diff --git a/gateway-home/modules/ROOT/pages/index.adoc b/gateway-home/modules/ROOT/pages/index.adoc index 96c788ad8..031cba330 100644 --- a/gateway-home/modules/ROOT/pages/index.adoc +++ b/gateway-home/modules/ROOT/pages/index.adoc @@ -12,20 +12,20 @@ A gateway enables you to add a dedicated orchestration layer on top of your back Anypoint Platform offers two gateway products for managing and securing your APIs: -* <> +* <> * <> [[anypoint_flex_gateway]] -== Anypoint Flex Gateway +== Anypoint Omni Gateway -Anypoint Flex Gateway is an Envoy-based, ultrafast lightweight API gateway designed to manage and secure APIs running anywhere. -Built to seamlessly integrate with DevOps and CI/CD workflows, Anypoint Flex Gateway delivers the +Anypoint Omni Gateway is an Envoy-based, ultrafast lightweight API gateway designed to manage and secure APIs running anywhere. +Built to seamlessly integrate with DevOps and CI/CD workflows, Anypoint Omni Gateway delivers the performance required for the most demanding applications and microservices while providing enterprise security and manageability across any environment. For more information, see xref:gateway::index.adoc[]. -//For more information, see xref:gateway::flex-gateway-getting-started.adoc[Getting Started with Flex Gateway]. +//For more information, see xref:gateway::flex-gateway-getting-started.adoc[Getting Started with Omni Gateway]. [[anypoint_mule_gateway]] == Anypoint Mule Gateway @@ -40,21 +40,21 @@ Using Mule Gateway, you can, for example: For more information, see xref:mule-gateway::mule-gateway-capabilities-mule4.adoc[]. -== Flex Gateway vs. Mule Gateway +== Omni Gateway vs. Mule Gateway -Flex Gateway can manage and secure APIs, both Mule and non-Mule, running anywhere. +Omni Gateway can manage and secure APIs, both Mule and non-Mule, running anywhere. In contrast, Mule Gateway protects a single Mule API. The key advantage is that it's easy for Mule app developers to provide basic endpoint protection. You can configure Mule in Anypoint Runtime Manager as a CloudHub proxy application, protecting multiple backends. -Building custom policies on Mule Gateway is similar to building an application with Java using the Mule DSL. Building a custom policy in Flex Gateway is based on Envoy-provided Rust WASM SDKs. A Mule Gateway policy cannot be reused in Flex Gateway and vice versa, because the underlying architectures are fundamentally different. +Building custom policies on Mule Gateway is similar to building an application with Java using the Mule DSL. Building a custom policy in Omni Gateway is based on Envoy-provided Rust WASM SDKs. A Mule Gateway policy cannot be reused in Omni Gateway and vice versa, because the underlying architectures are fundamentally different. -MuleSoft recommends you choose Flex Gateway for high-availability and high-performance Mule and non-Mule applications. +MuleSoft recommends you choose Omni Gateway for high-availability and high-performance Mule and non-Mule applications. To protect Mule applications that do not require the management and maintenance of underlying infrastructure, choose Mule Gateway for CloudHub. [%header%autowidth.spread,cols="a,a,a"] |=== -| | Flex Gateway | Mule Gateway +| | Omni Gateway | Mule Gateway | *Summary* | Envoy-based API gateway to secure all APIs, Mule and non-Mule, running anywhere @@ -95,7 +95,7 @@ To protect Mule applications that do not require the management and maintenance [%header%autowidth.spread] |=== -|Policy | Summary | Managed Flex Gateway | Flex Gateway Connected Mode | Flex Gateway Local Mode | Mule Gateway +|Policy | Summary | Managed Omni Gateway | Omni Gateway Connected Mode | Omni Gateway Local Mode | Mule Gateway | A2A Agent Card ^| Rewrites the Agent card URL to match the server instance public URL ^| xref:gateway::policies-included-a2a-agent-card.adoc[Yes] ^| xref:gateway::policies-included-a2a-agent-card.adoc[Yes] ^| No ^| No @@ -147,6 +147,14 @@ To protect Mule applications that do not require the management and maintenance | External Processing ^| Sends the incoming HTTP requests or outgoing HTTP responses to an external gRPC service for additional processing ^| xref:gateway::policies-included-external-processing.adoc[Yes] ^| xref:gateway::policies-included-external-processing.adoc[Yes] ^| xref:gateway::policies-included-external-processing.adoc[Yes] ^| No +| GraphQL Introspection Control ^| Blocks or allows requests that access the `__schema`, `__type`, and `__typename` GraphQL meta fields ^| xref:gateway::policies-included-graphql-introspection-control.adoc[Yes] ^| xref:gateway::policies-included-graphql-introspection-control.adoc[Yes] ^| xref:gateway::policies-included-graphql-introspection-control.adoc[Yes] ^| No + +| GraphQL Operation Limits ^| Limits GraphQL operation depth, aliases, root fields, and directives ^| xref:gateway::policies-included-graphql-operation-limits.adoc[Yes] ^| xref:gateway::policies-included-graphql-operation-limits.adoc[Yes] ^| xref:gateway::policies-included-graphql-operation-limits.adoc[Yes] ^| No + +| GraphQL Schema Validation ^| Validates incoming GraphQL operations against a GraphQL schema definition ^| xref:gateway::policies-included-graphql-schema-validation.adoc[Yes] ^| xref:gateway::policies-included-graphql-schema-validation.adoc[Yes] ^| xref:gateway::policies-included-graphql-schema-validation.adoc[Yes] ^| No + +| GraphQL Static Query Complexity ^| Calculates query complexity and blocks requests that exceed the defined budget ^| xref:gateway::policies-included-graphql-static-query-complexity.adoc[Yes] ^| xref:gateway::policies-included-graphql-static-query-complexity.adoc[Yes] ^| xref:gateway::policies-included-graphql-static-query-complexity.adoc[Yes] ^| No + | Header Injection ^| Adds headers to a request or a response ^| xref:gateway::policies-included-header-injection.adoc[Yes] ^| xref:gateway::policies-included-header-injection.adoc[Yes] ^| xref:gateway::policies-included-header-injection.adoc[Yes] ^| xref:mule-gateway::policies-included-header-injection.adoc[Yes] | Header Removal ^| Removes headers from a request or a response ^| xref:gateway::policies-included-header-removal.adoc[Yes] ^| xref:gateway::policies-included-header-removal.adoc[Yes] ^| xref:gateway::policies-included-header-removal.adoc[Yes] ^| xref:mule-gateway::policies-included-header-removal.adoc[Yes] @@ -175,7 +183,7 @@ To protect Mule applications that do not require the management and maintenance | MCP Schema Validation ^| Validates MCP requests to ensure they conform to the MCP specification ^| xref:gateway::policies-included-mcp-schema-validation.adoc[Yes] ^| xref:gateway::policies-included-mcp-schema-validation.adoc[Yes] ^| No ^| No -| MCP Support ^| Adds MCP support to a Flex Gateway MCP server instance. This policy is required for your MCP server instance to function properly. ^| xref:gateway::policies-included-mcp-support.adoc[Yes] ^| xref:gateway::policies-included-mcp-support.adoc[Yes] ^| No ^| No +| MCP Support ^| Adds MCP support to a Omni Gateway MCP server instance. This policy is required for your MCP server instance to function properly. ^| xref:gateway::policies-included-mcp-support.adoc[Yes] ^| xref:gateway::policies-included-mcp-support.adoc[Yes] ^| No ^| No | MCP Tool Mapping ^| Renames MCP tool names in requests and responses to provide flexible tool naming ^| xref:gateway::policies-included-mcp-tool-mapping.adoc[Yes] ^| xref:gateway::policies-included-mcp-tool-mapping.adoc[Yes] ^| No ^| No @@ -199,7 +207,7 @@ To protect Mule applications that do not require the management and maintenance | Regex Prompt Guard ^| Blocks LLM requests that match deny-list regex patterns ^| xref:gateway::policies-included-regex-prompt-guard.adoc[Yes] ^| xref:gateway::policies-included-regex-prompt-guard.adoc[Yes] ^| No ^| No -| Response Timeout ^| Sets the maximum duration Flex Gateway waits for a response from an upstream service ^| xref:gateway::policies-included-response-timeout.adoc[Yes] ^| xref:gateway::policies-included-response-timeout.adoc[Yes] ^| xref:gateway::policies-included-response-timeout.adoc[Yes] ^| No +| Response Timeout ^| Sets the maximum duration Omni Gateway waits for a response from an upstream service ^| xref:gateway::policies-included-response-timeout.adoc[Yes] ^| xref:gateway::policies-included-response-timeout.adoc[Yes] ^| xref:gateway::policies-included-response-timeout.adoc[Yes] ^| No | Schema Validation ^| Validates incoming traffic against a supplied OAS3 schema ^| xref:gateway::policies-included-schema-validation.adoc[Yes] ^| xref:gateway::policies-included-schema-validation.adoc[Yes] ^| xref:gateway::policies-included-schema-validation.adoc[Yes] ^| No @@ -221,7 +229,9 @@ To protect Mule applications that do not require the management and maintenance | Tokenization ^| Transforms sensitive data into a nonsensitive equivalent, named token ^| No ^| No ^| No ^| xref:mule-gateway::policies-included-tokenization.adoc[Yes] -| Upstream Idle Timeout ^| Sets the maximum duration a stream between Flex Gateway and an upstream service can remain idle ^| xref:gateway::policies-outbound-upstream-idle-timeout.adoc[Yes] ^| xref:gateway::policies-outbound-upstream-idle-timeout.adoc[Yes] ^| xref:gateway::policies-outbound-upstream-idle-timeout.adoc[Yes] ^| No +| Upstream Idle Timeout ^| Sets the maximum duration a stream between Omni Gateway and an upstream service can remain idle ^| xref:gateway::policies-outbound-upstream-idle-timeout.adoc[Yes] ^| xref:gateway::policies-outbound-upstream-idle-timeout.adoc[Yes] ^| xref:gateway::policies-outbound-upstream-idle-timeout.adoc[Yes] ^| No + +| WebSocket Connection Limit ^| Limits the number of simultaneous WebSocket connections that each API instance allows ^| xref:gateway::policies-included-websocket-connection-limit.adoc[Yes] ^| xref:gateway::policies-included-websocket-connection-limit.adoc[Yes] ^| xref:gateway::policies-included-websocket-connection-limit.adoc[Yes] ^| No | XML Threat Protection ^| Protects against malicious XML in API requests ^| xref:gateway::policies-included-xml-threat-protection.adoc[Yes] ^| xref:gateway::policies-included-xml-threat-protection.adoc[Yes] ^| xref:gateway::policies-included-xml-threat-protection.adoc[Yes] ^| xref:mule-gateway::policies-included-xml-threat-protection.adoc[Yes] diff --git a/gateway/1.12/modules/ROOT/pages/flex-conn-configure.adoc b/gateway/1.12/modules/ROOT/pages/flex-conn-configure.adoc index be2099f18..14d81322e 100644 --- a/gateway/1.12/modules/ROOT/pages/flex-conn-configure.adoc +++ b/gateway/1.12/modules/ROOT/pages/flex-conn-configure.adoc @@ -3,7 +3,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -:page-aliases: gateway::flex-conn-manage.adoc :page-mode: conn include::partial$configuration-task-list.adoc[tags=configuration-task-list-replicas] diff --git a/gateway/1.12/modules/ROOT/pages/flex-conn-jenkins-api.adoc b/gateway/1.12/modules/ROOT/pages/flex-conn-jenkins-api.adoc index c143ee721..5417897d1 100644 --- a/gateway/1.12/modules/ROOT/pages/flex-conn-jenkins-api.adoc +++ b/gateway/1.12/modules/ROOT/pages/flex-conn-jenkins-api.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :page-mode: conn -:page-aliases: gateway::flex-conn-manage-jenkins.adoc You can use a Jenkins Pipeline to automate the workflow for Flex Gateway in Connected Mode. With a Jenkins Pipeline, you can register and run a Flex Gateway and use features of the API Manager API, such as creating and deploying API instances. diff --git a/gateway/1.12/modules/ROOT/pages/flex-conn-reg-run.adoc b/gateway/1.12/modules/ROOT/pages/flex-conn-reg-run.adoc index a704443e3..9bf26d9c8 100644 --- a/gateway/1.12/modules/ROOT/pages/flex-conn-reg-run.adoc +++ b/gateway/1.12/modules/ROOT/pages/flex-conn-reg-run.adoc @@ -2,7 +2,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] -:page-aliases: runtime-manager::flex-gateway-register.adoc :imagesdir: ../assets/images Before you can use your Flex Gateway to configure API instances, you must register and start the gateway. diff --git a/gateway/1.12/modules/ROOT/pages/flex-conn-rep-run.adoc b/gateway/1.12/modules/ROOT/pages/flex-conn-rep-run.adoc index a7cc43059..0dfe5769a 100644 --- a/gateway/1.12/modules/ROOT/pages/flex-conn-rep-run.adoc +++ b/gateway/1.12/modules/ROOT/pages/flex-conn-rep-run.adoc @@ -2,7 +2,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] -:page-aliases: runtime-manager::flex-gateway-replicas.adoc :imagesdir: ../assets/images [cols="1a,1a"] diff --git a/gateway/1.12/modules/ROOT/pages/flex-conn-view-api-status.adoc b/gateway/1.12/modules/ROOT/pages/flex-conn-view-api-status.adoc index d57863a54..cc12fbfc8 100644 --- a/gateway/1.12/modules/ROOT/pages/flex-conn-view-api-status.adoc +++ b/gateway/1.12/modules/ROOT/pages/flex-conn-view-api-status.adoc @@ -2,7 +2,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] -:page-aliases: runtime-manager::flex-gateway-apis.adoc, gateway::flex-view-api-status.adoc :imagesdir: ../assets/images include::partial$/flex-view-api-status.adoc[] diff --git a/gateway/1.12/modules/ROOT/pages/flex-gateway-configure.adoc b/gateway/1.12/modules/ROOT/pages/flex-gateway-configure.adoc index 2a1670dc2..482f9cb38 100644 --- a/gateway/1.12/modules/ROOT/pages/flex-gateway-configure.adoc +++ b/gateway/1.12/modules/ROOT/pages/flex-gateway-configure.adoc @@ -3,7 +3,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -:page-aliases: gateway::flex-gateway-replicas.adoc Flex Gateway enables configuration via Anypoint Platform or declarative configuration files. You can configure Flex gateway running in Connected Mode via both Anypoint Platform or declarative configuration files, while you can configure Managed Flex Gateway only with Anypoint Platform and Flex Gateway running in local mode only with configuration files. diff --git a/gateway/1.12/modules/ROOT/pages/flex-gateway-delete.adoc b/gateway/1.12/modules/ROOT/pages/flex-gateway-delete.adoc index 55e674f63..81b81404c 100644 --- a/gateway/1.12/modules/ROOT/pages/flex-gateway-delete.adoc +++ b/gateway/1.12/modules/ROOT/pages/flex-gateway-delete.adoc @@ -2,7 +2,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] -:page-aliases: runtime-manager::flex-gateway-delete.adoc :imagesdir: ../assets/images To delete a gateway and its replicas in Runtime Manager: diff --git a/gateway/1.12/modules/ROOT/pages/flex-gateway-getting-started.adoc b/gateway/1.12/modules/ROOT/pages/flex-gateway-getting-started.adoc index 1e6d250fa..b767e8463 100644 --- a/gateway/1.12/modules/ROOT/pages/flex-gateway-getting-started.adoc +++ b/gateway/1.12/modules/ROOT/pages/flex-gateway-getting-started.adoc @@ -2,7 +2,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] -:page-aliases: runtime-manager::flex-gateway-add.adoc, runtime-manager::flex-gateway-api-add.adoc :imagesdir: ../assets/images The goal of this tutorial is to quickly get started with Anypoint Flex Gateway. Using Docker, the tutorial describes how to install, register, and run Flex Gateway in Connected Mode. Additionally, the tutorial describes how to publish an API that is secured with a basic authentication policy. diff --git a/gateway/1.12/modules/ROOT/pages/flex-gateway-secure-apis.adoc b/gateway/1.12/modules/ROOT/pages/flex-gateway-secure-apis.adoc index f621cc36c..9e34d8148 100644 --- a/gateway/1.12/modules/ROOT/pages/flex-gateway-secure-apis.adoc +++ b/gateway/1.12/modules/ROOT/pages/flex-gateway-secure-apis.adoc @@ -3,7 +3,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -:page-aliases: policies::policies-overview.adoc, policies::index.adoc, api-manager::policies-landing-page.adoc Policies enforce rules when Flex Gateway processes requests, enabling you to secure and govern your Flex Gateway API, agent, and tool instances. diff --git a/gateway/1.12/modules/ROOT/pages/flex-gateway-secure-conn.adoc b/gateway/1.12/modules/ROOT/pages/flex-gateway-secure-conn.adoc index 9a77ef727..9af438839 100644 --- a/gateway/1.12/modules/ROOT/pages/flex-gateway-secure-conn.adoc +++ b/gateway/1.12/modules/ROOT/pages/flex-gateway-secure-conn.adoc @@ -3,7 +3,7 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -:page-aliases: policies-included-apply.adoc, api-manager::using-policies.adoc, policies::policies-included-apply.adoc +:page-aliases: policies-included-apply.adoc For Managed Flex Gateway and Flex Gateway running in Connected Mode, you apply inbound and outbound policies using *API Manager*. To find the policies provided by Flex Gateway, see xref:policies-included-directory.adoc[] and xref:policies-outbound-directory.adoc[]. diff --git a/gateway/1.12/modules/ROOT/pages/flex-local-configure.adoc b/gateway/1.12/modules/ROOT/pages/flex-local-configure.adoc index bd3f4f7a4..193d7f3fe 100644 --- a/gateway/1.12/modules/ROOT/pages/flex-local-configure.adoc +++ b/gateway/1.12/modules/ROOT/pages/flex-local-configure.adoc @@ -3,7 +3,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -:page-aliases: gateway::flex-local-manage.adoc :page-mode: local include::partial$configuration-task-list.adoc[tags=configuration-task-list-replicas] diff --git a/gateway/1.12/modules/ROOT/pages/flex-local-third-party-logs-config.adoc b/gateway/1.12/modules/ROOT/pages/flex-local-third-party-logs-config.adoc index 7b23383fd..a137d025e 100644 --- a/gateway/1.12/modules/ROOT/pages/flex-local-third-party-logs-config.adoc +++ b/gateway/1.12/modules/ROOT/pages/flex-local-third-party-logs-config.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :page-mode: local -:page-aliases: gateway::flex-local-view-manage-logs.adoc include::partial$task-config-logs-third-party.adoc[tags=intro1;intro2-local] diff --git a/gateway/1.12/modules/ROOT/pages/flex-review-prerequisites.adoc b/gateway/1.12/modules/ROOT/pages/flex-review-prerequisites.adoc index 974cae353..a768ca4ad 100644 --- a/gateway/1.12/modules/ROOT/pages/flex-review-prerequisites.adoc +++ b/gateway/1.12/modules/ROOT/pages/flex-review-prerequisites.adoc @@ -2,7 +2,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] -:page-aliases: runtime-manager::flex-gateway-permissions.adoc :imagesdir: ../assets/images Before you download and install Anypoint Flex Gateway, review the following requirements and limits. diff --git a/gateway/1.12/modules/ROOT/pages/flex-view-logs-in-monitoring.adoc b/gateway/1.12/modules/ROOT/pages/flex-view-logs-in-monitoring.adoc index 97c94d90b..539fd8830 100644 --- a/gateway/1.12/modules/ROOT/pages/flex-view-logs-in-monitoring.adoc +++ b/gateway/1.12/modules/ROOT/pages/flex-view-logs-in-monitoring.adoc @@ -2,7 +2,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] -:page-aliases: runtime-manager::flex-gateway-monitoring.adoc :imagesdir: ../assets/images Use Anypoint Monitoring to see both runtime and access logs. Use the Anypoint Monitoring filtering to see different detailed logging views. diff --git a/gateway/1.12/modules/ROOT/pages/flex-view-replica-status.adoc b/gateway/1.12/modules/ROOT/pages/flex-view-replica-status.adoc index 290ae405f..fac160ffc 100644 --- a/gateway/1.12/modules/ROOT/pages/flex-view-replica-status.adoc +++ b/gateway/1.12/modules/ROOT/pages/flex-view-replica-status.adoc @@ -2,7 +2,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] -:page-aliases: runtime-manager::flex-gateway-replica-status.adoc :imagesdir: ../assets/images In Runtime Manager, you can view the status of groups of Flex Replicas and individual Flex Replicas. diff --git a/gateway/1.12/modules/ROOT/pages/index.adoc b/gateway/1.12/modules/ROOT/pages/index.adoc index e7c2de87d..4d1e2a34f 100644 --- a/gateway/1.12/modules/ROOT/pages/index.adoc +++ b/gateway/1.12/modules/ROOT/pages/index.adoc @@ -3,7 +3,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -:page-aliases: gateway::flex-shared-responsibility.adoc, runtime-manager::flex-gateway-about.adoc, runtime-manager::flex-gateway-modes.adoc Anypoint Flex Gateway is an Envoy-based, ultrafast lightweight API gateway designed to manage and secure APIs running anywhere. Built to seamlessly integrate with DevOps and CI/CD workflows, Flex Gateway delivers the performance required for the most demanding applications and microservices while providing enterprise security and manageability across any environment. diff --git a/gateway/1.12/modules/ROOT/pages/policies-automated-applying.adoc b/gateway/1.12/modules/ROOT/pages/policies-automated-applying.adoc index 2569dee09..61245c2ae 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-automated-applying.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-automated-applying.adoc @@ -2,7 +2,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] -:page-aliases: api-manager::automated-policy-apply.adoc, policies::policies-automated-applying.adoc Users with *Organization Admin*, *Environment Admin*, or with a role to *Manage Policies* in the environment can create, edit and delete Automated Policies. diff --git a/gateway/1.12/modules/ROOT/pages/policies-automated-overview.adoc b/gateway/1.12/modules/ROOT/pages/policies-automated-overview.adoc index ff8c63f3a..8d1361f1e 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-automated-overview.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-automated-overview.adoc @@ -2,7 +2,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] -:page-aliases: api-manager::automated-policies-landing-page.adoc, policies::policies-automated-overview.adoc Use automated policies to enforce security and logging requirements by applying the same policies to all APIs running in Flex Gateway. With policy automation, you can quickly design, build, and deploy secure and consistent APIs. diff --git a/gateway/1.12/modules/ROOT/pages/policies-custom-flex-getting-started.adoc b/gateway/1.12/modules/ROOT/pages/policies-custom-flex-getting-started.adoc index 33ad93c49..5fb0e2332 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-custom-flex-getting-started.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-custom-flex-getting-started.adoc @@ -2,7 +2,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] -:page-aliases: policies::policies-custom-flex-getting-started.adoc include::partial$pdk-banner.adoc[tag=pdk] diff --git a/gateway/1.12/modules/ROOT/pages/policies-custom-flex-implement-rust.adoc b/gateway/1.12/modules/ROOT/pages/policies-custom-flex-implement-rust.adoc index 0dba5d7fb..0946d10d7 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-custom-flex-implement-rust.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-custom-flex-implement-rust.adoc @@ -2,7 +2,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] -:page-aliases: policies::policies-custom-flex-implement-rust.adoc include::partial$pdk-banner.adoc[tag="pdk"] diff --git a/gateway/1.12/modules/ROOT/pages/policies-custom-overview.adoc b/gateway/1.12/modules/ROOT/pages/policies-custom-overview.adoc index 7f87ffd02..79a625de7 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-custom-overview.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-custom-overview.adoc @@ -2,7 +2,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] -:page-aliases: api-manager::change-custom-policy-mule3.adoc, api-manager::policies-custom-landing-page.adoc, api-manager::policies-custom-overview.adoc, policies::policies-custom-overview.adoc include::partial$pdk-banner.adoc[tag="pdk"] diff --git a/gateway/1.12/modules/ROOT/pages/policies-flex-dataweave-support.adoc b/gateway/1.12/modules/ROOT/pages/policies-flex-dataweave-support.adoc index c852a36a7..50e618d3d 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-flex-dataweave-support.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-flex-dataweave-support.adoc @@ -2,7 +2,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] -:page-aliases: policies::policies-flex-dataweave-support.adoc xref:dataweave::index.adoc[DataWeave] is the programming language designed by MuleSoft for data transformation. It enables you to build a simple solution for a common integration developer use case: read and parse data from one format, transform the data, and write it out as a different format. diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-basic-auth-ldap.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-basic-auth-ldap.adoc index 2b2a007c5..5b2a8f7bd 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-basic-auth-ldap.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-basic-auth-ldap.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: basic authentication, ldap, api gateway, flex gateway, gateway, policy -:page-aliases: api-manager::basic-authentication-ldap-concept.adoc, policies::policies-included-basic-auth-ldap.adoc [width="100%", cols="5,15"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-basic-auth-simple.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-basic-auth-simple.adoc index 7f7e8e8f6..f70e16811 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-basic-auth-simple.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-basic-auth-simple.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: basic authentication, api gateway, flex gateway, gateway, policy -:page-aliases: api-manager::basic-authentication-simple-concept.adoc, api-manager::basic-authentication-concept.adoc, api-manager::http-basic-authentication-policy.adoc, policies::policies-included-basic-auth-simple.adoc [width="100%", cols="5,15"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-client-id-enforcement.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-client-id-enforcement.adoc index 3c3dc966b..f19989bad 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-client-id-enforcement.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-client-id-enforcement.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: clientid enforcement, api gateway, flex gateway, gateway, policy -:page-aliases: api-manager::client-id-based-policies.adoc, policies::policies-included-client-id-enforcement.adoc [width="100%", cols="5,15"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-cors.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-cors.adoc index bd73a8eb6..610572214 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-cors.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-cors.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: cross origin resource sharing, cors, api gateway, flex gateway, gateway, policy -:page-aliases: api-manager::cors-policy.adoc, api-manager::avoid-restrictions-task.adoc, api-manager::cors-mule4.adoc, api-manager::cors-reference.adoc, policies::policies-included-cors.adoc [%autowidth.spread,cols="a,a"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-header-injection.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-header-injection.adoc index 0447f9078..dfba785ec 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-header-injection.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-header-injection.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: header injection, api gateway, flex gateway, gateway, policy -:page-aliases: api-manager::header-injection-policy.adoc, general::header-inject-remove-task.adoc, policies::policies-included-header-injection.adoc [width="100%", cols="5,15"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-header-removal.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-header-removal.adoc index b877879c3..fd0868f14 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-header-removal.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-header-removal.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: header removal, api gateway, flex gateway, gateway, policy -:page-aliases: api-manager::header-removal-policy.adoc, policies::policies-included-header-removal.adoc [width="100%", cols="5,15"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-health-check.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-health-check.adoc index 066d72f48..1340b89a6 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-health-check.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-health-check.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: health check, api gateway, flex gateway, gateway, policy -:page-aliases: policies::policies-included-health-check.adoc [width="100%", cols="5,15"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-http-caching.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-http-caching.adoc index b5088b26c..2b6fbdca1 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-http-caching.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-http-caching.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: http caching, api gateway, flex gateway, gateway, policy -:page-aliases: api-manager::http-caching-policy.adoc, policies::policies-included-http-caching.adoc [width="100%", cols="5,15"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-ip-allowlist.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-ip-allowlist.adoc index aa582ea17..b6df1d004 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-ip-allowlist.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-ip-allowlist.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: ip, allowlist, validation, api gateway, flex gateway, gateway, policy -:page-aliases: api-manager::ip-allowlist.adoc, policies::policies-included-ip-allowlist.adoc [width="100%", cols="5,15"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-ip-blocklist.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-ip-blocklist.adoc index 744e8e760..53b388d55 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-ip-blocklist.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-ip-blocklist.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: ip, blocklist, validation, api gateway, flex gateway, gateway, policy -:page-aliases: api-manager::ip-blocklist.adoc, policies::policies-included-ip-blocklist.adoc [width="100%", cols="5,15"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-json-threat-protection.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-json-threat-protection.adoc index 71aba2dd8..ebc775e6f 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-json-threat-protection.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-json-threat-protection.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: json threat protection, api gateway, flex gateway, gateway, policy -:page-aliases: api-manager::apply-configure-json-threat-task.adoc, policies::policies-included-json-threat-protection.adoc [width="100%", cols="5,15"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-jwt-validation.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-jwt-validation.adoc index 80294de2e..64d96aee6 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-jwt-validation.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-jwt-validation.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: jwt validation, api gateway, flex gateway, gateway, policy -:page-aliases: api-manager::policy-mule4-jwt-validation.adoc, policies::policies-included-jwt-validation.adoc [%autowidth.spread,cols="a,a"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-message-logging.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-message-logging.adoc index 4cde6ffa0..7a390d3f5 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-message-logging.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-message-logging.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: message logging, api gateway, flex gateway, gateway, policy -:page-aliases: api-manager::message-logging-policy.adoc, policies::policies-included-message-logging.adoc [width="100%", cols="5,15"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-oauth-token-introspection.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-oauth-token-introspection.adoc index fdbcb58cc..a40b04432 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-oauth-token-introspection.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-oauth-token-introspection.adoc @@ -3,7 +3,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] :keywords: oauth, token, validation, introspection, policy -:page-aliases: policies::policies-included-oauth-token-introspection.adoc [width="100%", cols="5,15"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-openid-token-enforcement.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-openid-token-enforcement.adoc index 79609057b..f1eef7e98 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-openid-token-enforcement.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-openid-token-enforcement.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: open, id, oauth 2.0, token, enforcement, api gateway, flex gateway, gateway, policy -:page-aliases: api-manager::policy-openid-connect.adoc, policies::policies-included-openid-token-enforcement.adoc [width="100%", cols="5,15"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-rate-limiting-sla.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-rate-limiting-sla.adoc index dc16a80d7..7cc679062 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-rate-limiting-sla.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-rate-limiting-sla.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: rate-limiting sla, api gateway, flex gateway, gateway, policy -:page-aliases: api-manager::rate-limiting-sla-policy.adoc, api-manager::rate-limiting-and-throttling-sla-based-policies.adoc, api-manager::tutorial-manage-an-api.adoc, policies::policies-included-rate-limiting-sla.adoc [%autowidth.spread,cols="a,a"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-rate-limiting.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-rate-limiting.adoc index 1747aa603..e4002bffd 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-rate-limiting.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-rate-limiting.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: rate limiting, api gateway, flex gateway, gateway, policy -:page-aliases: api-manager::rate-limiting.adoc, api-manager::rate-limiting-and-throttling.adoc, api-manager::to-configure-provider-multiple-workers.adoc, policies::policies-included-rate-limiting.adoc [%autowidth.spread,cols="a,a"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-schema-validation.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-schema-validation.adoc index 50150eade..00446d6e1 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-schema-validation.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-schema-validation.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: oas3, schema validation, api gateway, flex gateway, gateway, policy -:page-aliases: policies::policies-included-schema-validation.adoc [width="100%", cols="5,15"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-spike-control.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-spike-control.adoc index 8ecc91cac..c6427d3f1 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-spike-control.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-spike-control.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: spike control, api gateway, flex gateway, gateway, policy -:page-aliases: api-manager::spike-control-reference.adoc, policies::policies-included-spike-control.adoc [%autowidth.spread,cols="a,a"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-tls-outbound.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-tls-outbound.adoc index f990f962e..75e892f45 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-tls-outbound.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-tls-outbound.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: tls, mtls, transport layer security, outbound tls, api gateway, flex gateway, gateway, policy -:page-aliases: policies::policies-included-tls-outbound.adoc [%autowidth.spread,cols="a,a"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-included-tls.adoc b/gateway/1.12/modules/ROOT/pages/policies-included-tls.adoc index 9e61af437..8dcbf3dea 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-included-tls.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-included-tls.adoc @@ -4,7 +4,6 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images :keywords: tls, mtls, transport layer security, inbound tls, api gateway, flex gateway, gateway, policy -:page-aliases: policies::policies-included-tls.adoc [%autowidth.spread,cols="a,a"] |=== diff --git a/gateway/1.12/modules/ROOT/pages/policies-reorder.adoc b/gateway/1.12/modules/ROOT/pages/policies-reorder.adoc index f56c60960..4615ea548 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-reorder.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-reorder.adoc @@ -2,7 +2,7 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] -:page-aliases: api-manager::re-order-policies-task.adoc, policies-included-reorder.adoc, policies::policies-included-reorder.adoc, policies::policies-reorder.adoc +:page-aliases: policies-included-reorder.adoc To execute certain policies before others, configure the order of execution of included and custom policies. diff --git a/gateway/1.12/modules/ROOT/pages/policies-resource-level-overview.adoc b/gateway/1.12/modules/ROOT/pages/policies-resource-level-overview.adoc index 79a593224..5901e9322 100644 --- a/gateway/1.12/modules/ROOT/pages/policies-resource-level-overview.adoc +++ b/gateway/1.12/modules/ROOT/pages/policies-resource-level-overview.adoc @@ -3,7 +3,6 @@ ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] :keywords: policy, custom, ootb, offline, resource level -:page-aliases: api-manager::policies-policy-level.adoc, api-manager::resource-level-policies-about.adoc, api-manager::resource-level-policy-reference.adoc, policies::policies-resource-level-overview.adoc Unless otherwise configured, policies are by default applied to the entire API. However, you can implement an additional level of policy granularity, one in which access is controlled based on a criteria. Policies with this granularity are called _resource-level policies_. diff --git a/gateway/1.13/antora.yml b/gateway/1.13/antora.yml new file mode 100644 index 000000000..7033c2811 --- /dev/null +++ b/gateway/1.13/antora.yml @@ -0,0 +1,12 @@ +name: gateway +title: 'Omni Gateway' +version: '1.13' +display_version: '1.13' +asciidoc: + attributes: + gateway-ver-var: latest + fluentbit-ver-var: v3.2.10 + image-owner-lc: mulesoft + gateway-api-max: 1,000 +nav: +- modules/ROOT/nav.adoc diff --git a/gateway/1.13/modules/ROOT/_attributes.adoc b/gateway/1.13/modules/ROOT/_attributes.adoc new file mode 100644 index 000000000..cb0860e63 --- /dev/null +++ b/gateway/1.13/modules/ROOT/_attributes.adoc @@ -0,0 +1,4 @@ +:attachmentsdir: {moduledir}/assets/attachments +:partialsdir: {moduledir}/pages/_partials +:imagesdir: {moduledir}/assets/images +:examplesdir: {moduledir}/examples \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-egress-deployment.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-egress-deployment.graffle new file mode 100644 index 000000000..780878797 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-egress-deployment.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-external-non-org-mtls.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-external-non-org-mtls.graffle new file mode 100644 index 000000000..f2826961a Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-external-non-org-mtls.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-external-org-mtls.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-external-org-mtls.graffle new file mode 100644 index 000000000..1b6662385 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-external-org-mtls.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-ingress-deployment.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-ingress-deployment.graffle new file mode 100644 index 000000000..44226be09 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-ingress-deployment.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-intergration-use-cases.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-intergration-use-cases.graffle new file mode 100644 index 000000000..44d3c5502 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-intergration-use-cases.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-internal-org-mtls.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-internal-org-mtls.graffle new file mode 100644 index 000000000..2c21644da Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-internal-org-mtls.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-sidecar-deployment.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-sidecar-deployment.graffle new file mode 100644 index 000000000..0930b0d5e Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-sidecar-deployment.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-standalone-deployment.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-standalone-deployment.graffle new file mode 100644 index 000000000..bb2c18f2b --- /dev/null +++ b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-standalone-deployment.graffle @@ -0,0 +1,20346 @@ + + + + + !Preview + + data + + /9j/4AAQSkZJRgABAQAASABIAAD/4QBARXhpZgAATU0AKgAAAAgAAYdpAAQA + AAABAAAAGgAAAAAAAqACAAQAAAABAAAIAKADAAQAAAABAAAF3gAAAAD/4g/w + SUNDX1BST0ZJTEUAAQEAAA/gYXBwbAIQAABtbnRyUkdCIFhZWiAH6gAEAA4A + DwAHABdhY3NwQVBQTAAAAABBUFBMAAAAAAAAAAAAAAAAAAAAAAAA9tYAAQAA + AADTLWFwcGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAABFkZXNjAAABUAAAAGJkc2NtAAABtAAABLxjcHJ0AAAGcAAA + ACN3dHB0AAAGlAAAABRyWFlaAAAGqAAAABRnWFlaAAAGvAAAABRiWFlaAAAG + 0AAAABRyVFJDAAAG5AAACAxhYXJnAAAO8AAAACB2Y2d0AAAPEAAAADBuZGlu + AAAPQAAAAD5tbW9kAAAPgAAAACh2Y2dwAAAPqAAAADhiVFJDAAAG5AAACAxn + VFJDAAAG5AAACAxhYWJnAAAO8AAAACBhYWdnAAAO8AAAACBkZXNjAAAAAAAA + AAhEaXNwbGF5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + bWx1YwAAAAAAAAAnAAAADGhySFIAAAAUAAAB5GtvS1IAAAAMAAAB+G5iTk8A + AAASAAACBGlkAAAAAAASAAACFmh1SFUAAAAUAAACKGNzQ1oAAAAWAAACPHNs + U0kAAAAUAAACUmRhREsAAAAcAAACZm5sTkwAAAAWAAACgmZpRkkAAAAQAAAC + mGl0SVQAAAAYAAACqGVzRVMAAAAWAAACwHJvUk8AAAASAAAC1mZyQ0EAAAAW + AAAC6GFyAAAAAAAUAAAC/nVrVUEAAAAcAAADEmhlSUwAAAAWAAADLnpoVFcA + AAAKAAADRHZpVk4AAAAOAAADTnNrU0sAAAAWAAADXHpoQ04AAAAKAAADRHJ1 + UlUAAAAkAAADcmVuR0IAAAAUAAADlmZyRlIAAAAWAAADqm1zAAAAAAASAAAD + wGhpSU4AAAASAAAD0nRoVEgAAAAMAAAD5GNhRVMAAAAYAAAD8GVuQVUAAAAU + AAADlmVzWEwAAAASAAAC1mRlREUAAAAQAAAECGVuVVMAAAASAAAEGHB0QlIA + AAAYAAAEKnBsUEwAAAASAAAEQmVsR1IAAAAiAAAEVHN2U0UAAAAQAAAEdnRy + VFIAAAAUAAAEhnB0UFQAAAAWAAAEmmphSlAAAAAMAAAEsABMAEMARAAgAHUA + IABiAG8AagBpzuy37AAgAEwAQwBEAEYAYQByAGcAZQAtAEwAQwBEAEwAQwBE + ACAAVwBhAHIAbgBhAFMAegDtAG4AZQBzACAATABDAEQAQgBhAHIAZQB2AG4A + /QAgAEwAQwBEAEIAYQByAHYAbgBpACAATABDAEQATABDAEQALQBmAGEAcgB2 + AGUAcwBrAOYAcgBtAEsAbABlAHUAcgBlAG4ALQBMAEMARABWAOQAcgBpAC0A + TABDAEQATABDAEQAIABhACAAYwBvAGwAbwByAGkATABDAEQAIABhACAAYwBv + AGwAbwByAEwAQwBEACAAYwBvAGwAbwByAEEAQwBMACAAYwBvAHUAbABlAHUA + ciAPAEwAQwBEACAGRQZEBkgGRgYpBBoEPgQ7BEwEPgRABD4EMgQ4BDkAIABM + AEMARCAPAEwAQwBEACAF5gXRBeIF1QXgBdlfaYJyAEwAQwBEAEwAQwBEACAA + TQDgAHUARgBhAHIAZQBiAG4A/QAgAEwAQwBEBCYEMgQ1BEIEPQQ+BDkAIAQW + BBoALQQ0BDgEQQQ/BDsENQQ5AEMAbwBsAG8AdQByACAATABDAEQATABDAEQA + IABjAG8AdQBsAGUAdQByAFcAYQByAG4AYQAgAEwAQwBECTAJAgkXCUAJKAAg + AEwAQwBEAEwAQwBEACAOKg41AEwAQwBEACAAZQBuACAAYwBvAGwAbwByAEYA + YQByAGIALQBMAEMARABDAG8AbABvAHIAIABMAEMARABMAEMARAAgAEMAbwBs + AG8AcgBpAGQAbwBLAG8AbABvAHIAIABMAEMARAOIA7MDxwPBA8kDvAO3ACAD + vwO4A8wDvQO3ACAATABDAEQARgDkAHIAZwAtAEwAQwBEAFIAZQBuAGsAbABp + ACAATABDAEQATABDAEQAIABhACAAYwBvAHIAZQBzMKsw6TD8AEwAQwBEdGV4 + dAAAAABDb3B5cmlnaHQgQXBwbGUgSW5jLiwgMjAyNgAAWFlaIAAAAAAAAPNR + AAEAAAABFsxYWVogAAAAAAAAg98AAD2/////u1hZWiAAAAAAAABKvwAAsTcA + AAq5WFlaIAAAAAAAACg4AAARCwAAyLljdXJ2AAAAAAAABAAAAAAFAAoADwAU + ABkAHgAjACgALQAyADYAOwBAAEUASgBPAFQAWQBeAGMAaABtAHIAdwB8AIEA + hgCLAJAAlQCaAJ8AowCoAK0AsgC3ALwAwQDGAMsA0ADVANsA4ADlAOsA8AD2 + APsBAQEHAQ0BEwEZAR8BJQErATIBOAE+AUUBTAFSAVkBYAFnAW4BdQF8AYMB + iwGSAZoBoQGpAbEBuQHBAckB0QHZAeEB6QHyAfoCAwIMAhQCHQImAi8COAJB + AksCVAJdAmcCcQJ6AoQCjgKYAqICrAK2AsECywLVAuAC6wL1AwADCwMWAyED + LQM4A0MDTwNaA2YDcgN+A4oDlgOiA64DugPHA9MD4APsA/kEBgQTBCAELQQ7 + BEgEVQRjBHEEfgSMBJoEqAS2BMQE0wThBPAE/gUNBRwFKwU6BUkFWAVnBXcF + hgWWBaYFtQXFBdUF5QX2BgYGFgYnBjcGSAZZBmoGewaMBp0GrwbABtEG4wb1 + BwcHGQcrBz0HTwdhB3QHhgeZB6wHvwfSB+UH+AgLCB8IMghGCFoIbgiCCJYI + qgi+CNII5wj7CRAJJQk6CU8JZAl5CY8JpAm6Cc8J5Qn7ChEKJwo9ClQKagqB + CpgKrgrFCtwK8wsLCyILOQtRC2kLgAuYC7ALyAvhC/kMEgwqDEMMXAx1DI4M + pwzADNkM8w0NDSYNQA1aDXQNjg2pDcMN3g34DhMOLg5JDmQOfw6bDrYO0g7u + DwkPJQ9BD14Peg+WD7MPzw/sEAkQJhBDEGEQfhCbELkQ1xD1ERMRMRFPEW0R + jBGqEckR6BIHEiYSRRJkEoQSoxLDEuMTAxMjE0MTYxODE6QTxRPlFAYUJxRJ + FGoUixStFM4U8BUSFTQVVhV4FZsVvRXgFgMWJhZJFmwWjxayFtYW+hcdF0EX + ZReJF64X0hf3GBsYQBhlGIoYrxjVGPoZIBlFGWsZkRm3Gd0aBBoqGlEadxqe + GsUa7BsUGzsbYxuKG7Ib2hwCHCocUhx7HKMczBz1HR4dRx1wHZkdwx3sHhYe + QB5qHpQevh7pHxMfPh9pH5Qfvx/qIBUgQSBsIJggxCDwIRwhSCF1IaEhziH7 + IiciVSKCIq8i3SMKIzgjZiOUI8Ij8CQfJE0kfCSrJNolCSU4JWgllyXHJfcm + JyZXJocmtyboJxgnSSd6J6sn3CgNKD8ocSiiKNQpBik4KWspnSnQKgIqNSpo + KpsqzysCKzYraSudK9EsBSw5LG4soizXLQwtQS12Last4S4WLkwugi63Lu4v + JC9aL5Evxy/+MDUwbDCkMNsxEjFKMYIxujHyMioyYzKbMtQzDTNGM38zuDPx + NCs0ZTSeNNg1EzVNNYc1wjX9Njc2cjauNuk3JDdgN5w31zgUOFA4jDjIOQU5 + Qjl/Obw5+To2OnQ6sjrvOy07azuqO+g8JzxlPKQ84z0iPWE9oT3gPiA+YD6g + PuA/IT9hP6I/4kAjQGRApkDnQSlBakGsQe5CMEJyQrVC90M6Q31DwEQDREdE + ikTORRJFVUWaRd5GIkZnRqtG8Ec1R3tHwEgFSEtIkUjXSR1JY0mpSfBKN0p9 + SsRLDEtTS5pL4kwqTHJMuk0CTUpNk03cTiVObk63TwBPSU+TT91QJ1BxULtR + BlFQUZtR5lIxUnxSx1MTU19TqlP2VEJUj1TbVShVdVXCVg9WXFapVvdXRFeS + V+BYL1h9WMtZGllpWbhaB1pWWqZa9VtFW5Vb5Vw1XIZc1l0nXXhdyV4aXmxe + vV8PX2Ffs2AFYFdgqmD8YU9homH1YklinGLwY0Njl2PrZEBklGTpZT1lkmXn + Zj1mkmboZz1nk2fpaD9olmjsaUNpmmnxakhqn2r3a09rp2v/bFdsr20IbWBt + uW4SbmtuxG8eb3hv0XArcIZw4HE6cZVx8HJLcqZzAXNdc7h0FHRwdMx1KHWF + deF2Pnabdvh3VnezeBF4bnjMeSp5iXnnekZ6pXsEe2N7wnwhfIF84X1BfaF+ + AX5ifsJ/I3+Ef+WAR4CogQqBa4HNgjCCkoL0g1eDuoQdhICE44VHhauGDoZy + hteHO4efiASIaYjOiTOJmYn+imSKyoswi5aL/IxjjMqNMY2Yjf+OZo7OjzaP + npAGkG6Q1pE/kaiSEZJ6kuOTTZO2lCCUipT0lV+VyZY0lp+XCpd1l+CYTJi4 + mSSZkJn8mmia1ZtCm6+cHJyJnPedZJ3SnkCerp8dn4uf+qBpoNihR6G2oiai + lqMGo3aj5qRWpMelOKWpphqmi6b9p26n4KhSqMSpN6mpqhyqj6sCq3Wr6axc + rNCtRK24ri2uoa8Wr4uwALB1sOqxYLHWskuywrM4s660JbSctRO1irYBtnm2 + 8Ldot+C4WbjRuUq5wro7urW7LrunvCG8m70VvY++Cr6Evv+/er/1wHDA7MFn + wePCX8Lbw1jD1MRRxM7FS8XIxkbGw8dBx7/IPci8yTrJuco4yrfLNsu2zDXM + tc01zbXONs62zzfPuNA50LrRPNG+0j/SwdNE08bUSdTL1U7V0dZV1tjXXNfg + 2GTY6Nls2fHadtr724DcBdyK3RDdlt4c3qLfKd+v4DbgveFE4cziU+Lb42Pj + 6+Rz5PzlhOYN5pbnH+ep6DLovOlG6dDqW+rl63Dr++yG7RHtnO4o7rTvQO/M + 8Fjw5fFy8f/yjPMZ86f0NPTC9VD13vZt9vv3ivgZ+Kj5OPnH+lf65/t3/Af8 + mP0p/br+S/7c/23//3BhcmEAAAAAAAMAAAACZmYAAPKnAAANWQAAE9AAAApb + dmNndAAAAAAAAAABAAEAAAAAAAAAAQAAAAEAAAAAAAAAAQAAAAEAAAAAAAAA + AQAAbmRpbgAAAAAAAAA2AACuFAAAUewAAEPXAACwpAAAJmYAAA9cAABQDQAA + VDkAAjMzAAIzMwACMzMAAAAAAAAAAG1tb2QAAAAAAAAGEAAAoF/9Ym1iAAAA + AAAAAAAAAAAAAAAAAAAAAAB2Y2dwAAAAAAADAAAAAmZmAAMAAAACZmYAAwAA + AAJmZgAAAAIzMzQAAAAAAjMzNAAAAAACMzM0AP/AABEIBd4IAAMBIgACEQED + EQH/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv/xAC1EAACAQMD + AgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQz + YnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdo + aWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6 + wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8/T19vf4+fr/xAAfAQAD + AQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv/xAC1EQACAQIEBAMEBwUEBAAB + AncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXx + FxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4 + eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfI + ycrS09TV1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2wBDAAICAgICAgMCAgMF + AwMDBQYFBQUFBggGBgYGBggKCAgICAgICgoKCgoKCgoMDAwMDAwODg4ODg8P + Dw8PDw8PDw//2wBDAQICAgQEBAcEBAcQCwkLEBAQEBAQEBAQEBAQEBAQEBAQ + EBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBD/3QAEAID/2gAMAwEA + AhEDEQA/AP38ooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigA + ooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACi + iigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKK + KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoooo + AKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigA + ooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACi + iigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKK + KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoooo + AKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigA + ooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACi + iigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKK + KACiiigAooooAKKKKACiiigAooooAKKKKAP/0P38ooooAKKKKACiiigAoooo + AKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigA + ooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACi + iigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKK + KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoooo + AKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigA + ooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACi + iigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKK + KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoooo + AKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigA + ooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACi + iigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKK + KAP/0f38ooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoooo + AKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigA + ooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACi + iigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKK + KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoooo + AKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigA + ooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACi + iigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKK + KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoooo + AKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigA + ooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACi + iigAooooAKKKKACiiigAooooAKKKKAP/0v3TkOtrqMMBuE3OjEYB28eo9adq + P9t29lLM9xHtUDOxSG69jUMuqQtqsE4ilwsbjGw7ufQU/VtVhuNOmhWKVSwH + LIQOo6mgC8kWulFIuIeQP4TVKwOtz/adlwn7uZ0O4E8jHT0HoKux61AEUeRP + wB/yzNZ2mapDB9r3RSt5lxI42oTgHHB9D7UASTHW01C3gNwm6RXIwDt4Hcd/ + an341yCzlle4jwq5OxSG/A1BcapC+qWs4ilAjVwQUOTkdhUup6tDPYTxLDMp + ZcZZCB+JoAtRR660SMLiLBAPKnNVLE63M9yEuE/dylTuBPI9PQVbh1mBYY1M + M/CgcRn0qhp2qwwyXhaKU+ZMzDahOAccH0NAElwdbS+tITcJul8zGAQvyjPz + Dv7VLejXIbSaVriPCKSdqkN+BqtdarC+pWUwilAi83IKEE7lxwO/vU+o6vDN + YzxLDMCyEZaMgfiaAJ4E114I3FxFhlB5Uk8jvVWzOtyzXSLcJmOTadwJGcdv + QVZttZgS2iQwzEqijiMkcCqVhqkMVxeO0UpEku4YQkjjv6GgCS5Otx3lpE1x + HmUvjAIXgZ+Yd/ap7tdcitZpWuIsIjE7VIPA7H1qpearDJf2MoilAiL5BQgn + K44HerN/rEEtlcRiGYF42GTGQOR3NAD7VNdktopFuIsMikblJPI7n1qvaHW5 + bm6jW4jzGwB3Akcj+Edqns9YgjtIIzDMSqKMiMkcDtVSy1SGK7vZDFKRI6kA + ISRgd/SgCS7OtxXNrG1xHmViBtBA6fxDvVi5TXI7aWRriLCoxO1SDwO3vVO+ + 1SGW7spBFKBG7EgoQTkdvWrd5rEElpPGIZgWRhkxkDkd6AEs11yW0hlW4iw6 + KRuUk8jufWobY63JeXcS3CZiKZyCV5GflHb3qWw1eCKygiMMxKIoyIyRwOxq + tZ6pDHf30pilIlKYAQkjC45HagCS8OtxTWqtcJmSTaNoIGcd/UVanj11IJHN + xFhVJ4Ug8DtVG/1SGWezZYpR5cu45Qgnjt6mrtzrMD28qCGYFkYcxnHIoAjs + Rrk1pDKtxHh1BG5SW/E1FbnW3v7qAXCbotmcglfmH8I7e9P07V4YbGCJoZmK + oBlYyR+BqC11SFNTvZjFKRKI8AISRtXHI7UASXx1uF7YPcJ+8lVRtBHJ9fUV + blj11YnY3EWACeFOaoajqkMz2hWKUeXMrHchGQM8D1NX5tZgaGRRDPypHMZ9 + KAK+n/25PZxSpcR4YZG9SW/E0yE62+oXEAuI9yKhOQdvPoO3vRperQwafBE0 + UzFVxlUJH4Go4NVhTVLqcxSkOqAAIcjA7jtQBJfnW4Ps++4j/eTIg2gjk56+ + o9RV1otdCkm4h4H901nanqkM32XbFKPLuI3O5CMgZ4Hv7VovrUBRh5E/IP8A + yzNAFTTv7buLKKZLiPawON6kt17mmxnW21GaAXEe5EUnIO3n0HrSaTqsNvp0 + MLRSsVB5VCR1PQ0yLVYV1WecxS4aNRjYd3HqKAJNQOtwJCXuE+aVFGwEcn19 + vWr/AJOvf8/EP/fBrM1XVIZ44AsUq7Zkb5kI6dh71pnW7fH+on/79mgChph1 + u5sYpo7iMq2cbwS3BI5NCnWzqT2/2hNwjDdDswT6etR6NqkNtpsMLRSsV3cq + hI5YnrQmqQjV5LjypdphC42Hd1z09KAJNROtwQo73EeC6r8gIOSf5Vf8nXv+ + fiH/AL4NZmrarDPboixSqRIjfMhA4Nan9t2//PCf/v2aAM/TDrdxZrKlxHgl + h84JbgkdaAdb/tM2/wBoj3CHd0OzG7HT196j0fVIbewSJopWIZjlUJHLE9aB + qkP9sm48qXb5AXGw7s7s5x6UASakdbt7bzHuExuUfICDyfWr/k69/wA/EP8A + 3wazNX1SG4s/LWKVTvQ5ZCBwa1P7bt/+eE//AH7NAGfpp1u4tzIlxGRuYfOC + TwaCdb/tMW/2hNxiLdDsxux09feo9J1WG3tDG0UrHe5yqEjk0HVYf7YW48qX + aICuNh3Z3Zzj0oAk1M63b2byvcRgAr9wENyQOtX/ACde/wCfiH/vg1maxqsN + xp8kSxSqSV5ZCBwwPWtT+27f/nhP/wB+zQBn6cdbnhdkuEIEjL84JOQe3tSO + dbGpR2/2hNzRluh24B7j1pmlarDBBIrRSsTK7fKhI5P86JNUhOrxXHlS4WJl + xsO7k+npQBJqZ1u2sZZnuI9q4zsBDckDg1eEWvY/4+If++DWdrGqQ3GmzQrF + KpbbyyEDhgeTWkNbt8D9xP8A9+zQBQ0863OkxS4j+SV1O8E8j09vSiU62uow + wG4j3OjEYB28eo9aj0vVIYEuA0Urb5nb5UJwD2PvRNqsLarbziKXCI4wUO45 + 9BQBNqP9twWUsz3EYVRzsUhuvY1bSLXSikXEPIH8Jqjq2qwz6fNCsUylgOWQ + gdR1NXo9agCKPIn4A/5ZmgClYHW5/tOy4T93M6HcCeRjp6D0FEx1tNQtoDcJ + ukDkYB28DuO/tUemapDAbvdFK3mTu42oTgHHB9D7UXGqQvqlpOIpQI1kBBQ5 + OR2HegCe/GuQWcsr3EeFXJ2qQ34GrEUeutEjC4iwVB5U56VV1PVoZ7CeJYZl + LLjLIQPxNWoNZgWGNTDPwoHEZ9KAKlkdbme5VbiP93KVO4E8j09BRcHW4760 + ha4j3S+ZjAIX5Rk7h39qj07VIYZLwtFKfMmZhhCcZA6+houtUhk1KxmEUoEX + m5BQgncuOB396ALN6NchtJpWuI8IpJ2qQ3Hoalt0114I3FxFhlB5Uk8jvUGo + 6vDNYzxLDMC6EZMZA/E1NbazAltEhhmJVFHEZI4FAFWzOtyz3SLcJmN9p3Ak + dO3oKW6Otx3lpE1wmZSwG0ELwM/MO/tUdhqkMVxeOYpSJJMjCEkcd/Si81SG + S/sZRFKBEzkgoQTlccDvQBbu11yK1mla4iwiMTtUg8DsfWltU1yS2hkW4iwy + KRuUk8jufWmX2rwS2VxEIZgXjYZMZA5Hc06z1iCOzgjMMxKxqMiMkcDtQBBa + nW5Lq6jW4TMbKDuBI5H8I7UXZ1uK4tY2uEzI5A2ggcD+L1FR2Wqwx3l7IYpS + JHUgBCSMDv6UX2qQy3dlIIpQI3JIKEE8dvWgC7cprsdtLI1xFhUYnCkHgdve + mWa65LaQyrcRYdFI3KSeR3PrS3esQSWk0YhmBZGGTGQOR3plhq8EVjBEYZiU + RRkRkjgdjQBHbHW5L27hW4TdEUzkEryM/KO3vReHW4ZbVGuI8ySbRtBAzjv6 + io7TVIY9QvpjFKRKY8AISRhccjtRqGqQyz2bLFKPLl3HKEE8dvU0AXp49dSG + RzcRYVSeFIPA7VFYjXJrOGVbiPDKCNykt+JqS41mB7eVBDMCysOYzjkVBpur + ww2EETQzEqgGVjJH4GgBsB1t7+6hFxHujCZyCV+Yfwjt70Xx1uFrYNcR/vJV + UbQRyfX1FR22qwpqd7MYpSJBHgBDkbR3HajUdVhme0KxSr5cysdyEZAzwPU0 + AaEseurG7G4iwATwpzVbT/7cns4pkuI9rDI3qS34mrE2tQNE6iGflSOYz6VU + 0vVoYNPgiaKZiq4yqEjr2NABCdbfULiAXCbkVCcg7efQfzovzrcAt99wnzzI + g2gjk56+o9RUcGqQpql1OYpSHVAAEORj1FGp6rDMLXbFKuyeNzuQjIGeB7+1 + AGi0WuhSftEPT+6ap6b/AG3cWUUyXEZVgcb1Jbr3NXX1u3KMPIn6H/lmaz9I + 1WG306GFopWKg8qhI6noaAHRnW21GWAXCblRScg7efQetGoHW4I4me4T5pUU + bARyfX29aji1SFdWnnMUuGjUY2Hdwe4o1XVIZ4oVWKVdsyN8yEdPT3oA0/J1 + 7/n4h/74NUNLOt3NjFNHcIVbd98EtwSOTV/+27f/AJ4T/wDfs1maNqkNtpsM + LRSsV3cqhI5YnrQBIp1s6m9v9oTcIg3Q7MZ9PWjUTrcECu9wgBdR8gIPJ/lU + aapCNYkuPKl2mELjYd3XPT0o1bVIZ7ZEWKVSJEPzIQODQBp+Tr3/AD8Q/wDf + Bqhph1u4tFlS4Qglh84Jbg461of23b/88J/+/ZrL0fVYbexWJopWIZjlUJHL + E9aAJM63/an2b7Qm7yd/Q7MbsdPX3o1I63b2pke4QDco+QEHk+tRjVYf7ZNx + 5Uu3yNmNh3Z3Zzj096NX1SG4szGsUqncpyyEDg+tAGn5Ovf8/EP/AHwaoaad + buLcyJcJjew+cEng/wAq0P7bt/8AnhP/AN+zWXpGqQ29qY2ilY73OVQkcmgC + QnW/7TW2+0JuMRbodmN2OnrRqZ1u3snlkuECgr9wENyQODUbapD/AGwtx5Uu + 0QFcbDuzuznHpRrOqQ3GnyQrFKpJXlkIHDA9aANPyde/5+If++DVDTjrc8Uj + JcR4WRl+cEnIPb2rQ/tu3/54T/8Afs1l6VqkMEMqtFK26V2+VCep/nQBI51s + alHbm4j3NGW6HbgHuPWjUzrdvYyzPcRhVxnYCG6joajk1WE6vFceVLhYmXGw + 7uT6elLrGqw3GnTQrFKpbHLIQPvA8mgDREWvEA/aIf8Avk1R0863OsxS4T5J + XU7wTyPT29KvLrdvgfuJ/wDv2azdL1SGBLgNFK2+d2+VCcA9j70ASSnW11GG + A3CbnRiMA7ePUetO1H+24LKWZ7iMKoydikN17GoZtUhbVbecRSgIjjBQ7jn0 + FP1XVoZ9PmhWKZSwxlkIHXuaALyRa6UUi4h5A6qapWB1uY3Oy4T93MyHcCeR + jp6D0FXI9agEajyJ+AP+WZrP03VYYTd7opW8yd3G1CcA44PofagCSY62l/bQ + G4TdIHIwDt4Hcd/apL8a5DZyyvcR4VcnapDfgar3GqwvqdpMIpQI1kBBQ5OR + 2HepdT1aGawniWGZSy4yyED8TQBahj114kYXEWCoPKnPSqdkdbmkuVW4T93K + VO4EjI9PQVbg1mBII1MM5woHEZ9Ko6dqkMMt4zRSnzJiw2oTjI7+hoAkuDrc + d9aQtcR7pfMxgEL8q5O4d/apb1dchtJpWuI8IpJ2qQePQ1WutUhfUrGYRSgR + ebkFCCdy44Hf3qfUNXhmsZ4lhmBdGGTGQOR3NAE1umuvBG4uIsMoPKknkd6r + WZ1uWe6RbiPMb4O4Ejp29BVi11mBLaFDDMSqKOIyRwKp2GqwxXN45ilIkkyM + ISRx39KAJLo63Hd2kTXCZlLAbQQOBn5h3qe7XXIrWaVriLCIxO1SDwOx9aqX + mqQyX1lKIpQImckFCCcjsO9Wb7WIJbK4jEMwLxsMmMgDI7mgB9qmuSWsMi3E + WHRSNyknkdz61XtTrct1dRrcJmJlB3Akcj+EdqmstYgis4IzDMSkajIjJHA7 + VVstUhivL2QxSkSspACEkYHcdqAJLs63FcWsbXEeZHIG0EDp39RVm5TXY7eW + RriLCoxOFIPA7e9Ur7VYZbqycRSgRuSQUIJ47etXLvWIJLWaMQzAsjDJjIHI + 70ANs11yW0hlW4iw6AjcpJ5Hc+tQ2x1uS9u4VuI90RTOQSvIz8o7e9SWGrwR + WMERhmJRFGRGSOB2NV7TVYY9QvpjFKRKY8AISRhccjtQBJenW4ZbZWuEzJIF + G0EDOO/qKtTR66kMjm4iwqk8Kc8DtVHUNUhmms2WKUeXKGOUIzx29TV641mB + 7eVBDMNysOYzjkUAQ2I1yazhlS4jwygjcpLfiajgOtvf3UAuE3RhM5BK8jsO + 3vTtN1aGGwgiaGZiqgZVCR+BqG21WFNTvJjFKRII8AIcjA7jtQBJfHW4Wtg9 + wn7yVVG0EcnPX1HtVySLXVjZjcRYAPRTms/UtUhma0KxSr5c6sdyEZAzwPU1 + oS61A0TqIJ+VI/1Z9KAK2n/25PZRTJcR7WGRvUlvxNMiOttqE8AuE3Iqk5B2 + 8+g7UaXq0MGnwRNFMxVcZVCR17Go4NUhXVbmcxSkOiAAIdwx6igCS/OtwC3L + 3EfzzIg2gjk+vqPUVeaLXQpP2iHgf3TWbqmqQzi12xSrsnjc7kIyBnge9aT6 + 1AVI8ifof+WZoApab/bdxZRTJcR7WBxvBLdT1NJGdbbUZbcXEe5UVjkHbgns + PWm6RqsNvp0MLRSsVB5VCR1PQ02LVYRq00/lS4aNVxsO7g9xQBJqB1uCOJnu + E+aRFGwEHJ9fb1q/5Ovf8/EP/fBrM1XVYZ4oVWKVdsyN8yEdD2961P7bt/8A + nhP/AN+zQBn6WdbubGOaO4Qq2774JbgkcmhTrZ1N7f7Qm4RBuh2Yzjp61Ho2 + qQ22nRQtFKxXdyqEjlietC6pCNYe48qXaYQuNh3Z3Z6elAEmonW7eBXe4TBd + R8gIPJ/lV/yde/5+If8Avg1matqkM9siLFKpEiH5kIHBrU/tu3/54T/9+zQB + n6adbuLQSpcIQSw+cEng460Z1v8AtT7N9oj3eTv6HZjdjp6+9R6RqkNvZLE0 + UrEMxyqEjlietH9qQ/2z9p8qXb9n2Y2HdnfnOPT3oAk1I63b2pke4jxuUfIC + Dycdav8Ak69/z8Q/98GszV9VhuLIxrFKp3KcshA4IPWtT+27f/nhP/37NAGf + pp1u4tzIlxHjew+cEng/yoY62NTW3+0R7jEW6HZjOOnrUek6rDBalGilY73O + VQkcmhtUhOsJceVLtEJXGw7s7s5x6UASaodbtrKSaS4QKu37gIbkgcGr/k69 + /wA/EP8A3wazNZ1SG506WFYpVLFeWQgcMD1rU/tu3/54T/8Afs0AZ+nHW54p + GS4QhZGX5wScg9vahzrY1KK3Nwm5o2YYB24B7j1qPStVhghlVopW3Su3yoT1 + P86JNVhOrQ3HlS4WJlxsO7k+npQBLqX9t29jLM9xGFXGdgIbqOhq6ItewP8A + SIf++TWdq+qw3GnTQrFKpYDlkIHUdTWiut2+0fuJ/wDv2aAKNgdbnWcpcR/J + K6neCeR6e3oKJTra6hBAbhNzqxGAdvHqKj0vVIYFuQ0Urb53YbUJwD2PvRNq + kLarbTiKUBEcYKHcc+goAm1D+3ILKWZ7iPaoydikN17GrUcWusikXEPIHVTV + PVdWhn0+eFYplLDGWQgde5q5FrUCxoPIn4A/5ZmgCnYnW5jchLiP93MyncCe + Rjp6D2onOtpf20BuI90gfGAQvA7jv7VHpuqwwtd7opW8yd2G1CcA44PoaLnV + YX1OzmEUoEYkyChycjsO9AFi/GuQ2csr3EeFUk7VIb8DU8MeuvEjC4iwVB5U + 56VW1PVoZrCeJYZlLKRlkIH4mrEGswLBGphnOFA4jOOlAFWyOtzSXKrcJmOQ + qdwJGfb0FFwdbjvrSFrhN0u/GAQvyjPzDv7VHp+qQwzXjNFKfMlLDCE447+h + ou9Uhk1GxmEUoEXmZBQgncuOB396ALV6uuQ2k0rXEeEUk7VIPHoafbprslvE + 63EWGVSMqSeR3qHUNXhmsZ4lhmBdGGTGQOR3NS2usQR2sKGGYlUUZEZI4FAF + e0Otyz3SLcR5jcA7gSOnb0FF0dbju7WJriPMrMBtBA4GfmHeo7HVIYrm8cxS + kSSAjCEkcd/Si81SGS9spRFKBEzkgoQTkY4HegC3drrkVrNI1xFhEYnapB4H + Y+tLarrktrDItxFh0UjcpJ5Hc+tNvtYglsriMQzAvG4yYyAMg9TRZaxBFZwR + mGYlI1GRGSOAOhoAhtTrcl3dxLcJmJlB3Akcj+EdqS8OtxXFqjXCZkcgbQQO + n8XqKZZapDHe3spilIlZSAEJIwO47UX2qQy3Vk4ilAjkJOUIJ47etAF24TXY + 7eV2uIsKrE4Ug8DtTLNdcmtIZVuI8OoI3KSeR3NOutYgktZkEMwLIwyYyByK + j0/V4IrGCIwzEoijIjJHA7GgCO3OtyXt3Ctwm6LZnIJX5hn5R296L063FJbK + 1xHmSQKNoIGcd/UVHaarDHqN9MYpSJfLwAhJG1ccjt7UahqsMs1myxSjy5Qx + yhGeO3qaAL80eupC7m4iwqk8Kc8DtUFgNcms4pUuI8MoI3KS34mprjWYHgkQ + QzDcpHMZxyKr6bq0MNhBE0MzFVAyqEj8DQA2A629/cwC4TdGEzkEryOw7e9F + 8dbha2D3CfvJlUbQRyfX1HtUdtqkKaneTmKUiQR4AQ5GB3HajUtUhma0KxSr + 5c6MdyEZAzwPU0AaEkWuqjE3EPAPRTVXT/7cnsopkuI9rDI3qS3XuatS61A0 + bjyJ+Qf+WZqnpWrQwafBC0UzFRjKoSOvY0AER1ttQngFxHuRVJyDt59B2o1A + 63AsBe4T55kUbARyfX29RUcGqQrqtzOYpSHRAAEO4Y9RRqmqQzrbBYpV2Tox + 3IRkDPA96ANJotdCk/aIf++TVLTTrdxYxTJcR7WzjeCW6nqautrduVI8ifp/ + zzNZ2karDb6dDC0UrFQeVQkdT0NAD0OtnUpbcXCbljVjkHbgnsPWjUDrcEcb + PcR4aRF+QEHJPf29ajj1SEatNceVLtaJVxsO7g+npRquqwzwxKsUq7ZUb5kI + 6H+dAGn5Ovf8/EP/AHwaoaYdbuLKOaO4Qq2774JbgkcmtD+27f8A54T/APfs + 1l6PqsNvp0ULRSsV3cqhI5YnrQBIp1s6m1v9oTcIg3Q7MZx09aNSOtwQK73C + AF1HyAg8n+VRrqsI1h7jypdphC42HdndnOPSjVtUhntlRYpVIkQ/MhA4NAGn + 5Ovf8/EP/fBqhph1u4tBKlwhG5h84JPB9a0P7bt/+eE//fs1l6PqkNvZCJop + WIZjlUJHJPegCTOt/wBqfZvtEe7yd/Q7MbsdPX3o1I63b2hle4jwGUfICDyc + daj/ALUh/tn7T5Uu37PsxsO7O/OcenvRq+qQ3Fk0SxSqSynLIQOCD1oA0/J1 + 7/n4h/74NUNOOt3EDOlwmA7D5wSeD/KtD+27f/nhP/37NZek6pDBbMjRSsTI + 5+VCRyaAJGOtjU0t/tCbjEW6HZjOOnrRqZ1u3sZJpLhAq7fuAq3JA4NRtqkJ + 1hLjypdohK42Hd97OcelGsarDcadLCsUqltvLIQOGB60Aafk69/z8Q/98GqG + nnW545WS4TCyMp3gk5Hp7Vof23b/APPCf/v2ay9K1SGCGZWilbdK7fKhPU/z + oAkkOtrqMVubiPcyMwwDt4PcetLqX9t29jLM9xGFUDOwEN1HQ1FLqsJ1aGfy + pcLGy42Hdyewp2r6rDcadNCsUqlgOWQgdR1NAGgsWvFQftEP/fJqjYHW5xOU + uI/kmdTvBPI9PQegq8ut24UDyJ+n/PM1m6ZqsMK3O6KVt88jDahOAccH3oAk + lOtrqEEBuI9zqxGAdvHqO9P1D+3ILKWZ7iPaoydikN+BqCfVIW1W2nEUoCI4 + IKHcc+gqTVdWhn0+eFYplLDGWQgde5oAuRx660asLiHBAPKnNU7E63M1yEuE + /dysp3AnkY6eg9quRa1AsSKYJ+FA/wBWfSs/TdUhha7LRSt5k7sNqE4BxwfQ + 0ASTnW0v7aA3CbpA+MAheB3Hf2qS+GuQ2csr3EeFUk7VIb8DVe51SF9Ts5xF + KBGJMgocnI7DvU2patDNYTxLDMpZSMshA/E0AWYY9deGNxcRYZQeVOeR3qpZ + HW5ZblVuEzHIVO4EjOO3oKtW+swJBGphmOFA4jOOlUdP1WGKa8ZopT5kpYYQ + nHHf0NAElydbjvbSFrhN0u/GAQvAz8w7+1TXi65DaTStcR4RSTtUg8Dsaq3e + qQyajYzCKUCIyZBQgnK44HerGoavDLYzxLDMC6MMmMgcjuaAJbZNdkt4pFuI + sMqkZUk8jvVWzOty3F0i3CZjcA7gSOn8PoKs2msQR2sMZhmJVFGRGSOB2qnY + 6pDFdXrmKUiSQEAISRx39KAJLo63HdWsbXEeZWYDaCBwM/MO9WLpNcjtZpGu + IsIjE7VIPA7H1qne6rDJe2UgilAjZiQUIJyMcDvVq91iCWznjEMwLxsMmMgc + jvQAtouuS2sMi3EWHRSNyknkdz61BanW5Lu6iW4TMRUHcCRyM/KO1TWOsQRW + VvGYZiUjQZEZIOAOhqrZ6pDHe3spilIlZCAEJIwuOR2oAkvDrcU9qjXCZkfA + 2ggdO/qKs3Ca7Hbyu1xFhVYnCkHgdqpX+qQy3Nk4ilAjkJOUIJ47etXLrWIJ + LWZBDMCyMMmMgcigBtkuuTWkMq3EeHUEblJPPqahtzrcl9dwrcJui8vOQSvI + z8o7e9P0/V4YbGCJoZiURRkRkjgdjUFpqkMeo30xilIl8vACEkbVxyO3tQBJ + enW4ZLZWuE/eSBRtBAz7+oq3NHrqROxuIsBSeFOelUNQ1WGaWzZYpR5cwY5Q + jPHb1NXp9ZgaCRRDOMqRzGcdKAIbAa5NZxSpcR4ZQRuUlvxNRwHW3v7mAXEe + 6MITkEryOw7e9O0zVoYbCCJoZmKqBlUJH4GobfVIU1O7nMUpEixgAIcjA7jt + QBJfnW4DbB7iP95MqDaCOTnr6j2q5JFrqoxNxDwD0U1n6nqkMxtNsUq+XOjn + chGQM8D1NaEutQNG48ifkH/lmaAKunf23PZRTJcRlWGRvUluvc02I622ozwC + 4TciKTkHbz6D1pNK1aGDT4YWimYqMZVCR17GmQ6rCuq3E5ilIdEGAh3DHqKA + JL863AsBe4j+eVFGwEcn19vUVeMWvAE/aIf++DWbqmqwzrbBYpRsnRjuQjIH + Ye9aTa3b7T+4n/79mgClpn9t3FjFMlxGVbON4JbqeppEOtnUpLcXCbljDcg7 + cE9h60zSNVht9OhhaKVioPKoSOp6Gkj1SEavNceVLholXGw7uD6elAEmonW4 + Io2e4TDSKvyAg5J7+1X/ACde/wCfiH/vg1marqkM8MSrFKu2VG+ZCOh/nWp/ + bdv/AM8J/wDv2aAM/TDrdxZJMlxHtJb74JbgkcmgHWzqbW/2iPcIg3Q7MZx0 + 9aj0fVYbfT44WilYqW5VCRyxPWhdVh/thrjypdphC42HdndnOPSgCTUjrdvb + iR7iPG9R8gIPJ/lV/wAnXv8An4h/74NZmrarDPahFilU70OWQgcGtT+27f8A + 54T/APfs0AZ+mnW7i1EkdwhG5h84JPB9aM63/an2b7Qm/wAnf0OzG7HT196j + 0jVIbezEbRSsdzHKoSOT60f2pD/bIufKl2+RsxsO7O7OcenvQBJqZ1u3tGlk + uEABUfICDycdav8Ak69/z8Q/98GszWNUhuLFolilUllOWQgcEd61P7bt/wDn + hP8A9+zQBn6cdbngZ0uI8B2Hzgk8H+VWIH1JNYSC7mV1MTNhQQOuOnrVPSdV + hgtnRopWJkc/KhI5NWILxLrXY3RHQeSy/Ou09c0AdLRRRQAUUUUAFFFFABRR + RQB//9P945/+Q5a/9cnp+u/8gm4+g/mKyJdH05dVgtli/dvGzEbm6jpznNP1 + bRtNttOmnhi2ugGDuY9x6mgDp4v9Un0FZGjf8v3/AF9S/wBKbHoGklFJhOSB + /G3+NZ2maPp1x9r86Ld5dxIi/MwwoxgcGgDTuv8AkN2P+5L/ACqfWv8AkFXP + +5WLcaPpyapa26xYjkVyw3Nzgcc5zUup6LptvYTzQxbXRcg7mP8AM0AdFb/8 + e8X+6v8AKszSP9bf/wDXw38hUUOg6U8MbNCSSoJ+dvT61Q07R9OnkuxLFkRT + Mi/MwwBj0NAGpe/8hjTfpN/6CKsav/yDLn/rm1Yd1o+nR6lZQJFiOXzdw3Nz + tXI71PqOiaZBYzzRRYdEJB3MeR9TQBu2f/HnB/1zX+VZ2lf8fWof9dv6VDba + FpUltFI8JLMik/O3Uj61SsNH06a4vEkiyIpNq/MwwMfWgDUv/wDkKab/AL0n + /oNW9T/5B11/1yf+RrAvNH06K/soUiwkxcMNzc4XI71Zv9D0yGyuJY4SHSNi + DuY8gfWgDZ0//jwtv+uSf+giqOm/8f8AqP8A10X/ANBqtZ6HpctpBLJCSzop + J3N1I571UstH06W7vYpIsrE6hRubgEZ9aANPUv8Aj/07/ro3/oNX9Q/48Ln/ + AK5P/wCgmudvtH06G7soo4sLK7BhubkAfWrd5oelxWk8scJDIjEHc3UDjvQB + qaX/AMg21/65J/Kqen/8hTUv96L/ANBqrYaHpk1lBLJCS7opJ3MOSPrVaz0f + Tpb++heLKQlNo3NxlcnvQBqap/x9af8A9dv6Vo3n/HpP/uN/Kuav9H06GezS + OLAll2t8zHIx7mrtzoWlR28rpCQyoxHzt1A+tAF/SP8AkGW3/XNarWX/ACGd + R+kP/oNU9O0TTJ7GCaWLLugJO5hyfoagtdH06TU723eLMcQj2jc3G5cnvQBp + 6v8A62w/6+E/rWpcf8e8v+638q5jUdH06B7QRRbRLMqN8zHKnPqavzaDpSQy + MsJyFJHzt6fWgC1ov/IKtv8Ad/rUVr/yGr3/AHIv5Vn6Xoum3GnwTTRbndck + 7mH8jUcGj6c+qXVu0WY41QqNzcEjnnOaANTWf+XH/r6i/rWtJ/q2+hrldT0f + Trf7L5MW3zLiNG+ZjlWzkcmtF9A0kIxEJyAf42/xoAm0L/kE2/0P8zTIP+Q5 + df8AXJKztJ0bTbnToZ5otzuDk7mHc+hpkWj6c2qz2zRfu0jVgNzdT15zmgDT + 1v8A1Nt/18R/zraPSuS1XR9Ot44Ghi2l5kQ/Mx4PXqa0z4f0n/nif++3/wAa + AF8Pf8ge3/4F/wChGiP/AJD8v/XBf/Qqy9G0fTrrTYZ54tztuydzDoxHY0Jo + +nHV5LYxfu1hDAbm6k465zQBqa5/x6xf9do/51s1yWraPp1tbo8MW1jIin5m + PBPPU1qf8I/pH/PA/wDfb/40AJ4f/wCQZH/vP/6EaUf8jA3/AF7D/wBDrL0f + R9OurBJp4tzlmGdzDoxHY0DR9O/tk2vlfuvID43N97djOc56UAaev/8AIP8A + +2if+hVtVyWr6Pp1tZ+bBFtbegzuY8E4PU1qf8I/pH/PA/8Afb/40AGg/wDH + if8ArpJ/6FQ3/IwL/wBex/8AQ6y9J0fTrm0Mk8W5t7jO5hwDgdDQdH07+2Ft + fK/dGAvjc33t2M5zmgDU8Qf8gqX6p/6EK2a5LWNH061sJJoItrqVwdzHqwHc + 1qf8I/pH/PA/99v/AI0AGh/8esv/AF2k/nSS/wDIeg/64N/OszStH065gkea + LcVldR8zDgHjoaJNH04avFbCL920TMRubqD65zQBqeIP+QRcf8B/9CFbA6Cu + U1jR9OtdNmngi2uu3B3MerAdzWkPD+k4H7k/99v/AI0AGif6q6/6+JP6Utx/ + yHLX/rlJWXpej6dcJcGaLcUmdB8zD5R06GibR9OXVbe2WLEbo5I3NyR05zmg + DX13/kE3P+6P5itOL/VJ9BXMato2m22nzTwxbXQDB3Me49TV6PQNJKKTCckD + +Nv8aAHaN1v/APr6k/pRd/8AIasf92X+VZmmaPp1wbvzYt3l3DovzMMKMYHB + ouNH05NUtLdYsRyrIWG5udo45zmgDa1r/kFXP+5V22/49ov9xf5Vzup6Lptv + YTzQxbXRcg7mP8zVqDQdKeGN2hJLKCfnbuPrQBLpP+uv/wDr4b+Qovf+Qxpv + /bb/ANBFZenaPp08l4ssWRFMyr8zDAAHoaLrR9Oj1KxgSLCTebuG5udq5Heg + Dd1b/kGXX/XNv5VPZ/8AHnB/1zX+VYWo6JpkFjPNFFh0QkHcx5H1NTW2haVJ + bRSPCSzIpJ3N1I+tAE2l/wDH3qH/AF2/pRqH/IT03/ek/wDQazLDR9OmuLxJ + IsrFJtX5mGBj60Xmj6dFf2MMcWEmZww3NzhcjvQBv6n/AMg66/65P/I07Tv+ + Qfbf9ck/9BFY99oemQ2VxLHCQ6RsQdzHkD60tloely2cEskJLPGpJ3N1I570 + AWtO/wCQhqP++n/oNGpf8f2nf9dG/wDQay7LR9OlvL2KSLKxOoUbmGARn1ov + tH06G7so44sLK5DDcxyAM+tAHRX/APx43P8A1zf/ANBNR6X/AMg21/65r/Ks + y70LS4rSaVISGRGIO5uoH1plhommTWME0kJLuikncw5I+tAFuw/5CupfWL/0 + GjVf+PnT/wDrsP5VmWmj6dLqF9A8WUhMe0bm43Lk96NQ0fToZ7NIosCWXa3z + McjHuaAOlu/+PWb/AHG/lVbSP+QZbf7gqhcaDpSW8rrCQyqxHzt1A+tQabom + mT2EE0sW53QEncw5/A0AXrP/AJDGo/SH/wBBNGr/AOssP+vlP5Gsu20fTpNT + vbd4sxxCPaNzcbhk980ajo+nQPaCKLaJZlRvmY5U545NAHUXH+ok/wB0/wAq + oaJ/yCrb/d/rVWbQdKWJ2WE5Ckj529PrVTS9F0240+CeaLc7rkncw7+xoAv2 + v/Ibvf8Acj/lS6z0sv8Ar6i/rWXBo+nPql1btFmONUKjc3BPXnOaNT0fTrcW + vkxbfMnjRvmY5U5yOTQB1b/cb6GsrQf+QTb/AEP/AKEajfQNJCMRCeh/jb/G + s/SdG02506GeeLc7g5O5h3PoaANKD/kO3P8A1yT+dJrn+pt/+viP+dZkWj6c + 2rT2xi/dpGrAbm6k885zRquj6dbxQtDFtLzIp+ZjwTz1NAHW1i+Hv+QPb/8A + A/8A0I0v/CP6R/zwP/fb/wCNZejaPp11psM88W523ZO5h0YjsaANOP8A5D8v + /Xuv/oVLrv8Ax6R/9dY/51lpo+nHWJLUxfulhDAbm6k465zRq2j6dbWyPDFt + YyIv3mPBPPU0AdbWNoH/ACDE/wB5/wD0I0f8I/pH/PA/99v/AI1l6Po+nXVi + s08W5yzDO5h0YjsaANQf8jCf+vX/ANnpNf8A+Qcf99P/AEIVmDR9O/tk2vlf + uvI343N97djOc56Uavo+nW1mZYItrblGdzHgnB6mgDraxdB/48W/66Sfzpf+ + Ef0j/ngf++3/AMay9I0fTrm1Mk8W5t7jO5hwDx0NAGm3/IwJ/wBex/8AQ6PE + H/IKl+qf+hCsxtH04awtr5X7owF8bm+9uxnOc0axo+nWunyTwRbXUrg7mPVg + O5oA62sbQ/8Aj2m/67yfzo/4R/SP+eB/77f/ABrL0rR9OuIZXmi3FZXUfMw4 + B46GgDUl/wCQ9B/1wb+dL4g/5BFx9F/9CFZUmj6cNXithF+7aJmI3N1B9c5p + dY0fTrXTpp4ItrrjB3MerAdzQB1a/dH0rG0T/V3f/XzJ/SkXw/pJAJhP/fbf + 41m6Xo+nXCXBmi3FJ3QfMwwo6Dg0Aadx/wAhy0/65yVLrn/IJuf90fzFY82j + 6cmq29ssX7t0ckbm5I6c5zT9V0bTbbT5p4YtroMg7mPf3NAHTQ/6pP8AdH8q + ytH633/X1J/So49A0lo1YwnJA/jb/Gs/TdH064N35sWfLndF+ZhhRjA4NAGp + d/8AIasP92X+QqbWf+QXc/7hrFuNH05NTtLdYsRyrIWG5udo45zmpdT0XTbe + wnmhi2ui5B3Mf5mgDobX/j2i/wBxf5VmaT/rtQ/6+G/kKig0HSngjdoSSygn + 526kfWqOnaPp08t4ssWRFMVX5mGAB7GgDUvv+Qvpn/bb/wBAqzq3/IMuv+ub + fyrCutH06PUrGBIsJN5u4bm52rkd6n1DRNMgsZ5oocOiMQdzHkD3NAG7Zf8A + HnB/1zX+VZ+l/wDH3qH/AF1H8qr2uhaXJbQyPCSzIpJ3t1I+tU7DR9OmubxJ + IsrFJtX5mGBj60Aaeof8hLTf96T/ANBq7qf/ACDrr/rk/wD6Ca5+80fTor6y + hjiwkzOGG5ucDI71ZvtD0uGyuJY4SHSNmB3MeQOO9AGxp3/IPtf+uSf+giqO + nf8AIR1H/fT/ANBqtZaHpctnBLJCSzxqxO5upAJ71VstH06W8vYpIsrEyhRu + bgEZ9aANTU/+P3Tv+up/9Bq/f/8AHjcf9c3/AJGucvtH06G6so44sLK5DDcx + yMfWrl3oWlx2s0iQkMiMQdzdQPrQBpaX/wAg21/65r/Kqth/yFtS+sX/AKDV + Ow0PTJrGCaWIl3RSTuYckexqvaaPp0moX0DxZSEx7RubjcuT3oA09V/4+NP/ + AOu4/lWld/8AHrN/uN/Kua1DR9Ogms1iiwJZQrfMxyMe5q9caDpSW8rrCQyq + xHzt1A+tAF3R/wDkF23+4Kgs/wDkM6h9If8A0E1R03RNMnsIJpYtzuoJO5hz + +BqG20fTpNTvLd4sxxCPaNzcbhzznNAGprH37D/r5T+tak/+ok/3T/KuX1LR + 9Oga0EUW3zZ1RvmY5U5yOTWhLoGlLE7LCchSR87en1oAs6J/yCrb/d/rUNt/ + yG7z/rnHVDS9F0240+CeaLc7rkncw7+xqODR9OfVbm2aLMcaIVG5uCevOc0A + aetfdsv+vqL+tbD/AHG+hrlNU0fTrcWvkxbfMnjRvmY5U5yOTWk+gaSFJEJ4 + B/jb/GgCTQf+QRb/AEP/AKEabD/yHbj/AK4p/Os3SNG06506GeeLc7g5O5h3 + I7GmxaPpzatNbGL92kasBubqT65zQBqa3/qLf/rvH/OtmuS1XR9Ot4oWhi2l + pkU/Mx4J56mtT/hH9I/54H/vt/8AGgBPD3/IIg/4H/6EaE/5GCT/AK9x/wCh + VmaNo+nXWnRTzxbnbdk7mHRiOxoXR9OOsPamL90IQ4G5uu7HXOaANPXf+PNP + +usf862q5LVtH062tlkhi2sZEX7zHgnnqa1P+Ef0j/ngf++3/wAaADQP+Qav + ++//AKEaP+Zh/wC3X/2esvSNH065slmni3OWYZ3MOhIHQ0f2Pp39s/ZfK/df + Z9+Nzfe34znOelAGpr//ACDj/vp/6EK2a5LV9H062sjLBFtbcozuY8EgHqa1 + P+Ef0j/ngf8Avt/8aADQv+PJv+usn/oVI/8AyMEf/Xuf/QqzNJ0fTrm1Mk0W + 5g7jO5hwDx0NDaPpw1hLURfujCXxub727HXOaANPxD/yCZvqn/oQrarktZ0f + TrXTpZ4ItrqVwdzHqwHc1qf8I/pH/PA/99v/AI0AGif8e8//AF3k/nRL/wAh + 23/64v8AzrL0rR9OuIZWmi3FZXUfMw4B46GiTR9OXVobYRfu2iZiNzdQfXOa + ANXX/wDkEXH0X/0IVrr90fSuU1fRtOtdOmngi2ugGDuY9SB3NaK+H9JKgmE/ + 99t/jQA7RfuXf/XzL/Skuf8AkOWf/XOSszS9H064W5M0W7y53QfMwwo6Dg0T + aPpyarbW6xYjkRyw3NyR05zmgDY1v/kFXP8Au/1rRh/1Mf8Auj+Vc1qui6bb + 6fPPDFtdBkHcx7+5q5FoGktGjGE5IB++3+NAEmj/AHr/AP6+ZP6UXf8AyGbD + /dl/kKy9N0fTp2uxLFu8ud0X5mGFGMDg0XGj6cmp2dukWI5RIWG5udo45zmg + Db1n/kF3P+4at2v/AB7Rf7i/yrn9T0XTLewnmii2uikg7mPP4mrEGg6U8Ebt + CSWUE/O3Uj60AS6T/r9Q/wCu5/kKL7/kL6Z/22/9BrM0/R9OnmvFliyIpSq/ + MwwMexou9H06PUbGBIsJN5m4bm52rkd6AN3Vv+QZdf8AXNv5VNY/8eVv/wBc + 0/kKw9Q0TTILGeaKHDojEHcx5A9zUtroWlyWsMjwksyKSdzdSPrQBY0z/j81 + H/rqP5Uah/yEtN/35P8A0Gsux0fTprm8jkiysUgVfmbgY+tF5o+nRXtlDHFh + JWcMNzc4GR3oA6DUv+Qddf8AXJ//AEE0unf8g+1/65J/6CKyL7Q9LisriWOE + hkjdgdzdQCR3ostD0uWzglkhJZ41Ync3UgE96ALOnf8AIS1L/fT/ANBo1P8A + 4/dO/wCup/lWZZaPp0t7exSRZSJlCjc3GRk96L/R9OhurKOOLCyyEN8zcjH1 + oA6O+/48rj/rm/8AI1FpX/INtf8Armv8qzbrQtLjtZpEhIZUYg7m6gfWo9P0 + TTJrGCaWIl3RSTuYckfWgC5Y/wDIW1L6w/8AoNGq/wDHxp//AF3H8jWXaaPp + 0mo30DxZSHy9o3NxuXJ70aho+nQTWaxRYEsoVvmY5GPc0AdNdf8AHrN/uN/K + qmjf8gu2/wBwVSuNB0pIJHWEgqpI+duoH1qvpui6ZcWEE0sW53UEncw5/A0A + XbP/AJDWof7sX/oNGsffsP8Ar5j/AK1mW2j6dJqd5bvFmOIR7RubjcOec5o1 + LR9Ot2tBFFt82dEb5mOVOcjk0AdTN/qZP90/yrO0T/kFW3+7/Wq8ugaSsbsI + TkAn77f41T0rRdNuNPgnmi3O4yTuYd/Y0AaFt/yG7z/rnHSa19yz/wCvmL+t + ZkGj6c+q3Nu0WY40QqNzcE9ec5o1TR9Ot1tjDFt8ydEb5mOVOcjk0AdW/wBx + voaydA/5BFv9G/8AQjTG0DSQpIhPT++3+NZ2kaNp11p0M88W53BydzDoSOxo + A0of+Q9cf9cU/nS63/x7wf8AXeP+dZcej6c2rTWxi/drErAbm6k+uc0aro+n + W8MTQxbS0qKfmY8E89TQB1tY3h//AJBMH1f/ANCNH/CP6R/zwP8A32/+NZej + 6Pp11p0U88W523ZO5h0YjsaANRP+Q/J/17j/ANCo13/jzT/rrH/OstdH046w + 9qYv3QhD43N97djOc5o1bR9OtrZZIYtrGRF+8x4J56mgDraxdA/5Bq/77/8A + oRpf+Ef0j/ngf++3/wAay9H0fTrqyEs8W5yzDO5h0JA6GgDU/wCZh/7df/Z6 + Nf8A+Qa3++n/AKEKy/7H07+2fsvlfuvs+/G5vvb8ZznPSjV9H061smmgi2uG + UZ3MepAPU0AdbWNoX/Hm/wD11k/nR/wj+kf88D/32/8AjWXpOj6dc2zSTRbm + Ejr95hwDx0NAGm//ACMEf/Xuf/QqXxB/yCZ/qn/oQrLbR9OGsJaiL90YS5G5 + uu7HXOaNY0fTrXTpZ4ItrrtwdzHqwHc0AdbWLof+ouP+u8n86X/hH9I/54H/ + AL7f/GsvStH065hmaaLcVldR8zDgHjoaANSb/kO2/wD1xf8AnTte/wCQRcfQ + f+hCsmXR9OXVobYRfu3jZiNzdQfXOadq+jadbadNPBFtdAMHcx7gdzQB1Kfc + X6CsjRfu3n/XzL/SmroGklQTCen99v8AGs3TNH064W5M0W7y55EX5mGFGMDg + 0Aalz/yG7P8A65yVJrf/ACCrn/d/rWPPo+nJqttbrFiORHLDc3JHTnOak1XR + dNt9Pnnhi2ui5B3Me/uaAOkg/wBRH/uj+VZWj/fv/wDr5k/pTItA0pokZoTk + qCfnb0+tZ+m6Pp1w12JYt3lTui/MwwoxgcGgDTvP+Q1p/wDuy/8AoNWNY/5B + dz/uGsS50fTo9Ts7dIsRyiTcNzc7RxznNTalommQWE80UW10UkHcx5/E0AdB + a/8AHrD/ALi/yrN0r/j41D/ruf5CobfQdKeCN2hJLKCfnbqR9ao6fo+nTzXi + yxZEUpVfmYYGPY0Aad//AMhbTfrL/wCg1b1X/kG3X/XNv5Vg3ej6dFqNjAkW + EmMm4bm52rkd6sahommQ2M80URDojEHcx5A+tAG3Yf8AHjb/APXNP5Cs/TP+ + P3Uf+uo/lUFpoWlyWsMjwks6KSdzdSPrVOx0fTprq9jkiysUgCjcwwMfWgDU + 1H/kI6d/vv8A+g1d1H/kH3X/AFyf/wBBNc9e6Pp0V7ZRRxYWVmDDc3IAyO9W + r3Q9Lis55Y4SGSNmB3N1AJHegDW03/kHWv8A1yT/ANBFU9P/AOQlqX+/H/6D + VWx0PS5bK3lkhJZ40Ync3UgE96q2ej6dLe3sMkWUiZAo3NxkZPegDT1T/j80 + 7/rqf5VoX3/Hlcf9c3/ka5y/0fTobmzjjiwsshVvmbkY+tXLrQtLjtZpEhIZ + UYg7m6gfWgDR0n/kGWv/AFzX+VVbH/kL6n/2x/8AQap6fommT2ME0sOXdFJO + 5hyR7GoLTR9Ok1G+geLKQ+XtG5uNy5PegDU1b/X6f/13X+RrSuv+PaX/AHG/ + lXM6ho+nQS2axRYEswVvmY5GPc1en0HSkgkdYSCqkj526gfWgC7o3/ILtv8A + cFV7T/kNX/8Auxfyqlpmi6ZcWEE0sW53UEncw5/A1Db6Ppz6nd27RZjiWMqN + zcbhzznNAGnrP3rD/r6j/rWtN/qZP90/yrltT0fTrc2nlRbfNnRG+ZjlTnI5 + NaEugaSsbsITkAn77f40AWND/wCQTbf7p/majt/+Q5d/9c46ztK0bTbnT4J5 + otzuMk7mHf2NMh0fTn1W4t2izHGiEDc3BPXnOaANTWvuWn/XzF/Wthvun6Vy + eqaPp1utuYYtvmToh+Zj8p6jk1pN4f0kAkQn/vtv8aAH6B/yCLf6N/6EabF/ + yHp/+uK/zrN0jRtOutOhnni3O4OTuYdCR2NJHo+nNq81sYv3axKwG5upPrnN + AGnrn/HvB/13j/nW1XJaro+nW0MTQxbS0qKfmY8E89TWp/wj+kf88D/32/8A + jQAeH/8AkEw/V/8A0I0L/wAjA/8A17D/ANDrL0fR9OutPjnni3OxbJ3MOjEd + jQuj6cdYa1MX7oQh8bm+9ux1zmgDU13/AI8l/wCusf8A6FWzXJato+nW1qJI + YtrF0GdzHgnnqa1P+Ef0j/ngf++3/wAaAE0D/kHD/ff/ANCNB/5GIf8AXr/7 + PWZpGj6dc2Ylni3NuYZ3MOAcDoaP7H07+2Ra+V+6+z78bm+9uxnOc9KANPxB + /wAg1/8AeT/0IVtVyWsaPp1rYtNBFtcMozuY9SAeprU/4R/SP+eB/wC+3/xo + ANC/49JP+usn86H/AOQ/F/17t/6FWXpOj6dc2zvNFuYSOv3mHAPHQ1YgsLWy + 12NLZNo8lm6k85x39qAOlooooAKKKKACiiigAooooA//1P3PlXWP7VgDPD53 + lttIDbcd896fqy6yNOmNy8JjwNwUNnqOmaZLq1s2qwXAWTakbgjYc8+1P1bV + 7W406aFFkDMBjKEDqO9AF6NNe2LiS3xgdmrO0xdYP2v7O8I/0iTfuDff4zjH + atGPXLMIoKS8Af8ALM1naZq1tB9r3rIfMuJHGEJ4OOvvQAXC6x/alqHeHzdr + 7CA23GOc1Lqa6yLCc3DwGPb820NnHtmorjVrZ9UtbgLJtjVwRsOeR2FS6nrF + rPYTwosgZ1wMoQPzoAtQpr3kx7ZLfbtGMhs4xVDTl1gyXfkPCD5zb9wb73Gc + Y7Vfh1yzWGNSkuQoH+rPpVDTtWtoZLwush8yZmGEJ4OOvpQAXS6x/aVkJHh8 + 397sIDbfu85/DpU+orrQsZzO8Bj2HdtDZx7VBdatbSalZTqsm2Lzc5Q5+ZcD + A71PqOsWs1jPEiyBnQgZQgfnQBNbJrv2aLy5INuxcZDZxjjNUrBdYNxeeS8I + bzPn3BsbsdvarttrdpHbRIUlyqKOEPYVSsNWtobi8dlkIlk3DCE8Y7+lABeL + rH2+xErwmTL7MBsD5ec/hVm/TW/sVx5zwGPy23YDZxjnFVrzVraS/spVWTbE + XJyhB5XHA71Zv9ZtJbK4iVZAXjYDKEDkUAOs01z7JB5UkATYu3IbOMcZqpZL + rH2u98p4Q+9d+Q2M44xVuz1q0itII2STKIoOEJHAqpZatbRXd7IyyYldSMIS + eB39KAC+XWBd2XnPCX3tswGxnHerd4mufZJ/NkgKbG3YDZxjnFVL7VraW7sp + FWQCJ2JyhB5Hb1q3ea1aS2k8apJl0YDKEDkUANsE1v7FB5LwCPYu3cGzjHGa + rWa6x9vvvKeESApvyGwfl4x+FWbDWbSKygiZZCURQcISOB61Ws9Wto7++mZZ + NspTGEJPC45HagAv11gT2fnPCW835NobG7Hf2q7cprv2eXzJLfbsbOA2cY5q + lf6tbTT2bqsgEUu45QjjHb1q7c63aPbyoElyyMOUPcUAQ6cutGxgMDwCPYNu + 4NnHvUFqusf2neiN4fNAj3khtv3eMfh1qfTtYtYbGCJ1kJRADhCR+dQWurW0 + ep3s7LJtlEeMIc/KuDkdqADUl1gPZ+e8JPnLs2hvvc4zntV+ZNe8mTdJb7dp + zgNnGKoalq1tPJZlFkHlzKxyhHA9PWr82t2bQyKElyVI/wBWfSgCppa6ydPg + Nu8Aj2/LuDZx74qOBdY/tS6CPD5u1NxIbbjHGKk0vWLWDT4IXWQsi4OEJH51 + HBq1smqXU5WTbIqAfIc8DuKADU11gfZftDwn/SI9m0N9/nGc9q0XTXtjZkt8 + YPZqztT1a2n+y7FkHl3EbnKEcDPT3rRfXLMow2S8g/8ALM0AUdJXWTp0Jtnh + EeDt3Bs9T1xTIl1j+1Zwrw+d5a7iQ23HbHen6Tq9rb6dDC6yFlBzhCR1PemR + atbLqs9wVk2vGoHyHOR7UAGqrq4jg+0PCR5ybdob73bOe1aZTX/+elv+TVma + rq1tcRwKiyDZMjHKEcCtM67Z/wByX/v2aAMzRl1g6bCbV4RF82A4bd945zj3 + oRdY/teQB4fO8kZOG27c/nmjRtWtrbTYYJFkLLuztQkcsT1oTVrYavJc7ZNp + hC42HOQc9KADVl1gW6faXhK+YmNobOc8de1amzX/APnpb/k1ZeratbXFuiIs + gIkRuUI4BrU/t2z/ALkv/fs0AZejrrBsE+yvCI8tjeGzncc9KAusf2yRvh8/ + yBzhtu3d+ec0aPq1tbWCQyLIWDMflQkcsT1oGrW39sm52ybTAExsOc7s9PSg + A1ddYFn/AKS8JTen3Q2c5461qbNf/wCelv8Ak1Zer6tbXNn5cayA70PKEDg1 + qf27Z/3Jf+/ZoAy9JXWDaH7M8ITe/wB4NnOeelBXWP7YUb4fO8g84bbt3fnn + NGk6tbW9oY3WQne54Qkcmg6tbf2wtztk2CApjYc53Z6elABrC6wNPkNy8Jjy + udgbP3hjr71qbNf/AOelv+TVl6xq1tc6fJDGsgYlfvIQOGB61qf27Z/3Jf8A + v2aAMvSl1gwSfZ3hC+a+dwbO7PPTtRIusf2vEC8PneU2Dhtu3P55o0rVra3g + kR1kJMrtwhPBNEmrWx1eK5CybViZfuHOSfSgBdYXWBpsxunhMXy5CBt33hjG + fetIJr+B+8t/yas3WNWtrnTZoI1kDNtxuQgcMD1rSGu2eB8kv/fs0AZmlrrB + S4+zvCB5z7twb73fGO1Ey6x/atuGeHztj7SA23HfNGl6tbW6XAdZDvmdhhCe + DRNq1s2q29wFk2ojg/Ic8+1AD9WXWRp8xuXhMeBu2hs9R0zV6NNe2LiS3xgd + mqjq2r2txp80KLIGYDGUIHUd6vR65ZhFBSXgD/lmaAM7TF1cm7+zvCP9Iffu + Dff4zjHai4XWP7UtA7w+btk2EBtuMc5o0zVraA3e9ZD5lw7jCE8HHX3ouNWt + n1S0nCybY1kByhzyOwoAl1NdZFhObh4DHt+baGzj2zVqBNd8mPZJb7doxkNn + GKq6nrFrPYTwosgZ1wMoQPzq1BrdmkMalJchQP8AVn0oAoacusGS88h4QfOb + fuDfewOmO1F0usf2lYiR4TKfN2EBto+XnP4dKNO1a2hkvGdZD5kzMMITwQOv + pRdatbSalYzqsm2Lzc5Q5+ZcDA70AT6iutCxnM7wGPYd20NnHtU1smu/ZovL + kg27FxkNnGOM1DqOs2s1jPEiyAuhAyhA596mttbtI7aJCkuVRRwh7CgClYLq + 5uLzyXhDeZ8+4NjOO3tReLrH2+x814TIS+zAbAO3nNFhq1tDcXjsshEsm4YQ + njHf0ovNWtpL+xmVZNsTOTlCDyuOB3oAs36a39iuPOeAx+W27AbOMc4p1mmu + fY4PKkgCeWu3IbOMcZpt9rNpLZXESrIC8bAZQgcilstatIrOCNkkykag4Qkc + CgCrZLrH2y98p4Q+9d+Q2M44xRfLrAu7LznhL7zswGxnHeiy1a2ivL2VlkIl + dSMISeBjn0ovtWtpbuykVZMROScoQeR29aALd4mufZJ/NkgKbG3YDZxjnFMs + F1s2MBheAR7F27g2cY4zT7zWrSS0njVJMsjAZQgcimWGs2sNjBEyyEoig4Qk + cCgCvaLrH9oXwjeESAx7yQ2D8vGPwo1BdYE9n5zwlvN+TaGxux39qLTVraPU + L6Zlk2ymPGEJPC45HajUNWtpp7N1WQCKXccoRxjt60AXbhNd+zy75LfbtbOA + 2cYqDTV1o2EBgeAR7Bt3Bs496nuNbtHt5UCS5ZWHMZ7ioNN1i1hsIInWQsiA + HCEj86AIbZdY/tO9Ebw+biPeSG29OMf1o1FdYD2nnvCT5y7Nob73OM57UW2r + W0ep3s7LJtlEeMIc/KMHI7Uajq1tM9oUWQeXMrHKEcDPT3oAvzJr3lPukt8b + TnAbpiqmlrrJ0+A27wCPb8u4NnGe+Ktza5ZtE6hJclSP9WfSqml6va2+nwQu + shZVwcISOvrQBHAusf2pdBHh83am4kNtx2xRqa6wBa/aHhP7+PbtDfe5xnPa + iDVrZNUurgrJtkVAPkOePUUanq1tOLXYsg8ueNzlCOBnp70AaTpr+xsyW+MH + s1Z+krrB06E2zwiLB2hg2ep64rQfXbMow2S9D/yzNZ+kava2+nQwyLIWUHOE + JHU96AGxLrH9rThXh87y13EhtuM8Y75o1VdXEUP2h4SPOTbtDfezxnPaiLVr + ZdWnuCsm141UfIc5B9KNV1a2uIoVRZBtmRjlCOAaANTZr/8Az0t/yasvRl1g + 6bCbV4RF82A4bd945zj3rT/t2z/uS/8Afs1maNq1tbabDBIshZd2dqEjliet + AAi6x/bEgDw+d5IycNt25/PNGrLrAtk+0vCV8xMbQ2c5469qE1a2GsSXO2Ta + YQuNhznOelGratbXFsiIsgIkQ8oRwDQBqbNf/wCelv8Ak1ZekLrBsV+zPCI9 + zY3Bs53HPStT+3bP+5L/AN+zWXo+rW1tYrFIshYMx4QkcsT1oAAusf2yRvh8 + /wAjrhtu3d+ec0auusCzP2l4Sm5fuhs5zx1oGrW39sm52ybPI2Y2HOd2enpR + q+rW1zZmKNZAdyn5kIHBoA1Nmv8A/PS3/Jqy9IXWDan7M8ITe/3g2c556Vqf + 27Z/3Jf+/ZrL0jVra3tTG6yE73PCEjk0ADLq/wDbCgvD5/kHBw23bu/POaNZ + XWBp8n2p4THlc7A2fvDHX3obVrY6wtztk2CArjYc53Z6elGsatbXOnyQxrIG + Yr95CBwwPWgDU2a//wA9Lf8AJqy9KXWDDL9neEL5r53Bs7s89O1an9u2f9yX + /v2ay9K1a2t4ZVdZCWlduEJ4JoAJF1j+14gXh87ymwcNt255z3zS6wusDTpj + dPCYuMhQ277w6ZpJNWtjq8VwFk2rEy/cOck+lLrGrW1zp00EayBmxjchA4YH + rQBoqmv4GJLf8mrN0tdYKXH2d4QPPfduDfe74x2rSXXbMADZL/37NZul6tbW + 6XAdZDvndhhCeD/WgAmXV/7Vtwzw+dsfaQG247570/VV1kafMbh4THj5tobP + XtmmTatbNqtvcBZNqI4PyHPPoKfqur2txp80KLIGYYGUIHX1oAuxpr3lrtkt + 8YGOGrP01dYJu/IeEfv337g33+M4x2rRj1yzWNVKS8Af8szWdpurW0Bu96yH + zJ3cYQng46+9ABcLrH9p2gd4fN2ybCA23GOc1Lqa60LCczvAY9vzbQ2ce2ai + uNWtn1O0nCybY1kByhzyOw71LqesWs9hPCiyBnXAyhA/OgCzAmu+RHskt9u0 + YyGzjFUdOXWDLeeQ8IPnHfuDfex29qvQa3aJBGhSXKqB/qz2FUdO1a2hlvGd + ZD5kxYYQngjv6UAF0usf2lYiR4TKfN2EBto+XnP4dKn1BdbFjOZngMext20N + nGO1QXWrW0mo2M4WTbF5ucoc/MuBgd6n1DWbWaxniRZAXRgMoQOR60AS2qa5 + 9mh8uSDbsXGQ2cY4zVOwXWDc3nkvCG8z59wbGcdvarlrrdpHbQoUlyqKOEJH + AqnYatbRXN47LIRLJuGEJ4x39KAC8XV/t1l5rwmQs+zAbGcc5qzfJrf2K485 + 4CnltuwGzjHOKrXmrW0t9ZSqsmImcnKEHkY4HerN9rNpLZXESrIC8bAZQgZI + oAWyTXPscHlSQBPLXbkNnGOM1Vsl1g3t75Twh9y78hsZxxirVlrVpFZwRMkm + UjUHCEjgVVstWtor29lZZCJWUjCEngd/SgAvl1gXVl5zwl952YDYzjvVy7TX + Pss3mSQFNjZwGzjHOKp32rW0t1ZSKsmInJOUIPTt61cu9atJLWaNUkyyMBlC + ByKAI7BNb+wweS8Aj2Lt3Bs4xxmq9ousf2hfCN4RJmPfkNg/Lxj8OtWLDWbS + GxgiZZCURQcISOB61XtNWto9QvpmWTbKY8YQk8LjkdqADUF1gTWfnPCW80bN + obG7Hf2q7cJrv2eXfJb7drZwGzjFUtQ1a2mms2RZAI5QxyhHGO3rV641u0e3 + lQJLllYcxnuKAK+mrrRsIDA8Aj2jbuDZx74qG2XWP7TvBG8Pm4j3khtvTjH9 + am03WLWCwghdZCyKAcISPzqG21a2TU7ycrJtlEeMIc/KO47UAGpLrAa0894S + fPXZtDfe5xnPatCVNe8p90lvjBzgN0xWfqWrW07WhRZB5c6ucoRwM9PetCXX + LNonUJLyCP8AVn0oAp6WusnT4DbvAI9vy7g2cZ74qOBdY/tW5CPD52xNxIbb + jtipNL1e1t9PghdZCyrg4QkdfWo4NWtk1W5uCsm10QD5Dnj1FABqi6wBbfaH + hP79Nu0N97nGc9q0nTX9pzJb4wezVm6pq1tOLUIsg8ueNzlCOBnp71pPrlmV + I2S8g/8ALM0AZ+kLrB06E2zwiLBwGDZ6nrimxLrH9rTBXh87y1ycNtxnjHvT + tI1e2ttOhhkWQsoOcISOp702LVrZdWmuCsm1o1UfIc5B9KADVV1gRQ/aHhI8 + 5MbQ33s8Zz2rU2a//wA9Lf8AJqy9V1a2uIoVRZAVmRjlCOAa1P7ds/7kv/fs + 0AZejLq506I2rwiL5sBw277xznHvQq6x/bDgPD53kjJw23bu/POaNG1a2ttO + igkWQsu7O1CRyxPWhdWthrD3O2TaYQuNhzndnpQAasusC2X7S8JXzExtDZzn + jr2rU2a//wA9Lf8AJqy9W1a2uLZERZARIh5QjgGtT+3bP+5L/wB+zQBl6Qus + GyX7M8Ij3N94NnOTnpRt1j+2cb4fP+z9cNt2b/zzmjSNWtrayWKRZCQzHhCR + yxPWj+1rb+2ftO2TZ9n2Y2HOd+enpQAauusCyP2l4Sm5fuhs5yMda1Nmv/8A + PS3/ACasvV9WtrmyMUayA7lPKEDgg1qf27Z/3Jf+/ZoAy9JXWDat9meEJvf7 + wbOc89KGXWP7YQF4fO8k4OG27d355zRpOrW1vatG6yEl3PCEjk0Nq1sdYS52 + ybBCVxsOc7s9KADWV1gadIbp4TFlchA2fvDHX3rU2a//AM9Lf8mrL1nVra50 + 6WGNZAzFfvIQOGB61qf27Z/3Jf8Av2aAMvSl1gwy/Z3hC+a+dwbO7POMdqJF + 1j+1oQzw+d5TYOG27c8575o0rVra3hlV1kJaV2GEJ4Jok1a2bVobgLJtWJlI + 2HOSfSgBdXXWBp0xuXhMWBkKG3dR0zWiqa/tGJLf8mrO1fVra506aGNZAzAY + yhA6g9a0V12z2j5Jf+/ZoAzdLXWCtz9neEDz33bg33u+MdqJl1j+1bYO8Pnb + H2kBtuO+aNL1a2gW5DrId87uMITwfX3om1a2bVba4CybURwRsOefQUASaqus + jT5zcPAY8fNtDZxntmrkSa95abZLfGBjhqp6rq9rcafPCiyBmGBlCB19auRa + 5ZrGilJeAP8AlmaAM/TV1gtd+Q8I/fvv3BvvcZxjtRcrrH9p2Yd4fNxJsIDb + enOf6Uabq1tA12XWQ+ZO7jCE8HHX3oudWtn1OznCybYxJnKHPzDsO9AE2prr + QsJzO8Bj2ndtDZx7ZqxAmu+RHskt9u0YyGzjFV9T1i1nsJ4UWQM6kDKED86s + Qa3aJBGhSXKqB/qz2FAFHT11gzXnkPCD5p37g33sdvai7XV/7RsRI8JlPmbC + A20fLzn8OlGn6tbQzXjOshEkpYYQnjHf0ou9WtpNRsZ1WTbF5mcoQfmXAwO9 + AE+oLrYsZzM8Bj2Nu2hs4x2qW1TXPssPlyQbNi4yGzjHGai1DWbWaxniRZAX + RgMoQOR61La61aR2sMbJLlUUHCEjgUAU7FdYNzeeS8IbzBvyGxnHai8XWPtt + l5rwmQs+zAbAOOc0WOrW0VzeOyyYlkBGEJOMd/Si81a2kvbKVVkxEzk5Qg8j + HA70AWr5Nb+xXHmvAU8t92A2cYOce9FkmufY4PKeAJ5a7chs4wMZovtatJbK + 4iVZAXjcDKEDJBostatIrOCJkkykag4QkcCgCrZLrH2298p4RIGXfkNgnHGK + L9dYF1Zec8JfzDs2hsZx3ostWtor29lZZMSspGEJPAxz6UX2rW0t1ZSKsgEU + hJyhB6dvWgC5dJrn2WbzJICmxs4DZxjnFR6eutmxgMLwCPYu3cGzjHGakuta + tJLWaNUlyyMBlCByKj0/WbWGxgiZZCURQcISOB60AV7RdY/tG+EbwiUeXvJD + YPy8Y/DrRqC6wJrPznhLeaNm0Njdjv7UWmrW0eo30zLJtl8vGEJPyrg5HajU + NWtpprNlWQCOUMcoRxjt60AXrhNd8iTfJb7dpzgNnGKr6autGwgMDwCPaNu4 + NnHvirFxrdo8EiBJcspHMZ7iq+maxawWEELrIWRQDhCR+dAENsur/wBp3gje + HzcR7yQ23pxj+tGpLrAa0894SfPTZtDfe5xnPai21a2TU7ycrJtkEeMIc8Du + O1GpatbTtaFFkHlzo5yhHAz096ANCVNe8t90lvjBzgNVPSl1k6fAbd4BHj5d + wbOM98Vcl1yzaN1CS8g/8szVPStXtbfT4IXWQsowcISOvrQBHAusf2rchHh8 + 3Ym4kNtx2xRqi6wFtvtDwkeem3aG+9zjOe1EGrWy6rc3BWTa6IB8hzx6ijVN + WtrhbYIsg2To5yhHAz096ANJk1/acyW+MejVnaQusHToTbPCIsHAYNnqeuK0 + W12zKkbJen/PM1naRq1tbadDDIshZQc7UJHUnrQAka6x/a0wV4fO8tcnDbdu + eMd80aqusCGL7Q8JXzUxtDZ3Z4zntRHq1surzXBWTa0SqBsOcg+lGq6tbXEM + SosgKyo3KEcA0AamzX/+elv+TVl6OusHTojavCIvmwHDZ+8c9PetT+3bP+5L + /wB+zWXo+rW1tp0UMiyFl3fdQkcsT1oAFXWP7YcB4fO8kZOG27d355zRqy6w + LZftLwlfMT7obOc8daF1a2GsPc7ZNphC/cOc7s9KNW1a2uLZURZARIh5Qjoa + ANTZr/8Az0t/yasvR11g2Q+zPCI9zfeDZzk56Vqf27Z/3Jf+/ZrL0fVra2sh + FIshIZjwhI5JNABt1j+2cb4fP+z9cNt2b/zzmjV11gWTfaXhMe5fuhs5yMda + P7Wtv7Z+07ZNn2fZjYc5356elGr6tbXNk0SLICWU/MhA4IPWgDU2a/8A89Lf + 8mrL0ldYNs32Z4QvmP8AeDZznnpWp/btn/cl/wC/ZrL0nVra3tmR1kJMjnhC + RgmgAZdX/thAXh87yTg4bbt3fnnNGsLrA06U3TwmL5c7A277wxjPvQ2rWx1h + LnbJtEJX7hzndnpRrGrW1zp0sMayBm2/eQgcMD1oA1Nmv/8APS3/ACasvSl1 + gwzfZ3hA8187g33s84x2rU/t2z/uS/8Afs1l6Vq1tbwzK6yEtK7DCE8E0AEq + 6x/a0IZ4fO8tsHDbcZ5z3zTtXXWBp0xuXhMWBkKGz1HTNNl1a2bVobgLJtWN + lPyHOSfSnavq9rc6dNDGsgZgMZQgdR3oA0FTX9oxJb9PRqzdMXWCtz9neEfv + 5N24N97jOMdq0l12zCgbJen/ADzNZumatbQLc71kPmTyOMITwcdfegAnXWP7 + Vtg7w+bsfaQG2475qTVV1kafObh4DHj5tobOM9s1HPq1s2q21wFk2ojg/Ic8 + +gqTVdXtbjT54UWQMy4GUIHX1oAuRJr3lJtkt8YGMhumKz9NXWC135Dwj9++ + /cG+9xnGO1aEWuWaxIpSXgAf6s+lZ+m6tbQNdl1kPmTu4whPBx196AC5XWP7 + TsxI8Pm4k2EBtvTnP9Km1JdaFhOZ3gMe07tobOPbNQ3OrWz6nZzhZNsYkzlD + nkdh3qbUtYtZ7CeFFkDOpAyhA/OgCxbprvkR7JLfbtGMhs4xVHT11gzXnkvC + G8079wbG7Hb2q9b63aJBGhSXKqBxGewqjp+rW0M14zLIRJKWGEJ4x39KAC7X + WP7RsRI8JlJk2EBsD5ec/h0qxqC62LGczPAY9jbtobOMc4qvd6tbSajYzKsm + 2IyZyhB+ZcDA71Y1DWbWaxniVZAXRgMoQOR60ASWia59lh8uSAJsXGQ2cY4z + VOxXVzdXvkvCH8wb8hsZx2q5aa1aR2sMbJJlUUHCEjgVTsdWtorq9kZZCJZA + RhCT07+lABerrH22y814S+5tmA2M45zVq9TXPsc/myQFPLbdgNnGOcVVvdWt + pb2ylVZMRMxOUIPIxx61avdatJbOeJUky8bAZQgcigAsU1v7Fb+VJAE8tNuQ + 2cYGM1Vs11j7be+U8Ik3JvyGxnHGKtWOtWkVlbxMshKRoDhCRkAVVs9Wtor2 + 9lZZMSshGEJPC45HagAv11gXNn5zwlvMOzaGxnHf2q5dJrn2WbzJINmxs4DZ + xjnFU7/VraW5snVZAIpCTlCOMdvWrl1rVpJazRqkmWRgMoccigCLT11s2MBh + eAR7F27g2cY71BaLq/8AaN8I3hEo8veSG2n5eMfh1qfT9ZtYbGCJ1kJRFBwh + I4HrUFpq1tHqN9OyybZfLxhCT8q4OR2oANQXWBLZ+e8JPnDZtDfex39qvTpr + vkSb5LfbtOcBs4xVHUNWtppbNkWQCOYMcoRxjt61en1u0eCRAkuWUj/VnuKA + K+mLrRsIDA8Aj2jbuDZx74qG3XWP7Uuwjw+biPeSG24xxj+tTaZrFrBYQQus + hZFAOEJH51Db6tbJqd3OVk2yLGBhDngdxQAamusA2nnvCf36bNob73OM57Vo + Spr3lvukt8YOeGrP1PVrac2hRZB5c6OcoRwM9PetCXXLNo3UJLyD/wAszQBS + 0pdZOnwm3eER4+XcGz174pkK6x/atwFeHztibiQ23HbHen6Vq9rb6fDC6yFl + GDhCR19aZDq1suq3FwVk2uiADYc8eooANUXWAtt9oeEjz027Q33u2c9q0mTX + 9pzJb/k1ZuqatbTrbBFkGydHOUI4Hp71pNrtntPyS/8Afs0AZ2kLrB06E2zw + iLBwGDbup64pI11j+15Qrw+d5S5OG27c8Y75pdI1a2ttOhhkWQsoOcISOpPW + kj1a2XV5bkrJtaJVA2HOQfSgA1VdYEMX2l4SvmpjaGzuzxnPatTZr/8Az0t/ + yasvVdWtriGJUWQFZUY5QjgGtT+3bP8AuS/9+zQBl6OusHT4zavCI8tjeGz9 + 456e9CrrH9sMA8PneSMnDbdu7885o0fVra20+OGRZCylvuoSOWJ60Lq1sNYa + 52ybTCFxsOc7s9KADVl1gWo+0vCU3p90NnOeOtamzX/+elv+TVl6tq1tcWoj + RZAQ6HlCBwa1P7ds/wC5L/37NAGXpC6wbIfZnhCbm+8GznPPSjbq/wDbIG+H + z/s/XDbdm7885o0jVra2shFIshO5jwhI5NH9rW39si52ybPs+zGw5zuz09KA + DWF1cWLfanhMe5c7A2c5GOtamzX/APnpb/k1ZesatbXNi0UayAllPKEDgg9a + 1P7ds/7kv/fs0AZekrrBtn+zPCF8x87g2c556dqsQC+Gux/bGjZvJb7gOMZ9 + ++ar6Tq1tb2zo6yEmR24QngmrEF7Dd67G8QYDyWX5lI5znvQB0tFFFABRRRQ + AUUUUAFFFFAH/9X945/+Q5a/9cnp+u/8gm4+g/mKyJdIsl1WC3AbY8bk/Mc5 + HvTtW0exttOmniVg6AYyxPcdiaAOoi/1SfQVkaN/y/f9fUv9KZHoOnFFJV+Q + P42/xrP0zSLK4+1+YG/d3EiDDEcDGO9AGndf8hux/wByX+VT61/yCrn/AHKx + bjSLJNUtbdQ2yRXJ+Y54HHOak1PRrG3sJ5o1YMi5GXY/1oA6O3/494v91f5V + maR/rb//AK+G/kKih0LTnhjYq+SoP329PrVDTtIsp5LsSBiI5mVcMRwMe9AG + pe/8hjTfpN/6CKsav/yDLn/rm1Yd1pFlHqVlAobZL5u75jn5VyOam1HRbCCx + nmjVtyISMux/rQBvWf8Ax5wf9c1/lWdpX/H1qH/Xb+lQW2h6fJbRSMr5ZFJ+ + dupH1qnYaRZTXF4kgbEUm1cMRxj60Aal/wD8hTTf96T/ANBq3qf/ACDrr/rk + /wDI1gXmkWUV/ZQoG2ylw3zHsuR3qzfaJYQ2VxKituSNiPnY8gfWgDZ0/wD4 + 8Lb/AK5J/wCgiqOm/wDH/qP/AF0X/wBBqrZ6Hp8tpBI6tudFJ+dupH1qrZaR + ZS3d7G4bbE6hfmPQj60Aaepf8f8Ap3/XRv8A0Gr+of8AHhc/9cn/APQTXO32 + kWUN3ZRoG2yuwb5ieAPrVq80PT4rSeVFbciMR87dQPrQBq6X/wAg21/65J/K + qen/APIU1L/ei/8AQaqWGiWE1lBK6tudFJw7Dkj61Xs9Ispb++hcNtiKBfmP + dcnvQBqap/x9af8A9dv6Vo3n/HpP/uN/Kuav9IsoZ7NEDYll2tlieMfWrtzo + enx28rqr5VGI+duw+tAF/SP+QZbf9c1qtZf8hnUfpD/6DVLTtFsJ7GCaRW3O + gJw7D+tQ2ukWUmpXsDBtkQj2/Mc/MuTzmgDT1f8A1th/18J/WtS4/wCPeX/d + b+VcxqOkWUD2gjDYlmVGyxPBz71fm0LTkhdgr5Ck/fb0+tAFrRf+QVbf7v8A + WorX/kNXv+5F/Ks/S9GsbjT4JpFYs65OHYf1qODSLJ9UurdlbZGqEfMc8jnm + gDU1n/lx/wCvqL+ta0n+rb6GuV1PSLK3+y+WGHmXEaHLE8HOe9aL6DpwRiFf + gH+Nv8aAJtC/5BNv9D/M0yD/AJDl1/1ySs3SdHsbnToZ5VYu4OcMR3PYGmxa + RZNqs9uQ2xI0I+Y5yffNAGnrf+ptv+viP+dbR6VyWqaRZW8cDRBgXmRTlieD + 171p/wBgad/df/vtv8aAF8Pf8ge3/wCBf+hGiP8A5D8v/XBf/Qqy9H0iyutN + hnmDF23ZwxA4YjoDQmkWR1eS2KtsWEMPmOck460Aamuf8esX/XaP+dbNclqu + kWVvbo8QYEyIvLE8E8960/7A03+6/wD323+NAB4f/wCQZH/vP/6EaUf8jA3/ + AF7D/wBDrL0fSLK6sUmlDFiWHDEdGI7GgaRZf2wbXDeWIA/3jnO7HXNAGnr/ + APyD/wDton/oVbVclq+kWVtZ+bEGDb0HLE9T7mtP+wNN/uv/AN9t/jQAug/8 + eJ/66Sf+hUN/yMC/9ex/9DrL0nSLK5tDJKGLb3HDEcA+xoOkWX9sLa4byzAX + +8c53Y60AaniD/kFS/VP/QhWzXJaxpFlbWEk0QYMCuMsT1YDvWn/AGBpv91/ + ++2/xoAXQ/8Aj1l/67SfzpJf+Q9B/wBcG/nWZpWkWVxBI8oYlZXUYYjgHjvR + JpFkNXitgG2NEzH5jnIPrmgDU8Qf8gi4/wCA/wDoQrYHQVyesaRZWumzTxKw + dduMsSOWA6E1pDQNOwPlf/vtv8aAF0T/AFV1/wBfEn9KW4/5Dlr/ANcpKy9L + 0iyuEuDKGykzoMMRwOneibSLJdVt7cBtjo5PzHOR75oA19d/5BNz/uj+YrTi + /wBUn0Fcxquj2Ntp808SsGQDGXJ7jsTV2PQdOKKSr8gfxt/jQA/Rut//ANfU + n9KLv/kNWP8Auy/yrM0zSLK4N35gY+XO6DDEcDGO9FxpFkmqWluobZIshPzH + PA45zQBta1/yCrn/AHKu23/HtF/uL/Kuc1PRrG3sJ5o1YMi5GXY/1q1BoWnv + DG7K+WUE/O3cfWgCbSf9df8A/Xw38hRe/wDIY03/ALbf+gisvTtIsp5LtZA2 + IpmVcMRwAPei60iyj1KxgUNsm83d8xz8qgjnNAG7q3/IMuv+ubfyqez/AOPO + D/rmv8qwtR0WwgsZ5o1bciEjLseR+NS22h6fJbRSMr5ZFJ+dupH1oAn0v/j7 + 1D/rt/SjUP8AkJ6b/vSf+g1mWGkWU1xeI4bEUm1cMRxii80iyivrKFA22UuG + +Y9lyO9AG/qf/IOuv+uT/wAjTtO/5B9t/wBck/8AQRWPfaJYQ2VxKituSNiM + ux5A+tLZ6Jp8tnBK6tueNSfnYckfWgC1p3/IQ1H/AH0/9Bo1L/j+07/ro3/o + NZdlpFlLeXsThtsTqF+YjqM+tF9pFlFd2UaBtsrkNlieAPrQB0V//wAeNz/1 + zf8A9BNR6X/yDbX/AK5r/Ksy70PT47SaRFbciMR87dQPrTLDRbCaxgldW3Oi + k4dhyR9aALdh/wAhXUvrF/6DRqv/AB86f/12H8qzLTSLKTUL6F1bbEY9vzH+ + JcnvRqGkWUM9mkatiWXa2WJ4x9aAOlu/+PWb/cb+VVtI/wCQZbf7gqhcaFp6 + W8rqr5VWI+duw+tQadothPYQTSK250BOHYf1oAvWf/IY1H6Q/wDoJo1f/WWH + /Xyn8jWXbaRZSalewMG2RCPb8xz8wyec0ajpFlA9oIw37yZUbLE8HPvQB1Fx + /qJP90/yqhon/IKtv93+tVZtC05YnYK+QpP329PrVTS9GsbjT4JpVYs65OHI + 7/WgC/a/8hu9/wByP+VLrPSy/wCvqL+tZcGkWT6pdW7BtkaoR8xzz15zRqek + WVuLXyww8yeNDlieDnNAHVv9xvoaytB/5BNv9D/6EaifQdOCkhX4B/jb/GqG + k6PY3OnQzyhi7A5wxHc9gaANKD/kO3P/AFyT+dJrn+pt/wDr4j/nWZFpFk2r + T2xDbEjVh8xzkn1o1XSLK3ihaIMC8yKcsTwevegDraxfD3/IHt/+B/8AoRo/ + sDTf7r/99t/jWZo2kWV1psM8wYu27OGIHDEdAaANOP8A5D8v/Xuv/oVLrv8A + x6R/9dY/51lppFkdXktiG8tYQ33jnJOOuaNW0iytrZHiDAmRF5Yngn3oA62s + bQP+QYn+8/8A6EaT+wNN/uv/AN9t/jWZpGkWVzYrNKGLFmHDEdGI7GgDUH/I + wn/r1/8AZ6TX/wDkHH/fT/0IVmf2RZf2ybXDeX5G/wC8c53Y60avpFlbWZli + DBtyjliepx3NAHW1i6D/AMeLf9dJP50f2Bpv91/++2/xrM0nSLK5tTJKGLb3 + HDEcA+xoA02/5GBP+vY/+h0eIP8AkFS/VP8A0IVmNpFkNYW1w3lmAv8AeOc7 + sdc0axpFla6fJNCGDKVxlierAdDQB1tY2h/8e03/AF3k/nSf2Bpv91/++2/x + rM0rSLK4hleUMSsrqMMRwDx3oA1Jf+Q9B/1wb+dL4g/5BFx9F/8AQhWVJpFk + NWitgG2NEzH5jnIPrml1jR7K206aeIMHXGMsSOWA6E0AdWv3R9KxtE/1d3/1 + 8yf0pF0DTiAdr/8Afbf41m6XpFlcJcGUMdk7oMMRwOnegDTuP+Q5af8AXOSp + dc/5BNz/ALo/mKx5tIsl1W3twG2Ojk/Mc5Hvmn6ro1jb6fNNErBkGRlye/oT + QB00P+qT/dH8qytH633/AF9Sf0qOPQdOaNWKvkgfxt/jWfpukWU5u/MDfu53 + QYYjgYx3oA1Lv/kNWH+7L/IVNrP/ACC7n/cNYtxpFkmp2luobZIshPzHPyjj + nNS6no1jb2E80atuRSRl2P8AWgDobX/j2i/3F/lWZpP+u1D/AK+G/kKig0LT + 3gjdlfLKCfnbuPrVHTtIsp5bxZA2Ipiq4YjgD60Aal9/yF9M/wC23/oFWdW/ + 5Bl1/wBc2/lWFdaRZR6jYwKrbJvN3fMc/KuRznip9Q0WwhsZ5o1bciMRl2PI + H1oA3bL/AI84P+ua/wAqz9L/AOPvUP8ArqP5VXtdD0+S2hkZXyyKT87dSPrV + Ow0iymubxHDYik2rhiOMfWgDT1D/AJCWm/70n/oNXdT/AOQddf8AXJ//AEE1 + z95pFlFfWUKBtsrOG+Y9hn1qzfaJYQ2VxKituSNiMux5APvQBsad/wAg+1/6 + 5J/6CKo6d/yEdR/30/8AQarWWiWEtnBK6tueNWPzsOSM+tVbLSLKW8vYnVts + TKF+Y9xn1oA1NT/4/dO/66n/ANBq/f8A/Hjcf9c3/ka5y+0iyhurKNA2JXIb + LE8Y+tW7vQ9PjtZpEV9yIxHzt1A+tAGnpf8AyDbX/rmv8qq2H/IW1L6xf+g1 + TsNEsJrGCV1bc6KTh2HJH1qvaaRZSahfQsG2xGPb8x/iXJ70Aaeq/wDHxp// + AF3H8q0rv/j1m/3G/lXNahpFlDNZpGGxLKFbLE8Y+tXbjQtPS3ldVfKqxHzt + 2H1oAvaP/wAgu2/3BUFn/wAhnUPpD/6Cao6botjPYQTSK251BOHYf1qG20iy + k1O8gYNsiEe35jn5hzzQBqax9+w/6+U/rWpP/qJP90/yrl9S0iyga0EYb95O + qNlieDmr8uhacsTsFfIBP32/xoAtaJ/yCrb/AHf61Dbf8hu8/wCucdUNL0ax + uNPgmlVizrk4cjv9ajg0iyfVLm3YNsjRCPmOeevOaANPWvu2X/X1F/Wth/uN + 9DXKanpFlbi2MYb95OiHLE8HOe9aL6DpwUkK/A/vt/jQBLoP/IIt/of/AEI0 + 2H/kO3H/AFxT+dZmkaPY3OnQzyqxdgc4YgdSOgNJFpFk2rTWxDbFjVh8xzkn + 1zQBqa3/AKi3/wCu8f8AOtmuS1TSLK3ihaJWBaZFOWJ4J5rT/sDTf7r/APfb + f40AHh7/AJBEH/A//QjQn/IwSf8AXuP/AEKszRtIsrrTop5gxdt2cMR0YjoD + QukWR1h7UhvLEIb7xzndjrmgDT13/jzT/rrH/OtquS1bSLK2tlkiDAmRF5Yn + gn3Naf8AYGm/3X/77b/GgBdA/wCQav8Avv8A+hGj/mYf+3X/ANnrL0jSLK5s + lllDFizDhiOjEdjR/ZFl/bP2XDeX9n3/AHjnO/HXNAGpr/8AyDj/AL6f+hCt + muS1fSLK2sjLErBtyjliepA71p/2Bpv91/8Avtv8aAF0L/jyb/rrJ/6FSP8A + 8jBH/wBe5/8AQqzNJ0iyubUyShiQ7jhiOAfY0NpFkNYS1w3lmEv945zux1zQ + Bp+If+QTN9U/9CFbVclrGkWVrp0s8IYOpXGWJ6sB0JrT/sDTf7r/APfbf40A + Lon/AB7z/wDXeT+dEv8AyHbf/ri/86y9K0iyuIZWlDErK6jDEcA8d6JNIsl1 + aG2AbY0TMfmOcg+uaANXX/8AkEXH0X/0IVrr90fSuU1fR7G206aeIMHUDGWJ + HUDoTWiugacQDtf/AL7b/GgB2i/cu/8Ar5l/pSXP/Ics/wDrnJWZpekWVwty + ZAx2TugwxHA6UTaRZJqttbhW2Ojk/Mc5HvmgDY1v/kFXP+7/AFrRh/1Mf+6P + 5VzOq6NY2+nzzRKwZBkZcnv6Zq7FoOnNGjFXyQD99v8AGgCTR/vX/wD18yf0 + ou/+QzYf7sv8hWXpukWU7XYkDfu53QYYjgY96LjSLJNTs7dQ2yUSbvmOflHH + OaANvWf+QXc/7hq3a/8AHtF/uL/Kue1LRrGCwnmjVtyKSMux/rVmDQtPeCN2 + V8soJ+du4+tAEuk/6/UP+u5/kKL7/kL6Z/22/wDQazNP0iynlvFkVsRSlVwx + HGPrRd6RZR6jYwIG2TeZu+Y5+VcjntQBu6t/yDLr/rm38qmsf+PK3/65p/IV + h6hothDYzzRq25EYjLseQPrUtroenyWsMjK+WRSfnbqR9aALGmf8fmo/9dR/ + KjUP+Qlpv+/J/wCg1l2OkWU1zeRuGxFIAuGI4x9aLzSLKK9sokDbZWcN8x7D + PrQB0Gpf8g66/wCuT/8AoJpdO/5B9r/1yT/0EVj32iWEVlcSorbkjdh87HkA + n1pbLRLCWzgldW3PGpPzsOSPrQBZ07/kJal/vp/6DRqf/H7p3/XU/wAqzLLS + LKW9vYnDbYmUL8x7jPrRfaRZQ3VlGgbbLIQ2WJ4xQB0d9/x5XH/XN/5GotK/ + 5Btr/wBc1/lWbdaHp8drNIqvlUYj526gfWotP0WwmsYJZFbc6KTh2HJH1oAu + 2P8AyFtS+sP/AKDRqv8Ax8af/wBdx/I1l2mkWUmo30DBtkXl7fmP8S5PPejU + NIsoZrNYw2JZQrZYnjH1oA6a6/49Zv8Acb+VVNG/5Bdt/uCqNxoWnpBI6q+V + UkfO3YfWq+m6NYz2EE0itudQTh2H9aAL1n/yGtQ/3Yv/AEGjWPv2H/XzH/Ws + y20iyfU7y3YNsiEe35jn5hzzmjUtIsoGtBGG/eTojZYng5oA6mb/AFMn+6f5 + VnaJ/wAgq2/3f61Xl0HTljdgr5AJ++3+NUtK0axuNPgmlVizjJw5Hf0zQBo2 + 3/IbvP8ArnHSa19yz/6+Yv61mQ6RZPqlzbkNsjRCPmOcn3zRqmkWVutsYgw3 + zohyxPBzmgDq3+430NZOgf8AIIt/o3/oRpjaDpwUna/T++3+NZ2kaPY3OnQz + yhi7A5wxA6kdAaANKH/kPXH/AFxT+dLrf/HvB/13j/nWXHpFk2rTWxDbFjVh + 8xzkn1zRqukWVvDE0QYFpUU5YngnnqaAOtrG8P8A/IJg+r/+hGk/sDTf7r/9 + 9t/jWZo+kWV1p0U8wYu27OGI6MR0FAGon/Ifk/69x/6FRrv/AB5p/wBdY/51 + lrpFkdYe2IbyxCG+8c53Y65o1bSLK2tlkiDAmRByxPBPvQB1tYugf8g1f99/ + /QjR/YGm/wB1/wDvtv8AGszSNIsrmyEsoYsWYcMR0JHY0Aan/Mw/9uv/ALPR + r/8AyDW/30/9CFZf9kWX9s/ZdreX9n3/AHjnO/HXNGr6RZW1k0sQYMGUcsT1 + IHc0AdbWNoX/AB5v/wBdZP50n9gab/df/vtv8azNJ0iyubZpJQxIkccMRwD7 + GgDTf/kYI/8Ar3P/AKFS+IP+QTP9U/8AQhWW2kWQ1hLUBvLMJb7xzndjrmjW + NIsrXTpZ4QwdduMsT1YDoaAOtrF0P/UXH/XeT+dH9gab/df/AL7b/GszStIs + riKZpVYlZXUYYjgHjvQBqTf8h23/AOuL/wA6dr3/ACCLj6D/ANCFZMukWS6t + DbANsaNmPzHOQfXNLq+j2Ntp008SsHUDGWJHUDoTQB1SfcX6CsjRfu3n/XzL + /SmroOnFQdr9P77f41m6ZpFlcLcmQMfLnkQYYjgYx3oA1Ln/AJDdn/1zkqTW + /wDkFXP+7/WsebSLJNUtrdQ2x0cn5jnI6c5p+qaNY2+nzzRK25FyMux7/WgD + pYP9RH/uj+VZWj/fv/8Ar5k/pUcWhac0SMVfJAP32/xqhpukWU7XYkVv3c7o + uGI4GPegDTvP+Q1p/wDuy/8AoNWNY/5Bdz/uGsS50iyTU7O3UNslEhb5jn5R + xzmptS0WwgsJ5o1bcikjLsf60AdBa/8AHrD/ALi/yrN0r/j41D/ruf5CoLfQ + tPeCN2V8soJ+du4+tUtP0iymmvFkDYilKrhiOMfWgDTv/wDkLab9Zf8A0Gre + q/8AINuv+ubfyrBu9Iso9RsYEDbJjJu+Y/wrkc54qfUNFsIbGeaNW3IjEZdj + yB9aANyw/wCPG3/65p/IVn6Z/wAfuo/9dR/Kq9poenyWsMjq+50Un526kfWq + ljpFlNdXsbhtsUgC4YjjFAGpqP8AyEdO/wB9/wD0Gruo/wDIPuv+uT/+gmue + vdIsor2yiRW2yswb5j2GatXuiWEVnPKituSNmHzseQM+tAGtpv8AyDrX/rkn + /oIqnp//ACEtS/34/wD0GqljolhLZW8rq2540Y/Ow5IB9arWekWUt7exOG2x + MgX5j3XPrQBp6p/x+ad/11P8q0L7/jyuP+ub/wAjXOX+kWUNzZxoGxLIVbLE + 8Y+tXLrQ9PjtZpFV8qjEfO3UD60AaOk/8gy1/wCua/yqrY/8hfU/+2P/AKDV + PT9FsJrGCaRW3Oik4dhyR9agtNIspNRvoGDbIfL2/Mf4lyec80Aamrf6/T/+ + u6/yNaV1/wAe0v8AuN/KuZ1DSLKGWzWNWxLMFbLE8YNXp9C09IJHVXyqkj52 + 7D60AXdG/wCQXbf7gqvaf8hq/wD92L+VUdN0axnsIJpFbc6gnDsP61Fb6RZP + qd3bsG2RCMr8xz8w55zQBp6z96w/6+o/61rTf6mT/dP8q5bUtIsoDaCMN+8n + RGyxPBznvWhLoOnLG7BXyAT99v8AGgCxof8AyCbb/dP8zUdv/wAhy7/65x1n + aVo1jcafDNKrFnGThyO/1pkOkWTarcW5DbERCPmOcn3zQBqa19y0/wCvmL+t + bDfdP0rk9U0iyt1tjGGG+dEOWJ4PWtJtA04Ana//AH23+NAD9A/5BFv9G/8A + QjTYv+Q9P/1xX+dZukaPY3OnQzyhi7A5wxA6kdAaSPSLJtWltirbFiVh8xzk + n1zQBp65/wAe8H/XeP8AnW1XJarpFlbQxPEGBaVFOWJ4J571p/2Bpv8Adf8A + 77b/ABoAXw//AMgmH6v/AOhGhf8AkYH/AOvYf+h1l6PpFldafHNKGLMWzhiO + jEdjQukWR1hrXDeWIQ/3jnO7HXNAGprv/Hkv/XWP/wBCrZrktW0iytrUSRBg + S6DlieCfc1p/2Bpv91/++2/xoANA/wCQcP8Aff8A9CNB/wCRiH/Xr/7PWZpG + kWVzZiWVWLbmHDEdDjsaP7Isv7ZFrhvL8jf945zux1zQBp+IP+Qa/wDvJ/6E + K2q5LV9IsraxaaIMGDKOWJ6kDua0/wCwNN/uv/323+NAC6F/x6Sf9dZP50P/ + AMh+L/r3b/0KsvStIsrm2d5QxIkdeGI4B9jViCxt7PXY0gBA8lm5JPOcd6AO + looooAKKKKACiiigAooooA//1v3Pl/tn+1YN32fzvLbbjftx3z3zT9W/tr+z + pvtP2fysDds37uo6Z4pkur2TarBchm2JG6n5Gzk+2Kfq2sWNzp00ETMXcDGU + Ydx3IoAvR/8ACQbFx9lxgf36ztM/tn/S/s/2f/j4k379/wB/jOMdvStGPXtO + CKCz5AH8Df4VnaZq9lb/AGvzGYeZcSOMIx4OMdBQAXH9s/2pa7/s/nbX2Y37 + cY5z3+lS6n/bf2Cf7R9n8vb82zfux7Z4qK41eyfVLW4Vm2Rq4PyNnkccYqXU + 9ZsLiwnhiZizrgZRh+pFAFqH+3/Jj2fZdu0YzvzjFUNO/tnzLzyPs+fObfu3 + /e4zjHb61fh13TkhjVmbIUA/I3p9Koadq9lBJeGRmAkmZlwjHg49qAC6/tn+ + 0rLzPs/m/vdmN+37vO7v06YqfUf7c+wz+f8AZvL2Hdt37se2agutXspNSsp1 + ZtkXm7vkb+JcDjHNT6jrVhPYzwxsxZ0IGUYc/lQBNbf299mi8v7Nt2LjO/OM + cZqlp/8AbP2i88n7Pu83592/G7HbHb61dttc0+O2ijZmyqKD8jdQPpVKw1ey + huLx5GbEsm5cIx4x9KAC8/tn7fY+b9n8zL7Mb9v3ed2eenTFWb/+3fsVx532 + by/Lbdt35xjnGe9VrzV7GW/sZkZtsRct8jDquBxjmrN/renzWVxEjNueNgPk + YckfSgB1n/b32SDyvs2zYu3dvzjHGcd6qWX9s/a73yfs+/eu/dvxnHG3H9at + 2euafFaQRuzbkRQfkY8gfSqllq9lFd3sjs22V1K/Ix4A+nFABff2z9rsvO+z + 797bNu/Gcc7s/wBKt3n9vfZJ/N+zbNjbtu/OMc4z3qpfavZTXdlIjNtidi3y + MOCPpzVu81zT5bSeJGbc6MB8jDkj6UANsP7d+xQeT9m8vYu3dvzjHGcd6rWf + 9s/b77yvs/mZTfnft+7xtxz065qzYa3YQ2UETs25EUH5GPIH0qtZ6vZRX99M + 7NtlKFfkY9FweMcUAF//AGz59n532fd5vybd+N2O+e30q7c/2/8AZ5fM+zbd + jZxvzjHOKpX+r2M09m8bMRFLub5GHGPpV251zT5LeVFZssjAfI3Uj6UAQ6d/ + bn2GDyPs3l7Bt3b92PfFQWv9s/2ne+X9n83Ee/O/b93jb36dc1Pp2tWEFjBD + IzBkQA4Rj/SoLXV7KPU72dmbZKI9vyN/CuDxjigA1L+2fMs/P+z585dm3f8A + e5xnPb6Vfm/t/wAmTf8AZdu05xvzjFUNR1eyne0MbMRFMrtlGHAz7Vfm13Tn + hkUM2SpH3G9PpQBU0v8Atv8As+D7P9n8vb8u/fux744qOD+2f7Uutn2fztqb + 879uMcY7/WpNL1mwt9PghlZgyLg4Rj+oFRwavYpql1cMzbJFQD5GzwOeKADU + /wC2f9E+0fZ/+PiPZt3/AH+cZz29a0X/AOEg2Nn7LjB/v1nanq9lcfZfLZj5 + dxG5yjDgZz1FaL69pxRgGfkH+Bv8KAKOk/21/Z0P2b7P5WDt3793U9ccUyL+ + 2f7Wn2/Z/O8td2d+3HbHfNP0nWLG206GCVmDoDnCMe57gUyLV7JdVnuCzbHj + QD5Gzke2KADVf7Z8uD7T9nx5ybdm/wC92znt61pn/hIf+nX/AMfrM1XV7K4j + gWJmJSZGOVYcDr1FaZ1/Tf7z/wDfDf4UAZmjf2z/AGbD9l+z+V823fv3feOc + 4460J/bP9ryY+z+d5Iz9/Ztz+eaNG1extdNhgmZg67s4Rj1YnqBQmr2I1eS5 + LN5bQhR8jZyDnp1oANW/tn7On2n7Pt8xMbN+d2eOvatT/iof+nX/AMfrL1bV + 7G4t0SJmJEiNyjDgHnqK1P7f03+8/wD3w3+FAGXo/wDbP2BPsv2fy9zY3792 + dxz0460D+2f7ZP8Ax7+f5A/v7Nu7885o0fV7K1sEhmZgwZjwjHqxPYUDV7H+ + 2Tdbm8vyAn3GzndnpjNABq/9s/Y/9K+z7N6fc35znjrWp/xUP/Tr/wCP1l6v + q9lc2flRMxbeh5RhwD7itT+39N/vP/3w3+FAGXpP9s/ZD9m+z7N7/f35znnp + 2oP9s/2wufs/n+Qf7+zbu/POaNJ1extrQxyswbe54RjwT7Cg6vY/2wt1ubyx + AU+42c7s9OtABrH9s/2fJ9q+z+Xlc7N+77wx1461qf8AFQ/9Ov8A4/WXrGr2 + Nzp8kMLMWJXGUYdGB6mtT+39N/vP/wB8N/hQBl6V/bPkSfZvs+3zXzv353Z5 + xjt6USf2z/a8W77P53lNj7+3bnnPfNGlavY28EiSswLSuwwjHgnjoKJNXsjq + 8VyGby1iZT8jZyT6YoAXWP7Z/s2b7V9n8r5d2zfu+8MYzx1rSH/CQ4H/AB6/ + +P1m6xq9jdabNBCzF224yjDowPUitIa/puB8z/8AfDf4UAZml/2z5dx9m+z4 + 8592/f8Ae74x29KJv7Z/tW33fZ/O2Ptxv247575o0vV7K3S4ErMC8zuMIx4P + ToKJtXsW1W3uAzbERwfkbOT7YoAfq39tf2fN9p+z+Vgbtm/d1HTPFXo/+Eg8 + tcfZcYH9+qOraxY3OnzQRMxdwMZRh3Hcir0evacEUFnyAP4G/wAKAM7TP7Zz + d/Z/s/8Ax8Pv3b/v8Zxjt6ZouP7Z/tS03/Z/O2ybMb9uMc57/SjTNXsrc3fm + Mw8y4d1wjHg4x2ouNXsn1S0uFZtkayBvlbPI44xQBLqf9t/YJ/tH2fy9vzbN + +7HtnirUH9v+THs+y7doxnfnGKq6nrNhcWE8MTMWdcDKMP1Iq1BrunJDGjM2 + VUA/I3YfSgChp39s+ZeeR9nz5zb92/72BnGO31ouv7Z/tKx8z7P5v73y8b9v + 3fm3d+nTFGnavYwSXjSMwEszMuEY8ED2outXspNSsZ1ZtkPm7vkb+JcDjHNA + E+o/259hn8/7N5ew7tu/dj2zU1t/b32aLy/s23YuM784xxmodR1qwnsZ4Y2Y + s6EDKMOT+FTW2uafHbRIzNlUUH5G6gfSgClYf2z9ovPJ+z7vM+fdvxnHbHb6 + 1yvjDxvpvhG4tJvE2pWVpKm9kQF3cgjGTGuXIPYgV8//ABO+P1xY3eoaD4Cl + CtJIRLfYyRgYKxA8Z9X/AO+fWvkm5urm9uJLu8leeeUlnkkYs7MepJPJNfqX + DfhpVxMFXxknCL2S+J/5fiz4nOOMYUZOnh1zNden/BPtnVf2n/D+2W0trOa6 + RwVLrGEUgjGRufP5rWdD+1TYwQxwJo8hWNQoyVzgDH96vjCiv0CHhplSVnBv + /t5/pY+Wlxjjm7qSXyR9lQftR6fBNPOmjylpyC2SuBgY4+aif9qPT7iWGZ9H + lBgYsuCuCSMc/NXxrRV/8Q3yn/n2/wDwJ/5k/wCuGO/mX3I+z5v2qbGaJ4W0 + eQCRSpwVzgjH96kt/wBqewtoI7dNHlKxqFBJXOB/wKvjGij/AIhvlP8Az7f/ + AIE/8w/1wx38y+5H2VD+1Hp8NxPcro8pa42lgSuBtGBj5qLj9qPT7mSGR9Hl + BgbeuCvJ9/mr41oo/wCIb5T/AM+3/wCBP/MP9cMd/MvuR9oSftVWUsbRto0g + Dgg4K9/+BUy2/amsLWCO3j0eUrGMAkrnj/gVfGVFH/EN8p/59v8A8Cf+Yf64 + Y7+Zfcj7Ki/aj0+K5mul0eUvPt3AlcDaMDHzUXP7Uen3TQtJo8o8lxIMFeSP + X5ulfGtFH/EN8p/59v8A8Cf+Yf64Y7+Zfcj7Rf8AarsnRkOjSYYEdR3/AOBV + Fa/tS2FpbpbR6PKVjGASVz/6FXxnRR/xDfKf+fb/APAn/mH+uGO/mX3I+yo/ + 2o9PjupbtdHl3zBQRlcfL0x81F1+1Hp935Qk0eUeVIsgwV6r0z83SvjWij/i + G+U/8+3/AOBP/MP9cMd/MvuR9pn9q2yII/saTn3H/wAVVe0/ak0+ytktotHl + Kx8Akrnrn+9XxpRR/wAQ3yn/AJ9v/wACf+Yf64Y7+Zfcj7KX9qPT0u3vBo8u + +RQpGVxgf8Cou/2o9PvFRJNHlAjdXGCvVen8VfGtFH/EN8p/59v/AMCf+Yf6 + 4Y7+Zfcj7U/4aus/+gNJ+Y/+KqrZftR6fY2yWsWjysiZwWK55Oeze9fGtFH/ + ABDfKf8An2//AAJ/5h/rhjv5l9yPsoftR6et416NHl3sgTGVxgHP96i7/aj0 + +8jEUmjygKwbgr1Xn+9XxrRR/wAQ3yn/AJ9v/wACf+Yf64Y7+Zfcj7U/4aus + /wDoDSfmP/iqq2f7Uen2UAt4tHlKgk8lc8nP96vjWij/AIhvlP8Az7f/AIE/ + 8w/1wx38y+5H2V/w1Hp/237d/Y8u/wAvy8ZXGM5/vdaLz9qPT72HyJdHlC5B + 4K54Of71fGtFH/EN8p/59v8A8Cf+Yf64Y7+Zfcj7U/4aus/+gNJ+Y/8Aiqq2 + n7Uen2URhi0eUgsW5K5yTn+9XxrRR/xDfKf+fb/8Cf8AmH+uGO/mX3I+yj+1 + Hp5vBff2PLvCeXjK4xnP97rReftR6ffW7W0ujyqrYOVK54Of71fGtFH/ABDf + Kf8An2//AAJ/5h/rhjv5l9yPtT/hq6z/AOgNJ+Y/+KqraftR6fZo0cejykOz + Oclerdf4q+NaKP8AiG+U/wDPt/8AgT/zD/XDHfzL7kfZTftR6e12l6dHl3op + QDK4wTn+9ReftR6fe2z2sujyhXxkqVzwc/3q+NaKP+Ib5T/z7f8A4E/8w/1w + x38y+5H2mP2rbIDH9jSfmP8A4qq1r+1Hp9oJFj0eU+a7SHJXq3XHzdK+NaKP + +Ib5T/z7f/gT/wAw/wBcMd/MvuR9lP8AtR6e93HeHR5d8SlQMrjDf8Cpbv8A + al0+8t3tpNHlCyDBIK5/9Cr40oo/4hvlP/Pt/wDgT/zD/XDHfzL7kfaS/tWW + SqFGjScDHUf/ABVV7b9qPT7XzTHo8p86RpDkrwW64+bpXxrRR/xDfKf+fb/8 + Cf8AmH+uGO/mX3I+ypP2o9PluobttHl3whgACuPm65+anXX7U1hd2720mjyh + ZBgkFc/+hV8Z0Uf8Q3yn/n2//An/AJh/rhjv5l9yPtGP9quyjRY10aTCgAcj + t/wKoLb9qPT7Vpnj0eUmdy5yV4J9Pmr41oo/4hvlP/Pt/wDgT/zD/XDHfzL7 + kfZUv7UenzXMF02jyhrfdtAK4O8YOfmp9x+1PYXMElu+jyhZAVJBXOD/AMCr + 4yoo/wCIb5T/AM+3/wCBP/MP9cMd/MvuR9oRftVWMMSRLo8hCAKMle3H96oY + P2o9Pt5JpU0eUmdtzZK8Hpx81fGtFH/EN8p/59v/AMCf+Yf64Y7+Zfcj7Km/ + aj0+eeC4fR5Q1uSVwVwdwxz81ST/ALVFjcQSQPo8gWRSpwVzgjH96vjGij/i + G+U/8+3/AOBP/MP9cMd/MvuR9nwftUWMEMcCaPIVjUKMlc4Ax/eqKD9qPT4J + p500eUtOQWyVwMDHHzV8a0Uf8Q3yn/n2/wDwJ/5h/rhjv5l9yPtVP2ntCvbi + B73Tp7fyW3AqqsuTxz+8zj6CvX9A+KOheMreSHRtWsZJmRswN5kU+Mc7UkAL + YHpkV+ZdKrMrBlOCOQR1Brzsd4W4CpH9zKUH63X3P/NHVhuNsVF/vEpL7v6+ + 4/W6w/t37DB5P2by9i7d2/OMcZx3qvaf2z/aF95X2fzcx7879v3eNvfp1zXx + 38Jv2hdQ0GSDQPG8rXmmcJHdH5poB0G7u6f+PD36V9gafrumvd3d7HKZILkR + NG6qWDLt6jHY9q/GuIOG8TltX2ddaPZrZ/11R+h5Vm9HGQ56T1W66ok1D+2f + Os/P+z7vNGzbvxux3z2+lXbj+3/s8vmfZtu1s435xjnFUtQ1eymms3jZiIpQ + zZRhxj6VeuNd057eVFZssrAfI3cfSvAPUK+m/wBufYIPs/2fy9o27t+7Hvji + obb+2f7TvPL+z+biPfnft6cY7/XNTabrVhBYQQyMwZFAOEY/0qG21exj1O8n + Zm2SiPb8jZ+Uc8UAGpf2zutPP+z589dm3f8Ae5xnPb6VoS/8JB5T7vsuNpzj + fnGKz9S1exna0MbMfLnV2yjDgZrQl17TmidQzZKkfcb0+lAFPS/7b/s+D7N9 + n8vb8u/fuxnvjio4P7Z/tW52fZ/O2Juzv247Y7/WpNL1mxt9PghlZgyLg4Rj + 39QKjg1eyTVbm4Zm2SIgHyNnI68YoANU/tnFr9o+z/6+Pbs3/f5xnPb1rSf/ + AISHY2fsuMH+/Wbqmr2VwLbymY+XOjnKMOBnPUVpPr2nFSAz8g/wN/hQBn6R + /bX9nQ/Zfs/lYO3fv3dT1xxTYv7Z/tabb9n87y13Z37dueMd807SNYsbbToY + JWYOoOcIx7k9QKbFq9iurTXJZtjRqo+Rs5B9MUAGq/2z5UP2n7Pjzk27N+d2 + eM57etan/FQ/9Ov/AI/WXqur2NxFCsTMSsyMcow4B561qf2/pv8Aef8A74b/ + AAoAy9G/tn+zovsn2fyvmxv37vvHOccdaF/tn+2Hx9n8/wAkZ+/s27vzzmjR + tXsrXTooJmYOu7OEY9WJ6gULq9kNYe5LN5ZhC/dbOd2emM0AGrf2z9mT7T9n + 2eYmNm/Oc8de1an/ABUP/Tr/AOP1l6tq9lc2yxxMxIkRuVYcA+4rU/t/Tf7z + /wDfDf4UAZekf2z9hX7L9n8vc339+c5OenHWj/ic/wBs/wDLv5/2f/b2bN/5 + 5zRpGr2NtZLFKzBgzHhGPUk9hR/a9l/bP2rc3l/Z9n3GznfnpjNABq/9s/Yj + 9q+z+XuX7m/OcjHWtT/iof8Ap1/8frL1fV7G5sjFEzFtynlGHQg961P7f03+ + 8/8A3w3+FAGXpP8AbP2Vvs32fZvf7+/Oc89O1Df2z/bCZ+z+f5Jx9/Zt3fnn + NGk6vY21qY5WYMXc8Ix4J9hQ2r2R1hLrc3liEp9xs53Z6YzQAaz/AGz/AGdL + 9q+z+Vlc7N+77wxjPHWtT/iof+nX/wAfrL1nV7K606WCFmLsVxlGHRgepFan + 9v6b/ef/AL4b/CgDL0r+2fJl+zfZ9vmvnfvzuzzjHb0ok/tn+1od32fzvKbG + N+3bnnPfNGlavZW8MqyswLSuwwjHgnjoKJNXsW1aG5DNsWJlPyNnJPpigBdX + /tr+zpvtX2fysDds37uo6Z4rRX/hIdox9l/8frO1fWLG506aCJmLsBjKMO4P + UitFdf00KBuf/vhv8KAM3S/7Z23P2f7Pjz33b9/3u+MdvSib+2f7Vtt/2fzt + j7cb9uO+e9Gl6vY263IlZhvndxhGPB6dKJtXsn1W2uAzbI0cH5Gzk+2KAJNV + /tv+z5/tP2fysfNs37sZ7Z4q5F/wkHlpt+y4wMZ31T1XWbG40+eGJmLOMDKM + O/qRVyLXtOWNFLNkAD7jf4UAZ+m/2zuu/s/2f/Xvv3b/AL/GcY7UXP8AbP8A + adn5n2fzcSbMb9vTnPf6Yo03V7GBrsyMw8yd3XCMeDj2ouNXsn1OzuFZtkQk + 3fI38Q44xQBNqf8Abf2Cf7R9n8vad23fux7Z4qxB/b/kR7Psu3aMZ35xiq+p + 6zYT2E8MbMWdSBlGH64qxBrunJBGjM2VUA/I3YfSgCjp39s+deeR9n3ead+7 + fjdjtjt9aLv+2f7RsfN+z+b+88vG/b93nd36dMUadq9lBNeNIzYllLLhGPGP + pRd6vZSajYzozbIfM3fI38S4HGOaAJ9Q/tz7DP5/2by9jbtu/djHOM1La/29 + 9lh8v7Ns2LtzvzjHGai1DWrCaxnhjZizowGUYckfSpbXXNPjtYY2ZtyooPyN + 1A+lAFOx/tn7TeeT9n3+YN+7fjOO2O31ovP7Z+22Xm/Z/M3Ps278Zxzuz7el + Fjq9lDc3kjs2JZAV+Rjxj6UXmr2Mt7ZSozbYmct8jDqMenNAFq+/t37Fced9 + m8vy33bd+cYOcZ70WX9u/Y4PJ+zbPLXbu35xgYzjvRfa3p8tlcRIzbnjdR8j + Dkgj0ostb0+Kzgidm3JGoPyMeQB7UAVbL+2ftt75X2fzNy792/Gccbcf1ov/ + AO2ftVl532ff5h2bd+M4/iz2+lFlq9lFe3srs22VlK/Ix6DHpxRfavZTXVlI + jNiKQlvkYcY/WgC5df299lm8z7Ns2NuxvzjHOKj0/wDtz7DB5H2by9i7d2/O + McZx3qS61zT5LWaNWbcyMB8jdSPpUen61YQ2MEMjNuRFBwjHkD6UAV7T+2f7 + RvvK+z+b+78zO/b93jb36dc0ah/bPnWfn/Z93mjZt343Y757fSi01eyj1G+n + dm2S+Xt+Rv4VweO1GoavZTTWbRsxEUoZvkYcY+lAF64/t/yJN/2bbtOcb84x + 2qvpn9t/YIPs/wBn8vaNu7fux744qxca7pzwSIrNllIHyN3H0qvpus2EFhBD + IzBkUA4Rj/SgCG2/tn+07zy/s/m4j3537enGO/1zRqX9s7rT7R9nz56bNu/7 + 3OM57fSi21eyTU7y4Zm2SiML8jZ+Uc8Yo1LV7KdrQxsx8udHbKMOBmgDQl/4 + SDy33fZcYOcb6p6V/bf9nwfZvs/lY+Xfv3Yz3xxVyXXtOaN1DPkgj7jf4VT0 + rWbG30+CGVmDIMHCMe/qBQBHB/bP9q3Oz7P52xN2d+3HbHf60ap/bO22+0fZ + 8eem3Zv+9zjOe3rRBq9kmq3NwzNsdEA+Rs5HXjFGqavZXC2wiZj5c6Ocow4G + c9RQBpN/wkO05+y9P9us7SP7a/s6H7L9n8rB279+7qeuOK0W17TSpAZ+n9xv + 8KztI1ixttOhglZg6g5wjHuT1AoASP8Atn+15tv2fzvKXdnft254x3zRqv8A + bPkxfafs+3zUxs353Z4znt60R6vZLq01yWbY0SqPkbOQfTFGq6vZXEMSxMxK + yoxyrDgHnqKANT/iof8Ap1/8frL0f+2f7Oi+y/Z/K+bG/fu+8c5xx1rU/t/T + f7z/APfDf4Vl6Pq9la6dFBMzB13ZwjHqxPUUAC/2z/bD4+z+f5Iz9/Zt3fnn + NGrf2z9mX7T9n2eYmNm/Oc8de1C6vZDWHuSzeWYQv3GzndnpjNGravY3Nssc + TMSJEblGHAPuKANT/iof+nX/AMfrL0f+2fsQ+y/Z/L3N9/fnOeelan9v6b/e + f/vhv8Ky9H1eytrIRSswYMx4Rj1JPYUAH/E5/tn/AJd/P+z/AO3s2b/zzmjV + /wC2fsTfavs/l7l+5vznIx196P7Xsf7Z+1bm8v7Ps+42c789MZo1fV7G5smi + iZixZTyjDoQe4oA1P+Kh/wCnX/x+svSf7Z+zN9m+z7PMfO/fnOeenatT+39N + /vP/AN8N/hWXpOr2VtbNHKzAmRzwjHgn2FAA39s/2wmfs/n+Scff2bd355zR + rH9s/wBnS/avs/lfLnZv3feGMZ460Nq9kdYS6DN5YhK/cbOd2emM0axq9lda + dLBCzF224yjDowPUigDU/wCKh/6df/H6y9K/tnyZvs32fb5r53787s84x29K + 1P7f03+8/wD3w3+FZelavZW8MyyswLSuwwjHgnjoKACX+2f7Wh3fZ/O8ttuN + +3bnnPfNO1f+2v7Om+1fZ/KwN2zfu6jpnimy6vYtq0NyGbYsbKfkbOSfTFO1 + fWLG506aCJmLsBjKMO4PUigDQX/hIdox9l6f7dZumf2ztufs/wBn/wBfJu37 + /v8AfGO3pWkuvaaFALP0/uN/hWbpmr2NutyJWYeZPI4wjHg4x0FABP8A2z/a + ttv+z+dsfbjftx3z3+lSar/bf9nz/afs/lY+bZv3Yz2zxUc+r2T6rbXCs2xE + cH5Gzk9OMVJqus2Nxp88MTMWdcDKMO/qRQBci/4SDyk2/ZcbRjO/OMVn6b/b + O67+z/Z8+e+/dv8AvcZxjt9a0Ite05YkUs2QoH3G9PpWfpur2UDXZkZh5k7u + uEY8HHtQAXP9s/2nZ+Z9n83EmzG/b05z3+mKm1L+3PsE/wBo+z+XtO7bv3Y9 + s8VDc6vZPqdncKzbIhIG+Rs/MOOMVNqWtWE9hPDGzFnUgZRh/SgCxb/2/wCR + Hs+zbdoxnfnGO9UdP/tnzrzyPs+7zTv3b8bsdsdvrV6313TkgjRmbKqAfkbs + PpVHT9XsoZrxpGYCWUsuEY8Y+lABd/2z/aNj5v2fzcyeXjft+7zu79OmKsah + /bn2Gfz/ALN5ext23fnGOcZ71Xu9XspNRsZ0ZtkJk3fIw+8uBxjmrGoa1YTW + M8MbNudGAyjDkj6UASWn9vfZYfK+zbNi7c784xxn3qnYf2z9qvfJ+z7/ADBv + 3b8Zx/Djt9auWmuafHawxuzbkRQfkbqB9Kp2Or2UN1eyOzYlkBX5GPGP0oAL + 3+2fttl5v2fzNzbNu/Gcc7s/0q1e/wBu/Y5/O+zbPLbdt35xg5xnvVW91exl + vbKVGbbEzFvkYdRj8atXut6fLZzxIzbnjZR8jDkjHpQAWP8Abv2K38n7N5fl + pt3b84wMZx3qrZ/2z9tvfK+z+ZuTfu34zjjbj29atWOt6fFZW8Ts25I0U/Ix + 5AA9Kq2er2MV7eyuzbZWQr8jHoMenFABf/2z9psvO+z7/MOzbvxnH8We30q5 + df299lm8z7Ns2NuxvzjHOKp3+r2U1zZyRs2IpCzfKw4x9OauXWuafJazRqzb + mRgPkbqR9KAItP8A7c+wweR9m8vYu3dv3YxxnFQWn9s/2jfeV9n83935md+3 + 7vG3v065qfT9asIbGCGRmDIig4RjyB9KgtNXso9Rvp3Ztk3l7fkb+FcHjHFA + BqH9s+bZ+f8AZ8+cNm3fjdjvnt9KvT/2/wCRJv8Asu3ac435xiqOoavYzS2b + Rs2IpgzZRhxir0+u6c8EiKzZZSB8jdx9KAK+mf239gg+z/Z/L2jbu37se+OK + ht/7Z/tS78v7P5u2PfnftxjjHf61Npms2EFhBDIzBkUA4Rj+uKht9Xsk1O7u + GZtkqxhfkbPyjnjFABqf9s5tPtH2f/Xps27/AL/OM57fStCX/hIPLfd9lxg5 + xvrP1PV7Kc2nlsx8udHbKMOBnPatCXXtOaN1DNkgj7jf4UAUtK/tr+z4fs32 + fysfLv37uvfHFMh/tn+1bjZ9n87Ym7O/bjtjvmn6VrNjb6fBDKzB0GDhGPf1 + ApkOr2K6rcXBZtjogHyNnI68YoANU/tnbbfaPs+PPTbs3/e7Zz29a0m/4SHa + c/Zf/H6zdU1exuFthEzHZOjnKMOB161pNr+mlSNz/wDfDf4UAZ2kf21/Z0P2 + X7P5WDt3793U9ccUkf8AbP8Aa8u37P53lLnO/btzxjvml0jWLG206GCVmDqD + nCMe5PUCkj1eyXV5rks2xolUfI2cg+mKADVf7Z8mL7T9n2+amNm/O7PGc9q1 + P+Kh/wCnX/x+svVdXsrmGJImYlZUY5RhwDz1Fan9v6b/AHn/AO+G/wAKAMvR + /wC2f7Pj+y/Z/Ky2N+/d945zjjrQv9s/2w2Ps/n+SM/f2bd355zRo+r2Nrp8 + cMzMGUtnCMerE9QKF1eyGsNdbm8swhPuNnO7PTGaADVv7Z+yj7T9n2b0+5vz + nPHXtWp/xUP/AE6/+P1l6tq9jc2ojiZiwdDyjDgH3Fan9v6b/ef/AL4b/CgD + L0j+2fsQ+y/Z/L3N9/fnOeelH/E5/tkf8e/n/Z/9vZs3fnnNGkavZW1kIpWY + NuY8Ix6nPYUf2vZf2yLrc3l/Z9n3GzndnpjNABrH9s/YW+1fZ/L3LnZv3ZyM + da1P+Kh/6df/AB+svWNXsrmxaGFmLFlPKsOhB7itT+39N/vP/wB8N/hQBl6T + /bP2Z/s32fb5j53785zz07VYg+3/ANux/bfK3eS3+r3Y259++ar6Tq9lbWzp + KzAmR24RjwT7CrEF9b3muxvASQIWXlSOc570AdLRRRQAUUUUAFFFFABRRRQB + /9f945/+Q5a/9cnp+u/8gm4+g/mKyJdJtl1WC3DSbXjYn5znI96fq2kWtvp0 + 0yNIWUDGXJHUdqAOni/1SfQVkaN/y/f9fUv9KbHodmUUl5eQP+WhrO0zSbaf + 7XvaQeXcSIMORwMdfegDTuv+Q3Y/7kv8qn1r/kFXP+5WLcaTbJqlrbhpNsiu + T85zwOxqXU9HtYLCeZGkLIuRlyR+VAHRW/8Ax7xf7q/yrM0j/W3/AP18N/IV + FDodm0MbF5clQf8AWH0qhp2k200l4HaQeXMyjDkcDHX1oA1L3/kMab9Jv/QR + VjV/+QZc/wDXNqw7rSbaPUrKBWk2y+bnLnPyrkYPap9R0e1hsZ5UaQsiEjLk + j8qAN2z/AOPOD/rmv8qztK/4+tQ/67f0qG20S0ktonLy5ZFPDnuKpWGk201x + eIzSARSbRhyOMd/WgDUv/wDkKab/AL0n/oNW9T/5B11/1yf+RrAvNJto7+yi + VpNspcHLknhc8HtVm+0a0isriVWkJSNiMuSOBQBs6f8A8eFt/wBck/8AQRVH + Tf8Aj/1H/rov/oNVrPRbSW0gkZ5Muik4cgciqllpNtLd3sbNJiJ1Aw5B5Hf1 + oA09S/4/9O/66N/6DV/UP+PC5/65P/6Ca52+0m2iu7KNWkIldgcuSenb0q3e + aLaRWk8ivJlEYjLkjgUAaml/8g21/wCuSfyqnp//ACFNS/3ov/Qaq2GjWktl + BKzSAuik4cgcj0qtZ6TbSX99CzSbYimMOQeVzye9AGpqn/H1p/8A12/pWjef + 8ek/+438q5q/0m2hns0VpCJZdpy5PGO3pV250S0S3lcPLlUY8uewoAv6R/yD + Lb/rmtVrL/kM6j9If/Qap6do9rNYwSu0gZ0BOHIH5VBa6TbSanewM0m2IR4w + 5z8y5OT3oA09X/1th/18J/WtS4/495f91v5VzGpaTbQSWYRpD5kyqcuTwfT0 + q/NolmsMjB5chSf9YfSgC1ov/IKtv93+tRWv/Iavf9yL+VZ+l6Paz6fBM7SB + nXJw5A/Ko4NJtn1S6gLSbY1Qj5znkdzQBqaz/wAuP/X1F/WtaT/Vt9DXK6np + NtB9l2NIfMuI0OXJ4OenvWi+h2YRjvl4B/5aGgCbQv8AkE2/0P8AM0yD/kOX + X/XJKztJ0i1uNOhmdpAzA5w5A6ntTItJtm1We3LSbUjUj5znJ96ANPW/9Tbf + 9fEf862j0rktV0m2t44GRpDvmRTlyeDWmdCs8ffl/wC/hoAXw9/yB7f/AIF/ + 6EaI/wDkPy/9cF/9CrL0bSba502GeRpAzbs7XIHDEdKE0m2OryW26TaIQ2d5 + zknHWgDU1z/j1i/67R/zrZrktW0m2t7dHRpCTIi8uTwTWp/YVn/fl/7+GgBP + D/8AyDI/95//AEI0o/5GBv8Ar2H/AKHWXo+k21zYJNI0gYsw+VyBwxHSgaTb + f2ybbdJsEAfO85zux19KANPX/wDkH/8AbRP/AEKtquS1fSba2s/MjaQneg5c + kcmtT+wrP+/L/wB/DQAaD/x4n/rpJ/6FQ3/IwL/17H/0OsvSdJtri0MjtIDv + ccOQODQdJtv7YW23SbDAXzvOc7sdfSgDU8Qf8gqX6p/6EK2a5LWNJtrbT5Jo + 2kLAr95yRywHStT+wrP+/L/38NABof8Ax6y/9dpP50kv/Ieg/wCuDfzrM0rS + ba4gkd2kBWV14cjgGiTSbYavFbBpNrRM33znIPrQBqeIP+QRcf8AAf8A0IVs + DoK5TWNJtrbTZp42kLLtxuckcsB0rSGhWeB88v8A38NABon+quv+viT+lLcf + 8hy1/wCuUlZel6TbXCXBdpBsmdRhyOB/WibSbZdVt7cNJtdHJ+c5496ANfXf + +QTc/wC6P5itOL/VJ9BXMatpFrb6fNMjSFlAxlyR1Har0eh2ZRSXl5A/5aGg + B2jdb/8A6+pP6UXf/Iasf92X+VZmmaTbTm73tIPLndBhyOBjr70XGk2yapaQ + BpNsiyE5c54HY9qANrWv+QVc/wC5V22/49ov9xf5Vzup6PawWE8yNIWRcjLk + j8qtQaJZvDGxeXJUH/WH0oAl0n/XX/8A18N/IUXv/IY03/tt/wCgisvTtJtp + pLxXaQeXMyjDkcADr60XWk20epWMCtJtl83OXOflXIwe1AG7q3/IMuv+ubfy + r51+P/xHm8K+FLTwxpEpj1LWYRvdThorYDDEehc/KD6Bu+K901HRrWGxnlRp + CUQkZckce1fmn8VNaOueO9VuAxaK2k+zR5OcLB8nHsWBb8a+88O8ljjMepVF + eMFzer6L9fkfMcWZjLD4W0HrLT/P/L5nnteg+Afht4h+IN95GmKILRGxLdSg + +WhxnAx95sfwj8SBzXK6Bo114h1ux0Ky/wBffTJCpPRd5xuPsOp9q/TXQvC2 + k+FtN0/QdJQx28ClevLNjJY/7THk1+t8bcVvLqcYUVepLbyXf/I+E4byJYub + lU+Bfj5f5nlGl/s3+AtNs2OqNcapOFJLPIYkyB/CseCB9WP1rpIfgP8AClok + ZtDySoJ/0m59P+utepTWcSwyMC2QpP3valhs4miRiW5UH73tX4jW4nzGcuZ4 + iXyk1+Csj9Kp5LhIqypR+5P8zyeH4E/Cp5plbQ8hCAP9JufT/rrRN8CfhUks + KroeAxIP+k3P/wAdr1OG1jaaZSWwpGOfaia1jWWFQW+YkHms/wDWLMP+gif/ + AIFL/Mv+yML/AM+Y/wDgK/yPMZfgP8KVidl0PBAJH+k3Pp/11pIPgR8KXhR2 + 0PJKgn/Sbn/47XqktnEsTsC3AJ+97UkFnE0KMS2SoP3qP9Ysw/6CJ/8AgUv8 + w/sjCf8APmP/AICv8jyiL4E/CpriZG0PKptx/pNz3H/XWif4E/CpHiC6HgM2 + D/pNz0/7+16nFaxtcTIS2F2459RRPaRo8QBb5mx1o/1izD/oIn/4FL/MP7Iw + n/PmP/gK/wAjzKT4D/ChY2YaHyAT/wAfNz/8dplv8CPhS8CO2h5JGT/pNz/8 + dr1aSyiWNmBbgH+KmW9pG8COS2SOzUf6xZh/0ET/APApf5h/ZGE/58x/8BX+ + R5TH8CfhU1zNGdD+VNuB9pue4/660XHwJ+FSGILoeNzgH/Sbnp/39r1OO1ja + 5mQlsLtxzzyKLi1jQxYLfM4HJo/1izD/AKCJ/wDgUv8AMP7Iwn/PmP8A4Cv8 + jzN/gN8KApI0PoD/AMvNz/8AHaitvgT8KpIEd9DyxHP+k3P/AMdr1h7KIIxy + 3AP8VRW1pHJAjktkjs2KP9Ysw/6CJ/8AgUv8w/sjC/8APmP/AICv8jypPgT8 + KjcyxnQ/lULgfabnv/21oufgT8Ko/K2aHjdIqn/Sbnof+2teppaxm5lTLYUL + 39aLm1jTysFvmkUcn1o/1izD/oIn/wCBS/zD+yMJ/wA+Y/8AgK/yPND8BvhR + g/8AEj/8mrn/AOO1BafAn4VS26O+h5Y5z/pNz6/9da9aNjFg8t/31UFpaRyW + 6OxbJz0OO9H+sWYf9BE//Apf5h/ZGE/58x/8BX+R5WvwJ+FRunjOh/KFBA+0 + 3P8A8douvgT8Ko1QpoeMuAf9Jueh/wC2tepraxm6ePLYCg9eaLq1jjVCC3Lg + cnPWj/WLMP8AoIn/AOBS/wAw/sjC/wDPmP8A4Cv8jzX/AIUN8J/+gF/5NXP/ + AMdqtZ/An4VS26PJoeWOeftNz6/9da9c+wxerf8AfVVrO1jkt0di2Tnocd6P + 9Ysw/wCgif8A4FL/ADD+yMJ/z5j/AOAr/I8sHwJ+FX2tov7D+UIDj7Tc9c/9 + daLr4E/CqOMMmh4O4D/j5ue//bWvUxax/a2jy2AgPXnrRdWsccYZS33gOTmj + /WLMP+gif/gUv8w/sjC/8+Y/+Ar/ACPNf+FDfCf/AKAX/k1c/wDx2q1p8Cfh + VLAHfQ8kk/8ALzc+v/XWvXPsMXq3/fVVrS1jkgDsWySehx3o/wBYsw/6CJ/+ + BS/zD+yMJ/z5j/4Cv8jyz/hRPwq+2eV/Yfy+Xux9pueucf8APWi7+BPwqjh3 + JoeDkD/j5ufX/rrXqf2WP7Z5eWx5eevPWi7tY44dyls5HU570f6xZh/0ET/8 + Cl/mL+yMJ/z5j/4Cv8jzX/hQ3wn/AOgF/wCTVz/8dqta/An4VSRbn0PJyR/x + 83Pb/trXrn2GL1b/AL6qtaWsckRYlupHBxR/rFmH/QRP/wACl/mP+yMJ/wA+ + Y/8AgK/yPLD8CfhV9rEX9h/Lszj7Tc9c/wDXWi7+BPwqit2dNDwwx/y83Pr/ + ANda9TNrH9rEeWxsz1560XdrHHbs6lsjHU570f6xZh/0ET/8Cl/mH9kYT/nz + H/wFf5Hmv/ChvhP/ANAL/wAmrn/47Va1+BPwqkRi+h5IYj/j5ueg/wC2teuf + YYvVv++qrWtrHIjEluGI4OOlH+sWYf8AQRP/AMCl/mH9kYT/AJ8x/wDAV/ke + WN8CfhULtY/7D+UqTj7Tc9c/9daLv4E/CqK3d00PDDGD9pufX/rrXqbWsYu1 + jy2CpPXnrRd2scdu7qWyMdTnvR/rFmH/AEET/wDApf5h/ZGE/wCfMf8AwFf5 + Hmo+A3wo/wCgF/5NXP8A8dqtbfAn4VSCTfoedrsB/pNz0H/bWvXBYxerf99V + WtrWNxJkt8rsODjpR/rFmH/QRP8A8Cl/mH9kYT/nzH/wFf5Hlj/An4VC6jjG + h/KwJI+03Pb/ALa066+BPwqjt3dNDwwHH+k3P/x2vUXtYxdRx5bBBPXmnXVp + HHbu4LZA7tmj/WLMP+gif/gUv8weUYT/AJ8x/wDAV/keZL8BvhQVBOh9v+fm + 5/8AjtV7b4E/CqTzd+h52yMo/wBJueg/7a162tlEVBy3T+9Ve2tY383Jb5ZG + HB9KP9Ysw/6CJ/8AgUv8w/sjCf8APmP/AICv8jyyT4E/CpbmKMaH8rBsj7Tc + 9h/11p9x8CPhTHA7poeCBx/pNz/8dr1CS1jW5iQFsMG7+gp9zaRpA7gtkDu1 + H+sWYf8AQRP/AMCl/mDyjCf8+Y/+Ar/I8wT4DfCgopOh8kD/AJebn/47UFv8 + CfhU7ShtDztcgf6Tc9P+/tetJZRFFOW5A/iqC3tY3aUEt8rkcGj/AFizD/oI + n/4FL/MP7Iwn/PmP/gK/yPLJfgT8KluIEGh/K+7I+03PYf8AXWn3HwI+FKQu + 66HggEj/AEm5/wDjteoS2sa3ECAtht2efQU+4s4khdgWyATy1H+sWYf9BE// + AAKX+Yf2Rhf+fMf/AAFf5Hl8XwH+FDRox0PkgH/j5uf/AI7UMHwJ+FTyTK2h + 5Ctgf6Tc/wDx2vWYrKJo0YluQP4qhgtY3kmUlvlbA5o/1izD/oIn/wCBS/zD + +yMJ/wA+Y/8AgK/yPLJfgT8KlmhRdDwHJz/pNz2H/XWpZvgP8KUhkZdDwQpI + /wBJufT/AK616dLaRrNCoLYYnPPoKlms4lhkYFshSfve1H+sWYf9BE//AAKX + +Yf2RhP+fMf/AAFf5HlkPwH+FLwxs2h5JUE/6Tc+n/XWoofgT8KmmmRtDyEI + x/pNz3H/AF1r1iGziaGNiWyVB+97VFDaxtNMpLYUjHPtR/rFmH/QRP8A8Cl/ + mH9kYX/nzH/wFf5Hiutfs8fDi7CRWEE+nPISN0UzPjj0l38f5zXzD8SPg54i + +H3+nFhqGks2BcxqQUJOAJV52k9jkg+ueK/Qie1jWWFQW+ZiOtR6lo1hf6fc + 2V7H58E0bI6OcqykcgivdyXjvHYWonVm5w6p6v5Pe/4Hl5lwvhq8GoRUZdGv + 8j8nK+xv2YvH5a5uPAmqSFmdPNsmY9o8l4vyO5fQBvavmvx/4Vk8GeKr3QiS + 0MZEkLH+KKQbk/EA4PuDWP4c1eXQNe0/WoSQ1nMkh2nBKqfmH4jIr9pzzLqW + a5c4x15lzRfna6/yflc/OMtxdTA4tN6Wdn6dT9YNV/4+NP8A+u4/lWld/wDH + rN/uN/KuXvNNst1g8EjtHcSLyXJ+UjIIrRuNEtEt5XDy5VWPMh7Cv5UaP3Au + 6P8A8gu2/wBwVBZ/8hnUPpD/AOgmqOm6Paz2EEztIGdQThyB+VQ22k2z6neQ + FpNsQjxhzn5h3PegDU1j79h/18p/WtSf/USf7p/lXL6lpNtA1oEaQ+ZOqHLk + 8HPT3rQl0OzWJ2Dy5Ck/6w+lAFnRP+QVbf7v9ahtv+Q3ef8AXOOqGl6Ra3Gn + wTO0gZlycOQOvpUcGk2z6rc25aTaiIR85zz6mgDT1r7tl/19Rf1rYf7jfQ1y + mqaTbQC1KNIfMnjQ5cng56e9aT6FZhGO+Xof+WhoAk0H/kEW/wBD/wChGmw/ + 8h24/wCuKfzrN0jSLa506GaRpAzA5w5A6ntTYtJtm1aa3LSbVjVh85zkn1oA + 1Nb/ANRb/wDXeP8AnWzXJarpNtbxQsjSEtMinLk8E1qf2FZ/35f+/hoATw9/ + yCIP+B/+hGhP+Rgk/wCvcf8AoVZmjaTbXOnRTyNIGbdna5A4YjpQuk2x1h7b + dJtEIbO85zux1oA09d/480/66x/zrarktW0m2t7ZXjaQkyIOXJ4JrU/sKz/v + y/8Afw0AGgf8g1f99/8A0I0f8zD/ANuv/s9ZekaTbXNkssjSAlmHDkDhiOlH + 9k239s/Zt0mz7PvzvOc78dfSgDU1/wD5Bx/30/8AQhWzXJavpNtbWRljaQnc + o5ckckCtT+wrP+/L/wB/DQAaF/x5N/11k/8AQqR/+Rgj/wCvc/8AoVZmk6Tb + XFqZHaQEO44cgcGhtJthrCW26TYYS2d5zndjrQBp+If+QTN9U/8AQhW1XJaz + pNtbadLNG0hZSv3nJHLAdK1P7Cs/78v/AH8NABon/HvP/wBd5P50S/8AIdt/ + +uL/AM6y9K0m2uIZWdpAVldRhyOAaJNJtl1aG3DSbWiZid5zkH1oA1df/wCQ + RcfRf/QhWuv3R9K5TV9JtrbTppo2kLKBjLkjqB0rRXQrPaPnl/7+GgB2i/cu + /wDr5l/pSXP/ACHLP/rnJWZpek2063JdpBsndBhyOB6+9E2k2y6rbW4aTa6O + Sd5zx6GgDY1v/kFXP+7/AFrRh/1Mf+6P5VzWq6Ra2+nzzI0hZRkZckdfSrkW + h2bRoxeXkD/loaAJNH+9f/8AXzJ/Si7/AOQzYf7sv8hWXpuk207XYdpB5c7o + MORwMdfei40m2TU7OANJtkEmcuc8DsaANvWf+QXc/wC4at2v/HtF/uL/ACrn + 9T0e1gsJ5kaQsikjLkj8qsQaJaPBG5eXLKD/AKw9xQBLpP8Ar9Q/67n+Qovv + +Qvpn/bb/wBBrM07Sbaaa8V2kAjlKjDkcY7+tF3pNtHqNjArSbZfMzlyT8q5 + GD2oA3dW/wCQZdf9c2/lU1j/AMeVv/1zT+QrD1DRrWGxnlRpCURiMuSOB6VL + a6LaSWsMjPLlkUnDkDkUAWNM/wCPzUf+uo/lRqH/ACEtN/35P/Qay7HSbaW5 + vEZpMRSADDkHGO/rReaTbRXtlErSYlZwcuSeBnj0oA6DUv8AkHXX/XJ//QTS + 6d/yD7X/AK5J/wCgisi+0W0isriVWkykbkZckZANFlotpLZwSs8mXjUnDkDk + UAWdO/5CWpf76f8AoNGp/wDH7p3/AF1P8qzLLSbaW9vYmaTETKBhyDyM8+tF + /pNtFdWUatJiWQg5ck9O3pQB0d9/x5XH/XN/5GotK/5Btr/1zX+VZt1otpHa + zSK8uVRiMuSOBUen6NazWMErNIC6KThyByPSgC5Y/wDIW1L6w/8AoNGq/wDH + xp//AF3H8jWXaaTbSajfQs0m2Ly8Ycg/MuTk96NQ0m2hms1VpCJJQpy5PGO3 + pQB011/x6zf7jfyqpo3/ACC7b/cFUrjRLRIJHDy5VSf9Yewqvpuj2s9hBM7S + BnUE4cgflQBds/8AkNah/uxf+g0ax9+w/wCvmP8ArWZbaTbPqd5AWk2xiPGH + OeR3PejUtJtoGtAjSHzJ0Q5cng56e9AHUzf6mT/dP8qztE/5BVt/u/1qvLod + msbsHl4B/wCWhqnpWkWtxp8EztIGYZOHIHX0oA0Lb/kN3n/XOOk1r7ln/wBf + MX9azINJtm1W5ty0m1EQj5znn1NGqaTbQLbFGkO+dEOXJ4OenvQB1b/cb6Gs + nQP+QRb/AEb/ANCNMbQrMKTvl6f89DWdpGk21zp0M0jSBmBzhyB1I6UAaUP/ + ACHrj/rin86XW/8Aj3g/67x/zrLj0m2bVprctJtWJWHznOSfWjVdJtreGJka + QlpUXlyeCaAOtrG8P/8AIJg+r/8AoRo/sKz/AL8v/fw1l6PpNtc6dFNI0gZt + 33XIHDEdKANRP+Q/J/17j/0KjXf+PNP+usf86y10m2OsPbbpNohDffOc7sda + NW0m2t7ZXRpCTIg5ckYJoA62sXQP+Qav++//AKEaX+wrP+/L/wB/DWXo+k21 + zZCWRpASzDhyBwSKANT/AJmH/t1/9no1/wD5Brf76f8AoQrL/sm2/tn7Nuk2 + fZ9+d5znfjr6UavpNtbWTSxtISGUcuSOSBQB1tY2hf8AHm//AF1k/nR/YVn/ + AH5f+/hrL0nSba4tmd2kBEjjhyBgGgDTf/kYI/8Ar3P/AKFS+IP+QTP9U/8A + QhWW2k2w1hLbdJtMJb75zndjrRrGk21tp0s0bSFl2/eckcsB0oA62sXQ/wDU + XH/XeT+dL/YVn/fl/wC/hrL0rSba4hmZ2kBWV1GHI4BoA1Jv+Q7b/wDXF/50 + 7Xv+QRcfQf8AoQrJl0m2XVobcNJtaNmPznOQfWnavpFrbadNNG0hZQMZckdR + 2oA6lPuL9BWRov3bz/r5l/pTV0KzKg75en/PQ1m6ZpNtOtyXaQbJ5EGHI4GO + vvQBqXP/ACG7P/rnJUmt/wDIKuf93+tY8+k2y6rbW4aTa6OT85zx6GpNV0i1 + t9PnmRpCyjIy5I6+lAHSQf6iP/dH8qytH+/f/wDXzJ/SmRaHZtEjF5eQD/rD + 6Vn6bpNtO12HaQeXO6DDkcDHX3oA07z/AJDWn/7sv/oNWNY/5Bdz/uGsS50m + 2TU7OANJtkEmcuc8Dse1Talo9rBYTzI0hZFJGXJH5UAdBa/8esP+4v8AKs3S + v+PjUP8Aruf5CobfRLR4I3Ly5ZQeJD3FUdP0m2mmvFZpAI5Sow5HGO/rQBp3 + /wDyFtN+sv8A6DVvVf8AkG3X/XNv5Vg3ek20eo2MKtJtlMmcuSflXIwe1WNQ + 0a1hsZ5VaQlEYjLkjgelAG3Yf8eNv/1zT+QrP0z/AI/dR/66j+VQWmi2klrD + IzyZZFJw5A5FU7HSbaW6vY2aQCKQAYcjt39aANTUf+Qjp3++/wD6DV3Uf+Qf + df8AXJ//AEE1z17pNtFe2UStJiVmBy5J4GePSrV7otpFZzyq8mUjYjLkjgUA + a2m/8g61/wCuSf8AoIqnp/8AyEtS/wB+P/0GqtjotpLZW8rNJl40Jw5AyQKq + 2ek20t7exM0mImQDDkHlc8nvQBp6p/x+ad/11P8AKtC+/wCPK4/65v8AyNc5 + f6TbQ3NkitIRLIQcuTxjt6VcutFtI7WaRXkyqMRlzjgUAaOk/wDIMtf+ua/y + qrY/8hfU/wDtj/6DVPT9GtZrGCV2kBdFJw5A5HpUFppNtJqN9AzSbYvLxhyD + 8y5OT3oA1NW/1+n/APXdf5GtK6/49pf9xv5VzOoaTbQy2ao0hEkwU5cnjHb0 + q9PolokEjh5cqpP+sPYUAXdG/wCQXbf7gqvaf8hq/wD92L+VUtM0e1nsIJna + QM6gnDkD8qht9Jtn1O7gLSbY1jIw5zyO5oA09Z+9Yf8AX1H/AFrWm/1Mn+6f + 5Vy2p6TbQG0CNIfMnRDlyeDnp71oS6HZrG7B5eAf+WhoAsaH/wAgm2/3T/M1 + Hb/8hy7/AOucdZ2laRa3GnwTO0gZhzhyB19KZDpNs2q3FuWk2oiEfOc8+poA + 1Na+5af9fMX9a2G+6fpXJ6ppNtAtsUaQ750Q5cng+nvWk2hWe0/PL/38NAD9 + A/5BFv8ARv8A0I02L/kPT/8AXFf51m6RpNtc6dDNI0gZgc4cgdSOlJHpNs2r + y2xaTasSsDvOck+tAGnrn/HvB/13j/nW1XJarpNtbwxMjSEtKinLk8E1qf2F + Z/35f+/hoAPD/wDyCYfq/wD6EaF/5GB/+vYf+h1l6PpNtc6fHNI0gZi33XIH + DEdKF0m2OsNbbpNghDZ3nOd2OvpQBqa7/wAeS/8AXWP/ANCrZrktW0m2t7US + I0hJdBy5I5Nan9hWf9+X/v4aAE0D/kHD/ff/ANCNB/5GIf8AXr/7PWZpGk21 + zZCWRpAdzDhyBwaP7Jtv7ZFtuk2eRvzvOc7sdfSgDT8Qf8g1/wDeT/0IVtVy + WsaTbW1i0sbSEhlHLkjkgdK1P7Cs/wC/L/38NABoX/HpJ/11k/nQ/wDyH4v+ + vdv/AEKsvSdJtri2d3aQESOvDkcA1YgsobTXY0iLEeSzfMxPOcd6AOlooooA + KKKKACiiigAooooA/9D9z5W1j+1YCyQ+d5bbQC23HfPen6s2snTphcpCI8Dc + VLZ6jpmmS6xpzarBcrL+7SNlJ2t1PTjGafq2s6bc6dNBDLudwMDaw7j1FAF6 + N9e2LiO3xgd2rO0xtYH2v7OkJ/0iTfuLff4zjHatGPX9JCKDMcgD+Bv8KztM + 1jTrf7X50u3zLiR1+VjlTjB4FABcNq/9qWpdIfN2vsALbcY5zUuptrJsJxcJ + AI9vzbS2ce2aiuNY059UtbhZcxxq4Y7W4yOOMZqXU9a024sJ4YZdzuuANrD+ + YoAtQvr3kx7Y7fbtGMls4xVDTm1gSXfkJCT5zb9xb73GcY7Vfh17SkhjVpiC + FAPyN6fSqGnaxp0El2ZZcCWZnX5WOQcegoALptY/tKyMiQ+b+92AFtv3ec/h + 0qfUW1o2M4nSAR7Du2ls49qgutY06TUrKdJcpD5u47W43LgcYqfUdb0yexnh + ily7oQBtYcn6igCa2fXfs0Xlxwbdi4yWzjHGapWDauLi88lIS3m/PuLY3Y7e + 1XbbXdKjtoo3mIZUUH5G6gfSqVhrGnQ3F48kuBLLuX5WORj6UAF42sfb7Eyp + CJMvswWwfl5z+FWb99b+xXHnJAI/LbdgtnGOcVWvNY06W/sZklykRcsdrcZX + A7VZv9c0uayuIo5su8bKBtYckcdqAHWb659kg8qOApsXbktnGOM1Usm1j7Xe + +UkJfeu/JbGccYq3Z65pcVpBFJMQyIoI2t1A57VUstY06K7vZZJcLK6lTtbk + AY9KAC+bWDd2XnJCH3tswWxnHerd4+ufZJ/NjgCbG3YLZxjnFVL7WNOmu7KW + OXKxOxY7W4BH0q3ea5pctpPFHMSzowA2t1I47UANsH1v7FB5KQGPYu3cWzjH + GarWbax9vvvKSEyEpvyWwPl4x+FWbDXNMhsoIpJsOiKCNrHkD6VWs9Y06K/v + pnlwkxTadrc4XB7UAF+2sGez85IQ3m/JtLY3Y7+1Xbl9d+zy+ZHb7djZwWzj + HNUr/WNOmns3jlyIpdzfKwwMfSrtzrulSW8qJMSzIwHyN1I+lAEOnNrQsYBA + kBj2DbuLZx71Batq/wDad6Y0h80iPeCW2j5eMf1qfTtb0yCxghllw6IARtY8 + j6CoLXWNOj1O9uHlxHKI9p2tztXB7UAGpNrBez89IQfOXZtLfe5xnPar8z69 + 5Mm6O327TnBbOMVQ1LWNOnkszFLuEUyu3ysMKO/Iq/Nr2lPDIqzHJUgfI3p9 + KAKmltrI0+AW6QGPb8u4tnHvio4G1j+1LookPm7U3AltuMcYqTS9a0230+CG + aXa6Lgjax/kKjg1jTk1S6uGlxHIqBTtbkgc8YzQAam2sH7L9oSEf6RHs2lvv + 84zntWi769sbMdvjB7tWdqesadcfZPKl3eXcRu3ysMKucnkVovr+klGAmOSD + /A3+FAFHSW1kadCLZITHg7dxbPU9cUyJtY/tWcqkPneWu4Ettx2x3p+k6zpt + tp0ME0u10ByNrHufQUyLWNOXVZ7lpf3bxooO1uo68YzQAaq2rmOD7QkIHnJt + 2lvvds57Vpl9f/552/5tWZqusadcRwLDLuKTI5+VhwOvUVpnxBpGP9ef++H/ + AMKAMzRm1gabCLVITF82C5bd945zj3oRtY/teQhIfO8kZGW27c/nmjRtY061 + 02GCeXa67sjax6sT2FCaxpw1eS5Mv7toQoO1uoOemM0AGqtrBt0+0pCF8xMb + S2c5469q1N+v/wDPO3/Nqy9W1jTrm3RIZdzCRGPysOAeeorU/wCEg0j/AJ7n + /vh/8KAMvR21gWCfZUhMeWxvLZzuOelAbWP7ZJ2Q+f5A4y23bu/POaNH1jTr + WwSGeXa4ZiRtY9WJHQUDWNO/tk3Xm/ujBsztb727OMYz0oANXbWDZ/6SkITe + n3S2c5461qb9f/552/5tWXq+saddWflQS7m3ocbWHAPPUVqf8JBpH/Pc/wDf + D/4UAZektrAtD9mSEpvf7xbOc89KC2sf2wp2Q+d5B4y23bu/POaNJ1jTra0M + c8u1t7nG1jwTkdBQdY07+2FuvN/dCApna33t2cYxmgA1htYOnyC5SER5XOwt + n7wx1961N+v/APPO3/Nqy9Y1jTrqwkggl3OxXA2sOjA9xWp/wkGkf89z/wB8 + P/hQBl6U2sCCT7OkJXzXzuLZ3Z56dqJG1j+14iUh87ymwMtt25/PNGlaxp1t + BIk0u0tK7D5WPBPHQUSaxpx1eK6Ev7tYmUna3Un0xmgBdYbWDpswukhEXy5K + Ft33hjGfetIPr+B+7t/zas3WNY06602aCCXc7bcDaw6MD3FaQ8QaTgfvj/3w + /wDhQBmaW2sBLj7OkJHnPu3Fvvd8Y7UTNrH9q25ZIfO2PtALbcd80aXrGnW6 + XAml2l5ncfKxyp6HgUTaxpzarb3Ky5jRHBO1uCenGM0AP1ZtZOnzC5SER4G7 + aWz1HTNXo317YuI7fGB3aqOrazptzp80EMu53AwNrDuPUVej1/SQigzHIA/g + b/CgDO0xtXBu/s6Qn/SH37i33+M4x2ouG1f+1LQukPm7ZNgBbbjHOaNM1jTr + c3fmy7fMuHdflY5U4weBRcaxpz6paXCy5jiWQMdrcbhxxjNAEuptrJsJxcJA + I9vzbS2ce2atQPrvkx7I7fbtGMls4xVXU9a024sJ4YZdzuuANrD+Yq1Br2lJ + DGjTHKqAfkbsPpQBQ05tYEl55CQk+c2/cW+9gdMdqLptY/tKxMiQiUebsALb + T8vOfw6UadrGnQSXjSy4EszMvyscggegoutY06TUrGdJcpD5u47W43LgdqAJ + 9RbWjYzidIBHsO7aWzj2r8n9TkaXUruV/vPLIx+pYmv1g1HW9MnsZ4Ypcu6E + AbWHJ+or8m77/j9uP+uj/wAzX7J4RL3sS/8AD/7cfnvHr92j8/0PWvgHAZvi + fpjqAWhS4cBumfKYf1r9A5Td+fDuCbsttxnHTvXwH+z7IkXxNsXkOFENx/6L + Nffkt3btPC6vkIWzwe4rzfFBv+0Y/wCBfnI7uCl/skv8T/JEkxvfJk3hNu05 + wTnGKWE3vlJtEeNoxknOMUk17avDIqvkspA4PcfSlhvbVYkVnwQoB4Pp9K/O + T68ihN3502wJuyM5Jx07UTG782HeEzk4xnr70Q3duk0zM+A5GOD6UTXdu8sL + K+QpJPBoAllN75T7hHjac4J9KSA3vkpsCbdoxknOKWW+tWidVfJKkDg+n0pI + L21SFEZ8EKAeD/hQBHEbv7RNtCbvl3Zzjpxiic3e+LeEzu4wT196Iru3W4md + nwr7ccHsPpRPeW7vEVfIVsng9PyoAmkN95bbhHjBzyaZbm88hNgTbjjJOafJ + fWrRsofkgjof8KZb3tskCIz4IGDwf8KAGRm7+0zbQm75c9cdOMUXBu8xbwn3 + xjGevvRHd263M0hf5X24OD2H0ouLu3cxFXztcE8HpQBO5vtjZEeMHuaitjee + QnlhNuOMk5qV760KkB+oPY/4VFbXltHAiO+GA54P+FADUN39plwE3YXPJx7U + XJu/3XmBP9YuMZ69s0JeW4uZZC/ysFwcHtRc3dvJ5Wx87ZFY8HoKALBN/g8R + /magtDefZ08sJt5xnOetTm/tMH95+h/wqC0vLaK3RHfDDOeD6/SgBFN39qfA + TftGeuMUXRu9qeYExvGMZ60Ld24unkL/AClQAcH/AAouru3kVAj5w4J4PQfh + QBZzf+kf5mq1mbv7OnlBNvOM5z1qz9vtP+en6H/Cq1nd28VuiSPhhnjB9fpQ + AA3f2tsBN+weuMZoujd+WPMCY3DpnrQLu3+1tLv+UoBnB65+lF1d28kYVHyd + wPQ9vwoAs5v/AEj/ADNVrQ3fkDygm3J65z1qz9vtP+en6H/Cq1pd28UAR3wQ + T2PrQAZu/tnRN/l++MZouzd+T+8CbcjpnPWj7Xb/AGzzd/y+Xtzg9c5ou7u3 + kh2o+Tkdj60AWc3/AKR/marWpu/KPlhMbj1zVn7faf8APT9D/hVa1u7eOLa7 + 4OSeh70ABN39rHCb9nvjGaLs3f2dvNCbeM4znrQbu3+1iXf8uzGcHrmi7u7e + W3ZEfLHHY+v0oAs5v/SP8zVa1N3sbywmNxznPWrP2+0/56fof8KrWt3bxowd + 8EsT0PQ0ADG7+1rkJv2nHXGKLs3f2d/NCbeM4znrQ13bm7WQP8oUjOD1ou7y + 3lt3RHyxxgYPr9KALIN/6R/marWxu8SeWE++2c5696si/tP+en6H/Cq1teW8 + Yk3vjc7EcHofwoAHN39qjyE34OOuMU66N59nfzAm3HOCc017u3N1HIH+VQQT + g96ddXltJbuiPliOOD/hQBMpvtowI8Y9TVe2N3+98sJ/rGznPXvirC39oFAM + nb0P+FV7a7t4/N3vjdIzDg9DQASG7+0xbgm7DY646c5p9ybzyH3hNuOcE5pk + l3btcxSB/lUNk4PcU+5vbZ4HRHySOOD/AIUAyRDfbFwI8YHc1Bbm73S7Amd5 + znPX2qdL61CKC/IA7H/CoLe7t0aUs+Nzkjg9PyoAJTd/aINwTd823GcdOc0+ + 4N75L7wm3BzgnNMlu7driBw/ypuycHuPpT7i9tnhdFfJIIHB/wAKAHxG+8tN + ojxgYyTUMBu/Mm2BM7uc56+1TRX1qsaKX5AA6H/CoYLu3SSZmfAZsjg/4UAE + pu/Oh3BN2TjGcdO9STG98mTeE27TnBOcYqOW8t2mhdXyEJzweMipJr21eGRV + fJZSBwe4+lACwm98mPYE27RjJOcYqKE3fnTbQm7I3Zzjp2qWG9tUhjVnwQoB + 4Pp9Kihu7dZpnZ8ByMcHsPpQATm782HeEzuOMZ/WpZTe+U+4R42nOCfSopru + 3eWFlfIUkng1LLfWrROqvyQQOD6fSgD4i/aVtynifSLlgA0lgF47hJHxn3+a + vnCvpf8AaYkSTXtDCHJWyIP13mvmiv6c4KbeV0L9v1Z+L8Rr/bqvr+iP1F0C + fV5/DPhiaVYiXt7VkOWySYgfmrsLh9d+zy747fbtbOC2cYrivDWq2DeE/Cqr + JzBa2hf5W4xCoPbn8K7W417Snt5UWYlmVgPkbqR9K/mHHL9/P1f5n7Nhv4cf + RFfTW1oWEAgSAx7Rt3Fs498VDbNrH9p3hjSHzcR7wS23pxj+tTabremQWEEM + su10UAjax5/AVDbaxp0ep3lw8uI5RHtO1udoweMZrlNw1JtYLWnnpCD567Np + b73OM57VoSvr3lPujt8YOcFumKz9S1jTp2tDFLnyp1dvlYYUZyeRWhLr+lNE + 6rMclSB8jen0oAp6W2sjT4BbpAY9vy7i2cZ74qOBtY/tW5KJD52xNwJbbjti + pNL1rTbfT4IJpdrouCNrHv7Co4NY05NVublpcRyIgU7W5I68YzQAao2rkWv2 + hIR+/j27S33ucZz2rSd9f2nMdvjB7tWbqmsadcC18mXd5c8bt8rDCjOTyK0n + 1/SSjATHof4G/wAKAM/SG1gadCLZITFg4LFs9T1xTYm1j+1piqQ+d5a5GW24 + zxjvmnaRrOnW2nQwTy7XQHI2se5PYU2LWNOXVprky/u3jVQdrdQfTGaADVW1 + gxQ/aEhA85MbS33s8Zz2rU36/wD887f82rL1XWNOuIoVhl3FZkY/Kw4B56it + T/hINI/57n/vh/8ACgDL0ZtXGnRC1SExfNguW3feOc496FbV/wC2HISHzvJG + Rltu3d+ec0aNrGnWunRQTy7XXdkbWPViewoXWNOGsPdGX90YQgO1uu7PTGaA + DVm1g2y/aUhC+YmNpbOc8da1N+v/APPO3/Nqy9W1jTrm2WOGXcwkRvusOAee + orU/4SDSP+e5/wC+H/woAy9IbWBZL9mSEx7m+8Wzncc9KN2sf2znZD5/2fpl + tuzf+ec0aRrGnW1ksM8u1wzHG1j1JI6Cj+2NO/tn7V5v7r7Psztb72/OMYz0 + oANXbWDZH7SkITcv3S2c5GOtam/X/wDnnb/m1Zer6xp1zZGKCXc25Tjaw4BB + PUVqf8JBpH/Pc/8AfD/4UAZektrAtW+zJCU8x/vFs5zz0oZtY/thCUh87yTg + Zbbt3fnnNGk6xp1tatHNLtYu5+6x4J46ChtY046wl0Jf3QhKZ2t97dnGMZoA + NZbVzp0oukhEeVyULZ+8MdfetTfr/wDzzt/zasvWdY06606WCCXc7FcDaw6M + D3Fan/CQaR/z3P8A3w/+FAGXpTawIZfs6QlfNfO4tndnnGO1Ejax/a0JZIfO + 8psDLbduec980aVrGnW8MqzS7S0rsPlY8E8dBRJrGnNq0NyJf3axMpO1upPp + jNAC6u2sHTphcpCIsDJUtu6jpmtFX1/aMR2/5tWdq+s6ddadNBBLudwMDaw6 + EHuK0V8QaTtH74/98N/hQBm6W2sBbn7OkJHnvu3Fvvd8Y7UTNq/9q2xdIfO2 + PtALbcd80aXrGnW63Iml2+ZO7r8rHKnoeBRNrGnPqttcrLmONHDHa3BPTjGa + AJNVbWTp84uEgEePm2ls4z2zVyJ9e8tNsdvjAxktVPVda0240+eCGXc7jAG1 + h39xVyLX9JWNFMxyAB9xv8KAM/TW1gNd+QkJ/fvv3FvvcZxjtRctrH9p2ZdI + fNxJsALbenOf6UabrGnQNdmWXHmTu6/Kxypxg8Ci41jTpNTs7hJcxxCQMdrc + bhxxjNAE2pNrRsJxOkAj2ndtLZx7ZqxA+u+RHsjt9u0YyWzjFV9T1rTLiwnh + il3O6kAbWHP4irEGvaUkEaNMQVUA/I3UD6UAUdObWBNeeQkJPmnfuLfex29q + LttX/tGxMiQiUeZsALbT8vOfw6UafrGnQTXjSy4EspZflY5GPYUXesadJqNj + OkuUh8zcdrcblwO1AE+oNrZsZxMkAj2Nu2ls4x2qW1fXPssPlxwbNi4yWzjH + Gai1DW9MnsZ4Ypsu6MANrDkj6VLa67pcdrDG8xDKigja3UD6UAU7FtYFzeeS + kJbzBvyWxnHai8bWPttl5qQiTc+zBbGcc5osdY06G5vJJJcLLIGX5W5GPpRe + axp0t7ZTRy5SJnLHa3GRgdqALV8+t/YrjzY4AnlvuwWzjBziiyfXPscHlJAU + 8tduS2cYGM0X2uaXNZXEUcxLPG6gbW6kEDtRZa5pcVnBFJMQyRqpG1uoAB7U + AVbJtY+23vlJCZCy78lsA44xRftrBurLzkhD+Ydm0tjOO9FlrGnRXt7LJLhJ + WUqdrc4GD2ovtY06a6spI5crFIS3ytwMfSgC5dPrn2WbzI4Nmxs4LZxjnFR6 + e+t/YYPJSAx7F27i2cY4zUl1rulyWs0aTEsyMANrdSPpUen63pkNjBDLNh0R + QRtY8gewoAr2jax/aN8Y0h80+XvBLYHy8Y/DrRqDawZrPzkhDeaNm0tjdjv7 + UWmsadHqN9O8uEm8vadrc7Vwe1Goaxp081m0UuRFKGb5WGBj3FAF64fXfIk3 + x2+3ac4LZxiq+mtrQsIBAkBj2jbuLZx74qxca9pTwSIsxJZSB8jdSPpVfTda + 0y3sIIZZdrooBG1jz+AoAhtm1j+07wxpD5uI94Jbb04x/WjUm1gtaeekI/fp + s2lvvc4zntRbaxp0ep3lw8uI5RHtO1udoweMZo1LWNOuGtDFLu8qdHb5WGFG + cnkUAaEr695b7o7fGDnBaqelNrI0+AW6QGPHy7i2cZ74q5Lr+ktG6iY5II+4 + 3+FU9K1rTbfT4IJpdrouCNrHv7CgCOBtY/tW5KJD5uxNwJbbjtijVG1grbfa + EhH79Nu0t97nGc9qINY05NVubhpcRyIgU7W5I68YzRqmsadcLbCGXd5c6O3y + sMKM5PIoA0mfX9pzHb9PVqztIbWBp0ItkhMWDgsWz1PXFaLeINJKkCY9P7jf + 4VnaRrOnWunQwTy7XQHI2sepJ7CgBI21f+1piqQ+d5S5GW27c8Y75o1VtYMM + X2hIQvmpjaWzuzxnPaiPWNOXVprky/u2iVQdrdQfTGaNV1jTriGJYZdxWVGP + ysOAeeooA1N+v/8APO3/ADasvR21gadELVITF82C5bP3jnp71qf8JBpH/Pc/ + 98P/AIVl6PrGnWunRQTy7XXdkbWPViewoAFbWP7YchIfO8kZGW27d355zRqz + awbZftKQhfMT7pbOc8daF1jThrD3Rl/dGEJna33t2cYxmjVtY065tljhl3MJ + Eb7rDgHnqKANTfr/APzzt/zasvR21gWQ+zJCY9zfeLZzk56Vqf8ACQaR/wA9 + z/3w/wDhWXo+sada2Qinl2uGY42sepJHQUAG7WP7Zzsh8/7P0y23Zv8Azzmj + V21g2TC5SER7l+6WznIx1o/tjTv7Z+1eb+6+z7M7W+9vzjGM9KNX1jTrqyaG + CXc5ZTjaw6EE9RQBqb9f/wCedv8Am1ZektrAtm+zJCV8x/vFs5zz0rU/4SDS + P+e5/wC+H/wrL0nWNOtrZo5pdrGR2+6x4J46CgAZtX/thCUh87yTgZbbt3fn + nNGsNrB06UXSQiL5c7C2fvDGM+9Daxpx1hLoS/uhCUJ2t13ZxjGaNZ1jTrrT + pYIJdzttwNrDowPcUAam/X/+edv+bVl6U2sCGb7OkJHmvncW+9nnGO1an/CQ + aR/z3P8A3w/+FZelaxp1tDMs0u0tK7D5WPBPHQUAErax/a0JZIfO8ttoy23G + ec9807V21g6dMLlIRFgZKls9R0zTZdY05tWhuRL+7SNlJ2t1J9MZp2r6zp1z + p00EEu53AwNrDuD3FAGgr6/tGI7fp6tWbpjawFufs6Qn9/Ju3FvvcZxjtWkv + iDSQoBmPT+43+FZumaxp1utyJpdvmTyOvyscqcYPAoAJ21j+1bYukPm7H2gF + tuO+ak1VtZOnzi4SAR7fm2ls9e2ajn1jTn1W2uFlzHGjhjtbgnpxjNSarrWm + 3GnzwQy7ndcAbWHf3FAFyJ9e8pNsdvjAxkt0xWfprawGu/ISE/v337i33uM4 + x2rQi1/SViRTMcgAfcb0+lZ+m6xp1u12ZZdvmzu6/Kxypxg8CgAuW1j+07My + JD5uJNgBbb05z/SptSbWjYTidIBHtO7aWzj2zUNzrGnSanZ3CS5jiEm47W43 + DA4xmptS1vTJ7CeGKXc7qQBtYc/iKALFu+u+RHsjt9u0YyWzjFUdPbWBNeeS + kJbzTv3Fsbsdvar1vr2lJBGjTEFVAPyN1A+lUdP1jToJrxpZcCWUsvyscjHs + KAC7bV/7RsTIkIkBk2AFsH5ec/h0qxqDa2bGcTJAI9jbtpbOMc4qvd6xp0mo + 2M6S5SEybjtbjcuB2qxqGt6ZNYzwxTZd0YAbWHJHuKAJLR9c+yw+XHAU2LjJ + bOMcZqnYNrAur3yUhL+YN+4tjOO1XLTXdLjtYY3mIZEUEbW6gfSqdjrGnQ3V + 7JJLhZZAV+VuRj6UAF62sfbbLzUhD7m2YLYzjnNWr19c+xz+bHAE8tt2C2cY + 5xVW91jTpb2yljlysTMWO1uARgdqtXuuaXLZzxRzEs8bKBtbqQQO1ABYvrf2 + K38qOAp5abcls4wMZqrZtrH2298pITJuTfktjO3jFWrHXNLisreKSYhkjRSN + rdQAD2qrZ6xp0V7ezSS4SVkKna3OBg9qAC/bWDc2XnJCG8w7NpbGcd6uXT65 + 9lm8yODZsbOC2cY5xVO/1jTprmzkjlysUhZvlbgY+lXLrXdLktZo0mJZkYAb + W6kfSgCLT21sWMAhSAx7F27i2cY71BaNq/8AaN8Y0hMp8veCW2j5eMfh1qfT + 9b0yCxghlmw6IoI2seQPYVBaaxp0eo307y4Sby9p2tztXB7UAGoNrBls/PSE + Hzhs2lvvY7+1Xp313yJN8dvt2nOC2cYqjqGsadPLZtFLkRTBm+VhgAe4q9Pr + 2lPBIizEllIHyN1I+lAFfTG1oWEAgSAx7Rt3Fs498VDbtrH9qXZRIfNxHvBL + bcY4x/WptM1rTLewghll2uigEbWPP4CobfWNOTVLu4aXEcqxhTtbnaOeMZoA + NTbVybT7QkI/fps2lvvc4zntWhK+veW+6O3xg55as/U9Y064Np5UufKnR2+V + hhRnJ5FaEuv6S0bqJjkgj7jf4UAUtKbWRp8It0hMePl3Fs9e+KZC2sf2rcFU + h87Ym4Ettx2x3p+lazpttp8EE0u10GCNrHv7CmQ6xpyarcXDS4jkRADtbkjr + xjNABqjawVtvtCQgeem3aW+92zntWkz6/tOY7f8ANqzdU1jTrhbcQy7vLnR2 + +VhhR1PIrSbxBpO0/vj/AN8N/hQBnaQ2sDToRbJCYsHBYtu6nrikjbV/7XlK + pD53lLkZbbtzxjvml0jWdOtdOhgnl2ugORtY9ST2FJHrGnLq81yZf3bRKoO1 + uoPpjNABqrawYYvtKQhfNTG0tndnjOe1am/X/wDnnb/m1Zeq6xp1zDEsMu4r + KjH5WHAPPUVqf8JBpH/Pc/8AfD/4UAZejtrA0+MWqQmPLY3ls/eOenvQrax/ + bDEJD53kjIy23bu/POaNH1jTrXT44J5drqWyNrHqxPYULrGnDWGuvN/dGEJn + a33t2cYxmgA1ZtYNqPtKQhN6fdLZznjrWpv1/wD552/5tWXq2sadc2ojhl3M + HQ42sOAeeorU/wCEg0j/AJ7n/vh/8KAMvSG1gWQ+zJCU3N94tnOeelG7V/7Z + B2Q+f9n6Zbbs3fnnNGkaxp1tZiKeXa25jjax4JyOgo/tjTv7ZF15v7r7Pszt + b727OMYz0oANYbVzYt9qSER7lzsLZzkY61qb9f8A+edv+bVl6xrGnXVi0MEu + 5yynG1h0IJ6itT/hINI/57n/AL4f/CgDL0ltYFs/2ZISvmPncWznPPTtViA3 + x12P7Ysat5LfcJxjPv3zVfSdY062tnSaXaxkdvuseCeOgqxBf2t7rsb2z7h5 + LL0I5znv7UAdLRRRQAUUUUAFFFFABRRRQB//0f3jn/5Dlr/1yen67/yCbj6D + +YrIl0qJdVgt/Olw8bnO87hj0NO1bSYbfTpplmmYqBwzkjqOooA6iL/VJ9BW + Ro3/AC/f9fUv9KZHokBRT58/IH/LQ1n6ZpUU/wBr3TSr5dxIg2uRkDHJ9/eg + DTuv+Q3Y/wC5L/Kp9a/5BVz/ALlYtxpUSapawCaUiRXJJc7hgdjUmp6RDBYT + yrNMxVc4ZyR+IoA6O3/494v91f5VmaR/rb//AK+G/kKih0WBoUYzzjKg8SH0 + qhp2lQzSXYaaVfLmZRtcjOMcn1NAGpe/8hjTfpN/6CKsav8A8gy5/wCubVh3 + WlQpqVlCJpSJfNyS5JG1c8Ht71NqOkQw2M8qzTMUQnDOSD9RQBvWf/HnB/1z + X+VZ2lf8fWof9dv6VBbaNA9tE5nnBZFOBIcciqdhpUU1xeIZpVEcm0Ycgnjv + 6mgDUv8A/kKab/vSf+g1b1P/AJB11/1yf+RrAvNKhjv7KITSkSl8kuSRhc8H + tVm+0eGKyuJRPMSkbHBckHA7igDZ0/8A48Lb/rkn/oIqjpv/AB/6j/10X/0G + qtno0MlpBIZ5gWRTgSEDkdqq2WlRS3d7GZpQInUAhyCcjv60Aaepf8f+nf8A + XRv/AEGr+of8eFz/ANcn/wDQTXO32lRRXdlGJpSJXYElySMDt6VavNGhjtJ5 + BPMSqMcGQkcDvQBq6X/yDbX/AK5J/Kqen/8AIU1L/ei/9BqpYaPDLZQSmeYF + 0U4DkAZHYVXs9Kikv76IzSgRFMEOQTlc8nvQBqap/wAfWn/9dv6Vo3n/AB6T + /wC438q5q/0qKGezQTSt5ku05ckjjt6GrtzosCW8riec7UY4MhxwKAL+kf8A + IMtv+ua1Wsv+QzqP0h/9Bqlp2kQzWMErTTKXQHCuQB9BUNrpUT6lewGaUCIR + 4IcgncueT39qANPV/wDW2H/Xwn9a1Lj/AI95f91v5VzGo6VFC9oFmlbzJlU7 + nJxnPI9DV+bRYFhdhPOcKTzIfSgC1ov/ACCrb/d/rUVr/wAhq9/3Iv5Vn6Xp + MM+nwTNNMpZc4VyB+AqODSoX1S6gM0oEaoQQ53HI7mgDU1n/AJcf+vqL+ta0 + n+rb6GuV1PSooPsu2aVvMuI0O5ycA55HvWi+iQBGPnz8A/8ALQ0ATaF/yCbf + 6H+ZpkH/ACHLr/rklZuk6TDcadDM00ylgeFcgdT0FNi0qJtVnt/OlASNDkOd + xz6mgDT1v/U23/XxH/Oto9K5LVNKigjgKzStvmRfmcnGe4960/7Dg/5+J/8A + v4aAF8Pf8ge3/wCBf+hGiP8A5D8v/XBf/Qqy9H0qK502GZppVLbuFcgcMRwK + E0qI6vJb+dLgQhs7zu64xn0oA1Nc/wCPWL/rtH/OtmuS1XSobe3R1mlbMiL8 + zkjk1p/2HB/z8T/9/DQAeH/+QZH/ALz/APoRpR/yMDf9ew/9DrL0fSormxSV + ppVJLDCuQOGI6UDSov7YNt50u0QBs7zuzuxjPpQBp6//AMg//ton/oVbVclq + +lRW9n5izSsd6DDOSOTWn/YcH/PxP/38NAC6D/x4n/rpJ/6FQ3/IwL/17H/0 + OsvSdKhuLQyNNKp3uMK5A4NB0qL+2FtvOl2mAtned2d2MZ9KANTxB/yCpfqn + /oQrZrktY0qK3sJJlmlYgrwzkjlgOlaf9hwf8/E//fw0ALof/HrL/wBdpP50 + kv8AyHoP+uDfzrM0rSobiCR2mlXErr8rkDg/zok0qIavFb+dLhombO87uD6+ + lAGp4g/5BFx/wH/0IVsDoK5PWNKittNmmWaViu3hnJHLAcitIaJBgf6RP/38 + NAC6J/qrr/r4k/pS3H/Ictf+uUlZel6VFOlwWmlXZM6/K5Gcdz70TaVCuq28 + HnSkOjnJc7hj0NAGvrv/ACCbn/dH8xWnF/qk+grmNV0mG30+aZZpmKgcM5I6 + 9xV2PRICinz5+QP+WhoAfo3W/wD+vqT+lF3/AMhqx/3Zf5VmaZpUU5u900q+ + XO6Da5GQMcn396LjSok1S0gE0pEiyEkudwwOxoA2ta/5BVz/ALlXbb/j2i/3 + F/lXOanpEMFhPKs0zFVzhnJH4irUGiwNDGxnnGVB4kPpQBNpP+uv/wDr4b+Q + ovf+Qxpv/bb/ANBFZenaVFNJeK00q+XMyja5GcAcn1NF1pUUepWMImlIl83J + LkkbVB4Pb3oA3dW/5Bl1/wBc2/lX5DX/APx/XH/XR/5mv1j1HSIYbGeVZpmK + IThnJB+or8m77/j9uP8Aro/8zX7L4RfFif8At3/24/PePdqP/b36Hsv7PP8A + yU+x/wCuNx/6LNfoDP8A8fNv9W/lX59fs+xiT4m2KEkfubjocH/Vmvvya2VZ + 4V3v8xbq3PTtXmeJ/wDyMY/4F+bO/gr/AHR/4n+SL9x/x7y/7rfypbf/AFEf + +6P5VUmtEWGRt7nCk8t7UQ2iNCjb3GVB4b2r85PriS3/ANfcf7w/lRc/663/ + AN4/yqtDbK00yl3G0jo3t3ontlWWFQ7ncSOW/lQM0J/9RJ/un+VJbf8AHvF/ + uj+VVpbRFidt78Kf4vamwWiNCjb3GVB4agRLB/x9XP8AwH+VLc/6yD/f/pVW + K2VridN7/Lt/i55HelntVV4QHc7mxy1AGhN/qn/3T/Ko7T/j2j/3RUElogjY + 734B/iplvao8CMXcZHZuKBk0P/H3cf8AAP5UXf3oP+ugqtHbKbmZN7/Lt/i5 + 5Hei4tlQxYdzucDls0Aab/cb6GoLP/j1j+lRvZoEY736H+KobW1V4EYu4yOz + YFAFiP8A4/JvotJef8sP+uq1XS1U3Mqb34C/xc80lzbKnlYdzukUctnrQI1D + 0NVbH/j0j/H+dIbNMH53/wC+qr2lsslujl3Gc9GwOtAFhP8Aj9k/3RRe/cj/ + AOui1WW2U3TpufAUHO7mi6tlRUIdzlwOWz1oA1ap2H/HpH+P8zS/Y0/vv/31 + VW0t0e2WRnZeucNgDBoAsr/x/t/1zH86L7/Ur/vL/Ovm/wAf/tDeCPCF1NYa + M769fxjbiCQCFX9GmwQceihvQ4NfIXi745fEXxc8kcupvp9m/S3tCYlx6Fs7 + 298tj2FfW5VwZjMSlJrkj3f6Lf8AI+LzjjzA4RuCfPLtH9Xt+bP0o8Q/ELwR + 4ULJ4h1u1spVGTE0gMuP+ua5c/lXh95+1R8N9Lj8iyivdSYE4aKFUjPPrKyN + /wCO1+dLMzsXcksxySeSSantrS6vZRBZwvPKeixqWY/gOa+3wvh7hIK9abl+ + C/r5n5/jPE3G1HahBRX3v/L8D7SvP2v4RdmXT/C7Om3aDLdhT1z0WM/zrJuP + 2vdYnGweG4FTIP8Ax8MTx77f6V872Hwt+I+pf8efhrUGBGQWt3QEeoLgA1tH + 4H/FdY/Nbw3cBfcoD+W7Ndf9gZJDSSj85P8AzOP/AFk4gqax5reUF/8AIn0H + bftivuAvPCoK9zHec/kYv612Oh/tX+AZVWHVLC/sWYklgiSxjPqVcN+S18d3 + fwh+KFihkn8MX5UdfLgaT/0DdXD32malpj+XqVpNaOe0sbRnj2YCj/VLKa38 + JfdJv9WH+uudYfWs/wDwKKX6I/VrQPiz8OPE99GNH1+2d3TCxyt5EhYnoElC + sT9BXol//wAer/h/OvxTr0Lwv8VPHvhDZFo2rzC2TH+jyt5sGB2CPkL/AMBw + fevCx/hzpfDVPlL/ADX+R9Dl3ilrbF0vnH/J/wCZ+u1U7L/Vv/vtXyZ4D/af + 8NawYrDxtDJo902F+0RM0lsx9SPvx/8Ajw9WFfUWlNZalZre2Vz59vKSY5In + DI69iCODn1r8/wAxyjEYSXLXhb8n6M/S8rzrDY2PPhpp/mvVbmi3/H8n+4f5 + 0t//AMekn4fzFVWtl+1rHvfBUnO7mlu7ZY7d3DucY6tkda809Q1B0qpZ9Jf+ + ujUgs0x99/8Avqq9taq4ky7jDsOGx0oAsSf8fsX+61Ovf+PWT6VUe2UXUab3 + wQTndzTrq1VLd3DucDu2RQDNFPuL9BVWz/5b/wDXVqRbNCoO9+n96q9tbK/m + 5dxtkYcNjpQBZl/4/IPo38qku/8Aj2k+lUpLZRcwpvf5g38XPAp9zaokDsHc + 4HdsigGX4/8AVr9BVa1+/P8A9dDTUs0KKd78gfxVBb2yu0oLuNrkcNQBZm/4 + +7b/AIH/ACqW6/49pP8AdNUZbZVuIE3vht38XPA7VJcWqLA7B3OATy3FAF2H + /Ux/7o/lVe2/11x/vf0pkVojRod78gfxVDBbK0kwLONrY4b+dAFqf/j5t/q3 + 8qluP+PeX/db+VUZbZVmhXe/zE9W56dqkmtEWGRt7nCk8t7UAWrf/j3i/wB1 + f5VDb/8AHxcfVf5VHDaI0MbF3GVB4b2qKG2Vppl3uNpHRvbvQBZuf9db/wC8 + f5VPP/qJP90/yrPntlWWFQ7ncxHLfyqaW0RYnbe/Cn+L2oGfFn7Tf/Id0H/r + xP8A6Ga+Za+l/wBpiMJr2hkEndZE8n/bPSvmiv6b4J/5FVD0f5s/F+JP9+q+ + v6I/VHw5/wAil4P/AOvWz/8ARK13d3/x6zf7jfyrzPw1psS+E/CpEsv761tA + fnPGYVPy+ldpcaLAlvK4nnO1WPMhxwK/mPH/AMep6v8AM/ZcL/Cj6IvaP/yC + 7b/cFQWf/IZ1D6Q/+gmqOm6RDNYQStNMpZQcK5AH0FQ22lRPqd5AZpQIxHgh + zk5Hc965Dc1NY+/Yf9fKf1rUn/1En+6f5Vy+paVFC1oFmlbzJ1U7nJwDnkeh + q/LosCxO3nznAJ/1h9KALWif8gq2/wB3+tQ23/IbvP8ArnHVDS9Jhn0+CZpp + lLLnCuQOvYVHBpUTarcwGaUBEQghzuOfU0Aaetfdsv8Ar6i/rWw/3G+hrlNT + 0qKAWxWaVt86Idzk4BzyPetF9EgCk+fPwP8AnoaAJdB/5BFv9D/6EabD/wAh + 24/64p/OszSNKhuNOhmaaZSwPCuQOp6Cki0qFtWmt/Olwsatned3J7mgDU1v + /UW//XeP+dbNclqmlRQRQss0rbpkX5nJ6nqPetP+w4P+fif/AL+GgA8Pf8gi + D/gf/oRoT/kYJP8Ar3H/AKFWZo2lRXOnRTNNKpbdwrkDhiOlC6VEdYe286Xa + IQ2d53fexjPpQBp67/x5p/11j/nW1XJatpUVvbK6zSsTIgwzkjk1p/2HB/z8 + T/8Afw0ALoH/ACDV/wB9/wD0I0f8zD/26/8As9ZekaVFcWSytNKpLMMK5A4J + HSj+yov7Z+zedLt+z787zuzvxjPpQBqa/wD8g4/76f8AoQrZrktX0qG3sjKs + 0rHcowzkjkgdK0/7Dg/5+J/+/hoAXQv+PJv+usn/AKFSP/yMEf8A17n/ANCr + M0nSobi1MjTSqQ7jCuQODQ2lRDWEtvOl2mEtned33sYz6UAafiH/AJBM31T/ + ANCFbVclrGlRW2nSzLNKxUrwzkjlgOlaf9hwf8/E/wD38NAC6J/x7z/9d5P5 + 0S/8h23/AOuL/wA6y9K0qGeGVmmlXbK6/K5HQ/zok0qIatDb+dLhombO87uD + 6+lAGrr/APyCLj6L/wChCtdfuj6Vymr6VDb6dNMs0zFQOGckdR1FaK6JBgf6 + RP8A9/DQA7RfuXf/AF8y/wBKS5/5Dln/ANc5KzNL0qKdbktNKuyd1+VyMgdz + 70TaVEuq20AmlIdHOS53DHoaANjW/wDkFXP+7/WtGH/Ux/7o/lXM6rpMMGnz + zLNMxUZwzkjr3FXYtEgaNG8+fkD/AJaGgCTR/vX/AP18yf0ou/8AkM2H+7L/ + ACFZem6VFM12GmlXy53UbXIyBjk+pouNKhTU7OATSkSCTJLnIwOx7UAbes/8 + gu5/3DVu1/49ov8AcX+Vc9qWkQwWE8qzTMVUnDOSD9RVmDRYHgjYzzjKg8SH + HSgCXSf9fqH/AF3P8hRff8hfTP8Att/6DWZp+lRTS3itNKvlylRtcjPHf1NF + 3pUUeo2MImlIl8zJLkkbVzwe3vQBu6t/yDLr/rm38qmsf+PK3/65p/IVh6hp + EMNjPKJpmKIxwzkg4HcVLa6NBJawyGeYFkU4EhA5HagCxpn/AB+aj/11H8qN + Q/5CWm/78n/oNZdjpUUtzeIZpQI5AAQ5BPHf1ovNKijvbKITSkSs4JLkkYGe + D2oA6DUv+Qddf9cn/wDQTS6d/wAg+1/65J/6CKx77R4YrK4lE8xKRucGQkHA + PWlstHhls4JDPMC8anAkIAyO1AFnTv8AkJal/vp/6DRqf/H7p3/XU/yrMstK + ilvb2IzSgRMoBDkE5Hc96L7SoorqyjE0pEshBJckjjt6UAdHff8AHlcf9c3/ + AJGotK/5Btr/ANc1/lWbdaNBHazSCeYlUY4MhI4HeotP0eGaxglM8yl0U4Dk + AZHYUAXbH/kLal9Yf/QaNV/4+NP/AOu4/kay7TSoZNRvoTNKBF5eCHIJ3Lnk + 96NQ0qKGazUTSt5koU5cnHHb0NAHTXX/AB6zf7jfyqpo3/ILtv8AcFUbjRYE + gkcTznapPMhxwKr6bpEM9hBK00yllBwrkAfQUAXrP/kNah/uxf8AoNGsffsP + +vmP+tZltpUT6neQGaUCMR4Ic5OR3PejUtKiha0CzSt5k6Kdzk4BzyPQ0AdT + N/qZP90/yrO0T/kFW3+7/Wq8uiQLG7efPwD/AMtDVLStJhn0+CZpplLDOFcg + dewoA0bb/kN3n/XOOk1r7ln/ANfMX9azIdKibVLmAzSgIiHIc7jn1NGqaVFA + tsVmlbfOi/M5OAc8j3oA6t/uN9DWToH/ACCLf6N/6EaY2iQBSfPn6f8APQ1n + aRpUNxp0MzTTKWB4VyB1PQUAaUP/ACHrj/rin86XW/8Aj3g/67x/zrLj0qJt + Wmt/Olwsatned3J7n0o1TSooIYmWaVt0qL8zk9T/ADoA62sbw/8A8gmD6v8A + +hGk/sOD/n4n/wC/hrM0fSobnTopmmlUtu4VyBwxHSgDUT/kPyf9e4/9Co13 + /jzT/rrH/OstdKiOsPb+dLgQhs7zu+9jGfSjVtKit7ZXWaViZEGGckcmgDra + xdA/5Bq/77/+hGj+w4P+fif/AL+GszSNKiuLIStNKpLMMK5A4PpQBqf8zD/2 + 6/8As9Gv/wDINb/fT/0IVl/2VF/bP2bzpdv2ffned2d+MZ9PajV9Kit7JpVm + lYhlGGckckDpQB1tY2hf8eb/APXWT+dJ/YcH/PxP/wB/DWZpOlRXFsztNKpE + jjCuQODQBpv/AMjBH/17n/0Kl8Qf8gmf6p/6EKy20qIawlt50uDCWzvO772M + Z9KNY0qG206WZZpWK7eGckcsB0oA62sXQ/8AUXH/AF3k/nR/YcH/AD8T/wDf + w1maVpUVxFMzTSrtldflcjoe/vQBqTf8h23/AOuL/wA6dr3/ACCLj6D/ANCF + ZMmlRLq0Nv50uGjZs7zu4PY+lLq+lQ2+nTTLNMxUDhnJHUdRQB1SfcX6CsjR + fu3n/XzL/SmrokBUHz5+n/PQ1m6ZpUU63JaaVdk8ija5GQMcn3oA1Ln/AJDd + n/1zkqTW/wDkFXP+7/WsebSol1S2gE0pDo5yXO4Y9DT9V0mGDT55lmmYqM4Z + yR17igDpYP8AUR/7o/lWVo/37/8A6+ZP6VHFosDRI3nzjIB/1h9KoabpUUzX + YaaVfLndRtcjIGOT6mgDTvP+Q1p/+7L/AOg1Y1j/AJBdz/uGsS50qJNTs4BN + KRIJMkucjA7HtU2paRDDYTyrNMxVScM5IP1FAHQWv/HrD/uL/Ks3Sv8Aj41D + /ruf5CoLfRYHgjczzjcoPEhxyKpafpUM014pmlXy5Sow5GeO/qaANO//AOQt + pv1l/wDQat6r/wAg26/65t/KsG70qKPUbGETSkSmTJLkkYXPB7VPqGjww2M8 + onmYojHBckHA7igDcsP+PG3/AOuafyFZ+mf8fuo/9dR/Kq9po0MlrDIZ5gWR + TgSEDkdqqWOlRS3V6hmlAjkABDkE8d/WgDU1H/kI6d/vv/6DV3Uf+Qfdf9cn + /wDQTXPXulQx3tlEJpSJWYElySMDPB7VavdHhis55BPMSkbHBkJBwO9AGtpv + /IOtf+uSf+giqen/APIS1L/fj/8AQaqWOjwy2VvKZ5gXjQ4EhAGQOlVrPSop + L29iM0oETIAQ5BORnk96ANPVP+PzTv8Arqf5VoX3/Hlcf9c3/ka5y/0qKK5s + 0E0pEkhBJckjjt6VcutGhjtZpBPOSqMcGQkcCgDR0n/kGWv/AFzX+VVbH/kL + 6n/2x/8AQap6fpEM1jBK00yl0U4DkAZHYVBaaVFJqN9CZpQIvLwQ5BO5c8nv + 7UAamrf6/T/+u6/yNaV1/wAe0v8AuN/KuZ1DSooZbNVmlbzJgp3OTjjqPQ1e + n0WBIJGE85wpPMhx0oAu6N/yC7b/AHBVe0/5DV//ALsX8qo6bpEM1hBK00yl + lBwrkD8BUVvpUT6ndwGaUCMRkEOcnI7nvQBp6z96w/6+o/61rTf6mT/dP8q5 + bUtKigNoFmlbzJ0Q7nJwDnkehrQl0SBY3bz5+Af+WhoAsaH/AMgm2/3T/M1H + b/8AIcu/+ucdZ2laTDPp8MzTTKWGcK5A69hTIdKhbVbiDzpQERDkOdxz6mgD + U1r7lp/18xf1rYb7p+lcnqmlRQLbFZpW3zovzOTgHuPetJtEgwf9In/7+GgB + +gf8gi3+jf8AoRpsX/Ien/64r/Os3SNKhuNOhmaaZSwPCuQOp6Ckj0qI6vLb + +dLhYlbO87uT6+lAGnrn/HvB/wBd4/51tVyWq6VFbwxMs0rbpUX5nJ6n+daf + 9hwf8/E//fw0AL4f/wCQTD9X/wDQjQv/ACMD/wDXsP8A0OsvR9KiudPjmaaV + SS3CuQOGI6ULpUR1hrbzpcCENned2d2MZ9KANTXf+PJf+usf/oVbNclq2lQ2 + 9qJFmlYl0GGckcmtP+w4P+fif/v4aADQP+QcP99//QjQf+RiH/Xr/wCz1maR + pUVxZiVppVO5xhXIHBo/sqL+2RbedLt8jfned2d2MZ9PagDT8Qf8g1/95P8A + 0IVtVyWsaVFb2LSrNKxDKMM5I5I7Vp/2HB/z8T/9/DQAuhf8ekn/AF1k/nQ/ + /Ifi/wCvdv8A0KsvSdKiuLZ3aaVSJHHyuQODViCyS012NEkd/wByzfO249cU + AdLRRRQAUUUUAFFFFABRRRQB/9L9z5ZdW/tWBmhjEojbaNxwR3yafq0urtp0 + wuIYljwMlWJPUUkur6c2rW9wswMaRuCcHgnp2p2r6xptzp08MMwZ2AwMH1Ht + QBdjm1zYuLeHGB/GaztMl1Yfa/IhjbNxIWyxGG4yB7Vpx67pIRQbgZAHZv8A + Cs3S9X06D7X50wXzLiR14PKnGD0oAS4l1Y6pas8MYlCvtAY4Ixzk1LqcusGw + nE8ESxlfmIYkgVHcavpz6raXCzAxxrIGODxkcVLqms6bPp88MM4Z3XAGDz+l + AFmGbW/Jj228RG0Y+c9MVQ06XVhJd+TDGxMzb8sRhuMge1aMOu6UsMatcAEK + AeG9PpVDTdX06CS8MswUSTMy8HkHHPSgBt1Lqx1KyMkMYkHm7AGOD8vOan1G + XWDYziaCJYyh3EMSQKiutX06TU7GdJgUi83ccHjcuB2qbUtZ0yewnhinDO6E + AYPJ/KgCW2m1sW0Qjt4iuxcEuc4xxVKwl1YXF4YYY2Yy/PliMHHar9rrmlR2 + 0SPcAMqKCMHqB9Ko6fq+nQ3F68kwUSy7l4PIx9KAEvJdWN/ZGSGMSAvsAY4P + y85qzfy6ybK4EsESoY23EMSQMc4qC81fTpL+xmSYFIi5Y4PGVwO1Wb/WtLms + biKOcM7xsAMHkkfSgAs5daFpAI4IigRdpLHJGOKqWUurC7vTFDGXLrvBYgA4 + 7Vds9b0uKzgjecBkjUEYPBA+lVLHV9OivL2SSYBZXUqcHkAY9KAG30urG7sj + LDGrh22AMcE471bvJdaNpOJYIghRtxDHIGOaq32r6dLd2UkcwKxOxY4PAI+l + XLzW9Lls540nBZ42AGDySPpQBHYS6yLKARQRMgRdpLEEjHGarWcurC/vjHDG + ZCU3gscD5eMVasNa0yGxt4pJwrpGoIweCB9KrWer6dFqF9M8wCSmPacHnC4P + agBL+XVjPZmaGNWEvyYYnJx3q7cza2beUPbxBdjZIc5xiqmoavp009m8cwYR + S7m4PAx9Ku3OuaU9tKiXALMjADB6kfSgCvp0usCxgEMETRhBtJYgke9QWsur + DU70xwxmUiPeCxwPl4xVjTdZ0yCwghlnCuiAEYPB/KoLXV9Oj1O9neYCOUR7 + Tg87Vwe1ACalLqxks/PhjUiZdmGJy3YH2q/NNrfkybreIDac/OemKo6lq+nT + yWZimDCOZWbg8KM89K0Jtd0poZFW4BJUgcN6fSgClpcusLp8AggiaMLwSxBI + qOCXVhql0yQxmUqm4FjgDHGDU2l6zptvp8EM04V0XBGDx+lRwavpyapdXDTA + RyLGFODyQOe1ADdTl1Zvsvnwxri4jK4YnLc4B9q0Xm1zY2beHGD/ABmqGp6v + p0/2Typg3l3EbtweFGcnpWi+u6SUYC4GSD2b/CgDP0mXV106EW8MTR4OCzEH + qaZFLq39qzssMZlMabhuOAO3NSaRrGm2+nQQzTBXUHIwfU+1Ni1fTl1ae4aY + CN40AODyR17UAN1WXVmjg+0QxqBMm3DE5bsPpWmZtd/594f++zWbqur6dcRw + LDMGKTIx4PAHU9K1Dr2k/wDPwPyb/CgDK0aXVl02EW0Mbx/NgsxB+8c/rQku + rf2vIwhj87yRkbjjbnrn1p2javp1rpsME8wR13ZGCerE9hQmr6cNYkuTMPLM + IUHB6g5x0oAbqsurNboLiGNV8xMFWJ5zxWp52u/8+8P/AH2azdW1fTri3jSG + YMwkRjwegPPatT+3tI/5+B+Tf4UAZOjy6stggtoY3jy2CzEH7xzQJdW/tkt5 + MfneQBt3HG3d1z65pdG1fTrawSGeYI4ZjjB7sT6Uo1fTv7ZN15w8ryAm7B+9 + uzjp6UAN1eXVms8XMMapvTlWJOc8Vqedrv8Az7w/99mszWNX065s/KgmDNvQ + 4wegPPatX+3tI/5+B+Tf4UAZOky6stoRbwxsm9+WYg5zzQZdW/thW8mPzvII + 27jjbu659c07SNX062tDHNMFbe5xg9CeO1B1fTv7ZW584eUICm7B+9uzjpQA + 3WJdWbT5BcwxrHlclWJP3hj9a1PO13/n3h/77NZus6vp1zp8kMEwZyVwMHsw + PpWp/b2kf8/A/Jv8KAMnSpdWWCQW8MbL5r53MRznmiSXVv7XiYwx+d5TYG44 + 2565p2k6vp1vBIk0wUtK7Dg9CeO1JJq+nHWIrkTDy1iZScHqT06UAGsS6s2m + zC5hjSP5clWJP3hWkJtdwP8AR4f++zWdrOr6dc6bNBBMHdtuBg9mB7itMa9p + OB/pA/Jv8KAMrS5dWVLj7PDGwMz7tzEYbuB7UTS6t/atuzQxiUI+0bjgjvk0 + ulavp1vHcCaYKXmdhweVPQ9KWbV9ObVre4WYGNI3BODwT07UALq0urtp8wuI + YljIGSrEkcir0c2ubFxbw4wP4zVPVtY02406eGGYM7AYGDzyPar0eu6SI1Bu + BkAdm/woAzNMl1ZTd+RDG2bhy2WIw3GQPai4l1Y6paM8MYlCybQGOCMc5NLp + mr6dAbvzZgvmXDuvB5U4welFxq+nPqlpcLMDHGsgY4PGRx2oAk1OXWGsJxPB + EsZX5iGJIFWoJtbEMYS3iK7Rj5z0xVbVNZ0240+eGGcM7rgDB5/SrcGuaUkE + aNcAFVAPDdh9KAM7TpdWEl55MMbEzNvyxGGwOB7UXUurHUrEyQxiQebsAY4P + y85/Cnadq+nQyXjSzBRJMzLweQQOelF1q+nSalYzpMCkXm7jg8blwO1AEuoy + 6ybGcTQRKhQ7iGJIHtX5N33/AB+3H/XR/wCZr9ZtR1rTJrCeKKcM7oQBg8k/ + hX5M33/H7cf9dH/ma/ZfCL4sT/27/wC3H57x7tR/7e/Q9h/Z9Mg+JtiYgC3k + 3HX/AK5mvvyVrrz4dyKGBbHPtXwH+z7IkXxNsXkOAIbj/wBFmvv2a7t2nhdX + yELZ4PcfSvM8T/8AkYx/wL82d/BX+6P/ABP8kPme88mTcigbTnB7YpYXvPKT + aikbRjntiia9tnhkVXySpA4Pp9KWG9tlhRWfBCgHg+n0r85PrrkMLXQmm2op + JIzz7UTNdGWHcig5OMGlhu7dZpmZ8BiMcH0onu7d5YWV8hWJPX0+lAEkr3nl + PuRANpzz7UkDXghTaildoxk9qdLe2rROqvyVIHB9PpSQXlskMas+CFAPB/wo + C5FE119omKou47cjPtxRO13vi3ooO7jB70sV3brcTuz/ACvtxwewonu7d3hK + vkK2TwelAXJZHvfLbciYwc80y3a8ECBEUrjjJqSS9tWjZQ/JB7H/AAplveWy + QIjPggc8H/CgLkcbXX2mYqi7vlzzx04ouGuiYt6KPnGMHvSxXdutzNIX+Vtu + Dg9hRcXdu5i2vna4J4PT8qAuTO97tOUTGD3qK2a7ECCNFK44yame+tSjASdQ + ex/wqK1vLaO3RHfBA54P+FAXGI139plIRd2FyM8UXLXR8reij94uMHvSpd24 + uZZC/wArBcHB7UXN3byeVsfO2RSevQfhQBOXvsH92n51BaNdi3QRopXnGTz1 + qwb61wf3n6H/AAqC0u7eO3RHfDDOeD6/SgLjVa6+1OQi79oyM8YoumuiqeYi + gbxjB70q3duLp5C/ylQAcGvPPij8UfD3w80JdRvW+0XcrYtrVTh5WX3I4Ucb + m7e5IFb4bDVK1RUqSvJ7I58Vi6dCnKrVlaK3ZveMvHWkeAtJbWPEs8dtFyI0 + BzLKw/hjTqx/QdSQOa/O/wCJHx18WeOxJpdpK2l6Jyotomw0q56zOOWz/d+6 + PQnmvP8Axt448Q+P9cl13xFcebK3yxxrxHCnZI17AfmTySTzVvwJ8O/EnxC1 + MWGiQ7YUI865kyIYQf7zDqfRRkn0xkj9jyThfDZfT+s4ppyXV7L08/P7j8Mz + /i/FZnV+q4NNQeiS3l6+Xl95w6I8jrHGpZ2IAAGSSegAr6A8G/s3+PvEqR32 + sRDQbFyPmuR+/YH+7Dww/wCBla+wPhv8IfA3w4kjuYFF/qewA3k65ff38peR + GMZ6ZbHVjXsV1d28kYVHydwPQ14mc+IMm3DBKy/mf6L/AD+4+gyLw0gkqmPl + d/yr9X/l954L4V/Zs8AeHQst/ZHW7kfx3bkoD7RJtXH+9u+te0aHpVpo1kLb + RNPtrODJ+WFFiHX0UAVt/brT/np+h/wqtaXdvHAEd8EE9j6/Svz7GZniMQ71 + puXq/wBD9LwOVYXDK1Cmo+i/XcTddfbM7F3+X0zxjNF210Yf3iKBkdD70v2u + 3+2ebv8Al8vGeeufpRd3dvJDtR8nI7H1rhPQLG++/wCeafnWd9mF7Zva3NtF + cwOTuSUBlP1B4rS+3Wn/AD0/Q/4VWtLu3jiKu+DuJ7+v0pptaoGk1ZnjHij4 + CfDvxPKyto8emXDKSJLE+RjnrsAMZ/Fa+Z/G/wCy14t0KKS/8L3CazbLyYmx + FcAewJ2v+BB9Fr7/ADd2/wBsEu/5dmM4PXP0ovLu3lt2RHyxx2PrX0WXcV47 + DNcs7rs9V/mvkz5fNODsvxafNTUX3jo/8n80fjPf6ff6VeS6fqdtJaXUJ2vF + KhR1PoVYAiu++HvxX8YfDe8EmiXRksmbMtnKS0Enr8v8Lf7S4PrkcV+knjnw + J4D+IlobPxHbrJPGuI7iP5LiIHptfGcZ7MCp9K/PH4m/BzxD8O7h7oZ1DRmb + Ed2i/dyeFlX+A+/Q9jngfpmVcTYPMofV68UpPo9n6P8Apn5NnPCeNyqf1nDS + bivtLdeq/pdz70+HHxa0D4mRrNpLLb6jFH++s5W/eJ6kf31z/EPxAPFen3bX + Zt3EiKF4zg89a/G7R9Y1PQNSt9Y0a5e0vLVg8csZwyn+oPQg8EcHiv0c+Evx + v074k6U2kaqFs/ENugLxjhJ1BGZIv/Zl7dsjp8XxRwfLC3r4fWn17r/gef39 + z73hDjiOMth8VpU6PpL/ACfl93Y9+D33/PNPzqtbNdgSbEU/O2cnvVoX1p/z + 0/Q/4VWtru3jEm98bnYjg9DXwh+iXEdrr7VGSi7sHAzxS3TXZt3EiKFxzg0P + d25uo5A/yqpBPPf8KW6u7aS3dEfJI44P+FANkyve7RhE6etV7ZroebsRT+8b + OT3qwt9ahQDJ29D/AIVBbXdvH5u98bpGI69D+FAXEka6+0xFkXdhsDPHTmn3 + DXZgcOihcc4NNku7drmGQP8AKobJwe4+lOuby2eB0R8kjjg/4UA2SI97sXCJ + jA71BbtdBpdiKTvOcnvVhL61CKC/IA7H/CoLe7t0aYs+Nzkjg9KAuJK119og + LIu4bsDPHTmn3DXhhcOihcHODTZbu3a5gcP8qbsnnuPpT7i8tngdFfJIIHB/ + woC46J73y02omMDHNQwNdCSbYik7ucnvU8V7arEil+QAOh/wqGC7t0kmZnwG + bI4NAXEla786Esi7snHPtUsz3nkybkUDac89sVHNd27Twur5Ck54PcfSpJr2 + 2eGRVfJKkDg+n0oC4QveeTHtRSNoxz2xUULXXnTbUUsSM8+1Sw3tskMas+CF + APB9PpUcN3brNMzPgMRjg+lAXEma6MsO5FBycYNSyveeU+5Fxg559qjnu7d5 + YWV8hWJPX0+lSy3tq0Tqr8lSBwfT6UBc+Kf2mDIde0PeAB9iOMem8180V9L/ + ALTEiPr2hhTkrZEH67zXzRX9N8E/8iqh6P8ANn4xxJ/v1X1/RH6g+GpNT/4R + PwruijAFraeX8x5PkrjPpXaXE2tm3lD28QXa2SHPTFcZ4a1Swbwn4UUSgmC1 + tC/B4xCoPau0udc0p7eVFuASysAMN1I+lfzHj/49T1f5n7Lhf4UfRFbTZdYF + hAIIImjCjaSxBIqG2l1YaneFIYzKRHvBY4HHGKsaZrOmQWEEMs4V0UAjB4P5 + VDbavpyaneTvMBHKI9pwedo57VyG43UpdWLWnnwxridSuGJy3OAfatCWbXPK + fdbwgbTn5z6VR1LV9Ona0MUwby50duDwozk9K0Jdd0lonUXAJKkdG9PpQBR0 + uXV10+AQQRNGF4JYgkZqOCXVhqtyyQxmUom4FjgDtg1NpWsabb6fBDNOFdFw + Rg8c/SooNX05NVubhpgI5EQKcHkjr2oATVJdWYWvnwxrieMrhictzgH2rSeb + XNjZt4cYP8ZrO1TV9OuBa+TMG8ueN24PCjOT0rTfXtJKMBcDkHs3+FAGbpEu + rrp0It4Y2jwcFmIPU02KXVv7WmZYY/N8tcjccYzxzT9H1fTrbTYYJ5grqDkY + Pqfaki1fTl1ea4Mw8to1UHB6g/SgBuqy6s0UP2iGNR5yYwxPzZ4H0rU87Xf+ + feH/AL7NZuq6vp1xFCsMwYrMjHg9AeT0rU/t7SP+fgfk3+FAGTo0urLp0Qto + Y3j+bBZiD945/WhZdW/th2EMfneSMruONu7rn1pdG1fTrXTYoJ5gjruyME9W + J7ChdX04ay9yZh5RhChsHruzjpQAmrS6s1souIY1XzEwVYk5zxWp52u/8+8P + /fZrM1fV9OubZI4ZgzCRGxg9Aee1av8Ab2kf8/A/Jv8ACgDJ0iXVlslFtDGy + bm5ZiDncc0ebq39s7vJj877PjbuO3bv659c07R9X062sVinmCuGc4we7EjtR + /a+nf219q84eV9n2bsH72/OOnpQA3V5dWayIuYY1TcnKsSc5GK1PO13/AJ94 + f++zWbrGr6dc2RigmDMWQ4wegIJ7Vqf29pH/AD8D8m/woAydJl1ZbVhbwxsu + 9+WYg5zzQ0urf2wjGGPzvJOF3HG3d1z65p2kavp1vatHNMFYyOcYPQnjtSNq + +nHWUuRMPKEJXdg/e3Zx0oATWZdWbTpRcwxpHlclWJP3hj9a1PO13/n3h/77 + NZms6vp11p0sMEwd2K4GD2YHuK1f7e0j/n4H5N/hQBk6VLqywy/Z4Y2Hmvnc + xHzZ5FEkurf2tCxhj83ymwNxxjPPNO0rV9Ot4ZVmmClpXYcHoTwelEmr6c2r + w3ImHlrEyk4PUn6UAJq8urNp0wuYY1jwMlWJPUVorNru0f6PD/32aoaxq+nX + OmzQQTBnYDAwexB9K0V17SQoH2gfk3+FAGXpcurKtz5EMbZnctliMN3A9qJp + dWOq2zNDGJQj7RuOCO+TTtL1fTrdbkTTBd88jjg8qeh6Uk+r6c2rW1wswMaI + 4Y4PBPTtQA/VZdXbT5xcQRLGRyQxJHNXIptc8tNtvDjAx85qpqusabcafPDD + OGd1wBg88/SrsWu6SsSKbgZAA6N/hQBm6bLqwa78iGNszuWyxGG4yB7UXMur + HU7NnhjEoEmwBjg8c5NO0zV9Oga7MswXzJ3deDypxg9KLnV9OfVLOdZgY4xI + GODxuHHagCTUpdYNhOJ4IljKncQxJAqxBNrYgjCW8RXaMZc9MVBqes6ZPYTw + xThndSAMHk/lVm31zSkgjRrgAqoB4bsPpQBn6fLqwmvPJhjYmU78sRhsdB7U + XcurHUbEyQxiQeZsAY4Py85/Cl07V9OhmvGlmCiWYsvB5GOvSi71fTpNSsZ0 + mBSLzdxweNy4HagCbUJdZNjOJoIlQo24hiSBjtUtrLrQtYRHBEV2LglznGOK + ZqOtaZNYzxRThndGAGDySPpUtprelx2sMbzgMqKCMHqB9KAKNjLqwubwxQxs + xkG8FjgHHai8l1Y3tkZYYw4Z9gDHBOOc06w1fTobq9kkmCrLICpweRj6UXur + 6dLfWMscwKRM5Y4PGVwO1AFi+l1o2VwJYIghjfcQxJAwc4ospdaFnAIoIigj + XaSxyRgYpb7WtLlsriKOcFnjdQMHkkEDtS2Wt6XFZW8Uk4DJGgIweCBz2oAp + 2UurC9vTFDGXLLvBY4Bxxii/l1Y3VkZYY1YSHYAxwTjvS2Wr6dFfX0skwCSs + hU4POBg0X+r6dNdWUkcwZYpCWODwMfSgC3dTa0bWYSQRBdjZIY5xjmo9Pl1k + WMAhgiZAi7SWIJGOM1Nd63pclrNGk4LMjADB6kfSo9P1rTIbG3ilnCuiKCMH + ggfSgCraS6sNRvjHDGZD5e8FjgfLxj8KNQl1YzWfnQxqRKNmGJy2Ohp1pq+n + R6jfTvMAkvl7Tg87Vwe1Goavp001m0UwYRShm4PAx16UAXLibWzBIHt4gu05 + w56YqvpsusCwgEEETRhRtJYgkVauNc0p7eVFuASysBw3Uj6VW0zWdMgsIIZZ + wrooBGDwfyoAgtpdWGp3jJDGZSI94LHA44waNSl1YtaefDGuJ0K4YnLc4B9q + W21fTk1S8neYCOUR7Tg87Rz2o1PV9OnazMUwby50duDwozk9KAL8s2ueW+63 + hAwc/Oap6VLq66fALeCJowOCWIJ5q9LruktE6i4GSCOjf4VS0rWNNt9Pghmn + Cui4IweOfpQBFBLqw1W5ZYYzKUTcNxwB2waNUl1ZltvPhjXE6FcMTlucA+1O + g1fTk1W5uGmAjdECnB5I69qTVNX064W2EMwbZPG7cHhRnJ6UAaLTa5tObeHp + /fNZ2kS6sunQi2hjaPBwWYg9TWm2vaSVIFwOno3+FZ2j6vp1tpsME8wV1ByM + HuSfSgBkcurf2tMywx+d5S5G44xnjmjVZdWaGL7RDGo81MbWJ+bPApYtX05d + XmuTMPLaJVBweoP0pdV1fTriGJYZgxWVGPB6A8npQBpedrv/AD7w/wDfZrL0 + eXVl06IW0Mbx/NgsxB+8c/rWt/b2kf8APwPyb/CsvRtX06206KCeYI67sjB7 + sT6UANWXVv7YdhDH53kjI3HG3d1z65o1aXVmtlFxDGq+YnKsSc54py6vpw1h + 7kzDyjCFBweu7OOlGravp1xarHDMGYSIcYPQHntQBpedrv8Az7w/99msvR5d + WWyAtoY3Tc3LMQc55rW/t7SP+fgfk3+FZWj6vp1tYiKeYK4ZjjB7kkdKAE83 + Vv7Z3eTH532fG3cdu3f1z65o1eXVmsmFzDGqbl5ViTnIxTv7X07+2vtXnDyv + s+zdg/e35x09KNY1fTrmxaKCYM5ZDjB7MCeooA0vO13/AJ94f++zWXpMurLb + MLeGNl8x+WYg5zzWt/b2kf8APwPyb/CsvSdX063tWjmmCsZHOMHoTx2oAa0u + rf2wjGGPzvJOF3HG3d1z60axLqzadKLmGNI/lyVYk/eGP1pW1fTjrKXImHlC + EqWweu7OOlLrOr6dc6dLBBMHdtuBg9mB7igDS87Xf+feH/vs1l6VLqywzfZ4 + Y2HmvncxHzZ5H0rW/t7SP+fgfk3+FZWk6vp1vDMs0wUtM7Dg9CeD0oASWXVv + 7WhZoY/NEbYG44xnnmnavLq7adMLiGNY8DJViT1FEur6c2rw3AmHlrGyk4PU + n6Uusavp1zps0EEwZ2AwMH1HtQBfWbXNoxbw9P75rN0yXVlW58iGNszyFssR + huMge1ai69pIUA3A6ejf4Vm6Xq+nQLciaYL5k8jrweVOMHpQA2eXVjqtszQx + iUI+0bjgjvk1Jqsurtp84uIIljK8lWJI5ps+r6c+q21wswMaI4Y4PBPTtT9V + 1jTbjT54YZwzuuAMHnn6UAW4ptc8pNtvCRgY+c+lZ+my6sGu/IhjbM7lssRh + uMge1aUWu6SsSKbgAhQOjen0rO0zV9Oga8MswXzJ3deDypxg9KAEuZdWOp2b + PDGJQJNgDHB45yam1KXWDYTieCJYyp3EMSQKiudX059Us50mBjiEm44PG4cd + qn1PWdMnsJ4YpwzupAGDyfyoAmt5tbEEYS3iK7RjLnpiqOny6sJrzyYY2JlO + /LEYbHQVoW+uaUlvEjXABVVB4bqB9Ko6fq+nQzXjSzBRLKWXg8jHXpQA27l1 + Y6jYmSGMSAybAGOD8vOfwqxqEusmxnE0ESoUbcQxJAxzioLvV9Ok1GxmSYFI + jJuODxuXA7VZ1DWtMmsbiKKcM7owAweSR9KAHWkutC1hEcERTYuCXOcY4qnY + S6sLq9MUMbMZBvBYgA47VdtNb0uO0hjecBlRQRg9QPpVOw1fTobq9kkmCrLI + CpweRj6UAJey6sb2yMsMYcM2wBjgnHOatXsutGznEsEQQxtuIY5Axziq97q+ + nS3tlLHMCsTMWODwCMDtVq91vS5bK4ijnBZ43AGDySOO1ADbGXWhZW4igiKC + NNpLEEjAxmqtnLqwvb0xQxlyybwWOAdvGKt2OtaXFZW8Uk4DJGikYPBAAPaq + 1lq+nRX19LJMAkrIVODzhcHtQA2/l1Y3NmZoY1YSHYAxIJx3q5dS60bWYSQR + BdjZIc5xjmql/q+nTXNlJHMGWKQsxweBj6Vdu9b0uS1mjScFmRgBg9SPpQBB + p8usixgEMETIEXaSxBIx3qC0l1YajfGOGMyHy94LHA+XjH4VZ07WtMhsYIpZ + wroigjB4IH0qvaavp0epX07zAJL5W04PO1cHtQAmoS6sZbPzoY1ImGzDE5bH + Q+1Xp5tbMEge3iC7TnDnpiqeo6vp00tm0UwYRzBm4PAx16VeuNc0p4JEW4BL + KQOG7j6UAVNMl1gWEAggiaMKNpLEEioreXVhql2yQxmUrHvBY4HHGDU+mazp + kFhBDLOFdFAIweD+VQ22r6cmqXlw0wEcixhTg84HPagBNTl1ZjaefDGuJ0K4 + YnLc4B9q0JZtc8t91vDjBz85qhqer6dObTypg3lzo7cHhRnJ6Voy67pLROou + Bkgjo3+FAFDSpdXXT4RbwRNGBwWYgnmmQy6t/atwywxmUom4bjgDtg1LpOsa + bb6dBDNOFdBgjB45+lMh1fTl1W5uGmAjdEAODyR17UAN1SXVmW28+GNcToVw + xOW7A+1aTTa7tP8Ao8P/AH2az9U1fTrhbYQzBtk8bng8KOp6VpNr2klSPtA/ + Jv8ACgDM0iXVl06EW0MbR4OCzEHqaSOXVv7XmYQx+d5S5G44259afo+r6dba + bDBPMFdQcjB7kn0pser6curzXJmHltEqg4PUH6UAJqsurNDF9ohjVfNTG1if + mzwK1PO13/n3h/77NZmravp1xDEsMwYrKjHg9AeT0rV/t7SP+fgfk3+FAGTo + 8urLp8YtoY3jy2CzEH7xz+tCy6t/bDMIY/O8kAruONu7rn1zTtG1fTrbTo4Z + 5gjqWyMHuxPpQur6cNZa584eUYAm7B+9uzjpQA3VpdWa1AuIY1XenKsSc54r + U87Xf+feH/vs1m6vq+nXFqscMwZhIhxg9Aee1an9vaR/z8D8m/woAydIl1Zb + MC2hjZNzcsxBznmjzdW/tkN5MfnfZ8bdx27d3XPrml0fV9OtrIRTzBW3OcYP + QnjtR/a+nf20Lrzh5X2fZuwfvb846elACaxLqzWLC5hjRNy8qxJzkYrU87Xf + +feH/vs1maxq+nXNi0UEwdyynGD2IJ7Vq/29pH/PwPyb/CgDJ0mXVltnFvDG + y+Y+SzEHOeasQPetrsZu40RvJb7pzxn/ABqHSdX063tnSaYKxkdgMHoTx2qe + G+tbzXY3tpN48ll6Ec5z39qAOkooooAKKKKACiiigAooooA//9P94Z1X+3LY + YGPKen66qjSbggAcD+YrKl0tV1WCD7TOd0bncZPmGOwPpT9W0tYNOmmF1O+0 + D5Xkyp5HUYoA6WJU8tPlHQVk6Mqn7dkD/j6l/pSR6MpRT9suRkD/AJa//WrO + 0zTFm+15uZ08u4kT5ZMZxjk8ck9zQBpXSr/bVkMD7kv8qm1lVGl3OAPuVj3G + mKmqWsH2mc71c7jJ8wwOxxx71LqelLDYTyi6uH2rnDSZU/UYoA6C3Vfs8Xyj + 7q/yrM0lVMt/kD/j4b+QpkOjq0Mbfa7kZUHAl46fSqGnaWs0l4PtM6eXMy/L + JjOMcnjk0AaV6q/2xpwwOk3/AKCKsasq/wBmXOAP9W1Yt1papqVlD9pnbzPN + +YyZZcLng9s96n1HSVhsZ5ftVw+1CcNJkH6jFAG3Zqv2OD5R/q1/lWfpaqbr + UMgf67+lRW2jq9tE/wBruRuRTgSYAyO3FUtP0xZbi8T7TOvly4ysmCeOp45N + AGlfqv8Aaem8D70n/oNW9TVf7OuuB/qn/kawrzS1jv7GL7TO3mF+TJllwufl + OOPerN/pCxWVxJ9quG2RscNJkHA6EY6UAa+nqv2C2+Uf6pP/AEEVR05V+36j + wP8AWL/6DUFnpCyWkEn2u4XcinAkwBkdAMdKqWWlrJd3sf2mdfLdRlZMFsju + cc0AaWpKv2/TsAf6xv8A0Gr2oKv2C54H+rf/ANBNc/faYsV3ZR/aZ28x2GWk + yV47HHFW7zSFjtJ5Ptdw21GODJkHA6EY6UAaWmKv9nWvA/1afyqpYKv9qakM + D70f/oNVrDSVlsoJPtVwu5FOFkwBkdhjpVaz0xZL++i+0zr5RTkSYZsrn5jj + n2oA0tUVftOn4A/139K0bxV+yT/KPuN/Kucv9LWKezX7TO3mS7ctJkjjqOOD + V250dUt5X+13J2oxwZMg4HfigC7pKr/ZltkD/VrVezVf7Y1EYHSH/wBBqpp2 + krNYwS/arhNyA4WTAH0GKgtdMV9TvYftM48sR/MJMM2Vzye+O1AGlq6qJbDA + H/Hwn9a07hV+zy/KPut/Kua1LTFhkswLmd/MmVfmkzjPcehq/No6rDI32u5O + FJwZeOn0oAsaKqnS7bIH3f61Faqv9tXowPuR/wAqo6XpSz6fBKbq4TcucLJh + R9Bio4NLVtUuoPtM42Kh3CT5jkdzjn2oA0tZVf8AQcAf8fUX9a1pFTy2+UdD + XL6npaw/Zf8ASZ38y4jT5pM4znkccH0NaL6MoRj9sueAf+Wv/wBagCTQlU6T + bkgHg/zNMgVf7cuRgf6pKoaTpaz6dDMbmdNwPypJhRyegxTItLVtVng+0zjb + Gh3CT5jnsTjpQBpa2qiK2wB/x8R/zrZKJj7orlNV0xYI4CLmd90yL80mcZ7j + jrWmdFX/AJ/Ln/v7/wDWoATw+qnSLckA/e/9CNEar/b0owMeQv8A6FWbo2lr + cabDMbmePdu+VJNqjDEcDFCaWp1eS3+0z8Qht3mfN16Zx0oA0tcVRax4A/10 + f862dif3RXKatpawW6OLmd8yIMPJkcnr061qf2Kv/P5c/wDf3/61ADdAVTpi + ZAPzP/6EaAq/8JAwwP8Aj2H/AKHWbo+mLcWCSm5njyzDCSbRwx7UDS1/tk2/ + 2mf/AFAbd5nzfexjOOntQBpa8qiw4AH7xP8A0KtnYn90Vymr6YtvZ+YLmeT5 + 0GHkyOT6YrU/sVf+fy5/7+//AFqAG6EqmxOQP9Y//oVDKv8AwkCjA/49j/6H + WbpOlrPaFzczp87jCSYHB+lB0tf7YW3+0z8wFt3mfN97GM46e1AGlr6qNLlw + B1T/ANCFbOxP7orlNY0tbfT5JRczyYK8PJuXlgOmK1P7FX/n8uf+/v8A9agB + uhqptpcgf66T+dEqr/b0IwMeQ386zdK0tZ4JGNzOmJXXCSYHB69OtEmmKNXi + t/tM53RM27zPmGD0Bx0oA09fVRpFwQAPu/8AoQrXCJgfKK5bWNLW302aYXM8 + m3b8ryblOWA5FaQ0VcD/AEy5/wC/v/1qAE0VVMd1kD/j4k/pROq/23ajA/1T + 1m6Xpizx3BNzOmyZ1+WTGcdz70TaWq6rbwfaZzvRzuMnzDHYHHSgDV1xVGlX + BAA+UfzFacSp5afKOgrmtW0tYNPmlF1O+0D5Xkyp5HUYq9HoylFP2y5GQP8A + lr/9agBdGVSb7IH/AB9Sf0oulX+2rEYH3Zf5Vm6ZpizG7zczp5dw6/LJjOMc + njk+9FxpipqlpB9pnPmLIdxk+YYHY4496ANjWVUaXc4A+5V22Vfs8Xyj7i/y + rn9T0pYbCeUXVw+1c4aTKn6jFWoNHVoY2+13IyoOBLx0+lAD9JVTNf5A/wCP + hv5Ci9Vf7X03gc+d/wCgis3TtLWaS8H2mdPLmZflkxnAHJ45NF1papqVjD9p + nbzfN+YyZZdq5+U44z3oA29WVf7NucAf6tv5V+Q99/x/XH/XR/5mv1k1HSVh + sZ5ftVw+1CcNJkH6jFfk3ff8ftx/10f+Zr9l8IvixP8A27/7cfnvHu1H/t79 + D2T9nn/kp9j/ANcbj/0Wa/QGcD7Tb8d2/lX59/s+p5nxNsU3Ff3Nxypwf9Wa + +/JbYLPCvmOdxbktyOO1eZ4n/wDIxj/gX5s7+Cv90f8Aif5IvXAH2eXj+Fv5 + UtuB5EfH8I/lVWa1CwyN5shwpOC3HSiG0DRI3myDKg4DcdK/OT68fbgefccf + xD+VFwB51vx/Ef5VXhtg00y+Y42kchuTx3omtgssI8xzuJHLcj6UAX5wPJk4 + /hP8qS2A+zx8fwj+VVpbQLE582Q4U9W46UkFqGhRvNkGVBwG4oAkgA+1XHH9 + 3+VLcgeZBx/H/Sq0VsGuJk8xxt28huTkd6J7YK8Q8xzubHLdPpQI0JQPKfj+ + E/yqO0A+zR8fwioZLQCNj5shwD/FTLe1DwI3myDI6BuKBksIH2u44/ufyouw + N0HH/LQVXjtgbmZPMcbdvIbk5Hei4tghi/eOdzgct0+lAGk4GxuOxqCzA+yx + 8dqje0ARj5snQ/xVFbWoeBG82QZHQNgUATxgfbJuOy0l4B+44/5arVdLYG5l + TzHGAvO7k59aLm2CeV+8c7pFHLZxnuPegRpkDB4qrYgfZY+PX+dIbMYP76T/ + AL6qvbW6m2WRpXQYJOGwBigZzPjbxno/gHR7/wAS6yf3VuiiOMEBppW+5Gvu + x/IZJ4Br8sPG/jXW/H3iC48Q67Jull+WONf9XDGPuxoOwH6nJPJNd98cfiVJ + 4+8VywWE7PoumM0VqM5EhHDTH13H7vouO5Nch8N/AWo/ETxPb6FZ5jgyHuZw + MiGHOC31PRR3Ptk1+18L5JTy/DPFYnSTV35Lt69/uPwPi/P6uZ4tYPC6wTsk + vtPv6dvLU6j4P/B/VfijqrMzNZ6LZsPtNzjknr5ceeC5H4KOT2B+5tb8W+Bf + gX4HtbeOBY8Ky2tlER5s7g8sScnH992/U4BteJdU8IfA3wEht1eK3tV8q0tU + fDzzHnBOOpOWdvqeTgV+ZninxTrXjHWZ9d12czXExwB/BGg6Ig7KOw/E5JJr + y6FKtnlf2tW8aEXou/8AXV9Nl3PXxNahw9h/ZUbSxMlq+y/rZdd30R2HiX4w + +OPE3iu28WT3pt5tPlEtpDFxDBjsF/iyOGLZLDg8cV+jXgHx9pnxH8H2niGx + xHMWWO5hHWGdcbl+h6qe4I75r8k69Y+EHxIuPh34nS4mdjpN6VjvI1z90H5Z + AP7yZJHqMjvXs8TcL06+FSw8UpQ2S6rt/l5+rPB4S4vq4bFt4mbcKj95vo+j + /wA/L0R+r+B6VTsQPsy8dz/OobZLa9tory0unmgnRZI3R8qyMMhgR1BHIptp + bCSAN5jryeA2B1r8Qatoz+gk76osYH2/p/yy/wDZqL4DyOn8Q/nVf7MPtnl+ + Y/8Aq853c9emfSi7tgkO7zHbkcFsjrSA1MD0qnYgeSeP4m/nS/Yx/wA9pP8A + vqq1rbB4i3mOvzHo2KBlggfbxx/yz/rXP+OPEml+EPC994h1d9lvaKGwMbnY + nCovqzHgf4VsG3AuwhlfGzOd3PX19K/OD9oD4o/8Jv4hOhaNcNJoekuVQ7sr + POOGl9Co+6ntk/xYr6DhzI5Y7EKn9layfl/mz5riniCOX4V1PtvSK8+/ouv3 + dTjpPjH45Hjq58fWV61veXLjMQO6DyV+7CyHgoo49c/NkNzX3n8Kfin4Y+LG + i3Gm3cMcWpbWF3YS4dXjbgsgb78ZzgjqOh7E/lzWno+san4f1O31nRrl7S8t + WDxyIcFT/UEcEHgjg8V+t53wtQxVJKmuWcV7rXlsn5fkfinD/GOJwdZyqPnh + J3kn57tef59T6K+OnwJfwRNJ4l8KI02hyHdLDyz2hY469THngE8joc9a+cNN + 1K/0e/g1TS52trq1cPHIhwVYf55HQ9DX6afCn4haR8WtAK3YxfxRGK/tmO5T + uGNyg5zHIM8HpyDnGT8cfHf4Rv8ADfXVv9JRm0HUmJgY8+TJ1aFj+qE9V9SC + a8zhvPakpyy7Hr94tNeq7Pvp96/H1uKuHaUacc0y5/u3rp9l912V+nR/h9uf + Br4p2XxP8N/aJVSDV7Hal5CvTJ+7Ig67HwcehyOwJ9VtAMS8f8tGr8hvAPjX + VPAHiW18Q6W7fuzsmjB2iaFiN6H64yD2IB7V+rnhvUNP8SaPb65pVy8lpeqJ + I2BxlWGeR/eHQjseK+G4v4e+pVuemv3ctvJ9v8v+AfofBPE31+h7Oq/3kN/N + dH/n5+puSAfbYuP4Wp16B9lk47VVe2Auo08x+QTndzS3VqEt3bzHbA6Fsivk + D7ZmigGxeOwqrZgfv+P+WrULaAqD5snT+9Ve2tg/m/vHG2Rhw2M47n3oAsSg + fbIOOzfyqS7A+zScdqpyWwFzEnmOdwbndyMDtT7m1CQO3myHA6FsigGXowPL + XjsKrWoG+fj+M0iWgKKfNk5A/iqC3tg7SjzHG1yOG6/WgZYmA+12/H9/+VS3 + QH2eTj+E1SltgtxAnmOd27ktyMDtT7i1CQu3myHAPBbigRdhA8lOP4R/Kq9s + B5txx/F/SmxWgaND5sgyB0aoYLYNJMPMcbWxw3X60DLM4H2i347t/KpbgD7P + Lx/C38qoy2wWaFfMc7ieS3I47VLNahYZG82Q4UnBbjpQIs24H2eLj+Ff5VDb + gfaLjjuv8qZDahoY282QZUHAbjpUUNsGmmXzHG0jkNyeO9AyxcAedb8fxH+V + TzgeTJx/Cf5VQntgssK+Y53MerdPpUstoFidvNkOAere1AHxb+01/wAh3Qv+ + vI/+hmvmWvpf9phNmvaGdxO6yJ5PT5z0r5or+m+Cf+RVQ9H+bPxfiT/fqvr+ + iP1Q8Nqv/CJeD+Bza2f/AKJWu6u1X7LN8o+438q828NacF8J+FT9omPnWtoO + X+7mFT8vpXZ3GjqlvK/2u5O1WODJkHA78V/MeP8A49T1f5n7Lhf4UfRFzSFU + 6ZbZA+4Kgs1X+2NQGB0i/wDQTVPTdKWawglN1cJuUHCyYA+gxUNtpavqd5D9 + pnHliP5hJhjkdz3x2rkNzS1dVD2GAP8Aj5T+tak6p5Mnyj7p/lXM6lpawtaA + XM7+ZOq/NJnGc8jjg+9aEujKsTt9suThTwZeOn0oAn0VVOlW2QPu/wBaitlX + +27wYGPLjqjpelLPp8EpurhNy5wsmFHPYYqODTFbVbmD7TONiIdwk+Y59Tjm + gDS1pVC2eAP+PmL+ta7qmxvlHQ1y2qaYsAtcXM77541+aTOM55HofQ1pPoyh + GP2y56H/AJa//WoAdoKqdJtyQDwf/QjTYVX+3bgYH+pT+dZ+kaWtxp0MxuZ4 + 9wPypJhRyegpsWlqdWmg+0zjbGp3CT5jk9CcdKANLW1UQW+AP9fH/OtnYn90 + Vymq6WsEULC5nfdMi4aTIGT1HHWtT+xV/wCfy5/7+/8A1qAG+H1U6RASAfv/ + APoRoRV/t+QYGPs4/wDQqzdG0xbjTopjczx7t3ypJtUYYjgYoXTFOsPb/aZ+ + IQ27zPm+9jGcdKANLXVUWaYA/wBbH/OtnYn90VymraYsFsri5nfMiDDyZHJ6 + 9Otan9ir/wA/lz/39/8ArUAN0FVOmrkD77/+hGjav/CQ4wMfZf8A2es3SNLW + 4slkNzPHlmGEkwOCe2KP7LX+2fs/2mf/AI99+7zPn+/jGcdPagDS15VGnHAH + 30/9CFbOxP7orlNX0tbeyMguZ5PmUYeTI5I7YrU/sVf+fy5/7+//AFqAG6Eq + mybIH+tk/nQ6r/b8YwMfZz/6FWbpOlrPalzczp87jCSYHB69OtDaYo1hLf7T + PzCW3eZ833sYz6UAaXiBVGkzEADlP/QhWzsT+6K5TWdMW306WYXM8m0r8ryb + lOWA5Fan9ir/AM/lz/39/wDrUAN0RVNvPkD/AF8n86JVX+3YBgf6l/51m6Vp + azwysbmdNsrrhJMA4PU8daJNLUatDB9pnO6Jm3GT5hg9AcdKANPXlUaRcEAD + hf8A0IVrqibR8o6Vy2r6Wtvp00wuZ5NoHyvJlTyOoxWiuirtH+mXP/f3/wCt + QAaKqlLvIH/HzL/Si4Vf7btBgY8uSs3S9LWZbk/aZ02TuvyyYzjuff1NE2mK + uq20H2mc70c7jJ8wx6HFAGtraqNKucAfd/qK0YVTyU+UfdH8q5zVdKWDT55R + dTvtHRpMqee4xVyLRlaND9suRkDpL/8AWoAdo6qWvsgf8fMn9KLtV/tmwGB9 + 2X+QrN03S1ma7H2mdPLndflkxnGOTxyfei50tU1Ozh+0znzBJ8xkywwOxxxn + vQBs6wqjS7nAH3DVu1Vfs0Xyj7i/yrB1LSlhsJ5RdXD7VJw0mQfqMVYg0dWg + jb7XcjKg4EvHT6UASaUqme/yB/rz/IUXyr/a+mjA/wCW3/oNZunaYss14v2m + dPLlK/LJgnjqeOTRd6Yseo2MP2mdvN8z5jJllwuflOOM96ANvVVX+zbnAH+r + b+VTWKr9it/lH+rT+QrF1DSVisZ5RdXDbUY4aTIPHcYqW10hZLWF/tdwu5FO + BJgDI7cUATaYq/bNQ4H+tH8qNQVf7R07gfff/wBBrNsdLWW5vE+0zr5cgGVk + wTx1PHJovNLWO9so/tM7eYzjJkyVwOxxxQBvakq/2ddcD/VP/wCgml05V/s+ + 14H+qT/0EVlX2kLHZXEn2u4bZG5w0mQcA8EY6UWWkLJZwSfa7hd0anCyYAyB + wBjpQBY05V/tHUeB99P/AEGjU1X7bp+AP9af5Vm2WmLJe3sf2mdfLZRlZMFs + jucc0X2mLFdWSfaZ28yQjLSZI46j0NAHQ3yr9iuPlH+rf+RqLSlX+zbXgf6t + f5Vn3WkKlrM/2u4bajHBkyDgd+Kj0/SVlsYJftVwu5FOFkwBkdhigC1Yqv8A + a2pDA6w/+g0aqq/aLDAH+vH8jWbaaWr6jfQ/aZ18ry/mEmGbK5+Y98dqNQ0t + YprNftM7+ZKFy0mSOOo44NAHSXSr9lm+Ufcb+VVNHVTpdtkD7gqpcaOqQSN9 + ruThScGXg8fSq+m6Us1hBKbq4TcoOFkwB9BigC5aKv8AbOoDA+7F/wCg0awq + h7DAH/Hyn9azbbTFfU7yH7TOPLEfzCTDHI7nHOO1GpaYsLWgFzO/mTovzSZx + nPI9D70AdPMqeS/yj7p/lWdoiqdKtsgfd/qahl0ZRG5+2XJwD1l/+tVPStKW + fT4JTdTpuHRZMKOewxQBet1X+27wYH+rjo1pVCWeAP8Aj5i/rWbBpatqtzB9 + pnGxEO4SfMc+pxzRqmmLAtsRczvvnRfmkzjOeR7+hoA6l0TY3yjoaytBVTpN + uSAeG/8AQjTW0ZQpP2y56f8APX/61Z2kaWtxp0MxuZ49wPypJhRyegxQBowq + v9u3AwMeSn86NbVRbwYA/wBfH/Os2PTFOrTQfaZxtiU7hJ8xyehOOlGq6WsE + MTC5nfdKi4eTIGT1HHWgDq9if3RWN4fVTpMJIB5f/wBCNO/sVf8An8uf+/v/ + ANasvR9LW406KY3M8e7d8qSbVGGI4FAGkir/AG/IMD/j3H/oVGuqos0wB/rY + /wCdZq6Wp1h7f7TPxCG3eZ833sYzjpRq2lrBbK/2meTMiDDyZHJ6/WgDq9if + 3RWNoCqdOXIB+d//AEI07+xV/wCfy5/7+/8A1qy9H0xbiyEhuZ4/mYYSTA4J + 7YoA0tq/8JDjAx9l/wDZ6NeVRpzYA++n/oQrN/stf7Z+z/aZ/wDj337vM+f7 + +MZx09qNX0tbeyaQXM8mGUYeTI5I7YoA6vYn90VjaGqmzfIH+tk/nTv7FX/n + 8uf+/v8A9asvSdLWe2ZzczpiRxhJMDg9frQBpOq/2/GMDH2c/wDoVHiBVGkz + YA6p/wChCs1tMUawlv8AaZ+YS27zPm+90zjpRrGlrb6dLMLmeTbt+V5NynLA + cjFAHV7E/uisbRFUwT5A/wBfJ/Onf2Kv/P5c/wDf3/61ZelaYs8MzG5nTbK6 + /JJgHB6njrQBpTKv9u24wMeS/wDOna8qjSbggAcD/wBCFZculqNWhg+0zndG + x3GT5hg9AcdKdq+lrb6dNMLmeTaB8ryZU8jqMUAdOiJsX5R0FZGjKpW8yB/x + 8y/0oXRlKg/bLnp/z1/+tWbpmlrMtyTczpsnkX5ZMZxjk8dfU0AaVwq/23Zj + A/1clSa2qjSrkgAfL/UVkz6Wq6rbQfaZzvRzuMnzDHoccVJqulLBp88oup32 + jo0mVPPcYoA6KBV8mP5R90fyrL0dVL3+QP8Aj5f+lNi0ZWiRvtlyMgHiX2+l + Z+m6YszXYNzOnlzuvyyYzjHJ9T70AaV2q/2zp4wPuy/+g1PrCr/ZlzgD7hrG + udMVNTs4ftM58wSfMZMsMDsccZ71NqWlLDYTy/arh9qk4aTIP1GKAN61Vfss + Pyj7i/yrN0pV+0X+QP8AXn+QqO30dXgjb7XcjKg4EvA4+lUdP0tZZrxftM6e + XKVysmCeOp45NAGlfKv9raaMDrL/AOg1a1VV/s26wB/q2/lWHd6Yseo2MP2m + dvNMnzGTLLhc/Ke2e9WNQ0lYrGeX7VcNtRjhpMg4HcYoA2bFV+xW/wAo/wBW + n8hVDTFX7bqGQP8AWj+VQ2mkLJawv9ruF3IpwJMAZHbiqdjpiy3V6n2mdfLk + AysmCeOp9TQBpagq/wBo6dwPvv8A+g1d1FV/s+64H+qf/wBBNYF7pax3tlH9 + pnbzGYZaTJXA7HHFWr3SFjs55Ptdw22NjhpMg4B4Ix0oA1NNVf7OtflH+qT/ + ANBFU9PVf7R1HgffT/0Gq9jpCyWVvJ9ruF3xocLJgDIHAGOlVbPS1kvb2P7T + OvlsgyJMFsjucc0AaWpqv2zT8Af60/yq/fKv2K4+Uf6t/wCRrnr/AExYrmzT + 7TO3mSEZaTJHHUccGrl1pCx2sz/a7htqMcGTIOB34oAv6Uq/2bbZA/1a/wAq + rWKr/a+pDA/5Y/8AoNVNP0lZbGCX7VcJuRThZMAZHYYqC00xZNRvoftM6+V5 + fzCTDNlc/Mcc47UAaWqqonsMAf69f5GtK6Vfs0vyj7jfyrm9Q0tYpbNftM7+ + ZMFy0mSOOo44NXp9HVYJG+13JwpODLx0+lAFvR1X+y7bIH3BUFoq/wBs34wP + uxfyqnpmlLNYQS/arhNyg4WTCj6DFQ2+mK+qXcH2mceWsfzCTDHI7nvjtQBp + awqhrHAH/HzH/WtWZV8l/lH3T/KuY1PTFhNpi5nfzJ0X5pM4znkeh960JdGV + Y3P2y5OAesv/ANagCbRFU6VbkgH5T/M1Hbqv9t3YwP8AVx1Q0rSln0+GU3U6 + bh91JMKOewxTIdLVtVuIPtM42Ih3CT5jn1OKANLWlUJaYA/4+Yv61sMibT8o + 6VyuqaWsC25FzO++dF+aTOM9xx19DWk2irtP+mXP/f3/AOtQAugqp0i3JAPD + f+hGkiVf7dnGBjyV/nWdpGlrcadDMbmePcD8qSYUcnoMUkemKdXlt/tM4CxK + 27zPmOT0J9KANLXFUW8GAP8AXx/zrZ2J/dFcpqumLBDEwuZ33SouHkyBk9Rx + 1rU/sVf+fy5/7+//AFqAG6AqnSocgdX/APQjQqr/AG+4wP8Aj3H/AKFWbo+l + rcafHKbmePJb5UkwowxHAxQulqdYa3+0z8Qht3mfN97GM46e1AGlrqqLJcAf + 62P+dbOxP7orlNW0tYLUOLmd/nQYeTI5PXp1rU/sVf8An8uf+/v/ANagBugq + p08ZAPzv/wChGgqv/CQgYGPsv/s9ZukaYtxZCQ3M8fzMMJJgcH0xR/Zi/wBs + i3+0z/8AHvu3eZ8/3sYzjp7UAaWvqo018AD5k/8AQhWzsT+6K5TWNMW3sWlF + zPJhlGHk3DkjtitT+xV/5/Ln/v7/APWoAboaqbSTIH+tk/nSuANfiwMf6O3/ + AKFWZpOlrPbO/wBpnjxI4wkmBwevTrViCzFrrsaiWSX9yxzI249cY+lAHS0U + UUAFFFFABRRRQAUUUUAf/9T9z5Z9VOqwM1sglEbbV38Edzmn6tPqradMtxbI + kZAywfJHI7YpZtV09tXt5xOpjSNwTzwT0p2r6rp1xps8MM6s7AYAzzyPagC3 + Hca1sXFnHjA/5af/AFqztMm1RftfkWyPm4kLZfGG4yOnP1rVj1rShGoNwuQB + 6/4Vm6XqunwfbPNnC+ZcSOvXlTjB6UAMuJtUOqWrPbIJQr7V38EY55xxUupz + 6s1hOs9qiRleSHyQPpim3Gqae+q2k6zqY41kDHnjI4qXVNW06fT54op1Z2XA + Azz+lAE8NxrQhjC2kZG0YPmdsfSqGnT6qsl55NsjkzMWy+MNxkD1rTg1rS1h + jVrhQQoB6+n0qhpuq6fDJeGWcKJJ2ZevIOOaAI7qfVTqVkz2yCQebsXfkN8v + OT2xU+oz6u1jOs1qiIUOSJMkD6Ypl1qunvqdjMk6lIvN3HnjcoAqbUtX02aw + uIop1Z3QgDnk/lQA+2uNZFtEEtEKhFwfMxkY+lUtPm1Rbi8MVsjMZfnBfGDj + oPWtG11nS0toUe4UMqKCOeoH0qjp+qafDcXryTqokl3KeeRigBl5Pqpv7FpL + ZFdS+wB8hvl5ye1Wb+fWGsrgS2qKhjbcRJkgY5OMVFearp8moWMqTqUiL7jz + xlcDtVm/1jTJbG4ijuFZnjYAc8kj6UANs7jWBaQCO0RkCLgmTGRjjtVSyn1U + Xd6YrZGcuu8F8YOO3rV+y1jTI7OCN7hQyxqCOeCB9KqWOq6fFeX0kk6qsrqV + PPIA+lAEd9Nqhu7Iy2yK4dtgD5ycd+OKt3lxrBtJxJaIqFGyRJnAxz2qvf6r + p8t5YyRzhlidix54BH0q5e6xpklnPGlwpZo2AHPJI+lAENhPq62UAitUZAi7 + SZMEjHBxiq1nNqgv75o7ZGkYpvBfAX5eMHHNXNP1jTYrG3ikuFVkjUEc8ED6 + VWs9U0+PUL6V51CSmPaeecLg9qAGX8+qtPZmW2RWEuVAfOTjofSrtzcaybeU + PaIFKNk+Z0GPpVbUNV0+W4snjnDCOXc3XgY+lXbnWdLe2lRbhSzIwA56kfSg + Crp0+rrYwLDao6BBgmTBI+mKgtZ9UGp3rJbIZCI9678Bfl4we+atabq+mw2F + vFLOquiAEc8H8qgtdU09NUvp3nUJKItp552rg0AM1GbVGe0862RCJlK4fOW5 + wDxxV+a41owyBrSMDacnzO2PpVPU9U0+aSzMU4YRzqzdeAM81oT61pbQyKtw + pJUgdfT6UAUNLn1ZdPgWC1R4wvBL4JH0xUcE+qjVLpktkMpVNy7+AMcc96sa + Vq2nQadBFLOquq4IOeP0qO31XT01W7nacCN1jCnnkgc9qAI9Tn1Vvsvn2yJi + 4jK4fOW5wPx9a0XuNa2Nmzjxg/8ALT/61UtU1XT5/snlTq3l3Ebt14UZyela + T63pRRgLlckH1/woAzNJn1VdOhW3tkeMA4Yvgnk9sUyKfVRqs7LbIZTGu5d/ + AHY5qbSNV06302CGadVdQcg545PtTYdV09dXuJzOBG8aAHnkjrQBHqs+qNHB + 59siATIRh85bsK0zc63j/jzj/wC/n/1qz9W1TT544BDOrFZkY4zwB1PStU63 + pX/Pyv6/4UAY+jTaommwrbWySRjdhi+CfmPbFCT6r/a8ji2TzfJAK7+Nueua + k0XVdPttMhhnnVHXdkHPdifShNV08axJcGceWYVUNz1B6dKAI9Wn1VrdBPbI + i+YmCHzzngVqfadb/wCfOP8A7+f/AFqz9X1XT7i3jSGdWIlRiBnoDz2rU/tv + Sv8An5X9f8KAMfR5tUSwRbe2SRMtgl8H7xzxQJ9U/tkv9mTzvIA27+Nu7rnH + rT9G1TT7ewSKecI4Zjg57sTSjVdP/to3Pnjy/IC7ucbt2cdKAI9Xm1R7PFxb + JGm9OQ+ec8Vqfadb/wCfOP8A7+f/AFqztY1TT7iz8uGdXbehwM9Aea1f7b0r + /n5X9f8ACgDH0mfVVtCLe2R13vyXxznmgz6r/bCv9mTzvII27+Nu7rn61Jo+ + q6fb2hjmnCNvc4OehPHag6rp/wDbS3Pnr5YgK7ufvbs46UAR6xPqr2Ei3Fsk + ceVyQ+T94Y4rU+063/z5x/8Afz/61Z+s6rp9xp8kUE6u5K4Az2YH0rU/tvSv + +flf1/woAx9Kn1VYJBBbI6+a5JL45zyKJJtU/teJzbIJREwC7+CM9c1JpOq6 + fBbyJNOFJldhnPQnjtSSapp51iK4E6+WsTKW56k9KAG6xPqr6bMtxbJHGduW + D5I+YdsVpC51vA/0OP8A7+f/AFqoa1qun3GmTQwTq7ttwBnswPpWmNb0rA/0 + lf1/woAyNLm1RUuPItkcGZy2Xxhu4omn1U6rbs1sglCPtXfwR35p+k6pp8Ed + wJpwped2Gc8g9DSzarp7atbzrOpjSNwTzwT07UAJq0+qtp8yz2yJGQMkPkjk + dsVejuNa2Li0jIwP+Wn/ANaqmr6tp1xp08MM6s7AYAzzyPar8etaUI1BuFyA + PX/CgDK0ybVFN35Fsj5nctl8YbjIHrRcTaodUtGe2QShZNq7+CMc844xT9L1 + TT4DeebOq+ZcO69eVOMGi41TT31WznWdTHGsgY88ZHHagB2pz6s1hOs9qiRl + eSHyQPpirUFxrIhjC2kZG0YPmdsfSoNU1bTp9PniinVnZcADPP6Vbg1rS1gj + VrhQQoB6+n0oAzNOn1VZLzybZHJmYtl8YbA4HrRdT6qdSsWktkWRfN2LvyGy + vOT2xUmm6rp8Mt40s6qJJmZevIIHPSi71XT5NTsJknUpF5u488blAHagB+oz + 6u1jOs1qiIUOSJMkD6Yr8m77/j9uP+uj/wAzX60alq+mzWFxFFOrO6EAc8n8 + q/Je+/4/bj/ro/8AM1+y+EXxYn/t3/24/PePdqP/AG9+h7D+z6ZB8TbExrub + ybjgnH/LM19+TPdGeEtGAwLYGevFfAn7PsiR/E2xdzgeTcf+izX37NcwNPAw + cEKWz7ZFeZ4n/wDIxj/gX5s7+Cv90f8Aif5IdNJdmGQNEANpyd3bFLDJdiJA + sQI2jB3e1Onu7doZFVwSVIH5UQ3dusKK0gBCgH8q/OT665BC90JpisYJJGRn + pxRM9yZYS0YBBOBnrToLqBZpmZwAxGPyonuYGlhZXBCsSfyoAfLJdmJw0QA2 + nPze1JBJdiFAsQI2jB3U+a7tmidRICSpH6UkF3brDGrOAQoB/KgLkMT3IuJi + sYLHbkZ6ccUTvdF4t0QBDcc9TTorqBbidy4Abbg+uBRcXUDPCVcEK2TQBJJJ + eeW2YgBg/wAVMt5LsQIEiBXHB3VLLeWxjcCQZINMtru3SBFZwCAM0Bcije6F + zMVjBY7cjPTjii4e6Ji3xgYcY56mnRXUAuZnLjDbcH6Ci5uYHMO1wdrgn6UA + SvJebGzCvQ/xVFbPdCBAkQZccHdip3vLYowEg6GorW6t0t0RnAIFAXI0e6+0 + ykRgsQuRnpRcvcnyt8YGJFxz1PpTo7qAXUrlxtYLg/Si6uoH8ra4O2RSfoKA + JjJeYP7lf++q+bP2iPiFc+E/Asegae4jvde3whgfmW3X/Wt7bshB7E45FfSx + vLbB/eCvyo+NPi6Txh4/1C5WTfaWDGzth2EcJIJH+85Zvxr67gvKlicYpTXu + w1f6L7/yPiuPM5eEwLjB+9P3V6dX92nzPK445JZFiiUu7kKqqMkk8AAepr9P + fhR4Ci+F3gWNdSjjhvrjF1fzMw+VgCQhPZY1464zuPevkn9mrwZF4j8drruo + Lmx0ACfkcNcHiFfwIL/VR619A/tSeP00jwnb+EtNl/0rWmJlKnlbaP7w/wCB + sQPcBhX2HFmJni8VTyui99Zfn+C1+4+H4MwtPBYOrnFdbJqP5fi9PvPkr4wf + Eq8+JfiyXUclNNtMw2UXOFjB5cj+855P4DsK8poor77CYWFCnGlTVorRH5vj + cZUxFWVaq7yk7sKKKK6DlPtf9mX4szAJ8NtZkDn5m06R2x7tBn82T8R/dFfZ + lo90IAI4wy5POcd6/GO1urmxuYr2zkaGeB1kjdDhldTkMCOhB5FfqT8FvihY + /EDwjHPcyLHq1liO8jHHznpIo/uuOR6HI7V+Q8dcPeyn9cor3X8Xk+/z/P1P + 2/w84m9tT+o1370fh8129V+Xoep77r7Znyxv8vpntnrRdvdGHEkYUZHOc96d + 9qg+2+ZvG3y8Z980Xd1BJDtRwTkfzr85P1An8y9/54r/AN9VWtXuhERHGGG4 + 85xVz7ba/wDPQV5545+IOk/Dvwjd69fMJJlJS3gzgzTNnYv07sewBNbYehOr + NU6au3ojHE4mFGnKrUdopXZ4p+0j8VZvDdgfBukSCPVNThxcMjZMNsx5GR0a + Tp7Lk9wa/P6tbXdb1LxJrF3rusTGe8vZDJI57k9gOwA4A7AAVk1/QeQZNDA4 + dUlvu33f+XY/mbiXPp5hiXWlpHaK7L/N9Qooor2z587X4feN9U+Hvim08S6Y + d3knbNFnCzQt99D9RyD2IB7V+muu2mjfFX4fvEyrLpmsW6yRSggtGx5RwOzI + 3UeoIPevyVr7U/Zc8es9jqPw91CTOwfa7LJ7Fh5sY/EhwPdjXwXG+VOVNY6j + pOH5f8B/hc/SPD7OVGrLL6+tOpffv/wVp62PkbxH4f1Lwtrl74e1ePyruxkM + bjscdGHqrDBB7givrf8AZU+INzHLd/Dy7YOrhrqyDHGCP9bGPqPnA9mPepv2 + sPB0Ey6f4+04AsuLS8wO3Jic/qpP+6K+RPDHiC+8K+IdP8R6c2LjT5klUdAw + U/Mp9mGQfY133hnGV/3mvukv6+5nm2nkeb/3U/vi/wCvvR+wzvdfaoyYwGCn + Az1pbp7o27h4gq45O7NU7DWdP1eGx1iylD211AsqN6rIoZf0NXru6t3t3RHB + JFfhUotOzP6IUk1dMlWS82jEK9P71V7Z7oebsjBzI2eeh9KtLeWwUAyDpVe2 + uoE83c4G6RiPoaQ7jZHuvtMRMYDANgZ68U+5kujA4eIBccndSSXMBuoXDjao + bJ+op9zdW7wOquCSOKAbHJJebFxCpGB/FUFu9yGl2Rg5c556GrKXlsEUGQcA + VBb3UCNMWcDc5I+lAXGyvcm4gLRgMN2BnrxzT7iS7MLh4gFwcndSS3UDXMDh + wQu7J9Min3F3bvBIquCSDigLixSXYjQLECMDHzVDA9yJJtsYJLc89DViK7tl + iRTIMgCoYLqBZJizgBmyKAuNle6M0JaMAgnAz14qWaS7MMgaIAbTk7u2KZNd + QNPCwcEKTn8qlnu7doZFVwSVIH5UBcbDJdiGMLECNowd3bFRQvdCaYrGCSRk + Z6cVPBd26wxqzgEKAfyqKG6gWedi4AYjH5UANne6MsJaMAhjgZ61LLJdmJw0 + QA2nPze1MnuoGlhZXBCsc/lUs13bNE6iQElSP0oC58UftMGQ69oe9cAWRxz1 + G8180V9L/tMSI+vaGFOStkQfrvNfNFf03wT/AMiqh6P82fjHEn+/VfX9EfqB + 4am1I+E/Coa3UBbW08v5/vHyVxn0rtbi41k28oe0QKVbJ8zoMfSuN8NalYt4 + T8KATAmG1tC/X5cQqDXbXOs6W9vKi3CksjADnqR9K/mPH/x6nq/zP2XC/wAK + Poinps+rLYQLDao6BRgl8Ej6YqG2n1UaneMlshkIj3rv4HHGD3zVrTNX02HT + 4IpZ1V1QAjng/lUNtqunpql7O06hJBHtPPOBz2rkNyPUp9VZrTzrZExOpXD5 + y3OAfStCW41oxOGtIwNpz+89vpVPU9V0+ZrMxTq3lzozdeFGcnpWhNrWltE6 + i4UkqR39PpQBn6XPqy6fAsFqjxheCXwTz6YqOCfVBqtyy2yGUom5d/AHbmrG + latp0GnQQzTqrquCDnjn6VFBqmnrq11O06iN0QKeeSOtADNUn1Rha+fbImJ4 + yuHzlucCtJ7jWtpzZx4wf+Wn/wBaqGq6pp84tRFOrbLiN268KM5Nab63pRRg + LleQfX/CgDL0ifVU06Fbe2SSMA4Yvgnk9sU2KfVf7WmZbZDKY1yu/gDPBzUu + j6rp1vpsEM06o6g5Bzxyfaki1XT11ee4M6+W0SqDzyQfpQBHqs+qtFCJ7ZEA + mQjD5y2eBWp9p1v/AJ84/wDv5/8AWrP1bVdPnihWGcMVmRjjPAB5PStT+29K + /wCflf1/woAx9Gm1RNOiW2tkkjG7DF8E/Mc8YoWbVP7YdxbJ53kgFd/G3d1z + in6Lqmn22mwwzzqjruyDnuxNCapp41l7gzr5ZhChueu7OOlADNWn1RrZRcWy + IvmJgh8854HStT7Trf8Az5x/9/P/AK1Z2r6rp9xaokM4dhIhwM9Aea1f7b0r + /n5X9f8ACgDH0ifVUslW3tkkTc3JfBzk54o8/Vf7Z3/Zk877Pjbv427+ufr2 + qTRtV0+3sVimnVGDOcHPdiR2o/tXT/7b+0+evlfZ9m7nG7fnHT0oAj1efVXs + iLi2RE3LyHyc5GOK1PtOt/8APnH/AN/P/rVn6xqun3FkY4Zw7bkOBnoGGe1a + n9t6V/z8r+v+FAGPpM+qLasLe2R13vyXxznntQ02qf2wjm2TzvJIC7+Nu7rn + FSaRqun29oyTTqjGRzg56E8dqRtU0860lwJx5YgK7ucZ3ZxQAzWZ9UfTpVub + ZI4yVywfJHzDHFan2nW/+fOP/v5/9as7WtU0+502WGCdXdiuAM9mBrV/tvSv + +flf1/woAx9Kn1VYZRBbI4MrkkvjDZ5HSiSfVf7WhY2yCURMAu/gjPJzUmk6 + rp8EMyzTqpaZ2Gc9CeDRJqunnWIbgTjy1iZSeepP0oAZq8+qvp0y3FskcZAy + wfJHI7YrRW51vaP9Dj/7+f8A1qpazqun3Gmzwwzq7sBgDPPI9q0l1vSgoH2l + f1/woAyNLn1VVufItkfM7lsvjDdxRNNqh1W2ZrZBKEfau/gjvzipNK1XT4Fu + RLOq755GHXlT0PSkn1XT21a2nWcGNEcE88E9O1AC6rPqzafOs9siRkckPkjn + 0xVyK41ry022kZGBj95/9aq2ratp0+nTwwzqzsuABnnn6Vdi1rS1iRTcKCAP + X/CgDL02fVVa78m2R8zuWy+MNxke9FzPqp1OzZ7ZBIBJtXfweOcntipNM1XT + 4WvDLOF8yd2Xrypxg9KLnVdPfVLOdZwUjEm488ZHFADtSn1ZrCdZrVEQqckP + kgfTFWILjWRBGEtIyu0YPmdsfSotU1bTZtPniinVnZSAOeT+VWbfWtLSCNWu + FBCgHr6fSgDN06fVFmvDDbI5MpLAvjDY6D1ou5tUOo2LSWyLIvmbFD5DfLzk + 9sCn6dqunwzXrSzhRJMWXryMdaLvVNPk1KwmSdSkXm7jzxuXAoAk1CfV2sZ1 + mtUVCjbiJMkDHpipbW41kWsIjtEZQi4JkxkY47Umo6vps1hcRRzqzujADnkk + fSpbTWdMjtYUe4UMqKCOeoH0oAz7GfVVubwxWyMxkG8F8YOOg9aLyfVDe2TS + WyK4Z9gD5DHHOT2qSw1XT4rq9eScKskgKnnkYovdV0+S+sZUnUrEzljzxlcD + tQBNfXGsGyuBLaoqGN9xEmSBg5OMUWVxrAs4BFaIyCNdpMmCRgYPSpL7WNMl + sbiOO4VmeNwBzySDjtRY6xpkdlbxyXChkjQEc8EAZ7UAUbKbVBe3pjtkZyy7 + wXwFOOMHHNF/NqjXVkZbZFYSHYA+cnHQ8cU+y1TT476+lknULKyFTzzgUX+q + 6fLdWTxzqyxyEseeBj6UAWbq41k2swktEVSjZIkzgY57VHp8+rrYwLFaoyBF + 2kyYJGPTFWLvWdMktZkS4UsyMAOepH0qPTtX02Gwt4pJ1V0RQRzwQPpQBTtJ + 9VGo3zR2yNI3l71L4C/Lxg98ijUJ9VaazM1sikSgqA+ctjoeOKktNV0+PUr+ + Z51CS+VtPPOFwaNR1XT5prNo51YRzBm68DHWgC1cXGsmCQPaRhdpyfM7Y+lV + 9Nn1ZbCBYbVHQKMEvgkfTFXLjWdLe3lRbhSWVgBz1I+lVtL1bTYdPgilnVXV + QCOeD+VAFa2m1QaneMlshkIj3rv4HHGDjnNGpTaozWnnWyJidCuHzlucA8cU + +21TT01S9nadRHII9p55wOe1Gp6rp8zWZinDeXOjN14UZyelAF2W41ry33Wk + YGDn95/9aqelT6sunwLBbI8YHBL4J59MVoS61pbROouFJIPr/hVLSdW06DTo + IZp1V1XBBzxz9KAIIJ9VGq3LLbIZSibl38AduaNUm1RltvPtkTE6FcPnLc4H + SpINV09dWuZ2nURuiAHnkjr2pNV1XT51thFOG2TxsevCjOT0oAvtc63tObOP + p/z0/wDrVnaRPqqadCtvbJJGAcMXwTye2K1W1vSipAuV6e/+FZ2jarp9vpsE + M06o6g5BzxyfagCKObVBq0zrbIZTEuV38AZ4OaNVn1VoYhPbIgEqEEPnLZ4H + Snxarp66xNcGceW0SqG56g/Sl1bVdPnhhWGcMVmRjjPQHk9KAND7Trf/AD5x + /wDfz/61Zejz6qmnRLb2ySRjdhi+CfmOePrWx/belf8APyv6/wCFZei6rp9t + psUM86o67sg57sTQBGs+qf2w7i2TzfJAK7+Nu7rmjVp9Va2UXFsiL5ich885 + 4FSLqunjWXuDOPLMAXdzjO7OKNX1XT7i1VIZ1dhIhwM9AeaAND7Trf8Az5x/ + 9/P/AK1ZekTaolkBb2ySJubkvg5zzxitj+29K/5+V/X/AArK0bVNPt7ERTTq + jbnODnuTQAzz9V/tnf8AZk877Pjbv427+ufr2o1efVHsmW4tkjTcvIfJzkY4 + qT+1dP8A7b+0+ePK+z7N3ON2/OOnpRrOq6fcWLRQzq7FkOBnswJ7UAaH2nW/ + +fOP/v5/9asvSZ9VW2YW9sjr5j8l8c55FbH9t6V/z8r+v+FZekarp9vask04 + VjI5wc9CeKAI2m1T+2Ec2yed5JAXfxt3dc4o1ifVX06Vbi2SOM7csHyR8wxx + 9ae+qaedZS4E6+WISpbnruzjpS61qun3OmywwTq7ttwBnswNAGh9p1v/AJ84 + /wDv5/8AWrL0qfVFhmEFsjgyuSS+MNnkVsf23pX/AD8r+v8AhWVpOq6fBDMs + 04UtM7DOehPBoAZLPqp1aFmtkEojbC7+CM8nNO1efVX06Zbi2SOMgZYPkjkd + sU6XVdPbV4LgTr5axMpPPBJ+lLrGq6dcabPDDOruwGAM88j2oAurc63tGLOP + p/z0/wDrVm6ZPqqrc+RbI+Z5C2XxhuMitZdb0oKAblenv/hWbpWq6fAt0JZw + u+eRl68qcYPSgCOefVTqtszWyCUI+1d/BHfmpNVn1ZtPnWe2RIyvJD5I59MU + T6rp7atbTrOpjRHBPPBPTtT9W1bTp9OnhhnVnZcADPPP0oAsxXGtCJAtpGRg + Y/ee30rP02fVFa78m2R8zuWy+MNxkD1rUh1rS1iRTcKCFA7+n0rO0zVNPha8 + Ms6r5k7svXlTjBoAZczaodTs2e2QSgSbF38HjnJxxiptSn1drCdZrVEQqckP + kgfTFMudU099Usp1nUxxiTceeMjjtU+p6vps2nzxRTqzshAHPJ/KgCS3uNZE + EYS0jK7Rg+Z2x9Ko6fPqqzXhhtkYmUlgXxhsdBxzWlb6zpaW8SNcKCqqCOeo + H0qjp2q6fDNeNJOqiSYsvXkY60AR3c+qHUbFpLZFkUybFD5DfLzk9sVY1CfV + 2sZ1ltUVCjbiJMkDHpiorzVNPk1KwmSdSkRk3HnjK4FWdR1fTZrC4ijnVndG + AHPJI+lABaXGsC1hEdojKEXBMmMjHHaqdhNqi3V6YrZGYyDeC+MHHQcc1oWe + s6ZHaQRvcKGVFBHPBA+lUrDVdPiur15J1VZJAVPPIx9KAGXs+qm9sjJbIrhm + 2APkE45ye1Wr241g2c4ltUVDG24iTOBjk9KhvdV0+S9sZEnBWJmLHngFfpVq + +1jTJbK4jjuFLPG4A55JBx2oAjsbjWBZW4itUZBGm0mTBIwMHGKq2c+qi9vW + jtkZyybwXwFOOMHvV6x1jTIrG3jkuFVkjQEc8EAZ7VVstV0+O+vpXnULKyFT + zzhcHtQBHfz6o1zZmW2RWEh2APnJx0PHFXLq41k2swktEVSjZPmZwMc9qrah + quny3Vk8c4ZY5CWPPAxV271nTJLWZEuFLMjADnqR9KAK2nz6utjAsNqjIEXa + TJgkY9MVBaTaoNRvmjtkaRvL3qXwF+XjB75FW9O1fTYbC3iknVXRFBHPBA+l + V7TVNPj1K/medQkvlbTzztXBoAZqE+qtLZma2RCJgVw+ctjofSr09xrJgkD2 + kYXacnzO2PpVXUdV0+aWzaOcMI5gzdeBg89KvXGtaW8EircKSVIHX0+lAFPT + J9WWwgWG1R0CjBL4JH0xUNvNqg1S7ZLZDKRHuXfwOOMHvmrOl6tpsOnwRSzq + rqoBHPB/KobbVNPTVbydpwI5FjCnnnA5oAZqc+qMbTz7ZExOhXD5y3OAfStC + W41ry33WkYGDn95/9aqWqarp8xs/KnDeXcI7deFGcmtGXWtLaJ1FwpJB9f8A + CgDO0qfVl0+BYLZHjA4JfBPPpimQz6qNVuGW2QylE3Lv4A7c1PpOradBp0EM + 06q6jkHPHP0pkOq6eurXM7TgRuiAHnkjr2oAj1SfVWW38+2RMToVw+ct2FaT + XOt7T/ocf/fz/wCtVHVdV0+dbYRTq2yeNj14UdT0rTbW9KKkfaV/X/CgDJ0i + fVU06Fbe2SSMA4Yvgnk9sUkc2qf2vK4tkMpiUFd/AGeucVLo2q6fb6bBDNOq + OoOQc8cn2pseq6eNYmuDOPLaJVDc9QenSgBmqzao0MQntkQCVCCHzk54Fan2 + nW/+fOP/AL+f/WrO1bVNPuIIlhnVisqMcZ6A8mtX+29K/wCflf1/woAx9Hn1 + RNPjW3tkkjy2CXwT8xzxihZ9V/thnFsnneSBt38bd3XP1qTRdV0+306KGecI + 6lsg57sT6ULqunjWXuPPHlmALu5xndnFAEerT6q1qBcWyIu9OQ+ec8CtT7Tr + f/PnH/38/wDrVn6vqun3FoqQzq7CRDgZ6A89q1P7b0r/AJ+V/X/CgDH0ifVE + sgLe2SRNzcl8c554o87VP7ZD/Zk87yMbd/G3d1z9afo2q6fb2QjmnCNvc4Oe + hPFH9qaf/bYufPXyvs+zdzjdvzj8qAGaxPqj2LLcWyRpuXkPk5yMcVqfadb/ + AOfOP/v5/wDWrO1nVNPuLBooJ1dyynAz2Ye1av8Abelf8/K/r/hQBj6TPqq2 + ziC2R18x8kvjnPIqxBJevrsZu4libyWGA27jPX86j0jVdPt7Z0mnCsZHODno + TxU0V7a3euxvbyBx5DLkeuc0AdHRRRQAUUUUAFFFFABRRRQB/9X9354ov7bt + l2DBifjFP1yKJdKuCqKCAOQB6isyXTWXVYIPtc53Rudxf5hjsDjpTtW0xoNO + mlN5PJtA+V3yp5HUYoA6OKCHy0/dr0HYVk6PFE327cgOLqUDgdOKWPSHKKft + 1yMgfx//AFqz9M01pvteLuePZcSL8r43YxyeOp70AX7qKIazZKEGCkmRgelT + axDEumXJVFBC9gKyrjTWXVLWH7XOd6udxf5hgdjjv3qTU9LaGwnlN5PJtXO1 + nyp+oxQBvW8MJgjJjX7o7D0rN0mKJpb7KA4uGA4HoKSHSHaGNvt1yMqDgPx0 + +lUNO01pZLsC7nTZMy/K+N2McnjrQBoXkUQ1fTlCDBE2Rgf3RVjVoYhptyQi + ghD2FY91prJqVlD9rnbzPN+Yv8y4XsccZ71NqOltFYzyG9uH2oTtZ8g/UYoA + 2bOGE2kBMa/cXsPSs/S4ojdX4KA4m449qZbaSz20T/brhdyKcB+BkduKp2Gm + tLcXii7nTy5MZV8FuOp45NAGhfxRDU9OAQAFpM8Dn5at6lDCNOuiEUERP2Ho + axLzTWjv7KL7XO3mF/mL5K4XsccZqzfaU0dlcSfbbh9sbHaz5BwOh46UAalh + DCbG2JjUkxp2HoKpadFEb7UAUBAkXHA/u1DZ6U0lpBJ9tuF3IpwHwBkdBx0q + rZaa0l3ex/a508t1GVfBbI6njmgC/qMUQvtPAQAGRs8D0q9fwwixuSI1BEb9 + h6GsK+01o7uyjN3O/mOwyz5K8dRxxVq80po7SeT7bcNtRjgvkHA6HjpQBoaZ + DCdOtiUUkxp2HpVSwiiOp6iCgIDR446fLUFhpTS2UEn224Tcinar4AyOg4qv + Z6a0l/fRfa518sp8wfBbK9zjnHagDQ1OKIXNgAgGZueB6VoXcMItJiI1+43Y + elc/f6a0U9mpu538yXGWfJXjqOODV250lkt5X+3XDbUY4L8HA78UAW9JhiOm + 2xKKSUHYVWs4ojrGoqUGAIcDA/u1W07S2lsYJBe3CbkB2q+APoMVDa6az6le + w/a518sR/MH+Zsr3OOcdqAL+rRRLJY7UAzcIDx9a07iGEQSERr909h6Vzuo6 + a0T2gN3O/mTKvzPnbnPI461fm0hlhdvt1ycKTgvwePpQBNo0UTaXblkUkr3A + qK2iiOs3qlBgJHxgelU9L0xptPglF5PHuXO1Xwo+gxUcGms2qXUP2ucbFQ7g + /wAxyO5x2oA0NYiiX7FtQDN1EDwOnNaskEPlt+7XoewrmtT01ofsubueTfcR + r8z525zyOOo7VovpDhGP2+5OAf4//rUAO0OKJtKtyyKSQeSB6mmQRRf23crs + XAiTjAqjpOmNPp0MovJ49wPyo+FHJ6DFNi01m1WeD7XONsaHcH+Y57E46UAX + 9aiiWK22oBm4jHAHrWyYIcf6tfyFcvqmmtDHATdzybpkX5nzjPccdRWmdHf/ + AJ/7n/v5/wDWoAZoEUTaRbsyAk7uSB/eNEcUX9uyrsGPIXjA/vVn6PprXGmw + zC7ni3bvlR8KMMRwMUJprHV5IPtc4xCG37/mPPTOOlAGhrcUS2sZVFH76PoB + 61seRD/zzX8hXL6rprQW6MbueTMiDDvkcnr06itP+x3/AOf+5/7+f/WoAj0G + KJtNQsgJ3P1A/vGlEUX9vsuwY+zA4wMffrP0fTWnsElF3PFkt8qPgcMe2KBp + rf2wbf7XP/qA2/f833sYzjpQBf12KJbDKoAd6dAP71bPkQ/881/IVy+r6a0F + n5hu55PnQYd8jk/StP8Asd/+f+5/7+f/AFqAGaHFE1kSyAnzH6gf3qGii/t9 + V2Lj7MTjA/v1n6TprT2hcXc8fzuMI+BwevSg6a39sLb/AGufmAtv3/N97GM4 + 6UAaGvRRLpcpVFBynQD+8K2PIh/55r+Qrl9Y01oLCSU3c8uCvyu+V5YdsVp/ + 2O//AD/3P/fz/wCtQAzRIomtpSyA/vpOoHrSSxRf27CuwY8luMDHWqGlaa08 + EjC7njxK4wj4BwevTqaJNNYavFB9rnJMTNv3/MOegOOlAGhr8US6TcMqAEbe + QB/eFa4ghwP3a/kK5jWNNa302aY3c8u3b8rvlTlgORitIaO+B/p9z/38/wDr + UAM0WKJo7rcgOLiQcge1LPFF/bdquxcGN+MCs/S9NaZLgi7nj2zOvyvjOO54 + 6mibTWXVbeH7XOdyOdxf5hjsDjpQBp63FEulXBVFBCjkAeorSigh8tP3a9B2 + Fc7qumNBp80pvJ5NoHyu+VPI6jFXY9Icop+33IyB/H/9agBNHiiY325AcXUg + HA6cUXUUQ1mxUIMFZcjA9KoaZprTG7xdzx7J3X5Xxuxjk8dTRcaay6paQ/a5 + 23rIdxf5lwOxx370AausQxLplyVRQQvYCrttDCbeImNfur2HpWDqeltDYTym + 8nk2rnaz5U/UYq1BpDNDG3265GVBwH4HH0oAdpUURmv8opxOwHA9BRexRDV9 + OUIAD52Rgc/KKz9O01pZLsC7nTy5mXKvjdwOTx1outNZNSsYftc7eZ5vzF/m + XC5+U44z3oA2NVhiGm3JCKCI27D0r8ir7/j+uP8Aro/8zX6yajpbRWM8hvbh + 9qE7WfIPsRivybvv+P24/wCuj/zNfsvhF8WJ/wC3f/bj89492o/9vfoeyfs9 + AH4n2IPP7m4/9Fmv0AnVftNvwOrfyr8/P2fU8z4m2K7iv7m45U4P+rNffktu + VnhXzXO4tyTyOO1eZ4n/APIxj/gX5s7+Cv8AdH/if5Iu3Cr9nk+UfdP8qWBV + 8iP5R90fyqrNalYZG86Q4UnBPB4pYbUtEjedIMqDgHjpX5yfXjrdV8+44H3h + /Ki4VfOt+B94/wAqghty00y+a42kcg8njvRNblZYR5rncTyT0+lAF6dV8mT5 + R90/ypLZV+zx/KPuj+VV5bUrE586Q4U8FuOlJBaloUbzpBlQcA8UCJIFX7Vc + DA/h/lRcqvmQYA+//Sq8VuWuJl81xt28g8nI70T2xV4h5rnc2OT0+lAF+VV8 + p/lH3T/Ko7VV+zR5A+6KiktSI2PnSHAP8VMt7YtAjedIMjoDxQMkhVftdwMD + +D+VF0qhoMAf6wVBHbk3Myea427eQeTkd6Li3KGL967bnA5PT3FAGi6psb5R + 0NQWaqbaPIHSmPaEKT50nQ/xVFbWxeBG82RcjoDxQBNGq/bJuB0Wku1X9zgD + /WrUCWxNzKnmuMBec8n60XNuU8r967bpFHJ6Z7j3oEcz8S/EA8J+Add8QRkJ + Na2r+U3pNJ8kf/j7CvyDJJOTyTX6G/tW6g+m/D+00yOZydSvUV1Y8GOJWc/+ + PBa/P3TrGbU9QtdNt/8AW3cqRJ/vSMFH6mv2Xw+wqp4OVZ/af4L+mfhXiZi3 + Vx0KC+yvxf8AwLH6Tfs3eFV8OfD20uZkAudYH218/wB2TiIfTYAfqTXxX8df + FJ8V/E3WLpG3W1jJ9igx02W5Kkj2Z9zfjX6O6kLfwb4WvprZ3WDQtOZ05x8t + vESo/Ja/IeSR5XaWRizuSST1JPU1xcFJ4nF4jHT66L56/gkjv4/awuCw2Xw2 + Wr+St+LbYyiitjw9o0/iLXtO0G14l1G4it1PoZGC5/DOa/SpzUU5S2R+U04O + UlGO7NfVvA3iHRvDGk+Lr2Dbp2sb/KcZypUkDeO28AlfUDNchX67ax4B0DXP + Dknga7Rv7N+ypBGBjdGIwBGV46pgEfSvy08beD9V8CeJbzw1rC4mtW+VwMLL + GeUkX2Yfkcg8g18pwzxPHHc8JK0k3Zd49Pu2Z9lxbwlLLuSpDWDSTfaVtfv3 + RylegfDTx9qHw58V23iCzBlg/wBXcw54mgY/Mv1HVT2IHbNef0V9PiMPCrCV + Oorp6M+RwuJnRqRq03aSd0fsvouraZ4ggtda0iVbiyvbdZYnHQqx7jsR0I6g + 8GtO+VRBwB94fzr8/f2bPieND1hfA+uXLR6fqLYtZC2BDcMfuZPRZD+TY9Sa + ++7u3KQ7vNduRwTx1r+e8/yaeBxDpS23T7r+tz+muHM9hmGFVaPxbNdn/l2L + txLa2lvLdXTJFDCrO7sQFVVGSST0AHJr8rPjH8Sp/iL4maW2YrpFgWjs4zxl + SfmlI/vPgfQADsa99/ab+KH2YN8ONBu3d3AbUXDdAeVg49fvP7YHciviWv0P + gXh72cPrlZe8/h8l3+f5ep+Y+InE3tZ/UKL92Pxeb7fL8/QKKK09G0jUNf1W + 10bSojPd3kgjjQdyfX0A6k9hzX6LOainKT0R+XQg5SUYq7Z0HhTwF4j8Z2ur + 3uiW/mw6LbNczsc4wvIRfV2AJA74NcZX64/Dv4cab8PvC1v4espGeTG+5lHH + nTMPnbGOnZQegAFfmP8AEvw0vhHx3rXh+JdsNtcMYR/0xk+eMfgrAV8nkHE8 + cdiatKK0WsfNbP8AT7z7PiThGWX4WjWk/elpLye6S+V/uOGrq/A/iOTwl4t0 + rxDGSBZzqZAO8TfLIPxQkVylFfVVqUakHCWzVn8z4+hWlTnGpDdO6+R+w3jj + w1beNfBeq+HsKw1C2YRNxgSAbomz6Bwpr8fJI5IZHhlUo6EqwPUEcEV+sPwg + 1B/EPwy8O6o88hdrRYmO7q0BMLH8SlfnL8YdEXw98TfEOmoMR/ammT/dnAlA + /DdivzXgKtKlXr4KT21+52f6H6v4kUI1sPh8fBbq3ya5l+p9s/szeIm134fW + ljO2+XR5ZrXnqY+JEP0AfaP92vom9VRayYA6V8H/ALJGpP8A8JBregmQqk9u + lyMHBBibYcfXzBn6Cvui6tilu7ea7YHQnivjOLcIqOYVYrZu/wB+v5n3XBeN + dfLKUnulb7tPysaCKmxflHQVVtFU+dkD/WtSraEqD58nT+9Ve2ty/m/vXXbI + w4PXHc+9fOH1RPKq/a4BgdG/lUl2q/ZpMAdKqSW5FzEnmudwbnPIwO1PubYp + A7edI2B0J4oEy7GqeWvyjoKrWqqXnyB980Jakop86QZA/iqC3tyzSjzXXa5H + B6/WgZYmVftduMD+P+VSXSr9nkwB901TltyLiBPNc7t3JPIwO1PuLYrC7edI + cA8E8UCLkKr5KfKPuj+VQWyr5s+QPvf0psVqTGh86QZA4DVDBblpJh5rja2O + D1+tAyxOq/aLfgdW/lUtwq/Z5PlH3T/KqUtsVmhXzXO4nknkcdqlmtSsMjed + IcKTgnjpQIsW6r9nj4H3V/lUMCr9ouOB1X+VNhtS0MbedIMqDgHjpUUNuWmm + XzXG0jkHk8d6Bk9wq+db8D7x/lU86r5Mnyj7p/lVGa3KywjzXO4nknp9Kllt + SsTnzpDgHgt7UAfFn7TQA17QsD/lyP8A6Ga+Zq+l/wBphNmvaGdxbdZE89vn + PSvmiv6b4J/5FVD0f5s/F+JP9+q+v6I/U7w3HGPCXhD5B81rZ546/uVrubqG + EWsxEa/cbsPSvOPDWnsvhPwqftUx861tBy33Mwqfl44rtLjSWS3lf7dcNtVj + gvwcDvxX8x4/+PU9X+Z+y4X+FH0Ra0iGJtMtiyKSUHYVBaRRHWL9Si4AiwMD + +6aq6bpbTWEEovLhNyg7VfAH0GKhttNZ9TvIftc6+WI/mD/M2R3OOcdq5Dc0 + NWiiV7HagGblAeB71pzwQ+TJ+7X7p7D0rnNS01omtAbud986r8z525zyOOtX + 5dIdYnb7dcnAPBf2+lAE2ixRNpduWRSSvcD1qG2iiOtXilBgJHxgVU0vTGm0 + +CUXk8e5fuq+FH0GKjg01m1W5h+1zjYiHcH+Y59TjtQBf1mKJVs9qAZuYxwB + 05rXeCHY37teh7CuZ1TTWhFtm7nk3zovzPnGc8jjqO1aL6O4Un7fcnj/AJ6f + /WoAXQoom0m3LIpJB5IH9402GKL+3Lhdgx5ScYHrVDSNMafToZReTx7gflR8 + KOT0GKSLTWOrTQfa5xtjU7w/zHJ6E46UAaGtRRLDb7UA/fx9APWtjyIf+ea/ + kK5fVNNaGKFjdzybpkXDPkDJ6jjqK0/7Hf8A5/7n/v5/9agCPQIom0mBmQE/ + PyQP7xoSKL+3pF2DH2cHGBj71UNG01rjTopRdzxbt3yo+FGGI4GKF01jrDwf + a58iENv3/N97pnHSgC/rkUS2iFUA/ex9B71s+RD/AM81/IVy+raa0Fsrm7nk + zIgw75HJ69Otaf8AY7/8/wDc/wDfz/61ADNCiibTlLICdz9QP7xo8qL/AISD + bsGPsucYGM76z9I01p7JZBdzx/Mw2o+Bwx9qP7Nb+2fs/wBrnz9n3b9/zffx + jOOlAGhrsUS6eSqAHenQD+8K2PIh/wCea/kK5fV9NaCyMhu55PmUYd8jkj2r + T/sd/wDn/uf+/n/1qAGaHFE1kxZAT5j9QPWkeKL+3kXYMfZycYGPvVQ0nTWn + tWcXc8fzuMI+BwevTrQ2msNYS3+1z5MJbfv+b72MZx0oAv6/FEulTMqAHKcg + D+8K2fIh/wCea/kK5fWNNa306WU3c8uCvyu+VOWHUYrT/sd/+f8Auf8Av5/9 + agBmixRNBPuQH9/J1A9aJYov7cgXYMeS3GB61n6VprTQysLuePbK64V8A4PU + 8dTRJprDVoYPtc53RMd+/wCYYPQHHSgDR12KJdJuGVFBAXkAf3hWssEO0fu1 + 6egrmdX0xoNOmlN5PLtA+V3yp5HUYrRXR3IB+33P/fz/AOtQA3RoomS73Ipx + cyDoPakuIohrVooQYMcnGBVDS9NaZbki7nj2TuvyvjOO546nvRNprLqttB9r + nO9HO4v8wx2Bx3oA1NaiiXS7gqighewHqK0IYIfJT92v3R2HpXParpjQ6fPK + byeTaPus+VPPcYq7FpDmND9uuRkDgP8A/WoANIiiZr7cgOLmQDge1F3FENYs + FCDBWXIwPQVn6bprTNdgXc6bJ3X5Xxuxjk8daLjTWTU7OH7XO3mCT5i/zLgd + jjv3oA1tXhiXTLkqighD2FW7aGE20RMa/cXsPSsPUtLaGwnlN5cSbVJ2s+Qf + qMVZg0h2gjb7dcjKg4D8Dj6UALpUURnvwUBxOccD0FF9FENW01QgAPnZGBz8 + tUNP01pZbxRdzp5cpXKvgtx1PHJou9NZNRsYvtc7eZ5nzF8suFz8pxxnvQBs + 6pDENNuSEUERt2HpU1lDCbOAmNSTGvYelY+oaW0VjPIb24fajHaz5B46EYqW + 10lntYX+3XC7kU4D4AyOg4oAk02KI3moAoDiUY49qNQiiGo6cAigFnzwP7tZ + 9jprSXN4n2udPLkAyr4LcdTxyaLzTWjvbKP7XO3mM43F8lcDtxxQBuajDCNP + uiEUERP2H900afDCbC2JRSTEnYf3RWZfaU0dlcSfbbh9sbnDPkHAPB46Utlp + TSWcEn224TdGpwr4AyOg46UAS6fFEdR1EFAQHTHA4+WjUooheaeAgAMpzx7V + QstNaS9vY/tc6eWyjcr4LZHfjmi+01orqyQ3c7+ZIRlnyV46jjg0Ab97DCLO + ciNQRG3YelQ6XDCdOtiUUkxr2HpVK60lktZn+3XDbUY4L5BwOh4qLT9KaWxg + k+23CbkU7VfAGR0HFAFmyiiOq6kCikAxYGBx8tGqRRCewARRmcZ4Hoaz7TTW + fUb6L7XOvl+X8wf5myufmOOcdqNQ01oprNTdzv5koXLPkrx1HHWgDobqGEW0 + xEa/cbsPSqmkQxNplsWRSSg6gVWuNJZIJG+3XLYUnBfg8fSq+m6W01hBKLy4 + j3KDtV8AfQYoAtWkUR1i/UoMBYsDHtRq8USvY7UAzcoDx9aoW2ms+p3kP2ud + fLEfzB/mbI7nHbtRqWmtC1oDdzvvnRfmfO3OeRx1oA6SaCHyX/dr909h6Vn6 + LFE2l25ZFJK9wPU1HLpDiNz9uuTgHgv/APWqlpemNNp8EovJ49y/dV8KOewx + QBdt4ojrV2pQYEcfGBSazFEqWm1AM3MY4H1qhDprNqlzD9rnGxEO4P8AMc9i + cdqNU01oVtibueTfOi/M+cZzyOOo7UAdM8EO0/u16HsKytCiibSbdmRSSG5I + H940raO4Un7fc9P+en/1qztI0xp9OhlF5PFuB+VHwo5PQYoAvQxRf25cLsGB + CnGPel1qKJYICqKP38fQD1rPj01jq00H2ucFY1O8P8xyehOOlGq6a0MMTG7n + k3SouGfIGT1HHUUAdR5EP/PNfyFY+gRRNpUJZFJy/JA/vGn/ANjv/wA/9z/3 + 8/8ArVmaPprXGnRSi7ni3bvlR8KMMRwMUAaCRRf29IuwY+zg4wMfeo1yKJbN + CqAfvY+g96z101jrDwfa5+IQ2/f833sYzjpRq2mtBbK5u55MyIMO+RyevTrQ + B1HkQ/8APNfyFY2gxRNpylkBO9+oH941J/Y7/wDP/c/9/P8A61Zmkaa09kJB + dzxfMw2o+BwT7UAaHlRf8JBt2Lj7LnGBjO+jXYol05iqKDuToB/eFZ/9mt/b + P2f7XPn7Pu37/m+/jGcdKNX01oLJpDdzyfMo2u+RyR7UAdR5EP8AzzX8hWPo + cUTWblkB/eydR70/+x3/AOf+5/7+f/WrM0nTWntmcXc8eJHGEfA4PXp1oAvv + FF/b0a7Bj7OTjAx96l1+KJdKmKoAcpyAP7wrPbTWGsJB9rnyYS2/f833umcd + KNY01rfTpZTdzy7dvyu+VOWA5GKAOo8iH/nmv5CsbRIomgn3ID+/k6getSf2 + O/8Az/3P/fz/AOtWZpWmtPFMwu549srrhHwDg9Tx1NAGhNFF/bluuwYML8Y9 + 6drsUS6TcFUUEAcgD+8KzZdNYatDB9rnO6NjuL/MMHoDjpS6vpjQadNKbyeT + aB8rvlTyOoxQB0qQQ7R+7XoOwrJ0eKJlvNyA4uZB0HtTl0dyoP2+56f3/wD6 + 1Zumaa0y3JF3PHsndflfGcdzx1PegDQuIohrVooQYMcnGBUmtRRLpdwVRQQv + YD1FZc+msuqW0P2uc70c7i/zDHYHHen6ppjQ6fPKbyeTav3WfKnnuMUAdBBB + D5Mf7tfujsPSsvSIome+3IDi5cDge1EWkO0SN9uuRkDgP7fSqGm6a0zXYF3O + myd1+V8bsY5PHWgC/dxRDWLBQgwVlyMe1WNXhiXTLkqighD2FZFzprJqdnD9 + rnbzBJ8xf5lwOxx371NqWltDYTym8uH2qTtZ8g/UYoA27WGE20JMa/cXsPSs + 7S4ojPf5QHE5xwPQUy30lngjb7dcrlQcB+Bx9KpafprSzXii7nTy5SuVfBbj + qeOtAF++iiGq6aoQAEy5GBz8tWtUhhGnXJCKCI27D0rGu9NaPUbGL7XO3mGT + 5i+WXC/wnHGe9T6hpTRWM8hvbh9qMdrPkHA6HigDXsYYTZW5MakmNOw9BVDT + YojeagCgIEoxx7VHaaS0lrC/224XcinAfAGR0HFVLHTWlur1Bdzp5cgGVfBb + jqeOTQBoahFENQ08BAAXfPA5+WrmoQwiwuSEUERP2H901h3umtHe2Uf2udvM + ZhlnyVwO3HFWr3Smjs55Pttw+2NjhnyDgdDx0oA0tOhhOn2pKKSYk7D+6Kp6 + fFEdR1EFAQGTHA4+WoLHSmksreT7bcJujQ4V8AZA4HHSq1nprSXt7H9rnXy2 + Qbg+C2V78c0AX9TiiF3p4CAZlOePatC9hhFnORGoIjbsPSsC/wBNaK5s0N3O + /mSEZZ8leOo44NXLrSWS1mf7dcNtRjgvwcDoeKALulwxHTbYlFJMa9h6VVsY + ojq2pKUBA8nAwOPlqvp+ltLYwSC9uE3Ip2q+AOOgGKgtNNZ9Rvovtc6+X5fz + B8M2Vz8xxzjtQBoarFEJrDCAZnXPA9DWjcwwi2lIjX7jdh6Vz2oaa0Utmpu5 + 38yYLlnyV4PI461en0llgkb7dcnCk4L8Hj6UAWNIhibTLYsiklB2FQWkUR1m + +UoMBYsDA9Kq6bpbTWEEovLiPcoO1XwB9BiorfTWfU7uH7XOvliP5g/zNkdz + jt2oAv6vFErWO1AM3MYPA6c1qzQQ+S/7tfunsPSub1LTWhNpm7nk3zovzPnb + nPI46itCXSHEbn7dcnAPBf8A+tQBJokUTaVblkUkr1IHqajt4ojrV2pQYEcf + GBVLStMafT4ZReTx7h91Xwo57DFMh01m1W4h+1zjYiHcH+Y57E4oA0NZiiVL + TagGbmMdB71rtBDtP7tenoK5jVNNaFbYm7nk3zovzPnGe446jtWk2juAT9vu + f+/n/wBagBNBiibSbcsikkNyQP7xpsUUX9uzrsGPJXjAx1qjpGmNPp0MovJ4 + 9wPyo+FHJ6DFJHprHV5YPtc42xK2/f8AMcnoTjpQBf1uKJbeEqgH76PoB61s + +RD/AM81/IVy+q6a0MMTG7nk3SouHfIGT1HHUVp/2O//AD/3P/fz/wCtQAzQ + Yom0uIsgJy/JA/vGhYov7eddgx9nBxgY+9Wfo+mtPp8cou54slvlR8KMMR0x + QumsdYaD7XPxCG37/m+9jGcdKANDXIolslKooPmJ0A9a2PIh/wCea/kK5fVt + NaC1Dm7nk+dBh3yOT16Vp/2O/wDz/wBz/wB/P/rUAR6FFE2ngsgJ3v1A/vGj + yov+EgC7Bj7LnGBjO+qGkaa09mJBdzx/Mwwj4HB+lH9mt/bIt/tc+fI3b9/z + /exjOOlAF/Xool01yqAHcnQD+8K2fIh/55r+Qrl9X01oLFpDdzy4ZRtd8jkj + 2rT/ALHf/n/uf+/n/wBagBmiRRNaSFkU/vZOoHrSlETX4gihf9HboMfxVnaV + prT2zuLuePEjjCPgcHr061YgtDba7Gpnkm/cscyNk9cY+lAHS0UUUAFFFFAB + RRRQAUUUUAf/1v3PludTOqwO1mBKI3ATzByO5zTtWudUfTpknshFGQMt5gOO + R2qSbUrBtXt5hOpjWNwWzwCadrGp2E+mzxRTq7sBgA8nkUAWI7vWQigaepGB + /wAtVrP0y51NPtfk2Yk3XEhb94BtY4yvvj1rYj1fTBGoNymQB3rN0rUrCH7Z + 5s6rvuZGXJ6qcYNAENxc6mdUtXazCyKr7V8wHcCOee2Kk1O61V7CdZrIRoV5 + bzAcD6U641KwbVrSZZ1KIsgY54GRxUuq6np82nTxRXCM7LgAHk0ASQ3esCGM + LYAgKMHzV54qhp1zqaSXZhsw5aZi37wDa3HHv9a1oNW01YI1a5QEKAefas/T + NSsIpL0yTqoedmXJ6ggc0AQ3VzqZ1Kyd7MLIvm7F8wHdleee2Km1G61V7GdZ + rERoUOW8wHA9cUXepWD6pYSrOpSPzdxzwMqMZqfU9U0+XT7iOO4RmZCAAepo + AS2u9XFtEEsAyhFwfNAyMdap2Fzqa3F4YrMOzSZYeYBtOOnvWpa6tpqWsKNc + oCqKCM9wKo6dqVhFcXrSTqoklypJ6jHWgCG8udTa/smkswrqX2L5gO75eee2 + Ks311qzWVwstiEQxsC3mg4GOTimXupWD6hYSpOpWMybjnpleM1Z1DVdOksLi + OO4RmaNgAD1JFAEVnd6utpAsdiHUIoB80DIxwcVVsrnU1u71o7MOzOu8eYBt + OOme9aVlqunR2cCPcIGWNQRnoQKp2GpWEd5fO86qsjqVJPUAdqAIb651Nruy + aWzCMrtsHmA7jjpntVq8u9Xa0nWSxCKUYE+aDgY5OKjv9SsJLyxdJ1ZY3YsQ + egx3q5e6rp0lnOiXCFmjYAZ6kigCrYXWrLZQLFYh0CKA3mgZGOuKr2dzqa39 + 80dmGdim9fMA2/Lxz3zV/T9U06Owt45LhFZY1BBPQgVWstSsI9Rv5XnUJIY9 + pz1wvOKAIb+51Np7My2YRllyo8wHccdPartzd6ubeUPYBVKNk+aDgY61BqOp + WEtxZNHOrCOXLEHoMdavXWraa9tMq3KElGAGe+KAKOnXWqpYwLDZCRAgw3mA + ZHriobW51MaleulmGkYR718wDbheOe+au6ZqmnxafbxyXCKyoAQT0NQWmpWC + apfTNOoSQRbTng4XnFAEOo3Opu9p51mIysylf3gO5ucD2+tX5rvWDDIGsAAV + OT5q8cVW1PUrCWSyMc6sEnVmwegGea0J9W01oZFW5QkqQOfagDN0u61VNPgW + CyEiBeG8wDP4VHBc6mNUunWzBkZU3J5g+UAcc981a0nU9Ph06CKW4RXVcEE8 + io7fUrBdWu5mnUI6xhTng4HNAEOp3Opv9l86zEe24jK/vAdzDOB7Z9a0XvNZ + 2NnT1Awf+Wq1U1XUrCb7J5U6tsuI2bB6KM5Nab6vphRgLlOh70AZGk3OqJp0 + KQWQljAOG8wDPJ7U2K51MarO62YMpjQFPMHA7HNWNH1Owg02CKWdUdQcgnkc + mmw6lYLq9xMZ1EbRoA2eCRQBDqlzqbxwCezEYEyEHzAct2H4+taf2zWf+gev + /f1apavqVhNFbiKdWKzxscHoB1Nap1jTMf8AHyn50AYmj3Opx6bClvZiWMbs + N5gXPzHsaEudT/teSQWYMphAKeYOFz1zU2ialYW+lwRTTqjruyCeRliaE1Kw + GsyTmdfLMKqGzxnd0oAh1W51N7dBPZiNRIhB8wHJzwPxrT+2a1/0D1/7+rVL + WNSsJraNYp1ciVCQD2B5rV/tjTP+flPzoAxNHudTjsEW3sxKmWw3mBf4jnig + XOp/2wZPsY83yANnmD7u7rn69qm0XUrCDT0jmnVGDNwT6saBqVh/bZn89fL+ + zhd2eM7s4oAh1e51OSz23FmIk3pz5gbnPAwK0/tmtf8AQPX/AL+rVLWdSsJ7 + Ly4Z1dt6HAPYGtX+2NM/5+U/OgDE0m51NLQrBZiVd78+YBznkYoNzqf9sLJ9 + jHm+QRs8wfd3dc/XtU2jalYQWZSadUbe5wT2J4oOpWH9trP56+WICu7PGd2c + UAQ6xc6nJYSLcWYiQlct5gbHzDHFaf2zWv8AoHr/AN/VqlrWpWE+nSRQzq7k + rgA88MDWr/bGmf8APyn50AYmlXOppBIILMSKZXJPmAYOeR+FElzqZ1eKQ2YE + oiYBPMHIz1zU2kalYQ28iyzqhMrkAnsTwaJNSsDrMU4nXyxCyls8Zz0oAh1i + 51OTTZkuLMRRnblvMDY+YdhWkLzWcD/iXr/39Wqet6lYT6ZPFDOru23AB5OG + BrUGsaZgf6Sn50AYul3Opolx5FmJAZnJ/eAYbuPw9aJrnUzqtu7WYEoRwqeY + OR3Oam0nUrCGO4Es6qWnkYZPUHoaJtSsG1e2mE6lFjcFs8AnpQAzVbnVH0+Z + J7IRxkDLeYDjkdqux3eshFA09SMD/lqtQaxqdhPps8UU6O7AYAPJ5FX49X0w + RqDcpkAd6AMfTLnU0N35NmJN07lv3gG1jjI98etFxc6mdUtHezCyKsm1fMB3 + ZHPPbFTaVqVhCbzzZ1XfcSMuT1U4waLnUrB9Ws5lnUoiyBjngZHFADdTutVe + wnWayEaFeW8wHA+lWoLvWBDGFsAQFGD5q8jFM1XU9Pm06eKK4RnZcAA8mrcG + raasEatcoCFAPPtQBk6dc6mkl4YrMOWmYsPMA2tgce9F1c6mdSsXezCyL5ux + fMB3ZXnntiptN1KwilvTJOqh5mZcnqMDmi71KwfVLCVJ1KR+buOeBlQBmgBd + RutWexnWWxEaFDlvMBwPXFfk3ff8ftx/10f+Zr9atS1TT5dPuI47hGZkIAB6 + mvyVvv8Aj9uP+uj/AMzX7L4RfFif+3f/AG4/PePdqP8A29+h7D+z6zr8TbEx + rvbybjjOP+WZr78lkuTPCWhwQWwNw54r4E/Z8dI/idYs5wPJuOT/ANczX39N + cQNcQMHBClsn04rzPE//AJGMf8C/NnfwV/ub/wAT/JCzS3RhkDQYBU5O4cDF + LDLdCJAsGQFGDuHPFPnurdoZFWQElSB+VEN1brDGpkAIUfyr85PrivDJciaY + rDkkjI3DjiiaS5MsJaHBBOBuHNPguIFmnZnADEY9+KJ7iBpYWVwQrHPtxQMd + LLdGJw0GBtOTuHpSQS3QhQLBuAUYO4c1JNdW7ROBICSp/lSQXVusEatIAQoB + /KgRBFJci4mKw5Y7cjcOOKJ5LkvEWh2kNx8wOTT4biBbidi4Abbg+uBRcXMD + PCVcEK2TQDHyS3ZjYGDAwedwplvLdCBAkG4AcHcBmppbq3MbgSDJBpltc26Q + Rq0gBAFAyGOS5FzMRDljtyNw44ouJLkmLdDtw4x8wOT6U+K4gFzO5cANtwfX + AoubiBzDtcHa4J+lAEjy3e05gxwf4hUVtLciBAkO5QODuAzVh7u2KMBIOhqK + 1uYEt0VnAIHSgCJJLn7TKRDliFyNw4/Gi5kuT5W+HbiRSPmByfSnx3MAupXL + jaQuD9KLq4gfytrg7ZFJ+goEfFP7X2oXElx4Y06RPLVFupSM5yWMaj8sH86+ + dfhDY/2j8TvDNvt37b6KXHr5J8zH/jte6ftdziXxPoKodyLZyHI9TJz/ACFe + T/ADyh8XvDpmO1RJMcn1EEhH61+35L+7yO6/lk/zP5/z/wDecQ8sv54L/wBJ + R91fHC+uLP4Y+J5vL2l7VIjz0Esix/rur8s6/T/9oF0m+FPiURsDmO1Ix323 + MRP6CvzArk8Oor6nN/3v0R2eKMn9epr+4vzYV7b+zvYG/wDi3orbPMFqJ5yv + TlIm2n8GINeJV9CfsxXEUHxXtfNYL5lrcqM+u3P8hX1OfyccDWa/lf5Hx/DU + FLMKCf8ANH8z9HxJc/a2byfm2DjcOmeua8K+P3wyl+IHhwalYWgXW9KBaAgg + maM8tCfXPVPRuONxr3gXEH2xn3jbsAz75ou7iB4wEcE7ga/n7AY6phq0a9J6 + o/pfMsvpYqhLD1leMv6v8j8WmVkYo4KspwQeCCKSvrL9pf4Xw6PqZ8feHkH2 + HUHxeRoOIrhv+WmP7sh6+jf7wFfJtf0PlWZ08XQjXp7P8H1R/MOc5TVwWIlh + 6u62fddGKCVIZTgjoa+1dH/aY8r4Vyx6kRN4ostttFu584kHZOw77QPn9WA6 + buPimis81yahjFFV1fld/wDgej6mmT57iMDKcsPK3MrP9H6roWby7utQu5r6 + 9lae4uHaSSRzlndjlmJ7kmq1FFeolbRHkNtu7Cvvr9nj4VS+G9EPjfXLXGoa + nGPswfGYLdiDnHZpOD7LgdyK8G/Z/wDhhF448SDWNcj/AOJHpTBpAw+WeYcr + F7ju/tgfxV+kl5cW7WzJG4J4wB7GvzLjviGy+o0Xq/i/y/z/AOHP1vw64Z5n + /aFdaL4f8/8AL7+xP513/wA+/wD4+K/Of9qTTxbfEG1vgu37bZIze7pI6n9A + tfo59rtv+egr8+f2r5o38V6PEpyy2bsfo0rY/ka+b4Dk1mEUuqZ9T4jQTyyT + fRr8z5Vooor9yP56P0l/Zgv7qf4VwwJF5i2t3cRg7gOpEn/s9fM37UFl9m+J + S3WMG9sopW/3leSP+Sivo39lOWKD4ZziVwC+ozsAfTy4h/SvDf2r/LbxlpUi + nLNZt+XnPj+Zr8qyd8uf1UuvN/mfsmeR5uG6LfRR/wAjmf2ZL6a0+K9nFCu4 + 3dtcxEZxkBPM/mlfpHdS3LW7h4dq45O4GvzH/Z2l8n4xaAxOAftQP0NtLX6d + 3dzA9u6q4JI6V5fiHBLHRfeK/NnreGM28uku03+USRZbvaMW/b+8Kr20lyPN + 2Q7syMT8wGD6VbW7tgoBkHSq9rcQJ5u5wN0jEfQ18IfooySS5NzETDhgGwNw + 54p9xLcmBw8O0EcncDiiS4gN1C4cbVDZP1FPubm3e3kVZASRQDFSW72LiDIw + P4hUFvJchpdsO7LnPzAYPpVpLu2CKDIOgqC2uIFaYs4G5yR9KBjJZLk3EBaH + DDdgbhzxzT7iW6MLhoNoIOTuBxRLcQG5gcOCF3ZPpkU+4ubdoJFWQEkHFAgi + luhGgEGRgc7hUMElyJJisO4luRuAxVmK6txEgMgBAFQwXECyTFnADNkUDGSy + XJmhLQ4IJwNw54qSaW6MMgaDAKnJ3DgYpJrmBp4GDghS2fbipZ7q3aGRVkBJ + UgflQIZDLdCGMLBkBRg7hzxUUMlyJpisOSSMjcOOKsQXVusMatIAQoB/Koob + iBZ52LgBiMe/FAxk0lyZYS0OCCcDcOalllujE4aDAwcncPSmz3EDSwsrghWO + fbipZrq3aJwJASVP8qAPif8AaYZzr2h712gWRxznI3nmvmivpj9pl0fXtDCn + O2yIPsd5r5nr+m+Cf+RVQ9H+bPxfiT/fqvr+iP1A8NXGoHwn4VDWoAS1tPLO + 8fOfJXH0zXaXF3rBt5Q9gFUq2T5oOBiuQ8NX9k3hPwmBMpMNraF+fu4hUHNd + tc6tpr20qrcoSUYAZ9q/mPH/AMep6v8AM/ZcL/Cj6Io6bdaqlhAsNkJECjDe + YBkfSoba51ManeOlmGkYR7l8wDbgcc981c0vVNPi0+3jkuEVlQAgnkGobXUr + BNVvZmnUJIItpzwcDmuQ3IdSudTdrTzrMR7Z1K/vAdzc4Ht9avy3esGJw1go + GDk+atVtU1KwlezMc6tsnRmwegGea0ZtX0xonAuUJKnv7UAZml3Wqpp8CwWQ + kQLw3mAZ59KjgudTGqXLrZgylE3J5g4HY575q1pOp6fDp0EUs6K6rggnkc1H + BqVgur3UzTqEdEAOeCR1oAh1O51NxbefZiPE6Ff3gOWGcD2z61oveaztOdPU + DB/5arVTVtSsJltfKnVtlxGxweijOTWm+r6YUYC5Toe9AGPpFzqiadCkFmJY + wDhvMC55PakiudTGrTOtmDKY1BTzBwM8HNWNG1Kwg0yCKadUdQcgnkcmmxal + YDWJ5zOojaJQGzwSDQBDqlzqbxQiezEYEyEHzActngfjWn9s1r/oHr/39WqW + r6lYTQwCKdXKzRscHoAeTWr/AGxpn/Pyn50AYmjXOpx6dElvZiWMbsMZAufm + PY0Lc6n/AGw8gswZTCAU8wcLu65/pU2ialYW+mQxTTqjruyCeeWJoTUrAa1J + OZ18swBd2eM7s4oAh1a51N7ZRPZiJfMQ58wNzngfjWn9s1r/AKB6/wDf1apa + xqVhPaokU6uRIhwD2B5rV/tjTP8An5T86AMTSLnU47JVt7MSpub5vMC85OeK + PtOp/wBs+Z9jHm/Z8bPMH3d/XP14xU2jalYQWCxzTqjBnOCfVjR/aVh/bn2j + z18v7Pt3Z43b84/KgCHV7nU5LIrcWYiTcvzeYG5yMcVp/bNa/wCgev8A39Wq + Ws6lYT2JjhnV23IcA+jCtX+2NM/5+U/OgDE0m51NLUrBZiVd7nPmAc55GKGu + dT/thJDZjzfJICeYPu7uuf6VNo+pWEFoySzqjeY5wT2J4obUrA60k/nr5YgK + 7s8Z3ZxQBDrFzqcmnSpcWYijJXLCQNj5h2Faf2zWv+gev/f1apa3qVhcabLF + DOruSuADzwwrV/tjTP8An5T86AMTSrnU0hlEFmJAZXJPmAYOeR+FElzqZ1aF + zZgSiJgE8wcjPXNTaRqVhDDMss6qWmdhk9ieDRLqVgdYhnE6+WsTAtngEnpQ + BFq9zqkmnTJcWYijIGW8wNjkdq0VvNZwP+Jev/f1aqa1qVhPpk8UM6u7AYAP + J+YVprq+mbR/pKfnQBi6Zc6mi3Pk2YkBnct+8Aw3ce+PWia51M6rbO1mBKEf + anmDkdzntiptJ1KwhS5Es6rvnkYZPUHGDRPqVg2r2syzqURHBbPAJ6UAM1W5 + 1R9PnWeyEaEct5gOOfSrsV3rAjQLYKRgYPmrUOr6np82mzxRTo7svAB5PNXY + tX0wRIDcoCAO/tQBkabc6mjXfk2Yk3TuW/eAbW4yPfHrRcXOpnU7N3swsiiT + avmA7sjnntiptL1Kwia88ydV33DsuT1Bxg0XOpWD6rZTLOpSMSbjngZHFACa + ldaq9hOs1kI0KnLeYDgfSrMF3rAgjC2AYBRg+avIxTdU1TT5tPuIorhGZlIA + B5NWbfVtNW3iVrlAQqgjPtQBlafc6mkt4YrMOWlJYeYBtOOnvRd3OptqNi8l + mFkXzNi+YDuyvPPbFTabqVhFNetJOqiSYsuT1GOtF5qVg+p2EqTqUj83cc8D + K4GaAF1C61Z7GdZbEIhRst5oOBjripbW71dbWEJYBlCLg+aBkY64p2papp0t + hcRx3CMzIwAB6nFS2mq6alpCj3CBlRQRnoQKAMyxudTW5vDFZh2aQFh5gG04 + 6e9F5c6m17ZNJZhHVn2L5gO44557VNp+pWEd1fPJOqrJICpJ6jFF9qVhJf2E + iTqVjZyxB6ZXjNAD7661ZrK4WSxCIY3DN5oOBg5OKWyutXWzgWOxDoI1APmg + ZGODipr/AFXTpLG4jS4RmaNwAD1JBpbHVdOjsreN7hFZY0BBPQgCgDOsrnU1 + vb1o7MO7Mu9fMA2nHHPei+udTa6sjLZhGWQlB5gO446e1TWOpWEd9fyPOqrI + yFST1wvajUNSsJLuxeOdWWOQliD0GKAJrq71drWYPYBVKNk+aDgY64qLT7rV + lsYFisQ6BFw3mgZGOuKuXmraa9pOiXCFmRgBnqSKi07VNOisLeOS4RWVFBBP + QgUAUbS51NdRvnjsw0jeXvXzANuF4575o1C51N5rMy2YQrKCo8wHccdPaprP + UrBNTv5XnUJJ5W054OFwcUalqVhLNZNHOrCOYM2D0GOtAE9xd6wYJA9gFUqc + nzVOBiq+m3WqpYQLDZCRAow3mAZH0rQudW01reVVuUJKsAM+1VtL1TT4dPt4 + pbhFZVAIJ5FAFO2udTGp3jpZhpGEe5fMA24HHPfNGpXOpu1p51mI9s6Ff3gO + 5ucD2+tTWupWCarezNOoSQR7Tng4HNGqalYTNZmKdW2XCM2D0Azk0AWpbvWT + G4awUDByfNWqWl3WqJp8CwWQkjC8N5gGefStSXV9MMTgXKEkHv7VS0jU9Ph0 + 2CKWdEdV5BPI5oAqw3OpjVLl1swZCibk8wcDsc980apc6m623n2YjxOhX94D + lhnA9s+tTQalYLq91M06hHRADngkdaNW1KwmW1EU6tsuI2OD0Azk0AXGvNZ2 + nOnr0/56rWdpFzqkenQpb2YljAOG8wLnk9q2G1fTCpH2lOnrWboupWEGmQRT + TqjqDkE8j5jQBBHc6mNWmcWYMpjUFPMHAz1zRqtzqbwxCezEYEqEHzAcnPA/ + GpotSsBrM85nURtEoDZ4JB6UavqVhNDCsU6sVmRjg9geTQBd+2a1/wBA9f8A + v6tZmj3Opx6dElvZiWMbsN5gXPzHPBrb/tjTP+flPzrK0TUrCDTIopp1R13Z + BPPLE0AQrc6n/bDyCzHm+SAU8wfd3dc/0o1a51N7ZRPZiJfMQ58wHnPA/Gpl + 1KwGtPP56+WYAu7PGd2cUaxqVhPaqkU6uwkQ4B7A80AXftmtf9A9f+/q1maR + c6nHZBbezEqbm+YyBecnPFbf9saZ/wA/KfnWVoupWEFgsc06o25zgn1Y0AQ/ + adT/ALZ8z7GPN+z42eYPu7+ufrxijV7nU5LJluLMRJuX5vMDc5GOKm/tKw/t + z7R56+X9n27s8bt+cflRrOpWE9g0cM6uxZDgH0YUAXftmtf9A9f+/q1maTc6 + mlswgsxKvmOc+YBznkfhW3/bGmf8/KfnWVo+pWEFqySzqjGRzgnsTxQBC1zq + f9sJIbMeaISAnmD7u7rn+lGsXOpyadKlxZiKM7ct5gbHzDHAqZ9SsDrUc4nX + yxAV3Z4zuzijW9SsJ9MlihnV3bbgA88MDQBd+2a1/wBA9f8Av6tZmlXOppFM + ILMSAyuSfMAwc8j8K2/7Y0z/AJ+U/OsrSNSsIYZllnVC0zsMnqCeDQBDLc6m + dWhdrMCURsAnmDkZ5OaXV7nVH06ZJ7MRRkDLeYGxyO1Sy6lYHWIJxOpjWJgW + zwCTTtZ1Kwn0yeKGdXdgMAHk8igC0t5rO0Y09en/AD1Ws3TLnU0W58mzEmZ3 + LfvAMMeo98etbK6vpgUD7SnT1rM0rUrCFbrzZ1XfcSMMnqDjBoAhmudTOqWz + tZgShH2p5g5Hc57Yp+qXWqPp86z2QjjK8t5gOOfSnz6lYNq9rMs6lERwTngE + 9Kk1fU9Pm02eKKdHdl4APJ5oAliu9YESBbBSMDB81aoabc6mjXfk2Yk3TuW/ + eAbW4yPf61rw6vpixIDcoCFHf2rO0vUrCFrwyzqu+4dlyeoOMGgCG5udTOp2 + bvZhZFEm1fMB3ZHPPbFTaldaq9hOs1kI0KnLeYDgfSi61KwfVbKZZ1KRiTcc + 8DI4qbVNU0+XT7iOO4RmZCAAeSaAFt7vWBBGEsAyhRg+aoyMVS0+51NZrwxW + YctKSw8wDacdPetW21bTVt4la5QEKoIz7VQ03UrCKa9aSdVEkxZcnqMdaAIb + u51NtRsXkswsimTYvmA7srzz2xU+oXWrNYzrLYhEKNlvNBwMdcUl5qVg+pWE + qTqUjMu454GVwM1Y1HVNOlsLiOO4RmZGAAPUkUAMtLvV1tYVjsAyhFwfNAyM + cHFVLG51Nbq9MVmHZpAWHmAbTjp71pWeq6alpAj3CBlRQRnoQKp6fqVhHd3z + yTqqySAqSeoxQBDe3Opte2TSWYR1Zti+YDuOOee1Wr261drOdZLEIhjYE+aD + gY5OKjvtSsJL6xkSdWWNnLEHple9W77VdOksriNLhGZo3AAPUkGgCvY3WrLZ + W6x2IdBGgVvNAyMDBxVazudTW9vWjsw7syb18wDaccc960LDVdOjsbeN7hFZ + Y0BBPQgDNVbHUrCO/v5HnULIyFST1wvOKAIb+51NrmzMtmEZZCVHmA7jjp7V + curvV2tZhJYBVKNk+aDgY5NQ6hqVhJdWLxzqwjkJYg9Birt3qumvaTIlwhZk + YAZ6kigCnp91qyWMCxWIdAi4bzAMjHXFQWlzqa6jfPHZhpG8vevmAbcLxz3z + V7TdU06Kwt45LhFZUUEE9Diq9nqVgmp38rzqEk8rac8HC4OKAIdQudTeWzMt + mEKzAqPMB3Ng8e1Xp7vWDBIGsAoKnJ81eBiq+palYSzWRjnVgkwZsHoMHmr9 + xq2mtbyqtyhJVgBn2oAz9NutVSwgWGyEiBRhvMAyPpUVvc6mNTu3SzDSMI9y + +YBtwOOe+auaXqmnw6fbxS3CKyqAQTyKhttSsE1W9madQjrHtOeDgc0AQ6lc + 6m5tPOsxHtnQr+8B3Nzge2fWtCW71gxuGsFAwcnzVqrqmpWEzWflTq2y4Rmw + eijOTWjLq+mGJwLlCSD3oAy9KudUTT4VgshJGBw3mAZ59KZDc6mNVuHWzBlK + JuTzBwOxz71Z0jU7CHTYIpZ0R1HIJ5HNMg1KwXV7mZp1CMiANngkdaAIdUud + TdbbzrMR4nQr+8By3Ye2fWtI3ms4OdPX/v6tU9W1KwmS2EU6tsnjY4PQDOTW + o2r6ZtP+kp+dAGNpFzqkenQpb2YljAOG8wLnk9qSO51MatK4swZTEoKeYOBn + rmp9F1Kwg0yCKadUdQcgnkfMaSPUrAazNOZ18tolAbPGQelAEOq3OpvDEJ7M + RgSoQfMByc8D8a0/tmtf9A9f+/q1S1fUrCaCFYp1crMjHB7A8mtX+2NM/wCf + lPzoAxNHudTj0+NbezEqAthvMC5+Y54NC3Op/wBsNILMeb5IGzzB93d1z/Sp + tF1Kwg02KKadUcFsgnnliaF1Kw/tp5/PXyzAF3Z4zuzigCHVrnU3tQs9mIl3 + oc+YDzngYrT+2a1/0D1/7+rVLWNSsJ7RUinV28xDgHsDzWr/AGxpn/Pyn50A + YmkXOpx2YW3sxKm5vmMgXnPPFH2nU/7ZEn2Med5GNnmD7u7rn68YqbRdSsIL + ERzTqjb3OCfU0f2lYf24Ljz18v7Pt3Z43b84/KgCHWLnU5LFluLMRJuX5vMD + dxjgVp/bNa/6B6/9/VqlrWpWE9g0cM6uxZDgH0YVq/2xpn/Pyn50AYmk3Opp + bOILMSr5jknzAOc8j8KsQS3kuuxm6gELeSwwGDcZ68e9N0fUrCG2dJZ1QmRz + gnsTxUsd3bXOuxtbyCQeQwyPXdmgDoqKKKACiiigAooooAKKKKAP/9f93Z7e + 3GtWyCNdpickYGKfrdvbppVwyRKpAHIAB6is6XT5hqsEJvJSWjc78jcMdhT9 + W06aHTppWvJZAoHysRg8jrQBvxWtr5afuU6D+EVlaPbwP9t3RqcXUgGQOBxx + UkelTlFP2+cZA7is7TNPml+17byWPZcSKdpHzEY5PuaALtzbwDWbJBGoUpJk + YGDxU2sW1ummXDLEoIXghRWZcafMuqWsRvJWLq5DEjcuB2+tS6np00VhPI17 + NIFXO1iMH60Abdva2xgjJhT7o/hHpWbpVvA0t9ujU7bhgMgcDApYdLnaGNhf + zjKjgEccVQ07T5pZLwLeSpsmZTtI+Y8cn3oAvXlvbjVtPURqAwmyMDBwoqxq + ttbrptyyxKCEOCFFZN1p8yalZRG8lYyebhiRlcL2+vep9R02aKxnka9mcKhO + 1iMH2NAGtZ21sbSAmJCSi/wj0rP0y3ga5vw0akLNgZA44ottMne2iYX0ygop + wCMDjpVKw0+aS4vFW8lTZJgkEZbjqaAL19b241LTlEagM0mRgc/LVvUra2XT + 7lliQERvghR6Gsa80+ZL+xjN5KxkL4YkZXC9vrVm/wBNnjsriQ3szhY2O0kY + OB0NAGlYW1s1jblokJMaZO0egqlp9vbtfagGjUhZFwCBx8tMs9Mne0gcX0yh + kU4BGBkdBVSy0+aS7vUF5KhR1BIIy3HU0AXdRt4FvtPCxqA0jZAA54q9f21s + tjcMsSAiN8HaPQ1iX2nzR3dkhvJXMjsASRleOoq3eaZOlpO5vpmCoxwSMHA6 + GgC7pttbNp9szRISY0ySo9KqWFvA2p6ipjUhTHgYHHy1HYabPJZQSC9mQMin + aCMDI6Cq1np8z399GLyVTGUywIy2V7/SgC9qdvAtzYBY1AabBwBzxWhd2tsL + WYiJAQjfwj0rBv8AT5o57NTeSuXlwCSMrx1HvV250udbeVjfTMAjHBIweKAL + OlW1u2m2zNEhJQZJUVWs7eA6vqCmNSqiLAwMDK1Dp2mzS2MEi3syBkB2qRge + wqC10+Z9TvYheSqYxHlgRlsr3+lAF3VreBZLHbGo3XCA4A5HNadxa2wgkIhT + 7p/hHpXP6lp80UlmGvJZN8yqNxHyk9x71fm0udYZGN/OcKTgkc8UASaPb276 + Zbs8SsSvJKiora3tzrN4hjUqEjwMDA4qrpenTS6fBIt7NGGX7qkYH0qODT5m + 1S6iF5KCioSwIy2R3+lAF7V7eBPsW2NRm5iBwByOeK1ZLW18tv3KdD/CK5zU + 9Pmi+y7ryWTfcRqNxHyk55HuK0X0q4CMft854PcUAGiW9u+lW7PErEg8kAnq + aZBbwHWrlDGu0RJgYGKqaTp002nQyLeSxhgflUjA5PSmRafMdVnhF5KCsaHf + kbjnsaALus28CRW2yNVzPGDgDpmtg2trj/Up/wB8iua1XT5oY4C15LJumRcM + RxnuPcVpnSrj/oIT/mKAItBt4H0mBnjVmO7kgE/eNEdvb/25KnlrtECnGBjO + 6qOjafNPpsMq3ksQbd8qkYGGNCafMdXkh+2SgiENvyNx56fSgC9rVvbpaxlI + 1UmWMcAetbH2W1/54p/3yK5nVtPmht0ZryWQGRBhiMDJ6/hWp/ZVx/0EJ/zF + AEGg28D6ajPGrHc/JAP8RpRb2/8AbzJ5a7fswOMDGd9UdH0+aawSRbyWIEt8 + qkY4Y0DT5v7ZMH2yXd5AbfkbsbsY+lAF3XLeBLDckaqd6cgAfxVs/ZbX/nin + /fIrmdX0+aGz3teSyjegwxGOT1rU/sq4/wCghP8AmKAIdDt7d7Il41Y+Y/UA + 96Gt4P7eVPLXb9nJxgYzvqjpOnzTWhdbyWMb3GFIxwetB0+b+2Fg+2S7vILb + 8jdjdjH0oAva7bwJpkjJGqnKcgAfxCtj7La/88U/75FczrGnzQWEkjXksoBX + 5WIwcsK1P7KuP+ghP+YoAh0W3ge2lLxqxE0g5A9aSS3g/tyFPLXaYWOMDGc1 + S0rT5poJGW8ljxK4wpGDg9fqaJNPmGrxQ/bJSTEx35G4c9PpQBe163t00mdk + jVSNvIAB+8K1xa2uB+5T/vkVzesafNBps0rXksoXb8rEYPzDrWkNKuMD/T5/ + zFAEOjW8Dx3O+NWxcSAZA6Us9vbjWrVBGu0xvkYGKo6Xp80yXBW8lj2zOvyk + ckdz7mibT5l1W3hN5KSyOdxI3DHYUAaOt29uml3DJEqkAchQD1FaMVra+Wn7 + lOg/hFYGradNDp80jXksgUD5WIweR1q9HpU5RT9vnHA7igCPSLeBze7o1O25 + kAyBwOOKLq3gGsWSCNQrLJkYGDgVS0zT5pTd7byWPZcOp2kfMRjk+5ouNPmX + VLSI3krF1kIYkZXA7fWgDT1i3t00y4ZIlUheCFFXbe1tjbxEwoSVX+EelYmp + 6dNFYTyNezSBVztYjB+tWoNLnaGNhfzjKg4BHHFACaVb27S3waJTtnYDIHAw + KLy3gGracojUK3nZGBg4Udao6dp80kl4FvJU2TMpII+Y4HJ96LrT5k1KxiN5 + Kxk83DEjK4Xt9e9AGtqttbrp1yyxICI2wQo9K/Iy+/4/rj/ro/8AM1+smo6b + NFYzyNezOFQnaxGD7Gvybvv+P24/66P/ADNfsvhF8WJ/7d/9uPz3j3aj/wBv + foeyfs9AN8T7EMMjybj/ANFmvv8AnjQXNuAowS3b2r8/f2fUL/E2xUMUPk3H + I6/6s19+SwOJ4VMzHcW57jjtXmeJ/wDyMY/4F+bO/gr/AHN/4n+SLlxHGIJC + EH3T29qII4zBGSg+6O3tUE1s6wyMZnOFPB78UQ2ztEhE7jKjgfSvzk+vFt44 + zPOCo4I7e1FxGgmgAUDLHt7VDDA7TTATMNpHI78d6JoHWWEGZjuJ5PagC7NH + GIZCEH3T29qbbxxm3jJUfdHb2qGW2cROTO5wp4/Ckgt3aFGEzjKjgdqAHQxx + m5uAVGBt7e1LcxxiSDCgZf0qCKBzcTKJmBXbz3OR3ont3V4gZmOWxz2oEy9L + HGInIQdD2qO1jjNvGSoJwO1RyWziNiZ3OAaZb27tAjCZ1yOgoGPijjN3OCow + Nvb2ouo0DQ4UDMg7VDHA5uZl85gV289zkd6LiB1MWZmbLgc9vegC+8cexvkH + Q9qhs44zbRkqCcelNe2kCk+e54NRW1u7wIwmdQR0HSgCWOOP7XMNowAvaku4 + 0Hk4UDMi9qhSBzcyr5zAgLz3NFzA6+VmZmzIo57e9Aj4n/bBtPL1TwzdqmFk + huUyB3RkP/s1eDfBO6jtPit4Zll+612sf4yqUH6tX1X+1to0j+D9H1gM0v2S + 9MRz/Cs0ZOfzQCvhnw/qZ0XXtN1hcg2FzDOMdf3ThuPyr9v4X/f5OqS3tJfn + /mfz9xf/ALPnjqva8Jfcl/kfqd8WdL/tT4f+KrONAzDT5ZFGO8Q8wY9/lr8m + q/ZlrSDU0mgaYy29zDgkH76SDH5EGvx98QaPP4f13UdCus+bp9xLA2eMmNiu + fxxmvH8OMT7lWi900/0/Q9zxTwr9pRrrZpr7tV+bMivUfgrrMehfFLw5fTEC + N7kW7Z6YuVMOT7DfmvLqfHI8UiyxMUdCGUjggjkEV+i4vDqrSnSe0k196sfl + 2CxLo1oVo7xaf3O5+0wjT7cw2jGwdvei9jjEQIUD5l7e9cF8OPE8fjrwtpni + KKc+bc26+eBjKzodsi/QMDj2wa7e6gdIwTMzfMODX80V6Mqc5U5rVOz+R/WO + HxEatONWDumrr5i6toul65plzo+qW6T2l5G0UqMOCrDB+h9COQeRX5NfEnwF + qHw88TT6LdBntnzJazEcSwkkA/7wxhh6j0Ir9bfssn/Pd68h+Kfwvt/iX4Pe + zRgmp2m+WyduAsndCeyyYwfQ4PavqOEs/eCr8tR/u5b+Xn/n5HyPGvDSx+H5 + qa/eR28+6/y8/U/LGirN5Z3Wn3c1hfRNBcW7tHJG4wyOhwykeoNVq/dk01dH + 86NNOzCuo8G+EtV8ceI7Pw1oyZnu3wWI+WNBy8jf7Kjn36DkiuYALEKoyTwA + K/Sr9n/4Uf8ACEeG/wC2dTBi1zVVBlGOYYuqxex7v74H8INeBxJnkcDh3P7T + 0ivPv6I+l4V4elmOJVP7C1k/Lt6v/g9D1rwl4S0fwXplj4a0eILbWkGMkDdI + 5OWdvVmPJ/IcV0l9HGLZyFAPHb3qEwP9rCec2dmc9+vSi7gdLdmMzMBjg9Ot + fz9VqynJzm7t7n9LUaUacFCCslokaXlRf3B+VfmH+0hq6ap8Uby2jOV0yGK1 + GOmeZSPwMhFfo34g1K18NaHfa/qd06WthC8znIyQgzge56Adya/H7WtVutd1 + i91q+O64v5pJ5D/tSMWOPbniv0Pw6wLlXniHslb5v/gL8T8x8UMwUcPTwyes + nf5L/gv8DMoop8aPK6xRqWdyAAOSSegFfrx+In6efs36WLH4R6TJKgD3j3E5 + yOcGVlU/iqg18r/tUXKS/EW2to/+XexQMPRmllb+WK+8/CPhtvDfhbSdBWZh + 9gtYYWxjBZFAY/icmvzS+O+qrq3xV15423payrbAn1gUI/8A4+Gr8j4Sl9Yz + eriFt7z+96H7ZxrD6tktHDPf3V9y1/FG9+zRbG4+Lulvt3CCG6c+wMLJ/Nq/ + TC8jjFtIQoBx6V+f/wCyZpTXXjXVdT5VbWy8vcOzTOpH6Ia++bq3dLd2MzsA + Oh6V5vH9ZSx/L2il+b/U9Xw3oOGW8z+1Jv8AJfoX0ij2j5B0HaqtpGh87Kg4 + kbtTltpCoPnv0qvbQO3m4mZcSMOO/vXxJ9+TSxoLuABRghu3tUl1HGLaQhQD + j0qrJA4uYl85iWDc9xgU+5t3WB2MztgdD0oEy5HHH5a/IOg7VWtY0Lz5UHDn + tSpbSFFPnuOBUFvA7NKBMy4cjjv70DJpo0F1bgKMHf29qluY4xbyEKAdp7VU + lgcXECmZiW3c9xgdqfcW7rC7GZ2wDwe9Ai1DHGYkJQfdHb2qC3jjMs4KjhvT + 2oitnMaETuMgcVDBA7STATMNrdR3oGTzxoLi3AUYJbt7VLcRxiCQhR909vaq + ctu4mhUzMdxPPpx2qWa2dYZGMznCng9+KBE9vHGYIyVH3R29qhgjQ3FwCowC + O3tSQ2ztDGwmcZUcDtxUUMDmaZRMw2kcjvx3oGTXEaCaABQMse3tU80cYhkI + QfdPb2qlPA6ywgzMdzHk9qlltnETkzucKePwoA+LP2mgBr2hYGM2R/8AQzXz + NX0v+0whXXtDJYtusiee3zmvmiv6b4J/5FVD0f5s/F+JP9+q+v6I/Uzw3BCP + CXhEiNfmtbTPA5/cr1rubq1thazERICEb+EeledeGrGUeE/CpN1KfNtbQDkf + JmFfu12txpc628rG+mbCscEjB4r+Y8f/AB6nq/zP2XC/wo+iJ9JtrdtNtmaJ + SSgySoqC0t4Dq9+hjUqoiwMDAypqvpumzS2EEi3s0YZQdqkYH0qG20+ZtTvI + heSqUEeWBGWyO/0rkNy9q1vbq9jtjUZuEBwByOa05rW2EMhEKfdP8I9K57Ut + Pmia0DXksm+dVG4j5Sc8j3rQl0ucROTfznCnjI9KAH6Nb276Zbs8SsSvJKjP + Wobe3gOs3aGNSoSPAwMCq2l6dNLp8Ei3s0YZfuqRgc9qjg0+ZtVuYReSgqiE + sCNxz2P0oAu6xbwItntjVc3MYOAORzxWs9ra7G/cp0P8IrnNU0+aIW268lk3 + zoo3EcE55HuK0n0q4CMft8/Q9xQA3Q7e3fSrdniViQeSAT9402G3tzrdwhjX + aIkOMDHWqekafNNp0Mq3ksQYH5VIwOT0psWnzHVpoftkoKxqd+RuOT0NAF7W + be3SGApGq5njHAHTNbH2W1/54p/3yK5nVdPmiihLXksm6ZFwxHGT1HuK1P7K + uP8AoIT/AJigCDQLeB9KhZ41YndyQCfvGhLeD+3ZE8tdvkA4wMZ3VS0bT5p9 + OilW8liB3fKpGBhjQunzHWHh+2S7hCG35G773T6UAXdbt4EtEKRqp81BwAO9 + bP2W1/54p/3yK5nVtPmhtldryWQGRBhiMcnrWp/ZVx/0EJ/zFAEOhW9u+nqz + xKx3PyQD/EaPs8H9v7PLXb9mzjAxnf1qjpGnzTWKyLeSxDcw2qRjhjR/Z839 + s+R9sl3fZ92/I3Y34x9O9AF7XLe3TTyyRqp3pyAB/EK2Pstr/wA8U/75Fczq + +nzQ2Rka8llG5RtYjHJFan9lXH/QQn/MUAQ6Jb272bF41Y+Y/UA96RreD+3k + Ty12/ZycYGM7qpaTp801qXW8ljG9xhSMcHrQ2nzDWEg+2S7jCW35G7G7p9KA + LuvW8CaVMyRqpBTkAA/eFbP2W1/54p/3yK5nWdPmg06SVryWUAr8rEYOWFan + 9lXH/QQn/MUAQ6Lb27wTl41bE0g5A6Zolt4BrcCCNdphY4wMdao6Vp800MrL + eSx4lcYUjnB6/U0SafMNWhh+2SktEx35G4YPT6UAX9dt7dNKuGSJVIC8gAH7 + wrVW1tdo/cp0/uiuc1fT5odOmla8llCgfKxGDyOtaK6VcbR/p8/5igCPR7eB + 0u98ati4kAyB04pLi3gGtWiCNdpjkyMDFUtL0+aVbkreSx7Z3X5SOSO59zRN + p8y6rbQm8lJZHIckbhjsPrQBpazb26aXcMkSqQvBCjPUVfhtbUxITCn3R/CP + SsLVdOmh0+eRryaQKPusRg896uRaXOY0P2+cZA4yKAG6Tb27Nfbo1OLlwMgc + Dii6t7cavYoI1CssuRgYOAKo6bp80rXe28lj2Tup2kfMRjk+9Fzp8y6nZxG8 + lYuJMMSMrgdvrQBqavbW66bcMsSghDghRVu2tbY20RMKElF/hHpWNqemzRWE + 8jXs0gVSdrEYP1qxBpc7QRsL+cZUHAIwOKAE0u3gae/DRqds5AyBwMUXtvAN + V05RGoVvNyMDBwveqWn6fNJNeBbyVNkpBII+bjqfei70+ZNRsYjeSsZPMwxI + yuF7fWgDX1S2t1065ZYkBEbYIUelS2VtbGzgJiQkxr/CPQVlahps0djPI17M + 4VGO0kYPHQ1La6ZO9rC4vplDIpwCMDI6UAO023t2u78NGpCygDIHHFF/b266 + hp6rEoDM+Rgc/LVGx0+aS5vEF5KhSQAkEZbjqaLzT5kvbKM3krGRnAYkZXA7 + UAbOo21sun3LLEgIicghR/dNLp9tbNYWzNEhJiTJ2j+6Kz77TJ47K4c30zhY + 3O0kYOAeDRZaZPJZwOL6ZA0anAIwMgcCgB+n28DahqCtGpCumBgcfLRqVvAt + 5p4WNQGkOcAc8VSstPme9vYxeSoY2UFgRlsjvRfafNHdWSG8lcvIQCSMrx1F + AG5e21sLOciJARG38I9DUWmW1u2nWzNEhJjXJKj0qpdaZOlrM5vpmCoxwSMH + A6VHp+mzyWMEgvZkDIp2gjA46CgCayt7c6rqKmNSFMWBgYGV7Uapb26z2AWN + RumAOAORg1RtNPmfUb6IXkqmPy8sCMtlc8/TtRqGnzRzWateSvvlABJHy8dR + 70Ab91a2wtpSIkBCN/CPSqmkW1u2m27NEpJQZJUVDcaXOsEjG+mbCk4JGDxV + fTNNmlsIJFvZowyg7VIwPpQBPaW8B1i/QxqVURYGBgZFGrW8CPY7Y1G65QHA + HI54qlbafM2p3kQvJVKCPLAjLZHf6Ualp80TWga8lk3zoo3EfKTnke9AHQzW + tqInIhT7p/hHpVDRre3fS7dniViV5JUZ6mmy6XOI3P2+c4B4yKp6Vp002nwS + LeTRhl+6pGBz2oAtW9vbnWbtDGu0Rx4GBgUmsW8CJabI1XNzGDgDpzVKHT5m + 1W5hF5KCqISwI3HPY/SjVNPmiW2LXksm6dFG4jgnPI9xQB0j2trtP7lOh/hF + ZWhW9u+lW7PErEhuSAT9409tKuApP2+fp6is7SNPmm06GVbyWIMD8qkYHJ6U + AXIreA65OhjXaIVOMDHWl1q3t0ggKRquZoxwB0zVGPT5jq00P2yUFY1O/I3H + J6GjVdPmhhiZryWTMqDDEcZPX6igDpvstr/zxT/vkVj6Db276VCzxqxJfkgE + /eNTf2Vcf9BCf8xWXo+nzT6dFKt5LEDu+VSMDDEUAXkt4P7dkTy12/ZwcYGM + 7qNbt7dLRCkaqfNQcADvVFdPmOsPD9sl3CENvyN2N3T6Uatp80NsrNeSyAyI + MMRjk9fwoA6b7La/88U/75FY2hW8D6erPGrHe/JAP8Rqf+yrj/oIT/mKy9I0 + +aayEi3ksQ3MNqkY4NAF77Pb/wBv7PLXb9mzjAxnf1o123t009mSJVO5OQAP + 4hVH+z5v7Z8j7ZLu+z7t+Ruxvxj6d6NX0+aGyaRryWUblG1iMckUAdN9ltf+ + eKf98isfRLe3e0cvGrHzXHIB71N/ZVx/0EJ/zFZek6fNNbMy3ksYEjjCkY4P + X8aALr28H9uxp5a7fIJxgYzupdet7dNKmZI1UgpyAAfvCqLafMNYSH7ZLuMJ + bfkbvvdPpRrGnzQadLK15LKBt+ViMHLCgDpvstr/AM8U/wC+RWNotvA8E5eN + WxPIOQDxmp/7KuP+ghP+YrL0rT5poZit5LHtlcYUjnB6/U0AXpre3Gt26CNd + pic4wMdadrlvbppVwyRKpAHIAB+8Kz5dPmGrQw/bJSWjY78jcMHoKdq+nzQ6 + dNK15LIFA+ViMHkdaAOiS1tdo/cp0H8IrJ0e3t3W73RqcXMgGQOBxUi6VcbR + /p8/T1FZumafNKtztvJY9s8inaRyRjk+5oAvXFvbjWbRBGu0xyZGBg1JrNvb + ppdwyRKpC8EKM9RWbPp8y6rbQm8lJZHO4kbhjsPrUmq6dNDp88jXk0gVfusR + g896AN2G1tjDGTCn3R/CPSsvSbeB3vt0anbcuBkDgccU+LS5zEh+3zjIHGR6 + Vn6bp80rXYW8lj2Tup2kfMRjk+9AF27t4BrFggjUKwlyMDBwKsatbW66bcss + SghDghRWVc6fMup2cRvJWLiTDEjK4Hb61NqWmzRWE8jXs0gVSdrEYP1oA2bW + 1tjbRExISUX+EelZ2l29u09+GjU7ZiBkDgYFFvpc7QRsL6ZcqDgEYHFUdP0+ + aSa8VbyVNkpBII+bjqfegC7fW8A1XTlEagMZcjAwcL3q1qdtbrp1yyxICI2w + Qo9KyLvT5k1GxiN5KxkMmGJGVwvb61Y1DTZ47GeQ3szhUY7SRg8dDQBqWNtb + GytyYkJMafwj0FUNNt4GvNQDRqQsgxkDjiktNMne1hcX0yhkU4BGBkdBVOx0 + +aS6vUF5KhSQAkEZbjqaAL2oW9uuoaeqxqAzvkYHPy1c1C2tlsLlliQEROQQ + o/umsW90+ZL2yjN5KxkZgGJGVwO1Wr3TJ47OdzfTOFjY4JGDgdDQBf062tm0 + +2ZokJMSEkqP7oqpYW9u2oagrRKQrJgYHHy1HY6ZPJZW7i+mQNGh2gjAyBwK + q2enzPe3sYvJVMbICwIy2R3oAu6lbwLd2AWNQGlIOAOeKv3ttbCznIiQERt/ + CPQ1h3+nzR3NmhvJXLyEAkjK8dRVy60ydLWZzfTMFRjgkYOB0oAt6XbW7adb + M0SEmNckqPSqtlbwHVdRUxqQvlYGBgZXtUOn6bNJYwSLezIGRTtBGBx0FQWm + nzPqN9ELyVTH5eWBGWyvf6UAXtUt7dZrELGo3TgHAHIwa0bm1thbSkQoCEb+ + EelYGoafNHLZhryV98wUEkfLx1HvV6fS51gkY385wpOCRg8UATaRbW7abbs0 + SklBklRUFrbwHWL5DGpVViwMDAyKg0zTZpbCCRb2aMMoO1SMD6VDb6fM2qXc + QvJVKLHlgRlsjv8ASgC7q9vAjWO2NRuuYwcAcjnitSa1tRE5EKfdP8I9K57U + 9PmiNpuvJZN86KNxHyk55HuK0JdLnEbn7fOcA8ZFADtFt7d9Lt2eJWJXqVBP + U1HBbwHWrpDGu0Rx4GBiqmladNNp8Mi3k0YYfdUjA57UyHT5m1W4hF5KCqId + wI3HPY0AXtYt7dEtNsajNxGDgDkc1rNa2u0/uU6f3RXN6pp80S25a8lk3Too + 3EcE9x7itJtKuNp/0+f8xQAzQre3fSrdniViQ3JAJ+8abFbwHXJ0Ma7RCpxg + Y61T0jT5ptOhlW8liDA/KpGByelJHp8x1eWH7ZKCsSnfkbjz0+lAF3WreBLe + EpGqkzRjgAcZrZ+y2v8AzxT/AL5FczqunzQwxM15LJmVBhiOMnr9RWp/ZVx/ + 0EJ/zFAEOg29u+lxM8asSX5IBP3jQtvb/wBuunlrt+zg4wMZ3VR0fT5ptPjk + W8liBLfKpGBhjQunzf2w0P2yXcIQ2/I3Y3Yx9KAL2t29ulmpSNVPmJ0AHetj + 7La/88U/75Fczq2nzQ2odryWQb0GGIxyetan9lXH/QQn/MUAQaFbwPYBnjVj + vfkgH+I0fZ4P7fCeWu37NnGBjO/rVLSNPmmsg63ksQ3MMKRjg0f2fN/bIg+2 + S7vs+7fkbsbsY+negC7rtvAmnMyRqp3JyAB/EK2fstr/AM8U/wC+RXM6xp80 + Ni0jXkso3KNrEY5IrU/sq4/6CE/5igCHRLe3e0cvGrHzZByAe9O8qKPXoxGg + UeQx4GP4qz9J0+aa2dlvJYwJHGFIxwev41YgtXt9djV53m/cscueeuMUAdLR + RRQAUUUUAFFFFABRRRQB/9D9z5bvUTqsEjWJEgjcBPMXkdznpxTtWvNRk06Z + JrExIQMt5inHI7CpptQsTrFvMJ0KLG4LbhgE07WdRsZtMniiuEd2AwAwJPIo + AmjvtVCKBppIwOfNWs/TLvUY/tflWJl3XEhb94o2scZXnrj1rbj1TTRGoNzH + kAfxCsvSdQsYvtnmzou+5kZcsBlTjBHtQBBcXeonVLWRrErIqvtTzFO7I557 + YqTU7zUpLCdJrAxIV5bzFOPwFPudQsW1ezmWdCiLICdwwMjjNTatqNhLp1xH + FcIzMuAAwJNADob7VRDGF04kBRg+avPFUNOu9RSS7MViZC0zFv3ijaeOPf61 + sQappywRqbmMEKB94elZ+mahYxSXpknRQ87MuWHIwORQBXurvUW1Kyd7Eq6e + btTzFO7K889sVNqN5qT2M6S2BjQoct5inA9cU671CxfVbCVZ0KR+buIYYGVG + M1PqepWEun3EcdxGzMhAAYZJoAZbXuqLbRKmnFlCKAfNUZGOtU7C71FLi8Md + iZC0mWHmKNpx0961rTU9OS1hVrmMEIoI3DriqGnahYx3N80k6KHlypLDkY6i + gCC8u9Ra/snexKOhfavmKd2V557YqzfXupvZXCyaeUQxsC3mqcDHXFJe6hYv + qNhIk6FY2k3EMMDK8Zq1qGpafJYXEaXEbM0bAAMMkkUAV7O91RbSBU08uoRQ + G81RkY64qrZXeopd3rR2JdmdSy+Yo2nHTPetSx1PT0srdHuYwyxoCCwyCAKp + 2GoWMd7fO86KrupUlhgjHagCvfXeovd2TSWJRkclV8xTuOOme1Wry91RrSdX + 08opRgW81TgY64pmoahYyXtg6ToyxuxYhhwMd6u32p6e9lcIlzGWaNwAGHJI + NAFOwvdTSygSPTzIgRQG81RkY64qvZ3eorf3zpYl3cpuXzFG3C8c981o6dqW + nx2FvHJcRqyxqCCwyCBVWy1CxTUb+R50CyGPaSwwcLzigCC/u9ReezMliYys + uVHmKdxx09qu3N9qjW8qvpxVSjZPmqcDHWotR1CxkuLFo50YJLliGHAx1NXr + rVNOa2mVbmMkowA3D0oAz9OvNSSxgSKwMiBAA3mKMj1xUNrd6iupXsiWJaRx + HuTzFG3C8c981f0zUrCLT7eOS4RWVACCwyDVe01CxTVb+Vp0CSCLaSwwcLzi + gCDUbvUXe0MtiYysylf3inc3PHt9avzX2qmGQNpxAKnJ81eOKr6pqFjLJZGO + dGCTqzYYcAZ5NaM+qac0EircxklSB8w9KAMvS7zUo9PgSGwMqBeG8xRn8DUc + F3qI1S6kWxLSMqbk8xRtAHBz3zV3SdRsItNt45bhFZV5BYZFRW+oWK6vdytO + gR0jAO4YOBzigCvqd3qMn2XzbEx7biMr+8U7mGcLx0z61ovfarsbOmkDB/5a + rVbVdQsZfsflzo2y5jY4YcAZyT7VpyarppRgLmPof4hQBjaTeajHp0KQ2JlQ + A4bzFGeT2NNiu9RGqzyLYkyGNAU8xeB2OenNWtG1Gxh0yCOW4RHUHILAEcmm + w6hYjWLiYzoEaNAG3DBIoAr6pd6jJHAJrExATIQfMU5I6Dj19a0/t+rf9A0/ + 9/Vqnq+oWM0VuIp0crPGxwwOAOprWOq6bj/j6j/76FAGFo13qMWmwpBYmZBu + w/mKufmPY0Jd6j/a8kgsSZDCAU8xeBnrnpVjQ9QsYNLgimnRHXdkFgCPmNCa + hYjWpZjOnlmFVDbhjO7pQBX1W71GS3QTWJiAkQg+YpyQeBx61p/b9W/6Bp/7 + +rVTWNQsZraNYp0ciVDgMDwDya1v7V03/n6j/wC+hQBg6Pd6jFYokFiZky3z + eYq5+Y9jQLvUf7YMv2E+b5AGzzF+7u+9np14xU+iahYw6ekc06IwZ+CwB5Y0 + o1Cx/twz+enl/Zwu7cMZ35xmgCvq93qMlntnsTEu9Du8xW5zwMD1rT+36t/0 + DT/39WqetahYzWWyKdHbehwGBOAa1/7V03/n6j/76FAGDpN3qMdoVhsTKu9z + u8xRznkYPpQbvUf7YWX7CfN8gjZ5i/d3dc9Pwqxo2oWMNmUlnRG8xzgsBwTQ + dQsf7bWfz08v7OV3bhjO7OM0AV9Yu9RksJEnsTChK5bzFbHzDsK0/t+rf9A0 + /wDf1aqa3qFjNp0kcM6OxKYAYE8MK1v7V03/AJ+o/wDvoUAYOlXeoxwSCGxM + oMrknzFGCTyOfSiS71E6vFIbEiQRMAnmLyM9c9KsaPqFjDbyrLOiEyuQCwHB + PBpJNQsTrUMwnTyxCwLbhjOelAEGsXeoy6bMk9iYUO3L+YrY+YdhWkL/AFbA + /wCJaf8Av6tVdb1Cxn0ueKGdHdtuAGBJ+YVqjVdNwP8ASo/++hQBhaXd6jGl + wIbEygzOT+8UYY9Rz6etE13qJ1W3kaxIkVHATzF5B6nPtU+kahYwx3IlnRS0 + 8jDLAZB6Glm1CxbWLaYToUWNwW3DAJoAi1W81GTT5kmsTEhAy3mKccjsKux3 + 2qhFA00kYHPmrUWsajYzaZPHFcI7sBgBgSeRWhHqumiNQbmPIA/iFAGJpl3q + MZu/KsTJuuHLfvFG1jjK89cetFxd6i2qWkjWJWRVk2p5indkc89sVPpWoWMR + vPMnRd9xIy5Ycg4wRRc6hYtq1nKs6FEWTcdwwMjjNADNTvNSksJ0lsDEhXlv + MU4/AVagvtVEMYXTiwCjB81eeKTVtRsJdOuI4rhGZlwAGGTVu31TTlgjVrmM + EKAfmHpQBj6dd6ikl2YrEyFpmLDzFG04HHPX60XV3qLalYu9iVdPN2p5indl + eee2KsaZqFjHLemSdFDzsy5YcjA5FF3qFi+qafKs6FI/N3EMMDKjGfrQAmo3 + mpvYzpLYGNChBbzFOB64r8m77/j9uP8Aro/8zX62anqVhLp9xHHcRszIwADD + JOK/JO+/4/bj/ro/8zX7L4RfFif+3f8A24/PePdqP/b36HsP7PrOvxNsTGu8 + +TccZx/yzNffk0twZ4S0OCC2BuHPFfAv7PjqnxOsWchR5Nxyf+uZr7+mnhNx + AwcEKWyc9OK8zxP/AORjH/AvzZ38Ff7o/wDE/wAkLNLcmGQNBgFTk7hxxRDL + ciFAsGQFGDuHPFST3EDQSASKSVIHPtRBcQCGMGRQQo7+1fnJ9cVoZbgTTFYc + kkZG4ccUTy3BlhLQ4IY4G4c1JBPCs05LgBiMc9eKJ54WmgKuCFY556cUAOlm + uTE4aDA2nJ3D0psEtyIUCwZAUYO4DNTTXFuYXAkUkqe/tTbe4gWCNWkUEKO/ + tQBXiluBcTkQ5J25G4ccUs8twXh3Q7SG4+YHJ9KfDPCLmdi4Abbg568UXE8L + PCVcHD5PNADpJroxsDb4GDzvFMt5bkQIFg3ADg7gM1YlubcxuBIpJB71HbXE + C28atIoIA4zQBBHLcC5mIhyx25G4ccUXEtwTFuh24cEfMDk+lSRTwi6nYuAG + 24OeuBRczws0O1wcOCee1AEjzXWxs2/Y/wAYqG1luFgQJBuAHB3AZq09zblG + AkXoe9Q2lxAtuitIoIHQmgCJJbj7TKRDliFyNw4/GkuZbg+Vuh24kUj5gcn0 + qSOeEXUrFxghcHNF1PC3k7XBxIpPPagDzL41aLdeJfhhr2ni1zJFB9pjwwJD + W5EvA9SFI/Gvylr9rpJ7V0ZHdGVgQQSCCD2r8hPiF4Zfwf4z1XQCpWK3mYw5 + 7wv80Z/75Iz75r9V8OceuWphn/iX5P8AQ/HfFLLnzUsWv8L/ADX6n6NfBDxU + /ij4e6Reovmz2sC2cw3DIe2+TJ92UBvxr5M/ai8IzaP44j8TpB5VtrsYY4II + E8ICOOPVdp9yTW9+yh42i0vX7/wZfyBItUXz7ck4HnxD5l/4EnP/AAGvqP4z + eDbb4heB7rRrco1/EwntGJHEyA4GewYEqfrntXmKp/ZWcty0hL8pf5P8j1nS + /tjIly61Ir/yaP8AmvzPykoqSaGW3leCdDHJGxVlYYKsDggj1BqOv2JM/DWj + 6X/Zv+KCeDfED+GdXfGmawwCMzbVhuTgKSTwFcYUn12ngZr9DLqW4aMB4do3 + DncDX4uV9v8AwS+P0N1Z23gnx1cbLiIolpeyH5ZFHAjlY9GH8Lngjg88t+Zc + bcMSqN4zDq7+0v1/z+/ufrPAHFsaaWBxMrL7L/R/p93Y+zvOuv8An3/8fFVb + SW4WABIdwyedwHer32q2/wCeq/nVWynhS3VXcA5PBPvX5Qfsp5h4h+EXw+8V + a9NrOu+Hkub64UGRhPLHuK4UMfLdRnAx0zWLcfAH4TpHn/hGFTkc/arg/wDt + SvafPh+27942+XjOeM5ovJ4XhwrgnI6H3r0YZxi4xUY1pJL+8/8AM8upkmCm + 3OdGLb68q/yPK9M+CPwz0fUbbVdP8LpHdWjrLEzXMsgV1OQdruVODyMivULS + W4WIhIdw3HncBV77Tb/89V/OqtnPCkJDOAdx6n3rmxGMrVmnWm5W7tv8zrwu + Bo0E1Rgop9kl+RGZbj7WG8n5tmNu4dM9c0Xktw1uweHYOOdwPepDPD9tD7xt + 2YznjOa+afjp8etP8L2c/hTwlOt1rco2yzIQyWg789DJ6D+Hq3YHfLctrYuq + qNFXb/DzZz5rmtHB0XXrysl978l5nnH7T3xU/tCQfDjSGxHbuJNQZW3AyLyk + ORx8p+Zv9rA6givjWpJZZZ5XmmcySSEszMclmPJJJ6k1HX9BZPlcMHh40KfT + d931Z/NGeZxUx2JliKnXZdl0X9dQr2T4E+EZPFfxBsnePfaaT/ps5PT92R5Y + /GQrx6Zrxuv0q+AvgFPBHgA3V+oTV9b2XEyn7yRj/VRn3AJYjsWI7V5fF2bL + C4OVn70tF8938l+Nj1+CcmeMx0br3Ye8/lsvm/wue2a7rw8PaJfa7fwbbfT4 + JJ3+cfdjUsQPc4wPevx11G+uNU1C61O6O6e7leaQ+ryMWP6mvv39qfx3Dpfh + G38HWMoa61pw0208rbwkNz6b3AA9QGFfn/Z2lxf3cFjaIZJ7l1jjUdWdzhQP + qTXieH+X+yw08TP7T/Bf8G57/iXmftsVDCw15Fr6v/gW+8++v2VtCm0zwbca + 40OZNWuXKHON0UA2D8n319RXUtw1u4eDaCOTuBxXP+FdFsfCmh6P4etXUxad + bLCWB4ZgPmb6s2T+NdHdzwNbOqyKSR0Br8wznHfWcVUr9G9PTp+B+uZHl/1X + B0sP1itfXr+I9ZrraMW/b++Kr20twPN2Q7syMT8wGD6VcW5t9ozIvT1qvazw + r525wMyMRz2rzD1iOSW4NzETDhgGwNw549afcy3JgcNBtBHJ3A4pZZ4TdQsH + GAGyc9OKfdXEDW8irIpJHQGgGCTXWxcW+RgfxioLeW4DTbYd2XJPzAYPpVuO + 5twigyL0HeoLaeFWmLOBlyRz1FAEcstwbiAmHDDdgbhzxUlxLcmBw0G0EHJ3 + A4olnhNzAwcELuyc9MipLm4gaCRVkUkqe9ADYprkRoBBkYHO4VDBLcCSYrDu + JbkbgMVaiubcRIDIoIUd/aobeeFZZyzgBm4560AMmluDPCTDggnA3DnipJpb + kwyBoMAqcncOOKSaeEzwMHBCls89OKlnuIGgkUSKSVPf2oAjhluRDGFgyAow + dw54qKGW4E0xWHJJGRuHHFWYLiBYI1MighR39qignhE87FwAxGOevFAEc8tw + ZYS0OCGOBuBzU0styYnBgwNp53D0ps88LSwFXBCsc89OKmmuLcwuBIpJU9/a + gD4l/aYZzr2h7l24sjjnORvPNfNFfTH7TLq2vaGFIO2yIPt85r5nr+m+Cf8A + kVUPR/mz8Y4k/wB+q+v6I/UDw1dXx8J+FQ1ngJa2mw71+fEK4+mfeu0uL7VG + t5VbTioKtk+apwMda5Lw3fWbeE/CYEyExWtoX5Hy4hXOa7e51TTmtpVW5jJK + MANw9K/mPH/x6nq/zP2XC/wo+iM7TbzUksIEisDIgUYbzFGR64NQ213qK6ne + OliWkYR7k8xRtwOOe+avaXqVhFp1vHJcIrKgBBYZFQ2uoWK6rfStOgRxFtO4 + YOBziuQ3K+pXeou1p5tiY9s6lf3inc3OB7Z9avy32qmJwdNIBB581eOKg1TU + LGV7Ixzo2y4Rmww4Azya0ZtU04wuBcxklT/EPSgDK0u81KPT4EhsDKgXhvMU + Z59DUcF3qI1W5kWxLSMiBk8xflA6HPfNXNI1Gwh023jluEVlXkFgCOait9Qs + V1e7madAjpGAdwwSOtAEGp3eoyC286xMW2dCv7xTuYZwvHTPrWi99qxUg6aR + x/z1WqurahYyraeVOjbLiNjhhwBnJrUfVdNKMBcx9D/EKAMXSLvUY9OhSCxM + qAHDeYq55PY0kV3qI1aaQWJMhjUFPMXgZ65q1ouoWMOmQRSzojqDkFgCOTTY + tQsRrM8xnQI0SgNuGCQelAFfVLvUZIoRNYmICZCD5inJB4HHrWn9v1b/AKBp + /wC/q1U1fULGaGARToxWaNjhgcAHk1rf2rpv/P1H/wB9CgDB0a71GLTokgsT + Mg3YbzFXPzHsaFu9R/th5RYkymEAp5i8Dd1z0/Cp9D1Cxg0uGKadEcbsgsAe + WNCahYjW5JzOnlmALu3DGd3SgCDVrvUZLZVmsTEvmIc+Yp5B4HHrWn9v1b/o + Gn/v6tU9Z1CxmtUSKdHIkQ4DA8A1r/2rpv8Az9R/99CgDB0i71GOyVYLEypu + b5vMVf4jng+lH2vUf7Z837CfN+z48vzF+7v+9np14xVjRdQsYbBY5Z0RtznB + YA8saP7Qsf7c8/z08v7Nt3bhjO/OPrQBX1e71GSyKz2JiXcvzeYrc5GBgeta + f2/Vv+gaf+/q1U1rULGaxKRTo7b0OAwJ4YVrf2rpv/P1H/30KAMHSbvUY7Ur + DYmVd7nPmKOSeRg+lDXeo/2wkpsT5ohI2eYv3d3XPT8KsaNqFjDaMks6I3mO + cFgOCaRtQsTraT+enliAru3DGd3SgCDWLvUZdOlSexMKErlvMVsfMOwrT+36 + t/0DT/39WqeuahYz6ZLFDOjuSuAGBPDCtf8AtXTf+fqP/voUAYOlXeoxwyiG + xMoMrknzFGCTyOfSiS71E6tDIbEiQRMAnmLyM9c9KsaRqFjDBMJZ0QtNIRlg + OCeDRLqFidZhmE6FFiYFtwwCT0oAg1e71GTTpknsTEhAy3mK2OR2FaK3+rYH + /EtP/f1ara1qFjNpk8UU6O7AYAYEn5hWmuq6btH+kx9P7woAw9Lu9RjW58mx + Mu6dy37xRtY9Rz1x60TXeonVbaRrErIqOAnmL8wPU57YqxpOoWMSXQlnRd1x + Iwyw5Bxg0k+oWLaxazLOhRUcFtwwCelAEeq3mpSafOk1gYkI5bzFOOfQVdiv + tVEaAaaSABz5q1Hq+o2E2mzxxXCO7LwAwJPNXotU00RIDcxghR/EPSgDF027 + 1FGu/KsTJunct+8UbWOMr749aLi71FtTs5GsSsiiTanmKd2Rzz2xVjS9QsYm + vPMnRd9w7LlgMg4wRRdahYtqtlKs6FEWXcdwwMjjNADNSvNSksJ0lsDGhU5b + zFOB64FWYL7VRBGF04sAowfNUZ4o1XUbCXTriOO4RmZCAAwyatW+qactvErX + MYIVQRuHpQBj6fd6ikt4YrEyFpSWHmKNpx096Lu71FtRsXexKOnmbV8xTuyv + PPbFT6ZqFjFNetJOih5iVyw5GOoovNQsX1TT5UnQpH5u4hhgZXjNABqF5qb2 + M6S6eY0KMC3mqcDHXFS2t7qi2sKppxdQigHzVGRjrUmpalYS6fcRx3EbMyMA + AwyTipbPU9OS0gRrmMMqKCCw4IFAGVY3eopc3jR2JdmkBYeYo2nHT3ovLvUW + vbJ5LEo6s+1fMU7sjnntirGn6hYx3V8zzooeQFSWHIx2ovtQsXv7CRJ0ZY2c + sQwwMr3oAW+vdTeyuFk08opjcFvNU4GDk49qWyvdTWzgWPTy6iNQG81RkY4O + PerF/qenyWNyiXEbM0bgAMMklTS2Gp6fHY26PcRqyxoCCwyCAKAMyyu9RS9v + XjsS7uy7l8xRt44575ovrvUXurJpLEoyyEqPMU7jjp7VPY6hYx39/I86KsjI + VJYYOF7UahqFjJd2LpOjKkhLEMOBjvQBLdXuqNazK+nFVKMCfNU4GOuKi0+9 + 1NLGBI9PMiBFAbzVGRjrir15qenPaTotzGWZGAAYckiotN1LT49Pt45LiNWW + NQQWGQcUAZ9pd6iuo3zpYlnfy9y+Yo24XjnvmjULvUXmszLYmMrKCo8xTuOO + ntViz1CxTU9QledAkhi2ksMHC84o1LULGSayaOdGCTAthhwMdTQBLcX2qmCQ + NpxUFTk+apwMdar6bealHYQJFYGRAow3mKMj1wa0rnVNOa3lVbmMkowA3D0q + tpWo2EWnW8clwisqAEFhkUAUba71FdTvJEsS0jCPcnmKNuBxz3zRqV3qLtaG + WxMe2dCv7xTubnC+2fWp7XULFdWvZWnQI4i2ncMHA5xRqmoWMrWRjnRtlwjN + hhwBnk0AWZb7VTG4OmkAg8+atUtKvNSj0+BIbAyoBw3mKM8+hrXl1TTTE4Fz + GSVP8Q9Ko6RqNhDpsEctwiOq8gsARzQBThu9RGqXMi2JaRkQMnmL8oHQ575o + 1S71GRbYTWJi2zoV/eKdzDOF46Z9asQahYrq91M06BGRADuGCR1pNW1CxmW1 + EU6NtuI2OGHAGcmgC219q205009P+eq1naRd6jHp0KQWJlQA4bzFXPJ7Gttt + V00qQLmPp/eFZmi6hYw6ZBFLOiOoOQWAI+Y0AVo7vURq00gsSZDGoKeYvAz1 + z0o1S71GSGITWJiAlQg+YpyQeBx61PFqFiNZnmM6CNolAbcMEg9KXV9QsZoY + VinRyJoycMDgA8mgC39v1b/oGn/v6tZmj3eoxadEkFiZkG7DeYq5+Y9jW9/a + um/8/Uf/AH0KydE1Cxg0yGKadEcFsgsAeWNAFdbvUf7YeQWJ80wgbPMXpu65 + 6fhRq13qMlsqzWJiXzEOfMU8g8Dj1qwuoWI1t5vPTyzAF3bhjO7pRrOoWM1q + qxTo5EiHAYHgGgC39v1b/oGn/v6tZmkXeoxWQSCxMybm+bzFXuc8Gt7+1dN/ + 5+o/++hWRouoWMNgscs6I25zgsAeWNAEH2vUf7Z837CfN+z48vzF+7v+9np1 + 4xRq93qMlkyT2JiTcvzeYrfxDHA9asf2hY/255/np5f2bbu3DGd+cfWjWtQs + ZrBo4p0dtyHAYE8MKALf2/Vv+gaf+/q1maTd6jHbMsNiZV8xznzFHJPI59K3 + v7V03/n6j/76FZOjahYw2rLLOiEyOcFgOCaAK7Xeo/2wkpsSJRCQE8xeRu65 + 6fhRrF3qMunSpPYmFDty3mK2PmHYVO+oWJ1uOcTp5YgK7twxnd0pdc1Cxm0y + aKGdHc7cAMCeGBoAt/b9W/6Bp/7+rWZpV3qMcUwhsTKDK5J8xRgk8jn0re/t + XTf+fqP/AL6FZGj6hYwwzLLOiEzSEZYDIJ4NAEEt3qJ1aGQ2JEgjYBPMXkZ6 + 5pdXu9Rk06ZJ7ExIQMt5itjkdhU8uoWJ1mCYToUWJgW3DAJPSna1qFjNpk8U + U6O7AYAYEnkUAWFv9W2jGmnp/wA9VrN0y71GNbnybEy7p5C37xRtY9V5649a + 3F1XTQoBuY+n94Vl6TqFjEt15s6LvuJGGWAyDjBoArzXeonVLaRrErIqOFTz + F+YHqc9sU/VLzUpNPnSawMSFeW8xTjn0FSz6hYtq9rMs6FFRwTuGAT0qTV9R + sJtNnjiuEd2XgBgSeaAHxX2qiJANNJAA581eeKoabd6ijXflWJk3TuW/eKNr + HGV98etbMOqacIUBuYwQo/iHpWbpeoWMTXpknRd9w7LlhyDjkUAQXN3qLanZ + yPYlZFEm1PMU7sjnntiptSvNSewnSWwMaFTlvMU4HrgUt1qFi2rWMqzoUQS7 + juGBkcZqfVNSsJdOuI47hGZkIADDJoAS3vtVEEYXTiwCjB81RkY61S0+71FJ + rwxWJkLSksPMUbTjp71r22qactvErXMYIRQRuHpVDTdQsY570yTooeYlcsOR + jqKAK93d6i2o2LvYlHQybV8xTuyvPPbFT6he6m9jOkmnmNCjAt5qnAx1xRea + hYvqenypOhSMy7iGGBleM1Z1LUtPk0+4jjuI2Zo2AAYZJxQBFaXuqLawqmnF + 1CKAfNUZGOuKqWN3qKXV60diXZpAWHmKNpx0z3rVs9T09LOBHuYwyxqCCw4I + FUdP1Cxju753nRVeQFSWHIx2oAgvbvUXvbJpLEoyM21fMU7jjkZ7Vavb3U2s + 51k08opjYFvNU4GOTj2pt9qFi99YOk6MsbuWIYYGV71bv9T0+SxuES4jZmjc + ABhkkg0AVbG91NLK3WPTy6iNAG81RkYGDj3qtZ3eore3rR2Jd3ZNy+Yo2/Lx + z3zWlYanp8djbI9xGrLGgILDIIUVVsdQsUv7+R50VZGQqSwwcL2oAr393qL3 + Nm0liUZZCVHmKdxx09quXV7qjWsyvpxRSjAnzVOBjrUWo6hYyXVi6TowSQli + GHAx3q9eanpz2k6LcxlmRgAGHJIoAo6feamljAkWnmRAigN5qjIx1xUFpd6i + uo3zpYl3fy9y+Yo24XjnvmtDTdS0+PT7eOS4jVlRQQWGQcVWs9QsU1TUJXnQ + JJ5W0lhg4XnFAEGoXeovLZmWxMZWYFR5inccHj2q9PfaqYJA2nFQVOT5qnHF + Q6nqFjJNZGOdGCTBmww4GDya0LjVNOa3lVbmMkqwA3D0oAzNNvNSjsIEisDI + gUYbzFGR64NRW93qK6ndyLYlpGEe5PMUbcDjnvmr2lajYRadbxyXCKyoAQWG + RUFtqFiurXsrToEdY9p3DBwOcUAQald6jIbTzbEx7Z0K/vFO5hnC8dM+taEt + 9qpjcHTSAQefNWq2q6hYytZ+XOjbLhGbDDgDOSa05dU00xOBcxklT/EPSgDI + 0q81KPT4UhsDKgHDeYozz6GmQ3eojVbiRbEmRkQFPMXgDoc+9W9H1Gwh02CO + W4RHVeQWAI5NMg1CxXV7mYzoEaNAG3DBI60AV9Tu9RkW386xMW2dCP3incw6 + Djpn1rSa/wBWwf8AiWn/AL+rVXVtQsZUtRFOjbbiNjhgcAdTWo2q6btP+kx/ + 99CgDE0i71GPToUgsTKgBw3mKueT2NJHd6iNXlkFiTIYlBTzF4GeuelWdF1C + xh0yCKWdEdQcgsAR8xpsWoWI1qaYzp5ZiUBtwwTnpQBBqt3qMkMQmsTEBKhB + 8xTkg8Dj1rT+36t/0DT/AN/VqnrGoWM0EKxTo5EyE4YHgHk1r/2rpv8Az9R/ + 99CgDB0e71GPT40gsTMgLYbzFXPzHsaFu9R/thpRYnzfJA2eYv3d3XPT8Ksa + JqFjBpsUc06I4LZBYA8saF1Cx/tt5vPTyzAF3bhjO7OKAK+rXeoyWoWaxMS7 + 0OfMU8g8DA9a0/t+rf8AQNP/AH9Wqms6hYzWipFOjt5iHAYHgGtb+1dN/wCf + qP8A76FAGDpF3qMdmFgsTMu5/m8xV5zyMH0o+16j/bIl+wnzfIx5fmL93d97 + PTrxip9F1CxhsQk06I29zgsAeSaP7Qsf7dE/np5f2fbu3DGd+cUAQavd6jLY + sk9iYU3L83mK3cdhWn9v1b/oGn/v6tU9b1Cxm09o4Z0diycBgTwwrX/tXTf+ + fqP/AL6FAGDpN3qMds6w2JlUyOc+Yo5J5HPpViCe6m12M3Nv5B8lhjcG4z14 + 9+KNH1CxhtXWWdEJlc4LAcE8VIl1b3GvRtBIsg8hhlTnndnFAHQ0UUUAFFFF + ABRRRQAUUUUAf//R/dua0tRrNtGIUCGNyRtGCfpina1aWkel3DxworADBCgH + qPaqMthdDVYIjeyFmjch8DIA7U7VrC6i06aSS9klVQMqQMHkUAbsdjZGNSbe + PoP4B/hWXpFpayfbd8KNtuZAMqDgDHA46VLHpl6UUjUJRkDsKz9MsLqX7Xsv + ZI9lxIpwB8xGPmPuaALdzaWo1izjEKBWSTI2jBwO4qbV7O0j024dIEVgvBCg + EfpWdcWN0uqWsRvZGZ1ch8DK4Hb61Jqen3cVhPI99JIqrypAwaANmCxsjBGT + bxklR/APT6VnaXaWryXweFG2zsBlQcDA4HFPh028aFGGoSgFRxgccVQ06wup + JLsJeyR7JmUkAfMeOTQBcvLS1XVtPRYUCsJcgKMHCjGeKn1SztE064dIEVgh + wQoBH6VmXVhdLqVlE17IzP5uGIGVwvOPrU2o6fdx2M8j30kiqhJUgYPtQBqW + llZNaQs0EZJRSSUHp9KoabaWr3N+HhRgsuBlQcDHbilttNvGtomW/kUFFIAA + 446VTsLC6kuLxUvZEKSYJAHzHHU0AXL60tV1LT0WFArtJkBRg4XvxVrUbOzT + T7lkgjVhG5BCgEHH0rJvLC6S/so2vZHZy+GIGVwvb61ZvtOu47K4dr+RwsbE + qQMHA6UAX7Gys2srdmgjJMaEkqMk4HtVPT7S1e+v1aFCFdQAVHHy9uKbZ6de + PaQOt/IgZFIAAwMjpVWysLp7u9Rb2RCjqCQBluOpoAt6haWqXtgqwoA0jAgK + OeO/FXb6ys1srhlgjBEbkEKMg4PtWPfWN1Hd2SNeyOXdgCQMrx1FWrzTrxLS + d2v5HCoxIIGDgdKALmm2dm+n2zPBGzGNSSVBJ4+lVLG0tW1LUEaFCqGPAKjA + yvbimWGnXcllA638iBkUhQBgcdKr2dhdPf30a3siMhTLADLZXv8ASgC5qVpa + pc2ISFFDTYOFAyMd6v3dlZLazMtvGCEbB2D0+lYl/YXUc9mr3sjl5cAkD5Tj + qKu3Om3i28rHUJGARjggc8dKAJtLs7R9Ot3eBGYoMkqCT+lV7S0tW1bUEaFC + qiLAKjAyvOKi07T7uSxgkS+kjVkBCgDA9qhtbG6bUr2Jb2RWQR5YAZbK8Z+l + AFvVbS1SSxCQou64UHCgZHPB4rSnsbIQSEW8YIU/wD0+lYWo2F1G9oHvZJN8 + yqMgfKeeRV+bTbxYXY6hKQFPGBzxQA7R7O0k0y3eSBGYrySoJP6VFbWlqdYv + IzChVUjwNowMjsKr6Xp91Lp8EiX0kasvCgDAqOCwum1S6iF7IrKqEvgZbI7/ + AEoAuavaWqfYtkKLuuYwcKBkHPB46VqSWNkEYi3j6H+Af4Vz+p2F1F9l33sk + m+4jUZA+UnPzD3FaL6ZehGP9oSng9hQAzRbS0k0u3eSFGYg5JUE9T7U2G0tT + rNzGYUKCNCBtGAfpiquk2F1Lp0Mkd7JErA4UAYHJpsVhdHVZ4heyBljUl8DJ + B7UAW9ZtLWOK3McKLmeMHCgZBPTpWubGxx/x7x/98D/Cud1Swuoo4C97JJum + QAEDgnv+Faf9mXv/AEEZfyFAEGhWlrLpUDyQo7HdklQT94+1CWlqdbljMKbB + ApxtGM7uuKp6PYXU2mwyR3skSndhQBgfMaEsLo6vJCL2QOIQd+BkjPSgC5rN + pax20ZjhRSZYxwoHBNa/2Gx/594/++B/hXOarYXUVujSXskoMiDBA4JPX8K0 + /wCzL3/oIy/kKAK+hWlrJpyPJCjMWfkqCfvH2pRaWv8AbrReSmz7ODt2jGd/ + XFU9HsLqawSSO9kiUlvlAGOGNAsLr+2DD9tk3+QG34GcbsY+lAFvW7S1jsd0 + cKKd6DIUA9fpWx9hsf8An3j/AO+B/hXOavY3UNnvkvZJRvQbSBjk9a0/7Mvf + +gjL+QoAg0S0tZLItJCjHzHGSoPQ0NaWv9urH5KbPs5O3aMZ3dcVT0mwuprQ + vHeyRDe4wAMcHr+NBsLr+2Fh+2ybzAW34Gcbun0oAua5aWsemyPHCiMCnIUA + /eFa/wBhsf8An3j/AO+B/hXOaxYXUNhJJJeySqCvykDBywrT/sy9/wCgjL+Q + oAg0a0tZLaUyQoxE0g5UHgGkktLUa3DGIU2GFiRtGM59MVU0qwupYJGS9kiA + lcYAHJB6/jRJY3Q1eKE3shcxMd+BkDPSgC5rtpaxaVO8cKIw24IUA/eHtWsL + GxwP9Hj/AO+B/hXO6xYXUOmzSSXskqjblSBg/MK0hpl7gf8AExl/IUAQaPaW + skdyZIUbFxIBlQcAY46Us9pajWbaMQoEMbkjaMH8Kp6XYXUqXBS9kj2zOpwB + yR3/ABomsLoarbxG9kLMjkPgZGO340AX9atLSPS7h44UVgBghQD1HtWhHY2R + jUm3j6D+Af4Vh6rYXUWnzSSXskqqBlSBg8irsemXpRSNQlHA7CgCLSbS1kN7 + vhRttzIBlQcAY4HHSi6tLVdYsoxCgVlkyNowcDuMVU0yxupTd7L2SPZO6nAH + zEY+Y+5ouLC6XVLSI3sjM6yYfAyuB2+tAGjq9naR6bcOkCKwXghQCP0q5b2V + kbeIm3jJKr/APT6Vjanp93FYTyPfSSKq8qQMGrUGm3jQxsNQkUFQcYHHFADd + LtLV5b4PCjBZ2AyoOBgcCi8tLVdV09FhQK/nZAUYOFGM8VT06wupJLwJeyR7 + JmBIA+Y4HJourC6TUrGNr2RmfzcMQMrhRnH1oA1NUs7NNOuXSCNWCMQQoBHH + 0r8jr7/j+uP+uj/zNfrJqOn3cdjPI99JIqoSVIGD7V+Td9/x+3H/AF0f+Zr9 + l8IvixP/AG7/AO3H57x7tR/7e/Q9j/Z7VW+J1iGAI8m44P8A1zNff80UQuLc + BAAS2eBzxX5/fs+oz/E2xVWKHybjkf8AXM19+TQSieFTMxJLYPpxXmeJ/wDy + MY/4F+bO/gr/AHR/4n+SLc8MIgkIRQQp7D0oghhMMZMaklR2HpUE1vMIZCZ2 + ICnjA54pYbeYxIROwBUcYHHFfnJ9eEEURnnBRSARjgelFxFEJoAEABY54HpU + UMEpmmAmYEEZPHPFE0EqywgzMSScHjigC5NDCIZCI1BCnsPSm28MJgjJRSSo + 7D0qKW3mETkzsQFPGB6UkFvM0KETsAVHGBxQIWGKI3NwCgIG3AwOOKW4iiEk + ICKMvzwKhiglNxMomYFduT68UTwSq8QMzHLYHtQBclhhETkRr0PYUy1hiNvG + SikkDsKZJbzCNiZ2OAeMCmW8ErQIwmZQR0wOKBjooojdTqUGBtwMD0ouoola + HCAZkAPAqKOCU3MyiZgRtyfXii4glUxbpmbLgD296ALzwQ7G/dr0PYVDaRRN + bRlkUkjuBSPbzBSfPY8HsKitoJWgRlmZQR0AFAEkcURu5VKLgBeMCku4ol8n + agGZFB4HSokglNzKomYEBefWi5glXyt0zNmRQPY+tAkXzBDg/u1/IV8a/tRe + A/tugaf4+0+LM1h/o13tHJhdj5bn/dc7f+BD0r7DNtNg/wCkN+QrKuNHt9a0 + ebTNQPm2l5G8UsZHDI+QR+Vepk2ZSwmJhXj03811PJz3KY43Czw0uuz7Po/6 + 6H49aRqt7oWq2ms6bJ5d1ZSpNG3UBkORkdx6juK/WbwZ4t0rx54S03xPpqKg + utoljGMxSrxJGfoenqMHvX5ifEnwLf8Aw78W3nhy83PFGd9tKRjzYG+4317N + 6MCK7X4H/FKXwBr40/UpmGhalIouB1EMnRZgPbo2Oq+pAr9Z4qyiOYYSOIw+ + skrrzXb/AC+7qfi3B2dyyzGSw2J0i3Z+TWz/AM/LXoetftM/CJrO5k+I3hyD + /RpiP7QiQfckPAmAH8LdH9G57kj40r9ontIdTsjG8y3VpdR4IIV45I3H4hlY + H6EV+dHxn+B994JZvFHh6Nrjw/OxLAZZrRicbX7lCfut26Nzgt5vBnE6nFYP + EP3lpF9/L17d/Xf1ePOEXCTx2FV4vWSXTz9H17em3zpRRRX6SflR93fsp+JP + FeuxarpOq3H2zR9KiiEPmrukjkkJ2qrnkoFU/Kc44xgcH66soomt1LICcnqB + 6189fsxeGJNK+GkeqM5jl1m4ln6c7EPlIPp8hI+tfQFpBK8AZZmUZPA+tfz3 + xTVhPH1fZpJJ207rf8T+m+D6NSGW0VVbbavr2eqX3WJfKi+3bdgx5ecYGM5o + vYolgyqKDkdAPWovIl+2bPObPl5z3xnpRdwSpDlpmYZHBx618+fSGh5EP/PN + fyFVLOKJoSWQE7j1A9ak+zTf8/DfkKrWsMrxZWYqMngYoGfOP7TniPxT4W8O + WMnhq4+w297I1vdSRriX5lLIFf8AgztbJHPTBHOfzrJLEsxyT1NfqT8cvDL+ + Ifh1rdoGMs1pbfbIzjnNu28gfVQw/Gvy1r9p8PqsJYNxikpJ6+fVX/I/BPEy + lUjj4yk24uKt2XR2/P5hRRXtvwd+DOr/ABN1IXVwGs9BtnxPc45cjkxxZ6se + 56KOTzgH7HG42lh6bq1naKPhsBgKuKqxo0I3kzqf2dvhO3jDX4/FGuwZ0XTX + 3Irj5bmdOQuO6IeW7E4XnnH6Ea5c6fpOkXep3rJBb2sZlkkIAConJP5VT0rQ + rLQbe00TSFFraWsWyJEGAqjt756knknk818WftKfFhr+5k+Hfh+8MtpbsPt8 + iniSVTkQgjqEPLf7XH8Jz+M1J188x6S0ivwj/m/z8j93pU8Pw/lrb1m//Jpf + 5L8vNnz38SfG1z8QPF994jmXyoZD5dvF/wA84E4Rfr3b/aJr2j9lzwF/wkHi + 6XxbfxbrHQx+73D5XupBhRz12Llj6HbXzfouj6j4g1W10TSYTcXl7IsUSDuz + evoB1J6Acmv1g+HXgi28D+FbXw3YS4+zE+c6j/WzHG9z9T09AAO1fa8X5lDB + YJYSjo5Ky8o9f8j4HgjKqmYY94yvqou7feXT/P7u52rxRC8jUIMFW4wKdeRR + LbSFUUEDsBUDwyi6jUzEkg88cU66glW3dmmZgB0IFfix+9MuJBDtH7tenoKr + WkUTeduQHEjAcDpT1t5to/ft09BVe2glbzdszLiRgfc+tAEssUQu4FCDBDZG + B6U+6hiW3kKooIHoKryQSi5iUzMSQ2D6cU+5glWB2aZmAHTA5oBlqOGEopMa + 9B2FV7aKItNlFOHIHApyW8xRSJ2HA7CoLeGVmlxMVw5B4HPvQMlmiiF1bqEA + B35GBzxUlzDELeQhFBCnsKrSwyi4gUzElt2DxxgU+4glWF2MzMADxgc0CLMM + MJiQmNfujsPSoLeKIyzgoDhuOPalit5jGhE7AEDjAqGCCVpJgJmBDcn1oGTT + RRC4gARQCWzwPSpZ4YRBIQighT2HpVSWCUTQgzMSScH04qSa3mEMhM7EBTxg + c8UCJ4IYTBGSiklR2HpUMEURnnBRSARjgelENvMYYyJ2AKjjA44qKGGUzTAT + EEEZOBzxQMluIohNAAgALHPA9KnmhhEMhEaghT2HpVOaGVZYQZiSScHjipZb + eYROTOxAB4wPSgD4s/aZVV17QioAzZHP/fZr5mr6X/aYRl17QyWLZsiR7fOe + K+aK/pvgn/kVUPR/mz8X4k/36r6/oj9SvDdtbDwl4RIiQb7W03fKOcwr19a7 + i6srJbaYi3jBCNzsHp9K898NWdwPCfhUm7c+ba2m0YHyZhXp9K7S4028W3lY + 6hIwCscEDnjpX8x4/wDj1PV/mfsuF/hR9ES6VZ2j6bbu8CMxQZJUEn9KhtLS + 1bVr9GhQqoiwNowMg5wKh03T7uWwgkS+kjVlBCgDAqG2sLptTvIlvZFZBHlg + BlsjjP0rkNy5qtpao9lshRd1wgOFAyOeDWlNY2QhkIt4wQp/gHp9KwdSsLqN + rQPeySb51UZA+UnPI96vy6beCJydQlOAeMD0oAXR7O0k0y3eSBGYrySoJPP0 + qK3tLU6zdxmFCqpGQNowM+2Kg0vT7qXT4JEvpI1ZeFAGBzUcFjdNqtzEL2QM + qIS+Bk57H6UAW9XtLWNbTy4UXdcxg4UDIOeK1XsbLY3+jx9D/AP8K5/VLC6i + FrvvZJN06KMgfKTnke4rRfTL0KT/AGjKePQUAR6JaWkmlwPJCjMQckqCfvH2 + pIrS1OtTxmFNgiQgbRjOfSqmkWF1Np0Mkd7JErA4UAYHJpIrC6OrTQi9kDLG + pL4GSCelAFzWLS1jhgMcKKTPGDhQOCela/2Gx/594/8Avgf4VzmqWF1FFCXv + ZJA0yAAgcEnr+Faf9mXv/QRl/IUAV9BtLWXSoXkhR2O7JKgn7x9qEtLX+3JI + vJTYIAdu0Yzu64xVTRrG6m06KSO9kiU7sKoGB8xoWwujrDw/bZA4hB34GSN3 + SgC3rVpax2iNHCinzUGQoHGfpWx9hsf+feP/AL4H+Fc5q1hdQ2ytJeySgyIM + EDqT1/CtP+zL3/oIy/kKAINDtLWTT1eSFGbc/JUE/eNH2S1/t7yvJTZ9mzt2 + jGd/XGOtU9IsLqayV472SIbm+UAY4Jo+wXX9s+T9tk3/AGfdvwM4342/TvQB + c1u0tY7AtHCitvTkKAfvCtf7DY/8+8f/AHwP8K5zV7C6hsi8l7JKNyjaQMck + Vp/2Ze/9BGX8hQBBotpayWbNJCjHzHGSoPeka0tf7dSPyU2G3JxtGM7uuMVU + 0mwuprVnjvZIhvcYAGOD1/GhrC6GsJD9tk3mEtvwM43dKALeu2lrFpcrxwoj + AryFAP3hWx9hsf8An3j/AO+B/hXOazYXUOnSySXskqgr8pAwcsK0/wCzL3/o + Iy/kKAINGtLWSCYyQoxE0gGVB4B6dKJbS1GtwRiFNhhYkbRjOfSqelWF1LDK + UvZIgJXBAA5IPX8aJLC6GrQwm9kLGJiHwMgZ6UAXdctLSPSp3jhRWAXBCgH7 + w9q1FsbHaP8AR4+n9wf4Vz+r2F1Dp00kl7JKqgZUgYPIrRXTL3A/4mMv5CgC + HSLS1kS68yFG23EgGVBwBjikuLS1Gs2sYhQK0bkjaMHHtiqmmWF1KtyUvZI9 + s7qcAckd/qaJrG6XVbaI3shZkch8DIx2H1oA0NZtLSPTLh44EVgvBCgEc/Sr + 8NjZGJCbeMkqP4B6fSsPVdPuotPnkkvpJFUcqQMHmrsWmXhjQjUJRkDjAoAj + 0m0tXa93wo224cDKg4AxwKLq0tV1exRYUCssuRtGDgcZGKp6bYXUrXey9kj2 + TupwB8xGOT7mi4sLpdTs4jeyMziTDkDK4Hb60AaWrWdomm3DpAisEOCFAI/S + rVtZWRt4ibeMkqv8A9PpWRqWn3cVhPI99JIqqSVIGDVmDTbxoI2GoSKCoOMD + jigBml2lq898HhRgsxAyoOBjoKL20tV1XTkWFAr+buAUYOF4zxVTT7G6klvA + l7JGUlIJAHzHHU0XdjdJqNjG17IzSeZhiBlcLzj60Aamp2dmmnXLpBGrCNiC + FAI4+lTWdlZtZwM0EZJjUklR6fSszUNPu47Gd3vpJFVGJUgYPHSpbXTbx7WF + lv5FBRSAAOOOlABp1pavd36vCjBZAACo4GO3FF/aWq6hp6LCgVmfICjB+XvV + OxsLqS5vFW9kQpIASAPmOOpovLC6S9ska9kcuz4YgZXA7fWgDX1Cys0sLllg + jBETkEKMg7T7UafZWbWFszQRkmNCSVGSdo9qo32nXaWVw7X8jhY3JUgYIAPF + LZaddvZwOt/IgaNSFAGACOlAC2FpatqGoK0KFVdMAqMD5e1Go2lql5YKkKKG + kIICjkY71UsrG6e9vUW9kRkZQWAGWyO9F9YXUd1ZK17I5eQgEgfLx1FAG1eW + VmtnOywRgiNiCFHp9Ki0yzs30+2d4I2YxqSSoJPH0qtdabeJazM1/IwCMSCB + zx0qLT9Pu5LGB0vpEVkUhQBgcdKAJbK0tW1TUEaFCqGLAKjAyvOOKNTtLVJ7 + EJCihpgDhQMjB4PFU7Swun1G+jW9kVk8vLADLZXjP0o1Cwuo5rMPeyOXlABI + HynHUUAblzZWQtpSLeMEI38A9PpVXSbO0fTbd3gRmKDJKgk/pUVxpt4sEjHU + JGAUnGBzxVfTdPu5bCCRL6SNWUEKAMCgCa1tLVtXvo2hQqoiwNowMjnAxRq1 + pao1lshRd1wgOFAyDng1UtrC6bU7yIXsisgjy4Ay2Rxn6UalY3UTWge9kk3z + ooyB8pOeR7igDfmsbIRORbxghT/APT6VQ0a0tJNMt3kgRmK8kqCTz9KJdMvB + G5OoSnAPGBVLS7C6l0+CRL6SJWXhQBgc0AWbe0tTrF3GYUKqkZA2jAz7YpNY + tLWNbTy4UXdcRg4UDIOeKqQ2F02qXMQvZAyohL4GTnsfpRqljdRLbF72STdO + ijIHBOeR7igDoWsbLaf9Hj6f3B/hWXodpaSaVA8kKMxDZJUE/ePtUraZehSf + 7Rl6egrO0iwuptOhkjvZIlYHCgDA5NAFqK0tTrc8ZhTYIlIG0Yzn0pdZtLWO + CExwopM0YOFA4J6dKpx2F0dWmhF7IHWNSXwMkE9KNVsLqKGIveySgyoACBwS + ev4UAdH9hsf+feP/AL4H+FZGhWlrLpcLyQo7EvklQT94+1T/ANmXv/QRl/IV + maPYXU2nRSR3skSnd8oAwMMaALi2lr/bjx+SmwQA42jGd3XGKNatLWO0Ro4U + U+YgyFA4J+lU1sLo6w8P22TeIQ2/Azjd0o1awuobZWkvZJQZEGCB1J6/hQB0 + f2Gx/wCfeP8A74H+FY+h2lrJp6tJCjtvfkqCfvGrH9mXv/QRl/IVmaRY3U1k + HjvZIl3MNoAxwTQBc+yWv9veV5KbPs2du0Yzv64x1o1y0tY9PZ44UVtychQD + 94VT+wXX9s+T9tk3/Z92/Azjfjb9O9Gr2F1DZM8l7JKNy/KQMckUAdH9hsf+ + feP/AL4H+FZGi2lrJaO0kKMfMcZKg8A/Sp/7Mvf+gjL+QrM0mwuprZmjvZIg + JHGAB1B6/jQBbe0tf7cjj8lNhgJxtGM7uuKXXbS1i0uZ44URgUwQoB+8Paqb + WF0NYSH7bIXMJO/AyBu6UaxYXUOnSySXskqjb8pAwcsKAOj+w2P/AD7x/wDf + A/wrH0a0tZIJzJCjETSAZUHgHpVj+zL3/oIy/kKzNKsbqWGYpeyRASuCAByQ + ev40AXJbS1GtQRiFNhickbRjOfSl1u0tI9LneOFFYAYIUA/eHtVKSwuhq0MR + vZCzRsQ+BkAHpS6vYXUOnTSSXskqqBlSBg8igDoFsbLaP9Hj6f3B/hWVpFpa + yLd+ZCjbbiQDKg4AxxUy6ZelQf7Rl6egrN0ywupVudl7JHtndTgDkjufc0AX + Li0tRrFpGIUCskhI2jBx7YqTWbS0j0y4eOBFYLwQoBHP0rPmsLpdUtojeyFm + RyHwMjHb8afqlhdRafPI99JKqrypAweaANuGxsjDGTbxklR/APT6VmaTaWrt + e74UbbcOBlQcAY4FSRabeGJCNQlAIHGBVDTbG6la7CXskeyd1OAPmIxyfc0A + W7q0tV1exjWFArCXI2jBwOMjFT6rZ2iabcOkCKwQ4IUAj9Kzbmwul1OziN7I + zOJMOQMrgdvrU2pafdxWE8j30kiqpJUgYNAGtbWVkbaIm3jJKL/APT6Vn6Za + Wrz3weFGCzEDKg4GBwOKW3028aCNhqEigqDjA44qlp9hdSTXgS9kQpKQSAPm + OOpoAt3tparqmnIsKBXMuQFGDheM1a1Ozs00+5dII1YRsQQoBHH0rKu7C6TU + bGNr2RmcyYYgZXC84+tT6hp93HYzu99I6qjEqQMHjpQBpWVlZtZwM0EZJjUk + lR6D2qjp1paveX6vCjBZAACo4GO1Fpp149rC638ihkUgADAyOlVLGwupLq9V + b2RCkgBIA+bjqaALl/aWq3+nqsKBWd8gKMH5e9W9QsrNbC5ZYIwRG5BCjIO0 + +1ZF7YXSXtkjXsjl2YBiBlcDtVq9067Szndr+RwsbEqQMEAdKALun2Vm9hbM + 0EZJiQklRknaPaqlhaWrahqCNChVWTAKjA+XtTLHTrt7K3db+RA0aEKAMAED + iq1nYXT3t6i3siFGTLADLZHf6UAW9StLVLuwVIUUNKQQFAyMd+Kv3llZrZzs + sEYIjYghR6fSsW/sLqO5s1a9kcvIQCQPlOOoq5dabeJazM1/IwCMSCBg8dKA + LGmWdm+nWzvBGzGNSSVBJ4+lVrK0tW1XUUaFCqeVtBUYGV5xxUen6fdyWMDp + fSRqyKQoAwOOlQWljdPqN9Gt7IrR+XlgBlsrxn6UAXNUtLVJrEJCihpwDhQM + jB4NaFzZWQt5SLeMEK38A9PpWHqFhdRy2Ye9kkLzAAkD5Tg8ir0+m3iwSMdQ + kYBScYHPFAEmk2do+m27vAjMUGSVBJ/SoLW0tW1e+jMKFVWLA2jAyOwxUOm6 + fdy2EEiX0kasoIUAYFRW9hdNqd3EL2RWQR5cAZbI7/SgC3q1pao1lshRd1zG + DhQMg54Nak1jZCJyLeMEKf4B6fSsDUrC6iNpvvZJN86KMgfKTnke4rQl0y8E + bk6hKcA8YFACaNaWkmmW7yQIzFeSVBJ5PtTILS1Os3UZhQqsaEDaMDPtVbSr + C6l0+GSO9kiVhwoAwOaZDYXR1W4iF7IGVEJfAyc9vwoAuavaWsaWvlwou64j + BwoGQc8VqtY2O0/6PH0/uD/Cue1Owuolti97JJunRRkDgnv9RWkdMvcH/iYy + /kKAItDtLSTSoHkhRmIbJKgn7x9qbFaWp1ueMwpsEKkDaMZz6YqrpFhdTadD + JHeyRKwOFAGByaSOxujq0sIvZA4iUl8DJGelAFvWbS1jghMcKKTNGDhQOCfp + Wx9hsf8An3j/AO+B/hXOarY3UUMTSXskoMqAAgcEnr+Faf8AZl7/ANBGX8hQ + BBoVpayaZE8kKOxL8lQT940LaWv9uvH5KbPs4ONoxnd1xiqej2F1Np8ckd7J + EpLfKAMDDGhbC6/thoftsm8Qht+BnG7pQBc1q0tY7NWjhRT5iDIUDvWv9hsf + +feP/vgf4VzmrWF1Daq8l7JKN6DBAxyev4Vp/wBmXv8A0EZfyFAFfQ7S1ksA + 0kKOd78lQT940fZLX+3hF5KbPs2du0Yzv64x1qppFjdTWYeO9kiG5xtAGODR + 9huv7ZEP22Tf5G7fgZxuxt+negC3rlpaxaczxwojbk5CgH7w9q2PsNj/AM+8 + f/fA/wAK5zV7C6hsWeS9klUMvykDHJFaf9mXv/QRl/IUAQaLaWslq7SQoxEr + jJUHgH6U8QQw69GIo1QeQx+UAc7vaqGk2F1LbO0d7JEBI4wAOoPX8asQW01v + rsay3DTnyWOWAHGcY4oA6WiiigAooooAKKKKACiiigD/0v3Plvb06rBIbJg6 + xsAm4ZIPfPtT9Wvb2XTpo5bFolIGWLAgcjsKnmvbM6zbyieMosbgtuGAT75p + +tX1lLpk8cVxG7EDADAk8jtmgCSPUNQCKBpzngfxrWdpl5ex/a/Lsmk3XEjH + DAbScZX8K3Y9R08RqDdRdB/Gv+NZmk3tnH9t8yeNd1zIwywGQcYI56UAVbi8 + vW1S1kayZXVXwm4ZbI559ql1O+vpLCdJLFo1K8sXU4qW5vbNtXs5FnjKKsmW + 3DAyOMmpdXvrKTTbhI7iNmK8AOCT+tABDqGoCGMDT3ICjnevPFUNOvb2OS8M + dk0haZicMBtPHFbcGoWAgjBuYgQo/jX0+tZ2l3tnHJemSeNQ87EZYDIwORzQ + BVur29bUrKRrJldPN2ruGWyvPPtU+o319JYzpJYtGrIQWLqce9Pu72zbVdPk + WeMogl3EMMDKjGTmrGqX1jJp1wkdxGzMhAAcEn9aAIra/v1tolXT3YBFAO9e + eOtUtPvL1Li8ZLJnLy5YBgNpx0rZtNQsFtYVa5iBCKCC444+tUNNvbNLm+Z5 + 41Dy5UlgMjHUc0AVby9vWv7F2smRkL7V3D5srzz2xVm/vr97K4R7B0Vo2BYu + pwCOtLfXtm+o6e6zxsqNJuIYYGV4zzVrUb+xewuUS5jZmjcABwSTj60AVrO/ + v0tIFSwd1CKAd68jHWqlle3qXd6yWTOzupZQwG046VrWN/YJZW6vcxqwjQEF + xkHA96p6fe2aXt+7zxqrupUlgAfl7UAVb68vXu7JnsmRkdioLA7jjpVu8v79 + 7SdXsHRSjAnevAx1pNQvbN72wZJ42VJGLEMCAMd6uX1/YPZXCpcxsxjcABxk + nB96AKVhfXyWUCJYO6qigMHUZGOtVrO8vVv750smdnKbl3AbcLx9c1qadf2K + afbI9xGrLGoILgEHH1qrY3tmmpag7TxqrmPaSwwcLzjmgCrf3t689mXsmQpL + lQWB3HHSrtzf37W8qtp7qCjAnevHHWmale2b3FiyTxsElyxDA4GOp5q/dahY + NazKtzESUYABx6fWgDN06+vo7GBI7FpFVAAwdRn3qC1vL1dTvZFsmZ3Ee5dw + yuF45960tLvrGPTrdJLiNWVACC4BH61XtL2zXVr+Rp4wjiLaSwwcLzg5oAq6 + leXsklmZLJo9sykZYHcfSr82oagYZAdPcAqed68cVFql7ZySWRjnjYJOpOGB + wOeTzWjPqFgYJALmIkqf419PrQBkaXe30enwJHYtIoXhg6jNRwXt6uqXUi2T + M7KmU3DK4HHPvV/SL6yj023SS4jRgvILgEfrUVve2a6veSNPGEZI8NuGDgc4 + OaAKup3t7J9l8yyaPbcRsMsDuIzhfxrRfUNQKMDpzjg/xrUGrXtnJ9j8ueNt + tzGxwwOAM5J56VqSajp5RgLqLof41/xoAxNJvb2LToY4rFpVAOGDAA8nsaZF + e3o1WeQWTF2jQFNwyAO+ferui31lFpkEctxGjAHILAEcntmmQ3tmNZuJTPGE + aNAG3DBI980AVdVvL2SOASWTRBZkIJYHJHQfjWmdR1HH/IOf/vtaraxe2csV + uI543Kzxk4YHAB5Nax1HT8f8fUX/AH2v+NAHP6NeXsWmwxxWTSoN2GDAA/Me + xoS9vRq8kosmLmEDZuGQM9c1a0K9s4tKgjlnjRhuyGYAj5j2JoS9sxrcspnj + 2GFRu3DGd3TOaAKuq3t7Lbostk0QEiHJYHJB6fjWp/aOo/8AQOf/AL7Wqus3 + tnLbRrFPG5EqHAYHgHr1rX/tHT/+fqL/AL7X/GgDntHvL2KwRIrJpVDN8wYD + +I+tAvb3+2TL9ibzPIC7Nwzjd1z+lWtDvbOLTkSWeNGDPwzAHlj70C9s/wC3 + TL58ez7OF3bhjO/pnPWgCrq95ey2e2WyaJd6HcWB6HpxWp/aOo/9A5/++1qr + rd7Zy2OyKeN23ocBgTwfrWv/AGjp/wDz9Rf99r/jQBz2k3t7FaFYrJpV3uch + gOSenPpQb29/thZfsTb/ACCNm4Zxu65q1ot7ZxWZWWeNG8xzgsAcE/Whr2z/ + ALcWXz49n2cru3DGd3TOetAFXWL29l0+RJbJolJX5iwIHzD0rU/tHUf+gc// + AH2tVdcvbOXTZEinjdiU4VgT94e9a/8AaOn/APP1F/32v+NAHPaVe3scEixW + TSgyuSQwGCT0/CiS8vTq8UpsmDiJgE3DJGeuataNe2cVvKss8aEyyEAsBwT1 + 60SXtmdbhlE8ewQsC24YznpnNAFbWL29l02aOWyaJDtyxYED5h2FaQ1DUcD/ + AIlz/wDfa1X1y9s5dKnjiuI3Y7cBWBJ+Yds1qjUdPwP9Ki/77X/GgDn9LvL2 + NLgR2TSbpnJwwGCeo/Cia9vTqtvIbJg6o4Cbhkg98+1WtHvbOKO5Ek8aFp5C + MsBkHoetE97ZnWbaUTxlFjcFtwwCffNAEGrXt7Lp8yS2LRKQMsWBA5Har0eo + agI1A05zwP41qPWb6yl0y4jiuI3YgYAYEnkds1oR6jp4jUG6i6D+Nf8AGgDC + 0y8vYzd+XZNJundjhgNpOMr+FFxeXrapaSNZMrqsmE3DLZHPPtVrSb2zjN75 + k8a7rmRhlgMg4wRz0oub2zbV7KRZ4yirJlgwwMjjJoAi1O9vpLCdJLFo1K8s + XU4q1Bf6gIYwNPdgFHO9eeKNXvrKTTbhI7iNmK8AOCT+tXLfULBYIw1zECFG + RvX0+tAGJp17epJeGOyaQtMxIDAbTgcUXV7etqVjI1kysnm7V3DLZXnntirW + mXtnHLemSeNQ87EZYDIwORReXtm2q6fIs8ZVPN3EMMDKjGTnvQAzUb6+ksZ0 + ksHjVkILF1OB61+Td9/x+3H/AF0f+Zr9b9Tv7GTTrhI7iNmZGAAcEnj61+SF + 9/x/XH/XR/5mv2Xwi+LE/wDbv/tx+e8e7Uf+3v0PYf2fWZPibYsi7z5Nxx/2 + zNffks0xnhJhIILYGRzxXwL+z2yp8TrFnIUeTccn/rma+/5poTcQMJFIBbJy + OOK8zxP/AORjH/AvzZ38Ff7m/wDE/wAkJNPOYZA0BAKnnI44pYZ5xEgEBICj + nI54qWeeAwSASKSVPcelEE8AhjBkUEKO49K/OT64qwzTCaYiEkkjIyOOKJpp + jLCWhKkE4GRzUsE0ImnJkUAkY5HPFFxNCZoCJFIDHPI44oGEs9wYnBgIBU85 + HpSQTziFAsBYBRzkc1PNPAYXAkUkqe49KbbzwLBGDIoIUdx6UCK0U0wuJmEJ + JO3IyOOKJ5pi8RaErhuORzUsM0IuZ2MigHbg5HPFFxNCzwkSKcPk8jigBZJ7 + gxsDbkAg85FMt551gQLAWAHXI5qzLcQGJwJFJIPcVHbTwrbxq0iggDgkUDK8 + c0wuZmEJJO3IyOOKLiaZjFuhK4cEcjk+lSxTQi6nYyKAduDkc8UXU0LNDtkU + 4cE4I4FADnuLgqQbcjg9xUVtNOsCKsBYAdcjmrb3EBRgJV6HuKhtJ4Vto1aR + QQOhIoAgSaYXMrCEkkLkZHFFzNM3lboSuJFI5HJ9KljmhF1KxkXBC4ORRdTQ + t5O2RTiRScEdKBDzcXGD/o5/MVBaTTrboqwlgM85HrV03Fvg/vV/MVWs5oVt + kVpFBGeCR60DPG/jH8NI/iboUtvDCI9Ysl8yzkJAw3eNj/dfp7HB7YP5j6hp + 99pN9PpmpQPbXVq5jljcYZHU4IIr9nEmhF5IxkXBUc5GK+d/jx8G7Lx/ajxD + 4dMcXiG3AUjIVbqMDhXPQOP4WP0PGCv33B3FCwz+rYh+49n2f+T/AA+8/NuO + uEHi4/W8Mv3i3X8y/wA1+K07HiHwF+PP/CLLF4M8Xyl9KYhbW4Y/8exJ+45P + /LM9j/D/ALv3fuu2dbrThEbdbq2nQg5Ksjo+c8Hggg/jX42Xlnd6fdS2N9C1 + vcQMUkjcFWVhwQQehr6E+D/7QOseABDoGvK+paADhVHM1sD1MZJ5X/YP4Ec5 + 9/ijg/27eKwfxPVrv5rz/P13+b4Q44+rpYPHfCtE+3k/L8vTb0T4qfs1TS3M + +tfDmDaWzJJpzMBjPUwMTjH+wfwPQV8ez6XqVrqJ0i6tZIL1ZBEYZFKSBycB + SpwQc1+vvh3xV4d8VQrrOgX8V5aSxjDo3KnrtZTgqw7ggH2qp4m8J+EfEdzZ + alq1hb3V7p80UsM2AJUaNgw+ZcErkcqcqe4rxcp44xGGTo4uLlb/AMCXr3/M + 9/OvD3DYtrEYKSjfW28X6W2/L0L3hjTH8N+HNM8PwW5KadbRQZBHJjUKT+JG + a1LSaZIAqQlxk85HrV/7Rb/89V/MVVspoUt1VpFByeCR61+f1JuUnKW7P0qn + TUIqEdloRedN9s3+Sd3l425HTPWi7mmaHDwlRkc5HrUvnQ/bt/mLt8vGcjGc + 0Xk0Lw4WRScjoR61BZJ9ouP+fc/mKrWs0yxYWEsMnnIq/wDaLf8A56r+YqrZ + zQrCQ0ig7j1I9aBlWfNzK8M9vvSWJkZCR8ytwc1+QPiPQLrQvE+o+GzGzz2V + 1JbqoGWba5VcAdd3BGOua/YgzQ/bQ/mLt2YzkYzmuWbwh4PtNYvvFNpYW/8A + bF8ymS4OHk+UKnyk52AgDO3Gepya+q4Y4jWXuo5RupJaea/4dnx3F3CzzNUl + GXK4t3fk/wDhkfGfwv8A2Z9Y1WSHWvH8EllYjDLZAhZ5R1/eHrGvqPvf7vWv + uTRbW30jT49N0qyWC1t8rHHHhUQDsBWje6tpem2sl9qF5DbW8I3PJJIqIoHc + knAr4Y+Kv7SlxeRXPhr4eO0Fs7MsuoYKyODwRCOqD/bPzem3qdnLMM7r2+yv + /AY/8H8TnUctyDD3+0/nKX/A+5L1O0+O/wAeF0X7R4S8HzY1VlMVzcIwItgf + vIjD/lp2JH3P97p8FnLHJ5J/Wgkscnkn9a+0/gb8CjaJF448axqsyhXsrJ/v + Kc8Syr2I6qp6dTzgV+jxjhMkwl3v+Mn/AF9x+Wznjc/xtlol90V/n+L/AC7f + 9nb4S3Pg2wPi/wAQWJ/ti/TEMb4DW0DeoPR379wOOCWFfTFtNMok2wlsuxPI + 4PpV8XFvj/Wr+YqrazQqJd0ijMjEZI6V+L5nmVTF1pV6r1f4Lsj95ynK6WCo + Rw9FaL8X3ZE80xuo2MJDAHAyOaddTTtburQFQR1yOKe80Ju42Ei4CnnIxS3c + 8LWzqsikkdARXAeixy3FxtGLc9PUVXtppl83bCWzIxPI4PpV1biDaP3q9PUV + XtZoV87dIozIxGSOlAEUk0xuYmMJBAbAyOeKfcTztA6tAVBHXI4p0s0JuoWE + ikANk5HHFPup4Wt5FWRSSOgIoARJ7gIoFuTwO4qC3mmVpdsJbLknkcH0q5Hc + QBFBkXoO4qC2mhVpt0ijLkjJHNAyKWaY3EDGEgjdgZHPFPuJ52hcNAVBB5yO + KdNNCbq3YSKQu/JyOMin3M8LW8gWRSSp4BFAhsU9wI0AgJAA5yKhgmmEkxWE + sS3IyOKtxXEAiQGRQQo7j0qG3mhWWcmRQC3HI5oGRSzTGaEmEggnAyOeKlmn + nMMgMBAKnnI44ommhNxARIpALZORxxUs88BgkAkUkqe49KBEUM84hjAgJAUc + 5HPFRQzTCaYiEkkjIyOOKtQTwCCMGRQQo7j0qKCaETzkyKASMHI54oGRTTTG + WEtCVIJwMjmpZZ7gxODAQCp5yPSi4mhM0BEikBjnkccVNNPAYXAkUkqe49KA + PiT9phmbXtDDLtxZED3+c8180V9MftMsra9oQUg4siDjt85r5nr+m+Cf+RVQ + 9H+bPxfiT/fqvr+iP1A8NXd2fCfhUG0YCO1tNp3D58Qr09M12txf6g1vKrae + 6gqwJ3rxx1rk/Dd3aHwl4SAmQmO1tN3zD5cQr19K7i61Cwa2lVbmIkowADr6 + fWv5jx/8ep6v8z9lwv8ACj6Iy9Nvr6OwgSOxaRQoAYOoz71DbXt6up3ki2TM + 7iPcu4ZXA45960dKvrGPTrdJLiNWVACC4BH61Ba3tmurX0jTxhHEW0lhg4HO + DmuQ3KupXt7I1p5lk0e2dSMsDuIzxWhLqGoGJwdPcAg8719Kh1W9s5HsvLnj + bbcIxwwOAM8nnpWlNqGnmFwLmIkqf419PrQBj6Xe30enwJHYtIoXhg4APNRw + Xl6NVuZFsmZ2RAU3DK46HPvV/R76yi023jkuI0YLyC4BHP1qK3vbNdYu5TPG + EZIwG3DBx6HNAFXVLy9kFt5lk0e2dGGWB3EZwv41pPqGobGzpzjg/wAa1X1e + 9s5FtPLnjfbcRscMDgDOSeelaj6jp5RgLqLof41/xoAw9Ivb2LToY4rJpVAO + GDAA8nsabFe3o1aaUWTFzGoKbhkDPXNXNEvbKLS4I5biNGAOQWAI5PbNNivb + Ma1PKZ4whiQBtwwTnpnNAFXVb29kihElk0QEyEEsDkg8D8a1P7R1H/oHP/32 + tVdYvbOWGARzxuRNGThgcAHr1rX/ALR0/wD5+ov++1/xoA57Rry9i06KOKya + VBuwwYAH5j2NC3l7/bDy/YmLmEDZuGQN3XNWtCvbOLS4Y5Z40YbshmAP3j2J + oS9sxrkkpnj2GADduGM7umaAKurXl7LbKstk0QEiHJYHkHpx61qf2jqP/QOf + /vtaq61e2ctoixTxuRKhwGB4B+ta/wDaOn/8/UX/AH2v+NAHPaRe3sVkqRWT + Srub5gwHUn1o+23v9s+b9ibzPs+3ZuGcb87s/pVrRL2zi09UlnjRtz8FgDyx + o+22f9u+d58ez7Nt3bhjO/OM560AVdXvb2WyKS2TRLuT5iwPQj09a1P7R1H/ + AKBz/wDfa1V1u9s5bApFPG7b04DAnhh71r/2jp//AD9Rf99r/jQBz2k3t7Fa + ssVk0o3uchgOSenPpQ15e/2wkv2Jt4hI2bhnG7rmrWi3tnFZsss8aHzHOCwB + wT9aGvbP+3El8+PYICN24Yzu6ZzQBV1m8vZdOljlsmiUlcsWBA+Yelan9o6j + /wBA5/8Avtaq67e2cumSxxTxuxK4CsCfvDtmtf8AtHT/APn6i/77X/GgDntK + vb2OGUR2TSgyuSQwGCTyPwokvb06tDKbJg4iYBNwyRnrmrWj3tnFBMJJ40Jm + kIywGQT160S3tmdaglE8ZQRMC24YBz0zmgCtq97ey6dNHLZNEpAyxYEDkdhW + iuoajtH/ABLn/wC+1qDW72yl0ueOK4jdiBgBgSfmHbNai6jp+0f6VF0/vr/j + QBgaXe3sa3Pl2TSbp3JwwGCeo/Cia8vTqttIbJg6o4Cbhkg98+1WtIvbONLr + zJ403XEjDLAZBxgjnpRPe2Z1i1lE8ZRY3BbcMAn1NAEOq3t7Jp86SWLRKRyx + cEDn0q5FqGoCNANOcjA53rTdYvrKXTLiOO4jdivADgk8/Wr8Wo6eIkBuYgQo + /jX0+tAGFpt7extd+XZNJundjhgNpOOPwouL29bU7ORrJldBJtXcMtkc8+1W + tKvbONr3zJ413XDsMsBkHHI56UXV7Ztq1jIs8ZRFlyQwwMjjJzQBHqd9fSWE + 6SWLRqVOWLqcVYgv9QEEYXT3YBRg7154p2rX1lJptwkdxGzMhwA4JP61at9Q + sFt4la5iBCrkb19PrQBi6feXqTXhjsmkLSksAwG046UXd5etqNjI1kyunmbV + 3DLZXnB7Yq1pl7ZxzXxknjUPMSuWAyMdRzRe3tm2qafIs8ZVPN3EMMDK8ZOe + KAGahfXz2M6PYPGrIwLF1OBjrUtrf362sKrp7sAigHevIx1qbU7+xk0+4RLi + NmaNgAHBJOPrU1nqFgtpArXMYIRQQXGQcfWgDHsb29S5vGSyZy8gLAMBtOOl + F5e3r3tk72TIyM+1dw+bI/pVrTr2zS7v2eeNQ8gKksBkY7c0X17ZvqFg6Txs + qM+4hhgZXvQAX1/fvZXCPYOitG4LF1OAQefwosr+/SzgRLB3VY1AYOoyABzV + vUL+xewuUS5jZmicABwSSVPvS2F/YpY2yPcxqyxoCC4BBCj3oAybK8vUvb10 + smdnZdy7gNuBRf3t691ZM9kyFJCVBYHccdKtWF7Zpf37vPGquybSWGDhe1Go + 3tm93YMk8bBJCWIYEAY780AOur+/a1mVtPdQUYE714GOtR6ffXyWMCJYO6qi + gMHUZGOtaF5qFg1nOq3MRJjYABxknH1qLTb+xj0+2R7iNWWNQQXAIOPrQBmW + l7erqN9ItkzM/l7l3DK4XjnvmjUL29eazL2TRlZQVBYHccdKtWd7ZrqmoSNP + GFcxbSWGDhecHPNGp3tnJPYlJ42CTAthgcDB5PNAElxf6g0Eitp7qCpyd68c + VX02+vo7CBI7FpFCjDB1Ga1LnULBraVVuYiSjAAOvp9aq6TfWUem26SXEasq + DILgEfrQBn215erqd5ItkzO4j3JuGVwOOfejUr29ka08yyaPbOhGWB3EZ4/G + rVre2a6tfSNPGEcRYJYYOBzg5o1W9s5GsvLnjbbcIxwwOAM8n2oAml1DUDG4 + OnOBg871qnpV7ex6fAkdi0qgcMHAB59K2ZdR08xOBcxElT/Gvp9aoaPfWUWm + W8clxGjBeQXAI5+tAFGC9vRqtzILJi7IgKbhlQO+fejVL29kW28yyaPbOhGW + ByRnA/GrVve2Y1i6lM8YRkjAbcMHHoaNXvbORbXy54323EbHDA4Azkn2oAsN + qGo7T/xLn6f31rO0i9vYtOhjismlUA4YMADyexrebUdP2n/Soun99f8AGsvR + L2yi0uCOW4jRgDkFgCPmPbNAFSO8vRq00osmLmJQU3DIGeuaNVvb2SGISWTR + ASoQSwOSDwOPWrUV7ZjWp5TPGEMSgNuGCc9M5o1i9s5YIRHPG5E0ZOGBwAev + WgC1/aOo/wDQOf8A77WsvR729i06KOKyaVRuwwYAH5j2NdD/AGjp/wDz9Rf9 + 9r/jWRod7ZxaXDHLPGjAtkMwB+8e2aAKq3t7/bDy/Ym3mEDZuGcbuuaNWvb2 + W2VZbJoh5iHJYHkHpx61aW9s/wC3Hl8+PYYAN24Yzu6ZzRrN7Zy2irFPG58x + DgMDwD9aALX9o6j/ANA5/wDvtay9HvL2KyCRWTSrub5gwHU+9dD/AGjp/wDz + 9Rf99r/jWRol7ZxWCpLPGjbn4ZgDyxoAq/bb3+2fN+xN5n2fbs3DON+d2f0o + 1e9vZbJklsmiXcvzFgehHpVr7bZ/2753nx7Ps23duGM784znrRrd7Zy6eyRT + xu25OAwJ4YUAWv7R1H/oHP8A99rWXpN7exWzLFZNKPMc5DAck9OfSuh/tHT/ + APn6i/77X/GsjRr2zitGWWeND5jnBYDgn60AVWvb3+2El+xMHEJGzcMkbuua + NYvb2XTpY5bJolO3LFgQPmHYVae9szrkconj2CAjduGM7umaNcvbOXS5o4p4 + 3YlcBWBP3h2zQBa/tHUf+gc//fa1l6VeXscMwjsmlBlckhgMEnkfhXQ/2jp/ + /P1F/wB9r/jWRo97ZxQziSeNCZpCMsBkE9etAFWW9vTq0MpsmDiNgE3DJGeu + adq97ey6dNHLZNEpAyxYEDkdhViW9szrUEonjKCJwW3DAOemc07W72yl0ueO + K4jdiBgBgSeR2zQBMuoajtH/ABLn6f31rN0y9vY1ufLsmk3TyMcMBtJxkfhW + +uo6ftH+lRdP76/41laRe2ca3fmTxruuJGGWAyDjBHPSgCrPe3p1W2kNkwdU + cBNwywPfPtUmq3t7Jp86SWLRKRyxcEDn0qa4vbM6xayieMoqSAtuGBn1NSax + fWUumXEcdxG7FeAHBJ5+tADotQ1ARIBp7kADnevpWfpt5extd+XZNJundjhg + NpOOPwrch1DTxCgNzECFH8a+n1rN0q9s42vfMnjXdcOwywGQccj2oAq3N5et + qdnI1kyugk2puGWyOefaptSvr6SwnSSxaNWUgsXU496kur2zbVrGRZ4yiCXJ + DDAyOMnNT6rfWMmnXCR3EbMyEABwSf1oAZb3+oLBGq6e7AKMHevPFUdPvb1J + rwpZNIWlJYBgNpx0rattQsFtola5iBCKCC6+n1rP0y9s4574vPGoeYlcsBkY + HI5oAq3d5etqNjI1kyshk2ruGWyvOPpVjUL6+exnR7B0VkYFi6nAx1p17e2b + anp8izxlUMu4hhgZXjJzxVnUr+xk0+5RLiNmaNgAHBJOPrQBBaX9+trCq6e7 + AIoB3ryMdap2N5epdXrJZM5eQFgGA2nHStey1CwWzgVrmMERqCC4yDge9UtO + vbNLu/Z541DyAqSwAIx25oAq3t7eve2TvZMjIzbV3A7uKtXt/fvZzo9g6K0b + AtvU4BHWi/vbN7+wdJ42VHfcQwwMr35q5f39i9jcolzGzNG4ADgkkqfegCnY + 39+llbolg7qsaAMHUZAHX8aq2d7epe3rpZM7Oybl3D5cD+taun39ilhbI9zG + rLEgILgEEKPeqlje2aahfu88aq7JtJYYOF7UAVb+8vXubNnsmQpISoLA7jjp + Vy6v79rWZW091BRgTvXgY603Ub2ze7sGSeNgkpLEMDgY781evNQsGtJ1W5jJ + KMAA4yTj60AZ2n318ljAiWDyKqKAwdRkY61BaXl6uo30i2TM7+XuXcMrheMn + vmtLTL+xj0+3R7iNWWNQQXAIOPrVeyvbNdU1CRp4wr+VtJYYOF5wc80AVdQv + b15bMvZNGVmBALA7jg8Venv9QMEgbT3UFTk7144qPU72zkmsTHPGwSYE4YHA + weTzWhcahYNbyqtzESVbA3r6fWgDL0y+vo7CBI7FpFCjDB1Gaht7y9XVLuRb + Jmdljym4ZXA45960NJvrKPTbdJLiNWVBkFwCP1qG1vbNdXvZGnjCMseCWGDg + c4OaAKup3l7IbTzLJo9s6MMsDuIzhfxrQl1DUDG4OnOAQed61Dq17ZyNZeXP + G224RjhgcAZ5PPStOXUdPMTgXMRJU/xr6fWgDF0q9vY9PgSKxaVQOGDgA8+l + Mhvb0arcSCyYuyICm4ZAHfPvV7Rr6yi0y3jkuI0YLyC4BHJ7ZqOC9sxrF1KZ + 4wjRoA24YJHoc0AVdUvb2RbbzLJo9s6EZYHJHQfjWk2oajg/8S5/++1qvq97 + ZyJa+XPG+24jY4YHAGck89K1W1HT9p/0qLp/fX/GgDB0i9vYtOhjismlUA4Y + MADyexpI7y9GryyiyYuYlBTcMgZ65q3ol7ZRaXBHLcRowByCwBHzHtmkivbM + a1NKZ4whhUBtwwTnpmgCrqt7eyQxCWyaICVCCWByQen41qf2jqP/AEDn/wC+ + 1qrrN7ZywQiKeNyJoycMDwD161r/ANo6f/z9Rf8Afa/40Ac9o97exafGkVk0 + qgthgwAPzH1oW9vf7YaX7E2/yQNm4Zxu65q1od7ZxaZFHLPGjAvkMwB+8feh + b2z/ALceXz49htwN24Yzu6Zz1oAq6te3stqFlsmiXehyWB5B6cetan9o6j/0 + Dn/77WqutXtnLZqsU8bnzEOAwJwD9a1/7R0//n6i/wC+1/xoA57SLy9iswkV + k0q7m+YMB1PvR9svf7ZEv2JvM8jbs3DON2d2f0q1ol7ZxWASWeNG3ucMwB5Y + +9H22z/t4TefH5f2bbu3DGd+cZz1oAq6xeXstiyS2TRKWX5iwPcelan9o6j/ + ANA5/wDvtaq65e2cunskU8btuThWBPDCtf8AtHT/APn6i/77X/GgDntJvb2O + 2dYrJpQZHOQwHJPTn0qxBcXE2uxtPbmA+SwwSDxnrxTtGvbOK1dZZ40Jlc4L + AcE/WpBcQT69G0MiyDyGGVIPO7pxQBv0UUUAFFFFABRRRQAUUUUAf//T/dma + xshrNtELeMI0bkrsGCR7Yp2tWNlFpk8kVvGjADBCAEcjuBVOWzvhqsERvWLt + G5D7FyAO2Kfq1lfRadNJLfNKgAypRRnkdxQBtR6dp5jUm1i6D+Bf8Ky9JsbK + T7b5lvG+y5kUZQHAGMAcdKsR6fqJRSNRYcD+BaztMs72T7X5d60e24kU4RTu + IxlufWgCzc2Nkur2cS28YRlkyoQYOBxkYqbV7Cxj024kjt40ZV4IQAj8cVQu + LO9XVLWNr1mdlfD7FyuBzx71Lqdlfx2E7yXzSKF5Uooz+VAGtBp2nmCMm1iJ + Kj+BfT6VnaXY2Ukl6JLeNtk7AZQHAwOBUsOn6iYYyNRYAqONi8cVQ06zvpJL + sR3rRlZmDYRTuPHNAFq7sbJdVsI1t4wjiXcAgwcKMZGOcVPqlhYx6dcPHbRq + yoSCEUEfpWddWV8upWUbXrM7+btbYuVwvPHfNT6jY38djO8l+0ihCSpRRkel + AGjaafYNaws1tESUUklF54+lUNNsbKS5vle3jYJLhQUBwMdBxUltYag1tEy6 + gygopA2LwMdKpWFnevcXix3rIUlwxCKdxx1oAtX1jZJqOnotvGqu0m4BAAcL + xnjmrWo6fYJYXLpbRqyxuQQigggfSsu8s75b+yR71nZy+1ti/Lhefzqzf2Oo + JZXDvfs6rGxK7FGRjpQBdsdPsHsrd3tomZo0JJRSSSB7VTsLGye9v0e3jZUd + QoKAgDHbjils7DUHtIGTUGRSikDYpwMdKqWVlfPd3qpesjI6hm2Kdxx19qAL + OoWNkl7YIlvGqu7BgEABGO/HNXb7T7BLK4dLaJWWNyCEUEEA+1ZN9Z3yXdkr + 3rOzuwVtijacdat3lhqCWk7PqDOoRiV2LyMdKALGnWFi+n2zvbRszRqSSikk + 4+lVbGxsn1LUI2t42VDHtBQEDK84GOKLCxv3soHS/ZFZFIUIpwMdKrWdnetf + 3yJesjIU3NsX5srxx2xQBa1Kxso7ixVLeNQ8uGAQDIx0PFX7rTrBbWZltogQ + jEEIvp9Kxr+yvkns1kvWcvLhTsUbTjrV25sNRW3lZtQZgEYkbF546UASaXYW + MmnW7yW8bMyAklFJP6VXtLGybVr+NreMogi2goMDK84GOM03TrG/ksYHjv2j + UoCFCKcD0qC1s71tTvY1vWV0Ee59i5bK8ce1AFnVLGyjkshHbxrvnUHCAZHP + B46VpT6dp4gkItYgQp/gX0+lYmpWd7HJZiS9aTdMoXKKNp9avzafqIhkJ1Fi + Ap42LzxQAaRYWMum28klvG7MvJKKSfxxUVtY2TaveRtbxlFSMhSgwMjnAqHS + 7K/k0+B4r5o1K8KEU4/E1HBZXzapdRresrqqZfYuWyOOPagC1q1jZR/Y/Lt4 + 03XManCAZBzkHjpWnJpunhGItYuh/gX/AArC1Oyvo/snmXrSbriNRlFG0nOG + 49K0X0/UQjE6i54P8C0ARaLY2UumQSS28bsQckoCTye5FNhsbI6zcRG3jKLG + hC7BgE+2Kg0myvpdOhkivmiQg4UIpxye5pkVlfHVZ4xesHWNSX2Lkg9se1AF + nWLGyiitzHbxoWnjBwgGQeo6VrnTdOx/x6xf98L/AIVz+q2d7HHAZb1pQ0yA + AoowT0PHpWmdO1LH/ISf/vhaAK2hWNlNpUEktvG7ndksgJPzHuRQljZHW5Yj + bx7BCpC7BjO7rjFVdGs76XTYZIb1oUO7ChFOPmPc0JZXx1eSIXrCQQgl9i5I + z0x0oAtazY2UVtG0VvGhMqDIQDgnpwK1v7N07/n1i/74X/Cuf1ayvordGlvW + lBkQYKKMEng8elan9nal/wBBJ/8AvhaAKmh2NlLpyPLbxuxZ+WQE8MfUUosb + L+3TD9nj2fZw23YMZ39cY61V0ezvZbBHhvWiUs3yhFP8R9aBZX39smL7a3me + QDv2LnG7pjp70AWdbsbKKx3xW8aNvQZVADyfYVr/ANm6d/z6xf8AfC/4Vz+r + 2d7FZ7pb1pV3oNpRR1PXj0rU/s7Uv+gk/wD3wtAFXRbGylsy0tvG7eY4yyAn + APuKGsbL+3Fh+zx7Ps5bbsGM7uuMdaq6TZX0toWivWiXe4wEU8g9efWg2V9/ + bCxfbW8zyCd+xc43dMdKALWuWNlFpskkVvGjApyqAHlh3ArW/s3Tv+fWL/vh + f8K5/WLK+i0+R5r1pVBXKlFGfmHcVqf2dqX/AEEn/wC+FoAq6NY2UtvK0tvG + 5EsgBKA8A9OlJJY2Q1uGIW8ewwsSuwYznrjFVtKsr6SCRor1ogJXBARTkg8n + n1oks70avFEb1jIYmIfYuQM9MUAWtcsbKHSp5IreNHG3BVACPmHcCtUabp2B + /osX/fC/4Vg6xZX0WmzSTXrSoNuVKKM/MO4rSGn6lgf8TF/++FoAq6PY2Usd + yZLeN9s8gGUBwB0HI6Us9jZDWbaIW8YRo3JXYMEj2xVXS7O9kjuDFetFtmcH + CKckdTz60TWV8NVt4zesXZHIfYuQB2x70AXdZsbKLTJ5IreNGAGCEAI5HcCt + CPTtPMak2sXQfwL/AIVi6tZX0WnzPLfNKgAypRRnkdxV6PT9RKKRqLgYH8C0 + AV9JsbKQ3vmW8bbLmRRlAcAYwBx0oubGyXV7KJbeMIyyZUIMHA4yMVW0yzvZ + Dd+XetHtndWwincRjLfjRcWd6uqWkbXrM7LJtfYuVwOePegC/q1hYx6bcSR2 + 8aMq8EIoI/HFW7fTtPaCMm1iJKjnYvp9KytTsr+OwneW+aRQvKlFGfxFWoNP + 1EwxldQZQVGBsXjigCLTLGyklvRJbxsEnYDKA4GBwOKLyxsl1XT41t4wj+bu + AQYOFGMjHOKq6dZX0kl4I71oyszBiEU7jgc0XVnfLqVjG16zO/m7W2L8uF54 + 75oA0tTsLGPT7h47aNWVGIIRQQcfSvyQvv8Aj+uP+uj/AMzX6yajY36WM7yX + 7SKqElSijI9K/Ju+/wCP24/66P8AzNfsvhF8WJ/7d/8Abj89492o/wDb36Hs + f7Paq/xOsVcBh5Nxwf8Arma+/wCaGEXECiNQCWyMDnivz+/Z9Vn+JtiqNsPk + 3HP/AGzNffksMwnhUzEklsHA44rzPE//AJGMf8C/NnfwV/uj/wAT/JFqeCAQ + SERqCFPYelEEEBhjJjUkqOw9KimgnEMhM5ICnjA54ohgnMSETkAqOMDjivzk + +uCCGEzTgxqQCMcDjii4hhE0AEagFjngc8VFDDMZpgJiCCMnA54onhmEsIMx + JLHBwOKALc1vAIXIjUEKew9KbbwQGCMmNSSo7D0qOWC4ETkzkgKeMD0pIIJz + ChWcgFRxgcUALDDCbmdTGpA24GBxxRcQQiSECNRl8Hgc1FFDMbiZRMQRtycD + niieGYPEGmLZbjgcUAXJbeARORGoIB7Co7aCFreNmjUkgckCmyQXAjYm4JAB + 4wKZbwTtAhWcqCOmBxQA6KGE3U6mNSBtwMDjii6hhVodsajLgHAHIqKOGY3M + yiYgjbk4HPFFxDMpi3TFsuAOBwfWgC69vAEYiJeh7CobSCFraNmjUkjqQKHt + 7gIxNwTwewqK2hnaBGWcqCOmBxQA+OGE3cqmNcALgYGKLqGFfJ2xqMyKDgDp + USQzG5lUTEEBcnA5ouYZl8rdMWzIoHA4PrQBeNvb4P7pfyFVrOGFrZGaNSTn + kgetPNvcYP8ApB/IVBaQztboyzFQc8YHrQBIkMJvJFMa4CjjAxRdwwqse2NR + l1HAFRLDMbp1ExDBRzgc0XUMyqm6YtlwOg6+tAHkfxY+Bvh74lW5vrfbputx + LiO5RflkA6JMo+8OwYfMPccV+b/ivwd4i8FamdK8RWjW0vJRuscqg43Rt0Yf + y6HB4r9hfs9x/wA/B/IVzWreFNH8XaKdK8QW8d5ZyZ/dyIDtOSNyt95W9wQR + X2XD3GFbB2pVfep9uq9P8vyPheJ+B6GObrUvcqd+j9f8/wAz8mvDPivxB4P1 + FdV8O3r2c64ztwUcD+F0OVYexBr7B8G/tUaRexx2PjrTRYTZGbu1UvEfUtHy + 6/8AAS2fQVzfjz9lbVrS5mufAF0L6ELv+yXDBJh7JIflb23bfqTXyrrGh6x4 + evn03XLKawuo+scyFG+oB6g9iODX6JOjlmcQ5lZy+6S/rzuj8whXzfI58rTU + fPWL/rysz9e/D3ibwh4st/tXhu/tdRQDJETKzL/vL95foQK2LKGF7dWaNScn + kgetfi/a3V1ZTpc2cz28ycq8bFGB9iMEV6loXxz+Knh9BDZ6/NPEP4LkLcf+ + PSBmH4Gvlcb4cVE74eqn66fir/kfY4DxSpNJYqk0+8dfwdvzZ+p3kw/btnlr + t8vOMDGc0XkMKQ5WNQcjoB61+eVl+1X8Q4DuvLSxumAxu8t0bH4Pj9K2G/a1 + 8USR7JdFtWP/AF0cD8v/AK9eJPgTMU9Ip/NHvw8RMra1m18n+h9//Z7f/nkv + 5CqtnDC0JLRqTuPUD1r8/Lr9rPx/IhW0sLGAnuyyOR9PnArg9U/aD+K+qRNA + usmyibJK2saRHn0cAuP++q3oeH+Ok/e5Y/P/ACRhiPErLoL3OaXov82j9LNW + 1PQtCY3mtXNvYWqxkl53WNM59WwM185+Pf2nPBGjxSWXhC3OtXnQShTDbof9 + 4jc3/ARg/wB6vgfUtX1XWbg3esXs19Of+Wk8jSv/AN9MSaq21tc3k6WtpE88 + 0p2oiKWZiewA5Jr6nL/D7D0/fxM+by2X+f4o+OzPxMxNX3MJBQv13f8Al+DO + 28cfErxb8Qbv7R4guh5KHMdtCPLgj+iDqf8AaYlveuU0jR9U17UYdJ0a1kvL + y4bbHFEu5if6AdyeAOTX0Z4E/Ze8Z+IjFe+KnGg2LYJRxvumHtGOE/4Gcj+6 + a+0vAfw58NeBbBrTw1ALZidskzAPNLju7nk+uBhR2ArpzLi7BYGHscKlJrot + l6v/AC/A5cq4Kx+YVPb4xuKe7l8T9E/1+Vzxj4Qfs7WPhK8tte8ZiO/1dV8y + OAYaC3bsT/fcev3QemSA1fT97DCls7LGoIxyAPWomhm+1qvnHdtJzgevSi7h + mW3dnmLgY4wPWvyXMs0rYup7WvK7/Beh+05VlNDBUvY4eNl+L82Xxb2+P9Uv + 5CqtrDCwl3RqcSMBkDpUgt7jH/Hwf++RVa2hmYSbZiuHYHgcn1rzz0iV4YRd + xqI1wVPGBilu4IVtnZY1BA6gCoXhmF1GpmJJU4OBxTrqGdbd2acsAOmBzQDL + a28G0ful6egqtawwt526NTiRgMgcCpFt7jaMXB6egqvbQzN5u2YriRgeByfW + gCWWGEXUKiNQCGyMDnin3UEK28jLGoIHUAVXkhmFzEpmJJDYOBxxT7mCdYHZ + pywA6YHNAFmO3gKKTGvQdhUFtDCzTbo1OHIGQOKckFwUUi4I4HYVBbwzM0u2 + YrhyDwOT60ASzQwi6t1EagNvyMDnAp9zBCtvIVjUEKeQBVeWGYXECmYkndg4 + HHFPuIJ1hctOWAB4wOaALEVvAYkJjUkqOw9Kht4YWlnBjUgNxwOKWKC4MaET + kAgcYFQwQzGSYLMVIbk4HNAEs0MIuIAI1AJbIwOeKlnggEEhEaghT2HpVWWG + YTQgzEkk4OBxxUs0E4hkJnJAU8YHPFAEsEEBgjJjUkqOw9KhghhM84MakAjA + wOOKWGCcwxkTkAqOMDjiooYZjNMBMQQRk4HPFAEtxDCJoAI1ALHPA54qaaCA + QuRGoIU9h6VUnhmEsIMxJLHBwOKllguBE5M5ICnjA9KAPiv9plVXXtCKgDNk + Scd/nNfM9fS/7TCsuvaGWbdmyJHsN54r5or+m+Cf+RVQ9H+bPxjiT/fqvr+i + P1J8N2doPCXhIiBAZLW03fKPmzCvX1rt7rTtPW2lZbaIEIxBCL6fSvP/AA1a + Xg8J+FSbtiJLW02jaPkzCuMeuK7W4sNRW3lZtQZgFYkbF546V/MeP/j1PV/m + fsuF/hR9EO0qwsZNOt3kt42ZkBJKKSf0qG1sbJtWvo2t4yiCLaCgwMjnAxUe + m2N/JYQPHftGpUEKEU49qhtrK+bU7yNb1ldBHubYuWyOOPauQ3LWq2NlG9l5 + dvGu+4RThAMg54PHStKbTtPELkWsQIU/wL6fSsPUrK+ja08y9aTdOoXKKNpO + efwrQl0/URE5OosQFPGxfSgBukWNjLptvJJbxuzLySgJPPriorexsm1i7iNv + GUVIyF2DAz6DFRaXZX0mnwPFfNEpXhQinHPqajgs706rcxresrqiEvsXLA9B + j2oAs6vY2US2nl28abriNThAMg5yDx0rVfTdPCMRaxdD/Av+FYOqWd7GLbzb + 1pN06KMoo2k5w3HpWk+n6kEYnUXPB/gWgCDRLGyl0uCSW3jdiDksgJPJ7kUk + VjZHWZ4jbxlBEhC7BgHPXGKr6RZX0unQyRXzRIQcKEU45Pc02Kyvjq00QvWD + iNSX2LkjPTFAFrWLGyihgMdvGhM0YOEAyCeRwK1v7N07/n1i/wC+F/wrn9Vs + r6OKEy3rSgzIACijBJ4PHpWp/Z2pf9BJ/wDvhaAKmhWNlNpcMktvG7HdksgJ + PzHuRQljZHXJIjbx7BADt2DGd3XGKraNZ3sunRSQ3rQod2FCKcfMe5oWzvf7 + YeIXrCQQg79i5I3dMdKALOtWNlFaI0VvGhMqDIQDgn2Fa/8AZunf8+sX/fC/ + 4Vz+rWd7FbK0t60oMiDBRRyT149K1P7O1L/oJP8A98LQBV0SxspdPV5beN23 + PyyAnhj6ij7DZf275P2ePy/s27bsGM78ZxjrVXSLK+lsleK9aJdzfKEU9CfW + j7Fff2z5X21vM+z7t+xc434246e9AFrW7GyisC8VvGjb05VADyw9BWt/Zunf + 8+sX/fC/4Vz+r2V9FZF5b1pV3L8pRR1I9PStT+ztS/6CT/8AfC0AVdFsbKWz + ZpbeNz5jjJQE4B9xSNY2X9uJD9nj2GAnbsGM7uuMdaraTZX0tqWivWiXe4wE + U8g9efWhrO9/thIvtreYYSd+xc43dMdKALOu2NlDpkskVvGjArgqgB+8O4Fa + /wDZunf8+sX/AHwv+Fc/rNnexadJJNetMgK5Uooz8w7itT+ztS/6CT/98LQB + V0exspYJjJbxuRNIBlAcAHgUS2NkNagiFvGEMTErsGCc9cYqrpVlfSQymK9a + ICVwQEU5IPJ59aJLK+GrQxG9YuYmIfYuQM9MUAW9bsbKLS55IreNGAGCqAEf + MO4Fai6bp20f6LF0/uL/AIVg6vZX0WnTSS3zSoAMqUUZ5HcVorp+pbR/xMX/ + AO+FoAr6RY2UiXRkt4323EijKA4AxgDjpST2NkNYtYhbxhGRyV2DBI9Riq2l + 2d9ItyY71o9s7g4RTkjqefWiazvRqttGb1i7I5D7FyAO2PegC9rFjZRaZcSR + 28aMq8EIARz6gVei07TzEhNrESVH8C+n0rH1Wyvo9PneW+aVQOVKKM8+oq5F + p+omNCNRYAgcbFoAh0qxspGvfMt4223DqMoDgDHA46UXVjZLq1lGtvGEdZdw + CDBwOMjFVdNsr6Rrvy71o9s7hsIp3EY5/Gi5s75dTs42vWZ3Em19i5XA5496 + ANDVbCxj064eO3jVlQkEIoI/SrVtp2ntbxFraIkquSUX0+lZep2N/HYTvJfN + IoU5UoozViCw1EwRldQZQVGBsXjigCLTLGykmvg9vGwSYhcoDgY6Dii8sbJN + U0+NbeMK/m7gEGDheMjHOKradZ3rzXgjvWjKSkMQinccdaLuzvV1Gxja9Znf + zNrbF+XC88d80AaWp2FjHp9w6W0asqMQQigg4+lS2en2DWkDNbRElFJJRck4 + +lZ+oWN/HYzvJftIqoxKlFGRjpUtrYag1rCy6gyqUUgbF4GOlADdOsbJ7u+V + 7eNgkgCgoDgY7cUX1jZJqFgiW8aq7PuAQAHC9+Oaq2NnfPc3ipeshSQBjsU7 + jjrReWV8l7ZI96zs7PtbYo24H65oA1dQ0+wSwuXS2iVlicghFBBCn2osNPsH + sbZ3tomZo0JJRSSSB7VUvrDUEsrh3v2dVjcldijIAPH40WVhqD2cDpfsitGp + C7FOAQOKAEsLGye/v0e3jZUZNoKAgZXtxxRqNjZJd2CpbxqHkIYBAARjvxVa + ys75729RL1kZGXc2xTuyP0ovrO9S6sle9Zy8hCnYo2nHWgDXvNPsFtJ2W2iB + CMQQi5Bx9Ki02wsX0+3d7aNmaNSSUUknH0qG6sNQW1mZtQZlCMSNijIx0qPT + 7G/exgeO/aNWRSFCKcDHSgB1nY2TapqEbW8ZVDFtBQEDK84GOKNTsbKOexCW + 8ah5gGwgGRg8HiqtpZ3zajfRresrp5e5ti/NleOO2KNQs75JrMSXrSF5QFJR + RtOOtAGzc6dp620rLbRAhGIIRfT6VW0qwsZNOt3kt42ZkBJKKSf0ptxYaisE + jNqDMApyNi88VX02xv5LCB475o1KjChFOKAH2tjZNq19G1vGUQRbVKDAyOcD + FGq2NlG1l5dvGu+4RThAMg54PHSq1tZ3raneRresroI9z7Fy2Rxx7UalZ3sb + WnmXrSbp0C5RRtJzz+FAG5Np2niJyLWIEKf4F9PpVHR7Gyl0y3kkt43Zl5JQ + Enn1xTpdP1ERuTqLEAHjYtU9Ksr6TT4HivmiUrwoRTjn1NAE1vY2TaxdRG3j + KKkZC7BgZ64GKTV7GyiW18u3jTdcRqcIBkHOQeOlVobO+Oq3Ma3rK6ohL7Fy + wPQY9qNUs72Nbbzb1pN06AZRRgnODx6UAbzabp20/wCixdP7i/4VmaJY2Uul + wSS28bsQclkBJ+Y9yKnbT9S2nOov0/uLWdpFlfS6dDJFfNEhBwoRTjk9zQBY + isbI61PEbeMoIlIXYMA564xS6xY2UUEJjt40JmjBwgGQTyOBVWOzvTq00QvW + DiJSX2LkjPTFGq2d9HDEZb1pQZUABRRgk8Hj0oA6D+zdO/59Yv8Avhf8KydD + sbKXS4ZJbeN2JbJZAT949yKtf2dqX/QSf/vhay9Hsr6XTopIb1okO7ChFOPm + Pc0AWlsbL+23i+zx7BADt2DGd3XFGs2NlFaK0VvGhMiDIQA4J9hVVbK+/th4 + vtreYIQd+xc43dMdKNWs76K2Vpb1pR5iDBRRyT149KAOg/s3Tv8An1i/74X/ + AArI0SxspbBXlt43bc/LICeGPqKt/wBnal/0En/74WsvSLO+lsg8V60S7m+U + Ip7+9AFr7DZf275P2ePy/s27bsGM78ZxjrRrdjZRaezxW8aNuTlUAPLD0FVf + sV9/bPlfbW8z7Pu37Fzjfjbjp70avZX0Vkzy3rSruX5SijqR6UAdB/Zunf8A + PrF/3wv+FZOjWNlLaM0tvG58xxkoCcA+4q1/Z2pf9BJ/++FrL0mzvpbZmivW + iHmOMBFPIPXn1oAsvY2Q1yOIW8ewwE7dgxnd1xil1yxsotLmkit40YbcFUAP + LDuBVVrO9GsJEb1jIYSd+xcgbumOlGsWV9Fp0sk160qDblSijPzDuKAOg/s3 + Tv8An1i/74X/AArI0exspYZzJbxuRNIBlAcAHgcirf8AZ2pf9BJ/++FrL0qz + vZIZjFetEBK4ICKckHk8+tAFqWxshrUEQt4whiYldgwSD1xil1uxsotLnkit + 40YAYKoARyO4FVJbK+GrQxG9YuY2IfYuQM9MU7V7K+i06aSW+aVABlSijPI7 + igDcTTdO2j/RYun9xf8ACsvSLGykW78y3jfbcSKMoDgDGAMjpVhdP1LaMai/ + T+4tZumWV9Itz5V60e2eQHCKdxGMnn1oAtXFjZDWLWIW8YRkkJXYMEjpkYqT + WLGyi0y4kjt40ZV4IQAjn1xVGeyvhqttG16zOyOQ+xcqB1GPepNVsr6PT53l + vmlULypRRnn1FAGxDp2nmFCbWIkqP4F9PpWZpVjZSNe+ZbxtsuHUZQHAGOBx + 0qeLT9RMSEaiwBUcbF9Kz9Ns76Rrvy71o9s7hsIp3EY5/GgCzdWNkurWMa28 + YRxLuUIMHA4yMVPqthYx6dcPHbxqyoSCEUEfjis+5s71dTs42vWZ3Em19i5X + A5496m1Kxv47Cd5L9pFCklSijPtQBp22nae1tEzW0RJRSSUX0+lUNMsbKSe+ + D28bBJiFygOBgcCpLew1FoI2XUGUFRgbF44qjp9lfPNeCO9aMrKQxCKdxx1o + As3tjZJqenxrbxhXMu4BBg4XjIxzVnUrCxj0+4dLaNWWNiCEUEHH0rNu7O9X + UbGN71mdzJtbYvy4XnjvmrGoWN+ljO8l+0iqjEqUUZGOlAF+y0+wezgZraIk + xqSSi5Jx9Ko6dY2T3d+r28bBJAFBQEAY7cU+0sNQa1hZNQZFKKQNi8DHSqdj + Z3r3V6qXrIUkAY7FO4460AWr+xskv7BEt41V3fcAgAOF78c1bv8AT7BLG5dL + aJWWNyCEUEEA+1ZV7ZXyXtkj3rOzs21tijbgVavbDUEs53e/Z1WNiV2KMgDp + QBb0/T7B7C2d7aJmaJCSUUkkqPaqljY2T6hfo9vGyoybQUBAyvbjiixsNQey + t3S/ZFaNCF2KcAjp+FVbOyvnvb1EvWRkZNzbFO7I/TFAFnUbGyS7sFS3jUPK + QwCAZGO/FXrzT7BbSdltogQjEEIuQcfSsi/s71LmyV71nLyEKdijacdauXVh + qC2szNqDMoRiRsXkY6UATaZYWMmn27vbRszIpJKKSTj6VWs7GyfVNQja3jKp + 5W0FBgZXnAxxmm6fY372MDx37RqyKQoRTgY6VBaWd62o30a3rK6eXubYvzZX + jjtigC1qdjZRzWIS3jUPMAcIBkYPB4rQuNO09beVltYgQrYOxfT6Vi6hZXyS + 2YkvWkLTAKSijacdavT2GoiCQtqDMApyNi88UAO0mwsZNOt3kt42ZkBJKKSf + xxUFrY2TavexNbxlEWPClBgZHOBimaZY38lhA8d80alRhQinFQ29netql3Gt + 6yuqx7n2Llsjjj2oAs6tY2UbWXl28a77hFOEAyDnIPHStOXTtPETkWsQIU/w + L6fSsPU7O9jNp5l60m6dFXKKNpOcN+FaEun6iI3J1FiADxsWgBmjWNlLplvJ + LbxuxXklASeT3xTILGyOsXURt4yixoQuwYBPoMVBpVlfSafA8V80SEcKEU45 + 9TTIbK+Oq3EYvWDqiEvsXJB6DHtQBa1exso0tfLt403XEanCAZBzkHA6Vqtp + unbT/osXT+4v+FYGqWV9Gtt5t60m6dAMoowT0PHpWk2n6ltP/Exf/vhaAINE + sbKXS4JJbeN2IOSyAk/Me5FNisbI61NEbeMoIVIXYMA564xVfSLK+l06GSK+ + aJCDhQinHJ7mkjs706vNEL1g4iUl9i5Iz0xQBZ1mxsooITFbxoTNGDhAMgnp + 0rX/ALN07/n1i/74X/Cuf1WzvYoYjLetKDKgAKKMEng8elan9nal/wBBJ/8A + vhaAKuh2NlLpkUktvG7EvksgJ4Y9yKFsbL+3Hi+zx7PIDbdgxnd1xjrVXR7K + +l0+N4b1olJbChFOPmPc0LZXv9sNF9tbzPJB37Fzjd0x0oAta1Y2UVmrRW8a + HzEGQgBwT7Ctb+zdO/59Yv8Avhf8K5/VrK+itQ0t60q70GCijknrx6Vqf2dq + X/QSf/vhaAKmiWNlLYB5beN23uMsgJ4Y+oo+w2X9uiH7PH5f2bdt2DGd+M4x + 1qtpFney2QeK9aJdzDaEU9D159aPsd7/AGyIvtreZ5G7fsXON2NuOnvQBZ1y + xsotPZ4reNG3JyqAHlh6Ctf+zdO/59Yv++F/wrn9Ys72KxZ5r1pVDL8pRR3H + pWp/Z2pf9BJ/++FoAq6NY2Utq7S28bkSuMlAeAfcVItvbwa9GsESxjyGOFUD + nd14qjpNlfS2ztFetEBI4wEU8g9efWrEFvcQ67Gs9wZz5LHJUDjPTigDpaKK + KACiiigAooooAKKKKAP/1P3Plv7k6rBKbKQMsbgJkZOe9O1a/uZtOmjeykiV + gMsSMDkVamurU61bSCZCojcE7hgH65p+tXdrJpdwkcyMxAwAwJ6j3oAWPU7s + IoGnynAHcVn6Zf3MX2vZZSSb7iRjjHyk4+U+4roI72yEag3EfQfxD/GsvSLq + 1T7bvmRd1zIRlgMg45HNAFO4v7ltUtZTZyKyK4CHGWyO30qTU9QupbCeN7GS + NWXliRgVYubq1OsWcgmQqqSZO4YGR3qXV7u0fTbhEmRmK8AMCT+tADYdTu1h + jUafKQFHORzxVDTr+5jkuyllJJvmZjgj5Txwa3oL2zEEYM8YIUfxD0+tZul3 + Vqkl8XmRd07EZYDIwORzQBTur+5bUrKVrKRWTzcKSMtlecfSptR1G6ksZ43s + ZIwyEFiRge9TXl1atq2nusyFVEuSGGBlRjNWNVu7R9OuUSdGYocAMCT+tAFe + 21K7W2iUWErAIoyCOeOtU7C/uY7i8ZbORy8mSAR8px0Nbdpe2a2kKtPGCEXI + 3D0+tUNMurVLm/LzIoaXIyw5GO3NAFO8v7l7+ykaykQoXwpIy2V7fSrN9qN1 + JZXCNYyIGjYFiRgZHWn311atqWnusyFVaTJDDAyvfmrWo3lo+n3KrOjExuAA + wyePrQBTs9Su0tIEWwlcKigEEYOB1qrZX9yl3eutlI5d1JAIyvHQ1s2N5ZrY + 26tPGCI0BBYccD3qlp91arfX7NMgDOuCWHPy9uaAKd9f3Ml3ZO1lIhRyQDjL + cdBVq81K7e0nRrCVAyMCSRgZHWnahdWrXtgyzIQsjEkMOOO/NXb68s2sbhVn + jJMbgAMOeD70AZ1hqN1HZQItjI4VFAYEYPHWq9nf3KX99ItlI7OUyoIyuF7/ + AFrW028tE0+2V50VhGoILDI4+tVbG6tV1LUHaZArGPBLDBwvbmgCnf39zJPZ + s1lIhSXIBI+Y46CrtzqV21vKpsJVBRhkkccdaTUrq1e5sSkyMFmycMOBjvzV + +7vbNrWYCeMko3G4en1oAytO1G6jsYI0sZJAqABgRg+9Q2t/crqV7KtlIzOI + 8qCMrheM/WtTSru0TTrZHnRWCDILAEfrVe0urVdW1B2mQKwiwdwwcLzigCnq + N/cyPaF7OSPZMrDJHzEZ4HvV+bU7toZFOnygFTzkccUzVbq1eSxKTI224UnD + A4HPJrSnvbMwSATxklT/ABD0+tAGLpeoXUWnwRpYySKq8MCMGo4L+5XVLqUW + UjM6oCnGVwO/1rR0e7tU0y3R5kVgvILAEfrUVtdWo1i8kMyBWSPB3DBwKAKe + p39zL9l32Ukey4jYZx8xGflHua0X1O8KMP7PlHB7iotXurV/sWyZG23MZOGB + wBnk81qSXtkUYC4j6H+If40AYOk39zDp0MaWUkqqDhgRg8mmxX9yNVnlFlIW + aNAU4yMd6v6Ld2sel26STIrAHILAHqfemQ3VqNauZDMgUxIAdwwT9c0AU9Uv + 7mWOAPZyR7ZkYEkckdvxrT/tS8/6B0v5ioNZurWSK3CTI2J4ycMDgA9eta5v + rLH/AB8R/wDfY/xoA5zR7+5h02GKOyklVd2GXGD8xoS/uRq8k32KQsYQNmRk + DPWrmg3VrHpUCSTIjDdkFgD94+9CXVqNclkMybDAozuGM7umaAKeq39zLbor + 2UkQEiHJI5IPT8a0/wC1Lz/oHS/mKg1q6tZLaMRzIxEsZwGB4zWv9usv+fiP + /vsf40Ac5o9/cw2KRx2ckoBb5lIxyxoF/c/2wZvsUm7yAuzjON2c/SrmhXVr + HpqJJMitufgsAfvH3oF1a/260nnJs+zgbtwxnf0zQBT1e/uZrPZJZyRDeh3M + Rjg9K0/7UvP+gdL+YqDXLq1ksdscyMd6cBge/wBa1/t1l/z8R/8AfY/xoA5z + Sb+5htCiWUko3ucjGOT0/Cg39z/bCzfYpNwgK7MjON3X6Vc0S6tY7IrJMinz + HOCwHf60NdWv9urJ5ybPs5Gdwxnf0zmgCnrF/czWEkcllJEpK/MxGBhhWn/a + l5/0DpfzFQa7dWsmmSJHMjMSnAYE/eHvWv8AbrL/AJ+I/wDvsf40Ac5pV/cx + QSKllJKDK5yMcEnp+FEl/cnV4pjZyBhEw2ZGSM9auaNdWsdtKJJkUmaQ8sBw + T9aJLq1OuQyCZNghYZ3DGc+uaAKesX9zNps0cllJErbcsxGB8wrSGqXmB/xL + 5fzFQ67dWsmlTpHMjsduAGBP3h71rC+ssD/SI/8Avsf40Ac7pd/cxJcBLOST + dM7HBHBPb6iia/uTqtvKbKQMqOAmRk57/hVzR7q1jjuQ8yLm4kIywGQe/Wie + 6tTrNtIJkKiNwTuGB+NAFbVdQuZtPmjeykiVgMsSMDkVdj1O8CKP7PlOAO4p + Nau7WTS7hI5kZiBgBgT1HvWjHe2QjUG4j6D+If40Ac/pl/cxG72Wckm+d2OC + PlJxwfcUXF/ctqlpKbORWRZMISMtkdvpVzSLq1Q3u+ZF3XMhGWAyDjkUXV1a + nWLKQTIVVZMncMDI7nNAFfU9QupbCeN7GSNWXliRgVag1O7WGNRp8rAKBnI5 + 4p+r3do+m3CJMjMV4AYEn9auW97Zi3iBnjBCr/EPT60AYWnX9zHJeFbKSTfM + xIBHynA4NF1f3L6lYytZSK0fm4U4y2VGcfSrml3Vqkt8XmRd07EZYDIwORRe + XVq2q6c6zIVXzskMMDKjGeaAItR1G6ksZ43sZIwyEFiRge9fk3ff8ftx/wBd + H/ma/XHVLu0fTrlEnRmKNgBgSePrX5HX3/H9cf8AXR/5mv2Xwi+LE/8Abv8A + 7cfnvHu1H/t79D2H9n12T4m2LKpc+TccD/rma+/JZ5DPCxhYFS2B68V8C/s9 + sq/E6xLEAeTcdf8Arma/QCeWM3FuQ4wC2eR6V5nif/yMY/4F+bO/gr/dH/if + 5ISa4laGRTAwBU8+nFENxKIkAgY4Uc+vFTXE0RgkAdSSp7j0pYJohBGC6ghR + 3HpX5yfXFOGeRZpiIWJYjI9OKJ55GlhJhYYJ49amgljE85LgAkY5HpRcSxma + AhwQGOeR6UDEluJTE4MDDIPP4UkFxKsKKIGYBRz61YmmiMMgDr909x6UlvNE + IIwXUEKO49KBFSKeQXEzCFiW25HpxRPPIzxEwsuGz9amhljFzcEuMHbjkelF + zLGZIMODh/UUAwkuZTGwMDDIPNMt7iRYEUQMwA6jvVqWaIxOA69D3FR2ssQt + 4wXAIA7igZWjnkFzMwhYltuR6YFFxPIxizCy4cHnv7VNFLGLqclxg7ccj0ou + pYy0OHBxID1FACvcylGH2dhwaitriRYEUQswA6jvVx5otjfOvQ9xUNpLEttG + C4BA9RQBXSeQXMreSxJC8elFzPI3lZhZcSKee/tU0csYu5WLjBC9xRdyxnyc + ODiRSeR0oEONzLg/6O1QWk8iW6KsLMBnkfWr5mhwfnX8xVayljW1QM4BGepH + rQMgWeQXTv5LElRx3FF1PIyoDCy4cHn+VTJLH9skbeMFRzmi8ljZY8OD869x + QA/7TL/z7tVaznkS3RVhZwM8j61o+dD/AH1/MVUsZY1tUDOAeepHrQBCJ5Pt + bP5LZ2AY79etZfiHStK8Q2P2HXNLivLcsPlnRZFz7bgcH3FbQlj+2s28Y2Dn + I9aLyWNogA4PzL396qE3F80XZkThGScZK6PmvxH+zD8PtYd59HivNFlbkLDI + JYQf9yTLfgGArxXUv2T/ABehL6Hqtrex8485XgY/gokH61+hPnQ/31/MVUsp + Y1t1DOAcnqR619JhOMMwoqyqXXnr+O/4ny2N4Iyyu7ulZ/3dPwWn4H5k3f7O + PxctpjDFpCXRAzmO4hAx6/O6n9KypPgN8W4jiTw5KPfzISPzD4r9S/Nj+3bt + 4x5eM5HXNF7LG0GFcE5HQj1r2I+ImNS1hF/J/wCZ4U/DDAPVTmvmv/kT8xLf + 9nT4wTsA2heSp/ie4gwPwEhP6V2OlfsqePLwq+o3tnaRE4O0vK4/AKq/+PV+ + ivnQ/wB9fzFVLKWNYSGcA7j3HrWNbxAx8vh5V6L/ADbOih4aZdB+85S9X/kk + fKPh/wDZW8IafPGfEF3eas6jJjXbbxt9Qu58fRxX0Do/hLwx4TsWtvDmiQ6a + pADPGg3sAf4nOXb8Sa60yx/bg28Y8vGcj1ovpY2tmCuCeOhHrXzeOzrF4n+P + UbXbp9y0PqsvyDB4T/d6ST79fveo/wC0y/8APu1VrWeREYCFmyxPFaPnQ/31 + /MVUs5Y1R9zgfO3UivLPXIWnk+1q/ktkKRjv1ou55Ht3VoWUHHJ+tTNLH9tR + t4xsPOR60XssbWrhXBJx0I9aBDxcy4/492qtbTyKJMQs2XY8dvatATQ4++v5 + iqtpLGBLlwMyMeooAheeQ3UbeSwIB47mnXU8j27qYWUEdTUjyxm8ibeMBW5y + KW8lia2kCuCSPUUAxVuZQoH2djxVe2nkXzcQs2ZGPHb2q+k0W0fOvT1FVrSW + NfOy4GZGPUdKBkMk8huYmMLAgNx68U+5uJGgdTAygjqe1PlljN3AwcYAbPI9 + KfdSxG3kAcEkeooExqXMoRR5DHgVBbzyK0pELNlyeO3tV6OaLy1+deg7iq9t + LGGmy4GXOORQMhlnkNxAxhYFd2B65FPuLiVoXUwMoIPJ7U+aWM3VuQ4wN+eR + 6VJcyxG3kAdSSp7igRHFcyiNAIGOAOahgnkWSYiFm3NyPSrkM0QiQF1+6O49 + Kht5YxLOS4GW459qBkMs8hmhYwsCpOB68VLNcStDIpgYAqefTilnljNxAQ4w + C2eR6VLcTRGCQB1JKnuPSgRDDcSrDGogYgKOfXiooZ5FmmYQsSxGR6cVbt5o + hBGC6ghR3HpUUEsYuJyXABIxyPSgZDPPI0sJMLDBPHrUstxKYnBgYZB5/Clu + JYzNAQ4IDHPI9KmmmiMMgDr909x6UAfEf7TDs2vaGCpXFkQM9/nPNfNFfTP7 + TTKde0LBziyOf++zXzNX9N8E/wDIqoej/Nn4vxJ/v1X1/RH6geGr24bwn4VB + tHHlWtoVPHz4hXp9a7S41K7a3lU2EqgqwySOOK5bw3c258JeEQJUOy1tN3zD + j9yvX0ruLq9s2tpgJ4ySjcbh6fWv5jx/8ep6v8z9lwv8KPojJ03ULqKwgjSx + kkCqAGBGDUNtf3K6neSiykZnEeVBGVwO/wBa09Ju7RNNt0edFYIMgsAR+tQW + l1arq1+5mQKwiwdwwcA9Oa5Dcp6lf3MjWheykj2TqwyR8xGeB71fl1O7MTg6 + fKMg85HpTNVurV3stkyNtuEJwwOBzyea05r2zMMgFxGSVP8AEPT60AYml6hd + RafBGllJIqrwwIweajgv7ldUuZRZyFmRAUyMrjufrWjo93ax6Zbo8yKwXkFg + D1+tRW91ajWbuQzIFZI8HcMHHvmgCnql/cyi132cke2dGGSOSM8D3NaL6neF + SP7PlHHqKi1i6tXW02TI225jJwwOAM81qve2Wxv9Ij6H+If40Ac/pF/cw6dD + GllJKqg4ZSMHk0kV/cjVpphZSFmjUFMjIAPWr2iXdrHpcCSTIrAHILAH7x96 + bFdWo1qeQzJtMSAHcMZz60AU9Uv7mWKEPZSRhZkIJxyQen41p/2pef8AQOl/ + MVBrN1ayQwBJkYieMnDA8A9a1/t1l/z8R/8AfY/xoA5zRr+5h06KOOzklUbv + mUjB+Y0Lf3I1h5vschYwhdmRkDd1q5oN1ax6VCkkyIw3ZBYA/eNCXVr/AG7J + J5ybDABncMZ3dM5oAp6tf3M1sqvZyRASIckjsen41p/2pef9A6X8xUGt3VrJ + aIscyMfNQ4DA8Z+ta/26y/5+I/8Avsf40Ac5pF/cw2SollJKNzHcpGOSaPt9 + z/bPnfYpN/2fbs4zjfnd9O1XNDurWPT1WSZFO5+CwB+8aPtVr/b3mecmz7Nj + duGM7+mc0AU9Xv7mayKPZSRDcp3NjHBFaf8Aal5/0DpfzFQa3dWslgVjmRjv + TgMCfvCtf7dZf8/Ef/fY/wAaAOc0m/uYbVlSyklG9zkEY5PT8KGv7k6wk32O + TcISuzIzjd1+lXNFurWOzZZJkU+Y5wWA70NdWv8AbqSecmz7ORu3DGd3TNAF + PWb+5m06WOSzkiUlfmYjAwwrT/tS8/6B0v5ioNeurWTS5UjmR2JTgMCfvCtf + 7dZf8/Ef/fY/xoA5zSr+5ihlCWUkgMrkkEcEnp+FEl/cnVoZjZSBhEwCZGSM + 9auaNdWscEweZFJmkIywHBP1olurU63BIJk2iFgTuGM59c0AVNXv7mbTpo3s + pIlYDLMRgcitFdTvMD/iXy/mKi1y7tZNKnSOZGYhcAMCfvD3rVW9sto/0iPp + /eH+NAHO6Zf3MS3ISykk3TuxwRwT2PuKJr+5bVbaU2UgZUcBOMnPcfSrmkXV + qiXW+ZFzcSEZYDIOOetFxdWp1m1kEyFVjcE7hgfjmgCtquoXMunzxvZSRqw5 + YkYHNXYtTuxGgGnynAHORRrN3ayaZcIkyMxXgBgT1+tX4b2zESA3Ef3R/EPT + 60AYGm39zE13sspJN87scY+UnHB9xRcX9y2p2cpspFZBJhSRlsjt9KuaTdWq + Ne75kXdcORlgMjjkUXV1anV7FxMhVVlydwwMgdeaAINS1C6lsJ43sZI1ZSCx + IwKswandrBGo0+VgFAzkc8VJq13aPptwiTIzFDgBgSf1q3bXtmLeIGeMEIv8 + Q9PrQBhaff3Mct4y2ckheUkgEfKcdDRd39y+o2MjWcitH5mFJGWyvOPpVzS7 + q1Se+LzIoackZYDIx1FF7dWrarpzrMhVPNyQwwMrxmgCLUNRupLGeNrGRAyM + CxIwOOtS2upXaWsKLYSsFRQCCMHA61Z1O8tH065VJ0ZjGwADAk8fWpbO8s1s + 4FaeMERqCCw9PrQBi2N/cx3N4y2Ujl5ASBjK8dDReX9y97ZO1lIhRnwpIy2V + 7fSrmnXVqt3fs0yANKCCWHIx25ov7q1bUNPZZkIVnyQwwPl70AMvtRunsrhG + sJUDRuCxIwMg80tlqN0lnAi2ErhY1AYEYOB1q7qF5aNYXKrOhJicABhknafe + l0+8tFsLZWnjBESAgsMg7R70AY9lf3KXt662cjl2UlRjK4Hei+v7mS6smayk + QpISAcZbjoKuWF1arqGoM0yAM6YJYYPy9qNRurV7ywZZkYLISSGHAx3oALrU + rt7WZGsJVDIwJJGBkdai0/UbqOxgjWxkcKigMCMHjrWneXlm1nOqzxkmNgAG + Hp9ai0y8tE062V50VhGoILDI4+tAGVaX9ymo30i2UjM/l5UEZXC8Z+tGoX9z + JNZlrKRCkoIBI+Y46CrlldWq6pqLtMgVjFglhg4XnFGp3Vq89iUmRgswJwwO + Bg9eaAFuNSu2gkU2EqgqRkkccVX03ULqKwgjSxkkVVADAjBrXub2zNtKBPGS + Ub+Ien1qrpN3aJptujzIrBBkFgCP1oAzba/uV1O8lFnIzOI8qCMrgd/rRqV/ + cytaF7OSPZOjDOPmIzwPc1ctLq1XV75zMgVhFg7hg4HbmjVrq1drLZMjbbhC + cMDgc8nmgCSXU7sxuDp8oyDzkVS0rULmLT4I0spJFUcMCMHmtya9szE4FxH9 + 0/xD0+tUNGu7WPTLdJJkVgvILAHr9aAM+G/uV1S5lFlIWZEBTIyMdz9aNUv7 + mVbYPZyR7Z0YZxyRnge5q5b3VqNZu5DMgVkjwdwwce+aNYurWRbTZMjbbiMn + DA4Azz1oAmbU7wqR/Z8vT1FZ2kX9zDp0MaWUkqqDhlIweTXQPe2W0/6RH0/v + D/GsvQ7u1j0qBJJkVgGyCwB+8fegClHf3I1aaYWchZo1BTIyBnrRqt/cywxB + 7KSMCVDkkckHp+NXIrq1GtzyGZNhiUA7hjOfXNGs3VrJBCEmRiJoycMDwD9a + AJ/7UvP+gdL+YrM0e/uYdOijjspJVG75lIwcsa6P7dZf8/Ef/fY/xrI0K6tY + 9LhSSZEYF+CwB+8aAKa39yNYeb7FJuMIXZkZxu6/SjVr+5mtlV7KSICRDk4x + wen41cS6tf7ckk85NnkAZ3DGd3TOaNaurWS0RY5kY+YhwGB4z9aAJ/7UvP8A + oHS/mKzNIv7mGyCR2cko3Mdy4xyTXR/brL/n4j/77H+NZGh3VrHp6rJMine/ + BYA/eNAFP7fc/wBs+d9ik3fZ9uzjON+d307Uavf3M1kySWUkQ3L8zEY4YVc+ + 1Wv9veZ5ybPs2N24Yzv6ZzRrl1ayaeyxzIx3JwGBP3hQBP8A2pef9A6X8xWZ + pN/cw2zKllJKDI5yCMcnp+FdH9usv+fiP/vsf41kaLdWsdo6yTIp81zgsBxn + 60AU2v7k6wk32OQMISuzIyRu60axf3M2nSxyWUkSnb8zEYGGFXHurX+3Y5PO + TYICM7hjO7pnNGu3VrJpcyRzI7EpwGBP3hQBP/al5/0DpfzFZmlX9zFDMEs5 + JQZXJII4JPT8K6P7dZf8/Ef/AH2P8ayNGurWOCcSTIpM8hGWA4J60AU5L+5O + rQzGykDLGwCZGSCetLq9/czadNG9lJErAZZiMDkVblurU61BIJk2iJwTuGM5 + 9adrd3ayaXOkcyMxAwAwJ+8PegCRdTvAoH9ny9PUVm6Zf3MS3Oyykk3TyMcY + 4J7H3FdCl7ZbR/pEfT+8P8aytIurVFu98yLuuJCMsBkHHNAFOa/uW1S2lNlI + GVHATIyc9x9KfquoXMunzxvZSRqw5YkYHNWbi6tTrNpIJkKqkmTuGBn3zUms + 3drJplwkcyMxXgBgT1+tACRandiJANPlOAOcj0qhpt/cxNdlLOSTfO7HGPlJ + xwfcVvw3tmIYwbiMEKP4h6fWszSbq1Rr3fMi7rhyMsBkccjmgCnc39y2p2cp + spFZBJhSRlsjt9Km1LULqWwnjexkjDKQWJGBU13dWravYuJkKqJcncMDI781 + Pq13aPptwiTozFDgBgSf1oAht9Su1gjUWErAKBkEc8VS0+/uY5rwrZSOXlJI + BHynHQ1uW17Zi2iBnjBCL/EPT61n6ZdWqT3xeZFDTEjLAZGB05oAp3d/cvqN + jI1lIrRmTCkjLZXt9Kn1DUbqSxnjaxkQMjAsSMDjrUt7dWrappzrMhVTLkhh + gZXjNWdTvLR9OuVSdGYxsAAwyePrQBVtNSu0tYUWwlYKigEEYOB1qpY39zHd + XrLZSOXkBIGMrx0NbVleWa2cCtPGCI1BBYeg96o6ddWqXl+zTIoaQEEsORjt + QBTvb+5e9snaykQozEKcZbI7VavdRuns50awlQNGwLEjAyOtOv7q1a/09lmQ + hXfJDDA+XvVzULy0awuVWdCTG4ADDJO0+9AFCx1G6Syt0WwlcLGgDAjBwBzV + azv7lL29dbKRy7JlQRlcDvWvp95aLYWytOgIiQEFhkHaPeqlhdWq6hqDNMgD + MmCWGD8vagCnf39zJc2bNZyIUkJAJHzcdBVy61K7e1mRrCVQyMCSRgZHWjUr + q1e7sGWZGCykkhhwMd+avXl5ZtZzqs8ZJjYABh6fWgDM0/UbqOxgjWxkcKig + MCMHjrUFpf3KajfSLZyM0nl5UEZXC8Z+taumXlomnWyvOisI1BBYAjj61Wsr + q1XVdRdpkCv5WCWGDhecUAU9Qv7mSWzLWUkeyYEAkfMcHgVen1O7aCRTp8qg + qRnI44puqXVq81iUmRgs4JwwOBg8mtG5vbM28oE8ZJRv4h6fWgDH03ULqKwg + jSxkkCqAGBGDUVvf3K6ndyizkZnEeUBGVwO/1rS0m7tE023R5kVggyCwBH61 + Da3VqNXvnMyBWWLB3DBwO3NAFPUr+5lNpvs5I9k6MMkfMRnge5rQl1O7Mbg6 + fKMg85FR6tdWrtZbJkbbcxk4YHAGeTWnNe2ZicC4j+6f4h6fWgDD0rULmLT4 + Y0spJVUcMCMHmmQ39yuq3EospCzIgKZGRjufrWho13ax6ZbpJMisF5BYA9T7 + 1HBdWo1m6kMyBWjQA7hg4980AU9Uv7mVbYPZSR7Z0YZI5I7D3NaR1O8wf+Jf + L+YqHV7q1dLXZMjYuIycMDgDPPWtZr2y2n/SI+n94f40Ac9pF/cw6dDGllJK + qg4ZSMHk0kd/cjV5ZhZSFjEo2cZAz1q7od3ax6VAkkyKwDZBYA/ePvSRXVqN + bnkMybDCoB3DGc+uaAKeq39zNDEr2ckQEqHJI5IPT8a0/wC1Lz/oHS/mKg1m + 6tZLeERzIxE0ZOGB4B+ta/26y/5+I/8Avsf40Ac5o9/cw6fHHHZSSqC3zLjB + yxoW/uf7Yab7FJuMIXZkZxu6/SrmhXVrHpkSSTIrAvwWAP3jQt1a/wBuvJ5y + bPs4Gdwxnd0zmgCnq1/czWoV7KSIb0OSRjg9PxrT/tS8/wCgdL+YqDWrq1ks + 1WOZGPmIcBge9a/26y/5+I/++x/jQBzmkX9zDZhEs5JRuY7lIxyaPt9z/bIm + +xyb/I27MjON2c/TtVzQ7q1jsAskyKd78FgD940farX+3hJ5ybPs2N24Yzv6 + ZoAp6xf3M1i0clnJECy/MxGOCK0/7UvP+gdL+YqDXLq1k05kjmRm3JwGBP3h + 71r/AG6y/wCfiP8A77H+NAHOaVf3MNs6pZSSgyOcjHUnp+FWILmW41yNpbdo + T5LDDY6ZzmpNFurWO1cSTIp81zgsBwT9aeJoZdejMUiuPIYfKQed3tQBvUUU + UAFFFFABRRRQAUUUUAf/1f3Wm0+xGsW8IgQI0bkrtGCRT9Z06wh0yeWK3RHU + DBCgEciqstpqI1WCNr7Mhjch/LXgdxjvmnataalHp0zz3/moAMr5SrnkdxQB + sR6VppjUm2jyQP4RWZpOn2Mv2zzYEbZcyKuVBwoxgCrMdjqxRSNSwMDjyVrP + 0y01F/tfk33lbbiQN+7U7mGMtz0z6UAT3On2K6vZwrAgR1kJG0YOBxU2rabY + RadcSRW6KyrkEKARVK4tdRGqWsbX26Rlfa/lqNuBzx3zUmp2mppYTvNf+agX + lfKVc/iKANSDS9NaCNmtoySoJ+UelZ2mafYyyXokgRgk7KuVHAAHAqxDZasY + YyupYBUYHkqccVQ0601F5LsRX3llZmDHy1O5uOfb6UAT3en2KapYRLAgSTzd + wCjBwoxmrGp6bp8Wn3EkduisqEghRkGqF1aaiupWSPfbpG83a/lKNuF5475q + bUbPU0sZ3l1DzECHK+UoyPTNAF+00vTntYWa2jJKKSdo64qjp2n2MlzfLJAj + BJcKCo4GOgqW2stVa2iZNR2qUXA8pTgY6ZqnYWuovcXgivvLKyYY+Wp3HHX2 + oAnvdPsU1GwjSBAsjSbgFGDheM1a1DTNPjsLiRLdFZY2IIUZBArOvLTUVv7J + Hvt7sX2t5ajbheeO+as31nqiWVw0mob0EbEr5SjIxyM9qALVjpmnPZW7vbRl + mjQklRySBVOw0+xkvb5HgRljdQoKjgY7U+zs9Ua0gaPUdilFIXylOBjgZqrZ + Wmotd3qx32xldQzeWp3HHXHagCe/0+xjvLFEgRVkdgwCjkY71cvdM05LK4dL + aMMsbkEKOCBWZfWuopd2SyX29mdgreWo2nHXHerV5Z6otpO0mo71CMSvlKMj + HIzQBPp2mafJYW8klujM0akkqMkkVVstPsX1G/jeBCsZj2gqMDK84pbCz1R7 + KBo9Q8tCikL5SnAx0zVeztdRa/vkS+2OpTc3lqd2V447YoAn1HT7GO4sVjgR + Q8uGAUcjHQ1futL05LaZltowQjEHaOuKyb+01FJ7MS33mFpcKfLUbTjr71du + bLVVt5WfUdyhGyPKUZGOlADtM03T5dPt5JLdGZkBJKjJNV7TT7F9Vv4mgQpG + Ito2jAyvOKTTrPU3sYHi1Dy0KDC+UpwPTNQ2trqLaleol9tkUR7n8tTuyvHH + bFAE+qafYxSWQjgRQ86q2FHIOeDWjPpemrBIy20YIUkfKPSsfUbTUUe0Et95 + haZQp8tRtbnnjr9KvzWWrCFy2pbgFOR5K88UAM0nTrCbTbeSW3RnZeSVGTUV + vp9i2rXcLQIURIyBtGBkc0zS7TUpNPgeG/8AKQrwvlK2PxNRwWmonVLqNb7b + Iqpufy1O4EccdsUAT6rp9jF9j8qBF33ManCjlTnINacmlaaEYi2j6H+EVi6n + aain2Xzr7zN1xGF/dqNrHOG4649K0XsdW2NnUsjB/wCWK0AQaNp1hNpkEstu + juwOSVBJ5NMh0+xOsXEJgQosaELtGATUWk2mpSadC8F/5SEHC+UrY5Pc02K0 + 1E6rPGt9iQRoS/lryOwx7UAT6vp9jDFbmKBELTxqcKBkHqK1jpOmY/49Y/8A + vkVhapa6jHHAZr7zQZkAHlquCeh49PStP7Dq/wD0E/8AyCtAFPQ9PsZ9Lglm + gR3bdklQSfmNCafYnWpYTAnliFWC7RjO7rUGjWmoyabC8F95KHdhPLVsfMe5 + oS01H+15IxfYlEIJfy15GemOn40AT6xp9jDbRtFAiEyoMhQOCea1v7J0z/n1 + j/75FYWq2mox26Ga+81TIgA8tVwSeDx6Vp/YdX/6Cf8A5BWgCnomn2M+npJN + AjsWfkqCeGNA0+x/twweQnl/Zw23aMZ34zioNHtdRksUeC+8lMthfLVv4j3N + AtNR/tgx/bv3vkA7/LX7u77uOnXnNAE+tafYw2W+GBEbegyFA4JrW/snTP8A + n1j/AO+RWFq9rqMdnunvvOXeny+Wq854OR6Vp/YdX/6Cf/kFaAKejafYzWZe + WBHbzHGSoPANB0+x/ttYPITyzbltu0YzuxnFQaTaajJaFoL7yl3uNvlq3OeT + k+tBtNR/thY/t373yCd/lr93d93HT8aAJ9b0+xg06SSGBEYFMEKAeWFa39k6 + Z/z6x/8AfIrC1i01GOwkee+85AVyvlqufmHcVp/YdX/6Cf8A5BWgCno+n2M1 + vK0sCORK4BKg8A8CiTT7Ea1DCIE8swsSu0YznrUGlWmoyQSGG+8oCVwR5atk + g8nn1oktdRGrxRm+zKYmIfy14GemOlAFjW9PsYNLnlhgRHXbghQCPmFag0rT + MD/RY/8AvkVh6xaajHpszz33nINuU8pVz8w7itIWOr4H/Ez/APIK0AVNI0+x + mjuTLAjFZ5FGVBwB0FE2n2K6xbQiBAjRuSu0YJFQaXa6jIlwYb7ygJnBHlq2 + WHU89M+lE1pqI1W3ja+zIUch/LXgdxjvmgC1rGnWEOmzyxW6I6gYIUAjkVoR + 6VppjUm2jyQP4RWRqtpqUenzPNf+agAyvlKuefUVdjsdWKKRqWBgceStAFbS + tPsZTeebAjbLiRVyo4AxgCi50+xXVrOFYECOshYbRg4HGag0y01Fzd+TfeXt + uHDfu1O5hjLc9M+lFxa6iNUtI2vt0jLJtfy1G3A5475oAu6tpthFp1xJFbor + KuQQoBFW7fS9NaCNmtoySoJ+UelZep2mppYTvNf+agXlfKUZ/EVagstWMMZX + UtoKjA8leOKAINM0+xllvRJAjBJ2VcqOBgcCi70+xTVNPiWBAknm7gFGDhRj + P0qDTrTUXkvBFfeWVmYMfLU7jgc89PpRdWmorqVij325283a/lqNuF5475oA + v6npunxafcSR26KyoxBCjIOK/JO+/wCP24/66P8AzNfrJqNnqaWM7y6h5iBC + SvlKMj0zX5N33/H7cf8AXR/5mv2Xwi+LE/8Abv8A7cfnvHu1H/t79D2L9nxF + f4nWKuAw8m44P/XM19/zQQi4gUIAGLZGOvFfn/8As+q7fE2xEbbG8m45xn/l + ma+/JYrgTwhpsklsHaOOK8zxP/5GMf8AAvzZ38Ff7o/8T/JFme3gWCQiNQQp + I49qILeAwxkxqSVHb2qKaK6EMhafICnI2AZ4pYYroxIVuMAqMDYDjivzk+us + JBBC004KAhSMcdOKJ4IVlgCoAGY5468VHDFcGaYLNggjJ2g54omiuBLCGm3E + k4O0DFAFqa3txC5EaghT29qbb28DQRs0aklR29qZLDdCJy1xkbTkbBzxSQRX + RhQrPtBUYGwHFAWCGCE3M6lAQu3Ax0yKLiCFXhCoBl8HjrUcUVwbiYLNhhty + do54oniuA8W6bcS3HygYPrQBbltrcRuRGoIB7VHbW8DW8bNGpJA5xSSQ3QjY + m4yMHjYKZbxXJgQrPtBHA2g4oCwsUEJup1KAhduBjpkUXMEKtDtQDLgHjtUc + cVwbmYCbDDbk7Rzx6UXEVwDFum3ZcAfKBg+tAFx7a3CMRGvQ9qhtLeBrdGaN + SSOpFK8N3tObjPB/gFRW0Vy0CFJ9qkcDaDigLDo4ITdSqUGAFwMUXUEK+TtQ + DMig4Hao0iuPtMoE+GAXJ2jn8KLmK4Hlb5t2ZFA+UDB9aALptrfB/dr+VV7O + CF7ZGeNSTnkj3p5hu8H/AEj/AMcFQWkVy1uhSfYvOBtB70BYekEJvJEKDaFH + GKLuCFVjKoBl1HA7VGsVx9qdRNhgoydo5/Ci6iuFVN827LjHygYPrQBe+zW/ + /PJfyqrZQQvbIzoCTnkj3qXybv8A5+P/ABwVWs4rhrdDHNsXnjaD39aAsSCC + H7YybBt2A4xxnNF5BCkQKoAdw6CoxFcfa2Xzvm2D5to6Z6YouorhYwXm3DcO + NoFAF77Nb/8APJfyqrZQQvbqzoCcnkj3qXybv/n4/wDHBVa0iuGgBSbYMnja + D3oCxJ5EP23ZsG3y84xxnNF5BCkOVQA5HQe9R+VcfbNvnfN5ed20dM9MUXcV + wsOXm3DI42gd6AL32a3/AOeS/lVWzgheIlkBO49R71L5N3/z8f8AjgqtaxXD + RZSbaMnjaDQFiQwQ/bQmwbdmcY4zmi9ghS2ZkQAjHIHvUZiuPtYXzvm2Z3bR + 0z0xRdxXC27F5t68cbQO9AF77Nb/APPJfyqraQQsjlkBw7DkVL5N3/z8f+OC + q1rFcMjbJto3H+EHn1oCxI0EP2xE2DaUJxjjrRewQpbOyIoIxyB71G0Vx9rV + TN82087R09MUXcVwtu5ebevGRtA7+tAF4W1vj/Vr+VVbWCFhLuQHEjAZHapR + Dd/8/H/jgqtbRXBEmybbh2B+UHJ9aAsSPBCLuNQg2lTkYpbuCBbZ2WNQQOoF + RPFcfao1M2WIODtHH4U66iuVt3Lz7lA5G0DNAFpba32j92vT0qvawQt525Ac + SMBx2qRYbvaMXHb+4Kr20VwfN2TbcSMD8oOT60BYklghF1CoQYIbIx14p91b + wLbyMsaggdQKgkiuBcxAzZYhsHaOOPSn3MVyIHLz7gByNoGaAaLEdtblFJjX + oO1QW0ELNMGQHDkDjoKekN1sXFxgYH8AqC3iuC0u2bbhzn5Qcn1oAklghFzA + oQANuyMdcCpLm3gWCRljUEKe1V5YrgXEAM2WO7B2jjj0p9xFciFy0+4AHI2A + ZoCxPFbW5iQmNSSo7e1Q28ELSzhkBAbjjpTooboxoRcYGBxsFQwRXBkmCzbS + G5O0HNAEk0EIngUIAGLZ468VLPbwLBIRGoIUkce1VpYrgTQhp8kk4O0ccVLN + FdCGQtPkBTkbAM8UBYkgt4GgjYxqSVHb2qKCCEzzqUBCkY46cUsMV0YYys+A + VGBsBxxUUMVwZpgs2CCMnaOeKAsSTwQrLAFQAMxzx14qaa3txC5EaghT29qq + zRXAlhDTbiScHaBipZYroROWuMjByNg54oA+K/2mUVde0MqAN1kSff5zXzPX + 0v8AtMK417Q97bgbI44xgbzxXzRX9N8E/wDIqoej/Nn4xxJ/v1X1/RH6j+G7 + GzXwn4TIhQGW1tA/H3swrnNdtc6Xpy20rLbRghGIO0elcF4atr8eE/Cpa8yH + tbTYPLX5P3K4+uPeu0uLLVVt5S+o7lCtkeUoyMdK/mPH/wAep6v8z9lwv8KP + ohdL02wl063kkt0ZmQEkqMmoLXT7FtVvomgQogi2jaMDIOcUmm2epvYQPFf+ + WhUYXylOB6ZqG2tNRbU7xEvtsiiPc/lqd2Rxx2xXIbk+qafYxPZCOBF33CK2 + F6g54NaU2laaIXItowQp/hHpWNqVpqKNaebfeZunUL+7UbW5w3vj0q/LZasI + nLalkAHI8leeKAGaRp1hNpsEktujuy8kqCTzUVvp9i2r3ULQIUREIG0YBPWm + aXaalJp8Dw3/AJSFeF8pWxz6mo4LXUTqlzGt9tkVE3P5ancD0GO2KAJ9W0+x + iW08qBF33EanCgZBzkVqPpWmhGIto+h/hFYmqWmooLXzr7zd06Bf3artY5w3 + HXHpWi9jq2051LPH/PFaAK+i6dYzaZBLLAjuwOSVBJ5NNi0+xOszwmBCixKQ + u0YBJqHSLTUpNOheC+8pCDhfKVscnuaSK01E6tNGL7EgjUl/LXkZ6YoAn1fT + 7GGGAxQIhaaNThQMgnkVrf2Tpn/PrH/3yKwtUtNRjihM195oMyADy1XBJ4PH + p6Vp/YdX/wCgn/5BWgCnoen2M+lwyzQI7ndklQTwxoTT7E63JAYE8sQBtu0Y + zu61Bo1pqMmnRPBfeSh3YXy1bHzHuaFtNR/th4xfYlEIJfy15G7pjp+NAE+s + 6fYw2qNFAiEyIMhQOCa1v7J0z/n1j/75FYWrWuox2ytPfeavmIMeUq854OR6 + Vp/YdX/6Cf8A5BWgCnoun2M1gsk0CO25xkqCeGNH9n2P9ueR5CeX9m3bdoxu + 34zUGkWmoyWStBfeSm5vl8tW7nPJ9aPsmo/2z5f27979nz5nlr93f93HTrzm + gCfWtPsYbEyQwIjb0GQoB5YVrf2Tpn/PrH/3yKwtXtNRjsi0995ybl+Xy1Xn + IxyPStP7Dq//AEE//IK0AU9G0+xmtGeWBHbzHGSoPAPFDafYjW0g8hPLMBbb + tGM7uuKg0m01GS1ZoL7yl3uMeWrc55OT60Na6j/bCRm+/emEnf5a/d3dMdPx + oAn1zT7GDTJZYYERwVwQoB5YVrf2Tpn/AD6x/wDfIrC1i11GPTpXnvvOQFcr + 5arn5h3Faf2HV/8AoJ/+QVoAp6Rp9jNDM0sCOVmkAyoPAPAol0+xGswwiBPL + aJiV2jBIPWoNKtNRkhlMN95QErgjy1bJB5PPrRJaaiNWhjN9mQxMQ/lrwM9M + dKALOtadYw6ZPLDAiOoGCFAI+YVprpWm7R/o0fT+6KxNXtNSj06Z577zkAGV + 8pVzyO4rRWx1fA/4mX/kFaAKmk6fYypdGWBG23EijKg4AxgUT6fYrq9rCsCB + GRyV2jBI6VBpdpqLrc+TfeVidw37tW3MOp56Z9KJrXURqttG19ukZHKv5aja + O4x3zQBb1fTrCHTZ5IrdEdV4IUAjmr0WlaaYkJtoySo/hHpWTqtpqUenzvNf + +agHK+Uq559RV2Ky1YxoRqWBgceStAFbS9PsZWvPMgRtlw6rlQcAY4FF1p9i + uq2USwIEdZNw2jBwOM1BptpqLtd+VfeXtncN+7U7mGMtz0z6UXFpqK6nZo99 + ukYSbX8tRtwOeO+aALuq6bYRadcSR26KyoSCFGRVq30vTmt4ma2jJKqSdo9K + zdSs9TSwneW/8xApyvlKMj0zVmCy1UwRldR2gqMDylOBigCDTNPsZZr0SQIw + SYquVHAx0FF5p9imp6fEkCBJPN3AKMHC8ZqDT7XUXlvBFfeWVlIY+Wp3HHX2 + +lF3aaiuo2KPfb3fzNreWo2YXnjvmgDQ1LTdPi0+4kjt0VlRiCFGQcVLZ6Xp + z2kDvbRlmRSSVHJIqjqFnqaWM7y6h5iBGJXylGRjpmpbWy1VrWFk1HYpRSB5 + SnAx0zQBFp+n2Ml1fI8CMEkAUFRwMdqL7T7FL+wjSBFWRnDAKMHC96gsbTUX + ubxY77YyyAMfLU7jjr7UXlpqK3tksl9vdmfa3lqNuF5475oA0r/TNPjsbmRL + dFZY3IIUZBCmiw0zT5LG3d7eNmaNCSVGSSBVa+s9UWyuGk1DeojclfKUZGDk + Z7ZpbKz1RrOBo9Q2KY1IXylOBjgZ9qAGWOn2Ml/fxvAjLGyBQVGBle1GoafY + x3diiQIqySEMAo5GO9QWVrqLXt6sd9sdWXc3lqd3HHHbFF9a6il1ZLJfeYzS + EKfLUbTjrjvQBq3ml6clpO620YZUYghRwQKi03TdPksLeSS3RmaNSSVGScVH + dWWqrazM+o71CMSPKUZGOmai0+z1N7GBotQ8tCikL5SnAx0zQAWen2L6nqET + wIUjMW0FRgZXJxRqWn2Mc1kscCKHmAbCjkYPBqC0tNRbUb5Evtjp5e5vKU7s + rxx2xRqFpqKTWYlvvMLSgKfLUbTjr7/SgDXudL05beVltowQjEHaPSqulabY + S6dbySW6MzICSVGTRcWWqiCQtqO4BTkeUoyMdKr6bZ6m9hA8V/5aFRhfKU4H + pmgB1rp9i2rXsTQIUQRbRtGBkc4o1TT7GJrIRwIu+4RWwo5BzwagtrTUW1O8 + RL7bIoj3P5andkccdsUala6ijWnm33mbp0C/u1G1ucNx1x6UAbMulaaInIto + wQp/hHpVHSNOsJtNgklt0d2XklQSeallstWEbk6lkYPHkrVLS7TUpNPgeG/8 + pCvC+UrY59TQBJBp9i2r3ULQIUREIXaMAnrRq2n2MK2pigRd1xGpwoGQc5FQ + Q2monVLmNb7bIqJufy1+YHoMdsUapa6jGtt5195u6dAv7tV2sc4bjrj0oA22 + 0rTQpIto+n90Vm6Lp1jNpkEs0CO7A5JUEn5jVlrHV9pzqWeP+eK1naRaalJp + 0LwX3koQcL5Stjk9zQBNFp9idZnhMCGNYlIXaMAk9aNX0+xhhhaKBELTRg4U + DgnkVBHa6idWmjF9iQRqS/lryM9MUaraajHDEZr7zQZUAHlquCTwePT0oA3f + 7J0z/n1j/wC+RWTomn2M+mQyzQI7ndklQTwxFXPsOr/9BP8A8grWZo9pqMmn + RPBfeSh3YXylbHzHuaAJ10+xOtvAYE8sQBtu0Yzu64o1nT7GG1V4oEQmRBkK + BwTzUC2mo/2u8Yvv3vkgl/LXld3THT8aNWtNRjtlaa+81fMQY8tV5J4OR6UA + bv8AZOmf8+sf/fIrJ0XT7GewWSaBHbc4yVBPDGrn2HV/+gn/AOQVrM0i11GS + yDQX3kpub5fLVu5zyfWgCf8As+x/tzyPITy/s27btGN2/GaNa0+xhsGkhgRG + 3IMhQDywqD7JqP8AbPl/bv3v2fPmeWv3d/3cdOvOaNXtNRjsmae+85Ny/L5a + r/EMcj0oA3f7J0z/AJ9Y/wDvkVk6Np9jNas8sCORI4yVB4B4q59h1f8A6Cf/ + AJBWszSbTUZLZmgvvKXzHGPLVuQeTk+tAE76fYjW44BAnlmAtt2jGd3WjW9P + sYNMmlhgRHG3BCgHlgKga11H+2EjN9mUwkh/LXgbumOn40axaajHp0rz33nI + NuV8tVz8w7igDd/snTP+fWP/AL5FZOj6fYzQzGWBHKzOoyoPAPAq59h1f/oJ + /wDkFazNKtdRkimMN95QErgjy1bJB5PPr6UATy6fYjWYIRAgRomJXaMEg9ad + rWnWMOmTyxQIjqBghQCORVaS01EatDGb7MhjYh/LXgZ6YpdXtNSj06Z577zU + AGV8pVzyO4oA2l0rTSoJto+n90Vl6Tp9jKt15sCNsuJFGVBwBjAq2tjq+0Y1 + LHH/ADxWs3TLTUXW58m+8rbO4b92rbmHVuemfSgCefT7FdXtYVgQIyOSu0YJ + HSpNX06wh02eSK3RHVeCFAI5qpNaaiNUto2vt0jI5V/LUbQOox3zT9UtNSj0 + +d5r/wA1AvK+Uq559RQBrQ6VppiQm2jJKj+EelZul6fYyteiSBG2XDquVHAG + OBViKy1YxIV1LAIGB5K8VQ0201F2u/KvvL2zuG/dqdzcZbnpn0oAnutPsV1a + yiWBAjiXcNowcDjNT6ppthFp1xJHborKhIIUAiqNza6iup2cb326RhJtfy1G + 3A5475qbUrPU0sJ3lv8AzECnK+UoyPTIoA0bbS9Oa3iZraMkopJ2j0rP03T7 + GSa9WSBGCTELlRwMDgVNb2WqmCMrqO0FRgeUpwMdKpafaai814Ir7yyspDHy + 1O446+1AE95p9imp6fEkCBJDLuAUYOF4zVnUtN0+OwuJI7dFZY2IIUZBxWfd + 2uorqNij3293Mm1vLUbcLzx3zU+oWeqJYztLqHmIEYlfKUZGOmaALtnpmnPZ + wO9tGWaNSSVHJIqlp+n2Ml3fI8CMqSAKCo4GO1SWllqrWsLJqOxSikDylOBj + pmqlja6i91erHfeWyyAMfLU7jjrjtQBPfafYx31hGkCKsjuGAUYOF71bv9M0 + +OxuHS3jVljcghRkEA1m3tpqK3tksl9vdmba3lqNpxzx3zVq9s9UWznaTUN6 + iNiV8pRkY5GfegCxYaZp8ljbSPbozNGhJKjJJUVUsdPsXv7+N4EZY2QKCowM + r2p1jZ6o1lbtHqGxTGhC+UpwMDAz3xVaztNRa9vVjvtjqybm8tTu4447YoAn + 1HT7GO6sVjgRQ8hDAKORjvV680vTktJ3S2jDKjEEKOCBWVf2uopc2ayX3mM0 + hCnylG046471curLVVtZmfUd6hGJHlKMjHTNAEmm6bp8un28klujMyKSSoyT + iq1np9i+qahE8CFI/K2gqMDK84o0+z1N7GB4tQ8tCikL5SnAx0zUFpaai2o3 + yJfbHTy9zeWp35XjjtigCfUtPsYprIRwIoeYK2FHIweDWhcaXpy28rLbRghW + IO0elZGoWmopLZiW+8wtMAp8tRtOOvv9KvT2WqiCQtqO4BTkeSoyMUAJpWm2 + EunW8klujMyAklQSahttPsW1a9iaBCiLHtG0YGRzim6bZ6m9hA8V/wCWhUYX + ylOB6ZNRW9rqLandxpfbZFEe5/LU7sjjjtigCfVdPsYms/LgRd9withRyDnI + NaUulaaInItowQp/hHpWNqVpqKG082+8zdOgX92o2sc4bjrj0rQlstWEbk6l + kYPHkrQBFo+nWE2mwSy26O7LySoJPJqODT7FtXuYTAhRY0IXaMAnrUelWmpS + afC8N/5SEcL5Stjn1NMhtNROq3Ea32JFRCX8tfmB6DHbFAE+rafYxJamKBF3 + XEanC4yDnIrVbStN2n/Ro/8AvkVh6paaii23nX3m7p0A/dqu1j0bjrj0rSax + 1fB/4mX/AJBWgCtounWM2mQSzQI7sDklQSfmNNi0+xOszQmBPLESkLtGAc9a + h0i01KTToXgvvJQg4XylbHJ7mkjtdROrSxi+xIIlJfy15GemOlAE+safYwwQ + tFAiEzIDhQOCeRWt/ZOmf8+sf/fIrC1W11GOGIzX3mgyoAPLVcEng8elaf2H + V/8AoJ/+QVoAp6Jp9jPpsUk0CO5LZJUE8MaF0+x/tt4PITyxAG27RjO7Gag0 + e01GTT43gvvJQlsL5atj5j3NC2mo/wBsNH9u/e+SDv8ALX7u7pjp+NAE+s6f + Yw2ivFAiN5iDIUDgnmtb+ydM/wCfWP8A75FYWrWmox2oae+81d6DHlqvOeDk + elaf2HV/+gn/AOQVoAp6Lp9jNYh5oEdt7jJUE8Gj+z7H+3BB5CeX9n3bdoxn + fjOKg0i11GSzDQX3kruf5fLVuc8nJ9aPsmo/2yIvt373yM+Z5a/d3fdx0685 + oAn1vT7GDT2khgRGDIMhQDywrW/snTP+fWP/AL5FYWr2uox2LPPfecm5fl8t + V7jHIrT+w6v/ANBP/wAgrQBT0fT7Ga1dpYEciVxkqDwDxUqWttb69GsEaxjy + GOFGOd2M1T0q01GS2cw33lKJHGPLVskHk5PrViCG6i1yMXNz558ljnYF4z04 + 9+aAOlooooAKKKKACiiigAooooA//9b9z5dRlOqwTfY5gVjYbCBuOe4p+raj + LNp00TWc0YYD5mAwOR1q3PPAdatnEi7RE+TkYp+t3ED6VcKkikkDgEHuKACP + VZwij7BOcAdhWdpmoSxfa9tnNJvuJGO0D5SccH3FdHFc23lp+9ToP4hWVo88 + C/bd0ijN1IRkjkcc0AUbjUJW1S1mNnMpRXAUgbmyO30qXU9SmlsJ42spowy4 + 3MBgfWrNzPAdZsnEi7QkmTkYHFTaxcQNplwqyKSV6BhQBFDqsywxqLCc4UDI + A54qhp2oyxSXhFnM++ZmO0D5c44PvXQW9zbCCMGVPuj+IelZulTwLLfbpFGb + hiMkcjAoAo3WoyvqVlKbOZTH5uFIGWyvb6d6n1HUppbGeM2UyBkI3MBgfWp7 + yeA6vp7CRSFE2TkYGVFWNVuLdtNuVWVSShwAwoArW2qTJbRILGdtqKMgDBwO + tUrDUJY7i8YWcz75ckADK8dD71vWdzbi0gBlQEIv8Q9Kz9MngW5vy0igNNkZ + I54oAo3moyvf2Uhs5lMZfCkDLZXt9Ks3+pzSWVxGbKZA0bDcQMDI6mpb6eA6 + lpzCRSFaTJyOPlq3qVxbtp9yqyqSY3wAw9DQBRs9UmS0gQWM7BUUZAGDgdRV + Sy1GWO7vXFnM5kdSQAMrgdDW3YXNutjbgyqCI043D0FUtOngW+1AtIoDSLjk + c/LQBRvtQlku7JzZzIY3YgEDLcdBVu81SZ7SdDYzqGRhkgYGR1NP1GeBr7Ty + sikLI2eRxxV2/ubdrG4AlUkxvxuHoaAM2w1OaOygjFlM4VFG4AYOB1FVrPUJ + Uv76QWczGQplQBlcL3+tbOm3FuunWytKoIjTILD0qpYTwDU9RYyKAxjwcjn5 + aAKN/qMsk9mxs5k2S5AIGW46D3q7c6pM9vKpsZ1yjDJAwOKXU54GubArIpAm + ycEccVoXdzbm1mAlQko38Q9KAMjTtSmisYI1spnCoBuUDB9xUFrqEqaneyiz + mYyCPKgDK4Xv9e1a2lXFuum2ytKoIQZBYVXs54Bq+oMZFAYRYORg4WgCjqWo + SyyWZazmj2TKw3AfNjsPer82qzNDIpsJxlSMkDjik1aeBpLHbIpxcKTgjgc1 + pXFzbGCQCVPun+IelAGHpepTQ6fBGtlNIFX7ygYP0qODUZV1S6mFnMS6oNoA + 3DA7/WtPR7iBNMt1aRQQvQsKitp4BrN45kXaUjwcjB4oAo6nqMsv2XdZzR7L + iNhuA+YjPA9zWi+qzlGH2CccHsKZq88DfYtsinFzETgjgc81qyXNt5bfvU6H + +IUAc/pOoyw6dDEtnNIFB+ZQMHk9KZFqMo1Web7HMS0ajYANwx3NaOiXECaV + bq8iggHgkDuaZBPANauXMi7TEmDkYoAo6rqEs0cAazmj2zI3zAc47D3NaZ1a + f/oHz/kKi1meB4rbbIpxPGTgjpmtg3Vtj/Wp/wB9CgDmdG1GWDTYYls5pQu7 + 5lAwcsTxQmoyjV5J/scxJhC7MDcOev0q9oM8CaTAryKpG7gkA/eNEc8H9uyv + 5i7fIUZyMZ3UAUdV1CWa3RWs5owJEOWAxwen1Nan9rT/APQPn/IVDrc8D2sY + WRSfNjPBB71sfarb/nqn/fQoA5nR9QlgsEjWzmlAZvmUDHLGgajL/bJn+xzZ + 8gLswN2N2c/Sr2gzwJpqK8iqdz8EgfxGgTwf28z+Yu37MBnIxnfQBR1fUZZr + PY1nNEN6HLAY4Nan9rT/APQPn/IVDrs8D2GEkVjvToQf4q2PtVt/z1T/AL6F + AHM6TqMsNoUWzmkG9zlQMcnpQdRl/thZ/sc2RAV2YG7G7OfpV7Q54EsiHkVT + 5j9SB3oaeD+3lfzF2/ZyM5GM76AKOsajLPp8kbWc0QJX5mAwMMK1P7Wn/wCg + fP8AkKh16eB9MkVJFY5TgEH+IVsfarb/AJ6p/wB9CgDmdK1GWGCRVs5pMyuc + qBgZPT6iiTUZTq8U32OYERMNmBuPPX6Ve0WeBLaUNIoJmkPJHrRJPB/bkL+Y + u0QsM5GOtAFLWNRln02aJrOaINt+ZgMD5h1rSGrT4H+gT/kKj16eB9JnVJFY + nbwCCfvCtYXVtgfvU/76FAHNaXqEsKXAWzmk3TO3ygcZ7H3FE2oStqtvN9jm + BVHGwgbjnuKvaNPAkdzukUZuJCMkdKJ54DrVq4kXaI3ycjFAFTVtRlm0+aJr + OaMMB8zAYHI61ej1WcIo+wTnAHYUut3ED6XcKkikkDgEHuK0Yrm28tP3qdB/ + EKAOc0zUJYjd7bOaTfcOx2gfKTjg+4ouNQlbVLSY2cylFkwpA3NkdvpV7SJ4 + FN9ukUZuZCMkcjii6ngOs2TCRSoWXJyMDigCtqepTS2E8bWU0YZcbmAwPrVq + DVZlhjUWE5woGQBg8VLrFxA2mXCrIpJXoGFXLe5thbxAyp91f4h6UAc/p2oy + xSXhFnM++ZmIUD5eBwfei61GV9SsZTZzKY/NwpAy2Vxx9O9XtKngWW+LSKMz + sRkjkYFF5PAdW05hIpC+dk5GBlRQBBqOpTS2M8ZspkDIRuYDA9zX5N33/H7c + f9dH/ma/XTVbi3bTblVlUkxtgBh6V+Rd9/x/XH/XR/5mv2Xwi+LE/wDbv/tx + +e8e7Uf+3v0PYf2fXMfxNsWCl/3NxwOv+rNffktwzTwt5TjaW4I5PHavgb9n + ohfifYljgeTcf+izX3/PIhubchhgFu/tXmeJ/wDyMY/4F+bO/gr/AHR/4n+S + GzXLNDIvkuMqRkjpxSw3LLEi+S5wo5A9qnuJIzBIAw+6e/tRBJGIIwXH3R39 + q/OT64pw3DLNM3lOdxHAHTjvRNcM0sJ8pxtJ4I6/SpreRBPOSwwSO/tRcSIZ + oCGBwx7+1ACS3LGJx5LjKnkj2pILllhRfJc4UcgcGrM0kZhkAcfdPf2pLeSM + W8YLAHaO/tQBTiuGW4mbynO7bwByMDvRPcMzxHynG1s8jr9KmhkQXNwSwwdv + f2pbmSMyQYYHD+tACSXTGNh5DjIPamW9yywIvku2B1A4q3LJGYnAcdD3qO1k + jFvGCwBwO9AyrHcMLmZ/Kc7tvGORgd6Li4ZjFmJ12uDyOvsKmikQXc5LDB29 + /ai6kQtDhgcSDvQIV7pypHkP0Paora4ZIEUQu2B1A4q68kexvnHQ96hs5Ixb + RgsAcetAyslwwuZX8pzkLxjkUXNwz+VmJ1xIp5HX2qeOSP7XMdwwQveku5EP + k4YHEi96BDjdPg/uH/KoLS4ZLdFETtjPIHHWtAyx4Pzj86q2UkYtYwWAPPf3 + oGQLcMLp38p+VHGOaLq4Z1QGJ1w4PIqZJE+2SHcMbR3ovJEKR4YH5170CH/a + n/54SflVazuGS3RRE7YzyBx1rS82L++PzqnYyILVAWAPPf3NAEIuG+1s/lP9 + wDGOetF1cM8YBidfmHUVMJE+2sdwxsHOfei9kQxABgfmXv70AP8AtT/88JPy + qtaXDJAFETtyeQOOtaXmxf3x+dU7GRBbKCwBye/vQBD9ob7Zv8p8+XjGOevW + i7uGeHaYnXkcke9TeYn2/duGPL65/wBqi9kQwYDA8jv70AP+1P8A88JPyqta + 3DJFgRO3J5ArS82L++PzqnZSIISCwHzN396BkJuG+1h/Kf7mMY569aLu4Z7d + lMTrnHJHHWpjIn24HcMeX1z70X0iG2cBgTx396BD/tT/APPCT8qrWtwyIwET + tlieBWl5sX98fnVOzkQI+WA+du9AELXDfa1fyn4UjGOaLu4Z7d1MTrnHJHHW + pmkT7ah3DGw8596W+kjNq4DAnjv70AOF0/8Azwk/Kq1tcMgk/dO2XY8Dp7Vo + iWPH3x+dVbSSMCXLAZkbvQBA9wxuo38pxgHjHJp11cM9u6mF1yOpHFSPIn2y + I7hja3enXkkZtpAGBOPWgGC3ThQPIfp6VXtrhk83ETtmRjwOntWgkke0fOOn + rVW0kQedlgMyN3oAhkuGNzE/lONobjHJyO1PuLlmgdTC65HUjinyyIbuAhhg + Bu/tUl1JGbaQBgTj1oBjEunCKPIc8DtUFvcMrSkRO25yeB0+tX45I/LX5x0H + eq1rIgefLAZc96AIZbhjcQN5Tjbu4xycjtT7i5ZoXXyXGQeSOKfNIhurchhg + b+/tUtzJGbeQBgTtPegCKK6YRoPJc4A5xUMFwyyTHynO5uw6fWrsMkYiQFx9 + 0d/aoLeRBLOSwGW9fagCGW4ZpoW8pxtJ4I5PHapJrlmhkXyXGVIyR04p88iG + 4tyGGAW7+1S3EkZgkAYfdPf2oAghuWWGNfJc4UDIHXioobhlmmbynO4jgDkc + d6uW8kYgjBYfdHf2qGCRBcXBLDBK9/agCGa4ZpYT5TjaTwR1+lSy3LGJx5Lj + Knkj2pbiRDNAQwOGPf2qeaSMwyAOPunv7UDPiL9phy2vaGCpXbZEc9/nPSvm + ivpn9pog69oWDnFkf/QzXzNX9N8E/wDIqoej/Nn4vxJ/v1X1/RH6geGr6Q+E + /Co+yyjyrW0IOB8+IV+7XaXGqTNbyqbGdcqwyQMDiuX8NzQnwl4RxIvy2tpn + kcfuV613V1c25tZgJUJKN/EPSv5jx/8AHqer/M/ZcL/Cj6IxtN1KaKwgjWym + kCqBuUDB+lQ22oyrqd5KLOZi4jyoAyuB3+tauk3Fuum2ytIoIQZBYVBaTwDV + 79jIoDCLByMHCmuQ3KOpajLK1oWs5k2Tqw3AfMRnge9aEuqzmJx9gnGVPJA9 + Kbq08DPY7ZFOLhCcEcDmtOa5tjDIBKn3T/EPSgDC0vUpYdPgjWzmkCr95QMH + ntUcGoyrqtzMLOYl0QbQBuGPX61p6NcQJpdurSKCF6Fh61FbzwDWrtzIu0pH + g5GKAKOqahLMLbdZzR7J0YbgOSM8D3NaT6rOUYfYJ+h7Co9YngZbPbIpxcxk + 4I4HNaz3Ntsb96nQ/wAQoA53SNRlh06GJbOaUKD8ygYPJ6U2LUZRq0032OYl + o1GzA3DB6mtDQ54E0q3V5FUgHgkA/eNNhngGt3DmRdpiQZyMdaAKOq6jLNFC + Gs5o9syNlgOcHoPc1qf2tP8A9A+f8hUOszwPDAFkU4njPBB4zWx9qtv+eqf9 + 9CgDmdG1CWDTools5pQN3zKBg5Y0LqEo1h5/sc2TCF2YG773X6Ve0CeBNJhV + 5FUjfwSAfvGhJ4P7dkfzF2+QBnIxndQBR1bUZZrZUazmjAkQ5YDHB6Vqf2tP + /wBA+f8AIVDrc8D2iBJFY+anQg962PtVt/z1T/voUAczpGoyw2SxrZzSjcx3 + KBjkmj+0Zf7Z8/7HNn7Pt2YG7G/Ofp2q9oU8CacqvIqnc/BIH8Ro8+D+39/m + Lt+zYzkYzv6UAUdX1GWayMbWc0Q3IdzAY4IrU/taf/oHz/kKh1yeB9PKpIrH + enAIP8QrY+1W3/PVP++hQBzOk6jLDasi2c0g3ucqBjk9KG1CU6wk/wBjmyIS + uzA3fezn6Ve0SeBLNg8iqfMfqQO9DTwf28j+Yu37ORnIxndQBR1nUJZ9Okia + zmiBK/MwGBhhWp/a0/8A0D5/yFQ69PA+lTKkisSU4BB/iFbH2q2/56p/30KA + OZ0rUZYYZVWzmk3SucqBxk9D7iiTUZTq0M32OYFYmGzA3HJ6j2q9os8CQThp + FGZ5DyQOM0Szwf23A/mLtELDORjrQBS1fUZZtOmiazmiDAfMwGByOtaK6tPt + H+gT/kKbrs8D6VcKkisSF4BBP3hWqt1bbR+9Tp/eFAHNaXqMsS3IWzmk3Tux + 2gcE9j7iibUJW1W2mNnMCqONhA3HPcfSr2jzwKl3ukUZuJCMkdOKLieA61aO + JF2iOTJyMUAVdV1KWbT54ms5oww+8wGBz3q5Fqs4jQfYJzgDnAp2tXED6XcK + siklegYetaENzbCJAZU+6P4h6UAc7puoyxNd7bOaTfO7HaB8pOOD70XGoytq + dnKbOZSgkwpA3NkdvpV7SZ4Fa+3SKM3LkZI5HFF3PAdYsWEikBZcnIwOBQBX + 1LUppbCeNrKaMMpG5gMD61Yg1SZYI1FhOcKBkAYPFT6vcW7aZcqsiklDwGFW + ra5thbRAyp9xf4h6UAYGn6hLFNeMLOZ98pYhQPl46H3ou9QlfUbGU2cymPzM + KQMtle3071e0ueBZ78tIozOSMkcjFF7PAdV05hIpC+bk5GBlaAINQ1OaWxnj + NlMgZGG5gMDjqaltdUmS1hQWM7BUUZAGDgdRVvVLi3bTrlVlUkxtgBh6VNZX + NuLOAGVARGv8Q9KAMKx1GWO5vHFnM5eQEgAZXjoaLzUZXvbKQ2cymNnIUgZb + I7Ve02eBbu/LSKA0oxkjnii/ngbUdPYSKQrPk5HHy0AR32pzSWVxGbGZA0bj + cQMDIPJostTmjs4EFjO4WNRkAYOAORWhqNzbtp9yqyqSYnwNw/umjT7m3Wwt + gZVBEScbh/dFAGLZahLHe3sgs5nMjKSoAyuB3ov9QlkurJzZzIY5CQCBluOg + q9p88C6hqDNIoDOmDkc/LRqU8DXmnlZFIWQ5wRxxQA261SZ7WZDYzqGRhkgY + GR1NR6fqc0djBGLKZwqKNwAweOorVvbm3NnOBKhJjb+IelRaXcW66dbK0qgi + NcgsPSgDHtNRlTUb6UWczGTy8qAMrhcc/XtRqGoyyTWbGzmTZKCAwHzcdB71 + esp4BquosZFAYxYORg4WjVJ4GnsCsinE4JwRwMGgAuNUmaCRTYzrlSMkDA4q + vpupTRWEEa2U0gVQNygYP0rZurm2NtKBKhJRv4h6VV0i4t10y2VpFBCDgsKA + Mq21CVNTvJRZzMXEeVAG5cDv9aNS1GWVrQtZzR7J0YbgPmxnge9XrSeAaxfs + ZFCsIsHIwcCjVp4Gex2yKcXKE4I4HNADpdVnMbj7BOMg84FU9K1KWHT4Ils5 + pAo+8oGDz2remubYxOBKn3T/ABD0rP0W4gTS7dWkUEL0LAd6AM2DUZV1W5mF + nMS6INoA3DHc/WjVNRlmW2DWc0e2dG+YDnGeB7mr1vPANZu3Mi7THHg5GKNZ + ngdLTbIpxcxk4IPHNAEjatOVI+wT9PQVnaRqMsGnQxLZzShQfmUDB5PSuje6 + ttp/ep0P8QrL0KeBNKt1eRVIDcEgH7xoAz49QlGrTTfY5iWiUbMDcMHqfajV + dRlmhiVrOaPEqHLAc4PT6mr0U8A1ydzIu0wqM5GOtGtTwPBAFkU4njPBB4zQ + BN/a0/8A0D5/yFZej6jLBp0US2c0oG75lAwcsTXTfarb/nqn/fQrH0GeBNKh + V5FUgvwSAfvGgCiuoyjWHn+xzZMIXZgbvvdfpRq2oyzWyo1nNGBIhywGOD0/ + GryTwf27I/mLt+zgZyMZ3Ua3PA9ogSRSfNToQe9AE39rT/8AQPn/ACFZej6h + LBZCNbOaUbmO5QMcmum+1W3/AD1T/voVj6FPAmnqryKp3vwSB/EaAKP9oy/2 + z5/2ObP2fbswN2N+c/TtRq+oyzWTRtZzRDcp3MBjgir3nwf2/v8AMXb9lxnI + xnfRrs8D6cypIrHcnAIP8QoAm/taf/oHz/kKy9J1GWG2ZFs5pAZHOVAxyen4 + V032q2/56p/30Kx9EngS0cPIoPmv1IHegCi2oSnWEn+xzZEJXZgbvvdfpRrG + oyz6dLE1nNEDt+ZgABhhV554P7djfzF2+QRnIxndRr08D6VMqSKxJTgEE/eF + AE39rT/9A+f8hWXpWoSwwzKtnNJuldsqBxk9D7ium+1W3/PVP++hWPos8CQT + hpFGZ5DyQOM0AUZdQlOrQzfY5gVjYbMDccnqPanavqMs2nTRNZzRhgPmYDA5 + HWrk08B1u3cSLtETjORjrTtcuIH0q4VJFYkDgEE/eFADl1acKB9gn6egrN0z + UZYludtnNJvnkY7QOCccH3FdIl1bbR+9ToP4hWTo88Crd7pFGbmQjJHTigCj + PqMrarbTGzmBRHG0gbjnuPpUmq6lLNp88TWc0YYfeYDA571auJ4DrNowkXaI + 5MnIxUmtXED6XcKsiklegYHvQA2LVZliQCwnOAOcD0rP03UJYmuytnNJvndj + tA+UnHB966GG5thDGDKn3R/EPSszSZ4Fe+3SKM3LkZI5HFAFG51CVtTs5TZz + KUEmFIG5sjt9Km1LUppbCeNrKaMMpG5gMD61Yu54DrFgwkUqolycjAyKn1a4 + t2025VZFJKHADCgCC31SZYI1FjO2FAyAMHiqOn6jLHNeMLOZ98pJCgfLx0Pv + W/a3NsLaIGVAQi/xD0rO0ueBZ78tIozOSMkcjAoAo3eoSvqNjKbOZTGZMKQM + tle30qxqGpzSWM8ZspkDIw3EDA46mpr6eA6rpzCRSFMuTkcfLVrVLi3bTrlV + lUkxtgBh6UAU7TVJktYUFjOwVFGQBg4HUVTsNQljur1xZzOZJASABleOhrcs + bm3FlbgyqCI0/iHoKo6bPAt5qBaRQGkGMkc8UAUb3UZZL2ykNnMpjZiFIGWy + O1Wr3U5pLOeM2MyBo2GSBgZHU1JqE8Dahp7LIpCu+TkcfLVzULm3awuVWVST + E+BuH900AZ9jqc0dlbxixmcLGg3ADBwByKq2eoype3sgs5mMjISoAyuB3ra0 + 65t10+2VpVBESZG4f3RVOwngXUdQYyKAzJg5HPy0AUb/AFGWS5snNnMmyQkA + gZbjoKuXWqTPazIbGdQyMMkDAyOpp2pTwNd2BWRSFlOcEccVfvbm3NnOBKhJ + jb+IelAGTp+pzRWMEYspnCoo3KBg8dRUFpqEqajfSizmYyeXlQBlcL3+vatf + S7i3XTrZWlUERrkFh6VWsp4Bq2osZFAbysHIwcLQBR1DUZZZbMmzmTZMGAYD + 5uOg96vT6pM0EimwnGVIyQMDijVJ4GmsSsinE4JwRwMGtG5ubY20oEqfcb+I + elAGNpupTRWEEa2U0gVQNygYP0qG31CVdTu5hZzMXWPKgDcuB3+taukXFuum + WytIoIQcFhUFrPANYvmMihSsWDkYPFAFHU9QllNpus5o9k6MNwHzEZ4Hua0J + dVnMbj7BOMg84FN1eeBmsdsinFzGTgjgc1qTXNsYnAlT7p/iHpQBgaVqMsOn + wRLZzSBR95QMHntTIdRlXVbiYWcxLIg2gDcMdz9a0tFuIE0u3VpFBCngsB3N + R288A1q6YyLtMceDkYoAo6pqMsq2wazmj2zow3Ackdh7mtJtWn2n/QJ/yFR6 + xPAyWm2RTi4jJwR05rXa6ttp/ep0/vCgDm9I1GWHToYls5pQoPzKBg8npSR6 + hKNXlm+xzEtEo2YG4c9fpWhoU8CaVbq8iqQG4JAP3jTYp4P7cnfzF2mFRnIx + 1oAo6rqMs0MStZzR4lQ5YDnB6fU1qf2tP/0D5/yFQ61PA9vCEkUkTRngg962 + PtVt/wA9U/76FAHM6PqMsGnxxrZzSgFvmUDByxoXUZf7Yaf7HNkwhdmBuxuz + n6Ve0GeBNLiV5FU5fgkD+I0LPB/bzv5i7fs4GcjGd1AFHVtQlmtQjWc0Y3oc + sBjg9K1P7Wn/AOgfP+QqHW54Hs1CSKT5idCD3rY+1W3/AD1T/voUAczpGoSw + WYjWzmlG5juUDHJo/tCX+2RP9jmz9n27MDdjdnP0q9oU8CWAV5FU734JA/iN + Bng/t8P5i7fs2M5GM7+lAFHWNQlnsWjazmiBZTuYDHBFan9rT/8AQPn/ACFQ + 67PA+nMqSKx3JwCD/EK2PtVt/wA9U/76FAHM6TqMsNs6rZzSAyOcqBjk9Pwq + xBdPc67GzwPD+5YYcYPXOfpU2iTwJaOGkUHzZDyQO9OMkcmvRmNgw8hhwc/x + UAbtFFFABRRRQAUUUUAFFFFAH//X/dWbTLBdXt4BAojaNyRjgkU7WNM0+DTZ + 5YYFR1AwQORyKry2+qDVYEa8UymNyH8scDuMU7VrbVE06Zp7xZIwBlRGBnkd + 6ANaPR9MMak2yZIHaszStNsJvtnmwK2y5kVcjooxgVbjtNZ2Li/UDA/5ZCs/ + TLfU3+1+TdiPbcSBv3YO5hjJ9s+lAEtxptgurWkKwKEdZCwxwcDipdV0vT4d + OnligVXVcggdKq3FvqY1S1R7sNKyvtbywNoA5475qTU7bVUsJ2mvFkQLyvlg + ZH1oA0oNI0xoY2a2QkqCePas/TNMsJZLwSQKwjnZVyOgAHFWYbXWTDGVvlAK + jA8occVQ0631RpLsQ3gQrMwb92Dubjn2+lAE13plgmqWMKwKEk83cMcHC8VP + qeladFp9xJHbqrKhIIHQ1SurfVBqVkj3atI3m7G8sDbheeO+am1G21ZbGdpr + 1XQIcr5YGR9aALtrpOmvawu1uhLIpJx3Iqjp2m2EtxerJArCOXCgjoMdKntr + XWDbRFL5VUouB5QOBjpVOwt9Ta4vBFdhGWTDHywdxx19qAJr3TLCPULCJIFC + SGTcMdcLkVZ1DStOjsbiSO3RWWNiCB0IFULy31Rb+yWS8DOxfY3lgbfl5475 + qzfWurrZXDS3qugjYlfLAyMcjNAFiy0nTZLOCR7dCzRqScdSQKqWGm2El5fR + vArLG6hQR0BFSWdrq7WkDR3yqpRSB5QOBjgZqrZW+qNd3qx3gR1dd58sHccd + cdqAJb/TbCO8sUSBVWR2DADqMVcvdJ02OznkS3QMsbEHHQgGs6+t9TW7sllv + A7M7bD5YG046471avLXV1tJ2kvlZAjEjygMjHIzQBLp+ladLYW8klujM0akk + jqSKq2Wm2Emo38TwKUjMe0Y6ZXmn2FrqzWUDRXqohRcL5YOBjgZqvZ2+ptf3 + yx3YV1Kb28sHdleOO2KAJtR0ywiuLJY4FUSS4bA6jHSr11pGmpbSutugKoxB + x3ArLv7fVFnsxLeB2aXCnywNpx196u3NrrAt5S98rKEbI8oDIxQAaZpWnS6f + bySW6szICSR1NV7XTbB9UvoWgUpGItoxwMrzS6dbas1jA0N6qIUGF8sHA+tQ + 2tvqZ1K9RLsLIoj3t5YO7K8cdsUAS6npthDJZiOBVEk6q2B1BzxWjPpGmLDI + y2yAhSRx7Vk6jb6mj2nnXYctMoX92BtbnB9/pV+a01gQuWvlI2nI8ocjFAEW + k6Xp82nQSywKzsuSSOtR2+mWDatdwtApRFjKjHAyOabpdtqr6fA0F4saFeFM + YOPxqOC31Q6pdIt4okCpubyx8wxxx2xQBNqumWEP2TyoFXfcRq2B1U5yK0n0 + fTAjEWycA9qx9Tt9UT7L514JM3EYX92BtY5wffHpWi9prOxs36kYP/LIUAVt + H0zT59NglmgV3YHJI5PJpsOmWDavcQGBTGsaEDHAJqPSbbVH06FoLxY4yDhT + GDjk96bFb6odVnRbtRKI0JfyxyOwxQBLq2m2EMVuYoFUtPGpwOoPUVqnR9Lx + /wAeyflWLqlvqaRwGe8EgMyAYjAw3Y/h6Vp/ZNa/5/1/79CgClomm2FxpkM0 + 0Cu7bskjk4YihNNsDrMkBgXyxCrBccZ3dah0e31STTYXt7xYozuwpjDY+Y96 + Et9U/teRBdqJRCCX8scrnpigCbV9MsILaNooFQmVASB2J5rV/sbS/wDn2T8q + xNVt9US3Qz3gkXzEAAjA5zwfwrT+ya1/z/r/AN+hQBR0XTbC409JZoFdizck + ejGlGm2H9tm38hfL+zhtuOM7sZqHR7fU3sEa3uxEmW+Uxhv4jnmgW+qf2wY/ + ta+b5AO/yx93d0x9e9AEus6bYQWXmQwKjb0GQOxNa39jaX/z7J+VYmr2+ppZ + 7ri8Eib04EYHOeOa0/smtf8AP+v/AH6FAFLR9MsJ7MvNArtvcZI7A8UHTLD+ + 2lt/IXyzAW244zuxmodJt9Ue0LQXgjXe/BjB5zyc0G31T+2FT7YPN8gnf5Yx + t3dMfXvQBNrWmWEGnSSwwKjgrggerAVq/wBjaX/z7J+VYmsW+qJYSNcXglQF + cqIwufmGOa0/smtf8/6/9+hQBS0jTLCe3kaWBWIlcDI7A8Ckk02wGsxQCBfL + aFmK44yD1qLSrfVHgkMF4I1Erggxg5OeT+NElvqf9rxIbwGUxMQ/ljAGemKA + Jta0ywt9MnmhgVHXbggcjLAVqDR9LwP9GT8qxdYt9UTTZnuLxZYxtyojC5+Y + d60haa1gf6ev/foUAUtJ02wmjuDLArFZ5FGR0A6Clm0ywXV7aEQKI3jckY4J + HSodLt9TdLjyLsRgTODmMHLdz+PpRNb6oNVt0a8BlKOVbyxwO4xQBY1fTNPg + 02eWKBUdQMEDkcitCPR9MMak2yZIHasrVbbVE0+Zp7xZIwBlRGBnn1q7Haay + UUi/UDA/5ZCgCppWm2ExvPNgVtlxIq5HRRjAoudNsE1azhWBQjrIWGODgcVF + plvqbm78m7Ee2dw37sHcwxk+2fSi4t9TGqWiPeBpGWTa3lgbQBzx3zQBb1XS + 9Ph06eWKBVdVyCB0q1BpGmNBGzW6ElQTx7VnanbaqlhO094siBeVEYGR9atQ + WusGGMrfKAVGB5Q4GKAK+m6ZYSy3okgVhHMyrkdBgcUXemWCapYQpAoSTzdw + xwcKCKh0631RpLsQ3aoVmIY+WDubA59qLq31QalYo94GkbzdjeWBtwvPHfNA + F3UtK06KwuJI7dFZUJBA6HFfkrff8ftx/wBdH/ma/WTUbbVlsZ2mvVdAhyvl + gZHpmvybvv8Aj9uP+uj/AMzX7L4RfFif+3f/AG4/PePdqP8A29+h7F+z4iSf + E6xVxkeTccf9szX39NbQLcQKEADFsj14r4A/Z9V2+JtiI22N5NxzjP8AyzNf + fksdyJ4Q0wLEtg7RxxXmeJ//ACMY/wCBfmzv4K/3R/4n+SLE9rbrDIyxgEKS + PyohtbdoY2MYJKj+VRzRXQhkLTAgKcjaORilhiuzEhWcAbRgbR6V+cn11hsF + vA006sgIUjHtxRPbwLLCqoAGY59+KZDHcmaYLMAQRk7RzxRNHciWENKCSTg7 + RxQFixNa26xORGAQp/lSQWtu0EbNGCSoJ/KmyxXYictOCNpyNo9KSCK6MKFZ + gAVGBtHFAWPDv2jfinp3wL+Cfjv4p3ITzPD+nu9oj/de9mHlWsZ9nndAfYmv + 59f+Cdf7W/xNtf2otA8MfFPxrq/iLQvGYk0kx6pqFxdxQ3k5D2skaTOwV2lR + YsrjiQ19Vf8ABZn4yS6fo3hL4C6fc5m1OU65qarwfJg3Q2ikDqryGViPWNT9 + Pg/9qX9lfWv2Xvhh8BvitpPmWOsaxpyyapKuQ9trKyfb4CxPSRY5vKGOP9Hz + 15OM276FJH9Y0trbiNyIxkA0y2trdoI2aMEkCvJfgX8TofjZ8GPCXxW06dBF + 4j02K5ljRQRFcbdlxDn/AKZzK6H/AHa/EP8Abe/bc/aR+Av7Xuo+GvAvip4/ + DOirpFyukSQQPbTK9tDNLFIxj83bKSwYq4YAnaQcEaOVlcVj+hOK2gNzOhQE + LtwPTIoubeBDDtQDc4B+lfzW/EH4p/8ABW7wx4bk+PXimbVtB8PKq3DeTbaa + IrWGTlDNp6q8qIoIG6eLI/jbJyf1B/4J8ftia/8AtY+ANWg8bwwW/i/wfcWs + N7JbR7IbqG7VzBcBM/K5MUiyIPlBAYYDBVSnrYOU/Rh7S2CMRGOhqK1toHt0 + ZkBJHWvwL+Hn7WX7SPwl/b9PwA+N/je51vwtJrM2jKl1BbRgx3650y43RxIQ + X3wE84AZq/Sz9uj456z+z1+zD4i8c+HNRFj4gvTDpmkPsRmW7u2wXXeCC0cK + ySjIIynSmpBY+xo7aA3UqFBtAXA+tF1bwJ5W1AN0ig/Q1+Qn7FHxY/aU8c/s + mfFz46/E3xnc6ndLY6j/AGA81vboYDplnK73EflxKG3TMFw2RmI8cnP5vfCX + 9uP/AIKF/FS+uPhZ8NtfuPFXiPWXingl+xWTXNpFbB/N2O8awRxyb13vKDgq + oVlJO5c6DlP6pTaW2D+7FVrO2ge2RnQEnPP41/Mnc/tkf8FCf2Q/ibYaV+0F + cXl/b3W24n0vV0tZ4ru2LFXNtd24YKw5AMchVWxvVhwf6JLT4o+Ff+FPx/Gx + 9S8jwmdG/t0zsgJWxMH2ncQDy2zsO/FNSuFj0hLaA3ciFBtCg4oureBFQqgG + XUfhX8217+2b+3r+2T8StS0T9l61u9F0qyXelnpotYnig3EJJe39ztVZH5wo + kRTjCqSCT0Pwy/b9/av/AGafi/bfCn9siC4vtLllhFyb6GFb6xhlbaLu3uLc + BLmIclgS4baQjqQQV7RD5T9nP2wPBXxO8bfs4+MfC/wQE8fja/jtF09rS7Ww + nBW8gebZcO8QTMKuDlxkZXnOK8R/4J2fCz9oP4a/CvxFpv7SjXs2u3mstPZm + /wBTTVJBZ/Z4UG2RJpwq+Yr/AC7gc5OOcn1L9tfx/wCM/hr+yr47+Inw/wBb + Onazplray2d5CkblPNu4ELLvDIQUcjkHg14B/wAEt/jN8V/jp8DPEnib4o+I + 5de1Kw8RT2UM00USMkC2lrKEAiVBjfIx5GeetN7hbQ/ScW8H2xk2DbsBx75o + u7aBIgUQA7gK/mq+L37ef7XPw5/a68c+DvBfiKTXbOw17UtI0zRZbOGeJzI8 + lvbIiRxiZ3jdlaNQ+WZQG3AkGp8U/jB/wVh+AtpZfFP4salqemaTeyxqHlh0 + u5sgzfMsc9vbK6wF+g3LGx6A7ui9og5T+mr7Jbf88xX5Raj/AMFAPFGk/ttw + fspnwdYT6TLrFrpn9pGeUXIW5gSXfswUypfGO4H417t+zJ+0f4v/AGt/2V9Y + 8e+F0i0bx3bw6jpLxRACCLWIrcPBJEZd2I382Jxv3bSSpLbcn+c3V/D37Tg/ + bKh8Palqqt8bDq9oiXolg2/bzFGYG3hRDgJtB+XHYjrSlLawKJ/Yf9ng+2+X + sG3y84980XlvAkO5EAOR/Ovln9kXw9+0t4f+HFxY/tQ6xHqvjJ7+eSKZHhlC + 2BSIRITAiJkOJD0J55PYfUd3HcrDmSYMMjjaB3rRE2P5z/8Agqp8Wvi74G/a + ksvDfw/8ba54c0+bQNPk+y6dqd1ZwGaSa4UuY4ZFXccAE4ycD0qn/wAMcf8A + BVlYWuLfxxrMrJkhU8YzhiR2G64UZ+pFcV/wVyLQ/thaU1xICF8P6WSx+UAC + 4uOtf0MJ8ePgnb2zzzfEvw3bxJuLM+rWQAA6kky8Cskrtl3PwJ+C37cf7T37 + Kfxph+FP7WD32raIk8cGpQauRPf2Ucx4u7e7BJmQAhsF5EdAQhUndX6N/wDB + WHxv4q8BfsyaJ4h+HOv3vh68u/EtjCbvS7uS1lkt5LS7kKebCysUYorYzg4B + r8m/+CmHxg8FftHftJaFp3wbuB4pOlafb6Kt3ZJvW+vZLmR1itivMqqZQqsO + GYttyME/ov8A8FYNDv8Aw1+xR4F8P6hc/aZdM17R7V2x954dNvELZ9yKSejC + x9af8E6Nd1zxn+xr8PfEvjDUrrXdXvBqvn3l9PJc3Mvl6pdxpvllLO21FVRk + 8AADgV9oWlvA6OWQHDsPwr4S/wCCY8dy37Dvw1McwVcavgbQf+YveV4f+398 + c/2z/h94o8L/AA8/Z08PTQ6d4qbyItZs7VL+5uL9i260VZEeO22oN+51ywyy + uojetE7K5NtT9XWt4PtipsG0oTj3zReW0CWzsiAEY5/Gv5vPH/iP/grf+zro + h+KfjvWdQGj2WxrqR5tM1WGBZGCgTwx+aVQkhSwG0Ej5gcV+s37Df7Vl9+1l + 8GbnxRr9vFp/iXQLoWGqQQKRDI+xXjniBJKrIpPykkqysM4waFK+gcp4j+1r + +394m/Zw/aJ0L4L6R4N0/WbDVbXTriS6nnlimX7ZPJCyqFBX5QmQSOp5r9S7 + W2gcSbkBw7AfQV/IJ+2BoH7SelftHWemfHfVF1DxvPHaNps6SwsEtHuJBaDd + CqoCr7jyMjua/cH4Q+Bf+Citj8Efitp/xH8Uw3Pj6+S0XwrKJrNvIlRn+0lm + SIRqGBTG8N04A7zGerG4o/On9oj43ftPftTftl6z+zp8FvE154csNN1W+0aw + s7O9l0+3b+y94ubm7lgw8gJhdxuDbRhUUnlv3I/Zd+FHj/4NfAPQvAPxW1yP + xN4q01rxrrUI7ie6WTz7qSWMCW5VJW2Ruq/MoxjA4Ar+X74RaB+1Dfftf6no + Hw01VLX4yrqetpdXpkt1Q3kfn/2g2+RDDh8SYwuDn5QOMf0a+H/iJ8UP2bP2 + O5/iP+1nqQ1fxX4diupb4QvCzXUk126WUCPEqx7nV4kyFwucnoaUH1YSWlj7 + cW0tioJjHSq9rbwP5u5AdsjAfQV/NXoP7Sn/AAU0/bF17WNd+BH2ux0TS5Mf + ZtJ+x2Nna8bliN3eFDNLtwWUyMechFUgV7d+yN/wUJ+Ovhj42237N/7WSO15 + qN+umpfXdtHa39hfTYWGO4WNUSWKVioD4DDcH3snSlNC5T95pLaAXUKBBhg2 + R9BTrm2t0t3ZUAIHBr88v+Cmfxd+J3wP/Z9sPGXwx1+TQtak1y0tTcwxxO3k + SQzs6YlV1wSqnpnivyp+HX7Rv/BUL9p7wWNN+EV1eajY+GVeLUNUtIrCykup + ndpVEtzceWrSpG6qI4Cp2BWZSx3Ec7OwWP6aEtLYopMY6CoLa3gZpgyA7XIH + 0r81/wDgnd4g/be8VaLr2oftNSPFoNu7W2mjVbJbbWGuoXCy8IsebdcMN0ql + 2f7jbQc/kh4B/b7/AG7dT+ImreAvAmvz+L9c8QPcafptpJYW08lvMJQ4uIUW + NVLxxxsCZd0aoWZ1O0EDmHKf1Ly28AuYECABt2R64FPuLa3WCRljAIBxX8yv + jr9oz/gpz+yd4u0XxR8cr29FpqUpdLbUFsLzTbsLgyQeZZ70ibb/AAo6OByB + iu5m/ay/4KKftpa1q91+zRpFx4e8L6RhZINOe0iCMVzibUb3yvMmI52RlPlx + 8n8RPaIOU/o0itbcxITGCSB/KoYLaBpZgyAhWwPav57f2V/+CgH7Sfw8+P2n + fAD9qi5nvLXUL6LSZTf2sceo6Zd3BC27F41TzYXd03F93yMHRtow39B8EdyZ + JgswBDcnbnNOMrg0PmtoFngUIAGLZ9+KlntbdYZGWMAhSR+VV5Y7kTQhpgSS + cHaOOKlmiuhDIWmBAU5G0c8VQrD4LW3aGNmjBJUE/lUUNvA086lAQpGPbinQ + xXRhjKzAAqMDaOOKihjuTNMFmAIIydo54oCw+e3gWWFVQAMxz78VLNa26xOR + GAQp/lVeaO5EsIaUEknB2jipZYrsROWnBG05G0elAWPiv9plETXtDKjG6yJP + ud5r5nr6X/aYDjXtD3tuBsjjjGBvNfNFf03wT/yKqHo/zZ+McSf79V9f0R+o + vhrT7JfCfhMiFQZrW0D8fezCpOa7a50jTUtpWW3QEIxBx3xXCeGoNRHhPwqW + ugQ9raeWNg+Q+SuPrXaXFrrAt5S98rKFbI8oDIxX8x4/+PU9X+Z+y4X+FH0Q + ml6Xp82n28sturOyAkkdTUNrplg+q3sLQKUjEW0Y4GRzRpttqz2EDQ3qxoVG + F8sHA+tQ21vqh1O8RLwLIoj3N5YO7I447YrkNybU9MsInsxHAq750VsDqDni + tCbSNMWJ2FsgIU9vasnUrfVEa0868Dlp1C/uwNrc4Pv9Kvy2msiJy1+pGDke + UPSgCLSdL0+bToJZYFZ2XJJHJ5qKDTbBtXuoWgUxoiEDHAJ60ml22qvp8DQX + ixxleFMYOOfWo4LfUzqtyi3YEoRNzeWOR247YoAl1XTbCEWvlQKu+4jU4HVT + nIrTfR9MCMRbJ0PasfU7fU0Ft592JMzoF/dgYbnB98elaL2ms7Tm/XGP+eQo + Aq6NplhPpkEs0Cu7A5JHJ5NJFplgdYngMCmNYlIXHAJNRaRbao+nQtb3ixxk + HCmMHHJ70kVvqh1aZFu1EojUl/LHIzwMUATatplhDFA0UCqWmjU4HUE8itX+ + xtL/AOfZPyrE1S31RIoTPdrIDMgA8sDDZ4P4Vp/ZNa/5/wBf+/QoAo6Jpthc + aZDLNAru27JI54YihNNsDrUluYF8sQBtuOM7sZqLRrfU5NOie3uxFGd2FMYb + HzHPNC2+p/2w6C7US+SCX8scru6YoAl1jTbCC1R4YFRjIgyB2J5rW/sbS/8A + n2T8qxNWt9TS2Uz3YkXzEAAjA5zwa0/smtf8/wCv/foUAUtG0ywnsFkmgV2L + OMkejGj+zLD+2/s/kL5f2fdtxxu34z+VQ6Rb6o9krW92sSbm+UxhucnPNH2f + VP7Z8v7YvnfZ87/LGNu/pj685oAm1nTLCCxMkMCo25BkD1YVq/2Npf8Az7J+ + VYmr2+qJZFri7WVNy/KIwvORjmtP7JrX/P8Ar/36FAFLR9MsJ7RnmgV28xxk + jsDxSNptgNaS3EC+WYC23HGd2M1FpNvqj2rGC7WNd78GMHnPJoa31P8AthEN + 2PN8kkP5Yxt3dMf1oAl1vTbC302WWGBUcFcEDnlgK1v7G0v/AJ9k/KsTWLfU + 49Ola4uxLGCuVEYXPzDHNaf2TWv+f9f+/QoApaRplhNDM0sCsVmdRkdgeBRL + plgNYhgEC+W0TErjjIPWodKt9UeGUwXaxgSuCPLByc8n8aJLfVBq0KG8BlMT + EP5Y4GeRigCfWdMsINMnlhgVHUDBA5HzCtJdH0vaP9GT8qx9XttUTTpmuLxZ + YwBlRGFzyO9aK2mtbR/p6/8AfoUAU9K0ywmS5MsCtsnkUZHQDoKSfTbBdXto + FgURujkjHBI6VFplvqjrc+RdrGBO4b92Dlu59s+lE1vqY1W2RrsGUo+1vLHA + 7jHfNAFnV9L0+HTZ5YoFV1XIIHI5q9FpGmGJCbZCSB2rL1W21VNPnae8WSMD + lRGBnn1q7FaayY0K36gYGB5QoAq6XplhM155sCtsuHVcjooxgUXOmWCarZQr + AoSQSbhjg4HFQ6bb6o7Xfk3ax7Z3DfuwdzcZPt9KLi31QanZo94GkYSbW8sD + bgc8d80AW9U0vT4dPuJYoFV1UkEDpVq30jTGt42a3QkqpPHtWfqVtqqWE7TX + qyIFOV8sDI+tWYLXWDBGVvlClRgeUOBigCtpum2Es16skCsI5iq5HQY6UXmm + 2CanYRJAoSTzdwxwcLkZqLT7fU2lvBDdhCspDHywdxx19qLu31NdRsUkuw0j + eZsbywNuF5475oAu6lpWnRWFxJHborKjEEDocVLaaTpr2kLvboWZFJOO5FVN + QttWWxnaW9V0CNlfLAyMdM1La2urm1hMd8qqUXA8oHAxwKAIdP0ywlur5JIF + ZY5AFBHQYovdMsI7+xjSBQsjOGGOuF4qGxt9Ua5vBFdqjLIA58sHccdfai8t + 9UW9slku1Z2Z9jeWBtO3njvQBoX+ladHY3EiW6KyxuQQOhANFjpOnSWVvI9u + jM0aEnHUkCoL611dbK4aW9V0Eblh5YGRg5GaWytdXazgaO9VEMakDywcDHAz + QBFY6bYSX19G8CssbIFGOmVo1DTbCK7sUjgVVkkIYAdRiorK31Nr29WO7Cur + Lvbywdxxxx2ovrfU1urIS3YdmkOw+WBtOOvvQBpXek6alpM6W6BlRiDjoQKj + 07StOlsLeSS3RmZFJJHUkU26tdXFrMZL5WUI2R5QGRjkVFp9rqzWMDRXqohR + cL5YOBjpmgBLPTLB9Sv4ngUpH5W0Y4GVycUalplhFNZLHAqiSYK2B1GOlQ2l + vqjajfLHeKsi+Xvbywd2V447Yo1C31RZrMS3iuWlAU+WBtOOvvQBqXOkaatv + Ky26AhWIOPaq2l6Xp82n28ssCs7KCSR1p1xa6wIJC98rKFOR5Q5GKr6bbaq9 + hA0N6saFRhTGDgfWgAtdNsH1W9haBSkYj2jHAyOaNU02whazEUCr5lwitgdQ + c5FRW1vqZ1O8RLwLIoj3N5YO7I447Yo1K31NGtPOuxJunQL+7A2tzg+/0oA1 + 5dH0wRORbICAe3tVHSNL0+bToJZYFZ2Xkkcnmp5bTWRG5a/UjByPKFUtKttV + fT4GgvFjjI4Uxg459aAHwaZYNq11C0ClERCBjgE9aTVtNsIVtTFAq77iNTgd + Qc5FRQ2+qHVLlFvAJQibm8scjsMdsUapb6mi23n3YkzOgX92BhucH8PSgDZb + R9LCk/Zk6elZujaZYT6ZBLNAruwOSRyfmNW2tNZ2nN+vT/nkKztIttUfToWt + 7xYoyDhTGDjk96AJItNsDrE8BgXy1iUhccZJ60ur6ZYQwwtFAqlpkU4HYnkV + DHb6mdWmRbwCURKS/ljkZ4GKNUt9USGIz3iyAyoABGBg54P4UAbf9jaX/wA+ + yflWVommWFxpsUs0Cu7bskjnhiKu/ZNa/wCf9f8Av0KzNHt9Uk06Jre8WKM7 + sKYw2PmOeaAJl0ywOtPAYF8sQBtuOM7sZo1jTLCC1V4YFRjIgyB2J5qFbfVP + 7YdBeDzfJBL+WMbd3TH9aNWt9US2Uz3iyL5iDAjA5zwaANv+xtL/AOfZPyrJ + 0XTbCexWSaBXbc4yR6MavfZNa/5/1/79CszSLfU3sg1vdiJNzfKYw3OTnmgC + b+zLD+2/s/kL5f2fdtxxu34z+VGs6ZYQWDSQwKjBkGQPVhUP2fVP7Z8v7YPO + +z53+WMbd/TH15zRq9vqiWTNcXaypuX5RGF53DHNAG3/AGNpf/Psn5VlaPpl + hPas80CuwkcZI7A8Vd+ya1/z/r/36FZmk2+qPbMYLtY18xxgxg855NAEr6bY + DWo7cQL5ZgLbccZ3daXW9MsLfTZZYYFR124IHPLAVC1vqf8AbCIbweb5JIfy + xjbu6Y/rRrFvqiadK1xeLLGNuVEYXPzDHNAG3/Y2l/8APsn5Vk6RpthPDM0s + CsVmdRkdgeBV77JrX/P+v/foVmaVb6m8UxguxGBK4IMYOTnk/jQBNLplgNYg + gECiNomJXHBINLrOmWEGmTywwKjqBggcjkVBLb6oNWhRrwGUxsQ/ljgZ5GKX + V7bVE06Zri8WSMAZURgZ5HegDYXR9LKg/Zk6elZmlaZYTLdebArbLiRRkdFG + MCri2ms7Ri/Xp/zyFZumW+qOtz5N2seJ3Dfuwct3Ptn0oAmn0ywXVrWFYFCO + jkjHBI6U/V9L0+HTp5YoFV1Xggcjmq01vqg1S2RrwGUo+1vLHA7jHfNP1W21 + VNPnae8WSMDlRGBnn1oA04dI0xokY2yElR29qztL02wma8EsCt5dw6rkdAMY + FWorTWTEhW/UDAwPKHpVDTbfU3a78m7Ee2dw37sHc3GT7fSgCW602wTVbKFY + FCSCTcMcHA4qfVNL0+HT7iWK3VXVCQQOhqnc2+pjU7NHuw0jCTa3lgbcDnjv + mptSttWSwnaa9WRApyvlgZH1oAvW2kaa1vEzW6ElVJOPaqOm6ZYSzXqyQKwj + mKrkdBjpU9va6wYIyl8qqVGB5Q4GKpafb6o014IrtUKykMfLB3HHX2oAlvNN + sE1KwiSBQkhk3DHBwuRmrOo6Vp0VhcSR26KyoxBA6ECqN3b6muo2KyXYaRjJ + sbywNuF5475qfULXVlsZ2lvVdAjZXywMjHTNAFuz0nTZLSB3t0LMiknHUkVS + 0/TbCW7vkkgVljkAUEdBiprS11drWEx3yqpRcDygcDHAzVSxt9Ta6vRFdhGW + Qbz5YO446+1AE19plhHfWMaQKFkZwwx1wtWr7SdOjsriRLdFZY3IOOhANZ97 + b6ot7ZLJdq7szbG8sDacc8d6tXtrq62c7SXqugjYkeWBkY5GaAJrDStOksbe + R7dGZo0JJHUkDNVbLTLCS/vo3gUrGyBRjpleafY2urtZW7RXqohjQqPLBwMD + AzVazt9Ua9vVju1V1ZN7eWDuOOOO1AEuoabYRXVikcCqskhDADqMVdu9J01L + SZ0t0DKjEHHcCs2/t9TW5sxLdh2aQhD5YG046+9XLq11cWsxkvlZQjZHlAZG + ORQAum6Vp0thbySW6MzIpJI6nFV7PTbB9Tv4ngUpH5W0Y4GVycU7T7bVmsYG + ivVRCi4XywcDHTNQWlvqbajfJHdhZF8ve3lg7srxx2xQBNqWm2EU1kscCqJJ + grYHUYPFX7jSNMW3kZbdAQrEce1ZWoW+qLLZiW7Vy0wCnywNrYPPvV6e11gQ + SFr5SoU5HlDkYoAZpel6fNp9vLLArOygkkdahttNsH1W8haBSkax7RjgZHNG + m22qvYQNDerGhUYXywcD61Fb2+pnU7tEuwsiiPc3lg7sjjjtigCXVNNsIWs/ + KgVd9witgdVOcitKXSNMETkWyAgHtWRqVvqaG0867Em6dAv7sDa3OD749K0J + bTWRG5a/UjByPKFAEGkaZp8+mwSywKzsOSRyeTTINMsG1e5haBTGiIQMcAnr + TNKttVfT4WgvFjjI4Uxg459aZDb6odVuEW8AlCJubyxyOwxQBNqumWEKWxig + Vd88anA6g9RWm2j6XtP+jJ+VY2qW+qItt514JAZ0C4jAw3Y++PStJrTWsHN+ + v/foUAVNG0ywn0yCWaBXdgckjk/MabHptgdZmgMC+WsSsFxxknrUekW2qPp0 + LW94sUZBwpjDY5Pekjt9TOryoLwCURKS/ljBGemKAJdX02wgghaKBVLTIpwO + xPIrW/sbS/8An2T8qxNVt9TSGIz3gkBlQACMDBzwfwrT+ya1/wA/6/8AfoUA + UtF0ywuNNilmgV3JbJI9GIoXTLD+2nt/IXyxAG244zuxmodHt9Uk0+Nre7WK + MlsKYw2PmOeaFt9U/thkF4PN8kHf5Yxt3dMf1oAm1jTLCC0V4YFRvMQZA7E8 + 1q/2Npf/AD7J+VYmrW+qJagz3gkXegwIwOc8GtP7JrX/AD/r/wB+hQBR0bTb + CexEk0Cu29xkjsCaP7NsP7cFv5C+X9n3bccbt+M1FpFvqb2Ya3uxEm5+DGDz + nnmj7Pqf9siP7WPO8jO/yxjbu6Y+vegCXWtNsLewaSGBUYMgyB6sK1v7G0v/ + AJ9k/KsTWLfU0sWa4vBKm5flEYXnIxzWn9k1r/n/AF/79CgClo+mWE9s7ywK + xEjjJHYHipY7S2ttdjW3jEY8hjgeu7FVNKt9Ue2cwXaxr5jggxg855NWIIry + PXIxdTiZvJY5CheM9OPegDpaKKKACiiigAooooAKKKKAP//Q/c+XUy2qwT/Z + JxtjcbSnzHPcDPSnatqZn06aI2dxHuA+Z0wo5HU5q9PLH/bds28YET85p+uS + xtpVwFcEkDoR6igBkesMEUfYbk4A/wCWf/16z9M1Iw/a/wDRJ5N9xI3ypnbn + HB56jvXSxTReWnzr0HcVlaPLGv27LgZupT1HtQBn3GpFtUtZvsk42K42lPmO + R2Ge3epNT1RprCeL7HcR7lxuZMKPqc1cupYzrNkwcYCSc5HpU2syxNpdyA4J + K+ooAgh1dlhjX7DcnCgZEfHT61Q07U2ikuz9knfzJmb5Uztzjg+hro7eaL7P + H86/dXuPSszSZYxLfZcDNw2OR6CgDPutTL6lZTfZJ18vzflKfM2V/hGecd6m + 1HVGlsZ4vsdwm5CNzJgD6nNWryWM6vpzBxgCbPP+yKsatLEdNuQHBJRu4oAp + 22rMltEn2K5baijIj4OB25qnYakYri8b7JO/mSZwqZK8dDzwa6CzmiFpAC6/ + cXuPSs/S5YxdagS4GZuOfagDPvNSaS/spfsk6+WX+UphmyuPlGecd6s32qtJ + ZXEf2K4TdGwyyYAyOp56VPfyxnU9OIcEBpM8j+7VvUpojp10A6kmJ+49DQBn + WerNHaQR/YrltqKMhMg4HUc9Kq2WpGO7vZPsk7+Y6nCpkrgdDzxW9YTRCxtg + XUERp3H90VR06WMX2oEuADIuOR/doAz77UjJd2T/AGSdPLdjhkwW46DnmrV5 + qzSWk8f2K5XcjDJTAGR1PPSptRljN9p5DggSNnn2q9fzRGxuQHUkxv3H900A + ZNhqrRWUEf2K4faijKpkHA6g56VXs9SMd/fS/ZJ28wp8oT5lwv8AEM8Z7Vt6 + ZNENOtgXUERp3HpVSwljGp6iS4ALR45/2aAM+/1JpZ7Nvsk6eXLnDJgtx0HP + Jq7c6sz28qfYbldyMMlOBkd+afqksZubAhwcTc8j0rQu5ojaTAOv3G7j0oAx + dO1RorGCL7HcPtQDcqZB+hzUNrqRTUr2b7JO3mCP5QnzLhcfMM8Z7VsaTLEN + NtgXAIRe4qvZyxjWNRYuMEQ4Of8AZoAz9R1IzPaH7JOnlzK3zJjdjPA55NX5 + tXZoZF+w3IypGTHx0+tLq0sbSWGHBxcITz9a07iaIwSAOv3T3HpQBgaXqjQ6 + fBF9juJNq43KmVP0Oajg1Jl1S6m+yTneqDaE+YYHcZ79q1dGliXS7cFwCF9R + UVtLGNZvWLjBSPnI9KAM/U9SM32X/RJ49lxG3zJjOM8Dnqe1aL6wxRh9huRk + H/ln/wDXpNYljb7FhwcXUR6j3rWkmh8tvnXoe4oA5vSdTaDToYvsc8m0H5kT + Knk9DmmxamV1Wef7JOd0ajaE+YY7kZ6Vp6HLGulW4ZwCAepHqaZBLGNbuW3j + BiTnNAGfqmpGaOAG0nj2zI3zpjOOw56mtM6w3/Phdf8Afv8A+vTNaljaK22u + Di4j7j1rYM0OPvr+YoA5fRtSNvpsMItJ5du75kTKnLE8HNCakw1eSf7JOcwh + dmz5hz1xnpWhoEsa6RbhnAPzdSP7xojlj/t2Vt4x5C85H96gDP1XUjPbohtJ + 48SIcumBwenXqa0/7Zb/AJ8Lr/v3/wDXpmtyxtaxhXB/fR9D71s+dD/fX8xQ + By2j6kbexSIWk8uC3zImRyx75oGpt/bBuPsk/wDqAuzZ8/3s5xnpWhoMsa6Y + gZwDufqR/eNAlj/t9m3jH2YDOf8AboAz9X1Iz2flm0nj+dDl0wOD9a0/7Zb/ + AJ8Lr/v3/wDXpmuyxtYYVwTvTof9qtnzof76/mKAOW0nUjBaFBaTyfO5yiZH + J6daDqTf2wtx9kn4gK7Nnz/eznGelaGhyxrYkM4H7x+p/wBqhpY/7fVt4x9m + Izn/AG6AM/WNSNxYSRG0niyV+Z0wowwPXNaf9st/z4XX/fv/AOvTNeljbS5Q + rgnKdD/tCtnzof76/mKAOW0rUjBBIotJ5MyucomQMnp160SakTq8U/2ScbYm + XZs+Y89QM9K0NEljW2lDOB++k6n3ollj/t2Ft4x5Dc596AM/WNTNxps0JtJ4 + t235nTCjDA8nNaQ1hsD/AEC5/wC/f/16TX5Y20m4CuCfl6Ef3hWuJocD51/M + UAcvpepGFLgC0nk3TO3ypnGex56jvRNqRbVbef7JONqONpT5jnuBnpWhossa + x3W5wM3Ence1E8sZ1u1beMCN+c0AUtV1Np9Pmi+x3Ee4D5nTCjkdTmrsesME + UfYbk4A/5Z//AF6frcsTaVcBXBJUdx6itKKaHy0+deg7igDmtM1Iwm7/ANEn + k3zu3ypnbnHB56ii41IvqlpN9knXYsg2lPmbI7DPbvWho8sam+y4GbqQ9fpR + dSxnWbFg4wFl7j0oAp6nqjTWE8X2O4j3LjcyYUfU5q1Bq7LDGv2G5OFAyI+D + x9asazLE2l3IDgkr6irltNELeIF1+6vcelAHO6dqbRSXh+yTv5kzN8qZ28Dg + +houtSL6lYzfZJ18vzflKYZsrj5RnnHetDSpYxNf5cDM7Y5HoKL2WM6vppDj + A87PI/uigCtqOqtLYzx/Y7hNyEbmTAHuTmvybvv+P24/66P/ADNfrtqssR02 + 5AcEmNu49K/Im+/4/rj/AK6P/M1+y+EXxYn/ALd/9uPz3j3aj/29+h7D+z6/ + l/E2xbaW/c3HCjJ/1Zr78muC08LeU42luCOTx2r4G/Z6IHxPsSeP3Nx/6LNf + oBOy/abfkdW/lXmeJ/8AyMY/4F+bO/gr/dH/AIn+SGzXRaGRfJkGVIyRx0oh + uisSL5MhwoGQOOlWLhl+zycj7rfypYGXyI/mH3R/Kvzk+uKMNxtmmbynO4jg + Dkcd6JrgtLCfKcbSeCOT9Knt2Xz7jkfeH8qW4ZfOt8EfeP8AKgYyW6LROPJk + GVPJXjpSQ3WyBAYZCFUcgcdKtTsvkyfMPun+VfG37eHxnPwP/ZR8X+JrGfyd + X1W1XRtOKnDC61AGLep7NFF5ko90pNgfzqfG745eA/jV+3Nd/FP4jTTTfD61 + 123iKwR+e0mjaY4REjjyP+PhYyx54MjGvvn9uH9vX9lL9pn9nzWPhzoD6wNf + int7/SnuLAJGl1bvg7m8w4DwtImccbs+1cB/wS3/AGMfhV8dvCPjL4kfG3w8 + Ne0uK7g03SopJ7i3VZYkMt1JmCSMtxJEoySAQ3fp+p8//BNr9iNXiC/DO3AZ + sH/iY6l0/wDAqsop2KbR8Y/8Ea/jZ/a3w98X/AnVJGkufDs/9raeucn7HefJ + OijssU6hj7zV8lftgWlrqf8AwVP8PaffQ+dbXOt+D4ZYyMh0cWisuPQg4rhf + hhczfsNf8FHJfC1w7W/h+31mXR5dxOH0bV8G1kc9SI0khmbr8yd69I/avBb/ + AIKweEwvJ/4SDwX/AO2dF9LB1P6C/i/Fbaj8K/H1he2zTW95oWoRSRlcgo9r + IrBh6EGvwu/4IrTOnjr4mRjcUNjpjFR0JWabHHrycV+8XxQZf+Fc+OOR/wAg + a+/9JpK/B3/gioQPH/xKz/z4ab/6Olq5boXQ1f8Agsh8KrvQPHHgf9onw7DL + ZtfqNJvZ0Gwpe2ZM9nJuH8bx+YoPYQivG/8AgoF+01P+054c+BHgTwaDd3Op + 6VBq17awchtY1Bvsa24H9+F45VHtJX7h/t0fCex+M37LPj3wtMY1vLCwfVrG + RyAI7rTQbhPmPC+YqNESeArmv5+v+CV3wYHxT/al0zxLqUHmaP8AD+BtamLD + 5DdKRHZpnswlbzV/65Goktbdxo/fK6+GmnfBT9irxB8K9MiJj8O+B9RtZHVc + CS4FjK1xMR282Znc/wC9X5R/8EVbHTm8Z/E/VZYw1/bWelRRNj5hDNLO0qj6 + tHH+Qr9u/wBoFl/4Ub8UeR/yK+r/APpFNX8nn7JPx1+L/wCzX4q1X4v/AA30 + Jte0eyhistbhkike08q5ZngEskfMLF4WMb+oK8gkFydmhI/XD/gtdbWFz8Nf + hrqcsG2+ttXvYYnYYYRTW6tIB7Fo4yfoK9C13V9Wj/4I9xyRQyG4Pg60gzjj + yDPHETn08nJr8pPjf8eP2gP+CkvxM8MeFvDvhMRppQkisNM04STRQG6ZfOur + q4YDAwiBnYKiKvABLFv6QYP2ftIvf2T4v2Z7y9xbHwwvh83ajJEqW4hFwF4y + RIPMxxnpQtW2hn54f8EWbawtvgt481OKLde3HiAQysq/MYobSFowT6BpJMfU + 14j/AMFtrawPib4TanHD5d9PZ6vDKxXDNFFJatECe4DSSY9Mn1r5i+FHxi/a + S/4Jf/ETxF4L8XeEUvdM1pkM1rdF0tLswbhFdWN2gK8qSG+Vsj5XVXX5ZdQ/ + 4aM/4Km/HjStYuNE/sjwzpnlWT3Fuj/2dpNiZN0rGaT/AF1w+SdoO5yAAqou + Vm+lg63P12/aq1G8v/8AgmDf3OoQyLdXHhPw88xYdJGeyLZ/HNeWf8EYJ/K/ + Zv8AF6+W7/8AFWXByoyP+PCyr6c/4KDabYaJ+wp8Q9E01fLtbDTdPt4UznbH + FeWyKM+wAr5q/wCCLny/s2+Li3APi25x/wCAFlWn2hdD4T+Flra3/wDwWGvU + vIDNGvi/xDMEIyRJDb3ckZx6q6g/hX7O/wDBQKK21P8AY5+KNvd27Mi6YJRv + HAeGaORD9Qygj6V+OXwd5/4LIagRyB4r8Tn/AMk72v2d/b7ZT+x38UwCD/xK + H/8AQ0qY7MZ8Mf8ABFe6kj+DHj+Eq7oPEEbAKMgE2kYP4nAr498WNt/4LC2j + 4Jx4r0vgdf8Aj0gr7F/4IpMo+DXxBycf8T+L/wBJUr4+/bz8B/Fz9nn9s6H9 + qXw3o0l/olzfadrFleeS8tmtzZRxRy2t0yfcLmInBKlo3+Q5UkJ/Cg6n9KX2 + g/bPM8p/9XjGOevX6UXdwXh2+U68jkjjrXyV+xR+05qX7V/wuuPibq+gReHJ + 7bUJ9NNvDO1wj+RHDJ5gZkQjcZSNvOMdTX15fMpg4I+8P51smQfzBf8ABXlf + tv7XenQkNF5vh3TU+YcjdPcjOK+lIf8AgibZMQz/ABenZQeQvh8cj6/b+D+F + fO//AAV0/wCTxtIPY+H9Lx7/AOk3Nf05WTKITkj7zfzrJRTbuW2fnR+zJ/wT + g+B37N/iu38d7r7xh4osxutLvUVRI7N8bS8FvH8ocgn53Llf4dpyT5l/wWSn + 839ljQl8t0/4qyxOWGB/x5X1frIWX7cDkY8v+tfAf/BTX4M+Lvjb+y7e6T4E + tH1TWfD2pWusx2UI3TXKQJLDKkS/xOI5mcKOW27VBYgG2tNBJlr/AIJj3Bj/ + AGHfhqnlO2Bq/IGR/wAhe8rxD9sH/gpFq3wI+JKfAr4MeE4/FnjcNbi5N0Jp + IYp7wBoLWO3tyss8zq6N8rqBuCjcxIX5V/4Js/tq+NvCOt+Bv2L/ABD4RjFs + 99fwxX00slvdWiS+fevHJbtGdxEu8csuA2Mcc+d/tyeCvi1+zP8AtrJ+1d4f + 0NtW8PXN/Z6raXTxPLZrcQwrDNaXLr/q2YoxTkfIwKElSFjm93QLanofxq+P + X/BTfxZ8IfGFh8SfhFp2k+E9Q0e9TU5xYyQyW1i0TedKBJesytGuWBKEgjoa + 7j/girKw8G/FqLDEG90g5HQfu7ivDfjf/wAFO/ip+0z8LvEnwu+HPwvOirf6 + XctrV5Fdyao8OmQoZLp1VbeBYU8tSHkcuApIGGww90/4IqEf8IZ8XB/0+aP/ + AOgXNJP3hvY+ev8AgqFLv/bu8HvsZcabofBGD/x+zV/SfbXJQSfunbLseB0z + 2r8Av+CvPwQ+JSfFbwz+0P4P0251HRIdMt7K6uLWIzGwu7KeWWOSYKDtjdZF + CsRt3KQTkqD+gn/BP/8AbL8Rftc6D4tuPFHhu18P3nhWSxR5LWZ5I7l7xZix + CSDMYXyhhd7/AHuvHNR3aEz8qP2TZNv/AAVp8SybGP8AxUfjQ7QOeftvav0Z + /wCCuuo3yfsiSwWsLiK517TY5yRgCMCVx/4+qV+dn7Jikf8ABW7xOSMbfEfj + Qn2/4/a/b79sf4HSftF/s7+Kvhfp1wlvqt3HFc6dJIcILy0kWWJXPZZNpjY4 + O0MTg4oS0Y3ufPP/AASngsLD9jDwxLZW5869v9VmuWRfvSi7kiBJ7ny0QZ9A + B2r8uP8AgqGiaR+3N4V1bQ48ahNpujXThRh2uY72dEz6tsjQfQAVxnwG/bK/ + aG/4J8w618D/AB14GF3arcyXUdhqbSWs1tcOArvBOgdZIJNob5QysfmRxuOe + o/Z9+F3x3/4KAftWWP7Q/wARtMOn+ErDUbW8vbwRtDZCGwKvDYWQkJaQsVCs + VLbQzO53EBpvdJAfol/wWIl839lfTvkZMeJLH7wx/wAsLmvRf+CXNtaWX7Ef + hCS2tikl/c6vNO6rw8gv54gxPqEjVfoBXn//AAWMIP7K+m4Of+Kksf8A0Rc1 + 6n/wTC+X9hjwIDwS+sY/8Gl1VfaE9j9AUuiEUeTIcAfw1/M9/wAEnbW1n/bS + 8UXVxAZpLPQ9XlhwMlHa9toyw/4A7D8a/pqjZfLX5h0FfzS/8EkP+TzvGbdh + 4e1bn/uI2dOW6BH6H/8ABXaC2v8A9kqSeeA+ZZa3p8sRcYKu2+Mkf8BZh+Na + H/BJ+G1s/wBjTTXt7cq95quqSzOo4dxKIwxPqERR9BSf8FcyD+yJeYOf+Jxp + 3/oZrQ/4JSkf8MV6IM8/2jqv/pQ1L7QdD8wv+CnUUNj+3Z4UvrKMwTz6doM0 + jDhmkS6ljD/XaigH2r+lmC4KyTHynO5s4A6fWv5sf+CpCsf25PBQAJ3aRoWP + f/TbgcV/StbMvmz5I+9/SnDdgyvLclpoW8pxtJ4I5PHapZrotDIvkyDKkZI4 + 6U+dl+0W/I6t/Kpbhl+zycj7rfyqySvDdFYY18mQ4UDIHHSoobgrNM3lOdxH + AHI471dt2X7PHyPur/KooGX7Rccjqv8AKgZXnuC0sJ8pxtY8EdfpUst0Wice + TIMg8lfanXDL51vyPvH+VTzsvkyfMPun+VAHxD+0w+/XtDG0rtsiOR1+c9K+ + aK+mv2miDr2hY/58j/6Ga+Za/pvgn/kVUPR/mz8X4k/36r6/oj9QPDWoFvCf + hUfZZh5NraHlPv4hX7vPNdpcauz28qfYbldysMmPgZHfmuZ8NyR/8Il4Q+Yc + Wtnnnp+5Wu6u5ojazAOv3G7j0r+Y8f8Ax6nq/wAz9lwv8KPojE03VGhsIIvs + dw+1QNyplT9DmobbUmTU7yb7JO3mCP5QnzLgdxnjPatfSJYl0y2BcAhB3FQW + ksY1i/YuMERY5/2TXIbmfqWpGZrQ/ZJ08udW+ZMbsZ4HPWr8urs0Tr9huRkE + ZMfH86XV5Y2exw4OLlD1+tak80XkyfOv3T3HpQBz+l6o0OnwRfY7iTauNypl + Tz2Oajg1IrqtzP8AZJzvRBtCfMMeoz3rV0WWJdLtwXAIX1HrUVtLGNavG3jB + SPnNAGfqmpGYW3+iTx7J0b5kxnGeBz1PatF9YYqR9huRx/zz/wDr0msyxstn + hwcXMZ6/WtZ5odjfOvQ9xQBzWkamYNOhiFpPJtB+ZEyp5PQ5pItSYatNP9kn + O6NRtCfMMHqRnpWloUsa6TbhnAIB6kf3jTYZY/7cuG3jBhTnPvQBn6pqTTRQ + r9knj2zI2XTAOD0HPU1p/wBst/z4XX/fv/69M1qWNobfDg/v4+49a2fOh/vr + +YoA5bRtSNvp0UQtJ5du75kTKnLE8HNC6kRrDz/ZJ+YQuzZ833s5xnpWh4fl + jXSYAzgH5+p/2jQksf8Ab0jbxj7OOcj+9QBn6tqRntlQ2k8eJEOXTA4PTr1r + T/tlv+fC6/79/wD16ZrksbWiBXB/ex9D71s+dD/fX8xQBy2kam0Fksf2SeTD + MdyJkck96P7SP9s/aPsk/wDx77dmz5/v5zjPStDQZY105QzgHc/Uj+8aPNj/ + AOEg3bxj7LjOR/foAz9X1Jp7Ix/ZJ4/mU5dMDgj3rT/tlv8Anwuv+/f/ANem + a7LG2nkK4J3p0I/vCtnzof76/mKAOW0nUmgtSn2SeT53OUTI5PTr1obUidYS + 4+yT8Qldmz5vvZzjPStDQ5Y1smDOB+8k6n3oeWP+30beMfZyM5/2qAM/WNSN + xp0sRtJ4txX5nTCjDA8nNaf9st/z4XX/AH7/APr0zX5Y20qYK4JynQ/7QrZ8 + 6H++v5igDltK1JoYZV+yTybpXbKJkDJ6HnqKJNSJ1aGf7JONsTDYU+Y5PUDP + StDRZY1gn3OB+/k6ketEssf9uQNvGBC3OfegChq+pmfTpojaTx7gPmdMKOR1 + Oa0V1hsD/QLn/v3/APXo16WNtJuArgkhehH94VqrNDtHzr09RQBzGl6k0K3I + +yTyb53b5UzjPY89R3om1ItqttP9knGxHG0p8xz3AzWho0sapd5cDNzIeo9q + LiWM63aNvGBHJzmgClquqNNp88X2O4j3D7zphRz3OauxauwjQfYbk4A5Ef8A + 9epNalibS7gBwSV9R6itCGaLyU+dfujuPSgDm9N1Mwtd/wCiTvvndvlTO3OO + Dz1ouNSZ9Ts5vsk6+WJPlKfM2R2Gecd60NIljVr7LgZuZD1+lF3LGdYsGDjA + WXPI9BQBU1LVGmsJ4vsdwm5SNzJhR9TmrMGrssEa/Ybk4UDIj4PH1qzq8sTa + ZcgOCSh7irdtNELaIF1+4vcelAHO6fqRilvG+yTv5kpbCpkrx0PPBou9SL6j + Yy/ZJ18vzPlKYZsrj5RnnHetDSpYxPf5cDM5xyPQUX0sZ1bTSHGB52ef9mgC + tqGqtLYzx/Y7hNyMNzJgDjqTmpbXVmS1hT7FcttRRkJwcDqOau6rLEdNuQHB + JjbuPSprKaIWduC6/wCrXuPQUAYFjqZjubx/sk7+ZIDhUyV46Hng0XmptJe2 + Un2SdfLZztZMFsj+Ed60NNljF5qBLgZlGOfajUJYzqOnEOCAz55H92gCC+1V + pLK4j+xXCbo3GWTAGQeTz0pbLVmjs4I/sVw22NRlUyDgdRz0rS1GaI6fdAOp + JifuP7ppdOmiGn2wLqCIk7j+6KAMKy1Ix3t7J9knbzGU7VTJXA/i54ovtSMt + 1ZP9knTy5CcMmC3HQc8mtDT5YxqOokuAC6Y5H92jUpYzeaeQ4OJTnn2oAjut + WZ7WZPsVyu5GGSmAMjqeai0/VWisYI/sVw+1FG5UyDgdQc1sXs0Rs7gB1/1b + dx6GotLliGm2wLqCI17j0oAxbTUimo30v2SdvM8v5QmWXC4+YZ4z2o1DUjLN + Zt9knTy5Q2GTBbjoOetaFjLGNV1IlxgmLHI/u0apLGZ7DDg4nGeR6GgBlxq7 + NBIv2G5GVIyY+Bx35qvpuqNDYQRfY7h9qgblTKn6HNbl1NEbaYB1+43celVd + IliXTLYFwCEHcUAZFtqRTU7yb7JO3mCP5QnzLgdxnjPajUtSMzWh+yTp5c6N + 8yY3YzwOetaFpLGNYv2LjBWLBz/s0avLGz2OHBxcoTz9aACXV2Mbj7DcjIPW + P/69UtK1RodPgi+x3Em0feRMqeexzXQzTReS/wA6/dPcelZ+iyxLpduGcAhf + UetAGXDqbLqlzN9knO9EG0J8wx6j3o1TUjMtsDaTx7J0b5kxnGeBz1PatC3l + jGtXbFxgxx85FGsyxslptcHFzGev1oAc2sMVI+w3PT/nn/8AXrO0jUzBp0MQ + tJ5NoPzImVPJ6HNdM80O0/OvQ9xWVoMsa6TbhnAIDdSP7xoAzY9SI1aaf7JO + d0SjYE+YYPUjPSjVNSM8MSm0nj2yo2XTAOD0HPU1oQyx/wBuXDbxgwpzn3o1 + qWNoINrg/v4+hHrQA/8Atlv+fC6/79//AF6zNH1I2+nRRC0nl27vmRMqcsTw + c11PnQ/31/MVjaBLGulQhnAOX6kf3jQBnrqbDWHn+yT8whdmz5vvZzj0o1bU + zPbKhtJ48SIcumBwenXrWgksf9vSNvGPs45yP71GuSxtZoA4P72Pv70AP/tl + v+fC6/79/wD16zNI1IwWQjFpPJ8zHciZHJPvXU+dD/fX8xWNoMsa6coZwDvf + qR/eNAGf/aR/tn7R9kn/AOPfbs2fP9/OcZ6UavqbT2TR/ZJ48sp3OmBwR3rQ + 82P/AISDdvGPsuM5H9+jXZY205grgncnQj+8KAH/ANst/wA+F1/37/8Ar1ma + TqZgtmQWk8mZHOUTI5PTr1rqfOh/vr+YrG0OWNbNwzgfvZOp96AM9tSJ1hLj + 7JPxCV2bPm+91xnpRrGptcadLF9knj3bfmdMKMMDyc1oPLH/AG9G28Y+znnI + /vUa/LG2kzBXBOU6H/aFAD/7Zb/nwuv+/f8A9eszStSMEUyi0nk3Su2UTIGT + 0PPUV1PnQ/31/MVjaJLGsE+5wMzydSPWgDPk1InVoZ/sk42xsNpT5jk9QM9K + XV9TafTpovsk8e4D5nTCjkdTmr80sf8Ablu28YEL8596drssbaTcBXBJA6Ef + 3hQALrDBQPsNz0/55/8A16zdM1Mwrc/6JPJvnkb5UzjPY89R3rp0mh2L869B + 3FZGjSxqt5lwM3Mp6/SgDPm1ItqltN9knGxHG0p8xz3Az2p+qaoZ9PniNncR + 7l+86YUc9zmrtxLGdatG3jAjk5yKk1qWJtLuArgkr6j1oAii1dliRfsNycAD + Ij4/nVDTdSMLXZ+yTv5k7t8qZ25xweetdJBNF5Mfzr90dx6Vl6RLGr32XAzc + uev0oAz7nUi+p2c32SdfLEnylPmbI7DPOO9TalqjTWE8X2O4TcpG5kwo+pzV + q7ljOsWDBxgLLk5/2an1eWJtMuQHBJQ9xQBVt9XZYI1+w3JwoGRHweO3NUtP + 1Joprxvsk7+ZKWwqZK8dDzwa6G1miFtCC6/cXuPSs7S5YxPf5cDM5xyPQUAZ + 93qRfUbGX7JOvlmT5SmGbK4+UZ5x3qfUNVaWxnj+x3CbkYbmTAGR1JzVm+lj + Oq6aQ4wDLnn/AGatapLEdNuQHUkxt3HpQBQtNWaO1hT7FcttRRkJkHA6jmql + jqRiur1/sk7+ZIDhUyV46Hng1v2M0QsrcF1BEadx6CqGmyxi81AlwMyjHPtQ + Bn3upNJe2Un2SdfLZjhkwWyP4eeatXurNJZzx/Yrhd0bDLJgDI6nnpU2oSxn + UNOIcEB3zyP7tXdRmiOn3IDqSYn7j+6aAMux1Vo7K3j+xXD7Y0GVTIOAORz0 + qtZ6m0d7eyfZJ28xkO1UyVwP4h2rc06aIafaguoIiTuP7oqnp8sY1HUSXABZ + Mcj+7QBn3+pGW5s3+yTp5chOGTBbjoOeTVy61ZntZk+xXK7kYZKcDI6nmpNT + ljN3p5Dg4lOefar97NEbO4Adf9W3cehoAx9P1VorGCP7HcPtRRuVMg8dQc1B + aakU1G+l+yTt5nl/KEyy4XHzDPGe1bOlSxDTbYF1BEa9x6VWsZYxq2pEuMHy + cc/7NAGfqGpNLLZt9knTy5g2GTBbg8Dnk1en1dmgkX7DcjKkZMfA4+tO1WWM + zWGHBxOueR6GtK5miNtKA6/cbuPSgDC03VGhsIIvsdw+1QNyplT9DmorfUim + p3c32SdvMEfyhPmXA7jPGe1a+kSxLplsC4BCDuKgtJYxrN+xcYKxYOfagDP1 + LUjMbT/RJ02To3zJjdjPA56mtCXV2Mbj7DcjIPJj/wDr0avLGzWOHBxcxnr9 + a1JpovJf51+6e49KAOe0rU2g0+GL7HcSbR95Eyp57HNMh1IrqtxP9knO9EG0 + J8wx3IzWpoksS6VbhnAIU9x6mo7eWMa1dtvGDHHzmgDP1PUjMtuPsk8eydG+ + ZMZx2HPU9q0m1hsH/QLn/v3/APXpusyxslphwcXMZ6/Wtdpodp+denqKAOZ0 + jU2g06GL7JPJtB+ZEyp5PQ5pI9SI1aWf7JOd0SjYE+YYPUjPStLQZY10m3DO + AQG6kf3jTYpY/wC3Z23jHkrzn3oAz9V1IzwxKbSePbKjZdMA4PQc9TWn/bLf + 8+F1/wB+/wD69M1uWNreHa4P76PoR61s+dD/AH1/MUActo+ptb6fHF9knkwW + +ZEypyxPBzQupH+2GuPsk/MIXZs+b72c4z0rQ0CWNdKiDOAcv1P+0aFlj/t5 + 23jH2cDOR/eoAz9W1Iz2oQ2k8fzocumBwenXrWn/AGy3/Phdf9+//r0zXJY2 + slCuD+8j6H3rZ86H++v5igDltI1IwWYjFpPJ8zHKJkcn60f2kf7ZFx9kn/1G + 3Zs+f72c4z0rQ0GWNdPAZwDvfqR/eNHmx/8ACQBt4x9lxnP+3QBn6vqRnsWj + NpPFllO50wOCO+a0/wC2W/58Lr/v3/8AXpmvSxtprhXBO5OhH94Vs+dD/fX8 + xQBy2k6mYLZ0FpPJmRzlEyOT069asQXZutdjYwSQ/uWGJFweuc/SrGiSxraS + BnA/eydT70rOj6/EVYH/AEduh/2qANyiiigAooooAKKKKACiiigD/9H90ptK + 09dWt7cQgRvG5I55I6U/V9J06302eaGAK6gYPPHI96hlh1UarArXKGUxvtbZ + wB3GKfq0OrLp0zXFyjxgDICYJ5HegDSj0TSjGpNuuSB6/wCNZul6Vp8/2vzY + Q3l3EiL14UYwOtXo7fW9i4u4wMD/AJZ1naZDqrfa/IuETFxIGymctxkj2oAf + caVp6araQLCBHIshYc84HHepdU0jToNPnmigCuq5B54/Wq9xDqo1S1V7hDKV + fa2zgDHORUupwasthO09yjxheQEwSPrQBeg0XS2hjZrdSSoJ6+n1rP03StPm + kvBLCGEczKvXgDHHWrkNvrRhjK3cYG0YHl9sVQ06HVWku/JuUUiZg2UzluMk + UAPutK09NTsYEhASXzdw552qCO9T6lo+mw2FxLFAFdEJB54P51VuodVGpWSv + coZD5uxgnA+XnI75qfUYNXWxnaa5RkCHICYJH1oAs2ui6W9tC726lmRSTz1I + +tUtP0rT5ri9SSEMI5dq9eBj61atrfWTbRFLqMKUXA2dBiqVhDqrXF4IrhFY + SfOSmcnHUelAD7zStPj1CxiSEBJS+4c84XIqzf6PpkVjcSxwKrJGxB54IH1q + neQ6qL+xWS4RnJfYQmAPl5yO9Wb+DWFsrgy3UbII23AJgkY5oAlstG0ySzgk + e3Us0aknnkkfWqljpWny3l7HJCCsTqFHPAI+tWLODWDaQGO6jVCi4BTJAxxV + Syh1U3d6IrlFcOu8lMgnHb0oAffaVp8V5YxxwgLK7BhzyAPrVu90bTI7OeRL + dQyxsQeeCB9ao30Oqi7shLcIzl22EJjBx39at3kGsC0nMl1GyBGyAmMjHNAC + 6fo+my2NvLJArM8aknnkkfWq1npWnyahfQvCCkRj2jnjK5PeprCDWGsoDFdR + qhRdoKZIGOKrWcOqm/vljuEWQFN5KZB+XjA7UAP1DStPhuLJI4Qokl2t15GP + rV650XS0tpXW3UFUYg89QPrWdfw6qs9mJblGYy4QhMYOOp9au3NvrIt5S91G + VCNkbOoxQAzTdH02awt5ZYAzugJPPJ/OoLXStPfVL6B4QUiEW0c8blyak06D + V2sYGhuUVCgwCmSB9agtYdVOp3qpcIJAI97FOD8vGB2xQA/UtK0+GSzEUIUS + TqrdeQc8da0J9F0tYZGW3UEKSOvp9azNSh1VXs/OuEcmZQuExhucE1fmt9aE + Mha7jI2nI8vtigCDStI06fT4JpYAzsuSeef1qK30rT31W7gaEGONYyo54JHP + el0uDVm0+BoLlEjK8ApkgfWo4IdVOqXSpcoJQqbm2cEY4wKAH6ppWnwfZPKh + C+ZcRo3XlTnI61pPomlBGIt1yAfX/GsrU4dVX7L59yj5uIwuExhucE1ovb63 + sbN3HjB/5Z0AVNI0nTrjTYJpoAzsDk888n3pkOlae2rXFuYQY0jQgc8E9aNJ + h1ZtOha3uUSMg4BTJHJ70yKHVTqs6rcoJRGu5tnBHYYoAfq2lafBHA0MIUtM + inryD1Fah0PSv+fdf1/xrI1WHVVjg8+4RwZkC4TGG7GtM2+t4/4+4/8Av3QB + n6LpWn3OmQzTwh3bdknPZiPWhNK086xJbmEeWsIYDnqT160zRodVfTYWtrlI + 4zuwpTJHzHvQkOq/2vIouU83yQS2zjbnpigB+r6Vp9vbxvDCFJlRTjPQnmtX + +w9K/wCfdf1/xrH1aHVVt0M9yjr5iYATHOeDWp9n1z/n7j/790AZ2jaVp9zY + JLPCHcswyc9mNA0rT/7aNt5I8vyA+3n727GetM0eHVXsEa3uERMtgFMn7xzz + QIdV/tkp9pTzvIB3bONu7pj60AP1jStPt7PzIYQrb0GRnoTz3rV/sPSv+fdf + 1/xrH1eHVVs83FwjpvTgJg5zxWp9n1z/AJ+4/wDv3QBnaRpWn3FoZJoQzb3G + eegPHeg6Vp/9srbeSPLMBbbz97djPWmaTDqrWhNvcIi734KZ5zzQYdV/thU+ + 0p53kE7tnG3d0x9aAH6zpWn22nyTQQhHBXBGe7Aetav9h6V/z7r+v+NY+sQ6 + qmnyNcXKPHlcgJg/eGOa1Ps+uf8AP3H/AN+6AM7SdK0+4t5HmhDESuo69AeO + 9EmlaeNYitxCPLaJmI56g9etM0qHVWgkMFwiL5r5BTPOeTRJDqv9rxKbhDKY + mIbZwBnpigCTWdK0+20yaaCEI67cEZ7sB61pjQ9KwP8AR1/X/GsnWIdVTTZm + ublHjG3KhME/MO9aQt9bwP8AS4/+/dAGfpWlafPHcGaEMUndR14A6CibStPX + Vre3WECN43JHPJHSmaXDqrJceRcIgEzhspnLdzRNDqo1W3VrlDKUfa2zgDvx + QBNq+k6db6dPNDAFdQMHnjke9X49E0oxqTbrkgev+NZurQasunzNcXKPGAMg + Jgnkd6vR2+t7FxdxgYH/ACzoAo6XpWnzm882EN5dw6L14UYwOtFxpWnpqtpA + sIEciyFhzzgcUzTIdVY3fkXCJidw2UzluMkUXEOqjVLRXuEMpWTa2zgDHORQ + BY1TSNOg0+eaKAK6rkHnj9atQaLpbwRs1upJUE9fT61S1ODVlsJ2nuUeMLyA + mCR9atQW+tGGMrdxgbRgeX2xQBT03StPmlvFlhDCOZlXrwABxRd6Vp8ep2EK + QgJL5u4c87VBHemadDqrSXnk3CKRMwbKZy2ByPSi6h1UalYrJcoZG83YwThc + Lzkd8igC1qWj6bDYXEsUCq6ISDzwfzr8mL7/AI/bj/ro/wDM1+smowautjO0 + 11GyBDuATBI+tfk3ff8AH7cf9dH/AJmv2Xwi+LE/9u/+3H57x7tR/wC3v0PY + v2fY0l+JtijjIMNx/wCizX35Na26zwKEADFs++BXwF+z6JD8TbEREK3k3HJG + f+WZr78lS6E8IaQFiWwcdOK8zxP/AORjH/AvzZ38Ff7o/wDE/wAkTT2lssMj + KgBCkj8qWGztmhRmjBJUE/lTJkuxDIWlUjac8dsUsKXhiQrKoG0Y49q/OT64 + ZDawNNMrICFIx+VJPawLLCqoAGYg/lSQpdGaYLIAQRnjrxRMl0JYd0gJJOOO + lAE81nbLE7CMAhSf0pILS2aGNmQElQTSSpeeU+6VSNpz8vtSQJdmFCsigbRg + Y7UANitYGuJ0KAhduB6ZFFxa26vCFQAM2D9KbEl19omCyAMNuTjrxxROl0Hi + 3yKSW446GgCxJZ2wjciMZANMt7S3eBGZASQM0siXnltmVSMH+GmW6XZgQpIo + XHAxQAkVrA1zMhQbV24H1FJc2tuhh2oBucA/SkjS6+0zBZAGG3Jx144ouEug + Yt8gOXGOOhoA/ET/AIKXftzap4NuvGv7JfhPwv5F7qVna29zrZuyxNrfwpLN + FHbCIfM6OYixkPBJC5Ix9Kf8Esv2ctR+DP7P0vifxnpj6f4m8eXQvpYZ0Mc8 + NjCpjs4pFPKkgyS4PIEoBAIIr9BrrwH4WutbPim70TTZtZAX/Tns4muvkAC/ + viu/5QABzxjiujtkujAhSRQuOARUqOt2O55B+0BbQf8ACjPieuwYTwxq5Hsf + sUtfjJ/wRNRX1H4u7hnI8Pj8C1/mv3vutPTU0vNN1COK6trqIxTxTRiSKWKR + SrI6MCGVgSCCMEcGuV8N/DXwN4AaVvA/hvSfDrXzxCc6bYQWZlMe7Z5nkou/ + bubGc4ycdTQ463EmdtBo+l2cbR2lrHArEsQihQWPU4Hc9zSWlrbyW6O6Ak55 + /GpjHe4P71f++agtEujboY5FVecAjPeqAgn0rTb6WWzvbaO4gKg7JFDKT9DT + 5bCytIYorWFYkVlUKowAPQAU9UuvtTgSDdtGTjtRdJdBU3yA/OMYHegC39it + f+eYqtZ2sElsjugLHPP41P5d7/z1X/vmq1ml0bdDHIFXnAIz3oAcLW3+1tHs + G0IDj3zRd2sEcYKIAdwFNCXX2th5g37BzjjGaLpLoRjzJARuHQd6ALf2K1/5 + 5iq1nawSQBnQEkn+dT+Xe/8APVf++arWiXRgBjkCrk8EZ70AO+ywfbPL2Db5 + ece+aLu1gjh3IgByP503ZdfbMeYN/l9ccYz0ou0uhDmSQEZHQe9AFv7Fa/8A + PMVVtLWCSLc6AncR+tWPLvf+eq/981WtUujF+7kCjJ6jNACm1t/tgj2Dbszj + 3zS3lrBHbs6IARjn8aaUuvtYHmDfs644xmi7S6FuxkkDLxwBjvQBb+xWv/PM + VVtbW3kjfegb5mH4VY8u9/56r/3zVa1S6KP5cgA3HOR3oArW2jaTYXXk2NpF + bpICzCNAgZs9TjGTVu8tbeO2d0QAjHP401kuvtagyDftPOOMZou0uhbuZJAy + 8ZAGO9AFsWVr/wA8xVa2tbdxJuQHa7AfQVOI73/nqv8A3zVa2S6Ik2SAfO2e + O9ACvawC6jQINpUkinXVrbx27uiAECmOl19qjBkG7BwcUt0l0LdzJIpXHIAo + BjbnRNI1CJEv7OK5VcMBIocA+oB70tpZ2xWRfLGEcqoHAAHQVYWO82jEq9P7 + tV7ZLo+bskA/eNnjv60AOktYBcwoEG1g2R9BTrm0t0gdlQAgcVHIl19piBkB + YhsHHTin3KXYgcvIpXHIAoBkyWdsUUmMZIFQW9rbu0wZAdrkD6VKiXmxcSrj + A/hqC3S6LS7JAMOc8dTQA6W1gW5gQIArbsj1wKfcWlukEjKgBAOKilS6+0QB + pAWO7Bx045p9wl2IXLyKVwcjFAEkVnbNEjGMZIFRQWsDSTBkBCtgVJEl55ab + ZVAwMfLUMCXRkm2yAENzx1NADprW3WeFQgAYnP5VJPaWywyMqAEKSPyqGVLo + TQhpFJJODjpxUsyXYhkLSKRtORjtigBYLS2aGNmQElQT+VRw2tu08ysgIUjH + 5U+FLswxlZFA2jAx2xUUKXRmmCyAMCMnHXigB09rAssKqgAZiD+VSzWdssTs + IwCFJ/SoJkuhLDukBJJxx0qWVLzyn3SqRg5+X2oA+Kv2mI0TXtDKjBayJP13 + mvmivpf9pgSDXtD3kEGyOPYbzXzRX9N8E/8AIqoej/Nn4xxJ/v1X1/RH6h+G + tNsV8J+FGEIBntbQP15zCpNdrc6LpaW8rrbqCqMQeeoH1riPDUWpDwn4V3To + Q1raeX8v3T5K4z612dxb6yLeUvdRldrZHl9Riv5jx/8AHqer/M/ZcL/Cj6Ij + 0zSNNm0+CWWAM7oCTzyfzqG20rT31S9gaEFIxHtHPGRzT9Ng1drCBoblEQqM + ApkgfWobaHVTqd4qXKCQCPe2zg8cYHbFchuP1PStPhazEUIXzJ0VuvKnOR1r + Rl0TS1idhbqCFJ7+n1rL1KHVVa0865R8zqFwmMNzgmtCW31ryn3XcZG05/d+ + 1AFbStI06fToJpoAzsuSeeefrUcGlae2rXUDQgxoiFRzwT170ulwas2nwNBc + okZXgFMkc+tRwQ6qdVuVW4QShE3Ns4I7cUAP1XStPgFr5UIXfcRo3XlTnI61 + pvomlBGIt14B9f8AGsnVIdVUWvn3KPmeMLhMYbnBrSe31vac3ceMH/lnQBS0 + fSdOuNNgmmgDOwOSc88n3psWlae2rz25hHlrErAc9SaTSIdVbToWt7lEjIOA + UyRye9Nih1X+1plW5QSiNcts4IzwMUAP1bStPgihaGEKWmRT15BPI61q/wBh + 6V/z7r+v+NY+qw6qsUJnuUcGZAMJjDZ4Nan2fXP+fuP/AL90AZ2i6Vp9zpsU + 08Id23ZJz2Yj1oTStPOsvbGEeWIQwXnruxmmaNDqr6dE1tcpHGd2FKZI+Y55 + oWHVf7YdBcJ53kgltnG3d0xQA/V9K0+3tUeGEKxkQZ56E81q/wBh6V/z7r+v + +NY+rQ6qtshuLlHXzEwAmOc8GtT7Prn/AD9x/wDfugDO0bStPuLFZZoQzFnG + TnsxAo/srT/7a+zeSPK+z79vP3t+M9fSmaRDqr2Sm3uERNzcFMnOTnmjydV/ + tnZ9pTzvs+d2zjbv6Y+tAD9Y0rT7eyMsMIVtyDIz0LDPetX+w9K/591/X/Gs + fV4dVWyJuLlHTcnATBzkYrU+z65/z9x/9+6AM7SNK0+4tWkmhDMJHGTnoDxQ + 2laeNZS2EI8swFtvPXdjPWmaTDqrWpNvcoi734KZ5zzQ0Oq/2wiG4TzvJJDb + ONu7pigB+taVp9tpss0EIR1K4Iz3YCtX+w9K/wCfdf1/xrH1mHVU06Vrm5R4 + 8rkBMH7wxzWp9n1z/n7j/wC/dAGdpOlafPDM00IYrM6jOegPA60SaVp41eG3 + EI8tomYjnqD9aZpUOqtDKYLlEAlcHKZy2eTRJDqv9rQqblDKYmIbZwBnkYoA + l1nSdPt9NmmhgCOoGCM+oHrWiuh6UVB+zr+v+NZWrw6qmnTNcXKPGAMgJgnk + d60Vt9b2j/S4/wDv3QBQ0rStPnW5MsIbZPIo68KMYFE+laeurW1usIEbo5I5 + 5I6d6ZpcOqstz5FyiYncNlM5buaJodVGq2ytcIZSj7W2cAd+KAJ9W0nToNOn + mhgCuq5B545+tXYtE0pokY265IHr/jWfqsGrLp87T3KPGByAmCefWrkVvrXl + ptu4wMDH7ugClpmlafM14JYQ3lzui9eFGMDrRc6Vp6apZwLCAkgk3DnnA4pm + mw6qzXfk3KJidw2UzluMkUXMOqjU7NXuEMhEm1tnA45yO+aALOp6RpsGnzyx + QBXVSQeeD+dWbfRdLeCNmt1JKgnr6fWqepwauthO01yjxhTkBMEj61Ygt9aM + EZS7jC7RgeX2xQBU07StPmmvFlhDCOYqvXgY6daLvStPj1KwhSEBJfN3Dnna + uR3pmnQ6q014IblFIlIfKZy2Oo9KLuHVRqNislwjSN5mxgmAvy85HfIoAt6j + o+mw2FxLHAquiMQeeCB9altNG0yS1hke3UsyKSeepH1qtqEGrrYzma6jZAjb + gEwSMVLawaybWEx3UaqUXAKdBjigCtYaVp8t1epJCGWOQBRzwMUXulafFfWM + SQgLKzhhzzhcimWMOqtc3giuUVhIN5KZycdR6UXkOqi9shJcIzln2EJgA45y + O9AF2+0bTIrK4ljgUMkbkHnggHHelsdG0yWyt5JIFLPGhJ55JAz3qO+g1gWV + wZbqNkEb7gEwSMHIosoNYNnAYrqNUMa7QUyQMDFAEFlpWny319E8IKxMgUc8 + ZHPei/0rT4rqySOEKsshDDnkYpllDqpvb0RXCK4Zd5KZBOOMelF9DqourIS3 + KMxkOwhMYOO/rQBoXejaZHazSJbqGVGIPPUD61Fp2j6bNYW8skCs7opJ55JH + 1pbq31kWsxkuoyoRsgJjIxzUenwau1jAYrqNUKLtBTJAx60ARWmlafJqV/C8 + IKReVtHPG5cnvRqOlafDNZrHCFEkwVuvIx060y0h1U6jfLHcosg8veSmQ3y8 + YHbAo1CHVVmsxNcoxMoC4TGGx1PrQBpXGi6WlvK626gqrEdeoH1qtpmkabPp + 8EssAZ2UEnnk/nUtxb60IJC91GV2nI8vtiq+mwau1hA0FyiRlRgFMkD60AMt + tK099UvYGhBjjEe0c8ZHPejU9K0+BrMRQhfMnRW68qc5HWmW0OqnU7xUuEEo + Ee9tnB44wPajUodVVrTzrhHzOgXCYw3OCaANSXRNKWJ2FuuQD6/41S0nSdOn + 06CaaAM7Lknnnn61Zlt9a8t913GRg5/d1T0qDVm0+BoLlEjI4BTJHPrQAkGl + ae2rXMDQgxoiEDngnr3o1XStPgW2MUIXfPGp68qc5HWmQQ6qdVuVW5QShE3N + s4I7cUapDqqrbefcI+Z0C4TGG5waANZtD0oKSLdenv8A41naNpOn3GmwzTQB + 3YHJOfUj1q61vre05u4+n/POs7SIdVfToWt7lEjIOAUyRye9ADotK09tYmtz + CPLWJWA56k/WjVtK0+CGFoYQpaZFOM9CeR1pkcOq/wBrTKtwglEa5bZwRngY + o1WHVVhiM9yjgyoBhMYbPBoA2P7D0r/n3X9f8aytF0rT7nTYpp4Q7tuyTnsx + HrWj9n1z/n7j/wC/dZejw6q+nRNb3KRx/NgFMkfMc8/WgB66Vp51l7cwjyxC + G289d2M9aNX0rT7e1V4YQrGRBnnoTzTFh1X+2HUXKed5IJbZxt3dMUatDqq2 + ym4uUdfMTgJjnPBoA2P7D0r/AJ91/X/GsrRtK0+5sRLNCHbc4yc9ifetH7Pr + n/P3H/37rL0iHVXsgbe4RE3NwUyc55oAf/ZWn/219m8keV9n37efvb8Z6+lG + saVp9vYtLDCFYMgyM92ANM8nVf7Z2faU877Pnds427+mPXNGrw6qlkxuLhHT + cvATBzkY5oA2P7D0r/n3X9f8aytI0rT7i1Z5oQzCRxnnoDxWj9n1z/n7j/79 + 1l6TDqrWzG3uURfMfgpnnPJoAe+laeNZS2EI8swlivPXdjNGtaVp9tpss0EI + R124Iz3YD1pjQ6r/AGwiG5TzvJJDbONu7pijWIdVTTpWuLlJI/lyAmCfmGOf + rQBsf2HpX/Puv6/41laTpWn3EMzTQhiszqM56A8DrWj9n1z/AJ+4/wDv3WXp + UOqtDMYLlEAlcHKZy2eTQA+XStPXV4LcQjy2iZiOeoNO1jSdOt9NnmhgCuoG + CM8cj3qKWHVf7WhVrlDKY2w2zgDPIxTtXh1VdOma4uUeMAZATBPI70Aai6Hp + RUE269Pf/GszS9K0+dboywhtk8iL14UYwOtX1t9b2jF3H0/551m6ZDqrLc+R + comJ5A2Uzlu5oAfPpWnrq1tAsIEbo5I55I6d6k1bSdOg06eaGAK6rkHnjn61 + BPDqo1W2VrlDKUfa2zgDvxUmqwasunztPco8YHICYJ59aANCLRNLaJGNupJU + Hv6fWs7TNK0+drwSwhvLndV68KMYHWrsVvrRiQrdxgYGP3ftWfpsOqs135Nw + iYncNlM5bjJFAD7nStPTVLKBYQI5BJuHPOBx3qbU9I02HT55YoArohIPPB/O + q1zDqo1OzV7hDKRJsbZwOOcj3qbUoNXWwnaa5R0CnICYJH1oAuW+i6W9vE7W + 6ksqk9epH1qhp2lafNNeLJCGEcxVevAx061bt7fWjBGUu4wu0YHl9sVR0+HV + WmvBDcopEpD5TOWx1HpQA+80rT49SsIUhASUybhzzhcirGo6PpsNhcSxwKro + jEHnggfWql3Dqo1GxWS4RpCZNhCYC/Lzkd81Y1CDV1sZzNdRsgRtwCYJGKAJ + 7PRtMktIJHt1LMiknnqR9ap2GlafLdXqSQhlikAUc8DFWbSDWTawmO6jVSi4 + BTOBjiqdjDqpur0RXCKwkG8lM5OO3pQA+90rT4r2xiSEBZWYMOeQF+tW77Rt + MisriSOBQyRuQeeCAcd6o3sOqi9shJcozlm2EJgA45z61avYNYFnOZbqNkEb + bgEwSMcigB9jo2mS2VvLJApZ40JPPJIGe9VbLStPlvr6J4QViZAo54yuTU9j + BrBsrcxXUaoY02gpkgYGBVWzh1U3t6I7hFcMm8lMgnHGB2oAfqGlafFdWSRw + hVlkIYc8jFXbvRtMjtZpEt1DKjEHnqB9az7+HVVubIS3CMxkOwhMYOOp9auX + UGsi1mMl1GyhGyAnUY5oATTtH02awt5ZIFZ3RSTzySPrVe00rT5NSv4XhBSL + yto543Lk96k0+DV2sYGhuo1Qou0FMkDHrUFpDqp1G+WO5QSL5e9inDZXjA7Y + oAfqOlafDLZrHCFEkwVuvIweOtX7jRdLSCRlt1BCkjr6fWs3UIdVWWzE1yjE + zALhMYbHU+tXp7fWhBIXu4yu05Hl9sUARaZpGmz6fBLLAGdlBJ55P51DbaVp + 76reQNCDHGsZUc8ZHNP0yDV2sIGhuUSMqMApkgfWobeHVTql2qXCCUCPc2zg + 8cYHagB+qaVp8Bs/KhC+ZcIjdeVOcjrWjLomlLE7C3XIB9f8ay9Th1VTaefc + o+Z0C4TGG5wTWhLb615b7ruMjBz+7oAq6TpOnXGnQTTQBnYcnnnk+9Mh0rT2 + 1a5t2hBjREIHPBPXvRpUGrNp8DQXKJGRwCmSOfWmQw6qdVuFW5QShE3Ns4I7 + cUAP1XStPgW2MUIXfPGp68qeo61ptoelBSfs6/r/AI1k6pDqqrbefco+Z0C4 + TGG7GtJrfW9p/wBLj/790AUtG0nT7jTYZpoA7sDknPqR602PStPOsTW5hHlr + ErAc9SfrTdIh1V9Oha3uUSMg4Upkjk96SOHVf7XlUXCCURLltnBGemKAH6tp + Wn28ETQwhS0qKcZ6E8jrWr/Yelf8+6/r/jWPqsOqrDEbi4RwZUAATGDng1qf + Z9c/5+4/+/dAGdo2lafc6dHNPCHdi2Sc9mI9aF0rTzrL23kjyxAG289d2M0z + R4dVfT42trlEjy2AUyfvHPNCw6r/AGwyC4TzvJB3bONu7pj60AP1fStPt7VZ + IYQrGRBkZ6E81q/2HpX/AD7r+v8AjWPq0Oqrag3FyjrvTgJjnPFan2fXP+fu + P/v3QBnaPpWn3FkJJoQ7b3GTnoDxR/ZWn/22LbyR5X2fft5+9vxnr6UzSIdV + ayBt7hETc3BTJznmjydV/tkJ9oTzvIzu2cbd3TH1oAfrOlafbWDSwwhHDKMj + PdhWr/Yelf8APuv6/wCNY+sQ6qlixuLhHTcvATBzkYrU+z65/wA/cf8A37oA + ztI0rT7i2d5oQzCRxnnoDxU8Vla2muxpbxhB5DNx65xVXSYdVa2c29yiL5j5 + BTPOeTViCO9TXYxdyrI3ktyq44z0/OgDpaKKKACiiigAooooAKKKKAP/0v3P + l1RW1WCf7POAsbDaY/mOe4GelP1bVFn06aEW06bgOXjwo5HU5q/Ow/ty1Of+ + WT0/XWU6Tcc9h/MUARx6ygRR9kueAP8All/9es7TNTWH7Xm3nfzLiR/lTOM4 + 4PPB9RXURMvlpyOgrJ0ZgPt3P/L1L/SgDNuNTV9UtZ/s84CK42lPmOR2Gefe + pdT1VJrCeIW06blxlo8AfU5q7dMP7asTn+CX+VTayy/2Xc8/wUAVodYRYY1+ + yXBwoGRHx0+tUNO1RYZLwm2nbzJmb5UzjOODzwa6a3Zfs8XI+6v8qy9JZfNv + +f8Al4b+QoAzbrVFfUrKb7POPL835THhjuXHAzzjvU+o6sk1jPELa4TchGWj + wB9Tmrd6y/2xp3Pab/0EVZ1Zl/sy55/5ZtQBRttYRLaJPstwdqKMiPIOB25q + lYamsVxeMbedvMk3YVMkcdDzwa6OzZfscHI/1a/yrO0th9q1Dn/lt/SgDNvN + UWS/sZfs86+WX4KYJyuOB3qzf6uktlcRi1uF3xsMtHgDI6k56VZv2X+09N5/ + ik/9Bq5qbL/Z11yP9U/8jQBmWerpHaQR/ZbhtqKMiPIOB25qpZaosd3eyfZ5 + 28x1OFjyRgd+eK6DT2X7Bbcj/VJ/6CKo6cw+36jz/wAtF/8AQaAM2+1NZbuy + k+zzr5bscNHgnI7c81bvNXSS0nj+y3C7kYZMeAMjvzU+pMPt+nc/8tG/9Bq9 + qDL9gueR/qn/APQTQBkWGrJFZQRm1uG2ooyseQcDsc1Ws9UWO/vpfs07eaU4 + CZIwuOR2rd0tl/s215H+qT+VVLBh/ampc/xRf+g0AZt/qiyz2bC2nXy5d2GT + BPHQepq7c6wj28qfZbgbkYZMeAMjvzUuqMPtOn8/8tv6Vo3jL9kn5H3G/lQB + h6dqyQ2MERtp32oBlY8g/Q5qC11NU1O9m+zznzBH8oTLDC45HbPatvSWX+zL + bkf6tarWTD+2NR57Q/8AoNAGbqWqLNJZkW06eXMrfMmM47D1NX5tYRoZF+yX + AypGTHx0+tP1dgZbDn/l4T+talwy/Z5eR91v5UAc7peqrBp8ERtp32rjKx5B + +hzUcGqKuqXU32ac71QbQnzDA7jPFbGiso0u25/h/rUNqw/tq9Of4Iv5GgDN + 1PVFm+y4tp08u4jf5kxnGeBzyfQVovrKFGH2S55B/wCWX/16XWWX/Qef+XqL + +ta8jL5bcjoaAOZ0nVFg06GE2077QeUjyp5PQ5pkWqKuqzz/AGecho1G0R/M + MdyM9K1dCZRpNvz2P8zTIGH9uXRz/wAskoAzdV1NZ44ALedNsyN8yYzjsOet + aZ1pP+fS5/79f/XpNbYGK2wf+XiP+dbJZcdRQBymjaotvpsMJtp5Nu75kjyp + yxPBzQmqKNXkuPs0+DCF27Pm69cZ6VpeH2A0i3yf73/oRojZf7elOf8Algv/ + AKFQBm6tqiz26ILedMSIctHgcHp161qf20n/AD6XP/fr/wCvTdcYG1j5/wCW + 0f8AOtrcvqKAOT0fU1t7BIjbzyYLHKJkcse+aBqi/wBsm4+zz48gLt8v5vvZ + zjPT3rS0BgNMjyf4n/8AQjQGX/hIGOf+XYf+h0AZur6mtxZ+WLedPnQ5dMDg + +tan9tJ/z6XP/fr/AOvTdeYGw4P/AC0T/wBCra3L6igDk9J1RYLQxm3nf53O + UTI5P1oOqL/bC3H2afAgK7dnzfeznHpWloTAWJ5/5aSf+hUMy/8ACQKc/wDL + sf8A0OgDN1jVFuNPkiFtOmSvLpheGB61qf20n/Ppc/8Afr/69N19lOly890/ + 9CFbW5fUUAcnpWqLBBIpt53zK7ZVMgZPTr1ok1NTq8Vx9nnAWJl27PmOT1A9 + K0tDYC2l5/5bSfzolYf29Cc/8sG/nQBnaxqi3GmzQi2nj3bfmePCjDA8mtIa + 0mB/olz/AN+v/r0eIGB0i4wf7v8A6EK2Ay4HIoA5TS9TWBLgG3nffM7fKmcZ + 7HnrRNqitqtvP9nnARHG0x/Mc+gzWlojAR3WT/y8Sf0onYf25anP/LKSgChq + 2qLPp80Qtp03ActHhRyOpzV6PWUCKPslycAf8s//AK9S64ynSbjn+EfzFaUT + L5ScjoKAOX0zU1hN3m3nfzLh3+WPOM44PPB9qLjU1fVLSf7NOBGsg2lPmOR2 + Hf3rS0ZgDfc/8vUn9KLph/bVic/wy/yoApanqqzWE8Qtp03LjLR4A+pzVqDW + EWGNfslwcKBkR8dPrVnWWU6Xc8/wVdtmX7PFyPuL/KgDmtO1RYZLwm3nbzJm + b5UzjIHB54NF1qivqVjN9mnHleb8pTDHcuOBnnHetLSWXzr/AJ/5eG/kKL1l + /tfTef8Ant/6CKAKmo6sktjPELW4XchGWjwB9Tmvybvv+P24/wCuj/zNfrxq + zL/Zlzz/AMs2/lX5FaipTULpG6rK4P4Ma/ZfCL4sT/27/wC3H57x7tR+f6Hr + 37Pr+X8TbF9pb9zccKMn/VmvvyW5DTwt5bjaW4K8njtXwF+z7KkfxS01WODL + HcKPr5TN/IV+g05H2m3+rfyrzPE9f8KMf8C/OR3cFP8A2R/4n+SIproNDIvl + SDKkZK8dKWG7CxIvlSHCgZC8dKtXBH2eX/db+VFuR5Ef+6P5V+cn15QhuQs0 + zeW53EcBeRx3omuQ0sJ8txtJPK9fpVm3I8+4/wB4fyouSPOt/wDeP8qBkct2 + GiceVIMqeq8dKSC6CwovlSHCgZC8VcnI8iT/AHT/ACptsR9ni/3R/KgRRiuQ + txM/lud23gLyMDvRPchniPluNrZ5Xr9KswEfarj/AID/ACouSPMg/wB/+lAD + JLsGNh5UgyD/AA0y3ugkCL5UhwOoXir0pHlP/un+VR2hH2aP/dFAFKO5AuZn + 8tzu28BeRgd6Li5DmI+W42uDyvX6VZhI+13H/AP5UXZG6D/roKAGvdgqR5Un + Q/w1FbXQSBF8qQ4HULkVoORsb6GoLMj7LH9KBlRLkC5lfy35C8beePWi5uQ/ + lfu3G2RTyuM47D3qzGR9sm+i0XhH7j/rqtAhDeDB/dSf981BaXIS3RPLdsZ5 + C5HWtIkYNVrEj7LH+P8AOgZVW5Aunfy35UDG3mi6uQ6oPLdcODyuKsoR9tk/ + 3RRekbI/+ui0CD7YP+eMn/fNVrO5EduieW7YzyFyOtauRVOwI+yR/j/M0AVh + cj7W0nlvygGNvPWi6uQ8YHluvzA8rirKkfbm/wCuY/nRekeUv+8v86AD7YP+ + eMn/AHzVa0uRHAF8t2wTyFyOtauRVOwI+zL9T/OgCt9pH2zzPLf/AFeMbeev + XHpRd3IeHb5bryOSuB1qzkf2h/2y/wDZqL4jyP8AgS/zoAPtg/54yf8AfNVr + W5CRY8t25J4XNauRVOxI8k/7zfzoGVjcj7WJPLf7mMbeevpRd3Ikt2Ty3XOO + SuB1qySPt4/65/1ovyPsr/h/OgQfbB/zxk/75qta3IRGHlu2WJ4XNauRVOyI + 8t/99qAKzXI+1q/lvwpGNvPWi7uRJbunluucclcDrVliPtyf7h/nRfkfZJPw + /nQAC8H/ADxk/wC+arW1yEEn7tzl2PC561qAjFVLMjEv/XRqAKz3IN1G/lvw + CMbeaW6ug9u6+W65HUrgVYkI+2xf7rU69I+yyfSgGMW7AUDypOn92q9tchPN + /dud0jHhc4z2PvWmhGxfoKq2ZH7/AP66tQBWkuQbmJ/LcbQ3G3k5Han3F0Hg + dfKkGR1K8VNKR9sg+jfyp92R9mk+lAMiS7ARR5UnAH8NQW9yEaU+W53OTwvT + 61pRkeWv0FVrUjfP/wBdDQBWluQ1xA/luNu7grycjtT7i6DwuvlSDIPJXipp + iPtdt/wP+VSXRH2aT/dNAEEV2BGg8qQ4A6LUMFyFkmPludzZ4Xp9a0ISPJj/ + AN0fyqC2I824/wB7+lAFaW5DTQt5bjaTwV5PHapJroNDIvlSDKkZK8dKlnI+ + 02/1b+VTXBH2eX/db+VAFWG6Cwxr5UhwoGQvHSoobkLNM3ludxHAXkcd6v25 + H2eL/dX+VQ25H2i4+q/yoGVprkNLCfLcbSTyvX6VLLdhonXypBkHqvtUlyR5 + 1v8A7x/lU85Hkyf7p/lQI+H/ANph9+vaGNpG2yI5HX5z0r5or6V/aZlRvEei + QA/MlgGP0aRgP5Gvmqv6b4KX/CXQ9P1Z+L8SP/bqvr+iP1B8NaireE/Co8iY + eTa2h5T72IVHy+tdpcawj28qfZbgblYZMfAyO/Nc74fXy/CvhGNuqW1oD9RC + tdxdsv2Wbkfcb+VfzFjv48/V/mfs2G/hx9EYOm6qkNhBEbad9qgZWPIP0Oah + ttUVNTvJvs058wR/KEywwO47Z7VtaOy/2Zbc/wAAqvZsv9s6hz2i/wDQTXKb + mbqWqLM1oRbTp5c6t8yYzjPA9TWhLrKNE6/ZLkZU9Y/b607V2XfYc/8ALyn9 + a1Z2XyZOR90/yoA5zS9VSDT4IjbTvtXGVjyp57HNRwamq6rcz/Z5yHRBtCfM + Meo7Vr6Ky/2Vbc/w/wBaitmH9t3hz/yzjoAzdU1NZxa4t502Txt8yYzjPA9T + 6CtJ9ZQqR9kueh/5Zf8A16NaYFbPn/l5i/rWu7LsbkdDQBzGkaotvp0MJtp3 + 2g8pHlTyehpsWqKNWmn+zzkNGo2iP5hg9SM9K1NBYDSbfJ7H/wBCNNhYf27c + HP8AyxT+dAGbquqLPFCotp02zI3zJgHB6DnrWp/bSf8APpc/9+v/AK9N1tl8 + i35/5bx/zra3L6igDk9G1NbfTooTbzybd3KJlTlieDmhdUUaw9x9mnwYQu3Z + 833s5x6VpeHmA0iDJ/v/APoRoRh/b8hz/wAu4/8AQqAM3VtTWe2VBbTpiRDl + 0wOD069a1P7aT/n0uf8Av1/9em66wNmmD/y1j/nW1uX1FAHJ6Rqi29ksRt53 + wzHKJkcknrmj+1F/tn7R9mnx9n2bdnzffznGenvWloLKNNXn+N//AEI0bl/4 + SHOf+XX/ANnoAzdX1RZ7Ixi2nT5lOXTA4IPXNan9tJ/z6XP/AH6/+vTdeZTp + x5/jT/0IVtbl9RQByek6osFqyG2nf53OUjyOT9aG1RTrCXH2afAhK7dnzfez + nHpWloTAWTZP/LWT+dDsP7fjOf8Al3P/AKFQBm6zqa3GnSwi3nj3FeXTC8MD + 1rU/tpP+fS5/79f/AF6b4gYHSZsHun/oQra3L6igDk9K1RYIZVNvO+6V2yqZ + Ayeh96JNUU6tDP8AZ5wFiZduz5jk9QM9K0tEZfs8/P8Ay3k/nRKw/t2A5/5Y + v/OgDO1fVFuNOmhFtOm4Dl48KOR1Oa0V1pNo/wBEuf8Av1/9ena8wOkXGD2X + /wBCFaysu0cjpQByul6osK3INtO++d2+VM4z2PvRNqatqttP9nnARHG0p8xz + 6DNaWisuy75/5eZf6UXDD+27Q5/5ZyUAUdV1VJ9PniFtOm4Yy0eFHPc5q5Fr + KLGg+yXJwB0j/wDr1PrbL/ZVzz/D/UVoQsvkpyPuj+VAHMabqiwtdk287+ZO + 7fLHnGccHng+1FzqivqdnN9nnHliT5SmGOR2HfHetLR2Xdfc/wDLzJ/Si7Zf + 7ZsOf4Zf5CgCnqeqpNYTxC2nTcpGWjwB9TmrEGsIsEa/ZLg4UDIj46fWresM + v9l3PP8AAauWrL9mi5H3F/lQBzWnamsU14xt528yUthUyRx0PPBou9TWTUbG + b7POvleZ8pjwzblx8ozzjvWlpLDz9Q5/5bn+VF8w/tfTef8Ant/6DQBU1DVk + lsZ4ha3C7kYZaPAHHc5qW11dEtYU+y3DbUUZEeQcDtzWhqrL/Ztzz/yzb+VT + WLL9it+R/q0/kKAOdsdUWK5vHNvO3mSA4WPJHHQ88Gi81RZL2yl+zzr5bOcF + ME5GOBnmtLTGH2zUOf8AlqP5Uagy/wBpadz/ABv/AOg0AV77V0ksriP7LcLv + jcZaPAGQeSc9KLLV0js4Iza3DbY1GRHkHAHIOelaupMv9nXXI/1T/wDoJo05 + l/s+15H+qT/0EUAYFlqax3t7IbedvMZTgJkjA7jPFF/qay3Vk4t518uQnDR4 + J46Dnk1pacw/tHUef40/9Bo1Nh9t0/n/AJan+VAEN1q6PazJ9luF3IwyY8AZ + Hfmo9P1ZIrGCI2tw21FGVjyDgdjmtq+ZfsVxyP8AVv8AyNQ6Uy/2ba8j/Vr/ + ACoAw7TVFTUb6b7PO3m+XwEyy4XHI7Z7UahqiyzWbC2nXy5Q2GjwTx0HPJrS + sWX+1tSOe8P/AKDRqrD7RYc/8tx/I0AR3GsI8Ei/ZLgZUjJj46fWq+maqkNh + BEbad9qgZWPIP0Oa3rpl+yzcj7jfyqpo7L/Zdtz/AACgDGttUVNTvJvs058w + R/KEywwO47Z7UalqizNaEW06eXOjfMmM4zwPU1pWjD+2dQ5/hi/9Bo1hgXsO + f+XlP60ANl1lDG4+yXIyD1j/APr1T0rVVg0+CI2077V6rHlTz2Oa6OZl8l+R + 90/yrP0RlGlW3P8AD/WgDIh1RV1S5n+zTkOiDaI/mGPUZo1TVFmW2Atp02To + 3zJjOM8D3rSt2H9t3hz/AMs46NaYFLPn/l5j/rQANrSFSPslz0/55f8A16zt + I1RbfToYTbTvtB5SPKnk9Dmupdl2NyOhrJ0FgNIt8ns3/oRoAy49TUatNP8A + Z5yGjVdoT5hg9SM9KNV1RZ4YlFvOm2VGyyYBweg561pQsP7duDn/AJYp/OjW + 2Bt4Of8AlvH/ADoAd/bSf8+lz/36/wDr1l6Pqi2+nRQm3nk27uUTK8sTwa6z + cvqKxfD7AaTDk93/APQjQBmrqijWHuPs0+DCF27Pm+9nOM9KNW1RZ7ZUFvOm + JEOXjwOD069a0kZf7fkOf+Xcf+hUa6wNmnP/AC1j/nQA7+2k/wCfS5/79f8A + 16y9H1NbeyEZt53+ZjlEyOT65rrNy+orF0BgNOXJ/jf/ANCNAGb/AGov9s/a + Ps0+Ps+zbs+b7+c4z096NX1RbiyaIW86ZZTl0wOCD1zWluH/AAkOc/8ALr/7 + PRrzKdNbn+NP/QhQA7+2k/59Ln/v1/8AXrL0nVFgtmQ2875kc5SPI5PTr1rr + Ny+orF0JgLN+f+Wsn86AM1tTU6wlx9nnwISu3Z833s5xnpRrGqLcadLCLeeP + dt+Z48KMMDyc1pOw/t+M5/5dz/6FR4gZTpM3PdP/AEIUAO/tpP8An0uf+/X/ + ANesvStTWCGZTbzvuldsqmQMnoeetdZuX1FYuiMBBPk/8t5P50AZsuqKdWhn + +zzgLGw2mP5jk9QM9Kdq+qLcadNCLadNwHLx4Ucjqc1oTMP7dtzn/li/86dr + zKdJuOew/wDQhQA1daQKB9kuen/PL/69ZumaosK3Obad988jfLHnGccHnr6i + uqRl2LyOgrH0Zl23nP8Ay8y/0oAzZ9UVtVtp/s842I42mP5jn0Gak1XVVn0+ + eIW06bl6tHhRz3OavXLD+27M5/5ZyVLrbKdKuef4f60AQRayixIv2S5OAOkf + t9az9N1RYWuybad/MndvlTOM44Poa6eBl8mPkfdH8qytHYB7/n/l5f8ApQBm + 3Opq+p2c32acCMSfKUwxyOwzzjvU2paqk1hPELadNykZaPAH1OauXbD+2dPO + f4Zf/Qasawy/2Zc8/wABoAp2+sIkEa/Zbg4UDIj4PH1qjp+qLFNeMbedvMlL + YVMkcdD6GuktWX7LDyPuL/Ks3SmX7RqHP/Lc/wAhQBm3eprJqNjN9nnXyjJw + UwzZXHyjvjvVjUNWSWxniFrcLuRhlo8AZHc5q1fsP7W03nvL/wCg1a1Vl/s2 + 65/5Zt/KgDPtNXSO1hT7LcNtRRkR5BwO3NU7HU1iur1zbTt5kgOFjyRx39DX + Q2LL9it+R/q0/kKoaYw+26hz/wAtR/KgDNvdUWS9spPs06+WzHBTBORjgZ5q + 1e6uklnPGLW4XdGwyY8AZB5Jz0qxqLL/AGjp3P8AG/8A6DV3UWX+z7rkf6p/ + /QTQBlWOrpHZW8f2W4bZGgyseQcAcg56VVs9UWO9vZfs87eYyHATJGBjkZ4r + f01l/s615H+qT/0EVS09l/tLUef40/8AQaAM2/1NZbmzcW06+XIThkwTx0HP + Jq5dauklrMn2W4G5GGTHgDI781NqbD7Zp/P/AC1P8q0L5l+xXHI/1b/yNAGJ + p+rJFYwRG1uG2ooyseQcDsc1Baamseo3032edvN8vgJll2rj5hnjPatzSmX+ + zbbn/lmv8qq2LD+19S5/54/+g0AZuoaosstmwtp18uYN8yYJ46Dnk1en1hGg + kX7JcDKkZMfHT61JqrL59hz/AMt1/ka07pl+zS8j7jfyoAwNM1VIbCCI2077 + VAyseQfoc1Db6mqapdzfZ5yJBGNoTLDA7jPGe1bOjsv9l23P8AqC0Yf2zfnP + 8MX8qAM3U9TWY2mLedPLnRvmTGcZ4HqfatCXWUaNx9kuRkHrH/8AXp2sMC1h + z/y8x/1rVmZfJfkfdP8AKgDm9K1VYNPgiNtO+0dVjyp57HNMh1RV1W4n+zzk + OiDaE+YY9RmtbQ2UaVb8/wAJ/majt2H9t3Zz/wAs46AM3VNUWZbYC2nTZOjf + MmM47D3rSbWk2n/RLn/v1/8AXo1pl2WnP/LzF/WthmXaeR0oA5bSNUW306GE + 2077QfmSPKnk9Dmkj1NRq81x9nnIaJV27PmGD1Iz0rU0BlGkW/PZv/QjTYmH + 9vTnP/LFf50AZuq6ms8MSi3nTbKjZZMA4PQe9an9tJ/z6XP/AH6/+vTdcYG3 + gwf+W8f862ty+ooA5PR9UW30+OI288mC3KR5XlieuaF1Rf7Ya4+zz4MIXbs+ + b72c49K0vD7KNKh57v8A+hGhWX+33Of+Xcf+hUAZuraos9qEFvOnzocvHgcH + 61qf20n/AD6XP/fr/wCvTddYGyXn/lrH/OtrcvqKAOT0jU1t7IRm3nf5mOUT + I5Prmj+01/tkXH2efH2fZt8v5vvZzjPT3rS0FgNPGT/G/wD6EaCw/wCEhBz/ + AMuv/s9AGbrGprcWLRC3nTLKcumBwR3zWp/bSf8APpc/9+v/AK9N19gdNfB/ + iT/0IVtbl9RQByek6osFs6G3nfMjnKR5HJ6detWILwXWuxsIpI/3LDEi7T1z + n6Va0NgLSTn/AJayfzpXIOvxYP8Ay7t/6FQBtUUUUAFFFFABRRRQAUUUUAf/ + 0/3Ql0fTl1aC2WECN43YjJ5I6d6fq2jabbadNPDCFdAMHJ9R6mo5Y9W/tWAN + NF5vlvtO04A75FP1aPV106Y3E0TR4GQqkHqKAL8eg6SUUm3GSB/E3+NZ2l6P + p1x9r86EN5dxIi8nhRjA61oRxa5sXE8OMD+E1naZHqx+1+RNEuLiQNuUnLcZ + I9qAFuNI05NVtLdYQI5FkLDJ5IHHepdU0bTLfT55oYQrouQctx+tQ3EerDVL + UPNEZSr7SFOAMc5qXU49YFhOZ5omj2/MFUg49qALcOg6S8MbNbgkqCfmb0+t + UNO0fTp5LwSwhhFMyryeFGOOtXoYtc8mPbPCBtGPlPTFUNOj1YyXfkzRKRM2 + /Kk5bjJHtQAt1o+nR6lYwJCBHL5u4ZPO1cjvU+o6LpkFhPNFAFdEJBy3B/Oq + 91Hqw1KyEk0RlPm7CFOB8vOan1GLWRYzmaaJo9h3AKQce1AE9roWlSW0UjwA + syKSdzdSPrVLT9I06a4vElhDCKXavJ4GPrVy2i1s20RjnhC7FxlTnGOKpWEe + rG4vPJmiDCT58qeTjtQAt5o+nRX9jCkICSlwwyecLkd6s3+iaXDZXEscADpG + xBy3BA471VvI9WF/ZCSaIyEvsIU4Hy85qzfRayLK4Ms0RQRtuAU5IxzigB9n + oely2cEskALPGpJy3UjnvVSx0fTpby9ikhBWJ1CjJ4BH1q1Zxa0bSAxTwhNi + 7QVOcY4qpZR6sbu9EU0QcOu8lTgnHagBb7R9Oiu7KOOEBZXYMMnkAfWrd5oe + lxWc8scADJGxBy3UDjvVO+j1YXdkJZoi5dthCnAOO9W7yLWhaTmWeIpsbcAp + zjHOKAEsNE0uaxt5ZIAzvGpJy3JI+tVrPSNOl1C+heEFISm0ZPGVye9WLCLW + TZQGGaIIUXaCpyBjjNVrOPVjf3wjmiEgKbyVOD8vGKAF1DR9Ohns0ihCiWXa + 3J5GPrV250LSo7aV0gAZUYg7m6gfWqN/Hqwns/OliZjL8mFIwcd6u3MWti3l + LzwldjZwpzjFAEWnaLpk9hBNLAGd0BJy3J/OoLXR9Ok1O9geEGOIR7Rk8bly + e9TadFrJsYDDNEsewbQVJOPeoLWPVjqd6I5ohKBHvJU4Py8YoAXUtH06CSzE + UIUSzKjcnlT261fm0HSUhkZbcAhSR8zen1rP1KPVhJZ+fNExMy7MKRhucE+1 + X5otc8mTdPCRtOflPTFAFbS9G0y40+CaaEM7rknLf41FBo+nPql1btCDHGqF + Rk8EjnvT9Lj1g6fAYJolj2/KGUk496jgj1Y6pdBJohKFTcSpwRjjFAC6no+n + W/2TyYQvmXEaNyeVOcjrWk+g6SEYi3GQD/E3+NZmpx6sPsvnzRNm4jC4UjDc + 4J9q0Xi13Y2Z4cYP8JoApaTo2m3OnQzzQhncHJyfU+hpkWj6c2rT2zQgxpGj + AZPBPXvTtJj1dtOhNvNEseDgMpJ6mmRR6t/a04WaLzfLXcdpwR2wKAF1XSNO + t44GhhCl5kU8nkHqOtah0DSP+fcf99N/jWVqserCOD7RLEw85Nu1SPm7E+1a + Zi13/nvD/wB8GgDN0bR9OutNhnnhDu27JyR0YjsaE0fTjrElsYR5awhgMnqT + jPWk0aPVm02E200Sx/NgMpJ+8c/rQkerf2vIomi87yRk7Tjbnpj1oAXVtH06 + 2t43hhCsZEU8noTz3rU/sDSP+fcf99N/jWVq0erC3Q3E0TL5iY2qQc54rU8r + Xf8AnvD/AN8GgDM0fR9OurBJp4QzlmBOSOjEDoaBo+nf2ybXyR5XkB8ZP3t2 + M9fSk0ePVmsENtNEseWwGUk/eOaBHq39slfOi87yBztO3bu6Y9c0ALq+kadb + WfmwQhW3oM5J4J56mtT+wNI/59x/303+NZWrx6stnm5liZN6cKpBznitTytd + /wCe8P8A3waAMzSNH065tDJPCGbe4zk9AeOhoOj6d/bK2vkjyjAXxk/e3Yz1 + pNJj1ZrQm3liVN78MpJznmgx6t/bCr50XneQedp27d3THrmgBdY0fTrXT5Jo + IQrqVwck9WA7mtT+wNI/59x/303+NZWsR6sunyG5miaPK5CqQfvDH61qeVrv + /PeH/vg0AZmk6Pp1zBI80IYrK6jk9AeO9EmkacNXithCPKaJmIyeoP1pNKj1 + YwSfZ5YlXzXzuUnnPNEkerf2vEpli87ymwdpxtz6etADtZ0fTrXTZp4IQrrt + wck9WA7mtIaBpGB/o4/76b/GszWI9WXTZjczRNH8uQqkH7wrSEWu4H7+H/vg + 0AZulaPp1xHcGaEMUmdByeFHQdaJtH05dWt7dYQI3jckZPJHTvSaXHqxS4+z + zRKBM+7cpOW7ke1E0erf2rbhpojKUfadpwB3yKAJNW0bTbbTp54YQroBg5Pq + Per0eg6SUUm3GSB/E3+NUNWj1ddPmNxNE0eBkKpB6ir0cWu7FxPDjA/hNAGf + pmkadcG786EN5dw6LyeFGMDrRcaRpyapaW6wgRyLIWGTzgcd6TTI9WJu/Ili + XFw4bKk5bjJHtRcR6sNUtA80RlKybSFOAMc5oAm1TRtMt9PnmhhCui5By3H6 + 1ag0LSXgjdoASygn5m7j61U1OPWBYTmeaJo9vzBVIOParUEWueTHsnhC7RjK + npigCjp2j6dPJeLLCGEUzKvJ4AA460XWj6dHqVjAkICTebuGTztXI70mnR6s + ZLzyZolImbflSctgcj2ouo9WGpWIkmiMh83YQpwPl5z+FAFjUdF0yCwnmigC + uiEg5bgj8a/Mz4m6FJ4d8c6vp7qVR5jPH6eXOPMXH0DY/Cv0y1GLWRYzmaaJ + o9h3AKQSPavmb9oT4d6nquiWvjm0VJZdNhWO4WNTuNt1Vz6+WSc+xz0FfoPh + vnEcLj/Z1HaNRW+fT/L5nynF+XyrYXngtY6/Lr/n8j5I8Ma5J4b8Q6frsS7z + ZTJIUzjeoPzLn/aXI/Gv050+60jWbSw1TSmE1pfJ5iMD1UjP4EdCOx4NflRX + rXw2+LeteAJRaMv23SmYsbdjgozdWjPY+o6H2PNfqHHXCk8fTjWw/wDEj07r + t6rofG8MZ7HCydOr8EvwZ+iU1lbJDIypghSRyfSiGytmiRmTJKgnk+leTaV8 + bPAWt2hf+2YrNyvzRXSNE4yOmTlD+DGuki+I3gsRIB4n0wAAcG4jyP8Ax6vw + 2rk2Mpy5Z0ZJ+jP0ynmOHkuaNRfejsIbS3eaZWTIUgDk+lE9pbpLCqpgMSDy + fSuLi+IvgoSykeJtNBJGSbiPB+nzUS/EXwUZIifE2mkg8EXEeB9fmrL+zMT/ + AM+pfcy/rtH+dfejupbK1WJ2VOQpI5PpSQWVs8MbsmSVBPJripPiN4LMbg+J + 9MPB4FxHn/0Kkh+I3gsRIB4n0xQAODcR5H/j1H9mYn/n1L7mH12j/OvvR2MV + pbtcTIyZVNuOT3FLPaW6PEFTAZsHk9K4qP4i+ChNKR4l00E4yTcR4PHb5qJv + iL4KLxZ8Taa2G4xcR8fX5qP7MxP/AD6l9zD67R/nX3o7qSxtVjZgnIB7mmW9 + nbPAjsmSQM8muNk+I3gsowPifTDweBcR/wDxVNg+IvgoQoB4m0xQB0NxHkf+ + PUf2Zif+fUvuYfXaP86+9HYx2lu1zNGU+VduBk9xRcWluhiCpjc4B5PSuLj+ + IvgoTykeJtNBO3JNxHg8dvmon+IvgomPPibTWw46XEfHufm6Uf2Zif8An1L7 + mH12j/OvvR3j2NqFJEfQHuahtbO2kgR3TJI55Nce3xG8F7T/AMVPph4/5+I/ + /iqjt/iL4KEKAeJtNUAdDcR5H/j1H9mYn/n1L7mH12j/ADr70dmlpbm5ljKf + KoXAye9Jc2lvH5WxMbpFB5PQ1xafEXwULiQ/8JNpoJA5+0R4P0+aif4i+Cj5 + efE2mthweLiPj3PzdKP7MxP/AD6l9zD67R/nX3o702Nrg/u/1NV7S0t5LdHd + Msc55PrXIn4jeC8H/ip9M/8AAiP/AOKqG2+IvgpYFC+JtNUejXEef/QqP7Mx + P/PqX3MPrtH+dfejs1tLc3TxlPlCggZNF1aW8aoUTGXUHk9DXFr8RfBX2h2/ + 4SbTQdo5+0R4P/j1Fx8RfBRVc+JtNb5h0uI+Pf71H9mYn/n1L7mH12j/ADr7 + 0d99gtP+ef6mqtnaW8tujumWOecn1rk/+FjeC/8AoaNM/wDAiP8A+Kqva/EX + wUsChfE2moOeGuI89f8Aeo/szE/8+pfcw+u0f5196O0Fpbm7aPZ8oQHGT1zR + dWlvHGGRMHcB1PeuLHxF8FfaS3/CTabnb977RHjr0+9Rc/EXwUyAN4m01vmH + AuI//iqP7MxP/PqX3MPrtH+dfejvvsFp/wA8/wBTVW0tLeWAO6ZJJ7n1rk/+ + FjeC/wDoaNM/8CI//iqr23xF8FLCAvibTVGTw1xHnr/vUf2Zif8An1L7mH12 + j/OvvR2n2S3+2eVs+Xy84yeuaLu0t44dyJg5A6n1ri/+Fi+CvtW7/hJtNzsx + u+0R469PvdaLn4i+Cmiw3ibTWGRwtxHn/wBCo/szE/8APqX3MPrtH+dfejvv + sFp/zz/U1VtLS3ki3OmTkjqexrk/+FjeC/8AoaNM/wDAiP8A+KqvbfEXwUse + F8TaaoyeGuI8/wDoVH9mYn/n1L7mH12j/OvvR2htLf7WItny7M4yeuaLu0t4 + rdnRMMMdz61xZ+Ivgr7SG/4SbTc7PvfaI8den3utFz8RfBTQsG8Taa4OOFuI + 89f96j+zMT/z6l9zD67R/nX3o777Baf88/1NVbW0t5EcumSGI6noK5P/AIWN + 4L/6GjTP/AiP/wCKqvb/ABF8FKrY8TaauWPW4j/+Ko/szE/8+pfcw+u0f519 + 6O0a0txdrHs+UqTjJ65pbu0t4rd3RMMMYOT61xR+Ivgr7Srf8JNpudp5+0R4 + +n3qLn4i+CmgYN4m01xxwtxHnr/vUf2Zif8An1L7mH12j/OvvR3osLT/AJ5/ + qar21pbyCTemdrsByegrkR8RvBf/AENGmf8AgRH/APFVBb/EXwUA+PE2mrly + ebiPn3HzdKP7MxP/AD6l9zD67R/nX3o7R7S3F1HGE+VgSRk9qddWdtHbu6Jg + gccmuJb4i+CvtCN/wk2mkgHn7RHgfX5qW4+IvgpoWB8Taaw9BcR5P/j1H9mY + n/n1L7mH12j/ADr70d2tjalQTH29TVe2tLeTzd6Z2yMByegrkV+I3gvaP+Kn + 0z/wIj/+KqGD4i+Ch5mPE2mrlyebiPn3HzdKP7MxP/PqX3MPrtH+dfejtJLS + 3W5hjCfKwbIyewp9zZ20cDuiYIHHJriH+Ivgozxk+JtNJAPIuI8D6/NTp/iL + 4KMLg+JtNYEdBcR5P/j1H9mYn/n1L7mH12j/ADr70dyljalFJTkgdzUFvaW7 + tKGTO1yByelcinxG8FhFH/CT6YOB/wAvEf8A8VUMHxF8FBpMeJtNXLHrcR8+ + 4+aj+zMT/wA+pfcw+u0f5196O0ltLdbiBAnyvuyMnsKkuLO2SB3VMEAkcmuH + k+IvgozxE+JtNJG7BFxHgcd/mp83xF8FmJwfE2mMCDwLiPJ/8eo/szE/8+pf + cw+u0f5196O3isrVo0YpyQD1NQwWlu8kysmQrYHJrkI/iN4LEageJ9MHA4Nx + Hn/0KoofiL4KDykeJtNXLck3EfP0+aj+zMT/AM+pfcw+u0f5196O1ltLdZ4U + VMBic8nsKkmsrZIZGVMEKSOT6Vw0vxF8FGWInxNppIJwRcR4HHf5qkl+I3gs + xOD4n0wgg8C4jyf/AB6j+zMT/wA+pfcw+u0f5196O1hsrZ4Y2ZMkqCeT6VFD + aW7TTKyZCEY5PpXHxfEbwWIkA8T6YAAODcR5H/j1RxfEXwUJZSPE2mgkjJNx + Hg8dvmo/szE/8+pfcw+u0f5196O0ntLdJYVVMBiQeT6U+6trG3tpbiQCNIkZ + izNgKFGSSTxgV5jrPxf8A6WqzTa9bXJQnC22Zjn/AIACPzIFfMHxN+OmreM7 + aTQtGRrDSZOJCcCacejYyFX/AGQTnuccV7uS8HY7GVFHkcY9W1b7r7/L8DzM + x4hw2Hg3zKUuiWv/AAxwHxM8Ux+MPGN7q1tn7Ku2GDPeOMY3f8COWx2zXLaH + pNxr2tWOiWgzNfTxwrjsZGC5/DOTWVX1L+zb4BvtR1WXxvIESLT8x23mKSHl + cFWcD0UZGfU+or93zTG0cqy5yWigrR83ayX+fzZ+X4LD1Mdi0nvJ3fp1Pr66 + 0LS7H+z7W2h2x71jIyeVAxjrWncaFpSW8rrAAyqxHzN1A+tUNQj1YTWfnSxM + xlGzCnhsd/artxFrYt5S88JXa2cKc4xX8pN31Z+4pEOm6Lpk9hBNLAGd1BJy + 3J/OobbR9Ok1O8t3hBjiEe0ZPG4ZPepdNj1g2EBgmiWPaNoKknHvUNtHqx1O + 8CTRCUCPeSpweOMUgF1LR9Oga0EUIXzJ0RuTypzkda0JdB0lYnZbcAhSR8ze + n1rO1KPVg1p580TZnXbhSMNzgn2rQli1zyn3TwkbTn5T6UAVNK0bTbjT4Jpo + QzuuScn1+tRwaRpz6rc27QgxxohUZPBPXvT9Lj1g6fAbeaJY9vyhlJOM1HBH + q39q3ISWIShE3EqcEdsUALqmj6dbi18mEL5k8aNyeVOcjrWk+gaSEYi3HAP8 + Tf41mapHqwFr58sTZnjC7VIw3OCfatJ4td2nM8OMH+E0AUNI0fTbnToZ54Qz + uDk5I7n0NNi0fTm1aa2MI8tY1YDJ6k/Wl0iPV206E200Sx4OAyknqabFHq39 + rTBZovN8tcnacYzxxQAuq6Pp1vFC0MIUtMink9CeR1rU/sDSP+fcf99N/jWV + qserCKH7RNEw85MbVI+bPB+lanla7/z3h/74NAGZo2kaddabFPPCHdt2Tkjo + xHY0LpGnHWHtTCPKEIYDJ67sZ60mjR6s2nRG2liWP5sBlJP3jn9aFj1b+2HU + TRed5Iydp27d3THrQAur6Rp1tbJJBCFYyIucnoTz1Nan9gaR/wA+4/76b/Gs + rVo9WFshuJomXzEwFUg5zxWp5Wu/894f++DQBmaPo+nXNiss8IZyzDOT2Ygd + DR/Y+nf219l8keV9n37cn72/GevpSaRHqzWSm2miVNzcMpJzk5o8vVv7Z2+d + F532fOdp27d/THrmgBdY0fTrayMsEIVtyDOT0JAPU1qf2BpH/PuP++m/xrK1 + ePVlsibmaJk3JwqkHORitTytd/57w/8AfBoAzNI0fTrm1aSaEMwkcZyegPHQ + 0No+nDWUtRCPKMJfGT97djPWk0mPVjak280SrvfhlJOc80NHq39sIpmi87yT + g7Tt27umPXNAC6zo+nWunSzwQhHUrg5J6sB3Nan9gaR/z7j/AL6b/GsrWY9W + XTpTcyxNHlchVIP3hj9a1PK13/nvD/3waAMzStH064hlaaEMVldRyegPA4NE + mj6curw2whHltEzEZPUH60mlR6sYZfs80SjzXzuUn5s8/hRJHq39rQq0sXm+ + U2DtOMZ54oAfrGj6bbabNPBCFdQMHJPUgdzWiugaQVB+zj/vpv8AGszV49XX + TpjczRNHgZCqQeorRWLXdo/fw/8AfBoAztL0fTrhbkzQhvLnkReTwo6DrRNo + +nJqttbrCBG6OWGTyR070mlx6sVufImiXE77tyk5buR7UTR6t/atsGmiMpR9 + pCnAHfIoAl1XRtNt9PnmhhCui5ByfX61di0HSWjRjbjJAP3m/wAao6rHrA0+ + c3E0TR45CqQetXIotc8tNs8OMDHymgChpuj6dO12JYQ3lzui8nhRjA60XOj6 + cmp2dukIEcokLDJ52jjvSabHqxa78iaJcTvvypOW4yR7UXMerDU7MPNEZSJN + hCnA45zQBPqei6ZBYTzRQBXRSQctwfzqzBoWlPBG7QAllBPzN1I+tVdTj1gW + E5nmiaPadwCkHHtViCLW/Ij2TwhdoxlT0xQBS07SNOnmvFlhDCKYqvJ4GOnW + i70jTo9SsYEhASbzNwyedq5Hek06PVjNeeTLEpEp35UnLY7e1F3Hqw1GxEk0 + RkPmbCFOB8vOfwoAs6joumQWM80UAV0RiDluCB9aktND0qS1hkeAFmRSTubq + R9ah1CLWRYzmaaJk2NuAUgkY7VLaxa2bWExzwhdi4BU5xjigCpYaPp01zexy + QgrFIFUZPAx9aL3R9OivrKKOEBJWcMMnnC5HeksY9WNzeCKaIMJBvJU4Jx2o + vI9WF7ZCWaIuWfYQpwDjnNAFu+0TS4rK4ljgAZI3YHLcEAkd6LLQ9LlsreWS + AFnjQk7m5JAz3pL6LWhZXBlmiKCN9wCnJGDnFFlFrRs4DFNEEMa7QVOQMDGa + AK1lpGnS3t9FJCCkTIFGTwCMnvRf6Rp0N1ZRxwgLLIQwyeRj60llHqxvb0RS + xBwy7yVOCccYovo9WF1ZCWWIsZDsIU4Bx3oAu3eh6VHazSJAAyoxB3N1A+tR + 6fomlzWME0sAZ3RSTluSR9afdRa2LWYyTwldjZAU5xjmo9Pi1k2MBhmiVCi7 + QVJIGOM0AQWmj6dJqN9A8IKQ+XtGTxuXJ70aho+nQzWaxQhRLKFbk8jHTrSW + kerHUb4RzRCQeXvJU4Py8Y/CjUI9WE1n500RJlGzCkYbHf2oAv3GhaUlvI6w + AFVYj5m6gfWq+maLpk9hBNLAGd1BJy3J/Op7iLWxBIXnhK7TnCnpiq+mx6wb + CAwTRLHtG0FSTj3oAittI06TVLy3eEGOIR7Rk8bhz3o1PSNOgazEUIXzJ0Ru + TypzkdaS2j1Y6neBJohKBHvJU4PHGKNSj1YNaefNE2Z02YUjDc4J9qANKXQd + JWJ2FuMgE/eb/GqWlaNptxp8E00IZ3XJOT6/WrcsWueW+6eHGDn5TVPSo9YO + nwG3miWPHAZST1oAZBo+nPqtzbtCDHGiFRk8E9e9GqaRp1utsYYQvmTxo3J5 + U5yOtJBHq39q3IWaIShE3EqcEdsCjVI9WC23nzRNmdNu1SMNzgn2oA020DSA + pItx0/vN/jWfo+j6bc6bDPPCGdgcnJHQkdjV9otd2nM8PT+6aztIj1dtOhNt + NEseDgMpJ6mgAi0jTm1ea2MI8tYlYDJ6k/WjVdH063hiaGEKWlRTyehPI60k + cerf2tMqyxed5S5O04xnjijVY9WEMX2iaJh5qY2qR82ePwoA1f7A0j/n3H/f + Tf41l6No+nXWnRTzwhnbdk5I6MR2Nafla7/z3h/74NZejx6s2nRG2miWP5sB + lJP3jn9aAFXR9OOsPbGEeUIQwGT97djPWjVtH062tlkhhCsZEXOT0J56mkWP + Vv7YdRNF53kjJ2nbt3dMeuaNWj1YWym4miZfMTAVSDnPFAGr/YGkf8+4/wC+ + m/xrL0fSNOubISzwhnLMM5I4BwOhrT8rXf8AnvD/AN8GsvSI9WayBtpYlTc3 + DKSc55oAX+x9O/tr7L5I8r7Pv25P3t+M9fSjWNH062sWlghCuGUZye7AHqaT + y9W/tnb50XnfZ852nbt39MeuaNXj1ZbJjczRMm5eFUg5yMUAav8AYGkf8+4/ + 76b/ABrL0nR9OubZpJoQzCR1zk9AeOhrT8rXf+e8P/fBrL0mPVjbMbeaJV8x + +GUk5zzQAraRpw1hLUQjyjCWIyeu7GetGs6Pp1rp0s8EIV124OSerAdzSNHq + 39sIpli87yTg7Tt27umPWjWI9WXTpTczRNH8uQqkH7wx+tAGr/YGkf8APuP+ + +m/xrL0rSNOuIZmmhDFZnUcnoDwOtafla7/z3h/74NZelR6sYZvs8sSjzXzu + Un5s8/hQAsuj6curQ2whHltGzEZPUH607V9H02206aeCEK6AYOSe49TTJY9W + /taENNF5vltg7TjGeeKdq8errp0xuZomjwMhVIPUUAaK6BpBUE246f3m/wAa + zdL0fTrhbkzQhvLnkReTwoxgda0Vi13aMTw9P7hrN0yPVitz5E0S4nk3blJy + 3cj2oAWfR9OTVba3WECORHLDJ5I6d6k1XRtNt9PnmhhCui5ByfX61FPHq39q + 2waaIylH2kKcAd8ipNVj1gafObiaJo8chVIPWgC7FoOktEjNbgkqCfmb0+tZ + +maRp07XglhDeXO6LyeFGMDrV+KLXPKTbPDjAx8p9Kz9Nj1Ytd+RNEuJ335U + nLcZI9qAFudI06PVLO3SECOUSbhk87Rx3qbUtF0yCwnmigCuikg5bg/nUFzH + qw1OzDzRGUiTYQpwOOc1NqUesCwnM80TR7TuAUg49qALNvoWlPbxu0AJZVJ+ + ZupH1qjp+j6dNNeLLCGEUpVeTwMdOtXbeLWzBGUnhC7RjKnpiqOnx6sZrzyZ + olIlO/KnlsdvagBbvR9Oj1GxgSEBJjJuGTztXI71Y1DRNLhsZ5ooArojEHLc + ED61Wu49WGo2IkmiMhMmwhTgfLzn8KsahFrIsZzNNEyBG3AKQSMc4oAltND0 + qS0hkeAFmRSTubqR9ap2GkadNdXsckIKxSAKMngY+tW7SLWjawmOeEJsXAKn + OMcVTsY9WN1eiKaIMJBvJU4Jx2oAW90fTor2yijhAWVmDDJ5AGR3q1e6HpcV + lcSxwAMkbkHc3BAOO9VL2PVhe2QlmiLlm2EKcA45zVq9i1oWc5lmiKCNtwCn + JGOcUALY6JpctlbyyQAs8aMTluSQCe9VbLR9Olvr2KSEFImQKMnjK5PerNjF + rRsrcxTRBDGm0FTkDAxmqtnHqxvb0RTRBwybyVOCccYoAW/0jTobmyjjhCrL + IVYZPIx9auXeh6VHazSJAAyoxB3N1A+tUr+PVhc2QmmiLGQ7CFIAOO9XLqLW + xazGSeErsbICnOMc0AM07RdMnsYJpYAzuiknLckj61XtNI06TUr6B4QUh8ra + MnjcuT3qbT4tZNjAYZolQou0FSSBjvUFpHqx1G+EcsQkHl7yVOD8vGPwoAXU + dH06CWzWKEKJZgrcnkYPHWr8+haUkEjrAAVUkfM3UD61n6hHqwls/OliYmYb + MKRhsd/ar08Wt+RJvnhK7TnCnpigCDTNF0yewgmlgDO6gk5bk/nUNto+nPql + 5bvCDHEsZUZPG4c96l0yPWDYQGCaJY9o2gqSce9Q28erHVLsJNEJQI95KnB4 + 4xQAup6Pp0BtPKhC+ZOiNyeVOcjrWjLoOkrG7C3GQCfvN/jWbqcerA2nnyxN + mdAmFIw3OCfatCWLXPLfdPDjBz8poAqaTo2m3OnQTzQhncZJyfX2NRw6Ppz6 + rc27QgxoiEDJ4J696dpUernT4DbzRLHjgMpJ60yGPVv7VuAssQlCJuO04I7Y + FAC6po+nW62xhhC+ZPGjcnlT1HWtNtA0gKT9nH/fTf41l6pHqwW28+aJszpt + 2qRhuxPtWk0Wu7T+/h/74NAFDR9H02502GeeEM7A5OSOhI7Gmx6PpzavNbGE + eWsSsBk9SfrRpEertp0JtpoljwcBlJPU0kcerf2vKqzRed5S5O04xnjigBdW + 0jTraGJ4YQpaVFPJ6E89TWp/YGkf8+4/76b/ABrK1WPVlhi+0SxMvmpjapHz + Z4/CtTytd/57w/8AfBoAzNG0fTrrT4554QzsWyckdGI7GhdH046w1r5I8oQB + 8ZP3t2M9aTR49WbT4zbTRLHlsBlJP3jn9aFj1b+2GUTRed5Iydp27d3THrmg + BdX0fTra1WSGEKxkQZyehPPU1qf2BpH/AD7j/vpv8aytWj1YWoNxNEy704VS + DnPFanla7/z3h/74NAGZo+kadc2QlnhDNucZyegPHQ0f2Rp39tC18keV9n37 + cn72/GevpSaRHqzWQNtLEqbm4ZSTnPNHl6t/bIXzYvO+z5ztO3bu6Y9c0ALr + Gkada2LTQQhXDKM5PcgHqa1P7A0j/n3H/fTf41laxHqy2LG5liaPcuQqkHOR + itTytd/57w/98GgDM0nR9OubZ3mhDMJHXqegPHQ1YhsbWz12NLaPYPJZupPO + cd/aq2kx6sbZzbzRKvmPncpJznmrEC3q67GLt0dvJb7oI4z/AI0AdLRRRQAU + UUUAFFFFABRRRQB//9T9z5dVhbVYLgRS7UjcY2Hdz6Cnatq0Fxp00KxSqWA5 + ZCB1HU1pT/8AIctf+uT0/Xf+QTcfQfzFAEEet24RR5M/AH/LM1n6ZqsMH2vd + FK3mXEjjahOAccH39q6qL/VJ9BWRo3/L9/19S/0oAzLjVYX1S1nEUoEauCCh + ycjsKk1PV4J7CeFYpVLLjLIQPxNX7r/kN2P+5L/Kp9a/5BVz/uUAVIdat1hj + UwzHCgcRn0qhp2qwwyXZaKU+ZMzDCE4BxwfQ109v/wAe8X+6v8qzNI/1t/8A + 9fDfyFAGXdarC+pWU4ilAi83IKEE7lxwO9Tajq8E1jPEsUwLoRlkIH4mr17/ + AMhjTfpN/wCgirGr/wDIMuf+ubUAZ9trVvHbRIYZiVRRxGccCqdhqsMNxeO0 + UpEkm4YQkjjv6V0ln/x5wf8AXNf5VnaV/wAfWof9dv6UAZl5qsMl/ZSiKUCI + vkFCCcrjgd6s32sQS2VxEsMwLxsMlCByO5q3f/8AIU03/ek/9Bq3qf8AyDrr + /rk/8jQBlWeswR2kEZhmJVFGRGSOB2qrZarDFd3shilIldSAEJIwO/pXRaf/ + AMeFt/1yT/0EVR03/j/1H/rov/oNAGXfarDLd2UixSgROxIKEE5Hb1q1eazB + JaTxiGYFkYZMZA5HerOpf8f+nf8AXRv/AEGr+of8eFz/ANcn/wDQTQBi2GsQ + RWUETQzEoijIQkcDsar2eqwx399MYpSJSmAEJIwuOR2rf0v/AJBtr/1yT+VU + 9P8A+QpqX+9F/wCg0AZl/qsMs9m6xSgRy7jlCCeO3rV251q3e3lQQzAsjDmM + 45FT6p/x9af/ANdv6Vo3n/HpP/uN/KgDA07V4IbGCJopiUQDIQkfgahtdVhT + Ur2cxSkSiPACEkbVxyO1bmkf8gy2/wCua1Wsv+QzqP0h/wDQaAMzUdVhme0K + xSjy5lY5QjIGenqavza1btC6iGblSOYz6VJq/wDrbD/r4T+talx/x7y/7rfy + oA5zS9Xgg0+CFopWKrjKoSPwNRwarCmqXU5ilIkVAAEORgdxWzov/IKtv93+ + tRWv/Iavf9yL+VAGXqeqwz/ZdsUq+XcRudyEZAzwPetF9btyjDyZ+Qf+WZp+ + s/8ALj/19Rf1rWk/1bfQ0AcvpOrQW+nQwtFKxUHlUJHU9DTYtVhXVZ7gxS7X + jQY2Hdx6itfQv+QTb/Q/zNMg/wCQ5df9ckoAy9U1WGeOALFKuyZG+ZCOB6e9 + af8Ablv/AM8J/wDv2aNb/wBTbf8AXxH/ADraPSgDktH1WG202GF4pWK7uVQk + csT1oTVYRq8lx5Uu0whcbDuyDnp6VqeHv+QPb/8AAv8A0I0R/wDIfl/64L/6 + FQBl6rqsNxboixSqRIjfMhA4Naf9uW//ADwn/wC/Zpdc/wCPWL/rtH/OtmgD + ktH1WG2sEieKViCxyqEjlietA1WH+2Dc+VLtMATGw7s7s5x6Vp+H/wDkGR/7 + z/8AoRpR/wAjA3/XsP8A0OgDL1fVYbiz8tIpVO9DlkIHBrT/ALct/wDnhP8A + 9+zRr/8AyD/+2if+hVtUAclpOqw29oY2ilY73OVQkcmg6rD/AGwtz5Uu0QFc + bDuzuznHpWpoP/Hif+ukn/oVDf8AIwL/ANex/wDQ6AMvWNVhubCSFIpVJK8s + hA4YHrWn/blv/wA8J/8Av2aXxB/yCpfqn/oQrZoA5LStVht4JEaKViZXb5UJ + HJ/nRJqsJ1eK48qXasTLjYd3J9PStTQ/+PWX/rtJ/Okl/wCQ9B/1wb+dAGZr + Gqw3OmzQpFKpbbyyEDhgetaQ1y3wP3M//fs07xB/yCLj/gP/AKEK2B0FAHJ6 + XqsMCXAaKVt8zt8qE8H196JtVhbVbe4EUu1EcYKHdz6CtPRP9Vdf9fEn9KW4 + /wCQ5a/9cpKAM7VdWguNPmhWKVSwHLIQOo6mrset24RR5M/AH/LM1Prv/IJu + f90fzFacX+qT6CgDldM1WGA3e6KVvMndxtQnAOOD70XGqwvqlpOIpQI1kBBQ + 5OR2Faejdb//AK+pP6UXf/Iasf8Adl/lQBQ1PV4J7CeFYplLLjLIQPxNWoNa + t0hjUwzHCgcRn0q5rX/IKuf9yrtt/wAe0X+4v8qAOY07VYYZLxmilPmTMwwh + OAQOvoaLrVYZNSsZhFKBF5uQUIJ3KBwO/vWppP8Arr//AK+G/kKL3/kMab/2 + 2/8AQRQBS1HWIJrGeJYpgXQjJQgfiafDq1o1mlvNbyyKYwrAx5VhjBHuDWnq + 3/IMuv8Arm38qns/+POD/rmv8qEwPz++KPwau9OvrvXfBdpJPphdme2VCZLc + Hn5R1KD06geo5r51Ixwa/XrS/wDj71D/AK7f0rzLx38IvAvi/UrWS+sfst1d + GTzLi1IikYgZy3BVj7spNfr3DfidKlBUcfFyS2kt/muvrv6nwWccGKcnUwrt + 5Pb5dvT8j80qK+ytZ/ZStoY5rrS/ETrHGrMEmtwxwBnG9XX/ANBrLt/2UdTn + gjnHiKEeYobH2duMjP8Afr7+HiDlElf21vlL/I+Vlwrj07ez/Ff5nyTRX1hb + /sr6lcT3EA8QxKbdgpP2ducjP9+i4/ZX1K3nt4T4hibz2Kg/Z24wM/36v/X7 + KP8An/8AhL/IX+q2P/59/iv8z5Por62n/ZR1OCCSY+IoT5alsfZ25wM/36S2 + /ZT1K5t47geIoVEihsfZ24yP9+j/AF+yj/n/APhL/IP9Vsf/AM+/xX+Z8lUV + 9YQfsr6lPdXFsPEMQNuVBP2dudwz/fouv2V9StpIIz4hibz32A/Z249/v0f6 + /ZR/z/8Awl/kH+q2P/59/iv8z5Por64l/ZQ1OKJ5f+EjhOwE4+zt2H+/UVp+ + ypqV1bR3I8RQqJFBx9nbjP8AwOj/AF+yj/n/APhL/IP9Vsf/AM+/xX+Z8mUV + 9YQ/sr6lLd3FoPEMQMGzJ+ztzvGf79F3+yvqVq0CnxDE3nyCP/j3bjPf79H+ + v2Uf8/8A8Jf5B/qtj/8An3+K/wAz5Por65k/ZO1NEZ/+EjhO0E/8ezdv+B1B + Z/sq6leWsdyPEUSiQZx9nY4/8fo/1+yj/n/+Ev8AIP8AVbH/APPv8V/mfJtF + fWEf7K+pSXk1mPEMQMIU5+ztzu/4HRefsr6laCEnxDE3nSrH/wAe7DG7v9+j + /X7KP+f/AOEv8g/1Wx//AD7/ABX+Z8n0V9dN+ybqaqT/AMJHDx/07N/8XVax + /ZW1K9tY7pfEMSCQE4+zscYOP79H+v2Uf8//AMJf5B/qtj/+ff4r/M+TqK+s + E/ZX1J72Sy/4SGIGNQ277O3Of+B0Xv7K+pWaRufEMTeY6p/x7sMbu/36P9fs + o/5//hL/ACD/AFWx/wDz7/Ff5nyfRX15/wAMman/ANDHD/4DN/8AF1TsP2V9 + Sv7SO7XxDEgfPBt2PQkf3/aj/X7KP+f/AOEv8g/1Wx//AD7/ABX+Z8n0V9YL + +yvqTXzWP/CQxZVA+77O3c4xjfRe/sr6lZRLK3iGJ9zKuPs7D7xx/fo/1+yj + /n/+Ev8AIP8AVbH/APPv8V/mfJ9FfXn/AAyZqf8A0McP/gM3/wAXVOx/ZX1K + +thcL4hiQEkY+zsehx/fo/1+yj/n/wDhL/IP9Vsf/wA+/wAV/mfJ9FfWH/DK + +pfb/sH/AAkMWfK8zd9nb1xjG+q+ofsw3WnskcniSFpZAWVPs7AlQVUn7/bc + KP8AX7KP+f8A+Ev8g/1Wx/8Az7/Ff5nyvRX15/wyZqf/AEMcP/gM3/xdU7H9 + lfUr2EzL4hiQBmXH2dj904/v0f6/ZR/z/wDwl/kH+q2P/wCff4r/ADPk+ivr + A/sr6kL8WP8AwkMWTH5m77O3rjH36L/9lfUrG1a5bxDE4UgYFuw6nH9+j/X7 + KP8An/8AhL/IP9Vsf/z7/Ff5nyfRX15/wyZqf/Qxw/8AgM3/AMXVOy/ZX1K8 + jeRfEMS7HZP+Pdj93v8Afo/1+yj/AJ//AIS/yD/VbH/8+/xX+Z8n0V9YN+yv + qS3yWX/CQxZdC+77O3Y4x9+i/wD2V9SsbSS6bxDE4jxx9nYZycf36P8AX7KP + +f8A+Ev8g/1Wx/8Az7/Ff5nyfRX12P2TdTIB/wCEjh5/6dm/+LqpZ/sr6leL + Kw8QxL5UjR/8e7HO3v8Afo/1+yj/AJ//AIS/yD/VbH/8+/xX+Z8n0V9YSfsr + 6lHexWX/AAkMRMqs2fs7cbf+B069/ZV1KztZLo+IomEYzj7Owz/4/R/r9lH/ + AD//AAl/kH+q2P8A+ff4r/M+TaK+uk/ZO1NlDf8ACRw8gH/j2b/4uqtp+yvq + V2ZwPEMS+TK0f/Huxzt7/fo/1+yj/n/+Ev8AIP8AVbH/APPv8V/mfJ9FfWEv + 7K+pRXkFofEMRM4Y5+ztxtH+/T7z9lTUrS2kuT4iiYRjOPs7DP8A4/R/r9lH + /P8A/CX+Qf6rY/8A59/iv8z5Mor64i/ZP1OSNJP+EjhG4A4+zN3/AOB1Xtf2 + V9SunnQeIYl8hyh/0ducd/v0f6/ZR/z/APwl/kH+q2P/AOff4r/M+T6K+sJv + 2V9Shu7a1PiGIm434P2duNgz/fqS6/ZT1K1tpLg+IoWEalsfZ25x/wADo/1+ + yj/n/wDhL/IP9Vsf/wA+/wAV/mfJdFfW8P7KGpzQpMPEcI3qGx9nbuM/36gt + v2V9SuZbiIeIYl8htpP2dueM/wB+j/X7KP8An/8AhL/IP9Vsf/z7/Ff5nyfR + X1hcfsr6lBc29ufEMRNwWAP2duNoz/fqW5/ZS1K3t5bg+IoWEalsfZ25wM/3 + 6P8AX7KP+f8A+Ev8g/1Wx/8Az7/Ff5nyVRX1tb/so6lcW8c48RQqJFVsfZ24 + yM/36ht/2V9SuLi4gHiGJTbkAn7O3ORn+/R/r9lH/P8A/CX+Qf6rY/8A59/i + v8z5Por69X9lY211bR3/AIj3pO+0iK2wRgZ6tIf5V7JoPwE+HfhO3lvBaNql + 3GjFZbxhIFIHURgKn0JUketefjvEvLKUb0pOb7JNfi7fqdWG4Oxs376UV5v/ + ACufJPwy+EGp+L7qDU9chns9DBDF1Q+ZOP7sQI6Hu/Qdsmvu/QpNL0QzWOm2 + b29nEsSRRRxn5FRcYI/x69a6vSgBplqBwBEn8qq2H/IW1L6xf+g1+K8S8U4j + M6ilV0itorZf5vz/ACP0XJ8kpYOFoat7v+uhl6hqsM01myxSjy5QxyhGeO3q + au3GtW728qCGYFlYcxnHIqbVf+PjT/8AruP5VpXf/HrN/uN/KvmT2TA03V4I + LCCJopmKqBlUJH4GobbVYU1O8nMUpEgjwAhyNo7jtW3o/wDyC7b/AHBUFn/y + GdQ+kP8A6CaAMvUtVhma0KxSjy51Y7kIyBngepq/Lrdu0TqIZuQR/qzUusff + sP8Ar5T+tak/+ok/3T/KgDm9L1eCDT4IWilYquMqhI69jUcGqwrqtzOYpSro + gACHIx6itnRP+QVbf7v9ahtv+Q3ef9c46AMzU9VhnFsFilXZOjnchGQM8D3r + RfW7cqR5M/I/55mna192y/6+ov61sP8Acb6GgDldI1aG306GF4pWKg8qhI6n + oaSLVYV1aa4MUu1o1XGw7uD6VraD/wAgi3+h/wDQjTYf+Q7cf9cU/nQBl6pq + sM8UKrFKu2ZG+ZCOAf51p/25b/8APCf/AL9ml1v/AFFv/wBd4/51s0Aclo2q + w22nRQvFKxXdyqEjlietC6rCNYe58qXaYQuNh3Z3Z6elafh7/kEQf8D/APQj + Qn/IwSf9e4/9CoAzNW1WG4tlRYpVIkQ/MhA4Naf9uW//ADwn/wC/Zo13/jzT + /rrH/OtqgDktI1WG3sliaKViGY5VCRySetH9qw/2z9p8qXb9n2Y2HdnfnOPS + tTQP+Qav++//AKEaP+Zh/wC3X/2egDL1fVYbiyMSxSqdynLIQOCD1rT/ALct + /wDnhP8A9+zS6/8A8g4/76f+hCtmgDktJ1WG3tTG0UrEu5+VCRyaG1WE6wlz + 5Uu0QlcbDuzuz09K1NC/48m/66yf+hUj/wDIwR/9e5/9CoAzNY1WG506WFIp + VLFeWQgcMD1rT/ty3/54T/8Afs0eIf8AkEzfVP8A0IVtUAclpWqw28MqtFK2 + 6V2+VCep/nRJqsJ1aG48qXasTLjYd3J9K1NE/wCPef8A67yfzol/5Dtv/wBc + X/nQBmavq0Nxp00KRSqWA5ZCB1B61orrlvgfuZ/+/Zp+v/8AIIuPov8A6EK1 + 1+6PpQByel6rDAtyGilbfO7DahOAex96JtVhbVba4EUoVEcEFDuOfQVqaL9y + 7/6+Zf6Ulz/yHLP/AK5yUAZ+q6tBPp88KxSqWGMshA69zV2LW7dY0UwzcAf8 + szVjW/8AkFXP+7/WtGH/AFMf+6P5UActpuqwwtdlopT5k7uNqE4BxwfQ0XGq + wvqdnOIpQIxJkFDk5HYd61NH+9f/APXzJ/Si7/5DNh/uy/yFAFDUtXgnsJ4l + imUspGWQgfiaswa1bpBGphmOFA4jPpV3Wf8AkF3P+4at2v8Ax7Rf7i/yoA5n + T9VhhlvGaKU+ZKWGEJxx39DRd6rDJqNjMIpQIvMyChBO5ccDvWnpP+v1D/ru + f5Ci+/5C+mf9tv8A0GgCnqGsQTWM8SwzAujDJQgdO5qW11m3jtYYzDMSqKMi + MkcCtHVv+QZdf9c2/lU1j/x5W/8A1zT+QoA5yx1WGK5vHaKUiSQEAISRx39K + LzVYZL2ylEUoETOSChBOVxx61qaZ/wAfmo/9dR/KjUP+Qlpv+/J/6DQBUvtZ + glsriIQzAvG4yYyByD1pbLWYIrOCMwzEpGoyIyRwO1a2pf8AIOuv+uT/APoJ + pdO/5B9r/wBck/8AQRQBz1lqsMV7eymKUiVlIAQkjA7jtRfarDLdWUixSgRS + EkFCCeO3rWnp3/IS1L/fT/0GjU/+P3Tv+up/lQBBdazbyWs0YhmBZGGTGQOR + UWn6xBDYwRNDMSiKMhCRwOxrcvv+PK4/65v/ACNRaV/yDbX/AK5r/KgDBtNV + hj1G+mMUpEvl4AQkjauOR2o1DVYZprNlilHlyhjlCM8dvU1qWP8AyFtS+sP/ + AKDRqv8Ax8af/wBdx/I0AQXGtW7wSIIZhuUjmM45FV9N1eCCwgiaKZiqgZVC + R+Brobr/AI9Zv9xv5VU0b/kF23+4KAMS21WFNTvJzFKRII8AIcjA7jtRqWqw + ztaFYpR5c6OdyEZAzwPU1p2f/Ia1D/di/wDQaNY+/Yf9fMf9aAGS63btG6iG + bkH/AJZmqWl6tBb6fBC0UrFVxlUJHXsa6ab/AFMn+6f5VnaJ/wAgq2/3f60A + Y8OqwrqlzOYpSHRAAEORj1FGqarDOtsFilXZOjnchGQM8D3rUtv+Q3ef9c46 + TWvuWf8A18xf1oARtbtypHkz9P8AnmaztI1aG306GF4pWKg8qhI6k9a6p/uN + 9DWToH/IIt/o3/oRoAyo9VhXVprjypdrRKuNh3cHuKNV1WG4hiVYpV2yo3zI + R0P8604f+Q9cf9cU/nS63/x7wf8AXeP+dACf25b/APPCf/v2azNH1WG206KF + 4pWK7uVQkcsT1rraxvD/APyCYPq//oRoAy11WEaw9z5Uu0whcbDuzuznHpRq + 2qw3FsqLFKpEiHLIQODWon/Ifk/69x/6FRrv/Hmn/XWP+dACf25b/wDPCf8A + 79mszSNVhtrIRPFKx3McqhI5J711tYugf8g1f99//QjQBmf2rD/bP2nypdv2 + fZjYd2d+c49PejV9VhuLJolilUllOWQgcMDWp/zMP/br/wCz0a//AMg1v99P + /QhQAn9uW/8Azwn/AO/ZrM0nVYbe2ZGilYmRzlUJHJrraxtC/wCPN/8ArrJ/ + OgDLbVYTrCXPlS7RCVxsO7O7PT0o1jVYbnTpYUilUtt5ZCBwwPWtN/8AkYI/ + +vc/+hUviD/kEz/VP/QhQAn9uW//ADwn/wC/ZrM0rVYbeKZWilbdK7fKhPU/ + zrraxdD/ANRcf9d5P50AZkuqwtq0NwIpdqxsuNh3cn0pdX1aC406aFYpVLAc + shA6jqa05v8AkO2//XF/507Xv+QRcfQf+hCgCNdctwoHkz9P+eZrN0zVYYFu + Q0Urb53cbUJwD2PvXVp9xfoKyNF+7ef9fMv9KAMubVYW1S2nEUoCI4IKHJz6 + Cn6pq0Fxp88KxSqWXGWQgde5rRuf+Q3Z/wDXOSpNb/5BVz/u/wBaAK0Wt26x + Iphm4AH+rNUNN1WGBrstFKfMndxtQnAOOD6Guog/1Ef+6P5VlaP9+/8A+vmT + +lAGZc6rC+p2c4ilAjEmQUOTkdh3qbUtXgmsJ4limUupGWQgfiau3n/Ia0// + AHZf/Qasax/yC7n/AHDQBRt9at0gjQwzHaoHEZxwKpafqsMM14zRSnzJSwwh + OOO/oa6a1/49Yf8AcX+VZulf8fGof9dz/IUAZd3qsMmo2MwilAiMmQUIJyuO + B3qfUNYgmsZ4lhmBdGGShA5Hc1cv/wDkLab9Zf8A0Greq/8AINuv+ubfyoAz + LTWbeO1hjMMxKoo4jJHAqpY6rDFdXrtFKRLICMISRx39K6Ow/wCPG3/65p/I + Vn6Z/wAfuo/9dR/KgDMvdVhkvbKURSgRMxIKEE5GOB3q1e6zBLZzxiGYF42G + TGQOR3q1qP8AyEdO/wB9/wD0Gruo/wDIPuv+uT/+gmgDHsdZgisreIwzEpGg + yIyRwB0qtZ6rDHe3spilIlZCAEJIwMcjtXQab/yDrX/rkn/oIqnp/wDyEtS/ + 34//AEGgDLv9VhlubN1ilAikJOUIJ47etXLrWbeS1mjEMwLIwyYyByKn1T/j + 807/AK6n+VaF9/x5XH/XN/5GgDD0/WIIbGCJoZiURRkISOB2NQWmqwx6jfTG + KUiXy8AISRtXHI7Vu6T/AMgy1/65r/Kqtj/yF9T/AO2P/oNAGZqGqwzS2bLF + KPLmDHKEZGD09TV6fWrd4JFEMwypHMZ9Km1b/X6f/wBd1/ka0rr/AI9pf9xv + 5UAc9purwQWEETRTMVUDKoSPwNRW+qwpqd3OYpSJBGAAhyMDuO1bejf8gu2/ + 3BVe0/5DV/8A7sX8qAMzUtVhnNoVilHlzo53IRkDPA960Jdbt2jdRDPyCP8A + Vmn6z96w/wCvqP8ArWtN/qZP90/yoA5nStWgt9PhhaKVioxlUJHXsaZDqsK6 + rcXBilw6IAAhyMeorY0P/kE23+6f5mo7f/kOXf8A1zjoAy9T1WGdbcLFKuyd + GO5CMgdh71pNrlvg/uZ/+/Zp2tfctP8Ar5i/rWw33T9KAOU0jVobfToYXilY + qDyqEjqT1pI9VhGrS3HlS7WiVcbDu4Pp6Vq6B/yCLf6N/wChGmxf8h6f/riv + 86AMzVdVhuIYlWKVdsqN8yEdD/OtP+3Lf/nhP/37NGuf8e8H/XeP+dbVAHJa + PqsNtp8cLxSsVLcqhI5YnrQuqwjWGufKl2mELjYd2d2c49K1PD//ACCYfq// + AKEaF/5GB/8Ar2H/AKHQBl6tqsNxaiNYpVIdD8yEDg1p/wBuW/8Azwn/AO/Z + pdd/48l/66x/+hVs0AclpGqw29mI3ilY7mOVQkcn1o/tWH+2Rc+VLt8jZjYd + 2d2c49K09A/5Bw/33/8AQjQf+RiH/Xr/AOz0AZmsarDc2LRJFKpLKcshA4IP + WtP+3Lf/AJ4T/wDfs0eIP+Qa/wDvJ/6EK2qAOS0rVYbe2dGilYmRz8qEjk1Y + gvY7vXY3RHQeSy/Ou09c1c0L/j0k/wCusn86H/5D8X/Xu3/oVAGzRRRQAUUU + UAFFFFABRRRQB//V/c+XR9PXVYLYRny3jdiNzdR05zT9W0bTrbTpp4YyroBg + 7mPceppkq6x/asAZofO8t9uA23HfPen6susjTpvtLQGLA3bQ27qOmaAL0ega + UUUmI5IH8bf41naZo+n3H2vzYyfLuJEX5mGFGMDg1oxrr+xdr2+MDHDVnaYu + sf6X9naEf6RJv3Bvv8ZxjtQAXGj6emqWtusZEciuWG5ucDjnNS6nounW9hPN + FEQ6LkHcx/maiuF1j+1LUO0Pm7X2YDbcY5z3qXU11oWE/wBoeAx7fm2hs49s + 0AWodB0t4Y2aI5Kgn529PrVDTtH0+eS8EsZIimZF+ZhgDHoavwrr3kx7Ht9u + 0YyGzjFUNOXWPMvPIaEHzm37g33uM4x2oALrR9Pj1KygSMhJvN3Dc3O1cjnN + T6jommwWM80URDohIO5jz+dQXS6x/aVl5jQ+b+92YDbfu85/DpU+orrf2Gfz + 3gMew7tobOPbNAE1toWlyW0UjxEsyKT87dSPrVKw0fT5ri8SSMkRS7V+ZhgY + +tXbZdd+zReW9vt2LjIbOMcZqlp66x9ovPJaEN5vz7g2N2O2O1ABeaPp8V/Y + wpGQkpcMNzc4XI71Zv8AQ9MhsriWOIhkjYg72PIH1qteLrH2+x81ofMy+zAb + H3ec/hVm/XW/sVx5zweX5bbtobOMc4oAdZ6HpktpBK8RLOikne3Uj61UstH0 + +W7vYpIyVidQo3MMAjPrVuzXXPskHlPb7Ni7chs4xxmqlkusfa73ymhD7135 + DYzjjFABfaPp8N3ZRxxkLK7BhuY5AH1q3eaHpkVpPKkRDIjEHe3UD61Uvl1j + 7XZec0Jfe2zaGxnHerd4uufZJ/Ne32bG3YDZxjnFADbDQ9NmsoJZIiWdFJO9 + hyR9arWej6fLf30LxkpCU2jc3GVye9WbBdb+xQeS8Aj2Lt3Bs4xxmq1musfb + 77ymh8zKb8hsfd4x+FABf6Pp8M9mkcZAll2t8zHIx9au3OhaXHbyusRDKjEf + O3UD61Sv11jz7PzmhLeb8m0NjdjvntV25XXfs8vmPb7djZwGzjHOKAIdO0TT + Z7GCaWIl3QEncw5/OoLXR9Pk1O9t3jJSIR7RubjcuTzmp9OXW/sMHkPAI9g2 + 7g2ce+KgtV1j+073y2h83Ee/Ibb93jH4daADUtH0+CSzEUZAlmVG+ZjkH6mr + 82g6WkMjLEchSR87en1qhqS6wJLPz2hJ85dm0N97tnPar8y695Mm97fbtOcB + s4xQBU0vRdOuNPgmliJd1yTuYfyNRwaPp76pdW7RkxxqhUbm4JHPOak0tdaO + nwfZ3gEe35dwbOPfFRwLrH9qXWxofN2puyG24xxjvQAano+n2/2TyoyPMuI0 + b5mOVbORya0X0DSgjERHIB/jb/Gs7U11j/RftDQn/SI9m0N9/nGc9q0XXX9j + Ze3xg9moAo6To2nXOnQzzRlncHJ3MO59DTItH09tWntjGfLSNWA3N1PXnOaf + pK6ydOh+zNAIsHbuDbup64pkS6x/as4VofO8tN2Q23HbHfNABquj6fbxwNDG + QXmRD8zHg9eprTPh/Ssf6k/99t/jWZqq6wI4PtDQkecm3aG+92zntWmV8Qf3 + 7b8noAzNG0fT7rTYZ54yztuydzDoxHQGhNH086vJbGM+WsIYDc3UnHXOaNGX + WDpsP2VoRF82N4bd945zj3oRdY/teQBofO8kZOG27c/nmgA1XR9PtrdHhjKk + yIp+ZjwTz1Nan/CP6V/zxP8A323+NZerLrAt0+0tCV8xMbQ2c5469q1NviD+ + /bfk9AGXo+j6fdWCTTxlnLMCdzDoxHY0DR9P/tk2vlnyvID43N97djOc56Ua + OusGwT7K0Ijy2N4bOdxz0oC6x/bJG6Hz/IHOG27d355zQAavo+n21n5sMZVt + 6DO5jwTz1Nan/CP6V/zxP/fbf41l6uusCz/0loSm9PuBs5zx1rU2+IP79t+T + 0AZek6Pp9zaGSaMs29x95hwDx0NB0fT/AO2FtfLPlmAvjc33t2M5zmjSV1g2 + h+zNCE3v94NnOeelBXWP7YUbofP8g84bbt3fnnNABrGj6fa6fJNBGVdSuDuY + 9WA7mtT/AIR/Sv8Anif++2/xrL1hdYGnyfamhMeVzsDZ+8MdfetTb4g/v235 + PQBl6Vo+n3MEjzRlisrqPmYcA8dDRJo+njV4rYRny2iZiNzdQfXOaNKXWDBJ + 9naEL5r53Bs7s89O1Ei6x/a8QLQ+d5TYOG27c9++aAF1jR9PtdNmngjKuu3B + 3MerAdCa0h4f0rA/cn/vtv8AGs3WF1gabN9qaAxfLnYG3feGMZ960guv4Hz2 + /wCT0AZml6Pp9wlwZYySkzoPmYcDp0NE2j6euq29ssZ8t0ckbm6jpzmjS11g + pcfZ2hA85924N97vjHaiZdY/tW3DND52x9uA23HfPegB+raNp1tp808MZV0A + IO5j3HqavR6BpRRSYjkgfxt/jVHVl1kafN9paAx4G7aG3dR0zV6Ndf2Lh7fG + B2agDO0zR9PuDd+bGT5dw6L8zDCjGBwaLjR9PTVLS3WMiOVZCw3NztHHOaNM + XWCbv7O0I/0h9+4N9/jOMdqLhdY/tS0DtD5u2TZgNtxjnPf6UAS6nounW9hP + NFEQ6LkHcx/matQaDpbwxu0Ryygn527j61V1NdaFhP8AaHgMe35tobOPbNWo + F17yY9j2+3aMZDZxigChp2j6fPJeLLGSIpmVfmYYAA9DRdaPp8epWMCRkJN5 + u4bm52rkc5o05dY8y88hoQfOO/cG+9gZxjtRdLrH9pWPmND5v73ZgNt+7zn8 + OlAE+o6JpsFjPNFEQ6ISDuY8j8amttC0uS2ikeIlmRSfnbqR9ah1Fdb+wz+e + 8Bj2HdtDZx7Zqa2XXfs0Xlvb7di4yGzjHGaAKVho+nzXF4kkZKxSbV+ZhgY+ + tF5o+nxX9jCkZCTM4Ybm5wuR3osF1j7ReeS0IbzPn3BsZx29qLxdY+32PmtD + 5m59mA2Pu85oAs3+h6ZDZXEscRDJGxB3seQPrTrPQ9Mls4JZIiWeNWJ3t1Iy + e9Nvl1v7Fcec8Bj8tt20NnGOcU6zXXPscHlPb7PLXbkNnGOM0AVLLR9PlvL2 + KSMlYnUKNzDAIz60X2j6fDd2UccZCyuQ3zMcgD60WS6x9svfKaEPvXfkNjOO + MUXy6x9rsvOaEvvOzaGxnHegC3d6FpkVpNKkRDIjEfO3UD60yw0TTZrGCaSI + lnRSTvYckfWn3i659kn817fZsbdgNnGOcUywXW/sMHkvAI9i7dwbOMcZoAr2 + mj6fLqF9A8ZKQmPaNzcblye9GoaPp8M9mkcZAll2t8zHIx9aLRdY/tC+8pof + MzHvyGx93jH4daNQXWPPs/OaEt5vybQ2N2O+e1AF240HS0t5XWIgqrEfO3UD + 61BpuiabPYQTSxEu6Ak7mHP51PcLrv2eXe9vt2tnAbOMVBpq619gg8h4BHsG + 3cGzj3xQBDbaPp8mp3tu8ZKRCPaNzcbhk85o1HR9Pge0EUZAlmVG+ZjkHPqa + LZdY/tK98tofNxHvyG29OMf1o1FdY32nntCT5y7Nob73OM57UAX5tB0tYnZY + jkKSPnb0+tVNL0XTrjT4J5YiXdck7mHf2NW5l17yn3Pb42nOA3TFVNLXWTp8 + H2doBHt+XcGzjPfFAEcGj6e+qXVu0ZMcaoVG5uCevOaNT0fT7cWvlRkeZPGj + fMxypzkcmiBdY/tS6CND521N2Q23HbHejU11jFr9oaE/v49u0N9/nGc9qANJ + 9A0oIxEJ4B/jb/Gs/SNG06506GeaMs7g5O5h3Poa0HXX9jZe3xg9mrP0hdZO + nQ/ZmgEWDt3Bt3U9cUANi0fT21ae2MZ8tI1YDc3UnnnNGq6Pp9tFC0MZUvMi + n5mPB69TREusf2tOFaHzvLXdkNtx2x3zRqq6wIoftLQkecm3aG+9njOe1AGp + /wAI/pX/ADxP/fbf41l6No+n3Wmwzzxlnbdk7mHRiOgNae3xB/ftvyeszRl1 + g6bD9laERfNjeG3feOc496ABNH086xJamM+WsIYDc3XOOuc0ato+n21skkMZ + VjIi/eY8E89TQi6x/bEgDQ+d5IycNt25/PNGrLrAtk+0tCV8xMbQ2c5469qA + NT/hH9K/54n/AL7b/GsvR9H0+6sVmmjLOWYZ3MOjEdjWpt8Qf37b8nrL0ddY + Niv2ZoRHubG8NnO456e9AANH0/8Atk2vlnyvI343N97djOc56V454g1K1h8X + M9qMW1o4ixknIHD9T65/SvTdc1LU9Ge51CV4fOituMA4IL4UAHvuP5V89szM + xZjknkk9zQUkfVo0DSGAZYiQeQd7f41maRo+n3NoZJoyzB3H3mHAPHQ1j+C9 + T1jVdChMEkJ+zfuTvDbvlAxnHtitjSF1g2h+zNCE3v8AeDZznnpQSDaPp41h + bXyz5ZgL43N97djrnNGsaPp9rp8k8EZV1K4O5j1YDuaGXWP7YUFofP8AIPOG + 27d355zRrC6wNPk+1NCY8rnYGz94Y6+9AGp/wj+lf88T/wB9t/jWXpWj6fcQ + yvNGWKyuo+ZhwDx0Nam3xB/ftvyesvSl1gwy/Z2hC+a+dwbO7PPTtQASaPp4 + 1eK2EZ8tomYjc3UH1zml1jR9PtdOmnhjKuuMHcx6sB3NJIusf2vEC0PneU2D + htu3POe+aXWF1gadN9qaAxcZ2Bt33h0zQBor4f0oqD5J/wC+2/xrN0vR9PuE + uDNGT5c7oPmYfKOnQ1pKuv7Rh7f8mrN0tdYKXH2doQPPfduDfe74x2oAJtH0 + 9dVt7ZYz5bo5I3N1HTnNP1XRtOttPmnhjKugyDuY9/c0yZdY/tW3DND52x9p + AbbjvnvT9VXWRp832l4DHj5tobPXtmgC7HoGlNGrGI5IH8bf41n6bo+n3Bu/ + NjJ8ud0X5mGFGMDg1oRrr/lrte3xgY4as/TV1jN39naEfv337g33+M4x2oAL + jR9PTU7S3WMiOVZCw3NztHHOal1PRdOt7CeaKIh0XIO5j/M1FcLrH9p2m9of + N2ybMBtuMc57/SpdTXWhYT/aHgMe35tobOPbNAFmDQdLeCN2iJLKCfnbuPrV + HTtH0+eW8WWMkRTFV+ZhgAfWr0C695Eex7fbtGMhs4xVHTl1jzbzyGhB8479 + wb72O2O1ABdaPp8epWMCRkJN5u4bm52rkd6n1DRNNgsZ5o4iHRGIO9jyB9ag + ul1j+0rESND5v73ZgNt+7zn8OlT6gut/YZ/PeAx7G3bQ2cY7ZoAltdC0yS2h + keIlmRSfnbqR9ap2Gj6fNc3kckZKxSbV+ZhgY+tXLVdd+zQ+W9vs2LjIbOMc + ZqnYLrH2m88loQ3mfPuDYzjt7UAF5o+nxX1lCkZCTM4Ybm5wMjvVm+0PTIbK + 4ljiIZI2YHex5AyO9VrxdY+3WXmtD5m59mA2M45zVm+XXPsVx5zwGPy23bQ2 + cY5x70ALZaHpktnBLJESzxqxO9upAJ71VstH0+W9vYpIyViZQo3MMAjPrVqy + XXPscHlPb7PLXbkNnGOM+9VbJdY+2XvlNDv3LvyGxnHGKAC+0fT4bqyjjjIW + VyG+ZjkY+tXLvQtMjtZpEiIZEYg726gfWqd8usfarLzmhL7zs2hsZx3q5drr + v2WbzHt9mxt2A2cY5xQBHYaHps1jBNJESzopJ3sOSPrVe00fT5NQvoHjJSEx + 7RubjcuT3qxYLrf2GDyXgEexdu4NnGOM1XtF1j+0L7y2h8zMe/IbH3eMfh1o + ANQ0fT4JrNI4yBLKFb5mORj61euNB0tLeV1iIKqxHzt1A+tUdQXWPOs/PaEt + 5o2bQ2N2O+e1Xrhdd+zy73t9u1s4DZxigCvpui6bPYQTSxEu6gk7mHP51Dba + Pp8mp3lu8ZKRCPaNzcbhzzmptNXWvsEHkPAI9o27g2ce+Khtl1j+07zy2h83 + Ee/Ibb04x3+tABqWj6fA1oIoyPNnVG+ZjlTnPetCXQdLWJ2ERyAT99vT61n6 + kusbrTz2hJ89dm0N97nGc9q0JV17yn3Pb42nOA3pQBT0vRdOuNPgnmiJd1yT + uYd/Y1HBo+nvqtzbtGTHGiFRubgnrzmpNLXWjp8H2d4BHt+XcGzjPfFRwLrH + 9q3IRofO2JuJDbcdsd6ADVNH0+3Ft5UZHmTojfMxypzkcmtJ9A0oKSITwD/G + 3+NZuqLrAFr9oaE/v49u0N97nGc9q0nXX9py9vjB7NQBn6Ro2nXOnQzzRlnc + HJ3MO5HY02LR9PbVprYxny0jVgNzdSfXOadpC6ydOh+zNAIsHbvDbup64psS + 6x/a0wVofO8tdxIbbjPGO+aADVdH0+3ihaGMqWmRT8zHgnnqa1P+Ef0r/nif + ++2/xrL1VdY8qH7Q0JHnJjaG+9njOe1am3xB/ftvyegDL0bR9PutOinnjLO2 + 7J3MOjEdjQuj6edYe1MZ8sQhwNzdd2Ouc0aMusHTovsrQiL5sbw277xznHvQ + q6x/bDgND53kjJw23bu/POaADVtH0+2tkkhjKsZEX7zHgnnqa1P+Ef0r/nif + ++2/xrL1ZdYFsv2loSvmJjaGznPHXtWpt8Qf37b8noAy9I0fT7myWaaMsxZh + ncw6EgdDR/Y+n/2z9l8s+V9n343N97fjOc56UaQusGxX7M0Ij3N98NnOTnpR + t1j+2cbofP8As/XDbdm/885oANX0fT7ayMsMZVtyjO5jwSAeprU/4R/Sv+eJ + /wC+2/xrL1ddYFkftLQlNyfcDZzkY61qbfEH9+2/J6AMvSdH0+5tTJNGWYO4 + +8w4B46GhtH08awlr5Z8swl8bm67sdc5o0ldYNqfszQhN7/eDZznnpQy6x/b + CAtD5/knBw23bu/POaADWdH0+106SeCMq6lcHcx6sB3Nan/CP6V/zxP/AH23 + +NZesrrA06X7U0Jiyudgbd94Y6+9am3xB/ftvyegDL0rR9PuIZWmjLFZXUfM + w4B46GiTR9PXVobYRny2iZiNzdQfXOaNKXWPJl+ztCB5r53Bs7s84x2okXWP + 7WhDND53lNg4bbtzznvmgBdX0bT7XTpp4YyroBg7mPUgdzWivh/SioPkn/vt + v8aztXXWBp032loDFgbtgbd1HTNaKrr+0Ye3/JqAM3S9H0+4W5MsZPlzug+Z + hhR0HBom0fT01W2tljPlyI5I3N1HTnNGlrrG25+ztCB577twb73fGO1Ey6x/ + atsHaHztj7cBtuO+e9AEmq6Lp1vp888MZV0GQdzHv7mrkWgaU0aMYjkgH77f + 41T1VdZGnz/aHgMePm2hs4z2zVyJde8tNr2+MDGQ1AGfpuj6fO12JYyfLndF + +ZhhRjA60XOj6fHqdnbrGQkokLDc3O0cc5o01dY3XfkNCP3779wb73GcY7UX + K6x/adnvaHzcSbMBtvTnPf6UATaloum29hPNFEQ6KSDuY8/iasQaDpbwRu0R + JZQT87dx9ar6mutfYJ/PeAx7Tu2hs49s1YgXXvIj2Pb7doxkNnGKAKOn6Pp8 + 814skZIilKr8zDAx9aLvR9Pj1GxgSMhJvM3Dc3O1cjvRp66x5155DQhvNO/c + Gxux2x2ou11j+0bHzGh8395swG2/d5z+HSgCfUNE02CxnmjiIdEYg7mPIH1q + W10LTJLWGR4iWZFJ+dupH1qLUF1v7DP57wGPY27aGzjHbNS2q679lh8t7fZs + XGQ2cY4zQBTsdH0+a5vI5IyVikCr8zDAx9aLzR9PivbKFIyFlZww3NzgZHei + xXWPtN55LQh/MG/cGxnHb2ovF1j7bZea0Pmbn2YDYzjnNAFq+0PTIbK4ljiI + ZI3YHex5AJHeiy0PTJbOCWSIlnjVid7dSAT3ovl1z7Fcea8Gzy33bQ2cYOce + 9FkuufY4PKe3CeWu3IbOMDGfegCrZaPp8t7exPGSsTKFG5hjIye9F9o+nw3V + lHHGQsshVvmY5GPrRZLrH2298pofM3LvyGxnHGKL5dY+1WXnNCX8w7NobGcd + 6ALl1oWmR2s0iREMqMR87dQPrUen6Jps1jBNJES7opJ3sOSPrUl0uu/ZZvMe + 32bGzgNnGOcVHp6639hg8l4BHsXbuDZxjjOKAK9po+nyajfQPGSkPl7Rubjc + uT3o1DR9Pgms1jjIEsoVvmY5GPrRaLrH9o3wjaHzf3e/Ibb93jH4daNQXWPO + s/PaEt5o2bQ2N2O+e1AF640HS0gkdYiCqkj526gfWq+m6LptxYQTSxEu6gk7 + mHP4GrFwuu+RJve327TnAbOMVX01daNhB5DwCPaNu4NnHvigCG20fT5NTvLd + oyUiEe0bm43DJ5zRqWj6fbtaCKMjzZ0RvmY5U5z3otl1j+07zy2h83Ee/Ibb + 04x3+tGpLrAa089oT+/TZtDfe5xnPagDQl0DS1jdhEcgE/fb/GqelaLp1xp8 + E80ZZ3GSdzDv7Grkq695b7nt8YOcBqp6UusnT4Ps7wCPHy7g2cZ74oAjg0fT + 31W5t2jPlxohA3N1PXnNGqaPp9utsYoyPMnRG+Zj8pznqaIF1j+1bkI0PnbE + 3ZDbcdsd6NUXWAtt9oaE/v027Q33ucZz2oA0m8P6UFJEJ6f32/xrO0jRtPut + OhnmjLO4OTuYdCR2NaLLr+05e36ejVnaQusHTofszQCLBxvDbup64oASPR9P + bVprYxny1iVgNzdSfXOaNV0fT7eGJoYypaVFPzMeCeepojXWP7WmCtD53lLk + 4bbtzxjvmjVV1jyYvtDQlfNTG0NndnjOe1AGp/wj+lf88T/323+NZej6Pp91 + p0U88ZZ23ZO5h0Yjsa1NviD+/bfk9ZejrrB06I2rQiL5sbw277xz096ABdH0 + 86w9qYz5YhD43N13Y65zRq2j6fbWyyQxlWMiL95jwTz1NCrrH9sOA0PneSMn + Dbdu7885o1ZdYFsv2loSnmJjaGznPHWgDU/4R/Sv+eJ/77b/ABrL0jR9PurI + SzRlmLMM7mHQ47GtTb4g/v235PWXpC6wbIfZWhEe5vvhs5zz0oAP7H0/+2fs + vlnyvs+/G5vvb8ZznPSjV9H0+2smmhjKsGUZ3MepAPU0bdY/tnG6Hz/s/XDb + dm/885o1ddYFk32loTHuX7gbOcjHWgDU/wCEf0r/AJ4n/vtv8ay9J0fT7m2a + SaMswkdfvMOAeOhrU2+IP79t+T1l6SusG2b7M0ITzHzuDZznnp2oAG0fTxrC + WojPlmEuRubrux1zmjWdH0+106WeCMq67cHcx6sB0JoZdY/thAWh87yTg4bb + t3fnnNGsLrA06X7U0Ji+XOwNu+8MYz70Aan/AAj+lf8APE/99t/jWXpWj6fc + wzNNGSVldR8zDgHjoa1NviD+/bfk9ZelLrBhm+zNCF8187g2d2ecY7UAEuj6 + eurQ2wjPlvGzEbm6g+uadq+jadbadNPDGVdAMHcx7gdzTZV1j+1oQzQ+d5bb + SA23Gec9807V11kadN9paAxYG7YG3dR0zQBoL4f0oqCYT0/vt/jWbpmj6fcL + cmWMny55EX5mGFGMDg1pKuv7Rh7fp6NWbpi6xtufs7Qj9/Ju3Bvvd8Y7UAE+ + j6emq21usZ8uRHJG5uo6c5qTVdF0630+eeGMq6DIO5j39zUc66x/atsHaHzt + j7cBtuO+e9SaqusjT5/tDwGPHzbQ2cZ7ZoAuRaDpbRIxiOSAfvt6fWs/TdH0 + +4a7EsZPlTui/MwwoxjvWhEuveUm17fG0YyG9Kz9NXWC135DQj9++/cG+9xn + GO1ABc6Pp8ep2dusZCSiTcNzc7RxzmptS0TTYLCeaKIh0UkHcx5/E1DcrrH9 + p2YkaHzcSbMBtvTnP9Km1Jda+wT+e8Bj2ndtDZx7ZoAsW+g6W8EbtESWUE/O + 3Uj61R0/R9PnmvFkjJEUpVfmYYGPrV63XXfIj2Pb7doxkNnGKo6eusedeeQ0 + IbzTv3BsbsdsdqAC70fT4tRsYEjISYybhubnauR3qxqGiabDYzzRxEOiMQd7 + HkD61Xu11j+0bHzWh83MmzAbb93nP4dKsagut/YZ/OeAx7G3bQ2cY5xmgCS0 + 0LTJLWGR4iWdFJ+dupH1qnY6Pp811exyRkrFIFX5mGBj61ctF137LD5b2+zY + u3IbOMcZqnYrrH2q98loQ/mDfuDYzjtQAXuj6fFe2USRkLKzBhubkAZ9atXu + h6ZFZzyxxEMkbMDvbqASO9Vb1dY+22XmtDv3NswGxnHOatXq659jn817cp5b + bsBs4wc496ACx0PTJbK3lkiJZ40Ynew5Iye9VbPR9Plvb2F4yViZAo3NxkZP + erViuufYrfyng2eWm3cGzjAxn3qrZrrH2298pofM3JvyGxnHGKAC/wBH0+G5 + so44yFlkKt8zHIx9auXWhaZHazSJEQyoxHzt1A+tU79dY+02fnNCW8w7NobG + cd/arl0uu/ZZvMe32bGzgNnGOcUARafommz2ME0kRLuiknew5I+tQWmj6fJq + N9A8ZKQ+XtG5uNy5Pep9PXW/sMHkPAI9i7dwbOMd8VBaLrH9o33ltD5v7vfk + Nt+7xj8OtABqGj6fBLZrHGQJZgrfMxyMfWr0+g6WkEjrEQVUkfO3YfWqOoLr + Hm2fntCT5w2bQ33sd89qvTrr3kSb3t9u05wGzjFAFfTNF024sIJpYiXdQSdz + D+RqG30fT31O7t2jJSJYyo3NxuHPOam0xda+wQeQ8Aj2jbuDZx74qG3XWP7U + uwjQ+biPfkNtxjjHf60AGp6Pp9ubTyoyPNnRG+ZjlTnI5NaEugaUsbsIjkAn + 77f41n6musA2n2hoT+/TZtDfe5xnPatCVde8t9z2+MHOA1AFLStG0650+Gea + Ms7jJO5h39jTIdH099VuLZoz5aIhA3N1PXnNP0pdZOnwfZmgEePl3Bs9e+KZ + Cusf2rcBWh87Ym7IbbjtjvQAapo+n2625ijI8ydEPzMflPXqa0m8P6UFJ8k/ + 99t/jWbqi6xttvtDQkeem3aG+92zntWky6/tOXt/yagDO0jRtPutOhnmjLO4 + OTuYdCR2NJHo+ntq8tsYz5axKwG5upPrnNLpC6wdOh+zNAIsHbvDbup64pI1 + 1j+15grQ+d5S5OG27c8Y75oANV0fT7aGJ4YyC0qKfmY8E89TWp/wj+lf88T/ + AN9t/jWXqq6wIYvtLQlfNTG0NndnjOe1am3xB/ftvyegDL0fR9PutPjnnjLO + xbJ3MOjEdjQuj6edYa18s+WIQ+Nzdd2Ouc0aOusHT4/srQiPLY3hs/eOenvQ + q6x/bDAND53kjJw23bu/POaADVtH0+2tRJDGVYug+8x4J56mtT/hH9K/54n/ + AL7b/GsvVl1gWo+0tCU3p90NnOeOtam3xB/ftvyegDL0jR9PurISzRlm3MM7 + mHAOB0NH9j6f/bItfLPlfZ9+Nzfe3YznOelGkLrBsx9maEJub74bOc89KNus + f2yBuh8/7P1w23Zu/POaADWNH0+1sWmhjKuGUZ3MepA7mtT/AIR/Sv8Anif+ + +2/xrL1hdYFi32poTHuXOwNnORjrWpt8Qf37b8noAy9J0fT7m2d5oyzCR1+8 + w4B46GrEFha2euxpbptHks3UnnOO/tVfSV1g2z/ZmhC+Y+dwbOc89O1WIBfD + XY/thjLeS33AcYz7980AdLRRRQAUUUUAFFFFABRRRQB//9b9z5dWtW1WC4Af + akbA/Ic5PtT9W1e0uNOmhjWQMwGMoQOo71oz/wDIctf+uT0/Xf8AkE3H0H8x + QBDHrlkEUFZOAP4GrO0zVrWD7XvD/vLiRxhCeDjr711UX+qT6CsjRv8Al+/6 + +pf6UAZlxq1q+qWtwA+2NXB+Q55HYVLqesWk9hPCiybnXAyhA/Or11/yG7H/ + AHJf5VPrX/IKuf8AcoAqQ65ZLDGpWTIUD7jelUNO1a1hkvC6v+8mZhhCeDjr + XT2//HvF/ur/ACrM0j/W3/8A18N/IUAZd1q1rJqVlOofbF5ucoc/MuBgd6n1 + HWLSaxniRZNzoQMoQPzq7e/8hjTfpN/6CKsav/yDLn/rm1AFC21uzjtokZZM + qig4Q9hVKw1a1huLx3D4ll3DCE8Y710ln/x5wf8AXNf5VnaV/wAfWof9dv6U + AZl5q1rJf2Myq+2IvnKEHlccDvVm/wBZs5bK4iRZNzxsBlCByKt3/wDyFNN/ + 3pP/AEGrep/8g66/65P/ACNAGXZ61Zx2kEbLJlEUHCEjgVUstWtYru9kYPiV + 1IwhJ4Hf0rotP/48Lb/rkn/oIqjpv/H/AKj/ANdF/wDQaAMu+1a1lu7KRQ+I + nJOUIPI7etW7zWrOW0njVZMujAZQgZIqxqX/AB/6d/10b/0Gr+of8eFz/wBc + n/8AQTQBjWGs2cVlBE6ybkRQcISOBVaz1a1jv76Zg+2UpjCEnhccjtW/pf8A + yDbX/rkn8qp6f/yFNS/3ov8A0GgDMv8AVrWaezdA+I5dxyhHGO1XbnW7N7eV + FWTLIwGUPcVPqn/H1p//AF2/pWjef8ek/wDuN/KgDB07WLSGxgidZNyIAcIS + PzqC11a1j1O9nYPtlEeMIc/KuDkdq3NI/wCQZbf9c1qtZf8AIZ1H6Q/+g0AZ + mo6tazvaFFf93MrHKEcDPSr82t2TQyKFkyVI+43pUmr/AOtsP+vhP61qXH/H + vL/ut/KgDnNL1i0g0+CF1k3IuDhCR+dRwatapql1OVfbIqAfIc8DuK2dF/5B + Vt/u/wBaitf+Q1e/7kX8qAMvU9WtZ/suxX/d3EbnKEcDPT3rRfXLIowCycg/ + wNT9Z/5cf+vqL+ta0n+rb6GgDmNJ1e0t9OhhkWQsoOcISOp70yLVrVdVnuCH + 2vGoHyHOR7Vr6F/yCbf6H+ZpkH/Icuv+uSUAZeq6ta3EcAjDjZMjHKEcCtM6 + 7ZY+7L/37ajW/wDU23/XxH/Oto9KAOS0bVrW202GCRXLLuzhCRyxPWhNWtRq + 8lzh9hhC/cOcg56VqeHv+QPb/wDAv/QjRH/yH5f+uC/+hUAZerata3FuiRq+ + RIjcoRwDWp/btl/dl/79tRrn/HrF/wBdo/51s0Aclo+rWttYJFIHLAseEJHL + E9RQNWtf7ZNzh9nkBPuHOd2enpWn4f8A+QZH/vP/AOhGlH/IwN/17D/0OgDL + 1fVrW5s/LjDg70PKEDg+9an9u2X92X/v21Jr/wDyD/8Aton/AKFW1QByWk6t + a29oY5A5O9zwhI5PtQdWtf7YW5w+wQFPuHOd2elamg/8eJ/66Sf+hUN/yMC/ + 9ex/9DoAy9Y1a1udPkhjDhiV6oQOGB6mtT+3bL+7L/37ajxB/wAgqX6p/wCh + CtmgDktK1a1t4JEkDktK7cITwTRJq1qdXiuQH2LEyn5DnJPpWpof/HrL/wBd + pP50kv8AyHoP+uDfzoAzdY1a1udNmgjDhm24yhA4YHrWkNdssD5Zf+/bUviD + /kEXH/Af/QhWwOgoA5PS9WtbdLgSB/nmdhhCeDRNq1q2q29wFfaiOD8hzk+1 + aeif6q6/6+JP6Utx/wAhy1/65SUAZ2ravaXGnzQxrIGYDGUIHUd6vR65ZBFB + WTgD+Bqm13/kE3P+6P5itOL/AFSfQUAcrpmrWsBu94f95O7jCE8HHX3ouNWt + X1S0nAfbGsgPyHPI7CtPRut//wBfUn9KLv8A5DVj/uy/yoAo6nrFpPYTwosg + Z1wMoQPzq1BrdkkMalZMhQPuN6Vb1r/kFXP+5V22/wCPaL/cX+VAHMadq1rD + JeF1fEkzMMITwQOtF1q1rJqVjOqvti83OUOfmXAwO9amk/66/wD+vhv5Ci9/ + 5DGm/wDbb/0EUAUtR1m0msZ4kWTc6EDKECprbW7OO2iRlkyqKDhD2FaGrf8A + IMuv+ubfyqez/wCPOD/rmv8AKgDm7DVrWG4vHdXxLJuGEJ4x3ovNWtZb+xmV + X2xM5OUIPK449a09L/4+9Q/67f0o1D/kJ6b/AL0n/oNAFW+1mzlsriJVk3PG + wGUIGSKWy1qzis4I2WTKRqDhCRkCtXU/+Qddf9cn/kadp3/IPtv+uSf+gigD + nrLVrWK8vZWD4ldSMISeBjn0ovtWtZbuykUPiJyTlCDyO3rWpp3/ACENR/30 + /wDQaNS/4/tO/wCujf8AoNAFa81qzktJ41WTLIwGUIHIplhrNpDYwROsm5EU + HCEjgVtX/wDx43P/AFzf/wBBNR6X/wAg21/65r/KgDBtNWtY9QvpmD7ZTHjC + EnhccjtRqGrWs09m6B8Ry7jlCOMdq07D/kK6l9Yv/QaNV/4+dP8A+uw/lQBD + ca3ZvbyoFkyysOUPcVBpusWkFhBE6ybkQA4QkfnW/d/8es3+438qraR/yDLb + /cFAGHbatapqd7OyvtlEeMIc/KMHI7Uajq1rM9oUV/3cyscoRwM9K1LP/kMa + j9If/QTRq/8ArLD/AK+U/kaAIptcsmidQsmSpH3G9KqaXq9pb6fBC6yFlXBw + hI6+tdJcf6iT/dP8qoaJ/wAgq2/3f60AY0GrWqapdXBD7ZFQD5Dnj1FGp6ta + zi12B/3c8bnKEcDPT3rTtf8AkN3v+5H/ACpdZ6WX/X1F/WgBr67ZFGG2Tof4 + GrP0jV7W306GGRZCyg5whI6nvXUv9xvoaytB/wCQTb/Q/wDoRoAyYtWtV1ae + 4Ifa0aqPkOcg+lGq6ta3EUKxhwVmRjlCOBWpB/yHbn/rkn86TXP9Tb/9fEf8 + 6AF/t2y/uy/9+2rL0bVrW202GCQOWXdnCEjlieorraxfD3/IHt/+B/8AoRoA + zE1a1GsSXJD7DCF+4c5znpRq2rWtxbIkYcESI3KEcA1px/8AIfl/691/9Cpd + d/49I/8ArrH/ADoAP7dsv7sv/ftqy9H1a1trFYpFcsGY8ISOWJ6iutrF0Ega + WhJwAz/+hGgDyD4kavHd3kFtblgvlguGBU8E44rzCtvxHqh1nW7vUM5SRyE/ + 3F4X9BWJQaI9F+HOuppepzWdwT5N2vAAyd6cjj6Z/SvVtI1a1t7QxyByd7nh + Cep9q+bbK7lsbuG9gOJIHV1+qnNfT/hidLrSUuY/uSszD6E5oJkUm1a1OsLc + 4fYICv3DnO7PSjWNWtbnT5IY1cMxXqhA4YHrWm3/ACMCf9ex/wDQ6PEH/IKl + +qf+hCgkX+3bL+7L/wB+2rL0rVrW3hlWRXJaV24QngmutrG0P/j2m/67yfzo + Ay5NWtTq8VwFfYsTKfkOck+lLrGrWtzp00EayBmxjKEDhgetacv/ACHoP+uD + fzpfEH/IIuPov/oQoAYuu2QAG2X/AL9tWbperWtulwHDnfO7DCE8GusX7o+l + Y2if6u7/AOvmT+lAGZNq1q2q29wA+1EcH5Dnn2p+q6vaXGnzQxrIGYYGUIHX + 1rQuP+Q5af8AXOSpdc/5BNz/ALo/mKAK8euWQjUFZOAP4GrP03VrWA3e8P8A + vJ3cYQng46+9dTD/AKpP90fyrK0frff9fUn9KAMu41a1fU7ScK+2NZAfkOeR + 2FS6nrFpPYTwosgZ1wMoQPzq/d/8hqw/3Zf5CptZ/wCQXc/7hoApwa3ZpBGh + WTKqB9xuwqjp2rWsMt4zh8STFhhCePeumtf+PaL/AHF/lWZpP+u1D/r4b+Qo + AzLrVrWTUrGdVfbF5ucoc/MuBgd6n1DWbSaxniRZNzowGUIHIq7ff8hfTP8A + tt/6BVnVv+QZdf8AXNv5UAZ1rrdnHbQoyyZVFBwh7Cqdhq1rFc3juHxLJuGE + J4x39K6Sy/484P8Armv8qz9L/wCPvUP+uo/lQBl3mrWst9ZSqH2xM5OUIPIx + x61ZvtZs5bK4iVZMvGwGUIGSKtah/wAhLTf96T/0Grup/wDIOuv+uT/+gmgD + Jstas4rOCJlkykag4QkZAqrZataxXl7KwfErKRhCTwO/pXQ6d/yD7X/rkn/o + Iqjp3/IR1H/fT/0GgDMvtWtZbqykVXxE5JyhBxjt61cu9as5LWaNVkyyMBlC + ByKsan/x+6d/11P/AKDV+/8A+PG4/wCub/yNAGJYazaQ2METrJuRFBwhI4FV + 7TVrWPUL6Zg+2Ux4whzwuOR2re0v/kG2v/XNf5VVsP8AkLal9Yv/AEGgDL1D + VrWaazZA+I5QxyhHGO1XrjW7N7eVAsmWVh9xu4qXVf8Aj40//ruP5VpXf/Hr + N/uN/KgDA03WLSCwgidZNyKAcISPzqG21a1TU7ydg+2UR4whz8o5yK29H/5B + dt/uCoLP/kM6h9If/QTQBl6lq1rO1oUD/u51c5QjgZ6VoS65ZNE6hZMlSPuN + 6VJrH37D/r5T+tak/wDqJP8AdP8AKgDm9L1e0t9PghkWQsq4OEJHX1qODVrV + NVubgh9rogHyHPHqK2dE/wCQVbf7v9ahtv8AkN3n/XOOgDM1TVrWcWuwP+7n + jc5QjgZ6e9aT65ZFSAsnIP8Ayzal1r7tl/19Rf1rYf7jfQ0ActpGr2ttp0MM + iyFlBzhCR1Pemxatarq01wVfa0aqPkOcg+la2g/8gi3+h/8AQjTYf+Q7cf8A + XFP50AZeq6ta3EUKoHBWZGOUI4BrU/t2y/uy/wDftqNb/wBRb/8AXeP+dbNA + HJaNq1rbadFBIHLLuzhCRyxPWhdWtRrD3O19hhC/cOc7s9K0/D3/ACCIP+B/ + +hGhP+Rgk/69x/6FQBmatq1rcWypGHBEiHlCOAa1P7dsv7sv/ftqTXf+PNP+ + usf862qAOS0jVrW2slikVywZjwhI5JNH9rWv9s/adr7Ps+z7hznfnp6VqaB/ + yDV/33/9CNH/ADMP/br/AOz0AZer6ta3FkYow4bcp5QgcEGtT+3bL+7L/wB+ + 2o1//kHH/fT/ANCFbNAHJaTq1rb2pjkVyS7nhCRgmhtWtTrCXO19ghK/cOc7 + s9K1NC/48m/66yf+hUj/APIwR/8AXuf/AEKgDM1nVrW506WGMOGYr1QgcMD1 + Nan9u2X92X/v21J4h/5BM31T/wBCFbVAHJaVq1rbwyrIHJaV2GEJ4Jok1a1O + rQ3AD7FiZT8hzkn0rU0T/j3n/wCu8n86Jf8AkO2//XF/50AZmr6ta3OnTQxr + IGYDGUIHUHrWiuu2W0fLL/37an6//wAgi4+i/wDoQrXX7o+lAHJ6Xq1rAtyH + DnfO7jCE8GibVrVtVtrgB9qI4PyHPPtWpov3Lv8A6+Zf6Ulz/wAhyz/65yUA + UNV1e0uNPnhjWTcwwMoQOvrVyLXLJY0UrJkAD7jVY1v/AJBVz/u/1rRh/wBT + H/uj+VAHLabq1rA12XD/ALyd3GEJ4OOvvRc6tavqdnOFfbGJM5Q5+YcYFamj + /ev/APr5k/pRd/8AIZsP92X+QoAo6nrFpPYTwosm51IGUIH51Yg1uySCNSsm + QoH3G9Ku6z/yC7n/AHDVu1/49ov9xf5UAczp+rWsM14zh8SSlhhCeMd6LvVr + WTUbGdQ+2LzM5Q5+ZcDA71p6T/r9Q/67n+Qovv8AkL6Z/wBtv/QaAKeoazaT + WM8SLJudGAyhA5FS2utWcdrDGyyZVFBwh7CtHVv+QZdf9c2/lU1j/wAeVv8A + 9c0/kKAOcsdWtYrm8dg+JZARhCeMd/Si81a1kvbKVVfbEzk5Qg8jHHrWppn/ + AB+aj/11H8qNQ/5CWm/78n/oNAFW+1qzlsriJVky8bgZQgZINFlrVnFZwRMs + mUjUHCEjIArW1L/kHXX/AFyf/wBBNLp3/IPtf+uSf+gigDnrLVrWK9vZWD4l + ZSMISeB39KL/AFa1lurKRQ+IpCTlCO3b1rT07/kJal/vp/6DRqf/AB+6d/11 + P8qAILrWrOS1mjVZMsjAZQjqKj0/WbSGxgidZNyIoOEJHArbvv8AjyuP+ub/ + AMjUWlf8g21/65r/ACoAwbTVrWPUb6Zg+2Xy8YQ5+VcHI7Uahq1rNNZsgfEc + oY5QjjHatSx/5C2pfWH/ANBo1X/j40//AK7j+RoAhuNbs3gkQLJllI+4e4qv + pusWkFhBC6yFkUA4QkfnXQXX/HrN/uN/Kqmjf8gu2/3BQBiW2rWqaneTsH2y + CPGEOeBzkUalq1rO1oUV/wB3OjnKEcDPT3rTs/8AkNah/uxf+g0ax9+w/wCv + mP8ArQAyXXLJo3ULJkgj7jVT0rV7S30+CGRZCyrg4QkdfWulm/1Mn+6f5Vna + J/yCrb/d/rQBjw6tarqlzcFX2uiAfIc8e1Gqata3C2wRX+SdHOUI4Gf1rUtv + +Q3ef9c46TWvuWf/AF8xf1oARtdsipG2Tp/zzas7SNWtbbToYZFkLKDnCEjq + T1rqn+430NZOgf8AIIt/o3/oRoAyo9WtV1aa4IfY0SqPkOcg+lGq6ta3EMSx + hwVlRjlCOAa04f8AkPXH/XFP50ut/wDHvB/13j/nQAf27Zf3Zf8Av21Zej6t + a22nRQyByy7s4QkcsT1FdbWN4f8A+QTB9X/9CNAGWurWo1h7na+wwhfuHOd2 + elGrata3FsqRhwRIh5QjgGtRP+Q/J/17j/0KjXf+PNP+usf86AD+3bL+7L/3 + 7asvR9WtbayEUgcncx4QkcmutrF0D/kGr/vv/wChGgDM/ta1/tn7TtfZ9n2f + cOc789PSjV9WtbmyaKNXDFlPKEDgg1qf8zD/ANuv/s9Gv/8AINb/AH0/9CFA + B/btl/dl/wC/bVl6Tq1rb2zJIHJMjnhCeCa62sbQv+PN/wDrrJ/OgDLbVrU6 + wlzh9ghK/cOc7s9KNY1a1udOlhjDhm24yhA4YHqa03/5GCP/AK9z/wChUviD + /kEz/VP/AEIUAH9u2X92X/v21Zelata28MyyByWldhhCeCa62sXQ/wDUXH/X + eT+dAGZLq1q2rQ3AD7VjZT8hzkn0p2r6va3OnTQxrIGYDGUIHUd60pv+Q7b/ + APXF/wCdO17/AJBFx9B/6EKAI112yCgbZen/ADzas3TNWtYFuQ6v888jjCE8 + HHX3rq0+4v0FZGi/dvP+vmX+lAGXPq1q2q21wFfaiOD8hzz7VJqur2lxp88M + ayBmXAyhA6+taFz/AMhuz/65yVJrf/IKuf8Ad/rQBXi1yyWJFKyZCgfcb0rP + 03VrWBrsuH/eTu4whPBx1rqIP9RH/uj+VZWj/fv/APr5k/pQBmXOrWr6nZzq + H2xiTOUOeRxgVNqWsWk9hPEiybnUgZQgfnV28/5DWn/7sv8A6DVjWP8AkF3P + +4aAKVvrdmkEaFZMqoH3D2FUdP1a1hmvGcPiSUsMITxjvXTWv/HrD/uL/Ks3 + Sv8Aj41D/ruf5CgDLu9WtZNRsZlD7YjJnKHPzLgYHerGoazaTWM8SLJudGAy + hA5FW7//AJC2m/WX/wBBq3qv/INuv+ubfyoAzbTWrOO1hjZZMqig4Q9hVOx1 + a1iur2R1fEsgIwhPGO/pXR2H/Hjb/wDXNP5Cs/TP+P3Uf+uo/lQBmXurWst7 + ZSqH2xMxOUIPIxx61avdas5bOeJVky8bAZQgZIq1qP8AyEdO/wB9/wD0Gruo + /wDIPuv+uT/+gmgDIsdas4rK3iZZMpGgOEJGQBVWz1a1jvb2VlfbKyEYQk8D + HPpXQab/AMg61/65J/6CKp6f/wAhLUv9+P8A9BoAy7/VrWa5snQPiKQk5Qjj + Hb1q5da1ZyWs0arJlkYDKHuKn1T/AI/NO/66n+VaF9/x5XH/AFzf+RoAw9P1 + m0hsYInWTciKDhCRwKgtNWtY9Rvp2D7ZfLxhDn5VwcjtW7pP/IMtf+ua/wAq + q2P/ACF9T/7Y/wDoNAGZqGrWs0tmyB8RzBjlCOMdqvT63ZPBIoWTJUj7jelT + at/r9P8A+u6/yNaV1/x7S/7jfyoA5/TNYtILCCF1k3IoBwhI/OobfVrVNUu5 + yH2yCMDCHPA7itvRv+QXbf7gqvaf8hq//wB2L+VAGZqerWs5tNgceXOjnKEc + DPT3rQl1yyaN1CyZII+41P1n71h/19R/1rWm/wBTJ/un+VAHM6Vq9pb6fDDI + shZRg4QkdfWmQ6tarqtxcEPtdEA+Q549q2ND/wCQTbf7p/majt/+Q5d/9c46 + AMvVNWtZ1tggcbJ0c5QjgVpNrtltPyy/9+2p2tfctP8Ar5i/rWw33T9KAOU0 + jVrW206GGRZCyg5whI6k9aSPVrUavNcEPsaJVHyHOQfStXQP+QRb/Rv/AEI0 + 2L/kPT/9cV/nQBmarq1rcQxLGHBWVG5QjgGtT+3bL+7L/wB+2pNc/wCPeD/r + vH/OtqgDktH1a1ttPjhkDllLdEJHLE9aF1a1GsNc7X2GEL9w5zuz0rU8P/8A + IJh+r/8AoRoX/kYH/wCvYf8AodAGXq2rWtxaiONXBDoeUIGAa1P7dsv7sv8A + 37ajXf8AjyX/AK6x/wDoVbNAHJaRq1rbWYikDk7mPCEjk0f2ta/2yLnD7PI2 + fcOc7s9PStPQP+QcP99//QjQf+RiH/Xr/wCz0AZmsata3Ni0UYcMWU8oQOCD + Wp/btl/dl/79tSeIP+Qa/wDvJ/6EK2qAOS0nVrW3tnSQOSZHbhCeCasQXsN3 + rsbxBgPJZfmUjnOe9XNC/wCPST/rrJ/Oh/8AkPxf9e7f+hUAbNFFFABRRRQA + UUUUAFFFFAH/1/3Pl0iyXVYLcBtjxsT8xzke9P1bR7K306aaINuUDGWJHUdi + aZKdZ/tWDcLfzvLfbjdtx3z3zTtWOtf2dN9qFv5WBu2b93UdM8UAX49C08op + IfkD+Nv8aztM0iyn+1+YG/d3EiDDEcDGK0Iz4g2LtFrjAx9+s/TDrP8Apf2c + Qf8AHxJv3bvv8Zxjt6UAFxpFkmqWtuobZIrk/Mc8DjnNS6no1jBYTzRhtyLk + Zdj/AFqK4/tn+1LXeIPO2vsxu24xznv9Kk1M639gn+0C38vb823fux7Z4oAt + w6Fp7QxsQ+SoP329PrVDTtIsp5LwSBsRzMowxHAx71fhPiDyY9gttu0Yzvzj + FUNOOs+Zd+QLfPnNv3bvvcZxjtQAXWkWUepWUChtkvm7vmOflXI5zU+o6NYw + WM80YfciEjLsf61BdHWf7SsvMFv5v73Zjdt+7zu79OmKm1E659hn88W/l7Du + 2792PbNAE9todhJbROwfLIpPzt3H1qlYaRZTXF4jhsRS7VwxHGPrVy2Ov/Zo + vLFts2LjO/OMcZqnYf2z9ovPIEG7zPn3bsbsdsdvrQAXmkWUV/ZQoG2ylw3z + HsuRVm/0WwisriVA+5I2Iy7HkD61WvDrP2+y80QeZl9mN237vO7v06YqzfHX + fsVx5wtvL8tt23fnGOcZ70AOs9EsJbSCRw+50Un526kfWqllpFlLd3sbhtsT + qFwxHBGfWrVmde+yQeULbZsXbu35xjjPvVWyOs/a73yRBv3rv3bsZxxtx/Wg + AvtIsoruyjQNtldg2WJ4A+tW7zRLCK0nkQPuRGI+duoH1qpff2z9rsvOEG/e + 2zbuxnHO7P8ASrV4de+yT+aLbZsbdt35xjnHvQAlhotjNZQSuH3Oik4dhyR9 + arWekWUt/fQuG2xFNvzHuuTViwOu/YoPJFt5exdu7fnGOM471Xs/7Z+333lC + DzMp5md237vG3v065oAL/SLKGezRA2JZdrZYnjH1q7c6HYJbyuofKoxHzt2H + 1qlfnWfPs/PFvu835Nu7G7HfPb6VduTr/wBnl8wW23Y2cb84xzigCHTtGsZ7 + GCaQNudATh2H9agtdIspNTvYGDbIhHt+Y5+ZcnnNTacdc+wweQLfy9g27t+7 + HviobX+2f7SvfLFv5uI9+d237vG3v065oANS0iygksxGG/eTKhyxPB/Gr82h + aesMjAPkKT99vT61Q1E6zvtPtAgz5y7Nu773OM57VfmPiDyX3i227TnG/OMU + AVNL0exuNPgmkDbnXJw7D+tRwaRZPql1bsG2RqhHzHPI55qTSzrf9nwfZhb+ + Vt+Xfv3Y98cVHAdZ/tS62CDztqb87tuMcY7/AFoANT0iyg+y+WG/eXEaHLE8 + HOa0X0LTwjEB+Af42/xrO1M6z/ov2gW//HxHs27vv84znt61oufEOxsi1xg/ + 36AKOk6PZXGnQzShtzA5wxA6nsDTItIsm1We3IbYkakfMc5PvTtJOtf2dD9m + Fv5WDt3793U9ccU2I6z/AGrPtFv53lpuzu247Y75oANV0iyt44GjDZeZFOWJ + 4PXvWmdB070f/vtv8azNU/tny4PtIgx5ybdm773bOe3rWmT4h9LX/wAfoAzN + G0iyutNhnlDb23ZwxA4YjoDQmkWR1eS2IbYIQw+Y5yTjrmjRjrP9mw/ZBb+V + 823fu3feOc4460IdZ/teTAt/P8kZ+9t25/PNABqukWVvbo8QbJkReWJ4J+ta + n9g6d6P/AN9t/jWXqp1n7On2kQbfMTGzdndnjr2rTz4i9LX/AMfoAzNH0iyu + bBJpQ24sw4YjoxHY0DSLL+2TbYby/ID/AHjnO7HXNGj/ANs/YU+yiDy8tjfu + 3Z3HPSgHWf7YPFv5/kD+9s2bvzzmgA1fSLK2s/NiDbt6Dliep9zWp/YOnej/ + APfbf41l6v8A2z9j/wBKEGzen3N2c5461p58Relr/wCP0AZmk6RZXFoZJQxb + e44YjgH2oOkWX9sLbYbYYC/3jnO7HXNGknWfsh+yi32b3+/uznPPSgnWf7YX + It/P8g/3tm3d+ec0AGsaRZW2nyTRBgwK9WJHLAdzWp/YOnej/wDfbf41l6wd + Z+wSfahb+Vlc7N277wx1461p58Relr/4/QBmaVpFlcQSPKGJWV1GGI4Bok0i + yGrxWwDbGiZj8xzkH1zRpR1nyJPswg2+a+d+7O7POMdqJP7Z/teLcIPP8psf + e27c8575oAXWNIsrbTZp4g29duMsSOWA6E1pDQdOwOH/AO+2/wAazNYOtf2b + N9qFv5Xy7tm7d94YxnjrWkD4hwOLX/x+gDN0vSLK4S4MgbKTOowxHA6d6JtI + sl1W3twG2Ojk/Mc5HvmjS/7Z2XH2YQY8592/d97vjHb0omOs/wBq2+4Qedsf + bjdtx3z3zQA/VtHsrfT5pog25QMZckdR2zV6PQtPKKSHyQP42/xqjqp1r+z5 + vtIt/KwN2zfu69s8VdjPiDYu0WuMDH36AM/TNIspzd+YG/d3DoMMRwMY70XG + kWSapaW6htkiyE/Mc8DjnNGmHWc3f2cQf699+7d9/jOMdvSi4/tn+1LTeIPO + 2ybMbtuMc57/AEoAl1PRrG3sJ5ow25FyMux/rVqDQ9PeGNiHyVB++3p9aqam + db+wT/aBb+Xt+bbv3Y9s8VagOv8Akx7BbbdoxnfnGKAKOnaRZTSXiyBsRzMo + wxHAA96LrSLKPUrGBQ2yXzd3zHPyrkc0acdZ8y88gQZ85t+7d97A6Y7UXR1n + +0rHzBb+b+98vG7b935t3fp0xQBPqOi2MNjPLGH3IhIy7Hp+NTW2h2EltE7B + 8sik/O3Uj61DqJ1z7DP54t/L2Hdt37se2altjr/2aLyxbbNi4zvzjHGaAKdh + pFlNcXiOGxFJtXDEcYovNIsor+xhQNtlZw3zHsuR3osP7Z+0XnkCDd5nz7t2 + N2O2O31ovDrP26y80QeZufy9u7bnbzu/DpigCzf6LYRWVxKgfckbEZdjyB9a + dZ6JYS2cErh9zxqT87Dkj602+Ou/YrjzhbeX5bbtu/OMc4z3pbM699jg8oW2 + zy127t+cY4zjvQBVstIspby9icNtidQuGI6jPrRfaRZRXdlGgbbK5DZYngD6 + 0WR1n7Ze+SLffvXfu3Yzjjbj+tF8dZ+12XnC337zs27sZx/Fnt9KALd5olhH + aTyKH3KjEfO3UD60yw0WxmsYJXD7nRScOw5I+tPuzr32SbzRbbNjbsb84xzj + 3plgdd+wweQLby9i7d2/OMcZx3oAr2mkWUmoX0LBtsRj2/Mc/MuTnmjUNIso + Z7NEDYll2tlieMfWi0Os/wBoX3lCDzcx+Zndt+7xt79OuaNQ/tnz7PzxBu83 + 5Nu7G7HfPagC7caHp6W8rqHyqsR87dh9ag03RrGewgmkDbnQE4dh/Wp7g6/9 + nl8wW23a2cb84xzioNOOufYIPs4t/L2Dbu37se+KAIbbSLKTU72Bg2yIR7fm + OfmGTzmjUdIsoHtBGG/eTKhyxPBzRbHWf7SvfLFv5uI9+d23pxt7/XNGonWd + 9p9oFvnzl2bd33ucZz2oAvzaFp6xOwD5Ck/fb0+tVNL0eyuNPgmkDbnXJw7D + v9atzHxB5T7xbbdpzjfnGKqaWdb/ALPg+zC38rb8u/fux744oAjg0iyfVLq3 + YNsjVCPmOeevOaNT0iygFr5Yb95PGhyxPBznvRB/bP8Aal1sEHnbU353bcds + d/rRqZ1nFr9oFv8A6+PZt3ff5xnPb1oA0n0HTwjEB+h/jb/Gs/SNHsrnToZ5 + Q25gc4YgdT2Bq+58Q7TkWuMH+/VDSTrX9nQ/ZRb+Vg7d+/d1PXHFADYtIsm1 + ae3IbYkasPmOck+tGq6RZW8ULRhstMinLE8Hr3oiOs/2tPtEHneWu7O7bjPG + O+aNV/tnyoftIgx5ybdm772eM57etAGn/YOnej/99t/jWZo2kWV1psM8obe2 + 7OGIHDEdAa08+IvS1/8AH6zNGOs/2bD9kEHlfNt37t33jnOOOtAAmkWR1iS2 + IbYIQ33jnOcdc0atpFlb2yPEGyZEXlieCfehP7Z/teTAg8/yRn72zbn880aq + dZ+zp9pFvt8xMbN2c5469qANT+wdO9H/AO+2/wAa8+19rTTvCUl3832i4Ywp + 8xxkk5OM9lB/GvQM+IvS1/8AH64a68LXfiWxthJKqQ27SbQGIJLNyT8p9OKB + o8Kor1n/AIVsn2z7D553+X5md/GM4/uda8suIvIuJYOvlsy/kcUF3Ia9p+HC + WWqaZNaXG4zWr8YYj5H5HAPqD+lUrX4ZG4torjz8eait9/8AvDP9ytnwr4Wu + 9JnfUtMmUlg0TLKxKkA+iqO445oJbOmbSLIawtthvLMBf7xzndjrRrOkWVtp + 8k0QbcpXGWJ6sB0NDHWf7YXIg8/yDj72zbu/POaNY/tn+z5PtYt/Kyudm7d9 + 4Y68daCTU/sHTvR/++2/xrL0rSLK4hlaQNlZXUYYjgH61p58Relr/wCP1maU + dZ8mX7MLfb5r537s7s84x2oAJNIshq8VsA2xomY/Mc5B9c0usaRZW2nTTxBt + 64xliRywHQmkkOs/2tFuFv5/lNj723bnnPfNLrB1r+zpvtQt/K43bN277w6Z + 460AaK6DpxAOH/77b/Gs3S9IsrhLgyBvkndBhiOB0rSU+IcDAtf/AB+s3Szr + Oy4+zCDHnvu37vvd8Y7elABNpFkuq29uA2x0cn5jnI980/VdHsrfT5pog25B + kZckdfQmmTf2z/atvvEHnbH243bcd8980/VTrf8AZ832kW/lY+bZv3de2eKA + L0ehae0asQ+SB/G3+NZ2m6RZTm78wN+7ndBhiOBjHetCM+IPLXaLXGBjO+s/ + TTrObv7OLf8A1779277/ABnGO3pQAXGkWSanaQKG2SLIT8xz8o45zUup6NYw + WE80Ybci5GXY/wBaiuDrP9p2nmCDztsmzG7bjHOe/wBKl1M639gn+0C38vad + 23fux7ZoAswaHp7wRuwfLKCfnbuPrVHTtIsppbxZA2Ipiq4YjgfjV6A6/wCR + HsFtt2jGd+cYqjpx1nzbzyBBnzjv3bsbsdsdqAC60iyj1KxgUNtl83d8xz8q + 5GDU+oaLYw2M8qB9yIxGXY8gfWoLo6z/AGjY+YLfzf3vl43bfu87u/Tpip9Q + OufYZ/PFv5ext23fnGO2aAJbXQ7CS2hkYPlkUn526kfWqdhpFlNc3iOGxFJt + XDEcYq5anXvs0Pli22bFxnfnGOM1TsDrP2m88kW+7zPn3bsZx2x2+tABeaRZ + RX1lEgbbKzhvmPYZqzfaLYRWVxKgfckbEZdjyB9arXn9s/brLzRB5m59m3dj + OOd3/wBarN8dd+xXHnC28vy23bd+cY5xnvQAtlolhLZwSuH3PGpPzsOSPrVW + y0iylvL2Jw22JlC/Me4+tWrI699jg8kW3l+Wu3dvzjHGcd6q2X9s/bL3yRB5 + m5d+7djOONuP60AF9pFlFdWUaBsSuQ2WJ4x9auXeiWEdrNIofKoxHzt1A+tU + 746z9qsvOEG/edm3djOP4s9vpVu7OvfZZvNFts2NuxvzjHOPegBlhotjNYwS + uH3Oik4dhyR9ar2mkWUmoX0LBtsRj2/Mc/MuT3qxYHXfsMHkC28vYu3dvzjH + Gcd6r2h1n+0L7yhb+bmPzM7tv3eNvfp1zQAahpFlDNZqgbEsoVssTxj61duN + D09LeV1D5VWI+duw+tUtQ/tnzrPzxBu80bNu7G7HfPartwdf+zy+YLbbtbON + +cY5xQBBpujWM9hBNIG3OoJw7D+tQ22kWT6neQMG2RCPb8xz8w55zU2mnXPs + EH2cW/l7Rt3b92PfFQ2x1n+07zyxB5uI9+d23pxjv9c0AGpaRZQNaCMN+8nV + DlieDn3rQl0LT1idgHyFJ++3p9az9SOs7rT7QLfPnrs27vvc4zntV+U+IPKf + cLbGDnG/OMUAVNL0exuNPgmkDbnXJw5A6/Wo4NIsn1W5t2DbI0Qj5jnnrzmp + NLOt/wBnwfZhb+Vt+Xfv3Yz3xxUcH9s/2pc7BB52xN2d23HbHf60AGqaRZW4 + tvLDfvJ0Q5Yng5z3rSfQdPCkgPwD/G3+NZuqHWcWv2gQf69Nuzd9/nGc9vWt + Fz4h2nItcY/26AKGkaRZXOnQzyhtzA5wxA6kdAabFpFk2rTW5DbFjVh8xzkn + 1zS6Qda/s6H7KLfysHbv37up644pIjrP9rTbRb+d5a7s7tu3PGO+aADVdIsr + eKFow2WmRTlieCee9an9g6d6P/323+NZeqHWfKh+0i3x5ybdm7O7PGc9vWtP + PiL0tf8Ax+gDM0bSLK606KeUMXbdnDEDhiOgNC6RZHWHtiG2CEN945zux1zR + o39s/wBnRfZBb+V82N+7d945zjjrQp1n+2HwIPP8kZ+9s27vzzmgA1bSLK3t + leINkyIvLE8E+5rU/sHTvR/++2/xrL1b+2fsy/ahBs8xMbN2c5469q08+IvS + 1/8AH6AMzSNIsrmyWWUNuLMOGI6EjsaP7Isv7Z+y4by/s+/7xznfjrRpB1n7 + Ev2UQeXub7+7OcnPSjOs/wBs9Lfz/s/+1s2b/wA85oANX0iytrIyxBgwZByx + PUgdzWp/YOnej/8Afbf41l6udZ+xH7UIPL3L9zdnORjrWnnxF6Wv/j9AGZpO + kWVzatJKGyHccMRwD7UNpFkNYS2w2wwlvvHOd2OuaNJOs/ZW+yi32b3+/uzn + PPTtQ39s/wBsJkQef5Jx97Zt3fnnNABrOkWVrp0k8QbcpXGWJHLAdCa1P7B0 + 70f/AL7b/GsvWTrP9nS/axB5WVzs3bvvDGM8da08+IvS1/8AH6AMzStIsriG + VpA2VldRhiOAeOhok0iyXVobcBtjRMx+Y5yD65o0o6z5Mv2YW+3zXzv3Z3Z5 + xjt6USHWf7Wh3CDzvKbGN23bnnPfNAC6vpFlbadNPEG3KBjLEjqB0JrRXQdO + 2jh/++2/xrO1c61/Z032oW/lYG7Zu3dR0zxWip8Q4GBa/wDj9AGbpekWU63J + kDfJO6DDEcDp3om0iyXVba3AbY6OT8xzke+aNLOs7bn7OIMee+7fu+93xjt6 + UTf2z/attvEHnbH243bcd896AJNV0eyt9PnmjDbkGRlyR19M1ci0LT2jRiHy + QP42/wAapaqdb/s+f7SLfysfNs37sZ7Z4q7EfEHlptFrjAxnfQBn6bpFlO13 + 5gb93O6DDEcDHvRc6RZJqdnAobZKJN3zHPyjjmjTTrO67+zi3/1779277/Gc + Y7UXB1n+07PzBb+diTZjdt6c57/SgCbUtGsYLCeaMNuRSRl2P9asQaHp7wRu + wfLKCfnbuPrVbUjrn2Cf7QLfy9p3bd+7HtmrMB1/yI9gttu0YzvzjHegCjp+ + kWU014sgbEUpVcMRxj60XekWUeo2MChtkvmbvmOflXIwc8Uaf/bPm3nkCDd5 + p37t2N2O2O1F2dZ/tGx80Qeb+88vG7b93nd36dMUAT6hotjDYzyoH3IjEZdj + yB9altdEsJLWGRg+WRSfnbqR9ai1A659hn88W/l7G3bd+cY7ZqW1OvfZYfKF + ts2LtzvzjHGaAKdjpFlLc3kbhsRSALhiOMUXmkWUV7ZRIG2ys4b5j2GfWixO + s/abzyRBv8wb927GcdsdvrReHWfttl5ot/M3Ps27sZ287v8A61AFq+0Swisr + iVA+5I3YfOx5AJ9aLLRLCWzglcPueNScOw5IHvSXx137FcecLby/Lfdt35xg + 5xnvS2R177HB5ItvL8tdu7fnGOM470AVbLSLKW9vYnDbYmUL8x7jPrRf6RZQ + 3VlGgbEshDZYnjFFl/bP2298kQeZuXfu3Yzjjb/9ei+/tn7VZecIN/mHZt3Y + zj+LPb6UAXLrRLCO1mkUPlUYj526gfWo9P0WxmsYJXD7nRScOw5I+tSXR177 + LN5ottmxt2N+cY5xUWnnXfsMHkC38vYu3dvzjHGcUAQWmkWUmo30DBtsXl7f + mOfmXJ5zzRqGkWUM1msYbEsoVssTxj60Wh1n+0b7yhb+b+78zO7b93jb36dc + 0agdZ86z88QbvNGzbuxux3z2oAvXGh6ekEjqHyqkj527D61X03RrGewgmkDb + nUE4dh/Wp7g6/wCRJvFtt2nON+cY7VX00659gg+zi38vaNu7fux74oAittIs + n1O8gYNsiEe35jn5hzzRqWkWUDWgjDfvJ0Q5Yng5otjrP9p3nliDzsR787tv + TjHf60al/bO60+0C3z56bNu773OM57UAaEuhaesbsA+QD/G3+NU9K0eyuNPg + mkDbnGThyB19M1clPiDy33C1xg5xvqlpZ1v+z4Pswt/K2/Lv37sZ744oAZBp + Fk+q3NuQ2xEQj5jnJ980appFlbrbGMN886IcsTwc5ohOs/2pc7Bb+dsTdndt + x2x3o1T+2dtt9pFvjz027N33ucZz29aANJtB08KTh+n99v8AGs7SNIsrnToZ + 5Q25gc4YgcEjoDWix8Q7TkWuMf7dZ2kHWv7Oh+yi38rB27927qeuOKAEj0iy + bVprYhtixKw+Y5yT65o1XSLK3hiaINlpUU5YngnnvRH/AGz/AGtNtEHneWu7 + O7btzxjvmjVTrPkxfaRBt81MbN2d2eM57UAan9g6d6P/AN9t/jWXo+kWVzp0 + U8oYs27OGIHDEdAa08+IvS1/8frM0c6z/Z0X2UW/lfNjfu3feOc4460AC6RZ + HWHtsNsEIb7xzndjrmjVtIsre2WSINkyIOWJ4J96FOs/2u+Bb+f5Iz97Zt3f + nnNGrHWfsy/ahb7PMTGzdnOeOvagDU/sHTvR/wDvtv8AGsvR9IsrmyEsobcW + YcMR0OOxrTz4i9LX/wAfrM0j+2fsQ+yiDy9zff3Zzk56UAH9kWX9s/ZcN5f2 + ff8AeOc78daNX0iytrJpYg24Mo5YnqQO5ozrP9s9Lfz/ALP/ALWzZv8Azzmj + VzrP2JvtQt/L3L9zdnO4Y60Aan9g6d6P/wB9t/jWXpOkWVxbNJKGyJHHDEcA + +1aefEXpa/8Aj9ZmknWfszfZhBs8x8792c556dqABtIshrCW2G2GEt945zux + 1o1jSLK206WeIMGXbjLEjlgOhNDf2z/bCZEHn+Scfe2bd355zRrB1n+zpftQ + t/K+XOzdu+8MYzx1oA1P7B070f8A77b/ABrL0rSLK4hmaUNlZXUYYjgH61p5 + 8Relr/4/WZpX9s+VN9mEG3zXzv3Z3Z5xjtQAS6RZLq0NuA2xo2Y/Mc5B9c07 + V9IsrbTpp4g25QMZYkdR2Jpsh1n+1odwt/O8ttuN23bnnPfNLq51r+zpvtQt + /KwN2zfu6jpnigDRXQdPKgkP0/vt/jWbpmkWU63PmBv3c8iDDEcDGO9aSnxD + tGBa4x/t1m6YdZ23P2cW/wDr33bt33++MdvSgAn0iyTVba3AbY6OT8xzke+a + k1XR7K30+eaMNuQZGXJHX0zUcx1n+1LbeIPO2Ptxu247570/VDrf9nz/AGkW + /lbfm2b92M9s8UAXYtC09okYh8kA/fb0+tZ+m6RZTtdiQN+7ndBhiOBj3q/E + fEHlJtFrjAxnfnFUNNOs7rv7OIM+e+/du+9xnGO1ABc6RZJqdnAobZKJN3zH + PyjjmptS0axgsJ5ow25FJGXY/wBahuf7Z/tOz8wQediTZjdt6c57/TFTakdc + +wT/AGgW/l7Tu2792PbNAFi30PT3gjdg+WUE/O3cfWqOn6RZTTXiuGxHKVXD + EcY+tXbc6/5EewW23aMZ35xjvVLTzrPnXnkC33ead+7djdjtjtQAXekWUeo2 + MChtspk3fMc/KuRg54qxqGi2MNjPKgfciMRl2PIH1qvdnWf7RsfNEHm5k8vG + 7b93nd36dMVPqB137DP54t/L2Nu2784xzjNAEtpolhJawyMHyyKT87dSPrVO + x0iymur2Nw2IpAFwxHGKt2h177LD5Qttmxdud+cY4z71Usf7Z+1XvkiDf5g3 + 7t2M4/hx2+tABe6RZRXtlEgbbKzBvmPYZq1e6JYRWc8qB9yRsR87HkD61VvT + rP22y80QeZubZt3Yzjndn+lWr0699jn84W3l+W27bvzjHOM96ACx0SwlsreV + w+540Y/Ow5IB9aq2ekWUt7exOG2xMgX5j3GfWrNidd+xW/ki28vy027t+cYG + M471WszrP2298oQeZuTfu3Yzjjb/APXoAL/SLKG5skQNiWQq2WJ4x9auXWiW + EdrNIofKoxHzt1A+tU7/APtn7TZ+cIN/mHZt3Yzjvnt9KuXR177LN5ottmxt + 2N+cY5xQBFp+i2M1jBK4fc6KTh2HJH1qC00iyk1G+gYNsi8vb8xz8y5OTnmp + 9POufYYPIFv5exdu7fnGO+KgtP7Z/tG+8oW/m/u/Mzu2/d429+nXNABqGkWU + MtmsYbEkwVssTxj61en0PT0gkdQ+VUkfO3YfWqOoHWfNs/PFvnzhs27sbsd8 + 9qvTnX/Ik3i227TnG/OMUAV9M0axnsIJpA251BOHYf1qG30iyfU7u3YNsiWM + j5jn5hzzmpdNOufYIPs4t/L2jbu37se+Kit/7Z/tO78sQediPfndtxjjHf60 + AGp6RZQG08sN+8nRDlieDnPetCXQtPWN2AfIB/jb/Gs/UjrObT7QIP8AXps2 + 7vv84zntWhKfEHlvuFrjBzjf0oApaVo9lcafBNKG3OMnDkDr9aZDpFk2q3Fu + Q2xEQj5jnJ980/Sjrf8AZ8P2YW/lY+Xfv3de+OKZCdZ/tW42CDztibs7tuO2 + O9ABqmkWUC2xjDfPOiHLE8Hr3rSbQdO2nh/++2/xrN1M6ztt/tAt8eem3Zu+ + 92znt61pMfEODkWv/j9AGdpGkWVzp0M8obcwOcMQOpHQGkj0iyOry2xDbFiV + h8xzkn1zS6Qda/s6H7KLfysHbv3bup644pI/7Z/taXaIPP8AKXOd23bnjHfN + ABqukWVvDE0QbLSopyxPBP1rU/sHTvR/++2/xrL1X+2fJi+0iDb5qY2bs7s8 + Zz2rTz4i9LX/AMfoAzNH0iyudPjmlDbmLZwxA4YjsaF0iyOsNbYbYIQ/3jnO + 7HWjRzrP9nx/ZRb+Vlsb9277xznHHWhTrP8AbDYFv5/kjP3tm3d+ec0AGraR + ZW1qJIg2S6DlieCfc1qf2Dp3o/8A323+NZerHWfso+1CDZvT7m7Oc8de1aef + EXpa/wDj9AGZpGkWVzZiWUNu3MOGI6H2NH9kWX9si1w3l/Z9/wB45zux1zRp + H9s/Yx9lEHl7n+/uznPPSjOs/wBsjiDz/I/2tmzd+ec0AGsaRZW1i0sQbcGU + csT1IHetT+wdO9H/AO+2/wAay9X/ALZ+wt9qEHl7lzs3ZzkY61p58Relr/4/ + QBmaTpFlcWzvKGyJHXhiOAfarEFjb2euxpACB5LNySec471X0o6z9mf7MLfb + 5j537s5zz07VYg+3/wBuR/bfK3eS3+r3Y259++aAOlooooAKKKKACiiigAoo + ooA//9D9z5dYsW1WC5DNsSNwflOcn2xTtW1mxudOmgiZi7gYypHcd8VpT/8A + Ictf+uT0/Xf+QTcfQfzFAEEev6aqKpZsgD+Bv8Kz9M1ixt/tfmsw8y4kdcKT + 8pxjtXVRf6pPoKyNG/5fv+vqX+lAGZcaxYvqlrcKzbI1cH5TnkccYqTU9asL + iwnhiZizrgZRh/Sr91/yG7H/AHJf5VPrX/IKuf8AcoAqQ69pyQxqWbIUD7je + n0qhp2sWMEl20jMBLMzrhSeDj2rp7f8A494v91f5VmaR/rb/AP6+G/kKAMu6 + 1ixk1KynVm2Rebu+U/xLgcVNqOt2E9jPDGzFnQgZRhz+VXr3/kMab9Jv/QRV + jV/+QZc/9c2oAz7bXdOjtoo2Zsqig/I3UD6VTsNYsYbi8eRmxLJuX5SeMfSu + ks/+POD/AK5r/Ks7Sv8Aj61D/rt/SgDMvNYsZb+ymRm2xFy3ykdVwO3NWb7W + 9PmsriJGbc8bAfIw5I+lW7//AJCmm/70n/oNW9T/AOQddf8AXJ/5GgDKs9c0 + +K0gidm3Iig/I3UD6VVstYsYru9ldm2yupX5SeAPpXRaf/x4W3/XJP8A0EVR + 03/j/wBR/wCui/8AoNAGXfaxYzXdlKjNtidi3ykcEfSrV5rmny2k8SM250YD + 5G6kfSrOpf8AH/p3/XRv/Qav6h/x4XP/AFyf/wBBNAGLYa3p8NlBFIzBkRQf + kY8gfSq9nrFjFf30zs22YoV+UnouD24rf0v/AJBtr/1yT+VU9P8A+QpqX+9F + /wCg0AZl/rFjNPZvGzERS7m+UjjH0q7c67p0lvKis2WRgPkbuPpU+qf8fWn/ + APXb+laN5/x6T/7jfyoAwNO1uwgsYIZGYMiAHCMefyqG11ixj1K9uGZtkoj2 + /Kf4VweMVuaR/wAgy2/65rVay/5DOo/SH/0GgDM1HWLGd7QxsxEUyu2VI4Gf + ar82vac8LorNllIHyN3H0qTV/wDW2H/Xwn9a1Lj/AI95f91v5UAc5petWFvp + 8EMrMGRcHCMf6VHBrFimqXVwzNskVAPlPYc8YrZ0X/kFW3+7/WorX/kNXv8A + uRfyoAy9T1ixuPsvlsx8u4jc5Ujhc57Vovr+mlGAZuQf4G/wp+s/8uP/AF9R + f1rWk/1bfQ0AcvpOs2Ntp0MErMHQHOFJ7nuBTYtYsV1We5LNseNAPlOcj2xW + voX/ACCbf6H+ZpkH/Icuv+uSUAZeqaxY3EcCxMxKTIxypHA69q0/7f03++3/ + AHw3+FGt/wCptv8Ar4j/AJ1tHpQByWj6xY2umwwTMwdd2cKT1YnqBQmsWI1e + S5LN5bQhR8pzkHPStTw9/wAge3/4F/6EaI/+Q/L/ANcF/wDQqAMvVdYsbm3R + ImYkSI3KkcA81p/8JBpv99v++G/wpdc/49Yv+u0f862aAOS0fWLG1sEhmZgw + LHhSerE9hQNYsf7YN1ubyzAEztOc7s9MVp+H/wDkGR/7z/8AoRpR/wAjA3/X + sP8A0OgDL1fWLG5s/KiZi29DypHAPuK0/wDhINN/vt/3w3+FGv8A/IP/AO2i + f+hVtUAclpOsWNtaGOVmDb3PCk8E+woOsWJ1hbrc3liApnac53Z6YrU0H/jx + P/XST/0Khv8AkYF/69j/AOh0AZesaxY3VhJDCzFiVxlSOjA9xWn/AMJBpv8A + fb/vhv8ACl8Qf8gqX6p/6EK2aAOS0rWLG2gkSVmBaV2GFJ4J47USaxYnV4rk + M3lrEyn5TnJPpitTQ/8Aj1l/67SfzpJf+Q9B/wBcG/nQBmaxrFjdabNBCzF2 + 24ypHRgepFaQ1/TcD52/74b/AAp3iD/kEXH/AAH/ANCFbA6CgDk9L1ixt0uF + lZgXmdxhSeD07UTaxYtqtvchm2Ijg/Kc5PtitPRP9Vdf9fEn9KW4/wCQ5a/9 + cpKAM7VdZsbnT5oImYu4GMoR3Hcirsev6aqKCzZAH8Df4VPrv/IJuf8AdH8x + WnF/qk+goA5XTNYsbc3fmMw82d3XCk8HGO1FxrFi+qWlwrNsjWQN8pzyOOMV + p6N1v/8Ar6k/pRd/8hqx/wB2X+VAFDU9asLiwnhjZizrgZRh/SrUGvackMaM + zZVQD8jdh9Kua1/yCrn/AHKu23/HtF/uL/KgDmNO1ixgkvGkZgJZmZflJ4IH + tRdaxYyalYzqzbIfN3fKf4lAHGK1NJ/11/8A9fDfyFF7/wAhjTf+23/oIoAp + ajrdhPYzwxsxZ0IGUYc/lUttrunR20UbM2VRQfkbqB9K0dW/5Bl1/wBc2/lU + 9n/x5wf9c1/lQBzdhrFjDcXjyM2JZNy/KTxj6UXmsWMt9ZTIzbYWct8pHVcD + tWnpf/H3qH/Xb+lGof8AIT03/ek/9BoAq32t6fNZXESM2542A+RhyR9KWz1z + T4rOCJ2bckag/Ix5A+laup/8g66/65P/ACNO07/kH23/AFyT/wBBFAHPWWsW + MV5eyuzbZXUr8p7DHpRfaxYzXdlIjNticlvlI4I+lamnf8hDUf8AfT/0GjUv + +P7Tv+ujf+g0AVrvXNPltJo0ZtzowHyN1I+lMsNb0+GxghkZtyIoPyMeQPpW + 1f8A/Hjc/wDXN/8A0E1Hpf8AyDbX/rmv8qAMG01ixi1C+ndm2zGPb8p7Lg9q + NQ1ixnns3jZsRS7m+UjjH0rTsP8AkK6l9Yv/AEGjVf8Aj50//rsP5UAQ3Gu6 + c9vKis2WVgPkbuPpUGna1YQWEEMjMGRADhGP9K37v/j1m/3G/lVbSP8AkGW3 + +4KAMO21ixj1K9uGZtkoj2/Kf4Rg8Yo1HWLGd7Qxsx8qZXbKkcDPtWpZ/wDI + Y1H6Q/8AoJo1f/WWH/Xyn8jQBFNr2nNE6hmyVI+43p9KqaXrNhb6fBDKzBkX + BwjH+ldJcf6iT/dP8qoaJ/yCrb/d/rQBjQaxYpql1cMzbJFQD5TnjrxRqesW + NwLXymY+XPG5ypHAzmtO1/5Dd7/uR/ypdZ6WX/X1F/WgBj6/ppUgM3IP8Df4 + VQ0nWbG206GCVmDoDnCk9z3ArqX+430NZWg/8gm3+h/9CNAGTFrFiurT3JZt + jxqo+U5yD6Yo1XWLG5ihWJmJSZGOVI4B57VqQf8AIduf+uSfzpNc/wBTb/8A + XxH/ADoAP+Eg03++3/fDf4VmaNrFja6bDBMzB13ZwpPVieoFdbWL4e/5A9v/ + AMD/APQjQBmJrFiNXkuizeW0IUfKc5Bz0xRq2sWNzbIkTMSJEblSOAee1acf + /Ifl/wCvdf8A0Kl13/j0j/66x/zoAT/hINN/vt/3w3+FZmkaxY2tisMzMGDM + eFJ6sT2FdbWNoH/IMT/ef/0I0AZf9sWP9sm63N5fkbM7TnO7PSvm+/YPfXLr + 0aRyPxJr6kH/ACMJ/wCvX/2evl3Uf+Qhdf8AXV//AEI0FRPpXTte05NPtUZm + ysSA/I3ZR7VBpOsWNtamOVmDb3PCk8E+wrf0z/kG2n/XGP8A9BFU9B/48W/6 + 6SfzoJMxtYsTrC3W5vLEBT7pzndnpijWNYsbrT5IYWYuxXGVI6MD3Fabf8jA + n/Xsf/Q6PEH/ACCpfqn/AKEKAD/hINN/vt/3w3+FZmlaxY20MqSswLSuwwpP + BPHautrG0P8A49pv+u8n86AMuTWLE6tFchm8tYmU/Kc5J9MUusaxY3WnTQQs + xdsYypHQg9SK05f+Q9B/1wb+dL4g/wCQRcfRf/QhQAwa/poAG5v++G/wrN0v + WLG3S4ErMN87uMKTwenausX7o+lY2if6u7/6+ZP6UAZk2sWLarb3IZtiI4Py + nOT7Yp+q6zYXOnzQRMxdxgZQjv64rQuP+Q5af9c5Kl1z/kE3P+6P5igCvHr2 + mrGqlmyAP4G/wrP03WLG3N35jMPMnd1wpPBxjtXUw/6pP90fyrK0frff9fUn + 9KAMu41ixfU7S4Vm2RrIG+U/xDjjFS6nrVhcWE8MbMWdSBlGH9Kv3f8AyGrD + /dl/kKm1n/kF3P8AuGgCnBr2nJBGjM2VUA/I3YfSqOnaxYwS3jSMwEsxZcKT + wR9K6a1/49ov9xf5VmaT/rtQ/wCvhv5CgDMutYsZNRsZ1ZtkPm7vlP8AEuBx + jmp9Q1uwnsZ4Y2Ys6MB8jDkj6Vdvv+Qvpn/bb/0CrOrf8gy6/wCubfyoAzrX + XdOjtoY2Zsqig/I3UD6VTsNYsYbm8d2bEsm5flJ4x9K6Sy/484P+ua/yrP0v + /j71D/rqP5UAZd5rFjLfWUyM22JnLfKe4wO1Wb7W9PmsriJGbc8bAfIw5IPt + VrUP+Qlpv+9J/wCg1d1P/kHXX/XJ/wD0E0AZNlrmnxWcETs25I1U/Ix5Ax6V + VstYsYry9ldm2yspX5T2GK6HTv8AkH2v/XJP/QRVHTv+QjqP++n/AKDQBmX2 + sWM11ZyIzbYnJb5SOMVbu9d06S1mjRm3OjAfI3Uj6VZ1P/j907/rqf8A0Gr9 + /wD8eNx/1zf+RoAxLDW9PhsYIZGbciKD8jHkD6VXtNYsY9Qvp3Ztkxj2/Kf4 + Vwe1b2l/8g21/wCua/yqrYf8hbUvrF/6DQBl6hrFjPNZvGzERShm+UjjH0q7 + ca7p0lvKis2WVgPkbuPpU2q/8fGn/wDXcfyrSu/+PWb/AHG/lQBgabrVhBYQ + QyMwZFAOEY/0qG21ixj1O8uGZtkoj2/Kf4RzxitvR/8AkF23+4Kgs/8AkM6h + 9If/AEE0AZepaxYztaGNmPlTq7ZUjgZ9qvy69pzROoZskEfcb0+lS6x9+w/6 + +U/rWpP/AKiT/dP8qAOb0vWbC30+CGVmDIuDhCe/0qODWLFNVubhmbZIiAfK + c5HXjFbOif8AIKtv93+tQ23/ACG7z/rnHQBmanrFjcC2ETMfLnRzlSOBnPat + F9f00qQHbkf3G/wp2tfdsv8Ar6i/rWw/3G+hoA5XSNZsbbToYJWYOgOcKT3P + cCki1ixXVprks2x41UfKc5B9MVraD/yCLf6H/wBCNNh/5Dtx/wBcU/nQBl6p + rFjcRQrEzErMjHKkcA89q0/+Eg03++3/AHw3+FLrf+ot/wDrvH/OtmgDktG1 + ixtdOigmZg67s4UnqxPUChdYsRrD3RZvLMIX7pzndnpitPw9/wAgiD/gf/oR + oT/kYJP+vcf+hUAZmraxY3NsscTMSJEblSOAfcVp/wDCQab/AH2/74b/AAo1 + 3/jzT/rrH/OtqgDktI1ixtbJYpmYMGY8KT1YnsKP7Ysf7Z+1bm8v7PsztOd2 + /PTFamgf8g1f99//AEI0f8zD/wBuv/s9AGXq+sWNzZGKJmLblPKkdCD3Faf/ + AAkGm/32/wC+G/wpdf8A+Qcf99P/AEIVs0AclpOsWNtamOVmDF3PCk8E+wob + WLE6wl1ubyxCU+6c53Z6VqaF/wAeTf8AXWT/ANCpH/5GCP8A69z/AOhUAZms + axY3WnSwQsxdiuMqR0YHqRWn/wAJBpv99v8Avhv8KPEP/IJm+qf+hCtqgDkt + K1ixt4ZVlZgWldhhSeCeO1EmsWLatDchm8tYmU/Kc5J9MVqaJ/x7z/8AXeT+ + dEv/ACHbf/ri/wDOgDM1fWLG506aCJmLuBjKkdwepFaK6/pu0fM3/fDf4U/X + /wDkEXH0X/0IVrr90fSgDk9M1ixt1uRKzDfO7jCk8Hp2om1ixfVba5Vm2Ro4 + PynOT04xWpov3Lv/AK+Zf6Ulz/yHLP8A65yUAZ+q6zYXGnzwxMxZxgZQjv64 + q7Fr2mrGilmyAB9xv8Ksa3/yCrn/AHf61ow/6mP/AHR/KgDltN1ixga7MjMP + Mnd1wpPBx7UXGsWL6nZ3Cs2yISBvlP8AEOOMVqaP96//AOvmT+lF3/yGbD/d + l/kKAKGpa1YXFhPDGzFnUgZRh/SrMGvackEaMzZVQD8jdh9Ku6z/AMgu5/3D + Vu1/49ov9xf5UAczp+sWME140jMBLKWX5SeMUXesWMmo2M6M2yHzN3yn+JcD + jvWnpP8Ar9Q/67n+Qovv+Qvpn/bb/wBBoAp6hrenz2M8MbNudGAyjDkj6VLa + 67p0drDG7NuVFB+RuoH0rR1b/kGXX/XNv5VNY/8AHlb/APXNP5CgDnLHWLGG + 5vJHZsSyAr8pPGPpReaxYy3tlKjNtiZy3ynuMelammf8fmo/9dR/KjUP+Qlp + v+/J/wCg0AVL7XNPlsriJGbc8bqPkYckEelLZa5p8VnBE7NuSNVPyMeQMela + 2pf8g66/65P/AOgml07/AJB9r/1yT/0EUAc9ZaxYxXt7K7NtlZSvynsMelF9 + rFjNdWUiMxWKQlvlI4x9K09O/wCQlqX++n/oNGp/8funf9dT/KgCC613TpLW + aNGbcyMB8jdSPpUWn63p8NjBDIzBkRQfkY8gfSty+/48rj/rm/8AI1FpX/IN + tf8Armv8qAMG01ixj1G+ndm2TeXt+U/wrg8Y4o1DWLGaazaNmIilDN8pHGPp + WpY/8hbUvrD/AOg0ar/x8af/ANdx/I0AQXGu6c8EiKzZZSB8jdx9Kr6brVhb + 2EEMjMGRQDhGP9K6G6/49Zv9xv5VU0b/AJBdt/uCgDEttYsY9TvLhmbZKIwv + yn+Ec8Yo1LWLGdrQxsx8qdHbKkcDPtWnZ/8AIa1D/di/9Bo1j79h/wBfMf8A + WgBkuvaa0bqGbJBH3G/wqlpes2Ftp8EErMHRcHCMe/0rppv9TJ/un+VZ2if8 + gq2/3f60AY8OsWKapc3DM2yREA+U5yOvGKNU1ixuFthEzHy50c5UjgZz2rUt + v+Q3ef8AXOOk1r7ln/18xf1oARtf00qRvbp/cb/Cs7SNYsbXToYJWYOoOcKT + 1JPUCuqf7jfQ1k6B/wAgi3+jf+hGgDKj1ixXVprks3ltGqj5TnIPpijVdYsb + iGJYmYlZUY5UjgHntWnD/wAh64/64p/Ol1v/AI94P+u8f86AE/4SDTf77f8A + fDf4VmaPrFja6dFBMzB13ZwpPVieorraxvD/APyCYPq//oRoAy11ixGsPdbm + 8swhc7TnO7PTFGraxY3NsscTMSJEPKkcA89RWon/ACH5P+vcf+hUa7/x5p/1 + 1j/nQAn/AAkGm/32/wC+G/wrM0jWLG1shFKzBtzHhSepJ9K62sXQP+Qav++/ + /oRoAzP7Ysf7Z+1bm8v7Ps+6c5356Yo1fWLG5smihZixZTypHQg9xWp/zMP/ + AG6/+z0a/wD8g1v99P8A0IUAJ/wkGm/32/74b/CszSdYsba2aOVmBMjnhSeC + eOgrraxtC/483/66yfzoAy21ixOsJdBm8sQlfunOd2emKNY1ixutOlghZi7b + cZUjowPU1pv/AMjBH/17n/0Kl8Qf8gmf6p/6EKAE/wCEg03++3/fDf4VmaVr + FjbQzLKzAtK7DCk8E8V1tYuh/wCouP8ArvJ/OgDMk1ixbVobkM2xI2U/Kc5J + 9KXV9ZsbnTpoImYu4GMqR3HcitOb/kO2/wD1xf8AnTte/wCQRcfQf+hCgCNd + f00KBvbp/cb/AArN0zWLG3W5ErMPMndxhSeD07V1afcX6CsjRfu3n/XzL/Sg + DLn1ixfVLa4Vm2Ro4PynOT04xT9U1mwudPngiZi7rgZRh3+laNz/AMhuz/65 + yVJrf/IKuf8Ad/rQBWi17TliRSzZAA+43+FUNN1ixga7MjMPNnd1wpPBx7V1 + EH+oj/3R/KsrR/v3/wD18yf0oAzLnWLGTU7O4Vm2RCQN8p/iHHGKm1LWrCew + nhjZizqQMow/pV28/wCQ1p/+7L/6DVjWP+QXc/7hoAo2+u6ckEaMzZVQD8jd + h9KpafrFjDNeNIzASyll+UnjH0rprX/j1h/3F/lWbpX/AB8ah/13P8hQBl3e + sWMuo2M6M2yEybvlP8S4HGOan1DW9PmsZ4Y2Ys6MB8jDkj6Vcv8A/kLab9Zf + /Qat6r/yDbr/AK5t/KgDMtNc0+K1hjdm3Iig/I3UD6VUsdYsYbq9kdmCyyAr + 8pPGK6Ow/wCPG3/65p/IVn6Z/wAfuo/9dR/KgDMvdYsZb2ylRm2xMxb5T3GP + SrV7rmny2c8SM2542UfIw5Ix6Va1H/kI6d/vv/6DV3Uf+Qfdf9cn/wDQTQBj + 2OuafFZW8Ts25I0U/Ix5AA9KrWesWMV7eyuzbZWQr8p7DHpXQab/AMg61/65 + J/6CKp6f/wAhLUv9+P8A9BoAy7/WLGa5s5EZsRSFm+UjjH0q5da7p0lrNGjN + uZGA+RupH0qfVP8Aj807/rqf5VoX3/Hlcf8AXN/5GgDD0/W9PgsYIZGbciKD + hGPIH0qC01ixj1G+nZm2TeXt+U/wrg8Y4rd0n/kGWv8A1zX+VVbH/kL6n/2x + /wDQaAMzUNYsZ5bNo2YiKYM3ykcYPtV6fXtOeCRFZsspA+Ru4+lTat/r9P8A + +u6/yNaV1/x7S/7jfyoA57TdasLewghkZgyKAcIx/pUVvrFimp3dwzNslEYX + 5Tn5RzxitvRv+QXbf7gqvaf8hq//AN2L+VAGZqWsWNwbQxsx8qdHbKkcDOe1 + aEuvaa0bqGbJBH3G/wAKfrP3rD/r6j/rWtN/qZP90/yoA5nStZsLbT4YJWYO + gwcIT39cUyHWLFdVuLgs2x0QD5TnI9sVsaH/AMgm2/3T/M1Hb/8AIcu/+ucd + AGXqmsWNwtsImY7J0c5Ujgde1aTa/ppBG9v++G/wp2tfctP+vmL+tbDfdP0o + A5TSNYsbbToYJWYOgOcKT3J6gUkesWK6tLclm8tolUfKc5B9MVq6B/yCLf6N + /wChGmxf8h6f/riv86AMzVdYsbmGJImYlZUY5UjgHntWn/wkGm/32/74b/Cj + XP8Aj3g/67x/zraoA5LR9YsbXT44JmYOpbOFJ6sT2FC6xYjWGutzeWYQn3Tn + O7PTFanh/wD5BMP1f/0I0L/yMD/9ew/9DoAy9W1ixubURxMxYOh5UjgH3rT/ + AOEg03++3/fDf4Uuu/8AHkv/AF1j/wDQq2aAOS0jWLG2sxFKzBtzHhSepz2o + /tix/tkXW5vL8jZnac53Z6YrT0D/AJBw/wB9/wD0I0H/AJGIf9ev/s9AGZq+ + sWN1YtDCzFiynlSOhB7itP8A4SDTf77f98N/hR4g/wCQa/8AvJ/6EK2qAOS0 + nWLG2tnSVmBMjtwpPBPHarEF9b3muxvASR5LLyCOc571c0L/AI9JP+usn86H + /wCQ/F/17t/6FQBs0UUUAFFFFABRRRQAUUUUAf/R/c+XSbZdVgtw8m142JO8 + 5496fq2kW1vp00yPIWUDG5yR1HamStq/9qwFkh87y32gFtuO+afqz6wdOmFz + HCI8DcVLZ6jpmgC9HodoUUmSXkD/AJaGs7TNJtp/te95B5dxIgw5HAx19/et + GN9e2LiO3xgfxNWdpjauPtf2dIT/AKRJv3Fvv8ZxjtQAXGk2yapawB5NsiuS + S5zwOxqXU9ItoLCeZHkLIuRlyR+VRXDav/alqXSHzdr7QC23GOc1Lqb6ybCc + XEcIj2/MVLZx7UAWodEtGhjYvLkqD/rD6VQ07SbaaS8DPIPLmZRhyOBjr6mr + 8L675MeyODbtGMs3TFUNObVxJd+QkJPnNv3FvvcZx7UAF1pNtHqVlAHk2y+b + klzn5VyMHtU+o6Paw2M8qvISiEjLkj8qgun1f+0rIyJCJR5uwAtg/Lzn8OlT + 6i+tGxnE8cAj2HcVLZx7UATW2i2j20Tl5csiniQgciqVhpNtNcXiM8gEUu0Y + cjjHf1q7bPrn2aLy44CuxcZZs4xxVKwbVxcXnkpCWMvz7i2AcdvagAvNJto7 + +xhV5CspfOXJPC54ParN/o1rFZXEqvKSkbEZckcD0qteNq/2+yMqQiQF9gBb + B+XnP4VZv31s2VwJo4AnltuwWzjHOKAHWei2slpBIzyguik4kIHIqpZaTbS3 + d7GzyAROoGHIPI7+tW7N9c+yQeVHAU2LtyzZxjjNVLJtXF3e+UkJcuu/JbAO + OMUAF9pNtFd2UavIRK7A5ck8Dt6VbvNFtY7SeRXlJRGIzISOBVS+bVzd2Xmp + CHDnZgtgnHerd4+uG0nEscATY27DNnGOcUANsNGtZrKCVnlBdFJw5A5HpVaz + 0m2kv76FnkAiKYw5BOVzye9WbB9bFlAIY4DHsXbktnGOM1Ws21f7ffGJITIS + m8EtgfLxigAv9JtoZ7NFeQiSXacuTxjt6VdudFtEt5XDy5VGPMh7CqV+2rme + z85IQ3m/JtLYLY7+1Xbl9c+zy744Auxs4Zs4xQBDp2j2s1jBKzyAugJw5A/K + oLXSbaTU72AvJtiEeCHOfmXPJ71Ppz60LGAQRwmPYNu4tnHvUFq2r/2nemNI + TKRHvBLbR8vGPw60AGo6TbQvaBHkPmTKpy5PBz09DV+bRLRYZGDy5Ck/6w+l + UNSbVzJZ+ekIPnLs2lvvds+1X5n13yZN8cG3ac4ZumKAKml6RbT6fBM7yBmX + Jw5A/Ko4NJtn1S6gLybY1QghznkdzUmlvrI0+AW8cJj2/KWLZx74qOB9X/tS + 6KJD5u1NwJbbjHGKADU9JtoPsux5D5lxGhy5PBz0960X0O0CMfMl4B/5aGs7 + U21c/ZfPSEf6RHs2luX5xnPatF317Y2Y7fGD/E1AFHSdItrjToZneQMwOcOQ + Op7UyLSbZtVnty8m1I0IO85596fpL6wNOhFtHCY8HaWLZ6nrimRPq/8Aas5W + OHzvLTcCW247YoANV0m2t44GR5DvmRTlyeD/AFrTOhWn/PSX/v4azNVbVzHB + 9oSEDzk27S33u2c9q0y+v/8APK3/AO+moAzNG0m2udNhnkeQM27IVyBwxHSh + NJtjq8lvvk2iENnec5Jx1o0ZtXGmwi1SExfNgsWB+8c5x70I+r/2vIQkPneS + MjLbduf50AGraTbW9ujo8hJkReXJ4JrU/sK0/wCekv8A38NZerNq5t0+0JCF + 8xMbS2c5469q1N+v/wDPK3/76agDL0fSba5sEld5ASzD5XIHDEdKBpNt/bJt + t8m0Qb87znO7HX0o0dtXFggtUhMe5sbi2fvHPSgPq/8AbJOyHzvIHGW27d35 + 5zQAavpNtbWfmI8hO9B8zkjk1qf2Faf89Jf+/hrL1dtXNn/pKQhN6fdLZznj + rWpv1/8A55W//fTUAZek6TbXFoZHeQHe4+VyBwaDpNt/bC22+TaYC+d5zndj + r6UaS2ri0P2ZISm9/vFgc556UF9X/thTsh87yDxltu3d+ec0AGsaTbW2nyTI + 8hYFfvOSOWA6Vqf2Faf89Jf+/hrL1h9XOnyC5SER5XJUsT94Y6+9am/X/wDn + lb/99NQBl6VpNtcQSO7yArK68ORwDRJpNsNXitg8m1ombO85yD60aU2riCT7 + OkJXzXzuLZ3Z56dqJG1f+14iUh87ymwMtt25/nQAusaTbW2mzTxvIWXbgM5I + 5YDpWkNCtMD95L/38NZusNq502YXSQiL5clSxP3hjGfetIPr+B+7t/8AvpqA + MzS9JtrhLgu8g2TOow5HA/rRNpNsuq29uHk2ujknec8eho0ttXCXH2dISPOf + duLfe74x2ombV/7VtyyQ+dsfaAW2475oAfq2kW1vp80yPIWUDGXJHUdqvR6H + aFFJkl5A/wCWhqjqz6wdPmFzHCI8DcVLZ6jpmr0b69sXEdvjA/iagDO0zSba + c3e95B5dw6DDkcDHX1NFxpNsmqWkAeTbIshJLnPA7HtRpjauDd/Z0hP+kPv3 + Fvv8ZxjtRcNq/wDaloXSHzdsmwAttxjnNAEup6RbQWE8yPIWVcjLkj8qtQaJ + aPDGxeXJUH/WH0qrqb6ybCcXEcIj2/MVLZx7Zq1A+u+THsjg27RjLNnGKAKG + naTbTSXis8g8uZlGHI4AHX1outJto9SsYVeTbL5uSXJPyrkYPajTn1cSXnkJ + CT5zb9xb72B09qLptX/tKxMkcIlHm7AC20/Lzn8OlAE+o6Paw2M8qvKSiEjL + kj8qmttFtHtonLy5ZFPEhA5FQ6i+tGxnE8cAj2HdtLZx7VNbPrn2aLy44Cux + cZZs4xxQBSsNJtpbi8RnkAik2jDkcY7+tF5pNtHf2MSvIRKzg5ck8Lng9qLB + tXFxeeSkJYyfPktgHHb2ovG1f7fYmVIRIGfZgtg/LzmgCzfaNaxWVxKrykpG + xGXJHA9KWy0a1ls4JGeUF41JxIQORSX762bK4E0cATy23YLZxjnFOs31sWcA + ijgKeWu3LNnGOM0AVLLSbaW8vY2eQCJ1Aw5B5Hf1ovtJtoruyjV5CJXIOXJP + A7elFk+r/bL0xJCXLrvyWwDjjFF82rm7svNSEOHOzBbBOO9AFu80W1jtJ5Fe + UlUYjMhI4FMsNGtZrGCVnlBdFJw5A5HpT7x9c+yT+bHAE2NuwzZxjnFMsH1o + WMAhjgMexdu4tnGOM0AV7TSbaTUL6FnkCxGPGHIPK55PejUNJtoZ7NFeQiSX + acuTxjt6UWjav/aF8YkhMhMe8EtgfLxj8KNQbVzPZ+ckIbzfk2lsFsd/agC7 + caJaJbyuHlyqseZD2FQabo9rNYQSu8gLoCcOQPyqe4fXfs8u+ODbtbOGbOMV + Bpr60LCAQRwmPYNpYtnHvQBDbaTbPqd7AXk2xCPBDnPzDPJ70ajpNtC9oEeQ + +ZMqnLk8HPT0NFs+r/2nemNITKRHvBLbRxxj+tGotq5e089IQfOXZtLfe5xn + 2oAvzaJaLE7B5eFJ/wBYfSqml6RbT6fBM7yBmXJw5A6+lW5n13yn3RwY2nOG + bpiqmlvrI0+AW8cJj2/KWLZxnvigCODSbZ9UurcvJtjVCCHOefU0anpNtALX + Y8h8yeNDlyeDnp70QNq/9qXRRIfN2puBLbcdsUam+rkWvnpCP38e3aW+9zjO + e1AGk+h2gRj5kvQ/8tDWfpGk21xp0MzvIGYHO1yB1PatB317Y2Y7fGD/ABNW + fpL6wNOhFtHCY8HBYtnqeuKAGxaTbNq09uXk2rGrA7znJPrRquk21vFCyPId + 0yKcuTwTRE2r/wBrTlUh87y13AltuM8Yo1VtXMUP2hIQPOTG0t97tnPagDT/ + ALCs/wDnpL/38NZmjaTbXOmwzyPIGbdkK5A4YjpWpv1//nlb/wDfTVl6M2rj + TYRapCYvmwXLA/eOc496ABNJtjrEltvk2iENnec5zjrRq2k21vbI6PISZEXl + yRgmhG1f+2JCEh87yRkZbbtz/OjVm1c2yfaUhC+YmNpbOc8daANT+wrT/npL + /wB/DWXo+k21zYrK7yAlmHyuQOGI6Vqb9f8A+eVv/wB9NWXo76uLFRbJCY9z + Y3Fs53HPT3oABpNt/bJtt8m3yN+d5zndjr6V8336hL64UdBI4/U19IB9X/tk + nZD5/kdMtt27vzzmvm+/3fbrjf8Ae8x846ZyaCon0vp2iWj6fasXlyYkPEh/ + uioNI0m2uLUyO8gO9x8rkDg1Ppz67/Z9rsjg2+UmMs2cbRUGkNq4tT9mSEpv + f7xbOc89KCQbSbYayttvk2mAtnec53Y6+lGsaTbW2nyTRvIWBX7zkjlgOlDN + q/8AbCkpD53kHAy23bu/POaNZbVzp8gukhEeVyVLE/eGOvvQBqf2Faf89Jf+ + /hrL0rSba4hlZ3kBWV14cjgGtTfr/wDzyt/++mrL0ptXEMv2dISvmvncWzuz + z07UAEmk2w1eK3DybWiZs7znIPrS6xpNtbadNMjyFlxjc5I5YDpSSNq/9rxE + pD53lNgZbbtzz+NLrDawdOmFykIi4yVLE/eHTNAGiuh2hAPmS/8Afw1m6XpN + tOlwXeQbJ3UYcjgevvWkr6/gYjt/++mrN0ttXCXH2dISPPfduLfe74x2oAJt + Jtl1W3tw8m10ck7znj0NP1XSLa30+aZHkLKMjLkjr6UyZtX/ALVtyyQ+dsfa + AW2475p+qvrJ0+YXEcIjx8xUtnr2zQBdj0O0MakyS8gf8tDWfpuk205u97yD + y53QYcjgY6+prRjfXvLXbHBjAx8zVnaa2rg3fkJCf3779xb73Gce1ABcaTbJ + qdpAHk2yLISS5zwOx7VLqej20FhPMjyEouRlyR+VRXD6v/adoXSHzdsmwAtt + xjnNS6m+smwnE8cIj2/MVLZx7UAWYNEtHgjYvLkqDxIfSqOnaTbTS3is8g8u + YqMORwB39avQPrvkR7I4Nu0YyzZxiqOnNq4lvPISEnzjv3FvvY7e1ABdaTbR + 6jYwB5Csvm5y5J+VcjB7VPqGj2sNjPKrykojEZckcD0qC6bV/wC0rEyJCJR5 + uwAtg/Lzn8OlT6g+tGxnE0cAj2Nu2ls4x2oAltdFtZLaGQvLlkU8SEDkVTsN + Jtpbm8RnkAik2jDkcY7+tXLV9c+zQ+XHAV2LjLNnGOM1TsG1cXN55KQlvM+f + JbAOO1ABeaTbRX1lEryESs4OXJPAzwe1Wb7RrWKyuJVeUlI2Iy5I4HpVa8bV + /t1kZUhEgZ9mC2Ccc5qzfPrZsrgSxwBPLbdgtnGOcUALZaNay2cErPKC8ak4 + kIHIqrZaTbS3t7EzyARMoGHIPI7nvVqyfWxZwCKOAp5a7cs2cY4zVWybVxe3 + vlJCXLLvyWwDjjFABfaTbRXVlGryESuQcuSenb0q5d6Lax2s0ivKSqMRmQkc + Cqd82rm6svNSEOHOzBbBOO9XLt9c+yzeZHAE2NuwzZxjnFAEdho1rNYwSs8o + LopOHIHI9Kr2mk20moX0LPIFiMeMOQeVzye9WLB9bFjAIY4DHsXbuLZxjjNV + 7R9X/tC+MaQmQmPeCWwPl4x+FABqGk20M1mqvIRJKFOXJ4x29Ku3GiWiW8rh + 5cqrHmQ9hVLUG1czWfnJCG80bNpbG7Hf2q9cPrv2eXfHBt2tnDNnGKAK+m6P + az2EErvIC6gnDkD8qhttJtn1O8gLybYhHghzn5h3PeptNfWhYQCCOEx7RtLF + s496htn1f+07wxpCZSI94JbaOOMf1oANS0m2ga0CPIfMnVDlyeDnp6GtCXRL + RYnYPLwpP+sPpWfqT6uWtPPSEHz12bS33ucZ9q0JX17yn3RwY2nOGb0oAp6X + pFtPp8EzvIGZcnDkDr6VHBpNs+q3NuXk2oiEHec8+pqTS31kafALeOEx7flL + Fs4z3xUcDav/AGrclEh87Ym4Ettx2xQAappNtALUo8h3zxocuTwc9PetJ9Dt + ApPmS8A/8tDWbqjauRbfaEhH79Nu0t97nGc9q0nfXtpzHb4wf4moAz9I0m2u + dOhmd5AzA52uQOp7U2LSbZtWmty8m1Y1YHec5J9adpD6wNOhFtHCYsHBYtnq + euKbE2r/ANrTFUh87y1yMttxnjHvQAarpNtBFCyPIS0yKcuTwTWp/YVp/wA9 + Jf8Av4ay9VfVzFD9oSEDzkxtLfezxnPatTfr/wDzyt/++moAy9G0m2udOimk + eQM27O1yBwxHShdJtjrD22+TaIQ2d5zndjr6UaM2rjTohapCYvmwXLA/eOen + vQrav/bDkJD53kjIy23bu/POaADVtJtre2V0eQkyIPmckcmtT+wrT/npL/38 + NZerNq5tl+0pCF8xMbS2c5461qb9f/55W/8A301AGXpGk21xZLK7yAlmHyuQ + OCR0o/sm2/tn7Nvk2/Z9+d5znfjr6UaQ+riyUWyQmPc33i2c5OelG7V/7Zz5 + cPn/AGfpltuzf+ec0AGr6TbW9kZUeQnco+ZyRyQOlan9hWn/AD0l/wC/hrL1 + d9XNkRcpCE3L90tnORjrWpv1/wD55W//AH01AGXpOk21xamR3kBDuPlcgcGh + tJthrCW2+TaYS2d5zndjr6UaS2ri1P2ZISm9/vFgc556UM2r/wBsISkPneSc + DLbdu7885oANZ0m2ttOlmjeQspX7zkjlgOlan9hWn/PSX/v4ay9ZbVzp0guk + hEeVyVLE/eGOvvWpv1//AJ5W/wD301AGXpWk21xDKzvICsrqMORwDRJpNsNW + htw8m1ombO85yD60aU+riGX7PHCV8187i33s89O1Ejav/a0JZIfO8psDLbdu + ec+9AC6vpNtbadNMjyFlAwGckdQOlaK6HabR+8l/7+Gs7V31g6dMLmOERYGS + pYnqOma0VfX9oxHb/wDfTUAZul6TbTrcl3kGyd1GHI4Hr70TaTbLqttbh5Nr + o5J3nPHoaNLfVwtz9nSEjz33bi33u+MdqJm1f+1bYukPnbH2gFtuO+aAJNV0 + i2t9PnmR5CyjIy5I6+lXItDtGjRi8vIB/wBYap6q+snT5xcRwiPHzFS2evbN + XIn17y02xwYwMfM1AGfpuk207Xe95B5c7oMORwMdfU0XGk2yanZwB5NsgkyS + 5zwOx7Uaa+rhrvyEhP799+4t97jOPai5fV/7Tsy6QiUCTYAW2njnNAE2p6Pb + QWE8yPISikjLkj8qsQaJaPBGxeXJUHiQ+lV9TfWTYTieOER7TuKls49qsQPr + vkR7I4Nu0YyzZxigCjp2k20014rPIBHKVGHI4x39aLvSbaPUbGFXkKy+ZnLk + n5VyMHtRpzauJrzyEhJ8079xbhsdvai7bV/7RsTIkIlHmbAC2D8vOfw6UAT6 + ho9rDYzyq8pKIxGXJHA9KltdFtZLWGRnlyyKTiQgciotQfWjYziaOAR7G3FS + 2cY7VLavrn2WHy44CmxcZZs4xxmgCnY6TbS3N4jPIBFIAMOQenf1ovNJtor2 + yiV5CJWcHLkngZ4PaixbVxc3nkpCWMg35LYBx2ovH1f7bZGVIRIGfZgtgnHO + aALV9o1rFZXEqvKSkbkZckcAnpRZaNay2cErPKC8ak4kIHIovn1s2VwJY4An + lvuwWzjBziiyfWxZwCKOAp5a7cls4wMZoAq2Wk20t7exM8gETKBhyDyO570X + +k20V1ZRq8hEshBy5J6dvSiybVxe3piSEyFl35LYBxxii+bVzdWXnJCHEh2Y + LYJx3oAuXWi2sdrNIry5VGIzISOBUen6NazWMErPKC6KThyByPSpLp9c+yze + ZHAE2NnDNnGOcVHp760LGAQxwGPYu3cWzjHGaAK9ppNtJqN9CzybYvLxhyD8 + y55PejUNJtoZrNVeQiSUKcuTxjt6UWjav/aN8Y0hMp8veCWwPl4x+HWjUG1c + zWfnJCG80bNpblsd/agC9caJaJBI4eXKqTzIewqvpuj209hBM7yAuoJw5A/K + rFw+u+RJvjg27TnDNnGKr6a+siwgEEcJj2jaWLZx70AQ22k2z6neQF5NsYjw + Q5zyO570alpNtA1oEeQ+ZOiHLk8HPT0NFs2r/wBp3hRIfNxHvBLbRxxj+tGp + Nq5a089IQfPTZtLfe5xn2oA0JdDtFjdhJLwD/wAtDVPStItrjT4JneQMwycO + QOvpVyV9e8t90cGMHPzNVPSn1kafALeOEx7flLFs9e+KAI4NJtm1W5gLybUR + CDvOefU0appNtAtsUeQ750Q5cng56e9EDav/AGrclEh83Ym4Ettx2xRqjauV + tvtCQgeem3aW+9zjOe1AGk2h2gUnzJen/PQ1naRpNtc6dDM7yBmByFcgdSOl + aLPr205jt8Y/vNWdpD6wNOhFtHCYsHBYsD1PXFACR6TbNq01uXk2rErA7znJ + PrRquk21vDEyPIS0qKcuTwTRG2r/ANrTFUh87ylyMttxnjHvRqrauYYvtCQh + fNTG0t97PHXtQBqf2Faf89Jf+/hrL0fSba506KaR5AzbvuuQOGI6Vqb9f/55 + W/8A301Zejvq406IWqQmP5sFiwP3jnp70AC6TbHWHtt8m0Qhs7znO7HX0o1b + Sba3tldHkJMiDlyRyaFfV/7YchIfO8kZGW27d355zRqzaubZftKQhfMTG0tn + OeOtAGp/YVp/z0l/7+GsvSNJtrmyErvICWYfK5A4PpWpv1//AJ5W/wD301Ze + kNq4sgLZITHub7xYHOeelAB/ZNt/bP2bfJt+z787znO/HX09qNX0m2trJpUe + QkMo+ZyRyQOlG7V/7Zzsh8/7P0y23Zv/ADzmjV31c2TC5SER7l+6WznIx1oA + 1P7CtP8AnpL/AN/DWXpOk21xbM7vICJHHDkDg1qb9f8A+eVv/wB9NWXpLauL + ZvsyQlfMfO4sDnPPSgAbSbYawltvk2mEtnec53Y6+lGsaTbW2nSzRvIWXb95 + yRywHShm1f8AthCUh87yTgZbbt3fnnNGsPq506UXSQiP5clSxP3hjr70Aan9 + hWn/AD0l/wC/hrL0rSba4hmZ3kBWV14cjgGtTfr/APzyt/8Avpqy9KbVxDN9 + nSEjzXzuLfezzjHagAl0m2XVobcPJtaNmJ3nOQfWnavpNtbadNMjyFlAxuck + dR2psrav/a0JZIfO8tsDLbcZ5z707V31g6dMLmOER4GSpYnqOmaANBdDtCoP + mS9P+ehrN0zSbadbne8g2TyIMORwMdfetJX17aMR2/T+81ZumPq4W5+zpCf3 + 8m7cW+9xnGO1ABPpNsuq20AeTa6OSd5zx6GpNV0i2t9PnmR5CyjIy5I6+lRz + tq/9q2xdIfN2PtALbcd81Jqr6ydPnFxHCI9vzFS2evbNAFyLRLRokYvLyoP+ + sPpWfpuk207XYd5B5c7oMORwMdfU1oRPr3lJtjgxtGMs3pWfprauGu/ISE/v + 337i33uM49qAC50m2TU7OAPJtkEmSXOeB2PaptS0e1gsJ5UeQlFJGXJH5VDc + tq/9p2ZdIfNxJsALbTxzn+lTak+tGwnE8cIj2ncVLZx7UAWLfRLR4I3Ly5ZQ + eJD3FUdP0m2mmvFZ5AI5Sow5HGO/rV63fXfIj2RwbdoxlmzjFUdPfVxNeeTH + CW8079xb72O3tQAXek20eo2MKvIVlMmcuSRhc8HtVjUNGtYbGeVXlJRGIy5I + 4HpVe7bV/wC0bEyJCJAZNgBbB+XnP4dKsag+tGxnE0cAj2Nu2ls4xzigCS00 + W1ktYZGeUFkUnEhA5FU7HSbaW6vUZ5AIpABhyD07+tXLR9c+yw+XHAU2Ltyz + ZxjjNU7FtXF1e+SkJcyDfktgHHagAvdJtor2yiV5CJWYHLkngZ4ParV7o1rF + Zzyq8pKRsRmQkcCqt6+r/bbIypCHDNswWwTjnNWr19bNnOJY4AnltuwzZxjn + FABY6Nay2VvKzygvGhOHIHIB6VVs9Jtpb29iZ5AImQDDkHkZ5PerVi+t/Yrc + RRwFPLTbktnGBjNVbN9X+23piSEyFk35LYBxxigAv9JtobmzRXkIlkIOXJPT + t6VcutFtY7WaRXlyqMRmQkcCqd+2rm5s/OSEN5h2YLYJx3q5dPrn2WbzI4Am + xs4Zs4xzigCLT9HtZrGCVnlBdFJw5A5HpUFppNtJqN9CzyBYvLxhyD8y5OT3 + qfT31oWMAhjgMexdu4tnGO9QWjav/aN8Y0hMp8veCWwPl4x+HWgA1DSbaGWz + VXkIkmCnLk8Y7elXp9EtEgkYPLkKTzIfSqOoPq5ls/OSEHzhs2lvvY7+1Xp3 + 13yJN8cG3ac4Zs4xQBX0zR7aewgmd5AXUE4cgflUNvpNs+p3cBeTbGsZBDnP + I7nvU2mPrIsIBBHCY9o2li2ce9Q27av/AGndlEh83bHvBLbenGKADU9JtoDa + BHkPmTohy5PBz09DWhLodosbsHl4BP8ArDWfqbauTaeekI/fps2lvvc4z7Vo + Svr3lvujgxg5+ZqAKWlaRbXGnwTO8gZhzhyB19KZDpNs2q3FuXk2oiEHec8+ + pp+lPrI0+AW8cJjx8pYtnr3xTIW1f+1bgqkPm7E3AltuO2KADVNJtoFtijyH + fOiHLk8H0960m0O02n95L/38NZuqPq5W2+0JCB56bdpb73bOe1aTPr+05jt/ + ++moAztI0m2udOhmd5AzA5CuQOpHSkj0m2Ory25eTasStnec5J9aXSH1gadC + LaOExYOCxYHqeuKSNtX/ALXmKpD53lLkZbbtzxj3oANV0m2t4YmR5CWlReXJ + 4JrU/sK0/wCekv8A38NZeqtq5hi+0pCF81MbS2d2eOvatTfr/wDzyt/++moA + y9H0m2udPjmkeQMxb7rkDhiOlC6TbHWGtt8m0Qhs7znO7HX0o0d9XGnxi1SE + x5bBYsD9456e9Cvq/wDbDERw+d5IyMtt27vzzmgA1bSba3tRIjyEl0HzOSOT + Wp/YVp/z0l/7+GsvVm1c2o+0pCE3p90sTnPHWtTfr/8Azyt/++moAy9I0m2u + bISu8gO5h8rkDg+lH9k239si23ybfs+/O85zux19KNIbVxZD7MkJTc33i2c5 + 56UbtX/tkHZD5/2fpltuzd+ec0AGsaTbW1i0sbyEhlHzOSOSB0rU/sK0/wCe + kv8A38NZesNq5sWFykIj3LnaWJzkY61qb9f/AOeVv/301AGXpOk21xbO7vIC + JHX5XI4BqxBZRWmuxpGzEeSzfMxbnOO9V9JbVxbP9mSEr5j53Fs5zz0qxAb4 + 67H9sWNW8lvuEkYz7980AdLRRRQAUUUUAFFFFABRRRQB/9L9z5dZ05tVguVm + zGkbqTtbgnpxjNP1bWdNudOmggm3O4GBtYdx6itGf/kOWv8A1yen67/yCbj6 + D+YoAhj1/SFRQZ+QB/A3+FZ2maxp1v8Aa/Om2+ZcSOvyscqcYPArqov9Un0F + ZGjf8v3/AF9S/wBKAMy41jTn1S1uFmzHGrhjtbgkccYzUup61plxYTwwzbnd + cAbWH8xV66/5Ddj/ALkv8qn1r/kFXP8AuUAVIdf0lIY1afBCgH5G9PpVDTtZ + 02CS8Ms20SzM6/KxypxzwK6e3/494v8AdX+VZmkf62//AOvhv5CgDLutY02T + UrK4SbMcPm7jtbjcuB2qfUdb0yexnhim3O6EAbWGT+Iq7e/8hjTfpN/6CKsa + v/yDLn/rm1AFC217So7aKN58MqKCNjdQPpVKw1jTobi8eWbassu5flY5GPpX + SWf/AB5wf9c1/lWdpX/H1qH/AF2/pQBmXms6bLf2UyTZSEuWO1uMrgdqs3+u + aXNZXEUc+53jZQNrDJI+lW7/AP5Cmm/70n/oNW9T/wCQddf9cn/kaAMuz13S + orSCKSfDIigja3UDntVSy1jTobu9lkmwsrqVO1uQBj0rotP/AOPC2/65J/6C + Ko6b/wAf+o/9dF/9BoAy77WNOmu7KWObKxOxY7W4BH0q3ea7pUtpPFHPlnRg + BtbqRx2qxqX/AB/6d/10b/0Gr+of8eFz/wBcn/8AQTQBjWGuaXDZQQyT7XRF + BG1jggfSq1nrGnRX99NJNhJim07W5wuD2rf0v/kG2v8A1yT+VU9P/wCQpqX+ + 9F/6DQBmX+s6dNPZvFNuEUu5jtYYGPpV2517SpLeWNJ8syMANjdSPpU+qf8A + H1p//Xb+laN5/wAek/8AuN/KgDB07W9MgsYIZZtrogBG1jg/gKgtdY06PU72 + 4ebEcoj2na3O1cHtW5pH/IMtv+ua1Wsv+QzqP0h/9BoAzNS1jTp3szFNuEUy + u3ysMKM88ir82v6S8MirPklSB8jen0qTV/8AW2H/AF8J/WtS4/495f8Adb+V + AHOaXrWmW+nwQTTbXRcEbWP8hUcGsacmqXVw02I5FQKdrckDnjGa2dF/5BVt + /u/1qK1/5DV7/uRfyoAy9T1nTbj7L5M27y7iN2+VhhVzk8itF9f0gowE/JB/ + gb/Cn6z/AMuP/X1F/WtaT/Vt9DQBzGk6zpttp0ME8210ByNrHufQUyLWNOXV + Z7lpsRvGig7W5I68YzWvoX/IJt/of5mmQf8AIcuv+uSUAZeq6xp1zHAsM24p + MjH5WHA6nkVpnxBpH/Px/wCOP/hRrf8Aqbb/AK+I/wCdbR6UAclo2s6ba6bD + BPNtkXdkbWPViewoTWNOGryXRm/dNCFB2t1Bz0xmtTw9/wAge3/4F/6EaI/+ + Q/L/ANcF/wDQqAMvVdY025t0SGbcwkRiNrDgHnqK1P8AhINI/wCfj/xx/wDC + jXP+PWL/AK7R/wA62aAOS0fWNOtbBIZ5trgscbWPViR0FA1nTf7ZN1537owB + N21vvbs4xjPStPw//wAgyP8A3n/9CNKP+Rgb/r2H/odAGXq+saddWflQTbm3 + ocbWHAPPUVqf8JBpH/Px/wCOP/hSa/8A8g//ALaJ/wChVtUAclpOsadbWhjn + m2tvc42seCeOgoOs6b/bC3XnfuhAUztb727OMYzWpoP/AB4n/rpJ/wChUN/y + MC/9ex/9DoAy9Y1nTbrT5IYJtzsVwNrDowJ6itT/AISDSP8An4/8cf8Awo8Q + f8gqX6p/6EK2aAOS0rWNOtoJEmm2lpXYfKx4J46CiTWNOOrxXQm/dLEyk7W6 + k+mM1qaH/wAesv8A12k/nSS/8h6D/rg386AM3WNZ02602aCCbdI+3A2sOjA9 + xWkPEGkYH+kf+OP/AIUviD/kEXH/AAH/ANCFbA6CgDk9L1jTrdLgTTbS8zuP + lY5U9DwKJtY01tVt7lZsxojgna3BPTjGa09E/wBVdf8AXxJ/SluP+Q5a/wDX + KSgDO1bWtNudPmghm3O4GBtYdx6ir0ev6SEUGfkAfwN/hU2u/wDIJuf90fzF + acX+qT6CgDldM1jTrc3fnTbfNuHdflY5U4weBRcaxpz6paXCzZjiWQMdrcbh + xxjNaejdb/8A6+pP6UXf/Iasf92X+VAFHU9a0y4sJ4YZtzuuANrD+Yq1Br2k + pDGjT4KqAfkbsPpVvWv+QVc/7lXbb/j2i/3F/lQBzGnazpsEl40s20SzMy/K + xyCBzwKLrWdNk1KxnSbMcPm7jtbjcuB2rU0n/XX/AP18N/IVS13UbLS7/T7u + /mWGJPOyT/ujoByfwoANR1vS57GeGKbc7oQBtYZJ+oqa217So7aKN58MqKCN + rdQPpXnGvfE2KeGWz0i2LK4KmSXjr6KP6n8K9C8I6odY8P2t25HmAFHx2ZDj + 9Rg/jQOxXsNY06G4vHlm2rLJuU7WORj6Uy/13STf2M32gBIi5YkMMAjA6j+V + a2l/8feof9dv6V5f8VYpZb3TxGjP+7foCe4oBHoF94k0OayuIY7tS7xsoGG5 + JHHanWfiXQorOCKS7UMkaqRhuCBg9q+aDZ3YGTBIAP8AZNAsrwjIgkIP+yaC + uU+jLLxDo0V5eyyXShZXUqeeQBj0p93rulXN1Zy29wJFhclyA3AI+lfN4s7s + kgQuSOvymvS/h5DNDcnzY2TMyY3AjPyv60CaPU7zXdKltJ40nyzowA2t1I+l + MsNc0uGxghlm2uiKCNrHBA+lbV//AMeNz/1zf/0E1Hpf/INtf+ua/wAqCTBt + NY06LUL6d5sJMY9p2tztXB7UzUtc0p57JxcDEcu5shhgY9xWtYf8hXUvrF/6 + DXnPxXill/soRoX/ANf0Gf7lA0d3ceJtCkt5US8UsysBw3Uj6VX07xHokFhB + DLdqrogBGCcH8BXzabK8HJgk/wC+TQLO7YZEDkH/AGTQVyn0ZbeIdGj1K9uH + ulEcoj2nnnaMHtmn3+u6TdvaG2uBJ5Uyu2A3CjPPSvm8Wd2SVEL5HUbTXoXg + GCaG7bzY2TM0GNwIz9/1oE0ewTa/pLROqz5JUgfI3p9KqaXrWmW+nwQTTbXR + cEbWPf2FdJcf6iT/AHT/ACqhon/IKtv93+tBJjQaxpyapdXDTYjkVAp2tyR1 + 4xmm6trmlSC123A/dzo5yGHyrnJ5Fatr/wAhu9/3I/5VwfxVjkksbARqW/et + 0Gf4aBo7V/FGgFGAvFyQezf4Vn6T4h0W106GCe6VXQHIwT3PoK+cfsV5/wA8 + JP8Avk0gs7thuWFyD3CmgrlPo2LxDoy6tPctdL5bxqoPPJB54xmnalruk3kc + KWtwJGSZHIAbhQeT0r5w+x3edvkvkdtprtvBNvPDfu0sbICY+WUj+MetAmj3 + H/hINI/5+P8Axx/8Ky9G1jTrXTYYJ5tsi7sjax6sT2FdbWL4e/5A9v8A8D/9 + CNBJmJrGnDWJLozfumhCg7W65zjGM03WNc0ua2RUnGRIh5DDgHJ6gVqx/wDI + fl/691/9CrjvikjyaFbBFLH7SvQZ/gagaOs/4SnQP+fxfyb/AArL0jxDo1rY + rDPdKrhmOOT1YkdBXzp9ivP+eEn/AHwaatndsMrC5HspoK5T6NHiHRv7ZN19 + qXyvI2bufvbs4xjPSvnS+dZL64dDlWkcg+xJpv2O73bfJfPXG05xUBBBweCK + ASPqHTte0lNPtUafBWJARsbqFHtUGkaxp1tamOeba29zjax4J46Ct/TP+Qba + f9cY/wD0EVT0H/jxb/rpJ/OggzG1jTjrC3Qm/dCApna33t2cYxmm63relz6d + JFHOCzFcZVh0YHqQBWq3/IwJ/wBex/8AQ65f4mIz+GwEUsfPToM9jQNHR/8A + CU6B/wA/i/k3+FZeleIdGtoZUmulUtK7DqeCeOgr50+xXn/PCT/vg00Wd23K + wufopoK5T6Nk8Q6MdWiuRdL5SxMpPPUn0xmn6tr2kXunzW1rciSVwMKAecMD + 3FfN/wBju87fJfJ7bTXSeGba4iv5HkidF8puSpA6j1oE4n0CviDSAAPtH/jj + /wCFZul6xp1ulwJptped3Hyscqeh4FdYv3R9KxtE/wBXd/8AXzJ/SgkzJtY0 + 59Vt7lZsxojgna3BPTjGadq+uaVNp08Uc+WYADKsO/qRitG4/wCQ5af9c5Kw + viGrP4VuQoLHdH0/3xQNGrH4n0FY1U3i5AA6N/hWdpviHRrc3fnXSr5s7uvU + 5U4weBXzn9ivP+eEn/fJpBZ3bZ2wuccH5TQVyn0bceIdGfU7S4S6UxxLIGPP + G4cds1PqPiHRruxmt7e6V5HUhVAbn9K+azZ3YIUwvk9BtNb/AIbtbmPV4nkh + dVCS5JUgf6tqBcp9BQa9pKQRo0+CqgH5G6gfSqOnaxp0Et40s20SzFl+VjkH + vwK6a1/49ov9xf5VmaT/AK7UP+vhv5CgkzLrWdNk1KxnSbKQ+bvO1uNy4Hap + tS13SpLC4jSf5mQgZVhyfcir19/yF9M/7bf+gVl+OlZ/Cl+qgk7U4H++tAE1 + r4m0KO2hje7UMqKCMN1A+lU7DxDo0NzeSS3Sqssm5TzyMfSvnMWV4RkQSEH/ + AGTSCzuySBC5x1+U0F8p9G3niDRpb6ymjulKQs5Y88ZGB2q3eeI9EuLOeCG6 + V5JI2VQA3JI47V8zmzuwQDC4J6fKea2/D9pdR6tC7wuqgSZJUgfcagXKfQVl + rulRWcEUk+GSNVI2twQAD2qrZaxp0V5eyyTYSVlKna3IAx6V0Onf8g+1/wCu + Sf8AoIqjp3/IR1H/AH0/9BoJMy+1jTZrqykjmysTksdrcDH0q3ea/pL2k6C4 + 5ZGAyrDkj3FWdT/4/dO/66n/ANBqt4tVm8NaiqjJMLcCgCtYeJNDhsYIZbtV + dEUEYPBA9hVe08Q6NFqF9O90oSYx7DzztXB7V85izuyMiByD/smkFndkkCFy + R1+U8UF8p9G6h4g0aeazeK6VhFKGbqMDHuKvT+JdDlgkiju1Z3UgABuSR9K+ + ZDaXYwDC4z0+U1raJaXSavZs0LgCVSSVOBzQLlPoPTdb0yCwghlm2uigEbWO + D+AqG21nTY9TvLh5sRyiPadrc7RzxitvR/8AkF23+4Kgs/8AkM6h9If/AEE0 + EmXqWs6bO1oYptwinV2+VhhRnJ5FX5vEGkGFx9o/hP8AC3p9Kl1j79h/18p/ + Wl8QgtoGpKoyTbTAAf7hoAyNL8RaJbafBBNdqrouCME459hUcHiDRk1W5uWu + lEciIFPPJHXjGa+cxZ3bDKwOQfRTSfY7skqIXyO200F8p9G6p4g0a4FqIbpW + 8udHbqMKM5PIrSbxPoLKVW8UkjAGG/wr5gNndrjdC4zx901paTZ3a6rZM0Dg + CaPJ2n+8KBcp9B6RrOm22nQwTzbXQHI2se5PYU2LWNOXVprkzYjeNVB2tyQf + TGa1tB/5BFv9D/6EabD/AMh24/64p/Ogky9V1jTriKFYZtxSZGPysOAeeorT + PiHRxybj/wAcb/Cl1v8A1Fv/ANd4/wCdXNSBOnXQAyTE/wD6CaAOZ0bxDo1r + p0UFxdKki7sjk9WJ7ChfEGjDWHujdL5RhCA8/e3ZxjGa+cls7thuWFyD3Cmj + 7Hd7tvkvnrjac0F8p9G6t4g0a5tljgulZhIjY5HAPPUVqf8ACUaB/wA/i/k3 + +FfLxs7tRloXH1U1ZtLK8F1CTBJ99f4T60Byn0VpGs6bbWKxTzbXDMcbWPVi + R0FH9s6b/bP2rzv3X2fZu2t97fnGMZ6VqaB/yDV/33/9CNH/ADMP/br/AOz0 + EGXq+sabdWRigm3PuQ42sOAQT1Faf/CQ6R/z8f8Ajj/4Uuv/APIOP++n/oQr + Wk/1bfQ0AcfpPiHRra1aOe6VWLuccngnI6ChvEGjHWEuhdL5QhKE8/e3ZxjG + a+cltLthlYXI9lNH2O73bfJfPXG05oL5T6N1nxBo11p0sFvdKzsVwOR0YHuK + 1P8AhKdA/wCfxfyb/Cvl5rO7UZaFwPdTTvsV5/zwk/74NAcp9I6VrOm28Mqz + TbS0rsPlY8E8dBRJrGmtq0NyJv3axMpO1upPpjNaWg/8es3/AF2k/nTpf+Q7 + b/8AXF/50EGZq+s6bdadNBBNudwMDaw6EHuK0V8QaQFAM/8A443+FP1//kEX + H0X/ANCFa6/dH0oA47TPEGjWy3InulUvO7jgnKnoeBSTeINGfVba5W6Uxxo4 + Y88E9OMZr55uLS6e5mKwuRvbop9ag+x3YIUwvk9tpoL5T6R1XxFotzp88EN0 + rO4wBgjv7irkXifQVjRTeLkADo3+FfMZs7tRloHAHqpo+xXn/PCT/vk0Byn0 + lpms6bAbsyzYEs7uvyscqcYPAoudZ02TU7O4SbMcQkDHa3G4ccYzU/hYEWMo + PBEn/sq1du/+QzYf7sv8hQQUdS1vTLiwnhhm3O6kAbWHP4irEGvaSkEaNPgq + oBGxuoH0q7rP/ILuf9w1btf+PaL/AHF/lQBymn+INGt5rwzXSr5kxZeDyPyp + LvxDo0mo2M6XSmOHzN5543Lgdq8D1e1un1e+KQuw8+XopP8AEazjZ3YIUwuC + eg2nmgrlPpXUPEmhz2M8MV2rO6MAMHkke4qS18TaFHawxvdqGRFBGG6gfSvm + c2d2BkwOAP8AZNAsrwjIgkIP+yaB8p9JWGs6bFcXkrzYSZwyHaxyMdeBReaz + pst7ZTRzZSJnLHa3AIwO1M8GKy6cFYYIjgBB6g+Uta+of8hLTf8Afk/9BoIK + t9rmlzWVxFHPl3jdQNrDJIIHaiy13SorOCKSfDJGqkbW4IAB7Vral/yDrr/r + k/8A6CaXTv8AkH2v/XJP/QRQBzNnr+jwX19JNdKqyspXg84GDxjikvvEGjTX + VlJHdKVikLMeeBj6V4b4ktbmTxDqZSJ2H2mXopPVjWIbO7BAMLjPT5TQVyn0 + zdeJtCktZo0u1LOjADDdSPpUen+JNDgsYIZbtVdEUEYPBA9hXzWbK8AyYJAB + /smgWd2RkQOQf9k0D5T6Rs9a0xNQvbkzfu5vL2EKxztXB6Cl1DWdOnms2im3 + CKUM3ysMDHXkVS8CqyWJRwVYRW+QeD9yuh1X/j40/wD67j+RoIIbjXtJeCRF + nyWUgfI3Uj6VX03W9Mt7CCGaba6KARtY8/gK6C6/49Zv9xv5VU0b/kF23+4K + AOfg1/R4dUvJpblVSQRhSQedo54xmk1LxBo1w1oYbpW8qdHbqMKM5PIrxjxj + bXEnijUTHE7DzOyk9hXMmzu1xuhcZ4HymgrlPp2XxPoLRuq3ikkEDhv8Kp6V + 4i0W20+CCa7VXQYIwT39hXzf9ivP+eEn/fJoFndsMrA5B9FNA+U+kbfWtM/t + O4uvPzFIiBWCsckde1LqmsadcLbCGbd5c6O3ysMKM5PIrI+H6PHYokilWEK5 + BGD99q6rWvuWf/XzF/WggRvEGkFSBP2/uN/hWdpGs6ba6dDBPNtdAcjax6kn + sK6p/uN9DWToH/IIt/o3/oRoAx49d0pNYmna4ARo1UHDZyD6YzT9V1nTbmGF + YZtxWVGPysOAeTyK8a8fxSnxZfsEJX90c44/1S1yMN3dW+Ps8zx4ORtYjkd+ + KCuU+p/+Eg0j/n4/8cf/AArL0fWdNtdOignm2uu7I2serE9hXjWnfEHxNYEB + 5xdIP4Zl3f8Ajww3613vhf4gaP8AZo9P1EG0kUnDnmM5JPUcjr3GPegVjqF1 + nTRrD3Rm/dGEIDtb727OMYzRq2s6dc2yxwTbmEiNjaw4B56itGCSObXGliYO + jWykMpyCN3UEU/Xf+PNP+usf86BB/wAJBpH/AD8f+OP/AIVl6PrGnWtkIp5t + rhmONrHgnI6CutrF0D/kGr/vv/6EaAMz+2dN/tn7V537r7Psztb72/OMYz0o + 1fWdNurJoYJtzllONrDgEE9RWp/zMP8A26/+z0a//wAg1v8AfT/0IUAH/CQa + R/z8f+OP/hWXpOsabbWzRzzbWMjtjax4J46CutrG0L/jzf8A66yfzoAy21jT + jrCXQm/dCEqTtbruzjGM0axrOm3WnSwQTb3bbgbWHRge4rTf/kYI/wDr3P8A + 6FS+IP8AkEz/AFT/ANCFAB/wkGkf8/H/AI4/+FZelaxp1tDMs020tK7D5WPB + PHQV1tYuh/6i4/67yfzoAzJdZ01tWhuRN+7SNlJ2t1J9MZp2r6zptzp00EE2 + 53AwNrDuD3FaU3/Idt/+uL/zp2vf8gi4+g/9CFAEa+INICgGft/cb/Cs3TNZ + 023W5E023zJ5HX5WOVOMHgV1afcX6CsjRfu3n/XzL/SgDLn1jTn1W2uVmzHG + jhjtbgnpxjNSarrWmXOnzwQzbndcAbWHf3FaFz/yG7P/AK5yVJrf/IKuf93+ + tAFeLX9JWJFafBAAPyN6fSs/TdY06BrsyzbfNnd1+VjlTjB4FdRB/qI/90fy + rK0f79//ANfMn9KAMy51jTpNTs7hJsxxCTcdrcbhxxjNTalremT2E8MU253U + gDawyfxFXbz/AJDWn/7sv/oNWNY/5Bdz/uGgClb69pKQRo0+CqgH5G6gfSqO + n6xp0E140s20Syll+VjkY9hXTWv/AB6w/wC4v8qzdK/4+NQ/67n+QoAy7vWN + Ol1GxnSbKQmTcdrcblwO1WNQ1zS57GeGKbc7owA2sMkj6Vbv/wDkLab9Zf8A + 0Greq/8AINuv+ubfyoAzbTXdKjtYY3nwyIoI2t1A+lU7HWNOhur2SSbCyyAq + drcjH0ro7D/jxt/+uafyFZ+mf8fuo/8AXUfyoAzL3WNNlvbKWObKRMxY7W4B + GB2q1e67pUtnPFHPlnjZQNrckggdqtaj/wAhHTv99/8A0Gruo/8AIPuv+uT/ + APoJoAyLHXNLhsreKSfDpGikbWOCAAe1VbPWdNivr2WSbCSshU7W5wuD2roN + N/5B1r/1yT/0EVT0/wD5CWpf78f/AKDQBl3+sadNc2ckc2VikLMdrcDH0q5d + a7pUlrNGk+WZGAG1upH0qfVP+PzTv+up/lWhff8AHlcf9c3/AJGgDD0/W9Lg + sYIZZtroigjaxwQPpUFprGnR6jfTvNhJvL2Ha3O1cHtW7pP/ACDLX/rmv8qq + 2P8AyF9T/wC2P/oNAGZqGsadPLZtFNuEUwZvlYYGPcVen17SXgkRZ8llIHyN + 1I+lTat/r9P/AOu6/wAjWldf8e0v+438qAOf0zW9Mt7CCGaba6KARtY8/gKh + t9Y05NUu7h5sRyiMKdrc7RzxjNbejf8AILtv9wVXtP8AkNX/APuxfyoAzNT1 + jTrg2hhm3eVOjt8rDCjOTyK0Jdf0lo3UT8kEfcb/AAp+s/esP+vqP+ta03+p + k/3T/KgDmdK1rTbbT4IJptroMEbWPf2FMh1jTU1W4uWmxG6IFO1uSOvGM1sa + H/yCbb/dP8zUdv8A8hy7/wCucdAGXqms6bcLbCGbcY50c/Kwwo6nkVpN4g0g + qQJ//HG/wp2tfctP+vmL+tbDfdP0oA5TSNZ02106GCeba6A5G1j1JPYUkesa + cury3Jm/dNEqg7W6g+mM1q6B/wAgi3+jf+hGmxf8h6f/AK4r/OgDM1XWNOuY + Ykhm3FZUY/Kw4B56itT/AISDSP8An4/8cf8AwpNc/wCPeD/rvH/OtqgDktH1 + nTbXT44J5trqWyNrHqxPYULrOmjWGujN+6MITO1vvbs4xjNanh//AJBMP1f/ + ANCNC/8AIwP/ANew/wDQ6AMvVtY025tVjgm3MHQ42sOAeeorU/4SDSP+fj/x + x/8ACjXf+PJf+usf/oVbNAHJaRrGnWtmIp5tr7mONrHgnI6Cj+2NO/tkXXnf + uvs+zO1vvbs4xjPStPQP+QcP99//AEI0H/kYh/16/wDs9AGZrGsaddWLQwTb + nLKcbWHQgnqK1P8AhINI/wCfj/xx/wDCk8Qf8g1/95P/AEIVtUAclpOsadbW + zpPNtYyO2NrHgnjoKsQX9pe67G9tJvHksvQjnOe4Harmhf8AHpJ/11k/nQ// + ACH4v+vdv/QqANmiiigAooooAKKKKACiiigD/9P9z5dKiXVYIPOmIaNjkudw + x6Gn6tpUVvp00yzTMVA4ZyR1HUUyWXVv7VgZoYxKI32jccEd+adq0urtp0wu + II1jIGSrEkcigC/HosBRT9on5A/5aGs7TNLin+17ppl8u4kQbXIyBjk+p960 + I5tc2Li3ixgfxms/TJdWH2vyIY2zcSFssRhuMge1ABcaXEmqWsAmmIkVySXO + 4YHY9ql1PSYYLCeVZpmKrnDOSD9RUVxLqx1S1Z4YxKFfaAxwRjnJqTU5dYNh + OJ4IljK/MQxJAoAtw6LC0MbGecZUHiQ+lUNO0uKaS8BmmXy5mUbXIzjHJ9TV + +GbXPJTbbxFdox856Yqhp0urCS78mGNiZmL5YjDcZA9qAC60uJNSsoRNMRL5 + uSXJI2rng9vep9R0iGGxnlWeZiqE4aQkH6ioLqXVjqVkZIYxKPN2AMcH5ecm + ptRl1k2M4ngiWModxDEkCgCe20aF7aJzPONyKcCQgciqWn6XFLcXiGaZfLl2 + jDkE8d/U1ctptbFtEI7eIrsXBLnOMcVTsJdWFxeGGGNmMnz5YjBx2oALzS4o + 7+xiE0xEpfJLkkYXPB7VZv8AR4YrK4kE8xKRscGQkHA7iq15Lqxv7IyQxiQF + 9gDHB+XnNWb6XWTZXAlgiVDG24hySBjnFADrPR4ZLSCQzzgsinAkIAyO1VLL + SopLu9jM0wEbqAQ5BOR39atWcutC0gEVvEUCLtJc5IxxVWyl1YXd6YoIy5dd + 4LEAHHagAvtLiiu7KMTTESOwJLkkcdvSrd5o8MdpPIJ5yVRjgyEjgd6qX0ur + G7sjLDGHDtsAYkE471avJdaNpOJbeIIUbcQ5yBjmgBLDSIZbKCUzzAuinAkI + AyOwqtZ6XFJf30RmmAiKYIcgnK55PerFhLrIsoBDBEyBF2kuQSMcZqvZy6sL + ++MUMZkJTeCxwPl4xQAX+lxRT2aiaZvMl2nLkkcdvQ1dudGhS3lcTznajHBk + OOBVK/l1Yz2ZmhjVhL8mGJycd6u3M2tm3lD28QXY2SHPTFAEOnaRDNYwStPM + pZAcLIQB9BUFrpcT6newmaYCIR4IcgncueT39qm06XWRYwCGCJowg2ksQSKh + tZdWGp3pjhjMpEe8FjgfLxg0AGpaXFDJZhZpm8yZVO5ycZ7j0NX5tGhWGRhc + TnCk8yH0qhqMurF7Tz4Y1ImXZhictzgH2q/NNrnkvut4gu05+c9MUAVNL0mG + fT4JWmmUsucK5AH0FRwaXE+qXUBmmARUIIc7jkdzUmly6wunwC3giaML8pLE + Eio4JdWGqXTJDGZSqbgWOAMcYNABqelxQ/Zds0zeZcRodzk4BzyPQ+9aL6LA + EY/aJ+Af+WhrO1OXVj9l8+GNcXEZXDE5bnAPtWi82u7GzbxYwf4zQBR0nSor + jToZmmmUsDwrkDqegpkWlxNqs8BmmASNDkOdxz6mnaTLq66dCLeCNo8HBZiC + eTTYpdW/tWdlhjMpjXcNxwB25oANV0uKCOArNM26ZF+ZycZ7j3rTOiQY/wCP + if8A7+GszVJdWaOD7RDGoEybcMTluw+lafna7/z7w/8AfZoAzNG0uK502GZp + pkLbuFcgcMRwKE0uI6vJb+dNgQhs7zu69M+lGjy6sumwi2hjeP5sFmIP3jnj + 60JLq39ryMIY/O8kZG442565oANV0uKC3R1mmbMiL8zkjk/zrU/sSD/n4n/7 + +GsvVZdWa3QXEMar5iY2sTznitPztd/594f++zQBmaPpcVxYJK00ykswwrkD + hiOlA0qL+2Tb+dNjyA2d53Z3Yxn0o0eXVlsUFtDG8eWwWYg/eOaBLq39sFvJ + j87yANu4427uufXNABq+lxW9n5izTMd6DDOSOTWp/YkH/PxP/wB/DWXq8urN + Z4uYY0TenKsSc54rT87Xf+feH/vs0AZmk6XFcWhkaaZTvcYVyBwaDpcX9sLb + +dNgwFs7zu+9jGfSjSZdWW0It4Y2Te/LMQc55oMurf2wrGGPzvII27jjbu65 + 9c0AGsaXFb6fJKs0zEFeGckcsB0rU/sSD/n4n/7+GsvWJdWawkFzDGkeVyVb + J+8MfrWn52u/8+8P/fZoAzNK0uKeCRmmmXErr8rkDg/zok0uIavFb+dNhomb + O87uD0z6UaVLqywSC3hjZfNfO5iOc80SS6t/a8TGGPzvKbC7jjbnrmgBdY0u + K302aZZpmK7eGckcsByK0hokGB/pE/8A38NZmsS6s2mzC5hjSP5clWJP3h2r + SE2u4H+jw/8AfZoAzdL0uKdLgtNMuyZ1+VyM47n3om0uJdVt4BNMQ6OclzuG + PQ0aXLqypcfZ4Y2BmfdliMN3A9qJpdW/tW3ZoYxKEfaNxwR3yaAH6tpUUGnz + TLNMxUDhnJHUdRV6PRYCin7RPyB/y0NUdVl1dtPmFxBGsZAyVYkjkVdjm1zY + uLeLGB/GaAM/TNLinN3ummXy53QbXIyBjk+pouNLiTVLSATTESLISS53DA7H + tRpkurA3fkQxtmdy2WIw3GQPai4l1Y6paM8MYlCybQGOCMc5NAEup6TDBYTy + rNMxVc4ZyQfqKtQaNC0MbGecZUHiQ+lVNTl1g2E4ngiWMr8xDEkCsnxBdeLI + dCZtMgQEINzoxMipjkqPX9R2oA5LXvEdro0l3Y2byy3glYA7yEUDu2PvN7fn + XmE9zf6rchp3kuZ34Gcsx9gP6CrWkaNqOv3v2SxQyOfmZj0Udyx/zmvX9H8N + yeHLuzEMCPdv5n7xmzu+Xkf7IA6Y/GgrY4yw+HWqSWUl/qjCzRFLCP70hx6j + ov8AP2r1XRPCmn6dYRx2s06iQB2/eYyxAyeBirWoy6ybGcTQRLGUO4hySBUt + tNrYtohHbxFdi4Jc5xjigTZTsNLiluLxDNMojkwMOQTx39TReaXFHf2MQmmI + lZwSXJIwueD2osJdWFxeGGGNmMnzgsRg47UXkurG+sjLDGJAX2AMcH5ec0CL + N9pEMVlcSieYlI2ODISDgdxTrPR4ZLOCQzzgtGpwJCAMjtTb6XWTZXAlgiVD + G24hySBjnFLZy60LOARW8RQRrtJc5IxxQBVstLikvL2MzTARuoBDkE5Hf1ov + tLiiu7KMTTESOQSXJI47elFlLqwvL0xQxly67wWIAOOMUX0urG7sjLDGrhzs + AYkE470AW7zR4Y7SeQTzkqjHBkJHA70yw0iGWxglM8yl0U4EhAGR2FPu5daN + pMJLeIJsbJDnIGOaZYS6yLGAQwRMgRdpLkEjFAFe00uKTUL6EzTARGPBDkE5 + XPJ70ahpcUU9mommbzJdpy5JHHb0NFpLqw1C+McMZkJj3gscD5eMUahLqxns + /OhjVhL8mGJy2OhoAu3GjQpbyuJ5ztVjzIccCoNN0iGawglaeZSyA4WQgD6C + p7ibWzbyh7eILtbOHPTFQadLrAsIBBBE0YQbSWIJFAENtpUT6newmaYCMR4I + c5O4dz39qNR0uKF7QCaZvMmVTucnGc8j0NFtLqw1K9McMZlIj3gscDjjBo1G + XVi9p58MakTKUwxOW5wD7UAX5tFhWJ2FxOcKTzIfSqml6TFPp8ErTTKWXOFc + gDnsKtzTa55T7reIDac/OemKqaXLrC6fALeCNowvBLEEjNAEcGlxPql1AZpg + EVDkOdxz6mjU9LihFrtmmbfPGh3OTgHPI96IJdWGqXTJDGZSqbgWOAO2DRqc + urEWvnwxrieMrhictzgH2oA0n0WAIx+0T9D/AMtDWfpGlRXGnQzNNMpYHhXI + HU9BV95td2nNvFjB/jNUNJl1ddOhFvBG0eDgsxBPJoAbFpUTatPB502FjU53 + nccnuaNV0uKCKFlmmbdMi/M5OM9x70RS6t/a07LDGZTGu4bjgDPHNGqy6s0U + P2iGNQJkxhictngfSgDT/sSD/n4n/wC/hrM0bS4rnTYZmmmQtu4VyBwxHArT + 87Xf+feH/vs1maNLqy6bCLaGN4vmwWYg/eOePrQAJpcR1iS386bAhDZ3nd16 + Z9KNW0qKC2R1mmYmRBhnJHJoSXVv7XkYQx+d5Iyu4425659aNVl1ZrdBcQxq + vmJgqxJznigDU/sSD/n4n/7+GsvR9LiuLFZWmmUlmGFcgcMR0rT87Xf+feH/ + AL7NZmkS6stiotoY2j3NgsxBzuOaAAaXF/bJtvOmx5G/dvO7O7GM+lfN9+u2 + +uFHOJHHPXqa+kPN1b+2S3kx+d5GNu4427uufXNfN9/uN9clxhvMfP1yaCon + 0vp2jQtp9qxnnGYkPEhx90VBpGlxXFoZGmmU73GFcgcGp9Om1safahLeIr5S + Yy56bRUGky6stqRbwxsm9+WYg5zzQSDaXF/bC2/nTYMBbdvO772MZ9KNZ0uK + 30+SZZpmIK8M5I5YDpQ0urf2wrGGPzvII27jjbu659c0axLqzafILmGNI8rk + qxJ+8MUAan9iQf8APxP/AN/DWXpWlRTwys00y7ZXX5XIHB/nWn52u/8APvD/ + AN9mszSpdWWGX7PBGy+a+dzEfNnkUAEmlRDV4rfzpsNEzZ3ndwfX0pdY0qK3 + 06aZZpmK44ZyR94DkUkkurf2tExhj87ymwNxxtz1zS6xLqzadMLmCNI+MlWJ + PUUAaK6JBgf6RP8A9/DWbpelxTpcFppl2TuvyuRnHc+9aQm13Axbw/8AfZrN + 0uXVlS4+zwxsDO5bLEYbuB7UAE2lxLqtvAJpiHRzkudwx6Gn6rpMUGnzTLNM + xUZwzkjr3FMml1b+1bdmhjEoR9o3HBHfJp+qy6u2nzC4gjWMjkhiSOaALsei + wGNT9on5A/5aGs/TdLimN3ummXy53QbXIyBjk+prQjm1zy1228WMDHzms/TZ + dWBu/IhjbM7lssRhuMge1ABcaXEmp2kAmmIkWQklzuGB2PapdT0mGGwnlWaZ + iq5wzkg/UVFcS6sdTtGeGMShZNoDHBGOcmpdTl1g2E4ngiWMqdxDEkCgCzBo + 0LwRsZ5xlQeJDjpVHTtLimlvFM0y+XMVG1yM+59TV6CbWxBGEt4iu0Yy56Yq + jp0urCW88mGNiZjvyxGGx0HtQAXWlxJqVjCJpiJfNyS5JG1c8Ht71PqGkQw2 + M8onmYojHDSEg4HcVBdS6sdRsTJDGJB5uwBjg/Lzn8Kn1CXWTYziaCJYyjbi + HJIGKAJbXRoXtoXM84LIpwJCByKp2GlRS3N4hmmAjkwCHIJ47+tXLWbWxbQi + O3iK7FwS5zjHFU7CXVhc3hhhjZjJ84LEAHHagAvNLijvrKITTESs4JLkkYHY + 9qs32jwxWVxIJ5iUjY4MhIOB3FVryXVjfWRlhjDhn2AMcE45zVm+l1o2VwJY + IlQxtuIckgYOcUALZaPDLZwSGeYF41OBIQBkdqq2WlxS3l7GZpgImUAhyCcj + ue9WrKXWhZwCKCIoI12kuckY4qrZS6sLy9MUMZcsu8FjgHHGKAC+0uKK6skE + 0xEjkElySOO3pVy70eGO1mkE85KoxwZCRwO9U76XVjdWRlhjVw52AMSCcd6t + 3cutG1mElvEE2NkhzkDHNADLDSIZbGCUzzKXRTgSEAZHYVXtNKik1C+hM0wE + RjwQ5BOVzye9WLCXWRYwCGCJkCLtJcgkY4qvaS6sNQvjHDGZCY94LHA+XjH4 + UAGoaXFDNZqJpm8yUKdzk446j0NXrjRoUt5XE852qx5kOOBVHUJdWM1n50Ma + sJRswxOWx0NXbibWzbyh7eILtbJDnpigCDTdJhmsIJWnmUsoOFcgD6CobbS4 + n1O8hM0wEYjwQ5ycjue9TabLrAsIBBBE0YUbSWIJFQ20urDU7wpDGZSI94LH + A44waADUtKiha0CzTN5k6qdzk4BzyPQ1oS6LCsTsLifgE/6w+lZ+pS6sWtPP + hjUidSmGzlucA+1X5Ztc8p91vEBg5+c+lAFTS9Jin0+CVpplLLnCuQBz2FRw + aXE2q3MBmmAREOQ53HPqak0uXWF0+AW8EbRheCWIJGajgl1YarcskMZlKJuG + 44A7YNABqmlxQC12zTNvnjT5nJwDnke/vWk+iwBSftE/AP8Ay0NZuqS6swtf + PhjXE6FcMTlucA+1aLza7tObeLGP75oAoaRpUVxp0MzTTKWB4VyB1PQU2LS4 + m1aa386bCxq2d53cnufSl0iXV106EW0EbR4OCzEE8mkil1b+1pmWGPzvLXI3 + HGM8c0AGq6XFBFCyzTNumRfmcnqeo961P7Eg/wCfif8A7+GsvVJdWaKH7RDG + o85MYYn5s8CtPztd/wCfeH/vs0AZmjaXFc6dFM00ylt3CuQOGI4FC6XEdYe3 + 86bAhDZ3nd97GM+lGjS6sunRC2hjeP5sFmIP3jn9aFl1b+2HYQx+d5Iyu442 + 7uufWgA1bS4re2V1mmYmRBhnJHJrU/sSD/n4n/7+GsvVpdWa2UXEMar5iYKs + Sc54rT87Xf8An3h/77NAGZpGlxXFksrTTKSzDCuQOGI6Uf2XF/bP2bzpsfZ9 + +d53Z34xn09qNIl1ZbJRbQxum5uWYg5yc0ebq39s7vJj877PjbuONu/rn1zQ + AavpcVvZGRZpmO5RhnJHJFan9iQf8/E//fw1l6vLqzWRFzDGqbl5ViTnIxWn + 52u/8+8P/fZoAzNJ0uK4tWdpplO9xhXIHBobS4hrCW/nTYMJbO87vvYxn0o0 + mXVltWFvDGyb35ZiDnPNDS6t/bCMYY/O8k4Xccbd3XPrmgA1nS4rbTpZlmmY + qV4ZyRywHStT+xIP+fif/v4ay9Zl1ZtOlFzDGkeVyVYk/eGP1rT87Xf+feH/ + AL7NAGZpWlxTwys00y7ZXX5XI6Hr9aJNLiGrQ2/nTYaJmzvO7g+vpRpUurLD + L9nhjYea+csR82eRRJLq39rQs0MfneU2BuOMZ55oAXV9Kit9OmmWaZioHDOS + Oo6itFdEg2j/AEif/v4aztXl1dtOmFzBGkeBkqxJ6itFZtdwMW8X/fZoAzdL + 0uKdbktNMuyd1+VyM47n3om0uJdVtoBNMQ6OclzuGPQ0aZLqyrc+RDGwM7ls + sRhu4HtRNLqx1W2ZoYxKEfaNxwR3yaAJNV0mKDT55lmmYqM4ZyR17irkWiwG + ND9on5A/5aGqWqy6u2nzi4gjWMjkhiSOauxTa55abbeLGBj5zQBn6bpUUzXe + 6aZfLndRtcjIGOT6mi40uJNTs4RNMRIJMkucjA7HtRpsurBrvyIY2zO5fLEY + bjIHtRcS6sdTsy8MYlAk2AMcHjnJoAm1PSYYbCeVZ5mKqThnJB+oqxBo0LQR + sZ5xlQeJDjpVbUpdYNhOJ4IljKncQxJAqzBNrfkR7LeIrtGMuemKAKOn6XFN + NeKZpl8uUqNrkZ46n1NF3pcUeo2MImmIl8zJLkkbVzwe3vRp8urCW88mGNiZ + TvyxGGx0FF3Lqx1GxMkMYkHmbAGOD8vOfwoAn1DSIYbGeUTzMURjhpCQcDuK + ltdHhktYXM84LIpwJCByO1RahLrJsZxNBEsZRtxDkkDFS2s2ti1hEdvEV2Lg + lznGOKAKdjpUUtzeIZpgI5AAQ5BPHf1ovNLijvbKITTESs4JLkkYGeD2osZd + WFzeGKGNmMg3gsQAcdqLyXVje2RlhjDhn2AMcE45zQBavtHhisriQTzEpG5w + ZCQcA9RRZaPDLZwSGecF41OBIQBkDoKS+l1o2VwJYIghjfcQ5JAwc4pbKXWh + ZwCKCIoI12kuckY4oAq2WlxSXt7EZpgImUAhyCcjue9F/pcUV1ZIJpiJJCCS + 5JHHb0ospdWF7emKGMuWXeCxwDjjFF9LqxurIzQxqwkOwBiQTjvQBcutHhjt + ZnE85KoxwZCRwO9R6fpEMtjBKZ5lLopwJCAMjsKkuptbNrMJLeILsbJDnOMc + 1Fp8usixgEMETIEXaS5BIxQBBaaXFJqN9CZpgIvLwQ5BO5c8nv7UahpUUU1m + ommbzJQp3OTjjqPQ0WkurDUb4xwxmQ+XvBY4Hy8Y/CjUJdWM1n50MakSjZhi + ctjoaAL1xo0KQSOJ5ztUnmQ44FV9N0mGawglaeZSyg4VyAPoKnuJtbMEge3i + C7TnDnpiq+my6wLCAQQRNGFG0liCRQBFbaXE+p3kBmmAjEeCHOTkdz3o1LS4 + oWtAs0zeZOinc5OM55HoaLaXVhqd4UhjMpEe8FjgccYNGpS6sWtPPhjUidCm + GJy3OAfagDQl0WARuftE/AP/AC0NU9K0mKfT4JmmmUsM4VyB17Crks2ueW+6 + 3ixg5+c1S0uXV10+AW8EbRheCWIJ5oAZBpUTarcwGaYBEQ5Dncc+po1TS4oF + tis0zb50X5nJxnPI96IZdW/tS5ZYIzKUTcNxwB2waNUl1ZltvtEMagToVwxO + W5wD7UAaTaJAFJ+0T9P+ehrO0jSorjToZmmmUsDwrkDqegrRabXdpzbxdP75 + rO0iXV106EW0Ebx4OCzEHqaAEj0uI6tNb+dNhYlbO87uT3PpVXW/DunGKN5Q + 0xeVEPmENwx56irUcurf2tMywx+d5a5G44xnjmjVZdWaGL7RDGo81MYYn5s8 + CgDFvvhjoNypNpJLaydiCGX8VP8AQivKJ/BmvRpFNBbm5hmbarx84O7b8w6j + nv096+hPO13/AJ94f++zWZo8urLp0QtoY3j+bBZiD945/WgdzM0Xw1Bpk6aW + JZMpAHdkbbly3zY9vQVp6tpUUFsrrNMxMiDDOSOTQsurf2w7CGPzvJAK7jjb + u659c0atLqzWyi4hjVfMTBViTnPFAjU/sSD/AJ+J/wDv4ay9H0uK4shK00yn + cwwrkDg+lafna7/z7w/99mszSJdWWyAtoY3Tc3LMQc5OaAD+y4v7Z+zedNt+ + z787zuzvxjPp7UavpcVvZNKs0zEMowzkjkgdKPN1b+2d3kx+d9nxt3HG3f1z + 65o1eXVmsmFzDGibl5ViTnIxQBqf2JB/z8T/APfw1l6TpUU9sztNMpEjjCuQ + ODWn52u/8+8P/fZrM0mXVltmFvDGy+Y+SzEHOeaABtLiGsJb+dNgwls7zu+9 + jGfSjWNLit9OlmWaZyu3hnJHLAdKGl1b+2EYwx+d5Jwu4427uufWjWJdWbTp + RcwxpH8uSrEn7wx+tAGp/YkH/PxP/wB/DWXpWlxTwzM00y7ZXX5XI6HqfetP + ztd/594f++zWZpUurLFN9nhjYGV85Yj5s8igAl0qJdWhg86bDRsc7zu4PY+l + O1fSorfTpplmmYqBwzkjqOopskurf2tCzQx+b5bYG44xnnml1eXV206YXMEa + R4GSrEnqKANFdEgKg/aJ+n/PQ1m6ZpUUy3O6aZdk8ija5GQMcn3rSWbXdoxb + xdP75rN0yXVlW58iGNszuWyxGG7ge1ABPpUS6rbQCaYh0c5LncMehqTVdJig + 0+eZZpmKjOGckde4qOaXVv7UtmaCMShH2jccEd8mn6pLq7afOLiCNYyvJDEk + c0AXYtFhaJGNxPyAf9YfSs/TdLima7DTTL5c7qNrkZAxyfU1fim1zyk228RG + Bj5zVDTZdWDXfkQxsTO5fLEYbjIHtQAXOlxJqdnAJpiJBJklzkYHY9qm1LSY + YbCeVZ5mKqThnJB+oqG5l1Y6nZl4YxKBJsAY4PHOTU2pS6wbCcTwRLGVO4hi + SBQBYt9GheCNzPONyg8SHHIqjp+lxTTXimaZfLlKjDkZ46n1NXbebWxBGEt4 + iu0Yy56Yqlp8urCa88mGNiZTvyxGGx0FABd6XFHqNjCJpiJTJklySMLng9qs + ahpEMVjPKJ5mKIxwZCQcDuKr3curHUbEyQxiQGTYAxwfl5z+FT6hLrJsZxNB + EqFG3EOSQMUAS2mjwyWsMhnnBZFOBIQOR2qnY6XFLdXqGaYCOQAEOQTx39at + 2kutC1hEdvEU2LglznGOKqWMurC6vTDDGzGQbwWIAOO1ABe6XFHe2UYmmIlZ + gSXJIwO3pVq90eGKznkE8xKRscGQkHA71VvZdWN7ZGWGMOGbYAxwTjnNWr2X + WjZziWCIIY23EOcgY5oALHR4ZbK3kM8wLxocCQgDIHQVVs9Likvb2IzTARMg + BDkE5XPJ71ZsZdaFlbiKCIoI02kuQSMDGarWcurC9vTFDGXLJvBY4BxxigAv + 9LiiubNBNMRJIQSXJI47elXLrR4Y7WZxPOSqMcGQkcDvVO/l1Y3NmZoY1YSH + YAxIJx3q5dS62bWYSW8QXY2SHOcY5oAi0/SIZrGCUzzKXRThZCAMjsKgtNLi + k1G+hM0wEXl4IcgncueT39qn0+XWRYwCGCJowi7SXIJGKgtJdWGo3xjhjMh8 + veCxwPl4x+FABqGlxQy2aiaZvMmCnc5OOOo9DV6fRoUgkYTznCk8yHHSqOoS + 6sZbPzoY1ImGzDE5bB4NXp5tbMEge3iC7TnDnpigCvpmkwzWEErTzKWUHCuQ + B9BUNvpcT6ndwGaYCNYyCHO45Hc96l02XWBYQCCCJowo2ksQSKit5dWGp3bJ + DGZSI94LHA44waADU9LihNptmmbzJ0Q7nJwDnkeh960JdFhWN2FxPwD/AMtD + WfqUurE2nnwxridCmGJy3OAfatCWbXPLfdbxAYOfnNAFLStKin0+CZpplLDo + rkDr2FMh0uJtVuIDNMAiIchzuOfU0/SpdXXT4RbwRtGBwSxBPNMhl1b+1bhl + hjMpRNw3HAHbBoANU0qKBbYrNM2+dFO5ycA9x71pNokGD/pE/wD38NZuqS6s + VtvPhjUCdCuGzluwPtWkZtdwc28P/fZoAztI0qK406GZpplLA8K5A6noKSPS + 4jq8tv502FiVs7zu5Pr6UukS6uunQi2gjePBwWYg9TSRy6t/a0rLDH53lLkb + jjbng5oANV0uKCGJlmmbdKi/M5PU9frWp/YkH/PxP/38NZeqy6s0MX2iGNV8 + 1MYYn5s8CtPztd/594f++zQBmaPpUVxp8czTTKWLcK5A4YjpQulxHWGt/Omw + IQ2d53fexjPpRo8urLp8YtoY3jy2CzEH7xz+tCy6t/bDMIY/O8kAruONu7rn + 1zQAatpcVvaq6zTMd6DDOSOTWp/YkH/PxP8A9/DWXq0urNagXEMapvTlWJOc + 8Vp+drv/AD7w/wDfZoAzNI0uK4sxI00yncwwrkDg+lH9lxf2yLbzpseRv3bz + uzuxjPpRpEurLZgW0MbpuflmIOc80ebq39shvJj87yMbdx27d3XPrmgA1jS4 + rexaVZpmIZRhnJHJHatT+xIP+fif/v4ay9Xl1ZrFhcwxom5eVYk5yMVp+drv + /PvD/wB9mgDM0nS4p7Z3aaZcSOMK5A4NWILNLXXY0SR3/cs3ztuPXH5VX0mX + VltnFvDGy+Y+SzEHOeasQPetrsZu40RvJb7pzxn/ABoA6WiiigAooooAKKKK + ACiiigD/1P3Rl1fTm1aC4WYGNI3BODwT07U7V9Y02506eGGYM7AYGD6j2q9O + if25bDaMeU/an66iDSbghQOB29xQA2PXdJCKDcDIA7N/hWbper6dB9r86YL5 + lxI68HlTjB6V00SJ5afKOg7Vk6MiH7dkD/j6l/pQBn3Gr6c+q2lwswMcayBj + g8ZHFS6prOm3GnzwwzhndcAYPP6VbukX+2rIYGNkv8qm1lEGl3JCj7npQBDD + rulLDGrXABCgHhvT6VQ03V9OgkvDLMFEkzMvB5Bxz0ro7dE+zxfKPur29qzN + JRDLf5A4uG/kKAM+61fTpNTsZ0mBSLzdxweNy4HaptS1nTJ7CeGKcM7oQBg8 + n8qtXqJ/bGnDaORN2/2RVjVkQaZckKP9W3agCpa65pUdtEj3ADKigjB6gfSq + On6vp0NxevLMFEsu5eDyMfSuhs0T7JB8o+4vb2rO0tEN1qGQOJv6UAULzV9O + lv7GZJgUiLljg8ZXA7VZv9a0yaxuIo5wzvGwAweSR9Knv0QanpwAHLSf+g1b + 1NEGnXRCj/VP29jQBn2et6XFZwRvOAyRqCMHggfSqljq+nRXl7JJMAsrqVOD + yAPpW7p6J9gtvlH+rTt/siqWnIhv9RyBxIv/AKDQBnX2r6dLd2UkcwKxOxY4 + PAI+lXLzW9Lls540nBZ42AGDySPpUmpIgvtOwBzI3/oNXr9EFhckKP8AVv2/ + 2TQBlWGtaZDY28Uk4V0jUEYPBA+lVrPV9Oi1C+meYBJTHtODzhcHtW3piIdO + tSVH+rTt7VUsEQ6pqQIHDRf+g0AUNQ1fTpp7N45gwil3NweBj6Vdudc0p7aV + EuAWZGAGD1I+lP1REFzp+AOZv6VoXiJ9kn+Ufcbt7UAYum6zpkFhBDLOFdEA + IweD+VQWur6dHqd7O8wEcoi2nB52rg9q2dJRDplsSo+4O1VrNF/tjURgYAh/ + 9BNAGfqWr6dPJZmKYMI5lZuDwozz0rQm13SmhkVbgElSBw3p9KNXRBJYYA5u + E/rWpcIn2eX5R91u3tQBgaXrGm2+nwQzThXRcEYPH6VHBq+nJql1cNMBHIsY + U4PJA57Vq6KiHS7YlQfl9PeorVE/tq9G0Y2R/wAqAM/U9X06f7J5Uwby7iN2 + 4PCjOT0rRfXdJKMBcDJB7N/hSawiD7DgD/j6i/rWtIieW3yjoe1AHN6RrGm2 + 2nQQzTBXUHIwfU+1Ni1fTl1ae4aYCN40AODyR17Vp6EiHSbclQeD29zTIET+ + 3LkYGPKSgDO1XV9OuI4FhmDFJkY8HgDqelah17Sf+fgfk3+FR62iCK2wB/x8 + R/zrZMaY+6PyoA5fRtX06102GCeYI67sjBPViewoTV9OGsSXJmHltCFBweoO + cdK0PD6IdItyQCfm/wDQjRGif29KNox5C/8AoVAGfq2r6dcW8aQzBmEiMeD0 + B57Vqf29pH/PwPyb/Co9cRBax4AH76P+dbPlp/dH5UAcro2r6dbWCQzzBHDM + cYPdiewpRq+nf2ybrzh5RgCbsH727OOnpV/QEQ6YhIB+Z/8A0I0oRP8AhIGG + 0Y+zDt/t0AZ2savp1zZ+VBMGbehxg9AeeorV/t7SP+fgfk3+FRa8iCw4AHzp + /wChVteWn90flQBy2kavp1taGOaYK29zjB6E8dqDq+nf2ytz5w8oQFN2D97d + nHStDQkQ2JyoP7x+3+1QyJ/b6jaMfZj2/wBugDP1nV9OudPkhgmDOSuBg9mB + 9K1P7e0j/n4H5N/hUevog0uUhQOU7f7QrZ8tP7o/KgDltJ1fTreCRJpgpaV2 + HB6E8dqSTV9OOsRXImHlrEyk4PUnp0rR0RENtLlQf30nb3pJUT+3oRgY8hv5 + 0AUNZ1fTrnTZoIJg7ttwMHswPcVpjXtJwP8ASB+Tf4UzX0QaRcEAA/L/AOhC + tgRpgfKPyoA5bStX063S4E0wUvO7Dg8qeh6Us2r6c2rW9wswMaRuCcHgnp2q + /oqIY7rIH/HxJ/SlnRP7btRgY8t6AKWraxptxp08MMwZ2AwMHnke1Xo9d0kI + oNwMgDs3+FO1xEGlXBCgfKO3uK0okTy0+UdB2oA5nTNX06A3fmzBfMuHdeDy + pxg9KLjV9OfVLS4WYGONZAxweMjjtWho6ITfZA/4+pP6UXSJ/bViMDBWX+VA + FTVNZ0240+eGGcM7rgDB5/SrcGuaUkEaNcAFVAPDdh9Kn1lEGl3JCgfJ6Vct + kT7PF8o+4vb2oA5bR73RrCW+ZGSEXE7Pwp+YHvwKnutX06TUrGdJgUi83ccH + jcuB2rQ0lEM1/lRxcN/IUXqJ/a+mjAwfO/8AQRQBW1HWdMmsJ4YpwzuhAGDy + T+FTWuuaVHbRI9wAyooIweoH0q3qyINNuSFH+rbt7VYs0T7HB8o/1a9vagDn + rDV9Ohub15JgqyyblODyMfSi81fTpb+xmSYFImcscHjK4HatDS0U3eoZA4l/ + pRqCINT00ADlpP8A0GgCG/1rTJrG4ijnDO8bADB5JH0pbLW9Lis4IpJwGSNQ + Rg8EAZ7Vo6miDTrohR/qn7exp2nohsLYlR/qk7f7IoAwrLV9OivL2WSYBZXU + qcHkAY9KL7V9Olu7KSOYFYnJY4PAI+laGnIh1DUQVHDp/wCg0akiC+0/AHMj + f+g0ARXmt6XJaTxpOCzowAwepH0pmn61pkNjbxSThXRFBGDwQPpWtfon2G4+ + Uf6t+3saj0tEOm2pKj/Vr29qAMSz1fTo9QvpnmASUx7Tg84XB7Uahq+nTT2b + xTBhFLubg8DH0rQsEU6rqQIHBi/9Bo1REFzp+AOZh/KgBtzrmlPbyotwCWVg + BhupH0qDTdZ0yCwghlnCuiAEYPB/Ktu7RPss3yj7jdvaqukIh0y2JUfcHagD + ItdX06PU72d5gI5RHtODztGD2o1LV9OnezMUwYRzqzcHhRnnpWhZon9sagNo + 4EPb/ZNGrogksMAc3CfyNACTa7pTQuq3AJKkDhvT6VU0rWNNt9PghmnCui4I + weOfpW/OieRJ8o+6e3tVHRUQ6VbEqD8vp70AZMGr6cmq3Vw0wEcioFODyR17 + Uuqavp04tfJmDeXcRu3B4UZyelX7ZF/tq9GBjZH/ACpdZRALLCj/AI+ou31o + Ac+vaSUYC4HIPZv8Kz9I1jTbbToYJpgrqDkYPqfaukdE2N8o6HtWXoSIdJty + VB4Pb3NAGbFq+nLq09wZgI3jVQcHkg/Sk1XV9OuIoFhmDFZkY8HoDya0YUT+ + 3LkbRjyk7e9JraKIbfAA/fx/zoAl/t7SP+fgfk3+FZWi6vp1rpkME8wR13ZG + D3YnsK6ry0/uj8qxfDyIdItyQCfn/wDQjQBnpq+nDWJLkzDyjCFBweuc4pdW + 1fTri2RIZgzCRGIwegPPar8aL/b0owMeQv8A6FS64iC0jwoH72Pt70ASf29p + H/PwPyb/AArL0fV9OtrBYp5grhmOMHuxI7V1Plp/dH5VjaCiHTUJAPzP/wCh + GgDP/tfTv7ZN15w8r7Ps3YP3t2cdPSvm2/YPfXLryGkcj8WNfUQRP+EgI2jH + 2X0/26+XtR/5CF1/11f/ANCNBUT6Y07XNKTT7VGuACsSA8N1Cj2qvpGr6dbW + hjnmCtvc4wehPHQVuaYif2bafKP9TH2/2RVPQkQ2TZAP7x/50Eme2r6cdZW6 + 84eUICm7B+9uzjpRrOr6dc6fJDBMHdiuBg9mB9K0GRf+EgQYGPsx/wDQ6PEC + KNKlIAHKf+hCgCX+3tI/5+B+Tf4Vl6Vq+nW8EqTTBS0rsOD0J47V1Plp/dH5 + VjaIiG3myAf30n86AM+TV9OOrxXImHlrEyk4PUn6Uusavp1zps0EEwZ2xgYP + ZgfSr8qJ/bsA2jHkt/Ol19EGkXBAAOF/9CFACrr2kgAfaB+Tf4VmaVq+nW6X + ImmCl53ccHlT0PSuoVE2j5R09Kx9FRTHd5AP+kyf0oAz5tX05tWt7hZgY0Rw + Tg8E9O1SatrGm3GnTwwzhncYAweefpVy4Rf7btBgY8uSpdbRBpVwQoHyjt7i + gCOPXdJWNVNwMgDs3+FZ+mavp0Bu/NmC+ZcO68HlTjB6V0sSJ5SfKPujt7Vl + aOiE32QP+PqT+lAGfcavpz6paTrMDHGsgY4PGRx2qXU9Z02fT54YpwzupAGD + yfyq3dIn9s2IwMFZf5CptYRBpdyQoHyHtQBXg1zSkgjRrgAqoB4bqB9Koadq + +nQS3jSzBRLMWXg8gjrXR2yJ9mi+UfcXt7VmaSiGa/yBxO38hQBQu9X06TUr + GdJgUi83ccHjcuB2qfUda0yaxniinDO6MAMHkkfSrN6if2vpowMHzv8A0GrO + qog025IUf6tu3tQBStdb0uO1hjecBlRQRg9QPpVOw1fTobm9eSYKssm5Tg8j + H0rfskT7HB8o/wBWvb2FUNMRDd6hlRxKO3tQBnXur6dLfWMscwKRM5Y4PGVw + O1Wr7WtLlsriKOcFnjYAYPJI47V+TX/BQb/go6v7Pnib/hUXwetLfUvHNpCJ + L69uR5lrphuEDRx+UMebOUIfDHYgZchySo/Py6+OH/BXO38Lv8V71fEa+HjE + bl5W0OyEItiN5kNt9m3LFt537ANvOcc0Af002Wt6XFZW8Uk4DJGgIweCAM9q + qWWr6dFe3sskwCyspU4PIA+lfmH/AME+v+CjFr+0nfxfB74oWFvpHj23tWkt + Li3+W11aO3XMm2NsmKdEG9kBKsoZl2gbR+pmnIp1DUQQOHT/ANBoAoX2r6dL + dWUkcwKxSEscHgY+lW7vW9LktJo0nBZkYAYPUj6VLqSIL3T8KOZD29qvXyJ9 + iuPlH+rft7GgDJ0/WtMhsbeKScK6IoIweCB9Kr2mr6dHqN9M8wCSmPacHnau + D2ra0tEOm2pKj/Vr29qq2KJ/aupDaODF2/2aAM7UdX06aazaKYMIpQzcHgY6 + 9KvXOuaU9vKi3AJZWAGG6kfSnaqii40/AHM4/lWldon2Wb5R9xu3tQBiaZrO + mQWEEMs4V0UAjB4P5VDbavpyanezvMBHKI9pwedo57Vr6QiHTLYlR9wdqgs0 + T+2NQG0cCLt/smgDP1LV9Ona0MUwby50duDwozk9K0Jdd0lonUXAJKkdG9Pp + Rq6IHscKP+PlO31rUnRPJk+UfdPb2oA5/StY0230+CGacK6LgjB45+lRQavp + yardXDTARyIgU4PJHXtXxT+3h4m/aM8Jfs9aLqX7L9tqdx4tl1u1hnGkaeNS + uRYGC5aQmIxTbU8xYgX2jBwM84PY/sL618a/EnwM0rV/2h4b+LxxM92LtNUs + xY3QjW6lWDfAI4to8oLt+QZGDznNAH1Lqmr6dcC1EMwby543bg8KM5PStN9d + 0kqQLgcg9m/wpmsogWzwB/x8xf1rXdE2N8o6HtQBzWj6vp1tpsME8wV1ByMH + 1PtSRavpy6tNcmYeW0aqDg9QfpWloKIdJtyVB4Pb/aNNhRP7cuBgY8lP50AZ + +q6vp1xFCsMwYrMjHg9AeT0rU/t7SP8An4H5N/hUetoggt8KP9fH/Ovir9sb + 9unwh+xzqfhfTfEvhW98Qt4ohupo2tJYohELVo1IbzOu7zBjHpQB9iaNq+nW + umxQTzBHXdkYJ6sT2FC6vpw1h7kzDyjCFBweu7OOlUvhtrlp4s8BaD4ptYWi + g1i0ivI0kxvVLhfMVWxkZAbBxX5F/D/4g/t4X3/BQi78MeJbLxEnwiXxDrEC + PLoixab/AGVCLj7GRd/ZlzGSseyTzPnOPmOeQD9gdX1fTrm2SOGYMwkRsYPQ + HntWr/b2kf8APwPyb/CotdRRZpgAfvY/51teWn90flQBy2j6vp1tYrFPMFcM + 5xg92JHQUf2vp39tfavOHlfZ9m7B+9vzjp6VoaCiHTlJUH53/wDQjRsT/hIM + YGPsv/s9AGfrGr6dc2RigmDNuQ4wegIJ7Vqf29pH/PwPyb/Co9eRBp5IUD50 + /wDQhWz5af3R+VAHLaRq+nW1q0c0wVjI5xg9CeO1I2r6cdZS5Ew8oQFd2D97 + dnHStHQkQ2TZAP7yT+dI6J/b8YwMfZz/AOhUAZ+s6vp11p0sMEwd2K4GD2YH + uK1f7e0j/n4H5N/hUHiMww6NcSuVRU2kscAABhkk+lfz/ftKf8FUfi149+Ij + fCb9jawMcIuns7fU4bNdR1DVZQSubS3eN0SJsErlHkYYbKcrQB++mlavp1vD + Ms0wUtK7Dg9CeD0ok1fTm1eG5Ew8tYmUnB6k/Sv5m9R/aq/4Kg/s2tZ+Mvil + FqP9gz3ADprWlWz2E0jHPlPNBGjxMwBwqyo3XA4r9uv2Pf2uPBv7XvhNfFmi + Wf8AY2uaQPs2r6W7iU20z/NG6Phd8MoBKMVByrKRlTQB9V6xq+nXOmzQQTBn + YDAwexB9K0V17SQAPtA/Jv8ACk15EGk3BCgcL2/2hWssabR8o6elAHMaXq+n + W63ImmC755HHB5U9D0pJ9X05tVtrhZgY0RwTg8E9O1aOjIhS7yB/x8y/0pLh + E/tu0GBjy5KAKeq6xptxp88MM4Z3XAGDzz9Kuxa7pKxopuBkADo3+FSa2iDS + rkhQPl9PcVoQonkp8o+6O3tQBzemavp0DXZlmC+ZO7rweVOMHpRc6vpz6nZz + rMDHGJAxweNw47VoaQiFr7Kj/j5k7fSi7RP7ZsBgYKy/yFAFTU9Z0yewnhin + DO6kAYPJ/KrMGuaUkEaNcAFVAPDdQPpVjWEQaZckKPuHtVy1RPs0Xyj7i9va + gDnNO1fToZrxpZgolmLLweRjr0ou9X06TUrGdJgUi83ccHjcuB2rQ0pFM9/k + Dic/yFfPn7XvjPxJ8N/gJ4z8deC7z+zdc0PR7+6s7kRxy+VNHGCrbJVdGx6M + pHtQB73qOtaZNYzxRThndGAGDySPpUtprelx2sMbzgMqKCMHqB9K/Lf/AIJh + ftEfGL9on4YfEPWfjJ4hPiK80e/ggtJGtbW28qOSAuy4toogctzlgTX6t2KJ + 9it/lH+rTt7CgDAsNX06G5vZJJgFlkBU4PIx9KL3V9OlvrGWOYFImcscHjK4 + HavzT/4KcfH34t/s8/C3Q/E3wd14+HtS1HxEtncTLbW1zvg+yTSbNtzFKo+Z + QcgA8dcZrK/4Juftt6r+0toj/D/4q38d18Q/Dby3BuPLig/tLT5T8sojiVED + wMRHIFUDaY25JbAB+pV9rWly2VxFHOCzxuoGDySCB2pbLW9LisreKScBkjQE + YPBA57Vwvx71zVPCfwL+Ivinw/N9k1TRvDmr3tpMEVzFcW9nLJE+1wynayg4 + YEHuCK/Lj/glH+1D8df2h9e+Iem/GPxOfEVtoFppr2SNaWlt5LTPOrnNtDEW + yEX7xPTjvQB+u1lq+nRX19LJMAkrIVODzgYNF/q+nTXVlJHMGWKQljg8DH0r + Q05EOo6iCBw6f+g0amiC90/AHMp/lQAy71vS5LWaNJwWZGAGD1I+lR6frWmQ + 2NvFLOFdEUEYPBA+la98ifYrj5R/q37exr86/j3/AMFDPA/7N/xd8P8AwT1/ + wjf6vd6tZ6fcC8tpYVjRb2VoQCj4JKlCTyM0Afetpq+nR6jfTvMAkvl7Tg87 + Vwe1Goavp001m0UwYRShm4PAx16VoWKJ/a2pDAwDD/6DRqqILiwwo5nH8jQA + 241zSnt5EW4BLKwHB6kfSq2mazpkFhBDLOFdFAIweD+Vbl0ifZZvlH3G7e1V + NHRDplsSo+4O1AGRbavpyapeXDzARyiPacHnaOe1Gp6vp07WZimDeXOjtweF + GcnpWhaIv9s6gMDAWL/0GjWEUPYYA5uU/rQAsuu6S0bqLgZII6N/hVLStY02 + 30+CGacK6LgjB45+ldDMieS/yj7p7e1Z+iIh0q2JUH5fT3NAGXBq+nLqtzcN + MBG6IFODyR17Umqavp1wtsIZg2yeN24PCjOT0rRt0T+27wbRjy46TWkUJZ4A + H+kx/wBaAHtr2klSBcDp6N/hWdo+r6dbabDBPMFdQcjB7kn0r8Tv2lv2vv2i + fAv/AAUU0H4GeE/Fp0/wRd6x4YtJtPFjZSB4dQNt9pUzSQNMN/mNyHBGflxg + V+4Ogoh0m3JAJw3/AKEaAM2LV9OXV5rkzDy2iVQcHqD9KXVdX064hhWGYMVl + RjwegPJ6VfhRP7duBgY8lP50utogt4MKP9fH/OgCT+3tI/5+B+Tf4Vl6Nq+n + W2nRQTzBHXdkYPdiewrqfLT+6PyrG8Poh0mEkAnL/wDoRoAz11fThrD3JmHl + GEKDg9d2cdKNW1fTrm2WOGYMwkQ4wegPPatBET+35BgY+zj/ANCo1xEFmmFA + /ex9vegCT+3tI/5+B+Tf4VlaPq+nW1iIp5grhmOMHuSR0ql418SXHhq1ha0t + Vka4LKJG+6hHqB1J7c1zfw38QyX0tzpWoPvkbM0ZIH/AlH6ED60Dsdl/a+nf + 219q84eV9n2bsH72/OOnpRrGr6dc2LRQTBnLIcYPZgT1FaGxP+EgxgY+y/8A + s9GvIg05iAB86f8AoQoESf29pH/PwPyb/CsvSdX062tmjmmCsZHOMHoTx2rq + fLT+6PyrG0NENm+VB/eydvegDObV9OOsJciYeUISpOD13Zx0pdZ1fTrnTpYI + Jg7ttwMHswPcVfdF/t+MYGPs5/8AQqXxAiDSZiFA5Tt/tCgCT+3tI/5+B+Tf + 4VlaVq+nW8MyzTBS0zsOD0J4PSuq8tP7o/KsXREUwT5AP7+T+dAFCXV9ObVo + bkTDy1jZScHqT9KXWNX06502aCCYM7AYGD6j2q/Mif25bjaMeS/b3p2vIg0m + 4IUDgdv9oUAC69pIUA3A6ejf4Vm6Xq+nW63ImmC+ZPI68HlTjB6V06ImxflH + QdqyNGRCt5lR/wAfMvb6UAZ8+r6c2q21wswMaI4Y4PBPTtT9V1jTbjT54YZw + zuuAMHnn6VduET+2rMYGPLkqTW0QaVckKB8vp7igCOLXdKWJFa4GQoB4b0+l + Z2mavp0DXhlmC+ZO7rweVOMHpXSwInkx/KPujt7VlaOil7/IHFy/9KAM+51f + Tn1SzuEmBjiEm44PG4cdqn1PWdMnsJ4YpwzupAGDyfyqzdon9s6eMDBWX/0G + rGrog0y5IUfcPagCtb65pSW8SNcAFVUHhuoH0qjp+r6dDNeNLMFEspZeDyMd + eldDaon2WH5R9xe3tWdpSIbi/wAqOJz/ACFAGdd6vp0mo2MyTApEZNxweNy4 + HarOoa1pk1jcRRThndGAGDySPpU98ijVtNAA5Mv/AKDVrVEQabckKP8AVt29 + qAKNprelx2kMbzgMqKCMHqB9Kp2Gr6dDdXskkwVZZAVODyMfSt+xRPsVv8o/ + 1advYVQ0xFN7qGQOJR/KgChe6vp0t7ZSxzArEzFjg8AjA7Vavdb0uWyuIo5w + WeNwBg8kg47VNqCINQ04BRy7/wDoNXNRRBp90Qo/1T9v9k0AZljrWlxWVvFJ + OAyRopGDwQAD2qtZavp0V9fSyTAJKyFTg84XB7VuaaiHTrUlR/qk7f7Iqnp6 + IdR1EFRw6f8AoNAGdf6vp01zZSRzBlikLMcHgY+lXbvW9LktZo0nBZkYAYPU + j6U/U0UXmn4A5lP8q0L5E+xXHyj/AFb9vY0AY+na1pkNjBFLOFdEUEYPBA+l + V7TV9Oj1K+neYBJfK2nB52rg9q2tKRDptsSo/wBWvb2qrYon9r6kMDA8n/0G + gChqOr6dNLZtFMGEUwZuDwMdelXp9c0p4JEW4BLKQOG6kfSnaqiCewwo5nX+ + RrSuUT7NL8o+43b2oAwtM1nTILCCGWcK6KARg8H8qhttX05NUvLhpgI5FjCn + B5wOe1a+joh0y2JUfcHaoLRE/tm/GBgLF/KgDP1PV9OnNoYpg3lzo7cHhRnJ + 6Voy67pLRuouBkgjo3+FJrCIGscAf8fMf9a1ZkTyX+UfdPb2oA57SdY02306 + CGacK6DBGDxz9KZDq+nLqtzcNMBG6IAcHkjr2rU0REOlW5Kg/Ke3uajt0T+2 + 7sYGPLjoAz9U1fTrhbYQzBtk8bng8KOp6VpNr2kkEfaB+Tf4U3WUQJaYUf8A + HzH2+ta7RptPyjp6UAczo+r6dbabDBPMFdQcjB7kn0pser6curzXJmHltEqg + 4PUH6VpaCiHSbclQeG7f7RpsSJ/bs4wMeSv86AM/VtX064hiWGYMVlRjwegP + J6Vq/wBvaR/z8D8m/wAKi1tFFvBgAfv4/wCdbXlp/dH5UActo2r6dbadHDPM + EdS2Rg92J9KF1fThrLXPnDyjAF3YP3t2cdK0NARDpUJKg8v2/wBo0Kif2+42 + jH2cdv8AaoAz9X1fTrm1WOGYMwkQ4wegPPatT+3tI/5+B+Tf4VHrqILJcAD9 + 5H/Otny0/uj8qAOV0fV9OtrIRTzBW3OcYPQnjtR/a+nf20Lrzh5X2fZuwfvb + 846elaGgop08EgH53/8AQjQUT/hIQMDH2X/2egDP1jV9OubFooJgzllOMHsw + J6itX+3tI/5+B+Tf4VFr6INNcgAfMn/oQra8tP7o/KgDltJ1fTre2dJpgrGR + 2AwehPHap4b61vNdje2k3jyWXoRznPf2qzoaIbSTIB/eyfzoZVGvxYGP9Hb/ + ANCoA26KKKACiiigAooooAKKKKAP/9X9z5dLC6rBB9pnO6NzuMnzDHYHHSna + tpYg06aYXVw+0D5Xkyp5HUYpss+qHVYGa2QSiN8Lv4I7nNP1afVX06Zbi1SO + MgZYPkjkdqALsejKUU/bLkZA/wCWv/1qz9M0wTfa/wDSZ08u4kT5XxnGOTxy + T3NaMdzrWxcWaEYH/LSs7TJ9UX7X5Fsj5uJC2XxhuMj3x60AFxpgTVLWD7TO + d6udxf5hgdj296k1PSlhsJ5ftVw+1c4aTKn6jFR3E+qHVLVntkEoV9q7+CMc + 89ql1OfVmsJ1ntUSMryQ+SB9KALUOjq0MbfbLkZUHAk46fSqGnaWJpLsfaZ0 + 8uZl+WTGcY5PHJq/DcayIYwtmhG0YPmdsVQ06fVFkvPJtkcmZi2XxhuMj3oA + LrSwmpWUP2mdvM835jJllwuflOOM96m1HSVhsZ5ftVw+1CcNJkH6jFQ3U+qH + UrJntkWRfN2LvyGyvOT2xU+o3GrNYzrNaoiFDkiTJA+lAEtto6vbRP8Aa7kb + kU4EmAMjtxVOw0wS3F4v2mdfLk25WTBPHU8cmrttcawLaIJaIVCLg+ZjIxVK + wn1Rbi8MVsjMZMuC+MHHT3oALzS1jv7KL7TO3mF+TJllwuflOOPerN9pKxWV + xJ9ruG2xscNJkHA6EY6VWvJ9UN/YtJbIrqX2APkN8vOT2xVm/uNXayuFltEV + DG24iTOBjk4oAWz0hZLSCT7XcruRTgSYAyOg46VVstLEl3ex/aZ18t1GVfBb + I7nHNW7O41gWkAjtEZAi4JkxkY4NVLKfVBd3pitkZy67wXxtOO3rQAX2mCK7 + so/tM7eY5GWfJXA7HHFWrzSFjtJ5Ptdy21GODJkHA6HjpVW+n1RruyMtsiur + tsAfO447+lW7y41g2k4ktEVCjZIkzgY5NADLDSVlsoJPtdwu5FOFkwBkdAMd + Kr2emCS/vovtM6+UU5D4Zsr/ABHHOO1WbC41dbKBYrRGQIu0mTGRjg4qtZz6 + oL++aO2RpGKbxvwF+XjB70AF/pYins1+0zt5ku3LSZI46jjg1dudHVLeV/td + ydqMcGTIOB34qlfz6o09mZbZFYS5UB85OOntV25uNZNvKHtEClGyfM6DFAEG + naSs1jBL9quE3IDhZMAfQYqG10wPqV7D9pnXyxH8wfDNlc/Me+O1T6dcastj + AsNqjoEGCZMEj6VBaz6oNTvWS2RpGEe9d+AuF4we+aADUdMEL2g+0zv5kyr8 + z5xnPI9DV+bR1WGRvtlycKTgycdPpVDUp9UaSz862RCJlK4fOW7D2q/NcayY + ZA1mgG05PmdsUAVNL0pZ9Pgl+1XCblzhZMKPoMVHBpYbVLqD7TONiodwk+Y5 + Hc459qk0ufVl0+BYLVHjC8EvgkfSo4J9UGqXTLbIZCqbl38AY4570AGp6WIf + sv8ApM777iNPmfOM55HHBHY1ovoyhGP2y54B/wCWv/1qztTn1RvsvnWyJi4j + K4fOW5wPx9a0Xuda2NmzQDB/5aUAUNJ0tZ9Ohm+1Tx7gflSTCjk9BimxaWG1 + WeD7TONsaHcJPmOexOOlP0mfVV06Fbe1R4wDhi+CeT2pkU+qDVZ2W2QymNNy + 7+AOxzQAappggjgIuZ33TIvzvnGe4461p/2Kv/P5df8Af3/61Zmqz6o0cHn2 + yIBMhGHzluwrTNzreP8AjzT/AL+UAZmjaWLjTYZjczx7t3yo+FGGI4GKE0tT + q8lv9pnGIQ27zPmPPTOOlGjT6ommwrb2ySRjdhi+CfmPahJ9U/teRxbJ5vkg + Fd/G3PXNABquliC3RxczvmRBh5Mjk9enWtP+xV/5/Lr/AL+//WrM1afVGt0E + 9siL5iEEPnnPArU+063/AM+af9/KAMvR9MFxYpKbmePJYYR8Dhj2oGlr/bBt + /tM/+oDbvM+f72MZx09qNHn1RLBFt7ZJEy2CXx/Ec8UCfVP7ZL/Zk87yANu/ + jbu65+tABq+mC3s/MFzPJ86DDvkcn0rT/sVf+fy6/wC/v/1qzNXn1R7PFxbJ + Gm9OQ+ec8Vqfadb/AOfNP+/lAGXpOlie0Lm5nj+dxhJMDg/Sg6WP7YW3+0z8 + wFt3mfN97GM46e1Gkz6oloRBbJIu9+S+Oc80GfVP7YV/syeb5BG3fxt3dc/W + gA1jSxb2EkouZ5MFeHkyvLAdMVp/2Kv/AD+XX/f3/wCtWZrE+qPYSLcWyRx5 + XJD5P3hjitT7Trf/AD5p/wB/KAMvStLE8EjG5nTErrhJMA4PXp1ok0wDV4rf + 7TOd0TNu3/MMHoD6UaVPqiwSCC2R1MrkkvjBzyKJJ9U/teJzbIJREwC7+CM9 + c0AGsaWLfTZphczybdvyvJlTlgORWkNFXA/0y6/7+/8A1qztYn1R9NmW4tkj + jO3LB8kfMO1aQudbwP8AQ0/7+UAZml6YJ0uCbmdNkzr8r4zjuff1om0sLqtv + B9pnO9HO4yfMMehx0o0ufVFS48i2RwZnLZfGG7iiafVDqtuzWyCUI+1d/BHc + 5oAfqulrBp80v2q4faB8ryZU8jqMVdj0ZSin7ZcjIH/LX/61UtWn1VtPmWe1 + RIyBlg+SOR2q9Hc61sXFmhGB/wAtKAM7TNMExu83M6eXcOvyvjOMcnjk+pou + NMCapaQfaZz5iyHcX+YYHY44z3o0yfVFN35Fsj5uHLZfGG4yPf61zHi7xLqu + hXlhctbRCQiTCsxYEcA9CMdaAOr1PShDYTyi6uH2rnDSZU/UYq1Bo6tDG32y + 5GVBwJOOn0rjNN8YX3ibT75BZLEsCr5jh8/ezjAI9q7SC41kQxhbNCNowfM7 + YoAoadpYmku1+0zp5czL8smM8Dk8cmi60sJqVjD9pnbzfN+Yvll2rn5TjjPe + jTp9UWS8MNsjkzMWy+MNgce9F1Pqh1KxaS2RZF83Yu/IbK85PbFAE+o6SsNj + PL9quH2oThpMg/UYqW20dXton+13K7kU4EmAMjtxUWo3GrtYzrNaIiFDkiTJ + A+lTW1xrAtoglojKEXB8zGRigClYaYJbi8T7TOvlyYyr4J46njk0XmmCO+so + vtM7eaXGS+SuF/hPaiwn1Rbi8MVsjMZPnBfGDjoPWi8n1Q39i0lsiurPsAfI + b5ecntQBZvtJWKyuJPtdw2yNjhpMg4HQjHSls9IWSzgk+13C7o1OFkwBkdAM + dKS+uNXayuBLaIqGNtxEmcDHJxTrO41gWcAjtEZBGuCZMZGODQBUstLEl5ex + /aZ18t1GVkwWyO5xzRfaWIruyT7TO3mORlpMleO3HFFlPqgvL0x2yM5dd4L4 + 2nHGPWi+n1RruyMtsisHOwB87jjv6UAW7vSFjtJpPtdy21GODJkHA78dKZYa + SstjBL9ruF3IpwsmAMjoBjpT7u41g2kwktEVSjZPmZwMcmmWFxq62MCxWiMg + RdpMmMjHpQBXtNMEmoX0X2mdfKMfzCTDNlc/Mcc47Uahpgins1+0zt5ku3LP + kjjqOODRaT6oNQvmjtkaRjHvXfgL8vGD3zRqE+qNPZmW2RGEuVAfOTjp7UAX + bjR1S3lf7XcnarHBkyDgd+Kg07SVmsIJftVwm5AcLJgD6DFT3FxrJt5Q9mgU + q2T5nQYqDTbjVlsIFhtUdAgwTJgkfSgCG20sPqV7D9pnXyxH8wkwzZHc45x2 + o1HS1he0H2md/MmVfmkzjOeRxwaLafVBqd6yWyGQiPeu/heOMHvmjUZ9UZ7T + zrZEImUrh85bnA9qAL82jKsTt9suThSeZOOn0qppelCfT4JTdXCblzhZMKPo + MVbmudZMThrNANpyfM9qqaXPqq6fAsFqjxheGL4J59KAI4NMDapdQfaZxsVD + uD/Mc+pxz7Uanpawi1/0md988a/NJnGc8jjgjsaIJ9UGqXTJbIZSqbl38Adu + aNTn1Rha+dbImJ4yuHzlucD8fWgDRfRlCk/bLnof+Wv/ANaqGk6WJ9OhmN1P + HuB+VJMKOT0GK0Huda2NmzTof+WlZ+kT6qmnQrb2qSRgHDF8E8ntQA2LSw2r + TwfaZxtjU7hJ8xyehOOlGq6YIIoWFzO+6ZF+d84yeo96Ip9UGrTstshlMa5X + fwBng5o1WfVGihE9siATIRh85bPAoA0/7FX/AJ/Lr/v7/wDWrM0bTBcabDMb + mePdu+VHwowxHAxWp9p1v/nzT/v5WXo0+qJpsK21skkY3YYvgn5jnj60ACaY + Dq8lv9pn4hDbt/zdemfSjVtLEFsji5nfMiDDyZHJ69OtCT6p/bEji2TzfJAK + 7+NueuaNWn1RrZBPbIi+YmCHzzngUAaf9ir/AM/l1/39/wDrVmaRpa3Fisv2 + mePLMMJJgcMR0xWp9p1v/nzT/v5WXo8+qJYqtvbJIm5sEvg/eOeKAD+yx/bJ + t/tM/wDqN27zPn+9jGcdPavm+/XbfXK5JxI4yevU19ICfVP7ZL/Zk87yMbd/ + G3d1z9e1fN9+WN9cFhhvMfI98mgqJ9L6do6tp9q32y5GYkOBJx90e1QaTpgu + LUyG5nT53GEkwOD9OtT6dcayNPtQtmhXykwfM7bRUGkT6olqRb2ySLvfkvjn + PNBINpgGsLb/AGmfmAtu3/P97GM46e1GsaYLfT5JRczyYK/K8mV5YDpihp9U + /thXNsnneQRt38bd3XP1o1mfVH0+Rbi2SOPK5YPk/eGOKANP+xV/5/Lr/v7/ + APWrM0rSxPDKxuZ02yuuEfAOD1PHWtT7Trf/AD5p/wB/Ky9Kn1RYZRBbI4Mr + kkvjBzyKACTSwNWig+0zndEzbt/zDB6A46UusaWLfTpphdTybcfK8mVPI6jF + JJPqn9rxObZBKImAXfwRnrml1ifVH06Zbi1SOM4ywfJHzDtQBojRlIB+2XP/ + AH9/+tWbpemCdLgm5nTZO6/K+M47njr6mtJbnWsDFmn/AH8rN0ufVFS48i2R + wZ3LZfGG7igAm0wLqtvB9pnO9HO4yfMMehxT9V0pYNPml+1XD7R915Mqee4x + TJp9UOq27NbIJQj7V38Ed+afqs+qtp8yz2qJGRywfJHPpQBdj0ZTGp+2XIyB + 0k/+tWfpuliY3f8ApM6eXO6/LJjOMcnjk+9aEdzrXlrizQjA/wCWlZ+mz6op + u/JtkfM7lsvjDcZHv9aAC40sJqdpD9pnPmLIdxk+YYHY44z3qXU9KWGwnl+1 + XD7VzhpMqfqMVFcT6odTtGe2QSBZNq7+Dxzz2xUupz6s1hOs9qiIV5IfJA+l + AFmDR1eCNvtlyMqDgScdPpVHTtME0t4v2mdPLmK/K+M8dT6mr0FxrIgjC2aF + dowfM7Yqjp0+qLLeeTbI5MxLZfGGx096AC60sJqNjD9pnbzfN+Yvll2rn5Tj + jPep9Q0lYrGeX7XcPtRjhpMg4HcYqC6n1Q6lYtJbIsi+bsXfkN8vOT2wKn1C + 41drGdZbREQo2SJM4GPSgCW10dXtoX+13K7kU4EmAMjtxVOw0sS3N4n2mdfL + kxlZME8dTxyauWtxrAtoQlojKEXB8zGRiqdhPqi3N4YrZGYyfOC+MHHT3oA/ + l3+AXh+y+NH/AAVRuIfF4a/tH8W+INQdZTvP/Eu+1T2qncCCEeKIAHjAxX9S + N9pCxWVxJ9ruG2RscNJkHAPBGOlfzBfsYTT6T/wVLntJ4wt02u+LINjHH7wQ + 3pKk/wDAT+Nf0+31xq7WVwJbRFQxtuIkzgY5OKAP5avFWg2fwc/4Kt6Vo3hN + Tpto3jTQ3VLc+WI4tcFtJOiBcBV23TqFAwF46V+qH/BR39qr4q/soWfg+7+F + 0lo8niC6voro38bz5W2jgZCuySPBzI2c57V+Yfx8nl1b/grVpRsUEkn/AAmH + g2JVByC0MWnRnP4rz6V9R/8ABa5530f4ZGeMRsb7VsgHOD5VrQB43qP/AAUy + /bV+Imix+JPhX4F2aPoFtCNU1C20281OIXccStcyPMCYreJjllQ/MiH5pG61 + +h37P/7YvxF1X9kbxV+0v+0p4dbw/pmhJu024spXiXXBI3lRiK1mLtHumZIh + IZCkhYkBVQ5+g/2MPD9t4W/ZT+Dmn6Jp0VtBcaFZX5CEDzbi+hFzM7YHVnkY + kmvnD/grrfarp/7Hw06OyS3tLjXdMt2EbDakaLLIo2jAA3IoH4UAfnjp3/BT + X9uH4oeIL24+DfgqO90zTf3jWGm6Xe6q0EBzt+0yxPu6A/MoiBwcAVqeGP8A + gqz+0T4t+LfhDwomi6Vodtqeo6bpuqQNHcSStLJcLDcMjNKrRZDYVG3lCOWa + v0Z/4JN6BBoX7HGg6vomnxG51/UdTuryXcFeSWK5e2Tdxn5Y4VAB/rX5Q/tq + 6BYeH/8AgpxZNpdpHZvqWteGr6eKPAT7TMbfzG47yEb2PUsxJ60AfuL+238f + dV/ZX+EH/Cx9D8P33iq8e6S1jBdhaWbSKds91Io3JHnCjA+ZiE3LkGvyCtv2 + 4v8Agpz4g8OH4l6N4CuJvCksbXC3Fv4evZbEwAZMiyl2ZogP495GM5Nfsb+2 + B+0t8N/2c/h5BrPxf0xNWg1qSW1tdGQR3D6kQn72No5fk8lVYeazZUBgMMWV + T+dunf8ABXX4o+I9OM3gH9nK+vtFVTDFJbXlxPGqqNuAYbDYMYxtHTGKAPoD + 9gH9va3/AGrdQv8A4b+OrH/hHvGumWpvIvsMzixvrZGVJDEkhZ45IyykoXfK + ncDwQK//AAUh/aq+Kv7J8Hg+5+FslpJJ4gnvI7o6hG85K28cLJt2SR45kPXP + avyz/wCCcWt3up/8FDINYtNJ/sR9UfxDK2mElRaiWGeT7Mcqp/dHC8qvK9B0 + r6z/AOC2L3D6Z8MWuYxG5u9UyAcgfurbHNAHk1//AMFLP21/iZocOufCH4eu + 2k6Lb266nqFtpl7qiC+jiDXLmVSYYI2bLJGQXROsjda+w/2Cf+Cit/8AtKeL + pPg/8WrNNJ8XT289xp13p8kiWl8LdDJJC0MrSNHKsYaTIcq6q3CEAN9i/sa6 + FD4Z/ZM+Dmn6Np8Vtbz6Jpt98hC+bc3sIuZXbA6vJIzEmvxD8FaZF4M/4K9y + ab4ctksY08V6jtgiwsaC7tZmlRQOAv7xgAOAOKAP19/b1+O3j79mb9njT/ib + 8N5oW1a41i0sGS9V5YBDNFO7YRHjIbMa4O714qP9mn43/FD4yfsaXfx0v41u + fHD6TrlzbQWMUnlzXVhLdRWsawhnkfcYkG0NliTjGRXiX/BXaS8P7H2lJJCq + wDxLp+192Sf3F12r1D/glhLex/sa+CfskKyndquctt4/tO6oA/OOb9t7/gp/ + 8nn/AAovfvDbu8Lar97tjL9aw/hj/wAFPP2v/Fnxh8L/AA11nT9M83U9btNM + u7RLC5S6USXCxTJsM5ZXUbs5XKkcjiv0C/4KZftp3fwF8DR/C3wXcJb/ABB8 + TxF0lhk3SaZYtuRrk45WWQ5WHuCGf+EBvMP+CW/7FmpfDfQov2kviRpAfxR4 + gtydEt7k4ewsZ15uGVuRPcqeO6xHHWRgAD6C/br/AGufFf7JXw98Pan4N8MX + Otal4kkmhivrlnGkWTxc7JvKKu8sgyUjDpkBm3fKVP5p6h+3J/wUx8KaSfiN + 4k8Bz2vh5Y0nknuvD15DaLATlWklDK6Rt2ZnAORg1+qH7XX7Z/wl/Zg8LaNo + PxB8Pp4x1fWALyx0YeU+VtpgyXM5lDLCiyr+7fazF1OwfKxX4avv+CqXxZ8d + aTqRsf2bb/U9E1yzktmK3V1cxSW8yFWJZLDaysrHPYigD7V/Yo/bK0X9r3wb + fte2kuh+MPDk9smo2SzmW3eK4LCO5tiwDbSUYMrZKHGWIYE/i9/wVI8TfHXW + vjb/AGP8WNFbTfDmiXmqW/ha5aFoze6f5seZS7Owk4VOQF69K9L/AOCNU9yn + xv8AGsEPKPoMblc4BZL2AL/6ER+Nem/8FupL2TxT8JvtkKwkWWr4w27P7y2o + A+vf+CeHjv8AbC8bTQ+Hvjl4Xfw/4A0zw5AdGv47drZrmVGgjhG8yuH3Qb2O + EHIzx0Pm/wAPf21/jV4n/wCCiN3+zFqT2A8Ixa5rWmCSOGRb77Pp9vcyxZmM + pXduiXcdmCM8Cv1A+Ac+qJ8EPAS21skkY0PTsMXwT/o6Z4r+fz4PSXQ/4LIX + 8iRAz/8ACWeJvk3cZ+x3uRmgD94f2lvjF4L/AGa/hPqPxT8bXd3PaWckUMFq + kgMt3dSk+XDEGwNxwSSeFUMx4FfhZ/w8m/bw+KN1qvij4PeCXfwzpbsZF0/S + bzVUtYx8wF1dLldwXlmCxg9QoFfS3/BbPW9ZX4b/AAy0K5g8q1u9Wvrlirbl + MltAiJn3xM2Pxr9CP2FfD6eEv2RfhXYeHtNgigvNDtb+RkYKZLi+T7RM7ccs + Xc5z9OgFAHyx+wP/AMFBdO/ac1hvhR8RrT/hHPHiQy3Fs1jIy2GoxxDdIIkk + LvFMi5YoWcMqswYYKjQ/4KUftTfFT9k238C3nwuktZZfETX0d02oxvOQtuIi + gTZJHjlznOa/NDUrO3+HX/BXqxtfCdskCS+LdPbyoflQNq1tE1x06AtcOT26 + 19L/APBbh7qTSvhQbuIRP52q4Abdxtt+c0AeQX//AAUr/bY+Jvh9db+EXw9d + 9F0a1t11XULbTL3VIxeRxqbh2kUmGCJnyyRsC6JjMjda+xv2BP8Agopf/tLe + Mz8Hfi1ZrpHi64gmuNOu9OkkS1vRbqXkhaGVpGjmWMNICHKsqtwhADfYX7He + hQ+Gf2PfhRp2kafFa2dxoGm3zlCAXnvY1uZXYAdXkkYk9ea/EbwLpkfgv/gs + AdO8N2qWKJ4t1ApBFhY0F3azNIi44C/vGAAGAOKAP6XtJ0sT2pc3M6fO4wkm + Bwfp1obTANYS3+0z8wlt2/5vvYxn0r8z/wBuD4+fth/B3V/CVl+zZ4Tudf0/ + Uob2TUHt9Gn1YRzRyoEVmhU+XwTgHr17V8En9tz/AIKoG+Wc/DbUfPEZUD/h + EL37uc5xs9aAP2n/AGxLi68KfssfFTXtPvbkXNv4d1BYmMh+V5YWjDD3Utke + 4r8gv+CJnw70XWvEfxP+IV8hGpaNBpmn2cqkB40vTcSXGCQSN3kRjI7ZFfpx + +1FqPjPxH+wT401DxVp/2XVb3wb9qvkwY3juDbJLMpiPKbW3AqeV6HpX56/8 + EQtRuF0r4v6fZxLLKk2hysGbaQrreKCPXlT9PxoA/ZLx58NtE+J3wz8VeBfE + Ie5sNbtLuzkiZgUO9CFfBB+ZWwwbqGAI5Ar+dL/gkNqXipvjP8QvC/hK6Frq + GpeDr24szISYft9rcW62rSqCu5FaZsjIOCRkZr+lr+0r7TdG1G+a3QwW4nlk + ZnxtCAs34DFfzVf8EZ0vf+Gptfns4RKYvCd9uycAZvbIdaAPs/8AYQ/bw+LX + 7QXxY8SfCf40rZ2l1a6ZLdWSWsMlu32m0njjnhkWSWTJ2OWA4xsNeyf8FI/2 + xPGP7Jun+C9F+GFxDceJPEklzcTi/DzxxWNsqoPkR4yGkkf5Tk8RsMV+Z/xe + sJ/2TP8AgqRa+J3j/s7Rtd1mHVQQcJ9g1/dDeEDptjkknAHT5B07X/j54e13 + 9vz/AIKL638MdFuTDpvhy2udIjnRgyW0WjwyGViSCCr37MuQOQ4+tAH7i/sc + fFl/2jP2e/DHxVvrhoNU1FJIdRitmKRpfWzGKfCksVDMu9QSTtZeT1r86PhF + +3R8dPjd+3O/wN8HHTX8Bw6zqUIumgle6/snThIWl84TABphGNp2YDOoINfN + P7AH7TurfAH4FftCfDvWj9j1TwlYXGu6dDK214r9tumypg+lybUYHcsa9G/4 + It/C+7bWvHHxumthMyImhWLucAs225vOT3A+z/8AfRoA7j9sn/goZ8Zv2cP2 + qtR+FukW1jqvg3SP7LmngnST7ZNDcQRTTos4k2qx3MEYxkLwSGxg/P3ij/gp + N+3zpun2/wAT5PAq6D4Hu3H2Se50fUP7OmSQ/uwb2SRRISON0bqGPRR0HJft + zaNa+Kf+Cn9j4d8Q2ySWmrar4UtLmE4dXhnjtY3U54IZSQa/og+OGhjxL8Cv + HHhjWNKgn0y80DUIXjZlKhRbPtKqRgFCAy+hAI5FAHz9+wx+1Ron7X3w71PX + vIm0LxL4fuI4NWsIpy8amdC0U8bEZMc2x8BvmUoykkAM2N+3R+2F4d/Y+8Pa + S0ME3iDxf4gS4/s2yefZHGsW0NcXDj5liDMAFUZkIKgrhmX83f8AgiRfanB4 + 0+KtnYoJYptP0uSRC20bo5Zwp/AO3514f/wUr8XXt7/wUBt11vQT4ig8MpoF + uuj7mYX8OEvGtV2q5xO0zR8Kxyx4J4oA9Kvf+CgP/BRXR/DsHxh8Q/D5I/AN + 0qOJpdGvo9NaKUgI4uDNvCvkBHLlGJGM5wf2E/Y1/ae8Hftd/DOTxZohu9H1 + zRpI7XWNMacP9mndNyPEwA3wygN5bEA5VlIyuT+dPiT/AIKZfGnxN4W1Dwfr + n7K+oT6NqVq9ncW7vemFreRdjRlTp+NpU4xXlX/BH7w78VPA3x68YWGs+FdU + 0nSdX8OSSFr61ntoTPbXdv5Q3yIqs2yWTA64zjjNAH0l+3Z/wUZ1r9nLx7c/ + Bz4Q2EOpeJ7QRzaje37yPb2vnqHjhWGNozJMUKuXLhVDKNrEnb8F/FX9u39s + S7+FmueBv2gvAb22heN9NubK0vrrTbzSZd064EkEkuYpVXqUCZYfxjrWpoOk + 23xD/wCCwF1p/iWzS5RPGGoSmCbBRn0qCWWAHIII3QIRxzX7Hf8ABRnw9b+L + P2SfHsHiGxjP9nWDX9s24M0c9rJHIrqT908bTjkqzL0JoA+JP+CLtqJvhH8U + Z/NkTy9VtflVsK3+jN94d6/bq10hZLWF/tdyu5FOBJgDI7cV+Iv/AARdku1+ + EfxSWGIPE2q2u9i2Cv8AozdB3r9urW41gWsIjtEZQi4PmYyMcUAfi/8A8Fmr + YQ/A/wAJ/vHfZ4pVfmbOf9BuDk+/vX4q+E0+Lf7L2q/C39ozQM20Ovxz6jpN + yhbyp0tLmWzvLSUjHJCESKD/AKuRSDk8ftV/wWae5b4H+E/PjCZ8UqWw2cN9 + huOPyq/8Fv2c9P8A2ov+CYvw8+G19FFb6mkWq3Wi3rHm3v49Qu9jNwSI35jk + HOUYkfMAQAfZ3iP4oeD/AI+fsOeN/i34J1C4k0/WfBmuSNA8wZ7a4SwmE1tM + APvxOCp7EYYfKQT+W/8AwRGsxd+K/iwDNJDtstJ/1bbc5kuetfGH7PP7RXjD + 9luw+Mn7N/xLt57PR/Fej63pVzZygl9O1wWktvFIqjPEjYhkxww2PnCc/aH/ + AARGkvY/FfxY+xwrMTZaTnLbcfvLmgD9Ev21/wBsrw1+yD4eSOO3n13xjr5k + Gl2Pn+XEFiUb7i7cfMIlLAKqjdIcqCoDMv5e3v8AwUE/4KIaJodn8ZPEfw/j + i8DXGySOaXRr6LT2ikwEkS5M29VfICSFypJGM5xXl/8AwUk8VXV1/wAFAk/t + nQj4jh8Of2DCNH3MRfxbY7trVdqucTmZo+FY5Y4BPFfXXiT/AIKW/GXxTokn + hbXv2V7+50i7gktZrOR7wwzQSoY3iKf2fjaVOMelAH6LfshftReDv2ufhZd+ + MdE+16TrmikW2saXJOJPs87JuRkYAb4JQG2MQD8rKRlcn+az9rbxh+0J4p/a + GsNb+Mugf2J4wtobSPTbVbdofMtYriQ2jhGd873JGcgHHQV9z/8ABInw38Uv + A3xx8badrvhXVdH0fV/DUzs99az20XnW13AIxukRVZwksmB1xnHGa4L/AIKb + NMf24/BBkQKRpWghec5H2ybB9s0Afon8Kviz+3bqvwG+NPjf4qeF4fC/jLwj + Y299oMMtnJFHdiBJp7tHi89nkPlRqseGXDMOvSoP+CdH7ZPjr9q0+LND+KMl + rDrnh+eymtvsKPCr2lyJFc7XeQ7o3jGWyOHAxX6jx/bri71GGSyjmE4RJo3Y + FdpXGDnggjrX80v7JyXP7Jf/AAUr1P4T6ifsmnXd7f6EPNfaptrjF3pzsTxl + 9kHPYOaAPtn/AIKK/t6fEb9mb4qaJ8LvhDNZ3Vx/ZgvtVbUEkuNr3MhWCJQk + ke0hELtnOQ69K/T34cePvDXjX4JaF8aP7QmtNG1LRY9YlKy/LBEYfOlU8cGL + DKw7EGv5itT8D+Lf2/Pjt8ffi5ojStbaBpt/rdpt58yKy2w6facj70ltEcAY + yVPSvd/g/wDtY3Ohf8EufiT8MpLhRq+jXq+HrPL4f7D4iZ5SMdT8i3uPQKBQ + B9a/sB/toftC/tYfHzWPDXiKLTrLwdpen3OoXL20EqXKjzFitYvOMzKXy+Tl + eVRsY7edftI/8FRvHN18T5fhN+yXoh8QSWV29oNQuIpdQnv7mIlT9gtYCvyA + g7XbeXHIVRgnb/4JmeB9V+Gv7G3xY+NVrZ7tS8S2moy2zg7W+yaPbTrEUPXJ + uDOOP7orxT/gjB4b028+InxB8WyWsc2p6Ra6ZbWrvjci3kszShc9N3kICR24 + 70AbXw9/4Kl/tB/C/wCIEPg79rjwhcWmnzBftAWzuNK1a0SQ4E32ec7ZYxg/ + JsQnkh+Np/b7xb4pWw+Amv8AxW8G6ibr7L4dvdZ06QOWtpfLtXuIH2jBKNhT + gEZB6ivy9/4LV+Hba7+DPgPxlf2EMWqWGvmwinBBk8i7tJpZEz127oEPsfrX + vP7Peta3q3/BLW3uJrcMkfgbXbcOz4by7aO7gXg+ioMe1AH5j+DP+CsP7Vfi + KG98L6N4UsPEnjHV5II9L+wWt3I6KqyGZTaxSvJcO3yGPDKE2sWDggD6Q/ZQ + /bN/bb+JH7QFl8Gvin4H+0QRyRvq/n2dxpF5pFvIRi4k80lQAD8kbRhpDgKw + 5NeZ/wDBEvw/Z3Pjn4oeLEsY7nVNLsNNtIJXwGiivZJ3mCk9NxgTOPSv6BtT + +3eZDcS2UccrSxDeGBZ9hYopOM4BY49Mn1oA/m3/AGvbUQ/8FZfDNt5sj58Q + eDBvZsvz9j7+3av1G/bi/bQ0X9lH4d2Vh4cuBqPxG8Qozadp7yEwW0Acq93c + opVvLBBWNdwMj5x8qvj8f/8Agod40vvh9/wUYufiF9iS4uvDNz4b1RbZnISV + rK3tp1QuASA2zBIHGa+dfhb8S/DfxO/a28O/Ef8Aa0Mms6NrmpRzah5reVbK + rgrah1IOLKJ9gdBx5QIyeQQD+h/9gzx7+1B8b/Clx8Tvj8LLR9H1eCN9EtbO + 2ltryeIt/wAfUjSSviFxxEu3Lj58hdu/7y1TSxBDEwuZ33SouHkyBk9Rx1qG + ykvIr9ls7SJQsEarGjgIsY+7txxjHQCptVn1RoYhPbIgEqEEPnJzwKANP+xV + /wCfy6/7+/8A1qzNH0sXGnRTG5nj3bvlSTCjDEcDFan2nW/+fNP+/lZejz6o + mnRLb2ySRjdhi+CfmOePrQALpanWHt/tM/EIbd5nzfexjOOlGraWILZXFzO+ + ZEGHkyOT16daFn1T+2HcWyeb5IBXfxt3dc0atPqjWyie2RF8xMEPnnPAoAre + JPC6X+jXMQuJ5pEUyRq77hvUZHGO/T8a+ftIvDp+p213vaNY3G4ocNtPDYP0 + zX099p1v/nzT/v5Xy9qUP2fULiHGAsjYHtnigqJ9GDTUbWBAt1OQbfeH8z5v + vYxnHTvS6vpYt7JpRczyYZRh5Mjlh2xWJ4b1DULuOxuYoVkk+xKnL4yqNtLE + +uR0rb1efVHsmW4tkjTcvIfPORjigk0/7FX/AJ/Lr/v7/wDWrM0nSxPbM5uZ + 0xI4wkmBwevTrWp9p1v/AJ80/wC/lZekz6otswgtkdfMfkvjnPIoAG0wDWEt + /tM/MJbdv+b72MZx0o1jS1t9Oll+0zybdvyvJlTlgORihp9U/thHNsnm+SQF + 38bd3XNGsT6o+nSrcWyRxnblg+SPmGOPrQBp/wBir/z+XX/f3/61ZmlaYJ4p + mNzOm2V1wj4Bwep461qfadb/AOfNP+/lZelT6osMwgtkcGVySXxhs8igAl0s + DVoYPtM53Rsdxk+YYPQHHSl1fS1t9Omm+1TybQPleTKnkdRikln1T+1oWa2Q + SiNgF38EZ5Oadq8+qvp0y3FqkcZAywfJHI7UAaC6MpUH7Zc9P+ev/wBas3TN + LEy3P+kzpsnkX5ZMZx3PHU9zWktzrW0Ys06f89KzdMn1RVufItkfM8hbL4w3 + GRQATaWF1S2g+0znejncX+YY9Din6ppQg0+eUXVw+1fuvJlTz3GKZPPqh1W2 + ZrZBKEfau/gjvzUmqz6q2nzrPaokZXlg+SOfSgC3FoytEjfbLkZAPEnt9Koa + bpgma7H2mdPLndflkxnGOTxyfetCK51kRIFs0IwMHzPas/TZ9UVrvybZHzO5 + bL4w3GR70AFzpgTU7OH7TOfMEnzF8sMDsccZ71NqWlLDYTy/arh9qk4aTKn6 + jFQ3M+qHU7NntkEgEm1d/B4557YqbUp9WawnWa1REKnJD5IH0oAnt9HV4I2+ + 2XIyoOBJwOO3FUtP0tZZrxftM6eXKVysmCeOp45NXre41kQRhLNCoUYPmdRi + qOnz6os14YrZHJlJYF8YOOnvQAXemCPUbGH7TO3mmT5i+WXC5+U9s96n1DSV + isZ5ftdw+1GOGkyDgdxioLufVDqNi0lsiyKZNih8hvl5ye2Ksahcau1jOsto + iIUbcRJnAx6UAPtNIWS1hf7XcruRTgSYAyO3FVLHTBLdXqfaZ18uQDKvgtx1 + PHJq5aXGsC1hEdojKEXB8zGRjiqdjPqi3V6YrZGYyDeC+Npx0HrQAXuliO9s + o/tM7eYzDLSZK4HY44q1e6QsdnPJ9ruG2xscNJkHA6EY6VVvZ9UN7ZGS2RXV + m2APnccc5ParV7caw1nOJbRFQxtuIkzgY5NACWOkLJZW8n2u4XfGhwsmAMgc + AY6VWs9LEl7ex/aZ18tkGVkwWyv8RxzVqxuNYWytxFaIyCNNpMmMjAwcVVs5 + 9UF7emO2RnZk3gvjadvGD3oAL/TBFc2afaZ28yQjLSZI46jjg1cutIWO1mf7 + XcttRjgyZBwO/FU7+fVGubMy2yKwkOwB87jjofSrl1cawbWYSWiKpRsnzM4G + OaAItP0lZbGCX7XcJuRThZMAcdhioLTTBJqN9D9pnXyvL+YPhmyufmOOcdqn + 0+41dbGBYbRHQIuCZMEjHpUFpPqg1G+aO2RpG8veu/AXC8YPfNABqGlrFLZr + 9pnfzJguWkyRweRxwavT6OqwSN9suThScGTjp9Ko6hPqjS2ZmtkQiYFcPnLY + 6e1Xp7jWTBIGs0C7Tk+Z2xQBW03SlmsIJftVwm5QcLJhR9BiorfTA+p3cH2m + ceWIzuD4Y5Hc98dqm0yfVlsIFhtUdAowS+CR9Kht59UGp3bJbIZCse5d/A44 + 575oANS0wQm0/wBJnfzJ0X5nzjOeR6H3rQl0ZVjc/bLk4B6yf/WrP1OfVGNp + 51siYnQrh85bnA9q0JbnWvLfdZoBg5/eUAUtK0oT6fDKbq4TcPupJhRz2GKZ + DpYbVbiD7TONiIdwk+Y59Tin6VPqq6fCsFqjxgcMXwTz6UyGfVBqtwy2yGUo + m5d/AHbmgA1PSxAtuftM7750X5pM4z3HHX0NaTaKuD/plz/39/8ArVm6pPqj + Lb+fbImJ0K4fOW7CtJrnWsHNmn/fygDO0jS1uNOhm+1Tx7gflSTCjk9Bikj0 + wHV5bf7TONsStu3/ADHJ6E46UukT6qmnQrb2qSRgHDF8E8ntSRz6p/a8ri2Q + ymJQV38AZ65oANV0wQQxMLmd90qLh3yBk9R71p/2Kv8Az+XX/f3/AOtWZqs+ + qNDEJ7ZEAlQgh85OeBWp9p1v/nzT/v5QBl6Ppa3Gnxy/aZ48lvlSTCjDEcDF + C6WDrDW/2mfiENu8z5vvYxnHSjR59UTT41t7ZJI8thi+D9454+tCz6p/bDOL + ZPN8kDbv427uufrQAatpYgtQ4uZ3+dBh5Mjk/TrWn/Yq/wDP5df9/f8A61Zm + rT6o9qBPbIi705D55zwK1PtOt/8APmn/AH8oAy9I0wXFmJDczx/M4wj4HB9M + Uf2YP7Z+z/aZ/wDj33bt/wA/3sYzjp7UaRPqiWYFvbJIm5uS+Oc88Uefqn9s + h/syed5GNu/jbu65+vagA1fTBb2LSi5nkwyjDvkckdsVp/2Kv/P5df8Af3/6 + 1ZmsT6o9iy3Fskabl5D55yMcVqfadb/580/7+UAZek6WJ7Z3NzOmJHGEkwOD + 16dasQWYtddjUTSS/uWOZG3HrjH0qvpM+qLbOILZHXzHyS+Oc8irEEl5JrsZ + uoVibyW4DbuM9fzoA6WiiigAooooAKKKKACiiigD/9b905tU09tXt5xOpjSN + wTzgE9Kdq+q6fcabPDDOrOwGAM88irU8UX9t2y7FwYn4wKfrkUS6VcFUUEAc + gD1FAD49a0sRqDcLkAetZul6pp8H2zzZ1XzLiR1znlTjBroYoIfLT92vQdhW + To8UTfbtyA4upQOB04oAqXGqae+q2k6zqY41kDHnjI4qXVdW06fT54op1Z2X + AAzzU11FENZslCDBSTjA9Km1iGJdMuSqKCF7AUAJBrOlrDGrXCghQD19Kz9N + 1TT4ZLwyzqoknZl9wQOa3reCH7PH+7X7q9h6Vm6TFEZb7KKcXDAcD0FAFO61 + TT31OxmSdSkXm7jzxuUAVPqWr6bNYXEUU6s7IQBzyalvIohq+nKEXBE2Rgc/ + KKsatDENNuSEUEIewoAgtdZ0xLaFHuFDKigjnqBVLT9U0+K4vXknVRJLuU88 + jFbdnDCbSAmNfuL2HpWfpcURutQBQHE3HA9KAKl5qmnyahYypOpSIybjzxlc + CrN/q+my2NxFHcKzPGwA55JFPv4ohqenAIoBaTPA5+WrepQwjTrohFBET9h6 + UAU7LWNMjs4I3uFDLGoI54IAqpY6pp8V5fSSTqqyOpU88gCtmwhhNjbExqSY + 07D0FUtOiiN9qAKKQJFxwP7tAFO/1TT5byxkjnVljdix54GKt3usaZJZzxpc + KWaNgBzySKNRiiF9p4CAAyNngelXr+GEWNyRGoIjfsPQ0AZ+n6vpsVjbxSXC + qyRqCOeCBVay1TT49Qv5XnUJKY9p55wuDWtpkMJ062JRSTGnYelVLCKI6nqI + KAgNHgYHHy0AVNQ1TT5biyaOdWEcu5uvAxV651nTHtpUW4UlkYAc9SKbqcUQ + ubABFGZueB6VoXcMItJiI1+43YelAGVpur6bDYW8Us6q6oAQc8GoLXVNPTVL + 6Z51CSiLaeedq4NamkwxHTbYlFJKDsKrWcUR1jUVKDAEOBgf3aAKmp6pp80l + mYp1YRzqzYzwBnmtCfWdLaGRVuFJKkDr6VFq0USyWGEAzcIDwPetO4hhEEhE + a/dPYelAGLpWradBp0EUs6q6rgg54qO31TT01W7nadRG6xhTzyQOa0dGhibS + 7csikle4HrUVtFEdZvVKLgJHgYHpQBT1TVNPn+yeVOreXcRu2M8KM5NaT61p + ZRgLleQfWodYiiX7FhFGbqIHgdOa1ZIIfLb92vQ9hQBgaRqun2+mwQzTqrqD + kHPHJpsOqaeur3E5nURvGgB55I61f0OKJtKtyyKSQeSB6mmQRRf23crsXAiT + jAoAp6tqmnzxwCGdWKzIxxngDqa1Drelf8/K/rVbWoolittqAZuIxwB61smC + HH+rX8hQBzei6pp9tpkMM86o67sg57sTQmqaeNZkuDOvlmFVDds56Vc0CKJt + It2ZASd3JA/vGiOKL+3ZV2LjyFOMD+9QBT1fVNPnt40hnViJUJAz0B5rV/tv + Sv8An5X9ara3FEtrGVRR++j6AetbHkQ/881/IUAc3ouqafb6ekU06o4Zjg57 + saBqmn/20bjz18v7OF3c43bs4q3oMUTaahZATufqB/eNKIov7fZdi4+zA4wM + Z30AU9Z1TT7iy8uGdXbehwM9Aea1f7b0r/n5X9aq67FEthlUAO9OgH96tnyI + f+ea/kKAOb0fVNPt7QxzTqrb3ODnoTxQdU0/+2luPPXyxAV3dt27OKuaHFE1 + iSyKT5j9QP71DRRf2+q7Fx9mJxgf36AKes6pp9xp8kUM6u5K4A9mBrV/tvSv + +flf1qtr0US6XKVRQcp0A/vCtjyIf+ea/kKAOb0jVNPgt5FmnVSZXYZz0J4o + k1TTzrEVwJ18tYmUtzjJPSrmiRRNbSlkU/vpOoHrSSxRf27CuwY8luMD1oAq + a1qun3GmTQwzq7ttwBnswNag1vSsD/SV/Wq+vxRLpNwyoARt5AH94VriCHA/ + dr+QoA5zSdU0+CO4Es6qXnkYZzyD0NE2qae2rW86zqY0jcE84BPSreixRNHd + bkBxcSDkD2pZ4ov7btV2LgxvxgUAVtX1XTp9NnhhnVnYDAGeeRV+PWtLEag3 + C5AHrTNbiiXSrgqighRyAPUVpRQQ+Wn7teg7CgDntL1TT4DeebOq+ZcO65zy + pxg15Z8Tb63vNSs/s0gkVITnHYlj/hXr2jxRMb7cgOLmQDgdOK8i+KaImt2o + RQo+zjoMfxtQOJY8Cz20OgaqkjhZZmUKO52j/wCvXrMGs6WsEatcKCFAPX0r + zLwIiHwpqjFQSJTg45+6teuW0MJt4iY1+6vYelAMwdN1TT4ZbwyTqokmZl68 + ggc0XeqafJqdhMk6lIvN3HnjcoAq5pUURmv8opxOwHA9BRexRDV9OARQD52R + gc/KKBEWpavps1hcRRzqzshAHPJqa11nTEtoUe4UMqKCOeoFT6rDCNNuSEUE + Rt2HpU9nDCbSAmNfuL2HpQBiafqmnxXN68k6qJJMqeeRii91TT5NQsZUnUpE + zljzxleKt6ZFEbvUAUBxLxx7UX8UQ1LTgEABaTPA5+WgBt/q+my2NxFHcKzP + GwA55JFOstY0yOyt43uFDLGgI54IAq5qUMI066IRQRE/Yehp2nwwmwtiY1JM + Sdh/dFAGNY6pp8d7fSPOoWR1KnnkAUX+qafLd2Ukc6lY3JY88DFXNPiiN/qA + KKQHTHA/u0ajFEL3TwEUAyNngf3aAC81jTJLOeNLhSzRsAOeSRUen6vpsVjb + xSXCqyRqCOeCBWlfQwixuCI1BEb9h6Go9MhhOnWxKKSY17D0oAybPVNPj1G/ + medQkpj2n1wuDRqOqafLPZNHOrCOXc3XgY61bsYojqmogoCAYsDA4+WjVIoh + c2ACAZmGeB6UAPudZ0x7eVFuFJZGAHPUiq+matp0On28Us6q6oAQc8Gta7hh + FrMRGv3G7D0qtpMMR022JRSSg7CgDMtdU09NUvpmnUJIItp55wvNGp6pp8z2 + ZinVhHOrNjPAGeauWcUR1fUFKLgCLAwOPlNGrRRCSxwijNwgPA9DQBJNrWlt + C6rcKSVIHX0qnpOradBp0EMs6q6rgg545rbngh8iT92v3T2HpVHRYom0u3LI + pJXuB60AZ1vqmnpq11O06iN0QKfUjrRqmqafOLTyp1bZcRu2M8KM5NW7aKI6 + 1eKUGAkfGB6UusRRKLPaijNzEOg6c0ATvrWlFGAuV5B9aztH1XT7fTYIZp1R + 1ByDnjk10DwQ7G/dr0PYVl6HFE2lW5ZFJIPJA9TQBRi1TT11eeczqI2jUA84 + JBo1bVNPnigWGdWKzIxxngA8mrkMUX9t3K7FwIk4wPWk1qKJYbfagH7+PoB6 + 0AWv7b0r/n5X9aytE1TT7bTIYZ51R13ZBz3Ymuk8iH/nmv5Csbw/FE2kQMyA + k7uSB/eNAFRNU08azJcGdfLMIUNzjO7pRq+qafPbIkM6swkQ4GegPNW44ov7 + elXYMeQvGB/epdbiiW0jKoo/ex9APWgCz/belf8APyv61laNqmn29gkU06o4 + Zzg+7E10nkQ/881/IVj6DFE2moWRSdz9QP7xoApjVNP/ALaNz56+X9n2bucb + t+cflXzXfsGv7llOQZHI/wC+jX1AIov7fK7Fx9mzjAxnfXzBqIxqFyB/z1f/ + ANCNBUT6b03WdLTT7VWuFBESA9f7oqvo+qafb2hjmnVG8xzg56E8VraZDCdN + tCY1/wBVH2H90VU0KKJrJiyAnzH6getBJUbVNPOtLceevliAru5xndnFGtap + p9xp0kUE6u5K4Az2YGrbRRf2+i7Bj7OTjAx96jX4ol0uUqgBynIA/vCgC1/b + elf8/K/rWVpOqafBBKs06qWldhnPQng10nkQ/wDPNfyFY+iRRNbzFkU/vpOo + HrQBTk1TTzrEVwJ18tYmUtzjJPSl1nVdPuNMmhhnV3bbgDPOGBq3LFF/bkK7 + Fx5LcYHrS69FEuk3DKiggLyAP7woAmXW9KCgfaV/WszStU0+BLkSzqu+eRhn + PIOMGujWCHaP3a9PQVj6NFE0d1uQHFxIOg9qAKk2qae2r206zqY0jcE+hPSn + 6tqunT6dPDDOrOw4AzzzVi4iiGt2qhBgxvxgVLrcUS6VcFUUEKOgHqKAFj1r + SxGgNwuQB61naXqmnwm882dV8y4d1znlTjBroIoIfKT92v3R2HpWXpEUTG+3 + IpxcyAcDpxQBTudU099Vs51nUpGsgY+mRxUuqatp02nzxRTqzspAAzzU91FE + NYsVCLgrLkYHoKm1iGJdMuSqKCEPYUAMt9Z0tII1a4UEKAevpVDTdU0+GW8a + SdVEkxZevIx1rdtoYTbRExr9xew9KzdKiiaa/wAoDidgOB6CgCpd6pp8mp2E + yTqUi83ceeNy4FWNR1fTZrC4ijnVmdGAHPJIqS9iiGraaoRcHzsjA5+WrOqw + wjTbkhFBEbdh6UAV7TWdMS1hR7hQyooI56gVS0/VNPiub15J1VZJMqeeRitu + yhhNnATGv+rXsPSqGmRRG71AFFOJRjgelAH8zP7dvwX+KH7LX7VM37Vfwoie + bQNT1Zdet7+KNpYrHUpn33Nvdjsk0pcjOFdJNgO4Gvf7/wD4LdC58AS2sHwv + 2eL5bcxb21DOmrMVx5u0RiYpu58rcDjjzP4q/d3XdM03UZrTTtQtIrq0uvNj + mhljV45EZMFXVgQwI6gjFeJ337JP7LcMlzrcXwk8KpeqryBxo1mMOASGC+Xt + DZ5zjOaAPwh/4J2/Af4k/Hv9paL9q/4rxyQ6Bpd/PrJvbiMxDU9Uct5KWw4z + HDId7MoKLsEY5Py+4f8ABa+eGfR/hk8LBla+1Ygj08q1FfvTothYWej2NpaW + 0cEEMESRxoiqiKqgBVUDAAHAArgPE3wq+F/xNu5YPiR4P0bxXFp0m62TVtPt + 75YDIoDmMXCOELbRu24zgZ6UAeR/so6jZf8ADL/wSHmjMHhbRt/+z/oMQ5rk + /wBvr4UXf7Qf7L/irwH4QlSfxBB5GpafDnHnz2UgkMIJ43SR70TJA3lckDNf + WUeh6L4ft9E0LQdPt9N02wC29va20SQwQwxJtSOONAFRFUAKoAAAwBXK/Gv4 + meEfgp8LPEnxQ8ZLINJ0G1aWUW0JlmdmIjjRFUdXdlUEkKucsyqCQAfzH/sp + f8FD/il+xh4X1n4O634MTXrGC8mnitL6WTT7vT7pwFmRsxuShZQxjZVIbd8w + 3ceC6p8SfiF8Xv2w/DXxZ+KNi+m6x4o8Q6LfCFoXgjS08+GO2EKuNxiWJFVH + 53AbiSSTX7U/D7/grB+yF4q0G31/4p+GLnw94p05WRYWsE1RiFPym3ukRT8w + 5IdY8HIyRhj+efgHUvEP/BQH/go5pfxH8PaJJZeHbHVNP1O4jl5Fpo+jGLaJ + 2XKiS4MYXaCR5kmAdoLUAfWf/Ba/wZ4g1/Svhv8AEjRlkvtC0Q6hY3xjBZLS + W7MDwuwHQS+WyljwCqgnLAHQ+Hn/AAWI+CHgr4I6H4RPw+1mHxHoekwWCWVo + LSPS2kt4RENtwZfNjjYrn/j3YrnGG6n9ufEel6ZqcVvpupWkN3Z3bmKaGWNZ + I5Y3UhkdGBDKRwQRg15FH+yp+zLpWpHxLpnwp8L2mpwZkjni0e0Ro5F5DoBH + hWB5DAA55zQB/OR/wTc8UX3iT/goRp/jDxEotb7WH8QXt0mCoSe5t7iR1weR + hmIwefWvr3/gtncQ3Om/DGWBw6Nd6pgj2itga/aDwn8FPg1oetp8QdF8B6Bp + /im5Ms0urW+l2sWoSS3OfOdrlIxKWl3NvJbLZOc5qx4r+FXwv+JmpyW/xI8H + 6N4ri0/a1smrafb3ywNIoDmMTo4QttG7bjOBnpQB5H+yrqFkf2V/gpGJRuh8 + NaEXH90LZR5r8OLO5gP/AAWNmuQ48o+Krghu3Nk9f0m/2Hovh/TtF0PQdPt9 + N02weC3trW2iSGCGCJdqRxxoAqIqgBVAAAGAK5iT4I/BdPFcnxFTwD4fXxXv + a4/tcaVaDUfOKlTJ9q8vzd5HG7dnHGaAPzU/4K7XlrJ+x5pVqkgMqeJdPJXu + P3F1UX7D3xXtvgl/wTXg+KM1p/aL+G9P1y8jtd2zz5ItRuyiFudoLEbjgkDJ + AJ4r9QdX+H/gL4i+FbXQviD4b0zxPpqus4tdUs4b2ASpuCyeXOjruAYgNjIB + PrVDSvhl8NtP0e++G9h4T0m28JPAYm0eKwt004xzMzyobVUEO12Ysw24Ykk5 + JoA/j38H/HPw54p/aR/4X1+09Y3njaKa8OpXVjbeWFuZ0K+RAyysFW2jAAEY + yNqrHjaTX7leDf8Agsp8IPGPizQ/B1v4B1y0fW722sElaW1KRG5lWIMQHyQu + 7JA7V99av+yn+y7Gtp5fwe8GpuuI1OPD+nDIOcg/uOlb1p+y7+zNpd1Dqemf + CPwhaXlo6zQzQ6Bp8csUsZ3I6OsAKspAIIOQeRQB+Bf/AAVk8KeIvDX7QPgb + 4v3en/2v4an0u0tlEy7rb7TYXU0stnJgHasiSKwB+8GfGdpx9K+MP+Cynwuv + vBOoW3w78Ca4PF+pWH2O1troWyWNvcSKUVhLDK8sioSCqiFC+MfJnI/aNvDH + hrxb4T/sLxVpNprOm3akTWt7BHcQSgNkB45FZWAIB5FeWeEv2av2efBXjeTx + F4R+GnhzR9TgRXiubXS7WKWFjwTEyxgxkj+5igD8DP8AgjVIkXx18Zs5wBoC + n8Be25NfRX/BbDwZrGu6P8NviTosTXmkaI2o2F/JGpIt3uzA9uz4HCuY3Xce + AwUdWFfsVovwV+Dfw1uRqvw58B6B4Vvbpo4Jp9K0u1sZZIiwby3eCNGZdwB2 + k4yAe1erX+kaVqtlPpuqWUF5aXKGOWGaNZI5EYYKujAhgR1BGKAPy9/4J3ft + 1eE/jt4e0r4KzaFd6P4h8G+HoXu7p2jeyuFtWhti0RBEis5cNtZMKMjce/5t + /B26t0/4LJX92zgQ/wDCWeJju7YNne4r+hT4Y/Bv4Q+AVbXvAvgbQvDmp3sb + wz3Wm6Za2c8sfmbtjyQxqzLuUHBJGQD2qPT/AILfBzTvibN4/wBP8CaDa+KG + WS4OqxaXapfmefckshuVjEu+RWYO27LAkEkE0AfC/wDwVW+C+ufHT9nyy1D4 + fQtq2ueC9RGo/YoFLzXFpJE8U6xIBlnXKOFHJVWABbAr4D/ZV/4Kyaf8C/gh + p3wk+I/gu91zUPCkLWum3NnPHEs0CsTFDcrKMxmLOzegfKgZTIJP9FmuRRLa + IVQD97H0HvXlXij9mL9nLxtrcniTxd8MfDer6rMxeW6udKtZJpWPUyuY8yH/ + AHs0Afz5fsMeFfiH+1R+2/J+1D4rsTYaBpGoz6veXO1vswuBGY7Sygdh87x5 + jJ7iNCWILLn6H/4Ld3Vvd6X8KJLZxIom1UEj1229fuP4H8O+H/Dnhq10Xw9p + lrpenWhdIba1hSCGJdxOEjQBVHsBXN+NvhX8MPiXrVra/Efwfo/iuGwt2e3T + VtPt75YWkcB2jE6OELAAEjGcDPSgDyL9lvUbJ/2R/hDbLKDKvhXQsr3G20iz + X4eaddW//D5J7vePJ/4Syc7u2PsbV/STPoei+HvDdromgafb6bp2npBb21tb + RJDDBDFhUjjjQBURVACqoAAGAMVzi/BH4Lp4x/4WIngHw+vivzTP/a40q0Go + ecRtMn2ryvN3leN27OOKAOn0fVNPt7RkmnVGMjnBz0J4obVNPOtJcCdfLEBX + dzjO7OKuaHFE1kxZFJ8x+oHrSPFF/byLsGPs5OMDH3qAOP8AibpXhz4hfD7x + D4E1SUS2PiGxn0+4VfvGG6QxSY99rGv5bvAfi/48f8EuP2htSGq6Kuq6Vfq9 + nMkm+Kx1rT0kDJPazgNskXgqcMYyxR05Ir+sHX4ol0qYqig5TkAf3hVHxb4C + 8DePtJbQfHPh7TvEWmudxtdRtIruEsBgHy5VZc89cZoA/nW+P3/BXbXPiT8M + NW+Gnwm8Gy+G7vxNHLa3moXVyLmaOC5UpLFbRxooDuCVErHIBO1A2GX6m/4J + O/sweJ/gppet/GD4n2j6NrHiy3S1sbGdSlxb2MbeYzzIeUad9pCMAyqgJ+9g + fpR8O/2av2evBOoN4g8JfDXw7pOqW9w5iu7fS7ZJ4iDkeXIE3Jj/AGSK9qli + i/tyBdi4MLcYHrQB+G3/AAWr+G9lrHhnwD8atHxJPpVxNol8yj5jDcqbi2J9 + FR45Rn1kFM/4IvfDmK20z4gfH7xLIXvtYnTRbOaYlpGSPFzeOWOSwkkaEZz9 + 6Nupr9rPiN4L8HeNvCN54f8AGehWGv6XKY3e01C1iurdmRwykxyqykqeQSOD + 0rU8JeCPBfgTQ4fDfgjQNP8AD2kwFnjs9OtYrS2RpDucrFCqoCzEkkDk8mgD + +S//AIKUfDSf4VftW+L7jSd1vo/jxV1qIRkqkgupN1wjY4b/AEqJpNp6ZQ4z + g1/QN+wR8N7H4NfsyfDnQLnbDqF/YPq+oEjDC51M/aArj+9HGyRH/cr6T134 + O/CP4mSm7+JHgfQ/Fc9hNNHbyatptrfPCjkFljM8blQSASBgGu/ktraHV7KC + GJEiWJwFVQFAAwAAOOKAP5of2yLiG5/4Ku+H5oGDode8HYI9hZ1/RT8UdY0w + /CnxdGLhd39i34xz1+zPVPxf8FPg1resv8Qda8B6Bf8Aim3aGaPVrjS7WXUE + ktyvkuty8ZlDR7V2ENlcDGMCvUZdO0+/097K+tYri3uIjHLFIiukiOuGVlII + IIOCDwRQB/Ox/wAER7y1s/H3xRa5kEYbTNOAz3/fS1e/4KxfB/xr4W+NXhz9 + rL4awy3FnDDZfbbq3jMh0/UdMkzbTzDBAjdPLVWI2hkIYjcoP7mfDT4QfCX4 + cXOr3Xw98E6H4Xmu5jFM+l6bbWTSxpyqOYI0LKpJIB4GeK7vU7Gyu9QtbK6t + 45re4jnSSN0DI6MuCrKRggg4INAH4n2P/BbD4dXfw+K+Ivh7qq+Lzb7WgtZo + Dpsk4HJE7uJo0Y848lyucZbGT9a/8E//ANsrx9+1F4S17UfiT4QGgDSbnbaa + paK6addxuTiBBK7OZoAAHZSykEE7G4b6J179k39l+eS516X4TeFWvtu7zP7G + s+WHO4r5e0t7kZr37R9J0rS9KtNO0yzhtLS3iRIoYY1jjRQOFVVAAA9AKAP5 + cP20k8d/sqf8FAJPj9oVn51nf6nDr+lyyBhb3YKKl3bOy9Du8xHAO4I6tj5h + XoP7X/8AwVHsf2jvg5cfCj4deDL7QrjWkH9qXF1Mk3l20TCaSOARDLBvLG+R + 9oCbht53L/RBrPgTwR8QNO1Lw9478P6f4i0t7gsbXUbWK7g3AcHy5VZcjPBx + kVwelfs5fs/+EJ00rwx8NvDmm2mrQ3Ntexw6Vaqt1byp88U/7v8AeRsOCj5X + HGKAPyn/AOCLl3bw/CL4pQSyBZJdVtdoPf8A0Zq/b201jTI7WFHuFDKigjnq + BXJeHvhh8NPhpoepWPw48JaR4UtrvMs0Wk2FvYpLIq4DusCIGYDgE84ru7KG + E2cBMakmNew9KAPxN/4LOXME/wAD/CflOG3+KVYY7j7DcDNfVn/BN2+tI/2L + /hGHlAMEeql/9nOpXWM19jeIvht8OviTHc6R8RfC2leKrC1uhPDb6rYwX0Mc + oQrvRJ0dVbaxG4DOCR3NamleEvCngu10Xwx4O0Wy0HRrNphBZWFtHa20QfLs + EhiVUXLsWOAMkk9SaAPxI/4K6fsradrtkn7Ufw7hV7+yWO28SwRL80sC4SC+ + wBy0XEUp5+TY3ARjXD/8EQ721s/FfxZNzIIw1lpGM98SXNf0GeIdJ0rVdA1P + S9UsobyzvLaaGeCaNZIpYpEKujowKsrAkEEYI4NcX8OfhB8JfhvbNdfDvwTo + nhabUYYRcvpWm21i04QZUSmCNC+0sSN2cZOOtAH4N/8ABVj4PeO/C3xu0X9r + H4dW8s9jAtl9ruoI/MNhqGmuGt55Rg4jdQiqxG0MmGI3KD67Yf8ABa74e3Hh + CyvPEHw81UeLrWPMlvazQf2dLOFxlZ3fzo0Y848lyoOMtjJ/bS3sbK9udWs7 + y3jnt5dsbxyIGRkZMMpUjBBHBB614RrP7J/7MM/iCy1ib4TeFmu5Zcux0azw + xAzll8vaTnuRmgD53/YO/bL+IP7VXgvxPqXxH8HjQDps7rZ6naK6adeRylsW + 6CV2czQDAdlLKQQTsbhvy5/4K5+GPE3hn4/+BfjDY25m0ifR7K2iuCpaJNQ0 + 64mlaFyOASjowBOWG7H3TX9J66TpWk6MdO0qyhs7S2hKRQwxrHHGirwqKoAU + DsAKzbvwv4a8WeGU0PxTpNprOnXUSCW2vYI7iCTHI3xyKytz6igD4+/Y2/bX + 8F/ta2ninWNI0O78NXOhGwW6hu3jlRpLlJeIZIzllXyjksiHkcda/I//AILJ + fD1fDfxv8IfGvw1I0I8T2H2aeaElXS/0phtk3jBVmhkiC9/3ZI6V/QR8Pfhb + 8MvhvqGuW3w78IaP4WhvWt2nTSrC3sVmZEbaXECIGK7jjOcZPqan+I/w2+HX + xFg0rS/iD4W0rxPZ290JI4NUsYL2JJCpXcqTo6hsEjIGccUAfmn/AMEjPhhp + 3w//AGY9Q8d6qFj1X4iXstwNwwxsLLdbW6MPeTznHqrivwQ/aZ+Euq/CP9oX + xj8HdIjlNmdWSTT7ZCdssF0PMsgF6M6Rz+WD2JYDGSK/tJ0/w74f8NeH4dB8 + OaZa6VpmnweTbWtpCkEEESLhUjjjAVFA6BQAK4Kb4MfB7xXqmm+OPFHgXQdY + 8R2awtBqd5plrcXsRgbfEUuJI2kUxtymGG08jBoA4b4Q/C7wz8OvgnpfwTkm + QWNjoNvpM8idJZGtyl1IOOskjO546mv5vPgh8UfiH/wTQ/aO1/QfiF4dl1TS + rrFtdxRkw/bLaGUtb31nI42uMbsA8EMyMVcfL/V3aRRHWL9SgwFiwMD0rifi + d8MPhv8AEqy03S/iF4W0vxLaR3K7ItRs4bpULDkoJVbaTgZIwaAP5o/2zf2y + vE37f/iPwh8J/hD4NvrbTLG6ea2tHKz317eyr5YkdYspEkSFv4iAGZmYDgfu + XYeCLX4N/sD6l8Kry7jmvvD/AIF1O1uGTO1rk2MzTFePumRm255xjNfSHgf4 + I/Bz4VR3Mnw18EaL4YluIyksmnWEFtLIvXDyRoGYZA4JNdha6TpWs+Gzper2 + cN9ZXsDw3EE8ayxTRSAq6SIwKsrKSGUggg4NAH4F/wDBD+8trPVfjC1zIIw0 + GhAZ7/Ne1++Gq6pp862winVtk8bHHZRnJrjvAHwm+Ffw01nVk+HPg3RfCq38 + cH2gaTp1tYiby92zzPIjTft3NtznGTjqa7zWYolS02oBm5jHQe9AH8xH7c2i + eH/HH/BUGw8Ma6n2vRdc1XwnY3aBmTzLe4jtIpV3LhhlGIyCCO1fav8AwU7/ + AGSvD/i74KaP8XPhpp0Nnrnw3sxaXVlaxhBLoUZJAVVGP9DyXUDAERk67VFf + rfrHwS+DGveK4/H+ueAdA1HxPA8M0eq3OlWk1+kttjyXW5eMyho9q7CGyuBj + GBXX6VZWd7oSW15bxzwzo6SJIoZXViQVYEEEEcEGgD8kv+CU/wC13F8UvAsn + wb+IGoA+KvBVnHHZSytl73SkYJGc93tsrE3qnlnk7jX6zatqmnzwwrDOrFZk + Y4z0B5Nea+D/AICfAvwL40bX/BHw58N+HtTt4NsV1p2kWdpOgkBVwskMSsAy + nBweRwa9W1qKJYICqKP38fQD1oAs/wBt6V/z8r+tZWi6pp9vpsUM86o67sg5 + 7sTXSeRD/wA81/IVj6BFE2lQlkUnL8kD+8aAKa6pp41l7gzr5ZgC7u2d2cUa + vqmnz2qpDOrsJEOBnoDzVxIov7ekXYuPs4OMD+9RrkUS2aFUUfvY+gHrQBZ/ + tvSv+flf1r5o8SADWJ2Xo2D+lfU3kQ/881/IVwNr4N0LWoRfX8TNKxZSQ5UY + UnHAoGmY/gLULaCztjcSBFjhkTJ9TKWx+tdlrOqafcWLRQzq7FkOBnswJqLS + 9G0/SNVWwso8QrblgGO7kyc8mtHXYol05iqKDuToB/eFAmWf7b0r/n5X9ayt + I1TT4LVkmnVGMjnBz0J4rpPIh/55r+QrH0OKJrNyyKT5snUD1oApvqmnnWUu + BOvliEqW7Z3ZxRrWqafcabLDBOru23AGezA1beKL+3o12DH2cnGBj71Lr8US + 6VMVRQcpyAP7woAs/wBt6V/z8r+tZWk6pp8EMyzTqpaZ2GfQng10nkQ/881/ + IVjaJFE0E+5Af38nUD1oAqS6pp7avBcCdfLWJgTzgEmnaxqun3Gmzwwzq7sB + gDPPIq1NFF/bluuxcGF+MD1p2uxRLpNwVRQQByAP7woAlXW9KCgG5Xp71maV + qmnwLdCWdV33EjDOeVOMGuiSCHYv7teg7CsnRoomW83IpxcyDoOnFAFOfVNP + bVrWdZ1MaI4J54J6VJq2radPp08MM6s7LgAZ55qxcRRDWrRQi4McnGBUmtRR + LpdwVRQQvYD1FACw61paxIpuFBCgd/Ss7TNU0+FrwyzqvmTuy+6nGDW/BBD5 + Mf7tfujsPSsvSIome+3IDi5cDge1AFS51TT31SynWdSkYk3H0yOKm1PVtOm0 + +eKKdWdkIAGeTUt3FENYsFCDBWXIwPSrGrwxDTLkhFBCHsKAI7fWdMS3iRrh + QVVQevUCqGnapp8M160k6qJJiy9eRjrW7awwm2hJjX7i9h6VnaXFEZ78FFOJ + zjgegoAp3mqafJqVhMk6lIjJuPPGVwKsajq+mzWFxFHcKzOjADnkkU++iiGq + 6aAgAJlyMDn5atapDCNOuSEUERt2HpQBWs9Y0yO0gje4UMqKCOeCBVOw1TT4 + rq9eSdVWSQFTzyMVtWMMJsrcmNSTGnYegqhpsURvNQBQHEoxx7UAVL7VNPkv + rGRJ1KxsxY88ArVu+1jTZbK4jjuFLPG4A55JBxS6hFENQ04BFALvngf3auah + DCLC5IRQRE/Yf3TQBRsdY02Kxt45LhVZI0BHPBAGaq2WqafHfX0rzqFlZCp5 + 5wuDWxp0MJ0+1JjUkxJ2H90VT0+KI6jqIKKQGTHA/u0AU9Q1TT5bqyeOdWWO + Qlj6DFXbvWNMktZkS4UsyMAOepFN1OKIXengIBmU549q0L2GEWc5EagiNuw9 + KAMzTtX02Gwt4pJ1VkRQRzwQKr2mqafHqV/M86hJfK2nnnauDWrpUMJ022JR + STGvYelVbGKI6tqSlAQPJwMDj5aAKmpapp80tm0c6sI5gzdeBjrV+41nS3gk + VbhSSpA6+lM1WKITWGEUZnUHgehrRuYYRbSkRr9xuw9KAMjS9W06HT4IpZ1V + 1UAg54NQ22qaemq3k7TqI5FjCnnnA5rS0iGJtMtiyKSUHYVBaRRHWb5SgwFi + wMD0oAqapqmnzGz8qdW8u4RmxnhRnJrRl1rS2idRcKSQfWodXiiVrHagGbmM + HgdOa1ZoIfJf92v3T2HpQBhaTqunQadBDNOquo5BzxzTIdU09dWuZ2nURuiA + HnkjrWhokUTaVblkUkr1IHqajt4ov7au12LgRx8YFAFPVdU0+dbYRTq2yeNj + jso6mtNtb0oqR9pX9ag1mKJUtNqKM3MY6D3rXaCHaf3a9PQUAc7o2q6fb6bB + DNOqOoOQc8cmkj1TTxrE1wZ18tolUNzjIPSrugxRNpNuWRSSG5IH9402KKL+ + 3Z12DHkrxgetAFTV9U0+eCJYZ1YrKjHGegPJrV/tvSv+flf1qrrcUS28O1AP + 30fQD1rZ8iH/AJ5r+QoA5vRdU0+306KGadUcFsg57sTQuqaeNae489fLMAXd + zjO7OKuaDFE2lxFkUnL8kD+8aFii/t512Lj7ODjA/vUAU9Y1TT7i0VIZ1dhI + hwM9Aea1f7b0r/n5X9ara5FEtkpVFB8xOgHrWx5EP/PNfyFAHN6Nqmn29kI5 + p1Rt7nB9CaP7U0/+2xc+evlfZ9m7nG7fnH5Vb0KKJtPBZATvfqB/eNBii/4S + ALsGPs2cYGM76AKms6pp9xYNFDOruWU4HswrV/tvSv8An5X9aq69FEumsVQA + 7k6Af3hWz5EP/PNfyFAHN6RqmnwWzpNOqsZHODnoTxU0V5a3euxvbyBx5DDI + 9d2am0SKJrSQsin97J1A9aUoia/EEUL/AKO3QY/ioA3KKKKACiiigAooooAK + KKKAP//X/c+XTXXVYIftc5LRudxb5hjsD6U7VtMeDTppTeTyBQPlZsqeR1GK + bLc6mdVgdrMCURuAnmDkdzntTtWutUfTpknshFGQMt5gbHI7AUAXo9IkKKft + 1yMgfx//AFqz9M015vteLuePZcSL8rY3YxyeOp71oR3msBFA08EYH/LZf8Kz + 9MudTT7X5NkJN1xIW/eAbWOMr05x60AFxprrqlrD9rnJdXO4t8wwOxx3qTU9 + MeGwnlN5PIFXO1nyD9eKjuLnUzqlq7WYWRVfanmA7gRzzjjFSandaq9hOs1i + I0K8t5oOB9MUAW4dJkaGNvt1wMqDgPx0+lUNO015ZLsC7nTZMy/K2N2Mcnjr + V+G71gQxhdPBAUYPmrzx9Koadc6mkl2YbISFpmLDzANrcce/1oALrTXTUrKH + 7XOxk835i3zLhexxxnvU2o6W8VjPIb2d9qE7WfIP14qG6udTbUrJ3sgsi+bs + XzAd2V557YqbUbrVXsZ1msRGhQ5bzVOB64xQBNbaS720T/brhdyKcB+BkduK + p2GmvLcXii7nTy5MZVsFuOp461ctrvVxbRBLAMoRcHzVGRjr0qnYXOppcXhi + sw7NJlh5gG046dOaAC80147+yiN3O3mF/mLZK4Xt9as32lPHZXEhvbh9sbHa + z5BwOh4qteXOptf2TSWQR1L7F8wHdleeccYqzfXerNZXCy2IRDGwLeapwMcn + GKAFs9KeS0gcXtwu5FOA/AyOg4qrZaa8l3eoLudPLdRlWwW46nirVnd6stpA + sdgHUIoB81RkY4OMVVsrnU1u71o7IOzOu4eYBtOOme9ABfaa8d3ZIbud/Mdh + lmyV46jirV5pTx2k7m9uG2oxwX4OB0PFVb651NruyaWyCMrtsHmA7jjpnHFW + ry71ZrSdZLAIpRgT5qnAxycYoAbYaW8tlBIL24Tcinar4AyOg4qvZ6a8l/fR + C7nUxlPmDYLZXvx2qxYXerLZQLFYh0CKA3mqMjHXGKr2dzqa3980dmHdim9f + MA24XjnHOaAC/wBNeKezU3c7+ZLjLNkrx1HHWrtzpLpbyv8AbrhtqMcF+Dgd + +KpX9zqbT2ZlsgjLLlR5gO446dOKu3N3q5t5Q9gFUo2T5qnAx16UAQadpby2 + MEgvZ03IDtV8AfTiobXTXfUr2H7XOpjEfzBvmbK9zjt2qbTrrVUsYFhsRIgQ + YbzVGR64xUNrc6mupXrpZhpGEe9fMA24XjnvmgA1HTXie0Bu533zKvzNnbnP + I461fm0mRYZG+3XBwpOC/HT6VQ1G51N3tDNZiMrMpX94DubnA9vrV+a81gwu + G08AFTk+avAx9KAKml6Y82nwSi8njDLnar4A+nFRwaa7apdQ/a5wUVDuDfMc + jucdqk0u61RNPgWGyEiBeG80DP4YqOC51MapdOtkGkZU3J5gG0Acc45zQAan + prw/Zc3c8m+4jX5mztznkcdR2rRfSJAjH7fcnAP8f/1qztTudTf7L51kI9tx + GV/eA7mGcL04z61oveawUYHTwBg/8tl/woAoaTpjz6dDKLyeMMD8qthRyegx + TYtNdtVnh+1zgrGh3BvmOexPpTtJutUTToUgshLGAcN5gXPJ7EU2K51MarO6 + 2QMpjQFPMHA7HOKADVNNeGOAm7nk3TIuGbOM9xx1Faf9jyf8/wDc/wDff/1q + zNUudTeOAT2YjAmQg+YGy3Yfj61pm81n/oHD/v8AL/hQBmaPpr3Gmwyi7niD + bvlRsKMMRwMUJprnV5IPtc4IhDb93zHnpnHSjRrnU49NhS3shLGN2G8wLn5j + 2IoS51P+15JBZAymEAp5g4XPXP8ASgA1XTXgt0Y3c8mZEGGbI5PXp1Faf9jy + f8/9z/33/wDWrM1W51N7dBPZCJRIhB8wNk54HA71p/bNZ/6Bw/7/AC/4UAZm + j6a89gkgu54slvlRsDhj7UDTX/tgwfa58+QG37vm+9jGcdKNHudTjsEW3sxK + mW+bzAv8RzwaBc6n/bBk+xDzfIA2eYPu7uucevagA1fTXgs/MN3PJ86DDtkc + n6Vp/wBjyf8AP/c/99//AFqzNXudTks9s9kIk3pz5gbnPAwK0/tms/8AQOH/ + AH+X/CgDM0nTXntC4u54/ncYRsDg9elB01/7YWD7XPkwFt+75vvYxnHSjSbn + U47QrBZCVd78+YF5zyMEdqDc6n/bCyfYx5vkEbPMH3d3XP17UAGsaa8FhJKb + ueUAr8rtkHLAelaf9jyf8/8Ac/8Aff8A9aszWLnU5LCRbizESErlvMDY+YY4 + Faf2zWf+gcP+/wAv+FAGZpWmvNBIwu548SuMK2AcHr06miTTXGrxQfa5yTEz + b93zDnoDjpRpVzqaQSCCyEqmVyT5gXBzyOnaiS51M6vFIbICURMAnmDkZ65o + ANY017fTZpTdzyhdvyu2VOWA5GK0ho8mB/p9z/33/wDWrN1i51OTTZkuLIRR + nblvMDY+YdgK0heazgf8S4f9/l/woAzdL015kuCLuePbM6/K2M47njqaJtNd + dVt4ftc5LI53FvmGOwOKNLudTRLgQWYkBmcn94Fwx6jn09aJrnUzqtu7WQEo + RwqeYOR3OccYoAfqumPBp80pvJ5AoHys2VPPcYq7HpEhRT9vuBkD+P8A+tVL + VbrVH0+ZJ7IRRkDLeaGxyOwFXY7zWAigaeCMD/lsv+FAGfpmmvMbvF3PHsnd + flbG7GOTx1NeU/Eq2a11i2RpnmzADmQ5I+ZuK9W0y51NDd+TZCTdO5b94BtY + 4yPfHrXJeK/D1/4i1S2kmj+zyeUUVAytkKSxOeMdaBpmV4ItTJ4b1G4E0iBJ + D8inCt8q9RXqEGkyNDG3264GVBwH4HH0rkNK0XUfDmiXlk0O+OY72cuo28Ad + BnPSuvgu9YEMYXTwQFGD5qjIx9KAZR07TXlkvALudPLmZcq2N3A5PHWi6010 + 1KxiN3Oxk835i3zLhc8HHGe9GnXOppJdmKyEhaZiw8wDa2Bx05+tF1c6m2pW + LvZBZF83YvmA7srzzjjFAifUdLeKxnkN7O+1CdrPkH2PFS22ku9tE4vrhdyK + cB+BkduKi1G61V7GdZbERoUOW81TgeuMVLbXeri2iCWAZQi4PmqMjHXpQBTs + NNeW4vEF3OnlyYyrYLcdT70XmmvHfWURu528xn+YtyuF7cd6LC51Nbi8MVmH + ZpMsPMA2nHTpzReXOptfWTSWYR1L7F8wHd8vPPbFAFm+0p47K4kN7cPtjY7W + fIOB0PHSls9KeSzgkF7cLujU4D4AyOg46Ul9d6s1lcLLYhEMbAt5qnAxycYp + bO71ZbOBY7AOgjUBvNUZGODjFAFWy015Ly9jF3OnluoyGwWyO/FF9prx3dkh + u538xyMs2SvHUcUWVzqa3l60dkHdnXevmAbTjpnvRfXOptd2TSWQRlc7R5gO + 446ZxxQBbu9KeO0mc3tw21GOC/BwOh4plhpby2MEgvbhNyKdqvgDI6Din3d3 + q7WkyyWAVSjAnzVOBjk4xTLC61ZbGBYrEOgRQG81RkY64xQBXtNNd9Qvohdz + qYzH8wblsr347dqNQ014p7NTdzv5kuMs2SvHUcdaLS51NdQvnjswzsY96+YB + twvHOOc0ahc6m09mZbIIyy5UeYDuOOnTigC7caTIlvK3264bCscF+Dx34qDT + tLeWwgkF5Om5AdqvgD6cVPcXerm3lD2AVSrZPmqcDH0qDTrrVUsIFhsRIgQY + bzVGR64xQBDbaa76lew/a51MYj+YN8zZHc47dqNR014ntAbud98yr8zZ25zy + Pei2udTGpXrpZBpGEe5fMA24HHOOc0ajc6m72nnWQjKzKV/eA7m5wOnH1oAv + zaTIsTt9uuDhScF+On0qppemPNp8EovJ4wy/dV8AfTirc15rBicNp4AKnJ81 + eOPpVTS7rVE0+BILISIF4bzQM/higCODTXbVLqH7XOCiodwb5jn1OO1Gp6a8 + Itc3c8m+eNfmbOM55HHUdqILnUxql062YaRlTcnmAbR2575o1O51Nxa+dZCP + bPGV/eA7mGcD2z60AaL6RIFJ+33PQ/x//WqhpOmPPp0MovJ4wwPyo2FHJ6DF + X3vNZ2nOngcH/lsv+FUNJutUTToUgshLGAcN5gXPJ7EUANi01zq08H2ucFY1 + O4N8xyehPpRqumvDFCTdzybpkXDNnGT1HHUURXOpjVp3WzBlMagp5g4GeDmj + VbnU3ihE9mIgJkIPmBstngcDv60Aaf8AY8n/AD/3P/ff/wBaszRtNe402GUX + c8Qbd8qNhRhiOBitP7ZrP/QOH/f5f8KzNGudTj02FLeyEsY3YbzAufmPYigA + TTXOryQfa5wRCG37vmPPTOOlGraa8Fsjm7nkzIgwzZHJ6/UUJc6n/a8kgswZ + TCAU8wcLnrnH6Uatc6nJbIJ7MRL5iEHzA3OeBx60Aaf9jyf8/wDc/wDff/1q + zNI0157FZBdzx5ZhtRsDhj7Vp/bNZ/6Bw/7/AC/4VmaRc6nHYqtvZCVNzfN5 + gX+I54NAB/Zr/wBsm3+1z58jdv3fN97GM46V8334231yuScSOMnqeTX0h9p1 + P+2TJ9iHm+RjZ5g+7u65+vGK+b78sb64LDBMj5HocmgqJ9L6dpMjafat9uuB + mJDgPwPlHtUGk6a89qXF3PH87jCNgcHr0qfTrvWBp9qF08MBEmD5qjI2j2qD + SbnU47UrBZiVd7nPmBec8jBFBINprjWFt/tc+TAW37vm+9jGcdKNY014NPkl + N3PKAV+V2yDlh7UNc6n/AGwshsx5vkEbPMH3d3XOP0o1i51OTT5EuLMRISuW + 8wNj5hjgCgDT/seT/n/uf++//rVmaVprzQysLuePErjCtgHB6njqa0/tms/9 + A4f9/l/wrM0q51NIZRBZCQGVyT5gXBzyPwoAJNNcatFB9rnJaJm37vmGD0Bx + 0pdY014NOmlN3PKFx8rtlTyOoxSSXOpnVopDZASiJgE8wcjPXNLrFzqcmnTJ + cWQijOMt5gbHI7AUAaI0iTA/0+5/77/+tWbpemvMlwRdzx7J3X5WxnHc8dTW + kLzWcDGnj/v8v+FZul3Opolx5FmJAZ3LfvAMMeo5HOPWgAm0111W3g+1zkuj + ncW+YY7A4p+q6Y8OnzSm8nkCj7rNlTz3GKZNc6mdVt3azAlCOFTzByO5zjjF + P1W61R9PmSeyEaEct5obHPpigC7HpEhjU/brgZA/j/8ArVn6bprzG7xdzx7J + 3X5Wxuxjk8dTWhHeawI1A08EYHPmr/hWfptzqaG78myEm6dy37wDaxxke+PW + gAuNNddTtIftc7F1kO4t8y4HY4796l1PTHhsJ5TeTyBVztZ8g/Xiori51M6n + aO9kFkVZNqeYDuyOee2Kl1O61V7CdZrERoVOW81TgfTFAFmDSXaCNvt1wMqD + gPwOPpVHTtNeWW8Au508uYrlWxu9zx1q9Bd6uIIwunhlCjB81RkY+lUdOudT + SW8MNmJC0xLDzANrY6dOfrQAXWmumo2MRu52Mnm/MW+ZcLng44z3qfUNLeKx + nkN7O+1GO1nyDx0PFQXVzqbajYu9kFkXzdi+YDuyvPOOMVPqF1qr2M6y2IjQ + o2W81TgY64xQBLa6S720Li+uF3IpwH4GR0HFU7DTXkubxBdzp5cmMq2C3HU+ + 9XLW71dbaEJYBlCLg+aoyMdcYqnYXOprc3hisg7NJlh5gG046dOaAC801476 + yjN3O3mM43FuVwO3FWb7SnjsriQ3tw+2NjhnyDgdDx0qteXOptfWTSWYR1Z9 + i+YDu4557YqzfXerNZXCy2ARDGwLeapwMcnGKAFstKeSzgkF7cJujU4D4AyO + g46VVstNeS8vYxdzp5bKMhsFsjvxVqyu9WWzgWOwDoI1AbzVGRjg4xVWyudT + W8vWjsw7sy718wDaccc96AC+0147qzQ3c7+Y5GWbJXjqOKk1TQIrrTLu2vbi + W6t5YZEkilIeORGUhkdSMFWHBB6io7651NrqyaWyCMrkqPMB3HHTOOKt3d3q + 7WsyyWAVSjAnzVOBjk4xQB8Uah/wTY/Yx8VXieI9T+HdvDdXGJWS0uruzt9x + 5wILeaOIDPYJivon4VfBT4cfCGxvvCfwu0aDwxpqOjvHYosZmdl+/K+C0jDo + CxJA46V6XYXWrLYwLFYh0CKA3mqMjHXGKr2lzqa6hfPHZBnYx718wDbheOcc + 5oANQ014prNTdzv5koXLNkrx1HHWrtxpLpbyt9uuGwrHBfg8fSqWoXOpvNZm + WyCFZQVHmA7jjp7VduLvVzbyh7AKpVsnzVOBj6UAQabpby2EEovJ03KDtV8A + fTiobbTXfU7yH7XOpjEfzBvmbI7nHbtU2m3WqpYQLDYiRAow3mqMj6YqG2ud + TGp3jpZhpGEe5fMA24HHPfNABqWmvE1oDdzvvnVfmbO3OeRx1q/LpEixO326 + 4OAeC/8A9aqGpXOpu1p51kI9s6lf3gO5ucDpx9avy3msGJw2ngDByfNX0+lA + FTS9MebT4JReTxhlztV8Ac9hio4NNdtUuYftc4KIh3BvmOfU47VJpd1qiafA + kFkJEC8N5oGfwxUcFzqY1W5dbIGUom5PMAwOxz3zQAanprwi2zdzyb50X5mz + jOeRx1FaL6RIFJ+33PQ/x/8A1qztUudTcW3nWYj2zoV/eA7mGcD2z61oveaz + tOdPAGP+ey/4UAZ+kaa8+nQyi8njDA/KjYUcnoMUkWmudWmg+1zgrGp3BvmO + T0Jx0pdIudTj06FILISxgHDeYFzyexFJFc6mNWmcWQMpjUFPMHAzwc4oANU0 + 14YoWN3PJumRcM2cZPUcdRWn/Y8n/P8A3P8A33/9aszVLnU3ihE9kIwJkIPm + BsnPA/H1rT+2az/0Dh/3+X/CgDM0bTXuNOilF3PEG3fKjYUYYjgYoXTXOsPB + 9rnyIQ2/d833umcdKNGudTj06JLeyEsY3YbzAufmPY0Lc6n/AGw8gswZTCAU + 8wcLu65/pQAatprwWyubueTMiDDNkcnr061p/wBjyf8AP/c/99//AFqzNWud + Te2UT2YiXzEOfMDc54GAO9af2zWf+gcP+/y/4UAZmkaa89ksgu54/mYbUbA4 + J9qP7Nf+2fs/2ufP2fdv3fN9/GM46UaRc6nHZKsFkJU3N83mBedxzwRR9p1P + +2fM+xDzfs+NnmD7u/72cevGKADV9NeCyMhu55PmUYdsjkj2rT/seT/n/uf+ + +/8A61Zmr3OpyWRWeyESbl+bzA3ORjgVp/bNZ/6Bw/7/AC/4UAZmk6a89qzi + 7nj+dxhGwOD16UNprjWEg+1z5MJbfu+b72MZx0o0m51OO1ZYLISrvc58wLzn + kYI7UNc6n/bCSGzHm+SQE8wfd3dc/wBKADWNNe306WU3c8oBX5XbKnLDtitP + +x5P+f8Auf8Avv8A+tWZrFzqcmnSpcWYijJXLeYGx8w7CtP7ZrP/AEDh/wB/ + l/woAzNK015oZWF3PHtldcK2AcHqeOpok01xq0MH2uclomO/d8wwegOOlGlX + OppDKILISAyuSfMC4OeR+FElzqZ1aGQ2QEoiYBPMHIz1zigBdX014NOmlN5P + IFA+V2yp5HUYrRXSJMD/AE+5/wC+/wD61Z2r3OpyadMlxZCKMgZbzA2OR2Ar + RW81nA/4l4/7/L/hQBm6ZprzLckXc8eyd1+VsZx3PHU0Taa66rbQ/a5yXRzu + LfMMdgcd6NLudTRbnybMSZnct+8Awx6j3x60TXOpnVbZ2swJQj7U8wcjuc44 + xQA/VdMeHT55TeTyBR91nyp57jFXYtIkMaH7dcDIHAf/AOtVLVbrVH0+dJ7I + RoRy3mhsc+mKuxXmsCNAungjAwfNX/CgDP03TXla7Au502TuvytjdjHJ460X + Gmump2cP2udjIJPmLfMuB2Pv3o0251NGu/JshJunct+8A2txkdOcetFxc6md + Ts3eyCyKJNq+YDuyOeccYoAl1LS3hsJ5TeTybVJ2s+QfrxVmDSZGgjb7dcDK + g4D8Dj6VW1K61V7CdZrERoVOW81TgfTFWYLvWBBGF08MAowfNUZGPpQBR0/T + XllvFF3Onlylcq2N3HU8daLvTXTUbGL7XOxk8z5i3zLhc8HHGe9Gn3OppNeG + KzEhaUlh5gG046e9F3c6m2o2LyWYWRfM2L5gO7K889sUAT6hpbxWM8hvZ32o + x2s+QeOh4qW10l3tYXF9cLuRTgPwMjoOKi1C61V7GdZbERoUbLeapwMdcYqW + 1u9XW1hVLAMoRcHzVGRjrjFAFOx015Lm8QXc6eXIBlWwW46n3ovNNeO9sozd + zt5jONxblcDtxRY3Oprc3hisw7NICw8wDacdM96Ly51Nr2yaSzCOrPsXzAdx + xzzjigCzfaU8dlcSG9uH2xucM+QcA8HjpS2WlPJZwSC9uE3RqcB8AZHQcdKS + +u9WayuFksAiGNwW81TgYOTjFLZXerLZwLHYB0EagN5qjIxwcYoAq2WmvJe3 + sYu518tlG4Ny2R34ovtNeO6skN3O/mSEZZsleOo460WVzqa3t60dmHdmXevm + AbTjjnHNF9c6m11ZNLZhGWQlR5gO446ZxxQBcutJdLWZzfXDbUY4L8HA6Hio + tP0t5bGCQXs6bkU7VfAGR0HFS3V3q7WsyvYBVKNk+apwMdcYqLT7rVUsYFis + Q6BFw3mqMjHXGKAILTTXfUb6L7XOpj8v5g3zNlc8nHOO1Goaa8U1mpu538yU + LlmyV46j3otLnU11G+dLINI3l718wDbheOe+aNQudTeazMtkEKygqPMB3HHT + 2oAu3GkusEjfbrhsKTgvwePpVfTdLeawglF5PHuUHar4A+nFWLi71cwSB7AK + pU5PmqcDH0qvpt1qqWECw2IkQKMN5qjI+mKAIrbTXfU7yH7XOpjEfzBvmbI7 + nHbtRqWmvC1oDdzvvnRfmbO3OeRx1otrnUxqd46WYaRhHuXzANuBxzjnNGpX + Opu1p51mI9s6Ff3gO5ucDpxn1oA0JdIkEbn7dcHAPBf/AOtVLStMebT4JReT + xhh91Xwo57DFXZbzWDG4bTwBg5Pmr/hVLSrrVE0+BILISIBw3mgZ59MUAMh0 + 121S5h+1zgoiHcG+Y57E47UapprwrbE3c8m+dF+Zs4znkcdRRDc6mNUuXWyB + kKJuTzBwOxz3zRqlzqbrbefZiPE6Ff3gOWGcDpxn1oA0m0iQKT9vuen9/wD+ + tWdpGmvPp0MovJ4gwPyo2FHJ6DFaLXms7TnTx0/57L/hWdpFzqcenQpb2Qlj + AOG8wLnk9iKAEj01zq00H2ucFY1O8N8xyehOOlGq6a8MMTG7nk3SouGbIGT1 + HuKI7nUxq00gswZTGoKeYOBnrnFGq3OpvDEJ7IRgSoQfMDZOeB+NAGn/AGPJ + /wA/9z/33/8AWrM0fTXuNOilF3PEG3fKjYUYYjgYrT+2az/0Dh/3+X/CszR7 + nU49OiS3shLGN2G8wLn5jng0AC6a51h4Ptc+RCG37vm+9jGcdKNW014LZXN3 + PJmRBhmyOT1+tC3Op/2w8gsh5vkgFPMH3d3XP9KNWudTe2UT2QiXzEOfMDc5 + 4GAO9AGn/Y8n/P8A3P8A33/9aszSNNeeyEgu54/mYbUbA4J9q0/tms/9A4f9 + /l/wrM0i51OOyC29mJU3N83mBecnPBFAB/Zr/wBs/Z/tc+fs+7fu+b7+MZx0 + o1fTXgsmkN3PJ8yja7ZHJHtR9p1P+2fM+xDzfs+NnmD7u/72cevGKNXudTks + mWezESbl+bzA3ORjgCgDT/seT/n/ALn/AL7/APrVmaTprz2zOLuePEjjCtgc + Hr9a0/tms/8AQOH/AH+X/CszSbnU47ZhBZiVfMc58wLznkYPpQANprjWEg+1 + z5MJbfu+b73TOOlGsaa8GnSym7nlC7fldsqcsByMUNc6n/bCSGzAlEJATzBy + u7rn+lGsXOpyadKlxZCKM7ct5gbHzDHAoA0/7Hk/5/7n/vv/AOtWZpWmvNFM + wu549srrhWxnB6njqa0/tms/9A4f9/l/wrM0q51NIZhBZiUGVyT5gXBzyOfS + gAk01xq0MH2uclo2O4t8wwegOOlLq+mvBp00pvJ5AoHyu2VPI6jFJLc6mdWh + c2QEojYBPMHIzyc4pdXudUk06ZJ7IRRkDLeYGxyOwFAGiukSFQft9z0/v/8A + 1qzdM015luSLuePZO6/K2M47njqa0lvNZ2jGnjp/z2X/AArN0y51NFufJshJ + meQt+8Awx6jpzj1oAJtNddUtoftc5Lo53FvmGOwOO9P1TTHh0+eU3k8gVfus + +Qee/FMnudTOqWztZASBH2p5g5Hc57Yp+qXWqPp86T2QjQry3mhsc+gFAFyL + SJGiRvt1wMgcB/8A61UNN015muwLudNk7r8rY3YxyeOtX4rzWBEgXTwRgYPm + r/hVDTbnU0a78mzEm6dy37wDa3GR05x60AFzprpqdnD9rnYyCT5i3zLgdjjv + 3qbUtLeKwnlN5O+1SdrPkH68VDc3OpnU7N3swsiiTavmA7sjnnHGKm1K61V7 + CdZrERoVOW81TgfTFAE9vpMjQRt9uuBlQcB+Bx9KpafpryzXii7nTy5SuVbB + bjqeOtXbe71cQRhLAMoUYPmqMjH0qlp9zqaTXhisg5aUlh5gG046e9ABd6a6 + ajYxG7nYyGT5i3zLhexxxnvU+oaW8VjPIb2d9qMdrPkHA6HioLu51NtRsXks + wsimTYvmA7srzz2xU+oXWqvYzrLYhEKNlvNU4GOuMUASWmlO9rC4vbhdyKcB + +BkdBxVSx015Lq9QXc6eXIBlWwW46mrdpd6utrCsdgGUIoB81RkY4OMVUsbn + U1ur1orMOzSAsPMA2nHTOOaAC901472yjN3O3mMwyW5XA7cVavdKeOznkN7c + PtjY4L5BwOh46VVvbnU2vbJpLII6s2xfMB3HHPParV7d6s1nOslgEQxsC3mq + cDHJxigBLHSnksreQXtwm6NDhXwBkDgcdKrWemvJe3sYu518tkG4Ny2R34qz + Y3erLZW6x2AdBGgDeaoyMDBxiq1nc6mt7etHZB3Zk3r5gG07eOcc5oAL/TXj + ubNDdzv5khGWbJXjqOOtXLrSXS1mc31w21GOC/BwOh4qnf3Optc2ZlswjLIS + o8wHccdM44q5dXertazK9gFUo2T5qnAx1xigCLT9LeWxgkF7Om5FO1XwBx0H + FQWmmu+o30Qu51Mfl/MG+Zsrnk45x2qfT7rVUsYFisRIgRcN5qjIx1xioLS5 + 1NdRvnjsg0jeXvXzANuF4575oANQ014pbNTdzv5kwXLNnbx1HHWr0+kyLBI3 + 264OFJwX4PH0qjqFzqby2ZlshGVmBUeYDuODx7fWr093q5gkDaeFUqcnzVOB + j6UAVtN0t5rCCUXk8YZQdqvgD6cVFb6a76ndw/a51KCP5g3zNkdzjt2qXTbr + VUsIFhsRIgUYbzVGR9MVFb3OpjU7t0sw0jCPcnmAbcDjnvmgA1LTXhNpm7nk + 3zovzNnbnPI46itCXSJBG5+3XBwDwX/+tWfqVzqbm086zEe2dCv7wHc3OB7Z + 9a0JbzWDG4bTwBg5Pmr/AIUAUtK0x59PhlF5PGGH3VfCjnsMUyHTXbVbiH7X + OCiIdwb5jnsTin6VdaomnwpBZCRAOG80Lnn0xTIbnUxqtw62QMhRNyeYOB2O + cc5oANU014VtibueTfOi/M2cZ7jjqK0jpEmD/p9z/wB9/wD1qzdUudTdbbzr + MR4nQr+8Byw6D2z61pNeazg/8S8f9/l/woAztI0159OhlF5PGGB+VGwo5PQY + pI9Nc6tLB9rnBWJTv3fMcnoTjpS6Rc6nHp0KQWQljAOG8wLnk9iKSO51MavL + ILMGUxKCnmDgZ65xQAarprwQxMbueTdKi4ZsgZPUcdRWn/Y8n/P/AHP/AH3/ + APWrM1W51N4YhPZCICVCD5gbJzwPxrT+2az/ANA4f9/l/wAKAMzR9NefT45R + dzxAlvlRsKMMR0xQumudYaD7XPkQht+75vvYxn0o0e51OPT40t7ISoC2G8wL + n5jngihbnU/7YaQWQ83yQNnmD7u7rnH6UAGraa8FqHN3PJl0GHbI5PXpWn/Y + 8n/P/c/99/8A1qzNWudTktQs9kIl3oc+YG5zwMAd60/tms/9A4f9/l/woAzN + I0157MSC7nj+ZxhGwOD9KP7Nf+2Rb/a58+Ru37vm+9jGcdKNIudTjswtvZiV + NzfN5gXnPPBo+06n/bIk+xDzfIxs8wfd3dc/XjFABrGmvBYtIbueXDKNrtkc + ke1af9jyf8/9z/33/wDWrM1e51OSxZbizESbl+bzA3cY4Faf2zWf+gcP+/y/ + 4UAZmk6a89s7i7njxI4wrYHB6/U1YgtGttdjUzyTfuWOXOT1xj6VX0q51NLZ + xBZCVfMck+YF5zyOR2qxBNeS67Gbq3EDeSwxvDcZ68e9AHS0UUUAFFFFABRR + RQAUUUUAf//Q/dWbUrBtXt5hOpjWNwWzwCadrGp2E+mzxQzo7sBgA8nkVLNb + 241q2QRLtMTkjaMU/W7a3TS7hkiVSAMEKAeooAsR6vpgjUG5TIA71m6VqVhD + 9s82dV33MjLk9VOMGtyK0tfLT9ynQfwisrR7e3f7bviVtt1IBlQcAY4oAguN + SsG1a0mWdSiLIGOeBkcVLqup6fNp08UVwjOy4AB5NOube3Gs2SCJQpSTI2jB + 4qbWLa3TTLhkiRSF4IUA0APg1bTVhjVrlAQoB59qz9M1KwikvTJOqh52Zcnq + CBzWzb2lqYIyYU+6P4R6Vm6Vb27SXwaJTtuGAyo4GBQBBd6lYPqlhMs6lI/N + 3HPAyoxmp9T1TT5dPuI47hGZkIAB6mlvLe3GraegiUKwmyNowcKOtT6rbWy6 + bcssSAhDghRQAlrq2mpawo1ygKooIz3Aqjp2pWEVxetJOqiSXKknqMda17O1 + tjaQEwoSUX+EelZ+mW9u1zfholIWbAyo4GKAIL3UrCTULCVJ1KxmTcc8DK8Z + qzqGq6dJY3EcdwjM0bAAHqSKbfW9uupaeoiUBmkyNowfl71b1K1tl0+5ZYkB + EbkEKPQ0AQ2Wq6dHZwI9wgZY1BGehAqnYalYR3l87zqqyOpUk9RitSwtbZrG + 3ZoUJMaZO0egqnp9vbtfagrRKQrrgFRx8vagCvf6lYSXli6TqyxuxYg9BjvV + y91XTpLOdEuELNGwAz1JFRajb2632nqsSgNI2QFHPHert/a2y2NwyxICI3II + UehoAqafqmnRWFvHJcIrLGoIJ6ECq1lqVhHqN/K86hJDHtOeDhecVpaba2za + fbM0SEmNckqPSqljb27anqKtEpCmPA2jA+XtQBBqOpWEtxZNHOrCOXLEHoMd + avXWraa9tKi3KEsjADPcioNTt7dbmwCxKA02DhRyMVoXdrbC1mIhQEI38I9K + AM/TNU0+LT7eOS4RWVACCehqC01KwTVL6Zp1CSCLac8HC84q/pVtbNptszRI + SUGSVFV7O3tzq+oIYlKqIsDaMDK9qAINT1KwlksjHOrBJ1ZsHoBnmtCfVtNa + GRVuUJKkDn2qtqtvbpJY7YlG64UHCjkc1p3FraiCQiFAQp/hHpQBlaTqenw6 + dBFLcIrquCCeRUVvqVgurXczTqEdYwDng4HNXdHtrd9Mt2eJGJXklQTUNtb2 + 51i8QxKVCR4G0YHFAEGq6lYTfZPKnVtlxGzYPRRnJrTfV9MKMBcpyD3qpq9v + bp9i2RKu65jBwoGQc8VqSWlr5bfuU6H+EUAYuj6nYQabBFLOqOoOQTyOTTYd + SsF1e4mM6iNo0AbPBIq1oltbvpduzxKxIOSVBPU0yG3tzrVyhiXaIkIG0YoA + g1fUrCaK3EU6sVnjY4PQDqa1TrGmf8/KfnVHWbe3SK2KRKuZ4wcKBxmtg2lr + j/Up/wB8igDA0TUrC30uCKadUdd2QTyMsTQmpWA1mSczr5ZhVQ2eM7ulWNBt + 7eTSYHeJWY7uSoJ+8aSO3t/7clTyl2iBTjaMZ3UAQaxqVhNbRrFOrkSoSAew + PNav9saZ/wA/KfnVLWre3S1jKRKpMsY4UDvWv9ktf+eKf98igDA0XUrCDT0j + mnVGDPwTzyxoGpWH9tm489fL+zhd2eM7s4qfQre3fTUZ4lY7n5Kg/wARoFvb + /wBvMnlLt+zA42jGd/XFAEGs6lYT2Xlwzq7b0OAewNav9saZ/wA/KfnVHXLe + 3Sx3JEqnenIUD+Ktj7Ja/wDPFP8AvkUAYGj6lYQWZSadUbe5wT2J4oOpWH9t + rP56+WICu7PGd2cVPolvbvZFniVj5j9VB70rW9v/AG8sflLt+zk42jGd/XFA + FfWtSsJ9OkihnV3JXAB54YGtX+2NM/5+U/OqWu29ummSMkSqQU5CgH7wrX+y + Wv8AzxT/AL5FAGBpGpWENvIss6oTK5AJ7E8GiTUrA6zFOJ18tYWUtnjOelT6 + Lb2720peJWImkHKg8Zokt7ca5CnlLtMLHG0YzmgCDW9SsJ9MnihnV3bbgA8n + DA1qDWNMwP8ASU/OqevW9umkzukSqw28hQD94VrC0tcD9yn/AHyKAMHSdSsI + Y7gSzqpaeRhk9Qehom1KwbV7aYTqUWNwWzwCelT6Nb27x3O+JWxcSAZUHiln + t7ca1aoIl2mN8jaMUARaxqdhPps8UU6O7AYAPJ5FX49X0wRqDcpkAd6g1q2t + 00u4ZIkUgDBCgHqK0YrS18tP3KdB/CKAMPStSsITeebOq77iRlyeqnGDRc6l + YNq1nMs6lEWQMc8DI4qfSLe3c3u+JW23MgGVBwOOKLq3txrFkgiUKyyZG0YP + FADdV1PT5tOniiuEZ2XAAPJq3Bq2mrBGrXKAhQDz7UzWLa3TTLhkiRSF4IUA + 1ct7W1NvETChJVf4R6UAY2m6lYRS3pknVRJMzLk9Rgc0XepWD6pYSpOpSPzd + xzwMqAM1Y0u3t2lvg0SnbOwGVHAwKLy3txq2nIIlCt52RtGDhR1oATUtU0+X + T7iOO4RmZCAAepxU9rq2mpawo1ygKooIz3Ap2qW1sunXLLEgIRsEKPSp7O1t + jaQEwoSUX+EelAGRp2pWEVzfNJOqiSXKknqMUXupWEmoWEiTqVjZ9xz0yvGa + n0y3t2ur8NEpCy4GVHHFF/b266lpyrEoDNJkbRz8vegB2oarp0ljcRx3CMzR + sAAepIp1jqunR2VvG9wissaAgnoQBU+pWtsun3LLEgIjcghR6GnWFrbNY2zN + EhJjQklR/dFAGXY6lYR3t9I86qsjqVJPUAUX+pWEl5Yuk6ssbsWIPQYqxp9v + btf6grRKQrrgFRx8vak1G3t1vdPVYlAaRs4Uc8UAS3uq6dJZzolwhZo2AGep + Ipmnapp0VhbxyXCKyxqCCehAq5fWtstlcMsKAiN8HaPQ1HplrbNp1szRISY1 + ySo9KAM6z1KwTUr+V51CSGPac8HC84o1HUrCW4smjnVhHLliD0GOtT2Nvbtq + moq0SkKYsDaMDK9qNTt7dbmwCxKA02DhRyMUAT3Oraa9tKq3KElGAGfaoNM1 + TT4tPt45LhFZUAIJ6GtG6tbUWsxEKAhG/hHpVbSra2fTbZmiQkoMkqM0AULX + UrBNUvpmnUJIItpzwcKc0anqVhK9mY51YJOrNg9AM81PaW9udX1BDEpVRFgb + RgZU0arb26SWO2JRuuEBwo5HNAFqbVtNaGRRcoSVI6+1UtJ1PT4dOgiluEV1 + XBBPI5rWntLUQSEQp90/wj0qjo1tbvpluzxIxK8kqCetAFO31KwXVruZp1CO + kYBzwSBzRqupWEwtPKnVtlxGxweijOTU9tb251m8QxKVCR4G0YHFLq9vboLP + ZEq5uYwcKBkc8UAW31fTCjAXKdD3rO0bUrCDTYIpp1R1ByCeRya23tLXY37l + Oh/hFZmh21u+lW7PErEg5JUE9TQBVi1KwGsTzmdRG0aANngkGjV9SsJooBFO + rFZkY4PQA8mp4be3Ot3CGJdoiQgbRjrRrNvbpDblIlXM8Y4UDjNAF7+2NM/5 + +U/OsrQ9SsLfS4Ypp1R13ZBPIyxNb/2S1/54p/3yKx9At7eTSYHeJWY7uSoJ + +8aAIE1KwGtSTmdfLMIUNnjO7pRrGpWE1siRTq5EiHAPYHmp0t7f+3ZU8pdo + gU42jGd3pRrdvbpaIUiVT5sY4UDvQBe/tjTP+flPzrK0XUrCCwSOadUYM/BP + qxrf+yWv/PFP++RWPoVvbvpyM8Ssdz8lQf4jQBB/aVh/bZuPPXy/s+3dnjdv + zivmnUGDX9yynIMrkf8AfRr6eFvb/wBvGPyl2/Zs42jGd/XFfMWogDULkDgC + V/8A0I0FRPp3TdW01dOtVa5QERICM/7Iqvo2pWEFoUmnVG8xzgnsTxWlplra + nTbQmFCTFH/CP7oqpodvbvZEvErHzH6qD3oJIG1Kw/ttZ/PXyxAV3Z4zuzij + W9SsJ9NkihnV3JXAB54YVO1vb/28kflLt+zk42jGd3XFGvW9umlyskSqQU5C + gH7woAvf2xpn/Pyn51laRqVhDBKss6qTK5GT2J4Nb/2S1/54p/3yKyNFt7d7 + eYvErETSDlQeM0AV5NSsDrMM4nXy1iYFs8ZJ6UutalYT6ZPFDOru23AB5PzC + ppbe3/tyFPKXaYWONoxnNLrttbppU7JEqsAvIUA/eFAFxdX0zaP9JT86y9J1 + KwhS5Es6rvnkYZPUHoa3ltLXaP3KdP7orI0a3t3S63xK2LiQDKg8cUAQT6lY + Nq9tOJ1MaxuC2eATT9X1Owm02eKKdHdhwAeTzUk9vbjWrVBEu0xvkbRipNat + rdNLuGSJFIXghQD1FAE8Wr6YI0BuUyAO9Zul6lYQm882dV33DsuT1U4wa24r + S1MSEwp0H8IrM0i3t3N7uiU7bmQDKjgccUAV7nUrB9Vs5lnUoiybjngZHFS6 + rqenzadcRRXCM7KQADyaddW9uNYsUEShWWXI2jBwKn1e2t00y4ZIkUhDghQD + QAtvq2mrbxq1ygIVQRn2qhpupWEUt6ZJ1USTFlyeox1rZtrW1NvETChJRf4R + 6Vm6Vb27TXwaJTtnYDKjgYFAEF3qVg+p2EqTqUj83cc8DK4GasalqmnS2FxH + HcIzMjAAHqcUXtvbjVtOQRKFbzsjaMHC96sapbWy6dcssSAiNsEKPSgBlpq2 + mpawo1wgZUUEZ7gVS0/UrCO5vXknVRJJlST1GK1rO1tjaQEwoSUX+EelUNNt + 7dru/DRKQsoAyo44oAgvtSsJL+wkSdSsbOWOemV4zVq/1XTpLG4jS4RmaNwA + D1JFMv7e3XUdPVYlAZnyAo5+XvVzUbW2XT7lliQEROQQo9DQBXsdV06Oyt43 + uEVljQEE9CAKqWOpWEd9fSPOqrI6lST1AHatTT7W2awtmaJCTEhJKj+6Kpaf + b27X+oK0SkK6YBUcfL2oAgv9SsJLuxdJ1ZY5CWIPQYq5earpr2k6JcIWZGAG + epIqPUbe3W8sAsSgNIc4Uc8VdvbW2WyuCIUBEb87R6UAU9O1TTorC3jkuEVl + jUEE9CBVaz1KwTUr+V51CSGPac8HC4OK0dMtbZtOtmaJCTGuSVHpVWyt7dtU + 1FTEpCmLA2jAyvagCDUtSsJZ7Jo51YRzBmwegx1q9c6tpr20qrcoSUYAZ74q + DVLe3W4sAsSgNMAcKORitG6tbUWsxEKAhG/hHpQBm6XqmnxafbxyXCKyoAQT + yDUNrqVgmq3szTqEkEW054OBzV7Sba2fTbZmiQkoMkqM1DaW9udXv0MSlVEW + BtGBlTQBX1PUrCV7Mxzq2ydGbB6AZ5rRm1fTGicC5Qkqe/tVbVre3R7HbEo3 + XCA4UcjnitKa0tRDIRCn3T/CPSgDJ0nU9Ph06CKW4RXVcEE8jmo4NSsF1e6m + adQjogBzwSOtXNGtrd9Mt2eJGJXklQT1qK3t7c6zdoYlKhI8DaMCgCDVtSsJ + ltfKnVtlxGxweijOTWm+r6YUYC5Toe9U9Yt7dFs9kSrm5jBwoGRzxWs9pa7G + /cp0P8IoAxNG1Kwg0yCKadUdQcgnkcmmxalYDWJ5zOojaJQGzwSDVnQ7a3fS + rdniVmIPJUE/eNJFb251u4QxLtESHG0Y60AV9W1KwmhgWKdWKzRscHoAeTWr + /bGmf8/KfnVHWbe3SGApEq5njHCgcZrY+yWv/PFP++RQBgaJqVhb6ZDFNOqO + u7IJ55YmhNSsBrUk5nXyzAF3Z4zu6VPoNvbyaVC7xKzHdyVBP3jQlvb/ANuy + J5S7fIBxtGM7vSgCDWNSsJ7VEinVyJEOAewPNav9saZ/z8p+dUdbt7dLRCkS + qfNQcKB3rY+yWv8AzxT/AL5FAGBo2pWEFgsc06o25zgn1Y0f2lYf239o89fL + +z7d2eN2/OPyqxodvbvp6s8Ssdz8lQf4jR9nt/7f8vyl2/Zs42jGd/XFAFfW + dSsJ7Exwzq7bkOAfRhWr/bGmf8/KfnVHXLe3TTyyRKp3pyFA/iFbH2S1/wCe + Kf8AfIoAwNH1KwgtGSadUbzHOCexPFDalYHWkn89fLEBXdnjO7OKsaJb272b + F4lY+Y/VQe9I1vb/ANvInlLt+zk42jGd1AEGt6lYXGmyxQzq7krgA88MK1f7 + Y0z/AJ+U/OqOvW9vHpczJEqkFOQoB+8K2Pslr/zxT/vkUAYGkalYQwzLLOql + pnYZPYng0S6lYHWIZxOvlrEwLZ4BJ6VY0a3t3gnLxK2JpByoPGaSW3txrcCC + JdphY42jGc0AQ61qVhPpk8UM6u7AYAPJ+YVprq+mbR/pKfnVTXba3TSrhkiV + WAXkKAfvCtVbS12j9ynT+6KAMHSdSsIUuRLOq755GGT1Bxg0T6lYNq9rMs6l + ERwWzwCelWNHt7d0ut8Sti4kAyoOBxxSXFvbjWrRBEoUxyZG0YNADNX1PT5t + NniinR3ZeADyeauxavpgiQG5QEAd6i1m2t00u4ZIkUheCFAPWr8NpamJCYU+ + 6P4R6UAYml6lYQteGWdV33DsuT1Bxg0XOpWD6rZTLOpSMSbjngZHFT6Tb27t + fbolO25cDKjgccUXVvbjV7FBEoVllyNowcCgBNU1TT5tPuIorhGdlIAB5NWb + fVtNW3iVrlAQqgjPtSavbW6abcMsSKQhwQozVu2tbU28RMKElF/hHpQBjabq + VhFNetJOqiSYsuT1GOtF5qVg+p2EqTqUj83cc8DK4Gan0u3t2nvw0SnbOQMq + OBii9t7ddV05BEoVvNyNowcL3oAXUtU0+WwuI47hGZkYAA9TipbTVdNS0hR7 + hAyooIz0IFP1S2tl065ZYkBEbYIUelTWVrbNZwEwoSY152j0oAydP1Kwjur5 + 5J1VZJAVJPUYovtSsJL+wkSdSsbOWIPTK8ZqfTbe3a7vw0SkLKAMqOOKW/t7 + ddQ09ViUBmfICjn5e9ADr/VdOksbiNLhGZo3AAPUkGlsdV06Oyt43uEVljQE + E9CAKsaja2y6fcssSAiJyCFH900afa2zWFszRISYkJJUf3RQBmWOpWEd9fyP + OqrIyFST1wvajUNSsJLuxeOdWWOQliD0GKn0+3t21DUFaJSFdMAqOPl7Ualb + 263lgFiUBpCDhRzx3oAmu9V017SZEuELMjADPUkVFp2qadFYW8clwisqKCCe + hAq9e2tsLOciFARG38I9DUWmWts2nWzNEhJjXJKj0oAzrPUrBNTv5XnUJJ5W + 054OFwcUalqVhLNZNHOrCOYM2D0GDzViyt7dtV1FTEpCmLA2jAyvak1S3t1n + sQsSgNMAcKORg0AWLnVtNa3lVblCSrADPtVbS9U0+HT7eKW4RXVQCCeRWldW + tqLaUiFAQjfwj0qrpFtbvptuzRIxKDJKjNAFG11KwTVb2Zp1CSCPac8HA5o1 + TUrCZrMxTq2y4RmwegGeantLe3OsX6GJSqiLA2jAyKNWt7dHsdsSjdcIDhRy + OeKALUur6YYnAuUJIPeqWkanp8OmwRSzojqvIJ5HNa81paiJyIU+6f4R6VQ0 + a2t30u3Z4kYleSVBPWgCnBqVgurXUzTqEdEAOeCR1o1bUrCZbURTq2y4jY4P + QDOTU9vb251m7QxKVEceBtGBRrFvbolpsiVc3EYOFAyOeKALjavphUgXKdPW + s3RdSsINMgimnVHUHIJ5HzGtx7S12n9ynT+6Ky9Ctrd9Kt2eJWYhuSoJ+8aA + K0WpWA1meczqI2iUBs8Eg9KNX1KwmhhWKdWKzIxwewPJqeK3tzrc6GJdohU4 + 2jHWjWbe3SCApEqkzRjhQOM0AXv7Y0z/AJ+U/OsrRNSsINMiimnVHG7IJ55Y + mt/7Ja/88U/75FZGg29vJpULPErEl+SoJ+8aAK66lYDWnn89fLMAXdnjO7OK + NY1KwntVSKdXYSIcA9geanS3t/7dkTyl2/ZwcbRjO6l1u3t0tEKRKp81BwoH + egC7/bGmf8/KfnWVoupWEFiI5p1RtznBPqxrf+yWv/PFP++RXhOq+K9T0e7N + laJCYwM/PGGOST3oGker/wBpWH9ufaPPXy/s+3dnjdvzj8qNZ1KwnsGjhnV2 + LIcA+jCud8HX0mtvHd30cZdoXBCoAvyyYBx611WuW9umnsyRKp3JyFA/iFAi + 7/bGmf8APyn51laPqVhBasks6oxkc4J7E8Vv/ZLX/nin/fIrH0S3t3tHLxKx + 81xyoPegCB9SsDrUc4nXyxAV3Z4zu6Ua3qVhPpksUM6u524APPDA1O9vb/27 + GnlLt8gnG0Yzu9KXXre3j0qZkiVSCnIUA/eFAF3+2NM/5+U/OsrSNSsIYZll + nVC0zsMnqCeDW/8AZLX/AJ4p/wB8isfRbe3eCcvErYnkHKg8ZoAgl1KwOsQT + idTGsTAtngEmnazqVhPpk8UM6u7AYAPJ5FTS29uNbt0ES7TE5xtGOtLrltbp + pVwyRKrADkKAfvCgC0ur6YFANynT1rM0rUrCFboSzqu+4kYZPUHGDW6lpa7R + +5ToP4RWTo9vbut3uiU4uZAMqDgccUAQT6lYNq1rMs6lERwTngE9Kk1fU9Pm + 02eKKdHdl4APJ5qS4t7cazaIIlClJMjaMGpNZtrdNLuGSJFIXghQD1oAlh1f + TFiQG5QEKO/tWdpepWELXhlnVd9w7Lk9Qcc1tQ2lqYYyYU+6P4R6VmaTb27v + fbolbbcOBlRwOOKAILrUrB9VsplnUpGJNxzwMjiptU1TT5dPuI47hGZkIAB5 + Jpbu3txrFggiUKwlyNowcCp9WtrZNNuWWJAQhwQozQAttq2mrbxK1ygIVQRn + 2qhpupWEU160k6qJJiy5PUYHNbFra2ptoiYUJKL/AAj0rP0u3t2nvg0SnbMQ + MqOBgUAV7zUrB9SsJUnUpGZNxzwMrxmrGo6pp0thcRx3CMzIwAB6kikvre3X + VNOURKAxlyNowcL3q1qdrbLp1yyxICI2wQo9KAIrPVdNS0gR7hAyooIz0IFU + 9P1Kwju755J1VZJAVJPUYrVsrW2aytyYUJMac7R6VR023t2vL8NEpCyADKjj + jtQBBfalYSX1jIk6ssbOWIPTK96t32q6dJZXEaXCMzRuAAepINR6hb266hp6 + rEoDO+QFHPy96u6ha2y2FyyxICInIIUf3TQBVsNV06Oxt43uEVljQEE9CAKq + 2WpWEd/fSPOoWRkKnPXC9q09OtbZtPtmaJCTEhJKj+6KqWFvbtqGoK0SkKyY + BUcfL2oAr6hqVhJdWLxzqwjkJYg9Birt3qumvaTIlwhZkYAZ6kiodSt7dbuw + CxKA0pBwo54q/e2tstnORCgIjbnaPSgCjpuqafFYW8clwisqKCCehxVez1Kw + TU7+V51CSeVtOeDhcHFaGl21s2nWzNEhJjXJKj0qtZW9u2q6ihiUqvlYG0YG + V7UAQalqVhLNZNHOrCOYM2D0GDzV+41bTWt5FW5QkqwAz7VX1S3t1msQsSjd + OAcKORg1pXNrai3lIhQEI38I9KAMzS9U0+HT7eKW4RWVQCCeRUNtqVgmq3sz + TqEdY9pzwcDmr2kW1u+m27NEjEoMkqM1Ba29udYvkMSlVWLA2jAyKAINU1Kw + maz8qdW2XCM2D0UZya0ZdX0wxOBcoSQe9VdXt7dGsdsSjdcxg4UcjnitSa0t + RE5EKfdP8I9KAMfSNTsIdNgilnRHUcgnkc0yDUrBdXuZmnUI6IAc8EjrVvRb + a3fS7dniRiV5JUE9TUcFvbnWbpDEu0Rx4G0YoAg1XUrCZLYRTq2yeNjg9AOp + rUbV9M2n/SU/OqesW9uiWuyJVzcRg4UDI54rWa0tdp/cp0/uigDC0XUrCDTI + Ipp1R1ByCeR8xpI9SsBrM05nXy2iUBs8ZB6VZ0K2t30q3Z4lZiG5Kgn7xpsV + vbnXJ0MS7RCpxtGM5oAg1fUrCeCFYp1YrMjHB7A8mtX+2NM/5+U/OqOtW9ul + vCUiVSZoxwoHGa2Pslr/AM8U/wC+RQBgaLqVhBpsUU06o4LZBPPLE0LqVh/b + Tz+evlmALuzxndnFT6Db276XEzxKxJfkqCfvGhbe3/t108pdv2cHG0YzuoAg + 1jUrCe0VIp1dvMQ4B7A81q/2xpn/AD8p+dUtbt7dLNSkSqfMTooHetf7Ja/8 + 8U/75FAGBo2pWEFiI5p1Rt7nBPYk0f2lYf24Ljz18v7Pt3Z43b84qfQre3ew + DPErHe/JUH+I0fZ7f+3xH5S7fs2cbRjO/rigCDWtSsJ7Bo4Z1diyHAPowrV/ + tjTP+flPzqjrtvbx6czJEqncnIUD+IVsfZLX/nin/fIoAwNH1KwhtnSWdUJk + c4J7E8VLHd21zrsbW8gkHkMMj13Zp2iW9u9o5eJWPmyDlQe9P8qKPXohGgUe + Qx4AHO6gDdooooAKKKKACiiigAooooA//9H9z5dPmGqwQm8lLNGx35GRjsKf + q2nzw6dNI15LIFA+ViMHkdeKZLd6gdVgkaxIkEbgJ5i8juc+1P1a81GTTpkm + sTEhAy3mKccjsKAL0el3BRT9vmGQO4/wrO0zT5pfte28lj2XEinaR8xGOTx1 + NaMd9qoRQNNJGBz5q1naZd6hH9r8qxMu64kLfvFG1jjK89cetABcafMuqWsR + vJWLq5DEjK4HbjvUup6dPFYTyNeyyBVztYjB+vFRXF3qB1S1kaxKyKr7U8xT + uyOee2Kl1O81GSwnSWwMSFeW8xTj8BQBah0u4aGNhfzDKjgEccfSqGnafNLJ + eBbyVNkzKcEfMeOT71fhvtUEMYXTiQFGD5q88VQ0671BJLwxWJkLTMWHmKNp + 4456/WgAutPmTUrKI3krGTzcMSMrhe31qfUdOnisZ5GvZnCoTtJGD7HioLq7 + 1BtSsnexKunm7U8xTuyvPPbFT6jeak9jOktgY0KEFvMU4HrigCa20y4e2iYX + 0ygopwCMDjp0qlp+nzSXF4q3kqFJcEgjLcdTxV22vdUW2iVNOLKEUA+aoyMd + apafd6glxeNHYmQtLlh5ijacdPegAvNPmS/sYzeSsZC+GJGVwvb61Zv9Nnjs + rhzfTOFjY7SRg4HQ8VWvLvUGv7J3sSjoX2r5indleee2Ks397qT2VwsmnlFM + bAt5qnAx1xQA6z0yd7SBxfTKGRTgEYGR0HFVLLT5pLu9QXkqFHUEgjLcdTVu + zvdTW0gVNPLqEUBvNUZGOuKqWV3qCXd60diXZnUsvmKNpx0z3oAL7T5o7uyR + ryVy7sASRleOoq3eaZOlpO5vpmCoxwSMHA6Hiql9d6g93ZNJYlGV2Kr5incc + dM9qt3l7qbWk6vp5RSjAt5qnAx1xQA2w02eSygkW+mQMinaCMDI6Diq1np8z + 399GLyVTGUywIy2V7/SrNhe6kllAkenmRQigN5qjIx1xVazu9QW/vnSxLu5T + cvmKNuF4575oAL/T5o57NWvJXLy4BJGV46irtzplwtvKxv5mARjgkYPH0qlf + 3eoPPZmSxMZWXKjzFO446e1Xbm+1RreVW04qpRsnzVOBjrQBDp2nTy2MEi3s + qBkB2gjA9hxUFrp8z6nexC8lUxiPLAjLZXv9Kn0681JLGBIrAyIEADeYoyPX + FQWt3qC6neyJYlncR7k8xRtwvHPfNABqOnzRPaBryWTfMqjJHyk55HHWr82l + 3CwyMb+Y4U8Ejnj6VQ1K71B5LMy2JjKzKV/eKdx9OOn1q/NfaoYZA2nEAqcn + zV44oAqaXp08unwSLeyxhl+6pGB9OKjg0+ZtUuoheSqUVCWBGWyO/wBKk0u8 + 1GPT4EisDKgXhvMUZ/A1HBd6gNUupFsS0jKm5PMX5QBxz3zQAanp80X2XdeS + yb7iNRuI+UnPI46itF9LuAjH7fMeD3H+FZ2p3eoP9l82xMe24jK/vFO5hnC8 + dM+taL32q7GzppAwf+Wq0AUdJ0+ebToZFvJYwwPyqRgcn2pkWnzHVZ4ReShl + jU78jJz2NP0m81GPToUhsTKgBw3mKM8nsaZFd6gNVnkFiTIY0BTzF4HrnpzQ + Aarp80McBa8lk3TIvzEcE9x7itM6VcY/5CE/5j/CszVbvUJI4BNYmICZCD5i + nJHQcevrWmb/AFX/AKBp/wC/q0AZmjafNPpsMqXksQbd8qkYHzH2oTT5jq8k + P2yUMIQd+RuIz0+lGjXeoRabCkFiZkG7D+Yq5+Y9jQl3qH9rySCxJkMIBTzF + 4GeuelABqunzQ26M15LIDIgwxGBk9enatT+yrj/oIT/mP8Ky9Vu9Qkt0E1iY + gJEIPmK2SDwOPWtT7fqv/QNP/f1aAMvR9PmmsEkS8liBLfKpGOGNA0+b+2TD + 9sl3eQG35G7G7GPpRo93qEVgiQWJmQM3zeYq5+Y9jQLvUP7ZMv2E+b5AGzzF + +7u+9np7YoANX0+aGz3teSyjegwxGOT1rU/sq4/6CE/5j/CsvV7vUJLPbNYm + Jd6Hd5itzngYHrWp9v1X/oGn/v6tAGXpOnzTWhdbyWMb3GFIxwetB0+b+2Fh + +2S7vILb8jdjdjH0o0m71CO0Kw2JlXe5z5irznkYPpQbvUP7YWX7CfM8gjZ5 + i/d3dc9PwoANY0+aGwkke8llAK/KxGDlhWp/ZVx/0EJ/zH+FZesXeoSafIk9 + iYUJXLeYrY+YdhWp9v1X/oGn/v6tAGXpWnzTQSMt5LGBK4wpGDg9fxok0+Ya + vFD9slLGJjvyNw56fSjSrvUI4JBDYmUGVyT5ijBJ5HPpRJd6gdXikNiRIImA + TzF5GeuelAC6xp80GmzSveSyhdvysRg/MPatIaVcYH/Ewn/Mf4Vm6xd6hLps + yT2JhQ7cv5itj5h2FaQv9VwP+Jaf+/q0AZml6fNKlwVvJY9szr8pHJHc+5om + 0+ZdVt4TeSksjkPkZGOw4o0u71COO4ENiZQ0zk/vFGCeo59PWia71A6rbyNY + kSKjgJ5i8g9TnpxQA/VtPnh0+aRryWQKB8rEYPI68Vej0u4KKft8wyB3H+FU + dWvNRk0+ZJrExIQMt5inHI7Cr0d9qoRQNNJGBz5q0AZ2mafNKbvbeSx7J3U7 + SPmIxyeOpouNPmXVLSI3krF1kwxIyuB2+tGmXeoRm78qxMm64ct+8UbWOMrz + 1x61zHiXxjc6Jq9o1zp3zJGzAGUchyV6hT6UBY6zU9OnisJ5GvZZAq52sRg/ + XirUGl3DQxsL+YZUHAI44+lctZeK7nxJo13Mmn+TGh2M3mhscA5xgHvXUwX2 + qCGMLpxYBRg+avPFAFDTtPmkkvAt5KmyZlJBHzHA5PHWi60+ZNSsYjeSsZPN + wxIyuF7cd6NOu9QSS8MViZC0zFh5ijacDjnr9aLq71BtSsXexKunm7V8xTuy + vPPbFAE+o6bPHYzyNezOFQnaSMH2PFTW2mXD20TC+mUFFOARgcdOlQ6jeak9 + jOktgY0KEFvMU4Hripra91RbaJU04soRQD5qjIx1oApWGnzSXF4q3kqFJMEg + jLcdTReafMl/Yxm8lYyM+GJGVwvbjvRYXeoJcXjR2JkZpMsPMUbTjp70Xl3q + DX9i72JR0Z9q+Yp3ZXnntigCzfabPHZXDtfTOFjY7SRg4HQ8U6z02d7OBxfT + IGjU4BGBkdBxTb691J7K4STTyimNgW81TgY64p1ne6mtnAsenl1EagN5qjIx + wce9AFSy0+Z7y9QXkqFHUEgjLcd+KL7T5o7uyQ3krl3IBJGV46iiyu9QW8vW + jsS7M67l8xRtOOme9F9d6g93ZNJYlGVyVXzFO446Z7UAW7vTLhLSZzfTMFRj + gkYOB0PFMsNNnksYJFvpkDIp2gjA46Din3d7qbWkyvp5RSjAt5qnAx1xTLC9 + 1JLGBI9PMihFAbzVGRjrigCvaafM+oX0YvJVMZjywIy2V7/SjUNPmjns1a8l + cvLgEkfLx1HvRaXeoLqF86WJd3Me5fMUbcLxz3zRqF3qDz2ZksTGVlyo8xTu + OOntQBduNMuFt5WN/M2FY4JGDx9Kg03Tp5bCCRb2WMMgO0EYH04qe4vtUa3l + DacVBVsnzVOBjrUGm3mpJYQJFYGRAgw3mKMj1waAIbbT5m1O9iF5KpQR5YEZ + bI7/AEo1HT5ontA15K++ZVGSPlJzyPei2u9QXU710sSzsI9yeYo24HHPfNGo + 3eoO9oZbExlZlK/vFO488cdPrQBfm0u4WJyb+Y4U8ZHp9KqaXp08unwSLeyx + hl+6pGBz24q3NfaoYnDacQCpyfNXjiqml3mox6fAkNgZUC8N5ijPPoaAI4NP + mbVLqIXkoKKhLAjLZ9eO1Gp6fNELXdeSyb541G4jgnPI9xRBd6gNUupFsS0j + Km5PMX5QOhz3zRqd3qEgtfNsTFtnjK/vFO5hnC8dM+tAGk+l3ARj/aE3Q9x/ + hWfpGnzzadDIt5LEGB+VSMDk+1aD32q7GzppHB/5arWfpF5qMenQpDYmVADh + vMVc8nsaAGxafMdWnhF5KGWNTvyNxyeho1XT5oYoS15LJumRcMRxk9Rx1FEV + 3qA1aeQWJMhjUFPMXgZ65o1W71CSKETWJiAmQg+YpyR0HHrQBqf2Vcf9BCf8 + x/hWXo2nzT6bDKl5LEG3fKpGBhj7Vp/b9V/6Bp/7+rWZo13qEWmwpBYmZBuw + /mKufmPY0ACafMdYkh+2ShhCG35G489OnSjVtPmhtkZryWQGRBhiMcnr+FCX + eof2xJILEmQwgFPMXgZ656Uatd6hJbIs1iYl8xDnzFbkHgcetAGp/ZVx/wBB + Cf8AMf4Vl6Pp801isi3ksQLN8qkY4Y1qfb9V/wCgaf8Av6tZej3eoR2KpDYm + VNzfN5ir/EexoABp839smD7ZLu8jdvyN2N2MfSvm+/BW+uVJziRxk9+TX0gL + vUP7ZMv2E+b5GPL8xfu7vvZ6deMV8335JvrgsNpMj5HpyaCon0vp2l3Dafas + L+YZiQ4BHHyj2qDSNPmmtC63ksQ3uMKRjg9elT6dfaoNPtQunFgIkwfNUZ+U + VBpF3qEdoVhsTKu9znzFXnPIwfSgkG0+b+2Fg+2S7jAW35G7G7GPpRrOnzQ6 + fJI95LKAV+ViMHLChrvUP7YWX7CfM8gjZ5i/d3dc9Pwo1i71CXT5EnsTChK5 + bzFbHzDsKANT+yrj/oIT/mP8Ky9K0+aaGVlvJYwJXGFI5wev1Nan2/Vf+gaf + +/q1l6Vd6hHDKIbEygyuSfMUYJPI59KACTT5hq8UP2yUsYmO/I3Dnp9KXWNP + mh06aV7yWULj5WIwfmHtSSXeoHV4pDYkSCJgE8xeRnrnpS6xd6hLp0yTWJhQ + 4y3mK2PmHYUAaK6VcYH/ABMJvzH+FZul6fNKlwVvJY9s7qdpHJHc+5rSW/1X + A/4lp/7+rWbpd3qEaXHk2JlDTuT+8UYY9Rz6etABNp8y6rbwm8lJZHIckZGO + w4p+q6dPDp80jXssgUfdYjB578Uya71A6rbyNYkSKjgJ5i8juc+1P1W81GTT + 5kmsDEhHLeYpxz6CgC9HpdwY1P2+YZA7j/Cs7TdPmlN3tvJY9k7qdpHzEY5P + ua0I77VRGoGmkjA581az9Nu9QjN35ViZN07lv3ijaxxleeuPWgAuNPmXU7SI + 3krF1kwxIyuB2+tS6np08VhPI17LIFXO1iMH68VFcXeoNqdpI1iVkVZNqeYp + 3ZHPPbFS6neajJYTpLYGNCvLeYpx+AoAswaZcNBGwv5lyoOARxx9Ko6dp80k + t4FvJU2TFSQR8xx1PHWr0F9qggjC6cWAUYPmqM8VR0671BJbwxWJkLTEsPMU + bTjp70AF1p8yalYxG8lYyebhiRlcLnjjvU+oabPHYzyNezOFRjtJGDx0PFQX + V3qDalYu9iVdPN2r5indleee2Kn1C91J7GdJNPMaFGBbzFOBjrigCW10y4e2 + hcX0yhkU4BGBkdOlU7DT5pLm8VbyVCkmCQRluOpq5a3uprbQqmnFlCKAfNUZ + GOtU7C71BLm8aOxLs0mWHmKNpx096AC80+ZL6yjN5KxkZ8MSMrgdvrVm+02e + OyuHN9M4WNjtJGDgdDxVa8u9Qa+snexKOjPtXzFO7I557YqzfXupvZXCyaeU + UxsC3mqcDHJxQAtlps8lnA4vpkDRqcAjAyOg4qrZafNJe3qC8lQxsoLAjLZH + firVle6mtnAsenl1EagN5qjIwMHHvVWyu9QS9vWjsS7Oy7l8xRtOOme9ABfa + fNHdWSNeSuXcgEkZXjqOKuXemXCWszm+mYKjHBIwcDp0qnfXeoPdWTSWJRlc + lR5inccdM9quXd7qbWsyvpxRSjAnzVOBjrigCOw02eSxgkW+mQMinaCMDjoO + Kr2mnzPqF9GLyVTGY8sCMtle/wBKsWF7qSWMCR6eZFCKA3mqMjHXFV7S71Bd + QvnSxLu5j3L5ijbheOe+aADUNPmjms1a8lffKACSPl46j3q9caZcLbysb+Zg + FY4JGDx9Ko6hd6g81mZLExlZQVHmKdxx09qu3F9qjW8obTioKtk+apwMdaAI + NN06eWwgkW9ljDKDtBGB9OKhttPmbU7yIXkqlBHlgRlsjv8ASptNvNSSwgSK + wMiBRhvMUZHrioba71BdTvHSxLOwj3J5ijbgcc980AGpafNE1puvJZN86qMk + fKTnke9aEul3Aicm/mOFPGR6fSs/UrvUHa082xMe2dSv7xTubnA46Z9a0Jb7 + VDE4OmkDaefNXjigCnpenTy6fBIt7LGGX7qkYHPbio4NPmbVbmEXkoKohLgj + Jz2P0qTS7zUY9PgSGwMqBeG8xRnn0NRwXeoDVbmRbEtIyIGTzF+UDoc980AG + qafNELXdeSyb541G4jgnPI46itJ9LuApP2+Y8HuP8KzdUu9QkFr5tiYts8ZX + 94p3MM4Xjpn1rSe+1XY2dNI4P/LVaAM/SNPnm06GVbyWIMD8qkYHJ9qbFp8x + 1aaEXkoZY1O/I3HJ6dKdpF3qMenQpDYmVADhvMVc8nsabFd6gNWmkFiTIY1B + TzF4GeuelABqunzRRQlryWTdMgwxHBJ6/UVqf2Vcf9BCf8x/hWXqt3qEkUIm + sTEBMhB8xTkg8Dj1rU+36r/0DT/39WgDL0bT5p9OilS8liB3fKpGBhj7ULp8 + x1h4ftku4Qht+Ruxu6fSjRrvUItOiSCxMyDdhvMVc/MexoW71D+2HlFiTIYQ + CnmLwN3XPT8KADVtPmhtlZryWUGRBhiMcnr0rU/sq4/6CE/5j/CsvVrvUJLZ + VmsTEvmIc+Yrcg8Dj1rU+36r/wBA0/8Af1aAMvSNPmmslkW8liBZhtUjHBPt + R/Z839s+R9sl3fZ92/I3Y34x06d6NIu9QjslSGxMq7m+bzFXuc8H0o+16h/b + Pm/YT5v2fHl+Yv3d+d2enXjFABq+nzQ2RdryWUblG1iMckVqf2Vcf9BCf8x/ + hWXq93qElkVmsTEu5fm8xW5yMcD1rU+36r/0DT/39WgDL0nT5prVnW8liHmO + MKRjg9elDafMNYSH7ZLuMJbfkbsbun0o0m71CO1ZYbEyrvc58xV5zyMH0oa7 + 1D+2ElNifM8kjZ5i9N3XPT8KADWdPmg06WV7yWUAr8rEYOWHtWp/ZVx/0EJ/ + zH+FZes3eoS6dKk9iYUJXLeYrY+YdhWp9v1X/oGn/v6tAGXpWnzSwyst5LHi + VxhSOSD16dTRJp8w1aGH7ZKWaJjvyNwwelGlXeoRwyiGxMoMrknzFGCTyOfS + iS71A6tDIbEiQRMAnmLyM9c9KAF1fT5odOmle8llCgfKxGDyPatFdKuNo/4m + E/5j/Cs7V7vUJNOmSaxMSEDLeYrY5HYVorf6rtGNNP8A39WgDN0vT5pVuSt5 + LHtndTtI5I7n3NE2nzLqttCbyUsyOQ5IyMdh9aNLu9QjW58qxMu6dyf3ijax + 6jnrj1omu9QOq20jWJEio4CeYvzA9TntigCTVdOnh0+eRr2WQKPusRg89+Ku + RaXcGNCL+YZA4yP8Kp6reajJp86TWBiQjlvMU459BVyK+1QRoBppIwOfNWgD + P03T5pWu9t5LHsndTtI+YjHJ9zRc6fMup2cRvJWLiTDEjK4Hb60abd6gjXfl + WJk3TuW/eKNrHGV5649aLm71BtTs5GsSrqJNqeYp3ZHPPbFAE2padPFYTyNe + yyBVJ2sRg/XirEGl3DQRsL+YZUHAI44+lV9SvNSksJ0lsDGhU5bzFOB9BViC + +1QQRhdOLAKMHzVGeKAKOnafNJNeBbyVNkpBII+bjqeOtF3p8yajYxG8lYye + ZhiRlcL2470add6gk14YrEyFpSWHmKNpx096Lu71BtRsXexKOnmbV8xTuyvP + PbFAE+oabPHYzyNezOFRjtJGDx0PFS2umXD2sLi+mUMinAIwMjp0qLUL3Uns + Z0k08xoUYFvMU4GOuKltb3U1tYVTTi6hFAPmqMjHWgCnY6fNJc3ireSoUkAJ + BGW46mi80+ZL2yjN5K5kZwGJGVwO3FFjd6glzeNHYl2aQFh5ijacdPei8u9Q + a9snexKMrPtXzFO7I557YoAtX2mzx2Vw5vpnCxudpIwcA8Hiiy02eSzgcX0y + Bo1OARgZA4HFF9e6m1lcLJp5RTG4LeapwCDk49qLK91NbOBY9PLqI1AbzVGR + gYOPegCrZafM97exi8lQxsoLAjLZHfii/wBPmjurJGvJXLyEAkjK8dRRZXeo + Le3rpYl2dl3L5ijbgcc980X13qD3Vk0liUZZCVHmKdxx0z2oAuXWmXCWszm+ + mYKjHBIwcDp0qPT9NnksYJFvZkDIp2gjA46DipLq91NrWZX04qpRgT5qnAx1 + xUen3upJYwJHp5kQIoDeaoyMdcUAV7TT5n1G+iF5Kpj8vLAjLZXv9KNQ0+aO + azVryV98oAJI+XjqOOtFpd6guo3zpYl3fy9y+Yo24XjnvmjULvUHmszJYmMr + KCo8xTuOOntQBeuNMuFgkY38zYUnBIwePpVfTdOnlsIJFvZYwyg7VIwPpxVi + 4vtUMEgbTioKnJ81TgY61X0281KOwgSKwMiBRhvMUZH0NAENtp8zaneRC8lU + oI8sCMtkd/pRqWnzRNaBryWTfOijcR8pOeR70W13qC6neSLYlpGEe5PMUbcD + jnvmjUrvUHa082xMe2dCv7xTuYZwvtn1oA0JdLuBG5N/McA8ZH+FU9K06ebT + 4JFvZYww+6pGBz24q5LfaoY3B00gYPPmrVPSrzUY9PgSGwMqAcN5ijPPoaAI + 4NPmbVbmIXkoKohLAjJz2P0o1TT5olti15LJunRRuI4JzyPcUQXeoDVbmRbE + tIyICnmL8oHQ575o1S71CRbbzbExbZ0I/eKdzDOF46Z9aANJtLuApP8AaE3T + 1H+FZ2kafNNp0MqXksQYH5VIwOT7Votf6rtOdNI4/wCeq1naRd6hHp0KQ2Jl + QA4bzFXPJ7GgBI9PmOrTQ/bJQyxKd+RuOT06Uarp80UMTNeSyZlQYYjjJ69O + ooju9QGrTSCxJkMSgp5i8DPXPSjVbvUJIYhNYmICVCD5inJB4HHrQBqf2Vcf + 9BCf8x/hWXo+nzTadFKl5LEDu+VSMDDGtT7fqv8A0DT/AN/VrL0e71CLTokg + sTMg3YbzFXPzHsaABdPmOsPD9sl3CENvyN2N3T6Uatp80NsrNeSyAyIMMRjk + 9fwoW71D+2HkFifMMIGzzF6buuen4Uatd6hJbKs1iYl8xDnzFbkHgYHrQBqf + 2Vcf9BCf8x/hXzl4oBXVnyc/KP619G/b9V/6Bp/7+rXzl4oJOrPuGPlH9aCo + nongC2kuLWNEneEmORsr1x5mMfTvXa6vp80Nk0jXksoDKNrEY5I9q4rwBPdR + WsbW9v57eXIMbgvHmZzz78V2ur3eoSWTJNYmJdy/N5it3GOB60CZqf2Vcf8A + QQn/ADH+FZek6fNNbMy3ksYEjjCkY4PX8a1Pt+q/9A0/9/VrL0m71CO2ZYbE + yr5jnPmKvJPI59KBA2nzDWEh+2S7jCW35G7G7p9KNY0+aHTpZXvJZQNvysRg + 5YUNd6gdYSU2JEghI2eYvI3dc9Pwo1i71CXTpUnsTCh25bzFbHzDsKANT+yr + j/oIT/mP8Ky9K0+aaGYreSx7ZXGFI5wevTqa1Pt+q/8AQNP/AH9WsvSrvUI4 + ZhDYmUGVyT5ijBJ5HPpQASafMNWhh+2SlmjY78jcMHp0p2r6fPDp00rXksoU + D5WIweR7U2S71A6tDIbEiQRsAnmLyM9c9Kdq93qMmnTJNYmJCBlvMVscjsKA + NBdLuCoP9oTdPUf4Vm6Zp80q3O28lj2zyKdpHJGOT7mtJb/Vdoxpp6f89VrN + 0y71CNbnyrEy7p5C37xRtY4yvPXHrQAT6fMuq20RvJSWRyGJGRjsPrUmq6dP + Dp88jXssgVfusRg89+Kjnu9QOq20jWJWRUcBPMX5gepz2xUmq3moyafOk1gY + kI5bzFOOfQUAXItLuDEhF/MMgcZHp9Kz9N0+aVrsLeSx7J3U7SPmIxyeOtaE + V9qgiQDTiQAOfNXnis/TbvUEa78qxMm6dy37xRtY4yvvj1oALnT5l1OziN5K + xcSYYkZXA7fWptS06eKwnka9lkCqTtYjB+vFQ3N3qDanZyNYlZFEm1PMU7sj + nntiptSvNSewnSWwMaFTlvMU4HrgUAWLfTLhoI2F/MuVBwCMDj6VR0/T5pJr + xVvJU2SkEgj5jjqeOtXre+1QQRhdOLAKMHzVGRjrVHT7vUEmvDHYmQtKSw8x + RtOOnvQAXenzJqNjEbyVjIZMMSMrhe3HerGoabPHYzyNezOFRjtJGDx0PFV7 + u71BtRsXexKOhk2r5indleee2Ksahe6k9jOkmnmNCjAt5qnAx1xQBJaaZcPa + wuL6ZQyKcAjAyOnSqdhp80l1eot5KhSQAkEZbjqauWl7qa2sKppxdQigHzVG + Rjriqdjd6gl1etHYl2aQFh5ijacdM96AC90+ZL2yQ3krl2YBiRlcDtVq902e + Oznc30zhY2OCRg4HQ8VVvbvUGvbJnsSjKzbV8xTuOPXtVq9vdTaznWTTyimN + gW81TgYOTj2oALHTZ5LK3cX0yBo0O0EYGQOBxVWz0+Z729jF5KhjZAWBGWyO + /FWrG91NbK3WPTy6iNAG81RkADBx71Vs7vUFvb10sS7Mybl8xRtwOOe+aAC/ + 0+aO5s1a8lcvIQCSMrx1HFXLrTLhLWZzfTMFRjgkYOB06VTv7vUHubNpLEoy + yEqPMU7jjp7Vcur3U2tZlfTiilGBPmqcDHWgCLT9NnksYJFvZkDIp2gjA46D + ioLTT5n1G+iF5Kpj8vLAjLZXvx2qfT73UksYEj08yIEUBvMUZGOuKgtLvUF1 + G+dLEu7+XuXzFG3C8c980AGoafNHLZhryV98wAJI+U46j3q9PplwsEjG/mbC + k4JHPH0qjqF3qDy2ZksTGVmBUeYp3HHT2q9PfaoYJA2nFQVOT5qnHFAFfTdO + nlsIJFvZYwyg7VIwPpxUNvp8zapdxC8lUoI8sCMtkd/pU2mXmpJYQJFYGRAo + w3mKM/gaht7vUF1S7kWxLSMse5PMUbcDjnvmgA1PT5ojabryWTfOijcR8pOe + Rx1FaEul3Ajcm/mOAeMj/Cs/U7vUJDaebYmPbOhX94p3MM4Xjpn1rQlvtVMb + g6aQCDz5q0AUtK06ebT4JFvZYww+6pGBz24pkOnzNqtxCLyUFUQlwRk57H6U + /SrzUY9PhSGwMqAcN5ijPPoaZDd6gNVuJFsSZGRAU8xeAOhz70AGqafNEtvu + vJZN06KNxHBPce4rSbSrjaf+JhP+Y/wrN1S71CRbfzrExbZ0I/eKcsOg49fW + tJr/AFXB/wCJaf8Av6tAGdpGnzzadDKt5LEGB+VSMDk0kenzHV5oftkoYRKd + +RuPPSl0i71CPToUhsTKgBw3mKueT2NJHd6gNXlkFiTIYlBTzF4GeuelABqu + nzQwxM15LJmVBhiOMnr9RWp/ZVx/0EJ/zH+FZeq3eoSQxCaxMQEqEHzFOSDw + OPWtT7fqv/QNP/f1aAMvR9Pmm0+ORLyWIEt8qkYGGNC6fN/bDQ/bJdwhDb8j + djd0+lGj3eoR6fGkFiZkBbDeYq5+Y9jQt3qH9sNJ9hPmeSBs8xem7rnp+FAB + q2nzQ2odryWQb0GGIxyevTtWp/ZVx/0EJ/zH+FZerXeoSWqrNYmJd6HPmK3O + eBgetan2/Vf+gaf+/q0AZekafNNZB0vJYhuYbVIxwfpR/Z839siD7ZLu8jdv + yN2N2MdOnejSLvUI7ILDYmZdzfN5irznkYPpR9r1D+2RL9hPm/Z8eX5i/d3f + ez068YoANY0+aGxaR7yWUBl+ViMckVqf2Vcf9BCf8x/hWXrF3qEtiyTWJhTc + vzeYrdx2Fan2/Vf+gaf+/q0AZek6fNNbOy3ksYEjjCkY4PX8asQWslvrsavO + 837ljl+vXGKr6Td6hHbOsNiZVMjnPmKvJPI59KsQT3U2uxm4t/IPksMbg3Ge + vH5UAdLRRRQAUUUUAFFFFABRRRQB/9L915r+xOsW8wnQosbgtuGAT70/WdQs + ZtMnjiuEd2AwAwJPIpZrS1Gs20YhQKY3JG0YJ+mKdrVpaR6XcPHCisAMEKAe + o9qALseqacI1BuY+AP4hWZpN/ZRfbPMnRd9zIwywGQcYI9q147GyMaE28fQf + wD/CsvSLS1k+274UbbcyAZUHAGOBx0oAZc39i2r2cqzoURZATuGBkcZqXVtR + sJdNuI47iNmZcABgSabc2lqNYs4xCgVkkyNowcDuKm1eztE024dIEVgvBCgE + fpQBYg1PTlgjU3MYIUfxD0rO0zULGOS9Mk6KHnZlywGRgcitWCxsjBGTbxkl + R/APT6VnaXaWryXweFG2zsBlQcDA4HFAEd3qFi+q2EqzoUTzdxDDAyoxmp9T + 1Gwl0+4jjuI2ZkIADAkmmXlparq2nosKBXEuQFGDhRjPFT6pZ2aadcOkEasE + JBCgEfpQA+01PT1tYVa5jBCKCCw64qjpt/ZR3N80k6KHlypLDkY6itK0srJr + SFmgjJKKSSg9PpVDTbS1e5vw8KMFlwMqDgY7UAMvdQsX1GwkSdCqNJuIYYGV + 4zVrUNS0+SwuUS4jZmjcABhkkiob60tV1LT0WFArtJkBRg4XvxVrUbKzTT7l + lgjDCNyCFAIOPpQA2x1LT0srdHuYwyxoCCwyCAKp2F/Yx3t+7zoqu6lSWGCM + dq0LGys2srdmgjJMaEkqMk4HtVPT7S1a+v1aFCFdQAVGB8vbigCPUL+ykvbB + 0nRlR2LEMMAY71cvtS097K4RLmMs0bgAMMkkGq2oWlql7YKsKANIwICjnjvx + V2+srNbK4ZYIwRG5BCjIOD7UAQ6dqVhHYW8b3EassaggsMggVVsr+yTUdQke + dAshj2ksMHC84q7ptnZvp9szwRsxjUklQSTj6VVsbS1bUtQRoUKoY8AqMDK9 + qAGalqFjJcWLRzowSXLEMOBjqav3Wp6c1rMq3MZJRgAGHpVTUrS1S5sQkKKG + mwcKBkY71fu7KyW1mZbeMEI2DsHp9KAKemajYRafbxyXEasqAEFgCDUFpf2S + arfytOgRxFtJYYOF5xVvS7OzfTrd3gjZigJJUEn9Kr2lpatq2oI0KFVEWAVG + BleccUAM1S/spZLIxzowSdWbDA4Azya0Z9T05oJFFzGSVP8AEPSqOq2lqkli + EhRd1woOFAyOeDxWlPY2QgkIt4wQp/gHp9KAM/SdRsItNt45biNWVeQWAIqK + 31CxXV7uVp0COkYB3DBwOcVZ0eztJNMt3eBGYrySoJP6VFbWlqdYvIzChVUj + wNowMjsKAI9Vv7GX7H5c6NsuY2OGBwBnJPtWnJqmnFGAuY+h/iFUNXtLVPsW + yFF3XMYOFAyDng8dK1JLGyCMRbx9D/AP8KAMrRtQsYdMgjluER1ByCwBHJpk + N/YjWLiYzoEaNAG3DBI96m0W0tJNLt3khRmIOSVBPU+1NhtLU6zcxmFCojQg + bRgH6YoAj1e/spYrcRToxWeNjhgcAdTWsdU03H/H1H/32KzNZtLWOK3McKKT + PGDhQMgnpWubGxx/x7x/98D/AAoAxdDv7GHS4Ipp0R13ZBYAj5jQmoWI1qWY + zp5ZhUBtwxnd0zUmhWlrLpUDyQo7HdklQT94+1Edpa/25LH5KbBApxtGM7uu + KAI9Y1Cxmto1inRyJUOAwPAPJrW/tXTf+fqP/vsVm61aWsdtGY4UUmWMcKBw + T9K1/sNj/wA+8f8A3wP8KAMTRL+yh05I5p0Rgz8FgDyxoGoWP9uGbz08v7OF + 3bhjO/OM0/QrS1k05HkhRmLPyVBP3j7UotLX+3Wi8lNn2cHbtGM7+uMUAR61 + f2U1lsinR23ocBgTgGtb+1dN/wCfqP8A77FZmuWlrHY7o4UU705CgHr9K2Ps + Nj/z7x/98D/CgDE0bULGGzKSzojeY5wWA4JoOoWP9uLN56eX9nK7twxndnGa + k0S0tZLItJCjHzHGSoPQ0NaWv9urH5KbPs5O3aMZ3dcUAR63qFjNpskcU6Ox + KcBgTwwrW/tXTf8An6j/AO+xWbrtpax6bI8cKIwKchQD94Vr/YbH/n3j/wC+ + B/hQBiaPqFjDbyrLOiEyuQCwHBPBokv7I61DMJ08sQsC24YznpmpNGtLWS2l + MkKMRNIOVB4BpJLS1GtwxiFNhhY42jGc9cYoAbreoWM2lzxQzo7ttwAwJPzC + tQappuB/pUf/AH0KztdtLWLSp3jhRGG3BCgH7w9q1hY2OB/o8f8A3wP8KAMX + SL+yijuRLOilp5GGWAyD0NE2oWLaxbSidCixuC24YBPvT9HtLWSO5MkKNi4k + AyoOAMcdKWe0tRrNtGIUCmNyRtGCfpigBNY1Cxm0yeOK4R3YDADAk8itCPVN + OEag3MfAH8QqnrVpaR6XcPHCisAMEKAeo9q0I7GyMaE28fQfwD/CgDI0q/sY + jeeZOi77mRhlgMg4wR7V5L8TriC51m2e3kWRRbgEqcjO9q9d0m0tZDe74Ubb + cyAZUHAGOBx0ryT4oQxQ61arCioDbg4UAfxt6UFRNLwNcQR+F9SgeRVkeU7V + J5Pyr0FerW+p6csEatcxghQD8w9K8r8Cwwv4W1OVkUuspwxAyPlXoa9Zt7Gy + NvETbxklV/gHp9KBMytMv7GOW9Mk6KHnZlywGRgcii7v7F9U0+VZ0KR+buIY + YGVGM/WpNLtLV5b4PCjBZ2AyoOBgcCi8tLVdV09FhQK/nZAUYOFGM8UCJNT1 + Gwk0+4jjuI2ZkYABgSTiprTU9PW1hVrmMEIoILDrim6pZ2aadcukEasEYghQ + COPpU1pZWTWkLNBGSUUklB6fSgDN06/so7m+Z50UPLlSWHIx2ovr+yfUbCRJ + 0KxtJuIYYGV4zT9NtLV7q/V4UYLLgAqDgY7cUX1parqOnosKBXaTICjBwvfi + gCfUNS0+SwuUS4jZmjcABhkkinWOpaellbo9zGrLGgILDIIAp2o2Vmmn3LLB + GGEbkEKAQcfSnWFlZtY27NBGSY0JJUZJwPagDPsL+xS+v3edFV3UqSwwcL2o + 1DULGS8sXSdGVJGLEMOBjvUmn2lq19fq0KEK64BUYHy9uKNQtLVL2wVYUAaR + gQFHPHegCze6lp72c6JcxlmjYABhySKj07UrCOwt45LiNWWNQQWGQcVYvrKz + WyuGWCMERuQQo44PtUem2dm+n2zPBGzGNSSVBJ4+lAFKyv7JNS1CR50CyGPa + SwwcLzijUr+ykuLFo50YJLlsMOBjqafY2lq2p6gjQoVQx4BUYGV5xRqdpapc + WISFFDTAHCgZGO/FAFy61PTmtpVW5jJKMANw9Kr6XqNhFp1vHJcRqyoAQWAI + q5dWVkttMRbxghG52D0+lV9Ks7R9Ot3eBGYoMkqCT+lAFS01CxXVb6Vp0COI + tpLDBwvOKNU1CxleyMc6NsnVmwwOAM8mpLS0tW1a/RoUKqIsAqMDKnOOKNVt + LVJLLZCi7rhAcKBkc8HigC7NqenNDIouYySp/iHpVPSNQsYtNt45biNWVeQW + AI5rRnsbIQyEW8YIU/wD0+lUdHs7STTLd5IEZivJKgk8/SgCvb39kur3crTo + EdIwDuGDgc4NGrahYyi08udG2XEbHDA4Azkn2p9taWp1i8jMKFVSPA2jAyOw + pdXtLVBZ7IUXdcxg4UDIOeDx0oA0H1TTSjAXMfQ/xCs3RtQsYdMgjluER1By + CwBHJrWexstjf6PH0P8AAP8ACs3RLS0k0u3eSFGYg5JUE9T7UAQw39iNZuJj + OgRokAbcMEg+tGsX9jLDAIp0crNGxwwOADyakhtLU61cRmFCoiQgbRgHPpik + 1m0tY4bcxwopM8YOFA4J6UAaf9q6b/z9R/8AfYrJ0K/soNKgimnRHXdkFgCM + sa2/sNj/AM+8f/fA/wAKx9BtLWXSYHkhR2O7JKgn7x9qAGJf2I1uSYzp5ZhC + htwxnd0zRrN/YzWqLFOjkSocBgeAeaelpa/25LH5KbBApxtGM7uuKXWrS1jt + UaOFFPmoMhQOCfpQBpf2rpv/AD9R/wDfYrJ0TULGHT0jlnRGDPwWAPLGtv7D + Y/8APvH/AN8D/CsjQ7S1k05HkhRm3PyVBP3j7UARi/sf7cM/np5f2fbu3DGd + +cZ9a+aNQIa/uWU5Blcg/wDAjX02LS1/t4xeSmz7NnbtGM7+uMda+ZNQAF/c + gDAEr/8AoRoKifUGm6npy6daq1zGCIkBG4f3RVbRb+yhsyks6I3mOcFgOCau + 6bZWR061Jt4yTEn8A/uj2qrolpayWZaSFGPmOMlQe9BIxr+y/txJvPTyxAV3 + bhjO7OM0a5f2U2myRwzo7ErgBgTwwp7Wlr/bqR+Smz7OTt2jGd3XFGu2lrHp + krxwojApyFAP3hQBp/2rpv8Az9R/99isnR7+xhglWWdEJmcjLAcE8Gtv7DY/ + 8+8f/fA/wrI0a0tZLeYyQoxE0gGVB4B+lAEcl/YnWoZhOmwQsC24Yznpml1v + ULGbS54op0d2C4AYEn5hT5LS1GtwxiFNhhYkbRjOfTFLrlpax6VO8cKIwC4I + UA/eHtQBoLqmm7R/pUf/AH2KytIv7KJLkSzou64kYZYDIOMGtlbGx2j/AEeP + p/cH+FZOj2lrIl15kKNtuJAMqDgDHFADJ7+ybWLaYToUWNwW3DAJ96k1jULG + bTZ44rhHZl4AYEnmkntLUazaxiFAhjckbRg/hUms2lpHplw8cCKwXghQCOR7 + UAXItU04RoDcx5AH8QrM0q/sYjeeZOi77iRhlgMg4wR7VrxWNkYkJt4+g/gH + +FZmk2lq5vd8KNtuZAMqDgDHA46UAR3N/Ytq1lKs6FEWTcdwwMjjNTarqNhL + p1xHHcRszKQAGBJpt1aWo1eyjEKBWWXI2jBwO4xUur2domm3DpAisEOCFAI/ + SgCe31PTlt4la5jBCqCNw9Kz9Mv7GOa9Mk6KHmZlywGRjqK1LaysjbxE28ZJ + Rf4B6fSs7S7S1ea+DwowWdgMqDgY6CgBl5f2L6pp8qzoUj83cQwwMrxn61Y1 + LUbCTT7iOO4jZmRgAGBJOKjvLS1XVdORYUCv5uQFGDheM8VY1Ozs0065dII1 + YRsQQoBHH0oAdaanp6WkKtcxghFBBYcHFUdOv7GO6vmedFDy5UlhyMdq0rOy + smtIGaCMkopJKD0+lUdNtLV7q/V4UYLLgAqOBjtxQBHfX9k+oWEiToVjZ9xD + DAyverWoalp8lhcolxGzNG4ADDJJBqC/tLVdR09FhQKzPkBRg/L3q3qNlZpp + 9yywRgiNyCFGQcH2oAZYalp6WNuj3EassaAgsMggCqlhf2SX1+7zoqu6lSWG + Dgdqv2FlZvYWzNBGSY0JJUZJ2j2qnp9patf6grQoVV0wCowPl7UAM1C/sZLu + xdJ0ZUkJYhhwMd6u3mp6e9nOiXMZZo2AAYckiq2o2lql5YKkKANIQQFHIx34 + q7e2VmtnOywRgiNiCFHofagCvp2pWEdhbxyXEassaggsAQcVWs9QsU1LUJGn + QLIY9pLDBwvOKu6bZ2b6fbM8EbMY1JJUEnj6VWsrS1bU9QRoUKoYsAqMDK84 + 4oAj1K/spJ7Fo50YJMC2GBwMdTV+51PTmtpVW5jJKMANw9Kp6naWqXFiEhRQ + 0wBwoGRjoeK0LqysltpiLeMEI3Owen0oAp6XqNhFp1vHJcRqyoAQWAIqC11C + xXVb6Vp0COItpLDBwOcVa0qztH023d4EZigySoJP6VDaWlq2rX6NChVRFgbR + gZBzigCPVNQsZXsjHOjbLhGbDA4Azya0ptU04wuBcxklT/EPSqOq2lqj2WyF + F3XCA4UDI54NaU1jZCGQi3jBCn+Aen0oAzdI1Cxi023jluI1ZV5BYAjmo7e/ + sl1e7madAjJGAdwwSOtWNHs7STTLd5IEZivJKgk8/Sore0tTrN3GYUKqkeBt + GBn2xQAzVr+ylW08udG2XEbHDA4Azk1qPqmmlGAuY+h/iFZ2sWlrGtpshRd1 + zGDhQMg54PFar2Nlsb/R4+h/gH+FAGTouoWMOmQRyzojqDkFgCOTTYtQsRrM + 8xnQI0SgNuGCQemal0S0tJNLgeSFGYg5JUE/ePtSRWlqdanjMKbBEhA2jGc+ + mKAI9X1CxlhgEU6OVmjJwwOADya1v7V03/n6j/77FZusWlrHDAY4UUmeMHCg + cE9K1/sNj/z7x/8AfA/woAxNDv7GDS4Ypp0RxuyCwB5Y0Jf2Q1uSYzp5ZgC7 + twxnd0zT9BtLWXSoXkhR2O7JKgn7x9qEtLX+3JI/JTYIAcbRjO7rigBms39j + NaosU6ORIhwGB4BrW/tXTf8An6j/AO+xWZrVpax2iNHCinzUGQoHBP0rY+w2 + P/PvH/3wP8KAMTRb+xhsFjlnRG3OcFgDyxo/tCx/tzz/AD08v7Nt3bhjO/OM + +tSaHaWsmnq0kKM25+SoJ+8aPslp/b3leSmz7NnbtGM78Zx60AR61qFjNYlI + p0dt6HAYE8MK1v7V03/n6j/77FZut2lrHYFo4UVt6chQD94Vr/YbH/n3j/74 + H+FAGJo2oWMNoySzojeY5wWA4Joa/sjraTeenliAru3DGd3TNSaLaWslmzSQ + ox8xxkqDwD9KRrS1/t1I/JTYbcnG0Yzu64xQAzXL+ym0yWOGdHclcAMCeGFa + 39q6b/z9R/8AfYrM120tYtLleOFEYFMEKAfvD2rY+w2P/PvH/wB8D/CgDE0e + /sYoJllnRCZpCMsBkE8GiXULE6zDMJ0KCJgW3DAOemak0a0tZIJjJCjETSAZ + UHgHp0oltLUa3BGIU2GFiRtGM59KAGa3qFjNpc8UU6O7AYAYEn5hWi2saVFE + ZJbyJERcszOAAAOSST2qlrlpaR6VO8cKKwC4IUA/eHtX55ftHfGkeI9Sn8C+ + EWWHR7Jil1NEADdSr95dw/5ZKeMdGPPIxXDmGPhh6fPL5I8zNc0p4Sl7Se/R + dz1Lxz+1dpXhp73SPAdqmr3ZnkP2uUn7KuTj5AuGk+uVHoWr5Q8RfG/4p+J7 + k3N/4huYOoVLVvsqKp/hxFtJH1J968profDvhLxN4tuvsXhrTLjUpehEMZYL + /vN0Ue5Ir4TEZpiK8rXfoj8wxedYvEytzP0X9akcvinxNMSZtXvJM9d1xIf5 + tSf8JP4k/wCgtd/9/wCT/GvV/wDhm74zLbm6l0DykXk7rq2Bx9PNzVgfsyfG + lgGGhJg8/wDH3bf/ABysvqmJ/ll9zMP7Pxn/AD7l9zPHx4l8Rrnbqt2MnJxP + J1/Og+JfEZIY6rd5HQ+fJx+tW9e8Jar4aunsdWe2W4jYoyRXMVwVZeobyWfH + 44rAEB7mvosu4IzrFLmo4eVu791ffJo8bEZjGlJxqTs+xqHxL4jYFW1W7IPY + zyf40o8TeJAMDVbv/v8Ayf41l+R/tUnkNnG4fj/+qu/E+G2f0o80sO36OL/B + NsxhnNJ6Kp+ZqDxL4jXJXVbsZ5P7+Tn9aQ+JfEZIY6rdkr0PnycfrXaeFfg/ + 458bQtN4Wt7bUNgyyJe2wkUHu0bSBwPqBXUv+zV8ZY5Y4X0NQ8udo+123O0Z + P/LSvk62XYynJwqU5Jro00e3RwuJqRU6cZNPqk2eRnxN4jYFW1W7IPrPJ/jQ + PE3iQDA1W7AH/TeT/GvXpf2Z/jPDG0smhqFQZP8Apdt0H/bSlT9mX40SIsia + EhVgCP8AS7bof+2lZfVMT/LL7maf2fjP+fcvuZ5APEviNSSuq3YJ6/v5Of1o + PiXxGSCdVuyR0/fycfrXrcX7NXxlmeSOPQ1LRHDf6XbcH/v5Syfs1fGWKSOJ + 9DUNKSFH2u25x/20o+qYn+WX3MP7Pxn/AD7l9zPIz4m8SEEHVbsg/wDTeT/G + geJvEgAA1W7AH/TeT/GvXpP2ZvjPFG0smhIFQEn/AEu26D/tpSx/szfGeWNZ + U0JCrgEf6XbdD/20o+qYn+WX3MP7Pxn/AD7l9zPIB4l8RgkjVbsE9f38nP60 + h8S+I2ILardkjp+/k4/WvXY/2avjLLJJEmhqWiIDD7XbcZ5/56Ukv7NXxlhe + OOTQ1DSnC/6Xbcn/AL+UfVMT/LL7mH9n4z/n3L7meSHxN4kIwdVuyD/03k/x + oHibxGoCrqt2APSeT/GvX3/Zm+NEaNI+hIFUEn/S7boP+2lJF+zP8Z5o1lj0 + NSrjI/0u26H/ALaUfVMT/LL7mH9n4z/n3L7meQjxL4jBLDVbsE9T58nP60Hx + L4jbBbVbs45H7+Tj9a9bT9mr4yySyQpoal4sbh9rtuN3I/5aUsv7NXxlhaNZ + NDUGRtq/6Xbcn/v5R9UxP8svuYf2fjP+fcvuZ5IfE3iQjB1W7/7/AMn+NIPE + viNQFXVbsAdhPJ/jXsDfsy/GhFLtoSYUZP8Apdt2/wC2lMi/Zo+M08azRaGp + VxkH7Xbf/HKPqmJ/ll9zD+z8Z/z7l9zPIh4l8Rglhqt3k9T58nP60HxL4jbG + 7Vbs4ORmeTr+deuJ+zV8ZXmkgXQ1Lx4LD7XbcZ6f8tKSb9mr4ywFBLoajzGC + L/pdtyT0/wCWlH1TE/yy+5h/Z+M/59y+5nkv/CTeJDwdWu/+/wDJ/jSL4l8R + qNq6rdgDsJ5P8a9gP7MnxpUFjoSYHP8Ax923/wAcpkP7NPxmuIlmi0NSjcg/ + a7Yf+1KPqmJ/ll9zD+z8Z/z7l9zPIR4l8Rhiw1W7yep8+TP86U+JfEbY3ard + nByMzydfzr1xf2avjK0z266Gu9ACR9rtuh6f8tKSb9mr4y24Qy6Go3sEH+l2 + x5PT/lpR9UxP8svuYf2fjP8An3L7meS/8JP4l/6C13/3/k/xp0PirxRbkG31 + i8iI6bbiRf5NXrx/Zj+NIGToScf9Pdt/8cqmf2cfjIbYXUXh/wA2Ns/cubcn + j28zNH1TE/yy+5h9Qxi+xL7mZ3hr48fFXwvdC6tdenvRgBo70/alZR/CTJlg + P91ga+uvAv7Uvh/xkLXRfF8C6HqRmjxMGzaSEHn5m5jPsxI/2s8V8A674b8Q + eGLz+z/EWnT6bcdQk8bRkj1XI5HuOKxK3wua4ihK17rszpwWe4vDStzNrs/6 + 0P3RGq6aeRdRf99isnQ7+xh0yGOadEcFsgsAeWNfD37MvxnRL23+G/jEpNDc + EJp1zKAWR+0DMeqt0QnkH5ehG37l0K0tZNLheSFHYl8kqCfvH2r7vA42Fenz + w/4Y/UMszKniqSqQ+a7MjXULEa283np5ZgC7twxnd0zRrN/YzWirFOjkSIcB + geAakW0tf7cePyU2CAHG0Yzu64xRrVpax2iNHCinzEGQoHBP0rsPQNL+1dN/ + 5+o/++xXzT4pIOrOQc/KP5mvpv7DY/8APvH/AN8D/CvPoPA+i65H/aF40qys + WU7GAGFJA4INA0zN+Hlzb29tE88ioPKkXLEDnzM4/Ku41rULGawaOKdHYsnA + YE8MKo6VoGnaPqS6bbp5kK25f95hjuL9elaWuWlrHp7NHCituTkKAfvCgGaX + 9q6b/wA/Uf8A32KydGv7GG0ZZZ0QmRzgsBwTW39hsf8An3j/AO+B/hWRotpa + yWjtJCjHzHGSoPAP0oERvf2R1uOYTp5YgK7twxnd0zRrmoWM2mTRwzo7nbgB + gTwwp72lr/bkcfkpsMBONoxnd1xS67aWselzPHCiMCmCFAP3h7UAaX9q6b/z + 9R/99isnR7+yhhmEs6ITNIRlgMgng1t/YbH/AJ94/wDvgf4Vj6NaWskE5khR + iJpAMqDwD0oAZLf2J1mCYToUWJgW3DAJPTNO1rULGbTJ44p0d2AwAwJPIp0t + pajWoIxCmwxOSNoxnPpil1u0tI9LneOFFYAYIUA/eHtQBfXVNN2j/SY+n94V + l6TqFjEt35k6LuuJGGWAyDjBrZSxsdo/0ePp/cH+FZWkWlrIt3vhRttxIBlQ + cAY46UARz39i2r2sqzoUVHBO4YBPTmpNX1Cxl02eOK4jdmXgBgSeaLi0tRrF + pGIUCskhI2jBx7YqTWbS0j0y4eOBFYLwQoBHP0oAtQ6ppwhQG5jBCj+IelZu + lX9lE175k6LvuHZcsBkHHIrWhsbIwxk28ZJUfwD0+lZmk2lq73u+FG23DgZU + HAGOBQAy6v7FtWsZVnQogl3EMMDI4zU+qajYS6dcRx3EbMyEABgSajurS1XV + 7FFhQKwlyNowcDjIqfVbO0TTbh0gRWCHBCgEfpQBNbanpy28StcxghFBG4el + Z+m39jHPetJOih5iVywGRjqK1LaysjbRE28ZJRf4B6fSs/TLS1ee+DwowWYg + ZUHAwOBxQBHe39k+p6fIk6FIzLuIYYGV4zVnUtRsJNPuI47iNmaNgAGGScVD + e2lquqaciwoFcy5AUYOF4zxVrU7OzTT7l0gjVhGxBCgEcfSgAs9S09LOBHuY + wyxqCCw4IFUtPv7KO7vnedFDyAqSw5GO1aNlZWbWcDNBGSY1JJUeg9qo6daW + r3l+rwowWQAAqOBjtxQAy+1Cxe/sHSdGVHcsQwwMr3q3f6lp72NwiXEbM0bg + AMMkkGoL+0tVv9PVYUCs75AUYPy96t6hZWa2FyywRgiNyCFGQdp9qAI7DUtP + Swtke4jVljQEFhkEAVUsb+xS/v5HnQK7IVJYYOF7Vf0+ys3sLZmgjJMSEkqM + k7R7VUsLS1bUNQVoUKqyYBUYHy9qAI9Rv7GS6sWSdGCSEsQw4GO9XbzU9Pe0 + nRbmMlkYABhySKq6laWqXdgqQooaUggKBkY78VfvLKzWznZYIwRGxBCj0+lA + FXTdRsI9Pt45LiNWVFBBYAg4qvZ39imqahK06BJPK2ksMHC84q5plnZvp1s7 + wRsxjUklQSePpVaytLVtV1FGhQqnlYBUYGV5xxQAzU9QsZJrIxzowSYFsMDg + YPJrQuNT05reVVuYySrADcPSqeqWlqk1iEhRQ04BwoGRg8GtC5srIW8pFvGC + Eb+Aen0oAo6VqNhFp1vHJcRqyoAQWAIqG1v7JdWvZWnQI6x7TuGDgc4q1pNn + aPptu7wIzFBklQSf0qC1tLVtXvozChVViwNowMjsMUAM1W/spWsvLnRtlwjN + hgcAZyTWlLqmnGJwLmMkqf4h6VQ1a0tUay2Qou65jBwoGQc8HitOaxshE5Fv + H90/wD0+lAGbo+oWMOmwRy3CIyryCwBHNRwahYrrF1KZ0CNGgDbhgke9T6Na + WkmmW7yQIzFeSVBJ5PtTILS1Os3UZhQqsaEDaMDPtQBHq2oWMqWojnRttxGx + wwOAM5Narappu0/6TH0/vCs7V7S1jS12Qou64jBwoGQc8VqtY2O0/wCjx9P7 + g/woAx9E1Cxh0uCKWdEdQcgsAR8xpIr+yGtTTGdNhiUBtwxnPTNS6HaWkmlQ + PJCjMQ2SVBP3j7U2K0tTrc8ZhTYIVIG0Yzn0xQAzWL+ymghWKdHImQnDA8A8 + mtb+1dN/5+o/++xWZrNpax28JjhRSZowcKBwT06VsfYbH/n3j/74H+FAGJom + oWMOmxRyzojAtkFgDyxoXULH+23m89PLMAXduGM7umak0K0tZNMieSFHYl8k + qCfvH2oW0tf7dePyU2fZwcbRjO7rjFAEes6hYzWipFOjt5iHAYHgGtb+1dN/ + 5+o/++xWbrVpax2atHCinzEGQoHBP0rX+w2P/PvH/wB8D/CgDE0W/sobEJLO + iNvc4LAHlqPt9j/bon89PL+zbd24YzvzjPrT9DtLWSwDSQozb35Kgn7xoNpa + /wBvCLyU2fZs7doxnf1xjrQAzW7+ym09o4p0dtycBgTwwrW/tXTf+fqP/vsV + ma5aWsenM8cKK25OQoB+8K2PsNj/AM+8f/fA/wAKAMTRr+xhtXWWdEJlc4LA + cE8VKtzb3GvRtBIsg8hhlSDzuzik0W0tZLV2khRj5rjJUHgH6U8QQw69GIo1 + QeQx+UAc7vagDeooooAKKKKACiiigAooooA//9P9z5bG6GqwRG9cu0bkPgZA + HanatY3cWnTSSXryqoGVIGDyKbLe3h1WCU2TB1jcBNwyQe+adq19ey6dNHLY + vEpAyxYEDkUAXo9NvSikahIOB2FZ+mWN1L9r2Xrx7LiRTgD5iMfMfc1oR6jq + ARQNOc8D+Naz9MvbyP7X5dk0m64kY4YDaTjK/hQAXFjdLqlrEb12Zlch8DK4 + Hb61JqdhdxWE8j30kiqvKkDBqO4vbxtUtZWsmV1V8JuGWyOefapNTvr2SwnS + SxeNWXliwIFAFuHTr0wxkahIAVHGBxxVDTrG6kkuwl68eyZgcAfMeOTV+HUL + 8QoBp7kBRzvXniqGnXt5HJdmOyaQtMxOGA2njigAurG6XUrKNr12Z/NwxAyu + F5x9am1GwvI7Gd3vpJFVCSpAwfaobq9vG1KykayZXTzdq7hlsrzz7VNqN9fS + WM6SWDxqyEFiwOPegCa2069a2iZb+RQUUgADjjpVOwsbqS4vFS9dCkmCQB8x + x1NXLbUL9baJV092ARQDvXnjrVOwvbxLi8ZLJnLyZYBgNpx0oALyxukv7JGv + XdnL4YgZXC9vrVm+0+8SyuHa/kdVjYlSBggDpVa8vbx7+ydrJkZC+1dwO7K8 + 4+lWb6/vnsrhHsHRWjYFi4OBjrQAtnp949pA638iBkUgADAyOlVbKxunu71F + vXQo6gkAZbjqatWd/fpaQKmnu6hFAO8cjHWqtle3iXd66WTOzupZQwG046UA + F9Y3SXdkjXruXdgCQPl46irV5p94lpO7X8jhUYkEDBAHSqt9e3j3dkz2TIyO + Sqlgdxx0FWry/v3tJ1fT3RSjAneOBjrQA2w0+8eygdL6RFZFIUAYHHSq9nY3 + T399Gt66MhTLADLZXv8ASrFhf3yWUCJYO6qigMHAyMdar2d7eJf3zrZM7OU3 + LuHy4XjP1oAL+xuo57NXvXcvLgEgfKcdRV25069W3lZr+RgEYkYHPHSqV/e3 + jz2bPZMhSXKgsDuOOlXbnUL9reVW091BRgTvHHHWgCDTrC7ksYHS+kjVkBCg + DA9qhtbG6bUr2Nb11ZBHlgBlsrxn6VNp1/fR2MCR2DyKqABgwGfeobW9vF1K + 9kWyZncR7k3DK4XjJ96ADUbG6je0D3ryb5lAyB8p55FX5tOvRDITqEhAU8YH + PFUNRvbyR7QyWTR7JlIywO488Vfm1C/MLg6e4BU87144oAqaXYXcunwSJeyR + qy8KAMCo4LG6bVLqIXrqyqhL4GWyO/0qTS769j0+BI7F5FC8MGABqOC9vF1S + 6kWyZnZUBTcMrgcc+9ABqdjdR/Zd968m+4jUZA+UnPzD3FaL6behGJ1CQ8Hs + KztTvbyT7L5lk0e24jYZYHcRnC/jWi+o6gUYHTnHB/jWgChpNjdy6dDJHevE + rA4UAYHJpsVjdHVZ4heuHWNCXwMkHtTtJvr2LToY4rFpVAOGDAA8mmxXt4NV + nlFkxdo1BTcMgDvmgA1Sxuoo4DJevIGmQAEDgnv+Faf9m33/AEEZPyFZmqXt + 5LHAJLJogJkIJYHJHQfjWn/aOof9A5/++1oAzNHsbqbTYZI714lO7CgDA+Y0 + JY3R1eSL7a4cQg78DJGelGj3t5FpsMcVk0yDdhgwAPzHtQl7eDV5JRZMXMIB + TcMgZ65oANVsbqK3RpL15AZEGCBwSev4Vp/2bff9BGT8hWZqt7eS26LLZNEB + IhyWByQen41p/wBo6h/0DX/77WgDM0exuprBHjvXiUlvlAGOGNAsbr+2DD9t + ff5AbfgZxuxj6UaPe3kViiRWTSqC3zBgP4jQL28/tgy/Ym3+QF2bhnG7rmgA + 1exuorPfJevKN6DBAxyetaf9m33/AEEZPyFZmr3t5LZ7JbJol3odxYHoelaf + 9o6h/wBA1/8AvtaAMzSbG6ltC0d68Q3uMADsev40Gxuv7YWH7a+/yC2/Azjd + 0o0m9vIrQrFZNKu9zkMByT0/Cg3t5/bCy/Ym3+QRs3DON3XNABrFjdQ2Ekkl + 68qgr8pAwcsK0/7Nvv8AoIyfkKzNYvbyWwkSWyaJSV+YsCB8wrT/ALR1D/oG + v/32tAGZpVjdSwSNHevGBK4wAOSD1/GiSxuhq8URvXLmJiHwMgZ6UaVe3kUE + ix2TSgyuSQwGCT0/CiS9vDq8UpsmDiJgE3DJGeuaADWLG6h02aSS9eVRtypA + wfmFaQ02+wP+JjJ+QrN1i9vJdNmjlsmiU7csWBA+YVpDUdQwP+Jc/wD32tAG + bpdjdSpcGO9ePbM4OAOSO/40TWN0NVt4jeuWZHIfAyMdvxo0u9vIkuBHZNLu + mcnDAYJ6j8KJr28Oq28psmDqjgJuGSD3z7UAP1Wxu4tPmkkvXlVQMqQMHmrs + em3pRSNQkHA7CqWq317Lp80cti8SkDLFgQOaux6jqARQNOc8D+NaAM/TLG6k + N3svXj2TupwB8xGPmPua8p+JUEtvrFss07TkwA5YAY+ZuOK9W0y9vIzd+XZN + JundjhgNpOMr+Fcd4u0G+8R6rbS+W1s/lFAhAcnaSxOcj1oGmZ3giCZ/Deoz + LOyIkhygAw3yr1r1CDTr1oYyNQkAKjjA44rjNG0i/wDDuh3tjNC0iztvMnCh + eAOmTnpXZwahfiGMDT3YBRzvXnigGUdOsbqSS7CXrxlJmBIA+Y4HJourG6XU + rGNr12Z/NwxAyuFGcfWjTr28jkvClk0heZiQGA2nA4our28bUrGRrJldPN2r + uGWyozg+1AifUbC8jsZ3e+kkVUJKkDB9qlttOvWtomW/kUFFIAA446VFqN/f + SWM6SWDxqyEFiwOPepbbUL9baJV092ARQDvHPHWgCnYWN1JcXipeuhSTBIA+ + Y46mi8sbpL6yRr13Z2fDEDK4Xt9aLC9vEuLxksmcvJlgGA2nHSi8vbx76yd7 + JkZC+1dw+bK84+lAFm+0+8SyuHe+kdVjYlSBggDpS2en3j2cDrfyIGjUgADA + BHSkvr++eyuEewdFaNgWLg4GOtLZ39+lnAiae7qsagMHHIA60AVbKxunvL1F + vXQo6gsAMtx1NF9Y3SXdkrXruXcgEgfLx1FFle3iXl66WTOzupZdwG3jpRfX + t493ZM9kyMjkqCwO446UAW7vT7xLSZ2v5GCoxIIGDgdKZYafeSWMDpfSIrIp + CgDA46U+7v797SZW090UowJ3jgY60ywv75LGBEsHdVRQGDgZGOtAFe0sbp9Q + vo1vHVkMeWAGWyvf6UahY3Uc9mr3ruXlwCQPlOOootL28TUL51smdnMe5dwy + uF4z9aNQvbySezL2TRlJcqCwO446UAXbjTr1beVjfyMArHGBzxUGnWF3JYQO + l9JGrICFAGB7VPcahftbyq2nuoKsCd68cdag06+vo7CBI7B5FVAAwYDPvQBD + bWN02pXsa3rqyCPLADLZHGfpRqNjdRvaB715N8yqMgfKTnkUW17eLqV7Itkz + O4j3LuGVwOOfejUb28ke0Mlk0eyZSMsDuPPFAF+bTr0ROTqEhAU8YHPFVNLs + LuXT4JI72SNWXhQBgVbm1DUDE4OnOAVPO9eOKqaXfXsenwRx2LyqF4YMADQB + HBY3TapdRC8dWVUJfAy2fX6UanY3UYtd968m6eNRkD5Sc8j3FEF7eLql1Ktk + zOyoCm4ZXHQ596NTvbyQWvmWTR7Z42GWB3EZwv40AaL6behSf7QkPB7CqGk2 + N3Lp0Mkd68SkHCgDA5NX31HUNpzpzjg/xrVDSb69i06GOKxaVQDhgwAPJoAb + FY3R1aeIXrh1jUl8DJBPSjVbG6iihMl68gMyAAgcE9/woivbwatPKLJi7RqC + m4ZAB65o1W9vJYoRJZNEBMhBLA5IPA/GgDT/ALNvv+gjJ+QrM0axuptNhkjv + XiU7sKAMD5jWn/aOof8AQNf/AL7WszRr28h02GOKyaZBuwwYAH5j2NAAljdH + V5IftrhxCDvwMkZ6UatY3UVsjSXrygyIMEDqT1/ChL28GrySiyYuYQNm4ZAz + 1zRqt7eS26LLZNEBIhyWB5B6fjQBp/2bff8AQRk/IVmaRY3Utirx3rxKWb5Q + BjhjWn/aOof9A1/++1rM0i9vIrFUismlUM3zBgOrGgA+w3X9smH7a+/yN2/A + zjdjH0718334K31wpOSJH59eTX0h9tvP7ZMv2JvM8jbs3DON2d2f0r5vvyTf + XJI2kyPx6cmgqJ9L6dp162n2rDUJFBiTjA4+UVBpNjdS2paO9eIb3GAB2PWp + 9O1C/XT7VV092AiTB3rz8oqDSb28itSsVk0o3uchgOSen4UEg1jdf2wsP219 + /kFt+BnG7pRrFjdQ6fJJJePKoK/KQMH5hQ17ef2wsv2Jt/kEbNwzjd1zRrF7 + eS6fIktk0Skr8xYED5hQBp/2bff9BGT8hWZpVjdSwymO9eMCVwQAOSD1/GtP + +0dQ/wCga/8A32tZmlXt5FDKI7JpQZXJIYDBJ5H4UAEljdDVoojeuXMTEPgZ + Az0pdYsbqHTppJL15VGMqQMHkUkl7eHVopTZMHETAJuGSM9c0usXt7Lp00ct + k0SnGWLAgfMKANEabfYH/Ewk/IVm6XY3UqXBjvXj2zupwByR3/GtJdR1DA/4 + lz/99rWbpd7eRpcCOyaXdO5OGAwT1H4UAE1jdDVbeI3rl2RyHwMjHb8afqth + dxafNJJevIqjlSBg80ya9vDqtvKbJg6o4Cbhkg98+1P1W+vZdPmjksXiUjli + wIHNAF2PTb0xqRqEgyBxgVn6bY3Uhu9l68eyd1OAPmIxyfc1oR6jqAjUDTnI + wOd61n6be3kZu/Lsmk3TuxwwG0nGV/CgAuLG6XU7SM3rszrJhsDK4Hb61Lqd + hdx2E8j30kiquSpAwaiuL28bU7SRrJldVkwm4ZbI559ql1O+vZLCdJLF41ZT + liwIFAFmDTr1oI2GoSKCo4wOOKo6dY3Ukt4EvXjKTEEgD5j6mr0GoX6wRqun + uwCjB3rzxVHTr28jlvDHZNIXmJIDAbTjpQAXVjdLqNjG167M/m4YgZXC84+t + T6hp95HYzu99I6qjEqQMHjpUF1e3jajYyNZMrJ5u1dwy2V5x9Kn1C/vpLGdH + sHjVkYFi4OBjrQBLa6detbQst/IoKKQABxx0qnYWN09zeKl66FJMEgD5jjqa + uWuoX620Krp7sAigHeOeOtU7C9vEubxksmcvJlgGA2nHSgAvLG6S+ska9d2d + nwxAyuB2+tWb7T7xLK4dr+R1WNiVIGCADxVa8vbx76yd7JkZGfau4fNkdvpV + m+v757K4R7B0Vo2BYuDgEdaAFstPvHs4HW/kQNGpCgDABHSqtlY3T3l6i3jo + yMoLADLZHerVlf3yWcCJYO6rGoDBwMgDrVWyvbxLy9dLJnZ2UsoYfLx0NABf + WN0l1Zq967l3IBIHynHUVbu9OvEtZma/kYBGJBA546VUvr28e6smeyZCjkqC + wO446Vbu9Qv2tZlbT3QFGBO8cDHWgBlhp95JYwOl9IisikKAMDjpVe0sbp9Q + vo1vXVkMeWAGWyvGfpViwv75LGBEsHdVRQGDAZGOtV7S9vF1C+kWyZmcx7l3 + DK4XjP1oANQsbqOazD3ruXlABIHynHUVduNOvVt5Wa/kYBWJGBzxVLUL28km + sy9k0ZSUFQWB3HHSrtxqF+1vKrae6gqwJ3rxx1oAg02wu5LCB0vpI1ZQQoAw + KhtrG6bU7yNb11ZBHlgBlsjjP0qbTb6+jsIEjsHkVVADBgAfeoba9vF1O8kW + yZncR7k3DK4HHPvQAalY3UbWge9eTfOqjIHyk55FX5dNvRE5OoSEAHjA9Koa + le3kjWhksmj2zqRlgdxGeKvy6hqBicHTnAIPO9fSgCppdhdy6fBJHeyRqy8K + AMDmo4LG6bVbmIXrhlRCXwMnPb8Kk0u+vY9PgSOxeVQvDBgAeajgvbwarcyi + yZnZEBTcMrjvn3oANTsbqIW3mXjybp0UZA+UnPI9xWi+m3oUn+0JDwewrO1O + 9vJBbeZZNHtnRhlgdxGcL+NaL6jqBUg6c44/vrQBn6RY3cunQyR3rxKQcKAM + Dk0kVjdHVpoheuHEakvgZIz0pdIvb2LToY4rFpVAOGDAA8mkivbwatNKLJi5 + jUFNwyBnrmgA1SxuoooTJevIDMgAIHBJ6/hWn/Zt9/0EZPyFZmqXt5JFCJLJ + ogJkIJYHJB6fjWn/AGjqH/QNf/vtaAMzRrG6m06KSO9eJTuwoAwPmNC2N0dY + eH7a+8Qg78DJG7pRo17eQ6dFHFZNMo3YYMAD8x7ULe3g1h5fsTFzCBs3DIG7 + rmgA1axuorZWkvXlBkQYIHUnr+Faf9m33/QRk/IVmate3ktsqy2TRASIclge + Qen41p/2jqH/AEDX/wC+1oAzNIsbqWyV4714l3N8oAxwxo+w3X9s+T9tff8A + Z92/Azjfjb9O9GkXt5FZKkVk0q7m+YMB1Jo+23n9s+d9ibzPs+3ZuGcb87s/ + pQAavY3UVkXkvXlXcg2kDHJFaf8AZt9/0EZPyFZmr3t5LZFJbJol3KdxYHoR + /OtP+0dQ/wCga/8A32tAGZpNjdS2rNHevEN7jAA6g9fxoaxuv7YSH7a+8wk7 + 8DON3SjSb28itSsVk0o3uchgOSen4UNe3n9sJL9ibeISNm4Zxu65oANYsbqH + TpZJL15VBX5SBg/MK0/7Nvv+gjJ+QrM1i9vJtOljlsmhUlcsWBA+YVp/2jqH + /QNf/vtaAMzSrG6lhlMd68YErggAckHr+NEljdDVoYjeuXMTEPgZAz0o0q9v + IoZRHZNKDK5JDAYJPT8KJL28OrQymyYOImATcMkZ65oA8j/aE8TXngX4a3t1 + FqEhvNRZbO3GACGkyWYEcjaisQfXFflRX27+2Trl5c3PhnRpYWtkjS5uCpYH + cWKIp49MN+dfEVfAcQ4hzxDj0iflXFuKc8W4dI2X6nvfwI+DM/xV1ma51F2t + 9C00j7RIvDSyHlYkPqRyx7D3Ir9IdL8L2Hhs2WiaGFsrWJG8tYkVAuOvA6k9 + yeT3rz79n/TG8N/CzRre0tDKbxBeSOpA3PcAPz7hSo+gFdh428b2Xgmwk8Ua + 7CYobONsJuG6V24VF9yeP16A19NkeWcsYxhG85W9deh9Zk+BpYTDe1no7Xb/ + AB+5EfxD8VaP4A8PS6x4j1RgjfLFCADJO/8AdRe59T0Hcivz0+IXx38b+OjL + YR3cmm6QchbaFyC6/wDTVxgv9OF9u9cV8QPH2vfEbxFN4g12TlsrDCpPlwRZ + 4RB/M9SeTV34efDDxV8StRa00G3P2aAj7RcuMRRA+p7seyjk+wyR/RGQ8KYX + LaP1rGNOa1be0fTz89+x+T59xZi8zrfVcEmoPRJby9fLy27nnddLpHg3xdr+ + w6Jot5fLJ91oYJHU4/2gMfrX6J/Dn4I+CvBcZmfRxrepRNhrm6CvtYY+5Gco + uD0IBP8AtGvaZrq5+32rfY2QorhUyORjt9K8zMfE6nGTjhafMu70/D/hj1Mt + 8MKkoqWKq8vklf8AH/hz8pbj4QfFG1hNxN4X1AIoySIGYgfQZNcRqOk6rpE3 + 2fVrKaylP8E8bRt+TAGv2W1C8u5LKZHs2jUryxYcVWvLeDWNOGn6toyX9qyg + GOdUkRuOu1gRXBh/FCqpfvqKa8nb87nfifC2k4/uazT80n+Vj8bbG/vtMu47 + /TbiS1uYTuSWJyjqfUMpBFfW3wx/aUvze2mk/Ee6ZoVOyPUFXLx5GP3qj7w9 + WAyO4PWum+IH7M1jrAutS+H8Lafdo7E2bvugbvtVmOUb8Svb5RzXxRqmlajo + moT6Tq9s9peWrFJYpBtZWHqP5HuORX2MKuW57QcbXa+Uo/180fG1KWZ5DXUr + 2T+cZf18mfslLC1xpjXtvqJubeSLejLtZHQjIIYcEEdCKs21hdtbxMt66gop + AAHHHSvzv+BHxruvCTnwT4hlMuiXxKQu7f8AHpK/cE/8s2P3h0B+bj5s/ohb + X14LaILZMwCLg7hyMda/F+Icgq5fX9lPVPZ91/n3R+1cPZ/SzCh7Wno1uuz/ + AMuzKtnZ3L3F2q3boUcAkAfNx1NF3Z3KXdojXbsXZsMQMrgdqLK7ukuLtktG + cs4JAYfKcdKLu7umu7R2tGVkZsLuHzZFeCe8WLyxuktJna9dwqMSCBg8dKLS + wuntIXW9dAyKQABgZHSi8vbx7SZWsmRSjAksOBjrS2l7eJaQqtkzgIoB3DkY + 60AVrSzuXu7tFu3Uoy5IAy3Hei8s7lLi0Vrt3LuQCQPl46iltLu6W7u2W0Zm + dlyNw+Xikvbu6e4tGe0ZCrkgFh8xx0oAtXNhdrbSs167AIxIIHPHSmWNjdSW + cLreOgZAQoAwOOlPub28a2lVrJlBRgTuHHHWmWN7eJZwolmzqEADBhz70AQW + 1ncvfXka3bqyeXlgBlsjv9KL6zuY5bUNdu5eQAEgfKfUUWt3dLfXjraMzPsy + u4ZXA4/Oi+u7p5bUvaMhWQEAsPmPpQBcnsLtYZGN9IwCk4wOeKgsLG6ksoXS + 8dAVGFAGBU899emGQGxdQVPO4ccVBYXl2llCiWbOoUYYMOaAIoLO5bULqMXb + qyBMtgZbI7/Si/s7mNrYPdu+6ZQMgfKT3FEF3dLqN1ItozMwTK7hlcDj86NQ + u7p2td9oybZlIyw+YjtQBek0+7EbE30hwDxgVU02yuZLGJ0vHjUjhQBgc1bk + vr0xsDYuBg87hVTTby7jsYkjs2kUDhgwGeaAGQ2dydRuIxduGVUJbAyc9qNR + s7mNbcvdvJumQDIHBOefwohu7oalcSC0YsyoCu4ZGO9Go3d1Itv5lo0e2ZCM + sDkjt+NAF9tPvApP26Q8egqjpdlcy2EUiXbxqc4UAYHJq+19e7T/AKC/T+8K + o6Xd3cdhEkdo0ijOGDAA8mgDnvEHgvSPGC3Wg+I0W+tnjBPmICQTwCp6qw7M + CCK/M/40fCa++FHiUWIdrnSr4NJZTt95lXG5HxxvTIzjggg8ZwP1Pju7oanL + ILRi5jUFNwyBnrXhX7TulnXvhXd3VxZmKbSpormJyQSPm8txxzgqxP4CvHzn + Axq0nO3vI+e4iyyFahKpb3oq9/0PzGilkhkSaFzHJGQyspwVI5BBHQiv1y+D + Ov3Xjr4c6Tr/ANvaOdlaK4RQMLNExVz/AMC+/j0avyKr9AP2OtdvR4a8QaLF + btcx213FOMMBtM6FT19fKrxOG67jX5OjX5HzHB+KcMT7PpJflr/mfWa2N1/b + Dw/bX3iEHfgZxu6UatY3UVsrSXryjzEGCB1J6/hQt7ef2w8v2Jt5hA2bhnG7 + rmjVr28ltlWWyaIeYhyWB5B6fjX3Z+oGn/Zt9/0EZPyFZmkWN1NZB4714l3M + NoAxwTWn/aOof9A1/wDvtazNIvbyKyCRWTSrub5gwHU0AH2G6/tnyftr7/s+ + 7fgZxvxt+nejV7G6ismeS9eVdy/KQMckUfbbz+2fO+xNv+z7dm4Zxvzuz+lG + r3t5LZMktk0S7l+YsD0IoA0/7Nvv+gjJ+QrM0mxupbZmjvXiHmOMADqD1/Gt + P+0dQ/6Br/8Afa1maTe3kVsyxWTSjzHOQwHJPT8KABrG6GsJD9tfeYSd+BkD + d0o1ixuodOlkkvXlUbcqQMH5hQ17eHWElNkwcQkbNwyRu65o1i9vJdOljlsm + iU7csWBA+YelAGn/AGbff9BGT8hWZpVjdSxTGO8eICVwQAOSD1/GtP8AtHUP + +ga//fa1maVe3kUUwjsmlBlckhgMEnkfhQASWN0NWhiN65cxsQ+BkDPSl1ex + u4tOmkkvXlUAZUgYPIpJL28OrQymyYOI2ATcMkZ65pdXvb2XTpo5bFolIGWL + AgcjtQBorpt7tH/Ewk6egrN0yxupVudl68e2d1OAOSO/41pLqOobR/xLn6f3 + 1rN0y9vI1ufLsmk3TuxwwG0nqPwoAJrG6XVLaI3rlmRyHwMjHb8afqlhdxaf + PJJeySKq8qQMHmmTXt4dUtpDZMHVHATcMsD3z7U/Vb69l0+eOSxeJSOWLAgc + 0AXItOvTEhGoSAEDjAqhptjdSNd7Lx49k7qcAfMRjk/Wr8WoagIkA05yABzv + X0qhpt7eRtd+XZNJvndjhgNpOOPwoALmxul1Ozja9dmcSYbAyuBzj61NqVhd + x2E7vfSSKqklSBg1Dc3t42p2cjWTK6CTam4ZbI559qm1K+vpLCdJLB41ZSCx + YED3oAnt9OvWgjYahIoKg4wOOKpafY3Uk14EvXQpKQSAPmOOpq7b6hfrBGq6 + e7AKADvXniqWn3t5HNeFLJpC8pLAMBtOOlABd2N0mo2MbXrszmTDEDK4XnH1 + qfUNPvI7Gd3vpHVUYlSBg8dKgu728bUbGRrJkZDJtXcMtlecfSp9Qv76SxnR + 7B41ZGBYuDgY60ASWmnXj2sLLfyKCikAAccdKqWNjdPdXqpeuhSQAkAfMcdT + Vu0v79LWFV093ARQDvHIx1qpY3t4l1eslkzl5AWAYDacdKAC9sbpL2yRr13L + swDEDK4HarV7p94lnO7X8jhY2JUgYIA6VVvb28e9sneyZGRmKruB3ZFWr2/v + ns50ewdFaNgWLg4BHWgBLHT7x7K3db+RA0aEKAMAEDiq1nY3T3t6i3royMmW + AGWyvf6VZsb++Syt0Swd1WNAGDgZAA5/Gq1ne3iXt66WTOzsm5Qw+XA7/WgA + v7G6S5s1e9dy8hAJA+U46irl1p14trMzX8jAIxIIHPHSqd/e3j3Nmz2TIUkJ + UFgdxx0q5dahftazK2nuoKMCd44GOtAEWn6feSWMDpfSIrIpCgDA46VBaWN0 + +o30a3rqyeXlgBlsrxn6VPp9/fR2MCJYPIqooDBgMjHWoLS9vF1G+kWyZmfy + 9y7hlcLxk+9ABqFjdRy2Ye9eQvMACQPlOOoq9Pp16sEjHUJGAU8YHPFUdQvb + ySWzL2TRlJgQCwO446Ven1C/aCRW091BU5O9eOKAK2m2F3JYQSJfSRqyghQB + gVFb2N02p3cQvXVkEeWwMtkd/pUum317HYQJHYvIqqAGDAA1Fb3t4up3ci2T + M7iPKbhlcDjn3oANSsbqM2m+8eTfOijIHyk55HuK0JdNvRG5OoSEAHjArP1K + 9vJDaeZZNHtnRhlgdxGfl/GtCXUdQMbg6c4BB53rQBS0qwu5dPhkjvXjVhwo + AwOaZDY3R1W4iF64ZUQl8DJz2/Cn6VfXsWnwxx2LyqBwwYAHmmQ3t4NVuJRZ + MXZEBTcMgDvn3oANUsbqJbYyXrybp0UZA4J7/hWk2m32D/xMJPyFZuqXt5It + sJLJo9s6EZYHJHQfjWk2o6hg/wDEuf8A77WgDO0ixu5dOhkjvXiUg4UAYHJp + I7G6OryxC9cOIlJfAyRnpS6Re3sWnQxxWLSqAcMGAB5NJHe3g1eWUWTFzEoK + bhkDPXNABqtjdRQxGS8eUGVBggcEnr+Faf8AZt9/0EZPyFZmq3t5LDEJbJog + JUIJYHJB6fjWn/aOof8AQNf/AL7WgDM0exuptPjkjvXiUlvlAGBhjQtjdf2w + 0P2194hDb8DON3SjR728i0+OOKyaVQWwwYAH5jQt7ef2w0v2Jt/kgbNwzjd1 + zQAatY3UVqGkvXlG9BggdSev4Vp/2bff9BGT8hWZq17eS2oWWyaIb0OSwPIP + T8a0/wC0dQ/6Br/99rQBmaRY3U1mHjvHiXc42gDHBo+w3X9siH7a+/yN2/Az + jdjb9O9GkXt5FZhIrJpV3OdwYDqelH228/tkTfYm8zyNuzcM43Z3Z/SgA1ex + uobFnkvXlXcvykDHJFaf9m33/QRk/IVmaxe3ktiyS2TRLuX5iwPQitP+0dQ/ + 6Br/APfa0AZmlWN1LbO0d68QEjjAA6g9fxqxBbTQa7Gstw058ljlgBxnGOKr + 6Te3kVs6x2TSgyOchgOSen4VYguLifXY2mtzAfJYYJB4z14oA6WiiigAoooo + AKKKKACiiigD/9T92Zr2zOs20onjKLG4LbhgE++afrV7Zy6XPHHPG7EDADAk + 8jtmo5rGyGs28QgjCNG5K7Rgke2KfrNhZRaZPJFbxoygYIUAjkd8UAaUeoWA + jUG5i6D+Nf8AGsvSLyzj+2+ZPGu65kYZYDIOMEc9K0o9N04xqTaxdB/Av+FZ + mk2NlL9t8yCNtlzIoyoOAMYA46UALc3lm2sWcizxlFWTJ3DAyOMmptXvbKTT + bhI7iNmK8AOCT+tQXNjZLq9nEsEYR1kyu0YOBxkYqbVrCxi024kjt41ZV4IQ + Aj9KALsGoWAgjBuYgQo/jX0+tZul3tnHJel5413TsRlgMjA5HNaEGm6eYIyb + aIkqP4F9PpWdpdjZSSXokgjYJOwXKg4GBwKAFu72zbVdPkWeMqgl3EMMDKjG + TmrGqX1lJp1wiXEbMyEABwSf1qtd2Nkuq2Ea28YRxLuAUYOFGMjHarGqafYx + 6dcPHbxqyoSCEAI/SgCxaX9itrCrXMYIRQQXHp9aoabeWaXN8zzxqHlyCWAy + MdRzV6007T2tYWa2iJKKSSg9PpVDTbGykub5XgjYJLhQVBwMdBxQAt9eWbaj + p7rPGVRpNxDDAyvGeat6jfWL2FyiXEbM0bgAOCScfWqd9Y2Sajp6JBGFdpNw + CgA4XjPHNWtR0+wSwuXS2jVljcghACCB9KAJLG/sUsrdXuIwwjQEFwCDge9U + tPvbNL2/Z541V3UqSwAPy9quWOnWD2Vu720bM0aEkoMkkD2qlYWNk97fo8Eb + KjqFBUEAY7cUALqF5Zve2DJPGypIxYhgQOO9Xb6/sXsrhUuIyxjcABwSTg+9 + UdQsbJL2wRII1V3YMAoAIx34q7fadYJZXDpbRqyxuQQgyCAfagBum31kmn2y + PcRqyxqCC4BBx9aq2N5ZrqWoO08YVzHtJYYOF5xzVnTtPsJLC2d7aNmaNSSU + BJOPpVWxsbJ9S1CN4IyqGPaCoIGV5xxxQAupXtm9xYlJ42CS5OGBwMdTzWhd + X9i1rMq3MZJRgAHHp9aztSsbKO4sVS3jUPLhgFAyMdDxV+607T1tZmW2iBCM + QQg9PpQBDpd9ZR6dbo9xGrKgBBcAj9ar2l5Zrq1/I08YVxFtJYYOF5wan0vT + 7GTTrd5LeNmZASSgJP6VXtLGybVr+NoIyiCLaCowMrzgYoAXVbyzkksTHPG2 + 2dScMDgc8nmtKfULAwSAXMRJU/xr6fWszVLGyjkshHBGu+dVbCgZHPBrRn03 + T1gkItogQp/gX0+lAFTSL2yj023SS4jVgvILgEfrUVte2a6veSNPGEZI8HcM + HA5wc1JpFhYy6bbySW8bMy8koCT+lRW9jZNq95E0EZRUjIXaMDI5wMUALq17 + ZyfY/LnjbbcxscMDgDOSeelakmoWBRgLmLof41/xrK1axso/sfl28a77mNTh + QMg5yD7VqSabpwRiLWLof4F/woAz9FvbOLS4I5J40YA5BYAjk9s0yG9sxrNz + KZ4wjRoA24YJHvmnaNYWMumQSS28bswOSVBJ5PfFMhsbI6zcRGCMosaELtGA + T7YoAXWLyzkitxHPGxWeMnDA4APJrXOoafj/AI+Yv++1/wAax9YsbKKK3MUE + aFp4wcKBkHqOlax0zTsf8esX/fC/4UAZWhXtnFpUEcs8aMN2QWAI+Y9iaEvb + Ma3LKZ49hgUbtwxnd0zmk0OxsptKgklgjdzuyWUEn5j3IoSxsjrcsJt49ghU + hdoxnd1xigBdZvbOW2jWOeNyJUOAwPAP1rX/ALR0/wD5+Yv++1/xrH1mxsor + aNooI0JlQZCgcE9Ola/9mad/z6xf98L/AIUAZOh3lnFpyJLPGjBn4LAH7x96 + UXln/brS+fHs+zhd24Yzv6Z9abodjZTackksEbsWfllBPDH1oFjZf24Yfs8f + l/Zw23aMZ34zjHWgBdbvLOWx2RTxu29DgMCeD9a1/wC0dP8A+fmL/vtf8ax9 + bsbKKx3xQRo29BkKAeTWv/Zmnf8APrF/3wv+FAGTot7ZxWZWSeND5jnBYA4J + +tDXtn/biy+fHs+zkbtwxnd0z60mi2NlLZlpbeN28xxkqCcA/ShrGy/txYfs + 8fl/Zy23aMZ3dcY60ALrl7Zy6bIkU8bsSmAGBP3hWv8A2jp//PzF/wB9r/jW + PrljZQ6bJJFbxowKcqoB5Ye1a/8AZmnf8+sX/fC/4UAZOjXtnHbyiSeNCZZC + MsBwT160SXlmdbhlE8ewQsC24YznpnNJo1jZS28rS28bkSuASoPAPA6USWNk + NbhiEEewwsSu0YznrigB2uXtnLpU8cU8bsduAGBJ+Yds1qjUNPwP9Ji/77X/ + ABrJ1yxsodLnkit40cbcFVAI+Yd8VqjTNOwP9Fi/74X/AAoAytHvLOOO5Ek8 + a7p5CMsBkHGD1onvbM6zbSCeMosbgtuGAT75pNIsbKWO5MkEb7Z5FGVBwB0F + E9jZDWLaIQRhGjcldowSPbFAEus3tnLplxHHPG7EDADAk8jtmtCPULARqDcx + dB/Gv+NZus2FjFpk8kVvGjKBghACOR3xWhHpunGNSbWLoP4F/wAKAM3Sbyzj + N75k8a7rmRhlgMg45HPSi5vLNtXspFnjKKsmSGGBkcZNJpNjZSm98yCNtlzI + oyoOAMYA46UXNjZLq9lEsEYR1kyAowcDjIxQBPq97ZSabcJHcRsxXgBwSf1q + 3b6hYC3jBuYwQq/xr6fWqerWFjFptxJHbxqyrwQgBH6Vbt9N09oI2a2iJKjP + yL6fSgDP0u9s45b4vPGoadiMsBkYHIovL2zbVdPkWeMqnnbiGGBlRjJzSaZY + 2Ukt6JII2CTsFyoOBgcDii8sbJdV0+NbeMI/m7gFGDhRjI9qALOqX1k+nXCJ + cRszIwADgk8fWp7S/sVtYVa5jBCKCC49PrVfU9PsY9PuHjt41ZUYghACDj6V + Paadp7WsLNbRElFJJQc8fSgCjpt5ZpdX7PPGoeXIJYDIx25ovryzfUdPdZ4y + qNJuIYEDK8Z54pNOsbKS6vleCNgkuFBUHAx24ovrGyTUdPjSCNVdpNwCjBwv + GaALmo31i9hcolxGzNG4ADgknH1pbC/sUsbdXuIwwjQEFwCDge9M1HT7BLC5 + dLaNWWNyCEAIIH0p1jp1g9jbu9tGzNGhJKAkkge1AFSwvLNL6/d541V3UqSw + APy9uaNQvbN7ywZJ42CSMWIYEAY780lhY2T31+jwRsqOoUFQQPl7cUahY2SX + lgqW8aq8jBgFABGO/FAF69v7F7K4VbiMkxuAA4yTj60zTb6yTT7ZHuI1ZY1B + BcAg4+tOvdOsEs7h0towyxsQQgyCAfao9N0+wk0+2d7eNmaNSSUBJOPpQBXs + ryzXU9Qdp4wrmPaSwwcLzg55o1O8s3uLEpPGwSbJwwOBjqaSysbJ9S1CN4Iy + qGPaCowMrzjijUrGyjuLFY4I1DzYYBQMjHQ8UAaN1f2LW0yrcxklGAAdfT61 + X0q+so9Ot0kuI1YIAQXAI/Wp7rTtPW2lZbaIEIxBCD0+lVtL0+xk063eS3jZ + mQEkoCT+lAEVpeWa6tfyNPGFcRbSWGDhTnBpNUvLOSSyMc8bbbhCcMDgDPJ5 + 6UlpY2TarfxtbxlEEW0FRgZU5wMUapY2Ub2QjgjXfOinCgZHPB46UAac+oWB + hkAuYiSp/jX0+tUtHvbKPTLdJLiNWC8guARz9auT6bp4hkItogQp/gX0+lUt + IsLGXTbeSS3jdmXklASefpQBHb3lmusXchnjCMkeDuGDgdjmjVr2zkFn5c8b + bbmNjhgcAZyTz0pLexsm1i7iaCMoqRkLtGBkc4GKNWsbKIWnl28a7rmNThQM + g5yDx0oA1n1Cw2N/pMXQ/wAa/wCNZui3tnFpcEcs8aMAcgsARye2a0H03Tgj + EWsXQ/wL/hWdothZS6ZBJLbxuzA5JUEnk98UANhvbMazcSmeMIYkAbcME59c + 0axeWckMAjnjYieMnDA4APWkhsbI6zcRGCMosSELtGASfTFGsWNlFDAYoI0L + Txg4UDIJ5HSgDY/tHT/+fmL/AL7X/GsjQryzi0qCOWeNGG7IZgCPmPYmtb+z + NO/59Yv++F/wrI0KxsptKgkmgjdzuyWUEn5j3IoAVLyzGuSSmePYYFG7cMZ3 + dM0aze2ctqixzxuRKhwGB4B+tIljZHW5ITBHsEAO3aMZ3dcYo1mxsorVGigj + QmVBkKBwT9KANj+0dP8A+fmL/vtf8ayNDvbOLT0SWeNGDPwWAP3j71rf2Zp3 + /PrF/wB8L/hWRoljZTaejywRuxZ+WUE8MfUUAKL2z/t0y+fHs+zbd24Yzv6Z + z1r5m1Ahr+5IOQZX5/4Ea+mBY2X9umH7PH5f2bdt2jGd+M4x1r5n1ABb+5VR + gCV8f99GgqJ9R6bf2C6dag3MYIiTjev90e9VdEvLOKzKyzxofMc4LAHBP1qx + pum6e2nWrNbREmJMnYv90e1VtFsbKWzLywRu3mOMlQTgH6UEiteWf9upL58e + z7ORu3DGd3TOetGu3lnLpkqRTxuxKcKwJ+8O2aRrGy/txIfIj8s25bbtGM7u + uMdaNcsbKHTZZIoI0YFcFVAPLD2oA2P7R0//AJ+Yv++1/wAayNGvbOO3lEk8 + akzSEZYDgnrWt/Zmnf8APrF/3wv+FZGj2NlLBK0sEbkTSAZUHgHgdKAFkvbM + 61DKJ49ghYFtwxnPTNLrl7Zy6VPHFPG7ELgBgSfmHbNNksbIa1DELePYYWJX + aMZz1xil1uxsodLnkit40cBcFVAI+Yd8UAay6hYbR/pMXT++v+NZOj3lnGl1 + 5k8a7riQjLAZBxgjnpWoum6dtH+ixdP7i/4VlaRY2UqXRkgjfbcSKMqDgDGB + 06UALPeWZ1m1kE8ZRY3BbcMAn3zUms3tnLplwkc8bsV4AcEnkds1FPY2Q1i2 + iEEYRo3JXaMEj2xUmsWFjFplxJFbxoyrwQoBHI74oA0ItQsBEgNzF0H8a/41 + maTe2cZvfMnjXdcyMMsBkHHI56VpRabpxiQm1iJIH8C/4VmaVY2UhvfMt422 + XEijKg4AxgD2oAW6vbNtXspFnjKKsmSGGBkcZOam1a+spNNuEjuI2YqcAOCT + +tQXNjZLq1lEsEYR1kyAowcDjIxU2rWFjFptxJHbxqyqcEIAR+lAFy2v7Bbe + IG5jBCrxvX0+tZ2l3lnHNfF541DTsRlgMjA5FX7fTtPa3iZraIkqpJ2L6fSs + /TLGykmvhJBGwSdguVBwMdBxQAt5e2barp8izxlU83cQwwMrxk54qzqd9ZPp + 9yiXEbM0bAAOCScfWqt5Y2S6pp8awRhH83cAowcLxkY5xVnU9PsI9PuHjt41 + ZUYghACDj6UAT2d/YraQK1xGCEUEFxxx9aoade2aXV8zzxqHlBBLAZGO3NXb + TTtPa0hZraIkopJKDk4+lUdOsbJ7q+V4I2CS4UFQcDHbigBb+8s31DT3WeMq + jPuIYYGV71b1C+sXsLlEuI2Zo3AAcEkkH3qnfWNkmoWCJBGquz7gFGDhe/FW + 9Q0+wSwuXS2jVljcghACCAfagB1hf2KWNsj3EassaAguAQQo96p2F5Zpf37v + PGqu6bSWAB+XtzVuw0+wextne2jZmjQklASSQPaqdhY2T31+jwRsqOgUFRgZ + XtxQAuoXtm95YMk8bBJCWIYEAY781evb+xaznVbiMkxsAA4yTg+9UNQsbJLy + wVII1DyEMAoAIx34q7e6dYJZzsttGCI2IIQZBx9KAG6bfWSafbI9xGrLGoIL + gEHH1qtZXlmup6hI08YVzFtJYYOF5we9T6bp9hJp9s728bM0akkoCScfSq1l + Y2T6nqEbW8ZVDFtBUYGV5xxQAup3lm89iUnjYJMCcMDgY6nmtC6v7FraZVuY + ySjAAOvp9aztTsbKOexEcEah5gGwoGRjoa0LrTtPW2lZbaIEIxBCL6fSgCvp + V9ZR6dbpJcRqwQAguAR+tQWt7Zrq19I08YVxFtJYYOBzg1NpVhYyadbySW8b + MyAklASf0qC1sbJtWvo2gjKIItoKjAyOcDFAC6re2cj2XlzxttuEJwwOAM8n + 2rTm1CwMLgXMRJU/xr6fWsvVLGyjeyEdvGu+4RThQMg54PHStKbTdPELkW0Q + IU/wL6fSgCno97ZR6ZbpJcRqwXkFwCOfrUVveWY1i7kM8YRkjAO4YOPQ5qTS + LCxl023kkt43Zl5JQEnn1xUVvY2TaxdxNBGUVIyF2jAz1wMUALq95ZyLaeXP + G224jY4YHAGck+1ar6hYbG/0mLof41/xrJ1exsoltPLgjXdcRqcKBkHOQeOl + aj6bpwRiLWLof4F/woAztEvbOLS4I5Z40YA5BYAjk9s02K9sxrU8pnjCGJAG + 3DBOfXNLothZS6XBJLbxuxBySoJPJ74psVjZHWZ4jBGUESkLtGASeuMUALrF + 7ZyQwCOeNiJ4ycMDgA9eta/9o6f/AM/MX/fa/wCNY+sWNlFDAY4I0JmjBwoG + QTyOla/9mad/z6xf98L/AIUAZOhXlnFpcMcs8aMN2QzAH7x7E0JeWf8Abkkv + nx7DABu3DGd3TNJoVjZTaXDJLBG7ndksoJPzHuRQljZHXJITBH5YgB27RjO7 + rjFAC61eWctoixzxuRKhwGB4B+ta/wDaOn/8/MX/AH2v+NY+tWNlFao0UEaE + yoMhQOCfpWv/AGZp3/PrF/3wv+FAGTol7ZxaeqSzxo25+CwB5Y0fbbP+3fN8 + +PZ9m27twxnfnGc9aTRLGyl09Xlgjdtz8lQTwx9RR9hsv7d8n7PH5f2bdt2j + Gd+M49aAF1u9s5bApFPG7b04DAnhh71r/wBo6f8A8/MX/fa/41j63Y2UVgXi + gjRt6DIUA8sPatf+zNO/59Yv++F/woAydFvbOKzZZJ40PmOcFgDgn60NeWf9 + uJL58ewQEbtwxnd0zmm6NZWMloTNBGzGRwNygnAPvStY2X9uJD5EflmAtt2j + Gd3XFAC67eWculyxxTxuxK4AYE/eHatf+0dP/wCfmL/vtf8AGsfXLGyh0yWS + KCNGBXBVQDyw74rX/szTv+fWL/vhf8KAMnR7yzjgmEk8akzSEZYDIJ69aJb2 + zOtQSiePYImBbcMZz0zmk0exspYJjLBG5E0gGVB4B4FEtjZDWoIhbxhDExK7 + RgnPXGKAPgv9sueCfxZ4fMEiyAWL52kHH70+lfG9fY/7ZVvBb+LPD6wRrGDY + uSFAH/LU+lfHFfm+c/71P+uh+PcRf77U9f0R+xXwpubaH4faEssqIfsdscFg + OPJSviL9qD4h/wDCU+M/+EY06UPpug5QlTlZLlv9Y3/APuD0Ib1r678L6nZe + HfgvB4kuoY5P7N0mOYBwDuMdsrKv4nj8a/K25uJru4lu7hi8szM7sepZjkn8 + TX9FeF2VKpOWLmvhSS9X/kvzNPETNpU8LSwkH8au/RdPm/yOq8C+DtQ8deI7 + fQLA7A+XmkPSKFfvMf5AdyQK/WnwjonhjwZ4ftPD2g+Vb2tso43ruZj953Pd + mPJP9MCvnL9mvwNb6P8ADa68XXcIN7rbkxsw5S3hYooHcbm3E+o2+lfVsVhY + mJCbeMkgfwj/AAri49z+WJxTw8H7kHb1fV/LZf8ABPX4ByCOGwqxM1781f0X + RfPd/wDAKGm3dqjXe+ZF3TuRlgMg45FFxd2ranaSCZCqiTJ3DAyO5zWFpOt+ + E7nX7/wuLq1k1a3d3a1yplSPCkHb1A+YfnW5cWdoup2kawoFYSZG0YOBxmvh + Z05RtzK19T7uFSMr8rvbQm1O8tHsJ0SdGYqcAMCT+tWbe9shbxg3EYIVf4x6 + fWvL9T+KPwkjt7iJNf01Z0BXAkUMGHbp1rq/DXiLwP4ph2+H7+x1KSJQZFhe + N3X3ZRyOe5FdFXL68I806bS7tM56WYUJy5YVE32TRr6dd2qS3heZFDSkjLAZ + HqK8C/aC+GGnfEHTI9V0Xyv7eso5CjqQPPRBu8lz6nnYT0PHQmvXLrX/AAh4 + fvRa+Ibu1spb64aO1SYqpkK7QVQHrgsPzFdBd2douo2MawoFfzNwCjBwvGa2 + wGMr4OrDE0rp9Oz7rzXRmOYYOhjKU8NVs117rs/J9UfiuysrFWGCOCD1Br9N + f2bfiUni3wMukavcKNS0ErbsXYBpIMfuX56nAKn/AHcnrXyb+0t4Ih8IfEaW + 8sIhFY65H9rQKMKspJWVR/wIbv8AgVV/2bPECaL8U7CyuQrW2sJJZyBgCNzD + fGQD33qB9Ca/beI6FPNMp+sQWqXMvluvzXqfiHDlepleb/VpvRvlfnfZ/k/Q + /S6wu7VLq9Z5kUNICCWHIx25ovbu1a+smWZCqs+SGGBx3pLCztHubxXhRgkg + ABUcDHbii9s7RL2yRYUCuz5AUYOB34r8BP6ALV9e2b2VwqzxljGwADAknH1p + bK9s0srdWnjBEaAgsMg4+tJfWNkllO6QRqyxsQQoyDj6UWVjZPZ27vBGWaNS + SVGSSB7UAVrK7tVvb1mmQKzLglhg8dqL+7tXurJkmRgshJIYcDHfmvlz9qP9 + pHw7+y74OHi7UNCTxDd6jqEVlaaeJ1tS2Y2kkk8wxS4VAvOEOSyjjOaqfss/ + tN+Hf2pvCtz4ksdATw5faRqJtLqwNwt0RG8YeKXzBFFlX+YAFOCh60DR9dXd + 7ZtazKs8ZJRgAGHp9aj0+8s0sYEeeNWCKCCwBHH1p93Y2S2szLbxghGIIUen + 0r8+f2p/23bD9lvxVoHg+XwEnihtX0tNQNx9vFns3SyRbNptpt3+rzu3DrjH + GaBH33aXdquo3ztMgVzHglhg4XnFGoXdq81mUmRgsoJwwOBjqea/FuL/AIK5 + WEc80rfCFXWTbtU62MLgc4/0DvXo3gb/AIKq/CTxJrVlp/jzwZd+EbaSVQ93 + DMmowxg8EyhY4ZNg77Ec/wCzQM/Wy4vbI28gFxGSVb+Men1qvpt5aJYQI86K + wUZBYAj9apaZeeGvEegW/iHw9JbX+nahbrcW1zBteOWKRdyOjDggjkGvzYi/ + 4KGabbftDW37Pc/w4WRn8Rw+Hf7U/tJSd0tytsJzbm17FtxTzfbdQI/S62u7 + VdTvJGmQKwjwdwwcDnBzRqV3au1psmRts6E4YHAGeTSW1naNqd5G0KFVEeBt + GBkc4o1KztI2tNkKLunQHCgZB7HigDRlvrIxOBcR9D/GP8ap6Vd2kenwpJOi + sByCwBHP1qPWpvD2g6Rea1rL21hYWMLzT3E5SOKKNASzu7YCgDkkmvyL8Zf8 + FXfAXhvxDdaJ4M+Hz+KtLtDsTUpb8WP2hh95khNrMwTP3SzAkclV6UAfrpBd + 2o1W5kMyBWRADuGDj3zRql3ayLbeXMjbZ0JwwOAM81j+GLm01+1tdYNokKX9 + nbXIiOGEfnIH25wM4zjOBmtfVLO0jW28uFF3ToDhQMg546UAabX1ltP+kR9P + 74/xrO0i7tI9OhSSZFYA5BYA9T71oNp9jtP+jx9P7o/wrP0iztJdOhkkgR2I + OSVBPU+1ACRXdqNXmkMybDGoB3DGc+teY/Hy5tpvhN4hSKVHbyCcKwJ616bF + Z2h1aaIwpsEakDaMZz6V5l8e7S1h+E3iF4YURvIIyqgHr7Vhiv4U/R/kcuP/ + AIE/R/kfknX3b+xZc28CeMPPlWPcdPxuYDP/AB8etfCVfdn7FltbXCeMPtES + SbTp+Nyg4z9o9a+KyH/eofP8mfmvC/8Av1P5/kz7RW9s/wC3Hl8+PYYAN24Y + zu6ZzRrV7Zy2iLHPG58xDgMDwD9aRbGy/tt4fIj2CAHbtGM7uuMUazY2UVor + RQRofMQZCgcE/Sv0Q/XDY/tHT/8An5i/77X/ABrI0O8s4rBUlnjRtz8FgD94 + 1rf2Zp3/AD6xf98L/hXiOp+LLrRro2UFlaTKOd0sZZuSe4YUDSPWPttn/bvm + +fHs+zbd24YzvzjOetGt3tnLp7JFPG7bk4DAnhhXMeErtNekS7vLWBC0L5SN + MJlZMA4OecV02t2NlDYM8VvGjbk5CgHlh7UCNj+0dP8A+fmL/vtf8ayNFvbO + K0dZJ40PmOcFgOCfrWt/Zmnf8+sX/fC/4VkaNY2UtozSwRufMcZKg8A/SgBX + vLP+3I5fPj2CAjduGM7umaNdvbOXS5o4p43YlcAMCfvDtmkexshrccIgj8sw + E7doxnd1xijXLGyh0uaSKCNGG3BVQDyw7gUAbH9o6f8A8/MX/fa/41kaNeWc + cE4knjUmaQjLAZBPXrWt/Zmnf8+sX/fC/wCFZGj2NlLDOZYI3ImkAyoOADwO + lACy3tmdaglE8ZQROC24YBz65p2t3tnLpc8cU8bsQMAMCTyO2aZLY2Q1mCIQ + RhDExK7RgkHrjFO1qwsotLnkit40YAYIUAjkd8UAaiahYbR/pMXT++v+NZek + XlnGt35k8a7riRhlgMg4wR7VprpunbR/osXT+4v+FZWk2NlKt35lvG224kUZ + UHAGMAcdKAFuL2zOsWsgnjKKkgJ3DAz6mpNYvbOTTLhI543YrwA4JPP1qK4s + bJdYtYhBGEZJCV2jBI6ZGKk1iwsYtNuJIreNGVeCEAI5+lAGhDqFgIUBuYgQ + o/jX0+tZmlXlnG175k8a7rhyMsBkHHI56Vow6bp5hQm2iJKj+BfT6Vm6VY2U + jXvmQRtsuHUZUHAGOBx0oAW6vLNtXsZFnjKIJckMMDI4yc1Pqt9ZSadcJHcR + sxQgAOCT+tV7qxsl1axiWCMI4l3AKMHA4yMVPqthYx6dcSR28asqEghACP0o + AtW1/YLbRK1zGCEXI3r6fWs/TLyzSe+LzxqGmJGWAyMDkc1fttO09raJmtoi + Sikkovp9Kz9MsbKSe+EkEbBJiFyoOBjoKAFvbyzbVNPkWeMqhl3EMMDK8ZPa + rOp31k+n3KJcRszRsAA4JJx9aq3tjZJqenxrBGFcy7gFGDheMjHNWdS0+wj0 + +4dLeNWWNiCEAIOPpQBNZX9itnArXEYIjUEFxkHA96o6deWaXd+zzxqHkBUl + gMjHbmrllp1g9nAzW0ZJjUklBknH0qlp1jZSXd+rwRsEkAUFQQBjtxQAt/e2 + b39g6zxlUd9xDDAyvfmrl/f2L2NyiXEbM0bgAOCSSp96pX9jZJf2CJBGqu7h + gFABwvfirl/p9gljcultGrLG5BCAEEA+1AC6ff2KWFsj3EassSAguAQQo96p + 2F7ZpqGoO08YV2TaSwwcL2q1p+n2D2Fs720bM0aEkoCSSo9qqWNjZPqF+jwR + sqMm0FQQMr24oAXUbyze7sGSeNgkpLEMDgY781evL+xaznVbiMkxsAA4yTj6 + 1Q1Gxso7qxVII1DykMAoGRjvxV6807T0tJ2W2iBCMQQgyDj6UAR6ZfWSafbI + 9xGrLGoILgEHH1qtZXlmuqahI08YV/K2ksMHC84OeasaZp9hJp9u8lvGzMik + koCScfSq1nY2T6pqEbQRlE8raCowMrzgY4zQAup3tnJNYlJ42CzgnDA4GDye + a0bm/sGt5QLmMkq3G9fT61m6nY2Uc1kI4I1DzANhQMjB4PFaFxpunrbysttE + CFbB2L6fSgCvpN9ZR6bbpJcRqwQZBcAj9agtbyzXV72Rp4wjrHglhg4HODmp + dKsLGTTreSS3jZmQEkoCT+lQ2tjZNq97E0EZRFj2gqMDI5wKAF1a8s5GsvLn + jbbcIxwwOAM8n2rTm1CwMTgXMRJU/wAa+n1rL1Wxso2svLgjXfcIpwoGQc5B + 46Vpy6bp4ici1iBCn+BfT6UAUdGvbOLTLdJJ40YLyC4BHJ7ZqOC9sxrF1IZ4 + wjRoAdwwSPfNP0ewsZdMt5JbeN2ZeSUBJ5PtUcFjZHWLqI28ZRY0IXaMAn0G + KAF1e9s5EtfLnjbbcRk4YHAGck+1azahp+0/6TF0/vr/AI1kavY2USWpjt41 + 3XEanCgZBzkHjpWq2m6dtP8AosXT+4v+FAGbol7ZxaXBHLPGjAHILAEfMe2a + bFeWY1uaUzx7DCoDbhjOemaXRLGym0uCSW3jdyDklQSfmPfFNisbI61NEYI9 + ghUhdowDnrjFAC6zeWckEIjnjciaMnDA8A9eta/9o6f/AM/MX/fa/wCNY+s2 + NlFBCYoI0JmQHCgcE8itf+zNO/59Yv8Avhf8KAMrQ7yzi0yKOWeNGBfILAH7 + x7Ui3ln/AG48vnx7Ps4G7cMZ3dM560mh2NlNpkUktvG7EvksoJ4Y9yKFsbL+ + 3Hh+zx7BAG27RjO7rjHWgBdavbOWzVY543PmIcBgTgH61r/2jp//AD8xf99r + /jWPrVjZRWatFBGh8xBkKAcE/Stf+zNO/wCfWL/vhf8ACgDJ0S8s4rAJLPGj + b34LAH7x96Ptln/bwl8+PZ9m27twxnfnGc9aTRLGymsQ8sEbtvcZKgnhj7Uf + YbL+3RD5Efl/Zt23aMZ34zjHWgBdcvLOXT2SKeN2LJwGBP3hWv8A2jp//PzF + /wB9r/jWPrdjZQ6ezxQRowZOQoB5Ye1a/wDZmnf8+sX/AHwv+FAGTo17ZxWr + rJPGhMrnBYDgn61ILiCbXo2hkWQeQwypB53dOKi0axspbV2lgjciVxkqDwD9 + KkW2t4NejWCJYx5DHCgDnd14oA6CiiigAooooAKKKKACiiigD//V/c+Wzvhq + sEZvWLtGxD7F4A7Y96fq1lfxadM8t80qADKlFGeR3FMlv7k6rBKbKQMsbAJx + k570/Vr+5m06aN7KSJWAyzEYHIoAvR6fqRRSNRYDA48taztMs76T7X5V60e2 + 4kVsIp3MMZbn19K0Y9TuwigafKeB3FZ2mX9zF9r2WUkm+4kY4x8pOPlPuKAC + 4s75dUtY2vWZ2V8PsX5cDnj3qXU7K/jsJ3lvmkULypRRn8RUVxf3Lapaymzk + VkVwEOMtkdvpUup6hcy2E8b2MkasuCxIwKALUNhqRhjI1FgCo48teOKoadZ3 + 0kl2I71oyszBjsU7jxz7Vfh1O7WGNRp8pAUc5HPFUNOv7mOS8K2Ukm+ZmOMf + KeOD70AF1Z3y6lZRteszv5u19ijbheeO+an1Gx1COxneS/aRQhJXYoyPTNQX + V/ctqVlKbKRWTzcKcZbK84+lT6jqN1JYzxvYyxhkILEjA96AJraw1FraJl1B + lBRSB5a8DHSqVhZ3z3F4sd60ZSXDHYp3HHX2q7baldLbRKLCVgEUZBHPHWqV + hf3MdxeMtnI5eTJAx8px0NABeWd8t/Yo96zs5fa2xRtwvPHfNWb+x1BLK4d7 + 9nVY2JXYoyMdM1WvL+5e/spGspEKF8KcZbK9vpVm/wBRupLK4RrGVA0bAsSM + DI60AOs7HUWtIGTUGRSikL5anAx0qpZWd893eql6yMjqGbYp3HHX2q3Z6ldJ + aQIthK4VFAIIwcDrVSyv7lLu9dbKRy7qSBjK8dDQAX1nfJd2Sves7O7BW2KN + px196t3ljqKWk7PqDOoRiV8tRkY6VUvr+5ku7J2s5EKOxAOMtx0FW7zUrp7S + dGsJUDIwJJGBkdaAG2FjqD2UDx37IrIpC7FOBjpmq1nZ3z398iXrIyFNzbFO + 7K8cdsVZsNRuo7KBFsZXCooDAjBwOtVrO/uUv76RbORy5TKjGVwvf60AF/Z3 + yT2YkvWkLy4U7FG046+9Xbmw1FbeVm1BmARiR5a8jHSqV/f3Mk9mzWUiFJcg + HHzHHQVdudSu2t5VNhKoKMMkjjjrQBDp1jqEljA8d+0alAQuxTgemagtbO+b + U72Nb1ldBHufYvzZXjjtip9O1G6jsYI0sZZAqABgRg+9QWt/crqd7KLORmcR + 5UEZXC9/rQAalZ30b2YkvWkLTKFyijaeefer81hqQhkJ1FiAp48teeKoalf3 + MklmXspI9kysM4+YjsPer82p3bQyKdPlAKnnI44oAqaXZX8mnwPFfNEhXhQi + nH4mo4LO+OqXUa3rK6qhL7F+bI4GPapNL1C5i0+CNLKSRVXhhjBqOC/uV1S6 + lFlIzOqAoMZXA7/WgA1Ozvo/svm3rSbriNRlFG1jnDcelaL6fqQRidRY8H/l + mtZ2p39zL9l32Ukey4jYZx8xGflHua0X1O7KMDp8o4PcUAUdJsr+XToXivmi + Qg4UIpxye5pkVnfHVZ4xesHWNSX2LyD2x7U/SdQuYdOhjSyklVQcMMYPJpkV + /cjVZ5RZSFmjUFOMjHegA1Wzvo44DLetKDMgAKKME9Dx6VpnT9T/AOgk3/ft + azNVv7mWOAPZyR7ZkYE45I7fU1pnVLvH/IOl/MUAZmjWd9LpsMkN60KHdhQi + nHzHuaEs746vJEL1hIIQS+xckZ6Y6UaNf3MOmwxR2Ukqruwy4wfmNCX9yNXk + m+xSFjCBs4yBnrQAatZ30dujS3rSgyIACijBJ4PHpWp/Z+p/9BJv+/a1l6tf + 3MtuivZSRASIcnHJB6fjWp/al3/0DpfzFAGXo9nfS2CPDetEpLfKEU/xHuaB + Z339smL7c3meQDv2LnG77uOnvRo9/cw2CRx2ckoDN8y4xyxoF/c/2yZvsUm7 + yAuzjON2c/SgA1ezvorPdNetKu9BtKKOSevHpWp/Z+p/9BJv+/a1l6vf3M1n + sezkiG9DubGOD0rU/tS7/wCgdL+YoAy9Js76W0LRXrRLvcYCKeQevPrQbO+/ + thYvtreZ5BO/YucbumOlGk39zDaFEspJRvc5XGOT0/Cg39z/AGws32KTd5BX + ZxnG7OfpQAaxZ30WnyPNetKoK5Uooz8w7itT+z9T/wCgk3/ftay9Yv7mbT5I + 3spIlJX5mxgYYVqf2pd/9A6X8xQBl6VZ30kEjRXrRASuCAinJB5PPrRJZ3w1 + eKI3rGQxMQ+xcgZ6Yo0q/uYoJFSyklBlc5GOCT0/CiS/uTq8Uxs5AwiYbOMk + Z60ALrFnfRabNJNfNMg25Uooz8w7itIafqeB/wATJv8Av2tZusX9zNps0cll + JErbcsxGB8wrSGqXeB/xL5fzFAGZpdnfSJcGK9aILM4OEU5I6nn1oms74arb + xm9YuyOQ+xeAO2PejS7+5ijuAllJJumdjjHBPY+4omv7k6rbymykDKjgJxk5 + 7igB+rWV/Hp8zy3zSoAMqUUZ5HcVej0/UiikaiwGBx5a1R1bULmbT5o3spIl + YDLEjA5FXo9TuwigafKeB3FAGdplnfSG78q9aPbcOrYRTuYYy3tmi4s75dUt + I2vWZ2WTa+xflwOeO+aNMv7mI3eyzkk33DscY+UnHB9xXOeIvGX9javaNcWE + gKRs2CwBIfj0PpQFjqNTsr+OwneW+aRQvKlFGfxq1BYakYYyuosoKjA8teOK + 5m18WHxHo93JDYvEinYW3BgOAeeBXTQandrDGo0+UgKOcjnigChp1nfPJeCO + 9aMrMwY7FO44HPtRdWd8upWMbXrM7+btbYvy4XnjvmjTr+5jkvCllJJvmYkD + HynA4NF1f3L6lYymykVo/Nwpxlsr2+lAE+o2OoR2M7yX7SKEJK7FGR6Zqa2s + NRa2iZdQZQUUgeWvAx0qHUdRupLGeNrGWMMhBYkYHvU1tqV2ttEosJWARRkE + YPHWgClYWd89xeLHeshSTDHYp3HHX2ovLO+S/sUe9Z2cvtbYo24Xnjvmiwv7 + mO4vGWzkcvJkgY+U46Gi8v7l7+xkaykQoz4U4y2V7fSgCzf2OoJZXDvfs6rG + xK7FGRjpmnWdjqL2cDpqDIrRqQvlqcAjpTb7UbqSyuEaxlQNGwLEjAyOtLZa + ldJZwIthK4WNQCCMHA60AVbKzvnvL1UvWRkdQzbFO446+1F9Z3yXdkr3rOzu + Qp2KNpx196LK/uUvL11spHLupKjGV46Gi+v7l7uydrKRCjkgHGW46CgC3eWG + oraTs+oM6hGJHlqMjHSmWFjqD2MDx37RqyKQuxTgY6Zp95qV09pOjWEqhkYE + kjAyOtMsNRuo7GBFsZXCooDAjB460AV7Szvm1C+RL1kdDHubYp3ZXjjtijUL + O+SezEl60heXCnYo2nHX3otL+5TUL6RbORmkMeVGMrhe/wBaNQv7mSezZrOR + CkuQDj5jjoKALtxYaitvKzagzAKxI8teeOlQabY6hJYQPHftGpQELsU49s1P + caldtbyqbCVQVYZJHHFQabqF1HYQRpYySBUADAjB96AIbazvm1O9jW+ZXQR7 + m2L82Rxx2xRqNnfRvaCS9aQtMoX5FG088+9Ftf3K6leyiykZnEeVGMrgd/rR + qN/cyPaF7KSPZMrDOPmPPA96AL81hqQicnUWICnjy154qppdlfyafA8V80SF + eFCKcc+pq3Nqd2YnB0+UAqecjjiqml6hcxafBGllJIqrwwIweaAI4LO+bVLq + Nb1ldVTL7F+bPQY9qNTs76MWvm3rSbp41HyKNpOcNx6UQX9yuqXUos5GZ1QF + OMrj1+tGp39zKLXfZSR7J42GcfMRnge5oA0n0/UtjZ1Fjwf+Wa1n6TZX8unQ + yRXzRIQcKEU45Pc1oPqd2UYf2fKOD3FZ+kX9zDp0MaWUkqqDhlIweTQA2Kzv + jq08YvWDiNSX2LyM9MUarZ30cUJlvWlBmQAFFGCTwePSiK/uRq08ospCzRqC + nGQAetGq39zLFCHs5ItsyEE45IPT8aANT+z9T/6CTf8Aftay9Gs76XTYZIb1 + oUO7ChFOPmPc1qf2pd/9A6X8xWXo1/cw6bDFHZSSqN2GXGD8xoAEs746xJEL + 1hIIQS+xckZ6Yo1azvo7ZGlvWlBkQYKKOSeDx6UJf3I1iSb7HIWMIGzjIGet + GrX9zLbIr2UkQEiHJxjIPT8aANT+z9T/AOgk3/ftay9Is76WxV4b1olLN8oR + T/Ee5rU/tS7/AOgdL+YrL0e/uYbFY0spJQGb5lxjljQAfY77+2TF9tbzPI3b + 9i5xu+7jp718334IvrkMdxEj5Prya+kBf3P9smb7FJu8jbs4zjdnP07V8335 + LX1yxGCZHOPTk0FRPpfTrDUTp9qV1FlBiTA8tePlFQaRZ30tqWhvWiXe4wEU + 8g9efWp9O1O7XT7VRp8rARIMgjn5RUGkX9zDalEs5JRvc5XGOT0oJBrO+/th + YvtreZ5BO/YucbumOlGs2d9Fp8jzXrTICuVKKM/MO4oa/uf7YWb7HJuEBXZx + nG7r9KNYv7mbT5I5LOSJSV+ZsYGGFAGp/Z+p/wDQSb/v2tZelWd9JDKYr1og + JXBARTkg8nn1rU/tS7/6B0v5isvSr+5ihlVLKSQGVzkY4JPT8KACSzvhq8UR + vWMhiYh9i5Az0xS6xZ30WnTSTXzSoMZUooz8w7ikkv7k6vFMbKQMImGzjJGe + tLrF/czadNG9lJErYyzYwPmFAGiun6ltH/Eyb/v2tZul2d9IlwYr1ots7g4R + TkjqefWtJdUu9o/4l8v5is3S7+5iS4CWckm6d2OMcE9j7igAms74arbxm9Yu + yOQ+xeAO2Pen6rZX8enzPLfNKgHKlFGefUUya/uTqtvKbKQMqOAnGTnuPpT9 + V1C5l0+aN7KSJWHLHGBzQBdj0/UjGpGosBgceWtZ+m2d9Ibvy71o9s7q2EU7 + iMZb2zWjHqd2I1A0+U4A5yKztNv7mI3eyykk3zuxxj5SccH3FABcWd8up2kb + XrM7LJtfYvy4HPHfNS6nZX8dhO8t+0iheVKKM/jUVxf3LanaSmykVkWTCnGW + yO30qXU9QuZbCeN7GSNWXBYkYFAFmCw1FoIyuosoKjA8teOKo6dZ30kt4I71 + oysxDHYp3HHX2q9BqV2sEajT5WAUDORzxVHTr+5jlvCtnJJvmJIGPlOOhoAL + qzvl1Kxja9ZnfzdrbFG3C88d81PqFjqCWM7yX7SKEYldijIx0zUF1f3L6lYy + tZSK0fm4U4y2V5x9Kn1DUbqSxnjaxljDIwLEjA460AS2thqLW0LLqDKpRSB5 + anAx0qnYWd89zeLHeshSTDHYp3HHX2q5a6ldJbQqthKwCKAQRg8dap2F/cx3 + N4y2Ujl5MkDGVOOhoALyzvkvrJHvWdnZ9rbFG3A5475qzfWOoJZXDvqDOqxs + SuxRkY6ZqteX9y99ZSNZyIUZ8KcZbI7fSrN9qN1JZXCNYSoGjYFiRgZHWgBb + Kx1B7OB01BkVo1IXy1OAR0/CqtlZ3z3t6qXrIyMoZtindx19qtWWo3SWcCLY + SuFjUBgRg4HWqtlf3KXt662cjl2UlRjK4HegAvrO+S6sle9Z2dyFOxRtOOvv + Vy7sNRW1mZ9QZ1CMSPLUZGOlU76/uZLqyZrKRCjkgHGW46Crl3qV09rMjWEq + hkYEkjAyOtAEdhY6g9jA8d+yKyKQuxTgY6ZqvaWd82oXyJfMroY9zbFO7K8c + dsVYsNRuo7GBFsZXCooDAjB461XtL+5TUL6RbKRmcx5UYyuF7/WgA1Czvkms + xJetIXlAU7FG046+9Xriw1FbeVm1BmAViR5a88dKo6hf3Mk1mzWciFJQQDj5 + jjoKvXGpXbW8qmwlUFWGSRxxQBX02yv5LCB479o1KjChFOPbNQ21nfNqd5Gt + 6yugj3PsX5sjjjtiptN1C5isII0sZJAqgBgRg1DbX9yup3kospGZxHlRjK4H + f60AGpWd9G1p5l60m6dQvyKNpOefetCWw1IROTqLEAHjy154rP1K/uZGtC9l + JHsnVhnHzEZ4HvWhLqd2YnB0+UZU85HpQBT0uyv5NPgeK+aJCvChFOOfU1HB + Z3x1W5jW9ZXVEJfYvzA9Bj2qTS9QuYtPgjSykkVV4YEYPNRwX9yuq3Mos5Cz + IgKcZXHc/WgA1SzvoxbebetJunRRlFG0nOG49K0n0/UgpJ1Fjwf+Wa1m6pf3 + Motd9nJHtnjYZI5IzwPc1pPqd2UYf2fKOD3FAGfpFlfy6dDJFfNEhBwoRTjk + 9zTYrO+OrTRC9YSCNSX2LkjPTFO0i/uYdOhjSyklVQcMpGDyabFf3I1aaYWU + hZo1BTjIAPWgA1Wzvo4oTLetKDMgAKKMEng8elan9n6n/wBBJv8Av2tZeq39 + zLFCHspIwsyEE45IPT8a1P7Uu/8AoHS/mKAMvRrO+l06KSG9aFDuwoRTj5j3 + NC2d8dYeIXrCQQg79i5I3dMdKNGv7mHToo47OSVRu+ZcYPzGhb+5GsPN9jkL + GELs4yBu6/SgA1azvorZWlvWlBkQYKKOSeDx6Vqf2fqf/QSb/v2tZerX9zNb + Ir2ckQEiHJxjg9PxrU/tS7/6B0v5igDL0izvpbJXhvWiXc3yhFPRj3NH2O+/ + tnyvtreZ9n3b9i5278bcdPejSL+5hslSOyklG5juXGOWNH2+5/tnzvsUm77P + t2cZxvzu+nagA1ezvorIvNetKu5RtKKOpHPHpWp/Z+p/9BJv+/a1k6zqMz2D + Ca0eBAyku5GBg1n3HxF0S1Yo4LMOyEP+q5H60AcZ4yW5g0S1uBcNgXThQBjD + AH5gRzXJ2XjPX7OVZTcmcquwGT5m25zjcefzzV7xH4ms9X0uHT7aN1aOdpSz + YAIYHgc571w9BaR62nji21GzaG+upIZTt+RkUoeR0deeOvIFem28F1eRCe11 + fzo26MiowP4ivlerllqN9psvn2Fw8D+qMRn6+v40C5T6P0qzvpIZTFetEBK4 + ICKckHk8+tElnfDVoYjesZDExD7FyBnpivLNC+JF/pimG+gW6jZixYHY+T19 + QfyFdlaeOdK1LU4biFSjBCmxyFJJPYnj9aBWPi/9sWC4g8V6AtxcG4JsnwSo + XH70+lfHtfYX7YlzJc+K9AaSBoMWT4DY5/eHnivj2vzfOf8Aep/10Px3iL/f + anr+iP0R8d3F1Z/syRyRTlVntNOhKYHO7ySTn3AxX5/V98fERZp/2ZLZUhZk + hg0yVnHQcRLz+dfA9f1j4XJf2a2v5n+UT5vxFb+uUr/yR/Nn6+eGdDn0X4f6 + Rp63J8q1sLdCgQAEhFzz16810t+8uk6VcatfakYrWzheeRti/LHGpZj+AFY2 + k6xJqXgzTrpLZxFc2VvIH4xtdFINeMftM+OZtE+HI0CKNoLnXnWAEkZ8mPDy + kfX5VPs1fk2DwM8XjlQ6ylr9+r+R+y4zHQwmBdfpGOn3aL56Hy7oGr+JNK8S + af8AHq9kaOz1LWp7acgZKpIoL+xGxnCj1Sv0glt7pr60xelzIrlHCjgYzx2O + a+FdU8f/AAqm+CDfDe2u5HvoIklhbyJAPtaYdjkrgb23DPYNX0R8DPG8vivw + LoU0iNPd6Sj2M2DksYVAU/XyypPvmvreMMNUrUI4qVJw5JOGqt7u8X+aPkuD + sTTo15YWNVT54qejT97aa/Jnz78C/h14V8aw+Lb3xJZJePp90gj3FhgPvJ+6 + w64q78Y/BGk/BvU/C/jTwBI9hqE85X7OjMQ4UKTgMzHBztYdCCOPXjfhR4Q8 + b+J/+Emm8K+JJ9Bgt7kCdIgxWQsXKltrL0wa+gfCvwKvY/Edn4t+IOr3viu6 + sdrW0coIiQqcrku7llB5CjaM9c9K9nNMxp4bMKlWtibxS/h+873ja38uu54u + V5dUxOX06VHDWlfSp7qtaW/82m3/AADkP2io5V8W+A1aUs39o3AzgDnzLXmv + rm5tLxb6zRrwsz+ZtbYPlwvPHfNfI37Rcrt4t8BuYyp/tG4bB65Mlrx9a+ub + m9na/s5DaOpTzMKcZbK9vpXxOb/8i7Bek/8A0tn3GU/8jHG+sP8A0hHyp+15 + osq+GdB1m4n897e8e3GVCkCaMuen/XIV8V+D72TTvFmi6hC2x7a9tpFPoUkU + /wBK+4P2udVaTwVo2nSwNC0uoCUbsciOF1P/AKGK+F/Dlu934h0u1iUu811A + iqOpLOABX6pwPrlCU9ve+67/AOCflHHOmcNw39377L/gH7D2drePcXapdlCr + gMdgO4460XdreLd2ivdl2Zm2tsA28frRZ3s6XF2y2juXcEgY+XjoaLu9ne7t + Ha0dSjNgHGW47V+Bn78WLyzvktJme9Z1CMSuwDIx0otLO+a0hZL1kUopA2A4 + GOlF5f3L2kyNZyIGRgScYHHWuS8ZfEGy+HPw+1fxxrds40/w/p8t5K2QNyQR + lsLnu2MKO5IFA7n4I/8ABSj4g6h8Rf2ibT4XaJI2oR+FI47JI0583Ub7Y8oU + DjOPKjx2ZSKg/wCCfXjHWPg3+1Ld/CbxO505tfkn0W7jY5EWpWTuYc+p3rJE + vvJWD+w/4V1n4+ftfR/ELxNC2of2Vc3PifUGA4a6Mu6HBPA/0mRHA/uofSt7 + /gob4P1f4P8A7VNr8U/DcT6b/wAJD9l1y0kxgR6hZuqy49TvjSVveSgR/RJc + 2V+ttKzXzMAjEjYBkY6V+AX/AAVbSRPjD4LMkm8N4bjI4xtH2u44r9w/h38S + rT4o/DTQ/H+j2jiz8Q6fFdrhgRGZUy6E+sbZU+4Nfh3/AMFWpGk+MPgsNGU2 + eG4wM/xD7XccigD9Ff2fv2WPgH4n+DHgPWtY8C6NdX994c0W6uJ5bGKSSaa4 + sopHdiRyzMSSe5OTXyn/AMFA/wBjH4T/AA/+E0/xf+HGnx+H77SLm3ju7a3y + ttcQXMohBEZYhHV3UgpgFcgg8Ecl8Kv+CpOi/Df4f+G/BM3w7uL99A0nTtMa + ddSSMSmwtkgMgU27YD7d2MnGcZNfPv7UP7c/j/8Aau03T/htoPhkaBokl1HJ + 9ht5Xvry+uASIlZ1jjyoJysax5LYJLYGAZ93/wDBKfxp4g8RfCDxb4KvL52s + /C1/HJaqw3bIr6NnaMZ6L5kbsB6ua/O69Vm/4KK2qo21j8SLMBuuCdUj5/Cv + 17/YF+AniH4A/Be5Pi7T5YPEfi6YX93Aw2m1iWPZBA4PO9VLO/QhnK/w5P5C + XrlP+Citq6qWK/EizIA6nGqR8fjQI/pcgtbxtQuo1uyrqE3NtHzZHHHtRf2t + 4jW3mXZk3TKB8gG0+tEF7OuoXUgtHZnCZXjK4Hf60X97PI1sWtHTZMrDOPmI + 7D3oA/N7/go34G+MPxMtvhx8JvhrJd6j/wAJHeXz3ltEfKtilqsBSW6YfKIo + i5bL8ZxgFtor8g/2rP2frT9m/wAY+GvA0eptq15faBb6lfTldkf2qa5uYmWF + eojVYlA3ck5JxnaP6q5NRuTGwNjIMg88V/O9/wAFTHZv2gPDoKldvhazAz3H + 2295FAH7y/Dq1u28K6GiXZRhpViS20HIMK4GPauu1G1vI1t/MuzJumQD5AME + 5wfwrkfhzeTp4U0J1tXYnSrAbRjIAhXn8a67Ub2eVbcPaPHtmRhnHJGePqaA + L7WOobTm/bp/cWqOl2l7JYRPFeGJTnChAccnvV5tRuipH2GTp7VR0u9uIrGK + NLSSQDPzDGDyaAuJHa3h1OWMXZDiNSX2DkZ6YrzP47213F8KPELzXRmX7Ofl + Kgd/avTI72canLKLRyxjUbeMjnrXmfx3vJ5/hR4hSS2eIfZydzYx1rDFfwp+ + j/I5cf8AwKno/wAj8mq+5v2Mre5nTxf9nuTb7TYZwobOftHr6V8M19zfsZXU + 1sni/wAq3e43Gwztxxj7R1z618VkP+9Q+f5M/NeF/wDfqfz/ACZ9mrZ339sP + EL1vMEIO/YucbumOlGrWd9FbK0t60q+YgwUUck8Hj0oW/uf7Yeb7FJuMIXZx + nG7r9KNWv7ma2VXspIgJEOTjHB6fjX6Ifrhqf2fqf/QSb/v2tfOXigEas+Tn + 5R/Wvo3+1Lv/AKB0v5ivnLxQSdWfIx8o/rQVE9E8AQXE1rGsFwYD5chyFB48 + zGOffmu11ezvorJnmvWlUMvylFHcdxXFeALmWC1jaOBpiI5FwuM48zOee3au + 11e/uZrJkeykiG5fmYjHBFAman9n6n/0Em/79rWXpNnfS2zNFetEvmOMBFPI + PJ59a1P7Uu/+gdL+YrL0m/uYbZlSyklBkc5GMcnp+FAgazvhrCRG9YyGEnfs + XIG7pjpRrFnfRadK8160yDblSijPzDuKGv7k6wk32OQMISuzjJG7r9KNYv7m + bTpY5LKSJTt+ZsYGGFAGp/Z+p/8AQSb/AL9rWXpVnfSQzGK9aICVwQEU5IPJ + 59a1P7Uu/wDoHS/mKy9Kv7mKGYJZySgyuSRjgk9PwoAJbO+GrQxm9YyGNiH2 + LwM9MU7V7K/i06aSW+aVABlSijPI7imy39ydWhmNlIGWNgE4yQT1p2r39zNp + 00b2UkSsBlmxgcigDQXT9S2jGot0/wCea1m6ZZ30i3PlXzR7Z5AcIp3EYy3P + rWkup3YUD+z5Tx6is3TL+5iW52WUkm6eRjjHBOOD7igAns74arbRteszsjkP + sX5QOox71Jqtlfx6fO8t80qAcqUUZ59RUc9/ctqttKbKQMqOAnGTnuPpUmq6 + hcy6fPG9lJGrLyxxgc0AXIrDUjEhGosAQOPLXjis/TbO+ka78u9aPbO4bCKd + xGOfbNaEWp3YiQDT5TgDnI9Kz9Nv7mJrvZZySb53Y4x8pOOD7igAubO+XU7O + Nr1mdhJtfYvy4HPHfNTalZX8dhO8l+0ihSSuxRn2zUNzf3LanZymzkVkEmEO + MtkdvpU2pahdS2E8b2MkYZSCxIwKALFvYai0EbLqLKCowPLXjiqOn2d8814I + 71oyspDHYp3HHX2q9b6ldrBGo0+VgFAyCOeKo6ff3Mc14VspHLykkDHynHQ0 + AF3Z3y6jYxveszuZNrbFG3C88d81Y1Cx1BLGd5L9pFVGJXYoyMdM1Xu7+5fU + bGRrORWjMmFJGWyvb6VY1DUbqSxnRrGVAyMCxIwOOtAElpYai1rCyagyKUUg + eWpwMdKp2FnfPdXqpesjJIAx2Kdxx19quWmpXSWsKLYSsFRQCCMHA61Tsb+5 + jur1lspHLyAkDGV46GgAvbO+S9ske9Z2dmCtsUbeOvvVq9sdQSznd9QZ1WNi + V8tRkAdPxqre39y97ZO1lIhRmIU4y2R2q1e6jdPZzo1hKgaNgWJGBkdaACxs + dQeyt3TUGRWjQhdinAIHGfaqtnZ3z3t6iXrIyMm5tindlfTtirVjqN0llbot + hK4WNAGBGDgDkVVs7+5S9vXWykcuyEqMZXC9/rQAX9nfJc2SyXrOXkIU7FG0 + 46+9XLqw1FbWZn1BmUIxI8tRkY6VTv7+5kubJms5EKSEgHHzcdBVy61K6e1m + RrCVQyMCSRgZHWgCLT7HUHsYHjv2jUopC7FOBjpmoLSzvm1G+jS9ZXTy9zbF + O7K8cdsVPp+o3UdjBGtjLIFRQGBGDx1qC0v7lNRvpFs5GaTy8qMZXC9/rQAa + hZ3yS2YkvWkLTAKdijacdfer09hqIgkLaizAKcjy154qjqF/cyS2ZaykjKTA + gHHzHHQVen1O7aCRTp8qgqRkkccUAV9Msr+SwgeO/aNSowoRTj8aht7O+bVL + uNb1ldRHufYvzZHHHbFTaZqFzFYQRpYySBVADAjBqG3v7ldUu5RZSMzrHlRj + K4Hf60AGp2d9GbTzL1pN06KuUUbSc4b3xWhLYakI3J1FiADx5a1n6nf3MptN + 9nJHsnRhkj5iM8D3NaEup3ZjcHT5RkHnIoApaVZX8mnwvFfNEhHChFOOfU0y + GzvjqtxGt6wdUQl9i8g9Bj2p+lahcxafBGllJKqjhgRg80yG/uRqtxKLKQsy + ICnGRjufrQAapZ30a23m3rSbp0AyijBPQ8elaTafqW0/8TJv+/a1m6pf3Mq2 + weykj2zowzjkjsPc1pNql3tP/Evl/MUAZ2kWd9Lp0MkN80SEHChFOOT3NJHZ + 3x1eWIXrCQRKS+xckZ6YpdIv7mHToY0spJVUHDKRg8mkjv7kavLMLOQsYlGz + jIGetABqtnfRwxGW9aUGVAAUUYJPB49K1P7P1P8A6CTf9+1rL1W/uZYYlezk + iAlQ5OOSD0/GtT+1Lv8A6B0v5igDL0ezvpdPjeG+aJCWwoRTj5j3NC2d9/bD + RfbW8zyQd+xc43dMdKNHv7mHT4447KSVQW+ZcYOWNC39z/bDTfYpNxhC7OM4 + 3dfpQAatZ30dqGlvWlXegwUUck9ePStT+z9T/wCgk3/ftay9Wv7ma1CvZSRD + ehy2McHp+Nan9qXf/QOl/MUAZekWd9LZBob1ol3MNoRT0PXn1o+x339siL7a + 3mfZ92/Yudu7G3HT3o0i/uYbIIlnJKNzHcuMcmj7fc/2yJvscm7yNuzjON2c + /TtQAaxZ30VizzXrSruX5SijuO4rU/s/U/8AoJN/37WsvWL+5msWjks5IhuX + 5mxjgitT+1Lv/oHS/mKAMvSbO+ktnaK9aICRxgIp5B5PPrViCC5h12MT3BnP + ksclQvGenH51X0m/uYrZ1SyklBkc5GMZJ6fhViC5luNdjaS3aE+Sww2Omc54 + oA6WiiigAooooAKKKKACiiigD//W/dua6tjrVtIJkKiJwTuGB+NP1u6tZNLu + ESZGYgYAYE9RVebTrEaxbwiBAjRuSuOCRT9Z06wh0yeWK3RHUDBAGRyKANaO + 9sxGgM8fQfxCsvSLq2T7bvmRd1zIRlgMg45q9HpWmmNSbaPJA/hFZmlafYy/ + bPNgRtlzIq5A4UYwKAJbm6tjrFm4mQqqSZO4YGRU2r3dq+mXCJMjMV4AYE1U + udOsV1azhWBAjrISuBg4HFS6tpthFp1xJFborKuQQBkUAaVve2YgjBnjBCj+ + IelZulXVskl8XmRd07EZYDIwORVuDStNaCNjbRklR/CPSs/TNOsZZL0SQIwS + dlXI6AAcCgCW8urZtW091mQqolydwwMqMZqxqt3avp1yqTIzFDgBgTVK706x + TVLCJYECSebuGODheM1Pqem6fFp9xJHborKhIIAyDQBdtLy0W0hBnQEIvG4e + lUNMurZLm/LTIA0uRlhyMdqs2ul6c9rC7WyEsiknaOpFUdO06xkub5ZIEYJL + hQQOBjoKAJb66tm1LT3WZCqtJkhhgZXvVvUry0bT7lVmQkxuAAwyeKz73TrF + NQsI0gQLI0m4ADBwvGatahpmnx2FxIluissbEEKMggUAWLG8tFsbdWnQERoC + Cw9BVLT7q2W+v2aZAGdcEsOfl7VPZaXpz2Vu72yFmjQkkDkkVTsNOsZL2+R4 + EZY3UKCBwMdqAJdRurZr3T2WVCFkYkhhxx3q7fXlo1jcKs6EmNwAGHoazb/T + 7GO8sUSBFWR2DAAcjHerl7penJZXDpbIGWNyCFHBANAD9Nu7RNPtlaZARGoI + LDI4qrY3Vsupag7TIFYx4JYYOF7VJp2mafJYW8klujM0akkgZJIqtZafYvqN + /G8CFYzHtBAwMrzigCXU7q2e5sCsyELNk4YcDHetC7vLRrWYCdCSjcbh6Vla + jp1jHcWSxwIoeXDAAcjHQ1eutL05LaZltkBCMQdo64oATSru1TTrZXmRWCDI + LAGq9ndWy6tqDtKgVhFg7hg4XnFO0zTdPl0+3kkt0ZmQEkgZJqC00+xfVb+J + oEKRiLaMDAyvOKAJdVurZ5LEpKjbbhScMDgc8mtK4vbMwSATxklT/EPSsjVN + PsYpLIRwIoedVbAHIOeDWjPpWmrBIy20YIUkfKPSgCDR7u1TTLdHmRWC8gsA + aitrq2GsXjmZArJHg7hg4FGk6bYTadbyS26MzLkkgZNRW+nWLatdwtAhREjI + GBgZHNAEur3Vs/2LZMjbbmMnDA4AzzWrJe2flt+/j6H+IVi6rp1jF9j8qBF3 + 3ManAHKnORWm+laaEYi2j6H+EUAVNEurWPS7dHmRWAOQWAPU0yG6thrVzIZk + CmJADuGD+NN0bTrCbTIJZbdHdgckgZPJpkOnWLaxcQmBCixoQuBgE0AS6zdW + 0kVuElRsTxk4YHgHrWub2zx/r4/++xWHq+n2MMVuYoEQtPGpwByD1Fap0nTP + +fWP/vkUAZ+g3VtHpMCSTIrDdkFgD940R3Vt/bksnnJtMCjO4Yzu9ai0PTrG + fS4JZoEd23ZJAJOGNCadYnWpIDAnliFWC4GM7utAEutXVtJbRhJkYiWM8MDw + DWx9ts/+e8f/AH2KwtY06xhto2igRCZUGQB0J5rW/snTP+fWP/vkUAZ2hXVt + HpqJJKitufgsAfvGgXVt/bzSecmz7MBncMZ39M1Fomn2M+npJNAjsWfkgZ4Y + 0DTrH+2zB5CeX9nDbcDGd+M0AS65dW0ljtjlRjvTgMD/ABVsfbbP/nvH/wB9 + isLWtPsYLLfDAiNvQZAHQmtb+ydM/wCfWP8A75FAGdol1bR2RV5kU+Y5wWA7 + 0NdW39urJ5ybPs5Gdwxnf0zUWjadYzWZeWBHbzHGSB0BoOnWP9trB5CeWbct + txxndjNAEuu3VtJpkiRzIzEpwGBP3hWx9ts/+e8f/fYrC1vTrGDTpJIYERgU + wQMHlhWt/ZOmf8+sf/fIoAztFuraO2lDzIpM0h5YDgmiS6tjrkMglTaIWGdw + xnPrUWj6dYzW8rSwI5ErgEgdAeBRJp9iNaigECeWYWJXAxnPWgCbXbq2k0qd + I5kZjtwAwJ+8K1he2eB+/j/76FYmt6dYwaXPLDAiOu3BAAI+YVqDSdMwP9Fj + /wC+RQBn6PdW0cdyHlRc3EhGWAyD3onurY6zbSCZCojcE7hgfjUWkafYzR3B + lgRys8ijIHAHQUTadYrrFtCIECNG5K4GCRQBZ1q7tZNLuESZGYgYAYE9RWhH + e2YjQGePoP4hWTrGnWEOmzyxW6I6gYIAyORWhHpWmmNSbaPJA/hFAFHSLq2Q + 3u+VF3XMhGWAyDjkV5H8UZYptatWicOBbgZUg/xt6V6vpWn2MpvPNgRtlxIq + 5A4AxgV5N8TraC21m2S3jEam3BIUY53tQVE1vAssS+FdTjZ1DtKcAkZPyr0F + etW95aC3iBnjBCr/ABD0ryLwNbW8nhjUp3jVpElO1iOR8q9K9Wt9K01oI2a2 + jJKgn5R6UCZU0u6tklvi8yLunYjLAZGByKLy6tm1bTnWZCq+dkhhgZUYzUWm + adYyy3okgRgk7KuQOBgcCi706xTVLCJYECSebuGBg4UYz9KBF7VLu1fTrlUm + RiUbADAk8VNaXlotpCDOgIReNw9Kp6npmnxafcSR26KyoxBAGQcVNa6Xpz2s + LtbISyKSdo6kUAVtNurZLq/LTIA0uRlhyMdqL+6tm1LT3WVCqtJkhhgZXvUW + nafYyXN8skCMElwoIHAx2ovdPsU1CwjSBFWRn3AAYOF4zQBoajd2j6fcqsyE + mNwAGGTwadYXlotjbK0yAiNAQWHHAqvqGmafHYXEiW6KyxsQQoyCBS2OmadJ + ZW7vbIzNGhJKjkkCgCHT7q2W+1BmmQBnXBLDn5e1GoXVs17YMsyELIxJDDjj + vUVhp1jJe3yPAjLG6hQQOAV7UX+nWMd5YokCKskjBgAORjvQBp315aNZXCrO + hJjcABh6Go9Mu7VNPtlaZARGoILDI4pl7penJZzulsgZY2IIUcEA0zTtM0+S + wt5JLdGZo1JJAySRQBHY3Vsup6i7TIFYxYJYYOF7UandWz3FgUlRgswJwwOB + jvUVlp9i+pX8TwIUjMe0EDAyvOKNS0+xiuLFY4EUPLhgAORjoaANW6vLQ20w + E6ElG/iHpVfSru1TTbdHmRWCDILAGnXOl6cttKy2yAhGIO0elV9L03T5dPt5 + JLdGZkBJIGSaAG2l1bLq1+7TIFYRYO4YOFOcUardWzyWOyZG23CE4YHAweTU + Vrp1i+q30TQIUjEW0YGBlecUanp1jE9kI4EXfOqtgDkHPBoA2J72zMEgE8ZJ + U/xD0qjo93applujzIrBeQWAPWp5tK01YZCLaMEKf4R6VS0jTbCbTYJJbdGd + l5JAyeaAFtrq2Gs3jmZArJHg7hg4HrRq91bOLPZMjbbmMnDA4AzzUVvp9i2r + 3cLQIURIyFwMDI5o1XTrGIWnlQIu+4jU4A5BzkUAbT3tnsb9/H0P8QrN0S6t + Y9Lt0kmRWAOQWAPU1bfStNCMRbR9D/CKztG06wm0yCWW3R3YHJIGTyaAHw3V + sNauJDMm0xIAdwxnPrRrN1bSQ24SZGxPGThgeAetRRadYnWLiEwIUWJCFwMA + k0avp1jDFAYoEQtNGpwByCeRQBu/bbP/AJ7x/wDfYrH0G6to9JgSSZFYbsgs + AfvGtH+ydM/59Y/++RWToen2M+lwSzQI7tuySAScMRQBKl1bf25LJ5ybTAoz + uGM7umaNauraS1QJMjHzUPDA8ZqJNOsTrUkBgTyxCGC4GM7utGsadYw2qNFA + iEyoMgdieaAN37bZ/wDPeP8A77FY+h3VtHpyLJMinc/BYA/eNaP9k6Z/z6x/ + 98isnRdOsZ9PSSaBHYs/JHPDGgCUXVt/bxk85Nn2bGdwxnf0zXzJqBBv7kjk + GV//AEI19LDTrH+3DB5CeX9n3bccZ34zXzRqAC39yqjAErgf99GgqJ9TaZeW + g061BnjBESfxD+6Kq6JdW0dkVeZFPmOcFgO9SabpenNp1qzW0ZJiQk7R/dFV + tG06xmsy8sCO3mOMkDoDQSStdW39upJ5ybPs5Gdwxnd0zRrt1bSaZKkcyMxK + cBgT94VE2nWP9trB5CeWYC23HGd2M0a3p9jBpskkMCI4K4IGDywoA3fttn/z + 3j/77FY+jXVtHbzB5kUmaQ8sBxmtH+ydM/59Y/8AvkVk6Rp1jNBK0sCORM4B + I7A8CgCWS6tjrcMgmTaIWGdwxnPrS67dW0mlTpHMjMQuAGBP3hUMmnWI1mGE + QJ5ZhYlccZz1pdb06xg0yeWGBEdduCAAR8woA2lvbPaP38fT+8KydHurZEut + 8yLm4kIywGQcc1fXSdN2j/Ro/wDvkVl6Tp9jMlyZYEfbPIoyBwB0FAEs91bH + WrWQTIVEbgncMD8ak1m7tZNLuESZGYrwAwJ6iq0+n2K6xbQiBAjRuSuBgkU/ + WNOsIdNnlit0R1XggDI5oA1or2zESAzx9B/EKy9JurZDe75kXdcyEZYDIOOR + V2LStNMaE20ZJA/hFZuladYym88yBG2XDquQOAMYFAEt1dWx1eycTIVVZcnc + MDI7mptXu7V9NuESZGYocAMCaqXOnWK6tZxLAgR1k3DAwcDjNTarpthFp1xJ + FborKpIIAyKANC2vLQW8QM8YIRf4h6VnaXdWyTXxeZF3TsRlgMjA5FW7fS9O + a3iZraMkqpJ2j0rP0zT7GWW9EkCMEmZVyBwMDgUAS3l1bNqunOsyFV87J3DA + yvGas6pd2r6dcqsyMTGwADAk8VRu9OsU1TT4lgQJJ5u4YGDhcjP0qxqWmafF + p9xJHborKjEEAZBxQBcs7y0W0gVp0BCLkbh6VQ026tkur8tMgDSgjLDkY7VZ + tNL057WF2tkJZFJO0ckiqOn6dYyXV8skCMElAUEDgY7UAS391bNqOnssqEKz + 5IYYHy96t6jeWjafcqsyEmJwAGGTwaz77T7FL+wjSBFWRn3AAYOF4zVrUNM0 + +OxuJEt0VljcghRkEA0AT6feWi2FsrTICIkBBYZB2iqen3Vst/qDNMgDOmCW + HPy9qmsNM0+Sxt3e3RmaNCSVHJIFVLDT7GS+v43gRljdQoIGBkdqAJdRurZr + ywZZkIWQkkMOOO9Xr28tGs51WdCTGwADD0rM1DTrGO7sUSBFWSQhgAORjvV2 + 80vTks53S2QMsbEEKOCBQA7TLu1TT7ZWmQERqCCwyOKq2V1bLqmou0yBWMWC + WGDhe1SadpmnyWFvJJbozNGpJIGSSKrWenWL6lfxPAhSMx7QQMDK84oAl1O6 + tnuLEpKjBZgThgcDHetC6vLQ20wE6ElG/iHpWVqWn2MU9kscCKHmAbAHIx0N + X7nS9OW2lZbaMEIxB2j0oAZpN3apptujzIrBBkFgDUFpdWw1e/czIFYRYO4Y + OAelLpem2EunW8klujMyAkkDJqG106xbVb6JoEKIItoxwMjnFAEuq3Vs72Wy + ZG23CE4YHA55Nac17ZmGQCeP7p/iHpWPqmnWMT2YjgRd9witgdQc8GtGbStN + ETkW0YIU/wAI9KAINHu7VNMt0eZFYLyCwB61Fb3VsNZu5DKgVkjwdwwfxpNI + 02wm02CSW3R3ZeSQMnmo7fT7FtXuoWgQoiIQuBgE9aAJdYuraRbPZKjbbmMn + DA4AzzWq97Z7G/fx9D/EKxdW0+xhW08qBF33EanAHIOcitN9K00IxFtH0P8A + CKAKeh3VtHpVukkyKwByCwB+8abFdWw1qeQzJtMSAHcMZz60zRdOsZtMgllg + R3YHJIGTyabFp1idYnhMCFFiUhcDAJNAEus3Vs8MASZGInjJwwPANbH22z/5 + 7x/99isLV9OsYYYDFAiFpo1OAOQTyK1v7J0z/n1j/wC+RQBnaDdW0elQpJKi + sN2QWAP3jQl1bf27JJ5qbDABncMZ3dM1Foen2M+mQyzQI7ndkkDPDGhNPsTr + ckBgTyxAG24GM7utAEut3VtJaIscqMfNQ4DA8ZrY+22f/PeP/vsVhazp9jDa + o8UCITIgyAOhNU/EV94d8OWnn3VtG8r58uIAbnP9AO5/rQBb0vUtPsdJ828u + I4VRnJLMB/Ea81134i/8TF59AT/ll5XmSL/tZyq/4/lXnGoalc6lLvnOFH3V + HAH+fWus8O+Bb7VbpU1ItZRGPzQCPnZc44B6Z9T+VBVjlNQ1bU9Wl8zULl7h + uwY8D6L0H4Crdj4c1nUOYLfavrIyxj/x8jP4V7lc+FtD0XTc2VqokDIPMb5n + OSAeT0z7YFdV/ZOmf8+sf/fIoDmPmTUfD95pllHe3MkREjmMIrZcEc5IxjHH + rWFXq/ja3hTw9bSogDm6dcgc4AbivP8AS9B1bWJlhsLdnLDO4/KuB1OTgUDT + MilAJIAGSa9U/wCFavY2D3uqXQLrt/dxDjkgcsfr6fjXqdl4W8P6egS1sYwR + /Ew3Mf8AgTZNAcx4BpPhHVdV+fMdrFnBaZwn5L979MV32m+BtAstQhjv7kXy + lCzZYIm4dBwc/ma7vSNOsZoZmlgRyszqMgdAeBRLp1iNZhhECeW0TErgYJB6 + 0E8x8EftiLZx+J/DkFiEWKOxcBY8bV/enjAr48r7G/bJtre18WaAtvGsYaxc + kKMf8tTXxzX5vnP+9T/rofjvEX++1PX9EfqpZaNH4m+ADeHwyme70iPylJAJ + lW3Ro/8Ax9RX5d9ODX68fCqztZ/h/oTzRK7CzthkjPHkpX55fHzwE3gP4hXs + VvHs03VCbu1IHyhZDl0H+4+Rj+7tPev6S8K8zUefCSe6Ul8lZ/p9zMvEfLJS + oUcXFbLlfz2/X7z7I+AfjC38R/B+30+SVftmjZs5EJ+bapzEQOuNhA+oNO8X + fDTV/HHxZ0HxNrNxZP4X0SNNtu0haWR1Bcloyu3DSbQQW5Vfwr4k+DvxD/4V + /wCJjLe/NpeoqIboYzsGcpKB6of/AB0sOuK/VeytdIvLOC7to4popkV0dMMr + KwyGBHBBHevM4nwtbK8fOtRWlROz7X3t2a/Jnv8AC+Lo5pl9OjWfvU2rrvy7 + X7p/mjltO8LeCc3Xm6Rp3+vfbm3h6cYx8vSvI/hZ8N9Z+G3j3W2Fzav4b1SS + SW1SOUmSIhjsDKVCj5GKkgnOBXvenWNnI135kKtsndRkdAMcUtxY2a6laRLC + oRxJkY4OBxXyNLNa0KVSje8Z2vfXZ3VvM+uq5VRnVp1rWlC9rabqzv5HhXwe + +HWtfDrT/FKa7c2kp1aZJYRbyl/lXfnduVcH5h0zX0Pb3VqLeIGZAQq/xD0q + lqVhZRWM0kcCKyqSCByKsW+nWDQRs1uhJUE8e1Z5hj6mKrSr1fif6Kxpl+Ap + 4WjGhS+Ffq7nzx8V/hzrXj7xD4b1LRbm1ii0O+mmn8+UoWR2gYbMK2eI2647 + V79d3FudSsWEqlV8zJ3DAyveotPsbOSW7EkKsElIGR0HpXnvxY8ZaF8NNDTX + LqGN5WEqW9v0M820bQR/dBOWPYe+Ad41q+KVHCRV+W6ivV3ZjOjQwsq2Mk7c + 1nJ/4VY+Rf2svF8Gt+NbHw3ZyCSHQ4DvKnI8+4wzDjjhFT8civNfgJoQ174r + aDHJgQ2M32yRj0UWw3qT9XCj8a8r1LULvVtQudUv5DLc3cjSyMe7uck/nX3r + +yh8O1svD95441aAGXVj5NqHHS3jPzMP99x+Sg96/bc0cMqyb2KetuVebe7/ + ADZ+H5VGebZ17ZrTm5n5RWy/JH1VYXFut1elpVAaQEZYc8dqL24t2vrFllUh + WfJDDjjvUVjY2clzeK8KsEkAUEdBii8sbNL2yRIVCuzbgB1wO9fz8f0GX7+6 + tmsrhVlQkxsAAw9K/Lf/AIKi/F5PC3wM0P4WaZcAX/jS4RrlVbkWNhtkcHHI + 3TGIDPUKw9a/UK90+xSzndIEVljYggdCBX8937avw9/aA+On7Rt0fDfw78Qz + 6FpiWujaddLpV39kdE5ln84ReX5bTyO3mZxsCknAoGfN/wCzV+1x46/Zci15 + fAuh6PqM3iFrc3E2pRXEkqrbB9iIYZ4gFzISeCSe/Axe/aT/AGx/H/7UOkaL + pXjvQdGsG0GeWa2uNOiuI5gJ1CyRkzTyjY21ScAHKjn1/pS+GXw08M+APCWm + eA7C0iltfD1na2UbtGMv5MQUuf8Aacgs3qSat/ED4e+F/Gfhu+8F6lZRLY6/ + bXFjOVRQwjuIihI9xnIPY80CPzf/AOCV3xeTX/hD4k+EWqXA+1+E7hrmzVmw + TZX+5iqg9dk4cn/rotfK3/BV10f4weCQrA7fDUYOD0P2u4rD/ZC+Gf7QPwC/ + absJNb+HniH+w7ma50PUbxdKuzZmCZtiXAn8vy/JSZI5fMzt2AnODmvW/wDg + pd8IPij48+KfhDVPh/4K1nxFZxeH44pp9M065vIkm+0zsUd4UYBtpBwTnBBo + A+zf2fP2WP2a/Efwa8Da74i8BaReX+o+HNFup55osvLPPZRvK7HPLM5Jb3r6 + W8LfA/4H/DXU7PVPh/4O0bRL4SYNza2sS3AUggjzsFwD3G7FVv2dNBuNL+C3 + gTRte097O/0/w1ocE9tcRtHNBMljEskciOAyOrAhlIBBBB5r16/sbOOW0CQq + oeUA4HUY6UAaVxdWpt5QJkJKt/EPSv5jLtgv/BRizZjgD4k2WSf+wpHX9N1x + p1gsEjLboCFJHHtX879x8EPjHcft42njFPAOvyeHT4/tLw6iNKuzZfZBqSO0 + 5n8vy/KCAsX3bdvOcUAf0L21xbjVLxzKoVhHg7hg4FGp3Fu7We2VTtnQnDDg + etRW9jZtqd3E0KlEEeBjgZHNGo2NnG1oI4VXfOinA6g9qANWW7tTE4EydD/E + K/nT/wCCpzK3x/8ADe0g48K2YPsftt7X9E8um2Ajci3QEA9q/Bz/AIKQfB34 + r+PPjb4f1rwF4I1vxFYJ4btYZLnTdNubyETLeXjMjSQxsocKykqTnBB7igD9 + qfhvcQL4X0NmkUA6TYDJYdoFrr9VuLd1ttkqtidCcMDgc81yfgLSEtfD+kaf + fWvlS22mWSPG64ZJBCoYEHoQRg10+p2NnEtuY4VXdOinA6g5yKANd7u12n98 + nT+8KztHubdNNhV5VVgDwWAPU1bbTdPCki3Tp6VQ0mxs5tPhklhVmOckjnqa + AHxXFuNXmcyrtMSjO4Y615j8fZ4JPhL4hWORWPkHgEHvXpMdjZnVZoTCuwRq + QMcZzXmXx6s7SD4TeIXhiVG8gjIGO9YYr+FP0f5HLj/4E/R/kfkrX3d+xXPD + CnjHzpFTJ0/G4gZ/4+PWvhGvur9i60trpPGH2iJZNpsMbhnGftFfFZD/AL1D + 5/kz814X/wB+p/P8mfaqXVt/bkknnJtMAGdwxnd0zRrV1bSWiKkyMfNQ4DA9 + 6iXTrE608HkJ5YgDbccZ3daNY06xhtVeKBEJkQZAHQnmv0Q/XDd+22f/AD3j + /wC+xXzH4pIOrPjn5R/M19K/2Tpn/PrH/wB8ivPU8BaZry/2hcTyxOxK4Tbj + 5SQOoNA0yt8OpoYreJpHVB5UgySBz5mcc13WuXVtJp7LHMjHcnAYE/eFY+ke + G9P0i/XS0BniWAyZkAJ3F/YAVp61p1jDYNJDAiNuQZAGeWFAM3fttn/z3j/7 + 7FY+i3VtHaOrzIp81zgsB3rR/snTP+fWP/vkVk6Pp1jNas8sCOwkcZIHQHig + RK91bf27HJ5qbBARncMZ3dM0a7dW0mlzJHMjMSnAYE/eFRPp9iNbjgECeWYC + 23Axnd1o1vTrGDTJpYYERxtwQADywFAG79ts/wDnvH/32Kx9GuraOCcPMikz + yEZYDgmtH+ydM/59Y/8AvkVk6Rp9jNDM0sCOVmdRkDoDwKAJZbq2OtQSCZNo + icE7hjOfWna5dW0mlXCRzIzEDADAn7wqCXTrEaxBCIECNExK4GCQadrWnWMO + mTyxQIjqBggDI5FAGyl7Z7R+/j6f3hWTpF1bIt3vmRd1zIRlgMg45q+uk6aV + B+zR9P7orL0nTrGVbrzYEbZcSKMgcAYwKAJbi6tjrNpIJkKqkmTuGB+NSazd + 2smmXCJMjMV4AYE9arT6dYrq9rCsCBGRyVwMEjpUmr6dYQ6bPLFbojqvBAGR + zQBqQ3tmIYwZ4wQo/iHpWZpN1bI99vmRd1w5GWAyOORVyHStNMSE20ZJUfwj + 0rO0vT7GVr0SQI2y4dVyBwBjAFAEt3dWx1excTIVUS5O4YGR3qfVru1fTbhE + mRmKHADAmqd1p9iuq2USwIEcS7hgYOBxmptU02wi064kjt0VlQkEAZFAGhbX + loLaIGeMEIv8Q9KztMurZJ74vMihpiRlgMjA6VattL05reJmtoySiknaPSqG + m6dYyzXqyQIwSYquQOBjoKAJb26tm1TTnWVCqmXJDDAyverOp3dq+nXKrMjE + xsAAwJPFUbzT7FNT0+JIECSGXcABg4XjNWdS0zT47C4kjt0VljYggDIOKALV + leWi2cCtOgIjUEFh6VR066tkvL9mmQBpAQSw547VYs9L057OB3tkLNGpJKjk + kVS0/T7GS7vkeBGWOQBQQOBjtQBLf3Vs1/p7LMhCu+SGGB8vermoXlo1hcqs + yEmJwAGGSdprOvtOsY76wjSBFWR3DAAYOF71bv8ATNPjsbh0t0VljcghRwQD + QBNp95aLYWytMgIiQEFhkHaKp2F1bLqGoM0yAMyYJYYPy9qmsNM0+SxtpHt0 + ZmjQkkDJJAqpY6dYvf38bwIyxsgUEDAyvagCXUrq2e7sGWVCFlJJDDgY71ev + by0aznVZ0JMbAAMPSszUNPsY7qxSOBFEkhDAAcjHert5penJaTulsgZUYg7R + wQKAF0u7tU062V5kUiNcgsARxVayurZdV1F2lQK3lYJYYOF5xT9N0zT5dPt5 + JLdGZkUkkDJOKr2en2L6nqETwIUj8raMDAyvOKAJdUurZ5rEpMjBZwThgcDB + 61o3N5aG3lAnjJKN/EPSsnUtOsYprIRwIoeYK2AORg8GtC40vTlt5WW2jBCs + Qdo9KAI9Ju7VNNt0eZFYIMgsAagtbq2GsXzmVArLFg7hg4HY0ulabYS6dbyS + W6MzICSQMmobbT7FtWvYmgQoix7RgYGRzigCXVrq2drLZKjbbmMnDA4HPJrT + mvbMxOBPH90/xD0rH1XT7GJrPy4EXfcIrYA5BzkVpS6Vpoici2jBAP8ACPSg + Cto13ax6Xbo8yKwXkFgD1NRwXVsNZupDMgUxoAdwwfxpuj6dYTabBLLbo7sv + JIGTzTINOsW1e5hMCFFjQhcDAJ60AS6xdWzpa7JkbFxGThgcAZ5rWa9s9p/f + x9P7wrE1bTrGJLUxQIu64jU4HUHqK1G0nTdp/wBGj/75FAFLQ7q2j0qBJJkV + gGyCwB+8abFdWw1ueQzJtMKjO4Yzn1qPRdOsZtMglmgR3YHJIBJ+Y0ken2J1 + maEwJ5axKQuBgHPWgCXWrq2kt4QkqMRNGeGB4zWx9ts/+e8f/fYrC1jT7GGC + FooEQmZAcAdCeRWt/ZOmf8+sf/fIoAztCuraPS4kkmRWBfgsAfvGhbq2/t15 + POTZ9nAzuGM7umai0TTrGfTYpZoEdyWySATwxoXTrH+23g8hPLEAbbgYzuxm + gCXW7q2ks1VJkY+YhwGB71sfbbP/AJ7x/wDfYrC1nTrGG0V4oERvMQZAHQnm + tb+ydM/59Y/++RQBnaHdW0dgFkmRTvfgsB/EaPtVt/bwk81Nn2bGdwxnf0zU + Wi6fYz2IkmgR23uMkDPBNH9n2P8Abgg8hPL+z7tuBjO/GaAJdduraTTmWOVG + O5OAwJ+8K2Pttn/z3j/77FYWtafYwWDSQwIjBk5AGeWFa39k6Z/z6x/98igD + O0W6to7Vw8yKfNc8sBxmn+dDLr0ZidXHkMOCDzu9qr6Pp1jNau0sCORK4yQO + gPFSpa21trsawRrGPIY4AxzuxmgDoaKKKACiiigAooooAKKKKAP/1/3PltdS + GqwRtfZkMbkP5S8DuMZwc07VrTU49Omee/8ANQAZXylXPI7g02XUZTqsE32O + YFY3GwgbjnuOadq2pSzadNE1nNGGA+ZgAByOtAF6Oy1copGpYGB/yxX/ABrP + 0y11J/tfk33lbbiQN+6VtzDGW5PGfStCPVpgij7BOcAfwj/Gs/TNRli+17bO + aTfcSMdoHyk44PPUUAFxa6kNUtY2vt0jK+1/KUbQBzxnBzUmp2mqJYTvNf8A + moF5XylXP4g1HcajK2qWsxs5lKK42kDc2R2+lSanqUs1hPG1lNGGXG5lGB9e + aALcNlq5hjK6lgFRgeSpxx9aoada6k8l2Ir7yyszBj5Snc3HPJ4+lX4dVmWG + NfsE5woGQo54+tUNO1GWKS7Is5n3zMx2gfLnHB96AC6tdSXUrJHvt0jebtfy + lG3C88Z5zU2o2mqJYzvLqHmIEOV8pRkemQeKhutRlfUrKU2cymPzcKQMtle3 + 071NqOpyy2M8bWUyBkI3MowPrzQBNbWWrNbRMmo7VKLgeSpwMdM5qnYWupPc + XgivvLZZMMfKU7jjr7VcttUmS2iUWM7YRRkKMHjr1qnYajLHcXjCzmfzJMkA + DK8dDz1oALy11Jb+ySS+3uxfY3lKNuF5475qzfWeqpZXDSahvQRsSvlKMjHI + zniq15qMr39lIbOZTGXwpAy2V7c9qs32pzSWVxGbKdA0bDcVGBkdTzQAtnZ6 + q1pA0eo7FKKQvkqcDHAzmqtla6k13erHfbGV1DN5SnccdcZ4q1Z6pMlpAgsZ + 2CooyFGDgdRzVWy1GWO7vXFnM5kdSQAMrx0PNABfWupLd2SyX29mchW8pRtO + OuM81avLPVVtJ2k1HeoRiV8lRkY5Gc1VvtRlku7JzZzIY3YgEDLcdBzVq81S + Z7SdDYzqGRhkqMDI6nmgBthZ6q9lA0WoeWhRSF8pTgY6ZzzVeztdSa/vkjvt + jqU3t5SndleOO2KsWGpzR2UEYsp3Coo3BRg4HUc1Xs9RlS/vpBZzMZCmVAGV + wvfnvQAX9rqST2YlvvMLS4U+Uo2nHX3q7c2WrLbyl9R3KEbI8lRkY6dapX+o + yyT2bGzmTZLkAgZbjoOetXbnVJnt5VNjOuUYZKjA4+tAEGnWmqPYwPFqHloU + GF8pTgemSeahtbXUm1O9RL7bIoj3P5SndleOM8YqbTtTlisYIxZTOFQDcqjB + 9xzUNrqMqaleyizmYyCPKgDcuF789+1ABqNrqSPaCW+8wtMoX90o2t68dfpV + +ay1cQyFtSyApyPJUZ4+tUNR1GWV7Qmzmj2TKw3AfNjPA561fm1WZoXU2E4y + pGSo44+tAFTS7TU30+B4b/ykK8L5Stj8SajgtdSOqXSLfbZFVNz+Up3AjgYz + gYqTS9Slh0+CNbKaQKuNyqMH6c1HBqMq6pdTCzmJdUG0Abhgd/rQAana6kn2 + Xzr7zN1xGF/dKu1jnDcHnHpWi9lq4RidSyMH/liv+NZ2p6jLL9l3Wc0ey4jY + bgPmIzwOeprRfVpijD7BOOD/AAj/ABoAoaTaanJp0LwX/lIQcL5Stjk9yabF + a6kdVnjW+xII1Jfyl5HYY6DFO0nUpYdOhiWzmkCg/MoBB5PSmxajKNVnm+xz + EtGg2ADcMdzzQAapa6lHHAZr7zQZkAHlKuGPQ8Ht6Vpmx1j/AKCf/kFP8azN + U1GWaOANZzR7ZkbLADOOw56mtP8Atab/AJ8Lj/vkf40AZmjWupSabC9vfeTG + d2E8pWx8x7k0Ja6l/a8kYvsSiEEv5S8jPTGcfjRo+oywabDEtnNKF3fMoBBy + xPHNCajKNXkn+xzEmELswNw56/SgA1W11KO3Qz33mqZEAHlKuCTwcj0rT+w6 + x/0E/wDyCn+NZmq6jLNborWc0eJEOWAA4PTr1Naf9rTf9A+4/wC+R/jQBmaP + a6lJYI8F95KZbC+UrfxHPJoFrqX9sGP7d+98gHzPKX7u77u3p15zRo+oywWK + RrZzSgFvmUAjlj70DUZf7YM/2ObPkBdmBu+9nPXpQAava6lHZ7p77zV3p8vl + KvOeDkHtWn9h1j/oJ/8AkFP8azNX1GWez2NZzRDehywAHB6da0/7Wm/6B9x/ + 3yP8aAMzSbXUpLQtBfeUu9xt8pW5zycn1oNrqX9sLH9u/e+QTv8AKX7u77uM + 4685o0nUZYbQotnNIN7nKgEcnp1oOoy/2ws/2ObIgK7MfN97OfpQAaxa6lHY + SPPfecgK5XylXPzDHINaf2HWP+gn/wCQU/xrM1jUZZ7CSNrOaIEr8zDAGGFa + f9rTf9A+4/75H+NAGZpVrqUkEhhvvKAlcEeUrZIPJ59aJLXUhq8UZvsymJiH + 8peBnpjOPxo0rUZYYJFWzmkzK5yoBAyenXqKJNRlOrxT/Y5gREw2YG489evS + gA1i11KPTZnnvvOjG3KeUq5+Ydwa0hY6xgf8TP8A8gp/jWbrGoyz6bNE1nNE + G2/MwAA+Ydea0hq02B/oFx/3yP8AGgDN0u11KRLgw33lATOD+6VssOp56Z9K + JrXUhqtvG19mQo5D+UvA7jHQ5o0vUZYUuAtnNJumdvlA4z2PPUUTajK2q28x + s5gVRxsIG457jmgB+q2mpx6fM89/5qADK+Uq55HcGrsdlq5RSNSwMD/liv8A + jVLVdSlm0+aJrOaMMB8zKAByOvNXY9WmCKPsE5wB/CP8aAM/TLXUnN35N95e + 2dw37pW3MMZbnpn0ryn4lRXUOsWy3U/2hjACG2hMDc3GBXq2majLEbvbZzSb + 53Y7QPlzjg89RXE+MtGvfEeq200MTwERbArr8x2kkkY+tA0U/BEN03hvUZI7 + jZEsnzR7Ad3yr/F1FeoQWWrmGMrqW0FRgeSpwMfWuH0LTrzw/oV7YXMEjGdt + +/bhVGAOcn2ruINVmWGNRYTnCgZCjB4+tAMo6da6k8l4Ir7yyszBj5SnccDn + np9KLq11JdSsUe+3SN5ux/KUbcLzxnnNGnajLFJeEWcz75mYhQPl4HB96LrU + ZX1KxlNnMpj83CkDLZUDjnt3oET6jZ6oljO0uoeYgQkr5SjI9Mg8VLbWWrNb + RMmo7VKLgeSpwMdM5qLUdTllsZ4zZTIGQjcyjA9zzUttqkyW0SixnbCKMhRg + 8detAFOwtdSe4vBFfeWyyYY+Up3HHXGeKLy11Jb+ySS+3uxfY3lKNuF5475o + sNRljuLxhZzP5kmSABleOh560XmoyyX1lIbOZTGXwpAy2V7c9qALN9Z6qllc + NJqG9BGxK+UoyMcjOeKWzs9VazgaPUdimNSF8lTgY4Gc9qS+1OaSyuIzZToG + jYbiowMjqeaWz1SaOzgQWM7hY1GQowcDqOaAKtla6k15erHfbGV13N5Snccd + cZ4ovrXUlu7JZL7ezOQreUo2nHXHeiy1GWO8vXFnM5kdSQAMrgd+aL7UZZLu + yc2cyGNyQCBluOg5oAt3dnqy2kzSajvUIxK+SoyMcjOaZYWeqvYwNFqHloUU + hfKU4GOmc80+71SZ7SZDYzqGRhkqMDI6nmmWGpyx2MEYsp3Coo3BRg4HUc0A + V7S11JtQvkS+2Opj3t5SndleOM8Yo1C11JJ7MS33mFpcKfKUbTjrweaLTUZU + 1C+lFnMxkMeVAGVwvfnvRqGoyyz2bGzmTy5cgMBluOg560AXbiy1YW8pfUdy + hWyPJUZGOnWoNOtNUewgeLUPLQoML5SnA9Mk81PcarM1vKpsZ1yrDJUYHH1q + DTtTlisII1sppAqAblUYP05oAhtrXUm1K9RL7bIoj3P5SndkccdsUaja6kj2 + nm33mFplC/ulG1ucHjr9KLbUZU1K9lFnMxkEeVA5XA7/AF7UajqMsr2hNnMm + yZWG4D5sZ4HPWgC/NZauInLalkBTkeSozx9aqaXaanJp8Dw3/lIV4XylbHPq + TVubVZmidfsE4yp5Kj0+tVNL1KWHT4Ils5pAq/eVQQee3NAEcFrqR1S6jW+2 + yKqbn8pTuB6DHQYo1O11JBa+dfebunjC/ulXaxzhuDzj0og1GVdUuphZzEuq + DaANwx6896NT1GWYWu6zmj2Txt8wAzjPA9zQBovZaxtOdSzwf+WK/wCNUNJt + NTk06F4L/wApCDhfKVscnuTV99WmKkfYJ+h/hH+NUNJ1GWHToYls5pAoPzKA + QeT05oAbFa6kdWnjW+xII1Jfyl5GeBjOKNVtdSjihM195oMyADylXBPQ8Ht6 + URajKNVnm+xzEtGo2YG4Y7nmjVdRlmihDWc0e2ZGywAzjsPc0Aaf2HWP+gn/ + AOQU/wAazNGtdSk02F7e+8mM7sJ5Stj5j3JrT/tab/oH3H/fI/xrM0bUZYNN + hiWzmlC7vmUAg5YnjmgAS11L+15IxfYlEIJfyl5GemM4/GjVrXUo7ZDPfeav + mIAPKVcEng5B7UJqMo1eSf7HMSYQuzA3Dnr9KNW1GWa2RWs5o8SIcsABwenX + vQBp/YdY/wCgn/5BT/GszSLXUpLFWgvvJTc3y+UrfxHPJPetP+1pv+gfcf8A + fI/xrM0jUZYLFY1s5pQGb5lAI5Y0AH2XUv7ZMf27975GfM8pfu7vu7c4685r + 5vvwRfXIY7iJHyemeTX0h/aMv9smf7HNnyNuzA3Y3Zzj0r5vvzuvrhiMZkc4 + PUcmgqJ9L6dZasdPtSuo7QYkwPJU4G0e9QaTa6lJaloL7yl3uMeUrc55OT61 + Pp2qzLp9qosJziJBkKMH5R71BpOoywWpRbOaUb3OVAI5PTrQSDWupf2wsZvv + 3vkE7/KX7u7pt6fjRrFrqUenyPPfecgK5XylXPzDuDQ2oy/2ws/2ObIgK7Mf + N97OfpRrGoyz6fJE1nNECV+ZhgDDCgDT+w6x/wBBP/yCn+NZmlWupSQymG+8 + oCVwR5Stkg8nk960/wC1pv8AoH3H/fI/xrM0rUZYYZVWzmkzK5yoBAyenXqK + ACS11IatFGb7MpiYh/KXgZ6Yzil1i11KPTpnnvvOjGMp5Srn5h3BpJNRlOrR + TfY5gREw2YG489evSl1jUZZ9OmiazmiDY+ZgAB8w680AaK2OsYH/ABMv/IKf + 41m6Xa6k6XHk33lATuG/dK25h1PPTPpWkurTYH+gT/8AfI/xrN0vUZYUuAtn + NJundvlA4z2PPUUAE1rqQ1W3ja+zIUch/KXgdxjoc0/VbTU49Pmea/8ANQDl + fKVc8+oNMm1GVtVt5vscwKo42EDcc9xzT9V1KWbT5oms5oww+8ygAc9+aALs + dlq5jUjUsDA48lf8az9NtdSc3fk33l7Z3DfulO5hjLcnjPpWhHqswjUfYJzg + D+Ef41n6bqMsRu9tnNJvndjtA+UnHB56igAuLXUhqdoj326Rlk2v5Sjbgc8Z + wc1LqdpqiWE7zX/mIF5XylXI+oNRXGoytqdpMbOZSiyYUgbmyO30qXU9Slls + J42spowykbmUYH15oAswWWrGCMrqO0FRgeSpwMfWqOnWupPLeCK+8srMQx8p + TuPryePpV6DVZlgjUWE5woGQowePrVHTtRlilvCLOZ98xYhQPl46H3oALq11 + JdRsUe+3SN5ux/KUbcLzxnnNT6hZ6oljO0uoeYgRiV8pRkY6ZB4qC61GV9Rs + ZTZzKY/NwpAy2Vxxz271PqGpyy2M8ZspkDIw3MowOOp5oAltbPVmtoWTUdql + FIHkqcDHTOap2FrqT3N4Ir7YyyYY+Up3HHXGeKuWuqTJbQoLGdtqKMhRg4HU + c1TsNRljubxhZzP5kmSABleOh5oALy11Jb6yWS+3uzPtbylG3jnjPOas31nq + q2Vw0mob0EbEr5KjIxyM54zVa81GWS+spDZzIY2chSBlsjtz2qzfanNJZXEZ + sZ0DRsNxUYGQeTzQAtlZ6q1nA0eobEMakL5KnAxwM55xVWytdSa8vVjvtjqy + 7m8pTuOOuO1WrLVJo7OCMWM7hY1GQowcDqOaq2Woyx3l64s5nMjKSABlcDvz + QAX1rqS3Vksl9vZnIU+Uo2nHXHerd3Z6strMz6jvUIxI8lRkY6ZzVS+1GWS6 + snNnMhjckAgZbjoOat3eqTPazIbGdQyMMlRgZHU80AMsLPVXsYGi1Dy0KKQv + lKcDHTOear2lrqTahfIl9sdTHvbylO7K8cdsVYsNTmjsYIxZTOFRRuCjBwOo + 5qvaajKmoX0os5mMhjyoAyuF7896ADULXUkmsxLfeYWlAU+Uo2nHXg8/Srtx + ZasLeUvqO5QrZHkqMjHTrVLUNRllms2NnMmyUEBgPm46DnrV241WZreVTYzr + lWGSowOPrQBBptpqj2EDw3/loVGF8pTgemSeahtrXUm1O8RL7bIoj3P5Sndk + ccZ4xU2m6lLFYQRrZTSBVA3KowfpzUNtqMqaneSizmYuI8qByuB3+vagA1K1 + 1JGtPNvvM3TqF/dKNrc4bg849Kvy2WriJy2pZAByPJXnj61Q1LUZZWtC1nMm + ydWG4fexnge9X5dVmMTj7BOMg87R6fWgCppdpqcmnwPDf+UhXhfKVsc+pNRw + WupHVbmNb7bIqJufylO4HoMZwMVJpepSw6fBEtnNIFX7yqCDz25qODUZV1S5 + mFnMS6INoA3DHc896ADVLXUkFr5195u6dAv7pV2sc4bg849K0XstY2nOpZ4P + /LFf8aztT1GWYW26zmj2To3zAc4zwOeprRfVpipH2Cccf3R/jQBn6RaanJp0 + LwX3lRkHC+UrY5PcmkitdSOrTRi+xKI1Jfyl5GemOlLpGoywadDEtnNKFB+Z + QCDyenNJFqMo1aab7HMS0ajZgbhg9Tz0oANUtdSjihM195oMyADylXBJ4PB7 + elaf2HWP+gn/AOQU/wAazNU1GWaKENZzR7ZkbLADOD0Hua0/7Wm/6B9x/wB8 + j/GgDM0a11KTTont77yYzuwvlK2PmPc0La6l/bDxi+xKIQS/lLyu7pjOPxo0 + bUZYNOiiWzmlC7vmUAg5Y+9MOqNFqkt3JayqFg+ZSACADkseelAGd4surrRd + MF1e3/n5cBI/LVSzDnqPTvXhV9fajrt+bi6Zri5mIUAD8AqgfoBWp4q8RTeI + 9Ta5OVt48rCh7L6n3PU/l2ru/AuiNpijWL2wmluJB+5wvCIR97nuf5fWgrYn + 8IeBmjgi1eedUucnapjDhCDjucE++OO1dn9l1L+2fL+3fvfs+fM8pfu7/u7c + 4685o0jUZYLJY1s5pRuY7lAI5Y0f2jL/AGz5/wBjmz9n27MDdjfnPXp2oJDV + 7XUo7ItPfeam5fl8pV5yMHIPatP7DrH/AEE//IKf41mavqMs9kY2s5ohuU7m + AA4IrT/tab/oH3H/AHyP8aAMG00aXUrVTNOjJFK7Krwq4DA4Lc/5FWjaaiur + pCL3955BIfyl4Xd93b0/Gl0nUZYbUotnNIN7nKgEcnp1obUZTrCT/Y5siErs + wN33uvXpQAaza6lHp0r3F95yArlfKVc/MO4Naf2HWP8AoJ/+QU/xrM1jUZZ9 + OliazmiBK/MwAAww960/7Wm/6B9x/wB8j/GgDM0q11KSGUw33lASuCPKVskH + k8nv6USWupDVoYzfZlMTEP5S8DPTHSjStRlhhlVbOaTdK7ZUA4yenXqKJNRl + OrQzfY5gViYbMDccnr16UAfB37YkN1D4r0AXVx9oJsnwdgTA8w8cV8e19hft + iXT3XivQGeB4Ntk4w4wT+8NfHtfm+c/71P8Arofj3EX++1PX9EfsH8Lbe9l8 + AaE1vd+SosrYEbA2T5Kc5Nc98X/hg3xI0ZdGmuVOowK81lMyBQkgH3Gx/C/Q + +nBwcYrofhbePB4A0JFtpJQbK2OVGR/qU4rrpb6RtSgl+yygqjDaRyc+lfom + W4upQlCtSdpRs0fpVTCU6+G9jVV4yVn9x+N2raVqOh6lc6Pq9u1reWjmOWJx + hlYf54I4I5HFe+/B34+6z4CWLw5rc0lxoG75dqq8ttuPJQN95M8lMj1HcH6r + +NHwl0n4l2J1SC1fTddtlAjuivySKOiTY5I9G6r7jivzs8UeEPEfgzUTpfiS + xksp+SpcfJIv95G6MvuP51++5bm2CzvDewrJc3WPVPvH+vJ+f4VmWU47I8T7 + eg3y9JdGu0v6815frD4P1yx8W6fLq3hnWY7q1eU5eNFYkkA5ZTgoT/dIBFbk + 9tfjULVGvNzsH2t5ajbgc8d81+Omi+INc8N3o1DQL+fT7kceZBI0bEeh2nke + x4r3HSf2n/ilp0kMl7Na6q0AIBuYMHBGOTCY8/U18ZmPhniIybws1Jdno/8A + J/gfaZb4nYeUUsVBxfdar/Nfj6n6Paha6illM0t75iBeV8tRn8angtNTMMZW + /wBoKjA8pTjivz/vf2uvHt3avbLpOmxmQYLbJj+Q80V514i/aB+KviOA2kus + tYWxGPLslEHHT76/vPw3Yrgw/hxmE5Wm4xXrf8j0MT4k5fCN4c0n6W/M+3vH + nxe8O/DaG9S91MXGq7zssoVVpZGxwznkRr7n8Aelfnh49+IPiT4ja22teIp9 + 5UFYYl4jhjznag/mep71xTu8jtJIxd2JJJOSSepJr2L4afBfxP8AEC5t7mSG + Sw0ZzzdMhzIB1EKnG8+/3R3OeD+h5XkGByak8RVl73WT/JL/AIds/O81z/HZ + 1VWHpR93pFfm3/wyRR+E/wAMNT+JOttGqtFpNgPMvLgDhVHIjU/33xgegye2 + D+pulaTc2OmWllp90Le1ghjjiiWJcIiqAqj6Diuf0DQdF8GeFx4b8O6XJaWk + SHJIBZ3I+aSRurMe5/AYAAHU22oypbxKLOZsIoyBweK/JuKuJZ5jWutIR2X6 + vzf4fn+tcKcMwy6hZ6zlu/0XkvxKllbX7XF2I7zYyuAx8tTuOOvtRd21+t5a + K95vZmba3lqNvHPHeiyvpI7i7YWsr73BIA5XjoaLu+ke8tHNrKpRmwCOWyO1 + fLH1RYvLXUltJmkvt6hGJXylGRjpmltLXUmtIWjvtilFIXylOBjgZpLzUZXt + JkNnMoZGGSOBkdTS2moypaQoLOZgqKMgcHA6igCvaW1+13dql5sZWXc3lqd3 + HHHakvba/W4tBJeb2ZyFPlqNpx196LS+kS7u3FrKxdlJAHK4Hei9vpJLi0Y2 + sqbHJAI5bjoKALVzaakttKz325QjZHlKMjHTNMsbXUXs4WjvtilBhfLU4Hpm + n3OoyvbSobOZdyMMkcDI60yx1CSOzhQWkrhUAyBwfpQBBa21+19eIl5tddm5 + vLU7sjjjtilvra/SW1El5vLSAKfLUbT6+9Ja30iX15ILWVi+zKgcrgd/rS31 + 9JJLak2sqbJAcEfe9h70AW57TUxDIWv9wCnI8pRnioLC11F7KFor3y0KjC+W + px+NTz6lK0MimzmGVIyR04qCw1CSOyhjFpK4VQNwHB+lAEUFtfnUbpFvNrqE + 3N5andkccdsUahbX6Na+beeZumUL+7UbT2Pv9KIL6RdRupRaykuE+UDlcDv9 + aNQvpJGtSbWVNkytyOuOw96AL0lpqYjYm/yMHjylqrpttqD2MLRXvloRwvlq + cc+pq1JqUpjYfYphkHtVXTb+SKxhjFpLIFH3lHB57UAMhtr86lcIt5iQKmX8 + teR2GO2KTUba/RbfzbzzMzIB+7UYJ6Hjrj0ohvpF1K4l+yyksqDaByMetGo3 + 0kq24NrLHtmRvmHXHYe5oA0Gs9U2nOoZ4/55LVHS7bUJLCJ4bzykOcL5atjk + 9zV5tTlKkfYpunpVHS7+SGwijW1lkC5+ZRweTQA2O2vzqcsYvMSCNSX8teRn + pivM/jvb3sXwo8QtcXfnL9nPy+WF5z1yK9MjvpBqcs32WUlo1G3HzDnrXmfx + 3vZJ/hR4hja2kiH2cnLDA61hiv4U/R/kcuP/AIE/R/kfk1X3L+xlBeTJ4v8A + slz9nwbDPyB8/wDHxjr0xXw1X3L+xldvap4v2W8k+42H3BnGPtHWvish/wB6 + h8/yZ+a8L/79T+f5M+zltdS/th4xffvRCCX8pfu7umM4/GjVrXUo7ZWnvvNX + zEGPKVec8HIPahdRlGsPP9jmyYQuzA3fe6/SjVtRlmtlRrOaPEiHLAAcHp1r + 9EP1w0/sOsf9BP8A8gp/jWZpFrqUlkGgvvJTc3y+Urc5OeSe9af9rTf9A+4/ + 75H+NZmkajLBZCNbOaUbmO5QCOSaAD7LqX9s+X9u/e/Z8+Z5S/d3/d25x15z + Rq9rqUdkzT33nJuX5fKVecjHI9KP7Rl/tnz/ALHNn7Pt2YG7G/OevTtRq+oy + z2TRtZzRAsp3MABwRQBp/YdY/wCgn/5BT/GszSbXUpLZmgvvKXzHGPKVuc8n + JPetP+1pv+gfcf8AfI/xrM0nUZYbZkWzmkBkc5UAjk9OvagAa11L+2EjN9mU + wkh/KXhd3TGcfjRrFrqUenSvcX3nINuV8pVz8w7g0NqMp1hJ/sc2RCV2YG77 + 3Xr0o1jUZZ9OliazmiB2/MwAAwwNAGn9h1j/AKCf/kFP8azNKtdSkhmMF95Q + ErgjylbJB5PPr6Vp/wBrTf8AQPuP++R/jWZpWoywxTKtnNJuldsqBxk9Dz1F + ABLa6kNWhjN9mUxsQ/lLwM9MdKXV7TU49Omee+82MAZXylXPI7g0kuoynVoZ + vscwKxsNmBuOT1HPSl1fUZZ9OmiazmiDAfMwAA5HXmgDRWy1jaMal2/54r/j + WbplrqTrc+TfeVtncN+6VtzDq3PTPpWkurTBQPsE/T+6P8azdM1GWJbnbZzS + b53b5R0z2PuKACa11IapbRtfbpGRyr+Uo2gdRjODmn6raanHp87zX/moByvl + KuefUGmTajK2qW0xs5gURxtIG457jntT9U1KWbT54ms5owy/eZRgc9+aALkV + lq5iQrqWAQMDyV44+tUNNtdSdrvyb7y9s7hv3Snc3GW5PGfSr8WqzLEi/YJz + gDkKP8aoabqMsTXZWzmk3zux2gfLnHB560AFza6kup2aPfbpGEm1/KUbcDnj + oc1NqVpqiWE7zX/mIFOV8pRkemQeKhudRlfU7OY2cylBJhSBubI7c9qm1LU5 + ZbCeNrKaMMpG5lGB9eaAJ7ey1YwRldR2gqMDyVOBjp1qlp9rqTzXgivvLKyk + MfKU7jjryePpV231WZYI1FjO2FAyFGDx9apafqMsU14ws5n3yliFA+Xjoeet + ABd2upLqNij3292MmxvKUbcLzxnnNT6hZ6qljO0uoeYgRiV8pRkY6ZzxUF3q + Mr6jYymzmUxmTCkDLZXtz271PqGpyy2M8ZspkDIw3MowOOp5oAktLPVmtYWT + UdilFIHkqcDHTOaqWNrqT3V6sd9sZZAGPlKdxx1xnirdpqkyWsKCxnYKijIU + YOB1HNVLHUZY7q9cWczmSQEgAZXjoeaAC9tdSW9slkvt7szbW8pRtOOTjPNW + r2z1VbOdpNQ3oI2JXyVGRjkZzxmqt7qMsl7ZSGzmQxsxCkDLZHarV7qk0lnP + GbGdA0bDJUYGR1PNACWNnqrWVu0eobEMaEL5KnAwMDOecVWs7XUmvb1Y77Y6 + sm5vKU7jjjjtirNjqk0dlbxixncLGg3BRg4A5HNVrPUZUvb2QWczGRkJUAZX + A70AF/a6klzZrLfeYzSEKfKUbTjrjPNXLqz1ZbWZn1HeoRiR5KjIx0zmqd/q + MslzZubOZDHISAQMtx0HNXLrVJntZkNjOoZGGSowMjqeaAItPs9UexgaLUPL + QopC+UpwMdMk81BaWupNqN8iX2yRfL3t5SnfleOO2Kn0/U5YrGCMWUzhUUbl + UYPHUc1BaajKmo30os5mMnl5UAZXC9+e/agA1C11JJbMS33mFpgFPlKNpwee + Dz9KvT2WrCCQtqO4BTkeSoyMfWqOoajLLLZk2cybJgwDAfNweB71en1WZoJF + NhOMqRkqMDj60AVtNtNUewgeG/8ALQqML5StgemSait7XUjqd2iX22RRHufy + lO7I446DFS6bqUsVhBGtlNIFUDcqjB+nNRW+oyrqd3MLOZi4jyoA3Lgd+e9A + BqVrqSG086+8zdOgX90o2sc4bg849K0JbLVxG5OpZGDx5K/41n6lqMsptN1n + NHsnRhuA+bGeBz1NaEuqzGNx9gnGQedo/wAaAKWlWmpyafC8N/5SEcL5Stjn + 1JpkNrqR1W4jW+xIEQs/lKcjsMdBin6VqUsOnwxLZzSBR95VBB57c0yHUZV1 + W4mFnMSyINoA3DHc896ADVLXUkW286+83M6Bf3SrtY9G4POPStJrHWMH/iZf + +QU/xrN1TUZZltg1nNHtnRvmGM47D3NaTatNg/6BP/3yP8aAM7SLTU5NOheC + +8mMg4XylbHJ7k0kdrqR1eWMX2JREpL+UvIz0xnFLpGoywadDEtnNKFB+ZQC + DyenNJHqMo1eWf7HMS0SjZgbhg9evSgA1W11KOGIz33mgyoAPKVcEng8Ht6V + p/YdY/6Cf/kFP8azNV1GWaGJWs5o8SocsBzg9OvU1p/2tN/0D7j/AL5H+NAG + Zo9rqUmnxvBfeShLYXylbHzHPJoW11L+2GjF9+98kHf5S/d3dMdPxo0fUZYN + PjiWzmlALfMoBByx96F1GX+2Gn+xzZMIXZgbvvZz16UAGrWupR2oae+81d6D + HlKvOeDkelaf2HWP+gn/AOQU/wAazNW1GWa1CNZzRjehywAHB6da0/7Wm/6B + 9x/3yP8AGgDM0i11KSzDQX3kpub5fKVuc8nJ9aPsupf2yI/t373yM+Z5S/d3 + fd29OvOaNI1GWCzCLZzSjcxyoBHJ+tH9oy/2yJ/sc2fI27MDd97OevSgA1i1 + 1KOxZp77zk3L8vlKvcY5BrT+w6x/0E//ACCn+NZmr6jLPYtG1nNECyncwAHB + HvWn/a03/QPuP++R/jQBmaTa6lJbOYL7yl8xwR5Stkg8nJPerEEN3FrsYubn + z28ljnYF4z049+ar6VqMsNs6rZzSZkc5UAjk9OvarEF09zrsbPA8P7lhhxg9 + c5+lAHS0UUUAFFFFABRRRQAUUUUAf//Q/d6eeE63bMJF2iJ+cjFO1ueB9KuF + WRSSBwCPUVTm0ywXV7eAQKI2jclexIp+saZp8GmzywwKjqBggdORQBtxXNv5 + afvU6D+IVlaPPCv27dIozdSkZI5HFWY9H0sxqTbJkgdqzdK0ywm+2ebArbLi + RVz2UYwKALNzPCdZsmEikBJMnIwOKm1ieBtMuFWRSSvQEVQuNMsF1a0hWBQj + rIWHY4HFS6rpenw6dPLFbqrquQQOlAGvb3FuIIwZV+6P4h6Vm6VPCst9ukUZ + uGIyRyMCpoNI0xoY2a2QkqCePas/TNMsJZLwSQKwjnZVz2AA4oAtXk8J1fT2 + EikKJsnI4yoqxqtxA2m3KrIpJQ8Ais260ywTVLGFIFCSebuHY4Xip9T0rTot + PuJY7dVZUJBA6GgDSs7i3FpADKoIRf4h6Vn6ZPCt1flpFGZsjJHPFS2ukaa9 + rC7WyFmRSTjuRVHTtMsJbi9WSBWEcuFB7DHSgC1fzwnUtOYSKQrSZORx8tWt + SuIG0+5AkUkxvxkelZd7plhHqFhEkChJDJuGOuFyKtahpOmxWNxJHbqrLGxB + A6ECgC7YXEAsbcGRQRGn8Q9BVLTp4RfagTIoBkXHI5+WnWWk6bJZwSPbqWaN + STjqSKp2GmWEl5fRvArLG6hR6AigCzqM8LX2nkSKQJGzyOOKvX9xAbG4AkUk + xv8AxD0NZF/plhHeWKRwKqyOwYeoxVy90nTY7OeRLdQyxsQcdCBQBY0y4gXT + rZWkUERpxkelVLCeEanqLGRQGMeDkc/LRp+ladLYW8klurM0akkjqSKrWWmW + Emo38TwKUjMe0Y6ZXJoAtanPC1zYFZFIE2TyOOK0Lu4tzazASqSUb+IelYuo + 6ZYRXFkscCqJJcMB3GOlXrrSNMS2ldbZAVRiDjuBQBJpVxAum2ytIoIQcEiq + 1nPCNX1BjIoDCLByMHC03TNK06XT7eWS3VmZASSOpqC10ywfVL6F4FKRiLaO + wyvNAFnVp4WksdsinFwpOCOBzWncXFuYJAJV+6f4h6Vh6nplhDJZiKBVEk6q + 2O4OeK0J9I0xYZGW2QEKSOPagBNGngXTLdWkUEL0JFRW08I1m8YyLgpHg5GO + lRaVpenzadBLLbqzsuSSOtRW+mWDatdwtApRFjKjsMjmgC1rE8LfYtsinF1E + Tgjgc1qyXNv5bfvU6H+IVgapplhD9k8qBV33EatgdVOcitN9H0sIxFsnAPag + CDRJ4E0q3VpFBAPBI9TTYJ4RrdyxkXaYk5yMVBo+mafPpsEs0Cu7A5JHXk0y + HTLBtXuIDApjWNCF7AmgCzrU8LRW22RTieM8EdM1sG5t8f61P++hXPatplhD + HbmKBULTxqcDqD1Fap0bS8f8eyflQBU0CeFNJgV5FUjdwSB/EaI54f7dlfzF + 2+QozkYzuqrommWFxpkM00Cu7bskjk4YihNMsDrMkBgXyxCrBe2d3WgC1rc8 + LWsYWRSfNjPBHrWx9pt/+eqf99Cud1fTLCC2jaKBUJlQEj0J5rV/sbS/+fZP + yoAp6DPCmmoryKp3PwSB/EaUTw/2+z+Yu37MBnIxnfVXRdMsLjT0lmgV3LNy + R6MaBplh/bZt/IXy/s4bb23bsZoAs67PC9hhJFY706Ef3q2ftNv/AM9U/wC+ + hXO6zplhBZeZDAqNvQZHoTWr/Y2l/wDPsn5UAVNDnhSyIaRQfMfqR/eoaeH+ + 3lfzF2/ZyM5GM76q6PplhPZl5oFdt7jJ9AeKDplh/bS2/kL5ZgLbe2d2M0AW + tenhfTJVSRWOU4BB/iFbH2m3/wCeqf8AfQrnda0ywt9OklhgVHBXBHuwFav9 + jaX/AM+yflQBU0WeFbaUNIoPnSHkj1pJZ4f7dhfzF2+SwzkY61W0jTLCe3ka + aBXIlcAn0B4FEmmWA1mKAQL5bQsxXtkHrQBa16eF9JuFSRWJ28Ag/wAQrXFz + b4H71P8AvoVz+taZYW+mTzQwKjrtwR1GWFaY0bS8D/Rk/KgCpo08Kx3O6RRm + 4kIyR04pZ54TrVqwkXAjfJyMVV0nTLCaO4MsCsUnkUZ7AdBRNplgur20AgUR + tG5K9iR0oAu63PA+l3CrIpJA4BHqK0Yrm38tP3qdB/EKxNX0vT4NNnlhgVHU + DBHbkVfj0fSzGpNsmSB2oAraRPCpvt0ijNzIRkjkcUXU8J1mxYSKQFlycjA4 + qtpemWExvPNgVtlxIq5HRRjAoudMsE1WzhWBQkiyFhjg4HFAF/WJ4G0y4VZF + JK9ARVy3uLcW8QMq/dX+IelZOq6Xp8OnTyxW6q6rkEDpVuDSNMaCNmtkJKgn + j2oAh0qeFZb4tIozOxGSORgUXs8J1bTmEikL52TkcZUVV03TLCWW9EkCsI5m + VcjoMDii70ywTU7CFIFCSebuGODtUEUAaWq3EDabcqsikmNuAR6VPZ3FuLSA + GVQQi/xD0rO1LStOisLiWO3VWVCQQOhqa10jTXtYXa2QsyKScdyKAItMnhW6 + vy0igGXjJHPFF/PCdS05hIpCtJk5HHy1W0/TLCW5vUkgVhHLhQewxRe6ZYR6 + hYRJAoSRn3D1wvFAGpqVxA2n3KrIpJjfjI9DTtPuIBYWwMigiNP4h/dFU9Q0 + nTYrG4kjt1VljYggdCBS2Ok6bJZW8j26szRoScdSQKAE0+eEX+oEyKAXTHI5 + +WjUZ4WvdPIkUgSNnkcfLVWx0ywkvb6N4FZY3UKPQEUX+mWEd5YpHAqrI5DA + dxigDXvri3NlcASqSY3/AIh6Go9MuIF062VpFBEa8Ej0qC80nTY7Od0t1DLG + xBx0IFM07StOlsLeSS3VmaNSSR1JFABYzwjVNRYyKAxiwcjn5aNUnha5sCsi + nEwJwRxxVaz0ywk1G/ieBSkZj2j0yuTRqOmWEVxZLHAqiSXawA6jHSgDauri + 3NrMBKpJRv4h6VW0m4gXTbZWkUEIOCRTLnSNMS2lZbZAQjEHHfFQaZpWnTaf + byy26s7ICSR1NAD7OeEavqDGRQGEWDkc4U0atPC0ljtkU4uEJwRwOaq2umWD + 6pfQtApSMRbR2GV5o1PTLCF7MRQKoknVWwOoOeKANye5tzBIBKv3T/EPSqOj + TwLpdurSKCF6Ej1p82j6YsMjC2QEKT09qpaTpenzadBLLArOy5JI680AS208 + I1m8YyLgpHg5GOlLrE8LCz2yKcXMZOCOBzVW30ywbVruFoFMaJGVGOASOaNV + 0ywhFp5UCrvuI1bHdTnIoA33ubfY371Oh/iFZmhzwJpVurSKCAeCR6mp30fS + wjEWydD2rO0fTNPn02CWaBXdgckjk8mgCxDPCNbuGMi7TEnORjrSa1PC0NuF + kU4njPBHTNVotMsG1eeAwKY1jQhewJNGr6ZYQRQGKBVLTIpx3BPIoA6L7Tb/ + APPVP++hWNoE8KaRAryKpG7gkD+I1c/sbS/+fZPyrK0TTLC40uGaaBXdt2Se + pwxFAFmOeH+3ZX8xdvkKM5GM7qXW54WtECyKT5sfQj1qqmmWB1qS3MC+WIQw + Xtnd1o1fTLCC2R4YFQmRBkehPNAHRfabf/nqn/fQrn9I1LTrTTo0u7qKFizk + B3VSfmPqa0/7G0v/AJ9k/KvLvFOhxXXhRdTgjHn2kjFiOpjLbT+XB/CgaO5G + s6R/bpl+3QbPs2N3mrjO/pnPWvm3UGVr+5ZTkGRyCOhG41UooKSPqfTta0ZN + PtUe/t1ZYkBBlQEEKPeofD+pac9qYVuomkMjnaHXOM9cZr5er2H4ZaDb3MF1 + qt5GJASIowfblj/L9aBNHpDTw/28j+Yu37ORnIxndRr08L6XKqSKxJTgEH+I + VWbTLD+2lt/IXyzAW244zuxmjWtMsLfTpJYYFRwVwR7sKCTovtNv/wA9U/76 + FY+izwrbzBpFGZpDyR61b/sbS/8An2T8qytI0ywnglaWBXIldRn0B4FAFqWe + H+3IX8xdohYZyMdaXXp4X0m4VJFYkLwCD/EKqSaZYDWIYBAvltEzFe2QetLr + WmWFvpk80MCo67cEdR8woA31ubfaP3qdP7wrI0aeFUut0ijNxIRkjpxVtdG0 + vaP9GT8qy9J0ywmS5MsCtsnkUZHQDGBQBZnnhOtWrCRdojfnIxUmtTwNpdwq + yKSVHAI9RVKbTLBdXtoFgURvG5K9iR0p+r6Xp8GmzyxQKjqOCB05oA24rm38 + pP3q9B/EPSsvSJ4VN9ukUZuZCMkcjirEWj6YY0JtkJIHas3S9MsJjeebArbL + h1XPZRjAoAtXU8J1ixYSKQFlycjA4qbWJ4G0y4VZFJKHgEVn3OmWCarZwrAo + SRZCw7HA4qbVNL06HT55YrdVdVJBA6UAattcW4togZV+4v8AEPSs3Sp4Vmv9 + 0ijM7EZI5GKmt9I0xoI2a2QkqCTj2qhpumWEst6JIFYRzFVz2GOlAFq9nhOr + acwkUhfOycjjK1Z1S4gbTrlVkUkxtwCPSsy70ywTU7CFIFCSebuGODhcirGp + aVp0VhcSR26qyoxBA6HFAGjZ3FuLOAGVQRGv8Q9KoabPCt3flpFAMoxyOeKf + aaRpr2sLvboWZFJOO5FUtP0ywlub1JIFYRyYUHsMUAWb+eE6jpzCRSFZ8nI4 + +Wrmo3EDafcgSKSYn4yPQ1lXumWEd/YRpAqrIzhhjrheKtX+k6bHY3Ekduqs + sbkEDoQDQBc0+4gWwtgZFBEScZH90VS0+eEahqBMigM6Y5HPy06x0nTZLK3k + e3VmaNCTjqSBVSx0ywkvr6N4FZY3UKPQEUAWtRnha808iRSBIc8jjir19cW5 + srgCVSTG/wDEPQ1j3+mWEd3YpHAqrJIQwHcYq5eaTpsdpO6W6BlRiDjoQKAJ + 9MuIF062VpFBEa8Ej0qtYzwjVNRYyKAxiwcjn5aTTtK06Wwt5JLdWZo1JJHU + kVWs9MsH1K/ieBSkZj2j0yuTQBZ1SeFriwKyKcTAnBHHFaN1cW5tZgJVJKN/ + EPSsXUtMsIp7JY4FUSTBWx3GOlX7nSNMS2ldbZAVRiDjuBQA7SZ4F022VpFB + CDgkVBaTwjV79jIoBEWDkYPymo9L0rTptPt5ZbdWdkBJI6mobXTLB9UvYWgU + pGIto7DI5oAtatPCz2O2RTi4QnBHA5rTmubcwyASr90/xD0rC1PTLCF7MRQK + vmTorY7g54rRm0fTFici2QEKe3tQAzRp4F0u3VpFBC9CR61FbzwjWrtjIuCk + eDkYqLSdL0+bToJZYFZ2XJJHXmo4NMsG1a6gaBTGiIQOwJ60AWdYnhZbPbIp + xcxk4I6c1rPc2+xv3qdD/EKwNV0ywhFr5UCrvuI1OO6nORWm+j6WEYi2Toe1 + AEGhzwppVuryKpAPBIH8RpsM8P8Abdw3mLtMSDORjrVfRtM0+fTYJZoFd2By + SOTyabFplgdYngMCmNYlIXsCTQBa1qeFoYAsinE8Z4I6ZrY+02//AD1T/voV + zuraZYQxQNFAqlpkU47gnkVq/wBjaX/z7J+VAFPQJ4U0mFXkVSN/BIH8Rrzz + 4i6x9ld7O1cFryJUYqeiBskcevA+ma7rRNMsLjTIZpoFd23ZJHPDEV4N4xuY + bjxFdrbKEhgbylA6fJwfzbNA0QeHNMGpagplA8iEqz56HJwB+P8AIGvqH7Tb + DgSp/wB9CvK/DehQWXhW3vZox595KrknrsJwo+hHP416R/Y2l/8APsn5UAyp + oU8KacqtIoO5+pH940efD/b+/wAxdv2XGcjGd9VdG0ywnsFkmgV2LOMkejGj + +zLD+2/s/kL5f2fdtxxu34z+VAi1rs8L6eVWRSd6dCP7wrY+02//AD1T/voV + zus6ZYQWJkhgVG3IMj3YVq/2Npf/AD7J+VAFTQ54Us2DSKD5j9SPWkeeH+3k + fzF2/ZyM5GM7qraPplhPaM80Cu3mOMn0B4obTLAa0luIF8swFtvbO7GaALOv + zwvpUypIrElOAQf4hWz9pt/+eqf99Cud1vTLC302WWGBUcFcEe7AVq/2Npf/ + AD7J+VAFTRZ4VgnDSKMzyHkj1olnh/tyBvMXaIWGcjHWqukaZYTQzNLArlZn + UZ9AeBRLplgNYhgECiNomJXsSD1oA+I/20bXOreF9UjYOksFzCSDnBjZG5+u + /j8a+I6/Uj9prwBba98MbnUdMtwt5oci3i7Ry0Q+WVfwVt3/AAGvy3r8+4go + uOJcuj1PyjivDOGMlLpKz/Q/XL4Da3a6t8K9CuVlXMcCQNkjO+3URNn8Vr0u + eaE6tbMJFwEfJyMV+cH7OXxa0nwVqUvhfxcVXRtScPHO+cW0+MZb/YcYDH+E + gHpuNfoobTTZb+0NuiPBNGzgqcqwIyCCOo9K+oyvGRrUlbdbn2+SZhHEUItP + VKz/AK8y/q08LadOqyKSR0BHrVHW9C8M+KdKGleI7S31C1YA7JgGwcdVPVW9 + wQRU2p6dYw2E0kUKqyjgj61bi0rTzGhMC5IFepTqShJSi7NHq1KcZxcZK6Z8 + deIP2UPDuqSXVx4T1ltLZZXCwXA86LaOgV8q4Hud1eMat+zF8TNOuBBafYtR + 352tBchQQPXzQmK/R7TtPspTdeZCrbJnUZ7AY4ouNPsl1K0iWFQjiTcPXA4r + 7DBce5lRXK5qS/vK/wCKsz47G8AZbWfMoOL/ALrt+DuvwPzIP7OvxcUM0ujx + oq9Sby2P6LKT+ldxoX7J/jXUCkmtarYaZC2CcO08oz/sgKv/AI/X6CajptjF + YzSRwqrKuQR2qeDS9PaCNmgUkqCfyrrreJGYyVoqMfRf5tnJR8Nsug7y5per + /wAkj54+H/7Onw38NTyXerr/AG7dwPhWu9vk8dxCPlP/AAItX0BcPbJf6ckT + IscYkACkAKNuAOOlQ2Gn2Ust2skKsElKr7D0pbrT7JNQsolhUJJ5m4euF4r4 + /H5niMVPnxE3J+f6dF8j7HAZZh8LHkw8FFeX69X8y/qM8LWFwFkUko3AI9Kl + tLiAWsIMighF7j0qlf6bYRWU8kcKqyoSD6HFSWul6e9tE7QKSyKSfciuE7iP + T5oVur0mRQDIMcjnii9mhN9YkSKQGfPI44qvY6fZSXN4jwqRG4Cj0GKLzT7K + O8s40hULIzBh64FAGlfzwNY3AEikmNu49KWxngFlbgyKCI07j0FVb3TLCOzn + kSBQyoxB9CBS2emWElnBI8ClmjUk+pIoASymhF9fEyKAWTByOeKTUJoWurIi + RSBIc8jjioLPT7KS8vI3hUrGyhR6ZFJfafZR3NmiQqBI5DD1GKARq3k8BtJw + JFJKN3HpUWnTwrYW4aRQQi8Ej0qK60ywS1mdYFDKjEH3AplhpthLZQSSQqzM + gJPqcUAFnNCNSv2MigEx4ORz8tLqM0LTWZWRTiYE8jjiq1rp9k+oXsTQqVj8 + vaPTK80t/p9lFLaLHCqh5QG9xigGa1xcQG3lAkX7rdx6VX0yeFdPgVpFBCjg + kU2fS9PWCRlgUEKSPyqDTtNsZbGGSSFWZlBJPegB1tNCNVvWMigER4ORg8Ua + nNCzWe2RTidCcEcDmq9vp9k2pXcTQqUQR7R6ZHNGo6fZRNaiOFV3zKrY7g9q + ANmW4g8p/wB6vQ9x6VS0meFdOgVpFBA6Ej1p8ulaeI3IgXIBqppmnWM1hDJL + CrMw5J+tAEsE0I1a5YyLgomDkYpNVmhZbbbIpxOhOCOnNQQ6fZNqdxCYVKKi + ED0JpNT0+yhW3McKrumRTjuDnIoA23uINp/er09RWdo00KabCrSKCAeCR/eN + TtpWnBSRAvSqGladZT6fDLLCrO2ck/U0ATRTQjWJm8xcGJecjHWvF/2mdbtN + O+EWqRmVTLfSQ28YBHLO2SP++FY/hXq9wmj6fdXdxqJit7O2hEjvIwVEUdWJ + PAGK/NP4/wDxVsfiH4hj0/w4uzQtKLCFsFTcSNw0pB5A4wgPIGTxuIHlZvjI + 0qLXV6I8PiDMI0MPJN+9JWS9T5/r9Af2LrUW+ieJ9TlYKlxcW0IycZMKOx/9 + GCvz+r9Z/gF4CtPDPwv0q21C2H26833VxuHIeU8KfdUCqfcV8/w5RcsRz9Ev + +AfIcIYZzxfP0in+Oh62k8P9uyP5i7fs4GcjGd1GtzwtZoFkUnzY+hHrVVdM + sDrTwGBfLEAbb2zuxmjWNMsILVXhgVGMiDIHYnmvvT9TOi+02/8Az1T/AL6F + Y2hTwpp6q8iqd78Ej+8auf2Npf8Az7J+VeNaj4pXR7k2Q0+G4xzvfdnknjig + aR6158P9v7/MXb9lxnIxnfRrs8L6cypIrHcnAI/vCuS8Kz22vyJcz2kcStCx + 2LnblZMZ574ro9Z0ywgsGkhgVGDIMj3YUCOi+02//PVP++hWPok8K2bhpFB8 + 2TqR61b/ALG0v/n2T8qytH0ywntWeaBXYSOMn0B4oAsvPD/b0b+Yu3yCM5GM + 7qXXp4X0qZUkViSnAIP8Qqq+mWA1qO3EC+WYC23HGd3WjWtMsLfTZZYYFR12 + 4I92AoA6L7Tb/wDPVP8AvoVjaLPCsE4aRRmeQ8ketXP7G0v/AJ9k/KsrSNMs + J4ZmlgVyszqMjsDwKALU08P9t27eYu0ROM5GOtLrs8D6VcKsikkDgEf3hVSX + TLAaxBAIFEbRMSvYkGnazpmnwabPLDAqOoGCByORQBvJc2+0fvU6D+IVk6PP + Cq3e6RRm5kIyR04qyuj6WVBNsnT0rM0rTLCZbrzYFbZcSKM9lGMCgC1cTwnW + rRhIuBHJk5GKk1qeBtLuFWRSSvQEetUZ9MsF1a1hWBRG6OSOxI6VJq2l6fBp + 08sUCo6rwQOnNAGzDc24hjBlX7o/iHpWXpE8KvfbpFGblyMkcjirEOj6Y0SM + bZCSo7e1Z2l6ZYTNeCWBW8ud1XPYDGBQBZu54TrFgwkUgCXJyMDirGrTwNpt + yqyKSUPAIrOutMsE1WyhWBQkgk3DHBwOKm1TStOh0+4lit1V1QkEDoaANS1u + LcW0IMq/cX+IelZ+lzwrPflpFGZyRkjngVLb6RpjW8TNbISVUk49qoadplhL + NerJArCOYquewx0oAs308J1XTmEikKZcnI4+WrWqXEDadcqsikmNuAR6VmXm + mWCalYRJAoSQybh64XIqxqOladFYXEkduqsqMQQOhAoA0LG4txZW4MqgiNP4 + h6CqGmzwreagWkUAyDHI54p9npOmyWkDvboWZFJOOpIqnp+mWEt3fJJArLHI + AoPYYoAtahPCdQ09hIpCu+eRx8tXNQuIGsLkCRSTE/GR/dNZN9plhHfWMaQK + qyM4YeuFq3faTpsdlcSJbqrLG5Bx0IBoAtadcQDT7UGRQREmfmH90VUsJ4Rq + OoMZFAZkxyOflosNJ02Sxt5JLdWZo0JOOpIGaq2WmWEl/fRvApWNkCjHTK80 + AWdSnha708rIpAlOcEccVfvbi3NnOBKpJjb+IelY+oaZYRXVikcCqskhDADq + MVdu9J01LSZ0t0DKjEHHQgUATaXcQLp1srSKCI14JHpVWynhGraixkUBvKwc + jnC0mm6Vp0thbySW6szIpJI6nFV7PTLB9Tv4XgUpH5W0Y4GVyaALWqTwtNYF + ZFOJwTgjgYNaNzcW5tpQJV+438Q9KxNS0ywilsljgVRJMFbHcYPFX7jSNMW3 + kZbZAQrEHHtQAukTwLplsrSKCEHBIqC1nhGsXzGRQCsWDkYPFM0vS9Om0+3l + lt1Z2UEkjrUNtplg+q3kLQKUjWPaOwyOaALOrzws1jtkU4uYycEcDmtSa5t/ + Jf8Aer90/wAQ9KwtU0ywhNn5UCrvuEVsd1OcitGXR9METkWyAgHtQBHos8Ca + Xbq0ighehI9TTLeeEa1dMZFwY48HIxUGkaXp8+mwSywK7sOSR15pkGmWDatc + wNApjREIXsCetAFrWJ4WS02yKcXEZOCOnNazXNvtP71On94Vz+q6ZYQpbGKB + V3zxqcdwc5FajaNpe0/6Mn5UAVtCnhTSbdXkVSA3BIH8RpsU8P8Abk7+Yu0w + qM5GOtV9G0zT59MglmgV3YHJI5PzGkj0ywOszQGBfLWJWC44yT1oAs61PC1v + CFkU4mjPBHrWz9pt/wDnqn/fQrndX0ywggiaKBULTIpx6E8itX+xtL/59k/K + gCpoM8KaXEryKpy/BIH8RoWeH+3nfzF2/ZwM5GM7qq6LplhcabFLNAruS2Sf + ZiKF0yw/tp7fyF8sQBtuOM7sZoAta5PC9moWRSfMToR61sfabf8A56p/30K5 + 3WNMsILRXhgVG8xBkehPNav9jaX/AM+yflQBT0KeFNPAeRVO9+pH940GeH+3 + w/mLt+zYzkYzvqto2mWE9iJJoFdt7jJ9AaP7MsP7bFv5C+X9n3bccbt+M/lQ + BZ16eF9OdUkVjuTgEf3hWz9pt/8Anqn/AH0K53WtMsILBpIYFRgyDIHqwrV/ + sbS/+fZPyoAqaJPCto4aRQfNk6ketOMkb69GUYN+4YcHP8VU9I0ywntneaBX + IkcZPoDxU0dpbWuuxrbxiMeQxwPXdigDoqKKKACiiigAooooAKKKKAP/0f3P + lt9TGqwI12plMbEN5Y4HcYp+rW+qJp0zT3iyRgDKiMDPI75pkupFtVgm+yTj + bGw2lPmOe4GelP1bUzPp00X2S4j3AfM6YUcjqc0AXo7XWdi4vlAwP+WQ/wAa + ztMt9Tf7X5N2seLiQNmMHc3GT14z6Vox6uQij7DcnAH/ACz/APr1naZqRh+1 + /wCiTyb7iRvlTO3OODz1HcUAFxb6mNUtUe7UyFX2t5Y4GOeO+al1O21VLCdp + rxZEC8qIwMj65qK41ItqlrN9knGxXG0p8xyOwz271LqeqGawni+x3CblxuZM + KPqc0AWobXWDDGVvlA2jA8oen1qhp1vqbSXYhu1QrMwb92Dubjn2q/Dq5WGN + fsNycKBkR8dPrVDTtSMUl2fsk775mb5Uztzjg88GgAurfUxqVkj3atI3m7G8 + sDbheeM85qfUbbVVsZ2mvFdAhyvlgZH1zUF1qRfUrKb7JOvl+b8pT5myv8Iz + zjvU+o6oZbGeP7HcJuQjcyYA+pzQBNbWurm2iKXqqpRcDygcDH1qlYW+ptcX + giu1Rllwx8sHccdevFXbbViltEn2K5baijIj4OB25qlYakYri8b7JO/mSZwq + ZK8dDzwaAC8t9TW/sVku1Z2L7G8sDb8vPHfNWb+21ZbK4aW9V0EbEjywMjHI + zmq15qRkv7GX7JOvll/lKYZsrj5RnnHerN/qpksriP7FcJujYZZMAZHUnPSg + B1na6u1pA0d6qqUXA8oHAxwM5qpZW+ptd3qx3aoyuu8+WDuOOuO1W7PVTHaQ + R/YrltqKMrHkHA6jnpVSy1Ix3d7J9knbzHU4VMlcD+LnigAvrfU1u7IS3auz + O2w+WBtOOuM81bvLXV1tJ2kvVZQjZHlAZGORnNVL7UjJd2T/AGSdPLdjhkwW + 46Dnmrd5qpktJ4/sVyu5GGWjwBkdTz0oAbYW2rNZQNFeqiFFwvlg4GOBnNVr + O31Nr++WO7VXUpvbywd3y8cdsVZsNVMVlBH9juH2ooyqZBwOoOelVrPUjHf3 + 0v2SdvMKfKEyy4X+IZ4z2oAL+31NZ7MS3auWlwp8sDacdevNXbm11gW8pe+V + lCNkeUBkY+tUr/UjLPZt9knTy5c4ZMFuOg55NXbnVi9vKn2K5XcjDJj4GR35 + oAh0621VrGBobxUQoML5YOB9c1Ba2+pnU71Eu1WRRHvbywd2V44zxip9O1Qx + WMEf2O4fagG5UyD9DmoLXUimp3s32SdvMEfyhPmXC/xDPGe1ABqVvqavZ+dd + q5aZQuIwNrc4PXn6VfmtdYEMha+Ujacjyh6fWqGpakZZLM/ZJ02TK3zJjdjs + OeTV+bVy0Mi/YbkZUjJj46fWgCppdtqr6fA0F4saFeFMYOPxzUcFvqZ1S6Rb + tRIFTc3ljkY447YqTS9TMOnwRfY7iTauNyplT9Dmo4NSK6pdTfZJzvVBtCfM + MDuM9+1ABqdvqafZfOu1kzcRhcRgYbnB98elaL2us7GzfKRg/wDLIf41nanq + Rm+y/wCiTpsuI2+ZMZxngc9T2rRfWCUYfYbocH/ln/8AXoAo6Tb6o+nQtBeL + HGQcKYwccnvmmRW+pnVZ0W7USiNSW8scjsMU/SdTMGnQxfZLiTaD8yJlTyeh + zTItSK6rPN9knO6NRtCfMMdyM9KADVbfU0jgM92sgMyAYjAw3Y/hWmbTWv8A + n/X/AL9D/GszVdSM0cA+yTx7Zkb50xnHYc9T2rTOsH/nxuv+/f8A9egDM0a3 + 1N9Nha3u1ijO7CmMNj5j3zQlvqf9ryILtRKIQS/ljBXPTFGjakbfTYYfsk8u + 3d8yJlTlieDmhNSI1eSf7JOcwhdmz5hz1xnpQAatb6mluhnu1kXzEAAjAwc8 + HrWp9k1r/n/X/v0P8ay9W1Iz26L9knjxIhy6YHB6detan9sH/nxuv+/f/wBe + gDL0e31N7BGt7tYky2FMYb+I55zQLfU/7ZKfa183yAd/ljG3d0xn170aPqRg + sEi+yTyYZvmRMryx75oGpH+2TcfZJ/8AUBdmz5/vZzjPSgA1e31NLPdcXayJ + vTgRhec8c1qfZNa/5/1/79D/ABrL1fUjPZ+X9knj+dDl0wOD9a1P7YP/AD43 + X/fv/wCvQBl6Tb6m9oTBdrGu9+DGDznk5zQbfU/7YVPta+b5BO/yxjbu6Y+v + ejSdSMFoU+yTyfO5yiZHJ6daDqR/thbj7JPxAV2bPn+9nOM9KADWLfU00+Rr + i7WVAVyojC5+YY5rU+ya1/z/AK/9+h/jWXrGpGewki+yTx5K/M6YUYYHrmtT + +2D/AM+N1/37/wDr0AZelW+pvBIYLtY1Erggxg5OeT170SW+pjV4kN2plMTE + P5YwBnpijStSMMEi/ZJ5MyucomQMnp16iiTUidXin+yTjETLs2fMeeoGelAC + 6xb6mmmzNcXayxjblRGFz8w75rSFprOB/p6/9+h/jWbrGpGfTZovsk8e7b8z + phR8w6nNaQ1g4H+g3X/fv/69AGZpdvqbpceRdrGBM4OYwct3PXv6UTW+pjVb + dGu1MpR9reWOB3GM0aXqRhjuB9knk3zO3yJnGex56jvRNqRbVbeb7JONqONp + T5jnuBnpQA/VrbVE0+Zp7xZIwBlRGBnkd81ejtdZ2Li+UDA/5ZD/ABqjq2pm + fT5ovslxHuA+Z0wo5HU5q9Hq5CKPsNycAf8ALP8A+vQBnaZb6m5u/Ju1j23D + hsxg7m4yevGfSi4t9TGqWiPdq0jLJtbywNvHPHfNGmakYTd/6JO++4dvlTO3 + OODz1HcVha94ys9K1e0e6tLhdkbtgqASG4GMn2oCx0Wp22qpYTtNeLIgXlRG + BkfXNWoLXWDDGVvlAKjA8ocDH1rno/Ftr4g0m6e0tZ1UfIWZRtB4PJBNdDBq + 5WGNfsNycKBkR8Hj60AUNOt9TaS8EV2qFZmDfuwdzYHPtRdW+pjUrFHu1aRv + N2N5YG3C88d80adqRikvD9knffMzfKmduQODzwaLrUi+pWMv2SdfL835SmGb + K4+UZ5x3oAn1G21ZbGdpbxXQIcr5YGR6ZzU1ta6ubaIpeqqlFwPKBwMfWodR + 1Qy2M8f2O4TchG5kwB7k5qa21YpbRJ9iuW2ooyI8g4HbmgClYW+ptcXgiu1R + lkwx8sHccdfai8t9TW/sVku1Z2L7G8sDb8vPGec0WGpGK4vH+yTv5kmcKmSv + HQ88Gi81IyX9jL9knXy2f5WTDNlf4RnnHegCzf22rLZXDS3qugjYkeWBkY5G + c06ztdXazgaO9VUMakDygcDHAzmm32qmSyuI/sVwm6NhlkwBkdSc9KWy1Ux2 + cEf2K5bbGoyseQcDqOelAFWyt9Ta8vVju1V1dd58sHccenai+t9TW7shJdq7 + M52nywNpx1xnmiy1Ix3l7J9knbzHU4VMlcD+Lnii+1IyXdk/2SdfLcnDJgtx + 0HPNAFu8tdXW0naS9VlCNkeUBkY5Gc0ywttWaxgaK9VEKLhfLBwMdM5p93qx + ktJk+xXK7kYZMeAMjqeelMsNVMVjBH9juH2oo3KmQcDqDnpQBXtLfU21C+WO + 7VZFMe9vLB3ZXjjPGKNQt9TWezEt2rs0uFPlgbTjr15otNSMeoX0v2SdvMMf + yhMsuF/iGeM9qNQ1Iyz2bfZJ08uXdhkwW46Dnk0AXbi11gW8pe+VlCtkeUBk + Y+tQabbaq1hA0N4qIUGF8sHA+uanuNWL28q/YrlcqwyY+Bx35qDTdUMVhBH9 + juH2oBuVMqfoc0AQ21vqZ1O9RLtVkUR728sHdkccZ4xRqNvqavaeddq5aZQv + 7sDa3OD7/Si21Ipqd7N9knbzBH8oT5lwO4zxntRqOpGV7Q/ZJ02TK3zJjdjP + A55NAF+a11gROWvlI2nI8oen1qppdtqr6fA0F4saFeFMYOOfXNW5tXLROv2G + 5GVPJj46fWqml6mYdPgi+x3Em1cbkTKnnsc0ARwW+pnVLpFu1EgVNzeWOR24 + zxijU7fU0Fr512smZ4wv7sDDc4PXnHpRBqRXVLqb7JOd6oNoT5hj1Ge/ajU9 + SMwtf9Enj2Txt8yYzjPA56ntQBpPa6zsbN8p4P8AyyH+NZ+k2+qPp0LQXaxx + kHCmMHHJ75rQfWCUYfYbrof+Wf8A9es/SdTMGnQxfZLiTaD8yJlTyehzQA2K + 31M6tOi3aiURqS3ljkZ4GKNVt9TSKEz3ayAzIABGBhs8H8KItSI1aef7JOd0 + ajaE+YYPUjPSjVdSM0UI+yTx7ZkbLpjOD0HPU9qANT7JrX/P+v8A36H+NZej + W+pvpsLW92sUZ3YUxhsfMe+a1P7YP/Pjdf8Afv8A+vWXo2pG302GH7JPLt3f + MiZU5Yng5oAEt9T/ALYkQXaiUQgl/LGCuemKNWt9TS2Qz3ayL5iAARgc54NC + akRrEk/2SfmELs2fN164z0o1bUjPbIn2SePEiHLpgcHp160Aan2TWv8An/X/ + AL9D/GsWw0++vtJa3+0qtvMJEZDGDwSQefetr+2D/wA+N1/37/8Ar1l6PqRg + sVj+yTyYZvmRMryxPXNAHzhqFlLp19PYT/ft3ZD74PX8etU69A+IkStrCagk + EkAuIxuEi7SWXjP0Ix+Rrz+g0HKrOwRBlmOAB3Jr6M8L6ZqNpo0VtbXSxLGW + BHlhvmz8xz9a8e8FWf2nXoJ3gknitP3rCNdxyv3f/HsV7dpGpGC1KfZJ5Pnc + 5RMjk9OvWgmQNb6n/bCp9rXzfIJ3+WMbd3TGfXvRrNvqaafI1xdrKgK5URhc + /MMc5obUj/bC3H2SfiArs2fP97OcZ6UaxqRuNPki+yTx5K/M6YUYYd80Emp9 + k1r/AJ/1/wC/Q/xrL0q31N4ZTBdrGBK4IMYOTnk/jWp/bB/58br/AL9//XrL + 0rUjDDKv2SeTMrtlEyBk9Dz1FABJb6mNXiQ3amUxMQ/ljAGemKXWLfVE06Zr + i7WSMYyojAz8w75pJNSJ1eKf7JONsTLs2fMcnqBnpS6xqRn06aL7JPHux8zp + hR8w6nNAGitprO0f6ev/AH6H+NZul2+pulx5F2sYE7hsxg5bufx9K0l1g4H+ + g3X/AH7/APr1m6XqRhS4H2SeTfO7fImcZ7HnqO9ABNb6mNVt0a7UylH2t5Y4 + HcYzT9VttUTT5mnvFkjA5URgZ59c0ybUi2q28/2ScbEcbSnzHPcDPSn6rqZn + 0+aL7JcR7h950wo57nNAF2O11kxqRfKBgf8ALIf41n6bb6m5u/Ju1TbO4bMY + O5uMnrxn0rQj1ciNR9huTgDpH/8AXrP03UjCbv8A0Sd987t8qZxnHB54IoAL + i31ManaI92rSMsm1vLA24HPHfNS6nbaqlhO014siBeVEYGR9c1FcakX1O0m+ + yTjYsnylPmbI7DPOO9S6nqhmsJ4vsdwm5cbmTCj6nNAFmC11gwRlb5QpUYHl + DgY+tUdOt9TaW8EN2qFZiGPlg7mx19qvQasVgjX7FcnCgZEfB4+tUdO1IxS3 + h+yTv5kxbCpnbx0PPBoALq31MalYq92rSN5uxvLA24XnjvkVPqFtqy2M7S3i + ugRsr5YGRjpnNQXWpF9SsZfsk6+X5vylMM2Vx8ozzjvU+oaqZbGeP7HcJuRh + uZMAZHUnNAEtra6ubaEpeqqlFwPKBwMdOtU7C31Nrm8EV2qMsmGPlg7jjr7V + ctdWKW0KfYrltqKMiPIOB1HNU7DUjHc3j/ZJ38yTOFTJXjoeeDQAXlvqa31k + sl2rOzPsbywNvHPHerN9bastlcNLeq6CNiR5YGRjkZzVa81IyX1lJ9knXy2c + 7WTBbI/hGeas32qmSyuI/sVym6Nhlo8AZHU89KAFsrbV2s4GjvVRDGpA8sHA + xwM5qrZW+pte3qx3aq6su8+WDuOOOM8VastVMdnBH9iuW2xqMrHkHAHI56VV + stSMd5eyfZJ28xlOFTJXA/i54oAL631NbqyEt2rsznafLA2nHXrzVy7tdXFr + MZL1WUI2R5QGRjkZzVO+1IyXVk/2SdPLcnDJgtx0HPJq5d6sZLWZPsVyu5GG + THgDI6nmgCOwttWaxgaK9VEKLhfLBwMdM5qvaW+ptqF8sd2qyKY97eWDuyvH + GeMVYsNVMVjBH9juH2oo3KmQcDqDnpVe01IpqF9L9knbzDH8oTLLhcfMM8Z7 + UAGoW+prNZiW7Vy0oCnywNpx196vXFrrAt5S98rKFbI8oDIx9ao6hqRlms2+ + yTp5cobDJgtx0HPJq9casXt5V+xXK5Vhkx8DjvzQBX0221V7CBobxUQqMKYw + cD65qG2t9TOp3iJdqsiiPc3lg7sjjjtiptN1QxWEEX2O4faoG5Uyp+hzUNtq + RTU7yb7JO3mCP5QnzLgdxnjPagA1K31NGtPOu1fdOoX92BtbnB9/pWhLa6wI + nLXykYOR5Q9PrWfqWpGVrQ/ZJ02Tq3zJjdjPA55NaEurkxOPsNyMqeTHx0+t + AFPS7bVX0+BoLxY0K8KYwcc+uajgt9TOq3KLdqJQibm8scjtx2xUml6mYdPg + i+x3Em1cbkTKnnsc1HBqRXVbmb7JOd6INoT5hj1GaADVLfU0Ft512smZ0C4j + Aw3OD15x6VpPaaztOb5cYP8AyyH+NZuqakZha/6JPHsnjb5kxnGeBz1PatJ9 + YJRh9huuh/5Z/wD16AM/SLfVH06FoLtY4yDhTGDjk9802K31M6tMgu1EojUl + /LGCM8DGadpGpmDToYvslxJtB+ZEyp5PQ5psWpEatNP9knO6NRtCfMMHqRnp + QAarb6mkUJnu1kBmQACMDDZ4P4VqfZNa/wCf9f8Av0P8ay9V1IzRQj7JPHtm + RsumAcHoOeprU/tg/wDPjdf9+/8A69AGJYDUYNEN5DdrHFEkj7TGDgKSTzXz + miy3t0qZ3STuBk92Y/4mveLvUjB4Ou7cW8xzDKvmBfk+ckdc+9eMeHcf29p5 + KNIFnjbaoyTtYHAFBUT32/sL+z0+CBrpXiiaNFURgYxwOc9q2fsmtf8AP+v/ + AH6H+NZerakZ7ZU+yTx4kQ5dMDg9OvWtT+2D/wA+N1/37/8Ar0EmXpFvqb2S + tb3axpub5TGG53HPNH2fU/7Z8v7Wvm/Z87/LGNu/pj696NI1IwWSx/ZJ5MMx + yiZHJPfNH9pH+2ftH2Sf/j327Nnz/fznGelABq9vqaWRae7WRNy8CMLzkY5r + U+ya1/z/AK/9+h/jWXq+pGeyMf2SeP5lOXTA4I75rU/tg/8APjdf9+//AK9A + GXpNvqb2rGC7WNd78GMHnPJ60Nb6n/bCIbtfN8kkP5Yxt3dMZ/WjSdSMFqU+ + yTyfO5yiZHJ6detDakTrCXH2SfiErs2fP97OcZ6UAGs2+ppp0jXF2ssYK5UR + hc/MMc5rU+ya1/z/AK/9+h/jWXrOpG406WL7JPFkr8zphRhgeTmtT+2D/wA+ + N1/37/8Ar0AZelW+pvDKYLtYwJXBBjByc8n8aJLfUxq0KG7UymJiH8sYAz0x + mjStSMMMq/ZJ5N0rtlEyBk9Dz1FEmpE6tDP9knG2JhtKfMcnqBnpQAa1a6l/ + Zk/2q6WaEgBk8sDcCRxX5nfHn4L6h8NNaOq2EZm8P6i5aGRRxBI3Jhf0x/Ae + 6+4Nfplq+pmfTpovslxHuA+Z0wo5HU5o1U6br2lz6PrOjzXlldJslikiDKyn + 8fxB6g8jmvOzPLo4inyvRrZnkZzlEMXS5Xo1s/66H4l16b4L+MPxB8BeXFoG + qN9ljztt5wJoQD1Cq3K577SK9q8f/swazDcXGpfDqOS9tPMf/Q5RiaIZ4VXP + D49GII9WNfMWt+G/EHhu5+x+INNudNm/u3ETRE/TcBke4r4OthcRhpXaa81/ + mfl+IwWKwU7tOL7rb7z6Qb9rr4izW5gurDTpA3BxHIuf/IhqcftgfENQFGn6 + fgcfck/+Lr5Ooqv7WxP87LWf4z/n4z6th/a68fwbzHp2njzGLt8knJPX+Oh/ + 2uvH7zRztp2nl48hTsk4z1/jr5Soo/tbE/zsP7fxn/Px/gfV037XnxBniaGX + TtPKuMEbJP8A4unr+1/8Q0UIunaeAowPkk7f8Dr5Ooo/tbE/zsP7fxn/AD8f + 4f5H1ZF+114/haRo9O08GVtzfJJyf++6V/2uvH8ksc76dp5eLO07JONwwf46 + +UqKP7WxP87D+38Z/wA/H+B9Xy/te/EGaNopNO08q4wRsk6H/gdKn7X3xCjR + Y007TwqgAfJJ0H/A6+T6KP7WxP8AOw/t/Gf8/H+H+R9WRftdeP4Xkkj07Tw0 + py3yScn/AL7ok/a68fyyRyvp2nloiSp2ScZ/4HXynRR/a2J/nYf2/jP+fj/A + +r5P2vfiFLG0T6dp5VwQfkk6H/gdLH+178Qoo1iTTtPCoAB8knQf8Dr5Poo/ + tbE/zsP7fxn/AD8f4f5H1bH+114/ikklTTtPDSkFjsk5xx/fpJf2uvH8zxyS + adp5aI5X5JOD/wB918p0Uf2tif52H9v4z/n4/wAD6wf9r74hSI0b6dp5VgQf + kk6H/gdJF+178QYY1ij07TwqAADZJ0H/AAOvlCij+1sT/Ow/t/Gf8/H+H+R9 + WJ+114/jlknTTtPDy43HZJztGB/HSy/tdeP5mjaTTtPJjbcvyScH/vuvlKij + +1sT/Ow/t/Gf8/H+B9Yt+1/8Q3Uo2naeQwwfkk7/APA6ZD+158QYIlhj07Tw + qDAGyT/4uvlGij+1sT/Ow/t/Gf8APx/h/kfViftdeP0mknXTtPDy43HZJzt6 + fx0TftdeP5yhl07Tz5bB1+STgj/gdfKdFH9rYn+dh/b+M/5+P8D6xP7YHxDY + FTp+n4PH3JP/AIumQ/td/EC3iWGLTtPCLwBskP8A7PXyjRR/a2J/nYf2/jP+ + fj/D/I+rV/a68frM9wunafvcAE7JOg6fx0k37XXj+4CCXTtPOxg4+SQcjp/H + XynRR/a2J/nYf2/jP+fj/A+sj+2D8RCMHT9P/wC+JP8A4uqg/a4+I0NutvZ2 + OnRBc4JjkbGf+2gr5Yoo/tbEfzsTz7Gf8/GeheNfin46+IEhPibVHnh4xBGB + FCMdMogAYjsWyfevPa6HQPCfifxVcfZfDelXOpSdxBEzhf8AeIGFHuSK+qPh + 9+zBeQywav8AEhJEjV0IsIgfnGeRLKCMf7qZz/eHSlQwdfEyuk35v/MWGy/F + Yyd0m/N7fec3+zn8E9Q8a6rF4z1iPydE02QND5i5F1OhyFCnqiHlj0J+Xn5s + fodo9vqb6dE1vdrFGd2FMYbHzHPOatWd5a6daQ2FhpU9tbW6BI444QqIijAV + QDgACquj6kYNOii+yTybd3zImVOWJ4Oa+9y7ARw9PkW/Vn6llGVQwlL2cdX1 + fcFt9T/th0F2vm+SCX8sY27umKNWt9TS2Uz3ayL5iDAjA5zwaF1IjWHn+yT8 + whdmz5/vZzjPSjVtSM9sqfZJ48SIcumBwenXrXeeoan2TWv+f9f+/Q/xr5y8 + UBhqz7jn5R/Wvo3+2D/z43X/AH7/APr185eKG3as5wR8o6/jQVE9E8ARXclr + GLacRN5chyVDfL5nT8+a7XV7fU0sma4u1kTcvyiML3GOa4rwBdm2tY38mSXE + ci4jXJ5kzn6dvrXa6vqRnsmj+yTx5ZTudMDgjvmgTNT7JrX/AD/r/wB+h/jW + XpNvqb2zGC7WNfMcYMYPOeTWp/bB/wCfG6/79/8A16y9J1IwWzJ9knkzI5yi + ZHJ6detAga31P+2EQ3a+b5JIfyxjbu6Yo1i31NNOla4u1ljG3KiMLn5hjnND + akTrCT/ZJ+ISuzZ833s5xnpRrGpGfTpYvsk8e7b8zphRhgeTmgDU+ya1/wA/ + 6/8Afof41l6Vb6m8Mxgu1jAlcEGMHJzyevetT+2D/wA+N1/37/8Ar1l6VqRh + hmX7JPJuldsomQMnoeeooAJbfUxq0KG7UymNiH8scDPIxmnavb6omnTNPdrJ + GAMqIwM8jvmmy6kTq0M/2ScbY2G0p8xyeoGelO1fUzPp00X2S4j3AfM6YUcj + qc0AaC2ms7Ri+Xp/zyH+NZumW+putz5N2seJ5A2Ywctxk9eM+laS6wQoH2G6 + 6f8APP8A+vWbpmpGFbn/AESeTfPI3ypnGccHnqO9ABPb6mNVtka7UyFH2t5Y + 4HcY71JqttqiafO094siAcqIwM8+uajn1ItqttN9knGxHG0p8xz6DPapNV1M + zafPF9kuI9y/edMKOe5zQBcitdYMSFb5QMDA8oen1rP0231N2u/Ju1TbO4bM + YO5uMnrx9K0ItXKxIPsNycAciP2+tZ+m6kYWuz9knffO7fKmduccHng0AFzb + 6mNTs0e7VpGEm1vLA24HPHfNTalbaqlhO014roFOV8sDI+uahudSL6nZzfZJ + 18sSfKU+ZsjsM8471NqWqGWwni+x3CblI3MmFH1OaALFva6wYIyl8oUqMDyg + cDH1qjp9vqbTXgiu1QrKQx8sHccdfar1vqxWCNfsVycKBkR8HjtzVHT9SMU1 + 432Sd/MlLYVMleOh54NABd2+prqNisl2rSMZNjeWBtwvPGec1Y1C21ZbGdpb + 1XQI2V8sDIx0zmq93qRfUbGX7JOvlmT5SmGbK4+UZ5x3qxqGqmWxnj+x3Cbk + YbmTAGR1JzQBJaWurm1hMd6qqUXA8oHAxwM5qnY2+ptdXoiu1RlkG8+WDuOO + vXirlpqxjtYU+xXLbUUZEeQcDqOap2OpGO6vX+yTv5kgOFTJXjoeeDQAXtvq + a3tksl2rOzNsPlgbTjnjvVq9ttXWznaS9V0EbEjywMjHIzmqt7qRkvbKT7JO + vlsxwyYLZH8IzzVq91UyWc8f2K5XdGwy0eAMg8nnpQAWNtq7WVu0d6qIY0Kj + ywcDAwM5qrZ2+pte3qx3aq6sm9vLB3Hbxx2q1Y6qY7K3j+xXLbY0GVTIOAOQ + c9Kq2epGO9vZPsk7eYyHCpkrgfxDPFABf2+prc2Ylu1dmkIU+WBtOOvXmrl1 + a6uLWYveqyhGyPKAyMdOtU7/AFIy3Nm/2SdPLkJwyYLcdBzyauXWrF7WZPsV + yu5GGTHgDI6nmgCLT7bVmsYGivFRCi4XywcDHTOagtLfU21G+WO7VZF8ve3l + g7srxxnjFT6fqpisYI/sdw+1FG5UyDgdQc1BaakU1G+l+yTt5nl/KEyy4XHz + DPGe1ABqFvqay2Ylu1ctMAp8sDa2OvvV6e11gQSFr5SoU5HlDkY+tUdQ1Iyy + 2Z+yTp5cwbDJgtx0HPJq9Pq5aCRfsVyMqRkx8Dj60AV9MttVewgaG8VEKjCm + MHA+uaht7fUzql2iXarIoj3N5YO7I44zxiptM1Qw2EEX2O4faoG5Uyp+hzUN + vqRTVLub7JO3mLH8oT5lwO4zxntQAanb6mhtPOu1fdOgXEYG1ucHrzj0rQlt + dYEblr5SMHI8of41n6nqRmNp/ok6bJ0b5kxuxngc9a0JdXJjcfYbkZB5Mf8A + 9egClpVtqj6fC0F4scZHCmMHHPrmmQ2+pnVbhFu1EoRNzeWOR2GM8U/StTMG + nwRfZLiTaPvImVPPY5pkOpFdVuJvsk53og2hPmGO5GaADVLfU0W2867WTM6B + cRgYbsfw9K0mtNZ2n/T1/wC/Q/xrN1TUjMtsPsk8eydG+ZMZx2HPU9q0m1g4 + P+g3X/fv/wCvQBnaRb6o+nQtb3axxkHCmMNjk980kdvqZ1eVBdqJREpL+WME + Z6YzS6RqZg06GL7JcSbQfmRMqeT0OaSPUiNXmn+yTndEq7AnzDB6kZ6UAGq2 + +ppDEZ7tZAZUAAjAwc8H8K1Psmtf8/6/9+h/jWXqupGaGJfsk8e2VGy6YBwe + g56mtT+2D/z43X/fv/69AGXo9vqb6fG1vdrFGS2FMYbHzHPOaFt9T/thk+1r + 5vkg7/LGNu7pj696NH1IwafHF9knkwW+ZEypyxPBzQupH+2Gn+yT8whdmz5/ + vZzjPSgA1a31NLUGe7WRd6cCMDnPB61qfZNa/wCf9f8Av0P8ay9W1Iz2oT7J + PH86HLpgcHp161qf2wf+fG6/79//AF6AMvSLfU3sg1vdrGm5uDGG5zzzmj7P + qf8AbIj+1r532fO/yxjbu6Yz696NI1IwWYj+yTyfMxyiZHJ+tH9pH+2RcfZJ + /wDj327Nnz/eznGenvQAaxb6mlizXF2sqbl+URhe4xzWp9k1r/n/AF/79D/G + svWNSM9i0f2SePLKdzpgcEd81qf2wf8Anxuv+/f/ANegDL0m31N7ZzBdrGvm + OCDGDznk1YgivI9djF1OJm8ljkKF4z0/Oq+k6kYLZ0+yTyZkc5RMjk9OvWrE + F2bnXY2MEkP7lhiRdp65z9KAOlooooAKKKKACiiigAooooA//9L94J5I/wC2 + 7ZtwwIn5zTtckjbSrgKwJwO/uKz5tK09dWt7cQgRvG5IyeSOlO1fSdOt9Onm + hgCuoGDk8cigDoYpYvLT516DvWTo0kY+3ZYDN1Kev0qSPQ9KMak265IHc1na + XpWnz/a/NhDeXcSIvJ4UYwKALt1JGdasiGGAknOfaptZkjOl3IDgnb61mXGl + aemq2kCwgRyLIWGTzgcVLqmkabBp880UAV1XIOTxQBt28sX2eP5x91e/tWZp + MkYlv8sBm4bv7CnQ6JpTQxs1upJUE8n0qhpulafNJeCWEMI5mVeTwABxQBdv + JIzq+nEMMATZ5/2RVnVpYzptyA4J2N3rJutK0+PU7GBIQEl83cMnnauRU+pa + PpsNhPLFAFdEJByeDQBrWcsQtIAXH3F7+1Z+lyRi61AlgMzcc+1FroulvbQu + 9uCzIpJyepFUtP0rT5ri9SSEMI5dq8ngYoAu38kZ1PTiGGA0mef9mrmpSxHT + roBwSYn7+xrGvNK0+O/sYkhASUvuGTzhcirN/o2mRWNxLHAFZI2IOTwQKANK + wliFjbAuP9Wnf/ZFUtOkjF9qBLAAyLjn/Zpllo2mSWcEj24LNGpJyeSRVSx0 + rT5by9jkhBWJ1CjJ4BFAF3UpIzfaeQwIEjZ59qvX8sRsbkBx/q37/wCyaxL7 + StPivLKOOEKsrsGGTyAKt3ujaZHZzyJbgMsbEHJ4IFAF3TJYhp1qC4BEad/a + qlhJGNU1ElgAWjxz/s1Hp+jaZLY28skAZnjUk5PJIqtZ6Vp8moX0LwgpEY9o + yeMrk0AXtUkjNzYYYHE3r7VoXcsRtJgHH3G7+1YOoaVp8NxZJHCFEku1uTyM + VdudF0tLaV1twGVGIOT1AoAs6TLGNNtgXAIQd6rWckY1jUSWGCIcc/7NQ6bo + +mzWEEssAZ3QEnJ5NQWulae+p30DwgpEItoyeNy5NAF3VpIzJYYYHFwnf61p + 3EsX2eT5x91u/tXP6lpWnwyWYihCiSdVbk8g54q/NomlLDIy26ghSRyfSgCT + RpIxpdsC4B2+vvUNtJH/AGzencMFI+/tVbStI02fT4JpoAzsuScnmo7fStPf + VbqBoQY41jKjJ4JHNAF7WJIz9iwwOLqI9frWrJLF5bfOvQ965zVNK0+D7J5U + IXzLiNG5PKnORWk+h6UEYi3XIB7mgBuhyRrpVuGYA4Pf3NMgkj/tu5O4YMSd + 6qaRpOnXGnQTTQBnYHJyeeTTYdJ09tWuLcwgxpGhAyeCetAF3WpIzFbYYH/S + I+/vWyZYsffX865nVdK0+3jgaGEKWmRTyeQeorUOh6T/AM+6/maAIdAkjXSL + cMwB+bqf9o0RyR/27K24Y8hec/7VUdF0rT7nTIZ54Q7tuycnsxFCaVp51iS3 + MI8sQhguT1z1oAu63JGbWPDA/vo+/vWz5sX99fzrmdW0rT7e3jeGEKTKink9 + Cea1P7D0n/n3X8zQBBoMka6YgZgDufqf9o0okj/t9m3DH2Yc5/26o6NpWn3N + gks8IdyzDOT2YigaVp/9tG28keUIA+3J+9uxmgC7rskbWGFYE707/wC1Wz5s + X99fzrmdY0rT7ez8yGEK29BnJ6E81qf2HpP/AD7r+ZoAg0KSMWJBYD94/f8A + 2qVpI/7fVtwx9mPOf9uqOkaVp9xaGSaEM29xnJ6A8UHStP8A7ZW28keWYC23 + J+9uxmgC9r0kbaXKFYE5Tof9oVsebF/fX865nWdK0+20+SaCEI4K4IJ7sBWp + /Yek/wDPuv5mgCDRJIxbS5YD99J396JZI/7dhbcMeQ3OfeqWk6Vp9xbyPNCG + Kyuo5PQHiiTStPGsRW4hHltEzEZPUHrQBe1+SNtIuArAn5eh/wBoVriWLA+d + fzrmtZ0nTrbTZpoIQjrtwcnuwFaY0PScD/R1/M0AQ6LJGI7rcwGbiTvRPJH/ + AG3ancMCN+9UtK0rT547gzQhik7qOTwB0FE2laeurW9usIEbxuSMnkjpQBo6 + 5JG2lXAVgTtHf3FaUUsXlp869B3rn9X0nTrfTp5oYArqBg5PHIq9HoelGNSb + dckDuaAI9HkjBvssBm6kPX6V5D8U2VtbtSpB/wBHHT/favUdL0rT5zd+bCG8 + u4dF5PCjGBXk/wAS7S2s9Yto7ZBGpgBIHrvagqJt+BGUeFNUUkAmU8f8BWvX + baWL7PF84+6vf2rxvwPZ20vhnUbmRA0scvyt6fKtepwaJpbQRs1uCSoJ5PpQ + JiaVJGJr/LAZnbHPsKL2SM6vppDDA87PP+yKo6bpOnzS3iywhhHMyryeAAOK + LvStPj1OxgSEBJfN3DJ52qCKBGtqssZ025AcEmNu/tU9nLELSAFx9xe/tWTq + Oj6bDYXEsUAV0QkHJ4NTWui6W9tC724LMiknJ6kUAGmSRi71AlgMy8c+1F/J + GdT04hgQGkzz/s1S0/StPmub1JIQyxSbVGTwMUXulafHf2MSQgJKzhhk84XI + oA2dSliOnXQDgkxP39jTtPliFhbAuAREnf8A2RWbf6NpkVjcSxwBWSNiDk8E + CnWWjaZLZwSSW4LPGpJyeSQM0AO06SMX+oksAC6Y5/2aXUZIzfaeQwIEjZ5/ + 2ao2OlafLe30ckIKxOoUZPAIovtK0+K7so44QqyuQwyeQBQBt38sRsbgBx/q + 37+xpmlyxjTrYFwCI17+1UrzRtMjtJ5EtwGVGIOTwQKZp+j6ZNY28skAZ3RS + Tk8kigCWwkjGqakSwwTFjn/Zo1SSM3NhhgcTDv7VSs9K0+TUb6F4QUiMe0ZP + GVyaNR0rT4Z7JY4Qokl2tyeRigDeu5YjazAOPuN39qraTLGNMtgXAOwd6gud + F0tLeV1twCqMQcnqBVfTdH02awgllgDO6Ak5PJoAns5IxrGoEsMEQ45/2TRq + 0kZkscMDi4Tv7GqVrpWnvqd7A8IKRCLaMnjcOaNS0rT4XsxFCFEk6q3J5Bzx + QB0M8sXkSfOPunv7VQ0WSMaXbgsAdvr702bRNKWF2W3UEKSOT6VT0rSNOn06 + CaaAM7LknJ55oAs20kY1q9JYYKR859qNYkjIssMDi5iPX61St9K099VuoGhB + jjRCoyeCetGqaVp8AtfKhC+ZcRo3J5U5yKAOkeWLY3zr0PesvQpI10m3DMAc + Hv7mnPoelBGIt14B7ms/SNJ06402CaaAM7A5OTzyaALkMkf9uXLbhgxJzn3p + NakjMNvtYH9/H396pRaVp7avPbmEGNI1IGTwSaNW0rT7eKBoYQpaZFPJ5BPI + oA6bzYv76/nWN4fkjXSLcMwB+bqf9o1P/Yek/wDPuv5msvRdK0+50yGeeEO7 + bskk9mIoAuxyR/29K24Y8hec/wC1S65JG1pGFYH97H396oppWnnWZLYwjyxC + GC5PXdjNGr6Vp9vbI8MIVjIgzk9CeaAOm82L++v51jaDJGumoGYA7n7/AO0a + n/sPSf8An3X8zWXo2lafc2Cyzwh3LMM5PZiKAMDxtp0erLdIhDSQWolj5/iR + ySB7lcivAK+nv7J07+2jbeQPK+z79uT97fjP5V4NruhPYeJZtHhGFeUeV/uS + cr+QOD9KConrPw006Ox0V7+UhZb188nnYnC/rk11uhSRrZMGYD94/f3p0Ph3 + R4IY4EtxtjUKMk9AMVQ0fStPuLQyTQhm3uM5PQHigll1pI/7fRtwx9nPOf8A + ao1+SNtLlCsCcp0P+0KpNpWnjWVtvJHlGAttyfvbsZo1rStPttOkmghCOCuD + k92AoA6bzYv76/nWPokkYt5ssB++k7+9Tf2HpP8Az7r+ZrL0nStPuIJWmhDF + ZXUcnoDwKAL0skf9uwNuGPJbnPvRr0kbaTcBWBOF7/7QqjJpWnjWIrcQjy2i + ZiMnqD1pdZ0nTrbTZpoIAjrtwcnuwFAHSLLFtHzr09ax9FkjEd3lgM3Enf6V + Muh6UQD9nX8zWZpWlafOlyZoQxSeRRyeFGMCgC7cSR/23atuGBG/Oak1uSM6 + VcAMCdo7+4rOm0rT11a3t1hAjdHJGTyR0p+raRp1vp080MAV1HByeOaAN+KW + Lyk+dfujv7VlaPJGDfZYDNzIev0qSPRNKaNSbdckDuaztM0rT5zd+bCG8u4d + F5PCjGBQBeupIzrNiQwwFl7+wqbWJIzplyA4J2HvWXcaVp6apZwLCBHIshYZ + POBxUuqaRpsGnzzRQBXVSQcnigDatpYhbRAuPuL39qzdKkjE1/lgMztjn2FO + t9E0t4I3a3BLKCeT3FUNN0rT5pbxZYQwjmKryeAB0oAvXskZ1bTSGGB52ef9 + mrOqyxnTbkBwSY27+1ZF3pOnx6lYQpCAkvm7hk87VyKn1HR9NhsLiWOAK6Ix + ByeCBQBrWUsQs4AXH+rXv7VQ0ySMXeoEsBmUY59qS10XS5LWF3twWZFJOT1I + qlYaVp8tzepJCGWOTCjJ4GKALuoSRnUtOIYEBpM8/wCzVzUpYjp10A4JMT9/ + 9k1jXulafFf2MSQgJKzhhk84XirN/o2mRWNxLHAFZI3IOTwQOKANHTpYhp9s + C4BESd/9kVS06SMahqJLAAumOf8AZpljo2mS2VvLJACzxoScnkkDNVbHStPl + vb6KSEFYnUKMngEUAXdSkjN7p5DA4kPf2q/fSxGyuAHH+rfv7GsO/wBK0+K6 + so44QqyyEMMnkYq5d6LpcdpNIluAyoxByeoFAFzS5Yhp1sC4BEa9/aqtjJGN + V1IlhgmLHP8As1Dp+j6ZNY28skAZ3RSTk8kiq9ppWnyajfQvCCkRj2jJ4yuT + QBd1WSM3FhhgcTjPPtWjdyxG1mAcfcbv7Vg6jpWnwzWSxwhRJKFbk8jHSr1z + oulpbyutuAVRiDk9QKAJ9IljGmWwLgHYO9QWkkY1jUCWGCIu/wDsmq+maPps + 2nwSywBndAScnk1DbaVp76pewNCCkYj2jJ43DmgC9q8kZexwwOLlO/1rTnli + 8mT51+6e/tXPanpWnwtZiKEL5k6K3J5U5yK0JdE0pYnYW6ghSep9KAHaLJGN + LtwXAO3196itpI/7avDuGCkfOaraVpGnT6dBNNAGdlyTk881HBpWntq11btC + DGiIVGTwT1oAu6zJGVs8MDi5jPX61rvLFsb516HvXN6ppWnwC1MMIXfcRo3J + 5U5yK0n0PSgjEW68A9zQAzQpI10m3DMAcHv/ALRpsMkf9uXB3DHkp396qaPp + OnXGmwTTQBnYHJyeeTTYtK09tXmtzCPLWJWAyepNAF3WpIzDb4YH9/H3962f + Ni/vr+dczqulafBFC0MIUtMink9CeRWp/Yek/wDPuv5mgDk9SdB4Cul3Dd5b + 8Z5+/XjvhAgeJtOJOB5or1fU9Ps28E3V4YgZhGx3c54fFeS+FIo5/Eenwyru + R5QCPWgqJ9Fa5JG1mgVgf3sff3rZ82L++v51zOr6Vp9vbI8MIVjIgzk9Cea1 + P7D0n/n3X8zQSQ6DJGunKGYA7n7/AO0aPMj/AOEg3bhj7LjOf9uqOj6Tp9xY + rLNCHcs4zk9mIFH9laf/AG19m8keV9n37cn72/GfyoAu67JGdPIVgTvTv/tC + tnzYv76/nXM6xpWn29kZYYQjbkGcnoWANan9h6T/AM+6/maAINDkjFkwLAfv + JO/vQ8kf9vo24Y+znnP+1VLSNK0+4tWkmhDMJHGcnoDxQ2laeNZS2EI8swFt + uT13YzQBd1+SNtKmCsCcp0P+0K2fNi/vr+dczrWlafbadLNBCEdSuDk92ArU + /sPSf+fdfzNAEGiyRiCfLAfv5O/vRLJH/bkB3DHkv396paTpWn3EMzTQhisz + qOT0B4FEmlaeNXhtxCPLaJmIyeoNAF/XpI20m4CsCcL3/wBoVrLLFtHzr09a + 5vWNJ06202aaCAI6gYOT6gVpLoeklQfs6/maAItGkjCXeWAzcyd/pUV8trca + vaxzhJYmjkDBsMp+oPFVtL0rT51uTLCG2TyKOTwo6CifStPXVra3WECN0ckZ + PJHSgDO1vwn4NfTriT+xrBpNvB+zxE9fXbVyLwd4H8pM6Hp2do/5dofT/dqx + q2kadb6dPNDAFdVyDk8c1ei0TSmiRjbrkgHqaj2Uexl7CH8qOW0rwf4KLXvm + aJp5xcOBm2i6cdPl6UXXg/wUNWsVXRNP2FZcgW0WOnGflrY0zStPna8EsIby + 53ReTwoxgUXOlaemqWcCwgRyCTcMnnA4o9lHsHsIfyozdW8H+CV024MeiacG + CHGLaHP/AKDVq28HeBzbxFtD07O1c/6ND6f7tXdT0jTYNPnligCuikg5PBq1 + b6JpbwRu1uCWUE8nuKPZR7B7CH8qOY0zwf4KM195miaeQJjtzbRdMdvlovPB + /goapp4XRNP2nzd2LaLH3eM/LWxp2lafNNeLLCGEcxVeTwMdKLvStPj1KwhS + EBJfN3DJ52rkUeyj2D2EP5UZ+p+D/BI0+4KaJpwYRtjFtDnOP92prPwd4INn + AW0TTs+Wuc20Oc4/3a0dR0fTYbC4ligCuiMQcnggVLaaLpclrDI9uCzIpJye + pFHso9g9hD+VHN6d4P8ABRu78PomnkCQbc20XTHb5aL7wf4KGoWATRNPCln3 + Ytosfd7/AC1sWGlafLdXqSQhlikAUZPAxRe6Tp8d9YxJCAkrOGGTzhcij2Ue + wewh/KilqHg7wQLC5KaJpwYRPjFtDnO0/wCzS2Hg7wQbG2L6JpxYxpnNtDnO + 0f7Na19o2mRWVxLHAAyRuQcnggHFFjo2mS2VvJJACzxoScnkkDNHso9g9hD+ + VHO2Hg/wUb+/D6Jp5UMm3NtFj7vb5aNR8H+Chd2ATRNPAMh3YtosYx3+Wtiy + 0rT5b6+ikhBWJkCjJ4yOaL/StPiurKOOEKsshDDJ5GKPZR7B7CH8qKt54O8E + CznK6Jp2fLbGLaHOcf7tRab4P8EnT7YvomnFjGuc20Oc4/3a27vRdLjtZpEt + wGVGIOT1AqPT9H0yaxt5ZIAzuiknJ5JFHso9g9hD+VHP2fg/wUdU1ANomn7Q + YtubaLH3ecfLRqfg/wAFCex2aJp4BmGcW0XTHf5a2LTStPk1K+heEFIvL2jJ + 43Lk0ajpWnwzWaxwhRJMFbk8jHSj2Uewewh/Kivc+DvA4tpSuh6dnY2MW0Pp + /u1V0rwf4JbTrcyaJp5YoM5tos/+g10FxoulpbyutuAVViOT1AqtpmkabPp8 + EssAZ3UEnJ5NHso9g9hD+VGFa+D/AAUdWvlbRNP2ARbQbaLHTnHy0ar4P8FK + 1l5eiaeM3CA4tounPX5elbFtpWnvql7A0IMcYj2jJ4yOaNT0rT4GsxFCF8yd + Ebk8qc5FHso9g9hD+VEUvg7wP5T40PTs7T/y7Q+n+7VDR/B/gltMtzJomnli + vObaLPX/AHa6SXRNKWJ2FuuQD3NUtJ0jTrjToJpoAzsuScnnmj2Uewewh/Kj + Et/B/go6xdKdE0/YEjwPs0WPw+WjV/B/gpVtfL0TTxm4jBxbRdOc5+XpWxBp + WntqtzA0IMaIhUZPBPWjVdK0+BbYwwhd88aHk8qc5FHso9g9hD+VDG8HeBtp + /wCJHp3T/n2h/wDiaoeH/Cvg+PTbeQaPYJJg8/Z4g33j325rpG0PSgpIt16e + prO0fSdOudNhmngDuwOTk+pFHso9g9hD+VFm2+zxa1Mse1IxCgAGABz0FSa1 + JGYIMMD+/j7+9UYtK09tXmtzCPLWJWAyepNGraVp9vDC0MIUtMink9CeRVmp + 03mxf31/OsbQJI10mEMwBy/f/aNT/wBh6T/z7r+ZrL0bStPudNimnhDu27Jy + ezEUAXUkj/t6Rtwx9nHOf9ql1ySNrNArA/vY+/vVFdK086y9sYR5YhDbcnru + xmjV9K0+3tVeGEKxkQZyehPNAHTebF/fX86+XvFX/IWf/dH8zX0f/Yek/wDP + uv5mvOz4Atde/wCJi920BYldoUEfKSOuaBpjvhwyrBEWIH7qTr/11rvNekjb + TmCsCdyd/wDaFc5o3hey0m8XSpD9pQQNJlht+YvjsfStXWNJ0+3sWlhhCOGQ + Zye7AGgGdN5sX99fzrH0OSNbNwzAfvZO/vU39h6T/wA+6/may9I0rT7i1Z5o + QzCRxnJ6A8UCLryR/wBvRtuGPs55z/tUa/JG2kzBWBOU7/7Qqk2laeNZS2EI + 8swliuT13YzRrOlafbabLNBCEdduDk92AoA6bzYv76/nWNokkYgn3MB+/k7+ + 9T/2HpP/AD7r+ZrL0nStPuIZmmhDFZnUcnoDwKALs0kf9uW53DHkv396drsk + baTcBWBOB3/2hVCXStPXV4bcQjy2iZiMnqDTtY0nTrfTZ5oYArqBg5PHIoA6 + JJYti/OvQd6yNGkjC3mWAzcynr9KlXQ9KKgm3Xp6ms3S9K0+dboywhtk8iLy + eFGMCgC9cSR/21aHcMCOTnNSa1JGdLuAGBO3196zZ9K09dVtoFhAjdHJGTyR + 0p+raRp1vp080MAV1XIOTxzQBvQSxeTH86/dHf2rL0iSMPfZYDNy56/SnxaJ + pTRIxt1JKg9T6Vn6ZpWnzteCWEN5c7ovJ4UYwKALt3JGdYsCGGAsvOf9mrGr + yxnTLkBwTsPesq50rT01SygWECOQSbhk84HFTano+mw6fPLFAFdEJByeDQBs + 2ssQtoQXH3F7+1ZulyRie/ywGZz39hS2+i6W9vE7W4JZVJ5PUiqOnaVp8014 + skIYRzFV5PAx0oAu30kZ1XTSGGAZc8/7NWtUljOm3IDgkxt39qyLzStPj1Gw + hSEBJTJuGTzhcirGoaPpkNjcSxwBXRGIOTwQKANSxliFlbguP9Wnf2FUNNkj + F5qBLAZlGOfaktNF0uS0hke3BZkUk5PUiqdhpWny3V7HJCGWKQBRk8DFAF3U + JIzqGnEMCA755/2au6jLEdPuQHBJifv/ALJrFvdK0+K9sYo4QFlZgwyeQFzV + q+0bTIrK4ljgAZI3IOTwQDigDQ06WIafaguAREnf/ZFU9PkjGo6iSwALJjn/ + AGajsdG0yWyt5ZIAWeNCTk8kgZqrZaTp8l9fRPCCkTIFGTxlcmgC7qckZvNP + IYHEpzz7VfvZYjZ3ADj/AFbd/Y1h3+lafFc2SRwhVlkIYZPIxVy70XS47WaR + LcBlRiDk9QKALelSxjTbYFwCI17+1VbGSMatqRLDB8nHP+zUOnaPps1hbyyw + BndFJOTySKgtNK0+TUr+F4QUi8raMnjcuTQBe1WSMzWGGBxOuefY1o3MsX2a + X5x9xu/tWBqOlafDLZrFCFEkwVuTyMHir9xomlpBI624BVSRyewoAl0eWMaZ + bAuAdg71BaSRjWb8lhgrFzn2qvpmkabPp8EssAZ3UEnJ5NRW2lae+qXkDQgx + xrGVGTxkc0AXdYkjLWOGBxcxnr9a1ZpYvJf51+6e/tXO6npWnwGzEUIXzLhE + bk8qc5FaMuiaUsTsLdcgE9TQAaJJGNKtwWAO09/c1HbyR/23dncMGOPvVXSd + I06406CaaAM7Dk5PPNMh0rT21a5t2hBjREIGTwT1oAvazJGUtMMDi5j7/Wtd + pYtp+denrXNappWnwLbGKELvnjU8nlT1FabaHpIUn7Ov5mgCPQZI10m3DMAc + N3/2jTYpI/7dnbcMeSvOfeqej6Tp1xpsM00Ad2Bycn1NJHpWnnWJrcwjy1iV + gMnqTQBd1uSM28O1gf38ff3rZ82L++v51zOraVp9vDE0MIUtKink9CeRWp/Y + ek/8+6/maAIdAkjXSoQzAHL9T/tGhZI/7edtwx9nHOf9qqOjaVp9zp0U08Id + 2LZOT2YihdK086y9t5I8sQBtuT13YzQBd1ySM2SgMD+8j7+9bPmxf31/OuZ1 + fStPt7VZIYQrGRBnJ6E81qf2HpP/AD7r+ZoAg0GSNdPAZgDvfqf9o0GSP/hI + A24Y+y4zn/bqlo+lafc2QlnhDtvcZyegPFH9laf/AG0LbyR5X2fftyfvb8Z/ + KgC7r0kbaa4VgTuTv/tCtnzYv76/nXM6zpWn21g0sEIRwyjOT3YVqf2HpP8A + z7r+ZoAg0OSMWkmWA/eyd/enMytr8RUg/wCjt0/3qoaRpOn3Fs7zQhmEjjOT + 0B4qaKytbTXY0towg8hm4z1zigDpKKKKACiiigAooooAKKKKAP/T/c+WHVRq + sCtcIZTG+1tnAHfinatDqy6dM1xcI8YAyAmCeR3psuqI2qwT/Z5gFjcbSnzH + PoPSn6tqqT6dNCLedCwHLJhRyOpoAux2+t7FxdR4wP4Kz9Mh1VvtfkXCJi4k + DZTOW4yR7Vox6zGEUfZbjgD/AJZ1naZqiQ/a828z+ZcSP8qZxnHB9D6igAuI + dVGqWqvcIZSr7W2cAY5yKk1OHV1sJ2nuY3jC8gJgkfWo7jVEfVLWf7PMBGrj + aU+Y5HYd6l1PVUmsJ4hbToWXGWjwB9TQBahg1swxlbqMDaMfJ2xVDTodVaS7 + 8m4RSJmDZTOW4yRV+HWY1hjX7LcHCgcR8dKoadqiQyXhNvM3mTM3ypnGccH0 + NABdQ6qNSsle4QyHzdhCcD5ecjvmptRg1hbGczXMbIEO4BMEiobrVEfUrKb7 + PMBH5vBTDHcuOB3x3qfUdWSaxniFtOu5CMtHgD6mgCW2g1o20RS6jClFwCnQ + YqnYQ6q1xeCG4RWEnzkpnJx1FXbbWES2iT7LcHaijIjyDgdqpWGqJFcXjm3m + bzJd2FTJHHQ+hoALyHVRf2QkuEaQl9hCcD5ecjvVm+g1gWVwZbmNkEbbgEwS + Mc1WvNUSS/sZfs8yiIvwUwTlccDvVm/1dJbK4jFtOu+Nhlo8AZHc0ALZwayb + SAx3UaoUXAKcgY4qrZQ6qbu9EVwiuHXeSmQTjtVuz1dI7SCM21w21FGRHkHA + 7VUstUSO7vZDbzN5jqcBMkYHf0oAL6HVRd2QluEZy7bCExg471avINZFpOZL + qNkCNkBMEjHNVb7VElu7KQW8y+W7HDJgnjt61bvNXSS0njFtcLuRhkx4AyO9 + ADLCDWGsoDFcxqhRdoKZIGOKr2cOqm/vljuEWQFN5KcH5eMVZsNXSKygjNtO + 2xFGVjyDgdjVaz1RI7++lNvMwlKcBMkYXHI7UAF/Dqqz2YmuEZjL8hCYwcdT + V25g1oW8pe6jK7GyNnUYqlf6oks9mwt5l8uXdhkwTx0Hqau3OsRvbyp9luBu + Rhkx4AyO9AEGnQaw1jAYbmNUKDaCmSBUNrDqp1K9VLhBKBHvYpwfl4wO2Kn0 + 7VkhsYIjbTttQDKx5B+hqC11RE1O9m+zzESCPgJlhhccjtntQAajDqqvaedc + IxMyhcJjDc4Jq/NBrYhkLXUZG05+TtiqGo6okz2hFvMvlzK3zJjOM8D1NX5t + ZjaGRfstwMqRzHx0oAqaXDq7afA0FzGkZXgFMkD61HBDqp1S6VLhBKFTc2zg + jHGBUml6qkGnwRG3ncquMrHkH6Go4NURdUup/s8xDqg2hPmGB3FABqcOqr9l + 8+4R83EYXCYw3OCfatF7fW9jZuo8YP8ABWdqeqJN9lxbzr5dxG/zJjOM8D1P + oK0X1mMow+y3HIP/ACzoAoaTDqzadC1vcIkZBwCmSOT3psUOqnVZ1W4QSiNN + zbOCO3FP0nVUg06GE287lQeVTKnk9DTItURdVnn+zzENGo2hPmGPUelABqkO + qrHB9ouEcGZAuExhuxrT+z65/wA/cf8A3xWZquqJPHABbzJtmRvmTGcdh71p + nWo8f8etz/37oAzNHh1V9Nha2uESM7sApkj5jnn60JDqv9ryKLhPO8kEts42 + 56Yo0bVEt9NhhNvM5XdyiZU5Yng0JqiDV5Lj7PNgwhduz5uvXHpQAarDqq26 + G4uEdfMTACY5zwa0/s+uf8/cf/fFZmraok9uiC3mTEiHLJgcHp9a1P7aj/59 + bn/v3QBl6PDqrWCG2uERMtgFMn7xzzQIdV/tgr9oTzvIB3bONu7pj60aPqiW + 9gkRt5nwWOUTI5Y96Bqif2ybj7PNjyAu3Z833s5x6UAGrw6qtnm4uEdN6cBM + HOeK0/s+uf8AP3H/AN8VmavqiXFn5Yt5k+dDl0wOD61qf21H/wA+tz/37oAy + 9Jh1VrQm3uERN78FM855oMOq/wBsKv2hPO8gnds427umPrRpOqJBaGM28z/O + 5yqZHJoOqJ/bC3H2ebAgK7dnzfeznHpQAaxDqq2EjXNwjx5XICYP3hjn61p/ + Z9c/5+4/++KzNY1RLjT5IhbzISV5dMDhgetan9tR/wDPrc/9+6AMvSodVaCQ + 29wiL5r5BTPOeTRJDqv9rxKbhDMYmw2zgLnpijStUSCCRTbzPmV2yqZHJ6fW + iTVEOrxXH2ebCxMu3Z83J649KADWIdVXTZmubhHjG3ICYJ+Yd60hb65gf6XH + /wB8VnaxqiXGmzQi3nQtt5dMKMMDya0hrUeB/otz/wB+6AMzS4dVZLj7PcIg + EzhspnLdzRNDqo1W3VrhDKUfa2zgDvxRpeqJAlwDbzPvmdvlTOM9j70Taoja + rbz/AGeYBEcbSnzHPoKAH6rDqy6fM1xcI8YAyAmCefWrsdvrexcXUeMD+CqW + raqk+nzQi3nQsBy0eFHI6mr0esxhFH2W44A/5Z0AZ2mQ6qxu/IuETE7hspnL + cZI9q8p+JSXaaxbC8kWV/IGCoxxuavVtM1RITd5t5n8yd3+VM4zjg+h9q4Px + vpd74i1W3nso2jCw7NsqsGJDEnAAPHNA0Q+CEuz4b1F4pFWESHcpGSflXoa9 + Qgg1owxlLqMLtGBs7Yrg/DtldaFoF9YXsTl533BlRtoGAOSQPSu9g1mNYY1+ + y3BwoGRHx0oBlDTodVaS78m4RSJmD5TOWwORRdQ6qNSsVkuEMh83YQnA+UZy + O+RRp2qJDJeMbeZvMmZvlTOMgcH0NF1qiPqVjMLecCLzeCmGO5ccDvjvQIn1 + GDWFsZzNcxsgQ7gEwSKltoNaNtEUuowuxcAp0GKi1HVkmsZ4hbTruQjLR4A+ + pqa21iNLaJPs1wdqKMiPIOB2oApWEOqtcXgiuEVhJ85KZycdRReQ6qL6yWS4 + RpCz7CE4Hy859aLDVEiuLxzbzN5kmcKmSOOh9DReaokl/Yyi3mURM5wUwTle + w70AWb6DWFsrgy3MbII23AJgkY5pbODWTZwGK6jVDGu0FMkDHFJf6uktlcRi + 2nXfGwy0eAMjuadZ6ukdnBGba4bbGoyI8g4HY0AVLKHVTeXoiuEVw67yUyCc + cY9KL6HVRd2QluEZy52EJjBx3rB1bxzoXg+31HXNdMkFuXXA2/OzbeEAJHzH + sPx6Zr4o+Ivx28U+NrlrfTXbSNMQkJHCxErg8ZkkHPI7LgduetfU8OcI4rMp + XpK0FvJ7fLu/6djxM3z6hg1aesn0X9aH2n4k8a6L4dimt9d8R2NvLtYGEkGX + p02KSw/KuJt/jp8Pre3ih/4SaNNigbfsdy2MDpkR4NfniSSSSck0lfqWH8Js + Go/vasm/Ky/R/mfFVeOsQ37kIped3+qP0Hg+Onw9jurmUeJEQyFfmNnckNgY + 4Hl8Youvjp8PZZbdj4kSTy33ZFncjb7nMfNfnxRXR/xCjLv+fk/vj/8AImX+ + vOL/AJY/c/8AM/RCb48fD54nT/hJ423KRj7FcjOR0/1VRWfx2+H0NrFEPEqR + hVA2myuSR7ZEVfnpRR/xCjLv+fk/vj/8iH+vOL/lj9z/AMz9B4fjp8PUvLiY + eJEUybPnNnckNgdh5fGKLv46fD2ZoCfEiSeXIG4s7kbcdzmPn6V+fFFH/EKM + u/5+T++P/wAiH+vOL/lj9z/zP0Rk+PPw+ZGX/hJ4zkEY+xXPP/kKoLL46/D2 + C1jiHiVIgoxtNncsR+Iir89aKP8AiFGXf8/J/fH/AORD/XnF/wAsfuf+Z+g8 + Xx0+Hq3s0/8AwkiKXVRv+x3JDY7Y8vIxRe/HT4ezeRnxIkuyVW4s7kbcfxHM + fOPSvz4oo/4hRl3/AD8n98f/AJEP9ecX/LH7n/mfom3x6+HxUj/hKIzx/wA+ + Vz/8aqrYfHX4ewWkcQ8SJEFB+U2dyxHPqI6/Paij/iFGXf8APyf3x/8AkQ/1 + 5xf8sfuf+Z+g6fHT4erfST/8JIgLIo3/AGO5wcdseXmi++Onw9nSNT4kSXbI + rYFncrjHfmPt6V+fFFH/ABCjLv8An5P74/8AyIf684v+WP3P/M/RT/hfXw+/ + 6GiP/wAAbn/41VLT/jp8PbezjhHiRIQufkNncsRkk9RHX58UUf8AEKMu/wCf + k/vj/wDIh/rzi/5Y/c/8z9B1+Onw9GoPcf8ACSICYwu/7Hc4PPTHl5/Gi++O + nw9nhVD4kSXDqcCzuVxg9eY+1fnxRR/xCjLv+fk/vj/8iH+vOL/lj9z/AMz9 + FP8AhfXw+/6GiP8A8Abn/wCNVSsPjp8Pbe2WIeJEhwWO02dyx5Oeojr8+KKP + +IUZd/z8n98f/kQ/15xf8sfuf+Z+g/8AwvT4e/2h9o/4SRM+Vt8z7Hc4+9nb + jy8575rJ1X4t/DK91GDV5PESTTwJsAFncrwTkHmPHGT+dfB1FH/EKMu/5+T+ + +P8A8iH+vOL/AJY/c/8AM/RT/hfXw+/6GiP/AMAbn/41VKw+Onw9ggKDxIkX + zMcGzuW6nrkR96/Piij/AIhRl3/Pyf3x/wDkQ/15xf8ALH7n/mfoOfjp8Pf7 + QFx/wkiZEe3f9jucdc4x5efxo1D46fD24tHiPiRJgSPlFncqTg56mOvz4oo/ + 4hRl3/Pyf3x/+RD/AF5xf8sfuf8Amfop/wAL6+H3/Q0R/wDgDc//ABqqVj8d + Ph7BG6jxIkW52bBs7ls578R96/Piij/iFGXf8/J/fH/5EP8AXnF/yx+5/wCZ + +g7fHT4em/Sf/hJEJVCu/wCx3OBk9MeXml1D46fD24tJIT4kSYNj5RZ3Kk8+ + pjr896KP+IUZd/z8n98f/kQ/15xf8sfuf+Z+iY+PXw+wP+Koj/8AAG5/+NVT + svjp8PYFlA8SJFvkZubO5bOe/EfGfSvz4oo/4hRl3/Pyf3x/+RD/AF5xf8sf + uf8AmfoPJ8dPh619FP8A8JIhKKw3/Y7nAz2x5eTmnX3x1+H09pJEfEiShh90 + WdypPPqYq/Paij/iFGXf8/J/fH/5EP8AXnF/yx+5/wCZ+iSfHn4fBFH/AAk8 + YwBx9iuf/jVVLP46fD2Ez48SJH5krNzZ3J3Z/iGI+M+lfnxRR/xCjLv+fk/v + j/8AIh/rzi/5Y/c/8z9B5fjp8PXvYJv+EkRjGGG/7HcgLkdx5fOakvPjt8Pp + rWSI+JUkDDG0WdyCfxMVfnpRR/xCjLv+fk/vj/8AIh/rzi/5Y/c/8z9EYvjx + 8PliRf8AhJ41wAMfYrk4/wDIVVbT46fD2F7hh4kSPzJC2TZ3J3e4xHx9K/Pi + ij/iFGXf8/J/fH/5EP8AXnF/yx+5/wCZ+g8/x0+Hr3ltMfEiMYt/zizuQFyM + cjy+c1Ld/Hb4fS20sR8SpIGUjaLK5BOe2THxX550Uf8AEKMu/wCfk/vj/wDI + h/rzi/5Y/c/8z9D4Pjx8PkhjQeJo12qBg2VycYHTPlVXtfjp8PYprhx4kSPz + Hzk2dyd3HUDy+K/Piij/AIhRl3/Pyf3x/wDkQ/15xf8ALH7n/mfoRcfHP4ey + XVtIfEiOYyx3fY7kBcjHI8vnNdFb/FXwdrVvLDaeKrJyyMNkimBm46DzQvJ7 + V+atFZVfCfAte5Umn5tP9EXDjrE396Efx/zZ+t+nx6tLY20lvdxeU8aFPkz8 + pAxz34qvZQ6qby9EVwiuGXeSmQTjjHpX5q+DPiX4x8CXCyaDfsLcHLW0hL27 + +uUJ4J9Vwfevt/4X/GDRfG/2o+S9vqjbXktV+c4UYLIeNy5/Ed+xP5zxLwHi + svi6qfPT7rp6rp+KPrcn4noYt8j92XZ9fRnpd9DqourMS3CMxc7CExg471bu + 4NZFrMZLqNlCNkBOoxzVS+1RJbqycW8y+W5OGTBPHb1q5d6wklrMgtrhdyMM + mPAGR3r4c+lI7CDWGsYDDcxqhRdoKZIGOKr2kOqnUL5Y7hBIDHvJTg/Lxgdu + KsWGrpFYwRG2nbYijKx5BwOxqvaaokeoX0v2eYiUx8BMsMLjkdvagA1CHVVm + sxNcIxMoCYTGGx1NXbiDWhbyl7qMrtbI2dsVS1DVElms2FvMvlyhvmTBPHQe + pq9cawj28qfZbgblYZMfHIoAr6bBq7WEDQXMaRlRtBTJAqG2h1U6neKlwgkA + j3sU4PHGB7VNpurJDYQRG2nbaoGVjyD9DUNtqiJqd5N9nmIkEfyhMsMDuO3t + QAalDqqtaedcIxM6hcJjDc4Jq/Lb62InLXUZGDn5PaqGpaokzWhFvMvlzq3z + JjOM8D1NaEusxtE6/ZbgZU9Y/agCnpcOrtp8DQXMaRleAUyQM+tRwQ6qdVuV + W4QShE3Ns4I7cVJpeqpBp8ERt53KrjKx5B57Go4NURdVuZ/s8xDog2hPmGPU + UAGpw6qotvPuEfM6BcJjDc4J9q0Xt9c2nN1HjB/grO1TVEnFti3mTZOjfMmM + 4zwPf2rSfWoypH2W45B/5Z0AZ2kQ6s2nQtb3CJGQcApkjk96SKHVf7WmVbhB + KI1y2zgjPAxTtI1RLfToYTbzuVB5RMqeT0NNi1RBq00/2eYho1G0J8wwepHp + QAapDqqxQ+fcI4MyAYTGGzwa0/s+uf8AP3H/AN8VmarqiTxQqLeZNsyN8yYz + g9B71qf21H/z63P/AH7oA4nVI7//AIQu6kEyi32N8m35vv8Ar9a8m8KLM/iK + wW3YLIZBgkZA49K9Q17U0i8ETWflSbnwofb8nMmev0rzjwWdniWyl2NIIyzE + INx4U9qClse5atDqq2ym4uEdfMTACY5zwa0/s+uf8/cf/fFZmraok9siC3mT + EiHLJgcH+dan9tR/8+tz/wB+6CTL0iHVWslNvcIibm4KZOdxzR5Oq/2zs+0J + 532fO7Zxt39MeuaNI1RLeyWI28z4ZjlEyOWPej+1E/tn7R9nmx9n2bdnzffz + nHp70AGrw6qtkTcXCOm5OAmDnIxWn9n1z/n7j/74rM1fVEuLIxi3mT5kOXTA + 4I71qf21H/z63P8A37oAy9Jh1VrVjb3CIu9+Cmec80NDqv8AbCKbhPO8kkNs + 427umPrRpOqJBalDbzP87nKpkcmhtUQ6wlx9nmwISu3Z833s5x6UAGsQ6qmn + Stc3CPHlcgJg/eGOa0/s+uf8/cf/AHxWZrOqJcadJCLeZCxXl0wvDA9a1P7a + j/59bn/v3QBl6VDqrQymC4RAJXBymctnk0SQ6r/a0Km4QymJsNs4AzyMUaVq + iQQyqbeZ90rt8qZAyeh96JNUQ6tDP9nmAWJl27PmOT1A9KAF1eHVl06Zri4R + 4wBkBME8jvWitvrmBi7j/wC+KztX1RLjTpoRbzoWA5dMKOR1NN1jxpo3h3S5 + tY1vzbKytV3SSyJhQP6kngAck8Dmk2krsUpJK72F0uHVWW58i4RAJ3DZTOW7 + mqupXFxp1/bzalqEFv8AI+JZMIgHfJYgV8G+Pf2qvEl693pfw+X+yrGSWRvt + TqGunDH+EHKxjH1bvkdK+W9V1rWNdu2v9bvp7+5brJcSNK5/FiTXzmK4kpQd + qa5vwR8fjuMaNN8tGPN57I/XPVfHvhZbOaOfxfpD8coLqAMee3z1Yj+IXhUR + qB400YcDg3cH/wAXX440Vwf60T/kR5f+u1T/AJ9r7z9gLD4geElNzs8YaPFm + Zid13B8x4+YfP0NE/wAQfCR1C1Y+MNHZgHw4u4Nq8d/n79q/H+ij/Wif8iD/ + AF2q/wDPtfefsLqHxB8JtZTB/GOjyqVOVW7gyfYfPU8PxC8KCGMDxnoyjaOD + dwZHH+/X450Uf60T/kQf67Vf+fa+8/YCx+IHhJZbop4w0eMmUklruDDHHUfP + 0oufiB4SN/Zs3jDR3YeZhxdwbU+Xnd8/ftX4/wBFH+tE/wCRB/rtV/59r7z9 + hr74g+E2s5g/jLR5FKHKrdwZPHQfPUlt8QvCgt4gvjPRkARcA3cGRx0Pz1+O + tFH+tE/5EH+u1X/n2vvP2As/iB4SFxdlfGGjxkuMlruDDHHUfP0ouviB4SN3 + aFvGGjuQzYYXcGE47/P3r8f6KP8AWif8iD/Xar/z7X3n7EXnxB8KG0nDeMtG + cFGyq3cGSMdB8/U0tp8QfCgtYQvjLRkARcK13BkDHQ/P1FfjtRR/rRP+RB/r + tV/59r7z9gLT4geEhd3ZXxho6EsuWN3BhuO3z9qLz4geEjcWhbxho8hDnBW7 + gwpx1Pz9K/H+ij/Wif8AIg/12q/8+195+xVz8QvCht5Q3jPRnBRsgXcGTx0H + z0yy+IPhNbOEJ4y0eNQgwrXcGRx0Pz1+PFFH+tE/5EH+u1X/AJ9r7z9gLb4g + eEhfXjL4w0dGPl5c3cG1/l4x8/bvRffEDwk0tqX8YaPIRICCt3BhTjqfn6V+ + P9FH+tE/5EH+u1X/AJ9r7z9jJ/iF4UMMgPjPRmG08C7gyeOn36g0/wCIPhNb + KEJ4x0eJQowrXcGR7H56/Hqij/Wif8iD/Xar/wA+195+wEHxA8JDULpl8YaO + rEJlzdwbW47fP270X/xA8JM1rv8AGGjy4mUjbdwfKefmPz9BX4/0Uf60T/kQ + f67Vf+fa+8/Y6T4heFTGwPjTRjweBdwf/F1U034g+E1sYVj8Y6PEoHCtdwbh + z3+evx8oo/1on/Ig/wBdqv8Az7X3n7AQ/EDwkNRuGHjDR1YqmXN3Btb2Hz9q + NR+IHhJlt/M8YaPLiZCNt3B8p/vH5+gr8f6KP9aJ/wAiD/Xar/z7X3n7Ht8Q + vCu0/wDFaaKf+3uD/wCLqro/jvwvJZwxWvi3SU64jN1CWHJ6/PX49UUf60T/ + AJEH+u1T/n2vvP2rspLu91CSaxvoZ8xr+9QB0Iz0GMirGqQ6qsMRuLhHBlQD + CYw2eDX4y6J4i17w1di/8P6jcadcD+O3kaMn2O0jI9jxX1l4B/au1b/RtG+J + EYu7dZEIv4UCyqFP/LSNRtce6gH2Y16GE4jpTfLUXL+R6+A4woVHy1Vyv70f + ff2fXP8An7j/AO+KzNHh1VtOia2uESP5sApk/eOefrVjT/FWm6rZQalpiS3V + rcqHjljTcjqehBBwRVfR9US306KE28zld3KJlTlieDX0Sd9T61NNXQLDqv8A + bDqLhPO8kEts427umKNWh1VbZTcXCOvmJwExznihdUQaw9x9nmwYQu3Z833s + 5x6UatqiT2yoLeZMSIcsmBwf50xmn9n1z/n7j/74rM0iHVWsgbe4RE3NwUyc + 5Oa1P7aj/wCfW5/791l6PqiW9kIjbzPhmOUTI5J70AHk6r/bOz7QnnfZ87tn + G3f0x65o1eHVVsmNxcI6bl4CYOcjFH9qJ/bP2j7PNj7Ps27Pm+/nOPT3o1fV + EuLJohbzJllOXTA4IPWgDT+z65/z9x/98VmaTDqrWzG3uERfMfgpnnPNan9t + R/8APrc/9+6y9J1RILZkNvM+ZHOVTI5P86ABodV/thFNwnneSSG2cbd3TFGs + Q6qunStc3CPH8uQEwT8wxz9aG1RDrCXH2ebAhK7dnzfeznHpRrGqJcadLCLe + ZC23l0wowwPJoA0/s+uf8/cf/fFZmlQ6q0Uxt7hEAlcHKZy2eTWp/bUf/Prc + /wDfusvStUSCGZTbzPuldvlTOMnofegAkh1X+1oVa4QymNsNs4AzyMUurw6s + unTNcXCPGAMgJgnkd6SXVEbVoZ/s8wCxsNpT5jk9QPSnavqiXGnTQi3nQsBy + 6YUcjqaANBbfXNoxdx4x/crN0yHVWW58i4RMTuGymct3NaS61GFA+y3HT/nn + WbpmqJCtzm3mffPI3ypnGccH3oAJodVGqWytcIZSj7W2cAd+KfqkOrrp87XF + zG8YXkBME8+tMn1RG1W2n+zzAIjjaU+Y59BUmq6qk+nzxC3nQsvVo8Ac9zQB + bit9bMSFbqMDAx8lUNNh1Vmu/IuETE7hspnLcZIrQi1mNYkX7LcHAA4j9qz9 + N1RIWuybeZvMndvlTOM44PoaAC5h1UanZq9whlIk2Ns4HHORU2pQauthO01z + G8YU7gEwSKhudUR9Ts5vs8wEYk+Uphjkdh396m1LVkmsJ4hbTruUjLR4A+po + Ant4NaMEZS6jC7RgbO2KpafDqrTXghuEUiUh8pnLY6ir1vrEaQRr9luDhQMi + PjpVHT9USKa8Y28zeZKW+VMkcdD6GgAu4dVGo2KyXCNITJsITgfLzkd6n1CD + WFsZzNcxsgRtwCYJGKgu9USTUbGb7PMBEZOCmGOVxwO/vVjUNWSWxniFtOu5 + GGWjwBkdzQA+0g1k2sJjuo1UouAU6DHFVLGHVTdXoiuEVhIN5KZycdquWmsJ + Hawxm2uDtRRkR5BwO1U7HVEiur1zbzN5kgOFTJHHf0oAL2HVRe2QluEZyzbC + EwAcc59atXsGsiznMtzGyCNtwCYJGOaq3uqJJe2Ugt5l8tmOCmCcjsO9Wr3V + 0ks54xbXC742GTHgDIPU+lACWMGsmytzFcxqhjTaCmSBgYFVrOHVTe3oiuEV + wybyUyCdvGPSrVjq6R2VvGba4bZGgyI8g4HUH0qrZ6okd7eym3mbzGQ4CZIw + vcdqAC/h1UXNmJbhGYyHYQmMHHU1cuoNaFrMZLqMqEbICdRjmqd/qiS3Nk4t + 5l8uQnDJgnjt6mrl1rCSWsyC2uBuRhkx4AyO9AEWnwaw1jAYbmNUKLtBTJAx + UFpDqp1G+WO4QSDy95KcH5eMDtip9P1ZIbGCI207bUUZWPIPHY1Baaokeo30 + 32eYiXy+AmWG1ccjtntQAahDqqy2fnXCMTMAmExhsdTV6eDWhBIXuoyu05Gz + tiqOoaok0tmwt5l8uYN8yYzx0HqavT6zG0Ei/ZbgZUjJj46UAVtNg1drCBoL + mNIyowCmSBUVvDqp1O7VLhBKBHubZweOMCptM1ZIbCCI2077VAyseQfoaht9 + URNUu5/s8xEgjG0J8wwO47e1ABqUOqqbTz7hHzOgXCYw3OCfatCW31sRuWuo + yMHPyVn6nqiTG0xbzL5c6N8yYzjPA9T7VoS6zG0br9luBkH/AJZ0AUtKh1Zt + Pha3uUSMjgFMkc+tMhh1U6rcKtwglCJubZwR24p+laqkGnwRG3ncqOqx5B57 + GmQ6oi6rcT/Z5iHRBtCfMMeooANUh1VVtvPuEcGdAuExhuxrSa31zBzdx/8A + fFZuqaoky2wFvMmydG+ZMZx2HvWk2tR7T/otx/37oAztIh1ZtOha3uESMg4B + TJHJ70kcOq/2vKouEEwiXLbOCM9MUukaolvp0MJt53Kg8omVPJ6Gkj1RBq8t + x9nmIaJV27PmGD1I9KADVYdVWGI3FwjgyoBhMYbPBrT+z65/z9x/98Vmarqi + TwxKLeZNsqN8yYBweg961P7aj/59bn/v3QBl6PDqrafG1tcIkeWwCmT9455+ + tCw6r/bDKLhPO8kEts427umPrRo+qJb6fHEbeZypblEyvLE9aF1RBrDXH2eb + BhC7dnzfeznHpQAatDqq2oNxcI6704CY5zxWn9n1z/n7j/74rM1bVEntQgt5 + kw6HLJgcGtT+2o/+fW5/790AZekQ6q1mDbXCIm5+CmTnPNHk6r/bIT7QnneR + nds427umPXNGkaolvZiM28z/ADMcomRyfWj+1E/tkXP2ebHkbNuz5vvZzj09 + 6ADV4dVWxY3NwjpuXgJg5yMVp/Z9c/5+4/8AviszWNUS4sWiFvMmWU5dMDgj + vWp/bUf/AD63P/fugDL0qHVWtnNvcIi+Y+QUzznk1YgjvU12MXcqyN5LcquO + M9PzqvpOqJBbOht5nzI5yqZHJ/nViC8W612NhFJH+5YYddp65z9KAOlooooA + KKKKACiiigAooooA/9T94pyP7ctef+WT0/XSP7JuOew/mKypdH01dWgtlhxG + 8bsRluSOnenato2m22nTTwQ7XQDByx7j1NAHTREeUnPYVkaMR/p3P/L1L/Si + PQdIKKTbjJA/ib/Gs7S9H064+1+dDu8u4kReW4UYwODQBo3RH9tWPP8ABL/K + p9ZI/su55/grHuNH05NUtLdYcRyLIWGW5IHHepdU0bTLfT55oYNrouQdzcfm + aAOgtyPs8XP8K/yrM0kjzb/n/l4b+QpkOg6S8MbNbgkqCfmb0+tUNO0fTZ5L + wSw7hFMyry3CjHHWgDSvSP7Y07ntN/6CKsauR/Zlzz/yzasW60fTY9SsoEhx + HL5u4ZbnauR3qfUdF0yCwnmig2uiEg7m4P50AbdmR9jg5/5Zr/Ks7SyPtWoc + /wDLb+lR2uhaVJbRSPbgsyKSdzdSPrVLT9H06a4vElh3LFLtXluBj60AaV+R + /aem8/xSf+g1b1Mj+zrrn/lk/wDI1hXmj6bFf2MMcOElLhhlucLkd6s3+iaX + DZXEscAV0jYg7m4IH1oA19PI+wW3P/LJP/QRVHTSPt+o8/8ALRf/AEGoLPQ9 + KltIJZIAWdFJO5uSRz3qpY6Ppst5exSQ5WJ1CjLcAjPrQBo6kR9v07n/AJaN + /wCg1f1Aj7Bc8/8ALJ//AEE1z99o+nRXdlHHDhZXYMMtyAPrVu80PSorSeWO + ABkRiDubggcd6ANLSyP7Ntef+WSfyqnYEf2pqXP8UX/oNVrDRNLmsbeWWAM7 + xqSdzckj61Xs9I06W/voZIcpCY9oy3GVye9AGlqhH2nT+f8Alt/StG8I+yT8 + /wADfyrnNQ0fTYZ7NIodoll2ty3Ix9au3OhaVHbSuluAyoxB3N1A+tAF3SCP + 7Mtuf+Wa1WsiP7Z1HntD/wCg1V07RdMnsIJpYNzugJO5uT+dQWuj6dJqd7A8 + OY4hHtGW43Lk96ANHVyPNsOf+XhP61qXBH2eXn+Fv5VzWpaPp0ElmIodolmV + G5blTnjrV+bQdJSGRltwCFJHzN6fWgCxopH9lW3P8P8AWorUj+2r3n+CL+VU + dL0bTLjT4JpoNzuuSdzDP5Go4NH019UurdocxxqhUZbgkc96ANLWSP8AQef+ + XqL+ta0hHltz2Ncvqej6bb/ZPJh2+ZcRo3Lcqc5HJrRfQdICMRbjIB/ib/Gg + CTQiP7Jt+ex/maZAR/bl1z/yySs/SdG02506GeeHc7g5OWHc+hpsWj6a2rT2 + zQ5jSNGAy3BPXvQBo62R5Ntz/wAvEf8AOtokY61ymq6Pp1vHA0MO0vMinluQ + eo5NaZ0DSP8An3H/AH03+NACeHyP7Ht+f73/AKEaIyP7el5/5YL/AOhVm6No + +m3Wmwzzw75G3ZOWHRiOxoTR9NOryWxh/dLCGAy3UnGetAGlrhH2WPn/AJbR + /wA62cj1rlNW0fTba3R4YdrGRFPLHgnnqa1P7A0j/n3H/fTf40AM0Aj+zE5/ + if8A9CNKCP8AhIG5/wCXYf8AodZuj6Pp11YJNPDvcswzlh0YgdDQNH03+2Ta + +T+68gPty33t2M9c9KANHXiP7P6/8tE/9CFbWR61ymr6Pp1tZ+bBDtbegzlj + wTz1Nan9gaR/z7j/AL6b/GgBuhEfYTz/AMtJP/QqGI/4SBef+XY/+h1m6Ro+ + m3NoZJ4dzb3GcsOAeOhoOj6b/bK2vk/ujAX25b727GeuaANLXyP7Ll57p/6E + K2cj1rlNY0fTbXT5JoIdrqVwcserAHqa1P7A0j/n3H/fTf40AN0Mj7NLz/y2 + k/nSSkf29Dz/AMsG/nWdpWj6bcQSPNDuKyuo5YcA8dDRJo+nDV4rYQ/umiZi + Mt1B+tAGl4gI/si45/u/+hCtgEYHNcrrGj6ba6bNPBDskXbg5Y9WA7mtMaBp + GB/o4/76b/GgBuiEeVdc/wDLxJ/SlnI/ty15/wCWUlZulaPp1xHcGaHcUmdB + ywwo6Dg0TaPpq6rb26w4jeNyRluSOnegDV1wj+ybjn+EfzFacRHlJz2Fc1q2 + jabbadPPDDtdAMHcxxz7mr0eg6QUUm3GSB/E3+NABoxGb7n/AJepP6UXRH9t + WPP8Mv8AKs7TNH064N350O7y7h0XluFGMDg0XGj6cmqWlusOI5FkLDLc4HHe + gDY1kj+y7nn+CrtsR9ni5/gX+Vc/qmjaZb6fPNDBtdFyDubj8zVqDQtJeGN2 + twSygn5m7j60AP0kjzr/AJ/5eG/kKL0j+2NN5/57f+gis3TtH02eS8WWHcIp + mVeW4AHTrRdaPpsepWMCQ4jm83cMtztXI70AberEf2Zc8/8ALNv5VPZkfY4O + f+Wa/wAqxNR0XS4LGeaKDa6ISDubgj8amtdC0qS2ike3BZkUk7m6kfWgCTSy + Pteoc/8ALb+lGoEf2npvP8Un/oNZ1hpGnTXF6ksO5YpNqjLcDH1ovNH06K/s + YY4cJKzhhlucLkd6AN3UyP7Ouuf+WT/yNMtrmC00iK5uZFiihgV3ZjgKqrkk + n0ArOv8ARNLhsriWOAK6RsQdzcED614N8fdQsvD3w1hitU2XmtNFBuDHITbv + kOM45A2n/er0coy6WLxNPDR3k0v838kcmPxaoUZ1n0R8p/FT4gXPj/xRc38b + MmmxOy2sR4AQcbyP7z4yfTgdq8zor6e/Z++HNtq1wPGetwiW3glMVrG33WkU + ZaQj/ZyAvvnuBX9P43FYbKMDzJWhBWS7vt6vq/Vn4vhqFbH4mzfvS1b7f1/w + DmfB/wCz94v8SWi6nqjpotm67l85S0zLjORGCMD/AHiD7V61a/su6A0CPPrd + yzsAfljRRz7HP86+m5bK1WJ2VOQpI5PpSQWVs8MbsmSVBPJr8Sx3iDmdWblC + fIuyS/N6n6VhuE8FTjaUeZ923+h8zR/sweGnmljOs3YEeMHbHzkfSll/Zg8N + RtGo1m7O9sfdj/wr6TitLdriZGTKptxye4pZ7S3R4QqYDNg8npXF/rtmv/P9 + /cv8jp/1bwP/AD6X4/5nze/7LvhpUZhrN3wCfux/4U2H9l/w1LEsh1m7BYZ+ + 7H/hX0vJZWqxuwTBAJ6msb+0/DNvEn2y+tonI5DzKpz9M1UeM82loqz+5f5E + T4ewEdZU0vm/8z5+T9mDw000kR1m7wm3B2x9x9KJv2YPDURjA1m7O9gv3Y+/ + 4V77aar4au7mWOG+tpB8u0LMpPI575rXuLW2Qw7E4dwDyeQaJcZ5tHes18l/ + kEOH8BL4aafzf+Z84t+y54ZCk/21d8D+7H/hUcH7L/hqWJZDrN2Cw/ux/wCF + fTT2NqEYhOgPc1Da2dtJAjumSRzyan/XbNf+f7+5f5F/6t4H/n0vx/zPmlf2 + YPDTTvF/bN3hADnbH3/Cif8AZg8NReXjWbs73C/dj7/hX0qlpbm5ljKfKoXA + ye9Jc2lvH5WxMbpFB5PQ0f67Zr/z/f3L/IX+reB/59L8f8z5xP7LnhkDP9tX + f/fMf+FRW/7MHhqaFZG1m7Bbttj/AMK+nDY2uD+7/U1XtLS3kt0d0yxznk+t + H+u2a/8AP9/cv8h/6t4H/n0vx/zPmpf2YPDRuGh/tm7woBztj7/hRP8AsweG + olUjWbs7mA+7H3/CvpRbS3N08ZT5QoIGTRdWlvGqFExl1B5PQ0f67Zr/AM/3 + 9y/yD/VvA/8APpfj/mfOX/DLfhn/AKDV3/3zH/hUFt+zB4amhWVtZuwWzxtj + 7H6V9PfYLT/nn+pqrZ2lvLbo7pljnnJ9aP8AXbNf+f7+5f5B/q3gf+fS/H/M + +ax+zB4aNwYf7Zu8Bc52x+v0ouP2YPDUKBl1m7OSB92Pv+FfSgtLc3bR7PlC + A4yeuaLq0t44wyJg7gOp70f67Zr/AM/39y/yD/VvA/8APpfj/mfOX/DLfhn/ + AKDV3/3zH/hUFv8AsweGpohI2s3YJz/DH2P0r6e+wWn/ADz/AFNVbS0t5YA7 + pkknufWj/XbNf+f7+5f5B/q3gf8An0vx/wAz5r/4Zg8NfafI/tm7xs3Z2x+u + PSi4/Zg8NQx711m7JyB92Pv+FfSn2S3+2eVs+Xy84yeuaLu0t44dyJg5A6n1 + o/12zX/n+/uX+Qv9W8D/AM+l+P8AmfOX/DLfhn/oNXf/AHzH/hUFv+zB4amj + 3trN2Dkj7sfb8K+nvsFp/wA8/wBTVW0tLeSIs6ZO4jqaP9ds1/5/v7l/kP8A + 1bwP/Ppfj/mfNZ/Zg8NfaBD/AGzd4K7s7Y/X6UXH7MHhqGFpF1m7JGONsfc/ + SvpQ2lv9rEWz5dmcZPXNF3aW8VuzomGGO59aP9ds1/5/v7l/kH+reB/59L8f + 8z5y/wCGW/DP/Qau/wDvmP8AwqCD9mDw1MrMdZuxhiPux9vwr6e+wWn/ADz/ + AFNVbW0t5EYumSGI6noKP9ds1/5/v7l/kH+reB/59L8f8z5rP7MHhoXCw/2z + d4Kk52x/4Utx+zB4ahhaVdZuyVxxtj9fpX0m1pbi7WPZ8pUnGT1zS3dpbxW7 + uiYYYwcn1o/12zX/AJ/v7l/kH+reB/59L8f8z5x/4Zc8M/8AQau/++Y/8Kgg + /Zg8NShydZuxtYr92Pt+FfTosLT/AJ5/qar21pbyCTemdrsByego/wBds1/5 + /v7l/kH+reB/59L8f8z5qb9mHw0s6Q/2zd4YE52x9vwpZ/2YPDUMLSDWbslf + 9mP/AAr6Te0txdRxhPlZSSMntTrqzto7d3RMEDjk0f67Zr/z/f3L/IP9W8D/ + AM+l+P8AmfN6/sueGSAf7au+f9mP/CoYP2YPDUvmZ1m7Gxyv3Y+34V9OLY2p + UEx9vU1XtrS3k83emdsjAcnoKP8AXbNf+f7+5f5B/q3gf+fS/H/M+a3/AGYP + DSzxxDWbvD552x9vwp037L/hqKJpBrN2Soz92P8Awr6SktLdbmGMJ8rBsjJ7 + Cn3NnbJA7qmCBxyaP9ds1/5/v7l/kH+reB/59L8f8z5tX9l3wyyhv7au+Rn7 + sf8AhUUP7MHhqRpAdZuxsbH3Y/8ACvptLG1KKSnJA7moLe0t3aUMmdrkDk9K + P9ds1/5/v7l/kH+reB/59L8f8z5rk/Zg8NJNFENZu8SbsnbH2H0p837L/hqO + J5BrN2SoJ+7H/hX0jLaW63ECBPlfdkZPYVJcWdskDuqYIBI5NH+u2a/8/wB/ + cv8AIP8AVvA/8+l+P+Z82J+y74adFY6zd8gH7sf+FRRfsweGpHkU6zdjYcD5 + Y/8ACvpqKytWjRinJAPU1DBaW7yTKyZCtgcmj/XbNf8An+/uX+Qf6t4H/n0v + x/zPmuX9mDw2kkca6zd/vM8lI+MD6VyHiX9mLV7G2ku/Deqx6gY1LeTMnkuc + dlYFlJ+u0e9fYktpbrPCipgMTnk9hUk1lbJDIypghSRyfSt8Px7mlOXN7W/k + 0rflf8TKrwtgZprkt6Nn5Q6lpmoaPey6dqlu9rcwnDxyDDD/AOsRyD0I6VNo + us6l4e1S21rR52try0cPG69iOx9QRwQeCODX3t8XfhlZeM/Cz6hYQga1YReb + C6/elUDLRH13c7fRvYnP561+18NcQUs1wzk42a0kt/6T/wCAfm+c5TPA1kk9 + N0/66o/UHwZ43s/iBoOieIbYCOVpGjuIgc+VOi/Mv05BX2Ir0i+I+w3HP/LN + /wCRr4A/Zw1dU8XSeGrr5rfUk3qpJ/1kQJ4+qk5+gr7qu9D0qO1mkSABlRiD + ubqB9a/n3i/JVgMfOhD4d16P/LVfI/VMgzF4rCxqS32fqv6uaGlkf2ba8/8A + LNf5VVsSP7V1LnvF/wCg1V0/RNLmsYJZYNzuiknc3JI+tV7TR9Nk1C+geHKQ + mPaMtxuXJ718yeyaOqkfaNP5/wCW4/lWldkfZZuf4G/lXOaho+nQzWaxQ7RL + KFbluRj61duNC0lLeV0twGVWIO5uoH1oAuaOR/Zltz/AKgsyP7Z1DntF/wCg + mqem6Lpk9hBNLBud1BJ3NyfzqG20fTZNTvLd4cxxCPaMtxuGT3oA0tXI32HP + /Lyn9a1JyPIk5/hP8q5nUtH02BrQRQ7fMnRG5blTnI61oS6DpKxOy24BCkj5 + m9PrQBPohH9lW3P8P9ahtiP7bvOf+WcdUtK0bTLjT4JpoNzuuSdzc8+xqODR + 9OfVbm3aHMcaIVGW4J696ANHWiNtlz/y8xf1rYcjY3PY1y2qaPp1uLXyYdvm + Txo3LHKnORya0n0DSAjEW44B/ib/ABoAdoJH9k2/PY/+hGmwkf27cc/8sU/n + WfpGj6bc6dDPPDudwcnLDufQ02LR9NbVprYw/u1jVgMt1J+tAGlrZHkW/P8A + y3j/AJ1s5HrXKaro+m28ULQw7S0yKeW6E8jk1qf2BpH/AD7j/vpv8aAPJvGl + +I/DGmacp+aaSSRvohIH5lv0qp8LbYSa5Pct0hgIH+8zAfyzXF65eLeX7lPu + R/ID64PX869R8A6FB5Aa+j3m5i84AkjA3bV6Y7DP40FdD0TXSPsac/8ALWP+ + dbWR61ymraRp1tbJJBDtYyIucseCeeprU/sDSP8An3H/AH03+NBI3QCP7NXn + +N//AEI0ZH/CQ9f+XX/2es3R9H025sVlnh3OWYZyw6MQOho/sfTf7Z+y+T+6 + +z79uW+9vxnrnpQBpa8R/Zx5/jT/ANCFbOR61ymr6PpttZGWCHa+5BnLHgkA + 9TWp/YGkf8+4/wC+m/xoAboRH2Juf+Wsn86RyP8AhII+f+Xc/wDoVZ2k6Ppt + zatJPDuYSOM5YcA8dDQ2j6cNYS1EP7owl9uW+9uxnrmgDR8QEf2TNz3T/wBC + FbWR61yms6Pp1rp0s8EOx1K4OWPVgO5rU/sDSP8An3H/AH03+NADdEI+zz8/ + 8t5P50Skf27Bz/yxf+dZulaPptxDK00O4rK6jlugPA4NEmj6aurw2wh/dtEz + EZbqD9aANHxFJHHot1JI4VFUEknAADDJJr8t/j18Y7z4m+IWsdPlZPDumuVt + YhwJWHBncdy38IP3V9y2fr79p/WbDwf8NpLTTk8q91yUWiMGbKxYLSnk9Co2 + H/er8xK+Q4kx7uqEfVnwHGGaSusLB6bv9F+oV614H+CXxC8eiGfSbAWtnPyl + zdt5MTD1Xgsw91UivV/2aPgvY+Obubxh4ph87R9Pk8qGBvu3E4GTu9UQEZHR + icHgEH7/AH0nTotQtrWKELCUb5QTj5enftXHleSe1j7Sq7I4Mk4a9vBVqztF + 7LufBsn7Hvi23tGuLnX7AMgyVRZWH5lV/lVtf2NvE7KG/wCEishkZ/1clfdm + paVp8FjNNFFtdRwcn1+tcH488d/Dr4cWCT+I5QbqRN0VrES9xL7hdwwP9piB + 754r6LDcMUq01TpQcpPornvYnIMuowdSrpFdWz5Itv2PfE1wZQPENmvlOU5j + k5x3ok/Y98TR3MVsfENkTKGOfLkwNozXNeLv2kfFWsSTQeGbaLRLRmOxv9dc + bT2Lt8o/Bcj1rw7VPE3iPW3L6vqdzeFu0sruPwBOAPav0HAeC8qi5q7UPK7b + /NL8T89zDiTJ6b5aFKU/O7S/z/A+j7r9kjWrWN3bxTpxZBnbh8n8Kux/sb+J + pI1kHiOyw4B/1cnevketXTtd1vR3Emk6hcWbLyDDK8f/AKCRXp1PBDD29ytr + 5p//ACR5lPizA39/Cu3lN/5H07b/ALHvia4eZR4hs18pynMcnOO9Ev7HviaK + 4gtz4hsyZt2D5cmBtGa43wh+0V4z8PypHrkcWv2gPzLPmOYD/ZlTHPuytX2T + 4A+KXw9+JFzZ2ujk2l8wczWU5Ky8LkFTnDjrypz6gV8bnPhlUwSc507x7ptr + 59V+R9pk2IyXGtQp3UuzbT+Wtn99z5ruP2OvE0EDzHxFZMEBOBHJzinRfsce + JpYklHiKyG8A48uTvX3lfaRp0NnNLHDhkQkHLdQPrUlto+myW0TvDlmRSTub + qR9a+W/sLDfy/iz6j/VfBfyv72fAkH7HviaeWaMeIbMeS23Jjk5om/Y98TQz + QwnxDZkzEgHy5OMDNfeFlpdhLcXaSRZWNwFGTwMfWi70uwjvLOJIsLKzBhk8 + 4HHej+wsN/L+LD/VfBfyv72fCc/7HPiaGGSY+IrIhFLYEcnOBmiH9jnxNNDH + MPEVkBIobBjk4yM196XmkadFaTyxw4ZEYg5bqB9aWz0fTpbSCR4cs6KSct1I + +tH9hYb+X8WP/VfB/wAr+9nwND+x74mmmmhHiGzBhIBPlyc5GaJ/2PfE0EsM + Z8Q2Z85tuRHJxX3haaXYSXd3E8WViZQoyeMj60Xul2EVxaJHFhZHIYZPIx9a + P7Cw38v4sP8AVfB/yv72fCkv7HHiaKJ5T4isjsBOPLk7U23/AGOvE08CTDxF + ZKHAODHJxmvve60fTY7aWRIcMqMQdzdQPrTLHSNOms4ZZIcs6Ak5bqR9aP7C + w38v4sX+q+C/lf3s+CIv2PfE0txPbjxDZgw7cny5MHcM0XH7Hvia3eFD4hs2 + 81tvEcnFfeFrpdhJf3kLxZSLy9oyeMjJ70X2l2EMtqscWBJKFbk8jH1o/sLD + fy/ix/6r4P8Alf3s+FZP2N/E8aM58RWR2gn/AFcnao7b9jvxNcwJOPENkocZ + wY5OK++p9G01IZHWHBVSR8zdh9ag0/SdPmsoZZYdzsoJOW/xo/sLDfy/ixf6 + r4L+V/ez4Kj/AGPfE0lzNbDxDZgxBTny5MHcM0XP7Hvia3MQPiGzbzXCcRyc + Z7194W+l2D6jdQNFlIwm0ZPGRz3o1DS7CFrURRbfMmVW5PIPUdaP7Cw38v4s + P9V8H/K/vZ8LN+xt4nVS3/CRWXAz/q5Khtf2PPE11bpOPENkocZwY5K+/ZNF + 0xY2YQ8gH+Jv8aqabpWnz2MM0sW52HJyfX60f2Fhv5fxYf6r4L+V/ez4MT9j + 3xM91Ja/8JDZgxgHPlyYOaLn9j3xNbCMnxDZt5jqnEcnG7vX3hDpdg2pXEDR + ZjRUIGTwT170ajpdhAtuYotu+ZFPJ5B6jk0f2Fhv5fxYf6r4P+V/ez4XP7Gv + icAn/hI7Lj/pnJVBP2PvF9zZrc2eu2DM+cLIJUHBx1Ct/Kv0HbRdMCkiDoP7 + zf41Q0vSrC4sIppotztnJyR3PoaHkWG/l/EHwvg/5X97PyZ8c/CHx58PWZ9f + 08tarj/Sbc+bBzwMsOVz23Bc15lX7WvomlXd7c6ddWyzWzxANG+WVg3BBB6g + jsa/OP8AaL+DsHw212HWNAjK6DqzN5acn7PMOWiyf4SPmTPOMj+HJ8LNMm9j + H2lN3X5Hy+ecOfV4+1pO8evdGh+zf8aLjwLrsXhPXpyfD2qSBQXPFrO5wJAT + 0Rjw46D73Y5/SXw+R/ZMPPd//QjX4c1+rv7Puq2Hjn4X6bqN+nnX1kXs7liz + ZLw/dJwepjKE+5r0uG8e5XoSe2q/yPX4PzSUr4ab21X+R7ShH9vyc/8ALuP/ + AEKjXSPsac/8tY/51mro+mnWHtjD+6EIYLlvvbsZ65o1bR9NtrZZIIdrGRFz + ljwTz1NfVn3R1eR61i6AR/Zy8/xv/wChGn/2BpH/AD7j/vpv8a8jvvE1jpE5 + spdMW5Yc7zKydSeMAHpQFj1rI/4SHr/y6/8As9Gvkf2a3P8AGn/oQrjfDMmn + +IJUuGsxBG0THyw7N8yvtzng9K6DWNH022sWlgh2uGUZyx6sAepoA6vI9axt + CI+xvz/y1k/nTv7A0j/n3H/fTf41l6To+m3Ns0k8O5hI65yw4B46GgDRcj+3 + 4+f+Xc/+hUviAj+yZ+e6f+hCs1tH04awlqIf3RhLFct13Yz1zRrOj6ba6dLP + BDsdduDlj1YDuaAOryPWsXQyPIuOf+W8n86f/YGkf8+4/wC+m/xrL0rR9OuI + Zmmh3FZXUcsOAeBwaANKYj+3bfn/AJYv/Ona8R/ZNxz2H/oQrLl0fTV1aG2E + P7t42YjLdQfrTtX0fTbbTpp4IdroBg5Y9x6mgDp0I2Lz2FZGjEbbzn/l5l/p + QugaQVBNuOn95v8AGs3S9H024W5M0O7y55EXlhhRjA4NAGlckf23Z8/8s5Kk + 1sj+yrnn+H+orJn0fTU1W2t1hxHIjlhluSOnen6ro2mW+nzzQwbXRcg7mOOf + c0AdHAR5MfP8I/lWVo5G+/5/5eX/AKUkWg6S0SM1uCSoJ+ZvT61n6bpGnTtd + iWHd5c7ovLcKMYHWgDRvCP7Z0/n+GX/0GrGsEf2Zc8/wGsa50jTo9Ts7dIcR + yiTcMtztHHeptS0XTILCeaKDa6KSDubg/nQBvWpH2WHn+Bf5Vm6UR9o1Dn/l + uf5Co7fQtJe3jdrcEsqk/M3Uj61R0/R9NmmvFlh3CKUqvLcDHTrQBo35H9ra + bz3l/wDQat6qR/Zt1z/yzb+VYd3o+nR6jYwJDhJjJvGW52rkd6sahomlw2M8 + 0UG10RiDubggfWgDZsSPsNvz/wAs0/kKz9MI+26jz/y1H8qitND0qS1hkeAF + mRSTubqR9ap2GkadNdXsckO5YpAFGW4GPrQBpaiR/aOnc/xv/wCg1d1Ej+z7 + rn/lk/8A6CawL3R9NivbKKOHCSswYZbkAZHerV7oelRWdxLHAAyRsQdzcEA4 + 70Aammkf2da8/wDLJP8A0EVT08j+0tR5/jT/ANBqvY6JpctlbyyQAu8aMTub + kkAnvVWy0fTZb69ikhykTIFGW4yuT3oA0dTI+2afz/y1P8q0L4j7Fcc/8s3/ + AJGuev8ASNOhubKOOHasshVhluRj61cu9D0qO1mkSABlRiDubqB9aAL+lEf2 + ba8/8s1/lVWxI/tfUuf+eP8A6DVXT9E0uaxgmlg3O6KSdzckj61BaaPp0mpX + 0Dw5SHy9gy3G5cnvQBpasR59hz/y3X+RrSuiPs0vP8Dfyrm9R0fTYJbNYodo + lmCty3Ix061en0LSUgkdbcAqpI+ZuoH1oAt6OR/Zdtz/AACq9oR/bV/z/DF/ + KqemaLpk9hBNNBud1BJ3NyfzqK20fTn1S8t3hzHEsZUZbjcOe9AGjrBG6w5/ + 5eY/61rTEeS/P8J/lXMano+nQG08mHb5k6I3Lcqc5HJrQl0HSVjdhbgEAn7z + f40ATaGR/ZVtz/Cf5mo7cj+27vn/AJZx1Q0rRtNuNPgnmg3O4yTubnn2NMh0 + fTW1W5t2hzGiIQMtwT170AaWtEbLTn/l5i/rWwxG089q5XVNH023W2MMO3zJ + 0RuWOVPUcmtJtA0gAkW4/wC+m/xoAXQCP7It+ezf+hGmxEf29Pz/AMsV/nWf + o+j6bc6dDPPDudgcnLDoSOxpI9H05tXmtjD+6WJWAy3Un60AaOuEfZ4Of+W8 + f862sj1rlNW0fTreGJoYdpaVFPLdCeeprU/sDSP+fcf99N/jQA3w+R/ZUPPd + /wD0I0KR/wAJA/P/AC7j/wBCrN0fR9NutPjnnh3uxbJyw6MR2NC6Ppp1hrXy + f3QgD7ct97djPXNAGlrpH2Jef+Wsf862cj1rlNW0fTba1WSCHaxkQZyx4J56 + mtT+wNI/59x/303+NADNAI/s8c/xv/6EaCR/wkI5/wCXX/2es7R9H065shLP + DubcwzlhwDgdDR/Y+nf20LXyf3X2ffty33t+M9c9KANHXyP7Nfn+JP8A0IVt + ZHrXKaxo+nW1i00EOxwyjOWPUgHqa1P7A0j/AJ9x/wB9N/jQA3QiPsknP/LW + T+dDkf2/F/17t/6FWbpOj6bc2zvPDuYSOucsOAeOhqeGxtLPXY0to9g8lm6k + 85x3PpQB0tFFFABRRRQAUUUUAFFFFAH/1f3Plj1f+1YA0sXm+W207TjHfIp+ + rR6uNOmNxLE0eBkKpB6jpTJdVgbVYLgRy7UjcY2HPPoKdq2rQXGnTQpFKpYD + lkIHUd6AL8cWu7FxNDjA/hNZ2mR6sftfkSxLi4k3blJy3GSPatCPXLYIo8mb + gD/lmaz9M1WCD7XujlPmXEjjahOAccH39qAC4TVv7UtQ8sRlKvtIU4Axzmpd + Tj1gWE5nliaPb8wVSDj2qK41WB9UtZxHKFjVwQUOTkdhUmp6vBPYTwrFKpZc + ZZCB+JoAtwx655Me2aHG0Yyp6Yqhp0ermS88mWIETNvyp5bjJHtV+HW7ZYY1 + MM3Cgf6s+lUNO1WCGS7LRynzJmYYQnAOOvoaAC6j1calZCSWIynzdhCnA+Xn + NT6jHrIsZzPLCY9h3AKc49qgutVgk1KynEcoEXm5BQgncuOB3qbUdYt5rGeJ + YpQXQgEoQPxNAE9tHrZtojHNCF2LjKnOMcVS0+PVjcXnkyxBhL8+VOCcdquW + 2tW6W0SGKYlUUcRkjgVTsNVghuLx2jlIkk3DCE447+lABeR6uL+xEksRkJfY + QpwPl5z+FWb+PWhZXBlmhKeW24BTnGOcVWvNVgkv7KURSgRFyQUIJyuOB3qz + fazby2VxEsUwLxsAShA5Hc0AOs49bNpAYpoQmxdoKnOMcZqpZR6ubu9EUsQc + Ou8lTgnHarVnrNvHaQRmKYlUUZEZI4HaqtlqsEV3eyNHKRK6kAISRgd/SgAv + o9WF3ZCWWIuXbYQpwDjvVu8j1sWk5lmhKbG3AKc4xziql9qsEt3ZSLHKBE5J + BQgnI7etWrzWbeS0njEUwLowyYyByO9ACWEetGygMM0ITYu0FTnGOM1Ws49W + N/fCOWISApvJU4Py8YqxYaxbw2UETRTEoigkISOB2NV7PVYI7++mMcpEpTAC + EkYXHI7UAF/Hq4ns/OliLGX5MKcA471duY9bFvKXmhK7GzhTnGKpX+qwTT2b + rHKBHLuOUIzx29au3OtW728qCKYFkYcxnHIoAh06PWTYwGCaIR7BtBU5x71B + ax6sdTvRHLEJQI95KnB+XjFTadrFvDYwRNFKSiAEhCR+BqG11WCPU72cxykS + iPACEkbVxyO1ABqMerB7Tz5YiTMuzCkYbnBPtV+aPXPJk3TQ42nOFPTFUNR1 + WCZ7QrFKPLmVjlCMgZ6epq/Nrds0LqIZuVI5jPpQBU0uPWDp8Bt5Ylj2/KGU + k496jgj1f+1LoJLEJQqbiVOCMcYqTS9Xgg0+CFopWKrjKoSPwNRwarAmqXU5 + ilKyKgACHIwO4oANTj1YfZfPlibNxHt2qRhucE+1aLxa7sbM0OMH+E1nanqs + E/2XbHKPLuI3O5CMgZ4HvWi+uWxRh5M3IP8AyzNAFHSY9XOnQm3liWPBwGUk + 9TTIo9X/ALVnCyxeb5a7jtOMdsCnaTq0Fvp0MLxSsVB5VCR1PemxarAuqz3B + jl2vGgxsOePUUAGqx6sI4PtEsTDzk27VI+btn2rTMWvY/wBfB/3yazNU1WC4 + jgVY5V2TI3zIRwPT3rT/ALctv+eM3/fs0AZmjR6sdNhNtLEsXzYDKSfvHP60 + JHq/9ryASxed5Iydp27c+nrRo+qwW2mwwPHKxXdyqEjlietCarANXkuPKl2m + ELjYd2c+npQAarHq4t0+0SxMvmJjapBznitTyte/57wf98msvVdVguLdEWOV + SJEb5kIHBrT/ALctv+eM3/fs0AZmjx6sbBDbSxLHlsBlJP3jmgR6v/bJHmxe + d5A52nbt3dMeuaNH1WC2sEieOViCxyqEjlietA1WD+2Dc+VLt8gJjYd2d2c4 + 9KADV49WFnm5liZN6cKpBznitTyte/57wf8AfJrL1fVYLmz8tI5VO9DlkIHB + rT/ty2/54zf9+zQBmaTHq5tCbeWJU3vwyknOeaDHq/8AbCjzYvO8g87Tt27u + mPXNGk6rBb2hjeOVjvc/KhI5NB1WD+2FufLl2iArjYd2d2c49KADWI9XFhIb + mWJo8rkKpB+8MfrWp5Wvf894P++TWXrGqwXNhJCkcqkleWQgcMD1rT/ty2/5 + 4zf9+zQBmaVHq5gk+zyxKvmvncpJznmiSPVv7XiBli87ymwdp27c/wA6NK1W + C3gkR45WJldvlQnqaJNVgOrxXHly7ViZcbDu5Pp6UALrEerjTZjcyxNF8uQq + kH7w/rWkItewP30H/fJrM1jVoLnTZoUilUtt5ZCBwwPWtIa5bYH7mb/v2aAM + 3S49WKXH2eWJR5z7tyk/N3x7UTR6t/atuGli83Y+07TjHfNGl6rBbpcBo5Tv + mdvlQng+vvRNqsDarb3Ajl2ojgjYc8+goAfq0esDT5jcSxNHgZCqQeo6Veji + 13YuJocYH8JqjqurQXGnzQpFKpYDlkIHUd6ux65bBFHkzcAf8szQBn6ZHqxN + 35EsS4nffuUnLcZI9qLiPVv7UtA8sRlKybCFOAMc5o0zVYIDd7o5T5k7uNqE + 4BxwfQ1ja14x0vTdXs5LmOYBEckbADhuBjJHpQBvanHrAsJzPLE0e35gqkHH + tVqCPXPJj2TQ7doxlT0xWF/wlmm67pVybKOYAfJlkwM8HqCa3INbtlhjUwzH + CgcRn0oAo6dHq5kvPJliBEzb8qeWwOntRdR6sNSsRJLEZT5uwhTgfLzn8KNO + 1WCGS7Zo5T5kzMMITgYHX0NF1qsEmpWM4jlAi83IKEE7lA4HegCfUY9ZFjOZ + poTHsO4BTnHtU1tHrZtojHNCF2LjKnOMcVDqOsW81jPEsUoLoQCUIH4mpbbW + rdLaJDFMSqKOIyRwKAKdhHqxuLzyZYgwk+fKnBOO1F5Hqwv7ESyxGQs+whTg + fLzmiw1WCG4vHaOUiWTcMISRx39KLzVYJL6ylEUoETOSChBOVxwO9AFm+j1o + WVwZpoSnltuAU5xjnFfH/wC05PfCHwra3DqYvKnkQKCOoiAz6nAr7AvtZt5b + K4iWKYF42AJQgcjua+Nv2m7pLiXwuiKymK2mU7hgH/V9PWvtvDtJ5vRv/e/9 + JZ85xa/9gqfL80fLFfpJ8LdPfT/h74agh2KsluswwP4psyEn8Wr826/TL4fX + C/8ACCeFvlb5LG3zx1/djpX6R4qTf1WlHpzfoz5HgeK9vUfl+p3Uq3vlPudM + bTng+lJAt55KbGTbtGMg9KWW8RonUI/Kkfd9qSC7RYUUo5woHC1+Gn6YRxLd + /aJtrLu+XPBx04xXnni/4gw6HN9itSl5exHkDOyM/wC0e59h+JFVfH/jWTR1 + m0zS2KXl0FLP0MSYxx6Me3oOfSvnokkkk5Jr6XJ8lVRe1q7dF3Plc7z10n7G + jv1fY6HWPFev66zf2jeO8Z/5ZqdsY/4COPz5rna7Lwf4Wg8S3EyT3XkrAAxR + V3SMD3GeAPU8/SvadP8AAPg22gQS2MlzJjl3Zzn8FIX9K9rE5ph8M/Z2+SX/ + AAx4WFynE4pe1b36tnzJW5pXiPW9FdG0+7eNUIOwndHn/dORXv1x4C8HXTzL + 9heHONpiZwy8c8EkfmK8d8aeFLXwzPELW7MyT5KxyLiRQO5xwR78fSjDZrh8 + S/Z236Nf8OGKyfEYVe1T0XVM9T8L/EmPXGGn6kY7S7YYU8+XIfQHsfY/n2r0 + q2W7MCeWyBccZBzXxVX0H8N/HBvYBoOqEvcwj9y/Uug6g/7S/qPpz4+cZKoJ + 1aO3VHt5LnrqSVGvv0f+Z6gi3f2mXDLuwueDii5W7/db2U/vFxgd+1CXSC5l + fa2GC8Y54oubpH8rCsNsinkY6V8wfWFgrfYPzp+RqC0W7NunlsoXnGQc9anN + 7Hg/I/8A3zUFpdJHbohViRnoMjrQAird/anAZd+0Z4OMUXS3YVPMZSN4xgHr + Qt0gunk2tgqBjHNF1dI6oArDDg8j0oAs7b7++n5Gq1mt2bdPKZQvOMg561Z+ + 2x/3H/75qtZ3SR26IVYkZ6DI60AAW7+1sNy79g5wcYzRdLdiMeYykbh0B60C + 6T7W0m1sFAMY560XV0kkYUKw+YHkYoAs7b7++n5Gq1ot2YB5bKFyeo561Z+2 + x/3H/wC+arWl0kcAQqxwT0GR1oANt39sxuXf5fXHGM0Xa3Yh/eMpGR0B9aPt + SfbPM2tjy8Yxz1ou7pJIdoVhyOox3oEWdt9/fT8jVa1W7MR8tlA3HqKs/bY/ + 7j/981WtbpI4ipVj8xPAzQMCt39rA3Lv2dcHGM0Xa3Yt28xlK8dBz1oN0n2s + SbWxsxjHPWi7ukkt2QKwJx1GB1oAs7b7++n5Gq1qt2Uby2UDcc5B61Z+2x/3 + H/75qta3SRowKscsTwM0ADLd/a1BZd+04ODjGaLtbsW7+YyleM4Bz1oa6Q3a + ybWwFIxjnrRd3SSW7oFYE46jA60AWQt9/fT8jVa2W7Ik2Mo+ds5HerIvY/7j + /wDfNVra6RBJlWOXY8DPWgAdbv7VGCy79pxxxS3S3Yt38xkK45wDmke6Q3Ub + 7WwFIxjmlurpHt3QK4JHcYFAE6rfbRh0xj0NV7Zbs+bsZR+8bOR371YW8jCg + bH6f3ar210ieblWO6RjwPWgAkW7+0xbmXdhsccdOafcreeQ+9kK45wDmmSXS + G5ifa2FDdueRT7m7R4HUI4yO68UASIt7sXDpjA7GoLdbvdLsZQd5zkHrU6Xk + YRRsfgD+GoLe6RGlJVjucngUAEq3f2iDcy7vm28HHTnNPuFvPJfeyFcHOAaZ + LdI1xA4VsLu7c8jtT7i7R4XUI4yCOVoAfEt75abXTGBjg1DAt35k2xlB3c5B + 61NFeIsaKUfgD+GoYLpEkmYqx3NngUAEq3fnQ7mXdk449u9SzLeeTJuZNu05 + wD0xUUt0jTQsFb5Se3t2qSa7RoZFCOMqRyvtQAsK3nkx7WTbtGMg9MV+XHjO + xTTPF+t6dEAqW17cRqB0CrIwGPwr9R4btFhjUo5woHC+1fmP8R2D+P8AxGw4 + zqFyef8Aro1fq3hVJ/WKy6WX5nwvHMV7Km/N/ka3wenuLf4meH3tWCytcbAT + yP3ispz+Br9KbuPWxazGSaEpsbICnOMc1+Z/wnkEPxI8PSsCQl2hIAyePQV+ + l93rVvJazRiKYFkYcxkDkVw+LKX12k/7v6s6OBX/ALNNf3v0Qywj1o2MBhmh + CbF2gqc4xxmq9pHq51C+EcsQkBj3kqcH5eMfhViw1i3hsYImilJRFBIQkcDs + ar2mqwR6hfTGKUiUx4AQkjC45Havys+3DUI9WE1n50sRYyjZhTw2O/tV64j1 + v7PLvmhK7WzhTnGKo6hqsE01myxygRyhjlCM8dvU1duNat3t5UEUwLKw5jOO + RQBBpsesmwgMEsSx7RtBUk496hto9XOp3gSWISgR7yVODxxiptN1i3gsIImi + lJRQMhCR+BqG21WBNTvJzHKRII8AIcjaO47UAGpR6uGtPPliOZ12YUjDc4J9 + q0JYtc8p900ONpz8p9Kz9S1WCdrQrHKPLnVjlCMgZ6epq/Lrds0TqIZuQR/q + z6UAVNLj1g6fAbeWJY9vyhlJOM96jgj1b+1bkJLEJQibiVOCO2Kk0vV4INPg + haKViq4yqEjr2NRwarAuqXNwY5SrogACHIx6igA1SPVgLX7RLE2Z49u1SMNz + gn2rSeLXdpzNDjB/hNZuqarBOLbbFKPLnRzuQjIGeB71ovrlsVI8mbkH/lma + AKGkR6udOhNtLEseDgMpJ6mmxR6v/a0wWWLzvLXJ2nbjPHFLpGrQW+nQwvFK + xUHlUJHU96SLVYF1aa4Mcu1o1XGw54PpQAarHq4ih+0SxMPOTG1SPmzx+FYf + jLXtV0HTvLa4i8+6yiBFO4DHLfh/OtHxF4isbexSeVJEEcqN8ybd2OcDPevB + tb1i71/UpL+6+85wiDkKo6KP88nmgaQ7QdHuNd1SHTrcff5duyoOpP8AnrXv + 0FvqcOpm3heFHjgVRhTtCA4AArnPAttaaFp7XE8MrXd1yxVCQqjooP6n3+ld + OuqwDWHufLl2mELjYd2d2enpQDYasmrC2U3EsTL5iY2qQc54rU8rXv8AnvB/ + 3yay9W1WC4tlRI5VIkQ/MhA4Naf9uW3/ADxm/wC/ZoEZmkR6ubJTbSxKm5uG + Uk5yc0eXq/8AbOPNi877PnO07du/pj1zRpGqwW9ksTxysQzHKoSOWJ60f2rB + /bP2ny5dv2fZjYd2d+c49KADV49XFkTcyxMm5eFUg5yMVqeVr3/PeD/vk1l6 + vqsFxZGJIpVO5TlkIHBB61p/25bf88Zv+/ZoAzNJj1c2rG3liVPMf7yknOea + Gj1b+2EBli87yTg7Tt27vT1zRpOqwW9q0bxysS7n5UJHJobVYDrCXPly7RCV + xsO7O7PT0oANZj1YadKbmWJo8rkKpB+8MfrWp5Wvf894P++TWXrGqwXOnSwp + FKpYryyEDhgetaf9uW3/ADxm/wC/ZoAzNKj1Ywy/Z5YlHmvncpPzZ5/CiSPV + /wC1oQ0sXneU2DtO3GeeKNK1WCCGVWjlbdK7fKhPBP8AOiTVYG1aG4Ecu1Ym + XGw55PpQB8PftkXmonV/DOmXsiOsUFxMoQEDMjIpzn/c4r4tr7C/bEvI7zxX + oDxo6BbJx867f+Whr49r83zp3xU/66H4/wASO+NqfL8kfrV8D9Iu9J+F+g2u + ntHEj26TOGBJ8ydRK/T3avR5U1P+0oA0kZlKNtODgDvmuQ+F2oRW3gDQkdJG + JsrY/KuR/qUrK+K/xMtPAGhP4iWMtd7GhtYpBjfO4+XI7qvLN7DHUiv0LLcJ + Oq6dCkrt2SP0n29PD4VVJu0Yx/JHB/HX42TeALZvDOmTQ3euXSZYKuVtUboz + 56seqr+J4wG/O3U9U1HWr+bVNWuZLu7uG3SSysWZj7k/oOw4pNT1K/1nULnV + tUma5u7uRpZZHOWZ2OSTX0x8CvgjbeJjF4u8bQSnSAc29sqkG6I/iYjBEYPY + ct7Dr/QWCwWDyLBupUfvdX1b7L9F82fhGNxuNz7GKlSXu9F0S7v9X8keS+Af + hF45+I8m7w9Y7bNW2vdzny7dT3+bBLEdwgYjuK+mdI/ZEsLeW3h8Sa5JcSzB + iVtVESKV5I3OHJH4CvrXRriw0yCW0tLYw26SERxxR7URAAAoUcDHpU8+pQvq + FrMI5AIw+QVOTkdhX5vmviDjq8mqL5I+W/zb/Sx+lZV4eYGhFOsueXnt8kv1 + ufPNx+yx8PrW0eRxO2wZ3ee27+WP0rmtU/Y/0a7g87QdbmtJGXcFnVZk56D5 + QhH5mvrDUNUhmspoljkBZcZKECp4NXgSGNTFLkKBwh9K8WjxbmUJcyrv56/m + ezW4Ry2a5XQXy0/Kx+Vnjn4K+O/Aaz3d/aC906BirXdrmSJcf3xgMn1YAZ4B + NeWW1zc2VxHd2crwTwsHSSNirow5BVhyCOxFfsxZ6hbq14ssTuk0hONmRgjo + R/Sviv48fA/ToVl8YfD+zeBQGku7FUwoA5aSEdgOrIOAORjpX6Pw1x/HESWH + xqSb0T6Pyfb8vQ/OOJvD6WHi8RgW3FatdV5p9fz9Trfgz8f73xZCPB3jC5jT + U/LKwXDDb9qAH3GxwJcdOzf73X60to9XNvEUliC7FxlTnGK/FaOSSGRZYmKO + hDKynBBHIII7iv1E+Bnxci8eeEI49SDNrGlBYLoIud4x8kuB03gc/wC0D2xX + hcdcJxw3+2YZWg912fdeT/B/h7vAfFssT/seJd5rZ912fmvxXpr61ZJqZuLs + RSRhg435BwTjtRdpqYvLQSSRlyzbCAcA45zRZ6lDFcXbtHIRI4IwpJHHei71 + KGS7tJBHIBGzEgqcnI7V+Zn6aWLyPVhaTGWWIpsbICnOMc4pbSPVjaQmOWIJ + sXaCpzjHGaS81WCS0mjEcoLIw5Qgcii01WCO0hjMcpKoo4QkcCgdiC0TUzd3 + YjkjDhl3kg4JxxikvU1MXFp5skZYudmAcA470WmpQx3d3IY5CJGUjCnIwO9F + 5qUMtxaOscgEbknKkE8dqALVzHq4tpTJLEV2NkBTnGOaZYx6sbOExSxBNgwC + pzin3OrQSW0qCOUFkYcoccimWOqwRWcMbRykqgHCEjpQKxBapqZvrwRyRiQb + N5IODxxii+TUxLa+bJGSZBtwDwfei21KGO+vJTHIRJ5eAFORgdx2ovtShllt + WWOQeXIGOVIz9KBlyePWPJk3yxFdpzhT0xUFhHqpsoTDLEE2jAKnOKnn1eBo + ZFEcvKkcofSoLDVIIbOGJo5CVUDIQkUCsRQJqf8AaF0EkjEgCbiQcHjjFGoJ + qYa186SM5mXbgHhu2faiDUoU1C6mMchEgTACnIwO4ov9Shma2KxyDy5lY5Uj + IHp70AXpI9Y8tt00WMHPymqumpqhsYTBLGseOAVJPWrUmr25jYeVLyD/AAGq + mnanDBZRRNHISo6hCR19aAsNhTU/7SuAskYlCpuODgjtik1FNTC2/nyRt++T + bgH73bPtRDqUK6jcTGOTDqgA2nPHqKNR1KGZbcLHINkyMcqRwM9PegDQaPWd + pzNFjH901R0tNUNhEbeWNY+cBgSepq62sW5Ujypen9w1R0vU4YLCKJo5CVzy + qkjqe9AWEjTU/wC05QJI/N8tcnBxjNeNftI6Pd6l8JdVa+aOT7E0VxHtBBV0 + cAnn/YLD8a9lj1KEanLOY5NrRqMbTng+leZ/HfUIrr4UeIYkSRT9nJyy4HWu + bGRTozT7M48ygnh6ifZ/kfk1X3t+xteapNo/ibTbOVEjt57abDgn5pkdSRj2 + jFfBNfcv7GV9FZJ4v8xHfebDGxd3T7R1r4zIX/tUfn+TPzjhZ2x0Pn+TPs5Y + 9X/thwJYvO8kZO07du7pj1zRq0eri2X7RLEy+Yn3VIOc8ULqsA1h7ny5dphC + 42Hdndnp6UatqsFxbKiRyqRIh+ZCBwa/RD9bNTyte/57wf8AfJr5y8Ubv7Wf + d/dH9a+jP7ctv+eM3/fs185+KGDas5H90f1oKieieAFvWtYxaOit5cn3gSNv + mc9O+a7XV49XFkxuZYmTcvCqQc5GK4rwBex2trG7o7ARyL8q5OTJn8q7XV9W + guLJokjlUllOWQgcEHrQJmp5Wvf894P++TWXpMerm2b7PLEq+Y/3lJOc81p/ + 25bf88Zv+/ZrM0nVYLe2ZHjlYmRz8qEjk0CBo9W/thAZYvO8k4O07du709aN + Yj1cadKbmWJo/lyFUg/eGP1obVYDrCXPly7RCVxsO7O7PT0o1jVYLnTpYUjl + Utt5ZCBwwPWgDU8rXv8AnvB/3yay9Kj1YwzfZ5YlHmvncpPzZ5/CtP8Aty2/ + 54zf9+zWZpWqwW8UyvFK26V2+VCeCf50AEker/2tCGli83y2wdp24zzxTtXj + 1cadMbmWJo8DIVSD1FNk1WBtWhuBHLtWNlxsO7k+lLq+rQXGnTQpFKpYDlkI + HUd6ANFYtd2jE0PT+6azdMj1crc+RLEuJ5N25Sctxkj2rSXXLYKB5M3T/nma + zdM1WCBbkNFKd87uNqE4B7H3oAJ49X/tW2DSxGUo+0hTgDvmpNVj1gafObiW + Jo9vIVSD17VHNqsDapbXAjlCojggocnPoKfqmrwXGnzwrFKpZcZZCB17mgC7 + FHrnlJtmhxgY+U+lZ+mx6sWu/IliBE779yk5bjJHtV+LW7ZYkUwzcAD/AFZ9 + KoabqsEDXZaOU+ZO7jCE4BxwfQ0AFzHqw1OzDyxGUiTYQpwOOc1NqUesiwnM + 8sRj2ncFUg49qhudVgfU7OcRyhYxJkFDk5HYd6m1LWLeewniWKUF1IyUIH4m + gCxbx655EeyaELtGMqc4xVHT49XM155MsQIlO/KnlsdvartvrVskEaGGYlVA + 4jPYVS0/VYIZrxmjlPmSlhhCcDHf0NABdx6sNRsRJLEZCZNhCnA+XnP4VY1C + PWRYzmaaEx7G3AKc4x2qvd6rBJqNjMIpQIjJkFCCdy44Hep9Q1i3msZ4lilB + dGAJQgcjuaAJbSPWzawmOaEJsXAKnOMcVTsI9WN1eiKWIOJBvypwTjtVu01q + 3jtYYzFMSqKOIyRwKqWOqwRXV7I0cpEsgIwhJHHf0oAL2PVxe2QlliLlm2EK + cA45zVq9j1oWc5lmhKeW24BTnGOcVVvdVglvbKVYpQImYkFCCcjHA71avdZt + 5bOeJYpgXjYAmMgcjvQAWMetGytzFNCE8tNoKnOMDGaq2cerm9vRFLEHDJvJ + U4JxxirNjrNvFZW8TRTEpGgJEZI4A6VWs9Vgivb2UxykSshACEkYXHI7UAF+ + mrC5sxNLEWMh2YU4Bx3q5dR62LWYyTQlNjZwpzjHNU7/AFWCW5s3WOUCKQk5 + Qgnjt61cutat5LWaMRTAsjDmMgcigCLT49ZNjAYZoRHsXaCpzjHeoLSPVjqN + 8I5YhIPL3kqcH5eMfhU+n6xbw2METRSkoigkISOB2NQWmqwR6jfTGOUiXy8A + ISRtXHI7UAGoR6uJbPzpYiTMNmFPDY7+1Xp49c8iTfNCV2nOFPTFUdQ1WCaW + zZYpR5cwY5QjIwenqavT61bPBIghmBZSOYz3FAFfTY9ZNhAYJYlj2jaGUk49 + 6ht49W/tS7CSxCUCPeSpweOMVLpur28FhBE0UpKKBlUJH4GorfVYE1O7nMcp + WQRgAIcjA7jtQAanHqwNp58sTZnTZtUjDc4J9q0JYtc8t900OMHPyms/UtVg + nNptilHlzo5yhGQM8D1NaEut2zRuohm5BH+rNAFLSo9YOnwG3liWPHAZST17 + 0yGPV/7VuAssQlCJuJU4I7Yp+lavBb6fDC0UrFR1VCR19aZDqsC6rcXBjl2u + iAAIc8eooANUj1cLb+fLE2Z027VIw3Yn2rSaLXdp/fQf98ms3U9VgnW3Cxyr + snRjuQjgenvWk2uWxBHkzf8Afs0AZ2kR6udOhNtLEseDgMpJ6mkjj1b+15gJ + YvO8pcnadu3NLpGrQW+nQwvHKxUHlUJHU96SPVYBq8tx5cu1olXGw7uD6UAG + qx6sIYvtEsTL5qY2qR82ePwrU8rXv+e8H/fJrL1XVYLiGJUjlUrKjfMhHQ/z + rT/ty2/54zf9+zQBmaPHq50+M20sSx5bAZST945/WhY9X/thgJYvO8kZO07d + u7pj1zRo+qwW2nxwvFKxUtyqEjlietC6rANYa58qXaYQuNh3Z3Z6elABq0er + i1BuJYmXenCqQc54rU8rXv8AnvB/3yay9W1WC4tRGkcqkOh+ZCBwa0/7ctv+ + eM3/AH7NAGZpEerGyBtpYlTc3DKSc55o8vVv7ZC+bF53kddp27d3THrmjSNV + gtrMRPFKx3McqhI5PrR/asH9si58uXb5GzGw7s7s5x6UAGsR6sLFjcyxNHuX + hVIOcjFanla9/wA94P8Avk1l6vqsFzYtEkcqkspyyEDgjvWn/blt/wA8Zv8A + v2aAMzSY9XNs/wBnliVfMfO5STnPNWIFvl12P7Y6O3kt9wEDGff3qvpOqwW9 + s6PHKxMjn5UJHJqxBex3euxvGjqPJZfmXaeuaAOlooooAKKKKACiiigAoooo + A//W/eOf/kOWv/XJ6frv/IJuPoP5isiXR9PXVYLYRny3jdiNzdR75zTtW0bT + rbTpp4YyHQDB3Me49TQB1EX+qT6CsjRv+X7/AK+pf6UyPQNKZFYxHJA/jb/G + s/TNH0+4+1+bGT5dxIi/MwwoxjoaANO6/wCQ3Y/7kv8AKp9a/wCQVc/7lYtx + o+npqlrbrGRHIrlhubnA45zUmp6Lp1vYTzRRkOi5B3Mf5mgDo7f/AI94v91f + 5VmaR/rb/wD6+G/kKih0DS3hjZojkqCfnb0+tUNO0fT55LtZYyRFMyL8zDAG + PQ0Aal7/AMhjTfpN/wCgirGr/wDIMuf+ubVh3Wj6fHqVlbpGQk3m7hubnauR + zmptR0TTYLGeaKMh0QkHcx5/OgDes/8Ajzg/65r/ACrO0r/j61D/AK7f0qC2 + 0HS5LaKR4iWZFJ+dupH1qnYaPp89xeJJGSIpNq/MwwMfWgDUv/8AkKab/vSf + +g1b1P8A5B11/wBcn/kawLzR9Piv7KFIyEmLhhubnC5HerN9oemw2VxLHGQy + RsQd7HkD60AbOn/8eFt/1yT/ANBFUdN/4/8AUf8Arov/AKDVWz0LTJbSCV4i + WdFJ+dupH1qrZaNp813exSRkrE6hfmYYBGfWgDT1L/j/ANO/66N/6DV/UP8A + jwuf+uT/APoJrnb7R9Phu7KKOMhZXYN8zHIA+tWrzQtMitJ5UiIZEYj526gf + WgDV0v8A5Btr/wBck/lVPT/+QpqX+9F/6DVSw0PTZrKCaSMlnRSTvYckfWq9 + no+ny399C8ZKQlNo3NxlcnvQBqap/wAfWn/9dv6Vo3n/AB6T/wC438q5q/0f + T4Z7NI4yBLLtb5mORj61dudB0uO3ldYiGVGI+duoH1oAv6R/yDLb/rmtVrL/ + AJDOo/SH/wBBqlp2iabPYwTSxku6Ak7mHP51Da6Pp8mpXtu8ZKRCPaNzcbly + ec0Aaer/AOtsP+vhP61qXH/HvL/ut/KuY1HR9Pge0WKMgSzKjfMxyDn1NX5t + B0tIXdYjlVJHzt2H1oAtaL/yCrb/AHf61Fa/8hq9/wByL+VZ+l6Lp1xp8E8s + ZLuuSdzD+RqODRtPfVLq3aM+XGqFRubgkc85oA1NZ/5cf+vqL+ta0n+rb6Gu + V1PRtPt/svlRkeZcRo3zMcq2c9TWi+gaUEYiI5AP8bf40ATaF/yCbf6H+Zpk + H/Icuv8ArklZuk6Np1zp0M80ZLuDk7mHc+hpsWj6e2qz2xjPlpGjAbm6n3zm + gDT1v/U23/XxH/Oto9K5LVNH0+2jgaGMgvMiH5mPB69TWmfD+lf88j/323+N + AC+Hv+QPb/8AAv8A0I0R/wDIfl/64L/6FWXo2jafdabDPPGWdt2TuYdGI6A0 + Jo2nnV5LUxny1hDAbm6k465zQBqa5/x6xf8AXaP+dbNclquj6fbW6PDGQTIi + n5mPBPPU1p/8I/pX/PI/99t/jQAeH/8AkGR/7z/+hGlH/IwN/wBew/8AQ6y9 + H0fT7qwSaeMs5LDO5h0YjsaBo+n/ANsG18s+UIA+Nzfe3Y65zQBp6/8A8g// + ALaJ/wChVtVyWr6Pp9rZ+bDGVbeg+8x4J56mtP8A4R/Sv+eR/wC+2/xoAXQf + +PE/9dJP/QqG/wCRgX/r2P8A6HWXpOj6fc2hkmjLNvcfeYcA8dDQdH08awtr + 5Z8owF8bm+9ux1zmgDU8Qf8AIKl+qf8AoQrZrktY0fT7WwkmgjKuCuDuY9WA + 7mtP/hH9K/55H/vtv8aAF0P/AI9Zf+u0n86SX/kPQf8AXBv51maVo+n3MEjz + RklZXUfMw4B46GiTR9PGrxWojPltEzEbm6g+uc0AaniD/kEXH/Af/QhWwOgr + k9Y0bT7XTZp4IyrrtwdzHqwHQmtIeH9KwP3R/wC+2/xoAXRP9Vdf9fEn9KW4 + /wCQ5a/9cpKy9L0fT7lLhpoySkzoPmYcDp0NE2j6euq29ssZ8t0ckbm6jpzn + NAGvrv8AyCbn/dH8xWnF/qk+grmNV0XTrbT5p4YyHQAg7mPcepq7HoGlFFJi + OSB/G3+NAD9G63//AF9Sf0ryD4q/8hu1/wCvcf8AobV6Zpmj6fcG782Mnyp3 + RfmYYUYx0NeU/Eqyt7HWLaK2XarQAnJJ53N60FRN7wH/AMilqn/XU/8AoK16 + /bf8e0X+4v8AKvFvBFlbTeG9RupFzLFIdpyRj5V7dK9Qg0HS3hjdojllBPzt + 3H1oEybSf9df/wDXw38hRe/8hjTf+23/AKCKy9O0fT55LtZYyRFMyr8zDAAH + oaLrRtPj1KxgSMhJvN3Dc3O1cjnNAjd1b/kGXX/XNv5VPZ/8ecH/AFzX+VYW + o6JpsFjPNFGQ6ISDuY8j8alttB0uS2ikeIlmRSfnbqR9aAJ9L/4+9Q/67f0o + 1D/kJ6b/AL0n/oNZlho+nzXF5HJGSsUm1fmYYGPrReaPp8V9ZQpGQkxcMNzc + 4XI70Ab+p/8AIOuv+uT/AMjXxV+1H97wl/16zf8AtOvr++0PTYbK4ljjIZI2 + IO9jyB9a+Nv2m7SC2l8LyQrhpraZm5Jyf3frX3Hh1/yN6X/b3/pLPm+Lf9wq + fL80fLFfp18Pv+RE8J/9eNv/AOihX5i1+mXw+tof+EE8LHH+ssbfdyf+eQr9 + E8Vf92o/4n+R8nwN/Gqen6nos/8AqJP90/yqpJdw2GltfXBxFbxGRj7KuTRL + Y2yxOyryFJHJ9PrXB/EIxWngueRBiSfykzk/xMCf0Br8Ww1L2lSMO7P0TF1v + Z05VOybPnPVdSuNX1G41O6OZLhy59s9APYDgVn0U5EaR1jQZZiAPqa/T4xUV + ZbH5LKTk7vdmlo2rXeh6jFqNm2HjPI7Mp4Kn2Ir678P6na6xpFtqFm26ORen + dWHBU+4NeD+P/AaaBa2+p6Wpa3VEjnHXa4GN/wBG7+h+tZPw+8Sw6LqYstRP + +g3ZAYkkCN+gf6dj7c9q+czHDwxdFV6O6/qx9RleJngq7w9fZ/1f/M+itQ1S + 00WK/wBTvm2xQKpPqTjgD3J4FfJmva1d+INUm1S8PzSn5V7Ig6KPYf8A166v + 4heJItW1NtP0582Nq2AQch3HBb3A6D8+9WvAvgka5G+pakpW0YmGIdCzkEFh + 7L/P6GlluHhhKLr1t3/Vh5piZ4yusPR2X9XPMqt2F7cabewX9q22a3cOp9wf + 5etQTRPBM8EnDRsVP1Bwajr6VpNWPlk2ndbn2do9/FqsSalB9y5ijcD03DOP + w6VevP8Alh/11WvM/hY0d94d8uYbvs0jIOT3O7/2avz6/wCCoX7WGr/s9eA9 + J+Hnw0uzYeMvGiyubyNv3thp0WEeSPOdssznZG/VQrsMMFI/L8ZSVKpKHZn6 + zgq3taUandH3d8R/2lPgD8JLxtL+I/j/AEbQtQUAm0nu4zdKCMgmBC0oBHQl + cGuS+H/7YP7L/j66t9E8K/E3Q7rUJztit5LpbaWRicBY0n8sux7BQT7V+a37 + Lv8AwSb8Dax4L0/4i/tOXeoaz4j8QRJfPpMVw9tHai4HmBbmVcTyXGCDJh0C + tlfnxuPpPxZ/4JAfAHxZ4Uu5fhDc3vg3xHsLWnnXMl7p7Ov8EyTb5grdNyyZ + XrtbG08t5HUfrgn/AB+yf7oovfuR/wDXRa/DH/gmt+0f8QfDXxW1j9i7483E + txqWkNd2+jyXMheaC408t59lvPMkRjVpIST8qoVGVZAv67/FX4t/CX4MWem3 + 3xO8R2nhqDVZzBbPduyrK6jLKp55AIJpqV1cTPY6p2H/AB6R/j/M184fFb9q + z9mL4I6v/wAI98TvHdho+rKAz2ama6uYwwBUyQ2yyvHkHI3gZHIyK6j4PfHH + 4J/HTTZ734WeLLHxI1ng3EVvKVuIQxIVpIH2yorY4LIAecGncD2df+P9v+uY + /nRff6lf95f518geLf24/wBj3wP4mm8MeIviZpiXkB8uRbbz71I5QcFXltY5 + Y1K9GBYYPBwa9+8EfED4cfFPwzF4u+GmvWfiLSZZPL+0WUwmRXH3kcA5Rx3V + gGHpRcD02qdh/wAey/U/zry/4nfFr4QfBm10+++KfiO08NW+qytBaveSMiyy + IAWVSM8gEE1598Tf2qP2avgneLo/xU8d6fo2q43NZhpLm6RTypeC2WWRAw5B + ZRntRcD6R/5iH/bL/wBmqnr+oWWk6Rc6rqc6W1nZo000sh2pHHGNzuxPQKAS + T6V4h8J/2iv2f/jlqMtj8KfGmn+ILiCHzXtopGjuVXON5gmCS7R3O3A4z1r0 + 7x7o/hi98Fa7Y+KQF0W6sriG/LMQotJI2WbJ7Dyy3NO4jmvg78evhH8ftFvv + EPwh8Rw+IrDTbg2ly8cc0LRTAZwyTpG+COVbbtYdCa9Ssf8AUn/eb+dfDP7C + /wAKv2Vvh74O8Sw/sy+KZPGNje6gjajeTXK3EqSon7qEmOKFQqIxK/Lk5JJP + b7dtLS3kiLOuTkjqe1JDLJ/4/wAf9c/61geNPFXhjwZ4euNf8X6vZ6HpkGPM + ur6eO2gTn+KSRlUfnXl37Qvxg8K/s8fCvxF8V/E0LXFpolsGitkba9zdSuIo + IVJzjfIygnB2rlsEA1+EHwH/AGePjJ/wUs8Uap8dPj74qutO8F6bdNaW8Vsu + C7ZDNbafG4MUMUSsN8pVyzYBDtvZVKXQEftXP+3V+yBb3o0+T4saEZT3S53x + /wDf1QU/8er2j4c/FP4afE6wmvvh14q0vxNBG7F2068hutnP8YjZiv8AwLFf + EcX/AASe/Ywj0xbB/DmoyTqADdNqt15xPqQriLP0jAp/7Of/AATa+Ef7O3xn + l+L/AIU1vUdTSC0ubWysdQEbm1luCFeZZ4hGW/db4wpTo5JYnFCuPQ/RVv8A + j+T/AHD/ADpb/wD49JPw/mKw9ZvdA8PQS6prt5Bpum2sRkmuLmVYYY1B+88j + kKo9ycV8meIP29/2LtCuW06f4o6ZLcbtgNqLm7iznH+tgikjx77se9O4j7aH + Sqln0l/66NXDfD7x58NPit4fTxT8N9esvEmlOxT7RY3AmRXHVH2nKMO6sAfa + vzO/4KXftc6H8LfhXdfDf4WeM0tPiRf6nbwzJpl0RfadZxEzSO7xHMLOUSPa + xDsrnjbk0N2VwtqfrTJ/x+xf7rU69/49ZPpXwr8Gv2zv2Zte8JeAtA1H4m6b + c+JtR07Tba4inmk+0SahLDGjJIXH+saUkHJ69a+09bm0bQ9Iu9Y1S4isLOzj + aWa4nkEcUUa8s7u5CqoHJJOBQmDN9PuL9BVWz/5b/wDXVq+NZP2+P2KodZ/s + CT4o6YboHaXVblrbI/6eViMGPfzMV9TeE9a8LeNNDg8TeFtRt9Z0i/zJa3dp + Ms0EsfZkkQlWH40XBnSS/wDH5B9G/lUl3/x7SfSvEfh78dfgh8WvEd74Z+Gv + iyx1/UtJRnvba2kYyQqG2ZYMARh+D79a9A8b+I/CHw98Kal4z8YahDo+jaVH + 5tzd3DlYolLBQWPuxAHqTincGdnH/q1+gqta/fn/AOuhrzX4X/FD4U/GfQ7j + xF8LvEFp4l06znNrPNaSMyxzqiuUbOCDtdT071D8Rvin8K/g5oyeIvir4gtf + DemXN2LOCe7corzMjSBFxkk7UY/hRcD1Cb/j7tv+B/yqW6/49pP901xEXizw + Pc+GNP8AHsOr2i+Gb+0S+j1GSdY7VrWVBJHL5rkKEZWBBJHWvmXXv29/2LdC + um065+KOmSXGSgNqLm7i3dP9bBFJHj33Y96VwPtSH/Ux/wC6P5VXtv8AXXH+ + 9/SuE+Hfj34bfFbw5F4p+HOvWXiTS3Ow3FjOJlWQdUfaco47qwBHpXHeEPjv + 8D/HHxB1X4W+GPFtjqPivSHuEudNjkYXERtH8ucFSBzG/DDkj6Zp3A9tn/4+ + bf6t/Kpbj/j3l/3W/lVCWzt1mhRV4cnPJ7CvIde+O3wM8O/EOD4Q6v4usLTx + reGJINLeVvtLvcLuiXbyMuCCATyCPWgR7bb/APHvF/ur/Kvy/wDiT/yUHxJ/ + 2Ebr/wBGNX6bQ2Vs8MbMvJUE8n0+tfmP8R1CeP8AxGi9BqFyB/38av1Xwq/3 + mt/hX5nw/HP8Gn6/oafwh/5Kb4b/AOvyOv1Dv/8AjxuP+ub/AMjX5dfCq2Le + PNFup42NnBcq00gB2og6kkdK+59V8XeEoEeLTLaW6kwQH3MiA+vzHP6Vw+LE + 08bSSe0f1ZvwLB/Vpu3X9Ees6X/yDbX/AK5r/Ks2G7tbPUdTmu5kgjBi+Z2C + j7vqa+fLvxRf3ChIVW2AGMpksfqWJ/QCuflmlmbfM7Ox7scn9a/LD7jlPoS7 + 8XaHf6tp2n2ExuJDOuSqnaM8dTjP4ZruLv8A49Zv9xv5V8w+EoEufEdhBIMo + 8nI6cYNfQ1xoOlx28rrEQVViPnbqB9aBNF7R/wDkF23+4Kgs/wDkM6h9If8A + 0E1R03RNNnsIJpYyXdQSdzDn8DUNto+nyaneW7RkxxCPaNzcbhzzmgRqax9+ + w/6+U/rWpP8A6iT/AHT/ACrl9S0fT4GtBFGR5s6o3zMcqc56mr8ugaWsTsIj + kAn77en1oAtaJ/yCrb/d/rUNt/yG7z/rnHVDS9F0640+CeaMl3XJO5h/I1HB + o+nvqtzbNGfLjRCo3N1PXnNAGnrX3bL/AK+ov61sP9xvoa5PVNH0+2W2MUZX + zJ0RvmY/Kc56mqOp3XgvSkb7TcL5g/gSRnfP0UnH40AdLoP/ACCLf6H/ANCN + c9rPiPT/AA7qVzcXjbnaFAka/eY5P5D3NeTX/i5Htlt9OtvLfB3TOxLH6KDt + H45rlbe3v9VuxDbo9zcSnoMsx9z/AI0FKJo6/wCIb/xFeG5vGwi5EcY+6g9v + f1PevS/AfgloCmuaxHiQYMMTD7vo7D19B269ah03wDHpVvb3urES3Tyovlg/ + IgJ9e59+g7etel/8I/pX/PI/99t/jQDYeHv+QRB/wP8A9CNCf8jBJ/17j/0K + szRtH0+606KeeMs7bsncw6MR2NC6Pp51h7UxnyxCHA3N13Y65zQSaeu/8eaf + 9dY/51tVyWraPp9tbLJDGQxkRfvMeCeeprT/AOEf0r/nkf8Avtv8aAF0D/kG + r/vv/wChGj/mYf8At1/9nrL0jR9PurJZpoyzFmGdzDoxHY0f2Np/9s/ZfLPl + fZ9+Nzfe3465z0oA1Nf/AOQcf99P/QhWzXJavo2n2tkZYYyrblGdzHgkA9TW + n/wj+lf88j/323+NAGGPEFh4e02OfUA/lzXEiZQZ2nJOSOuPpVux1bTdW1qO + fTrhJ0+znO08j5u4PI/GvNfGtpBFoNtcIuHN06E5PQA44ry5WZGDoSrDoRwa + Ckj6s8Q/8gmb6p/6EK2q+V7TxJqFspjlxcKcffzuH0IP8816ZpXinwZf4jvI + nsZT/fdmTP8AvA/zAoFY9D0T/j3n/wCu8n86Jf8AkO2//XF/51j6NpmlX9tJ + OAJV811Vlc42jp0NSSaPp66tDbCM+W0TMRubqD65zQI+Gf20P+Ru8Pf9eL/+ + jTXxlX2F+2JY21j4r0BLZdoaycnJJ58w+tfHtfm+c/71P+uh+PcRf77U9f0R + +yPwl/5J7of/AF523/olK+Fv2pfGbeIviGdAt33Wfh+MQgDoZ5AHlP1Hyp/w + E19r/DOxsJPh5ot1eLxFY2+TuIwqwIe1flFrOpSazq99q83El7PJO3fmRix/ + nX9DeFuXqpWliJfYirer/wCAn95v4jZg6eBo4eP29/RJfq19x3Hwo8CyeP8A + xdDpcgP2G2U3N2w7QoQNufV2IUemc9q/XSxt4LSyt7W1jWKGGNURFGFVVGAA + B0AHSvjP9lvwrbQ+BNa8WTp/pF5ciGM56RwKD+rO2fpX17HommtGrGM5IB+8 + 3+NcXH+ayr450U/dhovXq/0+R7Hh/lMcPgVWa96pq/Tov1+Y/SvvXv8A18P/ + AEouv+QtZf7sn8q+Pvi38ZLnwH48s/D2lwxy2lq6yX4YFnMbuP3anI2sEBOf + 9oV9VCy0u4uLF7T95bXUbSBgxIZSoKkH0INfM4zKa1CjSr1F7s1df1+J9Pg8 + 3oV61WhTfvU3Z/P+rG7qv/IOuP8AdNWrb/j2i/3F/lXxb478afEofFrVvh74 + DjtGSziimjE4+YKYI5HJZmAPLHFQ6p4v+Ofw6tovEXjnw/ZX+hhkWdrd8Ogc + gD5kc7cngFlK546kV6kOFK8owtOHNNJqPNaTvto+p5c+K6EZTvCfLBtOXLdK + 2+q6H2Rpn+uvf+ux/lRegHU7AH/pr/6DXgHjzxvFYfCW8+IfhHaxdrZ7YzAs + BHM6KQy5+8ASDzwa9A8Ey/2/4X8LaxfoPtGq2aTz7chS7RhjgZOBk15FXLKs + KH1iWi5nHzuldnsUszpTr/V4u75VLys3ZanwZ+0V8NovAHjY3WlxeXpGtBri + BVGFjkB/exD2UkMB2DAdqyPgD40fwX8StNlkk2WWpsLK5B6bZiAjH02vtOfT + PrX2J+014MsL34X3OrW0WLjR5op1OSTsdvKcc9sPk/SvzTVmRg6nDKcgjqCK + /ceGMUszyp0q2r1i/wBH62a+Z+F8UYX+zM2VWhotJr9V6XT+R+2Onf8AH3ff + 9dB/Ki//AOP+w/3n/lXG+Bms/Evh6x1qZM/bLa3n4YjBliVyOPc10N3pVjFd + 2kSIQsrMG+Y84FfgNWm4ScJbo/oClUU4qcdmbmof8eFx/wBc3/kaLD/jxtv+ + uaf+gisu80fT4rSaVIyGRGI+ZuoH1otNG0+W0hleMlnRSfmbqR9ag0LNj/x/ + 3/8AvJ/6DRqP/H3Y/wDXQ/yr8Y/+CrPxOi0nTvDnwY0mUpLfTHVr0KxyIIQY + rdT6q8hkbnvGKyv+CU3xPjvH8S/BbVpSxWRdYsQzHJRgsN0o+h8lgB6sfWgS + P2+vP+POf/rm38qj03/kH2/+4v8AKs+50bTo7aWRIyGVGI+ZuoH1r8BP+CrM + a2/xh8FmElfM8Nxs3J5Ju7igD+gKy/5CeofWL/0GjUv9dZf9dh/Kv5r/AAR/ + wTk/aL8f+FtI8YaDc6MLDW7G01G3E17Iknk3sKzR7lEJAbawyMnB7muP8b/D + P9rP9ijVdN8QX13d6Da3MoS3vLC7+0afPImW8mVAShJAJ8uVBuAJAODgGf1I + XP8Ax7S/7jfyqtpX/IOt/wDcFfJH7Ifxz0n9pP4NR+Mru1Sz8QaXI9jqsETt + 5Yuo0VxLGCSRHKrBgDnB3Lk7cn8R7tnP/BRW1i3sFf4j2iEAkZVtUQEceoOK + BH9NFr/yFr36R/yo1X71l/18J/Ws6DSrF9QuoGQ7Iwm0bj3HPei/0qxga2Ea + EeZMqt8xPB/GgDo5v9U/+6f5VkaVe2aWttZvPGtw6ZEZYByMnkLnNfi//wAF + If2n/FnhPxjF8BPhbdz6M0VtHLrF1buRcTNdKGito3HzIojIZyuGfeF4UHd8 + 4Q/8Ez/2n9S8Dr8Q/N019Vli+1DSpLuX+0zgZCljF5Im/wBky+xbPFAH9GkH + /IXuv9xKNX+7a/8AXxH/AFr8Pf8AgnF+014w1P4jL+z98UL241a21CCf+ypb + t3a5tbm0Qyvbs7fMYzEjkBiSjKFXhsD9sdR0qxgW3MSEb5kU/MTwc570AdK/ + 3G+hrN0X/kGQfRv/AEI1G2iaaFJEZ4H95v8AGqOl6TY3FhFNKhLtnJ3EdyOx + oA0Iv+Q1P/1yX+deY/tAf8kk8Q/9cP613selWLanLblD5axqwG49SfXNeZ/H + fTLO0+FHiGWBCrfZyPvE8Z96wxX8Kfo/yOXH/wACp6P8j8mq+8/2JvueMvrp + /wD7cV8GV9y/sZafaX6eL/tSFthsMYYjr9oz0+lfFZD/AL1D5/kz814X/wB+ + p/P8mfcSf8h+T/r3H/oVGu/8eaf9dY/51lro+nnWHtTGfLEIfG5uu7HXOaNW + 0fT7a2WSGMqxkRfvMeCeepr9EP1w62vlvxV/yFn/AN0fzNfRX/CP6V/zyP8A + 323+NebyfD4a+x1Fb77Puyuzy9/3SR13D+VA0y58Nv8AURf9cZP/AEbXe6// + AMg1v99P/QhXKaJ4VttKul0m4k+0qIWk3AFOS+OgJ7e9a+r6Pp9rZNNDGVYM + ozuY9SB3NAM62sbQv+PN/wDrrJ/Ok/4R/Sv+eR/77b/GszSdH0+5tmkmjLMJ + HX7zDgHjoaBGm/8AyMEf/Xuf/QqXxB/yCZ/qn/oQrLbR9PGsJaiM+WYSxG5u + u7HXOaNY0fT7XTpZ4IyrrtwdzHqwHc0AdbWLof8AqLj/AK7yfzo/4R/Sv+eR + /wC+2/xrM0rR9PuYZmmjJKyuo+ZhwDx0NAGpN/yHbf8A64v/ADp2vf8AIIuP + oP8A0IVky6Pp66tDbCM+W8bMRubqD65zS6vo2nWunTTwxlXQDB3Me4Hc0AdU + n3F+grI0X7t5/wBfMv8ASmr4f0oqCYj0/vt/jWbpmj6fcLcmWMny55EX5mHy + jp0NAGpc/wDIbs/+uclSa3/yCrn/AHf61jz6Np6apbW6xny5Eckbm6jpznNP + 1TRdOttPnnhjIdFyDuY9/c0AdLB/qI/90fyrK0f79/8A9fMn9Kji0DS2iRjE + ckA/fb/GqGm6Pp9w12JYyfKndF+ZhhRjHQ0Aad5/yGtP/wB2X/0GrGsf8gu5 + /wBw1iXOj6fHqdnbrGRHKJNw3NztHHOam1LRNNgsJ5ooyHRSQdzHn8TQB0Fr + /wAesP8AuL/Ks3Sv+PjUP+u5/kKgt9B0t4I3aIksoJ+dupH1qlp+j6fPNeLJ + GSIpSq/MwwMfWgDTv/8AkLab9Zf/AEGreq/8g26/65t/KsG70fT4tRsYEjIS + YybhubnauR3qfUND02CxnmjjIdEYg72PIH1oA3LD/jxt/wDrmn8hWfpn/H7q + P/XUfyqvaaFpktrDI8RLOik/O3Uj61UsdH0+a6vY5IyVikAX5mGBj60Aamo/ + 8hHTv99//Qau6j/yD7r/AK5P/wCgmuevdG0+K9sokjIWVmDDc3IAz61avdC0 + yKznljjIZI2YfO3UDI70Aa2m/wDIOtf+uSf+giqen/8AIS1L/fj/APQaqWOh + 6ZNZW8skZLPGjE72HJAJ71Ws9H0+W9vYXjJWJkCjc3GVye9AGnqn/H5p3/XU + /wAq0L7/AI8rj/rm/wDI1zl/o+nw3NnHHGQsshVvmY5GPrVy60LTI7WaRIiG + RGI+duoH1oA0dJ/5Blr/ANc1/lVWx/5C+p/9sf8A0Gqen6Jps9jBNJGS7opJ + 3sOSPrUFpo+ny6jfQPGSkPl7RubjcuT3oA1NW/1+n/8AXdf5GtK6/wCPaX/c + b+VczqGjafBLZrHGQJZgrfMxyMH3q9PoOlpBI6xHKqSPnbsPrQBd0b/kF23+ + 4Kr2n/Iav/8Adi/lVHTdE024sIJpYyXdQSdzD+RqK30fT31O7t2jJjiEZUbm + 43DnnNAGnrP3rD/r6j/rWtN/qZP90/yrltS0fT7c2gijI82dEb5mOVOc9TWh + LoGlrG7CI5AJ++3+NAFjQ/8AkE23+6f5mo7f/kOXf/XOOs7StF0650+GeaMl + 3GSdzDv7GmQ6Pp76rcWzRny40Qgbm6nrzmgDU1r7lp/18xf1rYb7p+lcnqmj + 6fbrbGGMjfOiH5mPynr1NaTeH9KAJER/77b/ABoAfoH/ACCLf6N/6EabF/yH + p/8Ariv86zdI0bT7rToZ5oyzuDk7mHQkdjSR6Pp7avLamM+WsSsBubqT65zQ + Bp65/wAe8H/XeP8AnW1XJaro+n20MTwxkFpUU/Mx4J56mtP/AIR/Sv8Ankf+ + +2/xoAXw/wD8gmH6v/6EaF/5GB/+vYf+h1l6Po+n3WnxzzxlnYtk7mHRiOxo + XR9POsNamM+WIQ+Nzdd2Ouc0Aamu/wDHkv8A11j/APQq2a5LVtH0+2tRJDGV + Yug+8x4J56mtP/hH9K/55H/vtv8AGgA0D/kHD/ff/wBCNB/5GIf9ev8A7PWZ + pGj6fdWYlmjLNuYZ3MOAcDoaP7H0/wDtkWvlnyvI343N97djrnPSgDT8Qf8A + INf/AHk/9CFbVclq+j6fa2LTQxlXDKM7mPUgdzWn/wAI/pX/ADyP/fbf40AL + oX/HpJ/11k/nQ/8AyH4v+vdv/Qqy9K0fT7m2eSaMlhI6/eYcA8dDViCwtbLX + Y0t1KjyWbqTznHegDpaKKKACiiigAooooAKKKKAP/9f9z5V1n+1YAzQed5b7 + cBtuO+e+adqy6yNOm+0tAYsDdtDbuo6ZpsurWjarBcAPsSNgfkOcn2p+rava + XGnTQxh9zAYyhA6jvigC7Guv7F2vbYwMcNWfpi6wftf2doB/pEm/cG+/xnGO + 3pWjHrtiEUEScAfwN/hWdpmrWkH2veH/AHlxI4whPBx1460AFwusf2pah2g8 + 7a+zAbbjHOak1NdaFhP9oaAx7fm2hs49s1HcataPqlrcAPtjVwfkOeR2FS6n + rFnPYTwoH3OuBlCB+eKALUK6/wCTHse327RjIbOMVQ05dZ8y78hoAfObfuDf + e4zjHar8OuWSwxqRJkKB9xvT6VQ07VrSGS7Lh/3kzMMITwcdaAC6XWP7SsvM + aDzf3uzAbb93nP4dKm1FdbFjP57QGPYd20NnHtmobrVrSTUrKdQ+2Lzc5Q5+ + ZcDA71PqOs2c1jPEgk3OhAyhA/PFAEtsuvfZovLe327FxkNnGOM1TsF1j7Re + eS0AbzPn3BsbsdvarttrdlHbRIwkyqKD8h7D6VSsNWtIbi8dw+JZNwwhPGO9 + ABeLrH2+y81oPMy+zAbH3ec/hVm+XXPsVx5zW/l+W27aGzjHOKrXmrWkl/Yz + KH2xF85Qg8rjgd6s3+tWctlcRIJNzxsBlCBkj6UALZrrv2SDynt9mxduQ2cY + 4zVWyXWPtd75LQb9679wbGccYq3Z61ZR2kEbCTKIoOEJGQPpVSy1a0iu72Rg + +JXUjCEngd/SgAvl1j7XZec0Bfe2zaGxnHerV4uu/ZJ/Ne32bG3YDZxjnFVb + 7VrSW7spED4idicoR1Hb1q3ea1ZS2k8aiTLowGUI5I+lADLBdc+xQeS1uI9i + 7dwbOMcZqvZrrH2++8poPMym/IbH3eMVZsNZs4bKCJxJuRFBwhIyB9KrWerW + kd/fTMH2ylMYQk8LjkdqAC/XWfPs/OaAt5vybQ2N2O+e1Xblde+zy+Y9vt2N + nAbOMc4qlf6taTT2boHxFLuOUI4x2q7c63ZPbyookyyMB8h7j6UAQacut/YY + PIaAR7Bt3Bs498VDarrH9pXojaDzcR78htv3eMfh1qfTtZs4bGCJw+5EAOEJ + H54qC11a0j1O9nYPtlEeMIc/KuDkY4oANRXWA9p57QE+cuzaG+9zjOe1X5l1 + /wAmTe9vt2nOA2cYqhqWrWk72ZQP+7mVjlCOBnpV+bXLJoZFAkyVI+43p9KA + KmlrrR0+D7O0Aj2/LuDZx74qOBdZ/tS6CNB5u1N2Q23GOMd6k0vWLSDT4IZA + +5FwcISPzxUcGrWiapdTkPtkVAPkOeB3FABqa6yPsv2hoD/pEezaG+/zjOe3 + rWi6+INjZe2xg9mrO1PVrSf7L5Yf93cRucoRwM5xx1rRfXbEowAk5B/gb/Cg + ChpK6ydOh+zNAIsHbuDbup64psS6z/as4VoPO8tN2Q23HbHfNP0nV7S306GG + QPuUHOEJHU98UyLVrRdVnuCH2PGgHyHOR7UAGqLrAjg+0tAR5ybdob73bOe1 + ae3xB/ftvyeszVdWtLiOBYw+UmRjlCOBWmddsfST/v23+FAGZo66wdNh+ytA + IvmxvDbvvHOce9CLrH9ryANB53kjPDbdufzzRo2rWltpsMEgfcu7OEJHLE9c + UJq1oNXkuSH2GEL9w5yDnpigA1VdYFun2loCvmJjaGznPHXtWnt8Qf37b8nr + M1bVrS4t0SMPkSI3KEcA1qf29Y+kn/ftv8KAMvR11g2CfZWgEeWxvDZzuOel + AXWP7YI3Qef5A7Nt27vzzmjR9WtLawSKQPuBY8ISOWJ60DVrT+2Tc4fZ5AT7 + hzndnpQAauusCz/0poCm9PuBs5zx1rT2+IP79t+T1mavq1pc2flRh870PKED + g1qf29Y+kn/ftv8ACgDL0ldYNofszQBN7/fDZznnpQV1n+2FBaDz/IPZtu3d + +ec0aTq1pb2hjkD53ueEJ6n2oOrWn9sLc4fYICn3DnO7PSgA1hdZFhJ9qaAx + 5XOwNn7wx19609viD+/bfk9ZmsataXOnyQxh9xK9UIHDA9a1P7esfST/AL9t + /hQBl6UusGCT7M0AXzXzuDZ3Z56dqJF1j+14gzQed5TY4bbtzznvmjStWtLe + CRJA+WlduEJ4Jok1a0OrxXID7FiZT8hzkn0oANYXWRps32poDF8udgbd94Yx + n3rSC+IMDD235PWdrGrWlzps0EYfc23GUIHDA9cVpDXbHA4k/wC/bf4UAZml + rrBS4+zNAB5z7twb73fGO1Ey6x/atuGaDztj7cBtuO+e9Gl6taW6XAkD/PM7 + DCE8GibVrRtVt7gB9iI4PyHOT7UAP1VdaGnzfaWgMWBu2ht3Xtmrsa6/sXa9 + vjAxw1UtW1e0uNPmhjD7mAxlCB1HfFXo9dsQigiTgD+Bv8KAM7TF1gm7+ztA + P3779wb7/GcY7V5T8ShejWLb7cUL+QMeXnGNzeteraZq1pAbveH/AHlw7jCE + 8HHX3rz/AMdWM+v6rb3Gnj5Eh2HeCpyGJ6Y96Bob4IF7/wAI3qJhMfkeYd4b + O77q9O1eoQLr3kx7Ht9u0YyGzjFef+GYJNG8P39hegiWd9y7QSMYA5OB6V6D + BrlkkMakSZCgfcb0+lAMoacus+ZeeQ0APnNv3BvvYHTHai6XWf7SsfMaDzf3 + uzAbb93nP4dKNO1a0hkvGcPiSZmGEJ4IHWi61a0k1KxnUPti83OUOfmXAwMc + 0CJ9RXW/sM/ntAY9h3bQ2ce2altl177NF5b2+3YuMhs4xxmotR1mzmsZ4kEm + 50IGUIHPviprbW7KO2iRhJlUUHCHsPpQBSsF1j7ReeS0AbzPn3BsZx29qLxd + Y+3WXmtB5m59mA2Pu85osNWtIbi8dw+JZNwwhPGO/HFF5q1pLf2Mqh9sRcnK + EHlccDvQBZvl1z7Fcec1uY/LbdtDZxjnHvXxt+02LsS+F/tJQr9mm8vbnO39 + 31z3r7Jvtas5bK4iQSbnjYDKEDJH0r43/abuoriXwskecxW0ytkEc/u+nrX3 + Hh1/yN6X/b3/AKSz5vi3/cKny/NHyvX6ZfD77T/wgnhblP8Ajxt9vX/nmOtf + mbX6ZfD65j/4QTwsOf3djb54/wCmQr9E8Vf92o/4n+R8nwN/Gqen6ndyi98p + 9xjxtOcZ9K84+JcV0/g7edvlxyRNxnOOgz+dejS3sLROoDZKkdD6Vz/iK3j1 + fwxd6WoYySQ/Jwfvphl/UCvxnBVFCtCT6NH6Bj6LnRnBbtM+R6lhkaCZJgOY + 2DfiDmoiCDg04jjcOnSv01n5Qj7KlU6vpZ8zyprW7izjB+ZHXP8AKvlXxP4e + uPDmpG1ly0Mg3wv/AHkP9R0P/wCqvRvh949gsrQeHtZbbGMiCU9Bu/gb2z0P + 4dK9fmttH1C3hj1O0S68ofL5kYcAnrjI718TRrVMBWcZK8X/AFc+9rUKeY0I + zg7SX9W/yPlrwv4duvE2qx6fb/Kg+aV+yIOp+p6D3r6jeFdHsIIlEcNraAbc + ZwqoM5P4daNNttJ0ue4On2iWyy7ciKMLnA7gD3ryb4jePLW9gbQdHYuucTy9 + Bx/Avr7n8KK9epj6yhBWiv6uOhh6eXUJTm7yf4+S/U8bupzdXU1yRgzOz4/3 + jmoCckmnKMAueg6fWmV9slbQ+Bbb1Z9D/CSO4XQrhoto3zsfmz02qO30r8MP + 21rebx7/AMFSvhr4O1zZNZQXPhey8uQZjNvJd/aJEweoYysD9a/fPwRapouh + WtrKCJDGHcYOQzksQfpnH4V+Cv8AwVDtNR+EP7Yvwt/aNtLSSfTtmm3Qx8u+ + 80K882SIN0G6JocZ9T6V+Y5pVU605La5+rZXScKEIvex/Q2RfYPMf61XtBd/ + Z08spt5xnOetYfhHxz4b8eeFNJ8aeF7n7bpGuWkN5aTKOHhnQOh9jg8jqDwe + a27W7iit0V85XOeOOtcx2WP56P2oLefwP/wVv+Hut6SUhude1TwvJL5XGftU + iWEu73aNTnuQa9r/AOC1/wBo/wCFcfDPziuP7Wvcbc/88E9a+fLTW7T9rL/g + rNYeJfB4a68O+EtSt7gXK/Mn2bw6i/vwR/yzmu0AQ9xIvrX0H/wWvuI5vhx8 + MwmeNWveox/ywSsejLPSP2U/+CcHwW1T4R6F8Rfjro7eOfGvjS0j1e9uNRvL + oiE36ecI1EUiBnCuDJI+9zJuIYDAr8t/2uvgHffszftWWfw4+AOpXmiWnxE0 + 23jsokuZA0cGsTS2E1m8uS7xNJGfvZO1gCSRuP8AT/8ADO5tYfhx4UhjUqke + k2KgBTgAQIABX4hft6Mh/wCCkP7OocZVT4YDAjOR/wAJBcGqlFWEmfa/gX/g + lz+yh4Z8Iw+FfEPhYeJtVNsFu9Uuru6SeWU/eeNYZUSIA/dCKMADcWOSfgb9 + h/R9T/Zs/wCCh3j79m/StRluPD95HdwLHJz5otVW8spZMADzI4WZSwAB3twM + jH9BguohdtJg4KAdDnrX4L+CJFf/AILO+JpBnB+1dv8AqDJQ0lawHef8Fr/t + H/CuPhn5xXH9rXuNuf8AngnrXdfsk/8ABOH4Oa18KND+KXx50t/HPjTxnbR6 + vdSajeXJSD7YPNVAsUieY5RlMrylyXztIHFcL/wWvuI5vhx8MwmeNWveox/y + wSv13+FU1va/DPwpbopVY9KsgoUcACFMAUW95h0P55/28PgV4d/YW+Ofwx+M + nwEEugW9/NNdJZpLJMltc6c8RkCNMzOYriOba0bMw4cZ2ttH9A3xhlnuPg54 + xuAyNFJol+ykAgkNbOR1r8c/+C28qzaX8JGTOBNrI5GP4bSv1++J11FJ8CvE + yKDn/hHrzqP+nRqaWrEflz/wRV+0/wDCoviH5JXH9uwZ3Z/59V9K/Zu0F35X + 7spjJ6561+Mn/BFW4jh+EXxDV8867B0Gf+XVa/Zu1uoo4trA5yTwDThsEtz8 + af8AgtJ4g1Gz+D3gXw15hWLU9be4kCZCsLS3cKG9eZsgeoz2r9Cf2TfCcPgr + 9lb4XaDYJDHAvh3TbmTyhgNPeQpcTPxwS0sjMT3zmvjL/gr98Pr/AMa/s5WH + jHR4XmfwXqsN1cgD7tncq9vI2OvyyPESewyTwM17R/wTt+Onh74w/sq+FtIs + 5duteBrW30HUbdjlkNmipbyeuyWFVIOMbgy8lSaS+IfQ9H/aL/bT+EH7Lmt6 + R4e+Kdxdx3mt273VuLO0a4XykfYSx3Lg56CvMPhJ/wAFJf2c/i/8QNG+GPgu + 41Nta8QTtDbC4sGjiLhGc7n3nAwp7V9aePfhD8GPineWuo/ErwRpHim6sozF + BLqenw3bxRsdxVGlRiqk84Hevws1zwd4N+Hn/BXjwd4c8DaJZ+H9Gt5rJ47O + wt0t4EaTTnZiscYVQWJycDk0SbQrI/av9oj4BeFf2lfh3d/Crx7JLb2F5Jb3 + C3FmypcQSW8ocNE0iuoZhuQ5Ujax4zXzpbf8E2v2MPC3hdtK1DwRb3KsnlyX + t5f3Zunb++JPORUb/rmqj2r5n/4KR/tP/GTSfix4I/Zc+AmqSeH9Z8XR2hud + Qt3MV00mpXL2ltbJKAWhXcu93T5zlQCAGDXdD/4JDfC/ULGLUvjD8RfE/ivx + AVBmmglit4C7feA+0RXMpAPcyAnrgdKHq9h2Pn79hPTbv9nr/gon49/Z88Ka + s974Yvre9hRWcSJKlsq3lnI5XhpIomaPcMZ3NwM4Gv8A8Fdfgb8LvBfhLRfi + v4a8Pw2HirxP4jlTUr6OSYvc77eSRtyM5jHzKDwoP4Zry/8AY38FeCfhd/wV + F1TwB8P7i4u/D/h06zY20ly6yzkw2pSUO6KikrKGHCjgc85r6o/4LOyq/wAD + vBAAP/Iyu3T1tJqj7LH1PpP4H/sNfst/8IR8O/HI+Htj/bzaXpWpi68+73fa + /Jim80jztu7zPmxjGe2K+OP+CoXxJ8afFH41fD79i7wtqC6VY61LZXOpzFyk + Ms17MY7cTgEZitkQzFTwxYHGUU1+uvwNu4W+DXw5lQlkHhzSuQM5zaRcivwG + /b88A+G/FX/BR/RvDvxH1K40vwz4zi0SOS6iZInt4JV+x7leVWRQJoySWUgZ + Oaqewkfpnov/AATb/Yn07wMnhC90W21K7MGyTV5tTmXUHlIx5wZJViRgTkKs + Yj4GVPOfiP8A4J/eJPFP7OH7avjX9jwawNY8MalNeizMjlkE9lEbqC4jA+VX + ltQRMFADELydgr3kf8EaP2bMDPjDxb/39sf/AJDr1v4Bf8Ez/gf+z98V9F+L + /hjxH4i1DVfDz3Jt4byW1a3b7RbyW7eYIrZHOFlYjDDnGeOCcr7AfE3wzgm/ + Zp/4K5674T+W00n4gTXaRnkRGPWohfwqg9Fu1EI9CDjivor/AILDfFLUNA+C + nhv4OabIH1Dx9qavLDFkvJZ6cVkK4/2rh4CvrtOPbxv/AIK3aPe/D74t/Bz9 + prw1GRe6XOtrK+NoE+mXC31mCe5bfMPotYnjTWbH9sn/AIKheE9O0lzf+Dfh + 5Z2d7uAzG0VnGL9mZenz3c0cDeoA7YpPqh+Za/4JgXviP4AftPfFL9k7xbOg + uZo/PgLZCSXOmt96NcnHn203md/ljHPHK/8ABWDV9W+KHxv+EH7M2gSg3l/M + J3RclftGr3KWduWH/TMRSH2D5PGKk/buJ/Zu/b1+Ev7UWnq1vpmuG2XU5ACC + 5siLO+Gf9qwmjUZ7g9ag+Dxi/aN/4K1eL/iA/wDpWh/Dtrx4SBui/wCJbGum + QbT/ALU7mdcdSCRxS6coeZ+sfxp/Zm8CfGz4M2nwD8S+bY6BapZR2klkypcW + y6fs8sxtIjqD5amM5Ujax46V4daf8E2f2MfC/hh9K1DwPbXKtGUkvb2/vDdO + 2PviTzkVG/65qo9q+Zv+Ckn7T/xj0v4reBv2WvgLqknh/WfFiWrXGoW7mG6a + XUrlrS2tklA3QruXe7p85yoBADBrug/8EhfhdqNlFqPxj+IvifxX4gK7ppoJ + YreAueSB9oiuZSAe5kBPXA6Ve72FY+e/2EdOu/2fP+CiPjz9n7wnqz3vhfUL + e8iRWcOkqW6LeWcjleGkiiZo9wxks3AzgN/bSsr/APZB/b68E/tQ6JEYtD8U + Tpc34iB2tJEFtdTiAHeS2kWQZ6yOTjiuI/Y18F+Cvhd/wVD1PwD4AuLi70Dw + 7/bNjbyXLrNMTDalJQzoqKdsocDCjgc85r9Sf+CjvwWj+Nn7MHicadbmbXfC + LDXtPwuXP2RG+0xjHJ327SYXu4T0FSloN7n3Dea9Y2+kL4nuL23XS4rd7w3Q + bMIt1j8wylv7uz5sjtX4J/8ABP8A0jVP2pP20/iT+1n4igLWGhvcT2YlGfLn + 1APb2cQzwfIskdf9k7D6VmXn7ZMlx/wStg8Otek+LRcHwI3zfObQJ5m/HXYd + P/clv7/5V+lH/BOT4PxfBf8AZQ8O219bmHW/F6vr1/lSGDXqr9nQ55Gy2WIE + Ho27pk073aFax9Y+LPE+r6M1rZWRWPzIhJv27jjoB82R254rwK58MaDe6rc6 + 1eWaT3l3I0srvlgzudzHaTtGSewr6qvLLRtWtoYdTt/O8oDBwwI45wVwa+Av + GnjPxDpXi7WtM0268q0tbyeKJDGjbURyFGWBJwPXmvp+Gcmx2MqVIYKryaa6 + tXXbRO542c5jhcNCMsTDm100T/M9ujjjiQRxKEVegAwB+Ap9eMfD/wAYa5rH + jTR9L1i58+yubhUmQRoCyHqAVAI/CvrLWvBengNPok8gxz5UyNj8HA/mPxrg + 4i4dr5bVjTxEk3JX0u+vmkdWUZxSxkHOkmknbW36NnmlFW7qxvLIgXULR56E + jg/Q9DVSvnz1ixa3VxZXCXVpIYpYzlWHUGttvF/iV1KNqMpDDBGe35Unhezs + r7V44dRjMtuASygkEjI/u4NerTeHPA3lP5dhIG2nB3TdccfxUCbPKI/FniSG + NYotQlVFGAAegpF8VeIkkeZb+UPJjcc8nHSvU7Pw74JNrEbmxdpdo3EGbBP4 + NimQ+HfBn224Eli5hATyxulyOPmz82fzoFzHl8nirxFMUMt/K2xgy5PQjvUh + 8X+JmBU6jKQfevTLzw74MDW/2axdQZV35aXlO4GW/lzVp/DvgTY2ywkDYOOZ + uv8A31QFzyWLxX4jhjWKLUJVRegB6Uw+J/EHmNMNQmDuACwYgkDp0r1Wx8O+ + CjaRm6sXaXHzEGbBP4NimxeHvBn26YPYuYNq7BmXIPf+LNA+Y8dutT1K94vL + uWcf7bs38zVGvcL3w/4NAh+y2Lr+9Xfky8p3HLf/AF6ut4e8CbTjT5M49Zv/ + AIqgOY8CrY0zX9W0fcdNnEBYYJCISR7kg161p/h/wYbOM3di7zYO4gy4PPs2 + KRPD/g37fIGsXMGwbRmXIbv/ABZoFzHm83jTxPcKqzXxYKwYfIg5HQ8LUv8A + wnfiz/oIN/3wn/xNeh32geDQkf2WxZW8xd2TLyvcctV7/hH/AAJ/0D3/API3 + /wAVQF0eUW/jTxNaxLBBfFEXOBsQ9TnutA8Z+JhObkXzeaV2ltidOuPu16Vp + 2geDTZx/bLFnm5yQZSOpx0bHShdA8Hf2gwNi32fyxhcy53Z6/ez0oC6PNZ/G + fia5QRzXzMoIbGxOo6fw1L/wnXiz/oIN/wB8J/8AE16Lf6B4O8lfsliyvvXJ + Pmfdzz1NXv7A8C/9A5//ACL/AI0BdHk0HjPxNbRiKC+ZUBJxtTvyeq0f8Jl4 + m8/7V9ubzduzdtT7uc46etemafoPg77MPtdizyZbJHmHjPHQ+lH9g+Dv7R/4 + 8G+z+V9395nfu6/ez0oC6PM5/GXia5j8qe+ZlyDjanUdO1S/8Jz4r/6CDf8A + fKf4V6PqGheDhbH7JYMkm5eT5g4zz1b0q9/YPgX/AKBz/lL/APFUBdHiV5rW + qahbra3k5liRy4UgDDHqeBWXXf8AijTtGs9JgksbcxXDTsGb5sFMHA5OK4Cg + pBRR14Fb9j4a1W9IJiMEZ/jkVgPyAJ/SgDOsdT1DTJfO0+4e3bvsYgH6jofx + rvNK8deIbq+iLWwvp1UoNiHcQepIXj+VaOheEvDsKmXVzNdSKxAVVZY8D1xz + +v4V20FzpNjqMJsYPIgSJhtSPbyT6Ac/Wgls+Ev2vJNQm8S+HZtRQRO9i5CA + YKjzTw3JGfoa+Q6+wv2xb2G98V6A8O7C2Tg7lK/8tT618e1+b5z/AL1P+uh+ + OcR/77U9f0R+snhg6mvwZie0Me1dGBw2d2Rajpivyrr9afh1PZyfDTSdOug+ + 250+BG2qT8rwIpr8nru1msbuayuF2y27tG49GQ4I/MV/TfhPUXsq0evu/kzh + 8TKb5cNLpZ/ofpN+z9Hdr8E9NaIx+Q73RcYO/P2hx9Owr3me41OxsZL65mt4 + re3jMjswbCoi5JP0Ar5e/Zk8S2938L7/AMPuT9o0+7fAAyBHMFdSfTLb/wAq + 6z9ozx7Fofwyn0myZlvNbK2a8EHyiMzH3BUbT/vV8hmmWTrZzUw3WU39zd7/ + AHan3eVZnCjk1PE9IwX3pWt9+h4p4B8Fah8YtN+Ivjm5iQz62ZLezD5yroVn + UL6YKxLn0BHrXsX7Pfi2/wDE/gfS7J5EN7oZksSHzkJGoMZYemwhR7qa858H + fDD4x+H9Bg07RfGS6Rb/AOsNssBbY8nzMCdpyQTg1mfCf+0/hV8brrwn4kuh + dLrsPmiZEKLLMQzqwUgY58xMY69K+lzaNLF0MRTpVYy5bSgle6UVyvdJfDrp + 1R8zlLq4SvhqlWlKPNeM5O1m5PmWzb+K61WzM7xj4ztPAX7SGua7r6vJH9mi + hYW6hjmS1hxgMy+nPNa/jv48r8TPDM/w+8EaPd317qwSI7oQCqKwbICu5J4x + k4A654rUE1vc/tU67IybkksVADL3+ywjoa+v7TUtOt4ESONk+UA7YyOQPYVx + ZlmWGw8sLUnRcpqnBp81ltppbo/M7sty3E4mOKpwrKMHUmmuW731s79fQ+Sv + iB4Z1Pwf+zdP4bvHjZ7FrVZ8EkiVp1Zgp6EAnGa9s+GA1H/hAfBe1o8nTovK + zngeUud34elcR+0NeQv8JvEEa7sy3Nsw4PTzk6+ldv8ADC/gXwD4LJDfuNOh + DfKe8Sjj1rycbXlVypVZ7yqyb+cUetg6EaWaulDaNKKXopMn+McWpv8AC3xO + LtoTELGUnAbOQMjGfevyYr9Qf2i/FlnYfCfVraMss2pNFax7lIBLuGYc/wCw + rV+X1foXhlSksHUk9nL8kj878T6sXjKcFuo/m2fqv8EP7Tf4a6Gbcxj/AESE + HfnoFwvT2r0q7XVftdp5rQl9zbMBsZxzmuR+GiReHfB2laVcK6yW9nbIwCk/ + OsSh8/8AAs1113qdtJeWkih8RsxOVOeR2r8czKop4ipKOzk/zP2XLabhh6cJ + bqK/IsXi6x9km81oSmxt2A2cY5xRaDWPskJjeAJsXGQ2cY4zReatay2k0ah8 + sjAZQ9xXyz+2J8aYfhB+zT4l1mylaHV9QtV0mwOCp+03q+XuQ/3o498o/wBy + uI7T8RPHV3f/ALZP7bzaXYS/aNP13WU0+3eMnaulWPyvKncAwxvN9WNX5VuP + 2Lv26iFxaaPo2sAjqY/7G1Jc/wDAvLgl/wC+09Rx6Z/wTFn+FvhH4g+Jfif8 + SfE2laFNplmljpseoXkFs7yXbFppUWV1PyJGEz0/eEfToP8AgqFffCnx3r3h + D4n/AA58U6Trt6YJdK1GKwvYLiVUjYzW0hSJ2bHzyqWI4+QZ6UAfvNMdWktJ + JPMgeJkJyu45Ujsfp0r8A/8Agq15/wDwuHwX5xUj/hG49u3P3ftdx196/UL9 + iL40Q/Ff9mXw5c30rTavoUDaLfHBY+bZKEjZj3LwGN2J7sa/L7/gq3Mk3xh8 + FhM/u/DcanIxyLu46UAfsV+zINRPwE+HH2Zogf8AhFdAzuB6f2fFtxj2618k + f8FO/iR4V0n4D3Hw51m/s7jxJrl3aPaWcTBriFIJVle4dM5RNimMMRyWwM84 + /Njwb+wp+1B4w8J6L4q8PXVoumazY2t7ahtRkRhb3MSyxAoFO07GHHbpXqnw + /wD+CXPxT1XXraX4o+ILDRtHaQG4+xPLd3rr1IQPGkYJ6bi7Y67W6UAfRf8A + wSW0bxFB8OPiFrqoqaXe6hawRNIGw0tvC7S7e3AlTNfBd75n/DxW18vG/wD4 + WRZ7c9M/2pHjNf0W/Dnwd4I+Evw/034c+BrN7PSNIgMUKspLuzZZ5JGwNzyO + SztgZJPAHFfzpXsix/8ABRW1kbonxIsycdeNUjoA/pcgGq/2hdBGh83CbyQ2 + 3pxii/XVQ1t57Qk+cu3aG+92z7UQanbJqN1MQ+2QJj5TngdxRqGp20zWpQP+ + 7mVjlSOBQB86+M/2O/gf48+IE/xX8XeFYNR8UTzQXMl219qCbpLVESI+Sk6w + 4VY1G3ZtOOQec+n+PviRpPwi+G+o/EPxdewWejaPA0rbs+ZI3RIoxxukkbCo + O5I7c13uq+KdF0rTLvU9Un+yWdpDJNNNKNkcccalmd2PAVQCSTwBX84v7Tn7 + QHjf9sz4q6P8Kvhhbz3HhuzuTb6RZICpvLg5D3s4PQbcld3EUWScEvQBZ/YS + 0HxT8W/2yoPiLpVmLe20251HW79xnybdbpZVjjyAOWklCqvUqGOMA1/RfqK6 + qFt/PaEjzk27Q33ucZz2r5v/AGVfgN4U/Zn8BJ4T01jearerHPqt8IyGubvH + O0HkRR52xr6ZJ+ZmJ+kNR1O2nW3CB/kmRjlSOBQBfZdb2nLwYx6NVHS11U2E + X2doRHzjcGz1PXFX21mzKkYfp/cNUdL1S2t7CKFw+5c5wpI6mgBsa6r/AGnK + FaHzfLXJw23GeMe9eZ/HcamPhR4h+1tEU+zn7gOc5969Mj1O2GpyzkPtaNQP + lOcg+leZ/HfUbe6+FHiGKINn7OTypA61hiv4U/R/kcuP/gT9H+R+TVfcv7GQ + 1Ap4v+wGMc2G7zM/9PGMYr4ar7m/Yyv4LJPF/nbvnNhjapbp9o9K+KyH/eof + P8mfmvC/+/U/n+TPs1V1n+2HAaDz/JGThtu3d+ec0asusi2X7S0BTzExtDZz + njr2oXVrQaw9zh9hhC/cOc7s9KNW1a0uLZUjD5EiHlCOAa/RD9cNPb4g/v23 + 5PWZpC6wbIfZWgEe5vvhs5yc9K1P7esfST/v23+FZej6taW1kIpA+4Mx4Qkc + mgA26z/bON0Hn/Z+uG27N/55zRq66yLJvtTQGPcv3A2c5GOtH9rWn9s/acPs + +z7PuHOd+emOlGr6taXNk0UYfcWU8oQOCDQBp7fEH9+2/J6zNJXWTbN9maAJ + 5j53Bs5zz07Vqf29Y+kn/ftv8Ky9J1a0t7ZkkD5MjnhCeCaABl1j+2EBaDz/ + ACTg4bbt3fnnNGsLrA06X7U0Bi+XOwNu+8MYz70Nq1odYS5w+wQlfuHOd2el + GsataXOnSwxh9zbcZQgcMD1NAGnt8Qf37b8nrM0pdYMU32ZoAvmvncG+9nnG + O1an9vWPpJ/37b/CsvStWtLeGZZA+WldhhCeCfpQASLrH9rQhmg87y224Dbc + Z5z3zS6uusjTpvtTQGLA3bA27qOmaSXVrRtWhuAH2LGyn5DnJPpTtX1e0udO + mhjD7mAxlCB1HfFAGgq+INow9tjHo9ZumLrG25+ztAP377twb73fGO1aS67Y + hQMSdP8Anm3+FZumataQLchw/wA88jjCE8HFABMusf2pbB2g87Y+3Abbjvnv + T9UXWhp8/wBpaAx7fm2hs9e2aZPq1o2q21wA+1EcH5Dnn2qTVdYtLjT54Yw+ + 5xgZQgdfXFAFuJdf8pNr2+MDGQ3SqGmrrBa7+ztAD5779wb73GcY7VoRa5ZL + EikSZAA+43p9Kz9N1a0ga7Lh/wB5O7jCE8HHWgAuV1j+07MSNB5uJNmA23pz + n+lTakut/YJ/PaAx7Tu2hs49s1Dc6taPqdnOofbEJM/Ic/MOMCptS1iznsJ4 + UD7nUgZQgfnigCe3XXvIj2Pb7doxkNnGKpaeusedeeQ0AbzTv3BsbsdsdqvW + +t2SQRowkyqgH5D2H0qjp+rWkM14zh8SSlhhCeMd6AC7XWP7RsfNaDzcybMB + tv3ec/h0qfUF1z7DP57QGPY27aGzjHOKgu9WtJNRsZlD7YjJuyhB+ZcDAxzV + jUNZs5rGeJBJudGAyhA5H0oAfaLrv2WHynt9mxduQ2cY4zVSxXWPtV75LQB/ + MG/cGxnHarlprdlHawxsJMqig4QnoPpVOx1a0hur2Rw+JZARhCeMd+OKAC9X + Wfttl5rQeZubZgNjOOc1avV137HP5rW+zy23YDZxjnHvVW91a0lvbKVQ+2Jm + JyhB5GOPWrV7rVnLZzxKJMvGwGUIGSPpQAliuufYrfyWt/L8tNu4NnGBjPvV + azXWftt75TQeZuTfkNjOOMVasdas4rK3icSbkjRThCRkAD0qrZ6taRXt7Kwf + bKyEYQk8DHPpQAX66x9ps/OaAv5h2bQ2M47+1XLpdd+yzeY9vs2NnAbOMc4q + nf6taTXNm6B8RSEnKEcY7etXLrW7KS1mjUSZZGAyh7j6UARaeut/YYPIaAR7 + F27g2cY71BaLrH9o33lNB5v7vzMhtv3eMfh1qfT9Zs4bGCJxJuRFBwhI4H0q + C01a0j1G+nYPtl8vbhDn5VwcjtQAagusebZ+e0BPnDZtDfex3z2q9OuveRJv + e327TnAbOMVR1DVrSaWzZA+I5gxyhHGO1Xp9csngkQCTLKR9xu4+lAFbTV1s + 2EH2doBHtG3cGzj3xUVuusf2ndhGg83Ee/IbbjHGO/1qbTNYs4LCCFw+5FAO + EJH54qG31a0TVLudg+2QRgfIc8DnIoANSXWAbT7Q0B/fps2hvv8AOM57VoSr + r/lvue3xg5wGrP1PVrSc2mwP+7nRzlCOBnpxWhLrli0bqBJkgj7jf4UAUtKX + Wjp8P2ZoBFj5dwbd174pkK6x/atwEaDztibshtuO2O9P0rV7S30+CGQPuUc4 + QkdfXFMh1a0XVbi4IfY6IB8hzx7UAGqLrO22+0NAR56bdob73bOe1aRXxBg5 + e2/J6zdU1a0nW2EYf5J0c5QjgVpNrtiQRiT/AL9t/hQBnaQusnTofsrQCLB2 + 7w27qeuKSNdY/taUK0HneUueG27c8Y75pdI1e0ttOhgkD7lBzhCR1J64pI9W + tBq8tyQ+xolUfIc5B9MUAGqrrAhi+0tAV81MbQ2d2eM57Vp7fEH9+2/J6zNV + 1a0uIYljD5WVGOUI4BrU/t6x9JP+/bf4UAZejrrB0+P7K0Aiy2N4bd9456e9 + CrrH9sMA0Hn+SM8Nt27vzzmjR9WtLbT44ZA+5S3RCRyxPWhdWtBrDXOH2GEL + 9w5zuz0oANWXWBaj7S0BTen3A2c5461p7fEH9+2/J6zNW1a0uLURxh8h0PKE + cA1qf29Y+kn/AH7b/CgDL0hdYNmPsrQBNz/fDZznnpRt1j+2QN0Hn+R1w23Z + u/POaNI1a0trMRSB925jwhI5P0o/ta0/tkXWH2fZ9n3DnO7PT0oANYXWBYt9 + qaAx7lzsDZzkY61p7fEH9+2/J6zNY1a0ubFoow+4sp5QgcEGtT+3rH0k/wC/ + bf4UAZekrrJtn+zNAF8x87g2c556dqsQC/Gux/bTGW8lvuZxjPv3zVfSdWtL + e2dJA+TI7cITwTViC9hvNdjeHdjyWX5lI5znvQB0tFFFABRRRQAUUUUAFFFF + AH//0P3jn/5Dlr/1yen67/yCbj6D+YrIl0izXVYLcb9jxuT85zke+afq2j2V + tp000W/coGMuSOo7E0AdPF/qk+grI0b/AJfv+vqX+lNj0KwKKSH5A/jb/Gs7 + TNIs5/tfmb/3dxIgw5HAxjvQBp3X/Ibsf9yX+VT61/yCrn/crFuNIs01S1t1 + 37JFcn5zngcc5qXU9GsoLCeaPfuRcjLsR+WaAOit/wDj3i/3V/lWZpH+tv8A + /r4b+QqKHQrBoY2IfJUH77en1qhp2kWc8l4H34jmZRhyOBigDUvf+Qxpv0m/ + 9BFWNX/5Blz/ANc2rDutIs49SsoF37ZfN3fOc/KuRg54qfUdGsoLGeaPfuRC + Rl2I/nQBu2f/AB5wf9c1/lWdpX/H1qH/AF2/pUNtodhJbROwfLIpPzt3H1ql + YaRZzXF4j78RSbVw5HGPrQBqX/8AyFNN/wB6T/0Grep/8g66/wCuT/yNYF5p + FnHf2MK79spfdlyTwuRj0qzf6LYw2VxKm/ckbEZdjyB9aANnT/8Ajwtv+uSf + +giqOm/8f+o/9dF/9BqtZ6JYy2kEjb9zopOHYckfWqllpFnLd3sb79sTqFw5 + HBHfnmgDT1L/AI/9O/66N/6DV/UP+PC5/wCuT/8AoJrnb7SLOK7so037ZXYN + lyeAO3PFW7zRLGK0nkXfuRGIy7HkD60Aaml/8g21/wCuSfyqnp//ACFNS/3o + v/Qaq2Gi2M1lBK+/c6KTh2HJH1qtZ6RZy399C2/bEU2/Oc8rk59aANTVP+Pr + T/8Art/StG8/49J/9xv5VzV/pFnDPZom/Esu05cnjH1q7c6HYJbyuofKoxHz + t2H1oAv6R/yDLb/rmtVrL/kM6j9If/Qap6do1lPYwTSb9zoCcOwH86gtdIs5 + NTvYG37IhHt+c5+ZcnJzzQBp6v8A62w/6+E/rWpcf8e8v+638q5jUtIs4JLM + R7/3kyocuTwavzaFYLDIwD5Ck/fb0+tAFrRf+QVbf7v9aitf+Q1e/wC5F/Ks + /S9HsrjT4JpN+51ycOQPyzUcGkWb6pdW7b9kaoR85zyOeaANTWf+XH/r6i/r + WtJ/q2+hrldT0izg+y+Xv/eXEaHLk8HOa0X0LTwjEB+Af42/xoAm0L/kE2/0 + P8zTIP8AkOXX/XJKztJ0eyuNOhmk37mBzhyB1PYGmRaRZtqs9ud+xI0I+c5y + fegDT1v/AFNt/wBfEf8AOto9K5LVdIs7eOBo9+XmRTlyeD171pnQdPx0f/vt + v8aAF8Pf8ge3/wCBf+hGiP8A5D8v/XBf/Qqy9G0izutNhnl37m3Zw5A4YjoD + QmkWZ1eS2O/YIQ33znJOOtAGprn/AB6xf9do/wCdbNclq2kWdvbo8e/JkReX + J4J9zWp/YOn+j/8Afbf40AJ4f/5Bkf8AvP8A+hGlH/IwN/17D/0OsvR9Is7m + wSaXfuJYcOR0YjsaBpFn/bJtvn2eQH++c53Y60Aaev8A/IP/AO2if+hVtVyW + r6RZ21n5sW/dvQcuT1Pua1P7B0/0f/vtv8aADQf+PE/9dJP/AEKhv+RgX/r2 + P/odZek6RZ3FoZJd+7e44cjgH2NB0izGsLbfPsMBf75zndjrmgDU8Qf8gqX6 + p/6EK2a5LWNIs7awkmi37lK9XJHLAdzWp/YOn+j/APfbf40AGh/8esv/AF2k + /nSS/wDIeg/64N/OszStIs7iCR5N+VldRhyOAfrRJpFmNXithv2NEzH5znIP + rmgDU8Qf8gi4/wCA/wDoQrYHQVymsaRZ22mzTxb9y7cZckcsB0JrSGg6fgcP + /wB9t/jQAaJ/qrr/AK+JP6Utx/yHLX/rlJWXpekWdwlwZN/yTOow5HA6d6Jt + Is11W3txv2Ojk/Oc5HvmgDX13/kE3P8Auj+YrTi/1SfQVzGraPZW+nzTR79y + gYy5I6jsTV6PQtPKKSH5A/jb/GgB2jdb/wD6+pP6UXf/ACGrH/dl/lWZpmkW + c5u/M3/u53QYcjgYx3ouNIs01S0t137JFkJ+c54HHOaANrWv+QVc/wC5V22/ + 49ov9xf5Vzup6NZW9hPNHv3IuRl2I/nVqDQ7B4Y3IfLKD99u4+tAEuk/66// + AOvhv5Ci9/5DGm/9tv8A0EVl6dpFnNJeK+/EczKMORwAPei60izj1KxgXftl + 83d85z8q5GD2oA3dW/5Bl1/1zb+VT2f/AB5wf9c1/lWFqOi2MNjPKm/ciEjL + sRx+NTW2h2EltE7b8sik/O3cfWgCbS/+PvUP+u39KNQ/5Cem/wC9J/6DWZYa + RZzXF4j78RSbVw5HGO/NF5pFnFf2MK79srOGy5J4XPHpQBv6n/yDrr/rk/8A + I18VftR/e8Jf9es3/tOvr++0WxhsriVA+5I2Iy7HkD618b/tN2kNtL4WeLOZ + raZmySef3fTPSvuPDr/kb0v+3v8A0lnzfFv+4VPl+aPlev06+H3/ACInhP8A + 68bf/wBFCvzFr9Mvh9bRf8IJ4WPP7yxt88/9MhX6J4q/7tR/xP8AI+T4G/jV + PT9T0Wf/AFEn+6f5Ult/x7xf7o/lVWWygWJ2GchSep9KSCzheFGOclQepr8P + P0s+bviR4bbSNamv7ZMWd2+7I6JIwyy+2eSP/rV52pCnkZHcV9i3Wi6fqsd3 + p19H5kDBRjPqM5z6g9K+cfF3gXUvDEzTIDcWDH5JQOV9nHY+/Q/pX2+TZrGp + FUqj95fj/wAE+CzzJpU5OtTXuv8AD/gFDwjpiaj4jsIdwaMP5jA8HEYL4I98 + Y/Gvra0/49o/90V8QAkEEHBFb9r4r8R2aCO31CUKvQM24D/vrNXm2UzxElKM + tjPJs5p4aLjKO/VH15D/AMfdx/wD+VfK/jnSl07xVqCFgsTyeauOT+9G4gD2 + JI9KzbnxZ4kulKTahLhuu07M/wDfOK55mZ2LMSSeST1pZTlNTDycpS3HnOc0 + 8TBRjF6PqPkcOcKNqjoP8ff/AD0rvfh54WfxBrC3NwmbGyIeQnozDlU/Hqfb + 6iqPhbwTqviaQSopgsl+/Mw4OOoT+8f0HevpPQ9C07TNMgtLRCiKPXknuT7m + lnGaxpRdKm/ef4f8EeSZPKrNVai91fj/AMA14/8Aj8m+i14L+01+zz4F/aZ+ + GM/w18cq0UcsyTWd7CAZ7K7UMEmj3cHglWU8MpI4yCPcEtITcyoc4ULjk96L + m0iTytufmkUHk9DXw59+j8DfCnwC/wCCoH7GUtz4Y+B91beO/Bfmu8VuslvN + bDdltwtbx4p4GYkl1gYqW6s3BOh4g0r/AIK7ftJaOfAWtabbeAvDmooYbyaO + S105JIn+VhK6Sz3hQgkMsQwwyCCDiv3qNjBg/e/M1BaWkMlujtnJz3PrUcnm + Vc+Mv2K/2L/B/wCyL4bvbW3uxrvi7WkjOqaqY/LBCElbe3Q5KQoTk5O52+Zs + YVU8S/4Klfs6fGP9ojwP4F0r4O6B/b93o+pXM11H9rtbTy45YVVGzdSxK2SM + YUk1+nK2kRunj5wFB6mi6tIo1QrnlwOp70+VWsK7M7wVp15o/g3QdI1BPLur + GwtYJVyG2yRRKrDIyDgg8g4r8p/2sP2YPjl8U/22fgp8YPAnhv8AtLwh4TOh + f2nfG8s4fs/2LWZrqf8AczTJM+yFg3yI2c4GWyK/XL7DB/tfmarWdpFLbo7Z + yc9CfWm1cRZX/j/b/rmP51+R3hz9mD446T/wU41z9oe/8N+X8Pr0zeVqf2y0 + bcZNMS3X/RxMbgfvQV5iHr05r9aBaRfa2j5wEB6n1ourSKOMMuc7gOp70NDP + zJ/4Kj/s4/Gb9ozwR4G0n4NeH/8AhILzRtRup7qP7Xa2nlxywqqtm6liVskY + wpJ9q/Rr4e6dd6R4G0DSb9PLurKxt4JVyG2yRxqrDIyDgg8jiul+wwf7X5mq + 1paRSQB2zkk9/ei3UD8pv+Cpv7NHxt/aOtfh1afBnw5/wkMuhPqb3o+2Wlp5 + S3AtxGc3c0IbcUb7ucY5xkV+knxB0LU9W+E2u+GdPiEuoXmkXFpFHuVQ00lu + 0aruYhRliBknFdr9ki+2eVzt8vPU9c0XdpFHDuXOcgdT60WFc/NX/gl5+zt8 + Yv2dfhv4y0H4x+H/APhH7/VtWiubaL7Xa3fmQrAqFt1rLKq/MMYYg+2K/TOx + /wBSf95v50fYYP8Aa/M1WtbSGSLc2c5I6mhK2gylr+haN4os77w34hs4tR0v + VLSW2uraZQ8U0MwKOjqeoZSQa/CT4g/8E4v2mf2b/iDd/E39iPxU8thMTt0+ + S6jt76KMsGFvL9o/0W7hDDI80g9MqSNx/eg2kP2sR842Z6nrmi7tIY7dnXOR + jqT60ONwufiHB8YP+CybWw0YfDmya6QAG7e1slcn13faxB+S4qj8AP2RP22P + GX7WXhr9qP8AaMi0zTp9JuQ94r3FsLmWKK3eCNIodPWSHIBH3nXjJJzX7p/Y + YP8Aa/M1WtbSGRGLZ4Yjqe1LkC5+VH/BRT9jD4p/Grxt4U+O3wBuE/4Tjwnb + xQm0adLaWVbS4a5tZraWTbGJopHYkSMoI24IK4bye48e/wDBYb4i6P8A8K/k + 8F6V4PaVBb3Ovbbe3mRSQGlLm6nTPvbwFhnKAEAj9r2tIRdrHzgqT1NF3aQx + 27uucjHUn1o5Qufip+yr+wD8Zf2bv2ztI8aXUZ8Q+CrfSZvtOvNcWyl9Qu7P + bOn2dpftJX7QWCsYzlSCxzk19y/ty/sx6l+1V8B7vwL4buobPxFpOpR6rpjX + DFIJJ4UkiaGRwrFVkilcAgcPtJ4Br7PFjBj+L8zVa2tIXEm7Pyuw6noKFFWs + Fz8RfgR4j/4Kr/Cy18JfBi9+Gun3+h6HJa2Q1C/a3lmg02N1UoLiG/SFljiG + 1coz4AHJxX2x+3h+xVpH7W3g3T7rS7+LQ/GnhrzDp17LGWhmil5e1uCvziMs + AyuAxjOSFO5gfuJ7SEXUcYzggnqaW6tIY7d3XOQPU0culgufhr4Z8Qf8FjPg + 9ott4IHhO08Z2tonk2t9dvZ383lrwpM8d3FI2B0M4LY619Y/sd6R/wAFAdV+ + KOqePf2qr6203ws+nXFtbaJFJaApevNC6TCOzDrhUSQbpJi43YAwTj9H1sYC + oPzdPU1BbWkT+buz8sjAcnoKFHzC58Y/8FB/gH4i/aL/AGdtS8E+CbBdS8U2 + V1a6jpVu0sUIknhkCSL5kzJGpNvJKAWYDOBmvmj/AIJk/se/FD9nmHx744+N + 2iDRvEuti3sLKJrq2vHFlFmWZ/MtpZlAlkKDaWDfus4wQT+sslpCLmJBnDBs + 8nsKfc2cKQO65yB6mjlV7hfQ+D/+CjX7Nnij9pT9n2LRPh7py6p4v8P6jbX+ + nQGWK3aZWzBcRCWd441HlyeYdzDJjAHOAfKf+CXX7KfxJ/Z28OePNe+MejjR + vFHiO+t4I4Wube7f7HaIziTzLaSVB5kszggtu+QEjGCf1KSygKKTnkDuagt7 + SJ2lDZ+VyByaOXW4XPyp/wCCiv7GHxS+NHjPwj8d/gDcJ/wnPhaGO3+yNOlt + JKtnO11azW0sm2MTRSSOSJGUEbcEFcN5TL49/wCCw/xF0n/hX7eC9K8HtKn2 + e517Zb28yKcB5S7XUyZI728BYZygBAI/ayW0iW4gQZw+7PJ7Cn3FnCkLuucg + E9TQ4hc/E/8AZS/YD+Mn7OH7Zmj+NrmM+IPBMGkTG515ri2Uvf3dlidPs7S/ + aSv2gsFYxnKkFjnJr9s4o45muoZlDo52srDIIIwQQeoNEVlA0aMc5IB6mvx9 + +O//AAVd8D/DPxB42+GXhLwRqmpeNPDuo3ukQPcvEmntc20rQCUmORpnXcu4 + RhFLD5dy5yDSIas/Lu2/Zetde/4KA3X7LPh67N74RtfE8s0scUjGKHTYl+1T + oewljtwbctj/AFgx6Cv6y3iit7JoIEWOOOMqqqMKqgYAAHAAHSvx8/4Jj/su + +O/CE/iL9pT432c9t4x8etKtrFeKY7yO2mkM9zcTIwBR7mXaQCAwRc9HxX6+ + zWcKwyMM5Ck9T6UoKw2y1b/8e8X+6v8AKvy/+JP/ACUHxJ/2Ebr/ANGNX6bQ + 2cLQxsc5Kg9T6V+Y/wAR1CeP/EajoNQuR/5Eav1jwq/3mt/hX5nwvHP8Gn6/ + oafwh/5Kb4b/AOvyOv1Dv/8AjxuP+ub/AMjX5cfCeJZviR4difO17tAcHBwa + /TC70SxjtZpF35VGI+duoH1rk8Wf98pf4f1ZtwL/ALvP/F+iLtlBBc6RbwXM + ayxtEoKuAwPHcGvN7/4eadqV9fJpzmyaEptXG6P5lyeOo59D+FdvYaLYzWME + r79zopOHYckfWq9ppFnJqF9C2/bEY9vznPzLk5Pevyk+4ueeeG/C2reH/EUL + ahGPLYhUkQ5VjkHjuOncCvaLv/j1m/3G/lXNahpFnDNZqm/EsoU5cnjH1q9c + aHYJbyuu/KqxHzt2H1oBsu6P/wAgu2/3BUFn/wAhnUPpD/6Cao6bo1lPYQTS + b9zqCcOwH86httIs31O8gbfsiEePnOfmHOTmgRqax9+w/wCvlP61qT/6iT/d + P8q5fUtIs4GtBHv/AHk6ocuTwc+9aEuhWCxOwD5Ck/fb0+tAFnRP+QVbf7v9 + ahtv+Q3ef9c46oaXo9lcafBNJv3OuThyB19M1HBpFm+q3Nud+yNEI+c55980 + Aaetfdsv+vqL+tbD/cb6GuU1TSLO3Ft5e/8AeTohy5PBznvWk+g6eFJw/AP8 + bf40ASaD/wAgi3+h/wDQjTYf+Q7cf9cU/nWbpGkWdzp0M8u/cwOcOQOpHQGm + xaRZtq01ud+xY1YfOc5J9c0Aamt/6i3/AOu8f862a5LVdIs7eKFo9+WmRTly + eCeetan9g6f6P/323+NACeHv+QRB/wAD/wDQjQn/ACMEn/XuP/QqzNG0izut + Oinl37m3Zw5A4YjoDQukWZ1h7Y79ghDffOc7sdc0Aaeu/wDHmn/XWP8AnW1X + JatpFnbWyyRb8mRF5cngn3rU/sHT/R/++2/xoANA/wCQav8Avv8A+hGj/mYf + +3X/ANnrL0jSLO5slll37izDhyOjEdjR/ZFn/bP2X59n2ff985zvx1oA1Nf/ + AOQcf99P/QhWzXJavpFnbWRli37tyjlyepA71qf2Dp/o/wD323+NAHn/AIk0 + jUda0O2tdNhM0gu5CeQABhuSTgCsXS/hs39oR2us3GN0ZkKw9euMbiP6V6Np + OkWdzamSXfkO44cjgH2NDaRZjWEtvn2GEv8AfOc7sdaB3K154c0XRdIlOn2q + RuNnzn5n+8P4jk121clrOkWdrp0k8W/cpXGXJHLAdCa1P7B0/wBH/wC+2/xo + EGif8e8//XeT+dEv/Idt/wDri/8AOsvStIs7iGVpN+VldRhyOAfY0SaRZrq0 + NuN+xomY/Oc5B9c0AfDP7aH/ACN3h7/rxf8A9GmvjKvsL9sWygsvFegJBnDW + Tk5JP/LU+tfHtfm+c/71P+uh+PcRf77U9f0R+yPwl/5J7of/AF523/olK/PT + 9ozwi/hX4oalLGm201k/boT2JlP70fUSBuPQivvz4XadbXXgDQpJd2RZWw4Y + jjyU9K4D4+/Cz/hNfDyLosbSatpqST265JaQDHmRDPdgMj/aAHev2rgPOY4P + FQdR2jJWfl2f3/hc+l4vyZ4zLUqavKNpLz01X3fjY+PvgJ48TwZ4ueyvZNmn + a5GLWYn7qSA5ic/RsqT2DE9q/TfUfDXhzXxZza7pdrqMln80LXEKSmInBJQu + DtzgdPQV+K7KyMVYEEHBB6g197fs/fGHSfENtb+CPGVwYdWiAjtLh3IW5UcK + jEniQdB/e/3uv3fH3D1WUlmGG3StK29u/wB2j8vmfG+H/EVKMXl+JtZu8b7X + 7ffqvP5H13pX3r3/AK+H/pWPq3h3QNR8S6XquoabbXN7ahvKnkiR5Y9nzLtc + gkYY5GDweansNLtZjch937uZlGGI4FE+l2qahawDdtkDk/Mc8D1r8dhUlF3i + 7H7JOnGStJXGal4c8Px3F34jj0y2XVZI9rXYhQXDLgLgyY3EYAGM9Biuktv+ + PaL/AHF/lWHqGlWkNlNKm7cq5GWJqeDR7J4Y3O/LKD989xROpKVuZ3sEKcY3 + 5Va5TOkaVrkGoabrVnDf2kk+WhnjWWNiuCMqwIOCMirH2O00650qwsIEtra3 + WRI4o1CIiKgAVVGAAB0AqvY6XazS3SvuxHKVGGI4r54+PHxX0nwBb/2D4cmE + /iCZGDDcWFqrDh3/ANvuq/QnjAPdluAr4upHDUVe/wBy82cGZ46hhKcsTXaV + vvfku54r+1Z8QYvEHii38G6bLvtNC3Gcjo10/Ue/lrx7EsO1eK/Cbwg/jj4g + 6NoOwvbvMstz6CCL55M+mQNo9yK88llkmkeaZzJJISzMxyWJ5JJPUmv0T/Zo + +Ew0Dw03i/Xomj1HWlHkpkq0dp95c+8hwx9gvfNfuOZ1qWTZV7Km/etZecnu + /wBfwPwzK6FXOs29rUXu3u/KK2X6fifTenf8fd9/10H8qW//AOP+w/3n/lWd + Z6Xay3F2j7sRuAMMRxii70y1ju7SJd22VmByx7Cv59P6ENzUP+PC4/65v/I1 + +Cf/AAVY+Lf9s+L/AAj8G9OmzbeHLJdRvlU8G7vFAiVh6xwruHtLX7sXmkWc + VpNIu/ciMRlj1Ar4U8Yf8E4vgh8TPH938VfFut+IrrU9XuY724txdWgtTgLi + EKbQyCIKoQDzNwUY3Z5oGfCXw2/4JT6/458GaP4n1f4gJoV5qllbXklk2lGd + rc3MYkEbP9qjyyggN8o5zVrx5/wSe1/wl4V1TXtH+ISa3fWNpcXEFkNJMJuZ + II2kWIP9qfaXI2g7Tya/cWz0qza6uocMEhKhQGIwMUt5pdrFcWiJuxI5ByxP + GKAPwc/4JWfFv/hHPiP4l+EeozbbTxdYtdWik8fbrBWZlUerwFyx/wCma1U/ + 4Kv/APJYPBH/AGLMf/pXcV+hfh//AIJwfA7wP8Rrf4s+GNa8RWWp6ZftqcFs + l1aC0Vt5fyNv2TzPJIJjK+Zu2HG7PNdp8c/2H/hP+0rrekeMPHOq63YXun2K + 2aJptxbxxGMSPLlhPbTHdlz0YDGOO9Aj1T9l3/kgvw6/7FTw9/6b4q9s1L/X + WX/XYfyriPAPgLRfBPhzTfAelyTzaf4ZsLLTrZ5nBmeK1gWJGkZFRS5CgkhV + Gc4AHFdNfaXaxS2qpuxJIFOWJ4oGdDc/8e0v+438q/mGuv8AlIzZf9lJsv8A + 06x1/TJPo9kkMjjflVJ++ewr4dh/4J7fBfUfi3B8eJ9Z8QDXzrMev+Qtzaiz + +1Rzi4CbPsvmeVvGCPM3Y/izzQI+57X/AJC179I/5Uar96y/6+E/rWdBpdq+ + oXUDbtsYTHzHPI55ov8AS7WFrYJu/eTKpyxPBoA/E3/gpp+1frGo+Ib39mvw + c0ljpmmGFtdn5VryZ0WaO3X/AKYoGVn/AL74HCr80H7CHxK/Y1/Z48MP4z8e + eOIX+IWuR7JwNN1GVdOtici2jdLVlLtgNK6kgnCqSF3N9ufFv/gnD8Dvi/4+ + 1r4l+I9a8RWmp60ySTRWd1aLbq0USxDYJbSVxkICcuec4wOB5lYf8Em/2dLq + 0iuJPEXioM4ycXljj/0hoA+mPh/+2j+zP8SPH1r4N8F+MhqOsa0RDaQfYL+L + zXRWcjfLboi4VSfmYCvqPV/u2v8A18R/1r4C+E//AATk+B/wm+J2m+PfD2te + Ibu/8Pv58Ed3dWjQs0kbRnzBFaRsQAxIww5x1HFfdmo6XawLbmPd88yKcsTw + c0AdK/3G+hrN0X/kGQfRv/QjUbaLZBSfn6f3zVHS9LtLiwimk3bmznDEDqaA + NCL/AJDU/wD1yX+deY/tAf8AJJPEP/XD+td7Hpdq2py253bFjUj5jnJPrXmf + x3022tfhR4hli3bvs5HLE9/esMV/Cn6P8jlx/wDAqej/ACPyar7z/Ym+54y+ + un/+3FfBlfc37GVhb3yeL/P3fIbDG1ivX7R6V8VkP+9Q+f5M/NeF/wDfqfz/ + ACZ9wp/yH5P+vcf+hUa7/wAeaf8AXWP+dZa6RZnWHtvn2CEN985zux1o1bSL + O3tleLfkyIOXJ4J96/RD9cOtrF0D/kGr/vv/AOhGl/sHT/R/++2/xryq78T6 + dpExsriykncZO5Zig5J7YoCx6r/zMP8A26/+z0a//wAg1v8AfT/0IVx/h2Sw + 8QTJcJC8EbQsdpkLHKvt+9x+Vbmr6RZ21k0sW/cGUcuT1IHc0AdbWNoX/Hm/ + /XWT+dH9g6f6P/323+NZek6RZ3Fs0km/IkccORwD7GgDTf8A5GCP/r3P/oVL + 4g/5BM/1T/0IVltpFmNYS2G/YYS33znO7HXNGsaRZ22nSzxb9y7cZckcsB0J + oA62sXQ/9Rcf9d5P50v9g6f6P/323+NZelaRZ3EMzSb8rK6jDkcA/WgDUm/5 + Dtv/ANcX/nTte/5BFx9B/wChCsmXSLNdWhtxv2NGzH5znIPrmnavpFnbadNP + Fv3KBjLkjqOxNAHUp9xfoKyNF+7ef9fMv9Kaug6eVBw/T++3+NZumaRZzrcm + Tf8Au55EGHI4GMUAalz/AMhuz/65yVJrf/IKuf8Ad/rWPPpFmmq21uN+x0cn + 5znI981Jquj2Vvp880e/ci5GXJHX0zQB0kH+oj/3R/KsrR/v3/8A18yf0pkW + hWDRIx35IB++3p9az9N0izna7Em/93O6DDkcDHvQBp3n/Ia0/wD3Zf8A0GrG + sf8AILuf9w1iXOkWaanZwLv2SiTPznPyjjmptS0aygsJ5o9+5FJGXYj+dAHQ + Wv8Ax6w/7i/yrN0r/j41D/ruf5CobfQ7B4I3bfllBPzt3H1qjp+kWc014r78 + RSlRhyOMfWgDTv8A/kLab9Zf/Qat6r/yDbr/AK5t/KsG70izj1GxgXftlMm7 + LnPyrkYOeKsahotjDYzypv3IjEZdjyB9aANuw/48bf8A65p/IVn6Z/x+6j/1 + 1H8qgtNEsZLWGRg+WRSfnbqR9ap2OkWc11exvvxFIAuHI4x35oA1NR/5COnf + 77/+g1d1H/kH3X/XJ/8A0E1z17pFnFe2USb9srMGy5PQZ49KtXuiWMVnPKm/ + ckbEZdjyB9aANbTf+Qda/wDXJP8A0EVT0/8A5CWpf78f/oNVbHRLGWyt5X37 + njRjh2HJAPrVWz0izlvb2J9+2JkC4cjqueeeaANPVP8Aj807/rqf5VoX3/Hl + cf8AXN/5Gucv9Is4bmzjTfiWQq2XJ4x2q5daJYR2s0i78qjEfO3UD60AaOk/ + 8gy1/wCua/yqrY/8hfU/+2P/AKDVPT9FsZrGCV9+50UnDsBkj61BaaRZyajf + QNv2xeXt+c5+ZcnJzzQBqat/r9P/AOu6/wAjWldf8e0v+438q5nUNIs4ZbNU + 34kmCnLk8Yq9PodgkEjqHyqkj527D60AXdG/5Bdt/uCq9p/yGr//AHYv5VS0 + zRrKewgmk37nUE4dgP51Db6RZvqd3btv2RLGR85z8w55zQBp6z96w/6+o/61 + rTf6mT/dP8q5bU9Is4DaeXv/AHk6IcuTwc+9aEuhWCxuwD5AJ++3+NAFjQ/+ + QTbf7p/majt/+Q5d/wDXOOs7StHsrjT4ZpN+5xk4cgdfQGmQ6RZtqtxbnfsR + EI+c5yffNAGprX3LT/r5i/rWw33T9K5PVNIs4FtzHv8AnnRDlyeD171pNoOn + gE4f/vtv8aAH6B/yCLf6N/6EabF/yHp/+uK/zrN0jSLO506GeXfuYHOHIHUj + oDSR6RZnV5rY79ixKw+c5yT65oA09c/494P+u8f862q5LVdIs7eGJo9+WlRT + lyeCfc1qf2Dp/o//AH23+NAB4f8A+QTD9X/9CNC/8jA//XsP/Q6y9H0izudP + jml37mLZw5A4YjoKF0izOsNbfPsEIf75zndjrQBqa7/x5L/11j/9CrZrktW0 + iztrUSRb8l0HLk8E+5rU/sHT/R/++2/xoATQP+QcP99//QjQf+RiH/Xr/wCz + 1maRpFnc2Yll37tzDhyOh9jR/ZFn/bItfn2eRv8AvnOd2OuaANPxB/yDX/3k + /wDQhW1XJaxpFnbWLSxb9wZRy5PUgdzWp/YOn+j/APfbf40AGhf8ekn/AF1k + /nQ//Ifi/wCvdv8A0KsvSdIs7i2d5N+RI68ORwD7GrEFjBZ67GkO7Hks3LE8 + 5x3oA6WiiigAooooAKKKKACiiigD/9H9z5TrP9qwbhB53lvtxu247575p2rH + Wv7Om+0i38rA3bC27qOmeKbLrFg2qwXIZvLSNwTtbqfbFO1bWbC506aCF2Lu + BjKsO49RQBejPiDYu0W2MDHL1n6YdZ/0v7OIP+PiTfu3ff4zjHb0rQj1/TFR + QXbIA/gb/Cs/TNYsLf7X5rkeZcSOvysflOMdBQAXB1n+1LXeIPO2vsxu24xz + nv8ASpNTOt/YJ/tAt/L2/NtLbse2ajuNYsH1S1uFc7I1cMdrdxxxipNT1rT7 + iwnhidi7rgfKw/mKALcJ1/yY9gttu0YyXzjFUNOOs+Zd+QIM+c2/cW+9xnGO + 1X4de01IY1Z2yFAPyN6fSqGnaxYQSXZkcgSzM6/Kx4OPagAujrP9pWXmCDzf + 3uzG7b93nd36dMVNqJ1z7DP54t/L2HdtL5x7ZqG61iwk1KynVm2RebuO1v4l + wOMVNqOtafPYzwxuxZ0IHysOfyoAmtjr32aLyxbbNi4yXzjHGap2B1n7ReeQ + IN3mfPu3Y3Y7Y7Vcttd02O2ijZ2yqKD8jdQPpVOw1iwhuLx5HYCWTcvyseMf + SgAvDrP2+y80QeZl9mN237vO78OmKs3x137FcecLfy/LbdtL5xjnGe9VrzWL + CW/spkdisRct8rd1wO1Wb7W9OmsriKN2LPGwHyMOSPpQAtmde+yQeULbZsXb + kvnGOM+9VbI6z9rvfJEG/eu/duxnHGKtWeuadFaQRO7BkRQfkbqB9Kq2WsWE + V3eyu7BZXUr8rHgD6UAF8dZ+12XnCDfvOzbuxnHOc1avDr32SfzRbbNjbsF8 + 4xzj3qrfaxYTXdlJG7FYnYt8rDgj6VavNc06W0niR23OjAfI3Uj6UANsDrv2 + KDyRb+XsXbuL5xjjOO9V7M6z9vvvKEHmZTzM7tv3eNv4dc1YsNb06Gygikdg + yIoPyMeQPpVez1iwiv76Z2YJMUK/K3ZcHtQAX51nz7PzxBu835Nu7G7HfPar + tydf+zy+YLbbsbOC+cY5xVK/1iwmns3jckRS7m+Vhxj6Vdudd02S3lRXbLIw + HyN1I+lAEGnHXPsMHkC38vYNu4vnHviobU6z/aV75Yg83Ee/O7b93jb36dc1 + Np2t6fBYwQyOwZEAPyMefyqG11iwj1K9uGc7JRHt+Vv4VweMUAGonWd9p9oE + GfOXZt3fe5xnPar8x1/yZN4ttu05wXzjFUNR1iwne0MbkiKZXb5WHA/Cr82v + aa8LqrtkqQPkb0+lAFTSzrf9nwfZxb+Xt+XcW3Y98VHAdZ/tS62CDztqb87t + uMcY7/WpNL1rT7fT4IZXYOi4OFY/yFRwaxYJql1cM7bJFQKdrdhzxigA1M6z + /ov2gQf8fEezbu+/zjOe3rWi58QbGyLbGD3es7U9YsLj7L5Tk+XcRu3ysPlX + OeorRfX9MKMA7cg/wN/hQBQ0k61/Z0P2YQeVg7d5bd1PXHFNiOs/2rPtEHne + Wm7O7bjtjvmnaTrNhbadDBM7B0BzhWPc+gpsWsWC6rPcl28t40AO1uo9sUAG + qHWfLg+0iDHnJt2bvvds57Vp58Q+lr+b1maprFhcRwLEzEpMjHKsOB16itM+ + INM/vt/3w3+FAGZox1n+zYfsog8r5tu/du+8c5xx1oQ6z/a8mBB5/kjPLbdu + fzzRo+sWFrpsMEzsHXdnCserE9QKE1iwGryXJdvLaEKDtbqDnpjNABqp1n7O + n2kQbfMTGzdndnjr2rTz4h9LX83rM1XWLC5t0SJ2JEiMcqw4B56itP8A4SDT + P77f98N/hQBmaOdZ+wp9lEHl5bG/dnO456UA6z/bB4g8/wAgd22bN355zRo+ + sWFrYJDM7BgWPCserE9hQNYsP7YN1ubyzAEztbruz060AGrnWfsf+lCDZvT7 + m7Oc8da08+IfS1/N6zNX1iwubPyoWYtvQ8qw4B9xWn/wkGmf32/74b/CgDM0 + k6z9kP2YQbN7/f3ZznnpQTrP9sLkQef5B7tt27vzzmjSdYsLa0MczsG3ueFY + 8E+woOsWB1hbrc3liApna3XdnpjNABrB1n7BJ9qEHl5XOwtu+8MdfetPPiH0 + tfzeszWNYsLqwkhhZi5K4yrDowPcVp/8JBpn99v++G/woAzNKOs+RJ9mEG3z + Xzv3Z3Z56dqJDrP9rxbhB5/lNj723bnnPfNGlaxYW0EiSuwLSuwwrHgnjoKJ + NYsG1eK5DN5axMpO1upPpigA1g6z/Zs32oQeV8u7YW3feGMZ461pA+IcDAtf + zes3WNYsLrTZoIXYu23GVYdGB6kVpDX9MwPnb/vhv8KAM3SzrOy4+zCDHnPu + 3bvvd8Y7elEx1n+1bfcIPO2Ptxu247575o0vWLC3S4WV2BeZ3HyseD06CibW + LBtVt7kO3lojgna3U+2KAH6qda/s+b7SLfysDdsLbuo6Z4q7GfEGxdotsYGO + Xqlqus2Fzp80ETsXcDGVYdx6irsev6YEUF2yAP4G/wAKAM/TDrObv7OIP+Ph + 9+7d9/jOMdvSi4Os/wBqWm8Qedtk2Y3bcY5z3+lGmaxYW5u/NZh5k7uvysfl + OMdqy9W8XaJZavZyTyOFRHJwjfxcD+VAGxqZ1v7BP9oFv5e35tpbdj2zVqA6 + /wCTHsFtt2jGS+cYrIl8VaPrOmXIsZGY428ow561rwa9pqQxoztlVAPyN2H0 + oAo6cdZ8y78gQZ85t+7d97A6Y7UXR1n+0rHzBB5v73y8btv3fm3d+nTFGnax + YQSXjSOwEszMvyseCB7UXWsWEmpWM6OdkPm7vlb+JcDjFAE+onXPsM/ni38v + Yd20vnHtmpbY699mi8sW2zYuMl84xxmotR1vT57GeGN2LOhA+VhyfwqW213T + Y7aKNnbcqKD8jdQPpQBTsDrP2i88kQbvM+fduxnHbHai8Os/brLzRB5mX2Y3 + Yzt53f8A1qLDWLCG4vHkcgSybl+Vjxj6UXmsWEt/ZTI5KxFy3yt3XA7UAWb4 + 679iuPOFv5fltu2l84xzjPevjf8Aab+2eb4W+0hNn2aby9mc7f3f3s9/pX2R + fa3p01lcRRuxZ42A+RhyR9K+T/2mo4bzRPDGoQEk2Zlt5OCBmREZeT/1zavt + PD2oo5vRv15l/wCSs+d4rg3gKlvL80fH9fpl8PTcnwJ4Wxsx9ht9vX/nmOtf + mbX6C/BDxNa6z4A0q3Lj7RpLPbSqOwUkofxQj8c1+neKVCUsHTqLZS1+aZ8b + wRVSxE4vqv1PZ5ft3lPu8vG05xnOMUkH27yU2eXt2jGc5xSy3tu0TqGOSpHQ + +lJBe26QorMchQDwa/CT9PI4vtn2ibb5e75d2c46cYpLlbpzGkwjYM2AOSDx + 3z2pYruBbiZyTh9uOD2FE93A7xFScK2TwaAZwmtfDPR9TL3EcS2MnJJgJCn/ + AIAcj8sVxbfB2/kUSWuoxMrcjejKf0zXusl9btGyhjkg9jTLe8t0gRGY5Ax0 + NelRzfEQVoz+/U8uvkuGqO8oa+Wn5Hhdv8H9QkmeKfUIk8vGdqM3X0ziut07 + 4ZaPpMkUtyovZCwA805TP+6AAR9c16JHdwLczSEnDbccHsKLi7gcxFSTtcE8 + HpTrZxiZqzn92gqGSYWm7xh9+v5kuy8ji8tFiVFGAFBAAHYCmW323yE8vy9u + OM5zUr31sVIDHkHsaitryCOBEZiCB6GvMPVsNT7Z9plx5e/C5649sUXP2z91 + 5nl/6xcYz17Z9qEu4BcyyEnDBccHtRc3cEnlbSTtkVjwegoAsH7fg/6r/wAe + qC0+2fZ08ry9vOM5z1qc31tg/MfyNQWl3BHbojsQRnsfWgBF+2fanx5e/aM9 + cYouvtm1PM8vG8YxnrQt3ALp5CTtKgdDRdXcEioFJOHB6HoKALP/ABMP+mX/ + AI9Vaz+2fZ08ry9vON2c9farP2+2/vH8jVazu4IrdEckEZ7H1oAB9s+1tjy9 + +weuMZouvtnljzPLxuHTPWgXcH2tpMnaUA6Hrmi6u4JIwqEk7geh7UAWf+Jh + /wBMv/HqrWn2zyB5Xl7cnrnPX2qz9vtv7x/I1WtLuCKAI7EEE9j60AH+mfbP + +We/y/fGM/zou/tnk/vfL25HTOetH2uD7Z5uTt8vb0PXOaLu7gkh2oSTkHof + WgCz/wATD/pl/wCPVWtftnlfuvLxk9c5zVn7fbf3j+Rqta3cEcW1yQck9DQA + H7Z9rH+r37PfGM0Xf2z7O3m+Xt4ztznrQbuD7WJcnbsx0PXNF3dwS27IhJJx + 2PrQBZ/4mH/TL/x6q1r9s2N5fl43HOc9as/b7b+8fyNVrW7gjRg5IyxPQ9DQ + AN9s+1rny9+0464xRd/bPs7+b5e3jOM560NdwG7WTJ2hSOh60Xd3BLbuiMST + jsfWgCyP7Qx/yy/8eqtbfbMSeX5f32znPXvj2qyL+2/vH8jVa2u4IxJuJG52 + I4PQ0AD/AGz7VHny9+DjrjFOuvtn2d/M8vbjnGc017uA3UcgJ2qCDwe9LdXk + Elu6KxJI9DQDJ1+37RjysY/2qr232z975fl/6xs5z1749qsLfWwUDcenoar2 + 13BH5u4kbpGYcHoaACT7Z9pi3eXvw2MZx05zT7n7b5D+Z5e3HOM5pkl3A1zF + IGO1Q2eD3FPuby3eB0ViSR6GgCRPt+xceXjA/vVBb/bN0uzy87znOevtU6X1 + sEUFjkAdjUFvdwI0pYn5nJHB6UAEv2z7RBu8vd823GcdOc0+4+2+S+/y9uDn + Gc0yW7ga4gcE4Tdng9xT7i8t3hdFYkkEDg0APi+3eWm3y8YGM5rLi0uB9Rk1 + L7JbG9Q485owZBkdA+N2PxrUivbdY0UscgAdDUMF3AkkzMThmyODQAS/bPOh + 3eXuyduM46d6km+3eTJv8vbtOcZzjFRy3cDTQuCcKTng9xUs17bvDIqsclSB + wfSgAh+3eTHs8vbtGM5zjFfmN8RiT4/8R7sbv7Qus46Z8xs1+ltzrenaTpcl + /fS+XBaRGSRiDgKi5P8AKvyx1nUZNY1e+1eUbXvp5Z2HoZWLEfrX634U0Je1 + r1elkvmfB8dVVyU4dbtnY/Cbzv8AhZHh7yMeZ9rTbu6Z98V+l92de+yzeaLb + ZsbdgvnGOcV+c/wOthP8TdHnkz5Vm0k7kDOAiHHT/aIFfoxd67pslrNGjtud + GA+RupH0ryvFeonjqcV0h+rOzgaDWGm+8v0QywOufYYPIFv5exdu4vnGOM4q + vaHWf7QvvKEHm5j35Lbfu8be/TrmrFhrenQ2MEMjsGRFB+RjyB9Kr2msWEeo + X07swSYx7flb+FcGvy0+1DUDrPnWfniDd5o2bd2N2O+e1Xbg6/8AZ5fMFtt2 + tnBfOMc4qlqGsWE81m8bkiKUM3ysOMfSrtxrumvbyortllYD5G6kfSgCDTTr + n2CD7OLfy9o27i27HviobY6z/ad55Yg83Ee/Jbb04x3+tTabrWnwWEEMrsGR + QD8rH+lQ22sWEep3lwzNslEe07W/hHPGKADUjrO60+0CDPnrs2lvvc4zntV+ + U+IPKfcLbGDnBfpiqGpaxYTtaGNmPlTq7fKw4Gfar8uvaY0TqHbJBH3G9PpQ + BU0s63/Z8H2YW/l7fl3Ft2M98VHAdZ/tW52CDztibs7tuO2O9SaXrOn2+nwQ + yuwdFwcKx7+wqODWLBNVubhmby5EQA7W6jrxigA1M6zi2+0CD/Xpt27vv84z + nt61oufEG05FtjHq9Z2qaxYXAthE7Hy50c/Kw4Gc9RWi+v6YVIDtyP7jf4UA + Z+kHWv7Oh+yiDysHbvLbup644pIjrP8Aa020Qed5a7s7tu3PGO+aXSNZsLbT + oYJnYOgOcKx7n0FJFrFgurTXJdvLaNVB2t1B9MUAGqHWfKh+0iDHnJt2bs7s + 8Zz2rTz4h9LX83rM1TWLC4ihWJ2JWZGPysOAeeorT/4SDTP77f8AfDf4UAZm + jHWf7Oi+yCDyvmxv3bvvHOccdaFOs/2w+BB5/kjP3tu3d+ec0aNrFha6dFBM + zB13ZwrHqxPYULrFgNYe6LN5ZhC52t13Z6YzQAasdZ+zL9pEGzzExs3Zznjr + 2rTz4h9LX83rM1bWLC5tljhclhIjcqw4B56itP8A4SDTP77f98N/hQBmaQdZ + +xL9lEHl7m+/uzncc9KM6z/bPSDz/s/+1s2b/wA85o0jWLC2slimdgwZjwrH + qSewo/tiw/tn7Vvby/s+zO1s7t+emM9KADVzrP2I/ahB5e5fubs5yMda08+I + fS1/N6zNX1iwubIxQuxbcp5Vh0IPcVp/8JBpn99v++G/woAzNJOs/ZT9mEGz + e/392c556dqGOs/2wmRB5/knH3tu3d+ec0aTrFhbWrRzOwYu54VjwTx0FDax + YHWEug7eWISmdrdd2emM0AGsHWf7Ol+1iDysrnZu3feGMZ461p58Q+lr+b1m + axrFhdadLBC5LsVxlWHRge4rT/4SDTP77f8AfDf4UAZmlHWfJl+zCDb5r537 + s7s84x2okOs/2tDuEHneU2Mbtu3POe+aNK1iwt4ZVlZgWldh8rHgnjoKJNYs + G1aG5Dny1iZSdrdSfTFAHwd+2L9u/wCEr0D7cIw32J8eXnGPMPXNfHtfbn7Z + KQXtz4Z1m0LMgS5t5CVIAIKOnX1y35V8R1+cZ3FrFTv/AFofj/EkWsbUv5fk + j9gvhadS/wCEA0I2YiKfYrbO/dnPkp6dq6+U6r/aUG4Q+bsbbjdtx3z3ryX9 + nzxfp2qfCzSN0n76zX7LIoBO1oAEGcdyoVvoa9al1SzbUoLgMdiIwPynv+Ff + cYaalTjJdkfp+Dmp0YSjs0vyPjn4/wDwF1OaW7+IHha2jLPmS+tIM5LHrNGp + 6k9XUd+QOtfEoJU5HBFftHqWrWU9jLDGxLMMD5SO/wBK+d/ih8CPBPjkyazo + Uv8AYutuMuyxk287+siAcMT1dfqQxr9a4T48VKKw2Nei2l28n/mfmfFvALqz + eJwK956uPfzXn5Hz38Of2mvFvg6BdL16Ia3Y5yHkYi5QYxw/8f0bn/ar6c0T + 9ofwB4intp31WHTbhQ37u8R4guR/E/KfTDGvgrxV8MfGvg6SQ6vpsjW0ZP8A + pMIMkBA77wPl+jAH2rgK+rxnB+V5gvb0Xa/WLVvu1X5HymD4yzTL37Csr26T + Tv8Afo/zP1xu/iT4TmsZS3ifRGjK87L6It+Hz9a5XWP2gfAHh+2G/XLO9dVG + 2O1Ek7NgdNyDYD9WAr8uKK82j4Y4VSvOrJr5L/M9Kt4oYpxtClFP5v8AyPqz + xp+1L4k1OK60/wAFwf2RDcsS1y+GuSD/AHBysf8A48e4Ir5YnnmuZnuLmRpZ + ZWLO7kszMeSSTyST1NdZ4Y8A+L/GEqpoOmTTxscGYqVhX6yNhfwzn2r7G+Gn + 7PPhvwxe2WseM501m8QljbhG+yxED5eGAMpz6gD/AGT1r162YZVktJwp25uy + 1k/X/g/I8ijl+a53VU6l+Xu9Ir0/4HzPMfgn8BdR19I/HHiu2EWjwjzLe3ly + GuSOQ5X/AJ5jqM/e/wB3r+gVt/bItohELfZsXbndnGOKjvNWsJLKWGInLIVA + 2kDp9KkttZsI7eJGZsqig/KeoH0r8Yz7Pq2YVva1dEtl0S/rdn7VkGQUcvo+ + ypat7vq3/WyKtmdV+0XfkiHdvG/duxnHb2ouzqv2u080Q79zbMbsZxzmiz1S + ziuLt3Y4kcFflPTH0ou9Us5bu0lRjtiZi3ynuPpXhntli8Os/ZJvNEGzY27G + 7OMc4otDrP2SHyhBs2LtzuzjHGfei81ixltJokZtzowHynqR9KLTWLGK0hjd + m3Iig/KeoH0oHYr2h1b7Xd+UId+5d+d2M44xRef2r9otPOEO7edm3djOO9Fp + qtnFd3cjsdsrKV+U9h9KLzVLOW4tHRjiNyW+U9MfSgC1cnWvs0vmCDZsbON2 + cY5xTLE6x9jh8kQbNg27t2cY70+51mwktpY1ZssjAfKepH0pljq9jDZwxOx3 + IgB+U9QPpQKxBbHVft155Yh8z93vzux04x/Wi+Oreba+cIc+YNm3d973z2ot + tUs4768mZjtl8vb8p7DB7UX2q2c0tqyMSI5AzfKen5UDLk51vyZN4t9u05xu + zjFQWB1j7HD5Ag8vaNu7dnHvip59ZsHhkRWbLKQPlbuPpUFhq9jDZQxSMQyq + AflJ/pQKxFAdV/tC62CHzcJvzu29OMf1ovzqu6288Q585dm3d97tnPaiDVLN + NQup2Y7JAmPlPYc9qL/VLOdrYxsT5cysflI4H4UAXpDrfltuFvjBzjdVTTTq + /wBhi+ziDy8cbt2evfFW5Na09o2UM2SD/C3+FVNN1aygsYoZGIZRg/KT3+lA + WGQnVv7RuNoh83am7O7bjtjvRqJ1Xbb+eIcecm3bu+9zjOe1EOq2a6jcTljs + dUA+U9R+FGo6pZzrbiNidkyMflI4Gc9qAL7HXNpyLfGP9uqOlnVvsEX2YQ+X + zjdu3dT1xV5tb08qRvbp/db/AAqjpeq2VvYRQysQy5zhSe59qAsJH/av9py7 + RD53lrn723GeMd815l8dzqf/AAqjxD9rEIj+zn7m7Ocj1r02PVLNdTluCx2N + Gqj5T1B+leEftPeMNNsvhZdaZFJm51WaKCNSCDhW3ueewVcfUiuXGzUaM2+z + OLM5qOHqSfZ/kfmLX3N+xl/aITxf9gER5sN3mbv+m+MYr4Zr9AP2Ohb6X4a8 + QardFlF7dxRL8pORAhJ6D/ppXx2QRvio/P8AI/OeFYt46DXS/wCTPrNTrP8A + bD4EHn+SM/e27d355zRqx1n7Mv2kQbPMTGzdnOeOvahdYsBrD3Rc+WYQmdrZ + zuz0xmjVtYsLm2WOFmLCRDyrDgHnqK/Qz9bNPPiH0tfzevnPxRu/tZ92Pujp + +NfRn/CQaZ/fb/vhv8K+c/FDBtWcj+6P60FRPRPAH2/7LH9jEZfy5Mb842+Z + z075/Su11c6z9ib7UIPL3L9wtnO4Y61xXgC+trS1jknYhRHIvAJ5Mme3tXa6 + vrFhc2TRQuxYsp5Vh0YHuKBM08+IfS1/N6zNJOs/Zm+zCDZ5j537s5zz07Vp + /wDCQaZ/fb/vhv8ACszSdYsLa2aOZmDGRzwrHgnjoKBAx1n+2EyIPP8AJOPv + bdu7885o1g6z/Z0v2oQeV8udm7d94YxnjrQ2sWB1hLoOfLEJXO1uu7PTGaNY + 1iwutOlghZi7bcZVh0YHuKANPPiH0tfzeszSjrPlTfZhBt818792d2ecY7Vp + /wDCQaZ/fb/vhv8ACszStYsLaKZZXILSuwwrHgnjoKACU6z/AGtDuEHneW23 + G7btzznvml1c61/Z032oQeVgbthbd1HTPFJLrFg2rQ3IZvLWNlJ2t1J9KXV9 + ZsLnTpoIXYu4GMqw7j1FAGip8Q7RgW2Mer1m6YdZ23P2cQf6+TduLff74x29 + K0l1/TAoBduB/cb/AArN0zWLC3W5ErMPMndx8rHg9OlABMdZ/tS23iDztj7c + btuO+e9P1Q61/Z8/2kW/lbfm2Ft2M9s0ybWLB9UtrhXbZGjgna3U9OMU/VdZ + 0+40+eGJ2LuMDKsO/uKALkR8QeUm0W2MDGS/TFUNNOs7rv7OIM+e+/du+9xn + GO1X4te01YkUu2QAPuN/hVDTdYsIGuzK5Hmzu6/Kx4OPagAuTrP9p2fmCDzs + SbMbtvTnPf6VNqR1z7BP9oFv5e07tpbdj2zUNzrFhJqdncKzbIhIGO1v4hxx + iptS1rT57CeGJ2LOpA+Vh/SgCe3Ov+RHsFtt2jGS+cY71S086z5155Ag3ead + +7djdjtjtV2313TUgjRnbKqAfkbsPpVLT9YsIZrxpGYCWUsvyseMfSgAuzrP + 9o2PmiDzcyeXjdt+7zu79OmKn1A659hn88W/l7G3bS+cY5xmoLvWLCXUbGdH + OyEybvlb+JcDtU+oa3p81jPDG7FnRgPkYckfSgCS0OvfZYfKFts2LtyXzjHG + aqWJ1n7Ve+SIN/mDfu3YzjtjtVu013TY7WGN3bciKD8jdQPpVSx1iwhur2SR + yFlkBX5WPGPpQAXp1n7bZeaIPM3Ns27sZxzmrV6dd+xz+cLfZ5bbtpfOMc49 + 6q3usWEt7ZSo7FYmYt8rdxj0q1e65p0tnPEjsWeNlHyN1Ix6UAJYnXfsVv5I + t/L8tNu4vnGBjOO9VrM6z9tvfKEHmbk37t2M7eNv/wBerNjrmnRWVvE7sGSN + FPyMeQAPSq1nrFhFe3sruwWVkK/K3YYPagAvzrP2mz84Qb/MOzbuxnHfParl + 0de+yzeaLbZsbdgvnGOcVTv9YsJrmzkjclYpCzfKw4x9KuXWu6bJazRo7FmR + gPkbqR9KAItPOufYYPIFv5exdu4vnGO+KgtDrP8AaN95Qg83935md237vG3v + 065qfT9b0+CxghkdgyIoPyMeQPpUFprFhHqN9O7Nsm8vb8rfwrg9qADUDrPm + 2fniDPnDZtLY3YPXPar051/yJN4ttu05wXzjFUdQ1iwnls2jdiIpgzfKw4wf + ar0+vaa8EiK7ZZSB8jdx9KAK2mnW/sEH2cW/l7Rt3Ft2PfFRW51n+07vyxB5 + 2I9+d23GOMd/rUum61p8FhBDK7B0UA/Kx/pUVvrFgmp3dwztslEYU7W/hHPG + KADUjrObT7QIP9emzbu+/wA4zntWhKfEHlvuFtjBzgvWfqWsWFwbQxOx8qdH + b5WHAzntWhLr2mNG6h2yQR9xv8KAKWlHWv7Ph+zC38rHy7y27r3xTITrP9q3 + GwQedsTdndtx2x3p+lazYW2nwwSuwdBg4Vj39hTIdYsF1W4uGc7HRADtbqOv + GKADUzrO23+0CDHnpt2lvvds57etaTHxDg5Ft+b1m6prFhcLbCJmOydHPysO + B16itJtf0wggO3/fDf4UAZ2kHWv7Oh+yiDysHbvLbup644pIzrP9ry7RB53l + Ln723bnjHfNLpGsWFtp0MEzsHQHOFY9yewpI9YsF1eW5Lny2iVQdrdQfTFAB + qp1nyYvtIg2+amNm7O7PGc9q08+IfS1/N6zNV1iwuYYkickrKjHKsOAeeorT + /wCEg0z++3/fDf4UAZmjnWf7Pj+yiDystjeW3feOc4460KdZ/thsCDz/ACRn + ltu3d+ec0aPrFha6fHBMzB1LZwrHqxPahdYsBrDXRZvLMITO1uu7PTGaADVj + rP2UfaRBs3p9zdnOeOvatPPiH0tfzeszVtYsLm1WOF2LB0PKsOAeeorT/wCE + g0z++3/fDf4UAZmkHWfsY+yiDy9z/f3ZznnpRnWf7Z6Qef8AZ/8Aa2bN355z + RpGsWFrZiKZyG3OeFY9T7Cj+2LD+2Rdbm8vyNmdrZ3bs9MZoANXOs/YW+1CD + y9y52bs5yMda08+IfS1/N6zNY1iwurFoYWYsWU8qw6EHuK0/+Eg0z++3/fDf + 4UAZmknWfsz/AGYQbfMfO/dnOeenarEBv/7dj+2iMN5Lf6vONuffvmq+laxY + W1s6SuwJkduFY8E8dBViC+trzXY3t2JHksvII5znvQB0tFFFABRRRQAUUUUA + FFFFAH//0v3jn/5Dlr/1yen67/yCbj6D+YrIl0m3XVYLcPJteNyTvOePenat + pFtb6dNMjyFlAwGckdR2oA6iL/VJ9BWRo3/L9/19S/0pkeh2hRSZJeQP+Whr + P0zSbef7XveQeXcSIMORwMdfegDTuv8AkN2P+5L/ACqfWv8AkFXP+5WLcaTb + pqlrbh5NsiuSS5zwOxqTU9HtoLCeZHlJRcgFyR+VAHR2/wDx7xf7q/yrM0j/ + AFt//wBfDfyFRQ6JatCjGSXJUH759KoadpNvNJdhnkHlzMow5HAx196ANS9/ + 5DGm/Sb/ANBFWNX/AOQZc/8AXNqw7rSbePUrKAPIVl83JLnI2rng9qm1HR7a + GxnlWSUlEJGXJFAG9Z/8ecH/AFzX+VZ2lf8AH1qH/Xb+lQW2iWsltE5klBZF + PDnHIqnYaTbzXF4jPIBFJtGHIyMd6ANS/wD+Qppv+9J/6DVvU/8AkHXX/XJ/ + 5GsC80m3jv7KFXkIlLg5c5GFzwe1Wb7RrWKyuJVklJSNiMuSOB3oA2dP/wCP + C2/65J/6CKo6b/x/6j/10X/0GqtnotrLaQSNJKC6KThyByKq2Wk28t3exs8g + ETqBhyCcjv60Aaepf8f+nf8AXRv/AEGr+of8eFz/ANcn/wDQTXO32k28V3ZR + q8hErsDlySMDt6VavNFtYrSeRZJSURiMuSOBQBq6X/yDbX/rkn8qp6f/AMhT + Uv8Aei/9BqpYaNazWUErSSguik4cgcjtVez0m3kv76FnkAiKYIcgnK55PegD + U1T/AI+tP/67f0rRvP8Aj0n/ANxv5VzV/pNvDPZoryESy7TlyeMdqu3OiWqW + 8riSXKox5c9hQBf0j/kGW3/XNarWX/IZ1H6Q/wDoNUtO0e2msYJWklBdAThy + BUNrpNvJqV7AXkCxCPBDnJ3Lnk96ANPV/wDW2H/Xwn9a1Lj/AI95f91v5VzG + o6TbwPaBXkPmTKpy5PBz096vzaJarC7CSXIUn759KALWi/8AIKtv93+tRWv/ + ACGr3/ci/lWfpej20+nwTO8oLLkgOQPyqODSbd9UuoC8m2NUIIc55Hc0Aams + /wDLj/19Rf1rWk/1bfQ1yup6TbwfZdjyHzLiNDlyeDnp71ovodoEY+ZLwD/y + 0NAE2hf8gm3+h/maZB/yHLr/AK5JWbpOkW1xp0MzvIGYHIVyB1PamxaTbtqs + 9uXk2pGpB3nPPvQBp63/AKm2/wCviP8AnW0elclqmk29vHAyPId8yKcuTwf6 + 1p/2Faf89Jv+/hoAXw9/yB7f/gX/AKEaI/8AkPy/9cF/9CrL0fSbe502Gd3k + DNuyFcgcMR0oTSbc6vJbb5NohDZ3nOScdaANTXP+PWL/AK7R/wA62a5LVdJt + 7e3R0eQkyIvzOTwTWn/YVp/z0m/7+GgA8P8A/IMj/wB5/wD0I0o/5GBv+vYf + +h1l6PpNvc2KTO8gJLDCuQOGI6UDSbf+2Dbb5NvkB87znO7HX0oA09f/AOQf + /wBtE/8AQq2q5LV9Jt7az8xHkJ3oPmckcmtP+wrT/npN/wB/DQAug/8AHif+ + ukn/AKFQ3/IwL/17H/0OsvSdJt7i0MjvIDvcfK5A4NB0m3GsLbb5NpgL53nO + d2OvpQBqeIP+QVL9U/8AQhWzXJaxpNvbWEkyPISCvDOSOWA6Vp/2Faf89Jv+ + /hoAXQ/+PWX/AK7SfzpJf+Q9B/1wb+dZmlaTb3EEju8gIldflcjgGiTSbcav + FbB5NrRM2d5zkH1oA1PEH/IIuP8AgP8A6EK2B0FcnrGk29tps06PIWXbgM5I + 5YDpWkNCtMD95N/38NAC6J/qrr/r4k/pS3H/ACHLX/rlJWXpek29wlwXeQbJ + nUYcjgevvRNpNuuq29uHk2ujknec8ehoA19d/wCQTc/7o/mK04v9Un0Fcxqu + kW1vp80yPIWUDAZyR1Harseh2hRT5kvIH/LQ0AP0brf/APX1J/SvIPir/wAh + u1/69x/6G1emaZpNvObve8g8ud0GHI4GOvvXlPxKtI7PWLaOJmYGAH5juP3m + oKib3gP/AJFLVP8Arqf/AEFa9ftv+PaL/cX+VeLeCLOOXw3qNyzMGjk4AbA+ + 6vUV6hBolq8MbGSXJUH759KBMm0n/XX/AP18N/IUXv8AyGNN/wC23/oIrL07 + SbeaS8VnkHlzMow5HAA6+9F1pNvHqVjAHkKy+bklzkbVBGD2oEburf8AIMuv + +ubfyqez/wCPOD/rmv8AKsLUdGtobGeVZJSUQkZckcVLbaJayW0TmSUFkU8O + ccigCfS/+PvUP+u39KNQ/wCQnpv+9J/6DWZYaTbzXF4jPIBFJtGHI7d6LzSb + eK+soVeQiUuCS5JGFzwe1AG/qf8AyDrr/rk/8jXn/wAQvB//AAnPw4uNBiAN + 0YI5bYntNEAyjPbdypPoTXVX2jWsVlcSrJKSkbEZckcDvS2ei2stnBI0koLx + qThyByK6cHip0Ksa1N+9Fpr5GOIoRqwlTns1Y/JKWKWCV4JkMckZKsrDBVgc + EEHoRXoHw1+IN98PdeXUYlM9lNhbmAHG9RnBGejLkkfiO9e6fGv4N3dxeaj4 + v8JwtP5LA3luvLnIyZlHf/bHX+Lnmvkev6jyzMcJnGCva8ZK0o9n2/yfzPxX + GYSvl+J7Nap9/wCup+qPh7xh4d8ZaS2o+H7xLlNnzpnEkZI6OnVT+h7Eiult + v+PeL/dH8q/JG1vLuxnW5sp3t5k6PGxRh9CMGuxi+JvxBgQRp4gvcD+9MzH8 + zk1+e43wqnzt4asuX+8tfvW/3I+tw3HMeVe2p6+X/BP03g/4+rn/AID/ACpb + n/WQf7/9K/MsfFH4hgkjX7vJ6/vKD8UfiGcZ1+7OP+mlcX/EK8X/AM/Y/j/k + dH+vFD+R/h/mfp3N/qn/AN0/yqO0/wCPaP8A3RX5k/8AC0viIeD4gu/+/lIP + il8QwMDxBdgf9dKP+IV4v/n7H8f8h/680P5H+H+Z+mcP/H3cf8A/lRd/eg/6 + 6CvzM/4Wj8QwSRr93k/9NKD8UfiGcZ1+7OP+mlH/ABCvF/8AP2P4/wCQf680 + P5H+H+Z+nr/cb6GoLP8A49Y/pX5lf8LS+In/AEMF3/38pB8UviGBgeILsD/r + pR/xCvF/8/Y/j/kH+vND+R/h/mfppH/x+TfRaS8/5Yf9dVr8zP8AhaPxDzn+ + 37vJ/wCmlB+KPxDPXX7s4/6aUf8AEK8X/wA/Y/j/AJC/14ofyP8AD/M/T49D + VWx/49I/x/nX5mf8LS+In/QwXf8A38pB8UfiGBga/dgf9dKP+IV4v/n7H8f8 + h/680P5H+H+Z+maf8fsn+6KL37kf/XRa/Mz/AIWj8Q85/t+7z/10oPxR+IZ6 + 6/dn/tpR/wAQrxf/AD9j+P8AkH+vND+R/h/mfp/VOw/49I/x/ma/M3/hafxE + /wChgu/+/lIPij8Q1GBr92B/10o/4hXi/wDn7H8f8hf68UP5H+H+Z+ma/wDH + +3/XMfzovv8AUr/vL/OvzM/4Wj8Q87v7fu8/9dKD8UfiG3B1+7P/AG0o/wCI + V4v/AJ+x/H/If+vND+R/h/mfp/VOw/49l+p/nX5m/wDC0/iJ/wBDBd/9/KQf + FH4hqMLr92B/10o/4hXi/wDn7H8f8g/15ofyP8P8z9M/+Yh/2y/9movv9R/w + Jf51+Zn/AAtH4h53f2/d59fMoPxR+IbDB1+7P/bSj/iFeL/5+x/H/IX+vFD+ + R/h/mfp/VOx/1J/3m/nX5m/8LT+In/QwXf8A38pB8UfiGOBr92P+2lH/ABCv + F/8AP2P4/wCQ/wDXmh/I/wAP8z9Mz/x/j/rn/Wi//wCPV/w/nX5mf8LR+Ied + 39v3ef8ArpQfij8Q2GG1+7I/66Uf8Qrxf/P2P4/5B/rzQ/kf4f5n6f1Tsv8A + Vv8A77V+Zv8AwtP4if8AQwXf/fykHxR+Ia9Nfux/20o/4hXi/wDn7H8f8hf6 + 8UP5H+H+Z+mbf8fyf7h/nS3/APx6Sfh/MV+Zf/C0fiHnd/b93n/rpQfij8Q2 + GDr92R/10o/4hXi/+fsfx/yD/Xih/I/w/wAz9Px0qpZ9Jf8Aro1fmZ/wtL4i + f9DBd/8AfykHxR+IY6a/dj/tpR/xCvF/8/Y/j/kH+vFD+R/h/mfpnJ/x+xf7 + rU69/wCPWT6V+ZX/AAtH4h5z/b93kf8ATSg/FH4hkYOv3ZH/AF0o/wCIV4v/ + AJ+x/H/IP9eKH8j/AA/zP09T7i/QVVs/+W//AF1avzN/4Wl8RP8AoYLv/v5S + D4o/EMdNfuxn/ppR/wAQrxf/AD9j+P8AkH+vFD+R/h/mfpnL/wAfkH0b+VSX + f/HtJ9K/Mj/haPxDJydfu8j/AKaUH4pfEMjB8QXZH/XSj/iFeL/5+x/H/IP9 + eKH8j/D/ADP08j/1a/QVWtfvz/8AXQ1+Zv8AwtL4if8AQwXf/fykHxR+IYzj + X7sZ/wCmlH/EK8X/AM/Y/j/kP/Xmh/I/w/zP0zm/4+7b/gf8qluv+PaT/dNf + mOfij8QyQTr93kdP3lB+KXxDIwfEF2R/10o/4hXi/wDn7H8f8hf68UP5H+H+ + Z+ncP+pj/wB0fyqvbf664/3v6V+Zo+KXxEHA8QXf/fykHxR+IYyRr92M/wDT + Sj/iFeL/AOfsfx/yH/rzQ/kf4f5n6aT/APHzb/Vv5VHql7Z6fp1xeX86W8ES + MXkkYKqjHcnivzOb4ofEJuuv3f8A38Oa5rVdf13XHD6zqFxfMvTz5Wkx9NxO + K3w/hVXcl7WskvJNv8bGVXjmml7lN38/6Z758ZPjNF4ntB4S8Lu39mrt+0z9 + PtBXBCqOoQEZyfvH2HPzZRXsfwi+E2o/EfVhNcBrfRLVgbifoX/6Zx+rHuei + jk84B/TKFDB5Pgnrywjq292/1b/4CPjKtXEZhiO8n+C/yPaP2b/Bk2nWqeM7 + 1CjanKYLYEc+THku30Z+B/u+9fX9/wD8eNx/1zf+RrlH8Padpf8AZunWIaK3 + Q+UiBjhEVeAvpitO70W1jtZpFklJVGIy5xwK/mfP83ljsXPFS0u9F2XRfcfs + WV4COGoRox6fn1NPS/8AkG2v/XNf5VVsP+QtqX1i/wDQap2GjW01jBK0koLo + pOHIHIqvaaTbyahfQs8gWIx4w5ycrnk968c9A09V/wCPjT/+u4/lWld/8es3 + +438q5rUNJt4ZrNVeQiSUKcuTxjtV240S1S3lcSS5VWPLnsKAL2j/wDILtv9 + wVBZ/wDIZ1D6Q/8AoJqjpuj209hBM7yguoJAcgflUNtpNu+p3kBeQLEI8EOc + ncO570AamsffsP8Ar5T+tak/+ok/3T/KuX1LSbeBrQK8h8ydUOXJ4OenvV+X + Q7RYnYSS8An759KALWif8gq2/wB3+tQ23/IbvP8ArnHVDS9ItrjT4JneQMy5 + IDkDr6VHBpNu2q3NuXk2oiEHec8+poA09a+7Zf8AX1F/Wth/uN9DXKappNvA + LXY8h8ydEOXJ4OenvWi+h2gUnzJeB/z0NAEug/8AIIt/of8A0I02H/kO3H/X + FP51maRpFtc6dDM7yBmByFcgdT2pItJt21aa3LybVjVgd5zkn1oA1Nb/ANRb + /wDXeP8AnWzXJappNvbxQsjyHdMi8uTwTWn/AGFaf89Jv+/hoAPD3/IIg/4H + /wChGhP+Rgk/69x/6FWZo2k29zp0U8jyBm3cK5A4YjpQuk251h7bfJtEIbO8 + 5zux19KANPXf+PNP+usf862q5LVtJt7e2V0eQkyIPmckcmtP+wrT/npN/wB/ + DQAugf8AINX/AH3/APQjR/zMP/br/wCz1l6RpNvc2Syu8gJZh8rkDgkUf2Tb + /wBs/Zt8m37PvzvOc78dfSgDU1//AJBx/wB9P/QhWzXJavpNvbWRlR5Cdyj5 + nJHJArT/ALCtP+ek3/fw0ALoX/Hk3/XWT/0Kkf8A5GCP/r3P/oVZmk6Tb3Fq + 0jvIDvcfK5A4NDaTbjWEtt8m0wls7znO7HX0oA0/EP8AyCZvqn/oQrarktZ0 + m3ttOlmR5CyleGckcsB0rT/sK0/56Tf9/DQAuif8e8//AF3k/nRL/wAh23/6 + 4v8AzrL0rSbe4hlZ3kBWV14cjgGiTSbddWhtw8m1ombO85yD60AeeftD+C28 + bfDDUbW2j8y+09kvLYAZJkj4ZR7sjMoHqRX5HkY4Nftpq+k21tp00yPIWUDA + ZyR1A6V8H/tG/AW58PXU/j7wjA02k3BMl7Coy1tIeWkAH/LNjyf7p/2SMfLc + RZc5JV4Lbf8AzPh+LsolNLE01tv6dzzD4GfGO5+FWuyJfK9xoWolRdRLyyMv + Cyxg/wAQzgj+Ie4GP0x0bxJoXiuWw1nw7fRX9nNG+JImyAcfdYdVYd1IBHcV + +LNbGjeINd8O3P2zQdQn0+bu8EjRk47HaRkexrxstzmVBckleP5Hz+T8Rzw0 + fZzXNH8Uftdq/wDyDZ/93+tXof8AVJ/uj+VfkMnx2+LKR+V/wkUzL/txxP8A + qyE1L/wvz4ujgeIpf+/UP/xuvZ/1ko/yv8P8z6T/AFxw38svw/zP1i0vk3oP + /Pw/9K4nxD8N/AOvatbHVvD9lO0ok3v5Kq7YHd1AY/nX5pD49fFtc7fEMgyc + nEMHX/v3Qfj18WyQx8QyZHQ+TBx/5DrajxZGm+anzJ+Wn6mNbinBVFy1Kba8 + 0n+p+g2pfs//AAgitZriPw5EropIImnx+XmY/Sus0H4U/DbRY4Z9P8N2KShV + IkeFZHBx1DPuI/OvzNPx7+LjAq3iKQg9jFB/8bpR8fPi6BgeIpf+/UH/AMbr + sqcd1ZrlnUm15t/5nJTznK4Pmhh7PyjH/M/WDSlVJLxEAVVmIAHAAAp15/yE + 9P8A+2v/AKDX5Nj49fFtclfEMgzycQwc/wDkOg/Hr4tkhj4hkJXofJg4/wDI + ded/rJR/lf4f5no/644b+WX3L/M/W3Uv+Qfcf7jfyqWz/wCPSD/cX+Vfkcfj + 38XGBVvEUhB9YoP/AI3QPj38XAMDxFKAP+mUH/xuj/WSj/K/w/zD/XHDfyy+ + 5f5n6x6d/wAfd9/10H8qL/8A4/7D/ef+Vfk2Pj18W1JK+IZAT1/cwc/+Q6U/ + Hr4tkgnxDISOn7mDj/yHR/rJR/lf4f5h/rjhv5Zfcv8AM/W7UP8AjwuP+ub/ + AMjRYf8AHjbf9c0/9BFfkifj38XGBB8RSEH/AKZQf/G6B8e/i4AAPEUgA/6Z + Qf8Axuj/AFko/wAr/D/MP9ccN/LL7l/mfrHY/wDH/f8A+8n/AKDRqP8Ax92P + /XQ/yr8mx8evi2CSPEMgLdf3MHP/AJDoPx6+LbEFvEMhI6fuYOP/ACHR/rJR + /lf4f5h/rjhv5Zfcv8z9cbz/AI85/wDrm38qj03/AJB9v/uL/KvyTPx7+LhG + D4ilIP8A0yg/+N0D49/FxQFXxFIAPSKD/wCN0f6yUf5X+H+Yf644b+WX3L/M + /WOy/wCQnqH1i/8AQaNS/wBdZf8AXYfyr8mx8evi2CWHiGQFup8mDn/yHSn4 + 9fFtsFvEMhxyP3MHH/kOj/WSj/K/w/zD/XHDfyy+5f5n653P/HtL/uN/Kq2l + f8g63/3BX5LH4+fF0jB8RS/9+oP/AI3SD49/FxQFXxFIAOwig/8AjdH+slH+ + V/h/mH+uOG/ll9y/zP1jtf8AkLXv0j/lRqv3rL/r4T+tfk4Pj18WwSw8QyZP + U+TBz/5DpD8evi22N3iGQ4ORmGDr/wB+6P8AWSj/ACv8P8w/1xw38svuX+Z+ + u03+qf8A3T/KqOkf8g2D/d/rX5M/8L8+Lp4PiKX/AL9Q/wDxukX49/FxRtXx + FIAOwig/+N0f6yUf5X+H+Yf644b+WX3L/M/WOD/kL3X+4lGr/dtf+viP+tfk + 2Pj18WwxYeIZMnqfJgz/AOi6G+PXxbbG7xDIcHIzDB1/790f6yUf5X+H+Yf6 + 44b+WX3L/M/Xh/uN9DWbov8AyDIPo3/oRr8m/wDhfnxd/wChil/79Q//ABuo + Jfjp8WJY/KPiOdF/2EiQ/mqA0v8AWSj/ACv8P8wfGOG/ll+H+Z+oXifxj4b8 + ESXeteJ76OytkhGNx+eRhztjTqzH0A/Svy/+MfxV1D4reJ/7TkRrfTLMNHZW + 56pGTyzY43vgFsdMAc4zXm2q6zq+u3RvtavZr+4PBknkaRsemWJOKza8TMs3 + lXXIlaJ8znPEM8UvZxVo/n6ksEE1zNHbW6NLLKwREUZZmY4AAHUk9K/Yf4K+ + E18FfDbR9CYAXCI8lwR3mkcs/PfH3QfQCvlz9m34BXDSQfETxpA9uqgPp1s3 + yuSek7jsB/AOv8XHy5+ytH0m3udOimd5AzbuFcgcMR0r3uHsudOLrTWr29D6 + fhLKJUovEVFZy29P+Caif8h+T/r3H/oVGu/8eaf9dY/51lrpNudYe23ybRCG + zvOc7sdfSjVtJt7e2V0eQkyIPmckcmvpj7M62vlvxV/yFn/3R/M19Ff2Faf8 + 9Jv+/hrzC48AXWvSHUYLtIlbK7WBJ+UkUDRp/Db/AFEX/XGT/wBG13uv/wDI + Nb/fT/0IVyOgeF/7KuF0q6nMhELSboyV6vjFbWr6Tb21k0qPISGUfM5I5IFA + M62sbQv+PN/+usn86T+wrT/npN/38NZmk6Tb3Fszu8gIkcfK5A4NAjTf/kYI + /wDr3P8A6FS+IP8AkEz/AFT/ANCFZbaTbjWEtt8m0wls7znO7HX0o1jSbe20 + 6WZHkLLt4ZyRywHSgDraxdD/ANRcf9d5P50f2Faf89Jv+/hrM0rSbe4imZ3k + BWV14cjgGgDUm/5Dtv8A9cX/AJ07Xv8AkEXH0H/oQrJk0m3XVobcPJtaNmJ3 + nOQfWl1fSLa206aZHkLKBgM5I6jtQB1SfcX6CsjRfu3n/XzL/SmroVoVB8yX + p/z0NZumaTbzrcl3kGyd0GHI4Hr70Aalz/yG7P8A65yVJrf/ACCrn/d/rWPN + pNuuqW1uHk2ujknec8ehp+qaRbW+nzzI8hZVyAXJHX0oA6WD/UR/7o/lWVo/ + 37//AK+ZP6VHFodo0SMZJeQD981Q03SbedrsO8g8ud0GHI4GOvvQBp3n/Ia0 + /wD3Zf8A0GrGsf8AILuf9w1iXOk26anZwB5CsgkyS5yMDsam1LR7aCwnmSSU + lFJGXJH5UAdBa/8AHrD/ALi/yrN0r/j41D/ruf5CoLfRLV4I3MkuWUHhz3FU + tP0m3mmvFZ5AI5Sow5HGO9AGnf8A/IW036y/+g1b1X/kG3X/AFzb+VYN3pNv + HqNjCryFZTJklzkbVzwe1T6ho1tDYzyrJKSiMRlyRwKANyw/48bf/rmn8hWf + pn/H7qP/AF1H8qr2mi2slrDI0koLIpOHOORVSx0m3lur2NnkAikAGHIJ47+t + AGpqP/IR07/ff/0Gruo/8g+6/wCuT/8AoJrnr3SbeK9soleQiVmBy5JGBnj0 + q1e6LaxWc8qySkpGxGXJHAoA1tN/5B1r/wBck/8AQRVPT/8AkJal/vx/+g1U + sdFtZbK3laSUF40Jw5A5A6VWs9Jt5b29iZ5AImQDDkE5GefWgDT1T/j807/r + qf5VoX3/AB5XH/XN/wCRrnL/AEm3hubNFeQiWQg5ckjjt6VcutFtY7WaRZJS + VRiMuccCgDR0n/kGWv8A1zX+VVbH/kL6n/2x/wDQap6fo1tNYwStJKC6KThy + ByKgtNJt5NRvoGeQLF5eCHOTuXPJ70Aamrf6/T/+u6/yNaV1/wAe0v8AuN/K + uZ1DSbeGWzVXkPmTBTlyeMHpV6fRLVIJHEkuVUnlz2FAF3Rv+QXbf7gqvaf8 + hq//AN2L+VUdN0e2nsIJneUF1BIDkD8qit9Jt31O7gLybYxGQQ5zyO5oA09Z + +9Yf9fUf9a1pv9TJ/un+VctqWk28BtNjyHzJ0Q5cng56e9aEuh2ixuwkl4BP + 3zQBY0P/AJBNt/un+ZqO3/5Dl3/1zjrO0rSLa40+GZ3kDMMkByB19KZDpNu2 + q3FuXk2oiEHec8+poA1Na+5af9fMX9a2G+6fpXJ6ppNvAtsUeQ750Q5cng+n + vWkdCtACfMm/7+GgB+gf8gi3+jf+hGmxf8h6f/riv86zdI0m2udOhmd5AzA5 + CuQOpHSkj0m3bVpbYvJtWJWzvOck+tAGnrn/AB7wf9d4/wCdbVclquk29vDE + yPIS0qL8zk8E1p/2Faf89Jv+/hoAXw//AMgmH6v/AOhGhf8AkYH/AOvYf+h1 + l6PpNvc6fHM7yBmLfdcgcMR0oXSbc6w1tvk2iENnec53Y6+lAGprv/Hkv/XW + P/0KtmuS1bSbe3tRIjyEl0HzOSOTWn/YVp/z0m/7+GgA0D/kHD/ff/0I0H/k + Yh/16/8As9ZmkaTb3NmJXeQHc4+VyBwaP7Jt/wC2Ra75Nvkb87zuzux19KAN + PxB/yDX/AN5P/QhW1XJavpNvbWLSo8hIZR8zkjkitP8AsK0/56Tf9/DQAuhf + 8ekn/XWT+dD/APIfi/692/8AQqy9J0m3uLZ3d5ARI6/K5A4NWILKK012NI2d + h5LN8zE85xQB0tFFFABRRRQAUUUUAFFFFAH/0/3PlfWP7VgLRw+d5b7QCduO + +adqz6ydOmFzHCI8DcVJz1HTNNl1nTW1WC5WbMaRupO1uCenGM0/Vta0y506 + aCCbc7gYG1h3HqKALscmvbF2xQYwMfM1Z+mPrA+1/Z44T/pEm/cTw/Gce1aM + fiDSFRQbjkAfwt/hWdpms6bb/a/Om2+bcSOvyscq2MHgUAFw+r/2pal44fN2 + vtAJ2kY5zUmpvrJsJxcRwiPb8xUtnHtUdxrOmvqlrcLNmONXDHa3BI44xUup + 63plxYTwQzbndcAbWGfzFAFqF9e8mPZFBt2jGWbpiqGnPrAku/IjhJMzb9xP + DcZx7Vfh1/SUhjRp8FVAPyt2H0qhp2s6bBJdtLNtEszOvyscqcc8CgAun1j+ + 0rIyRwiUebsAJwfl5z+HSptRfWjYzieOER7DuKls49qhutZ02TUrK4SbMcPm + 7jtbjcuB2qfUdb0uexnhin3O6EAbWGT+VAEts+u/ZovLigK7FxlmzjHFU7B9 + YFxeeTHCWMnz5JwDjt7Vdtte0mO2ijefDKigja3UD6VSsNZ02C4vHlm2rLLu + X5WORj6UAF4+sfb7IyxwiQF9gBOD8vOfwqzfPrZsrgTRwCPy23EFs4xziq15 + rOmy39lNHNlIS5Y7W4yuB2qzfa5pU1lcQxz5d42AG1uSR9KAFs31z7JB5UUB + TYu3LNnGOM1Vsn1gXd6Yo4S5dd+ScA44xVuz13SorSCKSfDIigja3BA57VUs + tZ02G7vZZJsLK6lTtbkAfSgAvn1c3dl50cIcO2zBOCcd6tXj64bScSxwBNjb + sM2cY5xVW+1nTZruyljmysTsWO1uAR9Kt3mu6VLaTxRz5Z0YAbW5JHHagBlg + +tiygEMcBj2LtJLZxjjNV7N9YF/fGKOEyEpvBJwPl4x+FWbDXNLhsoIZZ9ro + igja3BA+lVrPWdNiv76aSbCTFCp2tzhcHtQAX76wZ7Pzo4Q3m/JgnBbHf2q7 + cvrv2eXzIoAuxs4Zs4xzVK/1nTZ57N4ptwil3N8rDAx9Ku3OvaTJbyxpPlmR + gBtbqR9KAINOfWhYwCCOEx7BtLFs496htX1f+0r0xxwmUiPeCTtHy8Y/rU+n + a3pcFjBDLPtdEAI2scH8qgtdZ02PU724ebEcoj2na3O1cHtQAai+rl7Tz44Q + RMuzaTy3OM+1X5n13yX3xQbdpzhm6YqhqWs6bO9mYptwimV2+VhhRnnkVfm1 + /SXhkRZ8llIHyt3H0oAqaW+sjT4BbxwmPb8pYtnHvUcD6x/al0Ujh83am4En + aBjjFSaXrWmW+nwQTTbXRcEbWP8AIVHBrOmpql1cNNiORUCna3JA54xQAam+ + sH7L9ojhH+kR7NpPL84z7VovJr2xsxQYwf4mrO1PWdNuPsnkzbvLuI3b5WGF + XOTyK0X8QaQUYC45IP8AC3+FAFDSX1kadCLaOEx4O0sTnqeuKbE+sf2rOVjh + 87y03Ak7cdsU/Sda0y206GCeba6A5G1j3PoKZFrOmrqs9y02I3jRQdrckdeM + ZoANUfVzHB9ojhA85Nu0n73bPtWmZNf/AOeVv/301Zmq6zptzHAsM24pMjn5 + WGFHU8itM+IdH/5+P/HG/wAKAMzR31gabCLWOFovmwWJB+8c5x70I+sf2vIR + HD53kjIydu3P86NG1nTbXTYYJ5tki7sjax6sT2FCazpo1eS6M37poQoO1uoO + cYxmgA1V9YNun2mOEL5iY2k5znj8K0/M1/8A55W//fTVmarrOm3NuiQzbmEi + MflYcA89RWp/wkOj/wDPx/443+FAGXo76uLFBaxwtHlsFic/eOelAfWP7YJ8 + uHz/ACBxk7du7+eaNH1nTbWwSGeba4LHG1j1YkdBQNZ03+2Tded+6MATO1vv + bs4xjPSgA1d9XNni5jhVN6fdJznPHWtPzNf/AOeVv/301Zmr6xpt1Z+VBNub + ehxtYcA89RWp/wAJDo//AD8f+ON/hQBl6S+sC0P2aOFk3v8AeJznPPSgvrH9 + sKTHD53kHjJ27d3880aTrOm21oYp5trb3ONrHgnjoKDrOmnWFuvO/dCApna3 + 3t2cYxmgA1h9YNhILqOFY8rkqST94Y6+9afma/8A88rf/vpqzNY1nTbrT5II + JtzsVwNrDowJ6itT/hIdH/5+P/HG/wAKAMvSn1gQSfZo4SvmvncTndnn8KJH + 1f8AteImOHzvKbAydu3P86NK1nTbaCRJptpaV2HyseCeOgok1jTW1eK6E37p + YmUna3Un0xmgA1h9YOmzC6jhWL5clSSfvDGM+9aQk1/AxFb/APfTVnaxrOm3 + WmzQQTbpH24G1h0YHuK0h4g0jA/0j/x1v8KAMzS31cJcfZ44SPOfduJ+93x7 + UTPrH9q25aOHztj7QCduO+aNL1nTbZLgTTbS8zuPlY5U9DwKJtZ01tVt7lZs + xojgna3BPTjFAD9VfWTp8wuY4RHgbipOeo6Vdjk17YuIoMYH8TVS1bWtMudP + mggm3O4GBtYdx6ir0fiDSFRQbjkAfwt/hQBnaY+rg3f2eOE/v337ieH4zj2r + yn4lG8bWLb7aqK/kDGwkjG5vWvVtM1nTbc3fnTbfNuHdflY5U4weBXnPj+B9 + c1W3udMxLGkIQn7uG3Mf4sHvQNEngg3o8N6iIVQwGQ7ySdw+VeleoQPrvkx7 + IoNu0YyzZxivOvCYGl+Hr+wvWCTzvuRRzkbQOoyO1ejQa/pKQxo0+CqgH5W7 + D6UAyhpz6wJLzyI4STM2/cTw2B09qLp9Y/tKxMkcIlHm7ACcH5RnP4dKNO1n + TYJLxpZtolmZl+VjkEDnpRdazpsmpWM6TZjh83edrcblwO1AifUX1o2M4njh + Eew7ipbOPapbZ9d+zReXFAV2LjLNnGOKi1HXNLnsZ4Yp9zuhAG1hkn8Kmtte + 0mO2ijefDKigja3UD6UAUrB9XFxeeTHCWMnz5JwDjt7UXj6ub6yMscIkDPsA + Jwfl5zRYazpsNxeSSzbVlk3KdrHIx9KLzWdNlv7GaObKQlyx2txlcDtQBZvn + 1s2VwJo4BH5bbiC2cY5xS2b64LOARRwFPLXblmzjHGaS+1zSprK4hjny7xsA + Nrckj6UtlrulRWcEUk+GSNVI2twQMHtQBVsn1gXl6Yo4S5dd+ScA44xXiHxF + +Bml+LL1b+0ji0fU7tmy8GTFK3XLxnAB91xnqc17fZazpsV5eyyTYWV1Kna3 + IAx6UX2s6bNd2Usc2VicljtbgEfSvQy3NcRg6ntcNNxf9brZ/M5cZgaWIhyV + o3R8D69+z18TNE3yRWMeowJkmS2lU8Dn7rlW/IGuL/4Vf8RSAy+G79lYZBW3 + dgR9QDX6b3mu6VLaTxJPlnRgBtbqR9KZYa5pcNjBDLPtdEUEbWOCB9K/QcP4 + r46MbVKcZeeq/U+Uq8DYZu8JNfcfmOvw0+ITu8aeG9QLR43AW0mRnpnih/hp + 8QoyqyeG9QUucKDbSDJ9BxX6YWms6bFqF9O82EmMew7W52rg9qNQ1nTZ57N4 + ptwil3N8rDAx9K6P+ItYr/nzH72Zf6iUf+fj/A/NJvhh8RVBZvDWoADkn7NJ + /hSJ8MviHKgkj8N6gytyCLaQg/pX6eXGvaTJbyok+WZWA+VupH0qvput6XBY + QQyz7XRACNrHB/AUf8RaxX/PmP3sP9RKP/Px/gfmSvw0+ITO0S+G9QLpjcBb + SZGemeKH+GnxCiKiTw3qC7ztXNtIMk9hxX6YW2s6bHqV7cPNiOUR7TtbnaMH + tRqOs6bO9oYptwimV2+VhhRnnkUf8RaxX/PmP3sP9RKP/Px/gfmkfhh8RQCT + 4a1EAf8ATtJ/hTY/hn8Q5UEkXhvUHVuhFtIQf0r9Pptf0lonVbjJKkD5W9Pp + VTS9a0y20+CCaba6Lgjaxxz7Cj/iLWK/58x+9h/qJR/5+P8AA/MsfDT4hNI0 + S+G9QLpgkfZpMjPTIxRJ8NPiFFt8zw3qC7yFGbaQZJ6Acda/TCDWdNTVLq5a + bEcioFO1uSOvGKNT1nTbgWvkzbvLnjdvlYYUZyeRR/xFrFf8+Y/ew/1Eo/8A + Px/gfmn/AMKv+Iw5PhnUf/AaT/CmR/DT4hTIJIvDeoOjdCLaQg/pX6gv4g0g + qQLjqD/C3+FZ+ka1pttp0ME8210ByNrHufQUf8RaxX/PmP3sP9RKP/Px/gfm + aPhp8QjIYR4b1AuoyV+zSZAPtiiT4afEKIAy+G9QQMQozbSDJPQdK/TCLWdN + XVp7lpsRvGqg7W5IPPGM0arrOm3MUKwzbikyMflYcDqeRR/xFrFf8+Y/ew/1 + Eo/8/H+B+af/AAq/4jf9CzqP/gNJ/hUcXw0+IU6CWHw3qDo3Qi2kIOPwr9RP + +Eh0f/n4/wDHG/wrL0bWdNtdNht7ibZIu7I2serE9hR/xFrFf8+Y/ew/1Eo/ + 8/H+B+Z4+GnxCMhhHhvUPMA3Ffs0mceuMUSfDT4hQqGl8N6ggJAybaQcnp2r + 9ME1nTRrEl0Zv3TQhQdrdQc4xjNGrazptzbJHBNuYSIxG1hwDz1FH/EWsV/z + 5j97D/USj/z8f4H5p/8ACr/iN/0LOo/+A0n+FRx/DT4hTJ5kXhvUHU9xbSEc + fhX6if8ACQ6P/wA/H/jjf4Vl6RrOm2tisM821wzHG1j1YkdBR/xFrFf8+Y/e + w/1Eo/8APx/gfmf/AMK0+IXm+T/wjeoeZjdt+zSZx0zjHSiX4afEKFd8vhvU + EXpk20gHP4V+mH9s6b/bJuvO/deRsztb727OMYz0rmfHviq1TTIrXTZd80sq + seCMLGd3cDqcfrR/xFrFf8+Y/ew/1Eo/8/H+B+fP/Cr/AIjf9CzqP/gNJ/hU + cfw0+IUy74vDeoOuSMi2kPI/Cv09tvE+jXFvFcCfAkUNja3GRnHSqWkazptr + amOeba29zjax4J46Cj/iLWK/58x+9h/qJR/5+P8AA/M//hWnxC83yf8AhG9Q + 8wjdt+zSZx0zjFEvw0+IUKGSbw3qCKOpNtIBz+Ffpg2s6adYW6E37oQFM7W+ + 9uzjGM0azrOm3WnyQQTb3YrgbWHRge4o/wCItYr/AJ8x+9h/qJR/5+P8D80/ + +FX/ABG/6FnUf/AaT/Co4/hp8QpQWi8N6g4BIOLaQ8jqOlfqJ/wkOj/8/H/j + jf4Vl6VrOm20MqTTbS0rsPlY8E8dBR/xFrFf8+Y/ew/1Eo/8/H+B+Z5+GnxC + EghPhvUN5GQv2aTOPXGKWX4afEKFDLL4b1BEXqTbSAD9K/S+TWdNbVoroTfu + liZSdrdSfTGaXWNZ02606aCCbdI+MDaw6MD3FH/EWsV/z5j97D/USj/z8f4H + 5pf8Kv8AiN/0LOo/+A0n+FRx/DT4hS7jF4b1BtpKnFtIcEdR0r9Ql8QaQAB9 + o/8AHW/wrN0vWdNt0uBNNtLzu4+VjlT0PAo/4i1iv+fMfvYf6iUf+fj/AAPz + PPw0+ISyLCfDeoB2BIX7NJkge2KWT4Z/EOFDJL4b1BFXqTbSAD9K/S+bWdNf + Vbe5WbMaI4J2twT04xT9V1rTLnT54IZtzuMAbWHf3FH/ABFrFf8APmP3sP8A + USj/AM/H+B+Z4+GHxGIyPDOo4P8A07Sf4UyP4afEKXd5fhvUG2EqcW0hwR1B + 461+oMfiDSFjVTccgAfdb/Cs7TdZ023N35023zZ3dflY5U4weBR/xFrFf8+Y + /ew/1Eo/8/H+B+Z7fDT4hLIsTeG9QDvnaPs0mTjrjilk+GfxDiQySeG9QVV5 + JNtIAP0r9L7jWdNfU7S4WbMcSyBjtbjcOO1S6nremXFhPDDNud1wBtYZP4ij + /iLWK/58x+9h/qJR/wCfj/A/M0fDD4isAy+GtQIPIP2aT/CmJ8NPiFIWEfhv + UGKHa2LaQ4PoeK/T6DX9JSCNGnwVUA/K3UD6VR07WdNglvGlm2iWYsvyscg9 + +lH/ABFrFf8APmP3sP8AUSj/AM/H+B+Z7fDT4hI6RN4b1APJnaDbSZOOuOO1 + Of4ZfESNDJJ4b1BVUZJNtJgD8q/S661nTZNSsZ0mzHD5u87W43Lgdqn1DXNL + nsZ4Yp9zujADawySPpR/xFrFf8+Y/ew/1Eo/8/H+B+Za/DH4iuoZfDWoEEZB + FtJyPypifDT4hSMyp4b1BihwwFtJwffiv08tde0mO2hjefDKigja3UD6VTsN + Z02G5vJJJsLLJuU7WORj6Uf8RaxX/PmP3sP9RKP/AD8f4H5oN8M/iErpG3hy + /VpOFBt5BnHpxW9YfBH4n36tJ/YcttEgLM9wyRAAck4Yhj+ANfojeazpst9Z + TRzZSFnLHa3GRgdqs32u6VNZXEUc+XeNlA2tySOO1Z1fFnGNWhSin83+qLhw + Lh7+9N/gfK3gv9mV4TBqfiu4ivgQri2idkjORnDvgMR7Db9TX0rolpd6Ybiw + 0m0treGDYoiTKxoAOAoHatWy13SorOCKSfDJGqkbW4IAB7VVstZ02G8vZZJs + JMylTtbkAYPavg844gxePnzYmd7bLZL0X9M+ny/KqGFjy0Y28+v3hfPrBurL + zo4Q4c7ME4Jx3q3dvrn2WbzYoAmxt2GbOMc4qpfazps11ZSRzZWJyWO1uBj6 + Vcu9e0qW1mjSfLOjADa3Uj6V4x6BHYPrYsYBDHCY9i7SS2cY4zVe0fWP7Qvj + HHCZCY94JOB8vGPwqxYa5pcNjBDLPtdEUEbWOCB9Kr2ms6bFqF9O82EmMe07 + W52rg9qADUH1czWfnxwhhKNm0nlsd/artw+u/Z5d8UAXa2cM2cYqlqGsabPN + ZvFNuEUoZvlYYGPpV6417SZLeVEnyzKwHyt1I+lAFfTX1oWEAgjhMe0bSxbO + PeobZ9Y/tO8MccJlIj3gk7RxxiptN1vS7ewghln2uigEbWOD+AqG21nTY9Tv + Lh5sRyiPadrc7Rg9qADUn1gtaefHCD567NpPLc4z7VflfXvKfdFBjBzhm6VQ + 1LWdNna0MU27yp1dvlYYUZyelaEuv6Q0TqtxkkED5W9PpQBT0t9ZGnwC3jhM + e35SxOcZ71HA+r/2pclI4fO2JuBJ247YqTS9a0y20+CCaba6Lgjaxxz7Co4N + Y01NVublpsRyIgU7W5I68YzQAam+rkW32iOEfv027Sfvc4z7VovJr+05igxj + +81Z2qazptwLUQzbvLnjdvlYYUZyeRWk/iDSCpAuOoP8Lf4UAZ2kPrA06EW0 + cJiwcFic9T1xSRPrH9rTFY4fO8tcjJ24zxj3p2kazptrp0ME8210ByNrHuT2 + FNi1nTV1aa5M37t41UHa3UH0xmgA1R9YMUP2iOEDzkxtJ+9njPtWn5mv/wDP + K3/76aszVNZ025ihWGbcUmRj8rDgHk8itT/hIdH/AOfj/wAcb/CgDL0Z9XGn + RC1jhaL5sFiQfvHPT3oV9X/thyI4fO8kZGTt27v55o0bWdNtdOiguJtki7sj + ax6sT2FC6zpo1h7ozfujCEB2t97dnGMZoANWfVzbL9pjhC+YmNpOc5461p+Z + r/8Azyt/++mrM1bWNNubZY4JtzCRGxtYcA89RWp/wkOj/wDPx/443+FAGXpD + 6wLJRbRwtHublic53HPSjfrH9s58uHz/ALP0yduzf/PNGkazptrZLDPNtcMx + xtY9WJHQUf2zpv8AbP2rzv3X2fZu2t97fnGMZ6UAGrvrBsiLmOFU3LypOc5G + Otafma//AM8rf/vpqzNX1nTbqyMUE259yHG1hwCCeorU/wCEh0f/AJ+P/HG/ + woAy9JfWBat9mjhKb3+8TnOeelDPq/8AbCExw+f5JwMnbt3fzzRpOs6bbWrR + zzbWLucbWPBPHQUNrOmnWEuhN+6EJTO1vvbs4xjNABrD6udOlF1HCseVyVJJ + +8MdfetPzNf/AOeVv/301Zms6zpt1p0sEE252K4G1h0YHuK1P+Eh0f8A5+P/ + ABxv8KAMvSn1gQy/Z44SvmvncT97PP4USPrH9rQlo4fO8psDJ27c8596NK1n + TbaGVZptpaV2HyseCeOgok1nTW1aG5E37tYmUna3Un0xmgBdXfWDp0wuY4Vi + wMlSSeo6Zq+Trrx7Ght2VhggliCD61Q1fWdNutOmggm3O4GBtYdCD3FaK+IN + IAA+0f8Ajrf4UAfIHjj9lmw8WT3er+DpItFuzK4eA5+ys+ckKAMxjntkeiiv + lzxF8Avix4buvs1xoE16Dko9li5DgdSFjy4/FQa/VDS9Z023W5E023zJ3dfl + Y5U9DwKJtZ019VtrlZsxxo4Y7W4J6cYzXiYrIKFV8y0fkfN47hbC1nzJcr8v + 8j8d5vAfji3z5/h3UY8dd1pMMfmtIPAvjY8jw9qP/gJN/wDE1+xuq61plzp8 + 8EM253XAG1h39xVyLX9IWNFNxyAB91v8K4P9Vofzv7jy/wDUin/z8f3H4yL4 + I8aPnZoGoNtODi1lOD6fdoPgjxoGCHQNQDN0H2WXJx/wGv2L03WdNt2uzNNt + 82d3X5WOVOMHgUXOs6bJqdncJNmOISBjtbjcOO1H+q0P539wf6kU/wDn4/uP + x0bwP41RSz+H9QUDqTaTAf8AoNKPAvjYjI8P6iQf+nSb/wCJr9kNS1vTLiwn + hhn3O6kAbWGT+IqxBr+kpBGjT4KqAflbqB9KP9Vofzv7g/1Ip/8APx/cfjMv + gjxo5IXQNQJU4OLWXg/980HwR40VlRtA1AM2cD7LLk464+Wv2L0/WdNgmvGl + m2iWUsvyscjHXpRd6zpsuo2M6TZjh8zedrcblwO1H+q0P539wf6kU/8An4/u + Px1bwP41RSzeH9QAHUm0mx/6DQPA3jZgGXw/qBB5B+yTf/E1+yOoa5pc9jPD + FPud0YAbWGSR9Kltde0qO1hjefDKigja3UD6Uf6rQ/nf3B/qRT/5+P7j8aF8 + EeNGJVdA1AleDi1l4+vy0HwR40VlVtA1AFugNrLk/T5a/Yux1nTYbm8kkmws + sgZTtY5GPpReazpst7ZTRzZSFnLHa3GVwO1H+q0P539wf6kU/wDn4/uPx1bw + N41UFm8P6gAOSTaTcf8AjtA8DeNWAZfD+oEHkEWk3/xNfspfa7pU1lcRRz5d + 43UDa3JIIHaiy13SorOCKSfDJGqkbW4IAB7Uf6rQ/nf3B/qRT/5+P7j8ah4I + 8aMzKugagSvUC1lyPr8tDeCPGikK2gagC3Azay8/T5a/Yuy1nTYr29lkmwkz + KVO1uQBg9qL7WdNmurKSObKxSFmO1hgY+lH+q0P539wf6kU/+fj+4/HU+BvG + ygs3h/UAByT9km/+JoXwN41dQy+H9QIPIItJsf8AoNfstda9pUlrNGk+WZGA + G1upH0qPT9c0uCxghln2uiKCNrHBA+lH+q0P539wf6kU/wDn4/uPxsHgjxoz + Mi6BqBZcZH2WXIz6/LQ3gjxohAbQNQBY4GbWXk/981+xdprOmx6jfTvNhJvL + 2Ha3O1cHtRqGs6bPNZtFNuEUoZvlYYGPpR/qtD+d/cH+pFP/AJ+P7j8dT4F8 + bAZPh/UQB/06Tf8AxNIvgfxq6hk8P6gwPQi0mI/9Br9mbjXtJeCRFnyWUgfK + 3Uj6VX03W9Mt7CCGafa6KARtY4P4Cj/VaH87+4P9SKf/AD8f3H43DwR40LFB + oGoFl6j7LLkZ9flobwR40TG/QNQXccDNrKMn0+7X7F22s6bHqd5cPNiOURhT + tbnaOeMUalrOm3DWhhm3eVOjt8rDCjOTyKP9Vofzv7g/1Ip/8/H9x+Ox8C+N + hyfD2o/+Ak3/AMTTV8D+NHUOmgagynoRaSkf+g1+zcuv6Q0bqLjkgj7rf4VT + 0rWtMttPggmm2ui4I2se/sKP9Vofzv7g/wBSKf8Az8f3H44DwR40LFBoGoFh + 1H2WXI/8dobwR40TG/QNQXJwM2soyT2+7X7Fw6zpqapc3LTYjkRAp2tyR14x + mjVNZ024W2EM27y50dvlYYUZyeRR/qtD+d/cH+pFP/n4/uPx2/4QXxv/ANC9 + qP8A4CTf/E06DwF45usfZvDupTbumy0mbP5LX7Mt4g0gqQLjt/db/Cs7SNZ0 + 2106GCeba6A5G1j1JPYUf6rQ/nf3B/qRT/5+P7j8tvDf7PXxY8S3Ytk0V9OX + ALPfMLcKD3KN+8/JDX1b4E/Zl0nwNJbaz4jMWtakkieWGyLeJ88YjP3j7t9Q + oPNfTces6aurTXJm/dPEqg7W6g+mM0arrOm3MMSwzbisqMflYcA89RXo4TIq + FJ81rvzPWwHDGFoPmtzPz/yNPzNf/wCeVv8A99NWZo76wNOiFrHCYvmwWJB+ + 8c9PetT/AISHR/8An4/8cb/CsvR9Z02106KCeba67sjax6sT2FeyfRAr6x/b + DkRw+d5IyMnbt3fzzRqz6wbZftMcITzExtJznPHWhdZ00aw90Zv3RhCA7W+9 + uzjGM0atrOm3NsscE25hIjY2sOAeeooA0/M1/wD55W//AH01ZmkPq4sgLWOF + k3NyxOc5Oelan/CQ6P8A8/H/AI43+FZej6zptrZCKeba4Zjjax4JyOgoAN+s + f2zny4fP+z9Mnbs3/wA80au+sGyYXMcIj3LypOc5GOtH9s6b/bP2rzv3X2fZ + u2t97fnGMZ6UavrOm3Vk0ME25yynG1h0YE9RQBp+Zr//ADyt/wDvpqzNJfWB + bN9mjhKeY+dxOc556Vqf8JDo/wDz8f8Ajjf4Vl6TrOm21s0c821jI7Y2seCe + OgoAGfV/7YQmOHzvJOBk7du7+eaNYfWDp0ouo4RF8uSpJP3hjr70NrOmnWEu + hN+6EJQna33t2cYxmjWNZ02606WCCbc7bcDaw6MD3FAGn5mv/wDPK3/76asz + Sn1cQzfZo4SPNfO4n72ece1an/CQ6P8A8/H/AI43+FZelazpttDMs020tK7D + 5WPBPB4FABI+sf2tCWjh87y22jJ24zzn3pdXfWDp0wuY4RFgZKk56jpmkl1n + TW1aG5E37tI2Una3Un0xmnavrOm3WnTQQTbncDA2sO4PcUAaCya/tGIoMY/v + NWbpj6wFufs8cJ/fvu3E/e749q0l8QaQFANx2/ut/hWbpms6bbrciabb5k8j + r8rHKnoeBQATPrH9qWxeOHztj7QCduO+afqr6ydPnFxHCI8fMVJz17UybWdN + fVLa5WbMcaOGO1uCenGM1JqutaZc6fPBDNud1wBtYd/cUAW4n17yk2xQYwMZ + ZulUNNfVw135EcJJnffuJ4bjOPatCLX9IWJFa4wQAD8ren0rP03WdNt2uzNN + t82d3X5WOVOMHgUAFy+sf2nZmSOESgSbACdp45zU2pPrRsJxPHCI9p3FS2ce + 1Q3Os6bJqdncJNmOISBjtbjcOOMVNqWt6XcWE8MU+53UgDawyfxFAE9u+u+R + HsigK7RjLNnGKpae+sCa88iOEsZTv3E8Njt7Vet9e0lII0afBVQD8rdQPpVH + T9Z02Ca8aWbaJZSy/KxyMfSgAu31c6jYmWOESAybACcH5ec/h0qfUH1s2M4m + jhEextxUtnGOcVBd6zpsuo2M6TZSEybztbjcuB2qxqGuaXPYzwxT7ndGAG1h + kkfSgB9o+ufZYfKigKbF25Zs4xxmqli+ri6vfJjhLmQb8k4Bx2q5aa9pUVrD + G8+GRFBG1uoH0qnY6zpsN1eySTYWWQMp2scjH0oAL19YN7ZGWOEOGbYATgnH + OatXr64bOcSxwBPLbdhmzjHOKq3us6bLe2Usc2UiZix2twCMDtVq913SpbOe + KOfLPGygbW5JBA7UAJYvrYsrcRRwFPLTaSWzjAxmq1m+sC9vTFHCZCybwScA + 7eMVasdd0qGyt4pJ8OkaKRtbggAHtVWz1nTYr29mkmwkzIVO1ucLg9qAC/fV + zc2fnRwhhIdmCcE471cun1z7LN5kUATY2cM2cY5xVO/1jTZrmzkimysUhZjt + YYGPpVy617SpLWaNJ8syMANrdSPpQBFp760LGAQRwmPYu0sWzjHeoLR9X/tG + +MccJlPl7wScD5eMfh1qfT9c0uCxghln2uiKCNrHBA+lQWms6bFqN9O82I5v + L2Ha3O1cHtQAag+sGWz8+OEETDZtJ5bB6+1Xp313yJN8UG3ac4Zs4xVHUNZ0 + 2eWzaKbcIpgzfKwwAOvSr0+v6S8EiLPkspA+VupH0oAraa+tCwgEEcJj2jaW + LZx71Fbvq/8Aad2UjhMpEe8EnaOOMVNput6Zb2EEM0+10UAjaxwfwFQ2+s6b + Hql3cPNiOURhTtbnaOe1ABqT6uTafaI4RidNm0nlucZ9q0JX17y33RQYwc/M + 1Z+p6zptwbQwzbvKnR2+VhhRnJ5FaEuv6Q0bqLjkgj7rf4UAUtKfWRp8Ito4 + THj5SxOevemQvrH9q3BWOHztibgSduO2KfpWtaZbafBBNNtdBgjax7+wpkOs + 6amq3Fy02I5EQKdrckdeMUAGpvrBW2+0Rwgeem3aT97tn2rSMmv4OYoP++mr + N1TWdNuFthDNu8udHb5WGFHU8itJvEGkEEfaP/HW/wAKAM7SH1gadCLaOFos + HBYkHqeuKSN9X/taUrHD53lLkZO3bnjHvS6RrOm2unQwTzbXQHI2sepJ7Ckj + 1nTV1eW6M37polUHa3UH0xmgA1V9XMMX2mOEL5qY2k/ezx+Fafma/wD88rf/ + AL6aszVdY025hiSCbcVlRj8rDgHnqK1P+Eh0f/n4/wDHG/woAy9HfWBp8YtY + 4THlsFiQfvHPT3oV9Y/thiI4fO8kZGTt27v55o0fWdNtdPjgnm2upbI2serE + 9hQus6aNYa6M37owhM7W+9uzjGM0AGrPrBtV+0xwhN6fdJznPHWtPzNf/wCe + Vv8A99NWZq2s6bc2qxwTbmDocbWHAPPUVqf8JDo//Px/443+FAGXpD6uLMC2 + jhKbm+8TnOeelG/V/wC2QfLh8/yOmTt2bv55o0jWdNtbMRTzbX3McbWPBOR0 + FH9s6b/bIu/O/dfZ9m7a33t2cYxnpQAau+rmxYXUcKx7l5UnOcjHWtPzNf8A + +eVv/wB9NWZrGs6bdWLQwTbnLKcbWHQgnqK1P+Eh0f8A5+P/ABxv8KAMvSn1 + gWz/AGaOEr5j53E5znnpViBr467H9sVFbyW+4SRjPv3zVfSdZ022tnjnm2sZ + HYDax4J46CrEF/aXuuxvbSbx5LL0I5znv7UAdLRRRQAUUUUAFFFFABRRRQB/ + /9T94p/+Q5a/9cnqTXf+QTcfQfzFZEulxrqsEHnzENG5yXO4Y9DT9W0qK306 + aZZ5nKgcM5IPI6igDp4v9Un0FZGjf8v3/X1L/Smx6LEUU/abjkD/AJaGs7TN + Ljn+15nmXy7iRPlcjOMcn1PvQBp3X/Ibsf8Acl/lU+tf8gq5/wBysW40uNNU + tYBPMRIrnJc7hgdj2qXU9JigsJ5RPMxVc4aQkH6igDorf/j3i/3V/lWXpH+t + v/8Ar4b+QqOHRomhjb7ROMqDxIfSqGnaXHNJdgzzL5czKNrkZxjk+poA1L3/ + AJDGm/Sb/wBBFWNX/wCQZc/9c2rDutLjTUrKETzES+bkl8kbVzwe3vU+o6RF + DYzyiediqE4aQkH6igDds/8Ajzg/65r/ACrO0r/j61D/AK7f0qG20aJ7aJzc + TjcinAkIHIqlYaXHLcXiGeZfLl2gq5BPHf1NAGpf/wDIU03/AHpP/Qat6n/y + Dbr/AK5P/I1gXmlxx39lEJ5iJS+SXJIwueD2qzf6RFFZXEouJ2KRscGQkHA7 + igDZ0/8A48Lb/rkn/oIqjpv/AB/6j/10X/0Gq1no8UlpBIbicFkU4EhAGR2q + pZaXHLd3sZnmAjdQCHIJyO570Aaepf8AH/p3/XRv/Qav6h/x4XP/AFyf/wBB + Nc7faXHFd2UYnmYSOQSXJIwO3pVu80eKO0nkFxOSqMcGQkHA70Aaml/8g21/ + 65J/Kqen/wDIU1L/AHov/Qaq2GkRS2UEpuJ1LopwJCAMjsKrWelxyX99EZ5g + IimCHIJyueT3oA09U/4+tP8A+u39K0rz/j0n/wBxv5VzV/pccU9monmbzJdp + 3OSRx1Hoau3OjRJbyuLic7UY4MhI4FAF/SP+QZbf9c1qtZf8hnUfpD/6DVPT + tIimsYJTPMpZAcLIQB9BUFrpcb6newmeYCIR4IchjuXPJ7+1AGnq/wDrbD/r + 4T+talx/x7y/7rfyrmNS0uOGSzAnmbzJlU7nJxnuPQ1fm0aJYZG+0TnCk8yH + 0oAtaL/yCrb/AHf61Da/8hq9/wByL+VUNL0mKfT4JTPMpZc4WQgD6Co4NLjf + VLqAzzAIqHIc7jkdzQBp6z/y4/8AX1F/WteT/Vt9DXK6npccP2XE8zeZcRod + zk4BzyPQ+9aL6LCEY/abjgH/AJaGgCbQv+QTb/Q/zNRwf8hy6/65JWfpOlRX + GnQzNPMhYHhXIA5PQUyLS421WeDz5gEjQ5Dncc+poA09b/1Nt/18R/zraPSu + S1XS44I4Cs8zb5kX5nJxnuPetM6JD/z83H/fw0AL4e/5A9v/AMC/9CNJH/yH + 5f8Argv/AKFWZo2lx3OmwzNPMhbdwrkDhiOBQmlxnV5Lfz5sCENu3nd16Z9K + ANTXP+PWL/rtH/OtmuS1bS44LdHE8zZkQYZyRyf51qf2JD/z83H/AH8NACeH + /wDkGR/7z/8AoRoH/Iwt/wBew/8AQ6zNH0uO4sElaeZCWYYVyBwxHSgaXH/b + Jt/Pmx5Abdv+b72MZ9KANPX/APkH/wDbRP8A0KtquS1fS47ez8xZ5nO9BhnJ + HJrU/sSH/n5uP+/hoATQf+PE/wDXST/0Khv+RgT/AK9j/wCh1maTpcdxaGRp + 5kO9xhXIHBoOlx/2wtv582DAW3b/AJvvYxn0oA0/EH/IKl+qf+hCtquS1jS4 + 7fT5JVnmcgrwz5HLAdK1P7Eh/wCfm4/7+GgBND/49pf+u0n86Jf+Q9B/1wb+ + dZmlaXHPBIxnmXErr8rkDg9frRJpcY1eK38+bDRM27ed3B6Z9KANTxB/yCLj + /gP/AKEK2B0FcprGlx2+mzTLPM5Xbwzkg5YDkVpDRIcD/Sbj/v4aADRP9Vdf + 9fEn9KW4/wCQ5a/9cpKy9L0uOdLgmeZdkzr8rkZx3PvRNpca6rbwefMQ6Ocl + zuGPQ0Aa+u/8gm5/3R/MVpRf6pPoK5nVtKig0+aZZ5mKgcNISDyOoq9HosJR + T9ouOQP+WhoAdo3W/wD+vqT+lF3/AMhqx/3Zf5VmaZpcc5u8zzL5dw6fK5Gc + Y5Pqfei40uNNUtIBPMRIshyXO4YHY9qANrWv+QVc/wC5V22/49ov9xf5Vzup + 6TFBYTyieZiq5w0hIP1FWoNGiaGNvtE4yoPEhx0oAl0n/XX/AP18N/IUl7/y + GNN/7bf+giszTtLjmkvAZ5l8uZlG1yM4A5PqaLrS449SsYRPMRL5uSXJYbVz + we3vQBu6t/yDLr/rm38qnsv+POD/AK5r/KsLUdIihsZ5RPOxVCcNISD9RU1t + o0T20Tm4nG5FOBIQORQBNpf/AB96h/12/pRqH/IT03/ek/8AQazLDS45bi8Q + zzL5cmAQ5BPHf1NF5pccd/YxCeYiVnBJckjC54PagDf1P/kHXX/XJ/5Gnad/ + yD7b/rkn/oIrHv8ASIorK4lFxOxSNjgyEg4HcU6z0eKSzgkNxOC0anAkIAyO + woAsad/yENR/30/9Bo1L/j+07/ro3/oNZllpccl5exmeZRG6gEOQTkdz3ovt + Ljiu7KMTzMJHIJLkkcdvSgDor/8A48bn/rm//oJqPS/+Qba/9c1/lWZeaPFH + aTyC4nJVGODISDgd6ZYaRFLYwSm4nUuinCyEAZHYUAW7D/kK6l9Yv/QaNV/4 + +dP/AOuw/lWZaaXHJqF9CZ5gIjHghyCcrnk96NQ0uOKezUTzN5ku07nJI46j + 0NAHS3f/AB6zf7jfyqtpH/IMtv8AcFULjRokt5XFxOdqscGQkcCoNN0mKawg + lM8ylkBwshAH0FAF2z/5DOo/SH/0E0ur/wCssP8Ar5T+RrLttLjfU72EzzAR + iPBD4Y7h3Pf2o1HS44XtAJ5m8yZVO5ycZzyPQ0AdRcf6iT/dP8qoaJ/yCrb/ + AHf61Vm0WJYnb7ROcKTzIfSqml6TFPp8ExnmUsucLIQBz2FAF+1/5Dd7/uR/ + ypdZ6WX/AF9Rf1rLg0uN9UuoDPMAiochzuOfU0anpccAtcTzNvnjT5nzjOeR + 6H3oA6qT7jfQ1l6D/wAgm3+h/wDQjUb6LCEY/abjof8Aloaz9J0qO406GZp5 + kLA8K5AHJ6CgDSg/5Dtz/wBck/nSa5/qbf8A6+I/51mRaXG2rTwefMAsanIc + 7jk9zRqulxwRQss8zbpkX5nJxnuPegDraxfD3/IHt/8Agf8A6EaX+xIf+fm4 + /wC/hrL0bS47nTYZmnmQtu4RyBwxHAoA04/+Q/L/ANe6/wDoVGu/8ekf/XWP + +dZiaXGdYkt/PmwIQ27ed3Xpn0o1bS47e2R1nmbMiDDOSOTQB1tYugf8gxP9 + 5/8A0I0v9iQ/8/Nx/wB/DWXo+lx3FisrTzISzDCuQOGI6UAaY/5GE/8AXr/7 + PXz7411j+2fEFxMjboYD5UfptTqfxOTXpXi2WPQkuHSeXzWgAiJc7i7Njr6A + ZOPavCaCon0F8M9T+2aE1i5y9k5X/gD/ADL+uR+FdZoP/Hi3/XST+deDeArh + E15LOaV4o7tSmUbb8w5XP5Y/GvZtI0uO4tTI08yHe4wrkDg0CZpt/wAjAn/X + sf8A0OjxB/yCpfqn/oQrMbS4xrC2/nzYMBbdvO772MZ9KNZ0uO30+SVZ5nIK + 8M5I5YDpQI62sbQ/+Pab/rvJ/Oj+xIf+fm4/7+GsvStLjnhlYzzLtldflcgc + Hr9aANOX/kPQf9cG/nTvEH/IIuPov/oQrKk0uMavFb+fNhombO87uD0z6Uus + aVHb6dNMs8zlccM5IPzAcigDq1+6PpWNon+ru/8Ar5k/pSLokJAP2m4/7+Gs + 3S9LjnS4JnmXZO6/K5Gcdz70Aadx/wAhy0/65yVLrn/IJuf90fzFY82lxrqt + vB58xDo5yXO4Y9DT9V0qKDT5plnmYqOjSEg89xQB00P+qT/dH8qydG63/wD1 + 9Sf0pseixGNT9on5A/5aGs7TdLjmN3meZfLndBtcjOMcn1PvQBp3f/IasP8A + dl/kKn1n/kF3P+4axbjS401O0gE8xEiyHJc7hgdj2qXU9JigsJ5RPMxVc4aQ + kH6igDobX/j2i/3F/lWZpP8ArtQ/6+G/kKig0aJoI2NxOMqDxIcdKo6dpcc0 + t4pnmXy5io2uRnA6n1NAGnff8hfTP+23/oFWtW/5Bl1/1zb+VYV1pccepWMI + nmIl83JLkkbVzwe3vU+oaRFDYzyiediiMcNISDgdxQBu2X/HnB/1zX+VZ2l/ + 8feof9dR/KoLXRontoXNxONyKcCQgcjtVOw0uOW5vEM8y+XJgEOQTx39aANP + UP8AkJab/vSf+g1d1P8A5B11/wBcn/8AQTXP3mlxx31lEJ5iJWcElySMDse1 + Wb7R4orK4kFxOxSNjgyEg4HcUAbGnf8AIPtf+uSf+giqOnf8hHUf99P/AEGq + 1lo8UtnBIbicF41OBIQBkdhVWy0uOW9vYzPMBEygEOQTkdz3oA1NT/4/dO/6 + 6n/0Gr9//wAeNx/1zf8Aka5y+0uOK6skE8zCRyCS5JHHb0q5d6PFHazSC4nO + 1GODISDgd6ANLS/+Qba/9c1/lVWw/wCQtqX1i/8AQap2GkRS2MEpnnUuinCy + EAZHYVXtNLjk1C+hM8wERjwQ+Ccrnk96ANPVf+PjT/8AruP5VpXf/HrN/uN/ + Kua1DS44ZrNRPM3mShTuckjjqPQ1euNGiS3lcXE52qxwZDjgUAXdH/5Bdt/u + CoLP/kM6h9If/QTVHTdJimsIJTPMpZQcLIQB9BUNtpcb6neQmeYCMR4IfDHI + 7nv7UAaesffsP+vlP61qz/6iT/dP8q5fUtLjha0AnmbzJ1X5nzjOeR6GtCXR + YlidvtE5wpPMh9KALOif8gq2/wB3+tQ23/IbvP8ArnHVDS9Jin0+CUzzKWXO + FkIA57Co4NLjbVbmDz5gERDkOdxz6mgDT1r7tl/19Rf1rYf7jfQ1ymqaXHAL + bE8zb50T5nJxnPI9/etJ9FhCk/abjgH/AJaGgCTQf+QRb/Q/+hGmQ/8AIduP + +uKfzrO0jSo7jToZmnmQsDwrkAcnoKbFpcbatNB58wCxqc7zuOT3PpQBp63/ + AKi3/wCu8f8AOtquS1XS44IoWE8zbpkX5nJ6nqPetT+xIf8An5uP+/hoATw9 + /wAgiD/gf/oRoT/kYJP+vcf+hVmaNpcdzp0UzTzIW3cI5A4YjpQulxnWHt/P + mwIQ27ed33sYz6UAaeu/8eaf9dY/51tVyWraXHb2yus8z5kQYZyRya1P7Eh/ + 5+bj/v4aAE0D/kGr/vv/AOhGj/mYf+3X/wBnrM0jS47iyWVp5kJZhhXIHBI6 + Uf2XH/bP2bz5sfZ9+7ed338Yz6e1AGpr/wDyDj/vp/6EK2a5LV9Ljt7IyLPM + 53KMM5I5I7Vqf2JD/wA/Nx/38NACaF/x5N/11k/nQ/8AyMEf/Xuf/QqzNJ0u + O4tS7TzKQ7jCuQODQ2lxjWEt/PmwYS27ed33sYz6UAafiH/kEzfVP/QhW1XJ + azpcdtp0kyzzOVK8M5I5YDpWp/YkP/Pzcf8Afw0AJof/AB7z/wDXeT+dLL/y + Hbf/AK4v/OsvStLjnhlYzzLtldflcjoev1ok0uMatDb+fNhombdvO7g9AfSg + DV1//kEXH0X/ANCFay/dH0rldX0qO306aZZ5nKgcM5IPI6itFdEh2j/Sbj/v + 4aAF0X7l3/18y/0ouf8AkOWf/XOSszS9LjnW5JnmXZO6/K+M47n3om0uNdVt + oPPmIdHOS53DHoaANjW/+QVc/wC7/UVow/6mP/dH8q5rVdJig0+eYTzMVGcN + ISDz3FXItFiaNG+0TjIH/LQ0AP0f71//ANfMn9KLv/kM2H+7L/IVmabpcczX + YM8y+XO6/K+M4xyfU0XOlxpqdnCJ5iJBJkl/mGB2PagDb1n/AJBdz/uGrdr/ + AMe0P+4v8q5/U9JihsJ5RPMxVScNISD9RViDRomgjY3E4yoPEhx0oAl0n/X6 + h/13P8hRff8AIX0z/tt/6DWZp2lxzTXimeZfLlKja5GeOp9TRd6XHHqNjCJ5 + iJfMyS5JG1c8Ht70Aburf8gy6/65t/KprH/jyt/+uafyFYeoaRFDYzyiedii + McNISDgdxUtro8UlrC5uJxuRTgSEDkdqALGmf8fmo/8AXUfypNQ/5CWm/wC+ + /wD6DWZY6XHLc3iGeZRHIACHIJ47+tF5pccd7ZRCeYiVnBJckjAzwe1AHQal + /wAg66/65P8A+gml07/kH2v/AFyT/wBBFZF9o8UVlcSC4nYpG5wZCQcA9RRZ + aPFLZwSG4nBeNTgSEAZA6CgCzp3/ACEtS/30/wDQaNT/AOP3Tv8Arqf5VmWW + lxyXt7EZ5gImUAhyCcjue9F9pccV1ZIJ5m8yQgkuSRx29KAOjvv+PK4/65v/ + ACNRaV/yDbX/AK5r/Ks260eKO1mcXE52oxwZCQcDvUen6RFLYwSm4nUuinCy + EAZHYUAW7H/kLal9Yf8A0GjVf+PjT/8AruP5Gsy00uOTUb6EzzAReXghyCdy + 55Pf2o1DS44ZrNRPM3mShTucnHHUehoA6a6/49Zv9xv5VU0b/kF23+4KpXGj + RJBI4uJztUnBkOOBVfTdJimsIJTPMpZQcLIQB9BQBds/+Q1qH+7F/wCg0ax9 + +w/6+Y/61mW2lxvqd5AZ5gIxHghzuOR3Pf2o1LS44WtAJ5m8ydFO5ycZzyPQ + 0AdRN/qZP90/yrP0T/kFW3+7/Wq8uixLG7faJ+Af+WhqnpWkxT6fBMZ5lLLn + CyEAc9hQBftv+Q3ef9c46Na+5Z/9fMX9azINLjbVbmDz5gERDkOdxz6mjVNL + jgW2InmbfOi/M5OM55HvQB1b/cb6GsnQP+QRb/Rv/QjTG0WEKT9puOn/AD0N + Z2kaVHcadDM08yFgeFcgDk9BQBpQ/wDIeuP+uKfzo1z/AI94P+u8f86zI9Lj + bVprfz5sLErbt53cnufSjVdLjghiZZ5m3SovzOT1PX60AdbWL4f/AOQTB9X/ + APQjS/2JD/z83H/fw1l6Ppcdxp0UzTzIW3cK+BwxHSgDUT/kPyf9e4/9CpNd + /wCPNP8ArrH/ADrMXS4zrD2/nzYEIbdvO772MZ9KNW0uO3tldZ5mzIgwzkjk + 0AdbWLoH/INX/ff/ANCNL/YkP/Pzcf8Afw15lP4o0vSH+xXS3bSDJzE4C4JP + Y0BY9N/5mH/t1/8AZ6TX/wDkGt/vp/6EK5PQZrTX7hbm3e4jjaFj8z/PlXxj + I7e1bOr6XHb2TSrPM5DKMM5I5IHSgDraxtC/483/AOusn86P7Eh/5+bj/v4a + y9J0uOe2Z2nmUiRxhXIHBoA03/5GCP8A69z/AOhUeIP+QRP9U/8AQhWY2lxj + WEt/PmwYS27ed33sYz6Uaxpcdvp0syzzOV28M+RywHSgDraxdD/1Fx/13k/n + S/2JD/z83H/fw1l6Vpcc8MzNPMu2V1+VyOh6n3oA05v+Q7b/APXF/wCdP17/ + AJBFx9B/6EKyZdLjXVoYPPmIaNjnedwwex9Kdq+lR2+nTTLPM5UDhnJB5HUU + AdSn3F+grH0X7t5/18y/0pF0SEqD9puOn/PQ1m6Zpcc63JM8y7J5F+V8Zxjk + +9AGnc/8huz/AOuclS63/wAgq5/3f61jz6XGuq20HnzEOjnJc7hj0NSarpMU + GnzzCeZiq5w0hIPPcUAdJB/qI/8AdH8qytH+/f8A/XzJ/SmRaLE0SN9onGVB + 4kPpWfpulxzNdgzzL5c7qNrkZxjk+poA07z/AJDWn/7sv/oNWNY/5Bdz/uGs + S50uNNTs4BPMRIJMkudwwOx7e9TalpMUNhPKJ5mKqThpCQfqKAOgtf8Aj1h/ + 3F/lWZpX/HxqH/Xc/wAhUVvo0TwRubicblBwJDjkVR0/S45prxTPMvlylflc + jPHU+poA07//AJC2m/WX/wBBq3qv/INuv+ubfyrBu9Ljj1GxhE8xEpkyS5JG + Fzwe3vVjUNIihsZ5RPOxRGOGkJBwO4oA27D/AI8bf/rmn8hWfpn/AB+6j/11 + H8qgtNHiktYZDcTjcinAkIAyO1U7HS45bq9QzzL5cgAIcgnjv60Aamo/8hHT + v99//Qau6j/yD7r/AK5P/wCgmuevdLjjvbKMTzESswJLkkYHY9qtXujxRWc8 + guJyUjY4MhIOB3FAGtpv/IOtf+uSf+giqWn/APIS1L/fj/8AQarWOjxS2VvI + bidS8aHAkIAyB0FVbPS45L29iM8wETIAQ5BORnk96ANPVP8Aj807/rqf5VoX + 3/Hlcf8AXN/5Gucv9LjiubNBPM3mSEElySOO3pVy60eKO1mcXE52oxwZCRwO + 9AGjpP8AyDLX/rmv8qq2P/IX1P8A7Y/+g1T0/SIprGCUzzqXRThZCAMjsKgt + NLjk1G+hM8wEXl4IcgncueT39qANPVv9fp//AF3X+RrTuv8Aj2l/3G/lXM6h + pccMtmonmbzJgp3OTjjqPQ1en0aJYJGFxOcKTzIcdKALmjf8gu2/3BUFp/yG + r/8A3Yv5VS0zSYprCCUzzKWUHCyEAfQVDb6XG+p3cBnmAjWMghzuOR3PegDT + 1n71h/19R/1rWm/1Mn+6f5Vy2p6XHCbTE8zeZOiHc5OM55HofetCXRYljdvt + E5wD/wAtDQBY0P8A5BNt/un+ZqO3/wCQ5d/9c46ztK0qKfT4JjPMpYdFkIA5 + 7CmQ6XG2q3EHnzAIiHIc7jn1NAGnrX3LT/r5i/rWy33T9K5PVNLjgW2Inmbf + Oi/M+cZ7j3rSbRIdp/0m4/7+GgB+gf8AIIt/o3/oRpsX/Ien/wCuK/zrN0jS + o7jToZmnmQsDwrkAcnoKSPS4zq81v582FiVt287uT0J9KANPXP8Aj3g/67x/ + zrarktV0uOCGJlnmbdKi/M5I5PX61qf2JD/z83H/AH8NAB4f/wCQTD9X/wDQ + jSL/AMjA/wD17D/0OszR9LjuNPjmaeZCS3CvgcMR0oXS4zrDW/nzYEIbdvO7 + 72MZ9KANTXf+PJf+usf/AKFWzXJatpcdvah1nmYl0GGckcmtT+xIf+fm4/7+ + GgBNA/5Bw/33/wDQjQf+RiH/AF6/+z1maRpcdxZCRp5kO5hhXIHB9KP7Lj/t + kW3nzY+z79287vvYxn09qANPxB/yDX/3k/8AQhW1XJaxpcdvYtKs8zkMowzk + jkjtWp/YkP8Az83H/fw0AJoX/HpJ/wBdZP50r/8AIfi/692/9CrL0nS457Z3 + M8yYkcYVyBwasQWaWmuxoskj/uWbLtuPXH5UAdLRRRQAUUUUAFFFFABRRRQB + /9X9z5ZdW/tWBmgjEojbaN5wR35p+rS6s2nTC4gjSMgZKuSRyO2KSXVtObVr + e4WYGNI3BODwT07U/V9X02406eGGcM7AYGDzyPagC5HNrmxcW0WMD+M/4Vna + ZLqy/a/IgjbNxIWy5GG4yBx0rTj13SQig3AyAOzf4VnaXq2nQfa/OmC+ZcSO + vB5U4welADbiXVTqlqzwRiUK+0BzgjHOTipdTl1drCcTwRrGV5IckgfTFMuN + W059VtLhZgY41kDHB4JHFS6prGmz6fPDDOGd1wBg8/pQBYhm1vyY9ttERtGP + nPTH0qhp0urCS88mCNiZmLZcjDcZA9q0Ydc0pYY1a4AIUA8N6fSqGm6tp0Ml + 4ZZgokmZl4PIIHPSgBt1Lqx1KyaSCMSDzdgDnB+XnJ7VPqMusGxnE1vEsZQ7 + iHJIH5VFdatp0mp2M6TAxxebuODxuUAdqn1LWdMmsJ4opwzuhAGDyfyoAktp + taFtEEt4iuxcEuc4x9KpWEuqi4vDDBGzGX5wXxg47Vftdb0qO2iR7gBlRQRg + 9QPpVLT9W06G4vXlmCiWXcpweRj6UANvJdWN/YmSCMSAvsAckH5ec+lWb+bW + TZXAlt4lQxtuIckgY57VBeatp0l/YzJMCkRcscHjK4HarN/rWmS2NxFHOGd4 + 2AGDySPpQAWc2si0gEdvEUCLtJcgkY47VUspdWF3emKCNnLrvBYgA47etXbP + WtLis4I3uAGSNQRg8ED6VUsdW06K8vZJJgFldSpweQB9KAG30urG7sjLBGrh + 22AMSCcd/Srd5NrJtJxJbxBCjbiHJIGOe1Vr7VtOlu7KSOYFYnYscHgEfSrd + 5rWly2c8aXALPGwAweSR9KAI7CbWRZQCK3iZAi7SXIJGOO1VrOXVhf3xjgjM + hKbwXIA+XjHHNW7DWdMhsbeKScK6RqCMHggfSq1nq2nR6hfTPMAkpj2nB5wu + D2oAbfy6sZ7MzQRqwl+TD5ycdDV25m1o28oe3iC7GyQ56Y+lVNQ1bTpp7N45 + gwil3NweBj6Vdudb0p7aVEuAWZGAGD1I+lAFfTpdYFjAIbeNowg2kuQSPyqC + 1l1YanetHBGZSI94LHA+XjBqzpus6ZDYQRSzhXRACMHg/lUFrq2nR6nezvMB + HKItpwedq4PagBuoy6qXtPPgjUiZSmHJy3OAeOlX5ptb8mTdbRAbTn5z0x9K + palq2nTyWZimDCOdWbg8KM89Kvza5pTQyKtwCSpA4b0+lAFLS5dXXT4BBBG0 + YXglyCR9MVHBLqw1S6ZIIzKVTcC5wBjjBqbS9Y0230+CGacK6LgjB4/So7fV + tOTVbq4aYCORYwpweSBz2oAbqcurH7L58Ea4uIyuHzlucA+1aLza5sbNtFjB + /jP+FUNU1bTp/snlTBvLuI3bg8KM5PStJ9d0kowFwMkHs3+FAGdpMurrp0It + 4I3jAOCXIJ5PbFMil1b+1Z2WCMymNNw38Adual0jV9Nt9OghmnCuoORg8cn2 + pkWracurXFw0wEbxoAcHkjr2oAbqsurNHB9ogjUCZNuGJy3YfStMza7/AM+0 + X/fZ/wAKztV1bTriOAQzBikyMeDwB1PStQ67pP8Az8D8m/woAydGl1ZdNhFt + BG8fzYLOQT8xzxj1oSXVv7XkYQR+d5Iyu842565p2jatp1tpsME8wR13ZGD3 + YnsKE1bThrElyZh5ZhChsHqDnHSgBurS6s1uguII0XzEwQ5POeK1PO13/n2i + /wC+z/hWbq2radcW8aQzBmEqMRg9Aee1an9vaR/z8D8m/wAKAMnR5dVWwQW0 + Ebx7mwWcg/eOe1Al1b+2S3kR+d5GNu/jbu659c07RtW062sEinmCOGY4we7E + 9hQNW07+2Tc+cPK8gJuwfvbs46elADdXl1VrPFzBGib05VyTnPFanna7/wA+ + 0X/fZ/wrN1jVtOubPy4Jg7b0OMHoDz1Fan9vaR/z8D8m/wAKAMnSZdWW0It4 + I3Te/LNg5zzQZdW/thW8iPzvII27+Nu7rn1zTtI1bTre0Mc8wVt7nGD0J46C + g6tp39src+cPKEBTdg/e3Zx0oAbrEurNp8guYI0jyuSr5P3hj9a1PO13/n2i + /wC+z/hWbrOradc6fJDBMHclcDB7MD6Vqf29pH/PwPyb/CgDJ0qXVlgkFvBG + y+a+ctjnPIokl1X+14mMEfneU2F3nG3PXNO0nVtOt4JEmmCkyuw4PQnjtRJq + 2nHWIrkTDy1iZS2D1J6dKAE1iXVm02YXMEaRnbkq5JHzDtitITa5gf6NF/32 + f8Kz9Z1bTrnTZoIJg7ttwMHswPcVpDXdJwP9IH5N/hQBlaXLqqpcfZ4I2Bmc + tlyMN3HTpRNLq39q27NBGJQj7RvOCO+TTtK1bTreO4E0wUvO7Dg8qeh6UTat + pzatb3CzAxpG4JweCenagBdWl1dtPmFxBGkZAyQ5JHI7Yq9HNrmxcW0WMD+M + /wCFU9W1fTbjTp4YZwzsBgYPPI9qvR67pIRQbgZAHZv8KAMzTJdVU3fkQRtm + 4ctl8YbjIHHSi4l1Y6paM8EYlCybQGOCMc5NO0zVtOgN35swXzLh3Xg8qcYP + SqGp+KdBtNXs5J7sKqI5J2OcbuB0HtQBpanLq7WE4ngjWMryQ5JA+mKtQTa2 + IYwlvEV2jHznpj6VmXPiXQ9V0y4WwuhKSNuNrLz1/iArVg1zSkgjVrgAhQDw + 3p9KAM7TpdWEl55MEbEzMXy5GGwOBRdS6sdSsTJBGJB5uwB+D8vOT24p2nat + p0Ml40swUSTMy8HkEDnpRdatp0mpWM6TApF5u44PG5cDtQBLqMusGxnE1vEq + FDuIckgflU1tNrQtoglvEV2LglznGPpUeo6zpk1hPFFOGd0IAweT+VTWut6V + HbRI9wAyooIweoH0oAoWEurC4vDFBGzGT5wXxg47UXkuqm/sTLBGJAz7AHJB + +XnPHFO0/VtOhub15JgqyyblODyMfSi81bTpb+xmjmBSJnLHB4yuB2oAnvpt + ZNlcCW3iVDG24hySBjntS2U2sizgEVvEUEa7SXIJGOO1Lf61pktjcRRzhneN + gBg8kj6U6y1rS4rOCOS4AZI1BGDwQOe1AFKyl1YXl6YoIy5dd4LkAHHGPWi+ + l1Y3dkZYI1cOdgD5BOO9OstW06K8vZZJgFldSpweQBj0ovtW06W7spI5gVic + ljg8DH0oAs3k2tG0nElvEEKNkhzkDHPamWE2sixgENvEyBF2kuQSMcdqlvNa + 0uS0njS4BZkYAYPJI+lM0/WdMhsbeKScK6IoIweCB9KAKtpLqo1C+McEZkJj + 3gvgD5eMHvRqEurGezM0EasJfkAYnJx0NOs9W06PUb6Z5gElMe04POFwe1Go + atp009k8UwYRS7m4PAx9KALdxNrRt5Q9vEF2tkhz0x9Kg02XWBYQCG3jaMIN + pLkEj8qtXOt6U9vKi3AJZWAGG6kfSq+m6zpkFhBDLOFdEAIweD+VAFe2l1Ya + neskEZkIj3gvwOOMGjUZdWL2nnQRqRMpXDk5bnAPtTrXVtOj1O9neYCOURbT + g87Rg9qNS1bTpnszFMGEc6s3B4UZ56UAXZptb8p91tEBtOfnPTH0qppcurrp + 8AggjaMLwS5BPPpir02uaU0LqtwCSpA4b0+lU9K1jTbfT4IZpwrouCMHjn6U + AQwS6sNUumSCMylU3AscAdsGjU5dWYWvnwRrieMrhyctzgH2p0Gracmq3Vw0 + wEcioFODyR17Uapq2nTi18mYN5dxG7cHhRnJ6UAaDza5sbNtFjB/jP8AhWfp + EurLp0It4I3jAOCzkE8ntitJ9d0kowFwOQezf4Vn6Rq+m22nQwzzhXUHIweO + T7UARxS6t/a07LBGZTGuV3nAGeOaNVl1VooftEEagTJjDk5bPA6U6LVtOXVp + 7gzARvGqg4PJB+lGq6tp1xFAsMwYrMjHg8AHk0AaXna7/wA+0X/fZ/wrL0aX + Vl02EW0Ebx/Ngs5B+8c8Y9a1v7e0j/n4H5N/hWXouradbaZDBPMEdd2Rg92J + 7CgBqS6r/bEjCCPzvJGV3nG3PXOKNWl1ZrZBcQRovmJghyTnPFOTVtOGsSXJ + mHlGEKGweu7OKNW1bTri2RIZgzCRGIwegPPagDS87Xf+faL/AL7P+FZejy6s + tiotoI3Tc2CzkH7xzWt/b2kf8/A/Jv8ACsK01/TdK0V5biUb4RI2zByeSQPx + oA8p+IWpz3msi0nCq1qgVghyNx+br7A1wNT3VzNeXMt3cHdJMxdj7scmoKDQ + ntriW0uIrqE4khdXU+hU5FfRvh+81K40xLiygjeKUlwWbB+bnFfNde5/DrX7 + KPQ2sbyURvbyHGQTlG5HT3zQTI6hpdW/tlWMEfneQRt38bd3XPrmjWJdVbT5 + BcwRpHlclXyfvDHFObVtOOsrc+cPKEBTdg/e3Zx0o1nVtOudOkhgmDuSuBg9 + mB7igk0vO13/AJ9ov++z/hWXpUurLDKLeCNl8185Yj5s8itb+3tI/wCfgfk3 + +FZek6tp1vBKs0wUtK7Dg9CeO1ADZJdW/teJjBH5vlNhdxxtz1zS6xLqzadM + LmCNIzjJVySPmHbFLJq2nHV4rkTDy1iZScHqT9KXWdX06502aCCcO7YwMHsw + PpQBfWbXMDFtF/32f8KzdLl1ZUuPIgjYGdy2XIw3cDjpWquu6SAAbgfk3+FZ + mlatp1ulyJpgped3HB5U9D0oAbNLqv8AatuzQRiUI+0b+CO+TT9Vl1dtPmFx + BGkZHJDkkc+mKSbVtObVre4WYGNEcE4PBPTtT9W1fTbjTp4YZwzsMAYPPP0o + Atxza55a7baLGBj5z/hWfpsurA3fkQRtmdy2XIw3GQPatOPXNJEag3AyAOzf + 4VnaZq2nQG782YL5lw7rweVOMHpQA24l1Y6naM8EYlCybQHOCMc5NS6nLq7W + E4ngjWMr8xDkkD6Yplxq2nPqlpOswMcayBjg8ZHHapdT1jTZ9PnhhnDO6kAY + PP6UATwTa2IIwlvEV2jGXPTH0qjp0uqiW88mCNiZjvy5GGx0HFaNvrmlJBGj + XABVQDw3UD6VQ07VtOhlvGlmCiSYsvB5GOtADbqXVjqNi0kEYkHm7AH4Py85 + Pbip9Qm1g2M4mt4lQo24hySBj6VFd6tp0mpWM6TApF5u44PG5cDtVjUdZ0ya + xuIopwzujADB5JH0oAdaza0LaER28RXYuCXOcY47VTsJdWFzeGKCNmMnzguQ + Acdqv2ut6XHawxvcAMqKCMHqB9KpWGradDc3ryTBVlk3KcHkY+lADbyXVjfW + RlgjVwz7AGJBOOc+lWb6bWTZXAlt4lQxtuIckgY57VBe6tp0t9YyxzApEzlj + g8ZXA7Vav9a0uWyuIo5wzvGwAweSRx2oAbZTayLOARW8TII12kuQSMcdqq2U + urC9vTFBGzll3gsQAccY9auWWtaXFZW8Uk4DJGgIweCBz2qrY6tp0V7fSyTA + LKylTg8gD6UANvpdWN1ZGWCNWDnYA5IJx39KuXc2tG1mElvEEKNkhzkDHPaq + t9q2nS3VlJHMGWKQljg8DH0q5d63pclpNGlwCzIwAweSR9KAIbCbWRYwCG3i + ZAi7SXIJGOO1V7SXVhqF8Y4IzITHvBcgD5eMHvxVrT9Z0yGxt4pJwroigjB4 + IH0qvaatp0eo30zzAJKY9pwedq4PagBuoS6qZrPzoI1YSjZhyctjoau3E2tG + 3lD28QXa2SHPTH0qpqOradNNZtFMGEUoZuDwMdelXrnW9Ke3lRbgFmVgBg9S + PpQBV02XWBYQCC3jaMKNpLkEj8qhtpdWGp3jJBGZSI94L8DjjBqxpmsaZBYQ + QyzhXRQCMHg/lUNtq2nJqd7O8wEcoj2nB52jntQA3UpdWLWnnQRridSuHzlu + cA+1aEs2t+U+62iA2nPzn0+lUdS1bTp2szFMG8udHbg8KM5PStCXXNKaJ1W4 + BJUgcN6fSgCjpcurrp8AggjaMLwS5BIz6YqOCXVRqtyyQRmUom4bzgDtg1Np + Wsabb6fBDNOFdFwRg8c/So4NW05NVurhpgI3RApweSOvagBuqS6swtfPgjXE + 8ZXDE5bnAPtWk82ubTm2ixg/xn/Cs/VNW06cWvkzBvLnjduDwozk9K0n13SS + jAXA5B7N/hQBm6RLqy6dCLeCN4wDgs5BPJ7YpsUurf2tMywRmUxrld5wBnjm + pNH1fTrbTYYZ5wjqDkYPqfamxatpy6vNcGYeW0SqDg8kH6UAN1WXVmih8+CN + R5yYw5OWzwK1PO13/n2i/wC+z/hWbquradcRQrDMGKzIx4PQHk9K1P7e0j/n + 4H5N/hQBk6NLqq6dELaCN4/mwWfB+8c8Y9aFl1b+2HYQR+d5IBXecbd3XPrT + tF1bTrXTYoJ5gjruyMHuxPYULq2nDWXuTMPKMIUNg9d2cdKAG6tLqrWyi4gj + RfMTBV8nOeO1anna7/z7Rf8AfZ/wrN1fVtOuLZEhmDMJEOMHoDz2rU/t7SP+ + fgfk3+FAGTpEurLZKLeCN03NyzkHOTmjzdW/tnd5EfnfZ8bd/G3f1z65p2j6 + tp1tYrFPMEcM5xg92JHQUf2tp39tfavOHlfZ9m7B+9vzjp6UAN1eXVmsiLiC + NE3LyrknORitTztd/wCfaL/vs/4Vm6xq2nXNkYoJg7bkOMHoCCeorU/t7SP+ + fgfk3+FAGTpMurLakW8EbrvflnIOc80NLqv9sIxgj87ySAu8427uucdc07SN + W063tWjmmCsZHOMHoTx2obVtOOspciYeUICu7B+9uzjpQA3WZdWbTpRcwRpH + lclWJP3hjj61qedrv/PtF/32f8KzdZ1bTrnTpYYJg7sVwMHswPcVqf29pH/P + wPyb/CgDJ0qXVlhl+zwRsPNfOXI+bPIokl1b+1oWMEfm+U2F3cYzyc07StW0 + 63hmWaYKWldhwehPB6USatpzavDcCYeWsTKTg9SfpQAmry6s2nTC5gjSMgZK + uSRyO2K0Vm1zaP8ARov++z/hVDWNX06502aCCcO7AYGD6g+laS67pO0f6QPy + b/CgDK0uXVlW58iCNszuWy+MN3A9qJpdW/tW2ZoIxKEfaN3BHfJp2l6tp0C3 + ImmC755HHB5U9D0on1bTm1a2uFmBjRHDHB4J6dqAHarLq7afOLiCNYyOSHJI + 59MVcim1vy0220WMDHzn/Cquq6xptxp08MM4Z2XAGDzz9Kuxa5pKxIpuACAB + 0b/CgDM02XVg135EEbZnctl8YbjIHtRcS6sdTs2eCMSgSbAHODxzk07TNW06 + BrsyzBfMnd14PKnGD0oudW059Us51mBjjEgY4PG4cdqAJNTl1hrCcTwRrGVO + 4hySB9MVYgm1sQRhLeIrtGMuemPpUOp6xps+nzwxThndSAMHk/lVm31zSkgj + RrgAqoB4bqB9KAM7TpdWE155MEbEynfliMNjoKLuXVTqNiZIIxIPM2APwfl5 + ycccU7TtW06Ga8aWYKJJiy8HkY69KLvVtOk1KwnSYFIvN3HB43LgdqAJdQl1 + g2M4mt4lQo24hySBj6VLaza0LWER28RXYuCXOSMcdqbqOs6ZNY3EUU4Z3RgB + g8kj6VJaa3pcdrDG9wAyooIweoH0oAo2MurC5vDFBGzGQbwXIAOO3rReS6sb + 2yMsEYcM+wByQTjnPHFOsNW06K6vZJJgqyyAqcHkY+lF7q2nS31jLHMCkTOW + ODxlcDtQBYvptZNlcCW3iVDG+4hySBg57UWU2sizgEVvEyCNdpLkEjHHanX2 + taXLZXEUc4LPG4AweSQcdqLHWtLisreKScBkjQEYPBAGe1AFOyl1UXt6YoI2 + csu8FyADjjHHNF/LqxurIywRqwkOwB8gnHf0p1lq2nRX19LJMAkrIVODyAOa + L/VtOmurKSOYMsUhLHB4GPpQBauptaNrMJLeILsbJDnIGOe1R6fNrAsYBDbx + MgRdpLkEjH0qa71vS5LWaNLgFmRgBg9SPpUen6zpkNjbxSzhXRFBGDwQPpQB + VtJdWGo3xjgjMh8veC5AHy8YPfijUJdWM1n50EakSjZhyctjoadaatp0eo30 + zzAJL5e04PO1cHtRqOradNNZtFMGEcoZuDwMdelAFy4m1swSB7eILtOSHPTH + 0qvpsusCwgEEEbRhRtJcgkflVq41vSnt5UW4BLKwAwepH0qvpmsabBp8EMs4 + V0UAjB4P5UAV7aXVhqd4yQRmUiPeC5wOOMHFGpS6qWtPPgjUidCuHzlucA+1 + OttW05NUvJ3mAjlEe04PO0c9qNT1bTp2szFMG8udHbg8KM5PSgC9LNrflvut + ogMHPzn/AAqnpUurrp8At4I2jA4Jcgnn0xV+XXNJaJ1FwCSCOjf4VS0rWNNt + 9OghmnCuq4IweOfpQBDBLq39q3LLBGZSibhuOAO2DRqkuqstt58EagToVw+c + tzgH2p0Gracmq3Nw0wEbogU4PJHXtRqmradcLbCGYNsnjc8HhRnJ6UAaDTa5 + tObaLp/fP+FZ2kS6sunQi2gjeMA4LOQTye2K0213SSpAuB09G/wrO0fV9Ott + NhgnnCOoORg+pPpQAyOXVf7WmZYI/O8pcrv4AzxzRqsurNDF9ogjUeamMOTl + s8CnRatpy6vNcGYeW0SqDg9QfpRquradcQwrDMGKyox4PQHk9KANLztd/wCf + aL/vs/4Vl6PLqy6dELaCN4/mwWcg/eOePrWt/b2kf8/A/Jv8Ky9G1bTrbToo + Z5gjruyMHuxPYUANWXVv7YdhBH53kgFd5xt3dc+uaNWl1ZrZRcQRovmJyHJO + c8U5dW04aw9yZh5RhChsHruzjpRq+radcWqxwzBmEiHGD0B57UAaXna7/wA+ + 0X/fZ/wr5y8Ubjqz7hj5R/Wvo/8At7SP+fgfk3+FfOHihg2rOVOflH9aCono + ngB71bWM2sau3lyDDHA2+Z1/Ou11eXVmsmFzBGibl5VyTnIx2ri/h/e2tpax + vcSBFEci5wepkzjj2rttY1bTrmxaKCYO5ZDjB7MCeooEzS87Xf8An2i/77P+ + FZeky6stswt4I3XzH5LkHOea1v7e0j/n4H5N/hWXpGradb2rRzTBWMjnGD0J + 47UCGtLq39sIxgj87yThdxxt3dc+tGsS6s2nSi5gjSP5clXJP3hjj605tW04 + 6ylyJh5QhKlsHruzjpRrOradc6dLDBMHdtuBg9mB7igDS87Xf+faL/vs/wCF + ZelS6ssM32eCNh5r5yxHzZ5Fa39vaR/z8D8m/wAKy9J1bTreGZZpgpaZ2HB6 + E8HpQA2WXVv7WhZoIxKI2wu/gjPPOKdq8urNp0wuII0jIGSrkkcjtiiXVtOb + V4bgTDy1iZScHgk/Snaxq+nXOmzQwTh3YDAwfUe1AF5Ztc2jFtF0/vn/AArN + 0yXVlW58iCNszyFsvjDcZA9q1F13SQoBuB09G/wrN0vVtOgW6E0wXzJ5HXg8 + qcYPSgBs8urf2rbM0EYlCPtG44I75NSarLq7afOLiCNYyOSHJI59MU2fVtOb + Vba4WYGNEcMcHgnp2qTVdY02406eGGcM7LgDB55+lAFqKbW/KTbbREbRj5z6 + fSs/TZdVDXfkQRsTO5bL4w3GQPatKLXNKWJFa4AIUA8N6fSs/TNW06BrwyzB + fMnd14PKnGD0oAbcy6sdTs2eCMSgSbAHODxzk4qbUpdYNhOJ7eNYyp3EOSQP + yqO51bTn1SznSYGOISbjg8bhx2qbU9Y0yewnhinDO6kAYPJ/KgCa3m1sQRhL + eIrtGCXPTH0qjp8urCa88mCNiZTvy5GGx0FaFvrelJbxI1wAVVQRg9QPpVHT + tW06Ga8aWYKJJSy8HkY69KAG3curHUbEyQRiQGTYAxIPy85PbirGoTawbGcT + W8SoUbcQ5JAx9Khu9W06TUbGZJgUiMm44PG5cDtVjUNZ0yaxuIopwzujADB5 + JH0oAdaTa0LWER28RQIuCXOSMcdqp2MurC6vTFBGzGQbwXIAOO3HNXrTWtLj + tIY3uAGVFBGD1A+lU7DVtOhur2SSYKssgKnB5GPpQA29l1Y3tkZYIw4ZtgDk + gnHOfSrV7NrJs5xLbxKhjbcQ5JAxz2qve6tp0t7ZSxzArEzFjg8AjHpVq91r + S5bK4ijnBZ43AGDySOO1ADbGbWRZW4it4mQRptJcgkYGO1VbOXVhe3pjgjLl + k3guQAccY9auWOtaXFZW8Uk4DJGgIweCAM9qq2WradFfX0skwCSshU4POFwe + 1ADb+XVTc2ZlgjVhIdgD5BOO/FXLqbWjazCS3iC7GyQ5yBjntVW/1bTprmye + OYMsUhLHB4GPpVy71vS5LWaNLgFmRgBg9SPpQBBp8usCxgENvEyBF2kuQSMf + SoLSXVRqN8Y4IzIfL3gvwPl4wcc8Va07WdMhsbeKWcK6IoIweCB9Kr2mradH + qV/O8wCS+VtODztXB7UAN1CXVjLZ+dBGpEw2YcnLY6Gr082tmCQPbxBdpzhz + 0x9Kp6jq2nTS2bRTBhHMGbg8DB56VfuNc0p4JEW4BLKQOG6kfSgCppkusLYQ + CCCNowo2kuQSPpiobeXVRqd2yQRmUrHvBc4HHGDirGmaxpsGnwQyzhXRQCMH + g/lUNtq2nJql5O0wEcixhTg84HPagBupy6sTaefBGuJ0K4YnLc4B9q0JZtb8 + t91tFjBz85/wqjqeradObTypg3lzo7cHhRnJ6Voy65pLROouASQR0b/CgDP0 + qXV10+AW8EbRgcEuQTz6YpkMurf2rcMsEZlKJuG7gDtg1LpOr6bb6dBDNOFd + RgjB45+lMh1bTl1W5uGmAjdEAODyR17UAN1SXVmW28+CNcToVw+ct2B9q0mm + 1zaf9Gi/77P+FZ+qatp062whmDbJ43PB4UdT0rTbXdJ2n/SB+Tf4UAZekS6s + unQi2gjeMA4LOQTye2KSOXVv7XlYQR+d5S5XdxjPBzT9H1fTrbTYYJ5wjqDk + YPqT6UkeracurzXJmHltEqg4PUH6UAN1WXVWhi+0QRqvmpjDk/NngVqedrv/ + AD7Rf99n/Cs3VtW064hiWGYMVlRjwegPJ6Vqf29pH/PwPyb/AAoAydHl1ZdP + jFtBG8eWwWcg/eOePrQsurf2wzCCPzvJA27zjbu659c07RtW06206OGeYI6l + sjB7sT6ULq2nDWWufOHlGALuwfvbs46UAN1aXVmtQLiCNF3pyrknOeK1PO13 + /n2i/wC+z/hWbq+radcWqxwzBmEiHGD0B57Vqf29pH/PwPyb/CgDJ0iXVlsg + LaCN03NyzEHOeaPN1X+2Q3kR+d9nxt38bd3XOOuado+radbWQinmCNuc4weh + PHaj+1tO/toXXnDyvs+zdg/e35x09KAG6xLqzWLC5gjRNy8qxJzkYrU87Xf+ + faL/AL7P+FZus6tp1zYtFBMHcspxg9mBPUVqf29pH/PwPyb/AAoAydJl1ZbZ + xbwRsvmPks+Oc81Yge9fXYzdxrG3kt91s8Z/xqHSdW063tnSaYKxkdgMHoTx + 2qeG+tbvXY3tpA48ll6HrnPf2oA6SiiigAooooAKKKKACiiigD//1v3gnRP7 + bthtGPKftT9cRBpVwQoBwO3uKy5dMC6rBB9quDujc7jJ8wx2Bx0p2raWINOm + l+13Em0D5Xkyp5HUYoA6WKOPy0+UdB2rJ0ZEP27Kg4upe30pI9GBRT9tuhkD + /lr/APWrP0zTBN9r/wBKnTy7iRPlfGcY5PHJPc0AaN0if21ZDaMFJO3tU2sx + oNLuSFAOz0rIuNMCapawfapzvVzuL/MMDsccZ71JqelCGwnl+13D7VztaTKn + 6jFAHQW8cf2eL5R91e3tWZpKIZb/ACoOLhu3sKbDo4aGNvttyMqDgScdPpVD + TtME0l2PtVwnlzMvyyYzjHJ45NAGjeon9r6cNowRN2/2RVnVo0GmXJCj7jdq + xbrTAmpWUP2q4bzPN+YyZZcLn5TjjPeptR0oQ2M8v2u4fahOGkyp+oxQBt2c + aG0gJUfcXt7Vn6WiG61DKjib09qittID20T/AGy5XcinAkwBkduKp2GmCW4v + F+1Tp5cmMrJgtx1PHJoA0b9EGp6cAo5aTt/s1b1ONBp10Qo/1T9vasO80wR3 + 9lF9qnbzC/zGTLLhc/KccZ71ZvtJEVlcSfbLl9sbHDSZBwOhGOlAGtYRobC2 + JUf6tO3+yKo6ciG/1AFRxIvb/ZqCz0gSWkEn2y5XcinCyYAyOgGOlVbLTBJd + 3sf2qdfLdRlXwWyP4jjmgDR1JEF9pwCjmRu3+zV6/jQWFyQo/wBW/b/ZNYF9 + pgiu7KP7VO3mOwyz5K4H8JxxVq80gR2k8n2y5bajHDSZBwOhGOlAGlpkaHTr + UlR/q07e1VLBEOqakCo4aPt/s1WsNJEtlBJ9suU3IpwsmAMjoBjpVez0wSX9 + 9F9qnXyynzB8M2V/iOOcdqANHVEQXOn4UczentWjdxp9km+Ufcbt7Vzt/pgi + ns1+1XD+ZLty0mSvHUccGrtzpAS3lf7ZcttRjgyZBwO/FAF3SY0OmWxKj7i9 + qrWaIdY1EbRgCHt/s1U07ShNYwS/a7hNyA7Vkwo+gxUNrpgfUr2H7VcL5Yj+ + YSYZsr/Ecc47UAaOrogksMKBm4Tt9a07iOP7PL8o+63b2rm9R0wQvaD7VO/m + TKvzPnbnPI44NX5tHCwu3225OFJwZOOn0oAsaMiHS7YlQTt9KhtkT+2r0bRg + JH29qpaXpQn0+CX7XcJuXO1JMKPoMVHBpgbVLqH7VONiodwk+Y5Hc45x2oA0 + dYRB9hwoGbqLt9a1pI4/Lb5R0PauY1PTBD9l/wBKuH33EafM+cZzyOOCOxrR + fRgEY/bbo4B/5a//AFqAH6GiHSrclQTg9vc0yBE/tu5G0Y8pO1UNJ0sT6dDL + 9ruI9wPypJhRyegxTYtMDarPB9quBtjQ7hJ8xz2Jx0oA0daRBFbYUD/SI+3v + WyY48fdH5VyuqaYII4D9qnk3TIvzyZxnuOOo7VpnRh/z/XX/AH9/+tQA3w+i + HSLclQT83b/aNEaJ/b0o2jHkL2/2qztG0wXGmwzfariPdu+VHwowxHAxQmmA + 6vJb/argYhDbvM+Y89M46UAaOuIgtY8KB++j7e9bPlx/3R+VcrqumCC3R/tU + 8mZEGHkyOT16da0/7FH/AD/XX/f3/wCtQA3QEQ6YhKg/M/b/AGjQET/hIGG0 + Y+zDt/t1naPpguLFJftU8eSw2o+F4Y9sUDTB/bBt/tVx/qA2/f8AP97GM46e + 1AGjryILDIUD507f7VbPlx/3R+Vcrq+mC3s/M+1TyfOgw75HJ9MVp/2KP+f6 + 6/7+/wD1qAG6EiGxOVB/eP2/2qGRP7fUbRj7Me3+3WdpOmCe0L/ap4/ncYST + A4PXpQdMH9sLb/arjmAtv8z5/vYxnHT2oA0dfRBpcpCgcp2/2hWz5cf90flX + K6xpgt7CSX7VcSYK/K8mV5YDpitP+xR/z/XX/f3/AOtQA3REQ20uVB/fSdve + iVE/t6EbRjyG7e9Z2laYJ4JG+1Tx4ldcJJgHB6njrRJpgGrxW/2qc7ombdv+ + YYPQHHSgDS19EGkXBCgH5e3+0K1xHHgfKPyrltY0wW+mzTfariTbt+V5Mqcs + ByMVpDRhgf6bdf8Af3/61ACaKiGO6yoP+kSdqJ0T+27UbRjy37VnaXpgnS4P + 2qdNszr8j4zjueOp70TaYF1W3g+1TnejncZPmGOwOOlAGrriINKuCFAO0dvc + VpRRx+WnyjoO1c3quliDT5pftdxJtA+V5Mqee4xV2PRgUU/bboZA/wCWv/1q + AF0dEJvsqDi6k7fSvIfioqrrdqFGP9HHT/favTdM0wTG7/0qdPLndflfGcY5 + PHJ9TXlPxKtfsmsW0fmyTZgBzI24j5m4+lBUTd8CKD4T1QkciU/+grXrttHH + 9ni+UfcXt7V4z4ItfN8N6jcedIvlyH5FbCH5V6jvXqEGjhoY2+23IyoOBJx0 + +lAmP0lEM1/lRxcN29hReog1fTQFGD53b/ZFZ2naYJZLwfap08uZl+WTG7AH + J45NF1pgTUrGH7VcN5vm/MXyy7Vz8pxxnvQI2tVjQabckKP9W3b2qezjT7JB + 8o+4vb2rF1HSRFYzy/a7h9qE4aTKn6jFS22kB7aJ/tlyu5FOBJgDI7cUAS6Y + iG71DKjiX09qNQRBqenAKOWk7f7NZ1hpgluLxPtU6eXJjKvgtx1PHJovNMEd + 9ZRfap28xn+Znyy4X+E4496ANzU40GnXRCj/AFT9vY07T40NhbEqP9Unb/ZF + ZV9pIisriT7ZcttjY4aTIOB0Ix0pbPSBJZwSfbLld0anCyYAyOgGOlAE+nIh + v9RBUcOnb/Zo1JEF9p4CjmRu3+zWdZaYJLy9j+1XC+W6jKyYLZH8RxzRfaYI + 7uyj+1XDeY5GWkyV46rxwaAN+/jQWNwQo/1b9vY1HpcaHTbUlR/q17e1Z93p + AjtJpPtly21GODJkHA6HjpTLDSRLYwSfbLlNyKcLJgDI6AY6UAWbBEOq6kCo + wDF2/wBmjVEQXOn4UczDt7VnWmmCTUL6L7VOvlGP5hJhmyufmOOcdqNQ0wRT + 2a/ap38yXblnyV46jjg0AdFdxx/ZZvlH3G7e1VtIjQ6ZbEqPuDtVO40cJbyv + 9suW2qxwZMg4HfioNO0oTWEEv2u4TcgO1ZMKPoMUAW7NE/tjUBtGAIe3+yaN + WRBJYYUDNwnb2NZ1tpgfUr2H7VcL5Yj+YSYZsj+I45x2o1HTBC9oPtVw/mTK + vzSZ25zyOODQB0s8cfkSfKPunt7VQ0VEOl2xKgnb6e9QTaOFidvttycKTgyc + dPpVTS9LE+nwS/a7iPcudqSYUfQYoAu2yJ/bV6NowEj7e1GsogFlhQM3UXb6 + 1nQaYG1S6g+1TjYqHcJPmOfU45x2o1PTBCLX/Srh988a/NJnGc8jjgjsaAOo + eOPY3yjoe1ZehIh0m3JUE4Pb3NMfRgFJ+23XQ/8ALX/61UNJ0sT6dDN9ruI9 + wPypJhRyegxQBfhRP7cuRtGPKTt70a2iCG3woH7+Pt71nRaYG1aeD7VONsan + cJPmOT0Jx0o1XTBBFC32qeTdMi/O+cZPUcdfSgDqvLj/ALo/Ksbw+iHSLclQ + T8/b/aNO/sUf8/11/wB/f/rVmaNpguNNhm+1Tx7t3yo+FGGI4GKANGNE/t6U + bRjyF7f7VGuIgtI8KB+9j7e9ZyaYDq8lv9qn4hDbt/z9emcdKNV0wQW6P9qu + JMyIMPJkcnr060AdV5cf90flXnOp6HqeveG4bDTXiiDSs0hkJGQrHAGFPfn8 + BXX/ANij/n+uv+/v/wBaszSNMFxYrL9quI8swwkmF4YjpigDyJvhzr4vDZB4 + GkCeZw7YxnHdRXFXlrLY3c1lNjzLd2jbByNynBxX0l/Zg/tk2/2q4/1G7f5n + z/exjOOntXztrIxrF8NxbE8vLHJPzHkn1oLTN628CeJby1hvLa2V4p0V1PmI + CVYZHBIrr/h/ouvaZqrT3Nr/AKHOrRu29CAy8g4Bz1GOneu80TRw2jWDfbLl + c28RwsmAPkHAGOlGk6YJ7Uv9qnj+dxhJMDg9enWgTZosif2+g2jH2Y9v9ujX + 0QaVKQoHKdv9oVnNpgGsLb/ap+YC2/f8/wB7GM46e1GsaYLfT5JftVxJgr8r + vlTlgOmKCTqvLj/uj8qxtERDbzZUH99J296d/Yo/5/rr/v7/APWrM0rTBPDK + 32q4j2yuuEfAOD1PHWgDRlRP7dgG0Y8lu3vS6+iDSLghQDhe3+0KzZNMA1aK + D7VcHdEzbt/zDB6A46UusaWLfTppvtVxJtx8ryZU/MOoxQB1Cxx7R8o6elY+ + iohju8qD/pMnb6Uq6MMD/Tbr/v7/APWrN0vTBOlwftU8eyd1+R8Zx3PHU9zQ + Bo3CJ/bdoNox5cnapNbRBpVwQoB2jt7isqbTAuq28H2qc70c7jJ8wx2Bx0p+ + q6WINPml+13Em0fdeTKnnuMUAdHFHH5SfKPujt7VlaOiE32VBxcydvpSR6MD + Gp+23QyB0l/+tWfpumCY3f8ApVwnlzuvyyYzjHJ45PqaANG6RP7ZsRtGCsvb + 2FT6xGg0u5IUA7D2rHuNMCanaQ/apz5iyHcZPmGB2OOM96l1PShDYTy/a7h9 + qk7Wkyp+oxQBvW0afZovlH3F7e1Zukohmv8AKg4nbt7CmQaOGgjb7bcjKg4E + nA4+lUdO0wTS3i/ap08uYrlXwW46njk0AaN6iDV9NAUYPndv9mrOqxoNNuSF + H+rbt7Vi3WmBNRsYftVw3m+b8xfLLtXPynHGe9T6hpIisZ5ftdw+1GOGkyDg + dxigDaso0+xwfKP9Wvb2FZ+mIhu9Qyo4lHb2qK10gPbQv9suV3IpwJMAZHbi + qdhpglubxPtVwnlyYysmC3HU8cmgDR1BEGpacAo5aTt/s1c1KNBp10Qo/wBU + /b/ZNYV5pgjvrKL7VO3mM4y0mSuB/CccVZvtJEVlcSfbLltkbHDSZBwOhGOl + AGrp0aHT7YlR/qk7f7IqlpyIdQ1EFRw6dv8AZqCy0kSWcEn2y5XdGpwsmAMj + oBjpVWy0wSXl7H9qnXy2UZWTBbI/iOOaANHUkQXun4UcyHt7Vfvo0FlcEKP9 + W/b2Nc/faYIrqyT7VO3mORlpMleOq8cGrd3pAjtZn+2XLbUY4MmQcDoeOlAG + hpcaHTbUlR/q17e1VbFEOq6kCo4MXb/ZqtYaSJbGCT7ZcpuRThZMAZHQDHSq + 9ppgk1C+i+1XC+WY/mEmGbK5+Y45x2oA0dVRBcWGFHM47e1aN3Gn2Wb5R9xu + 3tXO6hpgims1+1Tv5koXLPkrx1HHBq7caOEt5X+23J2qxwZMg4HfigC5pEaH + TLYlQTsHaq9oif2xqA2jAEXb/ZNVNN0oTWEEv2u4TcoO1ZMKPoMVDbaYH1O8 + h+1Tr5Yj+YSYZsjucc47UAaOrogexwoGblO31rUnjj8mT5R909vaua1LTBC1 + oPtVw/mTqvzSZxnPI44PvV+XRwsTt9tuTgHgycdPpQBPosaHS7YlQTt9Peor + ZE/tu8G0Y2R9qpaXpQn0+CX7XcR7lztSTCjnsMVHBpgbVLmD7VONiIdwf5jn + 1OPyoA0dZRAtnhQM3MXb61rvHHsb5R0PauX1TTBCLX/Sp33zovzyZxnPI44I + 7GtF9GAUn7bdcD/nr/8AWoAdoSIdJtyVBOD2/wBo02FE/ty4G0Y8lO3vWfpG + li406Gb7VcR7gflSTCjk9Biki0wHVpoPtVwNsancJPmOT0Jx0oA0daRBDb4U + D9/H2962fLj/ALo/KuV1TTBBFC32q4k3TIuHkyBk9Rx19K0/7FH/AD/XX/f3 + /wCtQA3w+iHSYCVBPz9v9o0Iif2/INox9nHb/arO0bTBcadFN9quI9275UfC + jDEcDFC6YDrD2/2qfiENv8z5/vYxnHSgDR11EFmmFA/ex9vetny4/wC6Pyrl + dW0wQWyv9qnkzIgw8mRyevTrWn/Yo/5/rr/v7/8AWoAboKIdOUlQfmft/tGj + Yn/CQY2jH2X0/wBus7SNMFxZLJ9qnjyzDCSYHBPbFH9mD+2fs/2q4/499+/f + 8/38Yzjp7UAaOvIg08kKB86dv9oVs+XH/dH5Vyur6YILIyfap5PmUYeTI5I7 + YrT/ALFH/P8AXX/f3/61ADdCRDZMSoP7yTt70Oif2+g2jH2c9v8AarO0nTBP + as/2q4j+dxhJMDg9enWhtMA1hLf7VPzCW37/AJ/vYxnHSgDR8QIg0mYhQDlO + 3+0K2fLj/uj8q5XWdMFvp0sv2qeTBX5XkypywHIxWn/Yo/5/rr/v7/8AWoAb + oiIYJ8qD+/k7e9EqJ/bsA2jHkv296ztK0wTwyt9quI9srrhJMA4PU8dfWiTT + ANWhg+1TndEzbjJ8wwegOOlAGnryINJuCFAOF7f7QrWWOPaPlHT0rl9X0sW+ + nTTfariTaB8ryZU8jqMVorowwP8ATbr/AL+//WoATRkQpd5UH/SZO30ouET+ + 27QbRjy5O1Z2l6YJluT9qnTZO6/JJjOO546nuaJtMC6rbQfapzvRzuL/ADDH + ocUAa2txoNKuCFAO309xWhDHH5KfKPujt7Vzmq6WINPnl+13Em0fdeTKnnuM + Vdi0YGND9tuhkDgSf/WoAXSEQtfZUHFzJ2+lF2if2zYDaMFZe3sKztN0wTNd + /wClXCeXO6/LJjOMcnjk+9FxpgTU7OH7VcHzBJ8xkyy4HY44z3oA2NYjQaZc + kKAdh7Vbto4/s0Xyj7i9vasHUtKENhPL9ruH2qTtaTKn6jFWYNHDQRt9tuRl + QcCTgcduKAH6UiGe/wAqOJz29hRfIg1bTQFGD53b/ZrO0/TBLLeL9qnTy5Su + VkwW46njk0XemCPUbGH7VO3m+Z8xfLLhc/KccZ70AbeqxoNNuSFH+rbt7VLZ + RobK3JUf6tO3tWNqGkiKxnl+2XD7UY4aTIPHQjFS2ukB7WF/tlyu5FOBJgDI + 7cUAS6YiG81DKjiUdvajUEQajpwCjl37f7NZ1jpglubxPtU6eXIBlZMFuOp4 + 5NF5pgjvbKP7VcN5jOMtJkrhf4TjigDd1KNBp90Qo/1T9v8AZNLp0aHT7YlR + /qk7f7IrKvtJEdlcSfbLltkbnDSZBwDwRjpS2WkiSzgk+2XK7o1OFkwBkdAM + dKAJ9PRDqOogqOHTt/s0amiC808BRzKe3tWdZaYJL29j+1Tr5bKMq+C2R/Ec + c0X2mCK6sk+1Tv5khGWfJXjqvHBoA6C+jT7FcfKP9W/b2NRaXGh022JUf6te + 3tVC60gJazP9suW2oxwZMg4HQ8VFp+kiWxgk+2XCbkU4WTAGR0AxQBasUQ6t + qQKjAMXb/Zo1VEE9hhRzOO3sazrTTA+o30P2q4XyvL+YSYZsrn5jjnHajUNM + EU1mv2qd/MlC5aTJXjqOODQB0d1Gn2ab5R9xu3tVTR40OmWxKgnYO1VLjRwk + Ejfbbk4UnBk4PHfiq+m6UJrCCX7XcJuUHasmFH0GKALloif2zfjaMBYu3+zR + q6IHscKBm5Tt9azrbTA+p3kP2qdfLEfzB8M2R3OOcdqNS0wQtaD7VcP5k6L8 + z5xnPI44PvQB000cfkv8o+6e3tWfoiIdKtyVBO3096hl0YCNz9tujgHgyf8A + 1qpaXpYn0+CX7XcR7l+6kmFHPYYoAvW6J/bV4NowI4+1GtIgSzwoH+kx9vrW + dDpgbVLmD7VcDYiHcH+Y59TijVNMEC2x+1XD750X53zjOeRx1HY0AdQ8cexv + lHQ9qytBRDpNuSoJw3b/AGjSNowCk/bbrp/z1/8ArVnaRpYuNOhm+1XEe4H5 + Ukwo5PQYoA0IUT+3bgbRjyU7e9GtogggwoH7+Pt71nR6YDq00H2qcbY1O4Sf + McnoTjpRqumCCGJvtU8m6VFw8mQMnqOOtAHVeXH/AHR+VY2gIh0mElQTl+3+ + 0ad/Yo/5/rr/AL+//WrM0fTBcadFN9quI9275UkwowxHAxQBooif2/INox9n + Hb/ao1xEFmmFA/ex9ves5dMB1d7f7VccQht3mfP97GM46Uatpggtlf7VcSZk + QYeTI5PXp1oA6ry4/wC6Pyr5d8Vf8hZ/90fzNfRf9ij/AJ/rr/v7/wDWrym8 + 8B6prsx1C0uIUjb5cSFt2VJHZTQNGx8OFVoIgQD+5k/9G13mvIg05iFA+dO3 + +0K5Hw54audKmTS7u5YSCFpN0DkDBfpkgce2Otbur6YLeyaT7VcSYZRh5Mjl + h2xQDOq8uP8Auj8qxtDRDZvlQf3snb3p39ij/n+uv+/v/wBaszSdME9sz/ap + 48SOMJJgcHr060CNF0T+34xtGPs57f7VGvog0mYhQDlO3+0Kzm0wDWEt/tU/ + MJbd5nz/AHsYzjpRrGmC306WX7VcSbdvyvJlTlgORigDqvLj/uj8qxtERDBP + lQf38nb3p39ij/n+uv8Av7/9aszStME8Uzfap49srrhJMA4PU8daANGZE/ty + 3G0Y8l+3vTtdRBpNwQoBwO3+0KzJNMA1aGD7VcHdGx3GT5hg9AcdKXV9LFvp + 0032q4k2gfK8mVPI6jFAHTpHHsX5R0HasjRkQreZUHFzL2+lKujAqD9tuun/ + AD1/+tWbpmmCZbn/AEq4TZO6/LJjOO545J7mgDRuET+2rMbRjy5O1S62iDSr + ghQDt9PesmbTAuqW0H2qc70c7i/zDHocU/VNLEGnzy/a7iTav3Xkyp57jFAH + RQRx+TH8o+6O3tWXpCIXvsqDi5ft9KbFo4aJG+23QyAcCTj+VUNN0wTNdj7V + OnlzuvyyYzjHJ45PvQBo3aJ/bNgNowVl7f7NWNXjQaZckKPuHtWNc6YE1Ozh + +1Tt5gk+YvllwOxxxnvU2paUIbCeX7XcPtUna0mVP1GKAN21jj+yw/KPuL29 + qzdKRDPf5UcTnt7Co7fRw8EbfbbkZUHAk4HHbiqWn6YJZrxftVwnlylcrJgt + x1PHJoA0b5EGraaAowTL2/2atapGg025IUf6tu3tWJd6YI9RsYvtU7eaZPmM + mWXC5+U44z3qfUNJEVjPJ9suH2oxw0mQcDoRigDZsY0NlbkqP9Wnb2FUNMRD + e6hlRxKO3tUNppAktYX+2XK7kU4EmAMjoOOlVLHTBLdXqfap08uQDKvgtx1b + jk0AaOoIg1DTgFHLv2/2au6jGg0+5IUf6p+3+yawb3TBHe2Uf2qdvMZhlpMl + cD+E44q1e6SI7OeT7ZcttjY4aTIOB0Ix0oA09NjQ6fakqP8AVJ2/2RVPT0Q6 + jqIKjhk7f7NV7HSRJZW8n2y5XfGhwsmAMgcAY6VWs9MEl7ex/ap18tkGVkwW + yP4jjmgDR1NEF5p+FHMp7e1X72NBZXBCj/Vv29q5+/0wRXNmn2qd/MkIy0mS + vHUccGrl1pAS1mf7ZcttRjgyZBwO/FAF/So0Om2xKj/Vr29qq2KIdW1IFRge + T2/2aq6fpIlsYJftdwm5FOFkwBkdhioLTTBJqN9D9qnXyvL+YPhmyufmOOcd + qANHVUQTWGFHM69vY1pXMcf2aX5R9xu3tXOahpgils1+1XD+ZMFy0mSvHUcc + Gr0+jhYJG+23JwpODJwePpQBa0eNDplsSo+4O1QWiJ/bN+NowFi7e1U9N0oT + WEEv2u4TcoO1ZMKPoMVFb6YH1O7h+1Tr5YjO4PhmyO5xzjtQBo6wiBrHCgZu + Y+31rVmjj8l/lH3T29q5nUtMEJtP9KnfzJ0X5pM4znkccH3rQl0cLG7fbbo4 + B6yf/WoAl0REOlW5Kgnae3uajt0T+27sbRjy4+1UdK0sT6fDL9ruI9w+6kmF + HPYYpkOmBtVuIPtU42Ih3CT5jnsTigDR1lECWmFA/wBJj7fWtho49p+UdPSu + W1PTBCtuftVw++dF+eTOM9xx1HY1pNowwf8ATbr/AL+//WoAXQUQ6TbkqCcN + 2/2jTYkT+3ZxtGPJXt71n6RpYuNOhm+1XEe4H5Ukwo5PQYpI9MB1aW3+1Tjb + Erbg/wAxyehOOlAGjraILeHCgfv4+3vWz5cf90flXK6rpgghib7VPJulRcO+ + QMnqOOtaf9ij/n+uv+/v/wBagBugIh0qElQeX7f7RoVE/t9xtGPs47f7VZ2j + 6YLjT45ftVxHkt8qSYUYYjgYoXTAdYa3+1XHEIbf5nz/AHsYzjpQBo64iCyX + CgfvI+3vWz5cf90flXK6tpggtQ/2qeT50GHkyOT16da0/wCxR/z/AF1/39/+ + tQA3QUQ6eCVB+d+3+0aNif8ACQgbRj7L6f7dZ2kaYLizEn2qeP5nGEkwOD6Y + o/swf2yLf7VP/qN2/f8AP97GM46e1AGjryINNchQPmTt/tCtny4/7o/KuV1f + TBb2LS/ap5MMow8mRyR2xWn/AGKP+f66/wC/v/1qAG6GiG0kyoP72Tt70rKq + 6/FtAH+jt/6FWbpWmCe2d/tVxHiRxhJMDg9enWrEFn9l1yNfOll/cscyNuPX + GPpQB0tFFFABRRRQAUUUUAFFFFAH/9f9z5Z9UOqwO1qolEb7V3jBHc5p2rXG + qvp0y3FqscZAywcEjkdqdNqmntq9vOJ1MaRuCewJ6U/WNV0+fTZ4YZ1Z2AwB + 35FAFmO51rYuLJCMD/loKz9Mn1RftfkWqvm4kLZcDDcZHvj1rWj1nSxGoNwu + QBWbpWqWEP2zzZ1XzLiR1z3U4waAI7ifVDqlq72qiUK+1d4wRjnntipNTuNW + awnWe0RIyvLBwSB9KLjVNPfVrSdZ1MaLIGPYZHFS6rqunT6dPFFOrOy4AHeg + CaG51oQxhbNCNowfMHTFUNOn1RZLvybVXJmYtlwMNxx71qQazpiwxq1woIUA + /lWfpuqafDJeGWdVEk7Mue4IHNAEd1Pqh1KyZ7VVkXzdi7wQ2V557YqbUbjV + 2sZ1mtERChyRIDgfSm3Wqae+p2MyTqUj83cfTcuBU+patp01hcRRzqzshAA7 + mgBba51kW0QSzRlCLg+YBkYqnYT6otxeGK1V2aTLguBtOOnvWla6xpiW0KPc + KGVFBHuBVHTtUsIri9eSdVEku5T6jFAEd5Pqhv7JpLVVdS+xd+d3y85PbFWb + 641drK4WW0RUMbbiJAcDHJxUV5qmnyahYypOpSIybj6ZXAq1f6vpstjcRx3C + szxsAPUkUAR2dzrAtIBHZoyBFwfMAyMcGqtlPqi3d6YrVWdnXeC4G047etaF + lq+mx2cEb3ChljUEehAqnY6pp8V5fSSTqFkdSp9QBQBHfT6o13ZGW1VXV22A + ODuOP0q1eXOsG0nElmioUbJ8wHAxyahv9U0+W8sZI51ZY3YsfQEVcvdX02Sz + njS4Us0bAD1JBoAr2Fxq62UCxWiOgRdpMgGRjg4qvZz6oL++aO1VpGKb1342 + /Lxg981d0/V9NisbeOS4VWSNQR6ECq1lqlhHqF/K86hJTHtPrhcGgCO/n1Rp + 7My2qoyy5QBwdxx09qu3NzrJt5Q9miqUbJ8wcDFVtQ1TT5biyaOdWEcu5vYY + q9daxpj20qLcKSyMAPcigCnp1xq62MCw2iOgQYJkAyPpUNrPqg1K9ZLVWkYR + 7134C4XjB75q3puradDYW8Uk6q6oAQexqC11SwTVL6Z51CSCLafXC80AR6jP + qjPaedaqhEylcPnLc4HtV+a51owuGs0A2nJ8wdMVU1PVLCaSzMU6sI51Zsdg + M81oT6zpjQyKtwpJUgflQBn6XcasunwLBaI8YXhi4BP4VHBPqo1S6dLVTKVT + cu/gDHHPfNWdK1XToNOgilnVXVcEHtUVvqmnrqt3O06hHWMKfXA5oAj1OfVG + +y+faqmLiMrhwctzge2fWtF7nWtjZskxg/8ALQVS1TVNPm+yeVOreXcRu2Oy + jOTWm+taWUYC5XkGgDK0m41VNOhW3tVkjAOGLgE8ntTYp9UGqzutqplMabl3 + jAHY5qfR9V0+DTYIZp1V1ByD25NMh1TT11e4nM6iN40APYkdaAI9Un1R44PP + tVQCZCMODluwrT+1a3/z5J/38FUNW1SwnjgEU6sVmRjjsB1Nap1rSsf8fK0A + Y2jz6ommwrbWqyRjdhi4BPzHtQk+qf2vI4tV80wgFd4wFz1zUmi6pp9vpkMM + 06o67sg+7E0JqmnjWZLgzr5ZhVQ3bOelAEeqz6o9ugntVjXzEIIcHnPArT+1 + a3/z5J/38FUNX1TT57eNIZ1YiVCQPQHmtX+2tK/5+VoAxtHn1RLFFt7VZEy2 + CXx/Ec8UCfVP7YL/AGVfO8gDbvGNu7rn61Jouqafb6ekU06o4Zjg+7Ggapp/ + 9tG489fL+zhd3bduzigCPV59UezxcWqxpvTkODznitP7Vrf/AD5J/wB/BVDW + dUsLiy8uGdXbehwPQHmtX+2tK/5+VoAxtJn1VLQi3tVkXe/JcDnPIoM+q/2w + r/ZV87yCNu8Y27uufrUmj6pp9vaGOadVbe5wfQnig6pp/wDbS3Hnr5YgK7u2 + d2cUAR6xPqr2Ei3FqsceVywcE/eGOK0/tWt/8+Sf9/BVDWtU0+406SKGdXcl + cAezA1q/21pX/PytAGNpU+qpBIILVZF81ySXA5zyKJJ9U/teJzaqJREwC7xg + jPXNSaRqmnwW8izTqpMrsM+hPFEmqWB1mK4E6+WsTKW7ZJ6UAR6xPqr6bMtx + arHGduWDgkfMO1aQutbwP9CT/v4Kpa1qmn3GmTQwzq7ttwB7MDWmNa0vA/0l + aAMfS59URLjyLVXBmctl8YbuKJp9VOq27taqJQj7V38EdzmpNJ1TT4I7gSzq + peeRhnuD0NE2qae2r286zqY0jcE9gT0oATVbjVX0+Zbi1SOMgZYOCRz6Vdju + da2LiyQjA/5aCq2r6rp8+mzwwzqzsBgDvyKvx6zpYjUG4XIAoAydMn1RTd+R + aq+Z3LZcDDcZHv8AWvKfiVJdyaxbG8iELeQMANu43NzXrWl6pp8JvPNnVfMu + JHXPdTjBrzX4hQS6xq1vPpoE8awBSQQACGY45x2NA0SeCJLtfDeopFEGhMh3 + MWwR8q9u9eoQXOsiGMLZoRtGD5g6Yrzvwip03w5qFnekRTTSZRcgkjaB2z6V + 6VBrOmLBGrXCghQD+VAMy9On1RZLww2quTMxbLgYbA496LqfVDqVi0lqqyL5 + uxd4IbKjOT2xUmm6pp8Mt4ZJ1USTMy57ggc0Xeqae+p2EyTqUi83cfTcoAoE + P1G41drGdZrREQockSA4H0qW2udZFtEEs0ZQi4PmAZGKNS1bTprC4ijnVmZC + AB3NTWusaYltCj3ChlRQR7gUAZthPqi3F4YrVWZpPnBfG046e9F5PqjX1k0l + qqupfYN+d3y85PapNP1Swiub15J1USS5U+oxRe6pYSahYypOpSJn3H0yvFAE + t9cau1lcLLaIqGNtxEgOBjk4pbO51hbOAR2aMgjXaTIBkY4NSX+r6bLY3Ecd + wrM8bAD1JFLZavpsdlbxvcKGWNAR6ECgChZT6ot5etFaqzs67wXA2nHGD3ov + p9Ua7sjLaqrq52AODuOP0qSx1TT472+kedQsjqVPqAKL/VNPlu7GSOdSsbks + fQYoAnu7nWDaTCSzRUKNk+YDgY5NMsLjV1sYFitEdAi7SZAMjHXFWLzWNNks + 540uFLNGwA9SRTNP1bTYrC3ikuFVkjUEehAoApWk+qDUL5o7VWkYx713gBfl + 4we+aNQn1Rp7My2qoyy5QBwcnHT2qSz1Swj1G/ledQkpj2n1wuDRqOqafLcW + TRzqwjl3N7DHWgCzcXOsm3lD2aBSrZPmDgYqDTrjV1sIFhtEdAgwTIASPpV2 + 51jTHtpUW4UlkYAe5FV9M1bTodPt4pZ1V1QAg9jQBUtp9UGpXrJaq0jCPeu8 + YXA4575o1GfVWe0861VCJlK4fOW5wPapLXVNPTVL6Zp1CSCLafXC80anqmnz + PZmKdWEc6s2OwGeaALc1zrRicNZoBtOT5g9KqaXcasmnwLBao8YXhi4BP4Vo + zazpbQuq3CklSB+VUtJ1XToNOgilnVXVcEHtzQBXgn1QapdOlqplKpuXeMAd + uaNTn1Rha+faqmJ4yuHBy3OB7Z9akt9UsF1a7nadRG6RhT2JA5o1XVNPmFp5 + U6tsuI2bHZRnJoAuvda1tObJMYP/AC0FUNJuNVTToVt7VZIwDhi4BPJ7Vqvr + WllGAuV6Gs7R9U0+302CGadUdQcg9uTQBDFPqg1ad1tVMpjUFd4wBng5o1Wf + VHihE9qqATIRhwctngVJFqmnrq885nURtGgB7Eg0atqmnzxQLFOrFZkY47AH + k0AX/tWt/wDPkn/fwVmaNPqiabCttarJGN2GLgE/Mc8fWtn+2tK/5+VrK0TV + LC30yGGedUdd2QfdiaAI0n1T+15HFqvmmEArvGNueuaNWn1R7ZBcWqxr5iEE + ODzngVImqaeNZkuDOvlmEKG7Z3dKNX1TT57ZEhnViJEOB6A80AX/ALVrf/Pk + n/fwVmaRPqiWKrb2qyJubkuB/Ec8Vs/21pX/AD8rWVo2qafb2CxTTqjhnOD7 + sTQBH5+qf2yX+yr53kY27xjbu65+vavnDUXaTULl2GGaVyR7ljX0mNU0/wDt + s3Hnr5f2fbu7bt+cflXzNcP5lxK4/iZj+ZoKifTWmT6zHptpGlmhVYowD5g6 + BRUWkz6olqRb2qyLvfkuBznkVo2msaXHawxm4X5UUfkKpaPqlhb2hjmnVG8x + zg+hPFBJG0+qf2wrm1XzvII27+Nu7rn60axPqj6fItzarHHlcsHBI+YY4qRt + UsDrS3Hnr5YgK7u2d2cUa1qlhcadJFDOruSuAPZgaAL/ANq1v/nyT/v4KzNK + n1RIZRBaq6mVySXAwc8itn+2tK/5+VrK0nVNPgglWadVLSuwz6E8GgCOSfVP + 7Wic2qiURMAu8YIz1zS6xPqr6dMtxarHGcZYOCR8w7U+TVNPOsQ3AnXy1iZS + 3bJPSl1nVNPuNMnhhnV3bbgDvhgaALq3Wt4GLJP+/grN0ufVES48i1VwZ3LZ + fGG7j8K2F1rSwoH2lay9J1SwgS5Es6rvnkYZ7g4waAI5p9UOq27taqJQj7V3 + jBHc5p+q3GrPp8yz2qRxkcsHBI59KWbVLBtXtp1nUxpG4J7AnpUmr6rp8+nT + xQzqzsOAO/NAFiO51oRqFskIwMfvBWfps+qqbvybVXzO5bL4w3GR7/WtaLWd + LEaA3C5AFZul6pp8JvPNnVfMuHZc91OMGgCO4n1Q6naM9qokCybV3jB4557Y + qXU7jVmsJ1ntESMrywcEgfSkudU099Vs5lnUpGsgY9hkcVNqmradNp88UU6s + 7KQAO9AEkFzrIgjCWaFdowfMHTFUdOn1RZbww2quTMS2XAw2OnvWnb6zpiQR + q1woIUA/lVDTdU0+GW9aSdVEkzMue4x1oAjup9UOo2LSWqrIvm7F3ghsrzk9 + sCp9QuNXaxnWa0REKNuIkBwMelMu9U099TsJknUpF5u4+m5cCrGo6tp0thcR + RzqzMjAAdyRQAWtzrItoQlmjKEXB8wDIxVOwn1Rbm8MVqrM0mXBcDacdPetG + 01jTEtYUe4UMqKCPcCqWn6pp8VzevJOqiSTKn1GKAI7yfVGvrJpLVVdWfYA+ + dxxzk9qs31xrDWVwstoioY23ESA4GDk4qK91Swkv7GVJ1Kxs5Y+mV4q1f6vp + stjcRx3CszxuAPUkUAR2VzrC2cCxWiMgjXaTIBkY4NVbKfVFvL1orVWdmXeC + 4G044we9X7HV9NjsreN7hQyRoCPQgCqljqlhHe30jzqFkdSp9QBQBHfT6o11 + ZmW1VWVzsAcHccdPard3c6wbWYSWaKpRsnzAcDHNQX+qafLd2TxzqyxyEsfQ + Yq7eaxpklpOiXClmRgB6kigCtYXGrrYwLFaI6BF2kyAZGOuKr2k+qDUL5o7V + WkYx713gBfl4we+au6fq2mxWFvFJcKrJGoI9CBVaz1TT49Rv5XnUJKY9p9cL + g0AR6hPqjTWZmtVQrKCgDg7jjp7VduLnWTbyh7NApVsnzBwMVW1HVLCWeyaO + dWEcoZvYY61fudY0x7eVFuFJZGAHuRQBS0241ZbCBYbRHQKMEyAEj6VDbT6q + NTvGS1UyMI967xhcDjnvmrWmatp0OnwRSzqrqgBB7GobXVNPTVL2Zp1CSCPa + fXA5oAj1KfVWa0861VCJ1K4cHLc4HtV+W51oxOGs0AwcnzB6VU1PVNPmezMU + 6t5c6M2OwGcmtGbWdLaJ1FwpJUj9KAM7S7jVk0+BYLRHjC8MXAJ59Kjgn1Qa + rcutqplKJuXeMAduasaTqunQadBFLOquq4IPbmo4NUsF1a6nadRG6IAexI60 + AR6pPqjC28+1VMToVw4OW5wPxrRe51rac2SYx/z0FUtV1SwnFr5U6tsuI2bH + ZRnJrTfWtLKMBcr0NAGTpFxqqadCtvarJGAcMXAJ5Pakin1UatM62qmUxqCu + /gDPBzU2j6pp9vpsEM06o6g5B7cmmxapp66xPOZ18tolAPYkGgCPVJ9UeKET + 2qoBMhBDg5bPArT+1a3/AM+Sf9/BVDVtU0+eKFYp1YrMjHHoDya1f7a0r/n5 + WgDG0afVE06Jba1WSMbsMXAJ+Y54oWfVP7Ydxar53kgFd4xt3dc1Jomqafb6 + ZDDPOqOu7IPuxNCapYDWpLgzr5ZhC7u2d2cUAR6tPqj2yi4tVjXzEwQ4POeB + Wn9q1v8A58k/7+CqGsapYXFqiQzqzCRDgegPNav9taV/z8rQBjaRPqiWSrb2 + qyJubkuBzk54o8/VP7Z3/ZV877PjZvGNu/rn69qk0bVNPt7FYpp1RgznB92J + FH9qaf8A239o89fL+z7N3bdvzj8qAI9Xn1R7IrcWqxpuTkODzkY4rT+1a3/z + 5J/38FUNZ1TT7ixMcM6u25DgezCtX+2tK/5+VoAxtJn1RLVhb2qyLvfkvjnP + IoafVP7YRzar53kkBd/G3d1zUmj6pp8FoyTTqjGRzg+hPFDapYHWkuBOvliA + ru7Z3ZxQBHrE+qPp0q3NqscZK5YOCR8wxxWn9q1v/nyT/v4Koa1qlhcabLDB + OruxXAHswNav9taV/wA/K0AY2lT6qkMogtVcGVySXAw2eRRJPqp1aFzaqJRE + wC7xgjPJzUmk6pp8EMyyzqpaZ2GfQng0Sapp51iG4E6+WsTKT2yTQAzV59Vf + TpluLVY4yBlg4JHI7Vorda3gYsk/7+Cqes6pp9xps8MM6u7AYA78itJda0va + P9JWgDH0ufVUW58i1VwZ3LZcDDdx+FE0+qHVbZ2tVEoR9q7xgjvzUmlapp8C + XIlnVd88jDPcHoaJ9U09tXtp1nUxojgnsCelACarcas+nzrPaokZHLBwSOfS + rsVzrQjQLZoRgY/eCq+rarp8+nTxRTqzsuAB35q7FrOlrEim4XIAoAytNn1R + Wu/JtVfM7lsuBhuMj3ouJ9VOp2bPaqJAJNq7+Dxzz2xUmmapp8LXhlnVfMuH + Zc91OMGi51TT31SzmWdSkYk3H0yOKAF1K41ZrCdZrREQqcsHBIH0qzBc6yII + wlmhUKMHzByMVHqmradNp88UU6s7KQAO9WbfWdMWCNWuFBCgH8qAMzT59UWW + 8MNqrlpSXBcDDY6e9F3Pqh1GxaS1VZF8zYu8ENlecntipNN1SwhmvWknVRJM + WX3GOtF5qmnyanYTJOpSLzdx9Ny4FAD9QuNXaxnWa0REKNuIkBwMelS2tzrI + tYRHZoyhFwfMAyMcUajq2nS2FxFHOrMyMAB3JFS2msaZHaQo9woZUUEe4FAG + dYz6otzeGK1VmaQbwXA2nHT3ovJ9UN7ZNJaqrqz7AHB3HHOT2qSw1TT4rq9e + SdVWSQFT6jFF7qmnyX1jKk6lY2csfTK4FAEt9c6w1lcLLaIqGN9xEgOBg5OK + WyudYWzgEVmjII12kyAZGODUt/q+my2NxHHcKzPG4A9SQcUWOr6bHZW8b3Ch + ljQEehAFAFCyn1Rb29aK1VnZk3guBtOOMHvRfT6o11ZGW1VWWQ7AHB3HHQ+l + SWOqafHfX0jzqFkZCp9cCjUNU0+W6sXjnVljkJY+gxQBYurnWTazCSzRVKNk + +YDgY5qLT7jV1sYFitEdAi7SZAMjHXFWrvWNMktJkS4UsyMAPciotO1bTYrC + 3ikuFVlRQQexAoAp2k+qjUb5o7VWkby9678Bfl4we+RRqE+qNNZma1VCJQVA + cHJx09qktNU0+PUr+Z51CS+VtPrhcGjUdU0+WayaOdWEcwZvYY60AWbi51kw + SB7NApU5PmDgYqvptxqy2ECw2iOgUYYuASPpV641jTHt5UW4UllYD8RVbS9W + 06HT4IpZ1V1UAg9qAKttPqg1O8ZLVWlYR7l38Lxxz3zRqU+qM1p51qqEToVw + 4OW5wPapLbVLBNVvZ2nUJII9p9cDmjU9UsJmszFOreXOjNjsozk0AXJbnWjG + 4azQDBz+8FUtKuNWTT4FgtUeMDhi4BPPpWlLrOlmJwLhSSDVLSdV0+DToIpZ + 1V1XBB7c0AV4Z9UGqXLraqZSibl3jAHbmjVJ9UZbbz7VUAnQrhwctzgfjUkG + qaeurXU7TqI3RAD2JHWjVdUsJ1tRFOrbJ42OOyjOTQBea61vac2SYx/z0FZ2 + kT6qmnQrb2qyRgHDFwCeT2rWbWtLKkC5XpWdo2qafb6bBDNOqOoOQe3JoAhj + n1QatM62qmUxqCu8YAzwc0apPqjwxCe1VAJUIIcHJzwKki1SwGsTXBnXy2iV + QexINGrapp88MKxTqxWZGOPQHk0AX/tWt/8APkn/AH8FZmjz6qmnRLb2qyRj + dhi+CfmOePrWz/bWlf8APytZWi6pp9vpsUM06o67sg+7E0ARrPqn9sO4tV83 + yQCu8Y27uuaNWn1R7ZRcWqxr5ichwec8CpF1TTxrL3BnXyzAF3ds7s4o1fVN + PntVSGdWYSIcD0B5oAv/AGrW/wDnyT/v4KzNIn1RLILb2qyJubkuBzk54rZ/ + trSv+flaytG1TT7exEc06o25zg+5NAEfn6p/bO/7KvnfZ8bd4xt39c/XtRq8 + +qPZMtxarGm5eQ4PORjipP7U0/8Atv7R56+X9n2bu27fnH5Uazqmn3Fi0UM6 + uxZDgezAmgC/9q1v/nyT/v4KzNJn1RLZhb2qyL5j8lwOc8itn+2tK/5+VrK0 + jVNPgtWSadVYyOcH0J4oAjafVP7YRzar53kkBd4xt3dc0axPqj6dKtxarHGd + uWDgkfMMcVI+qWB1qO4E6+WISu7tndnFGtapp9xpssMM6u7bcAezA0AX/tWt + /wDPkn/fwVmaVPqiRTCC1VwZXJJcDDZ5FbP9taV/z8rWVpGqWEEMyzTqpaZ2 + GfQng0ARyT6odWhdrVRKI2AXeMEZ5OaXV59VfTpluLVY4yBlg4JHI7U+XVNP + bWIJxOvlrEwJ7Ak07WdU0+402eGGdXdgMAd+RQBcW61vaMWSdP8AnoKzdMn1 + RVufItVfM7lsuBhu4/Ctdda0sKAblelZmlapp8K3QlnVd9xIwz3U4waAI5p9 + UOqWztaqJQj7V3jBHfmn6rcas+nzrPaokZHLBwSOfSln1TT21a1nWdTGiOCe + wJ6VJq2q6fPp08UU6s7LgAd+aAJ4rnWhEgWzQjAx+8FUNNn1RWu/JtVfM7ls + uBhuMj3rVh1nS1iRTcKCFA/Ss7TNUsIWvDLOq+ZO7Lnupxg0AR3M+qHU7Nnt + VEqiTau8YbI557YqbUrjVmsJ1mtERCpyQ4JA+lNudUsH1WynWdSkYk3H0yOK + m1PVtOm0+eKKdWdkIAHc0APt7nWRBGEs0KhRg+YORiqWnz6qs14YbVXJlJYF + wMNjp71p2+saYlvEjXCgqqg/gKoadqmnxTXrSTqokmLL7jHWgCO7n1Q6jYtJ + aqsimTYu8EN8vOT2xU+oXGrtYzrNaIiFG3ESA4GPSmXmqWEmpWEyTqUiMm4+ + mVwKs6jq2my2FxFHOrMyMAPUkUANtLnWBawiOzRlCLg+YBkY4qpYz6ot1emK + 1VmaQbwXxtOOnvWjZ6xpkdpBG9woZUUEe4FUrDVLCK6vnknVVkkBU+oxQBHe + z6q17ZNJaqrqzbBvzuOOee1Wr251hrOdZbRFQxtuIkBwMcmob7VNPkvrGRJ1 + KxsxY+mVq3favpsllcRpcKWeNwB6kg0AQ2NzrC2VusVojII02kyAZGBg4qtZ + z6oL29aO1VnZk3guBtOOMHvV+w1fTYrG3jkuFVkjQEehAGaqWWqafHfX0rzq + FkZCp9cLg0AR38+qNc2ZltVVlkOwBwdxx09quXVzrBtZhJZoqlGyfMBwMc1X + 1DVLCW6snjnVljkJY+gxV271jTJLSZEuFLMjAD3IoAq6fcautjAsNojoEXaT + IBkY9KgtJ9UGo3zR2qtI3l713gBcLxg981c07VtOisLeKSdVZUUEHsQKr2eq + afHqd/M86hJfK2n12rg0AR6hPqjS2ZmtVQiYFQHBy2OntV6e51kwSB7NApU5 + PmDgYqrqWqafNLZNHOrCOYM3sMdav3Gs6Y0EircKSVIH5UAUdNuNWWwgWG0R + 0CjDFwCR9Kit59UGp3bJaqZSI9y7+Bxxz3zVrS9W06HT4IpZ1V1UAg9qhttU + 09NVvJ2nUJIsYU+uBzQBHqU+qMbTz7VUxOhXDg5bnA9q0JbnWjG4azQDBz+8 + FU9U1SwmNn5U6t5dwjNjsozk1oy6zpbROouFyQaAM3SrjVU0+FYLVHjA4YuA + Tz6UyGfVRqtw62qmUom5d4wB2OasaRqunwadBFNOquo5B7c1HBqmnrq1zO06 + iN0QA9iR1oAj1SfVXW28+1VAJ0K4cHLdh+NaTXWt4ObJP+/gqjquqafOlsIp + 1bZPGxx2A6mtRta0vaf9JWgDI0ifVU06Fbe1WSMA4YuATye1JHPqg1eVxaqZ + TEoK7xgDPXNTaNqmn2+mwQzTqjqDkHtyabHqmnjWJrgzr5bRKobtkHpQBHqs + +qPDEJ7VYwJUIIcHJzwK0/tWt/8APkn/AH8FUNX1SwngiWGdWKyoxx6A8mtX + +2tK/wCflaAMbR59UTT41t7VZIwWwxcAn5jnihZ9U/thnFqvneSBt38bd3XP + 1qTRdU0+306KKadUcFsg+7E0LqmnjWnuPPXyzAF3ds7s4oAj1afVHtQLi1WN + d6chwec8CtP7Vrf/AD5J/wB/BVDWNU0+e0VIZ1dhIhwPQHmtX+2tK/5+VoAx + tIn1RLMLb2qyJufkuBznnijz9U/tkP8AZV87yMbN4xt3dc/XtUmjapYW9kI5 + p1Rt7nB9CaP7U0/+2xc+evl/Z9m7tu35x+VAEesT6o9iy3Fqsabl5D55yMcV + p/atb/58k/7+CqGs6pYXFg0UM6uxZDgezCtX+2tK/wCflaAMbSZ9US2cW9qs + i+Y5JLgc55FWIJLyTXYzdwiJvJYYDbuM9fzqPSNU0+C2dJp1UmRzg+hPFTRX + ltda7G1vIHHkMMj13ZoA6OiiigAooooAKKKKACiiigD/0P3enhi/tu2XYuDE + /GBT9chhXSrhlRQQByAPUVmy6c66rBD9rmJaNzuLfMMdgcU/VtNeHTppTeTy + BQPlZsqeR14oA6GKCDy0/dr0HYVlaPDE327cinF1KBkDpxTo9JkKKft1wMgf + x/8A1qztM055vteLuaPZcSL8rY3YxyeOp70AX7qGIazZKEXBSTIwPSptYhhX + TLgqigheoArKuNOddUtYftcxLq53FvmXA7HHepdT014bCeQ3k8m1c7WbIP14 + oA3beCAwRkxr90dh6VmaTDE0t9uRTi4YDgegoh0qRoY2+3XAyoOA/HT6VQ07 + TnlkvALuZNkzL8rY3YxyeOtAF+8hhGr6coRQCJsjA5+UVY1aGFdNuSsaghD2 + FZF1pzpqVlF9rmYyeb8xb5lwvY4796n1HTHisZ5DeTvtQnazZB+vFAGxZwQG + 0gJjUkovYelZ+mQxNdX4ZFOJuOBxxTbbSne2if7bcLuRTgPwMjtxVLT9OeS4 + vFF3Mnly4yrYLcdTx1oAv38MQ1PTgEUAtJngc/LVvUoIRp1yRGoIifsPQ1i3 + mnOl/Yx/a5mMhf5i3K4Xtx3qzf6W8dlcSG9nfbGxwzZBwOh4oA1LCCE2NsTG + pJjTsPQVR06GI32oAopAkXHA4+Wo7PS3e0gcXtwu5FOA/AyOg4qpZac8l3eo + LuZfLdRkNgtkdTxQBf1GGIX2ngIoBkbPA54q9fwQixuSI1BEb9h6GsK+0547 + uyQ3cz+Y7DLNkrx1HFW7zS3jtJ3N7cNtRjgvwcDoeKAL+mQQnTrYmNSTGnYe + lVLCGI6nqKlFIDR4GBx8tQ2GlvJZQSC9nTcinCvgDI6Diq1npzvf30f2uZTG + U+YNy2V78dqAL+pwwi5sAEUZm54HpWhdwQC0mIjX7jdh6VgX+nPHPZqbuZ98 + uMs2SvHUcdau3OlSJbyt9uuGwjHBfg8d+KALWkwwtptsWjUkoOwqvZwxHV9Q + UopAEWBgcfLVfTtMeWxgkF5Om5AdqtgD6cVBa6c76nexfa5lMYj+YN8zZXuc + du1AF/VoYlksdqKM3CA4A9607iCAQSERr909h6Vzupac8UlmDdzPvmVfmbO3 + PccdavzaVIsMjfbrg4UnBfjp9KAJtGhhbS7dmRSSvUgVDbQwnWb1Si4CR4GB + 6VU0vTXm0+CQXk8YZc7VbAH04qODTnbVLqH7XMCiodwb5jkdzjtQBf1iGJfs + W1FGbqIHAHTmtaSCDy2/dr0PYVzWp6c8X2XN3M++4jX5mztznkcdRWi+kyBG + P264PB/j/wDrUALocMLaVbsyKSQeSB6mmQQxf23crsXAiTjAqnpOmvNp0Mov + J4wwPyq2FHJ6cUyLTnbVZ4ftcwKxodwb5jnsTjpQBf1qGJYrbaijNxGOAPWt + g28GP9Wv5CuY1XTnhjgJu5pN0yL8zZxnuOOorTOkSf8AP/c/99//AFqAI9Ah + ibSYGZFJO7kgf3jRHDF/bsq7Fx5CnGBj71UNG0559NhlF3NEG3fKjYUYYjgY + oTTnOryQfa5gRCG37vmPPTOOlAF/W4YVtYyqKP3sfQD1rZ+zwf8APNfyFcvq + 2nPDboxu5pMyIMM2RyevTqK1P7Ik/wCf+5/77/8ArUARaDDE2moWRSdz9QP7 + xoEMX9vsuxdv2YHGBjO+qGj6c89gkgu5o8lvlRsDhj7UDTn/ALZMH2ubPkBt + +75vvYxnHSgC/rsMS2GVRQd6dAP71bP2eD/nmv5CuX1fTngs95u5pPnQYdsj + k/StT+yJP+f+5/77/wDrUARaHDC1kSyKT5j9QP71DQxf28q7Fx9mJxgYzvqh + pOnPNaFxdzR/O4wrYHB69KDpz/2wsH2ubPkFt+75vvYxnHSgC/r0MS6ZKVRQ + cp0A/vCtn7PB/wA81/IVy+sac8GnySm7mkAK/K7ZBywHpWp/ZEn/AD/3P/ff + /wBagCLRIYWtpSyKf30nUD1olhi/t2Fdi4MLcYGOtUNK055oJGF3NHiVxhWw + Dg9enU0Sac41eKD7XMSYmbfu+Yc9AcdKANDXoYl0m4ZUUEbeQB/eFa4ggwP3 + a/kK5nWNOeDTZpTdzyhdvyu2VPzDqMVpDSZMD/T7j/vv/wCtQBHosMTR3W5F + OLiQcge1E8MI1u1UIuDG/GBVDS9OeZLgi7mj2zOvytjOO546mibTnXVbeH7X + MSyOdxb5hjsDigDT1uGFdKuGVFBCjkAeorRigg8tP3a9B2Fc9q2mvDp80pvJ + 5AoHys2VPI68Vej0mQop+3XAyB/H/wDWoAbo8MTG+3IpxcyAZA6cUXUMQ1mx + UIuCsuRgelUNM055jd4u5o9lw6/K2N2McnjqaLjTnXVLSH7XMS6yHcW+ZcDs + cd+9AGrrEMK6ZcsqKCF6gCrltBAbeImNfur2HpWHqemvDYTyG8nk2rnazZB+ + vFWoNKkaGNvt1wMqDgPwOPpQAaVDE01/uRTidgOB6Ci9hiGracoRQD52Rgc/ + KKoadpzyyXgF3MmyYr8rY3cDk8daLrTnTUrGI3czGTzfmLfMuFzwcd+9AGxq + sMK6bclY1BEbdh6VPZwQG0gJjX7i9h6Vj6jpjxWM8hvJ32oTtZsg+x4qa20q + R7aJ/ttwu5FOA/AyO3FADtMhiN3qAKKQJeOB6UX8MQ1LTgEUAtJngc/LVCw0 + 55Li8UXcyeXJjKtgtx1PHWi8050v7GP7XMxkZ/mLcrhe3HegDa1KCEadckRq + CIn7D0NO0+CE2FsTGpJiTsP7orMvtLeOyuJDezvtjY4Z8g4HQ8U6z0t5LOCQ + Xtwu6NTgPwMjoOKAJNPhhN/qAKKQHTHA4+WjUYYRe6eAigGRs8D+7VCy055L + y9jF3MvluoyG5bI78UX2nPHd2SG7mfzHIyzZK8dRxQBu30EIsbgiNQRG/Yeh + qPTIYTp1sTGpJjXsPSqN5pbpaTub24bajHBfg4HQ8Uyw0t5LGCQXs6bkU7Vf + AGR0HFAE9jDEdU1FSikAxYGBx8tGqQxLc2ACKMzDPA9KoWmnO+oX0X2uZTGY + /mDctlc88du1Goac8U9mpu5n3y4yzZK8dRx1oA6C6ggFrMRGv3G7D0qtpMML + abbFo1JKDqBVW40qRbeVvt1w2FY4L8Hj6VBpumPLYQSC8nTcgO1WwB9OKALN + nDCdX1BSikARYGBx8po1aGJZLHaijNwgPA6YNULbTnfUr2L7XMpjEfzBvmbI + 7nHbtRqOnPE9oDdzPvmVfmbO3OeRx1oA6KeCAQSERr909h6VR0aGFtLt2ZFJ + K9SB61FNpMixO3264OFPBf2+lVNL015tPglF5PGGX7qtgDntxQBbtoYjrV4p + RcBI8DA9KNYhhUWe1FGbmIHAHTmqEGnO2qXUP2uYFFQ7g3zHPqcdqNT054Ra + 5u5pN88a/M2cZzyOOooA6V4INjfu16HsKzNDhhbSrdmRSSDyQPU0PpMgRj9u + uOh/j/8ArVn6RprzadDKLyeMMD8qthRyenFAF2GGL+27hdi4EScYHrRrUMSw + 2+1FGZ4xwB61Qi05zq08P2uYFY1O4N8xz2Jx0o1XTnhihJu5pN0yLhmzjJ6j + jqKAOo+zwf8APNfyFY3h+GJtIgZkUk7uSB/eNSf2RJ/z/wBz/wB9/wD1qzNG + 0559NhlF3NEG3fKjYUYYjgYoAvxwxf29KuxceQpxgY+9RrcMS2kZVFB82PoB + 61QTTnOsSQfa5siENv3fN16Zx0o1bTnhtkY3c0mZEGGbI5PXp1oA6j7PB/zz + X8hWNoMMTaahZFJ3P1A/vGpf7Ik/5/7n/vv/AOtWXo+nPPYrILuaMFm+VGwO + GPtQBeMUK68wKLtFrnGBj79fK/JP1r6TubF49Qmj+1zZW1L793zcE8Zx0r5v + iG6VF9SBQVE+vVtrdVC+WvAx0FZGhwxNZEsik+Y/UD1qX+yJP+f+5/77/wDr + Vl6RpzzWhcXc0fzuMK2BwevSgkvtDF/b6LsXb9nJxgYzuo1+GJdLlZUUHKcg + D+8KoNpz/wBsLB9rmyYC2/d833sYzjpRrGnPBp8kpu5pQCvyu2QcsB6UAdR9 + ng/55r+QrG0WGJreYsin99J1A9al/siT/n/uf++//rVl6VpzzQysLuaPErjC + tgHB69OpoAvyww/25CuxceSxxgY60uvQwrpNwyooIC8gD+8Kz5NOcavFD9rm + JMTHfu+YYPQHHSl1jTng06aU3c8gXHyu2VPzDrxQB0qwQbR+7Xp6CsjRoYmS + 63IpxcSDkDpxT10mTaP9PuP++/8A61Zul6c8yXBF3NHtndflbGcdzx1NAF+4 + hiGt2qhFwY34wMVJrcMK6XcMqKCFHIA9RWZNpzrqtvD9rmJZHO4t8wx2BxT9 + V014dPmlN5PIFH3WbIPPfigDoYoIPKT92v3R2HpWVpEMLG+3IpxcyAZA6cUs + ekyGNT9uuBkD+P8A+tWfpunPKbvF3Mmyd1+VsbsY5PHU0AX7qGIaxYqEXBWX + IwPQVPrEMK6ZclUUEIeQBWTcac66naQ/a5mLrJ8xb5lwOxx371LqemPFYTyG + 8nfaudrNkH68UAbltBAbaImNfuL2HpWbpUMTTX+5FOJ2A4HoKSDSpGgjb7dc + DKg4D8Dj6VR07TnllvALuZNkxXKtjdx1PHWgC/ewxDVtNUIoB87IwOflqzqk + MI025IjUERt2HpWPdac6alYxfa5mMnm/MW+ZcLnjjv3qfUNMeKxnkN5O+1GO + 1myDx0PFAGxZwQGzgJjUkxr2HpWfpsMRu78FFIEoxwOOKZa6U720L/bbhdyK + cB+BkdBxVOw055Lm8UXcyeXJjKtgtx1PHWgC/qEMQ1HTgEUAtJngc/LVzUoI + Rp90RGoIifsP7prEvNOeO+sozdzN5jONxblcDtxVm+0t47K4kN7O+2NjhnyD + gdDx0oA09PghNhbExqSYk7D+6KpafDEdQ1AFFIDpjgcfLUVlpbyWcEgvbhd0 + anAfAGR0HHSqtlpzyXl7GLuZfLZRkNgtkd+KAL+pQwi808BFAMhzwPSr99BC + LK4IjUERv2Hoawb7TnjurJDdzP5jkZZsleOo4q5d6W6Wszm9uG2oxwX4OB0P + FAF3TIITp1sTGpJjXsPSqtjDEdU1FSikAxYGBx8tQWGlvJYwSC9nTcinar4A + yOg4qvaac76hfRfa5lMZj+YNy2Vzzx27UAX9UhiW4sAEUZmGeB6Vo3UEAtZi + I1+43Yelc/qGnPFNZqbuZ98oXLNkrx1HHWr1xpTrbyt9uuGwrHBfg8fSgCxp + EMLaZbFo1JKDqBUFpDEdYv1KLgCLAwP7pqtpumPLYQSC8nTcoO1WwB9OKhtt + Od9TvIvtcymMR/MG+Zsjucdu1AF/VoYlex2oozcoDwOnNak8EHkyfu1+6ew9 + K5zUtOeJrQG7mffOq/M2duc8jjrWhLpMgic/brg4U8F/b6UASaNDC2l27Mik + lepA9aitoYjrV4pRcBI+MCqml6a82nwSi8njDLnarYA57cVHBpztqtzD9rmB + REO4N8xz6nHagC/rMMSrZ7UUZuYxwB05rWeCDY37teh7Cua1TTnhFrm7mk3z + xr8zZxnPI46itJ9JkCk/brjof4//AK1ACaFDC2lW7MikkHkgf3jTYYYf7cuF + 2LgRJxgY61S0jTXn06GUXc8YYH5UbCjk9OKbFpznVpoftcwKxqdwb5jk9Ccd + KAL+tQxLDb7UUZnjHAHrWz9ng/55r+Qrl9V054YoSbuaTdMi4Zs4yeo46itT + +yJP+f8Auf8Avv8A+tQBFoEMTaTAzIpJ38kD+8aEhi/t6Rdi7fs4OMDH3qoa + Npzz6dFKLuaINu+VGwowxHAxQunOdYeD7XNkQht+75vvdM46UAX9chiW0Qqi + g+bH0HvWz9ng/wCea/kK5fVtOeG2VzdzSZkQYZsjk9enWtT+yJP+f+5/77/+ + tQBFoUMTacpZFJ3P1A/vGjyYv+Eg27F2/Zc4wMZ31Q0jTnnsVkF3NH8zDCNg + cMfaj+zn/tnyPtc2fs+7fu+b7+MZx070AX9dhhXTyVRQd6dAP7wrZ+zwf881 + /IVy+r6c8FkZDdzSfMgw7ZHJHtWp/ZEn/P8A3P8A33/9agCLQ4YWs2LIpPmP + 1A9aHhi/t5F2Lt+zk4wMfeqhpOnPNalxdzR/O4wrYHB69KG05xrCQfa5smEt + v3fN97GM46UAX9fhiXSpmVFBynIA/vCtn7PB/wA81/IVy+s6c8GnSym7mlAK + /K7ZU5Ye1an9kSf8/wDc/wDff/1qAItFhhaCcsinE8g5A9aJYYf7cgXYuDC3 + GBjrVDStOeaGVhdzR7ZXXCtgHB6njqaJNOcatDD9rmJaJju3fMMHoDjpQBo6 + 7DCuk3DKiggLyAP7wrVWCDaP3a9PQVzWr6c8GnTSm7nkCgfK7ZU8jqMVorpM + m0f6fcf99/8A1qAGaNDEyXe5FOLmQcgdOKLiGIa1aKEXBjk4wKoaXpzzLckX + c0eyd1+VsZx3PHU0Tac66rbQ/a5iXRzuLfMMdgcUAamtQwrpdwyooIXqAPUV + fhgg8lP3a/dHYelYGq6a8Onzym8nkCj7rNkHnvxVyLSZDGh+3XAyB0f/AOtQ + AmkQxM19uRTi5cDIHTii7hiGsWChFwVlyMD0FUNN055Wu8XcybJ3X5Wxuxjk + 8daLnTnTU7OL7XMxcSfMW+ZcDscd+9AGtq8MK6ZclUUEIeQBVu2ggNtETGv3 + F7D0rE1PTHisJ5DeTvtUnazZB+vFWINKkaCNvt1wMqDgPwOPpQAulQxNPf7k + U4nIHA9KL6GIatpqhFAPnZGBz8tUNP055ZrxRdzJslK5VsFuOp460XenOmo2 + MX2uZjJ5nzFvmXC54OO/egDY1SGFdNuSsagiNuw9KmsoITZwExqSY17D0FZG + oaY8VjPIbyd9qMdrNkHjoeKltdKd7WFxe3C7kU4D8DI6DigB+mwxG81AFFIE + oxwOOKNQhiGo6cAigFnzwOflqhY6c8lzeILuZPLkAyrYLcdTx1ovNOeO9so/ + tczeYzjcWyVwO3FAG3qMEI0+6IjUERP2H900unwQmwtiY1JMSdh/dFZt9pbx + 2VxIb2dtsbnDPkHAPB46UWWlvJZwSC9uF3RqcB8AZA4HHSgCXT4YjqOogopA + dMcDj5aNShiF5p4CKAZTngc8VQstOeS9vYxdzL5bKNwbBbI78UX2nPHdWSG7 + mfzJCMs2SvHUcUAb17BALOciNQRG3YelRaXDCdOtiY1JMa9h6VSutKdLWZze + 3DbUY4L8HA6Hio9P0x5bGCQXs6bkU7VbAGR0HFAE9lDCdV1FSikAxYGBx8tG + qQwrPYAIozOAeB6GqFppzvqN9F9rmUx+X8wb5myueeO3ajUNOeKazU3cz75Q + uWbJXjqOOtAHQXUEAtpiI1+43YelVdIhhbTLYsiklByQKr3GlSLBI3264OFJ + wX4PH0qvpumPLYQSC8nTcoO1WwB9OKALNpDEdYv1KKQFiwMDjijV4Ylex2oo + zcoDgDpzVC20531O8i+1zKYxH8wb5myO5x27UalpzxNaZu5n3zovzNnbnPI4 + 60AdHNBB5L/u1+6ew9KoaLDC2l27MiklepA9ajl0mQRuft1wcA9X/wDrVT0r + TXm0+CUXk8YYfdVsAc9uKALdvDEdau1KLgRx8YFGswxKlptRRm5jHAHTmqEG + nO2q3MP2uYFEQ7g3zHPYnHajVNOeFbbN3NJvnRfmbOM55HHUUAdM8EG0/u16 + HsKytChhbSbdmRSSG5IH940raTJtP+nXHT+//wDWrO0jTnn06GUXc8YYH5Ub + Cjk9OKAL0MMX9uXC7FwIU4wMdaNahhWCAqijM8Y4A9aoR6c51aaH7XMCsSnf + u+Y5PQnHSjVdOeGGJjdzSbpUXDNkDJ6jjqKAOo+zwf8APNfyFY2gQwtpULMi + k5fkgf3jUv8AZEn/AD/3P/ff/wBasvR9OefTopRdzRBt3yo2FGGI9KAL6Qxf + 29IuxcfZwcYGPvUa5DEtmhVFB82PoB61QXTnOsPB9rmyIQ2/d833umcdKNW0 + 54bZXN3NJmRBhmyOT16UAdR9ng/55r+QrG0GGJtOUsik736gf3jUv9kSf8/9 + z/33/wDWrzl/E+laQfsd3PerIMnEO3Zgk+pHPrQFj0HyYf8AhINuxcfZc4wM + Z30a7DEunMVRQdydAP7wrmtFuINeu1ubO5uVjaFvmcgSfK+COMjHetbV9OeC + yaQ3c0mGUbXbI5I9qAOo+zwf881/IVjaHDE1m5ZFJ82TqB61L/ZEn/P/AHP/ + AH3/APWrL0nTnmtmcXc0eJHGFbA4PXp1oAvvDF/b0a7F2/ZycYGPvUa/DCul + TMqKDlOQB/eFUG05xrCQfa5smEtv3fN97pnHSjWNOeDTpZTdzSAbfldsqcsB + yMUAdR9ng/55r+QrG0WGJoJ9yKcTyDkD1qX+yJP+f+5/77/+tWXpWnPNDMwu + 5o9srrhWwDg9Tx1NAF+aGL+3Lddi4MT8YGOtO12GFdKuGVFBAHIA/vCs6XTn + GrQw/a5iWjY7i3zDB6A46U7V9NeDTppTdzyBQPldsqeR14oA6RIINi/u16Ds + KyNHhhZbzcinFzIBkDpxT10mTaP9OuOn9/8A+tWbpmnPMtzi7mj2TyL8rYzj + ueOpoAv3EMI1q0UIuDHJxgVLrUMK6XcMqKCF6gD1rLn0511W2h+1zEujncW+ + YY7A471JqumvDp88pvJ5Ao+6zZB578UAb8EEHkx/u1+6Ow9Ky9IhiZ77cinF + y4GQOnFLFpMhiQ/brgZUcB/b6Vn6bpzytd4u5k2TuvytjdjHJ460AX7uGIax + YKEXBEuRgf3an1eGFdMuSsaghD0ArJudOdNTs4vtczFxJ8xb5lwOxx371NqW + mPFYTyG8nfapO1myD9eKANq1ggNtCTGv3F7D0rO0uGFp78FFOJyBwPQUlvpU + jQRt9uuBlQcB+Bx9Ko6fpzyzXii7mTZKVyrYLcdTx1oAv30MQ1XTlCKATLkY + HPy1a1SGEadckRqCI27D0rGu9OdNRsYvtczGQyfMW+ZcL24796sahpjxWM8h + vZ32ox2s+QcDoeKANaxghNlbkxqSY07D0FUNNhiN5qAKKQJRjgccUy00t3tY + XF7cLuRTgPwMjoOKp2OnPJdXqC7mTy5AMq2C3HU8UAX9QhhGoaeAigF3zwOf + lq7qEEIsLkiNQRE/Yf3TWHe6c8d7ZRm7mbzGYZLZK4HbirV7pbx2c8hvbhts + bHBfIOAeDx0oA0dOghOn2pMakmJOw/uiqenwxHUdRBRSAyY4HHy1FY6W8llb + yC9nXdGhwr4AyBwOOlVbPTnkvr2P7XMvlsgyGwWyO/FAF/U4Yhd6eAigGU54 + 68VfvYIRZzkRqCI27D0NYN/pzx3Nmhu5n8yQjLNkrx1HHWrl1pTpazOb24ba + jHBfg4HQ8UAXNLhhOm2xMakmNew9KrWMMR1bUlKKQPJwMDj5ar6fpjy2MEgv + J03Ip2q2AOOg4qC00531G+i+1zKY/L+YN8zZXPJx27UAX9VhiWaw2oozOAeB + 6GtK5ggFtKRGv3G7D0rntQ054pbMG7mffMFyzZ28dRx1q9PpUiwSN9uuDhSc + F+Dx9KALGkQwtplsWjUkoOoFQWkMR1m+UouAsWBgelVtM0x5bCCQXk6blB2q + 2APpxUNvpztql3D9rmUoI/mDfM2R3OO3agC/q8MStY7UUZuYwcAdOa1JoIPJ + f92v3T2HpXOanpzxG0zdzSb50X5mztznkcdRWhLpMgjc/brg4B6v/wDWoAfo + kMLaXbsyKSVPJA9TUdvDCdau1KLgRx8YFU9K015tPglF5PGGH3VbAHPbimQ6 + c7arcQ/a5gVRDuDfMc9icUAX9ZhiVLTaijNzGOAOnNa7QQbT+7Xp6CuZ1TTn + hW2Ju5pN86L8zZxnuOOorSbSZNp/0+4/77/+tQAmhQwtpNuzIpJDckD+8abF + DF/bs67FwIV4wMdao6Rpzz6dDKLueMMD8qNhRyegxSR6c51eaD7XMCsSnfu+ + Y5PQnHSgC/rcMS28JVFH76PoB61s/Z4P+ea/kK5fVdOeGGJjdzSbpUXDNkDJ + 6jjqK1P7Ik/5/wC5/wC+/wD61AEWgwxNpcTMik5fkgf3jQsMX9vOuxcfZwcY + GM7qoaPpzz6fHKLuaMEt8qNgDDEelC6c/wDbDQfa5siENv3fN97GM46UAX9c + hhWzUqig+YnQD1rZ+zwf881/IVy+rac8NqHN3NJ86DDNkcnr0rU/siT/AJ/7 + n/vv/wCtQBFoUMTaeCyKTvfqB/eNBhi/4SALsXb9mzjAxnfVDSNOeezEgu5o + /mYYRsDg/Sj+zn/tkQfa5s/Z92/d833sYzjpQBf16GJdOcqig7k6Af3hWz9n + g/55r+Qrl9Y054LFpDdzSYZRtdsjkj2rU/siT/n/ALn/AL7/APrUARaJDE1p + IWRSfNk6getOMaJr0QRQv7hugx/FWdpOnPNbOwu5o8SOMK2BwevTrViC1a21 + 2NTPJN+5Y5c5PXGPpQB0tFFFABRRRQAUUUUAFFFFAH//0f3PludSOqwO1kBI + I3ATzByO5zin6tdam+nTJPZCJCBlvNDY5HYCnzalYNrFvMJ0MaxuC2eATT9Y + 1Kwn02eKGdHdgMAHk8igCxHeawEUDTwRgf8ALZf8KztMudST7X5NkJN1xIW/ + eAbWOMr05x61sx6vpgjUG5TIA71maVqVhD9s82dF33MjLk9VOMGgCG4udSOq + WrtZBZFV9qeYDuBHPOOMVLqd1qj2E6zWIjQry3mqcD6YpbjUbBtWtJlnQoiy + BjngZHFS6rqenzadPFFcIzsuAAeTQBJDeauIYwunggKMHzV54+lUNOudTSS8 + MVkJC0zFv3gG1uOOnP1rXg1bTVgjVrlAQoB59qztM1KwikvTJOih52ZcnqCB + zQBDdXOpNqVk72QWRfN2L5gO7K8844xU+o3WqPYzrLYiNChy3mqcD1xiku9S + sH1SwlWdCkfm7jngZUYzU+p6pp8un3EcdwjMyEAA8k0AFtd6sLaIJYBlCLg+ + aoyMdelUrC51Jbi8MVkHZpcsPMA2nHTpzWpa6rpqWsKNcoCqKCM9wKo6dqNh + FcXrSTooklypJ6jHWgCG8udTa/sWksgrqX2L5gO7K889sVZv7vVWsrhZLAIh + jYFvNU4GOTjFMvdSsH1CwkSdCsZk3EHgZXjNWtQ1TTpLC4jjuEZmjYAA9SRQ + BFZ3erLaQLHYB1CKAfNUZGODjFVLK51Nbu9aOyDszruHmAbTjpnvWlZarp0d + nbo9wgZY1BBPQgCqdhqVhHe3zvOirI6lST1GO1AEN9c6k13ZNJZBGV22jzAd + xx0zjird5d6s1pOslgEUowJ81TgY5OMVFf6jYSXli6ToyxuxYg9BjvVy91XT + pLO4RLhCzRsAAepINAFawu9VWygWKxDoEUBvNUZGODjFVrO51Jb++aOyDOxT + evmAbcLxzjnNX9P1TTo7C3jkuEVljUEE9CBVay1Kwj1G/ledAkhj2nPBwvOK + AIb+51Np7My2QQrLlR5gO446dOKu3N3q5t5Q9gFUo2T5qnAx16VBqOpWEtxZ + NHOjCOXLEHoMdavXWq6a9tMi3KEsjADPcigClp11qqWMCxWIkQIMN5qjI9cY + qC1udSXU710sg0jCPcvmAbcLxz3zV3TNU0+LT7eOS4RWVACCeQagtNSsE1W+ + madAkgi2nPBwvOKAIdSudSeSz86yEZWZSv7wHc3YdOPrV+a81cwyBtPABU5P + mrxx9KranqVhLJZGOdGCTqzYPQDPNaM+raa0MircoSVIHPtQBmaXdaomnwLD + YiRAvDeaoz+GKjgudTGqXTrZBpGVNyeYBtAHHPfNW9J1PT4dOgiluEV1XBBP + IqK31KwXVruZp0COsYBzwcDmgCHU7nUn+yedZCPbcRlf3gO5hnC9OM+taL3m + sbGzp4Awf+Wy/wCFVNV1Kwm+x+VOjbLiNmweijOTWm+r6YUYC5TkHvQBk6Td + ammnQpBZCVADhvMC55PYimRXOpjVZ3WyBkMagp5g4HY5xVnR9SsINNgimnRH + UHIJ5HJpkOpWC6xcTGdBG0aANngkUAQ6rc6k8cAmshGBMhH7wHLDoPx9a0ze + axj/AJBw/wC/y/4VS1fUrCaK3EU6MVnjY4PQDqa1Tq+mf8/KfnQBiaNc6lHp + sKW9kJYxuw3mBc/MexFCXOp/2vJILIGUwgFPMHAz1z/SptE1Kwg0uCKadEdd + 2QTyMsTQmpWA1mSczp5ZhVQ2eM7ulAEOq3OpPboJ7IRKJEIPmBsnPA/GtT7Z + rH/QOH/f5f8ACqOsalYTW0axTo5EqEgHsDzWt/a+mf8APyn50AYej3OpR2CL + b2QlTc2G8wL/ABHPBFAudT/tkyfYh5vkAbPMH3d3XOPXjFTaLqVhBp6RzToj + Bn4J55Y0DUrD+2zP56eX9nC7s8Z3ZxQBDq9zqUlntnshEu9Pm8wNzngYFan2 + zWP+gcP+/wAv+FUdZ1KwnsvLhnR23ocA9ga1v7X0z/n5T86AMPSbnUktCsFk + JV3uc+YF5zyMEdqDc6n/AGwsn2Ieb5BGzzB93d1z9e1TaNqVhBZlJp0Rt7nB + PYnig6lYf22s/np5YgK7s8Z3ZxQBDrFzqcmnyJPZCJCVy3mBsfMMcCtT7ZrH + /QOH/f5f8Ko61qVhPp0kUM6O5K4APPDA1rf2vpn/AD8p+dAGHpVzqSQSCCyE + imVyT5gXBzyOnaiS51I6vFIbICURMAnmDkZ65qbSNSsIbeVZZ0QmVyAT2J4N + EmpWB1mKcTp5YhZS2eM56UARaxc6nJpsyXFkIozty3mBsfMOwFaQvNYwP+Jc + P+/y/wCFU9b1Kwn0yeKGdHdtuADyfmFag1fTMD/SU/OgDE0u51JEuPJshIDM + 5P7wDDHqOnOPWia51I6rbu1kBIEcBPMHI7nPbFTaTqVhDHcCWdFLTyMMnqD0 + NE2pWDavbTCdDGsbgtngE9KAGatdam+nzJPZCJCBlvNDY5HYCr0d5rARQNPB + GB/y2X/Cq+salYTabPFFOjuwGADyeRWhHq+mCNQblMgDvQBjaZc6khu/JshJ + uuHLfvANrHGR749aLi51I6paO9kFkVZNq+YDuyOee2Km0rUbCE3nmzou+4kZ + cnqpxg1T1LxFoltrFk894iqiSEnOcZGB0oAt6ndao9hOs1iI0K8t5qnA+mKt + QXeriGMLp4ICjB81eRj6VSvNe0fUtLuRY3aSnG3A9fxrUg1bTVgjVrlAQoB5 + 9qAMnTrnU0kvDFZCQtMxYeYBtbA46c/Wi6udSbUrF3sgsi+bsXzAd2V55xxi + ptM1KwilvTJOih5mZcnqMDmi71KwfVLCVJ0KR+buOeBlQBmgBdRutVexnWWx + EaFDlvNU4HrjFTW13qwtoglgGUIuD5qjIx16Uupapp8un3EcdwjMyEAA8k4q + a11XTUtYUa5QFUUEZ7gUAZdhc6ktxeGKyDs0mWHmAbTjp05ovLnUmv7FpLII + 6s+xfMB3ZXnnHGKm07UrCK5vnknRRJLlST1GKL3UrCTULCRJ0Kxs+4g8DK8Z + oAff3eqtZXCyWARDGwLeapwMcnGKdZ3erLZwLHYB1EagN5qjIxwcYqXUNU06 + SwuI47hGZo2AAPUkU6x1XTo7K3je4QMsaAgnoQBQBm2Vzqa3l60dkHZnXcvm + AbTjpnvRfXOptd2TSWQRlclR5gO446ZxxU1jqVhHe30jzoqyOpUk9QF7UX+p + WEl5Yuk6MsbsWIPQY70AS3d3qzWkyyWAVSjAnzVOBjk4xTLC71VbGBYrEOgR + QG81RkY64xVq91XTns50S4Qs0bADPUkUzTtU06Kwt45LhFZY1BBPQgUAULS5 + 1JdQvnSyDOxj3r5gG3C8c45zRqFzqTT2ZlsghWXKjzAdxx06cVNZalYJqV/K + 86BJDHtOeDhecUajqNhLcWTRzowjlyxB6DHWgCe4u9XNvKHsAqlWyfNU4GPp + UGm3WqJYQLDYiRAgw3mqMj1xir9zq2mtbSqtyhJRgBn2qvpmp6fFp9vHJcIr + KgBBPINAFK2udSGp3rpZBpGEe5fMA24HHOOc0ajc6m72nm2QjKzKV/eA7m5w + Pb61Na6lYJql9M06BJBFtOeDhTnFGp6lYSvZmOdGCTqzYPQDPNAFma81cxOG + 08AFTk+avHH0qppd1qiafAsNkJEC8N5qjPPpitObVtNaGRRcoSVI6+1U9J1P + T4dOgiluEV1XkE8jmgCpBc6kNUunWyDSMqbk8wDaB05xzmjU7nU3Fr51kI9s + 8ZX94DuYZwvTjPrU1vqNgurXczToEdIwDng4HNGq6lYTC08qdG2XEbHB6KM5 + NAFx7zWNjZ08dD/y2X/Cs/SLrU006FILISxgHDeYFzyexFa76vphRgLlOh71 + naNqVhBpkEU06I6g5BPI5NAFeK51IatO62QMpjUFPMHAzwc4o1W51J4oRPZC + MCZCD5gbJ7Dp39ami1KwGsTzGdBG0aANngkGjV9RsJooFinRis0bHB6AHk0A + Xvtmsf8AQOH/AH+X/CsvRrnUo9NhS3shLGN2G8wLn5j2Irc/tfTP+flPzrJ0 + PUrC30uGKadEdd2QTyMsTQBClzqX9sSSCyBlMIBTzBwM9c4/SjVrnUntkE9k + Il8xCD5gbnPA4Hepk1GwGtSTmdPLMIUNnjO7pRrGpWE1siRTo5EiHAPYHmgC + 99s1j/oHD/v8v+FZej3Opx2KrBZCVNzfN5gX+I54Irc/tfTP+flPzrJ0XUrC + DT0jmnRGDPwTzyxoAzNSutQW4u5XtAriycFfMBwmSd2f6V882gJuoQOcuv8A + OvoXW9RsydQmSZSp0+VAQercnH1r5/03B1C1B6ean/oQoLifUX2zWP8AoHD/ + AL/L/hWXpFzqUdoVgshKu9znzAvOeRgjtW5/a+mf8/KfnWTo2pWEFmUmnRG8 + xzgnsTxQQQtc6l/bCyfYh5vkEbPMH3d3XOP0o1i51KTT5EuLIRISuW8wNj5h + jgCpm1KwOtrP56eWICu7PGd2cUa3qNhPpskUM6O5K4APPDCgC99s1j/oHD/v + 8v8AhWXpVzqaQyiGyEgMrknzAuDnkfhW5/a+mf8APyn51k6RqVhDBKss6KTK + 5GT2J4NAEMlzqZ1eKQ2QEoiYBPMHIz1zS6xc6nJp0yT2QijOMt5gbHzDsBUs + mpWB1mGcTp5axMC2eMk9KXWtSsJ9MnihnR3bbgA8n5hQBbW81jaP+JcP+/y/ + 4Vm6Xc6kiXHk2QkBnct+8Awx6jpzj1raXV9M2j/SU/OsvSdSsIUuRLOi7p5G + GT1Bxg0AQzXOpHVbd2sgJAjhU8wcjuc44xT9VutTfT5knshGhHLeaGxz6Yp8 + +pWDavbTCdDGsbgtngE1Jq+p2E2mzxRTo7sOADyeRQBNHeawI1A08EYHPmr/ + AIVn6bc6khu/JshJunct+8A2scZXpzj1rYi1bTBGgNymQB3rN0vUrCI3nmzo + u+4dlyeqnGDQBDcXOpnU7R3sgsirJtXzAd2RzzjjFS6ndao9hOs1iI0K8t5q + nA+mKW51KwbVbOZZ0KIsm454GRxU2q6np82nXEUVwjOykAA8mgB0F3q4gjC6 + eGAUYPmqMjH0qjp1zqSS3hishIWmJYeYBtOOnTn61rW+raatvErXKAhVBGfa + s/TNRsIpb1pJ0USTFlyeox1oAhurnUm1Kxd7ILIvm7F8wHdleeccYqfULrVX + sZ1lsQiFGy3mqcDHXGKS71KwfU7CVJ0KR+buOeBlcDNWNS1TT5bC4jjuEZmR + gADyTigBtrd6sttCEsAyhFwfNUZGOuMVTsLnUlubwxWQdmkyw8wDacdOnNal + pqumpawo9wgZUUEZ7gVR0/UrCO5vmknRRJJlST1GO1AEN5c6k19ZNJZBHVn2 + L5gO7jnntirN9d6q1lcLJYBEMbAt5qnAxycYpl9qVhJf2EiToVjZyxB6ZXjN + Wr/VNOksbiOO4RmaNwAD1JBoAhsrvVls4FjsA6CNQG81RkYGDjFVbK51Jb29 + aOyDuzLuXzANpxxzjmtGx1XTo7G3je4RWWNAQT0IAqpY6lYR31/I86KsjqVJ + PUAdqAIb651JrqyaSyCMrkqPMB3HHTParl3d6s1rMr2AVSjAnzVOBjrjFQ3+ + pWEl3YvHOjLHISxB6DHert5qumvaTolwhZkYAZ6kigCpYXWqrYwLFYh0CKA3 + mqMjHXGKr2lzqa6hfOlkGdjHvXzANuF45xzmr+napp0VhbxyXCKyxqCCehAq + tZ6lYJqV/K86BJDHtOeDhcHFAEOoXOpNNZmWyCFZQVHmA7jjp04q9cXerm3l + D2AVSrZPmqcDH0qvqWpWEs9k0c6MI5gzYPQY61fudW017aVVuUJKMAM98UAU + NNutUSwgWGxEiBRhvNUZH0xUNtc6mNTvHSyDSMI9y+YBtwOOe+au6Xqenxaf + bxy3CKyoAQTyKgtdSsE1W9madAkgi2nPBwOcUAQ6lc6k7WnnWQj2zqV/eA7m + 5wOnH1rQlvNXMThtPAGDk+avp9Kq6pqVhK9mY50bZOjNg9AM81ozatpjROou + UJKnv7UAZml3WqJp8Cw2QkQLw3mqM8+mKjgudSGq3LrZAyFE3J5gGB2Oe+at + aTqenw6dBFLcIrquCCeRzUdvqVgur3UzToEdEAOeCR1oAh1S51JxbedZCPbO + hX94DuYZwPbPrWk95rG0508Ywf8Alsv+FU9W1KwmW08qdG2XEbHB6KM5Nab6 + vphRgLlOh70AZGkXOpx6dCkFkJYwDhvMC55PYimxXOpjVpnFkDKY1BTzBwM8 + HNWNG1Kwg0yCKadEdQcgnkcmmxalYDWJ5zOgjaJQGzwSDQBDqtzqbxQiayEY + EyEHzA2Tngfj61qfbNY/6Bw/7/L/AIVR1fUrCaGARToxWaNjg9ADya1v7X0z + /n5T86AMPRrnUo9OiS3shLGN2G8wLn5j2NC3Opf2w8gsh5vkgFPMHC7uuf6V + Nomo2FvpkMU06I67sgnnliaE1KwGtSTmdPLMAXdnjO7pQBDq1zqT2yCeyES+ + Yhz5gbnPA4HetT7ZrH/QOH/f5f8ACqOsajYT2qJDOjsJEOAewPNa39r6Z/z8 + p+dAGHpFzqcdkqwWQlTc3zeYF5yc8EUfadT/ALZ8z7EPN+z42eYPu7/vZx68 + YqbRdSsILBY5p0RtznBPqxo/tKw/tz7R56eX9n27s8bt+cflQBDq9zqclkVn + shEm5fm8wNzkY4Fan2zWP+gcP+/y/wCFUdZ1KwnsTHDOjtuQ4B9GFa39r6Z/ + z8p+dAGHpNzqaWpWCyEq73OfMC855GD6UNc6l/bCSGyHm+SRs8wfd3dc4/Sp + tH1KwgtGSadEbzHOCexPFDalYHW0n89PLEBXdnjO7OKAIdZudSk06RLiyEUZ + K5bzA2PmHYVqfbNY/wCgcP8Av8v+FUdb1Kwn02WKGdHclcAHnhga1v7X0z/n + 5T86AMPSrnU0hlENkJAZXJPmBcHPI/CiS51M6tC5sgJREwCeYORnrnFTaRqV + hDDMss6KWmdhk9ieDRLqVgdZhnE6eWsTAtngEnpQBFq9zqcmnTJPZCKMgZbz + A2OR2ArRW81jaP8AiXD/AL/L/hVXWtSsJ9MnihnR3YDAB5PzCtJdX0zaP9JT + 86AMXS7nU0W58myEmZ3LfvAMMeo98etE1zqR1W2drICQI+1PMHI7nOOMVNpO + pWEKXIlnRd88jDJ6g4waJ9RsG1e1mWdDGiOC2eAT0oAbqt1qj6fOk1kI0I5b + zQcc+mKuRXmriNAungjAwfNX/CodX1PT5tNniinR3ZeADyeavRatpgiQG5QE + Ad/agDH0251JGu/JshJunct+8A2txkdOcetFzc6mdTs3eyCyKJNq+YDuyOee + 2Km0vUrCJrzzZ0XfcOy5PUHGDRc6lYPqtlMs6FIxJuOeBkcUAGpXWqPYTrNY + iNCpy3mqcD6YqxBd6uIIwunhgFGD5qjIx9Kbqmp6fNp1xFFcIzspAAPJq1b6 + tpq28StcoCFUEZ9qAMnT7nUkmvDFZBy0pLDzANpx06c/Wi7udSbUbF3sgsi+ + ZsXzAd2V55xxiptN1KwimvWknRRJMWXJ6jHWi81GwfU7CVJ0KR+buOeBlcDN + AC6hdaq9jOstiEQo2W81TgY64xUtrd6strCqWAZQi4PmqMjHXGKdqWqafLYX + EcdwjMyMAAepxUtnqumpaQI9wgZUUEZ6ECgDMsbnUlubwx2QdmkBYeYBtOOm + cc0XlzqbXtk0lkEdWfavmA7jjnnHGKm0/UrCO6vnknRVkkBUk9RjtRfalYSX + 9hIk6FY2csQemV70ASX13qrWVwslgEQxuC3mqcDBycYosrvVls4FjsA6CNQG + 81RkYGDjFT3+qadJY3EaXCMzRuAAepINFjqunR2NvG9wissaAgnoQBQBnWVz + qS3t60dkHdmXevmAbTjjnHNF9c6k11ZGWyCMshKjzAdxx0zjiprHUbCO/v5H + nQLIyFST1wvajUNSsJLuxeOdGWOQliD0GO9AE11d6s1rMr2AVSjZPmqcDHXG + Kj0+61VbGBYrEOgRQG81RkY64xVu81XTXtJ0S4QsyMAM9SRUenapp0VhbxyX + CKyooIJ6HFAFC0udSXUb50sg0jeXvXzANuF45xzmjULnU3mszLZBCsoKjzAd + xx09qms9SsE1O/ledAknlbTng4XBxRqWpWEs1k0c6MI5gzYPQY60AWLi71cw + SBtPCgqcnzVOBj6VX0261RLCBYbESIFGG81RkfTFX7nVtNa3lVblCSrADPtV + bS9T0+HTreKW4RXVQCCeRQBTtrnUhqd46WQaRhHuXzANuBxzjnNGpXOpO1p5 + 1kI9s6Ff3gO5ucDpxn1qa11KwTVb2Zp0CSCPac8HA5o1TUrCVrMxTo2y4Rmw + egGeaALUt5q5jcHTwBg8+av+FU9KutUTT4EhshIgHDeaBnn0xWpLq2mGJwLl + CSD39qo6Rqenw6bBFLOiuq8gnkc0AVYLnUxqty62QMhRNyeYOB2Oe+aNUudS + dbbzrIR4nQr+8BywzgdOM+tTQalYLq91M06BHRADngkdaNW1KwmW1EU6NsuI + 2OD0Azk0AXGvNY2nOnjp/wA9l/wrO0i51OPToUgshLGAcN5gXPJ7EVstq+mF + SBcp09azdF1Kwg0yCKadEdQcgnkfMaAK8dzqQ1aZxZAymJQU8wcDPXOKNVud + TeGITWQjAlQg+YGyc8D8ami1KwGszzmdBG0SgNngkHpRq+pWE0MKxToxWZGO + D2B5NAF77ZrH/QOH/f5f8Ky9HudSj06JLeyEsY3YbzAufmOeCK3P7X0z/n5T + 86ydE1Kwg0yKKadEcbsgnnliaAIVudT/ALYeQWQ83yQCnmD7u7rnH6Uatc6m + 9sonshEvmIc+YG5zwMAd6mXUrAa085nTyzAF3Z4zuzijWNSsJrVUinR2EiHA + PYHmgC99s1j/AKBw/wC/y/4V85eKCx1Z9wx8o/rX0r/a+mf8/KfnXzV4pYNq + zkHPyj+ZoKieieAJruO1jNtb+c3lyDG8L8vmdcn34xXa6vc6nJZMs9kIk3L8 + 3mBucjHAFcd8Pbu2t7aJ55AiiORck45MmcflXb61qVhPYNHDOjsWQ4B9GFAm + Xvtmsf8AQOH/AH+X/CsvSbnUktmEFkJV8xznzAvOeRgjtW5/a+mf8/KfnWTo + +pWENqySzojGRzgnsTxQIha51L+2EkNkPN8kgJ5g+7u65/pRrNzqcmnSpPZC + JDty3mBsfMMcAVM+o2B1qOcTp5YgKls8Z3dKNb1Kwn0yWKGdHc7cAHnhgaAL + 32zWP+gcP+/y/wCFZelXOpJDMILISAyuSfMAwc8jp29a3P7X0z/n5T86ydI1 + GwhhmWWdFLTOwyexPBoAhludSOrQubICURsAnmDkZ5Oadq9zqcmnTJPZCKMg + ZbzA2OR2AqSXUrA6xBOJ0MaxMC2eASadrOpWE+mTxQzo7sBgA8nkUAWlvNY2 + jGnjp/z2X/Cs3TLnUkW58myEm6eQt+8A2scZHTnHrW0ur6YFANynT1rL0rUr + CFbrzZ0XfcSMMnqDjBoAhnudSOq2ztZASBH2p5g5Hc5xxipNVutUfT50mshG + hHLeaDjn0xTp9SsG1e1mWdCiI4JzwCelSavqenzabPFFOjOy8AHk80ATRXmr + iJAungjAwfNX0+lZ+m3OpI135NkJN07lv3gG1uMjpzj1rXh1bTFiRTcoCFHf + 2rO0vUrCJrwyzou+4dlyeoOOaAIbm51I6nZu9kFkUSbV8wHdkc844xU2pXWq + PYTrNYiNCpy3mqcD6YoutSsH1WymWdCkYk3HPAyOKn1TU9Pl0+4jjuEZmQgA + HkmgBbe71cQRhdPDAKMHzVGRj6VR0+51NJrwxWQctKSw8wDacdPetW21bTVt + 4la5QEKoIz7VQ03UrCKa9aSdFEkxZcnqMdaAIbu51JtRsXeyCyKZNi+YDuyv + PPbFWNQutVaxnWWxCIUYFvNU4GOuMU281KwfUrCVJ0KRmXcc8DK4Gas6jqmn + S2FxHHcIzMjAAHqcUAMtLvVltYVjsAyhFAPmqMjHBxiqdjc6kt1emKyDs0gL + DzANpx0zjmtOz1XTktIEe4QMqKCM9CBVLT9SsI7u+eSdFWSQFST1GO1AEN7c + 6m17ZNJZBHVm2r5gO44557VavbvVms51ksAiGNgW81TgYOTjFR32pWEl9YyJ + OjLGzliD0yverd9qunSWNxGlwjM0bgAHqSDQBBY3erLZW6x2AdBGgDeaoyMD + Bxiqtnc6mt7etHZB3Zk3L5gG0445xzmtGw1TTo7G3je4RWWNAQT0IAqpY6lY + R39/I86BZGQqSeuF7UAQ39zqTXNkZbIIyyEqPMB3HHTpxVy6u9Wa1mV7AKpR + snzVOBjrjFQ6hqNhLdWLxzoyxyEsQegx3q7earpr2k6JcIWZGAGepIoAp6fd + aqljAsViHQIuG81RkY64xUFpc6kuo3zpZBpG8vevmAbcLxz3zV7TdU0+Kwt4 + 5LhFZUUEE8g4qvZ6jYJqd/K86BJPK2nPBwuDigCHULnU3lszLZCMrMCo8wHc + cdPb61enu9XMEgbTwoKnJ81TgY+lV9S1KwlmsjHOjBJgzYPQYPNaFxq2mtby + qtyhJVgBn2oAz9MutUSwgWGxEiBRhvNUZH0xUNvc6kNTu3SyDSMse5fMA24H + HOOc1c0vU9Ph063iluEV1UAgnkVDbalYJq17M06BHWPac8HA5oAh1O51Jzae + dZCPbOhX94DuYZwPbPrWhLeauY3DaeAMHJ81f8Kq6pqVhM1n5U6NsuEZsHoo + zk1pS6tphicC5Qkg96AMrSrrU00+FILISIBw3mhc8+mKZDc6kNVuHWyBkKIG + TzBwOxzjnNWtI1Owh02CKWdEdRyCeRyajg1KwXV7mZp0CMiAHPBI60AQ6pc6 + k62/nWQjxOhX94Dlh0HTjPrWk15rG0/8S4f9/l/wqnq2pWEyWwinRtk8bHB6 + AZya1G1fTNp/0lPzoAxtIudTj06FILISxgHDeYFzyexFJHc6kNXlkFkDKYlB + TzBwM9c4qxoupWEGmQRTTojqDkE8j5jTY9RsBrM05nTy2iUBs8ZB6UAQ6rc6 + k8MQnshGBKhB8wNk54HTvWp9s1j/AKBw/wC/y/4VR1fUrCaCFYp0YrMjHB7A + 8mtb+19M/wCflPzoAw9HudTj0+NILISoC2G8wLn5jngihbnUv7YaT7EPN8kD + Z5g+7u65/pU2ialYQabFFNOiOC2QTzyxNC6lYf208/np5ZgC7s8Z3ZxQBDq1 + zqT2oWeyES70OfMDc54GB61qfbNY/wCgcP8Av8v+FUdY1KwntFSGdHbzEOAe + wPNa39r6Z/z8p+dAGHpFzqUdkFgshKm5vm8wLznngij7TqX9siT7EPN+z42e + YPu7vvZx68YqbRdSsILERzTojb3OCexNH9o2H9uC489PL+z7d2eN2/OKAIdY + udSksWWeyESbl+bzA3cY4Fan2zWP+gcP+/y/4VR1rUrCewaOGdHYshwD6MK1 + v7X0z/n5T86AMPSbnU0tnEFkJV8xyT5gXnPI5HarEE13LrsZubfyT5LDG8Nx + nrx703R9SsIbZ1lnRCZHOCexPFTJd21zrsbW8iyDyGGQc87s0AdDRRRQAUUU + UAFFFFABRRRQB//S/dya2txrVsgiTaYnJG0Yp+t21sml3DJEisAMEKAeo9qz + 5dPnGqwQm8lLNG5D8ZGOwp2radPDp00r3ssoUD5WIweRQBvx2loY0JgToP4R + /hWXpFtbv9t3xI226kAyoOAMcdKfHpdyUU/2hMMgdxWfpmnzy/a9t5LHsuJF + O3HzEY+Y+5oAu3NtbjWLJBEgVkkyNowePpU2sW1smmXDJEikLwQoB/lWZcaf + OuqWsJvJWZ1chzjK4Hb61JqenTxWE8jXssgVc7WIwfrQBt29pamCMmFCdo/h + Hp9KzdKtrd5L7dEh23DAZUcDA9qdDpdy0KML+YZUHAI44qhp2nzyyXYW8lj2 + TMpxj5iMcn3oAu3ltbjVtPQRIFYTZG0YOFHWrGq2tsmm3LLCikIcEKM/yrKu + tPnTUrKI3krGTzcMcZXC9vrU2o6bcRWM8jX0sgVCSpIwfY0Aa1paWptISYUJ + KL/CPT6VQ0y2t2ub8NEhCy4GVHAx9KS20y4e2icX8yhkU4BGBkdKp2GnzyXF + 4q3kqFJMEjGW46mgC7fW1uupaeqxIAzSZAUYPy96t6la2q6fcssKAiNyCFHo + fase80+dL+yjN5KxkL4Y4yuF7fWrN9ptxHZXEjX0zhY2JUkYOB0NAGjYWtq1 + jbs0KEmNCSVHoPaqWn21u19qCtEhCuuAVHHy9qZZ6ZcPaQOL6ZQyKcAjAyOg + qrZafPJd3qC8lQo6gkYy3HU0AXdRtrdb7T1WJAGkbICjnjvV2/tbVbG4ZYUB + EbkEKPQ+1Yt9p88d3ZI15K5kdgCcZXjqKtXmmXCWk7m+mcKjHBIwcDoaALum + 2tq2n2zNChJjUklR6fSqtjbW7anqKtEhCmPAKjAyvaorDTbiSygkW+lQMikK + CMDI6Cq9np87399GLyVTGUywxlsr3+lAF3U7a3W5sAsSANNg4UcjH0rQu7S1 + FrMRCgIRv4R6fSsK/wBPnjns1a8lcvLgE4+XjqKu3Ol3C28rG/mYBGOCRg8d + KALGlWts2m2zNChJQZJUZ/lVeztrc6vqCGJCqiLA2jAyvaoNO024lsYJFvpY + wyAhQRgewqG10+d9SvYheSqYxHlhjLZXv9KALuq21ukliEiRd1woOFHI54rS + uLS1EEhEKA7T/CPT6Vgajp88T2ga8lk3zKozj5Se496vzaXcrC7G/mOFJwSO + eKAH6PbWz6Zbs8SMSvJKgn+VRW1tbnWLxDEhUJHgbRgcVW0vTp5dPgkW9ljD + L91SMD6VHBp87apdQi8lVkVCWGMtkd/pQBd1e2t0+xbIkXdcxg4UDIOeOlas + lpaeW37hOh/hH+Fc7qenzxfZd15LJvuI1G7Hyk55HuK0X0q5CMf7QmPB7igB + NEtrZ9Lt2eJGYg5JUE9T7UyG2tzrVyhiTaIkIG0YqppOnTzadDKl7LEGB+VS + MDk02LT5zqs8IvJQyxqS/GTnsaALus21ukVsUiRczxg4UDjP0rXNpaY/1Cf9 + 8j/Cub1TT54Y4C15LJumRcNjgnuPcVp/2Vc/9BCb8xQBDoNtbyaTA8kSMx3c + lQT94+1Edtb/ANuSp5SbRApxtGM7qpaPp88+mwypeSxBt3yrjAwxoTT5zq8k + P2yUMIQ2/jcRnp9KALutW1ulrGUiRSZYxwoHGfpWx9jtP+eCf98j/Cua1XT5 + 4bdGa8lkBkQYbGBk9fwrT/sq5/6CE35igCHQra3k01GeJGO5+SoJ+8aBbW/9 + vNH5SbfswONoxnf1xVLR9PnmsEkS8liBLfKuMcMaBp8/9sGD7ZLu8gNv43Y3 + Yx9KALuuW1uljuSJFO9OQoH8VbH2O0/54J/3yP8ACua1fT54bPe95LKN6DDY + xyetaf8AZVz/ANBCb8xQBDoltbvZFniRj5j8lQe/0oa2t/7dWPyk2/ZycbRj + O/riqWk6fPNaF0vJYhvcYXGOD1oOnz/2wsH2yXcYC2/jdjdjH0oAu67bW8em + SMkSKwKchQD94VsfY7T/AJ4J/wB8j/Cua1jT54bCSR7yWUAr8rYwcsK0/wCy + rn/oITfmKAIdFtrd7aUvEjETSDlQeM/SiS2txrkKCJNphY42jGc1S0rT55oJ + GS8ljAlcYXHOD1/GiTT5xq8UP2yUsYmO/jcOen0oAva9bW8ekzukSKw24IUA + /eHtWsLS0wP3Cf8AfI/wrm9Y0+eDTZpXvJZQu35WIwfmFaQ0q5wP+JhN+YoA + i0a2t3juS8SNi4kAyoPHpRPbW41q1QRJtMbkjaMH9KpaXp88yXBW8lj2zOp2 + 45I7n3NE2nzrqtvCbyUsyOQ/GRjsKANDWra2TS7hkiRWAGCFAPUe1aMdpaGN + CYE6D+Ef4Vg6rp08OnzSPeyyBQPlYjB5FXY9KuSin+0JhkDuKAGaRbW7m93x + I225kAyoOAMcV5H8UYo4tatViQIDbg4Ax/G1en6Zp88pu9t5LHsndTtx8xGO + T7mvKfiVbyW2sWySTPOTADl+o+ZuKCom34FijbwrqcjICyynBI5Hyr3r1q3t + LU28RMKElV/hHp9K8e8EW8knhrUZ1ndFSXlB91vlXrXqEGl3LQxsL+YZUHAI + 44oExNLtrd5b4NEjbZ2Ayo4GB7UXltbrq2nIIkCt52RtGDhR14qlp2nzyyXg + W8lTZMykjHzHA5PvRdafOmpWMRvJWMnm4Y4yuFHT60CNXVLW2XTrllhQEI2C + FGen0qe0tLU2kJMKElF/hHp9KytR024isZ5GvpXCoSVJGD7GpbbTLh7aJhfz + KCinAIwOOlAC6bbW7XV+GiQhZcDKjjjtRf21uupaeqxIAzSZAUYPy96pWGnz + yXF4q3kqFJMEjGW46mi80+dL+yjN5KxkL4Y4yuF7fWgDY1K1tV0+5ZYUBEbk + EKPT6U6wtbVrG2ZoUJMaEkqP7o9qzr7TbiOyuJGvpnCxsSpIwcDoaWz0y4ez + gcX0yBo1OARgZHQUAP0+2t2v9QVokIV1wCo4+XtRqNtbre2CrEgDSNkBRzx3 + 4qlZafPJeXqLeSoY3UFhjLZHei+0+eO7ska8lcu5AJxleOooA2r61tVsrhlh + QERuQQo9D7UzTLW2bTrZmhQkxrklR6fSqd3plwlpM5vpmCoxwSMHA6Uyw024 + ksYJFvpUDIpCgjA46CgCWxtrdtT1FWiQqpiwNowMr2o1O2t1uLALEgDTAHCj + kY71StNPnfUL6MXkqmMx5YYy2V7/AEo1DT5457NWvJXLy4BOPl46igDdurS1 + FrMRCgIRv4R6fSq2lWts+m2zNCjEoMkqM/yqC40u5W3lY38zAKxwSMHioNO0 + 24lsIJFvZYwyAhQRgfSgCe0trc6vqCGJCqiLA2jAyp6UarbW6SWO2JF3XCA4 + UcjB4qlbafO2pXsQvJVKCPLDGWyO/wBKNR0+eJ7QNeSyb5lUZx8pOeR70Ab8 + 9paCCQiFPun+Een0qlo1tbPpluzxIzFeSVBPX6UybS7lYnJv5jhTxkelVNL0 + 6ebT4JFvZYwy/dUjA+lAFm2trc6zeIYkKhI8DaMDijV7a3QWeyJFzcxg4Ucg + 54qlBp87apdQi8lVkVCXGMtn1+lGp6fPELXdeSyb541G7Hyk55HuKAOie0tN + jfuE6H+Ef4VmaJbWz6Vbs8SMxBySoJ6n2pz6VchSf7QmPB7iqGk6fPNp0MqX + ssQYH5VxgcmgC3DbW51q4QxJtESEDaMdaNZtrdIbcpEi5njBwoHGfpVKLT5z + q08IvJQyxqd/GTk9DRqunzwxQlryWTdMi4bHBJ6/UUAdL9jtP+eCf98j/Csf + QLa3k0mB5IkZju5Kgn7x9qm/sq5/6CE35iszRtPnn02GVLyWINu+VcYGGNAF + 1La3/t2WPyk2iBTjaMZ3emKNatrdLVCkSKfNjHCgd6pJp851eSD7ZKGEIbfx + uIz0+lGq6fPDboz3ksgMiDDYxyev4UAdL9jtP+eCf98j/CsfQra3fTkZ4kY7 + n5Kgn7x9qm/sq5/6CE35iszSNPnmsVkS8liBZvlXGOGNAFDxLFBGmphY1AGn + SEAAcEkjP1rwTSBu1WzB/wCe0f8A6EK9q8VWssFtqCtdSOVsyxJxkgvjafav + GNFXdq1oM4/eL/OgqJ9WfY7T/ngn/fI/wrH0S2t3sizxIx8x+SoPepv7Kuf+ + ghN+YrM0nT55rUul5LEN7jC4xwetBJda2t/7eSPyk2/ZycbRjO7rijXra3j0 + yVkiRWBTkKAfvCqTafP/AGwsH2yXcYC2/jdjdjH0o1jT54NPkke8llAK/K2M + HLCgDpfsdp/zwT/vkf4Vj6NbW728xeJGImkHKg8Zqb+yrn/oITfmKzNK0+ea + GVlvJY8SuMLjnB6/jQBdltrca3CgiTaYWONoxnNLrttbppU7pEisAuCFAP3h + 7VRk0+catFD9slLGJjv43DnpS6xp88OnTSveSyhcfKxGD8woA6JbS02j9wnT + +6P8KydHtrd0ut8SNi4kAyoOBxxUq6Vc4H/Ewm/MVm6Xp88yXBW8lj2zup24 + 5I7n3NAF2e2txrVqgiQKY3yNowak1q2tk0u4ZIkVgvBCgHqPas6bT511W3hN + 5KWZHIc4yMdhT9V06eHT5pGvZZAo+62MHmgDeitLQxITAnQfwj/CsvSba3c3 + u+JG23MgGVHA44p8el3JjU/2hMMgdxWfpunzym723kseyd1O3HzEY5PuaALt + 1bW41ixQRIFZZcjaMHA+lTavbWyaZcMkKKQhwQoz/Ksy40+ddTtIjeSszrJh + jjK4Hb61LqenXEVhPI17LIFUnaxGD9aANm2tLU28RMKElF/hHp9KztLtrd5r + 4NEjbZ2Ayo4GB7UsGl3LQRsL+ZQVBwCOOKo6dp88st4FvJU2TFSRj5jjqfeg + C7e21uuq6cgiQK3nZG0YOF78VZ1S1tl065ZYUBEbYIUZ6fSsm60+dNRsYjeS + sZPNwxxlcLnj61PqGm3EdjPI19K4VGJUkYPHQ0Aatna2rWkBMKElF52j0+lU + NNtrdrq/DRIQsoAyo447Ulrplw9tC4v5lDIpwCMDI6VTsNPnkubxVvJUKSYJ + GMtx1NAF2/trddR09ViQBmfICjn5e/FW9RtbVdPuWWFARE5BCj0PtWPeafOl + 9ZRm8lcyM+GOMrgdvrVm+024jsriRr6ZwsbEqSMHA6GgDQ0+1tWsLZmhQkxI + SSo/uj2qnp9tbtf6grRIQrpgFRx8vamWWmXElnA630yBo1IUEYGR0FVbLT55 + Ly9RbyVDGygsMZbI70AXdRtrdbywCxIA0hBAUc8d+KvXtrarZXDLCgIjfB2j + 0PtWJfafPHdWSNeSuXcgE4yvHUVbu9MuEtZnN/MwVGOCRg4HSgC5plrbNp1s + zQoSY1ySo9PpVWytrdtU1FWiQqpiwNowMr2qKw024ksYJFvpUDIpCgjA46Cq + 9pp876hfRi8lUxmPLDGWyvf6UAXdUtrdbiwCxIA0wBwo5GK0Lq0tRazEQoCE + b+Een0rC1DT545rNWvJXLygAnHy8dR71duNLuVt5WN/MwCscEjB4oAn0m1tn + 023Z4UYlBklRn+VQWltbnV79DEhVRFgbRgZB6VBpum3EthBIt7LGGUEKCMD6 + VDbafO2p3kQvJVKCPLDGWyO/0oAu6tbW6PY7IkXdcIDhRyOeK05rS0EMhEKf + dP8ACPT6Vz+pafPE1oGvJZN86qM4+UnPI96vy6XciJyb+Y4B4yPSgB+jW1s+ + mW7PEjMV5JUE9fpUVvbW51m7QxIVCR4G0YFVtL06eXT4JFvZYwy/dUjA57VH + Bp87apcwi8lDIiEuMZOex+lAF3WLa3RbPZEi5uYwcKBkHPFar2lpsb9wnQ/w + j/Cud1PT54RbbryWTfOijdjgnPI9xWi+lXIUn+0Jjx6igBuh21s+lW7vEjMQ + ckqCfvH2psVtbnW7hDEm0RIQNoxnP0qnpGnzzadDKl7LEGB+VcYHJpItPnOr + TQi8lDLGp38bjk9KALus21ukMBSJFJnjHCgcZrY+x2n/ADwT/vkf4VzWqafP + DFCWvJZN0yDDY4JPX6itP+yrn/oITfmKAIdBtreTSoXkiRmO7kqCfvGhLa3/ + ALdkj8pNvkA42jGd30qlo2nzz6dFKl5LEDu+VcYGGNC6fOdYeD7ZLuEIbfxu + xu6fSgC7rdtbpaIUiRT5qDhQO/0rY+x2n/PBP++R/hXNatp88NsrPeSygyIM + NjHJ6/hWn/ZVz/0EJvzFAEOh21vJp6s8SMdz8lQf4j7UfZrf+3vL8pNv2bON + oxnf1xiqWkafPNZLIl5LENzDauMcE0f2fP8A2z5H2yXd9n3b+N2N+MfTvQBd + 1y2t0sCyRIp3pyFA/iFbH2O0/wCeCf8AfI/wrmtX0+eGyLveSyjco2tjHJFa + f9lXP/QQm/MUAQ6JbW72bF4kY+Y4yVB7/Shra3/t1I/KTb9nJxtGM7utUtJ0 + +ea1LpeSxDe4wuMcHrQ2nzjWEg+2S7jCW38bsbun0oAu69bW8elzNHEisCnI + UA/eFbH2O0/54J/3yP8ACua1jT54NOlle8llAK/K2MHLCtP+yrn/AKCE35ig + CHRra3eCcvEjETSDlQeM0S21uNbgQRJtMLHG0Yzn6VS0rT55oZWW8ljxK4wu + OSD1+pok0+catDCbyUs0THfxkYPSgC/rltbppVw6RIrALghQD94e1ai2lptH + 7hOn90f4Vzur6fPDp00r3ksoUD5Wxg8itFdKucD/AImE35igCLR7a3dLrfEj + YuJAMqDgDHFFxbW41m0QRIFMcmRtGDVLS9PnlW5K3kse2d1O3HJHc+5om0+d + dVtoTeSlmRyHOMjHYfWgDR1m2tk0u4ZIkVgvBCgHr9Kvw2loYkJhT7o/hHp9 + KwtV06eHT55GvZZAo+62MHnvV2LS7kxoRfzDIHGRQAzSba3dr3fEjbblwMqO + BxxRdW1uNXsUESBWWXI2jBwBVLTdPnla7C3kseyd1OMfMRjk+9Fxp866nZxG + 8lYuJMMcZXA7fWgDU1a1tk024ZIUUhDghRn+VWra0tTbxEwoSUX+Een0rG1L + TriKwnka9lkCqTtYjB+tWYNLuWgjYX8y5UHAI44oATS7a3ae+DRIQs5Ayo4G + KL22t11XTkWJArebkbRg4XvVLT9PnlmvFW8lTZKQSMfMcdT70XenzpqNjEby + VjJ5mGOMrhe31oA1tUtbZdOuWWFARG2CFGen0qWytbVrOAmFCTGvO0en0rL1 + DTbiOxnka+lcKjEqSMHjoaltdMuHtYXF/MoZFOARgZHSgBdOtrdru/DRIQso + ABUccdqL+2t11DT1WJAGZ8gKOfl78VSsdPnkubxFvJUKSAEjGW46mi80+dL2 + yjN5K5kZwGOMrgdvrQBs6ja2q6fcssKAiJyCFH90+1Gn2tq1hbM0KEmJCSVH + 90e1Z99plxHZXDtfTOFjclSRg4B4NLZaZcSWcDrfTIGjUhQRgZHQUAP0+2t2 + 1DUFaJCFdMAqOPl7cUalbW63lgqxIA0hyAo5471SstPnkvb2MXkqGNlBYYy2 + R3ovtPnjurJGvJXLyEAnGV46igDbvbW1WznIhQERtztHp9Ki0y1tm062ZoUJ + Ma5JUen0qrdaZcJazOb+ZgqMcEjBwOlRafptxJYwSLfSoGRSFBGBx0FAE1lb + W7arqKNEhVTFgbRgZXtRqltbrPYhYkAaYA4UcjBqlaafO+o30QvJVMfl5YYy + 2V7/AEo1DT545rNWvJX3ygAnHy8dR70Ab11aWotpSIUBCN/CPT6VV0m2tn02 + 3Z4UYlBklRn+VQXGl3KwSMb+ZgFJwSMHiq+m6dcS2EEi3ssYZQdoIwPpQBYt + La3Or36GJCqiLA2jAyO1GrW1uj2OyJF3XCA4UcjniqVtp87aneRC8lVkEeWG + Mtkd/pRqWnzxNaBryWTfOijOPlJzyPegDoJrS0ETkQp90/wj0+lUNGtrZ9Lt + 2eJGYrySoJ6/Skl0u5Ebn7fMcA8ZFUtK06ebT4JFvZYww+6uMDntQBat7a3O + s3aGJCoSPA2jAo1i2t0S02RIubiMHCgZBzxVKHT521S5hF5KGVEJcYyc9j9K + NU0+eJbYteSybp0UbscE55HuKAOje0tNp/cJ0/uj/CsvQ7a3fSrd3iRmIbJK + gn7x9qe2lXIUn+0JunqKztI0+ebToZUvJYgwPyrjA5NAFyK2tzrc6GJNohUg + bRjOaNZtrdIICkSKTNGOFA4zVKPT5zq00IvJQyxqd/G45PSjVdPnhhiZryWT + MqDDY4yev1FAHS/Y7T/ngn/fI/wrH0G2t5NKhd4kZiX5Kgn7xqb+yrn/AKCE + 35iszR9Pnn06KVLyWIHd8q4wMMaALqW1v/bsieUm37ODjaMZ3fSjW7a3S0Qp + EinzUGQoHeqS6fOdYeH7ZLuEIbfxuxu6fSjVtPnhtlZ7yWQGRBhsY5PX8KAO + l+x2n/PBP++R/hXzF4pAGrPj+6P5mvov+yrn/oITfmK8h1DwRrWt3Jv7IxmJ + vlG98HKkg8YoGje+HMUUlvEJEVh5Uh5APPmV3WuW1vHp7MkSKdychQP4h7Vy + Phjw9f6W6abdTmGYRM+Yjngv0yR+NdDq+nzw2TSPeSyjco2tjHJFAM6X7Haf + 88E/75H+FY+iW1u9o5eJGPmuMlQe9Tf2Vc/9BCb8xWZpOnzzWzOl5LGBI4wu + McHr+NAi69tb/wBuxx+Um3yCcbRjO76Ua9bW8elTOkSKwKchQD94VSbT5xrC + QfbJdxhLb+N2N3T6Uaxp88GnSyveSygbflbGDlhQB0v2O0/54J/3yP8ACsfR + ra3eCcvEjETyDlQeM1N/ZVz/ANBCb8xWZpWnzzQzMt5LHtlcYXHJB6/U0AXZ + ba3Gt26CJNpickbRjOfpTtctrZNKuHSJFYAYIUA/eHtVCXT5xq0MJvJSzRsd + /G4YPSl1fT54dOmle9llCgfK2MHkUAdElpabR+4Tp/dH+FZOj21u63e+JGxc + yAZUcAY4qVdKuSoP9oTdPUVm6Zp88q3JW8lj2zyKduOSMcn3NAF24trcazaI + IkClJMjaMGpNZtrZNLuGSJFYLwQoB6/Ss6bT511S2hN5KWZHIc4yMdh9afqu + nTw6fPI17LIFH3Wxg896AN2G0tDDGTCn3R/CPT6VmaTbW7vfb4kbbcOBlRwO + OKdFpdyYkIv5hkDjIqhpunzytdhbyWPZO6nbj5iMcn3oAu3dtbjV7BBEgVhL + kbRg4Hep9WtbZNNuGSFFIQ4IUZ/lWXc6fOup2cRvJWZxJhjjK4Hb61NqWm3E + VhPI17LIFUnaSMH60AbFraWptoiYUJKL/CPT6VnaXbW7T3waJCFmIGVHAwKL + fS7loI2F/MoKg4BHHFUtP0+eSa8VbyVNkpBIx8xx1PvQBdvba3XVNOVYkCsZ + cgKMHC96s6na2y6dcssKAiNsEKM9PpWTd6fOmo2MRvJWMhkwxxlcL2+tT6hp + txHYzyNfSuFRiVJGDx0NAGpZWtq1lbs0KEmNMnaPQe1UdNtrdry/DRIQsgAB + UccdqbaaZcPawuL+ZQyKcAjAyOlVLHT55Lq9RbyVCkgBIxluOpoAu39tbrf6 + eqxIAzvkBRz8vermoWtqthcssKAiJyCFH90+1Y17p88d7ZIbyVzIzAMcZXA7 + VavdMuI7Od2vpnCxsSpIwcDoaAL+nWtq2n2zNChJiQklR/dHtVOwtrdtQ1BW + iQhWTAKjj5e3FR2OmXEllbut9MgaNCFBGBkDgVWs9Pne9vYxeSoY2QFhjLZH + f6UAXdStrdbuwCxIA0pBwo5478VevbW1WznIhQERtztHp9KxL/T547mzVryV + y8hAJxleOoq5daZcJazOb+ZgqMcEjBwOlAFrS7W2bTrZmhQkxrklRnp9KrWV + tbtquoo0SFV8rA2jAyvaodP024ksYJFvpUDIpCgjA46CoLTT531G+iF5Kpj8 + vLDGWyvf6UAXdUtrdZrELEgDTgHCjkYNaNzaWot5SIUBCN/CPT6Vg6hp88ct + mGvJX3zBQSR8pweR71en0u5WCRjfzNhScEjnigCbSbW2fTbdnhRiUGSVGf5V + Ba21udYvkMSFVWLA2jAyKr6bp1xLYQSLeyxhlB2qRgfSorfT521O7iF5KpQR + 5YYy2R3+lAF3V7a3RrHZEi7rmMHCjkc8VpzWloInIhT7p/hHp9K5/UtPniNp + uvJZN86KM4+UnPI9xWhLpdyI3Jv5jgHjIoAXRba2fS7dniRmK8kqCep9qjgt + rc6zdIYkKiNMDaMD9Kq6Vp082nwyLeyxhh91SMDmmQ6fO2q3EIvJQyohLjGT + nsfpQBd1i2t0S12RIubiMHCgZBzxWs1pabT+4Tp/dH+Fc5qmnzxLbFryWTdO + ijdjgnuPcVpNpVzg/wDEwm/MUAM0O2t30q3d4kZiGySoJ+8famxW1udcnQxJ + tEKnG0YzmqekafPNp0MqXksQYH5Vxgcmkj0+c6vLCLyUMIlO/jceelAF3Wra + 3S3hKRIpM0Y4UDjNbH2O0/54J/3yP8K5rVdPnhhiZ7yWQGVBhscZPX6itP8A + sq5/6CE35igCHQra3k0uJniRmJfkqCfvGhba3/t14/KTb9nBxtGM7utUtH0+ + efT45EvJYgS3yrjAwxoXT5/7YaH7ZLuEIbfxuxu6fSgC7rdtbpZqUiRT5iDI + UDv9K2Psdp/zwT/vkf4VzWrafPDah3vJZRvQYbGOT1rT/sq5/wCghN+YoAh0 + O2t3sAzxIx3vyVB/iNH2a3/t8R+Um37NnG0Yzv64qlpGnzzWYdLyWIbmG1cY + 4NH9nz/2yIPtku7yN2/jdjdjH0oAu67bW8enMyRIp3JyFA/iHtWx9jtP+eCf + 98j/AArmtX0+eCxaR7yWUBl+VsY5IrT/ALKuf+ghN+YoAh0W2t3tXLxIx82Q + cqD3p/lRR69EI0VB5DHgAc7qz9J0+ea2dlvJYwJHGFxjg9fxqxBayW+uxrJO + 8x8ljl+vXGKAOlooooAKKKKACiiigAooooA//9P9z5bvUDqsEhsSJBGwCb15 + HrnpxT9WvNQk06ZJrExIQMt5inHI7Cppr+xOsW8ouEKLG4LbhgE+9O1nULGb + TJ44riN3YDADAk8igCaO/wBUCKBppIwP+Wq1naZd38f2vyrEybriRm+dRtY4 + yvPXHrW5HqenCNQbqPIA/jFZek39lF9s8ydF33MjDLAZBxgj2oAr3F3fnVLW + RrErIqvtTzF+bI557YqXU7zUZLCdJbAxoV5bzFOPwFPub+ybV7OVZ0KIsgLb + hgZHGTU2rahYS6bcRx3EbMy4ADAk0ALDfamIYwunEgKMHzF54qhp13qCSXhi + sTIWmYsPMUbTxxz1rZg1PTlgjBuYwQo/jHpWfpd/YxyXpknRQ87MuWAyMDkU + AVrq7v21KykexKunm7U3qd2V557YqfUb3UXsZ0lsDGhQgt5inA9cU67v7FtV + sJVnQonm7iGGBlRjJ96n1TUbCTT7iOO4jZmQgAMCSaAGW19qa20SrpxZQigH + zFGRjrVKwu79Li8MdiZC0mWHmKNpx09617TUtPW1hVrmMEIoILjg4qhpt/ZR + 3N80k6KHlypLAZGOooAr3l3qDX9i72JR0L7V8xTuyvPPbFWb+91J7K4STTyi + mNgW8xTgY64ovb+xfUbCRJ0Ko0m4hhgZXjNWdR1HT5LC5RLmNmaNwAGBJJFA + EFne6ktpAqaeXUIoDeYoyMdaqWV3qCXd60diXZnUsvmKNpx0z3rVsdS09LK3 + R7mNWWNAQWGQQBVOwv7FL2/d7hFV3UqSwwRjtQBWvru/e7smksSjK5Kr5inc + cdPard5e6k1pOr6eUUowLeYpwMdaZqF/ZPe2DpOjKjsWIYYAx3q7falp72Vw + iXMbM0bgAMMkkGgCnYXupJZQJHp5dQigN5ijIx1xVazu9QW/vnSxLu5TcvmK + NuF4575rS07UbCOwtke5jVljUEFgCCBVWyv7JNR1CR50CuY9pLDBwvOKAK9/ + d6g89mZLExlZcqPMU7jjp7Vdub7U2t5VbTioKMCfMU4GOtR6lf2MlxYtHcIw + SXLEMDgY6mr11qWntazKtzGSUYABx6UAZ+nXuopYwJFYGRAgAbzFGR64NQWt + 3frqd7IliWdxHuTzFG3C8c981oaXqNhHp9vHJcRqyoAQWAINV7S/sl1W/lad + AjiLaSwwcLzigCvqV3fvJZmWxMZWZSvzqdx9OOlX5r7UzDIG04gFTk+YvHFQ + apf2UklkY50YJOrNhgcAZ5NaM+p6c0EgFzGSVP8AGPSgDK0u81GPT4EisDKg + XhvMUZ/A1HBd6gNUupFsS0jKm5PMX5QBxz3zV3SNQsYtNt45biNGVeQWAIqO + 3v7FdXu5WnQI6RgNuGDgc4NAFbU7vUJPsvm2Jj23EZX94p3MM4Xjpn1rRe/1 + QowOmkDB/wCWq1X1a/sZfsflzo2y5jY4YHAGck+1acmp6cUYC6j6H+MUAY2k + 3moR6dCkNiZUAOG8xRnk9jTIrvUBqs8gsSZDGoKb14HrnpzVvRtQsYdMgjlu + I0dQcgsARyabDf2I1i4lNwgRo0AbcMEj3oArard6hJHAJbExATIQfMU5I6Dj + 1rTN/qv/AEDT/wB/Vqpq9/ZSxW4inRys8bHDA4A6mtY6ppuP+PqL/vsUAYOj + XeoRabCkFiZkG7Db1GfmPY0Jd6h/a8kgsSZDCAU3rwM9c9Ks6Hf2MOlwRTTo + jruyCwBHzGhL+xGtSzGdPLMKgNuGM7umaAK2rXmoSW6LNYmICRCD5inJB4HH + rWp9v1X/AKBp/wC/q1U1m/sZbaNYrhHIlQ4DA8A8mtb+1NN/5+ov++xQBgaP + d38VgiQ2JmTLfN5ij+I9jQLvUP7ZMv2E+Z5AGzzF+7u+9np7Yqxol/ZQ6ckc + 06IwZ+CwB5Y0ov7H+3DN56eX9nC7twxnfnGfWgCtq93fyWe2axMS70O7zFPO + eBgetan2/Vf+gaf+/q1T1q/sprLZFOjtvQ4DAnANa/8Aamm/8/UX/fYoAwNJ + vNQjtCsNiZV3uc+Yo5J5HPpQbvUP7YWX7CfM8gjZvX7u7rnp+FWdFv7GGzKS + 3CI3mOcFgDgmg39j/bizeenl/Zyu7cMZ3ZxmgCtrF3qEunyJNYmFCVy29Tj5 + h2Fan2/Vf+gaf+/q1U1u/sZtNkjinR2JTgMCeGFa39qab/z9Rf8AfYoAwNKv + NQjgkENiZQZXJPmKMEnkc+lEl3fnV4pDYkSCJgE8xeRnrnpVnR7+xit5VluE + QmVyAWA4J4NJJf2R1qGYTp5YhYFtwxnPTNAEGsXeoS6bMk1iYUO3LeYpx8w7 + CtIX+q4H/EtP/f1aq65f2M2lzxw3CO7bcAMCT8wrVGqabgf6VF/32KAMHS7u + /jS4EViZQZnJPmKME9Rz6UTXmoHVbeRrEiQI4CeYvIPU56cVY0i/soo7kSzo + haeRhlgMg9DSz39idYtpRcIUWNwW3DAJ96AIdWvNQk0+ZJrExIQMt5inHI7C + r0d/qgRQNNJGB/y0WotZ1Cxl0yeOK4jd2AwAwJPIq/HqenCNQbqPoP4xQBia + Zd38Zu/KsTJuuHLfOo2scZXnrj1ryn4lTXE2sWzXMBt2EAABYNkbm54r17Sb + +yiN75k6LvuZGXLAZBxgj2rzD4jwyalrFtLYD7QiwBSyHIB3McZ/GgcSXwRN + cJ4a1GKOAvG0nzPuA2/Kvbqa9RgvtTEMYXTiwCjB8xeeK868Gr9h8M6jbXZE + UskhKoxAJG1egr0+31PTlgjVrmMEKM/OPSgGY2nXeoJJeGOxMhaZiw8xRtOB + xz1ourvUG1Kxd7Eq6ebtXzFO7K889sVZ0y/sY5b0yTooediuWAyMDkUXl/Yv + qunyLOhSPzdxDDAyoxn60CG6je6i9jOklgY0KEFvMU4Hripra+1NbaJV04so + RQD5ijIx1p+p6jYSafcRx3EbMyMAAwJJxU9pqWnrawq1zGCEUEFxwcUAZFhd + 6glxeNHYmQtJlh5ijacdPei8u79r+xd7Eo6M+1d6ndleee2Ksadf2Ud1fNJO + ih5cqSwGRjqKL6/sn1GwkSdGVGk3EMMDK8ZoAW/vdSeyuEk08opjYFvMU4GO + uKdZ3upJZwKmnl1EagN5ijIx1xU+o6jp8lhcolzGzNG4ADAkkinWOpaellbo + 9zGrLGgILDIIAoAy7K71Bby9aOxLs7ruXeo2nHTPei+u9Qe7smksSjK5Kr5i + nccdParNhf2KX1+7zoqu6lSWABwvajUL+xe8sHS4RlSRixDDAGO9ADru+1Jr + SZX08opRgT5inAx1plhe6kljAkenmRQigN5ijIx1xV291LT3s50S5jLNGwAD + DJJBpmm6jYR6fbpJcRqyxqCCwBBxQBm2l3frqF86WJd3Me5fMUbcLxz3zRqF + 3fvPZmSxMZWXKjzFO446e1WLK/sk1LUJHnQK5j2ksMHC84o1K/spLixaOdGC + S5YhgcDHU0AS3F9qbW8obTioKtk+YpwMdag0291FLCBIrAyIEGG8xRkeuK0r + rUtOa2lVbmMkowADj0qtpeoWEenW8clxGrKgBBYAigChbXeoLqd7ItiWdxHu + TzFG3A4575o1G71B3tPNsTGVmUr+8U7jzxx0qzaX9iuq38rToEcRbSWGDhTn + FGqX9jI9kY50bZOrNhgcAZ5NAE019qhicNpxAKnJ8xeOKqaXeajHp8CRWBlQ + Lw3mKM8+hrWn1PTjDIBcxklT/GPSqWkahYxabbxy3EaMq8gsARzQBSgu78ap + dSLYlpGVNyeYvygdDnvmjU7u/kFr5tiY9s8ZX51O5hnC8dM+tWLe/sl1e7la + dAjJGA24YOBzg0urX9jKLTy50bbcRscMDgDOSfagCy9/qmxs6aRwf+Wq1n6R + eahHp0KQ2JlQA4bzFGeT2NbT6nppRgLqPof4xWdot/Yw6ZBHLcRo6g5BYAjk + 0AVIrvUBq08gsSZDGoKb14GeuelGq3d/JFCJrExATIQfMU5I6Dj1qzDf2I1m + 4lNwgRokAbcMEg+tJrF/ZSwwCKdHKzxk4YHAB5NAFz7fqv8A0DT/AN/VrL0a + 7v4tNhSCxMyDdh96jPzHsa3/AO1NN/5+ov8AvsVkaFf2UOlQRTTojjdkFgCP + mNAFdLu/GsSSixJkMIBTzF4GeuelGrXeoSWyLNYmJRIhzvU8g8Dj1qwl/ZDW + 5JjOnlmAANuGM7umaXWb+xltUWK4RyJUOAwPAPNAFv7fqv8A0DT/AN/VrL0e + 71COxVIbEyrub5vMUfxHsfSt/wDtTTf+fqL/AL7FZOiX9jDp6RyzojBn4LAH + ljQByHjG6u2sr95rYxFrVVI3g4Uyj5uPfjFeQ6CCdYtcDJD5x9BXr3ju8tpb + G+MMquHt4kBUg5PnqSPyryXw5j+2rUngAk/+OmgpbH0p9v1X/oGn/v6tZekX + d/HalYbEyrvc58xRyTyOfSt/+1NN/wCfqL/vsVkaLf2UNmUlnRG8xzgsBwTQ + SV2u7/8AthZfsJ8zyCNnmL03dc9KNYu9Ql0+RJrEwoSuW8xTj5h2FWGv7L+3 + Em89PLFuV3bhjO7OM0a5f2U2myRwzo7ErgBgTwwoAufb9V/6Bp/7+rWXpV3q + EcEoisTKDK5J8xRgk8jn0rf/ALU03/n6i/77FZOj39jFBKstwiEzSEZYDgng + 0AVpLvUDq8UhsSJBEwCeYvIz1z0pdYvNQl06ZJrEwocZbzFOPmHYVYkv7E61 + DMJ02CFgW3DGc9M0a3f2M2lzxxXEbuwXADAk/MKALK3+qbR/xLT/AN/VrN0u + 7v40uPKsTLuncn94owT1HPpW6uqabtH+lRdP74rK0i/sokuRLOibriRhlgMg + 4waAK813fnVbeRrEiRUcBPMXkdzn2p+q3moSafMk1iYkI5bzFOOfQVLPf2Ta + xbSidCixuC24YBPvUmsahYy6ZPHFcRuzLwAwJPIoAljv9UEagacSMDnzVrO0 + 271CM3flWJk3TuW+dRtY4yvPXHrW3FqenCJAbqMEAfxis3Sr+xiN55k6LvuJ + GGWAyDjBHtQBWuLvUG1O0kaxKuqybU8xfmyOee2Kl1O81GSwnSWwMaFeW8xT + j8BUlzf2LatZSrOhRFk3HcMDI4yal1bULCXTriOO4jZmUgAMCTQAQX2piCML + pxYBRg+YvPFUdOu79Jbwx2JkLTEsPMUbTjp71s2+pactvErXMYIVQRvHpWdp + l/ZRzXpknRQ87FcsBkY6igCvdXeoNqVi72JV083avmKd2V557YqfUL3UXsZ0 + ksDGpRgW8xTgY64p15f2Lapp8qzoUTzdxDDAyuBn61Y1PUbCTT7iOO4jZmRg + AGBJOKAIrW+1NbaFU08soRQD5ijIx1qnYXeoJc3jR2Jdmkyw3qNpx0961rTU + tPS0hVrmMEIoILDg4qlp1/Yx3V8z3CKHlypLAZGO1AFa8u79r6yd7EoyM+1d + 6ndkc89sVZvr3UnsrhJNPKKY2BbzFOBjrikvr+yfULB0nRlRn3EMMDK96t6h + qOnyWFyiXMbM0bgAMCSSDQBWsr3Uks4Fj08uojUBvMUZGODj3qrZXd+l7esl + iXZ2XcvmKNpx0z3rUsNR09LG3R7mNWWNAQWGQQBVOwv7JL6/d50VXdSpLDB4 + 7UAV7681B7qyaSxKMrkqPMU7jjp7Vcu77U2tZlfTyilGBPmKcDHWmahf2Ml3 + YslwjKkhLEMOBjvVy91LT3s50S5jLNGwADDJJFAFKwvdSSxgSPTy6hFAbzFG + Rjriq9pd6guoXzpYl3cx7l8xRtwvHPfNaWm6jYR6fbpJcRqyxqCCwBBxVayv + 7FNT1CR50CuYtpLDBwvOKAK2oXd+81mZLExlZQVHmKdxx09qvXF9qbW8qtpx + UFWyfMXgY61DqV/ZST2LRzowSYFsMDgY6mtC61LTmtpVW5jJKMAN49KAM3Tb + 3UUsIEisDIgUYbzFGR64NQ213qC6neSLYlnYR7k3qNuBxz3zV/StQsItOt45 + LiNWVACCwBFQ2t/Yrqt9K06BHEW0lhg4Bzg0AVtSu9QdrTzbEx7Z1K/Op3Nz + gcdPrWhLfaoYnB04gFTz5i+lQapf2Mj2RjnRtlwjNhgcAZ5NaM2p6cYXAuYy + Sp/jHpQBk6XeajHp8CRWBlQLw3mKM8+hqOC7vxqtzItiWkZEBTzF+UDoc+9X + dI1Cxi023jluI0ZV5BYAjmore/sl1i7ladAjJGA24YJHXBoAr6pd38gtvNsT + FtnQr+8U7mGcLx0z61pPf6oVIOmkcH/lqtVdWv7KVbTyp0fbcRscMDgDOSfa + tR9T04owF1H0P8YoAxdIvNQi06FIbEyoAcN5ijPJ7GmxXeoDVppBYkyGNQU8 + xeBnrnpVrRb+xh0yCOW4jR1ByCwBHJpIr+xGszzG4QI0SgNuGCQemaAK2q3e + oSRQiWxMQEyEHepyQeBx61qfb9V/6Bp/7+rVTV7+xlhgEU6OVmjJwwOADya1 + v7U03/n6i/77FAGBo13fxadEkFiZkG7Db1GfmPY0Ld6h/bDyixJkMIBTzF4G + 7rnpVjQ7+yh0uGOadEcbsgsARljQl/ZDW5JjOnlmALu3DGd3TNAFfVru/ktl + WaxMS+Yhz5inkHgcetan2/Vf+gaf+/q1T1m/sprVFinRyJEOAwPANa/9qab/ + AM/UX/fYoAwNIu9QjslSGxMq7m+bzFHc9j6Ufa9Q/tnzfsJ8z7PjZ5i/d353 + Z6deMVZ0S/sYbBUlnRG3PwWAPLGj7fY/2753np5f2bbu3DGd+cZ9aAK2r3eo + SWRSaxMS7l+bep5yMcD1rU+36r/0DT/39WqmtX9jNYFIp0dt6HAYE8MK1v7U + 03/n6i/77FAGBpN3qEdqyw2JlXe5z5ijknkc+lDXd/8A2wkpsT5ghI2eYvTd + 1z0qzo1/Yw2jJLcIjeY5wWA4JpGv7L+3Em89PLEBXduGM7umaAK+s3d/Lp0i + T2JhQlct5inHzDsK1Pt+q/8AQNP/AH9WqeuX9lNpkscM6O5K4AYE8MK1/wC1 + NN/5+ov++xQBgaVd6hHDKIbEygyuSd6jBJ5HPpRJeagdWhkNiRIImATzF5Ge + uelWdHv7GKCYSzohM0hGWA4J4NEt/YnWYZhcIUETAtuGAc9M0AV9XvNQl06Z + JrExIQMt5inHI7CtFb/VNo/4lp/7+rVfW7+xm0ueOK4jd2AwAwJPzCtNdU03 + aP8ASoun98UAYWl3eoRrc+VYmXdO5PzqMMeo59PWia7vzqttI1iRIqOAnmL8 + wPU59qs6Tf2MSXQlnRN1xIwywGQcYNJPf2TaxayidCio4LbhgE+9AEeq3moS + afOk1iYkI5bzFOOfQVcivtUEaAacSABz5i1HrGoWMum3EcVxG7MvADAk81fi + 1PThEgNzGCFH8Y9KAMTTbvUEa78qxMm6dy37xRtY4yvPXHrRc3eoNqdnI1iV + dRJtTzFO7I557YqzpV/YxNe+ZOi77h2XLAZBxyPai6v7FtWspVnQoiy7iGGB + kcZNADNTvNRksJ0lsDGhU5bzFOPwFWIL7UxBGF04sAowfMXnil1XULCXTriO + O4jZmQgAMCTVm31PTlt4la5jBCqCN49KAMfTru/Sa8MdiZC0pLDzFG046e9F + 3d37ajYu9iUdPM2rvU7srzz2xVjTL+yjmvjJOih5iVywGRjqKLy/sn1TT5Fn + QpH5u4hhgZXjP1oATUL3UXsZ0ksDGpRgW8xTgY64qW1vtTW1hVNPLKEUA+Yo + yMdal1PUbCTT7iOO4jZmRgAGBJOKls9S09LSBWuYwQiggsODigDJsbvUEubx + o7EuzSAsN6jacdPei8u9Qa9snexKMjPtXzFO7I557Yqzp9/Yx3d8z3CKHkBU + lhyMdqL6/sXv7B0nRlRn3EMMDK96AFvr3UnsrhZNPKKY3BbzFOBg5OPaiyvd + SSzgVNPLqI1AbzFGRgc496s6hqOnvYXKJcxszRuAAwJJKmlsNR09LG3R7mNW + WNAQWGQQBQBl2V3fre3rpYl2dl3L5ijbx6980X93fvdWTSWJRlkJUeYp3HHT + 2qxYX9kl/fu86KrshUlhg4XtRqF/ZSXdiyToypISxDDgY70ASXV9qbWsyvp5 + VSjAnzFOBjrUen3upJYwJHYGRQigN5ijIx1xV681LT3tJ1W5jJKMAAw5OKi0 + 3UbCPT7dJLiNWWNQQWAIOKAM60u9QXUb50sSzv5e5fMUbcLxz3zRqF3qDzWZ + ksTGVlBUeYp3HHT2qzZ39imp6hI06BHMW0lhg4XnFGpX9jJPZNHcIwSYFsMD + gYPJoAluL7U2gkVtOKgqcnzF4GOtV9NvNRjsIEisDIgUYbzFGR9DWlc6lpzW + 8qrcxklGAG8elVtK1Cwi063jkuI1ZUAILAEUAULa7v11O8kWxLOwj3J5ijbg + cc980ald38jWnm2Jj2zoV/eKdzDOBx0z61Ytb+yXVr6Vp0COItpLDBwOcGjV + b+ylay8udG2XCM2GBwBnk0AWJb7VDG4OnEAg8+YtU9KvNQj0+BIrEyoF4bzF + GefQ1ry6npxicC5jJKn+MelUNH1Cxi023jluI0ZV5BYAjmgCnDd6gNVuZFsS + 0jIgKeYvygdDn3o1S7v5FtvNsTFtnQj94p3MM4HHr61Zgv7FdXupWnQIyIA2 + 4YJHXmk1e/spVtfKnR9txGxwwOAM5NAFpr/VNpzpp6f89VrO0i81CLToUhsT + KgBw3mKM8nsa3G1PTdp/0qPp/fFZmiX9jDpcEctxGjqDkFgCPmNAFWO7vxq0 + 0gsSZDGoKeYvAz1z0o1W81CSGIS2JiAlQg+YpyQeBx61Yiv7Ia1PMZ0CNEoD + bhgnPTNLrF/YywQrFcI5E0ZOGBwAeTQBb+36r/0DT/39WsvR7vUItOiSGxMy + DdhvMUZ+Y9jW/wD2ppv/AD9Rf99isnQ7+xh0yGOadEcFsgsAeWNAFZbvUP7Y + eUWJ8wwgbPMXpu656Uatd6hJbKs1iYl8xDnep5B4HHrVlb+xGtvN56eWYAu7 + cMZ3dM0azf2MtoqxXCORIhwGB4BoAt/b9V/6Bp/7+rWXo93fx2QSGxMq7m+b + zFHf0PpW/wD2ppv/AD9Rf99isjRL+yhsFSWdEbc5wWAPLGgCv9r1D+2fN+wn + zPs+NnmL93f97PTrxijV7vUJLJkmsTEu5fm8xT3HYetWft9j/bvneenl/Ztu + 7cMZ35xn1o1u/sZrBkinR23JwGBPDCgC39v1X/oGn/v6tZek3eoR2zLDYmVf + Mc53qOSeRz6Vv/2ppv8Az9Rf99isnRr+xitGWW4RCZHOCwHBNAFZru//ALYS + U2JEghI2b15G7rnpRrF3fy6dKk9iYUO3Lb1OPmHYVYe/sjrccwnTyxAV3bhj + O7pml1y/sZtMmjhnR3O3ADAnhhQBb+36r/0DT/39WsvSru/jhmENiZQZXJPm + KMEnkc+lb/8Aamm/8/UX/fYrI0e/sooZxLOiEzSEZYDIJ4NAFeW81A6tDIbE + iQRsAnmLyM9c9Kdq95qEmnTJNYmJCBlvMU45HYVPLf2J1mCYXCFFiYFtwwCT + 0zS61f2M2mTxxXEbuwGAGBJ5FAFhb/VNoxpp6f8APVazdMu9QjW58qxMm6eQ + t+8UbWOMrz1x61urqem7R/pUfT++Ky9Jv7GJbvzJ0XdcSMMsBkHGCPagCtPd + 351W2kaxKyKjgJ5i/MD1OfapNVvNQk0+dJbExIV5bzFOOfQVLPf2LavayrcI + UVHBbcMAnpk0/WNQsZdNuI4riN2ZeAGBJ5oAkivtUESAacSAo58xfSs/Tbu/ + ja78qxMm6dy37xRtY4yOeuPWtqHU9OEKA3MYIUfxj0rN0q/somvfMnRd9w7L + lgMg45FAFe5u9QbU7ORrEq6iTanmKd2Rzz2xU2pXuovYTpLYGNCpy3mKcD1w + KddX9k2rWMqzoUQS7iGGBkcZqfVdQsJdOuI47iNmZCAAwJNACW99qawRqunF + gFGD5i8jHWqOn3eoJNeGOxMhaUlhvUbTjp71sW2pacttErXMYIRQRvHpVDTb + +xjnvTJOih5iVywGRjqKAK13d37ajYu9iUdDJtXzFO7K889sVY1C91J7GdJL + AxqUYFvMU4GOuKL2/sn1PT5EnQpGZdxDDAyvGas6lqNhJp9wkdxGzNGwADAk + nFAEVpfamtrCqaeXUIoB8xRkY61TsbvUEur1o7EuzyAsPMUbTjp71rWepael + nAj3MYZY1BBYcECqOn39lHd3zPOiq8gKksORjtQBXvbvUGvbJ3sSjIzbV3qd + xx69qtXt7qT2c6vp5RTGwLeYpwMHnHtSX9/Yvf2DpOjKjuWIYYGV71bv9R09 + 7G4RLmNmaNwAGGSSDQBVsb3UksrdY9PLqsaAN5ijIAHOPeqtnd6gt7euliXZ + 2TcvmKNuBxz3zWnp+o6elhbI9zGrLGgILAEEKKq2N/Ypf37vOiq7JtJYYOF7 + UAVr+7v3ubNpLEoyyEqPMU7jjp7Vcur7U2tZlfTyqlGBPmKcDHWo9Rv7KS6s + WSdGCSEsQw4GO9XrzUtPe0nRbmMsyMAA45JFAFDT73UUsYEjsDIoRQG8xRkY + 64qC0u79dRvnSxLu/l7l3qNuF4575rR0zUbCPT7eOS4jVlRQQWAIOKrWd/ZJ + qmoSNOgSTytpLDBwvOPpQBX1C71B5bMyWJjKzAqN6nccdPar099qZgkDacVB + U5PmLxxUWp39jJNZGOdGCTAthgcDB5NX7jU9Oa3lVbmMkqwA3j0oAzdMvNRj + sIEisDIgUYbzFGfwNQ293frqd3ItiWdlj3J5ijbgcc981f0rULCLTreOS4jV + lQAgsARUFrf2S6teytOgR1j2ksMHA5waAK+p3d/IbTzbEx7Z0K/vFO5hnC8d + M+taEt9qhjcHTiAQefMWq+q39lK1l5c6NsuEZsMDgDOSfatOXU9OMTgXMZJU + /wAY9KAMfSrzUI9PgSGxMqAcN5ijPPoaZDeagNVuJFsSZGRAU8xeAOhz71c0 + fULGLTII5biNGVeQWAI5NMgv7FdYupTcIEaNAG3DBI96AK2qXeoSLbebYmLb + OhHzqcsOg49fWtJr/VNp/wCJaf8Av6tVtWv7GVLURTo+24jY4YHAGcmtRtU0 + 3af9Ki6f3xQBh6ReahFp0KQ2JlQA4bzFGeT2NJHd341eaQWJMhiUFPMXgZ65 + 6Va0S/sYdLgjluI0dQcgsAR8xpsV/ZDWppjOmwxKA24YznpmgCvqt3fyQxCa + xMQEqEHzFOSDwOPWtT7fqv8A0DT/AN/VqnrF/ZSwQrFOjkTIThgeAeTWv/am + m/8AP1F/32KAMDR7vUItPjSGxMyAthvMUZ+Y9jQt3qH9sNL9hPmeSBs8xem7 + rnpVnQ7+xh0yKOadEYFsgsAeWNC39j/bbzeenlmALu3DGd3TNAFbVrzUJLUL + NYmJd6HPmKeQeBx61qfb9V/6Bp/7+rVTWb+xmtFWK4R28xDgMDwDWt/amm/8 + /UX/AH2KAMDSLu/isgsNiZV3N83mKOc9MGj7Xf8A9siX7CfN+z48vev3d33s + 9OvGKsaJf2UNiElnRG3ucFgDyTR9vsv7dE3np5f2bbu3DGd+cZ9aAK+sXd/L + Ysk1iYl3L829T3HYVqfb9V/6Bp/7+rVPW7+ym09kinR23JwGBPDCtf8AtTTf + +fqL/vsUAYGk3eoR2zrDYmVTI5zvUck8jn0qxBPcza7Gbi3MB8lhgsG4z14p + dGv7GK1dZbhEJlc4LAcE8VItzb3GvRtBKsg8hhlSDzuzigDoKKKKACiiigAo + oooAKKKKAP/U/dqaztBrNtGIUCGNyRtGCfpT9as7SPS7h44EVgBghQCORVGW + xuxqsERvXLtG5D4GQB2p+rWN3Fp00kl68qgDKkAA8igDcjsLExqTbx9B/AKy + 9Is7ST7b5kKNtuZFGVBwBjAHtU0enXxRSNQkHA/hWs7TLG7k+17L149lxIpw + B8xGPmPuaALdzZ2g1izjEKBGWTI2jBwO4qbV7Kzj024eOCNWC8EKARWdcWN2 + uqWsRvXZmVyHwMrgdvrUup2F5HYTyPfPIqrypUYNAGxBYWJgjJt4ySo/gHpW + bpdnaPJfB4UbbOwGVBwMDgVJDp16YYyNQkAKjjavHFUNOsbuSS7CXrx7JmBw + B8x45NAFu7s7RdW0+NYUCuJcgKMHCjGRVjVLKzTTrh0gjVghIIUAisy6sbtd + Sso2vXZn83DEDK4XnH1qfUbC8jsZ3e+eRVQkqVGD7UAadpY2TWkLNbxklFJJ + QelUNNs7R7m/DwowWXAyoOBjtTrbT71raJlv5FBRSBtHHHSqVhY3clxeKl66 + FJMEgD5jjqaALd9Z2i6lp6LCgV2kyAowcL3q1qNlZJp9y6QRqyxuQQgBBxWV + eWN2l/Yo167M5fDEDK4Xt9as3+n3iWVw738jqsbEqVGCAOlAF+xsbJrK3Zre + MkxoSSgyTgVS0+ztHvb9XhQhHUAFQQPl7UWen3r2kDrfyIGRSAFGACOlVLKx + u3u71FvXQo6gkAZbjqaALeoWlol7YKkKKHkYEBQAeO9Xb6xslsrhlt4wRG5B + CDIODWPfWN2l3ZI967l3YAkD5eOoq3eafepaTu1/I4VGJBUcgDpQBa02ysn0 + +2d4I2YxqSSgJJxVWxs7RtS1BGhQqhj2gqMDK9qbYafePZQOl9IisikKFGAM + dKrWdldvf30a3royFMsAMtle/wBKALepWdolzYhIUUNNg4UDIx3q/dWNktrM + y28YIRiCEHpWLf2N3HPZq967l5cAkD5TjqKu3OnXq28rNfyMAjEjaOeOlAE2 + l2Vm+nW7vBGzFASSoJNV7S0tG1bUI2hQqgiwCowMrzgVHp1heSWMDpfPGrIC + FCjA9qgtbG7bU72Nb11ZBHlgBlsrxn6UAW9Vs7SOSxCQou6dQcKBkc8GtKew + sRBIRbxghT/APSsLUrG7jezD3ryb5lAyB8p55FX5tOvRDITqEhAU8bV54oAX + R7Ozk0y3eSCNmK8kqCTUVtZ2h1i8jMKFVSPA2jAyOwqDS7C7k0+CSO9eNWXh + QoIFRwWN22qXUQvXVlVCXwMtkd/pQBb1aztI/seyFF3XManCgZBzkH2rUksL + EIxFvH0P8ArA1Oxu4/su+9eTdcRqMgfKTnDD6Vovpt8EYnUJDwf4VoAZotna + SaXbvJAjMQckqCTyaZDZ2h1m5jMKFBGhA2jAP0qvpNjdy6dDJHevEpBwoAIH + JpkVjdnVZ4heuHWNSXwMkHtQBb1iztI4rcxwopM8YOFAyCela5sLHH/HvH/3 + wK53VbG7ijgMl68m6ZAAQBgnv+FaZ02+x/yEZP8AvlaAK+hWdpLpUEksKOx3 + ZJUE/ePehLO0OtyxGFNggU42jGd3XFVNGsbubTYZI714lO7CgAgfMaEsbs6v + JEL1w4hB34GSM9KALes2dpHbRtHCikyoOFA4JrX+wWH/AD7x/wDfArndWsbu + K3RpL15AZEGCAMEnr+Fan9m33/QRk/75WgCtodnaS6cjyQo7Fn5Kgn7xoFna + f260Xkps+zg7doxnf1xVTR7G7lsEeO9eJSW+UAEcMaBY3f8AbJh+2vv8gNvw + M43YxQBb1u0tIrHdHCiHegyFAPWtf7BYf8+8f/fArndXsruKz3yXryjeg2kD + HJ61qf2bff8AQRk/75WgCtotnaSWRaSFGPmOMlQTwaGs7T+3Vi8lNn2cnbtG + M7uuKqaTY3ctoWjvXiG9xgAHoevPrQbG7/thYvtr7/ILb8DON3SgC3rlnaRa + bI8cKIwKchQD94Vr/YLD/n3j/wC+BXO6xY3cWnySSXryqCvykAA5YVqf2bff + 9BGT/vlaAK2jWdpJbSmSFGImkHKg8A0SWloNbhiEKbDCxK7RjOeuKqaVY3cs + EjR3rxgSuMAA5IPX8aJLK7GrxRG9cuYmIfAyBnpQBc12ztItKnkihRGG3BCg + H7w71qiwscD/AEeP/vgVz+sWN3Dps0kl68qjblSAAfmFaQ02+wP+JjJ/3ytA + FfR7O0kjuTJCjbZ5AMqDgDHFE9naDWbaMQoEaNyRtGCR7VU0uxu5UuDHevHt + mcHAByR3/GiaxuxqtvEb1y7I5D4GQB2/GgC9rVnaR6XcPHAisAMEKARyK0Y7 + CxMak28fQfwCsPVrG7i0+aSS9eVQBlSoAPIq9Hp18UUjUJBwP4VoAh0m0tJD + e+ZCjbbmQDKg4AxwPai5s7RdYsoxCgVlkyNowcDuKqaZY3chu9l68eyd1OAP + mIx8x+tFxY3a6paRG9dmdZMPgZXA7fWgDR1eys49NuHjgjVgvBCgEVbt7CxN + vETbxklV/gHpWRqdhdx2E8kl88iqvKlRg1ag069MMZGoSAFRxtXjigCPS7O0 + eW+DwowWdgMqDgYHAovLO0XVdPjWFAr+duAUYOFGMiqmnWN3JJeBL14ykzAk + AfMcDk0XVjdrqVjG167M/m7WIGVwvOPrQBp6pZWaadcukEasEYghQCOKntLG + ya0hZreMkopJKD0rM1GwvI7Gd3vpJFVCSpUYPtU1tp961tEy38igopACjjjp + QA3TbO0e6v1eFGCy4AKg4GO1F9Z2i6jp6LCgV2k3AKMHC96qWFjdvcXipeuh + STBIA+Y46mi8sbtL+xRr13Zy+GIGVwvb60Aa2o2Vkmn3LpBGrCNyCEAIODS2 + FjZPY27NBGSY0JJQZJwKo32n3iWVw730jqsbEqVGCMdKWy0+8ezgdb+RA0ak + AKMAEdKAFsLO0e+v1aFCqOuAVBA+XtRqFnaJe2CpCgDyMCAoAPHeqllY3b3l + 6i3royOoLADLcdTRfWN2l3ZK167l3IBIHy8dRQBsX1jZLZXDLbxgiNyCEGQc + GmabZWb6fbO8EbMY1JJQEk4qrd6fepaTO1/IwVGJBUc4HSmWFheSWMDpfSIr + IpChRgDHSgB9jZ2janqCNChVDHtBUYGV5xRqdpaJcWISFFDTYOFAyMd6qWlj + dvqF9Gt66shjywAy2V4z9KNQsbuOezV713Ly4BIHynHUUAbd1Y2S20zLbxgh + GIOwelVtKsrOTTrd3gjZigySoJNRXGnXq28rNfyMArEjaOeKg02wvJLCB0vn + jVkBChRge1AEtpZ2jatfxtChVBFgFRgZU5wKNVs7SOSyCQou64QHCgZHPBqp + bWN22p3sa3rqyCPLADLZHGfpRqNjdxvaB715N8yqMgfKTnkUAbs9hYiGQi3j + BCn+AelUtHs7OTTLd5II2YrySoJPNJNp16InJ1CQgKeNq+lVNLsbuXT4JI71 + 41ZeFCggc0AT21naHWLyMwoUVI8DaMDI7CjV7O0jFn5cKLuuYwcKBkHOQfaq + kFjdtql1EL11ZVQl8DLZ/wAKNTsbuMWu+9eTdPGoyB8pOefwoA6B7Cx2N/o8 + fQ/wCszRLO0k0uB5IEZiDklQSeTUr6bfBGP9oSdD/CtZ+k2N3Lp0Mkd68SkH + CgAgcmgCzDZ2h1q4jMKFBEhA2jAOfSjWbO0jhtzHCikzxg4UDIJ6VUisbs6t + PEL1w6xqS+BkgnpRqtjdxRQmS9eQGZAAQOCe/wCFAHRfYLD/AJ94/wDvgVka + DZ2kulQSSwo7HdklQT9496s/2bff9BGT/vlay9GsbubTYZIr14lO7CgAgfMf + WgC2lnaHXJIjCmwQKdu0Yzu64o1qztI7VGjhRSZUGQoHBNVEsrs6xJCLxw4h + B34GSM9KNWsbuK2RpL15QZEGCB1J6/hQB0X2Cw/594/++BWRodnaS6cjyQo7 + bn5Kgn7xqz/Zt9/0EZP++VrL0ixu5bFXjvXiUs3ygAjhjQByvxAggitLpYo1 + QCCI4AA584DNeW+GQDrMAIz1/lXpvjq2nhsroS3DTFYY2JIAyDKBjj35rzDw + 1k6zbgHGc/yNBS2PqD7BYf8APvH/AN8CsjRLO0ksy0kKMfMcZKg9DVn+zb7/ + AKCMn/fK1l6RY3ctqWjvXiG9xgAHoev40EltrO0/t1IvJTZ9nJ27RjO7rijX + bO0i0yV4oURgU5CgH7wqo1jd/wBsLD9tff5BbfgZxu6UazY3cOnySSXryqCv + ykAA/MKAOi+wWH/PvH/3wKyNGs7SS3mMkKMRNIBlQeAelWf7Nvv+gjJ/3ytZ + elWN3LDKY714wJXBAA5IPX8aALclnaDW4YhCmwwsSNoxnPXFLrlnaRaVO8cK + IwC4IUA/eHeqcljdjV4ojeuXMTEPgZAz0pdYsbuHTppJL15VGMqQAD8woA6B + bCx2j/R4+n9wVk6PZ2kiXXmQo224kAyoOAMcVOum32B/xMJP++VrN0uyu5Uu + DHevHtndTgDkjv8AjQBbns7QazaxiFAjRuSNowce1SazZ2kemXDxwIrBeCFA + I5FUJrK7Gq28RvXLsjkPgZGO340/VbG7i0+aSS9eRQOVKgA80AbcVhYmJCbe + PoP4BWZpNnaSG93wo225kAyoOAMcD2qWPTr4xqRqEgyB/CtZ+m2N3IbvZevH + sndTgD5iMcn60AW7qztF1eyjWFArLLkbRg4HGRU2rWVnHptw8cEasFOCFAIr + OuLG7XU7SM3rszrJhsDK4HOPrUup2F5HYTyPfPIqrypUYNAGvbWNibeIm3jJ + Kr/APSs7S7O0ea+DwowWdgMqDgYHAp8GnXrQRsNQkUFQcbV44qjp1ldyS3gS + 8eMpMQSAPmOOpoAt3lnaLqunIsKBX83cAowcLxmrOp2VmmnXLpBGrCNiCFAI + 4rLurG7XUrGNr12Z/N2sQMrhecfWp9QsLyOxnd76R1VGJUqMHjpQBp2djZNa + QM1vGSUUklB6VQ06ztHur9XhRgsoABUHAx2pbXT71raFlv5FBRSAFHHHSqdh + Y3b3N4qXroUkwSAPmOOpoAt39naJqGnosKBXZ8gKMHC96t6jZWSWFy6QRqyx + uQQgBBwaybyxu0vrJGvXdnZ8MQMrgdvrVm+0+8SyuHe/kdVjYlSowQB0oAvW + FjZPYWzvBGWaNCSUBJJUVT0+ztHv9QVoUKo6YBUED5e1JZafePZwOt/IgaNS + FCjABHSqtlY3b3t6i3royMoLADLcd6ALeo2dol5YKkKKHkIICgZGO9Xr2xsl + s52W3jBEbEEIPSsa+sbtLqyV713LuQCQPlOOoq5d6fepazM1/IwCMSCo546U + AWdNsrN9PtneCNmMakkoCScVVsrO0bU9QRoUKoYtoKjAyvOKZYWF49jA6X0i + KyKQoUYHHSq9pY3b6hfRreurIY8sAMtleM/SgC3qdpaJPYhIUUNMAcKBkY6G + tC6sbJbaZlt4wQjEHYPSsTULK7jmsw967l5QASB8px1FXbjTr1beVmv5GAVi + RtHPFAEulWVnJptu7wRsxQZJUEmoLSztG1a+jaFCqiLAKjAyDnAqLTbC8ksI + HS+eNWUEKFGBUNtY3baneRreurII8tgZbI4z9KALeq2dpG9lshRd1wgOFAyD + ng1pzWFiIZCLeMEKf4B6Vg6lY3cbWm+9eTfOqjIHyk55FaEunXwicnUJCAp4 + 2r6UAGj2dnJplu8kEbMV5JUEnmore0tDrF3GYUKKkZA2jAz6CoNLsbuXT4JI + 7141ZeFCjA5qOCyu21W5iF64ZUQl8DLZ7fhQBb1e0tI1tPLhRd1zGDhQMg54 + PtWq9hY7G/0ePof4BXP6pZXcQtd968m6eNRkD5Sc8/hWk+m3wUn+0JOh/hWg + CLRLO0l0uB5IEZiDklQSfmNNis7Q61PGYU2CJCBtGM59KraRY3cunQyR3rxK + QcKACByabFY3Z1aaIXrhxGpL4GSCelAFvWLO0jhgMcKKTPGDhQOCela/2Cw/ + 594/++BXO6rY3cUUJkvXkBmQAEAYJPX8K1P7Nvv+gjJ/3ytAFbQbO0l0qF5Y + UdjuySoJ+8aEs7Q65JF5KbBADt2jGd3XFVNGsrubTopI714lO7CgAgfMaFsb + s6w8X2194hB34GSN3SgC3rVnaR2iNHCikyoMhQOCa1/sFh/z7x/98Cud1axu + 4rZGkvXlBkQYIA5J6/hWp/Zt9/0EZP8AvlaAK2h2dpLp6vJCjNufkqCfvGj7 + Haf295Xkps+zbtu0YzvxnHrVTSLG7lsleO9eJdzfKACOCaPsN3/bPk/bX3/Z + 92/Azjfjb/WgC3rdnaRWBeOFFbenIUA/eFa/2Cw/594/++BXO6vY3cVkXkvX + lXcg2kADkitT+zb7/oIyf98rQBW0WztJLNmkhRj5jjJUHgGhrO0/t1IvJTYY + Cdu0Yzu64qppNjdy2paO9eIb3GAAeQev40NY3f8AbCQ/bX3mEnfgZxu6UAW9 + dtLSLS5XihRGBXBCgH7wrX+wWH/PvH/3wK53WbK7h06WSS9eVQVypAAPzCtT + +zb7/oIyf98rQBW0aztJIJjJCjETSAZUHgHpRLZ2g1qCMQpsMLEjaMZz6VU0 + qxu5YZTHevGBK4IAHJB6/jRJY3Y1aGI3rlzExD4GQM9KALuuWdpFpU7xwIjA + DBCgH7wrUWwsdo/0ePp/cFc/q9jdxadNJJevKoAypAAPIrRXTb7aP+JjJ/3y + tAEGkWdpIl15kKNtuJAMqDgDHFFxaWg1m1jEKBGjckbRg49qqaXY3ci3Oy9e + PbO6nAHJHf8AGiaxuxqttEb1y7I5D4GRjt+NAF/WbOzj0y4eOBFYLwQoBHNX + 4bCxMSE28ZJUfwD0rF1Wxu4tPnkkvXkVRypUYPNXItOvjGhGoSAEDjatAEWl + WdpI17vhRttw4GVBwBjgUXVnaLq9jGsKBWWXI2jBwOMiqmm2N3I13svXj2Tu + pwB8xGOT9aLmxu11Ozja9dmcSYbAyuBzj60AaOrWVnHptw6QRqwQ4IUAirdt + Y2Jt4ibeMkqv8A9KydTsLyOwnd755FVSSpUYNWINOvWgjYahIoKjjavHFADN + Ls7R574PCjBZiBlQcDHQUXtpaLqunRrCgV/N3AKMHC8ZFVNOsbuSa8CXroUl + IJAHzHHU0XdjdrqNjG167M/mbWIGVwvOPrQBqanZWaadcukEasI2IIUAjipb + Oxsms4Ga3jJMakkoPSs3ULC8jsZ3e+kdVRiVKjB46VLa6fetawst/IoKKQAo + 446UAJp1naPd36vCjBZAACoOBjtRf2douoaeiwoFdnyAowfl71UsbG7e5vFS + 9dCkgBIA+Y46mi8sbtL2yRr13Z2fDEDK4Hb60Aa2oWNklhcukEYZYnIIQAgh + TS2FjZPYWzNBGSY0JJQZJ2iqV9p94llcO1/I6rG5KlRggA8UWWn3j2cDrfyI + GjUhQowAQOKAFsLO0fUNQRoUKoyYBUYHy9qNRs7RLywVIUUPIQQFAyMd6qWV + ldve3qLeOjIy5YAZbI70X1ldpdWSveu5eQgEgfKcdRQBs3ljZLZzstvGCI2I + IQelRaZZWb6fbO8EbMY1JJQEniq91p96trMzX8jAIxIKjnjpUen2F5JYwOl9 + IisikKFGBx0oAfZWdo2qagjQoVQxbQVGBlecUanZ2iT2ISFFDTAHCgZGDwaq + WljdtqN9Gt66snl7mAGWyvGfpRqFjdxzWYe9dy8oAJA+U46igDbubGyW2lK2 + 8YIRsHYPSquk2VnJptu7wRsxQZJUEmmXGnXqwSMdQkYBScbV54qvptheSWED + pfPGrKCFCjAoAltbO0bV76NoUKqIsAqMDI5wKNWs7SN7LZCi7rhAcKBkHPBq + pbWV22p3kS3rqyCPLYGWyOM/SjUrG7ja033ryb50UZA+UnPIoA3prCxETkW8 + YIU/wD0qho1nZyaZbvJAjMV5JUEnmll06+Ebk6hIQAeNq1T0qxu5dPgkjvXj + VhwoUYHNAE9vZ2h1i7jMKFFSMgbRgZ9qNYs7SNLTy4UXdcRg4UDIOeKqQWN2 + dVuYheuGVEJfAyc9vwo1Sxu4ltvMvXk3TooyAME55/CgDoHsLHaf9Hj6f3BW + ZodnaS6VA8kCOxBySoJ+8albTb4KT/aEnT+6tZ2kWN3Lp0Mkd68SkHCgAgcm + gC1FZ2h1ueMwpsESkDaMZz6UazZ2kcEJjhRSZowcKBwT0qpHY3Z1aaIXrhxG + pL4GSM9KNVsbuKGIyXryAyoACAMEnr+FAHRfYLD/AJ94/wDvgVkaFZ2kulwv + LCjsS+SVBP3jVn+zb7/oIyf98rWXo9jdzadFJHevEp3YUAED5j60AW1s7T+3 + Hi8lNggB27RjO7rijWrO0jtEaOFFPmIMhQOCaqLY3f8AbDxfbX3iEHfgZxu6 + UatY3cVsrSXrygyIMEAck9fwoA6L7BYf8+8f/fArI0OztJdPV5IUdtz8lQT9 + 41Z/s2+/6CMn/fK1wA8S6dpQ+x3V/NDICTtSMMOSe/vQB232O0/t7yvJTZ9m + 3bdoxnfjOPWjXLO0i09njhRW3JyFAP3hWDpNyNbvVubG+lZWhOJGQBuHwVx6 + Z5rT1exu4rJnkvXlXcvykADkigDovsFh/wA+8f8A3wKyNFs7SS0dpIUY+Y4y + VB4Bqz/Zt9/0EZP++VrL0mxu5bZmjvXiHmOMAA8g9fxoAtvZ2g1yOLyU2GAn + btGM7uuKNds7SLS5nihRGBTBCgH7wqo1jdjWEi+2vvMJO/AyBu6UaxY3cOnS + ySXryqNuVIAB+YelAHRfYLD/AJ94/wDvgVkaNZ2kkE5khRiJpAMqDwD0qz/Z + t9/0EZP++VrL0qxu5YZjHevGBK4IAByQev40AW5bO0GtQRiFNhickbRjOfSn + a3Z2kWlzvHAisAMEKAR8wqlLY3Y1aGI3rlzGxD4GQAelO1exu4tOmkkvXlUA + ZUgAHkUAbyWFjtH+jx9P7grK0iztJFu/MhRttxIBlQcAY4qddNvto/4mEnT+ + 6tZumWN3ItzsvXj2zyKcAckdT+NAFu4s7QaxaRiFAjJISNowce1SazZ2cemX + DxwIrBeCFAI5qhPY3Y1W2iN65Zkch8DIx2/GpNVsbuLT55JL15FUcqVGDzQB + tQ2FiYUJt4ySo/gHpWZpNnaSPe74UbbcOBlQcAY4FSxademJCNQkAIHG1fSs + /TbG7ka72Xrx7J3U4A+YjHJ+tAFu6s7RdXsY1hQKwlyAowcDjIqfVbKzj024 + dII1YIcEKARWbc2V2up2cTXrsziTDYGVwOcfWptSsLyOwnd755FVSSpUYPtQ + Bq21jZNbRFreMkouTsHpWfplnaPPfB4UYLMQMqDgYHAp9vp160EbDUJFBUHG + 1eOKo6fY3ck14EvXQpKQSAPmOOpoAt3tpaLqmnosKBXMu4BRg4XjNWdTsrNN + PuXSCNWEbEEIARxWXd2N2mo2MbXrszmTaxAyuF5x9asahYXkdjO730jqqMSp + UYPHSgDRsrGyazgZreMkxqSSg9Ko6dZ2j3l+rwowSQAAqDgY7Utpp969rCy3 + 8igopACjjjpVOxsbt7q9VL10KSAEgD5jjqaALd/Z2iX+nosKBXd8gKMH5e9X + L+xsksLllgjBEbkEIMg7TWRe2N2l7ZI167s7MAxAyuB2q1e6feJZzu1/I4WN + iVKjBAHSgC5p9jZPYWzvBGWaJCSUBJJUVUsLO0bUNQRoUKoyYBUYHy9qSx0+ + 8eyt3W/kRWjQhQowAQOPwqrZ2N297eot66MjJlgBlsjv9KALepWdol3YKkKK + GlIICgZGO9Xryxsls52W3jBEbEEIPSsa/sbtLmyV713LyEAkD5TjqKuXWn3q + 2szNfyMAjEgqOeOlAFjTLKzfTrZ3gjZjGpJKgk8VWsrO0bVdRRoUKp5W0FRg + ZXnFR6fYXkljA6X0iKyKQoUYHHSoLSyu31G+jW9dWTy9zADLZXjP0oAt6pZ2 + iTWISFFDTgHCgZGDwa0bmxsRbykW8YIVv4B6Vh6hY3cctmHvXcvMACQPlOOo + q9Pp16sEjHUJGAU8bV54oAfpNlZyabbu8EbMUGSVBJqG1s7RtXvo2hQqqxYG + 0YGRzgVFplheSWEDpfPGrKCFCjAqG3sbttUu41vXVkEeWwMtkcZ+lAFvVrS0 + jay2Qou65jBwoGQc8H2rTmsLERORbxghT/APSsHU7K7jNpvvXk3zooyB8pOe + R9K0JdOvhG5OoSHAPG1aAE0aztJNMt3kgRmK8kqCTyajgs7Q6zdRmFCixoQN + owM+1V9KsbuXT4JI714lI4UKMDmmQ2N2dVuIheuHVEJfAyQe34UAW9Xs7SNL + Xy4UXdcRg4UDIOeK1msLHaf9Hj6f3BXPapY3ca22+9eTdOijIHBPf8K0m02+ + 2n/iYyf98rQBFodnaS6VA8kCOxBySoJ+8abFZ2h1ueIwpsEKkDaMZz1xVXSL + G7l06GSO9eJSDhQAQOTSR2N2dXliF64cRKS+BkjPSgC3rNpaRwQmOFFJmjBw + oHBPStf7BYf8+8f/AHwK53VbK7ihiMl68oMqAAgcEnr+Fan9m33/AEEZP++V + oAraFZ2kumRPLCjsS/JUE/eNC2dp/bjxeSmz7ODt2jGd3XFVNHsbubT45I71 + 4lJb5QAQPmNC2N3/AGw0X219/kht+BnG7pQBb1qztI7NWjhRT5iDIUDgmtf7 + BYf8+8f/AHwK53VrG7itQ0l68o3oMEAck9fwrU/s2+/6CMn/AHytAFbQ7O0l + sA0kKM29+SoJ+8aPslp/bwi8lNn2bO3aMZ39cetVNIsbuWyDx3rxDcw2gAjg + 0fYbv+2RD9tff5G7fgZxuxt/rQBb1yztItPZ44URtychQD94Vr/YLD/n3j/7 + 4Fc7rFjdxWLPJevKu5flIAHJFan9m33/AEEZP++VoAraLZ2klq7SQoxErjJU + HgGpBBBDr0YhjVB5DH5QBzu9qoaTY3cts7R3rxASOMAA8g9fxqxBbzQa7Gs1 + w0x8ljlgBxnGOKAOlooooAKKKKACiiigAooooA//1f3Plvrw6rBKbJw6xuAm + 4ZIPenatfXkunTRyWTxKQMsWBA5FWJr2zOs20onjKLG4LbhgE++afrV7Zy6X + PHHPG7EDADAk8jtmgB8eo34RQNOc8D+Jaz9MvryP7X5dk8m+4kY4YDaTjK/h + W9HqFgI1BuYug/jX/GsvSLyzj+2+ZPGu65kYZYDIOMEc9KAKtxe3japaytZO + rqr4TcMtkc/lUmp397JYTxyWLxqy8sWBAqa5vLNtYs5FnjKKsmTuGBkcZOam + 1e9spNNuEjuI2YrwA4JP60AJDqN+IYwNPcgKOdy88VQ06+vI5LspZPJvmYnD + AbTxwa3INQsBBGDcxAhR/Gvp9aztLvLOOS9LzxqGnYjLAZGByKAKl1fXjalZ + SNZOrJ5u1dwy2V5x9Km1G/vZLGdHsXjVkILFhge9SXd7ZtqunyLPGVQS7iGG + BlRjJzVjVL6yk064SO4jZihAAcEn9aAIbbUL5baJV092ARQDuXnjrVOwvbyO + 4vGSydy8mSAw+U46Gtm0v7FbWFWuYwQigguPT61Q028s0ub5nnjUPLkEsBkY + 7c0AVby+vHv7J2snRkL7VLDLZXnH0qzfahfPZXCPYOitGwLFhgDHWnX15Zvq + Onus8ZVGk3EMCBleM88Va1G+sXsLlEuI2Zo3AAcEk4+tAFSz1C+S0gRbB3Co + oBDDkAdaq2V9eJd3rpZO7O6lgGHy8dDWvY39illbq9xGGEaAguAQcD3qnp95 + Zpe37PPGqu6lSWAB+XtQBUvr28e7sneydGR2KgsPm46CrV5qF89pOjWDoGRg + SWHAI60aheWb3tgyTxsEkYsQwIAx3q7fX9i9lcKlxGWMbgAOCScH3oAoWF/e + pZQIlg7qqKAwYYIx1qvZ3t4l/fSLZO7OU3KGGVwvGfrWppt9ZJp9sj3Eassa + gguAQcfWqtjeWaalqDtPGFcx7SWABwvOOeaAKt/fXkk9mz2ToUlyAWHzHHQV + dudRvmt5VbT3UFGBO4ccdabqV5ZvcWLJPGwSXJIYHAx1PNX7q/sWtZlW5jJK + MAA49PrQBl6df3sdjAiWLyKqABgwwfeobW9vF1K9kWydncR7l3DK4XjP1rS0 + u+so9Ot0kuI1YIAQXAI/Wq9peWa6tfyNPGEcRbSWGDhecGgCrqN7eSPaF7J4 + 9kykZYfMeeBV+bUb9oXB09wCp53LxxUWqXlnJJZGOeNts6k4YHA55PNaU+oW + BgkAuYiSp/jX0+tAGPpd/exafBHHYvIqrwwYAGo4L68XVLqVbJ2dlQFNwyuB + x+dX9IvbKPTbdJLiNWC8guAR+tR215Zrq95IZ4wjJHg7hg4HY5oAqanfXkn2 + XzLJ49txGwywO4jOF/GtF9RvyjA6c44P8S1Bq17ZyfY/LnjbbcxscMDgDOSe + elakmoWBRgLmLof41/xoAw9JvryLToY47J5VAOGDAA8mmxX14NVnlFk5do0B + TcMgDvV3Rb2zi0uCOSeNGAOQWAI5PbNMhvbMazcymeMI0aANuGCR75oAq6pf + XkscAksniCzIQSwOSO341p/2lqH/AEDpP++lqtrF5ZyRW4jnjcieMnDA4APW + tc6hp+P+PmL/AL7X/GgDntHvryHTYY4rJ5VG7DBgAfmNCX14NXklFk5cwgbN + wyBnrmrWhXtnFpUEcs8aMN2QWAI+Y9iaVLyzGtyymePYYFG7cMZ3dM5oAqar + fXktuiyWTxASIclgckHp+Naf9pah/wBA6T/vpar6zeWcttGsc8bkSocBgeAf + rWt/aOn/APPzF/32v+NAHPaPe3kNgiRWTyqC3zBgByxoF9ef2wZvsT7/ACAu + zcM43dc/pVrQ7yzi05ElnjRgz8FgD94+9KLyz/t1pfPj2fZwu7cMZ39M+tAF + TV728ls9ktk8S70O4sD0PT8a0/7S1D/oHSf99LVbW7yzlsdkU8btvQ4DAng+ + xrX/ALR0/wD5+Yv++1/xoA57Sb68itCsdk8o3uchgOSen4UG+vP7YWb7E+/y + CuzcM43dc1b0W8s4rIrLPGh8xzgsAcE/Whryz/txZfPj2fZyN24Yzu6Zz1oA + qaxfXk1hJHLZPEpK/MWBA+YVp/2lqH/QOk/76Wq+uXlnLpsiRTxuxKcBgT94 + e9a39o6f/wA/MX/fa/40Ac9pV9eRQSLHZPKDK5yGAwSen4USXt4dXilNk4cR + MAm4ZIz1q3o15ZxW8qyTxoTLIcFgOCevWkkvLM63DKJ49ghYFtwxnPTOaAKu + sX15Nps0ctk8SnbliwIHzCtIalqGB/xLpP8Avpag1y9s5dKnjinjdjtwAwJP + zDsDWqNQ0/A/0mL/AL7X/GgDn9LvbyJLgR2Ty7pnJwwGCe34UTX14dVt5TZO + HVHATcMkHv8AhVrR7yzjjuRJPGu6eQjLAZB79aWe8szrNtKJ4yixuC24YBPv + mgCvqt9eS6fNHJYvEpAyxYEDkVdj1G/CKBpzngfxLTdZvbOXTLiOOeN2IGAG + BJ5HbNaEeoWAjUG5i6D+Nf8AGgDB0y9vIzd+XZPJvndjhgNpOMr+FFxfXjap + aStZOrqsmE3DLZHP5Va0m8s4ze+ZPGu65kYZYDIOORz0qvf6xpMOs2TTXsKB + UkyTIoAyOO9ADtTv72SwnjksXjVl5YsCBVqDUb9YY1GnuwCjncvPFR6jq2l3 + ul3ItLyGc7cfJIrc+nBrRt9QsBbxg3MYIVf419PrQBiadfXkcl2UsnkLzEkB + h8pwOKLq+vG1KxkaydWTzdq7hlsqM4+lW9LvLOOW+LzxqGnYjLAZGByKS8vb + NtV0+RZ4yqeduIYYGVGMnNADNRv72SxnR7B41ZCCxYYHvUttqF8ttEq6e7AI + oB3DnjrU2qX1lJp1wiXEbMyMAA4JPH1qe0v7FbWFWuYwQigguPT60AY1he3k + dxeMlk7l5MkBh8px0NF5e3j31k7WToyM+1Swy2V7fSrWm3lml1fs88ah5cgl + gMjHbmi+vLN9R091njKo0m4hgQMr354oAS+1C+eyuEewdFaNgWLDgY60tnqF + 8lnAiWDuqxqAwYcgDrVvUb6xewuUS4jZmjcABwSTj60thf2KWNuj3EassaAg + uAQQB70AZNlfXiXl66WTuzupZQw+XjoaL6+vHu7JnsnQo5KgsPmOOgq3YXlm + l9fu88aq7qVJYAH5e3NGoXlm97YMk8bBJGLEMCAMd+aAC71C+e0mRrB0DIwJ + LDgEdaZYX97HYwIlg7qqKAwYYIx1q/e39i9lcKtxGSY3AAcZJx9aZpt9ZJp9 + sj3EassagguAQcfWgDLtL28TUL6RbJ3ZzHuUMMrheM/WjUL28kns2eyeMpLk + AsPmOOgq1ZXlmup6g7TxhXMe0lhg4XnBzzRqd5ZvcWLJPGwSYEkMDgY6mgB9 + xqN81vKrae6gqwJ3DjioNOv72OwgSOxeRVQAMGAB961Lq/sWtplW5jJKMAA6 + +n1qvpV9ZR6dbpJcRqwQAguAR+tAGbbX14upXsi2TsziPcu4ZXA4z9aNRvry + R7QyWTx7JlIywO488VbtLyzXVr+Rp4wriLaSwwcKc4NGqXlnI9kY54223CE4 + YHA55PNAEk2o35icHT3AKnncvHFVNLvr2LT4I47F5FVeGDAA1sT6hYGGQC5i + JKn+NfT61S0e9so9Mt0kuI1YLyC4BHP1oAoQXt4uqXUosnZ2VAU3DK46fnRq + d9eSi18yyePbPGwywO4jOF/GrVveWa6xeSGeMIyRgHcMHA7HNGrXtnILPy54 + 223MbHDA4AzknnpQBO+pX5Uj+znHB/iWqGk315Fp0Mcdk8qgHDBgAeTW6+oW + BRgLmLof41/xrN0W9s4tLgjlnjRgDkFgCOT2zQBSivrwatPKLJy7RqCm4ZAB + 65o1W9vJYoRJZPEFmQglgckHp+NWob2zGs3EpnjCGJAG3DBOfXNGsXlnLDAI + 543InjJwwOAD160AWf7S1D/oHSf99LWZo19eQ6bDHFZPMo3YYMAD8x9a6H+0 + dP8A+fmL/vtf8ayNCvLOLSoI5Z40YbshmAI+Y9iaAKqXt4NXkmFk5cwgbNwy + BnrmjVr68ltkWSyeICRDksDyD0/GrSXlmNcklM8ewwKN24Yzu6ZzRrN7Zy2q + LHPG5EqHAYHgH60AWf7S1D/oHSf99LWZpF9eRWKpFZPKoZvmDADljXQ/2jp/ + /PzF/wB9r/jWTol5ZxaciSzxowZ+CwB+8aAOH8c3FxNY3jS27QkwRAgkHA85 + Tnj34ry3w4SNatiBk5b/ANBNesePrm3ksr0xSK4a3iUFSDyJlOOPavKPDWP7 + atieACT+hoKWx9I/2lqH/QOk/wC+lrM0m9vIrUrHZPKN7nIYDknp+FdD/aOn + /wDPzF/32v8AjWRot5ZxWZWWeND5jnBYA4J+tBJVa9vP7YWb7E+8QFdm4Zxu + 65o1i9vJtPkjlsniUlfmLAgfMKtNeWf9upL58ez7ORu3DGd3TOetGu3lnLpk + qRTxuxKcKwJ+8O2aALP9pah/0DpP++lrM0q+vIoZRHZPKDK5JDAYJPT8K6H+ + 0dP/AOfmL/vtf8aydGvLOO3mEk8aEzSEZYDgnrQBUkvrw6tFKbJw4iYBNwyR + nrS6xfXkunTRy2TxKcZYsCB8wq1JeWZ1qGUTx7BCwLbhjOemaNcvbOXSp44p + 43YhcAMCT8w7ZoAnGpX+B/xLpP8AvpazdLvbyJLgR2Tybp3Y4YDBPUfhXQLq + FhtH+kxdP76/41k6PeWcaXQknjXdcSEZYDIOMHr0oAqzXt4dVt5TZOHVHATc + MkHv+FP1W+vJdPmjksXiVhyxYEDmp57yzOs2sonjKLG4LbhgE++ak1m9s5dM + uEjnjdivADgk8jtmgB0eo34jUDTnOAOdy1n6bfXkZu/Lsnk3zuxwwG0nHy/h + W9FqFgIkBuYgQB/Gv+NZmk3lnGb3zJ413XMjDLAZBxyOelAFS4vrxtTtJGsn + V0WTCbhlsjn8ql1O/vZLCeOSxeNWU5YsCBU11eWbavZSLPGUVZMkMMDI4yal + 1a+spNNuEjuI2YqcAOCT+tADYNRv1gjUae7AKBncvPFUdOvbyOW8KWTyF5iS + Aw+U46Gtu2v7BbeIG5jBCrxvX0+tZ2l3lnHNfF541DzsRlgMjA5HNAFW6vrx + tRsZGsnVk83au4ZbK84+lT6hf3sljOj2DxqyMCxYYHHWn3l7ZtqunyLPGVTz + dxDDAyvGTnirOp31k+n3CJcRszRsAA4JPH1oAgtdQvltoVXT3YBFAO4c8dap + 2F9eJc3jJZO5eTJAYfKcdDWzZ39itpArXEYIRQQXHHH1qhp17ZpdXzPPGoeU + EEsBkY7c0AVby9vHvrJ2snRkZ9qlhlsjt9Ks32oXz2Vwj2DorRsCxYcDB5pb + +8s31DT3SeNlRn3EMCBle9W9QvrF7C5RLiNmaNwAHBJJB96AKllqF8lnAiWD + uqxqAwYcgDrVWyvrxLy9dLJ3Z2UsoYfLx0Na1hf2KWNsj3EassaAguAQQo96 + p2F5Zpf37vPGqu6FSWAB+XtzQBVvr68e6smeydCjkqCw+Y46Crd3qF89rMra + e6gowJ3DgY60aheWb3lgyTxsEkJYhgcDHfmrt7f2LWc6rcRkmNgAHGScH3oA + z7C/vY7GBEsHdVRQGDDBGOtV7S+vE1C+kWydmcx7lDDK4XjP1rU02+sk0+2R + 7iNWWNQQXAIOPrVayvLNdT1CRp4wrmLaSwwcLzg96AKmoXt5JNZl7J4ykoIB + YfMcdBV241G+a3lVtPdQVYE7l4460zU7yzeexKTxsEmBOGBwMdTzWhdX9i1t + Mq3MZJRgAHX0+tAGXpt/ex2ECR2LyKqgBgwANQ219eLqd5Itk7O4jyu4ZXA4 + z9a0dKvrKPTrdJLiNWCDILgEfrUNreWa6tfSNPGEcRYJYYOAc4OaAKmpX15I + 1oZLJ49k6sMsDuIzxV+XUb8xODp7gEHnctR6reWcj2XlzxttuEJwwOAM8nnp + WlNqFgYXAuYiSp/jX0+tAGNpd9exafBHHYvIqrwwYAHmo4L28XVbmUWTs7Ig + Kbhlcd/xq/o97ZR6ZbpJcRqwXkFwCOfrUVveWY1i7kM8YRkjAO4YOPQ5oAq6 + pe3kotvMsnj2zowywO4jOF/GtF9SvypH9nOOD/EtQaveWci2nlzxttuI2OGB + wBnJPtWq+oWBRgLmLof41/xoAwdIvryLToY4rJ5VAOGDAA8mkivrwatNKLJy + 5jUFNwyBnrVzRL2zi0uCOWeNGAOQWAI5PbNJFeWY1qeUzxhDEgDbhgnPrmgC + pql9eSxQiSyeICZCCWByQen41p/2lqH/AEDpP++lqvrF5ZyQwCOeNiJ4ycMD + gA9eta39o6f/AM/MX/fa/wCNAHPaNe3kOnRRxWTzKN2GDAA/MaFvrwaw8osn + LmEDZuGQN3XNWtCvLOLS4Y5Z40YbshmAP3j2JoS8sxrkkvnx7DABu3DGd3TN + AFXVr28ltlWSyeICRDksDyD0/GtP+0tQ/wCgdJ/30tVtavLOW0RY543IlQ4D + A8A/Wtf+0dP/AOfmL/vtf8aAOe0i+vIrJUisnlXc3zBgByT60fbrz+2fO+xP + v+z7dm4Zxvzuz+lW9EvLOLT1SWeNG3PwWAP3jSfbbP8At3zfPj2fZtu7cMZ3 + 5xnPWgCrq99eS2RSWyeJdyncWB6EVp/2lqH/AEDpP++lqvrd5Zy2BSKeN23p + wGBP3h71rf2jp/8Az8xf99r/AI0Ac9pN9eRWpWOyeUb3OQwHJPT8KGvbz+2E + m+xPvEJGzcM43dc1b0W8s4rNlknjQ+Y5wWA4J+tI15Z/24kvnx7BARu3DGd3 + TOaAKusXt5Np0sctk8SkrliwIHzCtP8AtLUP+gdJ/wB9LVbXbyzl0uWOKeN2 + JXAVgT94dhWv/aOn/wDPzF/32v8AjQBz2lX15FDKI7J5QZXJIYDBJ6fhRJfX + h1aGU2ThxEwCbhkjPXNW9HvLOOCYSTxoTNIRlgOCevWiW8szrUEonjKCJgW3 + DAOemc0AVdXvryXTpo5bJ4lIGWLAgcitFdSv8D/iXSf99LUOt3tnLpc8cU8b + sQMAMCT8w7ZrUXULDaP9Ji6f31/xoA5/S768iW5Edk8m6d2OGAwT1H4UTXt4 + 2q20psnDqjgJuGTnv+FW9IvLONLrzJ413XEhGWAyDjBHPSkuLyzOs2sonjKL + G4LbhgE+poAg1W+vZdPnjksXiVhyxYEDmrsWo34jQDT3IAHO5abrF7ZyaZcJ + HPG7FeAHBJ5+tX4tQsBEgNzECFH8a+n1oAwtNvryNrvy7J5N87scMBtJxx+F + FxfXjanZyNZOroJMJuGWyOfyq3pV5Zxte+ZPGu64dhlgMg45HtRdXlm2rWMi + zxlEWXJDDAyOMnNAEOpX97JYTpJYvGrKQWLDAqzBqN+sEajT3YBQM7l54p+r + X1lJptwkdxGzFDgBwSf1q1bX9gtvEDcxghV43r6fWgDE0+9vI5rwpZPIXlJI + DD5TjoaLu9vH1GxkaydWTzNq7hlsrzj6Va0y8s45r4vPGoeYkZYDIx1HNF7e + Wbapp8izxlU83cQwwMrxk54oAZqF/eyWM6PYPGrIwLFhgDHWpbXUL5bWFV09 + 2ARQDuHPHWp9TvrJ9PuES4jZmjYABwSePrUtnf2K2cCtcRgiNQQXGQcfWgDH + sb68S5vGSydy8gJAYfKcdDReX1497ZO9k6MjPtUsMtle30q1p17Zpd37PPGo + eQEEsBkY7c0t9eWb6hp7pPGVRn3EMMDK96AG32oXz2Vwj2DorRuCxYcAg8/h + S2WoXyWcCJYO6rGoDBhyAOtXNQv7F7C5RLiNmaJwAHBJJU+9Fhf2KWNsj3Ea + ssaAguAQQo96AMmyvbxL29dLJ3Z2XcoYfLgd/rRfXt491ZM9k6FJCVBYfMcd + BVqwvLNL/UHeeNVdk2ksAD8vbmjUbyze7sGSeNgkhLEMDgY780AOutQvmtZl + bT3UFGBO4ccdai0+/vY7GBEsHdVRQGDDBGOtaN5f2LWc6rcRkmNgAHGScfWo + tMvrJNPtke4jVljUEFwCDj60AZlpfXi6jfSLZOzP5e5dwyuF4z9aNQvrySaz + L2TxlJQQCw+Y46CrdneWa6pqEjTxhXMW0lhg4XnBzzRqd5ZvPYlJ42CTAnDA + 4GDyeaAHXGo37QSK2nuoKkE7l44qvpt/ex2ECR2LyKqgBgwwa1bm/sGtpVW5 + jJKNgb19PrVbSb6yj023SS4jVggyC4BH60AZ1te3i6neSrZOzuI8puGVwOM/ + WjUr28ka0Mlk8eydGGWHzEZ4/GrVreWa6vfSNPGEcRYJYYOBzg5o1W8s5Gsv + LnjbbcIThgcAZ5PPSgCaXUb8xuDp7gEHnctUtLvryLT4I47F5VC8MGAB5ral + 1CwMTgXMRJU/xr6fWqGj3tnHplukk8aMF5BcAjn60AUYb68XVLmUWTl2RAU3 + DIx3/GjVL28lW2Elk8e2dGGWHJGcD8at295ZjWLuQzxhGSMA7hg49DSaveWc + i2vlzxttuIycMDgDOSeelAFhtSvypH9nSdP7y1naRfXkWnQxxWTyqAcMGAB5 + NbzahYbT/pMXT++v+NZmiXtnFpcEcs8aMAcgsAR8x7ZoApx314NWmlFk5cxq + Cm4ZAz1zRqt9eSwxCSyeICVCCWByQen41aivLMa1PKZ4whiUBtwwTn1zS6xe + WckEIjnjciaMnDA8A9etAFj+0tQ/6B0n/fS1maPfXkOnRRxWTyqN2GDAA/Mf + Wuh/tHT/APn5i/77X/GsnQryzi0uGOWeNGBbIZgD949iaAKi315/bDy/Yn3m + EDZuGcbuuaNWvryW2VZLJ4gJEOSwPIPT8atreWf9uPL58ewwAbtwxnd0zSa1 + e2ctoixzxufMQ4DA8A/WgCz/AGlqH/QOk/76WvnPxQSdWfIx8o/rX01/aOn/ + APPzF/32v+NfM3ikg6s+Dn5R/M0FRPQ/AFxPBaxtDbtMfLkGAQOPMznn8q7X + V768lsmSWyeJdy/MWBHDCuQ+Hc8ENvE00ioPKkGWIHPmZxzXda3eWcunskU8 + btuTgMCfvCgTLH9pah/0DpP++lrM0m+vIrZljsnlHmOchgOSen4V0P8AaOn/ + APPzF/32v+NZGi3tnFaOsk8aHzHOCwHBP1oEVWvbw6wk32Jw4hI2bhkjd1zR + rF9eTadLHLZPEp25YsCB8w9KtPeWZ1yOXz49ggI3bhjO7pmjXb2zl0uaOKeN + 2JXADAn7w7ZoAs/2lqH/AEDpP++lrM0q9vIoZhHZPKDK5JDAYJPT8K6H+0dP + /wCfmL/vtf8AGsjRryzihnEk8aEzSEZYDgnr1oAqy314dWhlNk4cRsAm4ZIz + 1pdXvryXTpo5bJ4lIGWLAgcirUt5ZnWoJRPGUETgtuGAc+uaXW72zl0ueOKe + N2IGAGBJ5HbNAEy6lfhQP7Ok6f3lrN0y+vIlufLsnk3TuxwwG0nqPwrfXULD + aP8ASYun99f8ay9IvLONbvzJ413XEjDLAZBxgj2oAqT314dUtpTZOHVHATcM + nPf8Kfql9eS6fPHJYvEpXliwIHNWLi8szrFpIJ4yipICdwwM+pp+sXtnJplw + kc8bsV4AcEnn60ALFqN+IkA09yABzuWqGm3t5G12Y7J5N87scMBtJxx+FbsO + oWAhQG5iBCj+NfT61maVeWcbXvmTxruuHIywGQccjnpQBVub28bU7OVrJ1dB + JhNwy2Rzj6VNqV/eyWE6SWLxqykFiwIFSXV5Ztq9jIs8ZRBLkhhgZHGTmp9V + vrKTTrhI7iNmKHADgk/rQBHb6jfrBGq6e7AKADuXniqWn315HNeFLJ5C8pJA + YfKcdDW1bX9gttErXMYIRcjevp9aoaZeWaT3xeeNQ8xIywGRgcjmgCpd3t4+ + o2MjWTqyGTau4ZbK84+lT6hf3sljOj2DorIwLFhgDHWn3t5ZtqmnyLPGVQy7 + iGGBleMntVnU76yfT7lEuI2Zo2AAcEk4+tAFe01C+S1hVdPdgEUAhhyMdaqW + N7eJdXrJZO5eQFgGHynHQ1sWV/YrZwK1xGCI1BBcZBwPeqOnXlml3fs88ah5 + AVJYDIx25oAq3t9ePe2TvZOjIzFVLD5sjtVq91C+eznR7B0Vo2BYsOAR1pb+ + 8s3v7B0njZUd9xDAgfL35q3f39i9jcolxGzNG4ADgkkqfegClY6hfJZW6JYO + 6rGgDBhyABz+NVrO+vEvb10sndnZNyhh8uB3+ta2n39ilhbI9xGrLEgILgEE + KPeqljeWaahqDvPGFdk2ksMHC9qAKl/e3j3Nmz2ToUkJUFh8xx0FXLrUL5rW + ZW091BRgTuHHHWm6jeWb3dgyTxsElJYhgcDHfmr15f2LWc6rcRkmNgAHGScf + WgDO0+/vY7GBEsHkVUUBgwweOtQWl7eJqN9Itk7M/l7l3DK4XjP1rT0y+sk0 + +3R7iNWWNQQXAI4+tVrK8s11TUJGnjCv5W0lhg4XnBzzQBV1C+vJJbMvZPGU + mBALD5jg8Ven1G/aCRTp7qCpGdy8cUzU7yzkmsSk8bBJwThgcDB5PNaFzf2D + W8oFzGSVbjevp9aAMnTb+9jsIEjsXkVVADBhg1Fb3t4up3cq2Ts7iPKbhlcD + jP1rR0m+so9Nt0kuI1YIMguAR+tQWt5Zrq97I08YR1iwSwwcDnBzQBV1K9vJ + DaeZZPHsnRhlgdxGfl/GtCXUb8xuDpzgEHnctQ6teWcjWXlzxttuEY4YHAGe + T7Vpy6hYGJwLmIkqf419PrQBi6VfXkWnwxx2Lyqo4YMADzTIb68Gq3EosnLs + iApuGQB3/Gr2jXtnFplukk8aMF5BcAjk9s0yC8sxrF1IZ4wjRoA24YJHvmgC + pqd9eSrbiSyePbOjDLA5I6D8a0m1K/wf+JdJ/wB9LUGr3lnIlr5c8bbbiMnD + A4AzknnpWq2oWG0/6TF0/vr/AI0AYGkX15Fp0McVk8qgHDBgAeTSR3t4NWll + Fk5cxKCm4ZAz1q5ol7ZxaXBHLPGjAHILAEfMe2abFeWY1uaUzxhDCoDbhgnP + TNAFXVb28lhiElk8QEqEEsDkg9PxrT/tLUP+gdJ/30tVtZvLOWCERzxuRNGT + hgeAevWtf+0dP/5+Yv8Avtf8aAOe0e+vIdPjjisnlUFsMGAB+Y0LfXn9sNL9 + ifeYQNm4Zxu65q3od5ZxaZFHLPGjAvkFgD949qFvLP8Atx5fPj2G3A3bhjO7 + pnNAFTVr68ltQslk8Q3oclgeQen41p/2lqH/AEDpP++lqvrV5Zy2arHPG58x + DgMDwD9a1v7R0/8A5+Yv++1/xoA57SL68iswkVk8q7mO4MB1PSj7bef2yJvs + T7/I27Nwzjdndn9KtaJeWcVgElnjRt7nBYA/e+tH2yz/ALeEvnx7Ps23duGM + 784znrQBV1i9vJrFklsniXcvzFgRwRWn/aWof9A6T/vpara5eWcunskU8btu + TgMCfvD0rX/tHT/+fmL/AL7X/GgDntKvryK2dY7J5QZHOQwHJPT8KsQXE8+u + xtNbtAfJYYJB4znPFO0a9s4rV1knjQmVzgsBwT9akFxBNr0bQyLIPIYZUg87 + unFAG/RRRQAUUUUAFFFFABRRRQB//9b92JrGyGs28Qt4wjRuSu0YJHtT9ZsL + GLTJ5IreNHUDBCgEciqctnfjVYIzesZGjch9i8Adse9O1ayv4tOmea+aVABl + SijPI7igDaj03TjGpNrFkgfwCszSbGyl+2eZbxvsuZFGVBwBjAHtU8en6mUU + jUWAwP8AlmtZ+mWd/J9r8q9Me24kVvkU7mGMtz6+lAFm5sbJdXs4lt4wjrIS + u0YOBxkVLq2n2MWm3EkdvGjKvBCgEVRuLO/XVLWNr0s7K+19i/Lgc8d81Jqd + lqEdhO8t80iBeV2KM/iKANaDTdOMEZNrESVH8A9KztLsbKSS9ElvGwSdguVB + wMDgVNDYakYYyuosAVGB5a8cVQ06zv5JLsR3xjKzMG+RTuPHPtQBZu7GyXVb + CNbeMI4l3AKMHCjGR7VPqmn2EenXEkdvGrKhIIUAis+6s79dSso2vWZ383a+ + xRtwvPHfNTajY6hHYzvJftIoQkrsUZHpmgDRtNO09rWFmtoySikkoOTiqOm2 + NlJc3yyW8bBJcKCoOBjoKfbWGpNbRMuoMoKKQPLXgY6VTsLO/e4vFjvShSTD + HYp3HHX2oAs3thZJqNhGlvGqu0m4BRg4XjNWtR06wjsLl0to1ZY3IIQAggVm + Xlnfrf2SPel2cvtbYo24XnjvmrN9Y6illcPJfs6rGxK7FGRjpmgC5Y6dp72V + u720bM0aEkoMkkCqdhY2T3t+j28bKjqFBUEAY7UtnY6i1pAyagyKUUhfLU4G + OlVbKzv3u71UvSjI6hm2Kdxx19qALOoWNkl7YIlvGqu7BgFABGO9XL7TtPSy + uHS2jVljcghBkEA1lX1nfpd2Svel2dyFbYo2nHX3q1eWOopaTs+oM6hGJXy1 + GRjpQBY07T7CSwtne2jZmjUklASTiq1lY2T6lqEb28bKhj2gqMDK84pLCx1F + 7KB479kVkUhdinAx0zVezs79r++RL0o6FNzbFO7K8cdsUAWdSsLKO4sVS3jU + PLhgFAyMdDV+603T1tZmW2jBCMQQg9Kx7+zv0ns1kvS5eXCnYo2nHX3q7c2G + pLbys2oMwCMSPLXkY6UAP0vT7CTTreSS2jZmQEkqCSagtLGybVb+JreMogi2 + gqMDK84HvTNOsdQksYHjv2jUoCF2KcD0zUNrZ37alexrelXQR7n2L82V447Y + oAs6pY2UclkI7eNQ86q2FAyOeDWjPpunCCQi1iBCn+AelYuo2d/G9oJL0yFp + lC/Io2nnn3q/NYakIXLaixAU5HlrzxQAmkWFjLptvJJbxuzLySoJNRW9jZNq + 95E1vGUVIyF2jAyOcCotLstQk0+B4r5okK8KEU4/E1HBZ351S6jW9ZXVULPs + X5sjjj2oAs6tY2UX2Py7eNd9zGpwoGQc5B9q05NM04IxFrF0P8ArD1Ozv4/s + vm3pk3XEar8ijaxzhuPStF9P1MIxOoseD/yzWgCLRrCxl0yCSW3jdmBySoJP + JpkNhZHWbiI28ZRY0IXaMAn2qDSbK/l06F4b5okIOFCKccnuabFZ351WeMXr + CRY0JfYvIPbHtQBZ1ixsoorcxW8aFp4wcKBkE8itY6Zp2P8Aj1i/74FYGqWd + /HHAZb0ygzIACijBPQ8elaf9n6n/ANBJv+/a0AVdDsbKbSoJJreN3O7JKgk/ + Me9CWFkdblhNvHsEKkLtGM7uuKraPZ38umwyQ3rQod2FCKcfMe5oSzvzq8kQ + vWEghBL7F5GemKALOs2NlFbRtFbxoTKgyFA4J6Vrf2Zpv/PrF/3wKwNVs7+O + 3Rpb4ygyIMFFGCTwePStP+z9T/6CTf8AftaAKuiWNlNpySS28bsWfkqCeGNA + sbL+3DD9nj8v7OG27RjO/GcetVtHs7+WwR4b0xLlvlCKf4j3NAs7/wDtgxfb + W8zyAd+xem7pjp70AWdasbKGx3xW8aNvQZCgHk1rf2Zpv/PrF/3wKwNXs7+K + z3zXplXeg2lFHOevHpWn/Z+p/wDQSb/v2tAFXRbGylsy8tvG7eY4yVBOAaDY + WX9uLD9nj8v7OW27RjO7rj1qtpNnfy2haG9MS73GAinkHk8+tBs7/wDthYvt + x8zyCd+xc43dMdKALOt2NlDpskkVvGjApghQDywrW/szTf8An1i/74FYGsWd + /FYSPNfGVAVypRRn5h3Faf8AZ+p/9BJv+/a0AVdHsbKW3laW3jciVwCVB4B4 + FEljZDWoYRbx7DCxK7RjOeuKraVZ38kEjRXpiAlcEBFOSDyefWiSzvxq8URv + SZDExD7FyBnpigCzrlhZQ6XPJFbxo424IUAj5h3rVGmadgf6LF/3wKwdYs7+ + LTZpJr5pkG3KlFGfmHcVpDT9TwP+Jk3/AH7WgCtpFjZSx3Jlt43KzyKMqDgD + oKJ7GyGsW0Qt4wjRuSu0YJHtVbS7O/kS4MV6Ygszg4RTkjqfxoms78arbxm+ + JkZHIfYvAHbHvQBc1mwsYtMnkit40ZQMEKARyK0I9N04xqTaxdB/AKxtVsr+ + LT5nlvmlQAZUoozz6irsen6mUUjUWAwOPLWgCDSbGylN75lvG2y5kUZUHAGM + Ae1eS/E+CC31m1SCNY1NuCQoAGd7eleo6ZZ38hu/KvTHtndW+RTuYYy34+le + U/EqG4g1i2W4nNwxgBBKhcDc3HFBUTY8DW8EnhfUpnjVpElO1iASPlXoa9Xt + 9N09oI2a1jJKjJ2D0ryTwRDcP4b1GWOcpGsh3JtBDfKvfqK9QgsNSMMZXUWU + FRgeWvHFAmRaZYWUkt6JLeNgk7BcqDgYHAovLGyXVdPjW3jCP5u4BRg4UYyP + aq2nWd/JJdiO9aMrMQx2KdxwOfai6s79dSsY3vSzv5u1tijbheeO+aBGjqen + 2Een3Dx20asqMQQoBBxU1ppuntaws1tGSUUklBycVn6jY6hHYzvJftIoQkrs + UZHpmpbaw1JraJl1BlUopA8teBjpQAzTrGykur5Xt42CS4UFQcDHQUX1jZJq + OnxpbxqrtJuAUYOF4zVaws797i8WO9KFJMMdinccdfai8s79L+yR70uzl9rb + FG3C88d80Aaeo6dYR2Fy6W0assbkEIAQQKdY6dp72Nu720bM0aEkoMkkCqd9 + Y6illcPJfs6rGxK7FGRjpmls7HUXs4HTUGRWjUhfLU4BHSgBLCxsnvr9Ht42 + VHUKCoIHy9qNQsLJLywRLeNVeRgwCgAjHeq1lZ373l6qXrIyOoZtinccdfai + +s79LuyV70uzuQp2KNpx196ANa907T0s53S2jDLGxBCDIIFR6bp9hJp9u8lt + GzNGpJKAknFQXdhqK2kzPqDOoRiR5ajIx0plhY6i9jA8d+yKyKQuxTgY6ZoA + WysbJ9S1CN7eMqhj2gqMDK84o1Kxso7ixWO3jUPNhgFAyMdDVa0s79tQvkS9 + KOhj3NsU7srxx2xRqFnfpPZiS9MheXCnYo2nHX3oA2LrTdPW2lZbaMEIxBCD + 0qvpen2EmnW8klvGzMgJJUEmmXFhqS28rNqDMArEjy15GOlQadZahJYQPHft + GpQELsU4HpmgB9pY2TarfxNbxlEEW0FRgZU5wKNUsLKN7IR28a751VsKBkc8 + Gq1tZ37alexrfMroI9zbF+bI447Yo1Gzv43tBJemQtMoX5FG0880AbU+m6cI + ZCLWIEKf4B6VS0iwsZdNt5JbeN2ZeSVBJ5p01hqQicnUWICnjy154qppdlqE + mnwPFfNEhXhQinHPqaAJbexsm1e7ia3jKKkZC7RgZHOBRq1hZRC08u3jTdcR + qcKBkHOQfaq0Fnftql1Gt6VdVTL7F+bPQY9qNTs7+MWvm3rSbp41X5FG1jnD + celAG6+macEYi1i6H+AVm6LYWMumQSS28buwOSVBJ5NTPp+phSTqLHg/8s1q + hpNlfy6dDJDfNEhBwoRTjk9zQBPDY2R1m4iNvGUWJCF2jAJPXFGsWNlFDAYr + eNC08YOFAyCeRVaKzvzqs8QvWEgjUl9i8j0xRqtnfxxQmW9MoMyAAoowSeDx + 6UAb/wDZmm/8+sX/AHwKydCsbKbSoJJreN3O7JZQSfmPerX9n6n/ANBJv+/a + 1maNZ38umwyQ3phQ7sKEU4+Y9zQBZSxsjrckJt4/LEAIXaMZ3dcUazY2UVqj + RW8aEyoMhQOCeRVZLO/OryRC9IkEIJfYvIz0xRqtnfxW6NLetKDIgwUUck8H + j0oA3/7M03/n1i/74FZOiWNlNp6PLbxuxZ+SoJ4Y1a/s/U/+gk3/AH7WszSL + O/lsVeG+MS7m+UIp/iPc0Acj8QoLe3tZ0hiWMeVGQFAHPmdfyrzPwuobWIsj + OAf8K9B+IUVxBbsk9wZ2KpyVC8bjxx+dcF4URm1X5TjCE/qBQUtj6V/szTf+ + fWL/AL4FZOi2NlLZl5beN28xxkqCcA1a/s/U/wDoJN/37WszSbO/ltS0N6Yl + 3uMBFPIPJ59aCSy1jZf24kP2ePyzbltu0Yzu64o1yxsodNlkht40YFcEKAeW + FVms7/8AthYvtp8zyCd+xc43dMdKNYs7+LT5HmvTMgK5Uooz8w7igDf/ALM0 + 3/n1i/74FZOj2FlLBK0tvG5E0gBKg8A8CrX9n6n/ANBJv+/a1maVZ38kMpiv + TEBK4ICKckHk8+tAFmSwshrUMQt49hhYldoxnPXFLrdhZQ6XPJFbxo4C4IUA + j5hVWSzvxq0URvSZDExD7F4GemKXWLO/i06aSa+aVBjKlFGeR3FAG6umadtH + +ixdP7grK0ixspUuTLbxvtuJFGVBwBjAqyNP1PA/4mTf9+1rN0uzv5EuDFem + LbO4OEU5I6nn1oAsz2NkNYtohbxhGjcldowSPan6xYWMWmTyRW8aMq8EKARy + KpzWd+NVt42vSXZHIfYvAHUY96fqtlfx6fM8t80qAcqUUZ59RQBsxabpxiQm + 1iJIH8ArM0qxspDe+ZbxtsuJFGVBwBjAHtU8en6mY1I1FgCBx5a1n6bZ38hu + /KvWj2zurfIp3MMZb8aALNzY2S6tZRLbxhHWTKhRg4HGRU2rafYxadcSR28a + sqkghQCKoXFnfrqdpG18Wdlk2vsX5cDnj3qXU7LUI7Cd5b9pECnKlFGfxoA1 + LfTdPa3iZraMkqpJ2D0rP0yxspJr0SW8bBJ2C5UHAwOBUsFhqTQRldRZQVGB + 5a8cVR06zv5JbwR3pjKzEMdinccdfagCzeWNkmqafGtvGEfzdwCjBwvGfpVj + U9PsI9PuHjto1ZUYghACDis66s79dRsY3vSzv5u1tijbheeO+an1Cx1BLGd5 + L9pFCMSuxRkY6ZoA0LTTtPa0hZraMkopJKDk4qjp1jZSXV8r28bBJcKCoOBj + oKfa2GpNbQsmoMqlFIHlqcDHSqdhZ373N4sd6yFJMMdinccdfagCzfWNkmoW + CJbxqrs+4BRg4XvVrUNOsEsLl0to1ZY3IIQAggGsy8s79L6yR70uzs+1tijb + gc8d81ZvrHUUsrh31BnVY2JXy1GRg8UAW7DTrB7G3d7aNmaNCSUGSSBVSwsb + J76/R7eNlR0CgqMDK9qWysdRezgdNQZFaNSF8tTgEdPwqrZWd+95eol6UZGX + c2xTu46+1AFnULGyS7sVS3jUPIQwCgAjHert7p2npZzuttGGWNiCEGQQKyb6 + zv0urJZL4uzuQp2KNpx196t3dhqS2szPqDOoRiR5ajIx0oAn03T7CTT7d3to + 2Zo1JJQEk4qtZWNk+p6hG1vGVQxbQVGBlecCksLHUXsYHjv2RWRSF2KcDHTN + V7Szv21C+RL1kdDHubYp3ZXjjtigCzqdjZRz2Ijt41DzAMAoGRjoav3Wm6et + tKy20YIRiDsHpWPqFnfpNZiS9MheUBTsUbTjr71duLDUlt5WbUGYBWJHlryM + dKAHaVp9hJp1vJJbxszICSVBJqG1sLJtWvomt4yiCLaCowMjnApmm2WoSWED + xX7RqVGF2Kce2ahtrO/bU7yNb1ldRHufYvzZHHHbFAFnVLGyjeyEdvGu+4RW + woGQc8H2rSm03ThC5FrECFP8A9KxNSs7+NrQSXxk3TqF+RRtPPP4VflsNTET + k6ixAB48tfSgBukWFjLptvJLbxuzLySoJPNR29jZNrF3E1vGUVIyF2jAJ64F + RaXZahJp8DxXzRIV4UIpxz6mo4LO/Oq3Ma3rLIqIS+xfmB6DHtQBZ1exsolt + PLt403XEanCgZBzkH2rUfTNOCMRaxdD/AACsLU7O/jFt5t6Zd06AfIo2sc4b + 8K0X0/UwpJ1Fjwf+Wa0AQ6LYWM2lwSS28buwOSVBJ5NNisbI6zPEbeMosSkL + tGASeuKr6RZX8unQyQ3zRIQcKEU45Pc0kVnfnVpohesJBGpL7F5GemKALOsW + FlFDAYreNCZowcKBkE8itb+zNN/59Yv++BWBqlnfxxQmW9aUGZABsUYJPB49 + K0/7P1P/AKCTf9+1oAq6FY2U2lwyTW8bud2Sygn7xoSxsjrckJt4/LEAO3aM + Z3dcVW0azv5dOikhvTCh3YUIpx8x7mhbO/OsPEL1hIIQd+xeRu6Y6UAWdZsb + KK1RoreNCZEGQoHBNa39mab/AM+sX/fArA1azv4rZWmvTKpkQYKKOSeDx6Vp + /wBn6n/0Em/79rQBV0SwsprBXlt43bc/JUE8MaPsNl/bvk/Z4/L+zbtu0Yzv + xnHrVbSLO/lsleG9aJdzfKEU9Ce5o+x3/wDbPlfbW8z7Pu37Fzt34246dec0 + AWdasLKKwLxW8aNvQZCgHlhWt/Zmm/8APrF/3wKwNXs7+KyLzXrSruUbSijq + Rzx6Vp/2fqf/AEEm/wC/a0AVdGsbKW0ZpbeN28xxkqDwDQ1jZf24kP2ePyzA + W27RjO7riq2k2d/Las0N60S73GAinkHk8+tDWd//AGwkRvT5hhJ37Fzjd0x0 + oAs65Y2UOmSyQ28aOCuCFAPLCtb+zNN/59Yv++BWBrFnfxadLJNemZAVypRR + n5h3Faf9n6n/ANBJv+/a0AVdHsbKWCYy28bkTSAZUHAB4FEtjZDWoYhbxhDE + xK7RgnPXFVtKs7+SGUxXrRASuCNinJB5PPrRJZ341aGI3pMhiYh9i8DPTFAF + rW7Cxh0ueSK3jRwBghQCPmFai6Zp20f6LF0/uCsLV7O/i06aSa+aVABlSijP + I7itFdP1PaP+Jk3/AH7WgCtpFhZSpdGS3jfbcSKMqDgDoB7UT2NkusWsQt4w + jI5K7Rgke1VtMs7+RbkxXrR7Z3B+RTkjqefWiazvxqttG16TIyOQ+xflA6jH + vQBd1iwsYtNuJIreNGVeCFAI5q9FpunGJCbWIkqP4B6Vj6rZahHp87y3zSoB + ypRRnn1FXYrDUzGhGosAQOPLWgCDSrGyka98y3jbZcOoyoOAMcD2ourCyXVr + KJbeMI6y7lCjBwOMiq2m2d/I135V60e2dw3yKdxGMn8aLizv11Ozja9LOwk2 + vsX5cDnjvmgC/qun2MenXEkdvGrKhIIUAirVvpuntbxM1tGSVUk7B6Vl6lZa + hHYTvLftIgU5XYoz+NWYLDUjBGV1FlBUYHlrxxQBFpljZSTXwkt42CTELlQc + DHQUXljZJqmnxrbxhH83cAowcLxmq2n2d/JLeCO9MZWUhjsU7jjr7UXdnfrq + NjG96Wd/M2tsUbcLzx3zQBo6np9hHp9w8dtGrKjEEIAQcVLZ6dp72kDNbRkl + FJJQcnFUNQsdQSxneS/aRVRiV2KMjHTNS2thqTWsLJqDKpRSB5anAx0oAZp9 + jZPd3yvbxsEkAUFQcDHai+sLJL+wRLeNVdn3AKMHC96rWNnfvc3ix3rIySAM + dinccdfai8s79L2yR71nZ2fa2xRtwvp3zQBqahp1glhcultGrLG5BCAEEKaL + DTrB7G3d7aNmaNCSUGSSBVS+sdRSyuHfUGdVjclfLUZAB4/GlsrHUXs4HTUG + RWjUhfLU4BHSgBLCxsnv79Ht42VGQKCowMr2o1Gxso7uxVLeNVeQhgFAyMd6 + rWVnfve3qJelGRl3NsU7sj07YovrO/S6slkvS7PIQp2KNpx196ANa807T0tJ + 2W2jBCMQQgyDio9N0+wk0+3eS2jZmjUklASTiobqw1JbWZn1BmUIxI8tRkY6 + VFp9jqL2MDx37RqyKQuxTgY6ZoAdZ2Nk+p6hG1vGUQxbQVGBlecUalY2Uc9i + I7eNQ8wDYUDIweDVa0s79tRvo0vWV08vc2xTuyvHHbFGoWd+k1mJL1pC0oCn + Yo2nHX3oA2bnTdPW2lZbaMEIxB2D0qrpWn2MmnW8klvGzMgJJUEmm3FhqSwS + M2oswCnI8teeKr6bZahJYQPFftGpUYUIpx+NAElrY2TatfRNbxlEEW1SowMj + nAo1Wxso2shHbxrvuEVsKBkHPB9qrW1nftqd5Gt6VdBHufYvzZHHHbFGpWd/ + G1oJb0ybp0C/Io2k5598UAbcum6cInItYgQp/gHpVHR7Cxl023klt43Zl5JU + Enmny2GpiNydRYgA8eWtUtKstQk0+B4r5okI4UIpxz6mgCaCwsm1i6iNvGUV + EIXaMAnrgUavY2US2pit403XEanCgZBzkH2qtDZ351S5jW9KuqIS+xfmB6DH + tRqlnfxrbGW9Mu6dAPkUbSc4P4UAbraZp20/6LF0/uCszRLCxm0uCSW3jdyD + klQSfmNWG0/U9pzqTdP+ea1naRZ38unQyQ3zRIQcKEU45Pc0AWIrGyOtTxG3 + jKCJSF2jAOeuKNYsbKKCExW8aEzRg4UDIJ5FVo7O/OrTRC9IkESkvsXkZ6Yo + 1Szv44YjLetKDKgAKKMEng8elAG//Zmm/wDPrF/3wKydDsbKbTIZJreN3JbJ + KgnhjVr+z9T/AOgk3/ftazNHs7+XTopIb1oUO7ChFOPmPc0AWVsbI628P2eP + yxADt2jGd3XFGs2NlFaK0VvGhMiDIUDgmqy2d/8A2w8Qvj5ghB37Fzjd0x0o + 1azv4rZWmvWlUyIMFFHJPB49KAN/+zNN/wCfWL/vgV80eKQBqz4GPlH8zX0X + /Z+p/wDQSb/v2teNap4O1/WLs3tjEssTfKCXVeVJB4JoGjovh5bW89tEs0Sy + DypDhgDz5mM8+1dzrdhZQ2DPFbxo25OQoB5YVyXhTQ9W0wpp9xL9lnETP8u1 + 8KX6enPWuk1ezv4rJnmvWlXcvylFH8Q7igGb/wDZmm/8+sX/AHwKydGsbKW0 + ZpbeNyJHGSoPANWv7P1P/oJN/wB+1rM0mzv5bZmhvWiXzHGAinkHk8+tAiy9 + jZDW44Rbx+WYCdu0Yzu64o1ywsodMmkit40cbcFVAPLDvVZrO/GsJEb0mQwk + 79i5A3dMdKNYs7+LTpXmvWmQbcqUUZ+YdxQBv/2Zpv8Az6xf98CsnR7Gylhn + MtvG5E0gGVBwAeBVr+z9T/6CTf8AftazNKs7+SKYxXpiAlcEBFOSDyefWgCz + LY2Q1mCIW8YRomJXaMEg9cU7WrCxi0ueSK3jR1AwQoBHIqpLZ341aGI3xMhj + Yh9i8DPTFLq9lfxadNJNfNKgAypRRnkdxQBuLpmnbR/osXT+4Ky9JsbKVbvz + LeN9txIoyoOAMYA9qsrp+p7RjUm6f881rN0yzv5FufKvmj2zuD8incR1bn1o + Asz2NkusWsQt4wjJISu0YJHTIqTWLCxi024kit40ZV4IUAjmqU1nfjVLaNr0 + s7I5D7F+UDqMe9P1Wy1CPT53lvmlQDlSijPPqKANiHTdOMKE2sRJUfwD0rN0 + qxspGvfMt422XDquVBwBjge1TRWGpmJCNRYAgceWvpVDTbO/ka7EV6Y9s7hv + kU7iMc+2aALN1Y2S6tYxLbxhHEu5QowcDjIqbVdPsI9OuJI7eNWVCQQoBFUL + mzv11Ozja9LOwk2vsX5cDnjvmptSstQjsJ3lv2kUKcrsUZ9s0AadtpuntbRM + 1tGSUUk7B6Vn6bY2Uk98JLeNgkxC5UHAwOBUlvYak0EbLqLKCowPLXjiqWn2 + d+814I71oyspDHYp3HHX2oAs3tjZJqenxpbxhHMu4BRg4XjNWdS0+wj0+4eO + 2jVljYghACDis27s79dRsY3vS7uZNrbFG3C88d81PqFjqKWM7yX7SKqMSuxR + kY6ZoAv2Wnae9nA7W0ZZo1JJQZJIqlp1jZPd36vbxsEkAUFQcDHanWlhqTWs + LJqDIpRSB5anAx0qpY2d+91erHelGSQBjsU7jjr7UAWb+wskv7BEt41V3cMA + owcL3q3f6dYJY3DpbRqyxuQQgyCAay72zv0vbJHvWdnZgrbFG3jr71avbHUU + s53fUGdVjYlfLUZAHSgC1p+nWD2Fs720bM0aEkoCSSoqpY2Fk9/fo9vGyoyb + QVGBle1FjY6i9lbumoMitGhC+WpwCBx+FVrOzv3vb1EvWRkZNzbFO7I447Yo + As6jY2Ud1YqlvGoeQhgFAyMd6u3mnaelpOy20YIRiCEHBxWTf2d+lzZrJel2 + eQhTsUbTjr71curDUltZmfUGZQjEjy1GRjpQBLpmn2Emn27yW0bMyKSSgJJx + VezsbJ9U1CNreMonlbQVGBlecU3T7HUHsYHjv2jVkUhdinAx0zUFpZ37ajfR + pelXTy9zbFO7K8cdsUAWdTsLKOayEdvGoeYBsKBkYPBrQuNN09beVltowQrE + HYPSsbULO/SWzEl60haYBTsUbTg8+9Xp7DUhBIW1FmAU5HlrzxQAulafYyad + bySW8bMyAklQSahtbGybVr2JreMoix7VKjAyOcCo9NstQksIHiv2jQqMLsU4 + /Gorezv21O7jW9Kuoj3PsX5sjjjtigCzqtjZRNZeXbxrvuEVsKBkHOQfatKX + TdOETkWsQIU/wD0rE1Kzv4zaebemTdOgX5FG1jnDfhWhLYamI3J1FiADx5a0 + AR6PYWMumQSS28bsy8kqCTyaZBY2R1i6iNvGUWNCF2jAJ9qh0qyv5NPheK+a + JCOFCKcc+ppkNnfnVbiNb0h1RCX2LyD0GPagCzq9jZRJamO3jTdcRqcKBkHO + R9K1W0zTtp/0WLp/cFYOqWd/GtsZb4ybp0AyijBPQ8elaTafqeD/AMTJv+/a + 0AV9EsLGbS4JJbeN3YHJKgk/Me9JFY2R1qaE28ZQQqQu0YBz1xVfSLO/l06G + SG+aJCDhQinHJ7mkjs786vLEL0iQRKS+xckZ6YoAs6xY2UUEJit40JmjBIUD + gnkVrf2Zpv8Az6xf98CsDVbO/ihiMt6ZQZUABRRgk8Hj0rT/ALP1P/oJN/37 + WgCrodjZTaZFJLbxuxLZJUE8Me9C2Nl/bbw/Z4/LEAbbtGM7uuKraPZ38unx + vDetEhLYUIpx8x7mhbO//thovtp8wQg79i5xu6Y6UAWdZsbKK0VoreND5iDI + UA4JrW/szTf+fWL/AL4FYGrWd/Fahpr4yrvQYKKOSeDx6Vp/2fqf/QSb/v2t + AFXRLGymsQ8tvG7b3GSoJ4aj7DZf26Ifs8fl/Zt23aMZ34zj1qtpFnfy2YeG + 9MS7n+UIp79eaPsd/wD2yIvtp8zyN2/Yudu77uOnvmgCzrdjZQ6ezxW8aNuT + kKAeWFa39mab/wA+sX/fArA1izv4rFnmvTKu5flKKO47itP+z9T/AOgk3/ft + aAKujWNlLau0tvG5ErjJUHgHgVIttbwa9GsESxjyGOFAHO7GeKpaVZ38ts7R + XrRASOMBFPIPJ59asQQXMOuRrcXBnPksclQvGenH50AdLRRRQAUUUUAFFFFA + BRRRQB//1/3Plv7g6rBKbOQMsbAJxk57in6tqFxNp00b2UsQYDLNjA5FWprq + 2OtWziVNoicE7hgU7W7q2k0u4RJkZiBgBgT1FADo9Tugij+z5jwPSs7TL+4i + +17LOSTfcSMcY+UnHyn3FdDHeWgjQGdOg/iFZWkXNsn23fKi7rmQjLAZBxzQ + BTuL+4bVLWU2cisiuApxlsjt9Kl1PULiWwnjeyljDLgscYFT3NzbHWLJxKhV + UkydwwMiptXurV9MuFSZGYrwAwJoAZDqd0IYwLCUgKOeOeKoadf3Ecl4Vs5H + 3zMxxj5Txwfet+3vLQQRgzoCFH8Q9KzdKurZJL4vKi7p2IywGRgc0AUrq/uG + 1KylNnIrJ5uFOMtle30qfUdRuZLGeNrGWMMhBY4wPc1NeXNs2rae4lQqolyd + wwMqOtWNVurV9OuVSZGJQ4AYE0AV7bUrlbaJRYSsAijIxg8dapaff3EdxeMt + nI5eXJAx8vHQ1uWl3aLaQgzICEXjcPSs/TLm2S5vy0qANLkZYcjHagCneX9w + 9/YyGzkUoXwpxlsr2+lWb/UbmSyuEaxlQNGwLHGBkdTUl9c2zalp7LKhVWky + QwwMr3q1qV3atp9yqzISY3AAYc8UAU7PUrlLSBFsZXCooBGMHA61Usr+4S7v + XWzkcu6kgYyvHQ1tWF3aLY26tMgIjQEFh6CqWn3Vst9qDNKgDOuCWHPy9qAK + V9f3El3ZO1nIhR2IBxluOgq3ealcvaTo1jKgZGBJxgZHWl1G5tmvdPZZUIWR + skMOOO9Xr+7tGsbhVmQkxuAAw9DQBnWGo3MdlAi2MrhUUBhjBwOoqtZ39wl/ + fSLZyMXKZUYyuF7/AFrX027tV0+2VpkBEaggsMjiqljc2y6nqLNKgVjHglhg + 4XtQBTv7+4kns2azkQpLkA4+Y46CrtzqV01vKpsJVBRhk4wOKNTurZrmwKyo + Qs2ThhwMd6v3d5aG1mAmQko38Q9KAMrTtRuY7GCNbGWQKgAYYwfcVBa39wup + 3sos5GZxHlRjK4Xv9a1NKu7VNOtleZFIQZBYZqvZ3Nsur6g5lQKwiwdwwcL2 + oAp6jf3Ej2hazkj2TKwzj5iM8D3q/Nqd00MimwlGVPPHHFM1W5tnksdkqNtu + FJwwOBzzWncXloYJAJ0JKn+IelAGJpeoXEWnwRpZSyBV4YYwajgv7hdUupRZ + yMzqgKjGVwO/1rS0e6tU0y3R5kVgvILAGora6thrF45lQKyR4O4YOBQBS1O/ + uJfsu6zkj2XEbDOPmIzwPc1ovqd0UYf2fMOD6VHq9zbP9i2So225jJwwOAM8 + 1qSXln5bfv06H+IUAYOk6hcQ6dDGllLKFBwy4weTTIr+4GqzyizkLNGoKcZG + O5q/ol1bR6Xbo8yKwByCwB6mmw3VsNauXMqbTEgB3DBoAparf3EscAezkj2z + Iw3Y5I7fU1pnVLr/AKB836VBrNzbPFbhJUbE8ZOGB4B61sG8s8f6+P8A76FA + HN6Nf3EOmwxJZySqu75lxg/MaEv7gavJN9jkLGEDZxkDPX6Vd0G5to9JgSSV + FYbsgsAfvGiO5tv7clk81NpgUZ3DGd3rQBS1a/uJbdFezkjAkQ5bGCQen41q + f2pdf9A+b9Kg1q5tpLWMJKjESxnhgeM1r/bbP/nvH/30KAOb0e/uIbBI0s5J + QC3zLjHLGgX9x/bJm+xybvIC7OM43Zz9KuaFc20emoskqKdz8FgD940ourb+ + 3mk81Nv2YDO4Yzv6ZoApavf3E1nsezkiG9DlsY4PStT+1Lr/AKB836VX1y5t + pLHbHKjHenAYHvWx9ts/+e8f/fQoA5vSb+4htCiWcko3ucrjHJ6fhQb+4/th + Zvscm7yCuzjON2c/SruiXVtHZFXlRT5jnBYDvQ11bf26snmpt+zkZ3DGd/TN + AFLWL+4m0+SN7OSIEr8zYwMMK1P7Uuv+gfN+lQa7dW0mmSLHKjMSnAYE/eFa + /wBts/8AnvH/AN9CgDm9Kv7iKCRUs5JAZXOVxwSen4USX9wdXim+xyBhEw2c + ZIz1q7ot1bJbSh5UUmaQ8sBxmkkubY65DIJU2iFhncMZz60AVNYv7ibTZons + 5Ilbb8zYwPmFaQ1S6wP+JfN+lQ67dW0mlTpHKjMduAGBP3hWsLyzwP38f/fQ + oA5zS7+4iS4CWckm6Z2O3HBPY+4omv7g6rbymzkDKjgJxk57irmjXNskdyHl + Rc3EhGWAyOOaWe5tjrNs4lQqI3BO4YFAFXVtQuJtPmjeyljDAZZsYHIq9Hqd + 0EUDT5jwPSk1q6tpNLuESZGYgYAYE9RWjHeWgjQGdOg/iFAHPaZf3ERu9tnJ + JvuHY4x8pOOD7ivKfiVcSXGsWzyQtARABhup+Zua9i0i5tkN7vlRd1zIRlgM + g45ryv4mRS3us2z2aNOotwCYwWGdzccUFRJvBFxJH4a1GFYGdXk5cfdX5V61 + 6jBqd0sMaiwlICjkY54rzrwWjWvhfUoboGGR5CVVxtJG1egNeqW95aC3iBnQ + EKv8Q9KBMwdOv7iOS8K2cj75mJAx8pwOD70XV/cPqVjKbORTH5uFOMtlecfS + rul3Vskt8WlRd07EZYcjAovLm2bVtOdZUKr52TuGBlRjNAiHUdRuZLGeNrGV + AyEFjjA96mttSultolFhKwCKMjGDx1qxql3avp1yqTIxKNgBhnpU9peWgtIQ + ZkBCL/EPSgDDsL+4juLxls5HLyZIGMrx0NF5f3D39jI1nIpRnwpxlsr2+lXN + NubZLq/LSoA0uRlhyMdqL+5tm1LT2WVCqtJkhhgZXvQAy+1G5ksrhGsZUDRs + CxxgZHU0tlqVylnAi2MrhY1AIxg4HWrupXdq2n3KrMhJjcABhzxTrC7tVsbZ + WmQERoCCw9BQBjWV/cJeXrrZyOXdSQMZXA70X1/cPd2TtZyIUckA4y3HQVd0 + +6tlv9QZpUAZ1wSw5+XtRqN1bNe2DLKhCyMSQw4470ANvNSuXtJ0NjKoZGGT + jAyOtMsNRuY7GBFsZXCooDDGDx1FaV9d2jWVwqzISY3AAYehqPTLu1TT7ZWm + QERqCCwz0oAybS/uE1C+kFnIxkMeVGMrhe/1o1C/uJJ7Nms5EKS5AOPmOOgq + 5Y3Nsup6i7SoFYxYJYYOF7Uanc2z3FgVlQhZgThhwMd6AFuNSumt5VNhKoKs + MnHHFQabqFzHYQRrZSyBUADDGDWvdXlobWYCdCSjfxD0qtpV1apptsrzIpCD + ILAGgDLtr+4XU72UWcjM4jyoxlcDv9aNRv7iR7QtZyR7JlYZx8xGeB71dtLq + 2GrX7mVArCLB3DBwpzijVbm2eSx2So224QnDA4GDzQA6bU7oxODYSjKnnj0q + ppeoXEWnwRpZSyBV4YYwea257y0MEgE6ElT/ABD0qjo11bJplujzIrBeQWAP + WgDOgv7hdUupRZyMzqgKDGVx6/WjU7+4lFrus5I9k8bDOPmIzwPc1ctrm2Gs + 3jmVArJHg7hg8Uur3Ns4s9kqNtuYycMDgDPNAEr6ndFGH9nzDg+lZ+kX9xDp + 0MaWUkoUHDLjB5NdA95Z7G/fx9D/ABCszRLq2j0u3R5kVgDkFgD1NAFCK/uB + q08os5CzRqCnGRg9aNVv7iWKEPZyR7ZkILY5I7fU1dhurYa1cOZU2mJADuGM + 5pNZubZ4bcJKjETxk4YHjNAFj+1Lr/oHzfpWXo1/cQ6bDElnJKo3fMuMH5jX + SfbbP/nvH/30Kx9BubaPSYEklRWG7ILAH7xoAppf3A1iSb7HIWMIGzjIGev0 + o1a/uJbZFezkjAkQ5bGOD0/GriXNt/bssnmptMCjO4Yzu9aXWrq2e1QJKjHz + YzwwPGaAJ/7Uuv8AoHzfpWXpF/cQ2KxpZySgM3zLjHLGuk+22f8Az3j/AO+h + WRod1bR6ciySop3PwWAP3jQB5p8RrqSeFGkhaAnYuG68FjmuM8IkjUpCFLYi + 7dvnWu1+KE0cvkGJw4+TkHPTfXIeC8C/uSxx+5H/AKNSgtbHv/8Aal1/0D5v + 0rL0i/uIbQolnJKN7nK4xyeldJ9ts/8AnvH/AN9CsfRLm2jsiskqKfMc4LAd + 6CCm1/cf2ws32OTd5BXZxnG7OfpRrF/cTafJG9nJECV+ZsYGGFXGubb+3kk8 + 1Nn2cjO4Yzu6Zo165tpNMlSOVGYlOAwJ+8KALH9qXX/QPm/SsvSr+4ihlVLO + SQGVzlccEnp+FdJ9ts/+e8f/AH0KyNGurZLeYPKikzSHlgOM0AUpL+4OrxTf + Y5AwiYbOMkZ60usX9xNp00b2ckStj5mxgfMKuS3VsdbhkEqbRCwzuGM59aXX + bq2k0qdI5UZiFwAwJ+8KAJF1S6wP+JfN+lZul39xElwEs5JN07scY4J7H3Fd + Gt5Z7R+/j6f3hWRo9zbIl1vlRc3EhGWAyDjmgCnNf3B1W3lNnIGVHATjJz3F + P1XULiXT5o3spYww5ZsYHNWZ7m2OtWriVCojcE7hgVJrV1bPpdwiTIzFeAGB + PUUAEep3QjUDT5jgD0rP02/uIjd7bOSTfO7HGPlJxwfcV0EV5aCJAZ06D+IV + maTdWyG93you65kIywGQcc0AUri/uG1O0lNnIrIsmFOMtkdvpUup6hcS2E8b + WUsYZcFjjAqxdXVsdXsnEqFVWXJ3DAyKm1e6tX024VJkZihwAwJoAig1K6WC + NRYSsAoGRjniqOnX9xHLeFbOR98xJAx8px0PvW9bXloLeIGdAQi/xD0rN0u5 + tkmvi8qKGnYjLDkYHSgCndX9w+pWMps5FaPzcKcZbK9vpU+oajcyWM8bWMqB + kYFjjA46mpry6tm1XTnWVCq+dk7hgZXjNWNUu7V9OuVWZCTG2AGGelAFa11K + 5S2hUWErAIoyMYPHWqdhf3EdzeMtnI5eTJAxleOhrbs7u0W0gBmQEIvG4elU + dNurZbq/LSoA0uRlhyMdqAKV5f3D31lI1nIhRnwpxlsjt9Ks32o3MllcI1jK + gaNgWOMDI6mn39zbNqOnssqEKz5IYYHy96uajd2rafcqsyEmJwAGHPBoAo2W + o3KWcCLYyuFjUBhjBwOoqrZX9wl5eutnI5dlJUYyuB3rZ0+7tVsLZWmQERIC + Cw4+UVS0+5tlv9QZpUAZ0wSw5+XtQBTvr+4kurJms5EKOSAcZbjoKuXepXL2 + syGwlUMjDJxgZHWl1G5tmvLBllQhZCSQw4471dvbu0azuFWZCTGwADD0NAGb + Yajcx2MCLYyuFRQGGMHjqKr2l/cJqF9ILORmcx5UYyuF7/WtbTLu1TT7ZWmQ + ERqCCwz0qtZXVsuqai7SoFYxYO4YOF7UAUtQv7iSazZrORCkoIBx8xx0FXrj + UrpreVTYSqCrDJxxxTdUubZ7iwKyoQswJww4GO9aN1eWhtZgJ0JKN/EPSgDI + 03ULmOwgjWylkCqAGGMGoba/uF1O8lFnIzOI8qMZXA7/AFrU0m6tU023V5kU + hBkFgDUFpdWw1e/cyoFYRYO4YOFPSgClqV/cSNaFrOSPZOrDOPmIzwPetCXU + 7oxODYTDKnnj0pmrXVs72OyVG23CE4YHA55rSmvLQwyATp90/wAQ9KAMTS9Q + uItPgjSylkCrwwxg81HBf3C6rcyizkLMiAoMZGO5+taOjXVqmmW6PMisF5BY + A9ait7m2Gs3bmVArJHg7hg4oAp6pf3Eotd9nJHtnjYZxyRnge5rSfU7oqR/Z + 8w4PpUOsXNs62eyVG23MZOGBwBnmtZ7yz2N+/j6H+IUAc/pF/cQ6dDGlnJKF + B+ZcYPJpsV/cDVpphZyFmjUbOMjB61f0O6to9Kt0eVFYA5BYA/eNNiubYa3c + SGVNpiQA7hjOfWgClqt/cSxQh7OSPbMhy2OSD0+prU/tS6/6B836VBrNzbPD + AElRiJ4ycMDxmtf7bZ/894/++hQBzejX9xDp0UaWckqjd8y4wfmNC39wNYeb + 7HJuMIXZxnG7r9KuaDc20elQpJKisN3BYA/eNCXNt/bsknmptMAGdwxnd0zQ + BT1a/uJrZVezkiAkQ5bGOD0/GtT+1Lr/AKB836VX1u6tpLRAkqMfNQ4DA962 + Pttn/wA94/8AvoUAc3pF/cQ2SolnJKNzfMuMck0fb7j+2fO+xybvs+3Zxuxv + zn6dqu6HdW0enqryop3PwWAP3jR9ptv7e8zzU2fZsZ3DGd/TNAFLV7+4msij + 2ckQ3IdzYxwRWp/al1/0D5v0qDXLm2ksCscqMd6cBgf4hWv9ts/+e8f/AH0K + AOb0m/uIbVkSzklG9zlcY5PShr+4OsJN9jk3CErs43Y3dfpV3RLq2js2V5UU + +Y5wWA70jXNt/bqSeam37ORncMZ3dM0AU9Zv7ibTpY3s5IgSvzNjAwwrU/tS + 6/6B836VX165tpNLmSOVGYlOAwJ+8K2Pttn/AM94/wDvoUAc3pV/cRQyhLOS + QGVzlccEnp+FEl/cHVoZjZyBhEw2cZIJ61d0a6tkgmDyopM0hGWA4JolurY6 + 3BIJU2iFgTuGM5oAp6vf3E2nTRvZyRKwHzNjA5FaK6pdbR/xL5v0qPXLq2k0 + qdElRmIXADAn7wrVW8s9o/fx9P7woA5zS7+4iW5C2ckm6d2OMcE9j7iia/uG + 1W2lNnIGVHATjJz3H0q7o91bIl1vlRc3EhGWAyDjmkuLm2Os2jiVCojkydww + KAK+q6hcS6fPG9lLGGHLNjA5q5Fqd0I0AsJjgDnil1m6tn0y4RJkZivADAnr + V+G8tBEgM6fdH8Q9KAOf02/uI2u9tnJJvndjjHyk44PuKLm/uG1OzlNnIrIJ + MKcZbI7fSruk3VsjXu+VF3XLkZYDI45ourm2Or2LiVCqrLk7hgZA60AQanqF + zLYTxtZSxhlILHGBViDU7pYI1FhKwCgZGOeKl1a6tX024VJkZihwAwJq3bXl + oLeIGdAQi/xD0oAwdPv7iOa8K2cj75SSBj5TjoaLu/uH1GxkNnIrR+ZhTjLZ + Xt9KuaXc2yT3xeVFDTkjLDkY7UXtzbNqunOsqFV83J3DAyvGaAItQ1G5ksZ4 + 2sZUDIwLHGBx1NS2upXKWsKCwlYKijIxg4HWrOqXdq+nXKrMhJjbADDPSprK + 7tFs4FaZARGoI3D0oAxLG/uI7m8ZbORy8gJAxleOhovL+4e9snazkQoz4U4y + 2R2+lXdOurZbu/LSoA0oIJYc8dqL+6tm1DT2WVCFZ8kMMD5e9ADL7Ubl7K4R + rGVA0bgscYGQeTRZajcpZwItjK4WNQGGMHAHNXtQu7VrC5VZkJMTgAMOflNL + p93arYWytMgIiQEFh/dFAGNZX9wl7eutnI5dlJUYyuB3ov7+4kurJ2s5EKSE + gHGW46Crlhc2y6hqDNKgDOmCWHPy9qNSubZrywZZUIWQkkMOOO9ABdalcvaz + IbCVQyMMnGBkdaj0/UbmOxgjWxlcKigMMYPHUVp3t3aNZzqsyEmNgBuHpUWm + XdqmnWytMgIjUEFhnpQBk2l/cJqN9ILORmfy8qMZXC9/rRqF/cSTWZazkQpK + CAcfMcdBV2yurZdU1F2lQKxiwdwwcLzijU7q2eexKyoQswJww4GDQAtxqV00 + EimwlUFSMnHHFV9N1C4isII1spZAqgBhjBrXuby0NtKBOhJRv4h6VV0m6tU0 + 23V5kVggyCwBoAzLa/uF1O8lFnIzOI8qMZXA7/WjUr+4la03WckeydGGcfMR + nge9XLS5thq9+5lQKwiwdwwcDtRq1zbO9jslRttwhOGBwOeaAJJdTujG4NhM + Mg88VT0rULiLT4I0spZAq8MuMHmtya8tDE4E6fdP8Q9KoaNdWyaZbo8yKwXk + FgD1oAzob+4XVbmUWchZkQFOMjHc/WjVL+4lW232cke2dGGcckZ4Huau291b + DWbtzKgUpHg7hg0msXNs6WmyVGxcRk4YHAGeaAJm1S62n/iXzdPas7SL+4h0 + 6GNLOSVVB+ZcYPJroXvLPaf38fT+8Ky9DuraPSoEklRWAbILAH7xoAox39wN + WmmFnIWaJRs4yMHrRqt/cSwxB7OSMCVDlsckHp+NXIrm2GtzyGVNpiUA7hjO + fWl1m6tnghCSoxE0ZOGB4BoAn/tS6/6B836Vl6Pf3EOnRRpZySqN3zLjByxr + pPttn/z3j/76FZGg3VtHpcKSSorAvwWAP3jQBSW/uBrDzfY5NxhC7OM43dfp + Rq1/cS2yq9nJGBIhy2McHp+NXUurb+3ZJPNTb5AGdwxnd0zRrd1bPaIElRj5 + qHAYHvQBP/al1/0D5v0rL0e/uIbIIlnJKNzHcuMcmuk+22f/AD3j/wC+hWPo + VzbR6eqySop3vwWA/iNAFP7fcf2z532OTd9n27ON2N+c/TtRq9/cTWTI9nJE + Ny/M2McEVd+1W39veZ5qbfs2M7hjO/pmjXLq2k09lSVGO5OAwJ+8KAJ/7Uuv + +gfN+lZek39xFbMqWckgMjnK4xyen4V0n22z/wCe8f8A30KyNEurZLRw8qKf + Nc4LAd6AKTX9wdYSb7HJuEJXZxnG7r9KNYv7ibTpY3s5IlO35mxgYYVce5tv + 7djk81NogIzuGM7umaXXbm2k0uZI5UZiU4DAn7woAn/tS6/6B836Vl6Vf3EU + MwSzkk3Sucrjgk9PwrpPttn/AM94/wDvoVj6Nc2yQTh5UUmeQ8sBxmgCnLf3 + B1aGY2cgZY2GzjJBPWnavf3E2nTRvZSRKwHzNjA5FW5bm2Ot28glTaInBO4Y + zn1p2uXVtJpVwiSozEDADAn7woAeuqXW0f8AEvm6e1ZumX9xEtzts5JN08jH + GOCccH3FdEl5Z7R+/j6f3hWVo91bIt3vlRc3MhGWAyDjmgClPf3DarbSmzkD + KjgJxk57j6VJquoXEunzxvZSxhl5ZsYHNWbi6tjrNo4lQqEkydwwKk1m6tn0 + y4RJkZivADAnrQAkWp3QiQCwmOFHPHpWfpt/cRNd7bOSTfO7HGPlJxwfet+G + 8tBDGDOn3R/EPSszSbm2R77fKi7rhyMsBkcc0AU7m/uG1OzlNnIrIJMKcZbI + 7fSptS1C5ksJ42spYwykFjjAqa7ubY6vYOJUKqJcncMDI71Y1a6tX024VJkY + lDgBgTQBDb6ldLBGosJWAUDIxzxVHT7+4jmvCtnI5eUkgY+U46Gt21vLQW0Q + M6AhF/iHpWfpl1bJPfFpUAaYkZYcjAoApXd/cPqNjIbORTGZMKcZbK9vpVjU + NRuZLGeNrGVAyMCxxgcdTUl7c2zappzrKhVTLk7hgZXvVrU7u1fTrlVmQkxs + AAwz0oAq2mpXKWsKCwlYKijIxg4HWqdjf3Ed1estnI5eQEgYyvHQ1tWV3aLZ + 26tMgIjUEFh6CqOm3Nst5fs0qANICCWHPHagCne39w97ZO1nIhRmIU4y2R2q + 1e6jcvZzo1jKgaNgWOMDI6mn39zbNf6eyyoQrvkhhx8vermoXdq1hcqsyEmJ + wAGHPymgChY6jcpZW6LYyuFjQBhjBwByKq2d/cJe3rrZyOXZMqMZXA7/AFrY + 0+7tVsLZWmQERICCw4+UVUsLq2XUNQZpUAZkwSwwfl7UAUr+/uJLmyZrORCk + hIBxluOgq5dalcvazIbCVQyMMnGBkdaNSurZruwKyoQspJIYccd6v3t3aNZz + qsyEmNgBuHpQBl6fqNzHYwRrYyuFRQGGMHjqKgtL+4TUb6QWcjNJ5eVGMrhe + /wBa1dLu7VNOtlaZARGuQWGelVrK5tl1XUXaVAreVg7hg4XnFAFPUL+4klsy + 1nImyYEA4+Y46D3q9Pqd00EimwlUFSMnHHFJqlzbPNYlJUYLOCcMOBg9a0bm + 8tDbygToSUb+IelAGPpmoXMVhBGtlLIFUAMMYNQ29/cLqd3KLORmdY8qMZXA + 7/WtPSbq1TTbdXmRWCDILAGoLW5thrF85lQKyxYO4YOB2oAp6nf3EptN1nJH + snRhnHzEZ4Hua0JdTujG4NhMMg88VHq1zbO1lslRttzGThgcDnmtSa8tDE4E + 6fdP8Q9KAMLStQuItPhjSylkCjhlxg80yG/uF1W4lFnIWZEBTjIx3P1rQ0W6 + tk0u3R5kVgvILAHqaZBdWw1m6cyoFMaAHcMGgClql/cSrbB7OSPbOjDOOSOw + 9zWk2qXW0/8AEvm/SotYurZ0tdkqNi4jJwwOAM81rNeWe0/v4+n94UAc7pF/ + cQ6dDGlnJKqg/MuMHk0kd/cDV5phZyFjEo2cZAz1q9od1bR6VAjyorANkFgD + 9402K5thrk8hlTaYVGdwxnPrQBT1W/uJYYlezkjAlQ5bHJB6fjWp/al1/wBA + +b9Kr61c2z28ISVGImjPDA8ZrY+22f8Az3j/AO+hQBzej39xDp8caWckqgt8 + y4wcsaFv7j+2Gm+xybjCF2cZxu6/SruhXVtHpcSSSorAvwWAP3jQtzbf268n + mpt+zgZ3DGd3TNAFLVr+4mtQr2ckQ3octjHB6Vqf2pdf9A+b9Kg1u5tpLNVS + VGPmIcBge9a/22z/AOe8f/fQoA5vSL+4hswiWcko3Mdy4xyaPt9x/bIm+xyb + vs+3Zxuxuzn6dquaHc20dgFklRTvfgsB/EaPtNt/b4k81Nn2bGdwxnf0zQBT + 1i/uJrFo3s5IgWX5mxjgitT+1Lr/AKB836VX125tpNOZY5UY7k4DAn7wrY+2 + 2f8Az3j/AO+hQBzek39xFbOqWckgMjnK4xyen4VYguZbjXY2kgeE+Sww2Omc + 5qXRbq2S1cPKinzZDywHGad50UuvRmJ1ceQw4IPO6gDeooooAKKKKACiiigA + ooooA//Q/dabTrEaxbwiBAjRuSuOCRT9Z06wh0yeWK3RHUDBAGRyKqy2upDV + YI2vsymNyH8peB3GOnNO1a11OPTpnnvvNQAZXylXPI7igDYj0rTTGpNtHkgf + wiszStPsZftnmwI2y5kVcgcKMYFWY7LWCikalgYH/LFaz9MtdSf7X5N95e24 + kDfu1O5hjLc9M+lAE9zp1iurWcKwIEdZCVwMHA4qXVtNsItOuJIrdFZVyCAM + iqdxa6kNUtUa+3SMr7X8tRtAHPHfNSanaaolhO81/wCagXlfKUZH1FAGnBpW + mtBGxtoySo/hHpWfpmnWMsl6JIEYJOyrkdAAOBViGy1cwxldR2gqMDyV44qh + p1rqTyXYivvLKzMGPlqdzcc89PpQBPd6dYpqlhEsCBJPN3DHBwvGan1PTdPi + 0+4kjt0VlQkEAZBqjdWupLqVkj326RvN2v5SjbheeO+am1G01RLGdpb/AMxA + hyvlKMj0zQBftdL057WF2tkJZFJO0dSKo6dp1jJc3yyQIwSXCggcDHQVLbWe + rNbRMmo7VKLgeUpwMdKp2FrqT3F4Ir7y2WTDHy1O446+1AE97p1imo2EaQIF + kMm4AcHC8Zq1qGmafHYXEiW6KyxsQQBkECs68tdSW/skkvt7sX2N5ajbheeO + +as31nqq2Vw0uob0EbEr5SjIxyM9qALVlpenPZW7vbIWaNCSQOSRVOw06xkv + b5HgRljdQoI6DHan2dnqzWkDR6hsUopC+UpwMcDNVbK11Jru9WO+2Mrruby1 + O44647UAT3+n2Md5YokCKsjsGAA5GO9XL3S9OSyuHS2QMsbkEAcECsy+tdSW + 7slkvt7M7bW8tRtOOuO9Wryz1ZbSdpNQ3qEYlfKUZGORmgCbTtM0+Swt5JLd + GZo1JJAySRVay06xfUb+N4EKxmPaCOBlecUthaaq9lA0WobEKKQvlKcDHTPe + q9na6k1/fJHfbHUpvby1O7K8cdsUAT6jp1jHcWSxwIoeXDADqMdDV660vTlt + pmW2QEIxB2jrisq/tdSSezEt95haXCny1G046+9Xbmz1YW8pfUdyhGyPKUZG + OlAC6Zpuny6fbySW6MzICSQMk1BaadYvqt/E0CFIxFtGBgZXnFJp1pqj2MDR + X/loUGF8pTgemTUNra6k2pXqJfbZFEe5/KU7srxx2xQBPqmnWMUlkI4EUPOq + tgDkHPBrQn0rTVgkYW0YIU/wj0rI1G11JHtBNfeYWmUL+7UbW5weOv0q/NZa + uIXLajkBTkeSvPFADNJ02wm063klt0ZmXJJAyait9OsW1a7haBCiLGQMcDI5 + pml2mqPp8Dw3/lIV4XylbH4mo4LXUjql0i322RVTc/lqdwI447YoAn1XTrGL + 7H5cCLvuY1bA6qc5FacmlaaEYi2j6H+EVi6na6kn2Xzr7zN1xGF/dqNrHOG4 + 649K0XstYCMTqWRg/wDLFaAING06wm0yCWW3R3YHJIGTyaZDp1idYuITAhRY + 0IXHAJqLSbXU5NOheC+8pCDhfKVscnuabFa6kdVnjW+xII0Jfyl5HYY6UAT6 + vp9jDFbmKBELTxqcAcg9RWqdJ0zH/HrH/wB8isPVLXUo44DPfeaDMgA8tVwx + 6Hjrj0rT+xax/wBBL/yCtAFPQ9OsZ9LglmgR3bdkkAk4Y0Jp1idalhMCeWIV + YLjjO7rUGjWupSabC9vfeTGd2F8tWx8x7mhLXUv7XkjF9iUQgl/LXkZ6Y6fj + QBPrGnWMNtG0UCITKgyAOhPIrW/snTP+fWP/AL5FYWq2upR26Ge+81TIgA8t + Vwc8Hj0rT+xax/0Ev/IK0AU9E06xn09JJoEdiz8kDPDGgadY/wBtmDyE8v7O + G244zvxmoNHtdSksUe3vvJTLfL5at/Ec8mgWup/2wY/t373yAd/lL93d93HT + rzmgCfWtOsYbLfFAiNvQZA7E1rf2Tpn/AD6x/wDfIrC1e11KOz3T33mrvT5f + KVec8HI9K0/sWsf9BL/yCtAFPRtOsZrMvLAjt5jjJA6A0HTrH+21g8hPL+zl + tuOM7sZqDSbXUpLQtBfeUu9xt8pW5zycn1oNrqX9sLH9u/e+QTv8tfu7umOn + XvQBPrenWMGnSSQwIjApggYPLAVrf2Tpn/PrH/3yKwtYtdSjsJHnvvOQFcr5 + arn5hjkVp/YtY/6CX/kFaAKej6dYzW8rSwI5ErgEjsDwKJNOsRrUMIgTyzCx + K44znrUGlWupSQSGC+8pRK4I8pWyQeTz60SWupDV4ozfZlMTEP5S8DPTHT8a + ALGt6dYwaXPLDAiOu3BAAI+YVqDSdMwP9Fj/AO+RWHrFrqcemzPcX3nRjblf + KVc/MO4rSFlrGB/xMv8AyCtAFTSNOsZo7gywI5WeRRkDgDoKJtOsV1i2hECB + GjclcDBIqDS7XUnS4MF95QEzg/u1bLDqeemfSia11IarbxtfZkKOVfy14HcY + 6HNAFrWNOsIdNnlit0R1AwQBkcitCPStNMak20fIH8IrI1W11OPT5nnvvNQA + ZXylXPPqKux2WsFFI1HAwOPJWgCtpWnWMpvPMgRtlxIq5HRRjAFFzp9iurWc + KwIEdZNwwMHA4qDTLXUnN35N95e24cN+6U7mGMtz0z6UXFrqQ1S0R77dIyyb + X8tRtwOeO+aALmrabYRadcSRW6KyrkEAZFW7fStNaCNmtoySoJ+UelZmp2mq + JYTvNf8AmIF5XylGfxFWoLPVzDGV1HaCowPJXgYoAg0zTrGWW9EkCMEnZVyB + wMDgUXenWKapYRLAgSTzdwxwcKMZ+lQada6k8l4Ir7yyszBj5Snc2Bzz0+lF + 1a6kupWKPfbpG83Y3lqNuF5475oAv6npmnxafcSR26KyoxBAGQcVNaaXpz2s + LNbISUUk7R1xVHUbTVUsZ2lv/MQIcr5SjI9M1LbWerNbRMmobVKLgeUpwMdM + 0ARadp1jJc3yyQIwSXCgjoMdqL7TrFNQsI0gRVkZ9wAGDheM1BYWupPcXgiv + vLZZMMfLU7jjr7UXlrqS31kkl9vdi+xvLUbcLzx3zQBo6hpmnx2FxIluissb + EEAZBApbHTNOksrd3tkZmjQklRySBVa+s9VWyuGl1DegjYlfKUZGOme1LZ2e + rNZwNHqGxTGpC+UpwMcDNADLDTrGS9vkeBGWN1CggcAr2ov9OsY7yxRIEVZJ + GDADqMd6gsrXUmvL1Y77Y6uu5vLU7jjrjtRfWupLd2SyX29mchT5ajacdcd6 + ANO90vTks53S2QMsbEEKOCAaZp2mafJYW8klujM0akkgZJIqK7s9WW0maTUN + 6hGJXylGRjkZplhaaq9jA0WoeWhRSF8pTgY6ZoASy0+xfUr+J4EKRmPaCBgZ + XnFGpafYx3FiscCKHlwwAHIx0NQWlrqTahfJHfbHUx728tTuyvHHbFGoWupJ + PZiW+8wtLhT5ajacdfegDWudL05baVltkBCMQdo9Kr6Xpuny6fbySW6MzICS + QMk0lxZ6uLeUvqO5QrZHlKMjHSoNOtNUewgeK/8ALQoML5SnA9MmgBbXTrF9 + VvomgQpGItoxwMrzijVNOsYnshHAi751VsDqDng1BbWupNqV6iX22RRHufyl + O7I447Yo1G11JHtPOvvMLTKF/dqNrc4PHX6UAbE2laasMhFtGCFP8I9KpaRp + thNpsEktujuy8kgZPNSTWWriJy2o5AU5HkrzxVTS7TVH0+B4b/ykK8L5Stj8 + TQA+30+xbV7uFoEKIkZC4GBkc0arp1jELTy4EXfcRqcDqDnIqCC11I6pdRrf + bZFVNz+Wp3A9BjtijU7XUkFr5195m6eML+6UbWOcNx1x6UAbT6VpoRiLaPof + 4RWdo2nWE2mQSy26O7A5JAyeTVh7LWNpzqWeD/yxWqGk2upyadC8F95UZBwv + lK2OT3NAEsWnWJ1i4hMCFFiQhccAk0avp1jDFAYoEQtNGpwByCeRUEVrqR1a + eNb7EgjUl/LXkZ4GOlGq2upRxQme+80GZAB5argk8Hj09KAN3+ydM/59Y/8A + vkVk6Hp9jPpcEs0CO7bskgEnDEVc+xax/wBBL/yCtZmjWupSabC9vfeTGd2E + 8tWx8x7mgCdNOsTrUkBgTyxCGC4GM7utGsadYw2qNFAiEyoMgdieagS11L+1 + 5IxfYlEIJfy15GemOn40ara6lHboZ77zVMiDHlKuDng8elAG7/ZOmf8APrH/ + AN8isnRdOsZ9PSSaBHYs/JHPDGrn2LWP+gl/5BWszSLXUpLFWgvvKTc3y+Wr + fxHPJoA89+JsEFs9tFbxiNSAcKMc/NXN+C4ke4u3ZQdsaY/GRal+KWvaTp+u + ad4d1PV4H1W6QvFAWVJWQZ6IDnHXB7846Gvj/wCO/wAWPEHgWztNE8Hat9gv + 78sbnygjSrCuCvLAlNzcgjBOOuK78Dl1TEVY0oqzff8AM4MwzSlhqEq03dR7 + b37H6bXNnoVlC1xeRwQRL1eTaqj6k4Feead45+FkUBTUfEWjxzCRxiW9t1bG + eOC4NfhXrXiLxB4kuje+IdTudTuDyZLqZ5n593JNY1fa0uBVb36v3I+Aq+Ib + v+7o6eb/AOAf0Dabq3g3W9bSDRb+xv4zAW2280co3buvyE84rc1vT7GDTZJI + YERwVwQMHlhX876syMHQlWU5BHBBFeu+FPj18W/ByLb6V4kuprMYzbXbm5gw + DnAWXdtH+4VPvWOI4GmlelUv6q346m+F8QoN2rUmvR3/AA0/M/dn+ydM/wCf + WP8A75FZOkadYzQStLAjkTOASOwPAr4o+FP7Z2keKriLRviHcL4avpMKt0sa + vZO3+0T80Wf9rco6lhX2Zokd7eWZubHUV8mR2ZWVFdXB53A56HqMcV8djsur + YaXJWjY+4y/NKGKhz0JX/NeqLcmnWI1mGEQJ5ZhYlccZz1pdb06xg0yeWGBE + dduCAAR8wqvJa6kNWijN9mUxMQ/lrwM9MdKXWLXU49Omee+86MYyvlKufmHc + VxHebS6Tpu0f6NH/AN8isvSdOsZkuTLAjbZ5FGR0AxgVbFlrGBjUv/IK1m6X + a6k6XHk33lATuG/dq2WHU89M+lAE8+nWK6xbQiBAjRuSuBgkU/WNOsIdNnli + t0R1HBAGRyKqzWupDVbeNr7MhRyr+WvA7jHfNP1W01OPT5nnvvNQDlfKVc8+ + ooA1otK00xoTbRkkD+EVm6Vp1jKbzzIEbZcOq5A4AxgVZjstYMakajgYHHkr + WfptrqTm78m+8vbO4b90p3MMZbnpn0oAnudOsV1aziWBAjrJuGODgcZqbVdN + sItOuJIrdFZVJBAGRVK4tdSGp2iPfbpGWTa/lqNuBzx3zUup2mqJYTvNf+Yg + U5XylGR9RQBpW+l6c1vEzW0ZJVSTtHpWfpmnWMst6JIEYJMyrkDgY6Cp4LPV + zBGV1HaCowPJU4GKo6da6k8t4Ir7yysxDHy1O44689PpQBPeadYpqmnxLAgS + TzdwA4OFyM1Y1LTNPi0+4kjt0VlRiCAMg4qhdWupLqNij326RvN2N5ajbhee + O+an1C01VLGdpb/zECMSvlKMjHTNAF600vTntYXa2QlkUk7RySKo6fp1jJdX + yvAjBJcKCOgx2qW1s9Wa2hZNQ2qUUgeUpwMdM1TsLXUnubwRX2xlkwx8pTuO + OuO1AE99p9imoWEaQIqyM4YAcHC8Zq1qGmafHYXEiW6KyxuQQBkEA1nXlrqS + 31ksl9vdmfY3lqNvHPHfNWb6z1VbK4aTUN6CNiV8pRkY5Ge1AFmw0zT5LG3d + 7dGZo0JJUckgVUsNPsZL6/jeBGWN1CggcZHan2VnqzWcDR6hsQxqQvlKcDHA + z7VVsrXUmvL1Y77Y6su5vLU7jjg47UAT6hp1jHd2KJAiq8hDAAcjHert5pen + JZzulsgZY2IIUcECsu+tdSW6slkvt7M5Cny1G046471bu7PVltZmk1DeoRiR + 5SjIxyM0AS6dpmnyWFvJJbozNGpJIGSSKrWenWL6lfxPAhSMx7QRwMrk4pbC + 01V7GBotQ8tCikL5SnAx0zVe0tdSbUL5EvtjqY97eUp3ZXjjtigCfUtOsYp7 + JY4EUPMAwA6jHQ1fudL05baVltkBCMQdo9KydQtdSSazEt95haUBT5Sjacdf + f6VduLPVxbyl9R3KFbI8pRkY6UAGl6bYS6dbySW6MzICSQMmobXTrF9Vvomg + Qogi2jHAyOcUmm2mqPYQPDf+WhUYXylOB6ZNQ21rqR1O8RL7bIoj3P5andkc + cdsUAT6pp1jE9mI4EXfcIrYHUHPBrRm0rTRC5FtGCFP8I9Kx9StdSRrTzr7z + N06hf3Sja3ODx1x6VflstXETltRyADkeSvPFAEekabYTabBJLbo7svJIGTzU + dvp9i2r3ULQIUREIXAwCetM0u01R9PgeG/8AKQrwvlK2OfU1HBa6kdUuY1vt + siom5/KU7gegx0GKAJ9W06xiW08qBF33EanAHIOcitN9K00IxFtH0P8ACKxd + UtdSQWvnX3m7p0C/ulG1jnDcdcelaL2WsbTnUsjH/PFaAK+i6dYzaZBLLAju + wOSQMnk02LTrE6xPCYEKLEpC44BJqHSLXU5NOheC+8qMg4XylbHJ7mkitdSO + rTRi+xKI1Jfy15GemOlAE+r6dYwwwGKBFLTRqcDqCeRWt/ZOmf8APrH/AN8i + sLVLXUo4oTNfeaDMgA8tVwSeDx6elaf2LWP+gl/5BWgCnoenWM+mQyzQI7tu + ySMnhiKE0+xOtyQGBPLEAbbgYzu61Bo1rqUmnRPb33kxndhfKVsfMe5oW11L + +2HjF9iUQgl/LXld3THT8aAJ9Z0+xhtUeKBEJkQZAHQmtb+ydM/59Y/++RWF + q1rqUdsrT33mr5iDHlKvOeDx6Vp/YtY/6CX/AJBWgCnounWM1gsk0COxZxkg + Z4Y0f2dY/wBueR5CeX9m3bccbt+M/lUGkWupSWStBfeUm5vl8pW5yc8mj7Lq + X9s+X9u/e/Z87/LX7u/7uOnXnNAE+tadYw2JkigRG3oMgerCtb+ydM/59Y/+ + +RWFq9rqUdkWnvvNTcvy+Wq85GORWn9i1j/oJf8AkFaAKejadYzWjPLAjt5j + jJHYHihtOsRraQeQnlmAttwMZ3dag0m11KS1ZoL7yl3uMeWrc55OT60Na6l/ + bCRm+/e+SSH8tfu7umOn40AT65p1jBpkssMCI4K4IAB5YVrf2Tpn/PrH/wB8 + isLWLXUo9Ole4vvOQFcr5Srn5h3Faf2LWP8AoJf+QVoAp6Rp1jNDM0sCOVmk + AyB0B4FEunWI1mGEQII2iYlccEg9ag0q11KSGUwX3lASuCPLVskHk8+tElrq + Y1aGM32ZTExD+WvAz0x0oAsa1p1jDpk8sMCI6gYIABHzCtNdJ03aP9Gj6f3R + WLq9rqcenTPPfebGAMr5SrnkdxWitlrGB/xMv/IK0AVNJ06xlS6MsCNtuJFG + R0A6CifT7FdXtYVgQIyOSuBgkdKg0u11N1ufJvvLxO4b92pyw6nnpn0omtdS + Gq20bX26Rkfa/lr8o7jHQ5oAt6vpthDps8kVuiOq8EAZHNXotK00xITbRklR + /CPSsnVbTVI9Pnea+81AOV8pVzz6irsVlq5jQrqOBgYHkrQBW0vTrGVrzzIE + bZcOq5HQDGAKLrTrFdVsolgQI6ybhgYOBxmoNNtdSdrvyb7y9s7hv3Snc3GW + 56Z9KLi11IanZo99ukYSbX8tRtwOeO+aALuq6bYRadcSR26KyoSCAMirVvpW + nNbxM1tGSVUk7R6Vm6laaolhO81/5iBTlfKUZH1FWYLPVzBGV1HaCowPJU4G + KAINN0+xlmvRJAjBJiq5A4GOgovNOsU1PT4lgQJJ5u4AcHC5Gag0+11J5bwR + X3llZSGPlqdxx19vpRd2upLqNij32+RvM2N5ajbheeO+aAL+paZp8Wn3Ekdu + isqMQQBkHFS2el6c9pA7WyFmRSSVHJIqlqFpqqWM7S3/AJiBGJXylGRjpmpb + Wz1ZrWFk1DapRSB5SnAx0zQBFp+nWMl1fI8CMEkAUEdBjtRfadYpf2EaQIqy + M4YADBwveoLG11J7m8WO+2MsgDHylO446+1F5a6kt7ZLJfb3Zn2N5Sjb8vPH + fNAGlf6Zp8djcyJborLG5BAGQQDRYaZp8ljbu9ujM0aEkqOSQKrX1nqq2Vw0 + mob0Ebkr5SjIwcjPbNLZWerNZwNHqGxDGpC+UpwMcDPtQAyx06xkv7+N4EZY + 2QKCBgZXtRqGnWMd3YokCKskhDADqMd6gsrXUmvb1Y77Y6su9vLU7jjjjtii + +tdSS6sllvt7NIQp8tRtOOuO9AGpeaXpyWk7rbIGVGIIUcECotN0zT5LC3kk + t0ZmjUkkDJOKZdWerLazM+ob1CMSPKUZGOmai0+01V7GBor/AMtCikL5SnAx + 0zQAWenWL6nfxNAhSPytoI4GVycUalp1jHNZLHAih5gGwByMdDUFpa6k2o3y + JfbZF8ve3lKd2V447Yo1C11JJrMS33mFpQFPlqNpx19/pQBrXOl6ctvKy20Y + IRiDtHpVbStNsJdOt5JLdGZkBJIGTRcWeriCQvqO5QpyPJUZGOlV9NtNUewg + eG/8tCowvlKcD6mgB1rp1i2q3sTQIUQR7RjgZHOKNU0+xiayEcCLvuEVsDqD + ng1BbWupNqd4iX22RRHufy1O7I447Yo1K11JGtPOvvM3ToF/dqNrc4bjrj0o + A2ZdK00RORbRghT/AAj0qjpGm2E2mwSS26O7LySBk81LLZauI3J1HIwePJWq + Wl2mpyafA8F95SFeF8pWxz6mgCSDTrFtXuoWgQoiIQuOAT1o1bT7GFbUxQIu + +4jU4HUHORUENrqR1S5jW+2yKibn8tfmHYY6DFGqWupItt5195u6dAv7tV2s + c4bjrj0oA220nTQpP2aPp/dFZmi6dYzaZBLNAjuwOSQCT8xq01lrG051Lt/z + xWs7SLXU5NOheC+8qMg4XylbHJ7mgCaLTrE6zPCYEMaxKQuBgEnrRq+nWMMM + LRQIhaaMHAHQnkVBHa6kdWmjF9iURqS/lryM9MdKNVtdSjhiM195oMqADy1X + BJ4PHp6UAbv9k6Z/z6x/98isnRNOsZ9MilmgR3O7JIyeGIq59i1j/oJf+QVr + M0e11KTTont77yYzuwvlK2PmPc0ATrp1idaeDyE8sQBtuOM7utGsadYw2qvF + AiEyIMgY4J5qBbXUv7XeMX370Qgl/LXld3THT8aNWtdSjtlae+81fMQY8pV5 + zwcj0oA3f7J0z/n1j/75FZOi6dYz2CyTQI7bnGSBnhjVz7FrH/QS/wDIK1xE + XiOx0tPslzq/2RwSfL+zmTqTzkA9aAOr/s6x/tzyPITy/s27bgY3b8Zo1rTr + GGwaSGBEYMgyAM8sKyNNupNYvxc6dqXmhoDiXydvAfBXa2O/Oa0NXtdSjsma + e+81Ny/L5Sr/ABDHIoA3f7J0z/n1j/75FZOj6dYzWrPLAjkSOMkZ4B4q59i1 + j/oJf+QVrM0m11KS2ZoL7yl8xxjy1bnPJyfWgCd9PsRrccAgTyzAW244zu60 + a3p1jBpkssMCI424IGDywFQNa6l/bCRm+zKYSQ/lrwu7pjp+NGsWupx6dK89 + 95yDblfLVc/MMcigDd/snTP+fWP/AL5FZOkafYzQzGWBHKzOoyB0B4FXPsWs + f9BL/wAgrWZpVrqUkUxgvvKAlcEeWrZIPJ59fSgCeXTrEazBCIECNExK4GCQ + etO1rTrCHTJ5YoER1AwQACORVaS11IatDGb7MpjYh/LXgZ5GOlLq9rqcenTP + PfebGAMr5SrnkdxQBtLpOmlQfs0fT+6Ky9J06xlW682BG2XEijI6AYwKtrZa + xtGNS7f88VrN0y11J1ufJvvL2zuG/dKdzDq3PTPpQBPPp1iur2sKwIEdHJXH + BI6VJq+m2EOmzyRW6I6rwQBkc1UmtdSGqW0bX26Rkfa/lL8oHUY6HNP1S01O + PT53nvvNQLyvlKuefUUAasOlaaYkJtoySo/hHpWdpenWMrXvmQI2y4dVyBwB + jAFWIrLVzEhXUcDAwPJWqGm2upO135N95e2dw37tTubjLc9M+lAE91p1iuq2 + USwIEcSbhjg4HGam1TTdPi064kjt0VlQkEAZFUrm11JdTs0e+3SMJNr+Wo24 + HPHfNTalaaolhO81/wCYgU5XylGR6ZFAGhbaXpzW8TNbRklFJO0elUNN06xk + mvVkgRgkxC5A4GOgqa3s9XMEZTUdqlRgeSpwMdKpafa6k814Ir7yyspDHy1O + 446+1AE95p1imp6fEkCBJDLuAAwcLxmrGpaZp8dhcSR26KyxsQQBkHFULu11 + JdRsUkvt7sZNjeUo24Xnjvmp9QtNVSxnaW/8xAjEr5SjIx0zQBds9L057OB3 + tkLNGpJKjkkVS0/TrGS7vkeBGWOQBQR0GO1SWlnqzWsLR6hsUopA8pTgY4Ga + qWNrqT3V6sV9sZZAGPlqdxx1x2oAnvtOsY76wjSBFWR3DADrhe9W7/TNPjsb + h0t0VljcghRwQDWbe2upLe2SyX292ZtreWo2nHPHerV7Z6stnO0mob0EbEr5 + SjIxyM+9AFiw0zT5LG2ke3RmaNCSQMkkCqljp1i9/fxvAjLGyBQQMDK9qdY2 + eqtZW7R6hsQxoQvlKcDAwM98VWs7XUmvb1Y77Y6sm5vKU7jjjjtigCfUNPsY + 7qxWOBFDyEMAByMd6u3ml6clpO6WyBlRiDtHBArLv7XUkubNZb7ezSEKfKUb + Tjr71curPVltZmfUNyhGJHlKMjHTNAD9N0zT5dPt5JLdGZkUkkDJOKr2enWL + 6nqETQIUj8raCOBlcnFGn2mqvYwNFf8AloUUhfKU4GOmagtLXUm1G+RL7bIv + l728pTuyvHHbFAE+padYxTWQjgRQ8wVsDqMHg1oXGlactvKy20YIViDtHpWR + qFrqSS2YlvvMLTAKfLUbTjr7/Sr09nq4gkLajuAU5HkqMjFACaVpthLp1vJJ + bozMgJJAyahttOsW1a9iaBCiLHtGBgZHOKbptpqj2EDw3/loVGF8pTgfU1Fb + 2upHU7tEvtsiiPc/lqd2Rxx2xQBPqunWMTWflwIu+4RWwByDnINaUulaaInI + towQp/hHpWNqVrqSG086+8zdOgX90o2tzhuOuPStCWy1cRuW1HIwcjyVoAh0 + fTrCbTYJZbdHdl5JAyeaZBp1i2r3MJgQosaELjgE9aj0q01OTT4XgvvKQjhf + KVsc+ppkNrqZ1W4jW+xIEQs/lryOwx2xQBPq2nWMSWpigRd1xGpwOoPUVqNp + Om7T/o0fT+6KxNUtdSRbbzr7zMzoF/dqMMeh4649K0mstYwf+Jl/5BWgCrou + nWM2mQSzQI7sDkkAk/MaSPT7E6zNCYE8tYlIXAxknrUOkWupyadC8F95UZBw + vlK2OT3NJHa6kdWljF9iURKS/lryM9MdKAJ9Y06xhghaKBELTICQOxPIrW/s + nTP+fWP/AL5FYWq2upRwxGe+80GVAB5Srgk8Hj09K0/sWsf9BL/yCtAFPRNO + sZ9NilmgR3JbJIyeGIoXTrH+23g8hPLEAbbjjO7Gag0e11KTT43t77yUJbC+ + UrY+Y55NC2upf2w0Yvv3vkg7/LX7u7pjp+NAE+s6dYw2ivFAiN5iDIA6E81r + f2Tpn/PrH/3yKwtWtdSjtQ0995q70GPLVec8HI9K0/sWsf8AQS/8grQBT0XT + 7GexEk0CO29xkgdjR/Z1j/bgg8hPL+z7tuON2/Gag0i11KSzDQX3lJuf5fLV + uc8nJo+y6l/bIj+3fvfIz5nlr93d93HTrzmgCfWtPsYLBpIYERgycgDPLCtb + +ydM/wCfWP8A75FYWr2upR2LNcX3nJuX5fLVe4xyK0/sWsf9BL/yCtAFPR9O + sZrV2lgRyJXGSOwPFSpa21trsawRrGPIY4AxzuxmqelWupSWzmC+8pfMcEeU + rc55OT61Yghu4tcjF1cee3ksc7AvGenHvzQB0tFFFABRRRQAUUUUAFFFFAH/ + 0f3Pl1GRtVgm+xzArG42FfmOe4Gadq2pST6dNE1nNGGA+ZlwByOvNXZ54Trd + swkXaIn5yMU7W54H0q4VZFJIHAI9RQAkerShFH2C4OAP4f8A69Z+majJD9rx + ZzSb7iRvlXO3OODz1FdHFc2/lp+9XoP4hWVo88K/bt0ijN1KRkjkcUAUbjUZ + G1S1mNnMpRXG0r8zZHbntUmp6nJNYTxGymjDLjcy4A+vNWrmeE6zZMJFKhJM + nIwOKm1ieBtMuFWRSSvQEUARQ6tKsKL9guDhQMheDx9aoadqMkUl2RZzPvmZ + vlXO3OODz1robe4txBGDKv3R/EPSs3Sp4Vlvt0ijNwxGSORgUAULrUZH1Kyl + NnMpj83ClfmbK9vp3qbUdTklsZ4zZToGQjcy4A+vNWbyeE6vpzCRSFE2TkYG + VFWNVuIG025VZFJKHgEUAVLbVZUtokFjO21FGQvBwOo5qnYajJFcXjCzmfzJ + MkKvK8dDz1res7i3FpADKoIRf4h6Vn6ZPCt1flpFAM2RkjnigCjeajI9/ZSG + zmUxl8KV5bK9ue1Wb7VJZLK4jNlOgaNhuK8DI6nmpr6eE6lpzCRSFaTJyOPl + q1qVxA2n3KrIpJjfjI9DQBQs9VljtIEFjO21FGQvBwOo5qrZajJHd3rizmfz + HUkBeV46HmtywuIBY24MigiNP4h6CqWnTwrfagTIoBkXHI5+WgChfajJJd2T + mzmTy3YgFeW46DmrV5qkslpOhsZ1DIwyV4GR1PNSajPC19p5EikCRs8jjir1 + /cQGxuAJFJMb/wAQ9DQBl2GqSxWUEYsp3Coo3KvBwOo5qvZ6jIl/fSCzmYyF + MqF5XC9+e9bOmXEC6dbK0igiNOCR6VUsJ4RqeosZFAYx4ORz8tAFG/1GSWez + Y2cyeXLnDLy3HQc9au3OqyvbyqbGdcowyV4HH1p2pzwtc2BWRTibJwRxxWhd + 3FubWYCVSSjfxD0oAxtO1OSKxgjFlO4VANyrwfcc1Da6jImpXsws5mMgjyoX + 5lwvfnv2rX0q4gXTbZWkUEIOCRVaznhGr6gxkUAiLByMH5aAKOo6jJK9oTZz + R7Jlb5lxuxngc9avzatK0Lr9guBlSMleBx9aTVp4WksdsinFwpOCOBzWncXF + uYJAJV+6f4h6UAYWl6nJDp8EQsppAq43KuQfpzUcGoyLql1N9jmJdUG0L8ww + O/PetTRp4F0y3VpFBC9CRUVtPCNZvGMi4KR4ORjpQBQ1PUZJvsubOaPZcRt8 + y43YzwOeprRfVpSjD7BcDIP8P/16brE8LfYtsinF1ETgjgc1qyXNv5bfvU6H + +IUAc7pOpSQ6dDELOaQKD8yrkHk9KbFqMi6rPN9jmJaNRsC/MMdyM1o6JPAm + lW6tIoIB4JHqabBPCNbuWMi7TEnORigChqmoyTRwA2c0e2ZGyy4zjsOeprTO + ry/9A+4/75/+vUWtTwtFbbZFOJ4zwR0zWwbm3x/rU/76FAHM6PqMkGmwxLZz + Shd3zIuVOWJ45oTUZBq8k/2OYkwhdm35hz1x6Vf0CeFNJgV5FUjdwSB/EaI5 + 4f7dlfzF2+QozkY+9QBQ1XUZJrdFNnNHiRDllwOD069TWn/a8v8A0D7j/vn/ + AOvUetzwvaxhZFJ82PoR61sfabf/AJ6p/wB9CgDmNH1GSCwSNbOaUAt8yrkc + sfegajJ/bBn+xzZ8gLs2/N97OcZ6Ve0GeFNNRXkVTufgkD+I0onh/t9n8xdv + 2YDORjO+gChq+oyT2exrOaIb0OWXA4PStP8AteX/AKB9x/3z/wDXqLXZ4XsM + JIrHenQg/wAVbP2m3/56p/30KAOY0nUZILQoLOaT53OVXI5PTrQdRk/thZ/s + c2RAV2bfm+9nOM9Kv6HPClkQ0ig+Y/Uj+9Q08P8Abyv5i7fs5GcjGd9AFDWN + RknsJI2s5ogSvzMuBww960/7Xl/6B9x/3z/9eo9enhfTJVSRWOU4BB/iFbH2 + m3/56p/30KAOY0rUZIYJFFnNJmVzlVyBk9OvUUSajIdXin+xzAiJhs2/Meeu + PSr+izwrbShpFB86Q8ketJJPD/bsL+Yu0QsM5GOtAFHWNRkn02aJrOaINt+Z + lwBhh15rSGry4H+gXH/fP/16Zr08L6TcKkisTt4BB/iFa4ubfA/ep/30KAOZ + 0vUZIUuAtnNJumdvlXOM9jz1FE2oyNqtvN9jmBVHGwr8xz3AzV7Rp4Vjud0i + jNxIRkjpxSzzwnWrVhIu0RvzkYoAp6rqUk2nzRGzmjDAfMy4A5HXmrserShF + H2C4OAP4f/r07W54H0u4VZFJIHAI9RWjFc2/lp+9XoP4hQBzmmajJCbvFnNJ + vndvlXO3OODz1FFxqMjapaTGzmUosg2lfmbI7c9qvaRPCpvt0ijNzIRkjkcV + Df39jDrNiZbmNAEkzudR1HHU0AR6nqck1hPEbKaMMuNzLgD681ag1aVYY1+w + TnCgZC8Hj60up31lc6Vc/ZriOX5cfI4bn8DWjb3FuLeIGVfur/EPSgDn9O1G + SKS8Is5n3zM2FXO3gcH3outRkfUrGU2cymPzcKV+ZsqBxz271f0qeFZb7dIo + zOxGSORgUXs8J1bTmEikL52TkcZUUAV9R1OSWxnjNlOgZCNzLwPc81LbarKl + tEgsZ22ooyF4OB1HNW9VuIG025VZFJMbcAj0qezuLcWkAMqghF/iHpQBg2Go + yRXF44s5n8yTJCryvHQ89aLzUZJL6ykNnMpjZ8KV5bK9ue1XtMnhW6vy0igG + XjJHPFF/PCdS05hIpCtJk5HHy0ARX2qSyWVxGbKdA0bDcV4GR1PNLZ6pLHZw + RixncLGoyF4OB1HNX9SuIG0+5VZFJMT8Aj0NO0+4gFhbAyKCI0/iH90UAYll + qMkd5eyCzmcyOpIC8rgd+aL7UZJLuyc2cyeW5IBXluOg5q/p88Iv9QJkUBnX + HI5+WjUZ4WvdPIkUgSNnkcfLQBHd6rK9pMhsZ13IwyV4GR1PNMsNUlisYIxZ + TuFRRuVeDgdRzWpfXFubK4AlUkxv/EPQ0zTLiBdOtlaRQRGvBI9KAMa01GRN + QvpRZzMZDHlQvK4Xvz3o1DUZJZ7NjZzJ5cuQGXluOg561esZ4RqmosZFAYxY + ORz8tGqTwtc2BWRTiYE4I44oAS41WV7eVfsM65VhkrwOPrUGnanJFYQRiynk + CoBuVcg/Tmtm6uLc2swEqklG/iHpVbSZ4F022VpFBCDgkUAZNtqMialeyizm + YyCPKhfmXA7/AF7UajqMkr2hNnMmyZW+ZcbsZ4HPWr9nPCNX1BjIoDCLByMH + CmjVp4WksdsinFwhOCOBg0AE2rStE6/YLgZUjJX2+tVNL1KSHT4IhZzSBV+8 + q5B+nNbs9xbmCQCVfun+IelUdGngXS7dWkUEL0JHrQBmQajIuqXU32OYl1Qb + QvzDHrz3o1PUZJha5s5o9k8bfMuM4zwPc1etp4RrN4xkXBSPByMdKXWJ4WFn + tkU4uYycEdOaAHPq0pUj7BcDg/w//XqhpOpSQadDEtnNIFB+ZVyDyenNdE9z + b7G/ep0P8QrM0OeBNKt1aRQQDwSPU0AZ0WoyDVp5vscxLRqNgX5hg9SM9KNV + 1GSaKFTZzR7ZkbLLjOD0HuavwzwjW7hzIu0xJzkY60zXrq1S1hkeZFSOZGYl + gAqjkknsB60AF14hjsraW8vbWW3t4FLySSAIiIoyWZiQAAOSTXw541/bc8Ne + FLT+wvAGm/29eQ7lN3MxiswSSflAG+THQ/cHcMRXzr+03+0fqPxR1ifwn4Wu + Wg8I2Mm0bCVN9Ih/1snfy8/6tD/vHnAX5Fr9FyThCHKquL3fT/P/ACPy/P8A + jafO6WDdkvtd/T/M+mdb/a7+Omr30l7bazFpXmDb5dpaxBQBzgGVZH/8erLt + v2qfjxAy+b4oe6RWDFJre3dSRyP+WeR+BFfPVFfXLKMIly+yj9yPi3neMb5v + bS+9/wCZ+jHw/wD29b5JY7L4maFHLEcA3enZR192gkJDe5V19lPSu7+KX7X3 + hzwt4Lt7L4Z3MWq63qaM8c2N0VpGxPzyIefN/uxsBjqwxgN+VlFeZU4Uwbqq + oo2t06M9anxljo0ZUnK9+vVGnrGtat4g1S41vW7yW+v7tzJLPMxeR2Pck/p6 + DgVnMzOxdyWY9SeSabRX0aikrI+XlJt3YUUUUyQooooAK+rP2ef2mtd+El5F + 4f8AEDSan4Tmb5oc7pLQk8yQZ7d2j6HqMHOflOiuXGYOnXpunVV0zrwOOq4a + oqtF2aP6C9N8T2OvSWOv6OjXdld22+F48MJEfkMpB6Vo6xqUk+nTRNZzRBsf + My4A5HXmvzI/Y1+M7+HfFMHw28R3ONK1MuLB5DxBdPz5YJ6LKeg/v4x94mv1 + G16eF9JuFSRWJC8Ag/xCvxnOMrlhKzpS26Puj92yTN4Y2gqsdHs12Y4avKAB + 9guP++f/AK9Zul6jJClwBZzSbp3b5VzjPY89RXSrc2+0fvU6f3hWRo08Kpdb + pFGbiQjJHTivLPXKM2oyNqtvN9jmBVHGwr8xz3AzT9V1KSbT5ojZzRhh95lw + Bz35q3PPCdatXEi7RG+TkYqTWp4H0u4VZFJK9AR6igBserSiNR9guDgD+H/6 + 9Z+m6jJCbvFnNJvndvlXO3OODz1FdHFc2/lJ+9XoP4h6Vl6RPCpvt0ijNzIR + kjkcUAULjUZG1O0m+xzKUWT5SvzNkdvpUup6nJNYTxGynjDKRuZcAfXmrV1P + CdYsWEikBZcnIwOBU2sTwNplwqyKSUPAIoAgg1WVYI1FhOcKBkLwePrVHTtR + kilvGFnM/mTFiFX7vHQ89a6C2uLcW0QMq/cX+IelZulTwrNflpFGZ2IyRyMC + gCjdajI+o2Mps5lMfm4Ury2Vxxz271PqGqSy2M8Zsp0DIw3MuAOOp5qxezwn + VtOYSKQvnZORxlas6pcQNp1yqyKSY24BHpQBTtdVlS2hQWM7bUUZC8HA6jmq + dhqMkdzeOLOZ/MkyQF5Xjoeetb1ncW4s4AZVBEa/xD0qhps8K3d+WkUAyjGS + OeKAKF5qMkl9ZSGzmQxs5CleWyO3NWb7VJZLK4jNjOgaNhuK8DI6nmpb+eE6 + jpzCRSFaTJyOPlq5qNxA2n3KrIpJifjI/umgDPstUljs4IxYzuFjUZC8HA6j + mqtlqMkd5eyCzmcyMpIC8rgd+a29PuIFsLYGRQREnGR/dFUtPnhXUNQJkUBn + THI5+WgCjfajJJdWbmzmTy3JAK8tx0HNW7vVZXtZkNjOu5GGSvAyOp5qTUZ4 + WvNPKyKQJDnkccVevri3NlcASqSY3/iHoaAMqw1SWKxgjFlO4VFG5V4OB1HN + V7TUZE1C+lFnMxkMeVC8rhcc/XtWxplxAunWytIoIjXgkelVrGeEapqLGRQG + MWDkc/LQBQ1DUZJZrNjZzJ5coOGXluOg96u3GqyvbyqbGdcqwyV4HH1pdUnh + a4sCsinEwJwRxxWjdXFubWYCVSSjfxD0oAxtN1OSKwgjFlPIFUDcq5B+nNQ2 + 2oyJqd5MLOZi4jyoX5lwO/PftWtpM8C6bbK0ighBwSKgtJ4Rq9+xkUAiLByM + H5TQBQ1LUZJWtCbOZNk6t8y43YzwPer8urStE4+wXAyDyV9vrRq08LPY7ZFO + LhCcEcDmtOa5tzDIBKv3T/EPSgDB0vUpIdPgiFnNIFX7yrkHntzUcGoyLqtz + N9jmJdEG0L8wx3P1rT0aeBdLt1aRQQvQketRW88I1q8YyLtKR4ORigCjqeoy + TC2zZzR7J0b5lxnGeBz1NaL6tKVI+wXA4P8AD/8AXpmsTwstntkU4uYycEdO + a1nubfY371Oh/iFAHOaRqUkGnQxLZzShQfmVcg8npzSRajINWmn+xzEtGo2b + fmGD1Iz0rR0OeFNKt1eRVIB4JA/iNNhnhGt3DmRdpiTnIx1oAoapqMk0UKmz + mj2zI2WXGcHoPc1p/wBry/8AQPuP++f/AK9R6zPC0MAWRTieM8EetbH2m3/5 + 6p/30KAOY0bUZINOiiWzmlC7vmRcg5Y9OaF1GQaw8/2ObJhC7Nvzfe64z0q9 + oE8KaTAryKpG/gkD+I0JPD/b0j+Yu3yAM5GM7qAKOrajJPbKjWc0eJEOWXA4 + PTrWn/a8v/QPuP8Avn/69Ra3PC9ogWRWPmp0I9a2ftNv/wA9U/76FAHMaRqM + kFksYs5pQGY7lXI5Jo/tGT+2fP8Asc2fs+3Zt+b7+c4z07Vf0KeFNOVWkUHc + /Uj+8aPPh/t/f5i7fsuM5GM76AKGr6jJPZGNrOaIblOWXA4I960/7Xl/6B9x + /wB8/wD16j12eF9PISRWO9OhH94Vsfabf/nqn/fQoA5jSdRkgtSgs5pMu5yq + 5HJ6daG1GQ6wk/2ObIhK7NvzfeznGelX9DnhSzYNIoPmP1I9aRp4f7eR/MXb + 9nIzkYzuoAo6xqMk+nSxNZzRAlfmdcAYYe9af9ry/wDQPuP++f8A69Ra/PC+ + lTKkisSU4BB/iFbP2m3/AOeqf99CgDmNK1GSGGVRZzSbpXbKrnGT0PPUUSaj + IdWhn+xzArEw2bfmOT1Az0q/os8KwThpFGZ5DyR60Szw/wBuQP5i7RCwzkY6 + 0AUdX1KSfTpoms5ogwHzMuAOR15rRXV5QAPsFx/3z/8AXpuuzwvpNwqSKxIX + gEH+IVqrc2+0fvU6f3hQBzWmajJCtyBZzSbp3b5VzjPY89RRNqMjarbTfY5g + URxsK/Mc9xz2q/o88Kpd7pFGbiQjJHTikuJ4TrVowkXAjkycjFAFTVdSkm0+ + eI2c0YYfeZcAc9+auxatKI0H2C4OAOdv/wBen61PA2l3CrIpJXoCPWr8Nzbi + JAZV+6P4h6UAc7puoyRNd4s5pN87t8q525xwfei41GR9Ts5jZzKUEnylfmbI + 7c9u9X9InhVr7dIozcuRkjkcUXc8J1ixYSKQFlycjA4FAFXUtTkmsJ4zZTxh + lI3MuAPrzVmDVZVgjX7BOcKBkLwePrU+rzwNplyqyKSUPAIq3bXFuLaIGVfu + L/EPSgDn9P1GSKW8YWcz+ZKWwq/d46HnrRd6jI+o2Mps5lMfmYUry2Vxxz27 + 1e0ueFZ78tIozOSMkc8UXs8J1bTmEikL52TkcfLQBBqGpyS2M8Zsp0DIw3Mv + A46nmpbXVZUtYUFjO21FGQvBwOo5q5qlxA2nXKrIpJjbgEelS2VxbizgBlUE + Rr/EPSgDCsdRkjubxxZzP5kgJAXleOh5ovNRkkvbKQ2cymNnIUry2R2q/ps8 + K3d+WkUAyjHI54ov54TqOnsJFIVnycjj5aAIb7VJZLK4jNjOgaNxuK8DIPJ5 + pbLVJY7OCMWM7hY1GQvBwOo5rQ1G4gbT7oCRSTE/GR/dNLp9xAthbAyKCIk4 + yP7ooAxLLUZI729kFnM5kZSVC8rgd+aL7UZJLqyc2cyeXISAV5bjoOavafPC + NQ1BjIoDOmDkc/LRqU8LXmnlZFIEhzyOOKAG3WqyvazIbGddyMMleBkdTzUW + n6pLFYwRiyncKijcq8HjqOa1r24tzZzgSqSY2/iHpUWl3EC6dbK0igiNeCR6 + UAY9pqMiajfSizmYyeXlQvK4XHPPftRqGoySzWbGzmTZKGwy/e46DnrV+ynh + Gq6ixkUBjFg5HPy0apPC09gVkU4nBOCOODQA241WVoJFNjOuVIyV4HH1qvpu + pyQ2EEYsp5AqgblXIP05rburi3NtKBKpJRv4h6VU0ieBdMtlaRQQg4JFAGVb + ajImp3kws5mLiP5QvzLgd+e/ajUtRkla0Js5o9k6N8y43YzwOetXrSeEaxfs + ZFAIiwcjB4o1eeFnsdsinFyhOCOBzQA6XVpTG4+wXAyDzt/+vVLS9Skh0+CI + Wc0gVfvKuQee3Nb81zbmJwJV+6f4h6VQ0WeBdLt1aRQQvQketAGZDqMi6pcz + fY5iXRBtC/MMdzz3o1TUZJltgbOaPZOjfMuM4zwOepq/bzwjWbtjIuDHHg5G + KTWZ4WS02yKcXMZOCOnNAEjavKVI+wXHT+7/APXrO0jUpINOhiWzmlCg/Mq5 + B5PTmuke5t9p/ep0P8QrK0KeFNJt1eRVIDcEgfxGgDPj1GQatNP9jmJaNRs2 + /MMHqRnpRquoyTQxKbOaPbKjZZcZweg56mr0U8I1yd/MXaYVGcjHWl1qeFoI + AsinE8Z4I9aAJP7Xl/6B9x/3z/8AXrM0fUZINOiiWzmlA3fMi5ByxNdP9pt/ + +eqf99CsfQZ4U0qFXkVSC/BIH8RoAoLqMg1h5/sc2TCF2bfm+91x6UatqMk9 + sqGzmjxIhyy4HB6davpPD/bsj+Yu37OBnIxndRrc8LWaBZFJ82PoR60ASf2v + L/0D7j/vn/69fOfiht2rOcEfKOv419Qfabf/AJ6p/wB9CvmDxSQdWfH90fzN + BUT0PwBdNb2sbrBJNiORcIMn/WZz9O1drq+oyT2TRmzmiBZTuZcDgiuT+HMk + aW8Rdgo8qQcnHPmV3euzwvpzKkisdycAj+8KBMk/teX/AKB9x/3z/wDXrM0n + UZIbZkWzmkzI5yq5HJ6da6f7Tb/89U/76FY+iTwpaOGkUHzZOpHrQIoNqMh1 + hJ/scwIhK7NvzH5uuM9KNY1GSfTpYms5ogdvzOuAMMDV554f7ejfzF2/ZyM5 + GM7qXXp4X0qZUkViSnAIP8QoAk/teX/oH3H/AHz/APXrM0rUZIYplFnNJuld + squcZPQ89RXT/abf/nqn/fQrG0WeFYJw0ijM8h5I9aAKMmoyHVoZ/scwKxsN + m35jk9QM9KXV9Skn06aJrOaIMB8zLgDkdeavTTwnW7dxIu0RPzkY607XJ4X0 + q4VJFYkDgEH+IUAKuryhQPsFx0/u/wD16zdM1GSFbnFnNJvndvlXOM9j7iul + S5t9o/ep0H8QrJ0eeFVu90ijNzIRkjpxQBQm1GRtUtpvscwKI42lfmOe457U + /VNSkm0+eI2c0YZfvMuAOe/NXLieE6zaMJFwI5MnIxUmtTwNpdwqyKSV6Aj1 + oAji1aVYkH2C4OAOQv8A9eqGm6jJE12RZzSb53b5Vztzjg89a6KG5txDGDKv + 3R/EPSsvSJ4Ve+3SKM3LkZI5HFAFG51GR9Ts5jZzKUEmFK/M2R257d6m1LU5 + JbCeM2U8YZSNzLgD681Yu54TrFgwkUgCXJyMDirGrTwNptyqyKSUPAIoArW+ + qyrBGv2GdsKBkLwePrVLT9RkimvGFnM++UthV+7x0PPWugtbi3FtEDKoIRf4 + h6VnaXPCs9+WkUZnJGSOeBQBQu9RkfUbGU2cymMyYUry2V7c9u9T6hqkstjP + GbKdAyMNzLwOOp5qe+nhOq6cwkUhTLk5HHy1a1S4gbTrlVkUkxtwCPSgClaa + rKlrCgsZ22ooyF4OB1HNVLHUZI7q9cWcz+ZICQF5Xjoea3bG4txZW4MqgiNP + 4h6CqGmzwreagWkUAyDHI54oAo3uoySXtlIbOZDGzEAry2R25q1e6pLJZzxm + xnQNGwyV4GR1PNS6hPCdQ08iRSFd88jj5auahcQNYXIEikmJ+Mj+6aAM2x1S + WOyt4xYzuFjQbgvBwByOarWeoyR3t7ILOZjIyEqF5XA71tadcQLp9qDIoIiT + jI/uiqlhPCNR1BjIoDMmDkc/LQBQv9RkkubNzZzJ5chIBXluOg5q5darK9rM + hsZ13IwyV4GR1PNO1KeFrvTysikCU5wRxxV+9uLc2c4EqkmNv4h6UAZOn6nJ + FYwRiyncKijcq8HjqOagtNRkTUb6UWczGTy8qF5XC9+e/atjS7iBdOtlaRQR + GvBI9Kq2U8I1bUWMigN5ODkc/LQBR1DUZJZbNjZzJsmDYZfvcHge9Xp9VlaC + RfsE4ypGSvA4+tLqk8LTWBWRTicE4I44NaNzcW5tpQJV+438Q9KAMTTdTkhs + IIxZTyBVA3KuQfpzUVvqMi6ndzCzmYuI/lC/MuB3571q6RPAumWytIoIQcEi + oLWeEaxfMZFAKxYORg8UAUdS1GSY2mbOaPZOjfMuN2M8Dnqa0JdWlMbj7BcD + IPO3/wCvTdXnhZrHbIpxcxk4I4HNak1zbmJwJV+6f4h6UAYGlalJDp8MQs5p + Ao+8q5B57c0yHUZF1W4m+xzEuiDaF+YY7kZ71paLPAml26tIoIXoSPU0y3nh + GtXTGRcGOPByMUAUNU1GSZbYGzmj2zo3zLjOOw9zWkdXlII+wXH/AHz/APXp + msTwslptkU4uIycEdOa1mubfaf3qdP7woA5vSNSkg06GJbOaUKD8yrkHk9Oa + SPUZBq8s/wBjmJaJRs2/MOepGelaGhTwppNuryKpAbgkD+I02KeH+3J38xdp + hUZyMdaAKOq6jJNDEps5o8SocsuAcHp9TWn/AGvL/wBA+4/75/8Ar1FrU8L2 + 8IWRTiaM8EetbP2m3/56p/30KAOY0fUZINPjiWzmlALfMq5ByxNC6jJ/bDT/ + AGObJhC7NvzfeznGelX9BnhTS4leRVOX4JA/iNCzw/287+Yu37OBnIxndQBQ + 1bUZJ7UIbOaPDocsuBwenWtP+15f+gfcf98//XqPW54Xs1CyKT5idCPWtj7T + b/8APVP++hQBzGkajJBZiNbOaUbmOVXI5P1o/tGT+2RcfY5s+Rt2bfm+9nOM + 9KvaFPCmngPIqne/UgfxGjz4f7fD+Yu37NjORjO+gCjq+oyT2LRtZzRAsp3M + uBwR71p/2vL/ANA+4/75/wDr1Fr08L6c6pIrHcnAI/vCtn7Tb/8APVP++hQB + zGk6jJDbOi2c0mZHOVXI5PTr1FWILtrnXY2aCSH9yww4weuc/Sp9EnhS0cNI + oPmydSPWnGSN9eiKMGHkMODn+KgDcooooAKKKKACiiigAooooA//0v3Um0zT + 11e3gECiNo3JHYkU7WNL0+DTZ5YYFR1AwR25FQS2+qDVYEa7UymNyG8sYA7j + Gafq1vqiadM092skYAyojAzyO+aANSPRtLMak2yZIFZmlaZYTfbPNgVvLuJE + XPZRjAq7Ha6zsXF6oGB/yyH+NZ2mW+pv9r8m6VMXEgbMYOW4yevGfSgCS40y + wTVrSBYFEbrIWHY4HFTarpWnQ6dPLFAquq5BHaqtxb6mNUtUe6UyFX2t5YwB + jnjvmpdTt9VWwnaa7V0C8qIwMj65oA0INH0xoY2a2UkqCfyrP03TNPmkvBLA + rCOdlXPYADirUNrrBhjK3qgbRgeUOmPrVDTrfVGku/JulQiZg2YwdzcZPtQB + LdaZp6apYwpAoSTzdw9cKMVPqWladDp9xLFbqrqhII7Gqd1b6oNSsle7VpG8 + 3Y3lgBcLzxnnNT6jb6stjO014roEOVEYGR9c0AW7XSNMe1hd7dSzIpJ9yKo6 + dplhLcXqyQKwjlwo9BirNtbawbaIpeqqlFwPLBwMfWqVhb6m1xeCK6VGWXDE + xg7jjr14oAlvdM0+PULCJIFCSGTcPXC5FWdQ0nTYrG4kjt1VljYg+hAqjeW+ + qC/slku1Z2L7G8sDb8vPGec1Zv7bV1srhpbxXQRtuHlgZGORnNAE9lpGmyWc + Ej26lmjUk+pIqpY6Zp8l5fRyQKyxuoUegIqazttXa0gMd4qqUXA8sHAxwM5q + pZW+qNd3qx3Sqyuu8+WDuOPTtQBJf6ZYR3ljHHAqrI7Bh6jFXL3SNNjs55Et + 1DLGxB9CBWffW+prd2QlulZmdth8sDacemeat3ltq62k5kvFZAjZHlgZGOR1 + oAfp+k6bLY28klurM0akn1JFVbLTLCTUL+J4FKRmPaPTK5NS2FtqzWUDRXio + hRcAxg4GOBnNVrO31M398sd0qupTe3lg7vl44zxigCXUdM0+K4sljgVRJLtY + eox0q9daRpiW0rrbqCqMQfcCsy/t9UWezEt0rs0uFPlgbTjr71dubbWBbyl7 + 1WUI2R5YGRj60AJpuladNp9vLLbqzsgJJ7mq9rplg+qX0LwKUjEW0dhleafp + 1vqzWMDQ3iohQYUxg4H1zUFrb6mdTvVS6VZFEe9vLBDZXjjtigCTU9MsIZLM + RQKoknVWx3BzxWjPo+mLDIy2yghSR+VZWpW+prJZ+ddK5MyhcRgbW7HrzV+a + 11gQyFr1SNpyPKHTH1oAh0rStOm06CWWBWdlySe9R2+mae2q3cDQKY0WMqOw + yOaTS7fVX0+BoLtUQrwpjBwPrmo4LfVDql0i3SiQKm5vLGCMccZ4xQBLqmma + fD9k8qBV33EaNjupzkVpPo2lhGItkyAayNTt9UX7L512r5uIwuIwMNzg++PS + tF7XWdjZvUIwf+WQ/wAaAKuj6Xp8+mwSzQK7sDknvyabDpmntq9xAYFMaxoQ + OwJ603SbfVH06FoLtY4yDhTGDjk980yK31Q6rOi3aiURqS3ljBHYYzQBJq2m + WEEduYoFUtMinHcHqK1To2lf8+yVjarb6mkcHn3SyAzIBiMDDdj+FaZtdax/ + x/J/36H+NAFHRNM0+40yGaaBXdt2Se+GIoTTNPOsyW5gXyxCrBe2c9ai0a31 + R9Nha3uljjO7CmMNj5j3zQlvqn9ryILpRKIQS3ljBXPTGaAJdX0zT4LaN4YF + QmVASPQnmtX+xdK/59krF1a31RLdDPdLIvmIABGBzng1qfZda/5/k/79D/Gg + DP0XTLC409JZoFdyzcn2Y0o0zT/7aNv5C+X9nDbe27djNRaPb6m9gjW90sab + mwpjB/iOec0C31T+2Sn2pfN8gHf5Yxt3dMZ9e9AEms6ZYW9l5kMCo29BkehP + Na39i6V/z7JWLq9vqaWe64ulkTenAjA5zxzmtT7LrX/P8n/fof40AUNH0zT5 + 7MvNArtvcZPoDxQdM0/+2lt/IXyzAW29s7sZqLSbfVHtCYLpY13vwYwec8nN + Bt9U/thU+1L5vkE7/LGNu7pj696AJda0zT7fTpJYYFRwVwR7sBWr/Yulf8+y + Vi6xb6omnyNcXSyJlcqIwv8AEMc1qfZda/5/k/79D/GgChpGmafPbyNNArES + uoJ9AeKSTTLAazFbiBfLaFmK9sg9aj0q31R4JDBdLGolcEGMHJzyaJLfU/7X + iQ3SmUxMQ3ljAGemM0AS61pmn2+mTTQwKjrtwR2ywFag0bS8D/RkrH1i31RN + Nma4u1kjG3KiMDPzDvmtIWutYH+nJ/36H+NAFDSdMsJ47gywKxSeRRnsB0FL + Npmnrq9vAsCiN43JHYkdKi0u31N47jyLpYwJnDZjBy3c9e9E1vqg1W3RrpTK + Ufa3ljAHcYoAsavpenwabPLDAqOoGCO3Iq/Ho2lmNSbZckCsvVrfVU0+Zp7t + ZIwBlRGBnkd81ejtdZ2Li9QDA/5ZD/GgClpemWExvPNgVvLuJFXPZRjAryf4 + m2tvaazbR20YjU24JA9d7V6pplvqbm78m6VMTuGzGDluMnrxn0ryn4lR3Ues + Wwu5RMxgGCF24G5uMUFRNbwPa28vhnUriSMNJHKdrdx8q16pBo+mNBGzW6kl + QT+VeU+CI7pvDWovFMFiEnzJtyT8q9+1eowWusGGMreqBtGB5Q6Y+tAmVdN0 + zT5ZbwSQKwjmZVz2GBxRd6Zp6anYQpAoSXzdw9dqgiotOt9UaS8EN0qETMGz + GDubA59qLq31QalYq92rSN5uxvLAC4XnjvmgRc1LStOisLiWO3VXVCQR2OKm + tdI0x7WF3t1LMikn3IqpqNtqy2M7S3iugQ5URgZH1zU1tbawbaIpeqqlFwPL + BwMfWgCtp+mWEtzepJArCOXCg9hii90ywj1CwiSBQkjPuHrheKjsLfU2uLwR + XSoyyYYmMHccdevFF5b6mt/YrJdKzsz7G8sDb8vPGec0AXtQ0nTYrG4kjt1V + ljYg+hAp1jpGmyWVvI9upZo0JPqSBUF9bastlcNLeKyCNsgRgZGORnNOs7bV + 2s4GjvFVDGuB5YOBjgZzQBDY6Zp8l7fRvArLG6hR6Aii/wBM0+O7sUjgVVkc + hh6jFRWVvqjXl6sd0qurrvPlg7jjjjtRfW+qLd2QkulZmc7D5YG046470AaN + 5pGmx2c8iW6hljYg+hAqPTtJ02Wwt5JLdWZo1JJ7kim3ltq4tJzJeKyhGyPL + AyMcjOaZYW2rNYwNFeKiFFwDGDgY6ZzQBHZ6ZYSajfxPApSIx7R6ZXJo1HTL + CK4sljgVRJLtYDuMdKjtLfUzqF8sd0qyKY97eWDu+XjjPGKNQt9TWezEt0rs + 0uFIjA2nHXrzQBp3Oj6YltK626gqjEH3AqvpmladNp9vLLbqzsgJJ7mnXFtr + At5S96rKFbI8sDIx9ag0231ZrCBobxUQoMKYwcD65oAS10zT31S+haBSkYi2 + jsMqc0anpmnwvZiKBVEk6q2O4OeKitrfVDqd6qXSrIoj3t5YIbI44zxijUbf + VFe0867VyZlC4jAw3OD15+lAGrNo+lrC7LbKCFJH5VT0nStOn06CWWBWdlyS + e/NTTWusiJy16pG05HlD0+tVNLt9VfT4Ggu1jjK8KYwcc+uaAC30ywbVruBo + FMaJGVHYEjml1XTNPhFp5UCrvuI1bHdTnIqKC31M6pdIt0olCpubyxgjtxnj + FGp2+qKLXzrtXzPGFxGBhucHrzj0oA130bSwjEWydDWfo+l6fPpsEs0Cu7A5 + J78mrb2us7GzfJ0P/LIf41n6Tb6o+nQtBdrHGQcKYwccnvmgB8Wmae2rzwGB + TGsaEL2BJr5V/bN8X2vgf4ZRaFpAFvqPiaZrYMuQwtY13TkfXKIfZjX1LFb6 + odWnRbtRKI1JbyxgjPAxmvzE/bt1HUH+I2g6JeT+fHaaWJ1wNoDTzyK3H0iW + vf4Zwqq4yClstfu/4J85xXjJUcDUlHd6ff8A8A+H6KKK/ZT8KCiiigAooooA + KKKKACiiigAooooAKKKKAJYJpraaO4t3McsTB0ZTgqynIIPqDX7lfDDxZpvx + G+EGk+No4US9uIFS52jG25ify5cDsCwLAf3SK/DCv0g/Yl8Q3l14M8XeFWuM + QafcW94sZGSftIMbYPYAxKT9frXyHGeDU8L7XrF/g9P8j7bgXHOni3R6TX4r + X/M/RNdG0sqD9mSsvSdMsJ0uTLArFJ5FGewGMCry2utYGL5P+/Q/xrN0u31N + 0uPIuljAncNmMHLdz17+lflR+xEk2mWC6vbQLAojeNyR2JHSpNX0vT4NNnlh + gVHUcEduRVea31Qarbo10plKPtbyxgDuMU/VbfVU0+Zp7tZIwOVEYGefXNAG + nFo2lmNCbZckCs7S9M0+Y3nmwK3l3DqueyjGBVyO11kxqReqBgf8sh/jWdpt + vqjG78m7VMTuGzGDluMnrx9KAJbnTNPTVbOFYFCSLIWHY4HFS6ppWnQ6fPLF + AquqkgjtVW4t9UGp2ivdKZCsm1vLAC8c8d81Lqdvqq2E7TXaugXlRGBkfXNA + F+30fTGgjZrdSSoJ/Ks/TdMsJpb1ZIFYRzFVz2GOlWoLbWDBGUvVClRgeUOB + j61R0631NpbwQ3SoVmIbMYO5sdfagCW70zT01OwhSBQkvm7h67VyKsalpOnR + WFxLHbqrKjEEdiBVK6t9UGpWKvdq0jebsbywNuF54zzkVPqFtqy2M7S3iugR + sgRgZGOmc0AW7TSNMe1hd7dSzIpJ9yKpafpmny3N6kkCsI5MKPQYqe1ttYNt + CUvVVSi4Hlg4GPrVOwt9Ua5vBFdqjLJhj5YO4469eKAJL3TLCO/sYkgULIzh + h64Xird/pOmxWNxJHbqrLG5B9CBVC8t9TW+slkulZ2Z9jeWBt45471ZvrbV1 + srhpbxWQRsWHlgZGORnNAE1jpOmyWVvI9urM0aEn1JAqpY6ZYSXt9G8Cssbq + FHoCKmsrbV2s4GjvFVDGpA8sHAxwM5qrZW+pte3qx3Sq6su8+WDuOOOM8UAS + 3+mafFd2KRwKqySEMPUYq5eaRpkdpO6W6hlRiD6ECs6+t9UW6shLdKzM52ny + wNpx196uXdtq4tZjJeKyhGyPLAyMcjrQAunaTpsthbySW6szRqST3JFV7PTN + Pk1G/ieBSkZj2j0yuTT7C21ZrGBorxUQouAYwcDHTOar2lvqh1C+WO6VZFMe + 9vLB3ZXjjPGKAJNR0ywinsljgVRJMFbHcY6VfudH0xLaV1t1BVGIPuBWZqFv + qazWYlulctKApEYG0469eavXFtrAt5S96pUK2R5QGRj60AM0zStOm0+3llgV + nZAST3NQ2umae+qXsLQKUjEW0dhkc0um2+rNYQNDdqiFRhTGDgfXNQ21vqh1 + O8VLpVkUR7m8sENkccdsUAS6npmnwvZiKBV8ydFbHcHORWhNo+lrE7C2UEKf + 5Vlalb6orWnnXSvmdQuIwMNzg+/0rQltdZETlr1SNpyPKHp9aAINJ0rTp9Og + llgVnZcknvzUUGmWDatdQNApjREIHYE9aNLt9VfT4Ggu1jQrwpjBxz65qOC3 + 1Q6rcot0olCJubyxgjtx2oAk1XTLCEWvlQKu+4jVsd1OcitR9G0sIxFsnQ1j + 6pb6motvOulfM6BcRgYbnB/D0rSe11nY2b5Oh/5ZD/GgCno2l6fcabBNNAru + wOSe/JpItM086xPAYFMaxKQvYEmmaRb6o+nQtb3axxkHCmMHHJ75psVvqh1a + ZBdKJRGpLeWMEZ4GKAJdW0zT4IoWigVS0yKcdwTyK1f7F0r/AJ9krF1W31RI + oTPdLIDMgAEYGGzwevatT7LrX/P8n/fof40AZ+iaZYXGmQzTwK7tuyT7MRQm + mWB1qS3MC+WIQwXtndjNR6Nb6m+nRNb3SxxndhTGGx8xzzmhbfU/7YdBdL5v + kgl/LGNu7pigCTWNMsILVHhgVGMiDI9Cea1v7F0r/n2SsXVrfU0tkM92si+Y + gwIwOc8HrWp9l1r/AJ/k/wC/Q/xoAoaNpmn3Fgsk0CuxZxk+zGj+zNP/ALb+ + z+Qvl/Z9+3tu34z+VRaRb6o9krW90sabm4MYbnJzzR9n1T+2dn2pfO+z53+W + Mbd/TH170AS6zpmn29iZIYFRtyDI92Fav9i6V/z7JWLq9vqiWRa4ulkTcvAj + A5yMc5rU+y61/wA/yf8Afof40AUNH0zT57RnmgV28xxk+gPFI2mWA1pLcQL5 + ZgLbe2d2M1HpNvqj2pMF0sa734MYPOeTQ1vqf9sIhul83ySd/ljG3d0xmgCT + W9MsLfTZZYIFRwVwR7sBWt/Yulf8+yVi6zb6mmnSNcXSyRgrlRGFz8wxzWp9 + l1r/AJ/k/wC/Q/xoAoaTpmnzwzNNArFZnUZ9AeBRJpmnjWIYBAvltEzFe2Qe + tRaVb6o8MpguljAlcEGMHJzyaJLfVBq0KG6UymJiG8sYAzyMUATazpen2+mT + zQwKjqBgjt8wrSXRtL2j/RkrI1e31RNOma4u1kjAGVEYGeR3zWitrrW0f6cn + /fof40AUtK0zT5luTLArbJ5FGewHQUk+mWC6vbQLAojdHJHYkdKj0u31R1uf + JulQCdw2Ywct3P4+lE1vqY1W2RrpTKUfa3ljAHcYzQBY1bS9Pg06eWKBVdVy + CO3NXotH0tokJtlJIFZuq2+qpp87T3ayRgcqIwM8+uauRWusmNCt6oGBj90P + 8aAKml6Zp8zXglgVvLuHVc9lGMCi50zT01WyhWBQkgk3DscDiotNt9UZrvyb + pUxO4bMYOW4yevH0oubfVBqdmr3atIwk2t5YAXA54zzmgC3qmladDp88sUCq + 6qSCO1WbfR9MaCNmt1JKgn8qo6nb6qthO012roFOVEYGR9c1YgttYMEZW9UA + qMDyhwMfWgCrpumWEs16skCsI5iq57DHSi80ywj1OwhSBQkvm7h64XIqPTrf + U2mvBFdKhWUhiYwdxx168UXdvqY1GxWS6VpG8zY3lgbcLzxnnNAF3UtJ06Kw + uJY7dVZUYgjsQKktNI0x7SF3t1LMikn1JFVdQttWWxnaW8V0CNkCMDIx0zmp + bW21c2sJjvVVSi4Hlg4GOB1oAgsNM0+W6vUkgVljkAUegxRe6Zp8d9YxpAoW + RnDD1wvFRWNvqjXN4IrtUZZAGPlg7jjr14ovLfVFvbJZLpWdmfYfLA2nHPHe + gC/f6TpsdjcSR26qyRuQfQgHFFjpOmyWVvI9urM0aEn1JAqK+ttXWyuGlvFZ + BG5YeWBkYORnNFlbau1nA0d4qoY1wPLBwMDAzmgCGx0ywkvr6N4FKxsgUemV + o1DTLCK7sUjgVVkkIYeoxUdlb6m17erHdKrqy7z5YO44447UX1vqa3VkJbpX + ZpDsPlgbTjr15oA0bvSNMS0mdLdQyoxB9CBUenaTpsthbyyW6szIpJPckUl1 + bawLWYveKyhGyPLAyMdOtR6fbas1jA0V4qIUXAMYOBjpnNADLTTNPfUr+F4F + KReVtHplcmjUdM0+KayWOBVEkwVsdxjpUVpb6odRvlju1WRfL3t5YO7K8cZ4 + xRqFvqizWYlu1ctKApEYG046+9AGncaPpiW8rLbqCFYg++Kr6XpWnTafBLLA + rOygknvT7i21gQSF71SoU5HlAZGPrVfTbfVWsIGhu1RCowpjBwPrmgBttplg + +q3sLQKUjEe0dhkc0applhC1mIoFXzJ0Vsd1Ocio7a31M6neKl0qyKI9zeWC + GyOOM8Yo1K31NWtPOulfM6BcRgYbnB68/SgDWl0bSxE5FsoIBqjpOl6fPp0E + ssCs7Lkk9+asS2usiNy16pGDn90P8ap6Vb6q+nwNBdrHGV4Uxg459c0ALBpm + ntq11A0CmNEQgdgT1pNV0ywgW1MUCrvnjU47qc5FRw2+qHVblFu1EoRNzeWM + EduM0apb6mi23n3SyZnQLiMDDc4PXt6UAbDaNpYUkWydKzdG0vT7jTIJpoFd + 2ByT3+Y1ca11nac3ydP+eQ/xrO0i31R9Oha3u1jjIOFMYOOT3zQA+LTLA6xN + AYFMaxKQvYEml1bTNPghhaKBVLTIpx6E8ioo7fUzq0yC6USiJSW8sYIz0xmj + VbfVEhiM92sgMqAARgYOeD+FAG1/Yulf8+yVlaLpmn3GmxTTQK7tuyT7MRV/ + 7LrX/P8AJ/36H+NZej2+qPp0TW92scZ3YUxhsfMc859aAJV0zTzrL25gXyxA + G29s7sZo1jTNPgtVeGBUYyIMj0J5qJbfVP7YdBdL5vkgl/LGNu7pijVrfVEt + lM92si+YgwIwOc8HrQBtf2LpX/PslfNnihQurOAMfKP619G/Zda/5/k/79D/ + ABrxHV/C3iDVb1ruxtTPERgMGUcgnPBIPWgaOo+H1pbXNtElxGHUxyNg+okx + n8q7fWdM0+3sWkhgVGDIMj3YVyfhDSNZ00JZTEWlwInbDAPhS/Tg45PNdPq9 + vqiWTNcXSyJuXgRhecjHNAM2v7F0r/n2SsrR9M0+e1Z5oFdhI4yfQHir/wBl + 1r/n+T/v0P8AGsvSbfVHtmMF2sa+Y4wYwec8nrQIkfTLAa1HbiBfLMJYr2zu + xml1rTNPt9NllhgVHXbgj3YComt9T/thEN0vm+SSH8sY27umKNYt9UTTpWuL + tZIxtyojC5+YY5z60AbX9i6V/wA+yVk6RplhPDM00CsVmdRn0B4FaH2XWv8A + n+T/AL9D/GsvSrfU3hmMF0sYErggxg5OeT1oAll0zTxrEEAgURtExK9iQaXW + dL0+302eaGBUdQMEduRUMtvqg1aFGu1MpjYhvLGAM8jGadq9vqiadM1xdrJG + AMqIwM8jvmgDWXRtLKgm2TpWZpWmafMt0ZYFbZcSKM9lGMCrq2us7Ri+Tp/z + yH+NZumW+qMtz5N0qYnkDZjBy3GT17+lAEs+maeurWsCwKI3RyR2JHSn6tpe + nwadPLFAquq5BHbmq89vqg1W2RrpTIUfa3ljAHfjvUmq2+qpp87T3ayRheVE + YGefXNAGjDo+ltEjG2UkqP5VnaXplhM14JYFby53Vc9lGMCrkVrrJiQreqBt + GB5Q9PrWfptvqbNd+TdKmJ3DZjBy3GT14+lAElzplgmq2UKwKEkEm4djgcVP + qeladDp9xLFAquqEgjsaqXNvqY1OzV7pWkYSbW8sALgc8Z5zU2pW+rLYTtNd + q6BTlRGBkfXNAF230fTHt4ma3UkqpJ98VR07TNPlmvVkgVhHMVXPYY6VZt7b + WDBGUvVClRgeUDgY+tUdPt9Uaa8EV0qFZSGJjB3HHX2oAkvNMsI9SsIkgUJK + ZNw9cLkVZ1HSdNisLiWO3VWVGII7ECqV3b6mNRsVkulaRjJsbywNuF5475qx + qFtqy2M7S3iugRsgRgZGOmc0AWbPSNMktIHe3UsyKSfUkVS0/TLCW7vkkgVl + jkAUegxVi0ttXNrCY7xVUouB5YOBjgdap2NvqbXV6IrpUZZBvPlg7jjr14oA + lvtM0+O+sY0gULIzhh64WrV9pOmx2VxIluqssbkH0IBqhe2+qLe2SyXSs7M2 + w+WBtOOeM81avbbV1s52kvFZBGxI8sDIxyM5oAlsNJ02Sxt5JLdWZ40JPqSB + mqtlpmnyX99G8ClY2QKPTK81LY22rtZW7R3iqhjQqPLBwMcDOaq2dvqjXt6s + d0qurJvPlg7jjjjtQBJqGmWEV1ZJHAqrJIQw9Rirt3pGmJaTOluoZUYg+hAr + Ov7fU1ubIS3SuzSEKfLA2nHXrzVy6ttXFrMZL1WUI2R5YGRjkdaAF03SdOls + LeWS3VmZFJJ7kiq1nplhJqd/C8ClIvK2j0yuTT9PttWaxgaK8VEKLgGMHAx0 + zmoLS31M6jfLHdKsi+Xvbywd2V44zxigCXUtM0+KWyWOBVEkwVsdxjpV+40f + TFgkZbdQQpI/KsvULfVFlsxLdK5MwCkRgbWx1681enttYEEha9UgKcjyhyMf + WgCPS9K06bT4JZYFZ2UEk96httMsH1W8haBSkax7R2GRzTtMt9VawgaG7VEK + jCmMHA+uaht7fUzql2iXSrIqx7m8sENkccZ4xQBJqmmWEJs/KgVfMuEVsd1O + citKXR9LWJyLZQQDWTqdvqam0866V8zoFxGBhucH3+laEtrrIjcteqRg5/dD + /GgCvpGl6fPp0Es0Cs7DknvzTINM09tWuYGgUxoiEDsCetN0q31V9PgaC7WO + MjhTGDjn1zTIbfVDqtwi3SiUIm5vLGCOwxQBLqumafClsYoFXfPGpx3BzkVp + to2lhSfsyVj6pb6oi23nXSvmdAuIwMN2P4elaTWutbT/AKcn/fof40AU9G0v + T7jTIJpoFd2ByT3+Y02PTLA6xNAYF8tYlYL2yT1pmkW+qPp0LW92scZBwpjB + xye+aSO31M6vMgulEoiUlvLGCM9MZoAk1fTLCCCJoYFUtMinHoTyK1v7F0r/ + AJ9krF1W31NIYjPdLIDKgAEYGDng9a1Psutf8/yf9+h/jQBQ0XTNPuNOilmg + V3JbJPsxFC6Zp51p7fyF8sQBtvbO7Gai0e31R9Pja3uljjJbCmMNj5jnnNC2 + +qf2wyfa183yQd/ljG3d0x9e9AEusaZp8ForwwKjeYgyPQnmtX+xdK/59krF + 1a31RLUGe6WRd6cCMDnPBrU+y61/z/J/36H+NAGfo2mWFxZCSaBXbe4yfQGj + +zLD+2xb+Qvl/Z923tu34z+VR6Rb6m9kGt7pY03NwYwec885o+z6n/bIT7Uv + neRnf5Yxt3dMZ9e9AEmtaZYW9g0sMCowZBke7Ctb+xdK/wCfZKxdYt9TSxZr + i6WRNy/KIwO4xzWp9l1r/n+T/v0P8aAKGkaZp89s7zQK5EjjJ9AeKmjs7a11 + 2NbeMRjyGOB67sVU0m31R7ZzBdrGvmOCDGDznk9asQRXkeuxi6mEreSxyF28 + Z6fnQB0tFFFABRRRQAUUUUAFFFFAH//T/c+XU92qwT/ZLgbY3G0p8xz3Az0p + +ran5+nTRfZLiPcB8zx4Ucjqc1enkj/tu2O4Y8p+9P1ySM6VcAMCcDv7igBk + esYRR9hujgD/AJZf/XrO0zU/J+1/6JcPvuJG+RM4zjg88EdxXTRSx+WnzjoO + 9ZOjSIPt2WAzdS9/pQBn3Gp7tUtZvslwNiuNpT5jkdhnnHepdT1TzrCeL7Hc + JuXG548KPqc1bupE/tqyO4YCSd/ap9ZkjOl3IDAnb60AV4dX2wxr9iujhQMi + Pjp9aoadqflSXZ+yXD+ZMzfKmduccHng10lvJH9ni+cfdXv7VmaTIglv8sBm + 4bv7CgDOutT36lZTfZLhfL835SmGbK/wjPOO9T6jqvm2M8X2O5TchG5o8KPq + c1avJIzq+nEMMATd/wDZFWNWkjOm3IDAnYe9AFO21fZbRJ9iuW2ooyI8g4Hb + mqVhqflXF432S4fzJc4VMleOh54NdDZyRi0gBcfcXv7VnaXIgutQywGZvX2o + Az7zU/Mv7GX7JcL5Zf5WTDNlcfKM8471Zv8AVvNsriP7HcpujYZaPAGR1Jz0 + qxfyIdT04hhgNJ3/ANmrepyRnTroBh/qn7+1AGdZ6t5dpBH9iuW2ooyseQcD + qDnpVSy1Py7u9k+yXDeY6nCpkrgfxDPFb1hJGLC2Bcf6tO/+yKpadJGL/UCW + HMi9/wDZoAzr7U/Mu7KT7JcJ5bscMmC3H8IzzVu81bzLSeP7FcruRhlo8AZH + UnPSpdSkQ32nEMDiRu/tV6/kjNjcgMP9W/f/AGTQBlWGq+VZQR/Y7l9qKMrH + kHA6g56VWs9T8u/vpfslw3mFPlVMsuF/iGeM9q3NMkjGnWoLAHy07+1U7CRB + qmpEsMFo+/8As0AZ9/qfmz2bfZLhPLl3YZMFuOg55NXbnV99vKn2K5XcjDJj + wBkd+ak1SSM3NhhgcTevtWhdyR/ZJvnH3G7+1AGLp2q+VYwRfY7h9qAbljyp + +hzUFrqezU72b7JcN5gj+UJllwv8QzxntWzpMkY022BYA7B3qtZug1jUSWGC + Ie/+zQBn6jqfnPaH7JcJ5cyt8yY3YzwOeTV+bV90Mi/YroZUjJj46fWl1aRD + JYYYHFwnf61qXEkf2eX5x91u/tQBz+l6p5OnwRfZLiTauNyR5U/Q5qODU9uq + XU32S4O9UG0J8wwO4zxntWto0kY0u2BYA7fWoraRP7avTuGCkff2oAztT1Pz + vsv+iXCbLiNvnTGcZ4HPJPYVovrGUYfYbrkH/ll/9ejWJEP2LDA4uou/1rWk + lj8tvnHQ96AOb0nU/I06GL7JcSbQfmSPKnk9DmmRant1Wef7JcHdGg2hPmGO + 5GelamhyRjSrcFgDg9/c0yCRP7buTuGPKTvQBnarqfnxwD7JcR7Zkb50xnHY + c9T2rTOs/wDTjdf9+v8A69M1p0MVthgf9Ij7+9bJlix98fnQBy2jan9n02GH + 7JcSbd3zImVOWJ4OaE1PGryT/ZLjmELs2fP16kZ6Vo+H5EGkW4LAH5u/+0aI + 5E/t6U7hjyF7/wC1QBnarqfn26L9kuI8SIcumAcHp161qf2z/wBON1/36/8A + r0zW5ENrHhgf30ff3rZ82L++PzoA5XR9T+z2CRfZLiTBY7kTK8se+aBqf/E5 + Nx9kuP8AUBdmz5/vZzjPT3rQ0B0GmICwB3P3/wBo0okj/t9juGPsw5z/ALdA + Gdq+p+fZ+X9kuI/nQ5dMDg+ua1P7Z/6cbr/v1/8AXqPXnQ2GAwPzp3/2q2vN + i/vj86AOV0nU/ItCn2S4k+dzlEyOT0zmg6n/AMThbj7JccQFdmz5/vZzjPSt + HQpEFiQWA/eP3/2qGkj/ALfU7hj7Mec/7dAGdrGp/aNPki+yXEeSvzOmFGGB + 65rU/tn/AKcbr/v1/wDXpmvyRnS5QGBOU7/7QrZ82L++PzoA5XStT8iCRfsl + xJmVzlEyBk9Dz1ok1POrxT/ZLgbYmXZs+c89QM9K0dEkQW0uWA/fSd/ekldP + 7dhO4Y8huc+9AFDWNT+0abND9kuI9235njwoww6nNaQ1ngf6Ddf9+v8A69N1 + +RDpFwAwJ+Xv/tCtgSxYHzj86AOW0vU/JS4H2S4k3TO3yJnGex56jvRNqe7V + bef7JcDYjjaU+Y57gZ6VoaK6CO6ywH+kSd/pSzyJ/bdqdwx5b96AKOrap5+n + zRfZLiPcB8zx4Ucjqc1ej1jCKPsN0cAdI/8A69P1ySM6VcAMCdo7+4rSilj8 + tPnHQd6AOZ0zU/JN3/olw++4dvlTOM44PPBHcV5T8Srr7XrFs/kyQ4gAxIu0 + n5m5+lezaPIgN9lgM3Unf6V5N8UI5J9btTCpkH2cD5Rn+NvSgqJP4IuvL8Na + jb+TI/mSffVcovyr1PavUYNX2wxr9iujhQMiPg8fWvOvBCPD4V1NJlMbGQkB + hgn5V9a9ZtpI/s8Xzj7q9/agTOc07U/KkvD9kuH8yYt8qZ25A4PPBoutT36l + YzfZLhfL835SmGbcuPlGecd60dKkQTX+WAzcN39hReyIdX00hhged3/2RQIq + 6jqvm2M8X2O5TchG5o8KPqc1Nbavstok+xXLbUUZEeQcDtzV3VZIzptyAwJ8 + tu/tU9nJGLSAFx9xe/tQBz1hqflXF4/2S4fzJM4VMleOjc8Gi81PzL+xl+yX + C+WXO1kwzZX+EZ5x3rQ0yRBd6hlgMy+vtRqEiHU9OIYYDSd/9mgCC+1XzbK4 + j+x3Kbo2GWjwBkdSc9KWy1by7OCP7FcttjUZWPIOB1Bz0rS1OSM6ddAMCfKf + v7GnafJGLC2BYf6pO/8AsigDBstT8u8vZPslw3mOpwqZK4H8QzxRfan5l3ZP + 9kuF8tycMmC3HReeTWjp0kYv9RJYcunf/Zo1KSM32nkMOJG7/wCzQBDeat5l + pOn2K5XcjDJjwBkdTz0plhqvlWMEf2O5faijKx5BwOoOela9/JGbG4Acf6t+ + /saj0uSMadbAsAfLXv7UAYlpqfl6hfS/ZLhvMMfyhMsuFx8wzxntRqGp+bPZ + t9kuE8uXdhkwW46Dnk1oWDoNU1IlhgmLHP8As0apIhudPwwOJh39qAGXGr77 + eVPsVyNysMmPAGR35qDTdV8mwgi+x3D7UA3LHlT9Dmty7kj+yzfOPuN39qra + RJGNMtgWAOwd6AMa21PZqd7N9kuG8wR/KEyy4H8QzxntRqOp+c9ofslwnlzK + 3zJjdjPA55NaNnJGNY1AlhgiHv8A7Jo1aRDJY4YHFwnf2NADZtY3ROv2K6GV + IyY+On1qppeqeTp8EX2S4k2rjckeVPPY5roJ5I/Ik+cfdPf2qjoskY0u3BYA + 7fX3oAyYNT26pdT/AGS4O9UG0J8wx6jPGe1Gp6n5wtf9EuE2Txt86YzjPA56 + nsK0LaRP7avTuGCkff2pdZkjIssMDi5i7/WgBX1jKMPsN10P/LL/AOvXIX3j + 3w54H8NJqvimc6fYw5BnlwsZJJIVSTlmPYAEnsK5b44/HPwz8GPDn22+IvtX + vQy2VijANIw6u552xr3bv0HNfjF47+Ivi74j6r/a3iu/e6ZMiGEErBAhOdsU + ecKPXuepJPNfTZHw3Uxf7yT5Yd+/p/mfKcQcVUsF+7guafbovX/L8j7+8a/t + 1eHtO1O5Pw/0OXVC6BFuL1vs8WV/iEa7nYfUoa+Fvix8V/Efxi8Tx+KvE8Nt + b3UVulqiWqMkYiR3ccOzknLnnNeZUV+j5fkeGwr5qUde/U/LMz4gxeLXLWl7 + vZaIKKKK9c8UKKKKACiiigAooooAKKKKACiiigAooooAK+1/2J7uSLxV4psw + rMk+mIxIGQClwmCfT7xFfFFfW37JfjnwV4I17xC3i7U00yXU7SG3tWlDeWze + aHcM4BVMBRyxA968biGnKWCqRiru36nu8M1Iwx9KUnZX6+jP13XWeB/oN1/3 + 6/8Ar1m6XqfkpcD7JcSb53b5EzjPY89R3robO/sb21iu7K4juIJlDJJG4dGU + 9CrA4IPqKztFkQR3eWAzcSd/pX4o0fvaZnzanu1W3n+yXA2I42lPmOe4GelP + 1XVPP0+eL7JcR7h9548KOe5zV24kT+27Q7hjy5O9S63JGdKuAGBO0d/cUARR + 6xiNR9hujgDpH/8AXrP03U/JN3/olw++d2+VM4zjg88EeldNFLH5SfOPujv7 + VlaPIgN9lgM3Mnf6UAZ1xqe/U7Sb7JcDYsg2lMMcjsM8471LqeqedYTxfY7h + Ny43NHhR9Tmrl1In9s2J3DAWXv7VNrEkZ0u5AYE7D3oArQavtgjX7FcnCgZE + fB47c1R07U/KlvG+yXD+ZMWwqZK8dDzwa6O2kj+zRfOPuL39qzNJkQTX+WAz + O3f2FAGfdanv1Kxm+yXC+X5vylMM2Vx8ozzjvU+oar5tjPH9juU3Iwy0eFHH + UnNWr2RDq+mkMMDzu/8As1Z1WSM6bcgMCfLbv7UAUbXV9ltCn2K5baijIjyD + gduap2Gp+Vc3j/ZLh/MkzhUyV46Nzwa6CykjFnAC4/1a9/aqGmSRi71AlhzK + O/tQBnXmp+ZfWUn2S4Xy2c7WTDNkfwjPNWb7VvMsriP7HcpujYZaPAGR1Jz0 + qfUHQ6lpxDDAaTv/ALNXNSkjOnXQDD/VP3/2TQBm2WreXZwR/Y7ltsajKx5B + wByDnpVWy1Py7y9k+yXDeYynCpkrgfxDPFbunSRjT7YFh/qk7/7Iqlp0iDUN + RJYYLp3/ANmgDPvtT8y6sn+yXCeW5OGTBbjoozyauXerb7WZPsVyu5GGTHgD + I6nnpUupSRm908hhxIe/tV6+kjNlcAOP9W/f2NAGRYar5VjBH9juX2ooyseQ + cDqDnpVe01PZqF9L9kuG8wx/KEyy4XHzDPGe1belyRjTrYFgD5a9/aqtjJGN + V1IlhgmLv/s0AZ2oan5s1m32S4Ty5Q2GTBbjoOeTV641ffbyp9iuV3KwyY8A + ZHfmnarIhuLDDA4nHf2rSu5IzazAOPuN39qAMPTdV8mwgi+x3D7VA3LHlT9D + mobbU9mp3k32S4bzBH8oTLLgdxnjPatjSJIxplsCwB2DvUFpIg1jUCWGCIu/ + +yaAM7UtT85rQ/ZLhPLnVvmTGcZ4HPJrQl1jdE6/YroZB5MfHT60uryRl7HD + A4uU7/WtSeSPyZPnH3T39qAOe0vVPJ0+CL7JcSbVxuSPKnnsc1HBqe3Vbmf7 + JcHeiDaE+YY9Rnj2rW0WSMaXbgsAdvr71DbOn9tXh3DBSPvQBn6pqfnC1/0S + 4j2Txt86YzjPA56nsK0n1jKkfYbrof8All/9em6zIhWzwwOLmPv9a13lj2N8 + 46HvQBzWkan5GnQxfZLiTaD8yR5U8noc02LU8atNP9kuDujUbQnzDB6kZ6Vp + 6FJGNJtwWAOD3/2jTYZE/ty4O4Y8lO/vQBnarqfnRQr9kuI9syNl0wDg9Bz1 + PatT+2f+nG6/79f/AF6ZrUiGG3wwP7+Pv71s+bF/fH50Acro2p/Z9Oih+yXE + m3d8yJuU5Yng5oXU8aw9x9kuOYQuzZ8/3s5xnpWh4fkQaTACwB+fv/tGhHT+ + 35DuGPs45z/tUAZ+ran59sqfZLiPEiHLpgcHp161qf2z/wBON1/36/8Ar1Hr + jobNAGB/ex9/etrzYv74/OgDldI1PyLJY/slxJhmOUTI5Y980f2n/wATn7R9 + kuP+Pfbs2fP9/OcZ6e9aOgyINOUFgDvfv/tGjzI/+EgzuGPsuM5/26AM7V9T + 8+yMf2S4j+ZDl0wOCO+a1P7Z/wCnG6/79f8A16ZrsiHTyAwJ3p3/ANoVs+bF + /fH50AcrpOp+Rasn2S4k+dzlEyOT069aG1POsJcfZLjiErs2fP8AeznGelaO + hyILJgWA/eSd/ekeRP7fjO4Y+znnP+1QBn6zqf2jTpYvslxHkr8zphRhgeTm + tT+2f+nG6/79f/XqPxA6NpUwVgTlO/8AtCtrzYv74/OgDldK1PyIZV+yXEm6 + V2yiZAyeh56jvRJqedWhn+yXA2xMu0p8xyeoGelaOiSIIJ8sB+/k7+9Eskf9 + uQHcMeS/f3oAz9X1Pz9Omi+yXEe4D5njwo5HU5rRXWflH+g3X/fr/wCvRr0k + Z0m4AYE4Xv8A7QrWWWLaPnHT1oA5fS9T8lbkfZLh987t8kecZ7HnqO4om1Pd + qttP9kuBsRxtKfMc+gzWjo0iBLvLAZuZO/0pLiRP7btDuGPLk70AU9V1Tz9P + ni+yXEe4feePCjnuc1ci1jbGg+w3RwByI/8A69S63JGdKuAGBO319xWhDLH5 + KfOPujv7UAc1pup+S13/AKJcPvndvlTOM44PPB9qLnU9+p2c32S4XyxJ8pT5 + myOwzzjvWjpEkYa+ywGbmTv9KLuRDrFgQwwFl7+woAqalqnnWE8X2O4TcpG5 + o8KPqc1Yg1fbBGv2K5OFAyI8g8duataxJGdMuQGBOw96t20kf2aL5x9xe/tQ + Bzmn6n5U1432S4fzJS2FTJXjoeeDRd6nv1Gxm+yXC+X5nylMM2Vx8ozzjvWh + pUiCe/ywGZz39qL6RDq2mkMMDzu/+zQBW1DVfNsZ4/sdym5GG5o8KOOpOalt + dW2WsKfYrltqKMiPIOB1HNXtVkjOm3IDAny27+1TWUkYsrcFx/q07+1AHP2O + p+Vc3j/ZLh/MkBwqZK8dG54NF5qfmXtlJ9kuF8tnOGTBbI/hGea0dNkjF5qB + LDmUd/ajUJEOo6cQwwHfv/s0AQX2reZZXEf2O5XdG4y0eAMg8k56UWWreXZw + R/Y7ltsajKx5BwByDnpWnqMkZ0+6AYf6p+/+yaNOkjGn2wLD/VJ3/wBkUAYV + lqfl3t7J9kuG8xlOFTJXA/iGeKL7U/NurJ/slwnlyE4ZMFuOi88mtDT5EGo6 + iSwwXTv/ALNGpyIbzTyGBxKe/tQBHdatvtZk+xXK7kYZMeAMjqeaj0/VfKsY + I/sdy+1FGVjypwOoOa2L2SM2VwA4/wBW/f2qLS5IxptsCwB8te/tQBiWmp7N + Rvpfslw3meX8oTLLhcfMM8Z7UahqfmzWbfZLhPLlDYZMFuOg55NaNjJGNW1I + lhgmLv8A7NGqyRmewwwOJx39jQAy41ffBIv2K5GVIyY+Bx35qvpuqeTYQRfY + 7h9qgbljyp+hzW5dSR/ZpvnH3G7+1VdHkjGmWwLAHYO9AGPbans1O8m+yXDe + YI/lCZZcDuM8Z7UalqfnNaH7JcJ5c6N8yY3YzwOeT7VoWkiDWb8lhgrF3/2a + NXkQvY4YHFynf60AEusZjcfYboZB6x8fzqnpWqeRp8EX2S4k2r95I8qeexzX + QzSx+S/zj7p7+1Z+iSRjSrcFgDt9fc0AZUOp7dVuZ/slwd6INoT5hj1Ge9Gq + an5y2w+yXEeydG+dMZxngc9T2FaNvJH/AG1dncMGOPvSazIhS0wwOLmPv9aA + HNrGVI+w3XT/AJ5f/XrO0jU/I06GL7JcSbQfmSPKnk9DmuneWPY3zjoe9ZOg + yRjSbcFgDhu/+0aAM2PU8atNP9kuDuiUbQnzDB6kZ6UarqfnwxL9kuI9sqNl + 0wDg9Bz1PatCGRP7duDuGPJTv70utyRmCDDA/v4+/vQA/wDtn/pxuv8Av1/9 + esvR9T+z6dFF9kuJNu75kTKnLE8HNdV5sX98fnWNoEkY0mEFgDl+/wDtGgDO + XU8aw9x9kuOYQuzZ8/3s5xnpRq2p+fbKn2S4jxIhy6YHB6detaKSJ/b0h3DH + 2cd/9qjXJIzZoAwP72Pv70AP/tn/AKcbr/v1/wDXrL0jU/s9kI/slxJ8zHKJ + kcn1zXVebF/fH51i6DIg05QWAO9+/wDtGgDP/tP/AInP2j7Jcf8AHvt2bPn+ + /nOM9PejV9T8+yaP7JcR5ZTl0wOCO+a0fMT/AISDduGPsvXP+3Rr0iHTmAYE + 707/AO0KAH/2z/043X/fr/69Zek6n5FsyfZLiTMjnKJkcnp1611Xmxf3x+dY + 2hyRizcFgP3snf3oAzm1POsJcfZLjiErs2fP97OcZ6Uazqf2jTpYvslxHu2/ + M6YUYYHk5rQeRP7fjO4Y+znnP+1S6/JGdJmAYE5Tv/tCgB/9s/8ATjdf9+v/ + AK9Zelan5EMy/ZLiTdK7ZRMgZPQ89fWuq82L++PzrF0SRBBPlgP38nf3oAz5 + dTzq0M/2S4G2NhtKfMcnqBnpTtX1Pz9Omi+yXEe4D5njwo5HU5q/NJH/AG5b + ncMeS/f3p2uyRnSbgBgTgd/9oUAIusYUD7DddP8Anl/9es3TNT8lbn/RLh98 + 8jfImcZxweeo7iuoSWPYvzjoO9ZGjSRhbzLAZuZe/wBKAM6fU92q20/2S4Gx + HG0p8xz3Azz71Jquqefp88X2S4j3L9548KOe5zV24kj/ALatDuGBHJ3qTW5I + zpVwAwJ2+vuKAIotY2xIv2K6OAORHx0+tZ+m6n5LXZ+yXD+ZO7fKmduccHng + +1dLBJH5Mfzj7o7+1ZWkOge+ywGbl+/0oAz7nU9+p2c32S4XyxJ8pTDNkdhn + nHeptS1XzrCeL7HcJuUjc0eFH1OatXciHWbAhhgLL3/2asavJGdMuQGBOw96 + AKtvq+yCNfsVycKBkR8HjtzVHT9T8qa8b7JcP5kpbCpkrx0PPBrorWSP7ND8 + 4+4vf2rO0qRBPf5YDM57+woAzrvU/M1Gxl+yXC+WZPlKYZsrj5RnnHerGoar + 5tjPH9juU3Iwy0eAMjqTnpVi+dDqumkMMAy55/2at6pJGdNuQGBPlt39qAKF + pq2y1hT7FcttRRkR5BwOo56VTsdT8q6vX+yXD+ZIDhUyV46Nzwa37GSMWVuC + 4/1ad/YVQ010F5qBLAZlHf2oAz73U/MvbKT7JcL5bMcMmC2R/CM81avdW8yz + nj+x3K7o2GWjwBkHknPSp9QkQ6hpxDDAd+/+zVzUZIzp9yAw/wBU/f8A2TQB + mWOreXZW8f2O5bbGgyseQcAcg56VVs9T8u9vZPslw3mMhwqZK4X+IZ4rd02S + MafaguP9Unf/AGRVPT5EGo6iSwwXTv8A7NAGdf6n5tzZv9kuE8uQnDJgtx0X + nk1cutW32syfYrldyMMmPAGR1PNSam6G808hgcSnv7VoXskZsrgBx/q37+xo + AxtP1XyrGCP7HcvtRRuWPKnjqDmoLTU9mo3032S4bzPL+UJllwuPmGeM9q2t + KkjGm2wLAHy17+1VbGRBq2pEsMHye/8As0AZ+oan5stm32S4Ty5g2GTBbjoO + eTV6fV90Ei/YrkZUjJj4HHfmn6rIhmsMMDide/sa0rmSP7NL84+43f2oAwtM + 1TybCCL7HcPtUDcseVP0Oaht9T2apdzfZLhvMEY2hMsuB3GeM9q2NHkjGmWw + LAHYO9V7SRBrN+SwwVi7+1AGfqep+cbT/RLhPLnRvmTG7GeBzyfatCXWN0bj + 7DdDIPJj/wDr0axIhaxwwOLmPv8AWtWaSPyX+cfdPf2oA53StU8jT4IvslxJ + tH3kjyp57HNMh1PbqtxP9kuDvRBtCfMMdyM1q6JJGNKtwWAO09/c1HbyJ/bd + 2dwx5cfegDO1TU/OW2H2S4TZOjfOmM47Dnqe1aTaz8p/0G6/79f/AF6TWZIy + lphgcXMff61rtLHtPzjp60AcxpGp+Rp0MX2S4k2g/MkeVPJ6HNJHqeNXln+y + XB3RKu0J8wwepGelaWgyRjSbcFgDhu/+0abE6f27Odwx5K8596AM/VdT8+GJ + fslxHtlRsumAcHoOetan9s/9ON1/36/+vUetyIbeHDA/v4+/vW15sX98fnQB + yuj6n9n0+OL7JcSYLfMiZU5YnrmhdTxrDXH2S45hC7Nnz/eznGelaOgSRjSo + gWAOX7/7RoWRP7fc7hj7OOc/7VAGdq2p+faqn2S4j+dDl48Dg9OvWtT+2f8A + pxuv+/X/ANema5JGbJQGB/eR9/etnzYv74/OgDldI1PyLMR/ZLiT5mOUTI5P + rmj+0/8Aici4+yXH/Hvt2bPn+9nOM9PetDQZEGngFgDvfv8A7RoMif8ACQBt + wx9l65/26AM/WNT+0WLR/ZLiPLKdzpheCO+a1P7Z/wCnG6/79f8A16j150Om + uAwJ3J3/ANoVtebF/fH50AcrpOp+RbOn2S4kzI5yiZHJ6detWILv7VrsbeTL + D+5YYkXaeuc/SrOhyRi0kBYD97J396VmVtfi2kH/AEdun+9QBt0UUUAFFFFA + BRRRQAUUUUAf/9T90ptJ09dWt7cQgRvG5IyeSOlO1fSdOt9OnmhgCuoGDk8c + iopYdWGqwK1xGZTG+1tnAHfinatDqy6dM1xcRvGAMgJgnkd6ANKPQ9KMak26 + 5IHc1naXpWnz/a/NhDeXcSIvJ4UYwKuxwa5sXF1FjA/grP0yHVm+1+RcRpi4 + kDZTOW4yR7UAPuNK09NVtIFhAjkWQsMnnA4qXVNI02DT55ooArquQcniq9xD + qo1S1V7iMylX2ts4AxzkVJqcOrrYTtPcRvGF5ATBI+tAF6DRNKaGNmtwSVBP + J9KoabpOnzSXglhDCOZlXk8AY4q5DBrZhjK3UYG0Y+TtiqGnQ6s0l35NxGpE + zB8pnLcZIoAfdaTp8ep2MKQgJL5u4ZPO1cip9S0fTYbCeWKAK6ISDk8Gqt1D + qw1KyWS4jMh83YQnA+XnI75qbUYdYWxnM1zG0YQ7gEwSKALVroulvbQu9uCz + IpJyepFUtP0rT5ri9SSEMI5dq8ngYqzbQa0baIx3MYUouAU6DHFU7CHVjcXg + huI1YSfOSmcnHUUAPvNK0+O/sYkhASUvuGTzhcirN/o2mRWNxLHAFZI2IOTw + QKp3kOrC/shJcRtIS+whOB8vOfWrN9BrIsrgy3MbII23AJgkY5oAlstG0ySz + gke3BZo1JOTySKqWOlafLeXsckIKxOoUZPAIqezg1k2kBjuY1Qou0FMkDHFV + bKHVjd3oiuI1cOu8lMgnHb0oAffaVp8V5ZRxwhVldgwyeQBVu90bTI7OeRLc + BljYg5PBAqjfQ6qLuyEtxGzl22EJgA47+tWryDWRaTmS5jZAjbgEwSMc0AO0 + /RtMlsbeWSAMzxqScnkkVWs9K0+TUL6F4QUiMe0ZPGVyalsIdZNlAYbmNUKL + tBTJAxxVezh1Y398I7iNZAU3kpwfl4x6UAP1DSdPinskjhCiSXa3J5GKu3Oi + 6WltK624DKjEHJ6gVn38OrCezE1xGzGX5CExg46mrtzBrQt5S9zGV2NkBO2K + AGabo+mzWEEssAZ3QEnJ5NQWulafJql9A8IKRCLaMnjcuTT9Oh1hrGAw3Max + lBtBTJAqG1h1U6leqlxGJQI95KcH5eMDtigB+paVp8MlmIoQoknVW5PIOeKv + z6JpSwyMtuAQpI5PpWbqMOqq9p59xGxMyhMJjDc4Jq/NBrYhctdREbTn5O2K + AK+laRps+nwTTQBnZck5PNR2+k6e+q3cDQgxxrGVGTwSOaXS4dXbT4GguI0j + K8ApkgfWo4IdWOqXSpcRiUKm5tnBGOMCgB+qaVp8H2TyoQvmXEaNyeVOcitJ + 9D0oIxFuuQD3NZWpw6sv2Xz7iNs3EYXCYw3OCfatF4Nc2Nm6ixg/wUAU9I0n + TrjToJpoAzsDk5PPJpsOk6e2rXFuYQY0jQgZPBPWk0mHVm06Fre4jSMg4BTJ + HJ702KHVjqs6rcRiURrubZwR24oAfq2lafBHAYYQpeZFPJ5B6itQ6HpOP+Pd + fzNZGqQ6qscH2i4jcGZAuExhuxrT8jXP+fqL/vigDP0XStPudMhnnhDu27Jy + ezEUJpOnnWJLcwjyxCrBcnqTjNM0eHVm02Fra4jSM7sApkj5jnn60JDq39ry + KLiPzvJBLbONuemKAH6tpOn29vG8MIUmVFJyehPNan9h6T/z7r+ZrI1WHVlt + 0NxcRuvmJgBMc54Naf2fXf8An6i/74oAz9G0rT7mwSWeEO5ZhnJ7MRQNJ0/+ + 2jbeSPK8gPtyfvbsZ/KmaPDqrWCG2uI0jy2AUyfvHNAh1b+2Cv2iPzvIB3bO + Nu7pj1zQA/WNK0+3s/MhhCtvQZyehPNan9h6T/z7r+ZrI1eHVVs83NxG6b04 + CYOc8Vp/Z9d/5+ov++KAM/SNJ0+4tDJNCGbe4zk9AeKDpWn/ANsrbeSPLMBb + bk/e3YzTNJh1ZrQm3uI0Te/BTJznmgw6t/bCqbiPzvIJ3bONu7pj1zQA/WdK + 0+20+SaCEI4K4IJ7sBWp/Yek/wDPuv5msjWIdWWwkNzcRvHlcgJg/eGOa0/s + +u/8/UX/AHxQBn6TpOn3EEjzQhiJXUcnoDxRJpWnjWIrcQjy2iZiMnqD1pml + Q6s0Eht7iNF818gpnnPJokh1X+14lNxH5xibDbONuemKAH6zpOnW2mzTQQhH + Xbg5PdgK0xoek4H+jr+ZrJ1iHVl02Zrm4jeMbcgJgn5h3rSEGuYH+lRf98UA + UNK0rT547gzQhik7qOTwB0FE2k6eurW9usIEbxuSMnkjpTNLh1VkuPs9xGgE + zhspnLdzRNDqw1W3VriMylH2ts4A78UATavpOnW+nTzQwBXUDByeORV6PQ9K + Mak265IHc1narDq66fM1xcRvGAMgJgnkd6uxwa5sXF1FjA/goApaXpWnzm88 + 2EN5dw6LyeFGMCi40rT01W0gWECORZCwyecDimaZDqrG78i4jXE7hspnLcZI + 9qLiHVRqlor3EZlKybW2cAY5yKALGqaRpsGnzzRQBXVcg5PFWoNE0toI2a3B + JUE8n0qjqcOrrYTtPcRvGF5ATBI+tWoINbMMZS6jC7RgbO2KAKmm6Tp80t4s + sIYRzMq8ngADii70rT49TsYEhASXzdwyedqgimadDqzSXnk3EakTMHymctgc + ii6h1YalYrJcRmQ+bsITgfKM5HfIoAtajo+mw2FxLFAFdEJByeDU1roulvbQ + u9uCzIpJyepFVtRh1hbGczXMbRhDuATBIqW2g1o20RS5jClFwCnQYoArafpW + nzXN6kkIZY5NqjJ4GKL3StPjv7GJIQElZwwyecLkUywh1U3F4IbiNWEnzkpn + Jx1FF5DqovrIS3EbSEvsITAHy859aALl/o2mRWNxLHAFZI2IOTwQKdZaNpkt + nBJJbgs8aknJ5JAzUV9BrIsrgy3MbII23AJgkY5pbODWTZwGK5jVDGu0FMkD + HFAEFjpOny3t9HJCCsTqFGTwCKL7SdPiu7KOOEKsrkMMnkYpllDqxvL0RXEa + uHXeSmQTjjHpRfQ6sLuyEtxGzlzsITABx3oAvXmjaZHaTyJbgMqMQcnggUzT + 9H0yaxt5ZIAzuiknJ5JFF3BrQtJjJcxsgRsgJyRjmmWEOstYwGG5jVCi7QUy + QMcUARWelafJqN9C8IKRGPaMnjK5NGo6Vp8M9kscIUSS7W5PIxTLSHVTqF8s + dxGJAY95KcH5eMDtRqEOqrPZia4jZjL8hCYwcdTQBo3Oi6WlvK624BVGIOT1 + Aqvpuj6bNYQSywBndAScnk1JcQa0LeUvcxldrZGztioNOh1hrCAw3EaxlBtB + TJAoAZa6Tp76newPCCkQi2jJ43DJo1LStPhezEUIUSTqrcnlTnimW0OrHUr1 + UuIxKBHvJTg8cYFGow6sr2nnXEbEzKFwmMNzgmgDTm0TSlhdlt1BCkjk+lU9 + K0jTp9OgmmgDOy5JyeeasTQa2InLXURG05+Ttiqmlw6u2nwNBcRpGV4BTJAz + 60AJBpWnvqt1A0IMcaIVGTwT1rmviLqvhrwB4VufFuqxiKy04iSXafmdRnCL + k/ec4Vfciuigh1U6pdKlxGJQqbm2cEdsCvgT9uvxxqdtbaF8NjdK4uc6lcqi + 7TtUtFAD7E+YSPVQa9LKMB9ZxEaPR7+nU8rOsxWEw06/Vber2PhL4geONY+I + viu+8V60dst258uJSSkEQPyRJn+FR+ZyTyTXGUUV+306cYRUIqyR+AVaspyc + 5u7YUUUVZmFFFFABRRRQAUUUUAFFFFABRRRQAUUV6R4f+D3xT8U263mgeFNS + vLZ+VmW2dYm+jsAp/A1nUrQgrzaS8zWlRnUdoRbfkeb0V6prPwP+L+gW7Xeq + +D9TigQZaRbZ5EUerGMMAPc15YysjFWBBBwQeoNKlXhNXhJP0HWw9Sm7VIte + qsJRRRWpiey/Cb42+LPhPqcb2Lf2jo7NmfTp2PkuD1KHrG/+0vf7wYcV+v8A + 8JvFvgv4qeFv+Ep0ACWF5WR4nOJbdgAfLkUHgjP0I5BINfg3XuXwC+MOqfCD + xvDqMc7Lo+oFINRixuUxE8SBe7xZ3DuRlf4jXyvEXD0MRB1aStNfj5evY+x4 + Y4mnhZqjVd6b/DzXl3R+1k2laeurW1usIEbo5IyeSOlP1bSNOt9OnmhgCuo4 + OTxzVMG/ub6zngu4pvOiLxSIuUKMMgj1BHQ1Z1WHV10+Zri4jeMDkBME8+tf + kp+zmjHomlGNCbdckDuaztM0nT5zd+bCG8u4dF5PCjGBV2ODXPLXbdRYwMfJ + WfpsOrMbvyLiNcTuGymctxkj2oAfcaTp6apZwLCBHIshYZPOBxUuqaRpsGnz + zRQBXRcg5PFV7iHVhqdor3EZlKybW2cAY5yKl1OHV1sJzPcRtGFOQEwSKALt + vomlvBG7W4JZQTye4qhpulafNLeLLCGEcxVeTwMdKtwQa2YIylzGF2jA2dsV + R06HVWlvPJuI1ImIfKZy2OooAfd6Tp8epWEKQgJL5u4ZPO1cip9R0fTYbC4l + jgCuiMQcnggVVuodWGo2KyXEZkPm7CE4Hy85HfIqfUIdYWxnM1zGyBG3AJgk + YoAs2ui6XJawu9uCzIpJyepFUrDSdPlub1JIQyxyYUZPAxVm1g1o20JjuYwp + RcAp0GOKp2EOrG5vBFcRqwk+clM5OOooAfe6Vp8V/YxJCAkrOGGTzhcirN/o + 2mRWNxLHAFZI2IOTwQOKp3kOqi+shLcRs5Z9hCYAOOc+tWb6DWRZXBluY2QR + tuATBIwc0ASWOjaZLZW8skALPGhJyeSQM1VsdK0+W9vopIQVidQoyeARU9lB + rJs4DFcxqhjXaCmSBjiqtlDqpvL0RXEauGXeSmQTjjHpQA+/0nT4rqyjjhCr + LIQwyeRirl3oulx2k0iW4DKjEHJ6gVQvodWF1ZCW4jZi52EJgA471bu4NaFr + MZLmMoEbICckY5oANP0fTJrG3lkgDO6KScnkkVXtNJ0+TUb6F4QUiMe0ZPGV + yalsIdZaxgMNzGqFF2gpkgY4qvaQ6sdQvljuIxIDHvJTg/LxgduKAH6jpWnw + z2SxwhRJKFbk8jHSr1zoulpbyutuAVRiDk9QKztQh1VZrMTXEbMZRsITGGx1 + NXbiDWhbyl7mMrtbICdsUAR6Zo+mzafBLLAGd0BJyeTUNtpWnvql7A0IKRiP + aMnjcOafpsOsNYQGC4jWMqNoKZIFQ20OrHU7xUuIxKBHvJTg8cYFAD9T0rT4 + WsxFCF8ydFbk8qc5FaEuiaUsTsLdQQpPU+lZmpQ6srWnnXEbEzqFwmMNzgn2 + q/LBrflPuuoiMHPye1AFfStI06fToJpoAzsuScnnmo4NK099WurdoQY0RCoy + eCetLpcOrtp8DQXEaRleAUyQM+tRwQ6qdVuVW4jEoRNzbOCO2BQA/VdK0+AW + vlQhfMuI0bk8qc5FaT6HpQRiLdeh7msrVIdWUWvn3Eb5nQLhMYbnBPtWi8Gu + bTm6ixj+5QBT0fSdOuNNgmmgDOwOTk88mmxaTp7avPbmEeWsSsBk8Emm6RDq + zadC1vcRpGQcApkjk96SKHVv7WmVbiMSiNcts4IzwMUAP1XSdPgihaGEKWmR + TyehPIrU/sPSf+fdfzNZGqQ6ssUP2i4jcGZAMJjDZ4Naf2fXf+fqL/vigDP0 + XStPudNimnhDu27JJPZiKE0rTzrL2xhHliEMFyeu7GaZo0Oqvp0TW1xGkfzY + DJk/eOefrQsOq/2w6i4j87yQS2zjbu6YoAfq+lafb2yPDCFYyIM5PQnmtT+w + 9J/591/M1katDqq2ym4uI3XzEwAmOc8Vp/Z9d/5+ov8AvigDP0fSdPuLFZZo + Q7lnGcnsxAo/snT/AO2vs3kjyvs+/bk/e34z+VM0iHVmslNtcRom5uCmTnJz + R5Orf2zt+0R+d9nzu2cbd/THrmgB+saTp9vZGWGEI25BnJ6EgGtT+w9J/wCf + dfzNZGrw6stkTcXEbpuXgJg5yMVp/Z9d/wCfqL/vigDP0jSdPuLVpJoQzeY4 + zk9AeKG0rTxrKWwhHlmAttyeu7GaZpMOrNasbe4jRd78FMnOeaGh1X+2EU3E + fneSSG2cbd3TH1oAfrWlafbadLNBCEdSuCCe7AVqf2HpP/Puv5msjWYdWXTp + WubiN48rkBMH7wxz9a0/s+u/8/UX/fFAGfpOk6fPDM00IYrK6jk9AeBRJpOn + jV4bcQjy2iZiMnqDTNKh1ZoZTb3EaASuDlM5bPJokh1b+1oVa4jMpibDbOAM + 8jFAEmsaTp1vps00MAR1Awcn1FaS6HpJUH7Ov5msrV4dWXTpmubiN4wBkBME + 8jvWiINcwMXUX/fFAFDS9K0+dbkywhtk8ijk8KOgon0rT11a2t1hAjdHJGTy + R0pmmQ6sy3PkXEaATuGymct3P0omh1UarbK1xGZSj7W2cAd8igCbVtI06306 + eaGAK6rkHJ45q7FomlNEjG3XJA7ms/VYdXXT52uLiN4wOQEwTz61dig1vy02 + 3UQGBj5KAKWmaTp87XglhDeXO6LyeFGMCi50rT01SzgWEBJBJuGTzgcUzTYd + WZrvyLiNcTuGymctxkj2ouIdWGp2avcRmUiTYQnA45yKALGp6RpsGnzyxQBX + RSQcng1at9E0t4I3a3BLKCeT3FUtSh1hbCcz3EbRhTuATBIqzBBrZgjKXUYX + aMDZ2xQBU07StPmmvFlhDCOYqvJ4GOlF3pWnx6lYQpCAkvm7hk87VyKZp8Oq + tLeCG4jUiUh8pnLY6ii7h1UajYrJcRmQ+ZsITgfLzkd+KALWo6PpsNhcSxwB + XRGIOTwQKltNF0uS1hke3BZkUk5PUiq+oQ6wtjOZrmNkCNuATBIxUtrBrRtY + THcxhSi4BToMcUAVrDSdPlur1JIQyxyAKMngYovdJ0+O+sYkhASVnDDJ5wuR + TLGHVjc3giuI1YSDeSmcnHai8h1YXtkJbiNnLPsITABxzn1oAu32jaZFZXEs + cADJG5ByeCAcUWOjaZLZW8kkALPGhJyeSQM1HfQayLK4MtzGyCN9wCYJGDml + soNZNnAYrmNUMa7QUyQMcUAQWWlafLfX0UkIKxMgUZPGRzRf6Vp8V1ZRxwhV + lkIYZPIxTLKHVTe3oiuI1cMu8lMgnHGPSi+h1UXVkJbiNmMh2EJjBx3oAv3e + i6XHazSJbgMqMQcnqBUenaPpk1jbyyQBndFJOTySKW6g1oWsxkuYyoRsgJ1G + Oai0+HWGsYDDcxqhRdoKZIGKAI7TSdPk1K+heEFIvL2jJ43Lk0ajpOnwzWax + whRJKFbk8jHSmWkOrHUb5Y7iMSDy95KcH5eMDtgUahDqwmsxNcRsTKAmExhs + dTQBo3Gi6WlvK624BVWIOT1AqtpmkabPp8EssAZ3UEnJ5NS3EGtiCQvcxldp + yNnbFV9Nh1hrCAwXEaxlRtBTJAoAbbaVp76pewNCDHGI9oyeMjmjU9K0+BrM + RQhfMnRG5PKnORTLaHVTqd4qXEYlAj3sU4PHGBRqUOqq1p59xGxM6BcJjDc4 + J9qANOXRNKWJ2FuuQD3NUtJ0jTrjToJpoAzsuScnnmrUsGt+W+66iIwc/JVL + S4dXbT4Gt7iNIyvAKZI59aACDStPbVbmBoQY0RCoyeCetGq6Vp8C2xihC754 + 0PJ5U5yKZDDqx1S5VbiMShE3Ns4I7YFGqQ6qq23n3EbgzoFwmMNzgn2oA1W0 + PSgpIt16eprO0fSdOudNhmngDuwOTk+pFXmg1zac3UXT+5WdpEOrNp0LW1xG + kZBwCmSOT3oAdFpWntq81uYR5axKwGT1Jo1bSdPghhaGEKWlRTyehPIpkcOr + f2tMq3EYlEa5bZwRngYo1WHVlhiNxcRuDKgGExhs8GgDX/sPSf8An3X8zWXo + 2k6fc6bFNPCHdt2SSezEVofZ9d/5+ov++KzNHh1ZtOia2uI0j+bAKZI+Y55+ + tAD10nTzrL2xhHliENtyeu7GaNX0nT7e1V4YQrGRBnJ6E80xYdW/th1FxH53 + kgltnG3d0xRq0OrLbKbi4jdfMTgJjnPFAGv/AGHpP/Puv5msvRtK0+5sRLPC + Hbc4zk9icVofZ9d/5+ov++K5C21+DTovs02pw2zAsdjoSeSecj1oA3/7J0/+ + 2vs3kjyvs+/bk/e34z+VGsaTp9vYtLDCEcMgzk92ANULC6udT1EXFhexTEwH + EgQ7dofBGD3zVzV4dWWyY3NxG6bl4CYOcjFAGv8A2HpP/Puv5msvSNJ0+4tW + eaEMwkcZyegPFaH2fXf+fqL/AL4rM0mHVmtmNvcRovmPwUzznmgB76Vp41lL + YQjyzCWK5PXdjNGs6Tp9tpss0EIR124IJ7sBTGh1X+2EU3EfneSSG2cbd3TF + GsQ6sunStc3Ebx/LkBMH7wxz9aANf+w9J/591/M1l6TpWn3EMzTQhiszqOT0 + B4FaH2fXf+fqL/viszSodVaGb7PcRoBK4OUzls8mgB8ulaeurw24hHltEzEZ + PUGnaxpOnW+mzzQwBXUDByeORUUkOrf2tCrXEZlMbYbZwBnkYpdXh1ZdOma4 + uI3jAGQEwTyO9AGouh6UVBNuvT1NZul6Tp863RlhDbJ5EXk8KMYFX1g1zaMX + UXT+5WbpkOrMtz5FxGmJ3DZTOW7ke1AD59K09dVtoFhAjdHLDJ5I6U/VtI06 + 306eaGAK6rkHJ45qGaHVhqlsrXEZlKPtbZwB34p+qQ6uunztcXEbxheQEwTz + 60AaEWiaU0SMbdSSoPU+lZ+maVp87XglhDeXO6LyeFGMCrkUGt+Um26iAwMf + JVDTYdVZrvyLiNSJ3DZTOW4yR7UAPudK09NUsoFhAjkEm4ZPOBxU2p6PpsOn + zyxQBXRCQcng1WuYdWGp2avcRmUiTYwTgcc5FTalDrC2E5nuI2jCncAmCRQB + bt9F0t7eJ2twSyqScnqRVHTtJ0+aa8WSEMI5Sq8ngY6Vat4NbMEZS5jC7Rgb + O2KpafDqxmvBDcRqRKQ+UzlsdRQA+80rT49RsIUhASUybhk87VyKsajo+mQ2 + NxLHAFdEYg5PBAqpdw6sNRsVkuIzITJsITgfLzkd+Kn1CHWFsZzNcxsgRtwC + YJGKALFpoulyWkMj24LMiknJ6kVTsNK0+W6vY5IQyxSAKMngYqxaQa0bWEx3 + MYQouAU5AxxVSxh1U3V6IriNWEg3kpnJx2oAfe6Tp8V7YxRwgLKzBhk8gDNW + r7RtMisriWOABkjcg5PBAOKpXsOrC9shLcRs5ZthCYAOOc+tWr2DWRZzmW5j + ZBG24BMEjHNAD7HRtMlsreWSAFnjQk5PJIBNVbLSdPkvr6J4QUiZAoyeMrk1 + NYwaybK3MVzGqGNNoKZIGBiq1nDqxvb0RXEauGTeSmQTjjHpQA+/0rT4rmyS + OEKsshDDJ5GKuXei6XHazSJbgMqMQcnqBVC/h1UXNmJbiNmMh2EJjBx3q5dQ + a0LWYyXMZUI2QE5IxzQA3TtH02awt5ZIAzuiknJ5JFQWmlafJqV/C8IKReVt + GTxuXJqTT4dYaxgMNzGqFF2gpkgYqC0h1U6jfLHcRiQeXvJTg/LxgduKAH6j + pWnwy2axQhRJMFbk8jB4q/caJpaQSOtuAVUkcnsKzdQh1ZZbPzriNiZgEwmM + Ng8mr08GtiCQvcxldpyNnbFAEOmaRps+nwSywBndQScnk1FbaVp76peQNCDH + GsZUZPGRzTtNh1hrCAwXEaxlRtBTJAqK3h1U6ndqlxGJQI97FODxxgUAP1PS + tPgNn5UIXzLhEbk8qc5FaEuiaUsTsLdcgHuazNSh1ZTaefcRtmdAuExhucE+ + 1aEsGt+W+66iIwc/JQBV0nSNOuNOgmmgDOw5OTzzTIdJ09tWuYGhBjREIGTw + T1o0qHV20+Fre4jSMjgFMkc+tMhh1Y6rcKtxGJQibm2cEduKAH6ppWnwLbGK + ELvnjU8nlT1FabaHpIUn7Ov5msnU4dWVbbz7iNwZ0C4TGG7H6VpGDXMHN1F/ + 3xQBR0fSdOuNNhmmgDuwOTk+ppI9K086xNbmEeWsSsBk9SabpEOrNp0LW1xG + kZBwCmSOT3pI4dV/teVRcR+cIly2zgjPTFAD9W0rT7eCJoYQpaVFPJ6E8itT + +w9J/wCfdfzNZGqw6qsMRuLiN181MAJj5s8GtP7Prv8Az9Rf98UAZ+jaTp9z + p0c08Id2LZJJ7MRQulaedZe28keWIA23J+9uxmmaPDqzafG1tcRpHlsApk/e + OefrQsOrf2wyi4j87yQS2zjbu6Y+tAD9X0nT7e1WSGEK3mIM5PQnmtT+w9J/ + 591/M1katDqy2qm4uI3XenATBznitP7Prv8Az9Rf98UAZ+j6Vp9xZCWaEO29 + xnJ6A8Uf2Vp/9tC28keV9n37cn72/GfypmkQ6q1mDbXEaJufgpk5zzR5Oq/2 + yE+0R+d5Gd2zjbu6Y9c0AP1nStPtrBpYIQjhlGcnuwFan9h6T/z7r+ZrI1iH + VVsWNzcRum5eAmDnIxWn9n13/n6i/wC+KAM/SNJ0+4tneaEMwkcZyegPFTRW + Vraa7GltGEHkM3GeucVW0mHVmtnNvcRovmPkFM855NWIEvU12MXcqyN5Lcqu + OM9PzoA6WiiigAooooAKKKKACiiigD//1f3Pl1SNtVgn8iYBI3G0p8xz6Cna + tqsdxp00It50LAcsmAOR1NaM5H9uWvP/ACyen66R/ZNxz2H8xQBDHrUYRR9l + uOAP+WdZ+maokH2vMEzeZcSP8qZxnHB9D7V1MRHlpz2FZGjEf6dz/wAvUv8A + SgDNuNUR9UtZ/ImAjVxtKfMcjsO9Sanq0c9hPELedCy4y0eAPqavXRH9tWPP + 8Ev8qn1kj+y7nn+CgCrDrMawxr9muDhQOI+OlUNO1RIZLsm3mbzJmb5UzjOO + D6GumtyPs8XP8K/yrM0kjzb/AJ/5eG/kKAMy61SN9SsphBMBF5vBTDHcuOB3 + x3qbUdXjmsZ4hbzqWQjLR4A+pq7ekf2xp3Pab/0EVY1Yj+zLnn/lm1AFC21m + NLaJDbXB2ooyI8jgdqp2GqJFcXjmCZvMk3YVMkcdD6GujsyPscHP/LNf5Vna + WR9q1Dn/AJbf0oAzbzVEkv7KUQTARF+CmCcrjgd6s32rxy2VxELadd8bDLR4 + AyO5q1fkf2npvP8AFJ/6DVvUyP7Ouuf+WT/yNAGXZ6xHHaQRm2nbaijIjyDg + dqq2WqJFd3shgmbzHU4CZIwO/pXQ6eR9gtuf+WSf+giqOmkfb9R5/wCWi/8A + oNAGZfaokt3ZSCCZfLcnBTBOR29atXmsRyWk8YtpxuRhkx4AyO9WNSI+36dz + /wAtG/8AQav6gR9guef+WT/+gmgDGsNXjisoIjbTsURRlY8g4HY1Xs9USO/v + pTBMRKU4CZIwuOR2re0sj+zbXn/lkn8qp2BH9qalz/FF/wCg0AZt/qiSz2bC + 3mXy5d2GTBPHQepq7c6zG9vKn2a4G5GGTHgcjvU2qEfadP5/5bf0rRvCPsk/ + P8DfyoAwdO1eOGxgiNvOxVAMrHkH6GobXVETUr2cwTESiPgJlhtXHI7e1bek + Ef2Zbc/8s1qtZEf2xqPPaH/0E0AZuo6okz2hEEy+XMrfMmM47D1NX5tZjaF1 + +zXAypHMfHSn6uR5thz/AMvCf1rUuCPs8vP8LfyoA53S9Wjg0+CI287lVxlY + 8g/Q1HBqkaapdT+RMQ6oNoT5hgdxWxopH9lW3P8AD/WorUj+2r3n+CL+RoAz + NT1RJ/suLeZfLuI3+ZMZxngep9q0X1qMow+y3HIP/LOnayR/oPP/AC9Rf1rW + kI8tuexoA5jSdVjt9OhhNvO5UHlUyDyehpsWqIuqzz+RMQ8aDaE+YY9R6Vra + ER/ZNvz2P8zTICP7cuuf+WSUAZmqaok8cAEEybZkb5kxnHYe9aZ1uL/n1uP+ + /dJrZHlW3P8Ay8R/zraJGOtAHJ6PqiW2mwwmCZyu7lEypyxPBoTVEGryXHkT + YMIXbs+br1x6Vp+HyP7Ht+f73/oRojI/t6Xn/lgv/oVAGZquqJPboggmTEiN + lkwOD0+taf8AbcX/AD63H/fujXCPssfP/LaP+dbOR60Acno+qJb2CRGCZyCx + yiZHLE9aBqkf9sG48ibHkBduz5vvZzj0rS0AgaZHz/E//oRpQR/wkDc/8uw/ + 9DoAzNX1RLiz8sQTId6HLJgcH1rT/tuL/n1uP+/dJrxBsOv/AC0T/wBCrayP + WgDk9J1RLe0MZt5n+dzlUyOTQdUj/thbjyJsCArt2fN97OcelaehEfYTz/y0 + k/8AQqGI/wCEgXn/AJdj/wCh0AZmsapHcWEkQgmQkry6YHDA9a0/7bi/59bj + /v3Rr5H9ly890/8AQhWzketAHJ6VqiQQSKbeZ8yu2VTI5PT60Saoh1eK48ib + CxMu3Z83J6gelaehkfZpef8AltJ/OklI/t6E5/5YN/OgDN1jVEuNNmhFvMhb + by6YUYYHk1pDW4sD/Rbj/v3S+ICP7IuOf7v/AKEK2ARgc0AcppeqJAlwDBM+ + +Z2+VM4z2PvRNqiNqtvP5EwCI42lPmOfQVpaIR5V1z/y8Sf0pZyP7ctef+WU + lAGfquqxz6fNCLedCwHLR4A5HU1dj1qMIo+y3HAH/LOptcI/sm45/hH8xWnE + R5Sc9hQBy2maokBu828zeZO7/KmcZxwfQ+1FxqiPqlpP5EwEayDaU+Y5HYd6 + 0tGIzfc/8vUn9KbeSRrrVjucD5Jep9qAKep6tHPYTxC3nUsuMtHgD6mrUGsx + rDGv2a4OFAyI+OlWdXkR9KuSjBvl7HNX7Yj7PFz/AAL/ACoA5nTtUjhkvGME + zeZMzfKmcZA4PoaLrVEk1KxmFvMBF5vBTDHcuOB3x3rT0kjzr/n/AJeG/kKL + 0j+2NN5/57f+gigCnqOrxzWM8Qt51LIRlo8AfU1LbazGltEn2a4O1FGRHkHA + 7VoasR/Zlzz/AMs2/lU9mR9jg5/5Zr/KgDnLDVEiuLxzBM3mSZwqZI46H0NF + 5qiSX9lKIJlERc4KYJyuOB3rS0sj7XqHP/Lb+lGoEf2npvP8Un/oNAFa+1eO + WyuIhbTqXjYZaPAGR3NLZ6xHHZwRm2nbbGoyI8g4HY1qamR/Z11z/wAsn/ka + dp5H2C25/wCWSf8AoIoA5+y1SOO8vZDBM3mOpwEyRgdx2ovtUSW7spBbzL5b + k4KYJ47etaenEf2hqPP8af8AoNGpEfbtO5/5aN/6DQBXu9YjktJoxbTjcjDJ + jwBkd6ZYavHFYwRG3nYoijKx5BwOxrZvyPsNzz/yzf8Akaj0sj+zbXn/AJZr + /KgDCtNUSPUL6Y28xEpj4CZIwuOR29qNQ1RJZ7NhBMvly7vmTBPHQeprSsCP + 7V1LnvF/6DRqpH2nT+f+Ww/lQBFcazG9vKn2a4G5WGTHxyKg07Vo4bCCI287 + FUAyseQfoa3rsj7LNz/A38qraQR/Zltz/AKAMS21SNNSvZjBMRII+AmWGB3H + b2o1HVEme0IgmXy5lb5kxnGeB6mtOzI/tjUee0P/AKCaNXI8yw5/5eU/kaAI + 5tajaJ1+zXAypHMftVTS9Wjg0+CE287lVxlY8g/Q10dwR5EnP8J/lVDRSP7K + tuf4f60AY8GqIuqXU/kTEOqDaE+YY9RX48ftb68+vfHbXidwisEtbaNXGCqp + AjMMdvnZjX7M2xH9t3vP8Ef8q/E/9qO2ltfj34vjlGC1xFIP92SCN1/Qivsu + CIp4qT/u/qj4Xj+TWDgl/MvyZ4FRRRX6kfkIUUUUAFFFFABRRRQAUUUUAFFF + FABXc/Dr4eeJvih4ptfCXhWAS3dxlnd8iKGJfvSyMAdqr9CSSAASQK4av2k/ + ZO+Fdp8OfhfaazdxqNY8SRpfXMhGGSF13QxZ6gKh3Ef3mb0FeJn2bfU6HOtZ + PRf15Hv8OZL9dxHI9IrV/wBeZq/CT9mn4bfCSyh1Ga2j1bXIV3S6jdqDsYck + woxKxKOxHzY6sa7fV/jX8PdIlaD7e17IuQRbIZF/774U/gTXzX8VviffeMNS + m0vTZmi0S3cqiqceeVP+sf1B/hHQDB6143Xh4LhOeIXt8fNuT6dv67LY9fMu + OoYVvDZZTSiur6+n+bvc+79N+Onw91CUQyXctkW6GeIhc+5XcB+JxVD4kfA7 + 4XfGjTDd6nZxfbZkPkapZlVnHoS68SqP7r5Hpg818P16J8PPiJq3gTU0eJ2m + 02Vh9ots8MOhZc9HHY9+h4q8Zwf7Je1wM2pLp3+f+ZGX8f8Atn7HMaacH1S2 + 82tfw1Ph34w/B3xR8GfE39g+IAJ7acGSzvIwRFcRA4yM/ddeN6E5U46ggnyW + v3e+M3w60j42fC+60m2KS3EsQu9MuMfcnVd0ZB7K4+RvZj3Ar8JJI3idopVK + OhIYEYII6givU4ezd4uk/aaTjo/8zg4myRYOsnTd4S1X+X9dBlFFFfQHzZ+w + X7KHj+TxR8LtFjvRJPc+HjNprlRuYpGFaHA9FidV/CvpzVdVjn0+aEW86Fh1 + aPAHPc1+f/7Al5I7eKLBj+7hktpR9ZUlU/8AoAr9FNcI/sq55/hH8xX4pxBQ + VPG1Irvf79f1P3zhrEurgaU5b2t92n6EEetRiNR9luDgD/lnWfpuqJCbvNvM + 3mTu/wAqZxnHB9D7V1ERHlJz/CP5VlaORm+5/wCXqT+leMe4ZlxqiPqdpOLe + YCNZBgp8xyOw7+9S6nq0c9hPELedSykZaPAH1NXrsj+2bDn+GX+QqbWSP7Lu + ef4DQBUg1mNII1+zXBwoGRHx0qjp2qJDLeMYJm8yYt8qZxx0Poa6W1I+zRc/ + wL/KszSSPOv+f+Xhv5CgDNutUSTUbGYW8wEXm8FMMdy44HfHep9Q1eOaxniF + vOpdGGWjwBx3NXL4j+19N5/57f8AoFWdVI/s265/5Zt/KgDPtdYjjtoUNtcH + aijIjyDgdqp2GqJFc3jmCZvMkzhUyRx39DXR2RH2ODn/AJZr/IVn6YR9r1Dn + /lqP5UAZl5qiSX1lKIJlETOcFME5HYd6s32sRy2VxGLadd8bDJjwBkdzVnUC + P7S03n+KT/0GrupEf2ddc/8ALJ//AEE0AZVlrEcVnBGbadtkajIjyDgdj6VV + stUSK8vZDBMwlZTgJkjA7jtXQacR/Z9rz/yyT/0EVR04j+0NR5/jT/0GgDNv + tUSW6s5BBMvluThkwTx29at3esRyWs0YtrgbkYZMeAMjvVjUiPtunc/8tT/6 + DV++I+w3HP8Ayzf+RoAxbDV44rGCI207FEUZWPIOB2NV7TVI49QvpjBMRKY+ + AmSMLjkdvat3SyP7Ntef+Wa/yqrYkf2rqXPeL/0GgDM1DVEmms2EEy+XKGwy + YJ46D1NXbjWY3t5U+zXA3KwyY+ORUuqkfaNP5/5bj+VaV2R9lm5/gb+VAGDp + urRw2EERt52KqBlY8g/Q1DbaoianeTm3mIkEfATLDA7jt7VtaOR/Zltz/AKg + syP7Z1DntF/6CaAMzUtUjma0IgmXy51b5kxnGeB6mr8utRtE6/ZrgZBHMftU + mrkb7Dn/AJeU/rWpOR5MnP8ACf5UAc5perRwafBEbedyq4yseQeexqODVEXV + bmfyJiHRBtCfMMeorY0Qj+yrbn+H+tQ2xH9t3nP/ACzjoAzdT1RJxbAQTLsn + RvmTGcZ4Hv7VovrUZUj7LcdD/wAs6XWiNtlz/wAvUX9a2HI2Nz2NAHLaRqsd + vp0MJt5nKg8qmVPJ6Gki1RBq01x5ExDRqu3Z8wwepHpWroJH9k2/PY/+hGmw + kf27cc/8sU/nQBmapqkc8UKiCZNsyN8yYzg9B71p/wBtxf8APrcf9+6NbI8i + 35/5bx/zrZyPWgDk9G1RLbTooTbzOV3comVOWJ4NC6og1h7jyJsGELt2fN97 + OcelaXh4gaRBz/f/APQjQhH9vyHP/LuP/QqAM3VtUS4tlQQTJiRDlkwOD/Ot + P+24v+fW4/790mukfY05/wCWsf8AOtrI9aAOT0jVI7eyWIwTPhmOUTI5J70f + 2on9s/afImx9n2bdnzffznHp71p6CR/Zq8/xv/6EaMj/AISHr/y6/wDs9AGZ + q+qR3FkYxBMnzKcumBwR3rT/ALbi/wCfW4/790a8R/Zx5/jT/wBCFbOR60Ac + npOqJb2rRmCZ/nc5VMjk0NqiHWEuPImwISu3Z833s5x6Vp6ER9ibn/lrJ/6F + SOR/wkEZz/y7n/0KgDN1jVEudOlhEEyFivLpgcMD1rT/ALbi/wCfW4/790ni + Ag6TNz3T/wBCFbWR60AcnpWqRwQyqYJn3Su3ypkDJ6H3ok1RDq0Nx9nmwsTL + t2fNyeoHpWnohH2efn/lvJ/OiUj+3YOf+WL/AM6AM3V9VjuNOmhFvMhYDl0w + o5HU1orrcWB/otx/37p2vkf2Rcc9l/8AQhWupG0c9qAOU0zVEgW5Bt5m3zu3 + ypnGex96JtURtVtp/ImARHG0p8xz6CtPRSNl3z/y8y/0pLgj+3LTn/lnJQBQ + 1XVo59PnhFvOhYYy0eAOe5q7FrUaxov2a4OABxHU+tkf2Vc8/wAP9RWjCR5K + c/wj+VAHL6bqkcLXZMEzeZO7fKmcZxwfQ0XGqI+p2c4t5gIxJwU+Y5HYd/et + PRyN19z/AMvMn9KLsj+2bDn+GX+QoAo6lq0c1hPELedSykZaPAH1NWYNZjWC + Nfs1wcKBkR8dKuawR/Zdzz/Aat2pH2aLn+Bf5UAc1p+qJDLeMYJm8yUt8qZx + x0PoaLvVEk1GxmEEwEXmcFMMdy44HfHetLSSPP1Dn/luf5UXxH9r6bz/AM9v + /QaAKmoavHNYzxC3nUsjDLR4A47mpbXWI47WFDbXB2ooyI8g4HatDVSP7Nuu + f+WbfyqaxI+xW/P/ACzT+QoA52x1SOK5vHMEzeZIDhUyRx39KLzVEkvbKUQT + KImc4KYJyvYd609MI+2ahz/y1H8qNQI/tLTuf43/APQaAKt9rEctlcRi2nXf + G4yY8AZB6n0pbLWI4rOCM207bI1GRHkHA7GtXUiP7Ouuf+WT/wDoJpdOI/s+ + 15/5ZJ/6CKAOfstUSK9vZTBMwlZTgJkjA7jtRfaokt1ZOIJl8uQnDJgnjt61 + pacR/aOo8/xp/wCg0amR9t07n/lqf5UAQ3WsRyWsyC2uBuRhkx4AyO9Rafq8 + cVjBEbediiKMrHkHA7Gtu+I+xXHP/LN/5GotKI/s215/5Zr/ACoAwrTVEj1G + +mNvMRL5fATLDC45Hb2o1DVEmms2EEy+XKG+ZME8dB6mtOxI/tbUue8P/oNG + qkfaNP5/5bj+RoAhuNZjeCRPs1wNykZMfHIqvpurRw2EERt52KqBlY8g/Q10 + F0R9lm5/gb+VVNHI/su25/gFAGLbaoianeTm3mIkEfATLDA7jt7UalqiTNaE + W8y+XOjfMmM4zwPU1pWZH9s6hz/DF/6DRrBG+w5/5eU/rQA2XWo2jdfs1wMg + jmOqWlatHBp8EJt53KjGVjyDz2NdLMR5MnP8J/lWdohH9lW3P8P9TQBkQ6oi + 6pcz+RMQ6INoT5hj1FGqaok62wFvMuydG+ZMZxnge9adsR/bd5z/AMs46TWi + Nlnz/wAvMX9aABtajKkfZbjp/wA86ztI1VLfToYTbzOVB5RMqeT0NdS5Gxue + xrJ0Aj+yLfns3/oRoAy49UQatNceRMQ0art2fMMHqR6UapqiTwxKIJk2yo3z + JgHB6D3rShI/t245/wCWKfzpdbI+zwc/8t4/50AH9txf8+tx/wB+6zNH1RLf + TooTbzOV3comV5YnrXWZHrWN4fI/smHnu/8A6EaAMxdUQaw9x9nmwYQu3Z83 + 3s5x6Uatqkc9sqCCZMSIcsmBwa00I/t+Tn/l3H/oVGukfY05/wCWsf8AOgA/ + tuL/AJ9bj/v3Xzn4obdqznBHyjr+NfUuR618t+Kv+Qs/+6P5mgqJ6H4AvFtb + WN2jkkxHIuEXceZM5+ldrq+qJcWTRCCZCWU5dMDhh3rlfhuQIIv+uMn/AKNr + vdfI/s1uf40/9CFAmH9txf8APrcf9+6zNJ1SOC2ZDBM+ZHOVTI5NdZketY2h + EfY35/5ayfzoEZjaoh1hLj7PNgQlduz5vvZzj0o1jVI7jTpYRBMhbby6YUYY + Hk1pOR/b8Zz/AMu5/wDQqXxAR/ZM/PdP/QhQAf23F/z63H/fuszStUSCKZTB + M+6V2+VM4yeh966zI9axdDI8ifn/AJbyfzoAzZdUjbVoZ/ImAWNht2fMcnqB + 6Uur6rHcadNCLeZCwHLJhRyOprSmI/t235/5Yv8Azp2vEf2Tcc9h/wChCgBi + 61GFA+y3HT/nnWbpmqRwLcgwTPvndvlTOM9j711SEbF57CsjRiNt5z/y8y/0 + oAzJtURtUtp/ImARHG0p8xz6Cn6rq0c+nzwi3nQsMZaPAHPc1oXJH9t2fP8A + yzkqTWyP7Kuef4f6igCvFrUaxIv2a4OABxH7VQ03VEha7Jt5m8yd2+VM4zjg + +hrp4CPJj5/hH8qytHI33/P/AC8v/SgDNudUR9Ts5xBMBGJOCmGOR2Hf3qbU + tWjmsJ4hbzqWUjLR4A+pq5eEf2zp/P8ADL/6DVjWCP7Muef4DQBSt9ZjSCNP + s1wdqgZEfHAqlp+qRwzXjGCZvMlLfKmSOOh9DXS2pH2WHn+Bf5Vm6UR9o1Dn + /luf5CgDMu9USTUbGYQTARGTgpgnK44Hf3qfUNXjlsZ4hbzqXRhlo8AZHc1b + vyP7W03nvL/6DVvVSP7Nuuf+WbfyoAzbTWI47WGM21wdqKMiPIOB2qpY6okV + 1euYJm8yQHCpkjjv6V0ViR9ht+f+WafyFZ+mEfbdR5/5aj+VAGbe6pHJe2Ug + gmXymY4KYJyOw71avdYjls54xbTrvjYZMeAMjuas6iR/aOnc/wAb/wDoNXdR + I/s+65/5ZP8A+gmgDIsdYjisreM207bI0GRHkHAHQ+lVrPVI4729lMEzeayH + ATJGB3Hat/TSP7Otef8Alkn/AKCKp6eR/aWo8/xx/wDoNAGZf6oktzZuIJl8 + uQnDJgnjt6mrl1rEclrMgtrgbkYZMeAMjvU2pkfbNP5/5an+VaF8R9iuOf8A + lm/8jQBiafq8cNjBEbediiKMrHkHjsagtNUSPUb6Y28xEvl8BMsNq45HbPat + zSiP7Ntef+Wa/wAqq2JH9r6lz/zx/wDQaAM3UNUjmls2EEy+XMG+ZMZ4PA9T + V6fWY3gkX7NcDKkZMfHSpdWI8+w5/wCW6/yNaV0R9ml5/gb+VAHP6bq0cNhB + EbediqgZWPIP0NRW+qImp3c5gmIkEYwE+YYHcdvatrRyP7Ltuf4BVe0I/tq/ + 5/hi/lQBm6lqiTG0IgmXy50b5kxnGeB6n2rQl1qNo3X7NcDII5jp2sEbrDn/ + AJeY/wCta0xHkvz/AAn+VAHNaVqscGnwwm3ncqOqx5B57GmQ6oi6rcT/AGeY + h0QbQnzDHqK19DI/sq25/hP8zUduR/bd3z/yzjoAzNU1SOdbYCCZNk6N8yYz + jsPetI63GQR9luP+/dLrRGy05/5eYv61sMRtPPagDldI1WO306GE28zlQeUT + Knk9DSR6og1eW48ibDRKu3Z83B6kelamgEf2Rb89m/8AQjTYiP7enOf+WK/z + oAzdV1RLiGJRBMm2VGyyYHB6D3rT/tuL/n1uP+/dJrhH2eDn/lvH/OtrI9aA + OT0fVI7fT44TBM5BblEyOWJ60LqiDWGuPs82DCF27Pm+9nOPStPw+R/ZUPPd + /wD0I0KR/b78/wDLuP8A0KgDM1bVEuLVYxBMnzocsmBwa0/7bi/59bj/AL90 + a6R9iXn/AJax/wDoVbOR60AcnpGqJb2YjMEznc5yiZHJ9aP7UT+2Rc+RNjyN + m3Z833s5x6e9aWgEf2eOf43/APQjQSP+EhHP/Lr/AOz0AZusaolxYtEIJkJZ + Tl0wOCO9af8AbcX/AD63H/fuk18g6a/P8Sf+hCtrI9aAOT0rVEgtnQwTPmRz + lUyOT/OrEF4t3rkbrHJH+5ZcOu09c5+lW9DI+ySc/wDLWT+dDkHX4v8Ar3b/ + ANCoA2qKKKACiiigAooooAKKKKAP/9b90JdH01dWgtlhxG8bsRubkjp3p2ra + Npttp008EO10AwdzHuPU0yWPV/7VgDSxeb5b7TtO3HfNP1aPWBp0xuZYmjwM + hVIPUdKAL0egaQyKTb8kD+Jv8aztM0fTrj7X50O7y7iRF+ZhhRjA4NaMcWu7 + FxNBjA/has7TI9XP2vyJYlxcSb9yk5fjJHtQAXGj6cmqWtusOI5FcsNzckDj + vUuqaLplvp880MO10XIO5jj9aiuE1f8AtS1DyxGUq+0hTtAxzmpdTj1kWE5n + lhaPb8wVSDj2oAtQ6DpLwxs0GSVBPzN6fWqOnaPps8l4ssO4RTMi/M3CjHHW + r0MeueTHtmgxtGMq3TFUNOj1cyXnkSxAiZt+5Ty3Gce1AC3Wj6bHqVlAkOI5 + fN3Dc3O1cjvU2o6JpkFhPNFBtdEJB3NwfzqC6j1calZCSWIynzdhCnA+XnP9 + Kn1GPWRYzmeWEx7DuCqc49qAJrbQtKktopHgyzIpJ3N1I+tUtP0fTZri8SWH + cIpdq/M3Ax9au20euG2iMc0IXYuMqc4xxVKwj1c3F55MsQYSfPlTgnHagBbz + R9Niv7GFIcJMXDDc3OFyO9WL/Q9LhsriWODDpGxB3NwQOO9VryPVxf2QlliM + hL7CFOB8vOas38etCyuDNLCU8ttwCnOMc4oAdZ6HpUtpBLJBlnRSTubqRz3q + rZaPpst3exSQ5WJ1Cjc3AIz61as49bNpAYpoQmxdoKnOMcZqpZR6ubu9EUsQ + cOu8lTgnHagAvtH06G7soo4cLK7BhubkAfWrd5oelRWk8scGGRGIO5uoHHeq + l9Hq4u7ISyxFy7bCFOAcd6t3keti0nMs0JTY24BTnGOcUANsND0uayt5pINz + uiknc3JI+tVrPR9Olv76F4cpCU2jc3GVye9WbCPWjZQGGWEJsXaCpzjHGarW + cerm/vhFLEJAU3kqcH5eMUALf6PpsM9mkUO0Sy7W+ZuRj61dudC0qO3ldIMM + qMQdzdQPrVG/j1cT2fnSxFjL8mFOA2O/tV25j1wW8peaErsbOFOcYoAh07RN + MnsIJpYNzugJO5uT+dQWuj6dJqd7bvDmOIR7RubjcuT3qfTo9ZNjAYJYRHsG + 0Mpzj3qC1TVzqd6I5YhKBHvJU4Py8YoANS0fToHsxFDtEsyo3zMcqc8davza + DpKQyMsGCFJHzN6fWqGpJq4ks/PliJMy7Nqnhu2far80eueTJumgK7TnCt0x + QBV0vRdMuNPgmmh3O65J3MP5Go4NH019UurdocxxqhUbm4JHPen6XHrB0+A2 + 8sKx7flDKSce9RwR6v8A2pdBJYhKFTcSpwRjjFAC6no+m2/2TyYdvmXEaN8z + cq2cjk1ovoGkBGIt+QD/ABN/jWbqcerj7L58sRzcR7dqnh+cE+1aLxa7sbM0 + GMH+FqAKOk6Nptzp0M88O53BydzDufQ02LR9NbVp7ZocxpGjAbm4J696dpMe + sHToTbyxLHg4DKSep60yKPV/7VnCyxeb5abjtO3HbFABquj6dbxwNDDtLzIp + +ZjkHqOTWofD+kf8+/8A483+NZeqpq4jg+0SxMPOTbtUj5u2fatMxa9/z2g/ + 75agDN0bR9NutNhnnh3yNuydzDoxHY0Jo+mnV5LYw/ulhDAbm6k4z1pNGj1c + 6bCbWWJYvmwGUk/eOenvQker/wBryASxed5Iydp27c/zoAXVtH022t0eGHax + kRT8zHgnnqa0/wDhH9I/59//AB5v8ay9Wj1cW6faJYmXzExtUg5zxWp5Wvf8 + 9oP++WoAy9H0fTrqwSaeHc5Zhncw6MQOhpRo+m/2ybXyf3QgD43N97djOc56 + Umjpq5sENtLEseWwGUk/eOaBHq/9skebF53kDnadu3d0x65oANX0fTraz82C + Ha29Bncx4J56mtT/AIR/SP8An3/8eb/GsvV01cWebmWJk3pwqkHOeK1PK17/ + AJ7Qf98tQBmaTo+m3NoZJ4dzb3GdzDgHjoaDo+mjWFtfJ/dGAvjc33t2M5zm + k0mPVzaE20sSpvf7yknOeelBj1f+2FHmxed5B52nbt3dPrmgBdY0fTbXT5Jo + IdrqVwdzHqwB6mtP/hH9I/59/wDx5v8AGsvWI9XFhIbmWJo8rkKpB+8Mdfet + Tyte/wCe0H/fLUAZmlaPptzBI80O4rK6j5mHAPHQ0kmj6cNXithD+6aJmI3N + 1B+tGlR6uYJPs8sSr5r53KSc55/CiRNX/teIGWLzvKbB2nbtz/OgBdY0fTbX + TZp4Idsi7cHcx6sB3NaQ8P6Rgf6P/wCPN/jWbrEerjTZjcyxNF8uQqkH7w6f + jWkItewP30H/AHy1AGZpej6dcJcGaHcUmdB8zDCjoODSzaPpq6rb2yw4jdHJ + G5uSOnek0tNXMdx9nliUec+7cpPzd8e1E0er/wBq24aWLzdj7SFO3HfNAD9W + 0bTbbTpp4YdroBg7mPcepq9HoGkMik2/JA/ib/GqOrR6wNPmNxLE0eBkKpB6 + jpV6OLXdi4mgxgfwtQBnaZo+nXBu/Oh3eXcOi/M3CjGBwa8p+JVlbWOsW0Vq + mxWgBIyTzub1r1bTI9XJu/IliGLh9+5Ty3GSPavKfiUt4usWwvWR38gYKAgY + 3N60FRNTwRZW03hrUbqRMyxSfKcnj5V7dK9Rg0HSXhjdoMllBPzN3H1ry7wQ + t4fDWomJ0EIk+cEHcflXoa9Rgj1zyY9k0AXaMZVumKBMo6do+mzyXiyw7hFM + yr8zcAAcdaLrR9Nj1KxgSHEc3m7hubnaoI70mnR6uZLzyZYgRM2/KnlsDp7U + XUerjUrESSxGU+bsIU4Hy85/DpQIsajomlwWM80UG10QkHc3BH41LbaFpUlt + FI8GWZFJO5upH1qHUY9ZFjOZpYTHsO4Kpzj2qa2j1w20RjmhC7FxlTnGOKAK + Vho+nTXF4kkO5YpNqjc3Ax9aLzR9Oiv7GGOHCTM4Ybm5wuR3osE1c3F4IZYg + wk+fKnBOO1F4mri/sRLLEZCz7CFOB8vOaALN/oelw2VxLHBh0jYg7m4IHHen + WWh6VLZwSyQZZ41JO5uSRz3pt/HrQsrgzSwlPLbcApzjHOKdZx62bOAxSwhP + LXaCpzjHGaAKtlo+my3l7FJDlYnUKNzcAjPrRfaPpsN3ZRxw4WVyGG5uQB9a + Syj1c3l6IpYg4dd5KnBOOMUX0eri7shLLEXLnZhTgHHegC5eaFpUVpPKkGGR + GIO5uoH1plhomlzWME0sG53RSTubkkfWnXceti0mMs0JTY24BTnGOcUywj1o + 2MBhlhEexdoKnOMcZoAr2mj6dLqF9A8OUhMe0bm43Lk96NQ0fToZ7NIodoll + 2t8zcjH1otI9XOoXwjliEgMe8lTg/Lxj8KNQj1cT2fnSxFjL8mFOA2O/tQBe + uNB0lLeV0gwyqxHzN1A+tQabommT2EE0sG53QEnc3J/OpriPXBbyl5oSu1s4 + Vs4xUGmx6ybCAwSwiPYNoZTnHvQBFbaPpsmp3tu8OY4hHtG5uNwye9GpaPps + D2gih2iWdUb5m5U5460ltHq51O9EcsQlAj3kqcHjjFGox6uHtPPliJMy7Nqn + hucZ9qANCbQdJWJ2W3wQpI+ZvT61T0vRdMuNPgnmh3O65J3MM8+xq3NHrvlP + umgxtOcK3TFVNLj1g6fAbeWFY9vyhlJOM96AI4NH059VurdocxxqhUbm4J69 + 6/Lj9uHwUvh34maf4jtIilnrtkvPJBntTscZPohjP41+o8Cav/al0EliEoVN + xKnaR2xXgf7UXwx1j4j/AA1eCFY7jVdMmFzZLGpDu4Uh4h/vrnA7sFr3eHMe + sPi4yls9H8/+CfPcUZc8TgpwitVqvl/wLn4wUUpBBIIwRSV+zn4QFFFFABRR + RQAUUUUAFFFFABRRRQBr+H7CPVde03TJThLy5hhb6SOFP86/fL4k3Z0X4eaz + JYgReXbeSgUYCrIRHxjpgNx6V+AFjdzafe29/bnEttIkqH/aQhh+or+gC5ks + /iZ8NvtWlt+58Qaek9uSehmjEkefocZr4fi33a+HnP4U9fvX6H6BwanLD4qn + T+Nx0+5/qfnbRUs8E1tPJbXCGOWJijqwwVZTggj1BqKvv076n5I1bRhRRRTE + fdvwI1Ca++HttFMd32OaaFSf7oO8fluxX45/HfS7fRvjJ4ysLRQkK6ncuqjg + KJXMmB7DdgV+03ws0J/CngKwttQ/czMrXM+7jYZDuwfTauAfcGvw2+JXiaPx + l8QfEfiqHPk6pf3E8QPURPITGD9FxX5/w61PMMTUp/Df9f8Ahz9b4ki4ZZhK + dX47L8v+GOJoop8UUk0iQwoZJJCFVVGSxPAAA6k19wfAH6U/sKeHVk0HXdXu + 4y0N/drAucjP2aLcSMf9da+89V0bTbbT554YdroMg7mPf3NeSfBf4ean8M/A + /hzwo5ijv47d57jgn9/Od8oY99pOwEdlFetarHrA0+Y3EsLR4+YKpB69q/Ds + 6xSr4qpUjs3+C0P6CyLBvD4OnSlulr6vV/mXo9A0lo1Y2/JAP3m/xrP03R9N + uDd+bDu8ud0X5mGFGMDg1fji13y12zQYwMfK1Z+mx6uTd+RLEMTvv3KeW4yR + 7V5h6wtxo+mpqdpbrDiOVZCw3NztHHepdT0XTLewnmhh2ui5B3McH86huI9X + /tO0DyxGUrJsIU4AxzmpdTj1kWE5nlhaPb8wVSDj2oAtQaDpLwRu0GSygn5m + 6kfWqGnaPp08t4ssO4RTFV+ZuAB061egj1zyI9k0AXaMZVs4xVHTk1cy3nkS + xAiY79ynlsdvagBbrR9Nj1KxgSHEc3m7xubnauR3qfUNE0uCxnmig2uiMQdz + cED61Xuo9XGpWIkliMp83YQpwPl5z+HSp9Qj1oWM5mlhMextwCnOMdqAJrXQ + tKktoZHgyzIpJ3N1I+tU7DR9NmubxJIcrFJtUbm4GPrVu1j1s20JjmhC7Fxl + TnGOKp2Eerm5vPJliDCT58qcE47UAF5o+nRX1lDHDhJmcMNzc4GR3q1faHpc + NlcSxwYdI2YHc3BA471VvE1cX1kJZYjIWfYQpwDjnNWb6PWhZXBllhKeW24B + TnGOcUAOstD0qWzglkgyzxqxO5uSRk96qWWj6dLe3sUkOViZQo3NwCPrVqyj + 1s2cBilhCeWu0FTnGOM1Vsk1c3l6IpYg4Zd5KnBOOMUALfaPpsN1ZRxw4WVy + GG5uRj61bu9C0qO1mkSDDIjEHc3UD61Tvo9XF1ZCWWIuXOzCnAOO9XLuPWxa + zGSaEpsbOFOcY5xQAyw0TS5rGCaWDc7opJ3NySPrVe00fTZdQvoHhykJj2jc + 3G5cnvU9hHrRsYDDLCE2LtBU5xjjNV7SPVzqF8I5YhIDHvJU4Py8Y/CgA1DR + 9Ogms0ih2iWUK3zNyMfWr1xoOkpbyukGGVWI+ZuoH1qjqCauJrPzpYixlGzC + nhsd/ar1xHrn2eXfNCV2tnCtnGKAK+m6Jpk9hBNLBud1BJ3NyfzqK20fTZNT + vLd4cxxCPaNzcbhk96l02PWTYQGCWER7RtDKc496hto9XOp3gSWISgR7yVOD + xxigBdS0fTYGtBFDt82dEb5m5U5yOtX5dA0lYnZbfBCkj5m9PrWfqUerhrTz + 5YiTOuzap4bnBPtWhLHrvlPumgxg5+VvSgCnpei6ZcafBPNDud1yTuYZ59jU + cGj6c+q3Ns0OY40QqNzcE9e9SaXHrB0+A28sKx7flDKScZ71HAmr/wBq3ISW + IShE3EqdpHbFABqmj6dbi1MMO3zJ40b5mOVOcjk1pPoGkBSRb9Af4m/xrN1R + NXAtvtEsTZnTbtUjDc4J9q0ni17Y2ZoMYP8AC1AGfpGjabc6dDPPDudwcncw + 7kdjSRaPpratNbGH92kasBubqT9aXSI9XOnQm2liWPBwGUk9T1psUer/ANrT + BZYvO8tcnaduM8YoAXVdH023ihaGHaWmRT8zHgnkcmtP/hH9I/59/wDx5v8A + GsvVY9XEUP2iWJh5yY2qR82eM+1anla9/wA9oP8AvlqAMvRtH06602KeeHe7 + bsncw6MR2NC6Ppx1h7Uw/uhCGA3N13Yz1zRo0ernTojayxLF82Aykn7xz096 + FTV/7YcCWLzvJGTtO3bu/nQAato+m21skkEO1jIi53MeCeeprU/4R/SP+ff/ + AMeb/GsvVk1cWym5liZfMTG1SDnPFanla9/z2g/75agDM0jR9NurFZp4dzlm + GdzDoxA6Gj+x9N/tn7L5P7r7Pv27m+9vxnrnpSaRHq5sVNtLEqbm4ZSTncc9 + KPL1f+2dvmxed9n67Tt2b+n1zQAur6PpttZGWCHa+5Bncx4JAPU1p/8ACP6R + /wA+/wD483+NZerx6uLIm5liZNy8KpBzkYrU8rXv+e0H/fLUAZmk6PptzatJ + PDuYO4zuYcA8dDSNo+nDWEtRD+6MJfG5vvbsZznNGkx6ubUm3liVN7/eUk5z + zQyav/bCAyxed5Jwdp27d3880AGs6Pp1rp0s8EOx1K4O5j1YDua1P+Ef0j/n + 3/8AHm/xrL1lNXXTpDdSxNHlchVIP3hj9a1PK17/AJ7Qf98tQBmaVo+m3MMr + TQ7isrqPmYcA8Dg0SaPpq6tDbCH920TMRubqD9aTSo9XMMv2eWJR5r53KT82 + efwokj1f+1oQ0sXneU2DtO3bnn8aAHavo2m2unTTwQ7XQDB3MepA7mtFfD+k + EA/Z/wDx5v8AGs3V49XGnTG5liaPAyFUg9R0rRWLXtoxNB/3y1AGdpej6bcL + cmaHd5c7ovzMMKOg4NJNo+nJqttbLDiORHLDc3JHTvRpcerlbnyJYgBO+7cp + OW7ke1E0er/2rbB5YvNKPtIU7QO+aAJNV0XTLfT554YdrouQdzHv7mrsWgaS + 0aMbfkgH7zf41S1WPWBp85uJYWjx8wVSDjParkUeu+Wm2aDGBj5WoAoabo+m + ztdiWHd5U7ovzMMKMYHWi50fTU1Ozt0hxHKJCw3NztHHek02PVy135EsQxO+ + /cp5bjJHtRcx6v8A2nZh5YjKRJsIU4HHOaAJtT0XTLewnmig2uikg7m4P51Z + g0HSXgjdoMllBPzN1I+tVtTj1kWE5nlhMe07gqkHHtViCPXPIj2TQBdoxlWz + jFAFHTtH06ea8WWHcIpSq/M3Ax060Xej6dHqVjAkOEm8zeNzc7VyO9Gnpq5m + vPJliBEp35U8tjt7UXcerjUbESSxGU+ZsIU4Hy85/CgCxqGiaXBYzzRQbXRG + IO5uCB9aktdC0qS1hkeDLMiknc3Uj61FqEetCxnM0sJj2NuAU5xjtUtrHrZt + YTHNCE2LjKnOMcUAVLHR9Nmub2OSHKxSBVG5uBj60Xmj6bFfWUMcOElZww3N + zhcjvSWMerm5vBDLEGEg35U4Jx2ovI9XF7ZCWWIyFn2EKcA45zQBavtD0uGy + uJY4MOkbsDubggEjvS2Wh6VLZwSyQZZ41Ync3JIye9JfR60LK4MssJTy33AK + c4wc4oso9bNnAYpYQnlrtBU5xgYzQBVstH06W9vYpIcpEyBRubgEZPei/wBH + 06G6so44cLLIQw3NyMfWiyTVze3oiliDhl3kqcE44xRfJq4urITSxFjIdmFO + Acd6ALl1oWlR2s0iQYZUYg7m6gfWo9P0TS57GCaWDc7opJ3NySPrUl1HrYtZ + jJNCU2NnCnOMc1Hp8etGxgMMsIj2LtBU5xjjNAEFpo+myajfQPDlIfL2jc3G + 5cnvRqGj6bBNZrFDtEsoVvmbkY6daS0j1c6jfCOWISDy95KnB+XjH4daNQj1 + cTWfnSxEmUbMKeGx39qAL1xoOkpBI6wYKqSPmbqB9ar6ZoumXFhBNLBud1BJ + 3NyfzqxcR655Em+aErtOcK2cYqvpkesmwgMEsIj2jaGUk496AIbbR9Ok1O8t + 3hzHEI9o3NxuHPejUtH063a0EUO3zZ0RvmY5U5yOtFtHq51O8CSxCUCPeSpw + eOMUalHq4a08+WIkzps2qeG5wT7UAaMugaSsbsLfkAn7zf41S0rRdMuNPgnm + h3O65J3MO/sauSxa75b7poMYOflaqelR6wdPgNvLCse35Qyknr3oAZBo+mvq + tzbtDmONEKjc3BPXvSapo+nW62xhh2+ZOiN8zHKnORyaIY9X/tW5CSxCUIm4 + lTtI7Yo1SPVwtt9oliYeem3apGG5wT7UAabaBpAUkW/b+83+NZ2kaNpt1p0M + 88O53BydzDoSOxrQaLXtpzNBjH91qztIj1c6dCbaWJY8HAZST1PWgBI9H01t + XmtjD+7WJWA3N1J+tLquj6bbQxNDDtLSop+ZjwTyOTSRx6v/AGtMFli87y1y + dp24zxijVY9XEMX2iWJh5qY2qR82ePwoA1P+Ef0j/n3/APHm/wAazNG0fTbr + Top54dztuydzDoxHY1p+Vr3/AD2g/wC+WrL0ePVzp0RtpYlj+bAZST9456e9 + ACro+mnWHtTD+6EIcDc33t2M5zmjVtH022tlkhh2sZEXO5jwTz1NIser/wBs + OBLF53kjJ2nbt3fzzRq0eri2X7RLEy+YmNqkHOeKANT/AIR/SP8An3/8eb/G + vnLxQqrqzhRj5R/Wvo3yte/57Qf98tXhWueH9c1C/a5s7OSeIjAZFyMgnP60 + DidZ4AsbW8tY47iPepjkbGSORJjPHtXbavo+m2ti00EO1wyjO5j1YA9TXKeD + NP1mwSO1dBbTiJztlU/cL+n1rqtXj1cWTG5liaPcvCqQc5GKAZqf8I/pH/Pv + /wCPN/jWZpOj6bc2zSTQ7mEjrncw4B46GtPyte/57Qf98tWXpMerm2Y28sSr + 5j/eUk5zzQIG0fThrCWoh/dGEsRubruxnrml1nR9NtdOlngh2uu3B3MerAdz + SMmr/wBsIDLF53knB2nbt3fzo1iPVxp0puZYmj+XIVSD94Y6+9AGp/wj+kf8 + +/8A483+NZelaPp1zDM00O4rK6j5mHAPA4Nanla9/wA9oP8Avlqy9KTVzDN9 + nliUea+dyk/Nnn8KAFl0fTV1aG2EP7t42Yjc3UH60ur6Npttp008EO10Awdz + HuB3NNlj1f8AtaENLF53ltg7TtxnnNO1ePVxp0xuZYmjwMhVIPUdKANFdA0g + qCbft/eb/Gs3TNH024W5M0O7y55EX5mGFGMDrWisWvbRiaDp/das3TI9XK3P + kSxDE8m7cpOW4yR7UALPo+mpqttbrDiORHLDc3JHTvT9V0XTLfT554YdrouQ + dzHv7mo549X/ALVtg0sXm7H2kKduO+ak1WPWBp85uJYWj2/MFUg9e1AFyLQd + JaJGa3ySAT8zen1rP03R9OuGuxLDu8qd0X5mGFGMDrWhFHrvlJtmgxgY+VvS + s/TY9XLXfkSxAid9+5Ty3GSPagAudH06PU7O3SHEcok3Dc3O0cd6m1LRNMgs + J5ooNropIO5uD+dQ3MerjU7MPLEZSJNhCnA45zU2pR6yLCczywmPadwVSDj2 + oAsW+g6S8EbtBksoJ+ZupH1qlp+j6bPNeLLDuEUpVfmbgY6dau28eueRHsmh + C7RjKnOMVR0+PVzNeeTLECJTvyp5bHb2oALvR9Oi1GxgSHCTGTeNzc7VyO9W + NQ0TS4LGeaKDa6IxB3NwQPrVe7TVxqNiJJYjITJsIU4Hy85/CrGoR60LGczS + wmPY24BTnGOcUASWmhaVJawyPBlnRSTubqR9ap2Gj6dNdXsckOVikAUbm4GP + rVy0j1s2sJjmhCbFwCpzjHGap2Kaubq9EMsQYSDflTgnHagBb3R9NivbKKOH + CSswYbm5AGR3q1e6HpUVnPLHBhkjZgdzcEDI71UvY9XF7ZCWWIuWbYQpwDjn + NWr2PWxZzmWWEp5bbgFOcY5xQAWOh6XNZW8skGXeNGJ3NySAT3qtZ6Ppst9e + wyQ5SJkCjc3GVye9WbGPWjZW5ilhCeWm0FTnGBjNVbOPVze3oiliDhk3kqcE + 44xQAX+j6bDc2UccOFlkKsNzcjH1q5daFpUdrNIkGGVGIO5uoH1qnfpq4ubM + TSxFjIdmFOAcd6uXUeti1mMk0JTY2cKc4xzQBHp+iaXPYwTSwbndFJO5uSR9 + ar2mj6dJqV9A8OUh8vYNzcblye9T6fHrRsYDDLCI9i7QVOcY71BaR6udRvhH + LEJR5e8lTg/Lxj8KAF1DR9Ngls1ih2iWYK3zNyMHjrV6fQdJSCR1gwVUkfM3 + UD61Q1CPVxLZ+dLESZhswp4bHf2q9PHrnkSb5oCu05wrZxigCvpmi6ZcWEE0 + sG53UEnc3J/OobfR9OfVLy3eHMcSxlRubjcOe9TaZHrJsIDBLCI9o2hlJOPe + obdNXOqXYSWIShY95KnB44xQAano+nW5tBDDt82dEb5mOVOcjk1oy6BpKxuw + t+QCfvN/jWdqaauDaefLEczps2qeG5wT7VoSx675b7poMYOflagCnpWjabc6 + fBPNDudxkncw7+xpkOj6a+q3Fu0OY0RCo3NwT1707So9YOnwm3lhWPHyhlJP + XvTIY9X/ALVuAssXm7E3EqduO2KAF1TR9Nt1tjDDt8ydEb5mOVPUcmtJvD+k + AE/Z/wDx5v8AGszVI9XC2/2iWIgzpt2qRhuxPtWk0WvbTmaD/vlqAM/SNG02 + 606GeeHc7g5O5h0JHY02PR9ObV5rYw/uliVgNzdSfrS6RHq506E20sSx4OAy + knqetJHHq/8Aa8oWWLzvKXJ2nbtzx+NABquj6dbQxPDDtLSop+ZjwTz1Nan/ + AAj+kf8APv8A+PN/jWXqqauIYvtEsTL5qY2qR82ePwrU8rXv+e0H/fLUAZmj + 6Ppt1p8c88O52LZO5h0YjsaF0fTTrDWvk/uhAHxub727Gc5zSaPHq50+M20s + Sx5bAZST945/WhY9X/thgJYvO8kZO07du7+eaAF1bR9NtrVZIIdrF0GdzHgn + nqa0/wDhH9I/59//AB5v8ay9Wj1cWoNxLEyb0+6pBznitTyte/57Qf8AfLUA + ZekaPp11ZCWeHc25xncw4B46Gj+x9O/tkWvk/uvs+/bub72/Gc5z0o0iPVzZ + A20sSpubhlJOc80eXq/9shfNi8/7P12nbt3dPrmgA1jR9OtbFpoIdrhlGdzH + qQD1Nan/AAj+kf8APv8A+PN/jWXrCauLFjcyxNHuXhVIOcjFanla9/z2g/75 + agDM0nR9NubZ3mh3MJHXO5hwDx0NTw2FpZ67GltHsHks3UnnOO/tVfSY9XNs + /wBnliVfMfO5STnPNWIFvl12P7Y6M3kt9wEDGff3oA6WiiigAooooAKKKKAC + iiigD//X/c+XVYG1WC4Ecu1I2BGw559BT9W1a3uNOmhSOVSwHLIQOo71oz/8 + hy1/65PT9d/5BNx9B/MUAQx63bBFHlTcAf8ALM1naZqsEH2vdHKfMuJHG1Cc + A44Pv7V1UX+qT6CsjRv+X7/r6l/pQBmXGqwPqlrOI5QsauCChycjsKl1PV7e + ewnhWOUFlwCyED8TV66/5Ddj/uS/yqfWv+QVc/7lAFSHW7ZYY1MU3CgcRn0q + hp2qwQyXZaOU+ZMzDCE4Bx19DXT2/wDx7xf7q/yrM0j/AFt//wBfDfyFAGXd + arBJqVlMI5QIvNyChBO5ccDvU+o6xbzWM8SxyguhAJQgfiau3v8AyGNN+k3/ + AKCKsav/AMgy5/65tQBQttato7aJDFMSqKOIzjgVSsNVghuLx2jlIkk3DCE4 + 47+ldJZ/8ecH/XNf5VnaV/x9ah/12/pQBmXmqwSX9jKI5QIi+QUIJyuOB3qz + f6xby2VxEsUoLxsAShA5Hc1bv/8AkKab/vSf+g1b1P8A5B11/wBcn/kaAMuz + 1m3jtII2imJVFBxGSOBVSy1WCK7vZGjlIldSMISRgd/Sui0//jwtv+uSf+gi + qOm/8f8AqP8A10X/ANBoAy77VYJbuykWOUCJ2JyhBOR29at3ms20lpPGIpQW + RhzGQOR3qxqX/H/p3/XRv/Qav6h/x4XP/XJ//QTQBjWGsW8VlBE0UpKIoJCE + jgdjVaz1WCO/vpjHKRKUwAhJGFxyO1b+l/8AINtf+uSfyqnp/wDyFNS/3ov/ + AEGgDMv9Vglns2WOUCOXccoRkY7etXbnWrZ7eVBFMCyMOYzjkVPqn/H1p/8A + 12/pWjef8ek/+438qAMHTtYt4bGCJopSUQAkISPwNQWuqwJqd7OY5SsojwAh + yNq45HatzSP+QZbf9c1qtZf8hnUfpD/6DQBmalqsEz2ZWOUeXMrHKEZAz09T + V+bWrZoZFEU3Kkf6s+lSav8A62w/6+E/rWpcf8e8v+638qAOc0vV7eDT4IWj + lJVcEqhI/Oo4NVgTVLqcxy7ZFQABDngdxWzov/IKtv8Ad/rUVr/yGr3/AHIv + 5UAZep6rBP8AZdsco8u4jc7kIyBnp71ovrdsUYeVNyD/AMszT9Z/5cf+vqL+ + ta0n+rb6GgDmNJ1a3t9OhheOVioPKoSOp70yLVYF1We4Mcu141AGw549RWvo + X/IJt/of5mmQf8hy6/65JQBl6rqsE8cASOUbJkb5kI4Hp71pnXLX/nlN/wB+ + zRrf+ptv+viP+dbR6UAclo2qwW2mwwvHKxXdyqEjlietCarANXkuPLl2mELj + Yd2Qc9PStTw9/wAge3/4F/6EaI/+Q/L/ANcF/wDQqAMvVtVguLdESOUESI3z + IQODWp/blr/zym/79mjXP+PWL/rtH/OtmgDktH1WC2sEieOViCxyqEjlietA + 1WD+2Tc+XLt8gJjYd2d2enpWn4f/AOQZH/vP/wChGlH/ACMDf9ew/wDQ6AMv + V9VguLPy0jlU70PzIQODWp/blr/zym/79mk1/wD5B/8A20T/ANCraoA5LSdV + gt7QxvHKTvc/KhI5NB1WD+2FufLl2iArjYd2d2enpWpoP/Hif+ukn/oVDf8A + IwL/ANex/wDQ6AMvWNVgudPkhSOVSSvLIQOGB61qf25a/wDPKb/v2aPEH/IK + l+qf+hCtmgDktK1WC3gkR45STK7fKhPU0SarAdXiuPLl2rEy42Hdkn0rU0P/ + AI9Zf+u0n86SX/kPQf8AXBv50AZusarBc6bNCkcqltvLIQOGB61pDXLXA/dT + f9+zS+IP+QRcf8B/9CFbA6CgDk9L1WCBLgNHKd8zsNqE8H196JtVgbVbe4Ec + u1EcEbDnn0Faeif6q6/6+JP6Utx/yHLX/rlJQBnatq1vcafNCkcoLAcshA6j + vV6PW7YIo8qbgD/lmam13/kE3P8Auj+YrTi/1SfQUAcrpmqwQG73RynzLh3G + EJwDjr6GvKfiVdx3msW0kasoEAHzrtP3mr2nRut//wBfUn9K8g+Kv/Ibtf8A + r3H/AKG1BUS14Iu44vDWo2zKxaSTghcqPlXqe1eowa1bLDGpim4UDiM+lece + A/8AkUtU/wCup/8AQVr1+2/49ov9xf5UCZzGnarBDJeFo5T5kzMMITgEDr6G + i61WCTUrGYRygRebkFCCdy44HetTSf8AXX//AF8N/IUXv/IY03/tt/6CKBFL + UdYt5rGeJY5QXQgEoQPxNTW2tWyW0SGKYlUUcRkjgVoat/yDLr/rm38qns/+ + POD/AK5r/KgDm7DVYIri8do5SJJNwwhJHHf0ovNVgkv7GURygRFyQUIJyuOB + 3rT0v/j71D/rt/SjUP8AkJ6b/vSf+g0AVb7WLeWyuIlilBeNgCUIHI7mlstZ + t47OCNopSUjUEiMkcDtWrqf/ACDrr/rk/wDI07Tv+Qfbf9ck/wDQRQBz1lqs + EV5eyNHKRK6kAISRgY59KL7VYJbuykWOUCJyTlCCcjt61qad/wAhDUf99P8A + 0GjUv+P7Tv8Aro3/AKDQBWu9ZtpLSaMRTAsjDmMgcimWGsW8NjBE0UpKIoJC + EjgdjW1f/wDHjc/9c3/9BNR6X/yDbX/rmv8AKgDBtNVgj1C+mMcpEpjwAhJG + FxyO1GoarBNPZsscoEcu45QjPHb1rTsP+QrqX1i/9Bo1X/j50/8A67D+VAEN + xrVs9vKgimBZWHMZxyKg03V7eGwgiaOUlEAJCEj8DW/d/wDHrN/uN/Kq2kf8 + gy2/3BQBh22qwJqd7OY5SJRHgBDkbR3HajUdVgme0Kxyjy5lY5QjIGenqa1L + P/kMaj9If/QTRq/+ssP+vlP5GgCKbW7ZonURTcqR/qz6VU0vV7eDT4IXjlJV + cZVCR19a6S4/1En+6f5VQ0T/AJBVt/u/1oAxoNVgTVLqcxylZFQABDkY9RRq + eqwTi12xyjy543O5CMgZ6e9adr/yG73/AHI/5Uus9LL/AK+ov60AfmJ+1b8A + Ws9Tu/if4BspW0+6LTalarER9nkPLToB/wAs26uP4Tk/dJ2/Bdf0iSqrROrD + IIIIPQivgL4o/sY6P4xs/wDhJ/hrPHo2qzBnlspcizmbJ5QqCYmPoAUPovJr + 9B4f4rjGKoYp7bP/AD/zPzXiXg6UpPEYRb7x/Vf5fcflxRXd+Nfhj49+Hd69 + l4x0W404ocCRl3Qt6bJVyjZ9mrhK/QKdWM1zQd15H5rVozhLlmrPzCiiirMw + ooooAKKKKACiiigAr9K/2LPjrZrZp8HvFNz5cyuz6TLIflcP8zW2T0YNlo/X + JXqFB/OHTdN1DWL+DS9KtpLy8unEcUMSl5JHboqqOSTX6H/Cb9iqCxtYvFnx + n1H7CsIEv2C3mEfl45Hn3IPH0jIx/f7V89xJLDPDuniJWb2tq7+SPpuFY4uO + JVXDRulvfRW82fVfxT+DI8UXEniHw0Uh1J/9dC3ypOR/ED/C/rng98HJPyZq + /hrxBoExg1nTp7RhnmRCFOO4boR7g4r9ELG8RtMt7vw5Iuq2AQBQJt8jKox8 + srsd7cYxIwOSSXGMVTfxxolr8urJdaY68MLm1lVAfTzlVoW/4C7D3r4/KuKc + Th4+ylHnS+TXl1/I+xzvgrB4uft4T5JPVveL8+n4M/PLTdF1jWJRBpNlNeSH + tFGzn9Aa+nfhl8Dp7G7h1/xmq74SHhswQ4DDo0pGRx1CjPue1e3J488Nz/Lp + 0k+oN0AtLWecZ7AsiFF+rED1NaqX93JbvfalENJs0Xc4ndPNAHXcUYxoB6hm + yD/CRWmacW4mtB04Q5E/v+W35GeTcCYPD1FVqT9o1r2Xz3/FnyJ+2D8dbPwZ + 4XuPht4fuN3iDW4tlwYzza2kn3tx7PKuVUdQpLcfLn8j6/UX4r/sgeHfiCl3 + 44+E+tltQvGeaSG5na5guJDy22di0iOT/fLDPHyivz2k+F/xDi8S3Pg8+Hr1 + tYs2CzW6wsxQHoxZcqEPUPnaRyDivo+GamFp0HCnL3lrK+jv/kfOcWU8ZVxC + qVI+69I21VvJ93/Whwdfdn7InwT/ALR1m2+KnjC0k/s3T236bCYyfPuF6TH/ + AGIzyvq+D0Xn0P4JfsTCznt/EvxgZJ2Qh49JhbemR0+0SKcNj+4mQe7EZWvv + vw9DDb21xb26LFFFO6oigKqquAAAOAAOgryeIuKIODoYZ3vu/wBF/me1wxwj + NTWJxatbaP6v/L7yhNqsDarb3Ajl2ojgjYc8+gp+q6tb3GnzQpHKCwxlkIHX + 1rQuP+Q5af8AXOSpdc/5BNz/ALo/mK/Oz9OK8et2wjUGKbgD/lmaz9N1WCA3 + e6OU+ZO7jCE4Bx19DXUw/wCqT/dH8qytH633/X1J/SgDLuNVgfU7ScRyhY1k + BBQ5OR2HepdT1e3nsJ4ljlBZcAlCB+Jq/d/8hqw/3Zf5CptZ/wCQXc/7hoAp + wa1bJBGpimJCgcRn0qjp2qwQy3jNHKfMmLDCE4GO/oa6a1/49ov9xf5VmaT/ + AK7UP+vhv5CgDMutVgk1KxmEcoEXm5BQgncuOB3qfUNYt5rGeJYpQXRgCUIH + I7mrt9/yF9M/7bf+gVZ1b/kGXX/XNv5UAZ1rrVtHbQoYpiVRRxGSOBVOw1WC + K5vHaOUiSTIwhJHHf0rpLL/jzg/65r/Ks/S/+PvUP+uo/lQBl3mqwSX1lKsc + oETOSChBORjgd6s32s28tlcRLFKC8bAEoQOR3NWtQ/5CWm/70n/oNXdT/wCQ + ddf9cn/9BNAGTZazbxWcEbRSkpGoJEZI4HaqtlqsEV5eytHKRKykAISRgd/S + uh07/kH2v/XJP/QRVHTv+QjqP++n/oNAGZfarBLdWUixygRuScoQTx29auXe + s20lrNGIpgWRhzGQORVjU/8Aj907/rqf/Qav3/8Ax43H/XN/5GgDEsNYt4rG + CJopSURQSEJHA7Gq9pqsEeoX0xjlIlMeAEJIwuOR2re0v/kG2v8A1zX+VVbD + /kLal9Yv/QaAMvUNVgmms2WOUeXKGOUIyMdvWrtxrVs9vKgimBZWHMZxyKm1 + X/j40/8A67j+VaV3/wAes3+438qAMDTdXt4bCCJo5SUUAkISPwNQ22qwJqd5 + OY5SsgjwAhyMDuO1bej/APILtv8AcFQWf/IZ1D6Q/wDoJoAy9S1WCZrQrHKP + LnVjlCMgZ6eprQl1u2aJ1EU3II/1Z9Kk1j79h/18p/WtSf8A1En+6f5UAc3p + er28GnwQtHKSq4JVCR19ajg1WBdVubgxy7XRAAEOePUVs6J/yCrb/d/rUNt/ + yG7z/rnHQBmapqsE4tdkco2TxudyEcDPT3rSfW7YqR5U3IP/ACzNLrX3bL/r + 6i/rWw/3G+hoA5bSNWgt9OhheOVioPKoSOp702LVYF1aa4Mcu1o1XGw54PpW + toP/ACCLf6H/ANCNNh/5Dtx/1xT+dAGXquqwTxQqsco2zI3zIRwD/OtT+3LX + /nlN/wB+zRrf+ot/+u8f862aAOS0bVYLbTooXjlYru5VCRyxPWhdVgGsPc+X + LtMIXGw7s7s9PStPw9/yCIP+B/8AoRoT/kYJP+vcf+hUAZmrarBcWyokcqkS + IfmQgcGtT+3LX/nlN/37NJrv/Hmn/XWP+dbVAHJaRqsFvZLE8crEMxyqEjkk + 9aP7Vg/tn7T5cu37PsxsO7O/PT0rU0D/AJBq/wC+/wD6EaP+Zh/7df8A2egD + L1fVYLiyMSRyqdyn5kIHBB61qf25a/8APKb/AL9mjX/+Qcf99P8A0IVs0Acl + pOqwW9qY3jlYl3PyoSOTQ2qwHWEufLl2iErjYd2d2enpWpoX/Hk3/XWT/wBC + pH/5GCP/AK9z/wChUAZms6rBc6dLCkcqlivLIQOGB61qf25a/wDPKb/v2aTx + D/yCZvqn/oQraoA5LStVgghlV45TuldvlQngn+dEmqwHVobgRy7ViZcbDnk+ + lamif8e8/wD13k/nRL/yHbf/AK4v/OgDM1fVoLjTpoUjlUsByyEDqD1rRXXL + baP3U3/fs0/X/wDkEXH0X/0IVrr90fSgDk9L1WCBbkNHKd87sNqE8H196JtV + gbVba4Ecu1EcEFDnn0Fami/cu/8Ar5l/pSXP/Ics/wDrnJQBQ1XVrefT54Uj + lBYYyyEDr61ci1u2WNFMU3AH/LM1Y1v/AJBVz/u/1rRh/wBTH/uj+VAHLabq + sELXZaOU+ZO7jCE4Bx19DRc6rA+p2c4jlCxiTIKHJyOw71qaP96//wCvmT+l + F3/yGbD/AHZf5CgCjqer289hPEscoLKQCUIH4mrEGtWyQRqYpiQoHEZ9Ku6z + /wAgu5/3DVu1/wCPaL/cX+VAHM6fqsEM14zRynzJSwwhOBjv6Gi71WCTUbGY + RygReZkFCCdy44HetPSf9fqH/Xc/yFF9/wAhfTP+23/oNAFPUNYt5rGeJYpQ + XRgCUIHI7mpbXWbaO1hjMUxKoo4jJHArR1b/AJBl1/1zb+VTWP8Ax5W//XNP + 5CgDnLHVYIrm8do5SJJARhCSOO/pRearBJe2UqxygRM5IKEE5GOB3rU0z/j8 + 1H/rqP5Uah/yEtN/35P/AEGgCrfazby2VxEsUoLxuATGQOQetFlrNvFZwRtF + KSkag4jJHAHStbUv+Qddf9cn/wDQTS6d/wAg+1/65J/6CKAOestVgivb2Vo5 + SJWUgBCSMDv6UX2qwS3VlIscoEUhJyhBPHb1rT07/kJal/vp/wCg0an/AMfu + nf8AXU/yoAgutZtpLWaMRTAsjDmMgcio9P1i3hsYImilJRFBIQkcDsa277/j + yuP+ub/yNRaV/wAg21/65r/KgDBtNVgj1G+mMcpEvl4AQkjauOR2o1DVYJpr + NljlAjlDHKEZGO3qa1LH/kLal9Yf/QaNV/4+NP8A+u4/kaAIbjWrZ4JEEUwL + KRzGe4qvpmr28FhBE0cpKqASEJH4Guguv+PWb/cb+VVNG/5Bdt/uCgDEttVg + TU7ycxylZBHgBDkYHcdqNS1WCdrQrHKPLnRzlCMgZ6eprTs/+Q1qH+7F/wCg + 0ax9+w/6+Y/60AMl1u2aN1EU3IP/ACzNU9K1a3g0+CF45SVGMqhI6+tdLN/q + ZP8AdP8AKs7RP+QVbf7v9aAMeDVYF1W5nMcu10QABDnj1FGqarBOtsFjlGyd + GO5COBnp71qW3/IbvP8ArnHSa19yz/6+Yv60AI2uWxUjypun/PM1naRq0Fvp + 0MLxysVB5VCR1J611T/cb6GsnQP+QRb/AEb/ANCNAGVHqsC6tNcGOXa0arjY + c8H0o1XVYJ4YlWOUFZUb5kI4B/nWnD/yHrj/AK4p/Ol1v/j3g/67x/zoAP7c + tf8AnlN/37NZej6rBbadFC8crFd3KoSOWJ611tY3h/8A5BMH1f8A9CNAGWuq + wDWHufLl2mELjYd2d2enpRq2qwXFsqJHKpEiH5kIHBrUT/kPyf8AXuP/AEKj + Xf8AjzT/AK6x/wA6AD+3LX/nlN/37NZej6rBb2QieOVjuY5VCRyfWutrF0D/ + AJBq/wC+/wD6EaAMz+1YP7Z+0+XLt+z7MbDuzvz09PejV9VguLJokjlUllOW + QgcEHrWp/wAzD/26/wDs9Gv/APINb/fT/wBCFAB/blr/AM8pv+/ZrL0nVYLe + 2ZHjlYmRz8qEjk11tY2hf8eb/wDXWT+dAGW2qwHWEufLl2iErjYd2d2enpRr + GqwXOnSwpHKpbbyyEDhgetab/wDIwR/9e5/9CpfEH/IJn+qf+hCgA/ty1/55 + Tf8Afs1l6VqsFvDMrxytuldvlQngn+ddbWLof+ouP+u8n86AMyXVYG1aG4Ec + u1Y2XGw55PpTtX1aC406aFI5VLAcshA6jvWlN/yHbf8A64v/ADp2vf8AIIuP + oP8A0IUARrrlsFA8qbp/zzNZumarBAtyGjlO+eRxtQng46+9dWn3F+grI0X7 + t5/18y/0oAy59VgbVbacRy7URwQUOefQVJqurW8+nzwpHKCwxlkIHX1rQuf+ + Q3Z/9c5Kk1v/AJBVz/u/1oArxa3bLEimKbgAf6s+lZ+m6rBA12WjlPmTu4wh + OAcdfQ11EH+oj/3R/KsrR/v3/wD18yf0oAzLnVYH1OznEcoWMSZBQ5OR2Hep + tS1e3msJ4ljlBdSAShA/E1dvP+Q1p/8Auy/+g1Y1j/kF3P8AuGgClb61bJBG + himJVQOIz2FUdP1WCGa8Zo5SJJSwwhOBjv6Gumtf+PWH/cX+VZulf8fGof8A + Xc/yFAGXd6rBJqNjMI5QIjJkFCCcrjgd6sahrFvNYzxLFKC6MAShA5Hc1bv/ + APkLab9Zf/Qat6r/AMg26/65t/KgDNtNZto7WGMxTEqijiMkcCqdjqsEV1eu + 0cpEsgIwhJHHf0ro7D/jxt/+uafyFZ+mf8fuo/8AXUfyoAzL3VYJL2ylWOUC + JmJyhBORjgd6tXus28tnPGsUoLxsATGQOR3q1qP/ACEdO/33/wDQau6j/wAg + +6/65P8A+gmgDIsdZt4rK3iaKUlI0BIQkcAdDVWz1WCO9vZWjlIlZCAEJIwM + cjtXQab/AMg61/65J/6CKp6f/wAhLUv9+P8A9BoAy7/VYJbmzdY5QI5CTlCC + eO3rVy61m2ktZoxFMCyMOYyByKn1T/j807/rqf5VoX3/AB5XH/XN/wCRoAw9 + P1i3hsYImilJRFBIQkcDsagtNVgj1G+mMcpEvl4AQkjauOR2rd0n/kGWv/XN + f5VVsf8AkL6n/wBsf/QaAMzUNVgmls2WOUeXMGOUIyMdvU1en1q2eCRRFMCV + I5jPpU2rf6/T/wDruv8AI1pXX/HtL/uN/KgDn9M1e3gsIImjlJVQCQhI/A1D + b6rAmqXc5jlKyCMABDkYHcdq29G/5Bdt/uCq9p/yGr//AHYv5UAZmp6rBObT + bHKPLnRzlCMgZ6eprQl1u2aN1EU3II/1Zp+s/esP+vqP+ta03+pk/wB0/wAq + AOZ0rVre30+CF45SVHVUJHX1pkOqwLqtxOY5drogACHPHqK2ND/5BNt/un+Z + qO3/AOQ5d/8AXOOgDL1TVYJ1tgsco2Tox3IRkD0960m1y2II8qb/AL9mna19 + y0/6+Yv61sN90/SgDlNI1aC306GF45WKg8qhI6nvSR6rANXluDHLtaJVxsOe + D6Vq6B/yCLf6N/6EabF/yHp/+uK/zoAzNV1WC4hiVI5RtlRvmQjgGtT+3LX/ + AJ5Tf9+zSa5/x7wf9d4/51tUAclo+qwW2nxwvHKxUtyqEjlietC6rANYa58u + XaYQuNh3Z3Z6elanh/8A5BMP1f8A9CNC/wDIwP8A9ew/9DoAy9W1WC4tRGkc + qkOh+ZCBwa1P7ctf+eU3/fs0a7/x5L/11j/9CrZoA5LSNVgt7IRvHKx3MflQ + kcn1o/tWD+2Rc+XLt+z7MbDuzuz09K09A/5Bw/33/wDQjQf+RiH/AF6/+z0A + ZmsarBc2LRJHKpLKcshA4IPWtT+3LX/nlN/37NJ4g/5Br/7yf+hCtqgDktJ1 + WC3tnR45WJkc/KhI5NWIL2O712N41dR5LL8yle+auaF/x6Sf9dZP50P/AMh+ + L/r3b/0KgDZooooAKKKKACiiigAooooA/9D9z5dHsF1WC2CHy3jdiNzdR05z + TtW0bT7bTpp4YyHQDB3Me49TTZRrP9qwbmg87y324Dbcd89807VhrX9nTfaW + gMWBu2Bt3UdM0AXo9A0tkUmNskD+Nv8AGs/TNHsLj7X5qE+XcSIvzMPlGMdD + WhGPEGxdrW2MDHD1n6YNZ/0v7OYP+PiTfu3ff4zjHb0oALjR7BNUtbdUOyRX + LDc3Ycc5qTU9F0+3sJ5ooyHRcg7mP9ajuBrP9qWu9oPO2vswG24xznv9Kk1M + a39gn+0NB5e35tobdj2zQBbh0HTHhjZozkqCfnb0+tUNO0ewnkuxIhIimZF+ + ZhwMe9X4Rr/kx7Gttu0YyHzjFUNOGs+Zd+Q0GfObfuDfe4zjHagAutHsI9Ss + oEQhJfN3Dc3O1cjnNTajomnQWM80cZDIhI+Zjz+dQ3Q1n+0rLzGg8397swG2 + /d5z36dKm1Ea39hn89rfy9h3bQ2ce2aAJrbQtNktopHjJZkUn526kfWqdho9 + hNcXiSISIpNq/MwwMfWrlsNe+zReW1vt2LjIfOMcZqnYDWftF55DQbvM+fcG + xux2x2oALzR7CK/soUQhJi4Ybm5wuR3qzfaHp0NlcSxxkMkbEfOx5A+tVrwa + z9vsvNaDzMvswGx93nP4VZvhrn2K485rfy/LbdtDZxjnGe9AC2eh6bLaQSvG + SzopPzt1I+tVbLR7Ca7vYnQlYnUL8zDAI+tWrMa79kg8prfZsXbkNnGOM+9V + bIaz9rvfJaDfvXfuDYzjjFABfaPYQ3dlFGhCyuwb5mOQB9atXmh6bFaTypGQ + yIxHzt1A+tVb4az9rsvOaDfvbZtDYzjvVq8Gu/ZJ/Na32bG3YDZxjnHvQA2w + 0PTprKCaSMlnRSfnYckfWq9no9hLf30LoSkJTaNzcZXJ71YsBrn2KDyWt/L2 + Lt3Bs4xxnFV7Maz9vvvKMHmZTfkNj7vGPw60AF/o9hDPZpGhAll2t8zHIx9a + u3OhaZHbyyLGQVRiPnbqB9apX41nz7Pz2g3eb8m0NjdjvntV25GvfZ5fMa32 + 7GzgPnGOcUAQadomnT2ME0kZLOgJO5hz+dQ2uj2EmpXtu6EpEI9o3NxuXJ5z + U2nDW/sMHkNb+XsG3cGzj3xUNqNZ/tK98swebiPfkNt+7xj8OtABqOj2ED2g + iQgSzKjfMx4Ofer82g6YkMjLGchSR87en1qhqI1nfaeeYM+cuzaG+9zjOe1X + 5hr/AJL72ttu05wHzjFAFTS9F0+40+CaWMl3XJO5h/Wo4NHsH1S6t2Q7I1Qq + NzdxzzmpNLGtf2fB9naDy9vy7g27Hvio4BrP9qXWxoPO2puyG24xxjvQAano + 9hb/AGXykI8y4jRvmY/K2c9TWi+gaWEYiNuAf42/xrO1Maz/AKL9oMH/AB8R + 7Nu77/OM57etaLjxBsbLW2MHs9AFDSdG0+506GeaMl3BydzDufQ02LR7BtVn + tih8tI0YDc3U9ec07SRrX9nQ/ZmgEWDt3ht3U9cU2Iaz/as+1oPO8tN2Q23H + bHfNABqmj2FvHA0SEF5kU/Mx4PXqa0/+Ef0v/nm3/fbf41maoNZ8uD7SYMec + m3aG+92zntWmR4h/vW35PQBmaPo9hdabDPMhLtuydzDoxHQGhNHsDq8lsUPl + rCGA3N1Jx1zRo41n+zYfsrQCL5sbw277xznHHWhBrP8Aa8mGg87yRnhtu3P5 + 5oANV0ewtrdHhQgmRFPzMeCeeprT/wCEf0v/AJ5N/wB9t/jWZqo1n7On2loN + vmJjYGzuzx17Vp48Q/3rb8noAzNH0ewurBJpkJclhncw6MR2NA0ew/tg2uw+ + WIA+Nzfe3Y65zRo41n7An2VoBHlsbw2c7jnpQBrP9sH5oPP8gdm27d355zQA + avo9ha2fmwoQ29B95jwT7mtP/hH9L/55N/323+NZmrjWfsf+lNAU3p9wNnOe + OtaePEP962/J6AMzSdHsLm0MkyEtvcfeYcA8dDQdHsBrC2uw+WYC+Nzdd2Ou + c0aSNZ+yH7M0Gze/3w2c556UEaz/AGwuWg8/yD2bbt3fnnNABrGj2FrYSTQo + VcFcHcx6sB3Naf8Awj+l/wDPJv8Avtv8azNYGs/YJPtTQeXlc7A277wx1960 + 8eIf71t+T0AZmlaPYXMEjzISVldR8zDgHjoaJNHsBq8VqEPltEzEbm6g+uaN + KGs+RJ9maDb5r53hs7s89O1Eg1n+14tzQed5TY4bbtzznvmgA1jR7C102aeF + CHXbg7mPVgOhNaQ8P6WQD5bf99t/jWbrA1n+zZvtTQGL5d2wNu+8MYz71pAe + IcD5rb8noAzdL0ewuEuDKhJSZ0HzMOB06GibR7BdVt7ZUPlujkjc3UdOc0aW + NZ2XH2ZoMec+7cG+93xjtRMNZ/tW33NB52x9uA23HfPfNAD9V0bT7bT5p4Yy + HQAg7mPcepq7HoGllFJjbJA/jb/GqWqjWv7Pm+0tAYsDdsDbuo6Zq7GPEGxd + rW2MDHD0AZ+maPYXBu/NQny53RfmYfKMY70XGj2CapaW6odkiyFhubsOOc0a + YNZzd/ZzB/r337t33+M4x2ouBrP9qWm8wedtk2YDbcY5z3+lAEmp6Lp9vYTz + RRkOi5B3Mf61ag0HTHhjdozllBPzt3H1qrqY1v7BP9oaDy9vzbQ27HtmrUA1 + /wAmPY1tt2jGQ+cYoAo6do9hPJeLIhIimZV+ZhgAD3outHsI9SsYEQhJvN3D + c3O1cjnNGnDWfMu/IaDPnNv3BvvYHTHai6Gs/wBpWPmGDzf3uzG7b93nd+HS + gCfUdE06CxnmjjIZEJB3MeR+NS22haZJbRSNGSWRSfnbqR9ai1Ea59hn89rf + y9h3bQ2ce2althr32aLy2t9uxcZD5xjjNAFOw0ewmuLxJEJEUm1fmYYGPrRe + aPYRX1lCiEJMzhhubnC5HeiwGs/aLzyWg3eZ8+4NjOO2O1F4NZ+3WXmmDzMv + swGxnbzmgCzfaHpsNlcSxxkMkbEfOx5A+tLZ6HpstnBK8ZLPGrH526kZ9aS+ + GufYrjzmt/L8tt20NnGOce9LZjXfscHlNb7PLXbkNnGOM+9AFWy0ewlvL2J0 + JWJ1C/MwwCM+tF9o9hDd2UcaELK5DfMxyAPrRZDWftl75TQb9679wbGccYov + hrP2uy85oN+87NobGcd6ALd3oWmxWk0qRkMiMR87dQPrTLDRNOmsYJpIyWdF + J+dhyR9afdjXfsk3mtb7NjbsBs4xzimWA1z7DB5DW/l7F27g2cY4zigCvaaP + YS6hfQOhKQmPaNzcblye9GoaPYQT2aRoQJZdrfMxyMfWi0Gs/wBoX3lNB5uY + 9+Q237vG38OtGoDWfPs/PaDd5vybQ2N2O+e1AF240HTEt5XWMgqrEfO3UD61 + Bp2iadPYQTSxku6Ak7mHP51PcDXvs8u9rfbtbOA+cY7VBpw1v7BB5DW/l7Bt + 3Bs498UAQ22j2EmpXtuyEpEI9o3NxuGTzmjUdHsIHtBEhHmzKjfMx4Ofei2G + s/2le+W0Hm4j35DbenGO/wBaNRGs77Tz2gz5y7Nob73OM57UAX5tB0xYnYRn + IUn77en1qppei6fcafBPLGS7rkncw/katzDX/Kfc1tt2nOA+cYqppY1r+z4P + szQeXt+XcG3Y98UARwaPYPql1bMh8uNUKjc3frzmjU9HsLcWvlIR5k8aN8zH + 5TnPU0QDWf7UutjQedtTdkNtx2x3o1Mazi1+0NB/r49u0N9/nGc9vWgDRfQN + LCkiNuAf42/xqhpOjafc6dDPNGS7g5O5h3PoavuPEG05a2xg9nqhpI1r+zof + szQCLB27w27qeuKAIhoWmXGpXNjPD5kHlKdrEkHd1zzzXnfif4EfB6/WKe58 + JaeZJZkVnWERswY85KYJ+tejxDWf7Wn2tB53lruyG24zxjvmjVRrPlQ/aWgx + 5ybdob72eM57VrSrzhrCTXoY1sPTqK1SKfqrnkzfsp/AFmLHwnFknPFxcgfk + Jay9H/Za+A13psNxP4UiaR92T9ouR0YjtLX0BjxD/etvyeszRhrP9mw/ZDAI + vmxv3bvvHOccda6f7UxP/P2X3s5P7Iwn/PmP/gK/yPEk/Za+Ax1eS0PhSLyl + hDgfaLnqTjr5tGq/stfAa1t0kh8KRKxkRT/pFyeCef8AlrXtqDWf7Xkw0Hn+ + SM8Nt25/PNGrDWfsyfaWg2+YmNgbOc8de1P+1MV/z9l97D+yMJ/z5j/4Cv8A + I8l/4ZR+AH/Qpx/+BFz/APHazNI/Za+A13YrNP4UiZyzDP2i5HRiB0lr6Ax4 + h/vW35PWZpA1n7Cv2VoPL3NjeGzncc9Pej+1MV/z9l97D+yMJ/z5j/4Cv8jx + L/hlr4Df2wbT/hFIvK8jfj7Rc/e3YznzfSnap+yx8CLe1323hOPzC6KP9IuT + 1OP+ete141n+2T80Hn+R6Nt2bvzzmthZbm1gmu9ZkhSGBTIWXICqoJZiT6Ch + ZninoqsvvYnlODWrpR/8BX+R4vB4B+CvwFhn8X6JoUOn3siGGNlZ5Z5Cf4Iz + Kzbc/wARGOOtfMvjb4heIPHN4ZtTlMVohzFbISIkHbj+JvVjz6YHFP8AiJ42 + u/HPiGXUXJWzhJjtYj0SMHqR/ebq35dAK4Ov1fIcj9jFVsQ+ao+r1t5I/D+J + +JfrEnh8L7tFdFpfzdvwX6nS+HPF/iTwncG40C+ktdxyyDDRv/vI2VP1xn0r + 2nTv2kPEEMYXU9Ktrph/FGzQk/XO8flXzjRXp4zJsLiHetTTffr96PFy/iDG + 4VctCq0u26+56H0pe/tJ6zJGRp2jW8D9jLI8o/IBP51474o8f+K/GDY1u+aS + AHIgT5Ih6fKuASPU5PvXG0UsHkmEoPmpU0n33f4l4/iPHYmPLWqtrtsvuVjp + /C3jDXvB2oDUNDuTESR5kZ5ikA7Ovf69R2Ir7Y8JeLtD+J+itNbgW+oW4Alh + Jy0bHoR/eQ9j/WvgCuj8KeJtR8Ia5b65pjfvITh0JwskZ+8jexH5HB6ivP4g + 4fp4uDlFWmtn38n/AFoepwtxVVwFRQm70nuu3mv61P0SHh/S8cxNn/fb/Gs3 + S9HsLhLgyoSUndB8zDgdO9X9P1f/AISDRrPWtBkRortFkXzAehHIOOjA8Eeu + aoaWNZ2XH2YwY89924N97vjHavxmcHFuMlqj+gqdSM4qUXdMJtHsF1W3tlQ+ + W6OSNzdR05zT9V0bT7bT5p4YyHQZB3Me/uaZMNZ/tW33tB52x9uA23HfPen6 + qNa/s+b7S0Bix820Nu69s1JZdj0DTGjVjG2SB/G3+NZ+m6PYXBu/NQny53Rf + mYfKMY71oRjxB5a7WtsYGOHrP00azm7+ztB/r337g33+M4x2oALjR7BNTtLd + UOyVZCw3N/COOc1Lqei6db2E80UZDouQdzH+tRXA1n+07Te0Hm7ZNmA23GOc + 9/pUupjW/sE/2hrfy9p3bQ2ce2aALMGg6Y8EbtGcsoJ+du4+tUdO0ewnlvFk + QkRTFV+ZhgD8avQDX/Ij2NbbdoxkPnGKo6cNZ8288gwZ8479wb72O2O1ABda + PYR6jYwIhCTebuG5udq5Hep9Q0TToLGeaOMhkRiPmY8gfWoLoaz/AGjY+YYP + N/e+Xjdt+7zu/DpU+oDXPsM/ntb+XsbdtDZxjtmgCW10LTZLaGR4yWZFJ+du + pH1qnYaPYTXN5HIhIik2r8zDAx9auWo177ND5bW+zYuMh84xxmqdgNZ+03nk + tBu8z59wbGcdsdqAC80ewivrKFEIWZnDDc3OBkd6s32h6bDZXEscZDJGzD52 + PIB96rXg1n7dZea0Hmbn2YDYzjnNWb4a79iuPOa38vy23bQ2cY5x70ALZaHp + stnBK8ZLPGrH526kZ9aq2Wj2Et5exOhKxMoX5m4BGfWrVkNd+xweS1vs8tdu + 4NnGOM+9VbIaz9svfJaDfuXfuDYzjjFABfaPYQ3VlHGhCyuQ3zMcjH1q3d6F + psdrNIkZDIjEfO3UD61UvhrP2qy85oN+87NobGcd6t3Y177LN5rW+zY27AbO + Mc4oAZYaJp01jBNJGSzopPzsOSPrVe00ewl1C+gdCUhMe0bm43Lk96sWA1z7 + DB5DW/l7F27g2cY4ziq9oNZ/tC+8poPNzHvyG2/d42/h1oANQ0ewgms0jQgS + yhW+ZjkY+tXbjQdMjt5XWM5VWI+duoH1qlqA1nzrPz2g3eaNm0NjdjvntV24 + GvfZ5fMa327WzgPnGOcUAQabounT2EE0sZLuoJO5hz+dQ22j2Emp3luyEpEI + 9o3NxuHPOam00a39gg+ztb+XtG3cGzj3xUNsNZ/tO88toPNxHvyG29OMd/rQ + Aalo9hA1oIkI82dUb5mOQc571fl0HTFidhG2QCfvt/jVDUhrO6089oM+euza + G+9zjOe1X5Rr/lPua2xg5wH6YoAqaXoun3GnwTyxku65J3MO/sajg0ewfVLm + 2ZD5caIQNzdT15zUmljWv7Pg+zNB5e35dwbdj3xUcA1n+1bnY0HnbE3ZDbcd + sd6ADU9HsLcWxiQjzJ0RvmY/Kc571ovoGlhSRG3AP8bf41naoNZxbfaGg/16 + bdob7/OM57etaLjxBtOWtsY9HoAz9I0bT7nToZ5kJdwcncw7kdjSRaPYNq01 + sUPlpGrAbm6k+uaXSBrP9nQ/ZWgEWDt3ht3U9cUkQ1n+1ptrQed5a7shtu3P + GO+aADVNHsLeKFokILTIp+ZjwTz1Naf/AAj+l/8APJv++2/xrM1Qaz5UP2lo + MecmNobO7PGc9q08eIf71t+T0AZmjaPYXWnRTzIS7bskMw6MR2NC6PYHWHtS + h8sQhgNzdd2OuaNGGs/2dF9kMAi+bG/du+8c5x70KNZ/th8GDz/JGeG27d35 + 5zQAato9hbWyyQoQxkRfvMeCeeprT/4R/S/+eTf99t/jWZqw1n7Mv2loCnmJ + jYGznPHXtWnjxD/etvyegDM0jR7C6sllmQlizD7zDoSOxo/sew/tn7LsPl/Z + 9+Nzfe3465z0o0gaz9iX7K0Aj3N98NnO456UY1n+2esHn/Z/9rbs3/nnNABq + +j2FtZGWFCG3KPvMepA7mtP/AIR/S/8Ank3/AH23+NZmrjWfsR+1NAY9y/cD + ZzkY61p48Q/3rb8noAzNJ0ewubUyTISwdx95hwDx0NDaPYDWEtQh8swl8bm6 + 7sdc5o0kaz9lb7M0Gze/3w2c556dqGGs/wBsJkwef5Jxw23bu/POaADWNHsL + XTpZ4UIdSuCWY9WA7mtP/hH9L/55N/323+NZmsDWf7Ol+1NAYsrnYG3feGMZ + 9608eIf71t+T0AZmlaPYXMMrSoSVldR8zDgHjoaJNHsF1aG2CHy2iZiNzdQf + XNGlDWfJl+zNBt8187g2d2ecY7USDWf7Wh3NB53lNjhtu3POe+aAF1fRtPtd + OmnhQh0AwdzHqQO5rRXw/pZAPlt/323+NZ2rjWf7Om+1NAYsDdsDbuo6ZrRU + eIMDDW35PQBm6Zo9hcLcmVCdk7oPmYcDp3om0ewTVba2VD5ciOSNzdR05zRp + Y1nbc/Z2gx577twb73fGO3pRMNZ/tW23tB52x9uA23HfPegB+q6Lp9vp888U + ZDoMg7mPf3NXYtA0xo0YxtkgH77f41S1Ua1/Z8/2loPLx820NuxntmrsQ1/y + 02tbYwMZD0AZ+m6PYTtdiVCfKndF+ZhhRjHei40ewj1Ozt1QhJRIWG5udo45 + zRpo1ndd/Z2g/wBe+/cG+9xnGO1FwNZ/tOz8xoPNxJswG29Oc9/pQBLqWi6d + b2E80UZDopIO5j/WrMGg6Y8EbtGcsoJ+du4+tVtSGt/YJ/tDW/l7Tu2hs49s + 1ZgGv+RHsa227RjIfOMUAUdP0ewnlvFkQkRSlV+ZhgY+tF3o9hHqNjAiEJN5 + m4bm52rkd6NPGs+beeQ0G7zTv3BsbsdsdqLsaz/aNj5rQeb+88vAbb93nd36 + dKAJ9Q0TToLGeaOMhkRiPnY8gfWpbXQtNktYZHjJZkUn526kfWotQGufYZ/P + a38vY27aGzjHbNS2o177LD5bW+zYu3IfOMcZoAp2Oj2E1zeRyISsUgVfmYYG + PrReaPYRXtlEiELKzhvmbnAyO9FiNZ+03nktBv8AMG/cGxnHbHai8Gs/bbLz + Wg8zc+zAbGcc5oAs32h6bDZXEscZDJG7D52PIBI70tloemy2cErxks8asfnb + qRn1pL4a79iuPOa38vy33bQ2cYOce9LZDXfscHlNb7PLXbuDZxjjPvQBVstH + sJb29idCViZQvzNxkZPei+0ewhurKONCFlkIb5mORj60WQ1n7be+UYPM3Lv3 + BsZxxii+Gs/arLzmg3+Ydm0NjOO/tQBcutC02O1mkSMhlRiPnbqB9ai0/RNO + msYJpIyWdFJ+dhyR9aluhr32WbzGt9mxt2A+cY5xUWnjXPsMHkNb+XsXbuDZ + xjjOKAILTR7CTUb6B0JSHy9o3NxuXJ70aho9hBNZrGhAllCt8zHIx9aLQaz/ + AGjfeU0Hm/u/MyG2/d42/h1o1Aaz51n57QbvNGzaGxux3z2oAu3Gg6YkEjrG + cqpI+duw+tV9N0XTriwgmljJd1BJ3MP61YuBr3kSb2ttu05wHzjFV9NGt/YI + Ps7W/l7Rt3Bs498UARW2j2Emp3luyHZEI9o3NxuGTzmjUtHsLdrQRIR5s6I3 + zMeDnPei2Gs/2neeWYPNxHvyG29OMd/rRqQ1ndafaDBnz02bQ33ucZz2oA0J + dA0xY3YRtkAn77f41S0vRdPudPgnljJd1yTuYd/Y1dlGv+W+5rbGDnAeqWlj + Wv7Pg+zNB5W35dwbd174oAZDo9g+qXNuyHy40Qgbm6nrzmjVNHsLdbYxIR5k + 6IfmY8HOe9EI1n+1LnY0HnbE3ZDbcdsd6NUGs7bb7QYMeem3aG+9zjOe3rQB + pNoGlhSfLbp/fb/Gs7SNG0+606GeaMl3BydzDoSOxrRYeINpy1tjHo9Z2kDW + f7Oh+ytAIsHbvDbup64oASPR7BtWmtih8tI1YDc3Un1zRquj2FvDE0SEFpUU + /Mx4J56miMaz/a021oPO8td2Q23bnjHfNGqjWfJi+0tAV81MbQ2d2eM57UAa + f/CP6X/zyb/vtv8AGszR9HsLrTop5kJdt2TuYdGI7GtPHiH+9bfk9ZmjjWf7 + Oi+ytAIvmxvDbvvHOce9AAuj2B1h7UofLEIfG5uu7HXOaNW0ewtrZZIUIYyI + v3mPBPPU0KNZ/th8NB5/kjPDbdu7885o1Yaz9mX7S0GzzExsDZznjr2oA0/+ + Ef0v/nk3/fbf41maRo9hdWQlmQltzDhmHQkdjWnjxD/etvyeuXsta+wwC3e/ + soCCx2zOQ/JPb09KANX+x7D+2fsuw+X9n343N97fjrnPSjV9HsLWyaWFCGDK + PvMepA7mq1pd319qYnsp7adjAQHQs0e0PyMjvmrOrjWfsTfamg8vcv3A2c5G + OtAGn/wj+l/88m/77b/GszSdHsLm2aSZCWEjr95hwDx0NaePEP8AetvyeszS + RrP2ZvszQbPMfO8NnOeenagAbR7AawlqEPlmEtjc3XdjrmjWNHsLXTpZ4UKu + u3B3MerAdzQw1n+2Ey0Hn+SccNt27vzzmjWBrP8AZ0v2poPK+XOwNu+8MYzx + 1oA0/wDhH9L/AOeTf99t/jWZpWj2FzFM0qElZXUfMw4B46GtPHiH+9bfk9Zm + lDWfKm+zNBt8187w2d2ecY7UAEuj2C6tDbBD5bxsxG5uoPrml1fRtPttOmnh + Qh0AwdzHuB3NJKNZ/taHc0HneW23Abbtzznvml1caz/Z032poDFgbtgbd1HT + NAGiugaWVB8tun99v8azdM0ewuFuTKhPlzug+Zh8o6dDWko8QbRhrbGPR6zd + MGs7bn7O0H+vfduDfe74x29KACbR7BNUtrdUPlyI5I3N1HTnNP1TRdPttPnn + ijIdFyDuY9/c0ycaz/altvaDztj7cBtuO+e9P1Qa1/Z8/wBpaDytvzbQ27r2 + zQBci0HTGiRjG2SAfvt/jVDTdHsLhrsSoT5U7ovzMOBjHer8Q1/yk2tbYwMZ + D9MVQ00azuu/s7QZ899+4N97jOMdqAC50ewj1Ozt1Q7JRJuG5v4RxzmptS0X + ToLCeaKMh0UkHcx5/Oobkaz/AGnZ+YYPNxJswG29Oc9/pU2pDW/sE/2hrfy9 + p3bQ2ce2aAJ7fQdMeCN2jOWUE/O3cfWqWn6PYTzXiyISIpSq/MwwMfWrtuNe + 8iPY1tt2jGQ+cYqlp41nzrzyGg3ead+4NjdjtjtQAXej2EWo2MCIQkxk3Dc3 + O1cjvU+oaJp0NjPNHGQyIxHzseQPrUF2NZ/tGx81oPNzJ5eA237vO78OlT6g + Nc+wz+e1v5ext20NnGOcZoAktNC02S1hkeMlnRSfnbqR9aqWOj2E11exyISs + UgC/MwwMfWrdoNd+yw+U1vs2LtyHzjHGaqWI1n7Ve+S0G/zBv3BsZx29qAC9 + 0ewivbKJEIWVmDfM3OBn1q1e6HpsVnPKkZDJGzD526gZ9aq3o1n7bZea0Hmb + m2bQ2M45zVq9Gu/Y5/Na32eW27aGzjHOPegBLHQ9NmsreWSMlnjRj87DkgE9 + 6rWej2Et7exOhKxMgX5m4yMnvVmxGu/YrfyWt/L8tNu4NnGBjPvVazGs/bb3 + ymg8zcm/IbGdvGKAC/0ewhubOONCFlkKt8zHIx9auXWhabHazSJGQyoxHzt1 + A+tU78az9ps/OaDf5h2bQ2M4757Vcuhr32WbzGt9mxt2A+cY5xQBFp+iadPY + wTSRks6KT8zDkj61BaaPYSajfQOhKQ+XtG5uNy5Pep9PGufYYPIa38vYu3cG + zjHfFQWg1n+0b7yjB5v7vzM7tv3eNv4daADUNHsIJbNY0IEswVvmY5GD71en + 0HTEgkdYzlVJHzt2H1qjqA1nzbPz2gz5w2bQ2N2D1z2q9ONf8iTe1tt2nOA+ + cYoArabounXFhBNLGS7qCTuYf1qK30ewfU7u3ZCUiEZUbm43DnnNS6aNb+wQ + fZ2t/L2jbuDZx74qK3Gs/wBp3flmDzsR78htuMcY7/WgA1LR7C3NoIkI82dE + b5mPynOe9aEugaYsbsI2yAT99v8AGs/UhrObT7Q0H+vTZtDff5xnPatCUa/5 + b7mtsYOcB6AKWlaNp9zp8M8sZLuMk7mHf2NMh0ewfVbi2ZD5aIhA3N1PXnNP + 0oa1/Z8P2ZoBFj5dwbd174pkI1n+1bjY0HnbE3ZDbcdsd6ADVNHsLdbYxIRv + nRD8zHg9eprSPh/SwCfLb/vtv8azdUGs7bb7Q0GPPTbtDfe7Zz29a0mHiDBy + 1t+T0AZ2kaNp91p0M8yEu4OTuYdCR2NJHo9g2rS2xQ+WsSsBubqT65pdIGs/ + 2dD9laARYO3eG3dT1xSRjWf7Xl2tB53lLnhtu3PGO+aADVdHsLaGJ4kILSop + +ZjwTz3rT/4R/S/+eTf99t/jWZqo1nyYvtLQFfNTGwNndnjOe1aePEP962/J + 6AMzR9HsLrT455kJdi2TuYdGI7GhdHsDrDWuw+WIQ+Nzdd2OuaNHGs/2fH9l + aDystjeG3feOenvQo1n+2Gw0Hn+SM8Nt27vzzmgA1bR7C2tRJChDF0H3mPBP + PU1p/wDCP6X/AM8m/wC+2/xrM1Yaz9lH2loNm9PuBs5zx1rTx4h/vW35PQBm + aRo9hdWYlmQltzDhmHAOOxo/sew/tkWuw+X5G/G5vvbsdc56UaQNZ+xj7K0A + Tc33w2c556UY1n+2R80Hn+R6Ns2bvzzmgA1jR7C1sWmhQhgyjO5j1IHc1p/8 + I/pf/PJv++2/xrM1caz9hb7UYDHuXOwNnORjrWnjxD/etvyegDM0nR7C5tnk + mQkiR1+8w4B46GrEFhbWWuxpbqVHks3JJ5zjvVfShrP2Z/szQbfMfO8NnOee + narEAvxrsf20xlvJb/V5xtz7980AdLRRRQAUUUUAFFFFABRRRQB//9H9z5dX + tG1WC4G/Ykbg/Ic5PtTtW1izudOmhj37mAxlCB1HfFaU/wDyHLX/AK5PT9d/ + 5BNx9B/MUAQR67YqigiTgD+Bv8Kz9M1e0g+1+Zv/AHlxI4whPBxjPFdVF/qk + +grI0b/l+/6+pf6UAZlxq9o+qWtwN+yNXB+Q55HYYqTU9Zs7iwnhj37nXAyh + A/PFX7r/AJDdj/uS/wAqn1r/AJBVz/uUAVIdcsUhRSJMhQPuN6fSqGnavaQS + XZffiSZmGEJ4OOtdPb/8e8X+6v8AKszSP9bf/wDXw38hQBl3Wr2kmpWU679s + Xm7vkOfmXAwO9TajrNnPYzwoH3OhAyhA/lV69/5DGm/Sb/0EVY1f/kGXP/XN + qAM+21yxjtokYSZVFB+Q9h9Kp2Gr2kNxeO+/Esm4YQnjHeuks/8Ajzg/65r/ + ACrO0r/j61D/AK7f0oAzLzV7SW/spl37Yi5bKHPK4445qzfa1ZTWVxEm/c8b + AZQgZI+lW7//AJCmm/70n/oNW9T/AOQddf8AXJ/5GgDKs9bsorSCNvMyiKDh + CeQPpVWy1e0iu72R9+JXUjCE9B3rotP/AOPC2/65J/6CKo6b/wAf+o/9dF/9 + BoAy77V7SW7spE34ick5QjqO1WrzW7KW0njUSZdGAyhHJH0qzqX/AB/6d/10 + b/0Gr+of8eFz/wBcn/8AQTQBi2GtWUNlBE4fciKDhCRkD6VXs9XtIr++mbft + lKbcIc8Ljnjit/S/+Qba/wDXJP5VT0//AJCmpf70X/oNAGZf6vaTT2bpvxFL + uOUI4x2q7c65YyW8qKJMsjAfI3cfSp9U/wCPrT/+u39K0bz/AI9J/wDcb+VA + GBp2s2cFjBC4fciAHCEj+VQ2ur2kepXs7b9soj2/Ic/KuDkY4rc0j/kGW3/X + NarWX/IZ1H6Q/wDoNAGZqOr2k72hTf8Au5lY5QjgZ6Vfm1yxeF1AkyVI+43p + 9Kk1f/W2H/Xwn9a1Lj/j3l/3W/lQBzml6xZ2+nwQyb9yLg4Qkfnio4NXtE1S + 6uDv2SKgHyHPA9MVs6L/AMgq2/3f61Fa/wDIavf9yL+VAGXqer2k/wBl8vf+ + 7uI3OUI4Gc44rRfXbEowAk5B/gb/AAp+s/8ALj/19Rf1rWk/1bfQ0AcvpOsW + dtp0MMm/coOcISOp74psWr2i6rPcHfseNQPkOcj2rX0L/kE2/wBD/M0yD/kO + XX/XJKAMvVNXtLiOBY9+UmRjlCOBWn/b1h6Sf98N/hRrf+ptv+viP+dbR6UA + clo+r2lrpsMEu/cu7OEJHLE9cUJq9oNXkuTv2NCF+4c5Bz0xWp4e/wCQPb/8 + C/8AQjRH/wAh+X/rgv8A6FQBl6rq9pcW6JGHyJEblCOAa0/7esPST/vhv8KX + XP8Aj1i/67R/zrZoA5LR9XtLawSGXfuBY8ISOWJ7UDV7T+2Dc/Ps8gJ9w5zu + z0xWn4f/AOQZH/vP/wChGlH/ACMDf9ew/wDQ6AMvV9XtLmz8qPfu3oeUI6H6 + Vp/29Yekn/fDf4Ua/wD8g/8A7aJ/6FW1QByWk6vaW1oY5N+d7nhCeCaDq9p/ + bC3Pz7BAU+4c53Z6VqaD/wAeJ/66Sf8AoVDf8jAv/Xsf/Q6AMvWNXtLmwkhi + 37iV6oQOGB61p/29Yekn/fDf4UviD/kFS/VP/QhWzQByWlavaW8EiSb8tK7c + ITwTRJq9odXiuRv2LEyn5DnJPpitTQ/+PWX/AK7SfzpJf+Q9B/1wb+dAGZrG + r2lzps0EW/c23GUIHDA9cVpDXrDA4k/74b/CneIP+QRcf8B/9CFbA6CgDk9L + 1e0t0uBJv+eZ2GEJ4NE2r2jarb3AD7ERwfkOcn2rT0T/AFV1/wBfEn9KW4/5 + Dlr/ANcpKAM7VdYs7jT5oY9+5gMZQgdR3xV2PXbEIoIk4A/gb/Cp9d/5BNz/ + ALo/mK04v9Un0FAHK6Zq9pAbvzN/7yd3GEJ4OOtFxq9o+qWlwu/ZGsgPyHPI + 4wK09G63/wD19Sf0ou/+Q1Y/7sv8qAKGp6zZ3FhPDHv3OuBlCB+eKtQa5YpD + GpEmQoH3G9PpVzWv+QVc/wC5V22/49ov9xf5UAcxp2r2kMl4zh8STMwwhPBA + 60XWr2kmpWM679sXm7soc/MoAwMc1qaT/rr/AP6+G/kKL3/kMab/ANtv/QRQ + BS1HWbKaxniTfudCBlCBz+FS22uWMdtEjCTKooPyHsPpWjq3/IMuv+ubfyqe + z/484P8Armv8qAObsNXtIbi8d9+JZNwwhPGO/FF5q9pLf2Uy79sRctlDnlcc + etael/8AH3qH/Xb+lGof8hPTf96T/wBBoAq32tWU1lcRIH3PGwGUIGSPpS2e + t2UVnBEwk3JGoOEJ5A+laup/8g66/wCuT/yNO07/AJB9t/1yT/0EUAc9Zava + RXl7K2/bK6kYQk8DHPHFF9q9pLd2Uib8ROScoRwR2rU07/kIaj/vp/6DRqX/ + AB/ad/10b/0GgCtd63ZSWk0aiTLowGUPUj6Uyw1qyhsYIn37kRQcISMgfStq + /wD+PG5/65v/AOgmo9L/AOQba/8AXNf5UAYNpq9pHqF9MwfbKY9uEOeFwcjt + RqGr2k09m6b8RS7jlCOMdq07D/kK6l9Yv/QaNV/4+dP/AOuw/lQBDca5Yvby + ookyysB8h7j6VBp2s2cFhBC+/ciAHCEj+Vb93/x6zf7jfyqtpH/IMtv9wUAY + dtq9pHqV7O2/bKI8fIc/KMHIxRqOr2k72hTf+7mVjlCOBnpxWpZ/8hjUfpD/ + AOgmjV/9ZYf9fKfyNAEU2u2LROoEmSpH3G9PpVTS9Ys7fT4IZN+5FwcISPzx + XSXH+ok/3T/KqGif8gq2/wB3+tAGNBq9omqXVwd+yRUA+Q549qNT1e0uBa+X + v/dzxucoRwM5rTtf+Q3e/wC5H/Kl1npZf9fUX9aAGPr1gVIAk5B/gb/CqGk6 + xZ22nQwSb9yg5whI6nviupf7jfQ1laD/AMgm3+h/9CNAGTFq9ourT3B37HjV + R8hzkH0o1XV7S4ihWPflZkY5QjgGtSD/AJDtz/1yT+dJrn+pt/8Ar4j/AJ0A + H9vWHpJ/3w3+FZmjavaWumwwS79y7s4QkcsT1ArraxfD3/IHt/8Agf8A6EaA + MxNXtBq8lyd+xoQv3DnOc9MUarq9pcW6JHvyJEblCOAa04/+Q/L/ANe6/wDo + VLrv/HpH/wBdY/50AJ/b1h6Sf98N/hWZpGr2ltYrFJv3BmPCEjlia62sbQP+ + QYn+8/8A6EaAMsataf2z9pw+wwbPuHOd2elee/HrxC+j+Cv7OgbbNq0ohOOv + lL8z/nwp9jXqw/5GE/8AXr/7PXhPxz8I+LfFl/pSaDYPeW9pFKWKsigPIwyP + mI7KK9vh2FN4ym6rSitdfLb8T53iudVZfVVCLcmraK71dnt5XPj6ivSv+FQf + Ej/oCSf9/Iv/AIuj/hUHxI/6Akn/AH8i/wDi6/Yv7Vwv/P2P/gSPwH+w8b/z + 4n/4C/8AI81or0r/AIVB8SP+gJJ/38i/+Lo/4VB8SP8AoCSf9/Iv/i6P7Vwv + /P2P/gSD+w8b/wA+J/8AgL/yPNaK9K/4VB8SP+gJJ/38i/8Ai6P+FQfEj/oC + Sf8AfyL/AOLo/tXC/wDP2P8A4Eg/sPG/8+J/+Av/ACPNaK9K/wCFQfEj/oCS + f9/Iv/i6P+FQfEj/AKAkn/fyL/4uj+1cL/z9j/4Eg/sPG/8APif/AIC/8j3D + 9nLxC9xpmo+GZ2z9jcTwg/3JOHA9gwB+rV7ZYalbWLXcM4fd9okPCk8E+1fP + fwZ8DeNvCvjA32saa9raTW0kTuXQjJKsOFYnqtfUFmgjkugO8ufzRTX5JxTG + l9clKk007PTXXqfuvBcq39nwhXi043Wqadum/wBxgTavaNqtvcDfsRHB+Q5y + fbFP1XWLO40+aGPfuccZQgdfXFaFx/yHLT/rnJUuuf8AIJuf90fzFfOn1ZXj + 12xWNQRJwB/A3+FZ+m6vaQG78wP+8ndxhCeDjrXUw/6pP90fyrK0frff9fUn + 9KAMu41e0fU7Sdd+2NZAfkOeRxgVLqes2c9hPDHv3OpAyhA/lV+7/wCQ1Yf7 + sv8AIVNrP/ILuf8AcNAFODXLFII0PmZVQPuN2H0qjp2r2kEt4z78SzFhhCeC + O/FdNa/8e0X+4v8AKszSf9dqH/Xw38hQBmXWr2kmo2M679sXm7soc/MuBgY5 + qfUNasprGeJA+50YDKEDkfSrt9/yF9M/7bf+gVZ1b/kGXX/XNv5UAZ1rrdjH + bQxsJMqig/Iew+lU7DV7SG5vHffiWTcMITxjvXSWX/HnB/1zX+VZ+l/8feof + 9dR/KgDLvNXtJb6ylXftiZy2UOeRjirN9rVlNZXESb9zxsBlCBkg+1WtQ/5C + Wm/70n/oNXdT/wCQddf9cn/9BNAGTZa3ZRWcETiTckag4QkZA+lVbLV7SK8v + ZX37ZWUrhCTwO/pXQ6d/yD7X/rkn/oIqjp3/ACEdR/30/wDQaAMy+1e0lurK + RA+InJOUI4x2q3d63ZSWs0aiTLIwGUPUj6VZ1P8A4/dO/wCup/8AQav3/wDx + 43H/AFzf+RoAxLDWrKGxgiffuRFBwhIyB9Kr2mr2keoX0zb9spj24Qk/KuDk + Y4re0v8A5Btr/wBc1/lVWw/5C2pfWL/0GgDL1DV7SaazZN+IpQxyhHGO3FXb + jXLF7eVF8zLKwHyN3H0qbVf+PjT/APruP5VpXf8Ax6zf7jfyoAwNN1mzgsII + X37kUA4QkfyqG21e0TU7ydt+2UR4+Q5+Uc5Fbej/APILtv8AcFQWf/IZ1D6Q + /wDoJoAy9S1e0na0Kb/3c6ucoRwM9Kvy67YtE6gSZII+43p9Kl1j79h/18p/ + WtSf/USf7p/lQBzel6xZ2+nwQyb9yLg4QkdfXFRwavaJqlzcHfskRAPkOePb + FbOif8gq2/3f61Dbf8hu8/65x0AZmp6vaXAthHv/AHc6OcoRwM57Vovr1gVI + Ak5B/gb/AAp2tfdsv+vqL+tbD/cb6GgDldI1ezttOhgk37lBzhCR1PfFJFq9 + ourTXJ37GjVR8hzkH0rW0H/kEW/0P/oRpsP/ACHbj/rin86AMvVNXtLiKFY9 + +VmRjlCOAfpWn/b1h6Sf98N/hS63/qLf/rvH/OtmgDktG1e0tdOigl37l3Zw + hI5YnrQur2g1h7n59hhC/cOc7s9K0/D3/IIg/wCB/wDoRoT/AJGCT/r3H/oV + AGZq2r2lzbKke/IkRuUI4BrT/t6w9JP++G/wo13/AI80/wCusf8AOtqgDktI + 1e0trJYpN+4Mx4QkcsTR/a9p/bP2r59n2fZ9w5zvz0xWpoH/ACDV/wB9/wD0 + I0f8zD/26/8As9AGXq+r2lzZGKPfu3KeUIHBB9K0/wC3rD0k/wC+G/wpdf8A + +Qcf99P/AEIVs0AclpOr2ltatHJvyXc8ITwTQ2r2h1hLn59ghK/cOc7s9K1N + C/48m/66yf8AoVI//IwR/wDXuf8A0KgDM1jV7S606WCLfuYrjKEDhgeuK0/7 + esPST/vhv8KPEP8AyCZvqn/oQraoA5LStXtLeGVZN+WldhhCeCfpRJq9o2rQ + 3A37FiZT8hzkn0rU0T/j3n/67yfzol/5Dtv/ANcX/nQBmavq9pc6dNBHv3MB + jKEDgg9cVorr1gABiT/vhv8ACn6//wAgi4+i/wDoQrXX7o+lAHJ6Xq9pbrci + Tf8APO7jCE8HpRNq9o+q21wN+xEcH5Dnn2rU0X7l3/18y/0pLn/kOWf/AFzk + oAz9V1izuNPnhj37nGBlCB19cVdi12xWNFIkyAB9xv8ACrGt/wDIKuf93+ta + MP8AqY/90fyoA5bTdXtIGuy+/wDeTu4whPBx14ouNXtH1OznXftjEgPyHPzD + jArU0f71/wD9fMn9KLv/AJDNh/uy/wAhQBQ1LWbOewnhj37nUgZQgfyqzBrl + ikEaESZVQPuN2H0q7rP/ACC7n/cNW7X/AI9ov9xf5UAczp+r2kMt4z78Sylh + hCeMd6LvV7STUbGdd+2LzN2UOfmXAwO9aek/6/UP+u5/kKL7/kL6Z/22/wDQ + aAKeoa1ZTWM8Sb9zowGUIHI+lS2ut2UdrDGwkyqKDhD2H0rR1b/kGXX/AFzb + +VTWP/Hlb/8AXNP5CgDnLHV7SG5vJH34lkBGEJ4x3ovNXtJb2ylUPtiZy2UI + PIxx61qaZ/x+aj/11H8qNQ/5CWm/78n/AKDQBUvtaspbK4iTfueN1GUIGSCP + SlstbsorOCJt+5I1BwhIyB9K1tS/5B11/wBcn/8AQTS6d/yD7X/rkn/oIoA5 + 6y1e0ivb2V9+2VlK4Qk8DvxxRfavaTXVlIm/EUhJyhHGO3Faenf8hLUv99P/ + AEGjU/8Aj907/rqf5UAQXWt2MlrNGvmZZGAyh7j6VFp+tWUNjBE+/ciKDhCR + wPpW5ff8eVx/1zf+RqLSv+Qba/8AXNf5UAYNpq9pHqN9OwfbL5e3CHPyrg5H + ajUNXtJprNkD4ilDHKEcY7VqWP8AyFtS+sP/AKDRqv8Ax8af/wBdx/I0AQXG + uWLwSIBJllI+43cfSq+m6zZwWEEMm/cigHCEj+VdDdf8es3+438qqaN/yC7b + /cFAGJbavaJqd5cNv2yiPHyHPyjnIxRqWr2k7WhTf+7nRzlCOBnpWnZ/8hrU + P92L/wBBo1j79h/18x/1oAZLrti0bqBJkgj7jf4VS0rWLO30+CGTfuQYOEJH + X1xXTTf6mT/dP8qztE/5BVt/u/1oAx4dXtE1S5uDv2OiAfIc8e1GqavaXC2w + j3/JOjnKEcDOa1Lb/kN3n/XOOk1r7ln/ANfMX9aAEbXrAqRiTp/cb/Cs7SNX + tLbToYJN+5Qc4Qkcknriuqf7jfQ1k6B/yCLf6N/6EaAMqPV7RdWmuTv2NEqj + 5DnIPpijVdXtLiGJYw+VlRjlCOAa04f+Q9cf9cU/nS63/wAe8H/XeP8AnQAn + 9vWHpJ/3w3+FZmj6vaW2nRQSh9y7s4QkcsT1FdbWN4f/AOQTB9X/APQjQBlr + q9oNYe5+fYYQv3DnO7PSjVtXtLm2WOPfkSIeUI4BrUT/AJD8n/XuP/QqNd/4 + 80/66x/zoAT+3rD0k/74b/CvnPxQwbVnI/uj+tfU1fLfir/kLP8A7o/maCon + oXgC+gtLWOSXdgRyLwCeTJntXa6vq9pc2TRRB9xZTyhA4INct8Nv9RF/1xk/ + 9G13uv8A/INb/fT/ANCFAmJ/b1h6Sf8AfDf4VmaTq9pb2zRyb8mRzwhPBNdb + WNoX/Hm//XWT+dAjLbV7Q6wlz8+wQlfuHOd2elGsavaXWnSwRb9zbcZQgcMD + 1Nab/wDIwR/9e5/9CpfEH/IJn+qf+hCgBP7esPST/vhv8KzNK1e0t4Zlk35a + V2GEJ4JrraxdD/1Fx/13k/nQBmS6vaNq0NwA+xY2U/Ic5J9KXV9Xs7nTpoI9 + +5gMZQgdR3xWnN/yHbf/AK4v/Ona9/yCLj6D/wBCFAEa69YBQMSdP7jf4Vm6 + Zq9pAtyJN/7yd3GEJ4PTtXVp9xfoKyNF+7ef9fMv9KAMubV7R9Utrgb9iI4P + yHPPtT9V1izuNPnhj37nGBlCB19cVo3P/Ibs/wDrnJUmt/8AIKuf93+tAFaL + XbFYkUiTIAH3G9PpVDTdXtIGuzIH/eTu4whPBx1rqIP9RH/uj+VZWj/fv/8A + r5k/pQBmXOr2j6nZ3C79sQkz8hz8w4wMVNqWs2c9hPCm/c6kDKED+VXbz/kN + af8A7sv/AKDVjWP+QXc/7hoAo2+uWKQRoRJlVA+43YfSqWn6vaQzXjPvxLKW + GEJ4x34rprX/AI9Yf9xf5Vm6V/x8ah/13P8AIUAZd3q9pJqNjOu/bEZN2UOf + mXAwMc1PqGtWU1jPEm/c6MBlCByPpVy//wCQtpv1l/8AQat6r/yDbr/rm38q + AMy01uyjtYY2EmVRQcIeoH0qpY6vaQ3V7I+/EsgIwhPGO/FdHYf8eNv/ANc0 + /kKz9M/4/dR/66j+VAGZe6vaS3tlKu/bEzE5Qg8jHHHNWr3W7KWzniQSbnjY + DKEDJH0q1qP/ACEdO/33/wDQau6j/wAg+6/65P8A+gmgDHsdasorK3iffuSN + FOEJGQAPSq1nq9pFe3srb9srIVwhJ4XHPpXQab/yDrX/AK5J/wCgiqen/wDI + S1L/AH4//QaAMu/1e0mubN034ikLHKEcY7VcutbspLWaNRJlkYDKHuPpU+qf + 8fmnf9dT/KtC+/48rj/rm/8AI0AYen61ZQ2MET79yIoOEJHA+lQWmr2keo30 + 7b9svl7cIc/KuDkdq3dJ/wCQZa/9c1/lVWx/5C+p/wDbH/0GgDM1DV7SaWzZ + N+I5gxyhHGD04q9Prli8EiASZZSPuN3H0qbVv9fp/wD13X+RrSuv+PaX/cb+ + VAHPabrNnBYQQyb9yKAcISP5VFb6vaJqd3cNv2SCMD5Dngc5Fbejf8gu2/3B + Ve0/5DV//uxfyoAzNS1e0nNoY9/7udHOUI4GenFaEuu2LRuoEmSCPuN/hT9Z + +9Yf9fUf9a1pv9TJ/un+VAHM6VrFnb6fDDJv3IOcISOvrimQ6vaLqtxcHfsd + EA+Q5yPatjQ/+QTbf7p/majt/wDkOXf/AFzjoAy9T1e0uFtxHv8AknRzlCOB + Wk2vWBBGJP8Avhv8KdrX3LT/AK+Yv61sN90/SgDlNI1e0ttOhgk37lBzhCRy + SeuKSPV7RdXluTv2NEqj5DnIPpWroH/IIt/o3/oRpsX/ACHp/wDriv8AOgDM + 1XV7S4hiWPflZUY5QjgH6Vp/29Yekn/fDf4Ua5/x7wf9d4/51tUAclo+r2lt + p8cMu/cpbohI5YnrihdXtBrDXPz7DCE+4c53Z6VqeH/+QTD9X/8AQjQv/IwP + /wBew/8AQ6AMvVtXtLm1EcYfIdDyhHANaf8Ab1h6Sf8AfDf4Uuu/8eS/9dY/ + /Qq2aAOS0jV7S2sxFJv3bmPCEjk0f2vaf2yLr59nkbPuHOd2elaegf8AIOH+ + +/8A6EaD/wAjEP8Ar1/9noAzNX1e0ubFoot+4sp5QgcEGtP+3rD0k/74b/Cj + xB/yDX/3k/8AQhW1QByWk6vaW9s6Sb8mR24QngmrEF9Bea7G8O7HksvzKRzn + Permhf8AHpJ/11k/nQ//ACH4v+vdv/QqANmiiigAooooAKKKKACiiigD/9L9 + z5dItF1WC3G/Y8bE/Oc5HvT9W0izt9Ommj37lAxlyR1HamSnWP7Vg3CDzvLf + bgttx3z3zT9WOs/2dN9pEAiwN2wtu6jpnigC9HoViUUnzOQP42rO0zSbSf7X + 5m/93cSIMORwMYrRjOv7F2rbYwMcvWdph1j/AEv7OIP+PiTfuLff4zjHb0oA + LjSbRNUtbdd+2RXJ+c54HHNS6no9nBYTzR79yLkZckflUVwdY/tS13iDztr7 + MFtuMc57/SpdTOtfYJ/tAt/L2/NtLbse2aALUOh2LQxsfMyVB++3pVDTtItJ + pLwPvxHMyjDkcDHWr8J1/wAmPYttt2jGS+cYqhpx1nzLzyBBnzm37i33uM4x + 2oALrSLSPUrKBd+2Xzd3znPyrkYPap9R0azgsZ5k37kQkZckflUF0dY/tKy8 + wQeb+92YLbfu8579OlT6idb+wz+eLfy9h3bS+ce2aAJrbRLGS2idt+WRSfnb + uKpafpNpNcXiPvxFLtGHI4x39au2x177NF5a223YuMl84xxmqWnnWPtF55Ig + 3eb8+4tjdjtjtQAXmkWkd/Ywrv2ylw2XJPC54ParN/otlFZXEqb9yRsRlyRk + Cq14dZ+32PmiDzMvswW2/d53fh0xVm/OufYrjzlt/L8tt20vnGOcZ70AOs9E + spbSCRt+XRScORyRVSy0i0lu72Nt+2J1Aw5HUZ59at2Z137JB5S2+zYu3JfO + McZ96qWR1n7Xe+SIN+9d+4tjOOMYoAL7SbSK7so034ldgcuT0Hb0q3eaJZRW + k8i78ojEZcnkCql8dY+12XnCDfvbZtLYzjvmrd4dd+yT+atvs2NuwXzjHOPe + gBthotlNZQSvv3Oik4cgZIqtZ6TaSX99C2/bEU24cg8rk5PerNgdc+xQeSLf + y9i7dxfOMcZx3qtZnWPt995Qg8zKb8ltv3eNv4dc0AF/pFpDPZom/Esu05cn + jHartzolilvK678qjEfOewqlfnWfPs/OEG7zfk2lsbsd89qu3J177PL5i223 + Y2cF84xzigCHTtGs57GCZ9+50BOHIH5VBa6TaSanewNv2xCPb85z8y5OT3qf + Tjrf2GDyBb+XsG3cXzj3xUFqdY/tO98sQebiPfktt+7xjv060AGo6TaQPaBN + /wC8mVTlyeDnpV+bQ7FYZGHmZCk/fb0qhqR1jzLPzxBnzl2bS33u2c9qvzHX + /Jk3rbbdpzgvnGKAKml6PZ3GnwTSb9zrk4cgflUcGkWj6pdW537I1Qj5znke + tSaWda/s+D7OLfy9vy7i27Hvio4DrP8Aal1sEHm7U35LbcY4x3+tABqekWkH + 2XZv/eXEaHLk8HOa0X0KwCMR5nAP8bVnamdZ/wBF+0CD/j4j2bS33+cZz29a + 0XPiDY2VtsYPd6AKOk6RZ3GnQzSb9zA5w5A6ntTItItG1We3O/YkaEfOc5Pv + T9JOs/2dD9mEHlYO3eW3dT1xxTIjrP8Aas+0Qed5absltuO2O+aADVdItLeO + Bo9+XmRTlyeDWmdBsMf8tP8Av41ZmqnWPLg+0iDHnJt2lvvds57Vpk+IP7tt + +b0AZmjaRaXOmwzy79zbs4cgcMR0oTSLQ6vJbHfsEIb75zknHWjRjrP9mw/Z + RAYvmxvLbvvHOccdaEOs/wBryYEHneSM8tt25/PNABq2kWlvbo8e/JkReXJ4 + JrU/sGw/6af9/GrL1Y6z9nT7SINvmJjYWznPHXtWpnxB/dtvzegDL0fSbS5s + Eml37iWHDkDhiOlA0i0/tk23z7PID/fOc7sdaNHOsfYE+yiAx7mxvLZ+8c9K + AdY/tk8Qef5A7tt27vzzmgA1fSbS2s/Nj37t6DlyeprU/sGw/wCmn/fxqy9X + OsfY/wDShBs3p9wtnOeOtamfEH922/N6AMvSdItLi0Mkm/O9xw5HQ0HSLT+2 + Ftvn2GAv985zux1o0k6z9kP2YQbN7/fLZznnpQTrP9sLxB5/kHu23bu/POaA + DWNItLawkmi37lK9XJHLAdK1P7BsP+mn/fxqy9YOs/2fJ9qEHl5XOwtu+8Md + fetTPiD+7bfm9AGXpWkWlxBI8m/KyuvDkcA0SaTaDV4rYb9jRMx+c5yD60aU + dZ8iT7MINvmvneWzuzz07USHWP7Xi3CDzvKbHLbduec980ALrGkWltps08W/ + cu3GXJHLAdK0hoNhgf6z/v41ZusHWf7Nm+1CARfLnYW3feGMZ461pA+IMD5b + b83oAzNL0m0uEuDJv+SZ1GHI4FE2kWi6rb2437HRyfnOcj3o0s6x5dx9nEGP + OfduLfe74x2omOs/2rb7hB52x9uC23HfPfNAD9W0ezt9Pmmj37lAxlyR1Har + 0ehWJRSfM5A/jaqOrHWv7Pm+0iDysDdsLbuo6Z4q9Gdf2LhbbGB3egDO0zSb + Sc3fmb/3c7oMORwMYzXlfxJtksNYtordmCtADyxPO5h3r1TTDrGbv7OIP+Ph + 9+4t9/jOMdq8p+JX23+2Lb7cIw/kDHl5xjc3rQVE1fBNrHP4b1G6lLGSKTA+ + Y4+6O1eoQaHYvDG58zLKD99u4ry7wR9t/wCEa1HyRH5HmfPuzv8Aur0xxXqM + B17yY9i223aMZL5xigTKGnaRaTSXivvxHMyjDkcADrRdaRaR6lYwLv2y+bu+ + c5+VcjB7UacdZ8y88gQZ85t+4t97A6Y7UXR1n+0rHzBB5v73Zgtt+7zu79Ol + AifUdGsobGeVN+5EJGXJHHtU1toljJbRO2/LIpPznuKh1E639hn88W/l7Du2 + l849s1NbHXvs0Xlrbbdi4yXzjHGaAKVhpNpNcXiPvxFJtGHI4x39aLzSbSK/ + sYV37ZWcNlyTwueD2osDrH2i88kQbvM+fcWxnHbHai8Osfb7HzRB5m59mC2P + u87vw9KALN9otlFZXEqb9yRsRlyRkCnWei2UtnBK2/LxqThyOSKbfHXPsVx5 + wt/L8tt20vnGOcZ706zOu/Y4PKW32eWu3cXzjHGfegCpZaRaS3l7E2/bE6gY + cjqM8+tF9pFpFd2Uab8SuQcuTwB29KLI6z9svfKEG/eu/cWxnHGP/r0Xx1n7 + XZecIN+87NpbGcd80AW7vRLKO0mkXflEYjLk8gUyw0WymsYJX37nRScOQMkU + +7Ou/ZJvNW32bG3YL5xjnFMsDrn2GDyRb+XsXbuL5xjjOKAK9ppFpJqF9C2/ + bEY9uHIPK5OT3o1DSbSGezRN+JZdpy5PGO3pRaHWP7QvvKEHmZj35Lbfu8bf + w65o1A6x59n54g3eb8m0tjdjvntQBduNDsUt5XXzMqrEfOewqDTdGs57CCZ9 + +50BOHIH5VPcHXvs8u9bbbtbOC+cY7VBpp1v7BB5At/L2DbuLZx74oAhttIt + JNTvYG37YhHj5zn5hk5PejUdItIHtAm/95MqnLk8HPSi2Os/2ne+WIPNxHvy + W29OMd/rRqJ1nfaeeIM+cuzaW+9zjOe1AF+bQ7FYnYeZkKT99vSqml6PZ3Gn + wTSb9zrk4cgdfSrcx1/yn3LbY2nOC+cYqppZ1r+z4Ps4t/L2/LuLbsZ74oAj + g0m0fVLq3O/ZGqEfOc8+9Gp6RaQC18vf+8njQ5cng5zRAdY/tS62CDztqbsl + tuO2O9GpnWcWv2gQf6+PbtLff5xnPb1oA0n0KwCMR5nAP/LRqz9I0izudOhm + k37mBzhyB1PatBz4g2NlbbGD3es/SDrP9nQ/ZhB5WDt3lt3U9ccUANi0i0bV + p7c79iRqw+c5yT60arpNpbxQtHvy8yKcuTwTREdY/tafaIPO8td2S23GeMd8 + 0aqdY8qH7SIMecm3aW+92zntQBqf2DYf9NP+/jVl6NpNpdabDPLv3NuzhyBw + xHQVqZ8Qf3bb83rL0Y6x/ZsP2UQGL5sby277xznHHWgATSbQ6xJbfPsEIb75 + znOOtGraRaW9sjx78mRF5cngmhDrH9sSYEHn+SM8tt25/PNGrHWPsyfaRBt8 + xMbC2c5469qANT+wbD/pp/38asvSNItLmxWWTfuLMOHIHDEVqZ8Qf3bb83rL + 0c6z9hX7KIPL3NjeWzncc9PegCSLTLaHXRGm7CQiQZYk7g+Py9q19UuZbO0M + 8J+bco5HHJxWIDrH9sniDz/I9W2bN355zRq51j7GftQgCbl+4WznPHWgDrMH + 1NZul3Mt5bGWU/MHZeB2BxUOfEH922/N6y9IOsfZD9mEGze/3y2c556UAbZu + ZRqq2Wf3ZhL9Oc7sUmq3MtlYvcQn51K4yOOSBWKx1j+2FyIPP8g9227d355z + RrB1j+z5PtQg8vK52Ft33hjr70AdZg+prO025lu4ZHlPKSOgwOynioM+IP7t + t+b1l6UdZ8mX7MINvmvneWzuzzjHagDbe5lXVI7MH928bOeOcg4o1W5ls7CW + 5hPzpjGRxyQKxJDrP9rxbhB53lNjltu3POe+aXWDrP8AZ032oQCLjdsLbvvD + pnjrQB1QBIBya5y1sodTkuri63b1mZPlYqMIABwKtKfEGBhbb83rN0s6xsuP + s4gx577txb73fGO3pQATaTaLqtvbjfsdHJ+c5yPen6ro9nb6fNNHv3KMjLkj + r6UyY6x/atvuEHnbH24Lbcd896fqp1r+z5vtIg8vHzbC27r2zxQBej0KxaNW + PmcgfxtWdpukWk5u/M3/ALud0GHI4GK0Izr/AJa7VtsYGMl6z9NOsZu/s4g/ + 1779xb7/ABnGO1ABcaRaJqdpAu/bIshPznPA4wal1PR7OCwnmj37kXIy5I/K + org6z/adpvEHm7ZNmC23GOc9/pUupnW/sE/2gW/l7fm2lt2PbNAFmDQ7F4I3 + PmZZQfvt3FUdO0m0mlvFffiOYqMORwB3q9Ade8iPYttt2jGS+cYqjpx1jzbz + yBBnzjv3FvvY7Y7UAF1pFpHqVjAu/bL5u7LnPyrkYPap9Q0ayhsZ5U37kRiM + uSOB6VBdHWf7SsfMEHm/vdmC237vO7v06YqfUDrn2Gfzxb+XsbdtL5xjtmgC + W10SxktoZG35ZFJ+c9xVOw0i0mubxH34ik2jDkcY7+tXLU699mh8tbbZsXGS + +cY4zVOwOs/abzyRBu8z59xbGcdsdqAC80i0ivrKJd+2VnDZck8DPHpVm+0W + yisriVN+5I2Iy5IyBVa8OsfbrLzRB5m59mC2M453f/WqzfHXPsVx5wt/L8tt + 20vnGOcZ70ALZaLZS2cEr79zxqThyOSKq2Wk2kt7exPv2xMoXDkdR39atWR1 + 37HB5Qt9nlrt3F84wMZ96q2R1j7be+UIN+5d+4tjOOMf/XoAL7SLSK6so034 + lcg5cnjHb0q5d6JZR2s0i78qjEZcnkCqd8dZ+1WXnCDfvOzaWxnHfParl2dd + +yzeatvs2NuwXzjHOKAI7DRbKaxglffudFJw5AyRVe00i0k1C+hbftiMe3Dn + PK5OT3qxYHXPsMHki38vYu3cXzjHGcVXtDrH9oX3lCDzcx78ltv3eNvfp1zQ + AahpNpDNZqm/EsoU5cnjHb0q9caHYpbyuu/KqxHzt2FUdQOsedZ+eIN3mjZt + LY3Y757VduDr32eXettt2tnBfOMdqAINN0aznsIJn37nUE4cgflUNtpFo+p3 + kDb9sQjx85z8w5yam00639gg8gW/l7Rt3Fs498VDbHWf7TvPLEHm4j35Lben + GO/1oANS0i0ga0Cb/wB5OqHLk8HPStCXQrFYnYeZkKT99vSs/UjrO6088QZ8 + 9dm0t97nGc9q0JTr/lPuW2xtOcF84xQBT0vR7O40+CaTfudcnDkDr6VHBpFo + +q3Nud+yNEI+c5596k0s61/Z8H2cW/l7fl3Ft2M98VHAdY/tW52CDztibslt + uO2O9ABqmk2luLXy9/7yeNDlyeDnNaT6FYBSf3nAP8bVm6odYxa/aBB/r49u + 0t9/nGc9vWtJz4g2NlbbGD3egDP0jSLO506GeTfuYHOHIHU9qbFpFo2rTW53 + 7FjVh85zkn1p2kHWf7Oh+yiAxYO3eW3dT1xxTYjrP9rTbRB53lruyW24zxjv + mgA1XSLS3ihaPflpkU5cngmtT+wbD/pp/wB/GrL1U6z5UP2gQY85Nu0tndnj + Oe1amfEH922/N6AMvRtJtLrTop5d+5t2cOQOGI6ULpNodYe2+fYIQ33znO7H + WjRjrH9nRfZRAYvmxvLbvvHOccdaFOsf2w+BB5/kjPLbdu7885oANW0m0trZ + ZI9+TIg5cngmtT+wbD/pp/38asvVjrH2ZftIg2eYmNhbOc8de1amfEH922/N + 6AMvSNItLmyWWTfuLMOHIHBIo/si0/tn7L8+z7Pv++c53460aQdZ+xL9lEHl + 7m++WznJz096M6z/AGz0g8/7P6ts2b/zzmgA1fSLS2sjLHv3blHLkjkgVqf2 + DYf9NP8Av41ZernWfsR+1CDy9y/cLZzkY61qZ8Qf3bb83oAy9J0i0ubVpJN+ + d7jhyOAaG0m0GsJbfPsMJb75zndjrRpJ1n7Kfswg2b3++WznPPTtQx1j+2Ey + IPP8k45bbt3fnnNABrOk2ltp0s0W/cpXGXJHLAdK1P7BsP8App/38asvWTrH + 9nS/ahB5WVzsLbvvDGM8da1M+IP7tt+b0AZelaRaXEMrSb8rK6jDkcA0SaRa + Lq0NuN+xomY/Oc5B9aNKOs+TL9mEG3zXzvLZ3Z5xjtRIdZ/taHcIPO8psYLb + duec980ALq+kWltp008e/coGMuSOoHStFdBsNo/1n/fxqztXOs/2dN9qEAiw + N2wtu6jpnitFT4g2jC235vQBm6XpFpOtyZN/yTugw5HA6UTaTaLqttbjfsdH + J+c5496NLOs7bn7OIMee+7cW+93xjt6UTHWP7Vtt4g87Y+3BbbjvnvQBJquj + 2dvp880e/cgyMuSOvpVyLQrFo0Y+ZyB/G1U9VOtf2fP9pEHl4+baW3Yz2zVy + I6/5abVtsYGMl6AM/TdItJ2uw+/93O6DDkcDFFzpFomp2cC79sgkJ+c5+UcY + NGmnWN139nEH+vffuLfe4zjHai5Os/2nZ+YIPNxJswW29Oc9/pQBNqWjWcFh + PNHv3IpIy5I/KrEGh2LwRufMyyg/fbuKr6kdb+wT/aBb+XtO7aWzj2zViA69 + 5EexbbbtGMl84xQBR07SbSaa8V9+IpSow5HGO9F3pNpHqNjAu/bL5m7Lkn5V + yMHtRpx1jzrzyBBu8079xbG7HbHai7Osf2jY+YIPN/ebMFtv3ed3fp0xQBPq + GjWUNjPKm/ciMRlyRwPSpbXRLGS1hkbflkUnDnuKi1A659hn88W/l7G3bS+c + Y7ZqW1Ou/ZYfLW32bFxkvnGOM0AU7HSLSW5vI334ikAGHI4x39aLzSLSK9so + l37ZWcNlyTwM8elFidZ+03nkiDf5g37i2M47Y7UXh1n7bZeaIPM3PswWxnHO + fw9KALV9otlFZXEqb9yRuRlyRkA0WWi2UtnBK2/c8ak4cgZIFF8dc+xXHnC3 + 8vy33bS+cYOcZ70WR137HB5Qt9nlrt3F84wMZ96AKtlpNpLe3sTb9sTKFw5B + 5GefWi/0m0hurKNN+JZCDlyeMdvSiyOsfbb3yhB5m5d+4tjOOMf/AF6L46x9 + qsvOEG/zDs2lsZx3z2oAuXWiWMdrNIu/KoxGXPYVHp+jWU1jBK+/c6KThyBk + ipLo679lm8xbfZsbOC+cY5xUennXPsMHkC38vYu3cXzjHGcUAV7TSLSTUb6B + t+2Ly9uHIPzLk5PejUNItIZrNU34llCnLk8Y7UWh1j+0b7yxB5v7vfktt+7x + t79OuaNQOs+dZ+eIN3mjZtLY3Y757UAXrjQ7FIJHHmZVSfvt2FV9N0aznsIJ + pN+51BOHIH5VYuDr3kSb1ttu05wXzjFV9NOt/YIPs4t/L2jbuLZx74oAhttJ + tH1O8gbftiEePnOfmHOTRqWk2kDWgTf+8nRDlyeDnpRbHWP7TvPLEHm4j35L + benGO/1o1I6xutPtAgz56bNpb73OM57UAaEuhWKxuw8zgH+Nqp6Vo9ncafBN + Jv3OMnDkDr6VclOv+W+5bbGDnBeqelHWv7Pg+zCDy8fLuLbsZ74oAjg0i0fV + bm3O/YiIR85zz70appNpbrbGPf8APOiHLk8HOaIDrP8AatzsEHnbE3ZLbcds + d6NUOsbbb7QIMeem3aW+9zjOe3rQBpNoVgFJ/edP+ejVnaRpFpc6dDPJv3MD + nDkDqR0rRY+INpytt09XrO0g6z/Z0P2UQGLB27y27qeuOKAEj0m0bVprc79i + xKw+c5yT60arpFpbwxNHvy0qKcuTwTRGdY/tabaIPO8pd2S23bnjHfNGqnWf + Ji+0iDb5qY2Fs7s8Zz2oA1P7BsP+mn/fxqy9H0i0udOinl37m3Zw5A4YjoK1 + M+IP7tt+b1l6OdY/s6L7KIPK+bG8tu+8c5xx1oAF0i0OsPbfPsEIb75zndjr + Rq2kWlvbLJHvyZEHLk8E0KdZ/th8CDz/ACRnltu3d+ec0asdY+zL9pEGzzEx + sLZznjr2oA1P7BsP+mn/AH8avnLxQoXVnA/uj+tfRufEH922/N68D1/SNYvN + Rae2spp4yAA0cbMuRnPIB70FROz8AWUF3axpLuwY5G4YjkSY7V2ur6RaW1k0 + se/cGUcuSOSBXJeCbXWLKKODyBDOI3O2dWQ7C/XGM5z09q63VzrP2JvtQg8v + cv3C2c5GOvvQJmp/YNh/00/7+NWXpOkWlxbNJJvyJHHDkcA1qZ8Qf3bb83rL + 0k6x9mb7MINnmPneWznPPTtQIG0m0GsJbfPsMJb75zndjrRrGkWltp0s8W/c + u3GXJHLAdDQx1j+2EyIPP8k45bbt3fnnNGsHWf7Ol+1CDyvlzsLbvvDGM8da + ANT+wbD/AKaf9/GrL0rSbS4hmaTflZXUYcjgGtTPiD+7bfm9ZelHWPJm+zCD + b5r53ls7s84x2oAJdItF1aG3G/Y0bMfnOcg+tO1fSLO206aePfuUDGXJHUdq + bKdZ/taHcIPO8ttuC23Gec9807VzrP8AZ032oQeVgbthbd1HTPFAGguhWBUH + 950/56NWbpmkWk63Jk3/ALueRBhyOBjFaSnxBtGFtunq9ZumHWNtz9nEH+vk + 3bi33uM4x29KACfSLRNVtrcb9jo5PznPHvUmq6PZ2+nzzR79yLkZckdfSo5z + rP8AattvEHnbH24Lbcd896k1U61/Z8/2kQeXj5tpbdjPbNAFyLQ7FokY+Zkg + H77elZ+m6RaTtdh9/wC7ndBhyOBjrWhEdf8AKTattjAxkv0xWfpp1jdd/ZxB + nz337i33uM4x2oALnSbRNTs4F37ZRJn5zn5Rxg1NqWjWcFhPMm/cikjLkj8q + huTrH9p2fmCDzcSbMFtvTnPf6VNqR1v7BP54t/L2ndtLZx7ZoAsW+h2LwRuf + Myyg/fbuKo6fpFpNNeK+/EcpUYcjjHer1ude8iPYttt2jGS+cYqjp51nzrzy + BBu8079xbG7HbHagAu9JtI9RsYV37ZTJuy5z8q5GD2qxqGjWUNjPKm/ciMRl + yRkCq92dY/tGx80QebmTZgtt+7zu79OmKsagdc+wz+eLfy9jbtpfOMc4zQBJ + aaJZSWsMjb8sik4cjqKp2Gk2k11exvvxFIAMORxjv61ctDrv2WHylt9mxduS + +cY4zVOxOsfar3yRBv8AMG/cWxnHbHagAvdItIr2yiXftlZgcuSeBnj0q1e6 + LZRWc8qb9yRsRlyeQKq3p1n7bZeaIPM3Ns2lsZxzn/61Wr0679jn80W+zy23 + bS+cYOce9ABY6LZS2VvK2/c8aMcOQMkA1Vs9ItJb29ibftiZAuHIPIzz61as + Trn2K38lbfy/LTbuL5xgYzjvVWzOs/bb3yhB5m5N+S2M44x+HrQAX+k2kNzZ + xpvxLIQcuTxjt6VcutEso7WaRd+VRiPnPYVTvzrH2mz84Qb/ADDs2lsZx3z2 + q5dHXfss3mLb7NjZwXzjHOKAItP0aymsYJX37nRScOQOR6VBaaTaSajfQNv2 + xeXtw5z8y5OT3qfTzrn2GDyBb+XsXbuL5xjvioLQ6x/aN95Yg8393vyW2/d4 + 29+nXNABqGkWkMtmqb8STBTlyeMdqvT6HYpBI48zKqT99uwqjqB1nzbPzxBn + zhs2lsbsd89qvTnXvIk3rbbdpzgvnGKAK+maNZz2EEz79zqCcOQPyqG30m0f + VLuBt+2MRkfOc8jnJqbTDrf2CD7OLfy9o27i27Hviobc6x/al35Yg83bHvyW + 29OMd/rQAanpNpAbTy9/7ydEOXJ4OelaEuhWKxuw8zgH+Nqz9TOsZtPtAg/1 + 6bNpb7/OM57VoSnX/LfcttjBzgvQBS0rR7O40+CaTfuYc4cgdfSmQ6RaNqtx + bnfsREI+c5yfen6Uda/s+H7MIPLx8u8tu698cUyE6z/atxsEHnbE3ZLbcdsd + 6ADVNItIFtzHv+edEOXJ4PWtJtBsNp/1n/fxqzdUOs7bf7QIMeem3aW+92zn + t61pMfEG05W2/N6AM7SNItLnToZ5N+5gc4cgdSOlJHpNo2ry2x37FiVh85zk + n1pdIOs/2dD9lEHlYO3eW3dT1xxSRnWP7Xl2iDzvKXPLbdueMd80AGq6TaW8 + MTR78tKinLk8E1qf2DYf9NP+/jVl6qdY8mL7SINvmpjYWzuzxnPatTPiD+7b + fm9AGXo+kWlzp8c0u/cxbOHIHDEdKF0i0OsNbfPsEIb75zndjrRo51j+z4/s + og8rLY3lt33jnOOOtCnWf7YbAg8/yRnltu3d+ec0AGraRaW9qJI9+S6DlyeC + a1P7BsP+mn/fxqy9WOs/ZR9pEGzen3C2c5469q1M+IP7tt+b0AZekaTaXNkJ + ZN+7cw4cjoaP7JtP7ZFr8+zyN/3znO7HWjSDrH2IfZRBs3N98tnOeelGdY/t + kcQef9n9W2bN355zQAaxpFpbWLSx79wZRy5I5IFan9g2H/TT/v41ZesHWPsL + fahAI9y52Fs5yMda1M+IP7tt+b0AZek6RaXFs7yb8iR14cjgGrEFjBZ67GkO + 7Hks3LE85x3qvpJ1n7M/2YQbfMfO8tnOeenarEBv/wC3Y/tojDeS3+rzjbn3 + 75oA6WiiigAooooAKKKKACiiigD/0/3Pl1iwbVYLkOfLSN1J2t1Ptin6trNh + c6dNBC5LuBgbWHceorRn/wCQ5a/9cnp+u/8AIJuPoP5igCGPXtMCKDI2QB/A + 3+FZ2maxYW/2vzXI8y4kdflY/KcY6Cuqi/1SfQVkaN/y/f8AX1L/AEoAzLjV + 7B9UtbhXOyNXDHa3cccYqXU9a0+4sJ4YnJd1wPlYf0q9df8AIbsf9yX+VT61 + /wAgq5/3KAKkOvaakMatI2QoB+RvT6VQ07WLCCS8MjkCWZnX5WPBx7V09v8A + 8e8X+6v8qzNI/wBbf/8AXw38hQBl3WsWEmpWU6OSkXm7jtbjcuB2qfUda0+e + xnhjclnQgfKw5/Krt7/yGNN+k3/oIqxq/wDyDLn/AK5tQBQttd02O2ijaRsq + ig/I3UD6VSsNXsIbi8eRyBLLuX5WPGPpXSWf/HnB/wBc1/lWdpX/AB9ah/12 + /pQBmXmsWEt/YzI5KxFy3ytxlcDtVm/1vTprK4ijdizxsB8jDkj6Vbv/APkK + ab/vSf8AoNW9T/5B11/1yf8AkaAMuz1zTorSCJ3YMiKD8jdQPpVSy1iwiu72 + V3IWV1K/Kx4Ax6V0Wn/8eFt/1yT/ANBFUdN/4/8AUf8Arov/AKDQBl32sWEt + 3ZSI5KxOxb5WHBH0q3ea5p0tpPEkjFnRgPkbqR9Ksal/x/6d/wBdG/8AQav6 + h/x4XP8A1yf/ANBNAGNYa3p0NlBFI7BkRQfkY8gfSq1nq9hFf30zuQkxTb8r + c4XB7Vv6X/yDbX/rkn8qp6f/AMhTUv8Aei/9BoAzL/WLCaezeNyRFLub5WHG + PpV2513TZLeVFkYlkYD5G6kfSp9U/wCPrT/+u39K0bz/AI9J/wDcb+VAGDp2 + tafBYwQyOQyIAflY8/lUFrrFhHqd7OznZKI9p2t/CuDxitzSP+QZbf8AXNar + WX/IZ1H6Q/8AoNAGZqOsWE72hjckRTK7fKw4Gfar82vaa8MirI2SpA+RvT6V + Jq/+tsP+vhP61qXH/HvL/ut/KgDnNL1nT7fT4IZXIdFwflY/yFRwaxYJql1c + M52SKgU7W7DnjFbOi/8AIKtv93+tRWv/ACGr3/ci/lQBl6nrFhP9l8pyfLuI + 3b5WHyjOeorRfXtMKMBI3IP8Df4U/Wf+XH/r6i/rWtJ/q2+hoA5jSdZsLbTo + YJXIdAcgKx7n0FMi1iwXVZ7gufLeNADtbqPbFa+hf8gm3+h/maZB/wAhy6/6 + 5JQBl6rq9hcRwLE5JSZGPysOB16itM6/pn/PRv8Avhv8KNb/ANTbf9fEf862 + j0oA5LRtYsLXTYYJnIdd2QFY9WJ6gUJrFgNXkuS58swhQdrdQc9MVqeHv+QP + b/8AAv8A0I0R/wDIfl/64L/6FQBl6trFhc26JE5JEiN91hwDz1Fan9v6Z/z0 + b/vhv8KNc/49Yv8ArtH/ADrZoA5LR9YsLWwSGZyGBY8Kx6sT2FA1iw/tk3W8 + +X5ATO1uu7PTGa0/D/8AyDI/95//AEI0o/5GBv8Ar2H/AKHQBl6vrFhc2flQ + uS29DyrDgH3Fan9v6Z/z0b/vhv8ACk1//kH/APbRP/Qq2qAOS0nWLC2tDHM5 + Db3P3WPBPHQUHWLD+2Fut58sQFM7W67s9MZrU0H/AI8T/wBdJP8A0Khv+RgX + /r2P/odAGXrGsWFzp8kMLkuSuAVYdGB7itT+39M/56N/3w3+FHiD/kFS/VP/ + AEIVs0AclpWsWFvBIkrkFpXYfKx4J46CiTWLA6vFchz5axMpO1upPpitTQ/+ + PWX/AK7SfzpJf+Q9B/1wb+dAGbrGsWF1ps0ELku23AKsOjA9SK0hr+mYH7xv + ++G/wpfEH/IIuP8AgP8A6EK2B0FAHJ6XrFhbpcCVyC8zuPlY8Hp2om1iwbVb + e4Dny0RwTtbqfbFaeif6q6/6+JP6Utx/yHLX/rlJQBnatrNhc6fNBE5LuBgb + WHceoq9Hr2mBFBkbgD+Bv8Km13/kE3P+6P5itOL/AFSfQUAcrpmr2FubvzXI + 8y4d1+Vj8pxjtXlPxKvLe91i2ktyWVYADkEc7m9a9p0brf8A/X1J/SvIPir/ + AMhu1/69x/6G1BUS14IvbeHw1qNrIxEkknyjBP8ACvfpXqMGu6akMaNI2VUA + /I3YfSvOPAf/ACKWqf8AXU/+grXr9t/x7Rf7i/yoEzmNO1iwgkvGkcgSzMy/ + Kx4IHtRdaxYSalYzo52Q+buO1v4lwOMVqaT/AK6//wCvhv5Ci9/5DGm/9tv/ + AEEUCKWo61p89jPDG7FnQgfIw5P4VNba7psdtFG0jBlRQfkbqB9K0NW/5Bl1 + /wBc2/lU9n/x5wf9c1/lQBzdhrFhDcXjyOQJZNy/Kx4x9KLzWLCW/sZkclYm + ct8rcZXA7Vp6X/x96h/12/pRqH/IT03/AHpP/QaAKt/renTWVxFG7FnjYD5G + HJH0p1nrmnRWcETyMGSNQfkbqB9K1NT/AOQddf8AXJ/5Gnad/wAg+2/65J/6 + CKAOestYsIry9ldyFldSvyscgDHpRfaxYS3dlIjkrE5LfKw4I+lamnf8hDUf + 99P/AEGjUv8Aj+07/ro3/oNAFa81zTpbSeNHYs6MB8jdSPpTLDW9OhsYIpHY + MiKD8jHkD6VtX/8Ax43P/XN//QTUel/8g21/65r/ACoAwbTWLCLUL6Z3ISYx + 7flbnauD2o1DWLCaezeNyRFLub5WHGPpWnYf8hXUvrF/6DRqv/Hzp/8A12H8 + qAIbjXdNe3lRZGyysB8jdSPpUGm61p8FhBDI5DIgB+Vjz+Vb93/x6zf7jfyq + tpH/ACDLb/cFAGHbaxYR6nezs5CSiPadrc7Rg8Yo1HWLCd7QxuSI5ldvlYcD + PtWpZ/8AIY1H6Q/+gmjV/wDWWH/Xyn8jQBFNr2mtE6iRslSPuN6fSqml6zp9 + vp8EMrkOi4Pyse/sK6S4/wBRJ/un+VUNE/5BVt/u/wBaAMaDWLBNUurhnOyR + UAO1u3XjFGp6xYXAtfKcny543b5WHyjOeorTtf8AkN3v+5H/ACpdZ6WX/X1F + /WgBr6/phRgJG5B/gb/Cs/SNYsLbToYJnIdAcgKx7n0FdS/3G+hrK0H/AJBN + v9D/AOhGgDJi1iwXVp7kufLeNVB2t1B9MUarq9hcRQrE5JSZGPysOAeeorUg + /wCQ7c/9ck/nSa5/qbf/AK+I/wCdAC/2/pn/AD0b/vhv8Ky9G1iwtdNhgmch + 13ZAVj1YnqBXW1i+Hv8AkD2//A//AEI0AZiavYDWJLkufLaEKDtbrnPTFGra + xYXNskcTkkSI3KsOAeeorTj/AOQ/L/17r/6FS67/AMekf/XWP+dAB/b+mf8A + PRv++G/wrL0fWLC2sVhmchgzHhWPViewrraxtA/5Bif7z/8AoRoAyxrFh/bJ + ut58vyNmdrfe3Z6Yz0o1fWLC5szFC5LblPKsOhz3Fag/5GE/9ev/ALPSa/8A + 8g4/76f+hCgBf7f0z/no3/fDf4Vl6Rq9hbWhjmchi7nhWPBPHQV1tYug/wDH + i3/XST+dAGY2r2B1hbrefLEBTO1uu7PTGaNY1ewutPkhhcl2K4yrDowPcVpt + /wAjAn/Xsf8A0OjxB/yCpfqn/oQoAX+39M/56N/3w3+FZelaxYW8MqSuQWld + h8rHgnjoK62sbQ/+Pab/AK7yfzoAy5NYsDq8VyHPlrEyk7W6k+mKXWNYsLrT + poIXJdsYBVh0YHuK05f+Q9B/1wb+dL4g/wCQRcfRf/QhQAxdf0wKB5jf98N/ + hWbper2FulwJXI3zu4+VjwenausX7o+lY2if6u7/AOvmT+lAGZNq9g2q29yr + nYiOCdrdT04xT9V1mwuNPmhicl3GANrDv7itC4/5Dlp/1zkqXXP+QTc/7o/m + KAK8evaYsagyNkAfwN/hWfpusWEBu/NcjzJ3dflY/KcY7V1MP+qT/dH8qytH + 633/AF9Sf0oAy7jWLB9TtLhXOyNZAx2t/EOOMVLqetafcWE8MTku64HysP6V + fu/+Q1Yf7sv8hU2s/wDILuf9w0AU4Nd01II0aRsqoB+Ruw+lUdO1ewglvGkc + gSzFl+VjwR9K6a1/49ov9xf5VmaT/rtQ/wCvhv5CgDMutYsJNSsZ0clIfN3H + a3G5cDtU+oa3p81jPDG7FnRgPkYckfSrt9/yF9M/7bf+gVZ1b/kGXX/XNv5U + AZ1rrumx20MbSNuVFB+RuoH0qnYaxYQ3N48jkCWTcvyseMfSuksv+POD/rmv + 8qz9L/4+9Q/66j+VAGXeavYS31lMjkrEzlvlbjIwO1Wb7W9OmsriJHYs8bKP + kbqR9Ktah/yEtN/3pP8A0Grup/8AIOuv+uT/APoJoAybLXNOis4IndgyRqp+ + RuoGPSqtlrFhFeXsruQsrKV+Vj0GPSuh07/kH2v/AFyT/wBBFUdO/wCQjqP+ + +n/oNAGZfaxYTXVlJG5KxOS3ysOMfSrl3rmmyWs0aSMWZGA+RupH0qxqf/H7 + p3/XU/8AoNX7/wD48bj/AK5v/I0AYlhrenQ2MEUjsGRFB+RjyB9Kr2msWEeo + X07uQkpj2na3O1cHtW9pf/INtf8Armv8qq2H/IW1L6xf+g0AZeoaxYTzWbRu + SIpQzfKw4x9KvXGu6a9vKiyNllYD5G7j6VLqv/Hxp/8A13H8q0rv/j1m/wBx + v5UAYGm61p8FhBDI5DIoB+Vjz+VQ22sWEep3k7OQkoj2na3O0c8Yrb0f/kF2 + 3+4Kgs/+QzqH0h/9BNAGXqWsWE7Whjcny51dvlYcDPtWhLr2mNE6iRslSPuN + 6fSpNY+/Yf8AXyn9a1J/9RJ/un+VAHN6XrOn2+nwQyuQ6Lg/Kx7+wqODV7BN + VubhnOyREAO1uo68YrZ0T/kFW3+7/Wobb/kN3n/XOOgDM1TWLC4Ft5Tk+XOj + n5WHyjOeorSfX9MKkCRuQf4G/wAKXWvu2X/X1F/Wth/uN9DQBy2kaxYW2nQw + TOQ6A5AVj3PoKbFrFgurTXJc+W0aqDtbqD6YrW0H/kEW/wBD/wChGmw/8h24 + /wCuKfzoAy9V1iwuIoVickpMjHKsOAeeorU/t/TP+ejf98N/hRrf+ot/+u8f + 862aAOS0bV7C106KCZyHXdkBWPVieoFC6vYDWHui58swhc7W67s9MZrT8Pf8 + giD/AIH/AOhGhP8AkYJP+vcf+hUAZmravYXNsscLksJEb7rDgHnqK1P7f0z/ + AJ6N/wB8N/hSa7/x5p/11j/nW1QByWkaxYW1isUzkMGY8Kx6sT2FH9sWH9s/ + at58v7Psztb72/PTGelamgf8g1f99/8A0I0f8zD/ANuv/s9AGXq+sWFzZGKF + yWLKfusOhB7itT+39M/56N/3w3+FGv8A/IOP++n/AKEK2aAOS0nWLC2tTHM5 + DF3P3WPBPHQUNrFgdYS63nyxCUztbruz0xWpoX/Hk3/XWT/0Kkf/AJGCP/r3 + P/oVAGZrOsWF1p0kELkuxXAKsOjA9xWp/b+mf89G/wC+G/wpPEP/ACCZvqn/ + AKEK2qAOS0rWLC3hlWVyC0rsMKx4J46CiTWLBtWhuQ58tYmUna3Un0xWpon/ + AB7z/wDXeT+dEv8AyHbf/ri/86AMzV9YsLnTpoIXJdgMAqw7g9xWiuv6YFA8 + xv8Avhv8Kfr/APyCLj6L/wChCtdfuj6UAcnpesWFutyJXI3zu4+VjwenQUTa + xYPqttcK52Ijgna3U9OMVqaL9y7/AOvmX+lJc/8AIcs/+uclAFDVdZ0+40+e + GJyXcYHysO/uKuRa9pixopkbIAH3G/wqxrf/ACCrn/d/rWjD/qY/90fyoA5b + TdYsIGuzK5HmTu6/Kx4OMdqLnWLB9Ts7hXOyISBjtb+IccYrU0f71/8A9fMn + 9KLv/kM2H+7L/IUAUdS1rT57CeGJyWdSB8rD+lWINd01II0aRsqoB+Ruw+lX + dZ/5Bdz/ALhq3a/8e0X+4v8AKgDmdP1iwgmvGkcgSyll+Vjxj6UXer2Emo2M + 6OSkPmbjtbjcuBxitPSf9fqH/Xc/yFF9/wAhfTP+23/oNAFPUNa0+exnhjdi + zowHyMOSPpUtrrmmx2sMbyMGVFB+RuoH0rR1b/kGXX/XNv5VNY/8eVv/ANc0 + /kKAOcsdYsIbm8kkcgSyBl+Vjxj6UXmsWEt7ZSo5KxM5b5W7jHpWppn/AB+a + j/11H8qNQ/5CWm/78n/oNAFW+1vTpbK4iR2LPG6j5GHJBHpRZa5p0VnBE8jB + kjUH5G6gD2rW1L/kHXX/AFyf/wBBNLp3/IPtf+uSf+gigDnrLV7CK9vZXchZ + WUr8rc4GPSi+1iwmurKSNyVikJb5WHGPpWnp3/IS1L/fT/0GjU/+P3Tv+up/ + lQBBda5pslrNGkjFmRgPkbqR9Kj0/W9OhsYIpHYMiKD8jHkD6Vt33/Hlcf8A + XN/5GotK/wCQba/9c1/lQBg2msWEeo307uQk3l7TtbnauD2o1DWLCaazaNyR + FKGb5WHGPpWpY/8AIW1L6w/+g0ar/wAfGn/9dx/I0AQ3Gu6a8EiLI2WUgfI3 + cfSq+m61p8FhBDK5DIoB+Vj/AEroLr/j1m/3G/lVTRv+QXbf7goAxLbV7CPU + 7y4ZzslEe07W/hHPGKNS1iwna0MTk+XOjt8rDgZz2rTs/wDkNah/uxf+g0ax + 9+w/6+Y/60AMl17TGjdRI2SCPuN/hVPStZ0+30+CGVyHQYPyse/sK6Wb/Uyf + 7p/lWdon/IKtv93+tAGPBrFgmq3NwznZIiAHa3UdeMUapq9hcLbCJyfLnRz8 + rDgZz2rUtv8AkN3n/XOOk1r7ln/18xf1oARtf0wqQJG6f3G/wrO0jWLC206G + CZyHUHICsepJ7Cuqf7jfQ1k6B/yCLf6N/wChGgDKj1ewXVprkufLaJVB2t1B + 9MUarrFhcQxLE5JWVGPysOAeeorTh/5D1x/1xT+dLrf/AB7wf9d4/wCdAB/b + +mf89G/74b/CsvR9YsLXTooJnIdd2QFY9WJ7CutrG8P/APIJg+r/APoRoAy1 + 1iwGsPclz5ZhCZ2t13Z6YzRq2sWFzbLHE5LCRG+6w4B56itRP+Q/J/17j/0K + jXf+PNP+usf86AD+39M/56N/3w3+FZekavYW1kIpnIYMx4Vj1OewrraxdA/5 + Bq/77/8AoRoAzP7YsP7Z+1bz5f2fZna33t+emM9KNX1iwubJooXJYsp5Vh0I + PcVqf8zD/wBuv/s9Gv8A/INb/fT/ANCFAB/b+mf89G/74b/CsvSdYsLa2aOV + yCZHbhWPBPHQV1tY2hf8eb/9dZP50AZbavYHWEug58sQlc7W67s9MZo1jWLC + 606WCFyXbbgFWHRgepFab/8AIwR/9e5/9CpfEH/IJn+qf+hCgA/t/TP+ejf9 + 8N/hWXpWsWFvDMsrkFpXYYVjwTx0FdbWLof+ouP+u8n86AMyXWLBtWhuQ58t + I2Una3Un0xTtX1iwudOmghcl3AwCrDuPUVpTf8h23/64v/Ona9/yCLj6D/0I + UARrr+mBQDI3T+43+FZumaxYW63IlcjzJ5HHyseDjHQV1afcX6CsjRfu3n/X + zL/SgDLn1iwfVba4VzsjRwTtbqenGKk1XWdPuNPnhicl3XA+Vh39xWhc/wDI + bs/+uclSa3/yCrn/AHf60AV4te0xYkUyNkAD7jen0rP03WLCBrsyuR5k7uvy + seDjHauog/1Ef+6P5VlaP9+//wCvmT+lAGZc6xYSanZ3CuSkQk3Ha3G4ccYq + bUta0+ewnhiclnUgfKw/pV28/wCQ1p/+7L/6DVjWP+QXc/7hoApW+u6akEaN + I2VUA/I3YfSqOn6xYQzXjSOQJZSy/Kx4x9K6a1/49Yf9xf5Vm6V/x8ah/wBd + z/IUAZd3rFhJqNjOjkpCZNx2txuXA7VY1DW9OmsZ4Y3Ys6MB8jDkj6Vbv/8A + kLab9Zf/AEGreq/8g26/65t/KgDNtNc02O1hjeRgyooPyN1A+lU7HWLCG6vZ + JHIWWQFflY8Y+ldHYf8AHjb/APXNP5Cs/TP+P3Uf+uo/lQBmXusWEt7ZSo5K + xMxb5W4yMelWr3XNOls54kkYs8bAfI3Ug+1WtR/5COnf77/+g1d1H/kH3X/X + J/8A0E0AZFjrenRWVvE7sGSNFPyMeQAPSqtnrFhFe3sruQsrIV+Vuy49K6DT + f+Qda/8AXJP/AEEVT0//AJCWpf78f/oNAGXf6vYTXNnJG5KxSFm+Vhxj6Vcu + tc02S1mjSRizIwHyN1I+lT6p/wAfmnf9dT/KtC+/48rj/rm/8jQBh6frWnwW + MEMjsGRFB+RjyB9KgtNXsI9Rvp3chJvL2na3O1cHjFbuk/8AIMtf+ua/yqrY + /wDIX1P/ALY/+g0AZmoaxYTy2bRuSIpgzfKw4A+lXp9d014JEWRsspA+Ru4+ + lTat/r9P/wCu6/yNaV1/x7S/7jfyoA5/TNa0+Cwghlch0UA/Kx/pUNvrFgmq + XdwznZKIwp2t/COeMVt6N/yC7b/cFV7T/kNX/wDuxfyoAzNT1iwnNp5Tk+XO + jt8rD5RnPatCXXtMaN1EjZII+43+FP1n71h/19R/1rWm/wBTJ/un+VAHM6Vr + NhbafBBK5DoMH5WPf2FMh1iwXVbi4ZzsdEAO1uo68YrY0P8A5BNt/un+ZqO3 + /wCQ5d/9c46AMvVNYsLhbYROTsnRz8rDgdeorSbX9MKkeY3/AHw3+FO1r7lp + /wBfMX9a2G+6fpQBymkaxYW2nQwTOQ6g5AVj3J7Ckj1iwXV5rkufLaJVB2t1 + B9MVq6B/yCLf6N/6EabF/wAh6f8A64r/ADoAzNV1iwuYYlickrKjHKsOAeeo + rU/t/TP+ejf98N/hSa5/x7wf9d4/51tUAclo+sWFrp8cEzkOpbICserE9hQu + sWA1hrrefLMITO1uu7PTGa1PD/8AyCYfq/8A6EaF/wCRgf8A69h/6HQBl6tr + Fhc2ojhclg6H7rDgHnqK1P7f0z/no3/fDf4Ua7/x5L/11j/9CrZoA5LSNYsL + azEUzkNuY8Kx6nPYUf2vYf2yLrefL+z7M7W+9uz0xmtPQP8AkHD/AH3/APQj + Qf8AkYh/16/+z0AZmsavYXVi0MLksWU8qw6EHuK1P7f0z/no3/fDf4UniD/k + Gv8A7yf+hCtqgDktJ1iwtrZ0lcgmR2+6x4J46CrEF9bXmuxvbsWHksvII5zn + vVzQv+PST/rrJ/Oh/wDkPxf9e7f+hUAbNFFFABRRRQAUUUUAFFFFAH//1P3P + l0q3XVYLcPJteNiTvOePQ0/VtJt7fTppkklJUDAZyR1HamSvq/8AasBaOLzv + LfaMnbjvmnas+sHTphcxQrHgbirEnqOlAF+PRLUop8ybkD/loaztM0q3n+17 + 3kHl3EiDDkcDHX3rQjk17Yu2GDGBj5mrP0x9XH2v7PHEc3Em/cTw/GQPagAu + NKt01S1gDybZFcklzngdjUup6RbwWE8ySSkquQC5I/Korh9X/tS1LxxCUK+0 + AnaRjnNSanJrJsJxcRQrHt+Yqxzj2oAtw6JatDGxklyVB/1h9KoadpVvNJdh + nkHlzMow5HAx196vwya75KbIYNu0YyzdMVQ059XEl35EURJmbfuJ4bjOPagA + utKt49SsoQ8hWXzckucjaueD2qfUdHtobGeVZJSUQkZckflUF0+r/wBpWRki + iEo83YATg/Lzn+lTajJrRsZxPFCI9h3FWOce1AE9tottJbROZJQWRTw5xyKp + WGlW81xeIzyARy7RhyMjHf1q5bSa4LaIRxQFdi4yxzjHFU7B9XFxeeTHEWMn + z5JwDjt7UAF5pVvHf2USvIRKXzlySMLng9qs3+j20VlcSrJKSkbEZckcDvVa + 8fVzf2RliiEgL7ACcH5ec/hVm+k1s2VwJooQnltuIY5xjnFADrPRraS0gkaS + UFkUnDkDkVUstKt5bu9jaSQCJ1Aw5BOR39atWcmuC0gEUUJTYu0ljnGOM1Vs + n1cXd6Yo4i5dd4JOAccYoAL7SreK7so1kkIldgcuSRgdvSrd5o1tHaTyLJKS + qMRlyRwKqXz6ubuyM0cQcO2wAnBOO9WryTXDaTiWKEJsbcQxzjHOKAEsNHtp + bKCVpJQXRScOQOR2qtZ6VbyX99CzyARFMEOQTlc8nvViwk1sWUAhihMexdpL + HOMcZqvZvq4v74xRxGQlN4JOB8vGKAC/0q3ins1V5CJJdpy5PGO3pV250W1S + 3lcSS5VGPLnHAqlfvq5ns/OjiDCX5ME4LY7+1XbmTXPs8vmRQBdjZwxzjHNA + EOnaPbTWMErSSgugJAcgfgKgtdKt31O9gLyBYhHghzk7lzye9TadJrQsYBBF + CY9g2lmOce9Q2r6uNSvTHHEZSI94JOB8vGP60AGpaVbwyWYV5D5kyqcuTwfT + 3q/NolqsMjCSXIUn/WH0qhqL6uXtPPjiBEy7NpPLc4z7Vfmk13yX3wwbdpzh + m6YoAqaXpFvPp8EzySgsuSA5A/Ko4NKt31S6gLybY1QghznkdzUmlvrI0+AW + 8ULR7flLMc496jgfV/7UuikcRlKpuBJ2gY4xQAanpVvB9l2ySHzLiNDlyeDn + p71ovolqEY+ZNwD/AMtDWdqb6ufsv2iOIYuI9m0nl+cA+1aLya9sbMMGMH+J + qAKOk6Tb3GnQzPJKCwOQrkDqe1Mi0q3bVZ7cvJtSNCDvOefenaS+sDToRbRQ + tHg7SzEHqetNifV/7VnKxxed5abgSduO2KADVdKt4I4CjyHfMinLk8H+taZ0 + O1/56zf9/DWZqj6uY4PtEcSjzk27Sfvds+1afma//wA8YP8AvpqAMzRtKt7n + TYZneQM27hXIHDEdKE0q3OryW++TaIQ2d5znOOvpRo76uNNhFrHE0XzYLEg/ + eOc496EfV/7XkIji87yRkZO3bn+dABqulW9vbo6PISZEX5nJ6mtT+w7X/nrN + /wB/DWXqr6ubdPtMUSr5iY2kk5zxWn5mv/8APGD/AL6agDM0fSre5sEld5AS + WHyuQOGI6UDSrf8Atk22+Tb5AfO85zux19KNHfVxYoLWOJo8tgsSD945oD6v + /bBPlxef5A4ydu3d/PNABq+lW9vZ+YjyE70HzOSOTWp/Ydr/AM9Zv+/hrL1d + 9XNni5jiVN6cqSTnPFafma//AM8YP++moAzNJ0q3uLQyO8gO9x8rkDg0HSrf + +2Ftt8m0wFs7znO7HX0o0l9XFoRbRRMm9/vEg5zzQX1f+2FPlxed5B4ydu3d + /PNABrGlW9tp8kyPISCvDOSOWA6Vqf2Ha/8APWb/AL+GsvWH1c2EguY4ljyu + SpJP3hj9a0/M1/8A54wf99NQBmaVpVvPBIzvICJXX5XI4Bok0q3GrxW++Ta0 + TNnec5B9aNKfVxBJ9niiZfNfO4kHdnn8KJH1f+14iY4vO8psDJ27c/zoAXWN + Kt7bTZpkkkLLt4ZyRywHStIaHa4H7yb/AL+GszWH1c6bMLqOJYvlyVJJ+8MY + /GtISa/gYhg/76agDN0vSredLgu8g2TOo2uRwPX3om0q3XVbeAPJtdHJO854 + 9DRpb6uEuPs8cTDzn3bifvd8e1Ez6v8A2rbloovO2PtAJ2475oAfq2k29vp8 + 0ySSkqBgM5I6jtV6PRLUopMk3IH/AC0NUdVfWDp8wuYoVjwNxVjnr2q7HJr2 + xcQwYwP4moAz9M0q3nN3ukkHl3DoMORwMdfeo7vRLJtUtIH3usivks2T8oyM + E1Jpj6uDd/Z44jmd9+4nhuMge1Fw+r/2paF44hKFk2AE4IxzmgBdQ0Oys9Pn + kgLrtXON3BPuKvQaLatDGxklyVB/1h9KqanJrJsJxcRQrHt+Yqxzj2q1BJrv + kx7IYCu0YyzdMUAUdO0q3mkvFZ5B5czKMORwAOvvRdaVbx6lYwiSQrL5uSXO + RtXPB7Uac+riS88iOIkzNv3E8NgdPai6fVzqViZI4hKPN2AE4PyjOfw6UAT6 + jo9tDYzyrJKSiEjLkj8RU1rots9tE5klBZFPDnHIqHUZNaNjOJ4oRHsO4qxz + j2qW2k1z7NF5cUBXYuMsc4xxQBTsNKt5bi8RnkAjk2jDkE8d/Wi80q3jv7GJ + XkIlZwSXJIwueD2osH1cXF55McRYyfPknAOO1F4+rm+sjLHEJAX2AE4Py85o + As32j20VlcSrJKSkbEZckcDvS2WjW0lnBI0koLxqThyByK8w+Nfxm8K/Az4f + ah49+KmpWujaJAPJ3ku8s00gOyGCNQWklbBwoHQEnCgkfjN4h/4LeXNpqBs/ + BXwsSfS4CEjm1DUjHPKi8BmiiiZYyR2Dvj1NAH7vWWlW8t5exs8gETqBhyCc + jPPrRfaVbxXdlGryESuQcuSRgdvSvzk/ZO/4KXfDL9o/xZ/wgt3px8F+MNUb + NrZXk3n212yoSUt7lVQGQAE7JEQtxs3HIH6N3z6ubuyMscQcOdmCcE470AW7 + vRraO0mkWSUlUYjLkjgUyw0e2lsYJWklBdFJw5A5Han3cmuG0mEsUITY27DH + OMc4plhJrQsYBDFCY9i7SWOcY4zQBXtNKt5NQvoS8gERjwQ5BOVzye9GoaVb + wz2arJIRJLtOXJ4x29KLR9XGoXxijiMhMe8EnA+XjH4Uag+rmez86OIMJfkw + Tgtjv7UAXbjRbVLeVxJLlVY8yHsKg03SLaawglaSUF0BOHIH4Cp7iTXfs8u+ + KALtbOGbOMVBp0mtCwgEEUJj2DaWY5x70AQ22lW76newGSQLEI8EOcncO570 + ajpVvC9oFeQ+ZMqnLk8HPT3otn1f+0r0xxxGUiPeCTgccY/rRqL6uXtPPiiB + Ey7NpPLc4z7UAX5tEtVidhJLwpP+sPpVTS9It59PgmeSUFlyQHIHX0q3NJrv + lPuhgxtOcM3TFVNLfWRp8At4oWj2/KWY5x70ARwaVbvql1AXk2xqhBDnPPqa + NT0q3gFrteQ+ZPGhy5PBz096IH1f+1LopHEZSqbgSdoHbFGpvq5Fr9oiiGJ4 + 9u0nlucA+1AGk+iWoRj5k3Q/8tDWfpOk29xp0MzySgsDwrkDqe1X3k17acww + Ywf4mqhpL6wNOhFtFC0eDgsxB6nrQA2LSrdtWnty8m1Y1IO855PrRqulW8EU + LI8h3TIp3OTwf60RPq/9rTlY4vO8tdwyduM8Yo1V9XMUP2iOJR5yY2kn5s8Z + 9qANP+w7X/nrN/38NZmjaVb3OmwzO8gZt3CuQOGI6Vp+Zr//ADxg/wC+mrM0 + Z9XGmwi1jiaL5sFiQfvHOce9AAmlW51iS33ybRCGzvOc5x19KNW0q3t7ZHR5 + CTIg+ZyRyaEfV/7XkIji87yRkZO3bn+dGqvq5t0+0xxKvmJjaSTnPFAGp/Yd + r/z1m/7+GsvR9Kt7ixWV3kBLMMK5A4YjpWn5mv8A/PGD/vpqzNIfVxYqLaOJ + o9zYLEg53HNAANKt/wC2Tbb5Nvkb87zuzux19KNX0q3t7Myo8hO5R8zkjk0b + 9X/tknyovP8AI6ZO3bu6/XNfF37cv7ZA/ZF8G+HdSv8Aw/D4j1TxLevDb2K3 + htD5Fsm+aYyeVLwjNEu3bzvzkY5APuX+w7X/AJ6zf9/DWXpGlW9xamR3kB3u + PlcgcGvAf2Uf2kn/AGp/g1p3xY0bS4NJknuLm0vLA3BnNpc274KGTam7dGUk + B2jhxxXv2kvq4tSLaOJk3v8AeJBznmgAbSrcawttvk2mAtnec53Y6+lGsaVb + 22nyTI8hIK8M5I5YDpQz6v8A2wpMcXn+QcDJ27d3880aw+rnT5BdRxLHlclS + SfvDH60Aan9h2v8Az1m/7+GsvStKt54ZWeSQFZXX5XI4BrT8zX/+eMH/AH01 + ZmlPq4hl+zxxMvmvncSPmzz+FABJpVuNXitxJJtaJmzvOcg+tLrGlW9tp00y + PIWXHDOSOWA6Ukj6v/a0RMcXneU2Bk7duefxrjfi94y1fwB8K/F3jy7sIryH + w3pV5qbQJIY2mFnE03lhyG27tmM4OM5welAHoi6Ha7R+8m/7+Gs3S9Kt50uC + 7yDZO6jDkcD196+GP2G/25db/bMXxoY/BcHhX/hD/wCzh/x/teef9v8AtP8A + 0wh2bPs/vnd2xzl/tqftva3+xpZeFZ7Lwjb+KD4tutSVvMvGtRAbEW5ONsUm + 7d54x0xjvngA++5tKt11W3tw8m10ck7znj0NP1XSbe30+aZJJSVGQGckdfSv + LPgz8SNZ+L3w38D/ABSl06HTZ/FOkQaiLVZWlSIXMYcpvIUttzjOBmvU9VfW + Tp8wuIoVjx8xViT17UAXY9EtTGpMk3IH/LQ1n6bpVvObvc8g8ud0GHI4GOvv + WhHJr3lrthgxgY+Zqz9NfVwbvyIojmd9+4nhuMge1ABcaVbpqdpAHk2yLISS + 5zwOx7VLqekW8FhPKkkpKrkAuSPyqK4fV/7TtC8cQlCybACcEY5zUupyaybC + cXEUIj2ncVY5x7UAWYNFtXgjYyS5Kg8SH0qjp2lW80t4rPIPLmKjDkce/qa8 + n+J37RXwx+B50q0+K3inS/DEmrRu9mt5I6mZIdocrtU/d3Ln616X4c1W51ez + bV9Ee3u7S+2zxyq5KSJKoZWQjqrKQQaALt1pVvHqNjCJJCsvm5Jc5G1c8HtU + +oaPbQ2M8qySkojEZckcDuK/Lb42/wDBRrxD8Lf2vbD9mxPAltqGzUdIsP7R + OoPGf+JzHbsX8kQt/qxPgDfzjqM8fqTqEmtGxnE0UIj2NuIY5xjtQBLa6LbS + W0LmSUFkU8OcciqdhpVvLc3iM8gEcmBhyCeO/rVy1k1wW0IjigK7FxljnGOK + p2D6uLm88mOIsZPnyTgHHagAvNKt4r6yiV5CJWcHLkkYHY9qs32jW0VlcSrJ + KSkbEZckcDvVa8fVzfWRljiEgZ9gBOCcc5qzfSa2bK4E0UITy23EMc4wc4oA + Wy0a2ls4JGklBeNScOQOR2qrZaVby3l7EzyARMoGHIJyO/rVqyk1sWcAiihK + eWu0ljnGOM1Vsn1cXl6Yo4i5Zd4JOAccYoAL7SreK6so1eQiVyDlySOO3pVy + 70a2jtZpBJKSqMeXJHAqnfPq5urIzRRBw52YJwTjvVu7k1w2swkihCbGzhjn + GOcUAMsNHtpbGCVpJQXRScOQOR2qvaaVbyahfQl5AIjHghzk5XPJ71YsJNaF + jAIYoTHsXaSxzjHGar2j6uNQvjHHEZCY94JOB8vGPwoANQ0q3hms1V5CJJQp + y5OBjt6VeuNFtUt5XEkuVVjzIewqjqD6uZrPzo4gwlGzBPLY7+1XbiTXfs8u + +KALtbOGbOMUAQabpFtNYQStJKC6gkByB+VQ22lW76neQF5AsYjwQ5ydw7nv + U2mya0LCAQRQmPaNpZjnHvUNs+r/ANp3hjjiMpEe8EnA44xQAalpVvC1oFeQ + +ZOqnLk8HPT3rQl0S1WJ2Ek3Ck/6w+lZ+pPq5a08+OIETrs2k8tzjPtV+WTX + fKfdDBjBz8zelAFTS9It59PgmeSUFlyQHIHX0qODSrdtVuYC8m1EQghznn1N + SaXJrI0+AW8ULR7flLMc4z3qOB9X/tW5KRxGYom4EnaB2xQAappVvALXY8h3 + zxocuTwc9PetJ9EtQjHzJuh/5aGs3U31ci2+0RxLidNu0nlucA+1aLya9tOY + YMY/vNQBQ0jSbe406GZ5JAzA8K5A6ntTYtKtzq01uXk2rGrZ3nPJ9aXSH1ga + dCLaKFosHBYkHqetJE+r/wBrTFYovO8tcjJ24zxigA1XSreCKFkeQ7pkXlye + Cf51qf2Ha/8APWb/AL+GsvVH1cxQ/aI4lHnJjaT97PGfatPzNf8A+eMH/fTU + AZmjaVb3OnRTPJIGbdwrkDhiOlC6VbnWHtt8m0Qhs7znO7HX0o0Z9XGnRC1j + iaL5sFiQfvHPT3oV9X/thyI4vO8kZGTt27v55oANW0q3t7ZXR5CTIg+ZyRya + 1P7Dtf8AnrN/38NZerPq5tl+0xxKvmJjaSTnPFafma//AM8YP++moAzNI0q3 + uLJZXeQEsw+VyBwxHSj+yrf+2fs3mSbfs+/O87s78dfSjSH1cWSi2jiaPc3L + Eg5yc0b9X/tnPlxef9n6ZO3Zv6/XNABq+lW9vZGVHkJDIPmckckCtT+w7X/n + rN/38NZervq5siLmOJU3LypJOcjFafma/wD88YP++moAzNJ0q3uLVpHeQHe4 + +VyBwaG0q3GsJbb5NphLZ3nOd2OvpRpL6uLUi2iiZN7/AHiQc55oZ9X/ALYQ + mOLzvJOBk7du7+eaADWdKt7bTpZkeQlSvDOSOWA6Vqf2Ha/89Zv+/hrL1h9X + OnSi6jiWPK5Kkk/eGP1rT8zX/wDnjB/301AGZpWlW88MrO8gKyuvyuRwDRJp + VuNWhtw8m1ombO85yD60aU+riGX7PHEy+a+dxP3s8/hRI+r/ANrQlo4vO8ps + DJ27c8/jQAur6Tb2+nTTI8hZQOGckdR2rRXQ7XaP3k3/AH8NZ2rvrB06YXMU + KxYGSpJPUdK0Vk1/AxDB/wB9NQBm6XpVvOtyXeQbJ3UYcjgevvRNpVuuq20A + eTa6OSd5zx6GjS31cLc/Z44mHnvu3E/e749qJn1f+1bYvHEJgj7QCdpHfNAE + mq6TbwafPMkkpKjIBckdfSrkWiWrRoxkm5AP+sNUtVfWTp84uIoVjx8xViT1 + 7Vdik17y02wwYwMfM1AGfpulW8zXYZ5B5c7oMORwMdfei50q3TU7OAPJtkEm + SXOeB2NGmvq4a78iOI5nffuJ4bjOPai4fV/7Tsy8UQlAk2AE4PHOaAJtS0i3 + gsJ5VklJVSQC5I/KrEGi2rwRsZJclQeJD6VW1KTWTYTieKER7TuKsc49qswS + a75EeyGArtGMs2cYoAo6fpVvNNeKzyARylRhyMjHf3ou9Kt49RsYQ8hWXzMk + uSRtXPB7Uae+riW88iOIkynfuJ4bHb2ou31c6jYmSOISjzNgBOD8vOfw6UAT + 6ho9tDYzyrJKSiMRlyRwO4qW10a2ktYZDJKCyKeHIHIqLUJNaNjOJooRHsbc + VY5xjtUtrJrgtYRHFCU2LjLHOMcZoAp2OlW8tzeIzyARyADDkE8d/Wi80q3j + vbKJXkIlZwcuSRgZ49KLF9XFzeeTHEWMg35JwDjtRePq5vbIyxxCQM+wAnBO + Oc0AWr7RraKyuJVklJSNyMuSOAetFlo1tLZwSNJKC8ak4cgcgUl9JrZsrgSx + QhPLfcQxzjBzilspNbFnAIooSnlrtJY5xjjNAFWy0q3lvb2JnkAiZQMOQTkZ + 59aL/SreK6so1eQiWQg5ckjjt6UWT6uL29MUcRkLLvBJwDjjFF8+rm6sjNHE + HEh2YJwTjvQBcutGto7WZxJKSqMeXJHAqPT9HtprGCVpJQXRScOQOR2FSXUm + uG1mEkUITY2cMc4xziotPk1oWMAhihMexdpLHOMd6AILTSreTUb6EvIFi8vB + DkE7lzye9GoaVbwzWaq8hEkoU5cnjHai0fVxqN8Y4ojIfL3gk4Hy8Y/CjUH1 + czWfnRxBhKNmCeWx39qAL1xotqkEjiSXKqTzIewqvpukW89hBK0koLKCQHIH + 5VPcSa75Em+GALtOcM2cYqvpsmsiwgEEUJj2jaWY5x70ARW2lW76neQF5NsY + jwQ5ycjue9GpaVbwNaBXkPmTohy5PBz096LZ9X/tO8KRxGUiPeCTgccYo1J9 + XLWnnxxAidNm0nlucZ9qANCXRLVY3YSTcA/8tDVPStJt59PgmeSUFhkgOQOv + pVyWTXvLfdDBjBz8zVS0p9ZGnwC3ihaPHylmIPXvQAyDSrdtVuYDJJtREIO8 + 559TRqmlW8C2xR5DvnRDlyeDnp70Qvq/9qXJSOIylE3Ak7QO2KNUfVytt9oj + iUeem3aT97nGfagDSbQ7UKT5k3T/AJ6Gs7SNJt7jToZnkkDMDwrkDqR0rRaT + XtpzDBjH95qztIfWBp0ItooWiwcFiQep60AJHpVu2rTW5eTasStnec5J9aNV + 0q3ghiZHkJaVF+ZyeCaI31f+1piscXneWuRk7cZ4x70ao+rmGL7RHEq+amNp + J+bPH4UAan9h2v8Az1m/7+GsvR9Kt7nTopneQM27hXIHDEdK0/M1/wD54wf9 + 9NWZo76uNOiFrFE0fzYLEg/eOenvQALpVudYe33ybRCGzvOc7sdfSjVtKt7e + 2V0eQkyIPmckcmhX1f8AthyI4vO8kZGTt27v55o1Z9XNsv2mOJV8xMbSSc54 + oA1P7Dtf+es3/fw1l6PpVvcWQld5ASzD5XIHBxWn5mv/APPGD/vpq5zTdZe2 + h+yrcWiMrNlZZQrjJz0z+VAGh/ZVv/bP2bzJNv2ffned2d+OvpRq+lW9vZNK + jyEhlHzOSOSBUcVxqc2rCaFYJJDb8bWJQpv65HfNSau+rmyYXMcSx7l5UknO + RigDU/sO1/56zf8Afw1l6TpVvcWzO7yAiRx8rkDg1p+Zr/8Azxg/76aszSX1 + cWzfZo4mXzH+8SDnPNAA2lW41hLbfJtMJbO85zux19KNY0q3ttOlmR5Cy7eG + ckcsB0oZ9X/thCY4vO8k4GTt27v50aw+rnTpRdRRLH8uSpJP3hjr70Aan9h2 + v/PWb/v4ay9K0q3uIZmd5AVldflcjgH+dafma/8A88YP++mrM0p9XEU32eOJ + h5r53E/ezzj2oAJdKt11aG3DybWjZs7zng+tO1fSbe306aZJJCygcM5I6jtT + ZH1f+1oS0cXneW2Bk7cZ5z70urvrB06YXMUKxYGSrEnqOlAGiuh2pUHzJun/ + AD0NZumaVbzrcl3kGyeRBhyOB6+9aSya9tGIYMY/vNWbpj6uFufs8cR/fybt + xPDcZx7UAE+lW66rbQB5Nro5J3nPHoak1XSbeDT55kklJVcgM5I6+lRzPq/9 + qWxeOIShH2gE7SO+afqr6ydPnFxFCsePmKsSevagC7Folq0SMZJuVB/1h9Kz + 9N0q3na7DPIPLndBhyOBjr71fik13yk2wwYwMfM3pVDTX1cNd+RHESZ337ie + G4yB7UAFzpVump2cAeQrIJMkucjA7HtU2paRbQ2E8qySkopIBckflUNy+r/2 + nZl44hKBJsAJweOc1NqUmtGwnE8UIj2ncVY5x7UAWLfRbV4I3MkuWUHiQ9xV + HT9Kt5prxWeQCOUqMORxjvV23k13yI9kMBXaMZZs4xVLT31cTXnkxxFjKd+S + eGx29qAC70q3j1GxhDyESmTJLkkYXPB7VY1DR7aGxnlWSUlEYjLkjgdxVe7f + VzqNiZI4hIDJsAJwfl5z+FT6hJrRsZxNFCI9jbiGOcY7UAS2mjW0lrDIZJQW + RTw5A5FU7DSreW6vY2eQCKQAYcgnjv61btJNcFrCI4oSmxduWOcY4zVSxfVx + dXvkxxFzIN+ScA47UAF7pVvFe2USvIRKzA5ckjAzx6VavdGtorOeRZJSUjYj + Lkjgd6q3r6ub2yMscQcM2wAnBOOc1avZNbNnOJYoQnltuIY5xjnFABY6NbS2 + VvK0koLxoThyByB0qrZ6VbyXt7EzyARMgGHIJyueT3qzYya2LK3EUUJTy02k + sc4wMZqtZvq4vb0xRxGQsm8EnAOOMUAF/pVvFc2aK8hEkhBy5JHHb0q5daNb + R2s0gklJVGPLkjgVTv31c3Nn50cQYSHZgnBOO9XLqTXDazCSKAJsbOGOcY5o + Ai0/R7aaxglaSUF0UnDkDkdhUFppVvJqN9C0kgWLy8EOcncueT3qfT5NaFjA + IYoTHsXaSxzjHeoLR9XGo3xjjiMp8veCTgfLxj8OtABqGlW8MtmqvIfMmCnL + k8Y7e9Xp9FtUgkYSS5Ck8yH0qjqD6uZbPz44gRMNm0nlsd/ar08mu+RJvhgC + 7TnDNnGKAK+maRbTWEErSSguoJAcgflUNvpVu+qXcBeTbGIyCHOeR3NS6bJr + IsIBBFCY9o2lmOce9RW76v8A2ndlI4jKRHvBJwOOMUAGp6VbwG02vIfMnRDl + yeDnp71oS6JarG7CSbgE/wCsNZ+pPq5Np58cQxOmzaTy3OAfatCWTXvLfdDB + jBz8zUAUtK0m3uNPhmeSUFhkhXIHX0pkOlW7arcQF5NqIhB3nPPqafpT6yNP + hFvFC0ePlLMQevemQvq/9q3BWKLzdibgSduO2KADVNKt4FtijyHfOinLk8H0 + 960m0O12n95N/wB/DWbqj6uVtvtEcSjz027Sfvds+1aTSa/g5hg/76agDO0j + Sbe406GZ3kDMDwrkDqe1JHpVudXmty8m1YlbO85yT60ukPrA06EW0ULRYOCx + IPU9aSN9X/teUrHF53lLkZO3bnj8aADVdKt7eGJkeQlpUX5nJ4JrU/sO1/56 + zf8Afw1l6q+rmGL7THEq+amNpP3s8fhWn5mv/wDPGD/vpqAMzR9Kt7nT45ne + QFi3CuQOGI6ULpVudYa23ybRCGzvOc7sdfSjR31cafGLWOJo8tgsSD945/Wh + X1f+2GIji87yRkZO3bu/nmgA1bSre3tRIjyEl0HzOSOTWp/Ydr/z1m/7+Gsv + Vn1c2oFzFEqb0+6STnPFafma/wD88YP++moAzNI0q3uLMSu8gO5h8rkDg0f2 + Vb/2yLbzJNv2ffned2d2OvpRpD6uLMC2jiZNz8sSDnPNG/V/7ZB8uLz/ACOm + Tt27uv1zQAaxpVvbWLSo8hIZR8zkjkjtWp/Ydr/z1m/7+GsvWH1c2LC5jiWP + cvKkk5yMVp+Zr/8Azxg/76agDM0nSre4tnd3kBEjj5XIHBqxBZRWmuxpGzsP + JZvmYnnOKr6S+ri2f7NHEy+Y+dxIOc81Yga+bXY/tiIreS33CSMZ9/egDpaK + KKACiiigAooooAKKKKAP/9X90JdY01tWguVmzGkbqTtbgnp2p2razptzp00E + E253AwNrDuPUVoTgf25a/wDXJ6froH9k3H0H8xQBFHr+kBFBuOQB/C3+FZ2m + axp1v9r86bb5lxI6/Kxypxg8CupiA8tPoKydGA/07/r6l/pQBmXGsac+qWtw + s2Y41cMdrcEjjtUuqa1plxp88MM253XAG1hn9KvXX/Iasf8Acl/lU2tAf2Xc + /wC5QBVh17SUhjVp8EKAflb0+lUdO1jTYJLwyzbRLMzr8rcqcc9K6a3A+zxf + 7q/yrL0gDzb/AP6+G/kKAM261jTZNSsp0mzHD5u47W43Lgdqm1HW9LnsJ4Yp + 9zuhAG1uSfwq5egf2xpv0m/9BFWdXA/sy5/65tQBQttd0qO2ijefDKigja3U + D6VS0/WNNhuLx5Ztoll3L8rcjH0rpLMD7HB/1zX+VZ2l/wDH1qH/AF2/pQBm + 3msabLf2MyTZSIuWO1uMrgdqsX+uaXNZXEUc+XeNgBtbkkcdqtX4H9qab/vS + f+g1c1MD+zrr/rk/8jQBl2euaVFaQRST4ZEUEbW6gc9qq2OsabFd3ssk2Fld + Sp2tyAMeldBp4H2C2/65J/6CKo6aB9v1H/rov/oNAGZfaxp013ZSxzZWJ2LH + a3AI+lW7zXNKltJ4o58s6MANrdSOO1WNS/4/9O/66N/6DV7UAPsFz/1yf/0E + 0AY9hrmlw2NvFJPtdEUEbW4IH0qtZ6xp0V/fTPNhJim07W5wuD2re0sD+zbX + /rkn8qqaeB/ampf70X/oNAGbf6xps09m8U24RS7m+VuBj6Vdudd0qS3lRJ8s + yMANrdSPpUuqAfatP/67f0NaN4B9kn/3G/lQBhadrelwWEEMs+10QAja3BH4 + VBa6xpsep3tw82I5RHtO1udq4PatzSAP7Mtv+ua1WsgP7Z1H6Q/+g0AZmpax + p08lmYptwimV2+VuFGeelX5te0l4ZFWfJKkD5W9PpUmrgebYf9fCf1rUuAPs + 8v8Aut/KgDndL1rTLfT4IZptrouCNrH+QqODWNNTVLq4abEcioFO1uSBz2rY + 0UD+yrb/AHf61Dagf21e/wC5F/KgDN1PWNNuPsnkzbvLuI3b5W4Vc5PIrRfX + 9IKMBcckH+Fv8KXWQP8AQf8Ar6i/rWvIB5bfQ0AcxpOs6bbadDBPNtdAcjax + 7n0FNi1jTV1ae5abEbxooO1uSOvatXQgP7Jt/of5mmQAf25df9ckoAzNV1jT + biOBYZtxSZGPysMKOp6VqHxBpGP+Pj/x1v8ACk1sDybb/r4j/nWyQMUAcpo2 + saba6bDBPNskXdkbWPViewoTWNNGryXJm/dNCFB2t1BzjpWl4eA/se3/AOBf + +hGiMD+3pf8Argv/AKFQBm6trGm3NuiQzbmEiMflYcA89RWn/wAJBpH/AD8f + +Ot/hSa4B9li/wCu0f8AOtrAoA5LR9Y061sEhnm2uGYkbWPViR0FKNY03+2T + ded+6MATO1vvbs46Z6VpeH/+QZH/ALz/APoRoAH/AAkDf9ew/wDQ6AMzV9Y0 + 65s/Kgm3NvQ42sOAeeorU/4SDSP+fj/x1v8ACk17/kH/APbRP/Qq2sCgDk9J + 1jTba0Mc821t7nG1jwTx0FB1jTf7YW68790ICmdrfe3Zx0z0rS0ED7Cf+ukn + /oVDAf8ACQL/ANex/wDQ6AM3WNY0260+SCCbc7FcDaw6MCeorT/4SDSP+fj/ + AMdb/Ck8QAf2XL9U/wDQhW1gUAcnpWsabbQSJNNtLSuw+VjwTx0FJJrGnHV4 + rkTfuliZSdrdSfpWnoYH2aX/AK7Sfzol/wCQ9D/1wb+dAGbrGsabdabNBBNu + kbbgbWHRge4rSHiDSMD/AEj/AMdb/Cl8QAf2Rcf8B/8AQhWwAMCgDk9K1jTr + eO4E020vM7j5WOVPQ8Clm1jTW1W3uVmzGiOCdrcE9O1aWif6q6/6+JP6UXAH + 9uWv/XKSgDP1bWdNudOmghm3O4GBtYdx6ir0ev6QEUG45AH8Lf4VNrgH9k3H + +6P5itKIDyk+goA5bTNY023N35023zLh3X5W5U4weBRcaxpr6paXCzZjiWQM + drcbhx2rT0YDN9/19Sf0ouwP7asf92X+VAFHVNa0y40+eGGbc7rgDawz+lWo + Ne0lIY0afBVQD8rdh9Km16WGHSrhpXVAVwCxAyT25rRtgPs8X+4v8qAOa07W + NNgkvGlm2iWYsvytyCBz0outY02TUrGdJsxw+buO1uNy4HatLSQPOv8A/r4b + +QovQP7Y03/tt/6CKAKeo63pc9jPDFPud0IA2tyT+FTW2u6VHbRRvPhlRQRt + bqB9Kv6sB/Zlz/1zb+VWLMD7HB/1zX+VAHN2GsadDcXjyTbVlk3KdrcjH0ov + NY06W/sZo5spCzljtbjK4HatPS/+PvUP+u39KNQA/tPTf96T/wBBoA/m4/4L + PfEvUfEvxv8AB3w0sLlpdH0LRVvhCu4Br6/nlR2K8ZIihjCnHGWx1Nfsr+zx + +y5+z58CvhhpPg208M6ZfaobSIarf3dmlzcXl0yDz2eSRGOwvnbGCEUcAdSf + w3/4K14j/ba015fuf2NpB/4CJps/1r+ojTgP7Ptv+uSf+gigD+fX9rr/AIJv + eMNQ+Nlt8Sf2RrKy0LT5vLu5LZLkWC2OowPuWW0XA8tWwrBV4RwduAQB+1Uv + xFsPDXw+0fxv8WL618Py6XYQ3WuSPJ/o1pP5K+eBJjDKJCVUr97jA5Ar1LTg + P7Q1H/fT/wBBr8cv+C1/jPUNH+C/gbwVZXDQweItYmmuUU482OwhBVW9VEkq + Nj+8qntQBf8AG3/BaP4A6bq13o3hXwnrviCwQvEL/EFqko5G+KORzIVPUbwj + eqivt/8AZl/bK+Bn7S/ho3Hw/wBVlg1TTY1+26VfR+VfWw+6HKIXR4yejxuy + 8gEhuK+Xf2Jf2JP2dov2TvC/iLxp4G0rxRr3jTSE1S9vdUtY7qZReIZYkgaQ + MYFjjZQDFtJI3E5Nfl98IvD0X7LH/BVHS/h74MuJbfRjrcWmpEzFt1jrdqkk + cDk5LiPz0wWycorHkZoA/ef9pD9qTwZ+y14JuPif4q0291qwu9QtbBIbAJ52 + +WKRt/71kXaPLIPOeRgV8VeKf+Cx/wCzhbeG/D+t6PoWu6nq92JZp9NWKGI2 + RjkeJUnmaXZukCiRfKEg2MNxVvlq9/wWF/5Nek/7GnSv/SW7rzn/AIJl/skf + AzxB+zlonxX8f+ENN8Wa34v1C9UvqttHexwWtpM9qsUUUysiZaJnLBd53YLY + AAAPrv8AZv8A+Cj/AMAP2m9Tl8FaP9u8MeKpInaHTtUjQfawiFn+zTQvIjlA + MlW2PgEhSoJH1D49+Nnwy+Cnw9n8dfErW00fSNMRBLIyO7NIxwkcaIrM7seA + qgnv0BI/mp/aE+GPhz9mD/gpD4d0f4XwnTdGi1zw/qlnaq7EQLdSxGaAMTny + y28BSThG28ivv7/gs3o3iu9+BHw41fTYpJfD+m6tL/aJRSVjnmg22rvjoP8A + WqCeMsBnJAIBoXX/AAWn+BVl4lu20/wP4ivNMlKqJ2+yRSkJxuEXnMMHqMuD + 619qfs+/txfAn9qtmtPh1dXtlrGklLq70zU7fybmO33bPNBjaWF03MB8khIy + MgZFflb+y7+1r/wTk8K/B/QvAfxR+HdtaavbWNtBqk97oMGqJd3iJtnufPAl + lYSvlwGUFAdijCg1+of7JY/Yzbw5fXn7H76abHUNTjudTS2M4vEkcN5azR3f + +kRxj5vKQgRj5tg5agDnfHH/AAUU+Ffgz9pmL9lq+8Pavca1dX+m6auoQiD7 + GJdVihkiYhpFl2p56h/kzwcA8Z+v9c8faJ4F8A6r4p1LfNHoGn3N9LDEv7x1 + to2lZVJwu4hcDJxnqa/nX/aP/wCUyOm/9jX4M/8ASPTq/oE+Mf8Aybn4+/7F + jWP/AEjloA+fP2Sv25/ht+1jrPi0+FNG1PQT4eisml/tBYiJBcmULsMMknI8 + o5zjqMd6wv2tP+Cg3wu/Ze8Z6B4L8U6DqutTajbR6oJtPWHYkQmkiKETSRkt + lCeBjBHNfnx/wQ4/5GD4v/8AXrov/od5Xmv/AAWz/wCTgfA3/YsL/wCltzQB + 9v8Aj7/gs3+zp4b8QXGieEfD2ueK7S3kMbahEkNrbygfxwLNJ5rL/vpHn6YJ + 9YtP+Co/7JWl/Bix+JM2uXUt1M7240COBW1lZ1O4q0O/y1TaQRKZREegct8t + d34O/wCCen7K2m/BGy+Ger+AdM1C4m06OO71iS3RtWkumjHmXCXpHnRtvyyq + jBF6BdvFfz6fsH/s7eDfi5+2JD8LviLD/amg+Hv7Subq23FFuzp5MaIxXB2G + QqzAEZUFc80Afq34N/4LN/ADV/GAg8VeFdd8PaZd7IhekQXSxc/fmjjcSBR1 + PliRvRTX6vxeMvDHizQtL17w3qEeoadqAgu7eeLLRy28ih0kVscqykEV+Ov/ + AAVI/ZP+B3hf4D3nxO+HvhDTPCWseF7nT13aTaxWUdxb3cot3jlihVUchnRg + 5G4bcZwSD6d/wTv+Jd/pH/BPGTxRqkhmTwLc60YTKxYCC0VrwKc/wqXIA7AY + FAHvH7R//BSj9nP9nHXW8HanNfeKvEsS5nsdHjjk+yMQCq3Ms0kaIzA52rvc + DllAIJ8q/Z+/4Kwfs4fEvVtP8DeJoNQ8DaneSGKCfUhE9g7uxKKbiJyUZjxm + RFXOPm5r8a/2JfH/AOy/D8Y/FPxh/bS1L+1L5m+1WFveWE2pW97qF7JI9zc3 + EcUUisYsDasg2lpNwBKDHa/t9eOP2Hfih4Y8O+Lv2cZobHxva3RttStLPSp9 + NtrqxdZGEzhoY4jLE6ooI+ZlchshF2gH9Raaxpw1iS6M37poQoO1uoOcdM1+ + Va/8Fh/2cNRm1nT9b0LX9HbR1aWMvDBMbyWGZY/IhEcxw7Bi4MhRNqtlgcA/ + Vf7A/wARNW+Kn7Mfw68Y6/cteajJo7WU8z8vI+nXUtlvc92YQgse5Oe9fzy/ + sH/A7wZ8ef2t7vw74/tRqOh6JHf6tPZuSI7ow3EcMccmMEpvmVmXOGC7TkEg + gH65/D3/AILKfADxh4us/DOv+Fte8O2+oTrBDetHFeRqznCmWKBzKMnjEaSH + J6V+qOj6xpttYrDPNtcMxxtY9WJHQV4rov7HX7Mfhr4kaV8WPDPw50jRvEWi + xNFaSWNsttbxlsYl+zRbYPOUZCy7N4yeemPfNAA/sxP95/8A0I0AZo1jTf7Z + N1537ryNmdrfe3Zx09K/mU/b/wDFes/tc/t2WHwY8DXCy2uhy2/hmzc5MSXB + bzL+4dRyBE7MsmOdsI4r+iH49fFTTvgh8OvGPxX1PaY/DWiTXMaPwJbndst4 + v+2szIg92r8Ef+CSvww1L4ifGjxp+0L4p3XjeHI/LjuJR80mq6xIxllDd2WF + ZQ//AF1FAHX/APBHj4v3Pw6+Knjv9nPxk7WX9rK17bQyZ/dalprGK6iAH8bx + HLe0Ff0EaRrGm21oY55trb3ONrHgnjoK/mn/AG19P1H9jv8A4KMaZ8bvDsDR + 6dq95aeKI0j4EqzMYdTg3dMzMsxYdllHrmv6WvBWq6dr3hy01zSJ1urHUVFz + bzJyskMwDo49mUgigD8qdN/4LD/s4Ta/rT6/oWv6Suj2koiBhgme9njnVPIh + CTYDsGLgyFE2q2WBwDiaR/wWZ/Z+8T6sNB1/wvrvh7TrmRFTUJFguEjG4fPN + FFIZFUDOfLEh9Aa/LH9gX4EeD/2gf2xX8L+P7Qaj4f0ZdR1e6s2JCXP2aVY4 + 43xyU82VCy/xKCp4Jr9FP+CrX7I3wR8FfAex+Lfwx8J6d4Q1fQ9TtrW4XS7d + LSG6tLoNGVkiiVUaRZAjK+M43g5yMAH7EeIPi34N0X4dal8TbS7GraRYaVNq + 6Na/N9ptooDcAxMcKd6D5SSByOcV+YXhv/gsl+zYPDWsanqugeIbO+tLiIW1 + gILeSa7FxvLMjicRosWweZvYH512Bvmxr/sb+J73xL/wSq1qPUJmnl0fw/4r + 09WbkiOJLlolz6Ijqo9AAK/Nn/gkx+zf8Ofjt8VPFniH4n6RD4g0rwZY27Q2 + F0u+2kur53VHljPyyKiRSYVsjcQSDgUAfpF8Kf8Agr1+zz8RPH9hoHirSdU8 + Epen7NBe3vlT2Yd2wnnPExeIE4G7YVXOWZVBNfcv7U+s6bd/szfFeG3m3u/h + XWsDDDP+hSnuK/Ef/grz+zL8KPhHL4I+I3ws8P2fhZdakubC/s9PiW3tZHRR + LDKkEYCIwG9X2gAjbxkEn9OdK8T3vjH/AIJdSeItTma4vLj4Z3KTSvy0kkOm + vEzMe5YoST3NAHwT/wAEPdQs7BPjR9rk8vefDuOCc4/tHPQe9fdH7aH7Q/7O + nwN0zwxd/Hf4cQ/EaPWLzURp6S6fZXxtNghMrD7bgJ5gZM7OTtGegr4j/wCC + GX3PjX9fDn/uSpf+C1f/ACKvwt/7Cmu/+i7SgD9h/hH448E+Lvh74G8Y+DNO + XQPD2qaLa3VlYLCkK2dvcQo8UAjhHlrsUhcJ8oxxxXzV+0//AMFGP2dP2e7u + fwVql3d+JvFAAE2naREkjWmQGX7TLK8UcZI/hBZxkEoAQa6v4JeKz4D/AGJv + h945VBIfDvw3ttSCt0Y2mlrNg+x21+HX/BNr9n7wx+1L8W/H3xL+NMZ8SweG + o4r6e3uSSl7qeqTSMstxjG9QIpWKHhmK5yoKkA/TL4Vf8Fiv2cfGviC18N+M + 9J1bwQt0yxx392IriyRjwPOeFjJGCcfN5ZUdWZQM19a/HD9sP4G/syeGB4l+ + ImrSTyazNJLpthp6C4vL5MKS8SlkQIARl3dU5AzkgHD8Rf8ABPX9kbxT4z8N + +PJPh9YaXc+HnEos9Nijs9PvSB8gvLWJRHKEb5hgKWPDl0ypzP2u/hz+yR4w + +H6X37Vd3Z6LpGjamXsb1p/s14GBUyW9uYw0siSqMSRRqx2/MArKrqAfF8f/ + AAWs+C9xr1rPd/D/AF+GwhLK0iSWkku1uMiMyKuQO2/8a/S/4RftK/CD9o/4 + fS+MPhZrH263yYZ7eWNorq1mxny54zna2OQQSrDlWIr8wPiL8e/+CRnifwbd + fD6ysdHtbI2VxbQXNj4Zu7e4glMe2KWK4Fok29Ww24tlj97IJz83/wDBF/Wt + Qh+JnxN8OpKwsbzw/DdSR5O0y210kcbY6ZCzOM+9AHmH/BVf9ovwv8avizpP + gXQNNu7K6+GMup6Vey3Pl+XcStJEN8Oxmbb+6P3gp5HFfrJ+wR+3R8O/jnDb + fB/SND1LSdS8L6Bazz3F15TW8n2UQWjrH5bs+SzbhuUcDnB4r4J/4LVeH9B0 + fxX8LL7SdNtrK51Kz1WW6lghSN7iTzLb55WUAu3J5bJ5Nfth+zL4P8I6D8LP + DGqaFoljp15d6NpomntraKGWUG1iY73RQzZbnk9eaAPiv4zftUfso+Ff2xNF + +F3iv4Twa544uNR0iAeIW0vT5XE98sC2kpnl/wBIzb7kwcbl2/J0Ffo943+I + Xgvwl4R1bxJ4m1eDS9L063eW4ubgmOKNAOrMRj2A6k4A5Nfzp/tf/wDKXDwv + /wBjF4K/nZ19m/8ABa3xvqWi/BDwV4GsbloIPEutSTXSKcedFp8O5Ub1USSo + +P7yqewoAseJP+C0nwB0LVjpHhnwjrviCwtiIzfYgtUl28b4o5HMhU9RvCN6 + qK+1/wBmT9sj4H/tMabqWp+ANTlttRt2El1pV9GIr+3Q/KHZEZ0ZCeA8bsuS + ASG4r5v/AGGP2If2dF/Za8H6/wCN/AuleKtd8baZFqd9e6pax3UwF6vmRxwN + IGMCpGyqDFtJI3E5Nfl78LfDlv8Asqf8FXLL4ceCLiW20RNfXSo4mcuTYazb + q8cDk5LiPz0wWycorE5GaAP2y/a5/bU+Hv7KSeEdX8U6RqGux67NeJGuniIN + GbdIyd/nPGOfMGMZ6HNfLnj3/gsr+zjpNhaW3hbQNc8RXN/ZQTz7I4baK1e4 + jDPbu8km55YSdr7EMe4fLIw5ryH/AILjf8i58If+vvWv/RdpX0n+xt+xN+zh + F+yV4T1rxd4E0nxNrfjLRItVvr/UrWO6uQ19F5yJDJIC0AjRlVfKKHI3Elsm + gD3z9lv9uj4EftPadLp/gu8utL1/S4Ve50nUohHdCJcJ50ZiaSOSPcQMq+Vy + N6rkZ9n+IXxp+GnwW8Ma58RfiTrSaPoVo0ZMzI7s7N8qxxxopd3Y8BQM9+gJ + H84/7M3heH4Df8FT9N+H3haWT+y7DXNS02JGcsWsrqzm8tJD/GUV1OT1ZQet + fb//AAWh0bxZe/Czwnq2mxSS+H9N12T+0Cilljnmtttq74+6P9aoJ4ywGckA + gGxrf/Baf4EnXrdNM8EeIrrTbaVibh/skUjDoCsXnMOevLg19v8A7O/7c/wG + /aos9T0/4eXd7Y63YW7TXGmanbeTcpCSEEgaJpYWTcQPlkJGRuAyK/KH9m/9 + rX/gnJ4c+DPg/wAAfEf4c29jrOn2sUOtT3ug2+ppe3YTbNc+eBLK4kbLBWUF + AdijCgn9U/2Qh+xmfBfiW8/Y/fTTZX8xudTS2M4vEkdW8tZo7v8A0iKMYbyk + IEY+bYOWoA+ttP1zS4bGCGWfa6IoI2twQPpVe01jTY9Qvp3mwkxj2na3O1cH + tW7pYH9m2v8A1zX+VVLAD+1dS+sX/oNAGZqGsadPNZvFNuEUoZvlbgY+lXrj + XtJe3lRJ8sysB8rdSPpUuqgfaNP/AOu4/lWldgfZZv8Acb+VAGBput6ZBYQQ + yz7XRQCNrcH8qittY02PU7y4ebEcoj2na3O0YPatrRwP7Ltv9wVXswP7Z1D6 + Rf8AoJoAzdS1jTZ2tDFNu8qdXb5W4UZyelX5df0lonVbjJKkD5W9PpT9XA32 + H/Xyn9a1ZwPIk/3T/KgDm9L1rTLfT4IJptrouCNrHHPsKjg1jTk1W5uWmxHI + iBTtbkjr2rY0QD+yrb/d/rUVt/yG7z/rnHQBmaprGm3AtfJm3eXPG7fK3CjO + T0rSfX9IKMBcdQf4W/wpdaA22X/X1F/WtdwNjfQ0AcvpGs6bbadDBPNtdAcj + ax7k9hSRaxpq6tNcmb928aqDtbqD9K1NBA/si3+h/wDQjTYQP7duP+uKfzoA + zdV1jTbiKFYZtxSZGPysOAeTyK0/+Eg0j/n4/wDHW/wpNbA8i3/67x/zrawK + AOS0bWNNtdOignm2Ou7I2serE9hQusaaNYe6M37owhQdrfe3Zx0rT8PAf2RB + /wAD/wDQjQgH9vyf9e4/9CoAzNW1jTbm2SOCbcwkRsbWHAPPUVqf8JBpH/Px + /wCOt/hSa7/x5p/11j/nW1gUAcnpGsaba2SwzzbXDMcbWPViR0FH9sab/bP2 + rzv3X2fZu2t97fnHTPStLQAP7NX/AH3/APQjRgf8JD/26/8As9AGbq+sabc2 + Rigm3OWQ42sOAQT1Faf/AAkGkf8APx/463+FJrwH9nH/AH0/9CFbWBQByek6 + xpttatHPNtYu5xtY8E8dBSNrGnHWEuhN+6EJTO1vvbs4xjNaehAfYm/66yf+ + hUOB/wAJBH/17n/0KgDM1nWNNutOlggm3OxXA2sOjA9xWp/wkGkf8/H/AI63 + +FJ4hA/smb6p/wChCtrAoA5PStY023hlWabaWldh8rHgnjoKJNY01tWhuRN+ + 7WJlJ2t1J+laWiAfZ5/+u8n86JQP7dg/64v/ADoAztX1nTbrTpoIJtzuBgbW + HQg9xWiviDSNo/0j/wAdb/Cna+B/ZFx9F/8AQhWsoG0fSgDldL1jTbdbkTTb + fMnd1+VuVPQ9KSbWNOfVba5WbMcaOGO1uCenatPRQNl3/wBfMv8ASi4/5Dln + /wBc5KAKGq61plxp88EM253XAG1h39xV2LX9JWNFNxyAB91v8Kn1sD+yrn/d + /qK0IQPJj/3R/KgDmNN1jTYGuzLNt8yd3X5W5U4welFzrGmyanZ3CTZjiEgY + 7W43DjtWlo4G6/8A+vmT+lF2B/bNh/uy/wAhQBS1PWtMuLCeGKfc7qQBtbk/ + lVmDXtJSCNGnwVUA/K3UD6Vb1gD+y7n/AHDVy1A+zRf7i/yoA5nTtY02Ca8a + WbaJZSy/K3Ix16UXesabJqNjOk2Uh8zedrcblwO1aek/6/UP+u5/lRfAf2vp + n/bb/wBBoAqahrelz2M8MU+53RgBtbkkfSpLXXdKjtYY3nwyooI2t1A+laOq + gf2bdf8AXNv5VNYgfYrf/rmn8hQBztjrGmw3N7JJNhZZAyna3Ix9KLzWNNlv + bKaObKRM5Y7W4yuB2rS0wD7ZqH/XUfyo1AD+0tO/35P/AEGgCtfa5pc1lcRR + z5d43UDa3JIIHalstc0qKzgiknwyRqpG1uCBg9q1dSA/s66/65P/AOgmjTgP + 7Ptf+uSf+gigDn7LWNOivb2WSbCSspU7W5AGD2ov9Y06a6spI5srFISx2twM + fStPTgP7R1L/AH0/9Bo1P/j907/rqf5UAQXWu6VJazRpPlmRgBtbqR9Kj0/W + 9LhsYIZZ9roigja3BA+lbd8B9iuP+ub/AMjUOlAf2ba/9c1/lQBh2msabHqN + 9O82Em8vadrc7Vwe1Goaxps81m0U24RShm+VuBj6VpWIH9ral9Yf/QaNVA+0 + af8A9dx/I0ARXGvaS8EiLPkspA+VupH0qvpmtaZb2EEMs+10UAja3B/Kt+6A + +yzf7jfyqpo4H9l23+4KAMW21jTo9TvLh5sRyiPadrc7Rg9qNS1jTbhrQxTb + vKnR2+VhhRnJ6Vp2YH9s6h/uxf8AoNGsAb7D/r5j/rQA2XX9JaN1FxyQR91v + 8KpaVrWmW+nwQTTbXRcEbWPf2FdJMB5Mn+6f5Vn6IB/ZVt/u/wBaAMiDWNNT + Vbm4abEciIFO1uSOvak1TWNNuFthDNu8udHb5WGFGcnpWnbAf23ef9c46NaA + 2Wf/AF8xf1oARvEGkFSBcdv7rf4Vn6RrOm2unQwTzbXQHI2sepJ7CupcDY30 + NZOgAf2Rb/Rv/QjQBlR6xpq6vNcmb920SqDtbqD9KXVdY024hiWGbcVlRj8r + DgHnqK0of+Q9cf8AXFP50a2B9ng/67x/zoAX/hINI/5+P/HW/wAKzNG1jTbX + TooJ5trruyNrHqxPYV1mBWL4fA/smD6v/wChGgDNXWNNGsPdGb90YQgO1vvb + s46UatrGm3NsscM25hIjY2sOAeeorSQD+35P+vcf+hUa6B9jT/rrH/OgBf8A + hINI/wCfj/x1v8K+ZNbmE+rXUinI3kD/AIDx/SvqLV9Qi0rTLnUZcYgQsAe7 + fwj8TgV8p2tvNqF7Fax/NLcSBR/vMcUFRPbfB93ZafaWJmk2qLUgnB+88hfH + T0NdLq+sabdWTQwTbnLKcbWHRgT1FXbeCO21qK2iGEiswij2V8CpdfA/s1v9 + 9P8A0IUEi/8ACQaR/wA/H/jrf4VmaTrGm21s0c021jI7Y2seCeOgrrMCsXQg + Psb/APXWT+dAGY2saadYS6E37oQlSdrfe3Zx0pdZ1jTbrTpYIJtzttwNrDow + PcVpP/yH4/8Ar3P/AKFR4gA/smf6p/6EKAF/4SDSP+fj/wAdb/CsvStY022h + mWabaWldh8rHgng8CutwKxdDA8if/rvJ/OgDNl1jTW1aG5E37tI2Una3Un6U + ur6zptzp00EE253AwNrDuD3FaMwH9u2//XF/507XgP7IuPoP/QhQAxfEGkBQ + Dcdv7rf4VnaXrGm263Imm2+ZPI6/Kxypxg9K6pANi/QVj6KBtvP+vmX+lAGb + PrGmvqttcLNmONHDHa3BPTtT9V1rTLjT54IZtzuuANrDv7ir9yB/bdn/ANc5 + Kl1sD+yrn/d/rQBXi1/SViRWuMEKAflb0+lZ+m6xptu12ZZtvmzu6/Kxypxg + 9K6iADyY/wDdH8qytHA33/8A18yf0oAzLnWNOk1OzuEmzHEJNx2txuGB2qbU + tb0yewnhin3O6kAbW5P5VdvAP7Z0/wD3Zf8A0GrGsAf2Xc/7hoApW+vaSkEa + NPgqoB+VuoH0qlp+sabBNeNLNtEspZflbkY+ldJagfZYf9xf5Vm6UB9o1D/r + uf5CgDMu9Y02XUbGdJspCZNx2txuXA7VY1DW9LmsZ4Yp9zujADa3JI+lW78D + +1tN+sv/AKDVrVQP7Nuv+ubfyoAzrTXdKjtYY3nwyIoI2t1A+lU7DWNOhur2 + SSbCyyAqdrcjH0rorED7Db/9c0/kKoaZ/wAfuo/9dR/KgDNvdY02W9spY5sp + EzFjtbgEYHarV7rmlS2c8Uc+WeNlA2tySMDtVjUQP7R07/ff/wBBq7qIH9n3 + X/XJ/wD0E0AZNjrmlw2VvFJPh0jRSNrcEAA9qrWesabFe3s0k2ElZCp2tzhc + HtW/poH9nWv/AFyT/wBBFUtPA/tLUf8Afj/9BoAzL/WNNmubKSObKxSFmO1u + Bj6Vcutd0qS1mjSfLMjADa3Uj6VPqn/H5p//AF1P8q0L4D7Fcf8AXN/5GgDE + 0/W9LgsYIZZ9roigja3BA+lV7TWNNj1G+nebCTeXsO1udq4Pat3SgP7Ntf8A + rmv8qq2IH9r6n/2x/wDQaAM3UNY02eWzaKbcIpgzfK3AAPPSr0+vaS8EiLPk + spA+VupH0qTVgPPsP+u6/wAjWndAfZpf9xv5UAc/pmtaZb2EEMs+10UAja3B + /KobfWNOTVLu4ebEcqxhTtbnaOe1bWjgf2Xbf7gqC0A/tq//AN2L+VAGZqes + abcG08qbd5U6O3ytwozk9K0Zdf0lo3UXHJBH3W/wp2sAbrD/AK+o/wCtaswH + kv8A7p/lQBzelazpttp8EE0210GCNrHv7CmQ6xpqarcXDTYjdECna3JHXtWt + oYH9lW3+6f5mo7cD+27v/rnHQBm6prGm3C2whm3eXOjt8rcKOp6VpN4g0jaf + 9I/8db/CjWgNlp/18xf1rYYDafpQBy2kazptrp0ME8210ByNrHqSewpsesac + urzXJm/dNEqg7W6g/StXQAP7It/o3/oRpsQH9vT/APXFf50AZmq6xp1zDEkM + 24rKjH5WHAPPUVqf8JBpH/Px/wCOt/hSa4B9ng/67x/zrawKAOT0fWNNtdPj + gnm2upbI2serE9hQusaaNYa68790YQmdrfe3ZxjGa0vD4H9lQ/V//QjQoH/C + QP8A9ew/9DoAzdW1jTbm1WOCbcwdDjaw4B56itP/AISDSP8An4/8db/Ck10D + 7Ev/AF1j/nW1gUAclpGsabbWQinm2tuY42seCcjoKP7Y03+2hded+6+z7N21 + vvbs46Z6Vp6B/wAg4f77/wDoRoIH/CQj/r1/9noAzNY1jTbqxaGCbc5ZTjaw + 6EE9RWp/wkGkf8/H/jrf4Umvgf2a/wDvJ/6EK2sCgDk9J1jTba2dJptrGR2x + tY8E8dBU8N/aXmuxvbSbx5LL0I5znv7Vb0ID7JJ/11k/nQ//ACH4v+vdv/Qq + ANqiiigAooooAKKKKACiiigD/9b9z5dLjXVYIPPmIeNjuL/MMehp+raVHb6d + NMLiZyoHDOSDyOopksuq/wBqwM0EYlEbbV38Ed+afq0urNp0wuLeNIyBkh8k + cjtQBej0WIop+1XAyB/y0NZ2maXHP9rzPMvl3EifK+M4xyfU+9aMc+t7FxbR + EYH8dZ2mS6qv2vyII2zcSFsvjDcZA9qAC40uNNUtYBPMRIrncXO4YHY9ql1P + SY4LCeUXE7lVzhpCQfqKiuJdVOqWrPBGJQr7V38EY5yal1ObV2sJxPbxrGV5 + IfJA+lAFqHRomhjb7TcDKg8SHHSqGnaXHNJdgzzL5czL8rkZxjk+pq/DNrYh + jC20RG0Y+ftiqGnS6qsl55MEbEzMWy+MNxkCgAutLjTUrKETzES+byXJYbVz + we3vU+o6RHDYzyi4nYqhOGkJB+oqC6l1U6lZNJBGJB5uwB+D8vOT2qfUZtYN + jOJreNUKHcQ+SBQBNbaNG9tE5uZxuRTgSEDkdqpWGlxy3F4hnmXy5duVcgnj + qfU1dtptaFtEEtoiuxcEv2xVKwl1UXF4YYI2YyfOC+MHHQUAF5pccd/YxCeZ + hKXyS+SMLng9qs3+kRxWVxKLmdikbHBkJBwO4qteS6qb+yMkEYkBfYA+Qfl5 + z6VZv5tZNlcCW3jVDG24h8kDHNADrPR45LSCQ3M67kU4EhAGR2qpZaXHLd3s + ZnmURuoyHIJyO/rVuzm1kWkAjtoygRcEvgkY4qpZS6qLu9MUEbOXXeC+ADjt + 60AF9pccV3ZRieZvMdhkuSRgdvSrd5o8cdpPILmc7UY4MhIOB3qpfS6qbuyM + sEauHbYA+QTjv6VbvJtZNpOJLaMIUbJD5IGOaAG2GkRy2UEpuJ1LopwshAGR + 2FVrPS45L++iM8wERTBD4JyueT3qzYTawLKARW8bIEXaS+CRjiq1nLqov74x + wRmQlN4L4A+XjHrQAX+lxxT2aieZvMl25ZySOOo9DV250aJLeVxc3B2oxwZC + RwKpX8uqmezM0EasJfkAfOTjoau3M2tG3lD20QXY2SH7YoAh07SI5rGCU3E6 + lkBwshAH0FQWulxvqd7CZ5gIhHghyGO5c8nv7VPp02sCxgENvGyBBtJfBIqC + 1l1UaneskEZlIj3gvwPl4we9ABqWlxwvZgTzN5kyr8z5xnPI9DV+bRolhkb7 + TcHCk8yHHSqGpS6q0ln50EakTKVw+ct2Bq/NNrfkybraIDac/P2xQBU0vSY5 + 9PglNxOhZc4WQgD6Co4NLjfVLqDz5gEVDuDnccjuak0ubV10+AQW8bRheCXw + SPpUcEuqjVLpkgjMpVNw38AY4waADU9Ljg+y4nmbzLiNPmfOM55HofetF9Fi + CMftVxwD/wAtDWdqcuqt9l8+CNcXEZXD5y3OAfatF59b2Nm2ixg/x0AUdJ0q + O406GY3EyFgeFcgDk9BTItLjbVZ4PPmASNTuD/Mc+pp+ky6sunQi3t43jAOC + XwTye1Mil1X+1Z2WCMymNdy7+AO3NABqulxwRwETzPumRfmcnGe4960zokX/ + AD9XH/fw1marLqrRwefBGgEyFcPnLdhWmZ9cx/x6xf8AfdAGZo2lx3OmwzNP + MhbdwjkKMMRwKE0uM6vJb+fNgQht287uvTPpRo0uqrpsK20Ebxjdgs+CfmOe + PrQkuq/2vIwgj87yQCu/jbnrmgA1XS44LdHE8z5kQYZyRyev1rU/sSL/AJ+r + j/v4ay9Wl1VrdBcQRovmJgh8854Fann65/z6xf8AfdAGXo+lx3FgkrTzISWG + EfA4YjpQNLj/ALZNv582PIDbt53fexjPpRo8uqrYILaCN49zYLPg/eOaBLqv + 9slvIj87yANu/jbu659c0AGr6XHb2fmCeZ/nQYZyRyfStT+xIv8An6uP+/hr + L1eXVWs8XEEaJvTkPk5zxWp5+uf8+sX/AH3QBl6TpcdxaGQzzJ87jCuQODQd + Lj/thbfz5sGAtu3/ADfexjPpRpMuqraEW8Ebpvfkvg5zzQZdV/thW8iPzvII + 27+Nu7rn1zQAaxpcdvp8konmcgrw75HLAdK1P7Ei/wCfq4/7+GsvWJdVbT5B + cwRpHlclXyfvDH61qefrn/PrF/33QBl6Vpcc8EjmeZMSuuFcgcHr9aJNLjGr + xW/nzYaJm3bzu4PTPpRpUuqrBILeCN1818kvjnPIokl1X+14mMEfneU2F38b + c9c0ALrGlx2+mzTLcTOV28O5KnLAcitIaJFgf6Vcf9/DWbrEurNpsy3MEaRn + bkq+SPmHatIT65gf6LF/33QBmaXpcc6XBM8ybJnX5XxnHc+9E2lxrqtvB58x + Do53FzuGPQ0aXLqqpceRBG4MzlsvjDdx9KJpdV/tW3ZoIxKEfau/gjvzQA/V + tKjg0+aYXEzlQOGkJB5HUVej0WIop+1XHIH/AC0NUdWl1ZtPmFxbxpGQMkPk + jkdqvRz63sXFtFjA/joAztM0uOc3eZ5l8u4dPlcjOMcn1PvRcaXGmqWkAnmI + kWQ7i/zDA7HtRpkuqqbvyII2zO5bL4w3GQPai4l1U6paM8EYlCybQH4Ixzk0 + AeB+JYtStdYuLLUp5J3gYhWkYnKHlSM+ox0r2fwg1vr2jRTm7nE8X7uVRIeG + HQ49COf/ANVYPj/QtS1C2GstbIklquHKNktHn0/2T+ma878MeIrnw5qH2qIb + 4pBtkQ9COx+o7f8A16Ctz3fTtLjmkvFM8y+XMy/K5GcAcn1NF1pccepWMInm + Il83JLksNq54PbPeodGvr+6S4urCOKaOaQvu34GSB0qa6l1U6lYtJBGJB5uw + B+D8vOT2wKCSfUdIjhsZ5RcTsVQnDSEg/UVNbaNE9tE5uZxuRTgSEAZHaodR + m1g2M4mt41QodxD5IFTW02tC2iCW0RXYuCX7YoApWGlxy3F4hnmXy5MZVyCe + Op9TReaXHHf2MQnmYSlwSXyRhc8HtRYS6qLi8MUEbMZPnBfGDjoKLyXVTf2J + kgjEgZ9gD5B+XnPpQB/Pn/wWh+CuvaX478HfHCwhmudDv9OGiXc/3xBd20ss + 8PmN286OVgn/AFyPtn7l/Z6/4KUfsyeOvhlpV58TfGbeDfFljaxxanZ3olCP + PGgDy2zxoyPHI2WVQd46FeAT+iPjfw1ZeOPCep+FfGuh2Wr6LqELR3NtdKs0 + TpjPKMCCQeQeoIBBBwa/LPxB/wAEcP2dvEGp/wBsaJqHiDQbS4Ic2dtfW8kK + K3OI2uLaWVf+Bu9AHw1+0j+3N8Yf2g/2g9I+Hv7G3iDW9P0mZ006x+ySSW02 + q3UrZe4kTAZIlAwvmAFUVnbbkhfqv/grt8JPEFn+zX8N9ee7uvEM/gy8js9S + vp2LysLm2WJrmTjjzJokDH+86+tfdf7Nf7F3wV/ZkvrzUPhv4dF3r5HlPq2p + zC5vljccxxyBESNWH3vLRN3Rs8V9M+LtEt/FunHw34s0i01PTNRWSCe0uAJo + J43XDJIjAgqR6igD8tv2LP25f2bbb9l3w34b+InjiLwr4i8FaYunXVleyOhl + S0UpDJbgKfODxhcomWDZUrjBP51fBLVW/a0/4KhWHxE8KWdw2jDWF1cyOCrw + 6fo9uscM0nXZvMUQAPRnVa/Rfxl/wRz/AGd9b1m61zRr7XvDdnKzSNY2l7BL + BEOTtiNxbySgDtud6+3/ANm39l74Yfsx+GX0v4T+Ho4bjUVU3mp3UvnaheY5 + USy7RhV7RoFQHkLkkkA+Jv8Agr9aLB+y7gSO3l+J9LHzNnO62ujz6kdq9T/4 + JjWSv+xR8NZDLIPOutXUgNgL/wATO65X0NfQP7Rn7OHhv9qjwXcfDTx9PfWG + nxaha6iz6ZPDDOJoIpERd08M6lCJCSNmc45rofgj8FdI/Z0+GHhr4QeDXubv + SNDmuWtpdQmjluXa6nkuH8x4ooUwGkIGEHAGcnJIB+Cn/BQq2W2/4KR+F4Vd + 3HmeGeXbLczL3r9lv2oP2m/2eP2evDOjaJ8bp5tVHi7bCdHgijvGazZtstxP + byEL9nToc5LnKorENjnfjX+wH8NPjf8AGyy/aA8XahrVn4g0z7C8cFjd2qWZ + /s5g8W5JbSSQ5I+bEgz2xXrnxu/Zf+FP7TPhax0f4qeF4NSexQiy1CKZre/t + Q3Xy5k52nqUbchOCVJANAHwLqPgD/gjx410zUPEd1qfhexsvKWVPs2qT6bdD + epJ2WSSRy7h/cEJIPBXtX5//APBMa1Qftz3dn8M7u7m8HrBq6GWUGOWXShIB + aNMBwHL+QxB6NX31H/wRj+AUusTIviXxP9mhKkw/a7EMA3IHmfY+R/wHNfff + wN/Zi+Fv7MehJoPwr8Ox6fJfTwtd3s07XF5eyRBgnnSt2GThUCoCSQoJOQD8 + FP2+L24+CP8AwUst/ihqsE9xY2154Z8QRr/y0ntrGK3ikCM2ASWtZFBzgHjt + X6dftE/t5/sux/syeJ7jwh48h1/X/E2i3dhp2l2jubgXF7C0SmeEqDCke/e/ + mbeAVGWIB+rv2lP2Ufhh+1NoVtp3xV0Ldd6WH+xanZT+Rf2ofBdUkKsrI2OU + kV1zyAGwa+NvAH/BIX9m7w/JJqmqya14n8+KZIUv72BIofMUosgSC3j3SR53 + LvLIWAyhHFAHy1/wRDs1vNe+LqtJJHtttFP7ttpPz3nWvNv+C1Fotn8ffBCL + I8m7wypy7bj/AMftzX6//so/sYeAf2RNW8UyfDS91bU5fEcVml0ur3NvMEW1 + MjRmM29tBgnzW3Zz0GMc5xP2rP2Efhr+1b4w0Xxv8StQ1nTL7TLRNLhTSbq2 + iiaMyySguJ7Wdt25yMhgMY4zzQB9vafosX9l2x+03H+pT/lof7or+av/AIJq + Wy3X/BQfxVEzvGPs/iE5Q7T/AMfK96/pdRtZgt1gS2j2RoFHz84AxXwj8AP2 + B/hl8CPi5efHjwTqOtX2uapHepJDf3dq9oBfSB5NqRWsUgII+XMh465oA4v/ + AIKoWS2/7H3jdRLI/lz6MfmbOc38I59favGP+CbfgweO/wDgn/4i8Iidom8R + alremcn5F+12yRbiPbdX6J/H34HaN+0j4C1r4S+OHurLTNW+ySTSadNHFcIb + WZZ02PNFMnLIA2UPGcYPIyvgD+zv4c/Zd+GUHwv8DTXt5pI1KS+EupTxTXBm + n2gqWhhhTb8gx8mfc0Afze/sPXv7OXw++Mfij4a/tleG7VLe5xZxXOpwmRNL + 1KyldJIpQATGsm5gz9FZF3fKSw/Sv4l+Mv8Agkl8LdH0u8u/D3h/xZe6jMkZ + tvDsMOoPDEz4eaZlcRoqLyVL+Y3RVPOPsf8AaN/4J+fAz9pjW28W+L9Dl0Px + JIu2bU9GuEtZ7jAAUzq8UsUrKBgOyb8cbsAAfPfwy/4JEfs3+GtTtfEmutrH + jJIW3raajeRRWblW43pbQxSMMjkGTae4I4oA/QT4MeHvhPZeCtFtvgkbe38D + 3Fn9s0z+zW2W5jupGlYoAONzuzMpAIYkEA5Ffz3/APBKaMP+2L4wQkj/AIkW + pjIPP/IRsxX9KGk2L6LNDpOjabbWNtZWscEFtABFBDBH8qJGqgKqqAAFAwB0 + r4l+A/7APwv/AGY/iNqPxX8Fajrd7qurW0tjJHqV3azW6pczxTsUWG1hcNui + UAlyACcgnBAB9+f2JF/z9XH/AH8NZekaXHcWKymeZCWYYVyBwxHStTz9c/59 + Yv8AvusvR5dVWxUW8EbpubBL4P3jmgD8T/8Ags58Vx4a8I+FPgdpV27XHiST + +1dQBfLfZLNikCN/syTEuPeGvkz4Wf8ABLn9qnxD8MtB+IPh3xvpPhvT/FFp + bajHZPe38FwiXSK8XnJDblA+wgkbiR068V+tf7Q3/BPD4W/tNfF9/iZ8SNY8 + QLqZtLaBbOyvbWKzjt7bgIgktJJArMWZh5mdzMQRwB943sV7Z6TFYx2cNtaW + /lxxpGcKipgKqgcAAAD2FAH8tv7UH/BOP9pD4G/DC9+MXxE8WaZ4r0zRJIIZ + 1trq9ubiGO5lESuBcwIAgkZQ2G/iBx1r9gf+CVXxSi+Lf7LWn+H9QvpjrHgG + 4fRplWTBNqoElm+Oy+U3lD1MRr7y+JvgOD4tfD3xF8M/F1kr6P4lsprG58qU + LKiTKV3xsysokQ4ZCVIDAHB6V8v/ALJf7FXgf9k3UPEGs/DDV9b1JPEkUVvd + 2+q3dtJBm1dmjkVYLWBg673AJYjDHjvQB/Pj+w78dfCP7Pn7XJ8V+PrqSw8O + ap/aGk3t3GGY2yXMgeOVguWKLLGm/AJCkkAkYr9Af+Con7X3wM8e/BOw+E3w + j8Wx+L9T1nUbe7vHtZGmtra0tVZwHkwF815Cm1RkgK+7adoPw5+wd8A/AP7S + P7R3jf4b/EewkvdOfRdTuomhna3mt7mK+tlSaJxkblDsMMrKQTlTX6teH/8A + gj9+zf4R1hfEOtXWveIbS2lV0sb2+gFuwyPll+z20MjjP911HqDQBc/ZD8BX + nhr/AIJaavdamJrS41jw74o1IR7toMUyXIhcj0eJUYeoIr8xf+CWf7SPw4+A + vxT8S6N8VdWbQND8YWMMaagd3kw3dm7NEsxUEqjpJIN2CA23OASR/Rl8dbW7 + 0r9nL4haTp+nW9lYWfhTVoIYYSEjihjsJVVEQAAKqgAAcADFfzp/8E2v2Tvh + f+1dp/xQ0D4j2dy0mjDRpbK9srn7NdWpnN4JAhZZI2EgRdweNvugjBoA9H/4 + KvftQ/Cb4xS+Dfh18IvEC+KbXRJLi/1C+hYyW6zSKIoYopCAHIXezlcqMrhi + dwH6taD8NNW8Mf8ABNkeD5oriPWB8OZ43tCTlbq6052aIp/eDyEY9a8s+Ev/ + AASk/Z1+Ffjiw8T38Wp+Mbywf7RbWusXULWaujAo7xW8EPmFT/C5ZD3XtX6b + 6xLqr6bMtzbxpEQNxDZPUdqAP5wP+CRfxw+D/wAJdV+J2j/FbxZbeEjr0WkT + WU15OLaCX7EbtZU8xvl3Dz0IBOSM46GvZP8Ags/9nl8IfCm7tZjNFLqGtbG3 + blZfLtCGHrkHr3r6q+Iv/BJL9mj4g+JrvxRaWur+EmvnaWS00W+t4rMO53MU + iubW48sEnhEKovRVA4r2/wDaE/Yt8AftUeHfDXhzx3fatY2vg6a5+ytpl1bw + yO06RRuJTPbThsCJcbQvJPtgAu/ATwVD42/Yz+HPgyWd1TxF8PrKzYsx2qLn + TUiI6H5fm5HpX4Yf8E/PjvoX7IPxt8efDP45GXw9bawF027nKsyWep6XNIqL + OqAnyiJJVLgHDbT90sw/pP8Ah94KX4YeFPCXw50FXmsfC2l2+mWjXMqvNJBa + RLErSsiopcqoLFVUE9ABxXzJ+09+wb8EP2lr2Txh440WXRfEqxpG+r6RcLBc + yonCiZHSSGUgfKGZC4XChgAAADH8S/8ABRT9j3w1408OeCl8evqx12Ty5dQs + G87TtOBHyNdz8BVdvl+QPs+9JsUZr8jv+CsupXN7+1R4T0bxXeXH/CGQaVaS + wNCxkHkXF3MLueIHKGVlQAkZyEjzxiv0h+FH/BJP9nT4deIrXxTrUGpeNpbR + 1litdYuoTY71OVLwwQxGTB6rIzIehUjivqT48/sp/Cv9qHw2vhz4laF5j6Vc + SmxvrOb7NeWLSbBIsL7WUowVQUdGQ4B25AIAPhXxdpH/AASX+HfwyfxJov8A + wiOuwQafLJb28N0moarcTCP9zGYS73Ikd8A+aqhScuVAJHxn/wAEaYRL8avi + AxZl8vwwzfKcZ/0234PqK+6fCn/BHz9nTwv4ustT1m913xJaxuZE069vIEt5 + QnO2Zre3ikYeysueh44r6C/Zv/YI+Gf7Jev674z+H+o61f3Ws6edPnXVbu1n + jWEypLuRYLWBt+5AMliMZ470AfnP/wAFs9EurXUfhBq6iWS0mtdXh8xiWVZF + a0bbntkHIHfB9DX6hfsb/HD4O/GT4YeGNA8EeLIbzXtL0OxN7pkc+y8tfIgh + hl82E4bCSnZvGVJxtJBBr1742fAnwR+0Z4A/4V/8VPD8WqaWWSeB1maG4tp1 + UhZoJV5RwCQeqsCVYFSQfnv9lj9hD4Zfsq+Odc8dfDS91i/v9Ss30uWLVLu3 + lhjhaWOY7BDbQtu3RqMliMZ4zzQB+R37XdosX/BWfwxaiR2B8Q+DBuZstz9j + 7/yr7T/4LOfDPU9T+BfhLx7pcc95B4X1lo7xiS/kQX8WwSNxwpljjQn+8yjv + X018TP2C/hl8Sv2lNJ/aT8Q6hrUHiq1vdOvorW2u7ZdPaXRxEYQyPavLtbyl + 3gS5OTtK8Y+z/F2jp4q8Map4c8VaRaajpGo27w3VtcATRSxOMMrIwIYEdjQB + +Wf7En7cv7NVt+zL4W8N/Ejx1F4S8QeCtPTTruzvJHRpI7QbIZLYBT5weIL8 + qZdWyNuME/nT8GdW/wCGtf8AgqTafEXwfa3MmhnW/wC1xLICJItO0iBUgnl6 + 7C5iiAB6O6rX6JeJv+COX7O/iPWH1rQ7/XvD1pdN5hsrW9t5IIw3O2I3FvLK + o/3nevtj9mz9l/4YfsxaPf6H8KNASK5umVb3ULuUTX9zt5VZJtq/KM5CIqoD + yFySSAfmH/wW7sUs/Dnwk2yySb7vWf8AWNuxiO06V+of7KOlx/8ADJPwoufP + mz/wh+jtt3/L/wAeMZxj09q5T9rH9kXwV+1xD4V0r4mXep6Ynh6W7ktf7IuY + Imka5WMOJDcW84wBEu3AHfOeK+gPA3gs/DH4ZaF8NtEjaXSfC+lW+mW8txKr + 3DQWkIhRpCiopcquWKqoJ6ADigD+dbQYBL/wWEigLsofxRJypwwzZMeDX7K/ + tSftOfs9fs8WcXhz43SzasnieZLf+yYYo7ySSzY4muLiCQhTAnQ5yXPyorEN + jn9L/YB+GVt+0dD+1Xb6jrbeKvtv9pC2a7tf7PMrw+Vjyvsnnbdpzjzs579q + 9a+Of7L/AMKP2mbGbSfit4Yh1K5s2/0a9hla3vbMsOfJnTkqepRwyE4JUkA0 + AfBXiDwD/wAEd/F+jjxKNT8L2lrOpkk+zapPp11GpXIKWUckUoYf3PJPPG3t + XwL/AMExLP8A4ze1i3+GN3dzeDoNP1zdLJmOSbSUbFoZ1HAZpPIJB/ir71uP + +CMfwCh1SEt4l8TrazOQIRd2Jb1x5n2Pgf8AASa/Qf4D/sx/DH9mLwrfaB8K + fDcen/2ggN/fTztcXt2Y1IUyyt2XJIRAqAkkKCTkA+gLDSI5bGCU3E6l0U4W + QgDI7Cq9ppccmoX0JnmAiMeCHwTlc8nv7VYsJtYFjAIreNkCLtJfBIxxVe0l + 1UahfGOCMyEx7wX4Hy8YPfigA1DS44ZrNRPM3mShfmckjjqPQ1euNGiS3lf7 + TcHarHBkOOBVHUJdVM1n50EakSjZh85bHQ1euJtaNvKHtogu1skP2xQBX03S + Y5rCCU3E6llBwshAH0FQ22lxvqd5CZ5gIxHyHwxyO57+1TabNq4sIBBbxtGF + GCXwSKhtpdVGp3jJBGZCI94L8DjjBoANS0uOFrQCeZvMnVfmfOM55Hoa0JdF + iWJ2+03BwCeZD6Vn6lLqrNaedBGuJ1K4fOW5wD7VoSz635T7raIDac/P7UAU + 9L0mOfT4JTcToWXOFkIA57Co4NLjbVbmDz5gERDuDncc+pqTS5tXXT4BBbxt + GF4JfBIz6VHBLqo1W5ZYIzKUTcu/gDtg0AGqaXHALXE8z7540+ZycZzyPf3r + SfRYgpP2q44B/wCWhrN1SXVWFr58Ea4njK4fOW5wD7VpPPrm05tosYP8dAGf + pGlR3GnQzG4mQsDwrkAcnoKbFpcbatNB58wCxqd2/wCY5PQn0p2kS6sunQrb + wRvGAcEvgnk9qbFLqv8Aa0zLBGZTGuV38AZ4OaADVdLjgihYTzPumRfmcnGT + 1HvWp/YkX/P1cf8Afw1l6rLqrRQ+fBGoEyEYfOWzwK1PP1z/AJ9Yv++6AMvR + tLjudOimaeZC27hHIXhiOBQulxnWHt/PmwIQ27ed33sYz6UaNLqq6dEttBG8 + Y3YLPg/eOePrQsuq/wBsOwgj87yQCu/jbu65oANW0uO3tlcTzPmRBhnJHJrU + /sSL/n6uP+/hrL1aXVWtlFxBGi+YmCHzznitTz9c/wCfWL/vugDL0jS47iyW + UzzISzDCuQOGPaj+y4/7Z+zefNj7Pv3bzu+/jGfT2o0iXVVslFvBG6bm5L4O + dxzR5uq/2zu8iPzvs+Nu/jbv659c0AGr6XHb2RkE8zncowzkjkjtWp/YkX/P + 1cf9/DWXq8uqtZEXEEaJuXkPk5yMVqefrn/PrF/33QBl6TpcdxatIZ5k/eOM + K5A4NDaXGNYS38+bBhLbt/zfexjPpRpMuqrakW8Ebrvfkvg5zzQ0uq/2wjGC + PzvJIC7+Nu7rn60AGs6XHbadLMs8zlSvDuSOWA6Vqf2JF/z9XH/fw1l6zLqr + adKLmCNI8rkq+T94Y4rU8/XP+fWL/vugDL0rS454ZWM8ybZXX5XIBwep96JN + LjGrQ2/nzENEzbt53DB6A+lGlS6qsMvkQRuPNfOXx82eRRJLqv8Aa0LGCMSi + JsLv4Izyc0ALq+lR2+nTTC4mcqBwzkqeR1FaK6JFtH+lXH/fw1navLqzadMt + xBGkZAyQ+SOR2rRWfXNo/wBGi/77oAzdL0uOdbkmeZNk7r8r4zjufeibS411 + W2g8+Yh0c7i53DHoaNLl1VVufIgjbM7lsvjDdwPaiaXVTqtszQRiUI+1d/BH + fJoAk1XSY4NPnlFxO5UZw0hIPPcVci0WJo0b7TcDIHSQ1T1WXV20+cT28aRk + ckPkjn0q5FPrflpttoiMDHz0AZ+m6XHM12DPMvlzuvyvjOMcn1NFzpcaanZw + CeYiQScl/mGB2Pb3o02XVVa78iCNszuWy+MNxkD2ouJdVOp2bPBGJQJNgD8H + jnJoAm1LSY4bCeUXE7FVJw0hIP1FWINGiaCNvtNwMqDgSHHSq+pzau1hOJ7e + NYypyQ+SBViCbWhBGEtoiu0YO/tigCjp2lxzTXimeZfLlK/K5GeOp9TRd6XH + HqNjCJ5iJfMyS5LDaueD296NOl1UTXnkwRsTKd+XxhsdBRdy6qdRsWkgjEg8 + zYA/B+XnJ7cUAT6hpEcNjPKLidiiMcNISDx3FS2ujxyWsLm5nG5FOBIQBkdq + i1CbWDYzia3jVCjbiHyQMVLaza0LWER20RUIuCX5IxxQBTsdLjlubxDPMvly + AZD4J47+tF5pccd7ZRCeZhKzjJckjAzwe1FjLqoubwxQRsxkG8F8AHHai8l1 + U3tkZII1cM+wB8gnHOfSgC1faPHFZXEguZ2KRucGQkHAPUUWWjxy2cEhuZ1L + xqcCQgDIHQUX02smyuBLbxqhjfcQ+SBg5osptZFnAIreNkEa7SXwSMcUAVbL + S45L29iM8yiJlAIcgnI7nvRf6XHFdWSCeZvMkIyzkkcdvSiyl1UXt6YoI2cs + u8F8AHHGPWi/l1U3VkZYI1YSHYA+QTjvQBcutHijtZnFzOdqMcGQkHA71Hp+ + kRy2MEpuJ1LopwshAGR2FSXU2tG1mEltEFKNkh+QMc1Hp82sCxgENvGyBF2k + vgkYoAr2mlxyajfQmeZRF5eCHIJ3Lnk9/ajUNLjhms1E8zeZKF+ZySOOo9DR + aS6qNRvjHBGZD5e8F+B8vGD34o1CXVTNZmaCNSJRsw+ctjoaAL1xo0SQSP8A + abg7VJwZDjgVX03SY5rCCU3E6llBwshAH0FWLibWjBIHtogu05O/tiq+mzau + thAILeNowowS+CRQBDbaXG+p3kBnmAjEfzB8Mcjue/tRqWlxwtaATzN5k6L8 + zk4znkehotpdVGp3jJBGZSI94L8DjjBo1KXVWa08+CNcToVw+ctzgH2oA0Jd + FiWN2+03BwD1kNU9K0mOfT4JjcToWGcLIQBz2FXJZ9b8t91tEBg5+eqelS6u + unwCC3jeMDgl8E8+lAEcGlxtqtzB58wCIh3BzuOfU0appccC2xE8z750X5nJ + xnPI96IJdVGq3LLBGZSibhv4A7YNGqS6qy23nwRpidCuHzlucA+1AGk2iRBS + ftVx0/56Gs7SNKjuNOhma4mQsDwrkAcnoK0Wn1zac20XT+/WdpEurLp0K28E + bxgHBL4J5PagBI9LjbVprfz5gFiVt287jk9CfSjVdLjghiYTzPulRfmckDJ6 + j3ojl1X+1pmWCMymJcrv4Azwc0arLqrQxCeCNB5qYw+fmzwKANT+xIv+fq4/ + 7+GsvR9LjuNOimM8yFt3COQOGI6Vqefrn/PrF/33WXo8uqrp0QtoI3j+bBZ8 + H7xzx9aABdLjOsPb+fNgQht287vvYxn0o1bS44LZXE8z5kQYZ8jk0LLqv9sO + wgj87yQCu/jbu65+tGrS6q1souII0XzE5D5Oc8UAeb/Ea8htpItEtbiWVh88 + wdywH90Y9e/5VR+Hfh/+1dRkv5iyQ2g4ZTgmRumD7DJ/KofEHgrxIl812Yzd + /a5PvqQxDOeN2Og98Y+lemeFLTUdL0aO1s7eN1DMWctgs+cE/wBB7UFX0ND+ + y4/7Z+zefNj7Pv3b/m+/jGfT2o1fS47eyaUTzOQyjDOSOSB0o83Vf7Z3eRH5 + 32fG3fxt39c+uaNXl1VrJhcQRom5eQ+TnIxQSan9iRf8/Vx/38NZek6XHPbM + 5nmTEjjCvgcGtTz9c/59Yv8AvusvSZdVW2YW8Ebr5j8l8HOeaABtLjGsJb+f + Ngwlt287vvYxn0o1jS47fTpZhPM5Xbw7kjlgORQ0uq/2wjGCPzvJIC7+Nu7r + mjWJdVbTpRcwRpH8uSr5P3hjj60Aan9iRf8AP1cf9/DWXpWlxzwzMZ5k2yuv + yuRnB6n3rU8/XP8An1i/77rL0qXVVhm+zwRuPNfOXxhs8igAl0uNdWht/PmI + aNju3ncMHoD6U7V9Kjt9OmmFxM5UDhnJB5HUU2WXVf7WhZoIxKI2wu/gjPJz + TtXl1ZtOmFxBGkZAyQ+SOR2oA0F0SIqD9quOn/PQ1m6Zpcc63JM8ybJ5F+V8 + Zxjk+9aSz65tGLaLp/frN0yXVVW58iCNszyFsvjDcZA9qACfS411W2g8+Yh0 + c7i53DHoak1XSY4NPnmFxO5Vc4aQkHnuKjnl1U6rbM0EYlCPtG/gjvk1Jqsu + rtp84nt40jI5IfJHPpQBci0WJokb7TcDIB4kPpWfpulxzNdgzzL5c7r8rkZx + jk+prQin1vyk220RGBj5/as/TZdVVrvyII2zO5bL4w3GQPagAudLjTU7OATz + ESCTkvlhgdj296m1LSY4bCeUXE7FVJw0hIP1FQ3MuqnU7NngjEoEmwB+Dxzk + 1NqU2rtYTia3jWMqdxD5IFAFi30aJ4I3+03A3KDgSHHIqjp+lxzTXimeZfLl + K/K5BPHU+pq9bza0IIwltEV2jBL9sVR0+XVRNeGGCNiZTvy+MNjoKAC70uOP + UbGETzESmTJLkkYXPB7e9WNQ0iOGxnlFxOxRGOGkJBwO4qvdy6qdRsTJBGJA + ZNgD8H5ecntVjUJtYNjOJreNUKNuIfJAxQBJaaPHJawyG5nG5FOBIQBkdqp2 + Glxy3V6hnmXy5AMq5BPHf1q5aTayLWER20ZQIuCX5IxxVOxl1UXV6YoI2YyD + eC+MHHagAvdLjjvbKMTzMJWYZLkkYHY9qtXujxxWc8guZ22RscGQkHA7iqt7 + LqpvbIywRq4ZtgD5BOOc+lWr2bWTZziW3jVDG24h8kDHNABY6PHLZW8huZ1L + xocCQgDIHQVVs9Ljkvb2IzzKImQZDkE5Xue9WrGbWRZW4it42QRptJfBIwMV + Vs5dVF7emOCNnLJvBfAB28Y9aAC/0uOK5skE8zeZIRlnJI47elXLrR447WZx + cznajHBkJBwO9U7+XVTc2ZlgjVhIdgD5ycd6uXU2tG1mEltGF2Nkh+QMc0AR + afpEc1jBKbidS6KcLIQBx2FQWmlxyajfQmeYCLy8EOQx3Lnk9/ap9Pm1gWMA + ht42QIu0l8EjFQWkuqjUb5o4IzIfL3gvwPl4we/FABqGlxwy2aieZvMmC/M5 + OOOo9DV6fRolgkb7TcHCk4Mhx0qjqEuqmWz86CNSJgUw+ctjoavTza0YJA9t + EF2nJ39sUAV9M0mOawglNxOpZQcLIQB9BUNvpcb6pdwGeYCMRnIf5jkdz39q + m0ybV1sIBBbxtGFGCXwSKht5dVGp3bJBGZSse8F+Bxxg0AGp6XHCbTE8zeZO + ifM5OM55HofetCXRYljdvtNwcAn/AFhrP1OXVWNp58Ea4nQrh85bnAPtWhLP + rflvutogMHPz0AUtK0qOfT4ZjcTIWHRZCAOewpkOlxtqtxB58wCIh3BzuOfU + 0/SpdWXT4Bb28bxgcEvgnn0pkMuq/wBq3DLBGZSibl38AdsGgA1TS44FtiJ5 + n3zovzPnGe4960m0SLaf9KuP+/hrN1SXVWW28+CNcToVw+ct2B9q0mn1zaf9 + Gi/77oAztI0qO406GY3EyFgeFchRyegpI9LjOry2/nzALErbt53HJ6E+lLpE + urLp0K28EbxgHBL4J5Pakjl1X+15WEEfneUuV38Yz1zQAarpcdvDEwnmfdKi + /M5I5PUe9an9iRf8/Vx/38NZeqy6q0MX2iCNB5qYw+fmzwK1PP1z/n1i/wC+ + 6AMvR9LjuNPjmM8yEluEcgcMR0oXS4zrDW/nzYEIbdv+b72MZ9KNHl1VdPjF + tBG8eWwWfB+8c8fWhZdV/thmEEfneSBt38bd3XPrmgA1bS47e1DieZ8ugwzk + jk1qf2JF/wA/Vx/38NZerS6q1qBcQRou9OQ+TnPFann65/z6xf8AfdAGXpGl + x3FkJDPMnzMMK5A4PpR/Zcf9si28+bH2ffu3nd97GM+ntRpEuqrZAW8Ebpub + kvg5zzR5uq/2yG8iPzvIxt38bd3XPrmgA1jS47exaUTzOQyjDuSOSO1an9iR + f8/Vx/38NZesS6q1iwuYI0TcvIfJzkYrU8/XP+fWL/vugDL0nS457Z3M8yYk + cYV8Dg9frViCzW012NFkkk/cs2XbceuMfSq+ky6qts4t4I3XzHyS+Oc81Yge + 9fXYzdxrG3ktwrZ4z/jQB0tFFFABRRRQAUUUUAFFFFAH/9f90pdW05tWt7hZ + gY0jcE4PBPTtTtX1fTrjTp4YZwzsBgYPPI9quTon9t2w2jHlP2p+uIg0q4IU + A4Hb3FABHrmlCNQbgZAHY/4Vm6Xq2nQfa/NmC+ZcSOvB5U4weldLFHH5afKO + g7Vk6MiH7dlQcXUvb6UAULjVtOfVbS4WYGONZAxweMjjtUuqaxps+nzwwzhn + dcAYPP6VaukT+2rIbRgpJ29qm1mNBpdyQoB2elAEUOt6UsMatcAEKAeD6fSq + Gm6tp0Ml4ZZgokmZl4PIIHPSuht44/s8Xyj7q9vaszSUQy3+VHFw3b2FAFG6 + 1bTpNTsZ0mBSLzdxweNy4HaptS1jTJrCeKKcM7oQBg8n8qsXqJ/a+nDaMETd + v9kVZ1aNBplyQo+43agCpa63pcdtCj3ADKigjB6gfSqWn6tp0NxevJMFEsu5 + Tg8jH0rfs40+yQfKPuL29qz9LRDdahlRxN6e1AFG81bTpL+xlSYFIi5Y4PGV + wO1Wb/WdMlsbiKOcMzxsAMHkkfSpb9EGp6cNowWk7f7NW9TjQaddEKP9U/b2 + oAo2etaXHZwRvcAMkagjB4IH0qpY6tp0V5eySTALK6lTg8gD6VuWEaGwtiVH + +rTt/siqOnIhv9RBUcSL2/2aAKF9q2nS3llJHMCsTsWODwCPpVy81rS5LOeN + LgFnjYAYPJI+lP1JEF9pwCjmRu3tV6/jQWFyQo/1b9v9k0AZdhrOmQ2NvFJO + FdI1BGDwQPpVaz1bTo9QvpnmASUx7Tg84XB7VtaZGh061JUf6tO3tVSwRDqm + pAqOGj7f7NAFHUNW06aeyeOYMI5dzcHgY+lXbnW9Le2lRLgFmRgBg9SPpS6o + iC50/Cjmb09q0buNPsk3yj7jdvagDG03WNMhsIIpZwrogBGDwfyqC11bTo9T + vp3mAjlEW04PO1cHtWvpMaHTLYlR9wdqr2aIdY1EFRgCHt/s0AUNS1bTp5LM + xTBhHOrNweAM89K0Jtb0poZFW4BJUgcH0+lJq6IJLDCgZuE7fWtO4jj+zy/K + Put29qAMLStY02DT4IZpwrouCMHj9Kjt9W05NVup2mAjkWMKcHkgc9q1NGjQ + 6XbEqCdvp71DbIn9tXo2jASPt7UAUdU1bTp/snlTBvLuI3bg8KM5PStF9c0k + owFwMkHsf8KZrCIPsWFHN1F2+ta0kcflt8o6HtQBzukavp1vp0EM04V1ByMH + jk+1Ni1bTl1a4uGmAjeNADg8kde1aOhoh0q3JUE4Pb3NMgRP7cuRtGPKTtQB + Q1XVtOuI4BDMGKTIx4PAHU9K1Druk/8APwPyP+FRa0iCK2woH+kR9vetkxx4 + +6PyoA5jRdW0620yGCeYI67sjB7sT6UJq2nDWJLkzDy2hChsHqDnHSr3h9EO + kW5Kgn5u3+0aI0T+3pRtGPIXt/tUAUdW1bTri3jSGYMwlRiMHoDz2rU/t3Sf + +fgfkf8ACodcRBax4UD99H2962fLj/uj8qAOX0bVtOtrBIZ5gjhmOMHuxPpS + jVtO/tk3PnDyvICbsH727OOnpV7QEQ6YhKg/M/b/AGjQET/hIGG0Y+zDt/t0 + AUNY1bTrmz8uCYM29DjB6A89q1f7d0n/AJ+B+R/wqHXkQWGQoHzp2/2q2fLj + /uj8qAOY0jVtOt7QxzTBW3ucYPQnjtQdW07+2VufOHlCApuwfvbs46Ve0JEN + iSVB/eP2/wBqhkT+31G0Y+zHt/t0AUdZ1bTrnT5IYJg7krgYPZgfStT+3dJ/ + 5+B+R/wqHX0QaXKQoBynb/aFbPlx/wB0flQBzGk6tp1vBIk0wUtK7Dg9CeO1 + JJq2nHWIrkTDy1iZScHqT06Vf0RENtLlQf30nb3olRP7ehG0Y8hu3vQBR1nV + tOudNmggmDu23AwezA+laY13ScD/AEgfkf8ACo9fRBpFwQoB+Xt/tCtcRx4H + yj8qAOY0rVtOt47gTTBS87sODyD0PSlm1bTm1a3uFmBjSNwTg8E9O1XtFRDH + dZUH/SJO30onRP7btRtGPLftQBT1bV9OuNOnhhnDOwGBg88j2q/HrmlCNQbg + ZAHY/wCFLriINKuCFAO0dvcVpRRx+WnyjoO1AHNaXq2nQG782YL5lw7rweVO + MHpRcatpz6raTrMDHGsgY4PGRx2q/o6ITfZUHF1J2+lF0if21YjaMFZe3tQB + V1TV9NuNPnhinDO64Awef0rxDxZodnYTLe6U4e2mA3IM5ifuP909vTp6V7/r + MaDS7khQDs9Ksx29vNZpFNGro6AMGAIII70DTPnzwf4xm8OTG2uAZbGVsso+ + 8h/vL/UV7HPrOmXGoafdRThokEhY4IwHUY4IzzXJaX4BsG8QT3pINjbSttgP + PzDkAnuo/wDrV316iDV9NAUYPndv9kUAyDUdZ0yawniinDO6EAYPJ/KpbXW9 + LjtoUe4AZUUEYPUD6Vb1aNBptyQo/wBW3b2qezjT7JB8o+4vb2oEYGn6tp0N + zevJMFWWTcpweRj6UXuradLf2MyTApEzljg8ZXA7Vf0tEN3qGVHEvp7UagiD + U9OAUctJ2/2aAIr/AFnTJbG4ijnDO8bADB5JH0pbLWtLis4I5LgBkjUEYPBA + 57Vf1ONBp10Qo/1T9vanafGhsLYlR/qk7f7IoAxLHVtOivL2WSYBZXUqcHkA + fSi+1bTpbuykjmBWJyWODwCPpV7TkQ3+ogqOHTt/s0akiC+08BRzI3b/AGaA + GXmtaXJaTxpcAsyMAMHkkfSmafrOmQ2NvFJOFdEUEYPBA+lal/GgsbghR/q3 + 7exqPS40Om2pKj/Vr29qAMaz1bTo9RvpnmASUx7Tg84XB7Uahq2nTT2TxzBh + FLubg8DH0q/YIh1XUgVGAYu3+zRqiILnT8KOZh29qAEudb0t7eVFuASysAMH + qR9Kg03WNNgsIIpZwrogBGDwfyrZu44/ss3yj7jdvaq2kRodMtiVH3B2oAyb + XVtOj1O9neYBJRFtODztGD2o1LVtOmezMUwYRzqzcHhRnnpV6zRP7Y1AbRgC + Ht/smjVkQSWGFAzcJ29jQAs2uaU0LqtwCSpA4Pp9Kp6Vq+m2+nwQzThXVcEY + PHP0rfnjj8iT5R909vaqGioh0u2JUE7fT3oAy4NW05NVurhpgI5FQKcHkgc9 + qXVNW06cWvlTBvLuI3bg8KM5PSr1sif21ejaMBI+3tRrKIBZYUDN1F2+tAEj + 65pJRgLgcg9j/hWfpGr6db6bBDNOFdQcjB45PtXRvHHsb5R0PasvQkQ6Tbkq + CcHt7mgDOi1bTl1ae4MwEbxqoODyQfpSatq2nXEUCwzBisyMeDwAeT0q/Cif + 25cjaMeUnb3o1tEENvhQP38fb3oAm/t3Sf8An4H5H/CsrRdW0620yGCeYI67 + sjB7sT6V1Hlx/wB0flWN4fRDpFuSoJ+ft/tGgCgmracNZkuTMPLMIUNg9c5x + 0pdW1bTri2RIZgzCRDjB6A89qvRon9vSjaMeQvb/AGqNcRBaRkKB+9j7e9AE + 39u6T/z8D8j/AIVl6Pq2nW1gsU8wRwzHGD3Ykdq6fy4/7o/KsbQUQ6ahKg/M + /b/aNAFH+1tO/to3PnDyvs+zdg/e35x09KTWNW065sjFBMHbchxg9Aee1Xwi + f8JARtGPsvp/t0a8iDTyQoHzp2/2hQBN/buk/wDPwPyP+FZWj6tp1vaGOaYI + 29zjB6E8dq6jy4/7o/KsbQkQ2TEqD+8ft70Afmp+yd+wV4b/AGWPjfq/xasv + H0viMavpt3ZG2k08Wqxm6uIZ87xNITt8rGNoznOeK/RzWdW06506SGCYO5K4 + GD2YH0q+yJ/b6DaMfZj2/wBujX0QaVKQoHKdv9oUAct8QbDRvHvgLxL4Gk1L + 7EniLTLzTTOEMhiF5C8JcL8u7buzjIzjGRXxb+w7+xv4e/Y3m8ZXNv41k8TN + 4sFlGVlsRaeSLEzkMCssu7f5/tjHfPH6KeXH/dH5VjaIiG3myoP76Tt70AUZ + NW046vFcCYeWsTKTg9SenSjWdW06502aCCcO7YwMHswPpV6VE/t2AbRjyW7e + 9Lr6INIuCFAOF7f7QoAeuu6SFA+0D8j/AIVmaVq2nW6XImmCl53YcHlT0PSu + nWOPaPlHT0rH0VEMd3lQf9Jk7fSgChNq2nNq1vcLMDGiOCcHgnp2qTVtX024 + 06eGGcM7DgYPPP0q3cIn9t2g2jHlydqk1tEGlXBCgHaO3uKAGx65pSxqDcDI + A7H/AArP0zVtOgN35swXzLh3Xg8qcYPSujijj8pPlH3R29qytHRCb7Kg4uZO + 30oAo3Grac+qWc6zAxxrIGODxkcdql1TWNNn0+eGKcM7qQBg8/pVm6RP7ZsR + tGCsvb2FT6xGg0u5IUA7D2oAgt9b0pII0a4AKqAeD2H0qhp2radDLeNLMFEk + xZeDyMdeldDbRx/ZovlH3F7e1Zukohmv8qDidu3sKAKN3q2nSalYTpMCkXm7 + jg8blwO1T6jrOmTWFxFFOGd0YAYPJI+lT3qINX00bRg+d2/2as6rGg025IUf + 6tu3tQBUtdb0uO1hR7gBlRQRg9QPpVOw1bTobm9eSYKssm5Tg8jH0reso0+x + wfKP9Wvb2FZ+mIhu9Qyo4lHb2oAoXuradLfWMqTApEzljg8ZXA7Vav8AWdMl + sriKOcMzxsAMHkkcdql1BEGpacAo5aTt/s1c1KNBp10Qo/1T9v8AZNAGfY61 + pkVlbxSTgMkaAjB4IAz2qpY6tp0V7fSyTALKylTg8gD6VuadGh0+2JUf6pO3 + +yKpaciHUNRBUcOnb/ZoAo3+radLdWUkcwZYpCWODwMfSrd3rWlyWk0aXALM + jADB6kfSn6kiC908BRzIe3tV++jQWVwQo/1b9vY0AZWn6zpkNjbxSThXRFBG + DwQPpVe01bTo9RvpnmASUx7Tg87Vwe1bGlxodNtSVH+rXt7VVsUQ6rqQ2jAM + Xb/ZoAoajq2nTTWbRTBhHKGbg8DHXpV651vS3t5UW4BLKwAwepH0pdVRBcWG + FHM47e1aN3Gn2Wb5R9xu3tQBi6ZrGmwWEEMs4V0UAjB4P5VFbatpyanezvMB + HKI9pwedo57VraRGh0y2JUfcHaq9oif2xqA2jAEXb/ZNAFHUtW06drMxTBvL + nR24PCjOT0rQl1zSmidRcAkqR0Pp9Kbq6IHscKBm5Tt9a1J44/Jk+UfdPb2o + AwNK1fTbfT4IZpwrquCMHjn6VHBq2nJqt1cNMBG6IFODyR17VqaLGh0u2JUE + 7fT3qK2RP7bvBtGAkfagChqmradOLXyZg3lzxu3B4UZyelab65pJRgLgcg9j + /hUesogWzwoGbmPt9a13jj2N8o6HtQBzej6vp1tpsMM04V1ByMHjk+1JFq2n + Lq81wZh5bRKoODyQfpWhoSIdJtyVBOD2/wBo02FE/ty4G0Y8lO3vQBR1XVtO + uIoVhmDFZkY8HoDyelan9u6T/wA/A/I/4VDrSIILfCgfv4+3vWz5cf8AdH5U + AcvouradbabFBPMEdd2Rg92J9KE1bThrL3JmHlGEKGweu7OOlX/D6IdJgJUE + /P2/2jQiJ/b8g2jH2cdv9qgChq+radcWyJDMGYSIcYPQHntWr/buk/8APwPy + P+FQ66iCzTCgfvY+3vWz5cf90flQBzGj6tp1tYrFPMEcM5xg92JHaj+1tO/t + r7T5w8r7Ps3YP3t+cdPSr2goh05SVB+d+3+0aNif8JBjaMfZfT/boAo6xq2n + XNkYoJg7bkOMHoCCe1an9u6T/wA/A/I/4VDryINPJCgfOnb/AGhWz5cf90fl + QBzGkatp1vatHNMFYyOcYPQnjtSNq2nHWUuRMPKEBXdg9d2cdKv6EiGyYlQf + 3knb3odE/t+MbRj7Oe3+1QBQ1rVtOudOlhgmDuxXAwezA+lav9u6T/z8D8j/ + AIVD4gRBpUxCgHKdv9oVs+XH/dH5UAcxpWradbwzLNMFLSuw4PQng9KJNW05 + tXhuBMPLWJlJwepP0q9oiIbefKg/v5O3vRKif27ANox5L9vegClrGradc6bN + DBOHdgMDB9QfStFdd0kKB9oH5H/Cm68iDSbghQDhe3+0K1ljj2j5R09KAOZ0 + vVtOgW5E0wXfPI44PKnoelJPq2nNq1tcLMDGiOCcHgnp2q/oyIUu8qDi5k7f + Si4RP7btBtGDHJ2oAqarq+m3GnTwwzhnZcAYPPP0q7FrmlLEim4GQAOh/wAK + frcaDSrghQDt9PcVoQxx+Snyj7o7e1AHOaZq2nQNdmWYL5k7uvB5U4welFzq + 2nPqlnOswMcYk3HB4yOO1XtIRC19lQcXMnb6UXaJ/bNgNowVl7ewoAranrGm + z6fPDFOGd1IAweT+VWbfW9KSCNGuACqgHg9h9Kn1iNBplyQo+4e1W7aOP7NF + 8o+4vb2oA57TtW06Ga8aWYKJJiy8HkY69KLvVtOk1KwnSYFIvN3HB43Lgdqv + 6UiGe/yo4nPb2FF8iDVtNAUYPndv9mgCDUdZ0yawuIopwzujADB5JH0qW01r + S47WGN7gBlRQRg9QPpVvVY0Gm3JCj/Vt29qmso0NlbkqP9Wnb2oAwrDVtOiu + r15JgqyyAqcHkY+lF7q2nSX1jKkwKRM5Y4PGVwO1XtMRDeagCo4lHb2o1BEG + o6cAo5d+3+zQBFfa1pktlcRRzgs8bgDB5JBx2pbHWtMisreKScBkjQEYPBAG + e1aGpRoNOuiFH+qft/sml06NDp9sSo/1Sdv9kUAYdlq2nRX19LJMAkrIVODz + gc9qL/VtOlurKSOYMsUhLHB4GPpV/TkQ6jqIKjh07f7NGpogvdPwo5lPb2oA + bd61pclrNGlwCzIwAwepH0qLT9Z0yGxt4pJwroigjB4IH0rWvo0+xXHyj/Vv + 29jUWlxodNtiVH+rXt7UAY9pq2nR6lfTPMAkvl7Tg87Vwe1Go6tp001m0UwY + Ryhm4PAx16VesUQ6tqQ2jAMXb/Zo1VEE9hhRzOO3saAC41vSnt5UW4BLKwAw + epH0qtpmsabBp8EMs4V0UAjB4P5Vt3Ucf2Wb5R9xu3tVTR40OmWxKgnYO1AG + TbatpyapeTvMBHII9pwecDntRqeradO1mYpg3lzo7cHhRnJ6VftET+2b8bRg + LF2/2aNXRA9jhQM3KdvrQA6XXNKaJ1FwMkEdD/hVLStX02306CGacK6rgjB4 + 5+ldBNHH5L/KPunt7Vn6JGh0q3JUE7fT3NAGZBq2nLqtzcNMBG6IFODyR17U + mq6tp062whmDbJ43bg8KM5PSr9uif21eDaMeXH2o1pECWeFA/wBJj7fWgCRt + d0kqQLgdPQ/4VnaPq2nW2mwwzzhHUHIwfUn0rpHjj2N8o6HtWVoKIdJtyVBO + G7f7RoAzotW05dXmuDMPLaJVBweoP0pdW1bTriGFYZgxWVGPB6A8npV6FE/t + 24G0Y8lO3vRraIIIMKP9fH296AJv7d0n/n4H5H/CsvRtW06202KGeYI67sjB + 7sT6VsX+oaVpcfm6hNHAvbcQCfoOp/CqPhl4LnRLaeLDK+4g47bjQBVXVtOG + svcmYeWYQobB67s46Uavq2nXFqqQzBmEiHGD0B57VeRE/t+QbRj7OO3+1Rri + ILNMKB+9j7e9AE39u6T/AM/A/I/4VlaPq2nW1iIp5gj7mOMHuTjtXUeXH/dH + 5VjaCiHTlJUH537f7RoAo/2tp39tfafOHlfZ9m7B+9vzjp6Uaxq2nXNi0UEw + dyyHGD2YE9qvbE/4SDG0Y+y+n+3RryINOYhQPnTt/tCgCb+3dJ/5+B+R/wAK + y9I1bTre1ZJpgrGRzjB6E8dq6fy4/wC6PyrG0NENm5Kg/vZO3vQBQbVtOOsp + ciYeUISpbB67s46Uus6tp1zpssMEwd224GD2YH0q86J/b8Y2jH2c9v8Aao19 + EGkzEKAcp2/2hQBN/buk/wDPwPyP+FZWk6tp1vDMs0wUtM7Dg9CeD0rqPLj/ + ALo/KsbREQwT5UH9/J296AKMurac2rw3AmHlrEyk4PBJ+lLrGr6dc6bNDDOG + dgMDB55HtV2ZE/ty3G0Y8l+3vTtdRBpNwQoBwO3+0KAHLrukhQDcDp6H/Cs3 + S9W06BboSzBd88jrweVOMHpXSpHHsX5R0HasjRkQreZUHFzL2+lAFGfVtObV + ba4WYGNEcMcHgnp2p+q6vptxp08MM4Z2XAGDzz9Kt3CJ/bVmNox5cnapdbRB + pVwQoB2+nvQAyLXNKWJFNwAQoHQ+n0rO0zVtOga8MswXzJ3deDypxg9K6OCO + PyY/lH3R29qy9IRC99lQcXL9vpQBQudW059Us50mBjjEm44PGRx2qbU9Y02e + wnhinDO6kAYPJ/KrN2if2zYDaMFZe3+zVjV40GmXJCj7h7UAV7fW9KS3iRrg + AqqgjB6gfSqOnatp0M140swUSSll4PIx16V0FrHH9lh+UfcXt7Vm6UiG4v8A + Kjic9vYUAULvVtOk1GxmSYFIjJuODxuXA7VY1DWdMmsbiKOcM7owAweSR9Kn + vkQarpoCjBMvb/Zq1qkaDTbkhR/q27e1AFK01rS47SGN7gBlRQRg9QPpVOw1 + bTorq9kkmCrLICpweRj6VvWMaGytyVH+rTt7CqGmIhvdQyo4lHb2oAo3urad + Le2MscwKxMxY4PAIx6Vavta0yWyuIo5wWeNwBg8kg47VJqCINQ04BRy79v8A + Zq7qMaDT7khR/qn7f7JoAzbHWtMisreKScBkjQEYPBAGe1VrLVtOjvr6V5gE + lZCpwecLg9q2tNjQ6dakqP8AVJ2/2RVPT0Q6jqIKjh07f7NAFC/1bTprmyeO + YMsUhLHB4GPpV271rS5LWaNLgFmRgBg9SPpTtTRBeafhRzKe3tV+9jQWVwQo + /wBW/b2oAydO1nTIbC3ilnCuiKCMHggfSq9pq2nR6lfzvMAkvlbTg87Vwe1b + GlRodNtiVH+rXt7VWsUQ6tqQKjA8nt/s0AUdR1bTppbNopgwjmDNweBjr0q9 + ca3pTwSItwCWUgcHuPpRqqIJ7DCjmde3sa0rmOP7NL8o+43b2oAxNM1jTYNP + ghlnCuigEYPB/KobbVtOTVLydpgI5FjCnB5wOe1a2jxodMtiVH3B2qC0RP7Z + vxtGAsXb2oAoanq2nTmz8qYN5c6O3B4UZyelaMuuaU0TqLgZII6H/Cm6wiBr + HCgZuY+31rVmjj8l/lH3T29qAOf0nV9Nt9OghmnCuo5GDxz9KZDq2nLq1zcN + MBG6IAcHkjr2rS0REOlW5Kgnae3uajt0T+27sbRjy4+1AFHVNW06dbYQzBtk + 8bng8KOp6VpNruklSPtA/I/4VHrKIEtMKBm5j7fWtho49p+UdPSgDmtH1bTr + bTYYZ5wjqDkYPqT6U2PVtOGsTXJmHltEqg4PUH6Vo6CiHSbclQThu3+0abEi + f27ONox5K9vegChq2radcQxLDMGKyox4PQHk9K1f7d0n/n4H5H/CodbRBbw4 + UD9/H2962fLj/uj8qAOY0bVtOttOjhnmCOpbIwe7E+lC6tpw1l7nzh5RgC7s + H727OOlXtARDpUJKgnL9v9o0Kif2+42jH2cdv9qgCjq+radcWqxwzBmEiHGD + 0B57Vqf27pP/AD8D8j/hUOuogslIUD95H2962fLj/uj8qAOX0fVtOtrIRTzB + G3OcYPQnjtR/a2nf20Lnzh5X2fZuwfvb846elX9BRDp4JUH537f7RoKJ/wAJ + CBtGPsvp/t0AUNZ1bTrmxaKCYO5ZTjB7MD6Vq/27pP8Az8D8j/hUOvog01yF + A+ZO3+0K2fLj/uj8qAOY0nVtOt7Z0mmCsZHbGD0J47VNFe2t3rsb20gceQy8 + Z65z3qxoaIbSTKg/vZO3vSsqrr8W0Af6O3/oVAG3RRRQAUUUUAFFFFABRRRQ + B//Q/c+XTNuqwQfa7g7o2O4yfMMdgcdKfq2l+Rp00v2u4k2gfK8mVPI6jFMl + uNUOqwO1qolEb7V8wYI7nOKdq1xqr6dMtxaLHGQMsJAccjtigC/Ho+UU/bro + ZA/5a/8A1qztM0zzvtf+l3CbLiRPkfGcY5PHJPc1oR3WtbFxZIRgf8tR/hWf + plxqifa/ItVfNxIWzIBhuMjpzj1oALjTNuqWsP2u4O9XO4v8wwOxxxnvUup6 + X5NhPL9suH2rna8mVP1GKiuLjVDqlq72qiUK+1fMGCMc89sVJqdxqz2E6z2i + pGV5YSA4H0xQBbh0fdDG3226GVBwJOOn0qhp2medJeD7XcJ5czL8smN2Mcnj + k1fhutZEMYWyQjaMHzR0x9Koadcaosl35NqrkzMWzIBtbjj3oALrTNmpWUP2 + u4bzPN+YyZZcL/CccZ71PqOleVYzy/bLl9qE7Wkyp+oxUF1caodSsme1VZF8 + 3YvmAhsrzz2xU2o3GrNYzrNZqiFDlhIDgfTFAE9tpG+2if7bcruRTgSYAyO3 + FUtP0zzbi8X7XcJ5cuMrJgtx1PHJq5bXOsC2iCWSMoRcHzAMjH0qnYXGqLcX + hitVdmky4MgG046e9ABeaZ5d/ZRfa7hvML/M0mWXC5+U9s96s3+k+VZXEn2y + 5fbGxw0mQcDoRjpVa8uNUa/smktVV1L7F8wHd8vPPbFWb651drK4WWzVEMbb + j5gOBjk4xQA6z0nzLSCT7bcruRThZMAZHQDHSqllpnmXd7H9ruF8t1GVkwWy + P4jjmrVnc6wtpAI7NWQIuD5gGRjg4xVWyuNUW7vTFaqzs67x5gG049e9ABfa + Z5d3ZR/a7hvMdhlpMleP4eOKt3mk+XaTyfbbltqMcNJkHA6EY6VUvrjVGu7I + y2qo6u2weYDuOOme1Wry51hrScSWaqhRsnzAcDHJ6UAJYaT5tlBJ9suU3Ipw + smAMjoBjpVaz0zzL++i+13C+WU+ZZMM2V/iOOcdqsWFzq62UCxWaugRdpMgG + Rjg4xVezuNUW/vmjtVZ2Kb18wDb8vHPfNABf6Z5U9mv2u4fzJduWkyV46jjg + 1dudI2W8r/bbltqMcGTIOB34qlf3GqNPZmW1VGWXKgSA7jjp7VdubnWTbyh7 + JFUo2T5gOBj6UAQ6dpXm2MEv2y5TcgO1ZMKPoMVBa6Zv1O9h+13C+WI/mEmG + bK/xHHOO1TadcastjAsNmroEGGMgGR9MVDa3GqDUr1ktVaRhHvXzAAuF4575 + oANS0zyXsx9ruH8yZV+Z87c55HHBq/No+2GRvtt0cKTgycdPpVDUbjVGe086 + 1VCJlK4kB3NzgdOKvzXWsmFw1kgG05Pmjpj6UAVNL0vztPgl+13Ee5c7Ukwo + +gxUcGmbtUuoftdwNiodwf5jkdz3x2qTS7jVk0+BYLRZIwvDGQDP4YqOC41Q + apdOlqplKpuXzBgDHHOOc0AGp6Z5P2T/AEu4ffcRr8z5xnPI44I7GtF9GwjH + 7ddHAP8Ay1/+tWdqdxqj/ZfOtVTFxGVxIDlucDpxn1rRe61rY2bJAMH/AJaj + /CgCjpOl+fp0Mv2u4j3A/KkmFHJ6DFMi0zdq08H2u4G2NTuD/Mc9icdKdpNx + qqadCtvaLJGAcMZAM8ntimxXGqDVZ3W1UymNNy+YMAdjnFABqumeRHAftdxJ + umRfnkzjPccdR2rTOjf9P11/39/+tWZqlxqjxwCe1WMCZCMSA5bsPxrT+1a3 + /wA+Kf8Af0f4UAZmjaZ9o02Gb7XcR7t3yo+FGGI4GKE0zOryQfa7gYhDb/M+ + c89M46UaPcaommwrb2qyRjdhjIFJ+Y9sUJcap/a8ji1UymEAr5gwFz1zigA1 + bTPIt0f7XcSZkQYeTI5PXp1rU/sb/p+uv+/v/wBasvVbjVHt0E9qsa+YhBEg + POeBWn9q1v8A58U/7+j/AAoAzNH0z7RYJL9ruI8lhtR8Lwx7YoGmf8Tk2/2u + 4/1Abfv+f72MZx09qNHuNUSxRbe1WRMthjIB/Ec8YoFxqn9sF/sq+d5AGzzB + jbu65x69qADV9M8iz8z7XcSfOgw8mRyfTFan9jf9P11/39/+tWXq9xqj2e24 + tVjTenIkB5zxxitP7Vrf/Pin/f0f4UAZmk6Z59oX+13EfzuMJJgcHr0oOmf8 + Thbf7XccwFt/mfP97GM46e1Gk3GqJaEW9qsi735MgHOeRig3Gqf2wr/ZV87y + CNnmDG3d1z9e1ABrGmfZ9Pkl+13EmCvyvJleWA6YrU/sb/p+uv8Av7/9asvW + LjVHsJFuLVY48rlhIG/iGOK0/tWt/wDPin/f0f4UAZmlaZ58Ejfa7iPErrhJ + MA4PU8dfWiTTMavFB9ruDuiZt3mfMMHoDjpRpVxqiQSCC1WRTK5JMgHOeRRJ + cap/a8Tm1USiJgF8wYIz1zigBdY0z7Pps032u4k27fleTKn5gORitIaNwP8A + Trr/AL+//WrM1i41R9NmW4tFjjO3LCQEj5h2xWkLrWsD/QU/7+j/AAoAzdL0 + zz0uD9ruI9szr8j4zjueOp70TaZt1W3g+13B3o53GT5hjsDjpRpdxqiJceRa + rIDM5bMgGG7jp2omuNUOq27taqJQj7V8wYI7nNAD9W0vyNPml+13Em0D5Xky + p5HUYq9Ho+UU/broZA6S/wD1qo6rcaq+nzLPaLHGQMsJAccjtirsd1rWxcWS + EYH/AC1H+FAGfpmmecbv/S7hPLuHX5XxnGOTxyT3NFxpmzVLSH7XcHesh3GT + 5hgdjjjPejTLjVEN35Fqr5nctmQDDcZHvj1ouLjVDqlo72qiULJtXzBgjHPP + bFAEup6X5NhPL9suH2rna8mVP1GKtQaPuhjb7bdDKg4EnA4+lVNTuNWewnWe + 0VIyvLCQHA+mKtQXOsiGMLZIQFGD5o5GPpQBR07TPNkvB9ruE8uZl+WTG7gc + njk0XWmbNSsYftdw3meb8xfLLtXPynHGe9GnXGqLJdmG1Vy0zFsyAbWwOPei + 6uNUOpWLPaqsi+bsXzAQ2VGeccYoAn1HSvKsZ5ftly+1CdrSZU/UYqa20jfb + RP8AbbldyKcCTAGR24qHUbnV2sZ1ms1RChywkBwPpipba51gW0QSyRlCLg+Y + BkY+lAHmvizUr7QmI0+7lSR5mUktncFUcn35rij4x19mV3uSzJnaSTkZ6454 + r1W80Ia/cTm9sfNeKQ9JtmwsBkeh6CsSfwJZR3EERtHQylgF88HdgZ644oKT + Rw7eNPELqUe5ZlYYIJYgj86VfGniFFCJdMqqMAAsAAPxru7jwBZwwSSmzdQi + k588HGB1xt5pYPAFnLBHILORg6g5+0AZyOuNvFA7oj8CX9/4gu7xL26lTYqt + mNipJJxyec13F9pnl3dkn2u4bzHIy0mSvHVeODWH4b0aTQru8Om2pZztRg8o + +UdRzjmty+uNUa7sjLaqrK52ASA7jjpntQSy3eaR5dpO/wBtuW2oxwZMg4HQ + 8dKZYaT5tjBJ9suU3IpwsmAMjoBjpT7u51g2kwks1VSjZPmA4GOTjFMsLnV1 + sYFis1dAi7SZAMjHXGKBHAeLb+/0BpXsLmQMZUQszElgUJ5IxnHauEfxlr8h + VnuCxQ5Ukk4PqOa9W1HRpPEFzcw3lqWKOjlVlC7TtIHODnIrBufAllDJAjWr + p5r7QPPB3e3TigpWOJPjXxEwKtdMQeCCW/xpE8Z+II1CR3LKq8AAsAP1rv5f + h/aJG7mykXaCc/aAcY/4DUdr4Bs57eOZbN3DgHd54Gfw28UDuit4G1PUfEGq + 3MF7dSIBDvLRsVYlWAGTzng13+o6Z5L2g+13D+ZMq/NJnbnPI9DXP+HtCbQt + TupNOtS0oRUZXlBChvm645ziug1G41RntPOtVQiZSuJAdzc4HTigll+bR9sT + t9tujhScGTjp9KqaXpfnafBL9ruI9y52pJhRz2GKtzXWsmJw1kgG05Pmj0+l + VNLuNWTT4FgtFkjC8MZAM8+mKBHF+L7q90ESz2FzL5gkiQszEkhlY8kY6Y4r + z1/GWvy7fMuC20hhkk4I6Ec9a9Z1TSptfubi1vbXODG5VZQuCoIHODnIJrnr + vwJZweTutXTzJFQfvw2Se3TjPrQUmjij428Rng3Tf99N/jTI/GWvxII4rgoo + 6AEgD8Aa9CPw9tACfsMnH/TwP/iarWfgOzubaOZbR5A2fm88Lnn020Duil4L + 1fU9e1trW9uZFBiZiyMQx2kYGeeOa9G1XTPIihb7XcSbpkXDvkDPccdR2rnN + C8Pf2HrEk1hakzLFgq0wIAY9c49q6PVbjVHihE9qsYEyEESA5bsPxoJZqf2N + /wBP11/39/8ArVl6Npn2jTYZvtdxFu3fKj4UYYjgYrT+1a3/AM+Kf9/R/hWZ + o1xqiabCttarJGN2GMgUn5jnjHrQI5bxdNd6Es1xZXUplVY/mdySQzYIJGOK + 82k8Za/KNstwXAIOCSeR9TXruradca5dy2d7a53RoSiygYCtwd2P0rmrzwJZ + 28Su1q8YLKufPDdT0xtoKVjiv+E28R/8/bf99N/jTI/GWvxLsiuCijspIHP0 + Neh/8K8tP+fGT/wIH/xNVLLwJZ3NuJVtXkBJGfPC9DjptoHdGZ4S1vVdc8QR + Wl5cuBIjgsjEPhQWAyc8Zr03V9M8iyMn2u4k+ZRh3yOT6YrmNI8NLomuLPZW + jefHEWCNMCMMdpOcfpXT6vcao9mVuLVY03LyJA3OeOKCWan9jf8AT9df9/f/ + AK1ZekaZ59qX+13EfzuMJJgcHr061p/atb/58U/7+j/CszSbjVEtSLe1WRd7 + 8mQDnPIoEc74sa50SKa6s7qYyxwqwZ3JPzShSMjHGD+deXyeMtfmQxy3BdT1 + DEkcexNewavZ3Ws3LWN7a/62EAosoHyq4YHdj1HSuXvvAllbWzTNavGFx83n + hsZOOmKCkcV/wm3iP/n7b/vpv8aZH4y1+IFY7goCSTgkcnv1r0P/AIV5af8A + PjJ/4ED/AOJqpZ+BLO4jd1tXk2uy588LjHb7v60DujF8M6/q+s+IbSzu7lws + u5SysQ4AUtgE57ivVdY0z7Pp0032u4k24+V5MqfmHUYrlNN8LR6NrdvcWlqw + njVmVWmBByCpOce/Sur1i41R9OmW4tFjjOMsJASPmHbFBLNFdG4H+nXX/f3/ + AOtWbpemeclwftdxHsndfkkxnHc8dT3rSW61rAxYp/39H+FZul3GqIlx5Fqs + gM7lsyAYbuPw9aBGJ4pWfSIXurW6maWOFmVnfJByBj6c15RJ4z8QSoY5bkur + dQSSD+Ga9k1i3vNVnSyvLUDzY2XasgGRkEndjiuVvPAdnb20kzWjxhRnd54b + H4baCkcQPG3iMDAumAH+03+NMTxlr8e7y7grvO44JGSepPPWvQV+Htoyg/Yp + Dkf8/A/+Jqta+BLKfzttq7+XIyH9+FwR2+7z9aB3Rz2g+JNZ1XXLK0url9sj + 7NwJ3AHrgknFewanpXk2E8v2y4faudrSZU/UYrjLTwjDpWr2dxb2rCZSzorT + BgSo9ccYrs9TuNWawnWe0VIypywkBwPpigllmDR90EbfbboZUHAk4HH0qjp2 + mebLeL9ruE8uYrlXwW9zxyavQXOsiCMJZIVCjB80cjH0qjp1xqiy3hhtVctM + SwMgG1sdPegRl+JoJdLhW5t7qZ5EindWd8lSiZGPTPevIn8aeIZFKPcsytwQ + SxBH517PrEd9qM1vZ3doF81ZkCrIPmDLhuccYFcnc+AbOG3klazdAik588HG + PbbzQNHCr418RKoVbpgBwAC2APzpq+MtfQsyXBUucsQSMn35rv4fh/aSRJIL + KRgyg5+0AZyPTbUFv4EsppZ0Fq7mJtpHngbeOmdvNBV0cvpXijW9R1iwtbm5 + YrLPHHkE7lDsFO0k8HBr2u+0ny7K4k+2XL7Y2OGkyDgdCMdK4WLwbb6bqVjP + FaOsqyB0BmDBmj+YduK7q+udXayuFls1VDG24iQHAwcnGKCWLZaT5lnBJ9su + V3RqcLJgDIHAGOlVbLTPMvb2P7XcL5bKMq+C2R/Ecc1asrnWFs4Fis1ZBGoU + +YBkY4OMVVsrjVFvL1orVWdmXePMA2nHHOOaBFLxDaPp9us8V1O7qsrKXfO0 + qhIx+VeON418ROpVrpiCMEEtgj869p1f+0L0wW11ahRKXQASD5tykEZxxxXJ + zfD+0jheQ2cihVJz9oBxgdcbaBo4FPGniGNQiXLKqjAALAAfnSL4y19HaRbg + hnxuIJycdMnPNd7beAbOa3jlFm7h1Bz54Gc98beKih8CWUlzcQi1djFtyvng + bcjPXbzmgq6OQtfFmuXl7bQz3DMGlQZycjJxkZPBr3a40jZbyv8AbbltqscG + Tg4HfivPW8E2tjdWsq2ro/mrtBmDbiOQOnFehXFzrJt5Q9kgUq2T5oOBj6UE + sg03SvOsIJftlwm5QdqyYUfQYqG20zfqd5D9ruF8sR/MJMM2R3OOcdqm0241 + ZbCBYbRXQKMMZAMj6YqG2uNUGp3jJaq0jCPcvmABcDjnvmgRDrVgbSGGRbud + 2MgA3vnBwTkcda8VPjbxERg3TEH/AGm/xr23VpNSnW2jubVUBlUDEgOSQRj2 + +tci/wAPrRUZjZSDAJz9oH/xNA0efJ4z8QRII47koq9ACQB+GaB4y19XaUXB + DtgFsnJx6nNd1aeArO4to5ltHkDjO7zwufw202PwJZPdy24tXJQKSvngYz77 + eaCro4n/AITDXp3jWW4LAMCMknB9Rk9a+gn0bCk/brrof+Wv/wBavNbnwLZ2 + phc2rpulVR+/DZJ7dOM+tekvda1tObFMY/56j/CgllDSNL8/ToZftdxHuB+V + JMKOT0GKbFpmdWmg+13A2xqdwk+Y5PQnHSl0i41VNOhW3tFkjAOGMgBPJ7Yp + IrjVBq0zraqZTGoK+YMAZ4OaBBqumeRFC32u4k3TIuHkyBk9Rx1HavET428R + g4+1t/303+Ne3apcao8UIntVjAmQgiQHLZ4HTvXIH4e2h5+wyf8AgQP/AImg + aPPI/GWvwoI4rgoo6BSQB+ANH/CZa+JDKLg7yMbsnOPTOa7ix8CWV1apOtq8 + gbPzeeFzgkdNtA8CWRvWtvsr7ggbb549cZzt/Sgq6OHk8Za/KNstwXAOcEk8 + j6mvoGHSDJCjtfXWWUE/vfUfSvNrzwJZW8QdrV4wWVc+eG6npjFelpca0iKi + 2KYUAD96O34UEsztI0zz7FZPtdxH8zDCSYHDHtij+zP+Jz9n+13H/Hvv37/n + +/jGcdPajSLjVEslW3tVkTc3JkC87jnij7Rqn9s7/sq+d9nxs8wY27+uceva + gQavpnkWRk+13EnzKMPJkckdsV4xdeMvEMN1NCl2+2N2UZZugOPWvZ9XuNUe + yK3Fqsabl5EgPORjjFcpL4BtppXmexfc7Fji4HUnP92gaPOI/GWvxLtiuCgz + nAJAyfoaP+Ey1/zPO+0HeBjdk5x6Zz0ruLPwJZXMJkW0eQBmGfPC9D0xig+B + LIXotvsr7ihbZ549cZzj9KCro4eTxlr8yGOW4LqeoYkj8ia960/TXurC2uZL + 663yxI5xJxllBPavPb7wJZW1s8zWrxhcfN54bGTjptr0e3fV7a3jtorFdkSq + i5lGcKMDtQJlLStM86GVvtdxHtldcI+AcHqeOp70SaZjVoYPtdwd0TNuMnzD + B6A46UaVcaokMogtVkBlckmQDDZ5HSiS41Q6tC5tVEoiYBfMGCM8nNBIur6Z + 9n06ab7XcSbQPleTKnkdRivHNT8Xa/Z6ld2kN2+yCWRFyzZwrEDPNex6vcaq + +nTLcWixxkDLCQEjkdsVytz4FgvLiW7lsX3zuzti4AGWOT/DQNHmyeMtfiyI + 7gpuJY4JGSepPPWg+MtfLiU3BLrwGycgH0Oa7i08CWVwJSto77JGT/XhcEdu + nOPWiTwJZLeRW5tXBdWO3zwc498cUFXRw8njPxBKhjluS6t1BJIP4Zr3PRbC + S+0iyvZr25Dzwo7BZMDLKCcD0rhrvwFZ29tJM1o8YQZ3eeGx+G2vQLA6rZWN + vaW9kpihjVFzKM4UYGeKBMr6bpnnNdj7XcJ5c7r8smN2Mcnjk+9FzpmzU7OH + 7XcN5gk+YyZZcDse2e9Gm3GqK135Nqr5nctmQDDcZHTn60XFxqh1Ozd7VVkU + SbV8wENkc844xQSTanpXk2E8v2y4fapO1pMqfqMV41qvivXbDUbiyt7pxHC2 + 1cs3QfjXsmpXGrNYTrNaKiFTlhIDgfTFcjP4Ih1CVr2aycvN8xInABz7baBo + 82Txlr8ZYpcFS5y2CRk+p5obxlr7usjXBLJnaSTkZ64OeM13Ft4EspnnVbV3 + 8pypHngbfbpz9aJvAllHdW8BtXUy7sL54O7aM9ccYoKujiH8aeIZFKPcsytw + QSxBH517V4cs5dS0Ozvp7y4V5UBISTCjtwK5C58A2cNvJK1m6BFJz54OMe23 + mu40ldTsNMtrO0slaGNAFLSjJB59KBOw2x0zzbm8T7XcJ5cgGVkwW46njk0X + mmeXe2Uf2u4bzGcZaTJXA/hOOKLG41Rbm8MVqrs0g3gyAbTjp05ovLjVGvbJ + pLVVdWfYPMB3HHPPagktX2k+XZXEn2y5bbG5w0mQcA8EY6V4zrHijXNNv3sr + W6cRRrHtBY8bkU44PvxXst9c6u1lcLLZqqGNwx8wHAwcnGK4ybwZDqjLfzWb + s0qIcicKCAoAOMHHAoGjzdfGWvozOlwVZ/vEEgnHrzzQ3jLX3ZWe4LFDlSSS + Qfbmu4g8CWUs88QtXYxEAjzwNuRnrt5ouPAllDLBGbV0MrYA88Hdx0zt4oKu + jiW8a+ImUq10xB4IJbBH517D4Tt5tW8P2l/cXk6PIHBWN9qgK7KMD6Cubm+H + 9pHE8hspFCqTn7QDjA64211+gx6hpukW1nZWYeBFJUtKMncSxPT1NAmSWmmb + 9Rvovtdwvl+X8wkwzZXPzHHOO1GoaZ5U1mv2u4fzJQuWkyV46jjg0Wlxqg1G + +aO1VpG8vevmAbcLxz3yKNQuNUaazMtqqFZQVAkB3HHTpxQSXrjSNkEjfbbk + 4UnBk4PHfivF9Z8S61pV99is7l1iVIyBuPG5QT0PvXs9xc6yYJA9kgUqcnzQ + cDH0rh5PB8Wr7L+a0Z2dFG4TBQQowOMHHAoGjzgeMtfV2kW4Id8bmBOTjpk5 + ofxlr8m3zLgtsO4ZJOCO45613EXgSye7ngFo7GILlfPA27h645zRdeBLKAwh + rV08yRUH78HJPbpx9aCro4k+NvERGDdMQf8Aab/GvWvBsU+saFFe3F3PG5Z1 + 2xvtUBTxgViP8PrRVLfYpBgE/wDHwP8A4mun8OQX2l6TDa2FoJIeWDNKASWP + PagTaLUGmbtVuYPtdwNiIdwk+Y59Tj8qNU0zyVtj9ruJN86L875xnPI46jsa + IbjVBqly62qmUom5fMGAO3PejVLjVHW28+1WMCdCuJActzgdO/rQSaTaNhSf + t110/wCev/1q8W1rxFrGkXEVrZXLpG0YfG44BJPTB9q9pa61rac2KdP+eo/w + rgW8Jxa1FDeTWjSHZtDLMEyAT2waBo83PjHxB5hlW6ZXIwWBOSPrVW58TeIL + tds9/Myg5A3EYI78V6PF4Gsftr25smcqgbYZ8Yz3yAKvz+FNPsY42GkRoTIo + 3NKZN3PTBJHNA7o8XihvtRuNsKSXMz9gC7H+Zr23wJo2qDSCuoTTW8W4mERy + 44JO7KjOOf5119udStI/KtdMhhQfwo6qPyAqno9xqiadEtvarJGN2GMgXPzH + PH1oE2C6ZnWHt/tdxxCG3+Z8/wB7GM46UatpnkWyv9ruJMyIMO+RyevTrQtx + qn9sO4tV83yQCnmDG3d1zRq1xqj2yie1WNfMTkSA854HSgRqf2N/0/XX/f3/ + AOtWXo+mfaLISfa7iP5mGEfA4PpitP7Vrf8Az4p/39H+FZmkXGqJZBbe1WRN + zcmQLzk54oAP7M/4nP2f7Xcf8e+7fv8An+/jGcdPajV9M8iyaT7XcSYZRh5M + jkjtij7Rqn9s7/si+d9nxs8wY27+ucevajV7jVHsmW4tVjTcvIkDc5GOKANT + +xv+n66/7+//AFqy9J0zz7Zn+13EeJHGEkwOD16da0/tWt/8+Kf9/R/hWZpN + xqiWzC3tVkXzH5MgHOeR0oAG0zGsJb/a7jmEtv8AM+f72MZx0o1jTPs+nSy/ + a7iTbt+V5MqcsByMUNcap/bCObVfN8kgJ5gxt3dc0axcao+nSrcWqxxnblhI + Gx8wxx9aANT+xv8Ap+uv+/v/ANasvStM8+GZvtdxHtldcI+AcHqeOvrWn9q1 + v/nxT/v6P8KzNKuNUSKYQWqyAyuSTIBhs8jpQAS6ZjVoYPtdwd0bHcZPmGD0 + Bx0p2r6X5GnTS/a7iTaB8ryZU8jqMU2S41Q6tC7WqiURsAvmDBGeTml1e41V + 9OmW4tFjjIGWEgJHI7YoA0V0bKg/brrp/wA9f/rVm6ZpnnLcn7XcR7J5F+ST + GcdzxyT3NaS3WtbRixTp/wA9R/hWbplxqiLc+RarJmdy2ZAMN3HTt60AE+mb + dVtoPtdwd6Odxk+YY9Dj86k1XS/I0+eX7XcSbR915Mqee4xUc1xqh1S2drVR + KEfavmDBHfnHFP1S41V9PnWe0WOMrywkBxz6YoAuxaPuiRvt10MqOBJx0+lZ + +m6Z5zXY+13CeXO6/K+N2Mcnjk+9X4rrWREgWyQjAwfNH+FUNNuNUVrvybVX + zO5bMgG1uMjpz9aAC50zZqdnD9ruG8wSfMZMsuB2OOM96m1LSvJsJ5ftlw+1 + SdrSZU/UYqG5uNUOp2bPaqsiiTavmAhsjnnHGKm1K41ZrCdZrRUQqcsJAcD6 + YoAsW+kb4I2+23IyoOBJwOO3FUdP0zzZrxftdwnlylcq+C3HU8cmrtvc6yII + wlkhUKMHzQMjH0qlp9xqizXhhtVctKSwMgG1sdOnNABd6Z5eo2MX2u4bzDJ8 + xkyy4XPynHGe9WNQ0ryrGeT7ZcvtRjhpMg4HQjHSq93caodRsWktVWRTJsXz + Ad2V557YqfULnV2sZ1ls1RCjZIkBwMdcYoAltNI8y1hf7bcruRTgSYAyOg46 + VTsNM826vU+13CeXIBlZMFuOrccmrdpc6wLWER2aMoRcHzAMjHB6VUsbjVFu + r0xWquzSDeDIBtOOnTmgAvdM8u9so/tdw3mMwy0mSuB/CccVavdJ8uznk+2X + LbY2OGkyDgHgjHSqt7cao17ZNJaqrqzbB5gO4455xxVq9udYaznWWzVUMbBj + 5gOBjk4xQAWOk+ZZW8n2y5TdGhwsmAMgcAY6VVs9M8y9vY/tdwvlsgysmC2V + /iOOas2Nzq62VusVmrII0CnzAMjAwcYqtZ3GqLe3rR2qs7Mm8eYBtO3jnvQA + X+meVc2Sfa7h/MkIyz5K8dV44NXLrSNlrM/225bajHBkyDgdDxVO/n1RrmzM + tqqMshKASA7jjp04q5dXOsG1mElkiqUbJ8wHAxyelAEWn6V5tjBL9suU3Ip2 + rJhRx0AxUFppm/Ub6H7XcL5Xl/MHwzZXPzHHOO1T6fc6utjAsNmroEXBMgGR + j0xUFpcaoNRvmjtVaRvL3r5gG3C8c980AGoaZ5Utmv2u4fzJguWkyV46jjg1 + en0fbBI3226OFJwZODx9Ko6hcao0tmZrVUImBUCQHc2Dx04q9Pc6yYJA9kgU + qcnzRwMfSgCvpmledYQS/bLhNyg7Vkwo+gxUNvpm/VLuH7XcL5YjO4PhmyO5 + xzjtUum3GrLYQLDaK6BRhjIBkfTFRW9xqg1O7dLVWlYR7l8wALgcc45zQAan + pnkm0/0u4fzJ0X5pM7c55HHB960JdHxG5+3XRwD1k/8ArVn6lcaoxtPOtVTE + 6FcSA5bnA9vrWhLda0Y3DWSAYOf3o/woApaVpfn6fDL9ruI9w+6kmFHPYYpk + OmbtVuIPtdwNiIdwk+Y57E46U/SrjVU0+FYLRZIwOGMgGefTFMhuNUGq3Dra + qZSibl8wYA7HNABqmmeStsftdxJvnRfnkzjPccdR2NaTaNwf9Ouv+/v/ANas + 3VLjVHW28+1VAJ0K4kBy3Yfj61pNda1g5sU/7+j/AAoAztI0z7Rp0M32u4j3 + A/KkmFHJ6DFJHpmdXlg+13A2xK24SfMcnoTjpS6RcaqmnQrb2iyRgHDGQAnk + 9sUkdxqg1aVxaqZTEoK+YMAZ65xQAarpnkQxN9ruJN0qLh5MgZPUcda1P7G/ + 6frr/v7/APWrL1W41R4YhParGBKhBEgOTngdK0/tWt/8+Kf9/R/hQBmaPpn2 + jT45ftdxHkt8qSYUYYjgYoXTM6w1v9ruOIQ2/wAz5/vYxnHSjR7jVE0+Nbe1 + WSMFsMZAufmOeMULcap/bDOLVfO8kDZ5gxt3dc49aADVtM8i1D/a7iT50GHk + yOT16da1P7G/6frr/v7/APWrL1a41R7UC4tVjXenIkB5zwK0/tWt/wDPin/f + 0f4UAZmkaZ59kJPtdxH8zDCSYHB9MUf2Z/xORb/a7j/j33b9/wA/3sYzjp7U + aRcaolmFt7VZE3NyZAOc88Yo+0ap/bIf7KvneRjZ5gxt3dc/XtQAaxpn2exa + T7XcSYZRteTI5I7YrU/sb/p+uv8Av7/9asvV7jVHsWW4tVjTcvIkDc5GOK0/ + tWt/8+Kf9/R/hQBmaTpnn2zv9ruI8SOMJJgcHr061Ygs/suuxr50s37ljmRt + x64x9Kr6Vcaols4gtVkXzHJJkA5zyOlWIJbyTXYzdQiJvJYYDbuM9fzoA6Wi + iigAooooAKKKKACiiigD/9H91JtT09tXt5xOpjWNwT2BNO1jVNPn02eKGdXd + gMAd+RVieGEa3bKI1wYn4wMU/W4YV0q4ZY1BAHIA9RQBLHrOliNQblcgCszS + tTsIftnmzqvmXEjrnupxg10EVvB5aful6DsKytHhhb7dujU4upQMgdOKAKlx + qdg+rWk6zqY0WQMewyOKm1XVdOm06eKKdWdlwAO9S3UMI1myURrgpJkYGOlT + axBCumXDLGoIXqAKACDWNMWGNWuVBCgH8qz9N1PT4ZLwyzqoknZlz3BA5rct + 7eAwRkxL90dh6Vm6VDC0t9ujU4uGAyBwMCgCrdanp76pYzJOpSPzdx7DKgCp + 9S1XTptPuIorhWdkIAHc0+8hhGr6cojUAibIwOflFWNVghXTblljUEIeQBQB + Fa6vpiWsKPcKGVFBHuBVHTtTsIri9aSdVEkuVJ7jFbdnbwG0gJjUkovYelZ+ + mQwtdX4ManE3HA44oAq3up6fJqFhKk6lIzJuPplcCrOoatpstjcRx3CszRsA + B3JFLfwwjUtOURqAWkyMDn5at6lBAun3JEagiJ+w9DQBVstX02Ozgje4UMsa + gj0IFVLHU9PjvL6SSdVWR1Kn1AFa9hBAbG3JjUkxp2HoKpadDCb7UAY1IEi4 + 4HHy0AVL/U7CS8sZI51ZY3YsfQYq5e6vpslnPGlwpZo2AHqSKTUYYVvtPAjU + AyNngc8Vdv4IBY3BEagiN+w9DQBR0/VtNisbeOS4VWWNQQexAqrZanYR6hfy + vOoSQx7T64XBrV0yCBtOtiY1JMac4HpVWwhhOp6ipjUgGPAwOPloAq6jqeny + 3Fk0c6sI5dzY7DHWr11rGmPbSotwpLIwA9yKj1OGFbmwAjUZmweBzxWhd28A + tZiI1BCN2HpQBmaZqunRafbxSXCq6oAQexqva6nYJql9M86hJBFtPY4XmtPS + oIW022Zo1JKDkgVXs4YTq+oKY1IAiwMDj5aAKmp6nYTSWZinVhHOrNjsBnmt + GfWNMaGRVuVJKkD8qh1aGFZLHbGozcKDgDkc1pXFvAIJCI1+6ew9KAMfStV0 + 6HToIpZ1V1XBB7VHb6np66tdzNOoR1jCnscDmr+jQQtpduzRqSV6kCoraGE6 + zeqY1wEjwMD0oAq6pqenzfZPKnVvLuI3bHZRnJrSfWdLKMBcpkg1X1iGFfsW + 2NRm6iBwB05rVkt4PLb90vQ9hQBhaPqmnwabBFNOqOoOQe3JpsOp6eur3E5n + URtGgB7EiruiQwtpVuzRqSQeSB6mmQQwnW7lTGuBEnGBigCpq2p2E8duIp1Y + rMjHHYDqa1TrOlY/4+UqrrUMKxW22NRm4jHAHTNbBt7fH+qX8hQBzuianp9v + pkMM06o67sg9ssTQmp6eNZkuDOvlmFVDds56Va0CGF9JgZo1YndyQP7xojhh + /t2VfLXHkKcYGPvUAVdX1PT57aNIZ1ciVCQPQHmtX+2tK/5+UqprcMK2sZWN + QfNj6AetbH2e3/55L+QoA5zRdTsLfT0imnVHDNwfdjSjU9P/ALaNx56+X9nC + 7u27dnFWtBhhfTUZo1Y7n5IH940CGH+32Ty12/ZgcYGM76AKms6nYXFl5cM6 + u29DgegPNa39taV/z8pVTXYYUsMrGoO9OgH96tj7Pb/88l/IUAc7o+p6fBZl + Jp1Rt7nB9CeKDqen/wBtLceevliAru7Z3ZxVrQ4YWsiWjUnzH6gf3qGhh/t5 + U8tdv2cnGBjO+gCrrWp6fcadJFDOruSuAPZga1f7a0r/AJ+Uqpr0MKaZKyxq + DlOQB/eFbH2e3/55L+QoA53SNT0+C3kWadVJldgD6E8Ukmp2B1mK4E6+WsTK + W7ZJ6Vb0WGFraUtGp/fSdQPWiWGH+3YV8tcGFjjAx1oAq61qen3GmTQwzq7t + twB3wwNag1nS8D/SUqrr0MKaTcMsagjbyAP7wrXFvb4H7pfyFAHO6TqdhBHc + CWdVLzyMM9wehpZtT09tXt51nUxpG4J7AnpVrRoYWjut0anFxIOQOnFE8MI1 + q1URrgxvxgYoAg1fVNPn02eKGdXdgMAd+RV+PWdLEag3K5AFRa3BCulXDLGo + IA5AHqK0oreDy0/dL0HYUAc/pep2EJvPNnVfMuJGXPdTjBoudTsH1WzmWdTH + GsgY9hkcVb0eGFjfbo1OLmQDIHA4ouoYRrNiojUArLkYGDxQBFquq6dNp08U + U6s7LgAd6tQaxpiwRq1woIUA/lS6xBCumXDLGoIXqAKuW9vAbeImNfur2HpQ + Bh6bqenxS3hknVRJMzLnuMDmi71PT31OwmSdSkXm7j2G5cCrWlQwtLfbo1OJ + 2AyBxwKL2GEatpyiNQG87IwOcKKAGalq2nS2FxFHcKzMhAA7mprXV9MS1hR7 + hQyooI9wKl1WCFdNuSsagiNuQB6VYs7eA2kBMaklF7D0oAxNP1Owiub15J1U + SS5UnuMUXup2EmoWEqTqUjZ9x9MrxVvTIYWur8GNSBLxwOOKL+GEalpyiNQC + 0mRgc/LQAmoatpstjcRx3CszRsAPUkU6x1fTY7K3je4UMsaAj0IAq1qUEC6f + ckRqCIn7D0NO0+CA2FsTGpJiTsP7ooAyLHU9Pjvb6R51VZHUqfUAUX+p6fJe + WLxzqyxuxY+gxVrT4YTf6gDGpAdMcDj5aNRhhF7p4EagGRs8Dn5aAHXmr6bJ + ZzxpcKWaNgB6kio9O1bTYrC3jkuFVljUEHsQK0L6CAWNwRGoIjfsPQ1HpkED + adbExqSY15wPSgDKs9TsI9Rv5XnUJKY9p9cLg0ajqdhLcWTRzqwjl3MR2GOt + W7GGE6pqKmNSAYsDA4+WjVIYVubALGozNg8DnigCS51jTHtpUW4UlkYAe5FV + 9M1XTodPt4pbhVdUAIPY1qXVvALWYiNfuN2HpVfSYIW022Zo1JKDkgUAZtrq + enpql9M06hJBFtPY4XmjU9T0+Z7MxTqwjnVmx2AzzVqzhhOr6gpjUgCLAwOP + lNGrQwrJY7Y1GbhAcAcjBoAmm1jS2hkVblSSpA/Kqek6rp0GnQRSzqrquCD2 + 5rZnt4BBIREv3T2HpVHRoIW0u3Zo1JK9SB60AZ9vqdgurXc7TqI3SMKexIHN + Lqup6fMLTyp1bZcRs2OyjOTVq2hhOs3imNcBI8DAx0o1iGFRZ7Y1GbmIHAHT + mgCw+s6WUYC5Toaz9H1TT4NNgimnVHUHIPbk1vPb2+xv3S9D2FZehwwtpVuz + RqSQeSB6mgCnFqenrq885nURtGgDdiQaTVtTsJ4oBFOrFZkY47AHk1bhhh/t + u4Xy1wIk4wMdaNahhWG3KxqMzxjgD1oAtf21pX/PylZWianYW+mQwzzqjruy + D7sTXR/Z7f8A55L+QrH0CGF9IgZo1YndyQP7xoAqJqdgNZkuDOvlmEKG7Z3d + KXV9T0+e2RIZ1dhIhwPQHmrUcMP9uyr5a7fIU4wMfeo1uGFbSMrGoPmx9APW + gC3/AG1pX/PylZWjanp9vYJFNOqOGc4PuxNdF9nt/wDnkv5CsfQoYW01C0ak + 7n5IH940AVRqen/22bjz18v7Pt3dt2/OPypNZ1OwuLIxwzq7b0OB6A1bEMP9 + vlPLXb9mzjAxnfRrsMKaeSsaqd6dAP7woAt/21pX/PylZOj6nYQWhSadUbzH + OD6E8V0f2e3/AOeS/kKx9DhhayYtGpPmP1A9aAKjanYHWluPPXyxAV3ds7s4 + o1rU7C406SKGdXclcAezA1baGH+3kTy12/ZycYGM7qNehhTS5WWNVOU5AH94 + UAW/7a0r/n5SsrSNT0+CCVZp1UtK7DPoTwa6L7Pb/wDPJfyFY+iwwtbzFo1P + 76QcgetAFWTU9POsQzidfLWJlLdsk9KXWtU0+40yeGGdXdtuAO/zCrMsMP8A + bkK+WuDCxxgY60uvQwppNwyxqCAvIA/vCgCwus6XtH+kpWXpOp2ECXIlnVS8 + 8jDPcHGDXRLb2+0ful6egrI0aGFkut0anFxIOQOnFAFSbU7BtXtp1nUxpG4J + 7AnpUmr6pp8+mzxQzq7sOAO/IqeeGEa3aqI1wY34wMVJrUEK6XcMsaghRyAP + UUAPi1nSxGgNyuQBWdpep6fCbzzZ1XzLh2XPdTjBreit4PKT90vQdh6Vl6RD + Cxvt0anFzIBkDpxQBVudT099Vs5lnUpGsgY9hkcVLqmq6dNp88UU6s7KQAO9 + S3UMI1ixURrgrLkYHPFTaxBCumXLLGoIQ8gCgBLfWNMWCNWuFBCgH8qz9N1O + whlvTJOqiSYsue4x1rctreA20RMa/cXsPSs7SoYWmv8AdGpxOwGQOOBQBVu9 + T099TsJknUpF5u4+m5cCrGpatp0thcRR3CszIwAHckU69hhGracojUBvOyMD + nC1Z1SCFdOuSsagiNuQB6UAQ2mr6YlrCj3ChlRQR7gVS0/U9Piub15J1VZJM + qT3GK2bO3gNnATGpJjXsPSqGmwwm7vwY1IEoxwOOKAKl7qdhJf2MqTqVjZyx + 9MrxVu/1bTZbG4jjuFZnjcAepIo1CGEajpwEagFpMjA5+WreowQLp90RGoIi + fsP7poAqWOrabHZW8b3CqyxoCPQgCqljqdhHe30jzqqyOpU+oArX0+CA2FsT + GpJiTsP7oqnp8MJ1DUAY1IDpjgcfLQBVv9T0+W7sXjnVljkJY+gxVy81fTJL + SdEuFLMjAD1JFN1KGEXmngRqAZDngc8VevoIBZXBEagiN+w9DQBn6dq2mxWF + vHJcKrLGoIPYgVXs9T09NRv5XnUJIY9p9cLg1qaZBA2nWxMakmNecD0qrYww + nVNRUxqQDFgYHHy0AVNR1OwlnsmjnVhHKGbHYY61fudY0x7aVFuFJZGAHuRU + eqQwrcWAWNRmYA8DnitG6t4BazERqCEbsPSgDK0zVdOh0+3ilnVXVACD2NQ2 + up6emqXszTqEkEe09jgc1o6TBC2mWzNGpJQckCoLSGE6vfqY1IAiwMDj5TQB + V1PU9PmezMU6t5c6M2OwGcmtCbWNLaJ1FypJU/yqHVoYVex2xqM3CA4A5HNa + c1vAIZCIl+6ew9KAMbSdV06DToIpZ1V1XBB7c1FBqdgurXU7TqI3RAD2JHWt + DRoIW0u3Zo1JK9SB61FbQwnWrxTGuAkeBgYoAqarqdhMLXyp1bZcRs2OyjOT + Wm+s6WUYC5Toar6zDCq2e2NRm5jBwB05rWe3g2N+6XoewoAwNG1TT7fTYIZp + 1R1ByD25NJFqenjWJ5zOojaJQG7Eg1c0KGFtKt2aNSSDyQP7xpsMMP8Abdwv + lrgRJxgY60AVdW1PT54oVinVisyMcdgDya1f7a0r/n5SqmtQwrDb7Y1GZ4xw + B61sfZ7f/nkv5CgDnNE1Owt9MhhnnVHXdkH3YmhNTsBrUlwZ18swhQ3bO7OK + t6BDC+kwM0asTv5IH940JDD/AG9Inlrt+zg4wMZ3UAVNY1OwntUSGdXYSIcD + 0B5rW/trSv8An5SqmuQwraIVjUHzU6AetbH2e3/55L+QoA53RtT0+3sFjmnV + GDOcH3Y0f2np/wDbf2jz18v7Ps3dt2/OPyq1oUMLacpaNSdz8kD+8aPJh/t/ + Z5a7fsucYGM76AKus6np89iY4Z1dtyHA9mFav9taV/z8pVTXYYV08lY1B3p0 + A/vCtj7Pb/8APJfyFAHO6PqenwWjJNOqN5jnB9CeKRtTsDrSXAnXyxAV3ds7 + s4q3ocMLWbFo1J8x+oHrQ8MP9vInlrt+zk4wMZ3UAVNb1OwuNNlignV3JXAH + swNa39taV/z8pVTX4YU0qZljVTlOQB/eFbH2e3/55L+QoA53SdT0+CGZZZ1U + tM7DPoTwaJNT086xDOJ18tYmUt2BJq1osMLQTlo1OJ5ByB60Sww/25Avlrgw + txgY60AVtZ1TT7jTJ4YZ1d2AwB3+YVpLrOl7R/pKVX12GFdJuGWNQQF5AH94 + VrLb2+0ful6egoA57StT0+FLkSzqu+eRhnuDjBpJ9TsG1e2nWdTGiOCewJ6V + b0aGFku90anFxIBkDpxRcQwjWrRRGuDHJkYGKAINW1TT59OniinVnZcADvzV + 6LWdLESA3KggCma1BCul3DLGoIXqAPWtCG3g8lP3S/dHYelAGDpep6fC155s + 6r5lw7Lnupxg0XOp6e+q2UyzqUjEm49hkcVa0iGFmvt0anFy4GQOBxRdwwjW + LBRGoBWXIwOeBQBFqmq6dNp88UU6s7KQAO9WrfWNMWCNWuFBCgH8qdq8EK6Z + cssaghDyAKtW1vAbaImNfuL2HpQBh6bqdhFNetJOqiSYsue4x1ovNTsJNTsJ + knUpF5u4+mVwKt6VDC09+GjU4nIGQOOBRewwjVtNURqA3nZGBz8tADdS1bTp + bC4ijuFZmRgAO5IqS01fTEtIUe4UMqKCPQgVPqkEK6dclY1BEbcgD0qayt4D + ZwExqSY17D0FAGNYanp8V1evJOqrJICp9Rii91PT5L6xkSdSsbOWPplcCrWm + wwm81AGNSBKMcDjii/hhGo6eBGoBZ8jA5+WgAv8AVtNksbiOO4VmeNwB6kg4 + osdW02Oyt43uFVljQEehAFXNRggGn3REagiJ+w/umjT4IDYWxMakmJOw/uig + DIsdTsI76+kedVWRkKn1wOaNQ1Owlu7F451ZY5CWPoMVb0+GE6hqIMakB0wM + Dj5aNShhW808CNQDKc8DnigB13q+mPaTIlwpZkYAepIqPTtW02Kwt45LhVZU + UEHsQK0b23gFnORGoIjbsPQ1DpcEDadbExqSY15wPSgDMtNT09NSv5nnUJL5 + W0+uFwaNR1PT5ZrJo51YRzBmx2GOtWrKGE6rqKmNSAYsDA4+WjVIYVnsAsaj + M4B4HPBoAkuNY0x7eVVuFJKsAPwqtpeq6dDp8EUs6q6qAQe1a11bwC2mIjX7 + jdh6VV0iCFtMtmaNSSg5IFAGbbanYJqt7M06hJBHtPY4HNGqanYTNZmKdW8u + dGbHZRnJq3aQwnWL9TGpAEWBgccUavDCr2O2NRm5QHAHI5oAnl1nSzE4FypJ + BqjpOqafBp0EUs6q6rgg9ua25reDyX/dL909h6Vn6LBC2l27NGpJXqQPWgCj + Bqenrq11O06iN0QA9iR1pNV1OwmW1EU6tsnjY47KM5NW7eGE61dqY1wI48DA + xRrMMKpabY1GbmMHAHTmgCy2s6WVIFynSs3RtU0+30yCGadUdQcg9vmNb729 + vtP7peh7CsrQoYX0m3Zo1JIbkgf3jQBTi1OwGsTTmdRG0SgN2JBpdW1PT54Y + VinVisyMcegPJq1DDD/blwvlrgQpxgY60a1DCsEBWNRmeMcAetAFv+2tK/5+ + UrK0XU9Pt9NihmnVHXdkH3Ymui+z2/8AzyX8hWPoMML6VCzRqSS/JA/vGgCq + up6eNae4M6+WYAu7tndnFGsanp89qqQzq7CRDgegPNWkhh/t6RfLXb9nBxgY + zuo1uGFbNCsag+bH0A9aALf9taV/z8pWTo2p2FvYiOadUYM5wfcmuj+z2/8A + zyX8hWPoUMLaepaNSd78kD+8aAKv9p6f/bf2jz18v7Ps3dt2/OPyo1nU9Pns + WjhnV2LIcD2YE1a8mH+39nlrt+y5xgYzvo12GFdOYrGoO5OQB/eFAFv+2tK/ + 5+UrK0fU9PgtWSadUYyOcH0J4rovs9v/AM8l/IVj6JDC1m5aNSfNk6getAFR + 9TsDrUdwJ18sQlS3bO7OKXWtT0+402WGGdXdtuAPZgatPDD/AG9Gvlrt+zk4 + wMfeo16GFNKmZY1BBTkAf3hQBb/trSv+flKydI1OwghmWadVLTOwz6E8Guj+ + z2//ADyX8hWPosMLQTlo1OJ5ByB60AVZdT086xBOJ1MaxMC3YEml1nVNPn02 + eGGdXdgMAd+RVmaGH+27dfLXBifjAx1p2uwwrpVwyxqCAOQB/eFAE66zpYUA + 3KdKzNK1PT4VuvNnVd9xIwz3U4wa6BLe32j90vQdhWTo8MLLebo1OLmQDIHT + igCrPqentq1rOs6mNEcE9gT0p+rapp8+nTxRTqzsuAB35qe4hhGtWiiNcGOT + IwMVJrUEK6XcMsagheoA9aAHQ6xpaxIpuVBCj+VZ2l6nYQteGWdV8yd2XPdT + jBreht4DDGTEv3R2HpWZpEMLPfbo1OLlwMgcDigCpc6nYPqtlMs6lIxJuPYZ + HFT6nqunTafcRRTqzshAA7mpLuGEaxYKI1AIlyMDnip9XghXTLlljUEIeQBQ + Ay31jTEt4la4UEKoI/CqOnanp8U160k6qJJiy57jHWtu1t4DbQkxr9xew9Kz + tLhhae/DRqcTkDgccCgCpeanYSalYSpOpSIybj6ZXAqzqOrabLYXEcdwrMyM + AB3JFOvoYRqunKI1AJlyMDn5as6pBAunXJEagiNucD0oAgs9X0yO0gR7hQyo + oI9CBVLT9TsIru+eSdVWSQFT6jFbNjBAbK3JjUkxp2HoKo6bDC15qAMakCUY + 4HHFAFW+1PT5L6xkSdSsbOWPplatX2rabJZXEaXCszRuAPUkGjUIYRqGngRq + AXfPA5+WrmoQQCwuSI1BET9h/dNAFOw1bTY7G3jkuFVkjQEehAGaq2Wp6fHf + 30jzqFkZCp9cLzWtp0EB0+1JjUkxJ2H90VTsIYTqOoAxqQGTAwOPloAqahqd + hLdWLxzqyxyEsR2GKu3er6Y9pMiXClmRgB6kim6nDCt3p4EagGU54HPFX72C + AWc5EagiNuw9KAM7TdW06Kwt4pLhVZUUEHsQKrWep2Eep38zzqEl8rafXC4N + amlwQtp1sWjUkxryQPSq1lDCdW1JTGpC+TgYHHy0AVdS1PT5ZbJo51YRzBmx + 2GOtX7jWNMaCRVuFJKkD8qi1WGFZrDbGozOoPA54NaNzbwC2lIjX7jdh6UAZ + Ol6rp0OnwRSzqrqoBB7VDbanYJqt5M06hJFj2nscDmtLSIIW0y2Zo1JKDkgV + BawwnWL5TGpAWLAwMDigCpqmp2Exs/KnVvLuEZsdlGcmtKXWdLMTgXKkkGoN + XhhVrHbGozcxg4A5HNak1vB5L/ul+6ew9KAMTSNU0+DTYIpp1R1HIPbk0yDU + 9PXVrmdp1EbogB7EjrV7RYIW0u3Zo1JKnkgepqO3hhOtXamNcCOPjAxQBV1X + U9PmS2EU6tsnjY47AZya021nS9p/0lKrazDCqWm2NRm4jBwB05rXa3t9p/dL + 09BQBz+japp9vpkEM06o6g5B7fMabHqdgNYmnM6+W0SqG7ZB6Vc0KGFtJt2a + NSSG5IH940kUMP8Abk6eWu0QqcYGOtAFTV9TsJ4IlhnVisqMcegPJrW/trSv + +flKqa3DCtvCVjUZmjHAHrWx9nt/+eS/kKAOd0XU9Pt9OiimnVHBbIPuxNC6 + np/9tPceevlmALu7Z3ZxVrQYYX0uJmjVjl+SB/eNCww/286eWu37ODjAxndQ + BV1jU9PntFSGdXbzEOB6A81q/wBtaV/z8pVTXIYVs1KxqD5idAPWtj7Pb/8A + PJfyFAHOaNqdhb2QjmnVG3ucH0Jo/tOw/tsXHnr5f2fbu7bt+cflVvQoYX08 + Fo1J3v1A/vGjyYf+EgCeWu37NnGBjO+gCprWp2FxYNFDOrsWQ4HswrW/trSv + +flKqa9DCunOVjUHcnIA/vCtj7Pb/wDPJfyFAHO6RqenwWzpNOqMZHOD6E8V + NHeW11rsbW8gkHkMMj13ZqTRIYWtHLRqT5snUD1pxjjTXogihf3DdBj+KgDc + ooooAKKKKACiiigAooooA//S/c+XTpF1WCH7ZMS0bHeW+YY7A4p+rabJDp00 + pvJpAoHyswIPI68UyW61I6rBI1liQRsAnmryO5zjjFP1a61OTTpknsfKQgZb + zVbHI7AUAXo9JlKKft9wMgfxD/Cs7TNOkm+14u5o9lxIvysBuxjk8dTWjHe6 + uEUDTgRgf8tl/wAKztMutST7X5Nl5m64kLfvVXaxxleRzj1oALjTpF1S1h+1 + zMXVzuLDcuB2471LqemyQ2E8hvJ5Aq52swIP14qK4utSOqWrtZbZFV9qeap3 + AjnnHGKl1O61R7CdJrHy0K8t5qtgfQCgC1DpUrQxt9uuBlQcBhgcfSqGnadJ + LJdgXkybJmX5WA3YxyeOtX4bzVxDGF04EBRg+cozx9Koaddakkl2YrLzC0zF + h5qja3HHTn60AF1p0ialZRG8mYyeb8xb5lwvbjv3qfUdMkisZ5DezuFQnazA + g+x4qC6utSbUrJ3stsi+btTzVO7K8844xU+o3eqPYzrLYeWhQ5bzVOB64xQB + NbaVI9tE4vp13IpwGGBkdBxVKw06SW4vFF3MnlyYyrAFuOp461dtrzVltogm + nhlCLg+coyMdcYqlYXWpJcXhisvMZpMsPNUbTjp05oALzTpEv7GM3kzGQvhi + 3K4Xtx3qzf6XJHZXEhvZ3CxsdpYYOB0PFVry61Jr+yaSy2Opfavmqd2V55xx + irN/d6q1lcLJYBEMbAt5qnAxycY5oAdZ6XI9pA4vp13IpwGGBkdBxVSy06SS + 7vUF5MhjdRkMMtx1PFW7O71VbSBY9PDqEUBvNUZGODjFVLK61Jbu9aOy3szr + uXzVG046ZxzQAX2nSR3dkhu5n8x2GSwyvHUcVbvNLkjtJ3N9O21GOCwwcDoe + KqX11qTXdk0llsZXbavmqdxx0zjird5d6q1pOsmnhFKMC3mqcDHJxigBthpc + kllBIL2dAyKdqsMDI6Diq1np0j399GLuZTGUywblsr347VZsLvVUsoFisA6B + FAbzVGRjrjHFVrO61Jb++eOy3uxTevmqNuF45xzmgAv9Okins1N5M++XGWYE + rx1HHWrtzpUqW8rG+uGwjHBYYPH0qlf3WpPPZmWy8srLlR5qnccdPartzeas + beUPp4VSjZPnKcDHXGKAIdO0ySWxgkF7OgZAdqsAB7DioLXTpH1O9iF3MpjE + fzBhubK9+O3ap9Ou9USxgWKw8xAgw3mqMj1xioLW61JdTvXSy3SMI9yeao24 + XjnHOaADUtOkiezBu5n3zKvzNnbnPI461fm0qVYZG+3XBwpOCwwePpVDUbrU + ne0Mtl5ZWZSo81Tubnjpx9avzXmrmGQNpwAKnJ85eOPpQBU0vTZJtPglF5PG + GXO1WAA+nFRwadI2qXUP2yYFFQ7gw3HI78dqk0u61NNPgSGx81AvDeaq5/Ai + o4LrUhql062W6RlTcnmqNoA4575oANT06SL7Lm8mk33Ea/M2duc8jjqK0X0m + UIx+33B4P8Q/wrO1O61J/svnWXl7biMr+9VtzDOF46Z9a0XvdX2NnTgBg/8A + LZf8KAKOk6bJNp0MovJowwPyqwAHJ6cUyLTpG1WeH7ZMCsaneG+Y57E4p+k3 + Wpx6dCkFj5qAHDeaq55PYimRXWpDVZ5FssyGNQU81eB2Occ5oANV06SGOAm7 + mk3TIuGYHGe446itM6RL/wA/9x/32P8ACszVbrUnjgE1l5QEyEHzVbLDoOBx + n1rTN7rH/QNH/f5f8KAMzRtOkn02GVbyaINu+VGAUYYjjihNOkOryQfbJgRC + G37huPPTOOlGjXWpR6bClvZedGN2G81Vz8x7EUJdal/a8kgssymEAp5q8DPX + OP0oANW06SG3RjeTSZkQYZsgZPXp1Fan9kS/8/8Acf8AfY/wrL1a61KS3QT2 + XlKJEIPmq2Tngcetan23WP8AoGj/AL/L/hQBl6Pp0k9gki3c0QJb5UbA4Y+1 + A06T+2TB9smz5Abfu+b72MZx0o0e61KOwRYLLzk3NhvNVf4jngigXWpf2yZP + sX73yANnmr93d97OMdeMUAGr6dJBZ7zdzSfOgwzAjk9elan9kS/8/wDcf99j + /CsvV7rUpLPbPZeUu9Pm81W5zwMAd61Ptusf9A0f9/l/woAy9J06Sa0Li8mj + +dxhWAHB69KDp0n9sLB9smz5Bbfu+b72MZx0o0m61KO0KwWXmrvc581V5zyM + H0oN1qX9sLJ9i/e+QRs81fu7uucY69qADWNOkg0+SU3k0oBX5XbIOWA9K1P7 + Il/5/wC4/wC+x/hWXrF1qUlhIk9l5KErlvNVsfMMcAVqfbdY/wCgaP8Av8v+ + FAGXpWnSTQSMLyaPErjCsADg9enU0SadINXig+1zEmJjv3DcOemcdKNKutSj + gkENl5oMrknzVXBzyOfSiS61I6vFIbLEoiYBPNXkZ65xQAusadJBps0rXk0o + Xb8rsCp+YdeK0hpEuB/p9x/30P8ACs3WLrUpNNmSex8mM7ct5qtj5h2ArSF7 + rGB/xLR/3+X/AAoAzNL06SZLgi7mj2zOvytjOO546mibTpF1W3h+2TEsjncW + G4Y7A4o0u61JEuBDZeaDM5J81Vwx6jkc49aJrrUjqtu7WWJAjgJ5q8juc9sU + AP1bTZIdPmlN5NIFA+VmBB5HXir0ekylFP2+4GQP4h/hVHVrrU5NPmSex8pC + BlvNVscjsBV6O91cIoGnAjA/5bL/AIUAZ2madJMbvF3NHsuHX5WA3YxyeOpo + uNOkXVLSE3czF1k+YsNy4HY470aZdakhu/JsvM3XDlv3qja3GV5HOPWi4utS + OqWjvZbZFWTanmqd2RzzjjFAEup6bJDYTyG8nkCrnazAg/XirUGlStDG3264 + GVBwGGBx9Kq6nd6o9hOk1h5aFeW81Tj8MVagvNXEMYXTgwCjB85Rnj6UAUNO + 06SWS8AvJk2TMuVYDdwOTx1outOkTUrGI3kzGTzcMW+ZcLnjjv3o0661JJLw + xWXmFpmLDzVG04HHTn60XV1qTalYu9ltkXzdi+ap3ZXnntigCfUdMkisZ5De + zuFQnazAg+x4qa20qV7aJxfTruRTgMMDI7cVDqN3qj2M6y2HloUOW81TgeuM + c1NbXmrLbRKmnhlCLg+coyMdcYoApWGnSSXF4ou5k8uTGVYZbjqeOtF5p0kd + /Yxm7mYyF8MW5XC9uO9FhdaklxeGKy3s0mWHmqNpx06c0Xl1qTX9i0llsdWf + Yvmqd2V55xxigCzf6XJHZXEhvZ3CxsdpYYOB0PFOs9Lkks4JBezpujU4DDAy + Og4pt9d6q1lcLJYBEMbAt5qnAxycY5pbK71VbOBY9PDqI1AbzVGRjg4xQBVs + tOkkvL1BeTIY3UZDDLZHfii+06SO7skN5M/mORksMrx1HFFldakt5etHZb2Z + 13L5qjacdM96L661JruyaSy2MrkqPNU7jjpntQBbvNLkS0nc307bUY4LDBwO + h4plhpkkljBIL2dAyKdqsMDI6Din3d5qzWkyyaeEUowJ85TgY5OMUywu9VSx + gWKwEiBFAbzVGRjrjHFAFe006R9QvohdzKYzHlgwy2V78dqNQ06SKezU3cz7 + 5cZZhleOo460Wl1qS6hfOllvdjHvXzVG3C8c45zRqF1qTz2ZlsvLKy5Ueap3 + HHTpxQBduNKlW3lY31w2FY4LDB4+lQabpkkthBIL2dAyA7VYAD6cVPcXmrG3 + lD6eFUq2T5ynAx16VBpt3qiWECxWHmIEGG81RkeuMUAQ22nSPqd7ELyZTGI/ + mDfM2R347dqNR06SJ7QG8mffMq/M2duc8jjrRbXWpLqd66WW6RhHuTzVG3A4 + 5xzmjUbrUne082y8srMpX96p3Nzx04+tAF+bSZVidvt1wcKeCw9PpVTS9Nkm + 0+CUXk8YZfuqwAHPbirc15q5icNpwAKnJ85eOPpVTS7rU00+BIbHzUC8N5qr + nn0IoAjg06RtUuoftcwKKh3BhuOfXjtRqenSRC1zeTSb541+Zs4znkcdRRBd + akNUunWy3SMqbk81RtA6HOOc0andak4tfOsvL2zxlf3qtuYZwvTjPrQBpPpM + oRj9vuOh/iH+FZ+k6bJPp0MovJowwPyqwAHJ6cVoPe6xsbOnAcH/AJbL/hWf + pN1qcenQpBY+agBw3mqueT2IoAbFp0h1aeH7ZMCsaneG+Y5PQnHSjVdOkhih + Ju5pN0yLhmBxk9Rx1FEV1qQ1aeQWWZDGoKeavAzwc4o1W61J4oRNZeUBMhB8 + 1WyQeBwO/rQBqf2RL/z/ANx/32P8Ky9G06SfTYZVu5og275UYBRhiOOK1Ptu + sf8AQNH/AH+X/CsvRrrUo9NhS3svOjG7Deaq5+Y9iKABNOkOsSQfa5gRCG37 + huPPTOOlGradJDbIxvJpMyIMM2RyevTrQl1qX9sSSCyzKYQCnmrwM9c4x+FG + rXWpSWyCey8pfMQg+arc54GAO9AGp/ZEv/P/AHH/AH2P8Ky9I06SexWQXk0Q + LN8qsAOGPtWp9t1j/oGj/v8AL/hWXpF1qUdiqwWXmpub5vNVf4jngigAGnSf + 2yYPtk2fI3b93zfexjOOlGr6dJBZmQ3c0o3KMMwI5P0oF1qX9smT7F+98jGz + zV+7u+9nGOvGKNXutSksys9l5Sbl+bzVbnPAwBQBqf2RL/z/ANx/32P8Ky9I + 06Se1Li7mj+dxhWAHB69K1Ptusf9A0f9/l/wrL0i61KO1KwWXmrvc581V5zy + MEdqABtOk/thYPtc2TAW37hu+9jGcdKNZ06SDT5JWu5pQCvyu2QcsPahrrUv + 7YWT7F+98gjZ5q/d3dc4x+FGsXWpSafIk9l5KErlvNVsfMOwFAGp/ZEv/P8A + 3H/fY/wrL0rTpJoZWF5NHiVxhWABwevTqa1Ptusf9A0f9/l/wrL0q61KOGUQ + 2XmgyuSfNVcEnkcjtQASadINXih+2TEtEx37huGD0Bx0pdY06SDTppWvJpQu + PlZgVPzDrxSSXWpHV4pDZYlETAJ5q8jPXOKXWLrUpNOmSex8qM4y3mq2PmHY + CgDRXSZcD/T7j/vsf4Vm6Xp0kyXBF3NHtndflbGcdzx1NaS3usYH/EtH/f5f + 8KzdLutSRLjybLzQZ3LfvVXDHqORzj1oAJtOkXVbeH7XMSyOd5YbhjsDin6r + pskOnzSm8mkCj7rMCDz34pk11qR1W3kayxIEcKnmryO5zjjFP1W61OTT5kms + fKQjlvNVsc+gFAF2PSZTGp+33AyB/EP8Kz9N06SU3eLyaPZO6/KwG7GOTx1N + aEd5q4jUDTgRgc+cv+FZ+m3WpIbvybLzN07lv3qja3GV6c49aAC406RdTtIf + tkzF1kO4t8y4HbjvUup6ZJFYTyG8nkCrnazAg/Xiori61I6naO1ltkVZNqea + p3ZHPOOMVLqd3qj2E6TWHloV5bzVbA+mKALMGlStBG3264GVBwGGBx9Ko6dp + 0kst4BdzJsmK5VgN3HU8davQXmrCCMLpwYBRg+coyMfSqOnXWpJLeGKy8wtM + Sw81RtOOnTn60AF1p0ialYxG8mYyebhiw3Lhc8cd+9T6hpkkVjPIb2dwqMdr + MCDx0PFQXV1qTalYu9ltkXzdi+ap3ZXnntip9Qu9UexnWWw8tCjAt5qnAx1x + jmgCW10qV7aFxfTruRTgMMDI6Diqdhp0klzeKLyZPLkxlW5bjqeOtXLW81Zb + aFU08MoRcHzlGRjrjFU7C61JLm8MdlvZpMsPNUbTjpnHNABeadJHfWUZu5mM + jOAxYZXA7cVZvtLkjsriQ3s7hY2O0sMHA6Hiq15dak19ZNJZbHVn2r5qndxz + zjjFWb671VrK4WSwCIY2BbzVOBjk4xzQAtlpcklnBIL2dN0anAYYGR0HFVbL + TpJL29jF3MnlsoyGGWyO/FWrK71VbOBY9PDoI1AbzVGRgYOMcVVsrrUlvL1o + 7Le7Mu5fNUbTjgZxzQAX2nSR3VkhvJn8xyMluV46jirl3pciWszm+nbajHBY + YOB0PFU7661JrqyaSy2MrkqPNU7jjpntVy7vNWa1mV9PCKUYE+cpwMdcYoAj + sNMkksYJBezoGRTtVgAMjoOKr2mnSPqF9ELyZTGY8sG5bK5547dqsWF3qqWM + CxWAkQIoDeaoyMdcY4qvaXWpLqF86WW92Me9fNUbcLxzjnNABqGnSRTWam7m + ffKBlmBK8dRx1q7caVKtvKxvrhsKxwWGDx9Kpahdak81mZbLyysoKjzVO446 + dOKvXF5qxt5Q+nhVKtk+cpwMdelAFfTdMklsIJBezxhlB2qwAH04qG206R9T + vIheTKYxH8wb5myO/HbtU2m3eqJYQLFYeYgUYbzVGR64xUNtdakup3jpZbpG + Ee5PNUbcDjnvmgA1LTpImtAbyZ986r8zZ25zyOOtaEukyiJz9vuDgHgsPT6V + n6ldak7Wnm2Xl7Z1K/vVO5ucDpx9a0JbzVzE4bTgBtOT5y8cfSgCnpemyTaf + BKLyeMMv3VYADntxUcGnSNqtzD9rmBREO4MNxz2Jx2qTS7rU00+BIbHzUC8N + 5qrnn0IqOC61IarcutlukZE3J5qjaB0Occ5oANU06SEW2buaTfOi/MwOM55H + HUVpPpMoUn7fcHg/xD/Cs3VLrUnFr51l5W2eMr+9VtzDOF46Z9a0nvdY2nOn + AcH/AJbL/hQBn6Rpsk+nQyi8mjDA/KrAAcnpxTYtOkOrTQ/bJgVjU79w3HJ6 + E46U7SLrU49OhSCx82MA4bzVXPJ7EU2K61IatNILLMhjUFPNXgZ4OaADVdOk + hihJvJpN0yLhmBxk9Rx1Fan9kS/8/wDcf99j/CsvVbrUnihE1l5QEyEHzVbJ + B4HHr61qfbdY/wCgaP8Av8v+FAGXo2nST6dFKt3NEG3fKjAKMMenFC6dIdYe + D7XNkQht+4bvvdM46UaNdalHp0SW9l50Y3YbzVXPzHsRQt1qX9sPILLMphAK + eavC7uucY/CgA1bTpIbZXN3NJmRBhmBHJ69Otan9kS/8/wDcf99j/CsvVrrU + pLZRPZeUvmIc+arc54GAO9an23WP+gaP+/y/4UAZekadJPZLILyaIFmG1WAH + BPtR/Z0n9s+R9smz9n3b9w3ffxjOOnejSLrUo7JVgsvNTc3zeaq85OeCKPtW + pf2z5n2L979nxs81fu7/AL27p14xQAavp0kFkZDeTSDcowzAjkj2rU/siX/n + /uP++x/hWXq91qUlkVnsvKTcvzearc5GOB61qfbdY/6Bo/7/AC/4UAZek6dJ + Nas4vJo/ncYVgBwevShtOkGsJB9rmyYS2/d833umcdKNJutSjtSsFl5q73Of + NVec8jB9KGutS/thJDZYl8kjZ5q8ru65xj8KADWdOkg06SVruaUAr8rsCDlh + 7Vqf2RL/AM/9x/32P8Ky9ZutSk06VLiy8lCVy3mq2PmHYVqfbdY/6Bo/7/L/ + AIUAZeladJNDKwvJo9srrhWABwep46miTTpBq0MH2yYlomO/cNwwegOOlGlX + WpJDKIbLzQZXJPmquCTyOR29aJLrUjq0MhssSCJgE81eRnrmgBdX06SDTppT + eTShQPlZgVPI68VorpMu0f6fcf8AfQ/wrO1e61KTTpknsfKjIGW81WxyOwFa + K3usbR/xLR/3+X/CgDN0vTpJluSLyaPZO6/K2M47njqaJtOkXVbaH7XMS6Od + xYbhjsDjvRpd1qSLc+TZebmdy371Vwx6jnrj1omutSOq20jWWJAj7U81fmHc + 57YoAk1XTZIdPnlN5PIFH3WYEHnvxVyLSZTGh+33AyBxuH+FU9VutTfT50ms + fKQjlvNVsc+gFXIrzVxGgGnAjA585f8ACgDP03TpJWu8XkybJ3X5Wxuxjk8d + aLnTpF1OziN5MxcSfMW+ZcDscd+9Gm3WpI135Nl5m6dy371RtbjK9OcetFxd + akdTs3ey2yKJNqeap3ZHPOOMUATanpkkVhPIb2eQKpO1mBB+vFWINKlaCNvt + 1wMqDgMMDj6VX1O71R7CdZrDy0KnLeapwPpirEF5q4gjC6cGAUYPnKMjH0oA + o6fp0ks14ou5k2SlcqwG7jqeOtF3p0iajYxG7mYyeZhiw3Lhc8cd+9Gn3WpJ + NeGKy8wtKSw81RtOOnTn60Xd1qTajYu9lskXzNi+ap3ZXnnHGKAJ9Q0ySKxn + kN7O4VGO1mBB46HipbXS5HtYXF9Ou5FOAwwMjoOKi1C71R7GdZbDy0KMC3mq + cDHXGOaltbzVltYVTTwyhFAPnKMjHXGKAKdjp0klzeILyZPLkAyG5bjqeKLz + TpI72yjN3MxkZwGLDK4HbiixutSW5vGjst7NICw81RtOOmcc0Xl1qTXtk0ll + sdWfavmqd3HPOOMUAWr7S5I7K4kN7O4WNzgsMHAPB46UWWlySWcEgvZ0DRqc + BhgZA4HFF9d6q1lcLJp4RDG4LeapwMHJxjmiyu9VWzgWPTw6CNQG81RkYGDj + HFAFWy06SS9vYxdzIY2UFgwy2R34ov8ATpI7qyQ3cz+ZIRlmGV46jiiyutSW + 9vWjst7sy7l81RtOOOcc5ov7rUmurJpLLYyyEqPNU7jjpnHFAFy60qRLWZzf + TttRjgsMHA6Hio9P0ySWxgkF7OgZFO1WAA46DipLq81ZrWZX08KpRgT5ynAx + 1xio9Pu9VSxgWKwEiBFAbzVGRjrjHFAFe006R9RvoheTKY/LywYZbK5547dq + NQ06SKazU3kz75QuWYErx1HHWi0utSXUb50stzt5e9fNUbcLxzjnNGoXWpPN + ZmWy8srKCo81TuOOnt9aAL1xpUqwSN9uuGwpOCwwePpVfTNMklsIJBezxhlB + 2qwAH04qxcXmrGCQNpwVSpyfOU4GPpVfTbvVEsIFhsPMQKMN5qjI+mKAIbbT + pH1O8hF3MpQR/MGG5sjvx27Ualp0kTWgN3NJvnRfmYHbnPI460W11qQ1O8dL + LdIwj3J5qjbgcc45zRqV1qTtaedZeXtnQr+9U7m5wOnGfWgDQl0mURuft9wc + A8Fh/hVPStNkm0+CUXk8YYfdVgAOe3FXJbzVzG4OnADB585f8Kp6VdammnwJ + DY+agHDeaq559CKAI4NOkbVbmH7ZMCiIdwYbjnsTjtRqmnSQrbE3c0m+dF+Z + gcZzyOOoogutSGq3LrZbpGRNyeao2gdDnHOaNUutSdbbzrLyts6Ff3qtuYZw + OBxn1oA0m0mUKT9vuOn98f4VnaRp0k+nQyreTRBgflVgAOT04rRa91jac6cB + x/z2X/Cs7SLrUo9OhSCx82MA4bzVXPJ7EUAJHp0h1aaD7XMCsanfuG45PQnH + SjVdOkhhiY3k0m6VFwzAgZPUcdRRHdakNWmkFlmUxKCnmrwM9c4o1W61J4Yh + NZeUBKhB81WyQeBx6+tAGp/ZEv8Az/3H/fY/wrL0fTpJ9OilW8miDbvlRgAM + MR6VqfbdY/6Bo/7/AC/4Vl6PdalHp0SQWXnIN2G81Vz8x7EUAC6dIdYeD7ZN + kQht+75vvdM46Uatp0kNsrm8mkzIgwzZHJ69KFutS/th5BZZlMIBTzV4Xd1z + jH4UatdalJbKs9l5S+Yhz5qtzngYA70Aan9kS/8AP/cf99j/AArL0fTpJ7IS + C7miG5htVgBwT7VqfbdY/wCgaP8Av8v+FZej3WpR2QWCy81NzfN5qrzk54Io + AP7Ok/tnyPtk2fs+7fuG77+MZx070avp0kFk0hu5pQGUbWYEcke1H2rUv7Z8 + z7F+9+z42eav3d/3s4x14xRq91qUlkyz2XlJuX5vNVu4xwBQBqf2RL/z/wBx + /wB9j/CsvSdOkmtmcXk0eJHGFbA4PXpWp9t1j/oGj/v8v+FZek3WpR2zLBZe + avmOc+aq855GCO1AA2nSDWEg+1zZMJbfuG773TOOlGsadJBp0spvJpQu35Xb + KnLAc8UNdal/bCSGyxKISAnmryu7rnp+FGsXWpSadKk9l5KHblvNVsfMMcAU + Aan9kS/8/wDcf99j/CsvStOkmhmYXc0e2V1wrAZwep46mtT7brH/AEDR/wB/ + l/wrL0q61JIZhDZeaDK5J81Vwc8jkdvWgAl06QatDD9smJaNjv3fMMHoDjpT + tX02SDTppTeTSBQPlZgQeR14pst1qR1aGQ2WJBGwCeavIzyc07V7rU5NOmSe + x8pCBlvNVscjsBQBoLpMpUH7fcdP7w/wrN0zTpJlucXk0eyeRflbGcY5PHU1 + pLe6xtGNOB4/57L/AIVm6Zdaki3Pk2Xmbp5C371V2scZXkc49aACfTpF1W2h + +2TEujncWG4Y7A471JqumyQ6fPKbyeQKPuswIPPfio57rUjqts7WW2RUfanm + qdwPU5xxipNVutTfT50msfKQry3mq2OfQCgC5FpMpiQ/b7gZA4DD0+lZ+m6d + JK12BdzR7J3X5WA3YxyeOtaEV5q4iQLpwI2jB85eePpWfpt1qSNd+TZeZunc + t+9UbW4yOnOPWgAudOkTU7OE3czFxJ8xb5lwO3HfvU2paZJFYTyG9nkCqTtZ + gQfrxUNzdakdTs3ey2yKJNqeap3ZHPOOMVNqV3qj2E6y2HloVOW81TgeuMUA + WLfSpWgjb7dcLlQcBhgcfSqOn6dJLNeKLyZNkpXKsAW46njrV63vNWEEYXTg + wCjB85RkY+lUdPutSSa8MVl5haUlh5qjacdPf60AF3p0iajYxG7mYyGTDFhl + cL24796sahpkkVjPIb2dwqMdrMCDx0PFV7u61JtRsXey2Opk2L5qndleeccY + qxqF3qr2M6y2AjQowLeapwMdcY5oAktNLke1hcX067kU4DDAyOg4qnY6dJJd + XqC7mTy5AMhhluOp4q5aXmrLawqmnh1CKAfOUZGOuMVTsbrUlur1o7LezSAs + PNUbTjpnvQAXunSR3tlGbyZzIzDJYZXA7cVavdLkjs55DezvtjY4LDBwOh4q + re3WpNe2TSWWx1Ztq+ap3HHPParV7d6q1nOsmnhEMbAt5qnAwcnGOaACx0uS + Syt5BezoGjQ4DDAyBwOKq2enSSXt7GLyZTGyDcGGWyO/FWrG71VbK3WPTw6C + NAG81RkYGDjHFVbO61Jb29aOy3uzJuXzVG0445xzmgAv9OkjubNDdzP5khGW + YZXjqOOtXLrS5EtZnN9O21GOCwwcDoeKp391qTXNk0tlsZZCVHmqdxx0zjir + l1eas1rMr6eFUowJ85TgY64xQBFp+mSS2MEgvZ0DIp2qwAHHQcVBaadI+o30 + Qu5lMfl5YMNzZXvx27VPp93qiWMCxWHmIEUBvNUZGOuMcVBaXWpLqN86WW+R + vL3r5qjbheOcc5oANQ06SKWzBvJn3zBcswO3jqOOtXp9KlWCRvt1wcKTgsMH + j6VR1C61J5bMy2XllZgVHmqdxx09vrV6e81cwSBtOCgqcnzlOBj6UAV9M0yS + WwgkF7PGGUHarAAfTiobfTpG1S7hF3MpQR/MG+Zsjucdu1TaZd6olhAsNh5i + BRhvNUZH0xUNvdakNTu3Sy3SMse5PNUbcDjnHOaADU9OkiNpm7mk3zovzMDt + znkcdRWhLpMojc/b7g4B43D/AArP1O61JzaedZeXtnQr+9U7m5wvHTPrWhLe + auY3B04AYPPnL/hQBS0rTZJtPhlF5NGGH3VYADntxTIdOkbVbiH7ZMCiIdwY + bjnsTin6VdammnwJBY+agHDeaq559CKZDdakNVuHWyzIUQMnmrwOxz3zQAap + p0kK2xN5NJvnRfmbOM9xx1FaTaTLtP8Ap9x/30P8KzdUutSdbfzrLysToV/e + q2WHQcDjPrWk17rGD/xLR/3+X/CgDO0jTpJ9OhlF5NEGB+VWAUcnpxSR6dId + Xlg+1zArEp37huOT0Jx0pdIutTj06FILHzYwDhvNVc8nsRSR3WpDV5pBZZlM + Sgp5q8DPXNABqunSQwxMbuaTMqDDMCBk9Rx1Fan9kS/8/wDcf99j/CsvVbrU + pIYhPZeUBKhB81WyQeBwO9an23WP+gaP+/y/4UAZej6dJPp8covJogS3yo2A + MMR6ULp0n9sNB9smyIQ2/d833sYzjpRo91qUenxpBZecgLYbzVXPzHPBFC3W + pf2w0n2L975IGzzV+7u656fhQAatp0kNqHN5NJ86DDNkcnr0rU/siX/n/uP+ + +x/hWXq11qUlqFnsvKXehz5qtzngYHrWp9t1j/oGj/v8v+FAGXpGnST2QkF3 + NF8zDCsAOD9KP7Ok/tkQfa5s/Z92/cN33sYzjpRpF1qUdmFgsvNTc3zeaq85 + 5GCKPtWpf2yJPsX737PjZ5q/d3fe3Yx14xQAaxp0kFi0hu5pQGX5WYEcke1a + n9kS/wDP/cf99j/CsvWLrUpLFlnsvKTcvzeardxjgCtT7brH/QNH/f5f8KAM + vSdOkmtnYXk0eJHGFbA4PXp1qxBatba7GrTyTfuWOXOT1xj6VX0m61KO2cQW + Xmr5jknzVXnPIwR2qxBNdy67Gbm38g+SwxvDcZ68e/FAHS0UUUAFFFFABRRR + QAUUUUAf/9P91ptRsW1i3mE6FFjcFs8AmnaxqVhNps8UU6O7AYAPJ5FSTW1u + NatkESbTE5I2jFP1u2tk0u4ZIkVgBghQD1HtQBZj1bTRGoNymQB3rM0rUbGH + 7Z5s6LvuZGXJ6qcYNbcVpaeWn7hOg/hH+FZekW1u/wBt3xI226kAyoOAMcdK + AILjUbFtWtJlnQoiyBjngZHFTarqWnzadcRxXCM7LgAHk0tzbW41myQRIFZJ + MjaMHA+lTaxbWyaZcMkKKQvBCjP8qAJINV01YI1a5QEKAefas/TNRsYpL0yT + ooedmXJ6ggciti3tLUwRkwoTtH8I9PpWbpVtbvJfbokO24YDKjgYHtQBDd6j + YvqlhKs6FI/N3HPAyoxmp9T1PT5dPuI47hGZkIAB5JpLy2txq2noIkCsJcja + MHCjrxVjVbW2XTbllhQEIcEKM/yoALXVdOS1hRrlAVRQRnuBVDTtRsYri+aS + dFEkuVJPUY6ita0tLU2kJMKElF/hHp9KoaZbW7XN+GiQhZcDKjgY+lAEN7qN + i+oWEiToVjMm4g8DK8ZqzqGqadJYXEaXCMzRsAAeSSKZfW1uupaeqxIAzSZG + 0YOF71b1K1tV0+5ZYUBEbkEKPQ+1AENlqmnR2Vuj3CBljQEE9CAKqWGo2Md7 + fO86KsjqVJPUAdq07C1tWsbdmhQkxoSSo9B7VS0+2t2vtQVokIV1wCo4+Xtx + QBBf6jYyXli6ToyxuxYg9BjvVy91TTpLK4RLhCzRuAAepINRajbW632nqsSA + NI2QFHPHfirt/a2q2NwywoCI3IIUeh9qAKunapp8dhbxyXCKyxqCCeQQKq2W + o2KajfyPOgWQx7STwcLzitHTbW1bT7ZmhQkxqSSo9PpVWxtrdtT1FWiQqpjw + NowMr2oAh1HUbGS4smjnRgkuWIPQY6mr11qumvbTKtyhJRgBnviq+p21utzY + BYkAabBwo5GPpWhd2lqLWYiFAQjfwj0+lAFDTNT0+LT7eOS4RWVACCeQar2m + o2KarfytOgSQRbTng4XnFX9KtbZtNtmaFCSgySoz/Kq9nbW51fUEMSFVEWBt + GBle1AEGp6jYyyWRjnRgk6s2D0AzzWjPqumtBIq3KElSBz7VV1W2t0ksdsSL + uuFBwo5HPFaVxaWogkIhQHaf4R6fSgDL0nUrCHToIpbhFdVwQTyKjt9RsV1a + 7madAjrGAc8HA5q3o9tbPpluzxIxK8kqCf5VFbW1udYvEMSFVSPA2jAyKAId + V1Gxl+x+VOjbLmNmweijOTWm+raYUYC5TkHvVLV7a3T7FsiRd1zGDhRyDnit + WS0tPLb9wnQ/wj/CgDG0fUrCHTYIpZ0R1ByCeRyabDqNiusXExnQI0aANngk + VZ0S2tn0u3Z4kZiDklQT1PtTIba3OtXKGJNoiQgbRigCDV9RsZorcRToxWeN + jg9AOprWOr6Zj/j5j/OqGs21ukVsUiRczxg4UDjP0rXNnaY/1Cf98j/CgDC0 + TUbGDS4Ipp0R13ZBPIyxNCajYjWpJzOnlmFVDZ4zu6VNoNtbyaTA8kSMx3cl + QT94+1Edtb/25KnlJtECnG0YzuoAh1jUbGa2jWKdHIlQkA9gea1f7X0z/n5j + /OqGtW1ulrGUiRSZYxwoHGfpWx9jtP8Angn/AHyP8KAMDRdRsYNPSOadEYM/ + BPPLGlGo2P8AbZn89PL+zhd2eM784qbQra3k01GeJGO5+SoJ+8aBbW/9vNH5 + SbfswONoxnf1oAg1rUbGey2Qzo7b0OAewNa39r6Z/wA/Mf51Q1y2t0sdyRIp + 3pyFA/irY+x2n/PBP++R/hQBg6NqNjDZlJZ0Rt7nBPYnig6jY/22s/np5Yty + u7PGd2cVNoltbvZFniRj5j8lQe/0oa2t/wC3lTyk2/ZycbRjO/rQBDrWo2M+ + nSRwzo7krgA88MK1f7X0z/n5j/OqGu21ummSMkSKQU5CgH7wrY+x2n/PBP8A + vkf4UAYOj6jYw28qyzohMrkAnsTwaSTUbE61FOJ08sQsC2eM56VPottbvbSl + 4kYiaQcqDxn6USW1uNchQRJtMLHG0YzmgCHW9RsZ9LnihnR3bbgA8n5hWoNW + 0zA/0mP86pa9bW8ekzukSKw24IUA/eHtWsLS0wP3Cf8AfI/woAwdJ1GxhjuB + LOilp5GGT1B6Glm1GxbV7aYToUWNwWzwCam0a2t3jud8SNi4kAyoOB6UT21u + NatUESbTG5I2jB/SgBmsalYTabPFFOjuwGADyeRV+PVtNEag3KZAHeq2tW1s + ml3DJEisAMEKAeo9q0YrS08tP3CdB/CP8KAMTStRsYTeebOi77iRlyeqnGDR + c6jYtq1nMs6FEWQMc8DI4qfSLa3c3u+JG23MgGVBwBjjpRdW1uNYskESBWWT + I2jBwPpQAmq6lp82nXEcVwjOy4AB5NW7fVdNWCNWuUBCgHn2qPWLa2TTLhki + RSF4IUA/yq5b2lqbeImFCdq/wj0+lAGPpmo2MUt6ZJ0UPOzLk9Rgc0Xeo2L6 + pYSrOhSPzdxzwMqAM1NpdtbtLfBokO2dgMqOBgUXltbrq2nKsSBW87I2jBwo + xmgBdT1PT5dPuI47hGZkIAB5JxU1rqunJawo1ygKooIz3ApdUtbZdOuWWFAQ + jYIUZ6fSp7S0tTaQkwoSUX+Een0oAydO1Gxjub5pJ0USS5Uk9RjtRe6jYyah + YSJOhWNn3EHgZXjNT6bbW7XV+GiQhZcDKjjjtRf21uupaeqxIAzSZAUYPy96 + AH6hqmnSWFxHHcIzNGwAB6kinWOqadHZW6PcIGWNAQT0IAqbUrW1XT7llhQE + RuQQo9D7U6wtbVrG2ZoUJMaEkqP7o9qAMyw1Gxjvb53nRVkdSpJ6gDtRf6jY + yXli6ToyxyMWIPQY71Np9tbtf6grRIQrrgFRx8vajUba3W9sFWJAGkbICjnj + vxQBNe6ppz2c6JcIWaNgAD1JFR6dqenx2FvHJcIrLGoIJ5BAq3fWtqtlcMsK + AiNyCFHofamaZa2radbM0KEmNSSVHp9KAM6y1GxTUr+V50CSGPaSeDhecUal + qNjLcWTRzowSXLEHoMdTU9jbW7anqKtEhVTFgbRgZXtRqdtbrc2AWJAGmAOF + HIx9KALFzqumtbSqtyhJRgBn2qvpmp6fFp9vHJcIrKgBBPINaF1aWotZiIUB + CN/CPT6VW0q1tn022ZoUYlBklRn+VAFK11GxTVb6Vp0CSCLac8HC84o1PUbG + V7Ixzo2ydWbB6AZ5qa0trc6vqCGJCqiLA2jAyp6UarbW6SWO2JF3XCA4Ucjn + igC1Nq2mtDIouUJKnv7VT0nUrCHTYIpbhFdV5BPI5rUntLQQSEQp90/wj0+l + UtGtrZ9Mt2eJGYrySoJ6/SgCnb6jYrq93M06BHSMA54OBzS6rqNjKLTyp0bZ + cRscHoBnJqa2trc6zeIYkKhI8DaMDijV7a3QWeyJF3XMYOFHIOeOlAF19W0w + owFynQ96ztG1Kwg0yCKWdEdQcgnkcmtl7S02N+4Tof4R/hWZoltbPpVuzxIz + EHJKgnqfagCvFqNiNYnmM6CNokAbPBINJq+o2M0UAinRis0bHB6AHk1PDbW5 + 1q4QxJtESEDaMdaNZtrdIbcpEi5njBwoHGaAL/8Aa+mf8/Mf51k6HqNjBpcE + U06I67sgnkZYmt77Haf88E/75H+FZGgW1vJpMDyRIzHdyVBP3j7UAQJqNiNa + knM6eWYQobPGd3Sl1jUbGa2RYp0ciVDgHsDzUyW1v/bssflJt8hTjaMZ3fSj + Wra3S1QpEinzYxwoHegC/wD2vpn/AD8x/nWVouo2MGnpHNOiMGfgnnljW99j + tP8Angn/AHyP8Kx9Ctrd9ORniRjufkqCfvH2oAhGo2P9uGfz08v7Pt3Z4zvz + ik1rUbGexMcM6O29DgH0NTi2t/7eMflJt+zZxtGM7+vSjXLa3SwLJEinenIU + D+IUAX/7X0z/AJ+Y/wA6ydG1Gxgsyk06I3mOcE9ia3/sdp/zwT/vkf4Vj6Hb + W72RZ4kY+Y/JUHv9KAIG1Gx/ttZ/PTyxAV3Z4zuzijW9RsZ9NkihnR3JXAB5 + 4YVO1tb/ANvJH5Sbfs5ONoxnd1xRr1tbx6ZKyRIrApyFAP3hQBf/ALX0z/n5 + j/OsrSNRsYYJVlnRCZnIyexPBre+x2n/ADwT/vkf4Vj6LbW728xeJGImkHKg + 8Z+lAEMmo2J1mGcTp5YiYFs8Zz0pda1Gwn0yeKGdHdtuADyfmFSy21v/AG3C + nlJtMLHG0Yzn6Uuu21umlTukSKwC4IUA/eHtQBdXVtM2j/SY/wA6ytJ1GxhS + 5Es6LunkYZPUHGDW6tpabR+4Tp/dH+FZOjW1u6XW+JGxcSAZUHAGOKAIJ9Rs + W1i2mE6FFjcFs8AmpNX1Kwm02eKKdHdhwAeTzT57a3GtWqCJApjfI2jB/SpN + atrZNLuGSJFYLwQoB6j2oAsRatpojQG5TIA71m6XqNjEbzzJ0XfcOy5PUHGD + W1FaWhiQmBOg/hH+FZek21u5vd8SNtuZAMqOBxx0oAhudRsW1azmWdCiLJuO + eBkcVLqup6fLp1xHFcIzMpAAPJpbq2txrFigiQKyy5G0YOB9Km1e2tk0y4ZI + UUhDghRn+VAD7fVdNW3iVrlAQqg8+1Z+majYxS3pknRQ8zMuT1GOorYtrS1N + vETChJRf4R6fSs7S7a3ea+DRI22dgMqOBj6UAQ3eo2L6np8qToUj83cc8DK4 + Gasalqeny6fcRx3CMzIwAB5JxTb22thqunIIkCt52RtGDheM1Z1S1tl065ZY + UBEbYIUen0oAbaarpyWsKNcIGVFBGe4FUtP1Gxjur5pJ0USSZUk9RjtWrZ2l + qbSAmFCSi/wj0+lUNNtrdrq/DRIQsuBlRxx2oAgvtRsZL+wkSdCsbOWIPAyv + Gat6hqmnSWNxGlwjM0bgAHqSDUd/bW66jp6rEgDM+QFHPy9+Kt6ja2q6fcss + KAiJyCFHofagCGx1TTo7G3je4RWWNAQT0IAqnYajYx31/I86KsjqVJPXA7Vp + 6fa2rWFszQoSYkJJUf3R7VT0+2t2v9QVokIV0wCo4+XtQBDqGo2Ml3Yuk6Ms + chLEHoMd6uXmqac9nOiXCFmjYAA9SRUOo21ut5YBYkAaQggKOeO/FXr21tVs + rhlhQERvg7R6H2oAp6dqenx2FvHJcIrLGoIJ5BAqvZ6jYpqV/K86BJDHtJPB + wuDitDTLW1bTrZmhQkxqSSo9PpVWytrdtU1FWiQqpiwNowMr2oAg1LUbGWey + aOdGCTBmwegx1NX7nVdNa2lVblCSjADPtVfVLa3W4sAsSANMAcKORitC6tLU + WsxEKAhG/hHp9KAM/S9T0+LT7eOS4RWVACCeRUNrqNimq30rToEkEW054OBz + iruk2ts+m27NCjEoMkqM/wAqgtLa3Or36GJCqiLA2jAypoAh1TUbGV7Mxzo2 + y4RmwegGea0ZtW00xOBcoSVPf2qpq1tbo9jsiRd1wgOFHI54rTmtLQQyEQp9 + 0/wj0+lAGVpOpWEOmwRS3CK6rggnkc1Fb6jYrq91M06BHRADngkdauaNbWz6 + Zbs8SMxXklQT1+lRW9tbnWbtDEhUJHgbRgUAQatqNjMtp5U6NsuI2OD0Azk1 + qPq2mFGAuY+h71S1i2t0Wz2RIubmMHCjkHPFar2lpsb9wnQ/wj/CgDF0bUrC + DTIIpp0R1ByCeRyaSLUbEaxPMZ0EbRKA2eCQasaHbWz6Vbu8SMxBySoJ+8fa + mxW1udbuEMSbREhA2jGc/SgCHV9RsZoYBFOjFZo2OD0APJrV/tfTP+fmP86o + azbW6QwFIkXM8YOFA4zWx9jtP+eCf98j/CgDA0PUbGDTIYpp0RxuyCeeWJoT + UbEa1JOZ08swBd2eM7ulT6DbW8mlQvJEjMd3JUE/ePtQltb/ANuyR+Um3yAc + bRjO76UAQazqNjNaokU6ORIhwD2B5rW/tfTP+fmP86oa3bW6WiFIkU+ag4UD + vWx9jtP+eCf98j/CgDB0XUbGCwWOadEbc5wTzyxo/tGx/tzz/PTy/s23dnjd + vzj8qm0O2t309WeJGO5+SoP8Ro+zW/8Ab/l+Um37NnG0Yzv64oAh1rUbGexM + cM6O25DgH0YVq/2vpn/PzH+dUNctrdLAskSKd6chQP4hWx9jtP8Angn/AHyP + 8KAMHRtRsYbRklnRG8xzgnsTxSNqNidbSfz08sQFd2eM7ulT6JbW72bF4kY+ + Y4yVB7/Shra3/t1I/KTb9nJxtGM7utAEGt6jYz6bLFDOjuSuADzwwrW/tfTP + +fmP86oa9bW8elzOkSKwKchQD94VsfY7T/ngn/fI/wAKAMHSNRsYYZllnRS0 + zsMnsTwaJdRsTrMMwnTy1iYFs8Ak9Km0a2t3gnLxIxE0g5UHjNEttbjW4EES + bTCxxtGM5+lAEWtajYT6ZPFDOjuwGADyfmFaa6tpm0f6TH+dU9ctrdNKuHSJ + FYBcEKAfvD2rUW0tNo/cJ0/uj/CgDD0nUbGFLoSzou64kYZPUHGDST6jYtq9 + rMs6FERwWzwCelT6PbW7pdb4kbFxIBlQcAY4ouLa3GtWiCJApjkyNowaAGav + qVhNps8UU6M7LwAeTzV6LVtNESA3KAgDv7VBrNtbJpdwyRIrBeCFAPUe1X4b + S0MSEwp90fwj0+lAGNpeo2MTXnmTou+4dlyeoOMGi51GxbVbKVZ0KIJNxzwM + jjNTaTbW7te74kbbcuBlRwOOKLq2txq9igiQKyy5G0YOAKADVNT0+XTriOK4 + RmZSAAeTVm31XTVt4la5QEKoIz7U3VrW2TTbhkhRSEOCFGf5VatrS1NvETCh + JRf4R6fSgDH03UbGKa9aSdFDzFlyeox1ovNRsX1PT5UnQpH5u454GVwM1Ppd + tbtPfBokIWcgZUcDFF7bW66rpyCJArebkbRg4XvxQA7UtT0+XT7iOO4RmZGA + APJOKls9U05LSBHuEDKigjPQgU7VLW2XTrllhQERtghRnp9KlsrW1azgJhQk + xrztHp9KAMvT9RsY7q+eSdFWSQFST1GO1F9qNjJf2EiToVjZyxB4GV71Np1t + btd34aJCFlAGVHHHai/trZdQ09ViQBmfICjn5e9AEl/qmnSWNzGlwjM0bgAH + qSDS2OqadHY28b3CKyxoCCehAFT6ja2q6fcssKAiJyCFHHyn2o0+1tWsLZmh + QkxISSo/uj2oAzLHUbGO/v5HnQLIyFST1wvajUNRsZLuxeOdGWOQliD0GO9T + 6fbW7ahqCtEhCumAVHHy9uKNStrdbywCxIA0hBAUc8d6AJ7zVNOe0nRLhCzI + wAz1JFRabqenxWFvHJcIrKiggnkECrl7a2q2c5EKAiNudo9PpUWmWts2nWzN + ChJjXJKj0+lAFCz1GxTU7+V50CSeVtOeDhcHFGpajYyzWTRzowSYM2D0GOpq + aytrdtV1FDEhVTFgbRgZXtxRqltbrPYhYkAaYA4UcjBoAs3Oq6a1vKq3KElW + AGfaq2l6np8WnW8ctwisqAEE8itG6tLUW0pEKAhG/hHp9Kq6Ta2z6bbs8KMS + gySoz/KgCja6jYpqt7M06BHEe054OBzijVNRsZWszHOjbLhGbB6AZ5qe0trc + 6vfoYkKqIsDaMDI7UatbW6PY7IkXdcIDhRyOeKALcuraaYnAuUJIPf2qjpGp + WEOmwRSzorqvIJ5HNa01paCJyIU+6f4R6fSqGjW1s+l27PEjMV5JUE9T7UAV + YNRsV1e6madAjogBzwSOtJq2o2My2oinRtlxGxwegGcmp7e2tzrN2hiQqEjw + NowP0o1i2t0S02RIubiMHCgZBzxQBdbVtMKkfaY+nrWbouo2EGmQRTTojqDk + E8j5jW29pabT+4Tof4R/hWXodtbvpVu7xIzENklQT94+1AFaLUbEazPOZ0Eb + RKA2eCQelLq+o2M0MKxToxWZGOD2B5NTRW1udbnQxJtESnG0Yzn6UazbW6QQ + FIkUmaMcKBxmgC//AGvpn/PzH+dZWiajYwaZFFNOiON2QTzyxNb32O0/54J/ + 3yP8Kx9BtreTSoXeJGYl+SoJ+8fagCFdRsRrTz+enlmALuzxndnFGsajYzWq + pFOjsJEOAewPNTJbW/8AbsieUm37ODjaMZ3fSjW7a3S0QpEinzUHCgd6AL/9 + r6Z/z8x/nWTouo2MFgsc06I25zgn1Y1v/Y7T/ngn/fI/wrH0K2t5NPVniRjv + fkqD/EfagCH+0bH+3PP89PL+zbd2eN2/OPyo1rUbGewaOGdHYshwD6MKm+zW + 39v+X5Sbfs2cbRjO/rRrltbJp7MkSKdychQP4hQBf/tfTP8An5j/ADrK0fUb + GG1ZJZ0RjI5wT2J4re+x2n/PBP8Avkf4Vj6JbW72jl4kY+a45UHvQBA+o2J1 + qOcTp5YgK7s8Z3dKXW9RsZ9MlihnR3O3AB54YGpntrf+3Y4/KTb5BONoxnd9 + KNetrePSpnSJFYFOQoB+8PagC/8A2vpn/PzH+dZOkajYwwzLLOilpnYZPYng + 1v8A2O0/54J/3yP8Kx9Ftrd4Jy8SMRPIOVB4zQBDLqNidYgmE6GNYmBbPAJN + LrOpWE+mTxQzo7sBgA8nkVLLbW41u3QRJtMTkjaMZz9KdrltbJpVw6RIrADB + CgH7w9qALa6tpgUD7TH09azNJ1GxiW682dF33EjDJ6g4wa3EtLTaP3CdB/CP + 8KydHtrd1u98SNi5kAyo4AxxQBDPqNi2r2syzoURHBOeAT0p+r6lYTabPFFO + jOy8AHk80+4trcazaIIkClJMjaMH9Kk1m2tk0u4ZIkVgvBCgHr9KAJ4dW00R + IDcoCFHf2rN0vUbGJrwyTou+4dlyeoOOa2obS0MMZMKfdH8I9PpWZpNtbu99 + viRttw4GVHA44oAgutRsX1WymWdCiCTcc8DI4zU+qanp8un3EcdwjMyEAA8m + i7trcavYIIkCsJcjaMHA71Pq1rbJptwywopCHBCjP8qAHW2q6atvErXKAhFB + GfaqGm6jYxTXrSTooeYsuT1GOorXtbS1NtETChJRf4R6fSs7S7a3ae+DRIQs + xAyo4GBQBBeajYvqVhKk6FIzLuOeBleM1Z1HU9PlsLiOO4RmaNgADyTim31t + brqmnIsSBWMuRtGDhe9WdTtbZdOuWWFARG2CFHp9KAGWeqaclpAj3CBlRQRn + oQKpafqNjHd3zyToqySAqSeox2rVsrW1ayt2aFCTGmTtHoPaqOm21u15fhok + IWQAAqOOO1AEN9qNjJfWEiToVjZyxB6ZXvVu+1TTpLG4jS4RmaNwAD1JBqK/ + trdb/T1WJAGd8gKOfl71c1C1tVsLllhQEROQQo/un2oAr2GqadHY20b3CKyx + oCCehAFVbHUbGO/v5HnQLIyFSTwcL2rS061tW0+2ZoUJMSEkqOflHtVOwtrd + tQ1BWiQhWTAKjj5e1AEGoajYyXVi8c6MI5CWIPQY71evNU057SdEuELMjADP + UkVBqVtbrd2AWJAGlIOFHPHer17a2q2c5EKAiNudo9PpQBT03U9Pi0+3jkuE + VlRQQTyDiq1nqNimp6hK86BJPK2nPBwuDitDS7W2bTrZmhQkxrklRnp9KrWV + tbtquooYkKr5WBtGBle3FAEOpajYyzWRjnRgkwZsHoMHk1fuNV01reVVuUJK + sAM+1VtUtrdZrELEg3TgHCjkYNaNzaWot5SIUBCN/CPT6UAZ2l6np8WnW8ct + wisqgEE8ioLbUbFdWvZmnQI6x7Tng4HNXtJtbZ9Nt2eFGJQZJUZ/lUFrbW51 + i+QxIVVYsDaMDIoAg1TUbGVrPyp0bZcIzYPQDOTWlLq2mmJwLlCSD39qqavb + W6NY7IkXdcxg4UcjnitOa0tBE5EKfdP8I9PpQBk6RqVhDpsEUs6I6jkE8jmm + QajYrq9zMZ0CMiAHPBI61a0W2tn0u3Z4kZivJKgnqfao4La3Os3SGJCojTA2 + jA/SgCHVtRsZktRFOjbbiNjg9AM5Najatpm0/wCkx/nVHWLa3RLXZEi5uIwc + KOQc8VrNaWm0/uE6f3R/hQBiaLqNhBpkEU06I6g5BPI+Y02PUbEazNOZ08to + lAbPGQelWNDtrZ9Kgd4kZiGySoJ+8fakitrc65OhiTaIVONoxnNAEGsajYzQ + QrFOjlZkJwewPJrW/tfTP+fmP86oa1bW6W8JSJFJmjHCgcZrY+x2n/PBP++R + /hQBg6JqNjBpsUU06I4LZBPPLE0LqNj/AG28/np5ZgC7s8Z3ZxU2hW1u+lxM + 8SMxL8lQT940LbW/9uunlJt+zg42jGd3WgCHWdRsZrRUinR28xDgHsDzWr/a + +mf8/Mf51Q1u2t0s1KRIp8xBkKB3+lbH2O0/54J/3yP8KAMDRdRsYLERzToj + b3OCfU0f2jY/24J/PTy/s+3dnjdvzip9Dtrd7AM8SMd78lQf4jQba3/t8R+U + m37NnG0Yzv64xQBBrWo2M9g0cM6OxZDgHnhhWt/a+mf8/Mf51Q122t49OZki + RTuTkKB/EPatj7Haf88E/wC+R/hQBg6PqNjDauss6ITI5wT2J4qVLq2uddja + CRZB5DDIOed2aXRba3e1cvEjHzZByoPen+VFFr0YjRUHkMeABzuoA3aKKKAC + iiigAooooAKKKKAP/9T9z5dPuBqsEJvJSzRsQ/GRjsKdq2n3EOnTSPeyyhQM + q2MHkVlyeI1e/ivfII8tGXbu67vfFLf+JFvbSS1FuU8wAZ3Zxzn0oA6GPS7o + opGoTDIHpWfplhcS/a9l5JHsuJFOMfMRj5j7moE8Woqhfsp4GPv/AP1qqWXi + NbTz8wFvOleX72MbscdKANK4sLhdUtYjeSMzq5DHGVwO31qTU9OuIrCeR72W + QKuSpxg1ky+I1kvoLzyCPJDDbu67vfFPvfEy3dpLbC3K+YMZ3Zx+lAG9Dpl0 + 0MbC/mAKjjjjiqGnWFxLJdhbyWPZMynGPmPHJ96rx+LEjjVPsxO0Aff9Pwqr + Z+I1tWuGMBbz5DJ97GM9ulAGldWFwmpWURvJWZ/NwxxlcL2+tTajp1zFYzyN + fSyBUJKnGD7GsefxGs15bXfkEfZ9/G7rvGPSpLzxOt1ay2wtyvmKVzuzjP4U + AbVtply9tEwv5VBRTgYwOOlU7CwuJLi8VbyRCkmCRj5jjqaqw+Klhhji+zE7 + FC539cDHpVe08RrbS3EpgLee+/G7GOOnSgDSvNPuEv7KNryVi5fDHGVwvb61 + ZvtNuY7K4dr6VwsbEqcYOB0NYlx4jWe6trnyCv2cscbuu4Y9KmuvFC3NtLb/ + AGYr5isud2cZGPSgDWs9NuXtIHW+lUMikAYwMjpVWysLiS7vUW8lQo6gkYy3 + HU1Ut/FKwW8UH2Yt5aqud3XAx6VBbeI1t7i5n8gt9oYNjd0wMelAGlfWFxHd + 2SNeSuXdgCcZXjqKtXmm3KWk7tfSuFRiQcYOB0rDufEa3FxbT+QV+zsWxu65 + GPSp7jxSs9vLB9mK+YrLnd0yMelAGnYabcyWUEi30qBkUhRjA46Cq9nYXD39 + 9Gt5IpjKZYYy2V7/AEqna+KFtraK3+zFvLULndjOBj0qG38RrBd3Nz5Bb7QV + ON3TaMelAGlf2FxHPZq15I5eXAJx8px1FXbnTLpbeVjfysAjHBxg8VgXfiNb + mW3kFuV8h9+N2c8Yx0qzN4rWWF4vsxG9Sud/qMelAF/TtOuZbGCRb6WMMgIU + YwPYVDa2Fw+pXsQvJFZBHlhjLZXv9Ko2fidbW1itjblvLULndjOPwqODxGsN + 7c3fkE/aNnG7psGPSgDS1GwuIntA15JJvmVRnHyk55HvV+bTLpYZGN/MQFPH + HPFc9eeI1umt2EBXyJBJ97OcdulWpPFiSRsn2YjcCPv+v4UAXNL064l0+CRL + 2WMMvCjGBUcFhcNql1ELyVWRUJYYy2R3+lULHxMtnaRWxty/ljGd2M/pTIvE + ax30955BPnKo27um33xQBpanYXEX2XdeSyb7iNRnHyk55HuK0X0u6CMf7QmP + B9K5y98Rrd+RiAr5MqS/eznb26VbbxajKV+ynkY+/wD/AFqALOk6fcTadDIl + 7LEGBwq4wOTTYrC4Oqzwi8lDLGhL8ZOexrOsPEi2VpHam3L+WCM7sZ5z6Ukf + iNUv5b3yCRIirt3dNvvigDS1SwuIo4C95JJumRQGxwT3+orT/su6/wCghN+l + c1feI1vEiQQFPLkWT72c7e3Srv8Awlyf8+p/77/+tQBLo9hcT6bDKl5LErbv + lXGB8xoSwuDq8kP2yUMIQd/GSM9PpWbp3iNbCzjtDAX8vPO7Gckn096F8Rqu + oPfeQfmjCbd3oc5zigDS1XT7iG3RnvJZAZEGGxxk9fwrT/sq6/6CE36VzV/4 + jW9iWIQFNrq+d2funOOlXf8AhLk/59T/AN9//WoAl0ewuJrBJEvJYgS3yrjH + DGgafcf2wYftku7yA2/jdjdjH0rN0/xGtjarbGAvtLHO7HU59KB4jUaib/yD + zF5e3d/tZznFAGlq9hcQ2e97yWUb0GGxjk9a0/7Kuv8AoITfpXNah4jW+t/I + EBT5lbO7P3Tn0q7/AMJcn/Pqf++//rUAS6TYXE1oXS8liG9xhcY4PX8aDYXH + 9sLD9sk3GAtv43Y3Yx9KzbDxGtlAYTbl8szZ3Y+8c+lB8RqdRF99nPERj27v + fOc4oA0tYsLiGwkke8klAK/K2MHLCtP+yrr/AKCE36VzWoeI1vrR7YW5TcVO + d2ehB9Ku/wDCXJ/z6n/vv/61AEulWFxNBIyXkkYErjC45IPX8aJLC4GrxQm8 + kLGJjv4yBnpWbYeI1sonjNuX3Oz53Y+8c46UN4jVtQS+8g/JGU27vU5znFAG + lrGn3EOmzSveSyqu35Wxg/MK0hpd1gf8TCb9K5vUfEa31nJai3KeZjndnGCD + 6e1XR4uQDH2U/wDff/1qAJdLsLiVLgpeSx7ZnU7cckdz7mibT7hdVt4jeSlm + RyH4yMdhWbY+I1s1lUwF/NkaT72Mbu3SiTxGr30V75BHlKy7d3Xd74oA1dV0 + +4h0+aR72WQKBlWxg81dj0u6KKRqEwyB6Vz9/wCJVvbSS1FuU8wYzuzjnPpV + lPFqKoX7KeBj7/8A9agCfTLC4lN3tvJI9k7qcY+YjHJ9zRcWFwuqWkRvJGZ1 + kwxxlcDt9azbLxGtp9ozAW8+VpPvYxu7dKJvEay31veeQR5IcY3ddw+lAGtq + enXEVhPI97LIFXlTjBq1Bpl00MbC/mAKg4GOOKwr3xMt3aS2wtyvmDGd2cfp + U8XixY40j+zE7QBnf6fhQBY06wuJJLsLeSpsmZSRj5jgcn3ourC4TUrGI3kr + NJ5uGOMrhR0+tZtn4jW1e4c25bz5C/3sYz26UT+I1mvLW78gj7Pv43dd4x6d + qANnUdOuY7GeRr6VwqElTjB9jUttply1tEwv5VBRTgYwOOlYt54nW6tZbcW5 + XzFK53Zxn8Kkh8VLDDHF9mJ2KFzv64GPSgC1YWFxJcXireSIUkwSMZbjqaLy + wuEv7KNryRjIXwxxlcL2+tZtr4jW2muJTAW899+N2McdOlFx4jWe6trnyCv2 + cscbuu4Y9KANu+025jsriRr6VwsbEqcYOB0NLZ6bcvZwOt9KgaNSAMYGR0FZ + N14oW5tpbf7MV8xWXO7OMjHpS23ilYLeKD7MW8tVXO7rgY9KALdlYXD3l6i3 + kiFHUEjGWyO9F9YXEd3ZI15I5dyATjK8dRWbbeI1t7i5n8gt9oYNjd0wMelF + z4jW4ntpvs5X7OxbG7rkY9KAN27025S0mdr6VgqMSDjBwOlMsNNuZLGCRb6V + AyKQoxgcdBWZceKlngkh+zEeYpXO7pkY9KbaeKFtraK3+zlvLULndjOB9KAL + tpYXD6hfRreSKYzHlhjLZXv9KNQsLiOezVryVy8uATj5TjqKzbfxGsF3c3Pk + E/aChxu6bRj0ou/Ea3MtvIICvkPvxuznjp0oA37jTLpbeVjfzMArHBxzxUGn + adcy2EEi3ssYZAQoxgfSqE3itZYni+zEb1Izv9R9Kis/E62trFbG3LeWoXO7 + GcfhQBettPuG1K9iF5KrII8sMZbI7/SjUdPuIntA15LJvmVRnHyk55HvWbD4 + jWG9ubvyCftATjd02DHpReeI1umt2EBXyJFk+9nOO3SgDoZtMulidjfzHCnj + jniqml6fcS6fBIl7LGGXhVxgVTk8WI8bJ9mI3Aj7/r+FV7HxKtnaRWxty/lj + Gd2M/pQBoQWFw2qXUQvJFZFQlxjLZ9fpRqdhcRC133ksm+eNRnHyk55HuKzY + vEax30955BPnKo27um33xRe+I1uxABAV8mVZPvZzt7dKAOjfS7oKT/aEx4Pp + VDSdPuJtOhkS9liDA/KuMDk1XbxajKR9lPP+3/8AWqpYeJFsrOO1NuX8sEZ3 + Yzk59KANGKwuDqs8IvJQyxqS/GTntRqthcRRQl7ySTdMgw2OCe/1FZqeI1S/ + lvfIJEiKu3d0x74ovvEa3iRoICnlyK/3s529ulAHS/2Vdf8AQQm/SszRrC4n + 02GVLySJW3fKuMDDGov+EuT/AJ9T/wB9/wD1qpad4jWws47QwF9med2M5JPp + 70AaSWFwdXkh+2SBhCDv4yRnp9KNW0+4ht0Z7yWQGRBhsY5PX8KzV8RquoPf + eQcNGE27vQ5znFF/4jW9hWIQFNrq2d2funPpQB0v9lXX/QQm/SszSLC4msVk + S8liBZvlXGOGNRf8Jcn/AD6n/vv/AOtVLT/Ea2NqtuYC+Cxzux1OfSgDS+wX + H9smD7ZLu8jdv43Y3Yx9O9Gr2FxDZl3vJJRuQbWxjk1m/wDCRr/aJv8AyD/q + vL27v9rOc4o1DxGt9beQICnzKc7s9Dn0oA6X+yrr/oITfpWZpNhcTWpdLySI + b3GFxjg9ai/4S5P+fU/99/8A1qpWHiNbKAwmAvlmbO7H3jn0oA0msLj+2Fh+ + 2SbjAW38bsbun0o1iwuINPkke8klAK/K2MHLCs0+I1Ooi/8AIPERj27vfOc4 + o1HxGt9aPbCApuKnO7PQg+lAHS/2Vdf9BCb9KzNKsLiaGVkvJYwJXGFxyQev + 41F/wlyf8+p/77/+tVKx8RrZxvGYC+92f72PvHp0oA0pLC4GrRQm8lLGJjv4 + yBnpS6xp9xDp00r3ksqrj5Wxg8isx/Eatfx3vkH5EKbd3qc5zijUPEi31nJa + i3KeZjndnGCD6UAdINLusD/iYTfpWbpdhcSpcFLySPbO6nbjkjufc1CPFyAA + fZTx/t//AFqp2PiNbNZlMBfzZWk+9jG7t0oA0prC4XVbeE3khZkch+MjHYU/ + VdPuIdPmke9lkCjlWxg81lSeI1kv4b3yCPKVl27uu73xTr/xKt5aSWotynmD + Gd2cc/SgDoI9LujGpGoTDIHpWfpthcSm723kkeyd1OMfMRjk+5qBPFqIir9l + JwAPv/8A1qqWXiNbQ3BMBbzpWk+9jG7HHSgDSuLC4XU7SI3kjM6yYY4yuB2+ + tS6np1xFYTyPeyyBVyVOMGsibxGst7b3fkEeQHGN3XcMdcU+98TLd2stsLcr + 5gxndnH6UAbsGmXTQRsL+ZQVBwMccVR06wuJJbwLeSJsmIJGPmPqfeq0XitY + 4kj+zE7QBnf6fhVaz8RravcOYC3nyF/vYxnt0oA0rqwuE1GxiN5KzSebhjjK + 4Xt9an1DTrmOxnka+lcKjEqcYPHQ1jT+I1mvLW68gj7Pv43dd4x6dqlu/E63 + VrLbi3K+YpXO7OM/hQBs2umXL20LC/lUFFOBjA46VTsLC4kubxVvJUKSYJGM + tx1NVYPFSwwxw/Zidihc7+uBj0qva+I1tprmUwFvPfdjd04x6UAaV5YXCX1l + G15I5kZ8McZXA7fWrN9ptzHZXDtfSuFjYlTjBwDwaxLjxGs91bXHkFfs5Y43 + ddwx6VNdeKFuLaW3+zFfNRlzu6ZGPSgDWstNuZLOB1vpUDRqQoxgZHQVVsrC + 4kvL1FvJEKMoLDGWyO9VLbxStvbxQfZi3loq53dcDHpUFt4jW3ubmfyC32hg + cbumBj0oA0r7T7iO6ska8lcu5AJxleOoq3d6ZcpazOb+VgqMcHGDgdKwrrxG + txPbTeQV8hi2N3XIx6VYuPFSzQSQ/ZiPMUrnd0yMelAGlYabcyWMEi30qBkU + hRjA46Cq9pp9w+oX0a3kqmMx5YYy2V7/AEqlaeKFtraK3+zlvLULndjOB9Ki + t/Eaw3dzdeQT9oKcbum0Y9KANLULC4jms1a8lcvKACcfKcdRV240y6W3lY38 + zAKxwcYPFYF34jW6kt5BAV8iQP8Aezn26VZm8VrLE8X2YjepGd/qPpQBf03T + riWwgkW9ljDKCFGMD6VDbWFw2p3kQvJFZBHlhjLZHf6VRs/Ey2lrFbG3LeWo + Gd2M/pUcPiNYr24u/s5PnhBjd02jHXFAGlqVhcRNaBrySTfOqjOPlJzyPer8 + ul3Qicm/mOAeOPSuevPEa3TW5FuV8iVZPvZzjt0q1J4sR0ZPsxG4Eff9fwoA + uaXp9xLp8EiXssYZeFXGBzUcFhcNqtzELyQMqIS4xk57H6Vn2PiVbO0itjbl + /LGM7sZ/SmxeI1jvprzyCfNVV27um33xQBpapYXEQtt95LJvnRRnHyk55HuK + 0X0u6Ck/2hMePaucvfEa3ggAgKeTKsn3s529ulXG8WoykfZTz/t//WoAn0jT + 7ibToZEvZYlYH5Vxgcmki0+4OrTQi8lDLGpL8ZOT0rO0/wASLY2cdqbcv5YP + O7GcnPpSJ4jVL+S98gnzECbd3THfOKANLVLC4iihL3ksm6ZBhscEnr9RWn/Z + V1/0EJv0rmr7xGt5HGggKeXIr/eznb26Vd/4S5P+fU/99/8A1qAJdGsLifTo + pUvJIlO75VxgfMaFsLg6w8P2yTcIQ2/jdjd0+lZuneI1sLOO1MBfZnndjqSf + T3oXxGo1Br7yDhoxHt3ehznOKANLVrC4htlZ7ySUGRBhsY5PX8K0/wCyrr/o + ITfpXNX/AIjW9hWIQFMOrZ3Z+6c+lXf+EuT/AJ9T/wB9/wD1qAJdIsLiayWR + LyWIbmG1cY4Y0fYLj+2fI+2S7vs+7fxuxvxj6d6zdP8AEa2NsLc25fBY53Y6 + nPpR/wAJGv8AaP2/yDjyvK27v9rdnOKANLV7C4hsi73kso3KNrYxyRWn/ZV1 + /wBBCb9K5rUPEa31sbcQFMspzuz0OfSrv/CXJ/z6n/vv/wCtQBLpOn3E1qXS + 8liG9xhcY4PWhrC4GsJD9sl3GEtv43Y3dPpWbYeI1soDCYC+WZs7sfeOfSg+ + I1OorfeQfljMe3d6nOc4oA0tZsLiHTpZHvJJQCvytjBywrT/ALKuv+ghN+lc + 1qPiNb+0e1EBTfjndnoQfT2q7/wlyf8APqf++/8A61AEulWFxLDKyXkkYErj + C45IPX8aJLC4GrQwm8kLNEx38ZAB6Vm2PiNbOORDAX3yM/3sfe7dKH8Rq1/H + e/ZyNiFNu7rk5znFAGnq+n3EOnTSveSyqoHytjB5FaK6XdYH/Ewm/Suc1DxI + t9ZyWotynmY53Zxgg+lWx4uQAD7KeP8Ab/8ArUATaZYXEq3JS8lj2zupxjkj + ufc0TWFwuq20JvJCzI5DnGRjsPrWbZeI1s1mBty3mytJ97GN3bpRJ4jWS+hv + PII8pWXbu67vfFAGrqun3EWnzyPeyyBRyrYweauxaXdGNCL+YZA44rn77xKt + 5aS2otynmDGd2cfpVlPFiIip9mJ2gD7/AKfhQBPpun3ErXe28lj2Tupxj5iM + cn3NFxp9wup2cRvJWZxJhjjK4Hb61m2fiNbQ3BMBbz5Wk+9jG7HHSibxGst7 + b3fkEeQHGN3XcMdcUAa+padcRWE8j3ssgVSSpxg/WrMGmXTQRsL+ZQVBwMcc + VhXviZbu1lthblfMXGd2cfpU0XitY4kj+zE7QBnf6fhQBZ0+wuJJbwLeSIUl + IJGPmOOp96LuwuE1Gxia8kZpPMwxxlcL2+tZtp4jW1kuHMBbz5C/3sYz26UT + +I1mvLW68gj7Pv43dd4x6UAbOoadcx2M8jX0rhUYlTjB46GpbXTLl7WFxfyq + GRTgYwMjpWNd+J1urWW3+zlfMUrndnGfwp8HipYYI4fsxOxQud/XAx6UAWrG + wuJLm8RbyVCkgBIxluOpovNPuEvbKNryVy7PhjjK4Hb61m2viNbaa5mMBbz3 + DY3dOMelFz4jWe5trj7OV+zljjd13DHpQBt32m3MdlcO19K4WNyVOMHAPBpb + LTbl7OB1vpUDRqQoxgZHQVk3Pilbi2lt/sxXzUZc7um4Y9KW28Urb20UH2Yt + 5aKud3XAx6UAW7KwuHvb1FvJEMbKCwxlsjvRfWFxHdWSNeSOXkIBOMrx1FZt + t4jW3ubm48gt9oKnG7pgY9KLrxGtzPbTeQV+zsWxu65GPSgDeutMuUtZnN/K + wVGODjBwOlRafp1zJYwSLfSoGRSFGMDjoKzp/FSzQSQ/ZiN6lc7+mRj0plp4 + oW2tYrf7OW8tQud2M4/CgC7aWFw+o30YvJFaPy8sMZbK9/pRqFhcRzWateSu + XlABOPlOOo96zYPEaw3l1deQT9o2cbumwY9KLvxGt1JbuICvkSB/vZzjt0oA + 37jTLpYJGN/MwCk4OOeKr6bp1xLYQSLeyxhlBCjGBVGXxWssTx/ZiN6kZ3+o + +lQ2XiZbS1itjblvLXGd2M/pQBftrC4bU7yIXkisgjywxlsjv9KNSsLiJrQN + eSSb50UZx8pOeR71mw+I1ivbi78gnzwgxu6bRjrii98Rrdm3IgK+RKsn3s52 + 9ulAHRS6XdCNyb+Y4B44qlpWn3EunwSJeyxhhwq4wOaqv4sR0ZPsxG4Eff8A + X8KrWPiVbO0itTbl/LGM7sZ/SgDQhsLhtUuYheShlRCXGMnPY/SjVLC4iW2L + 3kkm6dFG7HBOeR7is2PxGsd9NeeQT5qqu3d02++KL7xGt4IQICnlSrJ97Odv + bpQB0jaXdBSf7Qm6e1Z2kafcTadDKl5LErA/KuMDk1AfFyEEfZTz/t//AFqq + af4kWxs47U25fy887sZySfSgDRjsLg6tNCLyQMsanfxkgnpRqlhcRQxM95LI + DKgw2OCT1+orNTxGqX8l75BPmIE27umD1zii+8RreRxoICmyRX+9n7vbpQB0 + v9lXX/QQm/SszR7C4m06KRLyWIHd8q4wMMai/wCEuT/n1P8A33/9aqWneI1s + bNLUwF9med2OpJ9PegDSWwuDrDw/bJNwhDb+N2N3T6Uatp9xDbKz3ksgMiDD + Yxyev4VmjxGo1Br7yD80Yj27vQ5znFF/4jW9hEIgKYdWzuz9059KAOl/sq6/ + 6CE36VmaRYXE1kHS8kiG5htXGOCai/4S5P8An1P/AH3/APWqlp/iNbG2FuYC + +Cxzux1OfSgDS+wXH9s+R9sl3fZ92/jdjfjH070avp9xDZNI95LKAy/K2Mck + Vm/8JGv9o/b/ACDjyvK27v8Aa3ZzijUPEa31sbcW5TJU53Z6HPpQB0v9lXX/ + AEEJv0rM0mwuJrZnS8ljAkcYXGOD1/Gov+EuT/n1P/ff/wBaqVh4jWyhMJgL + 5dmzux9459KANJrC4GsJD9sk3GEtv43Y3dPpRrFhcQ6dLI95LKBt+VsYOWFZ + reI1OoLfeQfljMe3d6nOc4o1HxGt9ZvaiApvxzuz0IPp7UAdL/ZV1/0EJv0r + M0qwuJopil5JGFlcYXHJB6/U1F/wlyf8+p/77/8ArVSsfEa2UciGAvvkZ/vY + xu7dKANKSwuBq0MJvJSzRsd/GRg9KXV9PuIdOmke9llVQPlbGDyKzH8Rq9/H + e+QR5aFNu7rnvnFLqHiRb6zktRblPMA53Zxg59KAOjXS7raP+JhN09qzdM0+ + 4lW52Xkse2d1OMckdz7moR4uQAD7KeP9v/61U7LxGtoJgYC3mytJ97GN3bpQ + BpTWFwuqW0RvJSzI5DnGRjsPrT9U0+4i0+eR72WQKvKtjB5rKk8RrJfQ3nkE + eUrLt3dd3vinX3iVby0ltRblPMGM7s4/SgDfi0u6MSEX8wyBxxVDTbC4la7C + 3kkeyd1OMfMRjk+9V4/FiIip9mJ2gD7/AKfhVWy8RraG4JgLefK0n3sY3dul + AGlc2Fwup2cRvJGZxJhjjK4Hb61NqWnXMVhPI17LIFUkqcYP1rHm8RrLe293 + 5BHkBxjd13DHXFSXniZbu1lthblfMUjO7OP0oA27fTLpoI2F/MoKg4GOOKpa + fYXEk14q3kiFJSCRj5jjqarReK1iiSP7MTsUDO/0H0qtaeI1tZLhzAW8+Qv9 + 7GM9ulAGld2Fwmo2MbXkjGQyYY4yuF7fWp9Q065jsZ5GvpXCoxKnGDx0NY1x + 4jWe7tbryCPs+/jd13DHpUt34oW5tZbf7OV8xSud2cZ/CgDYtNMuXtYXF/Ko + ZFOBjAyOlVLGwuJLq9RbyRCkgBIxluOpqrb+Klhgjh+zE+WoXO7rgY9Kr2vi + Nbae5m8gt9oYNjd0wMelAGle2Fwl7ZI15K5dmAY4yuB2q1e6bcx2c7tfSuFj + YlTjBwOhrDufEaz3NtceQV+zsxxu65GPSp7nxStxbSwfZivmIy53dMjHpQBq + WOm3Mllbut9KgaNCFGMDIHAqtZ2Fw97exreSoUZAWGMtle/0qnbeKVt7aK3+ + zFvKRVzu67Rj0qG28RrBc3Nx9nLfaCpxu6bRj0oA0r+wuI7mzVryRy8hAJxl + eOoq5daZcpazOb+VgqMcHGDgdKwbrxGtzNbSiAr5D7sbuvGPSrE/ipZoJIfs + xG9Sud/TIx6UAaOn6dcyWMEi30qBkUhRjA46CoLSwuH1G+iW8kVo/Lywxlsr + 3+lUrTxOtraxW5ty3lqFzuxnH4VFB4jWG8urryCftGzjd02DHpQBpahYXEct + mGvJX3zAAnHynHUe9Xp9MulgkY38zAKTg454rn7vxGt1JbuICvkSB/vZzjt0 + qzL4rWSJ4/sxG4EZ3+v4UAXtN064lsIJEvZYwyghRjA+lRW9hcNqd3ELyVWQ + R5YYy2R3+lULLxMtpaxWxty3lrjO7Gf0pkPiNYr24vPIJ88IMbum0Y64oA0t + SsLiI2m+8lk3zoozj5Sc8j3FaEul3Qjcm/mOAeOK5298Rrdm3IgK+RKsn3s5 + 29ulW38WI6Mn2YjcCPv+v4UAWtK0+4m0+GRL2WMMOFXGBzTIbC4bVbiIXkgZ + UQl+MnPY/Ss+w8SrZ2kdqbcv5YxndjPP0psfiNY76a8+zk+aqrt3dNvvigDS + 1SwuIlti95JJunRRuxwT3HuK0m0u6wf+JhN+lc3e+I1vFhAtyvlSrJ97Odvb + pVw+LkII+ynn/b/+tQBPpGn3E2nQypeSxKwPyrjA5NJHYXB1aWEXkgYRKd/G + SM9KztP8SLY2cdqbcv5eed2M5JPpSJ4jVdQkvfIPzoE27vQ5znFAGlqthcQw + xM95LIDKgw2OCT1/CtP+yrr/AKCE36VzV/4jW9jSMQFNkiv97P3e3Srv/CXJ + /wA+p/77/wDrUAS6Pp9xNp8ciXksQJb5VxgYY0Lp9x/bDQ/bJdwhDb+N2N3T + 6Vm6d4jWxtEtTAX2Fud2OpJ9PegeI1GoNfeQeYxHt3ehznOKANLVtPuIbUO9 + 5LKN6DDYxyetaf8AZV1/0EJv0rmr/wARrewCEQFMMrZ3Z+6c+lXf+EuT/n1P + /ff/ANagCXSLC4msw6XkkQ3ONq4xwaPsFx/bIg+2SbvI3b+N2N2MfTvWbp/i + NbG28gwF/mY53Y6nPpR/wka/2j9v8g/6ry9u7/aznOKANLV7C4hsWke8klAZ + flbGOSK0/wCyrr/oITfpXNah4jW+tTbiApkqc7s9Dn0q7/wlyf8APqf++/8A + 61AEulWFxNbOyXksYEjjC4xwev41YgtpbfXY1kneY+Sxy2PXGKxbDxGtlC0R + gL7nZs7sfeOfSr+n6qNS1qOQReXiJkxnPfOaAOwooooAKKKKACiiigAooooA + /9k= + + type + public.jpeg + + ApplicationVersion + + com.omnigroup.OmniGraffle7 + 205.55.0 + + CreationDate + 2023-03-01 17:22:51 +0000 + Creator + Glenn Rodgers + FileType + flat + GraphDocumentVersion + 16 + GuidesLocked + NO + GuidesVisible + YES + ImageCounter + 1 + LinksVisible + NO + MagnetsVisible + NO + MasterSheets + + ModificationDate + 2026-05-06 05:42:47 +0000 + Modifier + Luana Dos Santos + MovementHandleVisible + NO + NotesVisible + NO + OriginVisible + NO + PageBreaks + NO + PrintInfo + + NSBottomMargin + + float + 40 + + NSHorizonalPagination + + coded + BAtzdHJlYW10eXBlZIHoA4QBQISEhAhOU051bWJlcgCEhAdOU1ZhbHVlAISECE5TT2JqZWN0AIWEASqEhAFxlwCG + + NSLeftMargin + + float + 18 + + NSPaperName + + string + na-letter + + NSPaperSize + + size + {612, 792} + + NSPrintReverseOrientation + + coded + BAtzdHJlYW10eXBlZIHoA4QBQISEhAhOU051bWJlcgCEhAdOU1ZhbHVlAISECE5TT2JqZWN0AIWEASqEhAFxlwCG + + NSRightMargin + + float + 18 + + NSTopMargin + + float + 18 + + + ReadOnly + NO + Sheets + + + ActiveLayerIndex + 0 + AutoAdjust + 15 + AutosizingMargin + 0 + BackgroundGraphic + + Bounds + {{-2110.5263157894733, -855.26315789473676}, {3784.2105263157891, 2765.7894736842104}} + Class + GraffleShapes.CanvasBackgroundGraphic + ID + 0 + Style + + shadow + + Draws + NO + + stroke + + Draws + NO + + + Text + + TextAlongPathGlyphAnchor + center + + + BaseZoom + 0 + CanvasDimensionsOrigin + {-841, 88} + CanvasOrigin + {0, 0} + CanvasSize + {689, 492} + CanvasSizingMode + 2 + ColumnAlign + 1 + ColumnSpacing + 36 + DisplayScale + 1.0 pt = 1.0 px + GraphicsList + + + Bounds + {{-456, 263.75387879604227}, {71.261056873051928, 21.233309318300801}} + Class + ShapedGraphic + FontInfo + + Color + + space + gg22 + w + 0 + + Font + DINPro-Medium + + ID + 90 + Layer + 0 + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Draws + NO + + + Text + + Text + {\rtf1\ansi\ansicpg1252\cocoartf2869 +\cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fnil\fcharset0 DINPro-Medium;} +{\colortbl;\red255\green255\blue255;} +{\*\expandedcolortbl;;} +\deftab720 +\pard\pardeftab720\qc\partightenfactor0 + +\f0\fs32 \cf0 Organization-Owned Network} + TextAlongPathGlyphAnchor + center + + Wrap + NO + + + Bounds + {{-840.5, 416.25565716947119}, {688, 144}} + Class + ShapedGraphic + FontInfo + + Color + + space + gg22 + w + 0 + + Size + 0.0 + + ID + 89 + Layer + 0 + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Color + + b + 0.5 + g + 0.5 + r + 0.5 + space + srgb + + Draws + NO + + + Text + + TextAlongPathGlyphAnchor + center + + VFlip + YES + + + AllowLabelDrop + + Class + LineGraphic + FontInfo + + Color + + space + gg22 + w + 0 + + Font + OpenSans + Size + 12 + + Head + + ID + 70 + + ID + 58 + Layer + 0 + LogicalPath + + elements + + + element + MOVETO + point + {-592.71658102779497, 155.5} + + + element + LINETO + point + {-592.71658102779497, 371.44108790595772} + + + control1 + {-592.71658102779497, 384.69296754446151} + control2 + {-603.45935205194996, 395.43573856861656} + element + CURVETO + point + {-616.71123169045381, 395.43573856861656} + + + element + LINETO + point + {-628.71545166191686, 395.43573856861656} + + + control1 + {-635.33758367656742, 395.43573856861656} + control2 + {-640.70588235311266, 390.06743989207132} + element + CURVETO + point + {-640.70588235311266, 383.44530787742076} + + + element + LINETO + point + {-640.70588235311266, 383.44530787742076} + + + control1 + {-640.70588235311266, 376.8231758627702} + control2 + {-646.07418102965789, 371.45487718622496} + element + CURVETO + point + {-652.69631304430845, 371.45487718622496} + + + element + LINETO + point + {-690.40346343966371, 371.45487718622496} + + + control1 + {-693.1044971750091, 371.45487718622496} + control2 + {-695.29411764688734, 373.64449765810315} + element + CURVETO + point + {-695.29411764688734, 376.34553139344854} + + + element + LINETO + point + {-695.29411764688734, 376.34553139344854} + + + control1 + {-695.29411764688734, 379.04656512879393} + control2 + {-693.1044971750091, 381.23618560067212} + element + CURVETO + point + {-690.40346343966371, 381.23618560067212} + + + element + LINETO + point + {-591, 381.23618560067212} + + + + OrthogonalBarAutomatic + + OrthogonalBarPoint + {216.8984375, 371} + OrthogonalBarPosition + -1 + Points + + {-592.71658102779497, 155.5} + {-601.97058823529392, 395.43573856861656} + {-640.70588235311266, 371.45487718622496} + {-591, 381.23618560067212} + + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Cap + 0 + Color + + b + 0.80000000000000004 + g + 0.80000000000000004 + r + 0.80784299999999998 + space + srgb + + CornerRadius + 24 + HeadArrow + FilledArrow + Legacy + + LineType + 2 + TailArrow + FilledArrow + Width + 3 + + + Tail + + ID + 62 + + + + AllowLabelDrop + + Class + LineGraphic + FontInfo + + Color + + space + gg22 + w + 0 + + Font + OpenSans + Size + 12 + + ID + 59 + Layer + 0 + LogicalPath + + elements + + + element + MOVETO + point + {-362.0680870354239, 381.53458762411094} + + + element + LINETO + point + {-406.77913873912814, 383.12501631124229} + + + control1 + {-407.05116836467852, 383.13469274925347} + control2 + {-407.27953625055665, 382.92201346917597} + element + CURVETO + point + {-407.28921268856783, 382.64998384362559} + + + control1 + {-407.29785517203084, 382.40702134672853} + control2 + {-407.12804241945162, 382.19404953714036} + element + CURVETO + point + {-406.8892553374622, 382.14837463271948} + + + element + LINETO + point + {-406.8892553374622, 382.14837463271948} + + + control1 + {-406.5620693638823, 382.08579089516297} + control2 + {-406.3475668697742, 381.76982011417857} + element + CURVETO + point + {-406.41015060733071, 381.44263414059867} + + + control1 + {-406.46458496368479, 381.1580528967279} + control2 + {-406.71367789043802, 380.95238382719418} + element + CURVETO + point + {-407.0034181513214, 380.952789706445} + + + element + LINETO + point + {-517.28712871287144, 381.10727935067212} + + + + Points + + {-362.0680870354239, 381.53458762411094} + {-413.18669446057595, 383.35294117647061} + {-400.59181621434846, 380.94380808896835} + {-517.28712871287144, 381.10727935067212} + + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Color + + b + 0.80000000000000004 + g + 0.80000000000000004 + r + 0.80784299999999998 + space + srgb + + CornerRadius + 24 + Legacy + + TailArrow + FilledArrow + Width + 3 + + + Tail + + ID + 74 + + + + AllowLabelDrop + + Class + LineGraphic + FontInfo + + Color + + space + gg22 + w + 0 + + Font + OpenSans + Size + 12 + + ID + 60 + Layer + 0 + LogicalPath + + elements + + + element + MOVETO + point + {-362.0680870354239, 325.41642384018013} + + + element + LINETO + point + {-432.38235294117635, 325.41642384018013} + + + control1 + {-445.63718693711542, 325.41642384018013} + control2 + {-456.38235294117635, 336.16158984424106} + element + CURVETO + point + {-456.38235294117635, 349.41642384018013} + + + element + LINETO + point + {-456.38235294117635, 356.91008131463775} + + + control1 + {-456.38235294117635, 370.16491531057682} + control2 + {-467.12751894523728, 380.91008131463775} + element + CURVETO + point + {-480.38235294117635, 380.91008131463775} + + + element + LINETO + point + {-516.39524693210069, 380.91008131463775} + + + control1 + {-516.88781963827228, 380.91008131463775} + control2 + {-517.28712871287144, 380.51077224003859} + element + CURVETO + point + {-517.28712871287144, 380.018199533867} + + + element + LINETO + point + {-517.28712871287144, 380.018199533867} + + + + OrthogonalBarAutomatic + + OrthogonalBarPoint + {216.8984375, 371} + OrthogonalBarPosition + -1 + Points + + {-362.0680870354239, 325.41642384018013} + {-456.38235294117635, 345.41651787476098} + {-512.0595449262421, 380.91008131463775} + {-517.28712871287144, 380.018199533867} + + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Cap + 0 + Color + + b + 0.80000000000000004 + g + 0.80000000000000004 + r + 0.80784299999999998 + space + srgb + + CornerRadius + 24 + HeadArrow + FilledArrow + Legacy + + LineType + 2 + TailArrow + FilledArrow + Width + 3 + + + Tail + + ID + 78 + + + + AllowLabelDrop + + Class + LineGraphic + FontInfo + + Color + + space + gg22 + w + 0 + + Font + OpenSans + Size + 12 + + Head + + ID + 69 + + ID + 61 + Layer + 0 + LogicalPath + + elements + + + element + MOVETO + point + {-591, 381.23618560067212} + + + element + LINETO + point + {-593.72972658015169, 456.82598057091963} + + + control1 + {-593.7432403426925, 457.20019480437594} + control2 + {-593.74799428131666, 457.57467405987643} + element + CURVETO + point + {-593.74398449128046, 457.94911075129858} + + + element + LINETO + point + {-593.66518157483358, 465.30777617829926} + + + control1 + {-593.66168704587039, 465.63409746975111} + control2 + {-593.66484861099423, 465.96045609497367} + element + CURVETO + point + {-593.6746642977655, 466.28664844509956} + + + element + LINETO + point + {-594.86014538423069, 505.68224761536652} + + + + Points + + {-591, 381.23618560067212} + {-593.75000000005366, 457.38737879478526} + {-593.65993923617634, 465.79730902775248} + {-594.86014538423069, 505.68224761536652} + + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Color + + b + 0.80000000000000004 + g + 0.80000000000000004 + r + 0.80784299999999998 + space + srgb + + CornerRadius + 24 + Legacy + + TailArrow + FilledArrow + Width + 3 + + + Tail + + ID + 70 + + + + Bounds + {{-626.96847596913221, 550.60669035744991}, {71.261056873051928, 21.233309318300801}} + Class + ShapedGraphic + FontInfo + + Color + + space + gg22 + w + 0 + + Font + DINPro-Medium + + ID + 63 + Layer + 0 + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Draws + NO + + + Text + + Text + {\rtf1\ansi\ansicpg1252\cocoartf2869 +\cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fnil\fcharset0 DINPro-Medium;} +{\colortbl;\red255\green255\blue255;} +{\*\expandedcolortbl;;} +\deftab720 +\pard\pardeftab720\qc\partightenfactor0 + +\f0\fs32 \cf0 Consumer Applications} + TextAlongPathGlyphAnchor + center + + Wrap + NO + + + Class + Group + Graphics + + + Bounds + {{-594.82686096580392, 525.39510758725521}, {31.000193632335677, 15.366306506807252}} + Class + ShapedGraphic + ID + 65 + Shape + Bezier + ShapeData + + AdditionalUnitPoints + + + {-0.47368421052631571, 0.43983860692291366} + {-0.47368421052631571, 0.43983860692291366} + {-0.44736842105263164, 0.43983860692291366} + {-0.44736842105263164, 0.43983860692291366} + {-0.44736842105263164, 0.43983860692291366} + {-0.47368421052631571, 0.43983860692291366} + + + {-0.47367368421052625, 0.44691017201104311} + {-0.47367368421052625, 0.44691017201104311} + {-0.49998947368421054, 0.44729241877256332} + {-0.49998947368421054, 0.44729241877256332} + {-0.49998947368421054, 0.44729241877256332} + {-0.4997999999999998, 0.50000000000000044} + {-0.4997999999999998, 0.50000000000000044} + {-0.4997999999999998, 0.50000000000000044} + {-0.47367368421052625, 0.50000000000000044} + {-0.47367368421052625, 0.50000000000000044} + {-0.47367368421052625, 0.50000000000000044} + {-0.47367368421052625, 0.44691017201104311} + + + {0.47367368421052647, 0.44691017201104311} + {0.47367368421052647, 0.44691017201104311} + {0.47367368421052647, 0.50000000000000044} + {0.47367368421052647, 0.50000000000000044} + {0.47367368421052647, 0.50000000000000044} + {0.4997999999999998, 0.50000000000000044} + {0.4997999999999998, 0.50000000000000044} + {0.4997999999999998, 0.50000000000000044} + {0.49998947368421054, 0.44729241877256332} + {0.49998947368421054, 0.44729241877256332} + {0.49998947368421054, 0.44729241877256332} + {0.47367368421052647, 0.44691017201104311} + + + {0.18732631578947356, -0.43813973242726645} + {0.18732631578947356, -0.43813973242726645} + {0.19773684210526321, -0.48689743045232481} + {0.19773684210526321, -0.48689743045232481} + {0.19773684210526321, -0.48689743045232481} + {0.18268421052631578, -0.49999999999999956} + {0.18268421052631578, -0.49999999999999956} + {0.18268421052631578, -0.49999999999999956} + {0.17022105263157883, -0.47848800169887395} + {0.17022105263157883, -0.47848800169887395} + {0.17022105263157883, -0.47848800169887395} + {0.18732631578947356, -0.43813973242726645} + + + {-0.19774736842105267, -0.48689743045232481} + {-0.3754947368421051, -0.33234232321087243} + {-0.5, 0.024357613081333884} + {-0.5, 0.43983860692291366} + {-0.5, 0.43983860692291366} + {-0.44736842105263164, 0.43983860692291366} + {-0.44736842105263164, 0.43983860692291366} + {-0.44736842105263164, 0.068252282862604208} + {-0.33605263157894738, -0.2510087067317901} + {-0.17691578947368414, -0.38938203440220809} + {-0.17691578947368414, -0.38938203440220809} + {-0.19774736842105267, -0.48689743045232481} + + + {-0.5, 0.43983860692291366} + {-0.5, 0.44232321087279702} + {-0.5, 0.44480781482268039} + {-0.49998947368421054, 0.44729241877256332} + {-0.49998947368421054, 0.44729241877256332} + {-0.44735789473684195, 0.44652792524952245} + {-0.44735789473684195, 0.44652792524952245} + {-0.44736842105263164, 0.44429815247398663} + {-0.44736842105263164, 0.44206837969844992} + {-0.44736842105263164, 0.43983860692291366} + {-0.44736842105263164, 0.43983860692291366} + {-0.5, 0.43983860692291366} + + + {-0.47367368421052625, 0.50000000000000044} + {-0.47367368421052625, 0.50000000000000044} + {0.47367368421052647, 0.50000000000000044} + {0.47367368421052647, 0.50000000000000044} + {0.47367368421052647, 0.50000000000000044} + {0.47367368421052647, 0.39382034402208577} + {0.47367368421052647, 0.39382034402208577} + {0.47367368421052647, 0.39382034402208577} + {-0.47367368421052625, 0.39382034402208577} + {-0.47367368421052625, 0.39382034402208577} + {-0.47367368421052625, 0.39382034402208577} + {-0.47367368421052625, 0.50000000000000044} + + + {0.49998947368421054, 0.44729241877256332} + {0.50000000000000022, 0.44480781482268039} + {0.50000000000000022, 0.44232321087279702} + {0.50000000000000022, 0.43983860692291366} + {0.50000000000000022, 0.43983860692291366} + {0.44736842105263164, 0.43983860692291366} + {0.44736842105263164, 0.43983860692291366} + {0.44736842105263164, 0.44206837969844992} + {0.44736842105263164, 0.44429815247398663} + {0.44735789473684195, 0.44652792524952245} + {0.44735789473684195, 0.44652792524952245} + {0.49998947368421054, 0.44729241877256332} + + + {0.50000000000000022, 0.43983860692291366} + {0.50000000000000022, 0.024336377150138144} + {0.37548421052631564, -0.33234232321087243} + {0.19773684210526321, -0.48689743045232481} + {0.19773684210526321, -0.48689743045232481} + {0.1769052631578949, -0.38940327033340383} + {0.1769052631578949, -0.38940327033340383} + {0.3360526315789476, -0.25102994266298495} + {0.44736842105263164, 0.068231046931408468} + {0.44736842105263164, 0.43983860692291366} + {0.44736842105263164, 0.43983860692291366} + {0.50000000000000022, 0.43983860692291366} + + + {0.17022105263157883, -0.47848800169887395} + {0.124284210526316, -0.39921427054576286} + {0.064905263157894799, -0.35147589721809291} + {-1.0526315789460838e-05, -0.35147589721809291} + {-1.0526315789460838e-05, -0.35147589721809291} + {-1.0526315789460838e-05, -0.24529624124017824} + {-1.0526315789460838e-05, -0.24529624124017824} + {0.077957894736842226, -0.24529624124017824} + {0.14936842105263159, -0.30276067105542515} + {0.2044315789473683, -0.39781269908685424} + {0.2044315789473683, -0.39781269908685424} + {0.17022105263157883, -0.47848800169887395} + + + {-1.0526315789460838e-05, -0.35147589721809291} + {-0.06491578947368426, -0.35147589721809291} + {-0.12429473684210524, -0.39921427054576286} + {-0.17022105263157883, -0.47848800169887395} + {-0.17022105263157883, -0.47848800169887395} + {-0.20444210526315776, -0.39781269908685424} + {-0.20444210526315776, -0.39781269908685424} + {-0.14936842105263159, -0.30273943512422941} + {-0.077968421052631687, -0.24529624124017824} + {-1.0526315789460838e-05, -0.24529624124017824} + {-1.0526315789460838e-05, -0.24529624124017824} + {-1.0526315789460838e-05, -0.35147589721809291} + + + UnitPoints + + {-0.18733684210526302, -0.43813973242726645} + {-0.18733684210526302, -0.43813973242726645} + {-0.17022105263157883, -0.47848800169887395} + {-0.17022105263157883, -0.47848800169887395} + {-0.17022105263157883, -0.47848800169887395} + {-0.18268421052631556, -0.49999999999999956} + {-0.18268421052631556, -0.49999999999999956} + {-0.18268421052631556, -0.49999999999999956} + {-0.19774736842105267, -0.48689743045232481} + {-0.19774736842105267, -0.48689743045232481} + {-0.19774736842105267, -0.48689743045232481} + {-0.18733684210526302, -0.43813973242726645} + + + Style + + shadow + + Draws + NO + + stroke + + Cap + 0 + Draws + NO + + + Text + + TextAlongPathGlyphAnchor + center + + + + Bounds + {{-594.01106639653221, 526.34567141937157}, {29.368604493791697, 13.599948105419525}} + Class + ShapedGraphic + ID + 66 + Shape + Bezier + ShapeData + + UnitPoints + + {-0.1977444444444445, -0.49999999999999956} + {-0.3755333333333335, -0.33451304076588961} + {-0.5, 0.047352256640353474} + {-0.5, 0.49200998152458286} + {-0.5, 0.49467332101638828} + {-0.5, 0.49733666050819458} + {-0.49998888888888904, 0.50000000000000089} + {-0.49998888888888904, 0.50000000000000089} + {0.49998888888888882, 0.50000000000000089} + {0.49998888888888882, 0.50000000000000089} + {0.5, 0.49733666050819458} + {0.5, 0.49467332101638828} + {0.5, 0.49200998152458286} + {0.5, 0.047352256640353474} + {0.37553333333333327, -0.33451304076588961} + {0.19773333333333309, -0.49999999999999956} + {0.14442222222222201, -0.40152842095160368} + {0.075399999999999912, -0.3420951604002207} + {-1.1111111111183902e-05, -0.3420951604002207} + {-0.075411111111111317, -0.3420951604002207} + {-0.14443333333333341, -0.40152842095160368} + + + Style + + fill + + Color + + b + 0.92941200000000002 + g + 0.75686299999999995 + r + 0.28235300000000002 + space + srgb + + + shadow + + Draws + NO + + stroke + + Cap + 0 + Draws + NO + + + Text + + TextAlongPathGlyphAnchor + center + + + + Bounds + {{-594.01106639653221, 526.34567141937157}, {29.368604493791697, 13.599948105419525}} + Class + ShapedGraphic + ID + 67 + Shape + Bezier + ShapeData + + UnitPoints + + {-0.1977444444444445, -0.49999999999999956} + {-0.3755333333333335, -0.33451304076588961} + {-0.5, 0.047352256640353474} + {-0.5, 0.49200998152458286} + {-0.5, 0.49467332101638828} + {-0.5, 0.49733666050819458} + {-0.49998888888888904, 0.50000000000000089} + {-0.49998888888888904, 0.50000000000000089} + {0.49998888888888882, 0.50000000000000089} + {0.49998888888888882, 0.50000000000000089} + {0.5, 0.49733666050819458} + {0.5, 0.49467332101638828} + {0.5, 0.49200998152458286} + {0.5, 0.047352256640353474} + {0.37553333333333327, -0.33451304076588961} + {0.19773333333333309, -0.49999999999999956} + {0.14442222222222201, -0.40152842095160368} + {0.075399999999999912, -0.3420951604002207} + {-1.1111111111183902e-05, -0.3420951604002207} + {-0.075411111111111317, -0.3420951604002207} + {-0.14443333333333341, -0.40152842095160368} + + + Style + + shadow + + Draws + NO + + stroke + + Cap + 0 + Draws + NO + + + Text + + TextAlongPathGlyphAnchor + center + + + + Bounds + {{-587.40313038542888, 510.65859448792622}, {16.15273247158542, 15.500096816167856}} + Class + ShapedGraphic + ID + 68 + Shape + Bezier + ShapeData + + UnitPoints + + {0.5, 0} + {0.5, 0.27517894736842097} + {0.2770909090909095, 0.5} + {0, 0.5} + {-0.27709090909090905, 0.5} + {-0.5, 0.27517894736842097} + {-0.5, 0} + {-0.5, -0.27517894736842097} + {-0.27709090909090905, -0.5} + {0, -0.5} + {0.2770909090909095, -0.5} + {0.5, -0.27517894736842097} + + + Style + + fill + + Color + + b + 0.92941200000000002 + g + 0.75686299999999995 + r + 0.28235300000000002 + space + srgb + + + shadow + + Draws + NO + + stroke + + Cap + 0 + Color + + b + 1 + g + 1 + r + 1 + space + srgb + + Width + 2.5 + + + Text + + TextAlongPathGlyphAnchor + center + + + + Bounds + {{-629.57970961679121, 482.83999967575073}, {69.439128465121101, 45.684495879231569}} + Class + ShapedGraphic + ID + 69 + Shape + Bezier + ShapeData + + UnitPoints + + {0.37554277336040165, -0.11674214285714279} + {0.37554277336040165, -0.096264285714285636} + {0.37448542265832074, -0.076161428571428491} + {0.37245060997387169, -0.056552142857142773} + {0.44660613921314318, -0.018546428571428464} + {0.5, 0.088027857142857213} + {0.5, 0.21355785714285724} + {0.5, 0.3707071428571429} + {0.41631421643263977, 0.4981500000000002} + {0.31298520648884387, 0.49854285714285718} + {0.31298520648884387, 0.49854285714285718} + {0.31298520648884387, 0.5} + {0.31298520648884387, 0.5} + {0.31298520648884387, 0.5} + {-0.28852985958382671, 0.5} + {-0.28852985958382671, 0.5} + {-0.28852985958382671, 0.5} + {-0.28852985958382671, 0.49857857142857165} + {-0.28852985958382671, 0.49857857142857165} + {-0.40549493411530291, 0.49703571428571447} + {-0.5, 0.35244285714285717} + {-0.5, 0.17429500000000009} + {-0.5, 0.012832142857142959} + {-0.42236743171864133, -0.12106999999999996} + {-0.32074287110659971, -0.14588071428571425} + {-0.32119447733979956, -0.15336428571428568} + {-0.32142521475967589, -0.16094499999999995} + {-0.32142521475967589, -0.16860785714285709} + {-0.32142521475967589, -0.30429214285714284} + {-0.24905966277561603, -0.41428571428571426} + {-0.15979200736855953, -0.41428571428571426} + {-0.12498637192428425, -0.41428571428571426} + {-0.092749863719242764, -0.39756357142857141} + {-0.066370608470083969, -0.36911714285714281} + {-0.020155454049888055, -0.44933999999999996} + {0.047726461023703481, -0.5} + {0.12339517660106403, -0.5} + {0.26265061373334098, -0.5} + {0.37554277336040165, -0.32840999999999998} + + + Style + + fill + + Color + + b + 0.67058799999999996 + g + 0.49803900000000001 + r + 0.023529399999999999 + space + srgb + + + shadow + + Draws + NO + + stroke + + Cap + 0 + Draws + NO + + + Text + + TextAlongPathGlyphAnchor + center + + + + ID + 64 + Layer + 0 + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Draws + NO + + + + + Bounds + {{-668, 359.73618560067212}, {154, 42.999999999999943}} + Class + ShapedGraphic + ID + 70 + Layer + 0 + Style + + fill + + Color + + a + 0.5 + b + 1 + g + 0.95686300000000002 + r + 0.93333299999999997 + space + srgb + + + shadow + + Draws + NO + + stroke + + Cap + 0 + Color + + b + 0.99215699999999996 + g + 0.63921600000000001 + r + 0.34117599999999998 + space + srgb + + CornerRadius + 9.5 + Width + 5 + + + Text + + Align + 0 + Text + {\rtf1\ansi\ansicpg1252\cocoartf2869 +\cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fnil\fcharset0 OpenSans;} +{\colortbl;\red255\green255\blue255;\red0\green0\blue0;} +{\*\expandedcolortbl;;\cssrgb\c0\c0\c0;} +\deftab720 +\pard\pardeftab720\partightenfactor0 + +\f0\fs32 \cf2 \expnd0\expndtw0\kerning0 + Omni Gateway} + TextAlongPathGlyphAnchor + center + + + + Class + Group + Graphics + + + Bounds + {{-402.26562462905179, 376.81901523196115}, {16.922580903018947, 8.3853278606371457}} + Class + ShapedGraphic + ID + 72 + Shape + Bezier + ShapeData + + AdditionalUnitPoints + + + {-0.21118379845500734, 0.16994382022471899} + {-0.21118379845500734, 0.16994382022471899} + {-0.28634560512213791, -0.27387640449438222} + {-0.28634560512213791, -0.27387640449438222} + {-0.28634560512213791, -0.27387640449438222} + {-0.36359523975224439, 0.16994382022471899} + {-0.36359523975224439, 0.16994382022471899} + {-0.36359523975224439, 0.16994382022471899} + {-0.21118379845500734, 0.16994382022471899} + + + {0.29337462593082331, -0.41432584269662942} + {0.32260421741248513, -0.35721032303370825} + {0.33721901315331604, -0.284643609550562} + {0.33721901315331604, -0.19662921348314621} + {0.33721901315331604, -0.10862008426966319} + {0.32260421741248513, -0.036042837078651857} + {0.29337462593082331, 0.021067415730336769} + {0.26460609645765187, 0.077247191011235783} + {0.22632925046976105, 0.10533707865168518} + {0.17854408796715149, 0.10533707865168518} + {0.17854408796715149, 0.10533707865168518} + {0.065801377966455576, 0.10533707865168518} + {0.065801377966455576, 0.10533707865168518} + {0.065801377966455576, 0.10533707865168518} + {0.065801377966455576, 0.49999999999999978} + {0.065801377966455576, 0.49999999999999978} + {0.065801377966455576, 0.49999999999999978} + {-0.0093604287006751052, 0.49999999999999978} + {-0.0093604287006751052, 0.49999999999999978} + {-0.0093604287006751052, 0.49999999999999978} + {-0.0093604287006751052, -0.50000000000000022} + {-0.0093604287006751052, -0.50000000000000022} + {-0.0093604287006751052, -0.50000000000000022} + {0.17854408796715149, -0.50000000000000022} + {0.17854408796715149, -0.50000000000000022} + {0.22632925046976105, -0.50000000000000022} + {0.26460609645765187, -0.47144136235955081} + + + {0.23839515623912566, -0.073033707865168829} + {0.25416695664277256, -0.10300210674157317} + {0.26205720648618558, -0.1441941713483148} + {0.26205720648618558, -0.19662921348314621} + {0.26205720648618558, -0.24906425561797763} + {0.25416695664277256, -0.28979459269662944} + {0.23839515623912566, -0.31882022471910143} + {0.22262335583547921, -0.34878335674157324} + {0.20127531491405104, -0.36376404494382042} + {0.17436843204119967, -0.36376404494382042} + {0.17436843204119967, -0.36376404494382042} + {0.065801377966455576, -0.36376404494382042} + {0.065801377966455576, -0.36376404494382042} + {0.065801377966455576, -0.36376404494382042} + {0.065801377966455576, -0.02949438202247201} + {0.065801377966455576, -0.02949438202247201} + {0.065801377966455576, -0.02949438202247201} + {0.17436843204119967, -0.02949438202247201} + {0.17436843204119967, -0.02949438202247201} + {0.20127531491405104, -0.02949438202247201} + {0.22262335583547921, -0.044013342696629376} + + + {0.49999999999999989, 0.49999999999999978} + {0.49999999999999989, 0.49999999999999978} + {0.42483819333286921, 0.49999999999999978} + {0.42483819333286921, 0.49999999999999978} + {0.42483819333286921, 0.49999999999999978} + {0.42483819333286921, -0.50000000000000022} + {0.42483819333286921, -0.50000000000000022} + {0.42483819333286921, -0.50000000000000022} + {0.49999999999999989, -0.50000000000000022} + {0.49999999999999989, -0.50000000000000022} + {0.49999999999999989, -0.50000000000000022} + {0.49999999999999989, 0.49999999999999978} + + + UnitPoints + + {-0.076170923515902378, 0.49999999999999978} + {-0.076170923515902378, 0.49999999999999978} + {-0.15620432876331003, 0.49999999999999978} + {-0.15620432876331003, 0.49999999999999978} + {-0.15620432876331003, 0.49999999999999978} + {-0.19030551882524893, 0.29915730337078617} + {-0.19030551882524893, 0.29915730337078617} + {-0.19030551882524893, 0.29915730337078617} + {-0.38586540469065356, 0.29915730337078617} + {-0.38586540469065356, 0.29915730337078617} + {-0.38586540469065356, 0.29915730337078617} + {-0.41996659475259235, 0.49999999999999978} + {-0.41996659475259235, 0.49999999999999978} + {-0.41996659475259235, 0.49999999999999978} + {-0.5, 0.49999999999999978} + {-0.5, 0.49999999999999978} + {-0.5, 0.49999999999999978} + {-0.31835896722110102, -0.50000000000000022} + {-0.31835896722110102, -0.50000000000000022} + {-0.31835896722110102, -0.50000000000000022} + {-0.25781195629480136, -0.50000000000000022} + {-0.25781195629480136, -0.50000000000000022} + {-0.25781195629480136, -0.50000000000000022} + {-0.076170923515902378, 0.49999999999999978} + + + Style + + fill + + Color + + b + 0.87451000000000001 + g + 0.63137299999999996 + r + 0.0 + space + srgb + + + shadow + + Draws + NO + + stroke + + Cap + 0 + Draws + NO + + + Text + + TextAlongPathGlyphAnchor + center + + + + Bounds + {{-407.88037892337491, 365.8456595660171}, {29.590079002599438, 29.590079002599456}} + Class + ShapedGraphic + ID + 73 + Shape + Circle + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Cap + 0 + Color + + b + 0.87451000000000001 + g + 0.63137299999999996 + r + 0.0 + space + srgb + + Width + 4 + + + Text + + TextAlongPathGlyphAnchor + center + + + + ID + 71 + Layer + 0 + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Draws + NO + + + + + Bounds + {{-414.79959768638253, 360.15921323743231}, {105.46302130191719, 42.750748773357266}} + Class + ShapedGraphic + ID + 74 + Layer + 0 + Style + + fill + + Color + + a + 0.14999999999999999 + b + 0.81568600000000002 + g + 0.99215699999999996 + r + 0.86274499999999998 + space + srgb + + + shadow + + Draws + NO + + stroke + + Cap + 0 + Color + + b + 0.33333299999999999 + g + 0.65490199999999998 + r + 0.231373 + space + srgb + + CornerRadius + 9.5 + Width + 5 + + + Text + + TextAlongPathGlyphAnchor + center + + + + Class + Group + Graphics + + + Bounds + {{-402.92891407120362, 318.75151684052179}, {16.922580903018947, 8.3853278606371457}} + Class + ShapedGraphic + ID + 76 + Shape + Bezier + ShapeData + + AdditionalUnitPoints + + + {-0.21118379845500734, 0.16994382022471899} + {-0.21118379845500734, 0.16994382022471899} + {-0.28634560512213791, -0.27387640449438222} + {-0.28634560512213791, -0.27387640449438222} + {-0.28634560512213791, -0.27387640449438222} + {-0.36359523975224439, 0.16994382022471899} + {-0.36359523975224439, 0.16994382022471899} + {-0.36359523975224439, 0.16994382022471899} + {-0.21118379845500734, 0.16994382022471899} + + + {0.29337462593082331, -0.41432584269662942} + {0.32260421741248513, -0.35721032303370825} + {0.33721901315331604, -0.284643609550562} + {0.33721901315331604, -0.19662921348314621} + {0.33721901315331604, -0.10862008426966319} + {0.32260421741248513, -0.036042837078651857} + {0.29337462593082331, 0.021067415730336769} + {0.26460609645765187, 0.077247191011235783} + {0.22632925046976105, 0.10533707865168518} + {0.17854408796715149, 0.10533707865168518} + {0.17854408796715149, 0.10533707865168518} + {0.065801377966455576, 0.10533707865168518} + {0.065801377966455576, 0.10533707865168518} + {0.065801377966455576, 0.10533707865168518} + {0.065801377966455576, 0.49999999999999978} + {0.065801377966455576, 0.49999999999999978} + {0.065801377966455576, 0.49999999999999978} + {-0.0093604287006751052, 0.49999999999999978} + {-0.0093604287006751052, 0.49999999999999978} + {-0.0093604287006751052, 0.49999999999999978} + {-0.0093604287006751052, -0.50000000000000022} + {-0.0093604287006751052, -0.50000000000000022} + {-0.0093604287006751052, -0.50000000000000022} + {0.17854408796715149, -0.50000000000000022} + {0.17854408796715149, -0.50000000000000022} + {0.22632925046976105, -0.50000000000000022} + {0.26460609645765187, -0.47144136235955081} + + + {0.23839515623912566, -0.073033707865168829} + {0.25416695664277256, -0.10300210674157317} + {0.26205720648618558, -0.1441941713483148} + {0.26205720648618558, -0.19662921348314621} + {0.26205720648618558, -0.24906425561797763} + {0.25416695664277256, -0.28979459269662944} + {0.23839515623912566, -0.31882022471910143} + {0.22262335583547921, -0.34878335674157324} + {0.20127531491405104, -0.36376404494382042} + {0.17436843204119967, -0.36376404494382042} + {0.17436843204119967, -0.36376404494382042} + {0.065801377966455576, -0.36376404494382042} + {0.065801377966455576, -0.36376404494382042} + {0.065801377966455576, -0.36376404494382042} + {0.065801377966455576, -0.02949438202247201} + {0.065801377966455576, -0.02949438202247201} + {0.065801377966455576, -0.02949438202247201} + {0.17436843204119967, -0.02949438202247201} + {0.17436843204119967, -0.02949438202247201} + {0.20127531491405104, -0.02949438202247201} + {0.22262335583547921, -0.044013342696629376} + + + {0.49999999999999989, 0.49999999999999978} + {0.49999999999999989, 0.49999999999999978} + {0.42483819333286921, 0.49999999999999978} + {0.42483819333286921, 0.49999999999999978} + {0.42483819333286921, 0.49999999999999978} + {0.42483819333286921, -0.50000000000000022} + {0.42483819333286921, -0.50000000000000022} + {0.42483819333286921, -0.50000000000000022} + {0.49999999999999989, -0.50000000000000022} + {0.49999999999999989, -0.50000000000000022} + {0.49999999999999989, -0.50000000000000022} + {0.49999999999999989, 0.49999999999999978} + + + UnitPoints + + {-0.076170923515902378, 0.49999999999999978} + {-0.076170923515902378, 0.49999999999999978} + {-0.15620432876331003, 0.49999999999999978} + {-0.15620432876331003, 0.49999999999999978} + {-0.15620432876331003, 0.49999999999999978} + {-0.19030551882524893, 0.29915730337078617} + {-0.19030551882524893, 0.29915730337078617} + {-0.19030551882524893, 0.29915730337078617} + {-0.38586540469065356, 0.29915730337078617} + {-0.38586540469065356, 0.29915730337078617} + {-0.38586540469065356, 0.29915730337078617} + {-0.41996659475259235, 0.49999999999999978} + {-0.41996659475259235, 0.49999999999999978} + {-0.41996659475259235, 0.49999999999999978} + {-0.5, 0.49999999999999978} + {-0.5, 0.49999999999999978} + {-0.5, 0.49999999999999978} + {-0.31835896722110102, -0.50000000000000022} + {-0.31835896722110102, -0.50000000000000022} + {-0.31835896722110102, -0.50000000000000022} + {-0.25781195629480136, -0.50000000000000022} + {-0.25781195629480136, -0.50000000000000022} + {-0.25781195629480136, -0.50000000000000022} + {-0.076170923515902378, 0.49999999999999978} + + + Style + + fill + + Color + + b + 0.87451000000000001 + g + 0.63137299999999996 + r + 0.0 + space + srgb + + + shadow + + Draws + NO + + stroke + + Cap + 0 + Draws + NO + + + Text + + TextAlongPathGlyphAnchor + center + + + + Bounds + {{-408.54366836552674, 307.77816117458798}, {29.590079002599438, 29.590079002599456}} + Class + ShapedGraphic + ID + 77 + Shape + Circle + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Cap + 0 + Color + + b + 0.87451000000000001 + g + 0.63137299999999996 + r + 0.0 + space + srgb + + Width + 4 + + + Text + + TextAlongPathGlyphAnchor + center + + + + ID + 75 + Layer + 0 + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Draws + NO + + + + + Bounds + {{-414.79959768638253, 304.0410494535015}, {105.46302130191719, 42.750748773357266}} + Class + ShapedGraphic + ID + 78 + Layer + 0 + Style + + fill + + Color + + a + 0.14999999999999999 + b + 0.81568600000000002 + g + 0.99215699999999996 + r + 0.86274499999999998 + space + srgb + + + shadow + + Draws + NO + + stroke + + Cap + 0 + Color + + b + 0.33333299999999999 + g + 0.65490199999999998 + r + 0.231373 + space + srgb + + CornerRadius + 9.5 + Width + 5 + + + Text + + TextAlongPathGlyphAnchor + center + + + + Bounds + {{-361.83762437463395, 371.45487718622496}, {30.527822876145379, 19.562616828894267}} + Class + ShapedGraphic + FontInfo + + Color + + space + gg22 + w + 0 + + Font + DINPro-Medium + Size + 18 + + ID + 79 + Layer + 0 + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Draws + NO + + + Text + + Text + {\rtf1\ansi\ansicpg1252\cocoartf2869 +\cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fnil\fcharset0 DINPro-Medium;} +{\colortbl;\red255\green255\blue255;} +{\*\expandedcolortbl;;} +\deftab720 +\pard\pardeftab720\qc\partightenfactor0 + +\f0\fs36 \cf0 API 2} + TextAlongPathGlyphAnchor + center + + Wrap + NO + + + Bounds + {{-361.83762437463395, 313.38737879478526}, {30.527822876145379, 19.562616828894267}} + Class + ShapedGraphic + FontInfo + + Color + + space + gg22 + w + 0 + + Font + DINPro-Medium + Size + 18 + + ID + 80 + Layer + 0 + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Draws + NO + + + Text + + Text + {\rtf1\ansi\ansicpg1252\cocoartf2869 +\cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fnil\fcharset0 DINPro-Medium;} +{\colortbl;\red255\green255\blue255;} +{\*\expandedcolortbl;;} +\deftab720 +\pard\pardeftab720\qc\partightenfactor0 + +\f0\fs36 \cf0 API 1} + TextAlongPathGlyphAnchor + center + + Wrap + NO + + + Class + Group + Graphics + + + Bounds + {{-654.25819488355137, 371.46407185628743}, {18.443113772455071, 16.07185628742516}} + Class + ShapedGraphic + ID + 82 + Shape + Bezier + ShapeData + + UnitPoints + + {0.5, -0.020646448087431712} + {0.5, 0.20992896174863385} + {0.38160000000000005, 0.40864480874316944} + {0.21086190476190481, 0.5} + {0.21086190476190481, 0.5} + {0.16678095238095247, 0.31108196721311476} + {0.16678095238095247, 0.31108196721311476} + {0.26646666666666674, 0.24483606557377058} + {0.33358571428571437, 0.12113114754098364} + {0.33358571428571437, -0.020646448087431712} + {0.33358571428571437, -0.085179234972677598} + {0.31963333333333332, -0.14594262295081967} + {0.29509523809523819, -0.19929125683060106} + {0.29509523809523819, -0.19929125683060106} + {0.069471428571428628, 0.1707540983606558} + {0.069471428571428628, 0.1707540983606558} + {0.069471428571428628, 0.1707540983606558} + {-0.069473333333333276, 0.1707540983606558} + {-0.069473333333333276, 0.1707540983606558} + {-0.069473333333333276, 0.1707540983606558} + {-0.295097619047619, -0.19929125683060106} + {-0.295097619047619, -0.19929125683060106} + {-0.31963380952380949, -0.14594262295081967} + {-0.33359047619047622, -0.085179234972677598} + {-0.33359047619047622, -0.020646448087431712} + {-0.33359047619047622, 0.12113114754098364} + {-0.26647190476190474, 0.24483606557377058} + {-0.16678428571428566, 0.31108196721311476} + {-0.16678428571428566, 0.31108196721311476} + {-0.21086523809523805, 0.5} + {-0.21086523809523805, 0.5} + {-0.38160142857142854, 0.40864480874316944} + {-0.5, 0.20992896174863385} + {-0.5, -0.020646448087431712} + {-0.5, -0.22097322404371583} + {-0.41061047619047619, -0.39725846994535519} + {-0.27519666666666665, -0.49999221185792347} + {-0.27519666666666665, -0.49999221185792347} + {0, -0.048761748633879776} + {0, -0.048761748633879776} + {0, -0.048761748633879776} + {0.27518571428571448, -0.5} + {0.27518571428571448, -0.5} + {0.41060476190476203, -0.39726612021857921} + {0.5, -0.2209814207650273} + + + Style + + fill + + Color + + b + 0.87451000000000001 + g + 0.63137299999999996 + r + 0.0 + space + srgb + + + shadow + + Beneath + YES + Color + + a + 0.10000000000000001 + b + 0.0 + g + 0.0 + r + 0.0 + space + srgb + + Fuzziness + 1 + + stroke + + Cap + 0 + Draws + NO + + + Text + + TextAlongPathGlyphAnchor + center + + + + Bounds + {{-656, 368.5}, {22.000000000000007, 22}} + Class + ShapedGraphic + ID + 83 + Shape + Circle + Style + + fill + + Draws + NO + + shadow + + Beneath + YES + Color + + a + 0.10000000000000001 + b + 0.0 + g + 0.0 + r + 0.0 + space + srgb + + Fuzziness + 4 + + stroke + + Cap + 0 + Color + + b + 0.87451000000000001 + g + 0.63137299999999996 + r + 0.0 + space + srgb + + Width + 4 + + + Text + + TextAlongPathGlyphAnchor + center + + + + ID + 81 + Layer + 0 + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Draws + NO + + + + + Bounds + {{-699, 258}, {405, 320}} + Class + ShapedGraphic + ID + 84 + Layer + 0 + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Cap + 0 + Color + + b + 0.80000000000000004 + g + 0.80000000000000004 + r + 0.80784299999999998 + space + srgb + + CornerRadius + 22.5 + Pattern + 1 + Width + 3 + + + Text + + TextAlongPathGlyphAnchor + center + + + + Bounds + {{-662.78756435643595, 178}, {140.28800000000047, 31.160000324249268}} + Class + ShapedGraphic + FitText + YES + Flow + Resize + FontInfo + + Color + + space + gg22 + w + 0 + + Font + DINPro-Medium + + ID + 85 + Layer + 0 + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Draws + NO + + + Text + + Text + {\rtf1\ansi\ansicpg1252\cocoartf2869 +\cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fnil\fcharset0 DINPro-Medium;} +{\colortbl;\red255\green255\blue255;} +{\*\expandedcolortbl;;} +\deftab720 +\pard\pardeftab720\qc\partightenfactor0 + +\f0\fs32 \cf0 Anypoint Platform} + TextAlongPathGlyphAnchor + center + + Wrap + NO + + + Class + Group + Graphics + + + Bounds + {{-618.98438074505589, 116.43318524951923}, {52.473152663676608, 45.726604464061126}} + Class + ShapedGraphic + ID + 87 + Shape + Bezier + ShapeData + + UnitPoints + + {0.5, -0.020646448087431712} + {0.5, 0.20992896174863385} + {0.38160000000000005, 0.40864480874316944} + {0.21086190476190481, 0.5} + {0.21086190476190481, 0.5} + {0.16678095238095247, 0.31108196721311476} + {0.16678095238095247, 0.31108196721311476} + {0.26646666666666674, 0.24483606557377058} + {0.33358571428571437, 0.12113114754098364} + {0.33358571428571437, -0.020646448087431712} + {0.33358571428571437, -0.085179234972677598} + {0.31963333333333332, -0.14594262295081967} + {0.29509523809523819, -0.19929125683060106} + {0.29509523809523819, -0.19929125683060106} + {0.069471428571428628, 0.1707540983606558} + {0.069471428571428628, 0.1707540983606558} + {0.069471428571428628, 0.1707540983606558} + {-0.069473333333333276, 0.1707540983606558} + {-0.069473333333333276, 0.1707540983606558} + {-0.069473333333333276, 0.1707540983606558} + {-0.295097619047619, -0.19929125683060106} + {-0.295097619047619, -0.19929125683060106} + {-0.31963380952380949, -0.14594262295081967} + {-0.33359047619047622, -0.085179234972677598} + {-0.33359047619047622, -0.020646448087431712} + {-0.33359047619047622, 0.12113114754098364} + {-0.26647190476190474, 0.24483606557377058} + {-0.16678428571428566, 0.31108196721311476} + {-0.16678428571428566, 0.31108196721311476} + {-0.21086523809523805, 0.5} + {-0.21086523809523805, 0.5} + {-0.38160142857142854, 0.40864480874316944} + {-0.5, 0.20992896174863385} + {-0.5, -0.020646448087431712} + {-0.5, -0.22097322404371583} + {-0.41061047619047619, -0.39725846994535519} + {-0.27519666666666665, -0.49999221185792347} + {-0.27519666666666665, -0.49999221185792347} + {0, -0.048761748633879776} + {0, -0.048761748633879776} + {0, -0.048761748633879776} + {0.27518571428571448, -0.5} + {0.27518571428571448, -0.5} + {0.41060476190476203, -0.39726612021857921} + {0.5, -0.2209814207650273} + + + Style + + fill + + Color + + b + 0.87451000000000001 + g + 0.63137299999999996 + r + 0.0 + space + srgb + + + shadow + + Beneath + YES + Color + + a + 0.10000000000000001 + b + 0.0 + g + 0.0 + r + 0.0 + space + srgb + + Fuzziness + 1 + + stroke + + Cap + 0 + Draws + NO + + + Text + + TextAlongPathGlyphAnchor + center + + + + Bounds + {{-623.94005183798572, 108}, {62.592974963100012, 62.592974963100005}} + Class + ShapedGraphic + ID + 88 + Shape + Circle + Style + + fill + + Draws + NO + + shadow + + Beneath + YES + Color + + a + 0.10000000000000001 + b + 0.0 + g + 0.0 + r + 0.0 + space + srgb + + Fuzziness + 4 + + stroke + + Cap + 0 + Color + + b + 0.87451000000000001 + g + 0.63137299999999996 + r + 0.0 + space + srgb + + Width + 4 + + + Text + + TextAlongPathGlyphAnchor + center + + + + ID + 86 + Layer + 0 + Style + + fill + + Draws + NO + + shadow + + Draws + NO + + stroke + + Draws + NO + + + + + Bounds + {{-681.21658102779497, 91}, {177, 129}} + Class + ShapedGraphic + ID + 62 + Layer + 0 + Style + + fill + + Color + + a + 0.5 + b + 1 + g + 0.95686300000000002 + r + 0.93333299999999997 + space + srgb + + + shadow + + Draws + NO + + stroke + + Cap + 0 + Color + + b + 0.99215699999999996 + g + 0.63921600000000001 + r + 0.34117599999999998 + space + srgb + + CornerRadius + 9.5 + Width + 5 + + + Text + + TextAlongPathGlyphAnchor + center + + + + GridInfo + + GridSpacing + 1 + MajorGridColor + + a + 0.1 + archive + + YnBsaXN0MDDUAQIDBAUGBwpYJHZlcnNpb25Z + JGFyY2hpdmVyVCR0b3BYJG9iamVjdHMSAAGG + oF8QD05TS2V5ZWRBcmNoaXZlctEICVRyb290 + gAGmCwwZHyAnVSRudWxs1g0ODxAREhMUFRYX + GFYkY2xhc3NcTlNDb21wb25lbnRzVU5TUkdC + XE5TQ29sb3JTcGFjZV8QEk5TQ3VzdG9tQ29s + b3JTcGFjZV8QEE5TTGluZWFyRXhwb3N1cmWA + BUkwIDAgMCAwLjFKMCAwIDAgMC4xABABgAJB + MdMaDRscHR5VTlNJQ0NZTlNTcGFjZUlEgAOA + BBAOTxEMSAAADEhMaW5vAhAAAG1udHJSR0Ig + WFlaIAfOAAIACQAGADEAAGFjc3BNU0ZUAAAA + AElFQyBzUkdCAAAAAAAAAAAAAAAAAAD21gAB + AAAAANMtSFAgIAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAEWNwcnQAAAFQAAAAM2Rlc2MAAAGEAAAA + bHd0cHQAAAHwAAAAFGJrcHQAAAIEAAAAFHJY + WVoAAAIYAAAAFGdYWVoAAAIsAAAAFGJYWVoA + AAJAAAAAFGRtbmQAAAJUAAAAcGRtZGQAAALE + AAAAiHZ1ZWQAAANMAAAAhnZpZXcAAAPUAAAA + JGx1bWkAAAP4AAAAFG1lYXMAAAQMAAAAJHRl + Y2gAAAQwAAAADHJUUkMAAAQ8AAAIDGdUUkMA + AAQ8AAAIDGJUUkMAAAQ8AAAIDHRleHQAAAAA + Q29weXJpZ2h0IChjKSAxOTk4IEhld2xldHQt + UGFja2FyZCBDb21wYW55AABkZXNjAAAAAAAA + ABJzUkdCIElFQzYxOTY2LTIuMQAAAAAAAAAA + AAAAEnNSR0IgSUVDNjE5NjYtMi4xAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAABYWVogAAAAAAAA + 81EAAQAAAAEWzFhZWiAAAAAAAAAAAAAAAAAA + AAAAWFlaIAAAAAAAAG+iAAA49QAAA5BYWVog + AAAAAAAAYpkAALeFAAAY2lhZWiAAAAAAAAAk + oAAAD4QAALbPZGVzYwAAAAAAAAAWSUVDIGh0 + dHA6Ly93d3cuaWVjLmNoAAAAAAAAAAAAAAAW + SUVDIGh0dHA6Ly93d3cuaWVjLmNoAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAGRlc2MAAAAAAAAALklF + QyA2MTk2Ni0yLjEgRGVmYXVsdCBSR0IgY29s + b3VyIHNwYWNlIC0gc1JHQgAAAAAAAAAAAAAA + LklFQyA2MTk2Ni0yLjEgRGVmYXVsdCBSR0Ig + Y29sb3VyIHNwYWNlIC0gc1JHQgAAAAAAAAAA + AAAAAAAAAAAAAAAAAABkZXNjAAAAAAAAACxS + ZWZlcmVuY2UgVmlld2luZyBDb25kaXRpb24g + aW4gSUVDNjE5NjYtMi4xAAAAAAAAAAAAAAAs + UmVmZXJlbmNlIFZpZXdpbmcgQ29uZGl0aW9u + IGluIElFQzYxOTY2LTIuMQAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAdmlldwAAAAAAE6T+ + ABRfLgAQzxQAA+3MAAQTCwADXJ4AAAABWFla + IAAAAAAATAlWAFAAAABXH+dtZWFzAAAAAAAA + AAEAAAAAAAAAAAAAAAAAAAAAAAACjwAAAAJz + aWcgAAAAAENSVCBjdXJ2AAAAAAAABAAAAAAF + AAoADwAUABkAHgAjACgALQAyADcAOwBAAEUA + SgBPAFQAWQBeAGMAaABtAHIAdwB8AIEAhgCL + AJAAlQCaAJ8ApACpAK4AsgC3ALwAwQDGAMsA + 0ADVANsA4ADlAOsA8AD2APsBAQEHAQ0BEwEZ + AR8BJQErATIBOAE+AUUBTAFSAVkBYAFnAW4B + dQF8AYMBiwGSAZoBoQGpAbEBuQHBAckB0QHZ + AeEB6QHyAfoCAwIMAhQCHQImAi8COAJBAksC + VAJdAmcCcQJ6AoQCjgKYAqICrAK2AsECywLV + AuAC6wL1AwADCwMWAyEDLQM4A0MDTwNaA2YD + cgN+A4oDlgOiA64DugPHA9MD4APsA/kEBgQT + BCAELQQ7BEgEVQRjBHEEfgSMBJoEqAS2BMQE + 0wThBPAE/gUNBRwFKwU6BUkFWAVnBXcFhgWW + BaYFtQXFBdUF5QX2BgYGFgYnBjcGSAZZBmoG + ewaMBp0GrwbABtEG4wb1BwcHGQcrBz0HTwdh + B3QHhgeZB6wHvwfSB+UH+AgLCB8IMghGCFoI + bgiCCJYIqgi+CNII5wj7CRAJJQk6CU8JZAl5 + CY8JpAm6Cc8J5Qn7ChEKJwo9ClQKagqBCpgK + rgrFCtwK8wsLCyILOQtRC2kLgAuYC7ALyAvh + C/kMEgwqDEMMXAx1DI4MpwzADNkM8w0NDSYN + QA1aDXQNjg2pDcMN3g34DhMOLg5JDmQOfw6b + DrYO0g7uDwkPJQ9BD14Peg+WD7MPzw/sEAkQ + JhBDEGEQfhCbELkQ1xD1ERMRMRFPEW0RjBGq + EckR6BIHEiYSRRJkEoQSoxLDEuMTAxMjE0MT + YxODE6QTxRPlFAYUJxRJFGoUixStFM4U8BUS + FTQVVhV4FZsVvRXgFgMWJhZJFmwWjxayFtYW + +hcdF0EXZReJF64X0hf3GBsYQBhlGIoYrxjV + GPoZIBlFGWsZkRm3Gd0aBBoqGlEadxqeGsUa + 7BsUGzsbYxuKG7Ib2hwCHCocUhx7HKMczBz1 + HR4dRx1wHZkdwx3sHhYeQB5qHpQevh7pHxMf + Ph9pH5Qfvx/qIBUgQSBsIJggxCDwIRwhSCF1 + IaEhziH7IiciVSKCIq8i3SMKIzgjZiOUI8Ij + 8CQfJE0kfCSrJNolCSU4JWgllyXHJfcmJyZX + JocmtyboJxgnSSd6J6sn3CgNKD8ocSiiKNQp + Bik4KWspnSnQKgIqNSpoKpsqzysCKzYraSud + K9EsBSw5LG4soizXLQwtQS12Last4S4WLkwu + gi63Lu4vJC9aL5Evxy/+MDUwbDCkMNsxEjFK + MYIxujHyMioyYzKbMtQzDTNGM38zuDPxNCs0 + ZTSeNNg1EzVNNYc1wjX9Njc2cjauNuk3JDdg + N5w31zgUOFA4jDjIOQU5Qjl/Obw5+To2OnQ6 + sjrvOy07azuqO+g8JzxlPKQ84z0iPWE9oT3g + PiA+YD6gPuA/IT9hP6I/4kAjQGRApkDnQSlB + akGsQe5CMEJyQrVC90M6Q31DwEQDREdEikTO + RRJFVUWaRd5GIkZnRqtG8Ec1R3tHwEgFSEtI + kUjXSR1JY0mpSfBKN0p9SsRLDEtTS5pL4kwq + THJMuk0CTUpNk03cTiVObk63TwBPSU+TT91Q + J1BxULtRBlFQUZtR5lIxUnxSx1MTU19TqlP2 + VEJUj1TbVShVdVXCVg9WXFapVvdXRFeSV+BY + L1h9WMtZGllpWbhaB1pWWqZa9VtFW5Vb5Vw1 + XIZc1l0nXXhdyV4aXmxevV8PX2Ffs2AFYFdg + qmD8YU9homH1YklinGLwY0Njl2PrZEBklGTp + ZT1lkmXnZj1mkmboZz1nk2fpaD9olmjsaUNp + mmnxakhqn2r3a09rp2v/bFdsr20IbWBtuW4S + bmtuxG8eb3hv0XArcIZw4HE6cZVx8HJLcqZz + AXNdc7h0FHRwdMx1KHWFdeF2Pnabdvh3Vnez + eBF4bnjMeSp5iXnnekZ6pXsEe2N7wnwhfIF8 + 4X1BfaF+AX5ifsJ/I3+Ef+WAR4CogQqBa4HN + gjCCkoL0g1eDuoQdhICE44VHhauGDoZyhteH + O4efiASIaYjOiTOJmYn+imSKyoswi5aL/Ixj + jMqNMY2Yjf+OZo7OjzaPnpAGkG6Q1pE/kaiS + EZJ6kuOTTZO2lCCUipT0lV+VyZY0lp+XCpd1 + l+CYTJi4mSSZkJn8mmia1ZtCm6+cHJyJnPed + ZJ3SnkCerp8dn4uf+qBpoNihR6G2oiailqMG + o3aj5qRWpMelOKWpphqmi6b9p26n4KhSqMSp + N6mpqhyqj6sCq3Wr6axcrNCtRK24ri2uoa8W + r4uwALB1sOqxYLHWskuywrM4s660JbSctRO1 + irYBtnm28Ldot+C4WbjRuUq5wro7urW7Lrun + vCG8m70VvY++Cr6Evv+/er/1wHDA7MFnwePC + X8Lbw1jD1MRRxM7FS8XIxkbGw8dBx7/IPci8 + yTrJuco4yrfLNsu2zDXMtc01zbXONs62zzfP + uNA50LrRPNG+0j/SwdNE08bUSdTL1U7V0dZV + 1tjXXNfg2GTY6Nls2fHadtr724DcBdyK3RDd + lt4c3qLfKd+v4DbgveFE4cziU+Lb42Pj6+Rz + 5PzlhOYN5pbnH+ep6DLovOlG6dDqW+rl63Dr + ++yG7RHtnO4o7rTvQO/M8Fjw5fFy8f/yjPMZ + 86f0NPTC9VD13vZt9vv3ivgZ+Kj5OPnH+lf6 + 5/t3/Af8mP0p/br+S/7c/23//9IhIiMkWiRj + bGFzc25hbWVYJGNsYXNzZXNcTlNDb2xvclNw + YWNloiUmXE5TQ29sb3JTcGFjZVhOU09iamVj + dNIhIigpV05TQ29sb3KiKCYACAARABoAJAAp + ADIANwBJAEwAUQBTAFoAYABtAHQAgQCHAJQA + qQC8AL4AyADTANUA1wDZAOAA5gDwAPIA9AD2 + DUINRw1SDVsNaA1rDXgNgQ2GDY4AAAAAAAAC + AQAAAAAAAAAqAAAAAAAAAAAAAAAAAAANkQ== + + b + 0 + g + 0 + r + 0 + + MajorGridSpacing + 4 + ShowsGrid + YES + + HPages + 2 + KeepToScale + + Layers + + + Artboards + + Lock + + Name + Layer 1 + Print + + View + + + + Artboards + + Lock + + Name + Layer 2 + Print + + View + + + + LayoutInfo + + Animate + NO + LayoutTarget + 1 + circoMinDist + 18 + circoSeparation + 0.0 + layoutEngine + dot + neatoLineLength + 0.20000000298023224 + neatoSeparation + 0.0 + twopiSeparation + 0.0 + + Orientation + 2 + OutlineStyle + Blank.gtemplate + OutlineStyleURL + + Ym9va6AEAAAAAAUQQAAAAAc+xu5VbWvUANGiqeXng/c8DOrke8K5 + 1ni0THizmGtGAAAAAAAAAAAAAAAAAAAAAIADAAAEAAAAAwMAAAAI + ACgFAAAAAQEAAFVzZXJzAAAACgAAAAEBAABsZG9zc2FudG9zAAAH + AAAAAQEAAExpYnJhcnkACgAAAAEBAABDb250YWluZXJzAAAaAAAA + AQEAAGNvbS5vbW5pZ3JvdXAuT21uaUdyYWZmbGU3AAAEAAAAAQEA + AERhdGETAAAAAQEAAEFwcGxpY2F0aW9uIFN1cHBvcnQADgAAAAEB + AABUaGUgT21uaSBHcm91cAAACwAAAAEBAABPbW5pR3JhZmZsZQAJ + AAAAAQEAAFRlbXBsYXRlcwAAAAkAAAABAQAAVVggYW5kIFVJAAAA + DwAAAAEBAABCbGFuay5ndGVtcGxhdGUANAAAAAEGAAAQAAAAIAAA + ADQAAABEAAAAWAAAAHwAAAA0AAAAiAAAAKQAAAC8AAAA0AAAAOQA + AAD4AAAACAAAAAQDAABZQgAAAAAAAAgAAAAEAwAAJGAEAAAAAAAI + AAAABAMAAC1gBAAAAAAACAAAAAQDAAC5ZQQAAAAAAAgAAAAEAwAA + J74WAAAAAAAIAAAABAMAACi+FgAAAAAACAAAAAQDAAArvhYAAAAA + AAgAAAAEAwAALL4WAAAAAAAIAAAABAMAAL2+FgAAAAAACAAAAAQD + AAC+vhYAAAAAAAgAAAAEAwAAcL8WAAAAAAAIAAAABAMAAE3AFgAA + AAAACAAAAAQDAABawBYAAAAAADQAAAABBgAATAEAAFwBAABsAQAA + fAEAAIwBAACcAQAArAEAALwBAADMAQAA3AEAAOwBAAD8AQAADAIA + AAgAAAAABAAAQcbpXAMAAAAYAAAAAQIAAAIAAAAAAAAADwAAAAAA + AAAAAAAAAAAAAAgAAAAEAwAACwAAAAAAAAAEAAAAAwMAAPUBAAAI + AAAAAQkAAGZpbGU6Ly8vDAAAAAEBAABNYWNpbnRvc2ggSEQIAAAA + BAMAAACQgpbnAAAACAAAAAAEAABBx8HRCIAAACQAAAABAQAANUJD + QzFEQTAtNzkzRS00MjVDLTg2MDctMzE1ODJDOTNFRDRFGAAAAAEC + AACBAAAAAQAAAO8TAAABAAAAAAAAAAAAAAABAAAAAQEAAC8AAAAA + AAAAAQUAAC8AAAABAQAATlNVUkxCb29rbWFya1F1YXJhbnRpbmVN + b3VudGVkTmV0d29ya1ZvbHVtZXNLZXkA2AAAAP7///8BAAAAAAAA + ABEAAAAEEAAAEAEAAAAAAAAFEAAAHAIAAAAAAAAQEAAAaAIAAAAA + AABAEAAAWAIAAAAAAAACIAAANAMAAAAAAAAFIAAApAIAAAAAAAAQ + IAAAtAIAAAAAAAARIAAA6AIAAAAAAAASIAAAyAIAAAAAAAATIAAA + 2AIAAAAAAAAgIAAAFAMAAAAAAAAwIAAAQAMAAAAAAAABwAAAiAIA + AAAAAAARwAAAIAAAAAAAAAASwAAAmAIAAAAAAAAQ0AAABAAAAAAA + AABIAwCAQAMAAAAAAAA= + + PrintOnePage + + RowAlign + 1 + RowSpacing + 36 + SheetTitle + intro 2 + UniqueID + 2 + VPages + 1 + VisibleVoidKey + 1 + + + SmartAlignmentGuidesActive + YES + SmartDistanceGuidesActive + YES + UseEntirePage + + WindowInfo + + CurrentSheet + 0 + Frame + {{216, 255}, {1512, 829}} + ShowInfo + + ShowRuler + + Sidebar + + SidebarWidth + 246 + Sidebar_Tab + 0 + VisibleRegion + {{-1036.8421052631577, -219.73684210526312}, {1268.421052631579, 943.42105263157885}} + WindowInfo_InspectorTab + + com.omnigroup.OmniGraffle.inspectorGroup.object + + ZoomValues + + + intro 2 + 0.76000000000000001 + 1 + + + + compressOnDiskKey + + copyLinkedImagesKey + + createSinglePDFKey + 1 + exportAreaKey + 4 + exportQualityKey + 100 + exportSizesKey + + 1 + + + fileFormatKey + 0 + graffleDocumentFormatKey + 0 + htmlImageTypeKey + 0 + includeBackgroundGraphicKey + + includeNonPrintingLayersKey + + lastExportTypeKey + 0 + marginWidthKey + 0.0 + readOnlyKey + + resolutionForBMPKey + 1 + resolutionForGIFKey + 1 + resolutionForHTMLKey + 1 + resolutionForJPGKey + 1 + resolutionForPNGKey + 2 + resolutionForTIFFKey + 1 + resolutionUnitsKey + 0 + useArtboardsKey + + useMarginKey + + useNotesKey + + + diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-1a-physical.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-1a-physical.graffle new file mode 100644 index 000000000..507c785ec Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-1a-physical.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-1a.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-1a.graffle new file mode 100644 index 000000000..34395d35f Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-1a.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-1b-physical.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-1b-physical.graffle new file mode 100644 index 000000000..867a29924 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-1b-physical.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-1b-separate-clusters.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-1b-separate-clusters.graffle new file mode 100644 index 000000000..f8c71dcc9 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-1b-separate-clusters.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-1b.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-1b.graffle new file mode 100644 index 000000000..f04a77ccd Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-1b.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-2-physical.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-2-physical.graffle new file mode 100644 index 000000000..c14014807 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-2-physical.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-2.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-2.graffle new file mode 100644 index 000000000..8503b9d5b Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-2.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-3-physical.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-3-physical.graffle new file mode 100644 index 000000000..4d8035bbb Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-3-physical.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-3.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-3.graffle new file mode 100644 index 000000000..a0f8bd200 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-3.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-4-physical.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-4-physical.graffle new file mode 100644 index 000000000..de8e787a2 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-4-physical.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-4.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-4.graffle new file mode 100644 index 000000000..4c59a50c5 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-1-p-4.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-2-p-5-physical.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-2-p-5-physical.graffle new file mode 100644 index 000000000..f013d4855 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-2-p-5-physical.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-2-p-6-physical.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-2-p-6-physical.graffle new file mode 100644 index 000000000..f0153a79f Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-2-p-6-physical.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-3-p-7-physical.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-3-p-7-physical.graffle new file mode 100644 index 000000000..005f5d840 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-3-p-7-physical.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-3-p-8-physical.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-3-p-8-physical.graffle new file mode 100644 index 000000000..1952056f5 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-3-p-8-physical.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-4-p-9-physical.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-4-p-9-physical.graffle new file mode 100644 index 000000000..8de17dab1 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ad-uc-4-p-9-physical.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/agent-fabric-architecture.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/agent-fabric-architecture.graffle new file mode 100644 index 000000000..f702875f9 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/agent-fabric-architecture.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ext-auth-policy.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ext-auth-policy.graffle new file mode 100644 index 000000000..6af1daa44 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ext-auth-policy.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/ext-processing-policy.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/ext-processing-policy.graffle new file mode 100644 index 000000000..b2b79a1ef Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/ext-processing-policy.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/flex-inbound-outbound-requests.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/flex-inbound-outbound-requests.graffle new file mode 100644 index 000000000..5a937da43 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/flex-inbound-outbound-requests.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/flex-istio-deployment.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/flex-istio-deployment.graffle new file mode 100644 index 000000000..8a3286f03 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/flex-istio-deployment.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/forward-proxy-diagram.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/forward-proxy-diagram.graffle new file mode 100644 index 000000000..ea33095d3 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/forward-proxy-diagram.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-architecture-diagram.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-architecture-diagram.graffle new file mode 100644 index 000000000..b225f72dd Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-architecture-diagram.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-concepts-control-plane-diagram.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-concepts-control-plane-diagram.graffle new file mode 100644 index 000000000..bf857082c Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-concepts-control-plane-diagram.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-configuration-models.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-configuration-models.graffle new file mode 100644 index 000000000..1ff9b149b Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-configuration-models.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-add-gateway-k8.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-add-gateway-k8.graffle new file mode 100644 index 000000000..ac659d9d0 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-add-gateway-k8.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-add-gateway.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-add-gateway.graffle new file mode 100644 index 000000000..ecf5acd0a Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-add-gateway.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-add-policy.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-add-policy.graffle new file mode 100644 index 000000000..674ce3ccc Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-add-policy.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-config-basic-auth.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-config-basic-auth.graffle new file mode 100644 index 000000000..23bc70096 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-config-basic-auth.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-add-new-api.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-add-new-api.graffle new file mode 100644 index 000000000..900c84300 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-add-new-api.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-api-config-api.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-api-config-api.graffle new file mode 100644 index 000000000..5f3a8595f Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-api-config-api.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-api-config-endpoint.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-api-config-endpoint.graffle new file mode 100644 index 000000000..7708334ab Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-api-config-endpoint.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-basic-auth.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-basic-auth.graffle new file mode 100644 index 000000000..d787f498d Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-basic-auth.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-config-basic-auth-edit-dialogue.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-config-basic-auth-edit-dialogue.graffle new file mode 100644 index 000000000..9cc9dd650 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-config-basic-auth-edit-dialogue.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-config-basic-auth-edit.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-config-basic-auth-edit.graffle new file mode 100644 index 000000000..7ec982dfc Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-config-basic-auth-edit.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-my-gateway-rtm.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-my-gateway-rtm.graffle new file mode 100644 index 000000000..29fcea269 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-my-gateway-rtm.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-return-to-gateway-list.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-return-to-gateway-list.graffle new file mode 100644 index 000000000..415baf6e0 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-return-to-gateway-list.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-select-gateway-for-api.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-select-gateway-for-api.graffle new file mode 100644 index 000000000..7d157de48 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-select-gateway-for-api.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-view-apis.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-view-apis.graffle new file mode 100644 index 000000000..73cd35f31 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-k8-view-apis.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-select-endpoint.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-select-endpoint.graffle new file mode 100644 index 000000000..e472723aa Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-quickstart-select-endpoint.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-usage-report.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-usage-report.graffle new file mode 100644 index 000000000..4bbbd4e55 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/gateway-usage-report.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/high-availability-1a.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/high-availability-1a.graffle new file mode 100644 index 000000000..45d1b2baf Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/high-availability-1a.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/high-availability-1b.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/high-availability-1b.graffle new file mode 100644 index 000000000..9df0bac32 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/high-availability-1b.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/high-availability-2.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/high-availability-2.graffle new file mode 100644 index 000000000..631610325 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/high-availability-2.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/high-availability-3a.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/high-availability-3a.graffle new file mode 100644 index 000000000..fd77e6efa Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/high-availability-3a.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/high-availability-3b.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/high-availability-3b.graffle new file mode 100644 index 000000000..68375da24 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/high-availability-3b.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/llm-proxy.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/llm-proxy.graffle new file mode 100644 index 000000000..b0d766894 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/llm-proxy.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/managed-high-availability.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/managed-high-availability.graffle new file mode 100644 index 000000000..2f04e55b1 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/managed-high-availability.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/more-options-menu.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/more-options-menu.graffle new file mode 100644 index 000000000..df5b39412 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/more-options-menu.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/multiple-upstreams.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/multiple-upstreams.graffle new file mode 100644 index 000000000..32420ef48 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/multiple-upstreams.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/no-proxy-diagram.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/no-proxy-diagram.graffle new file mode 100644 index 000000000..132d22dfb Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/no-proxy-diagram.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-clusterizable.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-clusterizable.graffle new file mode 100644 index 000000000..665117343 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-clusterizable.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-configure-clusters.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-configure-clusters.graffle new file mode 100644 index 000000000..915912f7a Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-configure-clusters.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-configure-identifiers-dataweave.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-configure-identifiers-dataweave.graffle new file mode 100644 index 000000000..2bf9491d7 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-configure-identifiers-dataweave.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-configure-identifiers-example.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-configure-identifiers-example.graffle new file mode 100644 index 000000000..e4ed40a7e Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-configure-identifiers-example.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-generic-example.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-generic-example.graffle new file mode 100644 index 000000000..b467e6169 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-generic-example.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-sla-general.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-sla-general.graffle new file mode 100644 index 000000000..344adcb8c Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/rate-limiting-sla-general.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/redis-same-cluster.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/redis-same-cluster.graffle new file mode 100644 index 000000000..edb3acbac Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/redis-same-cluster.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/redis-same-vpc.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/redis-same-vpc.graffle new file mode 100644 index 000000000..628a93bb8 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/redis-same-vpc.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/security-best-practices.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/security-best-practices.graffle new file mode 100644 index 000000000..14c9760ca Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/security-best-practices.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/image-source-files/shared-storage.graffle b/gateway/1.13/modules/ROOT/assets/image-source-files/shared-storage.graffle new file mode 100644 index 000000000..ef16e1f00 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/image-source-files/shared-storage.graffle differ diff --git a/gateway/1.13/modules/ROOT/assets/images/access-token.png b/gateway/1.13/modules/ROOT/assets/images/access-token.png new file mode 100644 index 000000000..c03a4eed8 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/access-token.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/accessing-your-api-behind-a-firewall-e7a50.png b/gateway/1.13/modules/ROOT/assets/images/accessing-your-api-behind-a-firewall-e7a50.png new file mode 100644 index 000000000..5b1b3a9a0 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/accessing-your-api-behind-a-firewall-e7a50.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-egress-deployment.png b/gateway/1.13/modules/ROOT/assets/images/ad-egress-deployment.png new file mode 100644 index 000000000..be01aff71 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-egress-deployment.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-external-non-org-mtls.png b/gateway/1.13/modules/ROOT/assets/images/ad-external-non-org-mtls.png new file mode 100644 index 000000000..4afc2a006 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-external-non-org-mtls.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-external-org-mtls.png b/gateway/1.13/modules/ROOT/assets/images/ad-external-org-mtls.png new file mode 100644 index 000000000..0103af0e3 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-external-org-mtls.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-ingress-controller.png b/gateway/1.13/modules/ROOT/assets/images/ad-ingress-controller.png new file mode 100644 index 000000000..0bfaca3fa Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-ingress-controller.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-ingress-deployment.png b/gateway/1.13/modules/ROOT/assets/images/ad-ingress-deployment.png new file mode 100644 index 000000000..2bac92390 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-ingress-deployment.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-intergration-use-cases.png b/gateway/1.13/modules/ROOT/assets/images/ad-intergration-use-cases.png new file mode 100644 index 000000000..8c1879ab6 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-intergration-use-cases.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-internal-org-mtls.png b/gateway/1.13/modules/ROOT/assets/images/ad-internal-org-mtls.png new file mode 100644 index 000000000..1ff67c2ac Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-internal-org-mtls.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-sidecar-deployment.png b/gateway/1.13/modules/ROOT/assets/images/ad-sidecar-deployment.png new file mode 100644 index 000000000..618fa0f12 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-sidecar-deployment.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-standalone-deployment.png b/gateway/1.13/modules/ROOT/assets/images/ad-standalone-deployment.png new file mode 100644 index 000000000..533bdca3c Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-standalone-deployment.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-1a-physical.png b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-1a-physical.png new file mode 100644 index 000000000..1ef36d4be Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-1a-physical.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-1a.png b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-1a.png new file mode 100644 index 000000000..61c9ee7a4 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-1a.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-1b-physical.png b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-1b-physical.png new file mode 100644 index 000000000..a903e8bab Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-1b-physical.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-1b-separate-clusters.png b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-1b-separate-clusters.png new file mode 100644 index 000000000..ca210a579 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-1b-separate-clusters.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-1b.png b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-1b.png new file mode 100644 index 000000000..58cd3ebe3 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-1b.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-2-physical.png b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-2-physical.png new file mode 100644 index 000000000..e73307b93 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-2-physical.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-2.png b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-2.png new file mode 100644 index 000000000..e92176fbd Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-2.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-3-physical.png b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-3-physical.png new file mode 100644 index 000000000..8fd487513 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-3-physical.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-3.png b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-3.png new file mode 100644 index 000000000..72f1e19b0 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-3.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-4-physical.png b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-4-physical.png new file mode 100644 index 000000000..3b4887214 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-4-physical.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-4.png b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-4.png new file mode 100644 index 000000000..5646c1b09 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-uc-1-p-4.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-uc-2-p-5-physical.png b/gateway/1.13/modules/ROOT/assets/images/ad-uc-2-p-5-physical.png new file mode 100644 index 000000000..e31c625a6 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-uc-2-p-5-physical.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-uc-2-p-6-physical.png b/gateway/1.13/modules/ROOT/assets/images/ad-uc-2-p-6-physical.png new file mode 100644 index 000000000..164e37098 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-uc-2-p-6-physical.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-uc-3-p-7-physical.png b/gateway/1.13/modules/ROOT/assets/images/ad-uc-3-p-7-physical.png new file mode 100644 index 000000000..637d05f46 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-uc-3-p-7-physical.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-uc-3-p-8-physical.png b/gateway/1.13/modules/ROOT/assets/images/ad-uc-3-p-8-physical.png new file mode 100644 index 000000000..514b9a190 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-uc-3-p-8-physical.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ad-uc-4-p-9-physical.png b/gateway/1.13/modules/ROOT/assets/images/ad-uc-4-p-9-physical.png new file mode 100644 index 000000000..80b24ea87 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ad-uc-4-p-9-physical.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/agent-fabric-architecture.png b/gateway/1.13/modules/ROOT/assets/images/agent-fabric-architecture.png new file mode 100644 index 000000000..36220823f Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/agent-fabric-architecture.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/api-gateway-capabilities-mule4-2ed4e.png b/gateway/1.13/modules/ROOT/assets/images/api-gateway-capabilities-mule4-2ed4e.png new file mode 100644 index 000000000..267262b2c Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/api-gateway-capabilities-mule4-2ed4e.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/api-gateway-capabilities-mule4-40081.png b/gateway/1.13/modules/ROOT/assets/images/api-gateway-capabilities-mule4-40081.png new file mode 100644 index 000000000..a0e4ac68d Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/api-gateway-capabilities-mule4-40081.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/api-gateway-capabilities-mule4-62bf9.png b/gateway/1.13/modules/ROOT/assets/images/api-gateway-capabilities-mule4-62bf9.png new file mode 100644 index 000000000..d4699e0b1 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/api-gateway-capabilities-mule4-62bf9.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/api-gateway-enabling-0cbca.png b/gateway/1.13/modules/ROOT/assets/images/api-gateway-enabling-0cbca.png new file mode 100644 index 000000000..0bf2bf364 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/api-gateway-enabling-0cbca.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/api-groups-add-sla-tier.png b/gateway/1.13/modules/ROOT/assets/images/api-groups-add-sla-tier.png new file mode 100644 index 000000000..8c1879ab6 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/api-groups-add-sla-tier.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/api-id.png b/gateway/1.13/modules/ROOT/assets/images/api-id.png new file mode 100644 index 000000000..fa768c198 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/api-id.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/api-name-version-autodiscovery.png b/gateway/1.13/modules/ROOT/assets/images/api-name-version-autodiscovery.png new file mode 100644 index 000000000..c786525d6 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/api-name-version-autodiscovery.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/apigateway.png b/gateway/1.13/modules/ROOT/assets/images/apigateway.png new file mode 100644 index 000000000..9f7addaa9 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/apigateway.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/apim-message-logging-policy-states-1.png b/gateway/1.13/modules/ROOT/assets/images/apim-message-logging-policy-states-1.png new file mode 100644 index 000000000..fe36fec2c Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/apim-message-logging-policy-states-1.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/apim-message-logging-policy-states-2.png b/gateway/1.13/modules/ROOT/assets/images/apim-message-logging-policy-states-2.png new file mode 100644 index 000000000..5b14939a4 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/apim-message-logging-policy-states-2.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/apim-message-logging-policy-states-3.png b/gateway/1.13/modules/ROOT/assets/images/apim-message-logging-policy-states-3.png new file mode 100644 index 000000000..649a65493 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/apim-message-logging-policy-states-3.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/apim-message-logging-policy-ui.png b/gateway/1.13/modules/ROOT/assets/images/apim-message-logging-policy-ui.png new file mode 100644 index 000000000..11edca6e2 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/apim-message-logging-policy-ui.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/apply-header-injection-policy.png b/gateway/1.13/modules/ROOT/assets/images/apply-header-injection-policy.png new file mode 100644 index 000000000..41fe2a768 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/apply-header-injection-policy.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/apply-header-removal-policy.png b/gateway/1.13/modules/ROOT/assets/images/apply-header-removal-policy.png new file mode 100644 index 000000000..745c4de06 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/apply-header-removal-policy.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/approve-applications.png b/gateway/1.13/modules/ROOT/assets/images/approve-applications.png new file mode 100644 index 000000000..9426e4bb8 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/approve-applications.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/auto-discovery-api-config.png b/gateway/1.13/modules/ROOT/assets/images/auto-discovery-api-config.png new file mode 100644 index 000000000..56b8c6318 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/auto-discovery-api-config.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/auto-discovery-studio-7.png b/gateway/1.13/modules/ROOT/assets/images/auto-discovery-studio-7.png new file mode 100644 index 000000000..4bf50b655 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/auto-discovery-studio-7.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/autodis-cerate-global2.png b/gateway/1.13/modules/ROOT/assets/images/autodis-cerate-global2.png new file mode 100644 index 000000000..c2eb2e09f Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/autodis-cerate-global2.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/autodis-choose-global2.png b/gateway/1.13/modules/ROOT/assets/images/autodis-choose-global2.png new file mode 100644 index 000000000..f87b21c35 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/autodis-choose-global2.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/basic-flow.png b/gateway/1.13/modules/ROOT/assets/images/basic-flow.png new file mode 100644 index 000000000..0e2f0b65b Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/basic-flow.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/before-after-exception.png b/gateway/1.13/modules/ROOT/assets/images/before-after-exception.png new file mode 100644 index 000000000..33a7c0d82 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/before-after-exception.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/clientiddefault.png b/gateway/1.13/modules/ROOT/assets/images/clientiddefault.png new file mode 100644 index 000000000..d96f41930 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/clientiddefault.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/configure-autodiscovert-4-studio.png b/gateway/1.13/modules/ROOT/assets/images/configure-autodiscovert-4-studio.png new file mode 100644 index 000000000..1a0162616 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/configure-autodiscovert-4-studio.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/configure-regex-resources-list.png b/gateway/1.13/modules/ROOT/assets/images/configure-regex-resources-list.png new file mode 100644 index 000000000..669642141 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/configure-regex-resources-list.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/configure-uri-regex-example.png b/gateway/1.13/modules/ROOT/assets/images/configure-uri-regex-example.png new file mode 100644 index 000000000..0be02e521 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/configure-uri-regex-example.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/cors-policy-sop-example.png b/gateway/1.13/modules/ROOT/assets/images/cors-policy-sop-example.png new file mode 100644 index 000000000..c9aed63d7 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/cors-policy-sop-example.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/cors-policy-xhr-diagram.png b/gateway/1.13/modules/ROOT/assets/images/cors-policy-xhr-diagram.png new file mode 100644 index 000000000..9adc897c3 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/cors-policy-xhr-diagram.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/custom-response-configuration.png b/gateway/1.13/modules/ROOT/assets/images/custom-response-configuration.png new file mode 100644 index 000000000..b7c6fe35d Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/custom-response-configuration.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/custom-response-policy-platform.png b/gateway/1.13/modules/ROOT/assets/images/custom-response-policy-platform.png new file mode 100644 index 000000000..5d7458485 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/custom-response-policy-platform.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/custom-response-policy-ui.png b/gateway/1.13/modules/ROOT/assets/images/custom-response-policy-ui.png new file mode 100644 index 000000000..061010189 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/custom-response-policy-ui.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/depends-on-key-demo.png b/gateway/1.13/modules/ROOT/assets/images/depends-on-key-demo.png new file mode 100644 index 000000000..eaf838b39 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/depends-on-key-demo.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/environment-api-manager.png b/gateway/1.13/modules/ROOT/assets/images/environment-api-manager.png new file mode 100644 index 000000000..bfc36dbc7 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/environment-api-manager.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ext-auth-policy.png b/gateway/1.13/modules/ROOT/assets/images/ext-auth-policy.png new file mode 100644 index 000000000..36540b13e Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ext-auth-policy.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ext-processing-policy.png b/gateway/1.13/modules/ROOT/assets/images/ext-processing-policy.png new file mode 100644 index 000000000..e4ddfd226 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ext-processing-policy.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/external-oauth-2_0-token-validation-policy-ba3c0.png b/gateway/1.13/modules/ROOT/assets/images/external-oauth-2_0-token-validation-policy-ba3c0.png new file mode 100644 index 000000000..c4fb4064d Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/external-oauth-2_0-token-validation-policy-ba3c0.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/flex-alerts-edit.png b/gateway/1.13/modules/ROOT/assets/images/flex-alerts-edit.png new file mode 100644 index 000000000..732f5833d Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/flex-alerts-edit.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/flex-inbound-outbound-requests.png b/gateway/1.13/modules/ROOT/assets/images/flex-inbound-outbound-requests.png new file mode 100644 index 000000000..0eff5e5c6 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/flex-inbound-outbound-requests.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/flex-istio-deployment.png b/gateway/1.13/modules/ROOT/assets/images/flex-istio-deployment.png new file mode 100644 index 000000000..8773a0ca4 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/flex-istio-deployment.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/forward-proxy-diagram.png b/gateway/1.13/modules/ROOT/assets/images/forward-proxy-diagram.png new file mode 100644 index 000000000..de29285eb Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/forward-proxy-diagram.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-architecture-diagram.png b/gateway/1.13/modules/ROOT/assets/images/gateway-architecture-diagram.png new file mode 100644 index 000000000..e72676b90 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-architecture-diagram.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-concepts-control-plane-diagram.png b/gateway/1.13/modules/ROOT/assets/images/gateway-concepts-control-plane-diagram.png new file mode 100644 index 000000000..8c8d8cc2a Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-concepts-control-plane-diagram.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-configuration-models.png b/gateway/1.13/modules/ROOT/assets/images/gateway-configuration-models.png new file mode 100644 index 000000000..a4ecb2dd7 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-configuration-models.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-add-gateway.png b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-add-gateway.png new file mode 100644 index 000000000..665a27bf7 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-add-gateway.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-add-policy.png b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-add-policy.png new file mode 100644 index 000000000..6cd97268b Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-add-policy.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-config-basic-auth.png b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-config-basic-auth.png new file mode 100644 index 000000000..5caf246fb Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-config-basic-auth.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-add-gateway-rtm.png b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-add-gateway-rtm.png new file mode 100644 index 000000000..a5c9679d1 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-add-gateway-rtm.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-add-new-api.png b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-add-new-api.png new file mode 100644 index 000000000..c8d3b764a Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-add-new-api.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-api-config-api.png b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-api-config-api.png new file mode 100644 index 000000000..f17a8d498 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-api-config-api.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-api-config-endpoint.png b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-api-config-endpoint.png new file mode 100644 index 000000000..460410595 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-api-config-endpoint.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-basic-auth.png b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-basic-auth.png new file mode 100644 index 000000000..adbd8cf94 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-basic-auth.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-config-basic-auth-edit-dialogue.png b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-config-basic-auth-edit-dialogue.png new file mode 100644 index 000000000..a5215a411 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-config-basic-auth-edit-dialogue.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-config-basic-auth-edit.png b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-config-basic-auth-edit.png new file mode 100644 index 000000000..1b0c06a17 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-config-basic-auth-edit.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-gateway-menu-options.png b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-gateway-menu-options.png new file mode 100644 index 000000000..192ac478f Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-gateway-menu-options.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-my-gateway-rtm.png b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-my-gateway-rtm.png new file mode 100644 index 000000000..35f356df5 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-my-gateway-rtm.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-return-to-gateway-list.png b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-return-to-gateway-list.png new file mode 100644 index 000000000..339f3ad2c Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-return-to-gateway-list.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-select-gateway-for-api.png b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-select-gateway-for-api.png new file mode 100644 index 000000000..78e5bf271 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-select-gateway-for-api.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-view-apis.png b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-view-apis.png new file mode 100644 index 000000000..881f52f2a Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-k8-view-apis.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-select-endpoint.png b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-select-endpoint.png new file mode 100644 index 000000000..75e619f24 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-quickstart-select-endpoint.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/gateway-usage-report.png b/gateway/1.13/modules/ROOT/assets/images/gateway-usage-report.png new file mode 100644 index 000000000..03da59583 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/gateway-usage-report.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/header-inject-remove-diagram.png b/gateway/1.13/modules/ROOT/assets/images/header-inject-remove-diagram.png new file mode 100644 index 000000000..baa5c72ef Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/header-inject-remove-diagram.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/high-availability-1a.png b/gateway/1.13/modules/ROOT/assets/images/high-availability-1a.png new file mode 100644 index 000000000..c723b9794 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/high-availability-1a.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/high-availability-1b.png b/gateway/1.13/modules/ROOT/assets/images/high-availability-1b.png new file mode 100644 index 000000000..86fbc53dd Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/high-availability-1b.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/high-availability-2.png b/gateway/1.13/modules/ROOT/assets/images/high-availability-2.png new file mode 100644 index 000000000..0713edcc0 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/high-availability-2.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/high-availability-3a.png b/gateway/1.13/modules/ROOT/assets/images/high-availability-3a.png new file mode 100644 index 000000000..c05e84ed5 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/high-availability-3a.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/high-availability-3b.png b/gateway/1.13/modules/ROOT/assets/images/high-availability-3b.png new file mode 100644 index 000000000..29f564901 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/high-availability-3b.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/http-policy-cache-hit.png b/gateway/1.13/modules/ROOT/assets/images/http-policy-cache-hit.png new file mode 100644 index 000000000..5939ed79c Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/http-policy-cache-hit.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/http-policy-cache-miss.png b/gateway/1.13/modules/ROOT/assets/images/http-policy-cache-miss.png new file mode 100644 index 000000000..a3ff6c0d0 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/http-policy-cache-miss.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/in-header-out-header-add-icon.png b/gateway/1.13/modules/ROOT/assets/images/in-header-out-header-add-icon.png new file mode 100644 index 000000000..33eed217a Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/in-header-out-header-add-icon.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/install-amazon-linux-logo.png b/gateway/1.13/modules/ROOT/assets/images/install-amazon-linux-logo.png new file mode 100644 index 000000000..4d085ea79 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/install-amazon-linux-logo.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/install-centos-logo.png b/gateway/1.13/modules/ROOT/assets/images/install-centos-logo.png new file mode 100644 index 000000000..ed0169081 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/install-centos-logo.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/install-container-logo.png b/gateway/1.13/modules/ROOT/assets/images/install-container-logo.png new file mode 100644 index 000000000..c1b658776 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/install-container-logo.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/install-debian-logo.png b/gateway/1.13/modules/ROOT/assets/images/install-debian-logo.png new file mode 100644 index 000000000..741afab4d Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/install-debian-logo.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/install-docker-logo.png b/gateway/1.13/modules/ROOT/assets/images/install-docker-logo.png new file mode 100644 index 000000000..8efabc30c Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/install-docker-logo.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/install-ibm-logo.png b/gateway/1.13/modules/ROOT/assets/images/install-ibm-logo.png new file mode 100644 index 000000000..50108e4ad Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/install-ibm-logo.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/install-kubernetes-logo.png b/gateway/1.13/modules/ROOT/assets/images/install-kubernetes-logo.png new file mode 100644 index 000000000..13cb03cbb Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/install-kubernetes-logo.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/install-linux-logo.png b/gateway/1.13/modules/ROOT/assets/images/install-linux-logo.png new file mode 100644 index 000000000..bda094c33 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/install-linux-logo.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/install-openshift-logo.png b/gateway/1.13/modules/ROOT/assets/images/install-openshift-logo.png new file mode 100644 index 000000000..f5d844bb2 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/install-openshift-logo.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/install-podman-logo.png b/gateway/1.13/modules/ROOT/assets/images/install-podman-logo.png new file mode 100644 index 000000000..1a07bf273 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/install-podman-logo.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/install-rhel-ibm-logo.png b/gateway/1.13/modules/ROOT/assets/images/install-rhel-ibm-logo.png new file mode 100644 index 000000000..47e1df2ec Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/install-rhel-ibm-logo.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/install-rhel-logo.png b/gateway/1.13/modules/ROOT/assets/images/install-rhel-logo.png new file mode 100644 index 000000000..eed06e9c3 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/install-rhel-logo.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/install-suse-ibm-logo.png b/gateway/1.13/modules/ROOT/assets/images/install-suse-ibm-logo.png new file mode 100644 index 000000000..4923288de Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/install-suse-ibm-logo.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/install-suse-logo.png b/gateway/1.13/modules/ROOT/assets/images/install-suse-logo.png new file mode 100644 index 000000000..362a777d3 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/install-suse-logo.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/install-ubuntu-logo.png b/gateway/1.13/modules/ROOT/assets/images/install-ubuntu-logo.png new file mode 100644 index 000000000..cb675289d Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/install-ubuntu-logo.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ip-filter-ip-expression.png b/gateway/1.13/modules/ROOT/assets/images/ip-filter-ip-expression.png new file mode 100644 index 000000000..4a52c3b3d Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ip-filter-ip-expression.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/json-threat-policy.png b/gateway/1.13/modules/ROOT/assets/images/json-threat-policy.png new file mode 100644 index 000000000..e60cf4ebf Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/json-threat-policy.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ldap-verification-invalid.png b/gateway/1.13/modules/ROOT/assets/images/ldap-verification-invalid.png new file mode 100644 index 000000000..e0366c924 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ldap-verification-invalid.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/ldap-verification.png b/gateway/1.13/modules/ROOT/assets/images/ldap-verification.png new file mode 100644 index 000000000..ef6a8e429 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/ldap-verification.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/limits.png b/gateway/1.13/modules/ROOT/assets/images/limits.png new file mode 100644 index 000000000..cf7ef3cc3 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/limits.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/llm-proxy.png b/gateway/1.13/modules/ROOT/assets/images/llm-proxy.png new file mode 100644 index 000000000..09df0320b Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/llm-proxy.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/managed-high-availability.png b/gateway/1.13/modules/ROOT/assets/images/managed-high-availability.png new file mode 100644 index 000000000..d8e739c0d Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/managed-high-availability.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/methods-resources.png b/gateway/1.13/modules/ROOT/assets/images/methods-resources.png new file mode 100644 index 000000000..f2a94e1ba Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/methods-resources.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/more-options-menu.png b/gateway/1.13/modules/ROOT/assets/images/more-options-menu.png new file mode 100644 index 000000000..7d1ce1f75 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/more-options-menu.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/multiple-upstreams.png b/gateway/1.13/modules/ROOT/assets/images/multiple-upstreams.png new file mode 100644 index 000000000..f3f3b2fc9 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/multiple-upstreams.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/no-proxy-diagram.png b/gateway/1.13/modules/ROOT/assets/images/no-proxy-diagram.png new file mode 100644 index 000000000..49f85c6ba Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/no-proxy-diagram.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/omega.png b/gateway/1.13/modules/ROOT/assets/images/omega.png new file mode 100644 index 000000000..b2cf7414e Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/omega.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/open-id-policy-workflow.png b/gateway/1.13/modules/ROOT/assets/images/open-id-policy-workflow.png new file mode 100644 index 000000000..c3d657379 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/open-id-policy-workflow.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/openam-oauth-token-enforcement-policy-0fbb9.png b/gateway/1.13/modules/ROOT/assets/images/openam-oauth-token-enforcement-policy-0fbb9.png new file mode 100644 index 000000000..ba397d1a0 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/openam-oauth-token-enforcement-policy-0fbb9.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/org-credentials-config-mule3-9d90b.png b/gateway/1.13/modules/ROOT/assets/images/org-credentials-config-mule3-9d90b.png new file mode 100644 index 000000000..191b93f24 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/org-credentials-config-mule3-9d90b.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/org-credentials-config-mule3-af73e.png b/gateway/1.13/modules/ROOT/assets/images/org-credentials-config-mule3-af73e.png new file mode 100644 index 000000000..e26b1413f Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/org-credentials-config-mule3-af73e.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/orgid-api-manager.png b/gateway/1.13/modules/ROOT/assets/images/orgid-api-manager.png new file mode 100644 index 000000000..845bd0575 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/orgid-api-manager.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/policy-filters.png b/gateway/1.13/modules/ROOT/assets/images/policy-filters.png new file mode 100644 index 000000000..d89e39041 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/policy-filters.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/policy-mule4-tokenization-67b25.png b/gateway/1.13/modules/ROOT/assets/images/policy-mule4-tokenization-67b25.png new file mode 100644 index 000000000..81894e214 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/policy-mule4-tokenization-67b25.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/policy-mule4-tokenization-9347d.png b/gateway/1.13/modules/ROOT/assets/images/policy-mule4-tokenization-9347d.png new file mode 100644 index 000000000..0daf6381b Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/policy-mule4-tokenization-9347d.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/quota-policy-formula.png b/gateway/1.13/modules/ROOT/assets/images/quota-policy-formula.png new file mode 100644 index 000000000..e3583d3b1 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/quota-policy-formula.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/raml-snippet.png b/gateway/1.13/modules/ROOT/assets/images/raml-snippet.png new file mode 100644 index 000000000..fb9c0488d Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/raml-snippet.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/rate-limit-identifier.png b/gateway/1.13/modules/ROOT/assets/images/rate-limit-identifier.png new file mode 100644 index 000000000..c50685e5b Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/rate-limit-identifier.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/rate-limiting-clusterizable.png b/gateway/1.13/modules/ROOT/assets/images/rate-limiting-clusterizable.png new file mode 100644 index 000000000..af0139376 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/rate-limiting-clusterizable.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/rate-limiting-configure-clusters.png b/gateway/1.13/modules/ROOT/assets/images/rate-limiting-configure-clusters.png new file mode 100644 index 000000000..da835d587 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/rate-limiting-configure-clusters.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/rate-limiting-configure-identifiers-dataweave.png b/gateway/1.13/modules/ROOT/assets/images/rate-limiting-configure-identifiers-dataweave.png new file mode 100644 index 000000000..204cd2fa9 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/rate-limiting-configure-identifiers-dataweave.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/rate-limiting-configure-identifiers-example.png b/gateway/1.13/modules/ROOT/assets/images/rate-limiting-configure-identifiers-example.png new file mode 100644 index 000000000..9d5d919b0 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/rate-limiting-configure-identifiers-example.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/rate-limiting-generic-example.png b/gateway/1.13/modules/ROOT/assets/images/rate-limiting-generic-example.png new file mode 100644 index 000000000..914ebb49a Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/rate-limiting-generic-example.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/rate-limiting-sla-general.png b/gateway/1.13/modules/ROOT/assets/images/rate-limiting-sla-general.png new file mode 100644 index 000000000..de4abf52a Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/rate-limiting-sla-general.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/redis-same-cluster.png b/gateway/1.13/modules/ROOT/assets/images/redis-same-cluster.png new file mode 100644 index 000000000..9b15cb2af Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/redis-same-cluster.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/redis-same-vpc.png b/gateway/1.13/modules/ROOT/assets/images/redis-same-vpc.png new file mode 100644 index 000000000..5dbfc0d3a Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/redis-same-vpc.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/remove-inbound-header.png b/gateway/1.13/modules/ROOT/assets/images/remove-inbound-header.png new file mode 100644 index 000000000..de64ede3f Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/remove-inbound-header.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/rlp-conditions.png b/gateway/1.13/modules/ROOT/assets/images/rlp-conditions.png new file mode 100644 index 000000000..166bf2ed1 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/rlp-conditions.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/scopes-mule4.png b/gateway/1.13/modules/ROOT/assets/images/scopes-mule4.png new file mode 100644 index 000000000..f38604bbd Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/scopes-mule4.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/search-scope.png b/gateway/1.13/modules/ROOT/assets/images/search-scope.png new file mode 100644 index 000000000..095a939a6 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/search-scope.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/search-scope2.png b/gateway/1.13/modules/ROOT/assets/images/search-scope2.png new file mode 100644 index 000000000..e392b885f Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/search-scope2.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/security-best-practices.png b/gateway/1.13/modules/ROOT/assets/images/security-best-practices.png new file mode 100644 index 000000000..1c3d79db0 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/security-best-practices.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/select-policy.png b/gateway/1.13/modules/ROOT/assets/images/select-policy.png new file mode 100644 index 000000000..2ba4f94e5 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/select-policy.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/shared-storage.png b/gateway/1.13/modules/ROOT/assets/images/shared-storage.png new file mode 100644 index 000000000..15dc5e34a Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/shared-storage.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/spike-control.png b/gateway/1.13/modules/ROOT/assets/images/spike-control.png new file mode 100644 index 000000000..beef9f5d3 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/spike-control.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/three-dots-menu.png b/gateway/1.13/modules/ROOT/assets/images/three-dots-menu.png new file mode 100644 index 000000000..1ba86954f Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/three-dots-menu.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/throttling-accepted-request.png b/gateway/1.13/modules/ROOT/assets/images/throttling-accepted-request.png new file mode 100644 index 000000000..93a8f3a92 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/throttling-accepted-request.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/throttling-rejected-request.png b/gateway/1.13/modules/ROOT/assets/images/throttling-rejected-request.png new file mode 100644 index 000000000..8e1f46ae5 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/throttling-rejected-request.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/upgrade-custom-policy-mule3-08395.png b/gateway/1.13/modules/ROOT/assets/images/upgrade-custom-policy-mule3-08395.png new file mode 100644 index 000000000..2cf2df4e6 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/upgrade-custom-policy-mule3-08395.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/users-api-cropped.png b/gateway/1.13/modules/ROOT/assets/images/users-api-cropped.png new file mode 100644 index 000000000..1446cd7a0 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/users-api-cropped.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/view-add-alert.png b/gateway/1.13/modules/ROOT/assets/images/view-add-alert.png new file mode 100644 index 000000000..5a653ed93 Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/view-add-alert.png differ diff --git a/gateway/1.13/modules/ROOT/assets/images/xml-threat-policy.png b/gateway/1.13/modules/ROOT/assets/images/xml-threat-policy.png new file mode 100644 index 000000000..22ebc0b3c Binary files /dev/null and b/gateway/1.13/modules/ROOT/assets/images/xml-threat-policy.png differ diff --git a/gateway/1.13/modules/ROOT/nav.adoc b/gateway/1.13/modules/ROOT/nav.adoc new file mode 100644 index 000000000..5ed547b09 --- /dev/null +++ b/gateway/1.13/modules/ROOT/nav.adoc @@ -0,0 +1,241 @@ +// Overview + +* xref:index.adoc[Overview] +** xref:flex-review-prerequisites.adoc[Requirements and Limits] +** xref:flex-sizing-guide.adoc[Resource Sizing] +** xref:flex-security-best-practices.adoc[] + +// Release Notes + +* xref:flex-gateway-release-notes.adoc[Release Notes] + +// Omni Gateway +* xref:flex-architecture-overview.adoc[] +** xref:flex-architecture-basic-deployments.adoc[] +** xref:flex-architecture-uc-overview.adoc[] +*** xref:flex-architecture-uc1.adoc[] +*** xref:flex-architecture-uc2.adoc[] +*** xref:flex-architecture-uc3.adoc[] +*** xref:flex-architecture-uc4.adoc[] +** xref:flex-architecture-dr-ha-overview.adoc[High Availability and Disaster Recovery] +*** xref:flex-architecture-managed-dr-ha.adoc[] +*** xref:flex-architecture-multi-region.adoc[] +** xref:flex-architecture-shared-storage.adoc[] +* xref:flex-gateway-getting-started-overview.adoc[] +** xref:flex-gateway-managed-getting-started.adoc[] +** xref:flex-gateway-getting-started.adoc[] +** xref:flex-gateway-k8-getting-started.adoc[] + +// Deploy Managed Omni Gateways +* xref:flex-gateway-managed-set-up.adoc[] +* xref:flex-gateway-managed-ingress-egress.adoc[] + +// LLM Proxy +* xref:flex-gateway-llm-proxy.adoc[] +** xref:flex-gateway-llm-proxy-create-llm-proxy.adoc[] +** xref:flex-gateway-llm-proxy-request.adoc[] +** xref:flex-gateway-llm-proxy-token-reports.adoc[] +** xref:flex-gateway-llm-proxy-policies.adoc[] + +// Setting Up Self-Managed Omni Gateway +* xref:flex-gateway-set-up.adoc[] +** xref:flex-install.adoc[Download Omni Gateway] +** xref:flex-conn-reg-run.adoc[Register and Run in Connected Mode] +*** xref:flex-conn-reg-run-up.adoc[With a Username and Password] +*** xref:flex-conn-reg-run-app.adoc[With a Connected App] +*** xref:flex-conn-reg-run-token.adoc[With a Token] +** xref:flex-local-reg-run.adoc[Register and Run in Local Mode] +*** xref:flex-local-reg-run-up.adoc[With a Username and Password] +*** xref:flex-local-reg-run-app.adoc[With a Connected App] +*** xref:flex-local-reg-run-token.adoc[With a Token] + +// Configuring Omni Gateway +* xref:flex-gateway-configure.adoc[] +** xref:flex-managed-configure.adoc[] +*** xref:flex-managed-inbound-tls-config.adoc[] +*** xref:flex-managed-outbound-tls-config.adoc[] +*** xref:flex-managed-timeout.adoc[Configure Timeouts] +*** xref:flex-managed-tracing-config.adoc[] +** xref:flex-conn-configure.adoc[] +*** xref:flex-conn-rep-run.adoc[Configure Replicas] +*** xref:flex-conn-tls-config.adoc[Configure TLS Context] +*** xref:flex-conn-shared-storage-config.adoc[Configure Shared Storage] +*** xref:flex-conn-replica-caching.adoc[Configure Omni Gateway Configuration Caching] +*** xref:flex-conn-forward-proxy.adoc[Configure a Forward Proxy] +*** xref:flex-conn-timeout.adoc[Configure Timeouts] +*** xref:flex-conn-tracing-config.adoc[Configure Distributed Tracing] +*** xref:flex-conn-manage-public-api.adoc[Configure with the API Manager API Tool] +*** xref:flex-conn-readiness-liveness.adoc[Configure a Readiness or Liveness Probe] +*** xref:flex-conn-proxy-protocol.adoc[Configure PROXY Protocol] +*** xref:flex-conn-jenkins-api.adoc[Automate Omni Gateway with a Jenkins Pipeline using the API Manager API] +*** xref:flex-conn-jenkins-cli.adoc[Automate Omni Gateway with a Jenkins Pipeline using Anypoint CLI] +*** xref:flex-conn-env-variables.adoc[Configure Environment Variables] +** xref:flex-local-configure.adoc[] +*** xref:flex-local-rep-run.adoc[Configure Replicas] +*** xref:flex-local-tls-config.adoc[Configure TLS Context] +*** xref:flex-local-shared-storage-config.adoc[Configure Shared Storage] +*** xref:flex-local-forward-proxy.adoc[Configure a Forward Proxy] +*** xref:flex-local-timeout.adoc[Configure Timeouts] +*** xref:flex-local-tracing-config.adoc[Configure Distributed Tracing] +*** xref:flex-local-readiness-liveness.adoc[Configure a Readiness or Liveness Probe] +*** xref:flex-local-proxy-protocol.adoc[Configure PROXY Protocol] +*** xref:flex-local-env-variables.adoc[Configure Environment Variables] +*** xref:flex-local-configuration-reference-guide.adoc[Declarative Configuration Reference] + +// Publishing Omni Gateway APIs +* xref:flex-gateway-publish-apis.adoc[] +** xref:flex-gateway-publish-apis-conn.adoc[] +** xref:flex-gateway-publish-apis-local.adoc[] +*** xref:flex-local-publish-simple-api.adoc[Publish a Simple API Instance] +*** xref:flex-local-publish-api-multiple-services.adoc[Publish an API Instance with Multiple Upstream Services] + +// Securing and Governing Omni Gateway APIs +* xref:flex-gateway-secure-apis.adoc[] +** xref:policies-included-directory.adoc[] +*** xref:policies-included-a2a-agent-card.adoc[A2A Agent Card] +*** xref:policies-included-a2a-pii-detector.adoc[A2A PII Detector] +*** xref:policies-included-a2a-prompt-decorator.adoc[A2A Prompt Decorator] +*** xref:policies-included-a2a-schema-validation.adoc[A2A Schema Validation] +*** xref:policies-included-a2a-token-rate-limit.adoc[A2A Token Based Rate Limit] +*** xref:policies-included-llm-token-rate-limit.adoc[LLM Token Based Rate Limit] +*** xref:policies-included-agent-connection-telemetry.adoc[Agent Connection Telemetry Policy] +*** xref:policies-included-basic-auth-ldap.adoc[Basic Authentication: LDAP] +*** xref:policies-included-basic-auth-simple.adoc[Basic Authentication: Simple] +*** xref:policies-included-client-id-enforcement.adoc[Client ID Enforcement] +*** xref:policies-included-cors.adoc[Cross-Origin Resource Sharing (CORS)] +*** xref:policies-included-dataweave-body-transformation.adoc[DataWeave Body Transformation] +*** xref:policies-included-dataweave-headers-transformation.adoc[DataWeave Headers Transformation] +*** xref:policies-included-dataweave-request-filter.adoc[DataWeave Request Filter] +*** xref:policies-included-external-authorization.adoc[External Authorization] +*** xref:policies-included-external-processing.adoc[External Processing] +*** xref:policies-included-graphql-introspection-control.adoc[GraphQL Introspection Control] +*** xref:policies-included-graphql-operation-limits.adoc[GraphQL Operation Limits] +*** xref:policies-included-graphql-schema-validation.adoc[GraphQL Schema Validation] +*** xref:policies-included-graphql-static-query-complexity.adoc[GraphQL Static Query Complexity] +*** xref:policies-included-header-injection.adoc[Header Injection] +*** xref:policies-included-header-removal.adoc[Header Removal] +*** xref:policies-included-health-check.adoc[Health Check] +*** xref:policies-included-http-caching.adoc[HTTP Caching] +*** xref:policies-included-injection-protection.adoc[Injection Protection] +*** xref:policies-included-ip-allowlist.adoc[IP Allowlist] +*** xref:policies-included-ip-blocklist.adoc[IP Blocklist] +*** xref:policies-included-json-threat-protection.adoc[JSON Threat Protection] +*** xref:policies-included-jwt-validation.adoc[JWT Validation] +*** xref:policies-included-mcp-attribute-access-control.adoc[MCP Attribute-Based Access Control] +*** xref:policies-included-mcp-global-access.adoc[MCP Global Access] +*** xref:policies-included-mcp-pii-detector.adoc[MCP PII Detector] +*** xref:policies-included-mcp-schema-validation.adoc[MCP Schema Validation] +*** xref:policies-included-mcp-support.adoc[MCP Support] +*** xref:policies-included-mcp-tool-mapping.adoc[MCP Tool Mapping] +*** xref:policies-included-message-logging.adoc[Message Logging] +*** xref:policies-included-oauth-token-introspection.adoc[OAuth 2.0 Token Introspection] +*** xref:policies-included-openid-token-enforcement.adoc[OpenID Connect OAuth 2.0 Token Enforcement] +*** xref:policies-included-rate-limiting.adoc[Rate Limiting] +*** xref:policies-included-rate-limiting-sla.adoc[Rate Limiting: SLA-Based] +*** xref:policies-included-regex-prompt-guard.adoc[Regex Prompt Guard] +*** xref:policies-included-response-timeout.adoc[Response Timeout] +*** xref:policies-included-schema-validation.adoc[Schema Validation] +*** xref:policies-included-soap-schema-validation.adoc[SOAP Schema Validation] +*** xref:policies-included-spike-control.adoc[Spike Control] +*** xref:policies-included-stream-idle-timeout.adoc[Stream Idle Timeout] +*** xref:policies-included-sse-logging.adoc[SSE Logging Policy] +*** xref:policies-included-tracing.adoc[Tracing Policy] +*** xref:policies-included-traffic-management-route.adoc[Traffic Management for Multiple Upstream Services] +*** xref:policies-included-traffic-management.adoc[Traffic Management for Multiple Upstream Services (Weighted)] +*** xref:policies-included-tls.adoc[Transport Layer Security (TLS) - Inbound] +*** xref:policies-included-websocket-connection-limit.adoc[WebSocket Connection Limit] +*** xref:policies-included-xml-threat-protection.adoc[XML Threat Protection] +** xref:policies-outbound-directory.adoc[] +*** xref:policies-outbound-a2a-intask-authorization-code.adoc[A2A In-Task Authorization Code] +*** xref:policies-outbound-aws-lambda.adoc[AWS Lambda] +*** xref:policies-outbound-aws-signature.adoc[AWS Request Signature] +*** xref:policies-outbound-basic-auth.adoc[Credential Injection Basic Authentication] +*** xref:policies-outbound-api-key.adoc[Credential Injection API Key] +*** xref:policies-outbound-oauth.adoc[Credential Injection OAuth 2.0] +*** xref:policies-outbound-jwt-generation.adoc[Credential Injection JWT Generation] +*** xref:policies-outbound-oauth-obo.adoc[OAuth 2.0 OBO Credential Injection] +*** xref:policies-outbound-circuit-breaker.adoc[Circuit Breaker Policy] +*** xref:policies-outbound-message-logging.adoc[Outbound Message Logging] +*** xref:policies-included-tls-outbound.adoc[Transport Layer Security (TLS) - Outbound] +*** xref:policies-outbound-upstream-idle-timeout.adoc[Upstream Idle Timeout] +** xref:policies-custom-overview.adoc[] +*** xref:policies-custom-flex-implement-rust.adoc[] +*** xref:policies-custom-flex-getting-started.adoc[] +** xref:policies-automated-overview.adoc[] +*** xref:policies-automated-applying.adoc[Apply an Automated Inbound Policy] +** xref:policies-resource-level-overview.adoc[] +** xref:flex-gateway-secure-conn.adoc[] +** xref:flex-gateway-secure-local.adoc[] +*** xref:flex-local-secure-api-with-basic-auth-policy.adoc[With Basic Authentication and Rate Limiting] +*** xref:flex-local-secure-api-with-auto-policy.adoc[With an Automated Resource-Level Policy] +*** xref:flex-local-deploy-custom-policy.adoc[With a Custom Policy] +** xref:policies-tls-configuration.adoc[] +** xref:policies-reorder.adoc[] +** xref:policies-mcp-access-control-together.adoc[] +** xref:policies-flex-dataweave-support.adoc[DataWeave Support] + +// Securing Agent Communication with Omni Gateway +* xref:flex-agent-secure.adoc[] +** xref:flex-agent-publish-apis.adoc[] +** xref:flex-agent-policies.adoc[] + +// Monitoring Omni Gateway +* xref:flex-gateway-monitor.adoc[Monitoring Omni Gateway] +** xref:flex-managed-monitor.adoc[Managed Omni Gateway] +*** xref:flex-managed-view-status.adoc[Monitor Managed Omni Gateway] +*** xref:flex-managed-message-log.adoc[Configure Message Logging] +*** xref:flex-managed-view-api-metrics.adoc[View Key Metrics for Omni Gateway APIs] +*** xref:flex-managed-view-api-status.adoc[Viewing API Status in Runtime Manager] +*** xref:flex-managed-view-logs-in-runtime-manager.adoc[Viewing Runtime Logs in Runtime Manager] +*** xref:flex-managed-view-logs-in-monitoring.adoc[Viewing Runtime and Access Logs in Anypoint Monitoring] +** xref:flex-conn-monitor.adoc[Self-Managed Connected Mode] +*** xref:flex-conn-message-log.adoc[Configure Message Logging] +*** xref:flex-use-api-alerts.adoc[Configure API Alerts] +*** xref:flex-conn-third-party-logs-config.adoc[Configure Logs for Third-Party Services] +*** xref:flex-conn-view-api-metrics.adoc[View Key Metrics for Omni Gateway APIs] +*** xref:flex-view-replica-status.adoc[View the Replica Status in Runtime Manager] +*** xref:flex-conn-view-api-status.adoc[View the API Status in Runtime Manager] +*** xref:flex-view-logs-in-runtime-manager.adoc[View Runtime Logs in Runtime Manager] +*** xref:flex-view-logs-in-monitoring.adoc[View Runtime and Access Logs in Anypoint Monitoring] +*** xref:flex-conn-disable-logs.adoc[Disable Log Output to Anypoint Platform] +** xref:flex-local-monitor.adoc[Self-Managed Local Mode] +*** xref:flex-local-third-party-logs-config.adoc[Configure External Logs for Omni Gateway in Local Mode] +*** xref:flex-local-view-logs.adoc[View Standard Output Logs] + +// Managing Kubernetes Deployments +* xref:flex-gateway-k8-management.adoc[Managing Kubernetes Deployments] +** xref:flex-gateway-k8-change-helm-settings.adoc[Update a Helm Chart] +** xref:flex-gateway-k8-high-availability.adoc[Autoscale and Add Replicas to a Namespace] +** xref:flex-gateway-k8-node-affinity-config.adoc[Configure Node Affinity] +** xref:flex-gateway-k8-external-dns.adoc[Provide a Domain Name] +** xref:flex-gateway-k8-ingress-class.adoc[Configure an IngressClass Resource] +** xref:flex-gateway-istio.adoc[Integrate Omni Gateway with Istio Service Mesh] + +// Upgrading and Maintaining Omni Gateway +* xref:flex-gateway-maintain.adoc[] +** xref:flex-gateway-version-lifecycle.adoc[] +** Managed Omni Gateway +*** xref:flex-gateway-managed-upgrade-delete.adoc[Upgrade or Delete Managed Omni Gateway] +** Self-Managed Omni Gateway +*** xref:flex-gateway-upgrade.adoc[Upgrade Self-Managed Omni Gateway] +*** xref:flex-gateway-delete.adoc[Delete an Instance of Omni Gateway] +*** xref:flex-gateway-uninstall.adoc[Uninstall Omni Gateway] +*** xref:flex-gateway-renew-certificate.adoc[Renew Omni Gateway Registration] + +// Troubleshooting +* xref:flex-troubleshoot.adoc[] +** Managed Omni Gateway +*** xref:flex-troubleshoot-managed-creation.adoc[Gateway Creation] +*** xref:flex-troubleshoot-managed-maintenance.adoc[Gateway Maintinenance] +** Self-Managed Omni Gateway +*** xref:flex-troubleshoot-debug-logs.adoc[Using Debug Logs] +*** xref:flex-troubleshoot-reg.adoc[Registration] +*** xref:flex-troubleshoot-linux-permissions.adoc[Linux Permissions] +*** xref:flex-troubleshoot-platform-connection.adoc[Platform Connections] +*** xref:flex-troubleshoot-logging.adoc[Logging] +*** xref:flex-troubleshoot-linux-services.adoc[Linux Services] +*** xref:flex-troubleshoot-admin-api.adoc[Using the CLI] +*** xref:flex-troubleshoot-requests.adoc[Request Connection] +*** xref:flex-troubleshoot-docker.adoc[Docker Command] +*** xref:flex-troubleshoot-helm.adoc[Helm Command] +*** xref:flex-troubleshoot-regex.adoc[Regular Expressions Compatibility] diff --git a/gateway/1.13/modules/ROOT/pages/_attributes.adoc b/gateway/1.13/modules/ROOT/pages/_attributes.adoc new file mode 100644 index 000000000..3b366f9e8 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_attributes.adoc @@ -0,0 +1,2 @@ +:moduledir: .. +include::{moduledir}/_attributes.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/_partials/a2a-version-support.adoc b/gateway/1.13/modules/ROOT/pages/_partials/a2a-version-support.adoc new file mode 100644 index 000000000..764a0f93a --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/a2a-version-support.adoc @@ -0,0 +1 @@ +NOTE: This policy supports Agent2Agent Protocol (A2A) version v0.3.0. To learn more about A2A versions, see https://github.com/a2aproject/A2A/releases[A2A Releases]. \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/_partials/configuration-task-list.adoc b/gateway/1.13/modules/ROOT/pages/_partials/configuration-task-list.adoc new file mode 100644 index 000000000..9529503d4 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/configuration-task-list.adoc @@ -0,0 +1,68 @@ +//tag::configuration-task-list-replicas[] +* xref:flex-{page-mode}-rep-run.adoc[Configure Replicas] - Anypoint Omni Gateway enables you to create replicas, which are instances of Omni Gateway. By default, Omni Gateway runs as a single replica. Running multiple replicas enables scaling, load balancing, and high availability. +//end::configuration-task-list-replicas[] + +//tag::configuration-task-list-tls[] +* xref:flex-{page-mode}-tls-config.adoc[Configure TLS Context] - Omni Gateway enables you to configure a TLS context to support regular TLS and mTLS in both inbound and outbound directions. +//end::configuration-task-list-tls[] + +//tag::configuration-task-list-shared-storage[] +* xref:flex-{page-mode}-shared-storage-config.adoc[Configure Shared Storage] - Omni Gateway enables you to configure shared storage for distributed caching and rate limiting policies. +//end::configuration-task-list-shared-storage[] + +//tag::configuration-task-list-forward-proxy[] +* xref:flex-{page-mode}-forward-proxy.adoc[Configure a Forward Proxy] - Omni Gateway enables you to configure a forward proxy to route external HTTP connections through a proxy connection. +//end::configuration-task-list-forward-proxy[] + +//tag::configuration-task-list-apim-api[] +* xref:flex-{page-mode}-manage-public-api.adoc[Configure with the API Manager API Tool] - Omni Gateway enables you to configure and manage Omni Gateway via the API Manager API tool, a command-line tool used to communicate with API Manager. +//end::configuration-task-list-apim-api[] + +//tag::configuration-task-list-jenkins[] +* xref:flex-{page-mode}-jenkins-api.adoc[Automate Omni Gateway with a Jenkins Pipeline using the API Manager API] - Omni Gateway enables you to build a Jenkins Pipeline by using the API Manager API to automate workflows. +//end::configuration-task-list-jenkins[] + +//tag::configuration-task-list-jenkins-cli[] +* xref:flex-{page-mode}-jenkins-cli.adoc[Automate Omni Gateway with a Jenkins Pipeline using Anypoint CLI] - Omni Gateway enables you to build a Jenkins Pipeline by using Anypoint CLI to automate workflows. +//end::configuration-task-list-jenkins-cli[] + +//tag::configuration-task-list-liveness-check[] +* xref:flex-{page-mode}-liveness-check.adoc[Configure a Liveness Check] - Omni Gateway enables you to run a liveness check command to test gateway health. Additionally, Omni Gateways deployed on Kubernetes include a liveness probe to automatically restart pods after a specified number of failed checks. +//end::configuration-task-list-liveness-check[] + +//tag::configuration-task-list-proxy-protocol[] +* xref:flex-{page-mode}-proxy-protocol.adoc[Configure PROXY Protocol] - Omni Gateway supports PROXY protocol to perserve client IP address when servicing multi-layer connections. +//end::configuration-task-list-proxy-protocol[] + +//tag::configuration-task-list-tracing[] +* xref:flex-{page-mode}-tracing-config.adoc[Configure Distributed Tracing] - Omni Gateway enables you to configure distributed tracing for your APIs. +//end::configuration-task-list-tracing[] + +// Managing K8 deployments +//k8-specific management configs: +//-managing node affinity +//tag::management-k8s-nodes[] +xref:flex-gateway-k8-node-affinity-config.adoc[] - Host Omni Gateway on a specialized node that meets specific requirements. +//end::management-k8s-nodes[] + +//- managing pod reqs for Omni on k8 +//tag::management-k8s-helm-settings[] +xref:flex-gateway-k8-change-helm-settings.adoc[] - Change requirements for a Pod that contains Omni Gateway. +//end::management-k8s-helm-settings[] + +//- managing externalDNS config for k8 +//tag::management-k8s-externaldns[] +xref:flex-gateway-k8-external-dns.adoc[] - Use ExternalDNS to expose an application or service on your Kubernetes cluster through a domain name. +//end::management-k8s-externaldns[] + +//tag::management-k8s-ingress-class[] +xref:flex-gateway-k8-ingress-class.adoc[] - Configure Omni Gateway as an `IngressClass` to manage `Ingress` resources. +//end::management-k8s-ingress-class[] + +//tag::management-k8s-add-replicas[] +xref:flex-gateway-k8-high-availability.adoc[] - Set a fixed replica count or autoscale to provide additional replicas. +//end::management-k8s-add-replicas[] + +//tag::management-k8s-istio[] +xref:flex-gateway-istio.adoc[] - Integrate Omni Gateway into your Istio Service Mesh to leverage Omni Gateway policies, logging, and metrics from the Anypoint Platform control plane. +//end::management-k8s-istio[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/_partials/env-variables.adoc b/gateway/1.13/modules/ROOT/pages/_partials/env-variables.adoc new file mode 100644 index 000000000..8d9ddd4e5 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/env-variables.adoc @@ -0,0 +1,67 @@ +Omni Gateway provides these environment variables to configure your gateway: + +[cols="3,2,4"] +|=== +|Variable Name |Default Value |Description + +|FLEX_CONNECTION_IDLE_TIMEOUT_SECONDS +|`60` +|Maximum number of seconds a connection can be idle before it times out. For more information, see xref:flex-{page-mode}-timeout.adoc[]. + +|FLEX_STREAM_IDLE_TIMEOUT_SECONDS +|`300` +|Maximum number of seconds a stream can remain idle without receiving any data in either the inbound (client to Omni Gateway) or outbound (Omni Gateway to upstream service) direction. For more information, see xref:flex-{page-mode}-timeout.adoc[]. + +|FLEX_UPSTREAM_CONNECTION_IDLE_TIMEOUT_SECONDS +|`60` +|Maximum number of seconds a stream between Omni Gateway and the upstream service can remain idle between requests. For more information, see xref:flex-{page-mode}-timeout.adoc[]. + +|FLEX_UPSTREAM_RESPONSE_TIMEOUT_SECONDS +|`15` +|Maximum number of seconds an Omni Gateway waits for a response from an upstream service. For more information, see xref:flex-{page-mode}-timeout.adoc[]. + +|FLEX_ENVOY_HEADERS_ENABLED +| `false` +|Allows (`true`) or removes (`false`) Envoy headers from requests. For more information, see xref:flex-review-prerequisites.adoc[]. + +|FLEX_REWRITE_HOST_HEADER +|`true` +|Rewrite HTTP Host header to match upstream. + +|FLEX_REMOVE_SERVER_HEADER +|`false` +|Removes the `Server` HTTP response header from outbound responses when set to `true`. Set to `true` to reduce exposure of server implementation details for security or compliance purposes. + +|FLEX_HEADER_RAW_VALUE_ENABLE +|`tru`e +|Controls header encoding for external authorization. Set to `false` to send headers encoded in UTF-8. For more information, see xref:policies-included-external-authorization.adoc[]. + +|FLEX_FORWARD_CLIENT_CERT_DETAILS +|`SANITIZE` +|Controls how the `x-forwarded-client-cert` (XFCC) HTTP header is handled. Supported values are `SANITIZE`, `FORWARD_ONLY`, `APPEND_FORWARD`, `SANITIZE_SET`, and `ALWAYS_FORWARD_ONLY`. For more information, see https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-enum-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-forwardclientcertdetails[HTTP connection manager (proto)] in the Envoy documentation. + +|FLEX_DOWNSTREAM_CONNECTION_BUFFER_LIMIT_BYTES +|`1048576` (1 MB) +|Maximum size, in bytes, of read and write buffers for new connections. For more information, see xref:flex-review-prerequisites.adoc[]. + +|FLEX_DATASOURCE_CONTROL_NODE_ENABLED +|`false` +|Enable configuration caching in Redis shared storage for Connected Mode replicas. For more information, see xref:flex-conn-replica-caching.adoc[]. + +|FLEX_SERVICE_ENVOY_DRAIN_TIME +|`25` +|Drain period in seconds during shutdown before Omni Gateway exits gracefully. For more information, see xref:flex-{page-mode}-monitor.adoc[]. + +|FLEX_SYNC_DEBOUNCE_TIME +|"5s" +|Specifies the amount of time to wait after detecting a configuration change before applying it. This prevents excessive reloading during rapid successive changes. The value must be a valid duration string, such as `"5s"` or `"500ms"`. + +|FLEX_LOG_LEVEL +| `4` (INFO) +| Sets the logging level for Omni Gateway. For the environment variable configuration of log level, you specify a number that corresponds to the log level. Supported values are NONE:`-1`, FATAL:`0`, ERROR:`1`, WARN:`2`, INFO:`4`, DEBUG:`8`, and TRACE:`16`. + +|FLEX_CONFIG +|N/A +|Provides Omni Gateway registration and configuration as a YAML-formatted string. The YAML content must be properly escaped to preserve special characters. Provide your registration and configuration as a string if deploying environments where file mounting isn't practical, such as Amazon ECS or Azure Container Apps. + +|=== diff --git a/gateway/1.13/modules/ROOT/pages/_partials/flex-message-log.adoc b/gateway/1.13/modules/ROOT/pages/_partials/flex-message-log.adoc new file mode 100644 index 000000000..86d4f2d76 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/flex-message-log.adoc @@ -0,0 +1,56 @@ + +Applying a Message Logging policy to your API instance in API Manager allows you to view basic logs, such as inbound and outbound calls and headers, for APIs managed by Omni Gateway within API Manager. Logging for an API instance only happens if you configure and apply a Message Logging policy. + +To view metrics in API Manager, such as total requests, total policy violations, total errors, and average response time, see xref:flex-view-api-metrics.adoc[]. + +== Message Logging Limits and Features + +include::reuse::partial$billing/pricing.adoc[tag=apimLogging] + +Basic logs report this information for each API instance configured through a policy: + +* Inbound and outbound API calls, as well as the packet contents +* Headers and any other information in the request + +To view message logs in API Manager, you need one of the following permissions: + +* API Manager Environment Administrator +* API Manager Deploy API Proxies +* General Organization Administration + +Refer to xref:access-management::permissions-by-product.adoc[]. + +== Configure Message Logging in Connected Mode + +. From *API Instances* in API Manager, select the name of the API Instance. +. Click *Policies*. +. Click *+ Add policy*. +. Click *Message Logging* in the *Troubleshooting* category. +. Click *Next*. +. Click *+ Add*. +. Enter a *Configuration Name*, for example, 'Info messages before calling API'. +. Enter a DataWeave expression that selects what information you want to see. ++ +For example, `#[attributes.headers['id']]` extracts the ids from the headers of +the messages. For more information, see xref:policies-flex-dataweave-support.adoc[]. + +. If you want to filter log messages, enter a DataWeave expression. ++ +For example, `#[attributes.headers['id']==1]` shows log messages that have +an id of 1 in the header. + +. If you want to affix a prefix to your logs, enter a *Category*. +. Enter the severity level. ++ +You can only enter one level. See <> +for a description of each severity level and the hierarchy for the levels. + +. If you want messages after the API is called, select *After Calling API*. +. If you want to add additional configurations, click *+ Add*. +. Click *Save*. ++ +Afterward, you should see a *Message Log* option for the API instance. ++ +Use the search field to search for specific logs based on the time and log severity (INFO, ERROR, WARN, DEBUG). You can download these logs for further analysis. + +include::partial$logging-severity-level.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/_partials/flex-tls-cipher.adoc b/gateway/1.13/modules/ROOT/pages/_partials/flex-tls-cipher.adoc new file mode 100644 index 000000000..99d7c8ebd --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/flex-tls-cipher.adoc @@ -0,0 +1,121 @@ +//tag::connectedSelect[] +[[select-ciphers]] +== Select Ciphers + +When you configure a TLS context, Secrets Manager applies default ciphers based on the TLS versions you select. In addition to the defaults, you can select other ciphers to use with the selected TLS version. Each TLS context can have multiple ciphers. + +To select ciphers: + +. Click *Ciphers* to see available ciphers. +. Select ciphers. ++ +Cipher selection is not available if only supporting TLS version 1.3. +. Click *Save* + +//end::connectedSelect[] + +//tag::cipherSupport[] + +== TLS Cipher Support on Omni Gateway + +Omni can support a range of TLS Versions from TLS 1.2 to TLS 1.3, and you can also customize some of the ciphers to support. + +You cannot customize the list of TLS 1.3 Ciphers. If you support TLS 1.3, you must support the TLS 1.3 default ciphers. + +If you support TLS 1.2, the TLS 1.2 default Ciphers are selected. However, unlike TLS 1.3, you can customize different TLS 1.2 ciphers. + +IMPORTANT: For outbound TLS Context, ensure that your API upstream supports the selected ciphers and versions. + +//end::cipherSupport[] + +//tag::cipherSupportLocal[] +[[local-support]] +== TLS Cipher Support on Omni Gateway + +Omni can support a range of TLS Versions from TLS 1.2 to TLS 1.3, and you can also customize some of the ciphers to support. + +You cannot customize the list of TLS 1.3 Ciphers. If you support TLS 1.3, the TLS 1.3 default ciphers are all supported regardless of the ciphers listed in the configuration file. If you don't support TLS 1.3, these ciphers are not included. + +For TLS 1.2, listing any ciphers overides the TLS 1.2 default ciphers. If you want to list ciphers besides the default TLS 1.2 Ciphers, you must list every cipher to support including the default ciphers you want to support. Excluding default ciphers from your list of supported ciphers means you do not support those ciphers. If you wish to only support the default ciphers, you can leave the cipher list blank. Listing ciphers does not affect the default TLS 1.3 cipher. + +//end::cipherSupportLocal[] + +//tag::outboundImportantLocal[] + +IMPORTANT: For outbound TLS Context, ensure that your upstream service supports the selected ciphers and versions. + +//end::outboundImportantLocal[] + +//tag::ciphers[] + +[[supported-ciphers]] +=== Omni Gateway Supported Ciphers + +Omni Gateway supports the following TLS Ciphers in Connected Mode and Local Mode: + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +| Cipher | TLS Version | Default | Advice +| TLS AES 128 GCM SHA256 | 1.3 | Yes | Secure +| TLS AES 256 GCM SHA384 | 1.3 | Yes | Secure +| TLS CHACHA20 POLY1305 SHA256 |1.3 | Yes | Secure +| TLS ECDHE ECDSA WITH AES 128 GCM SHA256 | 1.2 | Yes | Recommended +| TLS ECDHE ECDSA WITH AES 256 GCM SHA384 | 1.2 | Yes | Recommended +| TLS ECDHE ECDSA WITH CHACHA20 POLY1305 SHA256 | 1.2 | Yes | Recommended +| TLS ECDHE PSK WITH CHACHA20 POLY1305 SHA256 | 1.2 | No | Recommended +| TLS ECDHE RSA WITH AES 128 GCM SHA256 | 1.2 | Yes | Secure +| TLS ECDHE RSA WITH AES 256 GCM SHA384 | 1.2 | Yes | Secure +| TLS ECDHE RSA WITH CHACHA20 POLY1305 SHA256 | 1.2 | Yes | Secure +| TLS RSA WITH AES 128 GCM SHA256 | 1.2 | No | Weak +| TLS RSA WITH AES 256 GCM SHA384 | 1.2 | No | Weak +| TLS RSA WITH AES 128 CBC SHA | 1.2 | No | Weak +| TLS RSA WITH AES 256 CBC SHA | 1.2 | No | Weak +| TLS PSK WITH AES 128 CBC SHA | 1.2 | No | Weak +| TLS PSK WITH AES 256 CBC SHA | 1.2 | No | Weak +| TLS ECDHE ECDSA WITH AES 128 CBC SHA | 1.2 | No | Weak +| TLS ECDHE ECDSA WITH AES 256 CBC SHA | 1.2 | No | Weak +| TLS ECDHE RSA WITH AES 128 CBC SHA | 1.2 | No | Weak +| TLS ECDHE RSA WITH AES 256 CBC SHA | 1.2 | No | Weak +| TLS ECDHE PSK WITH AES 128 CBC SHA | 1.2 | No | Weak +| TLS ECDHE PSK WITH AES 256 CBC SHA | 1.2 | No | Weak +|=== + + +//end::ciphers[] + +//tag::local-ciphers[] + +[[supported-ciphers]] +=== Omni Gateway Supported Ciphers + +Omni Gateway supports the following TLS Ciphers in Connected Mode and Local Mode: + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +| Cipher | TLS Version | Default | Advice +| TLS_AES_128_GCM_SHA256 | 1.3 | Yes | Secure +| TLS_AES_256_GCM_SHA384 | 1.3 | Yes | Secure +| TLS_CHACHA20_POLY1305_SHA256 |1.3 | Yes | Secure +| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | 1.2 | Yes | Recommended +| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | 1.2 | Yes | Recommended +| TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | 1.2 | Yes | Recommended +| TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 | 1.2 | No | Recommended +| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | 1.2 | Yes | Secure +| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | 1.2 | Yes | Secure +| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | 1.2 | Yes | Secure +| TLS_RSA_WITH_AES_128_GCM_SHA256 | 1.2 | No | Weak +| TLS_RSA_WITH_AES_256_GCM_SHA384 | 1.2 | No | Weak +| TLS_RSA_WITH_AES_128_CBC_SHA | 1.2 | No | Weak +| TLS_RSA_WITH_AES_256_CBC_SHA | 1.2 | No | Weak +| TLS_PSK_WITH_AES_128_CBC_SHA | 1.2 | No | Weak +| TLS_PSK_WITH_AES_256_CBC_SHA | 1.2 | No | Weak +| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | 1.2 | No | Weak +| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | 1.2 | No | Weak +| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | 1.2 | No | Weak +| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | 1.2 | No | Weak +| TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA | 1.2 | No | Weak +| TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA | 1.2 | No | Weak +|=== + + +//end::local-ciphers[] diff --git a/gateway/1.13/modules/ROOT/pages/_partials/flex-view-api-metrics.adoc b/gateway/1.13/modules/ROOT/pages/_partials/flex-view-api-metrics.adoc new file mode 100644 index 000000000..aaf4db831 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/flex-view-api-metrics.adoc @@ -0,0 +1,48 @@ + +API Manager and Anypoint Monitoring collect metrics on active Omni Gateway API instances. You can view charts related to these metrics and filter the data by date. + +include::reuse::partial$billing/pricing.adoc[tag=apimKeyMetrics] + + +[NOTE] +==== +The *Mule API Analytics* tab in API Manager is currently not available for Omni Gateway APIs. Use the *Key Metrics* or the additional metrics in Anypoint Monitoring. +==== + + +== Key Metrics + +include::partial$include-nav-steps-api-instance.adoc[] + +To see an API instance in Anypoint Monitoring, from the *Key Metrics* section click *View more metrics in Anypoint Monitoring dashboard* or navigate to Anypoint Monitoring directly. + +The *Key Metrics* section shows four charts. If charts do not appear for your API instance, refresh your browser. + +== Understanding Key Metrics + +The *Key Metrics* section of the API summary contains the following charts: + +Total Requests:: +Sum of requests in the selected time period for the given API. ++ +Data is aggregated in one minute increments. + +Total Policy Violations:: +Sum of requests that return policy violations. ++ +Data is aggregated in one minute increments. + +Total Errors:: +Sum of HTTP response codes that occur in the selected time period. The response codes counted in this metric are 400, 401, 402, 403, 404, 405, 408, 409, 410, 411, 412, 413, 415, 416, 417, 420, 422, 429, 500, 502, 503, 504, 504, 510, and 511. ++ +Data is aggregated in one minute increments. In the chart, HTTP response codes are abbreviated as 4xx and 5xx. + +Average Response Time:: +Average response time of requests in the selected time period for the given API. ++ +Data is aggregated in one minute increments. + + +== Setting the Time Period for Key Metrics + +You can view the data points collected for the last given period of time (such as the last 5 or 30 minutes) or over a given date and time range. Use the drop-down in the calendar icon to select the time period to display. \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/_partials/flex-view-api-status.adoc b/gateway/1.13/modules/ROOT/pages/_partials/flex-view-api-status.adoc new file mode 100644 index 000000000..d54c8cb20 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/flex-view-api-status.adoc @@ -0,0 +1,11 @@ + +To view basic information about APIs associated with Omni Gateway instances: + +. From Anypoint Platform, select *Runtime Manager*. +. Select *Omni Gateways* in the navigation menu. +. Click the name of the gateway whose APIs you want to check. +. Click *APIs*. ++ +For each API, Runtime Manager shows the name, version, instance ID, label, and date on which it was added. + +To see more detailed information and perform actions on your APIs, click *View details* to be redirected to API Manager. \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/_partials/forward-proxy-config.adoc b/gateway/1.13/modules/ROOT/pages/_partials/forward-proxy-config.adoc new file mode 100644 index 000000000..680e58a67 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/forward-proxy-config.adoc @@ -0,0 +1,192 @@ +//tag::intro[] +A forward proxy, such as Squid, enables you to route external HTTP Omni Gateway connections through a proxy connection. + +For both Connected Mode and Local Mode, you configure a forward proxy using YAML configuration files. + +The following diagram demonstrates how an internal network communicates with an external network using a forward proxy. + +image:forward-proxy-diagram.png["A flowchart that illustrates the journey of data from an app to a database to the cloud and back", align=center] + +As in the diagram, when using a forward proxy, HTTP communication out of your internal network must travel through the forward proxy. + +In this example, all HTTP API upstream communication must also pass through the forward proxy. For more information about how to enable some connections to communicate directly without the forward proxy, see <>. + +//end::intro[] + +//tag::icon-table[] +[cols="1a,1a,1a"] +|=== +|image:install-linux-logo.png[20%,20%,xref="#linux"] +|image:install-docker-logo.png[25%,25%,xref="#docker"] +|image:install-kubernetes-logo.png[20%,20%,xref="#kubernetes"] + +|<> +|<> +|<> +|=== + +//end::icon-table[] + +//tag::connections[] +== Forward Proxy Connections +Only HTTP connections route through the forward proxy. + +The following connections route through the forward proxy: + +* Connections to Anypoint Platform +* Outbound policy connections +* Connections to upstream services +* HTTP (Fluent Bit) log connections + +Using the `noProxy` parameter, you can configure HTTP and HTTPS connections to connect directly without using the forward proxy. + +Configuring a forward proxy does not alter these connections: + +* Connections to shared storage +* Lightweight Directory Access Protocol (LDAP) connections +* Non-HTTP log connections + +//end::connections[] + +//tag::noproxy[] +== noProxy Parameter + +Adding the `noProxy` parameter enables HTTP services you trust to communicate without using the forward proxy. + +For example, when you enable `noProxy`, you can list HTTP log connections and connections to upstream services to have them connect directly to Omni Gateway. + +When using the `noProxy` parameter in the YAML configuration file to communicate with HTTP logs, you must list the exact domain name. You cannot list the domain suffix, for example, `.svc.cluster.local`. You need to list full domain name, `.svc.cluster.local`, for all HTTP log connections. + +The following diagram demonstrates the differences in communication using noProxy: + +image:no-proxy-diagram.png["Shows the difference between internal connections when `noProxy` is enabled or disabled", align=center] + +In the diagram, when you do not enable `noProxy`, Omni Gateway communicates with the internal API endpoint using the forward proxy. When you enable `noProxy` and list the API Upstream domain, Omni Gateway communicates directly with the internal API endpoint. + +//end::noproxy[] + +//tag::forward-proxy-parameters[] +== Configuring Forward Proxy Parameters + +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: forward-proxy +spec: + forwardProxy: + https: + address: http://proxy:8888 + basicAuth: + username: + password: + noProxy: + - fluentd + - .svc.cluster.local + +---- + +|=== +|Parameter | Required or Optional | Description + +| `https.address` +| required +| Proxy adddress. + +| `basicAuth` +| Optional +| Supplies the authentication username and password. + +| `basicAuth.username` +| Required when `basicAuth` configured +| Authentication username + +| `basicAuth.Password` +| Required when `basicAuth` configured +| Authentication password. + +| `noProxy` +| Optional +| Array containing domain names or IP addresses to communicate to without using the forward proxy. Each IP address must be listed in the array. The `noProxy` does not support CIDR blocks. +|=== + +//end::forward-proxy-parameters[] + +//tag::linux[] + +[[linux]] +== Configure a Forward Proxy for Omni Gateway as a Linux Service + +. Create a YAML configuration file in the Omni Gateway configuration directory: ++ +[source,ssh] +---- +sudo touch /usr/local/share/mulesoft/flex-gateway/conf.d/forward-config.yaml +---- + +. Update the file with your desired forward proxy configuration details. +. If your Omni Gateway does not have direct internet access, see <>. +//end::linux[] + +//tag::docker[] + +[[docker]] +== Configure a Forward Proxy for Omni Gateway in a Docker Container + +NOTE: If you have already added a volume for a folder with your +Omni Gateway configuration files, skip to the create and save a YAML file step. + +. Press Ctrl+C to stop your Omni Gateway and any replicas. +. Create a folder named `app` in the directory with your Omni Gateway configuration files. +. Restart your Omni Gateway with an additional volume for the new `app` directory: +//end::docker[] + +//tag::docker2[] +. Create and save a YAML file with your desired forward proxy configuration details. +. If your Omni Gateway does not have direct internet access, see <>. +//end::docker2[] + +//tag::k8s[] + +[[kubernetes]] +== Configure a Forward Proxy for Omni Gateway in a Kubernetes Cluster + +To configure a forward proxy for Omni Gateway, create a new YAML configuration resource with your forward proxy details. + +If your Omni Gateway does not have direct internet access, see <>. +//end::k8s[] + +//tag::proxy-registration[] + +[[proxy-registration]] +== Forward Proxy Omni Gateway Registration + +If your Omni Gateway is in an internal network where all internet connections pass through the forward proxy, you must add the `--https-proxy` flag when xref:flex-{page-mode}-reg-run.adoc[registering an Omni Gateway]. + +Add the `--https-proxy` flag with your proxy `address` parameter: +---- +--https-proxy=http://proxy:8888 +---- + +Provide your `username` and `password` parameters if you enable `basicAuth`: +---- +--https-proxy=http://:@proxy:8888 +---- + +The following sample registration command shows flag placement: +[source,ssh] +---- +flexctl register \ +--username= \ +--password= \ +--environment= \ +--organization= \ +--output-directory=/usr/local/share/mulesoft/flex-gateway/conf.d \ +--https-proxy=http://:@proxy:8888 \ +my-gateway +---- + +NOTE: Use the relevant registration command for your Omni Gateway deployment. + +//end::proxy-registration[] diff --git a/gateway/1.13/modules/ROOT/pages/_partials/include-nav-steps-api-instance.adoc b/gateway/1.13/modules/ROOT/pages/_partials/include-nav-steps-api-instance.adoc new file mode 100644 index 000000000..37d672941 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/include-nav-steps-api-instance.adoc @@ -0,0 +1,7 @@ +. Log in to Anypoint Platform. +. In the navigation bar or the Anypoint Platform page, click *API Manager*. + +The *API Instances* page appears, showing a list of API instances that are available in your organization. ++ +. Click the API instance. + +The *API Summary* page appears, showing general information and the status of the API instance. ++ diff --git a/gateway/1.13/modules/ROOT/pages/_partials/kubernetes-service-note.adoc b/gateway/1.13/modules/ROOT/pages/_partials/kubernetes-service-note.adoc new file mode 100644 index 000000000..44f30a786 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/kubernetes-service-note.adoc @@ -0,0 +1,10 @@ +If you use https://kubernetes.io/docs/concepts/services-networking/service/[Kubernetes Service^] as an upstream service or you apply a policy that makes requests to a Kubernetes Service, set the following parameters in the `service` resource: + +* `spec.ports[].protocol` to `TCP` +* `spec.ports[].name` + +Your `spec.ports[].name` service must adhere to the `[-]` structure. `[-]` is optional, and the valid options for `` are: + +* HTTP +* H2 +* HTTPS diff --git a/gateway/1.13/modules/ROOT/pages/_partials/logging-config-file.adoc b/gateway/1.13/modules/ROOT/pages/_partials/logging-config-file.adoc new file mode 100644 index 000000000..a642cf346 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/logging-config-file.adoc @@ -0,0 +1,73 @@ + +The `logging` object configures the delivery of runtime and access logs enabled via the message logging policy. Logs are delivered to any supported Fluent Bit {fluentbit-ver-var} output. + +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: + namespace: +spec: + logging: + outputs: + - name: + type: + parameters: + : + runtimeLogs: + logLevel: + outputs: + accessLogs: + outputs: +---- + +[cols="2,1,1,3"] +|=== +|Parameter |Required or Optional |Default Value |Description + +|`logging.outputs[#].name` +|Required +|N/A +|The name of this output to later refer to in runtime and access logs configurations. + +|`logging.outputs[#].type` +|Required +|N/A +|An output type supported by Fluent Bit. For Fluent Bit output types, see https://docs.fluentbit.io/manual[Fluent Bit documentation] for your Fluent Bit version. + +|`logging.outputs[#].parameters` +|Required +|N/A +|A map of parameters for the specific Fluent Bit output type. For Fluent Bit output type parameters, see https://docs.fluentbit.io/manual[Fluent Bit documentation] for your Fluent Bit version. + +|`logging.accessLogs.outputs` +|Optional +|Empty +|A list of output names to redirect access logs to. + +|`logging.runtimeLogs.logLevel` +|Optional +|`info` +|A parameter specifying log detail. The supported `logLevel` types listed in decreasing verbosity are `debug`, `info`, `warn`, `error`, and `fatal`. + +|`logging.runtimeLogs.outputs` +|Optional +|Empty +|A list of output names to redirect runtime logs to. + +|=== + +Leaving a value blank applies the default value to your configuration. + +In addition to parameters above, Omni Gateway offers variables for logging output. When configured, the variables render as one of their respective outputs in the logs: + +[cols="1,2,3"] +|=== +| Variable | Description | Outputs + +| `date` | Date and time of the logged event | A specific time, for example, `17/11/2022-09:48:27AM` +| `logger` | Omni Gateway service where the logged event occurred | `flex-gateway-agent`, `flex-gateway-envoy`, and `flex-gateway-fluent` +| `level` | `Loglevel` of the logged event | `debug`, `info`, `warn`, `error`, or `fatal` +| `kind` | Log type | `runtimeLog` or `accessLog` +|=== diff --git a/gateway/1.13/modules/ROOT/pages/_partials/logging-severity-level.adoc b/gateway/1.13/modules/ROOT/pages/_partials/logging-severity-level.adoc new file mode 100644 index 000000000..3e0d52187 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/logging-severity-level.adoc @@ -0,0 +1,26 @@ +[[severity-levels]] +== Message Logging Severity Levels + +When you configure a Message Logging policy for your API instance, you can assign a severity level. Each severity level includes a specific set of information in the log report. + +Log reports include the severity level you select and the following levels on the hierarchy. + +For example, if you select DEBUG, the log reports include the DEBUG severity level as well as the INFO, WARN, and ERROR severity levels. However, if you select ERROR, the log reports include only error messages. The following table describes the type of information included in the logs for each severity level: + +[%header,cols='1a,5a'] +|=== +|Log Severity Level +|Description + +|DEBUG +|Tracing information used by application developers. + +|INFO +|Informational messages that highlight the progress of the application. + +|WARN +|Potentially harmful situations that indicate potential problems. + +|ERROR +|Events that prevent normal program execution but might allow the application to continue running. +|=== \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/_partials/mcp-version-support.adoc b/gateway/1.13/modules/ROOT/pages/_partials/mcp-version-support.adoc new file mode 100644 index 000000000..834aecc02 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/mcp-version-support.adoc @@ -0,0 +1 @@ +NOTE: This policy supports Model Context Protocol (MCP) version 2025-06-18 and earlier. To learn more about MCP, see https://modelcontextprotocol.io/specification/2025-06-18[MCP Specification]. \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/_partials/pdk-banner.adoc b/gateway/1.13/modules/ROOT/pages/_partials/pdk-banner.adoc new file mode 100644 index 000000000..dcd6556cb --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/pdk-banner.adoc @@ -0,0 +1,6 @@ +// tag::pdk[] +[.notice-banner] + +*New Feature Available*: This product feature is outdated and is only provided for existing custom policies. To create new custom policies, use the xref:pdk::policies-pdk-overview.adoc[Omni Gateway Policy Development Kit (PDK)]. + +// end::pdk[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/_partials/policy-title-headers.adoc b/gateway/1.13/modules/ROOT/pages/_partials/policy-title-headers.adoc new file mode 100644 index 000000000..128e0e660 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/policy-title-headers.adoc @@ -0,0 +1,19 @@ +// tag::ui[] +[[connected-mode]] +=== Managed Omni Gateway and Omni Gateway Connected Mode + +When you apply the policy from the UI, the following parameters are displayed: + +// end::ui[] + +// tag::configFile[] +[[local-mode]] +=== Omni Gateway Local Mode + +When you apply the policy via declarative configuration files, Refer to the following policy definition and table of parameters: + +// end::configFile[] + +// tag::configFileTitleOnly[] +=== Omni Gateway Local Mode +// end::configFileTitleOnly[] diff --git a/gateway/1.13/modules/ROOT/pages/_partials/prerequisites.adoc b/gateway/1.13/modules/ROOT/pages/_partials/prerequisites.adoc new file mode 100644 index 000000000..faa0c39a2 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/prerequisites.adoc @@ -0,0 +1,53 @@ +//tag::intro[] +Omni Gateway runs on the following Long Term Support (LTS) versions of Linux: +//end::intro[] + +//tag::amazon-linux[] +Amazon Linux 2023 +//end::amazon-linux[] + +//tag::centos[] +CentOS 8 +//end::centos[] + +//tag::curl[] +The `curl` command-line tool. +//end::curl[] + +//tag::debian[] +Debian Bookworm +//end::debian[] + +//tag::docker[] +A Docker installation. +//end::docker[] + +//Requires local/page variable that specifies the version, such as :version-helm: 3.0.0 +//tag::helm[] +A minimum Helm version of 3.0.0 is required. +//end::helm[] + +//tag::kubectl[] +The Kubernetes `kubectl` command-line tool. +//end::kubectl[] + +//tag::red-hat[] +Red Hat Enterprise Linux (9) +//end::red-hat[] + +//tag::red-hat-ibm[] +Red Hat Enterprise Linux (9) on IBM Power (ppc64le) +//end::red-hat-ibm[] + +//tag::ubuntu[] +Ubuntu Jammy +//end::ubuntu[] + +//pls leave blank line in rabc-permission-k8 +// tag::rbac-permission-k8[] + +When deploying Omni Gateway to a Kubernetes cluster that enables role-based access control (RBAC), you must have cluster-level permissions to permit installation of custom resource definitions (CRDs) used by Omni Gateway. +// end::rbac-permission-k8[] +// tag::rbac-role-openshift[] +In OpenShift, the `cluster-admin` role provides this level of access. +// end::rbac-role-openshift[] diff --git a/gateway/1.13/modules/ROOT/pages/_partials/product-spotlight-video.html b/gateway/1.13/modules/ROOT/pages/_partials/product-spotlight-video.html new file mode 100644 index 000000000..279cd8cb1 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/product-spotlight-video.html @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/_partials/reference-install-next-steps.adoc b/gateway/1.13/modules/ROOT/pages/_partials/reference-install-next-steps.adoc new file mode 100644 index 000000000..5edff218c --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/reference-install-next-steps.adoc @@ -0,0 +1,32 @@ +//for Docker and k8, download only +//tag::omni-docker-image[] +For deployments using Docker images, add the Omni Gateway Docker image to your Docker registry to ensure the image is available in the event of a Dockerhub outage. + +//for Linux, download and install +//tag::omni-download-install[] +After downloading and installing, register Omni Gateway in +xref:flex-conn-reg-run.adoc[Connected] or xref:flex-local-reg-run.adoc[Local Mode]. +//end::omni-download-install[] + +//end::omni-docker-image[] + +//for Docker and k8, download only +//tag::omni-k8-download-install[] +After downloading the image, register Omni Gateway in +xref:flex-conn-reg-run.adoc[Connected] or xref:flex-local-reg-run.adoc[Local Mode]. +//end::omni-k8-download-install[] + +//for Docker and Linux on connected vs. local +//tag::omni-connected-vs-local[] +For more detail, see xref:index.adoc#connected-mode-vs-local-mode[Connected Mode vs. Local Mode]. +//end::omni-connected-vs-local[] + +// tag::post-download-omni-image[] +After downloading the Omni Gateway image, register a gateway in +xref:flex-conn-reg-run.adoc[Connected Mode] or xref:flex-local-reg-run.adoc[Local Mode]. +// end::post-download-omni-image[] + +// tag::connected-local-k8[] +See xref:flex-gateway-k8-overview.adoc[] +for more information about the difference between Connected Mode and Local Mode for Omni Gateway in Kubernetes clusters. +// end::connected-local-k8[] diff --git a/gateway/1.13/modules/ROOT/pages/_partials/reference-k8-general.adoc b/gateway/1.13/modules/ROOT/pages/_partials/reference-k8-general.adoc new file mode 100644 index 000000000..136a46879 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/reference-k8-general.adoc @@ -0,0 +1,7 @@ + +//tag::omni-k8-helm-chart-info[] +Find the default Helm chart settings for Omni Gateway (flex-gateway) through one of the following methods: + +* Open the *flex-gateway* page in https://artifacthub.io/packages/helm/flex-gateway/flex-gateway[ArtifactHUB^] +* Run `helm show values <helm-repository-name>/<helm-chart-name>` from a terminal window, for example, `helm show values flex-gateway/flex-gateway`. +//end::omni-k8-helm-chart-info[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/_partials/soap-api-video.html b/gateway/1.13/modules/ROOT/pages/_partials/soap-api-video.html new file mode 100644 index 000000000..9ddeb1220 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/soap-api-video.html @@ -0,0 +1,11 @@ + + + \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/_partials/task-config-disable-logs.adoc b/gateway/1.13/modules/ROOT/pages/_partials/task-config-disable-logs.adoc new file mode 100644 index 000000000..165845e5e --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/task-config-disable-logs.adoc @@ -0,0 +1,147 @@ +//tag::config-disable-logs-intro[] + +Anypoint Omni Gateway logging provides insights into startup, shutdown, API requests, API responses, policies, and Fluent Bit. Logging enables developers and administrators to identify and address issues or anomalies. However, disabling log output to Anypoint Platform might be necessary. + +Before disabling log output, consider the potential impact on troubleshooting capabilities. In some cases, it's more appropriate to adjust the log verbosity level. + +You can disable sending the following logs to Anypoint Platform: + +* Runtime logs, including: +** The startup and shutdown of Omni Gateway, Fluent Bit, and Envoy. +** Deployed APIs and policies. +** Possible misconfigurations of Omni Gateway or other errors. + +* Access logs, including: +** The description of incoming interaction with Envoy over a period of time. +** Incoming requests and responses for specific APIs. + +NOTE: You can only disable logs sent to Anypoint Platform. Standard output (STDOUT) remains unchanged. + +You disable sending logs to Anypoint Platform by using a local configuration file. The following tutorial describes how to create and deploy the file. + +//end::config-disable-logs-intro[] +//tag::icon-table[] + +[cols="1a,1a,1a,1a"] +|=== +|image:install-linux-logo.png[20%,20%,xref="#linux"] +|image:install-container-logo.png[25%,25%,xref="#containers"] +|image:install-kubernetes-logo.png[20%,20%,xref="#kubernetes"] +|image:install-openshift-logo.png[20%,20%,xref="#openshift"] + +|<> +|<> +|<> +|<> +|=== + +//end::icon-table[] +//tag::byb[] + +== Before You Begin + +Before configuring Omni Gateway log output, complete the following task: + +* Depending on your output, ensure that the service where you direct logs to is operational. For more information about log output services, refer to xref:flex-{page-mode}-third-party-logs-config.adoc[Configuring Omni Gateway Output for Third-Party Services]. + +//end::byb[] +//tag::linux-section-1[] + +[[linux]] +== Disable Anypoint Platform Log Output for Omni Gateway as a Linux Service + +. Create a YAML configuration file in your Omni Gateway configuration directory. For example: ++ +[source,ssh] +---- +sudo touch /usr/local/share/mulesoft/flex-gateway/conf.d/disable-logs-config.yaml +---- + +. In the configuration file, configure either or both `spec.logging.runtimeLogs.outputs.anypoint` and `spec.logging.accessLogs.outputs.anypoint` to `disabled`. The file resembles the following: ++ +//end::linux-section-1[] + +//tag::linux-section-2[] +. Save the file. +//end::linux-section-2[] + +//tag::containers-section-1[] + +[[containers]] +== Disable Anypoint Platform Log Output for Omni Gateway in a Container + +NOTE: If you have already added a volume for a folder with your +Omni Gateway configuration files, skip to step 4. + +. Press Ctrl+C to stop your Omni Gateway and any replicas. +. Create a folder named `app` in the directory with your Omni Gateway configuration files. +. Navigate to the `app` directory. +. Create a new configuration YAML file named `disable-logs-config.yaml`. +. In the configuration file, configure either or both `spec.logging.runtimeLogs.outputs.anypoint` and `spec.logging.accessLogs.outputs.anypoint` to `disabled`. The file resembles the following: +//end::containers-section-1[] + +//tag::containers-section-2[] +. Save the configuration file. +. Restart your Omni Gateway with the configuration directory volume: +//end::containers-section-2[] + +//tag::k8s-section-1[] + +[[kubernetes]] +== Disable Anypoint Platform Log Output for Omni Gateway in a Kubernetes Cluster + +To disable logging to Anypoint Platform: + +. Create a new resource using a YAML configuration file with the following example output configuration details: ++ +//end::k8s-section-1[] + +//tag::k8s-section-2[] +. Configure either or both `spec.logging.runtimeLogs.outputs.anypoint` and `spec.logging.accessLogs.outputs.anypoint` to `disabled`. + +//end::k8s-section-2[] + +//tag::openshift-section-1[] + +[[openshift]] +== Disable Anypoint Platform Log Output for Omni Gateway in an OpenShift Cluster + +To disable logging to Anypoint Platform: + +. Create a new resource using a YAML configuration file with the following example output configuration details: ++ +//end::openshift-section-1[] + +//tag::openshift-section-2[] +. Configure either or both `spec.logging.runtimeLogs.outputs.anypoint` and `spec.logging.accessLogs.outputs.anypoint` to `disabled`. + +//end::openshift-section-2[] + +//tag::config-disable-logs-example[] + +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1beta1 +kind: Configuration +metadata: + name: logging-config +spec: + logging: + runtimeLogs: + logLevel: info + outputs: + anypoint: disabled + accessLogs: + outputs: + anypoint: disabled +---- + +//end::config-disable-logs-example[] + +//tag::see-also[] +== See Also + +* xref:flex-{page-mode}-third-party-logs-config.adoc[Configuring Omni Gateway Output for Third-Party Services] +* xref:policies-included-message-logging.adoc[] +* xref:flex-{page-mode}-reg-run.adoc[Registering and Running Omni Gateway] +//end::see-also[] diff --git a/gateway/1.13/modules/ROOT/pages/_partials/task-config-logs-third-party.adoc b/gateway/1.13/modules/ROOT/pages/_partials/task-config-logs-third-party.adoc new file mode 100644 index 000000000..e720752c2 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/task-config-logs-third-party.adoc @@ -0,0 +1,379 @@ +//tag::intro1[] +Anypoint Omni Gateway enables you to deliver runtime and access logs to any supported Fluent Bit {fluentbit-ver-var} output type. You configure log output via a custom YAML file. Additionally, to view access logs, you must also apply a Message Logging policy. + +The following configuration file examples demonstrate how to direct Omni Gateway logs to output types: `File`, `HTTP`, and `Splunk`. However, you can use any Fluent Bit {fluentbit-ver-var} output type, such as `Azure Log Analytics`, `Amazon S3`, `Kafka`, and more. For a complete list of Fluent Bit output types, see the https://docs.fluentbit.io/manual[Fluent Bit documentation] for your Fluent Bit version. + +//end::intro1[] + +//tag::intro2-conn[] +As well as being able to configure additional Fluent Bit log output types, Omni Gateway sends runtime logs to runtime manager and access logs to API Manager. To learn more, see: + +* xref:flex-view-logs-in-runtime-manager.adoc[] +* xref:flex-conn-message-log.adoc[]. + +//end::intro2-conn[] + + +//tag::intro2-local[] +As well as being able to configure additional Fluent Bit log output types, Omni Gateway maintains standard output logs. Use the standard output logs for quick checks when additional log output is not needed. To view the standard output logs, see xref:gateway::flex-local-view-logs.adoc[View Logs]. Both runtime and access logs appear in standard output logs. However, access logs are only present if you apply a Message Logging policy. + +//end::intro2-local[] + +//tag::icon-table[] + +[cols="1a,1a,1a"] +|=== +|image:install-linux-logo.png[20%,20%,xref="#linux"] +|image:install-docker-logo.png[25%,25%,xref="#docker"] +|image:install-kubernetes-logo.png[20%,20%,xref="#kubernetes"] + +|<> +|<> +|<> +|=== + +//end::icon-table[] +//tag::byb[] + +== Before You Begin + +Before configuring Omni Gateway log output, complete the following tasks: + +* xref:flex-install.adoc[Download Omni Gateway] +* xref:flex-{page-mode}-reg-run.adoc[Register and Run Omni Gateway] + +Additionally, depending on your output, ensure that the service where you direct logs to is operational and that you have the necessary information: + +* Splunk: +** A running https://www.splunk.com/[Splunk^] service. You can test Splunk with a free Splunk Cloud trial. +** Added an HTTP Event Collector (HEC) data input to the Cloud or Enterprise Splunk service. See the https://docs.splunk.com/Documentation/Splunk/7.0.3/Data/UsetheHTTPEventCollector[Splunk documentation^] about how to add a data input, and how to create an HEC token. +* Dynatrace: +** A running https://www.dynatrace.com/[Dynatrace^] service. You can test Dynatrace with a free Dynatrace trial. +** Environment ID. To find your Dynatrace environment ID, see https://www.dynatrace.com/support/help/get-started/monitoring-environment/environment-id[Environment ID^] +** Access token. To generate a Dynatrace access token, see https://www.dynatrace.com/support/help/manage/access-control/access-tokens[Access Tokens^]. Ensure that the token has the `Ingest logs` token scope. +//end::byb[] + +//tag::runtime-access-logs[] + +== Runtime Logs and Access Logs +Runtime and access logs both appear in the same log output. However, you can choose whether to include both logs in your log output. To use access logs, you must also apply a Message Logging policy. + +=== Runtime Logs +Runtime logs include the following information: + +* The startup and shutdown of Omni Gateway, Fluent Bit, and Envoy +* Deployed APIs and policies +* Possible misconfigurations of Omni Gateway or other errors + +=== Access Logs +Access logs describe incoming interaction with Envoy over a period of time and incoming requests and responses for specific APIs. + +To enable access logs, you must apply a Message Logging policy to the API instances you want to monitor. To apply a Message Logging policy, see <>. + +//end::runtime-access-logs[] + +//tag::file-example[] + +== Logging Configuration File + +include::partial$logging-config-file.adoc[] + +To view configuration files with applied values, see the following configuration file examples: + +* <> +* <> +* <> +* <> + + +//end::file-example[] +//tag::linux[] + +[[linux]] +== Configure Log Output for Omni Gateway as a Linux Service + +. Create a YAML configuration file in the Omni Gateway configuration directory: ++ +[source,ssh] +---- +sudo touch /usr/local/share/mulesoft/flex-gateway/conf.d/logs-config.yaml +---- + +. Update the file with your desired output configuration details as shown in the following examples: ++ +* <> +* <> +* <> +* <> ++ +//end::linux[] +//tag::docker[] + +[[docker]] +== Configure Log Output for Omni Gateway in a Docker Container + +NOTE: If you have already added a volume for a folder with your +Omni Gateway configuration files, skip to the create and save a YAML file step. + +. Press Ctrl+C to stop your Omni Gateway and any replicas. +. Create a folder named `app` in the directory with your Omni Gateway configuration files. +. Restart your Omni Gateway with an additional volume for the new `app` directory: +//end::docker[] + +//tag::docker2[] +. Create and save a YAML file with your desired output configuration details as shown in the following examples: ++ +* <> +* <> +* <> +* <> ++ +//end::docker2[] +//tag::k8s[] + +[[kubernetes]] +== Configure Log Output for Omni Gateway in a Kubernetes Cluster + +To configure logging for Omni Gateway: + +. Create a new resource using a YAML configuration file with your desired output configuration details as shown in the following examples: ++ +* <> +* <> +* <> +* <> ++ +//end::k8s[] + +//tag::view-logs-conn[] +If no events appear in the logging output, check the Omni Gateway runtime logs for any configuration errors. ++ +To view runtime logs, see xref:flex-view-logs-in-runtime-manager.adoc[]. ++ +For additional troubleshooting help, see xref:flex-troubleshoot-logging.adoc[]. +//end::view-logs-conn[] + +//tag::view-logs-local[] +If no events appear in the logging output, check the Omni Gateway standard output logs for any configuration errors. ++ +To view standard output logs, see xref:flex-local-view-logs.adoc[View Logs]. ++ +For additional troubleshooting help, see xref:flex-troubleshoot-logging.adoc[]. +//end::view-logs-local[] + +//tag::configure-message-logging-step[] +. If you are configuring access logs, see <> to apply a Message Logging policy. + +//end::configure-message-logging-step[] + +//tag::file-configuration-example[] + +[[file-configuration-example]] +== File Configuration Example + +Configure Omni Gateway to send formatted runtime and access logs to a file called `log.txt` (Fluent Bit `File` output), in the `/var/log` directory. As an example, the following definition specifies a `spec.logging.outputs.type` value of `file`: + + +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: logging-config +spec: + logging: + outputs: + - name: default + type: file + parameters: + file: /var/log/log.txt # Docker: replace `/var/log` with the absolute path to the mounted configuration directory + format: template + template: | + [{date}][{logger}][{level}][{kind}] {message} + runtimeLogs: + logLevel: info + outputs: + - default + accessLogs: + outputs: + - default +---- + +NOTE: For Docker, in `spec.logging.output.parameters.file`, replace `/var/log` with the absolute path to the mounted configuration directory. + +//end::file-configuration-example[] + +//tag::http-configuration-example[] + +[[http-configuration-example]] +== HTTP Configuration Example + +You can configure Omni Gateway to send formatted runtime and access logs to a `HTTP` output. As an example, the following definition specifies a `spec.logging.outputs.type` value of `HTTP`: + +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: logging-config +spec: + logging: + outputs: + - name: default + type: HTTP + parameters: + host: collectors.au.sumologic.com + port: "443" + URI: /receiver/v1/http/[PrivateKey] + format: json_lines + json_date_key: timestamp + json_date_format: iso8601 + runtimeLogs: + logLevel: info + outputs: + - default + accessLogs: + outputs: + - default +---- + +//end::http-configuration-example[] + +//tag::dynatrace-configuration-example[] + +[[dynatrace-configuration-example]] +== Dynatrace Configuration Example + +You can configure Omni Gateway to send formatted runtime and access logs to a Dynatrace environment `HTTP` output. As an example, the following file contains the necessary configurations: + +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: dynatrace-config +spec: + logging: + outputs: + - name: dynatrace + type: http + parameters: + host: .live.dynatrace.com + Port: "443" + allow_duplicated_headers: "false" + header: + - Content-Type application/json; charset=utf-8 + - Authorization Api-Token + URI: /api/v2/logs/ingest + Format: json + json_date_key: timestamp + json_date_format: iso8601 + tls: "on" + tls.verify: "off" + runtimeLogs: + logLevel: info + outputs: + - dynatrace + accessLogs: + outputs: + - dynatrace + +---- + +For more information about configuration options, see the https://docs.fluentbit.io/manual[Fluent Bit documentation] for your Fluent Bit version. + +//end::dynatrace-configuration-example[] + +//tag::splunk-configuration-example[] + +[[splunk-configuration-example]] +== Splunk Configuration Example + +Splunk begins ingesting logs soon after you apply this resource. + +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: splunk-config +spec: + logging: + outputs: + - name: splunk + type: splunk + parameters: + host: .splunkcloud.com + port: "8088" + splunk_token: + tls: "on" + tls.verify: "off" + runtimeLogs: + logLevel: info + outputs: [splunk] + accessLogs: + outputs: [splunk] +---- + +//end::splunk-configuration-example[] + +//tag::log-output-examples[] + +== Logging Event Examples +The following log output examples demonstrate possible outputs that may occur for the following events: + +* <> +* <> +* <> + +[[graceful-shutdowns]] +=== Graceful Shutdowns + +---- +[flex-gateway-agent][info] SignalHandler: Signal terminated received +[flex-gateway-agent][info] FilesystemWatcher(/usr/local/share/mulesoft/flex-gateway/conf.d): Stopping with context done +[flex-gateway-agent][info] XdsService: Stopping with context done +[flex-gateway-agent][error] flex-gateway-envoy: Stopped with error context canceled +[flex-gateway-agent][info] FilesystemWatcher(/etc/mulesoft/flex-gateway/conf.d): Stopping with context done +[flex-gateway-agent][error] flex-gateway-fluent: Stopped with error context canceled +[flex-gateway-agent][error] flex-gateway-fluent: Stopped with error context canceled +[flex-gateway-agent][info] Server dropped connection +[flex-gateway-agent][info] Agent communication closed +---- + + +[[service-disconnections]] +=== Service Disconnections + +---- +[flex-gateway-agent][error] WebSocket receiver got error: read tcp 172.17.0.2:60780->100.64.1.37:443: i/o timeout +[flex-gateway-agent][info] Server dropped connection +[flex-gateway-agent][warn] Dropped connection due to error read tcp 172.17.0.2:60780->100.64.1.37:443: i/o timeout +[flex-gateway-agent][info] Reconnecting after connection was dropped +[flex-gateway-agent][error] Error connecting to Websocket Server: dial tcp: lookup arm-mcm2-service.kstg.msap.io on 192.168.65.7:53: dial udp 192.168.65.7:53: connect: network is unreachable +---- + +[[envoy-crash]] +=== Envoy Crash + +---- +[flex-gateway-envoy][critical] Caught Segmentation fault, suspect faulting address 0xffff87e8fb89485b +[flex-gateway-envoy][critical] Backtrace (use tools/stack_decode.py to get line numbers): +[flex-gateway-envoy][critical] Envoy version: 36cbae1aeedd8c3b4eb88cd28268d21fe0905ce5/1.23.0/Clean/RELEASE/BoringSSL +[flex-gateway-envoy][critical] #0: __restore_rt [0x7ff79db2f140] +[flex-gateway-envoy][critical] #1: [0x557dcfad249b] +[flex-gateway-envoy][critical] #2: [0x557dcdf35237] +[flex-gateway-envoy][critical] #3: [0x557dce16d49f] +[flex-gateway-envoy][critical] #4: [0x557dce1a8ff5] +[flex-gateway-envoy][critical] #5: [0x557dce1a8e47] +[flex-gateway-envoy][critical] #6: ... +[flex-gateway-agent][error] flex-gateway-envoy: Stopped with error flex-gateway-envoy: command error: signal: segmentation fault +[flex-gateway-agent][error] flex-gateway-fluent: Stopped with error context canceled +[flex-gateway-agent][error] flex-gateway-fluent: Stopped with error context canceled +[flex-gateway-agent][info] FilesystemWatcher(/etc/mulesoft/flex-gateway/conf.d): Stopping with context done +[flex-gateway-agent][info] FilesystemWatcher(/usr/local/share/mulesoft/flex-gateway/conf.d): Stopping with context done +[flex-gateway-agent][info] XdsService: Stopping with context done +[flex-gateway-agent][info] Server dropped connection +[flex-gateway-agent][info] Agent communication closed +---- +//end::log-output-examples[] diff --git a/gateway/1.13/modules/ROOT/pages/_partials/task-config-proxy-protocol.adoc b/gateway/1.13/modules/ROOT/pages/_partials/task-config-proxy-protocol.adoc new file mode 100644 index 000000000..053bc52d5 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/task-config-proxy-protocol.adoc @@ -0,0 +1,101 @@ +//tag::intro1[] +For use cases when Omni Gateway is deployed behind a load balancer or other proxy service, configure PROXY protocol to preserve client IP addresses across multiple layers of NAT or TCP proxies. + +In PROXY protocol, the load balancer or other proxy service sends the PROXY protocol header containing the client address and additional information to Omni Gateway. To learn more about PROXY protocol, see the https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt[HAProxy specification^]. + +Enabling PROXY protocol only enables Omni Gateway to receive the PROXY protocol header. Your load balancer or other proxy service must support PROXY protocol to transmit the header. + +//end::intro1[] + +//tag::icon-table[] + +[cols="1a,1a,1a"] +|=== +|image:install-linux-logo.png[20%,20%,xref="#linux"] +|image:install-docker-logo.png[25%,25%,xref="#docker"] +|image:install-kubernetes-logo.png[20%,20%,xref="#kubernetes"] + +|<> +|<> +|<> +|=== + +//end::icon-table[] + +//tag::byb[] + +== Before You Begin + +Before enabling PROXY protocol for Omni Gateway, complete the following tasks: + +. xref:flex-install.adoc[Download Omni Gateway] +. xref:flex-{page-mode}-reg-run.adoc[Register and Run Omni Gateway] + +//end::byb[] + +//tag::linux[] + +[[linux]] +== Enable PROXY Protocol for Omni Gateway as a Linux Service + +. Create a YAML configuration file in the Omni Gateway configuration directory: ++ +[source,ssh] +---- +sudo touch /usr/local/share/mulesoft/flex-gateway/conf.d/proxy-protocol-config.yaml +---- + +. Update the file with the PROXY protocol configuration file: ++ +//end::linux[] + +//tag::docker-intro[] + +[[docker]] +== Enable PROXY Protocol for Omni Gateway in a Docker Container + +NOTE: If you have already added a volume for a folder with your +Omni Gateway configuration files, skip to the last step. + +. Press Ctrl+C to stop your Omni Gateway and any replicas. +. Create a folder named `app` in the directory with your Omni Gateway configuration files. +. Restart your Omni Gateway with an additional volume for the new `app` directory: +//end::docker-intro[] + +//tag::docker-config-file-step[] +. Create and save a YAML configuration file in your `app` folder with your PROXY protocol configuration details. ++ +//end::docker-config-file-step[] + + + +//tag::k8s[] + +[[kubernetes]] +== Enable PROXY Protocol for Omni Gateway in a Kubernetes Cluster + +To configure PROXY protocol for Omni Gateway, create a new resource using +a YAML configuration file with your PROXY protocol details. + +//end::k8s[] +//tag::sample-config[] +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: config +spec: + proxyProtocol: + enabled: true +---- +//end::sample-config[] + +//tag::see-also[] + +== See Also + +* https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt[HAProxy specification^] + + +//end::see-also[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/_partials/task-config-readiness-liveness.adoc b/gateway/1.13/modules/ROOT/pages/_partials/task-config-readiness-liveness.adoc new file mode 100644 index 000000000..073f32f31 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/task-config-readiness-liveness.adoc @@ -0,0 +1,188 @@ +//tag::config-readiness-liveness-page-body[] + +Omni Gateway supports two methods for ensuring reliability and efficiency. + +* Readiness probes test whether a gateway instance is configured correctly and ready for incoming traffic. This ensures that end-users are not affected by partially configured APIs. For information, refer to <>. + +* Liveness probes test whether a gateway instance is operational. This minimizes downtime due to crashes or other failures. For information, refer to <>. + +[[configure-a-readiness-probe]] +== Configure a Readiness Probe + +To test whether an Omni Gateway instance is ready for incoming traffic, use the following CLI command: + +[source,ssh] +---- +flexctl probe --check=readiness +---- + +If the Omni Gateway instance is ready to receive incoming traffic, the command returns an exit code of `0`. Otherwise, the command returns an exit code of `1`. + +When Omni Gateway starts, its readiness state is `false`. The state changes to `true` after the following conditions are met: + +* API instances are deployed (at least one API must be configured) +* Policies are initialized + +The readiness state is not impacted when you apply configuration changes to a running gateway instance. This ensures that the instance continues to receive traffic during configuration updates. + +Refer to the following for information about configuring readiness probes in specific environments: + +[tabs] +==== +Kubernetes and OpenShift:: ++ +By default, Omni Gateway running on Kubernetes includes a readiness probe configured in the Helm chart. The readiness probe automatically runs `flexctl probe --check=readiness --allow-api-errors --allow-envoy-errors --allow-policy-errors` at an interval of 10 seconds. ++ +The readiness probe has the following default values: ++ +[source,helm] +---- +readinessProbe: + exec: + command: + - flexctl + - probe + - --check=readiness + - --allow-api-errors + - --allow-envoy-errors + - --allow-policy-errors + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 2 + timeoutSeconds: 5 +---- ++ +[cols="1,2"] +|=== +| Parameter | Description +| `exec.command` | The readiness probe command +| `--allow-api-errors`| The flag to allow errors in API instances +| `--allow-envoy-errors`| The flag to allow Envoy configuration errors +| `--allow-policy-errors`| The flag to allow policy configuration errors +| `initialDelaySeconds` | The time in seconds to wait after startup before executing the first readiness probe +| `periodSeconds` | The period in seconds between each readiness probe +| `failureThreshold` | The number of failed readiness probes before the Kubernetes readiness status is set to `false` +| `timeoutSeconds` | The time in seconds before the readiness probe times out +|=== ++ +To modify the default parameters, update your Helm chart. You can modify these parameters during or after the initial installation of the Helm chart. For more information about updating a Helm chart, see xref:flex-gateway-k8-change-helm-settings.adoc[]. ++ +The default Kubernetes readiness probe is configured to be error-tolerant. This enables Omni Gateway to scale even though there might be configuration errors. To learn more about error tolerance, see <>. ++ +NOTE: By default, Omni Gateways running in Kubernetes or Openshift use a readiness probe. If there's no API deployed to your Omni Gateway instance, the readiness state is `false`. This isn’t an issue with custom readiness probe configurations. + +Docker, Podman, and Linux:: ++ +For Docker and Linux deployments, Omni Gateway doesn't include a pre-configured default readiness probe. However, you can run the readiness probe command manually or configure it for automated use with external third-party services. Besides the Kubernetes readiness probe, MuleSoft doesn't provide support for third-party readiness probes. +==== + +=== Configure External Components + +Configure your external components to query the readiness state. For example, in AWS virtual machines that run behind a load balancer, configure the readiness query as a health check. To expose the readiness API to external components, apply the following configuration to the Omni Gateway instance: + +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: probe +spec: + probe: + enabled: true + port: 3000 +---- + +Applying the YAML configuration snippet enables the readiness API to respond to `GET` requests: + +`\http://:/probes/readiness?allowEnvoyErrors=&allowAPIErrors=&allowPolicyErrors=` + +[[configure-error-tolerance]] +=== Configure Error Tolerance + +You can configure the readiness probe error intolerant or error tolerant. For error-intolerant, misconfigured gateway instances never reach a readiness state of `true`. For error-tolerant deployments, if a configuration error occurs (for example, if you misconfigure a policy), the readiness state is still `true` after the API instances and policies are deployed. This enables Omni Gateway to scale even though there might be configuration errors. + +The readiness CLI command provides the following flags to configure error tolerance: + +* `--allow-api-errors` +* `--allow-envoy-errors` +* `--allow-policy-errors` + +In deployments that query the readiness state through HTTP requests to the readiness API, use these query parameters: + +* `allowEnvoyErrors=false` +* `allowAPIErrors=false` +* `allowPolicyErrors=false` + +=== Probe Readiness During Shutdown + +Readiness is also probed during shutdown, when the gateway sends a `Connection: close` header. A `SIGTERM` signal initiates a drain of downstream connections by signaling them to reconnect. The default drain period is 25 seconds, after which Omni Gateway exits gracefully. + +You can modify a drain period via the `FLEX_SERVICE_ENVOY_DRAIN_TIME` environment variable in Docker and Linux, or the `gateway.drainSeconds` option in a Kubernetes Helm chart. + +Omni Gateway is preconfigured for a graceful shutdown of 30 seconds, which is 5 seconds more than the drain period. When increasing the drain period, also increase the shutdown period using `TimeoutStopSec` in Linux or `terminationGracePeriodSeconds` in Kubernetes. The shutdown period must exceed the drain period. + +The default readiness probe in Kubernetes runs every 10 seconds with a failure threshold of 2, allowing shutdown detection within 20 seconds. This ensures that no new traffic is sent to the instance shutting down. Use similar configurations with readiness probes in other environments like AWS Load Balancer. + +[[configure-a-liveness-probe]] +== Configure a Liveness Probe + +To test whether an Omni Gateway instance is operational, use the following CLI command: + +[source,ssh] +---- +flexctl probe --check=liveness +---- + +If the Omni Gateway instance is operational, the command returns an exit code of `0`. Otherwise, the command returns an exit code of `1`. + +You can either run the liveness probe command manually, or configure the command to run automatically. By default, Omni Gateway Kubernetes deployments have an automatic liveness probe configured. The default probe periodically runs the liveness probe command and automatically restarts the Omni Gateway pod after a specified number of failures. + +Refer to the following for information about configuring liveness probes in specific environments: + +[tabs] +==== +Kubernetes and OpenShift:: ++ +By default, Omni Gateway running on Kubernetes includes a liveness probe configured in the Helm chart. The liveness probe automatically runs `flexctl probe --check=liveness` at an interval of 10 seconds and restarts non-operational pods after 5 failed tests. ++ +The liveness probe is configured by default with the following values: ++ +[source,helm] +---- +livenessProbe: + exec: + command: + - flexctl + - probe + - --check=liveness + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 5 + timeoutSeconds: 1 +---- ++ +[cols="1,2"] +|=== +| Parameter | Description +| `exec.command` | The liveness probe command +| `initialDelaySeconds` | The time in seconds to wait after startup before running the first liveness probe +| `periodSeconds` | The period in seconds between each liveness probe +| `failureThreshold` | The number of failed liveness probes before the Kubernetes pod is restarted +| `timeoutSeconds` | The time in seconds before the liveness probe times out +|=== ++ +To modify the default parameters, update your Helm chart. You can modify these parameters during or after the initial installation of the Helm chart. For more information about updating a Helm chart, see xref:flex-gateway-k8-change-helm-settings.adoc[]. + +Docker, Podman, and Linux:: ++ +For Docker and Linux deployments, Omni Gateway doesn't include a pre-configured default liveness probe. However, you can run the liveness probe command manually, or configure it for automated use with third-party services. Besides the Kubernetes liveness probe, MuleSoft doesn't provide support for third-party liveness probes. ++ +One method of running the liveness probe command with Docker is to configure `HEALTHCHECK` in your `docker run` command. For more information, see https://docs.docker.com/engine/reference/run/#healthcheck[Docker run HEALTHCHECK^]. +==== + +== See Also + +* https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/[Configure Liveness, Readiness, and Startup Probes^]. +* xref:policies-included-health-check.adoc[] + +//end::config-readiness-liveness-page-body[] diff --git a/gateway/1.13/modules/ROOT/pages/_partials/task-flex-add-tls-context.adoc b/gateway/1.13/modules/ROOT/pages/_partials/task-flex-add-tls-context.adoc new file mode 100644 index 000000000..6c790c236 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/task-flex-add-tls-context.adoc @@ -0,0 +1,126 @@ +//tag::intro1[] +Using encryption, Transport Layer Security (TLS) policies protect communication between clients, API instances, and upstream services. After you xref:anypoint-security::asm-secret-group-creation-task.adoc[create a secret group], you can add a TLS context or a mutual authentication TLS (mTLS) context and apply the TLS context to API instances in API Manager to encrypt their inbound and outbound traffic. + +//end::intro1[] + +//tag::byb[] + +== Before You Begin + +Before adding a TLS context to Omni Gateway, complete the following tasks: + +* xref:anypoint-security::asm-secret-group-creation-task.adoc[Create a Secret Group] ++ +When adding a secret group, refer to the <>. Depending on your desired configuration, either: ++ +** xref:asm-secret-group-creation-task.adoc#adding-a-keystore[Add a Keystore] +** xref:asm-secret-group-creation-task.adoc#adding-a-truststore[Add a Truststore] ++ +NOTE: Privacy Enhanced Mail (PEM) type is required for your Keystore or Truststore. + +//end::byb[] + +//tag::configurationOptions[] + +[[tls-configuration-options]] +== TLS Configuration Options +You can configure your TLS context to support regular TLS and mTLS in both the inbound and outbound direction. Depending on the desired configuration, you must add different certificate files to your secret group and select different TLS context configuration options. + +Refer to the following cross reference table for the required TLS context configuration settings you need in the <> step: + +[%header%autowidth.spread,cols="a,a,a,a,a"] +|=== +| Parameter | Inbound TLS | Inbound mTLS | Outbound TLS | Outbound mTLS +| *Keystore* | Required | Required | Not Used | Required +| *Truststore* | Not Used | Required | Required, unless skip server cert validation is selected | Required to validate upstream certificate +| *Validate Client certificate* | Not Selected | Selected | Not Used | Not Used +| *Skip server certificate validation* | Not Used | Not Used | Either | Not Selected +|=== + +A parameter that is "Not Used" for a configuration implies its status does not affect configuration. + +To simplify your configurations, you can create different TLS contexts for the different traffic directions of your API instance. However, you can also use the same TLS context to support different traffic directions, but you cannot support TLS and mTLS for the same direction using the same context. If you use the same TLS context for different directions, ensure you include the required parameters for both directions. + +//end::configurationOptions[] + +//tag::addContext[] + +[[add-a-tls-context]] +== Add a TLS Context for Omni Gateway + +Adding a TLS context to your secret group requires supplying a name, target, version, and a keystore or truststore. Optionally, you can add context expiration date and ALPN Protocols and configure the inbound and outbound settings. + +[WARNING] +==== +If you edit a secret group, including a TLS context, that is currently applied to an API instance, you must redeploy the API instance to apply the changes. You must individually redeploy all instances affected by the change. To redeploy API instances, see <>. +==== + +To add a TLS context: + +. Go to *Anypoint Platform > Secrets Manager*. +. Ensure your secret group is downloadable. This enables you to apply your TLS context to API instances. ++ +To ensure your secret group is downloadable: + +.. Click the pencil icon next to the name of your secret group. +.. If *Secret Group Downloadable* is selected, click *Cancel* +.. If *Secret Group Downloadable* is not selected, select it, then click *Save*. +. In the *Secret Groups* list view, click the *Edit* button of the secret group to add a TLS context. +. Select *TLS Context* in the menu on the left, and click *Add TLS Context*. +. In the Create TLS context screen, add the required information: ++ +* *Name* + +Enter a name for your TLS context. +* *Target* + +Select *Omni Gateway* to use the TLS context as the SSL validation for Omni Gateway APIs. +* *Min TLS Version* and *Max TLS Version* + +You can choose to support a range of TLS versions or a single version by selecting the same version for both the minimum and maximum. +* *Keystore* + +If necessary for your configuration, from the drop-down list, select the keystore to store in the TLS context. Only PEM type keystores are visible. The keystore contains the certificate Omni Gateway presents to the remote party for both inbound and outbound TLS. ++ +[NOTE] +==== +To comply with security standards, all certificates must be 2048 bits or longer. +==== +* *Truststore* + +If necessary for your configuration, from the drop-down list, select a truststore to store certificates trusted by the client. Only PEM type truststores are visible. The truststore contains the CA path that Omni uses to validate the remote party certificate for both inbound and outbound TLS. ++ +[NOTE] +==== +Upstream certificates must include the Subject Alternative Name (SAN) extension. The Common Name (CN) field is deprecated. + +Omni Gateway supports the SAN extension of type `dNSName`. +==== +* *Expiration Date* + +Optionally, enter an expiration date for the TLS context. +* *ALPN Protocols* + +By default, *H2 - HTTP/1.1* are the selected ALPN protocols. Change this value to support different protocols. +* *Inbound Settings* + +If you want to support mTLS for inbound traffic, select *Validate Client certificate*. +* *Outbound Settings* + +If you do not want support mTLS for outbound traffic, select *Skip server certificate validation*. + +. If you want to customize cipher support for your TLS context, <>. ++ +Cipher selection is not available if only supporting TLS version 1.3. +. Click *Save*. + +//end::addContext[] + + + +//tag::redeploy[] + +[[redeploy-api-instance]] +== Edit Secret Groups and Redeploy API Instances +To edit a secret group, see xref:anypoint-security::asm-secret-group-creation-task.adoc#edit-a-secret-group[Edit a Secret Group]. + +If you edit a secret group currently applied to an API instance, to apply the changes to the API instance, you must individually redeploy all instances the changes affect. + +To redeploy an API instance: + +. Go to *Anypoint Platform > API Manager*. +. Click the name of the API instance to redeploy. +. Click *Runtime & Endpoint Configuration > Save & Apply*. + +//end::redeploy[] diff --git a/gateway/1.13/modules/ROOT/pages/_partials/task-k8-node-affinity.adoc b/gateway/1.13/modules/ROOT/pages/_partials/task-k8-node-affinity.adoc new file mode 100644 index 000000000..707718fe1 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/task-k8-node-affinity.adoc @@ -0,0 +1,273 @@ +//START TAG: omni-node-affinity-intro +//tag::omni-node-affinity-intro[] +//= Select a Node for Omni Gateway Deployments on Kubernetes + +Omni Gateway is often critical to the performance and security of a cluster, so it is important to host it on a specialized node that meets specific requirements, instead of using the nodes that host other deployments. + +To enable the Kubernetes scheduler to select a suitable host node for a Pod that contains Omni Gateway, you can set custom node affinity rules in a YAML configuration file that incorporates the Pod's requirements into a Helm chart for your Omni Gateway deployment. For more information about node affinity, see the https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity[Kubernetes documentation^]. + +The high-level tasks for configuring node affinity follow: + +. Finding or creating the node labels to use when defining node affinity rules and conditions (see <>). +. Specifying requirements and preferences in a YAML configuration file for a node that hosts a Pod with a containerized Omni Gateway application (see <>). +. Upgrading your Helm chart with the YAML configuration (see <>). + +//end::omni-node-affinity-intro[] +//END TAG + +//// +//informational only: +//== Before You Begin +// +//Meet the Kubernetes and Helm version requirements described +//in xref:flex-review-prerequisites.adoc[]. +//// + +//START TAG: omni-node-affinity-list-labels +//tag::omni-node-affinity-list-labels[] +[[list_add_labels]] +== List and Create Node Labels + +Each node affinity rule requires the key of a node label and one or more of the label’s values. You can use existing node labels or create new ones. A node label is defined as a key-value pair. + +* To list a cluster's nodes and node labels, run: ++ +[source,kubernetes,subs=attributes+] +---- +kubectl get nodes --show-labels +---- + +* To create a label for a node in your cluster, run: ++ +[source,kubernetes,subs=attributes+] +---- +kubectl label nodes = +---- + +For related Kubernetes documentation, see https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/#add-a-label-to-a-node[Add a Label to a Node^]. +//end::omni-node-affinity-list-labels[] +//END TAG + + + +//New section +//START TAG +//tag::set-node-affinity[] +[[set_node_affinity]] +== Configure Rules for Matching a Node to a Pod for an Omni Gateway Container + +The Kubernetes scheduler can use node affinity rules to match nodes to Pods. The matching process enables the scheduler to select the node into which a Pod is deployed. + +Configure node affinity rules as required, preferred, or both: + +* `requiredDuringSchedulingIgnoredDuringExecution`: The node must match all node affinity rules configured for a Pod when the Kubernetes scheduler applies this type of matching. Otherwise, the deployment fails. +* `preferredDuringSchedulingIgnoredDuringExecution`: Based on weighted preferences set for a Pod, the Kubernetes scheduler selects the best matching node. The scheduler must select a node, so if no node matches any of the preferences, the scheduler selects a node that does not match. +//end::set-node-affinity[] +//END TAG + +//// +//just informational: +//For guidance, see the following configuration options: +// +//* <> +//* <> +//* <> +//// + + +//New section +//START TAG +//tag::omni-node-affinity-required-matching-intro[] +[[required_node_matching]] +=== Configure a Required Node Matching Rule for a Pod Containing Omni Gateway + +In required node matching, the node must meet all node affinity rules configured for a Pod. Otherwise, the deployment fails. +//end::omni-node-affinity-required-matching-intro[] +//END TAG + +//START TAG +//tag::omni-node-affinity-common-conditions[] +Configure a node affinity rule in the YAML configuration file for a Pod that contains Omni Gateway. Each condition to a rule requires a node label as a `key`, an operator, and one or more node label values to accept for a node with that key. For operators, you can use `In`, `NotIn`, `Exists`, `DoesNotExist`, `Gt`, and `Lt`. +//end::omni-node-affinity-common-conditions[] +//END TAG + +//START TAG +//tag::omni-node-affinity-required-matching-yaml[] +[source,yaml,subs=attributes+] +---- +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: + operator: + values: + - + # - Add any other node label values. + # - Add any other required conditions. +---- + +You can add as many values and conditions as the node requires. +//end::omni-node-affinity-required-matching-yaml[] +//END TAG +//// +// informational: +// After configuring the config file, proceed to <>. +//// + +//New section +//START TAG +//tag::omni-node-affinity-preferred-matching-intro[] +[[preferred_node_matching]] +=== Configure a Preferred Node Matching Rule for a Pod Containing Omni Gateway + +In preferred node matching, the Kubernetes scheduler selects a node based on weighted preferences. The scheduler must select a node, so if no node matches any preferences, the scheduler selects a node that does not match. + +//end::omni-node-affinity-preferred-matching-intro[] +//END TAG + +//// +// just informational: +// shared content from tag omni-node-affinity-common-conditions +//// + +//START TAG +//tag::omni-node-affinity-preferred-conditions[] +In addition, provide a `weight` value between `1` and `100` for each `preference` so that the Kubernetes scheduler can determine which rules are more important and select the best matching node. Matching is based on the sum of the weighted preferences that a node meets. The scheduler selects a node with the greatest total weight over other nodes of lesser weight. +//end::omni-node-affinity-preferred-conditions[] +//END TAG + +//START TAG +//tag::omni-node-affinity-preferred-matching-yaml[] +[source,yaml,subs=attributes+] +---- +affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: + preference: + matchExpressions: + - key: + operator: + values: + - + # - Add any other values. + - weight: + preference: + matchExpressions: + - key: + operator: + values: + - + # - Add any other node label values. + # - Add any other preferred conditions. + # - Any any more preferred rules. +---- + +You can add any number of preferred values, conditions, and rules. +//end::omni-node-affinity-preferred-matching-yaml[] +//END TAG +//// +// informational: +// After configuring the YAML file, proceed to <>. +//// + + + +//New section +//START TAG +//tag::omni-node-affinity-mixed-matching-intro[] +[[mixed_node_matching]] +=== Configure Required and Preferred Node Matching Rules for a Pod Containing Omni Gateway + +You can configure both types of node affinity (required and preferred) in the same YAML file. +//end::omni-node-affinity-mixed-matching-intro[] +//END TAG +//// +// just informational: +// The example combines the settings from <> and <>. +// tag for shared content from tag omni-node-affinity-common-conditions +// tag for shared content from tag omni-node-affinity-preferred-conditions +//// + +//START TAG +//tag::omni-node-affinity-mixed-matching-yaml[] +[source,yaml,subs=attributes+] +---- +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: + operator: + values: + - + # - Add any other node label values. + # - Add any other conditions. + preferredDuringSchedulingIgnoredDuringExecution: + - weight: + preference: + matchExpressions: + - key: + operator: + values: + - + # - Add any other node label values. + - weight: + preference: + matchExpressions: + - key: + operator: + values: + - + # - Add any other node label values. + # - Add any other preferred conditions. + # - Any any other preferred rules. +---- +//end::omni-node-affinity-mixed-matching-yaml[] +//END TAG +//// +// informational: +// After configuring the YAML file, proceed to <>. +//// + + + +//START TAG +//tag::upgrade-helm-chart[] +[[upgrade_helm_chart]] +== Upgrade the Helm Chart + +After adding the node affinity settings to your YAML configuration file, incorporate the file into the Helm chart for an Omni Gateway deployment so that the Kubernetes scheduler can use the setting. + +Use a `helm` command to incorporate the node affinity settings from your YAML configuration file into a Helm chart. The command to use depends on whether Omni Gateway is installed: + +* If you are installing Omni Gateway for the first time, use this command to set all values in the chart: ++ +[source,kubernetes,subs=attributes+] +---- +helm -n gateway upgrade -i --create-namespace \ +--wait ingress flex-gateway/flex-gateway \ +-f \ +--set-file registration.content= +---- ++ +Notice that the command passes the YAML file with the node affinity rules. + +* If Omni Gateway is installed already, use this command to reuse the chart's existing configuration and set the node affinity configuration: ++ +[source,kubernetes,subs=attributes+] +---- +helm -n gateway upgrade -i --create-namespace \ +--wait ingress flex-gateway/flex-gateway \ +--reuse-values -f +---- ++ +Notice that the command passes the YAML file with the node affinity rules. + +For information about the Helm command, see +https://helm.sh/docs/helm/helm_upgrade[Helm Upgrade^]. +//end::upgrade-helm-chart[] +//END TAG \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/_partials/task-reg-run-flex-gateway.adoc b/gateway/1.13/modules/ROOT/pages/_partials/task-reg-run-flex-gateway.adoc new file mode 100644 index 000000000..ae82efa9e --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/task-reg-run-flex-gateway.adoc @@ -0,0 +1,629 @@ +// partial for registering in connected/local modes with a username and password, connected app, or a token, in a Docker container or as a Linux service + +// tag::prerequisites-heading[] + +== Before You Begin + +Before registering Omni Gateway, you must complete the following tasks: +// end::prerequisites-heading[] +// tag::app-prerequisites[] + +* xref:access-management::connected-apps-developers.adoc#create-a-connected-app[Configure a Connected App] +** Include the following scopes: +*** Read Servers +*** Manage Servers +*** View Organization +** Save the *Id* and *Secret* of the Connected app you configure. + +// end::app-prerequisites[] +// tag::prerequisites[] + +* xref:flex-install.adoc[Install an Omni Gateway] +* Request _Manage Servers_ and _Read Servers_ permissions in Runtime Manager from your Anypoint Platform admin +* Collect the following information from your Anypoint Platform instance: +** The *Organization ID* for the organization where you want to run Omni Gateway ++ +See xref:access-management::organization.adoc#find-your-organization-id[Find your Organization ID] for more information on how to find your Organization ID. + +// end::prerequisites[] +// tag::environment-prerequisites[] + +** The *Environment ID* for the environment where you want to run Omni Gateway ++ +See xref:api-manager::latest-overview-concept.adoc#what-api-manager-looks-like[What API Manager Looks Like] +for more information on how to find your Environment ID. + +// end::environment-prerequisites[] +// tag::token-prerequisites[] + +** The registration *token* for the environment in Anypoint Platform where you want to run Omni Gateway ++ +Navigate to Runtime Manager, select *Omni Gateways* in the left navigation, and click *Add Gateway* +to generate set of instructions that includes a command block with the registration token. + +// end::token-prerequisites[] +// tag::user-prerequisites[] + +** The *Username* and *Password* of a user with _Read Servers_ and _Manage Servers_ permissions for Runtime Manager + +// end::user-prerequisites[] +// tag::app-container-heading[] +== Register and Run with a Connected App in a Container +// end::app-container-heading[] +// tag::user-container-heading[] +== Register and Run with a Username and Password in a Container +// end::user-container-heading[] +// tag::token-container-heading[] +== Register and Run with a Token in a Container +// end::token-container-heading[] +// tag::app-docker-heading[] +=== Register and Run with a Connected App in a Docker Container +// end::app-docker-heading[] +// tag::user-docker-heading[] +=== Register and Run with a Username and Password in a Docker Container +// end::user-docker-heading[] +// tag::token-docker-heading[] +=== Register and Run with a Token in a Docker Container +// end::token-docker-heading[] +// tag::app-podman-heading[] +=== Register and Run with a Connected App in a Podman Container +// end::app-podman-heading[] +// tag::user-podman-heading[] +=== Register and Run with a Username and Password in a Podman Container +// end::user-podman-heading[] +// tag::token-podman-heading[] +=== Register and Run with a Token in a Podman Container +// end::token-podman-heading[] +// tag::app-linux-heading[] +== Register and Run with a Connected App as a Linux Service +// end::app-linux-heading[] +// tag::user-linux-heading[] +== Register and Run with a Username and Password as a Linux Service +// end::user-linux-heading[] +// tag::token-linux-heading[] +== Register and Run with a Token as a Linux Service +// end::token-linux-heading[] +// tag::app-k8s-heading[] +== Register and Run with a Connected App in a Kubernetes Cluster +// end::app-k8s-heading[] +// tag::user-k8s-heading[] +== Register and Run with a Username and Password in a Kubernetes Cluster +// end::user-k8s-heading[] +// tag::token-k8s-heading[] +== Register and Run with a Token in a Kubernetes Cluster +// end::token-k8s-heading[] +// tag::app-openshift-heading[] +== Register and Run with a Connected App in an OpenShift Cluster +// end::app-openshift-heading[] +// tag::user-openshift-heading[] +== Register and Run with a Username and Password in an OpenShift Cluster +// end::user-openshift-heading[] +// tag::token-openshift-heading[] +== Register and Run with a Token in an OpenShift Cluster +// end::token-openshift-heading[] + +// tag::note-openshift-k8[] + +From the command line, OpenShift procedures match Kubernetes procedures. +// end::note-openshift-k8[] + +// logos and links to sections that _use anchors_ in install and reg/run pages +// tag::table-logos-links[] +[cols="1a,1a,1a,1a"] +|=== +|image:install-linux-logo.png[20%,20%,xref="#linux"] +|image:install-container-logo.png[25%,25%,xref="#container"] +|image:install-kubernetes-logo.png[20%,20%,xref="#kubernetes"] +|image:install-openshift-logo.png[20%,20%,xref="#openshift"] + +|<> +|<> +|<> +|<> +|=== +// end::table-logos-links[] + +// tag::table-containers-logos-heading[] +You can register and run Omni Gateway for use in one of the following containers: +// end::table-containers-logos-heading[] + +// tag::table-containers-logos-links[] +[cols="1a,1a"] +|=== +|image:install-docker-logo.png[15%,15%,xref="#docker"] +|image:install-podman-logo.png[12%,12%,xref="#podman"] + +|<> +|<> +|=== +// end::table-containers-logos-links[] + +// tag::reg-command-intro[] +To register an Omni Gateway with Anypoint Platform, you must enter the registration command and then the start command. Each command includes information specific to your Anypoint Platform instance and *must be updated before* executing. See <> for more information on how to find the information you will need. +// end::reg-command-intro[] +// +// tag::k8s-connected-intro[] + +In Connected Mode, Omni Gateway typically serves as an ingress or Edge API gateway that receives traffic from outside of the cluster. Omni Gateway can also act as a standalone gateway for internal (east-west) services. + +Most management takes place within Anypoint Platform: + +* Deploy APIs to your cluster. +* Apply policies and other configurations. +* Create resources (_with the exception_ of Configuration and Service resources). + +In Connected Mode, resource creation through `kubectl apply` is possible but restricted to the following resource types: +Configuration, Service, Extension, and PolicyBinding of types `tls`, `tls-inbound`, and `tls-outbound`. For more info about resources, see xref:flex-local-configuration-reference-guide.adoc[]. + +// end::k8s-connected-intro[] +// +// tag::k8s-local-intro[] + +In Local Mode, Omni Gateway typically acts as an ingress controller that manages external access to your cluster. Omni Gateway can also act as a standalone gateway for internal (east-west) traffic. + +When using this mode, you must know what resources to create and apply, and use `kubectl apply` to deploy Kubernetes targets and resources such as APIs, policies, or Omni Gateway-related resources to your gateway. + +Omni Gateway acts as an ingress controller when you apply an `Ingress` resource to configure gateway routing rules. You provide this configuration through a YAML file. The file supports other properties, such as `apiVersion`, `kind`, `metadata`, `spec` to configure a load balancer or proxy server, and `rules` for directing HTTP and HTTPS traffic. For more information about how Omni Gateway manages `Ingress` resources, see xref:flex-gateway-k8-ingress-class.adoc[]. + +// end::k8s-local-intro[] + +// tag::k8s-reg-command-intro[] +To register Omni Gateway with Anypoint Platform, run the Docker registration command with required options. After registering, use a Helm command to install the Helm chart for the registered gateway, and deploy the gateway to a cluster. The deployment process requires an existing cluster. See <> for more prerequisites to these procedures. +// end::k8s-reg-command-intro[] + +// tag::sub-coll-info[] + +=== Collect Your Registration Data + +Before registering your Omni Gateway instance, collect information for the following registration command options: + +// end::sub-coll-info[] +// tag::sub-coll-info-container[] + +==== Collect Your Registration Data + +Before registering your Omni Gateway instance, collect information for the following registration command options: + +// end::sub-coll-info-container[] +// tag::user-replace-content[] + +* `--username` = the username for an Anypoint Platform user with _Read Servers_ and _Manage Servers_ permissions for Runtime Manager +* `--password` = the password for an Anypoint Platform user with _Read Servers_ and _Manage Servers_ permissions for Runtime Manager +// end::user-replace-content[] +// tag::token-replace-content[] +* `--token` = the registration token for your environment in Anypoint Platform +// end::token-replace-content[] +// tag::app-replace-content[] + +* `--client-id` = the Id for the Connected App you configured in Access Management +* `--client-secret` = the Secret for the Connected App you configured in Access Management + +// end::app-replace-content[] +// tag::environment-replace-content[] + +* `--environment` = the Environment Id for the environment in Anypoint Platform where you want the Omni Gateway to run + +// end::environment-replace-content[] +// tag::replace-content[] + +* `--organization` = your Organization ID in Anypoint Platform + +* `--split` (optional) = the flag that determines whether registration information should split into multiple files. The default value is `false`. ++ +If `split` is set to `true`, registration information is split into two files: `registration.yaml` and `certificate.yaml`. If `false`, all registration information is contained in one file: `registration.yaml`. +* `--output-directory` (optional) = the directory in which registration information is output + +* `my-gateway` = the name you want to assign the gateway cluster + +// end::replace-content[] +// tag::reg-command-heading[] + +=== Register Omni Gateway + +Register your Omni Gateway instance using the data that you gathered for the command options. + +// end::reg-command-heading[] +// tag::reg-command-heading-container[] + +==== Register Omni Gateway + +Register your Omni Gateway instance using the data that you gathered for the command options. + +// end::reg-command-heading-container[] +// tag::reg-command-heading-intro[] + +You can register using one of the following container runtimes: + +// * <> +// * <> + +// end::reg-command-heading-intro[] +// tag::reg-command-openshift-heading-intro[] + +You can register using one of the following container runtimes: + +// * <> +// * <> + +// end::reg-command-openshift-heading-intro[] +// tag::docker-reg-command-heading-intro[] +// ==== Docker +Run the following command to register using Docker: + +// end::docker-reg-command-heading-intro[] +// tag::podman-reg-command-heading-intro[] +// ==== Podman +Run the following command to register using Podman: + +// end::podman-reg-command-heading-intro[] +// tag::docker-create-directory-note[] + +IMPORTANT: Create a new directory called `flex-registration` (or similar) and then run the registration command in this new directory. The command creates registration files in this location. + +// end::docker-create-directory-note[] +// tag::reg-command-1[] + +[source,ssh,subs=attributes+] +---- +# end::reg-command-1[] +# tag::docker-reg-command[] +docker run --entrypoint flexctl \ +-v "$(pwd)":/registration -u $UID mulesoft/flex-gateway \ +registration create \ +# end::docker-reg-command[] +# tag::podman-reg-command[] +podman run --entrypoint flexctl --userns=keep-id \ +-v "$(pwd)":/registration:Z -u $UID docker.io/mulesoft/flex-gateway \ +registration create \ +# end::podman-reg-command[] +# tag::linux-reg-command[] +flexctl registration create \ +# end::linux-reg-command[] +# tag::user-reg-command[] +--username= \ +--password= \ +# end::user-reg-command[] +# tag::app-reg-command[] +--client-id= \ +--client-secret= \ +# end::app-reg-command[] +# tag::environment-reg-command[] +--environment= \ +# end::environment-reg-command[] +# tag::token-reg-command[] +--token= \ +# end::token-reg-command[] +# tag::connected-reg-command[] +--connected=true \ +# end::connected-reg-command[] +# tag::organization-reg-command[] +--organization= \ +# end::organization-reg-command[] +# tag::output-reg-command-linux[] +--output-directory=/usr/local/share/mulesoft/flex-gateway/conf.d \ +# end::output-reg-command-linux[] +# tag::output-reg-command-docker[] +--output-directory=/registration \ +# end::output-reg-command-docker[] +# tag::reg-command-2[] +my-gateway +---- + +Use `sudo` if you encounter file permission issues when running this command. + +NOTE: If you are in Europe you will need to add the `--anypoint-url=https://eu1.anypoint.mulesoft.com` flag +to your command. + +// end::reg-command-2[] +// tag::after-reg[] +In the output directory, you should see the following new registration file(s): + +* `registration.yaml` +* `certificate.yaml` (generated only if the `split` registration parameter is set to `true`, otherwise certificate information will be contained in `registration.yaml`) + +IMPORTANT: These generated files are credentials for you to connect your Omni Gateway. If you lose them you +can no longer connect your Omni Gateway. +// end::after-reg[] +// tag::after-reg-2[] + +// end::after-reg-2[] +// tag::linux-after-reg[] + +// end::linux-after-reg[] +// tag::k8s-after-reg[] + +// end::k8s-after-reg[] +// tag::disconnected-after-reg[] +In Runtime Manager, click *← Omni Gateway* in the left navigation to find your gateway in the UI. Notice that your gateway's status is *Not Running*. Refresh the page, if necessary. +// end::disconnected-after-reg[] +// tag::start-command[] + +=== Start Command + +Run the following start command in the same directory where you ran the registration command: + +[source,ssh,subs=attributes+] +---- +docker run --rm \ +-v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \ +-p 8080:8080 \ +mulesoft/flex-gateway +---- +NOTE: Specify an optional name you want to assign to your Omni Replica by including the following: `-e FLEX_NAME= \`. +// end::start-command[] +// tag::start-command-container[] + +==== Start Command + +Run the following start command in the same directory where you ran the registration command: + +[source,ssh,subs=attributes+] +---- +docker run --rm \ +-v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \ +-p 8080:8080 \ +mulesoft/flex-gateway +---- +NOTE: Specify an optional name you want to assign to your Omni Replica by including the following: `-e FLEX_NAME= \`. +// end::start-command-container[] +// tag::podman-start-command[] + +==== Start Command + +Run the following start command in the same directory where you ran the registration command: + +[source,ssh,subs=attributes+] +---- +podman run --rm \ +-v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \ +-p 8080:8080 \ +docker.io/mulesoft/flex-gateway +---- +NOTE: Specify an optional name you want to assign to your Omni Replica by including the following: `-e FLEX_NAME= \`. +// end::podman-start-command[] +// tag::start-command-local-intro[] + +==== Start Command + +Run the following start command in the same directory where you ran the registration command: + +// end::start-command-local-intro[] +// tag::start-command-local[] + +[source,ssh,subs=attributes+] +---- +docker run --rm \ +-v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \ +-p 8080:8080 \ +mulesoft/flex-gateway +---- +NOTE: Specify an optional name you want to assign to your Omni Replica by including the following: `-e FLEX_NAME= \`. + +// end::start-command-local[] +// tag::podman-start-command-local[] + +[source,ssh,subs=attributes+] +---- +podman run --rm \ +-v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \ +-p 8080:8080 \ +docker.io/mulesoft/flex-gateway +---- +NOTE: Specify an optional name you want to assign to your Omni Replica by including the following: `-e FLEX_NAME= \`. + +// end::podman-start-command-local[] +// tag::start-command-local-valid[] +The output logs should include this line: + +[source,ssh] +---- +[flex-gateway-envoy][info] all dependencies initialized. starting workers +---- +// end::start-command-local-valid[] +// tag::create-config-folder-file[] + +// end::create-config-folder-file[] +// tag::config-content[] + +// end::config-content[] +// tag::linux-start-commands[] + +=== Start Commands + +Start Omni Gateway with the following command: + +[source,ssh] +---- +sudo systemctl start flex-gateway +---- + +Verify that the Omni Gateway service is running successfully: + +[source,ssh] +---- +systemctl list-units flex-gateway* +---- + +If `flex-gateway.service` has a status of `active`, Omni Gateway is successfully running. + +[source,text] +---- + UNIT LOAD ACTIVE SUB DESCRIPTION + flex-gateway.service loaded active running Application +---- + +// end::linux-start-commands[] +// tag::k8s-install-omni-helm-chart-title[] + +=== Install Helm Chart into the Namespace + +// end::k8s-install-omni-helm-chart-title[] +// tag::k8s-install-omni-helm-chart-intro-connected[] + +Register Omni Gateway, and then use Helm to deploy Omni Gateway to a node in your cluster and connect to Anypoint Platform. After deploying, use Runtime Manager to verify that the gateway is present and connected to Anypoint Platform. + +// end::k8s-install-omni-helm-chart-intro-connected[] +// tag::k8s-install-omni-helm-chart-intro-local[] + +Register Omni Gateway, and then use Helm to deploy Omni Gateway to a node in your cluster. +// end::k8s-install-omni-helm-chart-intro-local[] +// +// tag::k8s-omni-helm-chart[] +A Helm chart installs Omni Gateway, monitoring tools, and applications. +// end::k8s-omni-helm-chart[] +// +// tag::k8s-omni-helm-chart-add[] + +. Add a Helm repository named `flex-gateway` for your chart: ++ +[source,helm] +---- +helm repo add flex-gateway https://flex-packages.anypoint.mulesoft.com/helm +---- ++ +The command either adds the repository or skips this process if a Helm repository with that name already exists on your machine: ++ +* If the repository is new, the command returns the following message: ++ +---- +"flex-gateway" has been added to your repositories +---- ++ +* If the repository already exists, the command returns the following message: ++ +---- +"flex-gateway" already exists with the same configuration, skipping +---- + +. Run `helm repo up`. ++ +The command returns the following message: ++ +---- +Hang tight while we grab the latest from your chart repositories... +...Successfully got an update from the "flex-gateway" chart repository +Update Complete. ⎈Happy Helming!⎈ +---- ++ +If you have more than one Helm repository on your machine, the message in your terminal window lists all of the repositories. +// end::k8s-omni-helm-chart-add[] +// tag::k8s-omni-helm-chart-deploy[] +// PLEASE retain blank line before first step below + +. Run the Helm command for deploying your gateway in {reg-mode} Mode: ++ +[source,helm] +---- +helm -n gateway upgrade -i --create-namespace \ +ingress flex-gateway/flex-gateway \ +--set gateway.mode=connected \ +--set-file registration.content=registration.yaml +---- ++ +This command creates the `gateway` namespace and a release named `ingress` if they do not exist. You can use names of your choice for your namespace and release. The command syntax for the Helm repository and chart names is `/`. ++ +The command uses `--set gateway.mode=connected` because the default for the Helm chart is Local Mode. ++ +When you install Omni Gateway, a Service type `LoadBalancer` is created by default. You must have the appropriate permissions to create a load balancer in your cloud. If the load balancer is not provisioned or has issues with the provisioning process, you must choose another type by changing the `service.type` property during the installation. ++ +NOTE: By default, Omni Gateways running in Kubernetes or Openshift use a readiness probe. If there's no API deployed to your Omni Gateway instance, the readiness state is `false`. This isn’t an issue with custom readiness probe configurations. ++ +When successful, the command prints a message indicating an upgrade to your `ingress` release: ++ +---- +Release "ingress" does not exist. Installing it now. +NAME: ingress +LAST DEPLOYED: Mon Mar 20 21:36:19 2023 +NAMESPACE: gateway +STATUS: deployed +REVISION: 1 +TEST SUITE: None +---- ++ +The `REVISION` value increments the `ingress` release by `1` each time you run this command with the same namespace, repository, and chart names. For example, if you run the command a second time, you find a new revision number (`REVISION: 2`). The `LAST DEPLOYED` date reflects the date of that revision. +// do not add an empty new line here at end, please +// end::k8s-omni-helm-chart-deploy[] +// tag::k8s-omni-helm-chart-deploy-local[] +// PLEASE retain blank line before first step below + +. Run the Helm command for deploying your gateway in {reg-mode} Mode: ++ +[source,helm] +---- +helm -n gateway upgrade -i --create-namespace \ +ingress flex-gateway/flex-gateway \ +--set-file registration.content=registration.yaml +---- ++ +This command creates the `gateway` namespace and a release named `ingress` if they do not exist. You can use names of your choice for your namespace and release. The command syntax for the Helm repository and chart names is `/`. ++ +When you install Omni Gateway, a Service type `LoadBalancer` is created by default. You must have the appropriate permissions to create a load balancer in your cloud. If the load balancer is not provisioned or has issues with the provisioning process, you must choose another type by changing the `service.type` property during the installation. ++ +NOTE: By default, Omni Gateways running in Kubernetes or Openshift use a readiness probe. If there's no API deployed to your Omni Gateway instance, the readiness state is `false`. This isn’t an issue with custom readiness probe configurations. ++ +When successful, the command prints a message indicating an upgrade to your `ingress` release: ++ +---- +Release "ingress" does not exist. Installing it now. +NAME: ingress +LAST DEPLOYED: Mon Mar 20 21:36:19 2023 +NAMESPACE: gateway +STATUS: deployed +REVISION: 1 +TEST SUITE: None +---- ++ +The `REVISION` value increments the `ingress` release by `1` each time you run this command with the same namespace, repository, and chart names. For example, if you run the command a second time, you find a new revision number (`REVISION: 2`). The `LAST DEPLOYED` date reflects the date of that revision. +// do not add an empty new line here at end, please +// end::k8s-omni-helm-chart-deploy-local[] +// tag::gateway-connected[] + +In Runtime Manager, click *← Omni Gateway* in the left navigation to find your new gateway in the UI. Notice that your gateway's current status is *Running*. Refresh the page, if necessary. + +NOTE: After 30 days, a stopped or deleted gateway is removed from the Runtime Manager UI. Otherwise, the UI continues to list the gateway even if it is no longer running or connected. +// end::gateway-connected[] +// tag::helm-chart-options[] + +=== Helm Chart Settings + +To modify the default Helm settings with new values, such as `resource` values for CPU and memory settings, see xref:flex-gateway-k8-change-helm-settings.adoc[]. For additional Helm chart configurations, see xref:flex-gateway-k8-management.adoc[]. + +Before modifying a Helm chart for an Omni Gateway deployment, review the default Helm chart settings: + +* Open the *flex-gateway* page in https://artifacthub.io/packages/helm/flex-gateway/flex-gateway[ArtifactHUB^] +* Run `helm show values /` from a terminal window. ++ +.Example: +[source,kubernetes] +---- +helm show values flex-gateway/flex-gateway +---- ++ +The example returns _default_ values of a repository and chart with the same name. + +To view the Helm chart `README`, run `helm show readme /` from a terminal window. + +.Example: +[source,kubernetes] +---- +helm show readme flex-gateway/flex-gateway +---- + +// end::helm-chart-options[] + +// tag::links-to-openshift-reg-steps[] +Complete the following steps: + +. <> +. <> +. <> +// end::links-to-openshift-reg-steps[] +// +// tag::links-to-k8s-reg-steps[] + +Complete the following steps: + +. <> +. <> +. <> +// end::links-to-k8s-reg-steps[] diff --git a/gateway/1.13/modules/ROOT/pages/_partials/task-rep-run-flex-gateway.adoc b/gateway/1.13/modules/ROOT/pages/_partials/task-rep-run-flex-gateway.adoc new file mode 100644 index 000000000..7c55cb203 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/task-rep-run-flex-gateway.adoc @@ -0,0 +1,42 @@ +//tag::add-omni-intro[] +== Omni Replicas + +An Omni Replica is an instance of Omni Gateway. Setting up your gateway layer with multiple Omni Gateway replicas enables the APIs deployed on Omni Gateway to serve more traffic. + +When using Omni Gateway to manage APIs in production, configure more than one Omni Replica to avoid a single point of failure. Running multiple Omni Replicas also increases performance if your API service receives a significant amount of traffic. +//end::add-omni-intro[] + +//tag::add-omni-rep-byb[] +== Before You Begin + +Before getting started, ensure you have completed the following tasks: + +* xref:flex-install.adoc[Install an Omni Gateway] +//end::add-omni-rep-byb[] +//tag::add-omni-rep-byb-conn[] +* xref:flex-conn-reg-run.adoc[Register and Run in Connected Mode] +//end::add-omni-rep-byb-conn[] +//tag::add-omni-rep-byb-local[] +* xref:flex-local-reg-run.adoc[Register and Run in Local Mode] +//end::add-omni-rep-byb-local[] +//tag::add-omni-rep1[] + +== Add an Omni Replica as a Linux Service + +Adding an Omni Replica as a Linux Service includes the following tasks: + +* Copy and paste the registration file created during registration to your Linux machine or VM. +* Run the Omni Gateway start command. + +=== Copy the Registration File + +Copy the `registration.yaml` file to the following location on your Linux machine or VM: + +* `/usr/local/share/mulesoft/flex-gateway/conf.d` + +//end::add-omni-rep1[] +//tag::add-omni-rep2[] + +Now if you check in Runtime Manager after clicking *Omni Gateway* in the left navigation, your Omni Gateway will have an additional replica listed. You may need to refresh the page. + +//end::add-omni-rep2[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/_partials/task-shared-storage-config.adoc b/gateway/1.13/modules/ROOT/pages/_partials/task-shared-storage-config.adoc new file mode 100644 index 000000000..c1a5cf8d1 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/task-shared-storage-config.adoc @@ -0,0 +1,221 @@ +//tag::intro1[] +Enable shared storage for distributed caching, gateway configuration caching (Connected Mode), and rate limiting policies. Redis also provides extra memory for caching. + +Production workflows should use https://redis.io/[Redis^]. If Redis is not defined, shared storage services at port 4000 are still available but use an in-memory implementation. You must configure Redis for distributed policies to share data. All other policies use replica memory for storage. + +//end::intro1[] +//tag::intro2[] +You configure shared storage via a custom YAML file. + +The following steps demonstrate Redis-based storage support for Omni Gateway running in a Docker container, as a Linux Service, +or as a Kubernetes cluster. + +To configure Redis Sentinel or a TLS connection to your Redis shared storage, refer to: + +* <> +* <> +//end::intro2[] +//tag::icon-table[] + +[cols="1a,1a,1a"] +|=== +|image:install-linux-logo.png[20%,20%,xref="#linux"] +|image:install-docker-logo.png[25%,25%,xref="#docker"] +|image:install-kubernetes-logo.png[20%,20%,xref="#kubernetes"] + +|<> +|<> +|<> +|=== + +//end::icon-table[] +//tag::byb[] + +== Before You Begin + +Before configuring shared storage for Omni Gateway, complete the following tasks: + +. xref:flex-install.adoc[Download Omni Gateway] +. xref:flex-{page-mode}-reg-run.adoc[Register and Run Omni Gateway] + +//end::byb[] +//tag::linux[] + +[[linux]] +== Configure Shared Storage for Omni Gateway as a Linux Service + +. Create a folder in the `/etc/mulesoft/flex-gateway/conf.d` directory and name it `custom`: ++ +[source,ssh] +---- +sudo mkdir /etc/mulesoft/flex-gateway/conf.d/custom +---- + +. Create a YAML configuration file in the `custom` folder: ++ +[source,ssh] +---- +sudo touch /etc/mulesoft/flex-gateway/conf.d/custom/shared-storage-config.yaml +---- + +. Update the file with your Redis storage configuration details. For example: ++ +[source,ssh] +---- +sudo vi /etc/mulesoft/flex-gateway/conf.d/custom/shared-storage-config.yaml +---- ++ +//end::linux[] +//tag::docker-intro[] + +[[docker]] +== Configure Shared Storage for Omni Gateway in a Docker Container + +NOTE: If you have already added a volume for a folder with your +Omni Gateway configuration files, skip to the last step. + +. Stop your Omni Gateway and any replicas. +. Create a folder named `app` in the directory with your Omni Gateway configuration files. +. Restart your Omni Gateway with an additional volume for the new `app` directory: +//end::docker-intro[] + +//tag::docker-config-file-step[] +. Create and save a YAML configuration file in your `app` folder with your shared storage details. ++ +//end::docker-config-file-step[] +//tag::k8s[] + +[[kubernetes]] +== Configure Shared Storage for Omni Gateway in a Kubernetes Cluster + +To configure shared storage for Omni Gateway, create a new resource using +a YAML configuration file with your storage details. + +//end::k8s[] +//tag::sample-config-all-intro[] +Sample configuration for adding Redis-based shared storage: +//end::sample-config-all-intro[] +//tag::sample-config-all[] +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: shared-storage-redis +spec: + sharedStorage: + redis: + address: redis.e-commerce.svc:6379 + username: ecomm-user + password: ecomm-pwd-123 + DB: 7 +---- +//end::sample-config-all[] + +//tag::sentinel-intro[] +[[redis-sentinel]] +== Configure Redis Sentinel + +Redis Sentinel provides high availability for Redis shared storage. For more information about Redis Sentinel, refer to https://redis.io/docs/management/sentinel/[Redi Sentinel^]. + +Configure Redis Sentinel using the steps described in the previous sections. + +Sample configuration for adding Redis Sentinel: +//end::sentinel-intro[] + +//tag::sentinel-sample-config[] +[source, yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: shared-storage + namespace: test-ns +spec: + sharedStorage: + redis: + username: "user" + password: "pass" + sentinel: + addresses: + - internal.redis.com:6379 + masterName: "name" + password: "pass" + db: 0 +---- +//end::sentinel-sample-config[] + +//tag::tls-intro[] +[[redis-tls]] +== Configure TLS for Redis-Based Shared Storage + +Use TLS with Redis to ensure data security between Omni Gateway and the Redis instance. Configuring TLS enables you to protect sensitive data, prevent unauthorized access, and maintain the reliability of your services. Additionally, configuring TLS helps organizations meet compliance requirements and build trust with users. + +TLS works with both Redis and Redis Sentinel. + +Configure TLS for Redis-based shared storage using the steps described in the previous sections. + +Sample configuration for adding Redis-based shared storage with TLS: +//end::tls-intro[] + +//tag::tls-sample-config[] +[source, yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: shared-storage-redis +spec: + sharedStorage: + redis: + address: internal.redis.com:6379 + tls: + skipValidation: false + minVersion: "1.1" + maxVersion: "1.3" + alpn: + - h2 + - http/1.1 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - TLS_RSA_WITH_3DES_EDE_CBC_SHA + - TLS_RSA_WITH_AES_128_CBC_SHA + - TLS_RSA_WITH_AES_256_CBC_SHA + - TLS_RSA_WITH_AES_128_CBC_SHA256 + - TLS_RSA_WITH_AES_128_GCM_SHA256 + - TLS_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + trustedCA: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + + certificate: + keyPassphrase: "****" + key: | + -----BEGIN RSA PRIVATE KEY----- + ... + -----END RSA PRIVATE KEY----- + + crt: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + +---- +//end::tls-sample-config[] + +//tag::tls-more-information[] +For information about configuration parameters, see the xref:flex-local-configuration-reference-guide.adoc#shared-storage[Declarative Configuration Reference (Shared Storage)]. +//end::tls-more-information[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/_partials/task-tls-config.adoc b/gateway/1.13/modules/ROOT/pages/_partials/task-tls-config.adoc new file mode 100644 index 000000000..784151703 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/task-tls-config.adoc @@ -0,0 +1,433 @@ +//tag::intro1[] +Using encryption, Transport Layer Security (TLS) policies protect communication between clients, API instances, and upstream services. To use TLS when creating an API instance using Omni Gateway in Local Mode as your runtime, you must configure the TLS context in a `PolicyBinding` YAML configuration file. + +When you add a TLS context, you can also select the ciphers to use with the TLS context and configure different inbound and outbound validation settings. + +//end::intro1[] + +//tag::intro2[] +Omni Gateway supports the following: + +* Regular TLS between a client and the API instance (HTTPS), referred to as inbound TLS +* Regular TLS between an API instance and an upstream service, referred to as outbound TLS +* Mutual authentication TLS (mTLS) in both the inbound and outbound direction + +//end::intro2[] + +//tag::defaultOutboundTLS[] +By default, Omni Gateway supports outbound TLS to communicate with upstream services that require a secure communication channel. For default outbound communication, Omni Gateway uses only TLS 1.2. To find the default TLS 1.2 ciphers, see <>. To find the ciphers, see <>. Applying a TLS context to an upstream overrides the default TLS context for that upstream. Because the default ciphers may change for later Omni Gateway versions, you can apply a TLS context to an upstream to ensure it remains the same. + +//end::defaultOutboundTLS[] + +//tag::intro3[] +The following tutorials demonstrate how to apply a configured `PolicyBinding` resource. For how to configure the resource, see the policy configuration pages: + +* xref:policies-included-tls.adoc[Transport Layer Security Policy - Inbound] +* xref:policies-included-tls-outbound.adoc[Transport Layer Security Policy - Outbound] + +//end::intro3[] + +//tag::resources[] +For inbound TLS, you bind the policy resource to the API instance. For outbound TLS, you bind the policy resource to the upstream service. + +//end::resources[] + +//tag::port-sharing-inbound[] +Omni Gateway implements port-level inbound TLS, meaning if you apply an inbound TLS to an API instance that shares a port with other instances, the same inbound TLS context is applied to all instances sharing the port. Omni Gateway supports multiple TLS certificates on a single gateway, but you must apply the certificates to unique ports. If you apply inbound TLS to one API instance, you do not need to apply the same inbound TLS context to instances that share that port. Consequently, you cannot apply different inbound TLS contexts to API instances that share the same port. + +Port sharing is not a concern for outbound TLS. You can apply an outbound TLS context for each individual upstream service. + +//end::port-sharing-inbound[] + +//tag::outboundAllInstances[] +Unlike inbound TLS, it is not suggested to apply the same outbound TLS context to all API instances in your Omni Gateway because your API upstream services might come from different providers. Therefore, no configuration example for outbound TLS on all instances is provided. + +Port sharing is not a concern for outbound TLS. You can apply an outbound TLS context for each individual upstream service. + +//end::outboundAllInstances[] + +//tag::intro4[] +You can configure the TLS context for an Omni Gateway running in a Docker container, as a Linux Service, +or in a Kubernetes cluster. + +//end::intro4[] + +//tag::icon-table[] + +[cols="1a,1a,1a"] +|=== +|image:install-linux-logo.png[20%,20%,xref="flex-{page-mode}-tls-config.adoc#linux"] +|image:install-docker-logo.png[25%,25%,xref="flex-{page-mode}-tls-config.adoc#docker"] +|image:install-kubernetes-logo.png[20%,20%,xref="flex-{page-mode}-tls-config.adoc#kubernetes"] + +|xref:flex-{page-mode}-tls-config.adoc#linux[Configure TLS Context for Omni Gateway as a Linux Service] +|xref:flex-{page-mode}-tls-config.adoc#docker[Configure TLS Context for Omni Gateway in a Docker Container] +|xref:flex-{page-mode}-tls-config.adoc#kubernetes[Configure TLS Context for Omni Gateway in a Kubernetes Cluster] +|=== + +//end::icon-table[] +//tag::byb[] + +== Before You Begin + +Before configuring the TLS context for an Omni Gateway, you must complete the following tasks: + +* xref:flex-install.adoc[Download Omni Gateway] +* xref:flex-{page-mode}-reg-run.adoc[Register and Run Omni Gateway] + +//end::byb[] +//tag::linux[] + +[[linux]] +== Configure TLS Context for Omni Gateway as a Linux Service + +. Create a YAML configuration file in the Omni Gateway configuration directory: ++ +[source,ssh] +---- +sudo touch /usr/local/share/mulesoft/flex-gateway/conf.d/tls-config.yaml +---- + +. Update the file with your TLS context configuration details. For example: ++ +[source,ssh] +---- +sudo vi /usr/local/share/mulesoft/flex-gateway/conf.d/tls-config.yaml +---- ++ +The following configuration file only applies inbound TLS to one API instance. For all configuration file options, such as mTLS and outbound TLS, see: ++ +* xref:policies-included-tls.adoc[Transport Layer Security Policy - Inbound] +* xref:policies-included-tls-outbound.adoc[Transport Layer Security Policy - Outbound] ++ +//end::linux[] +//tag::docker-intro[] + +[[docker]] +== Configure TLS Context for Omni Gateway in a Docker Container + +NOTE: If you have already added volume for a folder with your +Omni Gateway configuration files, skip to the last step. + +. Press Ctrl+C to stop your Omni Gateway and any replicas. +. Create a folder named `app` in the directory with your Omni Gateway configuration files. +. Restart your Omni Gateway with an additional volume for the new `app` directory: +//end::docker-intro[] + +//tag::docker-config-file-step[] +. Create and save a YAML configuration file in your `app` folder with your TLS context details. ++ +The following configuration file only applies inbound TLS to one API instance. For all configuration file options, such as mTLS and outbound TLS, see: ++ +* xref:policies-included-tls.adoc[Transport Layer Security Policy - Inbound] +* xref:policies-included-tls-outbound.adoc[Transport Layer Security Policy - Outbound] +//end::docker-config-file-step[] + +//tag::k8s-intro[] + +[[kubernetes]] +== Configure TLS Context for Omni Gateway in a Kubernetes Cluster + +To configure the TLS context for Omni Gateway, create a new resource using +a YAML configuration file with your TLS context details. + +The following configuration file only applies inbound TLS to one API instance. For all configuration file options, such as mTLS and outbound TLS, see: + +* xref:policies-included-tls.adoc[Transport Layer Security Policy - Inbound] +* xref:policies-included-tls-outbound.adoc[Transport Layer Security Policy - Outbound] + +//end::k8s-intro[] + +//tag::sample-config-all-intro[] +*Sample configuration for adding inbound TLS context for all API instances running on this Omni Gateway:* +//end::sample-config-all-intro[] +//tag::sample-config-all[] +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: ingress-https-tls +spec: + targetRef: + kind: Selector + selector: + kind: ApiInstance + policyRef: + name: tls + config: + certificate: + key: | + # -----BEGIN PRIVATE KEY----- + # insert certificate key + # -----END PRIVATE KEY----- + crt: | + # -----BEGIN CERTIFICATE----- + # insert certificate + # -----END CERTIFICATE----- + alpn: + - http/1.1 + - h2 + minversion: "1.1" + maxversion: "1.3" + ciphers: + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + - TLS_RSA_WITH_AES_128_GCM_SHA256 + - TLS_RSA_WITH_AES_128_CBC_SHA + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + - TLS_RSA_WITH_AES_256_GCM_SHA384 + - TLS_RSA_WITH_AES_256_CBC_SHA +---- +//end::sample-config-all[] +//tag::sample-config-instance-intro[] +*Sample configuration for adding inbound TLS context for a specific API instance:* +//end::sample-config-instance-intro[] +//tag::sample-config-instance[] +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: ingress-https-tls +spec: + targetRef: + kind: ApiInstance + name: ingress-https + policyRef: + name: tls + config: + certificate: + key: | + # -----BEGIN PRIVATE KEY----- + # insert certificate key + # -----END PRIVATE KEY----- + crt: | + # -----BEGIN CERTIFICATE----- + # insert certificate + # -----END CERTIFICATE----- + alpn: + - http/1.1 + - h2 + minversion: "1.1" + maxversion: "1.3" + ciphers: + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + - TLS_RSA_WITH_AES_128_GCM_SHA256 + - TLS_RSA_WITH_AES_128_CBC_SHA + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + - TLS_RSA_WITH_AES_256_GCM_SHA384 + - TLS_RSA_WITH_AES_256_CBC_SHA +---- +//end::sample-config-instance[] + +//tag::sample-config-mtls-intro[] +*Sample configuration for adding an inbound mTLS context for a specific API instance:* +//end::sample-config-mtls-intro[] +//tag::sample-config-mtls[] +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: mtls +spec: + targetRef: + name: ingress-https + policyRef: + name: tls + config: + requireClientCertificate: true + trustedCA: | + # -----BEGIN CERTIFICATE----- + # insert certificate + # -----END CERTIFICATE----- + certificate: + key: | + # -----BEGIN RSA PRIVATE KEY----- + # insert private key + # -----END RSA PRIVATE KEY----- + crt: | + # -----BEGIN CERTIFICATE----- + # insert certificate + # -----END CERTIFICATE----- +---- + +This example uses the default values for `alpn`, `minversion`, `maxversion`, and `ciphers`. +//end::sample-config-mtls[] + + +//tag::sample-config-outbound-instance-intro[] +*Sample configuration for adding outbound TLS context for a specific upstream service:* +//end::sample-config-outbound-instance-intro[] +//tag::sample-config-outbound-instance[] +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: tls-outbound +spec: + targetRef: + kind: Service + name: ingress-test-outbound-upstream + policyRef: + name: tls-outbound + config: + skipValidation: true + certificate: + key: | + # -----BEGIN PRIVATE KEY----- + # insert certificate key + # -----END PRIVATE KEY----- + crt: | + # -----BEGIN CERTIFICATE----- + # insert certificate + # -----END CERTIFICATE----- +---- + +This example uses the default values for `alpn`, `minversion`, `maxversion`, and `ciphers`. +//end::sample-config-outbound-instance[] + +//tag::sample-config-mtls-outbound-intro[] +*Sample configuration for adding outbound mTLS context for a specific upstream service:* +//end::sample-config-mtls-outbound-intro[] +//tag::sample-config-mtls-outbound[] +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: mtls-outbound +spec: + targetRef: + kind: Service + name: ingress-test-outbound-upstream + policyRef: + name: tls-outbound + config: + skipValidation: false + trustedCA: | + # -----BEGIN CERTIFICATE----- + # insert certificate + # -----END CERTIFICATE----- + certificate: + key: | + # -----BEGIN PRIVATE KEY----- + # insert certificate key + # -----END PRIVATE KEY----- + crt: | + # -----BEGIN CERTIFICATE----- + # insert certificate + # -----END CERTIFICATE----- + alpn: + - http/1.1 + - h2 + minversion: "1.1" + maxversion: "1.3" + ciphers: + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +---- +//end::sample-config-mtls-outbound[] + +//tag::verify-config[] +. Verify that the policy was correctly applied. ++ +The following example `curl` command tests an HTTPS endpoint with a certificate that matches the certificate specified in the policy binding configuration resource. ++ +[source,ssh] +---- +curl https://:/get --cacert -v +---- ++ +The command should return information on the TLS handshake, as well as an HTTP status of `200` for the endpoint: ++ +---- +* TLSv1.3 (OUT), TLS handshake, Client hello (1): +* TLSv1.3 (IN), TLS handshake, Server hello (2): +* TLSv1.2 (IN), TLS handshake, Certificate (11): +* TLSv1.2 (IN), TLS handshake, Server key exchange (12): +* TLSv1.2 (IN), TLS handshake, Server finished (14): +* TLSv1.2 (OUT), TLS handshake, Client key exchange (16): +* TLSv1.2 (OUT), TLS change cipher, Client hello (1): +* TLSv1.2 (OUT), TLS handshake, Finished (20): +* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305 +* ALPN, server did not agree to a protocol +... +> HTTP/1.1 200 OK +---- ++ +For inbound mTLS, the following example `curl` command requests an API proxy whose basepath is `/`. ++ +[source,ssh] +---- +curl https://:/get \ +--cert \ +--key \ +--cacert \ +--resolve ::127.0.0.1 -v +---- ++ +[NOTE] +==== +The configuration `key` and `crt` values must be correctly indented, otherwise `curl` returns the following error when attempting to test the endpoint: +---- +curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number +---- +==== +//end::verify-config[] + +//tag::config-ref[] +See xref:policies-included-tls.adoc[] for more information about inbound TLS context configuration options. See xref:policies-included-tls-outbound.adoc[] for more information about outbound TLS context configuration options. + +[NOTE] +==== +Omni Gateway supports multiple TLS certificates on a single gateway, but the certificates need to be applied on unique ports. +==== + +[NOTE] +==== +Policy ordering cannot be applied to the Transport Layer Security policies. +==== +//end::config-ref[] + +//tag::openssl-standards[] +[NOTE] +==== +To comply with security standards, all certificates must be 2048 bits or longer. +==== +//end::openssl-standards[] + +//tag::aia-support[] +[NOTE] +==== +The Authority Information Access (AIA) certificate extension is not supported when configuring outbound TLS contexts. +==== +//end::aia-support[] + +//tag::share-contexts[] +[NOTE] +==== +Outbound TLS configuration is the same for Managed Omni Gateway and Self-Managed Omni Gateway running in Connected Mode. You can use the same TLS contexts across both modes. +==== +//end::share-contexts[] diff --git a/gateway/1.13/modules/ROOT/pages/_partials/timeout-configuration.adoc b/gateway/1.13/modules/ROOT/pages/_partials/timeout-configuration.adoc new file mode 100644 index 000000000..4d8524534 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/timeout-configuration.adoc @@ -0,0 +1,77 @@ +//tag::timeout-types[] +Omni Gateway offers these timeouts to improve service quality and reduce computing resource waste: + +* *Stream Idle Timeout* + +The Stream Idle Timeout enables you to set a maximum amount of a time a stream can remain idle without receiving any data in either the inbound (client to Omni Gateway) or outbound (Omni Gateway to upstream service) direction. ++ +By default, all Omni Gateway API instances have a stream timeout of 300 seconds. + +* *Upstream Idle Timeout* + +The Upstream Idle Timeout enables you to set a maximum amount of time a stream between Omni Gateway and the upstream service can remain idle between requests. ++ +By default, all Omni Gateway API instances have an upstream idle timeout of 60 seconds. + +* *Response Timeout* + +The Response Timeout enables you to set a maximum amount of a time Omni Gateway waits for a response from an upstream service. The timeout time starts at the last request sent by Omni Gateway. ++ +By default, all Omni Gateway API instances have a response timeout of 15 seconds. +//end::timeout-types[] + +//tag::timeout-runtime-manager[] +== Configure Timeouts in Runtime Manager + +. In Anypoint Platform, select *Runtime Manager*. +. Select *Omni Gateways*. +. Select your Omni Gateway. +. Open *Runtime Configurations*. +. Open *Timeouts*. +. Set values for *Stream Idle Timeout*, *Upstream Connection Idle Timeout*, and *Upstream Response Timeout*. +. Apply the changes. + +//end::timeout-runtime-manager[] + +//tag::timeout-configuration-env-var[] +== Configure Timeouts via Environment Variables + +Configure timeouts with these environment variables: + +---- +FLEX_STREAM_IDLE_TIMEOUT_SECONDS: 300 +FLEX_UPSTREAM_CONNECTION_IDLE_TIMEOUT_SECONDS/FLEX_CONNECTION_IDLE_TIMEOUT_SECONDS: 60 +FLEX_UPSTREAM_RESPONSE_TIMEOUT_SECONDS: 15 +---- + +Edit the variables with your desired configurations. + +//end::timeout-configuration-env-var[] + +//tag::timeout-configuration-yaml[] +== Configure Timeouts via YAML Configuration Resources + +Edit and then apply this configuration resource to update your timeouts: + +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: timeouts-config +spec: + timeouts: + upstreamConnectionIdleSeconds: 300 + upstreamResponseSeconds: 15 + streamIdleSeconds: 60 +---- + +//end::timeout-configuration-yaml[] + +//tag::timeout-configuration-policies[] +== Configure Timeouts via Policies + +Apply these policies to your API instance or upstream service: + +* xref:policies-included-stream-idle-timeout.adoc[] +* xref:policies-outbound-upstream-idle-timeout.adoc[] +* xref:policies-included-response-timeout.adoc[] + +//end::timeout-configuration-policies[] diff --git a/gateway/1.13/modules/ROOT/pages/_partials/tracing-configuration.adoc b/gateway/1.13/modules/ROOT/pages/_partials/tracing-configuration.adoc new file mode 100644 index 000000000..aab92a295 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/tracing-configuration.adoc @@ -0,0 +1,5 @@ +== Configure Distributed Tracing For Specific APIs + +You can override the globally configured distributed tracing settings by applying the Tracing Policy to specific APIs. You must first enable and configure distributed tracing for the gateway. You can then apply this policy to the APIs you want to instrument: + +* xref:policies-included-tracing.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/_partials/tracing-export.adoc b/gateway/1.13/modules/ROOT/pages/_partials/tracing-export.adoc new file mode 100644 index 000000000..0373b7dba --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/tracing-export.adoc @@ -0,0 +1,144 @@ +//tag::telemtery-exporter[] +[[export-otel-traces-from-monitoring-telemetry-exporter]] +== Export traces from the Anypoint Monitoring Telemetry Exporter + +To export traces to third party providers using the Anypoint Monitoring Telemetry Exporter, see xref:monitoring::telemetry-exporter.adoc[How to export telemetry data to third-party monitoring systems]. + +//end::telemtery-exporter[] + +//tag::telemtery-exporter-note[] + +To export traces using the Anypoint Monitoring Telemetry Exporter, first configure the Telemetry Exporter in Anypoint Monitoring. + +//end::telemtery-exporter-note[] + +//tag::export-anypoint[] +[[export-traces-to-anypoint-monitoring]] +== Export Traces to Anypoint Monitoring + +Edit and then apply this configuration resource to enable distributed tracing. This configuration resource applies to all API instances. +This example sets sampling to 0% for all traces, and sampling is configured on a per-API basis using policies. + +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1beta1 +kind: Configuration +metadata: + name: tracing + namespace: test-ns +spec: + tracing: + provider: + type: anypoint + properties: + timeout: 10s + sampling: + client: 0 + random: 0 + overall: 0 + labels: + - name: c-env-tag + type: environment + keyName: FLEX_NAME + defaultValue: DEFAULT_VAL + - name: c-header-tag + type: requestHeader + keyName: :method + defaultValue: DEFAULT_METHOD + - name: c-literal-tag + type: literal + defaultValue: the-tag +---- + +//end::export-anypoint[] + +//tag::export-grpc[] +[[export-traces-to-a-grpc-open-telemetry-endpoint]] +== Export Traces to a gRPC OpenTelemetry Endpoint + +To configure OpenTelemetry tracing with a gRPC endpoint in Omni, use the following YAML configuration as an example: + +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1beta1 +kind: Configuration +metadata: + name: tracing + namespace: test-ns +spec: + tracing: + provider: + type: opentelemetry + properties: + address: h2://splunk-otel-collector-agent.default.svc.cluster.local:4317 + serviceType: grpc + serviceName: my-flex-name + timeout: 10s + resourceAttributes: + any-key: any-value + sampling: + client: 100 + random: 100 + overall: 100 + labels: + - name: c-env-tag + type: environment + keyName: FLEX_NAME + defaultValue: DEFAULT_VAL + - name: c-header-tag + type: requestHeader + keyName: :method + defaultValue: DEFAULT_METHOD + - name: c-literal-tag + type: literal + defaultValue: the-tag +---- + +//end::export-grpc[] + +//tag::export-http[] +[[export-traces-to-a-http-open-telemetry-endpoint]] +== Export Traces to a HTTP OpenTelemetry Endpoint + +To configure OpenTelemetry tracing with a HTTP endpoint, use the following YAML configuration as an example: + +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1beta1 +kind: Configuration +metadata: + name: tracing + namespace: test-ns +spec: + tracing: + provider: + type: opentelemetry + properties: + address: http://opentelemetry:4318 + tracesUri: http://opentelemetry:4318/v1/traces + serviceType: http + serviceName: the-name + timeout: 10s + httpHeaders: + auth: samething + resourceAttributes: + nay-key: nay-value + sampling: + client: 100 + random: 100 + overall: 100 + labels: + - name: c-env-tag + type: environment + keyName: FLEX_NAME + defaultValue: DEFAULT_VAL + - name: c-header-tag + type: requestHeader + keyName: :method + defaultValue: DEFAULT_METHOD + - name: c-literal-tag + type: literal + defaultValue: the-tag +---- + +//end::export-http[] diff --git a/gateway/1.13/modules/ROOT/pages/_partials/tracing-support.adoc b/gateway/1.13/modules/ROOT/pages/_partials/tracing-support.adoc new file mode 100644 index 000000000..7dfe67b86 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/tracing-support.adoc @@ -0,0 +1,13 @@ +OpenTelemetry provides a unified standard for instrumenting, generating, collecting, and exporting telemetry data across distributed systems. Omni Gateway supports OpenTelemetry, enabling you to configure the generation of distributed tracing data for all API traffic managed by the gateway. This integration delivers deep visibility into API request flows, making it easier to analyze system behavior, troubleshoot issues, and understand interactions between Omni Gateway APIs and external services. + +Tracing enables you to track Omni Gateway API interactions. When multiple systems and services are involved, distributed tracing tracks API requests as they flow through distributed environments, providing a comprehensive view of the API's execution. + +With the Anypoint Monitoring Telemetry Exporter, you can send Omni Gateway trace data to third-party observability and analytics platforms, including Azure Monitor, Splunk HEC, or any OpenTelemetry-compliant tool. This capability allows you to leverage end-to-end observability, correlating API traces with data from other systems to build a comprehensive view of your environment. + +== Before You Begin + +To use the OpenTelemetry with Omni Gateway, you must be familiar with: + +* Distributed tracing concepts, including traces and spans. ++ +If you're new to distributed tracing and OpenTelemetry, we recommend starting with https://opentelemetry.io/docs/concepts/what-is-opentelemetry/[What is OpenTelemetry] and https://opentelemetry.io/docs/concepts/observability-primer/#understanding-distributed-tracing[Understanding distributed tracing]. \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/_partials/troubleshoot.adoc b/gateway/1.13/modules/ROOT/pages/_partials/troubleshoot.adoc new file mode 100644 index 000000000..ff9935dbb --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/_partials/troubleshoot.adoc @@ -0,0 +1,173 @@ +//Tags are used and shared in these file: +// * flex-gateway-k8-getting-started.adoc +// * flex-troubleshoot-docker.adoc +// * flex-troubleshoot-helm.adoc +// +// +//DOCKER +//tag::troubleshoot-docker-intro[] + +Troubleshoot errors returned by a `docker` command: + +* <> +* <> + +//end::troubleshoot-docker-intro[] +// +// +//tag::troubleshoot-docker-daemon-bad-response[] + +If Docker is not started, a `docker` command returns an error message similar to the following ones: + +* {empty} ++ +---- +Error response from daemon: Bad response from Docker engine +---- + +* {empty} ++ +---- +ERROR: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. + Is the docker daemon running? +---- + +If you get this error, start Docker. + +//end::troubleshoot-docker-daemon-bad-response[] +// +// +//tag::troubleshoot-docker-bad-request[] + +The following error can occur when you use `docker run` to register your gateway: + +---- +[flexctl][error] reg facade call returned error response: +HTTP/1.1 400 Bad Request +---- + +The reason for this error is available within the error message. Common causes include: + +[[name-already-exists]] +* `an active target with the same name already exists in this organization and environment` ++ +To avoid this issue, provide a _unique name_ for your gateway when running the registration command. Note that you _cannot reuse the same name_ even if a previous registration with that name was successful. When this error occurs, the command generates an _empty_ `registration.yaml`, which prevents re-registration _and_ produces an error when you try to use the file when deploying the gateway to your cluster. ++ +[[no-token]] +* `no valid registration token was found` ++ +To avoid this issue, generate a new token for the command by refreshing the *Add an Omni Gateway* page for Kubernetes and rerun the registration command. + +//end::troubleshoot-docker-bad-request[] +// +// +// +//HELM (for k8 & openshift) +//tag::troubleshoot-helm-intro[] + +Troubleshoot errors returned by a `helm` command for Kubernetes and OpenShift clusters: + +* <> +* <> +* <> +* <> + +//end::troubleshoot-helm-intro[] +// +//tag::troubleshoot-helm-yaml-empty[] + +[[yaml-empty]] +If the `registration.yaml` file is invalid when you pass it to the Helm command during deployment of Omni Gateway, the following error results: + +---- +Error: UPGRADE FAILED: execution error at (flex-gateway/templates/deployment.yaml:4:10): +registerSecretName, registration.content or registration.secretName is required! +---- + +When this error occurs, make sure that the `registration.yaml` file is not empty. If the file is empty, reregister your gateway with a new, unique name to generate a new `registration.yaml` and rerun the procedures that follow the registration step. See xref:flex-gateway-k8-getting-started.adoc#register-flex[Register Omni Gateway] for an example of the registration command. + +//end::troubleshoot-helm-yaml-empty[] +// +// +//tag::troubleshoot-helm-cluster-unreachable[] + +[[cluster-unreachable]] +If your Kubernetes cluster is not running when you attempt to deploy Omni Gateway using `helm`, the following error might occur: + +---- +Error: Kubernetes cluster unreachable: +the server could not find the requested resource +---- + +Start the service that runs your cluster. + +Check that your Kubernetes cluster host is running your cluster, for example: + +[source,kubectl] +---- +kubectl cluster-info +---- + +* If the cluster is running, the command returns a result similar to this one: ++ +---- +Kubernetes control plane is running at https://34.30.50.119 +GLBCDefaultBackend is running at https://34.30.50.119/api/v1/namespaces/kube-system/services/default-http-backend:http/proxy +KubeDNS is running at https://34.30.50.119/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy +Metrics-server is running at https://34.30.50.119/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy +---- + +* If the cluster is not up, the command can return a result similar to this one: ++ +---- +To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. +error: the server doesn't have a resource type "services" +---- + +//end::troubleshoot-helm-cluster-unreachable[] +// +// +//tag::troubleshoot-helm-upgrade-failed[] + +[[upgrade-failed]] +Some issues can cause the Helm upgrade command to hang for up to 5 minutes (due to the `--wait` flag in the command) before producing the following timeout error: + +---- +Error: UPGRADE FAILED: timed out waiting for the condition +---- + +This error typically means that your cluster configuration is incorrect or that your cluster configuration tool does not support this process. One potential cause is the failure to generate a `Service` resource of the `LoadBalancer` type. You can troubleshoot further by running the following commands: + +* {empty} ++ +[source,kubectl] +---- +kubectl -n gateway describe deployment +---- + +* {empty} ++ +[source,kubectl] +---- +kubectl -n gateway describe service +---- + +//end::troubleshoot-helm-upgrade-failed[] +// +// +//tag::troubleshoot-helm-openshift-rbac[] + +//cluster-level access when rbac enabled, as for OpenShift +[[rbac-openshift]] +include::partial$prerequisites.adoc[tags=rbac-permission-k8;rbac-role-openshift] + +Without the required access, you receive an error similar to the following one: + +---- +Error: failed to install CRD crds/apiinstance.yaml: +customresourcedefinitions.apiextensions.k8s.io is forbidden: +User "user1" cannot create resource "customresourcedefinitions" +in API group "apiextensions.k8s.io" at the cluster scope +---- + +//end::troubleshoot-helm-openshift-rbac[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-agent-policies.adoc b/gateway/1.13/modules/ROOT/pages/flex-agent-policies.adoc new file mode 100644 index 000000000..250e5b3bc --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-agent-policies.adoc @@ -0,0 +1,57 @@ += Omni Gateway Agent Policies +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + + +Policies enforce rules when Omni Gateway processes requests, enabling you to secure and govern your server instances. Omni Gateway includes A2A and MCP specific policies that provide enhanced security and control over agent interactions. + +To apply a policy, see xref:flex-gateway-secure-conn.adoc[]. + +Omni Gateway MCP and A2A server instances also support other Omni Gateway policies to protect server instances through rate limiting, authentication, authorization, threat protection, monitoring, and logging. For more information about MuleSoft-provided policies, see the xref:policies-included-directory.adoc[] and xref:policies-outbound-directory.adoc[]. + +To extend existing functionality or define new functionality, create custom policies based on your specific business requirements. For information about creating custom policies, see xref:pdk::policies-pdk-overview.adoc[]. + +NOTE: All agent policies are inbound policies and are not supported as automated policies. + +== SSE Policies + +Both A2A and MCP support the following policies for Server-Sent Events (SSE) streaming: + +[%header%autowidth.spread] +|=== +|Policy |Summary +| xref:policies-included-sse-logging.adoc[SSE Logging] | Logs every SSE event while streaming +|=== + +== A2A Policies + +[%header%autowidth.spread] +|=== +|Policy |Summary +| xref:policies-included-a2a-agent-card.adoc[A2A Agent Card] | Rewrites the Agent Card URL to match the server instance public URL +| xref:policies-included-a2a-pii-detector.adoc[A2A PII Detector] | Detects personally identifiable information (PII) in requests sent to the agent +| xref:policies-included-a2a-prompt-decorator.adoc[A2A Prompt Decorator] | Decorates prompts with context information +| xref:policies-included-a2a-schema-validation.adoc[A2A Schema Validation] | Validates agent requests to ensure they conform to the A2A specification +|=== + + +== MCP Policies + +[%header%autowidth.spread] +|=== +|Policy |Summary +| xref:policies-included-mcp-attribute-access-control.adoc[MCP Attribute-Based Access Control] | Controls access to tools, resources, and prompts based on user information such as Tiers, IP, Headers, or Claims +| xref:policies-included-mcp-global-access.adoc[MCP Global Access] | Restricts which MCP tools are exposed by defining Allow and Block rules +| xref:policies-included-mcp-pii-detector.adoc[MCP PII Detector] | Blocks elicitation responses containing personally identifiable information (PII) from reaching MCP servers +| xref:policies-included-mcp-schema-validation.adoc[MCP Schema Validation] | Validates MCP requests to ensure they conform to the MCP specification +| xref:policies-included-mcp-support.adoc[MCP Support] | Adds MCP support to an Omni Gateway MCP server instance. This policy is required for your MCP server instance to function properly. +| xref:policies-included-mcp-tool-mapping.adoc[MCP Tool Mapping] | Renames MCP tool names in requests and responses to provide flexible tool naming +|=== + + +== See Also + +* xref:policies-reorder.adoc[] +* xref:policies-flex-dataweave-support.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-agent-publish-apis.adoc b/gateway/1.13/modules/ROOT/pages/flex-agent-publish-apis.adoc new file mode 100644 index 000000000..ebf2df4c0 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-agent-publish-apis.adoc @@ -0,0 +1,14 @@ += Publishing Omni Gateway Agent and Tool instances +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Similar to API instances, use *API Manager* to publish Agent, MCP, and LLM instances for Managed Omni Gateway or Omni Gateway running in Connected Mode. + +For more information, see xref:api-manager::create-instance-task-agent-tool.adoc[]. + +== See Also + +* xref:flex-gateway-publish-apis-conn.adoc[] +* xref:index.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-agent-secure.adoc b/gateway/1.13/modules/ROOT/pages/flex-agent-secure.adoc new file mode 100644 index 000000000..bcec81033 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-agent-secure.adoc @@ -0,0 +1,32 @@ += Securing Agent Interactions with Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Omni Gateway supports both the Model Context Protocol (MCP) and the Agent2Agent (A2A) Protocol, enabling you to protect your agents, brokers, LLM, and MCP servers. Omni Gateway provides centralized oversight, agent visibility, logging, and valuable insights, ensuring effective governance and security for your agent-based architecture. Omni Gateway secures agent interactions by enforcing policies across agent connections and by monitoring agent activities for enhanced visibility. + +== Omni Gateway A2A Support +A2A is an open standard that defines how agents interact with each other, enabling interoperability for agents built by different teams, using different technologies and hosted by different organizations. + +Omni Gateway protects agent A2A interactions by requiring appropriate authentication and authorization for agent requests, rewriting Agent Card URLs, logging or blocking sensitive information in messages, and logging Server-Sent Events (SSE) content for compliance audits. You can enhance agent requests by modifying incoming prompts with additional context to improve server-agent execution. + +== Omni Gateway MCP Support +MCP is an open protocol that defines how agents interact with tools or external context, enabling agents to connect to the data and tools they need. + +Omni Gateway secures MCP connections by restricting MCP endpoint access to authorized agents only and by simplifying governance through centralized visibility and control over all interactions. + +== Securing Agent Interactions with Policies + +Omni Gateway includes A2A and MCP specific policies that provide enhanced security and control over agent interactions. Omni Gateway A2A policies enable you to protect agent endpoints by rewriting Agent Card URLs, logging or blocking sensitive information in messages, modifying prompt behavior, and logging Server-Sent Events (SSE) content for compliance audits. Omni Gateway MCP policies enable you to use attribute-based access control to manage access to MCP servers. + +Omni Gateway MCP and A2A server instances also support Omni Gateway's other policies. For example, use policies such as xref:policies-included-rate-limiting.adoc[] or xref:policies-included-spike-control.adoc[] to manage the number of requests to MCP and A2A servers or use the xref:policies-included-message-logging.adoc[] to monitor agent interactions. + +See xref:flex-agent-policies.adoc[] to learn about included A2A and MCP policies. + +== See Also + +* https://blogs.mulesoft.com/news/mulesoft-governance-for-agent-interactions/[Introducing Governance for Agent Interactions With Support for A2A & MCP] +* https://google.github.io/A2A/topics/what-is-a2a/[A2A Protocol spec] +* https://modelcontextprotocol.io/introduction[MCP Protocol spec] +* https://google.github.io/A2A/topics/streaming-and-async/[Streaming & Asynchronous Operations in A2A] diff --git a/gateway/1.13/modules/ROOT/pages/flex-architecture-basic-deployments.adoc b/gateway/1.13/modules/ROOT/pages/flex-architecture-basic-deployments.adoc new file mode 100644 index 000000000..406e96d0f --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-architecture-basic-deployments.adoc @@ -0,0 +1,85 @@ += Omni Gateway Deployment Models +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Omni Gateway supports multiple deployment models, which apply to both Connected Mode and Local Mode: + +* <> +* <> +* <> +* <> + +You can extend the deployment models in this overview to all technological stacks that have the appropriate network controls applied. For more information about routing configuration modes, see <>. + +All the following diagrams show Omni Gateway running in Connected Mode. For Omni Gateway running in Local Mode, the only difference is that Anypoint Platform would not be present in the deployment model. This does not affect how information flows between Omni Gateway and the upstream and downstream services. + +== Standalone Deployment + +In a standalone deployment, Omni Gateway acts as a standalone service that protects one or more integration API flows by managing internal traffic. + +As the following diagram shows, all traffic is inside an organization-owned network. The traffic passes through Omni Gateway before reaching the consumer APIs. + +image:ad-standalone-deployment.png["In a standalone deployment, Omni Gateway and the consumer applications are in the same network."] + +== Ingress Deployment + +Similar to standalone deployment, in an ingress deployment, Omni Gateway acts as a standalone service that protects one or more integration API flows. However, in an ingress deployment, Omni Gateway manages external traffic entering the internal network. Ingress deployment is the most common deployment model. + +Omni Gateway can act as both an ingress and an egress gateway. + +As the following diagram shows, all external traffic passes through Omni Gateway before reaching the consumer APIs. Omni Gateway is typically deployed behind a load balancer, and the consumer application does not belong to the same network as Omni Gateway or the APIs. + +image:ad-ingress-deployment.png["In an ingress deployment, Omni Gateway and the consumer applications are in different networks."] + + +NOTE: Ingress deployment is not the same as a Kubernetes Ingress controller or Ingress `Resource`. For more information about routing configuration, see <>. + +== Egress Deployment + +An egress deployment is the opposite deployment model of an ingress deployment. Omni Gateway still acts as a standalone service that protects one or more integration API flows. However, in an egress deployment, Omni Gateway manages internal traffic exiting the internal network, for example, API requests to non-organization-owned APIs. + +Omni Gateway can act as both an ingress and an egress gateway. + +As the following diagram shows, all internal traffic from the consumer application passes through Omni Gateway before reaching the external APIs. + +image:ad-egress-deployment.png["A diagram of Anypoint Platform depicting the flow of data between the platform, an Omni Gateway, APIs, and a user"] + +== Sidecar Deployment +In a sidecar deployment, each Omni Gateway deployment only protects the APIs exposed by its protected service. A new Omni Gateway replica is added with each new protected service. + +As the following diagram shows, traffic in a sidecar deployment passes through Omni Gateway to the respective consumer API. The consumer application can belong to the same network as Omni Gateway or an external network. + +image:ad-sidecar-deployment.png["In a sidecar deployment, Omni Gateway and the consumer application are in the same Kubernetes pod."] + +== Routing Configuration Methods + +There are different routing configuration methods dependent on what mode Omni Gateway is running in or what technological stack Omni Gateway is deployed on. + +How connections between Omni Gateway and services are configured is independent of the deployment model. + +=== Control Plane + +In control plane routing configuration, Omni Gateway and service connections are configured in a remote control plane. For Omni Gateway, the control plane is Anypoint Platfrom. Control plane configuration is only available in Omni Gateway Connected Mode. + +=== Custom Resource Definitions (CRDs) + +In custom resource definitions (CRDs) routing configuration, Omni Gateway and service connections are configured in custom resource yaml files. + +For Omni Gateway, the CRDs are `APIinstance`, `Service`, `PolicyBinding`, and `Configuration` and are defined in the xref:flex-local-configuration-reference-guide.adoc[]. + +In Omni Gateway CRDs define connections in Local Mode but are also necessary for some connections in Connected Mode. + +=== Kubernetes Ingress Resource + +Omni Gateways running in Local Mode and deployed on Kubernetes can use Kubernetes `Ingress` resources to define connection routing. When routing is defined via `Ingress` resources, Omni Gateway acts as an Ingress Controller. `Ingress` resources are only avaliable in Kubernetes Local Mode. + +You can use `Ingress` resources and CRDs simultaneously. + +For more information about how to configure Omni Gateway as an Ingress Controller, see xref:flex-gateway-k8-ingress-class.adoc[]. + +== See Also + +* xref:flex-architecture-uc-overview.adoc[] +* xref:flex-architecture-shared-storage.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-architecture-dr-ha-overview.adoc b/gateway/1.13/modules/ROOT/pages/flex-architecture-dr-ha-overview.adoc new file mode 100644 index 000000000..a44b2e8d2 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-architecture-dr-ha-overview.adoc @@ -0,0 +1,10 @@ += High Availability and Disaster Recovery +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Omni Gateway supports high availability (HA) and disaster recovery (DR) through managed deployments on CloudHub 2.0 and self-managed multi-region deployments. Choose the topic that matches your deployment type: + +* xref:flex-architecture-managed-dr-ha.adoc[] — CloudHub 2.0 manages replica deployment, availability zones, and failover for Managed Omni Gateway. +* xref:flex-architecture-multi-region.adoc[] — Deploy your self-managed Omni Gateway across multiple regions for latency reduction and live failover. diff --git a/gateway/1.13/modules/ROOT/pages/flex-architecture-managed-dr-ha.adoc b/gateway/1.13/modules/ROOT/pages/flex-architecture-managed-dr-ha.adoc new file mode 100644 index 000000000..e3d582e3e --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-architecture-managed-dr-ha.adoc @@ -0,0 +1,35 @@ += Managed Omni Gateway High Availability and Disaster Recovery Deployments +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +CloudHub 2.0 and Runtime Fabric manage Managed Omni Gateway replica deployments and control the gateway's high availability and disaster recovery. To learn about how these deployment targets handle disaster recovery and high availability not specific to Omni Gateway, familiarize yourself with xref:cloudhub-2::ch2-ha-dr.adoc[]. + +This diagram shows how multiple Managed Omni Gateway replicas are deployed. + +image:managed-high-availability.png["External traffic flows through CloudHub 2.0 Ingress to a Kubernetes service that distributes requests across multiple Managed Omni Gateway replicas"] + +External traffic entering through private space ingress is distributed across a kubernetes service of Managed Omni Gateway instances. Replicas share the gateway configuration and data that must persist in a Kubernetes resource. Replicas share HTTP caching and distributed rate limiting data directly with each other. + +NOTE: The diagram shows CloudHub 2.0 ingress. For Runtime Fabric, you must configure your own ingress. Your ingress must terminate TLS before forwarding the request to the Managed Omni Gateway. + + +== Managed Omni Gateway High Availability + +The private space manages Managed Omni Gateway high availability by ensuring: + +* At least two Omni replicas are always available and distributed across different availability zones in the private space. Traffic is distributed to replicas and zones evenly using a round robin traffic distribution. + +** If a replica fails, a new replica is spawned. While respawning the replica, the outstanding replicas receive a temporary spike in traffic until the new replica can accept traffic. These short spikes in traffic are visible in monitoring as a temporary spike in CPU usage. + +** Overloaded gateways don't abruptly stop incoming traffic processing as a result of overload. However, overloaded gateways show gradual degradation of response time for requests until CPU subsides. + +* Large and extra large Managed Omni Gateways have more capacity allocated per replica and autoscale up to three replicas across three availability zones depending on CPU usage. + +== Managed Omni Gateway Configuration Storage + +Managed Omni Gateway stores API configurations locally in the private space kubernetes service. Locally stored configurations enable the gateway to start faster than an equivalently configured Self Managed Omni Gateway (that needs to download the configuration from Anypoint upon start). Locally stored configurations provide a layer of resiliency in the unlikely event that the Anypoint control plane isn't reachable during Managed Gateway startup. + +Managed Omni Gateway does not store contracts locally. Upon starting, Managed Omni Gateway downloads contracts from Anypoint Platform. If an API uses contracts, for example if the client ID enforcement policy is applied, the gateway downloads the contracts before accepting traffic. + diff --git a/gateway/1.13/modules/ROOT/pages/flex-architecture-multi-region.adoc b/gateway/1.13/modules/ROOT/pages/flex-architecture-multi-region.adoc new file mode 100644 index 000000000..86fdb2121 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-architecture-multi-region.adoc @@ -0,0 +1,90 @@ += Self Managed Omni Gateway High Availability, Disaster Recovery, and Multi-Region Deployments +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Install Omni Gateway in multiple regions to reduce latency and ensure live failover. You can configure most implementations with either multiple Omni Gateways or multiple Omni Replicas. Depending on which you choose, there are different considerations for Redis Shared-Storage, policies, and logging. To learn more about Omni Replicas, see xref:index.adoc#replicas[Omni Replicas]. + +All the following diagrams show Omni Gateway running in Connected Mode. For Omni Gateway running in Local Mode, the only difference is that Anypoint Platform isn't present in the deployment model. This doesn't affect how information flows between Omni Gateway and the upstream and downstream services. + +The implementation diagrams use Kubernetes terminology, but you can extend the architecture to other technology stacks that have the appropriate network controls applied. + +[[implementation-1]] +== Implementation 1: High Availability with the Same APIs in Two Separate Regions + +Implementation 1 provides high availability for non-region-specific traffic. The DNS service is configured for active-active failover, meaning each region services traffic at all times. + +[[implementation-1a]] +=== Implementation 1A: Cross-Regional Omni Gateway + +In this implementation: + +* A single Omni Gateway has Omni Replicas distributed across multiple regions. +* Omni Gateway is registered once in Anypoint Platform and deployed across multiple regions and availability zones. +* Logs and metrics for each Omni Gateway are consolidated in Anypoint Platform. +* The DNS service is configured for active-active failover to direct traffic to any region at all times. +* APIs deployed to the Gateway are available in all regions and availability zones. +* API configurations, including upstream services and policies are the same for all regions. Upstream services must be region-agnostic, meaning either the DNS is local or it lacks any reference to the region. +* The Redis cluster must be replicated across regions or Redis shared storage can't be used. Redis replication is required when traffic isn't region-specific. +* The only cross-regional traffic is Redis synchronization. + +In the following diagram, Omni Replicas in different regions and availability zones have distinct Kubernetes deployments: + +image:high-availability-1a.png["A detailed view of implementation 1A, which contains the necessary services to support high availability in for Omni Replicas deployed in different regions"] + + +[[implementation-1b]] +=== Implementation 1B: Region-Specific Omni Gateway + +In this implementation: + +* Each region has a distinct Omni Gateway with all resources as independent entities. +* A separate Omni Gateway is registered for each region. +* Each region-specific API instance has distinct metrics, alerts, and logs in Anypoint Platform. +* Policies are region specific even if the configuration is similar across regions. +* The DNS service is configured for active-active failover to direct traffic to any region at all times. +* API deployments are specific to each Omni Gateway. For each API a region supports, you must deploy an API instance to the region's Omni Gateway. +* API Groups can share contracts (access requests) across regions. An API Group might not be required for your configuration. +* Redis shared storage does not require synchronization. +* There is no cross-regional traffic. + +In the following diagram, all APIs are duplicated and don't require identical configurations: + +image:high-availability-1b.png["A detailed view of implementation 1B, which contains the necessary services to support high availability for region-specific Omni Gateways"] + +[[implementation-2]] +== Implementation 2: Disaster Recovery for APIs + +This implementation is similar to <>. However, the DNS service is active-passive, so the standby region only receives traffic if the primary region becomes unhealthy. This implementation is less complex to configure than implementation 1A. + +Redis synchronization is not required if a cache loss during failover is acceptable. + +In the following diagram, Omni Replicas in different availability zones have distinct Kubernetes deployments. Region B provides high availability but receives traffic only if region A is unhealthy: + +image:high-availability-2.png["A detailed view of implementation 2, which contains the necessary services to enable disaster recovery for APIs on Omni Gateway"] + +[[implementation-3]] +== Implementation 3: Direct Traffic to the Closest Region + +In both <> and <>, Omni Gateway directs traffic to the most convenient region to reduce latency. Choose which implementation according to your policy requirements. + +[[implementation-3a]] +=== Implementation 3A: Direct Traffic to APIs With the Same Policies + +This implementation is similar to <> and has the same considerations. However, Redis replication is not required because requests are sent to specific regions. Configure high availability or disaster recovery zones in each region to ensure API availability: + +image:high-availability-3a.png["A detailed view of implementation 3A, which contains the necessary services to route customer requests to the closest region"] + +[[implementation-3b]] +=== Implementation 3B: Direct Traffic to APIs With the Different Policies + +This implementation is similar to <> and has the same considerations. Deploy region-specific gateways and apply the necessary policies to the different APIs. Configure high availability or disaster recovery zones in each region to ensure API availability: + +image:high-availability-3b.png["A detailed view of implementation 3B, which contains the necessary services to route customer requests to the closest region"] + +NOTE: To apply SLA rate limiting across all regions, the rate limits must be the same for all regions. Use API groups to consolidate the contracts. + + + + diff --git a/gateway/1.13/modules/ROOT/pages/flex-architecture-overview.adoc b/gateway/1.13/modules/ROOT/pages/flex-architecture-overview.adoc new file mode 100644 index 000000000..91802c978 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-architecture-overview.adoc @@ -0,0 +1,16 @@ += Omni Gateway Reference Architecture +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +The following architecture diagrams explain Omni Gateway concepts and deployments: + +* xref:flex-architecture-basic-deployments.adoc[] +* xref:flex-architecture-uc-overview.adoc[] +** xref:flex-architecture-uc1.adoc[] +** xref:flex-architecture-uc2.adoc[] +** xref:flex-architecture-uc3.adoc[] +** xref:flex-architecture-uc4.adoc[] +* xref:flex-architecture-dr-ha-overview.adoc[High Availability and Disaster Recovery] +* xref:flex-architecture-shared-storage.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-architecture-shared-storage.adoc b/gateway/1.13/modules/ROOT/pages/flex-architecture-shared-storage.adoc new file mode 100644 index 000000000..a18eca60a --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-architecture-shared-storage.adoc @@ -0,0 +1,33 @@ += Shared Storage Models +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +When configuring shared storage, MuleSoft recommends placing the Redis shared storage service as close to Omni Gateway as possible. + +If the Redis shared storage service is available locally in the same cluster or the same Virtual Private Cloud (VPC), a mutual authentication Transport Layer Security (mTLS) connection is not required to communicate with the shared storage. + +To configure the connection between Omni Gateway and the shared storage service, see: + +* xref:flex-conn-shared-storage-config.adoc[Configure Shared Storage in Connected Mode] +* xref:flex-local-shared-storage-config.adoc[Configure Shared Storage in Local Mode] + +The following diagrams use Kubernetes terminology, but you can extend the architecture to other technology stacks that have the appropriate network controls applied. + +You can place the Redis shared storage within the same Kubernetes cluster as Omni Gateway or instantiated within the same VPC as Omni Gateway: + + +== Shared Storage in the Same Cluster + +image:redis-same-cluster.png["The redis shared storage is in the same cluster as the Omni Gateway replicas"] + +== Shared Storage in the Same VPC + +image:redis-same-vpc.png["The redis shared storage is in the same VPC as the Omni Gateway replicas but is not in the same cluster"] + +== See Also + +* xref:flex-conn-shared-storage-config.adoc[Configure Shared Storage in Connected Mode] +* xref:flex-local-shared-storage-config.adoc[Configure Shared Storage in Local Mode] +* xref:flex-conn-replica-caching.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-architecture-uc-overview.adoc b/gateway/1.13/modules/ROOT/pages/flex-architecture-uc-overview.adoc new file mode 100644 index 000000000..7dd78506c --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-architecture-uc-overview.adoc @@ -0,0 +1,103 @@ += Integration Use Cases +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +The following integration use cases are determined by the ownership of the API provider and API consumer. Each use case shows physical patterns that demonstrate the necessary services in the system. + +For the following use case diagrams, Omni Gateway is running in Connected Mode. However, you can also run Omni Gateway in Local Mode or use a combination of Connected Mode and Local Mode for separate runtimes in the same or in different environments. + +The use case diagrams use Kubernetes terminology, but you can extend the architecture to other technology stacks that have the appropriate network controls applied. + +Omni Gateway supports four use cases: + +* xref:flex-architecture-uc1.adoc[] +* xref:flex-architecture-uc2.adoc[] +* xref:flex-architecture-uc3.adoc[] +* xref:flex-architecture-uc4.adoc[] + +image:ad-intergration-use-cases.png["The four use cases are linked to products that they can support."] + +Each use case supports different integration patterns that vary depending on the location of APIs relative to the network in which Omni Gateway is located. You can use different use case patterns, depending on the different API owners and networks in your system. + +In each use case, there are three different classifications of networks. The classifications describe the relation of each network to your organization and the network that Omni Gateway is in: + +* Organization internal ++ +Networks owned by your organization and in the same network as Omni Gateway +* Organization external ++ +Trusted networks external to your organization but in a different network than Omni Gateway, for example, your organization’s Splunk instance +* Non-Organization external ++ +External networks untrusted by your company and in a different network as Omni Gateway. An API provider’s or API consumers network status affects the necessary security protocols (mTLS) you take when communicating between networks + +If an API provider or API consumer is organization-owned, it belongs to either the organization's internal network or its external networks. + +The following tables: + +* Relate the previously mentioned use cases to use case patterns +* Show the networks involved in the pattern +* Indicate whether Omni Gateway acts as an ingress, egress, or both + + + +== Use Case 1: Organization-Owned API Exposed to an Organization-Owned API Consumer + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +| Pattern | Provider Network | Consumer Network | Role of Omni Gateway +| xref:flex-architecture-uc1.adoc#pattern-1a[Pattern 1A: Organization internal API exposed to an organization internal consumer that uses the same VPC or network as the API] | Organization internal | Organization internal | Ingress +| xref:flex-architecture-uc1.adoc#pattern-1b[Pattern 1B: Organization internal API exposed to an organization internal consumer that uses a different VPC or network from the API] | Organization internal | Organization internal | Ingress +| xref:flex-architecture-uc1.adoc#pattern-2[Pattern 2: Organization internal API exposed to an organization external consumer] | Organization internal | Organization external | Ingress +| xref:flex-architecture-uc1.adoc#pattern-3[Pattern 3: Organization external API exposed to an organization internal consumer] | Organization external | Organization internal | Egress +| xref:flex-architecture-uc1.adoc#pattern-4[Pattern 4: Organization external API exposed to an organization external consumer] | Organization external | Organization external | Ingress and egress +|=== + + +== Use Case 2: Organization-Owned API Exposed to a Non-Organization-Owned API Consumer + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +| Pattern | Provider Network | Consumer Network | Role of Omni Gateway +| xref:flex-architecture-uc2.adoc#pattern-5[Pattern 5: Organization internal API exposed to a non-organization external consumer] | Organization internal | Non-organization external | Ingress +| xref:flex-architecture-uc2.adoc#pattern-6[Pattern 6: Organization external API exposed to a non-organization external consumer] | Organization external | Non-organization external | Ingress and egress +|=== + +== Use Case 3: Non-Organization-Owned API Exposed to an Organization-Owned API Consumer + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +| Pattern | Provider Network | Consumer Network | Role of Omni Gateway +| xref:flex-architecture-uc3.adoc#pattern-7[Pattern 7: Non-organization external API exposed to an organization internal consumer] | Non-organization external | Organization internal | Egress +| xref:flex-architecture-uc3.adoc#pattern-8[Pattern 8: Non-organization external API exposed to an organization external consumer] | Non-organization external | Organization external | Ingress and egress +|=== + +== Use Case 4: Non-Organization-Owned API Exposed to an External Non-Organization-Owned API Consumer +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +| Pattern | Provider Network | Consumer Network | Role of Omni Gateway +| xref:flex-architecture-uc4.adoc#pattern-9[Pattern 9: Non-organization external API exposed to a non-organization external consumer] | Non-organization external | Non-organization external | Ingress and egress +|=== + +== mTLS considerations for integration flows +Omni Gateway supports Mutual Transport Layer Security (mTLS) for all Omni Gateway-initiated and Omni Gateway-terminated connections. Mulesoft recommends using mTLS on all communication flows. + +For inbound connections that cross a network security boundary, use a network application firewall as close to the boundary as possible. For inbound connections, configure the external mTLS connection to terminate at the firewall and configure a new mTLS context between the firewall and Omni Gateway. + +=== Certificate authorities +Different certificate authorities (CA) participate in the mTLS connection, depending on the type of integration. In the use case diagrams, color codes and labels represent the different mTLS contexts. Each mTLS context contains a truststore that contains CAs for validating far-side certificates and a keystore that contains a certificate issued by this same CA. The following table describes the three possible mTLS contexts: + +[%header%autowidth.spread,cols="a,a,a"] +|=== +| mTLS context symbol | Certificate authority | Description +| image:ad-internal-org-mtls.png["Organization internal mTLS symbol"] | Organization internal mTLS | For internal network communication, the expectation is that only the customer organization uses these certificates within the internal network. +| image:ad-external-org-mtls.png["Organization external mTLS symbol"] | Organization external mTLS | For external communication with trusted parties over the public internet, the organization can issue certificates that external consumers or third parties can use to access the services provided by the organization. +| image:ad-external-non-org-mtls.png["Non-organization external mTLS symbol"] | Non-organization external mTLS | For external communication with entities that aren't trusted, the third party organization controls the CA. The third party CA issues certificates for the organization to use when communicating with third-party services. +|=== + +== See Also + +* xref:flex-architecture-basic-deployments.adoc[] +* xref:flex-architecture-shared-storage.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-architecture-uc1.adoc b/gateway/1.13/modules/ROOT/pages/flex-architecture-uc1.adoc new file mode 100644 index 000000000..b17a07a58 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-architecture-uc1.adoc @@ -0,0 +1,91 @@ += Use Case 1: Organization-Owned API Exposed to an Organization-Owned API Consumer +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Use case one covers all patterns of a scenario in which a trusted organization's API is exposed to a trusted organization's API consumer. + +== Pattern 1: Organization Internal API Exposed to an Organization Internal Consumer + +Pattern examples: + +* A sales application accesses a customer service API in which both sales and customer service are internal areas of the customer organization +* A call center application calls the API exposed by the customer domain to retrieve customer information +* A mobile bank calls customer and account services to display the account overview screen to the end consumer + +[[pattern-1a]] +=== Pattern 1A: Organization Internal API Exposed to an Organization Internal Consumer that Uses the Same VPC or Network +In this use case pattern, both services are available on the same infrastructure, such as the same public cloud VPC, datacenter, or Kubernetes cluster. You can deploy Omni Gateway as either a sidecar or a standalone gateway. + +image:ad-uc-1-p-1a.png["For both standalone and sidecar mode, Omni Gateway and the APIs are in the same internal network."] + +The following diagram shows the physical implementation of a standalone Omni Gateway running in Connected Mode. A network policy (Netpol) permits ingress access only from Omni Gateway. You can configure the consumer application in the same or different namespace from Omni Gateway and the provider services. + +image:ad-uc-1-p-1a-physical.png[A more detailed view of UC1 contains load balancers and Netpol protection] + +When the API provider is located in a different Kubernetes cluster from Omni Gateway and the consumer application, you can do either of the following: + +* Deploy an Omni Gateway runtime on each of the clusters, as in Pattern 1B. +* Establish network restrictions in the secure channel between clusters and deploy Omni Gateway in only one of them, as shown in the following diagram. The second cluster only allows connections from an Omni Gateway that acts as an ingress controller. + +image:ad-uc-1-p-1b-separate-clusters.png["A detailed view of pattern 1A, which contains the necessary services to support Omni Gateway"] + +[[pattern-1b]] +=== Pattern 1B: Organization Internal API Exposed to an Organization Internal Consumer that Uses a Different VPC or Network +In this pattern, the API provider is isolated from the API consumer. However, there is a secure communication channel available between the two networks. + +You deploy Omni Gateway as an ingress behind a firewall because traffic is considered external to the location of the provider. Omni Gateway receives and processes the incoming traffic. + +You can use Omni Gateway to terminate the TLS or mTLS connection if required. + +image:ad-uc-1-p-1b.png["Information travels from a trusted network to the internal network that contains Omni Gateway."] + +The following diagram shows the physical implementation on Kubernetes. + +image:ad-uc-1-p-1b-physical.png["The previous networks are now Kubernetes clusters and there are load balancers that separate the APIs from Omni Gateway."] + +[[pattern-2]] +== Pattern 2: Organization Internal API exposed an Organization External Consumer +In pattern two, the organization-owned API is isolated from the organization-owned API consumer, for example, in a package delivery tracking API that is accessed from a user interface. The consumer can access the exposed API only via the internet. In this use case, you deploy Omni Gateway as an ingress. + +image:ad-uc-1-p-2.png["Consumer application requests pass through the internet and a firewall before reaching Omni Gateway."] + +This pattern is similar to Pattern 1B. However, in this pattern, traffic arrives from the public internet instead of from a private channel. Because traffic is coming from the public internet, you must add additional controls to strengthen communication security before reaching Omni Gateway. + +The following diagram shows the physical implementation of a scenario in which an organization's internal API is exposed to an organization's internal consumer on Kubernetes. The diagram assumes that the firewall terminates the incoming external mTLS connection. + +image:ad-uc-1-p-2-physical.png["The previous networks are now Kubernetes clusters, there are load balancers separating the APIs from Omni Gateway, and mTLS connections to external networks."] + +[[pattern-3]] +== Pattern 3: Organization External API Exposed to an Organization Internal Consumer +In pattern three, the API Consumer is in the same network as Omni Gateway. You can use Omni Gateway to monitor, control, and enrich the flows to external services. For example, Omni Gateway can provide rate limiting for the external access traffic, or metrics and analytics tracking for this external service connection. + +Pattern examples: + +* A payments service must obtain exchange rates from an external service provider. +* An internal API Consumer accesses the organization’s external ServiceNow instance (SaaS service). + +For pattern three, you deploy Omni Gateway as a standalone gateway that acts as an egress container. + +image:ad-uc-1-p-3.png["Omni Gateway is deployed as an egress to monitor incoming traffic from the external API."] + +The following diagram shows the physical implementation of a scenario in which an organization's external API is exposed to an organization's internal consumer on Kubernetes. The diagram assumes that the firewall terminates the incoming external mTLS connection. + +image:ad-uc-1-p-3-physical.png["The previous networks are now kubernetes clusters. There are load balancers that separate the APIs from Omni Gateway and mTLS connections to external networks."] + +[[pattern-4]] +== Pattern 4: Organization External API Exposed to an Organization External Consumer +In pattern four, Omni Gateway acts as an intermediary between two organizations' external entities, for example, when an organization’s WorkDay instance (SaaS service) accesses the organization’s ServiceNow instance (SaaS service). In this pattern, Omni Gateway runs as an ingress and egress that applies secured communication and policy enforcement. + +image:ad-uc-1-p-4.png["Omni Gateway acts as an intermediary between an external application and external API."] + +The following diagram shows the physical implementation of a scenario in which an external organization's API is exposed to an external organization's consumer on Kubernetes. The diagram assumes that the firewall terminates the incoming organization's external mTLS connection. + +image:ad-uc-1-p-4-physical.png["A detailed view of pattern four, which contains the necessary services to support Omni Gateway"] + +== See Also + +* xref:flex-architecture-uc2.adoc[] +* xref:flex-architecture-uc3.adoc[] +* xref:flex-architecture-uc4.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-architecture-uc2.adoc b/gateway/1.13/modules/ROOT/pages/flex-architecture-uc2.adoc new file mode 100644 index 000000000..59fcda20c --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-architecture-uc2.adoc @@ -0,0 +1,33 @@ += Use Case 2: Organization-Owned API Exposed to a Non-Organization-Owned API Consumer +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Use case two covers all patterns of a scenario in which an organization-owned API is exposed to a non-organization-owned API consumer; for example, when a user makes a request to your public-facing API. + +[[pattern-5]] +== Pattern 5: Organization Internal API exposed to a Non-Organization External Consumer +In pattern five, the infrastructure of the organization-owned API is isolated from the API consumer. The consumer can access the exposed API only via the internet. In this use case, you deploy Omni Gateway as an ingress. + +image:ad-uc-1-p-2.png["Consumer application requests pass through the internet and a firewall before reaching Omni Gateway."] + +The following diagram shows the physical implementation of a scenario in which an organization-owned internal API is exposed to a non-organization-owned external consumer on Kubernetes. The diagram assumes that the firewall terminates the incoming external mTLS connection. + +image:ad-uc-2-p-5-physical.png["A detailed view of pattern five, which contains the necessary services to support Omni Gateway"] + +[[pattern-6]] +== Pattern 6: Organization External API exposed to a Non-Organization External Consumer +In pattern six, Omni Gateway acts as an intermediary between two external network entities. Omni Gateway runs as an ingress and egress that applies secure communication and policy enforcement. + +image:ad-uc-1-p-4.png["Omni Gateway acts as an intermediary between an external application and external API."] + +The following diagram shows the physical implementation of a scenario in which an organization external API is exposed to an non-organization external consumer on Kubernetes. The diagram assumes that the firewall terminates the external mTLS connections. + +image:ad-uc-2-p-6-physical.png["A detailed view of pattern six, which contains the necessary services to support Omni Gateway"] + +== See Also + +* xref:flex-architecture-uc1.adoc[] +* xref:flex-architecture-uc3.adoc[] +* xref:flex-architecture-uc4.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-architecture-uc3.adoc b/gateway/1.13/modules/ROOT/pages/flex-architecture-uc3.adoc new file mode 100644 index 000000000..3c214240e --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-architecture-uc3.adoc @@ -0,0 +1,38 @@ += Use Case 3: Non-Organization-Owned API Exposed to an Organization-Owned API Consumer +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Use case three covers all patterns of a scenario in which a non-organization-owned API is exposed to an organization-owned API consumer. + +Use case examples: + +* A payments service must obtain exchange rates from an external service provider. +* An internal API Consumer accesses the organization’s external ServiceNow instance (SaaS service). + +[[pattern-7]] +== Pattern 7: Non-Organization External API exposed to an Organization Internal Consumer +In pattern seven, you deploy Omni Gateway as an egress. You can use Omni Gateway to monitor, control, and enrich the flows to external services. Additionally, you can rate limit external access and track metrics and analytics. + +image:ad-uc-1-p-3.png["Omni Gateway acts as an egress to monitor incoming traffic from the external API."] + +The following diagram shows the physical implementation of a scenario in which a non-organization external API is exposed to an organization internal consumer on Kubernetes. The diagram assumes that the firewall terminates the incoming non-organization external mTLS connection. + +image:ad-uc-3-p-7-physical.png[A detailed view of pattern, which contains the necessary services to support Omni Gateway] + +[[pattern-8]] +== Pattern 8: Non-Organization External API exposed to an Organization External Consumer +In pattern eight, Omni Gateway acts as an intermediary between two organization external entities. Omni Gateway runs as an ingress and egress that applies secure communication and policy enforcement. + +image:ad-uc-1-p-4.png["Omni Gateway acts as an intermediary between an external application and external API."] + +The following diagram shows the physical implementation of a scenario in which an external non-organization API is exposed to an organization external consumer on Kubernetes. The diagram assumes that the firewall terminates the incoming external mTLS connection. + +image:ad-uc-3-p-8-physical.png["A detailed view of pattern eight, which contains the necessary services to support Omni Gateway"] + +== See Also + +* xref:flex-architecture-uc1.adoc[] +* xref:flex-architecture-uc2.adoc[] +* xref:flex-architecture-uc4.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-architecture-uc4.adoc b/gateway/1.13/modules/ROOT/pages/flex-architecture-uc4.adoc new file mode 100644 index 000000000..b20cd408a --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-architecture-uc4.adoc @@ -0,0 +1,24 @@ += Use Case 4: Non-Organization-Owned API Exposed to a Non-Organization-Owned API Consumer +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Use case four has one pattern that supports the scenario in which a non-organization API is exposed to a non-organization API consumer. + +[[pattern-9]] +== Pattern 9: Non-Organization External API exposed to a Non-Organization External Consumer + +In pattern nine, Omni Gateway acts as an intermediary between two external entities; for example, when an external customer consumes a travel information service offered by an external airline. + +image:ad-uc-1-p-4.png[Omni Gateway acts as an intermediary between an external application and external API] + +The following diagram shows the physical implementation of a scenario in which a non-organization external API is exposed to a non-organization external consumer on Kubernetes. The diagram assumes that the firewall terminates the incoming external mTLS connection. + +image:ad-uc-4-p-9-physical.png["A detailed view of pattern nine, which contains the necessary services to support Omni Gateway"] + +== See Also + +* xref:flex-architecture-uc1.adoc[] +* xref:flex-architecture-uc2.adoc[] +* xref:flex-architecture-uc3.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-configure.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-configure.adoc new file mode 100644 index 000000000..eecc45b85 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-configure.adoc @@ -0,0 +1,18 @@ += Configuring Omni Gateway in Connected Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-aliases: gateway::flex-conn-manage.adoc +:page-mode: conn + +include::partial$configuration-task-list.adoc[tags=configuration-task-list-replicas] +include::partial$configuration-task-list.adoc[tags=configuration-task-list-tls] +include::partial$configuration-task-list.adoc[tags=configuration-task-list-shared-storage] +include::partial$configuration-task-list.adoc[tags=configuration-task-list-forward-proxy] +include::partial$configuration-task-list.adoc[tags=configuration-task-list-apim-api] +include::partial$configuration-task-list.adoc[tags=configuration-task-list-liveness-check] +include::partial$configuration-task-list.adoc[tags=configuration-task-list-proxy-protocol] +include::partial$configuration-task-list.adoc[tags=configuration-task-list-jenkins-cli] +include::partial$configuration-task-list.adoc[tags=configuration-task-list-jenkins] +include::partial$configuration-task-list.adoc[tags=configuration-task-list-tracing] diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-disable-logs.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-disable-logs.adoc new file mode 100644 index 000000000..f95139f88 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-disable-logs.adoc @@ -0,0 +1,47 @@ += Disabling Omni Gateway Log Output to Anypoint Platform +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: conn + +include::partial$task-config-disable-logs.adoc[tags=config-disable-logs-intro] +include::partial$task-config-disable-logs.adoc[tags=icon-table] +include::partial$task-config-disable-logs.adoc[tags=byb] + +// Linux +include::partial$task-config-disable-logs.adoc[tags=linux-section-1] +include::partial$task-config-disable-logs.adoc[tags=config-disable-logs-example] +include::partial$task-config-disable-logs.adoc[tags=linux-section-2] + +// Containers +include::partial$task-config-disable-logs.adoc[tags=containers-section-1] ++ +include::partial$task-config-disable-logs.adoc[tags=config-disable-logs-example] +include::partial$task-config-disable-logs.adoc[tags=containers-section-2] ++ +[tabs] +==== +Docker:: ++ +include::partial$task-reg-run-flex-gateway.adoc[tags=start-command-local] + +Podman:: ++ +include::partial$task-reg-run-flex-gateway.adoc[tags=podman-start-command-local] +==== + +// K8s +include::partial$task-config-disable-logs.adoc[tags=k8s-section-1] +include::partial$task-config-disable-logs.adoc[tags=config-disable-logs-example] ++ +include::partial$task-config-disable-logs.adoc[tags=k8s-section-2] + +// OpenShift +include::partial$task-config-disable-logs.adoc[tags=openshift-section-1] +include::partial$task-config-disable-logs.adoc[tags=config-disable-logs-example] ++ +include::partial$task-config-disable-logs.adoc[tags=openshift-section-2] + +// See Also +include::partial$task-config-disable-logs.adoc[tags=see-also] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-env-variables.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-env-variables.adoc new file mode 100644 index 000000000..5b0bc76ea --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-env-variables.adoc @@ -0,0 +1,8 @@ += Configure Omni Gateway Environment Variables in Connected Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: conn + +include::partial$env-variables.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-forward-proxy.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-forward-proxy.adoc new file mode 100644 index 000000000..4fcd4980e --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-forward-proxy.adoc @@ -0,0 +1,27 @@ += Configuring a Forward Proxy for Omni Gateway in Connected Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: conn + +include::partial$forward-proxy-config.adoc[tags=intro;icon-table] + +include::partial$forward-proxy-config.adoc[tags=connections;noproxy] + +include::partial$forward-proxy-config.adoc[tags=forward-proxy-parameters] + +include::partial$forward-proxy-config.adoc[tags=linux] + +include::partial$forward-proxy-config.adoc[tags=docker] ++ +include::partial$task-reg-run-flex-gateway.adoc[tags=start-command-local] ++ +include::partial$forward-proxy-config.adoc[tags=docker2] + +include::partial$forward-proxy-config.adoc[tags=k8s] + +include::partial$forward-proxy-config.adoc[tags=proxy-registration] + +== See also +* xref:flex-conn-reg-run.adoc[Register and Run Omni Gateway in Connected Mode] diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-jenkins-api.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-jenkins-api.adoc new file mode 100644 index 000000000..e9e25d2bb --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-jenkins-api.adoc @@ -0,0 +1,415 @@ += Automating Omni Gateway with a Jenkins Pipeline using the API Manager API +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: conn +:page-aliases: gateway::flex-conn-manage-jenkins.adoc + +You can use a Jenkins Pipeline to automate the workflow for Omni Gateway in Connected Mode. With a Jenkins Pipeline, you can register and run an Omni Gateway and use features of the API Manager API, such as creating and deploying API instances. + +Automating your Omni Gateway in Connected Mode work flow shares many similarities with the xref:flex-conn-manage-public-api.adoc[Manage Omni Gateway Using the API Manager API] tutorial. You can use the Jenkins Pipeline to automate the calls made to the API Manager API. To add additional features from the https://anypoint.mulesoft.com/exchange/portals/anypoint-platform/f1e97bc6-315a-4490-82a7-23abe036327a.anypoint-platform/api-manager-api/[API Manager API^], use the <> and <> Pipeline stages as examples. + +This tutorial has different steps with different code blocks. As you work through the steps, add the code blocks to the same Jenkinsfile. If you are unfamiliar with the syntax used in a Jenkins Pipeline, see the https://www.jenkins.io/doc/book/pipeline/[Jenkins Pipeline documentation^]. + +NOTE: To instead automate your Omni Gateway with the Anypoint CLI, see xref:flex-conn-jenkins-cli.adoc[]. + +== Before You Begin +Before you can deploy a Jenkins Pipeline, complete the following tasks: + +. xref:flex-install.adoc[Download Omni Gateway]. + +. xref:access-management::connected-apps-developers.adoc#create-a-connected-app[Configure a Connected App]: + +.. Use the *App acts on its behalf (client credentials)* type and include the following scopes: + +*** API Manager: *Manage APIs Configuration*, *Manage Policies*, *View Policies*, and *Deploy API Proxies* +*** Runtime Manager: *Read Servers* and *Manage Servers* +*** Exchange: *Exchange Viewer* +*** General: *View Organization* + +.. Save the *Id* and *Secret* of the Connected app you configure. + + +. Collect the group ID, asset ID, and asset version (GAV) of the Exchange asset (API) you want to create or apply. ++ +To collect your GAV from Exchange: ++ +.. Go to Exchange. +.. Find the asset to add or apply. +.. Collect the group ID and asset ID from the URL. ++ +For example, the IDs collected from the API Manager API Exchange URL, `+https://anypoint.mulesoft.com/exchange/portals/anypoint-platform/f1e97bc6-315a-4490-82a7-23abe036327a.anypoint-platform/api-manager-api/minor/1.0/pages/home/+`, are: ++ +*** Group ID: `f1e97bc6-315a-4490-82a7-23abe036327` +*** Asset ID: `api-manager-api` + +.. Collect the asset version from *Latest Stable*. ++ +For example, the version collected from the API Gateway HTTP basic authentication policy template is `1.3.1`. + +. Collect the following information from your Anypoint Platform instance: + +** *Organization ID* for the organization where you want to run Omni Gateway ++ +For more information, see xref:access-management::organization.adoc#find-your-organization-id[Find Your Organization ID]. + +** *Environment ID* for the environment where you want to run Omni Gateway ++ +For more information, see xref:api-manager::latest-overview-concept.adoc#what-api-manager-looks-like[What API Manager Looks Like]. + + +== Initial Configuration + +Before you can create and deploy an API instance to your Omni Gateway, you must complete the following steps: + +. <>. +. <>. +. <>. +. <>. + +After you implement these Pipeline stages, you can customize your Pipeline by making API Manager API requests to manage APIs. + +=== Define Useful Functions + +To begin, define these useful functions in your Jenkinsfile. Define the functions before the `pipeline` block: + + +[source,Jenkinsfile] +---- +def parseYamlFile(String file) { + object = readYaml file: file + return object +} + +def parseJsonFile(file) { + object = readJSON file: file + return object +} + +---- + +=== Define Useful Parameters + +Since the commands in the Jenkins Pipeline reuses some parameters, it is helpful to define them at the beginning of your Jenkinsfile. + +Using the included parameter definitions as a template, you can also define any parameters that additional APIs or policies need. + +To define the parameters: + +. Collect the following information: +* ``: *Organization ID* for the organization where you want to run Omni Gateway +* ``: *Environment ID* for the organization where you want to run Omni Gateway +* ``: Version of Omni Gateway you are using, for example `1.4.0` +* ``: *Id* of your connected app +* ``:*Secret* of your connected app +* API GAV: +** ``: Group ID, obtained from Exchange +** ``: Asset ID, obtained from Exchange, of the API you want to create +** ``: Asset version, obtained from Exchange, of the API you want to create +* ``: Name of your Omni Gateway + +. After replacing the sample content, add the parameter definitions to your Jenkinsfile to validate whether all parameters are present. Define the parameters in the `pipeline` block before the `stages` block: ++ +[source,Jenkinsfile] +---- +parameters { + string(name: 'ENV_ID', defaultValue: '', description: 'Your environment id') + string(name: 'ORG_ID', defaultValue: '', description: 'Your organization id') + string(name: 'FLEX_VERSION', defaultValue: '', description: 'Flex version to run') + string(name: 'CONNECTED_APP_CLIENT_ID', defaultValue: '', description: 'Your connected app client id') + string(name: 'CONNECTED_APP_CLIENT_SECRET', defaultValue: '', description: 'The id of the http api exchange asset') + string(name: 'EXCHANGE_ASSET_VERSION', defaultValue: '', description: 'The version of the http api exchange asset') + string(name: 'GATEWAY_NAME', defaultValue: '', description: 'Unique gateway name') +} +---- + +. Add the check parameters `stage` to the `stages` block in your Jenkinsfile: ++ +[source,Jenkinsfile] +---- +stage('Check parameters') { + steps { + script { + if (!params.ENV_ID || !params.ORG_ID || !params.FLEX_VERSION || !params.CONNECTED_APP_CLIENT_ID || !params.CONNECTED_APP_CLIENT_SECRET || !params.EXCHANGE_ASSET_ID || !params.EXCHANGE_ASSET_VERSION || !params.GATEWAY_NAME) { + error("Not all parameters where specified") + } + } + } +} +---- ++ +If this stage fails, specify the missing parameters and rerun the Pipeline. + +=== Register and Run + +Add the register and run stages to the `stages` block in your Jenkinsfile: + +[source,Jenkinsfile] +---- +stage('Register flex gateway') { + steps { + script { + sh """ + docker run --entrypoint flexctl \ + -v "\$(pwd)":/registration -u 0 mulesoft/flex-gateway:${params.FLEX_VERSION} \ + register \ + --client-id=${params.CONNECTED_APP_CLIENT_ID} \ + --client-secret=${params.CONNECTED_APP_CLIENT_SECRET} \ + --environment=${params.ENV_ID} \ + --connected=true \ + --organization=${params.ORG_ID} \ + --output-directory=/registration \ + ${params.GATEWAY_NAME} + """ + if (!fileExists('registration.yaml')) { + error("Registration failed") + } + } + } +} + +stage('Run flex gateway') { + steps { + script { + sh """ + docker run -d \ + -v "\$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \ + -p 8082:8082 \ + mulesoft/flex-gateway:${params.FLEX_VERSION} > containerId + """ + } + } +} +---- + + +=== Obtain an Authorization Token from Access Management +After registering and running your Omni Gateway, you must obtain a valid authorization token from Access Management in order to authenticate subsequent requests. + +To login in to Anypoint, add the Anypoint login `stage` the `stages` block in your Jenkinsfile: + +[source,Jenkinsfile] +---- +stage("Anypoint login") { + steps { + script { + def cmd = """curl -s -w "%{http_code}" --location --request POST 'https://anypoint.mulesoft.com/accounts/api/v2/oauth2/token' -o 'login-response' \ + --header 'Content-Type: application/json' \ + --data-raw '{"grant_type": "client_credentials", "client_id": "${params.CONNECTED_APP_CLIENT_ID}", "client_secret": "${params.CONNECTED_APP_CLIENT_SECRET}"}' + """ + def status_code = sh(returnStdout: true, script: cmd).trim().toInteger() + if (status_code > 399) { + error("Anypoint login failed") + } + } + } +} +---- + +The authorization token returned in this step is saved for subsequent requests. + +== Create an API Instance +Having an authorization token from Access Management enables you to create an API instance and deploy it to your Omni Gateway. + +You can repeat this step to add multiple API instances. + +For example, this stage creates an API instance that listens on port `8082` and `/httpbin` path and proxies to `+https://httpbin.org/+`. + +To create an API instance: + +. Collect the following information: +* ``: URI upstream of your API +* ``: Proxy URI for you API instance +* `"isCloudHub"`: Cloud Hub status, for example `null` or `true` + +. Optionally, collect your `"endpointUri"` or remove the `"endpointUri"` field: +* ``: Consumer endpoint of your API, for example, `+http://consumer-endpoint.com+` + +. After replacing the HTTP addresses, add the create API instance `stage` to the `stages` block in your Jenkinsfile: + +[source,Jenkinsfile] +---- +stage("Create API instance") { + steps { + script { + def login_response = parseJsonFile('login-response') + def cmd = """ + curl -s -w "%{http_code}" --location --request POST 'https://anypoint.mulesoft.com/apimanager/api/v1/organizations/${params.ORG_ID}/environments/${params.ENV_ID}/apis' -o 'api-response' \ + --header 'Authorization: Bearer ${login_response.access_token}' \ + --header 'Content-Type: application/json' \ + --data-raw '{ + "spec": { + "groupId": "${params.ORG_ID}", + "assetId": "${params.EXCHANGE_ASSET_ID}", + "version": "${params.EXCHANGE_ASSET_VERSION}" + }, + "endpoint": { + "deploymentType": "HY", + "uri": "https://httpbin.org:443", + "proxyUri": "http://0.0.0.0:8082/httpbin", + "isCloudHub": null + }, + "technology": "flexGateway" + "endpointUri": "" // OPTIONAL + }' + """ + def status_code = sh(returnStdout: true, script: cmd).trim().toInteger() + if (status_code > 399) { + error("Error occurred while trying to create API instance") + } + } + } +} +---- + + + +== Apply an API Policy + +After you create an API instance, you can apply Connected Mode policies to the instance: + + +. Collect the following information: +* Policy GAV +** ``: Policy group ID from Exchange +** ``: Policy asset ID from Exchange, for example `http-basic-authentication` +** ``: Policy asset version from Exchange, for example `1.3.1` + +* `"configurationData"`: Policy configuration data ++ +The configuration data fields are dependent on the policy. The `"username"` and `"password"` parameters are only an example. To find the configuration data for your policy, see xref:policies-included-directory.adoc[Included Policies Directory]. + +. After replacing the sample content, add the apply policy `stage` to the `stages` block in your Jenkinsfile: + +[source,Jenkinsfile] +---- +stage("Apply policy") { + steps { + script { + def login_response = parseJsonFile('login-response') + def api_response = parseJsonFile('api-response') + + + def cmd = """ + curl -s -w "%{http_code}" -o /dev/null --location --request POST 'https://anypoint.mulesoft.com/apimanager/api/v1/organizations/${params.ORG_ID}/environments/${params.ENV_ID}/apis/${api_response.id}/policies' \ + --header 'Authorization: Bearer ${login_response.access_token}' \ + --header 'Content-Type: application/json' \ + --data-raw '{ + "configurationData":{ + "username": "user", + "password": "test" + }, + "pointcutData": null, + "assetId": "", + "assetVersion": "", + "groupId": "" + }' + """ + + + def status_code = sh(returnStdout: true, script: cmd).trim().toInteger() + if (status_code > 399) { + error("Error occurred while trying to apply Basic Auth Policy to the API instance") + } + } + } +} +---- + + +== Deploy an API Instance +After you create an API instance, you can deploy the instance. + +To deploy the new instance, add the deploy API `stage` to the `stages` block in your Jenkinsfile: + +[source,Jenkinsfile] +---- +stage("Deploy API") { + steps { + script { + def login_response = parseJsonFile('login-response') + def api_response = parseJsonFile('api-response') + def registration_file = parseYamlFile('registration.yaml') + + + def cmd = """ + curl -s -w "%{http_code}" -o /dev/null --location --request POST 'https://anypoint.mulesoft.com/proxies/xapi/v1/organizations/${params.ORG_ID}/environments/${params.ENV_ID}/apis/${api_response.id}/deployments' \ + --header 'Content-Type: application/json' \ + --header 'Authorization: Bearer ${login_response.access_token}' \ + --data-raw '{ + "type": "HY", + "gatewayVersion": "${params.FLEX_VERSION}", + "targetId": "${registration_file.spec.platformConnection.agentId[0]}", + "environmentId": "${params.ENV_ID}" + }' + """ + + + def status_code = sh(returnStdout: true, script: cmd).trim().toInteger() + if (status_code > 399) { + error("Error occurred while trying to deploy the API instance") + } + } + } +} +---- + +== Validate the API Instance is Deployed +After you deploy your API instance, validate whether the instance is deployed by adding the validate deployment `stage` to the `stages` block in your Jenkinsfile + + +[source,Jenkinsfile] +---- +stage("Validate deployment") { + steps { + script { + sleep(time:10, unit:"SECONDS") + + + def unauthorized_status_code = sh(script: "curl -s -w \"%{http_code}\" -o /dev/null http://localhost:8082/httpbin/headers -v", returnStdout: true).trim().toInteger() + if (unauthorized_status_code != 401) { + error("401 status code expected but the status code obtained is ${unauthorized_status_code}") + } + + + def authorized_status_code = sh(script: "curl -s -w \"%{http_code}\" -o /dev/null http://localhost:8082/httpbin/headers -v -u user:test", returnStdout: true).trim().toInteger() + if (authorized_status_code != 200) { + error("200 status code expected but the status code obtained is ${unauthorized_status_code}") + } + } + } +} +---- + + +== Stop the Omni Gateway and archive the registration file + +Use the following code blocks to stop your Omni Gateway and archive the registration file. Add the `post` block in the `pipeline` block after the `stages` block: + +[source,Jenkinsfile] +---- +post { + success { + script { + // Archive the build output artifacts. + archiveArtifacts artifacts: 'registration.yaml' + } + } + always { + script { + if (fileExists('containerId')) { + sh(script: "docker rm -f ${readFile(file: 'containerId')}") + } + } + } +} + +---- + +== See Also + +* xref:flex-conn-reg-run-app.adoc[Registering and Running in Connected Mode with a Connected App]. +* https://anypoint.mulesoft.com/exchange/portals/anypoint-platform/f1e97bc6-315a-4490-82a7-23abe036327a.anypoint-platform/api-manager-api/[Anypoint Developer API Manager API] +* xref:flex-conn-manage-public-api.adoc[Manage Omni Gateway Using the API Manager API] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-jenkins-cli.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-jenkins-cli.adoc new file mode 100644 index 000000000..462ad84f7 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-jenkins-cli.adoc @@ -0,0 +1,346 @@ += Automating Omni Gateway with a Jenkins Pipeline using Anypoint CLI +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: conn + +You can use a Jenkins Pipeline to automate the workflow for Omni Gateway in Connected Mode. With a Jenkins Pipeline, you can register and run an Omni Gateway and use features of the Anypoint CLI, such as creating and deploying API instances. + +To add additional features from the API Manager CLI, see xref:4.x@anypoint-cli::api-mgr.adoc[]. + +This tutorial has different steps with different code blocks. As you work through the steps, add the code blocks to the same Jenkinsfile. If you are unfamiliar with the syntax used in a Jenkins Pipeline, see the https://www.jenkins.io/doc/book/pipeline/[Jenkins Pipeline documentation^]. + +NOTE: Automating your Omni Gateway with Anypoint CLI shares many similarities with Automating your Omni Gateway with the API Manager API. To automate your Omni Gateway using API Manger API requests, see xref:flex-conn-jenkins-api.adoc[]. + +== Before You Begin +Before you can deploy a Jenkins Pipeline, complete the following tasks: + +. xref:flex-install.adoc[Download Omni Gateway]. + +. xref:access-management::connected-apps-developers.adoc#create-a-connected-app[Configure a Connected App]: + +.. Use the *App acts on its behalf (client credentials)* type and include the following scopes: + +*** API Manager: *Manage APIs Configuration*, *Manage Policies*, *View Policies*, and *Deploy API Proxies* +*** Runtime Manager: *Read Servers* and *Manage Servers* +*** Exchange: *Exchange Viewer* +*** General: *View Organization* + +.. Save the *Id* and *Secret* of the Connected app you configure. + +. Collect the group ID, asset ID, and asset version (GAV) of the Exchange asset (API) you want to create or apply. ++ +To collect your GAV from Exchange: ++ +.. Go to Exchange. +.. Find the asset to add or apply. +.. Collect the group ID and asset ID from the URL. ++ +For example, the IDs collected from the API Manager API Exchange URL, `+https://anypoint.mulesoft.com/exchange/portals/anypoint-platform/f1e97bc6-315a-4490-82a7-23abe036327a.anypoint-platform/api-manager-api/minor/1.0/pages/home/+`, are: ++ +*** Group ID: `f1e97bc6-315a-4490-82a7-23abe036327` +*** Asset ID: `api-manager-api` + +.. Collect the asset version from *Latest Stable*. ++ +For example, the version collected from the API Gateway HTTP basic authentication policy template is `1.3.2`. + +. Collect the following information from your Anypoint Platform instance: + +** *Organization ID* for the organization where you want to run Omni Gateway ++ +For more information, see xref:access-management::organization.adoc#find-your-organization-id[Find Your Organization ID]. + +** *Environment ID* for the environment where you want to run Omni Gateway ++ +For more information, see xref:api-manager::latest-overview-concept.adoc#what-api-manager-looks-like[What API Manager Looks Like]. + + +== Initial Configuration + +Before you can create and deploy an API instance to your Omni Gateway, you must complete the following steps: + +. <>. +. <>. +. <> +. <>. + +After you implement these Pipeline stages, you can customize your Pipeline by making API Manager CLI requests to manage APIs. + +=== Define Useful Functions + +To begin, define these useful functions before the `pipeline` block in your Jenkinsfile: + +[source,Jenkinsfile] +---- +def parseYamlFile(String file) { + object = readYaml file: file + return object +} + +def getAPIInstanceID(String file) { + return readFile(file: file).split(' ').last().replace('\n', '').trim() +} +---- + +=== Define Useful Parameters + +Since the commands in the Jenkins Pipeline reuse some parameters, it is helpful to define them at the beginning of your Jenkinsfile. + +Using the included parameter definitions as a template, you can also define any parameters that additional APIs or policies need. + +To define the parameters: + +. Collect the following information: +* ``: *Organization ID* for the organization where you want to run Omni Gateway +* ``: *Environment ID* for the organization where you want to run Omni Gateway +* ``: Version of Omni Gateway you are using, for example `1.4.0` +* ``: *Id* of your connected app +* ``: *Secret* of your connected app +* API GAV: +** ``: Group ID, obtained from Exchange +** ``: Asset ID, obtained from Exchange, of the API you want to create +** ``: Asset version, obtained from Exchange, of the API you want to create +* ``: Name of your Omni Gateway + +. After replacing the sample content, add the parameter definitions to your Jenkinsfile to validate whether all parameters are present. Define the parameters in the `pipeline` block before the `stages` block: ++ +[source,Jenkinsfile] +---- +parameters { + string(name: 'ENV_ID', defaultValue: '', description: 'Your environment id') + string(name: 'ORG_ID', defaultValue: '', description: 'Your organization id') + string(name: 'FLEX_VERSION', defaultValue: '', description: 'Flex version to run') + string(name: 'CONNECTED_APP_CLIENT_ID', defaultValue: '', description: 'Your connected app client id') + string(name: 'CONNECTED_APP_CLIENT_SECRET', defaultValue: '', description: 'The id of the http api exchange asset') + string(name: 'EXCHANGE_ASSET_VERSION', defaultValue: '', description: 'The version of the http api exchange asset') + string(name: 'GATEWAY_NAME', defaultValue: '', description: 'Unique gateway name') +} +---- + +. Add the check parameters `stage` to the `stages` block in your Jenkinsfile: ++ +[source,Jenkinsfile] +---- +stage('Check parameters') { + steps { + script { + if (!params.ENV_ID || !params.ORG_ID || !params.GATEWAY_NAME || !params.FLEX_VERSION || !params.CONNECTED_APP_CLIENT_ID || !params.CONNECTED_APP_CLIENT_SECRET || !params.EXCHANGE_ASSET_ID || !params.EXCHANGE_ASSET_VERSION) { + error("Not all parameters where specified") + } + } + } +} +---- ++ +If this stage fails, specify the missing parameters and rerun the Pipeline. + + +== Install Anypoint CLI 4.x + +To install Anypoint CLI 4.x to your Docker container, add the install Anypoint CLI 4.x `stage` to the `stages` block in your Jenkinsfile: + +[source,Jenkinsfile] +---- +stage('Install anypoint-cli-v4') { + steps { + script { + sh """ + docker run --name container-anypoint-cli-v4 -d node:16 \ + sh -c " npm install -g anypoint-cli-v4 ; anypoint-cli-v4 plugins:install anypoint-cli-api-mgr-plugin; \ + while :; do sleep 1; done" + """ + sh """ + docker exec container-anypoint-cli-v4 \ + sh -c "while ! anypoint-cli-v4 plugins 2> /dev/null | grep -q "anypoint-cli-api-mgr-plugin"; do :; done" + """ + } + } +} +---- + +=== Register and Run + +Add the register and run stages to the `stages` block in your Jenkinsfile: + +[source,Jenkinsfile] +---- +stage('Register flex gateway') { + steps { + script { + sh """ + docker run --entrypoint flexctl \ + -v ${pwd()}:/registration -u 0 mulesoft/flex-gateway:${params.FLEX_VERSION} \ + register \ + --client-id=${params.CONNECTED_APP_CLIENT_ID} \ + --client-secret=${params.CONNECTED_APP_CLIENT_SECRET} \ + --environment=${params.ENV_ID} \ + --connected=true \ + --organization=${params.ORG_ID} \ + --output-directory=/registration \ + ${params.GATEWAY_NAME} + """ + + sh """ + grep "name: registration" registration.yaml + """ + } + } +} + + +stage('Run flex gateway') { + steps { + script { + sh """ + docker run --name flex-gw -d \ + -v ${pwd()}:/usr/local/share/mulesoft/flex-gateway/conf.d \ + -p 8082:8082 \ + mulesoft/flex-gateway:${params.FLEX_VERSION} + """ + } + } +} +---- + +== Create an API Instance +After installing Anypoint CLI 4.x, you can create an API instance and deploy it to your Omni Gateway. + +You can repeat this step to add multiple API instances. For additional API configuration flags, see the xref:4.x@anypoint-cli::api-mgr.adoc#api-mgr-api-manage[api-mgr:api:manage command]. + +Add the create API instance `stage` to the `stages` block in your Jenkinsfile: + +[source,Jenkinsfile] +---- +stage("Create API Instance") { + steps { + script { + sh """ + docker exec container-anypoint-cli-v4 anypoint-cli-v4 api-mgr:api:manage ${params.EXCHANGE_ASSET_ID} ${params.EXCHANGE_ASSET_VERSION} \ + --client_id=${params.CONNECTED_APP_CLIENT_ID} --client_secret=${params.CONNECTED_APP_CLIENT_SECRET} \ + --isFlex --withProxy --deploymentType=hybrid --scheme=http --port=8082 \ + --uri=https://httpbin.org:443 --path=/httpbin > api-response + """ + } + } +} +---- + +NOTE: For example, this stage creates an API instance that listens on port `8082` and `/httpbin` path and proxies to `+https://httpbin.org/443+`. + +== Apply a Basic Authentication Policy + +After you create an API instance, you can apply policies to the API instance. + +This stage applies the xref:policies-included-basic-auth-simple.adoc[] as an example, but you can apply any Connected Mode policy. To find additional policies, see xref:policies-included-directory.adoc[Included Policies Directory]. + +To apply a policy: + +. Collect the following information: +* Policy GAV +** ``: Policy group ID from Exchange, for example `68ef9520-24e9-4cf2-b2f5-620025690913`` +** ``: Policy asset ID from Exchange, for example `http-basic-authentication` +** ``: Policy asset version from Exchange, for example `1.3.2` +* `"configurationData"`: Policy configuration data ++ +The configuration data fields are dependent on the policy. The Basic Authentication: Simple policy uses parameters `"username"` and `"password"`. + +. After replacing the sample content, add the apply basic authentication policy `stage` to the `stages` block in your Jenkinsfile: + +[source,Jenkinsfile] +---- +stage("Apply Basic Authentication Policy to API Instance") { + steps { + script { + def apiInstanceId = getAPIInstanceID('api-response') + sh """ + docker exec container-anypoint-cli-v4 anypoint-cli-v4 api-mgr:policy:apply ${apiInstanceId} 'http-basic-authentication' \ + --policyVersion='1.3.1' --groupId '68ef9520-24e9-4cf2-b2f5-620025690913' \ + --client_id=${params.CONNECTED_APP_CLIENT_ID} --client_secret=${params.CONNECTED_APP_CLIENT_SECRET} \ + -c '{"username": "user", "password": "test"}' + """ + } + } +} +---- + +NOTE: For example, this stage uses the policy GAV and `"configurationData"` associated with the xref:policies-included-basic-auth-simple.adoc[]. + +== Deploy an API Instance +After you create an API instance, you can deploy the instance. + +To deploy the new instance, add the deploy API `stage` to the `stages` block in your Jenkinsfile: + +[source,Jenkinsfile] +---- +stage("Deploy API") { + steps { + script { + sleep(time:15, unit:"SECONDS") + def registration_file = parseYamlFile('registration.yaml') + def apiInstanceId = getAPIInstanceID('api-response') + + sh """ + docker exec container-anypoint-cli-v4 anypoint-cli-v4 api-mgr:api:deploy ${apiInstanceId} \ + --client_id=${params.CONNECTED_APP_CLIENT_ID} --client_secret=${params.CONNECTED_APP_CLIENT_SECRET} \ + --target=${registration_file.spec.platformConnection.agentId[0]} --gatewayVersion=${params.FLEX_VERSION} + """ + } + } +} +---- + +== Validate the API Instance is Deployed +After you deploy your API instance, validate whether the instance is deployed by adding the validate deployment `stage` to the `stages` block in your Jenkinsfile: + + +[source,Jenkinsfile] +---- +stage("Validate Deployment") { + steps { + script { + sleep(time:10, unit:"SECONDS") + + def unauthorized_status_code = sh(script: "curl -s -w \"%{http_code}\" -o /dev/null http://localhost:8082/httpbin/headers -v", returnStdout: true).trim().toInteger() + if (unauthorized_status_code != 401) { + error("401 status code expected but the status code obtained is ${unauthorized_status_code}") + } + + def authorized_status_code = sh(script: "curl -s -w \"%{http_code}\" -o /dev/null http://localhost:8082/httpbin/headers -v -u user:test", returnStdout: true).trim().toInteger() + if (authorized_status_code != 200) { + error("200 status code expected but the status code obtained is ${unauthorized_status_code}") + } + } + } +} +---- + + +== Stop the Omni Gateway and Archive the Registration File + +Use the following code blocks to archive the registration file and remove the Docker container running Omni Gateway. Add the `post` block in the `pipeline` block after the `stages` block: + +[source,Jenkinsfile] +---- +post { + success { + script { + // Archive the build output artifacts. + archiveArtifacts artifacts: 'registration.yaml' + } + } + always { + script { + sh(script: "docker rm -f container-anypoint-cli-v4 flex-gw") + } + } +} +---- + +== See Also + +* xref:4.x@anypoint-cli::index.adoc[] +* xref:flex-conn-reg-run-app.adoc[Registering and Running in Connected Mode with a Connected App]. +* xref:flex-conn-manage-public-api.adoc[Manage Omni Gateway Using the API Manager API] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-manage-public-api.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-manage-public-api.adoc new file mode 100644 index 000000000..997c2d367 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-manage-public-api.adoc @@ -0,0 +1,202 @@ += Configuring Omni Gateway with the API Manager API Tool +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: conn + +You can configure Omni Gateway in Connected Mode using the API Manager API tool from the https://anypoint.mulesoft.com/exchange/portals/anypoint-platform/[Anypoint Platform Developer Portal^] instead of using the API Manager user interface through Anypoint Platform. This tool enables you to use the command line to communicate with API Manager. Use the steps in this tutorial to create, deploy, apply a policy to, and delete an API instance. + +For more information about the API Manager API, see the https://anypoint.mulesoft.com/exchange/portals/anypoint-platform/f1e97bc6-315a-4490-82a7-23abe036327a.anypoint-platform/api-manager-api/[API Manager API documentation^]. + +NOTE: To automate these commands using a Jenkins pipeline, see xref:flex-conn-jenkins-api.adoc[Automate Omni Gateway in Connected Mode Using a Jenkins Pipeline]. + +== Before You Begin +Before you can configure Omni Gateway using the API Manager API, complete the following tasks: + +. xref:flex-install.adoc[Download Omni Gateway]. +. xref:flex-{page-mode}-reg-run.adoc[Register and Run Omni Gateway in Connected Mode]. + +. xref:access-management::connected-apps-developers.adoc#create-a-connected-app[Configure a Connected App]: + +** Use the *App acts on its behalf (client credentials)* type and include the following scopes: + +*** API Manager: *Manage APIs Configuration*, *Manage Policies*, *View Policies*, and *Deploy API Proxies* +*** Runtime Manager: *Read Servers* +*** Exchange: *Exchange Viewer* ++ +You do not have to xref:flex-conn-reg-run-app.adoc[Register and Run Omni Gateway with a Connected App] to use the API Manager API, but you can use the same Connected App if you include the proper scopes. + +** Save the *Id* and *Secret* of the Connected app you configure. + + +. Collect the group ID, asset ID, and asset version (GAV) of the Exchange asset you want to create or apply. ++ +To collect your GAV from Exchange: ++ +.. Go to Exchange. +.. Find the asset to add or apply. +.. Collect the group ID and asset ID from the URL. ++ +For example, the IDs collected from the API Manager API Exchange URL, `+https://anypoint.mulesoft.com/exchange/portals/anypoint-platform/f1e97bc6-315a-4490-82a7-23abe036327a.anypoint-platform/api-manager-api/minor/1.0/pages/home/+`, are: ++ +*** Group ID: `f1e97bc6-315a-4490-82a7-23abe036327` +*** Asset ID: `api-manager-api` + +.. Collect the asset version from *Latest Stable*. ++ +For example, the version collected from the API Gateway HTTP basic authentication policy template is `1.3.1`. + +. Collect the following information from your Anypoint Platform instance: + +** *Organization ID* for the organization where you want to run Omni Gateway ++ +For more information, see xref:access-management::organization.adoc#find-your-organization-id[Find Your Organization ID]. + +** *Environment ID* for the environment where you want to run Omni Gateway ++ +For more information, see xref:api-manager::latest-overview-concept.adoc#what-api-manager-looks-like[What API Manager Looks Like]. +** Runtime *Target ID* for the Omni Gateway you want to deploy the API to ++ +To find the *Target ID*, go to *Anypoint Platform > Runtime Manager > Omni Gateway*. + + +== Obtain an Authorization token from Access Management + +You must obtain an authorization token to make calls using the API Manager API: + +. Collect the following information: + +* ``: *Id* of your connected app +* ``: *Secret* of your connected app + +. Execute the following request to obtain your Authorization Token after replacing the placeholders with the following: ++ +[source,ssh] +---- +curl --location --request POST 'https://anypoint.mulesoft.com/accounts/api/v2/oauth2/token' \ +--header 'Content-Type: application/json' \ +--data-raw '{ + "grant_type": "client_credentials", + "client_id": "", + "client_secret": "" +}' +---- + +. Save the returned authorization token. + +== Create an API Instance + +To create an API instance using the API Manager API: + +. Collect the following information: +* ``: *Organization ID* for the organization where you want to run Omni Gateway +* ``: *Environment ID* for the organization where you want to run Omni Gateway +* ``: Authorization token collected in the <> step +* API GAV: +** ``: Group ID, obtained from Exchange +** ``: Asset ID, obtained from Exchange, of the API you want to create +** ``: Asset version, obtained from Exchange, of the API you want to create +* ``: URI upstream of your API +* ``: Proxy URI, a combination of your port and base path for your API instance, for example, `\http://0.0.0.0:/` + +. Optionally, collect your `"endpointUri"` or remove the `"endpointUri"` field: +* ``: Consumer endpoint of your API, for example, `+http://consumer-endpoint.com+` + +. Make a POST request to Anypoint Platform after replacing the sample content: ++ +[source,ssh,subs=attributes+] +---- +curl --location --request POST https://anypoint.mulesoft.com/apimanager/api/v1/organizations//environments//apis \ +--header 'Authorization: bearer ' \ +--header 'Content-Type: application/json' \ +--data-raw '{ + "spec": { + "groupId": "", + "assetId": "", + "version": "" + }, + "endpoint": { + "deploymentType": "HY", + "uri": "", + "proxyUri": "", + "isCloudHub": null + }, + "technology": "flexGateway" + "endpointUri": "" // OPTIONAL +}' +---- + +. Save the Instance ID, `"id"`, from the response to deploy, apply a policy, or delete the instance. + +== Deploy an API Instance +To deploy an API instance using the API Manager API: + +. Collect the following information: +* ``: Instance ID, `"id"`, from <> +* ``: Version of Omni Gateway you are using, for example `1.4.0` +* ``: Target ID collected from runtime manager + +. Make a POST request to Anypoint Platform after replacing the sample content: ++ +[source,ssh,subs=attributes+] +---- +curl --location --request POST 'https://anypoint.mulesoft.com/proxies/xapi/v1/organizations//environments//apis//deployments' \ +--header 'Content-Type: application/json' \ +--header 'Authorization: bearer ' \ +--data-raw '{ + "type": "HY", + "gatewayVersion": "", + "targetId": "", + "environmentId": "" +}' +---- + +== Apply a Policy +Using the API Manager API, you can only apply Connected Mode policies to an Omni Gateway. + +To apply a policy to an API instance using the API Manager API: + +. Collect the following information: +* Policy GAV: +** ``: Policy group ID from Exchange +** ``: Policy asset ID from Exchange, for example `http-basic-authentication` +** ``: Policy asset version from Exchange, for example `1.3.1` + +* `"configurationData"`: Required configuration parameters for the policy ++ Each policy has unique configuration data fields. The `"username"` and `"password"` fields are an example. To find the configuration data for your policy, see xref:policies-included-directory.adoc[Included Policies Directory]. + +. Make a POST request to Anypoint Platform after replacing the sample content: ++ +[source,ssh,subs=attributes+] +---- +curl --location --request POST 'https://anypoint.mulesoft.com/apimanager/api/v1/organizations//environments//apis//policies' \ +--header 'Authorization: bearer ' \ +--header 'Content-Type: application/json' \ +--data-raw '{ + "configurationData":{ + "username": "user", + "password": "test" + }, + "pointcutData":null, + "assetId": "", + "assetVersion": "", + "groupId": "" +}' +---- + + +== Delete an API Instance +To delete an API instance using the API Manager API, make a DELETE request to Anypoint Platform after replacing the sample content: +[source,ssh,subs=attributes+] +---- +curl --location --request DELETE 'https://anypoint.mulesoft.com/apimanager/api/v1/organizations//environments//apis/' \ +--header 'Content-Type: application/json' \ +--header 'Authorization: bearer ' +---- + +//Ciphers +== See Also + +* xref:flex-conn-jenkins-api.adoc[] +* https://anypoint.mulesoft.com/exchange/portals/anypoint-platform/f1e97bc6-315a-4490-82a7-23abe036327a.anypoint-platform/api-manager-api/[Anypoint Developer API Manager API] diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-message-log.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-message-log.adoc new file mode 100644 index 000000000..c80980657 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-message-log.adoc @@ -0,0 +1,7 @@ += Configuring Message Logging for Omni Gateway in Connected Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +include::partial$flex-message-log.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-monitor.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-monitor.adoc new file mode 100644 index 000000000..0c0581a5d --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-monitor.adoc @@ -0,0 +1,19 @@ += Monitoring in Connected Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Omni Gateway running in Connected Mode enables you to monitor APIs via Anypoint Platform. By using Anypoint Platform, you can configure logs and view key metrics and analytics. + +Refer to the following tasks for details about monitoring in Connected Mode: + +* xref:flex-conn-message-log.adoc[Configure Message Logging] - Apply a Message Logging policy to your API instance via API Manager. This policy enables you to view basic logs for Omni Gateway APIs. +* xref:flex-use-api-alerts.adoc[Configure API Alerts] - Configure API alerts to receive email notifications that flag unusual API behavior. +* xref:flex-conn-third-party-logs-config.adoc[Configure Omni Gateway Log Output for Third-Party Services] - Configure log output for consumption by third-party services such as Splunk. +* xref:flex-view-api-metrics.adoc[View Key Metrics for Omni Gateway APIs] - Collect metrics for active Omni Gateway APIs via API Manager. You can view charts and filter metrics by date. +* xref:flex-view-replica-status.adoc[View the Replica Status in Runtime Manager] - View Omni Replica connection status from Runtime Manager. +* xref:flex-conn-view-api-status.adoc[View the Omni Gateway API Status in Runtime Manager] - View the Omni Gateway API status from Runtime Manager. +* xref:flex-view-logs-in-runtime-manager.adoc[View Runtime Logs in Runtime Manager] - View details of your Omni Gateway logs from Runtime Manager. +* xref:flex-view-logs-in-monitoring.adoc[View Logs in Anypoint Monitoring] - View details of your Omni Gateway logs from within the Anypoint Monitoring UI. +* xref:flex-conn-disable-logs.adoc[Disable Omni Gateway Log Output] - Disable log output to Anypoint Platform by using a local declarative configuration file. \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-proxy-protocol.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-proxy-protocol.adoc new file mode 100644 index 000000000..913590cdf --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-proxy-protocol.adoc @@ -0,0 +1,20 @@ += Configuring PROXY Protocol in Connected Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: conn + +include::partial$task-config-proxy-protocol.adoc[tags=intro1;icon-table;byb] + +include::partial$task-config-proxy-protocol.adoc[tags=linux;sample-config] + +include::partial$task-config-proxy-protocol.adoc[tags=docker-intro] ++ +include::partial$task-reg-run-flex-gateway.adoc[tags=start-command-local] ++ +include::partial$task-config-proxy-protocol.adoc[tags=docker-config-file-step;sample-config] + +include::partial$task-config-proxy-protocol.adoc[tags=k8s;sample-config] + +include::partial$task-config-proxy-protocol.adoc[tags=see-also] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-readiness-liveness.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-readiness-liveness.adoc new file mode 100644 index 000000000..f77731813 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-readiness-liveness.adoc @@ -0,0 +1,8 @@ += Configuring a Readiness or Liveness Probe +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-aliases: flex-conn-liveness-check.adoc + +include::partial$task-config-readiness-liveness.adoc[tags=config-readiness-liveness-page-body] diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-reg-run-app.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-reg-run-app.adoc new file mode 100644 index 000000000..3affc3ac7 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-reg-run-app.adoc @@ -0,0 +1,180 @@ +// Register and run an Omni Gateway with a connected app either in a Docker container or as a Linux service += Registering and Running in Connected Mode with a Connected App +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:reg-mode: Connected + +//table with tech logos and links (linux, docker, k8, openshift) +include::partial$task-reg-run-flex-gateway.adoc[tags=table-logos-links] + +[[prereqs]] +// Prerequisites +include::partial$task-reg-run-flex-gateway.adoc[tags=prerequisites-heading;app-prerequisites;prerequisites;environment-prerequisites] + +[[linux]] +// Register and run with a connected app as a Linux service +include::partial$task-reg-run-flex-gateway.adoc[tags=app-linux-heading] +include::partial$prerequisites.adoc[tag=intro] + +* {empty} +include::partial$prerequisites.adoc[tag=amazon-linux] + +* {empty} +include::partial$prerequisites.adoc[tag=centos] + +* {empty} +include::partial$prerequisites.adoc[tag=debian] + +* {empty} +include::partial$prerequisites.adoc[tag=red-hat] + +* {empty} +include::partial$prerequisites.adoc[tag=red-hat-ibm] + +* {empty} +include::partial$prerequisites.adoc[tag=ubuntu] + +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-intro;app-replace-content;environment-replace-content;replace-content;reg-command-heading;reg-command-1;linux-reg-command;app-reg-command;environment-reg-command;connected-reg-command;organization-reg-command;output-reg-command-linux;reg-command-2;after-reg;linux-after-reg;disconnected-after-reg;create-config-folder-file;config-content;linux-start-commands;gateway-connected] + +[[container]] +include::partial$task-reg-run-flex-gateway.adoc[tags=app-container-heading] +include::partial$task-reg-run-flex-gateway.adoc[tags=table-containers-logos-heading] +include::partial$task-reg-run-flex-gateway.adoc[tags=table-containers-logos-links] + +[[docker]] +// Register and run with a connected app in a Docker container +include::partial$task-reg-run-flex-gateway.adoc[tags=app-docker-heading;reg-command-intro;sub-coll-info-container;app-replace-content;environment-replace-content;replace-content;reg-command-heading-container;docker-create-directory-note;reg-command-1;docker-reg-command;app-reg-command;environment-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;after-reg-2;disconnected-after-reg;start-command-container;gateway-connected] + +// PODMAN +[[podman]] +// Register and run with a connected app in a Podman container +include::partial$task-reg-run-flex-gateway.adoc[tags=app-podman-heading;reg-command-intro;sub-coll-info-container;app-replace-content;environment-replace-content;replace-content;reg-command-heading-container;docker-create-directory-note;reg-command-1;podman-reg-command;app-reg-command;environment-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;after-reg-2;disconnected-after-reg;podman-start-command;gateway-connected] + +// KUBERNETES +[[kubernetes]] +// Register and run with a connected app in a Kubernetes cluster +//intro +// - overview +include::partial$task-reg-run-flex-gateway.adoc[tags=app-k8s-heading;k8s-install-omni-helm-chart-intro-connected] +// - cluster-level access when rbac enabled +include::partial$prerequisites.adoc[tags=rbac-permission-k8] +//- links to steps +include::partial$task-reg-run-flex-gateway.adoc[tags=links-to-k8s-reg-steps] +//- connected mode supplemental info for k8 and openshift +include::partial$task-reg-run-flex-gateway.adoc[tag=k8s-connected-intro] + +[[options-k8s]] +//sub collected info +include::partial$task-reg-run-flex-gateway.adoc[tags=sub-coll-info;app-replace-content;environment-replace-content;replace-content] + +[[reg-k8s]] +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-heading] +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-heading-intro] + +[[docker-container-reg]] +.*Docker* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=docker-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;docker-reg-command;app-reg-command;environment-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg;disconnected-after-reg] +==== + +[[podman-container-reg]] +.*Podman* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=podman-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;podman-reg-command;app-reg-command;environment-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg;disconnected-after-reg] +==== + +[[deploy-k8s]] +//install helm chart section +//- title +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-title] +//- helm chart info +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart] +include::partial$prerequisites.adoc[tags=helm] +Refer to <> for configuration options. +//- add chart repo and deploy Omni via chart +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart-add;k8s-omni-helm-chart-deploy] +//- for Omni connected mode deployment only +include::partial$task-reg-run-flex-gateway.adoc[tags=gateway-connected] + +[[helm-options-k8s]] +//helm config options +include::partial$task-reg-run-flex-gateway.adoc[tags=helm-chart-options] + + +// OPENSHIFT +[[openshift]] +// Register and run with a connected app in an OpenShift cluster +//heading +include::partial$task-reg-run-flex-gateway.adoc[tags=app-openshift-heading] +//task intro +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-intro-connected] +//- cluster-level access when rbac enabled +include::partial$prerequisites.adoc[tags=rbac-permission-k8;rbac-role-openshift] +//- note (openshift command line procedures same as k8) +include::partial$task-reg-run-flex-gateway.adoc[tags=note-openshift-k8] +//- links to steps +include::partial$task-reg-run-flex-gateway.adoc[tags=links-to-openshift-reg-steps] +//- connected mode supplemental info for k8 and openshift +include::partial$task-reg-run-flex-gateway.adoc[tag=k8s-connected-intro] + +[[options-openshift]] +//sub collected info +include::partial$task-reg-run-flex-gateway.adoc[tags=sub-coll-info;app-replace-content;environment-replace-content;replace-content] + +[[reg-openshift]] +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-heading] + +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-openshift-heading-intro] + +[[docker-openshift-container-reg]] +.*Docker* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=docker-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;docker-reg-command;app-reg-command;environment-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg;disconnected-after-reg] +==== + +[[podman-openshift-container-reg]] +.*Podman* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=podman-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;podman-reg-command;app-reg-command;environment-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg;disconnected-after-reg] +==== + +[[deploy-openshift]] +//install helm chart section +//- title +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-title] +//- helm chart info +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart] +include::partial$prerequisites.adoc[tags=helm] +Refer to <> for configuration options. +//- add chart repo and deploy Omni via chart +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart-add;k8s-omni-helm-chart-deploy] +//- for Omni connected mode deployment only +include::partial$task-reg-run-flex-gateway.adoc[tags=gateway-connected] + +[[helm-options-openshift]] +//helm config options +include::partial$task-reg-run-flex-gateway.adoc[tags=helm-chart-options] + + +== See Also + +* xref:flex-gateway-getting-started.adoc[] +* xref:flex-local-reg-run.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-reg-run-token.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-reg-run-token.adoc new file mode 100644 index 000000000..2f5759abd --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-reg-run-token.adoc @@ -0,0 +1,181 @@ += Registering and Running in Connected Mode with a Token +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:reg-mode: Connected + +//table with tech logos and links (linux, docker, k8, openshift) +include::partial$task-reg-run-flex-gateway.adoc[tags=table-logos-links] + +[[prereqs]] +// Prerequisites +include::partial$task-reg-run-flex-gateway.adoc[tags=prerequisites-heading;prerequisites;token-prerequisites] + +[[linux]] +// Register and run with a token as a Linux service +include::partial$task-reg-run-flex-gateway.adoc[tags=token-linux-heading] +include::partial$prerequisites.adoc[tag=intro] + +* {empty} +include::partial$prerequisites.adoc[tag=amazon-linux] + +* {empty} +include::partial$prerequisites.adoc[tag=centos] + +* {empty} +include::partial$prerequisites.adoc[tag=debian] + +* {empty} +include::partial$prerequisites.adoc[tag=red-hat] + +* {empty} +include::partial$prerequisites.adoc[tag=red-hat-ibm] + +* {empty} +include::partial$prerequisites.adoc[tag=ubuntu] + +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-intro;sub-coll-info;token-replace-content;replace-content;reg-command-heading;reg-command-1;linux-reg-command;token-reg-command;connected-reg-command;organization-reg-command;output-reg-command-linux;reg-command-2;after-reg;linux-after-reg;disconnected-after-reg;create-config-folder-file;config-content;linux-start-commands;gateway-connected] + +[[container]] +include::partial$task-reg-run-flex-gateway.adoc[tags=token-container-heading] +include::partial$task-reg-run-flex-gateway.adoc[tags=table-containers-logos-heading] +include::partial$task-reg-run-flex-gateway.adoc[tags=table-containers-logos-links] + +[[docker]] +// Register and run with a token in a Docker container +include::partial$task-reg-run-flex-gateway.adoc[tags=token-docker-heading;reg-command-intro;sub-coll-info-container;token-replace-content;replace-content;reg-command-heading-container;docker-create-directory-note;reg-command-1;docker-reg-command;token-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;after-reg-2;disconnected-after-reg;start-command-container;gateway-connected] + +// PODMAN +[[podman]] +// Register and run with a token in a Podman container +include::partial$task-reg-run-flex-gateway.adoc[tags=token-podman-heading;reg-command-intro;sub-coll-info-container;token-replace-content;replace-content;reg-command-heading-container;docker-create-directory-note;reg-command-1;podman-reg-command;token-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;after-reg-2;disconnected-after-reg;podman-start-command;gateway-connected] + +// KUBERNETES +[[kubernetes]] +// Register and run with a token in a Kubernetes cluster +//heading +include::partial$task-reg-run-flex-gateway.adoc[tags=token-k8s-heading] +// - task overview +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-intro-connected] +// - cluster-level access when rbac enabled +include::partial$prerequisites.adoc[tags=rbac-permission-k8] +//- links to steps +include::partial$task-reg-run-flex-gateway.adoc[tags=links-to-k8s-reg-steps] +//- connected mode supplemental info for k8 and openshift +include::partial$task-reg-run-flex-gateway.adoc[tag=k8s-connected-intro] + +[[options-k8s]] +//sub collected info +include::partial$task-reg-run-flex-gateway.adoc[tags=sub-coll-info;token-replace-content;replace-content] + +[[reg-k8s]] +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-heading] +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-heading-intro] + +[[docker-container-reg]] +.*Docker* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=docker-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;docker-reg-command;token-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg;disconnected-after-reg] +==== + +[[podman-container-reg]] +.*Podman* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=podman-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;podman-reg-command;token-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg;disconnected-after-reg] +==== + +[[deploy-k8s]] +//install helm chart section +//- title +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-title] +//- helm chart info +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart] +include::partial$prerequisites.adoc[tags=helm] +Refer to <> for configuration options. +//- add chart repo and deploy Omni via chart +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart-add;k8s-omni-helm-chart-deploy] +//- for Omni connected mode deployment only +include::partial$task-reg-run-flex-gateway.adoc[tags=gateway-connected] + +[[helm-options-k8s]] +//helm config options +include::partial$task-reg-run-flex-gateway.adoc[tags=helm-chart-options] + + +// OPENSHIFT +[[openshift]] +// Register and run with a token in an OpenShift cluster +//heading +include::partial$task-reg-run-flex-gateway.adoc[tags=token-openshift-heading] +//intro +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-intro-connected] +//- cluster-level access when rbac enabled +include::partial$prerequisites.adoc[tags=rbac-permission-k8;rbac-role-openshift] +//- note (openshift command line procedures same as k8) +include::partial$task-reg-run-flex-gateway.adoc[tags=note-openshift-k8] +//- links to steps +include::partial$task-reg-run-flex-gateway.adoc[tags=links-to-openshift-reg-steps] + +//- connected mode supplemental info for k8 and openshift +include::partial$task-reg-run-flex-gateway.adoc[tag=k8s-connected-intro] + +[[options-openshift]] +//sub collected info +include::partial$task-reg-run-flex-gateway.adoc[tags=sub-coll-info;token-replace-content;replace-content] + +[[reg-openshift]] +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-heading] + +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-openshift-heading-intro] + +[[docker-openshift-container-reg]] +.*Docker* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=docker-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;docker-reg-command;token-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg;disconnected-after-reg] +==== + +[[podman-openshift-container-reg]] +.*Podman* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=podman-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;podman-reg-command;token-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg;disconnected-after-reg] +==== + +[[deploy-openshift]] +//install helm chart section +//- title +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-title] +//- helm chart info +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart] +include::partial$prerequisites.adoc[tags=helm] +Refer to <> for configuration options. +//- add chart repo and deploy Omni via chart +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart-add;k8s-omni-helm-chart-deploy] +//- for Omni connected mode deployment only +include::partial$task-reg-run-flex-gateway.adoc[tags=gateway-connected] + +[[helm-options-openshift]] +//helm config options +include::partial$task-reg-run-flex-gateway.adoc[tags=helm-chart-options] + + +== See Also + +* xref:flex-gateway-getting-started.adoc[] +* xref:flex-local-reg-run.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-reg-run-up.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-reg-run-up.adoc new file mode 100644 index 000000000..6ccfad62d --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-reg-run-up.adoc @@ -0,0 +1,181 @@ += Registering and Running in Connected Mode with a Username and Password +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:reg-mode: Connected + +//table with tech logos and links (linux, docker, k8, openshift) +include::partial$task-reg-run-flex-gateway.adoc[tags=table-logos-links] + +[[prereqs]] +// Prerequisites +include::partial$task-reg-run-flex-gateway.adoc[tags=prerequisites-heading;prerequisites;environment-prerequisites;user-prerequisites] + +[[linux]] +// Register and run with a username and password as a Linux service +include::partial$task-reg-run-flex-gateway.adoc[tags=user-linux-heading] +include::partial$prerequisites.adoc[tag=intro] + +* {empty} +include::partial$prerequisites.adoc[tag=amazon-linux] + +* {empty} +include::partial$prerequisites.adoc[tag=centos] + +* {empty} +include::partial$prerequisites.adoc[tag=debian] + +* {empty} +include::partial$prerequisites.adoc[tag=red-hat] + +* {empty} +include::partial$prerequisites.adoc[tag=red-hat-ibm] + +* {empty} +include::partial$prerequisites.adoc[tag=ubuntu] + +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-intro;user-replace-content;environment-replace-content;replace-content;reg-command-heading;reg-command-1;linux-reg-command;user-reg-command;environment-reg-command;connected-reg-command;organization-reg-command;output-reg-command-linux;reg-command-2;after-reg;linux-after-reg;disconnected-after-reg;create-config-folder-file;config-content;linux-start-commands;gateway-connected] + +[[container]] +include::partial$task-reg-run-flex-gateway.adoc[tags=user-container-heading] +include::partial$task-reg-run-flex-gateway.adoc[tags=table-containers-logos-heading] +include::partial$task-reg-run-flex-gateway.adoc[tags=table-containers-logos-links] + +[[docker]] +// Register and run with a username and password in a Docker container +include::partial$task-reg-run-flex-gateway.adoc[tags=user-docker-heading;reg-command-intro;sub-coll-info-container;user-replace-content;environment-replace-content;replace-content;reg-command-heading-container;docker-create-directory-note;reg-command-1;docker-reg-command;user-reg-command;environment-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;after-reg-2;disconnected-after-reg;start-command-container;gateway-connected] + +// PODMAN +[[podman]] +// Register and run with a username and password in a Podman container +include::partial$task-reg-run-flex-gateway.adoc[tags=user-podman-heading;reg-command-intro;sub-coll-info-container;user-replace-content;environment-replace-content;replace-content;reg-command-heading-container;docker-create-directory-note;reg-command-1;podman-reg-command;user-reg-command;environment-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;after-reg-2;disconnected-after-reg;podman-start-command;gateway-connected] + +// KUBERNETES +[[kubernetes]] +// Register and run with a username and password in a Kubernetes cluster +//heading +include::partial$task-reg-run-flex-gateway.adoc[tags=user-k8s-heading] +// - task overview +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-intro-connected] +// - cluster-level access when rbac enabled +include::partial$prerequisites.adoc[tags=rbac-permission-k8] +//- links to steps +include::partial$task-reg-run-flex-gateway.adoc[tags=links-to-k8s-reg-steps] +//- connected mode supplemental info for k8 and openshift +include::partial$task-reg-run-flex-gateway.adoc[tag=k8s-connected-intro] + +//sub collected info +[[options-k8s]] +include::partial$task-reg-run-flex-gateway.adoc[tags=sub-coll-info;user-replace-content;environment-replace-content;replace-content] + +[[reg-k8s]] +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-heading] +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-heading-intro] + +[[docker-container-reg]] +.*Docker* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=docker-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;docker-reg-command;user-reg-command;environment-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg;disconnected-after-reg] +==== + +[[podman-container-reg]] +.*Podman* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=podman-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;podman-reg-command;user-reg-command;environment-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg;disconnected-after-reg] +==== + +[[deploy-k8s]] +//install helm chart section +//- title +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-title] + +//- helm chart info +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart] +include::partial$prerequisites.adoc[tags=helm] +Refer to <> for configuration options. +//- add chart repo and deploy Omni via chart +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart-add;k8s-omni-helm-chart-deploy] +//- for Omni connected mode deployment only +include::partial$task-reg-run-flex-gateway.adoc[tags=gateway-connected] + +[[helm-options-k8s]] +//helm config options +include::partial$task-reg-run-flex-gateway.adoc[tags=helm-chart-options] + + +// OPENSHIFT +[[openshift]] +// Register and run with a username and password in an OpenShift cluster +//heading +include::partial$task-reg-run-flex-gateway.adoc[tags=user-openshift-heading] +//intro +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-intro-connected] +//- cluster-level access when rbac enabled +include::partial$prerequisites.adoc[tags=rbac-permission-k8;rbac-role-openshift] +//- note (openshift command line procedures same as k8) +include::partial$task-reg-run-flex-gateway.adoc[tags=note-openshift-k8] +//- links to steps +include::partial$task-reg-run-flex-gateway.adoc[tags=links-to-openshift-reg-steps] +//- connected mode supplemental info for k8 and openshift +include::partial$task-reg-run-flex-gateway.adoc[tag=k8s-connected-intro] + +[[options-openshift]] +//sub collected info +include::partial$task-reg-run-flex-gateway.adoc[tags=sub-coll-info;user-replace-content;environment-replace-content;replace-content] + +[[reg-openshift]] +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-heading] + +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-openshift-heading-intro] + +[[docker-openshift-container-reg]] +.*Docker* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=docker-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;docker-reg-command;user-reg-command;environment-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg;disconnected-after-reg] +==== + +[[podman-openshift-container-reg]] +.*Podman* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=podman-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;podman-reg-command;user-reg-command;environment-reg-command;connected-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg;disconnected-after-reg] +==== + +[[deploy-openshift]] +//install helm chart section +//- title +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-title] +//- helm chart info +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart] +include::partial$prerequisites.adoc[tags=helm] +Refer to <> for configuration options. +//- add chart repo and deploy Omni via chart +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart-add;k8s-omni-helm-chart-deploy] +//- for Omni connected mode deployment only +include::partial$task-reg-run-flex-gateway.adoc[tags=gateway-connected] + +[[helm-options-openshift]] +//helm config options +include::partial$task-reg-run-flex-gateway.adoc[tags=helm-chart-options] + + +== See Also + +* xref:flex-gateway-getting-started.adoc[] +* xref:flex-local-reg-run.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-reg-run.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-reg-run.adoc new file mode 100644 index 000000000..7b56eb304 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-reg-run.adoc @@ -0,0 +1,19 @@ += Registering and Running Omni Gateway in Connected Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:page-aliases: runtime-manager::flex-gateway-register.adoc +:imagesdir: ../assets/images + +Before you can use your Omni Gateway to configure API instances, you must register and start the gateway. + +There are three ways to register Omni Gateway in Connected Mode: + +* xref:flex-conn-reg-run-up.adoc[Register and Run using a Username and Password]: If you have +a username and password for Anypoint Platform, you can use these credentials to register +your Omni Gateway. +* xref:flex-conn-reg-run-app.adoc[Register and Run using a Connected App]: If you do not have +a username or password for Anypoint Platform, you can use connected app credentials to register +your Omni Gateway. +* xref:flex-conn-reg-run-token.adoc[Register and Run using a Token]: If you do not have a username +or password for Anypoint Platform, you can use a registration token generated by the Runtime Manager UI. The token is valid for four hours. diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-rep-run.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-rep-run.adoc new file mode 100644 index 000000000..62d9da87a --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-rep-run.adoc @@ -0,0 +1,32 @@ += Configuring Replicas for Omni Gateway in Connected Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:page-aliases: runtime-manager::flex-gateway-replicas.adoc +:imagesdir: ../assets/images + +[cols="1a,1a"] +|=== +|image:install-linux-logo.png[20%,20%,xref="flex-conn-rep-run.adoc#add-a-flex-replica-as-a-linux-service"] +|image:install-docker-logo.png[25%,25%,xref="flex-conn-rep-run.adoc#docker"] + +|xref:flex-conn-rep-run.adoc#add-a-flex-replica-as-a-linux-service[Add an Omni Replica as a Linux Service] +|xref:flex-conn-rep-run.adoc#docker[] +|=== + +include::partial$task-rep-run-flex-gateway.adoc[tags=add-omni-intro] + +include::partial$task-rep-run-flex-gateway.adoc[tags=add-omni-rep-byb;add-omni-rep-byb-conn;add-omni-rep1] + +include::partial$task-reg-run-flex-gateway.adoc[tags=create-config-folder-file;config-content;linux-start-commands] + +include::partial$task-rep-run-flex-gateway.adoc[tags=add-omni-rep2] + +[[docker]] +== Add an Omni Replica in a Docker Container + +To add an Omni Replica in a Docker Container you must run the Omni Gateway start command using the same `registration.yaml` file created during registration. If you are running the container locally, you will also need to use a different port. + +include::partial$task-reg-run-flex-gateway.adoc[tags=start-command] + +Now if you check in Runtime Manager after clicking *Omni Gateway* in the left navigation, your Omni Gateway will have an additional replica listed. You may need to refresh the page. \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-replica-caching.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-replica-caching.adoc new file mode 100644 index 000000000..be7d568b8 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-replica-caching.adoc @@ -0,0 +1,24 @@ += Configuring Omni Gateway Configuration Caching in Connected Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +To reduce scale-up time and increases resiliency, Omni Gateway can cache its gateway configuration in Redis shared storage. Omni replicas use the cached gateway configuration instead of each replica directly downloading the configuration from Anypoint Platform. By default, configuration caching is not enabled. + +Omni Gateway configuration caching works by: + +. After the first Omni replica starts, the replica downloads the configuration from Anypoint Platform, encrypts the configuration, and stores it in Redis. +. After subsequent replicas start, they use the locally cached configuration rather than downloading from Anypoint Platform. +. If the Omni Gateway configuration changes on Anypoint Platform, the replicas download the necessary configuration from Anypoint Platform and store it in Redis for immediate use by the other replicas. + +If caching is configured and Redis errors occur, each replica downloads configurations directly from Anypoint Platform. If Omni Gateway disconnects from Anypoint Platform, Omni Gateway uses the cached configuration until connections are restored. + +== Enable Omni Gateway Configuration Caching + +. Ensure the Redis shared storage is configured. ++ +To learn more, see xref:flex-conn-shared-storage-config.adoc[]. + +. Enable the `FLEX_DATASOURCE_CONTROL_NODE_ENABLED=true` environment variable. + diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-shared-storage-config.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-shared-storage-config.adoc new file mode 100644 index 000000000..6e14fba02 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-shared-storage-config.adoc @@ -0,0 +1,46 @@ += Configuring Shared Storage for Omni Gateway in Connected Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: conn + +include::reuse::partial$non-inclusive-banner.adoc[] + +// intro and graphics for each option - linux, docker, kubernetes +include::partial$task-shared-storage-config.adoc[tags=intro1;intro2;icon-table;byb;linux;sample-config-all-intro] +// configure shared storage for Omni Gateway as a Linux Service ++ +include::partial$task-shared-storage-config.adoc[tags=sample-config-all] + +// configure shared storage for Omni Gateway in a Docker container +include::partial$task-shared-storage-config.adoc[tags=docker-intro] ++ +include::partial$task-reg-run-flex-gateway.adoc[tags=start-command-local] ++ +include::partial$task-shared-storage-config.adoc[tags=docker-config-file-step;sample-config-all-intro] ++ +include::partial$task-shared-storage-config.adoc[tags=sample-config-all] + +//configure shared storage for Omni Gateway in a Kubernetes cluster +include::partial$task-shared-storage-config.adoc[tags=k8s;sample-config-all-intro] + +include::partial$task-shared-storage-config.adoc[tags=sample-config-all] + +// Redis Sentinel + +include::partial$task-shared-storage-config.adoc[tags=sentinel-intro] + +include::partial$task-shared-storage-config.adoc[tags=sentinel-sample-config] + +// TLS +include::partial$task-shared-storage-config.adoc[tags=tls-intro] + +include::partial$task-shared-storage-config.adoc[tags=tls-sample-config] + +include::partial$task-shared-storage-config.adoc[tags=tls-more-information] + +== See Also + +* xref:flex-local-shared-storage-config.adoc[Configuring Shared Storage for Omni Gateway in Local Mode] +* xref:flex-local-configuration-reference-guide.adoc#shared-storage[Declarative Configuration Reference Guide] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-third-party-logs-config.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-third-party-logs-config.adoc new file mode 100644 index 000000000..98dcf3906 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-third-party-logs-config.adoc @@ -0,0 +1,54 @@ += Configuring Omni Gateway Log Output for Third-Party Services +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: conn + +include::partial$task-config-logs-third-party.adoc[tags=intro1;intro2-conn] + +include::partial$task-config-logs-third-party.adoc[tags=icon-table] + +include::partial$task-config-logs-third-party.adoc[tags=byb] + +include::partial$task-config-logs-third-party.adoc[tags=runtime-access-logs] + +include::partial$task-config-logs-third-party.adoc[tags=file-example] + +include::partial$task-config-logs-third-party.adoc[tags=linux;view-logs-conn;configure-message-logging-step] + +include::partial$task-config-logs-third-party.adoc[tags=docker] ++ +include::partial$task-reg-run-flex-gateway.adoc[tags=start-command-local] ++ +include::partial$task-config-logs-third-party.adoc[tags=docker2;view-logs-conn;configure-message-logging-step] + +include::partial$task-config-logs-third-party.adoc[tags=k8s;view-logs-conn;configure-message-logging-step] + +include::partial$task-config-logs-third-party.adoc[tags=file-configuration-example] + +include::partial$task-config-logs-third-party.adoc[tags=http-configuration-example] + +include::partial$task-config-logs-third-party.adoc[tags=splunk-configuration-example] + +include::partial$task-config-logs-third-party.adoc[tags=dynatrace-configuration-example] + +[[configure-access-logs]] +== Configure Access Logs +To configure access logs in your log output, you must apply a Message Logging policy to the APIs whose request and response data you want to monitor. If you have previously applied a Message Logging policy to an API instance, you do not need to configure another. + +To configure a Message Logging policy, see xref:flex-conn-message-log.adoc[]. + +Configuring a Message Logging policy makes access logs visible in both API Manager *Logs* and your third-party log services. + +If your access logs are not visible, it is possible that a policy with a higher execution order is causing an error before the Message Logging policy can execute. To reorder policy execution, see xref:policies-reorder.adoc[]. + +// Logging examples +include::partial$task-config-logs-third-party.adoc[tags=log-output-examples] + + +== See Also + +* xref:flex-local-configuration-reference-guide.adoc#logging[Declarative Configuration Reference Guide] +* xref:flex-conn-message-log.adoc[] +* xref:flex-conn-disable-logs.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-timeout.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-timeout.adoc new file mode 100644 index 000000000..6e1c6f39e --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-timeout.adoc @@ -0,0 +1,23 @@ += Configuring Timeouts in Connected Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: conn + +include::partial$timeout-configuration.adoc[tags=timeout-types] + +You can configure these timeouts in Connected Mode via: + +* Runtime Manager runtime configurations: Applies to all API instances in the gateway. +* Environment variables: Applies to all API instances and is the most permanent configuration option. +* Configuration YAML resource: Applies to all API instances and is easy to adjust. +* Policy: Applies to one API instance or upstream and provides granular control. + +include::partial$timeout-configuration.adoc[tags=timeout-runtime-manager] + +include::partial$timeout-configuration.adoc[tags=timeout-configuration-env-var] + +include::partial$timeout-configuration.adoc[tags=timeout-configuration-yaml] + +include::partial$timeout-configuration.adoc[tags=timeout-configuration-policies] diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-tls-config.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-tls-config.adoc new file mode 100644 index 000000000..b95adb03b --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-tls-config.adoc @@ -0,0 +1,103 @@ += Configuring TLS Context for Omni Gateway in Connected Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: conn + +// Add TLS Context intro +include::partial$task-flex-add-tls-context.adoc[tags=intro1] + +When you add a TLS context, you can also select the ciphers to use with the TLS context and configure different inbound and outbound validation settings. + +include::partial$task-tls-config.adoc[tags=intro2;defaultOutboundTLS] + +Omni Gateway implements inbound TLS at the port level, meaning that an inbound TLS context applied to an API instance is also applied to all other instances that share the same port. To learn more about how TLS context is shared across ports, see <>. + +Port sharing is not a concern for outbound TLS. You can select the outbound TLS context for each individual upstream service. + +include::partial$task-tls-config.adoc[tag=aia-support] + +== Before You Begin +Before configuring the TLS context for an Omni Gateway Connected Mode, complete the following tasks: + +* xref:flex-install.adoc[Download Omni Gateway] +* xref:flex-{page-mode}-reg-run.adoc[Register and Run Omni Gateway] +* Ensure the following permissions are enabled: +** _Grant access to secrets_ in Secrets Manager +** _Deploy API Proxies_ in API Manager ++ +Your Anypoint Platform Admin can add these permissions in Access Management. +See xref:access-management::configure-teams.adoc#manage-team-permissions[Manage Team Permissions] for more information. + +* xref:anypoint-security::asm-secret-group-creation-task.adoc[Create a Secret Group] ++ +When adding a secret group, refer to the <>. ++ +Depending on your desired configuration, either: ++ +** xref:anypoint-security::asm-secret-group-creation-task.adoc#adding-a-keystore[Add a Keystore] +** xref:anypoint-security::asm-secret-group-creation-task.adoc#adding-a-truststore[Add a Trustore] ++ +NOTE: Privacy Enhanced Mail (PEM) type is required for your Keystore or Truststore. + +// TLS Configuration Options +include::partial$task-flex-add-tls-context.adoc[tags=configurationOptions] + + +// Add TLS Context in Secrets Manager +include::partial$task-flex-add-tls-context.adoc[tags=addContext] + + +//redeploy + + + +== Apply a TLS Context to an API + +You can apply a TLS context to an API instance either when creating a new instance or by editing an existing instance. + +API instance settings configuration has two parts, the downstream configuration and the upstream configuration. Inbound TLS context is a downstream configuration option, and outbound TLS context is an upstream configuration option. When adding a new API instance, the downstream and upstream configuration is on separate pages. When editing an API instance, the downstream and upstream configuration options appear on the same page but are in different sections. + +For information about either option, see the relevant tutorial: + +* xref:api-manager::create-instance-task-flex.adoc[] +* xref:api-manager::edit-api-endpoint-task.adoc[] + +To apply a TLS context: + +. Go to *Anypoint Platform > API Manager*. +. Navigate to either the: +* Upstream or downstream configuration page, if adding a new API instance. +* *Settings* page, if editing an existing API instance. +. Select *HTTPS* for the *Protocol* configuration field if configuring an inbound TLS context. +. Click *Add TLS Context*. +.. Select a *Secret Group*. +.. Select a *TLS Context*. +.. Click *Ok*. +. Finish creating the API instance or save the configuration edits. + + +[[tls-context-applied-to-shared-ports]] +== Inbound TLS Context Applied to Shared Ports +Though a port must have an API instance to have an inbound TLS context applied, the inbound TLS context is applied to the port rather than the API instance. + +Applying an inbound TLS context to an API instance that shares its port with other instances applies the inbound TLS context to all instances sharing the port. + +When you apply, edit, or remove the inbound TLS context of an API instance sharing a port, API Manager shows a warning with a list of the instances sharing the port. You can then choose to override the inbound TLS context of the listed API instances. Overriding the inbound TLS context of the API instances that share the port applies the inbound TLS context to the instances and then redeploys the instances. + +Overriding the inbound TLS context of deployed API instances redeploys the instances. Redeploying causes a brief period of downtime in the API instances. + +If you edit the port of an API instance that previously shared a port and an inbound TLS context with other instances, the inbound TLS context remains applied to the instances on the previous port. + +include::partial$task-flex-add-tls-context.adoc[tags=redeploy] +//Redeploy + +//Ciphers +include::partial$flex-tls-cipher.adoc[tags=connectedSelect;cipherSupport;ciphers] + +//Ciphers +== See Also + +* xref:flex-local-tls-config.adoc[Configuring TLS Context for Omni Gateway in Local Mode] +* xref:policies-included-tls.adoc[Transport Layer Security Policy] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-tracing-config.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-tracing-config.adoc new file mode 100644 index 000000000..39a5e5239 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-tracing-config.adoc @@ -0,0 +1,12 @@ += Configuring Omni Gateway Distributed Tracing in Connected Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: conn + +include::partial$tracing-support.adoc[] + +include::partial$tracing-export.adoc[tags=telemtery-exporter;telemtery-exporter-note;export-anypoint;export-grpc;export-http] + +include::partial$tracing-configuration.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-view-api-metrics.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-view-api-metrics.adoc new file mode 100644 index 000000000..590816bcd --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-view-api-metrics.adoc @@ -0,0 +1,14 @@ += Viewing Key Metrics in API Manager for Omni Gateway in Connected Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-aliases: flex-view-api-metrics.adoc + +include::partial$flex-view-api-metrics.adoc[] + +== See Also + +* xref:flex-use-api-alerts.adoc[] +* xref:monitoring::basic-alerts.adoc[]. +* xref:monitoring::api-analytics-dashboard.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-conn-view-api-status.adoc b/gateway/1.13/modules/ROOT/pages/flex-conn-view-api-status.adoc new file mode 100644 index 000000000..79b380d90 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-conn-view-api-status.adoc @@ -0,0 +1,8 @@ += Viewing API Status in Runtime Manager for Omni Gateway in Connected Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:page-aliases: runtime-manager::flex-gateway-apis.adoc, gateway::flex-view-api-status.adoc +:imagesdir: ../assets/images + +include::partial$/flex-view-api-status.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-configure.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-configure.adoc new file mode 100644 index 000000000..1a12fa2e4 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-configure.adoc @@ -0,0 +1,27 @@ += Configuring Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-aliases: gateway::flex-gateway-replicas.adoc + +Omni Gateway enables configuration via Anypoint Platform or declarative configuration files. You can configure Omni Gateway running in Connected Mode via both Anypoint Platform or declarative configuration files, while you can configure Managed Omni Gateway only with Anypoint Platform and Omni Gateway running in local mode only with configuration files. + +Configurations include: + +* Replicas +* TLS contexts +* Shared storage +* Forward proxies +* Automated Jenkins pipelines +* Node selection for Kubernetes deployments + +For Connected Mode, see xref:flex-conn-configure.adoc[]. + +For Local Mode, see xref:flex-local-configure.adoc[]. + +== See Also + +* xref:flex-managed-configure.adoc[] +* xref:flex-conn-configure.adoc[] +* xref:flex-local-configure.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-delete.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-delete.adoc new file mode 100644 index 000000000..5550a6121 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-delete.adoc @@ -0,0 +1,38 @@ += Delete an Instance of Self-Managed Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:page-aliases: runtime-manager::flex-gateway-delete.adoc +:imagesdir: ../assets/images + +To delete a gateway and its replicas in Runtime Manager: + +. From Anypoint Platform, select *Runtime Manager*. +. Select *Omni Gateways* in the navigation menu. +. Click the action menu button for the gateway that you want to delete. +. Click *Delete gateway*. + +If there are APIs associated with the gateway you want to delete, Runtime Manager displays a message that prompts you to either: + +* Move the associated APIs to another gateway. +* Delete all associated APIs. + +Once you moved or deleted all the associated APIs, follow the steps previously described to delete a gateway and confirm the deletion. + +== Omni Gateway Status + +The following table describes the meaning of each gateway status: + +[%header,cols="20a,50a"] +|=== +|Status Name |Description +|Running |Gateway is connected to the platform, and you can add APIs to it. +|Not Running |Gateway is not connected to the platform. +|Deleting | Gateway is in the process of being deleted. +|Deleted | Gateway was deleted from the platform. It stops accepting API requests and configuration changes, and stops reporting metrics. +|=== + +Deleted gateways are shown with status `Deleted` for 30 days before the status is removed from the gateways list. + +[NOTE] +If you delete a gateway, you lose its configuration history and can't recover it. diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-getting-started-overview.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-getting-started-overview.adoc new file mode 100644 index 000000000..2d4258ac7 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-getting-started-overview.adoc @@ -0,0 +1,16 @@ += Getting Started with Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Omni Gateway provides the following guides to quickly get started with Anypoint Omni Gateway. The tutorial describes how to deploy an Omni Gateway and publish a simple API that is secured with a basic authentication policy. See the guide for you desired Omni Gateway deployment type: + +* xref:flex-gateway-managed-getting-started.adoc[] - Deploy a Anypoint Platform hosted Managed Omni Gateway to CloudHub 2.0. +* xref:flex-gateway-getting-started.adoc[] - Deploy a Self-Managed Omni Gateway to a Docker container on your local infrastructure. +* xref:flex-gateway-k8-getting-started.adoc[] - Deploy a Self-Managed Omni Gateway to a Kubernetes pod on your local infrastructure. + +== Next Steps + +* xref:flex-review-prerequisites.adoc[] +* xref:flex-gateway-set-up.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-getting-started.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-getting-started.adoc new file mode 100644 index 000000000..c9d809046 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-getting-started.adoc @@ -0,0 +1,188 @@ += Getting Started with Self-Managed Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:page-aliases: runtime-manager::flex-gateway-add.adoc, runtime-manager::flex-gateway-api-add.adoc +:imagesdir: ../assets/images + +The goal of this tutorial is to quickly get started with Anypoint Omni Gateway. Using Docker, the tutorial describes how to install, register, and run Omni Gateway in Connected Mode. Additionally, the tutorial describes how to publish an API that is secured with a basic authentication policy. + +== Before You Begin + +Before getting started with Omni Gateway, ensure that you have: + +* A username and password for your Anypoint Platform organization. If you don’t have Anypoint Platform yet, https://anypoint.mulesoft.com/login/signup[create a Trial organization^] on Anypoint Platform. + +* A Linux machine with an x86 processor. M1 and M2 processors are not supported. ++ +include::partial$prerequisites.adoc[tag=intro] + +** {empty} +include::partial$prerequisites.adoc[tag=amazon-linux] + +** {empty} +include::partial$prerequisites.adoc[tag=centos] + +** {empty} +include::partial$prerequisites.adoc[tag=debian] + +** {empty} +include::partial$prerequisites.adoc[tag=red-hat] + +** {empty} +include::partial$prerequisites.adoc[tag=red-hat-ibm] + +** {empty} +include::partial$prerequisites.adoc[tag=ubuntu] + +* A Docker installation. See https://www.docker.com/products/docker-desktop/[Docker Desktop^] for an example. + +== Download Omni Gateway + +To download the Omni Gateway Docker image, run the following command in a terminal window: + +[source,ssh,subs=attributes+] +---- +docker pull mulesoft/flex-gateway:{gateway-ver-var} +---- + +[NOTE] +Use `sudo` if you encounter file permission issues when running this command. + +== Register Omni Gateway + +. Create a new directory by running: ++ +[source,ssh] +---- +mkdir flex-registration +---- + +. Navigate to the new directory by running: ++ +[source,ssh] +---- +cd flex-registration +---- + +. Log in to https://anypoint.mulesoft.com/login/[Anypoint Platform^] with your Anypoint username and password. +. Select *Runtime Manager*. +. Click *Omni Gateways* in the side navigation panel. +. Click *Self-managed Omni Gateways*. +. Click *Add Gateway*. +. Select *Docker*. +. Copy the code block in the *Register your gateway* section. The code block contains your unique organization ID and token. ++ +The following screenshot of the *Add an Omni Gateway* page highlights the code block to copy: ++ +image::gateway-quickstart-add-gateway.png["A code block with a command to register an Omni Gateway with Anypoint Platform",width=90%] + +. Run the copied code block in your terminal window, making sure to first replace `` with a name, such as `my-gw`. ++ +[NOTE] +Use `sudo` if you encounter file permission issues when running this command. + +. In Runtime Manager, select *Omni Gateways* from the side navigation panel. ++ +Your registered Omni Gateway now appears in the list of gateways. + +== Run Omni Gateway + +To run Omni Gateway, run the following in a terminal window: + +[source,ssh] +---- +docker run --rm \ + -v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \ + -p 8081:8081 \ + mulesoft/flex-gateway +---- + +[NOTE] +Use `sudo` if you encounter file permission issues when running this command. + +A new Omni Gateway instance is now running in your terminal window. + +[NOTE] +The Omni Gateway instance will continue running in the terminal window until the process is stopped, or until the window is closed. + +== Publish a Simple API + +. Select *API Manager* from the Anypoint Platform menu. +. Click *Add API* > *Add new API*. +. From the *Add API* page, select *Omni Gateway* as your runtime. +. Select your registered gateway in the *Select a gateway* section. +. Click *Next*. +. Click *Create New API*. +. Specify an API name and select *HTTP API* as the asset type. +. Click *Next*. +. From the *Endpoint* page, enter the following in the *Implementation URI* field: ++ +[source] +---- +https://jsonplaceholder.typicode.com/ +---- +. Enter `8081` in the *Port* field. +. Click *Next*. ++ +// The following screenshot of the *Endpoint* page highlights the specified options. +// + +// image::gateway-quickstart-select-endpoint.png["A form for configuring the endpoint and other settings of an API",width=100%] + +. Click *Save & Deploy*. ++ +Inside the gateway instance Docker container, all HTTP requests made to `localhost` on port `8081` are now proxied to the `jsonplaceholder` service. +. To test the API Instance, run the following command in a new terminal window: ++ +[source,ssh] +---- +curl -s -o /dev/null -w "%{http_code}\n" --request GET 'http://localhost:8081/' +---- ++ +The command executes a `GET` request to the API, and then prints the resulting `200` status code, indicating success. + +== Secure Your API Using the Basic Authentication Policy + +. While still in *API Manager*, select *API Instances* from the side navigation panel. +. Select the name of the API created in the previous section. +. Select *Policies* from the side navigation panel. +. In the *Policies* page, click *Add policy*. ++ +The following screenshot of the *Policies* page highlights the specified options: ++ +image::gateway-quickstart-add-policy.png["Add Policy page with Add policy button",width=65%] + +. Select the *Basic Authentication - Simple* policy. +. Click *Next*. +. For *User Name*, enter `user`. +. For *User Password*, enter `password`. +. Click *Apply*. ++ +The following screenshot of the *Configure Basic Authentication - Simple policy* page highlights the specified options: ++ +image::gateway-quickstart-config-basic-auth.png["Configure Basic Authentication Policy page with User Password field selected",width=65%] + +. To test the API Instance _without_ authentication, run the following `curl` command in the terminal window: ++ +[source,ssh] +---- +curl -s -o /dev/null -w "%{http_code}\n" --request GET 'http://localhost:8081/' +---- ++ +The command prints a resulting `401 (Unauthorized)` status code, because the request does not include the Authentication context. +. To test the API Instance _with_ authentication, run the following command in the terminal window: ++ +[source,ssh] +---- +curl -s -o /dev/null -w "%{http_code}\n" --request GET 'http://localhost:8081/' -u user:password +---- ++ +[NOTE] +The `user` and `password` parameters must match what was specified when you applied the policy via *API Manager*. ++ +The command prints the resulting `200` status code, indicating success. + +== Next Steps + +* xref:flex-review-prerequisites.adoc[] +* xref:flex-gateway-set-up.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-istio.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-istio.adoc new file mode 100644 index 000000000..18046f765 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-istio.adoc @@ -0,0 +1,548 @@ += Integrating Omni Gateway with Istio Service Mesh +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +To leverage Omni Gateway policies, logging, and metrics from the Anypoint Platform control plane, integrate Omni Gateway into your Istio Service Mesh. Deploy Omni Gateway as an ingress gateway to manage ingress north-south cluster traffic and internal east-west traffic inside the cluster. + +To integrate Omni Gateway, use the following architecture diagram and tutorial. Omni Gateway is integrated by using a modified version of the https://istio.io/latest/docs/examples/bookinfo/[Istio Bookinfo sample application]. In the Omni Gateway integration: + +* An Istio virtual service forwards all ingress north-south traffic to Omni Gateway. +* Direct access to the `bookinfo` name space is restricted. All external traffic into the `bookinfo` namespace must come from the `flex` namespace. Istio automatically configures mTLS configuration between the `bookinfo` and `flex`. +* Omni Gateway protects and monitors the exposed product page service from ingress traffic with an API instance. +* The Istio sidecar intercepts east-west traffic between the product page service and the reviews service. Omni Gateway acts as an ingress gateway managing incoming traffic to the reviews service. + +image:flex-istio-deployment.png["A diagram demonstrating the architecture to integrate Omni Gateway with Istio"] + +NOTE: In the diagram, Omni Gateway is running in Connected Mode. If Omni Gateway runs in Local Mode, the Anypoint Platform control plane is absent. + +To configure the architecture: + +. <>. +. <>. +. <>. +. <>. + +[[before-you-begin]] +== Before You Begin + +Before you begin, install the following prerequisites: + +* https://docs.docker.com/get-docker/[Docker] + +* xref:flex-install.adoc#kubernetes[Download Omni Gateway for Use in a Kubernetes Cluster] + +* https://k3d.io/v5.0.0/#installation[K3d] to create a Kubernetes cluster inside of docker + +* https://kubernetes.io/docs/tasks/tools/#kubectl[kubectl] to control the Kubernetes cluster + +* https://helm.sh/docs/intro/install/[Helm] to install Omni Gateway and Istio + +[[setup-environment]] +== Set up Environment + +. Create a Kubernetes cluster for this demo or skip this step if you already have a cluster you want to use: ++ +[source,ssh] +---- +k3d cluster create demo-istio --k3s-arg "--disable=traefik@server:0" --port '80:80@server:0' --port '443:443@server:0' +---- + +. Add the Omni Gateway and Istio Helm repositories: ++ +[source,ssh] +---- +helm repo add istio https://istio-release.storage.googleapis.com/charts \ +&& helm repo add flex-gateway https://flex-packages.anypoint.mulesoft.com/helm \ +&& helm repo up +---- + +. Install Istio: ++ +.. Install the Istio base chart that contains the cluster-wide Custom Resource Definitions (CRDs) that must be installed before deploying the Istio control plane: ++ +[source,ssh] +---- +helm upgrade -i --wait --create-namespace -n istio-system istio-base istio/base --version 1.21.2 --set defaultRevision=default +---- ++ +.. Install the Istio discovery chart that deploys the `istiod` service: ++ +[source,ssh] +---- +helm upgrade -i --wait --create-namespace -n istio-system istiod istio/istiod --version 1.21.2 +---- ++ +.. Install an Istio ingress gateway: ++ +[source,ssh] +---- +helm upgrade -i --wait --create-namespace -n istio-system istio-ingress istio/gateway --version 1.21.2 +---- + +. Install Omni Gateway: + +.. Create the namespace and set up the label to enable the sidecar injection: ++ +[source,ssh] +---- +kubectl create ns flex && kubectl label ns flex istio-injection=enabled --overwrite +---- ++ +.. Install Omni Gateway: ++ +[source,ssh] +---- +helm upgrade -i --wait -n flex --version 1.7.0 flex flex-gateway/flex-gateway \ +--set gateway.scope=Namespace \ +--set gateway.mode=connected \ +--set service.type=ClusterIP \ +--set service.http.port=8081 \ +--set service.https.enabled=false \ +--set-file registration.content=registration.yaml +---- ++ +.. List all services and API instances previously created: ++ +[source,ssh] +---- +kubectl -n flex get svc +---- + +. Install the `bookinfo` application: ++ +.. Enable Istio label injection in the default namespace and install the `bookinfo` application: ++ +[source,ssh] +---- +kubectl create ns bookinfo \ +&& kubectl label ns bookinfo istio-injection=enabled --overwrite \ +&& kubectl -n bookinfo apply -l version!=v2,version!=v3 -f https://raw.githubusercontent.com/istio/istio/release-1.20/samples/bookinfo/platform/kube/bookinfo.yaml +---- ++ +.. Check the pod status: ++ +[source,ssh] +---- +kubectl -n bookinfo get pods +---- + +. Install the `sleep` application to test traffic: ++ +.. Create the `test` namespace and install the `sleep` application: ++ +[source,ssh] +---- +kubectl create ns test \ +&& kubectl label ns test istio-injection=enabled --overwrite \ +&& kubectl -n test apply -f https://raw.githubusercontent.com/istio/istio/release-1.20/samples/sleep/sleep.yaml +---- ++ +.. Check the status of the pods: ++ +[source,ssh] +---- +kubectl -n test get pods +---- + +[[forward-ingress-traffic]] +== Intercept Ingress North-South Traffic + +Intercept ingress north-south traffic to protect services from external traffic. + +To intercept ingress north-south traffic: + +. Create the Omni Gateway ingress API instance to forward all ingress north-south traffic in the `bookinfo` namespace to the `productpage` service: ++ +** Local Mode: ++ +[source,ssh] +---- +cat < ' ++ attributes.version ++ ' ' ++ attributes.method ++ ' ' ++ attributes.headers.host ++ attributes.requestUri]" + level: "INFO" + firstSection: true + - itemName: "Response" + itemData: + message: "#['< Status=' ++ attributes.statusCode ++ ' Length=' ++ (attributes.headers['content-length'] default 'none') ++ ' Time=' ++ (attributes.headers['x-envoy-upstream-service-time'] default 'none')]" + level: "INFO" + secondSection: true + order: 0 +EOF +---- + +[[create-a-service]] +== Intercept East-West Traffic Between Services + +Use Omni Gateway to intercept east-west traffic between services and protect them with policies. + +To intercept east-west traffic: + +. Create the `bookinfo-reviews` API instance to forward the east-west traffic to the `reviews` service: + +** Local Mode: ++ +[source,ssh] +---- +cat < ' ++ attributes.version ++ ' ' ++ attributes.method ++ ' ' ++ attributes.headers.host ++ attributes.requestUri]" + level: "INFO" + firstSection: true + - itemName: "Response" + itemData: + message: "#['< Status=' ++ attributes.statusCode ++ ' Length=' ++ (attributes.headers['content-length'] default 'none') ++ ' Time=' ++ (attributes.headers['x-envoy-upstream-service-time'] default 'none')]" + level: "INFO" + secondSection: true +EOF +---- + +** Connected Mode: ++ +To add an API instance in Connected Mode, see xref:api-manager::create-instance-task-flex.adoc[]. ++ +Configure the API instance with these downstream parameters: ++ +*** *Protocol*: *HTTP* +*** *Port*: `8081` +*** *Base Path*: `/bookinfo/reviews/` ++ +Configure the API instance with these upstream parameters: ++ +*** *Route label*: `reviews` +*** *Upstream URL*: `http://reviews.bookinfo.svc:9080` + + +. Intercept the traffic between the `productpage` service and the `reviews` service and forward it to the `flex` service: ++ +.. Create the Istio API instance: ++ +[source,ssh] +---- +cat < HTTP/1.1 GET localhost/ingress/productpage +[flex-gateway-envoy][info] wasm log bookinfo-reviews-message-logging-flex-1.flex.bookinfo-reviews.flex.svc main: [policy: bookinfo-reviews-message-logging-flex-1.flex][api: bookinfo-reviews.flex.svc][req: b23e9c64-a2aa-4464-8984-d1dd6c18f7ea] [accessLog] > HTTP/1.1 GET reviews:9080/bookinfo/reviews/reviews/0 +---- ++ +NOTE: Use the standard output logs for a quick log check. To learn how to view standard output logs, see xref:flex-local-view-logs.adoc[]. + + +.. Apply the Rate Limiting policy to the `bookinfo-reviews` API instance to protect the `reviews` service: ++ +[source,ssh] +---- +cat < ' ++ attributes.version ++ ' ' ++ attributes.method ++ ' ' ++ attributes.headers.host ++ attributes.requestUri]" + level: "INFO" + firstSection: true + - itemName: "Response" + itemData: + message: "#['< Status=' ++ attributes.statusCode ++ ' Length=' ++ (attributes.headers['content-length'] default 'none') ++ ' Time=' ++ (attributes.headers['x-envoy-upstream-service-time'] default 'none')]" + level: "INFO" + secondSection: true + order: 0 + - policyRef: + name: rate-limiting-flex + config: + rateLimits: + - timePeriodInMilliseconds: 60000 + maximumRequests: 2 + exposeHeaders: true +EOF +---- + +. Restrict direct access to the `bookinfo` service: ++ +.. Restrict access: ++ +[source,ssh] +---- +cat < -n +---- ++ +.Example: +[source,helm] +---- +helm get values --revision=2 ingress -n gateway +---- ++ + +The following example shows the `resources` settings for the Pod's CPU and memory below the Pod's `registration` data: ++ +---- +USER-SUPPLIED VALUES: +registration: + ... +resources: + limits: + cpu: 1000m + memory: 2024Mi + requests: + cpu: 250m + memory: 256Mi +---- ++ +This example displays settings from `REVISION` number `2`. The output displays only revised settings. If your chart has never revised the default Helm chart values, _no_ revisions appear in the output. + +. Use one of the following procedures to change settings in the Helm chart for your Omni Gateway deployment: + +* <> uses `--set` options in a `helm upgrade` command. The command allows multiple `--set` options. +* <> passes a configuration file with multiple settings though the `-f` option to `helm upgrade`. The command allows multiple `-f` options. + +[[use-helm-set-option]] +== Modify Settings for Your Helm Chart + +After following the steps in <>, use the `--set` option to pass new values individually to the Helm chart for your Omni Gateway deployment. Alternatively, follow the procedure in <>. + +. Change the `cpu` and `memory` values by using the `helm upgrade` command. ++ +.Syntax: +---- +helm -n upgrade \ +--wait \ +--reuse-values \ +/ \ +--set = +--set = +... +---- ++ +.Example: +[source,helm] +---- +helm -n gateway upgrade ingress \ +--wait \ +--reuse-values \ +flex-gateway/flex-gateway \ +--set resources.limits.cpu=1500m \ +--set resources.limits.memory=2048Mi \ +--set resources.requests.cpu=260m \ +--set resources.requests.memory=384Mi +---- ++ +When successful, the command returns output similar to this: ++ +---- +Release "ingress" has been upgraded. Happy Helming! +NAME: ingress +LAST DEPLOYED: Mon Mar 27 11:58:36 2023 +NAMESPACE: gateway +STATUS: deployed +REVISION: 3 +TEST SUITE: None +---- + +. Using the new `REVISION` value, check the `resources` settings, for example: ++ +[source,helm] +---- +helm get values --revision=3 ingress -n gateway +---- ++ +The output displays the new `resources` settings for the Pod: ++ +---- +USER-SUPPLIED VALUES: +registration: + ... +resources: + limits: + cpu: 1500m + memory: 2048Mi + requests: + cpu: 260m + memory: 384Mi +---- + +[[use-helm-f-option]] +== Provide a File with Modified Settings for Your Helm Chart + +After following the steps in <>, use the `-f` option with `helm upgrade` to identify the file that contains new Helm chart settings for your Omni Gateway deployment. Alternatively, follow the procedure in <>. + +. Create a configuration file that contains your new settings. ++ +For example, create a YAML file named `my-config-file.yaml` that contains the new `cpu` and `memory` values: ++ +[source,yaml] +---- +resources: + limits: + cpu: 1500m + memory: 2048Mi + requests: + cpu: 260m + memory: 384Mi +---- + +. Pass the new values from your configuration file to your Helm chart, for example: ++ +.Syntax: +---- +helm -n upgrade \ +--wait \ +--reuse-values \ +/ \ +-f +---- ++ +.Example: +[source,helm] +---- +helm -n gateway upgrade ingress \ +--wait \ +--reuse-values \ +flex-gateway/flex-gateway \ +-f my-config-file.yaml +---- ++ +When successful, the command returns output similar to this: ++ +---- +Release "ingress" has been upgraded. Happy Helming! +NAME: ingress +LAST DEPLOYED: Mon Mar 27 16:38:07 2023 +NAMESPACE: gateway +STATUS: deployed +REVISION: 4 +TEST SUITE: None +---- + +. Using your Helm repository and chart names, verify the update to your chart, for example: ++ +[source,helm] +---- +helm get values --revision=4 ingress -n gateway +---- ++ +The output displays the new `resources` settings for the Pod: ++ +---- +USER-SUPPLIED VALUES: +registration: + ... +resources: + limits: + cpu: 1500m + memory: 2048Mi + requests: + cpu: 260m + memory: 384Mi +---- diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-external-dns.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-external-dns.adoc new file mode 100644 index 000000000..55638e07b --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-external-dns.adoc @@ -0,0 +1,135 @@ += Provide a Domain Name for an Application on Your Kubernetes Cluster + +Use ExternalDNS to expose an application or service on your Kubernetes cluster through a domain name instead of a difficult-to-understand external IP or random host name. + +https://github.com/kubernetes-sigs/external-dns/blob/master/README.md[ExternalDNS^] is an open source project that supports DNS configurations on many DNS providers. The tool is _not_ a DNS server or provider. Instead, ExternalDNS discovers Kubernetes resources through public DNS servers and configures the resources for supported DNS providers. + +This guide uses ExternalDNS to configure domain names in an AWS Route 53 provider, which is one of the stable providers supported by ExternalDNS. + +== Before You Begin + +Ensure that the following prerequisites are in place: + +* A Kubernetes cluster on AWS + +* An Omni Gateway deployment to an AWS cluster or a registered Omni Gateway instance (gateway) ++ +For gateway registration and deployment processes, see xref:flex-gateway-set-up.adoc[] or xref:flex-gateway-k8-getting-started.adoc[]. + +* An AWS Identity and Access Management (IAM) policy that allows ExternalDNS to update Amazon Route 53 Resource Record Sets and Hosted Zones ++ +To use another target or create the IAM Policy with these permissions, see the https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md[ExternalDNS documentation^]. + +== Add ExternalDNS to Your Cluster + +Add ExternalDNS (`external-dns`) to your cluster by creating and deploying a YAML configuration file with the following content to your cluster: + +. Create a YAML file with the following settings. ++ +[source,yaml] +---- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: external-dns + labels: + app.kubernetes.io/name: external-dns +spec: + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/name: external-dns + template: + metadata: + labels: + app.kubernetes.io/name: external-dns + spec: + containers: + - name: external-dns + image: registry.k8s.io/external-dns/external-dns:v0.13.1 + args: + - --source=service + - --source=ingress + - --domain-filter= # makes only hosted zones visible + - --provider=aws + - --policy=upsert-only # prevents record deletion + - --aws-zone-type=public # public zones only + - --registry=txt + - --txt-owner-id=my-hostedzone-identifier + env: + - name: AWS_DEFAULT_REGION + value: # sets the EKS region + # # Uncomment the following settings when using static credentials + # - name: AWS_SHARED_CREDENTIALS_FILE + # value: /.aws/credentials + # volumeMounts: + # - name: aws-credentials + # mountPath: /.aws + # readOnly: true + # volumes: + # - name: aws-credentials + # secret: + # secretName: external-dns +---- + +. In your new YAML file, set the following options, as needed, for your deployment: + +* `args` options: + +** `- --domain-filter=`: Make hosted zones that match your domain visible to ExternalDNS. Omit this option to process all available hosted zones. ++ +The option is critical for making `external-dns` work as intended. + +** `- --policy=upsert-only`: Prevent ExternalDNS from deleting any records. Omit this option to enable full synchronization. + +** `- --aws-zone-type=public`: Make only public hosted zones visible. Valid values are `public`, `private`, or no value for both types of zones. + +* `env` option `value: `: Set the region in which your EKS cluster is installed, for example, `us-east-1`. + +. If you are using static credentials, remove the comments (`#`) from the lines that contain hidden `env` and `volumes` configurations. + +. Apply the configuration to your cluster by using the following command from a terminal window: ++ +[source,kubctl] +---- +kubectl create --filename --namespace +---- + +== Set DNS Names through Your Helm Chart for Omni Gateway + +Use the `extraAnnotations` parameter with `helm upgrade` to set the domain names. This parameter is described in the https://artifacthub.io/packages/helm/flex-gateway/flex-gateway[Helm chart for Omni Gateway (flex-gateway)^]. + +. Create a YAML configuration file to specify an ExternalDNS key and a comma-separated set of domain values. ++ +Replace the placeholder values `,...,` with your domains: ++ +---- +extraAnnotations: + external-dns.alpha.kubernetes.io/hostname: ,..., +---- + +. Use the `-f` option to pass your configuration file to the `helm upgrade` command. ++ +The command options to use depend on whether your registered gateway is deployed to a cluster: + +.. If you are deploying Omni Gateway to the cluster for the first time, run the following command, replacing the placeholder values with the path to your gateway's registration YAML file (by default, `registration.yaml`) and your domain names: ++ +[source,helm] +---- +helm -n gateway upgrade \ +-i --create-namespace \ +--wait ingress flex-gateway/flex-gateway \ +--set-file registration.content= \ +-f +---- + +.. If you are updating a running gateway with the annotation, run the following command: ++ +[source,helm] +---- +helm -n gateway upgrade \ +--wait ingress flex-gateway/flex-gateway \ +--reuse-values \ +-f +---- diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-getting-started.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-getting-started.adoc new file mode 100644 index 000000000..f85a5a17f --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-getting-started.adoc @@ -0,0 +1,603 @@ += Getting Started with Self-Managed Omni Gateway in a Kubernetes Cluster +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:reg-mode: Connected + +Get started with Anypoint Omni Gateway in a Kubernetes cluster or an OpenShift cluster, which is based on Kubernetes. Set up an Omni Gateway deployment that connects to Anypoint Platform, and use the deployment to route traffic to your API. This guide covers the following high-level tasks: + +* Downloading, registering, and deploying Omni Gateway in xref:flex-conn-reg-run-token.adoc#k8-token[Connected Mode] with a token +* Creating a simple API in Anypoint API Manager that runs on your gateway +* Protecting the API with a basic authentication policy that you configure in API Manager + +The Omni Gateway deployment process requires a working Kubernetes cluster that you create or that is provisioned for you by a Kubernetes professional. + +Setting up a Kubernetes cluster requires a level of skill and expertise that is _beyond the scope of this guide to provide_. Cluster configuration in Kubernetes differs significantly by service provider and platform. For cluster configuration questions, consult documentation from your Kubernetes service provider or use the https://kubernetes.io/docs/setup/[Kubernetes documentation^]. + +If you lack a Kubernetes cluster but want to try out Omni Gateway quickly, without creating a cluster, see xref:flex-gateway-getting-started.adoc[Getting Started with Omni Gateway] (on Docker). That guide uses Docker exclusively and does not require you to perform any cluster configuration. + + +== Before You Begin + +Before starting the procedures in this guide, ensure that the following prerequisites are in place: + +* A username and password for your Anypoint Platform organization. If you do not have an Anypoint Platform account, https://anypoint.mulesoft.com/login/signup[create a Trial organization^] on Anypoint Platform. + +//docker prereq +* {empty} +include::partial$prerequisites.adoc[tag=docker] ++ +Run `docker --version` from a terminal window to determine if this tool is installed. If you need to install Docker, try https://www.docker.com/[Docker Desktop^]. + +//helm prereq +* {empty} +include::partial$prerequisites.adoc[tag=helm] ++ +Run `helm version` from a terminal window to determine if this tool is installed and check the version. To install or upgrade, use the https://helm.sh/[Helm^] website. + +//kubectl prereq to select cluster prior to deployment +* {empty} +include::partial$prerequisites.adoc[tag=kubectl] ++ +Run `kubectl version --output=yaml` from a terminal window to determine if this tool is installed. If not, find `kubectl` among the installation tools available through the https://kubernetes.io/docs/tasks/tools/[Kubernetes documentation^]. + +//curl prereq to test the API with Omni +* {empty} +include::partial$prerequisites.adoc[tag=curl] ++ +Run `curl --version` from a terminal window to determine if this tool is installed. If not, you can download it with a package manager for your machine. + +[[kubernetes-cluster-reqs]] +== Cluster Requirements + +The host for your Kubernetes cluster can be any xref:flex-review-prerequisites.adoc#software-requirements[supported Kubernetes provider], including common cloud-based services, such as Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), or Google Kubernetes Engine (GKE). + +//cluster-level access when rbac enabled, as for OpenShift +include::partial$prerequisites.adoc[tags=rbac-permission-k8;rbac-role-openshift] + +To complete the procedures in this guide, you must create a Kubernetes cluster or use an existing one for your Omni Gateway deployment. In this guide, you use Helm to deploy Omni Gateway to a Kubernetes cluster and connect it to Anypoint Platform. + +[[min-cluster-reqs]] +The following minimum requirements apply to a small Kubernetes cluster used for demonstration purposes in this guide and _do not apply to requirements of a production environment_: + +* At least one node. + +* Support for the creation of a `Service` resource of the `LoadBalancer` type. ++ +This requirement avoids deployment errors when you use this guide. However, it is possible to customize the `Service` type when deploying a gateway. Omni Gateway supports the following services: `ClusterIP`, `NodePort`, `LoadBalancer` (default), `ExternalName`. See the `service.type` key in the https://artifacthub.io/packages/helm/flex-gateway/flex-gateway[Helm chart for Omni Gateway^]. + +* Compute resources needed for the deployment procedure are _very unlikely_ to exceed the following values (equivalent to the EKS t3.micro instance type): + +** vCPU: 2 vCPUs +** Memory: 1 GiB +** Network: Up to 5 Gigabit +** Max ENI: 2 +** Max IPs: 4 + +To determine whether your cluster is ready for the <>, review <> _before starting_ the deployment. The checks require you to run a set of `kubectl` commands. + +[[download-flex]] +== Step 1: Download the Omni Gateway Image + +Use Docker to download the Omni Gateway image from the Docker Hub registry. + +This procedure is a prerequisite to registering the Omni Gateway with Anypoint Platform in <>. Registration is required during the gateway deployment through Helm in <>. + +. Check that Docker is running by executing the following command in a terminal window: ++ +[source,docker,subs=attributes+] +---- +docker info +---- ++ +If you receive an error after executing this command, see the information about <>. +. Run the following command in a terminal window: ++ +[source,docker,subs=attributes+] +---- +docker pull mulesoft/flex-gateway:{gateway-ver-var} +---- ++ +When successful, this command prints a message similar to the following one in your terminal window: ++ +---- +latest: Pulling from mulesoft/flex-gateway +Digest: sha256:e55555abcdefg1234567zxynwo33333fadjf +Status: Image is up to date for mulesoft/flex-gateway:latest +docker.io/mulesoft/flex-gateway:latest +---- ++ +Use `sudo` if you encounter permission issues when running this command. + +[[register-flex]] +== Step 2: Register Omni Gateway + +Register the Omni Gateway image from a terminal window using a temporary token generated by Anypoint Runtime Manager. This procedure produces a local `registration.yaml` file that contains registration properties for a named gateway. These properties are incorporated into a Helm chart in <>. + +. From a terminal window, prepare a directory for an Omni Gateway registration file (`registration.yaml`). +.. Create a directory: ++ +[source,mkdir] +---- +mkdir flex-registration +---- +.. Navigate to the new directory: ++ +[source,cd] +---- +cd flex-registration +---- + +. Log in to https://anypoint.mulesoft.com/login/[Anypoint Platform^] and select *Runtime Manager*. +. From Runtime Manager, locate the procedure for registering Omni Gateway: +.. Click *Omni Gateways* in the side navigation panel. +.. Click *Self-managed Omni Gateways*. +.. Click *Add Managed Omni-Gateway*. +.. Select one of the following environments: ++ +* *Kubernetes* +* *OpenShift* +.. In the page that opens, locate the command in the *Register your gateway* section. ++ +Kubernetes Example: ++ +image::gateway-quickstart-k8-add-gateway-rtm.png["Add registration code block from Add an Omni Gateway page"] ++ +The highlighted command block includes your unique organization ID and a temporary token. + +. In your terminal window, copy the command block from Runtime Manager to your `./flex-registration` directory. ++ +Notice that Runtime Manager provides the required organization and token values. + +. Before running the command, replace `` at the end of the command block with a _unique_ name for your gateway, such as `my-gateway`. ++ +The name that you provide for your gateway must be unique within the scope of your Anypoint Platform organization and environment. Completing this registration step is required once _and allowed no more than once_ per named gateway and organization. + +. Run the edited command from your terminal window. ++ +When successful, the command produces a `registration.yaml` in your `./flex-registration` directory and displays the following message in your terminal window: ++ +---- +Starting registration, please be patient. +Registration completed, the configuration files were written +in directory "/registration". For security, modify the file permissions +to restrict production scenario access to the user running flex. +---- ++ +Note that the message in the terminal window refers to a `/registration` directory that resides within the Docker container. ++ +Use `sudo` if you encounter file permission issues when running this command. If your token expires before you run the command, a `400 Bad Request` error occurs. In this case, you must refresh the Runtime Manager page to generate a new token and run the modified command that appears on the page. + +[[create-repo]] +== Step 3: Add a Repository for the Helm Chart + +Add the Omni Gateway chart repository. Note that you can get more information about the properties of the Helm chart for Omni Gateway in https://artifacthub.io/packages/helm/flex-gateway/flex-gateway[ArtifactHUB^]. + +. Add a Helm repository named `flex-gateway` for your Helm chart: ++ +[source,helm] +---- +helm repo add flex-gateway https://flex-packages.anypoint.mulesoft.com/helm +---- ++ +The command either adds the repository or skips this process if a Helm repository with that name already exists on your machine: ++ +* If the repository is new, the command returns the following message: ++ +---- +"flex-gateway" has been added to your repositories +---- ++ +* If the repository already exists, the command returns the following message: ++ +---- +"flex-gateway" already exists with the same configuration, skipping +---- + +. Run `helm repo up`. ++ +The command returns the following message: ++ +---- +Hang tight while we grab the latest from your chart repositories... +...Successfully got an update from the "flex-gateway" chart repository +Update Complete. ⎈Happy Helming!⎈ +---- ++ +If you have more than one Helm repository on your machine, the message in your terminal window lists all of the repositories. + +[[deploy-flex]] +== Step 4: Deploy and Connect Omni Gateway + +Use Helm to deploy Omni Gateway to a node in your cluster and connect it to Anypoint Platform. After deploying, use Runtime Manager to verify that the gateway is present and connected to Anypoint Platform. + + +Before you begin: + +Confirm that your Kubernetes cluster is available by following the steps in <>. Review <> if you have not done so already. These prerequisites help avoid deployment errors. + +After confirming that your Kubernetes cluster is ready, deploy and connect your gateway: + +. Run the Helm command for deploying your gateway in {reg-mode} Mode: ++ +[source,helm] +---- +helm -n gateway upgrade -i --create-namespace \ +ingress flex-gateway/flex-gateway \ +--set gateway.mode=connected \ +--set-file registration.content=registration.yaml +---- ++ +This command creates the `gateway` namespace and `ingress` release if they do not exist. The command syntax for the Helm repository and chart names is `/`. ++ +The command uses `--set gateway.mode=connected` because the default for the Helm chart is Local Mode. ++ +When you install Omni Gateway, a Service type `LoadBalancer` is created by default. You must have the appropriate permissions to create a load balancer in your cloud. If the load balancer is not provisioned or has issues with the provisioning process, you must choose another type by changing the `service.type` property during the installation. ++ +When successful, the command prints a message indicating an upgrade to your `ingress` release: ++ +---- +Release "ingress" does not exist. Installing it now. +NAME: ingress +LAST DEPLOYED: Mon Mar 20 21:36:19 2023 +NAMESPACE: gateway +STATUS: deployed +REVISION: 1 +TEST SUITE: None +---- ++ +The `REVISION` value increments the `ingress` release by `1` each time you run this command with the same namespace, repository, and chart names. For example, if you run the command a second time, you find a new revision number (`REVISION: 2`). The `LAST DEPLOYED` date reflects the date of that revision. ++ +If you receive an `UPGRADE FAILED` response, see <> information about this issue. + +. If you want to check the status of the Pod that runs your gateway, execute the following `kubectl` command: ++ +[source,kubectl] +---- +kubectl get pods -n gateway +---- ++ +The output indicates whether the pod is running successfully in the `gateway` namespace: ++ +---- +NAME READY STATUS RESTARTS AGE +ingress-57bc75cb46-dmkdq 1/1 Running 0 35s +---- + +. Return to Runtime Manager: +.. Select *← Omni Gateways* from the side navigation panel of the *Add an Omni Gateway* page. ++ +image::gateway-quickstart-k8-return-to-gateway-list.png["Choose preferred operating system or environment"] +.. Navigate to your registered gateway in the *Omni Gateways* page: ++ +image::gateway-quickstart-k8-my-gateway-rtm.png["A table of Omni Gateway details, such as name, ID, status, and last updated timestamp"] ++ +You can use the search field in the page to narrow the list of gateways. + +.. Make sure that the status of your gateway is *Running*. ++ +If the status is *Not Running*, it's likely that the cluster configuration is incorrect or a network issue has occurred. Check <> for more information. + +[[create-api]] +== Step 5: Publish and Deploy a Simple API to Omni Gateway + +Create and deploy a simple API to your gateway in Anypoint API Manager: + +. In Runtime Manager, click the *View APIs* menu option for your gateway to navigate to its *View APIs* page. ++ +image::gateway-quickstart-k8-view-apis.png["View APIs menu item for Omni Gateway"] ++ +Alternatively, you can navigate to API Manager from the Anypoint Platform menu. +. From the page that opens, click *Add API* (and if present, *Add new API*) to navigate to the *APIs / Add API* page in API Manager. +. From *APIs / Add API*, configure an API by working through the API configuration pages, starting with the *Runtime* configuration: ++ +image::gateway-quickstart-k8-select-gateway-for-api.png["Add API page with Omni Gateway Runtime and my-gateway selected"] ++ +.. From the *Runtime* configuration page, select *Omni Gateway* as your runtime. +.. Find and select your gateway in the *Select a gateway* area of the page. ++ +Use the search field to locate it, if necessary. +.. Click *Next* to open the *API* page. + +. In the *API* configuration page associated with *APIs / Add API*, provide an API name and asset type: ++ +image::gateway-quickstart-k8-api-config-api.png["A form to select or create a new API",width=60%] ++ +.. Click *Create new API*. ++ +The remaining procedures walk you through steps for creating and testing a new HTTP API in Anypoint Exchange. Notice, however, that it is also possible to select an existing API from Exchange from this page. That process is described in the xref:api-manager::create-instance-task-flex.adoc#add-a-new-api[Add a New API] in the API Manager documentation. ++ +.. Provide an API name, such as *my-api*. +.. Select *HTTP API* as the asset type. +.. Click *Next* to open the *Endpoint* configuration page. + +. In the *Endpoint* page associated with *APIs / Add API*, set up an endpoint for your API: ++ +image::gateway-quickstart-k8-api-config-endpoint.png["A form for configuring endpoint settings",width=90%] ++ +.. For the *Scheme*, use the default, *HTTP* setting. ++ +This guide focuses on a simple HTTP API. For HTTPS configuration details, see xref:flex-conn-tls-config.adoc[]. +.. Copy the following URI into the *Implementation URI* field: ++ +[source] +---- +https://jsonplaceholder.typicode.com/ +---- +.. Type `80` in the *Port* field. ++ +The example in this guide uses HTTP port `80` instead of the API Manager default port, `8081`, because the created `Service` maps incoming port `80` to target port `80` on the Pod. See the `service.http.port` key in the https://artifacthub.io/packages/helm/flex-gateway/flex-gateway[Helm chart for Omni Gateway^]. + +.. Click *Next* to open the *Review* page. + +. In the *Review* page associated with *APIs / Add API*: +.. Review your API configuration. +.. If necessary, use *Edit* to revise any configurations. +.. When your configuration is correct, click *Save & Deploy*. ++ +Inside the gateway, all incoming HTTP requests on port `80` are proxied to the `jsonplaceholder` service. +. From a terminal window, test the API instance: +.. Get your external IP address and use it to check that your IP redirects to the *Implementation URI*: ++ +[source,kubectl] +---- +kubectl -n gateway get services +---- ++ +The command returns a result that looks similar to this example: ++ +[[get-services]] +---- +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +ingress LoadBalancer 10.100.145.109 <123456.aws.com> 80:30524/TCP,443:31710/TCP 7d7h +---- ++ +The `EXTERNAL-IP` value `<123456.aws.com>` is an example and not an actual value. ++ +.. Run the following `curl` command, replacing `` with _your_ `EXTERNAL-IP` from the preceding step: ++ +[source,curl] +---- +curl -s -o /dev/null -w "%{http_code}\n" --request GET 'http://:80/users' +---- ++ +The command executes a `GET` request to the API and prints a success code: ++ +---- +200 +---- ++ +You can also run a simpler `curl` command to return an array of JSON objects from the service's `/users` endpoint, for example: ++ +[source,curl] +---- +$ curl http://:80/users +---- + +== Step 6: Secure Your API Using the Basic Authentication Policy + +Use API Manager to add a basic authentication policy to your API. + +. In *API Manager*, select *API Instances* from the side navigation panel. +. Find and click the name of the API that you created in <>, such as *my-api*. +. Navigate to the *Policies* page for your API: +.. Select *Policies* from the side navigation panel. +.. On the *Policies* page, click *Add policy*. ++ +image::gateway-quickstart-add-policy.png["Add Policy page with Add policy button",width=90%] +. In the page that opens, find the *Security* policy called *Basic Authentication - Simple* policy. ++ +image::gateway-quickstart-k8-basic-auth.png["A form that empowers you to choose from a range of security policies",width=90%] ++ +Be careful to avoid selecting the similarly named policy for LDAP. +. Click *Next*. +. Configure a Basic Authentication policy: ++ +image::gateway-quickstart-config-basic-auth.png["Screenshot of 'Configure Basic Authentication - Simple policy' page",width=80%] ++ +.. For *User Name*, enter `user` instead of your real user name. ++ +If the field is pre-populated with a value, you can keep the value or change it to the suggested value. ++ +.. For *User Password*, enter `pw`. ++ +If the field is pre-populated with a value, you can keep the value or change it to the suggested value. ++ +.. Click *Apply*. + +. Test the API instance: +.. Use `kubectl` to get your external IP address again so that you can use it in the next step: ++ +[source,kubectl] +---- +kubectl -n gateway get services +---- +.. Run the following `curl` a command _without_ authentication parameters, replacing `` with the `EXTERNAL-IP` returned by preceding step: ++ +[source,curl] +---- +curl -s -o /dev/null -w "%{http_code}\n" --request GET 'http://:80/users' +---- ++ +The command returns a `401` because the URI lacks authentication parameters: ++ +---- +401 +---- ++ +.. Run the following `curl` a command _with_ authentication parameters, replacing `` with your `EXTERNAL-IP` from the preceding step: ++ +[source,curl] +---- +curl -s -o /dev/null -w "%{http_code}\n" --request GET 'http://:80/users' -u user:pw +---- ++ +The command prints the resulting `200` status code, indicating success: ++ +---- +200 +---- ++ +The `user` and `password` parameters (`user:pw`) must match the values you specified when you applied the policy. If you enter incorrect authentication parameters, the following error occurs: ++ +---- +401 +---- ++ +To address the error, run the command with the correct authentication parameters, or return to the policy configuration page for your API in API Gateway, edit the policy configuration, and rerun the `curl` commands. ++ +image::gateway-quickstart-k8-config-basic-auth-edit-dialogue.png["Automated and API-level policy settings",width=90%] ++ +The page for editing the credentials looks similar to this one: ++ +image::gateway-quickstart-k8-config-basic-auth-edit.png["A form with fields to input a username and password",width=90%] + + +[[troubleshooting-k8]] +== Troubleshooting +//iterative troubleshooting info to add as needed: + +If you encounter an error when running a command, check for troubleshooting information: + +<> | <> + +[[docker-troubleshooting]] +=== Docker Command Issues + +//intro +include::partial$troubleshoot.adoc[tags=troubleshoot-docker-intro] + +[[daemon-bad-response]] +==== Docker Daemon Error + +//error +include::partial$troubleshoot.adoc[tags=troubleshoot-docker-daemon-bad-response] + +[[bad-request]] +==== Reg Facade Error (400 Bad Request) + +//error +include::partial$troubleshoot.adoc[tags=troubleshoot-docker-bad-request] + +[[helm-troubleshooting]] +=== Helm Command Issues + +[[troubleshoot-helm-intro]] +//intro +include::partial$troubleshoot.adoc[tags=troubleshoot-helm-intro] + +[[troubleshoot-helm-yaml-empty]] +==== Upgrade Failed: Execution Error +//error: +include::partial$troubleshoot.adoc[tags=troubleshoot-helm-yaml-empty] + +[[troubleshoot-helm-upgrade-failed]] +==== Upgrade Failed: Timed Out +//error: +include::partial$troubleshoot.adoc[tags=troubleshoot-helm-upgrade-failed] + +[[troubleshoot-helm-cluster-unreachable]] +==== Kubernetes Cluster Unreachable +//error: +include::partial$troubleshoot.adoc[tags=troubleshoot-helm-cluster-unreachable] + +See <> for additional information. + +[[troubleshoot-helm-openshift-rbac]] +==== Failed to Install CRD +//error: +include::partial$troubleshoot.adoc[tags=troubleshoot-helm-openshift-rbac] + +See <> for additional information. + +[[check-cluster]] +== Check Your Cluster + +Before deploying Omni Gateway to your Kubernetes cluster in <>, ensure that your cluster is ready. Use `kubectl` to list and select (use) a cluster and to get a list of nodes that the cluster uses. If any steps in this section fail, the deployment process is likely to produce errors. + +To prevent potential timeout and connectivity errors when running procedures in this guide, your cluster must meet the <>. + +. Run `kubectl config get-contexts` to list the clusters, for example: ++ +[source,kubectl] +---- +kubectl config get-contexts +---- ++ +This command is particularly helpful if you have multiple Kubernetes clusters. You can use the command to get the name of the correct cluster. For example, assume that you have a variety of clusters (`my-cluster`, `my-aks`, `my-gke`, `my-eks`). The command prints a list of your clusters. ++ +The following _example_ shows a list of clusters produced by the command: ++ +---- +CURRENT NAME CLUSTER AUTHINFO NAMESPACE + my-cluster my-cluster my-cluster1 + my-aks my-aks my-aks + my-gke my-gke my-gke + my-eks my-eks my-eks +---- ++ +If your cluster is not listed and you are using a custom cluster context file on your machine to connect to your cluster, you might need to add its path to a `KUBECONFIG` environment variable that points to that file. By default, `kubectl` searches for a file named `config` in the `$HOME/.kube` directory. That file lists each `context`, which provides properties such as the cluster name, user, and certificate authority data. ++ +You can check by running `echo $KUBECONFIG` from your terminal window, which prints a environment variable's value, similar to this example: ++ +---- +{KUBECONFIG}:/Users/me/.kube/config:/Users/me/.kube/additional-clusters/my-gke:/Users/me/.kube/additional-clusters/my-aks:/Users/me/.kube/additional-clusters/my-eks +---- ++ +Adding the path to any additional cluster context files on your machine enables the `kubectl config get-contexts` command to list the cluster contexts and for you to use them. ++ +For more detail, see the https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/[Kubernetes documentation^] about the `kubeconfig` file. + +. Provide the name of a cluster into which you plan to deploy your gateway. ++ +The following example uses the cluster `my-eks`, identified in the cluster list example: ++ +---- +kubectl config use-context my-eks +---- ++ +The command switches to the selected cluster context and prints a message similar to this one: ++ +---- +Switched to context "my-eks". +---- ++ +If you receive an error that begins `error: no context exists with the name`, ensure you are using the `NAME` value of the cluster listed by `kubectl config get-contexts` and not the `CLUSTER` value. + +. Check that your cluster has one or more nodes: ++ +[source,kubectl] +---- +kubectl get nodes +---- ++ +The command returns a output similar to this example: ++ +---- +NAME STATUS ROLES AGE VERSION +ip-192-168-70-170 Ready 17h v1.x.x +ip-192-168-9-230 Ready 17h v1.x.x +---- ++ +Make sure that at least one node is in the `Ready` status. +//TODO: WHAT specifically TO DO IF NOT Ready? +//TODO: WHAT OTHER CHARACTERISTICS should they check for? +// Can we check whether the node can create an Service resource of LoadBalancer type, for ex? + +. If your cluster is not ready, correct the cluster configuration. ++ +Alternatively, try the Docker-only guide, xref:flex-gateway-getting-started.adoc[], which does not use a Kubernetes cluster, and skip the next steps. + +. If you have not started the Omni Gateway setup procedures yet, review <> before proceeding to <>. + +. If you have successfully completed all the procedures for downloading and registering your gateway with Docker and adding a repository for your Helm chart, and you are ready to begin the deployment procedure, go to <>. + +== Next Steps + +Learn other ways to set up and configure Omni Gateway for a Kubernetes cluster, and review other policy configuration options. + +* xref:flex-review-prerequisites.adoc[] +* xref:flex-gateway-set-up.adoc[] +* xref:flex-gateway-configure.adoc[] +* xref:flex-gateway-k8-management.adoc[] +* xref:policies-included-directory.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-high-availability.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-high-availability.adoc new file mode 100644 index 000000000..6f8ab7ddd --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-high-availability.adoc @@ -0,0 +1,244 @@ += Autoscale and Add Omni Gateway Replicas to a Namespace +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +For high availability (HA) environments, horizontal scaling distributes load across multiple Omni Gateway instances. By default, the Helm chart for Omni Gateway is configured with one replica. To release more Omni Gateway replicas into a namespace, provide one of the following configurations: + +* <>: Set a fixed number of Omni Gateway replicas to create. +* <>: Generate replicas automatically based on CPU, memory, and other settings. + +//how to view helm chart defaults: +include::partial$reference-k8-general.adoc[tags=omni-k8-helm-chart-info] + +== Before You Begin + +Ensure that the following prerequisites are in place: + +* An Omni Gateway deployment or a registered Omni Gateway instance (gateway) ++ +For gateway registration and deployment processes, see xref:flex-gateway-set-up.adoc[] or xref:flex-gateway-k8-getting-started.adoc[]. + +* A Kubernetes cluster for your Omni Gateway deployment + +[[replica-count]] +== Set a Replica Count + +Configure and verify the number of replicas that you require. Note that new replicas replace existing replicas. If a newer version of Omni Gateway is available, the command replaces your older replica versions with the latest version. + +The steps to take depend on whether a Helm chart is installed. + +. If a Helm chart for your namespace is installed, run the following command: ++ +.Syntax: +---- +helm -n upgrade \ + / \ +--reuse-values \ +--set replicaCount= +---- ++ +.Example: +[source,helm] +---- +helm -n gateway upgrade \ +ingress flex-gateway/flex-gateway \ +--reuse-values \ +--set replicaCount=2 +---- ++ +When successful, the command prints output similar to this example: ++ +---- +Release "ingress" has been upgraded. Happy Helming! +NAME: ingress +LAST DEPLOYED: Mon Apr 17 15:00:09 2023 +NAMESPACE: gateway +STATUS: deployed +REVISION: 27 +TEST SUITE: None +---- + +. If the Helm chart is not installed, run the following command: ++ +.Syntax: +---- +helm -n \ +upgrade -i --create-namespace \ + / \ +--set-file registration.content= \ +--set replicaCount= +---- ++ +.Example: +[source,helm] +---- +helm -n gateway \ +upgrade -i --create-namespace \ +ingress flex-gateway/flex-gateway \ +--set-file registration.content=registration.yaml \ +--set replicaCount=2 +---- ++ +When successful, the command prints output similar to this example: ++ +---- +Release "ingress" does not exist. Installing it now. +NAME: ingress +LAST DEPLOYED: Mon Apr 17 15:32:50 2023 +NAMESPACE: gateway +STATUS: deployed +REVISION: 1 +TEST SUITE: None +---- + +. Verify creation of the replicas by running the following command: ++ +.Syntax: +---- +kubectl get rs -n +---- ++ +.Example: +---- +kubectl get rs -n gateway +---- ++ +When successful, the command prints output similar to this example: ++ +---- +NAME DESIRED CURRENT READY AGE +ingress-5b7474b8f6 2 2 2 70s +---- + +[[autoscale]] +== Configure Autoscaling + +Horizontal Pod autoscaling generates Omni Gateway replicas automatically based on CPU, memory, and other target and behavioral settings. For descriptions of these settings, see <>. + +[[autoscaling-config]] +=== Update Your Helm Chart with an Autoscaling Configuration + +To update your Helm chart with autoscaling parameters: + +. Create a YAML file with your autoscaling configuration, modifying the settings to meet your requirements. ++ +.Example: +[source,yaml] +---- +autoscaling: + enabled: true +---- ++ +NOTE: This configuration file is the minimum autoscaling configuration. To configure autoscaling with more detail, see <>. + +. If a Helm chart for your namespace is installed, run the following command to apply your autoscaling configuration: ++ +.Syntax: +---- +helm -n upgrade \ + / \ +--reuse-values \ +-f +---- ++ +.Example: +[source,helm] +---- +helm -n gateway upgrade \ +ingress flex-gateway/flex-gateway \ +--reuse-values \ +-f autoscaling.yaml +---- ++ +When successful, the command prints output similar to this example: ++ +---- +Release "ingress" has been upgraded. Happy Helming! +NAME: ingress +LAST DEPLOYED: Tue Apr 18 15:46:38 2023 +NAMESPACE: gateway +STATUS: deployed +REVISION: 33 +TEST SUITE: None +---- + +. If the Helm chart is not installed, run the following command to apply the your autoscaling configuration: ++ +.Syntax: +---- +helm -n \ +upgrade -i --create-namespace \ + / \ +--set-file registration.content= \ +-f +---- ++ +.Example: +[source,helm] +---- +helm -n gateway \ +upgrade -i --create-namespace \ +ingress flex-gateway/flex-gateway \ +--set-file registration.content=registration.yaml \ +-f autoscaling.yaml +---- ++ +When successful, the command prints output similar to this example: ++ +---- +NAME: ingress +LAST DEPLOYED: Tue Apr 18 15:50:29 2023 +NAMESPACE: gateway +STATUS: deployed +REVISION: 1 +TEST SUITE: None +---- + +. Verify your autoscaling configuration by running the following command: ++ +.Syntax: +[source, kubectl] +---- +kubectl get hpa -n +---- ++ +.Example: +[source, kubectl] +---- +kubectl get hpa -n gateway +---- ++ +The command prints output similar to this example: ++ +---- +NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE +ingress Deployment/ingress 66%/50%, 5%/50% 2 11 2 59s +---- + +[[autoscaling-parameters]] +=== Autoscaling Parameters + +To use autoscaling, enable Horizontal Pod Autoscaler (HPA), and configure other Helm chart settings to define autoscaling behavior. + +[%header,cols="1a,2a"] +|=== +| Parameter | Description +| `autoscaling.enabled` | Boolean that indicates whether the Horizontal Pod Autoscaler (HPA) is enabled. Defaults to `false`. +| `autoscaling.minReplicas` | The minimum number of replicas that the HPA scaler is allowed to create. Defaults to `2`. +| `autoscaling.maxReplicas` | The maximum number of replicas that the HPA scaler is allowed to create. Defaults to `11`. +| `autoscaling.targetCPUUtilizationPercentage` | A resource metric that sets the average CPU usage percentage of all deployed Pods. Defaults to `50`. +| `autoscaling.targetMemoryUtilizationPercentage` | A string representing the average memory usage percentage of all deployed Pods. Defaults to `nil`. +| `autoscaling.behavior` | A setting that supports the `HorizontalPodAutoscaler` (HPA) object in Kubernetes. HPA settings control autoscaling behavior, such as the number of application resources based on the rate of change to the workload. +| `autoscaling.behavior.scaleUp`, `autoscaling.behavior.scaleDown` | Settings for autoscaling behavior when the HPA scaler increases (`scaleUp`) or decreases (`scaleDown`) the number of replicas. Define scaling behavior with nested parameters: + +* `selectPolicy`: If a metric of configured resources indicates that scaling is required, this setting determines when to scale Pods. This setting is necessary because Pods can contain different numbers of replicas. Valid values are `Disabled`, `Min`, and `Max`. Defaults to `Max`. The `Min` and `Max` values indicate whether to scale Pods with the lowest (`Min`) or highest (`Max`) number of replicas. +* `stabilizationWindowSeconds`: The minimum number of seconds to wait to rescale an application after a change to the workload. The goal is to prevent an overly aggressive or unstable response by HPA when scaling too frequently. +* `policies`: A list of policies that determine scaling behavior: +** `type`: The type of value for a given policy, 'Percent' or 'Pods'. +** `value`: The value of the type for a given policy. +** `periodSeconds`: The number of seconds between scaling operations for a given policy. +|=== + +For more information about autoscaling, see the https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/[Kubernetes documentation^]. diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-ingress-class.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-ingress-class.adoc new file mode 100644 index 000000000..7d1a2f8d8 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-ingress-class.adoc @@ -0,0 +1,87 @@ += Configure Omni Gateway as an Ingress Controller in Local Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +For Kubernetes deployments in Local Mode, Omni Gateway typically acts as an ingress controller that manages external access to your Kubernetes cluster. + +By default, Omni Gateways deployed on Kubernetes in Local Mode are configured as ingress controllers and can consume `Ingress` resources. The ingress controller configuration is defined in the `IngressClass` resource parameters in the Omni Gateway Helm chart. + +In Kubernetes terminology, `IngressClass` resources configure a gateway as an ingress controller, and `Ingress` resources configure a routing between the ingress controller and the Kubernetes services it controls. For a detailed explanation of Kubernetes `IngressClass` resources and `Ingress` resources, see https://kubernetes.io/docs/concepts/services-networking/ingress/[Kubernetes Ingress^]. + +In the Helm chart, you can edit the `IngressClass` configuration or disable the ingress controller functionality. + +== Before You Begin + +. xref:flex-install.adoc#kubernetes[Download Omni Gateway for Use in a Kubernetes Cluster]. +. xref:flex-local-reg-run.adoc[Register and Run Omni Gateway in a Kubernetes Cluster in Local Mode]. + +== Ingress Class Parameters +The Helm chart includes the following default `IngressClass` parameters and values: + +[source,helm] +---- +ingressClass.enabled: true +ingressClass.name: "{releaseName}-{namespace}" +ingressClass.setAsDefault: false +---- + +[cols="1,2,2"] +|=== +| Parameter | Description | Possible values +| `ingressClass.enabled` | Enables Omni Gateway as an `IngressClass` resource | `true` or `false` +| `ingressClass.name` | The name of the `IngressClass` | Any string +| `ingressClass.setAsDefault` | Sets Omni Gateway as the default `IngressClass` | `true` or `false` +|=== + +Setting `ingressClass.setAsDefault: true` defines the Omni Gateway instance as the default `IngressClass` resource for the cluster. The default `IngressClass` is the default ingress controller for all `Ingress` resources you create in the cluster. + +If there is no default `IngressClass`, or if the default `IngressClass` resource shouldn't be the ingress controller for a specific resource, you must manually define the ingress controller in the `Ingress` resource. + +You can modify the default `IngressClass` parameters during or after the initial installation of the Helm chart. For more information about how to modify a Helm chart, see xref:flex-gateway-k8-change-helm-settings.adoc[] + +== Creating Ingress Resources + +After you xref:flex-local-reg-run-up.adoc#kubernetes[install a Helm chart into a namespace], you can verify your new `IngressClass` resource by running the following command: + +[source,helm] +---- +kubectl get ingressclasses +---- + +To create an ingress routing: + +. xref:flex-local-publish-simple-api.adoc#kubernetes[Publish an API in Local Mode]. +. Define the new API as a Kubernetes Service. + +For more information about Kubernetes Service definitions, see https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service[Defining a Service^]. +. Using `kubectl apply`, create an `Ingress` resource to define routing rules between the `IngressClass` Omni Gateway and the new Kubernetes Service: ++ +[source,ssh] +---- +cat < + annotations: + flex-gateway.ingress.kubernetes.io/api-instance: . +spec: + ingressClassName: + rules: + - http: ... +EOF +---- ++ +The `annotations` field value must match the API instance name and namespace specified when the API was defined. ++ +Omit the `ingressClassName` field if the gateway instance is configured as the default ingress controller. ++ +For more information about `Ingress` resources, see https://kubernetes.io/docs/concepts/services-networking/ingress/[Kubernetes Ingress^]. + + +== See Also + +* xref:flex-gateway-k8-change-helm-settings.adoc[] +* xref:flex-gateway-k8-management.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-management.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-management.adoc new file mode 100644 index 000000000..7b3897d3e --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-management.adoc @@ -0,0 +1,26 @@ += Managing Kubernetes Deployments +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + + +* {empty} +include::partial$configuration-task-list.adoc[tags=management-k8s-helm-settings] +* {empty} +include::partial$configuration-task-list.adoc[tags=management-k8s-add-replicas] +* {empty} +include::partial$configuration-task-list.adoc[tags=management-k8s-nodes] +* {empty} +include::partial$configuration-task-list.adoc[tags=management-k8s-externaldns] +* {empty} +include::partial$configuration-task-list.adoc[tags=management-k8s-ingress-class] +* {empty} +include::partial$configuration-task-list.adoc[tags=management-k8s-istio] + + +== See Also + +* xref:flex-gateway-upgrade.adoc#kubernetes[Upgrade in a Kubernetes Cluster] +* xref:flex-gateway-uninstall.adoc#kubernetes[Uninstall from a Kubernetes Cluster] +* xref:flex-gateway-k8-getting-started.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-node-affinity-config.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-node-affinity-config.adoc new file mode 100644 index 000000000..1fe98f47b --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-k8-node-affinity-config.adoc @@ -0,0 +1,76 @@ += Configure Node Selection for Omni Gateway Deployments on Kubernetes (Node Affinity) +//page-level attribute for repeated content on this page: +:link-helm-chart: After configuring the YAML configuration file for the Pod, proceed to <>. + +//Introduction: +include::partial$task-k8-node-affinity.adoc[tags=omni-node-affinity-intro] + +== Before You Begin + +Meet the minimum Kubernetes and Helm version requirements described in the xref:flex-review-prerequisites.adoc#software-requirements[software requirements]. + +//New section: +//== List and Create Node Labels +include::partial$task-k8-node-affinity.adoc[tags=omni-node-affinity-list-labels] + + +//New section +//== Set Node Affinity for a Pod +include::partial$task-k8-node-affinity.adoc[tags=set-node-affinity] + +For guidance, see the following configuration options: + +//link to anchored section in tag omni-node-affinity-required-matching-intro +* <> +//link to anchored section in tag omni-node-affinity-preferred-matching-intro +* <> +//link to anchored section in tag omni-node-affinity-mixed-matching-intro +* <> + + +//New section: +//==Configure a Required Node Matching Rule for a Pod +include::partial$task-k8-node-affinity.adoc[tags=omni-node-affinity-required-matching-intro] + +//flex-node-affinity-common-conditions (shared in multiple sections) +include::partial$task-k8-node-affinity.adoc[tags=omni-node-affinity-common-conditions] + +//flex-node-affinity-required-matching-yaml +include::partial$task-k8-node-affinity.adoc[tags=omni-node-affinity-required-matching-yaml] + +//page-level attribute (defined in page header) providing link to related section +{link-helm-chart} + +// New subsection: +//=== Configure a Preferred Node Matching Rule for a Pod +include::partial$task-k8-node-affinity.adoc[tags=omni-node-affinity-preferred-matching-intro] + +//shared in multiple sections (common & preferred conditions) +include::partial$task-k8-node-affinity.adoc[tags=omni-node-affinity-common-conditions] +include::partial$task-k8-node-affinity.adoc[tags=omni-node-affinity-preferred-conditions] + +include::partial$task-k8-node-affinity.adoc[tags=omni-node-affinity-preferred-matching-yaml] + +//page-level attribute (defined in page header) providing link to related section +{link-helm-chart} + +// New subsection: +//=== Configure Required and Preferred Node Matching Rules for a Pod +include::partial$task-k8-node-affinity.adoc[tags=omni-node-affinity-mixed-matching-intro] + +//contains links to anchored sections in tags +//(flex-node-affinity-required-matching-intro and flex-node-affinity-preferred-matching-intro): +The example combines the settings from <> and <>. + +//shared in multiple sections (common & preferred conditions) +include::partial$task-k8-node-affinity.adoc[tags=omni-node-affinity-common-conditions] +include::partial$task-k8-node-affinity.adoc[tags=omni-node-affinity-preferred-conditions] + +include::partial$task-k8-node-affinity.adoc[tags=omni-node-affinity-mixed-matching-yaml] + +//page-level attribute (defined in page header) providing link to related section +{link-helm-chart} + +//New section +//=== Upgrade the Helm Chart +include::partial$task-k8-node-affinity.adoc[tags=upgrade-helm-chart] diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-llm-proxy-create-llm-proxy.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-llm-proxy-create-llm-proxy.adoc new file mode 100644 index 000000000..4977420e2 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-llm-proxy-create-llm-proxy.adoc @@ -0,0 +1,151 @@ += Creating an LLM Proxy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +You can configure the LLM Proxy to use different models and different routes. + +NOTE: A large Omni Gateway supports up to 50 LLM Proxies. + +[[before-you-begin]] +== Before You Begin + +. Deploy an Omni Gateway version 1.11.4 or later where you want to deploy your LLM Proxy. ++ +See xref:flex-gateway-managed-set-up.adoc[]. +. Ensure you have the API Manager *API Creator* permission. +. Retrieve your API keys from your LLM Providers. + +[[create-an-llm-proxy]] +== Create an LLM Proxy + +. From API Manager, click *LLM Proxies*. +. Click *+ Add LLM Proxy*. +. Configure the *Inbound Endpoint* of the LLM Proxy: +.. Define a *LLM Proxy Name*. +.. Select an endpoint *Format*: ++ +** OpenAI: Select the OpenAI API format to send requests to all supported LLM Providers (including Gemini). +** Gemini: Select the Gemini API format to send requests to only Gemini. +.. Define a *Base path*. +.. Select *Advanced options* if necessary. +.. Click *Next*. +. Select an Omni Gateway to deploy the server instance to from *Select a gateway*. +. Configure the routes that comprise the *Outbound Endpoint*: +.. Select your *LLM Provider*. +.. Ensure the *URL* for your provider is correct. Edit if necessary. +.. Configure access details for the provider endpoint. +.. Select a *Target Model* to override the model version specified in the payload. Selecting *Not Applicable* sends the request to the specified model. A *Target Model* is required for semantic routing. ++ +[NOTE] +==== +To configure a target model for Amazon Bedrock Claude Modes, you must enter the provider and model ID formatted as `[provider_prefix]/[internal_model_id]`. + +To learn how to find the model ID, see xref:flex-gateway-llm-proxy-request.adoc#amazon-bedrock-model-names[Amazon Bedrock Model Names]. +==== + +.. Click *Add LLM Route* to add additional routes. Complete the previous steps to configure the new route. ++ +NOTE: Each LLM Provider can support one route. +. If adding multiple routes, select a *Routing strategy*. To configure your routing strategy, see: +.. <> +.. <> +. +. Click *Save & Deploy*. + +[[configure-model-based-routing]] +== Configure Model-Based Routing + +. Configure multiple routes. Click *Add LLM Route* to create new routes. +. Select *Model-based* for *Routing strategy*. +. Choose to enable a *Fallback route* for the request to be sent to if the provider or model is incorrectly sepcified. If enabling a fallback route: +.. Select a *Route* to fallback to. +.. Select a target model for the fallback route to use. +. If no fall back route is configured and a route fails, a error response is returned. +. Return to <> step 7 to finish configuring your LLM Proxy. + +[[configure-semantic-routing]] +== Configure Semantic Routing + +For semantic routing, define and apply prompt topics to each route. Define deny list topics to block certain requests. + +To configure semantic routing: + +. Configure multiple routes. Click *Add LLM Route* to create new routes. +. Select *Semantic* for *Routing strategy*. +. If you haven't already, click *Configure Semantic Service*. ++ +To create a semantic service, see <>. +. Select a *Target Model* for each route. +. Define a prompt topics for the routes: +.. Click the *Select prompt topics*. +.. Click *+ Create prompt topic*. +.. Define a *Prompt topic name*. +.. Define a *Prompt utterances* or click *Upload utterances* to upload a plain text file containing your prompt utterances. +.. Click *Create*. +.. Create multiple prompt topics for each route as needed. +. Configure a *Fallback route* for the request to be sent to if it doesn't match a semantic route: +.. Specify an accuracy threshold. When the accuracy of the semantic match is less than this threshold, traffic is sent to the fallback route. +.. Select a *Route* to fallback to. +.. Select a *Target model* for the fallback route to use. +. Create a *Semantic prompt guard* to block users from asking the server about specific topics: +.. Click *+ Create deny list*. +.. Define a *Prompt topic name*. +.. Define a *Prompt utterances* or click *Upload utterances* to upload a plain text file containing your prompt utterances. +.. Click *Create*. +.. Create multiple deny list topics to better protect your LLM Proxy. ++ +NOTE: Creating a semantic prompt guard automatically applies the Semantic Prompt Guard policy. +. Return to <> step 7 to finish configuring your LLM Proxy. + +=== Semantic Routing Limits + +[%header%autowidth.spread,cols="a,a"] +|=== +| Limit | Value +| Prompt topics (across all routes of an LLM Proxy) | 6 +| Utterances per prompt topic | 10 +| Deny list topics | 6 +| Utterances per deny list topic | 10 +| Maximum characters per utterance | 500 +|=== + +[[create-a-semantic-service]] +=== Create and Edit a Semantic Service + +A semantic service compares the request to the defined prompt topic utterances and sends the request to the route that best matches it. The semantic service also compares the request to deny list topic utterances to block certain requests. Only one semantic service is support for each environment. + +To define a semantic service: + +. From API Manager, click *Semantic Service Setup*. +. Click *+ Create Semantic Service*. +. Configure the semantic service parameters: +** *Embedding Service Provider*: The provider of the embedding model. *OpenAI* or *Hugging Face*. +** *URL*: The URL of the embedding service. +** *Model*: The embedding model to use. +** *Auth key*: The API authentication key for the embedding service. +. Click *Deploy*. + +To edit a semantic service: + +. From *Semantic Service Setup*, click the three-dots menu (image:three-dots-menu.png[3%,3%]) of the semantic service you want to edit. +. Make the necessary edits. +. Click *Redeploy*. + +== Edit and Delete an LLM Proxy + +To edit an LLM Proxy: + +. From API Manager, click *LLM Proxies*. +. Click the name of the LLM Proxy you want to edit. +. Click *Configuration*. +. Switch between the *Inbound*, *Gateway*, and *Outbound* configurations to make the necessary edits. +. Click *Save & Deploy*. + +To delete an LLM Proxy: + +. From API Manager, click *LLM Proxies*. +. Click the three-dots menu (image:three-dots-menu.png[3%,3%]) of the LLM Proxy you want to delete. +. Click *Delete LLM Proxy*. +. Click *Yes, Delete*. diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-llm-proxy-policies.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-llm-proxy-policies.adoc new file mode 100644 index 000000000..c358e1713 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-llm-proxy-policies.adoc @@ -0,0 +1,60 @@ += LLM Proxy Policies +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +By default, LLM Proxy applies these policies: + +* Client ID Enforcement +* LLM Proxy Core Policy +* Model Based Routing Policy or Semantic Routing Policy (policy name dependent on embedded service provider) + +You don't need to modify these policies. + +LLM Proxy supports most xref:policies-included-directory.adoc[included policies], but doesn't support outbound policies. + +NOTE: LLM Proxy doesn't support xref:policies-included-rate-limiting-sla.adoc[]. + +These policies are specfic and useful for LLM Proxies: + +* xref:policies-included-regex-prompt-guard.adoc[] +* xref:policies-included-llm-token-rate-limit.adoc[] + +== Apply Policies to LLM Proxies + +. From API Manager, click *LLM Proxies*. +. Click the name of the LLM Proxy you want to apply a policy to. +. Click *AI Policies*. +. Click *+ Add inbound policy*. +. Select the policy to apply. +. Configure the required parameters. ++ +For policy configuration parameters, see xref:policies-included-directory.adoc[]. +. If necessary, configure *Advanced options*. +. Click *Apply*. + +== LLM Proxy Authentication Policy + +By default, the LLM Proxy has the Client ID Enforcement policy applied. +This is required because the Client ID Enforcement populates the `Authentication.clientName` variable in the `Authentication` object that is used as a unique identifier for LLM Metrics. + +To remove the Client ID Enforcement policy, ensure that you either: + +* Apply a policy that populates `Authentication.clientName`: ++ +** xref:policies-included-client-id-enforcement.adoc[] +** xref:policies-included-rate-limiting-sla.adoc[] +** xref:policies-included-oauth-token-introspection.adoc[] (If Client ID enforcement is configured, `skipClientIdValidation=false`) +** xref:policies-included-openid-token-enforcement.adoc[] (If Client ID enforcement is configured, `skipClientIdValidation=false`) +** xref:policies-included-jwt-validation.adoc[] (If Client ID enforcement is configured, `skipClientIdValidation=false`) +** A custom policy that populates `Authentication.clientName` + +* Edit the dataweave variable in LLM Proxy Core to extract a different unique identifier, such as `clientid`, `userid`, or `departmentid`. ++ +NOTE: You can't filter by this unique identifier in Usage Reports. + +== See Also + +* xref:flex-gateway-secure-apis.adoc[] +* xref:policies-included-directory.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-llm-proxy-request.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-llm-proxy-request.adoc new file mode 100644 index 000000000..d003614f7 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-llm-proxy-request.adoc @@ -0,0 +1,706 @@ += LLM Proxy Requests +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +NOTE: This guide only provides OpenAI formatted requests. + +LLM Proxy supports both OpenAI and Gemini Responses and Chat Completions requests. To learn more about the these OpenAI request types, see: + +* https://developers.openai.com/api/reference/resources/chat[Chat Completions] API is designed for conversational multi-turn interactions rather than simple text continuation. +* https://developers.openai.com/api/reference/resources/responses[Responses] API is recommended unified interface for building powerful agent-like applications. + +All requests in this guide are designed to work for both strategies. When sending a request to an LLM Proxy with either routing strategy, you can specify a model in the request. You don't have to modify the request for different routing strategies. Each routing strategy handles the model selection differently: + +* *Model-Based Routing*: The user specifies a model in the request (`"model": "openai/gpt-5.2"`). The LLM Proxy acts as a direct proxy. If no model is specified, the LLM Proxy sends the request to the fallback route or returns an error if no fallback route is configured. +* *Semantic Routing*: No model is specified in the request. The LLM Proxy chooses which model to use based on the request content by matching it to prompt topics you define for each route. If a model is specified in the request, like in model routing examples, it is ignored. ++ +NOTE: Adding a model to a request ensures deterministic routing to a preferred backend if the routing strategy of an LLM Proxy changes. + +[[retrieve-the-request-configuration-parameters]] +== Retrieve the Endpoint Configuration Parameters for your LLM Proxy + +To find your LLM Proxy endpoint configuration and client application credentials required to use the requests in this guide: + +. Find your public endpoint: +.. Navigate to *Runtime Manager* > *Omni Gateways* +.. Click the name of the Omni Gateway where your LLM Proxy is deployed. +.. Copy the *Public Endpoint*. +. Find your base path: +.. From *API Manager* > *LLM Proxies*, click the name of the LLM Proxy whose base path you want to find. +.. Click *Configuration*. +.. Copy the *Base path*. +. Retrieve your client ID and client secret: +.. From the *LLM Summary* page of your LLM Proxy, click *Actions* > *View LLM proxy in Exchange*. +.. Click *Request access*. +.. Select the *API Instance* you want to request access to. +.. Select the *Application* you want to request access to. +.. Select the *SLA tier*. +.. Click *Request access*. +.. Copy the *Client ID* and *Client Secret*. + +[[amazon-bedrock-model-names]] +== Amazon Bedrock Model Names + +Amazon Bedrock Claude models must be specified in Amazon Resource Name (ARN) format, for example: + +---- +bedrockanthropic/us.anthropic.claude-sonnet-4-5-20250929-v1:0 +---- + +Formatted as: + +---- +bedrockanthropic/.anthropic. +---- + +To find your region and model name for your Claude model, see https://docs.aws.amazon.com/bedrock/latest/userguide/inference-profiles-support.html[Supported Regions and models for inference profiles]. + +== Chat Completions API Validation (/chat/completions) Request Examples + +https://developers.openai.com/api/reference/resources/chat[Chat Completions] is the standard API for interacting with models. It is designed for conversational multi-turn interactions rather than simple text continuation. The endpoint requires a model and a messages list with roles (such as system, user, or assistant) to generate context-aware responses. + +These examples are designed to validate the basic functionality of the Chat Completions API. + +=== Basic Chat Completion Example + +This request examples ensures the gateway correctly routes traffic to the specified LLM provider. + +In the example, the model-based routing request ensures the gateway routes traffic to a Gemini 2.0 model. For semantic routing, the gateway routes traffic to the most suitable provider based on the request content: + +[tabs] +==== +Semantic Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "messages": [ + { "role": "developer", "content": "You are a helpful assistant" }, + { "role": "user", "content": "Hello, please introduce yourself" } + ] +}' +---- + +Model-Based Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "model": "gemini/gemini-3-flash-preview", + "messages": [ + { "role": "developer", "content": "You are a helpful assistant" }, + { "role": "user", "content": "Hello, please introduce yourself" } + ] +}' +---- +==== + +=== Creative Content Generation (Temperature Control) Example + +This request example performs can preform brainstorming tasks, such as generating multiple unique marketing slogans. The example writes creative content using the temperature parameter (0 to 2 value, higher values are more creative) to control the randomness and creativity of the response: + +[tabs] +==== +Semantic Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "messages": [ + { "role": "user", "content": "Write a creative story about AI" } + ], + "temperature": 1.5 +}' +---- + +Model-Based Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "model": "gemini/gemini-3-flash-preview", + "messages": [ + { "role": "user", "content": "Write a creative story about AI" } + ], + "temperature": 1.5 +}' +---- +==== + +=== Multi-turn Context Management Example + +This request example maintains conversation context across developer persona, user query, and assistant history. The example passes the "memory" of a conversation to ensure the model knows that "it" refers to "MuleSoft" based on the previous message in the thread: + +[tabs] +==== +Semantic Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "messages": [ + { "role": "developer", "content": "You are a MuleSoft technical expert." }, + { "role": "user", "content": "What is MuleSoft?" }, + { "role": "assistant", "content": "MuleSoft is an integration platform that helps organizations connect applications, data, and devices." }, + { "role": "user", "content": "How does it help with API management?" } + ] +}' +---- + +Model-Based Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "model": "gemini/gemini-3-flash-preview", + "messages": [ + { "role": "developer", "content": "You are a MuleSoft technical expert." }, + { "role": "user", "content": "What is MuleSoft?" }, + { "role": "assistant", "content": "MuleSoft is an integration platform that helps organizations connect applications, data, and devices." }, + { "role": "user", "content": "How does it help with API management?" } + ] +}' +---- +==== + +=== Structured Data Validation (JSON Format) Example + +This request example extracts patterns into structured JSON to transform a messy transcript into a clean JSON object for insertion into a database by using the `top_p` and `max_completion_tokens` parameters: + +[tabs] +==== +Semantic Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "messages": [ + { "role": "user", "content": "Explain MuleSoft Integration patterns in JSON format" } + ], + "max_completion_tokens": 50000, + "top_p": 0.9 +}' +---- + +Model-Based Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "model": "gemini/gemini-3-flash-preview", + "messages": [ + { "role": "user", "content": "Explain MuleSoft Integration patterns in JSON format" } + ], + "max_completion_tokens": 50000, + "top_p": 0.9 +}' +---- +==== + +=== Enterprise Strategy Testing Example + +This request example validates the gateway's ability to handle large-payload "Expert" prompts. The example asks an AI Solution Architect to design a migration strategy from legacy SAP systems to Salesforce using MuleSoft Anypoint Platform with an API-led connectivity approach. + +[tabs] +==== +Semantic Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "messages": [ + { "role": "developer", "content": "You are a MuleSoft solution architect helping with enterprise integrations." }, + { "role": "user", "content": "Design a data integration strategy for a Fortune 500 company migrating from legacy systems to Salesforce using MuleSoft Anypoint Platform. Include API-led connectivity approach." } + ], + "temperature": 0.7, + "max_completion_tokens": 10000 +}' +---- + +Model-Based Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "model": "gemini/gemini-3-flash-preview", + "messages": [ + { "role": "developer", "content": "You are a MuleSoft solution architect helping with enterprise integrations." }, + { "role": "user", "content": "Design a data integration strategy for a Fortune 500 company migrating from legacy systems to Salesforce using MuleSoft Anypoint Platform. Include API-led connectivity approach." } + ], + "temperature": 0.7, + "max_completion_tokens": 10000 +}' +---- +==== + +=== Streaming API Call Example + +This example is designed for User-facing chatbot UIs where the text must appear word-by-word as it is generated, rather than waiting for the entire response to finish. This request example validates the gateway's ability to stream real-time non-buffered token delivery using the `--no-buffer` flag: + +[tabs] +==== +Semantic Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "messages": [ + { "role": "user", "content": "Explain step-by-step MuleSoft integration process" } + ], + "stream": true +}' \ +--no-buffer +---- + +Model-Based Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "model": "gemini/gemini-3-flash-preview", + "messages": [ + { "role": "user", "content": "Explain step-by-step MuleSoft integration process" } + ], + "stream": true +}' \ +--no-buffer +---- +==== + +=== Tool Calling: Initial Request with Tool Definition Example + +This request example allows the model to request real-time information from the application by invoking a function. The example asks the model to invoke a `get_current_time` function to get the current time in San Francisco, The model recognizes it can't answer from memory and instead requests to invoke a `get_current_time` function from your local API. + + +[tabs] +==== +Semantic Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "tool_choice": "auto", + "messages": [ + { "role": "user", "content": "What is the time in San Francisco?" } + ], + "tools": [ + { + "type": "function", + "function": { + "name": "get_current_time", + "description": "When user asks for time tell me to invoke this Tool", + "parameters": { + "type": "object", + "properties": { + "timezone": { "type": "string", "description": "Timezone of the user asked location" } + }, + "required": ["timezone"] + } + } + } + ] +}' +---- + +Model-Based Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "model": "openai/gpt-5.2", + "tool_choice": "auto", + "messages": [ + { "role": "user", "content": "What is the time in San Francisco?" } + ], + "tools": [ + { + "type": "function", + "function": { + "name": "get_current_time", + "description": "When user asks for time tell me to invoke this Tool", + "parameters": { + "type": "object", + "properties": { + "timezone": { "type": "string", "description": "Timezone of the user asked location" } + }, + "required": ["timezone"] + } + } + } + ] +}' +---- +==== + +=== Tool Calling: Request with Tool Execution Response Example + +This request example sends the executed tool output back to the LLM Proxy to generate a final answer. The example provides the executed tool output (current time) back to the LLM Proxy so the model can generate a natural-language response for the user: + +[tabs] +==== +Semantic Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "tool_choice": "auto", + "messages": [ + { "role": "user", "content": "What is the time in San Francisco?" }, + { + "role": "assistant", + "content": null, + "tool_calls": [ + { + "id": "call_KDrTKkRTGfylhkAO4A8s0pAO", + "type": "function", + "function": { + "name": "get_current_time", + "arguments": "{\"timezone\":\"America/Los_Angeles\"}" + } + } + ] + }, + { + "role": "tool", + "tool_call_id": "call_KDrTKkRTGfylhkAO4A8s0pAO", + "content": "2026-02-20T05:02:05.873534-08:00" + } + ], + "tools": [ + { + "type": "function", + "function": { + "name": "get_current_time", + "parameters": { + "type": "object", + "properties": { "timezone": { "type": "string" } }, + "required": ["timezone"] + } + } + } + ] +}' +---- + +Model-Based Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "model": "openai/gpt-5.2", + "tool_choice": "auto", + "messages": [ + { "role": "user", "content": "What is the time in San Francisco?" }, + { + "role": "assistant", + "content": null, + "tool_calls": [ + { + "id": "call_KDrTKkRTGfylhkAO4A8s0pAO", + "type": "function", + "function": { + "name": "get_current_time", + "arguments": "{\"timezone\":\"America/Los_Angeles\"}" + } + } + ] + }, + { + "role": "tool", + "tool_call_id": "call_KDrTKkRTGfylhkAO4A8s0pAO", + "content": "2026-02-20T05:02:05.873534-08:00" + } + ], + "tools": [ + { + "type": "function", + "function": { + "name": "get_current_time", + "parameters": { + "type": "object", + "properties": { "timezone": { "type": "string" } }, + "required": ["timezone"] + } + } + } + ] +}' +---- +==== + +=== Structured Output Validation (JSON Schema) Example + +This request example validates entity extraction into a strictly defined JSON Schema (CalendarEvent). The example asks the model to extract the event information from a plain text user query and return a formatted JSON object that adheres to the required schema. This prevents integration or parsing errors in downstream applications: + +[tabs] +==== +Semantic Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "messages": [ + { "role": "system", "content": "Extract the event information." }, + { "role": "user", "content": "Madhu Dileep and Santosh A are going to a AI Summit on 19th Feb 2026." } + ], + "response_format": { + "type": "json_schema", + "json_schema": { + "name": "CalendarEvent", + "schema": { + "type": "object", + "properties": { + "name": { "type": "string", "description": "Name of the event" }, + "date": { "type": "string", "description": "Date of the event, in MM-DD-YYYY format" }, + "participants": { "type": "array", "items": { "type": "string" } } + }, + "required": ["name", "date", "participants"] + } + } + } +}' +---- + +Model-Based Routing:: ++ +[source,cli] +---- +curl --location '//chat/completions' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "model": "gemini/gemini-3-flash-preview", + "messages": [ + { "role": "system", "content": "Extract the event information." }, + { "role": "user", "content": "Madhu Dileep and Santosh A are going to a AI Summit on 19th Feb 2026." } + ], + "response_format": { + "type": "json_schema", + "json_schema": { + "name": "CalendarEvent", + "schema": { + "type": "object", + "properties": { + "name": { "type": "string", "description": "Name of the event" }, + "date": { "type": "string", "description": "Date of the event, in MM-DD-YYYY format" }, + "participants": { "type": "array", "items": { "type": "string" } } + }, + "required": ["name", "date", "participants"] + } + } + } +}' +---- +==== + +== Responses API Validation (/responses) + +https://developers.openai.com/api/reference/resources/responses[OpenAI Responses API] is recommended unified interface for building powerful, agent-like applications, combining capabilities from previous APIs (like Chat Completions and Assistants) into a single, more efficient endpoint. It is designed to be stateful by default and offers built-in access to advanced tools. + +=== Responses Endpoint for MCP (Model Context Protocol) + +This request example integrates the gateway with an external MCP server for automated action execution. The example asks an AI agent to search a specific internal Knowledge Base or update a Jira ticket using standardized tools defined on a remote MCP server: + +[tabs] +==== +Semantic Routing:: ++ +[source,cli] +---- +curl --location '//responses' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "input": [ + { "role": "system", "content": "You are helpful Service Agent" }, + { "role": "user", "content": "My Laptop screen is broken" } + ], + "tools": [ + { + "type": "mcp", + "server_label": "service_mcp", + "require_approval": "never", + "server_description": "Server enabled to do Service related actions", + "server_url": "https://ask-service-mcp-dvaz3u.c87dy0.usa-e2.cloudhub.io/mcp" + } + ] +}' +---- + +Model-Based Routing:: ++ +[source,cli] +---- +curl --location '//responses' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "model": "openai/gpt-5.2", + "input": [ + { "role": "system", "content": "You are helpful Service Agent" }, + { "role": "user", "content": "My Laptop screen is broken" } + ], + "tools": [ + { + "type": "mcp", + "server_label": "service_mcp", + "require_approval": "never", + "server_description": "Server enabled to do Service related actions", + "server_url": "https://ask-service-mcp-dvaz3u.c87dy0.usa-e2.cloudhub.io/mcp" + } + ] +}' +---- +==== + +=== Stateful Response Persistence + +This request example validates persistent memory by creating a dependency between two requests using `previous_response_id`. The example removes the need for the client to send the entire previous chat history on every turn, reducing bandwidth and improving security by keeping the context on client side: + +Request 1: Initial stored call:: + +[tabs] +==== +Semantic Routing:: ++ +[source,cli] +---- +curl --location '//responses' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "instructions": "You are helpful Service Knowledge Agent", + "input": [ { "role": "user", "content": "My Laptop screen is broken" } ], + "store": true +}' +---- + +Model-Based Routing:: ++ +[source,cli] +---- +curl --location '//responses' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "model": "openai/gpt-5.2", + "instructions": "You are helpful Service Knowledge Agent", + "input": [ { "role": "user", "content": "My Laptop screen is broken" } ], + "store": true +}' +---- + +==== + +Request 2: Follow-up using `previous_response_id` from the response to request 1:: + +[tabs] +==== +Semantic Routing:: ++ +[source,cli] +---- +curl --location '//responses' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "instructions": "You are helpful Service Agent", + "previous_response_id": "", + "input": [ { "role": "user", "content": "Thank you!" } ], + "store": true +}' +---- + +Model-Based Routing:: ++ +[source,cli] +---- +curl --location '//responses' \ +--header 'Content-Type: application/json' \ +--header 'client_id: ' \ +--header 'client_secret: ' \ +--data '{ + "model": "openai/gpt-5.2", + "instructions": "You are helpful Service Agent", + "previous_response_id": "", + "input": [ { "role": "user", "content": "Thank you!" } ], + "store": true +}' +---- +==== \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-llm-proxy-token-reports.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-llm-proxy-token-reports.adoc new file mode 100644 index 000000000..34450c70d --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-llm-proxy-token-reports.adoc @@ -0,0 +1,41 @@ += Viewing Token Usage and LLM Metrics +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + + +[[view-token-usage-reports]] +== View Token Usage Reports + +With Token Usage reports, you can view the amount of API tokens each LLM Proxy uses for individual models. + +NOTE: To limit token usage, apply the xref:policies-included-llm-token-rate-limit.adoc[LLM Token Based Rate Limit policy] to your LLM Proxy. + +To view token usage reports: + +. Click you Anypoint Platform profile icon. This is icon of your initials. +. Click *Usage Reports*. +. Select *LLM Proxy* for *Product*. +. Filter between *Usage by Business Group* and *Usage by Application* to see how tokens are being consumed. + +To learn more about Usage Reports, see xref:general::usage-reports.adoc[]. + +NOTE: Gemini models use reasoning tokens. This number is included in *Total tokens* but isn't individually listed. + +[[view-api-manager-insights]] +== View API Manager Insights + +The API Manager LLM Summary page provides these metrics for your LLM Proxy: + +* Total requests per hour +* Total policy violations per hour +* Total errors per hour +* Average response time per hour + +To view the LLM Summary page for an LLM Proxy: + +. From API Manager, click *LLM Proxies*. +. Click the name of the LLM Proxy you want to view. + +To view more detailed metrics and build custom dashboards, click *View more metrics in Anypoint Monitoring dashboard*. \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-llm-proxy.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-llm-proxy.adoc new file mode 100644 index 000000000..7446fb291 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-llm-proxy.adoc @@ -0,0 +1,59 @@ += LLM Proxy Overview +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + + +LLM Proxy provides a unified access layer for multiple Large Language Model (LLM) providers. LLM Proxies are deployed to Omni Gateway to enable governance, intelligent routing, and cost management for AI applications. + +LLM Proxy is supported on Managed Omni Gateway and Self-Managed Omni Gateway running in Connected Mode. + +By creating a proxy, the user defines a singular LLM service that can receive requests for multiple providers. This simplifies the developer experience. You can add new models to the service seamlessly without changing the endpoint. + +image::llm-proxy.png["An LLM Proxy with a single endpoint routing requests to multiple LLM providers"] + +Depending on configuration, the proxy then sends the request to the model defined by the user or dynamically sends the request to the provider that best matches the request: + +* <>: Static routing. The user specifies what model the LLM Proxy should send the request to. +* <>: Dynamic routing. The LLM Proxy chooses which model to send the request to based on the request content. + +[[supported-llm-providers]] +== Supported LLM Providers + +LLM Proxy supports these LLM Providers and API endpoints: + +[%header%autowidth.spread,cols="a,a,a"] +|=== +| LLM Provider | `/chat/completions` | `/responses` +| OpenAI | Y | Y +| Gemini | Y | Y +| Azure (OpenAI) | Y | Y +| Bedrock (Anthropic Claude Models) | Y | Y +|=== + +[[model-based-routing]] +== Model-Based Routing + +Model-based routing is static routing. In the request, the user specifies what model the LLM Proxy should send the request to. By specifying a target model, LLM Proxy can override the model version provided by the user. + +[[semantic-routing]] +== Semantic Routing + +Semantic routing is dynamic routing where the LLM Proxy chooses which model to send the request to. For Sematic Routing, the user creates prompt topics for each route. When a request is sent to the LLM Proxy, a semantic service compares the request to the define topic utterances and sends the request to the route that best matches it. + +== LLM Proxy Limits + +Up to 50 LLM Proxies are supported per Large Omni Gateway. + +=== Semantic Routing Limits + +[%header%autowidth.spread,cols="a,a"] +|=== +| Limit | Value +| Prompt topics (across all routes of an LLM Proxy) | 6 +| Utterances per prompt topic | 10 +| Deny list topics | 6 +| Utterances per deny list topic | 10 +| Maximum characters per utterance | 500 +|=== diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-maintain.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-maintain.adoc new file mode 100644 index 000000000..7a55e0ac7 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-maintain.adoc @@ -0,0 +1,23 @@ += Upgrading and Maintaining Omni Gateway +:page-aliases: flex-gateway-manage.adoc +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Refer to these topics to learn about Omni Gateway release channels and Omni Gateway maintenance tasks. + +Omni Gateway Release Cadence and Support:: +* xref:flex-gateway-version-lifecycle.adoc[] + +Managed Omni Gateway Maintenance:: +* xref:flex-gateway-managed-upgrade-delete.adoc[] + +Self-Managed Omni Gateway Maintenance:: ++ +-- +* xref:flex-gateway-upgrade.adoc[] +* xref:flex-gateway-delete.adoc[] +* xref:flex-gateway-uninstall.adoc[] +* xref:flex-gateway-renew-certificate.adoc[] +-- diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-managed-getting-started.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-managed-getting-started.adoc new file mode 100644 index 000000000..e7a1b90b1 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-managed-getting-started.adoc @@ -0,0 +1,99 @@ += Getting Started with Managed Omni Gateway on CloudHub 2.0 +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Get started with Anypoint Managed Omni Gateway on CloudHub 2.0. Create and deploy a Managed Omni Gateway, publish an API, and secure the API with a basic authentication policy. + +== Before You Begin + +Before getting started with Omni Gateway, complete these steps: + +* Review the xref:flex-review-prerequisites.adoc[] and verify that you have the necessary Managed Omni Gateway permissions. +* Create a private space in CloudHub 2.0 or verify that you can access an existing private space. To create a private space, see xref:cloudhub-2::ps-create-configure.adoc[]. + +== Deploy a Managed Omni Gateway + +. From Anypoint Platform, select *Runtime Manager*. +. Click *Omni Gateways* in the sidebar. +. Click *Managed Omni Gateway*. +. Click *Add Managed Omni Gateway*. +. Enter a *Gateway name*. +. Select a your private space as your *Deployment target*. +. Click *Advanced options*. +. Copy and save the Managed Omni Gateway public endpoint for later testing. This is the HTTP or HTTPs URL that appears in the *Public endpoint* UI block, for example, `https://my-gateway-abc123.edf456.us-east1.anypoint.mulesoft.com/`. +. Click *Save & deploy*. ++ +The UI returns to the dashboard of your new Managed Omni Gateway. +. Wait until your gateway's *Status* is *Running*. + +== Publish a Simple API + +. From your Managed Gateway's dashboard, click *Add API instance*. +. From the *Add API* page, select *Omni Gateway* as your runtime. +. Select your deployed Managed Omni Gateway in the *Select a gateway* section. +. Click *Next*. +. Click *Create New API*. +. Specify an API name and select *HTTP API* as the asset type. +. Click *Next*. +. Don't configure any downstream options. +. Click *Next*. +. From the *Upstream* page: +.. Enter this URL in the *Upstream URL* field: ++ +[source] +---- +https://jsonplaceholder.typicode.com/ +---- +. Click *Next*. +. Click *Save & Deploy*. ++ +The UI takes you to the *API Summary* page of the newly created API instance. ++ +All HTTP requests made to the public endpoint are now proxied to the `jsonplaceholder` service. +. To test the API instance, replace the public endpoint placeholder and run this command in a new terminal window: ++ +[source,ssh] +---- +curl -s -o /dev/null -w "%{http_code}\n" --request GET '' +---- ++ +The command executes a `GET` request to the API, and then prints the resulting `200` status code, indicating success. + + + +== Secure Your API Using the Basic Authentication Policy + +. From the *API Summary* page, select *Policies* from the side navigation panel. +. In the *Policies* page, click *Add inbound policy*. +. Select the *Basic Authentication - Simple* policy. +. Click *Next*. +. For *User Name*, enter `user`. +. For *User Password*, enter `password`. +. Click *Apply*. + +. To test the API Instance _without_ authentication, replace the public endpoint placeholder and run this command in the terminal window: ++ +[source,ssh] +---- +curl -s -o /dev/null -w "%{http_code}\n" --request GET '' +---- ++ +The command prints a resulting `401 (Unauthorized)` status code, because the request does not include the Authentication context. +. To test the API Instance _with_ authentication, replace the public endpoint placeholder and run this command in the terminal window: ++ +[source,ssh] +---- +curl -s -o /dev/null -w "%{http_code}\n" --request GET '' -u user:password +---- ++ +[NOTE] +The `user` and `password` parameters must match what was specified when you applied the policy via *API Manager*. ++ +The command prints the resulting `200` status code, indicating success. + +== Next Steps + +* xref:flex-review-prerequisites.adoc[] +* xref:flex-gateway-set-up.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-managed-ingress-egress.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-managed-ingress-egress.adoc new file mode 100644 index 000000000..858299e0f --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-managed-ingress-egress.adoc @@ -0,0 +1,33 @@ += Deploying Agent Network Ingress and Egress Managed Omni Gateways +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Agent Network deployments require both an ingress and egress Omni Gateway. The ingress Omni Gateway sits in front of broker and API endpoints to manage and enforce policies on traffic entering the network. The egress Omni Gateway sits on outbound paths from brokers and agents to external agents and enforces policies, manages connections, and emits telemetry data. + +The only functional difference between ingress and egress Omni Gateways, is that the egress Gateway doesn't have a public endpoint. Only clients inside the same private space as the egress gateway can make requests to it. Traffic leaving the private space to external services passes through the egress gateway. + +image::agent-fabric-architecture.png["Agent Network showing agents and MCP servers defined in YAML and published to Exchange, with traffic through Omni Gateway, governed by API Manager, and observed in Monitoring and Visualizer"] + +NOTE: For a more detailed description of this architecture diagram, see xref:anypoint-code-builder::af-agent-networks.adoc#agent-network-architecture[Agent Network Architecture]. + +== Deploy Ingress and Egress Managed Omni Gateways + +The easiest way to deploy your Agent Network ingress and egress Omni Gateways is by using Anypoint Code Builder or Anypoint Command Line Interface (CLI): + +* xref:anypoint-code-builder::af-get-started#set-up-agent-network-gateways-for-your-target-space[Set Up Agent Network Gateways by Using Anypoint Code Builder] +* xref:anypoint-cli::agent-fabric.adoc#agent-network-setup-gateways[Set Up Agent Network Gateways by Using Anypoint CLI] + +To manually deploy both ingress and egress managed Omni Gateways using the Runtime Manager UI, see xref:flex-gateway-managed-set-up.adoc[]. + +For ingress gateways, configure a *Public endpoint* in the advanced options *Ingress* tab. For egress gateways, verify that there's no *Public endpoint* configured. To prevent confusion, give a descriptive name defining the gateway as either ingress or egress. + +== Apply Inbound and Outbound Policies + +Inbound policies are policies that are enforced on all traffic accessing an instance's endpoint. Outbound policies are policies that are enforced on all traffic accessing a specific URL and are only applied to that URL. For example, for an agent instance that has multiple upstreams, an inbound client ID enforcement policy enforces client ID verification for all traffic accessing the agent instance. However, an outbound policy might be applied to only one of the instance's upstream. + +== Next Steps + +* xref:flex-review-prerequisites.adoc[] +* xref:flex-gateway-set-up.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-managed-set-up.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-managed-set-up.adoc new file mode 100644 index 000000000..842dcb5a6 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-managed-set-up.adoc @@ -0,0 +1,200 @@ += Deploy a Managed Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + + +Deploy a Managed Omni Gateway to a CloudHub 2.0 private space or Runtime Fabric namespace to launch a completely managed gateway. Configure the Managed Omni Gateway as an ingress to your target space by exposing a public endpoint, or configure the gateway to only handle internal traffic. You can have one or more Managed Gateway in each environment that the target space is shared with. Gateways can protect any instance from the same environment of the gateway or services in an external network. + +== Before You Begin + +=== CloudHub 2.0 + +Before getting started with Omni Gateway on CloudHub 2.0, make sure: + +* The business group you want to deploy your gateway to has Managed Omni Gateway Resources. To redestribute Managed Omni Gateway resources to a business group, see xref:access-management::business-groups.adoc#redistribute-resources[Redistribute Resources Between Existing Business Groups]. ++ +NOTE: Gateways cannot be shared across business groups. A user must be a member of the business group to access the Omni Gateway. +* xref:cloudhub-2::ps-create-configure.adoc[Create a CloudHub 2.0 Private Space] + +[[rtf]] +=== Runtime Fabric + +Before getting started with Omni Gateway on Runtime Fabric, make sure: + +* Your Runtime Fabric deployment version is 2.11.0 or later. To upgrade, see xref:runtime-fabric::upgrade-index.adoc[Upgrading Runtime Fabric]. +* The business group you want to deploy your gateway to has Managed Omni Gateway Resources. To redestribute Managed Omni Gateway resources to a business group, see xref:access-management::business-groups.adoc#redistribute-resources[Redistribute Resources Between Existing Business Groups]. ++ +NOTE: Gateways cannot be shared across business groups. A user must be a member of the business group to access the Omni Gateway. + +* Run this command in the same namespace as your Runtime Fabric agent to enable the `ManagedFlexGateway` resource: ++ +[source,bash] +---- +# When performing the helm upgrade for the first time, during Runtime Fabric creation: +helm upgrade runtime-fabric rtf/rtf-agent -n --version --set global.crds.flex.enabled=true + +# When enabling Managed Flex Gateway for an existing runtime fabric: +helm upgrade runtime-fabric rtf/rtf-agent -n --reset-then-reuse-values --set global.crds.flex.enabled=true +---- + +NOTE: For Omni Gateway Agent Fabric deployments on Runtime Fabric, you must enable Open Telemetry with a `100` percent *Sampling percentage*. You can't override the sampling percentage for individual instances. + + +== Deploy a Managed Omni Gateway + +. Log in to https://anypoint.mulesoft.com/login/[Anypoint Platform^] with your Anypoint username and password. +. Select *Runtime Manager*. +. Ensure you're in environment where you would like to deploy your Managed Gateway +. Click *Omni Gateways* in the side navigation panel. +. Click *Managed Omni Gateway*. +. Click *Add Managed Omni Gateway*. +. Enter a *Gateway Name*. +. Select the *Deployment Target* where you want to deploy your Managed Omni Gateway. +. Select a *Release Channel*: ++ +[cols="1a,1a"] +|=== +| Release channel | Description +| *Edge* | This channel releases a new minor version every four months. It has the latest features and shorter support windows. +| *Long-Term Support* | This channel releases a new minor version once a year. +|=== ++ +To learn more about the differences between release channels, see xref:flex-gateway-version-lifecycle.adoc[]. + +. Select *Version*. ++ +Select the latest version unless if a later version is specifically needed. + +. Select *Gateway type*: ++ +[cols="1a,1a"] +|=== +| Size | Description +| *Small Managed Omni Gateway* | Use for testing and staging purposes. Small Managed Omni Gateways can deploy up to 50 APIs. +| *Large Managed Omni Gateway* | Use for production purposes. Large Managed Omni Gateways can deploy up to 500 APIs. +| *Extra Large Managed Omni Gateway* | Use for production purposes with higher throughput and more process demanding policies. Extra Large Managed Omni Gateways can deploy up to 500 APIs. +|=== ++ +To learn more about Managed Omni Gateway sizing, see xref:flex-review-prerequisites.adoc#managed-flex-gateway-limits[Managed Omni Gateway Limits]. + +. Configure *Advanced options*: ++ +Ingress:: ++ +* *Public endpoint*: ++ +.. Select your desired private space *Domain*. ++ +To learn more, see xref:cloudhub-2::ps-create-configure.adoc[]. ++ +.. Enter a *Host*. ++ +.. Click *Add Endpoint* to add an additional endpoint to a different domain. ++ +Managed Omni Gateway supports one *Public endpoint* per domain in your private space. ++ +* *Ingress options*: ++ +** *Forward SSL Session*: ++ +Enables SSL forwarding during a session. ++ +SSL forwarding is mostly used with client authentication. See xref:anypoint-security::enable-client-authentication.adoc[]. +SSL forwarding forwards client certificate details in HTTP request headers so they are available to the gateway. +These fields can identify an authenticated client and allow the gateway policies to determine and use the identity. ++ +The following headers are available: ++ +[%header,cols="2*a"] +|=== +| Header Name | Value +| x-ssl-client-verify | SUCCESS/FAIL +| x-ssl-issuer | Client certificate issuer +| x-ssl-client-serial | Client certificate serial number +| x-ssl-client-dn | Contents of the client certificate DN field +| x-ssl-client-cert | Contents of the client certificate +|=== ++ +** *Last-mile Security*: ++ +Specifies that TLS termination and decryption for the forwarded HTTPS connections occurs in the gateway. ++ +Properties:: ++ +To configure how long Managed Omni Gateway waits for response or idle connections, configure the timeout properties: ++ +[cols="1a,1a"] +|=== +| Parameter | Description +| *Upstream Connection Idle Timeout* | The time a upstream connection can remain idle without receiving client requests. Upstream responses are not included in this timeout. +| *Upstream Response Timeout* | The time the upstream service has to respond from when Omni Gateway sends a request. +| *Stream Idle Timeout* | The time a stream can remain idle without receiving additional client requests or upstream responses. +|=== ++ +You can also update timeout values later from *Runtime Configurations* in Runtime Manager. For details, see xref:flex-managed-timeout.adoc[]. ++ +Logging:: ++ +* *Forward application logs to Anypoint Monitoring*: ++ +Forwards Omni Gateway logs to Anypoint Monitoring. When disabled, logs are only available in Runtime Manager. ++ +* *Additional Log Levels*: ++ +** *INFO*: Informative messages +** *DEBUG*: Debugging messages +** *WARNING*: Warning messages +** *ERROR*: Error messages, such as when an exception occurs +** *FATAL*: Fatal messages for when an application fails ++ +[NOTE] +==== + You can use Access Management audit logs to track Managed Omni Gateway actions, such as creating, editing, starting, and stopping gateways. Audit logs don't require configuration. + + To learn more, see xref:flex-managed-view-status.adoc#audit-logs[View Managed Omni Gateway Audit Logs]. +==== ++ +Distributed Tracing:: ++ +* *Distributed tracing*: ++ +Enable to generate OpenTelemetry distributed tracing data for the Managed Omni Gateway. When enabled, you can set the sampling percentage. ++ +* *Sampling percentage*: ++ +Set the overall distributed tracing sampling percentage. This setting corresponds to the `overall` sampling percentage. The `client` and `random` sampling percentages are set to 100% by default, if the sampling percentage is set to a non-zero value here. ++ +Set the *Sampling percentage* to 0 if you want to specify the sampling percentage only on a per-API basis, using the Tracing policy. ++ +NOTE: For Omni Gateway Agent Fabric deployments on Runtime Fabric, you must enable Open Telemetry with a `100` percent *Sampling percentage*. You cannot override the sampling percentage for individual instances. ++ +. Click *Save & deploy*. + +== Edit a Managed Omni Gateway Settings + +To edit a Managed Omni Gateway setting: + +. From Anypoint Platform, select *Runtime Manager > Omni Gateways*. +. Click the Managed Omni Gateway name. +. In the navigation menu, click Settings. +. Make the necessary edits. +. Click *Apply changes*. + +== Remove an Endpoint + +To remove an endpoint: + +. From Anypoint Platform, select *Runtime Manager > Omni Gateways*. +. Click the Managed Omni Gateway name. +. In the navigation menu, click Settings. +. Click *Advanced options*. +. In the *Public endpoint* row, click *X* (Delete). +. Click *Apply changes*. + + +== Next Steps + +* xref:flex-review-prerequisites.adoc[] +* xref:flex-gateway-set-up.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-managed-upgrade-delete.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-managed-upgrade-delete.adoc new file mode 100644 index 000000000..ccc4daffa --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-managed-upgrade-delete.adoc @@ -0,0 +1,49 @@ += Upgrade or Delete Managed Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +You can upgrade or delete a Managed Omni Gateway using Anypoint Runtime Manager. + +Managed Omni Gateways are regularly auto-upgraded, depending on your Gateway release channel (LTS or Edge). +See xref:flex-gateway-version-lifecycle.adoc[] for more information. + +You can upgrade a Managed Omni Gateway earlier than the regularly scheduled upgrade or patching process, between the new release date and the auto-upgrade date. +You can choose the time that better suits the needs of your organization. + +== Early Upgrade Managed Omni Gateway (Optional) + +. From Anypoint Platform, select *Runtime Manager*. +. Select *Omni Gateways* in the navigation menu. +. Select the *Managed Omni Gateway* tab. +. Click the name of the gateway to upgrade. +. Click *Settings* in the navigation menu. +. If a newer version is available, the *Version* field shows an *Update available* tag. +. Click the padlock symbol next to the version and *Update available* tag. +. Click the *Apply Changes* button. + +A status message (*Your gateway is being updated*) appears while the upgrade is being applied. A success message (*Your gateway has been successfully updated*) appears when the upgrade is complete. +. Click *Dashboard* in the navigation menu to view your gateway status. + +== Delete Managed Omni Gateway + +You can delete a Managed Omni Gateway using Anypoint Runtime Manager. + +=== Before You Begin + +If there are any APIs associated with the gateway you want to delete, you must either move the APIs to another gateway or delete the APIs. After any associated APIs are moved or deleted, follow these steps to delete a gateway and confirm the deletion. + +=== Delete Gateway + +. From Anypoint Platform, select *Runtime Manager*. +. Select *Omni Gateways* in the navigation menu. +. Select the *Managed Omni Gateway* tab. +. Click the name of the gateway to delete. +. Ensure the action menu button says *Delete Gateway*. If it says *Stop Gateway*, click the down arrow part of this button, and select *Delete Gateway* to change the action. +. Click the action menu button *Delete Gateway*. +. Verify that you delete the correct gateway in the confirmation dialog. +. Click *Yes, Delete*. + +A status message (*Your gateway is being deleted*) appears while the action is applied. A success message (*Your gateway has been successfully deleted*) appears when the action is complete. + +[NOTE] +If you delete a gateway, you lose its configuration history. \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-monitor.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-monitor.adoc new file mode 100644 index 000000000..d91bcd49f --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-monitor.adoc @@ -0,0 +1,18 @@ += Monitoring Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Omni Gateway enables you to monitor the state of your APIs and gateway instances, and to view key metrics. + +Refer to the following for details about Omni Gateway monitoring and logging: + +* xref:flex-managed-monitor.adoc[] +* xref:flex-conn-monitor.adoc[] +* xref:flex-local-monitor.adoc[] + +== See Also + +* xref:index.adoc[] +* xref:flex-gateway-getting-started.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-publish-apis-conn.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-publish-apis-conn.adoc new file mode 100644 index 000000000..4f3ba6a86 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-publish-apis-conn.adoc @@ -0,0 +1,18 @@ += Publishing Managed Gateway and Connected Mode API Instances +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +For Managed Omni Gateway or Omni Gateway running in Connected Mode, use *API Manager* to publish API instances, Agents, LLMs, and MCP servers. + +For more information, see: + +* xref:api-manager::create-instance-task-flex.adoc[] +* xref:api-manager::create-instance-task-agent-tool.adoc[] + +Additionally, you can publish a simple API instance with xref:flex-gateway-managed-getting-started.adoc[] or xref:flex-gateway-getting-started.adoc[Getting Started with Self-Managed Omni Gateway in Connected Mode]. + +== See Also + +* xref:index.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-publish-apis-local.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-publish-apis-local.adoc new file mode 100644 index 000000000..1d840b8e9 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-publish-apis-local.adoc @@ -0,0 +1,14 @@ += Publishing Local Mode API Instances +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +For Omni Gateway running in Local Mode, you publish API instances using xref:flex-local-configuration-reference-guide.adoc[local declarative configuration files]. You specify the location of these configuration files when you first run Omni Gateway. + +For more information about how to run the gateway, see xref:flex-local-reg-run.adoc[]. + +Refer to these tutorials for examples on publishing APIs in Local Mode: + +* xref:flex-local-publish-simple-api.adoc[] +* xref:flex-local-publish-api-multiple-services.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-publish-apis.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-publish-apis.adoc new file mode 100644 index 000000000..3aa60aad8 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-publish-apis.adoc @@ -0,0 +1,17 @@ += Publishing Omni Gateway API Instances +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Publishing an API instance consists of defining a client service and routing that service to a backend location. Omni Gateway enables you to publish API instances via Anypoint Platform (Connected Mode) or declarative configuration files (Local Mode). + +To publish an API instance in Connected Mode, see xref:flex-gateway-publish-apis-conn.adoc[]. + +To publish an API instance in Local Mode, see xref:flex-gateway-publish-apis-local.adoc[]. + +== See Also + +* xref:index.adoc[] +* xref:flex-gateway-getting-started.adoc[] + diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-release-notes.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-release-notes.adoc new file mode 100644 index 000000000..0afcd3c7c --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-release-notes.adoc @@ -0,0 +1 @@ +include::release-notes::partial$flex-gateway/flex-gateway-rn-landing-page.adoc[tags=rn-landing-page-intro;rn-landing-page-relative-overview-link] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-renew-certificate.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-renew-certificate.adoc new file mode 100644 index 000000000..d7dc0152a --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-renew-certificate.adoc @@ -0,0 +1,486 @@ += Renew Self-Managed Omni Gateway Registration +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] + +Anypoint Omni Gateway uses a managed PKI certificate to communicate with Anypoint Platform. This certificate is generated when you register Omni Gateway in either Connected Mode or Local Mode. Updating the certificate ensures the continued operation of your applications. + +You update a certificate by renewing registration via the `flexctl registration renew` command. + +* The `renew` command renews an existing Omni Gateway registration with Runtime Manager. +* For authentication, you run the `renew` command with either user credentials or with connected app credentials. Authentication with user credentials requires the `--username` and `--password` flags. Authentication with connected app credentials requires the `--client-id` and `--client-secret` flags. + +You verify the renewal process via the `flexctl registration inspect` command. + +* The `inspect` command extracts registration information you can use to verify whether the `renew` command was successful. +* You can also use the `inspect` command to first determine if renewing registration is actually required. The `inspect` command returns the certificate expiration date. +* You can verify (inspect) renewal by using the default method, or you can specify your existing registration file. If you run the `inspect` command without flags, the command inspects registration status by using the default method. + +To avoid disruptions: + +. <> +. Renew your Omni Gateway registration. ++ +Choose one of two methods: ++ +* <> +* <> + +. Verify the success of the renewal process. ++ +Choose one of two methods: ++ +* <> +* <> + +[[before-you-begin]] +== Before You Begin + +To invoke the registration renewal `flexctl` command, download the latest version of Omni Gateway. You don't need to register and run this version of the gateway. + +* xref:flex-install.adoc[] + +[[renew-with-user-password]] +== Renew Registration with Anypoint Platform User Credentials + +. Create a new directory called `flex-renew-registration` (or similar). You run the `renew` command in this new directory. The command creates a new registration file. ++ +[NOTE] +==== +Registration renewal fails if the `renew` command is run in a directory containing an existing registration file. +==== + +. Use the following command: ++ +[tabs] +==== +Linux:: ++ +[source,ssh] +---- +flexctl registration renew --username= --password= \ + +---- ++ +Replace `` and `` with Anypoint Platform user credentials. ++ +Replace `` with the path and filename of the existing `registration.yaml` file. ++ +Use `sudo` if you encounter file permission issues when running this command. ++ +To update environment URLs in your registration file, such as the metering environment URL, use the `--update-urls=true` flag. + +Docker:: ++ +For Omni Gateway running in a container, invoke `renew` as part of the container `run` command. ++ +[source,ssh] +---- +docker run --entrypoint flexctl \ +-v "$(pwd)":/renew \ +-v :/registration \ +-u $UID mulesoft/flex-gateway \ +registration renew \ +--username= \ +--password= \ +--output-directory=/renew \ + +---- ++ +Replace `` and `` with Anypoint Platform user credentials. ++ +Replace `` with the path and filename of the existing `registration.yaml` file. You must specify the file in the container file system, which in this case is `/registration/registration.yaml`. ++ +To update environment URLs in your registration file, such as the metering environment URL, use the `--update-urls=true` flag. ++ +As an example, if `/home/user/flex/registration.yaml` contains your current registration file, navigate to `/home/user/flex/` and run the following command with your Anypoint Platform credentials: ++ +[source,ssh] +---- +docker run --entrypoint flexctl \ +-u $UID -v "$(pwd)":/registration \ +mulesoft/flex-gateway \ +registration renew \ +--username= \ +--password= \ +--output-directory=/registration/new \ +/registration/registration.yaml +---- ++ +The command creates a new registration file: `/home/user/flex/new/registration.yaml`. + +Podman:: ++ +For Omni Gateway running in a container, invoke `renew` as part of the container `run` command. ++ +[source,ssh] +---- +podman run --entrypoint flexctl --userns=keep-id \ +-v "$(pwd)":/renew:Z \ +-v :/registration:Z \ +-u $UID docker.io/mulesoft/flex-gateway \ +registration renew \ +--username= \ +--password= \ +--output-directory=/renew \ + +---- ++ +Replace `` and `` with Anypoint Platform user credentials. ++ +Replace `` with the path and filename of the existing `registration.yaml` file. You must specify the file in the container file system, which in this case is `/registration/registration.yaml`. ++ +To update environment URLs in your registration file, such as the metering environment URL, use the `--update-urls=true` flag. +==== ++ +[NOTE] +==== +Disable MFA for your Anypoint Platform account prior to running the `renew` command with user credentials. +==== + +. Run the command. ++ +The output should include the message: ++ +[source,text] +---- +Registration renewal completed +---- + +. Copy the newly created registration file to the runtime registration file location. For example: ++ +`/usr/local/share/mulesoft/flex-gateway/conf.d/registration.yaml` + +. Restart the Omni Gateway replica if one is already running. + +[[renew-with-conn-app]] +== Renew Registration with Connected App Credentials + +. If you don't have a username or password for Anypoint Platform, you can xref:access-management::connected-apps-developers.adoc#create-a-connected-app[configure a connected app] via Anypoint Access Management. +.. Include the following scopes: + +* Read Servers +* Manage Servers +* View Organization + +.. Save the *Id* and *Secret* of the connected app you configure, then use these credentials in the `renew` command. + +. Create a new directory called `flex-renew-registration` (or similar). You run the `renew` command in this new directory. The command creates a new registration file. ++ +[NOTE] +==== +Registration renewal fails if the `renew` command is run in a directory containing an existing registration file. +==== + +. Use the following command: ++ +[tabs] +==== +Linux:: ++ +[source,ssh] +---- +flexctl registration renew --client-id= --client-secret= \ + +---- ++ +Replace `` and `` with the connected app credentials. ++ +Replace `` with the path and filename of the existing `registration.yaml` file. ++ +Use `sudo` if you encounter file permission issues when running this command. ++ +To update environment URLs in your registration file, such as the metering environment URL, use the `--update-urls=true` flag. + +Docker:: ++ +For Omni Gateway running in a container, invoke `renew` as part of the container `run` command. ++ +[source,ssh] +---- +docker run --entrypoint flexctl \ +-v "$(pwd)":/renew \ +-v :/registration \ +-u $UID mulesoft/flex-gateway \ +registration renew \ +--client-id= \ +--client-secret= \ +--output-directory=/renew \ + +---- ++ +Replace `` and `` with the connected app credentials. ++ +Replace `` with the path and filename of the existing `registration.yaml` file. You must specify the file in the container file system, which in this case is `/registration/registration.yaml`. ++ +To update environment URLs in your registration file, such as the metering environment URL, use the `--update-urls=true` flag. ++ +As an example, if `/home/user/flex/registration.yaml` contains your current registration file, navigate to `/home/user/flex/` and run the following command with your connected app credentials: ++ +[source,ssh] +---- +docker run --entrypoint flexctl \ +-u $UID -v "$(pwd)":/registration \ +mulesoft/flex-gateway \ +registration renew \ +--client-id= \ +--client-secret= \ +--output-directory=/registration/new \ +/registration/registration.yaml +---- ++ +The command creates a new registration file: `/home/user/flex/new/registration.yaml`. + +Podman:: ++ +For Omni Gateway running in a container, invoke `renew` as part of the container `run` command. ++ +[source,ssh] +---- +podman run --entrypoint flexctl --userns=keep-id \ +-v "$(pwd)":/renew:Z \ +-v :/registration:Z \ +-u $UID docker.io/mulesoft/flex-gateway \ +registration renew \ +--client-id= \ +--client-secret= \ +--output-directory=/renew \ + +---- ++ +Replace `` and `` with the connected app credentials. ++ +Replace `` with the path and filename of the existing `registration.yaml` file. You must specify the file in the container file system, which in this case is `/registration/registration.yaml`. ++ +To update environment URLs in your registration file, such as the metering environment URL, use the `--update-urls=true` flag. +==== + +. Run the command. ++ +The output should include the message: ++ +[source,text] +---- +Registration renewal completed +---- + +. Copy the newly created registration file to the runtime registration file location. For example: ++ +`/usr/local/share/mulesoft/flex-gateway/conf.d/registration.yaml` + +. Restart the Omni Gateway replica if one is already running. + +[[inspect-with-custom-url]] +== Verify Registration Status with the Default Method + +To inspect a registration, run the following command: + +[tabs] +==== +Linux:: ++ +[source,ssh] +---- +flexctl registration inspect +---- ++ +Use `sudo` if you encounter file permission issues when running this command. + +Docker:: ++ +For Omni Gateway running in a container, run `inspect` as part of the container `exec` command. Replace `` with the running container reference. ++ +[source,ssh] +---- +docker exec -u $UID flexctl registration inspect +---- + +Podman:: ++ +For Omni Gateway running in a container, run `inspect` as part of the container `exec` command. Replace `` with the running container reference. ++ +[source,ssh] +---- +podman exec -u $UID flexctl registration inspect +---- +==== + +The output should include the date of certificate expiration. For example: + +[source,text] +---- +{“expiration_date”: “2025-09-25 19:27:32 +0000 UTC”} +---- + +[[inspect-with-reg-file]] +== Verify Registration Status with a Registration File + +You can inspect a registration by extracting the information from your `registration.yaml` file. Specify the path and filename. + +To inspect a registration, run the following command: + +[tabs] +==== +Linux:: ++ +[source,ssh] +---- +flexctl registration inspect --file= +---- ++ +Use `sudo` if you encounter file permission issues when running this command. + +Docker:: ++ +For Omni Gateway running in a container, invoke `inspect` as part of the container `run` command. ++ +[source,ssh] +---- +docker run --entrypoint flexctl \ +-v :/registration \ +-u $UID mulesoft/flex-gateway \ +registration inspect --file= +---- + +Podman:: ++ +For Omni Gateway running in a container, invoke `inspect` as part of the container `run` command. ++ +[source,ssh] +---- +podman run --entrypoint flexctl --userns=keep-id \ +-v :/registration:Z \ +-u $UID docker.io/mulesoft/flex-gateway \ +registration inspect --file= +---- +==== + +The output should include the date of certificate expiration: + +[source,text] +---- +{“expiration_date”: “2025-09-25 19:27:32 +0000 UTC”} +---- + +As an example, if your current directory contains the registration file, run the following command: +[source,ssh] +---- +docker run --entrypoint flexctl \ +-v "$(pwd)":/registration \ +-u $UID mulesoft/flex-gateway \ +registration inspect --file=/registration/registration.yaml +---- + +== Renew Registration for Omni Gateway Running in Kubernetes + +The following example describes a scenario where Omni Gateway is installed in a `gateway` namespace with an `ingress` release name, and where registration is stored in the Kubernetes database. + +. Recover the `registration.yaml` file with the following `kubectl` command: ++ +[source,ssh] +---- +kubectl -n gateway get secret "$(kubectl -n gateway get deployment ingress -o=jsonpath='{.spec.template.spec.volumes[?(@.name=="registration")].secret.secretName}')" -o=jsonpath='{.data.registration\.yaml}' | base64 --decode > registration.yaml +---- ++ +The command stores the registration file in `./registration.yaml`. + +. Run the `flexctl registration renew` command, as described for Docker in previous sections: ++ +* <> +* <> + +. Upgrade Omni Gateway with the following `helm` command: ++ +[source,ssh] +---- +helm get values -n gateway ingress > values.yaml \ +&& helm upgrade -n gateway ingress flex-gateway/flex-gateway --wait -f values.yaml --set-file registration.content=new/registration.yaml +---- + +== Get Help with the Renewal and Verification Commands + +You can run the following `help` commands for information about usage: + +* Renewal ++ +[tabs] +==== +Linux:: ++ +[source,ssh] +---- +flexctl registration renew --help +---- ++ +Use `sudo` if you encounter file permission issues when running this command. + +Docker:: ++ +For Omni Gateway running in a container, invoke `help` as part of the container `run` command. ++ +[source,ssh] +---- +docker run --entrypoint flexctl mulesoft/flex-gateway registration renew --help +---- + +Podman:: ++ +For Omni Gateway running in a container, invoke `help` as part of the container `run` command. ++ +[source,ssh] +---- +podman run --entrypoint flexctl docker.io/mulesoft/flex-gateway registration renew --help +---- +==== + +* Verification ++ +[tabs] +==== +Linux:: ++ +[source,ssh] +---- +flexctl registration inspect --help +---- ++ +Use `sudo` if you encounter file permission issues when running this command. + +Docker:: ++ +For Omni Gateway running in a container, invoke `help` as part of the container `run` command. ++ +[source,ssh] +---- +docker run --entrypoint flexctl mulesoft/flex-gateway registration inspect --help +---- + +Podman:: ++ +For Omni Gateway running in a container, invoke `help` as part of the container `run` command. ++ +[source,ssh] +---- +podman run --entrypoint flexctl docker.io/mulesoft/flex-gateway registration inspect --help +---- +==== + +== Renew an Expired Registration + +Attempting to run Omni Gateway with an expired certificate in Connected Mode results in the following: + +* New replicas fail to download API configurations from Anypoint Platform, thereby becoming unusable. Existing clusters fail to reload. +* Logs and metrics fail to upload to Anypoint Platform. Troubleshooting using Anypoint Platform is not possible. +* Metering information fails to upload to Anypoint Platform. MuleSoft is unable to collect or report usage metrics. + +Attempting to run Omni Gateway with an expired certificate in Local Mode results in the following: + +* Metering information fails to upload to Anypoint Platform. MuleSoft is unable to collect or report usage metrics. + +If a certificate expires, you can still invoke `flexctl registration renew`, which updates the expired certificate. + +== See Also + +* xref:flex-install.adoc[] +* xref:flex-conn-reg-run.adoc[] +* xref:flex-local-reg-run.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-secure-apis.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-secure-apis.adoc new file mode 100644 index 000000000..3f75790d6 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-secure-apis.adoc @@ -0,0 +1,27 @@ += Securing Omni Gateway Instances with Policies +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-aliases: policies::policies-overview.adoc, policies::index.adoc, api-manager::policies-landing-page.adoc + +Policies enforce rules when Omni Gateway processes requests, enabling you to secure and govern your Omni Gateway API, agent, and tool instances. + +MuleSoft provides policies that you can apply to your instances via Anypoint Platform or declarative configuration files. The provided policies include rate limiting, caching, authentication, authorization, threat protection, monitoring, logging. For more information about MuleSoft-provided policies, see the xref:policies-included-directory.adoc[] and xref:policies-outbound-directory.adoc[]. + +To extend existing functionality or define new functionality, create custom policies based on your specific business requirements. For information about creating custom policies, see xref:pdk::policies-pdk-overview.adoc[]. + +Automated policies enable your instances to comply with common security and logging requirements by automatically applying the same set of policies to all instances running in Omni Gateway. See xref:policies-automated-overview.adoc[] for more information. + +To apply a policy for Managed Omni Gateway or Connected Mode, see xref:flex-gateway-secure-conn.adoc[]. + +To apply a policy in Local Mode, see xref:flex-gateway-secure-local.adoc[]. + +For information about policy reordering, see xref:policies-reorder.adoc[]. + +For information about DataWeave support, see xref:policies-flex-dataweave-support.adoc[]. + +== See Also + +* xref:index.adoc[] +* xref:flex-gateway-getting-started-overview.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-secure-conn.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-secure-conn.adoc new file mode 100644 index 000000000..8670999ad --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-secure-conn.adoc @@ -0,0 +1,47 @@ += Applying Policies for Managed Omni Gateways and Connected Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-aliases: policies-included-apply.adoc, api-manager::using-policies.adoc, policies::policies-included-apply.adoc + +For Managed Omni Gateway and Omni Gateway running in Connected Mode, you apply inbound and outbound policies using *API Manager*. To find the policies provided by Omni Gateway, see xref:policies-included-directory.adoc[] and xref:policies-outbound-directory.adoc[]. + +== Apply an Inbound Policy + +. Go to *Anypoint Platform > API Manager*. +. From *API Instances* or *Agent and Tool Instances*, click the name of the instance to which you want to apply a policy. +. From the side navigation panel, click *Policies*. +. Click *+ Add policy*. +. Select the policy to apply. +. Configure the required parameters. ++ +For policy configuration parameters, see xref:policies-included-directory.adoc[]. +. If necessary, configure *Advanced options*. +. Click *Apply*. + +You can apply a policy to the entire instance by default, or to specific methods and resources within the API. + +== Apply an Outbound Policy + +. Go to *Anypoint Platform > API Manager*. +. From *API Instances* or *Agent and Tool Instances*, click the name of the instance to which you want to apply a policy. +. From the side navigation panel, click *Policies*. +. Click the *Outbound policies* tab. +. Click *+ Add outbound policy*. +. Select the *Upstream* to which you want to apply a policy. +. If you want to apply the policy to an additional upstream, click *Add upstream* and select the additional upstream. Repeat this step for all upstreams to which you want to apply the policy. +. Click *Next*. +. Select the policy to apply. +. Configure the required parameters. ++ +For policy configuration parameters, see xref:policies-outbound-directory.adoc[]. +. If necessary, configure *Advanced options*. +. Click *Apply*. + +You can apply a policy to the entire upstream by default, or to specific methods and resources of the upstream. + +== See Also + +* xref:index.adoc[] +* xref:flex-gateway-getting-started.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-secure-local.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-secure-local.adoc new file mode 100644 index 000000000..022efcd43 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-secure-local.adoc @@ -0,0 +1,20 @@ += Applying Policies in Local Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +For Omni Gateway running in Local Mode, you apply API policies using xref:flex-local-configuration-reference-guide.adoc[local declarative configuration files]. You specify the location of these configuration files when you first run Omni Gateway. + +See xref:flex-local-reg-run.adoc[] for more information about how to start the gateway. + +Refer to the following tutorials for examples on applying policies to APIs in Local Mode: + +* xref:flex-local-secure-api-with-basic-auth-policy.adoc[] +* xref:flex-local-secure-api-with-auto-policy.adoc[] +* xref:flex-local-deploy-custom-policy.adoc[Secure an API with a Custom Policy] + +== See Also + +* xref:index.adoc[] +* xref:flex-gateway-getting-started.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-set-up.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-set-up.adoc new file mode 100644 index 000000000..ec785566e --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-set-up.adoc @@ -0,0 +1,19 @@ += Setting Up Self-Managed Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Setting up Anypoint Omni Gateway consists of installation and registration: + +* xref:flex-install.adoc[] +** Install in Linux. Download for Docker or Kubernetes. +* xref:flex-conn-reg-run.adoc[] +** Register in Connected Mode using an Anypoint username and password, a connected application, or a token. +* xref:flex-local-reg-run.adoc[] +** Register in Local Mode using an Anypoint username and password, a connected application, or a token. + +== See Also + +* xref:index.adoc[] +* xref:flex-gateway-getting-started.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-uninstall.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-uninstall.adoc new file mode 100644 index 000000000..b2364fcd7 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-uninstall.adoc @@ -0,0 +1,106 @@ += Uninstall Self-Managed Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +//TODO: IS THERE AN OPENSHIFT OPTION HERE? +You can uninstall Omni Gateway running as a Linux service, in a container, or in a Kubernetes cluster. + +//TODO: IS THERE AN OPENSHIFT OPTION HERE? +[cols="1a,1a,1a"] +|=== +|image:install-linux-logo.png[20%,20%,xref="#linux"] +|image:install-docker-logo.png[25%,25%,xref="#docker"] +|image:install-kubernetes-logo.png[20%,20%,xref="#kubernetes"] + +|<> +|<> +|<> +|=== + +[[linux]] +== Uninstall Omni Gateway Running as a Linux Service + +Omni Gateway can be uninstalled as any other package: + +[source,ssh] +---- +sudo apt remove -y flex-gateway +---- + +[[docker]] +== Uninstall Omni Gateway Running in a Docker Container + +To uninstall Omni Gateway, stop and remove the Omni Gateway container: + +. Determine the Omni Gateway container ID by listing all the running containers: ++ +[source,ssh] +---- +docker ps +---- + +. In the list of containers, note the container ID associated with the Omni Gateway container you want to uninstall. + +. Stop the Omni Gateway container: ++ +[source,ssh] +---- +docker stop +---- ++ +Replace ` +---- ++ +Replace `> +|<> +|<> +|=== + +[[linux]] +== Upgrade as a Linux Service + +Omni Gateway is distributed as a standard package. Use the following steps to upgrade or downgrade Omni Gateway to either a specific version or the latest version. + +To upgrade or downgrade Omni Gateway as a Linux Service: + +. Update the list of available packages: ++ +[source,ssh] +---- +sudo apt update +---- ++ +To list the available versions, run: ++ +[source,ssh] +---- +apt list -a flex-gateway +---- + +. Update Omni Gateway: +* To the latest version: ++ +[source,ssh] +---- +sudo apt --only-upgrade -y install flex-gateway +---- + +* To a specific version: ++ +[source,ssh] +---- +sudo apt --only-upgrade -y install flex-gateway= +---- + +* To a downgrade version: ++ +[source,ssh] +---- +sudo apt --only-upgrade -y --allow-downgrades install flex-gateway= +---- + +. Restart the services: ++ +[source,ssh] +---- +sudo systemctl restart flex-gateway +---- + +[[docker]] +== Upgrade in a Docker Container + +The docker containers are not updated, if a new version is needed then a new container with the new image version +should be created to replace the outdated one. + +The new versions of the images will be available in link:https://hub.docker.com/r/mulesoft/flex-gateway[mulesoft/flex-gateway]. + +[[kubernetes]] +== Upgrade in a Kubernetes Cluster + +. Update charts with the respective chart repositories: ++ +[source,ssh] +---- +helm repo up +---- + +. Upgrade the release to a new version of the Helm chart by executing the following command, replacing example information with your own: ++ +[source,ssh] +---- +helm upgrade -n flex-gateway/flex-gateway --wait +---- + +//TODO: ARE THERE OPENSHIFT OPTIONS HERE? diff --git a/gateway/1.13/modules/ROOT/pages/flex-gateway-version-lifecycle.adoc b/gateway/1.13/modules/ROOT/pages/flex-gateway-version-lifecycle.adoc new file mode 100644 index 000000000..4473c69b6 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-gateway-version-lifecycle.adoc @@ -0,0 +1,136 @@ += Omni Gateway Version Lifecycle +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Starting with Omni Gateway 1.9, MuleSoft introduces two new release channels, Edge and Long-term Support (LTS). These release channels are available for both Managed and Self-Managed Omni Gateway. + +== Edge and LTS Releases for Omni Gateway + +Consider the information in this table to determine which release channel best suits your requirements. + +[%header,cols="4*a"] +|=== + +| Channel Type | Release Cadence | Differentiators | Support Coverage + +| *Edge* + +a| Three times per year + + * May + * August + * November + +| Includes new features more often and has a shorter support period for each release. + +a| Omni Gateway 1.9 and later + + * Five months Standard Support + * Three months Extended Support + +Omni Gateway 1.8 and earlier + + * See https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/versioning-back-support-policy.pdf[MuleSoft Support Policy]. + +| *LTS* + +| Once a year + + * February + +| Bundles new features in an annual release and has a longer support period for each release. + +a| Omni Gateway 1.9 and later + + * Eighteen months Standard Support + * Six months Extended Support + +Omni Gateway 1.8 and earlier + + * See https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/versioning-back-support-policy.pdf[MuleSoft Support Policy]. + +|=== + +NOTE: Release dates are subject to change due to product needs. + +For detailed information and support timeframes for Omni Gateway 1.8 and earlier, see the https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/versioning-back-support-policy.pdf[MuleSoft Support Policy]. + +[[flex-gateway-release-cadence-support]] +== Omni Gateway Version Support + +[%header,cols="a,a,a,a"] +|=== +|Omni Gateway Version |Release Date | End of Standard Support |End of Extended Support +| 1.12.0 LTS |February 25, 2026 |August 25, 2027 |February 25, 2028 +| 1.11.0 Edge |October 15, 2025 |March 15, 2026 |June 15, 2026 +| 1.10.0 Edge |June 27, 2025 |November 27, 2025 |February 27, 2026 +| 1.9.0 LTS|March 18, 2025 |September 18, 2026 |March 18, 2027 +|=== + +== Deployment Models and Lifecycle Management + +Omni Gateway lifecycle management varies depending on the release channel and the type of gateway. +Managed Omni Gateway instances are auto-upgraded regularly, and any available patches are applied once a month. Self-managed gateways are never patched or upgraded automatically. + +[%header,cols="3*a"] +|=== +| Action | Managed Gateway | Self-Managed Gateway + +// Action +| Auto-upgrade +// Managed Gateway +a| +Managed Gateways are auto-upgraded to the latest minor version within their respective channels (Edge or LTS). + + * Edge: Three times per year + * LTS: Once a year +// Self-Managed Gateway +| No auto-upgrade capabilities + +// Action +| Patches +// Managed Gateway +| Monthly auto-patching +// Self-Managed Gateway +| Available for Omni Gateway versions that are within the support period for their respective channels (Edge or LTS). + +// Action +| Self-upgrade +// Managed Gateway +| You can manually upgrade to the latest version that matches your release channel (Edge or LTS) before the scheduled automatic upgrade. +// Self-Managed Gateway +| Always available + +// Action +| Rollback +// Managed Gateway +| You can revert to the previous version if it's still within the release channel support period. +// Self-Managed Gateway +| Available to the previously used version + +// Action +| Restart +// Managed Gateway +| Always +// Self-Managed Gateway +| Until End of Extended Support + +// Action +| Keep running +// Managed Gateway +| Always +// Self-Managed Gateway +| Until End of Extended Support + +// Action +| Supportability +// Managed Gateway +| Standard Support (auto-upgrade ensures that managed gateways are always on the latest Edge or LTS version). +// Self-Managed Gateway +| Until End of Extended Support. See the https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/versioning-back-support-policy.pdf[MuleSoft Support Policy] for more information. + +|=== + +For information on patching, upgrading, rolling back, or deleting a gateway, see xref:flex-gateway-maintain.adoc[Maintaining an Omni Gateway]. diff --git a/gateway/1.13/modules/ROOT/pages/flex-install.adoc b/gateway/1.13/modules/ROOT/pages/flex-install.adoc new file mode 100644 index 000000000..db3706da3 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-install.adoc @@ -0,0 +1,527 @@ += Downloading Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Download and install Omni Gateway as a Linux service, or download the Omni Gateway image from the container registry. Downloading is a prerequisite to registering and running a gateway as a Linux service or in a container, Kubernetes cluster, or OpenShift cluster. + +To run Omni Gateway inside a virtual machine (VM), download and install it as a Linux service. To run Omni Gateway in a container, Kubernetes cluster, or OpenShift cluster, download the Omni Gateway image. + +//table with tech logos and links (linux, docker, k8, openshift) +include::partial$task-reg-run-flex-gateway.adoc[tags=table-logos-links] + +See xref:flex-review-prerequisites.adoc[] for details about hardware and software requirements. + +[[linux]] +== Download and Install as a Linux Service + +You can download and install Omni Gateway as a service in one of the following Linux environments: + +[[install-ubuntu]] +[discrete] +==== image:install-ubuntu-logo.png[2%,2%] Ubuntu + +.Download and install Omni Gateway as an Ubuntu service +[%collapsible] +==== + +[discrete] +===== Software Requirements + +Omni Gateway runs on the following Long Term Support (LTS) versions of Ubuntu: + +* {empty} +include::partial$prerequisites.adoc[tag=ubuntu] + +[discrete] +===== Before You Begin + +Before getting started, ensure that you have installed the following: + +* link:https://gnupg.org/[gnupg2^] +* link:https://refspecs.linuxfoundation.org/LSB_3.0.0/LSB-PDA/LSB-PDA/lsbrelease.html[lsb_release^] + +[discrete] +===== Run Installation Commands + +To download and install Omni Gateway as a Ubuntu service, run the command block that performs the following actions: + +* Retrieves the public package keys and adds the package repository +* Updates the package list +* Updates `apt-get` +* Installs the Omni Gateway package + +[source,ssh] +---- +curl -XGET https://flex-packages.anypoint.mulesoft.com/ubuntu/pubkey.gpg | sudo apt-key add - +echo "deb [arch=amd64] https://flex-packages.anypoint.mulesoft.com/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mulesoft.list +sudo apt update +sudo apt install -y flex-gateway +---- + +include::partial$reference-install-next-steps.adoc[tags=omni-download-install;omni-connected-vs-local] +==== + +[[install-debian]] +[discrete] +==== image:install-debian-logo.png[2%,2%] Debian + +.Download and install Omni Gateway as a Debian service +[%collapsible] +==== + +[discrete] +===== Software Requirements + +Omni Gateway runs on the following Long Term Support (LTS) versions of Debian: + +* {empty} +include::partial$prerequisites.adoc[tag=debian] + +[discrete] +===== Before You Begin + +Before getting started, ensure that you have installed the following: + +* link:https://gnupg.org/[gnupg2^] +* link:https://refspecs.linuxfoundation.org/LSB_3.0.0/LSB-PDA/LSB-PDA/lsbrelease.html[lsb_release^] + +[discrete] +===== Run Installation Commands + +To download and install Omni Gateway as a Debian service, run the command block that performs the following actions: + +* Retrieves the public package keys and adds the package repository +* Updates the package list +* Updates `apt-get` +* Installs the Omni Gateway package + +[source,ssh] +---- +curl -XGET https://flex-packages.anypoint.mulesoft.com/debian/pubkey.gpg | sudo apt-key add - +echo "deb [arch=amd64] https://flex-packages.anypoint.mulesoft.com/debian $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mulesoft.list +sudo apt update +sudo apt install -y flex-gateway +---- + +include::partial$reference-install-next-steps.adoc[tags=omni-download-install;omni-connected-vs-local] +==== + +[[install-amazon-linux]] +[discrete] +==== image:install-amazon-linux-logo.png[2%,2%] Amazon Linux + +.Download and install Omni Gateway as an Amazon Linux service +[%collapsible] +==== + +[discrete] +===== Software Requirements + +Omni Gateway runs on the following Long Term Support (LTS) version of Amazon Linux: + +* {empty} +include::partial$prerequisites.adoc[tag=amazon-linux] + +[discrete] +===== Before You Begin + +Before getting started, ensure that you have installed the following: + +* link:https://gnupg.org/[gnupg2^] + +[discrete] +===== Run Installation Commands + +To download and install Omni Gateway as an Amazon Linux service, run the command block that performs the following actions: + +* Adds the Omni Gateway package repository with a reference to its public key +* Installs the Omni Gateway package + +[source,ssh] +---- +sudo tee /etc/yum.repos.d/flex-gateway.repo <<\EOF +[flex-gateway] +name = Anypoint Flex Gateway +baseurl = https://flex-packages.anypoint.mulesoft.com/amazonlinux/2023/main +gpgcheck=1 +gpgkey=https://flex-packages.anypoint.mulesoft.com/amazonlinux/pubkey.gpg +repo_gpgcheck=1 +enabled=1 +EOF + +sudo yum install -y flex-gateway +---- + +include::partial$reference-install-next-steps.adoc[tags=omni-download-install;omni-connected-vs-local] +==== + +[[install-rhel]] +[discrete] +==== image:install-rhel-logo.png[2%,2%] Red Hat Enterprise Linux + +.Download and install Omni Gateway as a Red Hat Enterprise Linux service +[%collapsible] +==== + +[discrete] +===== Software Requirements + +Omni Gateway runs on the following Long Term Support (LTS) versions of RHEL: + +* {empty} +include::partial$prerequisites.adoc[tag=red-hat] + +[discrete] +===== Before You Begin + +Before getting started, ensure that you have installed the following: + +* link:https://gnupg.org/[gnupg2^] + +[discrete] +===== Run Installation Commands + +To download and install Omni Gateway as a Red Hat Enterprise Linux service, run the command block that performs the following actions: + +* Adds the Omni Gateway package repository with a reference to its public key +* Installs the Omni Gateway package + +[source,ssh] +---- +sudo tee /etc/yum.repos.d/flex-gateway.repo <<\EOF +[flex-gateway] +name = Anypoint Flex Gateway +baseurl = https://flex-packages.anypoint.mulesoft.com/rhel/$releasever/main +gpgcheck=1 +gpgkey=https://flex-packages.anypoint.mulesoft.com/rhel/pubkey.gpg +repo_gpgcheck=1 +enabled=1 +EOF + +sudo yum install -y flex-gateway +---- + +include::partial$reference-install-next-steps.adoc[tags=omni-download-install;omni-connected-vs-local] +==== + +[[install-rhel-ibm]] +[discrete] +==== image:install-rhel-ibm-logo.png[6%,6%] Red Hat Enterprise Linux on IBM Power + +.Download and install Omni Gateway as a Red Hat Enterprise Linux service on IBM Power +[%collapsible] +==== + +[discrete] +===== Software Requirements + +Omni Gateway runs on the following Long Term Support (LTS) versions: + +* {empty} +include::partial$prerequisites.adoc[tag=red-hat-ibm] + +[discrete] +===== Before You Begin + +Before getting started, ensure that you have installed the following: + +* link:https://gnupg.org/[gnupg2^] + +[discrete] +===== Run Installation Commands + +To download and install Omni Gateway as a Red Hat Enterprise Linux service, run the command block that performs the following actions: + +* Adds the Omni Gateway package repository with a reference to its public key +* Installs the Omni Gateway package + +[source,ssh] +---- +sudo tee /etc/yum.repos.d/flex-gateway.repo <<\EOF +[flex-gateway] +name = Anypoint Flex Gateway +baseurl = https://flex-packages.anypoint.mulesoft.com/rhel/$releasever/main +gpgcheck=1 +gpgkey=https://flex-packages.anypoint.mulesoft.com/rhel/pubkey.gpg +repo_gpgcheck=1 +enabled=1 +EOF + +sudo yum install -y flex-gateway +---- + +include::partial$reference-install-next-steps.adoc[tags=omni-download-install;omni-connected-vs-local] +==== + +[[install-centos]] +[discrete] +==== image:install-centos-logo.png[2%,2%] CentOS + +.Download and install Omni Gateway as a CentOS service +[%collapsible] +==== + +[discrete] +===== Software Requirements + +Omni Gateway runs on the following Long Term Support (LTS) version of CentOS: + +* {empty} +include::partial$prerequisites.adoc[tag=centos] + +[discrete] +===== Before You Begin + +Before getting started, ensure that you have installed the following: + +* link:https://gnupg.org/[gnupg2^] + +[discrete] +===== Run Installation Commands + +To download and install Omni Gateway as an CentOS service, run the command block that performs the following actions: + +* Adds the Omni Gateway package repository with a reference to its public key +* Installs the Omni Gateway package + +[source,ssh] +---- +sudo tee /etc/yum.repos.d/flex-gateway.repo <<\EOF +[flex-gateway] +name = Anypoint Flex Gateway +baseurl = https://flex-packages.anypoint.mulesoft.com/centos/$releasever/main +gpgcheck=1 +gpgkey=https://flex-packages.anypoint.mulesoft.com/centos/pubkey.gpg +repo_gpgcheck=1 +enabled=1 +EOF + +sudo yum install -y flex-gateway +---- + +Due to issues with the CentOS package manager you might encounter the following error: +---- +Error: Failed to download metadata for repo 'AppStream': Cannot prepare internal mirrorlist: No URLs in mirrorlist +---- + +If you encounter this error, run the following command: +[source,ssh] +---- +sudo sed -i -e "s|mirrorlist=|#mirrorlist=|g" -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* +---- + +include::partial$reference-install-next-steps.adoc[tags=omni-download-install;omni-connected-vs-local] +==== + +[[container]] +== Download Omni Gateway for Use in a Container +You can download and install Omni Gateway in one of the following containers: + +[[docker]] +[discrete] +==== image:install-docker-logo.png[2%,2%] Docker + +.Download Omni Gateway for Use in a Docker Container +[%collapsible] +==== + +Download the Omni Gateway container image to prepare for registering and running a gateway in a Docker container: + +. Download the Omni Gateway Docker image: ++ +[source,ssh,subs=attributes+] +---- +docker pull {image-owner-lc}/flex-gateway:{gateway-ver-var} +---- + +. Verify that the download succeeded: ++ +[source,ssh,subs=attributes+] +---- +docker images {image-owner-lc}/flex-gateway +---- ++ +When successful, the command lists the Omni Gateway container image, for example: ++ +[source,text,subs=attributes+] +---- +REPOSITORY TAG +{image-owner-lc}/flex-gateway {gateway-ver-var} +---- + +include::partial$reference-install-next-steps.adoc[tags=omni-docker-image;omni-download-install;omni-connected-vs-local] +==== + +[[podman]] +[discrete] +==== image:install-podman-logo.png[2%,2%] Podman + +.Download Omni Gateway for Use in a Podman Container +[%collapsible] +==== + +Download the Omni Gateway container image to prepare for registering and running a gateway in a Podman container: + +. Download the Omni Gateway container image: ++ +[source,ssh,subs=attributes+] +---- +podman pull docker.io/{image-owner-lc}/flex-gateway:{gateway-ver-var} +---- + +. Verify that the download succeeded: ++ +[source,ssh,subs=attributes+] +---- +podman images docker.io/{image-owner-lc}/flex-gateway +---- ++ +When successful, the command lists the Omni Gateway container image, for example: ++ +[source,text,subs=attributes+] +---- +REPOSITORY TAG +{image-owner-lc}/flex-gateway {gateway-ver-var} +---- + +include::partial$reference-install-next-steps.adoc[tags=omni-docker-image;omni-download-install;omni-connected-vs-local] +==== + +[[kubernetes]] +== Download Omni Gateway for Use in a Kubernetes Cluster + +Download the Omni Gateway container image to prepare for registering and running a gateway in a Kubernetes cluster. You can use the following container runtimes: + + +[[install-k8s-docker]] +.*Docker* +[%collapsible] +==== + +. Download the Omni Gateway container image: ++ +[source,ssh,subs=attributes+] +---- +docker pull {image-owner-lc}/flex-gateway:{gateway-ver-var} +---- + +. Verify that the download succeeded: ++ +[source,ssh,subs=attributes+] +---- +docker images {image-owner-lc}/flex-gateway +---- ++ +When successful, the command lists the Omni Gateway container image, for example: ++ +[source,text,subs=attributes+] +---- +REPOSITORY TAG +{image-owner-lc}/flex-gateway {gateway-ver-var} +---- + +include::partial$reference-install-next-steps.adoc[tags=omni-docker-image;omni-k8-download-install] +==== + +[[install-k8s-podman]] +.*Podman* +[%collapsible] +==== + +. Download the Omni Gateway container image: ++ +[source,ssh,subs=attributes+] +---- +podman pull docker.io/{image-owner-lc}/flex-gateway:{gateway-ver-var} +---- + +. Verify that the download succeeded: ++ +[source,ssh,subs=attributes+] +---- +podman images docker.io/{image-owner-lc}/flex-gateway +---- ++ +When successful, the command lists the Omni Gateway container image, for example: ++ +[source,text,subs=attributes+] +---- +REPOSITORY TAG +{image-owner-lc}/flex-gateway {gateway-ver-var} +---- + +include::partial$reference-install-next-steps.adoc[tags=omni-docker-image;omni-k8-download-install] +==== + +[[openshift]] +== Download Omni Gateway for Use in an OpenShift Cluster + +Download the Omni Gateway container image to prepare for registering and running a gateway in an OpenShift cluster. You can use the following container runtimes: + +[[install-openshift-docker]] +.*Docker* +[%collapsible] +==== + +. Download the Omni Gateway container image: ++ +[source,ssh,subs=attributes+] +---- +docker pull {image-owner-lc}/flex-gateway:{gateway-ver-var} +---- + +. Verify that the download succeeded: ++ +[source,ssh,subs=attributes+] +---- +docker images {image-owner-lc}/flex-gateway +---- ++ +When successful, the command lists the Omni Gateway container image, for example: ++ +[source,text,subs=attributes+] +---- +REPOSITORY TAG +{image-owner-lc}/flex-gateway {gateway-ver-var} +---- + +include::partial$reference-install-next-steps.adoc[tags=omni-docker-image;omni-k8-download-install] +==== + +[[install-openshift-podman]] +.*Podman* +[%collapsible] +==== +. Download the Omni Gateway container image: ++ +[source,ssh,subs=attributes+] +---- +podman pull docker.io/{image-owner-lc}/flex-gateway:{gateway-ver-var} +---- + +. Verify that the download succeeded: ++ +[source,ssh,subs=attributes+] +---- +podman images docker.io/{image-owner-lc}/flex-gateway +---- ++ +When successful, the command lists the Omni Gateway container image, for example: ++ +[source,text,subs=attributes+] +---- +REPOSITORY TAG +{image-owner-lc}/flex-gateway {gateway-ver-var} +---- + +include::partial$reference-install-next-steps.adoc[tags=omni-docker-image;omni-k8-download-install] +==== + +== See Also + +* xref:flex-gateway-getting-started.adoc[] +* xref:flex-review-prerequisites.adoc[] +* xref:flex-conn-reg-run.adoc[] +* xref:flex-local-reg-run.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-configuration-reference-guide.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-configuration-reference-guide.adoc new file mode 100644 index 000000000..0be585180 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-configuration-reference-guide.adoc @@ -0,0 +1,726 @@ += Declarative Configuration Reference Guide +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Anypoint Omni Gateway running in Local Mode supports two configuration models: + +* The resource-based model, common in Kubernetes, is ideal for granular definitions. Resources each contain one of the following values for configuration `kind`: +** `ApiInstance` +** `Service` +** `PolicyBinding` +** `Configuration` + +* The inline model is ideal for concise definitions, but is less versatile (for example, automated policies can only be applied in resource-based definitions.) ++ +Inline definitions contain a single `ApiInstance` value for configuration `kind`, under which services and policies are both defined. + +image:gateway-configuration-models.png["Diagram of the structure of API instances, services, and policy binding",width=65%] + +Refer to the <> section for examples of both. + +This reference guide describes the available resources that are applicable to either resource-based configurations or inline configurations. + +[[api-instance]] +== API Instance + +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: + namespace: # optional namespace name +spec: + address: + services: # optional map of upstream services + : + address: + routes: # optional array of routes to service + - config: # optional route configuration + destinationPath: + rules: # optional route rules + policies: # optional array of policies + - policyRef: + name: + namespace: + config: # optional policy configuration + rules: # optional policy rules +---- + +[cols="2,1,1,3"] +|=== +|Parameter |Required or Optional |Default Value |Description + +|`metadata.name` +|Required +|N/A +|The API instance identifier that is used as a target reference for other resources, such as policy bindings. + +|`metadata.namespace` +|Optional +|`default` +| + +|`spec.address` +|Required +|N/A +|The proxy address URL, including protocol, host, port and optional path. If the base path is specified, it must be absent in any `rules.path` attribute. Supported format: +`protocol://host:port/path`, where `path` is optional, and `protocol` is either `http` or `https`. + +|`spec.services` +|Optional +|Empty +|A map of named services and their routes. + +|`spec.services[name].address` +|Required +|N/A +|The service address (and port). Supported format: `protocol://host:port`, where `protocol` is either `http` or `https`. + +|`spec.services[name].routes` +|Optional +|Empty +|An array of routes configured for this API instance towards the service. If left empty, a default route will be established to the service that will route all traffic. + +|`spec.services[name].routes[#].config` +|Optional +|Empty +|The configuration for this route. If left empty, a default configuration will be applied with an empty `destinationPath`. + +|`spec.services[name].routes[#].config.destinationPath` +|Optional +|Empty +|The path to prepend to forwarded requests to the upstream service. For example, if "destinationPath: /api/v1", requests to this API instance with a path like "/orders" will be routed upstream to "/api/v1/orders". + +|`spec.services[name].routes[#].rules` +|Optional +|Empty +|An array of rules for this route. Refer to <> in Policy Binding. + +|`spec.policies` +|Optional +|Empty +|An array of policies to apply to this API Instance. + +|`spec.policies[#].policyRef.name` +|Required +|N/A +|The policy name. + +|`spec.policies[#].policyRef.namespace` +|Optional +|The value of `metadata.namespace` +|The namespace where the policy is defined. For provided policies, the value of this field should be `default`. + +|`spec.policies[#].config` +|Optional +|Empty +|The policy's configuration. Refer to <> in Policy Binding. To use environment variables in `policies[#].config` fields, refer to <>. + +|`spec.policies[#].rules` +|Optional +|Empty +|An array of rules for applying this policy to the API Instance. <> in Policy Binding. + +|=== + +=== API Instance Examples + +The following resource specifies an `ApiInstance` with metadata that describes the instance identifier. The `metadata.name` value is used as the target reference for other resources, such as policy bindings. The `spec.services.routes.config.destinationPath` value prepends `/v1/apps` to the specified paths under `rules`, acting in a similar manner as a base path. + +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: hello-flex-gateway-instance +spec: + address: http://0.0.0.0:8080 + services: + json: + address: https://:443/ + routes: + - rules: + - path: /api(/users/.*) + - path: /api(/comments/.*) + config: + destinationPath: /v1/apps + +---- + +==== Port Sharing + +The following `ApiInstance` resources demonstrate API port sharing, with two distinct API instances listening on port 8080. + +---- +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: httpbin-example +spec: + address: http://0.0.0.0:8080/api/httpbin/ + services: + upstream: + address: https://:443 +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: json-example +spec: + address: http://0.0.0.0:8080/api/json/ + services: + upstream: + address: https://:443 +---- + +Both services listen on port 8080, for example: +---- +curl http://localhost:8080/api/httpbin/get -v +curl http://localhost:8080/api/json/users/1 -v +---- + +[NOTE] +==== +The base path of APIs sharing a port must not clash. For example, the following path combination is not allowed: +---- +http://0.0.0.0:8080/cats +http://0.0.0.0:8080/cats/dogs +---- +==== + +[NOTE] +==== +TLS applies to the port. Therefore, the same TLS policy applies to all API instances sharing the port. +==== + +[[policy-binding]] +== Policy Binding + +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: + namespace: +spec: + targetRef: + name: + namespace: + policyRef: + name: + namespace: + config: # optional policy configuration + order: # optional policy read order + rules: # optional policy rules + - path: + methods: + host: + headers: + :
+---- + +[cols="2,1,1,3"] +|=== +|Parameter |Required or Optional |Default Value |Description + +|`metadata.name` +|Required +|N/A +|The identifier of the policy binding. + +|`metadata.namespace` +|Optional +|`default` +| + +|`spec.targetRef.name` +|Required +|N/A +|The API instance or upstream service identifier to which the policy is bound. + +|`spec.targetRef.namespace` +|Optional +|The value of `metadata.namespace` +|The namespace where the target is defined. + +|`spec.policyRef.name` +|Required +|N/A +|The policy name. See the list of available policies. + +|`spec.policyRef.namespace` +|Optional +|The value of `metadata.namespace` +|The namespace where the policy is defined. For provided policies, the value of this field should be `default`. + +|`spec.config` +|Optional +|Empty +|The policy configuration. The content of this field depends on the specified policy. See the list of available policies. To use environment variables in `config` fields, refer to <>. + +|`spec.order` +|Optional +|50 +|The policy read order in the overall policy execution chain. + +|`spec.rules` +|Optional +|Empty +|An array of rules that will determine if the policy applies to a given request. These rules are checked in an OR fashion. The first one to hold will enable applying the policy to the request. The attributes in each rule object apply in an AND fashion. If path and host are defined, both must match for that rule to hold true. + +|`spec.rules[#].path` +|Optional +|`.*` +|A regular expression to match the request path. + +Capture groups in this regular expression will be used to define path rewriting when routing the request upstream. + +If "path: /api(/.*)", requests with the path /api/orders will be routed upstream as /orders. + +Multiple capture groups can be specified, and the replacement will be the concatenation of all captured substrings. + +|`spec.rules[#].host` +|Optional +|`.*` +|A regular expression to match the request host. + +|`spec.rules[#].methods` +|Optional +|`.*` +|A regular expression to match the request method. + +|`spec.rules[#].headers` +|Optional +|Empty +|A map of header names and value regular expressions that must be present in the request. + +Each entry's key is the expected header name and the value is a regular expression to match the header value. + +|=== + +=== Policy Binding Examples + +The following resource binds a `route` policy to the API instance, routing traffic specified by the `rules` to the proxy address specified in the `Service` configuration snippet: + +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: hello-flex-gateway-route + namespace: e-commerce +spec: + targetRef: + name: hello-flex-gateway-instance + policyRef: + name: route + namespace: default + config: + destinationRef: + name: json + namespace: e-commerce + rules: + - path: /api/json(/.*) +---- + +The following resource binds a `http-basic-authentication-flex` policy to the API instance - requiring requests to include the basic credentials defined in `config.username` and `config.password`. The policy is given a read order value of `2`. + +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: hello-flex-gateway-auth + namespace: e-commerce +spec: + targetRef: + name: hello-flex-gateway-instance + namespace: e-commerce + policyRef: + name: http-basic-authentication-flex + namespace: default + config: + username: chris + password: admin + order: 2 +---- + +[[environment-variables]] +=== Environment Variables for Policy Bindings + +Both policy binding resources and inline policy bindings support environment variables in `config` fields. The environment variables available are dependent on your environment. + +To reference your environment variable, specify your environment variable prefixed by `$`, for example: + +---- +- policyRef: + name: http-basic-authentication-flex + config: + username: $USERNAME + password: $PASSWORD +---- + + +== Service + +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Service +metadata: + name: + namespace: +spec: + address: +---- + +[cols="2,1,1,3"] +|=== +|Parameter |Required or Optional |Default Value |Description + +|`metadata.name` +|Required +|N/A +|The service identifier. + +|`metadata.namespace` +|Optional +|`default` +| + +|`spec.address` +|Required +|N/A +|The service address URL, including protocol, host and port. Supported format: `protocol://host:port`, where `protocol` is either `http` or `https`. + +|=== + +=== Service Example + +The following resource defines a `Service` with metadata that describes the service identifier. The `metadata.namespace` value matches the namespace specified in the `ApiInstance` configuration. The `spec.address` is the address of the API implementation: + +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Service +metadata: + name: json-example + namespace: e-commerce +spec: + address: https://:443/ +---- + +== Configuration + +Define a desired gateway state by creating a `Configuration` entity. `Configuration` entities specify several runtime configuration aspects for Omni Gateway itself, such as <> and <>. The definition includes the following: + +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: + namespace: +spec: + logging: # logging configuration + sharedStorage: # shared storage configuration +---- + +[cols="2,1,1,3"] +|=== +|Parameter |Required or Optional |Default Value |Description + +|`metadata.name` +|Required +|N/A +|The Configuration entity. + +|`metadata.namespace` +|Optional +|`default` +|The namespace value used to isolate Configuration entities. + +|`spec` +|Required +|N/A +|The configuration object that defines gateway characteristics. Objects include: `logging`, `sharedStorage`, `tls`. + +|=== + +[[logging]] +=== Logging + +include::partial$logging-config-file.adoc[] + +==== Logging Example + +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: logging +spec: + logging: + outputs: + - name: log-to-file + type: file + parameters: + path: /var/log + file: log.txt + format: template + template: | + [{date}][{logger}][{level}][{kind}] {message} + runtimeLogs: + logLevel: info + outputs: + - log-to-file + accessLogs: + outputs: + - log-to-file +---- + +[[shared-storage]] +=== Shared Storage + +The `sharedStorage` object configures the gateway for shared storage. Production workflows should use https://redis.io/[Redis^] (minimum version 4.0.0), though defining it is optional. If Redis is not defined, shared storage services at port 4000 are still available but will use an in-memory implementation. + +Optionally, you can use Redis with Transport Layer Security (TLS) to protect sensitive data, prevent unauthorized access, and maintain the reliability of your services. + +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: shared-storage-redis +spec: + sharedStorage: + redis: + address: // REQUIRED + username: // OPTIONAL + password: // OPTIONAL + db: // OPTIONAL + tls: // OPTIONAL + trustedCA: // OPTIONAL + certificate: // OPTIONAL + keyPassphrase // OPTIONAL + key: // REQUIRED + crt: // REQUIRED + alpn: // OPTIONAL + skipValidation: // OPTIONAL + minversion: // OPTIONAL + maxversion: // OPTIONAL + ciphers: // OPTIONAL +---- + +[cols="2,1,1,3"] +|=== +|Parameter |Required or Optional |Default Value |Description + +|`sharedStorage.redis.address` +|Required +|N/A +|The Redis instance address in `host:port` format + +|`sharedStorage.redis.username` +|Optional +|Empty +|The Redis user name + +|`sharedStorage.redis.password` +|Optional +|Empty +|The Redis user password + +|`sharedStorage.redis.db` +|Optional +|0 +|The Redis database number to use + +|`sharedStorage.redis.tls` +|Optional +|Empty +|The Redis TLS configuration + +| `sharedStorage.redis.tls.trustedCA` +| Optional +| N/A +| Root certificate authority to use when verifying server certificates + +| `sharedStorage.redis.tls.certificate` +| Optional +| N/A +| Client certificate to present to the server + +| `sharedStorage.redis.tls.keyPassphrase` +| Optional +| `none` +| The certificate key passphrase. If specified, use the private key format that includes a DEK-Info header. If unspecified, the private key must not be encrypted. + +| `sharedStorage.redis.tls.certificate.key` +| Required +| N/A +| The private key part of the certificate + +| `sharedStorage.redis.tls.certificate.crt` +| Required +| N/A +| The public key part of the certificate + +|`sharedStorage.redis.tls.skipValidation` +| Optional +| `false` +| If true, any certificate presented by the server is accepted. + +| `sharedStorage.redis.tls.minversion` +| Optional +| `1.2` +| The minimum TLS version allowed + +| `sharedStorage.redis.tls.maxversion` +| Optional +| `1.3` +| The maximum TLS version allowed + +| `sharedStorage.redis.tls.alpn` +| Optional +| Empty list +| A prioritized list of supported application level protocols; for example, h2, http/1.1 + +| `sharedStorage.redis.tls.ciphers` +| Optional +| +| + +|=== + +[NOTE] +==== +TLS/Redis supports the same ciphers as the xref:policies-included-tls.adoc[TLS policy], except the following: + +* TLS_RSA_WITH_NULL_SHA +* TLS_PSK_WITH_AES_256_CBC_SHA +* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA +* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA +* TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 +==== + +.*Redis Shared Storage Example* +[%collapsible] +==== +The Redis storage service is an implementation of a REST API object store that functions as a bridge between the object store interface and a Redis backend. + +[source, yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: shared-storage-redis +spec: + sharedStorage: + redis: + address: redis.e-commerce.svc:6379 + username: ecomm-user + password: ecomm-pwd-123 + DB: 7 +---- +==== + +.*Redis with TLS Shared Storage Example* +[%collapsible] +==== +Optionally, you can use Redis with TLS to protect data and ensure secure communication. + +include::partial$task-shared-storage-config.adoc[tags=tls-sample-config] +==== + +.*Local Shared Storage Example* +[%collapsible] +==== +The local storage service is an implementation of a REST API object store that saves data in memory. All data is lost when Omni Gateway is stopped or restarted. + +[source, yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: rtm-config + namespace: sales +spec: + sharedStorage: + local: + enabled: true +---- +==== + +[[examples]] +== Examples + +=== Inline Configuration Example + +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: api-example +spec: + address: http://0.0.0.0:8080 + services: + api-example: + address: https://:443/ + routes: + - rules: + - path: /api(/users/.*) + - path: /api(/comments/.*) + config: + destinationPath: /v1/apps + policies: + - policyRef: + name: http-basic-authentication-flex + config: + username: chris + password: admin +---- + +=== Resource-Based Configuration Example + +---- +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: ingress-http +spec: + address: http://0.0.0.0:8080 +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Service +metadata: + name: json +spec: + address: https://:443/ +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: ingress-http-route +spec: + targetRef: + name: ingress-http + policyRef: + name: route + config: + destinationRef: + name: json + rules: + - path: /api(/users/.*) + - path: /api(/comments/.*) +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: ingress-http-authentication +spec: + targetRef: + name: ingress-http + policyRef: + name: http-basic-authentication-flex + config: + username: chris + password: admin +---- diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-configure.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-configure.adoc new file mode 100644 index 000000000..fca1b56bf --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-configure.adoc @@ -0,0 +1,18 @@ += Configuring Omni Gateway in Local Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-aliases: gateway::flex-local-manage.adoc +:page-mode: local + +include::partial$configuration-task-list.adoc[tags=configuration-task-list-replicas] +include::partial$configuration-task-list.adoc[tags=configuration-task-list-tls] +include::partial$configuration-task-list.adoc[tags=configuration-task-list-shared-storage] +include::partial$configuration-task-list.adoc[tags=configuration-task-list-forward-proxy] +include::partial$configuration-task-list.adoc[tags=configuration-task-list-liveness-check] +include::partial$configuration-task-list.adoc[tags=configuration-task-list-proxy-protocol] +include::partial$configuration-task-list.adoc[tags=configuration-task-list-tracing] + + +Refer to the xref:flex-local-configuration-reference-guide.adoc[] for information about configuring Omni Gateway via declarative configuration files. \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-deploy-custom-policy.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-deploy-custom-policy.adoc new file mode 100644 index 000000000..e7a9aea34 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-deploy-custom-policy.adoc @@ -0,0 +1,208 @@ += Deploying a Custom Policy for Omni Gateway in Local Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +include::partial$pdk-banner.adoc[tag=pdk] + +You can implement custom policies via WebAssembly (WASM) extensions that run on Envoy as custom filters. The following steps demonstrate deploying and applying a custom filter (policy) to an API running in Local Mode: + +. Create a configuration YAML file. +. Save the file in the Omni Gateway configuration directory. +. Create the extension definition. +. Encode the custom policy WASM implementation using `base64`. +. Link the extension definition to the custom policy WASM binary implementation. +. Link the custom policy to an API instance. +. Apply the resources to the Omni Gateway instance. + +== Before You Begin + +Before getting started, ensure that you have: + +* Omni Gateway installed and running in Local Mode. See xref:flex-install.adoc[] for more information about installing and running the gateway. +* Your upstream service URL. See xref:flex-local-publish-simple-api.adoc[] for an example. +* A custom policy implemented and compiled. See xref:policies-custom-flex-implement-rust.adoc[]. + +== Deploy a Custom Policy + +. Create a configuration file called `custom-policy-example.yaml`. + +. Save the file in the Omni Gateway configuration directory. For example: ++ +* `/etc/mulesoft/flex-gateway/conf.d/policies` + +. Create the extension definition. ++ +Copy and paste the following YAML snippet into the new configuration file. The YAML defines the configuration and metadata properties for the custom policy: ++ +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Extension +metadata: + name: custom-local-example-definition +spec: + extends: + - name: extension-authentication + - name: extension-definition + properties: + secret-value: + type: string + required: + - secret-value +---- ++ +* The `metadata.name` value contains the extension name. ++ +* The `Extension` inherits properties from other defined extensions. For example, `spec.extends` specifies that the extension is an `extension-definition`, and that it belongs in the `authentication` category (`extension-authentication`). ++ +* The `spec.properties` values define properties that configure the custom policy instance. ++ +* The `spec.required` value specifies the required properties. + +. Encode the custom policy WASM binary implementation using `base64`. ++ +Encode the custom policy WASM binary implementation by executing the following command: ++ +[source,ssh] +---- +base64 .wasm | tr -d '\n\r' > policy +---- ++ +The command sends the encoded data to a file called `policy`. In the next step, substitute `` with this encoded data. ++ +[NOTE] +==== +If you compiled the policy using a target of `wasm32-unknown-unknown`, locate the binary in `./target/wasm32-unknown-unknown/release`. + +If you compiled the policy using a target of `wasm32-wasi`, locate the binary in `./target/wasm32-wasi/release`. +==== + +. Link the extension definition to the custom policy WASM binary implementation. ++ +In `custom-policy-example.yaml`, define another resource that contains the policy implementation: ++ +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Extension +metadata: + name: custom-local-example-flex +spec: + extends: + - name: custom-local-example-definition + - name: envoy-filter + - name: proxy-wasm-filter + properties: + rootId: + type: string + default: main + implementation: + type: string + default: base64:// +---- ++ +* The `metadata.name` value contains the policy name, which must be different from the name specified in the definition. ++ +* The `spec.extends` value specifies the resource definition to inherit from. For example, `custom-local-example-definition` is the resource previously defined. ++ +* Substitute the `` value of `spec.properties.implementation.default` with the `base64` encoded WASM binary data, generated previously. ++ +[NOTE] +==== +You can include the policy definition and implementation in the same `Extension` resource, but this generates a tighter coupling between them. It is therefore recommended to separate the two into different resources. +==== + +. Link the custom policy to an API instance. ++ +In `custom-policy-example.yaml`, define another resource that links the policy to an API instance: ++ +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: custom-local-example +spec: + targetRef: + kind: ApiInstance + name: ingress-http + policyRef: + kind: Extension + name: custom-local-example-flex + config: + secret-value: "an-example-value" +---- ++ +* The `metadata.name` value contains the custom policy instance name. ++ +* The `spec.targetRef.name` value contains the name of the API instance on which to apply the custom policy. The API instance must already have been defined and applied. ++ +* The `spec.policyRef.name` value contains the custom policy implementation to apply. ++ +* The `spec.config` value contains policy configuration data. + +. Apply the resources to the Omni Gateway instance. ++ +The complete `custom-policy-example.yaml` file now contains the following: ++ +[source,yaml] +---- +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Extension +metadata: + name: custom-local-example-definition +spec: + extends: + - name: extension-authentication + - name: extension-definition + properties: + secret-value: + type: string + required: + - secret-value +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Extension +metadata: + name: custom-local-example-flex +spec: + extends: + - name: custom-local-example-definition + - name: envoy-filter + - name: proxy-wasm-filter + properties: + rootId: + type: string + default: main + implementation: + type: string + default: base64:// +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: custom-local-example +spec: + targetRef: + kind: ApiInstance + name: ingress-http + policyRef: + kind: Extension + name: custom-local-example-flex + config: + secret-value: "an-example-value" +---- ++ +Save the file in the Omni Gateway configuration directory. For example: ++ +* `/etc/mulesoft/flex-gateway/conf.d/policies` + +A custom policy now applies to an API instance called `ingress-http`. + +== See Also + +* xref:policies-custom-flex-implement-rust.adoc[] +* xref:flex-local-configuration-reference-guide.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-env-variables.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-env-variables.adoc new file mode 100644 index 000000000..b5e57d585 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-env-variables.adoc @@ -0,0 +1,8 @@ += Configure Omni Gateway Environment Variables in Local Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: local + +include::partial$env-variables.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-forward-proxy.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-forward-proxy.adoc new file mode 100644 index 000000000..dabe33a69 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-forward-proxy.adoc @@ -0,0 +1,27 @@ += Configuring a Forward Proxy for Omni Gateway in Local Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: local + +include::partial$forward-proxy-config.adoc[tags=intro;icon-table] + +include::partial$forward-proxy-config.adoc[tags=connections;noproxy] + +include::partial$forward-proxy-config.adoc[tags=forward-proxy-parameters] + +include::partial$forward-proxy-config.adoc[tags=linux] + +include::partial$forward-proxy-config.adoc[tags=docker] ++ +include::partial$task-reg-run-flex-gateway.adoc[tags=start-command-local] ++ +include::partial$forward-proxy-config.adoc[tags=docker2] + +include::partial$forward-proxy-config.adoc[tags=k8s] + +include::partial$forward-proxy-config.adoc[tags=proxy-registration] + +== See also +* xref:flex-local-reg-run.adoc[Register and Run Omni Gateway in Local Mode] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-monitor.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-monitor.adoc new file mode 100644 index 000000000..640c4dce3 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-monitor.adoc @@ -0,0 +1,12 @@ += Monitoring in Local Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Omni Gateway running in Local Mode enables you to monitor APIs independent of Anypoint Platform. Using declarative configuration files, you configure Omni Gateway to deliver logs to different Fluent Bit outputs. + +Refer to the following tasks for details about monitoring in Local Mode: + +* xref:flex-local-third-party-logs-config.adoc[Configure External Logs for Omni Gateway in Local Mode] - Configure log output for Fluent Bit output types. Output types include `File`, `HTTP`, and `Splunk`. +* xref:flex-local-view-logs.adoc[View Standard Output Logs] - View Omni Gateway standard output logs. Quickly verify the status of external services and API requests. diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-proxy-protocol.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-proxy-protocol.adoc new file mode 100644 index 000000000..1ff9320d0 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-proxy-protocol.adoc @@ -0,0 +1,20 @@ += Configuring PROXY Protocol in Local Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: local + +include::partial$task-config-proxy-protocol.adoc[tags=intro1;icon-table;byb] + +include::partial$task-config-proxy-protocol.adoc[tags=linux;sample-config] + +include::partial$task-config-proxy-protocol.adoc[tags=docker-intro] ++ +include::partial$task-reg-run-flex-gateway.adoc[tags=start-command-local] ++ +include::partial$task-config-proxy-protocol.adoc[tags=docker-config-file-step;sample-config] + +include::partial$task-config-proxy-protocol.adoc[tags=k8s;sample-config] + +include::partial$task-config-proxy-protocol.adoc[tags=see-also] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-publish-api-multiple-services.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-publish-api-multiple-services.adoc new file mode 100644 index 000000000..f01426446 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-publish-api-multiple-services.adoc @@ -0,0 +1,270 @@ += Publishing an API Instance with Multiple Upstream Services in Local Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Omni Gateway running in Local Mode supports API instances that expose multiple upstream services through a single consumer endpoint. + +Omni Gateway manages traffic by using multiple routes with a defined route order and individual rulesets to direct traffic to different sets of upstream services. Each API instance supports multiple routes that can each direct traffic to multiple upstream services. + +For Omni Gateways running in Local Mode, API instances with multiple upstream services are configured by using the `ApiInstance` and the `PolicyBinding` YAML configuration resources. The `ApiInstance` resource defines an API instance, and the `route-weighted` policy resource defines a single route to one or multiple upstream services. To add additional routes, add multiple `route-weighted` resources. + +The following tutorials use a preconfigured `route-weighted` policy resource. For information about how to configure the resource, see xref:policies-included-traffic-management.adoc[]. + +[cols="1a,1a,1a"] +|=== +|image:install-linux-logo.png[20%,20%,xref="#linux"] +|image:install-docker-logo.png[25%,25%,xref="docker"] +|image:install-kubernetes-logo.png[20%,20%,xref="kubernetes"] + +|<> +|<> +|<> +|=== + +[[linux]] +== Publish an API Running Behind Omni Gateway on Linux + +=== Before You Begin + +Before getting started, ensure that you have: + +* Downloaded Omni Gateway. For more information, see xref:flex-install.adoc[]. +* Registered Omni Gateway and are running it in Local Mode. For more information, see xref:flex-local-reg-run.adoc[Register and Run in Local Mode]. +* Your upstream service URLs. + +=== Publish an API + +. Create a configuration file with a `.yaml` file extension: +.. Give the file a custom name. +.. Save the file in the Omni Gateway configuration directory `/etc/mulesoft/flex-gateway/conf.d/custom`. This directory can contain multiple configuration files. + +. Copy and paste the following YAML snippet into the file, substituting the configuration field values with your values. ++ +The snippet refers to the fictional `products-api` and `products-api-beta` services and a fictional `json-http` API instance. Specify your own API name and your own service details: ++ +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: json-http +spec: + address: http://0.0.0.0:8080/json +​ +--- +​ +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: weight-routing-test +spec: + targetRef: + name: json-http + policyRef: + name: route-weighted + config: + routes: + - weight: 75 # max_value=100, min_value=1 + destinationPath: /posts/ + destinationRef: + name: products-api + - weight: 25 + destinationPath: /posts/ + destinationRef: + name: products-api-beta + rules: + - path: (.*) + methods: POST + headers: + x-test: true + host: test.com + - methods: GET|POST + headers: + x-test: true + y-test: false + host: test.com +---- + +. Save the file. The gateway automatically refreshes the configuration. ++ +. View the logs by executing the following command: ++ +---- +journalctl -u flex-gateway-* +---- ++ +The response looks something like this: ++ +---- +[agent][info] Generating config +[agent][info] Gateway default/18b4e890fe7d: Adding ApiInstance default/products-users-api http://0.0.0.0:8080 +[agent][info] Gateway default/18b4e890fe7d: Adding Route: &{host: path:/api/products(/.*) methods: headerConditions:[] profile:0xc0030529f0} => {Kind:Service Name:products-users-api-products Namespace:default} +[agent][info] Gateway default/18b4e890fe7d: Adding Route: &{host: path:/api/users(/.*) methods: headerConditions:[] profile:0xc0030529f0} => {Kind:Service Name:products-users-api-users Namespace:default} +[agent][info] Gateway default/18b4e890fe7d: Adding Policy default/envoy.filters.http.router +[agent][info] Gateway default/18b4e890fe7d: Adding Service default/monitoring_metrics http://0.0.0.0:9881 +[agent][debug] generating service monitoring_metrics.default.svc hostname: 0.0.0.0 port: 9881 +[agent][info] Gateway default/18b4e890fe7d: Adding Service default/products-users-api-products https://:/ +[agent][info] Gateway default/18b4e890fe7d: Adding Service default/products-users-api-users https://:/ +[agent][debug] generating service products-users-api-products.default.svc hostname: port: +[agent][debug] generating service products-users-api-users.default.svc hostname: port: +[agent][info] Writing envoy bootstrap configuration to /tmp/envoy.json +[envoy][info] cds: add 2 cluster(s), remove 2 cluster(s) +[envoy][info] cds: added/updated 1 cluster(s), skipped 1 unmodified cluster(s) +---- + +An API with multiple upstream services now runs behind Omni Gateway. + +[[docker]] +== Publish an API Running Behind Omni Gateway in a Docker Container + +=== Before You Begin + +Before getting started, ensure that you have: + +* Downloaded Omni Gateway. For more information, see xref:flex-install.adoc[]. +* Registered Omni Gateway and are running it in Local Mode. For more information, see xref:flex-local-reg-run.adoc[Register and Run in Local Mode]. +* Your upstream service URLs. + +=== Publish an API + +. Open a terminal and navigate to the directory that will contain your Omni Gateway configuration files. This directory was specified when you started Omni Gateway. + +. Create a configuration file with a `.yaml` file extension: +.. Give the file a custom name. +.. Save the file. + +. Copy and paste the following YAML snippet into the file, substituting configuration fields with your values. ++ +The snippet refers to the fictional `products-api` and `products-api-beta` services and a fictional `json-http` API instance. Specify your own API name and your own service details: ++ +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: json-http +spec: + address: http://0.0.0.0:8080/json +​ +--- +​ +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: weight-routing-test +spec: + targetRef: + name: json-http + policyRef: + name: route-weighted + config: + routes: + - weight: 75 # max_value=100, min_value=1 + destinationPath: /posts/ + destinationRef: + name: products-api + - weight: 25 + destinationPath: /posts/ + destinationRef: + name: products-api-beta + rules: + - path: (.*) + methods: POST + headers: + x-test: true + host: test.com + - methods: GET|POST + headers: + x-test: true + y-test: false + host: test.com +---- + +. Save the file. The gateway automatically refreshes the configuration. + +. View the Docker container logs, which look something like this: ++ +---- +[agent][info] Generating config +[agent][info] Gateway default/18b4e890fe7d: Adding ApiInstance default/products-users-api http://0.0.0.0:8080 +[agent][info] Gateway default/18b4e890fe7d: Adding Route: &{host: path:/api/products(/.*) methods: headerConditions:[] profile:0xc0030529f0} => {Kind:Service Name:products-users-api-products Namespace:default} +[agent][info] Gateway default/18b4e890fe7d: Adding Route: &{host: path:/api/users(/.*) methods: headerConditions:[] profile:0xc0030529f0} => {Kind:Service Name:products-users-api-users Namespace:default} +[agent][info] Gateway default/18b4e890fe7d: Adding Policy default/envoy.filters.http.router +[agent][info] Gateway default/18b4e890fe7d: Adding Service default/monitoring_metrics http://0.0.0.0:9881 +[agent][debug] generating service monitoring_metrics.default.svc hostname: 0.0.0.0 port: 9881 +[agent][info] Gateway default/18b4e890fe7d: Adding Service default/products-users-api-products https://:/ +[agent][info] Gateway default/18b4e890fe7d: Adding Service default/products-users-api-users https://:/ +[agent][debug] generating service products-users-api-products.default.svc hostname: port: +[agent][debug] generating service products-users-api-users.default.svc hostname: port: +[agent][info] Writing envoy bootstrap configuration to /tmp/envoy.json +[envoy][info] cds: add 2 cluster(s), remove 2 cluster(s) +[envoy][info] cds: added/updated 1 cluster(s), skipped 1 unmodified cluster(s) +---- + +An API with multiple upstream services is now running behind Omni Gateway. + +[[kubernetes]] +== Publish an API Running Behind Omni Gateway in a Kubernetes Cluster + +=== Before You Begin + +Before getting started, ensure that you have: + +* Downloaded Omni Gateway. For more information, see xref:flex-install.adoc[]. +* Registered Omni Gateway and are running it in Local Mode. For more information, see xref:flex-local-reg-run.adoc[Register and Run in Local Mode]. +* Your upstream service URLs. + +include::partial$kubernetes-service-note.adoc[] + +=== Publish an API + +. Use the `kubectl apply` command to apply the following `.yaml` configuration file, substituting the configuration field values with your values. ++ +The snippet refers to the fictional `products-api` and `products-api-beta` services and a fictional `json-http` API instance. Specify your own API name and your own service details: ++ +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: json-http +spec: + address: http://0.0.0.0:8080/json +​ +--- +​ +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: weight-routing-test +spec: + targetRef: + name: json-http + policyRef: + name: route-weighted + config: + routes: + - weight: 75 # max_value=100, min_value=1 + destinationPath: /posts/ + destinationRef: + name: products-api + - weight: 25 + destinationPath: /posts/ + destinationRef: + name: products-api-beta + rules: + - path: (.*) + methods: POST + headers: + x-test: true + host: test.com + - methods: GET|POST + headers: + x-test: true + y-test: false + host: test.com +---- + +. Enter the following command to view the pods logs and ensure that the API was created successfully: + +---- +kubectl logs -f +---- diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-publish-simple-api.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-publish-simple-api.adoc new file mode 100644 index 000000000..fca704735 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-publish-simple-api.adoc @@ -0,0 +1,241 @@ += Publishing a Simple API Instance in Local Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Publish a simple API running behind Omni Gateway in Local Mode, modifying YAML configuration data by one of the following methods: + +* Linux and Docker: `.yaml` files +* Kubernetes: `kubectl apply` + +The following procedures demonstrate applying a simple YAML configuration for an unsecured API with a single upstream service. + +//TODO: IS THERE AN OPENSHIFT OPTION HERE? +[cols="1a,1a,1a"] +|=== +|image:install-linux-logo.png[20%,20%,xref="#linux"] +|image:install-docker-logo.png[25%,25%,xref="docker"] +|image:install-kubernetes-logo.png[20%,20%,xref="kubernetes"] + +|<> +|<> +|<> +|=== + +[[linux]] +== Publish an API Running Behind Omni Gateway on Linux + +//TODO: NEED INTRO HERE + +=== Before You Begin + +Before getting started, ensure that you have: + +* Omni Gateway installed and running in Local Mode. See xref:flex-install.adoc[] for more information about installing and running the gateway. +* Your upstream service URL. The following example refers to a fictional `orders-api` service, but you can specify your own API name in `metadata.name` and your service details in `spec.services`. + +=== Publish an API + +. Create a configuration file with a `.yaml` file extension: +.. Give the file a custom name. +.. Save the file in the Omni Gateway configuration directory `/etc/mulesoft/flex-gateway/conf.d/custom`. This directory can contain multiple configuration files. + +. Copy and paste the following YAML snippet into the file, substituting your values where indicated: ++ +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: orders-api +spec: + address: http://0.0.0.0:8080 + services: + orders: + address: https://:/ + routes: + - rules: + - path: /api/orders(/.*) +---- + +. Save the file. The gateway automatically refreshes the configuration. + +. View the logs by executing the following command: ++ +---- +journalctl -u flex-gateway-* +---- ++ +The response looks something like this: ++ +---- +[agent][info] Generating config +[agent][info] Gateway default/18b4e890fe7d: Adding ApiInstance default/animal-facts-api http://0.0.0.0:8080 +[agent][info] Gateway default/18b4e890fe7d: Adding Route: &{host: path:/api/orders(/.*) methods: headerConditions:[] profile:0xc0030529f0} => {Kind:Service Name:orders-api-orders Namespace:default} +[agent][info] Gateway default/18b4e890fe7d: Adding Policy default/envoy.filters.http.router +[agent][info] Gateway default/18b4e890fe7d: Adding Service default/monitoring_metrics http://0.0.0.0:9881 +[agent][debug] generating service monitoring_metrics.default.svc hostname: 0.0.0.0 port: 9881 +[agent][info] Gateway default/18b4e890fe7d: Adding Service default/orders-api-orders https://:/ +[agent][debug] generating service orders-api-orders.default.svc hostname: port: +[agent][info] Writing envoy bootstrap configuration to /tmp/envoy.json +[envoy][info] cds: add 2 cluster(s), remove 2 cluster(s) +[envoy][info] cds: added/updated 1 cluster(s), skipped 1 unmodified cluster(s) +---- + +A simple API is now running behind Omni Gateway. + +[[docker]] +== Publish an API Running Behind Omni Gateway in a Docker Container + +//TODO: NEED INTRO HERE + +=== Before You Begin + +Before getting started, ensure that you have: + +* Omni Gateway installed. See xref:flex-install.adoc[] for more information. +* Omni Gateway registered and running in Local Mode. See xref:flex-local-reg-run.adoc[Register and Run in Local Mode] for more information. +* Your upstream service URL. The following example refers to a fictional `orders-api` service, but you can specify your own API name in `metadata.name` and your service details in `spec.services`. + +=== Publish an API + +. Open a terminal and navigate to the directory that will contain your Omni Gateway configuration files. This directory was specified when you started Omni Gateway. + +. Create a configuration file with a `.yaml` file extension: +.. Give the file a custom name. +.. Save the file. + +. Copy and paste the following YAML snippet into the file, substituting your values where indicated: ++ +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: orders-api +spec: + address: http://0.0.0.0:8080 + services: + orders: + address: https://:/ + routes: + - rules: + - path: /api/orders(/.*) +---- + +. Save the file. The gateway automatically refreshes the configuration. + +. View the Docker container logs, which look something like this: ++ +---- +[agent][info] Generating config +[agent][info] Gateway default/18b4e890fe7d: Adding ApiInstance default/animal-facts-api http://0.0.0.0:8080 +[agent][info] Gateway default/18b4e890fe7d: Adding Route: &{host: path:/api/orders(/.*) methods: headerConditions:[] profile:0xc0030529f0} => {Kind:Service Name:orders-api-orders Namespace:default} +[agent][info] Gateway default/18b4e890fe7d: Adding Policy default/envoy.filters.http.router +[agent][info] Gateway default/18b4e890fe7d: Adding Service default/monitoring_metrics http://0.0.0.0:9881 +[agent][debug] generating service monitoring_metrics.default.svc hostname: 0.0.0.0 port: 9881 +[agent][info] Gateway default/18b4e890fe7d: Adding Service default/orders-api-orders https://:/ +[agent][debug] generating service orders-api-orders.default.svc hostname: port: +[agent][info] Writing envoy bootstrap configuration to /tmp/envoy.json +[envoy][info] cds: add 2 cluster(s), remove 2 cluster(s) +[envoy][info] cds: added/updated 1 cluster(s), skipped 1 unmodified cluster(s) +---- + +A simple API is now running behind Omni Gateway. + +[[kubernetes]] +== Publish an API Running Behind Omni Gateway in a Kubernetes Cluster + +//TODO: NEED INTRO HERE + +=== Before You Begin + +Before getting started, ensure that you have: + +* Omni Gateway installed and running in Local Mode. See xref:flex-install.adoc[] for more information about installing and running the gateway. +* A Docker image stored in a Docker repository. The following example refers to a fictional `orders-api` application, but you can specify your own Docker repository and Docker image in the `Deployment` configuration resource (in `spec.spec.image`). + +include::partial$kubernetes-service-note.adoc[] + +=== Publish an API + +. Using the `kubectl apply` command, install a Docker image named "orders-api" from a given repository. ++ +The following YAML snippet defines two configuration resources: `Service`, and `Deployment`. The `Service` resource declares the `orders-api` service. The `Deployment` resource declares the desired deployment state by specifying information such as the number of replicas to create, and the Docker image to sideload. ++ +---- +cat </ + imagePullPolicy: IfNotPresent + name: orders-api + ports: + - name: http + containerPort: 3000 + resources: + limits: + cpu: 100m + memory: 64Mi +EOF +---- + +. Again using `kubectl apply`, create the ingress to route traffic. ++ +The following YAML example defines one configuration resource: `Ingress`. ++ +---- +cat <> for configuration options. +//- add chart repo and deploy Omni via chart +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart-add;k8s-omni-helm-chart-deploy-local] + +[[helm-options-k8s]] +//helm config options +include::partial$task-reg-run-flex-gateway.adoc[tags=helm-chart-options] + + +// OPENSHIFT +[[openshift]] +// Register and run with a connected app in an OpenShift cluster +//heading +include::partial$task-reg-run-flex-gateway.adoc[tags=app-openshift-heading] +//intro +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-intro-local] +//- cluster-level access when rbac enabled, as for OpenShift +include::partial$prerequisites.adoc[tags=rbac-permission-k8;rbac-role-openshift] +//- note (openshift command line procedures same as k8) +include::partial$task-reg-run-flex-gateway.adoc[tags=note-openshift-k8] +//- links to steps +include::partial$task-reg-run-flex-gateway.adoc[tags=links-to-openshift-reg-steps] +//- local mode supplemental info for k8 and openshift +include::partial$task-reg-run-flex-gateway.adoc[tag=k8s-local-intro] + +[[options-openshift]] +//sub collected info +include::partial$task-reg-run-flex-gateway.adoc[tags=sub-coll-info;app-replace-content;environment-replace-content;replace-content] + +[[reg-openshift]] +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-heading] + +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-openshift-heading-intro] + +[[docker-openshift-container-reg]] +.*Docker* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=docker-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;docker-reg-command;app-reg-command;environment-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg] +==== + +[[podman-openshift-container-reg]] +.*Podman* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=podman-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;podman-reg-command;app-reg-command;environment-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg] +==== + +[[deploy-openshift]] +//install helm chart +//- title +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-title] +//- helm chart info +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart] +include::partial$prerequisites.adoc[tags=helm] +Refer to <> for configuration options. +//- add chart repo and deploy Omni via chart +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart-add;k8s-omni-helm-chart-deploy-local] + +[[helm-options-openshift]] +//helm config options +include::partial$task-reg-run-flex-gateway.adoc[tags=helm-chart-options] + + +== See Also + +* xref:flex-gateway-getting-started.adoc[] +* xref:flex-conn-reg-run.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-reg-run-token.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-reg-run-token.adoc new file mode 100644 index 000000000..d4705bde0 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-reg-run-token.adoc @@ -0,0 +1,176 @@ += Registering and Running in Local Mode with a Token +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:reg-mode: Local + +//table with tech logos and links (linux, docker, k8, openshift) +include::partial$task-reg-run-flex-gateway.adoc[tags=table-logos-links] + +[[prereqs]] +// Prerequisites +include::partial$task-reg-run-flex-gateway.adoc[tags=prerequisites-heading;prerequisites;token-prerequisites] + +[[linux]] +// Register and run with a username and password as a Linux service +include::partial$task-reg-run-flex-gateway.adoc[tags=token-linux-heading] +include::partial$prerequisites.adoc[tag=intro] + +* {empty} +include::partial$prerequisites.adoc[tag=amazon-linux] + +* {empty} +include::partial$prerequisites.adoc[tag=centos] + +* {empty} +include::partial$prerequisites.adoc[tag=debian] + +* {empty} +include::partial$prerequisites.adoc[tag=red-hat] + +* {empty} +include::partial$prerequisites.adoc[tag=red-hat-ibm] + +* {empty} +include::partial$prerequisites.adoc[tag=ubuntu] + +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-intro;sub-coll-info;token-replace-content;replace-content;reg-command-heading;reg-command-1;linux-reg-command;token-reg-command;organization-reg-command;output-reg-command-linux;reg-command-2;after-reg;linux-after-reg;create-config-folder-file;config-content;linux-start-commands] + +[[container]] +include::partial$task-reg-run-flex-gateway.adoc[tags=token-container-heading] +include::partial$task-reg-run-flex-gateway.adoc[tags=table-containers-logos-heading] +include::partial$task-reg-run-flex-gateway.adoc[tags=table-containers-logos-links] + +[[docker]] +// Register and run with a token in a Docker container +include::partial$task-reg-run-flex-gateway.adoc[tags=token-docker-heading;reg-command-intro;sub-coll-info-container;token-replace-content;replace-content;reg-command-heading-container;docker-create-directory-note;reg-command-1;docker-reg-command;token-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;after-reg-2;start-command-local-intro;start-command-local;start-command-local-valid] + +// PODMAN +[[podman]] +// Register and run with a token in a Podman container +include::partial$task-reg-run-flex-gateway.adoc[tags=token-podman-heading;reg-command-intro;sub-coll-info-container;token-replace-content;replace-content;reg-command-heading-container;docker-create-directory-note;reg-command-1;podman-reg-command;token-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;after-reg-2;start-command-local-intro;podman-start-command-local;start-command-local-valid] + +// KUBERNETES +[[kubernetes]] +// Register and run with a token in a kubernetes cluster +//heading +include::partial$task-reg-run-flex-gateway.adoc[tags=token-k8s-heading] +//intro +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-intro-local] +//- cluster-level access when rbac enabled, as for OpenShift +include::partial$prerequisites.adoc[tags=rbac-permission-k8] +//- links to steps +include::partial$task-reg-run-flex-gateway.adoc[tags=links-to-k8s-reg-steps] +//- local mode supplemental info for k8 and openshift +include::partial$task-reg-run-flex-gateway.adoc[tag=k8s-local-intro] + +[[options-k8s]] +//sub collected info +include::partial$task-reg-run-flex-gateway.adoc[tags=sub-coll-info;token-replace-content;replace-content] + +[[reg-k8s]] +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-heading] +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-heading-intro] + +[[docker-container-reg]] +.*Docker* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=docker-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;docker-reg-command;token-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg] +==== + +[[podman-container-reg]] +.*Podman* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=podman-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;podman-reg-command;token-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg] +==== + +[[deploy-k8s]] +//install helm chart +//- title +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-title] +//- helm chart info +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart] +include::partial$prerequisites.adoc[tags=helm] +Refer to <> for configuration options. +//- add chart repo and deploy Omni via chart +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart-add;k8s-omni-helm-chart-deploy-local] + +[[helm-options-k8s]] +//helm config options +include::partial$task-reg-run-flex-gateway.adoc[tags=helm-chart-options] + + +// OPENSHIFT +[[openshift]] +// Register and run with a token in an OpenShift cluster +//heading +include::partial$task-reg-run-flex-gateway.adoc[tags=token-openshift-heading] +//intro +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-intro-local] +//- cluster-level access when rbac enabled, as for OpenShift +include::partial$prerequisites.adoc[tags=rbac-permission-k8;rbac-role-openshift] +//- note (openshift command line procedures same as k8) +include::partial$task-reg-run-flex-gateway.adoc[tags=note-openshift-k8] +//- links to steps +include::partial$task-reg-run-flex-gateway.adoc[tags=links-to-openshift-reg-steps] +//- local mode supplemental info for k8 and openshift +include::partial$task-reg-run-flex-gateway.adoc[tag=k8s-local-intro] + +[[options-openshift]] +//sub collected info +include::partial$task-reg-run-flex-gateway.adoc[tags=sub-coll-info;token-replace-content;replace-content] + +[[reg-openshift]] +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-heading] + +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-openshift-heading-intro] + +[[docker-openshift-container-reg]] +.*Docker* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=docker-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;docker-reg-command;token-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg] +==== + +[[podman-openshift-container-reg]] +.*Podman* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=podman-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;podman-reg-command;token-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg] +==== + +[[deploy-openshift]] +//install helm chart +//- title +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-title] +//- helm chart info +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart] +include::partial$prerequisites.adoc[tags=helm] +Refer to <> for configuration options. +//- add chart repo and deploy Omni via chart +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart-add;k8s-omni-helm-chart-deploy-local] + +[[helm-options-openshift]] +//helm config options +include::partial$task-reg-run-flex-gateway.adoc[tags=helm-chart-options] + + +== See Also + +* xref:flex-gateway-getting-started.adoc[] +* xref:flex-conn-reg-run.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-reg-run-up.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-reg-run-up.adoc new file mode 100644 index 000000000..e62fc4f8a --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-reg-run-up.adoc @@ -0,0 +1,176 @@ += Registering and Running in Local Mode with a Username and Password +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:reg-mode: Local + +//table with tech logos and links (linux, docker, k8, openshift) +include::partial$task-reg-run-flex-gateway.adoc[tags=table-logos-links] + +[[prereqs]] +// Prerequisites +include::partial$task-reg-run-flex-gateway.adoc[tags=prerequisites-heading;prerequisites;environment-prerequisites;user-prerequisites] + +[[linux]] +// Register and run with a username and password as a Linux service +include::partial$task-reg-run-flex-gateway.adoc[tags=user-linux-heading] +include::partial$prerequisites.adoc[tag=intro] + +* {empty} +include::partial$prerequisites.adoc[tag=amazon-linux] + +* {empty} +include::partial$prerequisites.adoc[tag=centos] + +* {empty} +include::partial$prerequisites.adoc[tag=debian] + +* {empty} +include::partial$prerequisites.adoc[tag=red-hat] + +* {empty} +include::partial$prerequisites.adoc[tag=red-hat-ibm] + +* {empty} +include::partial$prerequisites.adoc[tag=ubuntu] + +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-intro;sub-coll-info;user-replace-content;environment-replace-content;replace-content;reg-command-heading;reg-command-1;linux-reg-command;user-reg-command;environment-reg-command;organization-reg-command;output-reg-command-linux;reg-command-2;after-reg;linux-after-reg;create-config-folder-file;config-content;linux-start-commands] + +[[container]] +include::partial$task-reg-run-flex-gateway.adoc[tags=user-container-heading] +include::partial$task-reg-run-flex-gateway.adoc[tags=table-containers-logos-heading] +include::partial$task-reg-run-flex-gateway.adoc[tags=table-containers-logos-links] + +[[docker]] +// Register and run with a username and password in a Docker container +include::partial$task-reg-run-flex-gateway.adoc[tags=user-docker-heading;reg-command-intro;sub-coll-info-container;user-replace-content;environment-replace-content;replace-content;reg-command-heading-container;docker-create-directory-note;reg-command-1;docker-reg-command;user-reg-command;environment-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;after-reg-2;start-command-local-intro;start-command-local;start-command-local-valid] + +// PODMAN +[[podman]] +// Register and run with a username and password in a Podmsn container +include::partial$task-reg-run-flex-gateway.adoc[tags=user-podman-heading;reg-command-intro;sub-coll-info-container;user-replace-content;environment-replace-content;replace-content;reg-command-heading-container;docker-create-directory-note;reg-command-1;podman-reg-command;user-reg-command;environment-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;after-reg-2;start-command-local-intro;podman-start-command-local;start-command-local-valid] + +// KUBERNETES +[[kubernetes]] +// Register and run with a username and password in a kubernetes cluster +//heading +include::partial$task-reg-run-flex-gateway.adoc[tags=user-k8s-heading] +// - task overview +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-intro-local] +//- cluster-level access when rbac enabled, as for OpenShift +include::partial$prerequisites.adoc[tags=rbac-permission-k8] +//- links to steps +include::partial$task-reg-run-flex-gateway.adoc[tags=links-to-k8s-reg-steps] +//- local mode supplemental info for k8 and openshift +include::partial$task-reg-run-flex-gateway.adoc[tag=k8s-local-intro] + +[[options-k8s]] +//sub collected info +include::partial$task-reg-run-flex-gateway.adoc[tags=sub-coll-info;user-replace-content;environment-replace-content;replace-content] + +[[reg-k8s]] +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-heading] +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-heading-intro] + +[[docker-container-reg]] +.*Docker* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=docker-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;docker-reg-command;user-reg-command;environment-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg] +==== + +[[podman-container-reg]] +.*Podman* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=podman-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;podman-reg-command;user-reg-command;environment-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg] +==== + +[[deploy-k8s]] +//install helm chart +//- title +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-title] +//- helm chart info +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart] +include::partial$prerequisites.adoc[tags=helm] +Refer to <> for configuration options. +//- add chart repo and deploy Omni via chart +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart-add;k8s-omni-helm-chart-deploy-local] + +[[helm-options-k8s]] +//helm config options +include::partial$task-reg-run-flex-gateway.adoc[tags=helm-chart-options] + + +// OPENSHIFT +[[openshift]] +// Register and run with a username and password in a openshift cluster +//heading +include::partial$task-reg-run-flex-gateway.adoc[tags=user-openshift-heading] +// - task overview +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-intro-local] +//- cluster-level access when rbac enabled, as for OpenShift +include::partial$prerequisites.adoc[tags=rbac-permission-k8;rbac-role-openshift] +//- note (openshift command line procedures same as k8) +include::partial$task-reg-run-flex-gateway.adoc[tags=note-openshift-k8] +//- links to steps +include::partial$task-reg-run-flex-gateway.adoc[tags=links-to-openshift-reg-steps] +//- local mode supplemental info for k8 and openshift +include::partial$task-reg-run-flex-gateway.adoc[tag=k8s-local-intro] + +[[options-openshift]] +//sub collected info +include::partial$task-reg-run-flex-gateway.adoc[tags=sub-coll-info;user-replace-content;environment-replace-content;replace-content] + +[[reg-openshift]] +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-heading] + +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-openshift-heading-intro] + +[[docker-openshift-container-reg]] +.*Docker* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=docker-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;docker-reg-command;user-reg-command;environment-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg] +==== + +[[podman-openshift-container-reg]] +.*Podman* +[%collapsible] +==== +include::partial$task-reg-run-flex-gateway.adoc[tags=podman-reg-command-heading-intro] + +//reg command +include::partial$task-reg-run-flex-gateway.adoc[tags=reg-command-1;podman-reg-command;user-reg-command;environment-reg-command;organization-reg-command;output-reg-command-docker;reg-command-2;after-reg;k8s-after-reg] +==== + +[[deploy-openshift]] +//install helm chart +//- title +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-install-omni-helm-chart-title] +//- helm chart info +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart] +include::partial$prerequisites.adoc[tags=helm] +Refer to <> for configuration options. +//- add chart repo and deploy Omni via chart +include::partial$task-reg-run-flex-gateway.adoc[tags=k8s-omni-helm-chart-add;k8s-omni-helm-chart-deploy-local] + +[[helm-options-openshift]] +//helm config options +include::partial$task-reg-run-flex-gateway.adoc[tags=helm-chart-options] + + +== See Also + +* xref:flex-gateway-getting-started.adoc[] +* xref:flex-conn-reg-run.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-reg-run.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-reg-run.adoc new file mode 100644 index 000000000..7b782745f --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-reg-run.adoc @@ -0,0 +1,18 @@ += Registering and Running Omni Gateway in Local Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Before you can use your Omni Gateway to configure API instances, you must register and start the gateway. + +There are three options for registering Omni Gateway in Local Mode: + +* xref:flex-local-reg-run-up.adoc[Register and Run using a Username and Password]: If you have +a username and password for Anypoint Platform, you can use these credentials to register +your Omni Gateway. +* xref:flex-local-reg-run-app.adoc[Register and Run using a Connected App]: If you do not have +a username or password for Anypoint Platform, you can use connected app credentials to register +your Omni Gateway. +* xref:flex-local-reg-run-token.adoc[Register and Run using a Token]: If you do not have a username +or password for Anypoint Platform, you can use a registration token generated by the Runtime Manager UI. The token is valid for four hours. diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-rep-run.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-rep-run.adoc new file mode 100644 index 000000000..f8748706b --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-rep-run.adoc @@ -0,0 +1,27 @@ += Configuring Replicas for Omni Gateway in Local Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +[cols="1a,1a"] +|=== +|image:install-linux-logo.png[20%,20%,xref="flex-local-rep-run.adoc#add-a-flex-replica-as-a-linux-service"] +|image:install-docker-logo.png[25%,25%,xref="flex-local-rep-run.adoc#docker"] + +|xref:flex-local-rep-run.adoc#add-a-flex-replica-as-a-linux-service[Add an Omni Replica as a Linux Service] +|xref:flex-local-rep-run.adoc#docker[] +|=== + +include::partial$task-rep-run-flex-gateway.adoc[tags=add-omni-intro] + +include::partial$task-rep-run-flex-gateway.adoc[tags=add-omni-rep-byb;add-omni-rep-byb-local;add-omni-rep1] + +include::partial$task-reg-run-flex-gateway.adoc[tags=create-config-folder-file;config-content;linux-start-commands] + +[[docker]] +== Add an Omni Replica in a Docker Container + +To add an Omni Replica in a Docker Container you must run the Omni Gateway start command using the same `registration.yaml` file created during registration. If you are running the container locally, you will also need to use a different port. + +include::partial$task-reg-run-flex-gateway.adoc[tags=start-command-local] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-secure-api-with-auto-policy.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-secure-api-with-auto-policy.adoc new file mode 100644 index 000000000..59e6596ec --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-secure-api-with-auto-policy.adoc @@ -0,0 +1,316 @@ += Secure an API with an Automated Resource-Level Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Publish an API running behind Omni Gateway in Local Mode, modifying YAML configuration data by the following method: + +* Linux and Docker: `.yaml` files + +The following procedures demonstrate applying a simple resource-based YAML configuration for an API with multiple upstream services, all secured with an automated resource-level authentication policy. + +Refer to xref:policies-automated-overview.adoc[Automated Policies] and xref:policies-resource-level-overview.adoc[Resource-Level Policies] for more information. + +[NOTE] +==== +Automated policies can only be defined in resource-based configurations. The inline configuration model is not supported. For more information about the difference between resource-based and inline configuration models, see xref:flex-local-configuration-reference-guide.adoc[Declarative Configuration Reference Guide]. +==== + +[cols="1,1"] +|=== + +|image:install-linux-logo.png[20%,20%,xref="flex-local-secure-api-with-auto-policy.adoc#publish-an-api-running-behind-flex-gateway-on-linux"] + +|image:install-docker-logo.png[25%,25%,xref="flex-local-secure-api-with-auto-policy.adoc#publish-an-api-running-behind-flex-gateway-in-a-docker-container"] + +|xref:flex-local-secure-api-with-auto-policy.adoc#publish-an-api-running-behind-flex-gateway-on-linux[Publish an API Running Behind Omni Gateway on Linux] + +|xref:flex-local-secure-api-with-auto-policy.adoc#publish-an-api-running-behind-flex-gateway-in-a-docker-container[Publish an API Running Behind Omni Gateway in a Docker Container] + +|=== + +== Publish an API Running Behind Omni Gateway on Linux + +=== Before You Begin + +Before getting started, ensure that you have: + +* Omni Gateway installed and running in local mode. See xref:flex-install.adoc[] for more information about installing and running the gateway. +* Your upstream service URLs. The following example refers to fictional `products-api` and `users-api` services, but you can specify your own API name in `metadata.name` and your service details in `spec.services`. + +=== Publish an API + +. Create a configuration file with a `.yaml` file extension: +.. Give the file a custom name. +.. Save the file in the Omni Gateway configuration directory `/etc/mulesoft/flex-gateway/conf.d/custom`. This directory can contain multiple configuration files. + +. Copy and paste the following two `ApiInstance` resources into the file, substituting your values where indicated: ++ +---- +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: products-api + labels: + secured-by-automated-policy: yes +spec: + address: http://0.0.0.0:8080 + services: + products: + address: https://:/ + routes: + - rules: + - path: /products(/.*) + - path: /products-featured(/.*) + config: + destinationPath: /api +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: users-api + labels: + secured-by-automated-policy: yes +spec: + address: http://0.0.0.0:8081 + services: + users: + address: https://:/ + routes: + - rules: + - path: /api/users(/.*) +---- + +. Define an automated xref:policies-included-basic-auth-simple.adoc[basic authentication policy] by adding the following `PolicyBinding` resource after the `ApiInstance` resources: ++ +---- +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: security-protection +spec: + targetRef: + kind: Selector + selector: + kind: ApiInstance + labels: + secured-by-automated-policy: yes + policyRef: + name: http-basic-authentication-flex + config: + username: chris + password: admin +---- ++ +Applying an automated policy to multiple API instances requires that you specify the `Selector` `kind` in your policy binding. The example `PolicyBinding` resource includes a `spec.targetRef.kind` value of `Selector`, and a `spec.targetRef.selector.kind` value of `ApiInstance`. ++ +The example resource also applies a basic authentication policy to two API instances. It defines a `secured-by-automated-policy` label (the label name is customizable) in `spec.targetRef.selector.labels`. This label matches the label defined in the `ApiInstance` `metadata.labels` property, which associates the automated policy with that resource. ++ +Alternatively, automated policies can be applied to all API instances by omitting the labels. + +. Save the file. The gateway automatically refreshes the configuration. ++ +. View the logs by executing the following command: ++ +---- +journalctl -u flex-gateway-* +---- ++ +The response looks something like this: ++ +---- +[agent][info] Generating config +[agent][info] Gateway default/21cf4286e38f: Adding ApiInstance default/products-api http://0.0.0.0:8080 +[agent][info] Gateway default/21cf4286e38f: Adding Policy default/security-protection +[agent][info] Gateway default/21cf4286e38f: Adding Route: &{host: path:/api/products(/.*) methods: headerConditions:[] profile:0xc00004f750} => {Kind:Service Name:products-api-products Namespace:default} +[agent][info] Gateway default/21cf4286e38f: Adding Policy default/envoy.filters.http.router +[agent][info] Gateway default/21cf4286e38f: Adding ApiInstance default/users-api http://0.0.0.0:8081 +[agent][info] Gateway default/21cf4286e38f: Adding Policy default/security-protection +[agent][info] Gateway default/21cf4286e38f: Adding Route: &{host: path:/api/users(/.*) methods: headerConditions:[] profile:0xc0061823f0} => {Kind:Service Name:users-api-users Namespace:default} +[agent][info] Gateway default/21cf4286e38f: Adding Policy default/envoy.filters.http.router +[agent][info] Gateway default/21cf4286e38f: Adding Service default/products-api-products https://:/ +[agent][debug] generating service products-api-products.default.svc hostname: https:// port: +[agent][info] Gateway default/21cf4286e38f: Adding Service default/users-api-users https://:/ +[agent][debug] generating service users-api-users.default.svc hostname: https:// port: +[agent][info] Writing envoy bootstrap configuration to /tmp/envoy.json +[envoy][info] cds: add 2 cluster(s), remove 3 cluster(s) +[envoy][info] cds: added/updated 0 cluster(s), skipped 2 unmodified cluster(s) +---- + +. Test the APIs with a tool such as `curl`, specifying the given authentication credentials. The automated authentication policy secures both APIs. + +. Apply resource-level granularity to the automated authentication policy by substituting the `PolicyBinding` resource with the following: ++ +---- +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: security-protection +spec: + targetRef: + kind: Selector + selector: + kind: ApiInstance + labels: + secured-by-automated-policy: yes + policyRef: + name: http-basic-authentication-flex + config: + username: chris + password: admin + rules: + - methods: GET +---- ++ +In this example, the automated authentication policy is applied only to the `GET` method resource, as specified in `spec.rules`. + +. Save the file. The gateway automatically refreshes the configuration. + +Two APIs secured with the an automated resource-level authentication policy are now running behind Omni Gateway. + +== Publish an API Running Behind Omni Gateway in a Docker Container + +=== Before You Begin + +Before getting started, ensure that you have: + +* Omni Gateway installed. See xref:flex-install.adoc[] for more information. +* Omni Gateway registered and running in Local Mode. See xref:flex-local-reg-run.adoc[Register and Run in Local Mode] for more information. +* Your upstream service URLs. The following example refers to fictional `products-api` and `users-api` services, but you can specify your own API name in `metadata.name` and your service details in `spec.services`. + +=== Publish an API + +. Open a terminal and navigate to the directory that will contain your Omni Gateway configuration files. This directory was specified when you started Omni Gateway. + +. Create a configuration file with a `.yaml` file extension: +.. Give the file a custom name. +.. Save the file. + +. Copy and paste the following two `ApiInstance` resources into the file, substituting your values where indicated: ++ +---- +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: products-api + labels: + secured-by-automated-policy: yes +spec: + address: http://0.0.0.0:8080 + services: + products: + address: https://:/ + routes: + - rules: + - path: /products(/.*) + - path: /products-featured(/.*) + config: + destinationPath: /api +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: users-api + labels: + secured-by-automated-policy: yes +spec: + address: http://0.0.0.0:8081 + services: + users: + address: https://:/ + routes: + - rules: + - path: /api/users(/.*) +---- + +. Define an automated basic authentication policy by adding the following `PolicyBinding` resource after the `ApiInstance` resources: ++ +---- +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: security-protection +spec: + targetRef: + kind: Selector + selector: + kind: ApiInstance + labels: + secured-by-automated-policy: yes + policyRef: + name: http-basic-authentication-flex + config: + username: chris + password: admin +---- ++ +Applying an automated policy to multiple API instances requires that you specify the `Selector` `kind` in your policy binding. The example `PolicyBinding` resource includes a `spec.targetRef.kind` value of `Selector`, and a `spec.targetRef.selector.kind` value of `ApiInstance`. ++ +The example resource also applies a basic authentication policy to two API instances. It defines a `secured-by-automated-policy` label (the label name is customizable) in `spec.targetRef.selector.labels`. This label matches the label defined in the `ApiInstance` `metadata.labels` property, which associates the automated policy with that resource. ++ +Alternatively, automated policies can be applied to all API instances by omitting the labels. + +. Save the file. The gateway automatically refreshes the configuration. + +. View the Docker container logs, which look something like this: ++ +---- +[agent][info] Generating config +[agent][info] Gateway default/21cf4286e38f: Adding ApiInstance default/products-api http://0.0.0.0:8080 +[agent][info] Gateway default/21cf4286e38f: Adding Policy default/security-protection +[agent][info] Gateway default/21cf4286e38f: Adding Route: &{host: path:/api/products(/.*) methods: headerConditions:[] profile:0xc00004f750} => {Kind:Service Name:products-api-products Namespace:default} +[agent][info] Gateway default/21cf4286e38f: Adding Policy default/envoy.filters.http.router +[agent][info] Gateway default/21cf4286e38f: Adding ApiInstance default/users-api http://0.0.0.0:8081 +[agent][info] Gateway default/21cf4286e38f: Adding Policy default/security-protection +[agent][info] Gateway default/21cf4286e38f: Adding Route: &{host: path:/api/users(/.*) methods: headerConditions:[] profile:0xc0061823f0} => {Kind:Service Name:users-api-users Namespace:default} +[agent][info] Gateway default/21cf4286e38f: Adding Policy default/envoy.filters.http.router +[agent][info] Gateway default/21cf4286e38f: Adding Service default/products-api-products https://:/ +[agent][debug] generating service products-api-products.default.svc hostname: https:// port: +[agent][info] Gateway default/21cf4286e38f: Adding Service default/users-api-users https://:/ +[agent][debug] generating service users-api-users.default.svc hostname: https:// port: +[agent][info] Writing envoy bootstrap configuration to /tmp/envoy.json +[envoy][info] cds: add 2 cluster(s), remove 3 cluster(s) +[envoy][info] cds: added/updated 0 cluster(s), skipped 2 unmodified cluster(s) +---- + +. Test the APIs with a tool such as `curl`, specifying the given authentication credentials. The automated authentication policy secures both APIs. + +. Apply resource-level granularity to the automated authentication policy by substituting the `PolicyBinding` resource with the following: ++ +---- +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: security-protection +spec: + targetRef: + kind: Selector + selector: + kind: ApiInstance + labels: + secured-by-automated-policy: yes + policyRef: + name: http-basic-authentication-flex + config: + username: chris + password: admin + rules: + - methods: GET +---- ++ +In this example, the automated authentication policy is applied only to the `GET` method resource, as specified in `spec.rules`. + +. Save the file. The gateway automatically refreshes the configuration. + +Two APIs secured with the an automated resource-level authentication policy are now running behind Omni Gateway. + +== See Also + +* xref:policies-included-directory.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-secure-api-with-basic-auth-policy.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-secure-api-with-basic-auth-policy.adoc new file mode 100644 index 000000000..e23b188c3 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-secure-api-with-basic-auth-policy.adoc @@ -0,0 +1,195 @@ += Secure an API with Basic Authentication and Rate Limiting +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Publish an API running behind Omni Gateway in Local Mode, modifying YAML configuration data by the following method: + +* Linux and Docker: `.yaml` files + +The following procedures demonstrate applying a simple YAML configuration for an API with multiple upstream services, all secured with xref:policies-included-basic-auth-simple.adoc[basic authentication] and xref:policies-included-rate-limiting.adoc[rate limiting]. + +[cols="1,1"] +|=== + +|image:install-linux-logo.png[20%,20%,xref="flex-local-secure-api-with-basic-auth-policy.adoc#publish-an-api-running-behind-flex-gateway-on-linux"] + +|image:install-docker-logo.png[25%,25%,xref="flex-local-secure-api-with-basic-auth-policy.adoc#publish-an-api-running-behind-flex-gateway-in-a-docker-container"] + +|xref:flex-local-secure-api-with-basic-auth-policy.adoc#publish-an-api-running-behind-flex-gateway-on-linux[Publish an API Running Behind Omni Gateway on Linux] + +|xref:flex-local-secure-api-with-basic-auth-policy.adoc#publish-an-api-running-behind-flex-gateway-in-a-docker-container[Publish an API Running Behind Omni Gateway in a Docker Container] + +|=== + +== Publish an API Running Behind Omni Gateway on Linux + +=== Before You Begin + +Before getting started, ensure that you have: + +* Omni Gateway installed and running in local mode. See xref:flex-install.adoc[] for more information about installing and running the gateway. +* Your upstream service URLs. The following example refers to fictional `products-api` and `users-api` services, but you can specify your own API name in `metadata.name` and your service details in `spec.services`. + +=== Publish an API + +. Create a configuration file with a `.yaml` file extension: +.. Give the file a custom name. +.. Save the file in the Omni Gateway configuration directory `/etc/mulesoft/flex-gateway/conf.d/custom`. This directory can contain multiple configuration files. + +. Copy and paste the following YAML snippet into the file, substituting your values where indicated: ++ +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: products-users-api +spec: + address: http://0.0.0.0:8080 + services: + products: + address: https://:/ + routes: + - rules: + - path: /products(/.*) + - path: /products-featured(/.*) + config: + destinationPath: /api + users: + address: https://:/ + routes: + - rules: + - path: /api/users(/.*) + policies: + - policyRef: + name: http-basic-authentication-flex + config: + username: chris + password: admin + - policyRef: + name: rate-limiting-flex + config: + exposeHeaders: true + rateLimits: + - maximumRequests: 3 + timePeriodInMilliseconds: 6000 + keySelector: "#[attributes.queryParams['identifier']]" +---- + +. Save the file. The gateway automatically refreshes the configuration. ++ +. View the logs by executing the following command: ++ +---- +journalctl -u flex-gateway-* +---- ++ +The response looks something like this: ++ +---- +[agent][info] Generating config +[agent][info] Gateway default/18b4e890fe7d: Adding ApiInstance default/products-users-api http://0.0.0.0:8080 +[agent][info] Gateway default/4191c977e1ce: Adding Policy default/products-users-api-users-http-basic-authentication-flex-1 +[agent][info] Gateway default/4191c977e1ce: Adding Policy default/products-users-api-users-rate-limiting-flex-2 +[agent][info] Gateway default/18b4e890fe7d: Adding Route: &{host: path:/api/products(/.*) methods: headerConditions:[] profile:0xc0030529f0} => {Kind:Service Name:products-users-api-products Namespace:default} +[agent][info] Gateway default/18b4e890fe7d: Adding Route: &{host: path:/api/users(/.*) methods: headerConditions:[] profile:0xc0030529f0} => {Kind:Service Name:products-users-api-users Namespace:default} +[agent][info] Gateway default/18b4e890fe7d: Adding Policy default/envoy.filters.http.router +[agent][info] Gateway default/18b4e890fe7d: Adding Service default/monitoring_metrics http://0.0.0.0:9881 +[agent][debug] generating service monitoring_metrics.default.svc hostname: 0.0.0.0 port: 9881 +[agent][info] Gateway default/18b4e890fe7d: Adding Service default/products-users-api-products https://:/ +[agent][info] Gateway default/18b4e890fe7d: Adding Service default/products-users-api-users https://:/ +[agent][debug] generating service products-users-api-products.default.svc hostname: port: +[agent][debug] generating service products-users-api-users.default.svc hostname: port: +[agent][info] Writing envoy bootstrap configuration to /tmp/envoy.json +[envoy][info] cds: add 2 cluster(s), remove 2 cluster(s) +[envoy][info] cds: added/updated 1 cluster(s), skipped 1 unmodified cluster(s) +---- + +An API secured with basic authentication and rate limiting is now running behind Omni Gateway. + +== Publish an API Running Behind Omni Gateway in a Docker Container + +=== Before You Begin + +Before getting started, ensure that you have: + +* Omni Gateway installed. See xref:flex-install.adoc[] for more information. +* Omni Gateway registered and running in Local Mode. See xref:flex-local-reg-run.adoc[Register and Run in Local Mode] for more information. +* Your upstream service URLs. The following example refers to fictional `products-api` and `users-api` services, but you can specify your own API name in `metadata.name` and your service details in `spec.services`. + +=== Publish an API + +. Open a terminal and navigate to the directory that will contain your Omni Gateway configuration files. This directory was specified when you started Omni Gateway. + +. Create a configuration file with a `.yaml` file extension: +.. Give the file a custom name. +.. Save the file. + +. Copy and paste the following YAML snippet into the file, substituting your values where indicated: ++ +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: products-users-api +spec: + address: http://0.0.0.0:8080 + services: + products: + address: https://:/ + routes: + - rules: + - path: /api/products(/.*) + - path: /api/products-featured(/.*) + config: + destinationPath: /api + users: + address: https://:/ + routes: + - rules: + - path: /api/users(/.*) + policies: + - policyRef: + name: http-basic-authentication-flex + config: + username: chris + password: admin + - policyRef: + name: rate-limiting-flex + config: + exposeHeaders: true + rateLimits: + - maximumRequests: 3 + timePeriodInMilliseconds: 6000 + keySelector: "#[attributes.queryParams['identifier']]" +---- + +. Save the file. The gateway automatically refreshes the configuration. + +. View the Docker container logs, which look something like this: ++ +---- +[agent][info] Generating config +[agent][info] Gateway default/18b4e890fe7d: Adding ApiInstance default/products-users-api http://0.0.0.0:8080 +[agent][info] Gateway default/4191c977e1ce: Adding Policy default/products-users-api-users-http-basic-authentication-flex-1 +[agent][info] Gateway default/4191c977e1ce: Adding Policy default/products-users-api-users-rate-limiting-flex-2 +[agent][info] Gateway default/18b4e890fe7d: Adding Route: &{host: path:/api/products(/.*) methods: headerConditions:[] profile:0xc0030529f0} => {Kind:Service Name:products-users-api-products Namespace:default} +[agent][info] Gateway default/18b4e890fe7d: Adding Route: &{host: path:/api/users(/.*) methods: headerConditions:[] profile:0xc0030529f0} => {Kind:Service Name:products-users-api-users Namespace:default} +[agent][info] Gateway default/18b4e890fe7d: Adding Policy default/envoy.filters.http.router +[agent][info] Gateway default/18b4e890fe7d: Adding Service default/monitoring_metrics http://0.0.0.0:9881 +[agent][debug] generating service monitoring_metrics.default.svc hostname: 0.0.0.0 port: 9881 +[agent][info] Gateway default/18b4e890fe7d: Adding Service default/products-users-api-products https://:/ +[agent][info] Gateway default/18b4e890fe7d: Adding Service default/products-users-api-users https://:/ +[agent][debug] generating service products-users-api-products.default.svc hostname: port: +[agent][debug] generating service products-users-api-users.default.svc hostname: port: +[agent][info] Writing envoy bootstrap configuration to /tmp/envoy.json +[envoy][info] cds: add 2 cluster(s), remove 2 cluster(s) +[envoy][info] cds: added/updated 1 cluster(s), skipped 1 unmodified cluster(s) +---- + +An API secured with basic authentication and rate limiting is now running behind Omni Gateway. + +== See Also + +* xref:policies-included-directory.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-shared-storage-config.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-shared-storage-config.adoc new file mode 100644 index 000000000..952feb507 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-shared-storage-config.adoc @@ -0,0 +1,48 @@ += Configuring Shared Storage for Omni Gateway in Local Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: local + +include::reuse::partial$non-inclusive-banner.adoc[] + +//TODO: IS THERE AN OPENSHIFT OPTION HERE? + +// intro and graphics for each option - linux, docker, kubernetes +include::partial$task-shared-storage-config.adoc[tags=intro1;intro2;icon-table;byb;linux;sample-config-all-intro] +// configure shared storage for Omni Gateway as a Linux Service ++ +include::partial$task-shared-storage-config.adoc[tags=sample-config-all] + +// configure shared storage for Omni Gateway in a Docker container +include::partial$task-shared-storage-config.adoc[tags=docker-intro] ++ +include::partial$task-reg-run-flex-gateway.adoc[tags=start-command-local] ++ +include::partial$task-shared-storage-config.adoc[tags=docker-config-file-step;sample-config-all-intro] ++ +include::partial$task-shared-storage-config.adoc[tags=sample-config-all] + +//configure shared storage for Omni Gateway in a Kubernetes cluster +include::partial$task-shared-storage-config.adoc[tags=k8s;sample-config-all-intro] + +include::partial$task-shared-storage-config.adoc[tags=sample-config-all] + +// Redis Sentinel + +include::partial$task-shared-storage-config.adoc[tags=sentinel-intro] + +include::partial$task-shared-storage-config.adoc[tags=sentinel-sample-config] + +// TLS +include::partial$task-shared-storage-config.adoc[tags=tls-intro] + +include::partial$task-shared-storage-config.adoc[tags=tls-sample-config] + +include::partial$task-shared-storage-config.adoc[tags=tls-more-information] + +== See Also + +* xref:flex-conn-shared-storage-config.adoc[Configuring Shared Storage for Omni Gateway in Connected Mode] +* xref:flex-local-configuration-reference-guide.adoc#shared-storage[Declarative Configuration Reference] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-third-party-logs-config.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-third-party-logs-config.adoc new file mode 100644 index 000000000..7b53e9fad --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-third-party-logs-config.adoc @@ -0,0 +1,52 @@ += Configuring External Logs for Omni Gateway in Local Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: local +:page-aliases: gateway::flex-local-view-manage-logs.adoc + +include::partial$task-config-logs-third-party.adoc[tags=intro1;intro2-local] + +include::partial$task-config-logs-third-party.adoc[tags=icon-table] + +include::partial$task-config-logs-third-party.adoc[tags=byb] + +include::partial$task-config-logs-third-party.adoc[tags=runtime-access-logs] + +include::partial$task-config-logs-third-party.adoc[tags=file-example] + +include::partial$task-config-logs-third-party.adoc[tags=linux;view-logs-local;configure-message-logging-step] + +include::partial$task-config-logs-third-party.adoc[tags=docker] ++ +include::partial$task-reg-run-flex-gateway.adoc[tags=start-command-local] ++ +include::partial$task-config-logs-third-party.adoc[tags=docker2;view-logs-local;configure-message-logging-step] + +include::partial$task-config-logs-third-party.adoc[tags=k8s;view-logs-local;configure-message-logging-step] + +include::partial$task-config-logs-third-party.adoc[tags=file-configuration-example] + +include::partial$task-config-logs-third-party.adoc[tags=http-configuration-example] + +include::partial$task-config-logs-third-party.adoc[tags=splunk-configuration-example] + +include::partial$task-config-logs-third-party.adoc[tags=dynatrace-configuration-example] + +[[configure-access-logs]] +== Configure Access Logs +To configure access logs in your log output, you must apply a Message Logging policy to the APIs whose request and response data you want to monitor. If you have previously applied a Message Logging policy to an API instance, you do not need to configure another. + +Configuring a Message Logging policy makes access logs visible in both standard output logs and your third-party log services. + +To apply a Message Logging policy, see xref:flex-gateway-secure-local.adoc[] and use the xref:gateway::policies-included-message-logging.adoc[Message Logging Configuration Parameters]. + +If your access logs are not visible, it is possible that a policy with a higher execution order is causing an error before the Message Logging policy can execute. To reorder policy execution, see xref:policies-reorder.adoc[]. + +include::partial$task-config-logs-third-party.adoc[tags=log-output-examples] + + +== See Also + +* xref:policies-included-message-logging.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-timeout.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-timeout.adoc new file mode 100644 index 000000000..730b5600d --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-timeout.adoc @@ -0,0 +1,20 @@ += Configuring Timeouts in Local Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: local + +include::partial$timeout-configuration.adoc[tags=timeout-types] + +You can configure these timeouts in Local Mode via: + +* Environment variables: Applies to all API instances and is the most permanent configuration option. +* Configuration YAML resource: Applies to all API instances and is easy to adjust. +* Policy: Applies to one API instance or upstream and provides granular control. + +include::partial$timeout-configuration.adoc[tags=timeout-configuration-env-var] + +include::partial$timeout-configuration.adoc[tags=timeout-configuration-yaml] + +include::partial$timeout-configuration.adoc[tags=timeout-configuration-policies] diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-tls-config.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-tls-config.adoc new file mode 100644 index 000000000..3818cdb83 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-tls-config.adoc @@ -0,0 +1,51 @@ += Configuring TLS Context for Omni Gateway in Local Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: local + +// intro and graphics for each option - linux, docker, kubernetes +include::partial$task-tls-config.adoc[tags=intro1;intro2;defaultOutboundTLS;intro3;resources;intro4;icon-table;byb;linux;sample-config-instance-intro] +// configure TLS context for Omni Gateway as a Linux Service ++ +include::partial$task-tls-config.adoc[tags=sample-config-instance] ++ +include::partial$task-tls-config.adoc[tags=openssl-standards] ++ +include::partial$task-tls-config.adoc[tags=verify-config] + +// configure TLS context for Omni Gateway in a Docker container +include::partial$task-tls-config.adoc[tags=docker-intro] ++ +include::partial$task-reg-run-flex-gateway.adoc[tags=start-command-local] ++ +include::partial$task-tls-config.adoc[tags=docker-config-file-step] ++ +include::partial$task-tls-config.adoc[tags=sample-config-instance-intro] ++ +include::partial$task-tls-config.adoc[tags=sample-config-instance] ++ +include::partial$task-tls-config.adoc[tags=openssl-standards] ++ +include::partial$task-tls-config.adoc[tags=verify-config] + +//configure TLS context for Omni Gateway as a Kubernetes cluster +include::partial$task-tls-config.adoc[tags=k8s-intro] ++ +include::partial$task-tls-config.adoc[tags=sample-config-instance-intro] ++ +include::partial$task-tls-config.adoc[tags=sample-config-instance] ++ +include::partial$task-tls-config.adoc[tags=openssl-standards] + + +// ciphers +include::partial$flex-tls-cipher.adoc[tags=cipherSupportLocal;outboundImportantLocal;local-ciphers] + + +== See Also + +* xref:flex-conn-tls-config.adoc[Configuring TLS Context for Omni Gateway in Connected Mode] +* xref:policies-included-tls.adoc[] +* xref:policies-included-tls-outbound.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-tracing-config.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-tracing-config.adoc new file mode 100644 index 000000000..e99185c2b --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-tracing-config.adoc @@ -0,0 +1,12 @@ += Configuring Omni Gateway Distributed Tracing in Local Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: local + +include::partial$tracing-support.adoc[] + +include::partial$tracing-export.adoc[tags=export-grpc;export-http] + +include::partial$tracing-configuration.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-local-view-logs.adoc b/gateway/1.13/modules/ROOT/pages/flex-local-view-logs.adoc new file mode 100644 index 000000000..c95037b8b --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-local-view-logs.adoc @@ -0,0 +1,39 @@ += Viewing Standard Output Logs +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Omni Gateway maintains standard output logs for individual replicas. Use the standard output logs for quick logging checks when additional logging output is not needed, such as ensuring when an external service is running or API requests are reaching Omni Gateway. + +You do not need to configure log output to view standard output logs. However, if you want access logs to appear in standard output logs, you must apply a Message Logging policy to the APIs you want to monitor. To apply a Message Logging policy, see xref:flex-local-third-party-logs-config.adoc#configure-access-logs[Configuring Access logs]. + +You can also configure additional Fluent Bit to enable custom logging outputs and customize the log level info. To configure additional logging, see xref:flex-local-third-party-logs-config.adoc[]. + +To view additional log outputs, find the appropriate method to view them. The following commands display only the standard output logs. + +== View Logs + +To view the standard output logs of your replica, run one of the following commands: + +For Linux: +[source,ssh] +---- +journalctl -u flex-gateway* +---- + +For Docker: +[source,ssh] +---- +docker logs -f +---- + +For Kubernetes: +[source,ssh] +---- +kubectl logs -f +---- + +== See Also + +* https://docs.fluentbit.io/manual[Fluent Bit documentation] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-managed-configure.adoc b/gateway/1.13/modules/ROOT/pages/flex-managed-configure.adoc new file mode 100644 index 000000000..77423d807 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-managed-configure.adoc @@ -0,0 +1,11 @@ += Configuring Managed Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: conn + +* xref:flex-managed-inbound-tls-config.adoc[] - CloudHub 2.0 private spaces enable you to protect your API instances with inbound TLS and mTLS. +* xref:flex-managed-outbound-tls-config.adoc[] - Managed Omni Gateway on CloudHub 2.0 enables you to configure TLS and mTLS contexts for each upstream. +* xref:flex-managed-timeout.adoc[] - Managed Omni Gateway on CloudHub 2.0 enables you to configure default timeout settings for your runtime and APIs. +* xref:flex-managed-tracing-config.adoc[] - Managed Omni Gateway on CloudHub 2.0 enables you to configure distributed tracing. \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-managed-inbound-tls-config.adoc b/gateway/1.13/modules/ROOT/pages/flex-managed-inbound-tls-config.adoc new file mode 100644 index 000000000..0af408975 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-managed-inbound-tls-config.adoc @@ -0,0 +1,15 @@ += Configuring Inbound TLS for Managed Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: conn + + +For Managed Omni Gateway deployed on CloudHub 2.0, the CloudHub 2.0 private space manages the inbound TLS. + +To configure a TLS context for the private space you're deploying your Managed Omni Gateway to, see xref:cloudhub-2::ps-config-domains.adoc[]. + +Configuring a TLS context for your private space means all APIs deployed to Managed Omni Gateways in the private space are HTTPS and secure. + +To configure outbound TLS context, see xref:flex-managed-outbound-tls-config.adoc[]. \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-managed-message-log.adoc b/gateway/1.13/modules/ROOT/pages/flex-managed-message-log.adoc new file mode 100644 index 000000000..c1b29ac55 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-managed-message-log.adoc @@ -0,0 +1,7 @@ += Configuring Message Logging for Managed Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +include::partial$flex-message-log.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-managed-monitor.adoc b/gateway/1.13/modules/ROOT/pages/flex-managed-monitor.adoc new file mode 100644 index 000000000..ccf4523d4 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-managed-monitor.adoc @@ -0,0 +1,16 @@ += Monitoring in Managed Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Managed Omni Gateway allows you to access logs and view key metrics. + +Refer to these topics for details about monitoring Managed Omni Gateway: + +* xref:flex-managed-view-status.adoc[] +* xref:flex-managed-message-log.adoc[] +* xref:flex-managed-view-api-metrics.adoc[] +* xref:flex-managed-view-api-status.adoc[] +* xref:flex-managed-view-logs-in-runtime-manager.adoc[] +* xref:flex-managed-view-logs-in-monitoring.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-managed-outbound-tls-config.adoc b/gateway/1.13/modules/ROOT/pages/flex-managed-outbound-tls-config.adoc new file mode 100644 index 000000000..0b4c771f6 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-managed-outbound-tls-config.adoc @@ -0,0 +1,149 @@ += Configuring Outbound TLS for Managed Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-mode: conn + +Outbound Transport Layer Security (TLS) encrypts communication between Omni Gateway and upstream services. + +include::partial$task-tls-config.adoc[tag=share-contexts] + +After you xref:anypoint-security::asm-secret-group-creation-task.adoc[create a secret group], you can add a TLS context or a mutual authentication TLS (mTLS) context and apply the TLS context to upstreams in API Manager to encrypt outbound traffic. + + +include::partial$task-tls-config.adoc[tags=defaultOutboundTLS] + +include::partial$task-tls-config.adoc[tag=aia-support] + +== Before You Begin +Before configuring the outbound TLS context for a Managed Omni Gateway, complete the following tasks: + +* xref:anypoint-security::asm-secret-group-creation-task.adoc[Create a Secret Group] ++ +When adding a secret group, refer to the <>. ++ +Depending on your desired configuration, either: ++ +** xref:anypoint-security::asm-secret-group-creation-task.adoc#adding-a-keystore[Add a Keystore] +** xref:anypoint-security::asm-secret-group-creation-task.adoc#adding-a-truststore[Add a Trustore] ++ +NOTE: Privacy Enhanced Mail (PEM) type is required for your Keystore or Truststore. + +// TLS Configuration Options + +[[tls-configuration-options]] +== Outbound TLS Configuration Options +You can configure your outbound TLS context to support regular TLS or mTLS. + +Refer to the following cross reference table for the required TLS context configuration settings in the <> step: + +[%header%autowidth.spread,cols="a,a,a"] +|=== +| Parameter | Outbound TLS | Outbound mTLS +| *Keystore* | Not Used | Required +| *Truststore* | Required, unless skip server cert validation is selected | Required to validate upstream certificate +| *Validate Client certificate* | Not Used | Not Used +| *Skip server certificate validation* | Either | Not Selected +|=== + +A parameter that is "Not Used" for a configuration implies its status does not affect configuration. + +To simplify your configurations, create different TLS contexts for the different traffic directions of your API instance. You can also use the same TLS context to support different traffic directions, but you can't support TLS and mTLS for the same direction by using the same context. Include the required parameters for both directions if you use the same TLS context for different directions. + +// Add TLS Context in Secrets Manager +[[add-a-tls-context]] +== Add a TLS Context for Omni Gateway + +Adding a TLS context to your secret group requires supplying a name, target, version, and keystore or truststore. You can also add context expiration date and ALPN Protocols and configure the outbound settings. + +[WARNING] +==== +If you edit a secret group, including a TLS context, that is currently applied to an API instance, you must redeploy each API instance to apply the changes. To redeploy API instances, see <>. +==== + +To add a TLS context: + +. Go to *Anypoint Platform > Secrets Manager*. +. To apply your TLS context to API instances, make your secret group downloadable. ++ +To make your secret group downloadable: + +.. Click the pencil icon next to the name of your secret group. +.. If *Secret Group Downloadable* is selected, click *Cancel*. +.. If *Secret Group Downloadable* is not selected, select it and click *Save*. +. In the *Secret Groups* list view, click the *Edit* button of the secret group to add a TLS context. +. Select *TLS Context* in the menu on the left, and then click *Add TLS Context*. +. In the Create TLS context screen, add the required information: ++ +* *Name* + +Enter a name for your TLS context. +* *Target* + +Select *Omni Gateway* to use the TLS context as the SSL validation for Omni Gateway APIs. +* *Min TLS Version* and *Max TLS Version* + +Support a range of TLS versions or a single version by selecting the same version for the minimum and maximum. +* *Keystore* + +If necessary for your configuration, select the PEM type keystore to store in the TLS context. The keystore contains the certificate presented by Omni Gateway to the remote party for outbound TLS. ++ +[NOTE] +==== +To comply with security standards, all certificates must be 2048 bits or longer. +==== +* *Truststore* + +If necessary for your configuration, select a PEM type truststore to store certificates trusted by the client. The truststore contains the CA path that Omni uses to validate the remote party certificate for outbound TLS. ++ +[NOTE] +==== +Upstream certificates must include the Subject Alternative Name (SAN) extension. The Common Name (CN) field is deprecated. + +Omni Gateway supports the SAN extension of type `dNSName`. +==== +* *Expiration Date* + +Optionally, enter an expiration date for the TLS context. +* *ALPN Protocols* + +By default, *H2 - HTTP/1.1* are the selected ALPN protocols. Change this value to support different protocols. +* *Outbound Settings* + +If you don't want to support mTLS for outbound traffic, select *Skip server certificate validation*. + +. If you want to customize cipher support for your TLS context, <>. ++ +Cipher selection is not available if only supporting TLS version 1.3. +. Click *Save*. + +//redeploy + +== Apply a TLS Context to an API + +You can apply a TLS context to an upstream service when configuring the upstream configuration of a new API instance or by editing an existing instance's upstream configuration. + +For information about either option, see the relevant tutorial: + +* xref:api-manager::create-instance-task-flex.adoc[] +* xref:api-manager::edit-api-endpoint-task.adoc[] + +To apply a TLS context to an upstream service: + +. Go to *Anypoint Platform > API Manager*. +. Navigate to either the: +* Downstream configuration page, if adding a new API instance. +* *Settings* page, if editing an existing API instance. +. Configure the upstream service, if adding a new API instance. +. Click *Add TLS Context*. +.. Select a *Secret Group*. +.. Select a *TLS Context*. +.. Click *Ok*. +. Finish creating the API instance or save the configuration edits. + + + +include::partial$task-flex-add-tls-context.adoc[tags=redeploy] +//Redeploy + +//Ciphers +include::partial$flex-tls-cipher.adoc[tags=connectedSelect;cipherSupport;ciphers] + +//Ciphers +== See Also + +* xref:flex-local-tls-config.adoc[] +* xref:policies-included-tls.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-managed-timeout.adoc b/gateway/1.13/modules/ROOT/pages/flex-managed-timeout.adoc new file mode 100644 index 000000000..39e4712c1 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-managed-timeout.adoc @@ -0,0 +1,22 @@ += Configure Timeouts for Managed Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +include::partial$timeout-configuration.adoc[tags=timeout-types] + +You can configure these timeouts for Managed Omni Gateway via: + +* Managed Omni Gateway deployment: Set initial timeout values when you create the gateway. +* Runtime Manager runtime configurations: Applies to all API instances in the gateway after the gateway is deployed. +* Policy: Applies to one API instance or upstream and provides granular control. + +== Configure Timeouts During Managed Gateway Deployment + +Set timeout values in the deployment flow when you create a Managed Omni Gateway. +For the UI steps and parameter descriptions, see xref:flex-gateway-managed-set-up.adoc[]. + +include::partial$timeout-configuration.adoc[tags=timeout-runtime-manager] + +include::partial$timeout-configuration.adoc[tags=timeout-configuration-policies] diff --git a/gateway/1.13/modules/ROOT/pages/flex-managed-tracing-config.adoc b/gateway/1.13/modules/ROOT/pages/flex-managed-tracing-config.adoc new file mode 100644 index 000000000..61895bda9 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-managed-tracing-config.adoc @@ -0,0 +1,35 @@ += Configuring Distributed Tracing for Managed Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +include::partial$tracing-support.adoc[] + +== Enable and Configure Distributed Tracing for your Managed Omni Gateway + +To enable distributed tracing for your Managed Omni Gateway: + +. From Anypoint Platform, select *Runtime Manager > Omni Gateways*. +. Click the Managed Omni Gateway name. +. In the navigation menu, click Settings. +. Click *Advanced options*. +. Click *Tracing*. +. Turn on *Distributed tracing*. +. Set the *Sampling percentage* to the percentage of transactions that you want to trace. +** This setting corresponds to the `overall` sampling percentage. The `client` and `random` sampling percentages are set to 100% by default, if the sampling percentage is set to a non-zero value here. +** Set the *Sampling percentage* to 0 if you want to specify the sampling percentage only on a per-API basis, using the Tracing policy. +. Click *Apply Changes*. + +include::partial$tracing-export.adoc[tags=telemtery-exporter] + +// == Configure Labels + +// To configure labels for your Managed Omni Gateway: + +// . From Anypoint Platform, select *Runtime Manager > Omni Gateways*. +// . Click the Managed Omni Gateway name. +// . In the navigation menu, click Settings. +// . Click *Advanced options*. + +include::partial$tracing-configuration.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-managed-view-api-metrics.adoc b/gateway/1.13/modules/ROOT/pages/flex-managed-view-api-metrics.adoc new file mode 100644 index 000000000..b774f002c --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-managed-view-api-metrics.adoc @@ -0,0 +1,12 @@ += Viewing Key Metrics in API Manager for Managed Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +include::partial$flex-view-api-metrics.adoc[] + +== See Also + +* xref:flex-managed-view-status.adoc[] +* xref:monitoring::api-analytics-dashboard.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-managed-view-api-status.adoc b/gateway/1.13/modules/ROOT/pages/flex-managed-view-api-status.adoc new file mode 100644 index 000000000..62cdf9044 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-managed-view-api-status.adoc @@ -0,0 +1,7 @@ += Viewing API Status in Runtime Manager for Managed Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +include::partial$flex-view-api-status.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-managed-view-logs-in-monitoring.adoc b/gateway/1.13/modules/ROOT/pages/flex-managed-view-logs-in-monitoring.adoc new file mode 100644 index 000000000..9c45cea78 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-managed-view-logs-in-monitoring.adoc @@ -0,0 +1,17 @@ += Viewing Managed Omni Gateway Runtime and Access Logs in Anypoint Monitoring +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Use Anypoint Monitoring to see both runtime and access logs. Use the Anypoint Monitoring filtering to see different detailed logging views. + +To access Anypoint Monitoring from the Runtime Manager Omni Gateway UI: + +. From Anypoint Platform, select *Runtime Manager*. +. Select *Omni Gateways* in the navigation menu. +. Click the name of the Omni Gateway whose logs you want to view. +. Click *Logs*. +. Click *View logs in Anypoint Monitoring*. ++ +This action takes you to the Anypoint Monitoring UI. \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-managed-view-logs-in-runtime-manager.adoc b/gateway/1.13/modules/ROOT/pages/flex-managed-view-logs-in-runtime-manager.adoc new file mode 100644 index 000000000..bbd8a9a33 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-managed-view-logs-in-runtime-manager.adoc @@ -0,0 +1,20 @@ += Viewing Runtime Logs in Runtime Manager for Omni Managed Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Use Runtime Manager to view the runtime logs of your Omni Gateway. Runtime Manager enables you to search for keywords within the logs and to filter by *Replica*, *Time Range*, and *Log Level*. + +Runtime Manager stores up to 100 MB of logs per Omni Gateway for 30 days. Runtime Manager automatically purges logs that go beyond 100 MB per Omni Gateway. If you need more storage, either use Anypoint Monitoring to access these logs (Titanium subscription required) or use a third-party logging service. + +To access Omni Gateway runtime logs in Runtime Manager: + +. From Anypoint Platform, select *Runtime Manager*. +. Select *Omni Gateways* in the navigation menu. +. Click the name of the Omni Gateway whose logs you want to view. +. Click *Logs*. + +== See Also + +* xref:flex-managed-view-logs-in-monitoring.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-managed-view-status.adoc b/gateway/1.13/modules/ROOT/pages/flex-managed-view-status.adoc new file mode 100644 index 000000000..fa1641d7b --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-managed-view-status.adoc @@ -0,0 +1,30 @@ += Monitoring Omni Gateway Metrics +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +== View a Managed Omni Gateway Metrics in Runtime Manager + +The Managed Omni Gateway Dashboard in Runtime Manager presents a comprehensive view of the gateway, detailing its status, endpoints, private space, API capacity, request volume, data consumption, and average CPU and memory usage. In addition, it provides metrics on latency and error count for thorough monitoring. + + +To view information about a Managed Omni Gateway Instance: + +. From Anypoint Platform, select *Runtime Manager*. +. Select *Omni Gateways* in the navigation menu. +. Select the name of the Managed Omni Gateway to view its status. + +[[audit-logs]] +== View Managed Omni Gateway Audit Logs + +Access Management audit logs provide a queryable history of actions performed within Anypoint Platform. Use audit logs to track Managed Omni Gateway actions, such as creating, editing, starting, and stopping gateways. + +To learn more about Audit Logs, see xref:access-management::audit-logging.adoc[]. + +To view Managed Omni Gateway audit logs: + +. From Anypoint Platform, select *Access Management*. +. Click *Audit Logs*. +. Click the *Products* drop down. +. Select *Managed Gateway*. \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-review-prerequisites.adoc b/gateway/1.13/modules/ROOT/pages/flex-review-prerequisites.adoc new file mode 100644 index 000000000..a3bfecddd --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-review-prerequisites.adoc @@ -0,0 +1,209 @@ += Requirements and Limits for Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:page-aliases: runtime-manager::flex-gateway-permissions.adoc +:imagesdir: ../assets/images + +Before you download and install Anypoint Omni Gateway, review the following requirements and limits. + +== Omni Gateway Requirements + +=== Permission Requirements + +To use Omni Gateway you must have these permissions: + +[%header,cols="20a,30a,50a"] +|=== +| Permission | Ability | Notes +| Manage Servers | Create, update, and delete server and Omni Gateway resources.| Runtime Manager permission, which is assigned to a specific environment in a Business Group. +| Read Servers | View server and Omni Gateway resources.| Runtime Manager permission, which is assigned to a specific environment in a Business Group. +| Usage Viewer | View gateway metrics. | Usage permission, which can be added only by an organization administrator at the root organization level. +|=== + +Your Anypoint Platform Admin can add these permissions in Access Management. +See xref:access-management::configure-teams.adoc#manage-team-permissions[Manage Team Permissions] for more information. + +=== Connected App Scope Requirements + +To register Self-Managed Omni Gateway using a Connected App, the following scopes are required: + +* Manage Servers +* Read Servers +* View Organization + +== Managed Omni Gateway Resource Requirements + +To use Managed Omni Gateway your Business Group must have at least one of these Managed Omni Gateway resources: + +* Large Managed Omni Gateways +* Small Managed Omni Gateways + +Deploying an Extra Large Managed Omni Gateway requires two Large Managed Omni Gateways resources. + +These resources aren't inherited. To redistribute Managed Omni Gateway resources to a business group, see xref:access-management::business-groups.adoc#redistribute-resources[Redistribute Resources Between Existing Business Groups]. + +== Managed Omni Gateway Private Space Requirement + +To use Managed Omni Gateway, you have created a private space in CloudHub 2.0 or have access to a private space created by someone else. + +To create a private space, see xref:cloudhub-2::ps-create-configure.adoc[]. + + +== Software Requirements for Self-Managed Omni Gateway + +Omni Gateway isn't supported on Windows or in Docker running on Windows. + +=== Software Requirements for Kubernetes and OpenShift Deployments + +Running Omni Gateway requires: + +* A minimum of either Kubernetes 1.21 or OpenShift 4.8. + +* Ingress v1 (stable), which requires specifying `apiVersion: networking.k8s.io/v1` as the API version in your configuration resources. + +* A private cloud or data center. ++ +Or, a cloud provider such as the following: + +** Google Kubernetes Engine (GKE) +** Amazon Elastic Kubernetes Service (Amazon EKS) +** Azure Kubernetes Service (AKS) + +//helm prereq +* {empty} +include::partial$prerequisites.adoc[tag=helm] + +=== Software Requirements for Linux Deployments + +include::partial$prerequisites.adoc[tag=intro] + +* {empty} +include::partial$prerequisites.adoc[tag=amazon-linux] + +* {empty} +include::partial$prerequisites.adoc[tag=centos] + +* {empty} +include::partial$prerequisites.adoc[tag=debian] + +* {empty} +include::partial$prerequisites.adoc[tag=red-hat] + +* {empty} +include::partial$prerequisites.adoc[tag=red-hat-ibm] + +* {empty} +include::partial$prerequisites.adoc[tag=ubuntu] + +Omni Gateway is designed to run in cloud-native architectures. Therefore, multiple installations on a single Linux VM aren't supported. You can install only one gateway instance per Linux VM. + +=== Software Requirements for Container Deployments + +Omni Gateway supports the following: + +* Docker +* Podman + +Additionally, Omni Gateway supports the following container orchestration services: + +* Amazon Elastic Container Service (Amazon ECS) +* Azure Container Service (ACS) +* Google Cloud Run +* AWS Fargate + +== Hardware Requirements for Self-Managed Omni Gateway + +A single Omni Gateway can support multiple backend APIs. To support more backend APIs, you can deploy multiple replicas or additional Omni Gateways. For information about sizing, refer to xref:flex-sizing-guide.adoc[]. + +Omni Gateway requires either an Intel or AMD-64 processor. + +== Ports, IPs, and Hostnames Allowlist Requirements + +For Omni Gateway to communicate with MuleSoft-managed online Anypoint Platform APIs and services, you must add these hostnames and ports of external resources to the allowlist: + +[%header%autowidth.spread] +|=== +|Plane |Host |Port| Mode| Description| Protocol +|*US*|*anypoint.mulesoft.com* | 443| Both| Required to connect with the control plane, push internal metrics, and download custom policy binaries.| HTTPS +|*US*|*arm-mcm2-service.kprod.msap.io* | 443| Both| Required to communicate with the transport layer.| mTLS +|*US*|*logging.ingestion.us-east-1.prod.cloudhub.io* | 443| Both| Required to send analytics data to the control plane.| HTTPS +|*US*|*metering.ingestion.us-east-1.prod.cloudhub.io* | 443| Both| Required to send analytics data to the control plane.| HTTPS +|*US*|*monitoring.ingestion.us-east-1.prod.cloudhub.io* | 443| Both| Required to send analytics data to the control plane.| HTTPS +|*US*|*exchange-files.anypoint.mulesoft.com* | 443| Connected| Required to download policies.| HTTPS +|*US*|*exchange2-asset-manager-kprod.s3.amazonaws.com* | 443| Connected| Required to download policies.| HTTPS +|*US*|*configuration-resolver.prod.cloudhub.io* | 443| Connected| Required to download policies.| mTLS +|*US*|*us1.ingest.mulesoft.com* | 443| Both| Required to send analytics data to the control plane.| HTTPS +|*US*|*flex-packages.anypoint.mulesoft.com* | 443| Both| Required to download and install Omni Gateway.| HTTPS +|*EU*|*eu1.anypoint.mulesoft.com* | 443| Both| Required to connect with the control plane, push internal metrics, and download custom policy binaries.| HTTPS +|*EU*|*arm-mcm2-service.kprod-eu.msap.io* | 443| Both| Required to communicate with the transport layer.| mTLS +|*EU*|*logging.ingestion.eu-central-1.prod-eu.msap.io* | 443| Both| Required to send analytics data to the control plane.| HTTPS +|*EU*|*metering.ingestion.eu-central-1.prod-eu.msap.io* | 443| Both| Required to send analytics data to the control plane.| HTTPS +|*EU*|*eu1.ingest.mulesoft.com* | 443| Both| Required to send analytics data to the control plane.| HTTPS +|*EU*|*monitoring.ingestion.eu-central-1.prod-eu.msap.io* | 443| Both| Required to send analytics data to the control plane.| HTTPS +|*EU*|*configuration-resolver.prod-eu.msap.io* | 443| Connected| Required to download policies.| mTLS +|*EU*|*exchange-files.eu1.anypoint.mulesoft.com* | 443| Connected| Required to download policies.| HTTPS +|*EU*|*exchange2-asset-manager-kprod-eu.s3.eu-central-1.amazonaws.com* | 443| Connected| Required to download policies.| HTTPS +|*EU*|*flex-packages.anypoint.mulesoft.com* | 443| Both| Required to download and install Omni Gateway.| HTTPS +|*EU*|*flex-packages.eu1.anypoint.mulesoft.com* | 443| Both| Required to download and install Omni Gateway.| HTTPS +|=== + +[NOTE] +==== +Ports 9998 and 9999 are reserved for internal processes and shouldn't be used in `ApiInstance` definitions. +==== + +[[limits]] +== Omni Gateway Limits and Performance Metrics + +[%header%autowidth.spread,cols="a,>.> +. Protect your Omni Gateway: +.. <> +.. <> +. <> +. <> +. <> +. <> +. <> +. <>: +.. <> +.. <> +. <> + +NOTE: Guidelines on this page are applicable to all Omni Gateway runtime environments, but diagrams are only provided for Kubernetes. + +[[secure-flex-gateway-in-anypoint-platform]] +== Secure Omni Gateway in Anypoint Platform + +Always apply the principle of least privilege to Omni Gateways in Anypoint Platform. Users who have access to Omni Gateway are able to view Omni Gateway configuration details and logs. Use users and team permissions to limit access to Omni Gateways to only those users who maintain the runtime. Provide read-only access except for users who deploy or manage the gateway configuration. + +To learn how to manage access, see xref:access-management::index.adoc[]. + +[[secure-the-flex-gateway-registration-resource]] +== Secure the Omni Gateway Registration Resource + +Omni Gateway stores registration information locally. This registration resource contains the certificate the Omni Replica uses to communicate and authenticate itself with Anypoint Platform. Omni Gateway communicates with Anypoint Platform via mTLS. + +Restrict access to the registration resource to ensure there's no unauthorized execution of replicas. Specifically: + +* Ensure you encrypt secrets at rest and you enforce least privilege access for the registration resource secret. +* Store sensitive data, such as credentials and API keys, in secure vaults, for example, AWS Secrets Manager, Azure Key Vault, or HashiCorp Vault. +* Avoid hardcoding secrets and only use environment variables for non-sensitive configurations. +* Encrypt sensitive information in configuration files. + +For best practices for Kubernetes deployments, see https://kubernetes.io/docs/concepts/security/secrets-good-practices/[Good practices for Kubernetes Secrets]. + +[[renew-the-flex-certificate]] +== Renew the Omni Certificate + +Anypoint Omni Gateway uses a managed PKI certificate to communicate with Anypoint Platform. This certificate is generated when you register Omni Gateway. Renew the certificate before its expiration date to ensure the runtime can connect to the control plane. + +To learn how to renew your registration, see xref:flex-gateway-renew-certificate.adoc[]. + +[[update-your-flex-gateway]] +== Update your Omni Gateway + +MuleSoft regularly provides security updates for Omni Gateway. Keep your Omni Gateway updated to the latest version to address vulnerabilities. To reduce the risk of incompatibilities, follow safe change processes and upgrade sandbox runtimes ahead of production. + +To learn more about how to update your Omni Gateway, see xref:flex-gateway-upgrade.adoc[]. + +[[avoid-logging-payload-data]] +== Avoid Logging Payload Data + +Runtime logs are available in the runtime layer through the `stdout` of the Omni Gateway pods and in the Anypoint control plane for Connected Mode. + +To ensure compromised runtime logs don't leak client information, avoid logging payload data in runtime logs. + +If using other third party monitoring and analytics platforms, ensure you consider then in access reviews. + +[[secure-flex-gateway-service-pods]] +== Secure Omni Gateway Service Pods + +Restrict access to Omni Gateway runtime pods to ensure unauthorized personel cannot access Omni Gateway configuration data or tamper with the runtime. + +For Kubernetes deployments, restrict access to command execution in the pod by using Kubernetes Role-based access control (RBAC). For more information, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/[Using RBAC Authorization]. + +In non-Kubernetes deployments, restrict access to the Omni Gateway virtual machine to open sessions. + +[[secure-redis-shared-storage]] +== Secure Redis Shared Storage + +Omni Gateway uses Redis shared storage to cache request data and runtime configurations in Connected Mode only. An unauthorized user can obtain cached configuration data, such as Omni configuration or request processing caches, and can disrupt the runtime. You must secure the Redis service to prevent unauthorized access. + +To secure the Redis shared storage, see https://redis.io/docs/latest/operate/rs/security/recommended-security-practices/[Redis Recommended security practices]. Enable access control to limit Redis access from sources other than Omni Gateway. Deploy the Redis as close as possible to the Omni Gateway deployment to further limit vulnerabilities. + +[[protect-the-flow-of-incoming-traffic]] +== Protect the Flow of Incoming Traffic (API Consumer to Omni Gateway) + +How you protect the flow of incoming traffic from external attacks is dependent on the source of incoming traffic. + +For requests coming from the public internet, configure a first line of defense system to intercept the traffic before it reaches the Omni Gateway. Omni Gateway provides API-level protection but relies on other general protections for the first line of defense. Ensure you have these protections: + +* Network level protections, like ACLs and DNS Firewalls. Cloud providers and third parties typically provide these protections. +* First line application level protections, such as threat protection against DDoS attacks and Web Application Firewall. + +NOTE: For guidelines on handling incoming requests from external sources, see xref:flex-architecture-uc2.adoc[] and xref:flex-architecture-uc4.adoc[]. + +[[terminate-external-tls-at-point-of-entry]] +=== Terminate External TLS at Point of Entry + +To enable the firewall to perform L7 traffic security inspections, terminate external TLS connections at the firewall level. A valid Certificate Authority (CA) that's recognized by the consumer typically provides the certificates at this point of entry. + +Use a separate set of certificates for internal communication between the firewall, Omni Gateway, and other services in the infrastructure. For this communication, use mTLS security with both certificates issued by an internal authority or PKI. + +Certificates exposed to the internet are never used internally, and certificates that are used internally are never exposed to the internet. Separating internal and external certificates prevents potential leakage of the internal credentials. + +You can use Omni Gateway at both the runtime environment ingress layer or at the inner environment layer. For Omni Gateways at the ingress layer, limit the gateways' scope to TLS termination, routing, and other basic protections. Push more CPU and memory intensive operations to inner Omni Gateways. + +[[protect-apis-by-using-policies]] +=== Protect APIs by Using Policies + +Apply policies to enhance API protections. Omni Gateway offers xref:policies-included-directory.adoc[Included Policies] and enables you to develop custom policies by using xref:pdk::policies-pdk-overview.adoc[]. + +[[govern-apis-by-using-api-governance]] +=== Govern APIs by Using API Governance + +Use xref:api-governance::index.adoc[Anypoint API Governance] to ensure you design and deploy APIs in line with MuleSoft, industry, and your organization's best practices. + +[[protect-the-upstream-service]] +== Protect the Upstream Service (Omni Gateway to API Provider) + +How you protect the flow of traffic from Omni to the upstream service is dependent on the location of the upstream service. + +[[protect-services-available-locally-to-flex-gateway]] +=== Protect Services Available Locally to Omni Gateway + +Services that share the same network as Omni Gateway typically have lower security restrictions. + +The organization must define whether plain or TLS connections are in place. If using TLS, configure mTLS via Omni Gateway Outbound TLS contexts. To learn more about configuring TLS, see xref: + +* xref:flex-conn-tls-config.adoc[] +* xref:flex-local-tls-config.adoc[] + +To protect the upstream service from other services in the same network, configure the upstream service to accept traffic only from Omni Gateway. For Kubernetes, configure this using Network Policies. + +NOTE: For guidelines on communicating to an internal upstream service, see xref:flex-architecture-uc1.adoc[] and xref:flex-architecture-uc3.adoc[]. + +[[protect-external-services]] +=== Protect External Services + +When protecting external services not in the same network, connect to the service using mTLS communication. Configure a trusted network link, such as private VPC, between the networks to enable Omni Gateway to securely access the upstream service without exposing the service to the public internet. + +NOTE: For guidelines on communicating to an external upstream service, see xref:flex-architecture-uc2.adoc[] and xref:flex-architecture-uc4.adoc[]. + +[[perform-regular-testing]] +== Perform Regular Testing + +Perform regular penetration and vulnerability tests to identify new or regressed issues in your Omni Gateway deployment and exposed APIs. Consider these security aspects when testing: + +* User access controls in Anypoint Platform that enable access to Omni registration in Runtime Manager, logs in Anypoint Monitoring, and APIs in API Manager. +* Access to the deployed Omni Gateway that affects its function or data. +* Access to any configuration files used by the Omni runtime, especially the registration file. +* Access to the Redis shared storage service. +* Access to APIs deployed on the Omni Gateway. +* Access to the upstream services protected by the Omni Gateway APIs. + +== See Also + +* xref:flex-architecture-uc-overview.adoc[] +* xref:flex-architecture-shared-storage.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-sizing-guide.adoc b/gateway/1.13/modules/ROOT/pages/flex-sizing-guide.adoc new file mode 100644 index 000000000..fe16cb142 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-sizing-guide.adoc @@ -0,0 +1,67 @@ += Resource Sizing for Self-Managed Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:table-caption!: + +Before getting started with Omni Gateway, analyze and choose your configuration to obtain the best performance and auto-scaling rate. + +When assigning resources for a replica node, consider: + +* Number of APIs +* Amount of memory the node needs +* Processing power for the node +* Number of policies in each API +* Amount of traffic each node handles +* Amount of time the node takes to answer the request (latency) +* Type of traffic the node handles, and within the traffic: +** The number of requests per second (RPS) the node handles +** Size of each request (bytes) + +== Resources + +The following table describes the resources you must allocate to your replica node according to your environment: + +[options="header"] +|==== +| Node Size | CPU | RAM +| Small | 1-2 cores | 2-4 GB +| Medium | 2-4 cores | 4-8 GB +| Large | 8-16 cores | 16-32 GB +|==== + +NOTE: For IBM Power10 deployments, allocate 5-16 CPU cores for a "Large" node. + +NOTE: Nodes belonging to a cluster must be of the same size. + +== Cluster Size + +The following table describes appropriate node and cluster sizes: + +[options="header"] +|==== +| Node Size | Number of APIs | Number of Policies | Expected Latency | Expected Throughput | Target Environment +| Small | < 100 | 4 | < 30 ms | < 500 RPS | Dev/test cluster +| Medium | < 500 | 4 | < 20 ms | < 2500 RPS | Production cluster +| Large | > 500 | 4 | < 10 ms | < 10000 RPS | Mission-critical clusters +|==== + +These sizing figures are per node. API configurations replicate to all nodes in the cluster. For example, for 10 APIs deployed each with three policies, the 10 APIs and their policies are deployed to each node in the cluster. + +The traffic is distributed across all nodes in the cluster. A small cluster node supports up to 500 RPS, but if the cluster has two nodes then the total traffic that the cluster allows is 1000 RPS (500 RPS for each node). Exceeding the recommended traffic per node eventually causes increased CPU usage. To avoid this issue, you must increase the size of all nodes in the cluster or scale horizontally. + +High CPU usage can lead to increased latency. In such a case, proceed with horizontal scaling or increase the node size. + +High memory consumption can lead to out-of-memory errors. To solve this issue, increase the memory allocation or the node size. Horizontal scaling might not help solve issues in this situation. You must increase memory first, and scale horizontally later. + +These guidelines are for a cluster with an average request size of 1 KB and four policies implemented. Adjust your parameters depending on your use case. + +The most commonly used out-of-the-box policies are: + +* Message logging +* Rate limiting +* JWT validation +* Header injection + +Using TLS affects the response time and the process consumption. diff --git a/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-admin-api.adoc b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-admin-api.adoc new file mode 100644 index 000000000..89a4375b6 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-admin-api.adoc @@ -0,0 +1,321 @@ += Troubleshooting with the CLI +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Anypoint Omni Gateway includes a `flexctl dump` CLI that enables you to query for information related to a gateway's API instances, services, configuration, and available extensions (policies). + +As an example, the following inline configuration snippet defines a single API instance named `jsonplaceholder-api` in the default namespace (it remains `default` because namespace is not explicitly defined.) Additionally, the snippet defines one included policy: `http-basic-authentication-flex`. + +NOTE: To run `flexctl dump` for Linux deployments, either add the user to the `flex` user group or run `flexctl dump` with the `sudo` command. To learn more, see xref:flex-troubleshoot-linux-permissions.adoc[]. + +== Configuration Example + +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: jsonplaceholder-api +spec: + address: http://0.0.0.0:8080 + services: + jsonplaceholder: + address: https://jsonplaceholder.typicode.com:443/ + routes: + - rules: + - path: /api(/users/.*) + - path: /api(/comments/.*) + policies: + - policyRef: + name: http-basic-authentication-flex + config: + username: chris + password: admin +---- + +== Run the CLI + +. To see JSON representations of your API instances, services, configurations, and extensions, run the following command: ++ +[source,ssh] +---- +flexctl dump +---- ++ +[NOTE] +==== +When running in a Docker or Podman container, run the command in the container itself. +==== ++ +The command outputs four files: + +* `api-instances.json` +* `services.json` +* `configuration.json` +* `extensions.json` + +. View any of the JSON file contents by running `cat` followed by the file name: ++ +[tabs] +==== +Api Instances:: ++ +[source,ssh] +---- +cat api-instances.json +---- ++ +The `api-instances.json` file contents resemble the following: ++ +---- +[ + { + "address":"http://0.0.0.0:8080", + "kind":"ApiInstance", + "name":"jsonplaceholder-api", + "namespace":"default", + "policies":[ + { + "config":{ + "password":"admin", + "username":"chris" + }, + "extension":{ + "kind":"Extension", + "name":"http-basic-authentication-flex", + "namespace":"default" + }, + "kind":"Policy", + "name":"jsonplaceholder-api-http-basic-authentication-flex-1", + "namespace":"default" + }, + { + "config":{ + "destinationRef":{ + "kind":"Service", + "name":"jsonplaceholder-api-jsonplaceholder", + "namespace":"default" + } + } + "extension":{ + "kind":"Extension", + "name":"route", + "namespace":"default" + }, + "kind":"Policy", + "name":"jsonplaceholder-api-jsonplaceholder-route-1", + "namespace":"default", + "order":50, + "rules":[ + { + "path":"/api(/users/.*)" + }, + { + "path":"/api(/comments/.*)" + } + ] + }, + { + "extension":{ + "kind":"Extension", + "name":"envoy.filters.http.router", + "namespace":"default" + }, + "kind":"Policy", + "name":"envoy.filters.http.router", + "namespace":"default", + "order":2147483647 + } + ] + } +] +---- + +Services:: ++ +[source,ssh] +---- +cat services.json +---- ++ +The `services.json` file contents resemble the following: ++ +---- +[ + { + "address":"https://jsonplaceholder.typicode.com:443/", + "kind":"Service", + "name":"jsonplaceholder-api-jsonplaceholder", + "namespace":"default" + } +] +---- + + +Configuration:: ++ +[source,ssh] +---- +cat configuration.json +---- ++ +The `configuration.json` file contents resemble the following: ++ +---- +{ + "internalMetrics": { + "enabled": false + }, + "logging": {}, + "platformConnection": { + "anypoint": { + "url": "https://anypoint.mulesoft.com" + }, + "environment": { + "cluster_id": "4aa281e9-1a1d-4c56-8669-2d887b2e1938", + "env_id": "ad067f80-69ee-4abb-9d05-bec98ece1e20", + "org_id": "1caa0b9b-4f4d-43c4-a1b6-f925a8c77baa" + }, + "logging": { + "certificate": { + "cert": "demo-local.pem", + "key": "demo-local.key" + }, + "url": "https://logging.ingestion.us-east-1.msap.io/ingestion/api/v1/logging" + }, + "metering": { + "certificate": { + "cert": "demo-local.pem", + "key": "demo-local.key" + }, + "url": "https://metering.ingestion.us-east-1.msap.io/ingestion/api/v1/metering" + }, + "mode": "offline", + "monitoring": { + "certificate": { + "cert": "demo-local.pem", + "key": "demo-local.key" + }, + "url": "https://monitoring.ingestion.us-east-1.msap.io/ingestion/api/v1/monitoring" + }, + "runtimeEvents": { + "certificate": { + "cert": "demo-local.pem", + "key": "demo-local.key" + }, + "url": "https://anypoint.mulesoft.com/apiruntime/v1/events" + } + }, + "resourceLimits": { + "apiInstances": 100, + "policies": 400 + }, + "sharedStorage": {}, + "version": "1.1.0" +} +---- + +Extensions:: ++ +[source,ssh] +---- +cat extensions.json +---- ++ +The `extensions.json` file contains all the policies available in Omni Gateway. The file contents resemble the following: ++ +---- +{ + "extends": [ + { + "kind": "Extension", + "labels": { + "flex.mulesoft.com/created-by": "flex-filesystem", + "flex.mulesoft.com/managed-by": "flex-filesystem" + }, + "name": "extension-definition", + "namespace": "default" + }, + { + "kind": "Extension", + "labels": { + "flex.mulesoft.com/created-by": "flex-filesystem", + "flex.mulesoft.com/managed-by": "flex-filesystem" + }, + "name": "extension-qos", + "namespace": "default" + } + ], + "kind": "Extension", + "labels": { + "flex.mulesoft.com/created-by": "flex-filesystem", + "flex.mulesoft.com/managed-by": "flex-filesystem" + }, + "name": "header-injection-definition", + "namespace": "default", + "properties": [ + { + "name": "config", + "properties": [ + { + "items": { + "name": "inboundHeaders", + "properties": [ + { + "name": "key", + "type": "stringOrDataweave" + }, + { + "name": "value", + "type": "stringOrDataweave" + } + ], + "type": "object" + }, + "name": "inboundHeaders", + "type": "array" + }, + { + "items": { + "name": "outboundHeaders", + "properties": [ + { + "name": "key", + "type": "stringOrDataweave" + }, + { + "name": "value", + "type": "stringOrDataweave" + } + ], + "type": "object" + }, + "name": "outboundHeaders", + "type": "array" + } + ], + "type": "object" + } + ] + } +---- +==== + +== Change Verbosity Level + +You can change the amount of information output by the `flexctl dump` CLI. For example, to increase verbosity to a value of `10`, run `flexctl dump` with the following: + +[source,ssh] +---- +flexctl dump -v 10 +---- + +== Change Output Directory + +Additionally, you can change the directory where `flexctl dump` outputs the four files. For example, to output to `/tmp`, run `flexctl dump` with the following: + +[source,ssh] +---- +flexctl dump --output-directory /tmp +---- \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-debug-logs.adoc b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-debug-logs.adoc new file mode 100644 index 000000000..8848df6c3 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-debug-logs.adoc @@ -0,0 +1,40 @@ += Troubleshooting Self-Managed Gateway with Debug Logs +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +When troubleshooting Omni Gateway, set the runtime log level to `debug` for more verbose runtime logs. + +This page explains how to configure debug runtime logs. To configure debug access logs, set the `level` parameter in your xref:policies-included-message-logging.adoc[Message Logging policy] to `DEBUG`. + +== Debug Logs Configuration Example + +For both Connected Mode and Local Mode, configure debug runtime logs using the following YAML configuration file: + +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: logging-config +spec: + logging: + runtimeLogs: + logLevel: debug +---- + + +To configure debug runtime logs, use the previous YAML configuration file when prompted for your configuration details in the following tutorials: + +* xref:flex-conn-third-party-logs-config.adoc[Configure External Logs in Connected Mode] +* xref:flex-local-third-party-logs-config.adoc[Configure External Logs in Local Mode] + +If you have already configured a logging configuration file, set `logging.runtimeLogs.logLevel` to `debug` in you current file to enable debug runtime logs. This does not affect the log output location or access logs. + +== See Also + +To view runtime log output, see: + +* xref:flex-view-logs-in-runtime-manager.adoc[] +* xref:flex-local-view-logs.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-docker.adoc b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-docker.adoc new file mode 100644 index 000000000..7f9986ffa --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-docker.adoc @@ -0,0 +1,24 @@ +[[docker-troubleshooting]] += Troubleshooting Docker Command Issues + +//intro +include::partial$troubleshoot.adoc[tags=troubleshoot-docker-intro] + +[[daemon-bad-response]] +== Docker Is Not Started + +//error +include::partial$troubleshoot.adoc[tags=troubleshoot-docker-daemon-bad-response] + +[[bad-request]] +== Reg Facade Error (400 Bad Request) + +//error +include::partial$troubleshoot.adoc[tags=troubleshoot-docker-bad-request] + + +== See Also + +* xref:flex-troubleshoot-requests.adoc[] +* xref:flex-troubleshoot-admin-api.adoc[] +* xref:flex-gateway-set-up.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-helm.adoc b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-helm.adoc new file mode 100644 index 000000000..793e157df --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-helm.adoc @@ -0,0 +1,33 @@ +[[helm-troubleshooting-helm]] += Troubleshooting Helm Command Issues + +[[troubleshoot-helm-intro]] +//intro +include::partial$troubleshoot.adoc[tags=troubleshoot-helm-intro] + +[[troubleshoot-helm-yaml-empty]] +== Upgrade Failed: Execution Error +//error: +include::partial$troubleshoot.adoc[tags=troubleshoot-helm-yaml-empty] + +[[troubleshoot-helm-upgrade-failed]] +== Upgrade Failed: Timed Out +//error: +include::partial$troubleshoot.adoc[tags=troubleshoot-helm-upgrade-failed] + +[[troubleshoot-helm-cluster-unreachable]] +== Kubernetes Cluster Unreachable +//error: +include::partial$troubleshoot.adoc[tags=troubleshoot-helm-cluster-unreachable] + + +[[troubleshoot-helm-openshift-rbac]] +== Failed to Install CRD +//error: +include::partial$troubleshoot.adoc[tags=troubleshoot-helm-openshift-rbac] + + +== See Also + +* xref:flex-gateway-k8-getting-started.adoc[] +* xref:flex-gateway-set-up.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-linux-permissions.adoc b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-linux-permissions.adoc new file mode 100644 index 000000000..283c7d51c --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-linux-permissions.adoc @@ -0,0 +1,51 @@ += Troubleshooting Linux Permissions +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +To help limit access to information about an Omni Gateway, the following `flexctl` commands can be executed on Linux deployments only by the root user and by users in the `flex` user group: + +* `flexctl dump` +* `flexctl version` +* `flexctl check connections` +* `flexctl probe` +* `flexctl registration inspect` (when executed without the `--file` flag) + +There are two options to execute these commands: + +* <> +* <> + +[[add-user-to-flex-group]] +== Add the User to the flex User Group + +Adding a user to the `flex` user group is a permanent solution and requires no action after the user is added. Execute the following command to add the current user to the `flex` user group: + +[source,ssh] +---- +sudo usermod -a -G flex $USER +---- + +After running the command, the user must log in to the VM again to begin using the `flexctl` commands. + +[[run-as-root-user]] +== Run as the Root User + +Executing the `sudo` command with your `flexctl` command is the quickest way to access Omni Gateway information. However, you must execute the `sudo` command every time you run a `flexctl` command if the user is not part of the `flex` user group: + +[source,ssh] +---- +sudo flexctl +---- + +When the `sudo flexctl dump` command is executed, the root user is the owner of the created dump files. If the current user is not the root user, the user cannot view the dumped files. To view the files, execute the following command to change the owner of the files: + +[source,ssh] +---- +sudo chown $USER *.json +---- + +== See Also + +* xref:flex-troubleshoot-admin-api.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-linux-services.adoc b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-linux-services.adoc new file mode 100644 index 000000000..6ce2f646b --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-linux-services.adoc @@ -0,0 +1,47 @@ += Troubleshooting Linux Services +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +The following topics provide possible causes for service issues and describe how to troubleshoot: + +* <> +* <> + + +[[flex-gateway-service-failed-to-run]] +== Omni Gateway Service Failed to Run + +The `flex-gateway.service` status displays `failed` after running the `systemctl list-units flex-gateway*` command. + +=== Diagnose + +To diagnose the service failure, run the following command: + +[source,ssh] +---- +journalctl -u flex-gateway +---- + +==== Error 1: “Panic: could not read platform configuration” + +If the output of the `journalctl` command includes this line: + +[source,ssh] +---- +flex-agent[3253]: panic: could not read platform configuration: open : no such file or directory +---- + +The problem can be resolved by running `chmod` on the files created during registration. + +[[other-services-failed-to-run]] +== Other Services Failed to Run + +If your error does not appear, attempt to restart Omni Gateway: + +[source,ssh] +---- +sudo ldconfig +sudo systemctl restart flex-gateway +---- diff --git a/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-logging.adoc b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-logging.adoc new file mode 100644 index 000000000..41cf14723 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-logging.adoc @@ -0,0 +1,46 @@ += Troubleshooting Self-Managed Gateway Logging Issues +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +When configuring logging for Anypoint Omni Gateway, you might encounter logging issues caused by incorrect directory permissions, and so on. The following topics provide possible causes for logging issues and describe how to troubleshoot: + +* <> +* <> + +[[third-party-service]] +== Logs Do Not Appear in a Third-Party Logging Service + +After applying a logging configuration YAML file, logs should begin appearing within a few minutes. If your logs do not appear in your third party logging service: + +. Ensure that your third-party service is running. +. If the service is running, check the runtime logs for potential configuration errors. ++ +You can view the runtime logs for both Omni Gateways running in Connected Mode and Local Mode by following the steps in xref:flex-local-view-logs.adoc[]. Additionally, for Omni Gateways running in Connected Mode, you can xref:flex-view-logs-in-runtime-manager.adoc[view runtime logs in Runtime Manager]. ++ +Potential configuration errors appear similar to the following: ++ +---- +[flex-gateway-fluent] [2023/09/07 20:17:49] [error] [output:http:http.1] hzk83039.live.dynatrace.com:443, HTTP status=401 +[flex-gateway-fluent] {"error":{"code":401,"message":"Missing authorization parameter."}} +[flex-gateway-fluent] [2023/09/07 20:17:49] [ warn] [engine] failed to flush chunk '20-1694117863.683606251.flb', retry in 7 seconds: task_id=2, input=emitter_for_rewrite_tag.11 > output=http.1 (out_id=1) +---- + +. Whether or not configuration errors appear in the runtime logs, view the /var/tmp/mulesoft/flex-gateway/fluent-bit.conf file to ensure your configuration values are correct. + + + + +[[incorrect-permissions]] +== Logs Do Not Appear when Running in a VM + +Log files do not appear after specifying a target log directory in an access log policy. An example log directory might be `/var/log`. + +=== Cause + +Your log output directory might not have `write` permission. + +=== Solution + +To resolve this issue, grant `write` permission to the output directory. diff --git a/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-managed-creation.adoc b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-managed-creation.adoc new file mode 100644 index 000000000..eed488c3a --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-managed-creation.adoc @@ -0,0 +1,61 @@ += Troubleshooting Managed Omni Gateway Creation +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +When creating and deploying a Managed Omni Gateway instance, you might encounter issues. Check these topics for possible causes and solutions. + +* xref:add-button-missing[Add Managed Omni Gateway Button is Missing] +* xref:add-button-disabled[Add Managed Omni Gateway Button is Disabled] +* xref:private-space[Private Space Not Available] + + +[[add-button-missing]] +== Add Managed Omni Gateway Button is Missing + +The *Add Managed Omni Gateway* button in Runtime Manager might be missing because the selected business group does not have Managed Omni Gateway resources. Instead you see a "Start protecting your APIs with Managed Omni Gateways" message and a *Create a Self-Managed Omni Gateway* button. + +Check Your Business Group Managed Omni Gateway Resources:: + +. Navigate to *Access Management > Subscription > Runtime Manage Subscription*. If your subscription tier doesn't include *Small Managed Omni Gateways* and *Large Managed Omni Gateways* resources, contact your MuleSoft representative for more information. + + +. If your business group shows quantity *0/0 in use* or shows *Reassigned* for *Small Managed Omni Gateways* or *Large Managed Omni Gateways*, try redistributing Managed Omni Gateway resources from one organization or business group to your selected business group. See xref:access-management::business-groups.adoc#redistribute-resources[Redistribute Resources Between Existing Business Groups]. + +[[add-button-disabled]] +== Add Managed Omni Gateway Button is Disabled + +The *Add Managed Omni Gateway* button in Runtime Manager might be disabled due to quota limitations or insufficient permissions. This issue occurs if you reach the maximum number of Managed Omni Gateways allowed for all sizes in your organization or if you don't have the required _Manage Servers_ and _Read Servers_ Runtime Manager permissions . + +Check Managed Omni Gateway quotas for your organization:: + +. In Anypoint Platform, go to *Access Management*. +. Click *Runtime Manager* in *Subscription* section of the side navigation panel. +. Review the Managed Gateway quotas to determine if the quota has been exhausted for all Managed Omni Gateway sizes. + +To deploy more Managed Omni Gateways, delete existing gateways or upgrade to a subscription plan with a higher quota. + +Verify your permissions:: + +In Access Management, ensure that you have the required _Manage Servers_ and _Read Servers_ Runtime Manager permissions. + +Your Anypoint Platform Admin can add these permissions in Access Management. +For more information, see xref:access-management::configure-teams.adoc#manage-team-permissions[Manage Team Permissions]. + + +[[private-space]] +== Private Space Not Available + +When creating a new Managed Omni Gateway, if you don't see the desired Private Space in the *Deployment Target* list, you might not have the necessary permissions for that Private Space. + +Verify the Private Space permissions:: + +. In Runtime Manager, access the details of the Private Space you are trying to use. +. Navigate to the *Environments* tab. +. Confirm that the target organization and environment are within the allowed environments for that private space. + +If necessary, update the Private Space Environments configuration to include the target organization and environment: + +. Modify the Private Space *Environments* configuration to include the target organization and environment. +. Wait a few minutes for the changes to propagate and be reflected in the *Deployment Target* list. diff --git a/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-managed-maintenance.adoc b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-managed-maintenance.adoc new file mode 100644 index 000000000..c119c2f2d --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-managed-maintenance.adoc @@ -0,0 +1,45 @@ += Troubleshooting Managed Gateway Maintenance +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +When viewing or maintaining Anypoint Managed Omni Gateway instances, you might encounter issues. Check these topics for possible causes and solutions. + +* xref:gateway-metrics-not-showing[Missing Gateway Metrics] +* xref:cant-change-gateway-properties[Gateway Properties Not Editable] +* xref:timeout-while-waiting-for-update[Timeout While Waiting for Update] +* xref:gateway-missing-disabled[Gateway is Missing or Disabled] +* xref:same-path-error[API Path Conflict] + +[[gateway-metrics-not-showing]] +== Missing Gateway Metrics + +In Runtime Manager, if you can't see metrics for your gateway from the Managed Omni Gateway dashboard, verify that you have the _Usage Viewer_ permission. + +Verify your permissions:: + +Check your assigned roles and permissions in Access Management to verify that you have the required _Usage Viewer_ Runtime Manager permission. + +Your Anypoint Platform Admin can add these permissions in Access Management. +For more information, see xref:access-management::configure-teams.adoc#manage-team-permissions[Manage Team Permissions] . + +[[cant-change-gateway-properties]] +== Can't Change Gateway Properties + +You can't edit some Managed Omni Gateway properties, such as *Gateway Name*, *Deployment Target*, and *Flow plans*, after the gateway instance is created. To change these properties, you must delete and recreate your Managed Omni Gateway with the desired values. + +[[timeout-while-waiting-for-update]] +== Timeout While Waiting for Update + +If your Managed Omni Gateway update or deletion is stalled, refresh the status and check again in a few minutes. Delays might happen when the Anypoint Platform is handling a lot of traffic. + +[[gateway-missing-disabled]] +== Gateway is Missing or Disabled in API Manager + +When adding an API instance to a gateway, if you don't find your Managed Omni Gateway in the API Manager *Select a gateway* list or the Managed Omni Gateway is disabled, view the gateway status in Runtime Manager to ensure the gateway is running. If the gateway status isn't *Running*, fix the probelm from Runtime Manager. If the gateway status is *Running* but still unavailable in API Manager, there might be a cluster issue, and you should contact MuleSoft Support for assistance. + +[[same-path-error]] +== API Path Conflict + +When an API to a Managed Omni Gateway, if you see the *This path conflicts with another API* error in API Manager, you must choose a different base path. Each API instance in an Omni Gateway must be unique within the gateway. To fix this problem, change the API path to a unique value or edit the path of the other API instance. Click *API* in the error message to view and edit the API instance with the conflicting path. \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-platform-connection.adoc b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-platform-connection.adoc new file mode 100644 index 000000000..80158105c --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-platform-connection.adoc @@ -0,0 +1,51 @@ += Troubleshooting Platform Connections +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +When configuring Omni Gateway, it is possible for the Omni Replica's `registration.yaml` to be absent or for the replica to lose its connection to Anypoint Platform. + +To troubleshoot whether a registration file is present and whether Omni Gateway can make platform connections, use the following command: + +[source,ssh] +---- +flexctl check connections +---- + +The `flexctl check connections` command first ensures that a `registration.yaml` file is present. Then it checks whether the replica can connect to the URLs defined in the registration file. If the `flexctl check connections` command is successful, it returns the following `info` message: + +---- +$ flexctl check connections +[flexctl][info] Connection to platform endpoints successful. +---- + +== No Registration File Found + +If the `registration.yaml` file isn't found, Omni Gateway returns the following error message: + +---- +$ flexctl check connections +Error: no registration config +---- + +To troubleshoot an absent registration file, check your Omni Replica configuration folder. To learn more about registering an Omni Gateway, see following section for your relevant mode: + +* xref:flex-conn-reg-run.adoc[] +* xref:flex-local-reg-run.adoc[] + +== Failed Connection + +There are multiple reasons why Omni Gateway might experience connection issues, such as an error in the gateway's environment or a network issue. How you troubleshoot your error depends on the error returned. + +If Omni Gateway can't connect to a specific URL, it returns an error message that includes the unreachable URL and the error message returned from the connection attempt. The following error message is an example of an error returned due to no internet connection: + +---- +$ flexctl check connections +Error: failed connecting to https://anypoint.mulesoft.com/: dial tcp 52.22.227.22:443: connect: network is unreachable +---- + +== See Also + +* xref:flex-troubleshoot-reg.adoc[] +* xref:flex-troubleshoot-requests.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-reg.adoc b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-reg.adoc new file mode 100644 index 000000000..5c736adba --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-reg.adoc @@ -0,0 +1,37 @@ += Troubleshooting Registration Issues +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +When registering Anypoint Omni Gateway, you might encounter issues caused by incorrect access permissions, and so on. The following topics provide possible causes for registration issues and describe how to troubleshoot: + +* <> + +[[no-permissions]] +== Performing Registration as a User Without Necessary Access Permissions + +Executing the registration command without having correct permissions can result in an error: +---- +Couldn't execute register command successfully: rpc error: code = Internal desc = handler returned neither error nor response message +---- + +=== Cause + +This issue occurs when the credentials that you provide for registration do not have the required permissions. + +=== Solution + +To resolve this error, perform the following steps: + +. Navigate to *Access Management* as the organization administrator. +. Select *Users* from the main menu. +. Select the target organization user from the *Users* menu. +. From the *Permissions* tab, select *Runtime Manager*. +. Specify the environment in which to apply your permissions. +. Select the following from the *Select access* dropdown menu: +* _Manage Servers_ +* _Read Servers_ +. Click the *+* button. + +Re-running the registration command should now result in success. diff --git a/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-regex.adoc b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-regex.adoc new file mode 100644 index 000000000..571a2d5e5 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-regex.adoc @@ -0,0 +1,10 @@ += Troubleshooting Regular Expression Compatibility Issues + +Troubleshoot compatibility issues that occur when using regular expressions: + +* <> + +[[troubleshoot-negative-lookaheads]] +== Negative Lookaheads + +Omni Gateway conforms to https://github.com/google/re2/wiki/Syntax[Google RE2 regular expression syntax^], which does not support negative lookaheads. diff --git a/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-requests.adoc b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-requests.adoc new file mode 100644 index 000000000..43678272f --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot-requests.adoc @@ -0,0 +1,89 @@ += Troubleshooting Request Connection +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +When configuring and running Omni Gateway, you might encounter connection issues. + +To troubleshoot these issues, use the `flexctl check http` command. This command makes direct requests to both the outbound connection between the upstream service and Omni Gateway and the inbound connection between Omni Gateway and the client. Making direct requests isolates Omni Gateway connections, which allows you to localize the issue. + +The following diagram demonstrates the difference between inbound and outbound requests. + +image:flex-inbound-outbound-requests.png[Inbound connections are between the client and Omni Gateway and outbound connections are between Omni Gateway and the upstream service, align=center] + +== Outbound Requests Between Omni Gateway and the Upstream Service +Isolating the connection between the upstream service and Omni Gateway enables you to test for connection between the two. + +To make a direct outbound request to the upstream service: + +. Log into the Omni Gateway container or VM: + +* Linux: ++ +[source,ssh] +---- +ssh [-i sshkey.pem] @ +---- + + +* Docker: ++ +[source,ssh] +---- +docker exec -it bash +---- + + +* Kubernetes: ++ +[source,ssh] +---- +kubectl -n exec -it -- bash +---- + +. Make a request to the upstream service: ++ +[source,ssh] +---- +flexctl check http -X=POST -d='{\"key\": \"value\"}' -H='Authorization:token' +---- + +== Inbound Requests Between the Client and Omni Gateway + +Isolating the connection between Omni Gateway and the client enables you to test if the connection issue is due to a load balancer or another system added between Omni Gateway and the client. + +To make a direct inbound request to the client: + +. Log into the Omni Gateway container or VM: + +* Linux: ++ +[source,ssh] +---- +ssh [-i sshkey.pem] @ +---- + + +* Docker: ++ +[source,ssh] +---- +docker exec -it bash +---- + + +* Kubernetes: ++ +[source,ssh] +---- +kubectl -n exec -it -- bash +---- + + +. Make a request to Omni Gateway: ++ +[source,ssh] +---- +flexctl check http -X=POST -d='{\"key\": \"value\"}' -H='Authorization:token' http://localhost:/ +---- \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-troubleshoot.adoc b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot.adoc new file mode 100644 index 000000000..96f5c7a50 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-troubleshoot.adoc @@ -0,0 +1,25 @@ += Troubleshooting Omni Gateway +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +When you perform Anypoint Omni Gateway tasks, you might encounter issues or receive error messages. These topics help you resolve these issues: + +== Troubleshooting Managed Omni Gateway + +* xref:flex-troubleshoot-managed-creation.adoc[] +* xref:flex-troubleshoot-managed-maintenance.adoc[] + +== Troubleshooting Self-Managed Omni Gateway + +* xref:flex-troubleshoot-debug-logs.adoc[] +* xref:flex-troubleshoot-reg.adoc[] +* xref:flex-troubleshoot-linux-permissions.adoc[] +* xref:flex-troubleshoot-platform-connection.adoc[] +* xref:flex-troubleshoot-logging.adoc[] +* xref:flex-troubleshoot-linux-services.adoc[] +* xref:flex-troubleshoot-admin-api.adoc[] +* xref:flex-troubleshoot-requests.adoc[] +* xref:flex-troubleshoot-docker.adoc[] +* xref:flex-troubleshoot-helm.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-use-api-alerts.adoc b/gateway/1.13/modules/ROOT/pages/flex-use-api-alerts.adoc new file mode 100644 index 000000000..f27970924 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-use-api-alerts.adoc @@ -0,0 +1,210 @@ += Using Omni Gateway API Alerts +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Using API alerts, you can add and configure email notifications that flag unusual API behavior, such as: + +* An API response time over 60 seconds +* More than 1000 API requests in 30 seconds + +See <> below. + +[[types-of-api-alerts]] +== Types of API Alerts + +Add any of the following alerts to notify you of the condition described: + +* Total Request Count: Users request access to the API more times than allowed during a specified time. Specify time interval values from 1 through 999999999. To prevent data bursts, intervals are implemented as sliding windows instead of as absolute minute boundaries. See https://www.techopedia.com/definition/869/sliding-window[Sliding Windows]. + +* Average Response Time: The response time of the API exceeds a specified timeout period. + +* Response Codes: Upon receiving a request, the API returns an HTTP code of 400, 401, 403, 404, 408, 500, 502, or 503 or a custom three-digit response. + +* Policy Violation: An infraction of a specified policy governing the API occurs. + +== How API Alerts Work + +API alerts are triggered only when: + +* The API state changes ++ +Note that the first occurrence of a state change might go undetected if a newly created alert does not include defined states. + +* The alert conditions are met for the specified period of time ++ +For example, if an alert is configured to trigger when an API returns an HTTP code of 500 five or more times within a 10-minute period, it does not trigger if the API returns a code of 500 only once within that 10-minute period. + +When configuring an API alert, you can select business group users and users outside your organization to receive email notifications about the alert. Notifications include information about events that trigger alerts as specified by severity level. + +[NOTE] +API Alerts are sent from `no-reply@mulesoft.com`. This cannot be customized. + +* The first email describes the alert: ++ +`Your API, CesarDemoAPI - Basic:151 (Environment: "NewOne"), has received greater than 2 requests within 1 consecutive periods of 1 minutes.` ++ +* Another email notifies you when the alert is resolved: ++ +`Your API Version, jsonplaceholderapi - 1.0.development, is no longer in an alert state. The number of policy violations was not greater than 1 in the last 1 consecutive periods of 1 minutes.` + +After the first set of two notification emails is sent, API Manager stops listening for alerts until the next alert period begins. This technique prevents repeated notification emails. + +== Before You Begin + +To view and delete alerts, ensure that you have: + +* *Manage Alerts* permission to view and delete API alerts. +* *View Alerts* permission for view-only access to alerts. + +[[add-api-alerts]] +== Add API Alerts + +To track and manage APIs, you can add one or more API alerts to your API instances. Add different <> based on your requirements. + +The following table explains the number of active alerts per API instance: + +include::reuse::partial$billing/pricing.adoc[tag=apiAlerts] + +All subscriptions enable you to have as many non-active alerts as needed. + +Pausing or deleting an active alert enables you to create new alerts if you have reached the maximum number of active alerts. + +Alerts are enabled by default when created. This setting cannot be modified. + +NOTE: Alerts cannot be added to API instances protected by xref:api-manager::automated-policies-landing-page.adoc[automated policies]. + +To add an API alert: + +. Navigate to *API Manager* > *API Instances* and click the API instance for which you want to add an alert. +. From the left navigation pane, select *Alerts* > *New alert*. +. Specify values for the displayed alert options: +* *Name*: ++ +Type an alert name, for example, `trial-alert`. You can delete an alert anytime if not required. +* *Severity*: ++ +Select a severity for the alert: + +** *Info* ++ +Assign to alerts that do not require immediate attention when triggered. This severity indicates that the metric should be passively monitored. +** *Warning* ++ +Assign to alerts that require prompt attention when triggered. This severity indicates an alert should be closely monitored. +** *Critical* ++ +Assign to alerts that require immediate attention when triggered. This severity indicates an alert should receive an immediate response. +. Specify the alert conditions: +* *Metric* ++ +Condition that triggers the alert. + +* *Logic* ++ +When the alert is triggered, based on the occurrence rate defined in the *When number of occurrences are* and *For at least [number of] minutes* fields. +You can select a maximum of ten response codes for alert conditions. + +. Configure the email notification: + +* *Subject* ++ +Subject of the alert email to send when the alert is triggered. The subject can include variables. See <>. + +* *Message* ++ +Body text for the email to send when the alert is triggered. The message body can include variables. See <>. + +* *Recipients* ++ +Recipients of the alert email. You can select up to 20 platform user IDs and enter up to 20 email addresses. + +. Click *Create*. + +Alerts appear as *Pending* when they are created. After the API receives traffic, the alert changes to a state of *OK*. Depending on the value, the alert transitions to *OK* or *Alerting*. + +=== Alert Email Template + +You can use the following variables in the *Subject* and *Message* fields for basic email alerts. + +For the description of each variable, see <>. + +[%header] +.Variables for Alerts +|=== +| Alert | Applicable Variables + +| *Total Request Count* +.4+a| +* `${severity}` +* `${operator}` +* `${threshold}` +* `${period}` +* `${value}` +* `${condition}` +* `${organization}` +* `${environment}` +* `${apiLink}` +* `${dashboardLink}` +* `${api}` +* `${policy}` + +| *Average Response Time* +| *Response Codes* +| *Policy Violations* + + +|=== + +[[alert-variables]] + +[%header%autowidth.spread] +[[alert-variables]] +.Variable Definitions +|=== +|Variable |Definition +|`${apiLink}`|URL of the triggered API +|`${alertState}`|State of the alert when it was triggered. + +Available values are `OK` or `Alerting`. +|`${comparison}`|* Above, above or equal, equal, below or equal, below +|`${condition}`|Metric for which the alert is triggered +|`${environment}`|Name of the environment in which the resource is deployed +|`${operator}` |An operator, such as `< > =` +|`${organization}` |Name of the organization that owns the alert +|`${period}` |Period of time over which to measure +|`${severity}` | Severity of the alert +|`${threshold}` |Count over the period of time that triggers the alert +|`${value}` | Value of the metric that triggers the alert +|=== + +[[enabling-alerts]] + +== Pause and Edit API Alerts + +Pausing an alert causes the alert to transition to *Paused*. + +You can also edit an existing alert by following these steps: + +. In API Manager, click *API Instances* in the left navigation bar. +. Click the API instance and version that you want to edit and then click *Alerts*. +. Click *Edit* from the three-dots menu (image:three-dots-menu.png[5%,5%]) on the alert you want to edit. ++ +image::flex-alerts-edit.png["A table that shows the name of the alert, the metrics it is based on, the severity, the state, and whether the alert is enabled"] + +== View and Delete Alerts + +To view and delete alerts: + +. From API Manager, click *API instances* +. Click the API instance whose alert you want to delete. +. Select *Alerts*. ++ +image::view-add-alert.png["A table of API service contract alerts with an expanded alert named 'Test fail alert'"] ++ +. Expand an alert in the list. ++ +Details about the alert options appear. ++ +. Click *Delete* from the three-dots menu (image:three-dots-menu.png["Three dots aligned vertically as a menu",5%,5%]) on the alert you want to delete. You can also delete an alert when editing it. diff --git a/gateway/1.13/modules/ROOT/pages/flex-view-logs-in-monitoring.adoc b/gateway/1.13/modules/ROOT/pages/flex-view-logs-in-monitoring.adoc new file mode 100644 index 000000000..082c78f0e --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-view-logs-in-monitoring.adoc @@ -0,0 +1,18 @@ += Viewing Self-Managed Runtime and Access Logs in Anypoint Monitoring +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:page-aliases: runtime-manager::flex-gateway-monitoring.adoc +:imagesdir: ../assets/images + +Use Anypoint Monitoring to see both runtime and access logs. Use the Anypoint Monitoring filtering to see different detailed logging views. + +To access Anypoint Monitoring from the Runtime Manager Omni Gateway UI: + +. From Anypoint Platform, select *Runtime Manager*. +. Select *Omni Gateways* in the navigation menu. +. Click the name of the Omni Gateway whose logs you want to view. +. Click *Logs*. +. Click *View logs in Anypoint Monitoring*. ++ +This action takes you to the Anypoint Monitoring UI. \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-view-logs-in-runtime-manager.adoc b/gateway/1.13/modules/ROOT/pages/flex-view-logs-in-runtime-manager.adoc new file mode 100644 index 000000000..6d61c6708 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-view-logs-in-runtime-manager.adoc @@ -0,0 +1,21 @@ += Viewing Runtime Logs in Runtime Manager in Connected Mode +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +Use Runtime Manager to view the runtime logs of your Omni Gateway. Runtime Manager enables you to search for keywords within the logs and to filter by *Replica*, *Time Range*, and *Log Level*. + +Runtime Manager stores up to 100 MB of logs per Omni Gateway for 30 days. Runtime Manager automatically purges logs that go beyond 100 MB per Omni Gateway. If you need more storage, either use Anypoint Monitoring to access these logs (Titanium subscription required) or use a third-party logging service. + +To access Omni Gateway runtime logs in Runtime Manager: + +. From Anypoint Platform, select *Runtime Manager*. +. Select *Omni Gateways* in the navigation menu. +. Click the name of the Omni Gateway whose logs you want to view. +. Click *Logs*. + +== See Also + +* xref:flex-view-logs-in-monitoring.adoc[] +* xref:flex-conn-third-party-logs-config.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/flex-view-replica-status.adoc b/gateway/1.13/modules/ROOT/pages/flex-view-replica-status.adoc new file mode 100644 index 000000000..27dd73e22 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/flex-view-replica-status.adoc @@ -0,0 +1,52 @@ += Viewing the Replica Status in Runtime Manager +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:page-aliases: runtime-manager::flex-gateway-replica-status.adoc +:imagesdir: ../assets/images + +In Runtime Manager, you can view the status of groups of Omni Replicas and individual Omni Replicas. + +== Groups of Omni Replicas + +To view information about the status of groups of Omni Replicas: + +. From Anypoint Platform, select *Runtime Manager*. +. Select *Omni Gateways* in the navigation menu. + +By default, all Omni Gateways regardless of their status are shown. To filter by status, click the *Any Status* arrow and the status you want to filter. + +The *Name* column lists the name and the number of connected replicas. + +The *Status* column shows the connection status for the replicas associated with a particular gateway. + +The following table describes the meaning of each status for a group of replicas: + +[%header,cols="30a,70a"] +|=== +|Status | Group of Replicas +|Running | At least one replica is connected to the platform and can serve traffic. +|Not Running | There are no replicas connected to the platform and no information on whether they are serving traffic. +|=== + +== Individual Omni Replicas + +To view information about the status of individual replicas: + +. From Anypoint Platform, select *Runtime Manager*. +. Select *Omni Gateways* in the navigation menu. +. Select the name of the Omni Gateway whose individual replica statuses you want to view. + +The *Status* column in the list of replicas shows the connection status for that particular replica. + +The following table describes the meaning of each status for a single replica: + +[%header,cols="30a,70a"] +|=== +|Status |Single Replica +|Running | The replica is connected to the platform and can serve traffic. +|Not Running |The replica is not connected to the platform. There is no information on whether it is serving traffic. Disconnected replicas are deleted after seven days. +|=== + +== See Also + +* xref:flex-conn-view-api-status.adoc[View the API Status in Runtime Manager] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/index.adoc b/gateway/1.13/modules/ROOT/pages/index.adoc new file mode 100644 index 000000000..355c535e1 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/index.adoc @@ -0,0 +1,214 @@ += Omni Gateway Overview +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:page-aliases: gateway::flex-shared-responsibility.adoc, runtime-manager::flex-gateway-about.adoc, runtime-manager::flex-gateway-modes.adoc + +Anypoint Omni Gateway is an Envoy-based, ultrafast lightweight API gateway designed to manage and secure APIs running anywhere. Built to seamlessly integrate with DevOps and CI/CD workflows, Omni Gateway delivers the performance required for the most demanding applications and microservices while providing enterprise security and manageability across any environment. + +The following video provides a quick overview of Omni Gateway: + +++++ +include::_partials/product-spotlight-video.html[] +++++ + +== Omni Gateway Architecture + +Omni Gateway comprises two components that work in tandem: + +* <> +* <> + +The following graphic diagrams the relationship between these components: + +image::gateway-concepts-control-plane-diagram.png["A flowchart that illustrates the deployment and management of APIs",width=100%] + +[[control_plane]] +=== Control plane + +The control plane is a MuleSoft-hosted platform that centralizes management and observability, enabling you to: + +* Build APIs. +* Add policies. +* Deploy APIs into the runtime. +* Monitor APIs in Anypoint API Manager. +* Configure the runtime in Anypoint Runtime Manager. + +[[runtime]] +=== Runtime + +The gateway runtime receives commands from the control plane and routes and protects the backend APIs. Built with security in mind, Omni Gateway secures communications between the runtime and the control plane through mTLS and HTTPs. + +== Scaling + +A single Omni Gateway can support up to {gateway-api-max} backend APIs. For high availability, it is best to deploy multiple gateways running in parallel. Deploying multiple gateways increases gateway performance and robustness, and is recommended for high-performance applications that must scale. + +== Supported Protocols + +Omni Gateway supports the following protocols: + +* HTTP +* SOAP +* gRPC +* OAS3 REST API instances +* Model Context Protocol (MCP) +* Agent2Agent (A2A) + +== Deployment Types + +You can deploy Omni Gateway as a Managed or Self-Managed Omni Gateway. Managed Omni Gateway provides a fully managed option on CloudHub 2.0 or Runtime Fabric, and Self-Managed Omni Gateway provides more options and control. + +* <> +* <> + +[[managed]] +=== Managed Omni Gateway + +Managed Omni Gateway is a fully hosted version of Omni Gateway on CloudHub 2.0 or Runtime Fabric, hosted and managed on the Anypoint Platform by MuleSoft. Managed Omni Gateway provides high availability, autoscaling, less operational overhead, and regular automatic patches and upgrades. It is designed to simplify API gateway operation through point-and-click setup, and monitoring, and MuleSoft handles the maintenance and infrastructure. + +In Managed Omni Gateway, each runtime unit is called a gateway instance. + +[[self_managed]] +=== Self-Managed Omni Gateway + +Self-Managed Omni Gateway is a distributed runtime entity that you can install in any cloud data center or, for testing purposes, on your local laptop. Self-Managed Omni Gateway requires you to manage the underlying infrastructure. Various installation options are available for the Self-Managed Omni Gateway, including Docker containers, as a sidecar to a backend application in a Docker container, as a Kubernetes Deployment, or on various Linux environments. + +In Self-Managed Omni Gateway, each runtime unit is called a replica. For high availability, it is best to deploy Self-Managed Omni Gateway as a cluster with multiple replicas running in parallel. Using clusters increases gateway performance and robustness, and is recommended for high-performance applications that must scale. + +Self-Managed Omni Gateway includes a Fluent Bit implementation, which enables log output to local files, or to aggregators such as New Relic, Sumo Logic, and Splunk. You can also configure external REDIS storage for use with distributed rate limiting and caching. Gateway replicas utilize this storage as a temporary workspace for rate limit coordination, which is pivotal in preserving customer service level agreements. + +Self-Managed Omni Gateway can be installed in either of these two modes: + +* <> +* <> + +[[connected_mode]] +=== Self-Managed Omni Gateway in Connected Mode +In Connected Mode, the gateway is fully connected to the MuleSoft control plane. This connection allows for centralized management, observability, and security. Anypoint API Manager enables full API lifecycle management and policy configuration. Anypoint Runtime Manager enables you to deploy and configure your gateway. + +Choose Connected Mode for a UI-based experience to deploy policies, and for managing and monitoring the gateway. + +[[local_mode]] +=== Self-Managed Omni Gateway in Local Mode + +You can also configure and manage a standalone gateway that is mostly disconnected from the control plane. Choose Local Mode for this experience. + +[NOTE] +Omni Gateway deployed in Local Mode only connects to the control plane for registration and logging usage metrics. + +In Local Mode, you manage all configuration and policy applications with locally stored declarative configuration files. + +Use Local Mode to build CI/CD pipelines for application deployments. + +=== Summary of Differences + +The following table summarizes the differences between Connected Mode and Local Mode. + +[%header%autowidth.spread,cols="a,a,a"] +|=== +| | Connected Mode | Local Mode + +| *Use Case* +| Centralize management, observability, and security. Omni Gateway connects to the control plane. +| Operate independently of the control plane in a mostly disconnected manner. Manage with locally stored declarative configuration files. Build CI/CD pipelines. + +| *Policy Application* +| Via API Manager +| Via local declarative configuration files + +| *Air-Gapped?* +| No. Omni Gateway is connected to the control plane. +| No. Omni Gateway is managed locally but only connected to the control plane for registration and usage metrics. + +|=== + +[[installation-options]] +== Deployment and Installation Options + +=== Managed Deployment Options + +You can deploy Managed Omni Gateway on CloudHub 2.0 and Runtime Fabric using Runtime Manager. For details see xref:flex-gateway-managed-set-up.adoc[]. + +=== Self-Managed Installation Options + +You can install Self-Managed Omni Gateway in a variety of ways: + +* A standalone runtime in a Docker container deployed on Heroku from Salesforce ++ +To learn more, see https://blog.heroku.com/mastering-api-integration-salesforce-heroku-mulesoft-anypoint-flex-gateway[Mastering API Integration: Salesforce, Heroku, and MuleSoft Anypoint Omni Gateway]. + +* A standalone runtime in a Docker container + +* A sidecar to a backend application in a Docker container, thereby protecting a single backend application + +* A Kubernetes `Deployment` for high-availability, high-performance use cases + +* An OpenShift on IBM Power `Deployment` for high-availability, high-performance use cases + +* A standalone single runtime or replica on various Linux environments, including: + +** {empty} +include::partial$prerequisites.adoc[tag=amazon-linux] + +** {empty} +include::partial$prerequisites.adoc[tag=centos] + +** {empty} +include::partial$prerequisites.adoc[tag=debian] + +** {empty} +include::partial$prerequisites.adoc[tag=red-hat] + +** {empty} +include::partial$prerequisites.adoc[tag=red-hat-ibm] + +** {empty} +include::partial$prerequisites.adoc[tag=ubuntu] + +A standalone gateway is good for protecting a limited number of APIs with low transaction volume. However, for other scenarios, or if high availability and reliability are critical, consider using an Ingress controller in Kubernetes. + +== Version Retirement Dates + +For information about Omni Gateway version retirement dates, refer to https://www.salesforce.com/en-us/wp-content/uploads/sites/4/documents/legal/Agreements/versioning-back-support-policy.pdf[MuleSoft Product Versioning and Back Support Policy]. + +== Shared Responsibility + +The successful operation of Omni Gateway is a responsibility shared between you and MuleSoft. + +=== MuleSoft Responsibility + +MuleSoft is responsible for: + +* Providing and supporting Omni Gateway (including the agent, Envoy package, and Fluent Bit package) +* Providing and supporting a base Helm chart for the installation of Omni Gateway in a Kubernetes cluster +* Providing and supporting an online Docker image registry +* Providing and supporting an online package repository for installation on Linux + +=== Your Responsibility + +When running on any target, you are responsible for: + +* Maintaining connectivity to the Anypoint Control Plane +* Not running third-party software that interferes with normal Omni Gateway operation, such as antivirus, DPI, or application security systems + +When running in Kubernetes, you are responsible for: + +* Adapting the base Helm chart for your specific needs +* Managing the Kubernetes `Deployment`, including: +** External load balancing +** Customizations to `Ingress` resources +** Log forwarding +** Monitoring +** Network ports, NAT gateways, and proxies +** Container runtime and networking +** Provisioning and management of the Kubernetes environment, which requires: +*** Your IT team to provision and manage the infrastructure +*** Your network team to configure allowed ports and proxy settings +*** Your security team to verify compliance and obtain security certificates + +See xref:general::usage-reports.adoc[Viewing Usage Reports] for information about your monthly Omni Gateway usage. + +== Next Steps + +* xref:flex-gateway-getting-started.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/policies-automated-applying.adoc b/gateway/1.13/modules/ROOT/pages/policies-automated-applying.adoc new file mode 100644 index 000000000..f4b2dccd0 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-automated-applying.adoc @@ -0,0 +1,117 @@ += Applying Automated Inbound Policies +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:page-aliases: api-manager::automated-policy-apply.adoc, policies::policies-automated-applying.adoc + +Users with *Organization Admin*, *Environment Admin*, or with a role to *Manage Policies* in the environment can create, edit and delete Automated Policies. + +NOTE: Automated policies are only supported in the inbound direction. + +// == Task Prerequisites +// +// Before you apply an automated policy, ensure that: +// +// * Mule runtime engine (Mule) is installed with xref:api-manager::api-gateway-capabilities-mule4.adoc[Mule Gateway capabilities] enabled. +// * An xref:api-manager::api-instance-landing-page.adoc[API] configured with a basic endpoint or a proxy endpoint exists in API Manager. +// * A Mule application is deployed with a xref:connectors::http/http-listener-ref.adoc[HTTP(s) based flow], which is linked to the API through Autodiscovery. +// + +// When Autodiscovery is correctly configured in your Mule application, your application’s API is said to be tracked by or paired to API Manager. +// +// Autogenerated proxies handle these prerequisites in most cases. Mule Gateway reconciles the automated policies applied to an API in API Manager during runtime. + +== Apply an Automated Policy in Connected Mode + +To apply an automated policy: + +. In API Manager, select *Automated Policies* from the left navigation menu. +. Click *Apply new automated policy*. +. Select the provided policy that you want to configure as a provided policy. ++ +You can configure any included policies as an automated policy. ++ +See the xref:policies-included-directory.adoc[] to learn how to configure each one of them, or xref:policies-custom-overview.adoc[] to learn how to create one. +// + +// When configuring an automated policy, at the bottom of the policy configuration page, there is a *Rule of Applications* sub-section. This dictates the set of runtimes that will be affected by the policy: +// +// * *Apply to all supported runtimes (4.1.1 and above)*. + +// All API proxies based on Mule 4.1.1 and later will be affected by the policy. +// * *Apply to a specific set of runtimes*. + +// You can configure a range of runtime versions to inherit the automated policy. + +// For example, if the input From is 4.1.2 and the To value is 4.1.4, the automated policy will be applied to all deployed APIs inside this range. An API deployed on 4.1.5 won’t be affected by the policy. +// + +// You can include values such as `4.1.x`. For example, adding a range from 4.1.1 to 4.1.x covers all runtime patch releases. An API Proxy based on 4.1.0 will not be included in this range, because it's lower than the 4.1.1 "from value." ++ +If you are configuring a type of policy that also exists as a provided policy in an API proxy affected by your rule of application, you'll need to solve the conflict before continuing. Refer to the <> section below for more information on how to solve them. +. Click *Apply* + +[TIP] +It’s recommended to apply an automated policy in a lower environment before applying in a production environment and ensure to review that an automated policy doesn't affect the existing API contracts. + +=== Conflict Management + +Since automated policies have priority over API-level policies, when adding an automated policy that it is already applied as an API-level policy, on an API deployed using the selected runtime range, a conflict results. + +When a conflict is detected, a popup with the list of conflicting APIs displays. A message will be shown with the first 10 APIs with conflicts and the total amount. You can use this endpoint to access the list of all APIs: + +[source,CURL,linenums] +-- +curl -X GET \ +https://anypoint.mulesoft.com/xapi/v1/automated-policies/{groupId}/{assetId}/conflicting-apis \ +-H 'Authorization: Bearer {token}' +-- + +To solve conflicts, you can either select the APIs from the list of already configured APIs and manually disable or remove the conflicting policy or choose to override all conflicting policies for the already configured APIs. If this last option is chosen the conflicting policies in the APIs will be disabled. If Automated Policy is removed, the API policy will be re-enabled automatically. + +=== Deploying New APIs + +When managing new APIs, you can see information regarding the status of the automated policies applied to your environment in the *Policies* tab. No automated policies are shown until the application is in Active status. + +After the application is deployed, a list of applied automated policies will be listed in the *Policies* tab of the API. + +Users with *View Policies* role for the environment will able to see the list of automated policies applied. +// + +// If an application is deployed to an environment which has an automated policy that doesn't cover the deployed runtime, for example with an automated policy affecting a runtime range from 4.1.2 to 4.1.4, and a user deploys to a 4.1.5 runtime, a notification will be sent to the organization, and environment administrators, to let them know of this activity. + +=== Viewing Coverage Status + +View the *Coverage status* of an instance to see if an automated policy covers your instance or why it doesn't. Typically, instances are not covered due to their runtime type or runtime version. + +To view what API instances are covered by an automated policy: + +. Navigate to *Anypoint Platform* > *API Manager*. +. In *API instances* or *Agent and Tool Instances*, click *Automated Policies*. +. Click the more options button (image:more-options-menu.png["Three circles displayed horizontally, representing the More Options menu",1%,1%]) of the policy whose coverage you want to view, and then click *See covered APIs*. +. View the API instance's coverage status in the *Coverage status* column. + +NOTE: To filter by coverage status, click the coverage status dropdown and select a coverage status option. + +=== Auditing Applied Policies + +It is possible to audit and get a list of all affected APIs by an automated policy. Reports can be filtered by runtime version, and by an operation. + +To get the list of all automated policies in an environment: + +[source,curl,linenums] +-- +curl -X GET \ +https://anypoint.mulesoft.com/apimanager/api/v1/organizations/{organizationId}/automated-policies?environmentId={envId} \ + -H 'Authorization: Bearer {token}' +-- + + +To get the list of APIs included in the range of automated policy or APIs where the automated policy is not applied. + +[source,curl,linenums] +-- +curl -X GET \ +https://anypoint.mulesoft.com/apimanager/api/v1/organizations/{organizationId}/automated-policies/{automatedPolicyId}/apis \ +-H 'Authorization: Bearer {token}' +-- + +== Apply an Automated Policy in Local Mode + +For information about applying an automated policy for Omni Gateway running in Local Mode, see xref:flex-local-secure-api-with-auto-policy.adoc[]. + +== See Also + +* xref:policies-automated-overview.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/policies-automated-overview.adoc b/gateway/1.13/modules/ROOT/pages/policies-automated-overview.adoc new file mode 100644 index 000000000..03d08fbc2 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-automated-overview.adoc @@ -0,0 +1,20 @@ += Automated Policies +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:page-aliases: api-manager::automated-policies-landing-page.adoc, policies::policies-automated-overview.adoc + +Use automated policies to enforce security and logging requirements by applying the same policies to all APIs running in Omni Gateway. With policy automation, you can quickly design, build, and deploy secure and consistent APIs. + +Automated policies enable you to deploy APIs with confidence because the target environment automatically enforces critical policies, resulting in reduced errors. An administrator no longer needs to remember to insert a policy to enforce common standards manually. + +You can configure all xref:policies-included-directory.adoc[included policies] and xref:policies-custom-overview.adoc[custom policies] as automated policies and apply them to the APIs running in an environment. + +[NOTE] +==== +xref:flex-use-api-alerts.adoc[Alerts] cannot be added to API instances protected by automated policies. +==== + +== See Also + +* xref:policies-automated-applying.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/policies-custom-flex-getting-started.adoc b/gateway/1.13/modules/ROOT/pages/policies-custom-flex-getting-started.adoc new file mode 100644 index 000000000..68ce45b77 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-custom-flex-getting-started.adoc @@ -0,0 +1,211 @@ += Publish an Omni Gateway Custom Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:page-aliases: policies::policies-custom-flex-getting-started.adoc + +include::partial$pdk-banner.adoc[tag=pdk] + +The following steps are the high-level workflow for publishing custom policies for Anypoint Omni Gateway: + +. Create policy definition files. +. Publish policy definition asset to Exchange. +. Create implementation files. +. Add policy implementation to the published policy definition. + +== Before You Begin + +Before you can publish a custom policy for Omni Gateway, ensure you have administrator or contributor permission for Anypoint Platform. + + +[[create-policy-definition-files]] +== Create Policy Definition Files + +A JSON and a YAML policy definition file must be created before you can upload the policy implementation. The required files are JSON and YAML. + +The JSON file specifies the interface for the policy using JSON schema language. The JSON file is used by API Manager to render the UI. + +The YAML file provides metadata regarding the policy for example, the policy category, interface scope, required characteristics, and RAML/OAS snippets. + +Copy the custom policy definition examples or create the files on your local system. + +=== Create the JSON Schema File + +The JSON schema file specifies the interface for the policy by identifying which properties are required or supported to configure the policy. The file also includes more annotations to refine the type for each property that enables some fields to perform a special behavior in the Anypoint platform. For example, Dataweave validations or secure handling of secrets. + +The JSON file must include the following fields: + +* Top-level @context ++ +References the vocabulary used for the extra type annotations. The aliases used to namespace the vocabulary are a optional. Commonly-used names can be `security` or `config`. ++ +Values for the security and config aliases are: + +** Security: `anypoint://vocabulary/policy.yaml#` +** Config: `anypoint://vocabulary/policyConfigurationsForUI.yaml#`` +* Top-level title +* $schema with a link to the JSON Schema spec (see example) +* Root type of `object` +* Top-level description +* Each property must also include: ++ +** Title ++ +The title is used by API Manager UI to render the field name. +** Description ++ +The description is used by API Manager UI to describe the field. +** Type ++ +Only primitive types are supported, for example `integer`, `string`, `object`, `boolean`, and `array`. + +Each property can include the following: + +* Format ++ +Options are `dataweaveExpression` and `ipRange``. +* Default ++ +Allows the user to enter a default value which is rendered in the UI. +* @context with a @characteristics array ++ +Further refines the type with more annotations with the following options: + +** `config:commaSeparatedValues` ++ +The value of this field results in an array +** `security:sensitive` +Determines whether the property is masked when entering the property in the API Manager UI. + + +The following code is a example of a basic authentication JSON schema: + +---- + + { + "title": "Basic authentication - Simple", + "type": "object", + "description": "Enforces HTTP Basic authentication according to the details configured in the policy.", + "properties": { + "username": { + "title": "User Name", + "type": "string" + }, + "password": { + "title": "User Password", + "type": "string", + "@context": { + "@characteristics": [ + "security:sensitive" + ] + } + } + }, + "required": [ + "username", + "password" + ], + "unevaluatedProperties": false, + "@context": { + "@vocab": "anypoint://vocabulary/policy.yaml#", + "security": "anypoint://vocabulary/policy.yaml#" + }, + "$id": "basic-authentication-simple", + "$schema": "https://json-schema.org/draft/2019-09/schema" +} +---- + +=== Create the Definition Metadata YAML File + +The YAML file provides information about the policy and its requirements. The YAML file is not tied to any specific runtime or binary. + +The file must have these fields configured: + +* Header ++ +Header must be #%Policy Definition 0.1. +* Name ++ +User-friendly name used for to display the policy name in API Manager UI. Must be a string value. +* Description ++ +Must be a string value. + +* Category ++ +Category to which the policy belongs. Used to group and filter policies in API Manager UI. Any string value is valid. For example, `security`, `quality of service`, `compliance`, `troubleshooting`, and `transformation`. + +* Provided Characteristics ++ +A list used to define the characteristics the policy provides. Must be an array of strings. Use `providedCharacteristics: []` to leave empty. + +The following code is an example of a basic authentication definition YAML file: +---- +#%Policy Definition 0.1 +name: Basic authentication - Simple +description: Enforces HTTP Basic authentication according to the details configured in the policy. +category: Security +providedCharacteristics: + - Requires authentication +requiredCharacteristics: [] +interfaceScope: ["api", "resource"] +interfaceTransformation: [] +encryptionSupported: true +violationCategory: authentication +---- + +== Publish Policy Definition Asset to Exchange +After creating the required policy definition files (JSON and YAML), publish the policy definition asset to Exchange. + +See xref:exchange::to-create-an-asset#create-custom-policy-definition-asset[Create a Custom Policy Definition Asset] for more information. + +[[create-implementation-files]] +== Create Implementation Files +The policy implementation files that are required to make the policy available in a runtime are a metadata file and a binary file. The metadata file describes what technology the binary file applies to and from which runtime version. The metadata file must be a YAML file. The binary file contains the policy logic and manages the runtime execution. The file can be a WebAssembly (WASM) for Anypoint Omni Gateway or a JAR file for Mule 4 runtime. + +=== Create Metadata YAML File +The metadata YAML file provides details about the specific implementation of the policy definition. A single policy definition can have several implementations. Each an independent asset in Exchange or different versions of the same Exchange asset. + +The metada YAML file must include the following fields: + +* Header ++ +#%Policy Implementation 1.0 +* Technology ++ +Either `mule4` or `flexGateway`. +* Name ++ +Name of the implementation. +* minRuntimeVersion ++ +A semantic version representing the first runtime version that the implementation binary is compatible with. For example, a mule binary might only be compatible from 4.3.0 onwards. + +The YAML file can also include `Release notes`. + +The following code is an example of a implementation metadata YAML file: + +---- +#%Policy Implementation 1.0 +minRuntimeVersion: 4.1.1 +maxRuntimeVersion: 4.4.0 +technology: mule4 +name: Simple Auth Mule Implementation +releaseNotes: "" + +---- + +=== Create the Implementation Binary Files +The implementation binary file is a JAR file for Mule 4 policies or a WebAssembly WASM file for Anypoint Omni Gateway. These files should support all of the configuration fields and function the way the definition metadata describes. + + +== Add Policy Implementation Files to Published Policy Definition +After the custom policy definition asset is published to Exchange, the next step is to add the policy implementation files to the published policy. This step enables the policy to be available in runtime. The required implementation files are a binary file such as a WebAssembly (WASM) file for Omni Gateway or JAR for Mule 4 runtime and a YAML metadata file. + +Before adding the implementation files, ensure that the policy asset is in the Stable state. + +// See xref:exchange::add-policy-implementation-files-to-published-policy-definition[Add Policy Implementation Files to Published Policy Definition] for more information. + + +== Apply the Policy to an API from Anypoint API Manager +After the implementation files are published, the policy is available to be applied to an API in API Manager. See the Anypoint API Manager documentation for information about applying the policy. diff --git a/gateway/1.13/modules/ROOT/pages/policies-custom-flex-implement-rust.adoc b/gateway/1.13/modules/ROOT/pages/policies-custom-flex-implement-rust.adoc new file mode 100644 index 000000000..dbaf72839 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-custom-flex-implement-rust.adoc @@ -0,0 +1,342 @@ += Implement an Omni Gateway Custom Policy in Rust +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:page-aliases: policies::policies-custom-flex-implement-rust.adoc + +include::partial$pdk-banner.adoc[tag="pdk"] + +== Summary + +You can implement custom policies via WebAssembly (WASM) extensions that run on Envoy as custom filters. You implement these policies using the https://github.com/proxy-wasm/proxy-wasm-rust-sdk[WebAssembly for Proxies (Rust SDK)^]. The following examples assume knowledge about Rust and related tools. + +== Lifecycle Events + +Custom policies are based on https://github.com/proxy-wasm/spec[proxy-wasm ABI^], an event-driven, Envoy-agnostic, low-level interface for L4/L7 proxies. This interface specifies how a WASM extension and its host interact, and it includes listenable lifecycle events: HTTP request lifecycle events and also WASM filter lifecycle events. + +The SDK exposes a method to retrieve information related to each lifecycle event. For example, data retrieved from the `on_http_request_headers` event can be used to perform related custom policy logic, which can then inform the runtime if the request should be processed. + +=== HTTP Request Lifecycle Events + +* `on_http_request_headers` ++ +Triggered when the endpoint receives the complete set of HTTP request headers. + +* `on_http_request_body` ++ +Triggered when the endpoint receives the first bytes of the HTTP request. + +* `on_http_response_headers` ++ +Triggered when the endpoint receives the complete set of HTTP response headers. + +* `on_http_response_body` ++ +Triggered when the endpoint receives the first bytes of the HTTP response body. + +=== Filter Lifecycle Events + +* `on_configure` ++ +Triggered when the WASM filter starts with an available configuration. ++ +Omni Gateway serializes policy configuration into JSON, which is used to configure the Envoy WASM filter. You can deserialize and parse this JSON into data that will be used by your custom policy. + +=== Example Lifecycle Events Implementation + +The following Envoy filter template demonstrates how to implement lifecycle events: + +---- +use proxy_wasm::traits::*; +use proxy_wasm::types::*; + +proxy_wasm::main! {{ + proxy_wasm::set_log_level(LogLevel::Trace); + proxy_wasm::set_root_context(|_| -> Box { + Box::new(HttpConfigHeaderRoot { + header_content: String::new(), + }) + }); +}} + +struct HttpConfigHeader { + header_content: String, +} + +impl Context for HttpConfigHeader {} + +impl HttpContext for HttpConfigHeader { + fn on_http_request_headers(&mut self, _num_headers: usize, _end_of_stream: bool) -> Action { + Action::Continue + } + + fn on_http_request_body(&mut self, _body_size: usize, _end_of_stream: bool) -> Action { + Action::Continue + } + + fn on_http_response_headers(&mut self, _num_headers: usize, _end_of_stream: bool) -> Action { + Action::Continue + } + + fn on_http_response_body(&mut self, _body_size: usize, _end_of_stream: bool) -> Action { + Action::Continue + } +} + +struct HttpConfigHeaderRoot { + header_content: String, +} + +impl Context for HttpConfigHeaderRoot {} + +impl RootContext for HttpConfigHeaderRoot { + fn on_configure(&mut self, _: usize) -> bool { + if let Some(config_bytes) = self.get_plugin_configuration() { + self.header_content = String::from_utf8(config_bytes).unwrap() + } + true + } + + fn create_http_context(&self, _: u32) -> Option> { + Some(Box::new(HttpConfigHeader { + header_content: self.header_content.clone(), + })) + } + + fn get_type(&self) -> Option { + Some(ContextType::HttpContext) + } +} +---- + +== Custom Authentication Header Policy Example + +The following tutorial describes how to create an example policy implementation for a xref:policies-custom-flex-getting-started.adoc#create-policy-definition-files[Policy Definition] that has already been published in Exchange. +The example policy blocks requests whose `x-custom-auth` header does not match a user-configured value. + +During the policy development process, you complete the following steps: + +. Create the policy definition JSON file. +. Set up the project. +. Develop the custom policy. + +=== Create the Policy Definition JSON File + +Example policy implementations require a policy definition JSON file. Omni Gateway passes policy configuration as JSON with that policy definition structure to the Envoy WASM filter. + +The example authentication header policy has only one parameter: the value that needs to be passed in the header. The policy definition JSON file should match the following: + +---- +{ + "title": "Custom Auth Header", + "type": "object", + "description": "Enforces HTTP authentication matching x-custom-auth value to what is configured in the policy.", + "properties": { + "secret-value": { + "title": "Custom Auth Header Password", + "type": "string", + "@context": { + "@characteristics": [ + "security:sensitive" + ] + } + } + }, + "required": [ + "secret-value" + ], + "unevaluatedProperties": false, + "@context": { + "@vocab": "anypoint://vocabulary/policy.yaml#", + "security": "anypoint://vocabulary/policy.yaml#" + }, + "$id": "custom-auth-header-simple", + "$schema": "https://json-schema.org/draft/2019-09/schema" +} +---- + +=== Set Up the Project + +. Create the Rust project via the following command: ++ +---- +cargo new flex_custom_policy_example --lib +---- ++ +This creates a `flex_custom_policy_example` directory. + +. Copy the following into `Cargo.toml`, located in the `flex_custom_policy_example` directory: ++ +---- +[package] +name = "flex_custom_policy_example" +version = "0.1.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[lib] +crate-type = ["cdylib"] +name="flex_custom_policy_example" +path="src/lib.rs" + +[dependencies] +proxy-wasm = { git = "https://github.com/proxy-wasm/proxy-wasm-rust-sdk.git", tag = "v0.2.0" } +serde = { version = "1.0", features = ["derive"] } +serde_json = "1.0" + +[profile.release] +opt-level = "z" +lto = "fat" +---- + +=== Develop the Custom Policy + +. Add the following policy bootstrapping code to a new Rust source file: ++ +---- +use proxy_wasm::traits::*; +use proxy_wasm::types::*; +use serde::Deserialize; + +proxy_wasm::main! {{ + proxy_wasm::set_log_level(LogLevel::Trace); + proxy_wasm::set_root_context(|_| -> Box { + Box::new(CustomAuthRootContext { + config: CustomAuthConfig::default(), + }) + }); +}} +---- ++ +The code is required to deploy your WASM filter to Envoy. The `main` block sets the root context, which is an Envoy entity used to generate the child context for each incoming HTTP request. + +. Add the following root context implementation code: ++ +---- +struct CustomAuthRootContext { + config: CustomAuthConfig, +} + +impl Context for CustomAuthRootContext {} + +impl RootContext for CustomAuthRootContext { + + fn create_http_context(&self, _: u32) -> Option> { + Some(Box::new(CustomAuthHttpContext { + config: self.config.clone(), + })) + } + + fn get_type(&self) -> Option { + Some(ContextType::HttpContext) + } +} +---- ++ +Each Envoy filter is required to provide a root context implementation. The `RootContext` trait contains useful methods you can implement. In this example, HTTP filters implement `create_http_context` and `get_type` so that Envoy can generate the child contexts. + +. Add the following `Struct` to enable parsing this JSON: ++ +---- +#[derive(Default, Clone, Deserialize)] +struct CustomAuthConfig { + + #[serde(alias = "secret-value")] + secret_value: String, +} +---- ++ +Omni Gateway configures your policy with JSON defined in the policy definition. The JSON that needs to be parsed contains a single field called `secret-value`. ++ +. Deserialize the configuration: ++ +After creating the basic policy configuration structure, you must implement the `RootContext` `on_configure` method in order to deserialize it. ++ +Within the implementation of `RootContext` for `CustomAuthRootContext`, add the `on_configure` method, like the following snippet. ++ +---- +impl RootContext for CustomAuthRootContext { + + fn on_configure(&mut self, _: usize) -> bool { + if let Some(config_bytes) = self.get_plugin_configuration() { + self.config = serde_json::from_slice(config_bytes.as_slice()).unwrap(); + } + + true + } + + // Other implemented methods + // ... +} +---- + +. Add the following HTTP context code: ++ +---- +struct CustomAuthHttpContext { + pub config: CustomAuthConfig, +} + +impl Context for CustomAuthHttpContext {} + +impl HttpContext for CustomAuthHttpContext {} +---- ++ +Each incoming request creates a new `CustomAuthHttpContext`, and this `CustomAuthHttpContext` lives as long as the HTTP request lives. This enables you to store request-related state data (but not inter-request state data.) + +. Add the following core policy functionality logic: ++ +---- +impl HttpContext for CustomAuthHttpContext { + fn on_http_request_headers(&mut self, _num_headers: usize, _end_of_stream: bool) -> Action { + + if let Some(value) = self.get_http_request_header("x-custom-auth") { + if self.config.secret_value == value { + return Action::Continue; + } + } + + self.send_http_response(401, Vec::new(), None); + + Action::Pause + } +} +---- ++ +The `proxy-wasm` ABI retrieves the header value of the incoming request and then compares the value against `secret-value`. If `secret-value` matches the header, the implementation returns an `Action::Continue`. Otherwise, it returns `Action::Pause`, and the filter itself emits a response to the calling client using `send_http_response`. ++ +Note: The Rust SDK contains an issue reading non-UTF-8 values with `get_http_request_header`. To work around the issue, use the `get_http_request_headers_bytes` method and read the bytes using the `from_utf8` https://doc.rust-lang.org/std/string/struct.String.html#method.from_utf8[method^]. For example: ++ +---- +let header = self.get_http_request_header_bytes("x-custom-auth").map(String::from_utf8).and_then(Result::ok); +---- + +. Enable compilation by adding `wasm32` as a target: ++ +---- +rustup target add wasm32-wasi +---- ++ +All third-party libraries included in your policy must be compatible with the `wasm32-wasi` Rust compilation target. ++ +[IMPORTANT] +==== +Some libraries might compile properly to the wasm32-wasi target but might not work properly when deployed to Omni Gateway. Example deployment errors when this happens are: + +* `Failed to load Wasm module due to a missing import` +* `Wasm VM failed to initialize Wasm code` +* `Plugin configured to fail closed failed to load` + +To resolve these issues, contact the owners of the third-party library or use a different library. +==== + +. Compile your custom policy via the following command: ++ +---- +cargo build --target wasm32-wasi --release +---- ++ +Compilation outputs a binary `.wasm` file into the `./target/wasm32-wasi/release` directory. ++ +For more information on pushing custom policies to Exchange, refer to xref:policies-custom-flex-getting-started.adoc[Publish an Omni Gateway or Mule 4 Custom Policy]. diff --git a/gateway/1.13/modules/ROOT/pages/policies-custom-overview.adoc b/gateway/1.13/modules/ROOT/pages/policies-custom-overview.adoc new file mode 100644 index 000000000..f4cb9c88b --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-custom-overview.adoc @@ -0,0 +1,17 @@ += Custom Policies +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:page-aliases: api-manager::change-custom-policy-mule3.adoc, api-manager::policies-custom-landing-page.adoc, api-manager::policies-custom-overview.adoc, policies::policies-custom-overview.adoc + +include::partial$pdk-banner.adoc[tag="pdk"] + +Policies enforce regulations to help manage security, control traffic, and improve API adoption. For example, a policy can control authentication, access, and service level agreements (SLAs). You can create custom policies based on your specific business requirements and apply them to APIs to extend existing functionality or define new ones. + +The workflow for creating custom policies for Anypoint Omni Gateway is done in Exchange. The policy is then available to be applied to an API in Anypoint API Manager. + +For more information, refer to the following: + +* xref:policies-custom-flex-implement-rust.adoc[Implement an Omni Gateway Custom Policy in Rust] +* xref:policies-custom-flex-getting-started.adoc[Publish an Omni Gateway Custom Policy] +* xref:flex-local-deploy-custom-policy.adoc[Apply an Omni Gateway Custom Policy in Local Mode] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/policies-flex-dataweave-support.adoc b/gateway/1.13/modules/ROOT/pages/policies-flex-dataweave-support.adoc new file mode 100644 index 000000000..83850be32 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-flex-dataweave-support.adoc @@ -0,0 +1,315 @@ += DataWeave Support in Omni Gateway Policies +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:page-aliases: policies::policies-flex-dataweave-support.adoc + +xref:dataweave::index.adoc[DataWeave] is the programming language designed by MuleSoft for data transformation. It enables you to build a simple solution for a common integration developer use case: read and parse data from one format, transform the data, and write it out as a different format. + +Omni Gateway supports a subset of DataWeave in policy configuration expressions. DataWeave is only supported in included policies and custom policies created with PDK.. + +== Available Types + +* xref:dataweave::dataweave-type-system.adoc#null[`Null`] +* `Boolean` +* `String` +* `Number` (Driven as 64 bits floating points) +* xref:dataweave::dataweave-type-system.adoc#array-type[`Array`] +* xref:dataweave::dataweave-type-system.adoc#object-type[`Object`] (Repeated keys are not available) + +== Available Value Constructors for Types + +* xref:dataweave::dataweave-types.adoc#dw_type_boolean[`Boolean`] +* xref:dataweave::dataweave-types.adoc#dw_type_string[`String`] +* xref:dataweave::dataweave-types.adoc#dw_type_null[`Null`] +* xref:dataweave::dataweave-types.adoc#dw_type_number[`Number`] +* xref:dataweave::dataweave-types.adoc#dw_type_array[`Array`] + +== Unavailable Value Constructors for Types + +* xref:dataweave::dataweave-types.adoc#dw_type_object[`Object`] (Objects can not be defined as literals) + +== Available Flow Control Structures + +* xref:dataweave::dataweave-flow-control.adoc#control_flow_if_else[`if else`] + +== Unavailable Flow Control Structures + +* xref:dataweave::dataweave-flow-control.adoc#control_flow_do[`do`] + +== Available Selectors + +* `Array[Number]` +* `Array[String]` +* `Object[String]` +* `String[Number]` + +== Unavailable Selectors + +* `Object[Number]` + +== Available Equality and Relational Operators + +* xref:dataweave::dw-operators.adoc#equality-and-relational-operators[`==`] +* xref:dataweave::dw-operators.adoc#equality-and-relational-operators[`!=`] +* xref:dataweave::dw-operators.adoc#equality-and-relational-operators[`>=`] +* xref:dataweave::dw-operators.adoc#equality-and-relational-operators[`<=`] + +== Available Logical Operators + +* xref:dataweave::dw-operators.adoc#logical_operators[`not`] +* xref:dataweave::dw-operators.adoc#logical_operators[`and`] +* xref:dataweave::dw-operators.adoc#logical_operators[`or`] + +[[available-default-operators]] +== Available Default Operators + +* xref:dataweave::dataweave-cookbook-defaults.adoc#example-of-using-the-keyword-default-to-set-a-default-value[`default`] + +== Available Functions + +=== `++` + +* xref:dataweave::dw-core-functions-plusplus.adoc#plusplus1[`++(Array, Array): Array`] +* xref:dataweave::dw-core-functions-plusplus.adoc#plusplus2[`++(String, String): String`] + +[[available-minus-operators]] +=== `--` + +* xref:dataweave::dw-core-functions-minusminus.adoc#minusminus1[`--(source: Array, toRemove: Array): Array`] +* xref:dataweave::dw-core-functions-minusminus.adoc#minusminus2[`--(source: { (K)?: V }, toRemove: Object): { (K)?: V }`] +* xref:dataweave::dw-core-functions-minusminus.adoc#minusminus3[`--(source: Object, keys: Array)`] + +=== `contains` + +* xref:dataweave::dw-core-functions-contains.adoc#contains1[`contains(Array, Any): Boolean`] +* xref:dataweave::dw-core-functions-contains.adoc#contains2[`contains(String, String): Boolean`] + +=== `lower` + +* xref:dataweave::dw-core-functions-lower.adoc#lower1[`lower(String): String`] +* xref:dataweave::dw-core-functions-lower.adoc#lower2[`lower(Null): Null`] + +=== `splitBy` + +* xref:dataweave::dw-core-functions-splitby.adoc#splitby2[`splitBy(String, String): Array`] + +=== `sizeOf` + +* xref:dataweave::dw-core-functions-sizeof.adoc#sizeof1[`sizeOf(Array): Number`] +* xref:dataweave::dw-core-functions-sizeof.adoc#sizeof2[`sizeOf(Object): Number`] +* xref:dataweave::dw-core-functions-sizeof.adoc#sizeof4[`sizeOf(String): Number`] + +=== `trim` + +* xref:dataweave::dw-core-functions-trim.adoc#trim1[`trim(String): String`] +* xref:dataweave::dw-core-functions-trim.adoc#trim2[`trim(Null): Null`] + +=== `upper` + +* xref:dataweave::dw-core-functions-upper.adoc#upper1[`upper(String): String`] +* xref:dataweave::dw-core-functions-upper.adoc#upper2[`upper(Null): Null`] + +=== `uuid` + +* xref:dataweave::dw-core-functions-uuid.adoc#uuid1[`uuid(): String`] + +=== `dw::core::Strings::substringAfter` + +* xref:dataweave::dw-strings-functions-substringafter.adoc#substringafter1[`substringAfter(String, String): String`] +* xref:dataweave::dw-strings-functions-substringafter.adoc#substringafter2[`substringAfter(Null, String): Null`] + +=== `dw::core::Strings::substringAfterLast` + +* xref:dataweave::dw-strings-functions-substringafterlast.adoc#substringafterlast1[`substringAfterLast(String, String): String`] +* xref:dataweave::dw-strings-functions-substringafterlast.adoc#substringafterlast2[`substringAfterLast(Null, String): Null`] + +=== `dw::core::Strings::substringBefore` + +* xref:dataweave::dw-strings-functions-substringbefore.adoc#substringbefore1[`substringBefore(String, String): String`] +* xref:dataweave::dw-strings-functions-substringbefore.adoc#substringbefore2[`substringBefore(Null, String): Null`] + +=== `dw::core::Strings::substringBeforeLast` + +* xref:dataweave::dw-strings-functions-substringbeforelast.adoc#substringbeforelast1[`substringBeforeLast(text: String, separator: String): String`] +* xref:dataweave::dw-strings-functions-substringbeforelast.adoc#substringbeforelast2[`substringBeforeLast(text: Null, separator: String): Null`] + +=== toBase64 + +* xref:dataweave::dw-binaries-functions-tobase64.adoc#tobase641[`toBase64(content: Binary): String`] + +=== fromBase64 + +* xref:dataweave::dw-binaries-functions-frombase64.adoc#frombase641[`fromBase64(base64String: String): Binary`] + +[NOTE] +==== +Omni Gateway doesn't support DataWeave expressions with binary type results. To use the `dw::Binaries::fromBase64('dXNlcjpwYXNz')` function, transform the result to a string. Transform the binary output to a string with the `dw::util::Coercions::toString(binary: Binary, encoding: String): String` function. For example, `#[dw::util::Coercions::toString(dw::core::Binaries::fromBase64('dXNlcjpwYXNz'), 'UTF-8')]`. +If using a different function that transforms the binary by default, such as `#[splitBy(dw::core::Binaries::fromBase64('dXNlcjpwYXNz'), ':')]`, you can skip manually transforming the binary. +==== + +=== toBinary + +* xref:dataweave::dw-coercions-functions-tobinary.adoc#tobinary1[`toBinary(str: String, encoding: String): Binary`] + +=== toString + +* xref:dataweave::dw-coercions-functions-tostring.adoc#tostring3[`toString(binary: Binary, encoding: String): String`] + +[[available-predefined-variables]] +== Available Predefined Variables + +* xref:dataweave::dataweave-variables-context.adoc[`attributes`] +** `attributes.headers` +** `attributes.method` (Only available in request context) +** `attributes.queryParams` (Only available in request context) +** `attributes.queryString` (Only available in request context) +** `attributes.requestPath` (Only available in request context) +** `attributes.requestUri` (Only available in request context) +** `attributes.localAddress` (Only available in request context) +** `attributes.remoteAddress` (Only available in request context) +** `attributes.scheme` (Only available in request context) +** `attributes.version` (Only available in request context) +** `attributes.statusCode` (Only available in response context) + +* xref:dataweave::dataweave-variables-context.adoc[`authentication`] +** `authentication.clientId` +** `authentication.clientName` +** `authentication.principal` +** `authentication.properties` ++ +To learn more about how to access the authentication object, see <>. + +* `payload` +** Fields depend on the current payload. For example, `#[payload]` returns the body of the message. + +* xref:dataweave::dataweave-variables-context.adoc[`vars`] +** Individual policies support different sets of variables. For information, refer to the policies listed in xref:policies-included-directory.adoc[]. + +== DataWeave Usage Examples + +You can use DataWeave to extract different values from the request and response. + +NOTE: The Omni Gateway Policy Development Kit (PDK) provides the https://github.com/mulesoft/pdk-custom-policy-examples/tree/main/dataweave[DataWeave example policy] that you can use to test DataWeave expressions. + +For example, use DataWeave expressions to: + +* Read a header: ++ +---- +#[attributes.headers.'my-header'] +---- + +* Ensure a specific header is defined: ++ +---- +#[attributes.headers.'my-header' != null] +---- + +* Check if a request has basic authorization: ++ +---- +#[lower(splitBy(attributes.headers.authorization default '', ' ')[0]) == 'basic'] +---- + +* Check if a request contains `/some` path: ++ +---- +#[attributes.requestPath contains '/some'] +---- + +* Check if a request doesn't contain `/some` path: ++ +---- +#[not(attributes.requestPath contains '/some')] +---- + +* Read the username from a `Basic` authorization header: ++ +---- +#[splitBy(dw::core::Binaries::fromBase64(dw::core::Strings::substringAfter(attributes.headers.authorization default '', 'Basic')), ':')[0]] +---- + +* Read the password from a `Basic` authorization header: ++ +---- +#[splitBy(dw::core::Binaries::fromBase64(dw::core::Strings::substringAfter(attributes.headers.authorization default '', 'Basic ')), ':')[1]] +---- + +* Read the first value of the `x-forwarded-for` header: ++ +---- +#[trim(splitBy(attributes.headers.'x-forwarded-for', ',')[0])] +---- + +* Read the last value of the `x-forwarded-for` header: ++ +---- +#[trim(splitBy(attributes.headers.'x-forwarded-for', ',')[-1])] +---- + +* Read the value from a `Cookie`: ++ +---- +#[trim(dw::core::Strings::substringBefore(dw::core::Strings::substringAfter(attributes.headers.Cookie default '', 'myCookieName='), ';'))] +---- + +* Check if a single value or space-separated header contains a specific value: ++ +---- +#[splitBy(attributes.headers.scopes default '', ' ') contains 'read'] +---- + +[[access-authentication-object]] +== Access the Authentication Object + +To access the xref:dataweave::dataweave-variables-context.adoc[`authentication`] object, you must first configure an authentication policy that populates the object. + +The authentication policy you apply affects the available authentication object properties: + +* Multiple policies can validate Client ID: +** xref:policies-included-client-id-enforcement.adoc[] +** xref:policies-included-rate-limiting-sla.adoc[] +** xref:policies-included-oauth-token-introspection.adoc[] (If Client ID enforcement is configured) +** xref:policies-included-openid-token-enforcement.adoc[] (If Client ID enforcement is configured) +** xref:policies-included-jwt-validation.adoc[] (If Client ID enforcement is configured) ++ +Policies validating Client ID provide these authentication object properties: ++ +*** `authentication.clientName`: Name of the contract's client application +*** `authentication.clientId`: ID of the contract's client application +*** `authentication.properties.slaId`: SLA ID assigned to the contract + +* xref:policies-included-jwt-validation.adoc[]: +** `authentication.properties.claims.`: All claims provided by the JWT + +* Multiple policies validate basic authentication credentials: +** xref:policies-included-basic-auth-simple.adoc[] +** xref:policies-included-basic-auth-ldap.adoc[] ++ +Policies validating basic authentication credentials provide these authentication object properties: ++ +*** `authentication.principal`: Username passed as basic auth user + +After your policy populates the authentication object, you can access the object in policies ordered after the authentication policy using DataWeave expressions. For example: + +* Read a value from the authentication object: ++ +---- +#[authentication.properties.claims.exp] +---- + +* Check if a JSON array or a JSON string JWT claim contains a specific value: ++ +---- +#[authentication.properties.claims.custom_claim contains 'read'] +---- + +* Remove sensitive headers, such as `Authorization`, for logging purposes: ++ +---- +#[attributes.headers -- "Authorization"] +---- + + + diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-a2a-agent-card.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-a2a-agent-card.adoc new file mode 100644 index 000000000..6c4081e56 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-a2a-agent-card.adoc @@ -0,0 +1,40 @@ += A2A Agent Card Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | A2A Agent Card +>s|Summary | Rewrites the Agent Card URL to match the public URL of the gateway +>s|Category | A2A +>s|First Omni Gateway version available | v1.9.3 +>s| Returned Status Codes | +|=== + +include::partial$a2a-version-support.adoc[] + +== Summary + +The A2A Agent Card Policy rewrites the URL in the A2A Agent Card responses so that the exposed URL points to the public endpoint of the Omni Gateway A2A server instance rather than directly to backend services. This ensures that all client requests are routed through Omni Gateway, enabling it to enforce security and access controls, while preventing direct access to backend resources. + +The A2A Agent Card policy also enables the *Total Agent Calls* metric that tracks the total successful and unsuccessful calls made to the agent. To view *Total Agent Calls*, see xref:flex-managed-view-api-metrics.adoc[]. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The A2A Agent Card policy isn't supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] + +|=== +| Element | Description +| Consumer URL | The consumer URL of the agent's A2A service where JSON-RPC requests are sent. + +If the consumer URL isn't set, the server instance's public endpoint is used. +| Card Path | The path where the agent presents the card. +|=== diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-a2a-pii-detector.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-a2a-pii-detector.adoc new file mode 100644 index 000000000..d4b1191df --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-a2a-pii-detector.adoc @@ -0,0 +1,65 @@ += A2A Personally Identifiable Information (PII) Detector Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | A2A PII Detector Policy +>s|Summary | Detects personally identifiable information (PII) in requests sent to the agent +>s|Category | A2A +>s|First Omni Gateway version available | v1.9.3 +>s| Returned Status Codes | +|=== + +include::partial$a2a-version-support.adoc[] + +== Summary + +The A2A PII Detector policy detects personally identifiable information (PII) in requests sent to the agent. If PII is detected, you can either log or block the request. A policy violation is always reported if PII is detected. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The A2A PII Detector policy isn't supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] + +|=== +| Element | Description +| Entities| Array that defines the types of PII to detect. You can select multiple PII types. Supported values are `Email`, `US SSN`, `Credit Card`, `Phone Number`. + + +For more information, see <>. +| Action | Action to take when PII is detected. Supported values are `Log` or `Block`. +|=== + +[[pii-types]] +=== PII Types + +When you configure an A2A PII Detector policy, you can choose which types of PII to detect. + + +The following table describes the type of PII this policy can detect: + +[%header,cols='1a,5a'] +|=== +|PII Type +|Description + +|Email +|Standard email addresses such as `User.Name+tag@example.com` + +|US SSN +|United States Social Security Numbers (SSNs) in the standard format: `XXX-XX-XXXX` where each `X` is a digit. For example: `123-45-6789`. + +|Credit Card +|Credit card numbers in the form of four groups of four digits, separated by optional spaces or hyphens. Examples: `1234-5678-9012-3456`, `1234 5678 9012 3456`, or `1234567890123456`. + +|Phone Number +|United States phone numbers in various formats, with or without country code, parentheses, spaces, hyphens, or dots. Examples: `123-456-7890`, `(123) 456-7890`, `123.456.7890`, `+1 123 456 7890`, or `1234567890`. +|=== \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-a2a-prompt-decorator.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-a2a-prompt-decorator.adoc new file mode 100644 index 000000000..cfba6b58d --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-a2a-prompt-decorator.adoc @@ -0,0 +1,44 @@ += A2A Prompt Decorator Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | A2A Prompt Decorator +>s|Summary | Decorates prompts with context information +>s|Category | A2A +>s|First Omni Gateway version available | v1.9.3 +>s| Returned Status Codes | No return codes exist for this policy. +|=== + +include::partial$a2a-version-support.adoc[] + +== Summary + +The A2A Prompt Decorator policy injects additional content into provided prompts before they are sent to the upstream server. You can specify the content to inject either as a DataWeave string parameter or by referencing a file. Additionally, you can use a DataWeave expression to filter which requests should have prompts decorated. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The A2A Prompt Decorator policy isn't supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] + +|=== +| Element | Description +| Text Decorators | List of text decorations you want to add to the prompts. +| Prompt Text | DataWeave Expression that generates the prompt text injected into the request. For example: `#['Use Imperial metric units']`. +| Condition | DataWeave Expression that filters which prompts to decorate. For example: `#[attributes.headers['id']==1]`. +| File Decorators | List of file decorations to add to the prompts. +| Condition | DataWeave Expression that filters which prompts to decorate. For example: `#[attributes.headers['id']==1]`. +| File Name | DataWeave Expression with the File Name. For example: `#['Decorator name']`. +| File Mime Type | DataWeave Expression with the Mime Type of the file to inject. For example: `#['application/json']`. +| File Source | Select *Base64* if the file Content is base64-encoded data, or *Uri* if the file Content is a URL to an external file. +| Content | DataWeave Expression containing either base64-encoded file content or a URL to download the content file. For example: #['https://domain/file-location'] or #['QmFzZTY0IGVuY29kZWQgZmlsZSBjb250ZW50']. +|=== diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-a2a-schema-validation.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-a2a-schema-validation.adoc new file mode 100644 index 000000000..f8abee378 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-a2a-schema-validation.adoc @@ -0,0 +1,27 @@ += A2A Schema Validation Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | A2A Schema Validation +>s|Summary | Validates Agent requests to ensure they conform to the A2A specification +>s|Category | A2A +>s|First Omni Gateway version available | v1.9.3 +>s| Returned Status Codes | +|=== + +include::partial$a2a-version-support.adoc[] + +== Summary + +The A2A Schema Validation policy validates that every request to the A2A server complies with the A2A schema. If validation fails it will report a Policy Violation. + +There are no configuration parameters for this policy. + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The A2A Schema Validation policy isn't supported in Local Mode. diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-a2a-token-rate-limit.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-a2a-token-rate-limit.adoc new file mode 100644 index 000000000..a67b7fe2e --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-a2a-token-rate-limit.adoc @@ -0,0 +1,77 @@ += A2A Token Based Rate Limit Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy, rate limiting, token, a2a + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | A2A Token Based Rate Limit +>s|Summary | Rate limits agent usage of upstream resources +>s|Category | A2A +>s|First Omni Gateway version available | v1.11.0 +.>s| Returned Status Codes +|429 - Too Many Requests: Token limit exceeded, requests are blocked until the current window finishes +|=== + +include::partial$a2a-version-support.adoc[] + +== Summary + +The A2A Token Based Rate Limit policy enforces rate limiting on agent requests based on the number of tokens consumed by the agents. The A2A Token Based Rate Limit policy counts tokens using the GPT-4o-mini tokenizer model, providing control over API usage based on the content being processed. + +The policy counts tokens from both request and response payloads. Tokens generated by the response are counted toward the rate limit of the next request to ensure total token consumption across the conversation is properly tracked. + +If a request exceeds the allowed token limit, the policy blocks the call and returns a `429` status code. + + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The A2A Token Based Rate Limit policy isn't supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a"] +|=== +| Element | Required | Description +| Maximum Tokens | Yes | Maximum number of tokens allowed within the specified time period. Must be a positive integer of one or greater. +| Time Period (ms) | Yes | Time period in milliseconds for the rate limit window. Minimum time period is 1000 milliseconds. +| Key Selector | Yes | DataWeave expression that selects the key for rate limiting. This creates independent rate limit counters for each unique value resolved by the expression. For example: + +* `#[attributes.headers['ClientId']]`: Rate limit per client ID +* `#[attributes.principal]`: Rate limit per user +* `#[attributes.headers['X-Forwarded-For']]`: Rate limit per IP address +* `#[attributes.requestPath]`: Rate limit per API path +|=== + +== How This Policy Works + +The A2A Token Based Rate Limit policy monitors token consumption in the current window, allowing requests to reach the backend only if the available token quota is greater than zero. + +The policy uses a fixed-window rate limiting algorithm. The window starts after it receives the first request. When the quota is exhausted, requests are rejected with a 429 status code until the time window resets. + +The `keySelector` parameter enables you to create independent rate limit counters for different groups of requests. Each unique value resolved by the DataWeave expression has its own token quota and time window. For example, if you configure `keySelector: "#[attributes.headers['ClientId']]"` with a limit of 100 tokens per 5 seconds, each individual client has its own 100-token quota in a 5-second window. If you don't configure a key selector, all requests are counted together. + +=== Token Counting + +The policy uses the GPT-4o-mini tokenizer model to count tokens in: + +* *Request payloads*: Tokens are counted from the `params.message.parts` array in JSON-RPC requests. The policy extracts text from parts with `kind: "text"` or `type: "text"`, and data from parts with `kind: "data"` or `type: "data"`. +* *Response payloads*: Tokens are counted from response content including: +** Direct message parts in `result.parts` +** Status message parts in `result.status.message.parts` +** Artifact parts in `result.artifacts[*].parts` +** Server-Sent Events (SSE) stream data + +To learn more about the GPT-4o-mini tokenizer model, see https://platform.openai.com/tokenizer[OpenAI Platform Tokenizer]. + +=== Response Headers + +When a request is processed, the policy adds the following headers to the response: + +* `x-token-limit`: The maximum number of tokens allowed per window +* `x-token-remaining`: The number of tokens remaining in the current window +* `x-token-reset`: The remaining time, in milliseconds, until a new window starts \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-agent-connection-telemetry.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-agent-connection-telemetry.adoc new file mode 100644 index 000000000..3dd26862e --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-agent-connection-telemetry.adoc @@ -0,0 +1,42 @@ += Agent Connection Telemetry Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy, agent, telemetry, agent connection, A2A, MCP + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | Agent Connection Telemetry +>s|Summary | Tracks the number of requests made to agent or MCP server instances +>s|Category | A2A and MCP +>s|First Omni Gateway version available | 1.11.0 +^s| Returned Status Codes | No return codes exist for this policy. +|=== + +== Summary + +The Agent Connection Telemetry policy tracks the number of requests and what source makes the request to agent or MCP server instance. + +To track the source of the request, the policy uses a DataWeave expression to extract an identification value from a request header. By default, the policy extracts the `X-AGENT-ID` header. The `X-AGENT-ID` header contains the Mulesoft instance ID. + +To track the requests, the policy uses the `mulesoft_agent_connection_count(source, destination)` metric. Where `source` is the identification value extracted from the request header and `destination` is the agent or MCP server instance ID. Use Anypoint Monitoring to view the metric. + +If the policy can't extract the identification header, the policy doesn't block or track the request. + +NOTE: The Agent Connection Telemetry policy is applied by default to all agent and MCP server instances created using Agent Fabric. + +== Configure Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The Agent Connection Telemetry policy isn't supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +| Element | Description +| Source Agent ID | DataWeave expression to extract the source identification value from the request header. By default, the `#[attributes.headers['X-AGENT-ID']]` expression extracts the Mulesoft instance ID. +|=== + diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-basic-auth-ldap.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-basic-auth-ldap.adoc new file mode 100644 index 000000000..6dee81421 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-basic-auth-ldap.adoc @@ -0,0 +1,250 @@ += Basic Authentication: LDAP Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: basic authentication, ldap, api gateway, flex gateway, gateway, policy +:page-aliases: api-manager::basic-authentication-ldap-concept.adoc, policies::policies-included-basic-auth-ldap.adoc + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | Basic Authentication: LDAP +>s|Summary | Allows access based on the basic authorization mechanism, with user-password defined on LDAP +>s|Category | Security +>s|First Omni Gateway version available | v1.1.0 +.1+>.^s| Returned Status Codes +|401 - Unauthorized or invalid client application credentials +|=== + +== Summary + +The Lightweight Directory Access Protocol (LDAP) authentication policy specifies how to restrict access to an API using LDAP authentication mechanism. + +When an error is encountered, the Basic Authentication - LDAP policy returns an "WWW-Authenticate" HTTP header field using the format:`WWW-Authenticate: Basic realm="mule-realm"`. + +LDAP is an inverted tree, and each leaf has a username-password pair and associated metadata. Each level is like a tree branch. For more information about LDAP, see https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol[About LDAP^]. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: ldap-authentication-flex + config: + ldapServerURL: // OPTIONAL, default: "ldap://127.0.0.1:389" + authorizationOrigin: // OPTIONAL, default: "httpBasicAuthenticationHeader" + authorizationExpression: // REQUIRED when authorizationOrigin is "customExpression" + ldapServerUserDn: // REQUIRED + ldapServerUserPassword: // REQUIRED + ldapSearchBase: // REQUIRED + ldapSearchFilter: // OPTIONAL, default: "(uid={0})" + ldapSearchInSubtree: // OPTIONAL, default: false +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +|Parameter | Required or Optional | Default Value | Description + +| `ldapServerURL` +| Optional +| `ldap://127.0.0.1:389` +| Address and port of the location to the LDAP server + +| `authorizationOrigin` +| Optional +| `httpBasicAuthenticationHeader` +| Origin of the Authorization token. Use `httpBasicAuthenticationHeader` to read credentials from the HTTP Basic Authentication header, or `customExpression` to extract the token using a DataWeave expression. + +| `authorizationExpression` +| Required when `authorizationOrigin` is `customExpression` +| `#[attributes.headers['token']]` +| DataWeave expression to extract the Authorization token from API requests. Only applicable when `authorizationOrigin` is `customExpression`. + +| `ldapServerUserDn` +| Required +| +| The name of the user or user group with access to traverse and list users of LDAP + +| `ldapServerUserPassword` +| Required +| +| The password for the user or usergroup + +| `ldapSearchBase` +| Required +| +| The place where the LDAP search begins + +| `ldapSearchFilter` +| Required +| +| The criteria for the filter for the Active Directory or the OpenLDAP model + +| `ldapSearchInSubtree` +| Optional +| `false` +| Whether to examine the subtree below the base DN and include the base DN level. Performance will be affected by this. Otherwise, the one-level scope will be used, examining only the level immediately below the base DN +|=== + +==== Resource Configuration Example + +---- +- policyRef: + name: ldap-authentication-flex + config: + ldapServerURL: "ldap://localhost:389" + authorizationOrigin: "httpBasicAuthenticationHeader" + authorizationExpression: "#[attributes.headers['Authorization']]" + ldapServerUserDn: "cn=admin,dc=example,dc=org" + ldapServerUserPassword: "admin" + ldapSearchBase: "dc=example,dc=org" + ldapSearchFilter: "(uid={0})" + ldapSearchInSubtree: true +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +|Parameter |Description +|LDAP Server URL +|The URL of your LDAP OR LDAPS server, including the port number. +|Authorization token origin +|Origin of the Authorization token: *HTTP Basic Authentication Header* or *Custom Expression*. +|Token Expression +|DataWeave expression used to extract the Authorization from API requests. Shown when Authorization token origin is *Custom Expression*. +|LDAP User DN +|The name of the user or user group with access to traverse and list users of LDAP. +|LDAP User Password +|The password for the user or user group. The password must be a secure value that, once specified, is not visible or retrievable. +|LDAP Search Base +|The starting point for the search in the directory tree. +|LDAP Search Filter +|The criteria for the filter for the Active Directory or the OpenLDAP model, as shown in the examples. +|=== + +NOTE: All parameters are required to successfully configure LDAP or Active Directory. + +== Example Configuration for an Active Directory + +You can configure Active Directory for your LDAP authentication by providing the following values: + +[%header,cols="3*a"] +|=== +|Field |Example Literal String Value |Example Secure Property Placeholder +|LDAP Server URL +|ldap://174.19.33.17:389/ +|${ldap.server.url} +|LDAP Secure Server URL (SSL) +|ldaps://my-company-ldap.cloudhub.io:1010/ +|${ldap.server.url} +|LDAP Server User DN +|CN=Administrator,CN=Users,DC=my-company,DC=com +|${ldap.user.dn} +|LDAP User Password +|somePassword +|${ldap.password} +|LDAP Search Base +|CN=Users,DC=my-company,DC=com +|${ldap.search.base} +|LDAP Search Filter +|(sAMAccountName={0}) +|${ldap.search.filter} +|=== + +The search filter string in the example is specific to Active Directory applications. + +== Example Configuration for OpenLDAP + +You can configure OpenLDAP for your LDAP authentication by providing the following values: + +[%header,cols="3*a"] +|=== +|Field +|Example Literal String Value +|Example Secure Property Placeholder +|LDAP Server URL +| ldap://174.19.33.17:389/ +|${ldap.server.url} +| LDAP Secure Server URL (SSL) +| ldaps://my-company-ldap.cloudhub.io:1010/ +|${ldap.server.url} +|LDAP Server User DN +|cn=Manager,dc=my-company,dc=com +|${ldap.user.dn} +|LDAP User Password +|somePassword +|${ldap.password} +|LDAP Search Base +|ou=people,dc=my-company,dc=com +|${ldap.search.base} +|LDAP Search Filter +|(uid={0}) +|${ldap.search.filter} +|=== + +The search filter string in the example is specific to OpenLDAP applications. + +== How This Policy Works + +The Basic Authentication - LDAP policy intercepts the request to the protected resource and looks for the `Authorization` HTTP header. + +The policy then extracts the username and password encoded in Base64 and then requests the configured LDAP instance to determine if the user credentials are correct in the provided LDAP context. + +You can configure the Basic Authentication: LDAP policy to credentials using the following methods: + +* Search for the valid username and password pair in the level specified. +* Search for the valid username and password pair in the level specified, including lower levels. This search option is comprehensive, however, can result in slow performance. + +=== Search Scope + +Your search scope options differ depending on your policy version. The search scope options are one level for LDAP 1.0.0 and two levels (subtree) for LDAP 1.1.0. + +You can choose between `one level` and `subtree` search scopes by using the `LDAP Search in subtree` option. + +The `LDAP search base` is the starting point for the search in the directory. + +=== One-Level Search Scope + +With this option, the filter affects only the objects immediately subordinate to the `LDAP search base`, and not the `LDAP search base` itself. + +In the following example, the first level has four entries: two users and two groups. These are the only entries that are a part of any search: + +image::search-scope.png["Diagram of a hierarchical organizational structure"] + +If you set the search filter to `(uid={0})`, only `Jane` and `Paul` are found. The group entries are not considered. + +==== Subtree Search Scope + +With this option, the Basic Authentication - LDAP policy examines the subtree below the `LDAP search base` and also includes the `LDAP search base` level. Notice that performance is affected by this behavior. + +In the previous example, the analyzed area covers the entire organization. The group and user entries are considered at any level of the organization: + +image::search-scope2.png["A flowchart that shows an example organizational structure"] + + +== Creating Requests for APIs with Basic Authentication Policies Applied + +After applying the Basic Authentication - LDAP policy to the API, a request to that API must contain the following header: + +---- +Authorization: Basic +---- + +The `username:password` value must be a Base64-encoded string. For example on a Mac OS X or Linux system, the username and password requirement is implemented as: + +`echo -n ':' | base64` + +// Mule runtime engine (Mule) separates the credentials of the header and sends the request to the LDAP server with the search filter. + +From the `username` and search filter, LDAP finds the registered user and then verifies credentials. The valid result is returned: + +image::ldap-verification.png["Here's a sequence diagram that illustrates the message flow for client authentication through an LDAP Server",height=358,width=488] + +The following diagram illustrates an invalid request: + +image::ldap-verification-invalid.png["A sequence diagram that illustrates the message flow for authorization",height=245,width=484] + +The Basic Authentication: LDAP policy throws an HTTP 401 status code to indicate that the authorization header is malformed, not provided, or invalid. diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-basic-auth-simple.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-basic-auth-simple.adoc new file mode 100644 index 000000000..e15f5861e --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-basic-auth-simple.adoc @@ -0,0 +1,77 @@ += Basic Authentication: Simple Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: basic authentication, api gateway, flex gateway, gateway, policy +:page-aliases: api-manager::basic-authentication-simple-concept.adoc, api-manager::basic-authentication-concept.adoc, api-manager::http-basic-authentication-policy.adoc, policies::policies-included-basic-auth-simple.adoc + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | Basic Authentication: Simple +>s|Summary | Allows access based on the basic authorization mechanism, with a single user-password +>s|Category | Security +>s|First Omni Gateway version available | v1.0.0 +.1+>.^s| Returned Status Codes +|400 - Unauthorized or invalid client application credentials in WSDL API using SOAP 1.2 +| | 401 - Unauthorized or invalid client application credentials in HTTP or RAML APIs +| | 500 - Unauthorized or invalid client application credentials in WSDL API using SOAP 1.1 +|=== + +== Summary + +The Basic Authentication: Simple policy protects an API by forcing applications to provide a username and password when making requests. + +The policy follows https://tools.ietf.org/html/rfc7617[basic HTTP authentication standards^]. + +When an error is encountered, the policy returns an "WWW-Authenticate" HTTP header field. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: http-basic-authentication-flex + config: + username: // REQUIRED + password: // REQUIRED +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `username` +| Required +| N/A +| A base-64 encoded string + +| `password` +| Required +| N/A +| A base-64 encoded string + +|=== + +==== Resource Configuration Example + +---- +- policyRef: + name: http-basic-authentication-flex + config: + username: chris + password: admin +---- + +=== Omni Gateway Connected Mode + +When you apply the Basic Authentication: Simple policy to an API, a request to that API must contain the following header: + +---- +Authorization: Basic +---- + +The `username:password` value must be a base64-encoded string. For example on a Mac OS X or Linux system, the username and password requirement is implemented as: + +`echo -n ':' | base64` diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-client-id-enforcement.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-client-id-enforcement.adoc new file mode 100644 index 000000000..654d09197 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-client-id-enforcement.adoc @@ -0,0 +1,175 @@ += Client ID Enforcement Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: clientid enforcement, api gateway, flex gateway, gateway, policy +:page-aliases: api-manager::client-id-based-policies.adoc, policies::policies-included-client-id-enforcement.adoc + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | Client ID Enforcement +>s|Summary | Allows access only to authorized client applications +>s|Category | Compliance +>s|First Omni Gateway version available | v1.0.0 +.4+>.^s| Returned Status Codes +|401 - Unauthorized or invalid client application credentials +|500 - Bad response from authorization server, or WSDL SOAP Fault error +|=== + +== Summary + +The Client ID Enforcement policy restricts access to a protected resource by allowing requests only from registered client applications. The policy ensures that the client credentials sent on each request have been approved to consume the API. + +When a client application is registered in Anypoint Platform, a pair of credentials consisting of a client ID and client secret is generated. When the client application requests access to an API, a contract is created between the application and that API. An API that is protected with a Client ID Enforcement policy is accessible only to applications that have an approved contract. + +When you apply a Client ID Enforcement policy, access to your API is tracked by reporting the client ID along with the analytics events. + +Default policies that internally enforce client application credentials include: + +* xref:policies-included-rate-limiting-sla.adoc[] +* xref:policies-included-openid-token-enforcement.adoc[] +* xref:policies-included-jwt-validation.adoc[] + +Although token enforcement policies can optionally skip client validation, it is recommended that you enforce the validation to ensure that the token is associated to an approved contract. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +Client ID Enforcement policy isn't supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a"] +|=== +| Parameter | Description | Required +|Credentials origin +| Specifies from where in the request to extract the values: + +* HTTP Basic Authentication Header: Requires credentials as part of the authorization header. The application consuming the API must use the basic authentication scheme to send the credentials in the requests. +* Custom Expression: Accepts a DataWeave 2.0 expression each for client ID and client secret, indicating where to extract the credentials from the request. Use this option to send the credentials in a custom header or any other format. You can leave the field blank to configure the client secret requirement as optional. +| Must choose from one of the options. +| Client ID Expression +| The DataWeave 2.0 expression to use for obtaining the client ID from API requests. +| Yes. +| Client Secret Expression +| The DataWeave 2.0 expression to use for obtaining the client secret from API requests. +| No. +|=== + +== How This Policy Works + +Before a client application is allowed to consume an API protected by a Client ID Enforcement policy, the client application must request access to the API. After an approved contract exists between the client application and the API, every request must include the client application credentials in compliance with how the policy is configured. + +For example, if the policy is configured to expect a client ID and client secret as query parameters, the application must send those credentials in the request. To enforce this, add a `client-id-required` RAML trait to the API specification: + +---- +traits: + client-id-required: + queryParameters: + client_id: + type: string + client_secret: + type: string +---- + +Apply the trait to the resources or methods using the `is` RAML attribute: + +---- +/example: + get: + is: [client-id-required] + description: Example description +---- + +== Configuring How the Policy Obtains Credentials + +//You can configure the Client ID Enforcement policy to obtain the client credentials in one of two different ways: by using an HTTP basic authentication header or by using a custom expression. + +You can configure the policy to extract either both the client ID and client secret, or only the client ID from the HTTP request by using a variety of custom DataWeave 2.0 expressions. The following examples use a client ID of '1234' and a client secret of 'abcd'. + + +=== Obtaining Credentials Using HTTP Headers + +Example request using curl: +[source,text] +---- +curl "http://localhost/myResource" -H "client_id:1234" -H "client_secret:abcd" +---- + +Example DataWeave 2.0 expression to be used when configuring the policy: +[source,text] +---- +#[attributes.headers['client_id']] +#[attributes.headers['client_secret']] +---- + +In this example, the policy is configured to expect two headers: client_id and client_secret, with the pair of credentials. The policy is flexible to allow other types of headers also. This is the default configuration for the policy. + +=== Obtaining Credentials Using HTTP Query Parameters + +Example request using curl: +[source,text] +---- +curl "http://localhost/myResource?client_id=1234&client_secret=abcd" +---- + +Example DataWeave 2.0 expression to be used when configuring the policy: +[source,text] +---- +#[attributes.queryParams.'client_id'] +#[attributes.queryParams.'client_secret'] +---- + +In this example, the requester must send the two specified query parameters with the request. Although this is a supported configuration, it poses possible security risks. The recommended method is to use headers. A xref:policies-flex-dataweave-support.adoc[subset] of DataWeave 2.0 is supported. + +=== Obtaining Credentials Using HTTP Request Payload + +Example request using curl: +[source,text] +---- +curl "http://localhost/myResource" -d '{"client_id":"1234", "client_secret":"abcd"}' -X POST +---- + +Example DataWeave 2.0 expression to be used when configuring the policy: +[source,text] +---- +#[payload.client_id] +#[payload.client_secret] +---- + +Although you can configure the policy to obtain the credentials from the request payload, this option is not recommended because it is harder to reflect in the API specification. + +=== Obtaining Credentials Using Basic Authorization header + +Example request using curl: +[source,text] +---- +curl "http://localhost/myResource" -u 1234:abcd +---- + +== Configuring API Specifications + +The Client ID Enforcement policy requires changes in your API specification to implement the credentials requirement. +You can find the RAML or OAS snippet link containing the RAML or OAS code you need to add to the API specification in the corresponding policy. You can access this code from the list of applied policies in the Policies tab of your API specification in API Manager. +//future enhancement: how to update API spec once a policy is applied. + +== Policy Output + +When an HTTP request is performed against a protected resource for which the Client ID Enforcement policy is applied, and the client application credentials are invalid or unauthorized, the HTTP response includes a WWW Authenticate header with the following values: + +[width="100%", cols="2,70"] +|=== +>s| Custom mode | Header 'WWW-Authenticate'='Client-ID-Enforcement' +>s| Basic Auth mode | Header 'WWW-Authenticate'='Basic realm="mule-realm" +|=== + +For SOAP applications, the response is a SOAP error. + + +== See Also + +* xref:api-manager::manage-client-apps-latest-task.adoc[Managing API Instance Contracts on API Manager] +* xref:api-manager::access-client-app-id-task.adoc[Getting Client ID and Client Secret of a Registered Client App] +* xref:api-manager::defining-sla-tiers.adoc[Reviewing SLA Tiers Concepts] diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-cors.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-cors.adoc new file mode 100644 index 000000000..57c82d78e --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-cors.adoc @@ -0,0 +1,313 @@ += Cross-Origin Resource Sharing (CORS) Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: cross origin resource sharing, cors, api gateway, flex gateway, gateway, policy +:page-aliases: api-manager::cors-policy.adoc, api-manager::avoid-restrictions-task.adoc, api-manager::cors-mule4.adoc, api-manager::cors-reference.adoc, policies::policies-included-cors.adoc + +[%autowidth.spread,cols="a,a"] +|=== +>s| Policy name | Cross-Origin Resource Sharing (CORS) +>s| Summary | Enables access to resources residing in external domains +>s| Category | Compliance +>s| First Omni Gateway version available | v1.0.0 +.1+>.^s| Returned Status Codes +| No return codes exist for this policy +|=== + +== Summary + +CORS is a mechanism by which a web application can access resources that are defined in another domain. Browsers implement this standard by default. The CORS policy complies with the https://fetch.spec.whatwg.org/[CORS W3C recommendation^] standards. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: cors-flex + config: + originGroups: // OPTIONAL, default: [] + - origins: + accessControlMaxAge: + allowedMethods: + methodName: + - isAllowed: + headers: // OPTIONAL, default: [] + exposedHeaders: // OPTIONAL, default: [] + publicResource: // OPTIONAL, default: true + supportCredentials: // OPTIONAL, default: false +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `originGroups` +| Optional +| Empty array +| List containing groups of origins + +| `originGroups.origins` +| Optional +| Empty array +| List of origins to be included in the group. For example, `\http://www.the-origin-of-time.com` + +| `originGroups.origins.accessControlMaxAge` +| Optional +| 30 +| Duration in seconds that a preflight response can be cached without sending another preflight request + +| `originGroups.origins.allowedMethods` +| Optional +| CONNECT, DELETE, GET, OPTIONS, PATCH, POST, PUT, TRACE +| Allowed HTTP methods + +| `originGroups.origins.allowedMethods.methodName` +| Required +| N/A +| Method name + +| `originGroups.origins.allowedMethods.methodName.isAllowed` +| Required +| N/A +| A boolean indicating if a method is allowed + +| `originGroups.origins.headers` +| Optional +| Empty array +| HTTP headers used for preflight requests + +| `originGroups.origins.exposedHeaders` +| Optional +| Empty array +| Headers that browser JavaScript is allowed to access + +| `publicResource` +| Optional +| `true` +| A boolean indicating if the CORS configuration is to be applied as a public resource + +| `supportCredentials` +| Optional +| `false` +| A boolean indicating if the policy supports credentials, such as cookies, authorization headers, and TLS client certificates + +|=== + +==== Resource Configuration Example + +---- +- policyRef: + name: cors-flex + config: + publicResource: false + supportCredentials: true + originGroups: + - origins: + - http://www.the-origin-of-time.com + accessControlMaxAge: 30 + allowedMethods: + - isAllowed: true + methodName: POST + - isAllowed: true + methodName: PUT + - isAllowed: true + methodName: GET + - isAllowed: false + methodName: CONNECT + - isAllowed: false + methodName: DELETE + - isAllowed: false + methodName: OPTIONS + - isAllowed: false + methodName: PATCH + - isAllowed: false + methodName: TRACE + headers: + - x-allow-origin + - x-yet-another-valid-header + exposedHeaders: + - x-forwarded-for +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a"] + +|=== +| Element | Description | Required? +| Public resource | Whether the CORS configuration is to be applied as a public resource (default) | Yes +| Default group | Whether the CORS configuration is to be applied only to specific resources (requires unselecting *Public resource*) | No +| Support credentials | Whether the policy supports credentials, such as cookies, authorization headers, and TLS client certificates | No +|=== + +// == Configuration of CORS for non-API Gateway Mule Environments +// +// If your Mule runtime engine (Mule) is not enabled with API gateway capabilities and you need to implement the CORS functionality, you can use the CORS Interceptor. The CORS Interceptor is an element in the HTTP Listener configuration made available in Mule 4.0. +// +// The CORS configuration differs based on whether you leverage the CORS policy capabilities as a public resource or as a selected group of origins. +// +// For the Selected Group of Origins structure, the following example shows the elements that might be configured: +// +// [source, XML,linenums] +// ---- +// +// +// (collection of origins) +// +// +// +// ... +// +// +// +// +// ... +// +// +// +// +// ... +// +// +// +// +// +// +// ---- +// +// For the Public Resource structure, the following example shows the elements that might be configured: +// +// [source, XML,linenums] +// ---- +// +// +// +// +// +// +// +// ---- + +== Why CORS + +CORS enables you to achieve web page security and web integrity in your environment. To know why you might need to apply the CORS policy to your backend, you must first understand _origins_, _cookies_, and how they can be manipulated to violate web page integrity. + +[[origins]] +=== Introduction to the Web Origin Concept + +Origin is a header that specifies the request that initiated the fetch. The origin header includes only the server name (no path information). At a very basic level, an origin consists of: + +* URI scheme: `http://` +* Host name: `www.example.com` +* Port number: `8080` + +For requests between any two <> to be approved, the origins must be equal. Origins are considered equal only if all these three parameters match. For more information, see https://tools.ietf.org/html/rfc6454[RFC 6454 - The Web Origin Concept^]. + +=== HTTP Cookies + +Websites use HTTP cookies to retain stateful information. Most commonly, web servers use authentication cookies to know whether a user is logged in, and to know which account users are logged in to. For more information, see https://www.ietf.org/rfc/rfc6265.txt[RFC 6265^]. + +SOP (same-origin policy) deters malicious attackers from exploiting cookies when one web page invokes another. For example, you might log in to your bank's web page using a cookie that an attacker might be able to obtain and exploit to query the bank’s API on your behalf. + +[[origin]] +With the SOP, scripts can access data from a target web page only if it has the same origin as the caller web page. For more information about origins, see https://en.wikipedia.org/wiki/Same-origin_policy#Origin_determination_rules[Wikipedia^]. + +// The following example illustrates the origin of the web page, `\http://www.example.com:8080`: + +// image:cors-policy-sop-example.png["A table of URLs and whether they match based on the scheme, host, and port",95%,85%] + +Because the SOP is highly restrictive, access from one suborigin to another or to external hyperlinks do not work on web pages. For example, if an origin `www.testapply.com` has two suborigins, `www.eng.testapply.com` and `www.docs.testapply.com`, communication between the two suborigins is denied. Additionally, any hyperlinks to external websites from any of the suborigins is also denied. + +To circumvent this problem, web browsers implemented the CORS standard, which validates the web server and accepts the request if the validation is successful. + +For example, if your bank implements the CORS server-side protocol on its login server, you can query data only directly from the bank's web page. Any attempt to query the login API from an external (non-bank) domain is denied. + +== How CORS Works + +When your web pages request data, the browser detects whether the request is from within same origin and determines whether to apply the CORS algorithm. If you query data from a web page that is not in your origin, then the CORS policy is applied. + +The CORS algorithm works on the web server and on the client-side for the web page that requested the information. The client-side algorithm in the CORS policy is implemented by: + +* Determining whether the request is complex (and potentially dangerous) and sending a preliminary _preflight_ request to verify whether the server accepts the origin. +* Executing the actual request and validating that the server responds correctly and accepts the origin. + +A _preflight_ is a preliminary request (using OPTIONS as the HTTP method) from the web browser to the backend server to test the identity (origin and a few other headers) of the web page that is trying to perform the request. + +If the backend does not accept the origin, the backend server responds to the request without a specific header (Access-Control-Allow-Origin). The client then understands that the page’s origin is not allowed in that server and does not execute the actual request. + +The following diagram shows the XMLHttpRequest (XHR) in a JavaScript flow for determining whether to execute the actual request: + +image::cors-policy-xhr-diagram.png["A flowchart illustrating the process of standard latency and added latency for Javascript cross-domain XHR calls"] + +As illustrated in the diagram, the request is validated based on the communication between the browser and the server: + +* If the request is considered to be complex (see the previous client-side diagram for XHR), then a preflight request is executed. ++ +If the server does not return the proper CORS response headers for the preflight, the client library (XHR in the previous example) is not allowed to perform the actual request. +* If the preflight response is correct and complete, then the client library executes the actual request, which includes certain CORS headers. ++ +The client library then validates the CORS headers of the response. If some of the required headers are missing, then again the client library is obliged to block the response from reaching the client, which is usually a web page. + +== CORS Components + +You can configure various components of the CORS policy, such as request headers, response headers, public resources and groups, ordering, and wildcards. + +=== CORS Request Headers + +* Origin: The origin making the cross origin request. ++ +* Access-Control-Request-Method: The method that is invoked in the actual request. ++ +This header is sent in the preflight request. +* Access-Control-Request-Headers: Custom headers that are sent in the actual request. ++ +This header is sent in the preflight request. For the GET or HEAD methods, the standard defines a specific list of headers that are considered simple enough to not require a preflight. For custom headers, a preflight is executed for GET and HEAD requests (see the previous XHR example to validate the path in which the client does not have to perform a preflight). + +=== CORS Response Headers + +The headers included in a response depend on whether the request is a preflight or an actual request: + +* `Access-Control-Allow-Origin`: Obligatory in every response. ++ +If this header is not present in the response, the browser or client library blocks the response from reaching the web page. The wildcard “*” can be used to represent any origin. +* `Access-Control-Allow-Methods`: Allowed methods that can be executed. ++ +This header is returned in the OPTIONS request (preflight). The server might respond with a list of allowed methods, delegating the validation task to the client. + +* `Access-Control-Allow-Headers`: Allowed headers in the actual request. ++ +This header works in a manner similar to how Access-Control-Allow-Methods works . +* `Access-Control-Allow-Credentials`: Notifies the client whether the actual request can be made with a cookie. ++ +The `Access-Control-Allow-Credentials` returns a Boolean value. +* `Access-Control-Expose-Headers`: Provides the browser or client library with a list of headers that can be accessed by the web page that executed the request. ++ +The HTTP library performing the CORS request exposes only the headers to the web page, providing further privacy and security. +* `Access-Control-Max-Age`: Specifies the duration (in seconds) in which the browser can avoid performing a second preflight on a request. + +=== Public Resources and Groups + +If you need to bypass the browser SOP, Mulesoft provides you an option to configure a public resource that enables the API gateway policy to mirror the preflight data in the response. This ensures that the actual request is correctly updated with all the CORS headers so that the browser accepts the response. + +If the public resource option is not secure enough for your environment, define multiple groups for the different origins that query your API. Each group applies to a list of origins and can specify different methods, headers, preflight caching time, and expose headers. + +=== Ordering + +The CORS policy is always applied first by the API gateway, before any other policies can be applied. If a protected request using OPTIONS is sent to an application that has the CORS policy applied, the request does not reach the protected resource. According to the https://fetch.spec.whatwg.org/#resource-preflight-requests[CORS specification^], all OPTIONS requests are considered preflight. + +=== Configuration Wildcards + +Wildcards (`*`) are accepted in the Origins and Headers sections of a group configuration. Use wildcards when you need a public resource, but must restrict the accepted HTTP methods. + +If you have configured multiple groups and one of the groups uses a wildcard origin, the non-wildcard settings override the wildcard configurations. + +== FAQs + +*The CORS policy does not seem to be applied.* + +If you use tools such as curl or Postman to test the CORS policy for a complex request, the CORS request headers are not added and the preflight does not occur. + +If no CORS headers are sent or improper headers are used in the request, the API gateway CORS policy does not add any CORS response headers, giving the impression that the policy is not applied. Ensure that you use the libraries that implement the CORS protocol specific to your environment, or review the specification to ensure that you are configuring the correct headers. diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-dataweave-body-transformation.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-dataweave-body-transformation.adoc new file mode 100644 index 000000000..a15608e25 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-dataweave-body-transformation.adoc @@ -0,0 +1,91 @@ += DataWeave Body Transformation Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: dataweave, body transformation, transformation, api gateway, flex gateway, gateway, policy + + +[width="100%", cols="5,15"] +|=== +>s| Policy name | DataWeave Body Transformation +>s|Summary | Transforms the body of request or response traffic with a DataWeave script +>s|Category | Transformation +>s| First Omni Gateway version available | v1.12.0 +.1+>.^s| Returned Status Codes +| `400` - The DataWeave script failed to execute or returned an invalid result +|=== + +== Summary + +The DataWeave Body Transformation policy transforms request or response body content with a DataWeave script. The script receives `attributes.headers` and `payload`. The gateway streams body processing. If the script declares an output MIME type, such as `output application/json`, the gateway uses it for the transformed response. Otherwise, the gateway keeps the original `Content-Type`. In the request or response, the gateway processes the body in streaming mode and updates `Content-Type` and `Content-Length` after transformation. + +== Configure Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: dataweave-body-transformation-flex + config: + script: // REQUIRED - DataWeave script + requestFlow: // REQUIRED - "onRequest" or "onResponse" +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required | Default Value | Description + +| `script` +| Required +| — +| A DataWeave script that transforms the body. The script receives `attributes.headers` and `payload`. Declare the output MIME type in the script when needed, such as `output application/json`. + +| `requestFlow` +| Required +| — +| Whether the policy transforms the request or response body. Supported values: `onRequest` or `onResponse`. +|=== + +=== Resource Configuration Example + +This example transforms the request payload to a new structure that includes the value from the custom header `custom-client-header` and fields from the payload: + +---- + policies: + - policyRef: + name: dataweave-body-transformation-flex + config: + script: | + { + "id": attributes.headers.'custom-client-header', + "username": payload.name ++ payload.surname + } +---- + +To transform the response body and set a custom output format such as XML, declare the output and use `requestFlow: onResponse`: + +---- + policies: + - policyRef: + name: dataweave-body-transformation-flex + config: + script: | + output application/xml + --- + { + "trace": payload.headers.'X-Amzn-Trace-Id', + "custom-data": "custom-value" + } + requestFlow: onResponse +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +| Parameter | Description +| Policy type | DataWeave Body Transformation +| Script | The DataWeave script that transforms the body +| Request flow | Whether the policy transforms the request or response body +|=== diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-dataweave-headers-transformation.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-dataweave-headers-transformation.adoc new file mode 100644 index 000000000..4a9898060 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-dataweave-headers-transformation.adoc @@ -0,0 +1,101 @@ += DataWeave Headers Transformation Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: dataweave, headers transformation, transformation, api gateway, flex gateway, gateway, policy + + +[width="100%", cols="5,15"] +|=== +>s| Policy name | DataWeave Headers Transformation +>s|Summary | Transforms headers of request or response traffic with a DataWeave script +>s|Category | Transformation +>s| First Omni Gateway version available | v1.12.0 +.1+>.^s| Returned Status Codes +| `400` - The DataWeave script failed to execute or returned an invalid result +|=== + +== Summary + +The DataWeave Headers Transformation policy transforms request or response headers with a DataWeave script. The script receives headers and the message body, and returns a map of header names to values. In the request or response, the gateway removes existing headers and runs the script with header bindings. The script output must be a map. Each entry becomes a header. For multi-value headers, use a list of values. + +== Configure Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: dataweave-headers-transformation-flex + config: + script: // REQUIRED - DataWeave script + requestFlow: // REQUIRED - "onRequest" or "onResponse" + requiresPayload: // OPTIONAL, default: false +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required | Default Value | Description + +| `script` +| Required +| — +| A DataWeave script that returns a map of header names to values. The script receives `attributes.headers`. If `requiresPayload` is true, the script also receives the message body in the `payload` binding. + +| `requestFlow` +| Required +| — +| Whether the policy transforms the request or response body. Supported values: `onRequest` or `onResponse`. + +| `requiresPayload` +| Optional +| false +| If true, the script receives the message body in the `payload` binding. The gateway buffers the body for the transformation. +|=== + +=== Resource Configuration Example + +This example adds custom headers with conditional logic. When the header `custom-client-header` is set to `fixed_client`, the gateway replaces it with `custom-123123231231231231`. Otherwise, the gateway uses the header value or `client-id-not-set`: + +---- + policies: + - policyRef: + name: dataweave-headers-transformation-flex + config: + script: | + { + "custom_client_secret": "fixed_secret_123123231231231231", + "custom_client_id": if (attributes.headers.'custom-client-header'?) + attributes.headers.'custom-client-header' match { + case literalMatch: "fixed_client" -> "custom-123123231231231231" + else -> attributes.headers.'custom-client-header' + } + else "client-id-not-set" + } +---- + +To append custom headers using payload data, for example to add the payload `id` to a custom header, set `requiresPayload: true` and include `payload` in the script: + +---- + policies: + - policyRef: + name: dataweave-headers-transformation-flex + config: + script: | + attributes.headers ++ { + "custom_client_id_from_payload": payload.id, + "custom_client_secret_from_payload": payload.secret + } + requiresPayload: true +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +| Parameter | Description +| Policy type | DataWeave Headers Transformation +| Script | The DataWeave script that returns a map of headers +| Request flow | The flow where the policy applies: request or response +| Requires payload | Whether the script requires the message body +|=== diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-dataweave-request-filter.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-dataweave-request-filter.adoc new file mode 100644 index 000000000..80da7642c --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-dataweave-request-filter.adoc @@ -0,0 +1,79 @@ += DataWeave Request Filter Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: dataweave, request filter, transformation, api gateway, flex gateway, gateway, policy + + +[width="100%", cols="5,15"] +|=== +>s| Policy name | DataWeave Request Filter +>s|Summary | Filters requests by using a DataWeave script +>s|Category | Transformation +>s| First Omni Gateway version available | 1.12 +.1+>.^s| Returned Status Codes +| `400` - The DataWeave script failed to execute or returned an invalid result +|=== + +== Summary + +The DataWeave Request Filter policy evaluates a DataWeave script on the request, including headers and the body, to allow or block the message. The script returns an object with a Boolean `success` value. If `success` is `false`, the script can return a `response` object with `statusCode`, `body`, and `headers`. The gateway sends that as the immediate HTTP response to the client and stops processing. If `success` is `true`, the message continues. + +Result format: + +* Success: `{ "success": true }` +* Error: `{ "success": false, "response": { "body": "...", "headers": {}, "statusCode": 400 } }` + +== Configure Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +---- +- policyRef: + name: dataweave-request-filter-flex + config: + script: // REQUIRED - DataWeave script + requiresPayload: // OPTIONAL, default: false +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required | Default Value | Description + +| `script` +| Required +| — +| A DataWeave script that returns an object with a boolean `success` field. If `success` is `false`, the optional `response` is: `{ "body": string, "headers": object, "statusCode": number }`. + +| `requiresPayload` +| Optional +| false +| If true, the script receives the message body in the `payload` binding. If true and the body is missing, the gateway returns an error. +|=== + +=== Resource Configuration Example + +---- + policies: + - policyRef: + name: dataweave-request-filter-flex + config: + script: | + %dw 2.0 + output application/java + --- + if (attributes.headers["x-api-key"] != null) { success: true } + else { success: false, response: { statusCode: 401, body: "Missing API key", headers: {} } } + requiresPayload: false +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +| Parameter | Description +| Policy type | DataWeave Request Filter +| Script | The DataWeave script that returns a success or error result +| Requires payload | Whether the script requires the message body +|=== diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-directory.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-directory.adoc new file mode 100644 index 000000000..22a97311d --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-directory.adoc @@ -0,0 +1,69 @@ += Inbound Policies Directory +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +== Inbound Policies Included in Omni Gateway + +[%header%autowidth.spread] +|=== +|Policy |Category |Summary +| xref:policies-included-a2a-agent-card.adoc[A2A Agent Card] | A2A | Rewrites the Agent Card URL to match the server instance public URL +| xref:policies-included-a2a-pii-detector.adoc[A2A PII Detector] | A2A | Detects personally identifiable information (PII) in requests sent to the agent +| xref:policies-included-a2a-prompt-decorator.adoc[A2A Prompt Decorator] | A2A | Decorates prompts with context information +| xref:policies-included-a2a-schema-validation.adoc[A2A Schema Validation] | A2A | Validates Agent requests to ensure they conform to the A2A specification +| xref:policies-included-a2a-token-rate-limit.adoc[A2A Token Based Rate Limit] | A2A | Limits API usage based on the number of GPT-4o-mini tokens consumed by the agents +| xref:policies-included-llm-token-rate-limit.adoc[LLM Token Based Rate Limit] | LLM | Limits LLM Proxy usage based on the number of tokens consumed (OpenAI-format APIs) +| xref:policies-included-agent-connection-telemetry.adoc[Agent Connection Telemetry] | A2A and MCP | Tracks the number of requests made to agent or MCP server instances +| xref:policies-included-basic-auth-ldap.adoc[Basic Authentication: LDAP] | Security | Allows access based on the basic authorization mechanism, with user-password defined on LDAP +| xref:policies-included-basic-auth-simple.adoc[Basic Authentication: Simple] | Security | Allows access based on the basic authorization mechanism, with a single user-password +| xref:policies-included-client-id-enforcement.adoc[Client ID Enforcement] | Compliance | Allows access only to authorized client applications +| xref:policies-included-cors.adoc[Cross-Origin Resource Sharing (CORS)] | Compliance | Enables access to resources residing in external domains +| xref:policies-included-dataweave-body-transformation.adoc[DataWeave Body Transformation] | Transformation | Transforms request or response body content with a DataWeave script +| xref:policies-included-dataweave-headers-transformation.adoc[DataWeave Headers Transformation] | Transformation | Transforms request or response headers with a DataWeave script +| xref:policies-included-dataweave-request-filter.adoc[DataWeave Request Filter] | Transformation | Filters requests by using a DataWeave script +| xref:policies-included-external-authorization.adoc[External Authorization] | Security | Authenticates requests with an external gRPC or HTTP authorization service +| xref:policies-included-external-processing.adoc[External Processing] | Transformation | Sends the incoming HTTP requests or outgoing HTTP responses to an external gRPC service for additional processing +| xref:policies-included-graphql-introspection-control.adoc[GraphQL Introspection Control] | GraphQL | Blocks or allows requests that access the `__schema`, `__type`, and `__typename` GraphQL meta fields +| xref:policies-included-graphql-operation-limits.adoc[GraphQL Operation Limits] | GraphQL | Limits GraphQL operation depth, aliases, root fields, and directives +| xref:policies-included-graphql-schema-validation.adoc[GraphQL Schema Validation] | GraphQL | Validates incoming GraphQL operations against a GraphQL schema definition +| xref:policies-included-graphql-static-query-complexity.adoc[GraphQL Static Query Complexity] | GraphQL | Calculates query complexity and blocks requests that exceed the defined budget +| xref:policies-included-header-injection.adoc[Header Injection] | Transformation | Adds headers to a request or a response +| xref:policies-included-header-removal.adoc[Header Removal] | Transformation | Removes headers from a request or a response +| xref:policies-included-health-check.adoc[Health Check] | Quality of Service | Monitors API upstream health at specific intervals +| xref:policies-included-http-caching.adoc[HTTP Caching] | Quality of Service | Caches HTTP responses from an API implementation +| xref:policies-included-injection-protection.adoc[Injection Protection] | Security | Scans request headers, path, query, and body to protect against SQL, XSS, and custom injection attacks in incoming requests +| xref:policies-included-ip-allowlist.adoc[IP Allowlist] | Security | Allows a list or range of specified IP addresses to request access +| xref:policies-included-ip-blocklist.adoc[IP Blocklist] | Security | Blocks a single IP address or a range of IP addresses from accessing an API endpoint +| xref:policies-included-json-threat-protection.adoc[JSON Threat Protection] | Security | Protects against malicious JSON in API requests +| xref:policies-included-jwt-validation.adoc[JWT Validation] | Security | Validates a JWT +| xref:policies-included-mcp-attribute-access-control.adoc[MCP Attribute-Based Access Control] | MCP | Controls access to tools, resources, and prompts based on user information such as Tiers, IP, Headers, or Claims +| xref:policies-included-mcp-global-access.adoc[MCP Global Access] | MCP | Restricts which MCP tools are exposed by defining Allow and Block rules +| xref:policies-included-mcp-pii-detector.adoc[MCP PII Detector] | MCP | Blocks elicitation responses containing personally identifiable information (PII) from reaching MCP servers +| xref:policies-included-mcp-schema-validation.adoc[MCP Schema Validation] | MCP | Validates MCP requests to ensure they conform to the MCP specification +| xref:policies-included-mcp-support.adoc[MCP Support] | MCP | Adds MCP support to an Omni Gateway MCP server instance. This policy is required for your MCP server instance to function properly. +| xref:policies-included-mcp-tool-mapping.adoc[MCP Tool Mapping] | MCP | Renames MCP tool names in requests and responses to provide flexible tool naming +| xref:policies-included-message-logging.adoc[Message Logging] | Troubleshooting | Logs custom messages using information from incoming requests, responses from the backend, or information from other policies applied to the same API endpoint +| xref:policies-included-oauth-token-introspection.adoc[OAuth 2.0 Token Introspection] | Security | Allows access only to authorized client applications +| xref:policies-included-openid-token-enforcement.adoc[OpenID Connect OAuth 2.0 Access Token Enforcement] | Security | Allows access only to authorized client applications +| xref:policies-included-rate-limiting.adoc[Rate Limiting] | Quality of Service | Monitors access to an API by defining the maximum number of requests processed within a period of time +| xref:policies-included-rate-limiting-sla.adoc[Rate Limiting: SLA-based] | Quality of Service | Monitors access to an API by defining the maximum number of requests processed within a timespan, based on SLAs +| xref:policies-included-regex-prompt-guard.adoc[Regex Prompt Guard] | LLM | Blocks LLM requests that match deny-list regex patterns +| xref:policies-included-response-timeout.adoc[Response Idle Timeout] | Quality of Service | Set a maximum duration Omni Gateway waits for a response from an upstream service +| xref:policies-included-schema-validation.adoc[Schema Validation] | Security | Validates incoming traffic against a supplied OAS3 schema +| xref:policies-included-soap-schema-validation.adoc[SOAP Schema Validation] | Security | Validates incoming traffic against a specified WSDL schema +| xref:policies-included-spike-control.adoc[Spike Control] | Quality of Service | Regulates API traffic +| xref:policies-included-sse-logging.adoc[SSE Logging] | SSE | Logs every SSE event while streaming +| xref:policies-included-stream-idle-timeout.adoc[Stream Idle Timeout] | Quality of Service | Set a maximum duration a stream can remain idle without receiving a request or response +| xref:policies-included-tracing.adoc[Tracing] | Troubleshooting | Configure OpenTelemetry distributed tracing for an API +| xref:policies-included-traffic-management-route.adoc[Traffic Management for Multiple Upstream Services] | Quality of Service | Manages API instance traffic to multiple upstream services from a single consumer endpoint +| xref:policies-included-traffic-management.adoc[Traffic Management for Multiple Upstream Services (Weighted)] | Quality of Service | Manages API instance traffic to multiple upstream services from a single consumer endpoint, using weighted percentages +| xref:policies-included-tls.adoc[Transport Layer Security (TLS) - Inbound] | Security | Enables authentication between a client and the API proxy +| xref:policies-included-websocket-connection-limit.adoc[WebSocket Connection Limit] | Quality of Service | Limits the number of simultaneous WebSocket connections that each API instance allows +| xref:policies-included-xml-threat-protection.adoc[XML Threat Protection] | Security | Protects against malicious XML in API requests +|=== + +== See Also + +* xref:gateway-home::index.adoc#policy-availability-by-gateway[Policy Availability by Gateway] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-external-authorization.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-external-authorization.adoc new file mode 100644 index 000000000..b2098445c --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-external-authorization.adoc @@ -0,0 +1,190 @@ += External Authorization Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: external authorization, authorization, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s|Policy name | External Authorization +>s|Summary | Authenticates requests with an external gRPC or HTTP authorization service +>s|Category | Security +>s| First Omni Gateway version available | v1.6.0 +>s| Returned Status Codes | 403 - Forbidden, invalid client application credentials +|=== + +== Summary + +The External Authorization policy forwards incoming client HTTP requests to an external gRPC or HTTP authorization service to determine if the client HTTP request is authorized to access the upstream service. If the request is authorized, Omni Gateway allows the request to pass to the upstream service. For unauthorized accesses, Omni Gateway returns a `403` forbidden request error. + +To forward request headers, such as an authorization token header, from the client HTTP request to the authorization service, configure the *Allowed Headers* parameter. Additionally, for HTTP authorization servers, use the *Headers to add* parameter to inject new headers into the authorization request. + +[IMPORTANT] +==== +Omni Gateway sends headers to the authorization service encoded in bytes. To send headers encoded in utf8, set the environment variable `FLEX_HEADER_RAW_VALUE_ENABLE=false`. +==== + +The External Authorization policy can also modify the client HTTP request and response headers with additional information returned from the authorization service. For example, if an authorized user makes a request with an access token header that corresponds to a username, the authorization service can return a `username` header for Omni Gateway to append to the client HTTP request. + +For gRPC authorization servers, if the authorization service returns headers with the authorization response, Omni Gateway either appends these headers to the client HTTP request or overwrites the header if it is present in the client request. + +For HTTP authorization servers, you can configure what headers to append, overwrite, or ignore. Policies with an HTTP server configured can also modify the client response returned from the upstream service. + +The External Authorization policy is an extension of the External Authorization filter native to Envoy. To learn more about the External Authorization filter, see https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/ext_authz_filter[External Authorization Filter^]. Not all External Authorization filter parameters are available to the External Authorization policy. To find what parameters are configurable, see <>. + +NOTE: If other policies modify the incoming HTTP request, ensure that you order the policies depending on if these modification must be present before sending the request to the authorization service. For more information about ordering policies, see xref:policies-reorder.adoc[]. + +== Configuring Policy Parameters + +To configure your policy parameters, see the following parameter references for the mode your Omni Gateway is running in: + +* <> +* <> + +include::partial$policy-title-headers.adoc[tag=configFile] + +[source,yaml] +---- +- policyRef: + name: native-ext-authz-flex + config: + uri: // REQUIRED + serverType: // REQUIRED, default "grpc" + serverApiVersion: // REQUIRED, default `v3` + serviceRequestHeadersToAdd: // OPTIONAL + - key: + value: + serviceResponseUpstreamHeaders: // OPTIONAL + serviceResponseUpstreamHeadersToAppend: // OPTIONAL + serviceResponseClientHeaders: // OPTIONAL + serviceResponseClientHeadersOnSuccess: // OPTIONAL + pathPrefix: // OPTIONAL + requestTimeout: // REQUIRED, default `5000` + includePeerCertificate: // REQUIRED, default `false` + allowedHeaders: // OPTIONAL +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +|Parameter | Required or Optional | Default Value | Description + +| `uri` +| Required +| N/A +| External authorization service URI. With a gRPC type server, define the URI by using this format: `h2://:`. + +| `serverType` +| Required +| `grpc` +| Type of external server. Supported values are `grpc` and `http`. + +| `serverApiVersion` +| Optional +| `v3` +| Transport protocol API version. Supported values are `v3` and `v2`. + +| `includePeerCertificate` +| Optional +| `false` +| If `true`, includes peer certificates in the authorization server request. Supported values are `true` and `false`. + +| `serviceRequestHeadersToAdd` +| Optional +| N/A +| Defines custom headers and their value to inject into the authorization service request. This parameter is available for `HTTP` type serves. + +| `serviceRequestHeadersToAdd.key` +| Optional +| N/A +| Name of the new header to add. + +| `serviceRequestHeadersToAdd.value` +| Optional +| N/A +| Value of the new header to add. + +| `serviceResponseUpstreamHeaders` +| Optional +| N/A +| Specifies the headers from the authorization response to add to the client request to the upstream service. Omni Gateway overwrites coexisting headers. This parameter is available for `HTTP` type serves. + +| `serviceResponseUpstreamHeadersToAppend` +| Optional +| N/A +| Specifies the headers from the authorization response to add to the client request to the upstream service. Omni Gateway appends coexisting headers. This parameter is available for `HTTP` type serves. + +| `serviceResponseClientHeaders` +| Optional +| N/A +| Specifies the headers from the authorization response to add to the client response returned from the upstream service. Omni Gateway overwrites existing headers. This parameter is available for `HTTP` type serves. + + +| `serviceResponseClientHeadersOnSuccess` +| Optional +| N/A +| Specifies the headers from the authorization response to add to the client response returned from the upstream service if the request is successfully authorized. Omni Gateway overwrites existing headers. This parameter is available for `HTTP` type serves. + +| `pathPrefix` +| Optional +| N/A +| Sets a prefix to the value of the `Path` authorization request header if present. + +| `requestTimeout` +| Optional +| `5000` +| Maximum time in milliseconds the policy waits for a response from the authentication service. + +| `allowedHeaders` +| Optional +| N/A +| Specifies the headers from the client HTTP request to propagate to authorization request. By default, requests sent to gRPC servers include all client headers. Requests sent to HTTP servers don't include any client headers. If you list allowed headers for either server type, requests include only the listed headers. + +|=== + +NOTE: Leaving a required value blank configures the parameter as the default value. No value is configured for optional values left blank. + +=== Resource Configuration Example + +In the following configuration, a gRPC authorization service receives a request that includes the peer certificates and authorization token header: + +[source,yaml] +---- +- policyRef: + name: native-ext-authz-flex + config: + uri: h2://ext-authz-grpc-service:9001 + serverType: "grpc" + includePeerCertificate: "true" + allowedHeaders: + - access-token +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +| *Parameter* | *Description* +|External authorization service URI | External authorization service URI. With a gRPC type server, define the URI as `\h2://:`. +|External authorization server type | Type of external server. +|Server API version | Transport protocol API version. +|Include peer certificates in the authorization server request | Includes peer certificates in the authorization server request. +|Path prefix | Sets a prefix to the value of the `Path` authorization request header if present. +|Request timeout | Maximum time in milliseconds the policy waits for a response from the authentication service. By default, the request timeout is 5000 milliseconds. +|Allowed headers | By default, requests sent to gRPC servers include all client headers and requests sent to HTTP servers don't include any client headers. If you list allowed headers for either server type, requests include only the listed headers. +|=== + +== How This Policy Works + +The following diagram demonstrates the order in which requests and responses flow during the External Authorization policy execution: + +image:ext-auth-policy.png["A sequence diagram that illustrates the interaction between a user, an API gateway, a database, and an API",80%,80%,align="center"] + +. The client makes an HTTP request to the API instance exposed by Omni Gateway. +. Omni Gateway forwards the request consisting of the client's request and headers to the authorization service. +. The authorization services sends the authorization response back to Omni Gateway: +** If the request isn't authorized, Omni Gateway appends any necessary headers and returns a `403` forbidden access code to the client. +** If the request is authorized, Omni Gateway appends the header data to the client request, if necessary, and allows the request to pass to the upstream service. +. Omni Gateway appends any necessary headers and returns the response as normal. + diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-external-processing.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-external-processing.adoc new file mode 100644 index 000000000..19e24f5f3 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-external-processing.adoc @@ -0,0 +1,176 @@ += External Processing Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: external processing, processing, flex gateway, gateway, policy + + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | External Processing +>s|Summary | Sends the incoming HTTP requests or outgoing HTTP responses requests to an external gRPC service for additional processing +>s|Category | Transformation +>s|First Omni Gateway version available | v1.6.0 +.1+>.^s| Returned Status Codes +| 403 - IP is rejected +|=== + +== Summary + +The External Processing policy forwards the incoming HTTP request or outgoing HTTP response to an external gRPC service to modify the headers, trailers, body, or any combination of the three. You can also configure this policy to process either the request, response, or both. + +Additionally, the external processing service can request different parts of the HTTP request or response after the initial gRPC request was sent by Omni Gateway to the external processing server. This enables you to send the minimum amount of data necessary. For example, Omni Gateway can initially send only the HTTP requests headers. Then, after some processing, the external processor can request the HTTP request body or trailers from Omni Gateway. + +The parameters you set for sending the HTTP headers, trailers, and body only configure what is initially sent. The external processing service has access to all parts of the HTTP request or response regardless of what is configured. Configure the parameters to send all of the information that the processing service needs for every incoming HTTP request or response. For example, if the processing service needs the headers for every request but only needs the body for some of the requests, depending on the information found in the header, only configure the parameters to send the headers. + +The External Processing policy is an extension of the External Processing filter native to Envoy. To learn more about the External Processing filter, see https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/ext_proc/v3/ext_proc.proto[External Processing Filter^]. Not all External Processing filter parameters are available for the External Processing policy. To find what parameters are configurable, see <>. + +NOTE: If other policies modify the HTTP request or response, ensure that you order the policies depending on if these modification should be present when the request is sent to the processing service or upstream service. For more information about ordering policies, see xref:policies-reorder.adoc[]. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +[source,yaml] +---- +- policyRef: + name: native-ext-proc-flex + config: + uri: // REQUIRED + messageTimeout: // OPTIONAL, default: 1000 + requestHeaderMode: // OPTIONAL, default: "send" + responseHeaderMode: // OPTIONAL, default: "send" + requestBodyMode: // OPTIONAL, default: "none" + responseBodyMode: // OPTIONAL, default: "none" + requestTrailerMode: // OPTIONAL, default: "skip" + responseTrailerMode: // OPTIONAL, default: "skip" + failureModeAllow: // OPTIONAL, default: false + maxMessageTimeout: // OPTIONAL, default: 0 + allowModeOverride: // OPTIONAL, default: true + +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +|Parameter | Required or Optional | Default Value | Description + +| `uri` +| Required +| NA +| External processing server URI. For gRPC type servers, define the URI as `\h2://:`. + +| `messageTimeout` +| Optional +| `1000` +| Message timeout for the processing server in milliseconds. + +| `maxMessageTimeout` +| Optional +| 0 +| Specifies the upper bound the processing server can override `messageTimeout`. + +| `failureModeAllow` +| Optional +| `false` +| When `true`, if the gRPC stream prematurely closes or can’t be opened, request processing continues without error. + +| `allowModeOverride` +| Optional +| `true` +| Enables the processing server to override the policy configuration. When `true`, the server can override the configuration of the `requestHeaderMode`, `responseHeaderMode`, `requestBodyMode`, `responseBodyMode`, `requestTrailerMode`, and `responseTrailerMode` parameters. + +| `observabilityMode` +| Optional +| `false` +| When `true`, the configured headers, body, and trailers are sent to the external processing server and Omni Gateway doesn’t wait for a response from the processing server. + +| `requestHeaderMode` +| Optional +| `send` +| Whether the HTTP requests headers are sent to the processing service. Supported values are `send` and `skip`. + +| `responseHeaderMode` +| Optional +| `send` +| Whether the HTTP response headers are sent to the processing service. Supported values are `send` and `skip`. + +| `requestBodyMode` +| Optional +| `none` +| Mode that the HTTP request body is sent in. Supported values are `none`, `streamed`, `buffered`, and `bufferedPartial`. Selecting `none` does not send the request body. + +| `responseBodyMode` +| Optional +| `none` +| Mode that the HTTP response body is sent in. Supported values are `none`, `streamed`, `buffered`, and `bufferedPartial`. Selecting `none` does not send the request body. + +| `requestTrailerMode` +| Optional +| `skip` +| Whether the HTTP requests' trailer headers are sent to the processing service. Supported values are `send` and `skip`. + +| `responseTrailerMode` +| Optional +| `skip` +| Whether the HTTP response trailer headers are sent to the processing service. Supported values are `send` and `skip`. + +|=== + +NOTE: Leaving a value blank configures the parameter with the default value. If a required parameter doesn’t have a default value, you must configure the parameter. + +==== Resource Configuration Example + +This configuration streams the request headers, trailers, and body to the external processing server. This configuration does not send any part of the response to the external processing server. + +[source,yaml] +---- +- policyRef: + name: native-ext-proc-flex + config: + uri: h2://: + messageTimeout: // OPTIONAL + responseHeaderMode: skip + requestBodyMode: streamed + responseTrailerMode: skip +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +| Parameter | Description +|External processing server URI | External processing server URI. For gRPC type servers, define the URI as `\h2://:`. +|Message timeout | Message timeout for the processing server in milliseconds. +|Max message timeout | Specifies the upper bound the processing server can override *Message timeout*. +|Failure mode allow | When `true`, if the gRPC stream prematurely closes or can’t be opened, request processing continues without error. +|Allow mode override | Enables the processing server to override the policy configuration. When `true`, the server can override the configuration of the *Request header processing mode*, *Response header processing mode*, *Request body processing mode*, *Response body processing mode*, *Request trailer processing mode*, and *Response trailer processing mode* parameters. +| Observability mode | If enabled, the configured headers, body, and trailers are sent to the external processing server and Omni Gateway doesn’t wait for a response from the processing server. +|Request header processing mode | Whether the requests headers are sent to the processing service. +|Response header processing mode | Whether the response headers are sent to the processing service. +|Request body processing mode | Mode that the request body is sent in. +|Response body processing mode | Mode that the response body is sent in. +|Request trailer processing mode | Whether the requests trailers are sent to the processing service. +|Response trailer processing mode | Whether the response trailers are sent to the processing service. +|=== + +NOTE: Leaving a value blank configures the parameter with the default value. If a required parameter doesn't have a default value, you must configure the parameter. + +== How This Policy Works + +The following diagram demonstrates the order in which requests and responses flow when the External Processing policy is applied: + +image:ext-processing-policy.png["A flowchart illustrating API interaction",80%,80%,align="center"] + +. The client makes an HTTP request to Omni Gateway. +. Omni Gateway forwards the initial parts of the client HTTP request that you configure to the external processing service. If *Observability mode* is enabled, the next step is skipped. +. Omni Gateway awaits the modified client HTTP request. If *Allow mode override* is enabled, the external processing service can request additional parts of the request. +. Omni Gateway sends the client HTTP request to the upstream API service and awaits the HTTP response. +. Omni Gateway forwards the initial parts of the HTTP response that you configure to the external processing service. If *Observability mode* is enabled, the next step is skipped. +. Omni Gateway awaits the modified HTTP response. If *Allow mode override* is enabled, the external processing service can request additional parts of the HTTP response. +. Omni Gateway returns the modified HTTP response from the external processing service to the client. + +By default, if Omni Gateway can't establish a connection to the gRPC service or if the gRPC service returns an error, the policy fails. To forward requests regardless of connection or error status, enable the *Failure mode allow* parameter. + + diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-graphql-introspection-control.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-graphql-introspection-control.adoc new file mode 100644 index 000000000..fbd3520c5 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-graphql-introspection-control.adoc @@ -0,0 +1,95 @@ += GraphQL Introspection Control Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: graphql, introspection, api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | GraphQL Introspection Control +>s| Summary | Blocks or allows requests that access the `__schema`, `__type`, and `__typename` GraphQL meta fields +>s| Category | Security +>s| First Omni Gateway version available | v1.13.0 +.1+>.^s| Returned status codes +| 403 Forbidden — The response follows the standard GraphQL error format, including a message such as `Introspection field '__schema' is not allowed`. +|=== + +== Summary + +GraphQL servers include built-in introspection fields that allow clients to discover your API's types and structure. Configure The GraphQL Introspection Control policy inspects incoming operations blocks requests that reference restricted fields. + +Use the introspection policy to block requests to a combination of these fields: + +* `__schema`, used to discover the full API schema. +* `__type`, used to look up details for a specific type by name. +* `__typename`, used to read the concrete type name of an object. + +Blocking `__typename` can affect GraphQL client libraries that rely on it for result caching. + +After Omni Gateway resolves the GraphQL query, the policy evaluates the operation text. Omni Gateway doesn't inspect the operation text for persisted queries and passes them through without introspection checks. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: graphql-introspection-control-flex + config: + blockSchema: // OPTIONAL, default: false + blockType: // OPTIONAL, default: false + blockTypename: // OPTIONAL, default: false +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +| Parameter | Required | Default Value | Description + +| `blockSchema` +| No +| `false` +| If `true`, Omni Gateway blocks queries that use the `__schema` field for full schema discovery. + +| `blockType` +| No +| `false` +| If `true`, Omni Gateway blocks queries that use the `__type` field to look up a type by name. + +| `blockTypename` +| No +| `false` +| If `true`, Omni Gateway blocks queries that use the `__typename` field to read an object's concrete type name. + +|=== + +==== Resource Configuration Example + +This example blocks schema and type introspection, but allows the use `__typename`: + +[source,yaml] +---- +- policyRef: + name: graphql-introspection-control-flex + config: + blockSchema: true + blockType: true + blockTypename: false +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +s|Field s|Description s| + +| **Block** `__schema` (`blockSchema`) +| If enabled, Omni Gateway blocks queries that use the `__schema` field for full schema discovery. + +| **Block** `__type` (`blockType`) +| If enabled, Omni Gateway blocks queries that use the `__type` field to look up a type by name. + +| **Block** `__typename` (`blockTypename`) +| If enabled, Omni Gateway blocks queries that use the `__typename` field to read an object's concrete type name. +|=== diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-graphql-operation-limits.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-graphql-operation-limits.adoc new file mode 100644 index 000000000..01a904d10 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-graphql-operation-limits.adoc @@ -0,0 +1,112 @@ += GraphQL Operation Limits Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: graphql, operation limits, api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | GraphQL Operation Limits +>s| Summary | Limits GraphQL operation depth, aliases, root fields, and directives +>s| Category | Security +>s| First Omni Gateway version available | v1.13.0 +.1+>.^s| Returned status codes +| 400 - Operations that exceed a configured limit. The response follows the standard GraphQL error format and lists each violation. For example, `Query depth of 7 exceeds the maximum allowed depth of 5` +|=== + +== Summary + +The GraphQL Operation Limits policy restricts the depth, aliases, root fields, and directives in incoming requests. If an operation exceeds a limit, Omni Gateway returns a 400 error with a JSON `errors` array detailing each violation. + +Omni Gateway evaluates limits at parse time from the document text. Because fragment spreads don't expand, metrics reflect the written document instead of a fully expanded query plan that the gateway builds at runtime. + +For persisted queries, the gateway resolves the document without inline query text. The policy bypasses these requests and allows them to pass to the upstream service. + +If the parser can't read the query, the policy logs a debug message and doesn't block the request, so upstream validation or other policies can still run. + + + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: graphql-operation-limits-flex + config: + maxDepth: // OPTIONAL, use -1 or omit to disable + maxAliases: // OPTIONAL, use -1 or omit to disable + maxRootFields: // OPTIONAL, use -1 or omit to disable + maxDirectives: // OPTIONAL, use -1 or omit to disable +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +| Parameter | Required | Description + +| `maxDepth` +| No +| Omit or set to `-1` to disable +| Maximum depth of nested fields in a single document. + +| `maxAliases` +| No +| Omit or set to `-1` to disable +| Maximum number of field aliases. + +| `maxRootFields` +| No +| Omit or set to `-1` to disable +| Maximum number of top-level fields. + +| `maxDirectives` +| No +| Omit or set to `-1` to disable +| Maximum number of directives across the document. + +|=== + +==== Resource Configuration Example + +This example caps depth and aliases while leaving root fields and directives unrestricted. + +[source,yaml] +---- +- policyRef: + name: graphql-operation-limits-flex + config: + maxDepth: 8 + maxAliases: 20 + maxRootFields: -1 + maxDirectives: -1 +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a"] +|=== +|Field |Description ||Required + +| Maximum Depth +| Deepest level of field nesting in a document. For example, `{ hero { name } }` has a depth of 2. +| No + +| Maximum Aliases +| Maximum number of field aliases in the document. +| No + +| Maximum Root Fields +| Maximum number of top-level fields that an operation can declare. +| No + +| Maximum Directives +| Maximum number of directives across the document. +| No + + +== See Also + +* xref:policies-included-directory.adoc[Inbound Policies Directory] +* xref:flex-gateway-secure-apis.adoc[Securing Omni Gateway Instances with Policies] diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-graphql-schema-validation.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-graphql-schema-validation.adoc new file mode 100644 index 000000000..2489f2b7e --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-graphql-schema-validation.adoc @@ -0,0 +1,100 @@ += GraphQL Schema Validation Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: graphql, schema validation, api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | GraphQL Schema Validation +>s| Summary | Validates incoming GraphQL operations against a GraphQL schema definition +>s| Category | Security +>s| First Omni Gateway version available | v1.13.0 +.1+>.^s| Returned status codes +| 400 - The operation doesn't satisfy the schema. When *Block request* is enabled, the JSON response includes GraphQL-style `errors` with a validation message. +|=== + +== Summary + +The GraphQL Schema Validation policy applies standard GraphQL validation rules, including field and argument correctness, fragments, directives, unions, interfaces, and other specification rules. + +The policy loads the schema in these ways: + +* If `source` is `context`, Flex Gateway automatically loads the schema file from the API asset in Anypoint Exchange. +* If `source` is `inline`, provide the schema text directly in the policy configuration. This is required for local mode or environments not connected to Exchange. + +If the document includes an `@link` to the Apollo Federation specification URL, Omni Gateway uses this schema to validate all incoming requests. + +After Omni Gateway extracts inline GraphQL operation text from the request, the policy runs validation. If Omni Gateway can't resolve normal operation text, such as persisted query flows, it skips these checks and logs a warning before it forwards the request to the upstream. + + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: graphql-schema-validation-flex + config: + source: // OPTIONAL, default: context; values: "context" or "inline" + schema: // REQUIRED when source is inline; omit when source is context + blockOperation: // OPTIONAL, default: true +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +| Parameter | Required | Default Value | Description + +| `source` +| No +| `context` +| Where Omni Gateway retrieves the schema for validation. If set to `context`, Omni Gateway automatically loads the schema file from the API asset in Anypoint Exchange. If set to `inline`, provide the schema text directly in the policy configuration. This is required for local mode or environments not connected to Exchange. + +| `schema` +| No +| NA +| The schema text used for validation. Required when `source` is set to `inline`. + +| `blockOperation` +| No +| `true` +| How Omni Gateway handles requests that fail validation. If `true`, Omni Gateway blocks the request and returns a `400` Bad Request. If `false`, Omni Gateway logs a warning and forwards the request to your backend. + +|=== + +==== Resource Configuration Example + +This example validates against a minimal inline schema: + +[source,yaml] +---- +- policyRef: + name: graphql-schema-validation-flex + config: + source: inline + blockOperation: true + schema: | + type Query { + hello: String + } +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +s|Field s|Description s|Default Value s|Required + +| Block request +| If enabled and the operation doesn't conform to the schema, Omni Gateway returns a `400` error. If disabled, Omni Gateway logs a warning and forwards the request. +| Enabled +| Yes +|=== + +== See Also + +* xref:policies-included-directory.adoc[Inbound Policies Directory] +* xref:policies-included-schema-validation.adoc[Schema Validation Policy] +* xref:flex-gateway-secure-apis.adoc[Securing Omni Gateway Instances with Policies] diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-graphql-static-query-complexity.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-graphql-static-query-complexity.adoc new file mode 100644 index 000000000..db6625865 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-graphql-static-query-complexity.adoc @@ -0,0 +1,151 @@ += GraphQL Static Query Complexity Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: graphql, query complexity, api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | GraphQL Static Query Complexity +>s| Summary | Calculates query complexity and blocks requests that exceed the defined budget +>s| Category | Security +>s| First Omni Gateway version available | v1.13.0 +.1+>.^s| Returned status codes +| 400 - Parse failures always trigger a 400 response. Complexity and list violations return this code only if *Block request* is enabled. The response includes a standard GraphQL errors object. +|=== + +== Summary + +The GraphQL Static Query Complexity policy estimates the complexity of each incoming GraphQL operation from your GraphQL schema and the operation text. If the estimate exceeds the configured budget or fails other checks enforced by the policy, Omni Gateway rejects the request or logs a warning and forwards it upstream. + +The policy loads schema in these ways: + +* If `source` is `context`, Omni Gateway automatically loads the schema file from the API asset in Anypoint Exchange. +* If `source` is `inline`, provide the schema text directly in the policy configuration. This is required for local mode or environments not connected to Exchange. + +After Omni Gateway extracts the GraphQL operation text, the policy analyzes query complexity. + +If Omni Gateway can't resolve the full operation text, as with persisted queries, it skips complexity analysis. + +If a system error occurs during analysis, even if the schema loads into memory, Omni Gateway logs a warning and forwards the request instead of blocking it. + + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: graphql-static-query-complexity-flex + config: + maximumComplexity: // REQUIRED, must be positive + source: // OPTIONAL, default: context; values: "context" or "inline" + schema: // REQUIRED when source is inline; omit when source is context + defaultFieldCost: // OPTIONAL, default: 1.0, must be >= 0 + blockOperation: // OPTIONAL, default: true + rejectUnboundedLists: // OPTIONAL, default: true + directiveName: // OPTIONAL, default: cost + valueArgument: // OPTIONAL, default: weight + multipliersArgument: // OPTIONAL, default: multipliers +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +| Parameter | Required | Default Value | Description + +| `maximumComplexity` +| Yes +| None +| The maximum complexity score allowed for a single query. Requests exceeding this value are blocked or logged as warnings. + +| `source` +| No +| `context` +| `context` automatically retrieves the schema file from the API asset in Anypoint Exchange. `inline` uses the schema text provided directly in the policy configuration. This is required for local mode or environments not connected to Exchange. + +| `schema` +| No +| NA +| The schema text used for validation. Required if `source` is `inline`. Omit for `context` + +| `defaultFieldCost` +| No +| `1.0` +| The cost applied to fields that don't have a specific complexity tag (typically @cost) in your schema file. + +| `blockOperation` +| No +| `true` +| Specifies whether Omni Gateway blocks requests that exceed the complexity limit. If `true`, Omni Gateway blocks the request and returns a `400` Bad Request error. If `false`, Omni Gateway logs a warning and forwards the request to your backend. Parse failures always trigger a `400` response, even if this setting is `false`. + +| `rejectUnboundedLists` +| No +| `true` +| If `true`, Omni Gateway blocks queries for list fields that lack a limiting argument, such as `first` or `limit`. This prevents users from requesting large datasets. + +| `directiveName` +| No +| `cost` +| The name of the complexity tag in your schema file that defines per-field costs. + +| `valueArgument` +| No +| `weight` +| The specific argument within your shema tag that defines the cost of a field. For example, in `@cost(value: 5)`, the argument is `value`. + +| `multipliersArgument` +| No +| `multipliers` +| The argument in your shcema tag that lists which field arguments multiply the cost. For example, in `@cost(multipliers: ["first"])`, the value of the `first` argument is used to multiply the field's cost. + +|=== + +==== Resource Configuration Example + +This example sets the maximum complexity at `250`, uses default costs and tag names, and provides the schema text inline: + +[source,yaml] +---- +- policyRef: + name: graphql-static-query-complexity-flex + config: + source: inline + maximumComplexity: 250 + blockOperation: true + rejectUnboundedLists: true + schema: | + directive @cost(weight: Int!, multipliers: [String!]) on FIELD_DEFINITION + + type Query { + users(limit: Int): [User!]! @cost(weight: 1, multipliers: ["limit"]) + version: String! + } + + type User { + id: ID! + name: String! + } +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +s|Field s|Description s|Default Value s|Required + +| Maximum Complexity |The maximum allowed complexity score for a query. | None | Yes +| Default Field Cost | The cost applied to fields lacking a specific complexity tag in your schema file. | `1.0` | No +| Block request | Specifies whether Omni Gateway blocks requests that exceed the complexity limit. If enabled, Omni Gateway blocks the request and returns a `400` error. If disabled, Omni Gateway logs violations as warnings. Parse failures always trigger a `400` response, regardless of this setting. | Enabled | Yes +| Reject unbounded lists | If enabled, Omni Gateway blocks queries for list fields that lack a limiting argument, such as `first` or `limit`. | Enabled | Yes +| Directive Name | The name of the complexity tag in your schema file that defines per-field costs. | `cost` | No +| Value Argument | The argument within your complexity tag that specifies the field's base cost. | `weight` | No +| Multipliers Argument | The argument within your complexity tag that identifies which query parameters multiply the cost. For example, in \@cost(weight: 1, multipliers: ["limit"])`, the multipliers argument is `multipliers`, and the `limit` value multiplies the base cost.| `multipliers` | No +|=== + +== See Also + +* xref:policies-included-directory.adoc[Inbound Policies Directory] +* xref:policies-included-graphql-schema-validation.adoc[GraphQL Schema Validation Policy] +* xref:flex-gateway-secure-apis.adoc[Securing Omni Gateway Instances with Policies] diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-header-injection.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-header-injection.adoc new file mode 100644 index 000000000..01f76931f --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-header-injection.adoc @@ -0,0 +1,128 @@ += Header Injection Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: header injection, api gateway, flex gateway, gateway, policy +:page-aliases: api-manager::header-injection-policy.adoc, general::header-inject-remove-task.adoc, policies::policies-included-header-injection.adoc + +[width="100%", cols="5,15"] +|=== +>s|Policy name | Header Injection +>s|Summary | Adds headers to a request or response. +>s|Category | Transformation +>s| First Omni Gateway version available | v1.0.0 +>s| Returned Status Codes | 500 - The configuration includes an expression that was not evaluated. +|=== + +== Summary + +The Header Injection policy adds HTTP headers to the request or response of a message. When you configure this policy for your API, you must specify an inbound and outbound map of the headers that you want to add in the message processing in the form of a key-value pair. + +image::header-inject-remove-diagram.png["A flow chart illustrating the process of setting header injection and removal policies for clients accessing an API through a proxy"] + +You can optionally include DataWeave expressions in the value or name of the header. For example, all headers matching the following configured expression are injected to the message: + +`“#[attributes.requestPath]”` + +If the injected header already exists in the message attributes, the policy creates a new header without overriding the value of the existing one. + +[NOTE] +==== +Only certain headers are restricted to support multiple values, and they will be overwritten using configured values. These headers are: `access-control-allow-origin`, `content-type`, `content-length`, `transfer-encoding`. + +To overwrite any other existing message header, remove it before adding your header. See the xref:policies-included-header-removal.adoc[Header Removal] policy. +==== + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: header-injection-flex + config: + inboundHeaders: // OPTIONAL, default: [] + - key: // REQUIRED + value: // REQUIRED + outboundHeaders: // OPTIONAL, default: [] + - key: // REQUIRED + value: // REQUIRED +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +|Parameter | Required or Optional | Default Value | Description + +| `inboundHeaders` +| Optional +| Empty array +| List of headers to be injected at the beginning of the message processing. + +| `inboundHeaders.key` +| Required +| N/A +| A string or DataWeave expression for header name + +| `inboundHeaders.value` +| Required +| N/A +| A string or DataWeave expression for header value + +| `outboundHeaders` +| Optional +| Empty array +| List of header to be injected at the end of the message processing. + +| `outboundHeaders.key` +| Required +| N/A +| A string or DataWeave expression for header name + +| `outboundHeaders.value` +| Required +| N/A +| A string or DataWeave expression for header value + +|=== + +[NOTE] +==== +`inboundHeaders` and `outboundHeaders` can not both be empty. +==== + +==== Resource Configuration Example + +In the following example, all the headers matching the configured `#[attributes.requestPath]` expression are injected into the message. + +---- +- policyRef: + name: header-injection-flex + config: + inboundHeaders: + - key: "new-inbound-header" + value: "#[attributes.requestPath]" + outboundHeaders: + - key: "new-outbound-header" + value: "#[attributes.requestPath]" +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +| *Parameter* | *Description* +|Inbound Header Map | List of headers to be injected at the beginning of the message processing. +|Inbound Header Key | String or Dataweave expression to be used as header name at the beginning of the message. +|Inbound Header Value | String or Dataweave expression to be used as header value at the beginning of the message. +|Outbound Header Map | List of headers to be injected at the end of the message processing. +|Outbound Header Key | String or Dataweave expression to be used as header name at the end of the message processing. +|Outbound Header Value | String or Dataweave expression to be used as header value at the end of the message processing. +|Method & Resource conditions |The option to add configurations to only a select few or all methods and resources of the API +|=== + +[NOTE] +==== +Header keys should be compliance with https://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2[HTTP 1.1^] standard. +==== diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-header-removal.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-header-removal.adoc new file mode 100644 index 000000000..7fe46b906 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-header-removal.adoc @@ -0,0 +1,103 @@ += Header Removal Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: header removal, api gateway, flex gateway, gateway, policy +:page-aliases: api-manager::header-removal-policy.adoc, policies::policies-included-header-removal.adoc + +[width="100%", cols="5,15"] +|=== +>s| Policy name | Header Removal +>s|Summary | Removes headers from a request or a response +>s|Category | Transformation +>s| First Omni Gateway version available | v1.0.0 +.1+>.^s| Returned Status Codes +| 500 - The configuration includes an expression that was not evaluated. +|=== + +== Summary + +The Header Removal policy removes all listed headers from a request or a response of a message when you specify an inbound and outbound map of the headers that you want to remove with a key-value pair. + +image::header-inject-remove-diagram.png["A flow chart illustrating the process of setting header injection and removal policies for clients accessing an API through a proxy"] + +You can optionally include DataWeave expressions in the value of the header. For example, all headers matching the following configured expression are injected to the message: + +`“#[attributes.requestPath]”` + +[NOTE] +The following headers may not be removed: +accept, +host, +content-type, +content-length, +date, +transfer-encoding, +connection, + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: header-removal-flex + config: + inboundHeaders: // OPTIONAL, default: [] + outboundHeaders: // OPTIONAL, default: [] +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +|Parameter | Required or Optional | Default Value | Description + +| `inboundHeaders` +| Optional +| Empty array +| Map of header names or regular expressions to be removed at the beginning of the message processing, for example, `Cache-Control, Access-Control.*` + +| `outboundHeaders` +| Optional +| Empty array +| Map of header names or regular expressions to be removed at the end of the message processing, for example, `Access-Control-Allow-Credentials` + +[NOTE] +==== +`inboundHeaders` and `outboundHeaders` can not both be empty. +==== + +|=== + +==== Resource Configuration Example + +---- +- policyRef: + name: header-removal-flex + config: + inboundHeaders: + - "Cache-Control" + - "Access-Control.*" + outboundHeaders: + - "Access-Control-Allow-Credentials" +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +| *Parameter* | *Description* +|Inbound Header Map | List of header names or regular expressions (comma separated) to be removed at the beginning of the message processing, for example, `Cache-Control, Access-Control.*` +|Outbound Header Map | List of header names or regular expressions (comma separated) to be removed at the end of the message processing, for example, `Access-Control-Allow-Credentials` +|Method & Resource conditions |The option to add configurations to only a select few or all methods and resources of the API +|=== + +== How This Policy Works + +Because every header that matches a Header Removal policy parameter is removed from the message, you must be careful about how you configure that parameter. + +For example, the following parameter configuration removes any header starting with the word `Access-Control`, such as the `Access-Control-Allow-Credentials` and `Access-Control-Allow-Origin` headers from a message. The configuration also removes the `Cache-Control` header: + +.Inbound Header +image::remove-inbound-header.png["Removed headers at the start of message processing"] diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-health-check.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-health-check.adoc new file mode 100644 index 000000000..3ce53c465 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-health-check.adoc @@ -0,0 +1,48 @@ += Health Check Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: health check, api gateway, flex gateway, gateway, policy +:page-aliases: policies::policies-included-health-check.adoc + +[width="100%", cols="5,15"] +|=== +>s|Policy name | Health Check +>s|Summary | Monitors API upstream health at specific intervals +>s|Category | Quality of Service +>s| First Omni Gateway version available | v1.4.0 +.1+>.^s| Returned Status Codes | No return codes exist for this policy. +|=== + +== Summary + +The Health Check policy enables you to monitor an API instance's connection to an upstream service and sends you an email alert if the connection status changes. The Health Check policy monitors the health of the upstream service and not the health of the API instance or Omni Gateway. + +The Health Check policy monitors your API by making GET requests to the specified upstream's base path. You must specify a base path with a GET request. Requests are made at a fixed schedule every minute with the first request. The first request occurs a minute after the policy is applied. Requests made by the Health Check policy do not count as Omni Gateway API calls for pricing purposes. + +When you configure Health Check, specify a response code for the GET request that indicates a healthy connection. For example, the status code of an active API should return 200, indicating the API can receive connections. The platform sends an email alert when the status code is not 200. Health Check only validates the response code, so what is returned to the endpoint is unimportant. + +No logging event appears for healthy responses. Omni Gateway logs only unhealthy responses. + +You can use any 1xx, 2xx, 3xx, 4xx, or 5xx response codes. However, if you expect successful connections to your endpoints, 2xx response codes are ideal. Only a number response code is accepted. + +You are required to create an alert for the Health Check policy. Applying the policy navigates you to the Create Alert page, where you must create an alert. For information about how to configure your alert, visit xref:flex-use-api-alerts.adoc[Using Omni Gateway API Alerts]. + +IMPORTANT: Applying the Health Check policy to API Instances with an outbound TLS context also applied causes the Health Check policy to return an unhealthy connection. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The Health Check policy isn't supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a"] +|=== +| Element | Description | Required? +|Upstream URL | The full URL of the API upstream you are monitoring | Yes +|Base path | The HTTP path of the GET method that is requested during health checks | Yes +|Response code | The expected status code of the GET request specified in the base path. Only a number response code is accepted. | Yes +|=== diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-http-caching.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-http-caching.adoc new file mode 100644 index 000000000..6e0e52707 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-http-caching.adoc @@ -0,0 +1,351 @@ += HTTP Caching Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: http caching, api gateway, flex gateway, gateway, policy +:page-aliases: api-manager::http-caching-policy.adoc, policies::policies-included-http-caching.adoc + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | HTTP caching +>s|Summary | Caches HTTP responses from an API implementation +>s|Category | Quality of Service +>s| First Omni Gateway version available | v1.0.0 +.1+>.^s| Returned Status Codes +| No return codes exist for this policy +|=== + +== Summary + +The HTTP Caching policy enables you to cache HTTP responses for reuse. Caching these responses speeds up the response time for user requests and reduces the load on the backend. For example, if your backend exposes an endpoint for which the responses to requests are not likely to change, you can reuse the HTTP responses and bypass the backend request processing by using the HTTP Caching policy. + +Policies applied after the HTTP Caching policy in the policy order are not applied to responses served from the cache. For example, a rate limiting policy applied after the HTTP Caching policy only limits the responses served by the upstream service but not the responses served by the cache. Apply all policies needed for the cached response before the HTTP Caching policy. + +For Self-Managed Gateways, HTTP caching requires that you <>. For Managed Gateways, Omni Replica shares the cache with each other directly. To learn more about the Managed Gateway architecture, see xref:flex-architecture-managed-dr-ha.adoc[]. + +NOTE: The HTTP Caching policy does not support MCP and A2A server instances. + +[[cpp]] +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: http-caching-flex + config: + httpCachingKey: // REQUIRED, default: "#[attributes.requestPath]" + maxCacheEntries: // REQUIRED, default: 10000 + ttl: // REQUIRED, default: 600 + useHttpCacheHeaders: // REQUIRED, default: true + invalidationHeader: // OPTIONAL, default: "" + requestExpression: // OPTIONAL, default: "#[attributes.method == 'GET' or attributes.method == 'HEAD']" + responseExpression: // OPTIONAL, default: "#[[200, 203, 204, 206, 300, 301, 404, 405, 410, 414, 501] contains attributes.statusCode]" + distributed: // REQUIRED, default: false + persistCache: // REQUIRED, default: false +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +|Parameter | Required or Optional | Default Value | Description + +| `httpCachingKey` +| Required +| `#[attributes.requestPath]` +| A DataWeave expression + +| `maxCacheEntries` +| Required +| 10000 +| Specifies the maximum number of entries that can be stored in the cache at any given time + +| `ttl` +| Required +| 600 +| Specifies the amount of time (in seconds) after which a single entry expires from the cache + +| `useHttpCacheHeaders` +| Required +| true +| Enables the use of Cache-Control header directives + +| `invalidationHeader` +| Optional +| Empty string +| A string specifying the header used to invalidate a single entry or the entire cache + +| `requestExpression` +| Optional +| `#[attributes.method == 'GET' or attributes.method == 'HEAD']` +| The DataWeave expression that is used to decide which requests are to be cached (caches the response only if the condition is true) + +| `responseExpression` +| Optional +| `#[[200, 203, 204, 206, 300, 301, 404, 405, 410, 414, 501] contains attributes.statusCode]` +| The DataWeave expression that is used to decide which responses are to be cached (caches the response only if the condition is true) + +| `distributed` +| Required +| false +| Configures the cache to be distributed among different nodes in a cluster + +| `persistCache` +| Required +| false +| Configures the cache to persist between different restarts of the replica + +|=== + +NOTE: Leaving a required value blank configures the parameter as the default value. No value is configured for optional values left blank. + +==== Resource Configuration Example + +[source,yaml] +---- +- policyRef: + name: http-caching-flex + config: + httpCachingKey: "#[attributes.requestPath]" + maxCacheEntries: 10000 + ttl: 500 + useHttpCacheHeaders: false + requestExpression: "#[attributes.method == 'GET' or attributes.method == 'HEAD']" + responseExpression: "#[[200, 203, 204, 206, 300, 301, 404, 405, 410, 414, 501] contains attributes.statusCode]" +---- + +[[configure-shared-storage-for-self-managed-gateway]] +==== Configure Shared Storage for Self-Managed Gateway + +Self-Managed Gateways require you to configure a shared storage for distributed caching. For more information about shared storage, refer to xref:flex-conn-shared-storage-config.adoc[Configuring Shared Storage for Omni Gateway in Connected Mode]. + +---- + +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: shared-storage-redis +spec: + sharedStorage: + redis: + address: redis:6379 + user: user + password: pass + DB: 1 + +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: ingress-http-caching +spec: + targetRef: + kind: ApiInstance + name: ingress-http + policyRef: + kind: Extension + name: http-caching-flex + config: + httpCachingKey: "#[attributes.method ++ attributes.requestPath]" + useHttpCacheHeaders: true + maxCacheEntries: 100 + ttl: 600 + distributed: true + persistCache: true + invalidationHeader: AGW-CACHE-CONTROL + +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="40%,45%, 15%"] +|=== +| *Parameter* | *Description* | *Required?* +| HTTP Caching Key | A DataWeave expression. +Default value: `#[attributes.requestPath]` +| Yes +| Maximum Cache Entries | Specifies the maximum number of entries that can be stored in the cache at any given time. +Default value: `10000` +| Yes +| Entry Time To Live | Specifies the amount of time (in seconds) after which a single entry expires from the cache. +Default value: `600` +| Yes +| Distributed | Configures the cache to be distributed among different nodes in a cluster. +Default value: `false` +| Yes +| Persistent Cache | Configures the cache to persist between different restarts of the Omni Gateway instance. +Default value: `false` +| Yes +| Follow HTTP Caching directives | Enables the use of Cache-Control header directives. +Default value: `true` +| Yes +| Invalidation Header | Name of the header used to invalidate a single entry or the entire cache. | No +| Conditional Request Caching Expression | The DataWeave expression that is used to decide which requests are to be cached (caches the response only if the condition is true). +Default value: `#[attributes.method == 'GET' or attributes.method == 'HEAD']` +| No +| Conditional Response Caching Expression | The DataWeave expression that is used to decide which responses are to be cached (caches the response only if the condition is true). +Default value: `#[[200, 203, 204, 206, 300, 301, 404, 405, 410, 414, 501] contains attributes.statusCode]` +| No +|=== + +== How This Policy Works + +When an HTTP request reaches an endpoint, what happens next depends on whether that request does not already exist in cache (a cache miss) or whether it does (a cache hit). + +=== Cache Miss + +. The client (user) sends a request to the API. +. The request proceeds through other policies in the policy chain before reaching the HTTP Caching policy. +. The HTTP Caching policy checks if the request is cached. If not, the cache-miss process is initiated. +. The request continues throughout the chain of other remaining policies. +. The request reaches the backend and completes all required processing. +. The backend responds and the response travels back through the policy chain. +. The response reaches the HTTP Caching policy. +. The HTTP Caching policy caches the response for later reuse if it hasn't already been cached. +. The response continues through the remaining policies in the policy chain. +. The response is returned to the client. + + +=== Cache Hit + +. The client (user) sends a request to the API. +. The request crosses other policies before reaching the HTTP Caching policy. +. The HTTP Caching policy verifies that the request is already in the cache. +. The <> is found in the cache and the stored response is returned. +. The response continues through the rest of the policy chain until it reaches the last one. +. The cached response is returned to the client. + +[[stored_entry]] +=== Stored Entries + +_Stored entries_ are the cached HTTP responses. The cache can store any serializable data or input streams of up to 1 MB. If that value is surpassed, then the reading stops and the value is not stored in such a case. + +[[key]] +=== HTTP Caching Key + +The cache works as a dictionary, where each response stored in the cache is associated with a string called _key_. For example, the expression #[attributes.headers['key']] uses the header called `key` as the entry key. You can use any DataWeave expression that returns a string, including xref:policies-flex-dataweave-support.adoc#available-predefined-variables[predefined DataWeave variables]. + +=== Cache Size and Entry Expiration + +The cache can hold a specified number of entries at any given time. You can configure this number using the `Maximum Cache Entries` property. Each stored entry is held in the cache memory for a specific period of time, after which the entry expires and must be processed again. This expiration time is called _time to live_ (TTL). + +Another condition that can trigger the expiration of an entry is when the cache reaches the maximum number of items that it can store. When this scenario occurs, the entry is removed by using the FIFO (First-In First-Out) criteria. This means that the earliest entry to reach the cache is removed, even though it hasn't reached the TTL value yet. + +=== Distributed Cache + +Each entry in the cache can be shared between different nodes in a cluster or between several workers in Runtime Manager using the `Distributed` option (see table). If this option is not enabled, then each node is assigned its own cache memory. + +=== Persistent Cache + +A persistent cache enables the stored entries in the cache to persist if the Omni Replica is restarted. + +When you upgrade a version of the instance that has the HTTP Caching policy configured to use the persistent store, the policy tries to maintain the entries stored by the previous version. However in a worst-case scenario, the entries in the cache are invalidated and the cache is re-populated when new requests arrive. This manipulation of the entries in the cache occurs automatically and is invisible to the user. + +== HTTP Caching Directives + +To obtain more control over the cache, the HTTP Caching policy interprets some of the HTTP directives from the https://tools.ietf.org/html/rfc7234[RFC-7234^] protocol by taking the following headers into account: + +* `Cache-Control` +* `Expires` +* `Date` +* `Age` + +=== Cache-Control + +The `Cache-Control` header can exist either in the request or in the response. Possible values for the header, which can be combined separated by commas, include: + + +* In requests: + +** `no-cache` + +The response is not searched for, but is directly stored in the cache. + +** `no-store` + +The response is not stored in the cache. However, if the response is already present in the cache, the policy returns the response. + +* In responses: + +** `no-store`, `no-cache`, `private` + +For each value, the response is not stored in the cache. + +* `max-age=`, `s-maxage=` + +The `` placeholder must be replaced with a valid integer that indicates the time (in seconds) for which the response can remain in the cache. If both parameters are defined, `s-maxage` takes precedence over `max-age`. + +If a global time-to-live (TTL) value is also defined for the policy, these header values override the global TTL configured in the policy if the time specified in the headers is less than the global TTL. + +=== Expires + +If present, this header specifies the date by which the entry in the cache expires. If you specify the `max-age` directive or `s-maxage` directive, this header is ignored. You must define the header value as stated in https://tools.ietf.org/html/rfc1123[RFC-1123^]. + +=== Date + +The `date` header, as defined per https://tools.ietf.org/html/rfc1123[RFC-1123^], specifies the date and time when the response is created. If not defined, the `date` header is added with the time when the request was received. This header is used in conjunction with the values defined in the `max-age` and `s-maxage` directives of the Cache-Control header. + +=== Age + +The `age` header indicates the time (in seconds) elapsed since the origin of the cached response specified in the date header. This header is calculated by the policy and added to each response that is retrieved from the cache. + +The expiration time is calculated using the `cache-control`, `date`, and `expires` headers. However, if the resulting expiration time exceeds the one imposed by the TTL value of the entry, the cache entry expires anyway. + +=== Invalidate + +The `invalidate` header, if configured in the HTTP Caching policy, invalidates the entries in the cache, thereby causing the request to be processed again. You specify the name of the header in the Invalidation Header configuration to turn on the option. The value of the header can take only one of the following options: +`invalidate` + +This option invalidates the entry whose key matches the current request. +`invalidate-all` +This option invalidates all the entries from the cache. + +For example, imagine that the following values are configured in the policy for the request: + +* `HTTP Caching Key`: "#[attributes.requestPath]" +* `Invalidation header`: "myInvalidationHeader" + +The following command invalidates the entry with key “/my/policy" from the cache: + +`curl http:///my/policy -H “myInvalidationHeader:invalidate”` + +The following request invalidates all entries from the cache: + +`curl http:///my/policy -H “myInvalidationHeader:invalidate-all”` + +== Conditional Caching + +Conditional caching enables you to configure a set of conditions that must be met before entries are stored in the cache. If none of the conditional caching parameters are configured, the cache stores the responses for every incoming request. If configured, parameters are evaluated for each request to determine whether the response of the current request must be stored. + +For conditional request expressions, only the responses for incoming requests with HTTP methods `GET` or `HEAD` are cached by default. For conditional response expressions, only status codes specified by https://tools.ietf.org/html/rfc7231#section-6.1[RFC-7231^] are cached by default. + +For more information about the default values, see <>. + +== FAQ + +*What happens when the evaluation of the key results in any error?* + +If the evaluation of the expression for a particular request results in an error, the policy does not take effect and the request continues to the next receptor in the policy chain. + + +*Can I store only part of the response with this policy?* + +No, but you can apply a policy before this one and transform the response to something else. + +*What happens if one parameter is configured to search for the response in the cache and the other parameter is configured for the opposite action?* + +This is the same as configuring the response to be stored in the cache when there is a no-store directive in the Cache-Control header. + +In this situation, the response isn't stored. You must configure both the Cache-Control header and the cache to be able to store and search for the response in the cache. + + +*What happens if I do not define some of the optional parameters?* + +If you have not configured the `invalidation` header, you cannot invalidate the cache in a request. +Additionally, if you have not configured the request expression or response expression, the cache is used for all requests and all the responses are stored in the cache (expression #[true]). + +*Can I modify the Invalidation header values?* + +No, you can modify only the header name. diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-injection-protection.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-injection-protection.adoc new file mode 100644 index 000000000..8ebe8e7ac --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-injection-protection.adoc @@ -0,0 +1,112 @@ += Injection Protection Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: sql injection, xss, injection protection, api gateway, flex gateway, gateway, policy + +[width="100%", cols="1,3"] +|=== +>s|Policy Name| Injection Protection +>s|Summary| Scans incoming requests to protect against SQL, XSS, and custom injection attacks +>s|Category| Security +>s|First Omni Gateway version available |v1.12.0 +>s|Returned Status Codes|`400` - Bad Request +|=== + +== Summary + +The Injection Protection policy scans incoming request headers, path, query string, and body for SQL injection, XSS (Cross-Site Scripting), and custom injection attacks. The policy provides built-in protections againt SQL and XSS attacks. Configure custom protections by defining regex patterns that the policy should scan for. + +The policy checks the request against the enabled built-in and custom rules. Depending on wether *Reject Requests* is enabled, the policy either: + +* Rejects the request and returns `400` (Bad Request) with the added response header `x-injection-protection: blocked`. +* Allows the request to reach the backend service and logs a policy violation. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: injection-protection-flex + config: + builtInProtections: ["sql", "xss"] // REQUIRED: include "sql", "xss", or both + customProtections: [] // OPTIONAL: list of { name: , regex: } + protectPathAndQuery: // REQUIRED + protectHeaders: // REQUIRED + protectBody: // REQUIRED + headersToProtect: // OPTIONAL, default: "" (empty = all headers) + rejectRequests: // REQUIRED: true = reject with 400, false = allow and log +---- + + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required | Default Value | Description + +| `builtInProtections` +| Yes (at least one protection required) +| — +| The built-in protection types to enable. Valid values are `"sql"`, `"xss"`, or both. SQL protection detects patterns such as tautologies (for example, `OR 1=1`), comment-based injection (`--`, `#`), union/select statements, and keywords such as `DROP` and `DELETE`. XSS protection detects patterns such as script and iframe tags, event handlers, and common script schemes. + +| `customProtections` +| No +| [] +| Custom protection rules for application-specific injection types. Each rule requires a `name` and a `regex` pattern. Values must be valid and not empty. + +| `protectPathAndQuery` +| Yes +| — +| If `true`, the policy checks the request path and query string. The policy applies URL decoding to the path and query before matching. + +| `protectHeaders` +| Yes +| — +| If `true`, the policy checks request headers. `headersToProtect` specifies which headers the policy checks. + +| `headersToProtect` +| No +| "" (empty) +| A case-insensitive, comma-separated list of header names to check. If the value is empty, the policy checks all headers. This parameter is ignored if `protectHeaders` is `false`. + +| `protectBody` +| Yes +| — +| If `true`, the policy checks the request body for injection patterns. + +| `rejectRequests` +| Yes +| — +| If `true`, the gateway rejects matching requests with a `400` response code and a JSON error message. If `false`, the gateway allows matching requests and logs a warning. + +|=== + +==== Resource Configuration Example + +---- +- policyRef: + name: injection-protection-flex + config: + builtInProtections: ["sql", "xss"] + customProtections: [] + protectPathAndQuery: true + protectHeaders: true + headersToProtect: "referer,user-agent" + protectBody: true + rejectRequests: true +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +|Field |Description +|Built-in Protections | The built-in SQL and XSS injection protection settings. +|Custom Protections | The rules defined with a name and regex pattern for custom injection types. +|Protect Path and Query | If enabled, the gateway checks the request path and query string. +|Protect Headers | If enadbled, the gateway checks the request headers. +|Headers to Protect | List of header names to check. Leave empty to check all headers. +|Protect Body | If enabled, the gateway checks the request body. +|Reject Requests | If enabled, the gateway rejects matching requests with a `400` response code. Otherwise, the gateway allows them to reach the upstream service and logs a policy violation. +|=== diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-ip-allowlist.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-ip-allowlist.adoc new file mode 100644 index 000000000..6638913a9 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-ip-allowlist.adoc @@ -0,0 +1,105 @@ += IP Allowlist Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: ip, allowlist, validation, api gateway, flex gateway, gateway, policy +:page-aliases: api-manager::ip-allowlist.adoc, policies::policies-included-ip-allowlist.adoc + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | IP Allowlist +>s|Summary | Allows a list or range of specified IP addresses to request access +>s|Category | Security +>s|First Omni Gateway version available | v1.0.0 +.1+>.^s| Returned Status Codes +| 403 - IP is rejected +|=== + +== Summary + +The IP Allowlist policy allows a list or a range of specified IP addresses access to a protected resource when a match is found between a source IP (specified when configuring the policy) and a list of individual IPs or range of IPs. The policy supports both IPv4 and IPv6 addresses. + +DataWeave 2.0 expressions define the source IP used by the policy to determine whether the IP belongs to the policy's restricted IP list. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: ip-allowlist-flex + config: + ips: // REQUIRED + ipExpression: // OPTIONAL, default: "#[attributes.headers['x-forwarded-for']]" +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +|Parameter | Required or Optional | Default Value | Description + +| `ips` +| Required +| N/A +| The list of IP addresses allowed access to the API. You can define one IP or IP range at a time, as many times as required. For more information, see <>. + +| `ipExpression` +| Optional +| `#[attributes.headers['x-forwarded-for']]` +| The DataWeave 2.0 expression to be used for extracting the IP address from this API request + +|=== + +==== Resource Configuration Example + +---- +- policyRef: + name: ip-allowlist-flex + config: + ips: + - "192.168.1.1" + - "192.168.3.1/30" + - "192.168.2" + - "192.160" +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +| Parameter | Description +|IP expression |The DataWeave 2.0 used for extracting the IP address from this API request. +|Allowlist |The list of IP addresses allowed access to the API. You can define one IP or IP range at a time, as many times as required. For more information, see <>. +|Method & Resource conditions |The option to add configurations either to a select few or to all methods and resources of the API. +|=== + +[[specifying_ip_address]] +== Specifying IP Addresses to Allowlist in Your Policy + +Specify IP addresses to allow access to your policy based on: + +* The IP address of the request +* The origin IP address that is determined by resolving a specific DataWeave expression, such as the https://en.wikipedia.org/wiki/X-Forwarded-For[x-Forwarded-For^] header +* Any other origin. + +=== Allowlisting Access Based on the IP address of the Request + +Allowlist access based on the IP address of the request in any of the following ways: + +* Define a specific IP address by enumerating it in the Allowlist field, for example, `192.168.1.1`. +* Define a subset of addresses by identifying a subnet mask, for example, `192.168.3.1/30`, which includes the consolidated range `192.168.3.01` through `192.168.3.3`. +* Define a whole range of IP addresses by stating the relevant octets of the IP address you want to permit, for example, setting `192.168`, which includes IP addresses from `192.168.0.0` through `192.168.255.255`. + + +=== Allowlisting Access Based on the Origin IP Address of the x-Forwarded-For Header + +If the client connects to your API through an HTTP proxy or a load balancer, you can allowlist the client's specific IP address (the IP address originating the request) instead of the address that appears in the request. + +For example, if you want to allowlist `192.168.2.3`(private IP) and the address of a client connecting through an HTTP proxy is `92.40.1.255` (public IP), the client requests appear with the public address using the proxy. + +Typically, applications use the `X-Forwarded-For` header to identify the origin IP addresses of a request that was redirected to your endpoint. + +You can use a DataWeave 2.0 expression in the policy to instruct the service to look for the IP address in the `x-Forwarded-For` header. + +When you insert the IP address in the IP expression field of the policy parameters, Anypoint Platform is instructed to look for the starting IP address in the concatenated values of the `x-Forwarded-For` header of the request. diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-ip-blocklist.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-ip-blocklist.adoc new file mode 100644 index 000000000..ed970618a --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-ip-blocklist.adoc @@ -0,0 +1,106 @@ += IP Blocklist Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: ip, blocklist, validation, api gateway, flex gateway, gateway, policy +:page-aliases: api-manager::ip-blocklist.adoc, policies::policies-included-ip-blocklist.adoc + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | IP Blocklist +>s|Summary | Blocks a single IP address or a range of IP addresses from accessing an API endpoint +>s|Category | Security +>s|First Omni Gateway version available | v1.0.0 +.1+>.^s| Returned Status Codes +| 403 - IP is rejected +|=== + +== Summary + +The IP Blocklist policy controls access to a configured API endpoint from either a single IP address or a range of IP addresses. + +The IP Blocklist policy restricts access to a protected resource when a match is found between a source IP (specified when configuring the policy) and either a list of individual IPs or a range of IPs. The policy supports both IPv4 and IPv6 addresses. + +DataWeave 2.0 expressions define the source IP to be used when the policy tries to determine whether the IP belongs to the restricted IP list defined in the policy. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: ip-blocklist-flex + config: + ips: // REQUIRED + ipExpression: // OPTIONAL, default: "#[attributes.headers['x-forwarded-for']]" +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +|Parameter | Required or Optional | Default Value | Description + +| `ips` +| Required +| N/A +| The list of IP addresses blocked from the API. You can define one IP or IP range at a time, as many times as required. For more information, see <>. + +| `ipExpression` +| Optional +| `#[attributes.headers['x-forwarded-for']]` +| The DataWeave 2.0 expression to be used for extracting the IP address from this API request + +|=== + +==== Resource Configuration Example + +---- +- policyRef: + name: ip-blocklist-flex + config: + ips: + - "192.168.1.1" + - "192.168.3.1/30" + - "192.168.2" + - "192.160" +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +| Parameter | Description +|IP expression |The DataWeave 2.0 expression used for extracting the IP address from this API request. +|Blocklist |The list of IP addresses blocked from the API. You can define one IP or IP range at a time, as many times as required. For more information, see <>. +|Method & Resource conditions |The option to add configurations either to a select few or to all methods and resources of the API. +|=== + +[[specifying_ip_address]] +== Specifying IP Addresses to Blocklist in the Policy + +Specify IP addresses to block in your policy based on: + +* The IP address of the request. +* The origin IP address that is determined by resolving a specific DataWeave expression, such as the https://en.wikipedia.org/wiki/X-Forwarded-For[x-Forwarded-For^] header. +* Any other origin. + +=== Blocklist Access Based on the IP Address of the Request + +Blocklist access based on the IP address of the request in any of the following ways: + +* Define a specific IP address by enumerating it in the white space, for example, `192.168.1.1`. +* Define a subset of addresses by identifying a subnet mask, for example, `192.168.3.1/30` includes the consolidated range `192.168.3.0` through `192.168.3.3`. +* Define a whole range of IP addresses by specifying the relevant octets of the IP address that you want to permit, for example, setting `192.168` will include IP addresses from `192.168.0.0` through `192.168.255.255`. + +=== Blocklist Access Based on the Origin IP Address of the x-Forwarded-For Header + +If the client connects to your API through an HTTP proxy or a load balancer, you can blocklist the client's specific IP address (the IP address originating the request) instead of the address that appears in the request + +For example, if you want to blocklist `192.168.2.3` and the address of a client connecting through an HTTP proxy is `92.40.1.255`, the client requests appear with the public address using the proxy. + +Typically, applications use the `X-Forwarded-For` header to identify the origin IP addresses of a request that was redirected to your endpoint. + +You can use a DataWeave 2.0 expression in the policy to instruct the service to look for the IP address in the `x-Forwarded-For` header. + +When you insert the IP address in the IP expression field of the policy parameters, Anypoint Platform is instructed to look for the starting IP address in the concatenated values of the `x-Forwarded-For` header of the request. diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-json-threat-protection.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-json-threat-protection.adoc new file mode 100644 index 000000000..bfe1aa4c7 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-json-threat-protection.adoc @@ -0,0 +1,142 @@ += JSON Threat Protection Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: json threat protection, api gateway, flex gateway, gateway, policy +:page-aliases: api-manager::apply-configure-json-threat-task.adoc, policies::policies-included-json-threat-protection.adoc + +[width="100%", cols="5,15"] +|=== +>s|Policy Name| JSON Threat Protection +>s|Summary| Protects against malicious JSON in API requests +>s|Category| Security +>s|First Omni Gateway version available | v1.4.0 +>s|Returned Status Codes| 400 - Bad Request +|=== + +== Summary + +Applications processing JSON requests are susceptible to attacks characterized by unusual inflation of elements and nesting levels. Attackers use recursive techniques to consume memory resources. Dramatic swings in the size of the application data often signal a security problem. The JSON Threat Protection policy helps protect your applications from such intrusions. + +If you find that attacks on your Anypoint Platform setup are difficult to detect, design your services architecture with layers of protection in addition to JSON Threat Protection. + +NOTE: The JSON Threat Protection policy doesn't support multi-part form requests. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: json-threat-protection-flex + config: + maxContainerDepth: // OPTIONAL + maxObjectEntryCount: // OPTIONAL + maxObjectEntryNameLength: // OPTIONAL + maxArrayElementCount: // OPTIONAL + maxStringValueLength: // OPTIONAL +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +|Parameter | Required or Optional | Default Value | Description + +| `maxContainerDepth` +| Optional +| -1 +| Specifies the maximum nested depth. JSON allows you to nest the containers (object and array) in any order to any depth. Specifying -1 indicates that the field value has no limits. + +| `maxObjectEntryCount` +| Optional +| -1 +| Specifies the maximum number of entries in an object. Specifying -1 indicates that the field value has no limits. + +| `maxObjectEntryNameLength` +| Optional +| -1 +| Specifies the maximum string length of an object's entry name. Specifying -1 indicates that the field value has no limits. + +| `maxArrayElementCount` +| Optional +| -1 +| Specifies the maximum number of elements in an array. Specifying -1 indicates that the field value has no limits. + +| `maxStringValueLength` +| Optional +| -1 +| Specifies the maximum string value length. Specifying -1 indicates that the field value has no limits. + +|=== + +==== Resource Configuration Example + +[source,yaml] +---- +- policyRef: + name: json-threat-protection-flex + config: + maxContainerDepth: 10 + maxObjectEntryCount: 10000 + maxObjectEntryNameLength: 80 + maxArrayElementCount: 10000 + maxStringValueLength: 255 +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[width="100%", cols="2,6,1,1"] +|=== +s|Field s|Description s|Default s|Required +|Maximum Container Depth|Specifies the maximum nested depth. JSON allows you to nest the containers (object and array) in any order to any depth ^|-1 ^|false +|Maximum String Value Length|Specifies the maximum length of a string value ^|-1 ^|false +|Maximum Object Entry Name Length|Specifies the maximum string length of an object's entry name ^|-1 ^|false +|Maximum Object Entry Count|Specifies the maximum number of entries in an object ^|-1 ^|false +|Maximum Array Element Count|Specifies the maximum number of elements in an array ^|-1 ^|false +|=== + +[NOTE] +==== +A value of -1 indicates that the field value has no limits. +==== + +== Payload Example + +If your payload contains the following example JSON: + +---- +{ + "Players":[ + { + "Name":"Sachin", + "Email":"sachin.tendulkar@example.com" + }, + { + "Name":"Suryakumar", + "email":"Surya@example.com" + }, + { "Name":"Bhuvi", + "email":"bhuvi@example.com" + }, + { + "Name":"Jonty", + "Email":"jonty@example.com" + } + ] +} +---- + +The policy defines the example parameter values as follows: + +[%header%autowidth.spread] +|=== +|Parameter |Value |Explanation + +|Maximum Container Depth |3 |The depth of the `Name` and `Email` entries +|Maximum String Value Length |28 |The length of `sachin.tendulkar@example.com` +|Maximum Object Entry Name Length |7 |The length of the `Players` object entry name +|Maximum Object Entry Count |2 | The number of entries in each `Players` object +|Maximum Array Element Count |4 | The number of elements in the `Players` array +|=== + diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-jwt-validation.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-jwt-validation.adoc new file mode 100644 index 000000000..945a75788 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-jwt-validation.adoc @@ -0,0 +1,326 @@ += JWT Validation Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: jwt validation, api gateway, flex gateway, gateway, policy +:page-aliases: api-manager::policy-mule4-jwt-validation.adoc, policies::policies-included-jwt-validation.adoc + +[%autowidth.spread,cols="a,a"] +|=== +>s| Policy name | JWT Validation +>s| Summary | Validates a JWT +>s| Category | Security +>s| First Omni Gateway version available | v1.0.0 +.4+>.^s| Returned Status Codes | +|400 - Token was not provided in the request. + +[%autowidth.spread,cols="a,a"] +!=== +.3+>.^! 401 ! Signature was not validated, or is invalid. ! Some of the required claims are not present or their validation failed. +! Failed to parse the token. +!=== +|=== + +== Summary + +JSON Web Token (JWT) is a URL-secure method of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS), or as a JSON web encryption (JWE) structure in plain text. This enables the claims to be digitally signed and integrity protected with a message authentication code (MAC). Because the token is signed, you can trust the information and its source. + +The JWT Validation policy validates the signature of the token and asserts the values of the claims of all incoming requests by using a JWT with JWS format. The policy does not validate JWT that uses JWE. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: jwt-validation-flex + config: +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +|Parameter | Required or Optional | Default Value | Description + +| `signingMethod` +| Optional +| `rsa` +| String containing the key signing method. Supported values: `rsa`, `hmac`, `es`, `none` + +| `signingKeyLength` +| Optional +| 256 +| Number indicating key length. Supported values are 256, 384, 512. For ES method, Omni Gateway supports 256 and 384 key lengths. + +| `textKey` +| Optional +| `your-(256\|384\|512)-bit-secret/your-public-pem-certificate` +| + +| `jwtOrigin` +| Optional +| `httpBearerAuthenticationHeader` +| + +| `jwtKeyOrigin` +| Optional +| `text` +| + +| `jwksUrl` +| Optional +| `http://your-jwks-service.example:80/base/path` +| JWKS server URLs that contain the public keys for the signature validation. Configure multiple JWKS servers with a comma-separated list of the URLs. + +| `jwksServiceTimeToLive` +| Optional +| 60 +| Amount of time, in minutes, during which the policy considers the JWKS valid. + +| `jwksServiceConnectionTimeout` +| Optional +| 10000 +| Maximum time, in milliseconds, to wait for a response from each JWKS service when authenticating the access token validation endpoint. + +| `validateAudClaim` +| Optional +| `false` +| + +| `mandatoryAudClaim` +| Optional +| `false` +| + +| `mandatoryNbfClaim` +| Optional +| `false` +| + +| `mandatoryExpClaim` +| Optional +| `false` +| + +| `supportedAudiences` +| Optional +| Empty string +| + +| `validateCustomClaim` +| Optional +| `false` +| + +| `mandatoryCustomClaims` +| Optional +| Empty array +| + +| `nonMandatoryCustomClaims` +| Optional +| Empty array +| + +| `jwtExpression` +| Optional +| `#[attributes.headers['jwt']]` +| + +| `skipClientIdValidation` +| Required +| `true` +| This parameter must be set to `true` in Local Mode. + +| `clientIdExpression` +| Optional +| `#[vars.claimSet.client_id]` +| + +|=== + +// ==== Resource Configuration Example + +// ---- +// - policyRef: +// name: jwt-validation-flex +// config: +// ---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="20,50,30"] +|=== +| Element | Description | Example +| JWT Origin | Specifies from where in the request the JWT will be extracted: +* HTTP Bearer Authentication Header +* Custom Expression + +If you set this field to `HTTP Bearer Authentication Header`, the JWT is expected as Bearer. + +If you set this field to `Custom Expression`, provide a DataWeave expression that returns the token. +| +| Token Expression | If you set the JWT Origin to `Custom Expression`, type the DataWeave expression returning the JWT here. +| `#[attributes.headers['jwt']]` + +This expression searches the JWT in the header named `jwt`. + +| JWT Signing Method +| Specify the signing method expected in the incoming JWT. The policy rejects the token if the JWT has a different signing method. +| RSA, HMAC, ES, None + +| JWT Signing Key Length +| Specify the length of the key (in the case of the HMAC algorithm) or the algorithm (in the case of RSA) used for the signing method. + +Ignore this field if you selected *none* as JWT Signing Method. +| 256, 384, 512. For ES method, Omni Gateway only supports 256 and 384 key lengths. + +| JWT Key Origin +| Specifies where to obtain the key for the Signature validation. + +You can provide the key in the policy by selecting the *Text* option or by obtaining it from a *JWKS*. + +Ignore this field if you selected *none* as JWT Signing Method. +| + +| JWT Key +| This field appears if you selected *Text* as JWT Key Origin. + +Use this field to provide the key used to check the signature of the token. + +Ignore this field if you selected *none* as JWT Signing Method. +| Enter a 32, 48, or 64 character string shared secret for HMAC, a 32 character string shared secret for ES, or the PEM Public Key without the header and footer for RSA. + +| JWKS URL +| This field appears if you selected the *JWKS* method as JWT Key Origin. + +Ignore this field if you selected *none* as JWT Signing Method. +| JWKS server URLs that contain the public keys for the signature validation. Configure multiple JWKS servers with a comma-separated list of the URLs. + +| JWKS Caching Time To Live +|Amount of time, in minutes, that the JWKS is valid. When the JWKS expires, the policy retrieves the JWKS from each JWKS server again. The default value is 60 minutes. + +Ignore this field if you selected *none* as JWT Signing Method. +| This field input is the amount of time, in minutes, during which the policy considers the JWKS valid. + +| JWKS Service connection timeout (milliseconds) +| Maximum time, in milliseconds, to wait for a response from each JWKS service when authenticating the access token validation endpoint. + +The default value is 10 seconds. +| + +| Skip Client ID Validation +| If you check this field, the policy does not verify that the client ID extracted from the JWT matches a valid client application of the API. +| + +| Client ID Expression +| If Skip Client Id Validation is not set, the client ID needs to be extracted from the token. +| By default, the value will be extracted using the expression `#[vars.claimSet.client_id]` as specified in the https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16#section-4.3[Oauth 2.0 token exchange draft^]. + +| Validate Audience Claim +| Indicates that the policy should check for the validity of the audience claim. You can set this "Mandatory" if you select *Audience Claim Mandatory*. +| + +| Validate Expiration Claim +| Indicates that the policy should check for the validity of the expiration claim. You can set this claim as "Mandatory" by selecting *Expiration Claim Mandatory*. +| + +| Validate Not Before Claim +| Indicates that the policy should check for the validity of the Not Before claim. You can set this claim as "Mandatory" by selecting *Not Before Claim Mandatory* +| + +| Validate Custom Claim +| Enables the usage of custom validations in the policy. The JWT will be valid only if all DataWeave expressions are fulfilled. +| The policy provides a _claimSet_ variable that contains all the claims present in the incoming JWT. For example: + +`foo : #[vars.claimSet.foo == 'fooValue']` + +Note that all DataWeave expressions must return a boolean value or they will always fail. +|=== + +== How This Policy Works + +The policy validates claims and signatures differently, as explained in this section. + +=== Validating Signatures + +The policy validates the signature of the JWT based on the values specified in the policy configuration. If the algorithm specified in the policy configuration does not match with the token, or if the signature of the token is invalid, all JWTs are rejected by the policy. If no algorithm is specified, the policy matches every signed and unsigned token. + +The algorithms that support signature verification are: + +* *Symmetric algorithms* - HMAC using SHA-256, SHA-384, and SHA-512. +* *Asymmetric algorithms* - ES and RSA using SHA-256, SHA-384, and SHA-512. +* *None* - No signature validation. + +For more information about the algorithms in a JWS structure, refer to the https://tools.ietf.org/html/rfc7518#section-3.1[JWA RFC standard^]. + +=== Validating Claims + +Claim validations enable you to choose the conditions under which a token received in the policy is rejected. The following registered claim validations are provided by default: + +* *aud*: The Audience validation specifies that a token must be rejected if it does not contain at least one of the values defined. +* *exp*: The Expiration validation specifies that a token must be rejected if its date is past the validation date. +* *nbf*: The Not before validation specifies that the token must be rejected if the validation time is before the time the token has. + +In addition to these _provided claims_, you can also specify other claims to use in your validations. For all claims, _Registered_ or _Custom_, you must provide the following details: + +* The name of the claim you want to validate. + +For example *iss*, for the issuer of the token. +* The value used to test. + +You can provide a simple literal value if you only need to verify it, or you can provide a DataWeave expression for more complex comparisons. + +You can define each claim validation as mandatory or non-mandatory. If a claim is defined as mandatory and is not present in the incoming JWT, the policy rejects this token. If a claim is defined as non-mandatory and is not present in the incoming JWT, the policy does not reject the token for that specific validation. + +For both cases, if a claim is present, the policy validates the token value. If the validation fails, the JWT will be rejected. + +=== Propagating Claims + +After the policy parses and validates the JWT, the claims are propagated to downstream policies and flows through the *claims* property in the authentication object. + +To access the claim values you can use the following Dataweave 2.0 expression by replacing `` with the name of the desired claim to access: + +`#[authentication.properties.claims.]` + +The JWT is also propagated downstream, and you can access it by using the following Dataweave 2.0 expression: + +`#[authentication.properties.jwt]` + +==== Propagating Client ID + +If Client ID validation is enabled, the Client ID is propagated as a claim and as a reserved authentication property. Access the property by using the following DataWeave expression: + +`#[authentication.clientId]` + +=== Retry Mechanism + +If you selected JSON Web Key Set (JWKS) as JWT Key Origin, the policy uses a retry mechanism to handle failed JWKS fetches. Every time the cached JWKS expires or is absent and a new request is triggered, a request is sent to each JWKS service. If a request fails, a sequence of asynchronous requests with an exponential backoff delay is sent to the failed JWKS service until a new JWKS is obtained and cached again. + +Until the recaching finishes, the expired JWKS is used to process the request, and a `503` error is returned if no request is found. Using an expired JWKS enables you to apply cached values in upcoming requests, even if the previous requests failed. + +== Obtain a Policy Compatible PEM Public Key + +If you have a preexisting RSA key in an unsupported format that you want to use, first covert the key to a PEM public key. The JWT policy uses public RSA key in PEM format. + +*Task Prerequisite* + +Before you convert your existing key: + +. Obtain the `public.pem` key. +. Before you paste the key to the policy configuration, remove the *-----BEGIN PUBLIC KEY-----* header and the *-----END PUBLIC KEY-----* footer. + +The following table provides instructions for how to convert your existing key based on its current format: + +[%header%autowidth.spread,cols="a,a"] +|=== +| Starting Point | Procedure +| No previous certificate | + +. Generate the private RSA key +`openssl genrsa -out key.pem 2048` + +. Extract the public key from the generated private key *key.pem* +`openssl rsa -in key.pem -outform PEM -pubout -out public.pem` + +. The public key will be in the file public.pem +| PEM Certificate +| . Extract the public key from the PEM certificate `openssl x509 -inform pem -in cert.pem -pubkey -noout > public.pem` +. The public key will be in the file public.pem + +| DER Certificate +| . Extract the public key from the DER certificate `openssl x509 -inform der -in cert.crt -pubkey -noout > public.pem` +. The public key will be in the file public.pem +| x5c field from JWKS +| . Copy the first certificate from the chain and decode it `echo \| base64 -D > cert.crt` (replace `` with the copied value) +. Extract the public key from the DER certificate `openssl x509 -inform der -in cert.crt -pubkey -noout > public.pem` +. The public key will be in the file public.pem +|=== diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-llm-token-rate-limit.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-llm-token-rate-limit.adoc new file mode 100644 index 000000000..c3450b66b --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-llm-token-rate-limit.adoc @@ -0,0 +1,66 @@ += LLM Token Based Rate Limit Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy, rate limiting, token, llm, openai + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | LLM Token Based Rate Limit +>s|Summary | Rate limits LLM Proxy usage based on token consumption +>s|Category | LLM +>s|First Omni Gateway version available | v1.11.0 +.>s| Returned Status Codes +|429 - Too Many Requests: Token limit exceeded, requests are blocked until the current window finishes +|=== + +== Summary + +The LLM Token Based Rate Limit policy enforces rate limiting on LLM Proxy requests based on the number of tokens consumed providing control over API usage based on actual token consumption reported by the upstream LLM provider. + +It counts request, response, and reasoning token (if applicable). When the token limit is exceeded, the policy blocks the call and returns a `429` status code. + +The policy supports both streaming and non-streaming responses. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The LLM Token Based Rate Limit policy isn't supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a"] +|=== +| Element | Required | Description +| Maximum Tokens | Yes | Maximum number of tokens allowed within the specified time period. Must be a positive integer of one or greater. +| Time Period (ms) | Yes | Time period in milliseconds for the rate limit window. Minimum time period is 1000 milliseconds. +| Key Selector | Yes | DataWeave expression that selects the key for rate limiting. This creates independent rate limit counters for each unique value resolved by the expression. For example: + +* `#[attributes.headers['client_id']]`: Rate limit per client ID +* `#[attributes.principal]`: Rate limit per user +|=== + + +== How This Policy Works + +The LLM Token Based Rate Limit policy monitors token consumption in the current window, allowing requests to reach the backend only if the available token quota is greater than zero. + +The policy uses a fixed-window rate limiting algorithm. The window starts after it receives the first request. When the quota is exhausted, requests are rejected with a `429` status code until the time window resets. + +The `keySelector` parameter enables you to create independent rate limit counters for different groups of requests. Each unique value resolved by the DataWeave expression has its own token quota and time window. For example, if you configure `keySelector: "#[attributes.headers['client_id']]"` with a limit of 1000 tokens per 60 seconds, each client has its own 1000-token quota in a 60-second window. + +=== Response Headers + +When a request is processed, the policy adds the following headers to the response: + +* `x-token-limit`: The maximum number of tokens allowed per window +* `x-token-remaining`: The number of tokens remaining in the current window +* `x-token-reset`: The remaining time, in milliseconds, until a new window starts + +== See Also + +* xref:flex-gateway-llm-proxy.adoc[LLM Proxy] - Overview of LLM Proxy and routing +* xref:flex-gateway-llm-proxy-token-reports.adoc[Viewing Token Usage and LLM Metrics] - Token usage reports and limiting usage +* xref:policies-included-a2a-token-rate-limit.adoc[A2A Token Based Rate Limit] - Token-based rate limiting for A2A agent traffic diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-mcp-attribute-access-control.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-mcp-attribute-access-control.adoc new file mode 100644 index 000000000..3093b40dc --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-mcp-attribute-access-control.adoc @@ -0,0 +1,102 @@ += MCP Attribute-Based Access Control Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | MCP Attribute-Based Access Control +>s|Summary | Controls access to tools, resources, and prompts based on user information such as Tiers, IP, Headers, or Claims +>s|Category | MCP +>s|First Omni Gateway version available | v1.9.3 +>s| Returned Status Codes | 400 - Invalid token +|=== + +include::partial$mcp-version-support.adoc[] + +== Summary + +The MCP Attribute-Based Access Control policy controls access to server tools, resources, and prompts based on user information such as Tiers, IP, Headers, or Claims. Use the https://docs.cedarpolicy.com/[Cedar policy language] to define access rules. + +This policy requires that another authentication policy be applied before the MCP Attribute-Based Access Control policy. For detailed guidance, see <>. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The MCP Attribute-Based Access Control policy is not supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] + +|=== +| Element | Description +| Rules | Rules to control access to tools, resources, and prompts written in the https://docs.cedarpolicy.com/[Cedar policy language]. +| Cedar Expression | Cedar expression defining the access rule. For example: `permit(principal,action == Action::"tools/call` or `resource == Tool::"calculator");`. To learn more about the Cedar bindings provided by the requests, see <>. +| Authentication Type | Type of authentication used by the authentication policy applied before this policy. +|=== + + +[[writing-cedar-rules]] +== Writing Cedar Rules + +You must apply either an included authentication policy or a custom authentication policy before the MCP Attribute-Based Access Control policy. + +=== Included Authentication Policies + +The authentication policy you apply affects the available Cedar `principal` bindings: + +* Multiple policies can validate Client ID: +** xref:policies-included-client-id-enforcement.adoc[] +** xref:policies-included-rate-limiting-sla.adoc[] +** xref:policies-included-oauth-token-introspection.adoc[] (If Client ID enforcement is configured) +** xref:policies-included-openid-token-enforcement.adoc[] (If Client ID enforcement is configured) +** xref:policies-included-jwt-validation.adoc[] (If Client ID enforcement is configured) ++ +Policies validating Client ID provide these Cedar bindings: ++ +** `principal.client_name`: Name of the contract's client application +** `principal.principal`: ID of the contract's client application +** `principal.properties.slaId`: SLA ID assigned to the contract + +* xref:policies-included-jwt-validation.adoc[]: +** `principal.properties.claims.`: All claims provided by the JWT + +* Multiple policies validate basic authentication credentials: +** xref:policies-included-basic-auth-simple.adoc[] +** xref:policies-included-basic-auth-ldap.adoc[] ++ +Policies validating basic authentication credentials provide these Cedar bindings: ++ +** `principal.principal`: Username passed as basic auth user + +=== Custom Authentication Policies + +For custom authentication policies, the custom policy must authenticate by using the `Authentication` injectable. To configure the `Authentication` injectable, see xref:pdk::policies-pdk-configure-features-authentication.adoc[]. + +For the Rust `AuthenticationData` struct: + +[source, rust] +---- +pub struct AuthenticationData { + pub principal: Option, + pub client_id: Option, + pub client_name: Option, + pub properties: Value, +} +---- + +The `AuthenticationData` parameters map to these Cedar bindings: + +* `principal`: `principal.principal` +* `client_name`: `principal.client_name` +* `properties`: `principal.properties.*` + +== See Also + +* xref:policies-mcp-access-control-together.adoc[] +* xref:policies-included-mcp-global-access.adoc[MCP Global Access] +* xref:policies-included-mcp-tool-mapping.adoc[MCP Tool Mapping] diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-mcp-global-access.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-mcp-global-access.adoc new file mode 100644 index 000000000..3cbfcf6d0 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-mcp-global-access.adoc @@ -0,0 +1,111 @@ += MCP Global Access Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy, mcp, global access + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | MCP Global Access +>s|Summary | Restricts which MCP tools are exposed by defining Allow and Block rules +>s|Category | MCP +>s|First Omni Gateway version available | v1.9.3 +>s| Returned Status Codes | 403 — Returned when a call targets a blocked tool +|=== + +include::partial$mcp-version-support.adoc[] + +== Summary + +The MCP Global Access policy controls which MCP tools are available. Use it to filter the overall list of tools that enter your network. + +You define rules to allow or block specific tools. When both Allow and Block rules exist, Block rules always take precedence. The policy applies to: + +* `tools/list` responses: The list returned to the client includes only permitted tools. +* `tools/call` requests: The gateway rejects calls to blocked tools with HTTP 403 and a JSON-RPC error stating `Access denied to: `. + +When the backend returns a `tools/list` response, the policy filters the list and sends the client only permitted tools. Filtering applies to both JSON-RPC and SSE response formats. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The MCP Global Access policy isn’t supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +| Element | Description +| Rules | Defines the access control rules. At least one rule is required. Each rule allows or blocks access to matching tools. +| Rule | Defines whether to *Allow* or *Block* access. +| Match type | Determines how to match the value. Use *literal* for an exact name match or *pattern* for a regular expression. +| Value | The tool name for literal match type, or the regex pattern for pattern match type. +|=== + +== Rule behavior + +Rule order doesn't matter. The policy evaluates all rules and applies this logic depending on the combination of rule types are applied: + +Only Allow rules:: Only tools that match at least one Allow rule are permitted. All others are blocked. +Only Block rules:: All tools are permitted except those that match a Block rule. +Both Allow and Block rules:: Only tools that match at least one Allow rule and do not match any Block rule are permitted. If a tool matches both an Allow and a Block rule, it is blocked. Tools that match no Allow rule are also blocked. + +=== Example: Allow list only + +To expose only specific tools: + +[source,yaml] +---- +rules: + - rule: Allow + match_type: literal + value: get_weather + - rule: Allow + match_type: literal + value: get_user +---- + +Only `get_weather` and `get_user` can be called. All other tools are blocked and omitted from `tools/list` responses. + +=== Example: Block List Only + +To block specific tools and allow everything else: + +[source,yaml] +---- +rules: + - rule: Block + match_type: literal + value: admin_delete + - rule: Block + match_type: literal + value: get_secret +---- + +All tools except `admin_delete` and `get_secret` are exposed. + +=== Example: Allow and Block with Pattern + +To allow a family of tools but block one of them: + +[source,yaml] +---- +rules: + - rule: Allow + match_type: pattern + value: ^get_.* + - rule: Block + match_type: literal + value: get_secret +---- + +Tools whose names match the pattern `^get_.*`, such as `get_weather` or `get_user`, are exposed. `get_secret` is explicitly blocked even though it matches the Allow pattern, because Block takes precedence. + +== See Also + +* xref:policies-mcp-access-control-together.adoc[MCP Access Control: How the Policies Work Together] +* xref:policies-included-mcp-tool-mapping.adoc[MCP Tool Mapping] +* xref:policies-included-mcp-attribute-access-control.adoc[MCP Attribute-Based Access Control] +* xref:policies-included-directory.adoc[Included Policies Directory] diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-mcp-pii-detector.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-mcp-pii-detector.adoc new file mode 100644 index 000000000..d4c4827ea --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-mcp-pii-detector.adoc @@ -0,0 +1,71 @@ += MCP Personally Identifiable Information (PII) Detector Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | MCP PII Detector Policy +>s|Summary | Blocks elicitation responses containing personally identifiable information (PII) from reaching MCP servers +>s|Category | MCP +>s|First Omni Gateway version available | v1.9.3 +>s| Returned Status Codes | No return codes exist for this policy. The policy reports a policy violation when PII is detected. +|=== + +== Summary + +The MCP PII Detector policy blocks elicitation responses containing personally identifiable information (PII) from reaching MCP servers. + +When PII is detected in the elicitation response `result` field, the policy: + +* Reports a policy violation. +* Sends a modified response to the MCP server that the request was declined and includes the message `PII data requested or found in user response`. + +The policy doesn't send a response to the client when PII is detected. + +The policy only scans JSON-RPC responses that contain a `result` field. JSON-RPC requests with a `method` field are ignored. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The MCP PII Detector policy isn't supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] + +|=== +| Element | Description +| Entities| Array that defines the types of PII to detect. You can select multiple PII types. Supported values are `Email`, `US SSN`, `Credit Card`, `Phone Number`. + + +For more information, see <>. +|=== + +[[pii-types]] +=== PII Types + +When you configure an MCP PII Detector policy, you can choose which types of PII to detect: + + + +[%header,cols='1a,5a'] +|=== +|PII Type +|Description + +|Email +|Standard email addresses such as `User.Name+tag@example.com`. + +|US SSN +|United States Social Security Numbers (SSNs) in the standard format: `XXX-XX-XXXX` where each `X` is a digit. For example, `123-45-6789`. + +|Credit Card +|Credit card numbers in the form of four groups of four digits, separated by optional spaces or hyphens. For example,`1234-5678-9012-3456`, `1234 5678 9012 3456`, or `1234567890123456`. + +|Phone Number +|United States phone numbers in various formats, with or without country code, parentheses, spaces, hyphens, or dots. For example, `123-456-7890`, `(123) 456-7890`, `123.456.7890`, `+1 123 456 7890`, or `1234567890`. +|=== + diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-mcp-schema-validation.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-mcp-schema-validation.adoc new file mode 100644 index 000000000..75e8c5afa --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-mcp-schema-validation.adoc @@ -0,0 +1,43 @@ += MCP Schema Validation Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | MCP Schema Validation +>s|Summary | Validates MCP requests to ensure they conform to the MCP specification +>s|Category | MCP +>s|First Omni Gateway version available | v1.9.3 +>s| Returned Status Codes | +|=== + +include::partial$mcp-version-support.adoc[] + +== Summary + +The MCP Schema Validation policy validates that every incoming request complies with JsonRPC MCP protocol. + +When *Validate Tool Schema* is enabled, the policy also: + +* Validates tool invocation request parameters against the JSON schema of the tool. +* Returns the tools/list MCP request without having to send the request to the upstream MCP Server. + +When the policy can't validate the request, it returns an https://modelcontextprotocol.io/specification/2025-11-25/basic#error-responses[MCP Error Response]. + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The MCP Schema Validation policy isn't supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +| Parameter| Description +| Validate Tool Schema | When enabled, the policy: + +* Validates tool invocation request parameters against the JSON schema of the tool. +* Returns the tools/list MCP request without having to send the request to the upstream MCP Server. +|=== \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-mcp-support.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-mcp-support.adoc new file mode 100644 index 000000000..1b3fd9711 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-mcp-support.adoc @@ -0,0 +1,31 @@ += MCP Support Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | MCP Support +>s|Summary | Adds MCP support to an Omni Gateway MCP server instance. This policy is required for your MCP server instance to function properly. +>s|Category | MCP +>s|First Omni Gateway version available | v1.9.3 +>s| Returned Status Codes | No return codes exist for this policy. +|=== + +include::partial$mcp-version-support.adoc[] + +== Summary + +The MCP Support Policy configures Omni Gateway to support MCP server instances. You must apply this policy to all MCP server instances for the instance to function properly. If you don't apply this policy, Omni Gateway might throw a runtime error. + +The MCP Support policy enables the *Total MCP Calls* metric that tracks the total successful and unsuccessful calls made to the MCP server. To view the total MCP calls, see xref:flex-managed-view-api-metrics.adoc[]. + +There are no configuration parameters for this policy. + +NOTE: This policy must come first in policy order. If this policy doesn't come first, Omni Gateway might throw a runtime error. + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The MCP Support policy isn't supported in Local Mode. diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-mcp-tool-mapping.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-mcp-tool-mapping.adoc new file mode 100644 index 000000000..676793b28 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-mcp-tool-mapping.adoc @@ -0,0 +1,142 @@ += MCP Tool Mapping Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy, mcp, tool mapping + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | MCP Tool Mapping +>s|Summary | Renames MCP tool names in requests and responses to provide flexible tool naming +>s|Category | MCP +>s|First Omni Gateway version available | v1.11.0 +>s| Returned Status Codes | No return codes exist for this policy. +|=== + +include::partial$mcp-version-support.adoc[] + +== Summary + +The MCP Tool Mapping policy intercepts MCP protocol traffic and applies configurable name transformations to tools. + +With this policy, you can: + +* Rename tools for readability +* Rename tools for consistency across different MCP servers +* Add prefixes or suffixes to tool names for namespacing +* Create pattern-based transformations by using regex +* Create custom descriptions for mapped tools + +The MCP Tool Mapping policy supports both outbound mapping (transforming tool names in `tools/list` responses from backend to client) and inbound mapping (reverse-transforming tool names in `tools/call` requests from client to backend). The policy automatically maintains bidirectional mapping, ensuring that tool names are correctly transformed in both directions to maintain consistency between client and backend. + +The policy works with both MCP transport types: + +* Standard JSON over HTTP: Transforms tool names in JSON-RPC messages +* Server-Sent Events (SSE): Transforms tool names in SSE streaming responses + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The MCP Tool Mapping policy isn't supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +| Element | Description +| Tool Name Mappings | Defines the tool name mappings. Each mapping specifies how to transform tool names between the client and backend. +| Source Tool Name | Defines the original tool name from the MCP server or a regex pattern for pattern-based matching with capture group replacement. +| Mapped Tool Name | Defines the new tool name to use in responses. For regex mappings, use `$1`, `$2`, `$3`, and so on to reference capture groups. +| Mapped Tool Description | Optional new description for the tool. If not specified, the original description is used. New descriptions aren't supported for regex mappings. +| Mapping Type | Determines how the tool mapping is processed. Supported values are *Literal* for exact string matching and *Regex* for pattern matching with capture groups. +| Log Mappings | Logs tool names and mappings for debugging if enabled. For example: + +---- +Mapped outbound tool (literal): get_me -> ss_get_me +Passthrough outbound tool (no mapping): get_release_by_tag +---- +|=== + +== Mapping Types + +The MCP Tool Mapping policy supports literal mapping for exact string matching and regex mapping for pattern-based matching with capture group replacement. + +=== Literal Mapping + +Literal mappings perform exact string matching for specific tool names. For example, given the following parameters: + +* *Source Tool Name*: `get_weather` +* *Mapped Tool Name*: `weather_lookup` +* *Mapped Tool Description*: `Get current weather conditions` +* *Mapping Type*: *Literal* + +The policy transforms the tool name in the `tools/list` response and `tools/call` request: + +* `tools/list` response: `get_weather` to `weather_lookup` +* `tools/call` request: `weather_lookup` to `get_weather` (automatic reverse mapping) + +=== Regex Mapping + +Regex mappings use pattern-based matching with capture group replacement. For example, given the following parameters: + +* *Source Tool Name*: `get_(.+)` +* *Mapped Tool Name*: `fetch_$1` +* *Mapping Type*: *Regex* + +The policy transforms the tool name in the `tools/list` response: + +* `get_weather` to `fetch_weather` +* `get_user` to `fetch_user` +* `delete_item` remains unchanged (doesn't match pattern) + + +== Bidirectional Mapping + +For outbound `tools/list` mapping response, the policy transforms tool names when the backend MCP server returns a list of available tools: + +. Backend MCP server returns tools: `["get_weather", "get_user", "delete_item"]` +. Policy applies mappings: +** `get_weather` to `weather_lookup` (literal match) +** `get_user` to `user_info` (literal match) +** `delete_item` remains unchanged (no mapping) +. Client receives: `["weather_lookup", "user_info", "delete_item"]` + +For inbound `tools/call` mapping requests, the policy transforms tool names when the client calls a tool: + +The policy reverse-transforms tool names when the client calls a tool: + +. Client calls: `weather_lookup` (the mapped name) +. Policy reverse-maps: `weather_lookup` to `get_weather` +. Backend receives: `get_weather` (original name) + +== Namespace Isolation Use Case + +Add prefixes to avoid tool name conflicts between multiple MCP servers. For example, this configuration adds the prefix `server1_` to all tool names: + +* *Source Tool Name*: `(.+)` +* *Mapped Tool Name*: `server1_$1` +* *Mapping Type*: `regex` + +== Consistent Naming Use Case + +Standardize tool names across different servers. For example, this configuration standardizes the name of `fetch` and `retrieve` functions from different servers to `get` functions: + +* Mapping 1: +** *Source Tool Name*: `fetchWeather` +** *Mapped Tool Name*: `get_weather` +** *Mapping Type*: `literal` + +* Mapping 2: +** *Source Tool Name*: `retrieveUser` +** *Mapped Tool Name*: `get_user` +** *Mapping Type*: `literal` + +== See Also + +* xref:policies-mcp-access-control-together.adoc[MCP Access Control: How the Policies Work Together] +* xref:policies-included-mcp-global-access.adoc[MCP Global Access] +* xref:policies-included-mcp-attribute-access-control.adoc[MCP Attribute-Based Access Control] +* xref:policies-included-directory.adoc[Included Policies Directory] + diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-message-logging.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-message-logging.adoc new file mode 100644 index 000000000..c57803565 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-message-logging.adoc @@ -0,0 +1,307 @@ += Message Logging Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: message logging, api gateway, flex gateway, gateway, policy +:page-aliases: api-manager::message-logging-policy.adoc, policies::policies-included-message-logging.adoc + +[width="100%", cols="5,15"] +|=== +>s| Policy name | Message Logging +>s|Summary | Logs custom messages using information from incoming requests, responses from the backend, or information from other policies applied to the same API endpoint +>s|Category | Troubleshooting +>s|First Omni Gateway version available | v1.0.0 +.1+>.^s| Returned Status Codes +| No return codes exist for this policy +|=== + +== Summary + +The Message Logging policy logs custom messages using information from incoming requests, responses from the backend, or information from other policies applied to the same API endpoint. + +== Prerequisites + +You must have the Anypoint Platform Organization Administrators role or have permission to create or manage APIs. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: message-logging-flex + config: + loggingConfiguration: + - itemName: // REQUIRED + itemData: //REQUIRED + message: // REQUIRED + conditional: // OPTIONAL + category: // OPTIONAL + level: // REQUIRED + firstSection: // OPTIONAL + secondSection: // OPTIONAL +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +|Parameter | Required or Optional | Default Value | Description + +| `loggingConfiguration` +| Required +| N/A +| Array of configurations + +| `loggingConfiguration.itemName` +| Required +| N/A +| Configuration name. + +| `loggingConfiguration.itemData.message` +| Required +| N/A +| DataWeave expression that resolves to the message log. To learn more about supported DataWeave expressions, see <>. + +| `loggingConfiguration.itemData.conditional` +| Optional +| `true` +| DataWeave expression that resolves to whether the message should be logged. To learn more about supported DataWeave expressions, see <>. + +| `loggingConfiguration.itemData.category` +| Optional +| Default category +| Log message prefix that indicates the package and class where the log is executed. + +| `loggingConfiguration.itemData.level` +| Required +| N/A +| Defines the level of message to log: `INFO`, `WARN`, `ERROR`, or `DEBUG` + +For more information, see <>. + +| `loggingConfiguration.itemData.firstSection` +| Optional +| `false` +| Boolean that indicates if messages are logged before the API endpoint is called, taking into account the order in which this policy is applied. + +| `loggingConfiguration.itemData.secondSection` +| Optional +| `false` +| Boolean that indicates if messages are logged after the API endpoint is called, taking into account the order in which this policy is applied. + +|=== + +==== Resource Configuration Example + +---- +- policyRef: + name: message-logging-flex + config: + loggingConfiguration: + - itemName: "Config 1" + itemData: + message: "#[payload]" + conditional: "#[attributes.queryParams['QueryParam']=='someValue']" + level: "ERROR" + firstSection: true + - itemName: "Config 2" + itemData: + message: "#['literal string']" + level: "WARN" + secondSection: true + firstSection: true +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +image::apim-message-logging-policy-ui.png["A form with text fields and checkboxes to set up new logging configurations"] + +[%header%autowidth.spread] +|=== +|Parameter |Description | Required? +|Message |A DataWeave expression to use for extracting the message to be logged. To learn more about supported DataWeave expressions, see <>. +|Required +|Conditional |A DataWeave Boolean expression used to specify whether a message is to be logged. To learn more about supported DataWeave expressions, see <>. |Optional +|Category |A prefix in the log message that indicates the package and class where the log is executed. |Optional +|Level |The level of message to log: INFO, WARN, ERROR, or DEBUG. + +For more information, see <>.|Required +|Before Calling API |Set to cause your logging policy to log messages before the API endpoint is called, taking into account the order in which this policy is applied. |Optional +|After Calling API |Set to cause your logging policy to log messages after the API endpoint is called, taking into account the order in which this policy is applied. |Optional +|=== + +==== Example of Message Logging Policy Configured from the UI + +To better understand how to use the Message Logging policy, consider a fictional retail clothier named Les Vetments. To successfully run its e-commerce portal, Les Vetments must audit the status code of the requests made on its website. + +For example, if a customer buys or returns a product, or if the company adds or removes a product from its catalog, the transactions must be logged. The IT manager at Les Vetments applies the Message Logging policy to the company APIs to enable logging and viewing any data or transaction changes without making any modifications to the code. + +To log the attributes of the incoming and outgoing HTTP message, Les Vetments applies the Message Logging policy to the API with the following UI configurations: + +* *Message*: #[attributes] ++ +The attributes in the payload must be logged. +* *Conditional*: Blank ++ +Because Les Vetments requires all attributes, no expression to filter messages is specified. +* *Category*: Blank ++ +No prefix is required in the log sentence. +* *Level*: Info ++ +All types of messages are to be logged. The Info log level also includes Warn, Error, or Debug log messages. +* *Before Calling API*: Checked ++ +All transactions that occur before the API is called are to be logged. +* *After calling API*: Checked ++ +All transactions that occur after the API is called are to be logged. + +Following this configuration, whenever customers access the Les Vetments catalogue or add or remove items from their carts, or when an item is added or removed from the Les Vetments catalog, logs are generated: + +[source,text,linenums] +---- +********************************************************************** +* Policy: message-logging-1351146-proxy * +* OS encoding: UTF-8, Mule encoding: UTF-8 * +* * +********************************************************************** +21:56:50.147 11/30/2020 Worker-0 [MuleRuntime].uber.06: [message-logging-771181-proxy].771181-message-logging.CPU_LITE @71625864 INFO +event:184152a0-3370-11eb-b732-0a8c1820c088 org.mule.extension.http.api.HttpRequestAttributes +{ + Request path=/proxy/1 + Raw request path=/proxy/1 + Method=GET + Listener path=/proxy/* + Local Address=/172.25.159.101:8081 + Query String= + Relative Path=/proxy/1 + Masked Request Path=/1 + Remote Address=/18.191.37.179:21836 + Request Uri=/proxy/1 + Raw request Uri=/proxy/1 + Scheme=http + Version=HTTP/1.1 + Headers=[ + host=logging-policy.us-e2.cloudhub.io + x-real-ip=204.14.236.154 + accept=*/* + user-agent=curl/7.54.0 + x-forwarded-for=204.14.236.154 + x-forwarded-port=80 + x-forwarded-proto=http + x-sigsci-agentresponse=200 + x-sigsci-mac=7caf3820a5c07d06ef827f1565678167 + ] + Query Parameters=[] + URI Parameters=[] +} +21:56:50.254 11/30/2020 Worker-0 [MuleRuntime].uber.07: [logging-policy].proxy.CPU_LITE @f0ce617 INFO +event:184152a0-3370-11eb-b732-0a8c1820c088 org.mule.extension.http.api.HttpResponseAttributes +{ + Status Code=200 + Reason Phrase=OK + Headers=[ + date=Tue, 01 Dec 2020 00:56:50 GMT + content-type=application/json; charset=utf-8 + set-cookie=__cfduid=d8afa23a4627ebef39cbc54fea223cb231606784210; expires=Thu, 31-Dec-20 00:56:50 GMT; path=/; domain=.typicode.com; HttpOnly; SameSite=Lax + x-powered-by=Express + x-ratelimit-limit=1000 + x-ratelimit-remaining=999 + x-ratelimit-reset=1606784265 + vary=Origin, Accept-Encoding + access-control-allow-credentials=true + cache-control=max-age=43200 + pragma=no-cache + expires=-1 + x-content-type-options=nosniff + etag=W/"53-hfEnumeNh6YirfjyjaujcOPPT+s" + via=1.1 vegur + cf-cache-status=MISS + accept-ranges=bytes + cf-request-id=06bd666d0a0000386b7a1fc000000001 + expect-ct=max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" + report-to={"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qUAIXoQ7qqqvFzjcwGrmK2r2PcSfDZ75jFJd0Gi0BLBUMHAcnC9wJ9I%2FEHJtk%2Bra%2FXWqkA%2F5%2FlzoWoC6YS2Lew%2BqKgjhaphHqx5WrZ0CKHMalhcM9it%2Fks0qzQGwbsRzQg%3D%3D"}],"group":"cf-nel","max_age":604800} + nel={"report_to":"cf-nel","max_age":604800} + cf-ray=5fa8d9c1a8c6386b-IAD + ] +} +12:18:31.770 11/18/2020 Worker-0 agw-policy-set-deployment.01 INFO +Applied policy message-logging-1351146 version 1.0.0 to API testLoggingNew-v1-v1:16481163 (16481163) in application messagelog +---- + +To log headers, Les Vetments uses the following code snippet in the *Message* field: + +`#[attributes.headers]` + +To customize the log messages based on the event and the action performed, Les Vetments uses the following code snippet in the *Message* field: + +`#['User ' ++ authentication.clientId ++ ' performed action ' ++ attributes.method ++ ' on ' ++ attributes.requestPath ++ ' with Payload: ' ++ payload]` + +[[dataweave-support]] +== DataWeave Expressions Support + +The Message Logging policy supports the xref:policies-flex-dataweave-support.adoc[standard DataWeave Expressions supported by Omni Gateway policies] and the following additional xref:dataweave::dataweave-variables-context.adoc[`vars`] DataWeave expressions. Format the following expressions `#[vars.]`, for example `#[vars.orgId]`: + +* `orgId` +* `masterOrgId` +* `envId` +* `apiId` +* `apiName` +* `apiInstanceName` +* `apiVersion` +* `receivedTs` (rfc3339) +* `repliedTs` (rfc3339, only available in request context) +* `runtimeVersion` (For example: `v1.7.0`) +* `hostId` (For example: `my-host`) +* `reqId` (Referred to as `traceId` in Omni Gateway logs) +* `requestDisposition` (`PROCESSED` or `VIOLATION`, only available in request context) +* `request.remoteAddress` +* `request.method` +* `request.requestPath` +* `request.headers` (all request headers) +* `violation.clientId` (Only available in response context) +* `violation.clientName` (Only available in response context) +* `violation.policyName` (Only available in response context) +* `violation.violationType` (`VIOLATION` or `ERROR`, only available in response context) + + +== How This Policy Works + +Logging a policy consists of the following sequence: + +. A request is sent to the API. +. The message is logged if the following conditions are true: +** The level and category of the log defined in the policy are included in the logger defined in the configuration file. +** Either the conditional field of the policy was not set, or was set and the condition was met. +. The API response is returned. Message Logging Policy does not interfere with the execution of any policy nor its flow. +. The message appears in the application log. + +== About the Logging Format + +A message log uses the following format: + +` [flex-gateway-envoy][] wasm log .default..default.svc main: [req: ] [accessLog] ` + +* `policy-name`: displays the name of the policy binding: + +* `api-name`: displays the name of the api instance: + +* `request uuid`: displays a unique identifier for the request that triggered the message. + +== Logging States During Events + +Message logging occurs at specific intervals during a request flow: + +* Before logging an API flow: ++ +image::apim-message-logging-policy-states-1.png[State before logging an API flow] +* After logging an API flow: ++ +image::apim-message-logging-policy-states-2.png[State after logging an API flow] +* Error handler after API flow: ++ +image::apim-message-logging-policy-states-3.png[State after the error handler executes] + + +// Severity Level Table +include::partial$logging-severity-level.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-oauth-token-introspection.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-oauth-token-introspection.adoc new file mode 100644 index 000000000..7592713d8 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-oauth-token-introspection.adoc @@ -0,0 +1,144 @@ += OAuth 2.0 Token Introspection Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:keywords: oauth, token, validation, introspection, policy +:page-aliases: policies::policies-included-oauth-token-introspection.adoc + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | OAuth 2.0 Token Introspection Policy +>s|Summary | Allows access only to authorized client applications +>s|Category | Security +>s| First Omni Gateway version available | v1.3.0 +.4+>.^s| Returned Status Codes +|400 - Invalid token +|401 - Unauthorized access or error when connecting to the authorization server +|403 - Forbidden, invalid client application credentials +|500 - Bad response from authorization server, or WSDL SOAP fault error +|=== + +== Summary + +The OAuth 2.0 Token Introspection policy enables you to configure OAuth 2.0 using any third-party Identify Provider (IdP), such as Okta, AWS, Azure or Google Cloud Platform. The policy allows for tokens based on the OAuth 2.0 Authorization Framework to be authorized without having to register an external IdP server in the Anypoint Platform. + +The policy validates the token sent by the client to the protected API, and allows access to the backend server only if the introspection endpoint authorizes the token. + +[NOTE] +==== +OAuth Introspection Policy doesn't support Microsoft Entra ID because Microsoft Entra ID doesn't provide an introspection endpoint. +==== + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: oauth2-token-introspection-flex + config: + introspectionURL: // REQUIRED + authorizationValue: // REQUIRED + validatedTokenTTL: // OPTIONAL + authenticationTimeout: // OPTIONAL + skipClientIdValidation: // REQUIRED + consumerBy: // REQUIRED + exposeHeaders: // OPTIONAL + scopes: // OPTIONAL + scopeValidationCriteria: // OPTIONAL + maxCacheEntries: // OPTIONAL + enableProtectedResourceMetadata: // OPTIONAL + overrideProtectedResourceMetadataAuthorizationServerUrl: // OPTIONAL + protectedResourceMetadataAuthorizationServerUrl: // OPTIONAL +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `introspectionURL` +| Required +| +| The third-party token introspection URL + +| `authorizationValue` +| Required +| +| The method to request authorization from the authentication service. Specify either a Basic Auth string with `client_id` and `client_secret`, or a Bearer Token. + +| `validatedTokenTTL` +| Optional +| 600 +| The caching limit for the validated token + +| `authenticationTimeout` +| Optional +| 10000 +| The timeout when sending data to the authentication service + +| `skipClientIdValidation` +| Required +| false +| Enables/disables client ID enforcement support + +| `consumerBy` +| Required +| +| Associate an identity provider's `username` or `client_id` response with a registered platform's `client_id`. Required if `skip_client_id_validation`is `true`. + +| `exposeHeaders` +| Optional +| false +| + +| `scopes` +| Optional +| "" +| A space-delimited list + +| `scopeValidationCriteria` +| Optional +| "AND" +| The criteria to apply to the `scopes` values. Valid parameter values are "AND" or "OR". + +| `maxCacheEntries` +| Optional +| 1000 +| + +| `enableProtectedResourceMetadata` +| Optional +| false +| Enables https://www.rfc-editor.org/rfc/rfc9728[RFC 9728] OAuth 2.0 Protected Resource Metadata. When `true`, all `401` responses include a `WWW-Authenticate` header with the resource metadata URL `{api_path}/.well-known/oauth-protected-resource`. + +When a client makes a GET request to this path, Omni Gateway responds with a JSON document containing the authorization server metadata. By default, Omni Gateway derives the authorization server URL supplied in the metadata from the introspection endpoint URL. For example, `https://auth.example.com/introspect` becomes `https://auth.example.com`. + +| `overrideProtectedResourceMetadataAuthorizationServerUrl` +| Optional +| false +| Overrides the authorization service URL with a custom URL. For example, when the authorization service uses a different path, such as Keycloak realms. + +| `protectedResourceMetadataAuthorizationServerUrl` +| Optional +| +| Server base URL to use when `overrideProtectedResourceMetadataAuthorizationServerUrl` is `true`. + +|=== + +==== Resource Configuration Example + +[source,yaml] +---- +- policyRef: + name: oauth2-token-introspection-flex + config: + introspectionURL: https://my-introspection.com/introspect + authorizationValue: Basic am9obkBleGFtcGxlLmNvbTphYmMxMjM= + validatedTokenTTL: 600 + authenticationTimeout: 10000 + skipClientIdValidation: false + consumerBy: "client_id" + exposeHeaders: true + scopes: "profile email shopping" + scopeValidationCriteria: "AND" + maxCacheEntries: 1000 +---- \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-openid-token-enforcement.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-openid-token-enforcement.adoc new file mode 100644 index 000000000..cc712b178 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-openid-token-enforcement.adoc @@ -0,0 +1,188 @@ += OpenID Connect OAuth 2.0 Token Enforcement Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: open, id, oauth 2.0, token, enforcement, api gateway, flex gateway, gateway, policy +:page-aliases: api-manager::policy-openid-connect.adoc, policies::policies-included-openid-token-enforcement.adoc + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | OpenID Connect OAuth 2.0 Token Enforcement +>s|Summary | Allows access only to authorized client applications +>s|Category | Security +>s| First Omni Gateway version available | v1.0.0 +.4+>.^s| Returned Status Codes +|400 - Invalid token +|401 - Unauthorized access or error when connecting to the authorization server +|403 - Forbidden, invalid client application credentials +|500 - Bad response from authorization server +|=== + +== Summary + +The OpenID Connect Access Token Enforcement policy restricts access to a protected resource to only those HTTP requests that provide a valid Oauth2 token belonging to a client application with API access. The policy does not generate tokens but only validates them. + +This policy is available only to an organization that is configured to use the OpenID Connect dynamic client registration as a xref:access-management::configure-client-management-openid-task.adoc[client-management solution]. + + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The OpenID Connect Access Token Enforcement policy doesn't support in Omni Gateway running in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="30,40,30"] +|=== +| Element | Description | Example +| Scopes | Displays a space-separated list of supported scopes. | READ, WRITE, READ and WRITE +| Scope Validation Criteria | Determines if the token must contain all defined scopes or just one. +The values are `Contains all scopes` and `Contains any scope`. | +If the 'Contains all scopes' value is selected, the tokens with the scopes `READ` and `WRITE` are accepted. If the 'Contains any scopes' value is selected, the tokens with the scopes `READ, WRITE, and READ AND WRITE` are accepted. +| Expose Headers | In a proxy scenario, specifies whether headers must be exposed in the request to the backend. User properties returned by the federation server are prefixed with 'X-AGW-' and sent as headers to the backend. | +| Skip Client Id Validation | Skips the client application's API contract validation. | If selected, Step 4 of the diagram in the <> section is skipped. +| Authentication request timeout | Sets the maximum time, in milliseconds, to wait for a response when authenticating with the Access Token validation endpoint. | `10000` + +| Enable Protected Resource Metadata | Enables https://www.rfc-editor.org/rfc/rfc9728[RFC 9728] OAuth 2.0 Protected Resource Metadata. When enabled, all `401` responses include a `WWW-Authenticate` header with the resource metadata URL `{api_path}/.well-known/oauth-protected-resource`. + +When a client makes a GET request to this path, Omni Gateway responds with a JSON document containing the authorization server metadata. By default, Omni Gateway derives the authorization server URL supplied in the metadata from the introspection endpoint URL. For example, `https://auth.example.com/introspect` becomes `https://auth.example.com`. | + +| Override Protected Resource Metadata Authorization Server Url | Overrides the authorization service URL with a custom URL. For example, when the authorization service uses a different path, such as Keycloak realms. | + +| Protected Resource Metadata Authorization Server Url | Server base URL to use when `overrideProtectedResourceMetadataAuthorizationServerUrl` is enabled. | +|=== + +[[how-this-policy-works]] +== How This Policy Works + +The following diagram illustrates the OpenID Connect Access Token Enforcement policy workflow: + +image:open-id-policy-workflow.png["A flowchart illustrating the process of a user engaging with an API via a PingFederate policy"] + +As shown in the diagram: + +. The user first sends an HTTP request to the API protected by the policy. +. The policy extracts the token from the request and sends it to the validation endpoint to verify the integrity of the token. +. The token validation endpoint returns token metadata, including the client ID of the client application. +. Using a local database updated with contracts previously obtained from Anypoint Platform, the policy verifies whether the client ID has access to the API. +. If all the validations are successfully completed, the request is allowed to reach the backend. + +[[leveraging-TVE-information]] +=== Leveraging Token Validation Endpoint Information + +When a token validation endpoint successfully validates a token, certain information, such as configurable fields from OpenID Connect, are returned to the policy. + +The following example illustrates the token validation response from the authorization server: + +[source,text,linenums] +---- +{ + "uid":"john.doe", + "mail":"john.doe@example.com" + "token_type":"Bearer", + "exp": 1516239022 + "alias" : ["Jhon", "Jhonny", "Mr Doe"], + "address" : { + "city": "london", + "road": “abbey road" + } +} +---- + +The fields returned by the OAuth provider are processed by the policy, propagated throughout the flow, and finally exposed to the backend if the application requesting the access uses an HTTP requester. + +[[token-caching]] +=== Token Caching in Local Mode + +After the system validates a token, that token is cached (by default), until it expires, thereby improving the performance of the policy. In certain cases, such as in the case of revoked tokens, you might want to minimize or even disable caching. + +The validation endpoint sends multiple properties to the policy, including the expiration time of the token. If the expiration information is not available, tokens are not cached. + +To control the time taken to cache the tokens, before you attempt revalidating against the token validation endpoint, configure the following parameter in your declarative configuration file: + +---- + - policyRef: + name: openidconnect-access-token-enforcement-flex + config: + ... + maxFederationExpirationTime: +---- + +Setting this property caches the token for the specified amount of time or until the tokens expire, whichever occurs first. If you have enabled this property and the validation endpoint does not send the expiration information, tokens are not cached. + +To control the number of tokens that can be cached simultaneously, configure the following parameter in your declarative configuration file. + +---- + - policyRef: + name: openidconnect-access-token-enforcement-flex + config: + ... + maxCacheSize: +---- + +[[token-validation-endpoint-authentication]] +=== Token Validation Endpoint Authentication + +To complete validating the provided token, the policy sends a request to the validation endpoint. The policy then obtains the credentials from the client provider configuration in access management, per the Token Introspection Client section of the OAuth 2.0 Authorization Framework specification. These credentials are sent in the request body, as specified in the https://tools.ietf.org/html/rfc6749#section-2.3[Client Authentication section of the OAuth 2.0 Authorization Framework specification^]. + +Other authentication methods for the token validation endpoint are currently not supported. + +== Configuring the Expose Headers Option + +If you configured the `Expose Headers` option in the policy and if the application (for example, out-of-the-box proxies) uses the HTTP requester, the properties are redirected to the backend as headers. + +For each field, the original request to the protected resource is enriched with the HTTP headers using the format: X-AGW- + =. For the example response from the previous section, the following headers are added: + +[source,text,linenums] +---- +X-AGW-uid=john.doe +X-AGW-mail=john.doe@example.com +X-AGW-token_type=Bearer +---- + +The propagated properties do not include the `scope`, and `exp` objects and arrays. + +For further processing within the flow, the original unparsed response from the validation endpoint is made available. The information is stored in an authentication object. + +For example, if a `mail` field is returned to the policy, you can access the value of the field by using the following DataWeave 2.0 expression: + +`#[authentication.properties.userProperties.mail]` + +You can obtain the client ID of the OAuth2 token by using the following DataWeave 2.0 expression: + +`#[authentication.principal]` + +// == Communicating with the Token Validation Endpoint Using a Proxy +// +// You can enable the OpenID Connect OAuth 2.0 Token Enforcement policy to use the gateway proxy settings by specify the following property when starting the Mule runtime engine: +// +// `anypoint.platform.external_authentication_provider_enable_proxy_settings=` +// +// When you enable this property, the policy uses the Mule proxy settings, if you have specified the following parameters: +// +// * `anypoint.platform.proxy_host=localhost` +// * `anypoint.platform.proxy_port=8080` + +== FAQs + +*The OpenID Connect Access Token Enforcement policy does not appear in the list of policies to apply to the API.* + +If the policy does not appear in the policies list, ensure that you have configured the OpenID client provider in Access Management. For information, see xref:access-management::configure-client-management-openid-task.adoc[Configure OpenID Connect Client Management]. If you are using xref:api-manager::configure-multiple-credential-providers.adoc[multiple IdPs], verify that the OpenID connect client is properly configured in the API. + + +*Can I generate OAuth 2.0 tokens with the policy?* + +No. The policy only validates the tokens. + +*How are the OAuth tokens cached?* + +OAuth 2.0 tokens are cached only in memory and are never written to disk. + +*Can I configure the Rate-Limiting SLA policy after I configure the OpenID Connect Access Token Enforcement policy?* + +Yes, you can. Apply the Rate-Limiting SLA policy after the OpenID Connect Access Token Enforcement policy and provide a `Client ID Expression` value using the following DataWeave 2.0 expression: + +`#[authentication.principal]` + +Because the identity of the requester is already validated by the OpenID Connect Access Token Enforcement policy, you can leave the `Client Secret Expression` field empty. diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-rate-limiting-sla.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-rate-limiting-sla.adoc new file mode 100644 index 000000000..83f4fc328 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-rate-limiting-sla.adoc @@ -0,0 +1,173 @@ += Rate Limiting: SLA-Based Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: rate-limiting sla, api gateway, flex gateway, gateway, policy +:page-aliases: api-manager::rate-limiting-sla-policy.adoc, api-manager::rate-limiting-and-throttling-sla-based-policies.adoc, api-manager::tutorial-manage-an-api.adoc, policies::policies-included-rate-limiting-sla.adoc + +[%autowidth.spread,cols="a,a"] +|=== +>s| Policy name | Rate-limiting SLA +>s| Summary | Monitors access to an API by defining the maximum number of requests processed within a timespan, based on SLAs +>s| Category | Quality of Service +>s| First Omni Gateway version available | v1.2.0 +.4+>.^s| Returned Status Codes +|401 - Request blocked due to invalid client credentials (client ID or client secret) provided +|429 - Quota exceeded; requests blocked until the current window finishes +|=== + +== Summary + +The Rate-Limiting Service Level Agreement (SLA) policy enables you to control incoming traffic to an API by limiting the number of requests that the API can receive within a given timespan. When the limit is reached before the time expires, the policy rejects all requests, thereby avoiding any additional load on the backend API. + +To apply the Rate-Limiting SLA policy to an API, you must first create a contract between the API and a registered client application. The number of requests that an API can receive within a given time is defined in the xref:api-manager::manage-client-apps-latest-task.adoc[contracts] section in API Manager. + +Each request must be identified by a client ID and an optional client secret (depending on the policy configuration). To review how to obtain the client credentials of a registered client application, see xref:api-manager::access-client-app-id-task.adoc[Obtaining Client Credentials of a Registered Application]. + +[NOTE] +==== +A Rate-Limiting SLA policy applied to an Omni Gateway API is scoped to replicas, not the gateway. +==== + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The Rate-Limiting SLA policy isn't supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a"] +|=== +|Parameter | Description | Example +|Client ID Expression | A DataWeave expression that resolves the Client Application’s ID for a Contract of the API | Only one rate-limiting algorithm is created per ID: +`#[attributes.headers['client_id']]` +This example looks for an HTTP header called ‘client_id’ and uses its value. +|Client Secret Expression | A DataWeave expression that resolves the Client application’s client secret for a contract of the API | +This is an optional value. +Example: `#[attributes.headers['client_secret']]` +|Distributed | When enabled, the quota is shared among Omni Replicas |Checked or unchecked +| Expose Headers| Defines whether to expose the <> as part of the response | Checked or unchecked +|Block on unknown quota | For policies using distributed rate limiting, block requests if the policy can't retrieve the quota from shared storage. If not enabled and the quota can't be retrieved, no rate limiting is applied. | Checked or unchecked +|=== + +NOTE: If you enable the distributed rate limiting, the policy resizes time windows under 10 seconds linearly. For example, if you configure a maximum of 10 requests per 5 seconds, the policy resizes that window to a maximum of 20 requests per 10 seconds. + +== Enable Shared Storage + +Distributed Rate-Limiting requires Shared Storage to be enabled. For more information about Shared Storage, refer to xref:flex-conn-shared-storage-config.adoc[]. + + +== How This Policy Works + +The Rate-Limiting SLA policy monitors the number of requests made in the current window (the available quota), allowing the requests to reach the backend only if the available quota is greater than zero. + +Because each client defines a separate available quota for their window, the client application must define an SLA with the API (a contract). Therefore, to verify whether the request is within the SLA limit, you must define a way to obtain the client ID from the request, and optionally the client Secret. + +After a contract is created between a client application and an API, API gateway automatically manages these contracts by monitoring your API Manager configurations. Additionally, API gateway implements high-availability strategies in case of unexpected downtime in the Anypoint Platform management plane. + +To understand how the Rate-Limiting SLA policy works, consider an example in which the configuration of an SLA of 3 requests every 10 seconds for the client with ID “ID#1” allows or restricts the request, based on the quota available in that window: + +image:rate-limiting-sla-general.png["A timeline chart that displays both accepted and rejected client requests within a specified window",75%,85%] + +In the example: + +* Requests of client with ID “ID#1”: + +In the first window, because the quota is reached with the third request, all subsequent requests are rejected until the window closes. In the second window, only two of the three requests are processed. Because the time elapses in this window, the remaining quota is unused. + +An accepted request passes through the API to the backend. Conversely, a rejected request displays a `429 status for HTTP` (or 400, or 500 if the API is WSDL) and does not reach the backend. + +* Requests of Client with ID “ID#2”: + +Because the client has no contract defined for the API, every request is rejected , and therefore no request is allowed. + +An API might have several contracts, each with its own SLA. The Rate-Limiting SLA policy independently monitors the quota (and windows) available for each client by creating one rate-limiting algorithm per contract. With the first request to the API, algorithms are created using the _lazy creation_ strategy. + +// == Configuring the Policy +// +// When you configure your Rate-Limiting SLA policy, you must consider certain aspects of your environment to help you derive the most value from the policy. + +// === Choosing Between a Cluster or a Standalone Configuration +// +// If you use only one Client application as an authorization mechanism in your server, the same recommendations as in the Rate-Limiting policy applies to your use case. You might have several Mule instances and you might map different client applications to different servers in the load balancer. +// +// In such a scenario, you do not need to use a Mule cluster. Each standalone node creates a rate-limiting algorithm for the clients they exclusively serve. Conversely, you might want to achieve high availability for your servers and have several client applications configured. +// +// Mule clusters count the SLA quota for each client throughout the cluster and thus are a best fit for this use case. The Rate-Limiting SLA policy is designed to work under both balanced and unbalanced workloads. Because the backend does not receive any extra requests, its maximum capacity is not exceeded. +// +// === Choosing Window Sizes for Cluster Nodes +// +// In a cluster configuration, the nodes must share information across the cluster for consistency. The sharing process adds latency that must be taken into account when reviewing performance. +// +// In a worst case scenario, the number of penalized requests with latency due to cluster consistency is constant and independent from the actual size of the configured quota. Consequently, the smaller the window, the greater the percentage of potentially delayed requests. +// +// Therefore, you must set up window sizes greater than one minute in Rate Limiting and Rate-Limiting SLA policy configurations only for a cluster scenario. +// +// === Choosing Persistence for Your Rate-Limiting SLA Policy (Mule only) +// +// You can configure your Rate-Limiting SLA policy to use windows that persist as long as days, months, and years. For example, suppose you want to allow your user to consume 1 million requests per year, but you cannot ensure that the node will be up the entire period or will need maintenance, which may result in restarting the Mule runtime engine. +// +// The algorithm has been running for several months, so the client will lose critical information. Persistence solves this problem by periodically saving the current policy state. In case of a redeployment or a restart, the algorithms are recreated from the last known persisted state or started from a clean state. +// +// Although persistence is enabled by default, you can turn it off by setting the following property to false: +// +// `throttling.persistence_enabled` +// +// You can also tweak the persistence frequency rate, which has a default of 10 seconds: +// +// `throttling.persistent_data_update_freq` +// +// [NOTE] +// ==== +// Persistence is not available on CloudHub. +// ==== + +== FAQ + +*When does the window start?* + +The window starts with the first request after the policy is successfully applied. + +*What type of window does the algorithm use?* + +It uses a fixed window. + +*What happens when the quota is exhausted?* + +The algorithm is created on demand, when the first request is received. This event fixes the time window. Each request consumes the request quota from the current window until the time expires. + +When the request quota is exhausted, the Rate-Limiting SLA policy rejects the request. When the time window closes, the request quota is reset and a new window of the same fixed size starts. + +*What happens if I define multiple limits within an SLA ?* + +The policy creates one algorithm for each Limit with the request quota per time window configuration. Therefore, when multiple limits are configured, every algorithm must have its own available quota within the current window for the request to be accepted. + +[[response-header]] +*What does each response header mean?* + +Each response header has information about the current state of the request: + +* X-Ratelimit-Remaining: The amount of available quota +* X-Ratelimit-Limit: The maximum available requests per window +* X-Ratelimit-Reset: The remaining time, in milliseconds, until a new window starts + +By default, the X-RateLimit headers are disabled in the response. You can enable these headers by selecting *Expose Headers* when you configure the policy. + +[NOTE] +==== +When on distributed mode, the X-Ratelimit-Remaining header is not perfectly synchronized with all the replicas. With multiple replicas on distributed mode, the X-Ratelimit-Remaining header is an estimation of how much quota the replica has available for itself. It does not represent the actual value of the remaining quota available for the API. + +The following describes a valid scenario: + +* Created a SLA tier name "Titanium" having rate limit of "999999999 req per 10 min" +* Sent 1 request to replica 1 -> x-ratelimit-remaining : 999999998 +* Sent 1 request to replica 2 -> x-ratelimit-remaining : 899999998 + +This does not mean that the quota will be surpassed. +==== + +*When should I use Rate Limiting instead of Rate-Limiting SLA or Spike Control?* + +Use Rate Limiting and Rate-Limiting SLA policies for accountability and to enforce a hard limit to a group (using the identifier in Rate Limiting) or to a client application (using Rate Limiting-SLA). If you want to protect your backend, use the Spike Control policy instead. diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-rate-limiting.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-rate-limiting.adoc new file mode 100644 index 000000000..81f2a3269 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-rate-limiting.adoc @@ -0,0 +1,304 @@ += Rate Limiting Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: rate limiting, api gateway, flex gateway, gateway, policy +:page-aliases: api-manager::rate-limiting.adoc, api-manager::rate-limiting-and-throttling.adoc, api-manager::to-configure-provider-multiple-workers.adoc, policies::policies-included-rate-limiting.adoc + +[%autowidth.spread,cols="a,a"] +|=== +>s| Policy name | Rate Limiting +>s| Summary | Monitors access to an API by defining the maximum number of requests processed within a period of time +>s| Category | Quality of Service +>s| First Omni Gateway version available | v1.2.0 +.4+>.^s| Returned Status Codes +|429 - Quota exceeded, requests are blocked until the current window finishes +|=== + +== Summary + +The Rate Limiting policy enables you to control the incoming traffic to an API by limiting the number of requests that the API can receive within a given period of time. After the limit is reached, the policy rejects all requests, thereby avoiding any additional load on the backend API. + +When you configure the Rate Limiting policy, you can specify any number of pairs of quota (number of requests) and time window (time period) values. + +[NOTE] +==== +A Rate Limiting policy applied to an Omni Gateway API is scoped to replicas, not the gateway. +==== + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: rate-limiting-flex + config: + rateLimits: // REQUIRED + - maximumRequests: // REQUIRED + timePeriodInMilliseconds: // REQUIRED + keySelector: // OPTIONAL + exposeHeaders: // OPTIONAL, default: false + clusterizable: // OPTIONAL, default: true +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `rateLimits` +| Required +| N/A +| An map containing one or more rate limit specifications + +| `rateLimits.maximumRequests` +| Required +| N/A +| The quota number available per window + +| `rateLimits.timePeriodInMilliseconds` +| Required +| N/A +| The amount of time (a number) for which the quota is to be applied + +| `keySelector` +| Optional +| N/A +| DataWeave expression selector key string that creates a group with independent counters for each value resolved by the expression. + +For example, `#[attributes.queryParams['identifier']]` creates an independent counter group for requests containing an `identifier` query parameter. + +| `exposeHeaders` +| Optional +| `false` +| The boolean option that defines whether to expose the <> as part of the response + +| `clusterizable` +| Optional +| `true` +| Distributed: When using interconnected runtimes with this flag enabled, quota will be shared among all nodes + +|blockOnUnknownQuota +| Optional +| `true` +| For policies using distributed rate limiting (`clusterizable`), block requests if the policy can't retrieve the quota from shared storage. If `false` and the quota can't be retrieved, no rate limiting is applied. + +|=== + +NOTE: If you enable the distributed rate limiting, the policy resizes time windows under 10 seconds linearly. For example, if you configure a maximum of 10 requests per 5 seconds, the policy resizes that window to a maximum of 20 requests per 10 seconds. + +==== Resource Configuration Example + +The following example defines a rate limit of three requests every six seconds: + +---- +- policyRef: + name: rate-limiting-flex + config: + rateLimits: + - maximumRequests: 3 + timePeriodInMilliseconds: 6000 + keySelector: "#[attributes.method]" + exposeHeaders: true + clusterizable: false +---- + +//#[attributes.queryParams['identifier']] + +The `#[attributes.method]` DataWeave expression creates one group for each available method in HTTP, for example, the policy rate-limits GET requests independently of POST requests. + +==== Distributed Rate Limit Resource Configuration Example + +Distributed Rate Limit requires Shared Storage to be enabled. For more information about Shared Storage, refer to xref:flex-conn-shared-storage-config.adoc[Configuring Shared Storage for Omni Gateway in Connected Mode]. + +---- + +--- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: shared-storage-redis +spec: + sharedStorage: + redis: + address: redis:6379 + user: user + password: pass + DB: 1 + +--- +- policyRef: + name: rate-limiting-flex + config: + rateLimits: + - maximumRequests: 3 + timePeriodInMilliseconds: 6000 + keySelector: "#[attributes.method]" + exposeHeaders: true + clusterizable: true +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a"] +|=== +|Parameter | Description | Example +|Identifier | The selector key using a DataWeave or regular String | `#[attributes.method]` creates one group for each available method in HTTP, for example, the policy rate-limits GET requests independently from POST requests. +|Number of Reqs | The quota available per window | A positive number +|Time Period | The amount of time for which the quota is to be applied | A positive number +|Time Unit | The time in milliseconds, seconds, minutes, or hours | Minutes +|Distributed | When using interconnected runtimes with this flag enabled, quota will be shared among all nodes. | checked or unchecked +| Expose Headers| The option that defines whether to expose the <> as part of the response | checked or unchecked +|Block on unknown quota | For policies using distributed rate limiting, block requests if the policy cannot retrieve the quota from shared storage. If not enabled and the quota can't be retrieved, no rate limiting is applied. +|=== + +NOTE: If you enable the distributed rate limiting, the policy resizes time windows under 10 seconds linearly. For example, if you configure a maximum of 10 requests per 5 seconds, the policy resizes that window to a maximum of 20 requests per 10 seconds. + +== How This Policy Works + +The Rate Limiting policy monitors the number of requests made in the current window (the available quota), allowing the requests to reach the backend only if the available quota is greater than zero. + +You can configure the policy for multiple groups of requests by using identifiers in the policy configuration. Each group has a separate available quota for its window. + +To understand how the Rate Limiting policy works, consider an example in which the configuration of 3 requests every 10 seconds allows or restricts incoming requests, based on the quota available in that window: + +image::rate-limiting-generic-example.png["A timeline of accepted and rejected requests in two time windows",80%] + +In the first window, because the quota is reached with the third request, all subsequent requests are rejected until the window closes. In the second window, only two of the three requests are processed and the quota remaining is dropped after the window time has elapsed. + +An accepted request passes through the API to the backend. Conversely, a rejected request displays 429 status for HTTP (or either 400 or 500 if the API is WSDL) and does not reach the backend. + +A rejected request on the other hand, displays a “429 status for HTTP, ” (or either 400 or 500 if the API is WSDL) and does not reach the backend. + +== Examples + +Consider the previously described configuration of 3 requests every 10 seconds and how it works when the Rate Limiting policy is configured for clusters and uses identifiers. + +=== Configuring Identifiers by Using Regular Strings + +When you use the UI to add identifiers to the policy configuration, you can define groups of requests. The configured limits apply independently to each group. You can also use the identifier `#[attributes.method]` for one bucket per HTTP method in your Rate Limiting policy configuration. + +//If you can split the universe of possible requests into a finite number of groups, you can assign each group with a selector key (String). One Rate Limit algorithm is created per key. + +An `Identifier` in the UI is a non-obligatory parameter. By default, the `Identifier` has no value. Based on whether you accept the default or provide a value, the policy performs in the following ways: + +* Not configured (default) ++ +The Rate Limiting quota applies to every request per bucket or group. +* Configured for an obligatory HTTP header ++ +Each header has its own quota. Header values are case-sensitive. Quotas are created using the _lazy creation_ strategy. +* Configured for a non-obligatory HTTP header ++ +Custom header, payload, query parameter, or expression values each have their own quotas. ++ +The identifier, if not sent in the request, defaults to an empty value, having its own quota. This behavior allows the Rate Limiting policy to be applied to an API consumed by uncontrolled clients, and at the same time accommodates special buckets for the clients sending the identifier. + +The following example shows the order of events that occur over a period of time using the identifier `#[attributes.method]` for a limit of 3 requests every 10 seconds: + +image::rate-limiting-configure-identifiers-example.png["A line chart illustrating the acceptance and rejection of GET and POST requests over time",80%] +In the example: + +* Every HTTP method is allowed 3 requests every 10 seconds (in this example, only GET and POST requests are made to the API). +* The Rate Limiting policy works in a fixed-window fashion. ++ +For more information, see the fixed-window size bracket in the diagram. +* The window start times are independent. +* The engine uses a _lazy creation_ strategy that spools a rate-limiting algorithm whenever the first request for a method is received. + +=== Configuring Identifiers by Using DataWeave Expressions + +The rate-limiting engine, which is HTTP agnostic, depends solely on the resolution of the DataWeave expression. You can alter the `Identifier` expression in the UI to cover complex rate-limiting scenarios. + +For example, you can configure a Rate Limiting policy with an identifier that uses one bucket for all Class A and Class C LAN requests and another bucket for everything else. The following image illustrates the second bucket in the previous sentence, which corresponds to 3 requests per 10 seconds quota with the DataWeave expression `#[attributes.queryParam[‘customIdentifier’]]` as the policy identifier: + +image::rate-limiting-configure-identifiers-dataweave.png["A timeline that displays both accepted and rejected requests, organized by time intervals",80%] + +In the example: + +* All requests without the identifier are resolved to the empty identifier and therefore use a single rate-limiting algorithm. +* Each different identifier uses a different bucket, each bucket with its own independent quota. + +This configuration creates a false or a true bucket that corresponds to the locality of the IP that made the request. The `false` and `true` values correspond to the domain of boolean values and not HTTP. + +Nevertheless, the policy works correctly because the engine treats the resolved expression as a String. In this case, the value is automatically cast from Boolean to String. You can explicitly define casting in DataWeave by adding `output text/plain ---` to your script. + +[NOTE] +==== +The HTTP RFC header names are case-insensitive. Anypoint Connector for MuleSoft HTTP changes header names to lowercase characters. However, the DataWeave key is case-sensitive. Therefore, when creating the `Identifier` expression, remember to reference headers in lowercase. +==== + +=== Configuring Unbound Identifier Sets + +Every identifier result has one algorithm. You must carefully create a DataWeave expression that does not return an unbound or a very large co-domain, which requires hosting the same number of algorithms in memory (at least a request for every possible identifier has to be made, because algorithms are created using the _lazy creation_ strategy). + +For example, suppose the DataWeave expression uses the IP address as the identifier in an Omni Gateway instance that is public to the internet. If every public IPv4 IP on the internet makes a request to this instance, there will be 3,706,452,992 algorithms running in a single instance. + +At an average of 250 bytes per algorithm, this amounts to approximately 1 terabyte in rate-limit algorithms. Therefore, use a DataWeave expression that resolves to a finite number of identifier to keep the resulting set as small as possible. + +// == Configuring Your Rate Limiting Policy +// +// When you configure your Rate Limiting policy, you must consider certain aspects of your environment to help you derive the most value from the policy. +// +// === Choosing Between a Cluster or a Standalone Configuration +// +// You might have decentralized processing in your environment, with the following setup: +// +// * You have more than one servers for the same API. +// * Each server has its own backend. +// * The number of requests that can be served is limited only by the backend. +// * You require the fastest response time. +// +// In such a scenario, you do not need to run the policy in a clustered setup. Simply set the policy limits of the policy lower than the backend capacity of the weakest of the nodes. Additionally, a load balancer might be useful in case a node goes down. +// +// Alternatively, you might have centralized processing in your environment, with the following setup: +// +// * You have more than one servers for the same API. +// * You have a single backend to which all of the proxies connect. +// * You have a load balancer in front of the proxies +// +// In such a scenario, you do not need a cluster. However, you must then configure the policy to have a value lower than the maximum capacity of the backend. +// +// If your environment does not include load balancers, use a cluster instead of a standalone instance to be certain that your nodes can manage varying levels of traffic. The Rate Limiting policy is designed to work under both balanced and unbalanced workloads. Because the backend does not receive any extra requests, its maximum capacity is not exceeded. +// +// === Choosing Window Sizes for Cluster Nodes +// +// Configure your environment to use processing windows longer than one minute, to prevent the latency potential caused by information sharing among nodes in a cluster. +// +// This configuration recommendation applies to both Rate Limiting and Rate Limiting-SLA policies in a cluster scenario. + +== FAQ + +*When does the window start?* + +The window starts with the first request after the policy is successfully applied. + +*What type of window does the algorithm use?* + +It uses a fixed window. + +*What happens when the quota is exhausted?* + +The algorithm is created on demand, when the first request is received. This event fixes the time window. Each request consumes the request quota from the current window until the time expires. + +When the request quota is exhausted, the Rate Limiting policy rejects the request. When the time window closes, the request quota is reset and a new window of the same fixed size starts. + +*What happens if I define multiple limits?* + +The policy creates one algorithm for each Limit with the request quota per time window configuration. Therefore, when multiple limits are configured, every algorithm must have its own available quota within the current window for the request to be accepted. + +[[response-header]] +*What does each response header mean?* + +Each response header has information about the current state of the request: + +* X-Ratelimit-Remaining: The amount of available quota +* X-Ratelimit-Limit: The maximum available requests per window +* X-Ratelimit-Reset: The remaining time, in milliseconds, until a new window starts + +By default, the X-RateLimit headers are disabled in the response. You can enable these headers by selecting *Expose Headers* when you configure the policy. + +*When should I use Rate Limiting instead of Rate-Limiting SLA or Spike Control?* + +Use Rate Limiting and *Rate-Limiting SLA* policies for accountability and to enforce a hard limit to a group (using the identifier in Rate Limiting) or to a client application (using *Rate-Limiting SLA*). If you want to protect your backend, use the *Spike Control* policy instead. diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-regex-prompt-guard.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-regex-prompt-guard.adoc new file mode 100644 index 000000000..2ff9df705 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-regex-prompt-guard.adoc @@ -0,0 +1,65 @@ += Regex Prompt Guard Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy, llm, prompt guard, regex, prompt injection + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | Regex Prompt Guard +>s|Summary | Blocks LLM requests that match deny-list regex patterns +>s|Category | LLM +>s|First Omni Gateway version available | v1.11.4 +.>s| Returned Status Codes +|403 - Forbidden: Request blocked because prompt content matched one or more denied patterns +|=== + +== Summary + +NOTE: This policy only supports OpenAI format LLM endpoints. + +The Regex Prompt Guard policy scans LLM prompts and blocks requests when prompt content matches Perl Compatible Regular Expressions (PCRE) deny-list patterns. + +To learn more about PCRE, see https://www.pcre.org/[PCRE - Perl Compatible Regular Expressions]. + +For example, you can use the policy to block attacks such as: + +* Prompt injection +* Jailbreak attempts +* SQL injection patterns +* HTML script injection + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The Regex Prompt Guard policy isn't supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a"] +|=== +| Element | Required | Description +| Pattern Name | Yes | Human-readable pattern name. The policy includes this value in the blocked-response details. +| Regex Pattern | Yes | PCRE-compatible regex expression used to match prompt content. Use `(?i)` for case-insensitive matching. To learn more about PCRE, see https://www.pcre.org/[PCRE - Perl Compatible Regular Expressions]. +|=== + +== Response on Block + +When a request is blocked, the policy returns a response body containing the matched deny patterns: + +[source,json] +---- +{ + "error": "Request blocked - content matches denied pattern", + "matched_patterns": [ + "prompt-injection" + ] +} +---- + +== See Also + +* xref:flex-gateway-llm-proxy.adoc[LLM Proxy] - Overview of LLM Proxy and routing +* xref:policies-included-llm-token-rate-limit.adoc[LLM Token Based Rate Limit] - Token-based rate limiting for LLM Proxy diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-response-timeout.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-response-timeout.adoc new file mode 100644 index 000000000..96985e08b --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-response-timeout.adoc @@ -0,0 +1,61 @@ += Response Timeout Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: basic authentication, api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | Response Timeout +>s|Summary | Sets the maximum duration that Omni Gateway waits for a response from an upstream service +>s|Category | Quality of Service +>s|First Omni Gateway version available | v1.9.0 +^s| Returned Status Codes | 504 - Upstream request timeout +|=== + +== Summary + +The Response Timeout policy enables you to set the maximum duration that Omni Gateway waits for a response from an upstream service. The timeout time starts at the last request sent by Omni Gateway. + +By default, all Omni Gateway API instances have a response timeout of 15 seconds. Apply the policy to override the default timeout. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: response-timeout-flex + config: + timeout: number // REQUIRED +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `timeout` +| Required +| 15 +| Time in seconds Omni Gateway waits for the response. + +|=== + +==== Resource Configuration Example + +---- +- policyRef: + name: response-timeout-flex + config: + timeout: 3 +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a"] +|=== +| Element | Description | Required +| Response timeout | Time in seconds Omni Gateway waits for the response. | Yes +|=== + diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-schema-validation.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-schema-validation.adoc new file mode 100644 index 000000000..139b24674 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-schema-validation.adoc @@ -0,0 +1,126 @@ += Schema Validation Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: oas3, schema validation, api gateway, flex gateway, gateway, policy +:page-aliases: policies::policies-included-schema-validation.adoc + +[width="100%", cols="5,15"] +|=== +>s|Policy Name| Schema Validation Policy +>s|Summary| Validates incoming traffic against a supplied API schema +>s|Category| Security +>s|First Omni Gateway version available | v1.4.0 +>s|Returned Status Codes| 400 - The request properties do not comply with the API specifications. +|=== + +== Summary + +NOTE: The Schema Validation policy only supports REST APIs and currently only supports OpenAPI Specification 3.0 (OAS3) schema validations. + +NOTE: The Schema Validation policy supports a maximum of 64 bits for the `number` schema data type. + +Applications processing REST API requests are susceptible to attacks such as header injection and payload injection. Additional vulnerabilities can lead to the access of sensitive information. The Schema Validation policy protects against such attacks and vulnerabilities by validating traffic against a supplied API specification. + +There are many ways to upload REST API specifications, but using Exchange is the easiest way. To upload an API specification to Exchange, see xref:exchange::to-create-an-asset.adoc[Create an Exchange Asset]. + +Omni Gateway supports schemas defined in JSON or YAML, contained in a single file. + +The Schema Validation policy validates request headers, queries, or path parameters. + +Requests only include support for JSON format with content type `application/json`. + +You configure the policy to perform one of the following actions: + +* Block the request, and then return the 400 error status code. +* Allow the request, log the error, and then return the status code of the request. + + +You can validate content against: + +* The presence of all required properties. +* The presence or absence of additional properties. +* The types of all properties. ++ +For example, if a schema specifies a property as an integer, the request must include an integer and not another type, such as a string. +* The format of the properties. ++ +For example, if the `pattern` keyword is specified, the policy validates the property as a regular expression. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: spec-validation-flex + config: + source: // REQUIRED + spec: // REQUIRED + apiBasePath: // OPTIONAL + blockOperation: // REQUIRED + strictParamsValidation: // OPTIONAL +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +|Parameter | Required or Optional | Default Value | Description + +| `source` +| Required +| `context` +| Determines if the schema is specified in this YAML resource, or if it's specified in the API Context from Exchange (Connected Mode only). Supported values: `inline` or `context`. You must specify `inline` when configuring the policy in Local Mode. + +| `spec` +| Required +| `""` +| The actual inline specification. You must provide this when configuring the policy in Local Mode. + +| `apiBasePath` +| Optional +| `"/"` +| The base path of the API. You must provide this value when configuring the policy in Local Mode. + +| `blockOperation` +| Required +| `true` +| If `true`, the policy blocks an invalid spec validation. If `false`, the policy only logs an error. + +| `strictParamsValidation` +| Optional +| `false` +| Determines whether to validate query parameters not defined in specification. + +|=== + +==== Resource Configuration Example + +[source,yaml] +---- +- policyRef: + name: spec-validation-flex + config: + source: "inline" + apiBasePath: "/" + blockOperation: true + strictParamsValidation: false + spec: | + { + "openapi": "3.0.2", + ... + } +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +s|Field s|Description s|Default s|Required +| Block request | Select to block an incoming request that does not conform to the API specification. Selecting not to block only logs the request. Choosing to block invalid requests returns a 400 status when the request is invalid. | Block enabled | No +| Strict query parameters validation | Restricts API calls from query parameters not defined in the API Specification | No | No +| Advanced options | | | | +| Policy version | Version of the applied policy | Latest | Yes +| Rule of application | Configures the runtimes the policy is applied to. Schema Validation is currently only available for Omni Gateway. Applying the policy to all runtimes only applies the policy to Omni Gateway APIs. | All runtimes | Yes +|=== diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-soap-schema-validation.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-soap-schema-validation.adoc new file mode 100644 index 000000000..18d1e7d00 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-soap-schema-validation.adoc @@ -0,0 +1,91 @@ += SOAP Schema Validation Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: xml threat protection, api gateway, flex gateway, gateway, policy + +[width="100%", cols="1,3"] +|=== +>s|Policy Name| SOAP Schema Validation +>s|Summary| Validates incoming traffic against a specified WSDL schema +>s|Category| Security +>s|First Omni Gateway version available |v1.10.0 +>.^s| Returned Status Codes +| The policy returns a `400` for a client error or `500` for a server error. Error messages are defined by SOAP standard responses. +|=== + +== Summary + +NOTE: The Schema Validation policy only supports SOAP 1.1 and 1.2 APIs. + +Use the SOAP Schema Validation policy to block incoming requests that don't conform to the the defined WSDL schema. This policy prevents malformed or malicious SOAP messages from reaching the backend and enforces contract compliance between clients and services. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: soap-validation + config: + wsdlUrl: // REQUIRED + encoding: // REQUIRED, default 'UTF-8' + serviceName: // REQUIRED + servicePort: // REQUIRED + +---- + +Determines if the schema is specified in this YAML resource, or if it's specified in the API Context from Exchange (Connected Mode only). Supported values: `inline` or `context`. You must specify `inline` when configuring the policy in Local Mode. + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required | Default Value | Description + +| `wsdlUrl` +| Yes +| NA +| URL of where to access the WSDL + +| `encoding` +| Yes +| UTF-8 +| Encoding of the WSDL + +| `serviceName` +| Yes +| NA +| SOAP service name defined in the WSDL that validates requests + +| `servicePort` +| Yes +| NA +| SOAP port name defined in the WSDL that validates requests + +|=== + +==== Resource Configuration Example + +---- +- policyRef: + name: soap-validation + config: + wsdlUrl: + encoding: UTF-8 + serviceName: + servicePort: +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +|Field |Description +| Service Name | SOAP service name defined in the WSDL that validates requests +| Service Port | SOAP port name defined in the WSDL that validates requests +|=== + +== See Also + +* xref:policies-included-xml-threat-protection.adoc[] + diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-spike-control.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-spike-control.adoc new file mode 100644 index 000000000..32a77cb89 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-spike-control.adoc @@ -0,0 +1,185 @@ += Spike Control Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: spike control, api gateway, flex gateway, gateway, policy +:page-aliases: api-manager::spike-control-reference.adoc, policies::policies-included-spike-control.adoc + +[%autowidth.spread,cols="a,a"] +|=== +>s| Policy Name | Spike Control +>s|Summary | Regulates API traffic +>s|Category | Quality of Service +>s| First Omni Gateway version available | v1.0.0 +.4+>.^s| Returned Status Codes | +[%autowidth.spread,cols="a,a"] +| 429 - The number of requests by HTTP APIs exceeded the configured limit. Request rejected after specified number of reattempts. +|=== + +== Summary + +The Spike Control policy regulates your API request traffic by limiting the number of messages processed by an API. The policy ensures that the number of messages processed within a specified time does not exceed the limit that you configure. If the number is exceeded, the request is queued for retry based on you have configured the policy. + +== Configuring Policy Parameters + +The Spike Control policy does not perform quota enforcement. The configuration parameters are restricted to protect the API and backend. Therefore, to ensure maximum performance, configure these parameters to the lowest possible value. + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: spike-control-flex + config: + maximumRequests: // REQUIRED, default: 1 + timePeriodInMilliseconds: // REQUIRED, default: 1000 + delayTimeInMillis: // REQUIRED, default: 1000 + delayAttempts: // REQUIRED, default: 1 + queuingLimit: // OPTIONAL, default: 0 + exposeHeaders: // OPTIONAL, default: false +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `maximumRequests` +| Required +| 1 +| Number of allowed requests in the time window + +| `timePeriodInMilliseconds` +| Required +| 1000 +| Time window size + +| `delayTimeInMillis` +| Required +| 1000 +| The amount of time for which each request is retained before retrying, in the event there is no quota remaining + +| `delayAttempts` +| Required +| 1 +| The number of times a request is retried before it is rejected + +| `queuingLimit` +| Optional +| 0 +| The number of requests that can be queued at the any given time + +| `exposeHeaders` +| Optional +| `false` +| Enable it only for internal APIs. Allows the policy to return information about the algorithm behavior in the X-RateLimit headers + +|=== + +==== Resource Configuration Example + +---- +- policyRef: + name: spike-control-flex + config: + queuingLimit: 0 + exposeHeaders: true + delayTimeInMillis: 1000 + timePeriodInMilliseconds: 1000 + delayAttempts: 1 + maximumRequests: 100000 +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a"] +|=== +| Element | Description | Required +| Number of Reqs | The number of requests allowed (in milliseconds) in the specified window | Yes +|Time Period | The number of milliseconds, within which a request must be processed | Yes +| Delay Time in Milliseconds | The amount of time for which each request is retained before retrying (in milliseconds) in case there is no quota remaining | Yes +| Delay Attempts | The number of times a request is retried before it is rejected | Yes +| Queuing Limit | The number of requests that can be queued at the any given time | No +| Expose Headers | Enable it only for internal APIs, allows the policy to return information about the algorithm behavior in the X-RateLimit headers | No +| Method & Resource conditions | The option to add configurations to only a select few or all methods and resources of the API | Yes +|=== + +To enforce request quotas, see the xref:policies-included-rate-limiting-sla.adoc[] and xref:policies-included-rate-limiting.adoc[]. + +== How This Policy Works + +The Spike Control policy uses a _Sliding Window Algorithm_ which reduces spikes in traffic and protects the gateway instance. The window self-adjusts its display size to accommodate results over time. + +If the current window has no remaining request quota, without closing the connection to the client, the Spike Control policy allows requests to be queued for processing later. For your policy to queue the requests, you must configure the policy parameters, as shown in the following example: + +* `Time Period`: 1 second +* `Number of Reqs`: 2 +* `Delay Time in Milliseconds`: 499 milliseconds +* `Delay Attempts`: 1 +* `Queuing Limit`: 5 + +Queuing a request requires retaining a thread and an HTTP connection. When you specify a `Queuing Limit` for the policy, the parameter protects the gateway from running out of resources and ensures that the API does not fail in case of an attack. + +== Request Timelines + +The following diagram illustrates the lifespan of each request accepted by the algorithm, using the configuration defined in the previous section: + +image::spike-control.png["A timeline that shows accepted, rejected, and queued requests"] + +. The first two requests are accepted and the available quota is now 0. ++ +The quota increases to 1 after one second (the `window size` value) passes from request #1. +. Request #3 arrives. ++ +Because no quota is available, the request is queued for 499 milliseconds. +. Request #4 arrives. ++ +Because there still is no quota available, the request is queued for 499 milliseconds. +. Shortly before request #3 is retried, request #1 ages a second and its quota is released because it falls out of the window. +. Quota is now 1, and request #3 is reprocessed successfully. ++ +Quota returns to 0 until request #2 ages 1 second. +. Request #4 delay concludes and it must be reprocessed. ++ +Request #4 is rejected. Requests #2 and #3 have not aged a second yet and there is no quota available. Request #4 have no more delays. +. Request #5 arrives. ++ +Because request #2 has already aged more than a second, the request is accepted. + +This example illustrates request delays and how queuing regulates spikes in traffic. In high-contention scenarios, the backend continues to function properly (it serves no more than X requests in the last Y milliseconds). + +Users querying the API might still see their requests being served, but with higher latency. The exact configuration for the policy depends exclusively on your API and its throughput. + +== FAQ + +*When does the sliding window start?* + +The window starts with the first request after the policy is successfully applied. + +*What type of window does the algorithm use?* + +The algorithm uses a sliding window that monitors transactions for the amount of time that you configure in the policy. + +*What happens when the quota is exhausted?* + +When the request quota is exhausted, the Spike Control policy queues the request and retries as configured. The request is rejected if no quota is remaining after several retries. Quota for other requests is available only after the first request exceeds the time limit configured in the policy; in this way, requests are processed in cycles. + +*Can I configure multiple windows?* + +No. The Spike Control policy ensures that the backend server does not serve more requests than it can handle. If you need accountability, use either Rate-Limiting SLA or Rate Limit policies instead. + +[[response-header]] +*What does each response header mean?* + +Each response header has information about the current state of the request: + +* X-Ratelimit-Remaining: The amount of quota currently available +* X-Ratelimit-Limit: The maximum available requests per window +* X-Ratelimit-Reset: The remaining time, in milliseconds, until the oldest request ages enough to fall outside of the sliding window. ++ +If quota is still available, the header is set to 0 (zero) because the algorithm can still serve new requests. + +By default, the X-RateLimit headers are disabled in the response. You can enable these headers by selecting *Expose Headers* when you configure the policy. + +*When should I use Rate Limiting instead of Rate Limiting SLA or Spike Control?* + +Use Rate Limiting and Rate-Limiting SLA policies for accountability and to enforce a hard limit to a group (using the identifier in Rate Limiting) or to a client application (using Rate Limiting-SLA). If you want to protect your backend, use the Spike Control policy instead. \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-sse-logging.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-sse-logging.adoc new file mode 100644 index 000000000..638bfe0a8 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-sse-logging.adoc @@ -0,0 +1,43 @@ += SSE Logging Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | SSE Logging +>s|Summary | Logs every SSE event while streaming +>s|Category | SSE +>s|First Omni Gateway version available | v1.9.3 +>s| Returned Status Codes | No return codes exist for this policy. +|=== + +== Summary + +The SSE Logging policy enables logging for SSE connections. The configured SSE logs appear in Omni Gateway logs. + +NOTE: This policy only provides logs for SSE events. To log non-SSE information, see xref:policies-included-message-logging.adoc[]. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The SSE Logging policy isn't supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] + +|=== +| Element | Description +| Logs | List of logs executed on every SSE event. +| DataWeave expression for SSE response messages | DataWeave Expression that extracts information from the SSE Event. Use `#[payload]` for the event's payload, `#[vars.data]` for the event data, and `#[vars.id]` for the event ID. +| Category | String prefix to add to each log message. +| Level | Defines the level of message to log: `INFO`, `WARN`, `ERROR`, or `DEBUG`. + +For more information, see <>. +|=== + +// Severity Level Table +include::partial$logging-severity-level.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-stream-idle-timeout.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-stream-idle-timeout.adoc new file mode 100644 index 000000000..43a4fed2a --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-stream-idle-timeout.adoc @@ -0,0 +1,61 @@ += Stream Idle Timeout Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: basic authentication, api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | Stream Idle Timeout +>s|Summary | Sets the maximum duration a stream can remain idle without receiving a request or response +>s|Category | Quality of Service +>s|First Omni Gateway version available | v1.9.0 +^s| Returned Status Codes | 504 - Stream timeout +|=== + +== Summary + +The Stream Idle Timeout policy sets a maximum duration for which a stream can remain idle without receiving any data, either inbound from the client to Omni Gateway or outbound from Omni Gateway to the upstream service. The policy prevents idle connections from consuming resources unnecessarily. The timeout period starts at the last activity on the stream, whether the activity is a request or a response. + +By default, all Omni Gateway API instances have a stream timeout of 300 seconds. Apply the policy to override the default timeout. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: stream-idle-timeout-flex + config: + timeout: number // REQUIRED +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `timeout` +| Required +| 300 +| Time in seconds before Omni Gateway closes the connection. + +|=== + +==== Resource Configuration Example + +---- +- policyRef: + name: stream-idle-timeout-flex + config: + timeout: 3 +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a"] +|=== +| Element | Description | Required +| Stream idle timeout | Time in seconds before Omni Gateway closes the connection. | Yes +|=== + diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-tls-outbound.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-tls-outbound.adoc new file mode 100644 index 000000000..f7f751ae9 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-tls-outbound.adoc @@ -0,0 +1,148 @@ += Transport Layer Security Policy - Outbound +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: tls, mtls, transport layer security, outbound tls, api gateway, flex gateway, gateway, policy +:page-aliases: policies::policies-included-tls-outbound.adoc + +[%autowidth.spread,cols="a,a"] +|=== +>s| Policy Name | Transport Layer Security (TLS) - Outbound +>s|Summary | Enables two-way authentication between the API proxy and an upstream service +>s|Category | Security +>s| First Omni version available | v1.4.0 +.4+>.^s| Returned Status Codes | No return codes exist for this policy. +[%autowidth.spread,cols="a,a"] +| +|=== + +[NOTE] +==== +The following document applies only to Omni Gateway running in Local Mode. To configure TLS in Connected Mode, see xref:flex-conn-tls-config.adoc[]. +==== + +== Summary +Omni Gateway supports outbound Transport Layer Security (TLS) and outbound mutual authentication TLS (mTLS) in Local Mode. + +include::partial$task-tls-config.adoc[tags=defaultOutboundTLS] + +To apply outbound TLS in Local Mode, use the xref:flex-local-tls-config.adoc[Configuring TLS Context for Omni Gateway in Local Mode] tutorial and refer to the following configuration files in this documentation. + +You can configure an outbound TLS context to enable authentication between an API instance and an upstream service by binding the TLS policy to the upstream service. + +include::partial$task-tls-config.adoc[tags=outboundAllInstances] + +[NOTE] +==== +TLS policies do not support policy ordering. +==== + +[NOTE] +==== +Upstream certificates must include the Subject Alternative Name (SAN) extension. The Common Name (CN) field is deprecated. + +Omni Gateway supports the SAN extension of type `dNSName`. +==== + +include::partial$task-tls-config.adoc[tag=aia-support] + +== Configuring Policy Parameters + +To enable outbound TLS between an API instance and an upstream service when using Omni Gateway as your runtime, you must manually configure the TLS context +in a YAML configuration file. + +Refer to the following policy definition and table of parameters: + +---- +- policyRef: + name: tls-outbound + config: + skipValidation: // REQUIRED + certificate: // OPTIONAL + key: // OPTIONAL + crt: // OPTIONAL + alpn: // OPTIONAL + minversion: // OPTIONAL + maxversion: // OPTIONAL + ciphers: // OPTIONAL +---- + +Not including optional parameters in your configuration file applies the parameters default values to your TLS context. + +When configuring the `ciphers` parameter, ensure that your API upstream supports the listed ciphers. For the supported ciphers, see <>. + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `skipValidation` +| Required +| false +| If true, the upstream certificate is not validated. + +| `trustedCA` +| Optional, unless `skipValidation` is false +| N/A +| The CA used to validate the upstream server certificate. If no trusted CA is provided, the policy uses the default OS CA. + +| `certificate` +| Optional +| N/A +| The client certificate to present for mTLS. To comply with security standards, all certificates must be 2048 bits or longer. + +| `certificate.key` +| Optional +| N/A +| The private key part of the certificate. + +| `certificate.crt` +| Optional +| N/A +| The public key part of the certificate. + +| `alpn` +| Optional +| `h2` and `http/1.1` +| A prioritized list of supported application level protocols; for example, h2, http/1.1, and so forth. + +| `minversion` +| Optional +| `1.2` +| The minimum TLS version allowed + +| `maxversion` +| Optional +| `1.3` +| The maximum TLS version allowed + +| `ciphers` +| Optional +| For the default and other supported ciphers, see <>. +| A list of supported TLS ciphers (IANA format). + +|=== + +=== Resource Configuration Examples + +You can format the YAML file to configure TLS or mTLS for a upstream service. + +// sample config outbound TLS applied to a specific instance +include::partial$task-tls-config.adoc[tags=sample-config-outbound-instance-intro] +// sample config outbound TLS applied to a specific instance +include::partial$task-tls-config.adoc[tags=sample-config-outbound-instance] + +// sample config outbound mTLS applied to a specific instance +include::partial$task-tls-config.adoc[tags=sample-config-mtls-outbound-intro] +// sample config outbound mTLS applied to a specific instance +include::partial$task-tls-config.adoc[tags=sample-config-mtls-outbound] + +include::partial$flex-tls-cipher.adoc[tags=cipherSupportLocal;outboundImportantLocal;local-ciphers] + + + + +== See Also +* xref:flex-conn-tls-config.adoc[] +* xref:flex-local-tls-config.adoc[] +* xref:policies-included-tls.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-tls.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-tls.adoc new file mode 100644 index 000000000..5e4fb20e2 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-tls.adoc @@ -0,0 +1,148 @@ += Transport Layer Security Policy - Inbound +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: tls, mtls, transport layer security, inbound tls, api gateway, flex gateway, gateway, policy +:page-aliases: policies::policies-included-tls.adoc + +[%autowidth.spread,cols="a,a"] +|=== +>s| Policy Name | Transport Layer Security (TLS) - Inbound +>s|Summary | Enables authentication between a client and the API proxy +>s|Category | Security +>s| First Omni Gateway version available | v1.0.0 (inbound mTLS: v1.3.0) +.4+>.^s| Returned Status Codes | No return codes exist for this policy. +[%autowidth.spread,cols="a,a"] +| +|=== + +[NOTE] +==== +The following document applies only to Omni Gateway running in Local Mode. To configure TLS in Connected Mode, see xref:flex-conn-tls-config.adoc[]. +==== + +== Summary +Omni Gateway supports inbound Transport Layer Security (TLS) and inbound mutual authentication TLS (mTLS) in Local Mode. + +To apply inbound TLS in Local Mode, use the xref:flex-local-tls-config.adoc[Configuring TLS Context for Omni Gateway in Local Mode] tutorial and refer to the following configuration files in this documentation. + +You can configure an inbound TLS context to enable authentication between a client and the API instance (HTTPS) by binding the TLS policy to your API instance or to all instances in your Omni Gateway. + +include::partial$task-tls-config.adoc[tags=port-sharing-inbound] + +[NOTE] +==== +TLS policies do not support policy ordering. +==== + +== Configuring Policy Parameters + +To use HTTPS as your schema +when creating an API instance using Omni Gateway as your runtime, you must manually configure the TLS context +in a YAML configuration file. + +Refer to the following policy definition and table of parameters: + +---- +- policyRef: + name: tls + config: + requireClientCertificate: // OPTIONAL + trustedCA: // OPTIONAL + certificate: // OPTIONAL + key: // OPTIONAL + crt: // OPTIONAL + alpn: // OPTIONAL + minversion: // OPTIONAL + maxversion: // OPTIONAL + ciphers: // OPTIONAL +---- + +Not including optional parameters in your configuration file applies the parameters default values to your TLS context. + +When configuring the `ciphers` parameter, see <> for the supported ciphers. + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +| Parameter | Required or Optional | Default Value | Description + +| `requireClientCertificate` +| Optional +| false +| Enables/disables inbound mTLS. + +| `trustedCA` +| Optional, unless `requireClientCertificate` is true +| N/A +| The CA used to validate the client certificate. If no trusted CA is provided, the policy uses the default OS CA. + +| `certificate` +| Optional +| N/A +| A TLS certificate key pair. To comply with security standards, all certificates must be 2048 bits or longer. + +| `certificate.key` +| Optional +| N/A +| The private key part of the certificate. + +| `certificate.crt` +| Optional +| N/A +| The public key part of the certificate. + +| `alpn` +| Optional +| `h2` and `http/1.1` +| A prioritized list of supported application level protocols; for example, h2, http/1.1, and so forth. + +| `minversion` +| Optional +| `1.2` +| The minimum TLS version allowed. + +| `maxversion` +| Optional +| `1.3` +| The maximum TLS version allowed. + +| `ciphers` +| Optional +| For the default and other supported ciphers, see <>. +| A list of supported TLS ciphers (IANA format). For the supported ciphers, see <>. + +|=== + +=== Resource Configuration Examples + +You can format the YAML file to configure TLS or mTLS either for a specific API instance or for all API instances running on your Omni Gateway. + +==== Apply TLS Configuration to All API Instances + +// sample config applied to all apis on gateway intro +include::partial$task-tls-config.adoc[tags=sample-config-all-intro] +//sample config applied to all apis on gateway +include::partial$task-tls-config.adoc[tags=sample-config-all] + +==== Apply TLS Configuration to a Specific API Instance + +//sample config applied a specific api intro +include::partial$task-tls-config.adoc[tags=sample-config-instance-intro] +//sample config applied to a specific api +include::partial$task-tls-config.adoc[tags=sample-config-instance] + +==== Apply mTLS Inbound Configuration to a Specific API Instance + +//sample mtls config applied a specific api intro +include::partial$task-tls-config.adoc[tags=sample-config-mtls-intro] +//sample mtls config applied to a specific api +include::partial$task-tls-config.adoc[tags=sample-config-mtls] + +include::partial$flex-tls-cipher.adoc[tags=cipherSupportLocal;local-ciphers] + + +== See Also +* xref:flex-conn-tls-config.adoc[] +* xref:flex-local-tls-config.adoc[] +* xref:policies-included-tls-outbound.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-tracing.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-tracing.adoc new file mode 100644 index 000000000..67d737221 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-tracing.adoc @@ -0,0 +1,142 @@ += Tracing Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy, otel, otel support, OpenTelemetry, distributed tracing + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | Tracing +>s|Summary | Override global tracing configuration +>s|Category | Troubleshooting +>s|First Omni Gateway version available | 1.10.0 +^s| Returned Status Codes | No return codes exist for this policy +|=== + +== Summary + +The Tracing policy enables you to override the global distributed tracing parameters for an API. + +== Before You Begin + +Distributed tracing is disabled by default. After you have enabled distributed tracing with an Omni Gateway global configuration, you can use this policy to override the global distributed tracing parameters for an API. + +For details on how to enable distributed tracing, see: + +* xref:flex-local-tracing-config.adoc[] +* xref:flex-conn-tracing-config.adoc[] +* xref:flex-managed-tracing-config.adoc[] + + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: tracing-flex + config: + sampling: + client: number // REQUIRED + random: number // REQUIRED + overall: number // REQUIRED + spanName: // OPTIONAL + labels: // OPTIONAL, default: [] + - name: // REQUIRED + type: // REQUIRED + keyName: // REQUIRED + defaultValue: // REQUIRED +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `sampling.client` +| Required +| 100 +| The target percentage of requests that are force traced if the `x-client-trace-id` header is set. + +| `sampling.random` +| Required +| 100 +| The target percentage of requests that are randomly selected for trace generation, if not requested by the client or not forced. + +| `sampling.overall` +| Required +| 100 +| The target percentage of requests that are traced after all other sampling checks have been applied, such as client-directed, force tracing, and random sampling. + +| `spanName` +| Optional +| N/A +| The name of the span. If no span name is configured, the API name is used. + +| `labels` +| Optional +| Empty array +| Array of labels that are added to the trace to be used as span attributes in the trace data. + +| `labels.name` +| Required +| N/A +| The name of the label, used as a span attribute name. + +| `labels.type` +| Required +| N/A +| The type of the label specifies where the value for the label is taken from. Supported values are `literal`, `environment`, and `requestHeader`. + +| `labels.keyName` +| Required +| N/A +| The key name of the label. + +| `labels.defaultValue` +| Required +| N/A +| The default value of the label. + +|=== + +==== Resource Configuration Example + +---- +- policyRef: + name: tracing-flex + config: + sampling: + client: 100 + random: 100 + overall: 100 + spanName: flightsAPI + labels: + - name: c-env-tag + type: environment + keyName: FLEX_NAME + defaultValue: DEFAULT_VAL + - name: c-header-tag + type: requestHeader + keyName: :method + defaultValue: DEFAULT_METHOD + - name: c-literal-tag + type: literal + defaultValue: the-tag +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a"] +|=== +| Element | Description | Required +| Client Sampling | The target percentage of requests that are force traced if the `x-client-trace-id` header is set. | Yes +| Random Sampling | The target percentage of requests that are randomly selected for trace generation, if not requested by the client or not forced. | Yes +| Overall Sampling | The target percentage of requests that are traced after all other sampling checks have been applied, such as client-directed, force tracing, and random sampling. | Yes +| Span name| The name of the span. If no span name is configured, the API name is used. | No +| Labels | Array of labels that are added to the trace to be used as span attributes in the trace data. | Optional +| Label Name | The name of the label, used as a span attribute name. | Yes +| Label Type | The type of the label specifies where the value for the label is taken from. Supported values are `literal`, `environment`, and `requestHeader`. | Yes +| Label Key Name |The key used to retrieve the value, such as an environment variable or request header name. | Yes +| Label Default Value | Default value to use if the key is not found or the retrieved value is empty. | Yes +|=== diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-traffic-management-route.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-traffic-management-route.adoc new file mode 100644 index 000000000..36ff54949 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-traffic-management-route.adoc @@ -0,0 +1,175 @@ += Traffic Management for Multiple Upstream Services +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: route, traffic management, upstream service + +[%autowidth.spread,cols="a,a"] +|=== +>s| Policy Name | Traffic Management for Multiple Upstream Services +>s|Summary | Manages API instance traffic to multiple upstream services from a single consumer endpoint +>s| First Omni Gateway version available | v1.0.0 +.4+>.^s| Returned Status Codes | No return codes exist for this policy. +[%autowidth.spread,cols="a,a"] +|=== + +[NOTE] +==== +The following information applies only to Omni Gateway running in Local Mode. To configure multiple upstream services for Omni Gateway running in Connected Mode, see xref:api-manager::create-instance-task-flex.adoc#traffic-management[Multiple Upstream Services for Omni Gateway Running in Connected Mode]. +==== + +== Summary + +Omni Gateway manages request traffic by using different routes that can each direct traffic to multiple upstream services. Omni Gateway directs traffic to the routes by using the route order and the individual route's rules. Additionally, you can add a weighted percentage to each upstream service within a route to manage the percentage of requests sent to the upstream service. For information about adding weight percentages, refer to xref:policies-included-traffic-management.adoc[]. + +To allow routing requests to a `Service` when an `ApiInstance` does not include `spec.services`, you must define a `PolicyBinding` configuration with the Traffic Management for Multiple Upstream Services (`route`) policy. You don't need to configure a `route` policy if a custom policy is managing requests. + +== Configuring Policy Parameters + +Refer to the following policy definition and table of parameters: + +---- +policyRef: + name: route +config: + destinationPath: // OPTIONAL, default: "/" + destinationRef: + name: // REQUIRED + kind: // OPTIONAL, default: "Service" + namespace: // OPTIONAL, default: "" +rules: + - path: // OPTIONAL, Example: (.*) + methods: // OPTIONAL, Example: GET|POST + headers: + : // OPTIONAL + host: // OPTIONAL +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +| Parameter | Required or Optional | Default Value | Description + +| `destinationPath` +| Optional +| "/" +| Path of the upstream service + +| `destinationRef.name` +| Required +| N/A +| Name of the upstream service as defined in the `Service` configuration resource + +| `destinationRef.kind` +| Optional +| "Service" +| + +| `destinationRef.namespace` +| Optional +| "" +| + +| `rules` +| Optional +| Empty +| Array of rulesets for this route. + +Each route can support multiple rulesets. + +| `rules.path` +| Optional +| Empty +| Request path that the route can service. + +You can define only one “URI Template Regex" path for each ruleset. Only requests with the defined path are sent to this route. + +| `rules.methods` +| Optional +| Empty +| Array that defines the types of request methods that the route can service. + +You can select multiple methods for each ruleset. Only requests that are one of the defined methods are sent to this route. Supported values are `GET`, `POST`, `PUT`, `PATCH`, `DELETE`, `OPTIONS`, `HEAD`, `TRACE`, and `CONNECT`. + +| `rules.headers` +| Optional +| Empty +| Array that defines what headers and regular expression value must be present for this route to service the request. + +Only requests that meet all of the specified header requirements are sent to this route. Additional headers present in the request that are not specifically defined in the rules are ignored. + +| `rules.host` +| Optional +| Empty +| Request host URL that the route can service. + +You can define only one host URL for each ruleset. Only requests made from the defined host are sent to this route. + +|=== + +=== Resource Configuration Example + +You can define an `ApiInstance` configuration that does not include the `spec.services` parameter: + +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: ApiInstance +metadata: + name: ingress-http +spec: + address: http://0.0.0.0:8080/api +---- + +Given the absence of the `spec.services` parameter, you must define the `route` policy in a `PolicyBinding` configuration: + +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: ingress-httpbin-route +spec: + targetRef: + name: ingress-http + policyRef: + name: route + config: + destinationPath: /orders + destinationRef: + name: orders-svc + rules: + - path: /foo(/.*) +---- + +The related `Service` configuration: + +[source,yaml] +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Service +metadata: + name: orders-svc +spec: + address: https://orders.svc.local:443/ +---- + +== Determining a Request Path + +The following table describes all the possible parameter combinations, with examples of the attributes that determine routing and the expected transformation of a request's path. The columns refer to data values of the attributes in the previous configuration examples. + +[options="header"] +|==== +| ApiInstance .address .path | PolicyBinding(route) .rules .path | PolicyBinding(route) .config .destinationPath | Input Path | Output Path +| | /api/.* | | /api/foo/bar | /api/foo/bar +| | /api(/.*) | | /api/foo/bar | /foo/bar +| | /api/.* | /orders | /api/foo/bar | /orders/api/foo/bar +| | /api(/.*) | /orders | /api/foo/bar | /orders/foo/bar +| /api | /foo/.* | | /api/foo/bar | /foo/bar +| /api | /foo(/.*) | | /api/foo/bar | /bar +| /api | /foo/.* | /orders | /api/foo/bar | /orders/foo/bar +| /api | /foo(/.*) | /orders | /api/foo/bar | /orders/bar +| /api | /api/foo/.* | /orders | /api/foo/bar | (expected a path like /api/api/foo/bar) +| /api | /foo(/.)/bar(/.) | | /api/foo/abc/bar/def | /abc/def +| /api | /foo(/.)/bar(/.) | /orders | /api/foo/abc/bar/def | /orders/abc/def +|==== + +== See Also + +* xref:policies-included-traffic-management.adoc[] +* xref:flex-local-publish-api-multiple-services.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-traffic-management.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-traffic-management.adoc new file mode 100644 index 000000000..aeb7242bc --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-traffic-management.adoc @@ -0,0 +1,155 @@ += Traffic Management for Multiple Upstream Services (Weighted) +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: route weight, traffic management, multiple upstream services + +[%autowidth.spread,cols="a,a"] +|=== +>s| Policy Name | Traffic Management for Multiple Upstream Services (Weighted) +>s|Summary | Manages weighted API instance traffic to multiple upstream services from a single consumer endpoint +>s| First Omni Gateway version available | v1.5.0 +.4+>.^s| Returned Status Codes | No return codes exist for this policy. +[%autowidth.spread,cols="a,a"] +|=== + +[NOTE] +==== +The following information applies only to Omni Gateway running in Local Mode. To configure multiple upstream services for Omni Gateway running in Connected Mode, see xref:api-manager::create-instance-task-flex.adoc#traffic-management[Multiple Upstream Services for Omni Gateway Running in Connected Mode]. +==== + +== Summary + +Omni Gateway running in Local Mode supports API instances that expose multiple upstream services through a single consumer endpoint. + +Omni Gateway manages request traffic by using different routes that can each direct traffic to multiple upstream services. Omni Gateway directs traffic to the routes by using the route order and the individual route's rules. Additionally, you can add a weighted percentage to each upstream service within a route to manage the percentage of requests sent to the upstream service. For information about configuring non-weighted traffic, refer to xref:policies-included-traffic-management-route.adoc[]. + +API instances with multiple upstream services in Local Mode are configured by using `PolicyBinding` YAML configuration resources. Each `route-weighted` resource defines a single route. To add additional routes, add multiple `route-weighted` resources. + +For a tutorial about how to publish an API instance with this policy applied, see xref:flex-local-publish-api-multiple-services.adoc[]. + +NOTE: Deploying APIs with multiple upstream services does not affect the xref:policies-included-tls-outbound.adoc[Outbound Transport Layer Security policy]. You can apply an Outbound TLS policy to each upstream service. + +== Configuring Policy Parameters + +Refer to the following policy definition and table of parameters: + +---- +policyRef: + name: route-weighted +config: + routes: + - weight: // REQUIRED, max_value=100, min_value=1 + destinationPath: // OPTIONAL, default: "/" + destinationRef: + name: // REQUIRED +rules: + - path: // OPTIONAL, Example: (.*) + methods: // OPTIONAL, Example: GET|POST + headers: + : // OPTIONAL + host: // OPTIONAL +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +| Parameter | Required or Optional | Default Value | Description + +| `routes` +| Required +| Empty +| Array of API upstream services. + +At least one upstream is required. + +| `routes.weight` +| Required +| N/A +| Weight of total requests sent to this upstream service. + + The percentage of traffic sent to that upstream service is the upstream service's weight divided by total weight of all upstream services. + +| `routes.destinationPath` +| Required +| N/A +| Path of the upstream service + +| `routes.destinationRef.name` +| Required +| N/A +| Name of the upstream service as defined in the `Service` configuration resource + +| `rules` +| Optional +| Empty +| Array of rulesets for this route. + +Each route can support multiple rulesets. + +| `rules.path` +| Optional +| Empty +| Request path that the route can service. + +You can define only one “URI Template Regex" path for each ruleset. Only requests with the defined path are sent to this route. + +| `rules.methods` +| Optional +| Empty +| Array that defines the types of request methods that the route can service. + +You can select multiple methods for each ruleset. Only requests that are one of the defined methods are sent to this route. Supported values are `GET`, `POST`, `PUT`, `PATCH`, `DELETE`, `OPTIONS`, `HEAD`, `TRACE`, and `CONNECT`. + +| `rules.headers` +| Optional +| Empty +| Array that defines what headers and regular expression value must be present for this route to service the request. + +Only requests that meet all of the specified header requirements are sent to this route. Additional headers present in the request that are not specifically defined in the rules are ignored. + +| `rules.host` +| Optional +| Empty +| Request host URL that the route can service. + +You can define only one host URL for each ruleset. Only requests made from the defined host are sent to this route. + +|=== + +== How This Policy Works + +The Traffic Management policy directs traffic to different sets of upstream services by using multiple routes with a defined route order and individual rulesets to direct traffic to different sets of upstream services. + +In the following diagram, different routes manage requests to flight information databases and to a customer service application. Route one has two upstream services defined, which directs 70% of requests to a stable database and 30% of requests to a beta database. + +image:multiple-upstreams.png["Omni Gateway manages the traffic to multiple upstream services"] + +To achieve this configuration, bind two `route-weighted` resources to the exposed API instance. One `route-weighted` resource directs traffic to the flight information database, and the other `route-weighted` resource directs traffic to the customer service application. + +=== Upstream Services + +You can use multiple upstream services in a single route to direct requests to similar services. For example, to test the performance of a new beta upstream service without sending all traffic to the new service, you can direct half of the traffic to a stable upstream service and half to the new upstream service. + +The upstream service within the route that each request is sent to is random and independent of any previous request. The `routes.weight` value defines the chance of a request being sent to a particular upstream service. The percentage of traffic sent to that upstream service is the upstream's `routes.weight` divided by the total weight of all upstream services. For example, if there are two upstream services with weight `1`, each receives 50% of the traffic to that route. If the weight values are `1` and `3`, one route would receive 25% of traffic and the other 75%. + +Because any upstream service within a route can receive any request, all upstream services within the same route must adhere to the same API contract. + + +=== Route Rules + +You can direct requests to different routes by using route rules. Requests must meet the rules for only one of the rulesets in the route. + +Rulesets refer to any combination of the four rules: `path`, `method`, `headers`, and `host`. You can use multiple rulesets to support different combinations of rules. + +All rules are optional. If a rule is not included in a ruleset, that rule is ignored. For example, not specifying a host means that the route can service any host if the request meets the other route rules. Not defining any rule means that the route can service every request. + +If a request does not meet the rules for any route, Omni Gateway returns a `404` error code. + +=== Route Order + +In addition to using route rules, you can direct requests to different routes by using policy ordering. + +To order policies, see xref:policies-reorder.adoc[] + +Setting the policy order sets the order in which traffic is directed to the routes. Omni Gateway directs requests to the first route if the request meets one of the route rulesets. Therefore, route ordering is very important when a request can meet the route rules of multiple routes. + +For example, in a configuration in which route one has the `GET` method defined as a rule and route two has no route rules defined, all `GET` requests are sent to route one and all other requests are sent to route two. If the route order was reversed and route one had no route rules, Omni Gateway would direct all requests to route one before any `GET` requests could reach route two. + + +== See Also + +* xref:flex-local-publish-api-multiple-services.adoc[] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-websocket-connection-limit.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-websocket-connection-limit.adoc new file mode 100644 index 000000000..5eb569220 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-websocket-connection-limit.adoc @@ -0,0 +1,76 @@ += WebSocket Connection Limit Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: websocket, connection limit, api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | WebSocket Connection Limit +>s| Summary | Limits the number of simultaneous WebSocket connections that each API instance allows +>s| Category | Quality of Service +>s| First Omni Gateway version available | v1.13.0 +.1+>.^s| Returned status codes +| 429 - `Too many WebSocket connections` +|=== + +== Summary + +The WebSocket Connection Limit policy tracks the number of active WebSocket connections for a specific API instance. Omni Gateway identifies these requests by the `Upgrade: websocket` header and ignores standard HTTP traffic. The WebSocket connection limit is distributed across Omni replicas. + +When a WebSocket upgrade request arrives, Omni Gateway increments the counter to reserve capacity before forwarding the handshake to the upstream service. If the upstream service doesn't return a `101 Switching Protocols` response, Omni Gateway releases the reservation. After a successful WebSocket connection closes, Omni Gateway decrements the counter. + +If the counter reaches the `maximumConnections` limit, Omni Gateway rejects the upgrade request with a `429` error code. + + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: websocket-connection-limit-flex + config: + maximumConnections: // REQUIRED, minimum 1 +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +| Parameter | Required | Default Value | Description + +| `maximumConnections` +| Yes +| `100` +| Maximum number of simultaneous WebSocket connections allowed for the API instance. The value must be an integer of 1 or greater. + +|=== + +==== Resource Configuration Example + +[source,yaml] +---- +- policyRef: + name: websocket-connection-limit-flex + config: + maximumConnections: 500 +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +s|Field s|Description s|Default s|Required + +| Maximum Connections +| Maximum number of simultaneous WebSocket connections allowed for the API instance. +| `100` +| Yes +|=== + + +== See Also + +* xref:policies-included-directory.adoc[Inbound Policies Directory] +* xref:flex-gateway-secure-apis.adoc[Securing Omni Gateway Instances with Policies] diff --git a/gateway/1.13/modules/ROOT/pages/policies-included-xml-threat-protection.adoc b/gateway/1.13/modules/ROOT/pages/policies-included-xml-threat-protection.adoc new file mode 100644 index 000000000..996ac0b42 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-included-xml-threat-protection.adoc @@ -0,0 +1,102 @@ += XML Threat Protection Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: xml threat protection, api gateway, flex gateway, gateway, policy + +[width="100%", cols="1,3"] +|=== +>s|Policy Name| XML Threat Protection +>s|Summary| Protects against malicious XML in API requests +>s|Category| Security +>s|First Omni Gateway version available |v1.10.0 +>s|Returned Status Codes|400 - Bad Request +|=== + +== Summary + +Applications that process XML requests are susceptible to attacks characterized by unusual inflation of elements, attributes, and deep nesting levels. Attackers use recursive techniques to consume memory resources. Dramatic increases in the size of the application data often signal a security risk. Use the XML Threat Protection policy to reject unusual requests that exceed the defined expected size. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: xml-threat-protection-flex + config: + maxNodeDepth: // OPTIONAL, default: -1 + maxAttributeCountPerElement: // OPTIONAL, default: -1 + maxChildCount: // OPTIONAL, default: -1 + maxTextLength: // OPTIONAL, default: -1 + maxAttributeLength: // OPTIONAL, default: -1 + maxCommentLength: // OPTIONAL, default: -1 +---- + +NOTE: Defining a parameter as `-1` means the parameter has no limit. + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required | Default Value | Description + +| `maxNodeDepth` +| No +| -1 +| Specifies the maximum node depth of an XML document. + +| `maxAttributeCountPerElement` +| No +| -1 +| Specifies the maximum number of attributes in an element. Attributes used for defining namespaces are not counted. + +| `maxChildCount` +| No +| -1 +| Specifies the maximum number of children of an element in the XML document. + +| `maxTextLength` +| No +| -1 +| Specifies the maximum length in characters of text nodes in the XML document. + +| `maxAttributeLength` +| No +| -1 +| Specifies the maximum length in characters of an attribute in the XML document. + +| `maxCommentLength` +| No +| -1 +| Specifies the maximum number of comment characters in the XML document. + +|=== + +==== Resource Configuration Example + +---- +- policyRef: + name: xml-threat-protection-flex + config: + maxNodeDepth: 1 + maxAttributeCountPerElement: 1 + maxChildCount: 2 + maxTextLength: 20 + maxAttributeLength: 20 + maxCommentLength: 20 +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +|Field |Description +|Maximum Node Depth | Specifies the maximum node depth of an XML document. +|Maximum Attribute Count Per Element | Specifies the maximum number of attributes in an element. Attributes used for defining namespaces are not counted. +|Maximum Child Count | Specifies the maximum number of children of an element in the XML document. +|Maximum Text Length | Specifies the maximum length in characters of text nodes in the XML document. +|Maximum Attribute Length | Specifies the maximum length in characters of an attribute in the XML document. +|Maximum Comment Length | Specifies the maximum number of comment characters in the XML document. +|=== + + diff --git a/gateway/1.13/modules/ROOT/pages/policies-mcp-access-control-together.adoc b/gateway/1.13/modules/ROOT/pages/policies-mcp-access-control-together.adoc new file mode 100644 index 000000000..82508e8fa --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-mcp-access-control-together.adoc @@ -0,0 +1,35 @@ += Configuring MCP Access Control Policies +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy, mcp, access control, tool mapping, abac + +Omni Gateway provides three MCP policies that work together to control which tools and related MCP entities are exposed: + +* xref:policies-included-mcp-global-access.adoc[MCP Global Access]: Restricts which tools are exposed by using allow or block rules. +* xref:policies-included-mcp-tool-mapping.adoc[MCP Tool Mapping]: Renames and modifies tool descriptions. +* xref:policies-included-mcp-attribute-access-control.adoc[MCP Attribute-Based Access Control]: Grants each client a subset of tools based on who they are, such as Tiers, IP, headers, or claims. + +== How the Policies Work Together + +You can use MCP policies individually or combine them to fit your use cases. When you use multiple policies together, stack them in this order from the gateway toward the client so that they work as intended: + +MCP Global Access:: +Filters the overall tool list. Define rules to allow or block specific tools so that only the tools you want to expose enter your network. + +MCP Tool Mapping:: +Renames tools or changes their descriptions. Mapping doesn't filter tools. If you use both policies, MCP Global Access must allow a tool before mapping applies. + +MCP Attribute-Based Access Control:: +Grants each connecting client a tailored subset of the available tools based on attributes, such as tiers, IP addresses, headers, or claims. + +To configure the policy order, see xref:policies-reorder.adoc[Ordering Policies]. + +== See Also + +* xref:policies-included-mcp-global-access.adoc[MCP Global Access] +* xref:policies-included-mcp-tool-mapping.adoc[MCP Tool Mapping] +* xref:policies-included-mcp-attribute-access-control.adoc[MCP Attribute-Based Access Control] +* xref:policies-reorder.adoc[Ordering Policies] +* xref:flex-agent-policies.adoc[Omni Gateway Agent Policies] diff --git a/gateway/1.13/modules/ROOT/pages/policies-outbound-a2a-intask-authorization-code.adoc b/gateway/1.13/modules/ROOT/pages/policies-outbound-a2a-intask-authorization-code.adoc new file mode 100644 index 000000000..bd5d1fb46 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-outbound-a2a-intask-authorization-code.adoc @@ -0,0 +1,163 @@ += A2A In-Task Authorization Code Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api gateway, flex gateway, gateway, policy, a2a, authentication, oauth2, outbound + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | A2A In-Task Authorization Code +>s|Summary | Ensures secondary credentials are present for in-task authentication using OAuth 2.0 Authorization Code flow +>s|Category | A2A +>s|First Omni Gateway version available | v1.11.4 +>s| Returned Status Codes | 200 (authentication challenge), 401 (authentication failure) +|=== + +include::partial$a2a-version-support.adoc[] + +== Summary + +The In-Task Authorization Code policy is an outbound policy that ensures secondary credentials are present for in-task authentication using OAuth 2.0 Authorization Code flow. When requests require additional authentication beyond the initial connection, this policy: + +. Detects if a request contains a secondary authentication token at `$.params.message.parts[].data.auth_credentials.accessToken`. This policy assumes that all requests besides agent card requests require secondary authentication. +. If a secondary token is missing, the policy returns an `auth-required` challenge with details of where the agent can obtain the token from the OAuth 2.0 authentication provider. ++ +To learn more about the authentication challenge response, see <>. +. If the token was initially provided or returned from the challenge response, the policy extracts the token from the request body. +. The policy sets the extracted token in the `Authorization` header and removes the token from the request body to prevent token leakage. ++ +To learn more about token handling, see <>. +. The policy then forwards the request to upstream services. + +[NOTE] +==== +To ensure agent discovery works uninterrupted, requests to these agent card endpoints bypass the policy without authentication: + +* `/.well-known/agent-card.json` +* Any path ending in `agent-card.json` +==== + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The In-Task Authorization Code policy isn't supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a"] + +|=== +| Element | Description | Required +| Secondary Auth Provider | Name of the OAuth 2.0 identity provider. For example: `okta`, `azure-ad`, `auth0`.| Optional +| Authorization Endpoint | Authorization endpoint URL of the OAuth 2.0 service. For example: `\https://dev-12345.okta.com/oauth2/v1/authorize`. | Required +| Token Endpoint | Token endpoint of the OAuth 2.0 service. For example: `\https://dev-12345.okta.com/oauth2/v1/token`. | Required +| Scopes | Space or comma separated list of the OAuth 2.0 scopes required for in-task authentication. For example: `openid profile email transaction:execute`. | Required +| Redirect URI | OAuth 2.0 redirect URI that the client uses in the authorization flow. | Required +| Token Audience | OAuth 2.0 token audience. The intended recipient of the token. For example: `\https://my-agent.example.com/api`. | Optional +| Response Type | OAuth 2.0 response type. Typically `code` for authorization code flow. | Optional +| Code Challenge Method | PKCE code challenge method. Typically `S256` for SHA-256. | Optional +| Body Encoding | Encoding format for token request body. Typically `form` for `application/x-www-form-urlencoded`. Default: `form`. | Optional +| Token Timeout | Timeout in seconds for token requests. | Optional +| User ID Header | Header name containing the user ID for user context propagation. Default: `X-User-Id`. | Optional +| Challenge Response Status Code | HTTP status code to return for `auth-required` challenge responses. Typically `200` to maintain JSON-RPC compatibility. | Optional +|=== + +[[token-handling]] +== Token Handling + +For `GET` and `POST` requests, the policy handles the token differently: + +* *GET*: The policy removes the request body after the token extraction. +* *POST*: The policy removes only the token property from the body and preserves the rest of the body. + +The token is always removed from the body after extraction to prevent token leakage to the upstream service. The extracted token is set in the `Authorization` header as the `Bearer ` before forwarding the request. This overrides any existing `Authorization` header. Perform any authentication of the first authorization header prior to this policy. + +The policy extracts the token from `$.params.message.parts[].data.auth_credentials.accessToken`. For example, using the default JSONPath, the policy extracts the token (`"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."`) from the following request body: + +[source,json] +---- +{ + "jsonrpc": "2.0", + "id": "req-18", + "method": "message/send", + "params": { + "taskId": "task-123", + "contextId": "ctx-456", + "message": { + "role": "user", + "parts": [ + { + "kind": "data", + "data": { + "auth_credentials": { + "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..." + } + } + } + ] + } + } +} +---- + +[[challenge-response]] +== Challenge Response Format + +If no secondary authentication token is found, the policy returns an `auth-required` A2A task response. The response preserves the `taskId` and `contextId` from the request if originally provided: + +[source,json] +---- +{ + "jsonrpc": "2.0", + "id": "req-18", + "result": { + "id": "task-123", + "contextId": "ctx-456", + "status": { + "state": "auth-required", + "message": { + "kind": "message", + "role": "agent", + "messageId": "msg-abc123", + "taskId": "task-123", + "parts": [ + { + "kind": "text", + "text": "To continue this task, additional authorization is required." + }, + { + "kind": "data", + "data": { + "authChallenge": { + "secondaryAuthProvider": "okta", + "authorizationEndpoint": "https://dev-12345.okta.com/oauth2/v1/authorize", + "tokenEndpoint": "https://dev-12345.okta.com/oauth2/v1/token", + "scopes": ["openid", "profile", "email"], + "audience": "https://my-agent.example.com/api", + "redirectUri": "https://myapp.example.com/oauth/callback", + "responseType": "code", + "codeChallengeMethod": "S256", + "bodyEncoding": "form" + } + } + } + ], + "metadata": {} + }, + "timestamp": "2025-01-01T00:00:00.000Z" + }, + "kind": "task" + } +} +---- + +NOTE: Only `taskId` and `contextId` are preserved. Snake_case variants, such as `task_id` or `context_id` are not supported. + +== See Also + +* xref:policies-outbound-directory.adoc[Outbound Policies Directory] +* xref:policies-outbound-oauth.adoc[Credential Injection OAuth 2.0] +* xref:policies-included-a2a-agent-card.adoc[A2A Agent Card Policy] +* xref:policies-included-a2a-schema-validation.adoc[A2A Schema Validation Policy] diff --git a/gateway/1.13/modules/ROOT/pages/policies-outbound-api-key.adoc b/gateway/1.13/modules/ROOT/pages/policies-outbound-api-key.adoc new file mode 100644 index 000000000..5242877a6 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-outbound-api-key.adoc @@ -0,0 +1,161 @@ += Credential Injection API Key Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: api key, client credentials, authentication, api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | Credential Injection API Key +>s|Summary | Injects an API key or client credentials headers into outgoing requests +>s|Category | Security +>s|First Omni Gateway version available | v1.10.2 +>s| Returned Status Codes | No return codes exist for this policy. Error codes are returned from the upstream service. +|=== + +== Summary + +The Credential Injection API Key policy injects authentication credentials into upstream requests to authenticate with upstream services that require API key or client credential authentication. The policy supports two authentication types: + +* **API Key**: Injects an API key value into the `Authorization` header or a custom header. +* **Client ID and Secret**: Injects the client ID and client secret value into the `client_id` and `client_secret` headers or custom headers. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: credential-injection-api-key-flex + config: + authType: // REQUIRED + overwrite: // REQUIRED, default: true + # For API Key authentication: + apiKey: // REQUIRED when authType is "apiKey" + customHeader: // OPTIONAL when authType is "apiKey" + # For Client Credentials authentication: + clientId: // REQUIRED when authType is "clientCredentials" + clientSecret: // REQUIRED when authType is "clientCredentials" + customClientIdHeader: // OPTIONAL when authType is "clientCredentials" + customClientSecretHeader: // OPTIONAL when authType is "clientCredentials" +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `authType` +| Required +| `apiKey` +| Authentication type to inject, either `apiKey` or `clientCredentials`. + +| `overwrite` +| Required +| `true` +| Overwrite authentication headers if present in the request. + +| `apiKey` +| Required when `authType` is `apiKey`. +| N/A +| The API key value to inject. + +| `customHeader` +| Optional +| N/A +| Use a custom header name instead of `Authorization` for API key injection. + +| `clientId` +| Required when `authType` is `clientCredentials`. +| N/A +| The client ID to inject. + +| `clientSecret` +| Required when `authType` is `clientCredentials`. +| N/A +| The client secret to inject. + +| `customClientIdHeader` +| Optional +| N/A +| Use a custom header instead of `client_id` for client ID injection. + +| `customClientSecretHeader` +| Optional +| N/A +| Use a custom header instead of `client_secret` for client secret injection. +|=== + +==== Resource Configuration Examples + +* API Key: ++ +---- +- policyRef: + name: credential-injection-api-key-flex + config: + authType: apiKey + apiKey: my-secret-api-key + overwrite: true +---- + +* API Key with Custom Header: ++ +---- +- policyRef: + name: credential-injection-api-key-flex + config: + authType: apiKey + apiKey: my-secret-api-key + customHeader: X-API-Key + overwrite: false +---- + +* Client Credentials: ++ +---- +- policyRef: + name: credential-injection-api-key-flex + config: + authType: clientCredentials + clientId: my-client-id + clientSecret: my-client-secret + overwrite: true +---- + +* Client Credentials with Custom Headers: ++ +---- +- policyRef: + name: credential-injection-api-key-flex + config: + authType: clientCredentials + clientId: my-client-id + clientSecret: my-client-secret + customClientIdHeader: X-Client-ID + customClientSecretHeader: X-Client-Secret + overwrite: false +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread] +|=== +|Parameter |Description + +|*Authentication Type* |Type of authentication header to inject: *API Key* or *Client ID and Secret*. + +|*Overwrite headers* |Overwrite authentication headers if present in the request. + +|*API Key* |The API key value to inject. + +|*Custom header* |Use a custom header instead of Authorization for API key injection. + +|*Client ID* |The client ID to inject. + +|*Client Secret* |The client secret to inject. + +|*Custom Client ID header* |Use a custom header instead of `client_id` for client ID injection. + +|*Custom Client secret header* |Use a custom header instead of `client_secret` for client secret injection. +|=== diff --git a/gateway/1.13/modules/ROOT/pages/policies-outbound-aws-lambda.adoc b/gateway/1.13/modules/ROOT/pages/policies-outbound-aws-lambda.adoc new file mode 100644 index 000000000..e6026a5c4 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-outbound-aws-lambda.adoc @@ -0,0 +1,154 @@ += AWS Lambda Policy + +[%autowidth.spread,cols="a,a"] +|=== +>s| Policy name | AWS Lambda +>s| Summary | Triggers an AWS Lambda function from a standard HTTP request +>s| Category | Transformation +>s| First Omni Gateway version available | v1.9.0 +.4+>.^s| Returned Status Codes +|502 - Bad Gateway, requests are blocked due to circuit breaker activation +|=== + +== Summary + +The AWS Lambda policy triggers an AWS Lambda function from a standard HTTP request. Pass the HTTP request payload as is or wrapped in a JSON schema. + +The AWS Lambda policy is an extension of the AWS Lambda filter native to Envoy. To learn more about the AWS Lambda filter, see https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/aws_lambda_filter[AWS Lambda Filter]. Not all AWS Lambda filter parameters are available to the AWS Lambda policy. To find what parameters are configurable, see <>. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +[source, yaml] +---- +- policyRef: + name: native-aws-lambda + config: + arn: // REQUIRED + payloadPassthrough: // REQUIRED + invocationMode: // REQUIRED + authenticationMode: // REQUIRED + credentialProfile: // OPTIONAL + credentials: + accessKeyId: // OPTIONAL + secretAccessKey: // OPTIONAL + sessionToken: // OPTIONAL +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `arn` +| Required +| N/A +| AWS Lambda ARN in this format: `arn:<partition>:lambda:<region>:<account-number>:function:<function-name>`. + +| `payloadPassthrough` +| Required +| false +| By default, Omni sends the request to the AWS Lambda function wrapped in JSON. When `payloadPassthrough` is enabled, the request is sent as is. + +| `invocationMode` +| Required +| sync +| The way to invoke the Lambda function, either `sync` or `async`. For `sync`, Omni Gateway awaits the AWS response. For `async`, Omni Gateway doesn't wait for the response from AWS. + +| `authenticationMode` +| Required +| N/A +| Determines the mode of authentication. Options are: `default`, uses in order credential AWS environment variables, AWS credential file, AWS roles; `profile`, profile from AWS credential file; `static`, credentials configured in the policy. + +| `credentialProfile` +| Optional +| N/A +| Specifies the credential `profile`. Only for `profile` authentication mode. + +| `credentials` +| Optional +| N/A +| Configures the `static` credentials object. Only for `static` authentication mode. + +| `credentials.accessKeyId` +| Required +| N/A +| AWS access key ID + +| `credentials.secretAccessKey` +| Required +| N/A +| AWS access key + +| `credentials.sessionToken` +| Optional +| N/A +| Session token + +|=== + +==== Resource Configuration Example + +The following example defines a rate limit of three requests every six seconds: + +[source, yaml] +---- +- policyRef: + name: native-aws-lambda + config: + arn: rn:<partition>:lambda:<region>:<account-number>:function:<function-name> + payloadPassthrough: true + invocationMode: sync + authenticationMode: static + credentials: + accessKeyId: id + secretAccessKey: secret + sessionToken: token +---- + + +include::partial$policy-title-headers.adoc[tag=ui] + + +[%header%autowidth.spread,cols="a,a,a"] +|=== +|Parameter | Required or Optional | Description + + +| The ARN of the AWS Lambda +| Required +| AWS Lambda ARN in this format: `arn:<partition>:lambda:<region>:<account-number>:function:<function-name>`. + +| Payload passthrough +| Required +| By default, Omni sends the request to the AWS Lambda function wrapped in JSON. When enabled, the request is sent as is. + +| Determines the way to invoke the Lambda function +| Required +| The way to invoke the Lambda function. For *Sync*, Omni Gateway awaits the AWS response. For *Async*, Omni Gateway doesn't wait for the response from AWS. + +| Determines origin of credentials +| Required +| Determines the mode of authentication. Options are: *Default*, uses in order credential AWS environment variables, AWS credential file, AWS roles; *Profile*, profile from AWS credential file; *Static*, credentials configured in the policy. + +| Credentials profile +| Optional +| Specifies the credential profile. Only for *Profile* authentication mode. + +| Credentials +| Optional +| Configures the static credentials. Only for *Static* authentication mode. + +| AccessKeyId +| Required +| AWS access key ID + +| SecretAccessKey +| Required +| AWS access key + +| SessionToken +| Optional +| Session token + +|=== diff --git a/gateway/1.13/modules/ROOT/pages/policies-outbound-aws-signature.adoc b/gateway/1.13/modules/ROOT/pages/policies-outbound-aws-signature.adoc new file mode 100644 index 000000000..61d53f239 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-outbound-aws-signature.adoc @@ -0,0 +1,293 @@ += AWS Request Signature Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: aws signature, aws request signing, authentication, api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | AWS Request Signature +>s|Summary | Signs outgoing requests with AWS Signature Version 4 (SigV4) or Signature Version 4A (SigV4A) +>s|Category | Security +>s|First Omni Gateway version available | v1.11.0 +>s| Returned Status Codes | No return codes exist for this policy. Error codes are returned from the upstream service. +|=== + +[[summary]] +== Summary + +The AWS Request Signature policy signs outgoing requests with AWS Signature Version 4 (SigV4) or Signature Version 4A (SigV4A) authentication. This policy injects the required AWS signature headers into requests to authenticate with AWS services, such as Amazon S3, Amazon API Gateway, or other AWS HTTP endpoints. + +The AWS Request Signature policy is an extension of the AWS Request Signing filter native to Envoy. To learn more about the AWS Request Signing filter, see https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/aws_request_signing/v3/aws_request_signing.proto[AWS Request Signing Filter]. Not all AWS Request Signing filter parameters are available to the AWS Request Signature policy. To find what parameters are configurable, see <>. + +[[configuring-policy-parameters]] +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +[source, yaml] +---- +- policyRef: + name: native-aws-signature-flex + config: + serviceName: // REQUIRED + region: // REQUIRED + useUnsignedPayload: // OPTIONAL + signingAlgorithm: // REQUIRED + matchExcludedHeaders: + - // OPTIONAL + authenticationMode: // REQUIRED + credentialsFileProvider: // OPTIONAL + inlineCredentialProvider: // OPTIONAL +---- + +NOTE: If you don't configure required parameters, the policy the default value. If the policy doesn't have a default value, there is a configuration error. + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `serviceName` +| Required +| N/A +| The service namespace of the HTTP endpoint. For example: `s3`, `execute-api`, or `ec2`. + +| `region` +| Required +| N/A +| The AWS region of the service hosting the HTTP endpoint. + +For `AWS_SIGV4`, this is a standard AWS region. For example: `us-west-2`. + +For `AWS_SIGV4A`, this is a region set of comma-separated region names (`us-west-2`), wildcards (`*`), or region strings with wildcards (`us-east-*`). A region set enables a signed request to be sent to multiple regions. + +| `useUnsignedPayload` +| Optional +| `false` +| Use the literal string `UNSIGNED-PAYLOAD` to calculate the payload hash instead of buffering the request to calculate the hash. Not all services support this option. + +| `matchExcludedHeaders` +| Optional +| N/A +| A list of request header to exclude from signing. Match by any https://www.envoyproxy.io/docs/envoy/latest/api-v3/type/matcher/v3/string.proto#envoy-v3-api-msg-type-matcher-v3-stringmatcher[Envoy StringMatcher pattern]. For example: ++ +[source, yaml] +---- +matchExcludedHeaders: + - prefix: x-envoy + - exact: x-custom-header + - exact: x-trace-id +---- ++ +In the example, the policy does not sign headers that start with `x-envoy` and the `x-custom-header` and `x-trace-id` headers. ++ +By default, Envoy excludes the `x-forwarded-for`, `x-forwarded-proto`, and `x-amzn-trace-id` headers. + +| `signingAlgorithm` +| Required +| `AWS_SIGV4` +| The signing algorithm to use, either `AWS_SIGV4` or `AWS_SIGV4A`. `AWS_SIGV4A` supports multi-region requests. + +| `authenticationMode` +| Required +| `default` +| Determines the mode of authentication for AWS credentials. Options are: + +* `default`: Uses the AWS credential chain in the order of environment variables, AWS credential file, then AWS roles. + +* `profile`: Uses a specific profile from the AWS credential file. + +* `static`: Uses statically configured credentials provided in `inlineCredentialProvider`. + +| `credentialsFileProvider` +| Optional +| N/A +| Configuration for using credentials from an AWS credential file. Required when `authenticationMode` is `profile`. See <> for details. + +| `inlineCredentialProvider` +| Optional +| N/A +| Configuration for statically configured credentials. Required when `authenticationMode` is `static`. See <> for details. +|=== + +[[credential-provider-configuration]] +=== Credential Provider Configuration + +The credential provider configuration depends on the `authenticationMode` setting: + +* **`default`**: No additional configuration needed. The policy uses the AWS credential chain (environment variables, AWS credential file, or AWS roles). + +* **`profile`**: Use `credentialsFileProvider` to specify the AWS credential file and profile. + +* **`static`**: Use `inlineCredentialProvider` to provide credentials directly in the configuration. + +[[credentials-file-provider]] +==== Credentials File Provider + +Use `credentialsFileProvider` when `authenticationMode` is set to `profile`: + +[source, yaml] +---- +credentialsFileProvider: + credentialsDataSource: + filename: // REQUIRED + profile: // OPTIONAL +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `credentialsDataSource.filename` +| Required +| N/A +| Path to the AWS credential file. For example: `~/.aws/credentials`. + +| `profile` +| Optional +| `default` +| The AWS profile name to use from the credential file. +|=== + +[[inline-credential-provider]] +==== Inline Credential Provider + +Use `inlineCredentialProvider` when `authenticationMode` is set to `static`: + +[source, yaml] +---- +inlineCredentialProvider: + accessKeyId: // REQUIRED + secretAccessKey: // REQUIRED + sessionToken: // OPTIONAL +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `accessKeyId` +| Required +| N/A +| AWS access key ID. + +| `secretAccessKey` +| Required +| N/A +| AWS secret access key. + +| `sessionToken` +| Optional +| N/A +| AWS session token (required for temporary credentials). +|=== + +[[resource-configuration-examples]] +==== Resource Configuration Examples + +* Basic configuration with default authentication: ++ +[source, yaml] +---- +- policyRef: + name: native-aws-signature-flex + config: + serviceName: s3 + region: us-west-2 + signingAlgorithm: AWS_SIGV4 + authenticationMode: default +---- + +* Configuration with static credentials: ++ +[source, yaml] +---- +- policyRef: + name: native-aws-signature-flex + config: + serviceName: execute-api + region: us-east-1 + signingAlgorithm: AWS_SIGV4 + authenticationMode: static + inlineCredentialProvider: + accessKeyId: AKIAIOSFODNN7EXAMPLE + secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY +---- + +* Configuration with profile authentication: ++ +[source, yaml] +---- +- policyRef: + name: native-aws-signature-flex + config: + serviceName: s3 + region: us-west-2 + signingAlgorithm: AWS_SIGV4 + authenticationMode: profile + credentialsFileProvider: + credentialsDataSource: + filename: ~/.aws/credentials + profile: my-profile +---- + +* Configuration with SigV4A and unsigned payload: ++ +[source, yaml] +---- +- policyRef: + name: native-aws-signature-flex + config: + serviceName: s3 + region: "*" + signingAlgorithm: AWS_SIGV4A + authenticationMode: default + useUnsignedPayload: true +---- + +* Configuration with excluded headers: ++ +[source, yaml] +---- +- policyRef: + name: native-aws-signature-flex + config: + serviceName: s3 + region: us-west-2 + signingAlgorithm: AWS_SIGV4 + authenticationMode: default + matchExcludedHeaders: + - prefix: x-envoy + - exact: x-custom-header + - exact: x-trace-id +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread] +|=== +|Parameter |Description | Required or Optional + +|Service name |The service namespace of the HTTP endpoint. For example: `s3`, `execute-api`, or `ec2`. |Required + +|Region |The AWS region string for the service. For SigV4, use a standard region. For example: `us-west-2`. For SigV4A, use a region set of comma-separated region names (`us-west-2`), wildcards (`*`), or region strings with wildcards (`us-east-*`). |Required + +|Use unsigned payload |Instead of buffering the request to calculate the payload hash, use the literal string `UNSIGNED-PAYLOAD`. |Optional + +|Signing algorithm |The signing algorithm to use: `AWS_SIGV4` or `AWS_SIGV4A`. `AWS_SIGV4A` supports multi-region requests. |Required + +|Match excluded headers |A list of request headers to exclude from signing. Match by any Envoy StringMatcher pattern. For example: `prefix: x-envoy`, `exact: x-custom-header`, or `exact: x-trace-id`. |Optional + +|Authentication mode |Determines the mode of authentication for AWS credentials. Options: `default` (uses AWS credential chain: environment variables, AWS credential file, AWS roles), `profile` (uses a specific profile from the AWS credential file), or `static` (uses statically configured credentials). |Required + +|Credentials file provider |Configuration for using credentials from an AWS credential file (required when authentication mode is `profile`). |Optional + +|Credentials file |Path to the AWS credential file. For example: `~/.aws/credentials`. |Required when using credentials file provider + +|Profile |The AWS profile name to use from the credential file. |Optional + +|Inline credential provider |Configuration for statically configured credentials (required when authentication mode is `static`). |Optional + +|Access key ID |AWS access key ID when using inline credential provider. |Required when using inline credential provider + +|Secret access key |AWS secret access key when using inline credential provider. |Required when using inline credential provider + +|Session token |AWS session token when using inline credential provider with temporary credentials. |Optional +|=== + diff --git a/gateway/1.13/modules/ROOT/pages/policies-outbound-basic-auth.adoc b/gateway/1.13/modules/ROOT/pages/policies-outbound-basic-auth.adoc new file mode 100644 index 000000000..f214f20eb --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-outbound-basic-auth.adoc @@ -0,0 +1,85 @@ += Credential Injection Basic Authentication Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: basic authentication, api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | Credential Injection Basic Authentication +>s|Summary | Injects a basic authorization header into outgoing requests +>s|Category | Security +>s|First Omni Gateway version available | v1.9.0 +>s| Returned Status Codes | No return codes exist for this policy. Error codes are returned from the upstream service. +|=== + +== Summary + +The Credential Injection Basic Authentication policy injects an `Authorization` header containing a username and password into outbound requests. The policy ensures that requests sent from Omni Gateway to an upstream service include the correct authentication headers. The Authorization header format is `Authorization: Basic `. + +The policy follows https://tools.ietf.org/html/rfc7617[Basic HTTP authentication standards]. + +When an error occurs, the policy returns a `WWW-Authenticate` HTTP header field. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: credential-injection-basic-auth-flex + config: + username: // OPTIONAL + password: // OPTIONAL + overwrite: // OPTIONAL + customHeader: // OPTIONAL +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `username` +| Optional +| N/A +| The username for the basic authentication credentials. + +| `password` +| Optional +| N/A +| The password for the basic authentication credentials. + +| `overwrite` +| Optional +| true +| When enabled, if the `Authorization` header is present, the policy overwrites it with the configured credentials. + +| `customHeader` +| Optional +| N/A +| When configured, a custom header is injected instead of the `Authorization` header. If *Overwrite header* is enabled, the policy overwrites the custom header if present instead of the `Authorization` header. + +|=== + +==== Resource Configuration Example + +---- +- policyRef: + name: http-basic-authentication-flex + config: + username: chris + password: admin +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread] +|=== +|Parameter |Description | Required? +|Username |The username for the basic authentication credentials. |Optional +|Password |The password for the basic authentication credentials. |Optional +|Overwrite header |When enabled, if the `Authorization` header is present, the policy overwrites it with the configured credentials.|Optional +|Custom Header |When configured, a custom header is injected instead of the `Authorization` header. If *Overwrite header* is enabled, the policy overwrites the custom header if present instead of the `Authorization` header.|Optional +|=== + diff --git a/gateway/1.13/modules/ROOT/pages/policies-outbound-circuit-breaker.adoc b/gateway/1.13/modules/ROOT/pages/policies-outbound-circuit-breaker.adoc new file mode 100644 index 000000000..17d9443d3 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-outbound-circuit-breaker.adoc @@ -0,0 +1,124 @@ += Circuit Breaker Policy + +[%autowidth.spread,cols="a,a"] +|=== +>s| Policy name | Circuit Breaker +>s| Summary | Prevents an upstream from receiving too many requests or connections +>s| Category | Quality of Service +>s| First Omni Gateway version available | v1.9.0 +.4+>.^s| Returned Status Codes +|503 - Service Unavailable +|=== + +== Summary + +The Circuit Breaker policy prevents upstream services from receiving too many requests or connections at a time. If the defined maximums are reached, Omni Gateway returns a `503 - Service Unavailable` error. + +For Managed Omni Gateways or Connected Mode, each API instance has its own independent limit when requesting the same upstream, allowing each to use the full maximum. In Local Mode, the limits are shared among different API instances, so they must all adhere to the same upstream maximum. For all modes, maximums are not distributed across replicas; each Gateway can use the full maximum. + +The Circuit Breaker policy is an extension of the Envoy upstream clusters circuit breaking feature. To learn more about the Envoy's circuit breaking, see https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking.html[Circuit Breaking] in the Envoy documentation. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: PolicyBinding +metadata: + name: upstream-policy +spec: + targetRef: + Kind: Service + name: upstream + policyRef: + name: circuit-breaker-flex + config: + thresholds: + maxConnections: // OPTIONAL + maxPendingRequests: // OPTIONAL + maxRequests: // OPTIONAL + maxRetries: // OPTIONAL + maxConnectionPools: // OPTIONAL +---- + +NOTE: For Local Mode, the limits are not independent, so different API instances share the maximums for an upstream. + +[%header%autowidth.spread,cols="a,a,a"] +|=== +|Parameter | Required or Optional | Description + + +| `maximumConnections` +| Optional +| Maximum number of connections per API to an upstream. + +| `maximumPendingRequests` +| Optional +| Maximum number of queued requests while waiting for a connection. + +| `maximumRequests` +| Optional +| Maximum number of outstanding requests to an upstream. + +| `maximumRetries` +| Optional +| Maximum number of outstanding retries. + +| `maximumConnectionPools` +| Optional +| Maximum number of connection pools concurrently initiated to an upstream. + +|=== + +==== Resource Configuration Example + +This example defines a policy that supports a maximum of one request at a time: + +---- +apiVersion: gateway.mulesoft.com/v1beta1 +kind: Configuration +metadata: + name: circuit-breaker + namespace: test-ns +spec: + circuitBreaker: + thresholds: + maxConnections: 1 + maxPendingRequests: 1 + maxRequests: 1 + maxRetries: 1 + maxConnectionPools: 1 +---- + + +include::partial$policy-title-headers.adoc[tag=ui] + + +[%header%autowidth.spread,cols="a,a,a"] +|=== +|Parameter | Required or Optional | Description + +| Maximum connections +| Optional +| Maximum number of connections per API to an upstream. + +| Maximum pending requests +| Optional +| Maximum number of queued requests while waiting for a connection. + +| Maximum requests +| Optional +| Maximum number of outstanding requests to an upstream. + +| Maximum retries +| Optional +| Maximum number of outstanding retries. + +| Maximum connection pools +| Optional +| Maximum number of connection pools concurrently initiated to an upstream. + +|=== + +NOTE: For Managed Omni Gateways or Connected Mode, each API instance has its own independent limit when requesting the same upstream, allowing each to use the full maximum. diff --git a/gateway/1.13/modules/ROOT/pages/policies-outbound-directory.adoc b/gateway/1.13/modules/ROOT/pages/policies-outbound-directory.adoc new file mode 100644 index 000000000..7adef1cf9 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-outbound-directory.adoc @@ -0,0 +1,29 @@ += Outbound Policies Directory +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images + +== Outbound Policies Included in Omni Gateway + + +[%header%autowidth.spread] +|=== +|Policy |Category |Summary +| xref:policies-outbound-a2a-intask-authorization-code.adoc[A2A In-Task Authorization Code] | A2A | Ensures secondary credentials are present for in-task authentication using OAuth 2.0 Authorization Code flow +| xref:policies-outbound-aws-lambda.adoc[AWS lambda] | Transformation | Triggers an AWS Lambda function from a standard HTTP request +| xref:policies-outbound-aws-signature.adoc[AWS Request Signature] | Security | Signs outgoing requests with AWS Signature Version 4 (SigV4) or Signature Version 4A (SigV4A) +| xref:policies-outbound-circuit-breaker.adoc[Circuit Breaker] | Quality of Service | Prevents an upstream from receiving too many requests or connections +| xref:policies-outbound-basic-auth.adoc[Credential Injection Basic Authentication] | Security | Allows access based on the basic authorization mechanism, with a single user-password +| xref:policies-outbound-api-key.adoc[Credential Injection API Key] | Security | Injects an API key or client credentials headers into outgoing requests +| xref:policies-outbound-oauth.adoc[Credential Injection OAuth 2.0] | Security | Injects an OAuth 2.0 authorization header into outgoing requests +| xref:policies-outbound-jwt-generation.adoc[Credential Injection JWT Generation] | Security | Generates and injects a JWT token into outgoing requests +| xref:policies-outbound-oauth-obo.adoc[OAuth 2.0 OBO Credential Injection] | Security | Exchanges incoming bearer tokens using OAuth 2.0 Token Exchange (RFC 8693), Microsoft Entra ID On-Behalf-Of, or OAuth 2.0 Token Exchange with CIBA +| xref:policies-outbound-message-logging.adoc[Outbound Message Logging] | Troubleshooting | Logs custom messages from outbound requests sent to upstream services, responses from upstream services, or information from other outbound policies applied to the same upstream service +| xref:policies-included-tls-outbound.adoc[Transport Layer Security (TLS) - Outbound] | Security | Enables two-way authentication between the API proxy and an upstream service +| xref:policies-outbound-upstream-idle-timeout.adoc[Upstream Idle Timeout] | Quality of Service | Sets the maximum idle duration for a stream between Omni Gateway and an upstream service +|=== + +== See Also + +* xref:gateway-home::index.adoc#policy-availability-by-gateway[Policy Availability by Gateway] diff --git a/gateway/1.13/modules/ROOT/pages/policies-outbound-jwt-generation.adoc b/gateway/1.13/modules/ROOT/pages/policies-outbound-jwt-generation.adoc new file mode 100644 index 000000000..47875e5eb --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-outbound-jwt-generation.adoc @@ -0,0 +1,137 @@ += Credential Injection JWT Generation Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: jwt, token, authentication, api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | Credential Injection JWT Generation +>s|Summary | Generates and injects a JWT token into outgoing requests +>s|Category | Security +>s|First Omni Gateway version available | v1.12.0 +>s| Returned Status Codes | No return codes exist for this policy. Error codes are returned from the upstream service. +|=== + +== Summary + +The Credential Injection JWT Generation policy generates and injects a JWT token into outgoing requests. It signs the token with the configured key and algorithm and supports standard time-based claims, such as `exp`, `iat`, and `nbf`, in addition to custom claims and JWT headers. Each claim and header name and value can be a string or a DataWeave expression. Expressions can reference request attributes or authentication data. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: jwt-generation-flex + config: + signingMethod: // REQUIRED, default: RS256 + privateKey: // REQUIRED + iat: // REQUIRED, default: true + exp: // REQUIRED, default: 0 + nbf: // REQUIRED, default: 0 + customClaims: // REQUIRED (can be empty array) + - name: + value: + customHeaders: // REQUIRED (can be empty array) + - name: + value: +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `signingMethod` +| Required +| `RS256` +| The algorithm that signs the JWT. Supported values: `RS256`, `RS384`, `RS512`, `HS256`, `HS384`, `HS512`, `ES256`, and `ES384`. + +| `privateKey` +| Required +| N/A +| The key that signs the JWT. Use PEM-formatted pkcs8 for RSA and ES. Use plain text for HS. + +| `iat` +| Required +| `true` +| A Boolean value specifying whether to include the issued-at (iat) claim in the JWT. + +| `exp` +| Required +| `0` +| The number of seconds from the issue time until expiration. To omit the `exp` claim, enter `0`. + +| `nbf` +| Required +| `0` +| The number of seconds from the issue time until the token becomes valid. To omit the `nbf` claim, enter `0`. + +| `customClaims` +| Required +| N/A +| The claims to include in the JWT. Each entry has a `name` and a `value`. Each can be a string or a DataWeave expression. The array can be empty. + +| `customHeaders` +| Required +| N/A +| The JWT header parameters to include. Each entry has a `name` and a `value`. Each can be a string or a DataWeave expression. The array can be empty. +|=== + +==== Resource Configuration Examples + +* HMAC-signed JWT with custom claim: ++ +---- +- policyRef: + name: jwt-generation-flex + config: + signingMethod: HS256 + privateKey: my-secret-key + iat: true + exp: 3600 + nbf: 0 + customClaims: + - name: "sub" + value: "#[authentication.properties.clientId default 'anonymous']" + customHeaders: [] +---- + +* RSA-signed JWT with custom claims and headers: ++ +---- +- policyRef: + name: jwt-generation-flex + config: + signingMethod: RS256 + privateKey: | + -----BEGIN PRIVATE KEY----- + + -----END PRIVATE KEY----- + iat: true + exp: 7200 + nbf: 0 + customClaims: + - name: "aud" + value: "'https://upstream.example.com'" + - name: "client_id" + value: "#[authentication.properties.clientId]" + customHeaders: + - name: "kid" + value: "'key-1'" +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread] +|=== +|Parameter |Description | Required? +|Signing Method |The algorithm that signs the JWT. Valid values are RS256, RS384, RS512, HS256, HS384, HS512, ES256, and ES384. |Required +|Private Key |The key that signs the JWT. Use PEM with pkcs8 for RSA and ES. Use plain text for HS. |Required +|Issued At (iat) |A Boolean value specifying whether to include the issued-at (`iat`) claim in the JWT. |Required +|Expiration (exp) |The number of seconds from the issue time until expiration. To omit the `exp` claim, enter `0`. |Required +|Not Before (nbf) |The number of seconds from the issue time until the token becomes valid. To omit the `nbf` claim, enter `0`. |Required +|Custom Claims |The claims to include in the JWT. Each entry has a `name` and a `value`. Each can be a string or a DataWeave expression. The array can be empty. |Required +|Custom Headers |The JWT header parameters to include. Each entry has a `name` and a `value`. Each can be a string or a DataWeave expression. The array can be empty.|Required +|=== diff --git a/gateway/1.13/modules/ROOT/pages/policies-outbound-message-logging.adoc b/gateway/1.13/modules/ROOT/pages/policies-outbound-message-logging.adoc new file mode 100644 index 000000000..ed93c6729 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-outbound-message-logging.adoc @@ -0,0 +1,199 @@ += Outbound Message Logging Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: outbound message logging, api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy name | Outbound Message Logging +>s|Summary | Logs custom messages from outbound requests sent to upstream services, responses from upstream services, or information from other outbound policies applied to the same upstream service +>s|Category | Troubleshooting +>s|First Omni Gateway version available | v1.11.0 +.1+>.^s| Returned Status Codes +| No return codes exist for this policy +|=== + +== Summary + +The Outbound Message Logging policy logs custom messages from outbound requests sent to upstream services, responses from upstream services, or information from other outbound policies applied to the same upstream service. This policy is applied at the upstream level. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +apiVersion: gateway.mulesoft.com/v1beta1 +kind: PolicyBinding +metadata: + name: outbound-message-logging +spec: + targetRef: + kind: Service + name: upstream + policyRef: + name: message-logging-outbound-flex + config: + loggingConfiguration: + - itemName: // REQUIRED + itemData: //REQUIRED + message: // REQUIRED + conditional: // OPTIONAL + category: // OPTIONAL + level: // REQUIRED + firstSection: // OPTIONAL + secondSection: // OPTIONAL +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== + +|Parameter | Required or Optional | Default Value | Description + +| `loggingConfiguration` +| Required +| N/A +| Array of configurations. + +| `loggingConfiguration.itemName` +| Required +| N/A +| Configuration name. + +| `loggingConfiguration.itemData.message` +| Required +| N/A +| DataWeave expression that resolves to the message log. To learn more about supported DataWeave expressions, see <>. + +| `loggingConfiguration.itemData.conditional` +| Optional +| `true` +| DataWeave expression that resolves to whether the message should be logged. To learn more about supported DataWeave expressions, see <>. + +| `loggingConfiguration.itemData.category` +| Optional +| Default category +| Log message prefix that indicates the package and class where the log is executed. + +| `loggingConfiguration.itemData.level` +| Required +| N/A +| Defines the level of message to log: `INFO`, `WARN`, `ERROR`, or `DEBUG` + +For more information, see <>. + +| `loggingConfiguration.itemData.firstSection` +| Optional +| `false` +| Boolean that indicates if messages are logged before the outbound request is sent to the upstream service, taking into account the order in which this policy is applied. + +| `loggingConfiguration.itemData.secondSection` +| Optional +| `false` +| Boolean that indicates if messages are logged after receiving the response from the upstream service, taking into account the order in which this policy is applied. + +|=== + +==== Resource Configuration Example + +---- +apiVersion: gateway.mulesoft.com/v1beta1 +kind: PolicyBinding +metadata: + name: outbound-message-logging +spec: + targetRef: + kind: Service + name: my-upstream + policyRef: + name: message-logging-outbound-flex + config: + loggingConfiguration: + - itemName: "Outbound Request Log" + itemData: + message: "#[payload]" + conditional: "#[attributes.queryParams['debug']=='true']" + level: "INFO" + firstSection: true + - itemName: "Outbound Response Log" + itemData: + message: "#['Upstream response: ' ++ attributes.statusCode as String]" + level: "INFO" + secondSection: true +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread] +|=== +|Parameter |Description | Required or Optional +|Message |A DataWeave expression for extracting the message to be logged from outbound requests or upstream responses. To learn more about supported DataWeave expressions, see <>. +|Required +|Conditional |A DataWeave Boolean expression used to specify whether a message is to be logged. To learn more about supported DataWeave expressions, see <>. |Optional +|Category |A prefix in the log message that indicates the package and class where the log is executed. |Optional +|Level |The level of message to log: `INFO`, `WARN`, `ERROR`, or `DEBUG`. + +For more information, see <>.|Required +|Before Sending Request |Set to cause your logging policy to log messages before the outbound request is sent to the upstream service, taking into account the order in which this policy is applied. |Optional +|After Receiving Response |Set to cause your logging policy to log messages after receiving the response from the upstream service, taking into account the order in which this policy is applied. |Optional +|=== + + +[[dataweave-support]] +== DataWeave Expressions Support + +The Outbound Message Logging policy supports the xref:policies-flex-dataweave-support.adoc[standard DataWeave Expressions supported by Omni Gateway policies] and the following additional xref:dataweave::dataweave-variables-context.adoc[`vars`] DataWeave expressions. Format the following expressions `#[vars.]`, for example `#[vars.orgId]`: + +* `orgId` +* `masterOrgId` +* `envId` +* `apiId` +* `apiName` +* `apiInstanceName` +* `apiVersion` +* `receivedTs` (rfc3339) +* `repliedTs` (rfc3339, only available in response context) +* `runtimeVersion` (For example: `v1.7.0`) +* `hostId` (For example: `my-host`) +* `reqId` (Referred to as `traceId` in Omni Gateway logs) +* `requestDisposition` (`PROCESSED` or `VIOLATION`, only available in request context) +* `request.remoteAddress` +* `request.method` +* `request.requestPath` +* `request.headers` (all request headers) +* `upstream.uri` (URI of the upstream service) +* `upstream.headers` (headers sent to upstream service) +* `upstream.statusCode` (status code from upstream response, only available in response context) +* `violation.clientId` (Only available in response context) +* `violation.clientName` (Only available in response context) +* `violation.policyName` (Only available in response context) +* `violation.violationType` (`VIOLATION` or `ERROR`, only available in response context) + +== How This Policy Works + +Logging an outbound policy consists of the following sequence: + +. An outbound request is prepared to be sent to an upstream service. +. The message is logged if these conditions are `true`: +** The level and category of the log defined in the policy are included in the logger defined in the configuration file. +** Either the conditional field of the policy is not set, or is set and the condition is met. +** The `firstSection` flag is enabled (if logging before sending the request). +. The request is sent to the upstream service. +. The upstream service responds. +. The message is logged if these conditions are `true`: +** The level and category of the log defined in the policy are included in the logger defined in the configuration file. +** Either the conditional field of the policy is not set, or is set and the condition is met. +** The `secondSection` flag is enabled (if logging after receiving the response). +. The response is returned to the client. Outbound Message Logging Policy does not interfere with the execution of any policy nor its flow. +. The message appears in the application log. + +== Logging Format + +A message log uses this format: + +` [flex-gateway-envoy][] wasm log .default..default.svc main: [req: ] [accessLog] ` + +* `policy-name`: displays the name of the policy binding. +* `api-name`: displays the name of the api instance. +* `request uuid`: displays a unique identifier for the request that triggered the message. + +include::partial$logging-severity-level.adoc[] diff --git a/gateway/1.13/modules/ROOT/pages/policies-outbound-oauth-obo.adoc b/gateway/1.13/modules/ROOT/pages/policies-outbound-oauth-obo.adoc new file mode 100644 index 000000000..7ff1f15ad --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-outbound-oauth-obo.adoc @@ -0,0 +1,77 @@ += OAuth 2.0 OBO Credential Injection Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: oauth2, token exchange, on-behalf-of, obo, rfc 8693, api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | OAuth 2.0 OBO Credential Injection +>s|Summary | Exchanges incoming bearer tokens using OAuth 2.0 Token Exchange (RFC 8693), Microsoft Entra ID On-Behalf-Of, or OAuth 2.0 Token Exchange with CIBA +>s|Category | Security +>s|First Omni Gateway version available | v1.11.0 +>s| Returned Status Codes | No return codes exist for this policy. Error codes are returned from the upstream service. +|=== + +== Summary + +The OAuth 2.0 On-Behalf-Of (OBO) Credential Injection policy exchanges an incoming bearer token for a new token to target specific upstream services. The policy supports OAuth 2.0 Token Exchange (RFC 8693), Microsoft Entra ID On-Behalf-Of protocols, and OAuth 2.0 Token Exchange with Client Initiated Backchannel Authentication (CIBA). This policy is applied to outbound traffic (gateway to the backend service) to automatically exchange the OAuth 2.0 token needed for backend services. + +The policy extracts the Bearer token from the incoming request's `Authorization` header and sends a token exchange request to the token endpoint. The policy then replaces the `Authorization` header with the new token returned from the token exchange service and forwards the modified request to the backend service. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFileTitleOnly] + +The OAuth 2.0 OBO Credential Injection policy isn't supported in Local Mode. + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a"] +|=== +|Parameter |Description + +|Token Exchange Flow |Token exchange flow: *OAuth 2.0 Token Exchange* (RFC 8693) or *Microsoft Entra ID On-Behalf-Of*. + +|Client ID |OAuth 2.0 client ID for token exchange. + +|Client Secret |OAuth 2.0 client secret for token exchange. + +|Token Endpoint |OAuth 2.0 token endpoint URL. + +|Target Type |Parameter type for specifying the target service. Required for OAuth 2.0 Token Exchange flow. Supported values: + +* Audience: Logical identifier of the target service (default) +* Resource: Physical URI of the target resource (RFC 8707) +|Target Value |Target audience URI or resource URI for the exchanged token. Required for OAuth 2.0 Token Exchange flow. + +|Scope |OAuth 2.0 scope to request. Required for Microsoft Entra OBO (for example, `api://downstream-client-id/.default`) and OAuth2 Token Exchange with CIBA (for example, `openid`). Optional for OAuth 2.0 Token Exchange (RFC 8693). + +|Timeout |Timeout for token exchange requests in milliseconds. Default: 10000. + +|Enable CIBA |Enables OAuth 2.0 Token Exchange with CIBA flow. Available only for OAuth 2.0 Token Exchange. + +|CIBA Backchannel Endpoint |The backchannel authentication endpoint (`bc-authorize`) used to initiate the CIBA flow. Required when *Enable CIBA* is selected. + +|Login Hint Claim |JWT claim from the incoming subject token to send as `login_hint` in the CIBA request. If no hint is specified, `email` is used. + +|Binding Message |Optional human-readable message sent as `binding_message` in the CIBA request and displayed on the authentication device. +|=== + +== CIBA Behavior + +When *Enable CIBA* is selected, the policy initiates a CIBA backchannel authentication request on the first matching outbound call and returns an authorization pending response until user authentication is approved by the authorization server. After approval, the policy injects the exchanged access token into the `Authorization` header and forwards requests to the backend service. + +While waiting for user authentication, the policy returns a `401 Unauthorized` response with the following JSON body: + +---- +HTTP/1.1 401 Unauthorized +Retry-After: 5 +Content-Type: application/json + +{ +  "error": "authorization_pending", +  "error_description": "CIBA authorization flow initiated. Downstream user authorization is in progress. Retry after the indicated interval." +} +---- diff --git a/gateway/1.13/modules/ROOT/pages/policies-outbound-oauth.adoc b/gateway/1.13/modules/ROOT/pages/policies-outbound-oauth.adoc new file mode 100644 index 000000000..49500b147 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-outbound-oauth.adoc @@ -0,0 +1,200 @@ += Credential Injection OAuth 2.0 Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: basic authentication, api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | Credential Injection OAuth 2.0 +>s|Summary | Injects an OAuth 2.0 authorization header into outgoing requests +>s|Category | Security +>s|First Omni Gateway version available | v1.9.0 +>s| Returned Status Codes | No return codes exist for this policy. Error codes are returned from the upstream service. +|=== + +== Summary + +The Credential Injection OAuth 2.0 policy injects an `Authorization` token from an OAuth 2.0 service into a request as a header. You can use any third-party OAuth 2.0 Identify Provider (IdP), such as Okta, AWS, Azure, or Google Cloud Platform. The policy allows for tokens based on the OAuth 2.0 Authorization Framework to be injected into requests without having to register an external IdP server in Anypoint Platform. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: credential-injection-oauth2-flex + config: + oauthService: // REQUIRED + grantType: // REQUIRED, supported values: clientCredentials or password + credentialLocation: // REQUIRED, supported values: body or header + clientId: // REQUIRED for clientCredentials grant type + clientSecret: // REQUIRED for clientCredentials grant type + username: // REQUIRED for password grant type + password: // REQUIRED for password grant type + scope: + - // OPTIONAL + overwrite: // REQUIRED + tokenFetchTimeout: // REQUIRED + allowRequestWithoutCredential: // REQUIRED + tokenRequestBodyFormat: // REQUIRED, supported values: json or urlEncoded + upstreamTokenHeaderName: // OPTIONAL + upstreamTokenPrefixName: // OPTIONAL + cachingTtl: // REQUIRED + customRequestHeaders: // OPTIONAL + - name: + value: +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `oauthService` +| Required +| `` +| URL of the OAuth 2.0 service. + +| `grantType` +| Required +| `clientCredentials` +| OAuth2 grant type specifying the method used to obtain access tokens from the authorization server. Supported values: `clientCredentials` or `password`. + +| `credentialLocation` +| Required +| `body` +| Location of the Client ID and Client Secret in the OAuth2 token request. Supported values: `body` or `header`. + +| `clientId` +| Required for `clientCredentials` grant type +| N/A +| Client ID. + +| `clientSecret` +| Required for `clientCredentials` grant type +| N/A +| Client Secret. + +| `username` +| Required for `password` grant type +| N/A +| Username for password grant type. + +| `password` +| Required for `password` grant type +| N/A +| Password for password grant type. + +| `scope` +| Optional +| N/A +| Scopes to include in the token. + +| `overwrite` +| Required +| `true` +| When enabled, the policy overwrites the `Authorization` header with a new authorization token if the header is present. + +| `tokenFetchTimeout` +| Required +| 10 +| Time in seconds to wait for the service to return the token. + +| `allowRequestWithoutCredential` +| Required +| `false` +| When enabled, if the policy can't retrieve the token, Omni Gateway still sends the request. + +| `tokenRequestBodyFormat` +| Required +| `urlEncoded` +| The format of the token request body. Valid values: `json` or `urlEncoded`. + +| `upstreamTokenHeaderName` +| Optional +| N/A +| Use a custom header instead of `Authorization`. + +| `upstreamTokenPrefixName` +| Optional +| N/A +| Use a custom token prefix instead of `Bearer`. + +| `cachingTtl` +| Required +| 0 +| Time to live for cached tokens in seconds. If 0, the policy uses the full `expires_in` value from OAuth response. If greater than 0, the policy uses the minimum of the `cachingTtl` value and `expires_in` divided by 2. + +| `customRequestHeaders` +| Optional +| N/A +| A list of custom headers to add to the token request. Each header must have a `name` and `value` property. +|=== + +==== Client Credentials Configuration Example + +---- +- policyRef: + name: credential-injection-oauth2-flex + config: + oauthService: + grantType: clientCredentials + credentialLocation: body + clientId: id + clientSecret: secret + scope: + - user + overwrite: true + tokenFetchTimeout: 20 + allowRequestWithoutCredential: true + tokenRequestBodyFormat: urlEncoded + cachingTtl: 0 +---- + +==== Password Configuration Example + +---- +- policyRef: + name: credential-injection-oauth2-flex + config: + oauthService: + grantType: password + credentialLocation: body + clientId: id + clientSecret: secret + username: myuser + password: mypassword + scope: + - user + - read + overwrite: true + tokenFetchTimeout: 20 + allowRequestWithoutCredential: true + tokenRequestBodyFormat: urlEncoded + cachingTtl: 0 +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread] +|=== +|Parameter |Description | Required? +|OAuth 2.0 service URL |URL of the OAuth 2.0 service. |Required +|Grant Type |OAuth2 grant type specifying the method used to obtain access tokens from the authorization server. Valid values: Client Credentials or Password. |Required +|Credential location |Location of the Client ID and Client Secret in the OAuth2 token request.|Required +|Client ID |Client ID. |Required for Client Credentials grant type +|Client secret |Client Secret. |Required for Client Credentials grant type +|Username |Username for password grant type. |Required for Password grant type +|Password |Password for password grant type. |Required for Password grant type +|Scope |List of scopes to use for OAuth2 request. |Optional +|Overwrite header |When enabled, the policy overwrites the `Authorization` header with a new authorization token if the header is present. | Required +|Token fetch timeout |Time in seconds to wait for the service to return the token. | Required +|Allow request without credential |When enabled, if the policy can't retrieve the token, Omni Gateway still sends the request. | Required +|Token Request Body Format |The format of the token request body. Valid values: URL Encoded or JSON. | Required +|Upstream Custom header |Use a custom header instead of Authorization. |Optional +|Upstream Custom Token Prefix |Use a custom token prefix instead of Bearer. |Optional +|Caching TTL (seconds) |Time to live for cached tokens in seconds. If 0, the policy uses the full `expires_in` value from OAuth response. If greater than 0, the policy uses the minimum of the Caching TTL value and `expires_in` divided by 2. | Required +|Custom Request Headers |A list of custom headers to add to the token request. Each header must have a name and value property. |Optional +|=== + diff --git a/gateway/1.13/modules/ROOT/pages/policies-outbound-upstream-idle-timeout.adoc b/gateway/1.13/modules/ROOT/pages/policies-outbound-upstream-idle-timeout.adoc new file mode 100644 index 000000000..a27ce1a10 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-outbound-upstream-idle-timeout.adoc @@ -0,0 +1,59 @@ += Upstream Idle Timeout Policy +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:imagesdir: ../assets/images +:keywords: basic authentication, api gateway, flex gateway, gateway, policy + +[width="100%", cols="5,15"] +|=== +>s| Policy Name | Stream Idle Timeout +>s|Summary | Sets the maximum idle duration for a stream between the Omni Gateway and an upstream service +>s|Category | Quality of Service +>s|First Omni Gateway version available | v1.9.0 +^s| Returned Status Codes | 504 - Upstream request timeout +|=== + +== Summary +The Upstream Idle Timeout policy lets you set a maximum idle duration between requests for a stream between Omni Gateway and the upstream service. By applying the policy, you prevent idle connections from consuming resources while simultaneously allowing persistent connections to remain open. The timeout starts at the last request. + +By default, all Omni Gateway API instances have an upstream idle timeout of 60 seconds. Apply the policy to override the default timeout. + +== Configuring Policy Parameters + +include::partial$policy-title-headers.adoc[tag=configFile] + +---- +- policyRef: + name: idle-timeout-flex + config: + timeout: number // REQUIRED +---- + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `timeout` +| Required +| 60 +| Time in seconds before Omni Gateway closes the connection. + +|=== + +==== Resource Configuration Example + +---- +- policyRef: + name: idle-timeout-flex + config: + timeout: 3 +---- + +include::partial$policy-title-headers.adoc[tag=ui] + +[%header%autowidth.spread,cols="a,a,a"] +|=== +| Element | Description | Required +| Upstream idle timeout | Time in seconds before Omni Gateway closes the connection. | Yes +|=== diff --git a/gateway/1.13/modules/ROOT/pages/policies-reorder.adoc b/gateway/1.13/modules/ROOT/pages/policies-reorder.adoc new file mode 100644 index 000000000..d3223d886 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-reorder.adoc @@ -0,0 +1,105 @@ += Ordering Policies +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:page-aliases: api-manager::re-order-policies-task.adoc, policies-included-reorder.adoc, policies::policies-included-reorder.adoc, policies::policies-reorder.adoc + +To execute certain policies before others, configure the order of execution of included and custom policies. + +You can configure both included and custom policies to execute as automated policies, API-level policies, or upstream-level policies. Automated policies are policies that are applied to all API instances deployed on the Omni Replica and execute before API-level policies. API-level policies are inbound policies that are only applied to a specific API instance. Upstream level policies are outbound policies applied to specific upstreams. + +For Omni Gateway running in Connected Mode, use API Manager to order policies. For Omni Gateway running in Local Mode, use a `PolicyBinding` YAML resource to order policies. + +IMPORTANT: You cannot configure the execution order of the xref:policies-included-cors.adoc[Cross-Origin Resource Sharing (CORS) policy]. The CORS policy executes before automated and API-level policies. + +== Policy Execution Order + +Policies can either execute on the API request, the API response, or both. Policies execute in order during the API request and in inverse order during the API response. If a policy does not execute in a certain direction, Omni Gateway skips the policy in that direction. For API requests, policies execute in the order of automated policies, API-level policies, and outbound policies. The order is inverted for the response. + +For example, if you have policies ordered: + +. Automated Policy 1 +. Automated Policy 2 +. API-Level Policy 1 +. API-Level Policy 2 +. Upstream-Level Policy 1 +. Upstream-Level Policy 2 + +The policies execute in the following order on the response: + +. Upstream-Level Policy 2 +. Upstream-Level Policy 1 +. API-Level Policy 2 +. API-Level Policy 1 +. Automated Policy 2 +. Automated Policy 1 + + +== Order Automated Policies in Connected Mode + +You cannot configure the order of automated policies in API Manager. Automated policies execute in the order they are applied to the API instance. Apply automated policies in the order you want them to execute. + +== Order Automated Policies in Local Mode + +To apply a automated policy to Omni Gateway running in Local Mode, you must apply a resource-level policy. By doing so, you can apply the same policy to all API instances running on the Omni Replica. + +To apply a resource-level policy to all API instances, refer to xref:flex-local-secure-api-with-auto-policy.adoc[]. + +To order automated resource-level policies, edit the `order` parameter to match when you want the policy to execute. Ensure that this order does not conflict with the order of any other policies. For example, if you apply two automated resource-level policies with `order: 1` and `order: 2`, any API-level policy must start at `order: 3`. + +== Order Inbound API-Level Policies for Managed Omni Gateway and Connected Mode + +To reorder API-level policies: + +. Go to *Anypoint Platform > API Manager*. + +. In *API Instances* or *Agent and Tool Instances*, click the name of the API instance whose policies you want to reorder. + +. From the left navigation menu, click *Policies*. + +. From the top of the list of the applied policies, click *Reorder policies*. + +. From the *Reorder Applied Policies* section, use the up and down arrows to rearrange the order of policies. + +. Click *Apply order*. + +== Order Outbound Policies for Managed Omni Gateway and Connected Mode + +To reorder outbound policies: + +. Go to *Anypoint Platform > API Manager*. + +. In *API Instances* or *Agent and Tool Instances*, click the name of the API instance whose policies you want to reorder. + +. From the side navigation panel, click *Policies*. + +. Click the *Outbound policies* tab. + +. Click the more options button (image:more-options-menu.png[1%,1%]) of the upstream service whose policies you want to reorder. + +. Use the up and down arrows to rearrange the order of policies. + +. Click *Apply order*. + +== Order Policies in Local Mode +In Omni Gateway running in Local Mode, configure policy ordering via a `PolicyBinding` YAML resource. + +When defining a policy using a `PolicyBinding` YAML resource, edit the `order` parameter to match when you want the policy to execute. Ensure that you do not assign the same order number to different policies. + +For information about Local Mode policy order, see the xref:flex-local-configuration-reference-guide.adoc#policy-binding[Declarative Configuration Reference Guide]. + +== Apply Duplicate Policies + +Omni Gateway supports applying duplicate policies for all deployment types. Automated, API-level, Outbound, and resource-level policies all support duplicate policy application. + +When applying duplicate policies: + +* Add a label to the duplicated policies to differentiate them. +* Consider if it makes sense to apply duplicated policies. ++ +For example, the duplicated IP allowlist policies allow only IPs that are allowed by both policies. Rather than applying duplicated policies, configure the IPs in one policy. + + +== See Also + +* xref:policies-included-directory.adoc[Included Policies Directory] \ No newline at end of file diff --git a/gateway/1.13/modules/ROOT/pages/policies-resource-level-overview.adoc b/gateway/1.13/modules/ROOT/pages/policies-resource-level-overview.adoc new file mode 100644 index 000000000..3e7a1b3a9 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-resource-level-overview.adoc @@ -0,0 +1,63 @@ += Resource-Level Policies +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:keywords: policy, custom, ootb, offline, resource level +:page-aliases: api-manager::policies-policy-level.adoc, api-manager::resource-level-policies-about.adoc, api-manager::resource-level-policy-reference.adoc, policies::policies-resource-level-overview.adoc + +Unless otherwise configured, policies are by default applied to the entire API. However, you can implement an additional level of policy granularity, one in which access is controlled based on a criteria. Policies with this granularity are called _resource-level policies_. + +At the resource level of granularity, policies are applied to only those requests that match the criteria. All policies, except the Cross-Origin Resource Sharing (CORS) policy, are resource-level. + +For Omni Gateway running in Connected Mode, you configure resource-level policies in API Manager. + +For information about configuring resource-level policies for Omni Gateway running in Local Mode, refer to xref:flex-local-secure-api-with-auto-policy.adoc[]. + +// In Mule 4, resource-level policies support HTTP-based APIs in addition to RAML APIs. +// You can apply multiple conditions to filter your resources and HTTP methods using the xref:policies-resource-level-config-uri-regex.adoc[URI template regex] to any number of methods in your API. + +// == Usage Scenarios for Implementing Resource-Level Policies +// +// You can use resource-level policies in many ways. Here are just a few: +// +// * Apply policies to specific resources. +// * Secure a subset of an API. +// * Set different limits on resources. + +// If you have a RAML or OAS specification attached to your API, you can use the *Preview Resource Matching* option to determine which resources are affected by your filters: +// +// image::users-api-cropped.png["API Console displays resources and methods",height=329,width=732] +// +// A resource-level policy supports regular Java expressions. For example, you can use a wildcard to apply a policy to multiple resources. When you apply the policy to the API, specify the resources to which it applies: +// +// image::rlp-conditions.png["A form that enables users to apply configurations to particular API methods and resources"] + +// == Guidelines for Implementing Resource-Level Policies +// +// When implementing resource-level policies: +// +// * Do not use a placeholder, such as {userid}, in the regular expression. +// + +// Using a placeholder in an expression fails because the placeholder does not match the actual node. In the example placeholder {userid}, the node looks something like this: +// + +// `/api/users/671962fc-f076-4b19-bc38-45ba3a4e4095/permissions/1234` +// + +// 671962fc-f076-4b19-bc38-45ba3a4e4095 is the user ID. +// + +// 1234 is the ID of a permission. +// +// To apply a policy to resource `/api/users/{userid}` that represents a single user and all resource nodes, use the following expression: +// +// The `userid` represents a single user and all resource nodes: +// `/api/users/.*` +// +// To apply a policy to only the permissions resources `/api/users/{userId/permissions}` and `/api/users/{userid}/permissions/{permissionId}`, use the following expression: +// +// `/api/users/.*/permissions.*` + +// == See Also +// +// * xref:policies-resource-level-config-uri-regex.adoc[Configure URI Template Regex] +// * xref:policies-resource-level-disable-outbound.adoc[] + + diff --git a/gateway/1.13/modules/ROOT/pages/policies-tls-configuration.adoc b/gateway/1.13/modules/ROOT/pages/policies-tls-configuration.adoc new file mode 100644 index 000000000..de704b785 --- /dev/null +++ b/gateway/1.13/modules/ROOT/pages/policies-tls-configuration.adoc @@ -0,0 +1,93 @@ += Configuring TLS for Outgoing Policy Requests +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:keywords: policy, custom + +Some Omni Gateway policies make outgoing requests to HTTP and gRPC upstream services. For example, the xref:policies-included-oauth-token-introspection.adoc[] sends token validation requests to an OAuth 2.0 service, and the xref:policies-included-external-authorization.adoc[] forwards incoming client requests to an authorization service. + +By default, Managed and Self-Managed Omni Gateways protect these connections with a default TLS Context. The default TLS context is not mTLS and uses the default ciphers listed in <>. + +To override the default TLS context, configure a custom default TLS context for all outgoing requests from policies. You can't configure a custom default TLS context for Managed Omni Gateway. + +== Configure a TLS Context for Self-Managed Gateways + +For both local and connected mode, use a YAML configuration file to configure TLS between a policy and an upstream service: + +---- +apiVersion: gateway.mulesoft.com/v1alpha1 +kind: Configuration +metadata: + name: default-tls +spec: + defaultTLS: + outboundPolicyCalls: + skipValidation: // OPTIONAL + trustedCA: # OPTIONAL, defaults to the CA of operating systems + certificate: // OPTIONAL + key: // OPTIONAL + crt: // OPTIONAL + alpn: // OPTIONAL + minversion: // OPTIONAL + maxversion: // OPTIONAL + ciphers: // OPTIONAL + +---- + +Not including optional parameters in your configuration file applies the parameters default values to your TLS context. + +When configuring the `ciphers` parameter, ensure that your API upstream supports the listed ciphers. For the supported ciphers, see <>. + +[%header%autowidth.spread,cols="a,a,a,a"] +|=== +|Parameter | Required or Optional | Default Value | Description + +| `skipValidation` +| Optional +| false +| If true, the upstream certificate is not validated. + +| `trustedCA` +| Optional +| N/A +| The CA used to validate the upstream server certificate. If no trusted CA is provided, the policy uses the default OS CA. + +| `certificate` +| Optional +| N/A +| The client certificate to present for mTLS. To comply with security standards, all certificates must be 2048 bits or longer. + +| `certificate.key` +| Optional +| N/A +| The private key part of the certificate. + +| `certificate.crt` +| Optional +| N/A +| The public key part of the certificate. + +| `alpn` +| Optional +| `h2` and `http/1.1` +| A prioritized list of supported application level protocols; for example, h2, http/1.1, and so forth. + +| `minversion` +| Optional +| `1.2` +| The minimum TLS version allowed. + +| `maxversion` +| Optional +| `1.3` +| The maximum TLS version allowed. + +| `ciphers` +| Optional +| For the default and other supported ciphers, see <>. +| A list of supported TLS ciphers (IANA format). + +|=== + + +include::partial$flex-tls-cipher.adoc[tags=cipherSupportLocal;outboundImportantLocal;local-ciphers] diff --git a/mule-gateway/modules/ROOT/pages/index.adoc b/mule-gateway/modules/ROOT/pages/index.adoc index 58b3b3ecf..228578855 100644 --- a/mule-gateway/modules/ROOT/pages/index.adoc +++ b/mule-gateway/modules/ROOT/pages/index.adoc @@ -10,14 +10,14 @@ of API Manager to apply, among other capabilities, throttling, security, caching Anypoint Platform offers three different runtime options for managing and securing your APIs. -== Anypoint Flex Gateway +== Anypoint Omni Gateway -Anypoint Flex Gateway is an ultrafast API gateway designed to manage and secure APIs running anywhere. -Built to seamlessly integrate with DevOps and CI/CD workflows, Anypoint Flex Gateway delivers the +Anypoint Omni Gateway is an ultrafast API gateway designed to manage and secure APIs running anywhere. +Built to seamlessly integrate with DevOps and CI/CD workflows, Anypoint Omni Gateway delivers the performance required for the most demanding applications and microservices while providing enterprise security and manageability across any environment. -For more information, see xref:gateway::flex-gateway-getting-started.adoc[Getting Started with Flex Gateway]. +For more information, see xref:gateway::flex-gateway-getting-started.adoc[Getting Started with Omni Gateway]. [[anypoint_mule_gateway]] == Anypoint Mule Gateway @@ -49,46 +49,46 @@ Your non-MuleSoft microservices might be written using different languages and p // For more information, see xref:service-mesh::getting-started-service-mesh.adoc[Get Started with Service Mesh]. -// Anypoint Flex Gateway is an ultrafast API gateway designed to manage and secure APIs running anywhere. Built to seamlessly integrate with DevOps and CI/CD workflows, the Anypoint Flex Gateway delivers the performance required for the most demanding applications while providing enterprise security and manageability across any environment. +// Anypoint Omni Gateway is an ultrafast API gateway designed to manage and secure APIs running anywhere. Built to seamlessly integrate with DevOps and CI/CD workflows, the Anypoint Omni Gateway delivers the performance required for the most demanding applications while providing enterprise security and manageability across any environment. -// xref:flex-gateway-getting-started.adoc[Get Started with Flex Gateway] +// xref:flex-gateway-getting-started.adoc[Get Started with Omni Gateway] // == Architecture -// The following diagram describes overall Flex Gateway architecture, for both Local and Connected modes. Connected Mode includes the Anypoint Platform component. Local Mode is mostly disconnected from Anypoint Platform. +// The following diagram describes overall Omni Gateway architecture, for both Local and Connected modes. Connected Mode includes the Anypoint Platform component. Local Mode is mostly disconnected from Anypoint Platform. // image::gateway-architecture-diagram.png["A complex flow chart that illustrates the architecture of a cloud-based application",width=85%] -// Flex Gateway consists of: +// Omni Gateway consists of: // * <> // * <> // * <> // [[controller-processes]] -// === Flex Gateway Controller Processes +// === Omni Gateway Controller Processes -// Flex Gateway bundles and extends an Envoy distribution, adapting a configuration language into Envoy's configuration language. This is accomplished via the controller processes: +// Omni Gateway bundles and extends an Envoy distribution, adapting a configuration language into Envoy's configuration language. This is accomplished via the controller processes: // * RCM Agent interacts with the Anypoint Platform control plane. For example, creating an API in API Manager sends a configuration to RCM Agent, which in turn configures the API for the Configuration Service. // * Configuration Service configures Envoy via the xDS Envoy API. -// * Kubernetes Operator interacts with the Kubernetes API when running Flex Gateway in Kubernetes. +// * Kubernetes Operator interacts with the Kubernetes API when running Omni Gateway in Kubernetes. // * Object Store Service enables internal objects storage capabilities. // [[envoy]] // === Envoy -// Flex Gateway includes policies that extend the bundled Envoy distribution via the Wasm API. This is accomplished with the following components: +// Omni Gateway includes policies that extend the bundled Envoy distribution via the Wasm API. This is accomplished with the following components: // * Envoy Core provides the extensible Wasm filters. -// * Proxy-Wasm API bridges Envoy Core functionality and included Flex Gateway policies. +// * Proxy-Wasm API bridges Envoy Core functionality and included Omni Gateway policies. // * Envoy Tracing enables access logging. -// * Included Flex Gateway policies are custom Wasm components. +// * Included Omni Gateway policies are custom Wasm components. // [[fluentbit]] // === Fluentbit -// The Controller Processes and Envoy components send metrics and logs into Fluentbit, which is bundled inside of Flex Gateway. Flex Gateway uses Fluentbit to push logs and metrics to one or more different outputs. Examples of outputs include: +// The Controller Processes and Envoy components send metrics and logs into Fluentbit, which is bundled inside of Omni Gateway. Omni Gateway uses Fluentbit to push logs and metrics to one or more different outputs. Examples of outputs include: // * Local file // * Anypoint Platform (for metering data) diff --git a/mule-gateway/modules/ROOT/pages/policies-automated-applying.adoc b/mule-gateway/modules/ROOT/pages/policies-automated-applying.adoc index 9c3318582..24cb64d17 100644 --- a/mule-gateway/modules/ROOT/pages/policies-automated-applying.adoc +++ b/mule-gateway/modules/ROOT/pages/policies-automated-applying.adoc @@ -31,7 +31,7 @@ See the xref:api-manager::policies-ootb-landing-page.adoc[list of available Prov When configuring an automated policy, at the bottom of the policy configuration page, there is a *Rule of Applications* sub-section. This dictates the set of runtimes that will be affected by the policy: * *All runtimes*: Applies the policy to every API instance regardless of runtime. -* *Flex Gateways only*: Applies the policy to all Flex Gateway API instances. +* *Omni Gateways only*: Applies the policy to all Omni Gateway API instances. * *Mule Gateways only*: Applies the policy to all Mule Gateway API instances running on Mule 4.1.1 and later. When applying to Mule Gateways only, configure the following parameters: + ** Version Range + diff --git a/mule-gateway/modules/ROOT/pages/policies-included-basic-auth-ldap.adoc b/mule-gateway/modules/ROOT/pages/policies-included-basic-auth-ldap.adoc index fbc912487..8b4872494 100644 --- a/mule-gateway/modules/ROOT/pages/policies-included-basic-auth-ldap.adoc +++ b/mule-gateway/modules/ROOT/pages/policies-included-basic-auth-ldap.adoc @@ -18,7 +18,7 @@ endif::[] == Summary -The Lightweight Directory Access Protocol (LDAP) authentication policy specifies how to restrict access to an API using LDAP authentication mechanism. This policy is available in Flex and Mule 4 or later. +The Lightweight Directory Access Protocol (LDAP) authentication policy specifies how to restrict access to an API using LDAP authentication mechanism. This policy is available in Omni and Mule 4 or later. When an error is encountered, the Basic Authentication - LDAP policy returns an "WWW-Authenticate" HTTP header field using the format:`WWW-Authenticate: Basic realm="mule-realm"`. diff --git a/mule-gateway/modules/ROOT/pages/policies-included-client-id-enforcement.adoc b/mule-gateway/modules/ROOT/pages/policies-included-client-id-enforcement.adoc index 9c0c240ba..21218bda8 100644 --- a/mule-gateway/modules/ROOT/pages/policies-included-client-id-enforcement.adoc +++ b/mule-gateway/modules/ROOT/pages/policies-included-client-id-enforcement.adoc @@ -52,7 +52,7 @@ For Mule applications, the following parameters are displayed: | Specifies from where in the request to extract the values: * HTTP Basic Authentication Header: Requires credentials as part of the authorization header. The application consuming the API must use the basic authentication scheme to send the credentials in the requests. -* Custom Expression: Accepts an expression each for client ID and client secret, indicating where to extract the credentials from the request. For Mule 3, use MEL Expressions and for Mule 4 and Flex, use a DataWeave 2.0 expression. Use this option to send the credentials in a custom header or any other format. You can leave the field blank to configure the client secret requirement as optional. +* Custom Expression: Accepts an expression each for client ID and client secret, indicating where to extract the credentials from the request. For Mule 3, use MEL Expressions and for Mule 4 and Omni, use a DataWeave 2.0 expression. Use this option to send the credentials in a custom header or any other format. You can leave the field blank to configure the client secret requirement as optional. | Must choose from one of the options. | Client ID Expression | The DataWeave 2.0 expression to use for obtaining the client ID from API requests. @@ -158,8 +158,8 @@ Example DataWeave 2.0 expression to be used when configuring the policy for Mule #[attributes.queryParams.'client_secret'] ---- -In this example, the requester must send the two specified query parameters with the request. Although this is a supported configuration, it poses possible security risks. The recommended method is to use headers. DataWeave 2.0 is fully supported in Mule 4 as wells as a subset in Flex. -//TODO: LINK to DW Flex support for v1.0.0 docs TBD. +In this example, the requester must send the two specified query parameters with the request. Although this is a supported configuration, it poses possible security risks. The recommended method is to use headers. DataWeave 2.0 is fully supported in Mule 4 as wells as a subset in Omni. +//TODO: LINK to DW Omni support for v1.0.0 docs TBD. Example MEL expression to be used when configuring the policy with headers for Mule 3: [source,text] diff --git a/mule-gateway/modules/ROOT/pages/policies-included-http-caching.adoc b/mule-gateway/modules/ROOT/pages/policies-included-http-caching.adoc index ce4eae9c9..0d95b1d82 100644 --- a/mule-gateway/modules/ROOT/pages/policies-included-http-caching.adoc +++ b/mule-gateway/modules/ROOT/pages/policies-included-http-caching.adoc @@ -48,7 +48,7 @@ Default value: `600` If you are using CloudHub, ensure that you enable Object Store v2 when deploying an application. Default value: `false` | Yes -| Persistent Cache | Configures the cache to persist between different restarts of the Mule/Flex instance. +| Persistent Cache | Configures the cache to persist between different restarts of the Mule/Omni instance. If you are using CloudHub, ensure that you enable Object Store v2 when deploying an application. Default value: `false` | Yes @@ -123,7 +123,7 @@ Each entry in the cache can be shared between different nodes in a cluster or be === Persistent Cache -A persistent cache enables the stored entries in the cache to persist if Mule runtime engine (Mule) or Flex replica is restarted. +A persistent cache enables the stored entries in the cache to persist if Mule runtime engine (Mule) or Omni replica is restarted. When you upgrade a version of the instance that has the HTTP Caching policy configured to use the persistent store, the policy tries to maintain the entries stored by the previous version. However in a worst-case scenario, the entries in the cache are invalidated and the cache is re-populated when new requests arrive. This manipulation of the entries in the cache occurs automatically and is invisible to the user. diff --git a/mule-gateway/modules/ROOT/pages/policies-included-jwt-validation.adoc b/mule-gateway/modules/ROOT/pages/policies-included-jwt-validation.adoc index b5e786b63..96630ae02 100644 --- a/mule-gateway/modules/ROOT/pages/policies-included-jwt-validation.adoc +++ b/mule-gateway/modules/ROOT/pages/policies-included-jwt-validation.adoc @@ -59,7 +59,7 @@ This expression searches the JWT in the header named `jwt`. | JWT Signing Key Length | Specify the length of the key (in the case of the HMAC algorithm) or the algorithm (in the case of RSA) used for the signing method. + Ignore this field if you selected *none* as JWT Signing Method. -| 256, 384, 512. For ES method, Flex Gateway only supports 256 key length. +| 256, 384, 512. For ES method, Omni Gateway only supports 256 key length. | JWT Key Origin | Specifies where to obtain the key for the Signature validation. + diff --git a/mule-gateway/modules/ROOT/pages/policies-included-message-logging.adoc b/mule-gateway/modules/ROOT/pages/policies-included-message-logging.adoc index 08509116d..0df434f10 100644 --- a/mule-gateway/modules/ROOT/pages/policies-included-message-logging.adoc +++ b/mule-gateway/modules/ROOT/pages/policies-included-message-logging.adoc @@ -211,7 +211,7 @@ Logging a policy consists of the following sequence: A message log uses the following format: -* Flex: +* Omni: ` [flex-gateway-envoy][] wasm log .default..default.svc main: [req: ] [accessLog] ` `policy-name`: displays the name of the policy binding: diff --git a/mule-gateway/modules/ROOT/pages/policies-included-oauth-access-token-enforcement.adoc b/mule-gateway/modules/ROOT/pages/policies-included-oauth-access-token-enforcement.adoc index 9e1ddf142..7fc67ffba 100644 --- a/mule-gateway/modules/ROOT/pages/policies-included-oauth-access-token-enforcement.adoc +++ b/mule-gateway/modules/ROOT/pages/policies-included-oauth-access-token-enforcement.adoc @@ -26,13 +26,13 @@ This policy is designed to be used exclusively with xref:api-manager::mule-oauth == Configuring Policy Parameters -=== Flex Gateway Local Mode +=== Omni Gateway Local Mode -The OAuth 2.0 Access Token Enforcement policy is not supported in Flex Gateway Local Mode. +The OAuth 2.0 Access Token Enforcement policy is not supported in Omni Gateway Local Mode. -=== Flex Gateway Connected Mode +=== Omni Gateway Connected Mode -The OAuth 2.0 Access Token Enforcement policy is not supported in Flex Gateway Connected Mode. +The OAuth 2.0 Access Token Enforcement policy is not supported in Omni Gateway Connected Mode. === Mule Gateway diff --git a/mule-gateway/modules/ROOT/pages/policies-included-openam-oauth-token-enforcement.adoc b/mule-gateway/modules/ROOT/pages/policies-included-openam-oauth-token-enforcement.adoc index 43c18e83d..660896568 100644 --- a/mule-gateway/modules/ROOT/pages/policies-included-openam-oauth-token-enforcement.adoc +++ b/mule-gateway/modules/ROOT/pages/policies-included-openam-oauth-token-enforcement.adoc @@ -31,13 +31,13 @@ Before applying this policy, make sure that you are familiar with its xref:api-m When you apply the policy, you may optionally define a space separated list of https://datatracker.ietf.org/doc/html/rfc6749[OAuth 2.0 scopes^] to be enforced by it. OAuth 2.0 scopes are a way to further limit access to a resource protected by OAuth. You may define words like READ, WRITE, or some others that make sense in the context of your organization (such as CONTRACTOR, PUBLIC, EMPLOYEES_ONLY, etc). -=== Flex Gateway Local Mode +=== Omni Gateway Local Mode -The OpenAM OAuth 2.0 Token Enforcement policy is not supported in Flex Gateway Local Mode. +The OpenAM OAuth 2.0 Token Enforcement policy is not supported in Omni Gateway Local Mode. -=== Flex Gateway Connected Mode +=== Omni Gateway Connected Mode -The OpenAM OAuth 2.0 Token Enforcement policy is not supported in Flex Gateway Connected Mode. +The OpenAM OAuth 2.0 Token Enforcement policy is not supported in Omni Gateway Connected Mode. == Supported Grant Types diff --git a/mule-gateway/modules/ROOT/pages/policies-included-openid-token-enforcement.adoc b/mule-gateway/modules/ROOT/pages/policies-included-openid-token-enforcement.adoc index 92c15f4d4..b5c1fd3d3 100644 --- a/mule-gateway/modules/ROOT/pages/policies-included-openid-token-enforcement.adoc +++ b/mule-gateway/modules/ROOT/pages/policies-included-openid-token-enforcement.adoc @@ -32,7 +32,7 @@ This policy is available only to an organization that is configured to use the O When you apply the policy to your API from the UI, a list of parameters is displayed based on whether your environment includes a Mule app. // or xref:service-mesh::index.adoc[non-Mule application managed by Anypoint Service Mesh]. -==== Configuring Parameters for Mule Applications and Flex Gateway +==== Configuring Parameters for Mule Applications and Omni Gateway The following parameters are displayed: @@ -114,7 +114,7 @@ To control the time taken to cache the tokens, before you attempt revalidating a Alternatively, you can specify this parameter in the `wrapper.conf` file. -- *Flex Gateway*: specify this property in YAML policy config: +- *Omni Gateway*: specify this property in YAML policy config: ---- - policyRef: @@ -134,7 +134,7 @@ To control the number of tokens that can be cached simultaneously, set this conf Alternatively, you can specify this parameter in the `wrapper.conf` file. -- *Flex Gateway*: specify this property in YAML policy config: +- *Omni Gateway*: specify this property in YAML policy config: ---- - policyRef: diff --git a/mule-gateway/modules/ROOT/pages/policies-included-tokenization.adoc b/mule-gateway/modules/ROOT/pages/policies-included-tokenization.adoc index 001ace84f..d0831517f 100644 --- a/mule-gateway/modules/ROOT/pages/policies-included-tokenization.adoc +++ b/mule-gateway/modules/ROOT/pages/policies-included-tokenization.adoc @@ -59,13 +59,13 @@ If you do not see the service you want, verify if it is already deployed. == Configuring Policy Parameters -=== Flex Gateway Local Mode +=== Omni Gateway Local Mode -The Tokenization policy is not supported in Flex Gateway Local Mode. +The Tokenization policy is not supported in Omni Gateway Local Mode. -=== Flex Gateway Connected Mode +=== Omni Gateway Connected Mode -The Tokenization policy is not supported in Flex Gateway Connected Mode. +The Tokenization policy is not supported in Omni Gateway Connected Mode. === Mule Gateway diff --git a/mule-gateway/modules/ROOT/pages/policies-included-xml-threat-protection.adoc b/mule-gateway/modules/ROOT/pages/policies-included-xml-threat-protection.adoc index e704369b7..97560cd13 100644 --- a/mule-gateway/modules/ROOT/pages/policies-included-xml-threat-protection.adoc +++ b/mule-gateway/modules/ROOT/pages/policies-included-xml-threat-protection.adoc @@ -23,13 +23,13 @@ If you find that attacks on your Anypoint Platform setup are difficult to detect == Configuring Policy Parameters -=== Flex Gateway Local Mode +=== Omni Gateway Local Mode -The XML Threat Protection policy is not supported in Flex Gateway Local Mode. +The XML Threat Protection policy is not supported in Omni Gateway Local Mode. -=== Flex Gateway Connected Mode +=== Omni Gateway Connected Mode -The XML Threat Protection policy is not supported in Flex Gateway Connected Mode. +The XML Threat Protection policy is not supported in Omni Gateway Connected Mode. === Mule Gateway diff --git a/pdk/1.8/antora.yml b/pdk/1.8/antora.yml index 7aa520021..fc04df992 100644 --- a/pdk/1.8/antora.yml +++ b/pdk/1.8/antora.yml @@ -1,5 +1,5 @@ name: pdk -title: 'Flex Gateway Policy Development Kit (PDK)' +title: 'Omni Gateway Policy Development Kit (PDK)' version: '1.8' display_version: '1.8' start_page: policies-pdk-overview.adoc diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-apply-policies.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-apply-policies.adoc index f663b1078..82625df85 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-apply-policies.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-apply-policies.adoc @@ -13,7 +13,7 @@ To learn more about defining configuration parameters, see xref:policies-pdk-cre == Before You Begin * xref:policies-pdk-compile-policies.adoc[Compile your custom policy]. -* If applying your custom policy to Flex Gateway running in Connected Mode, xref:policies-pdk-publish-policies.adoc[upload your custom policy to Exchange]. +* If applying your custom policy to Omni Gateway running in Connected Mode, xref:policies-pdk-publish-policies.adoc[upload your custom policy to Exchange]. == Apply Policies in Connected Mode @@ -41,7 +41,7 @@ For more information about implementation updates, see xref:exchange::manage-ver [[apply-policies-in-local-mode]] == Apply Policies in Local Mode -For Flex Gateway running in Local Mode, you apply custom policies using xref:gateway::flex-local-configuration-reference-guide.adoc[local declarative configuration files]. You specify the location of these configuration files when you first run Flex Gateway. +For Omni Gateway running in Local Mode, you apply custom policies using xref:gateway::flex-local-configuration-reference-guide.adoc[local declarative configuration files]. You specify the location of these configuration files when you first run Omni Gateway. To create the local declarative files: @@ -50,12 +50,12 @@ To create the local declarative files: * `_definition.yaml` * `_implementation.yaml` + -. Paste the two files in the `/etc/mulesoft/flex-gateway/conf.d/` Flex Gateway configuration directory. +. Paste the two files in the `/etc/mulesoft/flex-gateway/conf.d/` Omni Gateway configuration directory. + . Create a policy binding configuration file with a `.yaml` file extension to bind the policy to an API instance: + * Give the file a custom name. -* Save the file in the Flex Gateway configuration directory `/etc/mulesoft/flex-gateway/conf.d/custom`. This directory can contain multiple configuration files. +* Save the file in the Omni Gateway configuration directory `/etc/mulesoft/flex-gateway/conf.d/custom`. This directory can contain multiple configuration files. . Copy and paste the following YAML snippet into the file, substituting your values where indicated: + [source,yaml] @@ -84,9 +84,9 @@ spec: === Update Policies in Local Mode -To update a custom policy for Flex Gateway running in Local Mode: +To update a custom policy for Omni Gateway running in Local Mode: -* If you did not edit the configuration parameters, replace your old `_implementation.yaml` in your Flex Gateway configuration directory with the implementation file from your `target/wasm32-wasip1/release` PDK directory. +* If you did not edit the configuration parameters, replace your old `_implementation.yaml` in your Omni Gateway configuration directory with the implementation file from your `target/wasm32-wasip1/release` PDK directory. * If you did edit the configuration parameters, repeat the steps in <> to update your configuration parameters. == Reorder Custom Policies diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-architecture.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-architecture.adoc index b2f1f6eca..d02437938 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-architecture.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-architecture.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -Flex Gateway Policy Development Kit (PDK) consists of: +Omni Gateway Policy Development Kit (PDK) consists of: * <>: Generates and distributes the policy to Exchange * <>: Scaffolds new custom policies @@ -24,7 +24,7 @@ For more information about the included files, see xref:policies-pdk-create-proj == SDK Building Tools -Flex Gateway is built on Envoy which requires developed policies to be compatible with the event-driven https://github.com/proxy-wasm/spec[proxy-wasm^] architecture. +Omni Gateway is built on Envoy which requires developed policies to be compatible with the event-driven https://github.com/proxy-wasm/spec[proxy-wasm^] architecture. `proxy-wasm`'s event-driven architecture requires users to manage the different events that handle a single request. This causes the following drawbacks that make developing and maintaining event-driven code costly: diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-compile-policies.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-compile-policies.adoc index b15d4a542..df7470818 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-compile-policies.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-compile-policies.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -Compile your custom policy to create the policies binary target files by using the `make build` command. You must compile your custom policy after every time you edit the policy's source code before you can deploy the policy to a Flex Gateway. +Compile your custom policy to create the policies binary target files by using the `make build` command. You must compile your custom policy after every time you edit the policy's source code before you can deploy the policy to a Omni Gateway. == Before You Begin diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-contracts.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-contracts.adoc index a191193f7..5ee3b3711 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-contracts.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-contracts.adoc @@ -8,7 +8,7 @@ xref:api-manager::api-contracts-landing-page.adoc[Contracts] between API instanc Only one contract at a time can exist between an API instance and an application. -NOTE: To view an example policy project that uses Flex Gateway Policy Development Kit (PDK) Contracts Validation library, see https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/client-id-enforcement/README.md[Client ID Enforcement Policy Example]. +NOTE: To view an example policy project that uses Omni Gateway Policy Development Kit (PDK) Contracts Validation library, see https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/client-id-enforcement/README.md[Client ID Enforcement Policy Example]. [[contracts-module]] == Extract Client Credentials diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-cors.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-cors.adoc index f5f7b1591..348261606 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-cors.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-cors.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -NOTE: To view an example policy project that uses Flex Gateway Policy Development Kit (PDK)'s Cross-origin resource sharing (CORS) library, see https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/cors-validation/README.md[CORS Validation Policy Example^]. +NOTE: To view an example policy project that uses Omni Gateway Policy Development Kit (PDK)'s Cross-origin resource sharing (CORS) library, see https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/cors-validation/README.md[CORS Validation Policy Example^]. CORS is a mechanism for web applications to access resources defined in another domain. Browsers support CORS by default. The PDK CORS library complies with the https://fetch.spec.whatwg.org/[CORS W3C recommendation^] standards and provides a set of tools to validate incoming requests and protect resources. diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-dataweave.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-dataweave.adoc index 4f270355c..ac40ff81f 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-dataweave.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-dataweave.adoc @@ -12,7 +12,7 @@ If the input DataWeave expression parameter is valid, the policy parses the expr . Call the binding function for each parameter defined in the schema definition: + * `vars`: Call the `bind_vars` method for each of the policy's `vars`. After all of `vars` are bound, the evaluator tries to solve the expression. If the expression contains `vars` other than the ones defined in the schema, they resolve to `null`. -* `attributes`: Call the `bind_attributes` method with an implementation of the `AttributesBinding` trait. Flex Gateway Policy Development Kit (PDK) provides an implementation of this trait by instantiating a new `HandlerAttributesBinding` for each `RequestHeaderState`, `RequestHeaderState`, and response of an xref:policies-pdk-configure-features-http-request.adoc[HTTP call]. +* `attributes`: Call the `bind_attributes` method with an implementation of the `AttributesBinding` trait. Omni Gateway Policy Development Kit (PDK) provides an implementation of this trait by instantiating a new `HandlerAttributesBinding` for each `RequestHeaderState`, `RequestHeaderState`, and response of an xref:policies-pdk-configure-features-http-request.adoc[HTTP call]. * `authentication`: Call the `bind_authentication` method with an implementation of the trait `AuthenticationBinding`. PDK provides an implementation of this trait for `AuthenticationData`. To inject authentication information into your policy, see xref:policies-pdk-configure-features-inject-parameters.adoc#authentication[Inject Authentication Inforamaion]. * `payload`: Call the `bind_payload` method with an implementation of the trait `PayloadBinding`. PDK provides an implementation of this trait for `RequestBodyState`, `ResponseBodyState`, and the response of an xref:policies-pdk-configure-features-http-request.adoc[HTTP call]. + @@ -61,7 +61,7 @@ spec: [NOTE] ==== -Flex Gateway doesn't support DataWeave expressions with binary type results. To use the `dw::Binaries::fromBase64('dXNlcjpwYXNz')` function, transform the result to a string. Transform the binary output to a string with the `dw::util::Coercions::toString(binary: Binary, encoding: String): String` function. For example, `#[dw::util::Coercions::toString(dw::core::Binaries::fromBase64('dXNlcjpwYXNz'), 'UTF-8')]`. If using a different function that transforms the binary by default, such as `#[splitBy(dw::core::Binaries::fromBase64('dXNlcjpwYXNz'), ':')]`, you can skip manually transforming the binary. +Omni Gateway doesn't support DataWeave expressions with binary type results. To use the `dw::Binaries::fromBase64('dXNlcjpwYXNz')` function, transform the result to a string. Transform the binary output to a string with the `dw::util::Coercions::toString(binary: Binary, encoding: String): String` function. For example, `#[dw::util::Coercions::toString(dw::core::Binaries::fromBase64('dXNlcjpwYXNz'), 'UTF-8')]`. If using a different function that transforms the binary by default, such as `#[splitBy(dw::core::Binaries::fromBase64('dXNlcjpwYXNz'), ':')]`, you can skip manually transforming the binary. ==== Use the following Rust snippet: diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-headers-event.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-headers-event.adoc index 8c1341d9a..98d18f02b 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-headers-event.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-headers-event.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -With Flex Gateway Policy Development Kit (PDK), you can read and write to request and response headers and bodies and read from a streamed body. +With Omni Gateway Policy Development Kit (PDK), you can read and write to request and response headers and bodies and read from a streamed body. [[event-flow]] == Event Flow diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-headers-stop.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-headers-stop.adoc index 5fc4620b4..bf8c70276 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-headers-stop.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-headers-stop.adoc @@ -4,11 +4,11 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -Use the Flex Gateway Policy Development Kit (PDK) `enable_stop_iteration` feature to simultaneously read and modify headers and body content. +Use the Omni Gateway Policy Development Kit (PDK) `enable_stop_iteration` feature to simultaneously read and modify headers and body content. PDK Policies using stop iteration on support payload bodies of 1 MB. -NOTE: Only Flex Gateway version 1.12.0 or later support stop interation. +NOTE: Only Omni Gateway version 1.12.0 or later support stop interation. == Enable Stop Iteration in your Cargo.toml diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-headers.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-headers.adoc index c7e059661..c6db8516d 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-headers.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-headers.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -Flex Gateway Policy Development Kit (PDK), provides two seperate ways to read and write headers and bodies. Choose either depending on your use case: +Omni Gateway Policy Development Kit (PDK), provides two seperate ways to read and write headers and bodies. Choose either depending on your use case: * xref:policies-pdk-configure-features-headers-event.adoc[]: Use the event flow method when you: ** Don't need to read the request body and don't want to buffer the entire payload. diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-inject-parameters.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-inject-parameters.adoc index 4b7958c14..79bc9d2f7 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-inject-parameters.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-inject-parameters.adoc @@ -4,10 +4,10 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -Flex Gateway Policy Development Kit (PDK) provides the following parameters that you can inject into the `#[entrypoint]` configuration function: +Omni Gateway Policy Development Kit (PDK) provides the following parameters that you can inject into the `#[entrypoint]` configuration function: * `Configuration`: Provides the policy's configuration parameters. For information about how to define configuration parameters, see xref:policies-pdk-create-schema-definition.adoc[]. -* `Metadata`: Provides metadata about the policy, the Flex Gateway instance, the API instance, and the Anypoint Organization. For more information about the metadata provided, see xref:policies-pdk-configure-features-metadata.adoc[]. +* `Metadata`: Provides metadata about the policy, the Omni Gateway instance, the API instance, and the Anypoint Organization. For more information about the metadata provided, see xref:policies-pdk-configure-features-metadata.adoc[]. * `HttpClient`: Enables the policy to make HTTP calls. For more information about how to make HTTP calls from the policy, see xref:policies-pdk-configure-features-http-request.adoc[]. * `CacheBuilder`: Provides the caching features of the policy. For more information about caching, see xref:policies-pdk-configure-features-caching.adoc[]. * `StreamProperties`: Provides a structure to share properties with other policies that process the same request. For more information about sharing information between policies, see xref:policies-pdk-configure-features-streamproperties.adoc[]. diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-ip-filter.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-ip-filter.adoc index dd8d39a0a..5d881da44 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-ip-filter.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-ip-filter.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -Use the Flex Gateway Policy Development Kit (PDK) IP Filter to filter requests based on IP addresses. Create allowlists or blocklists using IPv4/IPv6 addresses and CIDR ranges to evaluate incoming requests IPs. +Use the Omni Gateway Policy Development Kit (PDK) IP Filter to filter requests based on IP addresses. Create allowlists or blocklists using IPv4/IPv6 addresses and CIDR ranges to evaluate incoming requests IPs. Import `IpFilter` from the `pdk` crate, then create an IP filter to either allow or block specific IPs: diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-json-validator.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-json-validator.adoc index ae1b52a7b..39f258e9d 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-json-validator.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-json-validator.adoc @@ -6,10 +6,10 @@ endif::[] [NOTE] ==== -To view an example policy project that uses Flex Gateway Policy Development Kit (PDK)'s JSON Validator library, see https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/json-validation/README.md[JSON Validation Policy Example]. +To view an example policy project that uses Omni Gateway Policy Development Kit (PDK)'s JSON Validator library, see https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/json-validation/README.md[JSON Validation Policy Example]. ==== -JSON APIs can receive payloads with deep nesting, oversized arrays or objects, or long strings and keys. Attackers use those patterns to stress parsers and memory. With `validate_chunk`, you feed the payload incrementally while the PDK JSON Validator library enforces configurable limits. Use the library to build custom policies. These limits match the constraint types in xref:policies-included-json-threat-protection.adoc[] for Flex Gateway. +JSON APIs can receive payloads with deep nesting, oversized arrays or objects, or long strings and keys. Attackers use those patterns to stress parsers and memory. With `validate_chunk`, you feed the payload incrementally while the PDK JSON Validator library enforces configurable limits. Use the library to build custom policies. These limits match the constraint types in xref:policies-included-json-threat-protection.adoc[] for Omni Gateway. Use the library when your custom policy must perform these tasks. diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-jwt.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-jwt.adoc index 1e309d4d3..047a91c70 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-jwt.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-jwt.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -NOTE: To view an example policy project that uses Flex Gateway Policy Development Kit (PDK)'s JWT library, see https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/jwt-validation/README.md[JWT Validation Policy Example^]. +NOTE: To view an example policy project that uses Omni Gateway Policy Development Kit (PDK)'s JWT library, see https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/jwt-validation/README.md[JWT Validation Policy Example^]. JSON Web Token (JWT) is a URL-secure method of representing claims to be transferred between two parties. The JWT token contains claims encoded in a JSON object as either the payload of a JSON Web Signature (JWS) or as a JSON web encryption (JWE) structure in plain text, which enables the claims to be digitally signed and protected with a message authentication code (MAC). Because the token is signed, you can trust the information and its source. diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-libraries.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-libraries.adoc index 1aaea194d..b33abf304 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-libraries.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-libraries.adoc @@ -26,9 +26,9 @@ serde_urlencoded::to_string([("token", "myToken")]) Libraries that interact with an external service like a database, or perform a system call like reading a file, are usually not compatible with the `wasm32-wasip1` target. -If your policy interacts with external services, use the Flex Gateway exposed `HttpClient`. For more information about performing an HTTP call, see xref:policies-pdk-configure-features-http-request.adoc[]. +If your policy interacts with external services, use the Omni Gateway exposed `HttpClient`. For more information about performing an HTTP call, see xref:policies-pdk-configure-features-http-request.adoc[]. -It is possible that some libraries compile properly to the `wasm32-wasip1` target but don't work properly when deployed to Flex Gateway. Example errors include: +It is possible that some libraries compile properly to the `wasm32-wasip1` target but don't work properly when deployed to Omni Gateway. Example errors include: * `Failed to load Wasm module due to a missing import: ...` * `Wasm VM failed to initialize Wasm code` diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-logging.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-logging.adoc index 0297582b3..f71dd39d4 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-logging.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-logging.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -Flex Gateway Policy Development Kit (PDK) provides a logging mechanism that generates a log message enriched with the API instance ID, policy ID, and request ID. +Omni Gateway Policy Development Kit (PDK) provides a logging mechanism that generates a log message enriched with the API instance ID, policy ID, and request ID. Insert custom logs with the following macros by using the `pdk::logger;` package: @@ -28,9 +28,9 @@ logger::warn!("Hello {value}"); logger::error!("Hello {}", "there!"); ---- -All examples appear in the Flex Gateway logs in the following format: +All examples appear in the Omni Gateway logs in the following format: ---- [flex-gateway-envoy][] wasm log . main: [policy: ][api: ][req: ] Hello there! ---- -For more information about viewing Flex Gateway logs, see xref:gateway::flex-gateway-monitor.adoc[]. \ No newline at end of file +For more information about viewing Omni Gateway logs, see xref:gateway::flex-gateway-monitor.adoc[]. \ No newline at end of file diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-metadata.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-metadata.adoc index d9fd7ae81..b038b50a0 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-metadata.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-metadata.adoc @@ -5,7 +5,7 @@ endif::[] :imagesdir: ../assets/images -PDK exposes a `Metadata` injectable that provides metadata about the policy, the Flex instance, the API instance, and the Anypoint Organization. The `Metadata` struct is as follows: +PDK exposes a `Metadata` injectable that provides metadata about the policy, the Omni instance, the API instance, and the Anypoint Organization. The `Metadata` struct is as follows: [source,Rust] ---- diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-rate-limiting.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-rate-limiting.adoc index 0306954a6..43c61cbae 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-rate-limiting.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-rate-limiting.adoc @@ -4,9 +4,9 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -Flex Gateway Policy Development Kit (PDK) provides rate limiting functionality to control request rates. +Omni Gateway Policy Development Kit (PDK) provides rate limiting functionality to control request rates. -Custom policies support both single Flex Replica and multi-replica deployments. For multi-replica deployments, you must configure shared storage. To configure shared storage, see: +Custom policies support both single Omni Replica and multi-replica deployments. For multi-replica deployments, you must configure shared storage. To configure shared storage, see: * xref:gateway::flex-conn-shared-storage-config.adoc[] * xref:gateway::flex-local-shared-storage-config.adoc[] diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-share-data.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-share-data.adoc index 97408d6d5..4d587023f 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-share-data.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-share-data.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -Flex Gateway Policy Development Kit (PDK) provides the `RequestData` enum to pass data between the request and the response. +Omni Gateway Policy Development Kit (PDK) provides the `RequestData` enum to pass data between the request and the response. To share a status between the request and the response functions, the request function must return a `Flow::Continue` enum variant with a data parameter that you wish to pass to the response function. The response function must receive the `RequestData` parameter that contains the request function's final status and the data parameter that was passed. diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-spike-control.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-spike-control.adoc index 66b45409e..a0a1ac11e 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-spike-control.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-spike-control.adoc @@ -6,10 +6,10 @@ endif::[] [NOTE] ==== -To view an example policy project that uses Flex Gateway Policy Development Kit (PDK)'s Spike Control library, see https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/spike/README.md[Spike Policy Example]. +To view an example policy project that uses Omni Gateway Policy Development Kit (PDK)'s Spike Control library, see https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/spike/README.md[Spike Policy Example]. ==== - To prevent sudden surges from overwhelming upstream services or exhausting shared capacity, spike control regulates how quickly traffic can grow. With the Spike Control library, you drive a handler modeled as a token bucket with a xref:policies-pdk-configure-features-timer.adoc[Timer] and a `Clock` ticker, then you call `is_allowed` from request or response filters. Use the library for custom policies that need spike arrest, smoothing, or rate style limits like those in Flex Gateway, with Rust logic you control. + To prevent sudden surges from overwhelming upstream services or exhausting shared capacity, spike control regulates how quickly traffic can grow. With the Spike Control library, you drive a handler modeled as a token bucket with a xref:policies-pdk-configure-features-timer.adoc[Timer] and a `Clock` ticker, then you call `is_allowed` from request or response filters. Use the library for custom policies that need spike arrest, smoothing, or rate style limits like those in Omni Gateway, with Rust logic you control. Use the library when your custom policy must perform these tasks. diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-stop.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-stop.adoc index ab4254e41..22ca4c9e0 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-stop.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-stop.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -Flex Gateway Policy Development Kit (PDK) enables you to send early responses during the request and response execution to terminate the execution flow. +Omni Gateway Policy Development Kit (PDK) enables you to send early responses during the request and response execution to terminate the execution flow. To intercept and stop a request or response, return a `Response` object from your `on_request` or `on_response` wrapped functions: diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-token-introspection.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-token-introspection.adoc index 4b85f4b9f..43f9573a2 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-token-introspection.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-token-introspection.adoc @@ -4,9 +4,9 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -NOTE: To view an example policy project that uses Flex Gateway Policy Development Kit (PDK)'s Token Introspection feature, see https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/oauth-2-token-introspection/README.md[OAuth 2.0 Token Introspection Policy Example^]. +NOTE: To view an example policy project that uses Omni Gateway Policy Development Kit (PDK)'s Token Introspection feature, see https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/oauth-2-token-introspection/README.md[OAuth 2.0 Token Introspection Policy Example^]. -Use the Flex Gateway Policy Development Kit (PDK) Token Introspection library functions to validate incoming OAuth 2.0 tokens with an upstream introspection service. +Use the Omni Gateway Policy Development Kit (PDK) Token Introspection library functions to validate incoming OAuth 2.0 tokens with an upstream introspection service. [[configure-token-validator]] == Configure the Token Validator diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-xml-validator.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-xml-validator.adoc index 889851c18..684056eed 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-xml-validator.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features-xml-validator.adoc @@ -6,10 +6,10 @@ endif::[] [NOTE] ==== -To view an example policy project that uses Flex Gateway Policy Development Kit (PDK)'s XML Validator library, see https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/xml-validation/README.md[XML Validation Policy Example]. +To view an example policy project that uses Omni Gateway Policy Development Kit (PDK)'s XML Validator library, see https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/xml-validation/README.md[XML Validation Policy Example]. ==== -Excessive element counts, nesting depth, and attribute sizes in XML payloads can cause parsers to consume excessive memory or CPU. The PDK XML Validator library streams the incoming XML body and enforces configurable limits on its structure and size. Use this library to build custom policies. The library mirrors the limits of the built-in xref:policies-included-xml-threat-protection.adoc[] for Flex Gateway. +Excessive element counts, nesting depth, and attribute sizes in XML payloads can cause parsers to consume excessive memory or CPU. The PDK XML Validator library streams the incoming XML body and enforces configurable limits on its structure and size. Use this library to build custom policies. The library mirrors the limits of the built-in xref:policies-included-xml-threat-protection.adoc[] for Omni Gateway. Use the library when your custom policy must perform these tasks. diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features.adoc index a62afb04d..648e17a00 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-features.adoc @@ -23,7 +23,7 @@ NOTE: You may need to add or redefine configuration parameters while implementin [[policy-template]] == Policy Template -Flex Gateway Policy Development Kit (PDK) provides the initial `src/lib.rs` file in the policy project as a template to begin implementing your policy: +Omni Gateway Policy Development Kit (PDK) provides the initial `src/lib.rs` file in the policy project as a template to begin implementing your policy: [source,Rust] ---- diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-network-proxy.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-network-proxy.adoc index d27b51611..0f944061d 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-network-proxy.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-configure-network-proxy.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -If you use a network proxy to connect to the internet, you might have to define the network proxy for the software tools used by Flex Gateway Policy Development Kit (PDK). Besides Docker, all tools downloaded in xref:policies-pdk-prerequisites.adoc[PDK prerequisites] accept the `HTTP_PROXY` and `HTTPS_PROXY` environment variables. +If you use a network proxy to connect to the internet, you might have to define the network proxy for the software tools used by Omni Gateway Policy Development Kit (PDK). Besides Docker, all tools downloaded in xref:policies-pdk-prerequisites.adoc[PDK prerequisites] accept the `HTTP_PROXY` and `HTTPS_PROXY` environment variables. To configure your environment variable, refer to <>. diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-create-project-overview.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-create-project-overview.adoc index 66c2efe6a..49eddad1b 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-create-project-overview.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-create-project-overview.adoc @@ -4,10 +4,10 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -The source code for Flex Gateway Policy Development Kit (PDK) policies is comprised of two versioned parts: +The source code for Omni Gateway Policy Development Kit (PDK) policies is comprised of two versioned parts: * *Definition*: The policy's metadata and configuration properties. The definition contains the policy's parameters specified in `gcl.yaml` and the related JSON schema. It does not contain the code that runs at runtime. -* *Implementation*: The policy's runtime behavior. It is the code (Rust, compiled to WebAssembly) that runs on Flex Gateway when the policy is applied. The implementation uses the definition so its configuration matches the schema's parameters and publishes a separate Exchange asset that gateways use to execute the policy. +* *Implementation*: The policy's runtime behavior. It is the code (Rust, compiled to WebAssembly) that runs on Omni Gateway when the policy is applied. The implementation uses the definition so its configuration matches the schema's parameters and publishes a separate Exchange asset that gateways use to execute the policy. PDK enables you to version and manage the two parts of the policy source code using two project models: diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-create-project-split.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-create-project-split.adoc index 3ffd15646..45b188f5a 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-create-project-split.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-create-project-split.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -To begin developing a new Split-Model custom policy with Flex Gateway Policy Development Kit (PDK), generate a new custom policy project. +To begin developing a new Split-Model custom policy with Omni Gateway Policy Development Kit (PDK), generate a new custom policy project. To create a Split-Model project, complete these tasks: @@ -116,7 +116,7 @@ Contains the files for the policy's Exchange asset implementation and the output === Cargo.toml -Custom policies for Flex Gateway are developed in the Rust programming language and compiled to a WebAssembly binary. +Custom policies for Omni Gateway are developed in the Rust programming language and compiled to a WebAssembly binary. The `Cargo.toml` is the Rust project manifest. Its `[package]` section contains the basic information about the policy implementation. The version specified in `Cargo.toml` matches the policy asset version. You can manage the policy version by editing the version number in `Cargo.toml`. The version follows the format `..`. diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-create-project.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-create-project.adoc index 434021f1f..ec392d96f 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-create-project.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-create-project.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -To begin developing a new custom policy with Flex Gateway Policy Development Kit (PDK), generate a new custom policy project. +To begin developing a new custom policy with Omni Gateway Policy Development Kit (PDK), generate a new custom policy project. To create a new project, complete the following tasks: @@ -96,7 +96,7 @@ To configure the `gcl.yaml` file, see xref:policies-pdk-create-schema-definition === Cargo.toml -Custom policies for Flex Gateway are developed in the Rust programming language and compiled to a WebAssembly binary. +Custom policies for Omni Gateway are developed in the Rust programming language and compiled to a WebAssembly binary. The `Cargo.toml` is the Rust project manifest. Its `[package]` section contains the basic information about the policy implementation. The version specified in `Cargo.toml` matches the policy asset version. You can manage the policy version by editing the version number in `Cargo.toml`. The version follows the format `..`. diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-create-schema-definition.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-create-schema-definition.adoc index e21f94b0d..90df92b8d 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-create-schema-definition.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-create-schema-definition.adoc @@ -10,7 +10,7 @@ To define custom configuration parameters, edit the `definition/gcl.yaml` file. The configuration parameters you define in the `gcl.yaml` appear as variables in the `src/generated/config.rs` file after you run the `make build-asset-file` command. You set any user input you need for implementing the Rust source code in the `gcl.yaml` file. -Configuration parameters appear in the API Manager UI when applying a policy to Flex Gateway running in Connected Mode. When applying the policy to Flex Gateway running in Local Mode, it is your responsibility to distribute a configuration `yaml` file for your policy. +Configuration parameters appear in the API Manager UI when applying a policy to Omni Gateway running in Connected Mode. When applying the policy to Omni Gateway running in Local Mode, it is your responsibility to distribute a configuration `yaml` file for your policy. The default `gcl.yaml` file has the following content: @@ -236,7 +236,7 @@ Limit user's input values by defining parameters with the `enum` property, for e - hmac ---- -In the API Manager UI, `enum` parameters render as radio buttons for three or fewer enumerated values and as a dropdown field for more. For Flex Gateway running in Local Mode, the user must configure the parameter as one of the enumerated values or the policy configuration fails. +In the API Manager UI, `enum` parameters render as radio buttons for three or fewer enumerated values and as a dropdown field for more. For Omni Gateway running in Local Mode, the user must configure the parameter as one of the enumerated values or the policy configuration fails. Enumerated parameters don't support the `@visibleOn` tag. To learn more about how to render variables dynamically, see <>. @@ -263,8 +263,8 @@ The `string` type also supports enables you to configure a `format` type. + The supported formatting types are: + -* `dataweave`: Specifies the input parameter is a DataWeave variable and notifies Flex Gateway to transform the input. For more information about DataWeave expressions, see <>. -* `service`: Specifies the input parameter is a URI and automatically creates a Flex Gateway service to enable HTTP calls from the policy. +* `dataweave`: Specifies the input parameter is a DataWeave variable and notifies Omni Gateway to transform the input. For more information about DataWeave expressions, see <>. +* `service`: Specifies the input parameter is a URI and automatically creates a Omni Gateway service to enable HTTP calls from the policy. * `ipRange`: Specifies the expected text is a range of IPs and provides additional validation on the input. * `uri`: Specifies the expected text is a URI and provides additional validation on the input. Only use `uri` when the URI is not a service making HTTP calls from the policy. + @@ -421,7 +421,7 @@ test-local-flex-1 | [flex-gateway-envoy][error] wasm log main: [policy: ingress When evaluating the DataWeave expression in your policy, you must provide the script to resolve the expression. To learn how to implement DataWeave expressions in your Rust source code, see xref:policies-pdk-configure-features.adoc#use-dataweave-expressions[Implement DataWeave Expressions]. -For more information about DataWeave support for Flex Gateway, see xref:gateway::policies-flex-dataweave-support.adoc[]. +For more information about DataWeave support for Omni Gateway, see xref:gateway::policies-flex-dataweave-support.adoc[]. [[use-custom-parameters-in-rust-source-code]] == Use Custom Parameters in Rust Source Code diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-debug-deployed-policies.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-debug-deployed-policies.adoc index 1244f408f..e6246d818 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-debug-deployed-policies.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-debug-deployed-policies.adoc @@ -9,7 +9,7 @@ Errors that aren't present in the PDK's debugging and testing environments might To use debug logs in a production environment, see xref:gateway::flex-troubleshoot-debug-logs.adoc[]. -For more information about monitoring Flex Gateway, see xref:gateway::flex-gateway-monitor.adoc[]. +For more information about monitoring Omni Gateway, see xref:gateway::flex-gateway-monitor.adoc[]. == See Also diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-debug-local.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-debug-local.adoc index 236170695..452785388 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-debug-local.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-debug-local.adoc @@ -4,11 +4,11 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -To test the functionality of your policy, Flex Gateway Policy Development Kit (PDK) provides a pre-configured API instance located in the `/playground/config` directory. +To test the functionality of your policy, Omni Gateway Policy Development Kit (PDK) provides a pre-configured API instance located in the `/playground/config` directory. -The PDK Debugging Playground only supports Flex Gateway running in Local Mode in a Docker container. If you plan to deploy or policy to Flex Gateway running in Connected Mode or to a different platform, you should still first test your policy in PDK by using Flex Gateway running in Local Mode in a Docker container. +The PDK Debugging Playground only supports Omni Gateway running in Local Mode in a Docker container. If you plan to deploy or policy to Omni Gateway running in Connected Mode or to a different platform, you should still first test your policy in PDK by using Omni Gateway running in Local Mode in a Docker container. -IMPORTANT: You can run Flex Gateway in Local Mode on Docker in Windows only to develop and test your policies. However, Flex Gateway does not support Windows in production environments. +IMPORTANT: You can run Omni Gateway in Local Mode on Docker in Windows only to develop and test your policies. However, Omni Gateway does not support Windows in production environments. To test your policy, complete the following tasks: @@ -26,13 +26,13 @@ Ensure that you have: * xref:policies-pdk-compile-policies.adoc[Compiled your custom policy project]. [[register]] -== Register a Flex Gateway Instance in Local Mode +== Register a Omni Gateway Instance in Local Mode -To begin using the `make run` command to debug your custom policy, register a Flex Gateway in Local Mode. +To begin using the `make run` command to debug your custom policy, register a Omni Gateway in Local Mode. -For the `run` command to work, a Flex Gateway `registration.yaml` file must exist in the `/playground/config` directory. Create this file by running the registration command in the directory, or move a `registration.yaml` file of a previously registered Flex Gateway to the directory. +For the `run` command to work, a Omni Gateway `registration.yaml` file must exist in the `/playground/config` directory. Create this file by running the registration command in the directory, or move a `registration.yaml` file of a previously registered Omni Gateway to the directory. -The `make run` command only supports Flex Gateways running in Local Mode in a Docker Container. To register Flex Gateway, see: +The `make run` command only supports Omni Gateways running in Local Mode in a Docker Container. To register Omni Gateway, see: * xref:gateway::flex-local-reg-run-up.adoc#docker[Register and Run with a Username and Password in a Docker Container] * xref:gateway::flex-local-reg-run-app.adoc#docker[Register and Run with a Connected App in a Docker Container] @@ -131,8 +131,8 @@ make run This command starts the two Docker containers in the `/playground/docker-compose.yaml` file: -* `Local-flex`: The Flex Gateway instance Docker container that executes the custom policy. This Flex Gateway listens for requests made to `localhost:8081`. -* `Backend`: The Docker Container that runs the backend service for the Flex Gateway instance. This backend service echoes any request it receives. +* `Local-flex`: The Omni Gateway instance Docker container that executes the custom policy. This Omni Gateway listens for requests made to `localhost:8081`. +* `Backend`: The Docker Container that runs the backend service for the Omni Gateway instance. This backend service echoes any request it receives. NOTE: To stop the Docker containers, press `Cmd+c` or `Ctrl+c` depending on your device from the terminal running the containers. @@ -152,11 +152,11 @@ By default, PDK's debugging environment enables logs with the `debug` `loglevel` To change the `loglevel`, edit the `logging.runtimeLogs.logLevel` value in `/playground/config/logging.yaml`. -To learn more about editing a Flex Gateway's logging configuration file, see xref:gateway::flex-local-third-party-logs-config.adoc[]. +To learn more about editing a Omni Gateway's logging configuration file, see xref:gateway::flex-local-third-party-logs-config.adoc[]. == Use the Rust Debugger -Visual Studio Code (VS Code) includes a Rust debugger that can run unit tests. You cannot use the VS Code Debugger while the policy is deployed on a Flex Gateway. To create the API mocking, you must use unit tests for the specific logic you need to debug. +Visual Studio Code (VS Code) includes a Rust debugger that can run unit tests. You cannot use the VS Code Debugger while the policy is deployed on a Omni Gateway. To create the API mocking, you must use unit tests for the specific logic you need to debug. To debug Rust code in VS Code, you must install the https://marketplace.visualstudio.com/items?itemName=vadimcn.vscode-lldb[CodeLLDB Debugger Extension^] or a different VS Code extension with the same functionality. To learn more about debugging Rust in VS Code, see https://code.visualstudio.com/docs/languages/rust#_debugging[Rust in Visual Studio Code^]. diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-develop-custom-policies.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-develop-custom-policies.adoc index ee0ed76d1..c222d3ced 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-develop-custom-policies.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-develop-custom-policies.adoc @@ -4,9 +4,9 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -After installing the xref:policies-pdk-prerequisites.adoc[Prerequisites], you can develop custom policies by using Flex Gateway Policy Development Kit (PDK). +After installing the xref:policies-pdk-prerequisites.adoc[Prerequisites], you can develop custom policies by using Omni Gateway Policy Development Kit (PDK). -The custom policy lifecycle consists of all the steps of developing a custom policy that occur in PDK. The following steps do not include steps that occur outside of PDK, such as xref:policies-pdk-apply-policies.adoc[applying a policy], which is the same for all Flex Gateway policies. +The custom policy lifecycle consists of all the steps of developing a custom policy that occur in PDK. The following steps do not include steps that occur outside of PDK, such as xref:policies-pdk-apply-policies.adoc[applying a policy], which is the same for all Omni Gateway policies. After you xref:policies-pdk-create-project.adoc[create a new project], you might iteratively complete some steps. For example, while writing the policy's source code, you might need to return to xref:policies-pdk-create-schema-definition.adoc[add additional parameters], or you might need to recompile the policy after debugging the source code. @@ -24,16 +24,16 @@ Use the rust code examples to implement your custom logic in the `src/lib.rs` fi . xref:policies-pdk-compile-policies.adoc[Compile your custom policy]. + -Compiling your policy creates the `WebAssembly` binary file and configuration files necessary to upload your policy to Exchange and deploy it to a Flex Gateway. +Compiling your policy creates the `WebAssembly` binary file and configuration files necessary to upload your policy to Exchange and deploy it to a Omni Gateway. . xref:policies-pdk-test-debug-overview.adoc[Test and debug your policy]. + -Use xref:policies-pdk-unit.adoc[pdk-unit] for fast unit tests, xref:policies-pdk-debug-local.adoc[the PDK debugging playground] for interactive checks with Flex Gateway in Local Mode in Docker, and xref:policies-pdk-integration-tests.adoc[integration tests] to guard against regressions with your services and gateway configuration. +Use xref:policies-pdk-unit.adoc[pdk-unit] for fast unit tests, xref:policies-pdk-debug-local.adoc[the PDK debugging playground] for interactive checks with Omni Gateway in Local Mode in Docker, and xref:policies-pdk-integration-tests.adoc[integration tests] to guard against regressions with your services and gateway configuration. . xref:policies-pdk-publish-policies-overview.adoc[Publish your policy on Exchange]. + -Publish your policy on Exchange to distribute a development version of your policy for testing with your Flex Gateway configuration and to release production-ready policies. To deploy a policy to Flex Gateway, see step seven. +Publish your policy on Exchange to distribute a development version of your policy for testing with your Omni Gateway configuration and to release production-ready policies. To deploy a policy to Omni Gateway, see step seven. -. Deploy your custom policy to a production environment by xref:policies-pdk-apply-policies.adoc[applying it to an API instance] deployed on Flex Gateway. +. Deploy your custom policy to a production environment by xref:policies-pdk-apply-policies.adoc[applying it to an API instance] deployed on Omni Gateway. . Configure a new version of this API instance by returning to step two. \ No newline at end of file diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-integration-tests.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-integration-tests.adoc index aaf5d09ed..83baaf32d 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-integration-tests.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-integration-tests.adoc @@ -4,11 +4,11 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -Flex Gateway Policy Development Kit (PDK) provides an automated testing framework to detect integration regressions in your custom policy. +Omni Gateway Policy Development Kit (PDK) provides an automated testing framework to detect integration regressions in your custom policy. -The integration testing framework provided by PDK only supports Flex Gateway running in Local Mode in a Docker container. If you plan to deploy or policy to Flex Gateway running in Connected Mode or to a different platform, you should still first test your policy in PDK by using Flex Gateway running in Local Mode in a Docker container. +The integration testing framework provided by PDK only supports Omni Gateway running in Local Mode in a Docker container. If you plan to deploy or policy to Omni Gateway running in Connected Mode or to a different platform, you should still first test your policy in PDK by using Omni Gateway running in Local Mode in a Docker container. -IMPORTANT: You can run Flex Gateway in Local Mode on Docker in Windows only to develop and test your policies. However, Flex Gateway does not support Windows in production environments. +IMPORTANT: You can run Omni Gateway in Local Mode on Docker in Windows only to develop and test your policies. However, Omni Gateway does not support Windows in production environments. To test your policy, complete the following tasks: @@ -49,13 +49,13 @@ The `/tests` directory contains the integration tests. By default, the folder co * `common/mod.rs` file: A test module that contains functionalities, API configurations, and policy configurations that must be included in every integration test module. [[register]] -== Register a Flex Gateway Instance in Local Mode +== Register a Omni Gateway Instance in Local Mode -To begin using the `make test` command to debug your custom policy, register a Flex Gateway in Local Mode. +To begin using the `make test` command to debug your custom policy, register a Omni Gateway in Local Mode. -For the `make test` command to work, a Flex Gateway `registration.yaml` file must exist in the `/tests/config` directory. Create this file by running the registration command in the directory, or move a `registration.yaml` file of a previously registered Flex Gateway to the directory. +For the `make test` command to work, a Omni Gateway `registration.yaml` file must exist in the `/tests/config` directory. Create this file by running the registration command in the directory, or move a `registration.yaml` file of a previously registered Omni Gateway to the directory. -To register Flex Gateway, see: +To register Omni Gateway, see: * xref:gateway::flex-local-reg-run-up.adoc#docker[Register and Run with a Username and Password in a Docker Container] * xref:gateway::flex-local-reg-run-app.adoc#docker[Register and Run with a Connected App in a Docker Container] @@ -144,7 +144,7 @@ PDK's test library supports the following services: |Service |Description | `Flex` -| Flex Gateway service instance. +| Omni Gateway service instance. | `httpmock` | Service binding to the Rust's https://crates.io/crates/httpmock[httpmock] server. @@ -297,7 +297,7 @@ async fn say_hello() -> anyhow::Result<()> { NOTE: Run `make test` to ensure proper configuration. [[configure-a-flex-service-instance]] -=== Configure a Flex Service Instance +=== Configure a Omni Service Instance Configure a `Flex` service by registering an instance of the `FlexConfig` struct in `TestComposite`. To complete the `FlexConfig` instance, you must also define a `ApiConfig` and `PolicyConfig` instance. @@ -308,10 +308,10 @@ The `FlexConfig` struct has the following properties: |Property |Content |`version` -|Flex Gateway version to test. +|Omni Gateway version to test. |`image_name` -|Flex Gateway Docker image name, by default, "mulesoft/flex-gateway". +|Omni Gateway Docker image name, by default, "mulesoft/flex-gateway". |`hostname` |Hostname of the `Flex` service, by default, "local-flex". @@ -420,11 +420,11 @@ async fn say_hello() -> anyhow::Result<()> { ---- [[alternative-flex-docker-images]] -=== Configure an Alternative Flex Docker Image +=== Configure an Alternative Omni Docker Image To use a `flex` Docker image from another source, instead of the provided default, the configuration builder provides an `image_name()` method to define it explicitly. -To configure an alternative Flex Docker image, update your `FlexConfig::builder()` definition as in this example: +To configure an alternative Omni Docker image, update your `FlexConfig::builder()` definition as in this example: [source,rust] ---- @@ -448,10 +448,10 @@ Run `make test` to ensure proper configuration. ==== [[flex-service-endpoint-requests]] -=== Flex Service Endpoint Requests +=== Omni Service Endpoint Requests `Flex` service exposes endpoints with external base URLs dependent on the port. To access those URLs, the -Flex service instance handle provides the `external_url()` method indexed by port, for example: +Omni service instance handle provides the `external_url()` method indexed by port, for example: [source,rust] ---- diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-mule-policies.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-mule-policies.adoc index dc4f25bcb..fff83004d 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-mule-policies.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-mule-policies.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -Flex Gateway Policy Development Kit (PDK) supports creating Mule Gateway policies to enhance your experience: +Omni Gateway Policy Development Kit (PDK) supports creating Mule Gateway policies to enhance your experience: * Creating policies * Defining the configuration schema @@ -105,7 +105,7 @@ For more policy logic examples, see: [[publish-policies]] == Publish and Release Policies -PDK publishes Mule Gateway and Flex Gateway policies in the same way. +PDK publishes Mule Gateway and Omni Gateway policies in the same way. To publish and release policies, see xref:pdk::policies-pdk-publish-policies.adoc[]. diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-overview.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-overview.adoc index 6bffc131f..5361c5138 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-overview.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-overview.adoc @@ -1,14 +1,14 @@ -= Flex Gateway Policy Development Kit (PDK) Overview += Omni Gateway Policy Development Kit (PDK) Overview ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -Policies enforce regulations to help manage security, control traffic, and improve API adoption. Flex Gateway provides many xref:gateway::policies-included-directory.adoc[included policies], but they might not cover all your specific business needs. +Policies enforce regulations to help manage security, control traffic, and improve API adoption. Omni Gateway provides many xref:gateway::policies-included-directory.adoc[included policies], but they might not cover all your specific business needs. -Flex Gateway Policy Development Kit (PDK) is a software development kit that enables you to develop custom policies with ease. +Omni Gateway Policy Development Kit (PDK) is a software development kit that enables you to develop custom policies with ease. -PDK provides instructions to guide you through the policy development lifecycle, from implementing your Rust source code to releasing your policy on Exchange. Like included policies, you can apply custom policies to Flex Gateway running in Connected Mode by using API Manager or to Flex Gateway running in Local Mode by using YAML configuration files. +PDK provides instructions to guide you through the policy development lifecycle, from implementing your Rust source code to releasing your policy on Exchange. Like included policies, you can apply custom policies to Omni Gateway running in Connected Mode by using API Manager or to Omni Gateway running in Local Mode by using YAML configuration files. PDK provides xref:pdk::policies-pdk-policy-templates.adoc[example policies] to help you get started with policy development and the xref:mulesoft-mcp-server::reference-mcp-tools.adoc#policy-management[MuleSoft MCP Server Policy Management Tools] to help manage the custom policy lifecycle. diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-policy-templates.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-policy-templates.adoc index ca79c8a59..01b1e28b6 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-policy-templates.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-policy-templates.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -Flex Gateway Policy Development Kit (PDK) provides example policy projects to help you start configuring your Rust source code. +Omni Gateway Policy Development Kit (PDK) provides example policy projects to help you start configuring your Rust source code. You can find all example policies and their documentation in the https://github.com/mulesoft/pdk-custom-policy-examples[PDK Custom Policy GitHub Repository]. @@ -29,7 +29,7 @@ PDK includes the following API example policies: * https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/simple-oauth-2-validation/README.md[Simple OAuth 2.0 Validation Policy Example]: Use the Simple OAuth 2.0 Validation Policy as an example of how to implement xref:policies-pdk-configure-features-http-request.adoc[HTTP calls] in your custom policy. * https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/spike/README.md[Spike Policy Example]: Use the Spike Policy as an example of how to implement spike arrest with the xref:policies-pdk-configure-features-spike-control.adoc[Spike Control library] and periodic ticking with xref:policies-pdk-configure-features-timer.adoc[Timer functions]. * https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/stream-payload/README.md[Stream Payload Policy Example]: Use the Stream Payload Policy as an example of how to xref:policies-pdk-configure-features-headers.adoc#streaming-bodies[read payload bodies larger than 1MB]. -* https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/tls-calls/README.md[TLS Calls Policy Example]: Use the TLS Calls Policy as an example of how to make HTTPS calls in your policy without installing certificates on the operating system running Flex Gateway. +* https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/tls-calls/README.md[TLS Calls Policy Example]: Use the TLS Calls Policy as an example of how to make HTTPS calls in your policy without installing certificates on the operating system running Omni Gateway. * https://github.com/mulesoft/pdk-custom-policy-examples/blob/{template-policies-url-ver-var}/xml-validation/README.md[XML Validation Policy Example]: Use the XML Validation Policy as an example of how to enforce XML payload limits with the xref:policies-pdk-configure-features-xml-validator.adoc[XML Validator library]. == A2A and MCP Server Policy Examples diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-prerequisites.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-prerequisites.adoc index bc5b3184e..db2f514ce 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-prerequisites.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-prerequisites.adoc @@ -1,14 +1,14 @@ -= Prerequisites for Flex Gateway Policy Development Kit (PDK) += Prerequisites for Omni Gateway Policy Development Kit (PDK) ifndef::env-site,env-github[] include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -Before you begin using Flex Gateway Policy Development Kit (PDK), review these prerequisites. +Before you begin using Omni Gateway Policy Development Kit (PDK), review these prerequisites. -== Flex Gateway +== Omni Gateway -PDK tutorials assume that you have xref:gateway::flex-install.adoc[downloaded Flex Gateway] and have some prior knowledge of the product. +PDK tutorials assume that you have xref:gateway::flex-install.adoc[downloaded Omni Gateway] and have some prior knowledge of the product. [[rust-requirements]] == Rust Requirements for Using PDK @@ -62,7 +62,7 @@ sudo apt install -y libssl-dev ---- * Windows + -IMPORTANT: PDK supports Windows to develop and test you custom policy. However, Flex Gateway does not support Windows in production environments. +IMPORTANT: PDK supports Windows to develop and test you custom policy. However, Omni Gateway does not support Windows in production environments. + To execute the `make` commands included in PDK, install: + @@ -103,7 +103,7 @@ Docker is required to use the xref:policies-pdk-debug-local.adoc[local debugging To install Docker, see https://docs.docker.com/get-docker/[Install Docker^]. -IMPORTANT: You can run Flex Gateway in Local Mode on Docker in Windows only to develop and test your policies. However, Flex Gateway does not support Windows in production environments. +IMPORTANT: You can run Omni Gateway in Local Mode on Docker in Windows only to develop and test your policies. However, Omni Gateway does not support Windows in production environments. == Visual Studio (Suggested IDE) diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-test-debug-overview.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-test-debug-overview.adoc index 5ee796469..3899b4e18 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-test-debug-overview.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-test-debug-overview.adoc @@ -8,4 +8,4 @@ Use the Policy Development Kit (PDK) testing options to validate behavior, catch * xref:policies-pdk-debug-local.adoc[] — Use the preconfigured API instance in your project’s `playground` directory to exercise and debug the policy interactively. * xref:policies-pdk-unit.adoc[]: Run fast, deterministic Rust unit tests that exercise the full request and response lifecycle without configuring Envoy, WebAssembly, or external services. -* xref:policies-pdk-integration-tests.adoc[]: Run automated tests on a local mode Flex Gateway to verify your policy with real gateway behavior and surrounding configuration. +* xref:policies-pdk-integration-tests.adoc[]: Run automated tests on a local mode Omni Gateway to verify your policy with real gateway behavior and surrounding configuration. diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-troubleshooting.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-troubleshooting.adoc index d9385e31f..c37afafdd 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-troubleshooting.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-troubleshooting.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -When using Flex Gateway Policy Development Kit (PDK), you might encounter issues with PDK itself. See the following sections to help you resolve these issues: +When using Omni Gateway Policy Development Kit (PDK), you might encounter issues with PDK itself. See the following sections to help you resolve these issues: * <> * <> diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-unit.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-unit.adoc index 2836f8522..cf9e9c498 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-unit.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-unit.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -Use the `pdk-unit` testing framework for Flex Gateway Policy Development Kit (PDK) custom policies to test the full request and response lifecycle of a policy without a running Envoy proxy, a WebAssembly runtime, or external infrastructure. +Use the `pdk-unit` testing framework for Omni Gateway Policy Development Kit (PDK) custom policies to test the full request and response lifecycle of a policy without a running Envoy proxy, a WebAssembly runtime, or external infrastructure. To see example `pdk-unit` tests, browse the https://github.com/mulesoft/pdk-custom-policy-examples[PDK Custom Policy Examples] on GitHub. diff --git a/pdk/1.8/modules/ROOT/pages/policies-pdk-upgrade-pdk.adoc b/pdk/1.8/modules/ROOT/pages/policies-pdk-upgrade-pdk.adoc index 42a39dd45..199dce5c6 100644 --- a/pdk/1.8/modules/ROOT/pages/policies-pdk-upgrade-pdk.adoc +++ b/pdk/1.8/modules/ROOT/pages/policies-pdk-upgrade-pdk.adoc @@ -4,7 +4,7 @@ include::_attributes.adoc[] endif::[] :imagesdir: ../assets/images -To update a custom policy project, you must update each of these separately versioned Flex Gateway Policy Development Kit (PDK) components: +To update a custom policy project, you must update each of these separately versioned Omni Gateway Policy Development Kit (PDK) components: * Anypoint CLI PDK plugin * PDK Rust libraries