5x!q?Tunt@s)w#pnin)-aaibA424*eGE(V
zMqYX`DTE!MFkByBPnKi;c#AfWkKAkRl7OFt0R`<`;bGM7`Q7`K`Q47gAPfpDZUOA<
zdBT8x!}wA+u6xtVVZ%)Y_){1T#WKD(WDnCCDY{>bADhY)|1=79`OEc@0ncFVL0^Fn
z;SrS_{OR*coUHUZC+q4#eO5%-0pZc0*B=cGv8jUaPrWfO&M-k1PycWX4}>FvE6Uv-
zTbtc~o%1F?2RrMnIPC^6xVjdc)CUArc$?p!^;Y<X(tG`Uie4M4zo@3Sm6}kkUi~ws
zJD`(!c6o(8|5@<OYRf0{go=y_>y&dhX{GY}VHYn6usII~#VB_V*-3PgHKjFA24?Fj
z@+8j6j_9a{@ePahQ1W8RHZ$VexXi)!XmTF!ECCm(@3|fmSILwGq&izy+WPcce2h+N
zO}CN2_R}~`i&)q^J~-OwFSJvroyj@88~w5oGgmtVv*e<Iv{*T!tV5rF#9&>&p7&`l
zl=O1%k*x4zMN}ueleoid|1>|i-r=<^_Y=RMkM&Cq@3j9czhZeF1s&L23WGv5*Zr@a
zMAke$+)zsOd}<-hH$KadZ?Wc5T_Nn<^cu7&&se6lJ0y(WD5IklyxY+i(aO=P{E)h%
zvUdyJ_X|qU)KrG=qJ#RmpTiL$6;qfO42dtmc-h3C3&!6-Zlr9=eyO%S)5G;*6a1qR
z2j+$LEInpxW$Ci{<p+qg68Y2v#AyVq2tWqZ<<kOUw+F=eqcFBc+>L0V+X?-5xgp^h
z&y{!))#J7x{2;<3!&_!VUdW9;nslyX`4&MPE&=~*Lm8A+JB49^KR!n8#!P&~PiZ7i
zqlv%qV`V+^1NG*UJcJ{qgea}67IrJyV=!5}0?(p=B*X~<!HIu070!xs7K@xoTvsN$
z?*STiCUWDh+Kl<^DL<chMwOmLM?5+*$_$c~8OQLe4k2>uJTv3))ZI;Cc_<tO;|YUV
zk|7_8*F|?d*zQk~93Oc$VKX2^!eK=aN4bc@qPuNmn4kt7*M4cEz<B?_lm&yrhVehH
ze{E$1U)po=MC1EmfxJw{cnGeJ+#p7}OkZ#dFT%Coulsj${bURh97_IH`W@?5*L2s_
zT3+B!94Mq5PlT^dyC+yx50<$VSeSFY@9Z{}zjLfT{`2%k!#Rj)uXpP;aAblSMy?x8
zBRP{>^Vo2k9?fQBP{eWf5RuUiiw+r&8@3{<L<sr0``pP963`wBM*-_^;qT`Z;ZG6j
z=P)rZnvVZnI-;#c#SQtFaaI&ELxxmPW0MCpvx1|+$aK1?u<{SX@%krd<MK4C{Bu_K
z3sRwG<(BLTCC^?(MX^5eRv2?8{RK(j&f{9ycTwl&CM8PlkNc7yTaFMhH1b2)o1&rD
zA>ITR$L1Zfxx3%x<qjl;%-6a~CX>4}4@_9f<_tXsrHKcT3y)lD7fe*K6MtVZrJ_ew
zw>lDnre2rSS`0m6?GIs1Oa`+OBA*4%?<;oa2~$VhvQ*YfU@DPnC$LMVq~#~oL(FC&
zcT$WlHlHupp@I-wxwKq*Z<P-W#8!XjDkS{o-9n|-Y+%;6COIN`^Jn%5Dn<?v2)|4<
zOkB}}Yh}DJQzx3>&bQW+36Z2x%xp4si2xc-T!lAg8<`@(nrG6_8{EiFq>-}j^x;!t
z$+FG~;X|8zsGVFq&SD>T7OPFHRm8j?2`DvU^*;_2F@*yn;J&18ezF{h=Ti!-*tT+0
z5d#i;Js1>AMKv;I9MI!qQ#kHP6=-~l5oADgsR<s+D~5G22hs@|-PNIYLi<(Hko2LL
zeg>MRaE-6|=tgGLj1COm$iMuVZ^rBE?Q4!U#y9Uq8?NmKcL)1x`TOTQ{(}n1WH{>^
z*`3r{)t_Sx+>YB{n?D;#pN`;`wD5FVdxc}@eN~m!j>s;}+p{#3n$Yv$7TvC7&Y!Rf
zcFwHV4w^N*wtQ>QmqkiNU}Tw|0aYi~NOfTNJh>4oBJ%d3;hig&fn9`D6w4=xVg~2k
z`S;X~k;y4jjURq-HL4zxY!M&*x{!-oTcuCNZ?Fp@;g1y@;<gjbZBnTo0)sO3qmNJ@
zmE#x2ZyA7Pfh8-pmk@bvkmJ+y5+wr4t-&2*eC49X(ZTo4ImTZVxNaJoFxJ%yl`&%+
zF~POZyb}|McO|H+6ls_lmEgQDY>#G!YzlpMY;8<P>vlmO&PZI{R>V(yzpk0VKR6&B
z53gTK|MewP<SS9nD_Jq3s`{t!>G{Qq;kFMxD2*D)Fs`b?*%7BOV@Jg!h3WR>hfT^)
zKVT_)$QrvEI6a2YA7;u_87Z5qtt&0nD3%#a5tP+Aq{AG!N#(W$c>BKH-i~ePd3aNO
zP9}Pforc*0Gd_GxpFGDcw;R#UJ=vJ4JC+xReX*n_P{$E8{`QwPoEZ!0nB(-PLZE);
zxeyA4!6)yydVN6)dQyGgsR)nW6GxvuF3GMUe3Vps`b;LDqv_>Orv(|KS}_|a`TAFY
zb%?I^IsT)kk#niL4Yk4CD3FRxuO4+_Dx!ER%X>AH&(5csBW!RYN(0XZ?b8L;k92d+
zXb>7Iio4((wg1G+c=*pMcFza(RJ(+A+EEx3EVdPO=zBLWC*ZLhoCw-89Z-L&W<UTZ
zJ${HHL+j3tcUu>)mYNrz94!U~x?G125vZqLq5`(T(AGKRjE8FK4>Flm6(_ADZc@(h
z+gatmZiNNn207m3X#9}}IfJR3B?mA-{d8jrKT$?WmMBaU<dr^v4!?m><8;4+S&r;~
ztqhW8gU;UORM~1=zN@a6)!(tJC3jmRI3e$-vOc}6lzK8%Ih6itM+--6jG6n#kHgnE
zC>T|TN@0bY-~*dvx&17d0v#m^ee(IS{U3+xH=1TXeEg8a%~ys*8r;Wdw|}J?^GuN|
zEi04{I!(%7@dsKgij?Qw^DRP|YN||#RTV>i4){02&z^UzZ!2_d-`b0FkY<-CXW-S|
zVKipqptD(SpV*cl68?A-Q^E|2dEGZ=4J#2cj0Ft{S+hKMqS5j6C=cYU*QKKt7GI_X
z&&qgK3HzodA*WYdVEn+G9WgW&EpJ#~nv+!xp6e<4Of;F;>vHJvS}M~(Zh-2u3W=QQ
z<U;iQhNiu%1!}@+5lkfTg8^4n45S(@<QHT4pCkzy3LrlT$7Rz-dhsLpdXG6#LGonI
z8(|r&tO0~Aoca85*Kshs1lup>U=tF8NkJS!f7JCi@vNaf#3!l}P&wzv1!bc7!0?6s
z;smGTAGy=c^g5p*JX*f)QK~Qan-zhQ@o@8_L)Z*UJ=O7cH`hl+Ke5dJlcndq&SP@I
z6DI$gys-&HL3gxn-N?)uTdMZ^od#Bx;vapEA3v=3QZa8<0j06$qG~jRd?8lL{GpeF
zv=F~B^2I+ojWc%E&}uui(;*Gas(rz0mwH-~Z`jWKe(^0bvkTbB9q(eyup+-&xy@1y
zoOR%D$&q>OtL)ByrJNuQExXWWO%iFvfKe!a5Ng{y#JOa+SMaN=F91rEG0TAbc<1Id
zbEbmhWSGm*qa!x}tS#NQ9cF-^Lul&vdie2b203W_zUFc>A+!D8KhGi$xj@}fWbic0
z>W2FM8LyL`xVsfciI9<H){5dnYj4ohZ~r?p0{w<u7&yYFJ_^Nf<o+XS5k|?~6)sbN
zkB&SV^Iu_;u5jc|MqR5{vpwMX;Rx$WT>M)f750Cm8;C;x>^_*bFABrj0{ghO$c_HJ
z7txG+Aue9|?-=DCRpats;fc5x*DTEu$2M!rR@PX3;xe@OImgp7t)d45pAX)(bQCpx
zZ5d7F<PqJ`DNa#+qC~IyIZ<($s7c<eSf`lzWouU}GgB&2Y&*%fFmx@tBlch1za~Nh
ze0=s@eCyjct1p#&&T`*KTx%qs&AUz-NLe*X*)+O|yzv%mhKVRBlId>Yh<nz5rEN57
z%^q*hF@|SfY;oFYl!aC;ahqz`tZ48+HG;fIn^<RhW}V4uSsM?^$m&?>w#Q&G+xOyU
zgEqe7Hs2fscU>Gnj^9hF3PnOg3VK3rQfZU<=z9bmVQ#%Q*~Yc8TFw(eHr`I>>+;x!
zX|SRR7^Cg%J0o+M7<(s}|FHRU{7GyZOvP5H)I775RHJyyaROPL4FUHv)Z0zup=kl)
znx2X#qo!MbRGcO!uivRuHs4(x->w@`posp)YRVdOPkFvsS#OTNDKT7pB}pZ57);|B
zFy<7QDSX+;rYD4*G6<jFQ#5>lJ}G!?QLB<L>xtkd8;WkX`ZO-0o{@DPFu~ft5R?=K
zH<EN)u|~+v_cc3V$id@mqp-<@V1}c(^E3T8+&ga>;y2_Fqh%~em|j1JD=;8BO*z=l
z6R^Hj$*}QJ@RPfqihKwB{A-evOf*RIf3v6fjKg4|j`>u(do_2ZQ@i7*rxI#-Ls{LQ
zC4`6}Hv&?G^lwND-Q;lRnaiS$a;o`nSH*BJE>ydo&lHv7NY@IT&H7Ts@J8Y7NR3g{
z--i^XXoApvs8r#;ONsech1x-iUgIL1_NX~ZPGRwK{nOw%95Yg{CRkVVtYD&gpWfla
z#}hw}JN>?OQ=<Mh6rU|17j)DW>;L6WV`&$q3KQ7#{RyH%EuV`#?d|XT;G$*kd2-Sj
zDf4jFu(w)`48@{>_*aw>2#b7cvuEV#SasrW^@wlp__%H2UPOt_3DnK7m-wz>M=jl$
z)y|9a=x*e1Y?B-{Zm7b;J}_~u%|<QXD7HNbkqb?)Z`MWHeGaFU{eyA7nmk-%GQ!fN
zgW7h&Hx0&UBkUp^rz@`f7*EIMP5RZVOjcQ~yvQClkt!KK3W1{7Y#G0dFgqs(#NGfu
z*Q0OXS`{=K=Y}km`BTraKGZ$e!UXcBCW}^1oOva-Cu7Xky6_yWO@mTx_+2fwHzR1R
zM*iTs`c-y@B&pur$b8Hu(o^s3Nl*AY-zvhn;#4<P2y?JV!O_TWyjSi#N;1-kY(pMX
z#_cA~IBc?7mH&^Yw+@TC`5wP_m+tQF?nY8Xq>*kHknV0+T50K&?pjJ(mIg^F>Fx$W
zK<ZiV&-eNLx7XQ;GiU03&AjHE>Cwq5situ&?;VewLqixEG#tXB>Jhs`){i<=&ev3m
z7J%!(2!4&O&jhpC6l^kjXEEIy-GqLpv)dJ!2<axfz1UV}z1L~;se|{<V+Z@e9hnP?
z4#$lY?n8U%bgEjDyZ-x%;F74{^C<6_Y!iL*m-ZYYd|rX&nwv3zQQ6$;nI?azsV+Q4
zK7KA>f}?E7c?w(mt8_Z%-;Tl@br|j1Gv1oT415!ceqCo`nqULvHK>wjXakqFmir5z
zm+p>6U~_hMPxgs@JD8D4fqXD^56Iv9<1(arN#B}D2KssgsZP>dCj2|Z6_4-ocyY=B
zW`rFzIgGMWy!}eXv;kY}irn-YN2N49;Z#^mGiaJ~N2^TPHLjI>rHOa3-5wE@3fXT@
zD|9S3{;{Tc@*Xq@684COg7iWQ-@Doa?KM9jNseaD%nq}iJ6!p;PU>x!PM4VG)n#Gs
za9s)s6_$>ivW?gt70EhIg!*cJowKvov&8|$>8$R0dSx5+CYE@#R!lMO%fgtJGmRvj
zbOV2U!>!M9N^`KNZ*H_nCGu^vc@w3dQ9kFV{*MZ5HYwg}jQB(cetB!UW&is|S8I_Z
z5Sa6c3yTq#_YSNDOrVzX3iybeLk>)U+(cqlZwC`x2uJ{tpL7;Ntyp6D#Z8!Zn$Ks%
znZO3uP3J$qf$Q5fEuS*g<i?igEFA)y#9L`uwHH^_wy_c8kkX%}HehO+HTW(F#Ta;X
z<wkegW^MIEL_hIB-`CazByBh)j6PdAvO2-n(4#zH@`v};gw04M{YD9N<D9gT^wN&D
z@dlwpY+z$K(>Fguu2}!(tXL#6B~7ncF>UPZo3ZD8R{L2l)hPqpQ4=!RJv3F5Q(Qn$
zwH3e`0Mwx(_%_@4xtANEw~iRdJY_6#bpvc^>mkn31Q=@zTCi=(_ghL45VI~igyXvx
zL=`Ws1jF~?%>}uLkCmNeiR^`=CbuaNOSuM&YV<?@7SR>OH3mnL(c5CBU<CG7kT!$o
zP8~uJ)7Q5g!0p@=N9Bj_8@iQSZ{<D0A@9qY*AnB7P5#%gs(g-*kv@Wv5S$+@)hQ=?
zo07cV;dAp&lt7E{;&Fk`ImkbIl3my{KcI;o`oc~(yHe`^{ItCuAcSVcuanH04>(ik
zuTvTh`3m&tf|&V~fiqXMPAUUAf?xDui{6w`Qbzi)9oiEvbx&Ld`St@+vEI#$L3frJ
zv?M~RPrw7*c|SGZCqkRJx0~0ypX)ti=ys$6`UzQ`!!5|AhE+;kCCLSd5ZWF&i4fNc
zl#zXWTQPrjo`jEhP`XncP_b;$=nrv;k&hNOZi3=t6O>Q5Hl8nP_Bu}Q1d6GbLf2kj
z8M6FH;NgrX<W1UnH#~2-BbJ%@?UQw5c_O{n+~!UmN^Jf?vIT}{H~MrQ4<Q8`xWMR-
zYV>{hC8F!GHB5T(Rm-o;Le_ZoZCP}lAiLgH`Lo+W37Zvu#ad}b?<5rRr%raBBov_$
zrV>Uro*zs&tcr9vtZdX0+cX+V)Pc9&4~C7W+aI&|##OB6&U3mZO^<Utqoo?>P5tv!
zmT-YMF~9(wYfL~jb=XQtzUHFWm{wb|X2%F1GPMau#hP;*-`X{)l>m|rEpplOni;5>
ziE<dDnm0mU8msx}k9JFGE;>1*`S_Id7JeCu$eX<M`uUNiZI3AiLKjX}{O-Cw1fx@s
z7Vx_t2qJ|CBQ|7&cJ~n4J>a2fqpI6zL_Fcb+G()OgANdVl~x+?j6ouc>OnZMf0aSd
zUy)y1gaIheH)s$ZJcA@UW{++zA2dLi87^`Qh&OC!CXYO9>GyJiiKvKqKmT9`h_RZ6
z4A01oG}Do!5QXiaSxI)%FplpTpic<O@U*;uU$?BCW5P0<G?64Z9mzB?!T7`4M<_b+
zM5$mhNW?KT<LC|^h&%I~h;u|0*oyXwKpM}{;@jS^h1Op5%&DdIlC9bIElYU>2oE~!
zOcU~0)n-)^<_`1j@WyWC&8*)ElqpB0#7_qhV9%tq>$K|v_ROM>fhKBsQ*nUm%9=}p
z9KQWPTguY>p~TgGN!1%p_fVI)J5oD8ZJZ6MYo2>a-X93nchn~j1)VeefS1h=(ty_X
zbUY{457xn84Gupv*v{qzQh5!%oiEF^8jU}uWts*C4AJZuuvaWFJq(1bPp;*+foonT
zxg&$W=&{`A0!5RF={NR(#`bTvIGy+`1-jFggaGyiN!5zoVY^j+X^55@^O4We%SfoT
zp<m)GhBEz_Ut2nLlOzEhT15bTc)->(4X5P~YEgBniu-_AL=O@;`xmJNd`&5@d!Ygt
z{0YDMMxG-~6n`>5nys3Wh`X2(FuALISd^XQXDLTfB@fAQcpq&8Qw%P;lYC6&Lk8Q-
zkWnFROm#m4F8a7)yioj%Q7{+GAXEbl<~i#w(T;oB2~HQVncT$a$QwOFK9#4btiEA>
zWr<LtMjWT_u2s?2zDzq=GeFL60f6=NJo|wMAYIV_TvPg{mTRMV)(HTP%#*+y-~2|(
z!k(g6E*#{Oq1uwmh@OxQ#qcUZwh80gNh4AjHU8qp4>3^41#KkMYK#_7=$&--1D>T^
z@5pn4FljcmrcAzL>)%nn=mFH3vgiSQ5PsOGA|CWomqAbs0V=7iwlUeULv>U00oH_O
zjMcX*2+(>3ayj@A4A3V#a9L)XmCr+5&j_{Zv<3W$9gtsrXF0PlU{SNqf}pXo@J(!E
zJHcB6dwlKkG0kyh;K=ckYEyja5RkS`1`)6o15u}e!0Td|(0Y-&!AxzJL#~iAN*Ci$
zOF(U*sWOu;vOR$^6UAv(W3n-~WEGMHB4gvSRjsHb8ElHH+U=z+ty+uD5C8^{|2j~M
z_dX*AB=`Z~3}43GDH4FCBwr4YVBISc4@s@v-EAVgPN!|7EXk(;I!q=JOy!1B@b#DA
z8_jU~sVmD40o0UajjlR^0i7(!JGl9W1?@(=D##njB4qScZhwWMXbK&c#);Q~9(pFS
z#ptsY=vh#QMYEE8tfCxp<kMd(ZpY!1g}Lb9|AyipJy{A!NVe*4g^qrE-)D}o1T}H}
zjLCDdR(!VVNE2hxNl#eLee-NBP=8m6NWTVrdF5xkrhUnOEdrQiC#ucPo&U?c<ccX0
zv=_S8n~XaV05p!u4rvSG=?8dm?{OSoS{+lC{Vw8gmjmFKM_eBeq^cgLr4;B+*M+Gm
zV}i5)wI9LhJzg4MtiC>o7Q`z^eoYX;{=Ikc$5)R)S~6G)+#?=PL(rij{NDN84DjdN
zb<&=N&}^jp8F-QZ&8^zaewX3w7-Li~h<RV*TR67nm>H2^+O6qS15L~H{`Ip3##aO%
z&Vr!lyD9S0h()o!9OnlBW;b5iwkQRS1?(K*45<tMC!b9oHu(1|1Q%wmlkf;RaR|z#
ztjvW_6c!ZSiG}kQ50p7${SQSKy8^)dH&%%k17N!&{JXIt;9J|8Hegf@AlyL;V^Q*T
z_~0oO9baX1liG{yp6b8?64l$!?iy~hVoS(I0lak>Q<&Rxk>f1)G&Totph>RC_jCcl
zxSzEd=5Za#A)ghxF)K*R^2IW+!Id&J>~tGb>c}pp@M$|mE`l$4K1T7abPy1~-Uo;+
z0#wI}eo$+H*yaH<2wIRg;+$H_mw%nigdgc6#!k{N4w9fsnJiwj0MtLANi<`Wdr+}|
z4>Ml|<}BY{-(u4(!#`@pA-mqX;i-xkI#c6MeRv_SKPyB1WR3*deG~Q_cn;18)Goa=
z{4iiI%G#83%GlO`=aDt4ZCX^gmx|noANKl7K1dacO+sH`(Hy=QIAG;1v~q_X(uQo6
z>W>H`wZAvJqur8LFUY(=RU*^CGE}hS{ag_k@azkuK@g2`yaPr3DbM7Eq~>+MX3qe2
z`l)@t@__xljJvS=B_$o-40xn*LG~NYZUMgiOXI>m>4N(pdU{5SBml8hLorsv05|k1
zPRS#*5@2|Q%^{`LOz2zd#5k&Hb~s`8q5cZWh(Kn`0ID>W=99rPau5RrA^!C;BKkTS
z#!TPD6l=sE@M@QjLp6C3GMH6m-M7IrMD`5#%h70RJXxXU<b2p?UOj-)4EW<jCJ}7z
zGLpdC=fLOX#e?9$w#v$%6CuCF=jR_jz?P8^G6rQ-WRsb|9LT!dT=qg_Fv80gwu2-J
z6ugD#kW}SSLsjI9s4jtFM_lAWn~;cGEN&g!{5QtM$4Zh)3G)KPk>vD3nB1>JrSH{0
z)278)llG-sSPXNX011Ali)Xa;>k6{L-k`vbNyYF-NWrKJFis$eDmw4`g(8%k`c0W+
zKm`v)2H!@ZB9K}9RSi;Z{U*eX${GR}GW{p~?Sh%1-#yzi#`Nu98g^8B*<=PFF(0q{
z=NcPL$Oz>LFqw$)ofdSAtN&+Rn%QU(l5>wU2_d+!ev<Pbb`rRqB!dN{Fpj<&%~7aq
zSrC_l7h;T&mGONR>wE0x>OUb2ehHvLzYyfbIRrUPqJ09!J&3=Kz;UOpSbM$B%?f)H
zW&!KJcuh%mhH+0MHSSyNhY{G34<I0d9~-^I3rr-#lG`fiPJD}j|A`}3{a|Di*z91u
z7{ZO@-vc$*?QXv0Ju^i+%i&k0TmqoS$GwRPTL=XWQU+&FbN+~=L}ZHH7{<jw+wa#s
zr4J4)F!~CfI)S-IqK(=u;Z=Z`_Htm5cOYNJma)L%#@kV~1{SeCwCG{3dnU1*m4JoT
zKke^K?$3Xa5N>SG$zdy>aN2y2$IadW+Ti*uQ$rse(hyrc9EZs!ZKr(?fmNXDTSypQ
z6_S3+EJ?%ZNFV&^$WEe;S3gwaMbl}MpGi4Hg7My*^EFV)Npc4YznKV}lE<_q^oam)
z80Rp<WTTc61+v;T#h0Q199;)DAY(oHPxOVVCJ_v&VfuS+cd~Do==8tm7<mQa<#5T@
zKG17=!3%pf+mCglKndaP)NxAG4_x5<+;BDG*V0-0hqCJ}cf&<b9iQQ7>k-EAZ)H!^
zG2Z^qe=U)hg0@@RQ}aTlBBx&oYv3Cr=rd`2@@|%JRs*Qvc1@vB(z1f%!t(a71>?7#
zx}(o?$ln*}Z=pr9Hzt}R!<69@N6q!xSGhPMNF@=|mz^vLbM@z+{o}W!C!Y-pr>b1#
zF;%*M*r>cV1^ucrg%-Mc58L`a(*Z=PXQr9`pgX3;*`rjY>&A)aKyT8axti}T=zn);
za$JS}P(zjSFG&I;Q`pM@qPOEm1l08WllrJIiD~`@;skQo;!KiR#9h9YDGq`QA%MF&
zxIR%Bl39PT1fU$s_%*2954--4-3w*2^~n8^T+twxBNMZ##dMM8NuG5s!oShGtx$Qs
z9nxq_340oJ_2ig@Boy?l@gYE2W!aGtVZfnko31>%50v@1@S9V>-WBc#T{yH?t~}*4
z?Wj<?g=?0X4C%*-P4eMa$@*JJBLo<Wz?`uuPm9|}Fum<Q7rTu;#R3QzL}>4s`9FB)
zMCDqY%8JyqoieWd#V1$*qfAt5a$|4&Kl7j9&Z92F3~M*hk*Xp<07DJ5@F^5>O`5Rl
z{n0G#ce(a}Z8l`~H*F9(K@3>pl5Xl!Ycn9W`8x+I<C==|wtl0yc6Y`NCaDko(VhgN
zUmGe+)qdRg=t)m=Qy!UeXA5v93g31D`QWi#P^?wDo=EKo^hawr1{#5P4WJEW1Xvm{
z7y-6{duWW0Fsid?b*%;%{hGLwTw%FQb{U&rVGuf~_r>Orx*<F6E^?}=R_)V3UUeqL
zK-Dn36<^_lXl_kwisfYkv!;a))`1Pi&1@Qj^w4>P=jovR?ErAAnVDIU&`*6pSWuek
z-f1L&MfcDvxh?}7m~2dGmjKXQ`%*uZb#h4CXZM+`v&n#4YGm*$q_`M_)??9Hr(J*8
zkcQt7vQj7(?7*-jCw=8Lj5uO|u9_SsF4v_K8aYv*PhRm0fcZqqw9y3MrOGiG1oJ@7
z8?5of+5rxDBQd@!&sCgOqdXKESqVg`Y;ac3(SA$LFh&`z-D5m@uPom`e)~xGxjR3h
zz_P>wqPl?&gTesSjsMYlTK@OynRWoV7-C3fo&MWN4C*StUfb3zfV-nR*vU6Q8d6{O
z%HoeLlTC~$UmyZZWx`>ni2|@Es5@gA1x0lR#7``UL0;;;QN&Q;SaZa{*J^wGgy{#K
zI1D5b%rw#stn&_tAl1D9+}T5rLYXB>02V^w<!L9Hz0#0lFYN<I6kk3mESmC~$m5b-
ziE|<TNg_Ux02a@%!wYF1#@44mxst<%>?7R&MuZ~Vi(!Hzyk5}T^+g@(sJ4w!o_trb
z;O}kx<<m8O*1@Bbjh;Z}9ASdp>qzrwicKCI(Sm=DdjYzzy8P6~Iw?sfDuSFWsX@Qd
z=EBsuLO4LJyD^O2sxPYXy9il^!6C#lbXgTa-@X&W@aaKC4DlO`-?zaVg$)lumN2qI
zE5;Z$05*=@a70YldP-L#Zy*grVv}R3y9$n_N5?N^_q{Hj;nMpDhReN$z1?OdsLEK_
zq}LNd1HTzCg0-ULr0Wm#W0SO1!r^q+1xYaRR${aEn4lAA2AnyplMILqGnhi1Th#uF
zRNABYr3%ic54~pq7rB1?tfO+`@}(*Zk+)rcGSrHxI%h8$?eyKdFiZM>)dgEHaXRQm
zP=h8~aEEH`jSs$b7~{e&;26v0I4Sw7Th)yK<@aZM9mD_0T`0vs!sH4`aL+Mqv-3#V
z2XP?-SqXs11cRyJz{+2472^-W_ndb9|H)FJxK)kgANKRYbl|D~+++t33Av?XfJmk0
zLkFeRJhgnWePD*~8NAzQA)D}hIw|j{8|34+MAz-u6Kp0Qrw^w-Q4jbrmTV|hZ%$~$
z{eb};33bkW=0vbjXKCuXf^09!b2*xsyDOh&8ng|fMT9he3tkJvSesl`Gcs&zL`s|u
z+t`xE2b!*KJXpiOn!lbk=GO!kxq3+IjHz{#Ho4=7lEPXZ)_{+F|8b6C?|HwF7&cWY
z#n4w8iC)Mza3{)L1G;o>O|A(gbw*ekQSBqtjKk-PtP@fH7RbLYmb_z(e!Oa<$(w|4
z^)JS>aJT^xv#!p%s-E=)?;;=7=Ln(0047&wGHQ-F^3DCKOY`M!<>hY5-kC8MOd+`F
z+`Jg&zw%@67R8dUc$RM@Xd>ucS(ks^sXrITE;H^0|2L#>9lW>&B!W326w^PNjR;*5
zlS%)ffPpC+V;KWOZoj5D#ybOx-#7*(|MbKcb3JJO;5$CjoOGVGcj{wPolF6e3ULfM
z<;J80OMz|ftG>e{Jk|2CvR5M&Au(aenk#_RsJ?xF#Qa=Xc`n7~8Kfn8vJ{n2n*25;
z;9!4%dsL8mW=T!<TrgW_zc!5m#BF8-?!Z7mA;lnn-k01+?Z)V2+)%uA+}8Yiv{ODn
z@gES#UA*R{_&IrN#30=kPa2;rHEyEH<B4u2<%!NMH^q6SttRFFsr5-&9!5bP&tc2R
znOp|L08tYocH#m@At7v3?~ju3`|v*h{*2%E@~l{Ds2rWjRI+ALvVwbo=78bgZI-V@
z;4`F=Qe&oTQRXCj-e-7E+?1ri&or^4l%jOrnBk#`9Q`JhwYEg#I=?@$_^lJ_9nu2v
z!db6OxapM3ZZ5R{o6%N~R9ZV96H}?vK#US$CO(512j%Fmw`}htsW^5bAs<5jGv3$~
z2Dz!xq%KYf2_k2OqJrPtzSzqVbn7Rbp1I3XA%1hKf8Hu#eBSCHSFXcs);};1Thlq4
z0u;pezaFFoMK&HS9_VZ^0Y9LQc&zW1W2BWQ8ezkU({C^@5@dYmWjI}yXxLXhcy)++
z^X7&=;893n%_6-(B;IZ}t<NKT=s(RN<upL&1EkY&$I9;U=<T%uwEGf9u?lg`;QaiT
zqc%Rem;Y6Gk){f{g)B4G)iZ82OM#w^R#4FH%%4;7N85f)o^B3eb>v~dkvJb@%(&pW
z7vfug6tQ*Z6JC2b=oSrcEBQ-hRqNK~u?5QKp}L^UI+N{xs2eKj^DWuMQHSgd%&@ms
z7>}2*RfFdsj#!XVIX(|q=VuBg*H>Pc`$yZrAwONohfWL?1bZ}i05zCKu^-O?7S<3&
zBe?(vchf)Y?<@SS-gL5N&K@QRErnLW!9z<pqPrhFm-oXbH34D^RyEUuCqp;p2CYrG
zsPI+sHEz8&f)j-W=)OEQZ+q=X#Laq?3*c&Kn~Q<0UO&(CQeluA!v0gtjMGN6=xg8}
z;`jJ3P>G@DcF-g(xV+yDam*vU#?{_s{hoX%RG4z{9$f;?cOk;bNb#>gX^$FrEI#P!
zBoZi+{)Pd(hwz7aHe(!N!$E3e{xW;@_P@mcS9|($u!U&?+{S^=**=}NH2)cti4+ZE
z>AA9O%j?vAM#>5fJNKc%8)c0t-}Z;48?{ySB#8STUI>a5IQF%eN2{vpn@!lPs~VU(
z@6FTwA1JuR-<2-{k2n|A)u`x15V>uGi6Lxq&u}{1gGT*<@pxhfS5n3~)e&df{+d2D
z=#40PrE#)awRDiPY&hQQdO}mgztB;7zQ<oM(GB)K1vLF39MrpLcq{2pxWJ;x5noE3
zzi@5vz=f4?;U?l35|+TTRxlTs%>K9iqF^qL*ivP?iLgD1Q@4aoOZ&Qzcx@hv^=w_Y
zw|IjyW%gw1YdW;tB>MR6<ojY}oU-tg4x?Qb#`C&mC!#AcyN~WPyNiL;Ze{BhLamfQ
z5)4oz4*e>~igbEKzmsdA{lMzt9c)~)(B12Ild046mN(hVIXmr)BJAl)GtS{yx(tct
z#pmccZyhk9!b3geAw@1Ia%VN-K|iUcwp!w_DDjmEJ}@1Q9CE_R^3S`*3e#NIL@uvk
z_T7iC{qGvxmkO5rZ%#eOkXA}>uq<q^<RhY{YEM00H=hTzE^+*Q2P+a)Vh%#=n%jNc
zuW~su-ShT$+MdQ@IcU{HZ95K5KnJE{!wVk^N7}E4@}pTcAaRB%#uN;&&0tfoNVsZj
z<f9CDhgC=>RU(qxidYd2A+>L4F|D%iZtr={bku~}rlzhfJ^!ZjcH;+e)BIy;G01Dp
zxer=EYswZ3z*pmFhw6KnpyxxQ(r1-6ZN(dp&%_t3@kt|Sccvo>pfzF5v&|q9#DK9}
z>3GN}3Q&$%S1wfX#U_<=H5l(gmszD5l3;bbeWQTgqFixxhiaHaWC2Xr>Lk9vfLm*a
z0a$l^VFW+6*Y_Wz0(}Gi&rXNIM>ofgnLHsc+#5R#Hr``&bbq2Ae6E~UHclg@G||=u
zzgYC`I~u~`J|S{mM;bQCo#8_9;H-N-iQw3Sx+K?zY0;@2C%796^v6{wh&7gA$$@Bz
zeUMj$wTD#=7dm5a2n)RW0(okiwBvWCz%rQ5XG3&AL&Oy0p227@-CD53Lx*xdo}Ryh
zB_~oU%LFzF&~D(%!V)7gp&RVtW|BIo2EcWxs>7Ud)KNTQG*F}jymx<(E{^GMY==Ik
zA$7*C3A32VKGVbVY=&}eWJOyLr0OemSPF;AA^A6PZzM1JbY@ELIgy}}Ucr~IS~I@L
zY?`^wdsla)j1Ci8IK=#!*hO`KZ@f3uOKUOk@sIX+YMJw|sb?Xd4jH%}ZTV*AJT?U`
zBlaMzp1tt4={K;%Fw-gCt{g7T&u@^j3HFo-;8U6VCq}y!yHaDgnm*HQ=hlRv)>tZh
zwZm+Jn3;<ikzuL)UrIS@KiR&Qqi~&c5#kJVVUGV&al&UBd{FT{r=tri{3oG=x6=0f
zuc}0FY3MkndkGwt#t<;;@h>gp{LUaq<e-+p0bdna%(!jtyonD*zL%(>22v5Yz8Uk$
z!f|hbuis?cGoacE(MW?>ZKLb3gR0DEeydUfldS)m{F=umLt~;jj_=)1bIinneodVJ
z?9;%DO}h4!kk-qzBw`qkd!?^`GPQCF0?NfJ--KE*b2f6)KQI>?rC*c#40E3ctDA${
zg8!>bj1&daI=!(X9Y)td1Sfs*dA<MHZd<b}-<~~Qr-@v%tv8n$%;nczi*CLwm_2E>
zAM~r~J!^Qf?>y+)gs6yMhUBlG_g{Y*n5Ff?3JF4}H|!#K4QOA+Jvow$$Z6&nbXE*Y
zkW+GG?019@<Q4c&7~R!hAEle!o`|KjZq*iNiKr1!d^ZTu*eh~8kPm)7^n1jWJhInk
z3BBD60WG+=96yd;4Thx8P@jzfH6x%KcU_=&MNsPzT9}}N1|N?0#U?iiSlX$tvEWe-
z1^FhcJ!DUM5qzx5SM?6gEix6Y-v{MU!2FC=_ZERC`q3|3{+|YcD;vR4+%6=5Uw7;N
zz}A&BOqdu`&T0goSSEsSZncgk@~t^`Ylz!Ep&~$TteSLv5a@;pdw^mv$=Y#UNK(OS
z>w%(m;f)=<%-8FBvdeLz)Y-ZY0(T%yLfGz~-8vF|g-(XVUe0F#437`G{F*t6ojzsx
z8{xVbqNjgc6KP~<mF8c!cj`=+;8i0vtf!6K3<KkD44i;k+u9O2WRLgM$vl0(JW-9s
z|N1G~?^B!sE}WT@g~VQ@g=`36dgmB(4^`%GV)kNz3xaGNBu$5u&NqTA5DUN>s710V
zL_38xJ}O;1vZ$9UjxYeULCc!08+syfSYF#C5Ro5!hYmhMghjm-ohAu1H6#Z}jFES9
z1}XwognK6Oif`Jwv70cGUJ=7gZfkH&yjN%FYvtVs0S;MTRxy@5{^mljKjf=6tRv_G
z^sr^`y1#bmNP8J209vmT{eJgR0c(ixkozhe1Aay42c~kg&OmLEYM)%`F)t}eH$};1
z#?4kZN2WftnQ+~Z*`&L@>(Zs69s|lfc&WaPb3P3Aqp??z>B8nWmBiY}=0H`s^!;T*
z;>wjRfDE2Vall@<Ze2g3g8&(P!uS#+r-y$z+mMqFYYrxv(Vj4rJJ}ibu0;c;JEpa;
zF2RL}SD}z=Q0j*EgKfp6Oh?LsfiV6NM7w_Cl^&h#VdT7O;))<d=R5)y-@P8wO8hhm
ze<&-Nu~n6S`j#?5wTiw<af1)g?MDZ9D&a$q-MY^Z^<Ft#5g;;c2Y}*q-1_@f(tVwz
z1@IC9NQM7C*&)NU=SBYlU?<dQU`=s6m<TQ@ZZO+mlfwilM0J}V#i9NDxbwa$gFeX_
zNa}QiE2x5yn=Cg4S>OO%$kIWM9jl57TDo5LwefjAnsnh%@&*x~D0O$G4a;<}`ag_k
z=ha!731*={!=<QU`s>b(k0$)qn6Oe?lO5A3iVhNwZ-(PCUdi+BA@JgRD02nmi@Z~N
z@1|`4HJs-02&55!x2a$4K9PVje&}{b7IQRXD>NaxHpkRHfhtbi3bz52%nJKQsDO1J
zkoRh`x$)?Kql?ZRRw^J7&%0|)um*DJ*43Xvf3(y4%_)U~*=9432q@J;ggF>LfKiun
zmDDuaNxNBv@Bktx;YakGT?F&XP)0x+cQH`N6OR}x9tCQO68w=GcF=A?>i7EpMz0Z)
zWBaWURZAwO+x|X;hx2V(qZZz;@tY2^XYQ<jy&gUW%szV(FY99E@S)rsfKOd+f;)zd
zH;db-1nQz47#5n67x1sEKQYOTx&q~@_UQUF!+FS%7BvHMus?0^G@7-ynTqKiM77LL
z2zgC4Q~*{SBUOyBf%$aq_f+ssb}`Tx-aiEG{p>dIMWb<!-Ohu6GT?32*{|lqv%iLn
z1t(J6a5JN5t^k)2?rE}hGdY95r=CS6<jt3M9Lx*}J~~IzkiZqC`EzC?WX6k(z{+&~
zGO?UWTq9fYsJbOa(gBA^$8hnNV>xWpx^YA+xgl~PSTo$JSQ+y1EZ~H~oV{oMNMboC
zD7)Asi<}pO(nK~JV!dRF(?Qe%Lw88>vbBSKG?x8cP_vP7oP4Ozq^yO&?7m6l!J3oy
zl^~{<1B@iB)FCJY#{Z=PD{vuyP_G^b>Hl99DI7NV2Iln-2A&AjFe}^iQe>50><s4}
zO3x^GHpPG0G;8zkCH7m9O#aGFeMgZ{{U_r;X4$x4tX})3i_@zKF8Wuc)t5lD49Nb{
z*LDX&Qy>TQ{ZdH<uyObj@x&5yMuL%epzQxI5WhBGtmC+@3t9JnIhi-nvo>Fj#-EL?
z;8~Je575QEx{&}mmurZWb6(+q$9iw?QAZFTsSMBc^SN=98aWTr5k}*xx|B7cdJ=^o
zo^+ZX(2tb6UJj-6Bp(|PUUivWkKnb41YsM*)<4GpWcx3#AF~}SnZ7Z6e8Chi<1n0S
z_+{1q<MRB!zgsHu&b_FhIQhVh)1&)oLj@`*oedzv;sk=$vNc2ew^+H#klH$@os1st
zXuz+3GROjxgOfVx2XR`hjn1ednRBf9=O;oBDsPxmR4PxkgW2J9WtuNpa@8LyXhJ^R
zmlXLt1k215|Jxd28h4GIEmp?oqk|#1hBrtHt+?)0;{N2CNNU=jS}P+;;HtUpq3Uj}
zD|8AC_E_1&93#4hu$9wwn<XYhJp~xce?8;0o`^mU_<rVY&Pj0{cn)cG59Xk9kt6bj
zMwP%dHMPv?;v@EMLN-o-4gp&Kx><*LNFtpQbGu$@$j(rIU}rJ;S()a}AB38#NpK#!
z?QQloa#s5tkSp=#i{5Bstn_dF9jE3lKXOg)O5{;C6qZ-Jw(q(`JAuTy%fAN5U9gS^
zoHp_8Z?bf*PlOl$>0lcyR`cYGazf1Qd&y);ZWXLl**rs3V<*O9;oXaGgxPgI*OlL8
zHd^WfrHrBvo55Z<BjBks^d*}qODiKoasIqJyQ%Iej&wTmXzcD*sLaK~AHPPdT%q@B
z1HNw7DQe0lNLQWLeR4R|8AT(*$sQqB-Ih|=MtQ(qAl0>btgwUCcz;dp;uOEK6JxSq
z(d6qtwujx!B0gL&s)I8F7N!+UxtvE9%&CjSpT`$~En+3Xh3EVw5~>!9{dW+<uU3@a
zWy)K#1}F|JM;4o&t$9|obVl$nyWct-`*;blT!PM?*1ZKZEK(VM8d_C!PD|z=4LWJk
zr#J>0YuOLDl@67+XpK!N^QTioIbzuDu$YV|(`0$l2qgBdG=qj=5}aS+_8|3cGQ-c2
z%IaY^5qjSVg}U_PZ$&#78NRTM{fR|tS<^@2N?(|J3?cI1eM`}$Pk-_GElKov4f>ME
zru;h!K2wx;!bGutoE8bqgKcr7Im?mgOD)DG+C|L!Py^O91W9gbn(^}?2~h4N5F<}9
zyZ8O|*TFZct&YUeyXt-_XLW<Ik?)XJwa>q3O;~hvj3mAPq;rXP{3NK#lO`Y`75&?6
zaY@g%QgWkYP`D+`Em`s-rDa^m*y+!hUBQG)P(dlClqylvFm94<551QAAZNV#kJZgC
zl#|K=WCgre9b(b5#RUc|X^rqEPis~?ZvHiDMCnv1EWwg(Dyg|fjWOU#Ly+K>LLN_^
zmcUsT>93+oy%DI-v3BpUg-4=1yTqzi`zhR|uXfe?NWvN*@QshS#|TFseuCB{ForJS
zUS6-AY#@*(y;onN-|<@i{0BAE6TvN?lz;8Eb&e(4l(R$f+tv@vD&*Nch)D?J`);&-
zk10;d(H`m<Qpg}eEb~~n&OBb74I2Vz+j#cR=Oz-kEni9MQtt@2l^@iy#<%#vw51|<
zMq?dqTB>4`lrLQ!XEqsS8%jw=*{E-g;~RMvZ2Z6dFrm|sr4X|@p=<n#T{dij4DZE1
zq`75<<A}X?FAb>5d9w}sMlO;@|Ni(*`axM0NR<f{O%RW(@a@B~%wRGXTe6s_nK?Sg
zzO47b)<44wGs$mT1KFy3PHdSG`(B%i4Oqlaze1>nnn(Lq^J|=(7-CffSZg{CM9z~3
zmy)*-+9i<OR;9jL&HB`}V=mUSeetqki6+u$4|&*w%m^8&V(si7HRB^^<L{V{1SE(>
zpOM);<4E~qi`GiFKJWB!;E*Tdr)9E>sLNVTm8c`dDRFpPh(`C;WK>BZZ8|7r7m<vT
zQO^XiHQN=Dm5S4z06)C+=5C}A(pMAjB>K&A6bf9U^(k|uSxD}&N)Bm|w~9>4m4}{X
zak<i`>#@rcr2a(bx0PJFnVKe4or&4)j%Jm5@F{%7KhjOVoIKC*hSeW7VPnTEbBXcw
z2XVx9ls0E(;&)`8xQ{>H-B#sexDaWEJd#LH)Ub%8LF(ev-~)cBRmEl4mdFcIiOP|M
zQ2O^d_P01i-)d^Ogi^xbE@>I6X2kLF_2E}!f0cVL_MsdD7amk^@2dP<d=9cVTB??b
zBSo#nzA!n@(R>nR!&i6xyN~wy8JLLd2lG1L5l2y`RZjNx`W~&$SG-mt&1lIt9$%zy
z*<?~vnPY228GNy4=hHo9Ic*mSZ5xnmO(!MI4F|XD_EtREn22*8&XdDDm*49f6r>~N
z?oE%HS5Zy>2v9KXUhOeWxBPs6)uliWTb65~=1o=7FAmS=i8DQ98@RDh@f$K%=IC{+
z3tdmo=%G9`N@X;Ld`oj<s@5*K4z=>H=1U*ska!u_BNwsYGMV<{WTEN(_#N|a+7#c0
zXipk6NFm5iO5D`eLbeB*msrJ(fj<eE42o7MUX~r%Ikc9wZ)7si$B8+3zWaKk-p4L`
zR6~}4tUG0ipmm;R=iN|G*+1b;9>$88@ETL}++10f?h9H1Q;#Wa*bNDnGv;ZnKLavd
zyiJiw)ceB0qfs3*aZGzz4uy1&UkxE%$+vW@VF?gLih(!-^$?YF)&7nj-Bp5I7@^LC
zkf?L_&jvm+yVfWBZ{JdFX?i*$`K;!<_bR2o-r~+NJzCu5VhX50prprWM;PgCC^%MZ
zSV5tW<2}r3Cnmi9l*;`x^m4p5e;e}t2>tABkvtXRTOSxwBcqtUw7S(6T@SsPn)P`z
zF2`?brsT#fK6LyT>q2s_6z563ws&ujnYSV5eDT0!=Y^I0y4SIkaeSzHt1Jeb+MDXT
z7Ps2f1^tu+sXcT_tnOM$c4>TIpyH-G<fqhWttz_ih_%v4D3w9g^dev1HbFLvC6N<I
zGOV!ZVjkhFts8B!t#<?JkDKv@w|{sZ(x78js7!a+WE3&YJ%4M($~%xJ;{!WQxV!c1
z241(^Fkoeu$o$1mTzkZzvq+yr5DnZgNz_Lh3Ss0F-<MCSKJ^R4HP*o}R4+nCayk?E
z`$Z_cP`?_Vn5P3f$$HpL^Do}uxn~6vw<N!%*Dp-|>@&eiCIxxS*4(|^hnQ8&>-Pb_
za($nf>>`VmhIC1dig06nbCLar8UcY6tUkmZ5@5;3hgAJ;nkGZiQ!b5fu}iM}a*IXU
zpG&yA@sLW5-I6@D=6Wg0kyfUjAdArJl?kXuD9UOWTlz81q_kYFnJ%P=_OfDE5<7$4
z)zm4z9LeNQM?lv28f5c`bPHXj0jiN*^UkMRY=zv^>**IvO;Kf2f<`e^A~i|hNQRHO
zzyh{3>~iGc9rfPi?O;7c0dMhNbn$xb<14*jneJK&C5cZf=vBICKMBp{N5obfC=G>)
zsa@O+e(YxVyeuQz2Pz=4@Ws#NZ|wNCxgQAV&{$+u;3u!=?j4q^;aI>pe`@V>Yp{h!
z*ftZkqcneFL>a|X3ltw6XrILwXyPuFc6|^YPpa55>&4W+h0N3qeoA0LE6ee;Lpr`3
zU&P*iLr?4z@M*Tp-3%NF_ux6BowtaLZU`R_fs5|R0n`CZ*YRAsI%!_c=T_$rGWUvG
zS5z0VxV)N6N*{W9`hu&D77MH;Z+ekYaawnV68X7FVta?gZMs`_-8S$0Q-@eWIE!Ak
z#)}Zm>*rpZhi|jXOP;??hFb=UPda!OOL5LkvBwlg)C<jP>9s=tr_>r?0!u4W2oHXQ
zoE6RS8lhp_w4|&gvPvP0_(Ik#S=}W*ArA3n_uBupf}(zlJ28F>?R-*ITJ(?8>BWWn
z){oBNYVw$(6;sr_S?ionOWcGtpEw&@Wp_92h^9#J)$wC{72lqH(`qT_4U8{!lE&mP
zE9kN#e~9J@AZuvgX21fwHZtt7IWV8Q+=(Qhf<8Ee-DJ8fHRq&FUr-$JE}xg202#Q+
zo-jw!?>*&dqIqnnb5U(Yg!-Yi)XhyyA02dZ9!vTKmkV<~wKDC?Ljv8H1+ZfUEWg7y
z@KOyP?ek!{c!@Zyl@FC>8}k7KxW6~L!uE(k+=|tf^WQ4#%ti4mnv`ftd%wif!VS7M
z5}z?4{b#~MQ4<%nSNi*H@c!xogZV1t1o1t_D}jundMf)Y{ED#ZV_6H)1n<ApBEqL1
zL=qo6dVH1m9h2tM7Bc^o@>8IfsvzHf6sF|_|5{<1v7~z>|I%B}phbB_8H7<@6${Eq
zpq*)~OHIvH{rV8rCt|H5-v`p&|6;-*0;-F}ZPYQXMUFHM^fkwumHCxXOeO}FNPm&~
zJU}k{P`VmxH8GexZ2T9WmkL3up6GKiHmALE61^v1pT8*7B@C7;^5yzFyVAk?Q@)K6
zpLgaf6lm`Q{NpUz%&~q7wv2zF*f>QPTt?RNV|nK2sXOlwtG!!LUl`z!)5h+l@$CP(
z%sB66XnoHdZBWPQemI}cmt;tBU@6PNwGs#1qJmvD{mk&TlU#Y8D|LIs>N&Cg;37F}
zX-3nX#+y46-^EyTQzC=i`VB&+iTJv&p89WJzYsfXfQ5jlmX^YG9Z*<E#Loq9hhtK)
z+IIR2iOi~1?D{;Pi|~+-nbL{fJIdhxw{7I2v!aB|h!Us{7asNUz|S($_Ep?HM9S^K
z+>PFj7$3j1N%Ibk?S|@R6}1^_D%zWLR6{N<W#(Q&wyPM6C4Q}ReUfVRNy<pga7`}q
z4kwFDEC!$cQjwfS2x@|qC?_NCpGAF_O?6c4`nyIM<m`iH|5Fd;C8Wm|GSp>x5X0w!
z98KAc6<ZFriTf5Yk=Fa})czO38J!NAGlDrFu6iW<_Jdyt#*e$fu+&>2Zr^1|SZnbo
zRrO%p@|I0pZI;Idh6~#&8%noh;P1t^bjb&E`RjdI(}(F&fj1?1ehQ$EI6zk!sLv?h
z-X-N@y(3JeRx643ce4!5JRi8*r@1xrQ(6tM?&^p6_~1>>evf(+{?U(z(KqP%O;MMM
zDEsftoWal}!j*YHJOpCv$bsE7VI#kkuo@c&`RcUrISH<2ZW{QAIK3Z^GFCLtbocwA
z4!KgD5zAx^n4346cRhJ?N4reStMz@#2Q{6i28w`_^&<^M3+zD|E4nWX#Hx99t;GyY
zNNi12>~VP#d9p&xtc-69H-0I>ZES0RczWuFD={<Ji+Pv|3|8R0F9o|1PpJzrxW)}Z
zqOlI{L&;Ov4b7FCUDgv48Tz~G!g(W^Env^rW7}1$EeMh#8g~R`KXrOvqazZ>`;1)a
zevKuso;6Pz`O6+aDVu^M@w~7riS{}I7W%tlW6Lt7?`z`K9PlhT`HQxBQ>m%u1x==G
zL<+f_q+=e@(ASU3&S>QAAtdc$UNcP)+s<|O5k{0_k8I`%vq;IT(WTB7L?Iga66(tO
z$aws_+GXtdVF^lQ`Nz^8{YoN&e*KT=Tnko<hV|yKAZl7VomS*)Et8B3X@<0w<4q%=
zf*2}Gpw5&}MQo^>@0*+pl!xXG)-DPTedO5CO8i#74I3>WxU)nJ80jj%!2Rt>XCr#|
zqdm>gu72uxlsoUDfb&qH?czF0?3PNAQuM$rfQ)nFT(3qRzfgI2U^^5gSf*wALw&EY
zAmbl);-9w<d~%7Z-gV4=?$ntIF=6W;#0{4-y04|c)#2R@C9UfKsfdiM{Ocr&Ia#5H
zr;d<!()`F@Lbd{o6TJ_l+cT^`^x+o2IG0gg%!57dF1Wx?x7P%jiDtRZWsBKgs8$5T
z6)N5<GB35WpnJL#)bf;_b#>VpD}CODY@$f7E!v~@^)k20+g}l59w)^Ew>4I9&1YhI
zH26q@Mc=HOY-RsYZmJ|FHGPm&Bur=_zEGv;ng`FO=1r{{g@_8{A?UvG@I_z8CYOx+
zQjyAGZIZ0vr42Y<;B1|liT2`AK2M4TO`;ZdN*fj<hKK-bI#D0X`Sy>2QPbXhf?qiM
zDBiFt?!DVaQmo@a>@Vgg`o63AgF1~Jz09r4_Rl@7`uY<1BdM4L(EX0hK!Zc|oCmSH
z+p7Ro-WJL4ts4D$BX|S%D6=PuKP85({vysi{&hCCS?R2HOv>)A8jRE>0q?^QglM2C
z*!Q)G;M}9jvf=~+HyH&N`hFnC&vGMFC?OZMo_H#mWBmJSy*kVqRy|gM)1ahqoo^$o
zF%=}=ksR)0%FUdRR(lEyIMWkwwa_FMgX$?VZeBHJxkd;OA>A{IT1;vN)(^G3L*YnK
zkq(FpEH<ZcL0J6b&w?9EPAxBz`WEe{^%WX{$ZFgLmSiyA#8CGS&H8<7tvzmsSp;FS
z8v>*?;^Fk~NYx@8Q$NdI>kO@Zu8Dp#J&z7|qyN619p>FQt}yhdwJ%Udw$;(2R&7=J
z%#4&a(1Y`5f>q3kG_oMm_qN+T_-`W>N(gk;P%Xr@tYXeH<x|=ld=SE?@%M=wDTY(h
zVbQNA5y~u8i&5LOXd+UjXTzy0g{i?_UO$V<$K(36+3JS}9QO6A*16)|NaL2*unCBP
zpFUDiILO!V{!D12-E^7a+j8irkRUH*B`ztYd~ZGOwXBV9X)LaOi!aR)<C54lx9Fz&
zSgkq!ls}sL{gLy+6T3B{*$LUqT(*1L+M&+XD@Mnl14F9Cv?KYTd7<T;VRG`BG;v5j
z+4D)`2r&;eZC)CLbGIwI)O%o@NvFQ=uI9p1N4mwLB90eGSpMpcfy!!lPYC)Li?XG`
zT|m8HM^M(;6ybQVBOE^r?1p6^a1;>J-iG7t)@b1Lj7Xf`76`UHER6TR0Q$L_dBoLa
z&i&VfluhIQY#JO-TB6vWPC|?%VvI4w4U7&$HWn2vSgA*!2K3jT5QU0ydJM}0B(-aI
z?pjSU#uozdGiV4n*iFJ|P|SW}TPXO##8Cr1>uyljJCGB$^DApz%y6{QX-Z?2>NJI_
zvGg9T1R8rjMurX)Ql3?xFkS5q1X7kze)Ws^YP$hs*vgP{y<t6ku?B2oDNM%Y>_4MR
z)^^KGeXS6=zyr73{j?3`(m`E|@v}d~>^I8tPIoiRi})4zbx-xq0Gx|Z`ZMtrq_u7s
zu;1@Gpk~U(B!ujZ@yJK}A>v|b0UXjlG{L8j_30}G+Q$hd4dS94m;_3!RNBb8QF8_w
zFEsT<_9oO~&1qKh2zLe1e30lZs#nn=lO}hF9V5r+_rc6_%lZ@_+BruJYF;!k2)@l8
zGU;S;r;}7QRMPhnn>_0ko-MLZ0${r<+&uPe<G$dz8#U>|K9ksnULu;NCVq%FSx+#}
zS?nR*Ie9iuC(&#jzoygr*{D=;nEv~E7Ni=P`o10f8a+yaCK>I&8A@iku4I>QLOG#d
z5OfnH`dj{f*c|4tuhR;!5k))UpiA-f<hWDXdTFym+FI=JMGaVvW$BwF@6J|olz<;@
z3yuQ`l%s#UWg{2-#$#q^ctl61ns&As*_Z^C(R~2k0-~U&_&5Q4huQ)7@?B?UN!t)-
zn_pb*<Vo5_l>`#lk}{lS5V21fRA|`G@qztCA$r4M5zrrJt6CGO3(FiTJQbKx$st)*
zp2PPIR17F5p<$k%f{9us^kZbb7NrgkEV@O7Rpa(_^J7>^y*@+5;O@09XiPRiZ<SC?
zLz+GYb2vW>A8c;zI={zK^w+g{C>>~;KJL0fu@2)Q_iCu?JS{SRrGY(f&FP%_TlV{?
zoVu~=I$v}4Dkd*|lKYeMU~^qXTQF6BPZEV5&9FPnHz^|R<AR1H>ow-JQWwpRb!MAQ
zAzS^jtj6L|A8kdYdScJ#?<3v$O_^nok_-A?uW;g~yLg^_gAJT9is~OaIegUi$Z`Ut
zd0~Rgne{`%z7;Q!0k)BcufV<%-Y@$ewk!8w@XFPb1|o(bSNpV@Ex8XzVpz4QS**(v
zufB#u0ka$Wun?<z{YNX!JpJGFi&+v+$eXuO+#^FUGOlhNKiE=#b8{1~3uv8;HUO0#
zv*Gs!&*!slX1Di^<ZpXrhieqyE%MKKn?C#0e_WXoNdJ&neK>0`Mt)!w-j_9pU}ZJB
zi0;Pmt0e-0niGTA>8l#))ik5_S$|va+m+#V#`4kL_up2m$m&kX8qYZm*psc{;6!WC
zU!RJeP~u~N<>YzjB;x!TS8wBrn69xGDAR6svT&`($wo6#{Yj=FNz^F|Y^gkK7Z^w^
zhdoOpMckPw)ISwUoVFn3Eii?(q?j`{acbRneRmfE`vExaXJ_c5Jr%EH6=E*Pl;3@K
za;x`6#0LFNjJ8~TXAhEzhf{3-TjJe(w<AMh3<%}5Vu_<8g4@a7G4N6~BMxhpuM}0-
z_uX5yaFiS(&c{oQn<E!V!cAbzxQRLAtTHyUj4bVCuYN5yIgLy3Pm`fnUu20Iu@SDY
z=?{4g2}IJVX@h7!lK9s9`W>A0(CYRMs2qOqfuW*DaHuNS4@X=xfmV~>ZCON9?%!rO
z`%l=xBRkI$-}47%s7_+~u?j3fSG{R`ka*u8QhQDY2TOW7Dw#`~n-h=qehiMdf-v*~
zOJ>i<bGO*m%}E5FjE!>`rxYUG1jZ=n3+&u#?PQkxiT7E0^BZ5xy4;R6Idi4dfybN_
zvGuc@2LW3(HXA+#>xkKny?!{*KLXSDduoY<xaN@j{)dV{w**?v9eON<g1n#Yj8U>!
zmBPZ90$NJ?JqC<uM-7jtoX+9;SMloA9;A(!qsy)2KUrkwOVe!}w)RA!5`mfqm^q@a
z;&vs7%nejGePHh_D!5L`Kk8Bv=z991MLN)g@z#;K@0d-qfJ%r9JZJH>=%+{<mRymh
zAKz-zXz*FRSWc;7&3%%>=?rkxz>DChOod)UEWYZNaaQNm(h`R9QCAU60Ftd6z~b14
z9lAo}FLIouoUJ~?iprcS!U|Imwo+NzcZUIxkueP<q!+k5WJR|yUfd@i_&&?M;cL4D
zensTj#y+ydJXQ!~6snn=jbd8s^}V!y-y6Nk8weS(@L-Dy&Cwn?%XtL!TW(r;zc`0(
zsHLloUoN9DyVETw_4lmb5arTAgRspRo5~I@DKFT^GfVn-EL7y*$ZA+_+otVMM=a7l
zS=z9(z<Li-ieh6g-$OT`--goA1U7x6Eh`a%ar#9*pG>7f18ObYU|fGw(HHSQt3xso
z%cKD2JgIT&^2J;(2r`8PO_e`5aab_K%>PvPlcy{2_c?v<IytHCp@CF<EfBWU)wGdC
z8GXf2svFWvvqt{W>X+bGY1Ux8_@g%m)XS&7?IUtsYDS-ZLb`GoW4y(*lv9*4Q!B6^
zsc4aB)#81yTNnBwkb9t(7uwQo1S(PlJNX@FzH=*wqJ2H$3R$ms)`zBNBPmwTBcgSl
zg{C*%PT#cT-*M;Q5k9VwyopD}%|tl@{_e|SYg^i`qWr_Y%}K>_`xDX6|Ehe3f|Mlx
zHBn~1#=*hL=owK$)(%&`U{+305yzo8FbnN>0P4q<cNI{?eMkw}tUFmYn})N4x%jX8
zJI5(rj1|gKtIaSNG6EeDC--1V-#wD2QSC1HwF^(Rz@KMs-dvX!)O*|h&@+@AwtCO>
zU?shP1d0IWukYCAJp%U<moZ!hP;uJsO?mTCx2OwrWM3;Hx5o4m9}jU}8%p$BkAI2e
zzVu6VzYc%U!4}OuQ&o-PONl!sQS)+V8r}EEx7W*F2&884Z@J^~lnT$nm6;LPqF?mb
zawJsQ)!<1JBYtEKNJL$KWBNt{Y@62L9&7W(xPgUOqd}JOTqhy+7RRKl%Lhezwd_4=
zCC|$Zv!JE$o-0OLz6X?6z%$jqOS?dLm1@?)MnA#C7g8(zHDnL+6M33?f^9QS0c0R`
zr24i{Zi%B_Y=5*Ek`Q7zvCKmIA!$WSl-fg{JT?ioA{3DJS&AS$i1N}^k&0QQQwn7)
z#e&r(E&NxQT!`vl`4j`2gizWY^=U-k`I+C1uio*uh3AuOS`Kk?4R@Nq{j{x`@+Ch&
zapwoZUZLk{xV@^tp4KM?$3pQ-RFe3qr6l2Z($bB)_B}QH{)8$pbj~G$o~;F?#arp)
z$&UXo10?+0GY-y6z$i5aWckck&@$pA2EYUgYv37CCpsYw$pnVHyV--5)4c978M9_)
zrVjW|5hIZX+y)bOk>!ehq``5zqq$KbN1XSa?^v1BN8bTzfRU?X#);>EbEhSbhcaB5
zi!0z!QaHmkeU<#m+O0lY?6ou0l$9$Vn%>DJYLhjJ0FST~aPpte%MMl}5u=3ldJRGy
zmyU|;9&jgAJ*Pt+0!!a&&c>hJ#QGvwj0DF?AO?{HY@IpH{sSJiJbUXNJ)&p$5e9j>
zvvb3)c@+dqlvtp~+sw}aw?@MVa1{KFLOLgLZg{4~3O7nG61v9BTD%#~-i&y48<!iW
z9n<B5xkZnzZ@KgA`ufby^BthcU4qxU9I&M8EFi=9y?cio&yNvjZix#upI3IEWAtE6
zj)U-k&UgoOe~Ik8Is$ZYz?Xbe=SS0PIcx$iWwx9zf%G9~9U}v;TF`xunNnKC5SOa(
z&OUM1rXL@9xc@lbN9KUiRv3-Q!F{XfSq)St0Q!lH^#TjXkAh_K1fE|)Ji++a#-~^H
zfUUXyd&n>dekc6-WZpCDd_FtUXbAe-Ol88oW!CUeED|2e7YZ`H<9=!PTfQT75WmuI
zG98SiAHRw@$KUWDx(7^T|9oP}_&>qLpBGa3CN;Rb3;BY}BF%eFm7f7ivhNv?_ZGMB
zNhRJ!2)e4p;0@8A{o=y)p0YM?gTR{%M0Huo0VBswg-dAWJ|%%OkO+ITQ6dLnkM<q!
zrz)!L9TTlPkp#BzYYw6yZO>r9Kaf)obJYy;XVHJ=`RifVd=_kK1Mz^{xbsx65j4sI
zM4NNFO_6_2EhuQxdWX)ABZ9jV{yW#{-lGw9n3$vvNtG7sHwW&1^ik-%J4_()RbWXN
zpWjIM1m*$z1~qqBn9W-_&<8~2N$#Epakd0`U38O}(8?Bb>0{DqpxD8YuMFPL9$x;K
zy#I7MOykQu3&a3wTg7s~dxicO8JCNzjN{Tuha-2Z@$o5vWC7rId5Mt-iZ4MgwoESV
z&627QqGwU`TR?oynJU19x8`(OeBV0ee&Fi2h`3O2o&(M{0bC>{70jM(tr!g|iQmcp
zi8g5EkZc7D$wG!<usO;`M~LdxH7K2TQ6^yNAbP`b><e`FUo0jb{TwixbIWRq^O^_j
zr_v^0aVo-*hcZYg9JxX4-cAslIw=Z!jj3g*bWd29exf*V{=}}F_?B4}>fDmA@MY?I
z_%n}#wPWHAF5DgQfGrE{{q#aAj1z3Xtz3nXW`3cj(e)CT#EPUWRNfqdeSs>p>{g<$
z&;-7+v_35ho5kP}H<Vuu#GXDMkp%cJff%Mus@%>2=i@z8)$RK%+Ex(rcq+0?`173X
zjMH6aUfP=a=(EK6&WO6Ai?7BWK_sT6(G;m}JXac1WvVkg2_JVKYicd%QX`OI%G^oz
zqg9ymtrdB3Qr9rbJ^+33!wh-8gE23?+6@y)@m+#ug*BopanOB)Ww@1;?d{?Z_+8?{
zN=yyThn3<emgQ)H<iZ2?B1`UPO%kI33)v}}#@XP`v}Y^aa+`I559xLOW57*{LaOT7
zAs}m>zV1mXr0;gmB2kbZnVPTZ)BayzDetnn?L<6a`QKE={o)3*2=9moq7BeYO6;i~
z$=||;gvvuS5m82=^3c+ZKD0uRqwpu#wNG@~6xwp`=l4KwjsWE!_Rc6riWml>Nbml4
zMgs9g&)Z5R83u5vg;?mxW;*U9wkzfLA~Rn92=W#+TF_H~<^p=hHg`4e@1NNV9cwds
z7L@S>T2L|}+511z-^x<N1EX!Rb_js#{F^$pp5P{b&!@KB`%na-+l&X#9<VpXu&@gB
zWzhWTx@I`?&i*0SkzLB!ke^Giq84QWF0=#dzd9rc_sI(`R4ih>#x_eU?l?d>?kmMn
z42;<JlNNNvs3LL482OebN(^ymqhjgd^O8)s`1NvKCo)c~zgun?V_m;rjz+SSLJ-D%
z%Dg8Wt)EMLpL^((0!icnPlnNY>Dn?3Tc&ZtbPt%He>j8IWsD|8Cn$x_xK(7D(_bOi
zJisX{Q<m^-MvG$TSU-qOAND|6F5!DcFQkt<{QJls8RH8VDCS2?Nsy5S)CN5V%y#OJ
zVeMrguQ%gC=t361gSq5I@feaSgJV`_K+8m^DGP02n3aP^<lOvTDmU#hT}0BCggF6R
z;I2F2_x9(2^S5@`^7jUte80mIwFCLNaZ~!pCYw)=afowJJyBoD2nUuTq+KoP`AJ){
z%$-{ofqJx880IV2g_&31hQ3xc<&Mj>pp*IhxxY*a;Oa~ekpOKzHpDsEdSe|+i%_r?
ztc8)Pzrn#z^I7JZMG=za^K<BXaZ(tPeT5`xwm(eD*!D&Eup(g=EtdLpud|?eS#uK2
z5T&axLmb#%E~vN2In&aw_DpG#cI%(dFtHvkITS-|BfSx_F{~7QDVDo!&)aXH$wy`H
z1Y_^F1hCv0+5x>5bl!uZ&NxWQ$Pgv{`$K8GPf5fXEgp{KH7SQlirvwh@7KD<5|Pn2
z`w$3~%8V58W`fui(Z&;(h4UxI*!ykxfajm5%mJs9y}QLsVDKt@C`eC3PzQ0TXXkw<
zVTv)N*iHsfl}97a&+eBeK$XoMUWVO&CCfB!mPTr*H6I1CD%qs^g6;t~b~6dOy@4fg
zdXcf*U)8wDtwSd1q`)dO0bNyvR_pT_#c2c_$)VD%(OAs{zWwnUZ(r^iCi{B}Zef<)
z^;Iu7CZry)f8MNSgj^KJ348-7Jte2Gx`Ubb2FXjkB^$xFDb)5FMC)k_dOwbq*WB+i
zNOdh)ODfxkiF^@D)B8HiEYSr@WzhIG)FD<6*eh9^b)pAp810q{+*9SiyiNZSc}_Z7
z`iV;5;T{-cW~s@s$UpYsP8kBk8m!hnIa^6U^`7{z%*>pHth_I{j3n0f<u3=v;!7ks
z;D&|41O{(}1!XT2&8plZ^-)ae)+r`bau4|+Aw$5PC1LTBe)M@6L!{Qj-jp@*hdReI
z|90@}4^+ob3`KLm^4^uR@>rZqXhMbVTI;nJ%HiSgoxbfKR>6C8Pe~1qU|GJNEamI9
zpE}@3R!fRZhA=PV$dn<x4(9=$s=>xL%O{W=Lm~<lO~Ld+1YuoBn<rPd$O3OGRPklR
zn6*l6oHzo-&{lp2SBez65hK?3WWf{;yP(-=(D4*lGf{%Ty7Z5!OW49+fZEaV;7*+b
z#=EGNJ3@gUczysir;bBaPd$GBQ!k`JrWWSfj6fzkhI5D-a6(p%ep2=0_I_Bs<#uyx
z!^F37Z7zT?*unmZGGRfRNwJ(BW-4g?yadjF55bOhIGLuDG}eJrwSSpPZ4tr5!KvfA
zgkjw+1{L1Hlf?;h^%vG>#^Rw*b;1Kz3B+BIy&qu?cv}~NNdjw5s+bUq;;Y$@y%Fxj
z-(s)I4TuklF?=$Jtt&Saq-JTe=o7mou_=Us7}5X&i>6Lu!qOETfpLPbza!Wf?YkW)
z3)&5mAwX{fNty8?+A0FSL>dI0FYLGbUeM5c`^>Vt46cbyIPJivG}1&!(R->Yj8w}U
zs}2j@I7}9}Kv=Z~8UAEk2w8wJ3px{O3Bk;e?*?jjHY?uh3EMLZPwW5aaEQ21$|p|A
zBy2Cy9d6cK!0hy5t%m$DGt2F56s|)~n<B^o%k5-*`e((b@l$>PeIqv+<y{<*U9t!A
z*X2?aEJRmk*<Ax$Sp>ZNT3FpWx&^T&(dtO8#QIO6X^F3qg;nCCG(x}chFe-sJJ`<w
z^K}4oh*;my6nUPJ5)?tO94>^_N0&LVA!X<&kJrf@G100-m|*RBSM*KLL}e&8nAL8%
zXM8i2IQuJBq9M0vJoMu^VBZsNZ0zP(xidX95XNsmYOd98MQI~DNd<Jy!rS;5ZTx=<
zbPt&urtU`LD`1=4P%d~MBQM%C9Z9EbJ-0U6=M_33ZI?<SU42P&z$~(C`KZ&b9}f<P
zkhnQN)9#`2Oq=w8G?&Ln(?7$tv{|EAV!QCzmWX_YD`63$#&N%;JJrC>yE&y7-UcFC
zTVJNP&jEXXTp*MG+w<*LPTF?aDUeR@5662!2Sp7`MoPK^wd5?3bGB$wc=O~0V!~7z
zePjS3Z#Voa&(%*n@ic0Bb0uQW*&J}|$?^ZjOi0I)r3xLGjYvD&B(1$0SO}*u{Lk$d
zlYPx4dVYJaYEh8A@(-%T5($CzyGpjUkj#0c+wj7Gh1o|r;Aaz5q1PP$Gi5;bygup#
zK@tLi=GZa8Sy(^+DAXgbtS*c$kQiJ?eXr3co9iPtl+#Y%1e+4OtVhC!i*@084ir<H
zmoJxL4w%EXJ|qG6N%&kQ1<}Ad2&I$AxAgW83{A_Ez&c}x9v*QWUPPzGdQz4RezG%4
zZJ9F_H)#o6{<SC3av6MStHf+&higIm%I<w;vKDUxUC2$mV6m+(px6@=^R)A1fL{Zz
z%F&bUi0>vb*|3@3ucpYK5qPs{0LmL*;vG)8o8y~QYH!3rp99XD_Sb24Zn{8t>09i)
zQtthDCYrK{o1;%T`~GgY_k!5Bq~BH1GwxUwQlX-h<X)%shv;^eL{jmupC{<2#{U~Y
z@>5Kj_Z+alLH$YKIlxvZ-Pm^6+o2E#YIX{46n?{gScEwUca%uq3)h|Y$67%t;=^h?
zyc+f-%c-`nBM$wYy)(*@B8Gt|(!2ki`QQf$=53{t03x;q0o${gOvmlScDZ~*Fm1;*
zo1TM^%mdzsdpYCNQ%ITLK75=avf_+&CS=0mgcC;EZik|4$&bHzM!kM{$uq3!qdXI8
z%jXBfe#1xRdy{p#>XJ=5GlF(^AHj7D1hITI#5Dw3;Z_UD0o!mXi!0wI04<W&62?NG
znRP{DqXLa9W^R1lW558f&fhQpuH99-ZU-4$hAxRrf>-b|WRB`S)92=d^hCfkh<TQB
zz(ms(r5zjj+2G~YP0^1u6h7>kP(%mZ^gG_UqIqHVVv+7pXH8XHY5aFs1sSuFbz|Ky
z;=n0<VD@gbf61WR1f%{c_t{(fEzWbm`;6$WkG!4(j`o*odm(`J$v%8|g$S&xK=y`T
zycA#L1RC`Z#2;8c98!BNoZK!&>;2(mYjO-(`ns^B7ZmYD8CE^u!-p*9khWh>@!1LH
za&Oi?5aK_NZB;%a28vR+#$7!Hx<5Kx4_PESoY8$-(+}58m|)b2HFn~;QoHC1ru-gw
z9q>|CSsx_=Q_ovqfe#ihq{S*FM|%=v5wZ1kh1)k&Zl8t@>m$hzN!}1&28x_4`zlOd
zqD0b-hLA!5yGLRUW56RJJv*Kn9Mz9sBH?<mx$);rSp4<F<9{JVh))bioPVOt_<26c
z_ubfYA%u~6l%C-uSfsP{ce0|k6fU)_adSAMm@7d7nsg`?@@vR^bhgv6vk*Mp#$J&l
zVio!Er^^Ay{yJZ&`pd1ga3BfU1I6d&e)uSy17*@dfSBXjb>Zy2rMsl{xBY>Y0@P3o
zUsz>QC1(-o&7}733-Z6a<=2jarmsF=6r-jrxXbobw`pDNcuA4fYnXwjebOc@E8jtL
zMq>Knb8?@Oy@cwW1Q10Jh<)LCf}@+Q2wB0Y<m&r7511?jl@<dqBv?wB$1dj(VVRMK
zB6ILH#W_qQOF#1UdExDVO5k_~a9q|q5n+K~W8la=bumkAOJfpFOll504;1EGvooGB
z&P^wIlP&gqT^t&ab3voLIx9!#H$gHd_yN<fMDK;VJDEF6gl=h{4IdO1{;FNNeTIlq
zdTy&W$V)qOJ`81_nX?`GCI6_=`$coiF#^wm&U8HoOvcDI@o15hV;g^d`{NGTj}BU0
z3S+h=OhPPtbpH()B|cuSdr0Uomwp6)D{VIu5r${5lI))5X*QOrRZ$O^T<a1y@A0m2
z=>9-poILPa<k{rF-69D4g$`Lv$ufIPcy8SZ#?85y23a~JjGWdhQRG5Owhq=vaNG%&
zadW&@E)$l{h4pAO#SseA7w3X*oGzaqqbtd=ilbHi-Uh8$kt7F9I31E1V6&atH<f_d
z5lJuz4`b84h@<`R5nbxaPfC0~XJ9T!G|WdILe^TSuCd8jZ%kMvX}TYkryGNO?b@ov
zn`%$Bg-oLPnru$iF^9YwUFoFXwR(u1+mKU7EpnIhBF`yZUVxwwet7l|2xq%E(jcX<
z9IzYt9?Za#Fqtm{2n5IKqD60sN6#16JzpXpK|Z81@6TyhpmKz#wR?q?uBlZ-IK5O1
zqZwu8AIYCjdGmIu#oM}%zm|3@3gk^TvU|WJM=eU+z@w!|d#7spvSOmT--4WKKQ63u
zrWkrSv4V99)dN8ba;?>#D<B6z%mE!1#Za!ucv6M#b}=nVI`LcY{t#^nh$aWz15v%O
zj_0B$tY(x5JzV<s3;dx-CT9}cdZ(C8SOqU4MWKOR-%R#3$JdlHP@daY66lsIbML`w
z(^1~`WA=sKb6C=J(r!pLh5=I<rj26vD_qU!{k_H!B%TnH=#e<$sG?74D%`qLy&IFh
z%ByfykqxDYFjKVqZ7~uTViT;Delm!|8)2ayHHTeA!@rUP?hgk(J08`Oq^o$91oq9d
zOG$Aw98QMtFZBC|Fi7Yk=28v7>8Utmg|*$2>o7E%X)s6R@&)R%r*%IRGDucluH+#k
z=Yn>84B5erMc~>0jueQD7)RKBxE+M%%kik~x?3sAmQK70M)_1PK|!=*sz|1qGz;n@
zZetI8kMEf?5JT>rLi2+wS$EnO%xiCs`$OnSaW3e5ewY$W4U(^AmF{ODU&kJDiNdYw
z()^U<VN(woh_@u7R2~nzxM8S2DjNkeKLq+6Zo(`*H`L$A`kOIIzbwQF8CGktk@lPj
z3c3nqxra1uD|JZ;x1IdmUBI_V*b)>b8|wqzZ5wk_m1iApufs`t5cGr7dK=eQ7Mnlx
z&Jb}ovHW>w8hGAG0@L(pNWBYD$-EyhU+O2L5;YXdh%ZV=jR(Jat4bA@AyQBbFyq?B
zlpr-(;NBVYHy+%V*{5;g-iAd@__d#l9um02!h!yg9!yGdz*+k*wphV=iG@<4q|I2l
z6I!H-`vPz3&9CMV&-=dfEFz!Oi^@?u$Vt&}zPTD~2chdXs)8T~fpiMwbw#;TWhDtr
zYhd*SjGNbkG^e+ELqQX%FX>y+Xa7IO$mE`|A4!UldYmvjFa(MKb^V1|9Ekr_&qVWz
z4nn~>nZPT&(vu$NxWdUodVULvBj9zEwi{Q54laEtdMmWZua7ff$phI3wwR_!29ofV
zV~Kr(hA53L3GBwy-<*f!8Rn~N{3sj_)^adElcYY`B!*#M<ygR4(Uqd|^Pj{?9*{(3
zk=@{tL3hYV=`j?vujh)|GUjsej$pL~x$J?QM3BPnXbj{!8br&rjpx;@03Jjm(BzUx
zhxg&oR7dZ2a*W!7Hsi}WXpYJG9uxN2Q>oIAM0LPH)+lqpo@|-!&la~nfoO;1=JQJq
z%RcAR%^oaez3CC1MP4e>Pjz1-*T*|=BS{M*#m!Y;Y&H|w_|?e)R}A(vYKC5n>wr0Q
z8t@Cev<vqjBZ6T{raHeuQSC4P=JZ)Tw=X<tjW}DVel!Jq<-6taL{u+z;x$U5&!vz~
z@JVw0W8GJ4YL#}Ub|x$~of{;C_)<4Q4@cxRHpE?dDI37#%+)e^TBY$O#9bzY=d^7V
zYT_Cy*C_gDl{=4YqmeeR6Jm3&E(zCd8AS|!UX{g5I&ZJAV}}QA<es_@WonM(fIV7?
z>xZ9JpFzjdwjA#p0_(cm$Gss2Ie_1i-3})CWrCIr$xn-na-oHF>a<>T3KS^OuM-!@
zHKvfyuFc@DzO#2ONm9fx5GCSm2)O?(IRp#X5DkxXTFs|y$1Ip;+T|*%WPMVpfx%Yr
z*i{#1pt=VvLQ%mGj#r%V3qkZ4d;Er932`wB?I`|BBNKgFWDf2C;?LW+jOwT)2&@Q4
zdMs#;aTr4oc$8ok^Fqz$!J!bFg~4_bm1%H{a6xBu;f-0rHPQZ3Z!<P47^fTVGGfT!
zt`UbKMd`sLae~5A6F!|Ag2`XxT&lhbsze|vYi_^z%4xfraH(3WLCcTDx~$|La8Imu
zI|HX_G+zEGc+?6$;+nyAm+JyTcch0xyPOlua@$}g4?S<$^Zx8bzS(64I3}GYOyuQj
z>=CW3lg8d=goRZpN?EN>Pb^EnbYa3`HL8X5@%+tG;ISY9F@#Gc=YSPasSFTLViK4$
zC?N7-oFI$gAr1uny)+|CIzuz1#u&;0yR?;q;e=7&6<wcFGBt9<o(Oeqp@|H!YEvPs
zaSzy|LY+LG8x{<Xx<1L;Ehx_c_ugmU^$B17vbb@Qw9Tj!L_C76!%fK2XUt22DE;bO
zZs_`WvKKG(3-OE1xI(YbmB|J)h^U19fX(1?m&n~;t`rP1{IPz_GrB}Z?|rf!kJC?H
zQur^Oqw7=PQ+fWB>J>m2vVAV*<XbF2tlQwgZGk;7Jj^y#&hGq2hzDHls4w``R=~<n
z^IGYvMX;>-*d*wT96*w5Hve|ai8~c@KB)nh53jf`#u)nqA=D~Asa>GtSC;RKdFvC;
zC2`MO89ikQ0U3f#n>nS32b>KeJ$JNDl&-$Z12NSYV*z$i%}d&oS{6jzsBm9)@o*5N
zfVT_H=NNT+FP(QX&Qtt`_rGz#WmA3RCig{TiIS=&h&_n5A27elD*U3EBDs#|j9yud
z<+45KP{*i$odHAhYtDCd^-J-5VG{^eqfHzp?V^y|epECZh({v(J(~gU%Z1qO_PKLx
zaDeQ;{Ftoe=mt_y3o#s>)C2Z_<!v?ChDgbL)7_SQlrs~2iEVOKI;SQoOy}5gNQ$bo
zA&rl^e5;e~_v<D9a{LwIJYxTFV@5eH{nh-dLBWnztpU#g^ZT?1MFNJC<V21E^*RtZ
zC+i4Din!va$oI_s)K@thcCglm2c1HZBpxX1gXBHX$X_#05sl%NecE#EKJCeTgZaP%
z1l=I9<_J*GMeBI2061DF;=i*yCxILkR(6`Q&C8JELSI}96D7WHvs8U4`xmme>C(wv
zc8Qn4jt@kU+^Fm!3^u`DjpA{xPVr6@YL;9}q9`n{17-^5ey(I7AHUm7Wr7ox1V4yc
zeY3UXw=-LI^J=MdRxvF*d>I$<W%;yB#B|t6(u$6w2||0DYrLr8a7IEBQazls{DXmJ
z*mws#2aL%7t5ZTqp~N99Ed$sIizd*vRMBms%N+N^Z;CabIf>)PBc<)zPub?SY6RpF
z3f4FP>kvBo{j~k-B^?beg5$$kr5~?s3q4#7N}G+eAF%xGz<N26AetomMp_L{OOQeQ
zhEi?6TV5`Qr3b*@Z-Mb&4a{w#dR%V#4Yea?oM)ja{b3e0L3AzB1n@=0R!^fR%ws+L
zM#_ZM3mV~{ox+iie!#@M<Pud}+d=fcd1wex9R&<pf-m#v2Gqab4bsX;BIFcXCTOu&
zY{s35)77jM_OoLY@N=SmmvCM_y~LAULyWNfRtfGmJ^11Q%PB6)ygg_V@4rV&Q*@73
zk2{yQoQaF!UTFCL-rig3QNoa&M<#q#z@~AQ*H~e;`}Fn(D~+N~KQ`6CeJy^4|0GAL
zQ?X0?7tI4MYUue8a~^RH3TwwCVIrH_gI#>!H!@E#;HAE<fH*1+9Y5dN5%#(BEU+&q
ziHvNb8L3{wY&AIgoRM9QEej41d>a&b-0lx>VWH>;T-b-CemW0^1w<7fWR*&;nwW~V
zFcZHZQVk@25%Xy;p4$L(mGm$_sj}&MSB|Qtr*Yv6Bt%OAoG(ov%-yr$wk2F_{X<UA
z5_0UiP8AOrTjIoPaZZs4txA)P93Z7CHnImmWul6Z^${M=7kt%@B3fN>OH()#&1z~1
z^@+TgWh^Gz*Cbuw)uJ@^O|<$ByLk@SC(44*R}C(-hoeS|qL)Fw9vo~nlM$mSHgXir
z+5M-DNzLJV9*Abu*(Kim-1tQ9A;B%M0AOK~_21_s2cd;=GHw>QfDFn5t?~a3fAk!1
zf$fO*orlW>726PFMl7ipjQHSX+bUWd2rXOX>!nU1TYH13veC4Fpw&W|S?-ZBJvxCv
z?pFSQx&68>Pc;Z)5=C47w3H6d0hegY6byI>9zar0>G4SG5W2?bJGQBb-AfHUD7;Eu
zKD7rXh6^C?dPQAES%RK~f{}VgQ$0n8Bm6RX65ENa*qWPL246rA_1PD}lbF4mv<?`V
zZ?@Qy$AAMW`9MAi)yFuN+Lz#h;BaY|SEietb49MxLhc;$hCZtOl=OFvPBYOxiaCTv
z%+kRzkXQMM<0@?KM)B>}9B|P`zF5-%kwLtY-VZIOY*z!_HHz;oZ5IZn)M;Vo>k~h+
zISdjDHcXv+UBqpC**_cmQY1nPg8^7qbx*!9;#!6rn)uY9&qjo()-lOu5QkY_J>bu)
z%+@Sm^-sk@`%BmlhBHZy;-WM7ybP$mUj&c9(dTZjT()$ZRs;7@GGZ!d3O+z03yw97
zj+sCF=IqTxnYF~`K`+7fAScmvz*TA{`T<On1s35yPcMqi?g!S0FPZB+X6oAW7O@21
zMnJJ87>p+i9UT;hX*;ikGj%&e7FTDILN@oV{+Yb(sWnMv1*Y(He|COl*Y|z^_XyaM
zB8ex6243};oB5>pynLJDK-Xw#AzKlm`Lb)CSD3K|t&gGvStOGJRow@O=hJnRu<Tj8
zIYT*;v|m5&gzZOOpV@;0{NvXHn1Hfs5CG5PSXw4{!AUrSyaZo9M|5bs!3=_nSpao~
z2SqkJ4-q-TNa3R7X#(U74(rpKp|XYKu^T%;DfcNH8c~-6kw9dI=<R=m$VWfs&eXnu
zZ((E2@p1rLO5aI~9LIlV_E(U;f9&RI7MLv*aV<P;tFz`>NOIJil<U|G4=^@2itcx9
z7#j?$@gVAEn`{7Fu`pJ@Ko-`*bD}&WgXylB1Tz=};>!;QuoME5-xN;|_{B;5s2*$-
zm*;v=H>Sq3QkeS@7KJ&sbROTU?Zq4^YPvE8_xS=R<eEM=@>w02W~c(YKMd$BU~U<3
zj>0L3emkk~4gB=+`vLr|4vERCoBXiiNyjtshu((YOOOz+FdtL}E_1uZLN^HN*^loL
z96Z>@LZPZKlBtTLr50d4K4}?6M3Nhm(H{Z^#Jy+mSN6^z#bFo-f`@`&od5rFAF&4=
zvO<d}x8@SdA_1F(V0p%LM(XJnvqv<0B$bADazBsP9{_%zBYcY(CTRU+NA9saIWug{
z<XVvBmrd7t!Y>;N^2v~5LW#F4V){8Q1^fi#@`V~Tm-<e3QuZpU^JLG}$8I3ReFXbe
z#*nzC;oSl7adJ`M9YL6!FqF8PLXp@mz^E}685E#+mMZxYjvvCe1KUnD!QAmckP-NP
z=AU7fg{#pEscGScWQiPuk;HS#m%~M>Yi*tYpWQ|B^(n7jwc2ZlQyaMc@Q3sG0B|dT
z^LD}UI~(*~4uguno&@|-RyT(5yG$hMD)uH3nG~cI8|;b^Agcih>R^|v;lOg5vl5zg
zs~DjzgMjwcXH9ThxpB%T_*ri;=$qTeL(cc{`T+2Vz_=K4;X&iSt-qV?0*eU6<`vkM
zje_jNRkf7*Xy)?P7|(&5xg_Cc#d0I-l&0X7We{$0<5|_MV!~ElUYjE0g)qI<mO}aX
zVz20sFljxL3V(szQN!O3fExlQ*|&?+QMo%|Oq}47_z~UP19{GKWz};KYb|KiY`Eu=
z3?&?TRL2~?JgA=>t}dotbQ7t^Y7z`lSi4`v-?{xXI%sbnP=+H*K_$C18vb?w+z|ML
zUBdK?XFTJVy)sx~7=~f!p-@EL|Nrj}BM2cndKiNaKUk>bEOld(48!nKj^kJhoqYkH
zg0%o7p*=JxpCOg?9nfC`DZ_scy=Og95@A?@5b;m2Lg1fcsPUxhN&%u?Wx}BXWwZ~7
zh=<WBD?m8pPs)X#-*^aQ(NB&S#H?<BR7il!P3Lg~T4ueh+@{eWopmSP5x)V-B@Vhi
z_yDhLQn#N+VtbvqcafNaa#a_@seUZ3X9G{~`8#yI3{_CPF$lYRunV#HR#B--aB6EU
z&>0u-Mgm|B!!QiP@Kpei&b)w)hT+v-9TETlfG_|<y?<l^ppV*041kj41Z-gdD9SMb
a0NyS3xha(hQg^HX0000<MNUMnLSTZ<5(;?$


From 3527ee76abbc7f26a7fd92ac1fc44a164a081e25 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Tue, 23 Jul 2024 16:52:46 +0100
Subject: [PATCH 08/30] Update release note

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 content/docs/releases/release-notes/release-notes-1.16.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
index f9c2bd47385..e12ec0c792e 100644
--- a/content/docs/releases/release-notes/release-notes-1.16.md
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -9,9 +9,9 @@ cert-manager 1.16 includes various improvements to the metrics in the cert-manag
 
 ### Extended Metrics
 
-The webhook component now has a metrics server, so that platform teams can
-monitor its performance and gain more information about the underlying Go
-runtime in the event of a problem.
+The webhook and cainjector components now have metrics servers,
+so that platform teams can monitor the performance of all the cert-manager components
+and gain more information about the underlying Go runtime in the event of a problem.
 Read the [Prometheus Metrics](../../devops-tips/prometheus-metrics.md) page to learn more.
 
 ## Community

From 2d80b7796a4f0644481377419fb631ce3662279f Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Wed, 24 Jul 2024 16:58:48 +0100
Subject: [PATCH 09/30] Add release notes for v1.16.0-alpha.0

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 .../release-notes/release-notes-1.16.md       | 32 +++++++++++++++++--
 1 file changed, 29 insertions(+), 3 deletions(-)

diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
index e12ec0c792e..c0a37888307 100644
--- a/content/docs/releases/release-notes/release-notes-1.16.md
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -26,6 +26,32 @@ Thanks also to the CNCF, which provides resources and support, and to the AWS op
 
 In addition, massive thanks to Venafi for contributing developer time and resources towards the continued maintenance of cert-manager projects.
 
-## `v1.16.0`
-
-TODO
+## Changes since `v1.15.0`
+
+### Feature
+
+- Add `SecretRef` support for Venafi TPP issuer CA Bundle ([#7036](https://github.com/cert-manager/cert-manager/pull/7036), [`@sankalp-at-gh`](https://github.com/sankalp-at-gh))
+- Add a metrics server to the cainjector ([#7194](https://github.com/cert-manager/cert-manager/pull/7194), [`@wallrj`](https://github.com/wallrj))
+- Add a metrics server to the webhook ([#7182](https://github.com/cert-manager/cert-manager/pull/7182), [`@wallrj`](https://github.com/wallrj))
+- Add client certificate auth method for Vault issuer ([#4330](https://github.com/cert-manager/cert-manager/pull/4330), [`@joshmue`](https://github.com/joshmue))
+- Add process and go runtime metrics for controller ([#6966](https://github.com/cert-manager/cert-manager/pull/6966), [`@mindw`](https://github.com/mindw))
+- Add `renewBeforePercentage` alternative to `renewBefore` ([#6987](https://github.com/cert-manager/cert-manager/pull/6987), [`@cbroglie`](https://github.com/cbroglie))
+- Default `config.apiVersion` and `config.kind` within the Helm chart ([#7126](https://github.com/cert-manager/cert-manager/pull/7126), [`@ThatsMrTalbot`](https://github.com/ThatsMrTalbot))
+- Helm: adds JSON schema validation for the Helm values. ([#7069](https://github.com/cert-manager/cert-manager/pull/7069), [`@inteon`](https://github.com/inteon))
+- If the `--controllers` flag only specifies disabled controllers, the default controllers are now enabled implicitly.
+  Added `disableAutoApproval` and `approveSignerNames` Helm chart options. ([#7049](https://github.com/cert-manager/cert-manager/pull/7049), [`@inteon`](https://github.com/inteon))
+- Reduce the memory usage of `cainjector`, by only caching the metadata of Secret resources.
+  Reduce the load on the K8S API server when `cainjector` starts up, by only listing the metadata of Secret resources. ([#7161](https://github.com/cert-manager/cert-manager/pull/7161), [`@wallrj`](https://github.com/wallrj))
+
+### Bug or Regression
+
+- BUGFIX `route53`: explicitly set the `aws-global` STS region which is now required by the `github.com/aws/aws-sdk-go-v2` library. ([#7108](https://github.com/cert-manager/cert-manager/pull/7108), [`@inteon`](https://github.com/inteon))
+- BUGFIX: fix issue that caused Vault issuer to not retry signing when an error was encountered. ([#7105](https://github.com/cert-manager/cert-manager/pull/7105), [`@inteon`](https://github.com/inteon))
+- Bump `grpc-go` to fix `GHSA-xr7q-jx4m-x55m` ([#7164](https://github.com/cert-manager/cert-manager/pull/7164), [`@SgtCoDFish`](https://github.com/SgtCoDFish))
+- Bump the `go-retryablehttp` dependency to fix `CVE-2024-6104` ([#7125](https://github.com/cert-manager/cert-manager/pull/7125), [`@SgtCoDFish`](https://github.com/SgtCoDFish))
+- Fix Azure DNS causing panics whenever authentication error happens ([#7177](https://github.com/cert-manager/cert-manager/pull/7177), [`@eplightning`](https://github.com/eplightning))
+- Fix incorrect indentation of `endpointAdditionalProperties` in the `PodMonitor` template of the Helm chart ([#7190](https://github.com/cert-manager/cert-manager/pull/7190), [`@wallrj`](https://github.com/wallrj))
+- Fixes ACME HTTP01 challenge behavior when using Gateway API to prevent unbounded creation of HTTPRoute resources ([#7178](https://github.com/cert-manager/cert-manager/pull/7178), [`@miguelvr`](https://github.com/miguelvr))
+- Helm BUGFIX: the cainjector ConfigMap was not mounted in the cainjector deployment. ([#7052](https://github.com/cert-manager/cert-manager/pull/7052), [`@inteon`](https://github.com/inteon))
+- Improve the startupapicheck: validate that the validating and mutating webhooks are doing their job. ([#7057](https://github.com/cert-manager/cert-manager/pull/7057), [`@inteon`](https://github.com/inteon))
+- Update `github.com/Azure/azure-sdk-for-go/sdk/azidentity` to address `CVE-2024-35255` ([#7087](https://github.com/cert-manager/cert-manager/pull/7087), [`@dependabot[bot]`](https://github.com/apps/dependabot))

From b7ebb5e1be722370f81f9fc5a1c8936928e15d35 Mon Sep 17 00:00:00 2001
From: Christopher Broglie <cbroglie@cloudflare.com>
Date: Sun, 8 Sep 2024 19:25:31 -0700
Subject: [PATCH 10/30] Document the new renewBeforePercentage field

cf: https://github.com/cert-manager/cert-manager/pull/6987

Signed-off-by: Christopher Broglie <cbroglie@cloudflare.com>
---
 content/docs/releases/release-notes/release-notes-1.16.md | 2 +-
 content/docs/usage/certificate.md                         | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
index c0a37888307..1b507570d59 100644
--- a/content/docs/releases/release-notes/release-notes-1.16.md
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -35,7 +35,7 @@ In addition, massive thanks to Venafi for contributing developer time and resour
 - Add a metrics server to the webhook ([#7182](https://github.com/cert-manager/cert-manager/pull/7182), [`@wallrj`](https://github.com/wallrj))
 - Add client certificate auth method for Vault issuer ([#4330](https://github.com/cert-manager/cert-manager/pull/4330), [`@joshmue`](https://github.com/joshmue))
 - Add process and go runtime metrics for controller ([#6966](https://github.com/cert-manager/cert-manager/pull/6966), [`@mindw`](https://github.com/mindw))
-- Add `renewBeforePercentage` alternative to `renewBefore` ([#6987](https://github.com/cert-manager/cert-manager/pull/6987), [`@cbroglie`](https://github.com/cbroglie))
+- Add `renewBeforePercentage` alternative to `renewBefore`. The new `renewBeforePercentage` field computes the effective `renewBefore` using the actual duration of the issued certificate, preventing any accidental renewal loops caused by issuers truncating the desired `duration`. ([#6987](https://github.com/cert-manager/cert-manager/pull/6987), [`@cbroglie`](https://github.com/cbroglie))
 - Default `config.apiVersion` and `config.kind` within the Helm chart ([#7126](https://github.com/cert-manager/cert-manager/pull/7126), [`@ThatsMrTalbot`](https://github.com/ThatsMrTalbot))
 - Helm: adds JSON schema validation for the Helm values. ([#7069](https://github.com/cert-manager/cert-manager/pull/7069), [`@inteon`](https://github.com/inteon))
 - If the `--controllers` flag only specifies disabled controllers, the default controllers are now enabled implicitly.
diff --git a/content/docs/usage/certificate.md b/content/docs/usage/certificate.md
index 524ba5fe554..a13f417c8c1 100644
--- a/content/docs/usage/certificate.md
+++ b/content/docs/usage/certificate.md
@@ -324,11 +324,11 @@ The certificate may get issued successfully, but be rejected by clients during T
 
 cert-manager will automatically renew `Certificate`s. It will calculate _when_ to renew a `Certificate` based on the issued X.509 certificate's duration and a 'renewBefore' value which specifies _how long_ before expiry a certificate should be renewed.
 
-`spec.duration` and `spec.renewBefore` fields on a `Certificate` can be used to specify an X.509 certificate's duration and a 'renewBefore' value. Default value for `spec.duration` is 90 days. Some issuers might be configured to only issue certificates with a set duration, so the actual duration may be different.
-Minimum value for `spec.duration` is 1 hour and minimum value for `spec.renewBefore` is 5 minutes.
+`spec.duration` and `spec.renewBefore`/`spec.renewBeforePercentage` fields on a `Certificate` can be used to specify an X.509 certificate's duration and a 'renewBefore' value. Default value for `spec.duration` is 90 days. Some issuers might be configured to only issue certificates with a set duration, so the actual duration may be different. `spec.renewBefore` specifies an absolute duration, while `spec.renewBeforePercentage` computes the effective 'renewBefore' using the actual duration of the issued certificate. Using `spec.renewBeforePercentage` is recommended to prevent renewal loops in case the actual duration is less than expected.
+Minimum value for `spec.duration` is 1 hour and minimum value for effective `spec.renewBefore` is 5 minutes.
 It is also required that `spec.duration` > `spec.renewBefore`.
 
-Once an X.509 certificate has been issued, cert-manager will calculate the renewal time for the `Certificate`. By default this will be 2/3 through the X.509 certificate's duration. If `spec.renewBefore` has been set, it will be `spec.renewBefore` amount of time before expiry. cert-manager will set `Certificate`'s `status.RenewalTime` to the time when the renewal will be attempted.
+Once an X.509 certificate has been issued, cert-manager will calculate the renewal time for the `Certificate`. By default this will be 2/3 through the X.509 certificate's duration. If `spec.renewBefore` or `spec.renewBeforePercentage` has been set, it will be the effective `spec.renewBefore` amount of time before expiry. cert-manager will set `Certificate`'s `status.RenewalTime` to the time when the renewal will be attempted.
 
 <a id="non-renewal-reissuance"></a>
 <a id="actions-triggering-private-key-rotation"></a>

From 010a100144afc09f55b3e69fd9d0c90654a534e3 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Thu, 26 Sep 2024 08:28:00 +0100
Subject: [PATCH 11/30] Re-run release-notes

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 .spelling                                     |  1 +
 .../release-notes/release-notes-1.16.md       | 36 +++++++++++++++++--
 2 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/.spelling b/.spelling
index ee9ccea2f23..dac3c06a191 100644
--- a/.spelling
+++ b/.spelling
@@ -443,6 +443,7 @@ namespaced
 namespaces
 ndegory
 oauth2
+OAuth
 onwards
 openshift-supported-versions
 plaintext
diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
index 1b507570d59..a3862ac00f5 100644
--- a/content/docs/releases/release-notes/release-notes-1.16.md
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -31,27 +31,57 @@ In addition, massive thanks to Venafi for contributing developer time and resour
 ### Feature
 
 - Add `SecretRef` support for Venafi TPP issuer CA Bundle ([#7036](https://github.com/cert-manager/cert-manager/pull/7036), [`@sankalp-at-gh`](https://github.com/sankalp-at-gh))
+- Add `renewBeforePercentage` alternative to `renewBefore` ([#6987](https://github.com/cert-manager/cert-manager/pull/6987), [`@cbroglie`](https://github.com/cbroglie))
 - Add a metrics server to the cainjector ([#7194](https://github.com/cert-manager/cert-manager/pull/7194), [`@wallrj`](https://github.com/wallrj))
 - Add a metrics server to the webhook ([#7182](https://github.com/cert-manager/cert-manager/pull/7182), [`@wallrj`](https://github.com/wallrj))
 - Add client certificate auth method for Vault issuer ([#4330](https://github.com/cert-manager/cert-manager/pull/4330), [`@joshmue`](https://github.com/joshmue))
 - Add process and go runtime metrics for controller ([#6966](https://github.com/cert-manager/cert-manager/pull/6966), [`@mindw`](https://github.com/mindw))
-- Add `renewBeforePercentage` alternative to `renewBefore`. The new `renewBeforePercentage` field computes the effective `renewBefore` using the actual duration of the issued certificate, preventing any accidental renewal loops caused by issuers truncating the desired `duration`. ([#6987](https://github.com/cert-manager/cert-manager/pull/6987), [`@cbroglie`](https://github.com/cbroglie))
-- Default `config.apiVersion` and `config.kind` within the Helm chart ([#7126](https://github.com/cert-manager/cert-manager/pull/7126), [`@ThatsMrTalbot`](https://github.com/ThatsMrTalbot))
+- Added `app.kubernetes.io/managed-by: cert-manager` label to the cert-manager-webhook-ca Secret ([#7154](https://github.com/cert-manager/cert-manager/pull/7154), [`@jrcichra`](https://github.com/jrcichra))
+- Allow the user to specify a Pod template when using GatewayAPI HTTP01 solver, this mirrors the behavior when using the Ingress HTTP01 solver. ([#7211](https://github.com/cert-manager/cert-manager/pull/7211), [`@ThatsMrTalbot`](https://github.com/ThatsMrTalbot))
+- Create token request RBAC for the cert-manager ServiceAccount by default ([#7213](https://github.com/cert-manager/cert-manager/pull/7213), [`@Jasper-Ben`](https://github.com/Jasper-Ben))
+- Feature: Add a new `ClientWatchList` feature flag to cert-manager controller, cainjector and webhook, which allows the components to use of the ALPHA `WatchList` / Streaming list feature of the Kubernetes API server. This reduces the load on  the Kubernetes API server when cert-manager starts up and reduces the peak memory usage in the cert-manager components. ([#7175](https://github.com/cert-manager/cert-manager/pull/7175), [`@wallrj`](https://github.com/wallrj))
+- Feature: Append cert-manager user-agent string to all AWS API requests, including IMDS and STS requests. ([#7295](https://github.com/cert-manager/cert-manager/pull/7295), [`@wallrj`](https://github.com/wallrj))
+- Feature: Log AWS SDK warnings and API requests at cert-manager debug level to help debug AWS Route53 problems in the field. ([#7292](https://github.com/cert-manager/cert-manager/pull/7292), [`@wallrj`](https://github.com/wallrj))
+- Feature: The Route53 DNS solver of the ACME Issuer will now use regional STS endpoints computed from the region that is supplied in the Issuer spec or in the `AWS_REGION` environment variable.
+  Feature: The Route53 DNS solver of the ACME Issuer now uses the "ambient" region (`AWS_REGION` or `AWS_DEFAULT_REGION`) if `issuer.spec.acme.solvers.dns01.route53.region` is empty; regardless of the flags `--issuer-ambient-credentials` and `--cluster-issuer-ambient-credentials`. ([#7299](https://github.com/cert-manager/cert-manager/pull/7299), [`@wallrj`](https://github.com/wallrj))
 - Helm: adds JSON schema validation for the Helm values. ([#7069](https://github.com/cert-manager/cert-manager/pull/7069), [`@inteon`](https://github.com/inteon))
 - If the `--controllers` flag only specifies disabled controllers, the default controllers are now enabled implicitly.
   Added `disableAutoApproval` and `approveSignerNames` Helm chart options. ([#7049](https://github.com/cert-manager/cert-manager/pull/7049), [`@inteon`](https://github.com/inteon))
+- Make it easier to configure cert-manager using Helm by defaulting `config.apiVersion` and `config.kind` within the Helm chart. ([#7126](https://github.com/cert-manager/cert-manager/pull/7126), [`@ThatsMrTalbot`](https://github.com/ThatsMrTalbot))
+- Now passes down specified duration to Venafi client instead of using the CA default only. ([#7104](https://github.com/cert-manager/cert-manager/pull/7104), [`@Guitarkalle`](https://github.com/Guitarkalle))
 - Reduce the memory usage of `cainjector`, by only caching the metadata of Secret resources.
   Reduce the load on the K8S API server when `cainjector` starts up, by only listing the metadata of Secret resources. ([#7161](https://github.com/cert-manager/cert-manager/pull/7161), [`@wallrj`](https://github.com/wallrj))
+- The Route53 DNS01 solver of the ACME Issuer can now detect the AWS region from the `AWS_REGION` and `AWS_DEFAULT_REGION` environment variables, which is set by the IAM for Service Accounts (IRSA) webhook and by the Pod Identity webhook.
+  The `issuer.spec.acme.solvers.dns01.route53.region` field is now optional.
+  The API documentation of the `region` field has been updated to explain when and how the region value is used. ([#7287](https://github.com/cert-manager/cert-manager/pull/7287), [`@wallrj`](https://github.com/wallrj))
+- Venafi TPP issuer can now be used with a username & password combination with OAuth. Fixes #4653.
+  Breaking: cert-manager will no longer use the API Key authentication method which was deprecated in 20.2 and since removed in 24.1 of TPP. ([#7084](https://github.com/cert-manager/cert-manager/pull/7084), [`@hawksight`](https://github.com/hawksight))
+- You can now configure the pod security context of HTTP-01 solver pods. ([#5373](https://github.com/cert-manager/cert-manager/pull/5373), [`@aidy`](https://github.com/aidy))
 
 ### Bug or Regression
 
-- BUGFIX `route53`: explicitly set the `aws-global` STS region which is now required by the `github.com/aws/aws-sdk-go-v2` library. ([#7108](https://github.com/cert-manager/cert-manager/pull/7108), [`@inteon`](https://github.com/inteon))
+- Adds support (behind a flag) to use a domain qualified finalizer. If the feature is enabled (which is not by default), it should prevent Kubernetes from reporting: `metadata.finalizers: "finalizer.acme.cert-manager.io": prefer a domain-qualified finalizer name to avoid accidental conflicts with other finalizer writers` ([#7273](https://github.com/cert-manager/cert-manager/pull/7273), [`@jsoref`](https://github.com/jsoref))
+- BUGFIX Route53: explicitly set the `aws-global` STS region which is now required by the `github.com/aws/aws-sdk-go-v2` library. ([#7108](https://github.com/cert-manager/cert-manager/pull/7108), [`@inteon`](https://github.com/inteon))
 - BUGFIX: fix issue that caused Vault issuer to not retry signing when an error was encountered. ([#7105](https://github.com/cert-manager/cert-manager/pull/7105), [`@inteon`](https://github.com/inteon))
+- BUGFIX: the dynamic certificate source used by the webhook TLS server failed to detect a root CA approaching expiration, due to a calculation error. This will cause the webhook TLS server to fail renewing its CA certificate. Please upgrade before the expiration of this CA certificate is reached. ([#7230](https://github.com/cert-manager/cert-manager/pull/7230), [`@inteon`](https://github.com/inteon))
+- Bugfix: Prevent aggressive Route53 retries caused by IRSA authentication failures by removing the Amazon Request ID from errors wrapped by the default credential cache. ([#7291](https://github.com/cert-manager/cert-manager/pull/7291), [`@wallrj`](https://github.com/wallrj))
+- Bugfix: Prevent aggressive Route53 retries caused by STS authentication failures by removing the Amazon Request ID from STS errors. ([#7259](https://github.com/cert-manager/cert-manager/pull/7259), [`@wallrj`](https://github.com/wallrj))
 - Bump `grpc-go` to fix `GHSA-xr7q-jx4m-x55m` ([#7164](https://github.com/cert-manager/cert-manager/pull/7164), [`@SgtCoDFish`](https://github.com/SgtCoDFish))
 - Bump the `go-retryablehttp` dependency to fix `CVE-2024-6104` ([#7125](https://github.com/cert-manager/cert-manager/pull/7125), [`@SgtCoDFish`](https://github.com/SgtCoDFish))
 - Fix Azure DNS causing panics whenever authentication error happens ([#7177](https://github.com/cert-manager/cert-manager/pull/7177), [`@eplightning`](https://github.com/eplightning))
 - Fix incorrect indentation of `endpointAdditionalProperties` in the `PodMonitor` template of the Helm chart ([#7190](https://github.com/cert-manager/cert-manager/pull/7190), [`@wallrj`](https://github.com/wallrj))
 - Fixes ACME HTTP01 challenge behavior when using Gateway API to prevent unbounded creation of HTTPRoute resources ([#7178](https://github.com/cert-manager/cert-manager/pull/7178), [`@miguelvr`](https://github.com/miguelvr))
+- Handle errors arising from challenges missing from the ACME server ([#7202](https://github.com/cert-manager/cert-manager/pull/7202), [`@bdols`](https://github.com/bdols))
 - Helm BUGFIX: the cainjector ConfigMap was not mounted in the cainjector deployment. ([#7052](https://github.com/cert-manager/cert-manager/pull/7052), [`@inteon`](https://github.com/inteon))
 - Improve the startupapicheck: validate that the validating and mutating webhooks are doing their job. ([#7057](https://github.com/cert-manager/cert-manager/pull/7057), [`@inteon`](https://github.com/inteon))
+- The `KeyUsages` X.509 extension is no longer added when there are no key usages set (in accordance to RFC 5280 Section 4.2.1.3) ([#7250](https://github.com/cert-manager/cert-manager/pull/7250), [`@inteon`](https://github.com/inteon))
 - Update `github.com/Azure/azure-sdk-for-go/sdk/azidentity` to address `CVE-2024-35255` ([#7087](https://github.com/cert-manager/cert-manager/pull/7087), [`@dependabot[bot]`](https://github.com/apps/dependabot))
+
+### Other (Cleanup or Flake)
+
+- Old API versions were removed from the codebase.
+  Removed:
+  (acme.)cert-manager.io/v1alpha2
+  (acme.)cert-manager.io/v1alpha3
+  (acme.)cert-manager.io/v1beta1 ([#7278](https://github.com/cert-manager/cert-manager/pull/7278), [`@inteon`](https://github.com/inteon))
+- Upgrading to client-go `v0.31.0` removes a lot of noisy `reflector.go: unable to sync list result: internal error: cannot cast object DeletedFinalStateUnknown` errors from logs. ([#7237](https://github.com/cert-manager/cert-manager/pull/7237), [`@inteon`](https://github.com/inteon))

From b2f10814b3c82a8cf07e1f5cd0c6a07ae8b38c34 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Thu, 26 Sep 2024 08:29:53 +0100
Subject: [PATCH 12/30] Update installation version

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 content/docs/variables.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/docs/variables.json b/content/docs/variables.json
index 9c1b7e9ab2b..ed8a1c1bac2 100644
--- a/content/docs/variables.json
+++ b/content/docs/variables.json
@@ -1,3 +1,3 @@
 {
-  "cert_manager_latest_version": "v1.16.0-alpha.1"
+  "cert_manager_latest_version": "v1.16.0-beta.0"
 }

From affb38a2e1578aeee9dd0f9842c146c6264117d7 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Thu, 26 Sep 2024 17:01:09 +0100
Subject: [PATCH 13/30] Filling in the themes section

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 .../release-notes/release-notes-1.16.md       | 77 +++++++++++++++++++
 1 file changed, 77 insertions(+)

diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
index a3862ac00f5..96faf30a4e3 100644
--- a/content/docs/releases/release-notes/release-notes-1.16.md
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -5,6 +5,12 @@ description: 'cert-manager release notes: cert-manager 1.16'
 
 cert-manager 1.16 includes various improvements to the metrics in the cert-manager components.
 
+## Breaking changes
+
+1. Venafi Issuer may fail to renew Certificates if the duration conflicts with the CA minimum / maximum duration policy in Venafi.
+2. Venafi Issuer may fail to renew Certificates if the issuer has been configured for TPP with username-password authentication.
+3. Helm schema validation may reject your existing Helm values files if they contain typos or unrecognized fields.
+
 ## Themes
 
 ### Extended Metrics
@@ -14,6 +20,77 @@ so that platform teams can monitor the performance of all the cert-manager compo
 and gain more information about the underlying Go runtime in the event of a problem.
 Read the [Prometheus Metrics](../../devops-tips/prometheus-metrics.md) page to learn more.
 
+### Venafi Issuer
+
+We've made some important improvements to the Venafi Issuer.
+
+If you use the Venafi Issuer with a TPP server with  username-password authentication,
+cert-manager 1.16 now uses OAuth authentication instead of the deprecated API Key authentication.
+This is a potentially breaking change, because you may need to reconfigure your TPP server to enable OAuth authentication,
+and you may need to reconfigure the cert-manager service accounts in TPP to work with OAuth.
+
+The desired `certificate.spec.duration` value will now be sent to the Venafi API server.
+The default value for `certificate.spec.duration` is 90 days, but you may have changed this in your Certificate resources.
+Your Venafi issuing template may be configured to ignore the requested `From` and `To` times,
+in which case nothing will change.
+Your Venafi issuing template may be configured with a maximum or a minimum duration,
+in which case your certificate requests may fail after you upgrade to cert-manager 1.16.
+Consider this carefully when upgrading to cert-manager 1.16.
+
+When connecting to Venafi TPP, cert-manager can now load the CA certificate from a Secret resource.
+This allows you to manage the CA with familiar tools such as trust-manager.
+
+Read the [Venafi Issuer](../../configuration/venafi.md#creating-a-venafi-trust-protection-platform-issuer) page to learn more.
+
+### ACME Issuer Route53 Solver
+
+The Route53 DNS01 solver code had become over-complicated due to its age and due
+to the variety of authentication methods that have been added over the years.
+When we upgraded to `AWS SDK for Go V2`in the last release, we did not have a
+good understanding of the new SDK and we were not able to test it thoroughly
+with all authentication methods. In this release we started putting that right.
+
+In this release we have tidied up the code and added more logging so that it is
+easier to debug problems in the field.
+We have improved the documentation of the Route53 API fields, particularly the region field,
+where we have tried to describe where and how cert-manager uses that value.
+
+We have relaxed the API validation so that the `region` field is now optional.
+cert-manager will now fall back to using the `AWS_REGION` environment variable of the controller Pod,
+regardless of which authentication mechanism is used.
+
+Users who use IAM Roles for Service accounts or Pod Identity need
+not specify the region, but if your Issuer or ClusterIssuer does include a region (for the sake of satisfying the old API validation),
+that issuer region will be ignored, if the `AWS_REGION` environment variable is set.
+
+Read the [ACME Issuer Route53](../../configuration/acme/dns01/route53.md) page to learn more.
+
+### Memory Optimizations
+
+We have continued our effort to reduce the memory footprint of cert-manager.
+
+The cainjector no longer caches Secret data; instead it only caches the metadata of Secret resources.
+This significantly reduces its memory usage.
+It also reduces the load on the Kubernetes API server, when cainjector starts up,
+because it no longer needs to send all the data of all the Secret resources over the network.
+
+We have added a new `ClientWatchList` feature flag to the controller, cainjector, and the webhook.
+This is actually a new beta feature in the Kubernetes client-go module,
+which enables a much more efficient mechanism for populating the client side caches.
+This reduces the load on the Kubernetes API server,
+because cert-manager components will no longer request complete unpaged lists of all API resources when they start up.
+And it reduces the peak memory use of the cert-manager components when they startup,
+because they no longer have to hold a duplicate unpaged list of resources in-memory
+while they add them to the client side cache.
+
+### Helm Schema Validation
+
+The Helm chart now includes a JSON schema which will validate the values that you supply when installing the chart.
+This will help you to get your Helm values right first time.
+It will alert you to typos and unrecognized fields in your existing Helm values files.
+And it will make it easier for the cert-manager maintainers to maintain the Helm chart,
+avoiding typos and mistakes in the default values file.
+
 ## Community
 
 Thanks again to all open-source contributors with commits in this release, including: TODO

From 03cb1ab8612734b0016906eb6553845823b9c7b9 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Fri, 27 Sep 2024 16:50:08 +0100
Subject: [PATCH 14/30] More about regional STS endpoints

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 .../release-notes/release-notes-1.16.md       | 23 ++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
index 96faf30a4e3..3a49a72eaf2 100644
--- a/content/docs/releases/release-notes/release-notes-1.16.md
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -42,7 +42,7 @@ This allows you to manage the CA with familiar tools such as trust-manager.
 
 Read the [Venafi Issuer](../../configuration/venafi.md#creating-a-venafi-trust-protection-platform-issuer) page to learn more.
 
-### ACME Issuer Route53 Solver
+### Route53 DNS01 Solver Cleanup
 
 The Route53 DNS01 solver code had become over-complicated due to its age and due
 to the variety of authentication methods that have been added over the years.
@@ -63,6 +63,27 @@ Users who use IAM Roles for Service accounts or Pod Identity need
 not specify the region, but if your Issuer or ClusterIssuer does include a region (for the sake of satisfying the old API validation),
 that issuer region will be ignored, if the `AWS_REGION` environment variable is set.
 
+cert-manager will now use regional STS endpoints, when using `AssumeRole` or when
+using a dedicated (non-mounted) Kubernetes ServiceAccount.
+The regional endpoint will be computed based on the Issuer `region` field,
+or the `AWS_REGION` environment variable.
+
+> ℹ️ This change only affects the `AssumeRole` configuration, which is used for cross-account authentication,
+> and the `AssumeRoleWithWebIdentity` configuration, where the user supplies the name of a Kubernetes ServiceAccount.
+> If does not affect you if you have configured the cert-manager ServiceAccount for IRSA,
+> where the ServiceAccount token is mounted in to the cert-manager controller Pod.
+> Regional STS endpoints were already being used in that case.
+>
+> ℹ️ There are good reasons to use regional STS endpoints, summarized as follows on the [Amazon AWS blog](https://aws.amazon.com/blogs/security/how-to-use-regional-aws-sts-endpoints/):
+>
+> > Although the global (legacy) AWS STS endpoint https://sts.amazonaws.com is highly available, it’s hosted in a single AWS Region—US East (N. Virginia)—and like other endpoints, it doesn’t provide automatic fail-over to endpoints in other Regions.
+>
+> 📖 Read [Manage AWS STS in an AWS Region](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+to learn about which regions support STS.
+>
+> 📖 Read [AWS STS Regional endpoints](https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html),
+to learn how to configure the use of regional STS endpoints using environment variables.
+
 Read the [ACME Issuer Route53](../../configuration/acme/dns01/route53.md) page to learn more.
 
 ### Memory Optimizations

From f3e1fad4084b6291941ccc4d6bc456940509149b Mon Sep 17 00:00:00 2001
From: Richard Wall <wallrj@users.noreply.github.com>
Date: Fri, 27 Sep 2024 17:24:37 +0100
Subject: [PATCH 15/30] Update
 content/docs/releases/release-notes/release-notes-1.16.md

Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com>
Signed-off-by: Richard Wall <wallrj@users.noreply.github.com>
---
 content/docs/releases/release-notes/release-notes-1.16.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
index 3a49a72eaf2..1aed12f7202 100644
--- a/content/docs/releases/release-notes/release-notes-1.16.md
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -76,7 +76,7 @@ or the `AWS_REGION` environment variable.
 >
 > ℹ️ There are good reasons to use regional STS endpoints, summarized as follows on the [Amazon AWS blog](https://aws.amazon.com/blogs/security/how-to-use-regional-aws-sts-endpoints/):
 >
-> > Although the global (legacy) AWS STS endpoint https://sts.amazonaws.com is highly available, it’s hosted in a single AWS Region—US East (N. Virginia)—and like other endpoints, it doesn’t provide automatic fail-over to endpoints in other Regions.
+> > Although the global (legacy) AWS STS endpoint https://sts.amazonaws.com is highly available, it’s hosted in a single AWS Region — US East (N. Virginia) — and like other endpoints, it doesn’t provide automatic fail-over to endpoints in other Regions.
 >
 > 📖 Read [Manage AWS STS in an AWS Region](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 to learn about which regions support STS.

From 65b12a27baa019c57ea1ab633f36cb71584463fc Mon Sep 17 00:00:00 2001
From: Richard Wall <wallrj@users.noreply.github.com>
Date: Fri, 27 Sep 2024 17:24:44 +0100
Subject: [PATCH 16/30] Update
 content/docs/releases/release-notes/release-notes-1.16.md

Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com>
Signed-off-by: Richard Wall <wallrj@users.noreply.github.com>
---
 content/docs/releases/release-notes/release-notes-1.16.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
index 1aed12f7202..5e36f65eb33 100644
--- a/content/docs/releases/release-notes/release-notes-1.16.md
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -70,7 +70,7 @@ or the `AWS_REGION` environment variable.
 
 > ℹ️ This change only affects the `AssumeRole` configuration, which is used for cross-account authentication,
 > and the `AssumeRoleWithWebIdentity` configuration, where the user supplies the name of a Kubernetes ServiceAccount.
-> If does not affect you if you have configured the cert-manager ServiceAccount for IRSA,
+> It does not affect you if you have configured the cert-manager ServiceAccount for [IRSA](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html),
 > where the ServiceAccount token is mounted in to the cert-manager controller Pod.
 > Regional STS endpoints were already being used in that case.
 >

From f49dda25ad7b2dc1f181d34b35956634fe7164d9 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Fri, 27 Sep 2024 17:23:20 +0100
Subject: [PATCH 17/30] Apply @maelvls suggestions

https://github.com/cert-manager/website/pull/1520#pullrequestreview-2333158766

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 .../docs/releases/release-notes/release-notes-1.16.md    | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
index 5e36f65eb33..a3950221b0b 100644
--- a/content/docs/releases/release-notes/release-notes-1.16.md
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -7,9 +7,12 @@ cert-manager 1.16 includes various improvements to the metrics in the cert-manag
 
 ## Breaking changes
 
-1. Venafi Issuer may fail to renew Certificates if the duration conflicts with the CA minimum / maximum duration policy in Venafi.
-2. Venafi Issuer may fail to renew Certificates if the issuer has been configured for TPP with username-password authentication.
-3. Helm schema validation may reject your existing Helm values files if they contain typos or unrecognized fields.
+1. Venafi Issuer may fail to renew certificates if the requested duration conflicts with the CA’s minimum or maximum policy settings in Venafi.
+   For more details, refer to the [Venafi Issuer](#venafi-issuer) section below.
+1. Venafi Issuer may fail to renew Certificates if the issuer has been configured for TPP with username-password authentication.
+   For more details, refer to the [Venafi Issuer](#venafi-issuer) section below.
+1. Helm schema validation may reject your existing Helm values files if they contain typos or unrecognized fields.
+   For more details, refer to the [Helm](#helm) section below.
 
 ## Themes
 

From dba55316eba68de69a91a77ef6677ada2cd6c682 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Fri, 27 Sep 2024 17:38:41 +0100
Subject: [PATCH 18/30] Prioritize and write more about Helm schemas

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 .../release-notes/release-notes-1.16.md       | 44 ++++++++++++++-----
 1 file changed, 34 insertions(+), 10 deletions(-)

diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
index a3950221b0b..94eb772df4f 100644
--- a/content/docs/releases/release-notes/release-notes-1.16.md
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -7,15 +7,47 @@ cert-manager 1.16 includes various improvements to the metrics in the cert-manag
 
 ## Breaking changes
 
+1. Helm schema validation may reject your existing Helm values files if they contain typos or unrecognized fields.
+   For more details, refer to the [Helm](#helm) section below.
 1. Venafi Issuer may fail to renew certificates if the requested duration conflicts with the CA’s minimum or maximum policy settings in Venafi.
    For more details, refer to the [Venafi Issuer](#venafi-issuer) section below.
 1. Venafi Issuer may fail to renew Certificates if the issuer has been configured for TPP with username-password authentication.
    For more details, refer to the [Venafi Issuer](#venafi-issuer) section below.
-1. Helm schema validation may reject your existing Helm values files if they contain typos or unrecognized fields.
-   For more details, refer to the [Helm](#helm) section below.
 
 ## Themes
 
+### Helm
+
+The Helm chart now includes a JSON schema which will validate the values that you supply when installing the chart.
+This will help you to get your Helm values right first time.
+It will alert you to typos and unrecognized fields in your existing Helm values files.
+And it will make it easier for the cert-manager maintainers to maintain the Helm chart,
+avoiding typos and mistakes in the default values file.
+
+> ⚠️ Helm schema validation may reject your existing Helm values files if they contain typos or unrecognized fields.
+> You can use `helm template` to test your Helm values before you upgrade:
+> ```bash
+> helm template cert-manager \
+>   --repo https://charts.jetstack.io \
+>   --version [[VAR::cert_manager_latest_version]] \
+>   --values values.cert-manager.yaml
+> ```
+> Here's an example of an error that would be caught by the schema validation:
+> ```yaml
+> # values.cert-manager.yaml
+> global:
+>   logLevel: debug # ❗ Should be an integer.
+> ```
+> ```console
+> Error: values don't meet the specifications of the schema(s) in the following chart(s):
+> cert-manager:
+>  - global.logLevel: Invalid type. Expected: number, given: string
+> ```
+>
+> ℹ️ The schema files are generated by [helm-tool](https://github.com/cert-manager/helm-tool), a utility which generates Helm docs, schema files and performs linting.
+>
+> 📖 Read [Helm: Charts: Schema Files](https://helm.sh/docs/topics/charts/#schema-files) to learn more.
+
 ### Extended Metrics
 
 The webhook and cainjector components now have metrics servers,
@@ -107,14 +139,6 @@ And it reduces the peak memory use of the cert-manager components when they star
 because they no longer have to hold a duplicate unpaged list of resources in-memory
 while they add them to the client side cache.
 
-### Helm Schema Validation
-
-The Helm chart now includes a JSON schema which will validate the values that you supply when installing the chart.
-This will help you to get your Helm values right first time.
-It will alert you to typos and unrecognized fields in your existing Helm values files.
-And it will make it easier for the cert-manager maintainers to maintain the Helm chart,
-avoiding typos and mistakes in the default values file.
-
 ## Community
 
 Thanks again to all open-source contributors with commits in this release, including: TODO

From d265fe7fc1399db2bc6894e98c9dcd638c28ec34 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Tue, 1 Oct 2024 12:21:20 +0100
Subject: [PATCH 19/30] Add some notes about the new
 UseDomainQualifiedFinalizer feature gate

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 content/docs/installation/configuring-components.md  |  1 +
 .../releases/release-notes/release-notes-1.16.md     | 12 ++++++++++++
 2 files changed, 13 insertions(+)

diff --git a/content/docs/installation/configuring-components.md b/content/docs/installation/configuring-components.md
index 20f90436f01..6e6f53476ba 100644
--- a/content/docs/installation/configuring-components.md
+++ b/content/docs/installation/configuring-components.md
@@ -55,6 +55,7 @@ featureGates:
   UseCertificateRequestBasicConstraints: true
   OtherNames: true
   NameConstraints: true
+  UseDomainQualifiedFinalizer: true
 ```
 
 > **Note:** This is included as an example only and not intended to be used as default settings.
diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
index 94eb772df4f..14801fc4e79 100644
--- a/content/docs/releases/release-notes/release-notes-1.16.md
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -139,6 +139,18 @@ And it reduces the peak memory use of the cert-manager components when they star
 because they no longer have to hold a duplicate unpaged list of resources in-memory
 while they add them to the client side cache.
 
+### Logging
+
+We have improved the signal-to-noise ratio in the logs.
+
+The controller has a new feature gate: `UseDomainQualifiedFinalizer`.
+This changes the finalizer added to ACME Challenge resources,
+from `finalizer.acme.cert-manager.io` to `acme.cert-manager.io/finalizer`.
+The new finalizer name is [compliant with Kubernetes standards](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#finalizers),
+and will resolve warnings in cert-manager-controller pods of the form:
+> `W0910 20:07:22.491920 1 warnings.go:70] metadata.finalizers: "finalizer.acme.cert-manager.io": prefer a domain-qualified finalizer name to avoid accidental conflicts with other finalizer writers`
+Read [cert-manager component configuration: Feature gates](../../installation/configuring-components.md#feature-gates) to learn more.
+
 ## Community
 
 Thanks again to all open-source contributors with commits in this release, including: TODO

From e3d839313abc519685e96a195d46e34f8cff0f42 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Tue, 1 Oct 2024 12:54:21 +0100
Subject: [PATCH 20/30] A note about DeletedStateUnknown log noise

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 content/docs/releases/release-notes/release-notes-1.16.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
index 14801fc4e79..4384706aeac 100644
--- a/content/docs/releases/release-notes/release-notes-1.16.md
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -151,6 +151,10 @@ and will resolve warnings in cert-manager-controller pods of the form:
 > `W0910 20:07:22.491920 1 warnings.go:70] metadata.finalizers: "finalizer.acme.cert-manager.io": prefer a domain-qualified finalizer name to avoid accidental conflicts with other finalizer writers`
 Read [cert-manager component configuration: Feature gates](../../installation/configuring-components.md#feature-gates) to learn more.
 
+cert-manager now uses client-go `v0.31.0`, which removes a lot of noisy errors from logs, of the form:
+> `reflector.go: unable to sync list result: internal error: cannot cast object DeletedFinalStateUnknown`
+Read [cert-manager issue 6753](https://github.com/cert-manager/cert-manager/issues/6753) to learn more.
+
 ## Community
 
 Thanks again to all open-source contributors with commits in this release, including: TODO

From 841ef3c0a3d960c9bc70908feea8680354ea8c8c Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Tue, 1 Oct 2024 13:02:18 +0100
Subject: [PATCH 21/30] Add blank lines before the learn more links

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 content/docs/releases/release-notes/release-notes-1.16.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
index 4384706aeac..995a587351b 100644
--- a/content/docs/releases/release-notes/release-notes-1.16.md
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -149,10 +149,12 @@ from `finalizer.acme.cert-manager.io` to `acme.cert-manager.io/finalizer`.
 The new finalizer name is [compliant with Kubernetes standards](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#finalizers),
 and will resolve warnings in cert-manager-controller pods of the form:
 > `W0910 20:07:22.491920 1 warnings.go:70] metadata.finalizers: "finalizer.acme.cert-manager.io": prefer a domain-qualified finalizer name to avoid accidental conflicts with other finalizer writers`
+
 Read [cert-manager component configuration: Feature gates](../../installation/configuring-components.md#feature-gates) to learn more.
 
 cert-manager now uses client-go `v0.31.0`, which removes a lot of noisy errors from logs, of the form:
 > `reflector.go: unable to sync list result: internal error: cannot cast object DeletedFinalStateUnknown`
+
 Read [cert-manager issue 6753](https://github.com/cert-manager/cert-manager/issues/6753) to learn more.
 
 ## Community

From 1a7fc6d954b9dad81b399e63f3c9ccd16ae864bb Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Tue, 1 Oct 2024 15:54:58 +0100
Subject: [PATCH 22/30] Update release notes for WatchListClient feature
 support

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 .../release-notes/release-notes-1.16.md       | 40 +++++++++++++++++--
 1 file changed, 36 insertions(+), 4 deletions(-)

diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
index 995a587351b..749484098bf 100644
--- a/content/docs/releases/release-notes/release-notes-1.16.md
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -130,14 +130,47 @@ This significantly reduces its memory usage.
 It also reduces the load on the Kubernetes API server, when cainjector starts up,
 because it no longer needs to send all the data of all the Secret resources over the network.
 
-We have added a new `ClientWatchList` feature flag to the controller, cainjector, and the webhook.
-This is actually a new beta feature in the Kubernetes client-go module,
-which enables a much more efficient mechanism for populating the client side caches.
+cert-manager now uses client-go `v0.31.0` which [supports a new `WatchListClient` feature](https://relnotes.k8s.io/?markdown=WatchListClient).
+This enables cert-manager to make use of the [Streaming Lists feature of the Kubernetes API server](https://kubernetes.io/docs/reference/using-api/api-concepts/#streaming-lists).
 This reduces the load on the Kubernetes API server,
 because cert-manager components will no longer request complete unpaged lists of all API resources when they start up.
 And it reduces the peak memory use of the cert-manager components when they startup,
 because they no longer have to hold a duplicate unpaged list of resources in-memory
 while they add them to the client side cache.
+To use this feature, you first need to enable the `WatchList` feature in the Kubernetes API server,
+which is available since Kubernetes 1.27.
+Second, you need to enable the client-go `WatchListClient` feature in the cert-manager components.
+If you installed cert-manager using Helm, you can use the following Helm values:
+
+```
+# values.cert-manager.yaml
+extraEnv:
+  - name: KUBE_FEATURE_WatchListClient
+    value: "true"
+cainjector:
+  extraEnv:
+    - name: KUBE_FEATURE_WatchListClient
+      value: "true"
+webhook:
+  extraEnv:
+    - name: KUBE_FEATURE_WatchListClient
+      value: "true"
+```
+
+
+You will see log messages reporting the state of the client-go feature gates, when cert-manager starts up.
+And if you increase the logging verbosity, you will see `sendInitialEvents=true` and `resourceVersionMatch=NotOlderThan` among the requests.
+For example:
+
+```console
+Feature gate updated state [caller=features/envvar.go:169 enabled=true feature=WatchListClient]
+GET https://10.96.0.1:443/api/v1/secrets?allowWatchBookmarks=true&labelSelector=%21controller.cert-manager.io%2Ffao&resourceVersionMatch=NotOlderThan&sendInitialEvents=true&timeout=6m49s&timeoutSeconds=409&watch=true 200 OK in 2 milliseconds [caller=transport/round_trippers.go:553]
+```
+
+Read [Kubernetes API Concepts: Streaming Lists](https://kubernetes.io/docs/reference/using-api/api-concepts/#streaming-lists),
+to learn more.
+Read [Introducing Feature Gates to Client-Go: Enhancing Flexibility and Control](https://kubernetes.io/blog/2024/08/12/feature-gates-in-client-go),
+to learn about enabling and disabling client-go features.
 
 ### Logging
 
@@ -182,7 +215,6 @@ In addition, massive thanks to Venafi for contributing developer time and resour
 - Added `app.kubernetes.io/managed-by: cert-manager` label to the cert-manager-webhook-ca Secret ([#7154](https://github.com/cert-manager/cert-manager/pull/7154), [`@jrcichra`](https://github.com/jrcichra))
 - Allow the user to specify a Pod template when using GatewayAPI HTTP01 solver, this mirrors the behavior when using the Ingress HTTP01 solver. ([#7211](https://github.com/cert-manager/cert-manager/pull/7211), [`@ThatsMrTalbot`](https://github.com/ThatsMrTalbot))
 - Create token request RBAC for the cert-manager ServiceAccount by default ([#7213](https://github.com/cert-manager/cert-manager/pull/7213), [`@Jasper-Ben`](https://github.com/Jasper-Ben))
-- Feature: Add a new `ClientWatchList` feature flag to cert-manager controller, cainjector and webhook, which allows the components to use of the ALPHA `WatchList` / Streaming list feature of the Kubernetes API server. This reduces the load on  the Kubernetes API server when cert-manager starts up and reduces the peak memory usage in the cert-manager components. ([#7175](https://github.com/cert-manager/cert-manager/pull/7175), [`@wallrj`](https://github.com/wallrj))
 - Feature: Append cert-manager user-agent string to all AWS API requests, including IMDS and STS requests. ([#7295](https://github.com/cert-manager/cert-manager/pull/7295), [`@wallrj`](https://github.com/wallrj))
 - Feature: Log AWS SDK warnings and API requests at cert-manager debug level to help debug AWS Route53 problems in the field. ([#7292](https://github.com/cert-manager/cert-manager/pull/7292), [`@wallrj`](https://github.com/wallrj))
 - Feature: The Route53 DNS solver of the ACME Issuer will now use regional STS endpoints computed from the region that is supplied in the Issuer spec or in the `AWS_REGION` environment variable.

From 668d45e75c5c9529d8f5a848bbe768a9bfb8163f Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Wed, 2 Oct 2024 11:55:03 +0100
Subject: [PATCH 23/30] Update the supported versions page for cert-manager
 1.16

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 content/docs/releases/README.md | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/content/docs/releases/README.md b/content/docs/releases/README.md
index e8694fa0f75..d08dec98214 100644
--- a/content/docs/releases/README.md
+++ b/content/docs/releases/README.md
@@ -25,17 +25,17 @@ should be stable enough to run.
 
 | Release      | Release Date | End of Life            | [Supported Kubernetes / OpenShift Versions][s] | [Tested Kubernetes Versions][test] |
 |:------------:|:------------:|:----------------------:|:----------------------------------------------:|:----------------------------------:|
+| [1.16][]     | Oct 03, 2024 | Release of 1.18        |       1.25 → 1.31   /   4.14 → 4.16            |  1.27 → 1.31                       |
 | [1.15][]     | Jun 05, 2024 | Release of 1.17        |       1.25 → 1.31   /   4.12 → 4.16            |  1.25 → 1.31                       |
-| [1.14][]     | Feb 03, 2024 | Release of 1.16        |       1.24 → 1.31   /   4.11 → 4.16            |  1.24 → 1.29                       |
 | [1.12 LTS][] | May 19, 2023 | May 19, 2025           |       1.22 → 1.31   /   4.9  → 4.16            |  1.22 → 1.29                       |
 
 cert-manager 1.12 is a Long Term Support (LTS) release sponsored by [Venafi](https://www.venafi.com/). It will continue to be supported for at least 2 years from release.
 
 ## Upcoming releases
 
-| Release  | Release Date | End of Life      | [Supported Kubernetes / OpenShift Versions][s] |
-|:--------:|:------------:|:----------------:|:----------------------------------------------:|
-| [1.16][] | Oct 03, 2024 | Release of 1.18  |          1.27 → 1.31 / 4.14 → 4.16             |
+| Release  | Release Date | End of Life     | [Supported Kubernetes / OpenShift Versions][s] |
+|:--------:|:------------:|:---------------:|:----------------------------------------------:|
+| [1.17][] | Feb 03, 2025 | Release of 1.19 | 1.27 → 1.31 / 4.14 → 4.16                      |
 
 Dates in the future are not firm commitments and are subject to change.
 
@@ -295,6 +295,7 @@ are no longer supported.
 
 | Release  | Release Date |     EOL      | Compatible Kubernetes versions | Compatible OpenShift versions |
 |----------|:------------:|:------------:|:------------------------------:|:-----------------------------:|
+| [1.14][] | Feb 03, 2024 | Oct 03, 2024 |          1.24 → 1.31           |          4.11 → 4.16          |
 | [1.13][] | Sep 12, 2023 | Jun 05, 2024 |          1.21 → 1.27           |          4.8 → 4.14           |
 | [1.11][] | Jan 11, 2023 | Sep 12, 2023 |          1.21 → 1.27           |          4.8 → 4.14           |
 | [1.10][] | Oct 17, 2022 | May 19, 2023 |          1.20 → 1.26           |          4.7 → 4.13           |
@@ -317,7 +318,8 @@ are no longer supported.
 
 [s]: #kubernetes-supported-versions
 [test]: #supported-vs-tested
-[1.16]: https://github.com/cert-manager/cert-manager/milestone/38
+[1.17]: https://github.com/cert-manager/cert-manager/milestone/39
+[1.16]: ./release-notes/release-notes-1.16.md
 [1.15]: ./release-notes/release-notes-1.15.md
 [1.14]: ./release-notes/release-notes-1.14.md
 [1.13]: ./release-notes/release-notes-1.13.md

From 6c520ffffde13118c9c8d0eb05334278a3fd98e6 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Thu, 3 Oct 2024 12:12:20 +0100
Subject: [PATCH 24/30] Add list of contributors

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 .../release-notes/release-notes-1.16.md       | 27 ++++++++++++++++---
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
index 749484098bf..edeb47207d3 100644
--- a/content/docs/releases/release-notes/release-notes-1.16.md
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -3,7 +3,9 @@ title: Release 1.16
 description: 'cert-manager release notes: cert-manager 1.16'
 ---
 
-cert-manager 1.16 includes various improvements to the metrics in the cert-manager components.
+The cert-manager 1.16 release includes: new Helm chart features, more Prometheus
+metrics, memory optimizations, and various improvements and bug fixes for the
+ACME issuer and Venafi Issuer.
 
 ## Breaking changes
 
@@ -192,9 +194,26 @@ Read [cert-manager issue 6753](https://github.com/cert-manager/cert-manager/issu
 
 ## Community
 
-Thanks again to all open-source contributors with commits in this release, including: TODO
-
-Thanks also to the following cert-manager maintainers for their contributions during this release: TODO
+Thanks to all our open-source contributors with commits in this release, including:
+[`@Guitarkalle`](https://github.com/Guitarkalle),
+[`@Jasper-Ben`](https://github.com/Jasper-Ben),
+[`@aidy`](https://github.com/aidy),
+[`@bdols`](https://github.com/bdols),
+[`@cbroglie`](https://github.com/cbroglie),
+[`@eplightning`](https://github.com/eplightning),
+[`@hawksight`](https://github.com/hawksight),
+[`@joshmue`](https://github.com/joshmue),
+[`@jrcichra`](https://github.com/jrcichra),
+[`@jsoref`](https://github.com/jsoref),
+[`@miguelvr`](https://github.com/miguelvr),
+[`@mindw`](https://github.com/mindw),
+[`@sankalp-at-gh`](https://github.com/sankalp-at-gh).
+
+Thanks also to the following cert-manager maintainers for their contributions during this release:
+[`@SgtCoDFish`](https://github.com/SgtCoDFish),
+[`@ThatsMrTalbot`](https://github.com/ThatsMrTalbot),
+[`@inteon`](https://github.com/inteon),
+[`@wallrj`](https://github.com/wallrj).
 
 Equally thanks to everyone who provided feedback, helped users and raised issues on GitHub and Slack and joined our meetings!
 

From 819ce5976bac4b8ab13642f3230d1635b12c67d0 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Thu, 3 Oct 2024 12:12:32 +0100
Subject: [PATCH 25/30] Update version variable to 1.16.0

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 content/docs/variables.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/docs/variables.json b/content/docs/variables.json
index ed8a1c1bac2..39d1c770143 100644
--- a/content/docs/variables.json
+++ b/content/docs/variables.json
@@ -1,3 +1,3 @@
 {
-  "cert_manager_latest_version": "v1.16.0-beta.0"
+  "cert_manager_latest_version": "v1.16.0"
 }

From 19f4f3edde80a563bebf7bb9be56e49012976507 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Thu, 3 Oct 2024 12:12:57 +0100
Subject: [PATCH 26/30] Update API and CLI docs generation script

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 scripts/gendocs/generate-new-import-path-docs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/gendocs/generate-new-import-path-docs b/scripts/gendocs/generate-new-import-path-docs
index 4e5b812fbd0..31592e2b56e 100755
--- a/scripts/gendocs/generate-new-import-path-docs
+++ b/scripts/gendocs/generate-new-import-path-docs
@@ -152,8 +152,9 @@ LATEST_VERSION="docs" # to also upgrade a specific version, use v1.13-docs, v1.1
 #genversionwithcli "release-1.12" "v1.12-docs"
 #genversionwithcli "release-1.13" "v1.13-docs"
 #genversionwithcli "release-1.14" "v1.14-docs"
+#genversionwithcli "release-1.15" "v1.15-docs"
 
-genversionwithcli "release-1.15" "$LATEST_VERSION"
+genversionwithcli "release-1.16" "$LATEST_VERSION"
 
 # Rather than generate the same docs again for /docs, copy from the latest version
 

From 580eea9c881f40670c75fb7037d8ab4d038f25f4 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Thu, 3 Oct 2024 12:13:37 +0100
Subject: [PATCH 27/30] Fill in the upgrading documentation

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 content/docs/releases/upgrading/upgrading-1.15-1.16.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/content/docs/releases/upgrading/upgrading-1.15-1.16.md b/content/docs/releases/upgrading/upgrading-1.15-1.16.md
index 4b5110d93ec..dc95c239c33 100644
--- a/content/docs/releases/upgrading/upgrading-1.15-1.16.md
+++ b/content/docs/releases/upgrading/upgrading-1.15-1.16.md
@@ -5,7 +5,12 @@ description: 'cert-manager installation: Upgrading v1.15 to v1.16'
 
 Before upgrading cert-manager from 1.15 to 1.16 please read the following important notes about breaking changes in 1.16:
 
-TODO
+1. Helm schema validation may reject your existing Helm values files if they contain typos or unrecognized fields.
+   For more details, refer to the [Helm](../release-notes/release-notes-1.16.md#helm) section in the release notes.
+1. Venafi Issuer may fail to renew certificates if the requested duration conflicts with the CA’s minimum or maximum policy settings in Venafi.
+   For more details, refer to the [Venafi Issuer](../release-notes/release-notes-1.16.md#venafi-issuer) section in the release notes.
+1. Venafi Issuer may fail to renew Certificates if the issuer has been configured for TPP with username-password authentication.
+   For more details, refer to the [Venafi Issuer](../release-notes/release-notes-1.16.md#venafi-issuer) section in the release notes.
 
 ## Next Steps
 

From 28518ae5b61c02741b7b896cdc0cde6d98ed44bb Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Thu, 3 Oct 2024 12:29:23 +0100
Subject: [PATCH 28/30] Fix the post-processing script

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 scripts/gendocs/postprocess/api-doc-postprocess.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/gendocs/postprocess/api-doc-postprocess.js b/scripts/gendocs/postprocess/api-doc-postprocess.js
index af6c37cccaf..3f91568a95a 100755
--- a/scripts/gendocs/postprocess/api-doc-postprocess.js
+++ b/scripts/gendocs/postprocess/api-doc-postprocess.js
@@ -12,7 +12,7 @@ const { content, data } = matter(apiDocsFile)
 
 let result = content
 
-result = prettier.format(`<div>${result}</div>`, {
+result = await prettier.format(`<div>${result}</div>`, {
   parser: 'babel',
   htmlWhitespaceSensitivity: 'strict',
   proseWrap: 'never',
@@ -24,7 +24,7 @@ result = prettier.format(`<div>${result}</div>`, {
 result = result.split('\n').slice(1, -2).join('\n')
 result = result.replace(new RegExp(/{" "}/g), ' ')
 
-result = prettier.format(result, {
+result = await prettier.format(result, {
   parser: 'html',
   proseWrap: 'never',
   htmlWhitespaceSensitivity: 'strict',

From fd319d3e9c533521da51a2610295bd590e93fd4c Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Thu, 3 Oct 2024 12:31:46 +0100
Subject: [PATCH 29/30] ./scripts/gendocs/generate-new-import-path-docs

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 content/docs/cli/cainjector.md     |  57 +++--
 content/docs/cli/controller.md     |   3 +-
 content/docs/cli/webhook.md        |  63 ++---
 content/docs/reference/api-docs.md | 356 +++++++++++++++++++++++++++--
 4 files changed, 407 insertions(+), 72 deletions(-)

diff --git a/content/docs/cli/cainjector.md b/content/docs/cli/cainjector.md
index fc8c598ad4c..dbbb17fd862 100644
--- a/content/docs/cli/cainjector.md
+++ b/content/docs/cli/cainjector.md
@@ -15,28 +15,37 @@ Usage:
   cainjector [flags]
 
 Flags:
-      --config string                                       Path to a file containing a CAInjectorConfiguration object used to configure the controller
-      --enable-apiservices-injectable                       Inject CA data to annotated APIServices. This functionality is not required if cainjector is only used as cert-manager's internal component and setting it to false might reduce memory consumption (default true)
-      --enable-certificates-data-source                     Enable configuring cert-manager.io Certificate resources as potential sources for CA data. Requires cert-manager.io Certificate CRD to be installed. This data source can be disabled to reduce memory consumption if you only use cainjector as part of cert-manager's installation (default true)
-      --enable-customresourcedefinitions-injectable         Inject CA data to annotated CustomResourceDefinitions. This functionality is not required if cainjecor is only used as cert-manager's internal component and setting it to false might slightly reduce memory consumption (default true)
-      --enable-mutatingwebhookconfigurations-injectable     Inject CA data to annotated MutatingWebhookConfigurations. This functionality is required for cainjector to work correctly as cert-manager's internal component (default true)
-      --enable-profiling                                    Enable profiling for controller.
-      --enable-validatingwebhookconfigurations-injectable   Inject CA data to annotated ValidatingWebhookConfigurations. This functionality is required for cainjector to correctly function as cert-manager's internal component (default true)
-      --feature-gates mapStringBool                         A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
-                                                            AllAlpha=true|false (ALPHA - default=false)
-                                                            AllBeta=true|false (BETA - default=false)
-                                                            ServerSideApply=true|false (ALPHA - default=false)
-  -h, --help                                                help for cainjector
-      --kubeconfig string                                   Paths to a kubeconfig. Only required if out-of-cluster.
-      --leader-elect                                        If true, cainjector will perform leader election between instances to ensure no more than one instance of cainjector operates at a time (default true)
-      --leader-election-lease-duration duration             The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled. (default 1m0s)
-      --leader-election-namespace string                    Namespace used to perform leader election. Only used if leader election is enabled (default "kube-system")
-      --leader-election-renew-deadline duration             The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled. (default 40s)
-      --leader-election-retry-period duration               The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled. (default 15s)
-      --log-flush-frequency duration                        Maximum number of seconds between log flushes (default 5s)
-      --logging-format string                               Sets the log format. Permitted formats: "json" (gated by LoggingBetaOptions), "text". (default "text")
-      --namespace string                                    If set, this limits the scope of cainjector to a single namespace. If set, cainjector will not update resources with certificates outside of the configured namespace.
-      --profiler-address string                             The host and port that Go profiler should listen on, i.e localhost:6060. Ensure that profiler is not exposed on a public address. Profiler will be served at /debug/pprof. (default "localhost:6060")
-  -v, --v Level                                             number for the log level verbosity
-      --vmodule pattern=N,...                               comma-separated list of pattern=N settings for file-filtered logging (only works for text log format)
+      --config string                                        Path to a file containing a CAInjectorConfiguration object used to configure the controller
+      --enable-apiservices-injectable                        Inject CA data to annotated APIServices. This functionality is not required if cainjector is only used as cert-manager's internal component and setting it to false might reduce memory consumption (default true)
+      --enable-certificates-data-source                      Enable configuring cert-manager.io Certificate resources as potential sources for CA data. Requires cert-manager.io Certificate CRD to be installed. This data source can be disabled to reduce memory consumption if you only use cainjector as part of cert-manager's installation (default true)
+      --enable-customresourcedefinitions-injectable          Inject CA data to annotated CustomResourceDefinitions. This functionality is not required if cainjecor is only used as cert-manager's internal component and setting it to false might slightly reduce memory consumption (default true)
+      --enable-mutatingwebhookconfigurations-injectable      Inject CA data to annotated MutatingWebhookConfigurations. This functionality is required for cainjector to work correctly as cert-manager's internal component (default true)
+      --enable-profiling                                     Enable profiling for controller.
+      --enable-validatingwebhookconfigurations-injectable    Inject CA data to annotated ValidatingWebhookConfigurations. This functionality is required for cainjector to correctly function as cert-manager's internal component (default true)
+      --feature-gates mapStringBool                          A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
+                                                             AllAlpha=true|false (ALPHA - default=false)
+                                                             AllBeta=true|false (BETA - default=false)
+                                                             ServerSideApply=true|false (ALPHA - default=false)
+  -h, --help                                                 help for cainjector
+      --kubeconfig string                                    Paths to a kubeconfig. Only required if out-of-cluster.
+      --leader-elect                                         If true, cainjector will perform leader election between instances to ensure no more than one instance of cainjector operates at a time (default true)
+      --leader-election-lease-duration duration              The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled. (default 1m0s)
+      --leader-election-namespace string                     Namespace used to perform leader election. Only used if leader election is enabled (default "kube-system")
+      --leader-election-renew-deadline duration              The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled. (default 40s)
+      --leader-election-retry-period duration                The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled. (default 15s)
+      --log-flush-frequency duration                         Maximum number of seconds between log flushes (default 5s)
+      --logging-format string                                Sets the log format. Permitted formats: "json" (gated by LoggingBetaOptions), "text". (default "text")
+      --metrics-dynamic-serving-ca-secret-name string        name of the secret used to store the CA that signs serving certificates
+      --metrics-dynamic-serving-ca-secret-namespace string   namespace of the secret used to store the CA that signs metrics serving certificates
+      --metrics-dynamic-serving-dns-names strings            DNS names that should be present on certificates generated by the metrics dynamic serving CA
+      --metrics-dynamic-serving-leaf-duration duration       leaf duration of metrics serving certificates (default 168h0m0s)
+      --metrics-listen-address string                        The host and port that the metrics endpoint should listen on. The value '0' disables the metrics server (default "0.0.0.0:9402")
+      --metrics-tls-cert-file string                         path to the file containing the TLS certificate to serve metrics with
+      --metrics-tls-cipher-suites strings                    Comma-separated list of cipher suites for the metrics server. If omitted, the default Go cipher suites will be used.  Possible values: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_RC4_128_SHA
+      --metrics-tls-min-version string                       Minimum TLS version supported by the metrics server. If omitted, the default Go minimum version will be used. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
+      --metrics-tls-private-key-file string                  path to the file containing the TLS private key to serve metrics with
+      --namespace string                                     If set, this limits the scope of cainjector to a single namespace. If set, cainjector will not update resources with certificates outside of the configured namespace.
+      --profiler-address string                              The host and port that Go profiler should listen on, i.e localhost:6060. Ensure that profiler is not exposed on a public address. Profiler will be served at /debug/pprof. (default "localhost:6060")
+  -v, --v Level                                              number for the log level verbosity
+      --vmodule pattern=N,...                                comma-separated list of pattern=N settings for file-filtered logging (only works for text log format)
 ```
diff --git a/content/docs/cli/controller.md b/content/docs/cli/controller.md
index 343cff2f13c..7943f2833fe 100644
--- a/content/docs/cli/controller.md
+++ b/content/docs/cli/controller.md
@@ -21,7 +21,7 @@ Flags:
       --acme-http01-solver-resource-request-cpu string       Defines the resource request CPU size when spawning new ACME HTTP01 challenge solver pods. (default "10m")
       --acme-http01-solver-resource-request-memory string    Defines the resource request Memory size when spawning new ACME HTTP01 challenge solver pods. (default "64Mi")
       --acme-http01-solver-run-as-non-root                   Defines the ability to run the http01 solver as root for troubleshooting issues (default true)
-      --auto-certificate-annotations strings                 The annotation consumed by the ingress-shim controller to indicate a ingress is requesting a certificate (default [kubernetes.io/tls-acme])
+      --auto-certificate-annotations strings                 The annotation consumed by the ingress-shim controller to indicate an ingress is requesting a certificate (default [kubernetes.io/tls-acme])
       --cluster-issuer-ambient-credentials                   Whether a cluster-issuer may make use of ambient credentials for issuers. 'Ambient Credentials' are credentials drawn from the environment, metadata services, or local files which are not explicitly configured in the ClusterIssuer API object. When this flag is enabled, the following sources for credentials are also used: AWS - All sources the Go SDK defaults to, notably including any EC2 IAM roles available via instance metadata. (default true)
       --cluster-resource-namespace string                    Namespace to store resources owned by cluster scoped resources such as ClusterIssuer in. This must be specified if ClusterIssuers are enabled. (default "kube-system")
       --concurrent-workers int                               The number of concurrent workers for each controller. (default 5)
@@ -51,6 +51,7 @@ Flags:
                                                              ServerSideApply=true|false (ALPHA - default=false)
                                                              StableCertificateRequestName=true|false (BETA - default=true)
                                                              UseCertificateRequestBasicConstraints=true|false (ALPHA - default=false)
+                                                             UseDomainQualifiedFinalizer=true|false (ALPHA - default=false)
                                                              ValidateCAA=true|false (ALPHA - default=false)
   -h, --help                                                 help for controller
       --issuer-ambient-credentials                           Whether an issuer may make use of ambient credentials. 'Ambient Credentials' are credentials drawn from the environment, metadata services, or local files which are not explicitly configured in the Issuer API object. When this flag is enabled, the following sources for credentials are also used: AWS - All sources the Go SDK defaults to, notably including any EC2 IAM roles available via instance metadata.
diff --git a/content/docs/cli/webhook.md b/content/docs/cli/webhook.md
index 64b4d08e932..b4ef77b6313 100644
--- a/content/docs/cli/webhook.md
+++ b/content/docs/cli/webhook.md
@@ -14,31 +14,40 @@ Usage:
   webhook [flags]
 
 Flags:
-      --api-server-host string                       Optional apiserver host address to connect to. If not specified, autoconfiguration will be attempted.
-      --config string                                Path to a file containing a WebhookConfiguration object used to configure the webhook
-      --dynamic-serving-ca-secret-name string        name of the secret used to store the CA that signs serving certificates
-      --dynamic-serving-ca-secret-namespace string   namespace of the secret used to store the CA that signs serving certificates
-      --dynamic-serving-dns-names strings            DNS names that should be present on certificates generated by the dynamic serving CA
-      --dynamic-serving-leaf-duration duration       leaf duration of serving certificates (default 168h0m0s)
-      --enable-profiling                             Enable profiling for webhook.
-      --feature-gates mapStringBool                  A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
-                                                     AdditionalCertificateOutputFormats=true|false (BETA - default=true)
-                                                     AllAlpha=true|false (ALPHA - default=false)
-                                                     AllBeta=true|false (BETA - default=false)
-                                                     LiteralCertificateSubject=true|false (BETA - default=true)
-                                                     NameConstraints=true|false (ALPHA - default=false)
-                                                     OtherNames=true|false (ALPHA - default=false)
-      --healthz-port int32                           port number to listen on for insecure healthz connections (default 6080)
-  -h, --help                                         help for webhook
-      --kubeconfig string                            optional path to the kubeconfig used to connect to the apiserver. If not specified, in-cluster-config will be used
-      --log-flush-frequency duration                 Maximum number of seconds between log flushes (default 5s)
-      --logging-format string                        Sets the log format. Permitted formats: "json" (gated by LoggingBetaOptions), "text". (default "text")
-      --profiler-address string                      Address of the Go profiler (pprof). This should never be exposed on a public interface. If this flag is not set, the profiler is not run. (default "localhost:6060")
-      --secure-port int32                            port number to listen on for secure TLS connections (default 6443)
-      --tls-cert-file string                         path to the file containing the TLS certificate to serve with
-      --tls-cipher-suites strings                    Comma-separated list of cipher suites for the server. If omitted, the default Go cipher suites will be used.  Possible values: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_RC4_128_SHA
-      --tls-min-version string                       Minimum TLS version supported. If omitted, the default Go minimum version will be used. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
-      --tls-private-key-file string                  path to the file containing the TLS private key to serve with
-  -v, --v Level                                      number for the log level verbosity
-      --vmodule pattern=N,...                        comma-separated list of pattern=N settings for file-filtered logging (only works for text log format)
+      --api-server-host string                               Optional apiserver host address to connect to. If not specified, autoconfiguration will be attempted.
+      --config string                                        Path to a file containing a WebhookConfiguration object used to configure the webhook
+      --dynamic-serving-ca-secret-name string                name of the secret used to store the CA that signs serving certificates
+      --dynamic-serving-ca-secret-namespace string           namespace of the secret used to store the CA that signs serving certificates
+      --dynamic-serving-dns-names strings                    DNS names that should be present on certificates generated by the dynamic serving CA
+      --dynamic-serving-leaf-duration duration               leaf duration of serving certificates (default 168h0m0s)
+      --enable-profiling                                     Enable profiling for webhook.
+      --feature-gates mapStringBool                          A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
+                                                             AdditionalCertificateOutputFormats=true|false (BETA - default=true)
+                                                             AllAlpha=true|false (ALPHA - default=false)
+                                                             AllBeta=true|false (BETA - default=false)
+                                                             LiteralCertificateSubject=true|false (BETA - default=true)
+                                                             NameConstraints=true|false (ALPHA - default=false)
+                                                             OtherNames=true|false (ALPHA - default=false)
+      --healthz-port int32                                   port number to listen on for insecure healthz connections (default 6080)
+  -h, --help                                                 help for webhook
+      --kubeconfig string                                    optional path to the kubeconfig used to connect to the apiserver. If not specified, in-cluster-config will be used
+      --log-flush-frequency duration                         Maximum number of seconds between log flushes (default 5s)
+      --logging-format string                                Sets the log format. Permitted formats: "json" (gated by LoggingBetaOptions), "text". (default "text")
+      --metrics-dynamic-serving-ca-secret-name string        name of the secret used to store the CA that signs serving certificates
+      --metrics-dynamic-serving-ca-secret-namespace string   namespace of the secret used to store the CA that signs metrics serving certificates
+      --metrics-dynamic-serving-dns-names strings            DNS names that should be present on certificates generated by the metrics dynamic serving CA
+      --metrics-dynamic-serving-leaf-duration duration       leaf duration of metrics serving certificates (default 168h0m0s)
+      --metrics-listen-address string                        The host and port that the metrics endpoint should listen on. The value '0' disables the metrics server (default "0.0.0.0:9402")
+      --metrics-tls-cert-file string                         path to the file containing the TLS certificate to serve metrics with
+      --metrics-tls-cipher-suites strings                    Comma-separated list of cipher suites for the metrics server. If omitted, the default Go cipher suites will be used.  Possible values: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_RC4_128_SHA
+      --metrics-tls-min-version string                       Minimum TLS version supported by the metrics server. If omitted, the default Go minimum version will be used. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
+      --metrics-tls-private-key-file string                  path to the file containing the TLS private key to serve metrics with
+      --profiler-address string                              Address of the Go profiler (pprof). This should never be exposed on a public interface. If this flag is not set, the profiler is not run. (default "localhost:6060")
+      --secure-port int32                                    port number to listen on for secure TLS connections (default 6443)
+      --tls-cert-file string                                 path to the file containing the TLS certificate to serve with
+      --tls-cipher-suites strings                            Comma-separated list of cipher suites for the server. If omitted, the default Go cipher suites will be used.  Possible values: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_RC4_128_SHA
+      --tls-min-version string                               Minimum TLS version supported. If omitted, the default Go minimum version will be used. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
+      --tls-private-key-file string                          path to the file containing the TLS private key to serve with
+  -v, --v Level                                              number for the log level verbosity
+      --vmodule pattern=N,...                                comma-separated list of pattern=N settings for file-filtered logging (only works for text log format)
 ```
diff --git a/content/docs/reference/api-docs.md b/content/docs/reference/api-docs.md
index eb030dfcc2a..e9e7eddb1d0 100644
--- a/content/docs/reference/api-docs.md
+++ b/content/docs/reference/api-docs.md
@@ -765,6 +765,19 @@ description: >-
         </p>
       </td>
     </tr>
+    <tr>
+      <td>
+        <code>podTemplate</code>
+        <br />
+        <em>
+          <a href="#acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01IngressPodTemplate">ACMEChallengeSolverHTTP01IngressPodTemplate</a>
+        </em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p>Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges.</p>
+      </td>
+    </tr>
   </tbody>
 </table>
 <h3 id="acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01Ingress">ACMEChallengeSolverHTTP01Ingress</h3>
@@ -906,7 +919,7 @@ description: >-
       </td>
       <td>
         <em>(Optional)</em>
-        <p>Annotations that should be added to the create ACME HTTP01 solver pods.</p>
+        <p>Annotations that should be added to the created ACME HTTP01 solver pods.</p>
       </td>
     </tr>
     <tr>
@@ -922,6 +935,132 @@ description: >-
     </tr>
   </tbody>
 </table>
+<h3 id="acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01IngressPodSecurityContext">ACMEChallengeSolverHTTP01IngressPodSecurityContext</h3>
+<p> (<em>Appears on:</em> <a href="#acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01IngressPodSpec">ACMEChallengeSolverHTTP01IngressPodSpec</a>) </p>
+<div></div>
+<table>
+  <thead>
+    <tr>
+      <th>Field</th>
+      <th>Description</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>
+        <code>seLinuxOptions</code>
+        <br />
+        <em>
+          <a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#selinuxoptions-v1-core">Kubernetes core/v1.SELinuxOptions</a>
+        </em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p>The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.</p>
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <code>runAsUser</code>
+        <br />
+        <em>int64</em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p>The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.</p>
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <code>runAsGroup</code>
+        <br />
+        <em>int64</em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p>The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.</p>
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <code>runAsNonRoot</code>
+        <br />
+        <em>bool</em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p>Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.</p>
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <code>supplementalGroups</code>
+        <br />
+        <em>[]int64</em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p>A list of groups applied to the first process run in each container, in addition to the container&rsquo;s primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.</p>
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <code>fsGroup</code>
+        <br />
+        <em>int64</em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p>A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:</p>
+        <ol>
+          <li>The owning GID will be the FSGroup</li>
+          <li>The setgid bit is set (new files created in the volume will be owned by FSGroup)</li>
+          <li>The permission bits are OR&rsquo;d with rw-rw&mdash;-</li>
+        </ol>
+        <p>If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.</p>
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <code>sysctls</code>
+        <br />
+        <em>
+          <a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#sysctl-v1-core">[]Kubernetes core/v1.Sysctl</a>
+        </em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p>Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.</p>
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <code>fsGroupChangePolicy</code>
+        <br />
+        <em>
+          <a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podfsgroupchangepolicy-v1-core">Kubernetes core/v1.PodFSGroupChangePolicy</a>
+        </em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p>fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are &ldquo;OnRootMismatch&rdquo; and &ldquo;Always&rdquo;. If not specified, &ldquo;Always&rdquo; is used. Note that this field cannot be set when spec.os.name is windows.</p>
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <code>seccompProfile</code>
+        <br />
+        <em>
+          <a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#seccompprofile-v1-core">Kubernetes core/v1.SeccompProfile</a>
+        </em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p>The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.</p>
+      </td>
+    </tr>
+  </tbody>
+</table>
 <h3 id="acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01IngressPodSpec">ACMEChallengeSolverHTTP01IngressPodSpec</h3>
 <p> (<em>Appears on:</em> <a href="#acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01IngressPodTemplate">ACMEChallengeSolverHTTP01IngressPodTemplate</a>) </p>
 <div></div>
@@ -1005,10 +1144,23 @@ description: >-
         <p>If specified, the pod&rsquo;s imagePullSecrets</p>
       </td>
     </tr>
+    <tr>
+      <td>
+        <code>securityContext</code>
+        <br />
+        <em>
+          <a href="#acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01IngressPodSecurityContext">ACMEChallengeSolverHTTP01IngressPodSecurityContext</a>
+        </em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p>If specified, the pod&rsquo;s security context</p>
+      </td>
+    </tr>
   </tbody>
 </table>
 <h3 id="acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01IngressPodTemplate">ACMEChallengeSolverHTTP01IngressPodTemplate</h3>
-<p> (<em>Appears on:</em> <a href="#acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01Ingress">ACMEChallengeSolverHTTP01Ingress</a>) </p>
+<p> (<em>Appears on:</em> <a href="#acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01GatewayHTTPRoute">ACMEChallengeSolverHTTP01GatewayHTTPRoute</a>, <a href="#acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01Ingress">ACMEChallengeSolverHTTP01Ingress</a>) </p>
 <div></div>
 <table>
   <thead>
@@ -1117,6 +1269,19 @@ description: >-
               <p>If specified, the pod&rsquo;s imagePullSecrets</p>
             </td>
           </tr>
+          <tr>
+            <td>
+              <code>securityContext</code>
+              <br />
+              <em>
+                <a href="#acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01IngressPodSecurityContext">ACMEChallengeSolverHTTP01IngressPodSecurityContext</a>
+              </em>
+            </td>
+            <td>
+              <em>(Optional)</em>
+              <p>If specified, the pod&rsquo;s security context</p>
+            </td>
+          </tr>
         </table>
       </td>
     </tr>
@@ -1816,7 +1981,7 @@ description: >-
       </td>
       <td>
         <em>(Optional)</em>
-        <p>If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.</p>
+        <p>If set, the provider will manage only this zone in Route53 and will not do a lookup using the route53:ListHostedZonesByName api call.</p>
       </td>
     </tr>
     <tr>
@@ -1826,7 +1991,12 @@ description: >-
         <em>string</em>
       </td>
       <td>
-        <p>Always set the region when using AccessKeyID and SecretAccessKey</p>
+        <em>(Optional)</em>
+        <p>Override the AWS region.</p>
+        <p> Route53 is a global service and does not have regional endpoints but the region specified here (or via environment variables) is used as a hint to help compute the correct AWS credential scope and partition when it connects to Route53. See: - <a href="https://docs.aws.amazon.com/general/latest/gr/r53.html">Amazon Route 53 endpoints and quotas</a>- <a href="https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html">Global services</a> </p>
+        <p>If you omit this region field, cert-manager will use the region from AWS_REGION and AWS_DEFAULT_REGION environment variables, if they are set in the cert-manager controller Pod.</p>
+        <p> The <code>region</code> field is not needed if you use <a href="https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html">IAM Roles for Service Accounts (IRSA)</a>. Instead an AWS_REGION environment variable is added to the cert-manager controller Pod by: <a href="https://github.com/aws/amazon-eks-pod-identity-webhook">Amazon EKS Pod Identity Webhook</a>. In this case this <code>region</code> field value is ignored. </p>
+        <p> The <code>region</code> field is not needed if you use <a href="https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html">EKS Pod Identities</a>. Instead an AWS_REGION environment variable is added to the cert-manager controller Pod by: <a href="https://github.com/aws/eks-pod-identity-agent">Amazon EKS Pod Identity Agent</a>, In this case this <code>region</code> field value is ignored. </p>
       </td>
     </tr>
   </tbody>
@@ -2563,7 +2733,7 @@ description: >-
         <p>&#34;invalid&#34;</p>
       </td>
       <td>
-        <p>Invalid signifies that an ACME resource is invalid for some reason. If an Order is marked &lsquo;invalid&rsquo;, one of its validations be have invalid for some reason. This is a final state.</p>
+        <p>Invalid signifies that an ACME resource is invalid for some reason. If an Order is marked &lsquo;invalid&rsquo;, one of its validations must be invalid for some reason. This is a final state.</p>
       </td>
     </tr>
     <tr>
@@ -2723,6 +2893,26 @@ description: >-
         <p>featureGates is a map of feature names to bools that enable or disable experimental features.</p>
       </td>
     </tr>
+    <tr>
+      <td>
+        <code>metricsListenAddress</code>
+        <br />
+        <em>string</em>
+      </td>
+      <td>
+        <p>The host and port that the metrics endpoint should listen on. The value &ldquo;0&rdquo; disables the metrics server. Defaults to &lsquo;0.0.0.0:9402&rsquo;.</p>
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <code>metricsTLSConfig</code>
+        <br />
+        <em>github.com/cert-manager/cert-manager/pkg/apis/config/shared/v1alpha1.TLSConfig</em>
+      </td>
+      <td>
+        <p>metricsTLSConfig is used to configure the metrics server TLS settings.</p>
+      </td>
+    </tr>
   </tbody>
 </table>
 <h3 id="cainjector.config.cert-manager.io/v1alpha1.EnableDataSourceConfig">EnableDataSourceConfig</h3>
@@ -2743,7 +2933,7 @@ description: >-
         <em>bool</em>
       </td>
       <td>
-        <p>Certificates detemines whether cainjector&rsquo;s control loops will watch cert-manager Certificate resources as potential sources of CA data. If not set, defaults to true.</p>
+        <p>Certificates determines whether cainjector&rsquo;s control loops will watch cert-manager Certificate resources as potential sources of CA data. If not set, defaults to true.</p>
       </td>
     </tr>
   </tbody>
@@ -2950,7 +3140,23 @@ description: >-
               <em>(Optional)</em>
               <p> How long before the currently issued certificate&rsquo;s expiry cert-manager should renew the certificate. For example, if a certificate is valid for 60 minutes, and <code>renewBefore=10m</code>, cert-manager will begin to attempt to renew the certificate 50 minutes after it was issued (i.e. when there are 10 minutes remaining until the certificate is no longer valid). </p>
               <p>NOTE: The actual lifetime of the issued certificate is used to determine the renewal time. If an issuer returns a certificate with a different lifetime than the one requested, cert-manager will use the lifetime of the issued certificate.</p>
-              <p> If unset, this defaults to <sup>1</sup>&frasl;<sub>3</sub> of the issued certificate&rsquo;s lifetime. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration <a href="https://golang.org/pkg/time/#ParseDuration">https://golang.org/pkg/time/#ParseDuration</a>. </p>
+              <p> If unset, this defaults to <sup>1</sup>&frasl;<sub>3</sub> of the issued certificate&rsquo;s lifetime. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration <a href="https://golang.org/pkg/time/#ParseDuration">https://golang.org/pkg/time/#ParseDuration</a>. Cannot be set if the <code>renewBeforePercentage</code> field is set. </p>
+            </td>
+          </tr>
+          <tr>
+            <td>
+              <code>renewBeforePercentage</code>
+              <br />
+              <em>int32</em>
+            </td>
+            <td>
+              <em>(Optional)</em>
+              <p> <code>renewBeforePercentage</code> is like <code>renewBefore</code>, except it is a relative percentage rather than an absolute duration. For example, if a certificate is valid for 60 minutes, and <code>renewBeforePercentage=25</code>, cert-manager will begin to attempt to renew the certificate 45 minutes after it was issued (i.e. when there are 15 minutes (25%) remaining until the certificate is no longer valid). </p>
+              <p>NOTE: The actual lifetime of the issued certificate is used to determine the renewal time. If an issuer returns a certificate with a different lifetime than the one requested, cert-manager will use the lifetime of the issued certificate.</p>
+              <p>
+                Value must be an integer in the range (0,100). The minimum effective
+                <code>renewBefore</code> derived from the <code>renewBeforePercentage</code> and <code>duration</code> fields is 5 minutes. Cannot be set if the <code>renewBefore</code> field is set.
+              </p>
             </td>
           </tr>
           <tr>
@@ -3632,7 +3838,7 @@ description: >-
 <h3 id="cert-manager.io/v1.CertificateCondition">CertificateCondition</h3>
 <p> (<em>Appears on:</em> <a href="#cert-manager.io/v1.CertificateStatus">CertificateStatus</a>) </p>
 <div>
-  <p>CertificateCondition contains condition information for an Certificate.</p>
+  <p>CertificateCondition contains condition information for a Certificate.</p>
 </div>
 <table>
   <thead>
@@ -3717,7 +3923,7 @@ description: >-
 <h3 id="cert-manager.io/v1.CertificateConditionType"> CertificateConditionType (<code>string</code> alias) </h3>
 <p> (<em>Appears on:</em> <a href="#cert-manager.io/v1.CertificateCondition">CertificateCondition</a>) </p>
 <div>
-  <p>CertificateConditionType represents an Certificate condition value.</p>
+  <p>CertificateConditionType represents a Certificate condition value.</p>
 </div>
 <table>
   <thead>
@@ -3857,7 +4063,7 @@ description: >-
       <td>
         <em>(Optional)</em>
         <p>RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed.</p>
-        <p> If set to <code>Never</code>, a private key will only be generated if one does not already exist in the target <code>spec.secretName</code>. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to <code>Always</code>, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is <code>Never</code> for backward compatibility. </p>
+        <p> If set to <code>Never</code>, a private key will only be generated if one does not already exist in the target <code>spec.secretName</code>. If one does exist but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to <code>Always</code>, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is <code>Never</code> for backward compatibility. </p>
       </td>
     </tr>
     <tr>
@@ -3979,7 +4185,7 @@ description: >-
 <h3 id="cert-manager.io/v1.CertificateRequestConditionType"> CertificateRequestConditionType (<code>string</code> alias) </h3>
 <p> (<em>Appears on:</em> <a href="#cert-manager.io/v1.CertificateRequestCondition">CertificateRequestCondition</a>) </p>
 <div>
-  <p>CertificateRequestConditionType represents an Certificate condition value.</p>
+  <p>CertificateRequestConditionType represents a Certificate condition value.</p>
 </div>
 <table>
   <thead>
@@ -4336,7 +4542,23 @@ description: >-
         <em>(Optional)</em>
         <p> How long before the currently issued certificate&rsquo;s expiry cert-manager should renew the certificate. For example, if a certificate is valid for 60 minutes, and <code>renewBefore=10m</code>, cert-manager will begin to attempt to renew the certificate 50 minutes after it was issued (i.e. when there are 10 minutes remaining until the certificate is no longer valid). </p>
         <p>NOTE: The actual lifetime of the issued certificate is used to determine the renewal time. If an issuer returns a certificate with a different lifetime than the one requested, cert-manager will use the lifetime of the issued certificate.</p>
-        <p> If unset, this defaults to <sup>1</sup>&frasl;<sub>3</sub> of the issued certificate&rsquo;s lifetime. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration <a href="https://golang.org/pkg/time/#ParseDuration">https://golang.org/pkg/time/#ParseDuration</a>. </p>
+        <p> If unset, this defaults to <sup>1</sup>&frasl;<sub>3</sub> of the issued certificate&rsquo;s lifetime. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration <a href="https://golang.org/pkg/time/#ParseDuration">https://golang.org/pkg/time/#ParseDuration</a>. Cannot be set if the <code>renewBeforePercentage</code> field is set. </p>
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <code>renewBeforePercentage</code>
+        <br />
+        <em>int32</em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p> <code>renewBeforePercentage</code> is like <code>renewBefore</code>, except it is a relative percentage rather than an absolute duration. For example, if a certificate is valid for 60 minutes, and <code>renewBeforePercentage=25</code>, cert-manager will begin to attempt to renew the certificate 45 minutes after it was issued (i.e. when there are 15 minutes (25%) remaining until the certificate is no longer valid). </p>
+        <p>NOTE: The actual lifetime of the issued certificate is used to determine the renewal time. If an issuer returns a certificate with a different lifetime than the one requested, cert-manager will use the lifetime of the issued certificate.</p>
+        <p>
+          Value must be an integer in the range (0,100). The minimum effective
+          <code>renewBefore</code> derived from the <code>renewBeforePercentage</code> and <code>duration</code> fields is 5 minutes. Cannot be set if the <code>renewBefore</code> field is set.
+        </p>
       </td>
     </tr>
     <tr>
@@ -4583,7 +4805,7 @@ description: >-
       </td>
       <td>
         <em>(Optional)</em>
-        <p>LastFailureTime is set only if the lastest issuance for this Certificate failed and contains the time of the failure. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). If the latest issuance has succeeded this field will be unset.</p>
+        <p>LastFailureTime is set only if the latest issuance for this Certificate failed and contains the time of the failure. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). If the latest issuance has succeeded this field will be unset.</p>
       </td>
     </tr>
     <tr>
@@ -5558,7 +5780,7 @@ description: >-
 <h3 id="cert-manager.io/v1.VaultAuth">VaultAuth</h3>
 <p> (<em>Appears on:</em> <a href="#cert-manager.io/v1.VaultIssuer">VaultIssuer</a>) </p>
 <div>
-  <p> VaultAuth is configuration used to authenticate with a Vault server. The order of precedence is [<code>tokenSecretRef</code>, <code>appRole</code> or <code>kubernetes</code>]. </p>
+  <p> VaultAuth is configuration used to authenticate with a Vault server. The order of precedence is [<code>tokenSecretRef</code>, <code>appRole</code>, <code>clientCertificate</code> or <code>kubernetes</code>]. </p>
 </div>
 <table>
   <thead>
@@ -5594,6 +5816,19 @@ description: >-
         <p>AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.</p>
       </td>
     </tr>
+    <tr>
+      <td>
+        <code>clientCertificate</code>
+        <br />
+        <em>
+          <a href="#cert-manager.io/v1.VaultClientCertificateAuth">VaultClientCertificateAuth</a>
+        </em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p>ClientCertificate authenticates with Vault by presenting a client certificate during the request&rsquo;s TLS handshake. Works only when using HTTPS protocol.</p>
+      </td>
+    </tr>
     <tr>
       <td>
         <code>kubernetes</code>
@@ -5609,6 +5844,54 @@ description: >-
     </tr>
   </tbody>
 </table>
+<h3 id="cert-manager.io/v1.VaultClientCertificateAuth">VaultClientCertificateAuth</h3>
+<p> (<em>Appears on:</em> <a href="#cert-manager.io/v1.VaultAuth">VaultAuth</a>) </p>
+<div>
+  <p>VaultKubernetesAuth is used to authenticate against Vault using a client certificate stored in a Secret.</p>
+</div>
+<table>
+  <thead>
+    <tr>
+      <th>Field</th>
+      <th>Description</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>
+        <code>mountPath</code>
+        <br />
+        <em>string</em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p> The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to <code>/v1/auth/foo</code>, will use the path <code>/v1/auth/foo/login</code> to authenticate with Vault. If unspecified, the default value &ldquo;/v1/auth/cert&rdquo; will be used. </p>
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <code>secretName</code>
+        <br />
+        <em>string</em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p>Reference to Kubernetes Secret of type &ldquo;kubernetes.io/tls&rdquo; (hence containing tls.crt and tls.key) used to authenticate to Vault using TLS client authentication.</p>
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <code>name</code>
+        <br />
+        <em>string</em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p>Name of the certificate role to authenticate against. If not set, matching any certificate role, if available.</p>
+      </td>
+    </tr>
+  </tbody>
+</table>
 <h3 id="cert-manager.io/v1.VaultIssuer">VaultIssuer</h3>
 <p> (<em>Appears on:</em> <a href="#cert-manager.io/v1.IssuerConfig">IssuerConfig</a>) </p>
 <div>
@@ -5900,7 +6183,7 @@ description: >-
         </em>
       </td>
       <td>
-        <p>CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, &lsquo;username&rsquo; and &lsquo;password&rsquo;.</p>
+        <p>CredentialsRef is a reference to a Secret containing the Venafi TPP API credentials. The secret must contain the key &lsquo;access-token&rsquo; for the Access Token Authentication, or two keys, &lsquo;username&rsquo; and &lsquo;password&rsquo; for the API Keys Authentication.</p>
       </td>
     </tr>
     <tr>
@@ -5914,6 +6197,19 @@ description: >-
         <p>Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. If undefined, the certificate bundle in the cert-manager controller container is used to validate the chain.</p>
       </td>
     </tr>
+    <tr>
+      <td>
+        <code>caBundleSecretRef</code>
+        <br />
+        <em>
+          <a href="#meta.cert-manager.io/v1.SecretKeySelector">SecretKeySelector</a>
+        </em>
+      </td>
+      <td>
+        <em>(Optional)</em>
+        <p>Reference to a Secret containing a base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef is defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection.</p>
+      </td>
+    </tr>
   </tbody>
 </table>
 <h3 id="cert-manager.io/v1.X509Subject">X509Subject</h3>
@@ -6209,7 +6505,7 @@ description: >-
         <em>string</em>
       </td>
       <td>
-        <p>If set, this limits the scope of cert-manager to a single namespace and ClusterIssuers are disabled. If not specified, all namespaces will be watched&rdquo;</p>
+        <p>If set, this limits the scope of cert-manager to a single namespace and ClusterIssuers are disabled. If not specified, all namespaces will be watched</p>
       </td>
     </tr>
     <tr>
@@ -6291,7 +6587,7 @@ description: >-
         <em>[]string</em>
       </td>
       <td>
-        <p>Specify which annotations should/shouldn&rsquo;t be copied from Certificate to CertificateRequest and Order, as well as from CertificateSigningRequest to Order, by passing a list of annotation key prefixes. A prefix starting with a dash(-) specifies an annotation that shouldn&rsquo;t be copied. Example: &lsquo;*,-kubectl.kuberenetes.io/&rsquo;- all annotations will be copied apart from the ones where the key is prefixed with &lsquo;kubectl.kubernetes.io/&rsquo;.</p>
+        <p>Specify which annotations should/shouldn&rsquo;t be copied from Certificate to CertificateRequest and Order, as well as from CertificateSigningRequest to Order, by passing a list of annotation key prefixes. A prefix starting with a dash(-) specifies an annotation that shouldn&rsquo;t be copied. Example: &lsquo;*,-kubectl.kubernetes.io/&rsquo;- all annotations will be copied apart from the ones where the key is prefixed with &lsquo;kubectl.kubernetes.io/&rsquo;.</p>
       </td>
     </tr>
     <tr>
@@ -6474,7 +6770,7 @@ description: >-
         <em>[]string</em>
       </td>
       <td>
-        <p>The annotation consumed by the ingress-shim controller to indicate a ingress is requesting a certificate</p>
+        <p>The annotation consumed by the ingress-shim controller to indicate an ingress is requesting a certificate</p>
       </td>
     </tr>
   </tbody>
@@ -6633,7 +6929,7 @@ description: >-
 <h3 id="meta.cert-manager.io/v1.SecretKeySelector">SecretKeySelector</h3>
 <p>
   (<em>Appears on:</em> <a href="#acme.cert-manager.io/v1.ACMEExternalAccountBinding">ACMEExternalAccountBinding</a>, <a href="#acme.cert-manager.io/v1.ACMEIssuer">ACMEIssuer</a>, <a href="#acme.cert-manager.io/v1.ACMEIssuerDNS01ProviderAcmeDNS">ACMEIssuerDNS01ProviderAcmeDNS</a>, <a href="#acme.cert-manager.io/v1.ACMEIssuerDNS01ProviderAkamai">ACMEIssuerDNS01ProviderAkamai</a>, <a href="#acme.cert-manager.io/v1.ACMEIssuerDNS01ProviderAzureDNS">ACMEIssuerDNS01ProviderAzureDNS</a>, <a href="#acme.cert-manager.io/v1.ACMEIssuerDNS01ProviderCloudDNS">ACMEIssuerDNS01ProviderCloudDNS</a>, <a href="#acme.cert-manager.io/v1.ACMEIssuerDNS01ProviderCloudflare">ACMEIssuerDNS01ProviderCloudflare</a>, <a href="#acme.cert-manager.io/v1.ACMEIssuerDNS01ProviderDigitalOcean">ACMEIssuerDNS01ProviderDigitalOcean</a>, <a href="#acme.cert-manager.io/v1.ACMEIssuerDNS01ProviderRFC2136">ACMEIssuerDNS01ProviderRFC2136</a>,
-  <a href="#acme.cert-manager.io/v1.ACMEIssuerDNS01ProviderRoute53">ACMEIssuerDNS01ProviderRoute53</a>, <a href="#cert-manager.io/v1.JKSKeystore">JKSKeystore</a>, <a href="#cert-manager.io/v1.PKCS12Keystore">PKCS12Keystore</a>, <a href="#cert-manager.io/v1.VaultAppRole">VaultAppRole</a>, <a href="#cert-manager.io/v1.VaultAuth">VaultAuth</a>, <a href="#cert-manager.io/v1.VaultIssuer">VaultIssuer</a>, <a href="#cert-manager.io/v1.VaultKubernetesAuth">VaultKubernetesAuth</a>, <a href="#cert-manager.io/v1.VenafiCloud">VenafiCloud</a>)
+  <a href="#acme.cert-manager.io/v1.ACMEIssuerDNS01ProviderRoute53">ACMEIssuerDNS01ProviderRoute53</a>, <a href="#cert-manager.io/v1.JKSKeystore">JKSKeystore</a>, <a href="#cert-manager.io/v1.PKCS12Keystore">PKCS12Keystore</a>, <a href="#cert-manager.io/v1.VaultAppRole">VaultAppRole</a>, <a href="#cert-manager.io/v1.VaultAuth">VaultAuth</a>, <a href="#cert-manager.io/v1.VaultIssuer">VaultIssuer</a>, <a href="#cert-manager.io/v1.VaultKubernetesAuth">VaultKubernetesAuth</a>, <a href="#cert-manager.io/v1.VenafiCloud">VenafiCloud</a>, <a href="#cert-manager.io/v1.VenafiTPP">VenafiTPP</a>)
 </p>
 <div>
   <p> A reference to a specific &lsquo;key&rsquo; within a Secret resource. In some instances, <code>key</code> is a required field. </p>
@@ -6783,9 +7079,29 @@ description: >-
         <p>featureGates is a map of feature names to bools that enable or disable experimental features.</p>
       </td>
     </tr>
+    <tr>
+      <td>
+        <code>metricsListenAddress</code>
+        <br />
+        <em>string</em>
+      </td>
+      <td>
+        <p>The host and port that the metrics endpoint should listen on. The value &ldquo;0&rdquo; disables the metrics server. Defaults to &lsquo;0.0.0.0:9402&rsquo;.</p>
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <code>metricsTLSConfig</code>
+        <br />
+        <em>github.com/cert-manager/cert-manager/pkg/apis/config/shared/v1alpha1.TLSConfig</em>
+      </td>
+      <td>
+        <p>metricsTLSConfig is used to configure the metrics server TLS settings.</p>
+      </td>
+    </tr>
   </tbody>
 </table>
 <hr />
 <p>
-  <em> Generated with <code>gen-crd-api-reference-docs</code> on git commit <code>35e27b7</code>. </em>
+  <em> Generated with <code>gen-crd-api-reference-docs</code> on git commit <code>67c897d</code>. </em>
 </p>

From 63cad7dd5a4f96ce0ddd39a229409e4edd79c067 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Thu, 3 Oct 2024 13:19:32 +0100
Subject: [PATCH 30/30] Add remaining release notes

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 content/docs/releases/release-notes/release-notes-1.16.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
index edeb47207d3..ffb064e3b44 100644
--- a/content/docs/releases/release-notes/release-notes-1.16.md
+++ b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -251,6 +251,9 @@ In addition, massive thanks to Venafi for contributing developer time and resour
 - Venafi TPP issuer can now be used with a username & password combination with OAuth. Fixes #4653.
   Breaking: cert-manager will no longer use the API Key authentication method which was deprecated in 20.2 and since removed in 24.1 of TPP. ([#7084](https://github.com/cert-manager/cert-manager/pull/7084), [`@hawksight`](https://github.com/hawksight))
 - You can now configure the pod security context of HTTP-01 solver pods. ([#5373](https://github.com/cert-manager/cert-manager/pull/5373), [`@aidy`](https://github.com/aidy))
+- Helm: New value `webhook.extraEnv`, allows you to set custom environment variables in the webhook Pod.
+  Helm: New value `cainjector.extraEnv`, allows you to set custom environment variables in the cainjector Pod.
+  Helm: New value `startupapicheck.extraEnv`, allows you to set custom environment variables in the startupapicheck Pod. ([#7319](https://github.com/cert-manager/cert-manager/pull/7319), [`@wallrj`](https://github.com/wallrj))
 
 ### Bug or Regression
 
@@ -279,3 +282,4 @@ In addition, massive thanks to Venafi for contributing developer time and resour
   (acme.)cert-manager.io/v1alpha3
   (acme.)cert-manager.io/v1beta1 ([#7278](https://github.com/cert-manager/cert-manager/pull/7278), [`@inteon`](https://github.com/inteon))
 - Upgrading to client-go `v0.31.0` removes a lot of noisy `reflector.go: unable to sync list result: internal error: cannot cast object DeletedFinalStateUnknown` errors from logs. ([#7237](https://github.com/cert-manager/cert-manager/pull/7237), [`@inteon`](https://github.com/inteon))
+- Bump Go to `v1.23.2` ([#7324](https://github.com/cert-manager/cert-manager/pull/7324), [`@cert-manager-bot`](https://github.com/cert-manager-bot))